summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/coreconf/.cshrc273
-rw-r--r--security/coreconf/.profile216
-rw-r--r--security/coreconf/AIX.mk74
-rw-r--r--security/coreconf/AIX3.2.mk35
-rw-r--r--security/coreconf/AIX4.1.mk46
-rw-r--r--security/coreconf/AIX4.2.mk44
-rw-r--r--security/coreconf/AIX4.3.mk51
-rw-r--r--security/coreconf/FreeBSD2.mk65
-rw-r--r--security/coreconf/HP-UX.mk70
-rw-r--r--security/coreconf/HP-UXA.09.03.mk44
-rw-r--r--security/coreconf/HP-UXA.09.07.mk43
-rw-r--r--security/coreconf/HP-UXA.09.mk38
-rw-r--r--security/coreconf/HP-UXB.10.01.mk40
-rw-r--r--security/coreconf/HP-UXB.10.10.mk50
-rw-r--r--security/coreconf/HP-UXB.10.20.mk50
-rw-r--r--security/coreconf/HP-UXB.10.30.mk56
-rw-r--r--security/coreconf/HP-UXB.10.mk38
-rw-r--r--security/coreconf/HP-UXB.11.00.mk55
-rw-r--r--security/coreconf/HP-UXB.11.mk56
-rw-r--r--security/coreconf/IRIX.mk122
-rw-r--r--security/coreconf/IRIX5.2.mk35
-rw-r--r--security/coreconf/IRIX5.3.mk37
-rw-r--r--security/coreconf/IRIX5.mk40
-rw-r--r--security/coreconf/IRIX6.2.mk43
-rw-r--r--security/coreconf/IRIX6.3.mk42
-rw-r--r--security/coreconf/IRIX6.5.mk42
-rw-r--r--security/coreconf/IRIX6.mk47
-rw-r--r--security/coreconf/Linux.mk97
-rw-r--r--security/coreconf/Linux2.1.mk44
-rw-r--r--security/coreconf/Linux2.2.mk43
-rw-r--r--security/coreconf/LinuxELF1.2.mk36
-rw-r--r--security/coreconf/LinuxELF2.0.mk36
-rw-r--r--security/coreconf/Makefile43
-rw-r--r--security/coreconf/NCR3.0.mk90
-rw-r--r--security/coreconf/NEC4.2.mk61
-rw-r--r--security/coreconf/OSF1.mk74
-rw-r--r--security/coreconf/OSF1V2.0.mk35
-rw-r--r--security/coreconf/OSF1V3.0.mk35
-rw-r--r--security/coreconf/OSF1V3.2.mk44
-rw-r--r--security/coreconf/OSF1V4.0.mk51
-rw-r--r--security/coreconf/OSF1V4.0B.mk35
-rw-r--r--security/coreconf/OSF1V4.0D.mk39
-rw-r--r--security/coreconf/README568
-rw-r--r--security/coreconf/ReliantUNIX.mk84
-rw-r--r--security/coreconf/ReliantUNIX5.4.mk35
-rw-r--r--security/coreconf/SCOOS5.0.mk36
-rw-r--r--security/coreconf/SCO_SV3.2.mk86
-rw-r--r--security/coreconf/SunOS4.1.3_U1.mk59
-rw-r--r--security/coreconf/SunOS5.3.mk38
-rw-r--r--security/coreconf/SunOS5.4.mk38
-rw-r--r--security/coreconf/SunOS5.4_i86pc.mk68
-rw-r--r--security/coreconf/SunOS5.5.1.mk44
-rw-r--r--security/coreconf/SunOS5.5.1_i86pc.mk45
-rw-r--r--security/coreconf/SunOS5.5.mk42
-rw-r--r--security/coreconf/SunOS5.6.mk44
-rw-r--r--security/coreconf/SunOS5.6_i86pc.mk45
-rw-r--r--security/coreconf/SunOS5.7.mk44
-rw-r--r--security/coreconf/SunOS5.8.mk44
-rw-r--r--security/coreconf/SunOS5.mk133
-rw-r--r--security/coreconf/UNIX.mk87
-rw-r--r--security/coreconf/UNIXWARE2.1.mk51
-rw-r--r--security/coreconf/WIN16.mk117
-rw-r--r--security/coreconf/WIN32.mk100
-rw-r--r--security/coreconf/WIN954.0.mk63
-rw-r--r--security/coreconf/WINNT3.51.mk70
-rw-r--r--security/coreconf/WINNT4.0.mk69
-rw-r--r--security/coreconf/arch.mk292
-rw-r--r--security/coreconf/command.mk55
-rw-r--r--security/coreconf/config.mk142
-rw-r--r--security/coreconf/coreconf.pl156
-rwxr-xr-xsecurity/coreconf/cpdist.pl195
-rw-r--r--security/coreconf/headers.mk54
-rwxr-xr-xsecurity/coreconf/import.pl218
-rw-r--r--security/coreconf/jdk.mk652
-rwxr-xr-xsecurity/coreconf/jniregen.pl92
-rw-r--r--security/coreconf/location.mk60
-rw-r--r--security/coreconf/makefile.win100
-rw-r--r--security/coreconf/module.mk64
-rw-r--r--security/coreconf/nsinstall/Makefile59
-rwxr-xr-xsecurity/coreconf/nsinstall/nfspwd46
-rw-r--r--security/coreconf/nsinstall/nfspwd.pl46
-rw-r--r--security/coreconf/nsinstall/nsinstall.c403
-rw-r--r--security/coreconf/nsinstall/pathsub.c302
-rw-r--r--security/coreconf/nsinstall/pathsub.h77
-rw-r--r--security/coreconf/nsinstall/sunos4.h163
-rwxr-xr-xsecurity/coreconf/outofdate.pl67
-rw-r--r--security/coreconf/platform.mk38
-rw-r--r--security/coreconf/prefix.mk88
-rwxr-xr-xsecurity/coreconf/release.pl136
-rw-r--r--security/coreconf/rules.mk971
-rw-r--r--security/coreconf/ruleset.mk362
-rw-r--r--security/coreconf/source.mk174
-rw-r--r--security/coreconf/suffix.mk132
-rw-r--r--security/coreconf/tree.mk114
-rw-r--r--security/coreconf/version.mk103
-rw-r--r--security/coreconf/version.pl76
-rw-r--r--security/nss/Makefile116
-rw-r--r--security/nss/cmd/.cvsignore1
-rw-r--r--security/nss/cmd/Makefile182
-rw-r--r--security/nss/cmd/SSLsample/Makefile44
-rw-r--r--security/nss/cmd/SSLsample/Makefile.NSS58
-rw-r--r--security/nss/cmd/SSLsample/NSPRerrs.h133
-rw-r--r--security/nss/cmd/SSLsample/README43
-rw-r--r--security/nss/cmd/SSLsample/SECerrs.h441
-rw-r--r--security/nss/cmd/SSLsample/SSLerrs.h366
-rw-r--r--security/nss/cmd/SSLsample/client.c451
-rw-r--r--security/nss/cmd/SSLsample/client.mn50
-rwxr-xr-xsecurity/nss/cmd/SSLsample/gencerts79
-rw-r--r--security/nss/cmd/SSLsample/make.client78
-rw-r--r--security/nss/cmd/SSLsample/make.server77
-rwxr-xr-xsecurity/nss/cmd/SSLsample/nmakefile95.nss60
-rwxr-xr-xsecurity/nss/cmd/SSLsample/nmakefilent.nss59
-rw-r--r--security/nss/cmd/SSLsample/server.c822
-rw-r--r--security/nss/cmd/SSLsample/server.mn48
-rw-r--r--security/nss/cmd/SSLsample/sslerror.h110
-rw-r--r--security/nss/cmd/SSLsample/sslsample.c619
-rw-r--r--security/nss/cmd/SSLsample/sslsample.h179
-rw-r--r--security/nss/cmd/atob/Makefile76
-rw-r--r--security/nss/cmd/atob/atob.c176
-rw-r--r--security/nss/cmd/atob/makefile.win155
-rw-r--r--security/nss/cmd/atob/manifest.mn50
-rw-r--r--security/nss/cmd/bltest/Makefile82
-rw-r--r--security/nss/cmd/bltest/blapitest.c1798
-rw-r--r--security/nss/cmd/bltest/manifest.mn50
-rw-r--r--security/nss/cmd/bltest/tests/README26
-rw-r--r--security/nss/cmd/bltest/tests/des3_cbc/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/des3_cbc/iv01
-rw-r--r--security/nss/cmd/bltest/tests/des3_cbc/key01
-rw-r--r--security/nss/cmd/bltest/tests/des3_cbc/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/des3_cbc/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/des3_ecb/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/des3_ecb/key01
-rw-r--r--security/nss/cmd/bltest/tests/des3_ecb/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/des3_ecb/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/des_cbc/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/des_cbc/iv01
-rw-r--r--security/nss/cmd/bltest/tests/des_cbc/key01
-rw-r--r--security/nss/cmd/bltest/tests/des_cbc/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/des_cbc/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/des_ecb/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/des_ecb/key01
-rw-r--r--security/nss/cmd/bltest/tests/des_ecb/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/des_ecb/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/dsa/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/dsa/key06
-rw-r--r--security/nss/cmd/bltest/tests/dsa/keyseed01
-rw-r--r--security/nss/cmd/bltest/tests/dsa/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/dsa/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/dsa/pqg04
-rw-r--r--security/nss/cmd/bltest/tests/dsa/sigseed01
-rw-r--r--security/nss/cmd/bltest/tests/md2/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/md2/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/md2/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/md5/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/md5/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/md5/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/rc2_cbc/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/rc2_cbc/iv01
-rw-r--r--security/nss/cmd/bltest/tests/rc2_cbc/key01
-rw-r--r--security/nss/cmd/bltest/tests/rc2_cbc/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/rc2_cbc/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/rc2_ecb/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/rc2_ecb/key01
-rw-r--r--security/nss/cmd/bltest/tests/rc2_ecb/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/rc2_ecb/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/rc4/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/rc4/ciphertext11
-rw-r--r--security/nss/cmd/bltest/tests/rc4/key01
-rw-r--r--security/nss/cmd/bltest/tests/rc4/key11
-rw-r--r--security/nss/cmd/bltest/tests/rc4/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/rc4/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/rc4/plaintext11
-rw-r--r--security/nss/cmd/bltest/tests/rc5_cbc/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/rc5_cbc/iv01
-rw-r--r--security/nss/cmd/bltest/tests/rc5_cbc/key01
-rw-r--r--security/nss/cmd/bltest/tests/rc5_cbc/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/rc5_cbc/params02
-rw-r--r--security/nss/cmd/bltest/tests/rc5_cbc/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/rc5_ecb/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/rc5_ecb/key01
-rw-r--r--security/nss/cmd/bltest/tests/rc5_ecb/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/rc5_ecb/params02
-rw-r--r--security/nss/cmd/bltest/tests/rc5_ecb/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/rsa/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/rsa/key04
-rw-r--r--security/nss/cmd/bltest/tests/rsa/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/rsa/plaintext01
-rw-r--r--security/nss/cmd/bltest/tests/sha1/ciphertext01
-rw-r--r--security/nss/cmd/bltest/tests/sha1/numtests1
-rw-r--r--security/nss/cmd/bltest/tests/sha1/plaintext01
-rw-r--r--security/nss/cmd/btoa/Makefile75
-rw-r--r--security/nss/cmd/btoa/btoa.c195
-rw-r--r--security/nss/cmd/btoa/makefile.win130
-rw-r--r--security/nss/cmd/btoa/manifest.mn49
-rw-r--r--security/nss/cmd/certcgi/Makefile76
-rw-r--r--security/nss/cmd/certcgi/ca.html48
-rw-r--r--security/nss/cmd/certcgi/ca_form.html385
-rw-r--r--security/nss/cmd/certcgi/certcgi.c2460
-rw-r--r--security/nss/cmd/certcgi/index.html956
-rw-r--r--security/nss/cmd/certcgi/main.html105
-rw-r--r--security/nss/cmd/certcgi/manifest.mn48
-rw-r--r--security/nss/cmd/certcgi/nscp_ext_form.html113
-rw-r--r--security/nss/cmd/certcgi/stnd_ext_form.html247
-rw-r--r--security/nss/cmd/certutil/Makefile76
-rw-r--r--security/nss/cmd/certutil/certutil.c2583
-rw-r--r--security/nss/cmd/certutil/keystuff.c491
-rw-r--r--security/nss/cmd/certutil/makefile.win155
-rw-r--r--security/nss/cmd/certutil/manifest.mn50
-rw-r--r--security/nss/cmd/checkcert/Makefile76
-rw-r--r--security/nss/cmd/checkcert/checkcert.c636
-rw-r--r--security/nss/cmd/checkcert/makefile.win130
-rw-r--r--security/nss/cmd/checkcert/manifest.mn47
-rw-r--r--security/nss/cmd/crlutil/Makefile76
-rw-r--r--security/nss/cmd/crlutil/crlutil.c394
-rw-r--r--security/nss/cmd/crlutil/makefile.win130
-rw-r--r--security/nss/cmd/crlutil/manifest.mn51
-rw-r--r--security/nss/cmd/crmf-cgi/Makefile96
-rw-r--r--security/nss/cmd/crmf-cgi/config.mk45
-rw-r--r--security/nss/cmd/crmf-cgi/crmfcgi.c1123
-rw-r--r--security/nss/cmd/crmf-cgi/crmfcgi.html165
-rw-r--r--security/nss/cmd/crmf-cgi/manifest.mn57
-rw-r--r--security/nss/cmd/crmftest/Makefile99
-rw-r--r--security/nss/cmd/crmftest/config.mk44
-rw-r--r--security/nss/cmd/crmftest/manifest.mn53
-rw-r--r--security/nss/cmd/crmftest/testcrmf.c1527
-rw-r--r--security/nss/cmd/derdump/Makefile76
-rw-r--r--security/nss/cmd/derdump/derdump.c127
-rw-r--r--security/nss/cmd/derdump/makefile.win130
-rw-r--r--security/nss/cmd/derdump/manifest.mn49
-rw-r--r--security/nss/cmd/digest/Makefile76
-rw-r--r--security/nss/cmd/digest/digest.c250
-rw-r--r--security/nss/cmd/digest/makefile.win130
-rw-r--r--security/nss/cmd/digest/manifest.mn50
-rw-r--r--security/nss/cmd/include/secnew.h163
-rw-r--r--security/nss/cmd/keyutil/Makefile73
-rw-r--r--security/nss/cmd/keyutil/keyutil.c340
-rw-r--r--security/nss/cmd/keyutil/manifest.mn50
-rw-r--r--security/nss/cmd/lib/Makefile75
-rw-r--r--security/nss/cmd/lib/NSPRerrs.h133
-rw-r--r--security/nss/cmd/lib/SECerrs.h441
-rw-r--r--security/nss/cmd/lib/SSLerrs.h366
-rw-r--r--security/nss/cmd/lib/berparse.c404
-rw-r--r--security/nss/cmd/lib/config.mk44
-rw-r--r--security/nss/cmd/lib/derprint.c619
-rw-r--r--security/nss/cmd/lib/dongle.c249
-rw-r--r--security/nss/cmd/lib/fe_util.c40
-rw-r--r--security/nss/cmd/lib/ffs.c48
-rw-r--r--security/nss/cmd/lib/filestub.c1118
-rw-r--r--security/nss/cmd/lib/makefile.win66
-rw-r--r--security/nss/cmd/lib/manifest.mn67
-rw-r--r--security/nss/cmd/lib/secarb.c372
-rw-r--r--security/nss/cmd/lib/secerror.c107
-rw-r--r--security/nss/cmd/lib/secpwd.c181
-rw-r--r--security/nss/cmd/lib/secutil.c3196
-rw-r--r--security/nss/cmd/lib/secutil.h344
-rw-r--r--security/nss/cmd/lib/sslstubs.c74
-rw-r--r--security/nss/cmd/lib/strerror.c127
-rw-r--r--security/nss/cmd/lib/stubs.c50
-rw-r--r--security/nss/cmd/makefile.inc84
-rw-r--r--security/nss/cmd/makefile.win48
-rw-r--r--security/nss/cmd/makepqg/Makefile77
-rw-r--r--security/nss/cmd/makepqg/makefile.win156
-rw-r--r--security/nss/cmd/makepqg/makepqg.c277
-rw-r--r--security/nss/cmd/makepqg/manifest.mn45
-rw-r--r--security/nss/cmd/makepqg/testit.ksh41
-rw-r--r--security/nss/cmd/manifest.mn82
-rw-r--r--security/nss/cmd/modutil/Makefile85
-rw-r--r--security/nss/cmd/modutil/README7
-rw-r--r--security/nss/cmd/modutil/README.TXT7
-rw-r--r--security/nss/cmd/modutil/config.mk77
-rw-r--r--security/nss/cmd/modutil/error.h178
-rw-r--r--security/nss/cmd/modutil/install-ds.c1541
-rw-r--r--security/nss/cmd/modutil/install-ds.h290
-rw-r--r--security/nss/cmd/modutil/install.c979
-rw-r--r--security/nss/cmd/modutil/install.h130
-rw-r--r--security/nss/cmd/modutil/installparse.c745
-rw-r--r--security/nss/cmd/modutil/installparse.h3
-rw-r--r--security/nss/cmd/modutil/installparse.l166
-rw-r--r--security/nss/cmd/modutil/installparse.y133
-rw-r--r--security/nss/cmd/modutil/instsec.c178
-rw-r--r--security/nss/cmd/modutil/lex.Pk11Install_yy.c1691
-rw-r--r--security/nss/cmd/modutil/manifest.mn57
-rw-r--r--security/nss/cmd/modutil/modutil.c873
-rw-r--r--security/nss/cmd/modutil/modutil.h64
-rw-r--r--security/nss/cmd/modutil/pk11.c808
-rw-r--r--security/nss/cmd/modutil/pk11jar.html309
-rw-r--r--security/nss/cmd/modutil/rules.mk46
-rw-r--r--security/nss/cmd/modutil/specification.html351
-rw-r--r--security/nss/cmd/ocspclnt/Makefile73
-rw-r--r--security/nss/cmd/ocspclnt/manifest.mn52
-rw-r--r--security/nss/cmd/ocspclnt/ocspclnt.c1220
-rw-r--r--security/nss/cmd/oidcalc/Makefile76
-rw-r--r--security/nss/cmd/oidcalc/manifest.mn47
-rw-r--r--security/nss/cmd/oidcalc/oidcalc.c117
-rw-r--r--security/nss/cmd/p7content/Makefile75
-rw-r--r--security/nss/cmd/p7content/manifest.mn44
-rw-r--r--security/nss/cmd/p7content/p7content.c312
-rw-r--r--security/nss/cmd/p7env/Makefile75
-rw-r--r--security/nss/cmd/p7env/manifest.mn44
-rw-r--r--security/nss/cmd/p7env/p7env.c288
-rw-r--r--security/nss/cmd/p7sign/Makefile75
-rw-r--r--security/nss/cmd/p7sign/manifest.mn44
-rw-r--r--security/nss/cmd/p7sign/p7sign.c318
-rw-r--r--security/nss/cmd/p7verify/Makefile75
-rw-r--r--security/nss/cmd/p7verify/manifest.mn44
-rw-r--r--security/nss/cmd/p7verify/p7verify.c324
-rw-r--r--security/nss/cmd/pk12util/Makefile94
-rw-r--r--security/nss/cmd/pk12util/manifest.mn58
-rw-r--r--security/nss/cmd/pk12util/pk12util.c1235
-rw-r--r--security/nss/cmd/pk12util/pk12util.h70
-rw-r--r--security/nss/cmd/platlibs.mk117
-rw-r--r--security/nss/cmd/platrules.mk48
-rw-r--r--security/nss/cmd/pp/Makefile75
-rw-r--r--security/nss/cmd/pp/manifest.mn47
-rw-r--r--security/nss/cmd/pp/pp.c166
-rw-r--r--security/nss/cmd/samples/cert15
-rw-r--r--security/nss/cmd/samples/cert0bin505 -> 0 bytes
-rw-r--r--security/nss/cmd/samples/cert1bin515 -> 0 bytes
-rw-r--r--security/nss/cmd/samples/cert2bin528 -> 0 bytes
-rw-r--r--security/nss/cmd/samples/pkcs7.berbin1771 -> 0 bytes
-rw-r--r--security/nss/cmd/samples/pkcs7bday.berbin1881 -> 0 bytes
-rw-r--r--security/nss/cmd/samples/pkcs7cnet.berbin3330 -> 0 bytes
-rw-r--r--security/nss/cmd/samples/pkcs7news.berbin255328 -> 0 bytes
-rw-r--r--security/nss/cmd/samples/x509v3.derbin463 -> 0 bytes
-rw-r--r--security/nss/cmd/samples/x509v3.txt10
-rw-r--r--security/nss/cmd/sdrtest/Makefile73
-rw-r--r--security/nss/cmd/sdrtest/manifest.mn52
-rw-r--r--security/nss/cmd/sdrtest/sdrtest.c295
-rw-r--r--security/nss/cmd/selfserv/Makefile74
-rw-r--r--security/nss/cmd/selfserv/makefile.win136
-rw-r--r--security/nss/cmd/selfserv/manifest.mn48
-rw-r--r--security/nss/cmd/selfserv/selfserv.c1305
-rw-r--r--security/nss/cmd/signtool/Makefile89
-rw-r--r--security/nss/cmd/signtool/README119
-rw-r--r--security/nss/cmd/signtool/README.TXT119
-rw-r--r--security/nss/cmd/signtool/certgen.c728
-rw-r--r--security/nss/cmd/signtool/javascript.c1787
-rw-r--r--security/nss/cmd/signtool/list.c281
-rw-r--r--security/nss/cmd/signtool/manifest.mn53
-rw-r--r--security/nss/cmd/signtool/sign.c861
-rw-r--r--security/nss/cmd/signtool/signtool.c1011
-rw-r--r--security/nss/cmd/signtool/signtool.h139
-rw-r--r--security/nss/cmd/signtool/util.c1012
-rw-r--r--security/nss/cmd/signtool/verify.c366
-rw-r--r--security/nss/cmd/signtool/zip.c677
-rw-r--r--security/nss/cmd/signtool/zip.h100
-rw-r--r--security/nss/cmd/signver/Makefile70
-rwxr-xr-xsecurity/nss/cmd/signver/examples/1/form.pl50
-rw-r--r--security/nss/cmd/signver/examples/1/signedForm.html84
-rw-r--r--security/nss/cmd/signver/examples/1/signedForm.nt.html84
-rwxr-xr-xsecurity/nss/cmd/signver/examples/1/signedForm.pl88
-rw-r--r--security/nss/cmd/signver/manifest.mn52
-rw-r--r--security/nss/cmd/signver/pk7print.c918
-rw-r--r--security/nss/cmd/signver/signver.c458
-rw-r--r--security/nss/cmd/smimetools/Makefile73
-rw-r--r--security/nss/cmd/smimetools/cmsutil.c877
-rw-r--r--security/nss/cmd/smimetools/manifest.mn45
-rw-r--r--security/nss/cmd/smimetools/rules.mk37
-rwxr-xr-xsecurity/nss/cmd/smimetools/smime573
-rw-r--r--security/nss/cmd/sslstrength/Makefile72
-rw-r--r--security/nss/cmd/sslstrength/manifest.mn50
-rw-r--r--security/nss/cmd/sslstrength/sslstr.cgi296
-rw-r--r--security/nss/cmd/sslstrength/sslstrength.c641
-rwxr-xr-xsecurity/nss/cmd/sslstrength/sslwrap181
-rw-r--r--security/nss/cmd/ssltap/Makefile79
-rw-r--r--security/nss/cmd/ssltap/config.mk52
-rw-r--r--security/nss/cmd/ssltap/manifest.mn53
-rw-r--r--security/nss/cmd/ssltap/ssltap-manual.html199
-rw-r--r--security/nss/cmd/ssltap/ssltap.c1339
-rw-r--r--security/nss/cmd/strsclnt/Makefile75
-rw-r--r--security/nss/cmd/strsclnt/manifest.mn47
-rw-r--r--security/nss/cmd/strsclnt/strsclnt.c1108
-rw-r--r--security/nss/cmd/swfort/Makefile108
-rw-r--r--security/nss/cmd/swfort/instinit/Makefile75
-rw-r--r--security/nss/cmd/swfort/instinit/instinit.c455
-rw-r--r--security/nss/cmd/swfort/instinit/manifest.mn45
-rw-r--r--security/nss/cmd/swfort/manifest.mn38
-rw-r--r--security/nss/cmd/swfort/newuser/Makefile87
-rw-r--r--security/nss/cmd/swfort/newuser/manifest.mn44
-rw-r--r--security/nss/cmd/swfort/newuser/mktst.c254
-rw-r--r--security/nss/cmd/swfort/newuser/newuser.c1143
-rw-r--r--security/nss/cmd/tstclnt/Makefile82
-rw-r--r--security/nss/cmd/tstclnt/makefile.win130
-rw-r--r--security/nss/cmd/tstclnt/manifest.mn50
-rw-r--r--security/nss/cmd/tstclnt/tstclnt.c652
-rw-r--r--security/nss/cmd/zlib/Makefile52
-rw-r--r--security/nss/cmd/zlib/README99
-rw-r--r--security/nss/cmd/zlib/adler32.c48
-rw-r--r--security/nss/cmd/zlib/compress.c57
-rw-r--r--security/nss/cmd/zlib/config.mk45
-rw-r--r--security/nss/cmd/zlib/crc32.c162
-rw-r--r--security/nss/cmd/zlib/deflate.c1209
-rw-r--r--security/nss/cmd/zlib/deflate.h275
-rw-r--r--security/nss/cmd/zlib/example.c503
-rw-r--r--security/nss/cmd/zlib/gzio.c537
-rw-r--r--security/nss/cmd/zlib/infblock.c406
-rw-r--r--security/nss/cmd/zlib/infblock.h37
-rw-r--r--security/nss/cmd/zlib/infcodes.c247
-rw-r--r--security/nss/cmd/zlib/infcodes.h27
-rw-r--r--security/nss/cmd/zlib/inffast.c168
-rw-r--r--security/nss/cmd/zlib/inffast.h17
-rw-r--r--security/nss/cmd/zlib/inflate.c346
-rw-r--r--security/nss/cmd/zlib/inftrees.c479
-rw-r--r--security/nss/cmd/zlib/inftrees.h59
-rw-r--r--security/nss/cmd/zlib/infutil.c87
-rw-r--r--security/nss/cmd/zlib/infutil.h99
-rw-r--r--security/nss/cmd/zlib/makefile.win91
-rw-r--r--security/nss/cmd/zlib/manifest.mn37
-rw-r--r--security/nss/cmd/zlib/minigzip.c246
-rw-r--r--security/nss/cmd/zlib/netscape_mods.doc43
-rw-r--r--security/nss/cmd/zlib/stubs.c17
-rw-r--r--security/nss/cmd/zlib/trees.c1143
-rw-r--r--security/nss/cmd/zlib/uncompr.c58
-rw-r--r--security/nss/cmd/zlib/zconf.h190
-rw-r--r--security/nss/cmd/zlib/zip16.def24
-rw-r--r--security/nss/cmd/zlib/zip_nodl.c50
-rw-r--r--security/nss/cmd/zlib/zlib.h892
-rw-r--r--security/nss/cmd/zlib/zutil.c215
-rw-r--r--security/nss/cmd/zlib/zutil.h210
-rw-r--r--security/nss/lib/Makefile88
-rw-r--r--security/nss/lib/asn1/Makefile38
-rw-r--r--security/nss/lib/asn1/asn1.c1726
-rw-r--r--security/nss/lib/asn1/asn1.h879
-rw-r--r--security/nss/lib/asn1/asn1m.h80
-rw-r--r--security/nss/lib/asn1/asn1t.h166
-rw-r--r--security/nss/lib/asn1/config.mk37
-rw-r--r--security/nss/lib/asn1/manifest.mn55
-rw-r--r--security/nss/lib/asn1/nssasn1t.h67
-rw-r--r--security/nss/lib/base/Makefile38
-rw-r--r--security/nss/lib/base/arena.c1121
-rw-r--r--security/nss/lib/base/base.h1063
-rw-r--r--security/nss/lib/base/baset.h147
-rw-r--r--security/nss/lib/base/config.mk37
-rw-r--r--security/nss/lib/base/error.c298
-rw-r--r--security/nss/lib/base/errorval.c77
-rw-r--r--security/nss/lib/base/hashops.c117
-rw-r--r--security/nss/lib/base/item.c228
-rw-r--r--security/nss/lib/base/libc.c197
-rw-r--r--security/nss/lib/base/manifest.mn62
-rw-r--r--security/nss/lib/base/nssbase.h167
-rw-r--r--security/nss/lib/base/nssbaset.h151
-rw-r--r--security/nss/lib/base/tracker.c544
-rw-r--r--security/nss/lib/base/utf8.c759
-rw-r--r--security/nss/lib/base/whatnspr.c170
-rw-r--r--security/nss/lib/certdb/.cvsignore1
-rw-r--r--security/nss/lib/certdb/Makefile76
-rw-r--r--security/nss/lib/certdb/alg1485.c953
-rw-r--r--security/nss/lib/certdb/cdbhdl.h57
-rw-r--r--security/nss/lib/certdb/cert.h1387
-rw-r--r--security/nss/lib/certdb/certdb.c2271
-rw-r--r--security/nss/lib/certdb/certdb.h396
-rw-r--r--security/nss/lib/certdb/certinit.c399
-rw-r--r--security/nss/lib/certdb/certt.h804
-rw-r--r--security/nss/lib/certdb/certv3.c406
-rw-r--r--security/nss/lib/certdb/certxutl.c482
-rw-r--r--security/nss/lib/certdb/certxutl.h79
-rw-r--r--security/nss/lib/certdb/config.mk44
-rw-r--r--security/nss/lib/certdb/crl.c387
-rw-r--r--security/nss/lib/certdb/genname.c1589
-rw-r--r--security/nss/lib/certdb/genname.h125
-rw-r--r--security/nss/lib/certdb/manifest.mn76
-rw-r--r--security/nss/lib/certdb/pcertdb.c7340
-rw-r--r--security/nss/lib/certdb/polcyxtn.c541
-rw-r--r--security/nss/lib/certdb/secname.c625
-rw-r--r--security/nss/lib/certdb/xauthkid.c147
-rw-r--r--security/nss/lib/certdb/xbsconst.c167
-rw-r--r--security/nss/lib/certdb/xconst.c253
-rw-r--r--security/nss/lib/certdb/xconst.h85
-rw-r--r--security/nss/lib/certhigh/Makefile76
-rw-r--r--security/nss/lib/certhigh/certhigh.c1053
-rw-r--r--security/nss/lib/certhigh/certhtml.c623
-rw-r--r--security/nss/lib/certhigh/certread.c535
-rw-r--r--security/nss/lib/certhigh/certreq.c228
-rw-r--r--security/nss/lib/certhigh/certvfy.c1575
-rw-r--r--security/nss/lib/certhigh/config.mk44
-rw-r--r--security/nss/lib/certhigh/crlv2.c126
-rw-r--r--security/nss/lib/certhigh/manifest.mn60
-rw-r--r--security/nss/lib/certhigh/ocsp.c3897
-rw-r--r--security/nss/lib/certhigh/ocsp.h452
-rw-r--r--security/nss/lib/certhigh/ocspt.h59
-rw-r--r--security/nss/lib/certhigh/ocspti.h398
-rw-r--r--security/nss/lib/certhigh/xcrldist.c222
-rw-r--r--security/nss/lib/ckfw/.cvsignore4
-rw-r--r--security/nss/lib/ckfw/Makefile46
-rw-r--r--security/nss/lib/ckfw/builtins/.cvsignore1
-rw-r--r--security/nss/lib/ckfw/builtins/Makefile43
-rw-r--r--security/nss/lib/ckfw/builtins/anchor.c50
-rw-r--r--security/nss/lib/ckfw/builtins/builtins.h103
-rw-r--r--security/nss/lib/ckfw/builtins/certdata.perl291
-rw-r--r--security/nss/lib/ckfw/builtins/certdata.txt143
-rw-r--r--security/nss/lib/ckfw/builtins/config.mk37
-rw-r--r--security/nss/lib/ckfw/builtins/constants.c82
-rw-r--r--security/nss/lib/ckfw/builtins/find.c237
-rw-r--r--security/nss/lib/ckfw/builtins/instance.c130
-rw-r--r--security/nss/lib/ckfw/builtins/manifest.mn55
-rw-r--r--security/nss/lib/ckfw/builtins/object.c254
-rw-r--r--security/nss/lib/ckfw/builtins/session.c108
-rw-r--r--security/nss/lib/ckfw/builtins/slot.c124
-rw-r--r--security/nss/lib/ckfw/builtins/token.c184
-rw-r--r--security/nss/lib/ckfw/ck.api571
-rw-r--r--security/nss/lib/ckfw/ck.h121
-rw-r--r--security/nss/lib/ckfw/ckapi.perl497
-rw-r--r--security/nss/lib/ckfw/ckfw.h1858
-rw-r--r--security/nss/lib/ckfw/ckfwm.h161
-rw-r--r--security/nss/lib/ckfw/ckfwtm.h56
-rw-r--r--security/nss/lib/ckfw/ckmd.h65
-rw-r--r--security/nss/lib/ckfw/ckt.h196
-rw-r--r--security/nss/lib/ckfw/config.mk37
-rw-r--r--security/nss/lib/ckfw/dbm/Makefile38
-rw-r--r--security/nss/lib/ckfw/dbm/anchor.c50
-rw-r--r--security/nss/lib/ckfw/dbm/ckdbm.h281
-rw-r--r--security/nss/lib/ckfw/dbm/config.mk37
-rw-r--r--security/nss/lib/ckfw/dbm/db.c1065
-rw-r--r--security/nss/lib/ckfw/dbm/find.c166
-rw-r--r--security/nss/lib/ckfw/dbm/instance.c196
-rw-r--r--security/nss/lib/ckfw/dbm/manifest.mn54
-rw-r--r--security/nss/lib/ckfw/dbm/object.c204
-rw-r--r--security/nss/lib/ckfw/dbm/session.c298
-rw-r--r--security/nss/lib/ckfw/dbm/slot.c214
-rw-r--r--security/nss/lib/ckfw/dbm/token.c315
-rw-r--r--security/nss/lib/ckfw/find.c408
-rw-r--r--security/nss/lib/ckfw/hash.c334
-rw-r--r--security/nss/lib/ckfw/instance.c1310
-rw-r--r--security/nss/lib/ckfw/manifest.mn77
-rw-r--r--security/nss/lib/ckfw/mutex.c346
-rw-r--r--security/nss/lib/ckfw/nssckfw.h499
-rw-r--r--security/nss/lib/ckfw/nssckfwc.h1046
-rw-r--r--security/nss/lib/ckfw/nssckfwt.h111
-rw-r--r--security/nss/lib/ckfw/nssckmdt.h2014
-rw-r--r--security/nss/lib/ckfw/nssckp.h66
-rw-r--r--security/nss/lib/ckfw/nssckt.h1123
-rw-r--r--security/nss/lib/ckfw/nsscku.h71
-rw-r--r--security/nss/lib/ckfw/object.c1044
-rw-r--r--security/nss/lib/ckfw/session.c1962
-rw-r--r--security/nss/lib/ckfw/sessobj.c1090
-rw-r--r--security/nss/lib/ckfw/slot.c753
-rw-r--r--security/nss/lib/ckfw/token.c1864
-rw-r--r--security/nss/lib/ckfw/wrap.c3414
-rw-r--r--security/nss/lib/crmf/Makefile77
-rw-r--r--security/nss/lib/crmf/asn1cmn.c236
-rw-r--r--security/nss/lib/crmf/challcli.c284
-rw-r--r--security/nss/lib/crmf/cmmf.h1119
-rw-r--r--security/nss/lib/crmf/cmmfasn1.c158
-rw-r--r--security/nss/lib/crmf/cmmfchal.c322
-rw-r--r--security/nss/lib/crmf/cmmfi.h127
-rw-r--r--security/nss/lib/crmf/cmmfit.h145
-rw-r--r--security/nss/lib/crmf/cmmfrec.c337
-rw-r--r--security/nss/lib/crmf/cmmfresp.c312
-rw-r--r--security/nss/lib/crmf/cmmft.h102
-rw-r--r--security/nss/lib/crmf/config.mk45
-rw-r--r--security/nss/lib/crmf/crmf.h1779
-rw-r--r--security/nss/lib/crmf/crmfcont.c1164
-rw-r--r--security/nss/lib/crmf/crmfdec.c380
-rw-r--r--security/nss/lib/crmf/crmfenc.c84
-rw-r--r--security/nss/lib/crmf/crmffut.h390
-rw-r--r--security/nss/lib/crmf/crmfget.c478
-rw-r--r--security/nss/lib/crmf/crmfi.h186
-rw-r--r--security/nss/lib/crmf/crmfit.h216
-rw-r--r--security/nss/lib/crmf/crmfpop.c604
-rw-r--r--security/nss/lib/crmf/crmfreq.c697
-rw-r--r--security/nss/lib/crmf/crmft.h217
-rw-r--r--security/nss/lib/crmf/crmftmpl.c270
-rw-r--r--security/nss/lib/crmf/encutil.c63
-rw-r--r--security/nss/lib/crmf/manifest.mn73
-rw-r--r--security/nss/lib/crmf/respcli.c167
-rw-r--r--security/nss/lib/crmf/respcmn.c414
-rw-r--r--security/nss/lib/crmf/servget.c1007
-rw-r--r--security/nss/lib/cryptohi/Makefile77
-rw-r--r--security/nss/lib/cryptohi/config.mk44
-rw-r--r--security/nss/lib/cryptohi/cryptohi.h236
-rw-r--r--security/nss/lib/cryptohi/cryptoht.h45
-rw-r--r--security/nss/lib/cryptohi/dsautil.c229
-rw-r--r--security/nss/lib/cryptohi/hasht.h87
-rw-r--r--security/nss/lib/cryptohi/key.h44
-rw-r--r--security/nss/lib/cryptohi/keyhi.h211
-rw-r--r--security/nss/lib/cryptohi/keyt.h46
-rw-r--r--security/nss/lib/cryptohi/keythi.h83
-rw-r--r--security/nss/lib/cryptohi/manifest.mn64
-rw-r--r--security/nss/lib/cryptohi/sechash.c274
-rw-r--r--security/nss/lib/cryptohi/sechash.h77
-rw-r--r--security/nss/lib/cryptohi/seckey.c1651
-rw-r--r--security/nss/lib/cryptohi/secsign.c497
-rw-r--r--security/nss/lib/cryptohi/secvfy.c391
-rw-r--r--security/nss/lib/fortcrypt/Makefile164
-rw-r--r--security/nss/lib/fortcrypt/config.mk52
-rw-r--r--security/nss/lib/fortcrypt/cryptint.h703
-rw-r--r--security/nss/lib/fortcrypt/fmutex.c113
-rw-r--r--security/nss/lib/fortcrypt/fmutex.h57
-rw-r--r--security/nss/lib/fortcrypt/forsock.c815
-rw-r--r--security/nss/lib/fortcrypt/fortinst.htm161
-rw-r--r--security/nss/lib/fortcrypt/fortpk11.c4544
-rw-r--r--security/nss/lib/fortcrypt/fortsock.h105
-rw-r--r--security/nss/lib/fortcrypt/fpkcs11.h170
-rw-r--r--security/nss/lib/fortcrypt/fpkcs11f.h953
-rw-r--r--security/nss/lib/fortcrypt/fpkcs11i.h269
-rw-r--r--security/nss/lib/fortcrypt/fpkcs11t.h1098
-rw-r--r--security/nss/lib/fortcrypt/fpkmem.h48
-rw-r--r--security/nss/lib/fortcrypt/fpkstrs.h122
-rw-r--r--security/nss/lib/fortcrypt/genci.h145
-rw-r--r--security/nss/lib/fortcrypt/globinst.htm139
-rw-r--r--security/nss/lib/fortcrypt/handinst.htm180
-rw-r--r--security/nss/lib/fortcrypt/homeinst.htm211
-rw-r--r--security/nss/lib/fortcrypt/inst.js268
-rw-r--r--security/nss/lib/fortcrypt/inst_PPC.js134
-rw-r--r--security/nss/lib/fortcrypt/install.js134
-rw-r--r--security/nss/lib/fortcrypt/maci.c901
-rw-r--r--security/nss/lib/fortcrypt/maci.h776
-rw-r--r--security/nss/lib/fortcrypt/macinst.htm148
-rw-r--r--security/nss/lib/fortcrypt/manifest.mn50
-rw-r--r--security/nss/lib/fortcrypt/replace.c101
-rw-r--r--security/nss/lib/fortcrypt/secmodjar.html441
-rw-r--r--security/nss/lib/fortcrypt/swfort/.cvsignore1
-rw-r--r--security/nss/lib/fortcrypt/swfort/Makefile82
-rw-r--r--security/nss/lib/fortcrypt/swfort/config.mk44
-rw-r--r--security/nss/lib/fortcrypt/swfort/manifest.mn56
-rw-r--r--security/nss/lib/fortcrypt/swfort/nsmap.h86
-rw-r--r--security/nss/lib/fortcrypt/swfort/pkcs11/.cvsignore15
-rw-r--r--security/nss/lib/fortcrypt/swfort/pkcs11/Makefile183
-rw-r--r--security/nss/lib/fortcrypt/swfort/pkcs11/config.mk52
-rw-r--r--security/nss/lib/fortcrypt/swfort/pkcs11/inst.js189
-rw-r--r--security/nss/lib/fortcrypt/swfort/pkcs11/manifest.mn73
-rwxr-xr-xsecurity/nss/lib/fortcrypt/swfort/pkcs11/pk11inst49
-rw-r--r--security/nss/lib/fortcrypt/swfort/pkcs11/stub.c344
-rw-r--r--security/nss/lib/fortcrypt/swfort/swfalg.c506
-rw-r--r--security/nss/lib/fortcrypt/swfort/swflib.c1028
-rw-r--r--security/nss/lib/fortcrypt/swfort/swfort.h70
-rw-r--r--security/nss/lib/fortcrypt/swfort/swforti.h176
-rw-r--r--security/nss/lib/fortcrypt/swfort/swfortt.h56
-rw-r--r--security/nss/lib/fortcrypt/swfort/swfortti.h153
-rw-r--r--security/nss/lib/fortcrypt/swfort/swfparse.c538
-rw-r--r--security/nss/lib/fortcrypt/swfort/swfutl.c728
-rw-r--r--security/nss/lib/freebl/Makefile87
-rw-r--r--security/nss/lib/freebl/alg2268.c491
-rw-r--r--security/nss/lib/freebl/blapi.h735
-rw-r--r--security/nss/lib/freebl/blapi_bsf.c2086
-rw-r--r--security/nss/lib/freebl/blapit.h219
-rw-r--r--security/nss/lib/freebl/config.mk44
-rw-r--r--security/nss/lib/freebl/dh.c82
-rwxr-xr-xsecurity/nss/lib/freebl/fblstdlib.c120
-rw-r--r--security/nss/lib/freebl/manifest.mn66
-rw-r--r--security/nss/lib/freebl/md2.c288
-rw-r--r--security/nss/lib/freebl/md5.c529
-rw-r--r--security/nss/lib/freebl/sha.c160
-rw-r--r--security/nss/lib/freebl/sha.h48
-rw-r--r--security/nss/lib/freebl/sha_fast.c433
-rw-r--r--security/nss/lib/jar/Makefile39
-rw-r--r--security/nss/lib/jar/config.mk44
-rw-r--r--security/nss/lib/jar/jar-ds.c70
-rw-r--r--security/nss/lib/jar/jar-ds.h106
-rw-r--r--security/nss/lib/jar/jar.c833
-rw-r--r--security/nss/lib/jar/jar.h477
-rw-r--r--security/nss/lib/jar/jarevil.c571
-rw-r--r--security/nss/lib/jar/jarevil.h76
-rw-r--r--security/nss/lib/jar/jarfile.c1149
-rw-r--r--security/nss/lib/jar/jarfile.h114
-rw-r--r--security/nss/lib/jar/jarint.c81
-rw-r--r--security/nss/lib/jar/jarint.h116
-rw-r--r--security/nss/lib/jar/jarjart.c354
-rw-r--r--security/nss/lib/jar/jarjart.h72
-rw-r--r--security/nss/lib/jar/jarnav.c107
-rw-r--r--security/nss/lib/jar/jarsign.c376
-rw-r--r--security/nss/lib/jar/jarver.c2029
-rw-r--r--security/nss/lib/jar/jzconf.h190
-rw-r--r--security/nss/lib/jar/jzlib.h896
-rw-r--r--security/nss/lib/jar/manifest.mn53
-rw-r--r--security/nss/lib/macbuild/NSS/NSS/NSS.mcpbin939 -> 0 bytes
-rw-r--r--security/nss/lib/macbuild/SecurityLib.mcpbin56096 -> 0 bytes
-rw-r--r--security/nss/lib/manifest.mn44
-rw-r--r--security/nss/lib/nss/Makefile78
-rw-r--r--security/nss/lib/nss/config.mk44
-rw-r--r--security/nss/lib/nss/manifest.mn47
-rw-r--r--security/nss/lib/nss/nss.h59
-rw-r--r--security/nss/lib/nss/nssinit.c201
-rw-r--r--security/nss/lib/pk11wrap/Makefile77
-rw-r--r--security/nss/lib/pk11wrap/config.mk44
-rw-r--r--security/nss/lib/pk11wrap/manifest.mn64
-rw-r--r--security/nss/lib/pk11wrap/pk11cert.c2413
-rw-r--r--security/nss/lib/pk11wrap/pk11db.c645
-rw-r--r--security/nss/lib/pk11wrap/pk11err.c147
-rw-r--r--security/nss/lib/pk11wrap/pk11func.h449
-rw-r--r--security/nss/lib/pk11wrap/pk11kea.c224
-rw-r--r--security/nss/lib/pk11wrap/pk11list.c165
-rw-r--r--security/nss/lib/pk11wrap/pk11load.c239
-rw-r--r--security/nss/lib/pk11wrap/pk11sdr.c288
-rw-r--r--security/nss/lib/pk11wrap/pk11sdr.h59
-rw-r--r--security/nss/lib/pk11wrap/pk11skey.c4854
-rw-r--r--security/nss/lib/pk11wrap/pk11slot.c4312
-rw-r--r--security/nss/lib/pk11wrap/pk11util.c518
-rw-r--r--security/nss/lib/pk11wrap/secmod.h134
-rw-r--r--security/nss/lib/pk11wrap/secmodi.h81
-rw-r--r--security/nss/lib/pk11wrap/secmodt.h175
-rw-r--r--security/nss/lib/pk11wrap/secmodti.h184
-rw-r--r--security/nss/lib/pkcs12/Makefile77
-rw-r--r--security/nss/lib/pkcs12/config.mk45
-rw-r--r--security/nss/lib/pkcs12/manifest.mn58
-rw-r--r--security/nss/lib/pkcs12/p12.h173
-rw-r--r--security/nss/lib/pkcs12/p12creat.c251
-rw-r--r--security/nss/lib/pkcs12/p12d.c3224
-rw-r--r--security/nss/lib/pkcs12/p12dec.c692
-rw-r--r--security/nss/lib/pkcs12/p12e.c2254
-rw-r--r--security/nss/lib/pkcs12/p12exp.c1407
-rw-r--r--security/nss/lib/pkcs12/p12local.c1325
-rw-r--r--security/nss/lib/pkcs12/p12local.h87
-rw-r--r--security/nss/lib/pkcs12/p12plcy.c198
-rw-r--r--security/nss/lib/pkcs12/p12plcy.h57
-rw-r--r--security/nss/lib/pkcs12/p12t.h182
-rw-r--r--security/nss/lib/pkcs12/p12tmpl.c315
-rw-r--r--security/nss/lib/pkcs12/pkcs12.h67
-rw-r--r--security/nss/lib/pkcs12/pkcs12t.h386
-rw-r--r--security/nss/lib/pkcs7/Makefile76
-rw-r--r--security/nss/lib/pkcs7/config.mk44
-rw-r--r--security/nss/lib/pkcs7/manifest.mn59
-rw-r--r--security/nss/lib/pkcs7/p7common.c738
-rw-r--r--security/nss/lib/pkcs7/p7create.c1320
-rw-r--r--security/nss/lib/pkcs7/p7decode.c2087
-rw-r--r--security/nss/lib/pkcs7/p7encode.c1329
-rw-r--r--security/nss/lib/pkcs7/p7local.c1431
-rw-r--r--security/nss/lib/pkcs7/p7local.h176
-rw-r--r--security/nss/lib/pkcs7/pkcs7t.h292
-rw-r--r--security/nss/lib/pkcs7/secmime.c901
-rw-r--r--security/nss/lib/pkcs7/secmime.h192
-rw-r--r--security/nss/lib/pkcs7/secpkcs7.h618
-rw-r--r--security/nss/lib/pki/nsspki.h3161
-rw-r--r--security/nss/lib/pki/nsspkit.h261
-rw-r--r--security/nss/lib/pki1/.cvsignore3
-rw-r--r--security/nss/lib/pki1/Makefile38
-rw-r--r--security/nss/lib/pki1/atav.c1803
-rw-r--r--security/nss/lib/pki1/config.mk37
-rw-r--r--security/nss/lib/pki1/genname.c94
-rw-r--r--security/nss/lib/pki1/gnseq.c71
-rw-r--r--security/nss/lib/pki1/manifest.mn63
-rw-r--r--security/nss/lib/pki1/name.c77
-rw-r--r--security/nss/lib/pki1/nsspki1.h2869
-rw-r--r--security/nss/lib/pki1/nsspki1t.h202
-rw-r--r--security/nss/lib/pki1/oid.c1615
-rwxr-xr-xsecurity/nss/lib/pki1/oidgen.perl311
-rw-r--r--security/nss/lib/pki1/oids.txt2115
-rw-r--r--security/nss/lib/pki1/pki1.h3032
-rw-r--r--security/nss/lib/pki1/pki1t.h104
-rw-r--r--security/nss/lib/pki1/rdn.c73
-rw-r--r--security/nss/lib/pki1/rdnseq.c71
-rw-r--r--security/nss/lib/pkix/doc/name_rules.html178
-rw-r--r--security/nss/lib/pkix/include/nsspkix.h24377
-rw-r--r--security/nss/lib/pkix/include/nsspkixt.h2281
-rw-r--r--security/nss/lib/pkix/include/pkix.h26086
-rw-r--r--security/nss/lib/pkix/include/pkixm.h969
-rw-r--r--security/nss/lib/pkix/include/pkixt.h57
-rw-r--r--security/nss/lib/pkix/include/pkixtm.h1581
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/Create.c85
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/Decode.c79
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/Destroy.c71
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/Duplicate.c79
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/Encode.c81
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/Equal.c83
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/GetAlgorithm.c71
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/GetParameters.c80
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/MClear.c71
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/PCreate.c138
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/PDecode.c137
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/PDestroy.c76
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/PDuplicate.c144
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/PEncode.c117
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/PEqual.c88
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/PGetAlgorithm.c69
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/PGetParameters.c78
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/PSetAlgorithm.c75
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/PSetParameters.c86
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/SetAlgorithm.c76
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/SetParameters.c77
-rw-r--r--security/nss/lib/pkix/src/AlgorithmIdentifier/verifyPointer.c182
-rw-r--r--security/nss/lib/pkix/src/Attribute/AddValue.c79
-rw-r--r--security/nss/lib/pkix/src/Attribute/Create.c141
-rw-r--r--security/nss/lib/pkix/src/Attribute/CreateFromArray.c97
-rw-r--r--security/nss/lib/pkix/src/Attribute/Decode.c84
-rw-r--r--security/nss/lib/pkix/src/Attribute/Destroy.c74
-rw-r--r--security/nss/lib/pkix/src/Attribute/Duplicate.c79
-rw-r--r--security/nss/lib/pkix/src/Attribute/Encode.c85
-rw-r--r--security/nss/lib/pkix/src/Attribute/Equal.c88
-rw-r--r--security/nss/lib/pkix/src/Attribute/FindValue.c84
-rw-r--r--security/nss/lib/pkix/src/Attribute/GetType.c72
-rw-r--r--security/nss/lib/pkix/src/Attribute/GetValue.c86
-rw-r--r--security/nss/lib/pkix/src/Attribute/GetValueCount.c75
-rw-r--r--security/nss/lib/pkix/src/Attribute/GetValues.c88
-rw-r--r--security/nss/lib/pkix/src/Attribute/MClear.c71
-rw-r--r--security/nss/lib/pkix/src/Attribute/MCount.c87
-rw-r--r--security/nss/lib/pkix/src/Attribute/MVCreate.c165
-rw-r--r--security/nss/lib/pkix/src/Attribute/PAddValue.c140
-rw-r--r--security/nss/lib/pkix/src/Attribute/PCreate.c139
-rw-r--r--security/nss/lib/pkix/src/Attribute/PCreateFromArray.c191
-rw-r--r--security/nss/lib/pkix/src/Attribute/PDecode.c153
-rw-r--r--security/nss/lib/pkix/src/Attribute/PDestroy.c82
-rw-r--r--security/nss/lib/pkix/src/Attribute/PDuplicate.c189
-rw-r--r--security/nss/lib/pkix/src/Attribute/PEncode.c126
-rw-r--r--security/nss/lib/pkix/src/Attribute/PEqual.c164
-rw-r--r--security/nss/lib/pkix/src/Attribute/PFindValue.c107
-rw-r--r--security/nss/lib/pkix/src/Attribute/PGetType.c79
-rw-r--r--security/nss/lib/pkix/src/Attribute/PGetValue.c98
-rw-r--r--security/nss/lib/pkix/src/Attribute/PGetValueCount.c88
-rw-r--r--security/nss/lib/pkix/src/Attribute/PGetValues.c145
-rw-r--r--security/nss/lib/pkix/src/Attribute/PRemoveValue.c121
-rw-r--r--security/nss/lib/pkix/src/Attribute/PSetType.c90
-rw-r--r--security/nss/lib/pkix/src/Attribute/PSetValue.c102
-rw-r--r--security/nss/lib/pkix/src/Attribute/PSetValues.c135
-rw-r--r--security/nss/lib/pkix/src/Attribute/RemoveValue.c76
-rw-r--r--security/nss/lib/pkix/src/Attribute/SetType.c80
-rw-r--r--security/nss/lib/pkix/src/Attribute/SetValue.c80
-rw-r--r--security/nss/lib/pkix/src/Attribute/SetValues.c85
-rw-r--r--security/nss/lib/pkix/src/Attribute/template.c58
-rw-r--r--security/nss/lib/pkix/src/Attribute/verifyPointer.c170
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/Create.c85
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/CreateFromUTF8.c81
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/Decode.c79
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/Destroy.c70
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/Duplicate.c79
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/Encode.c81
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/Equal.c85
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/GetType.c71
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/GetUTF8Encoding.c79
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/GetValue.c80
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/MClear.c73
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PCreate.c154
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PCreateFromUTF8.c137
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PDecode.c144
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PDestroy.c78
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PDuplicate.c165
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PEncode.c101
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PEqual.c95
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PGetType.c78
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PGetUTF8Encoding.c81
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PGetValue.c83
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PSetType.c86
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/PSetValue.c85
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/SetType.c76
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/SetValue.c77
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/template.c56
-rw-r--r--security/nss/lib/pkix/src/AttributeTypeAndValue/verifyPointer.c184
-rw-r--r--security/nss/lib/pkix/src/Name/Create.c93
-rw-r--r--security/nss/lib/pkix/src/Name/CreateFromRDNSequence.c79
-rw-r--r--security/nss/lib/pkix/src/Name/CreateFromUTF8.c81
-rw-r--r--security/nss/lib/pkix/src/Name/Decode.c79
-rw-r--r--security/nss/lib/pkix/src/Name/Destroy.c71
-rw-r--r--security/nss/lib/pkix/src/Name/Duplicate.c79
-rw-r--r--security/nss/lib/pkix/src/Name/Encode.c81
-rw-r--r--security/nss/lib/pkix/src/Name/Equal.c85
-rw-r--r--security/nss/lib/pkix/src/Name/GetChoice.c70
-rw-r--r--security/nss/lib/pkix/src/Name/GetRDNSequence.c80
-rw-r--r--security/nss/lib/pkix/src/Name/GetSpecifiedChoice.c90
-rw-r--r--security/nss/lib/pkix/src/Name/GetUTF8Encoding.c79
-rw-r--r--security/nss/lib/pkix/src/Name/MClear.c73
-rw-r--r--security/nss/lib/pkix/src/Name/Mregister.c72
-rw-r--r--security/nss/lib/pkix/src/Name/PCreate.c173
-rw-r--r--security/nss/lib/pkix/src/Name/PCreateFromRDNSequence.c145
-rw-r--r--security/nss/lib/pkix/src/Name/PCreateFromUTF8.c145
-rw-r--r--security/nss/lib/pkix/src/Name/PDecode.c138
-rw-r--r--security/nss/lib/pkix/src/Name/PDestroy.c76
-rw-r--r--security/nss/lib/pkix/src/Name/PDuplicate.c172
-rw-r--r--security/nss/lib/pkix/src/Name/PEncode.c118
-rw-r--r--security/nss/lib/pkix/src/Name/PEqual.c104
-rw-r--r--security/nss/lib/pkix/src/Name/PGetChoice.c68
-rw-r--r--security/nss/lib/pkix/src/Name/PGetRDNSequence.c87
-rw-r--r--security/nss/lib/pkix/src/Name/PGetSpecifiedChoice.c93
-rw-r--r--security/nss/lib/pkix/src/Name/PGetUTF8Encoding.c81
-rw-r--r--security/nss/lib/pkix/src/Name/template.c56
-rw-r--r--security/nss/lib/pkix/src/Name/verifyPointer.c210
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/AppendRelativeDistinguishedName.c77
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/Create.c125
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/CreateFromArray.c86
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/CreateFromUTF8.c81
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/Decode.c79
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/Destroy.c70
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/Duplicate.c79
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/Encode.c81
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/Equal.c85
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/FindRelativeDistinguishedName.c78
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedName.c81
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedNameCount.c71
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedNames.c85
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/GetUTF8Encoding.c79
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/InsertRelativeDistinguishedName.c79
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/MClear.c73
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/MCount.c82
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/MVCreate.c141
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PAppendRelativeDistinguishedName.c105
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PCreate.c123
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PCreateFromArray.c151
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PCreateFromUTF8.c139
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PDecode.c138
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PDestroy.c76
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PDuplicate.c177
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PEncode.c118
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PEqual.c107
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PFindRelativeDistinguishedName.c90
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedName.c96
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedNameCount.c85
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedNames.c135
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PGetUTF8Encoding.c81
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PInsertRelativeDistinguishedName.c117
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PRemoveRelativeDistinguishedName.c104
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PSetRelativeDistinguishedName.c103
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/PSetRelativeDistinguishedNames.c153
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/RemoveRelativeDistinguishedName.c72
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/SetRelativeDistinguishedName.c79
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/SetRelativeDistinguishedNames.c115
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/template.c55
-rw-r--r--security/nss/lib/pkix/src/RDNSequence/verifyPointer.c205
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/AddAttributeTypeAndValue.c77
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/Create.c125
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/CreateFromArray.c86
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/CreateFromUTF8.c81
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/Decode.c79
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/Destroy.c70
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/Duplicate.c80
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/Encode.c81
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/Equal.c85
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/FindAttributeTypeAndValue.c78
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValue.c81
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValueCount.c72
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValues.c83
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/GetUTF8Encoding.c79
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/MClear.c73
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/MCount.c82
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/MVCreate.c158
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PAddAttributeTypeAndValue.c107
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PCreate.c123
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PCreateFromArray.c151
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PCreateFromUTF8.c139
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PDecode.c142
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PDestroy.c76
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PDuplicate.c177
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PEncode.c123
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PEqual.c101
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PFindAttributeTypeAndValue.c96
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValue.c89
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValueCount.c85
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValues.c133
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PGetUTF8Encoding.c81
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PRemoveAttributeTypeAndValue.c121
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PSetAttributeTypeAndValue.c102
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/PSetAttributeTypeAndValues.c166
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/RemoveAttributeTypeAndValue.c73
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/SetAttributeTypeAndValue.c79
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/SetAttributeTypeAndValues.c113
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/template.c55
-rw-r--r--security/nss/lib/pkix/src/RelativeDistinguishedName/verifyPointer.c205
-rw-r--r--security/nss/lib/pkix/src/Time/Compare.c75
-rw-r--r--security/nss/lib/pkix/src/Time/CreateFromPRTime.c65
-rw-r--r--security/nss/lib/pkix/src/Time/CreateFromUTF8.c70
-rw-r--r--security/nss/lib/pkix/src/Time/Decode.c79
-rw-r--r--security/nss/lib/pkix/src/Time/Destroy.c62
-rw-r--r--security/nss/lib/pkix/src/Time/Duplicate.c69
-rw-r--r--security/nss/lib/pkix/src/Time/Encode.c71
-rw-r--r--security/nss/lib/pkix/src/Time/Equal.c74
-rw-r--r--security/nss/lib/pkix/src/Time/GetPRTime.c64
-rw-r--r--security/nss/lib/pkix/src/Time/GetUTF8Encoding.c69
-rw-r--r--security/nss/lib/pkix/src/Time/PCreateFromPRTime.c117
-rw-r--r--security/nss/lib/pkix/src/Time/PCreateFromUTF8.c121
-rw-r--r--security/nss/lib/pkix/src/Time/PDecode.c137
-rw-r--r--security/nss/lib/pkix/src/Time/PDestroy.c68
-rw-r--r--security/nss/lib/pkix/src/Time/PEncode.c66
-rw-r--r--security/nss/lib/pkix/src/Time/template.c54
-rw-r--r--security/nss/lib/pkix/src/X520Name/CreateFromUTF8.c105
-rw-r--r--security/nss/lib/pkix/src/X520Name/Decode.c79
-rw-r--r--security/nss/lib/pkix/src/X520Name/Destroy.c70
-rw-r--r--security/nss/lib/pkix/src/X520Name/Duplicate.c79
-rw-r--r--security/nss/lib/pkix/src/X520Name/Encode.c80
-rw-r--r--security/nss/lib/pkix/src/X520Name/Equal.c83
-rw-r--r--security/nss/lib/pkix/src/X520Name/GetUTF8Encoding.c78
-rw-r--r--security/nss/lib/pkix/src/X520Name/MDoUTF8.c97
-rw-r--r--security/nss/lib/pkix/src/X520Name/PCreate.c169
-rw-r--r--security/nss/lib/pkix/src/X520Name/PCreateFromUTF8.c164
-rw-r--r--security/nss/lib/pkix/src/X520Name/PDecode.c135
-rw-r--r--security/nss/lib/pkix/src/X520Name/PDestroy.c87
-rw-r--r--security/nss/lib/pkix/src/X520Name/PDuplicate.c158
-rw-r--r--security/nss/lib/pkix/src/X520Name/PEncode.c93
-rw-r--r--security/nss/lib/pkix/src/X520Name/PEqual.c100
-rw-r--r--security/nss/lib/pkix/src/X520Name/PGetUTF8Encoding.c82
-rw-r--r--security/nss/lib/pkix/src/X520Name/template.c56
-rw-r--r--security/nss/lib/pkix/src/X520Name/verifyPointer.c169
-rw-r--r--security/nss/lib/smime/Makefile76
-rw-r--r--security/nss/lib/smime/cms.h1065
-rw-r--r--security/nss/lib/smime/cmsarray.c212
-rw-r--r--security/nss/lib/smime/cmsasn1.c560
-rw-r--r--security/nss/lib/smime/cmsattr.c453
-rw-r--r--security/nss/lib/smime/cmscinfo.c327
-rw-r--r--security/nss/lib/smime/cmscipher.c792
-rw-r--r--security/nss/lib/smime/cmsdecode.c688
-rw-r--r--security/nss/lib/smime/cmsdigdata.c223
-rw-r--r--security/nss/lib/smime/cmsdigest.c259
-rw-r--r--security/nss/lib/smime/cmsencdata.c279
-rw-r--r--security/nss/lib/smime/cmsencode.c740
-rw-r--r--security/nss/lib/smime/cmsenvdata.c416
-rw-r--r--security/nss/lib/smime/cmslocal.h330
-rw-r--r--security/nss/lib/smime/cmsmessage.c313
-rw-r--r--security/nss/lib/smime/cmspubkey.c531
-rw-r--r--security/nss/lib/smime/cmsrecinfo.c421
-rw-r--r--security/nss/lib/smime/cmsreclist.c187
-rw-r--r--security/nss/lib/smime/cmsreclist.h59
-rw-r--r--security/nss/lib/smime/cmssigdata.c850
-rw-r--r--security/nss/lib/smime/cmssiginfo.c871
-rw-r--r--security/nss/lib/smime/cmst.h489
-rw-r--r--security/nss/lib/smime/cmsutil.c362
-rw-r--r--security/nss/lib/smime/config.mk44
-rw-r--r--security/nss/lib/smime/manifest.mn74
-rw-r--r--security/nss/lib/smime/smime.h148
-rw-r--r--security/nss/lib/smime/smimemessage.c215
-rw-r--r--security/nss/lib/smime/smimeutil.c714
-rw-r--r--security/nss/lib/softoken/Makefile77
-rw-r--r--security/nss/lib/softoken/alghmac.c169
-rw-r--r--security/nss/lib/softoken/alghmac.h90
-rw-r--r--security/nss/lib/softoken/config.mk44
-rw-r--r--security/nss/lib/softoken/fipstest.c1093
-rw-r--r--security/nss/lib/softoken/fipstokn.c951
-rw-r--r--security/nss/lib/softoken/keydb.c2308
-rw-r--r--security/nss/lib/softoken/keydbt.h89
-rw-r--r--security/nss/lib/softoken/keylow.h251
-rw-r--r--security/nss/lib/softoken/keytboth.h99
-rw-r--r--security/nss/lib/softoken/keytlow.h100
-rw-r--r--security/nss/lib/softoken/lowkey.c330
-rw-r--r--security/nss/lib/softoken/manifest.mn77
-rw-r--r--security/nss/lib/softoken/padbuf.c77
-rw-r--r--security/nss/lib/softoken/pkcs11.c4031
-rw-r--r--security/nss/lib/softoken/pkcs11.h316
-rw-r--r--security/nss/lib/softoken/pkcs11c.c5323
-rw-r--r--security/nss/lib/softoken/pkcs11f.h933
-rw-r--r--security/nss/lib/softoken/pkcs11i.h428
-rw-r--r--security/nss/lib/softoken/pkcs11p.h49
-rw-r--r--security/nss/lib/softoken/pkcs11t.h1115
-rw-r--r--security/nss/lib/softoken/pkcs11u.c1270
-rw-r--r--security/nss/lib/softoken/pkcs11u.h48
-rw-r--r--security/nss/lib/softoken/private.h78
-rw-r--r--security/nss/lib/softoken/rawhash.c111
-rw-r--r--security/nss/lib/softoken/rsawrapr.c1049
-rw-r--r--security/nss/lib/softoken/secpkcs5.c1827
-rw-r--r--security/nss/lib/softoken/secpkcs5.h185
-rw-r--r--security/nss/lib/softoken/softoken.h167
-rw-r--r--security/nss/lib/softoken/softoknt.h61
-rw-r--r--security/nss/lib/ssl/Makefile82
-rw-r--r--security/nss/lib/ssl/authcert.c115
-rw-r--r--security/nss/lib/ssl/cmpcert.c117
-rw-r--r--security/nss/lib/ssl/config.mk44
-rw-r--r--security/nss/lib/ssl/emulate.c626
-rw-r--r--security/nss/lib/ssl/manifest.mn77
-rw-r--r--security/nss/lib/ssl/notes.txt161
-rw-r--r--security/nss/lib/ssl/nsskea.c75
-rw-r--r--security/nss/lib/ssl/preenc.h161
-rw-r--r--security/nss/lib/ssl/prelib.c253
-rw-r--r--security/nss/lib/ssl/ssl.h423
-rw-r--r--security/nss/lib/ssl/ssl3con.c7521
-rw-r--r--security/nss/lib/ssl/ssl3gthr.c228
-rw-r--r--security/nss/lib/ssl/ssl3prot.h307
-rw-r--r--security/nss/lib/ssl/sslauth.c257
-rw-r--r--security/nss/lib/ssl/sslcon.c3683
-rw-r--r--security/nss/lib/ssl/ssldef.c228
-rw-r--r--security/nss/lib/ssl/sslenum.c76
-rw-r--r--security/nss/lib/ssl/sslerr.c69
-rw-r--r--security/nss/lib/ssl/sslerr.h188
-rw-r--r--security/nss/lib/ssl/sslgathr.c481
-rw-r--r--security/nss/lib/ssl/sslimpl.h1250
-rw-r--r--security/nss/lib/ssl/sslnonce.c345
-rw-r--r--security/nss/lib/ssl/sslproto.h158
-rw-r--r--security/nss/lib/ssl/sslreveal.c97
-rw-r--r--security/nss/lib/ssl/sslsecur.c1372
-rw-r--r--security/nss/lib/ssl/sslsnce.c1905
-rw-r--r--security/nss/lib/ssl/sslsock.c1816
-rw-r--r--security/nss/lib/ssl/sslsocks.c1147
-rw-r--r--security/nss/lib/ssl/ssltrace.c269
-rw-r--r--security/nss/lib/ssl/unix_err.c536
-rw-r--r--security/nss/lib/ssl/unix_err.h87
-rw-r--r--security/nss/lib/ssl/win32err.c373
-rw-r--r--security/nss/lib/ssl/win32err.h81
-rw-r--r--security/nss/lib/util/Makefile86
-rw-r--r--security/nss/lib/util/base64.h71
-rw-r--r--security/nss/lib/util/ciferfam.h87
-rw-r--r--security/nss/lib/util/config.mk44
-rw-r--r--security/nss/lib/util/derdec.c552
-rw-r--r--security/nss/lib/util/derenc.c504
-rw-r--r--security/nss/lib/util/dersubr.c258
-rw-r--r--security/nss/lib/util/dertime.c334
-rw-r--r--security/nss/lib/util/mac_rand.c280
-rw-r--r--security/nss/lib/util/manifest.mn100
-rw-r--r--security/nss/lib/util/nssb64.h124
-rw-r--r--security/nss/lib/util/nssb64d.c861
-rw-r--r--security/nss/lib/util/nssb64e.c762
-rw-r--r--security/nss/lib/util/nssb64t.h45
-rw-r--r--security/nss/lib/util/nsslocks.c99
-rw-r--r--security/nss/lib/util/nsslocks.h67
-rw-r--r--security/nss/lib/util/nssrwlk.c512
-rw-r--r--security/nss/lib/util/nssrwlk.h160
-rw-r--r--security/nss/lib/util/nssrwlkt.h47
-rw-r--r--security/nss/lib/util/os2_rand.c232
-rw-r--r--security/nss/lib/util/portreg.c317
-rw-r--r--security/nss/lib/util/portreg.h92
-rw-r--r--security/nss/lib/util/pqgutil.c267
-rw-r--r--security/nss/lib/util/pqgutil.h127
-rw-r--r--security/nss/lib/util/ret_cr16.s54
-rw-r--r--security/nss/lib/util/secalgid.c169
-rw-r--r--security/nss/lib/util/secasn1.h264
-rw-r--r--security/nss/lib/util/secasn1d.c2934
-rw-r--r--security/nss/lib/util/secasn1e.c1468
-rw-r--r--security/nss/lib/util/secasn1t.h259
-rw-r--r--security/nss/lib/util/secasn1u.c106
-rw-r--r--security/nss/lib/util/seccomon.h109
-rw-r--r--security/nss/lib/util/secder.h193
-rw-r--r--security/nss/lib/util/secdert.h170
-rw-r--r--security/nss/lib/util/secdig.c230
-rw-r--r--security/nss/lib/util/secdig.h132
-rw-r--r--security/nss/lib/util/secdigt.h57
-rw-r--r--security/nss/lib/util/secerr.h187
-rw-r--r--security/nss/lib/util/secinit.c50
-rw-r--r--security/nss/lib/util/secitem.c240
-rw-r--r--security/nss/lib/util/secitem.h106
-rw-r--r--security/nss/lib/util/secoid.c1533
-rw-r--r--security/nss/lib/util/secoid.h112
-rw-r--r--security/nss/lib/util/secoidt.h309
-rw-r--r--security/nss/lib/util/secplcy.c114
-rw-r--r--security/nss/lib/util/secplcy.h133
-rw-r--r--security/nss/lib/util/secport.c601
-rw-r--r--security/nss/lib/util/secport.h274
-rw-r--r--security/nss/lib/util/secrng.h82
-rw-r--r--security/nss/lib/util/secrngt.h44
-rw-r--r--security/nss/lib/util/sectime.c177
-rw-r--r--security/nss/lib/util/sysrand.c43
-rw-r--r--security/nss/lib/util/unix_rand.c792
-rw-r--r--security/nss/lib/util/utf8.c2061
-rw-r--r--security/nss/lib/util/watcomfx.h59
-rw-r--r--security/nss/lib/util/win_rand.c415
-rwxr-xr-xsecurity/nss/macbuild/NSS.Prefix3
-rwxr-xr-xsecurity/nss/macbuild/NSS.mcpbin91899 -> 0 bytes
-rwxr-xr-xsecurity/nss/macbuild/NSSCommon.h3
-rwxr-xr-xsecurity/nss/macbuild/NSSDebug.Prefix3
-rw-r--r--security/nss/manifest.mn44
-rw-r--r--security/nss/relnotes.txt284
-rwxr-xr-xsecurity/nss/tests/all.sh35
-rwxr-xr-xsecurity/nss/tests/common/arch.sh313
-rw-r--r--security/nss/tests/common/init.sh64
-rw-r--r--security/nss/tests/common/results_header.html6
-rw-r--r--security/nss/tests/pkcs11/netscape/trivial/.cvsignore6
-rw-r--r--security/nss/tests/pkcs11/netscape/trivial/Makefile.in175
-rw-r--r--security/nss/tests/pkcs11/netscape/trivial/README.txt56
-rw-r--r--security/nss/tests/pkcs11/netscape/trivial/acconfig.h36
-rw-r--r--security/nss/tests/pkcs11/netscape/trivial/config.h.in28
-rwxr-xr-xsecurity/nss/tests/pkcs11/netscape/trivial/configure1906
-rw-r--r--security/nss/tests/pkcs11/netscape/trivial/configure.in180
-rwxr-xr-xsecurity/nss/tests/pkcs11/netscape/trivial/install-sh251
-rw-r--r--security/nss/tests/pkcs11/netscape/trivial/trivial.c901
-rwxr-xr-xsecurity/nss/tests/sdr/sdr.sh71
-rwxr-xr-xsecurity/nss/tests/ssl/ssl.sh309
-rw-r--r--security/nss/tests/ssl/sslauth.txt21
-rw-r--r--security/nss/tests/ssl/sslcov.txt37
-rw-r--r--security/nss/tests/ssl/sslreq.txt3
-rw-r--r--security/nss/tests/ssl/sslstress.txt14
-rwxr-xr-xsecurity/nss/trademarks.txt130
1152 files changed, 0 insertions, 403856 deletions
diff --git a/security/coreconf/.cshrc b/security/coreconf/.cshrc
deleted file mode 100644
index 659e4f7aa..000000000
--- a/security/coreconf/.cshrc
+++ /dev/null
@@ -1,273 +0,0 @@
-#!/bin/csh
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Startup file for csh and tcsh. It is meant to work on:
-#
-# SunOS 4.1.3_U1,
-# Sun Solaris,
-# Sun Solaris on Intel,
-# SGI IRIX,
-# SGI IRIX64,
-# UNIX_SV,
-# IBM AIX,
-# Hewlett-Packard HP-UX,
-# SCO_SV,
-# FreeBSD,
-# DEC OSF/1,
-# Linux,
-# and everything else.
-#
-
-###############################################
-# Set operating system name and release level #
-###############################################
-
-set os_name=`uname -s`
-set os_release=`uname -r`
-
-##########################################################
-# Set environment variables based upon operating system #
-##########################################################
-
-if ($os_name == "SunOS" && $os_release == "4.1.3_U1") then
- ##############################
- # SunOS 4.1.3_U1
- #
-
- setenv NO_MDUPDATE 1
-
- set path = ( /tools/ns/soft/gcc-2.6.3/run/default/sparc_sun_sunos4.1.3_U1/bin \
- /tools/ns/bin \
- /sbin \
- /usr/bin \
- /usr/openwin/bin \
- /usr/openwin/include \
- /usr/ucb \
- /usr/local/bin \
- /etc \
- /usr/etc \
- /usr/etc/install \
- . )
-
-else if ($os_name == "SunOS") then
- ################################
- # Assume it is Sun Solaris
- #
-
- # To build Navigator on Solaris 2.5, I must set the environment
- # variable NO_MDUPDATE and use gcc-2.6.3.
- setenv NO_MDUPDATE 1
-
- set path = ( /share/builds/components/jdk/1.2.2_01/SunOS \
- /usr/ccs/bin \
- /usr/opt/bin \
- /tools/ns/bin \
- /usr/sbin \
- /sbin \
- /usr/bin \
- /usr/dt/bin \
- /usr/openwin/bin \
- /usr/openwin/include \
- /usr/ucb \
- /usr/opt/java/bin \
- /usr/local/bin \
- /etc \
- /usr/etc \
- /usr/etc/install \
- /opt/Acrobat3/bin \
- . )
-
- # To get the native Solaris cc
- if (`uname -m` == i86pc) then
- set path = ( /h/solx86/export/home/opt/SUNWspro/SC3.0.1/bin \
- $path )
- else
- set path = ( /tools/ns/workshop/bin \
- /tools/ns/soft/gcc-2.6.3/run/default/sparc_sun_solaris2.4/bin \
- $path )
- endif
-
- setenv LD_LIBRARY_PATH /share/builds/components/jdk/1.2.2_01/SunOS/lib/sparc/native_threads
-
- setenv MANPATH /usr/local/man:/usr/local/lib/mh/man:/usr/local/lib/rcscvs/man:/usr/local/lib/fvwm/man:/usr/local/lib/xscreensaver/man:/usr/share/man:/usr/openwin/man:/usr/opt/man
-
- # For Purify
- setenv PURIFYHOME /usr/local-sparc-solaris/pure/purify-4.0-solaris2
- setenv PATH ${PURIFYHOME}:$PATH
- setenv MANPATH $PURIFYHOME/man:$MANPATH
- setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:$PURIFYHOME
- setenv PURIFYOPTIONS "-max_threads=1000 -follow-child-processes=yes"
-
-else if ($os_name == "IRIX" || $os_name == "IRIX64") then
- #############
- # SGI Irix
- #
-
- set path = ( /share/builds/components/jdk/1.2.1/IRIX \
- /tools/ns/bin \
- /tools/contrib/bin \
- /usr/local/bin \
- /usr/sbin \
- /usr/bsd \
- /usr/bin \
- /bin \
- /etc \
- /usr/etc \
- /usr/bin/X11 \
- . )
-
-else if ($os_name == "UNIX_SV") then
- #################
- # UNIX_SV
- #
-
- set path = ( /usr/local/bin \
- /tools/ns/bin \
- /bin \
- /usr/bin \
- /usr/bin/X11 \
- /X11/bin \
- /usr/X/bin \
- /usr/ucb \
- /usr/sbin \
- /sbin \
- /usr/ccs/bin \
- . )
-
-else if ($os_name == "AIX") then
- #################
- # IBM AIX
- #
-
- set path = ( /share/builds/components/jdk/1.2.2/AIX \
- /usr/ucb/ \
- /tools/ns-arch/rs6000_ibm_aix4.1/bin \
- /tools/ns-arch/rs6000_ibm_aix3.2.5/bin \
- /share/tools/ns/soft/cvs-1.8/run/default/rs6000_ibm_aix3.2.5/bin \
- /bin \
- /usr/bin \
- /usr/ccs/bin \
- /usr/sbin \
- /usr/local/bin \
- /usr/bin/X11 \
- /usr/etc \
- /etc \
- /sbin \
- . )
-
-else if ($os_name == "HP-UX") then
- #################
- # HP UX
- #
-
- set path = ( /share/builds/components/jdk/1.1.6/HP-UX \
- /usr/bin \
- /opt/ansic/bin \
- /usr/ccs/bin \
- /usr/contrib/bin \
- /opt/nettladm/bin \
- /opt/graphics/common/bin \
- /usr/bin/X11 \
- /usr/contrib/bin/X11 \
- /opt/upgrade/bin \
- /opt/CC/bin \
- /opt/aCC/bin \
- /opt/langtools/bin \
- /opt/imake/bin \
- /etc \
- /usr/etc \
- /usr/local/bin \
- /tools/ns/bin \
- /tools/contrib/bin \
- /usr/sbin \
- /usr/local/bin \
- /tools/ns/bin \
- /tools/contrib/bin \
- /usr/sbin \
- /usr/include/X11R5 \
- . )
-
-else if ($os_name == "SCO_SV") then
- #################
- # SCO
- #
-
- set path = ( /bin \
- /usr/bin \
- /tools/ns/bin \
- /tools/contrib/bin \
- /usr/sco/bin \
- /usr/bin/X11 \
- /usr/local/bin \
- . )
-
-else if ($os_name == "FreeBSD") then
- #################
- # FreeBSD
- #
-
- setenv PATH /usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/java/bin:/usr/local/bin:/usr/ucb:/usr/ccs/bin:/tools/contrib/bin:/tools/ns/bin:.
-
-else if ($os_name == "OSF1") then
- #################
- # DEC OSF1
- #
-
- set path = ( /share/builds/components/jdk/1.2.2_3/OSF1 \
- /tools/ns-arch/alpha_dec_osf4.0/bin \
- /tools/ns-arch/soft/cvs-1.8.3/run/default/alpha_dec_osf2.0/bin \
- /usr/local-alpha-osf/bin \
- /usr3/local/bin \
- /usr/local/bin \
- /usr/sbin \
- /usr/bin \
- /bin \
- /usr/bin/X11 \
- /usr/ucb \
- . )
-
-else if ($os_name == "Linux") then
- #################
- # Linux
- #
-
- set path = ( /share/builds/components/jdk/1.2.2/Linux \
- $path )
-
-endif
-
-###############################
-# Reset any "tracked" aliases #
-###############################
-
-rehash
diff --git a/security/coreconf/.profile b/security/coreconf/.profile
deleted file mode 100644
index 5474405e2..000000000
--- a/security/coreconf/.profile
+++ /dev/null
@@ -1,216 +0,0 @@
-#!/bin/sh
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Startup file for sh, ksh and bash. It is meant to work on:
-#
-# SunOS 4.1.3_U1,
-# Sun Solaris,
-# Sun Solaris on Intel,
-# SGI IRIX,
-# SGI IRIX64,
-# UNIX_SV,
-# IBM AIX,
-# Hewlett-Packard HP-UX,
-# SCO_SV,
-# FreeBSD,
-# DEC OSF/1,
-# Linux,
-# and everything else.
-#
-
-###############################################
-# Set operating system name and release level #
-###############################################
-
-OS_NAME=`uname -s`
-export OS_NAME
-
-OS_RELEASE=`uname -r`
-export OS_RELEASE
-
-##########################################################
-# Set environment variables based upon operating system #
-##########################################################
-
-case $OS_NAME in
-
- SunOS)
- ##############################
- # Sun
- #
-
- case $OS_RELEASE in
-
- 4.1.3_U1)
- ##############################
- # SunOS 4.1.3_U1
- #
-
- NO_MDUPDATE=1
- export NO_MDUPDATE
-
- PATH=/tools/ns/soft/gcc-2.6.3/run/default/sparc_sun_sunos4.1.3_U1/bin:tools/ns/bin:/sbin:/usr/bin:/usr/openwin/bin:/usr/openwin/include:/usr/ucb:/usr/local/bin:/etc:/usr/etc:/usr/etc/install:.
- export PATH
- ;;
-
- *)
- ################################
- # Assume it is Sun Solaris
- #
-
- # To build Navigator on Solaris 2.5, I must set the environment
- # variable NO_MDUPDATE and use gcc-2.6.3.
- NO_MDUPDATE=1
- export NO_MDUPDATE
-
- PATH=/share/builds/components/jdk/1.2.2_01/SunOS:/usr/ccs/bin:/usr/opt/bin:/tools/ns/bin:/usr/sbin:/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/openwin/include:/usr/ucb:/usr/opt/java/bin:/usr/local/bin:/etc:/usr/etc:/usr/etc/install:/opt/Acrobat3/bin:.
- export PATH
-
- # To get the native Solaris cc
- OS_TEST=`uname -m`
- export OS_TEST
-
- case $OS_TEST in
-
- i86pc)
- PATH=/h/solx86/export/home/opt/SUNWspro/SC3.0.1/bin:$PATH
- export PATH
- ;;
-
- *)
- PATH=/tools/ns/workshop/bin:/tools/ns/soft/gcc-2.6.3/run/default/sparc_sun_solaris2.4/bin:$PATH
- export PATH
- ;;
- esac
-
- LD_LIBRARY_PATH=/share/builds/components/jdk/1.2.2_01/SunOS/lib/sparc/native_threads
- export LD_LIBRARY_PATH
-
- MANPATH=/usr/local/man:/usr/local/lib/mh/man:/usr/local/lib/rcscvs/man:/usr/local/lib/fvwm/man:/usr/local/lib/xscreensaver/man:/usr/share/man:/usr/openwin/man:/usr/opt/man
- export MANPATH
-
- # For Purify
- PURIFYHOME=/usr/local-sparc-solaris/pure/purify-4.0-solaris2
- export PURIFYHOME
- PATH=/usr/local-sparc-solaris/pure/purify-4.0-solaris2:$PATH
- export PATH
- MANPATH=$PURIFYHOME/man:$MANPATH
- export MANPATH
- LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local-sparc-solaris/pure/purify-4.0-solaris2
- export LD_LIBRARY_PATH
- PURIFYOPTIONS="-max_threads=1000 -follow-child-processes=yes"
- export PURIFYOPTIONS
- ;;
- esac
- ;;
-
- IRIX | IRIX64)
- #############
- # SGI Irix
- #
-
- PATH=/share/builds/components/jdk/1.2.1/IRIX:/tools/ns/bin:/tools/contrib/bin:/usr/local/bin:/usr/sbin:/usr/bsd:/usr/bin:/bin:/etc:/usr/etc:/usr/bin/X11:.
- export PATH
- ;;
-
- UNIX_SV)
- #################
- # UNIX_SV
- #
-
- PATH=/usr/local/bin:/tools/ns/bin:/bin:/usr/bin:/usr/bin/X11:/X11/bin:/usr/X/bin:/usr/ucb:/usr/sbin:/sbin:/usr/ccs/bin:.
- export PATH
- ;;
-
- AIX)
- #################
- # IBM AIX
- #
-
- PATH=/share/builds/components/jdk/1.2.2/AIX:/usr/ucb/:/tools/ns-arch/rs6000_ibm_aix4.1/bin:/tools/ns-arch/rs6000_ibm_aix3.2.5/bin:/share/tools/ns/soft/cvs-1.8/run/default/rs6000_ibm_aix3.2.5/bin:/bin:/usr/bin:/usr/ccs/bin:/usr/sbin:/usr/local/bin:/usr/bin/X11:/usr/etc:/etc:/sbin:.
- export PATH
- ;;
-
- HP-UX)
- #################
- # HP UX
- #
-
- PATH=/share/builds/components/jdk/1.1.6/HP-UX:/usr/bin:/opt/ansic/bin:/usr/ccs/bin:/usr/contrib/bin:/opt/nettladm/bin:/opt/graphics/common/bin:/usr/bin/X11:/usr/contrib/bin/X11:/opt/upgrade/bin:/opt/CC/bin:/opt/aCC/bin:/opt/langtools/bin:/opt/imake/bin:/etc:/usr/etc:/usr/local/bin:/tools/ns/bin:/tools/contrib/bin:/usr/sbin:/usr/local/bin:/tools/ns/bin:/tools/contrib/bin:/usr/sbin:/usr/include/X11R5:.
- export PATH
- ;;
-
- SCO_SV)
- #################
- # SCO
- #
-
- PATH=/bin:/usr/bin:/tools/ns/bin:/tools/contrib/bin:/usr/sco/bin:/usr/bin/X11:/usr/local/bin:.
- export PATH
- ;;
-
- FreeBSD)
-
- #################
- # FreeBSD
- #
-
- PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/java/bin:/usr/local/bin:/usr/ucb:/usr/ccs/bin:/tools/contrib/bin:/tools/ns/bin:.
- export PATH
- ;;
-
- OSF1)
- #################
- # DEC OSF1
- #
-
- PATH=/share/builds/components/jdk/1.2.2_3/OSF1:/tools/ns-arch/alpha_dec_osf4.0/bin:/tools/ns-arch/soft/cvs-1.8.3/run/default/alpha_dec_osf2.0/bin:/usr/local-alpha-osf/bin:/usr3/local/bin:/usr/local/bin:/usr/sbin:/usr/bin:/bin:/usr/bin/X11:/usr/ucb:.
- export PATH
- ;;
-
- Linux)
-
- #################
- # Linux
- #
-
- PATH=/share/builds/components/jdk/1.2.2/Linux:$PATH
- export PATH
- ;;
-esac
-
-###############################
-# Reset any "tracked" aliases #
-###############################
-
-hash -r
diff --git a/security/coreconf/AIX.mk b/security/coreconf/AIX.mk
deleted file mode 100644
index 1f62cb0a3..000000000
--- a/security/coreconf/AIX.mk
+++ /dev/null
@@ -1,74 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for AIX.
-#
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-#
-# There are two implementation strategies available on AIX:
-# pthreads, and pthreads-user. The default is pthreads.
-# In both strategies, we need to use pthread_user.c, instead of
-# aix.c. The fact that aix.c is never used is somewhat strange.
-#
-# So we need to do the following:
-# - Default (PTHREADS_USER not defined in the environment or on
-# the command line):
-# Set PTHREADS_USER=1, USE_PTHREADS=1
-# - PTHREADS_USER=1 set in the environment or on the command line:
-# Do nothing.
-#
-ifeq ($(PTHREADS_USER),1)
- USE_PTHREADS = # just to be safe
- IMPL_STRATEGY = _PTH_USER
-else
- USE_PTHREADS = 1
- PTHREADS_USER = 1
-endif
-
-DEFAULT_COMPILER = xlC_r
-
-CC = xlC_r
-CCC = xlC_r
-
-CPU_ARCH = rs6000
-
-RANLIB = ranlib
-
-OS_CFLAGS = -DAIX -DSYSV
-ifeq ($(CC),xlC_r)
- OS_CFLAGS += -qarch=com
-endif
-
-AIX_WRAP = $(DIST)/lib/aixwrap.o
-AIX_TMP = $(OBJDIR)/_aix_tmp.o
-OS_LIBS += -lsvld
diff --git a/security/coreconf/AIX3.2.mk b/security/coreconf/AIX3.2.mk
deleted file mode 100644
index c93a00eef..000000000
--- a/security/coreconf/AIX3.2.mk
+++ /dev/null
@@ -1,35 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for AIX3.2.5
-#
-include $(CORE_DEPTH)/coreconf/AIX.mk
diff --git a/security/coreconf/AIX4.1.mk b/security/coreconf/AIX4.1.mk
deleted file mode 100644
index ba93b4ce2..000000000
--- a/security/coreconf/AIX4.1.mk
+++ /dev/null
@@ -1,46 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for AIX4.1
-#
-
-include $(CORE_DEPTH)/coreconf/AIX.mk
-
-
-AIX_LINK_OPTS += -bnso -berok
-#AIX_LINK_OPTS += -bnso -berok -brename:.select,.wrap_select -brename:.poll,.wrap_poll -bI:/usr/lib/syscalls.exp
-
-# The AIX4.1 linker had a bug which always looked for a dynamic library
-# with an extension of .a. AIX4.2 fixed this problem
-DLL_SUFFIX = a
-
-OS_LIBS += -lsvld
diff --git a/security/coreconf/AIX4.2.mk b/security/coreconf/AIX4.2.mk
deleted file mode 100644
index 8be6ee6ce..000000000
--- a/security/coreconf/AIX4.2.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-
-#
-# Config stuff for AIX4.2
-#
-
-include $(CORE_DEPTH)/coreconf/AIX.mk
-
-OS_CFLAGS += -DAIX4_2
-DSO_LDOPTS = -brtl -bM:SRE -bnoentry -bexpall
-MKSHLIB = $(LD) $(DSO_LDOPTS) -lsvld -L/usr/lpp/xlC/lib -lc -lm
-
-OS_LIBS += -L/usr/lpp/xlC/lib -lc -lm
-
diff --git a/security/coreconf/AIX4.3.mk b/security/coreconf/AIX4.3.mk
deleted file mode 100644
index 11ad35267..000000000
--- a/security/coreconf/AIX4.3.mk
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for AIX4.3
-#
-
-include $(CORE_DEPTH)/coreconf/AIX.mk
-
-
-ifeq ($(USE_64), 1)
-# Next line replaced by generic name handling in arch.mk
-# COMPILER_TAG = _64
- OS_CFLAGS += -O2 -DAIX_64BIT
- OBJECT_MODE=64
- export OBJECT_MODE
-endif
-OS_CFLAGS += -DAIX4_3
-DSO_LDOPTS = -brtl -bM:SRE -bnoentry -bexpall
-MKSHLIB = $(LD) $(DSO_LDOPTS) -lsvld -L/usr/lpp/xlC/lib -lc -lm
-
-OS_LIBS += -L/usr/lpp/xlC/lib -lc -lm
-
diff --git a/security/coreconf/FreeBSD2.mk b/security/coreconf/FreeBSD2.mk
deleted file mode 100644
index 974ebe4fd..000000000
--- a/security/coreconf/FreeBSD2.mk
+++ /dev/null
@@ -1,65 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for FreeBSD2
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-DEFAULT_COMPILER = gcc
-CC = gcc
-CCC = g++
-RANLIB = ranlib
-
-OS_REL_CFLAGS = -mno-486 -Di386
-CPU_ARCH = x86
-
-OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -ansi -Wall -pipe -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
-
-ifdef USE_PTHREADS
- OS_LIBS = -lc_r
- DEFINES += -D_PR_NEED_FAKE_POLL
-else
- OS_LIBS = -lc
-endif
-
-ARCH = freebsd
-
-DSO_CFLAGS = -fPIC
-DSO_LDOPTS = -Bshareable
-DSO_LDFLAGS =
-
-MKSHLIB = $(LD) $(DSO_LDOPTS)
-
-G++INCLUDES = -I/usr/include/g++
-
-INCLUDES += -I/usr/X11R6/include
diff --git a/security/coreconf/HP-UX.mk b/security/coreconf/HP-UX.mk
deleted file mode 100644
index 0c3d4440f..000000000
--- a/security/coreconf/HP-UX.mk
+++ /dev/null
@@ -1,70 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-
-#
-# Config stuff for HP-UX
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-DEFAULT_COMPILER = cc
-
-CPU_ARCH = hppa
-DLL_SUFFIX = sl
-CCC = CC
-OS_CFLAGS += -Ae $(DSO_CFLAGS) -DHPUX -D$(CPU_ARCH) -D_HPUX_SOURCE
-
-ifeq ($(DEFAULT_IMPL_STRATEGY),_PTH)
- USE_PTHREADS = 1
- ifeq ($(CLASSIC_NSPR),1)
- USE_PTHREADS =
- IMPL_STRATEGY = _CLASSIC
- endif
- ifeq ($(PTHREADS_USER),1)
- USE_PTHREADS =
- IMPL_STRATEGY = _PTH_USER
- endif
-endif
-
-ifdef PTHREADS_USER
- OS_CFLAGS += -D_POSIX_C_SOURCE=199506L
-endif
-
-MKSHLIB = $(LD) $(DSO_LDOPTS)
-
-DSO_LDOPTS = -b
-DSO_LDFLAGS =
-
-# +Z generates position independent code for use in shared libraries.
-DSO_CFLAGS = +Z
-
-HAVE_PURIFY = 1
diff --git a/security/coreconf/HP-UXA.09.03.mk b/security/coreconf/HP-UXA.09.03.mk
deleted file mode 100644
index 7ac02ae2a..000000000
--- a/security/coreconf/HP-UXA.09.03.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-
-#
-# On HP-UX 9, the default (and only) implementation strategy is
-# classic nspr.
-#
-ifeq ($(OS_RELEASE),A.09.03)
- DEFAULT_IMPL_STRATEGY = _CLASSIC
-endif
-
-#
-# Config stuff for HP-UXA.09.03
-#
-include $(CORE_DEPTH)/coreconf/HP-UXA.09.mk
diff --git a/security/coreconf/HP-UXA.09.07.mk b/security/coreconf/HP-UXA.09.07.mk
deleted file mode 100644
index 9fcf4c826..000000000
--- a/security/coreconf/HP-UXA.09.07.mk
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# On HP-UX 9, the default (and only) implementation strategy is
-# classic nspr.
-#
-ifeq ($(OS_RELEASE),A.09.07)
- DEFAULT_IMPL_STRATEGY = _CLASSIC
-endif
-
-#
-# Config stuff for HP-UXA.09.07
-#
-include $(CORE_DEPTH)/coreconf/HP-UXA.09.mk
diff --git a/security/coreconf/HP-UXA.09.mk b/security/coreconf/HP-UXA.09.mk
deleted file mode 100644
index 813a16f40..000000000
--- a/security/coreconf/HP-UXA.09.mk
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-
-#
-# Config stuff for HP-UXA.09
-#
-include $(CORE_DEPTH)/coreconf/HP-UX.mk
-
-OS_CFLAGS += -DHPUX9
diff --git a/security/coreconf/HP-UXB.10.01.mk b/security/coreconf/HP-UXB.10.01.mk
deleted file mode 100644
index 718ee1184..000000000
--- a/security/coreconf/HP-UXB.10.01.mk
+++ /dev/null
@@ -1,40 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-ifeq ($(OS_RELEASE),B.10.01)
- DEFAULT_IMPL_STRATEGY = _CLASSIC
-endif
-
-#
-# Config stuff for HP-UXB.10.01
-#
-include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk
diff --git a/security/coreconf/HP-UXB.10.10.mk b/security/coreconf/HP-UXB.10.10.mk
deleted file mode 100644
index bb6f8cfb5..000000000
--- a/security/coreconf/HP-UXB.10.10.mk
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# On HP-UX 10.10 and 10.20, the default implementation strategy is
-# pthreads (actually DCE threads). Classic nspr is also available.
-#
-
-ifeq ($(OS_RELEASE),B.10.10)
- DEFAULT_IMPL_STRATEGY = _PTH
-endif
-
-#
-# Config stuff for HP-UXB.10.10
-#
-include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk
-
-OS_CFLAGS += -DHPUX10_10
-
-ifeq ($(USE_PTHREADS),1)
- OS_CFLAGS += -D_REENTRANT -D_PR_DCETHREADS
-endif
diff --git a/security/coreconf/HP-UXB.10.20.mk b/security/coreconf/HP-UXB.10.20.mk
deleted file mode 100644
index eeae7cd3a..000000000
--- a/security/coreconf/HP-UXB.10.20.mk
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# On HP-UX 10.10 and 10.20, the default implementation strategy is
-# pthreads (actually DCE threads). Classic nspr is also available.
-#
-
-ifeq ($(OS_RELEASE),B.10.20)
- DEFAULT_IMPL_STRATEGY = _PTH
-endif
-
-#
-# Config stuff for HP-UXB.10.20
-#
-include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk
-
-OS_CFLAGS += -DHPUX10_20
-
-ifeq ($(USE_PTHREADS),1)
- OS_CFLAGS += -D_REENTRANT -D_PR_DCETHREADS
-endif
diff --git a/security/coreconf/HP-UXB.10.30.mk b/security/coreconf/HP-UXB.10.30.mk
deleted file mode 100644
index ef52d1122..000000000
--- a/security/coreconf/HP-UXB.10.30.mk
+++ /dev/null
@@ -1,56 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# On HP-UX 10.30 and 11.00, the default implementation strategy is
-# pthreads. Classic nspr and pthreads-user are also available.
-#
-
-ifeq ($(OS_RELEASE),B.10.30)
- DEFAULT_IMPL_STRATEGY = _PTH
-endif
-
-#
-# Config stuff for HP-UXB.10.30.
-#
-include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk
-
-OS_CFLAGS += -DHPUX10_30
-
-#
-# To use the true pthread (kernel thread) library on 10.30 and
-# 11.00, we should define _POSIX_C_SOURCE to be 199506L.
-# The _REENTRANT macro is deprecated.
-#
-
-ifdef USE_PTHREADS
- OS_CFLAGS += -D_POSIX_C_SOURCE=199506L
-endif
diff --git a/security/coreconf/HP-UXB.10.mk b/security/coreconf/HP-UXB.10.mk
deleted file mode 100644
index 77ca9bce7..000000000
--- a/security/coreconf/HP-UXB.10.mk
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for HP-UXB.10
-#
-include $(CORE_DEPTH)/coreconf/HP-UX.mk
-
-OS_CFLAGS += -DHPUX10
-OS_LIBS += -lpthread -lm
diff --git a/security/coreconf/HP-UXB.11.00.mk b/security/coreconf/HP-UXB.11.00.mk
deleted file mode 100644
index 0732202ae..000000000
--- a/security/coreconf/HP-UXB.11.00.mk
+++ /dev/null
@@ -1,55 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# On HP-UX 10.30 and 11.00, the default implementation strategy is
-# pthreads. Classic nspr and pthreads-user are also available.
-#
-
-ifeq ($(OS_RELEASE),B.11.00)
-OS_CFLAGS += -DHPUX10
-DEFAULT_IMPL_STRATEGY = _PTH
-endif
-
-#
-# To use the true pthread (kernel thread) library on 10.30 and
-# 11.00, we should define _POSIX_C_SOURCE to be 199506L.
-# The _REENTRANT macro is deprecated.
-#
-
-ifdef USE_PTHREADS
- OS_CFLAGS += -D_POSIX_C_SOURCE=199506L
-endif
-
-#
-# Config stuff for HP-UXB.11.00.
-#
-include $(CORE_DEPTH)/coreconf/HP-UXB.11.mk
diff --git a/security/coreconf/HP-UXB.11.mk b/security/coreconf/HP-UXB.11.mk
deleted file mode 100644
index 7b5a631f4..000000000
--- a/security/coreconf/HP-UXB.11.mk
+++ /dev/null
@@ -1,56 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for HP-UXB.11
-#
-include $(CORE_DEPTH)/coreconf/HP-UX.mk
-
-ifndef NS_USE_GCC
- CCC = /opt/aCC/bin/aCC -ext
- ifeq ($(USE_64), 1)
- OS_CFLAGS += -Aa +e +DA2.0W +DS2.0 +DChpux
-# Next line replaced by generic name handling in arch.mk
-# COMPILER_TAG = _64
- else
- ifdef USE_LONG_LONGS
- OS_CFLAGS += -Aa +e +DA2.0 +DS2.0
- else
- OS_CFLAGS += +DAportable +DS1.1
- endif
- endif
-else
- CCC = aCC
-endif
-
-OS_CFLAGS += -DHPUX11
-OS_LIBS += -lpthread -lm -lrt
-HPUX11 = 1
diff --git a/security/coreconf/IRIX.mk b/security/coreconf/IRIX.mk
deleted file mode 100644
index fe0f906b5..000000000
--- a/security/coreconf/IRIX.mk
+++ /dev/null
@@ -1,122 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for IRIX
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-#
-# The default implementation strategy for Irix is classic nspr.
-#
-ifeq ($(USE_PTHREADS),1)
- ifeq ($(USE_N32),1)
- IMPL_STRATEGY = _n32_PTH
- else
- IMPL_STRATEGY = _PTH
- endif
-endif
-
-DEFAULT_COMPILER = cc
-
-ifdef NS_USE_GCC
- CC = gcc
- AS = $(CC) -x assembler-with-cpp
- ODD_CFLAGS = -Wall -Wno-format
- ifdef BUILD_OPT
- OPTIMIZER = -O6
- endif
-else
- CC = cc
- CCC = CC
- ODD_CFLAGS = -fullwarn -xansi
- ifdef BUILD_OPT
- ifeq ($(USE_N32),1)
- OPTIMIZER = -O -OPT:Olimit=4000
- else
- OPTIMIZER = -O -Olimit 4000
- endif
- endif
-
- # For 6.x machines, include this flag
- ifeq (6., $(findstring 6., $(OS_RELEASE)))
- ifeq ($(USE_N32),1)
- ODD_CFLAGS += -n32 -mips3 -exceptions
- else
- ODD_CFLAGS += -32 -multigot
- endif
- else
- ODD_CFLAGS += -xgot
- endif
- ifeq ($(USE_N32),1)
- OS_CFLAGS += -dollar
- endif
-endif
-
-ODD_CFLAGS += -DSVR4 -DIRIX
-
-CPU_ARCH = mips
-
-RANLIB = /bin/true
-# For purify
-# NOTE: should always define _SGI_MP_SOURCE
-NOMD_OS_CFLAGS += $(ODD_CFLAGS) -D_SGI_MP_SOURCE
-
-ifndef NO_MDUPDATE
- OS_CFLAGS += $(NOMD_OS_CFLAGS) -MDupdate $(DEPENDENCIES)
-else
- OS_CFLAGS += $(NOMD_OS_CFLAGS)
-endif
-
-ifeq ($(USE_N32),1)
- SHLIB_LD_OPTS += -n32 -mips3
-endif
-
-MKSHLIB += $(LD) $(SHLIB_LD_OPTS) -shared -soname $(@:$(OBJDIR)/%.so=%.so)
-
-HAVE_PURIFY = 1
-
-DSO_LDOPTS = -elf -shared -all
-
-ifdef DSO_BACKEND
- DSO_LDOPTS += -soname $(DSO_NAME)
-endif
-
-#
-# Revision notes:
-#
-# In the IRIX compilers prior to version 7.2, -n32 implied -mips3.
-# Beginning in the 7.2 compilers, -n32 implies -mips4 when the compiler
-# is running on a system with a mips4 CPU (e.g. R8K, R10K).
-# We want our code to explicitly be mips3 code, so we now explicitly
-# set -mips3 whenever we set -n32.
-#
diff --git a/security/coreconf/IRIX5.2.mk b/security/coreconf/IRIX5.2.mk
deleted file mode 100644
index fbb4a137b..000000000
--- a/security/coreconf/IRIX5.2.mk
+++ /dev/null
@@ -1,35 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for IRIX 5.2
-#
-include $(CORE_DEPTH)/coreconf/IRIX5.mk
diff --git a/security/coreconf/IRIX5.3.mk b/security/coreconf/IRIX5.3.mk
deleted file mode 100644
index b7134592b..000000000
--- a/security/coreconf/IRIX5.3.mk
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for IRIX 5.3
-#
-include $(CORE_DEPTH)/coreconf/IRIX5.mk
-
-OS_CFLAGS += -DIRIX5_3
diff --git a/security/coreconf/IRIX5.mk b/security/coreconf/IRIX5.mk
deleted file mode 100644
index 56bfb0ea5..000000000
--- a/security/coreconf/IRIX5.mk
+++ /dev/null
@@ -1,40 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for IRIX 5
-#
-
-include $(CORE_DEPTH)/coreconf/IRIX.mk
-
-ifndef NS_USE_GCC
- ODD_CFLAGS += -xgot
-endif
diff --git a/security/coreconf/IRIX6.2.mk b/security/coreconf/IRIX6.2.mk
deleted file mode 100644
index e17a0c3b6..000000000
--- a/security/coreconf/IRIX6.2.mk
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for IRIX 6.2
-#
-
-
-# catch unresolved symbols
-
-SHLIB_LD_OPTS += -no_unresolved
-
-include $(CORE_DEPTH)/coreconf/IRIX6.mk
-
-OS_CFLAGS += -DIRIX6_2
diff --git a/security/coreconf/IRIX6.3.mk b/security/coreconf/IRIX6.3.mk
deleted file mode 100644
index a684a1e11..000000000
--- a/security/coreconf/IRIX6.3.mk
+++ /dev/null
@@ -1,42 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for IRIX 6.3
-#
-
-# catch unresolved symbols
-
-SHLIB_LD_OPTS += -no_unresolved
-
-include $(CORE_DEPTH)/coreconf/IRIX6.mk
-
-OS_CFLAGS += -DIRIX6_3
diff --git a/security/coreconf/IRIX6.5.mk b/security/coreconf/IRIX6.5.mk
deleted file mode 100644
index 7f68d82cb..000000000
--- a/security/coreconf/IRIX6.5.mk
+++ /dev/null
@@ -1,42 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for IRIX 6.5
-#
-
-# catch unresolved symbols
-
-SHLIB_LD_OPTS += -no_unresolved
-
-include $(CORE_DEPTH)/coreconf/IRIX6.mk
-
-OS_CFLAGS += -DIRIX6_5 -mips3
diff --git a/security/coreconf/IRIX6.mk b/security/coreconf/IRIX6.mk
deleted file mode 100644
index a401dc6f3..000000000
--- a/security/coreconf/IRIX6.mk
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for IRIX 6
-#
-
-include $(CORE_DEPTH)/coreconf/IRIX.mk
-
-ifndef NS_USE_GCC
- ifneq ($(USE_N32),1)
- OS_CFLAGS += -32
- endif
- ODD_CFLAGS += -multigot
-endif
-
-ifeq ($(USE_PTHREADS),1)
-OS_LIBS += -lpthread
-endif
diff --git a/security/coreconf/Linux.mk b/security/coreconf/Linux.mk
deleted file mode 100644
index 444f4b272..000000000
--- a/security/coreconf/Linux.mk
+++ /dev/null
@@ -1,97 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for Linux
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-#
-# The default implementation strategy for Linux is now pthreads
-#
-USE_PTHREADS = 1
-
-ifeq ($(USE_PTHREADS),1)
- IMPL_STRATEGY = _PTH
-endif
-
-CC = gcc
-CCC = g++
-RANLIB = ranlib
-
-DEFAULT_COMPILER = gcc
-
-ifeq ($(OS_TEST),ppc)
- OS_REL_CFLAGS = -DMACLINUX -DLINUX1_2
- CPU_ARCH = ppc
-else
-ifeq ($(OS_TEST),alpha)
- OS_REL_CFLAGS = -D_ALPHA_ -DLINUX1_2 -D_XOPEN_SOURCE
- CPU_ARCH = alpha
-else
- OS_REL_CFLAGS = -mno-486 -DLINUX1_2 -Di386 -D_XOPEN_SOURCE
- CPU_ARCH = x86
-endif
-endif
-
-
-LIBC_TAG = _glibc
-
-ifeq ($(OS_RELEASE),2.0)
- OS_REL_CFLAGS += -DLINUX2_0
- MKSHLIB = $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
- ifdef BUILD_OPT
- OPTIMIZER = -O2
- endif
-endif
-
-ifeq ($(USE_PTHREADS),1)
-OS_PTHREAD = -lpthread
-endif
-
-OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -ansi -Wall -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR
-OS_LIBS = -L/lib $(OS_PTHREAD) -ldl -lc
-
-ifdef USE_PTHREADS
- DEFINES += -D_REENTRANT -D_PR_NEED_FAKE_POLL
-else
- DEFINES += -D_PR_LOCAL_THREADS_ONLY
-endif
-
-ARCH = linux
-
-DSO_CFLAGS = -fPIC
-DSO_LDOPTS = -shared
-DSO_LDFLAGS =
-
-# INCLUDES += -I/usr/include -Y/usr/include/linux
-G++INCLUDES = -I/usr/include/g++
diff --git a/security/coreconf/Linux2.1.mk b/security/coreconf/Linux2.1.mk
deleted file mode 100644
index bfbfe6b90..000000000
--- a/security/coreconf/Linux2.1.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for Linux 2.1 (ELF)
-#
-
-include $(CORE_DEPTH)/coreconf/Linux.mk
-ifeq ($(OS_RELEASE),2.1)
- OS_REL_CFLAGS += -DLINUX2_1
- MKSHLIB = $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
- ifdef BUILD_OPT
- OPTIMIZER = -O2
- endif
-endif
-
diff --git a/security/coreconf/Linux2.2.mk b/security/coreconf/Linux2.2.mk
deleted file mode 100644
index c552c1d76..000000000
--- a/security/coreconf/Linux2.2.mk
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for Linux 2.2 (ELF)
-#
-
-include $(CORE_DEPTH)/coreconf/Linux.mk
-
-OS_REL_CFLAGS += -DLINUX2_1
-MKSHLIB = $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
-ifdef BUILD_OPT
- OPTIMIZER = -O2
-endif
-
diff --git a/security/coreconf/LinuxELF1.2.mk b/security/coreconf/LinuxELF1.2.mk
deleted file mode 100644
index 860787958..000000000
--- a/security/coreconf/LinuxELF1.2.mk
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for Linux 1.2 (ELF)
-#
-
-include $(CORE_DEPTH)/coreconf/Linux.mk
diff --git a/security/coreconf/LinuxELF2.0.mk b/security/coreconf/LinuxELF2.0.mk
deleted file mode 100644
index a85dfafa9..000000000
--- a/security/coreconf/LinuxELF2.0.mk
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for Linux 2.0 (ELF)
-#
-
-include $(CORE_DEPTH)/coreconf/Linux.mk
diff --git a/security/coreconf/Makefile b/security/coreconf/Makefile
deleted file mode 100644
index 9f6fd6078..000000000
--- a/security/coreconf/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-DEPTH = ..
-CORE_DEPTH = ..
-
-MODULE = coreconf
-
-DIRS = nsinstall mkdepend md
-
-include $(DEPTH)/coreconf/config.mk
-include $(DEPTH)/coreconf/rules.mk
-
-export:: libs
diff --git a/security/coreconf/NCR3.0.mk b/security/coreconf/NCR3.0.mk
deleted file mode 100644
index 8193bd1f5..000000000
--- a/security/coreconf/NCR3.0.mk
+++ /dev/null
@@ -1,90 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for NCR SysVr4 v 3.0
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-DEFAULT_COMPILER = cc
-
-###
-NS_USE_NATIVE = 1
-
-# NS_USE_GCC = 1
-
-export PATH:=$(PATH):/opt/ncc/bin
-###
-
-RANLIB = true
-GCC_FLAGS_EXTRA += -pipe
-
-DEFINES += -DSVR4 -DSYSV -DHAVE_STRERROR -DNCR
-
-OS_CFLAGS += -Hnocopyr -DSVR4 -DSYSV -DHAVE_STRERROR -DNCR -DPRFSTREAMS_BROKEN
-
-ifdef NS_USE_NATIVE
- CC = cc
- CCC = ncc
- CXX = ncc
-# OS_LIBS += -L/opt/ncc/lib
-else
-# OS_LIBS +=
-endif
-
-#OS_LIBS += -lsocket -lnsl -ldl -lc
-
-MKSHLIB += $(LD) $(DSO_LDOPTS)
-#DSO_LDOPTS += -G -z defs
-DSO_LDOPTS += -G
-
-CPU_ARCH = x86
-ARCH = ncr
-
-NOSUCHFILE = /solaris-rm-f-sucks
-
-# now take care of default GCC (rus@5/5/97)
-
-ifdef NS_USE_GCC
- # if gcc-settings are redefined already - don't touch it
- #
- ifeq (,$(findstring gcc, $(CC)))
- CC = gcc
- CCC = g++
- CXX = g++
- # always use -fPIC - some makefiles are still broken and don't distinguish
- # situation when they build shared and static libraries
- CFLAGS += -fPIC -Wall $(GCC_FLAGS_EXTRA)
-# OS_LIBS += -L/usr/local/lib -lstdc++ -lg++ -lgcc
- endif
-endif
-###
diff --git a/security/coreconf/NEC4.2.mk b/security/coreconf/NEC4.2.mk
deleted file mode 100644
index 8e635f1ca..000000000
--- a/security/coreconf/NEC4.2.mk
+++ /dev/null
@@ -1,61 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for NEC Mips SYSV
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-DEFAULT_COMPILER = $(CORE_DEPTH)/build/hcc
-
-CPU_ARCH = mips
-
-ifdef NS_USE_GCC
-CC = gcc
-CCC = g++
-else
-CC = $(CORE_DEPTH)/build/hcc
-OS_CFLAGS = -Xa -KGnum=0 -KOlimit=4000
-CCC = g++
-endif
-
-MKSHLIB = $(LD) $(DSO_LDOPTS)
-
-RANLIB = /bin/true
-
-OS_CFLAGS += $(ODD_CFLAGS) -DSVR4 -D__SVR4 -DNEC -Dnec_ews -DHAVE_STRERROR
-OS_LIBS = -lsocket -lnsl -ldl $(LDOPTIONS)
-LDOPTIONS = -lc -L/usr/ucblib -lucb
-
-NOSUCHFILE = /nec-rm-f-sucks
-
-DSO_LDOPTS = -G
diff --git a/security/coreconf/OSF1.mk b/security/coreconf/OSF1.mk
deleted file mode 100644
index 3b7cdab5f..000000000
--- a/security/coreconf/OSF1.mk
+++ /dev/null
@@ -1,74 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for DEC OSF/1
-#
-
-#
-# The Bourne shell (sh) on OSF1 doesn't handle "set -e" correctly,
-# which we use to stop LOOP_OVER_DIRS submakes as soon as any
-# submake fails. So we use the Korn shell instead.
-#
-SHELL = /usr/bin/ksh
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-DEFAULT_COMPILER = cc
-
-CC = cc
-OS_CFLAGS += $(NON_LD_FLAGS) -std1
-CCC = cxx
-RANLIB = /bin/true
-CPU_ARCH = alpha
-
-ifdef BUILD_OPT
- OPTIMIZER += -Olimit 4000
-endif
-
-NON_LD_FLAGS += -ieee_with_inexact
-OS_CFLAGS += -DOSF1 -D_REENTRANT
-
-ifneq ($(USE_64), 1)
- LDFLAGS += -taso
-endif
-
-ifeq ($(USE_PTHREADS),1)
- OS_CFLAGS += -pthread
-endif
-
-ifeq ($(USE_IPV6),1)
- OS_CFLAGS += -D_PR_INET6
-endif
-
-# The command to build a shared library on OSF1.
-MKSHLIB += ld -shared -all -expect_unresolved "*"
-DSO_LDOPTS += -shared
diff --git a/security/coreconf/OSF1V2.0.mk b/security/coreconf/OSF1V2.0.mk
deleted file mode 100644
index de7dab643..000000000
--- a/security/coreconf/OSF1V2.0.mk
+++ /dev/null
@@ -1,35 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for DEC OSF/1 V2.0
-#
-include $(CORE_DEPTH)/coreconf/OSF1.mk
diff --git a/security/coreconf/OSF1V3.0.mk b/security/coreconf/OSF1V3.0.mk
deleted file mode 100644
index 623b2f971..000000000
--- a/security/coreconf/OSF1V3.0.mk
+++ /dev/null
@@ -1,35 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for DEC OSF/1 V3.0
-#
-include $(CORE_DEPTH)/coreconf/OSF1.mk
diff --git a/security/coreconf/OSF1V3.2.mk b/security/coreconf/OSF1V3.2.mk
deleted file mode 100644
index 9d584b37b..000000000
--- a/security/coreconf/OSF1V3.2.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# On OSF1 V3.2, classic nspr is the default (and only) implementation
-# strategy.
-#
-
-#
-# Config stuff for DEC OSF/1 V3.2
-#
-include $(CORE_DEPTH)/coreconf/OSF1.mk
-
-ifeq ($(OS_RELEASE),V3.2)
- OS_CFLAGS += -DOSF1V3
-endif
diff --git a/security/coreconf/OSF1V4.0.mk b/security/coreconf/OSF1V4.0.mk
deleted file mode 100644
index 164a6613a..000000000
--- a/security/coreconf/OSF1V4.0.mk
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# On OSF1 V4.0, pthreads is the default implementation strategy.
-# Classic nspr is also available.
-#
-ifneq ($(OS_RELEASE),V3.2)
- USE_PTHREADS = 1
- ifeq ($(CLASSIC_NSPR), 1)
- USE_PTHREADS =
- IMPL_STRATEGY := _CLASSIC
- endif
-endif
-
-#
-# Config stuff for DEC OSF/1 V4.0
-#
-include $(CORE_DEPTH)/coreconf/OSF1.mk
-
-ifeq ($(OS_RELEASE),V4.0)
- OS_CFLAGS += -DOSF1V4
-endif
diff --git a/security/coreconf/OSF1V4.0B.mk b/security/coreconf/OSF1V4.0B.mk
deleted file mode 100644
index 73f357d17..000000000
--- a/security/coreconf/OSF1V4.0B.mk
+++ /dev/null
@@ -1,35 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for DEC OSF/1 V4.0B
-#
-include $(CORE_DEPTH)/coreconf/OSF1V4.0.mk
diff --git a/security/coreconf/OSF1V4.0D.mk b/security/coreconf/OSF1V4.0D.mk
deleted file mode 100644
index 515c76d5f..000000000
--- a/security/coreconf/OSF1V4.0D.mk
+++ /dev/null
@@ -1,39 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for DEC OSF/1 V4.0D
-#
-include $(CORE_DEPTH)/coreconf/OSF1V4.0.mk
-DEFINES += -DOSF1V4D
-
-OS_LIBS += -lpthread -lrt
-
diff --git a/security/coreconf/README b/security/coreconf/README
deleted file mode 100644
index f769ee56d..000000000
--- a/security/coreconf/README
+++ /dev/null
@@ -1,568 +0,0 @@
-OVERVIEW of "ns/coreconf":
-
- This README file is an attempt to provide the reader with a simple
- synopsis of the "ns/coreconf" build system which was originally
- fundamentally designed and built to accomodate Netscape's binary
- release model. Wherever possible, an attempt has been made to
- comply with the NSPR 2.0 build system, including mimicing the
- compiler/linker flags, and directory naming structure. The reader
- should keep in mind that the system builds binary releases of
- header files, class files, libraries, and executables on numerous
- flavors of UNIX and Windows operating systems. Unfortunately,
- no serious attempt has ever been made to incorporate an ability to
- generate cross-platform binaries on an Apple MacIntosh platform.
-
- Note that this file will not attempt to redefine or document the
- architecture of this system. However, documents on this subject
- are available at the following URL:
-
- http://warp/hardcore/prj-ttools/specs/release/index.html
-
-
-
-DEPENDENCIES of "ns/coreconf":
-
- The "ns/coreconf" build system requires the specified versions of
- the following platform-dependent tools:
-
- UNIX Platforms:
- --------------
- gmake (version 3.74 or later)
- perl 4.0 (NOTE: perl 5.003 or later recommended)
- uname
-
- Windows Platforms:
- -----------------
- gmake 3.74 (must use hacked Netscape version)
- shmsdos.exe (contained in Netscape gmake.exe)
- nsinstall.exe (contained in Netscape gmake.exe)
- perl.exe (version 4.0 for everything except testing;
- NOTE: MKS toolkit perl 5.002 is broken)
- perl5.exe (for testing;
- NOTE: perl 5.003 or later recommended;
- MKS toolkit perl 5.002 is broken)
- uname.exe (use nstools version)
-
-ENHANCEMENTS to "ns/coreconf":
-
- With the advent of Certificate Server 4.0 using the ns/coreconf
- build system, several changes had to be made to enhance
- ns/coreconf support for building Java/JNI classes/programs, as
- well as libraries slated to be released as binaries. While the
- following may not represent an exhaustive list of these changes,
- it does attempt to be at least somewhat comprehensive:
-
- (1) During the course of these enhancements, a total of
- four files have been modified, and four new files have
- been added.
-
- The following files have been modified:
-
- - command.mk: removed old definition of JAR
-
- - config.mk: added include statement of new
- "jdk.mk" file
-
- - ruleset.mk: allowed the $(MKPROG) variable to be
- overridden by supplying it with a
- default value of $(CC); augmented
- numerous definitions to enhance
- ability of ns/coreconf to produce
- a more robust set of libraries;
- added some JNI definitions; PACKAGE
- definition may be overridden by new
- "jdk.mk" file
-
- - rules.mk: separated the compile phase of a
- program from the link phase of a
- program such that a developer can
- now strictly override program linkage
- by simply supplying a $(MKPROG)
- variable; augmented NETLIBDEPTH
- to use CORE_DEPTH but retain backward
- compatibility; added JNI section;
- modified .PRECIOUS rule;
-
- The following files have been added:
-
- - README: this file; an ASCII-based text
- document used to summarize the
- ns/coreconf build system and
- suitable (paginated) for printing
-
- - jdk.mk: a file comprising most (if not all)
- of the default Java related build
- information; the definitions in this
- file are only included if NS_USE_JDK
- has been defined
-
- - jniregen.pl: a perl script used to create a
- dependency for when JNI files should
- be regenerated (based upon any change
- to the ".class" file from which the
- ".h" file was originally generated)
-
- - outofdate.pl: a perl script used to create a
- dependency for when ".class" files
- should be regenerated (based upon
- any change to the ".java" file
- from which the ".class" file was
- originally generated)
-
- (2) As stated above, the ns/coreconf build system now separates
- the link phase of a program from its compilation phase.
- While ns/coreconf still works exactly as it used to because
- the $(MKPROG) variable is assigned $(CC) by default, a developer
- may now override this behavior by simply supplying their
- own unique value for $(MKPROG) on every platform. This allows
- a program compiled with $(CC) to link with external libraries
- that may contain "C++" linkage. Before this change, a
- programmer would need to reference their own local copy of
- rules.mk (see the ns/sectools/cmd/pk12util program for
- an example of how this used to be accomplished).
-
- (3) Currently, the ns/coreconf build system differs from the
- NSPR 2.0 build system which utilizes an "_s" to denote
- static libraries from import libraries. In fact, the
- ns/coreconf build system adds no prefixes or suffixes to
- distinguish one version of static libraries from another.
- Note that both the ns/coreconf build system as well as the
- NSPR 2.0 build system do nothing to provide a method of
- distinguishing 16-bit from 32-bit static libraries on the
- same machine, either, since:
-
- a) this might only provide difficulty during
- development, since static libraries always
- need to be embedded within a program
- (note this is highly unlikely, since libraries
- for different platforms are subdivided via
- a well-known subdirectory structure, and
- a developer may use multiple trees for
- development),
-
- b) this maintains backwards compatibility,
- something very important since no legacy
- programs will need to change their link phase, and
-
- c) Netscape as a company has dropped any plans
- of future development of 16-bit products.
-
- (4) Since several members of the Hardcore Security group did
- not favor NSPR 2.0's solution of adding an "_s" to static
- libraries on Windows platforms as a method to distinguish
- them from their import library cousins, a different solution
- was proposed and has been recently implemented for ns/coreconf:
-
- - a 16 has been added as a suffix to both dynamic and
- import libraries built on 16-bit Windows platforms
-
- - a 32 has been added as a suffix to both dynamic and
- import libraries built on 32-bit Windows platforms
-
- Since, the HCL release process currently only contains a
- single instance of building a dynamic library,
- ns/security/lib/fortcrypt/fort12.dll, the impact of this
- change should be relatively small.
-
- It should be noted that although this would additionally
- limit the 8.3 namespace on 16-bit platforms, it is highly
- unlikely that any future development will be performed on
- this platform.
-
- (5) The $(LIBRARY_VERSION) tag has been added to all non-static
- libraries created on UNIX operating systems to alleviate
- any future confusion for binary releases which utilize this
- tag. Again, it should be noted that this tag is only
- utilized on non-static libraries, since more than one
- version of the library may need to exist simultaneously
- if multiple products are utilized.
-
- Currently, only one HCL released library utilizes this tag:
-
- ns/security/lib/fortcrypt/fort12.a
- (e. g. - in this library, the tag has been set to '12')
-
- Again, it should be noted that although this would
- additionally limit the 8.3 namespace on 16-bit platforms,
- it is highly unlikely that any future development will be
- performed on this platform.
-
- (6) The $(JDK_DEBUG_SUFFIX) extension has been added to all
- library and program names to support debug versions of
- Java programs (e. g. - java_g, javac_g, etc).
-
- Once again, it should be noted that although this would
- additionally limit the 8.3 namespace on 16-bit platforms,
- it is highly unlikely that any future Java development
- will be performed on this platform.
-
- (7) Most (if not all) default definitions for java have been
- encapsulated within their own file, jdk.mk, which is
- always included by default in ns/coreconf/config.mk.
- However, the definitions within this file are only ever
- activated if NS_USE_JDK has been set to be 1.
-
-
- (8) Two perl scripts (jniregen.pl and outofdate.pl) have been
- added to the system to foster a more robust development
- environment for composing Java and JNI programs
- utilizing the ns/coreconf build system. Both of these
- perl scripts are related to resolving dependencies which
- can not be accomplished through normal makefile dependencies.
-
- (9) This file, README, was created in an attempt to allow
- developers who have familiarity with ns/coreconf a simple
- roadmap for what has changed, as well as a top-level view of
- what comprises ns/coreconf. This file was written in
- ASCII (rather than HTML) primarily to promote simple
- paginated printing.
-
-OVERVIEW of "config.mk":
-
- This file contains the configuration information necessary to
- build each "Core Components" source module:
-
- include file name Purpose
- =================== =======================================
- arch.mk source and release <architecture> tags
-
- command.mk default command macros
- (NOTE: may be overridden in $(OS_CONFIG).mk)
-
- $(OS_CONFIG).mk <architecture>-specific macros
- (dependent upon <architecture> tags)
-
- platform.mk source and release <platform> tags
- (dependent upon <architecture> tags)
-
- tree.mk release <tree> tags
- (dependent upon <architecture> tags)
-
- module.mk source and release <component> tags
- (NOTE: A component is also called a module
- or a subsystem. This file is dependent upon
- $(MODULE) being defined on the command
- line, as an environment variable, or in
- individual makefiles, or more
- appropriately, manifest.mn)
-
- version.mk release <version> tags
- (dependent upon $(MODULE) being defined on
- the command line, as an environment variable,
- or in individual makefiles, or more
- appropriately, manifest.mn)
-
- location.mk macros to figure out binary code location
- (dependent upon <platform> tags)
-
- source.mk <component>-specific source path
- (dependent upon <user_source_tree>,
- <source_component>, <version>, and
- <platform> tags)
-
- headers.mk include switch for support header files
- (dependent upon <tree>, <component>, <version>,
- and <platform> tags)
-
- prefix.mk compute program prefixes
-
- suffix.mk compute program suffixes
- (dependent upon <architecture> tags)
-
- jdk.mk define JDK
- (dependent upon <architecture>,
- <source>, and <suffix> tags)
-
- ruleset.mk Master "Core Components" rule set
- (should always be the last file
- included by config.mk)
-
-
-
-OVERVIEW of "rules.mk":
-
- The "rules.mk" file consists of four sections. The first section
- contains the "master" build rules for all binary releases. While
- this section can (and should) largely be thought of as "language"
- independent, it does utilize the "perl" scripting language to
- perform both the "import" and "release" of binary modules.
-
- The rules which dwell in this section and their purpose:
-
-
- CATEGORY/rule:: Purpose
- =================== =======================================
-
- GENERAL
- -------
- all:: "default" all-encompassing rule which
- performs "export libs program install"
-
- export:: recursively copy specified
- cross-platform header files to the
- $(SOURCE_XPHEADERS_DIR) directory;
- recursively copy specified
- machine-dependent header files to the
- $(SOURCE_MDHEADERS_DIR) directory;
- although all rules can be written to
- repetively "chain" into other sections,
- this rule is the most commonly used
- rule to "chain" into other sections
- such as Java providing a simple
- mechanism which allows no need for
- developers to memorize specialized
- rules
-
- libs:: recursively build
- static (archival) $(LIBRARY), shared
- (dynamic link) $(SHARED_LIBRARY),
- import $(IMPORT_LIBRARY), and/or
- "purified" $(PURE_LIBRARY)
- libraries
-
- program:: recursively build $(PROGRAM)
- executable
-
- install:: recursively copy all libraries to
- $(SOURCE_LIB_DIR) directory;
- recursively copy all executables to
- $(SOURCE_BIN_DIR) directory
-
- clean:: remove all files specified in the
- $(ALL_TRASH) variable
-
- clobber:: synonym for "clean::" rule
-
- realclean:: remove all files specified by
- $(wildcard *.OBJ), dist, and in
- the $(ALL_TRASH) variable
-
- clobber_all:: synonym for "realclean::" rule
-
- private_export:: recursively copy specified
- cross-platform header files to the
- $(SOURCE_XPPRIVATE_DIR) directory
-
-
- IMPORT
- ------
- import:: uses perl script to retrieve specified
- VERSION of the binary release from
- $(RELEASE_TREE)
-
- RELEASE
- -------
- release_clean:: remove all files from the
- $(SOURCE_RELEASE_PREFIX) directory
-
- release:: place specified VERSION of the
- binary release in the appropriate
- $(RELEASE_TREE) directory
-
- release_export:: recursively copy specified
- cross-platform header files to the
- $(SOURCE_XPHEADERS_DIR)/include
- directory
-
- release_md:: recursively copy all libraries to
- $(SOURCE_RELEASE_PREFIX)/
- $(SOURCE_RELEASE_LIB_DIR) directory;
- recursively copy all executables to
- $(SOURCE_RELEASE_PREFIX)/
- $(SOURCE_RELEASE_BIN_DIR) directory
-
- release_jars:: use perl script to package appropriate
- files in the $(XPCLASS_JAR),
- $(XPHEADER_JAR), $(MDHEADER_JAR), and
- $(MDBINARY_JAR) jar files
-
- release_cpdistdir:: use perl script to copy the
- $(XPCLASS_JAR), $(XPHEADER_JAR),
- $(MDHEADER_JAR), and $(MDBINARY_JAR)
- jar files to the specified VERSION
- of the $(RELEASE_TREE) directory
-
-
-
- TOOLS and AUTOMATION
- --------------------
- platform:: tool used to display the platform name
- as composed within the "arch.mk" file
-
- autobuild:: automation rule used by "Bonsai" and
- "Tinderbox" to automatically generate
- binary releases on various platforms
-
- tests:: automation tool used to run the
- "regress" and "reporter" tools
- on various regression test suites
-
- The second section of "rules.mk" primarily contains several
- "language" dependent build rules for binary releases. These are
- generally "computed" rules (created on the "fly"), and include
- rules used by "C", "C++", assembly, the preprocessor, perl, and
- the shell.
-
- The rules which dwell in this section and their purpose:
-
-
- CATEGORY/rule:: Purpose
- =================== =============================
-
- LIBRARIES
- ---------
- $(LIBRARY): build the static library
- specified by the $(LIBRARY)
- variable
-
- $(IMPORT_LIBRARY): build the import library
- specified by the
- $(IMPORT_LIBRARY) variable
-
- $(SHARED_LIBRARY): build the shared
- (dynamic link) library
- specified by the
- $(SHARED_LIBRARY) variable
-
- $(PURE_LIBRARY): build the "purified" library
- specified by the
- $(PURE_LIBRARY) variable
-
-
- PROGRAMS
- --------
- $(PROGRAM): build the binary executable
- specified by the $(PROGRAM)
- rule
-
- $(OBJDIR)/
- $(PROG_PREFIX)%.pure: build the "purified" binary
- executable specified by this
- rule
-
-
- OBJECTS
- -------
- $(OBJDIR)/
- $(PROG_PREFIX)%$(OBJ_SUFFIX): build the object file
- associated with the
- makefile rule dependency:
-
- %.c = C file
- %.cpp = C++ file
- %.cc = C++ file
- %.s = assembly file
- %.S = assembly file
-
- $(OBJDIR)/
- $(PROG_PREFIX)%: (NOTE: deprecated rule)
- build the object file
- associated with the
- makefile rule dependency:
-
- %.cpp = C++ file
-
- MISCELLANEOUS
- -------------
- $(DIRS):: specifies a helper method
- used by $(LOOP_THROUGH_DIRS)
- to recursively change
- directories and invoke
- $(MAKE)
-
- %.i: build the preprocessor file
- associated with the
- makefile rule dependency:
-
- %.c = C file
- %.cpp = C++ file
-
- %: process the specified file
- using the method associated
- with the makefile rule
- dependency:
-
- %.pl = perl script
- %.sh = shell script
-
- alltags: tool used to recursively
- create a "ctags"-style
- file for reference
-
- The third section of "rules.mk' primarily contains several JAVA
- "language" build rules for binary releases. These are also
- generally "computed" rules (created on the "fly").
-
- The rules which dwell in this section and their purpose:
-
-
- CATEGORY/rule:: Purpose
- =================== =============================
- $(JAVA_DESTPATH):: create directory specified
- as the Java destination path
- for where classes are
- deposited
-
- $(JAVA_DESTPATH)/$(PACKAGE):: create directories specified
- within the $(PACKAGE)
- variable
-
- $(JMCSRCDIR):: create directory specified
- as the JMC destination path
-
- $(JRI_HEADER_CFILES): used to generate/regenerate
- JRI header files for "C"
-
- $(JRI_STUB_CFILES): used to generate/regenerate
- JRI stub files for "C"
-
- $(JNI_HEADERS): used to generate/regenerate
- JNI header files for "C"
-
- The fourth section of "rules.mk" primarily contains miscellaneous
- build rules for binary releases. Many of these rules are here to
- create new subdirectories, manage dependencies, and/or override
- standard gmake "Makefile" rules.
-
- The rules which dwell in this section and their purpose:
-
-
- CATEGORY/rule:: Purpose
- =================== =============================
-
- $(PUBLIC_EXPORT_DIR):: create directory used to
- house public "C" header files
-
- $(PRIVATE_EXPORT_DIR):: create directory used to
- house private "C" header
- files
-
- $(SOURCE_XP_DIR)/
- release/include:: create directory used to
- house "C" header files
- contained in a release
-
- $(MKDEPENDENCIES):: for UNIX systems, create
- a directory used to house
- dependencies and utilize
- the $(MKDEPEND) rule to
- create them
-
- $(MKDEPEND):: cd to the dependency
- directory and create them
-
- depend:: if $(OBJS) exist, perform the
- $(MKDEPEND) rule followed by
- the $(MKDEPENDENCIES) rule
-
- dependclean:: remove all files contained
- in the dependency repository
-
- .DEFAULT: standard gmake rule
-
- .SUFFIXES: standard gmake rule
-
- .PRECIOUS: standard gmake rule
-
- .PHONY: standard gmake rule
-
diff --git a/security/coreconf/ReliantUNIX.mk b/security/coreconf/ReliantUNIX.mk
deleted file mode 100644
index 476dcabc1..000000000
--- a/security/coreconf/ReliantUNIX.mk
+++ /dev/null
@@ -1,84 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for ReliantUNIX
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-DEFAULT_COMPILER = cc
-
-ifdef NS_USE_GCC
- ## gcc-2.7.2 homebrewn
- CC = gcc
- CCC = g++
- AS = $(CC)
- ASFLAGS += -x assembler-with-cpp
- LD = gld
- ODD_CFLAGS = -pipe -Wall -Wno-format
- ifdef BUILD_OPT
- OPTIMIZER += -O6
- endif
- MKSHLIB = $(LD)
- MKSHLIB += -G -h $(@:$(OBJDIR)/%.so=%.so)
- DSO_LDOPTS += -G -Xlinker -Blargedynsym
-else
- ## native compiler (CDS++ 1.0)
-# CC = /usr/bin/cc
- CC = cc
- CCC = /usr/bin/CC
- AS = /usr/bin/cc
- ODD_CFLAGS =
- ifdef BUILD_OPT
- OPTIMIZER += -O -F Olimit,4000
- endif
- MKSHLIB = $(CC)
- MKSHLIB += -G -h $(@:$(OBJDIR)/%.so=%.so)
- DSO_LDOPTS += -G -W l,-Blargedynsym
-endif
-
-NOSUCHFILE = /sni-rm-f-sucks
-ODD_CFLAGS += -DSVR4 -DSNI -DRELIANTUNIX
-CPU_ARCH = mips
-RANLIB = /bin/true
-
-# For purify
-NOMD_OS_CFLAGS += $(ODD_CFLAGS)
-
-# we do not have -MDupdate ...
-OS_CFLAGS += $(NOMD_OS_CFLAGS)
-OS_LIBS += -lsocket -lnsl -lresolv -lgen -ldl -lc /usr/ucblib/libucb.a
-HAVE_PURIFY = 0
-
-ifdef DSO_BACKEND
- DSO_LDOPTS += -h $(DSO_NAME)
-endif
diff --git a/security/coreconf/ReliantUNIX5.4.mk b/security/coreconf/ReliantUNIX5.4.mk
deleted file mode 100644
index a5bca60a3..000000000
--- a/security/coreconf/ReliantUNIX5.4.mk
+++ /dev/null
@@ -1,35 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for ReliantUNIX5.4
-#
-include $(CORE_DEPTH)/coreconf/ReliantUNIX.mk
diff --git a/security/coreconf/SCOOS5.0.mk b/security/coreconf/SCOOS5.0.mk
deleted file mode 100644
index b3370a1fd..000000000
--- a/security/coreconf/SCOOS5.0.mk
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for SCO OpenServer 5.0 for x86.
-#
-
-include $(CORE_DEPTH)/coreconf/SCO_SV3.2.mk
diff --git a/security/coreconf/SCO_SV3.2.mk b/security/coreconf/SCO_SV3.2.mk
deleted file mode 100644
index e9d13b30c..000000000
--- a/security/coreconf/SCO_SV3.2.mk
+++ /dev/null
@@ -1,86 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for SCO Unix for x86.
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-DEFAULT_COMPILER = cc
-
-CC = cc
-OS_CFLAGS += -b elf -KPIC
-CCC = g++
-CCC += -b elf -DPRFSTREAMS_BROKEN -I/usr/local/lib/g++-include
-# CCC = $(CORE_DEPTH)/build/hcpp
-# CCC += +.cpp +w
-RANLIB = /bin/true
-
-#
-# -DSCO_PM - Policy Manager AKA: SCO Licensing
-# -DSCO - Changes to Netscape source (consistent with AIX, LINUX, etc..)
-# -Dsco - Needed for /usr/include/X11/*
-#
-OS_CFLAGS += -DSCO_SV -DSYSV -D_SVID3 -DHAVE_STRERROR -DSW_THREADS -DSCO_PM -DSCO -Dsco
-#OS_LIBS += -lpmapi -lsocket -lc
-MKSHLIB = $(LD)
-MKSHLIB += $(DSO_LDOPTS)
-XINC = /usr/include/X11
-MOTIFLIB += -lXm
-INCLUDES += -I$(XINC)
-CPU_ARCH = x86
-GFX_ARCH = x
-ARCH = sco
-LOCALE_MAP = $(CORE_DEPTH)/cmd/xfe/intl/sco.lm
-EN_LOCALE = C
-DE_LOCALE = de_DE.ISO8859-1
-FR_LOCALE = fr_FR.ISO8859-1
-JP_LOCALE = ja
-SJIS_LOCALE = ja_JP.SJIS
-KR_LOCALE = ko_KR.EUC
-CN_LOCALE = zh
-TW_LOCALE = zh
-I2_LOCALE = i2
-LOC_LIB_DIR = /usr/lib/X11
-NOSUCHFILE = /solaris-rm-f-sucks
-BSDECHO = /bin/echo
-
-#
-# These defines are for building unix plugins
-#
-BUILD_UNIX_PLUGINS = 1
-#DSO_LDOPTS += -b elf -G -z defs
-DSO_LDOPTS += -b elf -G
-DSO_LDFLAGS += -nostdlib -L/lib -L/usr/lib -lXm -lXt -lX11 -lgen
-
-# Used for Java compiler
-EXPORT_FLAGS += -W l,-Bexport
diff --git a/security/coreconf/SunOS4.1.3_U1.mk b/security/coreconf/SunOS4.1.3_U1.mk
deleted file mode 100644
index 94be22508..000000000
--- a/security/coreconf/SunOS4.1.3_U1.mk
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for SunOS4.1
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-DEFAULT_COMPILER = cc
-
-INCLUDES += -I/usr/dt/include -I/usr/openwin/include -I/home/motif/usr/include
-
-# SunOS 4 _requires_ that shared libs have a version number.
-# XXX FIXME: Version number should use NSPR_VERSION_NUMBER?
-DLL_SUFFIX = so.1.0
-CC = gcc
-RANLIB = ranlib
-CPU_ARCH = sparc
-
-# Purify doesn't like -MDupdate
-NOMD_OS_CFLAGS += -Wall -Wno-format -DSUNOS4
-OS_CFLAGS += $(DSO_CFLAGS) $(NOMD_OS_CFLAGS) -MDupdate $(DEPENDENCIES)
-MKSHLIB = $(LD)
-MKSHLIB += $(DSO_LDOPTS)
-HAVE_PURIFY = 1
-NOSUCHFILE = /solaris-rm-f-sucks
-DSO_LDOPTS =
-
-# -fPIC generates position-independent code for use in a shared library.
-DSO_CFLAGS += -fPIC
diff --git a/security/coreconf/SunOS5.3.mk b/security/coreconf/SunOS5.3.mk
deleted file mode 100644
index e103d9f57..000000000
--- a/security/coreconf/SunOS5.3.mk
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for SunOS5.3
-#
-
-SOL_CFLAGS =
-
-include $(CORE_DEPTH)/coreconf/SunOS5.mk
diff --git a/security/coreconf/SunOS5.4.mk b/security/coreconf/SunOS5.4.mk
deleted file mode 100644
index fe24c33e0..000000000
--- a/security/coreconf/SunOS5.4.mk
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for SunOS5.4
-#
-
-SOL_CFLAGS =
-
-include $(CORE_DEPTH)/coreconf/SunOS5.mk
diff --git a/security/coreconf/SunOS5.4_i86pc.mk b/security/coreconf/SunOS5.4_i86pc.mk
deleted file mode 100644
index bed9893ed..000000000
--- a/security/coreconf/SunOS5.4_i86pc.mk
+++ /dev/null
@@ -1,68 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for Solaris 2.4 on x86
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-DEFAULT_COMPILER = cc
-
-ifdef NS_USE_GCC
- CC = gcc
- OS_CFLAGS += -Wall -Wno-format
- CCC = g++
- CCC += -Wall -Wno-format
- ASFLAGS += -x assembler-with-cpp
- ifdef NO_MDUPDATE
- OS_CFLAGS += $(NOMD_OS_CFLAGS)
- else
- OS_CFLAGS += $(NOMD_OS_CFLAGS) -MDupdate $(DEPENDENCIES)
- endif
-else
- CC = cc
- CCC = CC
- ASFLAGS += -Wa,-P
- OS_CFLAGS += $(NOMD_OS_CFLAGS)
-endif
-
-CPU_ARCH = x86
-
-MKSHLIB = $(LD)
-MKSHLIB += $(DSO_LDOPTS)
-NOSUCHFILE = /solx86-rm-f-sucks
-RANLIB = echo
-
-# for purify
-NOMD_OS_CFLAGS += -DSVR4 -DSYSV -D_REENTRANT -DSOLARIS -D__svr4__ -Di386
-
-DSO_LDOPTS += -G
diff --git a/security/coreconf/SunOS5.5.1.mk b/security/coreconf/SunOS5.5.1.mk
deleted file mode 100644
index f85932b59..000000000
--- a/security/coreconf/SunOS5.5.1.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for SunOS5.5.1
-#
-
-SOL_CFLAGS += -D_SVID_GETTOD
-
-include $(CORE_DEPTH)/coreconf/SunOS5.mk
-
-ifeq ($(OS_RELEASE),5.5.1)
- OS_DEFINES += -DSOLARIS2_5
-endif
-
-OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
diff --git a/security/coreconf/SunOS5.5.1_i86pc.mk b/security/coreconf/SunOS5.5.1_i86pc.mk
deleted file mode 100644
index 978286856..000000000
--- a/security/coreconf/SunOS5.5.1_i86pc.mk
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for Solaris 2.5.1 on x86
-#
-
-SOL_CFLAGS = -D_SVID_GETTOD
-
-include $(CORE_DEPTH)/coreconf/SunOS5.mk
-
-CPU_ARCH = x86
-OS_DEFINES += -Di386
-
-ifeq ($(OS_RELEASE),5.5.1_i86pc)
- OS_DEFINES += -DSOLARIS2_5
-endif
diff --git a/security/coreconf/SunOS5.5.mk b/security/coreconf/SunOS5.5.mk
deleted file mode 100644
index e83356f15..000000000
--- a/security/coreconf/SunOS5.5.mk
+++ /dev/null
@@ -1,42 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for SunOS5.5
-#
-
-SOL_CFLAGS += -D_SVID_GETTOD
-
-include $(CORE_DEPTH)/coreconf/SunOS5.mk
-
-ifeq ($(OS_RELEASE),5.5)
- OS_DEFINES += -DSOLARIS2_5
-endif
diff --git a/security/coreconf/SunOS5.6.mk b/security/coreconf/SunOS5.6.mk
deleted file mode 100644
index 774d2b7a6..000000000
--- a/security/coreconf/SunOS5.6.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for SunOS5.6
-#
-
-SOL_CFLAGS += -D_SVID_GETTOD
-
-include $(CORE_DEPTH)/coreconf/SunOS5.mk
-
-ifeq ($(OS_RELEASE),5.6)
- OS_DEFINES += -DSOLARIS2_6
-endif
-
-OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
diff --git a/security/coreconf/SunOS5.6_i86pc.mk b/security/coreconf/SunOS5.6_i86pc.mk
deleted file mode 100644
index 286ff3505..000000000
--- a/security/coreconf/SunOS5.6_i86pc.mk
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for Solaris 2.6 on x86
-#
-
-SOL_CFLAGS = -D_SVID_GETTOD
-
-include $(CORE_DEPTH)/coreconf/SunOS5.mk
-
-CPU_ARCH = x86
-OS_DEFINES += -Di386
-
-ifeq ($(OS_RELEASE),5.6_i86pc)
- OS_DEFINES += -DSOLARIS2_6
-endif
diff --git a/security/coreconf/SunOS5.7.mk b/security/coreconf/SunOS5.7.mk
deleted file mode 100644
index dd676e2a9..000000000
--- a/security/coreconf/SunOS5.7.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for SunOS5.7
-#
-
-SOL_CFLAGS += -D_SVID_GETTOD
-
-include $(CORE_DEPTH)/coreconf/SunOS5.mk
-
-ifeq ($(OS_RELEASE),5.7)
- OS_DEFINES += -DSOLARIS2_7
-endif
-
-OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
diff --git a/security/coreconf/SunOS5.8.mk b/security/coreconf/SunOS5.8.mk
deleted file mode 100644
index 95fc01090..000000000
--- a/security/coreconf/SunOS5.8.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for SunOS5.8
-#
-
-SOL_CFLAGS += -D_SVID_GETTOD
-
-include $(CORE_DEPTH)/coreconf/SunOS5.mk
-
-ifeq ($(OS_RELEASE),5.8)
- OS_DEFINES += -DSOLARIS2_8
-endif
-
-OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
diff --git a/security/coreconf/SunOS5.mk b/security/coreconf/SunOS5.mk
deleted file mode 100644
index 388679d1c..000000000
--- a/security/coreconf/SunOS5.mk
+++ /dev/null
@@ -1,133 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Config stuff for SunOS5.x
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-ifeq ($(USE_64), 1)
- ARCHFLAG=-xarch=v9
- LD=/usr/ccs/bin/ld
-else
- ARCHFLAG=-xarch=v8
-endif
-
-#
-# Temporary define for the Client; to be removed when binary release is used
-#
-ifdef MOZILLA_CLIENT
- LOCAL_THREADS_ONLY = 1
- ifndef NS_USE_NATIVE
- NS_USE_GCC = 1
- endif
-endif
-
-#
-# The default implementation strategy for Solaris is classic nspr.
-#
-ifeq ($(USE_PTHREADS),1)
- IMPL_STRATEGY = _PTH
-else
- ifeq ($(LOCAL_THREADS_ONLY),1)
- IMPL_STRATEGY = _LOCAL
- DEFINES += -D_PR_LOCAL_THREADS_ONLY
- else
- DEFINES += -D_PR_GLOBAL_THREADS_ONLY
- endif
-endif
-
-#
-# Temporary define for the Client; to be removed when binary release is used
-#
-ifdef MOZILLA_CLIENT
- IMPL_STRATEGY =
-endif
-
-DEFAULT_COMPILER = cc
-
-ifdef NS_USE_GCC
- CC = gcc
- OS_CFLAGS += -Wall -Wno-format
- CCC = g++
- CCC += -Wall -Wno-format
- ASFLAGS += -x assembler-with-cpp
- ifdef NO_MDUPDATE
- OS_CFLAGS += $(NOMD_OS_CFLAGS)
- else
- OS_CFLAGS += $(NOMD_OS_CFLAGS) -MDupdate $(DEPENDENCIES)
- endif
-else
- CC = cc
- CCC = CC
- ASFLAGS += -Wa,-P
- OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG)
- ifndef BUILD_OPT
- OS_CFLAGS += -xs
-# else
-# OPTIMIZER += -fast
- endif
-
-endif
-
-INCLUDES += -I/usr/dt/include -I/usr/openwin/include
-
-RANLIB = echo
-CPU_ARCH = sparc
-OS_DEFINES += -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS
-
-ifneq ($(LOCAL_THREADS_ONLY),1)
- OS_DEFINES += -D_REENTRANT
-endif
-
-# Purify doesn't like -MDupdate
-NOMD_OS_CFLAGS += $(DSO_CFLAGS) $(OS_DEFINES) $(SOL_CFLAGS)
-
-MKSHLIB = $(LD)
-MKSHLIB += $(DSO_LDOPTS)
-
-# ld options:
-# -G: produce a shared object
-# -z defs: no unresolved symbols allowed
-DSO_LDOPTS += -G
-
-# -KPIC generates position independent code for use in shared libraries.
-# (Similarly for -fPIC in case of gcc.)
-ifdef NS_USE_GCC
- DSO_CFLAGS += -fPIC
-else
- DSO_CFLAGS += -KPIC
-endif
-
-HAVE_PURIFY = 1
-NOSUCHFILE = /solaris-rm-f-sucks
-
diff --git a/security/coreconf/UNIX.mk b/security/coreconf/UNIX.mk
deleted file mode 100644
index cbeac85fd..000000000
--- a/security/coreconf/UNIX.mk
+++ /dev/null
@@ -1,87 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-XP_DEFINE += -DXP_UNIX
-LIB_SUFFIX = a
-DLL_SUFFIX = so
-AR = ar
-AR += cr $@
-LDOPTS += -L$(SOURCE_LIB_DIR)
-
-ifdef BUILD_OPT
- OPTIMIZER += -O
- DEFINES += -UDEBUG -DNDEBUG
-else
- OPTIMIZER += -g
- DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(shell whoami)
-endif
-
-NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall
-NSINSTALL = $(NSINSTALL_DIR)/$(OBJDIR_NAME)/nsinstall
-
-MKDEPEND_DIR = $(CORE_DEPTH)/coreconf/mkdepend
-MKDEPEND = $(MKDEPEND_DIR)/$(OBJDIR_NAME)/mkdepend
-MKDEPENDENCIES = $(OBJDIR_NAME)/depend.mk
-
-####################################################################
-#
-# One can define the makefile variable NSDISTMODE to control
-# how files are published to the 'dist' directory. If not
-# defined, the default is "install using relative symbolic
-# links". The two possible values are "copy", which copies files
-# but preserves source mtime, and "absolute_symlink", which
-# installs using absolute symbolic links. The "absolute_symlink"
-# option requires NFSPWD.
-# - THIS IS NOT PART OF THE NEW BINARY RELEASE PLAN for 9/30/97
-# - WE'RE KEEPING IT ONLY FOR BACKWARDS COMPATIBILITY
-####################################################################
-
-ifeq ($(NSDISTMODE),copy)
- # copy files, but preserve source mtime
- INSTALL = $(NSINSTALL)
- INSTALL += -t
-else
- ifeq ($(NSDISTMODE),absolute_symlink)
- # install using absolute symbolic links
- INSTALL = $(NSINSTALL)
- INSTALL += -L `$(NFSPWD)`
- else
- # install using relative symbolic links
- INSTALL = $(NSINSTALL)
- INSTALL += -R
- endif
-endif
-
-define MAKE_OBJDIR
-if test ! -d $(@D); then rm -rf $(@D); $(NSINSTALL) -D $(@D); fi
-endef
diff --git a/security/coreconf/UNIXWARE2.1.mk b/security/coreconf/UNIXWARE2.1.mk
deleted file mode 100644
index b9bd69900..000000000
--- a/security/coreconf/UNIXWARE2.1.mk
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Config stuff for SCO Unixware 2.1
-#
-
-include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-DEFAULT_COMPILER = $(CORE_DEPTH)/build/hcc
-
-CC = $(CORE_DEPTH)/build/hcc
-CCC = $(CORE_DEPTH)/build/hcpp
-RANLIB = true
-OS_CFLAGS = -KPIC -DSVR4 -DSYSV -DUNIXWARE
-MKSHLIB = $(LD)
-MKSHLIB += $(DSO_LDOPTS)
-DSO_LDOPTS += -G
-CPU_ARCH = x86
-ARCH = sco
-NOSUCHFILE = /solaris-rm-f-sucks
diff --git a/security/coreconf/WIN16.mk b/security/coreconf/WIN16.mk
deleted file mode 100644
index 68832d21c..000000000
--- a/security/coreconf/WIN16.mk
+++ /dev/null
@@ -1,117 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# win16_3.11.mk -- Make configuration for Win16
-#
-# This file configures gmake to build the Win16 variant of
-# NSPR 2.0. This file has the function of two files commonly
-# used on other platforms, for example: winnt.mk and
-# winnt4.0.mk. ... The packaging is easier and there is only
-# one variant of the Win16 target.
-#
-# Win16 is built using the Watcom C/C++ version 11.0
-# compiler. You gotta set up the compiler first.
-# The Watcom compiler depends on a few environment
-# variables; these environment variables define where the
-# compiler components are installed; they must be set before
-# running the make.
-#
-# Notes:
-# OS_CFLAGS is the command line options for the compiler when
-# building the .DLL object files.
-# OS_EXE_CFLAGS is the command line options for the compiler
-# when building the .EXE object files; this is for the test
-# programs.
-# the macro OS_CFLAGS is set to OS_EXE_CFLAGS inside of the
-# makefile for the pr/tests directory. ... Hack.
-#
-#
-#
-#
-
-# -- configuration -----------------------------------------
-
-DEFAULT_COMPILER = wcc
-
-CC = wcc
-CCC = wcl
-LINK = wlink
-AR = wlib
-AR += -q $@
-RC = wrc.exe
-RC += /r /dWIN16=1 /bt=windows
-RANLIB = echo
-BSDECHO = echo
-NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall
-NSINSTALL = nsinstall
-INSTALL = $(NSINSTALL)
-MAKE_OBJDIR = mkdir
-MAKE_OBJDIR += $(OBJDIR)
-XP_DEFINE += -DXP_PC
-LIB_SUFFIX = lib
-DLL_SUFFIX = dll
-
-ifdef BUILD_OPT
- OPTIMIZER = -oneatx -oh -oi -ei -3 -fpi87 -fp3
-else
- OPTIMIZER += -d2 -hc -DDEBUG
-# OPTIMIZER += -d2 -hw -DDEBUG
-# LDFLAGS += -DEBUG -DEBUGTYPE:CV
-endif
-
-#
-# $(CPU_ARCH) has been commented out so that its contents
-# are not added to the WIN16_?.OBJ names thus expanding
-# them beyond the 8.3 character limit for this platform.
-#
-#CPU_ARCH = x386
-#
-# added "-s" to avoid dependency on watcom's libs (e.g. on _STK)
-# added "-zt3" for compatibility with MSVC's "/Gt3" option
-#
-OS_CFLAGS += -ml -3 -bd -zc -zu -bt=windows -s -zt3 -d_X86_ -dWIN16 -d_WINDLL
-#OS_EXE_CFLAGS += -ml -3 -bt=windows -d_X86_ -dWIN16
-OS_LIB_FLAGS = -c -iro
-
-# Name of the binary code directories
-OS_DLL_OPTION = CASEEXACT
-OS_DLLFLAGS =
-OS_LIBS =
-W16_EXPORTS = #
-
-#
-# The following is NOT needed for the NSPR 2.0 library.
-#
-
-OS_CFLAGS += -d_WINDOWS -d_MSC_VER=700
diff --git a/security/coreconf/WIN32.mk b/security/coreconf/WIN32.mk
deleted file mode 100644
index 61563e49a..000000000
--- a/security/coreconf/WIN32.mk
+++ /dev/null
@@ -1,100 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Configuration common to all versions of Windows NT
-# and Windows 95
-#
-
-DEFAULT_COMPILER = cl
-
-CC = cl
-CCC = cl
-LINK = link
-AR = lib
-AR += -NOLOGO -OUT:"$@"
-RANLIB = echo
-BSDECHO = echo
-
-NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall
-NSINSTALL = nsinstall
-
-MKDEPEND_DIR = $(CORE_DEPTH)/coreconf/mkdepend
-MKDEPEND = $(MKDEPEND_DIR)/$(OBJDIR_NAME)/mkdepend.exe
-# Note: MKDEPENDENCIES __MUST__ be a relative pathname, not absolute.
-# If it is absolute, gmake will crash unless the named file exists.
-MKDEPENDENCIES = $(OBJDIR_NAME)/depend.mk
-
-INSTALL = $(NSINSTALL)
-MAKE_OBJDIR = mkdir
-MAKE_OBJDIR += $(OBJDIR)
-RC = rc.exe
-GARBAGE += $(OBJDIR)/vc20.pdb $(OBJDIR)/vc40.pdb
-XP_DEFINE += -DXP_PC
-LIB_SUFFIX = lib
-DLL_SUFFIX = dll
-
-ifdef BUILD_OPT
- OS_CFLAGS += -MD
- OPTIMIZER += -O2
- DEFINES += -UDEBUG -U_DEBUG -DNDEBUG
- DLLFLAGS += -OUT:"$@"
-else
- #
- # Define USE_DEBUG_RTL if you want to use the debug runtime library
- # (RTL) in the debug build
- #
- ifdef USE_DEBUG_RTL
- OS_CFLAGS += -MDd
- else
- OS_CFLAGS += -MD
- endif
- OPTIMIZER += -Od -Z7
- #OPTIMIZER += -Zi -Fd$(OBJDIR)/ -Od
- DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME)
- DLLFLAGS += -DEBUG -DEBUGTYPE:CV -OUT:"$@"
- LDFLAGS += -DEBUG -DEBUGTYPE:CV
-endif
-
-DEFINES += -DWIN32
-
-#
-# The following is NOT needed for the NSPR 2.0 library.
-#
-
-DEFINES += -D_WINDOWS
-
-# override default, which is ASFLAGS = CFLAGS
-AS = ml.exe
-ASFLAGS = -Cp -Sn -Zi -coff $(INCLUDES)
-
diff --git a/security/coreconf/WIN954.0.mk b/security/coreconf/WIN954.0.mk
deleted file mode 100644
index 68b3b7e4f..000000000
--- a/security/coreconf/WIN954.0.mk
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Config stuff for WIN95
-#
-# This makefile defines the following variables:
-# CPU_ARCH, OS_CFLAGS, and OS_DLLFLAGS.
-# PROCESSOR is an internal variable.
-
-include $(CORE_DEPTH)/coreconf/WIN32.mk
-
-PROCESSOR := $(shell uname -p)
-ifeq ($(PROCESSOR), I386)
- CPU_ARCH = x386
- OS_CFLAGS += -W3 -nologo -D_X86_
-else
- ifeq ($(PROCESSOR), MIPS)
- CPU_ARCH = MIPS
- #OS_CFLAGS += -W3 -nologo -D_MIPS_
- OS_CFLAGS += -W3 -nologo
- else
- ifeq ($(PROCESSOR), ALPHA)
- CPU_ARCH = ALPHA
- OS_CFLAGS += -W3 -nologo -D_ALPHA_=1
- else
- CPU_ARCH = processor_is_undefined
- endif
- endif
-endif
-
-OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS -PDB:NONE
-DEFINES += -DWIN95
diff --git a/security/coreconf/WINNT3.51.mk b/security/coreconf/WINNT3.51.mk
deleted file mode 100644
index 606e7a3b1..000000000
--- a/security/coreconf/WINNT3.51.mk
+++ /dev/null
@@ -1,70 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Config stuff for WINNT 3.51
-#
-# This makefile defines the following variables:
-# CPU_ARCH, OS_CFLAGS, and OS_DLLFLAGS.
-# It has the following internal variables:
-# OS_PROC_CFLAGS and OS_WIN_CFLAGS.
-
-include $(CORE_DEPTH)/coreconf/WIN32.mk
-
-PROCESSOR := $(shell uname -p)
-ifeq ($(PROCESSOR), I386)
- CPU_ARCH = x386
- OS_PROC_CFLAGS += -D_X86_
-else
- ifeq ($(PROCESSOR), MIPS)
- CPU_ARCH = MIPS
- OS_PROC_CFLAGS += -D_MIPS_
- else
- ifeq ($(PROCESSOR), ALPHA)
- CPU_ARCH = ALPHA
- OS_PROC_CFLAGS += -D_ALPHA_
- else
- CPU_ARCH = processor_is_undefined
- endif
- endif
-endif
-
-OS_WIN_CFLAGS += -W3
-OS_CFLAGS += -nologo $(OS_WIN_CFLAGS) $(OS_PROC_CFLAGS)
-#OS_DLLFLAGS += -nologo -DLL -PDB:NONE -SUBSYSTEM:WINDOWS
-OS_DLLFLAGS += -nologo -DLL -PDB:NONE -SUBSYSTEM:WINDOWS
-#
-# Win NT needs -GT so that fibers can work
-#
-OS_CFLAGS += -GT
-OS_CFLAGS += -DWINNT
diff --git a/security/coreconf/WINNT4.0.mk b/security/coreconf/WINNT4.0.mk
deleted file mode 100644
index 204b790a8..000000000
--- a/security/coreconf/WINNT4.0.mk
+++ /dev/null
@@ -1,69 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Config stuff for WINNT 4.0
-#
-# This makefile defines the following variables:
-# CPU_ARCH, OS_CFLAGS, and OS_DLLFLAGS.
-# PROCESSOR is an internal variable.
-
-include $(CORE_DEPTH)/coreconf/WIN32.mk
-
-PROCESSOR := $(shell uname -p)
-ifeq ($(PROCESSOR), I386)
- CPU_ARCH = x386
- OS_CFLAGS += -W3 -nologo -D_X86_
-else
- ifeq ($(PROCESSOR), MIPS)
- CPU_ARCH = MIPS
- #OS_CFLAGS += -W3 -nologo -D_MIPS_
- OS_CFLAGS += -W3 -nologo
- else
- ifeq ($(PROCESSOR), ALPHA)
- CPU_ARCH = ALPHA
- OS_CFLAGS += -W3 -nologo -D_ALPHA_=1
- else
- CPU_ARCH = processor_is_undefined
- endif
- endif
-endif
-
-OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS -PDB:NONE
-#
-# Win NT needs -GT so that fibers can work
-#
-OS_CFLAGS += -GT
-OS_CFLAGS += -DWINNT
-
-NSPR31_LIB_PREFIX = lib
diff --git a/security/coreconf/arch.mk b/security/coreconf/arch.mk
deleted file mode 100644
index 691acb856..000000000
--- a/security/coreconf/arch.mk
+++ /dev/null
@@ -1,292 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Master "Core Components" macros for getting the OS architecture #
-#######################################################################
-
-#
-# Macros for getting the OS architecture
-#
-
-ifeq ($(USE_64), 1)
- 64BIT_TAG=_64
-else
- 64BIT_TAG=
-endif
-
-OS_ARCH := $(subst /,_,$(shell uname -s))
-
-#
-# Attempt to differentiate between sparc and x86 Solaris
-#
-
-OS_TEST := $(shell uname -m)
-ifeq ($(OS_TEST),i86pc)
- OS_RELEASE := $(shell uname -r)_$(OS_TEST)
-else
- OS_RELEASE := $(shell uname -r)
-endif
-
-#
-# Force the IRIX64 machines to use IRIX.
-#
-
-ifeq ($(OS_ARCH),IRIX64)
- OS_ARCH = IRIX
-endif
-
-#
-# Force the newer BSDI versions to use the old arch name.
-#
-
-ifeq ($(OS_ARCH),BSD_OS)
- OS_ARCH = BSD_386
-endif
-
-#
-# Catch Deterim if SVR4 is NCR or UNIXWARE
-#
-
-ifeq ($(OS_ARCH),UNIX_SV)
- ifneq ($(findstring NCR, $(shell grep NCR /etc/bcheckrc | head -1 )),)
- OS_ARCH = NCR
- else
- # Make UnixWare something human readable
- OS_ARCH = UNIXWARE
- endif
-
- # Get the OS release number, not 4.2
- OS_RELEASE := $(shell uname -v)
-endif
-
-ifeq ($(OS_ARCH),UNIX_System_V)
- OS_ARCH = NEC
-endif
-
-ifeq ($(OS_ARCH),AIX)
- OS_RELEASE := $(shell uname -v).$(shell uname -r)
-endif
-
-#
-# Distinguish between OSF1 V4.0B and V4.0D
-#
-
-ifeq ($(OS_ARCH)$(OS_RELEASE),OSF1V4.0)
- OS_VERSION := $(shell uname -v)
- ifeq ($(OS_VERSION),564)
- OS_RELEASE := V4.0B
- endif
- ifeq ($(OS_VERSION),878)
- OS_RELEASE := V4.0D
- endif
-endif
-
-#
-# SINIX changes name to ReliantUNIX with 5.43
-#
-
-ifeq ($(OS_ARCH),ReliantUNIX-N)
- OS_ARCH = ReliantUNIX
- OS_RELEASE = 5.4
-endif
-
-ifeq ($(OS_ARCH),SINIX-N)
- OS_ARCH = ReliantUNIX
- OS_RELEASE = 5.4
-endif
-
-#
-# Handle FreeBSD 2.2-STABLE and Linux 2.0.30-osfmach3
-#
-
-ifeq (,$(filter-out Linux FreeBSD,$(OS_ARCH)))
-OS_RELEASE := $(shell echo $(OS_RELEASE) | sed 's/-.*//')
-endif
-
-ifeq ($(OS_ARCH),Linux)
- OS_RELEASE := $(basename $(OS_RELEASE))
-endif
-
-#######################################################################
-# Master "Core Components" macros for getting the OS target #
-#######################################################################
-
-#
-# Note: OS_TARGET should be specified on the command line for gmake.
-# When OS_TARGET=WIN95 is specified, then a Windows 95 target is built.
-# The difference between the Win95 target and the WinNT target is that
-# the WinNT target uses Windows NT specific features not available
-# in Windows 95. The Win95 target will run on Windows NT, but (supposedly)
-# at lesser performance (the Win95 target uses threads; the WinNT target
-# uses fibers).
-#
-# When OS_TARGET=WIN16 is specified, then a Windows 3.11 (16bit) target
-# is built. See: win16_3.11.mk for lots more about the Win16 target.
-#
-# If OS_TARGET is not specified, it defaults to $(OS_ARCH), i.e., no
-# cross-compilation.
-#
-
-#
-# The following hack allows one to build on a WIN95 machine (as if
-# s/he were cross-compiling on a WINNT host for a WIN95 target).
-# It also accomodates for MKS's uname.exe. If you never intend
-# to do development on a WIN95 machine, you don't need this. It doesn't
-# work any more anyway.
-#
-ifeq ($(OS_ARCH),WIN95)
- OS_ARCH = WINNT
- OS_TARGET = WIN95
-endif
-ifeq ($(OS_ARCH),Windows_95)
- OS_ARCH = Windows_NT
- OS_TARGET = WIN95
-endif
-
-#
-# On WIN32, we also define the variable CPU_ARCH.
-#
-
-ifeq ($(OS_ARCH), WINNT)
- CPU_ARCH := $(shell uname -p)
- ifeq ($(CPU_ARCH),I386)
- CPU_ARCH = x386
- endif
-else
-#
-# If uname -s returns "Windows_NT", we assume that we are using
-# the uname.exe in MKS toolkit.
-#
-# The -r option of MKS uname only returns the major version number.
-# So we need to use its -v option to get the minor version number.
-# Moreover, it doesn't have the -p option, so we need to use uname -m.
-#
-ifeq ($(OS_ARCH), Windows_NT)
- OS_ARCH = WINNT
- OS_MINOR_RELEASE := $(shell uname -v)
- ifeq ($(OS_MINOR_RELEASE),00)
- OS_MINOR_RELEASE = 0
- endif
- OS_RELEASE = $(OS_RELEASE).$(OS_MINOR_RELEASE)
- CPU_ARCH := $(shell uname -m)
- #
- # MKS's uname -m returns "586" on a Pentium machine.
- #
- ifneq (,$(findstring 86,$(CPU_ARCH)))
- CPU_ARCH = x386
- endif
-endif
-endif
-
-ifndef OS_TARGET
- OS_TARGET = $(OS_ARCH)
-endif
-
-ifeq ($(OS_TARGET), WIN95)
- OS_RELEASE = 4.0
-endif
-
-ifeq ($(OS_TARGET), WIN16)
- OS_RELEASE =
-# OS_RELEASE = _3.11
-endif
-
-#
-# This variable is used to get OS_CONFIG.mk.
-#
-
-OS_CONFIG = $(OS_TARGET)$(OS_RELEASE)
-
-#
-# OBJDIR_TAG depends on the predefined variable BUILD_OPT,
-# to distinguish between debug and release builds.
-#
-
-ifdef BUILD_OPT
- ifeq ($(OS_TARGET),WIN16)
- OBJDIR_TAG = _O
- else
- OBJDIR_TAG = $(64BIT_TAG)_OPT
- endif
-else
- ifdef BUILD_IDG
- ifeq ($(OS_TARGET),WIN16)
- OBJDIR_TAG = _I
- else
- OBJDIR_TAG = $(64BIT_TAG)_IDG
- endif
- else
- ifeq ($(OS_TARGET),WIN16)
- OBJDIR_TAG = _D
- else
- OBJDIR_TAG = $(64BIT_TAG)_DBG
- endif
- endif
-endif
-
-#
-# The following flags are defined in the individual $(OS_CONFIG).mk
-# files.
-#
-# CPU_TAG is defined if the CPU is not the most common CPU.
-# COMPILER_TAG is defined if the compiler is not the native compiler.
-# IMPL_STRATEGY may be defined too.
-#
-
-# Name of the binary code directories
-ifeq ($(OS_ARCH), WINNT)
- ifeq ($(CPU_ARCH),x386)
- OBJDIR_NAME = $(OS_CONFIG)$(OBJDIR_TAG).OBJ
- else
- OBJDIR_NAME = $(OS_CONFIG)$(CPU_ARCH)$(OBJDIR_TAG).OBJ
- endif
-else
-endif
-
-OBJDIR_NAME = $(OS_CONFIG)$(CPU_TAG)$(COMPILER_TAG)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJ
-
-ifeq ($(OS_ARCH), WINNT)
-ifneq ($(OS_TARGET),WIN16)
-ifndef BUILD_OPT
-#
-# Define USE_DEBUG_RTL if you want to use the debug runtime library
-# (RTL) in the debug build
-#
-ifdef USE_DEBUG_RTL
- OBJDIR_NAME = $(OS_CONFIG)$(CPU_TAG)$(COMPILER_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJD
-endif
-endif
-endif
-endif
-
diff --git a/security/coreconf/command.mk b/security/coreconf/command.mk
deleted file mode 100644
index 488161461..000000000
--- a/security/coreconf/command.mk
+++ /dev/null
@@ -1,55 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Master "Core Components" default command macros; #
-# can be overridden in <arch>.mk #
-#######################################################################
-
-AS = $(CC)
-ASFLAGS += $(CFLAGS)
-CCF = $(CC) $(CFLAGS)
-PURIFY = purify $(PURIFYOPTIONS)
-LINK_DLL = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS)
-LINK_EXE = $(LINK) $(OS_LFLAGS) $(LFLAGS)
-NFSPWD = $(NSINSTALL_DIR)/nfspwd
-CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \
- $(XCFLAGS)
-RANLIB = echo
-TAR = /bin/tar
-#
-# For purify
-#
-NOMD_CFLAGS += $(OPTIMIZER) $(NOMD_OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \
- $(XCFLAGS)
-
diff --git a/security/coreconf/config.mk b/security/coreconf/config.mk
deleted file mode 100644
index 20a7dc126..000000000
--- a/security/coreconf/config.mk
+++ /dev/null
@@ -1,142 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# Configuration information for building in the "Core Components" source module
-#
-
-#######################################################################
-# [1.0] Master "Core Components" source and release <architecture> #
-# tags #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/arch.mk
-
-#######################################################################
-# [2.0] Master "Core Components" default command macros #
-# (NOTE: may be overridden in $(OS_CONFIG).mk) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/command.mk
-
-#######################################################################
-# [3.0] Master "Core Components" <architecture>-specific macros #
-# (dependent upon <architecture> tags) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/$(OS_CONFIG).mk
-
-#######################################################################
-# [4.0] Master "Core Components" source and release <platform> tags #
-# (dependent upon <architecture> tags) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/platform.mk
-
-#######################################################################
-# [5.0] Master "Core Components" release <tree> tags #
-# (dependent upon <architecture> tags) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/tree.mk
-
-#######################################################################
-# [6.0] Master "Core Components" source and release <component> tags #
-# NOTE: A component is also called a module or a subsystem. #
-# (dependent upon $(MODULE) being defined on the #
-# command line, as an environment variable, or in individual #
-# makefiles, or more appropriately, manifest.mn) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/module.mk
-
-#######################################################################
-# [7.0] Master "Core Components" release <version> tags #
-# (dependent upon $(MODULE) being defined on the #
-# command line, as an environment variable, or in individual #
-# makefiles, or more appropriately, manifest.mn) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/version.mk
-
-#######################################################################
-# [8.0] Master "Core Components" macros to figure out #
-# binary code location #
-# (dependent upon <platform> tags) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/location.mk
-
-#######################################################################
-# [9.0] Master "Core Components" <component>-specific source path #
-# (dependent upon <user_source_tree>, <source_component>, #
-# <version>, and <platform> tags) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/source.mk
-
-#######################################################################
-# [10.0] Master "Core Components" include switch for support header #
-# files #
-# (dependent upon <tree>, <component>, <version>, #
-# and <platform> tags) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/headers.mk
-
-#######################################################################
-# [11.0] Master "Core Components" for computing program prefixes #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/prefix.mk
-
-#######################################################################
-# [12.0] Master "Core Components" for computing program suffixes #
-# (dependent upon <architecture> tags) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/suffix.mk
-
-#######################################################################
-# [13.0] Master "Core Components" for defining JDK #
-# (dependent upon <architecture>, <source>, and <suffix> tags)#
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/jdk.mk
-
-#######################################################################
-# [14.0] Master "Core Components" rule set #
-# (should always be the last file included by config.mk) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/ruleset.mk
--include $(MKDEPENDENCIES)
-
diff --git a/security/coreconf/coreconf.pl b/security/coreconf/coreconf.pl
deleted file mode 100644
index 8471b0ead..000000000
--- a/security/coreconf/coreconf.pl
+++ /dev/null
@@ -1,156 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-sub recursive_copy {
- local($fromdir);
- local($todir);
- local(@dirlist);
- $fromdir = shift;
- $todir = shift;
-
- print STDERR "recursive copy called with $fromdir, $todir\n";
-
-#remove any trailing slashes.
- $fromdir =~ s/\/$//;
- $todir =~ s/\/$//;
-
- opendir(DIR, $fromdir);
- @dirlist = readdir DIR;
- close DIR;
-
-
- foreach $file (@dirlist) {
- if (! (($file eq "." ) || ($file eq "..") )) {
-
- if (-d "$fromdir/$file") {
- print STDERR "handling directory $todir/$file\n";
- &rec_mkdir("$todir/$file");
- &recursive_copy("$fromdir/$file","$todir/$file");
- }
- else {
- print STDERR "handling file $fromdir/$file\n";
- &my_copy("$fromdir/$file","$todir/$file");
- }
- }
- }
-}
-
-sub parse_argv {
-
-# print STDERR "Parsing Variables\n";
-
- foreach $q ( @ARGV ) {
- if (! ($q =~ /=/)) {
- $var{$lastassigned} .= " $q";
- }
- else {
- $q =~ /^([^=]*)=(.*)/;
- $left = $1;
- $right = $2;
-
- $right =~ s/ *$//;
- $var{$left} = $right;
-
- $lastassigned = $left;
-
- }
- print STDERR "Assigned $lastassigned = $var{$lastassigned}\n";
- }
-}
-
-
-# usage: &my_copy("dir/fromfile","dir2/tofile");
-# do a 'copy' - files only, 'to' MUST be a filename, not a directory.
-
-# fix this to be able to use copy on win nt.
-
-sub my_copy {
- local($from);
- local($to);
- local($cpcmd);
-
- $from = shift;
- $to = shift;
-
- if ( ! defined $var{OS_ARCH}) {
- die "OS_ARCH not defined!";
- }
- else {
- if ($var{OS_ARCH} eq 'WINNT') {
- $cpcmd = 'cp';
- }
- else {
- $cpcmd = 'cp';
- }
- print STDERR "COPYING: $cpcmd $from $to\n";
- system("$cpcmd $from $to");
- }
-}
-
-
-sub old_my_copy {
- local($from);
- local($to);
-
- $from = shift;
- $to = shift;
- open(FIN, "<$from") || die("Can't read from file $from\n");
- if ( ! open(FOUT,">$to")) {
- close FIN;
- die "Can't write to file $to\n";
- }
- while (read(FIN, $buf, 100000)) {
- print FOUT $buf;
- }
- close (FIN);
- close (FOUT);
-}
-
-sub rec_mkdir {
- local($arg);
- local($t);
- local($q);
-
- $arg = shift;
- $t = "";
- foreach $q (split(/\//,$arg)) {
- $t .= $q;
- if (! ($t =~ /\.\.$/)) {
- if ($t =~ /./) {
- mkdir($t,0775);
- }
- }
- $t.= '/';
- }
-}
-
-1;
diff --git a/security/coreconf/cpdist.pl b/security/coreconf/cpdist.pl
deleted file mode 100755
index cea077990..000000000
--- a/security/coreconf/cpdist.pl
+++ /dev/null
@@ -1,195 +0,0 @@
-#! /usr/local/bin/perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-require('coreconf.pl');
-
-#######-- read in variables on command line into %var
-
-&parse_argv;
-
-### do the copy
-
-print STDERR "RELEASE TREE / MODULE = $var{RELEASE_TREE} $var{MODULE}\n";
-
-
-
-# 1
-if ($var{RELEASE} eq "") { exit; } # Can't do release here, so exit.
-
-# 2
-#if (! ($var{RELEASE} =~ /\//)) { # if no specific version is specified in RELEASE variable
-# $component = $var{RELEASE};
-#}
-#else { # if a subcomponent/version is given in the RELEASE variable
-# $var{RELEASE} =~ m|^([^/]*)/|;
-# $component = $1; # everything before the first slash;
-# }
-
-# 3
-$path = $var{RELEASE};
-
-
-# 4
-# find out what directory we would create for 'today'
-
-$year = (localtime)[5] + 1900;
-$month = (localtime)[4] + 1;
-$day = (localtime)[3];
-$today = sprintf( "%d%02d%02d", $year, $month, $day );
-
-# 5
-# if version is null, then set the version to today.
-if ($var{"RELEASE_VERSION"} eq "") {
- $var{"RELEASE_VERSION"} = $today;
-}
-
-#6
-$version = $var{"RELEASE_VERSION"}; # set RELEASE_VERSION to passed in variable
-
-#7
-# if version is today, then we will want to make a 'current' link.
-
-if ($version eq $today) {
- $create_current = 1;
-}
-
-#8
-# version can be a) passed in value from command line, b) value in manifest.mn
-# or c) computed value such as '19970909'
-
-
-$dir = "$var{'RELEASE_TREE'}/$path";
-
-#9
-if (! (-e "$dir/$version" && -d "$dir/$version")) {
- print "making dir $dir \n";
- &rec_mkdir("$dir/$version");
-}
-
-
-
-print "version = $version\n";
-print "path = $path\n";
-print "var{release_tree} = $var{'RELEASE_TREE'}\n";
-print "dir = $dir = RELEASE_TREE/path\n";
-
-
-#10
-if ($create_current == 1) {
-
-# unlinking and linking always occurs, even if the link is correct
- print "unlinking $dir/current\n";
- unlink("$dir/current");
-
- print "putting version number $today into 'current' file..";
-
- open(FILE,">$dir/current") || die " couldn't open current\n";
- print FILE "$today\n";
- close(FILE);
- print " ..done\n"
-
-}
-
-&rec_mkdir("$dir/$version/$var{'RELEASE_MD_DIR'}");
-&rec_mkdir("$dir/$version/$var{'RELEASE_XP_DIR'}");
-
-
-
-
-foreach $jarfile (split(/ /,$var{FILES}) ) {
- print STDERR "---------------------------------------------\n";
-
- $jarinfo = $var{$jarfile};
-
- ($jardir,$jaropts) = split(/\|/,$jarinfo);
-
- if ($jaropts =~ /f/) {
- print STDERR "Copying files $jardir....\n";
- }
- else {
- print STDERR "Copying jar file $jarfile....\n";
- }
-
- print "jaropts = $jaropts\n";
-
- if ($jaropts =~ /m/) {
- $destdir = $var{"RELEASE_MD_DIR"};
- print "found m, using MD dir $destdir\n";
- }
- elsif ($jaropts =~ /x/) {
- $destdir = $var{"RELEASE_XP_DIR"};
- print "found x, using XP dir $destdir\n";
- }
- else {
- die "Error: must specify m or x in jar options in $jarinfo line\n";
- }
-
-
- $distdir = "$dir/$version/$destdir";
-
-
-
- if ($jaropts =~ /f/) {
-
- print "splitting: \"$jardir\"\n";
- for $srcfile (split(/ /,$jardir)) {
-
-#if srcfile has a slash
- if ($srcfile =~ m|/|) {
-#pull out everything before the last slash into $1
- $srcfile =~ m|(.*)/|;
- $distsubdir = "/$1";
- print "making dir $distdir$distsubdir\n";
- &rec_mkdir("$distdir$distsubdir");
- }
- print "copy: from $srcfile\n";
- print " to $distdir$distsubdir\n";
- $srcprefix = "";
- if ($jaropts =~/m/) {
- $srcprefix = "$var{'PLATFORM'}/";
- }
- system("cp $srcprefix$srcfile $distdir$distsubdir");
- }
- }
- else {
- $srcfile = "$var{SOURCE_RELEASE_PREFIX}/$jardir/$jarfile";
-
- print "copy: from $srcfile\n";
- print " to $distdir\n";
-
- system("cp $srcfile $distdir");
-
- }
-
- }
-
diff --git a/security/coreconf/headers.mk b/security/coreconf/headers.mk
deleted file mode 100644
index f09d5f6ee..000000000
--- a/security/coreconf/headers.mk
+++ /dev/null
@@ -1,54 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Master "Core Components" include switch for support header files #
-#######################################################################
-
-#
-# Always append source-side machine-dependent (md) and cross-platform
-# (xp) include paths
-#
-
-INCLUDES += -I$(SOURCE_MDHEADERS_DIR)
-
-ifneq ($(OS_TARGET),WIN16)
-INCLUDES += -I$(SOURCE_XPHEADERS_DIR)
-endif
-
-#
-# Only append source-side private cross-platform include paths for
-# sectools
-#
-
-INCLUDES += -I$(SOURCE_XPPRIVATE_DIR)
diff --git a/security/coreconf/import.pl b/security/coreconf/import.pl
deleted file mode 100755
index 0bba3c820..000000000
--- a/security/coreconf/import.pl
+++ /dev/null
@@ -1,218 +0,0 @@
-#! /usr/local/bin/perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-print STDERR "import.pl\n";
-
-require('coreconf.pl');
-
-
-$returncode =0;
-
-
-#######-- read in variables on command line into %var
-
-$var{ZIP} = "zip";
-$var{UNZIP} = "unzip -o";
-
-&parse_argv;
-
-if (! ($var{IMPORTS} =~ /\w/)) {
- print STDERR "nothing to import\n";
-}
-
-######-- Do the import!
-
-foreach $import (split(/ /,$var{IMPORTS}) ) {
-
- print STDERR "\n\nIMPORTING .... $import\n-----------------------------\n";
-
-
-# if a specific version specified in IMPORT variable
-# (if $import has a slash in it)
-
- if ($import =~ /\//) {
- # $component=everything before the first slash of $import
-
- $import =~ m|^([^/]*)/|;
- $component = $1;
-
- $import =~ m|^(.*)/([^/]*)$|;
-
- # $path=everything before the last slash of $import
- $path = $1;
-
- # $version=everything after the last slash of $import
- $version = $2;
-
- if ($var{VERSION} ne "current") {
- $version = $var{VERSION};
- }
- }
- else {
- $component = $import;
- $path = $import;
- $version = $var{VERSION};
- }
-
- $releasejardir = "$var{RELEASE_TREE}/$path";
- if ($version eq "current") {
- print STDERR "Current version specified. Reading 'current' file ... \n";
-
- open(CURRENT,"$releasejardir/current") || die "NO CURRENT FILE\n";
- $version = <CURRENT>;
- $version =~ s/(\r?\n)*$//; # remove any trailing [CR/]LF's
- close(CURRENT);
- print STDERR "Using version $version\n";
- if ( $version eq "") {
- die "Current version file empty. Stopping\n";
- }
- }
-
- $releasejardir = "$releasejardir/$version";
- if ( ! -d $releasejardir) {
- die "$releasejardir doesn't exist (Invalid Version?)\n";
- }
- foreach $jarfile (split(/ /,$var{FILES})) {
-
- ($relpath,$distpath,$options) = split(/\|/, $var{$jarfile});
-
- if ($var{'OVERRIDE_IMPORT_CHECK'} eq 'YES') {
- $options =~ s/v//g;
- }
-
- if ( $relpath ne "") { $releasejarpathname = "$releasejardir/$relpath";}
- else { $releasejarpathname = $releasejardir; }
-
-# If a component doesn't have IDG versions, import the DBG ones
- if( ! -e "$releasejarpathname/$jarfile" ) {
- if( $relpath =~ /IDG\.OBJ$/ ) {
- $relpath =~ s/IDG.OBJ/DBG.OBJ/;
- $releasejarpathname = "$releasejardir/$relpath";
- } elsif( $relpath =~ /IDG\.OBJD$/ ) {
- $relpath =~ s/IDG.OBJD/DBG.OBJD/;
- $releasejarpathname = "$releasejardir/$relpath";
- }
- }
-
- if (-e "$releasejarpathname/$jarfile") {
- print STDERR "\nWorking on jarfile: $jarfile\n";
-
- if ($distpath =~ m|/$|) {
- $distpathname = "$distpath$component";
- }
- else {
- $distpathname = "$distpath";
- }
-
-
-#the block below is used to determine whether or not the xp headers have
-#already been imported for this component
-
- $doimport = 1;
- if ($options =~ /v/) { # if we should check the imported version
- print STDERR "Checking if version file exists $distpathname/version\n";
- if (-e "$distpathname/version") {
- open( VFILE, "<$distpathname/version") ||
- die "Cannot open $distpathname/version for reading. Permissions?\n";
- $importversion = <VFILE>;
- close (VFILE);
- $importversion =~ s/\r?\n$//; # Strip off any trailing CR/LF
- if ($version eq $importversion) {
- print STDERR "$distpathname version '$importversion' already imported. Skipping...\n";
- $doimport =0;
- }
- }
- }
-
- if ($doimport == 1) {
- if (! -d "$distpathname") {
- &rec_mkdir("$distpathname");
- }
- # delete the stuff in there already.
- # (this should really be recursive delete.)
-
- if ($options =~ /v/) {
- $remheader = "\nREMOVING files in '$distpathname/' :";
- opendir(DIR,"$distpathname") ||
- die ("Cannot read directory $distpathname\n");
- @filelist = readdir(DIR);
- closedir(DIR);
- foreach $file ( @filelist ) {
- if (! ($file =~ m!/.?.$!) ) {
- if (! (-d $file)) {
- $file =~ m!([^/]*)$!;
- print STDERR "$remheader $1";
- $remheader = " ";
- unlink "$distpathname/$file";
- }
- }
- }
- }
-
-
- print STDERR "\n\n";
-
- print STDERR "\nExtracting jarfile '$jarfile' to local directory $distpathname/\n";
-
- print STDERR "$var{UNZIP} $releasejarpathname/$jarfile -d $distpathname\n";
- system("$var{UNZIP} $releasejarpathname/$jarfile -d $distpathname");
-
- $r = $?;
-
- if ($options =~ /v/) {
- if ($r == 0) {
- unlink ("$distpathname/version");
- if (open(VFILE,">$distpathname/version")) {
- print VFILE "$version\n";
- close(VFILE);
- }
- }
- else {
- print STDERR "Could not create '$distpathname/version'. Permissions?\n";
- $returncode ++;
- }
- }
- } # if (doimport)
- } # if (-e releasejarpathname/jarfile)
- } # foreach jarfile)
-} # foreach IMPORT
-
-
-
-exit($returncode);
-
-
-
-
-
diff --git a/security/coreconf/jdk.mk b/security/coreconf/jdk.mk
deleted file mode 100644
index 31b402802..000000000
--- a/security/coreconf/jdk.mk
+++ /dev/null
@@ -1,652 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-ifdef NS_USE_JDK
-#######################################################################
-# [1] Define preliminary JDK "Core Components" toolset options #
-#######################################################################
-
-# set default JDK java threading model
-ifeq ($(JDK_THREADING_MODEL),)
- JDK_THREADING_MODEL = native_threads
-# no such thing as -native flag
- JDK_THREADING_MODEL_OPT =
-endif
-
-#######################################################################
-# [2] Define platform-independent JDK "Core Components" options #
-#######################################################################
-
-# set default location of the java classes repository
-ifeq ($(JAVA_DESTPATH),)
-ifdef BUILD_OPT
- JAVA_DESTPATH = $(SOURCE_CLASSES_DIR)
-else
- JAVA_DESTPATH = $(SOURCE_CLASSES_DBG_DIR)
-endif
-endif
-
-# set default location of the package under the java classes repository
-# note that this overrides the default package value in ruleset.mk
-ifeq ($(PACKAGE),)
- PACKAGE = .
-endif
-
-# set default location of the java source code repository
-ifeq ($(JAVA_SOURCEPATH),)
- JAVA_SOURCEPATH = .
-endif
-
-# add JNI directory to default include search path
-ifneq ($(JNI_GEN),)
- ifdef NSBUILDROOT
- INCLUDES += -I$(JNI_GEN_DIR) -I$(SOURCE_XP_DIR)
- else
- INCLUDES += -I$(JNI_GEN_DIR)
- endif
-endif
-
-#######################################################################
-# [3] Define platform-dependent JDK "Core Components" options #
-#######################################################################
-
-# set [Microsoft Windows] platforms
-ifeq ($(OS_ARCH), WINNT)
- # (1) specify "location" information
- ifeq ($(JAVA_HOME),)
- JAVA_HOME = //iridium/components/jdk/1.2.2_01/WINNT
- endif
-
- JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip
-
- ifeq ($(JRE_HOME),)
- JRE_HOME = $(JAVA_HOME)
- JRE_CLASSES = $(JAVA_CLASSES)
- else
- ifeq ($(JRE_CLASSES),)
- JRE_CLASSES = $(JRE_HOME)/lib/classes.zip
- endif
- endif
-
- PATH_SEPARATOR = ;
-
- # (2) specify "header" information
- JAVA_ARCH = win32
-
- INCLUDES += -I$(JAVA_HOME)/include
- INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
-
- # (3) specify "linker" information
- JAVA_CPU =
-
- JAVA_LIBDIR = lib
-
- JAVA_CLIBS =
-
- JAVA_LIBS = -LIBPATH:$(JAVA_HOME)/$(JAVA_LIBDIR) jvm.lib
- JAVA_LIBS += $(JAVA_CLIBS)
-
- LDFLAGS += $(JAVA_LIBS)
-
- # currently, disable JIT option on this platform
- JDK_JIT_OPT = -nojit
-endif
-
-# set [Sun Solaris] platforms
-ifeq ($(OS_ARCH), SunOS)
- # (1) specify "location" information
- ifeq ($(JAVA_HOME),)
- JAVA_HOME = /share/builds/components/jdk/1.2.2_01/SunOS
- endif
-
- JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip
-
- ifeq ($(JRE_HOME),)
- JRE_HOME = $(JAVA_HOME)
- JRE_CLASSES = $(JAVA_CLASSES)
- else
- ifeq ($(JRE_CLASSES),)
- JRE_CLASSES = $(JRE_HOME)/lib/classes.zip
- endif
- endif
-
- PATH_SEPARATOR = :
-
- # (2) specify "header" information
- JAVA_ARCH = solaris
-
- INCLUDES += -I$(JAVA_HOME)/include
- INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
-
- # (3) specify "linker" information
- JAVA_CPU = sparc
-
- JAVA_LIBDIR = jre/lib/$(JAVA_CPU)
-
- # ** IMPORTANT ** having -lthread before -lnspr is critical on solaris
- # when linking with -ljava as nspr redefines symbols in libthread that
- # cause JNI executables to fail with assert of bad thread stack values.
- JAVA_CLIBS = -lthread
-
- JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava
- JAVA_LIBS += $(JAVA_CLIBS)
-
- LDFLAGS += $(JAVA_LIBS)
-
- # currently, disable JIT option on this platform
- JDK_JIT_OPT =
-endif
-
-# set [Hewlett Packard HP-UX] platforms
-ifeq ($(OS_ARCH), HP-UX)
- # (1) specify "location" information (currently ONLY on "orville")
- ifeq ($(JAVA_HOME),)
- JAVA_HOME = /opt/java1.2
- endif
-
- JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip
-
- ifeq ($(JRE_HOME),)
- JRE_HOME = $(JAVA_HOME)
- JRE_CLASSES = $(JAVA_CLASSES)
- else
- ifeq ($(JRE_CLASSES),)
- JRE_CLASSES = $(JRE_HOME)/lib/classes.zip
- endif
- endif
-
- PATH_SEPARATOR = :
-
- # (2) specify "header" information
- JAVA_ARCH = hp-ux
-
- INCLUDES += -I$(JAVA_HOME)/include
- INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
-
- # (3) specify "linker" information
- JAVA_CPU = PA_RISC
-
- JAVA_LIBDIR = jre/lib/$(JAVA_CPU)
-
- JAVA_CLIBS =
-
- JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava
- JAVA_LIBS += $(JAVA_CLIBS)
-
- LDFLAGS += $(JAVA_LIBS)
-
- # no JIT option available on this platform
- JDK_JIT_OPT =
-endif
-
-# set [Redhat Linux] platforms
-ifeq ($(OS_ARCH), Linux)
- # (1) specify "location" information
- ifeq ($(JAVA_HOME),)
- JAVA_HOME = /share/builds/components/jdk/1.2.2/Linux
- endif
-
- JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip
-
- ifeq ($(JRE_HOME),)
- JRE_HOME = $(JAVA_HOME)
- JRE_CLASSES = $(JAVA_CLASSES)
- else
- ifeq ($(JRE_CLASSES),)
- JRE_CLASSES = $(JRE_HOME)/lib/classes.zip
- endif
- endif
-
- PATH_SEPARATOR = :
-
- # (2) specify "header" information
- JAVA_ARCH = linux
-
- INCLUDES += -I$(JAVA_HOME)/include
- INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
-
- # (3) specify "linker" information
- JAVA_CPU = i386
-
- JAVA_LIBDIR = jre/lib/$(JAVA_CPU)
-
- JAVA_CLIBS =
-
- JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava
- JAVA_LIBS += $(JAVA_CLIBS)
-
- LDFLAGS += $(JAVA_LIBS)
-
- # no JIT option available on this platform
- JDK_JIT_OPT =
-endif
-
-# set [IBM AIX] platforms
-ifeq ($(OS_ARCH), AIX)
- # (1) specify "location" information
- ifeq ($(JAVA_HOME),)
- JAVA_HOME = /share/builds/components/jdk/1.2.2/AIX
- endif
-
- JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip
-
- ifeq ($(JRE_HOME),)
- JRE_HOME = $(JAVA_HOME)
- JRE_CLASSES = $(JAVA_CLASSES)
- else
- ifeq ($(JRE_CLASSES),)
- JRE_CLASSES = $(JRE_HOME)/lib/classes.zip
- endif
- endif
-
- PATH_SEPARATOR = :
-
- # (2) specify "header" information
- JAVA_ARCH = aix
-
- INCLUDES += -I$(JAVA_HOME)/include
-
- # (3) specify "linker" information
- JAVA_CPU = aix
-
- JAVA_LIBDIR = jre/bin
-
- JAVA_CLIBS =
-
- JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR) -lhpi
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava
- JAVA_LIBS += $(JAVA_CLIBS)
-
- LDFLAGS += $(JAVA_LIBS)
-
- # no JIT option available on this platform
- JDK_JIT_OPT =
-endif
-
-# set [Digital UNIX] platforms
-ifeq ($(OS_ARCH), OSF1)
- # (1) specify "location" information
- ifeq ($(JAVA_HOME),)
- JAVA_HOME = /share/builds/components/jdk/1.2.2_3/OSF1
- endif
-
- JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip
-
- ifeq ($(JRE_HOME),)
- JRE_HOME = $(JAVA_HOME)
- JRE_CLASSES = $(JAVA_CLASSES)
- else
- ifeq ($(JRE_CLASSES),)
- JRE_CLASSES = $(JRE_HOME)/lib/classes.zip
- endif
- endif
-
- PATH_SEPARATOR = :
-
- # (2) specify "header" information
- JAVA_ARCH = alpha
-
- INCLUDES += -I$(JAVA_HOME)/include
- INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
-
- # (3) specify "linker" information
- JAVA_CPU = alpha
-
- JAVA_LIBDIR = jre/lib/$(JAVA_CPU)
-
- JAVA_CLIBS =
-
- JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava
- JAVA_LIBS += $(JAVA_CLIBS)
-
- LDFLAGS += $(JAVA_LIBS)
-
- # no JIT option available on this platform
- JDK_JIT_OPT =
-endif
-
-# set [Silicon Graphics IRIX] platforms
-ifeq ($(OS_ARCH), IRIX)
- # (1) specify "location" information
- ifeq ($(JAVA_HOME),)
- JAVA_HOME = /share/builds/components/jdk/1.2.1/IRIX
- endif
-
- JAVA_CLASSES = $(JAVA_HOME)/lib/dev.jar:$(JAVA_HOME)/lib/rt.jar
-
- ifeq ($(JRE_HOME),)
- JRE_HOME = $(JAVA_HOME)
- JRE_CLASSES = $(JAVA_CLASSES)
- else
- ifeq ($(JRE_CLASSES),)
- JRE_CLASSES = $(JRE_HOME)/lib/dev.jar:$(JRE_HOME)/lib/rt.jar
- endif
- endif
-
- PATH_SEPARATOR = :
-
- # (2) specify "header" information
- JAVA_ARCH = irix
-
- INCLUDES += -I$(JAVA_HOME)/include
- INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
-
- # (3) specify "-n32 linker" information
- JAVA_CPU = sgi
-
- JAVA_LIBDIR = lib32/$(JAVA_CPU)
-
- JAVA_CLIBS =
-
- JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi
- JAVA_LIBS += -lirixextra
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava
- JAVA_LIBS += $(JAVA_CLIBS)
-
- LDFLAGS += $(JAVA_LIBS)
-
- # no JIT option available on this platform
- JDK_JIT_OPT =
-endif
-
-#######################################################################
-# [4] Define remaining JDK "Core Components" default toolset options #
-#######################################################################
-
-# set JDK optimization model
-ifeq ($(BUILD_OPT),1)
- JDK_OPTIMIZER_OPT = -O
-else
- JDK_OPTIMIZER_OPT = -g
-endif
-
-# set minimal JDK debugging model
-ifeq ($(JDK_DEBUG),1)
- JDK_DEBUG_OPT = -debug
-else
- JDK_DEBUG_OPT =
-endif
-
-# set default path to repository for JDK classes
-ifeq ($(JDK_CLASS_REPOSITORY_OPT),)
- JDK_CLASS_REPOSITORY_OPT = -d $(JAVA_DESTPATH)
-endif
-
-# initialize the JDK heap size option to a default value
-ifeq ($(JDK_INIT_HEAP_OPT),)
- JDK_INIT_HEAP_OPT = -ms8m
-endif
-
-# define a default JDK classpath
-ifeq ($(JDK_CLASSPATH),)
- JDK_CLASSPATH = "$(JAVA_DESTPATH)$(PATH_SEPARATOR)$(JAVA_SOURCEPATH)$(PATH_SEPARATOR)$(JAVA_CLASSES)"
-endif
-
-# by default, override CLASSPATH environment variable using the JDK classpath option with $(JDK_CLASSPATH)
-ifeq ($(JDK_CLASSPATH_OPT),)
- JDK_CLASSPATH_OPT = -classpath $(JDK_CLASSPATH)
-endif
-
-
-endif
-
-
-ifdef NS_USE_JDK_TOOLSET
-#######################################################################
-# [5] Define JDK "Core Components" toolset; #
-# (always allow a user to override these values) #
-#######################################################################
-
-#
-# (1) appletviewer
-#
-
-ifeq ($(APPLETVIEWER),)
- APPLETVIEWER_PROG = $(JAVA_HOME)/bin/appletviewer$(PROG_SUFFIX)
- APPLETVIEWER_FLAGS = $(JDK_THREADING_MODEL_OPT)
- APPLETVIEWER_FLAGS += $(JDK_DEBUG_OPT)
- APPLETVIEWER_FLAGS += $(JDK_JIT_OPT)
- APPLETVIEWER = $(APPLETVIEWER_PROG) $(APPLETVIEWER_FLAGS)
-endif
-
-#
-# (2) jar
-#
-
-ifeq ($(JAR),)
- JAR_PROG = $(JAVA_HOME)/bin/jar$(PROG_SUFFIX)
- JAR_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JAR = $(JAR_PROG) $(JAR_FLAGS)
-endif
-
-#
-# (3) java
-#
-
-ifeq ($(JAVA),)
- JAVA_PROG = $(JAVA_HOME)/bin/java$(PROG_SUFFIX)
- JAVA_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JAVA_FLAGS += $(JDK_DEBUG_OPT)
- JAVA_FLAGS += $(JDK_CLASSPATH_OPT)
- JAVA_FLAGS += $(JDK_INIT_HEAP_OPT)
- JAVA_FLAGS += $(JDK_JIT_OPT)
- JAVA = $(JAVA_PROG) $(JAVA_FLAGS)
-endif
-
-#
-# (4) javac
-#
-
-ifeq ($(JAVAC),)
- JAVAC_PROG = $(JAVA_HOME)/bin/javac$(PROG_SUFFIX)
- JAVAC_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JAVAC_FLAGS += $(JDK_OPTIMIZER_OPT)
- JAVAC_FLAGS += $(JDK_DEBUG_OPT)
- JAVAC_FLAGS += $(JDK_CLASSPATH_OPT)
- JAVAC_FLAGS += -J$(JDK_INIT_HEAP_OPT)
- JAVAC_FLAGS += $(JDK_CLASS_REPOSITORY_OPT)
- JAVAC = $(JAVAC_PROG) $(JAVAC_FLAGS)
-endif
-
-#
-# (5) javadoc
-#
-
-ifeq ($(JAVADOC),)
- JAVADOC_PROG = $(JAVA_HOME)/bin/javadoc$(PROG_SUFFIX)
- JAVADOC_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JAVADOC_FLAGS += $(JDK_CLASSPATH_OPT)
- JAVADOC_FLAGS += -J$(JDK_INIT_HEAP_OPT)
- JAVADOC = $(JAVADOC_PROG) $(JAVADOC_FLAGS)
-endif
-
-#
-# (6) javah
-#
-
-ifeq ($(JAVAH),)
- JAVAH_PROG = $(JAVA_HOME)/bin/javah$(PROG_SUFFIX)
- JAVAH_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JAVAH_FLAGS += $(JDK_CLASSPATH_OPT)
- JAVAH = $(JAVAH_PROG) $(JAVAH_FLAGS)
-endif
-
-#
-# (7) javakey
-#
-
-ifeq ($(JAVAKEY),)
- JAVAKEY_PROG = $(JAVA_HOME)/bin/javakey$(PROG_SUFFIX)
- JAVAKEY_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JAVAKEY = $(JAVAKEY_PROG) $(JAVAKEY_FLAGS)
-endif
-
-#
-# (8) javap
-#
-
-ifeq ($(JAVAP),)
- JAVAP_PROG = $(JAVA_HOME)/bin/javap$(PROG_SUFFIX)
- JAVAP_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JAVAP_FLAGS += $(JDK_CLASSPATH_OPT)
- JAVAP_FLAGS += -J$(JDK_INIT_HEAP_OPT)
- JAVAP = $(JAVAP_PROG) $(JAVAP_FLAGS)
-endif
-
-#
-# (9) javat
-#
-
-ifeq ($(JAVAT),)
- JAVAT_PROG = $(JAVA_HOME)/bin/javat$(PROG_SUFFIX)
- JAVAT_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JAVAT = $(JAVAT_PROG) $(JAVAT_FLAGS)
-endif
-
-#
-# (10) javaverify
-#
-
-ifeq ($(JAVAVERIFY),)
- JAVAVERIFY_PROG = $(JAVA_HOME)/bin/javaverify$(PROG_SUFFIX)
- JAVAVERIFY_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JAVAVERIFY = $(JAVAVERIFY_PROG) $(JAVAVERIFY_FLAGS)
-endif
-
-#
-# (11) javaw
-#
-
-ifeq ($(JAVAW),)
- jJAVAW_PROG = $(JAVA_HOME)/bin/javaw$(PROG_SUFFIX)
- jJAVAW_FLAGS = $(JDK_THREADING_MODEL_OPT)
- jJAVAW_FLAGS += $(JDK_DEBUG_OPT)
- jJAVAW_FLAGS += $(JDK_CLASSPATH_OPT)
- jJAVAW_FLAGS += $(JDK_INIT_HEAP_OPT)
- jJAVAW_FLAGS += $(JDK_JIT_OPT)
- jJAVAW = $(JAVAW_PROG) $(JAVAW_FLAGS)
-endif
-
-#
-# (12) jdb
-#
-
-ifeq ($(JDB),)
- JDB_PROG = $(JAVA_HOME)/bin/jdb$(PROG_SUFFIX)
- JDB_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JDB_FLAGS += $(JDK_DEBUG_OPT)
- JDB_FLAGS += $(JDK_CLASSPATH_OPT)
- JDB_FLAGS += $(JDK_INIT_HEAP_OPT)
- JDB_FLAGS += $(JDK_JIT_OPT)
- JDB = $(JDB_PROG) $(JDB_FLAGS)
-endif
-
-#
-# (13) jre
-#
-
-ifeq ($(JRE),)
- JRE_PROG = $(JAVA_HOME)/bin/jre$(PROG_SUFFIX)
- JRE_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JRE_FLAGS += $(JDK_CLASSPATH_OPT)
- JRE_FLAGS += $(JDK_INIT_HEAP_OPT)
- JRE_FLAGS += $(JDK_JIT_OPT)
- JRE = $(JRE_PROG) $(JRE_FLAGS)
-endif
-
-#
-# (14) jrew
-#
-
-ifeq ($(JREW),)
- JREW_PROG = $(JAVA_HOME)/bin/jrew$(PROG_SUFFIX)
- JREW_FLAGS = $(JDK_THREADING_MODEL_OPT)
- JREW_FLAGS += $(JDK_CLASSPATH_OPT)
- JREW_FLAGS += $(JDK_INIT_HEAP_OPT)
- JREW_FLAGS += $(JDK_JIT_OPT)
- JREW = $(JREW_PROG) $(JREW_FLAGS)
-endif
-
-#
-# (15) native2ascii
-#
-
-ifeq ($(NATIVE2ASCII),)
- NATIVE2ASCII_PROG = $(JAVA_HOME)/bin/native2ascii$(PROG_SUFFIX)
- NATIVE2ASCII_FLAGS = $(JDK_THREADING_MODEL_OPT)
- NATIVE2ASCII = $(NATIVE2ASCII_PROG) $(NATIVE2ASCII_FLAGS)
-endif
-
-#
-# (16) rmic
-#
-
-ifeq ($(RMIC),)
- RMIC_PROG = $(JAVA_HOME)/bin/rmic$(PROG_SUFFIX)
- RMIC_FLAGS = $(JDK_THREADING_MODEL_OPT)
- RMIC_FLAGS += $(JDK_OPTIMIZER_OPT)
- RMIC_FLAGS += $(JDK_CLASSPATH_OPT)
- RMIC = $(RMIC_PROG) $(RMIC_FLAGS)
-endif
-
-#
-# (17) rmiregistry
-#
-
-ifeq ($(RMIREGISTRY),)
- RMIREGISTRY_PROG = $(JAVA_HOME)/bin/rmiregistry$(PROG_SUFFIX)
- RMIREGISTRY_FLAGS = $(JDK_THREADING_MODEL_OPT)
- RMIREGISTRY = $(RMIREGISTRY_PROG) $(RMIREGISTRY_FLAGS)
-endif
-
-#
-# (18) serialver
-#
-
-ifeq ($(SERIALVER),)
- SERIALVER_PROG = $(JAVA_HOME)/bin/serialver$(PROG_SUFFIX)
- SERIALVER_FLAGS = $(JDK_THREADING_MODEL_OPT)
- SERIALVER = $(SERIALVER_PROG) $(SERIALVER_FLAGS)
-endif
-
-endif
diff --git a/security/coreconf/jniregen.pl b/security/coreconf/jniregen.pl
deleted file mode 100755
index 607eaf68b..000000000
--- a/security/coreconf/jniregen.pl
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/usr/local/bin/perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-# Input: -d dir foo1 foo2 . . .
-# Compares generated "_jni/foo1.h" file with "foo1.class", and
-# generated "_jni/foo2.h" file with "foo2.class", etc.
-# (NOTE: unlike its closely related cousin, outofdate.pl,
-# the "-d dir" must always be specified)
-#
-# Returns: list of headers which are OLDER than corresponding class
-# files (non-existant class files are considered to be real old :-)
-
-$found = 1;
-
-if ($ARGV[0] eq '-d')
-{
- $classdir = $ARGV[1];
- $classdir .= "/";
- shift;
- shift;
-}
-else
-{
- print STDERR "Usage: perl ", $0, " -d dir foo1 foo2 . . .\n";
- exit -1;
-}
-
-foreach $filename (@ARGV)
-{
- $headerfilename = "_jni/";
- $headerfilename .= $filename;
- $headerfilename =~ s/\./_/g;
- $headerfilename .= ".h";
-
- $classfilename = $filename;
- $classfilename =~ s|\.|/|g;
- $classfilename .= ".class";
-
- $classfilename = $classdir . $classfilename;
-
-
- ( $dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $headermtime,
- $ctime, $blksize, $blocks ) = stat( $headerfilename );
-
- ( $dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $classmtime,
- $ctime, $blksize, $blocks ) = stat( $classfilename );
-
- if( $headermtime < $classmtime )
- {
- # NOTE: Since this is used by "javah", and "javah" refuses to overwrite
- # an existing file, we force an unlink from this script, since
- # we actually want to regenerate the header file at this time.
- unlink $headerfilename;
- print $filename, " ";
- $found = 0;
- }
-}
-
-print "\n";
-exit 0;
-
diff --git a/security/coreconf/location.mk b/security/coreconf/location.mk
deleted file mode 100644
index a0b25f74c..000000000
--- a/security/coreconf/location.mk
+++ /dev/null
@@ -1,60 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Master "Core Components" macros to figure out binary code location #
-#######################################################################
-
-#
-# Figure out where the binary code lives.
-#
-
-BUILD = $(PLATFORM)
-OBJDIR = $(PLATFORM)
-ifdef MOZILLA_SECURITY_BUILD
-DIST = $(CORE_DEPTH)/../dist/$(PLATFORM)
-else
-ifdef MOZILLA_CLIENT
-DIST = $(CORE_DEPTH)/../mozilla/dist/$(PLATFORM)
-else
-DIST = $(CORE_DEPTH)/dist/$(PLATFORM)
-endif
-endif
-VPATH = $(NSINSTALL_DIR)/$(PLATFORM)
-DEPENDENCIES = $(PLATFORM)/.md
-
-ifdef BUILD_DEBUG_GC
- DEFINES += -DDEBUG_GC
-endif
-
-GARBAGE += $(DEPENDENCIES) core $(wildcard core.[0-9]*)
diff --git a/security/coreconf/makefile.win b/security/coreconf/makefile.win
deleted file mode 100644
index c3abce76b..000000000
--- a/security/coreconf/makefile.win
+++ /dev/null
@@ -1,100 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# An NMAKE file to set up and adjust coreconf's build system for
-# Client build. Client build should invoke NMAKE on this file
-# instead of invoking gmake directly.
-#
-
-NS_DEPTH = ..
-include <$(NS_DEPTH)\config\config.mak>
-#include <$(NS_DEPTH)\config\rules.mak>
-
-#
-# Backslashes are escape characters to gmake, so flip all backslashes
-# in $(MOZ_TOOLS) to forward slashes and pass that to gmake.
-#
-
-GMAKE = $(MOZ_TOOLS)\bin\gmake.exe MOZ_TOOLS_FLIPPED=$(MOZ_TOOLS:\=/)
-
-GMAKE = $(GMAKE) PR_CLIENT_BUILD=1 PR_CLIENT_BUILD_WINDOWS=1
-
-#
-# The Client's debug build uses MSVC's debug runtime library (/MDd).
-#
-
-!ifdef MOZ_DEBUG
-GMAKE = $(GMAKE) USE_DEBUG_RTL=1
-!else
-GMAKE = $(GMAKE) BUILD_OPT=1
-!endif
-
-!if "$(MOZ_BITS)" == "16"
-GMAKE = $(GMAKE) OS_TARGET=WIN16
-!else
-
-GMAKE = $(GMAKE) OS_TARGET=WIN95
-!ifdef MOZ_DEBUG
-PR_OBJDIR = WIN954.0_DBG.OBJD
-!else
-PR_OBJDIR = WIN954.0_OPT.OBJ
-!endif
-
-!endif
-
-#
-# The rules. Simply invoke gmake with the same target
-# for Win16, use the watcom compiler with the MSVC headers and libs
-#
-
-# this rule is needed so that nmake with no explicit target will only build
-# all, and not build all the targets named below in succession!
-default:: all
-
-# a rule like this one must only be used for explicitly named targets!
-all depend export libs install clobber clobber_all clean::
-!if "$(MOZ_BITS)" == "16"
- set PATH=%WATCPATH%
- set INCLUDE=%MSVC_INC%
- set LIB=%MSVC_LIB%
-!endif
- $(GMAKE) $@
-!if "$(MOZ_BITS)" == "16"
- set PATH=%MSVCPATH%
- set INCLUDE=%MSVC_INC%
- set LIB=%MSVC_LIB%
-!endif
-
-show:
- @echo "MAKEFLAGS = $(MAKEFLAGS)"
diff --git a/security/coreconf/module.mk b/security/coreconf/module.mk
deleted file mode 100644
index 55f7f8691..000000000
--- a/security/coreconf/module.mk
+++ /dev/null
@@ -1,64 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# The master "Core Components" source and release component directory #
-# names are ALWAYS identical and are the value of $(MODULE). #
-# NOTE: A component is also called a module or a subsystem. #
-#######################################################################
-
-#
-# All "Core Components" <component>-specific source-side tags must
-# always be identified for compiling/linking purposes
-#
-
-ifndef JAVA_SOURCE_COMPONENT
- JAVA_SOURCE_COMPONENT = java
-endif
-
-ifndef NETLIB_SOURCE_COMPONENT
- NETLIB_SOURCE_COMPONENT = netlib
-endif
-
-ifndef NSPR_SOURCE_COMPONENT
- NSPR_SOURCE_COMPONENT = nspr20
-endif
-
-ifndef SECTOOLS_SOURCE_COMPONENT
- SECTOOLS_SOURCE_COMPONENT = sectools
-endif
-
-ifndef SECURITY_SOURCE_COMPONENT
- SECURITY_SOURCE_COMPONENT = security
-endif
-
diff --git a/security/coreconf/nsinstall/Makefile b/security/coreconf/nsinstall/Makefile
deleted file mode 100644
index 2175b2d87..000000000
--- a/security/coreconf/nsinstall/Makefile
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-DEPTH = ../..
-CORE_DEPTH = ../..
-
-MODULE = coreconf
-
-CSRCS = nsinstall.c pathsub.c
-
-PLSRCS = nfspwd.pl
-
-PROGRAM = nsinstall
-
-include $(DEPTH)/coreconf/config.mk
-
-ifeq ($(OS_ARCH),WINNT)
-PROGRAM =
-else
-TARGETS = $(PROGRAM) $(PLSRCS:.pl=)
-endif
-
-include $(DEPTH)/coreconf/rules.mk
-
-# Redefine MAKE_OBJDIR for just this directory
-define MAKE_OBJDIR
-if test ! -d $(@D); then rm -rf $(@D); mkdir $(@D); fi
-endef
-
diff --git a/security/coreconf/nsinstall/nfspwd b/security/coreconf/nsinstall/nfspwd
deleted file mode 100755
index 339abead3..000000000
--- a/security/coreconf/nsinstall/nfspwd
+++ /dev/null
@@ -1,46 +0,0 @@
-#! perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-require "fastcwd.pl";
-
-$_ = &fastcwd;
-if (m@^/[uh]/@o || s@^/tmp_mnt/@/@o) {
- print("$_\n");
-} elsif ((($user, $rest) = m@^/usr/people/(\w+)/(.*)@o)
- && readlink("/u/$user") eq "/usr/people/$user") {
- print("/u/$user/$rest\n");
-} else {
- chop($host = `hostname`);
- print("/h/$host$_\n");
-}
diff --git a/security/coreconf/nsinstall/nfspwd.pl b/security/coreconf/nsinstall/nfspwd.pl
deleted file mode 100644
index 339abead3..000000000
--- a/security/coreconf/nsinstall/nfspwd.pl
+++ /dev/null
@@ -1,46 +0,0 @@
-#! perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-require "fastcwd.pl";
-
-$_ = &fastcwd;
-if (m@^/[uh]/@o || s@^/tmp_mnt/@/@o) {
- print("$_\n");
-} elsif ((($user, $rest) = m@^/usr/people/(\w+)/(.*)@o)
- && readlink("/u/$user") eq "/usr/people/$user") {
- print("/u/$user/$rest\n");
-} else {
- chop($host = `hostname`);
- print("/h/$host$_\n");
-}
diff --git a/security/coreconf/nsinstall/nsinstall.c b/security/coreconf/nsinstall/nsinstall.c
deleted file mode 100644
index b404fdd73..000000000
--- a/security/coreconf/nsinstall/nsinstall.c
+++ /dev/null
@@ -1,403 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
-** Netscape portable install command.
-*/
-#include <stdio.h> /* OSF/1 requires this before grp.h, so put it first */
-#include <assert.h>
-#include <fcntl.h>
-#include <string.h>
-#if defined(_WINDOWS)
-#include <windows.h>
-typedef unsigned int mode_t;
-#else
-#include <grp.h>
-#include <pwd.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <utime.h>
-#endif
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "pathsub.h"
-
-#define HAVE_LCHOWN
-
-#if defined(AIX) || defined(BSDI) || defined(HPUX) || defined(LINUX) || defined(SUNOS4) || defined(SCO) || defined(UNIXWARE)
-#undef HAVE_LCHOWN
-#endif
-
-#ifdef LINUX
-#include <getopt.h>
-#endif
-
-#if defined(SCO) || defined(UNIXWARE) || defined(SNI) || defined(NCR) || defined(NEC)
-#if !defined(S_ISLNK) && defined(S_IFLNK)
-#define S_ISLNK(a) (((a) & S_IFMT) == S_IFLNK)
-#endif
-#endif
-
-#if defined(SNI)
-extern int fchmod(int fildes, mode_t mode);
-#endif
-
-static void
-usage(void)
-{
- fprintf(stderr,
- "usage: %s [-C cwd] [-L linkprefix] [-m mode] [-o owner] [-g group]\n"
- " %*s [-DdltR] file [file ...] directory\n",
- program, strlen(program), "");
- exit(2);
-}
-
-/* this is more-or-less equivalent to mkdir -p */
-static int
-mkdirs(char *path, mode_t mode)
-{
- char * cp;
- int rv;
- struct stat sb;
-
- if (!path || !path[0])
- fail("Null pointer or empty string passed to mkdirs()");
- while (*path == '/' && path[1] == '/')
- path++;
- while ((cp = strrchr(path, '/')) && cp[1] == '\0')
- *cp = '\0';
- if (cp && cp != path) {
- *cp = '\0';
- if ((stat(path, &sb) < 0 || !S_ISDIR(sb.st_mode)) &&
- mkdirs(path, mode) < 0) {
- return -1;
- }
- *cp = '/';
- }
- rv = mkdir(path, mode);
- if (rv) {
- if (errno != EEXIST)
- fail("mkdirs cannot make %s", path);
- fprintf(stderr, "directory creation race: %s\n", path);
- if (!stat(path, &sb) && S_ISDIR(sb.st_mode))
- rv = 0;
- }
- return rv;
-}
-
-static uid_t
-touid(char *owner)
-{
- struct passwd *pw;
- uid_t uid;
- char *cp;
-
- if (!owner || !owner[0])
- fail("Null pointer or empty string passed to touid()");
- pw = getpwnam(owner);
- if (pw)
- return pw->pw_uid;
- uid = strtol(owner, &cp, 0);
- if (uid == 0 && cp == owner)
- fail("cannot find uid for %s", owner);
- return uid;
-}
-
-static gid_t
-togid(char *group)
-{
- struct group *gr;
- gid_t gid;
- char *cp;
-
- if (!group || !group[0])
- fail("Null pointer or empty string passed to togid()");
- gr = getgrnam(group);
- if (gr)
- return gr->gr_gid;
- gid = strtol(group, &cp, 0);
- if (gid == 0 && cp == group)
- fail("cannot find gid for %s", group);
- return gid;
-}
-
-void * const uninit = (void *)0xdeadbeef;
-
-int
-main(int argc, char **argv)
-{
- char * base = uninit;
- char * bp = uninit;
- char * cp = uninit;
- char * cwd = 0;
- char * group = 0;
- char * linkname = 0;
- char * linkprefix = 0;
- char * name = uninit;
- char * owner = 0;
- char * todir = uninit;
- char * toname = uninit;
-
- int bnlen = -1;
- int cc = 0;
- int dodir = 0;
- int dolink = 0;
- int dorelsymlink = 0;
- int dotimes = 0;
- int exists = 0;
- int fromfd = -1;
- int len = -1;
- int lplen = 0;
- int onlydir = 0;
- int opt = -1;
- int tdlen = -1;
- int tofd = -1;
- int wc = -1;
-
- mode_t mode = 0755;
-
- uid_t uid = -1;
- gid_t gid = -1;
-
- struct stat sb;
- struct stat tosb;
- struct utimbuf utb;
- char buf[BUFSIZ];
-
- program = strrchr(argv[0], '/');
- if (!program)
- program = strrchr(argv[0], '\\');
- program = program ? program+1 : argv[0];
-
-
- while ((opt = getopt(argc, argv, "C:DdlL:Rm:o:g:t")) != EOF) {
- switch (opt) {
- case 'C': cwd = optarg; break;
- case 'D': onlydir = 1; break;
- case 'd': dodir = 1; break;
- case 'l': dolink = 1; break;
- case 'L':
- linkprefix = optarg;
- lplen = strlen(linkprefix);
- dolink = 1;
- break;
- case 'R': dolink = dorelsymlink = 1; break;
- case 'm':
- mode = strtoul(optarg, &cp, 8);
- if (mode == 0 && cp == optarg)
- usage();
- break;
- case 'o': owner = optarg; break;
- case 'g': group = optarg; break;
- case 't': dotimes = 1; break;
- default: usage();
- }
- }
-
- argc -= optind;
- argv += optind;
- if (argc < 2 - onlydir)
- usage();
-
- todir = argv[argc-1];
- if ((stat(todir, &sb) < 0 || !S_ISDIR(sb.st_mode)) &&
- mkdirs(todir, 0777) < 0) {
- fail("cannot mkdir -p %s", todir);
- }
- if (onlydir)
- return 0;
-
- if (!cwd) {
- cwd = getcwd(0, PATH_MAX);
- if (!cwd)
- fail("could not get CWD");
- }
-
- /* make sure we can get into todir. */
- xchdir(todir);
- todir = getcwd(0, PATH_MAX);
- if (!todir)
- fail("could not get CWD in todir");
- tdlen = strlen(todir);
-
- /* back to original directory. */
- xchdir(cwd);
-
- uid = owner ? touid(owner) : -1;
- gid = group ? togid(group) : -1;
-
- while (--argc > 0) {
- name = *argv++;
- len = strlen(name);
- base = xbasename(name);
- bnlen = strlen(base);
- toname = (char*)xmalloc(tdlen + 1 + bnlen + 1);
- sprintf(toname, "%s/%s", todir, base);
-retry:
- exists = (lstat(toname, &tosb) == 0);
-
- if (dodir) {
- /* -d means create a directory, always */
- if (exists && !S_ISDIR(tosb.st_mode)) {
- int rv = unlink(toname);
- if (rv)
- fail("cannot unlink %s", toname);
- exists = 0;
- }
- if (!exists && mkdir(toname, mode) < 0) {
- /* we probably have two nsinstall programs in a race here. */
- if (errno == EEXIST && !stat(toname, &sb) &&
- S_ISDIR(sb.st_mode)) {
- fprintf(stderr, "directory creation race: %s\n", toname);
- goto retry;
- }
- fail("cannot make directory %s", toname);
- }
- if ((owner || group) && chown(toname, uid, gid) < 0)
- fail("cannot change owner of %s", toname);
- } else if (dolink) {
- if (*name == '/') {
- /* source is absolute pathname, link to it directly */
- linkname = 0;
- } else {
- if (linkprefix) {
- /* -L implies -l and prefixes names with a $cwd arg. */
- len += lplen + 1;
- linkname = (char*)xmalloc(len + 1);
- sprintf(linkname, "%s/%s", linkprefix, name);
- } else if (dorelsymlink) {
- /* Symlink the relative path from todir to source name. */
- linkname = (char*)xmalloc(PATH_MAX);
-
- if (*todir == '/') {
- /* todir is absolute: skip over common prefix. */
- lplen = relatepaths(todir, cwd, linkname);
- strcpy(linkname + lplen, name);
- } else {
- /* todir is named by a relative path: reverse it. */
- reversepath(todir, name, len, linkname);
- xchdir(cwd);
- }
-
- len = strlen(linkname);
- }
- name = linkname;
- }
-
- /* Check for a pre-existing symlink with identical content. */
- if (exists &&
- (!S_ISLNK(tosb.st_mode) ||
- readlink(toname, buf, sizeof buf) != len ||
- strncmp(buf, name, len) != 0)) {
- int rmrv;
- rmrv = (S_ISDIR(tosb.st_mode) ? rmdir : unlink)(toname);
- if (rmrv < 0) {
- fail("destination exists, cannot remove %s", toname);
- }
- exists = 0;
- }
- if (!exists && symlink(name, toname) < 0) {
- if (errno == EEXIST) {
- fprintf(stderr, "symlink creation race: %s\n", toname);
- goto retry;
- }
- diagnosePath(toname);
- fail("cannot make symbolic link %s", toname);
- }
-#ifdef HAVE_LCHOWN
- if ((owner || group) && lchown(toname, uid, gid) < 0)
- fail("cannot change owner of %s", toname);
-#endif
-
- if (linkname) {
- free(linkname);
- linkname = 0;
- }
- } else {
- /* Copy from name to toname, which might be the same file. */
- fromfd = open(name, O_RDONLY);
- if (fromfd < 0 || fstat(fromfd, &sb) < 0)
- fail("cannot access %s", name);
- if (exists &&
- (!S_ISREG(tosb.st_mode) || access(toname, W_OK) < 0)) {
- int rmrv;
- rmrv = (S_ISDIR(tosb.st_mode) ? rmdir : unlink)(toname);
- if (rmrv < 0) {
- fail("destination exists, cannot remove %s", toname);
- }
- }
- tofd = open(toname, O_CREAT | O_WRONLY, 0666);
- if (tofd < 0)
- fail("cannot create %s", toname);
-
- bp = buf;
- while ((cc = read(fromfd, bp, sizeof buf)) > 0) {
- while ((wc = write(tofd, bp, cc)) > 0) {
- if ((cc -= wc) == 0)
- break;
- bp += wc;
- }
- if (wc < 0)
- fail("cannot write to %s", toname);
- }
- if (cc < 0)
- fail("cannot read from %s", name);
-
- if (ftruncate(tofd, sb.st_size) < 0)
- fail("cannot truncate %s", toname);
- if (dotimes) {
- utb.actime = sb.st_atime;
- utb.modtime = sb.st_mtime;
- if (utime(toname, &utb) < 0)
- fail("cannot set times of %s", toname);
- }
- if (fchmod(tofd, mode) < 0)
- fail("cannot change mode of %s", toname);
- if ((owner || group) && fchown(tofd, uid, gid) < 0)
- fail("cannot change owner of %s", toname);
-
- /* Must check for delayed (NFS) write errors on close. */
- if (close(tofd) < 0)
- fail("close reports write error on %s", toname);
- close(fromfd);
- }
-
- free(toname);
- }
-
- free(cwd);
- free(todir);
- return 0;
-}
-
diff --git a/security/coreconf/nsinstall/pathsub.c b/security/coreconf/nsinstall/pathsub.c
deleted file mode 100644
index 4d5728833..000000000
--- a/security/coreconf/nsinstall/pathsub.c
+++ /dev/null
@@ -1,302 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
-** Pathname subroutines.
-*/
-#include <assert.h>
-#ifdef FREEBSD
-#include <sys/types.h>
-#endif /* FREEBSD */
-#include <dirent.h>
-#include <errno.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "pathsub.h"
-#ifdef USE_REENTRANT_LIBC
-#include "libc_r.h"
-#endif /* USE_REENTRANT_LIBC */
-
-char *program;
-
-void
-fail(char *format, ...)
-{
- int error;
- va_list ap;
-
-#ifdef USE_REENTRANT_LIBC
- R_STRERROR_INIT_R();
-#endif
-
- error = errno;
- fprintf(stderr, "%s: ", program);
- va_start(ap, format);
- vfprintf(stderr, format, ap);
- va_end(ap);
- if (error)
-
-#ifdef USE_REENTRANT_LIBC
- R_STRERROR_R(errno);
- fprintf(stderr, ": %s", r_strerror_r);
-#else
- fprintf(stderr, ": %s", strerror(errno));
-#endif
-
- putc('\n', stderr);
- abort();
- exit(1);
-}
-
-char *
-getcomponent(char *path, char *name)
-{
- if (*path == '\0')
- return 0;
- if (*path == '/') {
- *name++ = '/';
- } else {
- do {
- *name++ = *path++;
- } while (*path != '/' && *path != '\0');
- }
- *name = '\0';
- while (*path == '/')
- path++;
- return path;
-}
-
-#ifdef UNIXWARE
-/* The static buffer in Unixware's readdir is too small. */
-struct dirent * readdir(DIR *d)
-{
- static struct dirent *buf = NULL;
-#define MAX_PATH_LEN 1024
-
- if (buf == NULL)
- buf = (struct dirent *)xmalloc(sizeof(struct dirent) + MAX_PATH_LEN) ;
- return readdir_r(d, buf);
-}
-#endif
-
-/* APPARENT BUG - ignores argument "dir", uses ".." instead. */
-char *
-ino2name(ino_t ino, char *dir)
-{
- DIR *dp;
- struct dirent *ep;
- char *name;
-
- dp = opendir(".."); /* XXX */
- if (!dp)
- fail("cannot read parent directory");
- for (;;) {
- if (!(ep = readdir(dp)))
- fail("cannot find current directory");
- if (ep->d_ino == ino)
- break;
- }
- name = xstrdup(ep->d_name);
- closedir(dp);
- return name;
-}
-
-void *
-xmalloc(size_t size)
-{
- void *p;
-
- if (size <= 0)
- fail("attempted to allocate %u bytes", size);
- p = malloc(size);
- if (!p)
- fail("cannot allocate %u bytes", size);
- return p;
-}
-
-char *
-xstrdup(char *s)
-{
- if (!s || !s[0])
- fail("Null pointer or empty string passed to xstrdup()");
- return strcpy((char*)xmalloc(strlen(s) + 1), s);
-}
-
-char *
-xbasename(char *path)
-{
- char *cp;
-
- if (!path || !path[0])
- fail("Null pointer or empty string passed to xbasename()");
- while ((cp = strrchr(path, '/')) && cp[1] == '\0')
- *cp = '\0';
- if (!cp) return path;
- return cp + 1;
-}
-
-void
-xchdir(char *dir)
-{
- if (!dir || !dir[0])
- fail("Null pointer or empty string passed to xchdir()");
- if (chdir(dir) < 0)
- fail("cannot change directory to %s", dir);
-}
-
-int
-relatepaths(char *from, char *to, char *outpath)
-{
- char *cp, *cp2;
- int len;
- char buf[NAME_MAX];
-
- assert(*from == '/' && *to == '/');
- if (!from || *from != '/')
- fail("relatepaths: from path does not start with /");
- if (!to || *to != '/')
- fail("relatepaths: to path does not start with /");
-
- for (cp = to, cp2 = from; *cp == *cp2; cp++, cp2++)
- if (*cp == '\0')
- break;
- while (cp[-1] != '/')
- cp--, cp2--;
- if (cp - 1 == to) {
- /* closest common ancestor is /, so use full pathname */
- len = strlen(strcpy(outpath, to));
- if (outpath[len] != '/') {
- outpath[len++] = '/';
- outpath[len] = '\0';
- }
- } else {
- len = 0;
- while ((cp2 = getcomponent(cp2, buf)) != 0) {
- strcpy(outpath + len, "../");
- len += 3;
- }
- while ((cp = getcomponent(cp, buf)) != 0) {
- sprintf(outpath + len, "%s/", buf);
- len += strlen(outpath + len);
- }
- }
- return len;
-}
-
-void
-reversepath(char *inpath, char *name, int len, char *outpath)
-{
- char *cp, *cp2;
- char buf[NAME_MAX];
- struct stat sb;
-
- cp = strcpy(outpath + PATH_MAX - (len + 1), name);
- cp2 = inpath;
- while ((cp2 = getcomponent(cp2, buf)) != 0) {
- if (strcmp(buf, ".") == 0)
- continue;
- if (strcmp(buf, "..") == 0) {
- if (stat(".", &sb) < 0)
- fail("cannot stat current directory");
- name = ino2name(sb.st_ino, "..");
- len = strlen(name);
- cp -= len + 1;
- strcpy(cp, name);
- cp[len] = '/';
- free(name);
- xchdir("..");
- } else {
- cp -= 3;
- strncpy(cp, "../", 3);
- xchdir(buf);
- }
- }
- strcpy(outpath, cp);
-}
-
-void
-diagnosePath(const char * path)
-{
- char * myPath;
- char * slash;
- int rv;
- struct stat sb;
- char buf[BUFSIZ];
-
- if (!path || !path[0])
- fail("Null pointer or empty string passed to mkdirs()");
- myPath = strdup(path);
- if (!myPath)
- fail("strdup() failed!");
- do {
- rv = lstat(myPath, &sb);
- if (rv < 0) {
- perror(myPath);
- } else if (S_ISLNK(sb.st_mode)) {
- rv = readlink(myPath, buf, sizeof buf);
- if (rv < 0) {
- perror("readlink");
- buf[0] = 0;
- } else {
- buf[rv] = 0;
- }
- fprintf(stderr, "%s is a link to %s\n", myPath, buf);
- } else if (S_ISDIR(sb.st_mode)) {
- fprintf(stderr, "%s is a directory\n", myPath);
- rv = access(myPath, X_OK);
- if (rv < 0) {
- fprintf(stderr, "%s: no search permission\n", myPath);
- }
- } else {
- fprintf(stderr, "%s is a file !?!\n", myPath);
- rv = access(myPath, F_OK);
- if (rv < 0) {
- fprintf(stderr, "%s does not exist\n", myPath);
- }
- }
-
- /* chop path off one level. */
- slash = strrchr(myPath, '/');
- if (!slash)
- slash = strrchr(myPath, '\\');
- if (!slash)
- slash = myPath;
- *slash = 0;
- } while (myPath[0]);
- free(myPath);
-}
diff --git a/security/coreconf/nsinstall/pathsub.h b/security/coreconf/nsinstall/pathsub.h
deleted file mode 100644
index 718c2206f..000000000
--- a/security/coreconf/nsinstall/pathsub.h
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef pathsub_h___
-#define pathsub_h___
-/*
-** Pathname subroutines.
-**
-** Brendan Eich, 8/29/95
-*/
-#include <limits.h>
-#include <sys/types.h>
-
-#if SUNOS4
-#include "sunos4.h"
-#endif
-
-#ifndef PATH_MAX
-#define PATH_MAX 1024
-#endif
-
-/*
- * Just keep sane lengths
- */
-#undef NAME_MAX
-#define NAME_MAX 256
-
-extern char *program;
-
-extern void fail(char *format, ...);
-extern char *getcomponent(char *path, char *name);
-extern char *ino2name(ino_t ino, char *dir);
-extern void *xmalloc(size_t size);
-extern char *xstrdup(char *s);
-extern char *xbasename(char *path);
-extern void xchdir(char *dir);
-
-/* Relate absolute pathnames from and to returning the result in outpath. */
-extern int relatepaths(char *from, char *to, char *outpath);
-
-/* NOTE: changes current working directory -- caveat emptor */
-extern void reversepath(char *inpath, char *name, int len, char *outpath);
-
-/* stats every directory in path, reports results. */
-extern void diagnosePath(const char * path);
-
-#endif /* pathsub_h___ */
diff --git a/security/coreconf/nsinstall/sunos4.h b/security/coreconf/nsinstall/sunos4.h
deleted file mode 100644
index 9bdae872c..000000000
--- a/security/coreconf/nsinstall/sunos4.h
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
- */
-
-#ifndef pr_sunos4_h___
-#define pr_sunos4_h___
-
-#ifndef SVR4
-
-/*
-** Hodge podge of random missing prototypes for the Sunos4 system
-*/
-#include <stdio.h>
-#include <stdarg.h>
-#include <time.h>
-#include <limits.h>
-#include <sys/types.h>
-
-#define PATH_MAX _POSIX_PATH_MAX
-
-struct timeval;
-struct timezone;
-struct itimerval;
-struct sockaddr;
-struct stat;
-struct tm;
-
-/* ctype.h */
-extern int tolower(int);
-extern int toupper(int);
-
-/* errno.h */
-extern char *sys_errlist[];
-extern int sys_nerr;
-
-#define strerror(e) sys_errlist[((unsigned)(e) < sys_nerr) ? e : 0]
-
-extern void perror(const char *);
-
-/* getopt */
-extern char *optarg;
-extern int optind;
-extern int getopt(int argc, char **argv, char *spec);
-
-/* math.h */
-extern int srandom(long val);
-extern long random(void);
-
-/* memory.h */
-#define memmove(to,from,len) bcopy((char*)(from),(char*)(to),len)
-
-extern void bcopy(const char *, char *, int);
-
-/* signal.h */
-/*
-** SunOS4 sigaction hides interrupts by default, so we can safely define
-** SA_RESTART to 0 (HP-UX is a counter-example -- its sigaction does not
-** hide interrupts but lacks an SA_RESTART option; you must use sigvector
-** and tweak the sigcontext from within each signal handler!).
-*/
-#define SA_RESTART 0
-#define SA_SIGINFO 0
-
-/* stdio.h */
-extern int printf(const char *, ...);
-extern int fprintf(FILE *, const char *, ...);
-extern int vprintf(const char *, va_list);
-extern int vfprintf(FILE *, const char *, va_list);
-extern char *vsprintf(char *, const char *, va_list);
-extern int scanf(const char *, ...);
-extern int sscanf(const char *, const char *, ...);
-extern int fscanf(FILE *, const char *, ...);
-extern int fgetc(FILE *);
-extern int fputc(int, FILE *);
-extern int fputs(const char *, FILE *);
-extern int puts(const char *);
-extern int fread(void *, size_t, size_t, FILE *);
-extern int fwrite(const char *, int, int, FILE *);
-extern int fseek(FILE *, long, int);
-extern long ftell(FILE *);
-extern int rewind(FILE *);
-extern int fflush(FILE *);
-extern int _flsbuf(unsigned char, FILE *);
-extern int fclose(FILE *);
-extern int remove(const char *);
-extern int setvbuf(FILE *, char *, int, size_t);
-extern int system(const char *);
-extern FILE *popen(const char *, const char *);
-extern int pclose(FILE *);
-
-/* stdlib.h */
-#define strtoul strtol
-
-extern int isatty(int fildes);
-extern long strtol(const char *, char **, int);
-extern int putenv(const char *);
-extern void srand48(long);
-extern long lrand48(void);
-extern double drand48(void);
-
-/* string.h */
-extern int strcasecmp(const char *, const char *);
-extern int strncasecmp(const char *, const char *, size_t);
-extern int strcoll(const char *, const char *);
-
-/* time.h */
-extern time_t mktime(struct tm *);
-extern size_t strftime(char *, size_t, const char *, const struct tm *);
-extern int gettimeofday(struct timeval *, struct timezone *);
-extern int setitimer(int, struct itimerval *, struct itimerval *);
-extern time_t time(time_t *);
-extern time_t timegm(struct tm *);
-extern struct tm *localtime(const time_t *);
-extern struct tm *gmtime(const time_t *);
-
-/* unistd.h */
-extern int rename(const char *, const char *);
-extern int ioctl(int, int, int *arg);
-extern int connect(int, struct sockaddr *, int);
-extern int readlink(const char *, char *, int);
-extern int symlink(const char *, const char *);
-extern int ftruncate(int, off_t);
-extern int fchmod(int, mode_t);
-extern int fchown(int, uid_t, gid_t);
-extern int lstat(const char *, struct stat *);
-extern int fstat(int, struct stat *);
-extern int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
-extern int gethostname(char *, int);
-extern char *getwd(char *);
-extern int getpagesize(void);
-
-#endif /* SVR4 */
-
-#endif /* pr_sunos4_h___ */
diff --git a/security/coreconf/outofdate.pl b/security/coreconf/outofdate.pl
deleted file mode 100755
index 1044639e8..000000000
--- a/security/coreconf/outofdate.pl
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/usr/local/bin/perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#Input: [-d dir] foo1.java foo2.java
-#Compares with: foo1.class foo2.class (if -d specified, checks in 'dir',
-# otherwise assumes .class files in same directory as .java files)
-#Returns: list of input arguments which are newer than corresponding class
-#files (non-existant class files are considered to be real old :-)
-
-$found = 1;
-
-if ($ARGV[0] eq '-d') {
- $classdir = $ARGV[1];
- $classdir .= "/";
- shift;
- shift;
-} else {
- $classdir = "./";
-}
-
-foreach $filename (@ARGV) {
- $classfilename = $classdir;
- $classfilename .= $filename;
- $classfilename =~ s/.java$/.class/;
- ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,
- $ctime,$blksize,$blocks) = stat($filename);
- ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$classmtime,
- $ctime,$blksize,$blocks) = stat($classfilename);
-# print $filename, " ", $mtime, ", ", $classfilename, " ", $classmtime, "\n";
- if ($mtime > $classmtime) {
- print $filename, " ";
- $found = 0;
- }
-}
-
-print "\n";
diff --git a/security/coreconf/platform.mk b/security/coreconf/platform.mk
deleted file mode 100644
index a4826d315..000000000
--- a/security/coreconf/platform.mk
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Master "Core Components" <platform> tag #
-#######################################################################
-
-PLATFORM = $(OBJDIR_NAME)
diff --git a/security/coreconf/prefix.mk b/security/coreconf/prefix.mk
deleted file mode 100644
index af1142afd..000000000
--- a/security/coreconf/prefix.mk
+++ /dev/null
@@ -1,88 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Master "Core Components" for computing program prefixes #
-#######################################################################
-
-#
-# Object prefixes
-#
-
-ifndef OBJ_PREFIX
- OBJ_PREFIX =
-endif
-
-#
-# Library suffixes
-#
-
-ifndef LIB_PREFIX
- ifeq ($(OS_ARCH), WINNT)
- LIB_PREFIX =
- else
- LIB_PREFIX = lib
- endif
-endif
-
-
-ifndef DLL_PREFIX
- ifeq ($(OS_ARCH), WINNT)
- DLL_PREFIX =
- else
- DLL_PREFIX = lib
- endif
-endif
-
-
-ifndef IMPORT_LIB_PREFIX
- IMPORT_LIB_PREFIX =
-endif
-
-
-ifndef PURE_LIB_PREFIX
- ifeq ($(OS_ARCH), WINNT)
- PURE_LIB_PREFIX =
- else
- PURE_LIB_PREFIX = purelib
- endif
-endif
-
-#
-# Program prefixes
-#
-
-ifndef PROG_PREFIX
- PROG_PREFIX =
-endif
-
diff --git a/security/coreconf/release.pl b/security/coreconf/release.pl
deleted file mode 100755
index 0a16727e1..000000000
--- a/security/coreconf/release.pl
+++ /dev/null
@@ -1,136 +0,0 @@
-#! /usr/local/bin/perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-
-require('coreconf.pl');
-
-#######-- read in variables on command line into %var
-
-$var{ZIP} = "zip";
-
-&parse_argv;
-
-
-######-- Do the packaging of jars.
-
-foreach $jarfile (split(/ /,$var{FILES}) ) {
- print STDERR "---------------------------------------------\n";
- print STDERR "Packaging jar file $jarfile....\n";
-
- $jarinfo = $var{$jarfile};
-
- ($jardir,$jaropts) = split(/\|/,$jarinfo);
-
- $zipoptions = "-T";
- if ($jaropts =~ /a/) {
- if ($var{OS_ARCH} eq 'WINNT') {
- $zipoptions .= ' -ll';
- }
- }
-
-# don't compress jar files containing classes since some java
-# implementations do not implement decompression correctly
- if ( ($jarfile eq 'xpclass.jar') || ($jarfile eq 'xpclass_dbg.jar') ) {
- $zipoptions .= ' -0';
- }
-
-
-# just in case the directory ends in a /, remove it
- if ($jardir =~ /\/$/) {
- chop $jardir;
- }
-
- $dirdepth --;
-
- print STDERR "jardir = $jardir\n";
- system("ls $jardir");
-
- if (-d $jardir) {
-
-
-# count the number of slashes
-
- $slashes =0;
-
- foreach $i (split(//,$jardir)) {
- if ($i =~ /\//) {
- $slashes++;
- }
- }
-
- $dotdots =0;
-
- foreach $i (split(m|/|,$jardir)) {
- if ($i eq '..') {
- $dotdots ++;
- }
- }
-
- $dirdepth = ($slashes +1) - (2*$dotdots);
-
- print STDERR "changing dir $jardir\n";
- chdir($jardir);
- print STDERR "making dir META-INF\n";
- mkdir("META-INF",0755);
-
- $filelist = "";
- opendir(DIR,".");
- while ($_ = readdir(DIR)) {
- if (! ( ($_ eq '.') || ($_ eq '..'))) {
- if ( $jaropts =~ /i/) {
- if (! /^include$/) {
- $filelist .= "$_ ";
- }
- }
- else {
- $filelist .= "$_ ";
- }
- }
- }
- closedir(DIR);
-
- print STDERR "zip $zipoptions -r $jarfile $filelist\n";
- system("zip $zipoptions -r $jarfile $filelist");
- rmdir("META-INF");
- for $i (1 .. $dirdepth) {
- chdir("..");
- print STDERR "chdir ..\n";
- }
- }
- else {
- print STDERR "Directory $jardir doesn't exist\n";
- }
-
-}
-
diff --git a/security/coreconf/rules.mk b/security/coreconf/rules.mk
deleted file mode 100644
index 9900c4702..000000000
--- a/security/coreconf/rules.mk
+++ /dev/null
@@ -1,971 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-### ###
-### R U L E S O F E N G A G E M E N T ###
-### ###
-#######################################################################
-
-#######################################################################
-# Double-Colon rules for utilizing the binary release model. #
-#######################################################################
-
-all:: export libs program install
-
-ifeq ($(AUTOCLEAN),1)
-autobuild:: clean export private_export libs program install
-else
-autobuild:: export private_export libs program install
-endif
-
-platform::
- @echo $(OBJDIR_NAME)
-
-
-#
-# IMPORTS will always be associated with a component. Therefore,
-# the "import" rule will always change directory to the top-level
-# of a component, and traverse the IMPORTS keyword from the
-# "manifest.mn" file located at this level only.
-#
-# note: if there is a trailing slash, the component will be appended
-# (see import.pl - only used for xpheader.jar)
-
-import::
- @echo "== import.pl =="
- @perl -I$(CORE_DEPTH)/coreconf $(CORE_DEPTH)/coreconf/import.pl \
- "RELEASE_TREE=$(RELEASE_TREE)" \
- "IMPORTS=$(IMPORTS)" \
- "VERSION=$(VERSION)" \
- "OS_ARCH=$(OS_ARCH)" \
- "PLATFORM=$(PLATFORM)" \
- "OVERRIDE_IMPORT_CHECK=$(OVERRIDE_IMPORT_CHECK)" \
- "ALLOW_VERSION_OVERRIDE=$(ALLOW_VERSION_OVERRIDE)" \
- "SOURCE_RELEASE_PREFIX=$(SOURCE_RELEASE_XP_DIR)" \
- "SOURCE_MD_DIR=$(SOURCE_MD_DIR)" \
- "SOURCE_XP_DIR=$(SOURCE_XP_DIR)" \
- "FILES=$(IMPORT_XPCLASS_JAR) $(XPHEADER_JAR) $(MDHEADER_JAR) $(MDBINARY_JAR)" \
- "$(IMPORT_XPCLASS_JAR)=$(IMPORT_XP_DIR)|$(IMPORT_XPCLASS_DIR)|" \
- "$(XPHEADER_JAR)=$(IMPORT_XP_DIR)|$(SOURCE_XP_DIR)/public/|v" \
- "$(MDHEADER_JAR)=$(IMPORT_MD_DIR)|$(SOURCE_MD_DIR)/include|" \
- "$(MDBINARY_JAR)=$(IMPORT_MD_DIR)|$(SOURCE_MD_DIR)|"
-
-export::
- +$(LOOP_OVER_DIRS)
-
-private_export::
- +$(LOOP_OVER_DIRS)
-
-release_export::
- +$(LOOP_OVER_DIRS)
-
-release_classes::
- +$(LOOP_OVER_DIRS)
-
-libs program install:: $(TARGETS)
-ifdef LIBRARY
- $(INSTALL) -m 664 $(LIBRARY) $(SOURCE_LIB_DIR)
-endif
-ifdef SHARED_LIBRARY
- $(INSTALL) -m 775 $(SHARED_LIBRARY) $(SOURCE_LIB_DIR)
-endif
-ifdef IMPORT_LIBRARY
- $(INSTALL) -m 775 $(IMPORT_LIBRARY) $(SOURCE_LIB_DIR)
-endif
-ifdef PURE_LIBRARY
- $(INSTALL) -m 775 $(PURE_LIBRARY) $(SOURCE_LIB_DIR)
-endif
-ifdef PROGRAM
- $(INSTALL) -m 775 $(PROGRAM) $(SOURCE_BIN_DIR)
-endif
-ifdef PROGRAMS
- $(INSTALL) -m 775 $(PROGRAMS) $(SOURCE_BIN_DIR)
-endif
- +$(LOOP_OVER_DIRS)
-
-tests::
- +$(LOOP_OVER_DIRS)
-
-clean clobber::
- rm -rf $(ALL_TRASH)
- +$(LOOP_OVER_DIRS)
-
-realclean clobber_all::
- rm -rf $(wildcard *.OBJ) dist $(ALL_TRASH)
- +$(LOOP_OVER_DIRS)
-
-#ifdef ALL_PLATFORMS
-#all_platforms:: $(NFSPWD)
-# @d=`$(NFSPWD)`; \
-# if test ! -d LOGS; then rm -rf LOGS; mkdir LOGS; fi; \
-# for h in $(PLATFORM_HOSTS); do \
-# echo "On $$h: $(MAKE) $(ALL_PLATFORMS) >& LOGS/$$h.log";\
-# rsh $$h -n "(chdir $$d; \
-# $(MAKE) $(ALL_PLATFORMS) >& LOGS/$$h.log; \
-# echo DONE) &" 2>&1 > LOGS/$$h.pid & \
-# sleep 1; \
-# done
-#
-#$(NFSPWD):
-# cd $(@D); $(MAKE) $(@F)
-#endif
-
-#######################################################################
-# Double-Colon rules for populating the binary release model. #
-#######################################################################
-
-
-release_clean::
- rm -rf $(SOURCE_XP_DIR)/release/$(RELEASE_MD_DIR)
-
-release:: release_clean release_export release_classes release_policy release_md release_jars release_cpdistdir
-
-release_cpdistdir::
- @echo "== cpdist.pl =="
- @perl -I$(CORE_DEPTH)/coreconf $(CORE_DEPTH)/coreconf/cpdist.pl \
- "RELEASE_TREE=$(RELEASE_TREE)" \
- "CORE_DEPTH=$(CORE_DEPTH)" \
- "MODULE=${MODULE}" \
- "OS_ARCH=$(OS_ARCH)" \
- "RELEASE=$(RELEASE)" \
- "PLATFORM=$(PLATFORM)" \
- "RELEASE_VERSION=$(RELEASE_VERSION)" \
- "SOURCE_RELEASE_PREFIX=$(SOURCE_RELEASE_XP_DIR)" \
- "RELEASE_XP_DIR=$(RELEASE_XP_DIR)" \
- "RELEASE_MD_DIR=$(RELEASE_MD_DIR)" \
- "FILES=$(XPCLASS_JAR) $(XPCLASS_DBG_JAR) $(XPHEADER_JAR) $(MDHEADER_JAR) $(MDBINARY_JAR) XP_FILES MD_FILES" \
- "$(XPCLASS_JAR)=$(SOURCE_RELEASE_CLASSES_DIR)|x"\
- "$(XPCLASS_DBG_JAR)=$(SOURCE_RELEASE_CLASSES_DBG_DIR)|x"\
- "$(XPHEADER_JAR)=$(SOURCE_RELEASE_XPHEADERS_DIR)|x" \
- "$(MDHEADER_JAR)=$(SOURCE_RELEASE_MDHEADERS_DIR)|m" \
- "$(MDBINARY_JAR)=$(SOURCE_RELEASE_MD_DIR)|m" \
- "XP_FILES=$(XP_FILES)|xf" \
- "MD_FILES=$(MD_FILES)|mf"
-
-
-# $(SOURCE_RELEASE_xxx_JAR) is a name like yyy.jar
-# $(SOURCE_RELEASE_xx_DIR) is a name like
-
-release_jars::
- @echo "== release.pl =="
- @perl -I$(CORE_DEPTH)/coreconf $(CORE_DEPTH)/coreconf/release.pl \
- "RELEASE_TREE=$(RELEASE_TREE)" \
- "PLATFORM=$(PLATFORM)" \
- "OS_ARCH=$(OS_ARCH)" \
- "RELEASE_VERSION=$(RELEASE_VERSION)" \
- "SOURCE_RELEASE_DIR=$(SOURCE_RELEASE_DIR)" \
- "FILES=$(XPCLASS_JAR) $(XPCLASS_DBG_JAR) $(XPHEADER_JAR) $(MDHEADER_JAR) $(MDBINARY_JAR)" \
- "$(XPCLASS_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DIR)|b"\
- "$(XPCLASS_DBG_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DBG_DIR)|b"\
- "$(XPHEADER_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_XPHEADERS_DIR)|a" \
- "$(MDHEADER_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_MDHEADERS_DIR)|a" \
- "$(MDBINARY_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_MD_DIR)|bi"
-
-# Rules for releasing classes.
-# We have to do some REALLY gross stuff to deal with multiple classes in one
-# file, as well as nested classes, which have a filename of the form
-# ContainingClass$NestedClass.class.
-# RELEASE_CLASSES simply performs a required patsubst on CLASSES
-# RELEASE_CLASS_PATH is RELEASE_CLASSES with the path (in ns/dist) prepended
-# RELEASE_NESTED is all the nested classes in RELEASE_CLASS_PATH. We use a
-# foreach and wildcard to get all the files that start out like one of the
-# class files, then have a $. So, for each class file, we look for file$*
-# RELEASE_FILES is the combination of RELEASE_NESTED and the class files
-# specified by RELEASE_CLASSES which have .class appended to them. Note that
-# the RELEASE_NESTED don't need to have .class appended because they were
-# read in from the wildcard as complete filenames.
-#
-# The _DBG versions are the debuggable ones.
-ifneq ($(CLASSES),)
-
-RELEASE_CLASSES := $(patsubst %,%,$(CLASSES))
-
-ifdef BUILD_OPT
- RELEASE_CLASS_PATH := $(patsubst %,$(SOURCE_CLASSES_DIR)/$(PACKAGE)/%, $(RELEASE_CLASSES))
- RELEASE_NESTED := $(foreach file,$(RELEASE_CLASS_PATH),$(wildcard $(file)$$*))
- RELEASE_FILES := $(patsubst %,%.class,$(RELEASE_CLASS_PATH)) $(RELEASE_NESTED)
-else
- RELEASE_DBG_CLASS_PATH:= $(patsubst %,$(SOURCE_CLASSES_DBG_DIR)/$(PACKAGE)/%, $(RELEASE_CLASSES))
- RELEASE_DBG_NESTED := $(foreach file,$(RELEASE_DBG_CLASS_PATH),$(wildcard $(file)$$*))
- RELEASE_DBG_FILES := $(patsubst %,%.class,$(RELEASE_DBG_CLASS_PATH)) $(RELEASE_DBG_NESTED)
-endif
-
-# Substitute \$ for $ so the shell doesn't choke
-ifdef BUILD_OPT
-release_classes::
- $(INSTALL) -m 444 $(subst $$,\$$,$(RELEASE_FILES)) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DIR)/$(PACKAGE)
-else
-release_classes::
- $(INSTALL) -m 444 $(subst $$,\$$,$(RELEASE_DBG_FILES)) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DBG_DIR)/$(PACKAGE)
-endif
-
-endif
-
-ifneq ($(POLICY),)
-release_policy::
-ifdef LIBRARY
- -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(LIBRARY)
-endif
-ifdef SHARED_LIBRARY
-ifdef COMPRESS_TARGET
- if test -f $(SHARED_LIBRARY).bak; then \
- cp $(SHARED_LIBRARY).bak $(SHARED_LIBRARY); \
- fi;
-endif
- -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(SHARED_LIBRARY)
-ifdef COMPRESS_TARGET
- $(COMPRESS_TARGET) $(SHARED_LIBRARY)
-endif
-endif
-ifdef IMPORT_LIBRARY
- -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(IMPORT_LIBRARY)
-endif
-ifdef PURE_LIBRARY
- -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(PURE_LIBRARY)
-endif
-ifdef PROGRAM
-ifdef COMPRESS_TARGET
- if test -f $(PROGRAM).bak; then \
- cp $(PROGRAM).bak $(PROGRAM); \
- fi;
-endif
- -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(PROGRAM)
-ifdef COMPRESS_TARGET
- $(COMPRESS_TARGET) $(PROGRAM)
-endif
-endif
-ifdef PROGRAMS
- -$(PLCYPATCH) $(PLCYPATCH_ARGS) $(PROGRAMS)
-endif
- +$(LOOP_OVER_DIRS)
-else
-release_policy::
- +$(LOOP_OVER_DIRS)
-endif
-
-release_md::
-ifdef LIBRARY
- $(INSTALL) -m 444 $(LIBRARY) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)
-endif
-ifdef SHARED_LIBRARY
- $(INSTALL) -m 555 $(SHARED_LIBRARY) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)
-endif
-ifdef IMPORT_LIBRARY
- $(INSTALL) -m 555 $(IMPORT_LIBRARY) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)
-endif
-ifdef PURE_LIBRARY
- $(INSTALL) -m 555 $(PURE_LIBRARY) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)
-endif
-ifdef PROGRAM
- $(INSTALL) -m 555 $(PROGRAM) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_BIN_DIR)
-endif
-ifdef PROGRAMS
- $(INSTALL) -m 555 $(PROGRAMS) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_BIN_DIR)
-endif
- +$(LOOP_OVER_DIRS)
-
-
-alltags:
- rm -f TAGS
- find . -name dist -prune -o \( -name '*.[hc]' -o -name '*.cp' -o -name '*.cpp' \) -print | xargs etags -a
- find . -name dist -prune -o \( -name '*.[hc]' -o -name '*.cp' -o -name '*.cpp' \) -print | xargs ctags -a
-
-$(PROGRAM): $(OBJS) $(EXTRA_LIBS)
- @$(MAKE_OBJDIR)
-ifeq ($(OS_ARCH),WINNT)
-ifeq ($(OS_TARGET),WIN16)
- echo system windows >w16link
- echo option map >>w16link
- echo option oneautodata >>w16link
- echo option heapsize=32K >>w16link
- echo debug watcom all >>w16link
- echo name $@ >>w16link
- echo file >>w16link
- echo $(W16OBJS) , >>w16link
- echo $(W16LDFLAGS) >> w16link
- echo library >>w16link
- echo winsock.lib >>w16link
- $(LINK) @w16link.
- rm w16link
-else
- $(MKPROG) $(OBJS) -Fe$@ -link $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
-endif
-else
- $(MKPROG) -o $@ $(CFLAGS) $(OBJS) $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
-endif
-ifneq ($(POLICY),)
-#ifdef COMPRESS_TARGET
-# $(COMPRESS_TARGET)
-# We're going to cache a copy to keep around
-# cp $(PROGRAM) $(PROGRAM).org
-#endif
- -$(PLCYPATCH) $(PLCYPATCH_ARGS) $@
-endif
-
-$(LIBRARY): $(OBJS)
- @$(MAKE_OBJDIR)
- rm -f $@
- $(AR) $(OBJS)
- $(RANLIB) $@
-
-ifeq ($(OS_TARGET), WIN16)
-$(IMPORT_LIBRARY): $(SHARED_LIBRARY)
- wlib +$(SHARED_LIBRARY)
-endif
-
-$(SHARED_LIBRARY): $(OBJS)
- @$(MAKE_OBJDIR)
- rm -f $@
-ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.1)
- echo "#!" > $(OBJDIR)/lib$(LIBRARY_NAME)_syms
- nm -B -C -g $(OBJS) \
- | awk '/ [T,D] / {print $$3}' \
- | sed -e 's/^\.//' \
- | sort -u >> $(OBJDIR)/lib$(LIBRARY_NAME)_syms
- $(LD) $(XCFLAGS) -o $@ $(OBJS) -bE:$(OBJDIR)/lib$(LIBRARY_NAME)_syms \
- -bM:SRE -bnoentry $(OS_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS)
-else
-ifeq ($(OS_ARCH), WINNT)
-ifeq ($(OS_TARGET), WIN16)
- echo system windows dll initinstance >w16link
- echo option map >>w16link
- echo option oneautodata >>w16link
- echo option heapsize=32K >>w16link
- echo debug watcom all >>w16link
- echo name $@ >>w16link
- echo file >>w16link
- echo $(W16OBJS) >>w16link
- echo $(W16LIBS) >>w16link
- echo libfile libentry >>w16link
- $(LINK) @w16link.
- rm w16link
-else
- $(LINK_DLL) -MAP $(DLLBASE) $(OBJS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(LD_LIBS)
-endif
-else
- $(MKSHLIB) -o $@ $(OBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS)
- chmod +x $@
-endif
-endif
-ifneq ($(POLICY),)
-#ifdef COMPRESS_TARGET
-# $(COMPRESS_TARGET)
-# cp $@ $@.org
-#endif
- -$(PLCYPATCH) $(PLCYPATCH_ARGS) $@
-endif
-
-$(PURE_LIBRARY):
- rm -f $@
-ifneq ($(OS_ARCH), WINNT)
- $(AR) $(OBJS)
-endif
- $(RANLIB) $@
-
-ifeq ($(OS_ARCH), WINNT)
-$(RES): $(RESNAME)
- @$(MAKE_OBJDIR)
- $(RC) -Fo$(RES) $(RESNAME)
- @echo $(RES) finished
-endif
-
-$(OBJDIR)/$(PROG_PREFIX)%$(PROG_SUFFIX): $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX)
- @$(MAKE_OBJDIR)
-ifeq ($(OS_ARCH),WINNT)
- $(MKPROG) $(OBJDIR)/$(PROG_PREFIX)$*$(OBJ_SUFFIX) -Fe$@ -link \
- $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
-else
- $(MKPROG) -o $@ $(OBJDIR)/$(PROG_PREFIX)$*$(OBJ_SUFFIX) \
- $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
-endif
-
-ifdef HAVE_PURIFY
-$(OBJDIR)/$(PROG_PREFIX)%.pure: $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX)
- @$(MAKE_OBJDIR)
-ifeq ($(OS_ARCH),WINNT)
- $(PURIFY) $(CC) -Fo$@ -c $(CFLAGS) $(OBJDIR)/$(PROG_PREFIX)$*$(OBJ_SUFFIX) $(PURELDFLAGS)
-else
- $(PURIFY) $(CC) -o $@ $(CFLAGS) $(OBJDIR)/$(PROG_PREFIX)$*$(OBJ_SUFFIX) $(PURELDFLAGS)
-endif
-endif
-
-WCCFLAGS1 := $(subst /,\\,$(CFLAGS))
-WCCFLAGS2 := $(subst -I,-i=,$(WCCFLAGS1))
-WCCFLAGS3 := $(subst -D,-d,$(WCCFLAGS2))
-
-$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c
- @$(MAKE_OBJDIR)
-ifeq ($(OS_ARCH), WINNT)
-ifeq ($(OS_TARGET), WIN16)
- echo $(WCCFLAGS3) >w16wccf
- $(CC) -zq -fo$(OBJDIR)\\$(PROG_PREFIX)$*$(OBJ_SUFFIX) @w16wccf $*.c
- rm w16wccf
-else
- $(CC) -Fo$@ -c $(CFLAGS) $*.c
-endif
-else
- $(CC) -o $@ -c $(CFLAGS) $*.c
-endif
-
-ifneq ($(OS_ARCH), WINNT)
-$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.s
- @$(MAKE_OBJDIR)
- $(AS) -o $@ $(ASFLAGS) -c $*.s
-endif
-
-$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.asm
- @$(MAKE_OBJDIR)
- $(AS) -Fo$@ $(ASFLAGS) -c $*.asm
-
-$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.S
- @$(MAKE_OBJDIR)
- $(AS) -o $@ $(ASFLAGS) -c $*.S
-
-$(OBJDIR)/$(PROG_PREFIX)%: %.cpp
- @$(MAKE_OBJDIR)
-ifeq ($(OS_ARCH), WINNT)
- $(CCC) -Fo$@ -c $(CFLAGS) $<
-else
- $(CCC) -o $@ -c $(CFLAGS) $<
-endif
-
-#
-# Please keep the next two rules in sync.
-#
-$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cc
- @$(MAKE_OBJDIR)
- $(CCC) -o $@ -c $(CFLAGS) $*.cc
-
-$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cpp
- @$(MAKE_OBJDIR)
-ifdef STRICT_CPLUSPLUS_SUFFIX
- echo "#line 1 \"$*.cpp\"" | cat - $*.cpp > $(OBJDIR)/t_$*.cc
- $(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc
- rm -f $(OBJDIR)/t_$*.cc
-else
-ifeq ($(OS_ARCH),WINNT)
- $(CCC) -Fo$@ -c $(CFLAGS) $*.cpp
-else
- $(CCC) -o $@ -c $(CFLAGS) $*.cpp
-endif
-endif #STRICT_CPLUSPLUS_SUFFIX
-
-%.i: %.cpp
-ifeq ($(OS_TARGET), WIN16)
- echo $(WCCFLAGS3) >w16wccf
- $(CCC) -pl -fo=$* @w16wccf $*.cpp
- rm w16wccf
-else
- $(CCC) -C -E $(CFLAGS) $< > $*.i
-endif
-
-%.i: %.c
-ifeq ($(OS_TARGET), WIN16)
- echo $(WCCFLAGS3) >w16wccf
- $(CC) -pl -fo=$* @w16wccf $*.c
- rm w16wccf
-else
-ifeq ($(OS_ARCH),WINNT)
- $(CC) -C /P $(CFLAGS) $<
-else
- $(CC) -C -E $(CFLAGS) $< > $*.i
-endif
-endif
-
-ifneq ($(OS_ARCH), WINNT)
-%.i: %.s
- $(CC) -C -E $(CFLAGS) $< > $*.i
-endif
-
-%: %.pl
- rm -f $@; cp $*.pl $@; chmod +x $@
-
-%: %.sh
- rm -f $@; cp $*.sh $@; chmod +x $@
-
-ifdef DIRS
-$(DIRS)::
- @if test -d $@; then \
- set $(EXIT_ON_ERROR); \
- echo "cd $@; $(MAKE)"; \
- cd $@; $(MAKE); \
- set +e; \
- else \
- echo "Skipping non-directory $@..."; \
- fi; \
- $(CLICK_STOPWATCH)
-endif
-
-################################################################################
-# Bunch of things that extend the 'export' rule (in order):
-################################################################################
-
-$(JAVA_DESTPATH) $(JAVA_DESTPATH)/$(PACKAGE) $(JMCSRCDIR)::
- @if test ! -d $@; then \
- echo Creating $@; \
- rm -rf $@; \
- $(NSINSTALL) -D $@; \
- fi
-
-################################################################################
-## IDL_GEN
-
-ifneq ($(IDL_GEN),)
-
-#export::
-# $(IDL2JAVA) $(IDL_GEN)
-
-#all:: export
-
-#clobber::
-# rm -f $(IDL_GEN:.idl=.class) # XXX wrong!
-
-endif
-
-################################################################################
-### JSRCS -- for compiling java files
-###
-### NOTE: For backwards compatibility, if $(NETLIBDEPTH) is defined,
-### replace $(CORE_DEPTH) with $(NETLIBDEPTH).
-###
-
-ifneq ($(JSRCS),)
-ifneq ($(JAVAC),)
-ifdef NETLIBDEPTH
- CORE_DEPTH := $(NETLIBDEPTH)
-endif
-
-JAVA_EXPORT_SRCS=$(shell perl $(CORE_DEPTH)/coreconf/outofdate.pl $(PERLARG) -d $(JAVA_DESTPATH)/$(PACKAGE) $(JSRCS) $(PRIVATE_JSRCS))
-
-export:: $(JAVA_DESTPATH) $(JAVA_DESTPATH)/$(PACKAGE)
-ifneq ($(JAVA_EXPORT_SRCS),)
- $(JAVAC) $(JAVA_EXPORT_SRCS)
-endif
-
-all:: export
-
-clobber::
- rm -f $(SOURCE_XP_DIR)/classes/$(PACKAGE)/*.class
-
-endif
-endif
-
-#
-# JDIRS -- like JSRCS, except you can give a list of directories and it will
-# compile all the out-of-date java files in those directories.
-#
-# NOTE: recursing through these can speed things up, but they also cause
-# some builds to run out of memory
-#
-# NOTE: For backwards compatibility, if $(NETLIBDEPTH) is defined,
-# replace $(CORE_DEPTH) with $(NETLIBDEPTH).
-#
-ifdef JDIRS
-ifneq ($(JAVAC),)
-ifdef NETLIBDEPTH
- CORE_DEPTH := $(NETLIBDEPTH)
-endif
-
-export:: $(JAVA_DESTPATH) $(JAVA_DESTPATH)/$(PACKAGE)
- @for d in $(JDIRS); do \
- if test -d $$d; then \
- set $(EXIT_ON_ERROR); \
- files=`echo $$d/*.java`; \
- list=`perl $(CORE_DEPTH)/coreconf/outofdate.pl $(PERLARG) \
- -d $(JAVA_DESTPATH)/$(PACKAGE) $$files`; \
- if test "$${list}x" != "x"; then \
- echo Building all java files in $$d; \
- echo $(JAVAC) $$list; \
- $(JAVAC) $$list; \
- fi; \
- set +e; \
- else \
- echo "Skipping non-directory $$d..."; \
- fi; \
- $(CLICK_STOPWATCH); \
- done
-endif
-endif
-
-#
-# JDK_GEN -- for generating "old style" native methods
-#
-# Generate JDK Headers and Stubs into the '_gen' and '_stubs' directory
-#
-# NOTE: For backwards compatibility, if $(NETLIBDEPTH) is defined,
-# replace $(CORE_DEPTH) with $(NETLIBDEPTH).
-#
-ifneq ($(JDK_GEN),)
-ifneq ($(JAVAH),)
-ifdef NSBUILDROOT
- INCLUDES += -I$(JDK_GEN_DIR) -I$(SOURCE_XP_DIR)
-else
- INCLUDES += -I$(JDK_GEN_DIR)
-endif
-
-ifdef NETLIBDEPTH
- CORE_DEPTH := $(NETLIBDEPTH)
-endif
-
-JDK_PACKAGE_CLASSES := $(JDK_GEN)
-JDK_PATH_CLASSES := $(subst .,/,$(JDK_PACKAGE_CLASSES))
-JDK_HEADER_CLASSFILES := $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JDK_PATH_CLASSES))
-JDK_STUB_CLASSFILES := $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JDK_PATH_CLASSES))
-JDK_HEADER_CFILES := $(patsubst %,$(JDK_GEN_DIR)/%.h,$(JDK_GEN))
-JDK_STUB_CFILES := $(patsubst %,$(JDK_STUB_DIR)/%.c,$(JDK_GEN))
-
-$(JDK_HEADER_CFILES): $(JDK_HEADER_CLASSFILES)
-$(JDK_STUB_CFILES): $(JDK_STUB_CLASSFILES)
-
-export::
- @echo Generating/Updating JDK headers
- $(JAVAH) -d $(JDK_GEN_DIR) $(JDK_PACKAGE_CLASSES)
- @echo Generating/Updating JDK stubs
- $(JAVAH) -stubs -d $(JDK_STUB_DIR) $(JDK_PACKAGE_CLASSES)
-ifndef NO_MAC_JAVA_SHIT
- @if test ! -d $(CORE_DEPTH)/lib/mac/Java/; then \
- echo "!!! You need to have a ns/lib/mac/Java directory checked out."; \
- echo "!!! This allows us to automatically update generated files for the mac."; \
- echo "!!! If you see any modified files there, please check them in."; \
- fi
- @echo Generating/Updating JDK headers for the Mac
- $(JAVAH) -mac -d $(CORE_DEPTH)/lib/mac/Java/_gen $(JDK_PACKAGE_CLASSES)
- @echo Generating/Updating JDK stubs for the Mac
- $(JAVAH) -mac -stubs -d $(CORE_DEPTH)/lib/mac/Java/_stubs $(JDK_PACKAGE_CLASSES)
-endif
-endif
-endif
-
-#
-# JRI_GEN -- for generating "old style" JRI native methods
-#
-# Generate JRI Headers and Stubs into the 'jri' directory
-#
-# NOTE: For backwards compatibility, if $(NETLIBDEPTH) is defined,
-# replace $(CORE_DEPTH) with $(NETLIBDEPTH).
-#
-ifneq ($(JRI_GEN),)
-ifneq ($(JAVAH),)
-ifdef NSBUILDROOT
- INCLUDES += -I$(JRI_GEN_DIR) -I$(SOURCE_XP_DIR)
-else
- INCLUDES += -I$(JRI_GEN_DIR)
-endif
-
-ifdef NETLIBDEPTH
- CORE_DEPTH := $(NETLIBDEPTH)
-endif
-
-JRI_PACKAGE_CLASSES := $(JRI_GEN)
-JRI_PATH_CLASSES := $(subst .,/,$(JRI_PACKAGE_CLASSES))
-JRI_HEADER_CLASSFILES := $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JRI_PATH_CLASSES))
-JRI_STUB_CLASSFILES := $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JRI_PATH_CLASSES))
-JRI_HEADER_CFILES := $(patsubst %,$(JRI_GEN_DIR)/%.h,$(JRI_GEN))
-JRI_STUB_CFILES := $(patsubst %,$(JRI_GEN_DIR)/%.c,$(JRI_GEN))
-
-$(JRI_HEADER_CFILES): $(JRI_HEADER_CLASSFILES)
-$(JRI_STUB_CFILES): $(JRI_STUB_CLASSFILES)
-
-export::
- @echo Generating/Updating JRI headers
- $(JAVAH) -jri -d $(JRI_GEN_DIR) $(JRI_PACKAGE_CLASSES)
- @echo Generating/Updating JRI stubs
- $(JAVAH) -jri -stubs -d $(JRI_GEN_DIR) $(JRI_PACKAGE_CLASSES)
-ifndef NO_MAC_JAVA_SHIT
- @if test ! -d $(CORE_DEPTH)/lib/mac/Java/; then \
- echo "!!! You need to have a ns/lib/mac/Java directory checked out."; \
- echo "!!! This allows us to automatically update generated files for the mac."; \
- echo "!!! If you see any modified files there, please check them in."; \
- fi
- @echo Generating/Updating JRI headers for the Mac
- $(JAVAH) -jri -mac -d $(CORE_DEPTH)/lib/mac/Java/_jri $(JRI_PACKAGE_CLASSES)
- @echo Generating/Updating JRI stubs for the Mac
- $(JAVAH) -jri -mac -stubs -d $(CORE_DEPTH)/lib/mac/Java/_jri $(JRI_PACKAGE_CLASSES)
-endif
-endif
-endif
-
-#
-# JNI_GEN -- for generating JNI native methods
-#
-# Generate JNI Headers into the 'jni' directory
-#
-ifneq ($(JNI_GEN),)
-ifneq ($(JAVAH),)
-JNI_HEADERS := $(patsubst %,$(JNI_GEN_DIR)/%.h,$(JNI_GEN))
-
-export::
- @if test ! -d $(JNI_GEN_DIR); then \
- echo $(JAVAH) -jni -d $(JNI_GEN_DIR) $(JNI_GEN); \
- $(JAVAH) -jni -d $(JNI_GEN_DIR) $(JNI_GEN); \
- else \
- echo "Checking for out of date header files" ; \
- cmd="perl $(CORE_DEPTH)/coreconf/jniregen.pl $(PERLARG) \
- -d $(JAVA_DESTPATH) $(JNI_GEN)"; \
- echo $$cmd; \
- list=`$$cmd`; \
- if test "$${list}x" != "x"; then \
- echo $(JAVAH) -jni -d $(JNI_GEN_DIR) $$list; \
- $(JAVAH) -jni -d $(JNI_GEN_DIR) $$list; \
- fi \
- fi
-endif
-endif
-
-#
-# JMC_EXPORT -- for declaring which java classes are to be exported for jmc
-#
-ifneq ($(JMC_EXPORT),)
-JMC_EXPORT_PATHS := $(subst .,/,$(JMC_EXPORT))
-JMC_EXPORT_FILES := $(patsubst %,$(JAVA_DESTPATH)/$(PACKAGE)/%.class,$(JMC_EXPORT_PATHS))
-
-#
-# We're doing NSINSTALL -t here (copy mode) because calling INSTALL will pick up
-# your NSDISTMODE and make links relative to the current directory. This is a
-# problem because the source isn't in the current directory:
-#
-export:: $(JMC_EXPORT_FILES) $(JMCSRCDIR)
- $(NSINSTALL) -t -m 444 $(JMC_EXPORT_FILES) $(JMCSRCDIR)
-endif
-
-#
-# JMC_GEN -- for generating java modules
-#
-# Provide default export & install rules when using JMC_GEN
-#
-ifneq ($(JMC_GEN),)
-ifneq ($(JMC),)
- INCLUDES += -I$(JMC_GEN_DIR) -I.
- JMC_HEADERS := $(patsubst %,$(JMC_GEN_DIR)/%.h,$(JMC_GEN))
- JMC_STUBS := $(patsubst %,$(JMC_GEN_DIR)/%.c,$(JMC_GEN))
- JMC_OBJS := $(patsubst %,$(OBJDIR)/%$(OBJ_SUFFIX),$(JMC_GEN))
-
-$(JMC_GEN_DIR)/M%.h: $(JMCSRCDIR)/%.class
- $(JMC) -d $(JMC_GEN_DIR) -interface $(JMC_GEN_FLAGS) $(?F:.class=)
-
-$(JMC_GEN_DIR)/M%.c: $(JMCSRCDIR)/%.class
- $(JMC) -d $(JMC_GEN_DIR) -module $(JMC_GEN_FLAGS) $(?F:.class=)
-
-$(OBJDIR)/M%$(OBJ_SUFFIX): $(JMC_GEN_DIR)/M%.h $(JMC_GEN_DIR)/M%.c
- @$(MAKE_OBJDIR)
- $(CC) -o $@ -c $(CFLAGS) $(JMC_GEN_DIR)/M$*.c
-
-export:: $(JMC_HEADERS) $(JMC_STUBS)
-endif
-endif
-
-#
-# Copy each element of EXPORTS to $(SOURCE_XP_DIR)/public/$(MODULE)/
-#
-PUBLIC_EXPORT_DIR = $(SOURCE_XP_DIR)/public/$(MODULE)
-ifeq ($(OS_ARCH),WINNT)
-ifeq ($(OS_TARGET),WIN16)
-PUBLIC_EXPORT_DIR = $(SOURCE_XP_DIR)/public/win16
-endif
-endif
-
-ifneq ($(EXPORTS),)
-$(PUBLIC_EXPORT_DIR)::
- @if test ! -d $@; then \
- echo Creating $@; \
- $(NSINSTALL) -D $@; \
- fi
-
-export:: $(EXPORTS) $(PUBLIC_EXPORT_DIR)
- $(INSTALL) -m 444 $(EXPORTS) $(PUBLIC_EXPORT_DIR)
-endif
-
-# Duplicate export rule for private exports, with different directories
-
-PRIVATE_EXPORT_DIR = $(SOURCE_XP_DIR)/private/$(MODULE)
-ifeq ($(OS_ARCH),WINNT)
-ifeq ($(OS_TARGET),WIN16)
-PRIVATE_EXPORT_DIR = $(SOURCE_XP_DIR)/public/win16
-endif
-endif
-
-ifneq ($(PRIVATE_EXPORTS),)
-$(PRIVATE_EXPORT_DIR)::
- @if test ! -d $@; then \
- echo Creating $@; \
- $(NSINSTALL) -D $@; \
- fi
-
-private_export:: $(PRIVATE_EXPORTS) $(PRIVATE_EXPORT_DIR)
- $(INSTALL) -m 444 $(PRIVATE_EXPORTS) $(PRIVATE_EXPORT_DIR)
-else
-private_export::
- @echo There are no private exports.;
-endif
-
-##########################################################################
-### RULES FOR RUNNING REGRESSION SUITE TESTS
-### REQUIRES 'REGRESSION_SPEC' TO BE SET TO THE NAME OF A REGRESSION SPECFILE
-### AND RESULTS_SUBDIR TO BE SET TO SOMETHING LIKE SECURITY/PKCS5
-##########################################################################
-
-TESTS_DIR = $(RESULTS_DIR)/$(RESULTS_SUBDIR)/$(OS_CONFIG)$(CPU_TAG)$(COMPILER_TAG)$(IMPL_STRATEGY)
-
-ifneq ($(REGRESSION_SPEC),)
-tests:: $(REGRESSION_SPEC)
- cd $(PLATFORM); \
- ../$(SOURCE_MD_DIR)/bin/regress$(PROG_SUFFIX) specfile=../$(REGRESSION_SPEC) progress $(EXTRA_REGRESS_OPTIONS); \
- if test ! -d $(TESTS_DIR); then \
- echo Creating $(TESTS_DIR); \
- $(NSINSTALL) -D $(TESTS_DIR); \
- fi
-ifneq ($(BUILD_OPT),)
- $(NSINSTALL) -m 664 $(PLATFORM)/$(REGDATE).sum $(TESTS_DIR); \
- $(NSINSTALL) -m 664 $(PLATFORM)/$(REGDATE).htm $(TESTS_DIR); \
- echo "Please now make sure your results files are copied to $(TESTS_DIR), "; \
- echo "then run 'reporter specfile=$(RESULTS_DIR)/rptspec'"
-endif
-else
-tests::
- @echo Error: you didn't specify REGRESSION_SPEC in your manifest.mn file!;
-endif
-
-
-# Duplicate export rule for releases, with different directories
-
-ifneq ($(EXPORTS),)
-$(SOURCE_RELEASE_XP_DIR)/include::
- @if test ! -d $@; then \
- echo Creating $@; \
- $(NSINSTALL) -D $@; \
- fi
-
-release_export:: $(EXPORTS) $(SOURCE_RELEASE_XP_DIR)/include
- $(INSTALL) -m 444 $(EXPORTS) $(SOURCE_RELEASE_XP_DIR)/include
-endif
-
-
-
-
-################################################################################
-
--include $(DEPENDENCIES)
-
-ifneq ($(OS_ARCH),WINNT)
-# Can't use sed because of its 4000-char line length limit, so resort to perl
-.DEFAULT:
- @perl -e ' \
- open(MD, "< $(DEPENDENCIES)"); \
- while (<MD>) { \
- if (m@ \.*/*$< @) { \
- $$found = 1; \
- last; \
- } \
- } \
- if ($$found) { \
- print "Removing stale dependency $< from $(DEPENDENCIES)\n"; \
- seek(MD, 0, 0); \
- $$tmpname = "$(OBJDIR)/fix.md" . $$$$; \
- open(TMD, "> " . $$tmpname); \
- while (<MD>) { \
- s@ \.*/*$< @ @; \
- if (!print TMD "$$_") { \
- unlink(($$tmpname)); \
- exit(1); \
- } \
- } \
- close(TMD); \
- if (!rename($$tmpname, "$(DEPENDENCIES)")) { \
- unlink(($$tmpname)); \
- } \
- } elsif ("$<" ne "$(DEPENDENCIES)") { \
- print "$(MAKE): *** No rule to make target $<. Stop.\n"; \
- exit(1); \
- }'
-endif
-
-#############################################################################
-# X dependency system
-#############################################################################
-
-ifdef MKDEPENDENCIES
-
-# For Windows, $(MKDEPENDENCIES) must be -included before including rules.mk
-
-$(MKDEPENDENCIES)::
- @$(MAKE_OBJDIR)
- touch $(MKDEPENDENCIES)
- chmod u+w $(MKDEPENDENCIES)
-#on NT, the preceeding touch command creates a read-only file !?!?!
-#which is why we have to explicitly chmod it.
- $(MKDEPEND) -p$(OBJDIR_NAME)/ -o'$(OBJ_SUFFIX)' -f$(MKDEPENDENCIES) \
-$(NOMD_CFLAGS) $(YOPT) $(CSRCS) $(CPPSRCS) $(ASFILES)
-
-$(MKDEPEND):: $(MKDEPEND_DIR)/*.c $(MKDEPEND_DIR)/*.h
- cd $(MKDEPEND_DIR); $(MAKE)
-
-ifdef OBJS
-depend:: $(MKDEPEND) $(MKDEPENDENCIES)
-else
-depend::
-endif
- +$(LOOP_OVER_DIRS)
-
-dependclean::
- rm -f $(MKDEPENDENCIES)
- +$(LOOP_OVER_DIRS)
-
-#-include $(NSINSTALL_DIR)/$(OBJDIR)/depend.mk
-
-else
-depend::
-endif
-
-################################################################################
-# Special gmake rules.
-################################################################################
-
-#
-# Re-define the list of default suffixes, so gmake won't have to churn through
-# hundreds of built-in suffix rules for stuff we don't need.
-#
-.SUFFIXES:
-.SUFFIXES: .out .a .ln .o .obj .c .cc .C .cpp .y .l .s .S .h .sh .i .pl .class .java .html .asm
-
-#
-# Don't delete these files if we get killed.
-#
-.PRECIOUS: .java $(JDK_HEADERS) $(JDK_STUBS) $(JRI_HEADERS) $(JRI_STUBS) $(JMC_HEADERS) $(JMC_STUBS) $(JNI_HEADERS)
-
-#
-# Fake targets. Always run these rules, even if a file/directory with that
-# name already exists.
-#
-.PHONY: all all_platforms alltags boot clean clobber clobber_all export install libs realclean release $(OBJDIR) $(DIRS)
-
diff --git a/security/coreconf/ruleset.mk b/security/coreconf/ruleset.mk
deleted file mode 100644
index 16c19bc7b..000000000
--- a/security/coreconf/ruleset.mk
+++ /dev/null
@@ -1,362 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# #
-# Parameters to this makefile (set these in this file): #
-# #
-# a) #
-# TARGETS -- the target to create #
-# (defaults to $LIBRARY $PROGRAM) #
-# b) #
-# DIRS -- subdirectories for make to recurse on #
-# (the 'all' rule builds $TARGETS $DIRS) #
-# c) #
-# CSRCS, CPPSRCS -- .c and .cpp files to compile #
-# (used to define $OBJS) #
-# d) #
-# PROGRAM -- the target program name to create from $OBJS #
-# ($OBJDIR automatically prepended to it) #
-# e) #
-# LIBRARY -- the target library name to create from $OBJS #
-# ($OBJDIR automatically prepended to it) #
-# f) #
-# JSRCS -- java source files to compile into class files #
-# (if you don't specify this it will default #
-# to *.java) #
-# g) #
-# PACKAGE -- the package to put the .class files into #
-# (e.g. netscape/applet) #
-# (NOTE: the default definition for this may be #
-# overridden if "jdk.mk" is included) #
-# h) #
-# JMC_EXPORT -- java files to be exported for use by JMC_GEN #
-# (this is a list of Class names) #
-# i) #
-# JRI_GEN -- files to run through javah to generate headers #
-# and stubs #
-# (output goes into the _jri sub-dir) #
-# j) #
-# JMC_GEN -- files to run through jmc to generate headers #
-# and stubs #
-# (output goes into the _jmc sub-dir) #
-# k) #
-# JNI_GEN -- files to run through javah to generate headers #
-# (output goes into the _jni sub-dir) #
-# #
-#######################################################################
-
-#
-# At this time, the CPU_TAG value is actually assigned.
-#
-
-CPU_TAG =
-
-#
-# When the processor is NOT 386-based on Windows NT, override the
-# value of $(CPU_TAG).
-#
-ifeq ($(OS_ARCH), WINNT)
- ifneq ($(CPU_ARCH),x386)
- CPU_TAG = _$(CPU_ARCH)
- endif
-endif
-
-#
-# Always set CPU_TAG on Linux.
-#
-ifeq ($(OS_ARCH), Linux)
- CPU_TAG = _$(CPU_ARCH)
-endif
-
-#
-# At this time, the COMPILER_TAG value is actually assigned.
-#
-
-ifndef COMPILER_TAG
-ifneq ($(DEFAULT_COMPILER), $(CC))
-#
-# Temporary define for the Client; to be removed when binary release is used
-#
- ifdef MOZILLA_CLIENT
- COMPILER_TAG =
- else
- COMPILER_TAG = _$(CC)
- endif
-else
- COMPILER_TAG =
-endif
-endif
-
-#
-# At this time, a default value of $(CC) is assigned to MKPROG.
-#
-
-ifeq ($(MKPROG),)
- MKPROG = $(CC)
-endif
-
-#
-# This makefile contains rules for building the following kinds of
-# objects:
-# - (1) LIBRARY: a static (archival) library
-# - (2) SHARED_LIBRARY: a shared (dynamic link) library
-# - (3) IMPORT_LIBRARY: an import library, used only on Windows
-# - (4) PURE_LIBRARY: a library for Purify
-# - (5) PROGRAM: an executable binary
-#
-# NOTE: The names of libraries can be generated by simply specifying
-# LIBRARY_NAME (and LIBRARY_VERSION in the case of non-static libraries).
-#
-
-ifdef LIBRARY_NAME
- ifeq ($(OS_ARCH), WINNT)
- #
- # Win16 requires library names conforming to the 8.3 rule.
- # other platforms do not.
- #
- LIBRARY = $(OBJDIR)/$(LIBRARY_NAME).lib
- ifeq ($(OS_TARGET), WIN16)
- SHARED_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)16$(JDK_DEBUG_SUFFIX).dll
- IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)16$(JDK_DEBUG_SUFFIX).lib
- else
- SHARED_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32$(JDK_DEBUG_SUFFIX).dll
- IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32$(JDK_DEBUG_SUFFIX).lib
- endif
- else
- LIBRARY = $(OBJDIR)/lib$(LIBRARY_NAME).$(LIB_SUFFIX)
- ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.1)
- SHARED_LIBRARY = $(OBJDIR)/lib$(LIBRARY_NAME)$(LIBRARY_VERSION)_shr$(JDK_DEBUG_SUFFIX).a
- else
- SHARED_LIBRARY = $(OBJDIR)/lib$(LIBRARY_NAME)$(LIBRARY_VERSION)$(JDK_DEBUG_SUFFIX).$(DLL_SUFFIX)
- endif
-
- ifdef HAVE_PURIFY
- ifdef DSO_BACKEND
- PURE_LIBRARY = $(OBJDIR)/purelib$(LIBRARY_NAME)$(LIBRARY_VERSION)$(JDK_DEBUG_SUFFIX).$(DLL_SUFFIX)
- else
- PURE_LIBRARY = $(OBJDIR)/purelib$(LIBRARY_NAME).$(LIB_SUFFIX)
- endif
- endif
- endif
-endif
-
-#
-# Common rules used by lots of makefiles...
-#
-
-ifdef PROGRAM
- PROGRAM := $(addprefix $(OBJDIR)/, $(PROGRAM)$(JDK_DEBUG_SUFFIX)$(PROG_SUFFIX))
-endif
-
-ifdef PROGRAMS
- PROGRAMS := $(addprefix $(OBJDIR)/, $(PROGRAMS:%=%$(JDK_DEBUG_SUFFIX)$(PROG_SUFFIX)))
-endif
-
-ifndef TARGETS
- ifeq ($(OS_ARCH), WINNT)
- TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(IMPORT_LIBRARY) $(PROGRAM)
- else
- TARGETS = $(LIBRARY) $(SHARED_LIBRARY)
- ifdef HAVE_PURIFY
- TARGETS += $(PURE_LIBRARY)
- endif
- TARGETS += $(PROGRAM)
- endif
-endif
-
-ifndef OBJS
- SIMPLE_OBJS = $(JRI_STUB_CFILES) \
- $(addsuffix $(OBJ_SUFFIX), $(JMC_GEN)) \
- $(CSRCS:.c=$(OBJ_SUFFIX)) \
- $(CPPSRCS:.cpp=$(OBJ_SUFFIX)) \
- $(ASFILES:$(ASM_SUFFIX)=$(OBJ_SUFFIX))
- OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS))
-endif
-
-ifeq ($(OS_TARGET), WIN16)
- comma := ,
- empty :=
- space := $(empty) $(empty)
- W16OBJS := $(subst $(space),$(comma)$(space),$(strip $(OBJS)))
- W16TEMP = $(OS_LIBS) $(EXTRA_LIBS)
- ifeq ($(strip $(W16TEMP)),)
- W16LIBS =
- else
- W16LIBS := library $(subst $(space),$(comma)$(space),$(strip $(W16TEMP)))
- endif
-endif
-
-ifeq ($(OS_ARCH),WINNT)
- ifneq ($(OS_TARGET), WIN16)
- OBJS += $(RES)
- endif
- MAKE_OBJDIR = $(INSTALL) -D $(OBJDIR)
-else
- define MAKE_OBJDIR
- if test ! -d $(@D); then rm -rf $(@D); $(NSINSTALL) -D $(@D); fi
- endef
-endif
-
-ifndef PACKAGE
- PACKAGE = .
-endif
-
-ALL_TRASH := $(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \
- $(NOSUCHFILE) $(JDK_HEADER_CFILES) $(JDK_STUB_CFILES) \
- $(JRI_HEADER_CFILES) $(JRI_STUB_CFILES) $(JNI_HEADERS) $(JMC_STUBS) \
- $(JMC_HEADERS) $(JMC_EXPORT_FILES) so_locations \
- _gen _jmc _jri _jni _stubs \
- $(wildcard $(JAVA_DESTPATH)/$(PACKAGE)/*.class)
-
-ifdef JDIRS
- ALL_TRASH += $(addprefix $(JAVA_DESTPATH)/,$(JDIRS))
-endif
-
-ifdef NSBUILDROOT
- JDK_GEN_DIR = $(SOURCE_XP_DIR)/_gen
- JMC_GEN_DIR = $(SOURCE_XP_DIR)/_jmc
- JNI_GEN_DIR = $(SOURCE_XP_DIR)/_jni
- JRI_GEN_DIR = $(SOURCE_XP_DIR)/_jri
- JDK_STUB_DIR = $(SOURCE_XP_DIR)/_stubs
-else
- JDK_GEN_DIR = _gen
- JMC_GEN_DIR = _jmc
- JNI_GEN_DIR = _jni
- JRI_GEN_DIR = _jri
- JDK_STUB_DIR = _stubs
-endif
-
-#
-# If this is an "official" build, try to build everything.
-# I.e., don't exit on errors.
-#
-
-ifdef BUILD_OFFICIAL
- EXIT_ON_ERROR = +e
- CLICK_STOPWATCH = date
-else
- EXIT_ON_ERROR = -e
- CLICK_STOPWATCH = true
-endif
-
-ifdef REQUIRES
-ifeq ($(OS_TARGET),WIN16)
- INCLUDES += -I$(SOURCE_XP_DIR)/public/win16
-else
- MODULE_INCLUDES := $(addprefix -I$(SOURCE_XP_DIR)/public/, $(REQUIRES))
- INCLUDES += $(MODULE_INCLUDES)
- ifeq ($(MODULE), sectools)
- PRIVATE_INCLUDES := $(addprefix -I$(SOURCE_XP_DIR)/private/, $(REQUIRES))
- INCLUDES += $(PRIVATE_INCLUDES)
- endif
-endif
-endif
-
-ifdef SYSTEM_INCL_DIR
- YOPT = -Y$(SYSTEM_INCL_DIR)
-endif
-
-ifdef DIRS
- LOOP_OVER_DIRS = \
- @for directory in $(DIRS); do \
- if test -d $$directory; then \
- set $(EXIT_ON_ERROR); \
- echo "cd $$directory; $(MAKE) $@"; \
- $(MAKE) -C $$directory $@; \
- set +e; \
- else \
- echo "Skipping non-directory $$directory..."; \
- fi; \
- $(CLICK_STOPWATCH); \
- done
-endif
-
-
-
-# special stuff for tests rule in rules.mk
-
-ifneq ($(OS_ARCH),WINNT)
- REGDATE = $(subst \ ,, $(shell perl $(CORE_DEPTH)/$(MODULE)/scripts/now))
-else
- REGCOREDEPTH = $(subst \\,/,$(CORE_DEPTH))
- REGDATE = $(subst \ ,, $(shell perl $(CORE_DEPTH)/$(MODULE)/scripts/now))
-endif
-
-#
-# export control policy patcher program and arguments
-#
-
-PLCYPATCH = $(SOURCE_BIN_DIR)/plcypatch$(PROG_SUFFIX)
-
-DOMESTIC_POLICY = -us
-EXPORT_POLICY = -ex
-FRANCE_POLICY = -fr
-
-ifeq ($(POLICY), domestic)
- PLCYPATCH_ARGS = $(DOMESTIC_POLICY)
-else
- ifeq ($(POLICY), export)
- PLCYPATCH_ARGS = $(EXPORT_POLICY)
- else
- ifeq ($(POLICY), france)
- PLCYPATCH_ARGS = $(FRANCE_POLICY)
- else
- PLCYPATCH_ARGS =
- endif
- endif
-endif
-
-#
-# Compressor for executables and DLLs on Win32. Reduces download footprint
-# and helps solve some export control problem.
-#
-# PKLIT32C Program must be installed to be used. Path below is the default
-# installation path. No site license is available for this program.
-#
-ifeq ($(OS_ARCH), WINNT)
-ifdef BUILD_OPT
-
-PKLITE = $(shell which PKLIT32C.EXE)
-PKLITE_ARGS = -is.rdata
-
-#COMPRESS_TARGET = \
-# @if test -f $(PKLITE); then \
-# echo $(PKLITE) $(PKLITE_ARGS) $@; \
-# $(PKLITE) $(PKLITE_ARGS) $@; fi
-ifneq ($(PKLITE), )
-COMPRESS_TARGET = pklit32c.exe $(PKLITE_ARGS)
-endif
-
-endif
-endif
diff --git a/security/coreconf/source.mk b/security/coreconf/source.mk
deleted file mode 100644
index 17f9a530d..000000000
--- a/security/coreconf/source.mk
+++ /dev/null
@@ -1,174 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Master <component>-specific source import/export directories #
-#######################################################################
-
-#
-# <user_source_tree> master import/export directory prefix
-#
-
-SOURCE_PREFIX = $(CORE_DEPTH)/dist
-ifdef MOZILLA_SECURITY_BUILD
-SOURCE_PREFIX = $(CORE_DEPTH)/../dist
-else
-ifdef MOZILLA_CLIENT
-SOURCE_PREFIX = $(CORE_DEPTH)/../mozilla/dist
-endif
-endif
-
-
-#
-# <user_source_tree> cross-platform (xp) master import/export directory
-#
-
-SOURCE_XP_DIR = $(SOURCE_PREFIX)
-
-#
-# <user_source_tree> cross-platform (xp) import/export directories
-#
-
-SOURCE_CLASSES_DIR = $(SOURCE_XP_DIR)/classes
-SOURCE_CLASSES_DBG_DIR = $(SOURCE_XP_DIR)/classes_DBG
-SOURCE_XPHEADERS_DIR = $(SOURCE_XP_DIR)/public/$(MODULE)
-SOURCE_XPPRIVATE_DIR = $(SOURCE_XP_DIR)/private/$(MODULE)
-
-ifdef BUILD_OPT
- IMPORT_XPCLASS_DIR = $(SOURCE_CLASSES_DIR)
-else
- IMPORT_XPCLASS_DIR = $(SOURCE_CLASSES_DBG_DIR)
-endif
-
-#
-# <user_source_tree> machine-dependent (md) master import/export directory
-#
-
-SOURCE_MD_DIR = $(SOURCE_PREFIX)/$(PLATFORM)
-
-#
-# <user_source_tree> machine-dependent (md) import/export directories
-#
-
-SOURCE_BIN_DIR = $(SOURCE_MD_DIR)/bin
-SOURCE_LIB_DIR = $(SOURCE_MD_DIR)/lib
-SOURCE_MDHEADERS_DIR = $(SOURCE_MD_DIR)/include
-
-#######################################################################
-# Master <component>-specific source release directories and files #
-#######################################################################
-
-#
-# <user_source_tree> source-side master release directory prefix
-# NOTE: export control policy enforced for XP and MD files released to
-# the staging area
-#
-
-ifeq ($(POLICY), domestic)
- SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/domestic
-else
- ifeq ($(POLICY), export)
- SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/export
- else
- ifeq ($(POLICY), france)
- SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/france
- else
-#We shouldn't have to put another directory under here, but without it the perl
-#script for releasing doesn't find the directory. It thinks it doesn't exist.
-#So we're adding this no-policy directory so that the script for releasing works
-#in all casese when policy is not set. This doesn't affect where the final jar
-#files land, only where they are placed in the local tree when building the jar
-#files. When there is no policy, the jar files will still land in
-#<dist>/<module>/<date>/<platform> like they used to.
- SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/no-policy
- endif
- endif
-endif
-
-#
-# <user_source_tree> cross-platform (xp) source-side master release directory
-#
-
-SOURCE_RELEASE_XP_DIR = $(SOURCE_RELEASE_PREFIX)
-
-#
-# <user_source_tree> cross-platform (xp) source-side release directories
-#
-
-SOURCE_RELEASE_CLASSES_DIR = classes
-SOURCE_RELEASE_CLASSES_DBG_DIR = classes_DBG
-SOURCE_RELEASE_XPHEADERS_DIR = include
-
-#
-# <user_source_tree> cross-platform (xp) JAR source-side release files
-#
-
-XPCLASS_JAR = xpclass.jar
-XPCLASS_DBG_JAR = xpclass_dbg.jar
-XPHEADER_JAR = xpheader.jar
-
-ifdef BUILD_OPT
- IMPORT_XPCLASS_JAR = $(XPCLASS_JAR)
-else
- IMPORT_XPCLASS_JAR = $(XPCLASS_DBG_JAR)
-endif
-
-#
-# <user_source_tree> machine-dependent (md) source-side master release directory
-#
-
-SOURCE_RELEASE_MD_DIR = $(PLATFORM)
-
-#
-# <user_source_tree> machine-dependent (md) source-side release directories
-#
-
-SOURCE_RELEASE_BIN_DIR = $(PLATFORM)/bin
-SOURCE_RELEASE_LIB_DIR = $(PLATFORM)/lib
-SOURCE_RELEASE_MDHEADERS_DIR = $(PLATFORM)/include
-SOURCE_RELEASE_SPEC_DIR = $(SOURCE_RELEASE_MD_DIR)
-
-#
-# <user_source_tree> machine-dependent (md) JAR/tar source-side release files
-#
-
-MDBINARY_JAR = mdbinary.jar
-MDHEADER_JAR = mdheader.jar
-
-
-# Where to put the results
-
-ifneq ($(RESULTS_DIR),)
- RESULTS_DIR = $(RELEASE_TREE)/sectools/results
-endif
-
diff --git a/security/coreconf/suffix.mk b/security/coreconf/suffix.mk
deleted file mode 100644
index e1db4ed7d..000000000
--- a/security/coreconf/suffix.mk
+++ /dev/null
@@ -1,132 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Master "Core Components" suffixes #
-#######################################################################
-
-#
-# Object suffixes
-#
-
-ifndef OBJ_SUFFIX
- ifeq ($(OS_ARCH), WINNT)
- OBJ_SUFFIX = .obj
- else
- OBJ_SUFFIX = .o
- endif
-endif
-
-#
-# Assembler source suffixes
-#
-
-ifndef ASM_SUFFIX
- ifeq ($(OS_ARCH), WINNT)
- ASM_SUFFIX = .asm
- else
- ASM_SUFFIX = .s
- endif
-endif
-
-#
-# Library suffixes
-#
-
-STATIC_LIB_EXTENSION =
-
-ifndef DYNAMIC_LIB_EXTENSION
- ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.1)
- DYNAMIC_LIB_EXTENSION = _shr
- else
- DYNAMIC_LIB_EXTENSION =
- endif
-endif
-
-
-ifndef STATIC_LIB_SUFFIX
- STATIC_LIB_SUFFIX = .$(LIB_SUFFIX)
-endif
-
-
-ifndef DYNAMIC_LIB_SUFFIX
- DYNAMIC_LIB_SUFFIX = .$(DLL_SUFFIX)
-endif
-
-
-ifndef IMPORT_LIB_SUFFIX
- ifeq ($(OS_ARCH), WINNT)
- IMPORT_LIB_SUFFIX = .$(LIB_SUFFIX)
- else
- IMPORT_LIB_SUFFIX =
- endif
-endif
-
-
-ifndef PURE_LIB_SUFFIX
- ifeq ($(OS_ARCH), WINNT)
- PURE_LIB_SUFFIX =
- else
- ifdef DSO_BACKEND
- PURE_LIB_SUFFIX = .$(DLL_SUFFIX)
- else
- PURE_LIB_SUFFIX = .$(LIB_SUFFIX)
- endif
- endif
-endif
-
-
-ifndef STATIC_LIB_SUFFIX_FOR_LINKING
- STATIC_LIB_SUFFIX_FOR_LINKING = $(STATIC_LIB_SUFFIX)
-endif
-
-
-ifndef DYNAMIC_LIB_SUFFIX_FOR_LINKING
- ifeq ($(OS_ARCH), WINNT)
- DYNAMIC_LIB_SUFFIX_FOR_LINKING = $(IMPORT_LIB_SUFFIX)
- else
- DYNAMIC_LIB_SUFFIX_FOR_LINKING = $(DYNAMIC_LIB_SUFFIX)
- endif
-endif
-
-#
-# Program suffixes
-#
-
-ifndef PROG_SUFFIX
- ifeq ($(OS_ARCH), WINNT)
- PROG_SUFFIX = .exe
- else
- PROG_SUFFIX =
- endif
-endif
diff --git a/security/coreconf/tree.mk b/security/coreconf/tree.mk
deleted file mode 100644
index 0517a6df3..000000000
--- a/security/coreconf/tree.mk
+++ /dev/null
@@ -1,114 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Master "Core Components" file system "release" prefixes #
-#######################################################################
-
-# RELEASE_TREE = $(CORE_DEPTH)/../coredist
-
-
-ifndef RELEASE_TREE
- ifdef BUILD_SHIP
- ifdef USE_SHIPS
- RELEASE_TREE = $(BUILD_SHIP)
- else
- RELEASE_TREE = /m/dist
- endif
- else
- RELEASE_TREE = /m/dist
- endif
- ifeq ($(OS_TARGET), WINNT)
- ifdef BUILD_SHIP
- ifdef USE_SHIPS
- RELEASE_TREE = $(NTBUILD_SHIP)
- else
- RELEASE_TREE = //helium/dist
- endif
- else
- RELEASE_TREE = //helium/dist
- endif
- endif
-
- ifeq ($(OS_TARGET), WIN95)
- ifdef BUILD_SHIP
- ifdef USE_SHIPS
- RELEASE_TREE = $(NTBUILD_SHIP)
- else
- RELEASE_TREE = //helium/dist
- endif
- else
- RELEASE_TREE = //helium/dist
- endif
- endif
- ifeq ($(OS_TARGET), WIN16)
- ifdef BUILD_SHIP
- ifdef USE_SHIPS
- RELEASE_TREE = $(NTBUILD_SHIP)
- else
- RELEASE_TREE = //helium/dist
- endif
- else
- RELEASE_TREE = //helium/dist
- endif
- endif
-endif
-
-#
-# NOTE: export control policy enforced for XP and MD files
-# released to the binary release tree
-#
-
-ifeq ($(POLICY), domestic)
- RELEASE_XP_DIR = domestic
- RELEASE_MD_DIR = domestic/$(PLATFORM)
-else
- ifeq ($(POLICY), export)
- RELEASE_XP_DIR = export
- RELEASE_MD_DIR = export/$(PLATFORM)
- else
- ifeq ($(POLICY), france)
- RELEASE_XP_DIR = france
- RELEASE_MD_DIR = france/$(PLATFORM)
- else
- RELEASE_XP_DIR =
- RELEASE_MD_DIR = $(PLATFORM)
- endif
- endif
-endif
-
-
-REPORTER_TREE = $(subst \,\\,$(RELEASE_TREE))
-
-IMPORT_XP_DIR =
-IMPORT_MD_DIR = $(PLATFORM)
diff --git a/security/coreconf/version.mk b/security/coreconf/version.mk
deleted file mode 100644
index b2a55d180..000000000
--- a/security/coreconf/version.mk
+++ /dev/null
@@ -1,103 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Build master "Core Components" release version directory name #
-#######################################################################
-
-#
-# Always set CURRENT_VERSION_SYMLINK to the <current> symbolic link.
-#
-
-CURRENT_VERSION_SYMLINK = current
-
-
-#
-# For the sake of backwards compatibility (*sigh*) ...
-#
-
-ifndef VERSION
- ifdef BUILD_NUM
- VERSION = $(BUILD_NUM)
- endif
-endif
-
-ifndef RELEASE_VERSION
- ifdef BUILD_NUM
- RELEASE_VERSION = $(BUILD_NUM)
- endif
-endif
-
-#
-# If VERSION has still NOT been set on the command line,
-# as an environment variable, by the individual Makefile, or
-# by the <component>-specific "version.mk" file, set VERSION equal
-# to $(CURRENT_VERSION_SYMLINK).
-
-ifndef VERSION
- VERSION = $(CURRENT_VERSION_SYMLINK)
-endif
-
-# If RELEASE_VERSION has still NOT been set on the command line,
-# as an environment variable, by the individual Makefile, or
-# by the <component>-specific "version.mk" file, automatically
-# generate the next available version number via a perl script.
-#
-
-ifndef RELEASE_VERSION
- RELEASE_VERSION =
-endif
-
-#
-# Set <component>-specific versions for compiliation and linkage.
-#
-
-ifndef JAVA_VERSION
- JAVA_VERSION = $(CURRENT_VERSION_SYMLINK)
-endif
-
-ifndef NETLIB_VERSION
- NETLIB_VERSION = $(CURRENT_VERSION_SYMLINK)
-endif
-
-ifndef NSPR_VERSION
- NSPR_VERSION = $(CURRENT_VERSION_SYMLINK)
-endif
-
-ifndef SECTOOLS_VERSION
- SECTOOLS_VERSION = $(CURRENT_VERSION_SYMLINK)
-endif
-
-ifndef SECURITY_VERSION
- SECURITY_VERSION = $(CURRENT_VERSION_SYMLINK)
-endif
diff --git a/security/coreconf/version.pl b/security/coreconf/version.pl
deleted file mode 100644
index 47a71395b..000000000
--- a/security/coreconf/version.pl
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/usr/sbin/perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-# Compose lowercase alphabet
-@alphabet = ( "a", "b", "c", "d", "e", "f", "g", "h",
- "i", "j", "k", "l", "m", "n", "o", "p",
- "q", "r", "s", "t", "u", "v", "w", "x",
- "y", "z" );
-
-# Compute year
-$year = (localtime)[5] + 1900;
-
-# Compute month
-$month = (localtime)[4] + 1;
-
-# Compute day
-$day = (localtime)[3];
-
-# Compute base build number
-$version = sprintf( "%d%02d%02d", $year, $month, $day );
-$directory = sprintf( "%s\/%s\/%d%02d%02d", $ARGV[0], $ARGV[1], $year, $month, $day );
-
-# Print out the name of the first version directory which does not exist
-#if( ! -e $directory )
-#{
- print $version;
-#}
-#else
-#{
-# # Loop through combinations
-# foreach $ch1 (@alphabet)
-# {
-# foreach $ch2 (@alphabet)
-# {
-# $version = sprintf( "%d%02d%02d%s%s", $year, $month, $day, $ch1, $ch2 );
-# $directory = sprintf( "%s\/%s\/%d%02d%02d%s%s", $ARGV[0], $ARGV[1], $year, $month, $day, $ch1, $ch2 );
-# if( ! -e $directory )
-# {
-# print STDOUT $version;
-# exit;
-# }
-# }
-# }
-#}
-
diff --git a/security/nss/Makefile b/security/nss/Makefile
deleted file mode 100644
index 564654588..000000000
--- a/security/nss/Makefile
+++ /dev/null
@@ -1,116 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-moz_import::
- $(NSINSTALL) -L ../../../dist include $(DIST)
- $(NSINSTALL) -L ../../../dist lib $(DIST)
- cp $(DIST)/lib/libmozdbm_s.a $(DIST)/lib/libdbm.a
-
-nsm:: all
- cd ssm/lib/protocol; gmake
- cd ssm/server; gmake import; gmake
-
-nsm_rebuild::
- cd ssm/lib/protocol; gmake
- cd ssm/ui; gmake
- cd ssm/server; gmake import; gmake
-
-nsm_protocol: all
- cd ssm/lib/protocol; gmake
-
-nsm_ui: all
- cd ssm/ui; gmake
-
-nsm_gromit: nsm_protocol
- cd ssm/lib/client; gmake
- cd ssm/nav/gromit; gmake
-
-nsm_server: nsm_protocol nsm_ui
- cd ssm/server; gmake import; gmake
-
-coreconf_hack:
- cd ../coreconf; gmake
- gmake import
-
-nss_RelEng_bld: coreconf_hack
-# gmake import; gmake
-# cd ns/svrcore; gmake
- gmake
-
-nsm_RelEng_srvr_coreconf_import:
- gmake import
-
-nsm_RelEng_srvr_bld_Win: nsm_RelEng_srvr_coreconf_import nsm_server
-
-nsm_RelEng_srvr_bld: coreconf_hack nsm_server
diff --git a/security/nss/cmd/.cvsignore b/security/nss/cmd/.cvsignore
deleted file mode 100644
index 6329db22e..000000000
--- a/security/nss/cmd/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
-.gdbinit
diff --git a/security/nss/cmd/Makefile b/security/nss/cmd/Makefile
deleted file mode 100644
index 7265e3919..000000000
--- a/security/nss/cmd/Makefile
+++ /dev/null
@@ -1,182 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../..
-DEPTH = ../..
-
-include manifest.mn
-include $(CORE_DEPTH)/coreconf/config.mk
-
-# These sources were once in this directory, but now are gone.
-MISSING_SOURCES = \
- addcert.c \
- berparse.c \
- cert.c \
- key.c \
- key_rand.c \
- keygen.c \
- sec_fe.c \
- sec_read.c \
- secarb.c \
- secutil.c \
- $(NULL)
-
-# we don't build these any more, but the sources are still here
-OBSOLETE = \
- berdec.c \
- berdump.c \
- cypher.c \
- dumpcert.c \
- listcerts.c \
- mkdongle.c \
- p12exprt.c \
- p12imprt.c \
- rc4.c \
- sign.c \
- unwrap.c \
- vector.c \
- verify.c \
- wrap.c \
- $(NULL)
-
-# the base files for the executables
-# hey -- keep these alphabetical, please
-EXEC_SRCS = \
- $(NULL)
-
-# files that generate two separate objects and executables
-# BI_SRCS = \
-# keyutil.c \
-# p7env.c \
-# tstclnt.c \
-# $(NULL)
-
-# -I$(CORE_DEPTH)/security/lib/cert \
-# -I$(CORE_DEPTH)/security/lib/key \
-# -I$(CORE_DEPTH)/security/lib/util \
-
-INCLUDES += \
- -I$(DIST)/../public/security \
- -I./include \
- $(NULL)
-
-TBD_DIRS = rsh rshd rdist ssld
-
-# For the time being, sec stuff is export only
-# US_FLAGS = -DEXPORT_VERSION -DUS_VERSION
-
-US_FLAGS = -DEXPORT_VERSION
-EXPORT_FLAGS = -DEXPORT_VERSION
-
-BASE_LIBS = \
- $(DIST)/lib/libdbm.a \
- $(DIST)/lib/libxp.a \
- $(DIST)/lib/libnspr.a \
- $(NULL)
-
-# $(DIST)/lib/libpurenspr.a \
-
-#There is a circular dependancy in security/lib, and here is a gross fix
-SEC_LIBS = \
- $(DIST)/lib/libsecnav.a \
- $(DIST)/lib/libssl.a \
- $(DIST)/lib/libpkcs7.a \
- $(DIST)/lib/libcert.a \
- $(DIST)/lib/libkey.a \
- $(DIST)/lib/libsecmod.a \
- $(DIST)/lib/libcrypto.a \
- $(DIST)/lib/libsecutil.a \
- $(DIST)/lib/libssl.a \
- $(DIST)/lib/libpkcs7.a \
- $(DIST)/lib/libcert.a \
- $(DIST)/lib/libkey.a \
- $(DIST)/lib/libsecmod.a \
- $(DIST)/lib/libcrypto.a \
- $(DIST)/lib/libsecutil.a \
- $(DIST)/lib/libhash.a \
- $(NULL)
-
-MYLIB = lib/$(OBJDIR)/libsectool.a
-
-US_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
-EX_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
-
-REQUIRES = libxp nspr security
-
-CSRCS = $(EXEC_SRCS) $(BI_SRCS)
-
-OBJS = $(CSRCS:.c=.o) $(BI_SRCS:.c=-us.o) $(BI_SRCS:.c=-ex.o)
-
-PROGS = $(addprefix $(OBJDIR)/, $(EXEC_SRCS:.c=$(BIN_SUFFIX)))
-US_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-us$(BIN_SUFFIX)))
-EX_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-ex$(BIN_SUFFIX)))
-
-
-NON_DIRS = $(PROGS) $(US_PROGS) $(EX_PROGS)
-TARGETS = $(NON_DIRS)
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-
-ifneq ($(OS_ARCH),OS2)
-$(OBJDIR)/%-us.o: %.c
- @$(MAKE_OBJDIR)
- $(CCF) -o $@ $(US_FLAGS) -c $*.c
-
-$(OBJDIR)/%-ex.o: %.c
- @$(MAKE_OBJDIR)
- $(CCF) -o $@ $(EXPORT_FLAGS) -c $*.c
-
-$(OBJDIR)/%.o: %.c
- @$(MAKE_OBJDIR)
- $(CCF) -o $@ $(EXPORT_FLAGS) -c $*.c
-
-$(US_PROGS):$(OBJDIR)/%-us: $(OBJDIR)/%-us.o $(US_LIBS)
- @$(MAKE_OBJDIR)
- $(CCF) -o $@ $(OBJDIR)/$*-us.o $(LDFLAGS) $(US_LIBS) $(OS_LIBS)
-
-$(EX_PROGS):$(OBJDIR)/%-ex: $(OBJDIR)/%-ex.o $(EX_LIBS)
- @$(MAKE_OBJDIR)
- $(CCF) -o $@ $(OBJDIR)/$*-ex.o $(LDFLAGS) $(EX_LIBS) $(OS_LIBS)
-
-$(PROGS):$(OBJDIR)/%: $(OBJDIR)/%.o $(EX_LIBS)
- @$(MAKE_OBJDIR)
- $(CCF) -o $@ $@.o $(LDFLAGS) $(EX_LIBS) $(OS_LIBS)
-
-#install:: $(TARGETS)
-# $(INSTALL) $(TARGETS) $(DIST)/bin
-endif
-
-symbols::
- @echo "TARGETS = $(TARGETS)"
diff --git a/security/nss/cmd/SSLsample/Makefile b/security/nss/cmd/SSLsample/Makefile
deleted file mode 100644
index 0c21548cd..000000000
--- a/security/nss/cmd/SSLsample/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-# do these once for each target program
-all default export libs program install release_export::
- $(MAKE) -f make.client $@
- $(MAKE) -f make.server $@
-
-# only do these things once for the whole directory
-depend dependclean clean clobber release_classes release_clean release_cpdistdir release_export release_jars release_md release_policy show::
- $(MAKE) -f make.client $@
-
-
diff --git a/security/nss/cmd/SSLsample/Makefile.NSS b/security/nss/cmd/SSLsample/Makefile.NSS
deleted file mode 100644
index 8370b1514..000000000
--- a/security/nss/cmd/SSLsample/Makefile.NSS
+++ /dev/null
@@ -1,58 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-ARCH := $(shell uname)
-
-ifeq ($(ARCH), SunOS)
- DEFINES = -KPIC -DSVR4 -DSOLARIS -DSYSV -D__svr4 -D__svr4__ \
- -D_REENTRANT -DSOLARIS2_5 -D_SVID_GETTOD -DXP_UNIX -UDEBUG -DNDEBUG \
- -D_PR_GLOBAL_THREADS_ONLY -DXP_UNIX
- INCPATH = -I. -I../include/dbm -I../include/nspr -I../include/security
- LIBPATH = -L../lib
- LIBS = -lnss -lssl -lpkcs7 -lpkcs12 -lsecmod -lcert -lkey \
- -lcrypto -lsecutil -lhash -ldbm -lplc4 -lplds4 -lnspr4 -lsocket -lnsl
- CFLAGS = -g
- CC = cc
-endif # SunOS
-
-# The rules to build the sample apps appear below.
-
-server:
- $(CC) $(CFLAGS) $@.c -o $@ $(DEFINES) $(INCPATH) $(LIBPATH) $(LIBS)
-
-client:
- $(CC) $(CFLAGS) $@.c -o $@ $(DEFINES) $(INCPATH) $(LIBPATH) $(LIBS)
-
-clean:
- rm -fr server client server.o client.o
-
diff --git a/security/nss/cmd/SSLsample/NSPRerrs.h b/security/nss/cmd/SSLsample/NSPRerrs.h
deleted file mode 100644
index bacdef6b2..000000000
--- a/security/nss/cmd/SSLsample/NSPRerrs.h
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/* General NSPR 2.0 errors */
-/* Caller must #include "prerror.h" */
-
-ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." )
-ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." )
-ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." )
-ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." )
-ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." )
-ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." )
-ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." )
-ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
-ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." )
-ER2( PR_IO_ERROR, "I/O function error." )
-ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." )
-ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." )
-ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." )
-ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
-ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
-ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
-ER2( PR_IS_CONNECTED_ERROR, "Already connected." )
-ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." )
-ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." )
-ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." )
-ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
-ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." )
-ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." )
-ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." )
-ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." )
-ER2( PR_FIND_SYMBOL_ERROR,
-"Symbol not found in any of the loaded dynamic libraries." )
-ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
-ER2( PR_DIRECTORY_LOOKUP_ERROR,
-"A directory lookup on a network address has failed." )
-ER2( PR_TPD_RANGE_ERROR,
-"Attempt to access a TPD key that is out of range." )
-ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
-ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
-ER2( PR_NOT_SOCKET_ERROR,
-"Network operation attempted on non-network file descriptor." )
-ER2( PR_NOT_TCP_SOCKET_ERROR,
-"TCP-specific function attempted on a non-TCP file descriptor." )
-ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
-ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
-ER2( PR_OPERATION_NOT_SUPPORTED_ERROR,
-"The requested operation is not supported by the platform." )
-ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR,
-"The host operating system does not support the protocol requested." )
-ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." )
-ER2( PR_BUFFER_OVERFLOW_ERROR,
-"The value requested is too large to be stored in the data buffer provided." )
-ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." )
-ER2( PR_RANGE_ERROR, "Unused." )
-ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." )
-ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." )
-ER2( PR_FILE_TOO_BIG_ERROR,
-"Write would result in file larger than the system allows." )
-ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." )
-ER2( PR_PIPE_ERROR, "Unused." )
-ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." )
-ER2( PR_IS_DIRECTORY_ERROR,
-"Cannot perform a normal file operation on a directory." )
-ER2( PR_LOOP_ERROR, "Symbolic link loop." )
-ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." )
-ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." )
-ER2( PR_NOT_DIRECTORY_ERROR,
-"Cannot perform directory operation on a normal file." )
-ER2( PR_READ_ONLY_FILESYSTEM_ERROR,
-"Cannot write to a read-only file system." )
-ER2( PR_DIRECTORY_NOT_EMPTY_ERROR,
-"Cannot delete a directory that is not empty." )
-ER2( PR_FILESYSTEM_MOUNTED_ERROR,
-"Cannot delete or rename a file object while the file system is busy." )
-ER2( PR_NOT_SAME_DEVICE_ERROR,
-"Cannot rename a file to a file system on another device." )
-ER2( PR_DIRECTORY_CORRUPTED_ERROR,
-"The directory object in the file system is corrupted." )
-ER2( PR_FILE_EXISTS_ERROR,
-"Cannot create or rename a filename that already exists." )
-ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR,
-"Directory is full. No additional filenames may be added." )
-ER2( PR_INVALID_DEVICE_STATE_ERROR,
-"The required device was in an invalid state." )
-ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
-ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." )
-ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." )
-ER2( PR_FILE_SEEK_ERROR, "Seek error." )
-ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." )
-ER2( PR_IN_PROGRESS_ERROR,
-"Operation is still in progress (probably a non-blocking connect)." )
-ER2( PR_ALREADY_INITIATED_ERROR,
-"Operation has already been initiated (probably a non-blocking connect)." )
-
-#ifdef PR_GROUP_EMPTY_ERROR
-ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." )
-#endif
-
-#ifdef PR_INVALID_STATE_ERROR
-ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." )
-#endif
-
-ER2( PR_MAX_ERROR, "Placeholder for the end of the list" )
diff --git a/security/nss/cmd/SSLsample/README b/security/nss/cmd/SSLsample/README
deleted file mode 100644
index 2c4c09110..000000000
--- a/security/nss/cmd/SSLsample/README
+++ /dev/null
@@ -1,43 +0,0 @@
-These sample programs can be built in either of two ways:
-1) is the NSS source tree, using the coreconf build system, and
-2) stand alone (as part of the NSS distribution).
-
-The following makefiles are used only when building in the NSS source tree
-using coreconf. These are NOT part of the distribution.
-
-Makefile
-client.mn
-server.mn
-config.mk
-make.client
-make.server
-
-The following makefiles are used only when building in the NSS distribution.
-These files are part of the distribution.
-
-Makefile.NSS
-nmakefile95.nss
-nmakefilent.nss
-
-
-The following source files are common to both build environments and are
-part of the distribution.
-
-NSPRerrs.h
-SECerrs.h
-SSLerrs.h
-client.c
-getopt.c
-server.c
-sslerror.h
-
-In the NSS 2.0 distribution, the sample code and makefiles are in a
-directory named "samples". The directories relevant to building
-in the distributed tree are:
-
-./samples
-./include/dbm
-./include/nspr
-./include/security
-./lib
-
diff --git a/security/nss/cmd/SSLsample/SECerrs.h b/security/nss/cmd/SSLsample/SECerrs.h
deleted file mode 100644
index 2059df6a2..000000000
--- a/security/nss/cmd/SSLsample/SECerrs.h
+++ /dev/null
@@ -1,441 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/* General security error codes */
-/* Caller must #include "secerr.h" */
-
-ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0,
-"An I/O error occurred during security authorization.")
-
-ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1,
-"security library failure.")
-
-ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2,
-"security library: received bad data.")
-
-ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3,
-"security library: output length error.")
-
-ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4,
-"security library has experienced an input length error.")
-
-ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5,
-"security library: invalid arguments.")
-
-ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6,
-"security library: invalid algorithm.")
-
-ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7,
-"security library: invalid AVA.")
-
-ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8,
-"Improperly formatted time string.")
-
-ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9,
-"security library: improperly formatted DER-encoded message.")
-
-ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10,
-"Peer's certificate has an invalid signature.")
-
-ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11,
-"Peer's Certificate has expired.")
-
-ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12,
-"Peer's Certificate has been revoked.")
-
-ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13,
-"Peer's Certificate issuer is not recognized.")
-
-ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14,
-"Peer's public key is invalid.")
-
-ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15,
-"The security password entered is incorrect.")
-
-ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16,
-"New password entered incorrectly. Please try again.")
-
-ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17,
-"security library: no nodelock.")
-
-ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18,
-"security library: bad database.")
-
-ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19,
-"security library: memory allocation failure.")
-
-ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20,
-"Peer's certificate issuer has been marked as not trusted by the user.")
-
-ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21,
-"Peer's certificate has been marked as not trusted by the user.")
-
-ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22),
-"Certificate already exists in your database.")
-
-ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23),
-"Downloaded certificate's name duplicates one already in your database.")
-
-ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24),
-"Error adding certificate to database.")
-
-ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25),
-"Error refiling the key for this certificate.")
-
-ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26),
-"The private key for this certificate cannot be found in key database")
-
-ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27),
-"This certificate is valid.")
-
-ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28),
-"This certificate is not valid.")
-
-ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29),
-"Cert Library: No Response")
-
-ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30),
-"The certificate issuer's certificate has expired. Check your system date and time.")
-
-ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31),
-"The CRL for the certificate's issuer has expired. Update it or check your system data and time.")
-
-ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32),
-"The CRL for the certificate's issuer has an invalid signature.")
-
-ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33),
-"New CRL has an invalid format.")
-
-ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34),
-"Certificate extension value is invalid.")
-
-ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35),
-"Certificate extension not found.")
-
-ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36),
-"Issuer certificate is invalid.")
-
-ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37),
-"Certificate path length constraint is invalid.")
-
-ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38),
-"Certificate usages field is invalid.")
-
-ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39),
-"**Internal ONLY module**")
-
-ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40),
-"The key does not support the requested operation.")
-
-ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41),
-"Certificate contains unknown critical extension.")
-
-ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42),
-"New CRL is not later than the current one.")
-
-ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43),
-"Not encrypted or signed: you do not yet have an email certificate.")
-
-ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44),
-"Not encrypted: you do not have certificates for each of the recipients.")
-
-ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45),
-"Cannot decrypt: you are not a recipient, or matching certificate and \
-private key not found.")
-
-ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46),
-"Cannot decrypt: key encryption algorithm does not match your certificate.")
-
-ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47),
-"Signature verification failed: no signer found, too many signers found, \
-or improper or corrupted data.")
-
-ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
-"Unsupported or unknown key algorithm.")
-
-ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
-"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
-
-
-/* Fortezza Alerts */
-ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
-"Fortezza card has not been properly initialized. \
-Please remove it and return it to your issuer.")
-
-ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
-"No Fortezza cards Found")
-
-ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
-"No Fortezza card selected")
-
-ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
-"Please select a personality to get more info on")
-
-ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
-"Personality not found")
-
-ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
-"No more information on that Personality")
-
-ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
-"Invalid Pin")
-
-ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
-"Couldn't initialize Fortezza personalities.")
-/* end fortezza alerts. */
-
-ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
-"No KRL for this site's certificate has been found.")
-
-ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59),
-"The KRL for this site's certificate has expired.")
-
-ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60),
-"The KRL for this site's certificate has an invalid signature.")
-
-ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61),
-"The key for this site's certificate has been revoked.")
-
-ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62),
-"New KRL has an invalid format.")
-
-ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63),
-"security library: need random data.")
-
-ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64),
-"security library: no security module can perform the requested operation.")
-
-ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65),
-"The security card or token does not exist, needs to be initialized, or has been removed.")
-
-ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66),
-"security library: read-only database.")
-
-ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67),
-"No slot or token was selected.")
-
-ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68),
-"A certificate with the same nickname already exists.")
-
-ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69),
-"A key with the same nickname already exists.")
-
-ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70),
-"error while creating safe object")
-
-ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71),
-"error while creating baggage object")
-
-ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72),
-"Couldn't remove the principal")
-
-ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73),
-"Couldn't delete the privilege")
-
-ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74),
-"This principal doesn't have a certificate")
-
-ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75),
-"Required algorithm is not allowed.")
-
-ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76),
-"Error attempting to export certificates.")
-
-ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77),
-"Error attempting to import certificates.")
-
-ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78),
-"Unable to import. Decoding error. File not valid.")
-
-ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79),
-"Unable to import. Invalid MAC. Incorrect password or corrupt file.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80),
-"Unable to import. MAC algorithm not supported.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
-"Unable to import. Only password integrity and privacy modes supported.")
-
-ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82),
-"Unable to import. File structure is corrupt.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
-"Unable to import. Encryption algorithm not supported.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84),
-"Unable to import. File version not supported.")
-
-ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
-"Unable to import. Incorrect privacy password.")
-
-ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86),
-"Unable to import. Same nickname already exists in database.")
-
-ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87),
-"The user pressed cancel.")
-
-ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88),
-"Not imported, already in database.")
-
-ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89),
-"Message not sent.")
-
-ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90),
-"Certificate key usage inadequate for attempted operation.")
-
-ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91),
-"Certificate type not approved for application.")
-
-ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92),
-"Address in signing certificate does not match address in message headers.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93),
-"Unable to import. Error attempting to import private key.")
-
-ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94),
-"Unable to import. Error attempting to import certificate chain.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
-"Unable to export. Unable to locate certificate or key by nickname.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96),
-"Unable to export. Private Key could not be located and exported.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97),
-"Unable to export. Unable to write the export file.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98),
-"Unable to import. Unable to read the import file.")
-
-ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
-"Unable to export. Key database corrupt or deleted.")
-
-ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100),
-"Unable to generate public/private key pair.")
-
-ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101),
-"Password entered is invalid. Please pick a different one.")
-
-ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
-"Old password entered incorrectly. Please try again.")
-
-ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
-"Certificate nickname already in use.")
-
-ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
-"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
-
-/* ER3(SEC_ERROR_UNKNOWN, (SEC_ERROR_BASE + 105), */
-
-ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
-"Invalid module name.")
-
-ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107),
-"Invalid module path/filename")
-
-ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108),
-"Unable to add module")
-
-ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109),
-"Unable to delete module")
-
-ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110),
-"New KRL is not later than the current one.")
-
-ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111),
-"New CKL has different issuer than current CKL. Delete current CKL.")
-
-ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112),
-"The Certifying Authority for this certificate is not permitted to issue a \
-certificate with this name.")
-
-ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113),
-"The key revocation list for this certificate is not yet valid.")
-
-ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114),
-"The certificate revocation list for this certificate is not yet valid.")
-
-ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115),
-"The requested certificate could not be found.")
-
-ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116),
-"The signer's certificate could not be found.")
-
-ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117),
-"The location for the certificate status server has invalid format.")
-
-ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118),
-"The OCSP response cannot be fully decoded; it is of an unknown type.")
-
-ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119),
-"The OCSP server returned unexpected/invalid HTTP data.")
-
-ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120),
-"The OCSP server found the request to be corrupted or improperly formed.")
-
-ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121),
-"The OCSP server experienced an internal error.")
-
-ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122),
-"The OCSP server suggests trying again later.")
-
-ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123),
-"The OCSP server requires a signature on this request.")
-
-ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124),
-"The OCSP server has refused this request as unauthorized.")
-
-ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125),
-"The OCSP server returned an unrecognizable status.")
-
-ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126),
-"The OCSP server has no status for the certificate.")
-
-ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127),
-"You must enable OCSP before performing this operation.")
-
-ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128),
-"You must set the OCSP default responder before performing this operation.")
-
-ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129),
-"The response from the OCSP server was corrupted or improperly formed.")
-
-ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130),
-"The signer of the OCSP response is not authorized to give status for \
-this certificate.")
-
-ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131),
-"The OCSP response is not yet valid (contains a date in the future).")
-
-ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132),
-"The OCSP response contains out-of-date information.")
diff --git a/security/nss/cmd/SSLsample/SSLerrs.h b/security/nss/cmd/SSLsample/SSLerrs.h
deleted file mode 100644
index 06803b849..000000000
--- a/security/nss/cmd/SSLsample/SSLerrs.h
+++ /dev/null
@@ -1,366 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/* SSL-specific security error codes */
-/* caller must include "sslerr.h" */
-
-ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0,
-"Unable to communicate securely. Peer does not support high-grade encryption.")
-
-ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1,
-"Unable to communicate securely. Peer requires high-grade encryption which is not supported.")
-
-ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2,
-"Cannot communicate securely with peer: no common encryption algorithm(s).")
-
-ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3,
-"Unable to find the certificate or key necessary for authentication.")
-
-ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4,
-"Unable to communicate securely with peer: peers's certificate was rejected.")
-
-/* unused (SSL_ERROR_BASE + 5),*/
-
-ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6,
-"The server has encountered bad data from the client.")
-
-ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7,
-"The client has encountered bad data from the server.")
-
-ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8,
-"Unsupported certificate type.")
-
-ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9,
-"Peer using unsupported version of security protocol.")
-
-/* unused (SSL_ERROR_BASE + 10),*/
-
-ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11,
-"Client authentication failed: private key in key database does not match public key in certificate database.")
-
-ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12,
-"Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
-
-/* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13),
- defined in sslerr.h
-*/
-
-ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14),
-"Peer only supports SSL version 2, which is locally disabled.")
-
-
-ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15),
-"SSL received a record with an incorrect Message Authentication Code.")
-
-ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16),
-"SSL peer reports incorrect Message Authentication Code.")
-
-ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17),
-"SSL peer cannot verify your certificate.")
-
-ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18),
-"SSL peer rejected your certificate as revoked.")
-
-ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19),
-"SSL peer rejected your certificate as expired.")
-
-ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20),
-"Cannot connect: SSL is disabled.")
-
-ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21),
-"Cannot connect: SSL peer is in another FORTEZZA domain.")
-
-
-ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22),
-"An unknown SSL cipher suite has been requested.")
-
-ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23),
-"No cipher suites are present and enabled in this program.")
-
-ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24),
-"SSL received a record with bad block padding.")
-
-ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25),
-"SSL received a record that exceeded the maximum permissible length.")
-
-ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26),
-"SSL attempted to send a record that exceeded the maximum permissible length.")
-
-/*
- * Received a malformed (too long or short or invalid content) SSL handshake.
- */
-ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27),
-"SSL received a malformed Hello Request handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28),
-"SSL received a malformed Client Hello handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29),
-"SSL received a malformed Server Hello handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30),
-"SSL received a malformed Certificate handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31),
-"SSL received a malformed Server Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32),
-"SSL received a malformed Certificate Request handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33),
-"SSL received a malformed Server Hello Done handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34),
-"SSL received a malformed Certificate Verify handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35),
-"SSL received a malformed Client Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36),
-"SSL received a malformed Finished handshake message.")
-
-/*
- * Received a malformed (too long or short) SSL record.
- */
-ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37),
-"SSL received a malformed Change Cipher Spec record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38),
-"SSL received a malformed Alert record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39),
-"SSL received a malformed Handshake record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40),
-"SSL received a malformed Application Data record.")
-
-/*
- * Received an SSL handshake that was inappropriate for the state we're in.
- * E.g. Server received message from server, or wrong state in state machine.
- */
-ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41),
-"SSL received an unexpected Hello Request handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42),
-"SSL received an unexpected Client Hello handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43),
-"SSL received an unexpected Server Hello handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44),
-"SSL received an unexpected Certificate handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45),
-"SSL received an unexpected Server Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46),
-"SSL received an unexpected Certificate Request handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47),
-"SSL received an unexpected Server Hello Done handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48),
-"SSL received an unexpected Certificate Verify handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49),
-"SSL received an unexpected Cllient Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50),
-"SSL received an unexpected Finished handshake message.")
-
-/*
- * Received an SSL record that was inappropriate for the state we're in.
- */
-ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51),
-"SSL received an unexpected Change Cipher Spec record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52),
-"SSL received an unexpected Alert record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53),
-"SSL received an unexpected Handshake record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
-"SSL received an unexpected Application Data record.")
-
-/*
- * Received record/message with unknown discriminant.
- */
-ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55),
-"SSL received a record with an unknown content type.")
-
-ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56),
-"SSL received a handshake message with an unknown message type.")
-
-ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57),
-"SSL received an alert record with an unknown alert description.")
-
-/*
- * Received an alert reporting what we did wrong. (more alerts above)
- */
-ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58),
-"SSL peer has closed this connection.")
-
-ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59),
-"SSL peer was not expecting a handshake message it received.")
-
-ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60),
-"SSL peer was unable to succesfully decompress an SSL record it received.")
-
-ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61),
-"SSL peer was unable to negotiate an acceptable set of security parameters.")
-
-ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62),
-"SSL peer rejected a handshake message for unacceptable content.")
-
-ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63),
-"SSL peer does not support certificates of the type it received.")
-
-ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64),
-"SSL peer had some unspecified issue with the certificate it received.")
-
-
-ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65),
-"SSL experienced a failure of its random number generator.")
-
-ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66),
-"Unable to digitally sign data required to verify your certificate.")
-
-ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67),
-"SSL was unable to extract the public key from the peer's certificate.")
-
-ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68),
-"Unspecified failure while processing SSL Server Key Exchange handshake.")
-
-ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69),
-"Unspecified failure while processing SSL Client Key Exchange handshake.")
-
-ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70),
-"Bulk data encryption algorithm failed in selected cipher suite.")
-
-ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71),
-"Bulk data decryption algorithm failed in selected cipher suite.")
-
-ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72),
-"Attempt to write encrypted data to underlying socket failed.")
-
-ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73),
-"MD5 digest function failed.")
-
-ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74),
-"SHA-1 digest function failed.")
-
-ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75),
-"MAC computation failed.")
-
-ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76),
-"Failure to create Symmetric Key context.")
-
-ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77),
-"Failure to unwrap the Symmetric key in Client Key Exchange message.")
-
-ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78),
-"SSL Server attempted to use domestic-grade public key with export cipher suite.")
-
-ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79),
-"PKCS11 code failed to translate an IV into a param.")
-
-ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80),
-"Failed to initialize the selected cipher suite.")
-
-ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81),
-"Client failed to generate session keys for SSL session.")
-
-ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82),
-"Server has no key for the attempted key exchange algorithm.")
-
-ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83),
-"PKCS#11 token was inserted or removed while operation was in progress.")
-
-ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84),
-"No PKCS#11 token could be found to do a required operation.")
-
-ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85),
-"Cannot communicate securely with peer: no common compression algorithm(s).")
-
-ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86),
-"Cannot initiate another SSL handshake until current handshake is complete.")
-
-ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87),
-"Received incorrect handshakes hash values from peer.")
-
-ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88),
-"The certificate provided cannot be used with the selected key exchange algorithm.")
-
-ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89),
-"No certificate authority is trusted for SSL client authentication.")
-
-ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90),
-"Client's SSL session ID not found in server's session cache.")
-
-ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91),
-"Peer was unable to decrypt an SSL record it received.")
-
-ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92),
-"Peer received an SSL record that was longer than is permitted.")
-
-ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93),
-"Peer does not recognize and trust the CA that issued your certificate.")
-
-ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94),
-"Peer received a valid certificate, but access was denied.")
-
-ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95),
-"Peer could not decode an SSL handshake message.")
-
-ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96),
-"Peer reports failure of signature verification or key exchange.")
-
-ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97),
-"Peer reports negotiation not in compliance with export regulations.")
-
-ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98),
-"Peer reports incompatible or unsupported protocol version.")
-
-ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99),
-"Server requires ciphers more secure than those supported by client.")
-
-ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100),
-"Peer reports it experienced an internal error.")
-
-ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101),
-"Peer user canceled handshake.")
-
-ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102),
-"Peer does not permit renegotiation of SSL security parameters.")
-
diff --git a/security/nss/cmd/SSLsample/client.c b/security/nss/cmd/SSLsample/client.c
deleted file mode 100644
index 44ed34c31..000000000
--- a/security/nss/cmd/SSLsample/client.c
+++ /dev/null
@@ -1,451 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/****************************************************************************
- * SSL client program that sets up a connection to SSL server, transmits *
- * some data and then reads the reply *
- ****************************************************************************/
-
-#include <stdio.h>
-#include <string.h>
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#include "prerror.h"
-
-#include "pk11func.h"
-#include "secitem.h"
-
-
-#include <stdlib.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-
-#include "nspr.h"
-#include "plgetopt.h"
-#include "prio.h"
-#include "prnetdb.h"
-#include "nss.h"
-
-#include "sslsample.h"
-
-#define RD_BUF_SIZE (60 * 1024)
-
-extern int cipherSuites[];
-extern int ssl2CipherSuites[];
-extern int ssl3CipherSuites[];
-
-GlobalThreadMgr threadMGR;
-char *certNickname = NULL;
-char *hostName = NULL;
-char *password = NULL;
-unsigned short port = 0;
-
-static void
-Usage(const char *progName)
-{
- fprintf(stderr,
- "Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n"
- " [-w dbpasswd] [-C cipher(s)] hostname\n",
- progName);
- exit(1);
-}
-
-PRFileDesc *
-setupSSLSocket(PRNetAddr *addr)
-{
- PRFileDesc *tcpSocket;
- PRFileDesc *sslSocket;
- PRSocketOptionData socketOption;
- PRStatus prStatus;
- SECStatus secStatus;
-
-retry:
-
- tcpSocket = PR_NewTCPSocket();
- if (tcpSocket == NULL) {
- errWarn("PR_NewTCPSocket");
- }
-
- /* Make the socket blocking. */
- socketOption.option = PR_SockOpt_Nonblocking;
- socketOption.value.non_blocking = PR_FALSE;
-
- prStatus = PR_SetSocketOption(tcpSocket, &socketOption);
- if (prStatus != PR_SUCCESS) {
- errWarn("PR_SetSocketOption");
- goto loser;
- }
-
-#if 0
- /* Verify that a connection can be made to the socket. */
- prStatus = PR_Connect(tcpSocket, addr, PR_INTERVAL_NO_TIMEOUT);
- if (prStatus != PR_SUCCESS) {
- PRErrorCode err = PR_GetError();
- if (err == PR_CONNECT_REFUSED_ERROR) {
- PR_Close(tcpSocket);
- PR_Sleep(PR_MillisecondsToInterval(10));
- fprintf(stderr, "Connection to port refused, retrying.\n");
- goto retry;
- }
- errWarn("PR_Connect");
- goto loser;
- }
-#endif
-
- /* Import the socket into the SSL layer. */
- sslSocket = SSL_ImportFD(NULL, tcpSocket);
- if (!sslSocket) {
- errWarn("SSL_ImportFD");
- goto loser;
- }
-
- /* Set configuration options. */
- secStatus = SSL_Enable(sslSocket, SSL_SECURITY, PR_TRUE);
- if (secStatus != SECSuccess) {
- errWarn("SSL_Enable:SSL_SECURITY");
- goto loser;
- }
-
- secStatus = SSL_Enable(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
- if (secStatus != SECSuccess) {
- errWarn("SSL_Enable:SSL_HANDSHAKE_AS_CLIENT");
- goto loser;
- }
-
- /* Set SSL callback routines. */
- secStatus = SSL_GetClientAuthDataHook(sslSocket,
- (SSLGetClientAuthData)myGetClientAuthData,
- (void *)certNickname);
- if (secStatus != SECSuccess) {
- errWarn("SSL_GetClientAuthDataHook");
- goto loser;
- }
-
- secStatus = SSL_AuthCertificateHook(sslSocket,
- (SSLAuthCertificate)myAuthCertificate,
- (void *)CERT_GetDefaultCertDB());
- if (secStatus != SECSuccess) {
- errWarn("SSL_AuthCertificateHook");
- goto loser;
- }
-
- secStatus = SSL_BadCertHook(sslSocket,
- (SSLBadCertHandler)myBadCertHandler, NULL);
- if (secStatus != SECSuccess) {
- errWarn("SSL_BadCertHook");
- goto loser;
- }
-
- secStatus = SSL_HandshakeCallback(sslSocket,
- (SSLHandshakeCallback)myHandshakeCallback,
- NULL);
- if (secStatus != SECSuccess) {
- errWarn("SSL_HandshakeCallback");
- goto loser;
- }
-
- return sslSocket;
-
-loser:
-
- PR_Close(tcpSocket);
- return NULL;
-}
-
-
-const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" };
-
-SECStatus
-handle_connection(PRFileDesc *sslSocket, int connection)
-{
- int countRead = 0;
- PRInt32 numBytes;
- char *readBuffer;
-
- readBuffer = PORT_Alloc(RD_BUF_SIZE);
- if (!readBuffer) {
- exitErr("PORT_Alloc");
- }
-
- /* compose the http request here. */
-
- numBytes = PR_Write(sslSocket, requestString, strlen(requestString));
- if (numBytes <= 0) {
- errWarn("PR_Write");
- PR_Free(readBuffer);
- readBuffer = NULL;
- return SECFailure;
- }
-
- /* read until EOF */
- while (PR_TRUE) {
- numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE);
- if (numBytes == 0) {
- break; /* EOF */
- }
- if (numBytes < 0) {
- errWarn("PR_Read");
- break;
- }
- countRead += numBytes;
- fprintf(stderr, "***** Connection %d read %d bytes (%d total).\n",
- connection, numBytes, countRead );
- readBuffer[numBytes] = '\0';
- fprintf(stderr, "************\n%s\n************\n", readBuffer);
- }
-
- printSecurityInfo(sslSocket);
-
- PR_Free(readBuffer);
- readBuffer = NULL;
-
- /* Caller closes the socket. */
-
- fprintf(stderr,
- "***** Connection %d read %d bytes total.\n",
- connection, countRead);
-
- return SECSuccess; /* success */
-}
-
-/* one copy of this function is launched in a separate thread for each
-** connection to be made.
-*/
-SECStatus
-do_connects(void *a, int connection)
-{
- PRNetAddr *addr = (PRNetAddr *)a;
- PRFileDesc *sslSocket;
- PRHostEnt hostEntry;
- char buffer[PR_NETDB_BUF_SIZE];
- PRStatus prStatus;
- PRIntn hostenum;
- SECStatus secStatus;
-
- /* Set up SSL secure socket. */
- sslSocket = setupSSLSocket(addr);
- if (sslSocket == NULL) {
- errWarn("setupSSLSocket");
- return SECFailure;
- }
-
- secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
- if (secStatus != SECSuccess) {
- errWarn("SSL_SetPKCS11PinArg");
- return secStatus;
- }
-
- secStatus = SSL_SetURL(sslSocket, hostName);
- if (secStatus != SECSuccess) {
- errWarn("SSL_SetURL");
- return secStatus;
- }
-
- /* Prepare and setup network connection. */
- prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
- if (prStatus != PR_SUCCESS) {
- errWarn("PR_GetHostByName");
- return SECFailure;
- }
-
- hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr);
- if (hostenum == -1) {
- errWarn("PR_EnumerateHostEnt");
- return SECFailure;
- }
-
- prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT);
- if (prStatus != PR_SUCCESS) {
- errWarn("PR_Connect");
- return SECFailure;
- }
-
- /* Established SSL connection, ready to send data. */
-#if 0
- secStatus = SSL_ForceHandshake(sslSocket);
- if (secStatus != SECSuccess) {
- errWarn("SSL_ForceHandshake");
- return secStatus;
- }
-#endif
-
- secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE);
- if (secStatus != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- prStatus = PR_Close(sslSocket);
- if (prStatus != PR_SUCCESS) {
- errWarn("PR_Close");
- }
- return secStatus;
- }
-
- secStatus = handle_connection(sslSocket, connection);
- if (secStatus != SECSuccess) {
- errWarn("handle_connection");
- return secStatus;
- }
-
- PR_Close(sslSocket);
- return SECSuccess;
-}
-
-void
-client_main(unsigned short port,
- int connections,
- const char * hostName)
-{
- int i;
- SECStatus secStatus;
- PRStatus prStatus;
- PRInt32 rv;
- PRNetAddr addr;
- PRHostEnt hostEntry;
- char buffer[256];
-
- /* Setup network connection. */
- prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry);
- if (prStatus != PR_SUCCESS) {
- exitErr("PR_GetHostByName");
- }
-
- rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr);
- if (rv < 0) {
- exitErr("PR_EnumerateHostEnt");
- }
-
- secStatus = launch_thread(&threadMGR, do_connects, &addr, 1);
- if (secStatus != SECSuccess) {
- exitErr("launch_thread");
- }
-
- if (connections > 1) {
- /* wait for the first connection to terminate, then launch the rest. */
- reap_threads(&threadMGR);
- /* Start up the connections */
- for (i = 2; i <= connections; ++i) {
- secStatus = launch_thread(&threadMGR, do_connects, &addr, i);
- if (secStatus != SECSuccess) {
- errWarn("launch_thread");
- }
- }
- }
-
- reap_threads(&threadMGR);
- destroy_thread_data(&threadMGR);
-}
-
-int
-main(int argc, char **argv)
-{
- char * certDir = ".";
- char * progName = NULL;
- int connections = 1;
- char * cipherString = NULL;
- SECStatus secStatus;
- PLOptState * optstate;
- PLOptStatus status;
-
- /* Call the NSPR initialization routines */
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
- progName = PL_strdup(argv[0]);
-
- hostName = NULL;
- optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch(optstate->option) {
- case 'C' : cipherString = PL_strdup(optstate->value); break;
- case 'c' : connections = PORT_Atoi(optstate->value); break;
- case 'd' : certDir = PL_strdup(optstate->value); break;
- case 'n' : certNickname = PL_strdup(optstate->value); break;
- case 'p' : port = PORT_Atoi(optstate->value); break;
- case 'w' : password = PL_strdup(optstate->value); break;
- case '\0': hostName = PL_strdup(optstate->value); break;
- default : Usage(progName);
- }
- }
-
- if (port == 0 || hostName == NULL)
- Usage(progName);
-
- if (certDir == NULL) {
- certDir = PR_smprintf("%s/.netscape", getenv("HOME"));
- }
-
- /* Set our password function callback. */
- PK11_SetPasswordFunc(myPasswd);
-
- /* Initialize the NSS libraries. */
- secStatus = NSS_Init(certDir);
- if (secStatus != SECSuccess) {
- exitErr("NSS_Init");
- }
-
- /* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */
- NSS_SetDomesticPolicy();
- SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED);
-
- /* all the SSL2 and SSL3 cipher suites are enabled by default. */
- if (cipherString) {
- int ndx;
-
- /* disable all the ciphers, then enable the ones we want. */
- disableSSL2Ciphers();
- disableSSL3Ciphers();
-
- while (0 != (ndx = *cipherString++)) {
- int *cptr;
- int cipher;
-
- if (! isalpha(ndx))
- Usage(progName);
- cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
- for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
- /* do nothing */;
- if (cipher) {
- SSL_EnableCipher(cipher, SSL_ALLOWED);
- }
- }
- }
-
- client_main(port, connections, hostName);
-
- NSS_Shutdown();
- PR_Cleanup();
- return 0;
-}
-
diff --git a/security/nss/cmd/SSLsample/client.mn b/security/nss/cmd/SSLsample/client.mn
deleted file mode 100644
index 74930c5e5..000000000
--- a/security/nss/cmd/SSLsample/client.mn
+++ /dev/null
@@ -1,50 +0,0 @@
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-EXPORTS =
-
-CSRCS = client.c \
- sslsample.c \
- $(NULL)
-
-PROGRAM = client
-
-REQUIRES = dbm
-
-IMPORTS = security/lib/nss
-
-DEFINES = -DNSPR20
-
diff --git a/security/nss/cmd/SSLsample/gencerts b/security/nss/cmd/SSLsample/gencerts
deleted file mode 100755
index ead9ffe44..000000000
--- a/security/nss/cmd/SSLsample/gencerts
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/bin/sh
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-#
-# Script to generate sample db files neccessary for SSL.
-
-# Directory for db's, use in all subsequent -d flags.
-rm -rf SampleCertDBs
-mkdir SampleCertDBs
-
-# Password to use.
-echo sample > passfile
-
-# Generate the db files, using the above password.
-certutil -N -d SampleCertDBs -f passfile
-
-# Generate the CA cert. This cert is self-signed and only useful for
-# test purposes. Set the trust bits to allow it to sign SSL client/server
-# certs.
-certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \
- -s "CN=My Sample Root CA, O=My Organization" \
- -m 25000 -o ./SampleCertDBs/SampleRootCA.crt \
- -d SampleCertDBs -f passfile
-
-# Generate the server cert. This cert is signed by the CA cert generated
-# above. The CN must be hostname.domain.[com|org|net|...].
-certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \
- -s "CN=$HOSTNAME.mcom.com, O=$HOSTNAME Corp." \
- -m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \
- -d SampleCertDBs -f passfile
-
-# Generate the client cert. This cert is signed by the CA cert generated
-# above.
-certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \
- -s "CN=My Client Cert, O=Client Organization" \
- -m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \
- -d SampleCertDBs -f passfile
-
-# Verify the certificates.
-certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs
-certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs
-
-# Remove unneccessary files.
-rm -f passfile
-rm -f tempcert*
-
-# You are now ready to run your client/server! Example command lines:
-# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R
-# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com
diff --git a/security/nss/cmd/SSLsample/make.client b/security/nss/cmd/SSLsample/make.client
deleted file mode 100644
index 4556c33ca..000000000
--- a/security/nss/cmd/SSLsample/make.client
+++ /dev/null
@@ -1,78 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include client.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include $(CORE_DEPTH)/security/cmd/platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-#CC = cc
-
-
diff --git a/security/nss/cmd/SSLsample/make.server b/security/nss/cmd/SSLsample/make.server
deleted file mode 100644
index bae722e2c..000000000
--- a/security/nss/cmd/SSLsample/make.server
+++ /dev/null
@@ -1,77 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include server.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include $(CORE_DEPTH)/security/cmd/platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
diff --git a/security/nss/cmd/SSLsample/nmakefile95.nss b/security/nss/cmd/SSLsample/nmakefile95.nss
deleted file mode 100755
index 5684478cd..000000000
--- a/security/nss/cmd/SSLsample/nmakefile95.nss
+++ /dev/null
@@ -1,60 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-# NSS 2.6.2 Sample Win95 Makefile
-#
-#
-# This nmake file will build server.c and client.c on Windows 95.
-#
-
-DEFINES=-D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG -DWIN32 -D_WINDOWS
-
-INCPATH=/I. /I..\include\dbm /I..\include\nspr /I..\include\security
-
-LIBS=nss.lib ssl.lib pkcs7.lib pkcs12.lib secmod.lib cert.lib key.lib crypto.lib secutil.lib hash.lib dbm.lib libplc3.lib libplds3.lib libnspr3.lib wsock32.lib
-
-CFLAGS=-O2 -MD -W3 -nologo
-
-CC=cl
-
-LDOPTIONS=/link /LIBPATH:..\lib /nodefaultlib:libcd.lib /subsystem:console
-
-server:
- $(CC) $(CFLAGS) $(INCPATH) /Feserver server.c getopt.c $(LIBS) $(DEFINES) $(LDOPTIONS)
-
-client:
- $(CC) $(CFLAGS) $(INCPATH) /Feclient client.c getopt.c $(LIBS) $(DEFINES) $(LDOPTIONS)
-
-clean:
- del /S server.exe client.exe server.lib server.exp client.lib client.exp server.obj client.obj getopt.obj
-
diff --git a/security/nss/cmd/SSLsample/nmakefilent.nss b/security/nss/cmd/SSLsample/nmakefilent.nss
deleted file mode 100755
index 9d2d1ccc4..000000000
--- a/security/nss/cmd/SSLsample/nmakefilent.nss
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-# NSS 2.6.2 Sample NT Makefile
-#
-#
-# This nmake file will build server.c and client.c on Windows NT 4 SP3.
-#
-
-DEFINES=-D_X86_ -GT -DWINNT -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG -DWIN32 -D_WINDOWS
-INCPATH=-I. -I..\include\dbm -I..\include\nspr -I..\include\security
-
-LIBS=nss.lib ssl.lib pkcs7.lib pkcs12.lib secmod.lib cert.lib key.lib crypto.lib secutil.lib hash.lib dbm.lib libplc3.lib libplds3.lib libnspr3.lib wsock32.lib
-
-CFLAGS=-O2 -MD -W3 -nologo
-
-CC=cl
-
-LDOPTIONS=/link /LIBPATH:..\lib /nodefaultlib:libcd.lib /subsystem:console
-
-server:
- $(CC) $(CFLAGS) /Feserver server.c getopt.c $(LIBS) $(DEFINES) $(INCPATH) $(LDOPTIONS)
-
-client:
- $(CC) $(CFLAGS) /Feclient client.c getopt.c $(LIBS) $(DEFINES) $(INCPATH) $(LDOPTIONS)
-
-clean:
- del /S server.exe client.exe server.lib server.exp client.lib client.exp server.obj client.obj getopt.obj
-
diff --git a/security/nss/cmd/SSLsample/server.c b/security/nss/cmd/SSLsample/server.c
deleted file mode 100644
index 22d26144e..000000000
--- a/security/nss/cmd/SSLsample/server.c
+++ /dev/null
@@ -1,822 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/****************************************************************************
- * SSL server program listens on a port, accepts client connection, reads *
- * request and responds to it *
- ****************************************************************************/
-
-/* Generic header files */
-
-#include <stdio.h>
-#include <string.h>
-
-/* NSPR header files */
-
-#include "nspr.h"
-#include "plgetopt.h"
-#include "prerror.h"
-#include "prnetdb.h"
-
-/* NSS header files */
-
-#include "pk11func.h"
-#include "secitem.h"
-#include "ssl.h"
-#include "certt.h"
-#include "nss.h"
-#include "secrng.h"
-#include "secder.h"
-#include "key.h"
-#include "sslproto.h"
-
-/* Custom header files */
-
-#include "sslsample.h"
-
-#ifndef PORT_Sprintf
-#define PORT_Sprintf sprintf
-#endif
-
-#define REQUEST_CERT_ONCE 1
-#define REQUIRE_CERT_ONCE 2
-#define REQUEST_CERT_ALL 3
-#define REQUIRE_CERT_ALL 4
-
-/* Global variables */
-GlobalThreadMgr threadMGR;
-char *password = NULL;
-CERTCertificate *cert = NULL;
-SECKEYPrivateKey *privKey = NULL;
-int stopping;
-
-static void
-Usage(const char *progName)
-{
- fprintf(stderr,
-
-"Usage: %s -n rsa_nickname -p port [-3RFrf] [-w password]\n"
-" [-c ciphers] [-d dbdir] \n"
-"-3 means disable SSL v3\n"
-"-r means request certificate on first handshake.\n"
-"-f means require certificate on first handshake.\n"
-"-R means request certificate on all handshakes.\n"
-"-F means require certificate on all handshakes.\n"
-"-c ciphers Letter(s) chosen from the following list\n"
-"A SSL2 RC4 128 WITH MD5\n"
-"B SSL2 RC4 128 EXPORT40 WITH MD5\n"
-"C SSL2 RC2 128 CBC WITH MD5\n"
-"D SSL2 RC2 128 CBC EXPORT40 WITH MD5\n"
-"E SSL2 DES 64 CBC WITH MD5\n"
-"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
-"\n"
-"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n"
-"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n"
-"c SSL3 RSA WITH RC4 128 MD5\n"
-"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
-"e SSL3 RSA WITH DES CBC SHA\n"
-"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
-"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
-"h SSL3 FORTEZZA DMS WITH NULL SHA\n"
-"i SSL3 RSA WITH NULL MD5\n"
-"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
-"k SSL3 RSA FIPS WITH DES CBC SHA\n"
-"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
-"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n",
- progName);
- exit(1);
-}
-
-/* Function: readDataFromSocket()
- *
- * Purpose: Parse an HTTP request by reading data from a GET or POST.
- *
- */
-SECStatus
-readDataFromSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char **fileName)
-{
- char *post;
- int numBytes = 0;
- int newln = 0; /* # of consecutive newlns */
-
- /* Read data while it comes in from the socket. */
- while (PR_TRUE) {
- buffer->index = 0;
- newln = 0;
-
- /* Read the buffer. */
- numBytes = PR_Read(sslSocket, &buffer->data[buffer->index],
- buffer->remaining);
- if (numBytes <= 0) {
- errWarn("PR_Read");
- return SECFailure;
- }
- buffer->dataEnd = buffer->dataStart + numBytes;
-
- /* Parse the input, starting at the beginning of the buffer.
- * Stop when we detect two consecutive \n's (or \r\n's)
- * as this signifies the end of the GET or POST portion.
- * The posted data follows.
- */
- while (buffer->index < buffer->dataEnd && newln < 2) {
- int octet = buffer->data[buffer->index++];
- if (octet == '\n') {
- newln++;
- } else if (octet != '\r') {
- newln = 0;
- }
- }
-
- /* Came to the end of the buffer, or second newline.
- * If we didn't get an empty line ("\r\n\r\n"), then keep on reading.
- */
- if (newln < 2)
- continue;
-
- /* we're at the end of the HTTP request.
- * If the request is a POST, then there will be one more
- * line of data.
- * This parsing is a hack, but ok for SSL test purposes.
- */
- post = PORT_Strstr(buffer->data, "POST ");
- if (!post || *post != 'P')
- break;
-
- /* It's a post, so look for the next and final CR/LF. */
- /* We should parse content length here, but ... */
- while (buffer->index < buffer->dataEnd && newln < 3) {
- int octet = buffer->data[buffer->index++];
- if (octet == '\n') {
- newln++;
- }
- }
-
- if (newln == 3)
- break;
- }
-
- /* Have either (a) a complete get, (b) a complete post, (c) EOF */
-
- /* Execute a "GET " operation. */
- if (buffer->index > 0 && PORT_Strncmp(buffer->data, "GET ", 4) == 0) {
- int fnLength;
-
- /* File name is the part after "GET ". */
- fnLength = strcspn(buffer->data + 5, " \r\n");
- *fileName = (char *)PORT_Alloc(fnLength + 1);
- PORT_Strncpy(*fileName, buffer->data + 5, fnLength);
- (*fileName)[fnLength] = '\0';
- }
-
- return SECSuccess;
-}
-
-/* Function: authenticateSocket()
- *
- * Purpose: Configure a socket for SSL.
- *
- *
- */
-PRFileDesc *
-setupSSLSocket(PRFileDesc *tcpSocket, int requestCert)
-{
- PRFileDesc *sslSocket;
- SSLKEAType certKEA;
- int certErr = 0;
- SECStatus secStatus;
-
- /* Set the appropriate flags. */
-
- sslSocket = SSL_ImportFD(NULL, tcpSocket);
- if (sslSocket == NULL) {
- errWarn("SSL_ImportFD");
- goto loser;
- }
-
- secStatus = SSL_Enable(sslSocket, SSL_SECURITY, PR_TRUE);
- if (secStatus != SECSuccess) {
- errWarn("SSL_Enable SSL_SECURITY");
- goto loser;
- }
-
- secStatus = SSL_Enable(sslSocket, SSL_HANDSHAKE_AS_SERVER, PR_TRUE);
- if (secStatus != SECSuccess) {
- errWarn("SSL_Enable:SSL_HANDSHAKE_AS_SERVER");
- goto loser;
- }
-
- secStatus = SSL_Enable(sslSocket, SSL_REQUEST_CERTIFICATE,
- (requestCert >= REQUEST_CERT_ONCE));
- if (secStatus != SECSuccess) {
- errWarn("SSL_Enable:SSL_REQUEST_CERTIFICATE");
- goto loser;
- }
-
- secStatus = SSL_Enable(sslSocket, SSL_REQUIRE_CERTIFICATE,
- (requestCert == REQUIRE_CERT_ONCE));
- if (secStatus != SECSuccess) {
- errWarn("SSL_Enable:SSL_REQUIRE_CERTIFICATE");
- goto loser;
- }
-
- /* Set the appropriate callback routines. */
-
- secStatus = SSL_AuthCertificateHook(sslSocket, myAuthCertificate,
- CERT_GetDefaultCertDB());
- if (secStatus != SECSuccess) {
- errWarn("SSL_AuthCertificateHook");
- goto loser;
- }
-
- secStatus = SSL_BadCertHook(sslSocket,
- (SSLBadCertHandler)myBadCertHandler, &certErr);
- if (secStatus != SECSuccess) {
- errWarn("SSL_BadCertHook");
- goto loser;
- }
-
- secStatus = SSL_HandshakeCallback(sslSocket,
- (SSLHandshakeCallback)myHandshakeCallback,
- NULL);
- if (secStatus != SECSuccess) {
- errWarn("SSL_HandshakeCallback");
- goto loser;
- }
-
- secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
- if (secStatus != SECSuccess) {
- errWarn("SSL_HandshakeCallback");
- goto loser;
- }
-
- certKEA = NSS_FindCertKEAType(cert);
-
- secStatus = SSL_ConfigSecureServer(sslSocket, cert, privKey, certKEA);
- if (secStatus != SECSuccess) {
- errWarn("SSL_ConfigSecureServer");
- goto loser;
- }
-
- return sslSocket;
-
-loser:
-
- PR_Close(tcpSocket);
- return NULL;
-}
-
-/* Function: authenticateSocket()
- *
- * Purpose: Perform client authentication on the socket.
- *
- */
-SECStatus
-authenticateSocket(PRFileDesc *sslSocket, PRBool requireCert)
-{
- CERTCertificate *cert;
- SECStatus secStatus;
-
- /* Returns NULL if client authentication is not enabled or if the
- * client had no certificate. */
- cert = SSL_PeerCertificate(sslSocket);
- if (cert) {
- /* Client had a certificate, so authentication is through. */
- CERT_DestroyCertificate(cert);
- return SECSuccess;
- }
-
- /* Request client to authenticate itself. */
- secStatus = SSL_Enable(sslSocket, SSL_REQUEST_CERTIFICATE, PR_TRUE);
- if (secStatus != SECSuccess) {
- errWarn("SSL_Enable:SSL_REQUEST_CERTIFICATE");
- return SECFailure;
- }
-
- /* If desired, require client to authenticate itself. Note
- * SSL_REQUEST_CERTIFICATE must also be on, as above. */
- secStatus = SSL_Enable(sslSocket, SSL_REQUIRE_CERTIFICATE, requireCert);
- if (secStatus != SECSuccess) {
- errWarn("SSL_Enable:SSL_REQUIRE_CERTIFICATE");
- return SECFailure;
- }
-
- /* Having changed socket configuration parameters, redo handshake. */
- secStatus = SSL_RedoHandshake(sslSocket);
- if (secStatus != SECSuccess) {
- errWarn("SSL_RedoHandshake");
- return SECFailure;
- }
-
- /* Force the handshake to complete before moving on. */
- secStatus = SSL_ForceHandshake(sslSocket);
- if (secStatus != SECSuccess) {
- errWarn("SSL_ForceHandshake");
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-/* Function: writeDataToSocket
- *
- * Purpose: Write the client's request back to the socket. If the client
- * requested a file, dump it to the socket.
- *
- */
-SECStatus
-writeDataToSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char *fileName)
-{
- int headerLength;
- int numBytes;
- char messageBuffer[120];
- PRFileDesc *local_file_fd = NULL;
- char header[] = "<html><body><h1>Sample SSL server</h1><br><br>";
- char filehd[] = "<h2>The file you requested:</h2><br>";
- char reqhd[] = "<h2>This is your request:</h2><br>";
- char link[] = "Try getting a <a HREF=\"../testfile\">file</a><br>";
- char footer[] = "<br><h2>End of request.</h2><br></body></html>";
-
- headerLength = PORT_Strlen(defaultHeader);
-
- /* Write a header to the socket. */
- numBytes = PR_Write(sslSocket, header, PORT_Strlen(header));
- if (numBytes < 0) {
- errWarn("PR_Write");
- goto loser;
- }
-
- if (fileName) {
- PRFileInfo info;
- PRStatus prStatus;
-
- /* Try to open the local file named.
- * If successful, then write it to the client.
- */
- prStatus = PR_GetFileInfo(fileName, &info);
- if (prStatus != PR_SUCCESS ||
- info.type != PR_FILE_FILE ||
- info.size < 0) {
- PORT_Free(fileName);
- /* Maybe a GET not sent from client.c? */
- goto writerequest;
- return SECSuccess;
- }
-
- local_file_fd = PR_Open(fileName, PR_RDONLY, 0);
- if (local_file_fd == NULL) {
- PORT_Free(fileName);
- goto writerequest;
- }
-
- /* Write a header to the socket. */
- numBytes = PR_Write(sslSocket, filehd, PORT_Strlen(filehd));
- if (numBytes < 0) {
- errWarn("PR_Write");
- goto loser;
- }
-
- /* Transmit the local file prepended by the default header
- * across the socket.
- */
- numBytes = PR_TransmitFile(sslSocket, local_file_fd,
- defaultHeader, headerLength,
- PR_TRANSMITFILE_KEEP_OPEN,
- PR_INTERVAL_NO_TIMEOUT);
-
- /* Error in transmission. */
- if (numBytes < 0) {
- errWarn("PR_TransmitFile");
- /*
- i = PORT_Strlen(errString);
- PORT_Memcpy(buf, errString, i);
- */
- /* Transmitted bytes successfully. */
- } else {
- numBytes -= headerLength;
- fprintf(stderr, "PR_TransmitFile wrote %d bytes from %s\n",
- numBytes, fileName);
- }
-
- PORT_Free(fileName);
- PR_Close(local_file_fd);
- }
-
-writerequest:
-
- /* Write a header to the socket. */
- numBytes = PR_Write(sslSocket, reqhd, PORT_Strlen(reqhd));
- if (numBytes < 0) {
- errWarn("PR_Write");
- goto loser;
- }
-
- /* Write the buffer data to the socket. */
- if (buffer->index <= 0) {
- /* Reached the EOF. Report incomplete transaction to socket. */
- PORT_Sprintf(messageBuffer,
- "GET or POST incomplete after %d bytes.\r\n",
- buffer->dataEnd);
- numBytes = PR_Write(sslSocket, messageBuffer,
- PORT_Strlen(messageBuffer));
- if (numBytes < 0) {
- errWarn("PR_Write");
- goto loser;
- }
- } else {
- /* Display the buffer data. */
- fwrite(buffer->data, 1, buffer->index, stdout);
- /* Write the buffer data to the socket. */
- numBytes = PR_Write(sslSocket, buffer->data, buffer->index);
- if (numBytes < 0) {
- errWarn("PR_Write");
- goto loser;
- }
- /* Display security information for the socket. */
- printSecurityInfo(sslSocket);
- /* Write any discarded data out to the socket. */
- if (buffer->index < buffer->dataEnd) {
- PORT_Sprintf(buffer->data, "Discarded %d characters.\r\n",
- buffer->dataEnd - buffer->index);
- numBytes = PR_Write(sslSocket, buffer->data,
- PORT_Strlen(buffer->data));
- if (numBytes < 0) {
- errWarn("PR_Write");
- goto loser;
- }
- }
- }
-
- /* Write a footer to the socket. */
- numBytes = PR_Write(sslSocket, footer, PORT_Strlen(footer));
- if (numBytes < 0) {
- errWarn("PR_Write");
- goto loser;
- }
-
- /* Write a link to the socket. */
- numBytes = PR_Write(sslSocket, link, PORT_Strlen(link));
- if (numBytes < 0) {
- errWarn("PR_Write");
- goto loser;
- }
-
- /* Complete the HTTP transaction. */
- numBytes = PR_Write(sslSocket, "EOF\r\n\r\n\r\n", 9);
- if (numBytes < 0) {
- errWarn("PR_Write");
- goto loser;
- }
-
- /* Do a nice shutdown if asked. */
- if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
- stopping = 1;
- }
- return SECSuccess;
-
-loser:
-
- /* Do a nice shutdown if asked. */
- if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
- stopping = 1;
- }
- return SECFailure;
-}
-
-/* Function: int handle_connection()
- *
- * Purpose: Thread to handle a connection to a socket.
- *
- */
-SECStatus
-handle_connection(void *tcp_sock, int requestCert)
-{
- PRFileDesc * tcpSocket = (PRFileDesc *)tcp_sock;
- PRFileDesc * sslSocket = NULL;
- SECStatus secStatus = SECFailure;
- PRStatus prStatus;
- PRSocketOptionData socketOption;
- DataBuffer buffer;
- char * fileName = NULL;
-
- /* Initialize the data buffer. */
- memset(buffer.data, 0, BUFFER_SIZE);
- buffer.remaining = BUFFER_SIZE;
- buffer.index = 0;
- buffer.dataStart = 0;
- buffer.dataEnd = 0;
-
- /* Make sure the socket is blocking. */
- socketOption.option = PR_SockOpt_Nonblocking;
- socketOption.value.non_blocking = PR_FALSE;
- PR_SetSocketOption(tcpSocket, &socketOption);
-
- sslSocket = setupSSLSocket(tcpSocket, requestCert);
- if (sslSocket == NULL) {
- errWarn("setupSSLSocket");
- goto cleanup;
- }
-
- secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_TRUE);
- if (secStatus != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- goto cleanup;
- }
-
- /* Read data from the socket, parse it for HTTP content.
- * If the user is requesting/requiring authentication, authenticate
- * the socket. Then write the result back to the socket. */
- fprintf(stdout, "\nReading data from socket...\n\n");
- secStatus = readDataFromSocket(sslSocket, &buffer, &fileName);
- if (secStatus != SECSuccess) {
- goto cleanup;
- }
- if (requestCert >= REQUEST_CERT_ALL) {
- fprintf(stdout, "\nAuthentication requested.\n\n");
- secStatus = authenticateSocket(sslSocket,
- (requestCert == REQUIRE_CERT_ALL));
- if (secStatus != SECSuccess) {
- goto cleanup;
- }
- }
-
- fprintf(stdout, "\nWriting data to socket...\n\n");
- secStatus = writeDataToSocket(sslSocket, &buffer, fileName);
-
-cleanup:
-
- /* Close down the socket. */
- prStatus = PR_Close(tcpSocket);
- if (prStatus != PR_SUCCESS) {
- errWarn("PR_Close");
- }
-
- return secStatus;
-}
-
-/* Function: int accept_connection()
- *
- * Purpose: Thread to accept a connection to the socket.
- *
- */
-SECStatus
-accept_connection(void *listener, int requestCert)
-{
- PRFileDesc *listenSocket = (PRFileDesc*)listener;
- PRNetAddr addr;
- PRStatus prStatus;
-
- /* XXX need an SSL socket here? */
- while (!stopping) {
- PRFileDesc *tcpSocket;
- SECStatus result;
-
- fprintf(stderr, "\n\n\nAbout to call accept.\n");
-
- /* Accept a connection to the socket. */
- tcpSocket = PR_Accept(listenSocket, &addr, PR_INTERVAL_NO_TIMEOUT);
- if (tcpSocket == NULL) {
- errWarn("PR_Accept");
- break;
- }
-
- /* Accepted the connection, now handle it. */
- result = launch_thread(&threadMGR, handle_connection,
- tcpSocket, requestCert);
-
- if (result != SECSuccess) {
- prStatus = PR_Close(tcpSocket);
- if (prStatus != PR_SUCCESS) {
- exitErr("PR_Close");
- }
- break;
- }
- }
-
- fprintf(stderr, "Closing listen socket.\n");
-
- prStatus = PR_Close(listenSocket);
- if (prStatus != PR_SUCCESS) {
- exitErr("PR_Close");
- }
- return SECSuccess;
-}
-
-/* Function: void server_main()
- *
- * Purpose: This is the server's main function. It configures a socket
- * and listens to it.
- *
- */
-void
-server_main(
- unsigned short port,
- int requestCert,
- SECKEYPrivateKey * privKey,
- CERTCertificate * cert,
- PRBool disableSSL3)
-{
- SECStatus secStatus;
- PRStatus prStatus;
- PRFileDesc * listenSocket;
- PRNetAddr addr;
- PRSocketOptionData socketOption;
-
- /* Create a new socket. */
- listenSocket = PR_NewTCPSocket();
- if (listenSocket == NULL) {
- exitErr("PR_NewTCPSocket");
- }
-
- /* Set socket to be blocking -
- * on some platforms the default is nonblocking.
- */
- socketOption.option = PR_SockOpt_Nonblocking;
- socketOption.value.non_blocking = PR_FALSE;
-
- prStatus = PR_SetSocketOption(listenSocket, &socketOption);
- if (prStatus != PR_SUCCESS) {
- exitErr("PR_SetSocketOption");
- }
-
- /* This cipher is not on by default. The Acceptance test
- * would like it to be. Turn this cipher on.
- */
- secStatus = SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
- if (secStatus != SECSuccess) {
- exitErr("SSL_EnableCipher:SSL_RSA_WITH_NULL_MD5");
- }
-
- /* Configure the network connection. */
- addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
-
- /* Bind the address to the listener socket. */
- prStatus = PR_Bind(listenSocket, &addr);
- if (prStatus != PR_SUCCESS) {
- exitErr("PR_Bind");
- }
-
- /* Listen for connection on the socket. The second argument is
- * the maximum size of the queue for pending connections.
- */
- prStatus = PR_Listen(listenSocket, 5);
- if (prStatus != PR_SUCCESS) {
- exitErr("PR_Listen");
- }
-
- /* Launch thread to handle connections to the socket. */
- secStatus = launch_thread(&threadMGR, accept_connection,
- listenSocket, requestCert);
- if (secStatus != SECSuccess) {
- PR_Close(listenSocket);
- } else {
- reap_threads(&threadMGR);
- destroy_thread_data(&threadMGR);
- }
-}
-
-/* Function: int main()
- *
- * Purpose: Parses command arguments and configures SSL server.
- *
- */
-int
-main(int argc, char **argv)
-{
- char * progName = NULL;
- char * nickName = NULL;
- char * cipherString = NULL;
- char * dir = ".";
- int requestCert = 0;
- unsigned short port = 0;
- SECStatus secStatus;
- PRBool disableSSL3 = PR_FALSE;
- PLOptState * optstate;
- PLOptStatus status;
-
- /* Zero out the thread manager. */
- PORT_Memset(&threadMGR, 0, sizeof(threadMGR));
-
- progName = PL_strdup(argv[0]);
-
- optstate = PL_CreateOptState(argc, argv, "3FRc:d:fp:n:rw:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch(optstate->option) {
- case '3': disableSSL3 = PR_TRUE; break;
- case 'F': requestCert = REQUIRE_CERT_ALL; break;
- case 'R': requestCert = REQUEST_CERT_ALL; break;
- case 'c': cipherString = PL_strdup(optstate->value); break;
- case 'd': dir = PL_strdup(optstate->value); break;
- case 'f': requestCert = REQUIRE_CERT_ONCE; break;
- case 'n': nickName = PL_strdup(optstate->value); break;
- case 'p': port = PORT_Atoi(optstate->value); break;
- case 'r': requestCert = REQUEST_CERT_ONCE; break;
- case 'w': password = PL_strdup(optstate->value); break;
- default:
- case '?': Usage(progName);
- }
- }
-
- if (nickName == NULL || port == 0)
- Usage(progName);
-
- /* Call the NSPR initialization routines. */
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
- /* Set the cert database password callback. */
- PK11_SetPasswordFunc(myPasswd);
-
- /* Initialize NSS. */
- secStatus = NSS_Init(dir);
- if (secStatus != SECSuccess) {
- exitErr("NSS_Init");
- }
-
- /* Set the policy for this server (REQUIRED - no default). */
- secStatus = NSS_SetDomesticPolicy();
- if (secStatus != SECSuccess) {
- exitErr("NSS_SetDomesticPolicy");
- }
-
- /* XXX keep this? */
- /* all the SSL2 and SSL3 cipher suites are enabled by default. */
- if (cipherString) {
- int ndx;
-
- /* disable all the ciphers, then enable the ones we want. */
- disableSSL2Ciphers();
- disableSSL3Ciphers();
-
- while (0 != (ndx = *cipherString++)) {
- int *cptr;
- int cipher;
-
- if (! isalpha(ndx))
- Usage(progName);
- cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
- for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
- /* do nothing */;
- if (cipher) {
- SECStatus status;
- status = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
- if (status != SECSuccess)
- errWarn("SSL_CipherPrefSetDefault()");
- }
- }
- }
-
- /* Get own certificate and private key. */
- cert = PK11_FindCertFromNickname(nickName, password);
- if (cert == NULL) {
- exitErr("PK11_FindCertFromNickname");
- }
-
- privKey = PK11_FindKeyByAnyCert(cert, password);
- if (privKey == NULL) {
- exitErr("PK11_FindKeyByAnyCert");
- }
-
- /* Configure the server's cache for a multi-process application
- * using default timeout values (24 hrs) and directory location (/tmp).
- */
- SSL_ConfigMPServerSIDCache(256, 0, 0, NULL);
-
- /* Launch server. */
- server_main(port, requestCert, privKey, cert, disableSSL3);
-
- /* Shutdown NSS and exit NSPR gracefully. */
- NSS_Shutdown();
- PR_Cleanup();
- return 0;
-}
diff --git a/security/nss/cmd/SSLsample/server.mn b/security/nss/cmd/SSLsample/server.mn
deleted file mode 100644
index 74226f08f..000000000
--- a/security/nss/cmd/SSLsample/server.mn
+++ /dev/null
@@ -1,48 +0,0 @@
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-EXPORTS =
-
-CSRCS = server.c \
- sslsample.c \
- $(NULL)
-
-PROGRAM = server
-
-REQUIRES = dbm
-
-DEFINES = -DNSPR20
-
diff --git a/security/nss/cmd/SSLsample/sslerror.h b/security/nss/cmd/SSLsample/sslerror.h
deleted file mode 100644
index fd0275c37..000000000
--- a/security/nss/cmd/SSLsample/sslerror.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "nspr.h"
-
-struct tuple_str {
- PRErrorCode errNum;
- const char * errString;
-};
-
-typedef struct tuple_str tuple_str;
-
-#define ER2(a,b) {a, b},
-#define ER3(a,b,c) {a, c},
-
-#include "secerr.h"
-#include "sslerr.h"
-
-const tuple_str errStrings[] = {
-
-/* keep this list in asceding order of error numbers */
-#include "SSLerrs.h"
-#include "SECerrs.h"
-#include "NSPRerrs.h"
-
-};
-
-const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
-
-/* Returns a UTF-8 encoded constant error string for "errNum".
- * Returns NULL of errNum is unknown.
- */
-const char *
-SSL_Strerror(PRErrorCode errNum) {
- PRInt32 low = 0;
- PRInt32 high = numStrings - 1;
- PRInt32 i;
- PRErrorCode num;
- static int initDone;
-
- /* make sure table is in ascending order.
- * binary search depends on it.
- */
- if (!initDone) {
- PRErrorCode lastNum = 0x80000000;
- for (i = low; i <= high; ++i) {
- num = errStrings[i].errNum;
- if (num <= lastNum) {
- fprintf(stderr,
-"sequence error in error strings at item %d\n"
-"error %d (%s)\n"
-"should come after \n"
-"error %d (%s)\n",
- i, lastNum, errStrings[i-1].errString,
- num, errStrings[i].errString);
- }
- lastNum = num;
- }
- initDone = 1;
- }
-
- /* Do binary search of table. */
- while (low + 1 < high) {
- i = (low + high) / 2;
- num = errStrings[i].errNum;
- if (errNum == num)
- return errStrings[i].errString;
- if (errNum < num)
- high = i;
- else
- low = i;
- }
- if (errNum == errStrings[low].errNum)
- return errStrings[low].errString;
- if (errNum == errStrings[high].errNum)
- return errStrings[high].errString;
- return NULL;
-}
diff --git a/security/nss/cmd/SSLsample/sslsample.c b/security/nss/cmd/SSLsample/sslsample.c
deleted file mode 100644
index 7270c3f8e..000000000
--- a/security/nss/cmd/SSLsample/sslsample.c
+++ /dev/null
@@ -1,619 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "sslsample.h"
-#include "sslerror.h"
-
-/* Declare SSL cipher suites. */
-
-int cipherSuites[] = {
- SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
- SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,
- SSL_RSA_WITH_RC4_128_MD5,
- SSL_RSA_WITH_3DES_EDE_CBC_SHA,
- SSL_RSA_WITH_DES_CBC_SHA,
- SSL_RSA_EXPORT_WITH_RC4_40_MD5,
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
- SSL_FORTEZZA_DMS_WITH_NULL_SHA,
- SSL_RSA_WITH_NULL_MD5,
- 0
-};
-
-int ssl2CipherSuites[] = {
- SSL_EN_RC4_128_WITH_MD5, /* A */
- SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */
- SSL_EN_RC2_128_CBC_WITH_MD5, /* C */
- SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
- SSL_EN_DES_64_CBC_WITH_MD5, /* E */
- SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */
- 0
-};
-
-int ssl3CipherSuites[] = {
- SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
- SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
- SSL_RSA_WITH_RC4_128_MD5, /* c */
- SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
- SSL_RSA_WITH_DES_CBC_SHA, /* e */
- SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
- SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
- SSL_RSA_WITH_NULL_MD5, /* i */
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
- SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
- 0
-};
-
-/**************************************************************************
-**
-** SSL callback routines.
-**
-**************************************************************************/
-
-/* Function: char * myPasswd()
- *
- * Purpose: This function is our custom password handler that is called by
- * SSL when retreiving private certs and keys from the database. Returns a
- * pointer to a string that with a password for the database. Password pointer
- * should point to dynamically allocated memory that will be freed later.
- */
-char *
-myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
-{
- char * passwd = NULL;
-
- if ( (!retry) && arg ) {
- passwd = PORT_Strdup((char *)arg);
- }
-
- return passwd;
-}
-
-/* Function: SECStatus myAuthCertificate()
- *
- * Purpose: This function is our custom certificate authentication handler.
- *
- * Note: This implementation is essentially the same as the default
- * SSL_AuthCertificate().
- */
-SECStatus
-myAuthCertificate(void *arg, PRFileDesc *socket,
- PRBool checksig, PRBool isServer)
-{
-
- SECCertUsage certUsage;
- CERTCertificate * cert;
- void * pinArg;
- char * hostName;
- SECStatus secStatus;
-
- if (!arg || !socket) {
- errWarn("myAuthCertificate");
- return SECFailure;
- }
-
- /* Define how the cert is being used based upon the isServer flag. */
-
- certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
-
- cert = SSL_PeerCertificate(socket);
-
- pinArg = SSL_RevealPinArg(socket);
-
- secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg,
- cert,
- checksig,
- certUsage,
- pinArg);
-
- /* If this is a server, we're finished. */
- if (isServer || secStatus != SECSuccess) {
- return secStatus;
- }
-
- /* Certificate is OK. Since this is the client side of an SSL
- * connection, we need to verify that the name field in the cert
- * matches the desired hostname. This is our defense against
- * man-in-the-middle attacks.
- */
-
- /* SSL_RevealURL returns a hostName, not an URL. */
- hostName = SSL_RevealURL(socket);
-
- if (hostName && hostName[0]) {
- secStatus = CERT_VerifyCertName(cert, hostName);
- } else {
- PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
- secStatus = SECFailure;
- }
-
- if (hostName)
- PR_Free(hostName);
-
- return secStatus;
-}
-
-/* Function: SECStatus myBadCertHandler()
- *
- * Purpose: This callback is called when the incoming certificate is not
- * valid. We define a certain set of parameters that still cause the
- * certificate to be "valid" for this session, and return SECSuccess to cause
- * the server to continue processing the request when any of these conditions
- * are met. Otherwise, SECFailure is return and the server rejects the
- * request.
- */
-SECStatus
-myBadCertHandler(void *arg, PRFileDesc *socket)
-{
-
- SECStatus secStatus = SECFailure;
- PRErrorCode err;
-
- /* log invalid cert here */
-
- if (!arg) {
- return secStatus;
- }
-
- *(PRErrorCode *)arg = err = PORT_GetError();
-
- /* If any of the cases in the switch are met, then we will proceed */
- /* with the processing of the request anyway. Otherwise, the default */
- /* case will be reached and we will reject the request. */
-
- switch (err) {
- case SEC_ERROR_INVALID_AVA:
- case SEC_ERROR_INVALID_TIME:
- case SEC_ERROR_BAD_SIGNATURE:
- case SEC_ERROR_EXPIRED_CERTIFICATE:
- case SEC_ERROR_UNKNOWN_ISSUER:
- case SEC_ERROR_UNTRUSTED_CERT:
- case SEC_ERROR_CERT_VALID:
- case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
- case SEC_ERROR_CRL_EXPIRED:
- case SEC_ERROR_CRL_BAD_SIGNATURE:
- case SEC_ERROR_EXTENSION_VALUE_INVALID:
- case SEC_ERROR_CA_CERT_INVALID:
- case SEC_ERROR_CERT_USAGES_INVALID:
- case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
- secStatus = SECSuccess;
- break;
- default:
- secStatus = SECFailure;
- break;
- }
-
- printf("Bad certificate: %d, %s\n", err, SSL_Strerror(err));
-
- return secStatus;
-}
-
-/* Function: SECStatus ownGetClientAuthData()
- *
- * Purpose: This callback is used by SSL to pull client certificate
- * information upon server request.
- */
-SECStatus
-myGetClientAuthData(void *arg,
- PRFileDesc *socket,
- struct CERTDistNamesStr *caNames,
- struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey)
-{
-
- CERTCertificate * cert;
- SECKEYPrivateKey * privKey;
- char * chosenNickName = (char *)arg;
- void * proto_win = NULL;
- SECStatus secStatus = SECFailure;
-
- proto_win = SSL_RevealPinArg(socket);
-
- if (chosenNickName) {
- cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
- if (cert) {
- privKey = PK11_FindKeyByAnyCert(cert, proto_win);
- if (privKey) {
- secStatus = SECSuccess;
- } else {
- CERT_DestroyCertificate(cert);
- }
- }
- } else { /* no nickname given, automatically find the right cert */
- CERTCertNicknames *names;
- int i;
-
- names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
- SEC_CERT_NICKNAMES_USER, proto_win);
-
- if (names != NULL) {
- for(i = 0; i < names->numnicknames; i++ ) {
-
- cert = PK11_FindCertFromNickname(names->nicknames[i],
- proto_win);
- if (!cert) {
- continue;
- }
-
- /* Only check unexpired certs */
- if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE)
- != secCertTimeValid ) {
- CERT_DestroyCertificate(cert);
- continue;
- }
-
- secStatus = NSS_CmpCertChainWCANames(cert, caNames);
- if (secStatus == SECSuccess) {
- privKey = PK11_FindKeyByAnyCert(cert, proto_win);
- if (privKey) {
- break;
- }
- secStatus = SECFailure;
- break;
- }
- CERT_FreeNicknames(names);
- } /* for loop */
- }
- }
-
- if (secStatus == SECSuccess) {
- *pRetCert = cert;
- *pRetKey = privKey;
- }
-
- return secStatus;
-}
-
-/* Function: SECStatus myHandshakeCallback()
- *
- * Purpose: Called by SSL to inform application that the handshake is
- * complete. This function is mostly used on the server side of an SSL
- * connection, although it is provided for a client as well.
- * Useful when a non-blocking SSL_RedoHandshake or SSL_ResetHandshake
- * is used to initiate a handshake.
- *
- * A typical scenario would be:
- *
- * 1. Server accepts an SSL connection from the client without client auth.
- * 2. Client sends a request.
- * 3. Server determines that to service request it needs to authenticate the
- * client and initiates another handshake requesting client auth.
- * 4. While handshake is in progress, server can do other work or spin waiting
- * for the handshake to complete.
- * 5. Server is notified that handshake has been successfully completed by
- * the custom handshake callback function and it can service the client's
- * request.
- *
- * Note: This function is not implemented in this sample, as we are using
- * blocking sockets.
- */
-SECStatus
-myHandshakeCallback(PRFileDesc *socket, void *arg)
-{
- printf("Handshake has completed, ready to send data securely.\n");
- return SECSuccess;
-}
-
-
-/**************************************************************************
-**
-** Routines for disabling SSL ciphers.
-**
-**************************************************************************/
-
-void
-disableSSL2Ciphers(void)
-{
- int i;
-
- /* disable all the SSL2 cipher suites */
- for (i = 0; ssl2CipherSuites[i] != 0; ++i) {
- SSL_EnableCipher(ssl2CipherSuites[i], SSL_NOT_ALLOWED);
- }
-}
-
-void
-disableSSL3Ciphers(void)
-{
- int i;
-
- /* disable all the SSL3 cipher suites */
- for (i = 0; ssl3CipherSuites[i] != 0; ++i) {
- SSL_EnableCipher(ssl3CipherSuites[i], SSL_NOT_ALLOWED);
- }
-}
-
-/**************************************************************************
-**
-** Error and information routines.
-**
-**************************************************************************/
-
-void
-errWarn(char *function)
-{
- PRErrorCode errorNumber = PR_GetError();
- const char * errorString = SSL_Strerror(errorNumber);
-
- printf("Error in function %s: %d\n - %s\n",
- function, errorNumber, errorString);
-}
-
-void
-exitErr(char *function)
-{
- errWarn(function);
- /* Exit gracefully. */
- NSS_Shutdown();
- PR_Cleanup();
- exit(1);
-}
-
-void
-printSecurityInfo(PRFileDesc *fd)
-{
- char * cp; /* bulk cipher name */
- char * ip; /* cert issuer DN */
- char * sp; /* cert subject DN */
- int op; /* High, Low, Off */
- int kp0; /* total key bits */
- int kp1; /* secret key bits */
- int result;
-
-#if 0
-/* statistics from ssl3_SendClientHello (sch) */
-extern long ssl3_sch_sid_cache_hits;
-extern long ssl3_sch_sid_cache_misses;
-extern long ssl3_sch_sid_cache_not_ok;
-
-/* statistics from ssl3_HandleServerHello (hsh) */
-extern long ssl3_hsh_sid_cache_hits;
-extern long ssl3_hsh_sid_cache_misses;
-extern long ssl3_hsh_sid_cache_not_ok;
-#endif
-
-/* statistics from ssl3_HandleClientHello (hch) */
-extern long ssl3_hch_sid_cache_hits;
-extern long ssl3_hch_sid_cache_misses;
-extern long ssl3_hch_sid_cache_not_ok;
-
- result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
- if (result != SECSuccess)
- return;
- printf("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
- "subject DN: %s\n"
- "issuer DN: %s\n", cp, kp1, kp0, op, sp, ip);
- PR_Free(cp);
- PR_Free(ip);
- PR_Free(sp);
-
- printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n",
- ssl3_hch_sid_cache_hits, ssl3_hch_sid_cache_misses,
- ssl3_hch_sid_cache_not_ok);
-
-}
-
-
-/**************************************************************************
-** Begin thread management routines and data.
-**************************************************************************/
-
-void
-thread_wrapper(void * arg)
-{
- GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
- perThread *slot = &threadMGR->threads[threadMGR->index];
-
- /* wait for parent to finish launching us before proceeding. */
- PR_Lock(threadMGR->threadLock);
- PR_Unlock(threadMGR->threadLock);
-
- slot->rv = (* slot->startFunc)(slot->a, slot->b);
-
- PR_Lock(threadMGR->threadLock);
- slot->running = rs_zombie;
-
- /* notify the thread exit handler. */
- PR_NotifyCondVar(threadMGR->threadEndQ);
-
- PR_Unlock(threadMGR->threadLock);
-}
-
-SECStatus
-launch_thread(GlobalThreadMgr *threadMGR,
- startFn *startFunc,
- void *a,
- int b)
-{
- perThread *slot;
- int i;
-
- if (!threadMGR->threadStartQ) {
- threadMGR->threadLock = PR_NewLock();
- threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
- threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock);
- }
- PR_Lock(threadMGR->threadLock);
- while (threadMGR->numRunning >= MAX_THREADS) {
- PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
- }
- for (i = 0; i < threadMGR->numUsed; ++i) {
- slot = &threadMGR->threads[i];
- if (slot->running == rs_idle)
- break;
- }
- if (i >= threadMGR->numUsed) {
- if (i >= MAX_THREADS) {
- /* something's really wrong here. */
- PORT_Assert(i < MAX_THREADS);
- PR_Unlock(threadMGR->threadLock);
- return SECFailure;
- }
- ++(threadMGR->numUsed);
- PORT_Assert(threadMGR->numUsed == i + 1);
- slot = &threadMGR->threads[i];
- }
-
- slot->a = a;
- slot->b = b;
- slot->startFunc = startFunc;
-
- threadMGR->index = i;
-
- slot->prThread = PR_CreateThread(PR_USER_THREAD,
- thread_wrapper, threadMGR,
- PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
- PR_JOINABLE_THREAD, 0);
-
- if (slot->prThread == NULL) {
- PR_Unlock(threadMGR->threadLock);
- printf("Failed to launch thread!\n");
- return SECFailure;
- }
-
- slot->inUse = 1;
- slot->running = 1;
- ++(threadMGR->numRunning);
- PR_Unlock(threadMGR->threadLock);
- printf("Launched thread in slot %d \n", threadMGR->index);
-
- return SECSuccess;
-}
-
-SECStatus
-reap_threads(GlobalThreadMgr *threadMGR)
-{
- perThread * slot;
- int i;
-
- if (!threadMGR->threadLock)
- return 0;
- PR_Lock(threadMGR->threadLock);
- while (threadMGR->numRunning > 0) {
- PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
- for (i = 0; i < threadMGR->numUsed; ++i) {
- slot = &threadMGR->threads[i];
- if (slot->running == rs_zombie) {
- /* Handle cleanup of thread here. */
- printf("Thread in slot %d returned %d\n", i, slot->rv);
-
- /* Now make sure the thread has ended OK. */
- PR_JoinThread(slot->prThread);
- slot->running = rs_idle;
- --threadMGR->numRunning;
-
- /* notify the thread launcher. */
- PR_NotifyCondVar(threadMGR->threadStartQ);
- }
- }
- }
-
- /* Safety Sam sez: make sure count is right. */
- for (i = 0; i < threadMGR->numUsed; ++i) {
- slot = &threadMGR->threads[i];
- if (slot->running != rs_idle) {
- fprintf(stderr, "Thread in slot %d is in state %d!\n",
- i, slot->running);
- }
- }
- PR_Unlock(threadMGR->threadLock);
- return 0;
-}
-
-void
-destroy_thread_data(GlobalThreadMgr *threadMGR)
-{
- PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
-
- if (threadMGR->threadEndQ) {
- PR_DestroyCondVar(threadMGR->threadEndQ);
- threadMGR->threadEndQ = NULL;
- }
- if (threadMGR->threadStartQ) {
- PR_DestroyCondVar(threadMGR->threadStartQ);
- threadMGR->threadStartQ = NULL;
- }
- if (threadMGR->threadLock) {
- PR_DestroyLock(threadMGR->threadLock);
- threadMGR->threadLock = NULL;
- }
-}
-
-/**************************************************************************
-** End thread management routines.
-**************************************************************************/
-
-void
-lockedVars_Init( lockedVars * lv)
-{
- lv->count = 0;
- lv->waiters = 0;
- lv->lock = PR_NewLock();
- lv->condVar = PR_NewCondVar(lv->lock);
-}
-
-void
-lockedVars_Destroy( lockedVars * lv)
-{
- PR_DestroyCondVar(lv->condVar);
- lv->condVar = NULL;
-
- PR_DestroyLock(lv->lock);
- lv->lock = NULL;
-}
-
-void
-lockedVars_WaitForDone(lockedVars * lv)
-{
- PR_Lock(lv->lock);
- while (lv->count > 0) {
- PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
- }
- PR_Unlock(lv->lock);
-}
-
-int /* returns count */
-lockedVars_AddToCount(lockedVars * lv, int addend)
-{
- int rv;
-
- PR_Lock(lv->lock);
- rv = lv->count += addend;
- if (rv <= 0) {
- PR_NotifyCondVar(lv->condVar);
- }
- PR_Unlock(lv->lock);
- return rv;
-}
diff --git a/security/nss/cmd/SSLsample/sslsample.h b/security/nss/cmd/SSLsample/sslsample.h
deleted file mode 100644
index ea8071bbf..000000000
--- a/security/nss/cmd/SSLsample/sslsample.h
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef SSLSAMPLE_H
-#define SSLSAMPLE_H
-
-/* Generic header files */
-
-#include <stdio.h>
-#include <string.h>
-
-/* NSPR header files */
-
-#include "nspr.h"
-#include "prerror.h"
-#include "prnetdb.h"
-
-/* NSS header files */
-
-#include "pk11func.h"
-#include "secitem.h"
-#include "ssl.h"
-#include "certt.h"
-#include "nss.h"
-#include "secrng.h"
-#include "secder.h"
-#include "key.h"
-#include "sslproto.h"
-
-/* Custom header files */
-
-/*
-#include "sslerror.h"
-*/
-
-#define BUFFER_SIZE 10240
-
-/* Declare SSL cipher suites. */
-
-extern int cipherSuites[];
-extern int ssl2CipherSuites[];
-extern int ssl3CipherSuites[];
-
-/* Data buffer read from a socket. */
-typedef struct DataBufferStr {
- char data[BUFFER_SIZE];
- int index;
- int remaining;
- int dataStart;
- int dataEnd;
-} DataBuffer;
-
-/* SSL callback routines. */
-
-char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg);
-
-SECStatus myAuthCertificate(void *arg, PRFileDesc *socket,
- PRBool checksig, PRBool isServer);
-
-SECStatus myBadCertHandler(void *arg, PRFileDesc *socket);
-
-SECStatus myHandshakeCallback(PRFileDesc *socket, void *arg);
-
-SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket,
- struct CERTDistNamesStr *caNames,
- struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey);
-
-/* Disable all v2/v3 SSL ciphers. */
-
-void disableSSL2Ciphers(void);
-
-void disableSSL3Ciphers(void);
-
-/* Error and information utilities. */
-
-void errWarn(char *function);
-
-void exitErr(char *function);
-
-void printSecurityInfo(PRFileDesc *fd);
-
-/* Some simple thread management routines. */
-
-#define MAX_THREADS 32
-
-typedef SECStatus startFn(void *a, int b);
-
-typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState;
-
-typedef struct perThreadStr {
- PRFileDesc *a;
- int b;
- int rv;
- startFn *startFunc;
- PRThread *prThread;
- PRBool inUse;
- runState running;
-} perThread;
-
-typedef struct GlobalThreadMgrStr {
- PRLock *threadLock;
- PRCondVar *threadStartQ;
- PRCondVar *threadEndQ;
- perThread threads[MAX_THREADS];
- int index;
- int numUsed;
- int numRunning;
-} GlobalThreadMgr;
-
-void thread_wrapper(void * arg);
-
-SECStatus launch_thread(GlobalThreadMgr *threadMGR,
- startFn *startFunc, void *a, int b);
-
-SECStatus reap_threads(GlobalThreadMgr *threadMGR);
-
-void destroy_thread_data(GlobalThreadMgr *threadMGR);
-
-/* Management of locked variables. */
-
-struct lockedVarsStr {
- PRLock * lock;
- int count;
- int waiters;
- PRCondVar * condVar;
-};
-
-typedef struct lockedVarsStr lockedVars;
-
-void lockedVars_Init(lockedVars *lv);
-
-void lockedVars_Destroy(lockedVars *lv);
-
-void lockedVars_WaitForDone(lockedVars *lv);
-
-int lockedVars_AddToCount(lockedVars *lv, int addend);
-
-/* Buffer stuff. */
-
-static const char stopCmd[] = { "GET /stop " };
-static const char defaultHeader[] = {
- "HTTP/1.0 200 OK\r\n"
- "Server: SSL sample server\r\n"
- "Content-type: text/plain\r\n"
- "\r\n"
-};
-
-#endif
diff --git a/security/nss/cmd/atob/Makefile b/security/nss/cmd/atob/Makefile
deleted file mode 100644
index ff6f06e7e..000000000
--- a/security/nss/cmd/atob/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/atob/atob.c b/security/nss/cmd/atob/atob.c
deleted file mode 100644
index 6c75a5972..000000000
--- a/security/nss/cmd/atob/atob.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "plgetopt.h"
-#include "secutil.h"
-#include "nssb64.h"
-
-#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
-#if !defined(WIN32)
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
-extern int fprintf(FILE *, char *, ...);
-#endif
-#endif
-
-#if defined(WIN32)
-#include "fcntl.h"
-#include "io.h"
-#endif
-
-static PRInt32
-output_binary (void *arg, const unsigned char *obuf, PRInt32 size)
-{
- FILE *outFile = arg;
- int nb;
-
- nb = fwrite(obuf, 1, size, outFile);
- if (nb != size) {
- PORT_SetError(SEC_ERROR_IO);
- return -1;
- }
-
- return nb;
-}
-
-static SECStatus
-decode_file(FILE *outFile, FILE *inFile)
-{
- NSSBase64Decoder *cx;
- int nb;
- SECStatus status = SECFailure;
- char ibuf[4096];
-
- cx = NSSBase64Decoder_Create(output_binary, outFile);
- if (!cx) {
- return -1;
- }
-
- for (;;) {
- if (feof(inFile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb != sizeof(ibuf)) {
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- goto loser;
- }
- /* eof */
- break;
- }
- }
-
- status = NSSBase64Decoder_Update(cx, ibuf, nb);
- if (status != SECSuccess) goto loser;
- }
-
- return NSSBase64Decoder_Destroy(cx, PR_FALSE);
-
- loser:
- (void) NSSBase64Decoder_Destroy(cx, PR_TRUE);
- return status;
-}
-
-static void Usage(char *progName)
-{
- fprintf(stderr,
- "Usage: %s [-i input] [-o output]\n",
- progName);
- fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
- fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
- exit(-1);
-}
-
-int main(int argc, char **argv)
-{
- char *progName;
- SECStatus rv;
- FILE *inFile, *outFile;
- PLOptState *optstate;
- PLOptStatus status;
-
- inFile = 0;
- outFile = 0;
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- /* Parse command line arguments */
- optstate = PL_CreateOptState(argc, argv, "i:o:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'i':
- inFile = fopen(optstate->value, "r");
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "wb");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
- }
- }
- if (!inFile) inFile = stdin;
- if (!outFile) {
-#if defined(WIN32)
- int smrv = _setmode(_fileno(stdout), _O_BINARY);
- if (smrv == -1) {
- fprintf(stderr,
- "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
- progName);
- return smrv;
- }
-#endif
- outFile = stdout;
- }
- rv = decode_file(outFile, inFile);
- if (rv != SECSuccess) {
- fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
- progName, PORT_GetError(), errno);
- return -1;
- }
- return 0;
-}
diff --git a/security/nss/cmd/atob/makefile.win b/security/nss/cmd/atob/makefile.win
deleted file mode 100644
index ecccc7bf3..000000000
--- a/security/nss/cmd/atob/makefile.win
+++ /dev/null
@@ -1,155 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-VERBOSE = 1
-include <manifest.mn>
-
-#cannot define PROGRAM in manifest compatibly with NT and UNIX
-PROGRAM = atob
-PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
-include <$(DEPTH)\config\config.mak>
-
-# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
-# rules.mak will append C_OBJS onto OBJS.
-# OBJS = $(CSRCS:.c=.obj)
-
-# include files are looked for in $LINCS and $INCS.
-# $LINCS is in manifest.mnw, computed from REQUIRES=
-INCS = $(INCS) \
- -I$(DEPTH)/security/lib/cert \
- -I../include \
- $(NULL)
-
-IGNORE_ME = \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
- $(NULL)
-
-
-WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
-
-# these files are the content of libdbm
-DBM_LIB = \
- $(WINFE)/DB.obj \
- $(WINFE)/HASH.obj \
- $(WINFE)/H_BIGKEY.obj \
- $(WINFE)/H_PAGE.obj \
- $(WINFE)/H_LOG2.obj \
- $(WINFE)/H_FUNC.obj \
- $(WINFE)/HASH_BUF.obj \
- $(NULL)
-
-MOZ_LIBS = \
- $(WINFE)/ALLXPSTR.obj \
- $(WINFE)/XP_ERROR.obj \
- $(WINFE)/XPASSERT.obj \
- $(WINFE)/XP_REG.obj \
- $(WINFE)/XP_TRACE.obj \
- $(DBM_LIB) \
- $(WINFE)/XP_STR.obj \
- $(WINFE)/MKTEMP.obj \
- $(NULL)
-
-SEC_LIBS = \
- $(DIST)/lib/cert$(MOZ_BITS).lib \
- $(DIST)/lib/crypto$(MOZ_BITS).lib \
- $(DIST)/lib/hash$(MOZ_BITS).lib \
- $(DIST)/lib/key$(MOZ_BITS).lib \
- $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
- $(DIST)/lib/secmod$(MOZ_BITS).lib \
- $(DIST)/lib/secutl$(MOZ_BITS).lib \
- $(DIST)/lib/ssl$(MOZ_BITS).lib \
- $(NULL)
-
-LLFLAGS = $(LLFLAGS) \
- ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
- $(SEC_LIBS) \
- $(MOZ_LIBS) \
- $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
- $(LIBNSPR) \
- $(NULL)
-
-
-# awt3240.lib # brpref32.lib # cert32.lib
-# crypto32.lib # dllcom.lib # editor32.lib
-# edpref32.lib # edtplug.lib # font.lib
-# hash32.lib # htmldg32.lib # img32.lib
-# javart32.lib # jbn3240.lib # jdb3240.lib
-# jmc.lib # jpeg3240.lib # jpw3240.lib
-# jrt3240.lib # js3240.lib # jsd3240.lib
-# key32.lib # libapplet32.lib # libnjs32.lib
-# libnsc32.lib # libreg32.lib # mm3240.lib
-# mnpref32.lib # netcst32.lib # nsdlg32.lib
-# nsldap32.lib # nsldaps32.lib # nsn32.lib
-# pkcs1232.lib # pkcs732.lib # pr3240.lib
-# prefui32.lib # prefuuid.lib # secmod32.lib
-# secnav32.lib # secutl32.lib # softup32.lib
-# sp3240.lib # ssl32.lib # uni3200.lib
-# unicvt32.lib # win32md.lib # winfont.lib
-# xppref32.lib # zlib32.lib
-
-include <$(DEPTH)\config\rules.mak>
-
-INSTALL = $(MAKE_INSTALL)
-
-objs: $(OBJS)
-
-$(PROGRAM)::
- $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
-
-programs: $(PROGRAM)
-
-install:: $(TARGETS)
- $(INSTALL) $(TARGETS) $(DIST)/bin
-
-# ALLXPSTR.obj XP_ALLOC.obj XP_HASH.obj XP_RGB.obj XP_WRAP.obj
-# CXPRINT.obj XP_C.cl XP_LIST.obj XP_SEC.obj netscape.exp
-# CXPRNDLG.obj XP_CNTXT.obj XP_MD5.obj XP_STR.obj xp.pch
-# EXPORT.obj XP_CORE.obj XP_MESG.obj XP_THRMO.obj xppref32.dll
-# XPASSERT.obj XP_ERROR.obj XP_RECT.obj XP_TIME.obj
-# XPLOCALE.obj XP_FILE.obj XP_REG.obj XP_TRACE.obj
-
-
-symbols:
- @echo "CSRCS = $(CSRCS)"
- @echo "INCS = $(INCS)"
- @echo "OBJS = $(OBJS)"
- @echo "LIBRARY = $(LIBRARY)"
- @echo "PROGRAM = $(PROGRAM)"
- @echo "TARGETS = $(TARGETS)"
- @echo "DIST = $(DIST)"
- @echo "VERSION_NUMBER = $(VERSION_NUMBER)"
- @echo "WINFE = $(WINFE)"
- @echo "DBM_LIB = $(DBM_LIB)"
- @echo "INSTALL = $(INSTALL)"
-
diff --git a/security/nss/cmd/atob/manifest.mn b/security/nss/cmd/atob/manifest.mn
deleted file mode 100644
index ed3717be6..000000000
--- a/security/nss/cmd/atob/manifest.mn
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = seccmd dbm
-
-DEFINES = -DNSPR20
-
-CSRCS = atob.c
-
-PROGRAM = atob
-
diff --git a/security/nss/cmd/bltest/Makefile b/security/nss/cmd/bltest/Makefile
deleted file mode 100644
index c99a3c017..000000000
--- a/security/nss/cmd/bltest/Makefile
+++ /dev/null
@@ -1,82 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-#MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \
-# -always-use-cache-dir $(CC)
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#EXTRA_SHARED_LIBS += \
-# -L/usr/lib \
-# -lposix4 \
-# $(NULL)
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-include ../platrules.mk
diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c
deleted file mode 100644
index c5f770e4a..000000000
--- a/security/nss/cmd/bltest/blapitest.c
+++ /dev/null
@@ -1,1798 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "blapi.h"
-#include "prmem.h"
-#include "prprf.h"
-#include "prtime.h"
-#include "prsystem.h"
-#include "plstr.h"
-#include "nssb64.h"
-#include "secutil.h"
-#include "plgetopt.h"
-#include "softoken.h"
-
-char *progName;
-char *testdir = ".";
-
-#define CHECKERROR(rv, ln) \
- if (rv) { \
- char *errtxt = NULL; \
- if (PR_GetError() != 0) { \
- errtxt = PORT_Alloc(PR_GetErrorTextLength()); \
- PR_GetErrorText(errtxt); \
- } \
- PR_fprintf(PR_STDERR, "%s: ERR (%s) at line %d.\n", progName, \
- (errtxt) ? "" : errtxt, ln); \
- exit(-1); \
- }
-
-static void Usage()
-{
-#define PRINTUSAGE(subject, option, predicate) \
- fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate);
- fprintf(stderr, "\n");
- PRINTUSAGE(progName, "[-DEHSV] -m", "List available cipher modes.");
- fprintf(stderr, "\n");
- PRINTUSAGE(progName, "-E -m mode ", "Encrypt a buffer.");
- PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
- PRINTUSAGE("", "", "[-b bufsize] [-g keysize] [-erw]");
- PRINTUSAGE("", "", "[-p repetitions]");
- PRINTUSAGE("", "-m", "cipher mode to use.");
- PRINTUSAGE("", "-i", "file which contains input buffer.");
- PRINTUSAGE("", "-o", "file for output buffer.");
- PRINTUSAGE("", "-k", "file which contains key.");
- PRINTUSAGE("", "-v", "file which contains initialization vector.");
- PRINTUSAGE("", "-b", "size of input buffer.");
- PRINTUSAGE("", "-g", "key size (in bytes).");
- PRINTUSAGE("", "-p", "do performance test.");
- PRINTUSAGE("(rsa)", "-e", "rsa public exponent.");
- PRINTUSAGE("(rc5)", "-r", "number of rounds.");
- PRINTUSAGE("(rc5)", "-w", "wordsize (32 or 64).");
- fprintf(stderr, "\n");
- PRINTUSAGE(progName, "-D -m mode", "Decrypt a buffer.");
- PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
- PRINTUSAGE("", "", "[-p repetitions]");
- PRINTUSAGE("", "-m", "cipher mode to use.");
- PRINTUSAGE("", "-i", "file which contains input buffer.");
- PRINTUSAGE("", "-o", "file for output buffer.");
- PRINTUSAGE("", "-k", "file which contains key.");
- PRINTUSAGE("", "-v", "file which contains initialization vector.");
- PRINTUSAGE("", "-p", "do performance test.");
- fprintf(stderr, "\n");
- PRINTUSAGE(progName, "-H -m mode", "Hash a buffer.");
- PRINTUSAGE("", "", "[-i plaintext] [-o hash]");
- PRINTUSAGE("", "", "[-b bufsize]");
- PRINTUSAGE("", "", "[-p repetitions]");
- PRINTUSAGE("", "-m", "cipher mode to use.");
- PRINTUSAGE("", "-i", "file which contains input buffer.");
- PRINTUSAGE("", "-o", "file for hash.");
- PRINTUSAGE("", "-b", "size of input buffer.");
- PRINTUSAGE("", "-p", "do performance test.");
- fprintf(stderr, "\n");
- PRINTUSAGE(progName, "-S -m mode", "Sign a buffer.");
- PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]");
- PRINTUSAGE("", "", "[-b bufsize]");
- PRINTUSAGE("", "", "[-p repetitions]");
- PRINTUSAGE("", "-m", "cipher mode to use.");
- PRINTUSAGE("", "-i", "file which contains input buffer.");
- PRINTUSAGE("", "-o", "file for signature.");
- PRINTUSAGE("", "-k", "file which contains key.");
- PRINTUSAGE("", "-p", "do performance test.");
- fprintf(stderr, "\n");
- PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer.");
- PRINTUSAGE("", "", "[-i plaintext] [-s signature] [-k key]");
- PRINTUSAGE("", "", "[-p repetitions]");
- PRINTUSAGE("", "-m", "cipher mode to use.");
- PRINTUSAGE("", "-i", "file which contains input buffer.");
- PRINTUSAGE("", "-s", "file which contains signature of input buffer.");
- PRINTUSAGE("", "-k", "file which contains key.");
- PRINTUSAGE("", "-p", "do performance test.");
- fprintf(stderr, "\n");
- PRINTUSAGE(progName, "-F", "Run the FIPS self-test.");
- fprintf(stderr, "\n");
- PRINTUSAGE(progName, "-T [mode1 mode2 ...]", "Run the BLAPI self-test.");
- fprintf(stderr, "\n");
- exit(1);
-}
-
-/* Helper functions for ascii<-->binary conversion/reading/writing */
-
-static PRInt32
-get_binary(void *arg, const unsigned char *ibuf, PRInt32 size)
-{
- SECItem *binary = arg;
- SECItem *tmp;
- int index;
- if (binary->data == NULL) {
- tmp = SECITEM_AllocItem(NULL, NULL, size);
- binary->data = tmp->data;
- binary->len = tmp->len;
- index = 0;
- } else {
- SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size);
- index = binary->len;
- }
- PORT_Memcpy(&binary->data[index], ibuf, size);
- return binary->len;
-}
-
-static PRInt32
-get_ascii(void *arg, const char *ibuf, PRInt32 size)
-{
- SECItem *ascii = arg;
- SECItem *tmp;
- int index;
- if (ascii->data == NULL) {
- tmp = SECITEM_AllocItem(NULL, NULL, size);
- ascii->data = tmp->data;
- ascii->len = tmp->len;
- index = 0;
- } else {
- SECITEM_ReallocItem(NULL, ascii, ascii->len, ascii->len + size);
- index = ascii->len;
- }
- PORT_Memcpy(&ascii->data[index], ibuf, size);
- return ascii->len;
-}
-
-static SECStatus
-atob(SECItem *ascii, SECItem *binary)
-{
- SECStatus status;
- NSSBase64Decoder *cx;
- int len;
- binary->data = NULL;
- binary->len = 0;
- len = (strcmp(&ascii->data[ascii->len-2],"\r\n"))?ascii->len:ascii->len-2;
- cx = NSSBase64Decoder_Create(get_binary, binary);
- status = NSSBase64Decoder_Update(cx, (const char *)ascii->data, len);
- status = NSSBase64Decoder_Destroy(cx, PR_FALSE);
- return status;
-}
-
-static PRInt32
-output_ascii(void *arg, const char *obuf, PRInt32 size)
-{
- PRFileDesc *outfile = arg;
- PRInt32 nb = PR_Write(outfile, obuf, size);
- if (nb != size) {
- PORT_SetError(SEC_ERROR_IO);
- return -1;
- }
- return nb;
-}
-
-static SECStatus
-btoa(SECItem *binary, SECItem *ascii)
-{
- SECStatus status;
- NSSBase64Encoder *cx;
- ascii->data = NULL;
- ascii->len = 0;
- cx = NSSBase64Encoder_Create(get_ascii, ascii);
- status = NSSBase64Encoder_Update(cx, binary->data, binary->len);
- status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
- return status;
-}
-
-static SECStatus
-btoa_file(SECItem *binary, PRFileDesc *outfile)
-{
- SECStatus status;
- NSSBase64Encoder *cx;
- SECItem ascii;
- ascii.data = NULL;
- ascii.len = 0;
- if (binary->len == 0)
- return SECSuccess;
- cx = NSSBase64Encoder_Create(output_ascii, outfile);
- status = NSSBase64Encoder_Update(cx, binary->data, binary->len);
- status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
- status = PR_Write(outfile, "\r\n", 2);
- return status;
-}
-
-static SECStatus
-get_and_write_random_bytes(SECItem *item, PRInt32 numbytes, char *filename)
-{
- SECStatus rv;
- PRFileDesc *file;
- item->len = numbytes;
- item->data = (unsigned char *)PORT_ZAlloc(numbytes);
- RNG_GenerateGlobalRandomBytes(item->data + 1, numbytes - 1);
- file = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660);
- rv = btoa_file(item, file);
- CHECKERROR((rv < 0), __LINE__);
- return (rv < 0);
-}
-
-static RSAPrivateKey *
-rsakey_from_filedata(SECItem *filedata)
-{
- PRArenaPool *arena;
- RSAPrivateKey *key;
- unsigned char *buf = filedata->data;
- int fpos = 0;
- int i;
- SECItem *item;
- /* Allocate space for key structure. */
- arena = PORT_NewArena(2048);
- key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey));
- key->arena = arena;
- item = &key->version;
- for (i=0; i<9; i++) {
- item->len = (buf[fpos++] & 0xff) << 24;
- item->len |= (buf[fpos++] & 0xff) << 16;
- item->len |= (buf[fpos++] & 0xff) << 8;
- item->len |= (buf[fpos++] & 0xff);
- if (item->len > 0) {
- item->data = PORT_ArenaAlloc(arena, item->len);
- PORT_Memcpy(item->data, &buf[fpos], item->len);
- } else {
- item->data = NULL;
- }
- fpos += item->len;
- item++;
- }
- return key;
-}
-
-static void
-rsakey_to_file(RSAPrivateKey *key, char *filename)
-{
- PRFileDesc *file;
- SECItem *item;
- unsigned char len[4];
- int i;
- SECStatus status;
- NSSBase64Encoder *cx;
- SECItem ascii;
- ascii.data = NULL;
- ascii.len = 0;
- file = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660);
- cx = NSSBase64Encoder_Create(output_ascii, file);
- item = &key->version;
- for (i=0; i<9; i++) {
- len[0] = (item->len >> 24) & 0xff;
- len[1] = (item->len >> 16) & 0xff;
- len[2] = (item->len >> 8) & 0xff;
- len[3] = (item->len & 0xff);
- status = NSSBase64Encoder_Update(cx, len, 4);
- status = NSSBase64Encoder_Update(cx, item->data, item->len);
- item++;
- }
- status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
- status = PR_Write(file, "\r\n", 2);
- PR_Close(file);
-}
-
-static PQGParams *
-pqg_from_filedata(SECItem *filedata)
-{
- PRArenaPool *arena;
- PQGParams *pqg;
- unsigned char *buf = filedata->data;
- int fpos = 0;
- int i;
- SECItem *item;
- /* Allocate space for key structure. */
- arena = PORT_NewArena(2048);
- pqg = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
- pqg->arena = arena;
- item = &pqg->prime;
- for (i=0; i<3; i++) {
- item->len = (buf[fpos++] & 0xff) << 24;
- item->len |= (buf[fpos++] & 0xff) << 16;
- item->len |= (buf[fpos++] & 0xff) << 8;
- item->len |= (buf[fpos++] & 0xff);
- if (item->len > 0) {
- item->data = PORT_ArenaAlloc(arena, item->len);
- PORT_Memcpy(item->data, &buf[fpos], item->len);
- } else {
- item->data = NULL;
- }
- fpos += item->len;
- item++;
- }
- return pqg;
-}
-
-static DSAPrivateKey *
-dsakey_from_filedata(SECItem *filedata)
-{
- PRArenaPool *arena;
- DSAPrivateKey *key;
- unsigned char *buf = filedata->data;
- int fpos = 0;
- int i;
- SECItem *item;
- /* Allocate space for key structure. */
- arena = PORT_NewArena(2048);
- key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey));
- key->params.arena = arena;
- item = &key->params.prime;
- for (i=0; i<5; i++) {
- item->len = (buf[fpos++] & 0xff) << 24;
- item->len |= (buf[fpos++] & 0xff) << 16;
- item->len |= (buf[fpos++] & 0xff) << 8;
- item->len |= (buf[fpos++] & 0xff);
- if (item->len > 0) {
- item->data = PORT_ArenaAlloc(arena, item->len);
- PORT_Memcpy(item->data, &buf[fpos], item->len);
- } else {
- item->data = NULL;
- }
- fpos += item->len;
- item++;
- }
- return key;
-}
-
-static void
-pqg_to_file(PQGParams *params, char *filename)
-{
- PRFileDesc *file;
- SECItem *item;
- unsigned char len[4];
- int i;
- SECStatus status;
- NSSBase64Encoder *cx;
- SECItem ascii;
- ascii.data = NULL;
- ascii.len = 0;
- file = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660);
- cx = NSSBase64Encoder_Create(output_ascii, file);
- item = &params->prime;
- for (i=0; i<3; i++) {
- len[0] = (item->len >> 24) & 0xff;
- len[1] = (item->len >> 16) & 0xff;
- len[2] = (item->len >> 8) & 0xff;
- len[3] = (item->len & 0xff);
- status = NSSBase64Encoder_Update(cx, len, 4);
- status = NSSBase64Encoder_Update(cx, item->data, item->len);
- item++;
- }
- status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
- status = PR_Write(file, "\r\n", 2);
-}
-
-static void
-dsakey_to_file(DSAPrivateKey *key, char *filename)
-{
- PRFileDesc *file;
- SECItem *item;
- unsigned char len[4];
- int i;
- SECStatus status;
- NSSBase64Encoder *cx;
- SECItem ascii;
- ascii.data = NULL;
- ascii.len = 0;
- file = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660);
- cx = NSSBase64Encoder_Create(output_ascii, file);
- item = &key->params.prime;
- for (i=0; i<5; i++) {
- len[0] = (item->len >> 24) & 0xff;
- len[1] = (item->len >> 16) & 0xff;
- len[2] = (item->len >> 8) & 0xff;
- len[3] = (item->len & 0xff);
- status = NSSBase64Encoder_Update(cx, len, 4);
- status = NSSBase64Encoder_Update(cx, item->data, item->len);
- item++;
- }
- status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
- status = PR_Write(file, "\r\n", 2);
-}
-
-static void
-dump_pqg(PQGParams *pqg)
-{
- SECU_PrintInteger(stdout, &pqg->prime, "PRIME:", 0);
- SECU_PrintInteger(stdout, &pqg->subPrime, "SUBPRIME:", 0);
- SECU_PrintInteger(stdout, &pqg->base, "BASE:", 0);
-}
-
-static void
-dump_dsakey(DSAPrivateKey *key)
-{
- dump_pqg(&key->params);
- SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0);
- SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
-}
-
-/* Multi-purpose crypto information */
-typedef struct
-{
- PRBool encrypt;
- PRBool decrypt;
- PRBool sign;
- PRBool verify;
- PRBool hash;
- SECItem seed;
- SECItem pqg;
- SECItem key;
- SECItem iv;
- SECItem in;
- SECItem out;
- SECItem sigseed;
- PRInt32 keysize;
- PRInt32 bufsize;
- PRBool useseed;
- PRBool usesigseed;
- PRBool performance;
- PRBool multihash;
- PQGParams *params; /* DSA only */
- unsigned int rounds; /* RC5 only */
- unsigned int wordsize; /* RC5 only */
- unsigned int rsapubexp; /* RSA only */
- unsigned int repetitions; /* performance tests only */
-} blapitestInfo;
-
-/* Macros for performance timing. */
-#define TIMESTART() \
- if (info->performance) \
- time1 = PR_IntervalNow();
-
-#define TIMEFINISH(mode, nb) \
- if (info->performance) { \
- time2 = (PRIntervalTime)(PR_IntervalNow() - time1); \
- time1 = PR_IntervalToMilliseconds(time2); \
- printf("%s,%d,%.3f\n", mode, nb, ((float)(time1))/info->repetitions); \
- }
-
-SECStatus
-fillitem(SECItem *item, int numbytes, char *filename)
-{
- if (item->len == 0)
- return get_and_write_random_bytes(item, numbytes, filename);
- return SECSuccess;
-}
-
-/************************
-** DES
-************************/
-
-/* encrypt/decrypt for all DES */
-static SECStatus
-des_common(DESContext *descx, blapitestInfo *info)
-{
- PRInt32 maxsize;
- SECStatus rv;
- PRIntervalTime time1, time2;
- int i, numiter;
- numiter = info->repetitions;
- maxsize = info->in.len;
- info->out.data = (unsigned char *)PORT_ZAlloc(maxsize);
- if (info->encrypt) {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = DES_Encrypt(descx, info->out.data, &info->out.len, maxsize,
- info->in.data, info->in.len);
- TIMEFINISH("DES ENCRYPT", maxsize);
- if (rv) {
- fprintf(stderr, "%s: Failed to encrypt!\n", progName);
- CHECKERROR(rv, __LINE__);
- }
- } else {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = DES_Decrypt(descx, info->out.data, &info->out.len, maxsize,
- info->in.data, info->in.len);
- TIMEFINISH("DES DECRYPT", maxsize);
- if (rv) {
- fprintf(stderr, "%s: Failed to decrypt!\n", progName);
- CHECKERROR(rv, __LINE__);
- }
- }
- return rv;
-}
-
-/* DES codebook mode */
-static SECStatus
-des_ecb_test(blapitestInfo *info)
-{
- SECStatus rv;
- DESContext *descx;
- PRIntervalTime time1, time2;
- int i, numiter = info->repetitions;
- fillitem(&info->key, DES_KEY_LENGTH, "tmp.key");
- fillitem(&info->in, info->bufsize, "tmp.pt");
- TIMESTART();
- for (i=0; i<numiter-1; i++) {
- descx = DES_CreateContext(info->key.data, NULL, NSS_DES, info->encrypt);
- DES_DestroyContext(descx, PR_TRUE);
- }
- descx = DES_CreateContext(info->key.data, NULL, NSS_DES, info->encrypt);
- TIMEFINISH("DES ECB CONTEXT CREATE", info->key.len);
- if (!descx) {
- fprintf(stderr,"%s: Failed to create encryption context!\n", progName);
- return SECFailure;
- }
- rv = des_common(descx, info);
- CHECKERROR(rv, __LINE__);
- DES_DestroyContext(descx, PR_TRUE);
- return rv;
-}
-
-/* DES chaining mode */
-static SECStatus
-des_cbc_test(blapitestInfo *info)
-{
- SECStatus rv;
- DESContext *descx;
- PRIntervalTime time1, time2;
- int i, numiter = info->repetitions;
- fillitem(&info->key, DES_KEY_LENGTH, "tmp.key");
- fillitem(&info->in, info->bufsize, "tmp.pt");
- fillitem(&info->iv, DES_KEY_LENGTH, "tmp.iv");
- TIMESTART();
- for (i=0; i<numiter-1; i++) {
- descx = DES_CreateContext(info->key.data, info->iv.data, NSS_DES_CBC,
- info->encrypt);
- DES_DestroyContext(descx, PR_TRUE);
- }
- descx = DES_CreateContext(info->key.data, info->iv.data, NSS_DES_CBC,
- info->encrypt);
- TIMEFINISH("DES CBC CONTEXT CREATE", info->key.len);
- if (!descx) {
- PR_fprintf(PR_STDERR,
- "%s: Failed to create encryption context!\n", progName);
- return SECFailure;
- }
- if (info->performance) {
- /* In chaining mode, repeated iterations of the encryption
- * function using the same context will alter the final output.
- * So, once the performance test is done, reset the context
- * and perform a single iteration to obtain the correct result.
- */
- int tmp = info->repetitions;
- rv = des_common(descx, info);
- DES_DestroyContext(descx, PR_TRUE);
- descx = DES_CreateContext(info->key.data, info->iv.data, NSS_DES_CBC,
- info->encrypt);
- info->performance = PR_FALSE;
- info->repetitions = 1;
- rv = des_common(descx, info);
- info->performance = PR_TRUE;
- info->repetitions = tmp;
- } else {
- rv = des_common(descx, info);
- }
- CHECKERROR(rv, __LINE__);
- DES_DestroyContext(descx, PR_TRUE);
- return rv;
-}
-
-/* 3-key Triple-DES codebook mode */
-static SECStatus
-des_ede_ecb_test(blapitestInfo *info)
-{
- SECStatus rv;
- DESContext *descx;
- PRIntervalTime time1, time2;
- int i, numiter = info->repetitions;
- fillitem(&info->key, 3*DES_KEY_LENGTH, "tmp.key");
- fillitem(&info->in, info->bufsize, "tmp.pt");
- TIMESTART();
- for (i=0; i<numiter-1; i++) {
- descx = DES_CreateContext(info->key.data, NULL, NSS_DES_EDE3,
- info->encrypt);
- DES_DestroyContext(descx, PR_TRUE);
- }
- descx = DES_CreateContext(info->key.data, NULL, NSS_DES_EDE3,
- info->encrypt);
- TIMEFINISH("3DES ECB CONTEXT CREATE", info->key.len);
- if (!descx) {
- fprintf(stderr,"%s: Failed to create encryption context!\n", progName);
- return SECFailure;
- }
- rv = des_common(descx, info);
- CHECKERROR(rv, __LINE__);
- DES_DestroyContext(descx, PR_TRUE);
- return rv;
-}
-
-/* 3-key Triple-DES chaining mode */
-static SECStatus
-des_ede_cbc_test(blapitestInfo *info)
-{
- SECStatus rv;
- DESContext *descx;
- PRIntervalTime time1, time2;
- int i, numiter = info->repetitions;
- fillitem(&info->key, 3*DES_KEY_LENGTH, "tmp.key");
- fillitem(&info->in, info->bufsize, "tmp.pt");
- fillitem(&info->iv, DES_KEY_LENGTH, "tmp.iv");
- TIMESTART();
- for (i=0; i<numiter-1; i++) {
- descx = DES_CreateContext(info->key.data, info->iv.data,
- NSS_DES_EDE3_CBC, info->encrypt);
- DES_DestroyContext(descx, PR_TRUE);
- }
- descx = DES_CreateContext(info->key.data, info->iv.data, NSS_DES_EDE3_CBC,
- info->encrypt);
- TIMEFINISH("3DES CBC CONTEXT CREATE", info->key.len);
- if (!descx) {
- fprintf(stderr,"%s: Failed to create encryption context!\n", progName);
- return SECFailure;
- }
- if (info->performance) {
- /* In chaining mode, repeated iterations of the encryption
- * function using the same context will alter the final output.
- * So, once the performance test is done, reset the context
- * and perform a single iteration to obtain the correct result.
- */
- int tmp = info->repetitions;
- rv = des_common(descx, info);
- DES_DestroyContext(descx, PR_TRUE);
- descx = DES_CreateContext(info->key.data, info->iv.data,
- NSS_DES_EDE3_CBC, info->encrypt);
- info->performance = PR_FALSE;
- info->repetitions = 1;
- rv = des_common(descx, info);
- info->performance = PR_TRUE;
- info->repetitions = tmp;
- } else {
- rv = des_common(descx, info);
- }
- CHECKERROR(rv, __LINE__);
- DES_DestroyContext(descx, PR_TRUE);
- return rv;
-}
-
-/************************
-** RC2
-************************/
-
-/* RC2 ECB */
-static SECStatus
-rc2_ecb_test(blapitestInfo *info)
-{
- SECStatus rv;
- RC2Context *rc2cx;
- PRIntervalTime time1, time2;
- int i, numiter = info->repetitions;
- fillitem(&info->key, info->keysize, "tmp.key");
- fillitem(&info->in, info->bufsize, "tmp.pt");
- TIMESTART();
- for (i=0; i<numiter-1; i++) {
- rc2cx = RC2_CreateContext(info->key.data, info->key.len, NULL,
- NSS_RC2, info->key.len);
- RC2_DestroyContext(rc2cx, PR_TRUE);
- }
- rc2cx = RC2_CreateContext(info->key.data, info->key.len, NULL,
- NSS_RC2, info->key.len);
- TIMEFINISH("RC2 ECB CONTEXT CREATE", info->key.len);
- if (!rc2cx) {
- fprintf(stderr,"%s: Failed to create encryption context!\n", progName);
- return SECFailure;
- }
- info->out.len = 2*info->in.len;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- if (info->encrypt) {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = RC2_Encrypt(rc2cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- TIMEFINISH("RC2 ECB ENCRYPT", info->in.len);
- CHECKERROR(rv, __LINE__);
- } else {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = RC2_Decrypt(rc2cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- TIMEFINISH("RC2 ECB DECRYPT", info->in.len);
- CHECKERROR(rv, __LINE__);
- }
- RC2_DestroyContext(rc2cx, PR_TRUE);
- return rv;
-}
-
-/* RC2 CBC */
-static SECStatus
-rc2_cbc_test(blapitestInfo *info)
-{
- SECStatus rv;
- RC2Context *rc2cx;
- PRIntervalTime time1, time2;
- int i, numiter = info->repetitions;
- fillitem(&info->key, info->keysize, "tmp.key");
- fillitem(&info->in, info->bufsize, "tmp.pt");
- fillitem(&info->iv, info->bufsize, "tmp.iv");
- TIMESTART();
- for (i=0; i<numiter-1; i++) {
- rc2cx = RC2_CreateContext(info->key.data, info->key.len, info->iv.data,
- NSS_RC2_CBC, info->key.len);
- RC2_DestroyContext(rc2cx, PR_TRUE);
- }
- rc2cx = RC2_CreateContext(info->key.data, info->key.len, info->iv.data,
- NSS_RC2_CBC, info->key.len);
- TIMEFINISH("RC2 CBC CONTEXT CREATE", info->key.len);
- if (!rc2cx) {
- fprintf(stderr,"%s: Failed to create encryption context!\n", progName);
- return SECFailure;
- }
- info->out.len = 2*info->in.len;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- if (info->encrypt) {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = RC2_Encrypt(rc2cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- TIMEFINISH("RC2 CBC ENCRYPT", info->in.len);
- if (info->performance) {
- /* reset the context */
- RC2_DestroyContext(rc2cx, PR_TRUE);
- rc2cx = RC2_CreateContext(info->key.data, info->key.len,
- info->iv.data, NSS_RC2_CBC, info->key.len);
- rv = RC2_Encrypt(rc2cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- }
- CHECKERROR(rv, __LINE__);
- if (rv) {
- fprintf(stderr, "%s: Failed to encrypt!\n", progName);
- CHECKERROR(rv, __LINE__);
- }
- } else {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = RC2_Decrypt(rc2cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- TIMEFINISH("RC2 CBC DECRYPT", info->in.len);
- if (info->performance) {
- /* reset the context */
- RC2_DestroyContext(rc2cx, PR_TRUE);
- rc2cx = RC2_CreateContext(info->key.data, info->key.len,
- info->iv.data, NSS_RC2_CBC, info->key.len);
- rv = RC2_Decrypt(rc2cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- }
- if (rv) {
- fprintf(stderr, "%s: Failed to decrypt!\n", progName);
- CHECKERROR(rv, __LINE__);
- }
- }
- RC2_DestroyContext(rc2cx, PR_TRUE);
- return rv;
-}
-
-/************************
-** RC4
-************************/
-
-static SECStatus
-rc4_test(blapitestInfo *info)
-{
- SECStatus rv;
- RC4Context *rc4cx;
- PRIntervalTime time1, time2;
- int i, numiter;
- numiter = info->repetitions;
- fillitem(&info->key, info->keysize, "tmp.key");
- fillitem(&info->in, info->bufsize, "tmp.pt");
- TIMESTART();
- for (i=0; i<numiter-1; i++) {
- rc4cx = RC4_CreateContext(info->key.data, info->key.len);
- RC4_DestroyContext(rc4cx, PR_TRUE);
- }
- rc4cx = RC4_CreateContext(info->key.data, info->key.len);
- TIMEFINISH("RC4 CONTEXT CREATE", info->key.len);
- if (!rc4cx) {
- fprintf(stderr,"%s: Failed to create encryption context!\n", progName);
- return SECFailure;
- }
- info->out.len = 2*info->in.len;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- if (info->encrypt) {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = RC4_Encrypt(rc4cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- TIMEFINISH("RC4 ENCRYPT", info->in.len);
- if (info->performance) {
- /* reset the context */
- RC4_DestroyContext(rc4cx, PR_TRUE);
- rc4cx = RC4_CreateContext(info->key.data, info->key.len);
- rv = RC4_Encrypt(rc4cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- }
- if (rv) {
- fprintf(stderr, "%s: Failed to encrypt!\n", progName);
- CHECKERROR(rv, __LINE__);
- }
- } else {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = RC4_Decrypt(rc4cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- TIMEFINISH("RC4 DECRYPT", info->in.len);
- if (info->performance) {
- /* reset the context */
- RC4_DestroyContext(rc4cx, PR_TRUE);
- rc4cx = RC4_CreateContext(info->key.data, info->key.len);
- rv = RC4_Decrypt(rc4cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- }
- if (rv) {
- fprintf(stderr, "%s: Failed to decrypt!\n", progName);
- CHECKERROR(rv, __LINE__);
- }
- }
- RC4_DestroyContext(rc4cx, PR_TRUE);
- return rv;
-}
-
-/************************
-** RC5
-************************/
-
-/* RC5 ECB */
-static SECStatus
-rc5_ecb_test(blapitestInfo *info)
-{
- SECStatus rv;
- RC5Context *rc5cx;
- PRIntervalTime time1, time2;
- int i, numiter;
- numiter = info->repetitions;
- fillitem(&info->key, info->keysize, "tmp.key");
- fillitem(&info->in, info->bufsize, "tmp.pt");
- TIMESTART();
- for (i=0; i<numiter-1; i++) {
- rc5cx = RC5_CreateContext(&info->key, info->rounds, info->wordsize,
- NULL, NSS_RC5);
- RC5_DestroyContext(rc5cx, PR_TRUE);
- }
- rc5cx = RC5_CreateContext(&info->key, info->rounds, info->wordsize,
- NULL, NSS_RC5);
- TIMEFINISH("RC5 ECB CONTEXT CREATE", info->key.len);
- if (!rc5cx) {
- fprintf(stderr,"%s: Failed to create encryption context!\n", progName);
- return SECFailure;
- }
- info->out.len = 2*info->in.len;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- if (info->encrypt) {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = RC5_Encrypt(rc5cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- TIMEFINISH("RC5 ECB ENCRYPT", info->in.len);
- if (rv) {
- fprintf(stderr, "%s: Failed to encrypt!\n", progName);
- CHECKERROR(rv, __LINE__);
- }
- } else {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = RC5_Decrypt(rc5cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- TIMEFINISH("RC5 ECB ENCRYPT", info->in.len);
- if (rv) {
- fprintf(stderr, "%s: Failed to decrypt!\n", progName);
- CHECKERROR(rv, __LINE__);
- }
- }
- RC5_DestroyContext(rc5cx, PR_TRUE);
- return rv;
-}
-
-/* RC5 CBC */
-static SECStatus
-rc5_cbc_test(blapitestInfo *info)
-{
- SECStatus rv;
- RC5Context *rc5cx;
- PRIntervalTime time1, time2;
- int i, numiter;
- numiter = info->repetitions;
- fillitem(&info->key, info->keysize, "tmp.key");
- fillitem(&info->in, info->bufsize, "tmp.pt");
- fillitem(&info->iv, info->bufsize, "tmp.iv");
- TIMESTART();
- for (i=0; i<numiter-1; i++) {
- rc5cx = RC5_CreateContext(&info->key, info->rounds, info->wordsize,
- info->iv.data, NSS_RC5_CBC);
- RC5_DestroyContext(rc5cx, PR_TRUE);
- }
- rc5cx = RC5_CreateContext(&info->key, info->rounds, info->wordsize,
- info->iv.data, NSS_RC5_CBC);
- TIMEFINISH("RC5 CBC CONTEXT CREATE", info->key.len);
- if (!rc5cx) {
- fprintf(stderr,"%s: Failed to create encryption context!\n", progName);
- return SECFailure;
- }
- info->out.len = 2*info->in.len;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- if (info->encrypt) {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = RC5_Encrypt(rc5cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- TIMEFINISH("RC5 CBC ENCRYPT", info->in.len);
- if (info->performance) {
- /* reset the context */
- RC5_DestroyContext(rc5cx, PR_TRUE);
- rc5cx = RC5_CreateContext(&info->key, info->rounds, info->wordsize,
- info->iv.data, NSS_RC5_CBC);
- rv = RC5_Encrypt(rc5cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- }
- if (rv) {
- fprintf(stderr, "%s: Failed to encrypt!\n", progName);
- CHECKERROR(rv, __LINE__);
- }
- } else {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = RC5_Decrypt(rc5cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- TIMEFINISH("RC5 CBC DECRYPT", info->in.len);
- if (info->performance) {
- /* reset the context */
- RC5_DestroyContext(rc5cx, PR_TRUE);
- rc5cx = RC5_CreateContext(&info->key, info->rounds, info->wordsize,
- info->iv.data, NSS_RC5_CBC);
- rv = RC5_Decrypt(rc5cx, info->out.data, &info->out.len,
- info->out.len, info->in.data, info->in.len);
- }
- if (rv) {
- fprintf(stderr, "%s: Failed to decrypt!\n", progName);
- CHECKERROR(rv, __LINE__);
- }
- }
- RC5_DestroyContext(rc5cx, PR_TRUE);
- return rv;
-}
-
-static SECStatus
-rsa_test(blapitestInfo *info)
-{
- RSAPrivateKey *key;
- SECItem expitem;
- SECStatus rv;
- PRIntervalTime time1, time2;
- int i, j, numiter;
- unsigned int modLen;
- numiter = info->repetitions;
- fillitem(&info->in, info->bufsize, "tmp.pt");
- if (info->key.len > 0) {
- key = rsakey_from_filedata(&info->key);
- } else {
- expitem.len = 4;
- expitem.data = (unsigned char *)PORT_ZAlloc(4);
- expitem.data[0] = (info->rsapubexp >> 24) & 0xff;
- expitem.data[1] = (info->rsapubexp >> 16) & 0xff;
- expitem.data[2] = (info->rsapubexp >> 8) & 0xff;
- expitem.data[3] = (info->rsapubexp & 0xff);
- TIMESTART();
- for (i=0; i<numiter-1; i++) {
- key = RSA_NewKey(info->keysize*8, &expitem);
- PORT_FreeArena(key->arena, PR_TRUE);
- }
- key = RSA_NewKey(info->keysize*8, &expitem);
- TIMEFINISH("RSA KEY GEN", info->keysize);
- rsakey_to_file(key, "tmp.key");
- }
- if (key->modulus.data[0] == 0) {
- /* integer value of input must be less than modulus */
- if (info->in.data[0] >= key->modulus.data[1])
- return SECFailure;
- } else {
- if (info->in.data[0] >= key->modulus.data[0])
- return SECFailure;
- }
- modLen = key->modulus.len - !key->modulus.data[0];
- if (info->in.len % modLen != 0) {
- fprintf(stderr, "Input buffer must be a multiple of modulus length!\n");
- return SECFailure;
- }
- info->out.len = info->in.len;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- if (info->encrypt) {
- RSAPublicKey pubkey;
- SECITEM_CopyItem(key->arena, &pubkey.modulus, &key->modulus);
- SECITEM_CopyItem(key->arena, &pubkey.publicExponent,
- &key->publicExponent);
- TIMESTART();
- for (i=0; i<numiter; i++) {
- for (j=0; j<info->in.len; j+=pubkey.modulus.len) {
- rv = RSA_PublicKeyOp(&pubkey, &info->out.data[j],
- &info->in.data[j]);
- }
- }
- TIMEFINISH("RSA ENCRYPT", info->in.len);
- CHECKERROR(rv, __LINE__);
- } else {
- TIMESTART();
- for (i=info->repetitions; i>0; i--) {
- for (j=0; j<info->in.len; j+=key->modulus.len) {
- rv = RSA_PrivateKeyOp(key, &info->out.data[j],
- &info->in.data[j]);
- }
- }
- TIMEFINISH("RSA DECRYPT", info->in.len);
- CHECKERROR(rv, __LINE__);
- }
- PORT_FreeArena(key->arena, PR_TRUE);
- return SECSuccess;
-}
-
-static SECStatus
-pqg_test(blapitestInfo *info)
-{
- SECStatus rv = SECSuccess;
- PQGVerify *verify;
- PRIntervalTime time1, time2;
- int i, numiter;
- numiter = info->repetitions;
- if (info->pqg.len > 0) {
- info->params = pqg_from_filedata(&info->pqg);
- } else {
- TIMESTART();
- for (i=0; i<numiter-1; i++) {
- rv = PQG_ParamGen(info->keysize, &info->params, &verify);
- PORT_FreeArena(info->params->arena, PR_TRUE);
- }
- rv = PQG_ParamGen(info->keysize, &info->params, &verify);
- TIMEFINISH("PQG PARAM GEN", info->keysize);
- pqg_to_file(info->params, "tmp.pqg");
- }
- CHECKERROR(rv, __LINE__);
- return rv;
-}
-
-static SECStatus
-dsa_test(blapitestInfo *info)
-{
- DSAPrivateKey *key;
- SECStatus rv = SECSuccess;
- PRIntervalTime time1, time2;
- int i, numiter;
- numiter = info->repetitions;
- fillitem(&info->in, info->bufsize, "tmp.pt");
- if (info->key.len > 0) {
- key = dsakey_from_filedata(&info->key);
- } else {
- pqg_test(info);
- if (info->useseed) {
- if (info->seed.len == 0)
- get_and_write_random_bytes(&info->seed, DSA_SUBPRIME_LEN,
- "tmp.seed");
- rv = DSA_NewKeyFromSeed(info->params, info->seed.data, &key);
- } else {
- rv = DSA_NewKey(info->params, &key);
- }
- CHECKERROR(rv, __LINE__);
- dsakey_to_file(key, "tmp.key");
- }
- if (info->sign) {
- info->out.len = 48;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- if (info->usesigseed) {
- if (info->sigseed.len == 0)
- get_and_write_random_bytes(&info->sigseed, DSA_SUBPRIME_LEN,
- "tmp.sigseed");
- TIMESTART();
- rv = DSA_SignDigestWithSeed(key, &info->out, &info->in,
- info->sigseed.data);
- TIMEFINISH("DSA SIGN", info->in.len);
- } else {
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = DSA_SignDigest(key, &info->out, &info->in);
- TIMEFINISH("DSA SIGN", info->in.len);
- }
- CHECKERROR(rv, __LINE__);
- } else {
- DSAPublicKey pubkey;
- PRArenaPool *arena;
- arena = key->params.arena;
- SECITEM_CopyItem(arena, &pubkey.params.prime, &key->params.prime);
- SECITEM_CopyItem(arena, &pubkey.params.subPrime, &key->params.subPrime);
- SECITEM_CopyItem(arena, &pubkey.params.base, &key->params.base);
- SECITEM_CopyItem(arena, &pubkey.publicValue, &key->publicValue);
- TIMESTART();
- for (i=0; i<numiter; i++)
- rv = DSA_VerifyDigest(&pubkey, &info->out, &info->in);
- TIMEFINISH("DSA VERIFY", info->in.len);
- if (rv == SECSuccess) {
- PR_fprintf(PR_STDOUT, "Signature verified.\n");
- } else {
- PR_fprintf(PR_STDOUT, "Signature failed verification!\n");
- CHECKERROR(rv, __LINE__);
- }
- }
- PORT_FreeArena(key->params.arena, PR_TRUE);
- return SECSuccess;
-}
-
-static SECStatus
-md5_multi_test(blapitestInfo *info)
-{
- SECStatus rv = SECSuccess;
- MD5Context *md5cx;
- unsigned int len;
- MD5Context *foomd5cx;
- unsigned char *foomd5;
- int i;
- if (info->in.len == 0) {
- rv = get_and_write_random_bytes(&info->in, info->bufsize, "tmp.pt");
- CHECKERROR(rv, __LINE__);
- }
- md5cx = MD5_NewContext();
- if (!md5cx) {
- PR_fprintf(PR_STDERR,
- "%s: Failed to create hash context!\n", progName);
- return SECFailure;
- }
- info->out.len = MD5_LENGTH;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- MD5_Begin(md5cx);
- for (i=0; i<info->bufsize/8; i++) {
- MD5_Update(md5cx, &info->in.data[i*8], 8);
- len = MD5_FlattenSize(md5cx);
- foomd5 = PORT_Alloc(len);
- MD5_Flatten(md5cx, foomd5);
- foomd5cx = MD5_Resurrect(foomd5, NULL);
- rv = PORT_Memcmp(foomd5cx, md5cx, len);
- if (rv != SECSuccess)
- PR_fprintf(PR_STDERR, "%s: MD5_Resurrect failed!\n", progName);
- MD5_DestroyContext(foomd5cx, PR_TRUE);
- PORT_Free(foomd5);
- }
- MD5_End(md5cx, info->out.data, &len, MD5_LENGTH);
- if (len != MD5_LENGTH)
- PR_fprintf(PR_STDERR, "%s: Bad hash size %d.\n", progName, len);
- MD5_DestroyContext(md5cx, PR_TRUE);
- return rv;
-}
-
-static SECStatus
-md5_test(blapitestInfo *info)
-{
- SECStatus rv = SECSuccess;
- PRIntervalTime time1, time2;
- int i;
- if (!info->hash) return SECFailure;
- if (info->multihash) return md5_multi_test(info);
- if (info->in.len == 0) {
- rv = get_and_write_random_bytes(&info->in, info->bufsize, "tmp.pt");
- CHECKERROR(rv, __LINE__);
- }
- info->out.len = MD5_LENGTH;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- TIMESTART();
- for (i=info->repetitions; i>0; i--) {
- MD5_HashBuf(info->out.data, info->in.data, info->in.len);
- }
- TIMEFINISH("MD5 HASH", info->in.len);
- return rv;
-}
-
-static SECStatus
-md2_multi_test(blapitestInfo *info)
-{
- SECStatus rv = SECSuccess;
- MD2Context *md2cx;
- unsigned int len;
- MD2Context *foomd2cx;
- unsigned char *foomd2;
- int i;
- if (!info->hash) return SECFailure;
- if (info->in.len == 0) {
- rv = get_and_write_random_bytes(&info->in, info->bufsize, "tmp.pt");
- CHECKERROR(rv, __LINE__);
- }
- md2cx = MD2_NewContext();
- if (!md2cx) {
- PR_fprintf(PR_STDERR,
- "%s: Failed to create hash context!\n", progName);
- return SECFailure;
- }
- info->out.len = MD2_LENGTH;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- MD2_Begin(md2cx);
- for (i=0; i<info->bufsize/8; i++) {
- MD2_Update(md2cx, &info->in.data[i*8], 8);
- len = MD2_FlattenSize(md2cx);
- foomd2 = PORT_Alloc(len);
- MD2_Flatten(md2cx, foomd2);
- foomd2cx = MD2_Resurrect(foomd2, NULL);
- rv = PORT_Memcmp(foomd2cx, md2cx, len);
- if (rv != SECSuccess)
- PR_fprintf(PR_STDERR, "%s: MD2_Resurrect failed!\n", progName);
- MD2_DestroyContext(foomd2cx, PR_TRUE);
- PORT_Free(foomd2);
- }
- MD2_End(md2cx, info->out.data, &len, MD2_LENGTH);
- if (len != MD2_LENGTH)
- PR_fprintf(PR_STDERR, "%s: Bad hash size %d.\n", progName, len);
- MD2_DestroyContext(md2cx, PR_TRUE);
- return rv;
-}
-
-static SECStatus
-md2_test(blapitestInfo *info)
-{
- unsigned int len;
- MD2Context *cx = MD2_NewContext();
- SECStatus rv = SECSuccess;
- PRIntervalTime time1, time2;
- int i;
- if (!info->hash) return SECFailure;
- if (info->multihash) return md2_multi_test(info);
- if (info->in.len == 0) {
- rv = get_and_write_random_bytes(&info->in, info->bufsize, "tmp.pt");
- CHECKERROR(rv, __LINE__);
- }
- info->out.len = 16;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- info->in.data[info->in.len] = '\0';
- TIMESTART();
- for (i=0; i<info->repetitions; i++) {
- MD2_Begin(cx);
- MD2_Update(cx, info->in.data, info->in.len);
- MD2_End(cx, info->out.data, &len, 16);
- }
- TIMEFINISH("MD2 HASH", info->in.len);
- MD2_DestroyContext(cx, PR_TRUE);
- return rv;
-}
-
-static SECStatus
-sha1_multi_test(blapitestInfo *info)
-{
- SECStatus rv = SECSuccess;
- SHA1Context *sha1cx;
- unsigned int len;
- SHA1Context *foosha1cx;
- unsigned char *foosha1;
- int i;
- if (info->in.len == 0) {
- rv = get_and_write_random_bytes(&info->in, info->bufsize, "tmp.pt");
- CHECKERROR(rv, __LINE__);
- }
- sha1cx = SHA1_NewContext();
- if (!sha1cx) {
- PR_fprintf(PR_STDERR,
- "%s: Failed to create hash context!\n", progName);
- return SECFailure;
- }
- info->out.len = SHA1_LENGTH;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- SHA1_Begin(sha1cx);
- for (i=0; i<info->bufsize/8; i++) {
- SHA1_Update(sha1cx, &info->in.data[i*8], 8);
- len = SHA1_FlattenSize(sha1cx);
- foosha1 = PORT_Alloc(len);
- SHA1_Flatten(sha1cx, foosha1);
- foosha1cx = SHA1_Resurrect(foosha1, NULL);
- rv = PORT_Memcmp(foosha1cx, sha1cx, len);
- if (rv != SECSuccess)
- PR_fprintf(PR_STDERR, "%s: SHA1_Resurrect failed!\n", progName);
- SHA1_DestroyContext(foosha1cx, PR_TRUE);
- PORT_Free(foosha1);
- }
- SHA1_End(sha1cx, info->out.data, &len, SHA1_LENGTH);
- if (len != SHA1_LENGTH)
- PR_fprintf(PR_STDERR, "%s: Bad hash size %d.\n", progName, len);
- SHA1_DestroyContext(sha1cx, PR_TRUE);
- return rv;
-}
-
-static SECStatus
-sha1_test(blapitestInfo *info)
-{
- unsigned int len;
- SHA1Context *cx = SHA1_NewContext();
- SECStatus rv = SECSuccess;
- PRIntervalTime time1, time2;
- int i;
- if (!info->hash) return SECFailure;
- if (info->multihash) return sha1_multi_test(info);
- if (info->in.len == 0) {
- rv = get_and_write_random_bytes(&info->in, info->bufsize, "tmp.pt");
- CHECKERROR(rv, __LINE__);
- }
- info->out.len = SHA1_LENGTH;
- info->out.data = (unsigned char *)PORT_ZAlloc(info->out.len);
- info->in.data[info->in.len] = '\0';
- TIMESTART();
- for (i=info->repetitions; i>0; i--) {
- SHA1_Begin(cx);
- SHA1_Update(cx, info->in.data, info->in.len);
- SHA1_End(cx, info->out.data, &len, SHA1_LENGTH);
- }
- TIMEFINISH("SHA1 HASH", info->in.len);
- SHA1_DestroyContext(cx, PR_TRUE);
- return rv;
-}
-
-typedef SECStatus (* blapitestCryptoFn)(blapitestInfo *);
-
-static blapitestCryptoFn crypto_fns[] =
-{
- des_ecb_test,
- des_cbc_test,
- des_ede_ecb_test,
- des_ede_cbc_test,
- rc2_ecb_test,
- rc2_cbc_test,
- rc4_test,
- rc5_ecb_test,
- rc5_cbc_test,
- rsa_test,
- NULL,
- pqg_test,
- dsa_test,
- NULL,
- md5_test,
- md2_test,
- sha1_test,
- NULL
-};
-
-static char *mode_strings[] =
-{
- "des_ecb",
- "des_cbc",
- "des3_ecb",
- "des3_cbc",
- "rc2_ecb",
- "rc2_cbc",
- "rc4",
- "rc5_ecb",
- "rc5_cbc",
- "rsa",
- "#endencrypt",
- "pqg",
- "dsa",
- "#endsign",
- "md5",
- "md2",
- "sha1",
- "#endhash"
-};
-
-static void
-printmodes(blapitestInfo *info)
-{
- int i = 0;
- char *mode = mode_strings[0];
- PR_fprintf(PR_STDERR, "Available modes: (specify with -m)\n", progName);
- while (mode[0] != '#') {
- if (info->encrypt || info->decrypt)
- fprintf(stderr, "%s\n", mode);
- mode = mode_strings[++i];
- }
- mode = mode_strings[++i];
- while (mode[0] != '#') {
- if (info->sign || info->verify)
- fprintf(stderr, "%s\n", mode);
- mode = mode_strings[++i];
- }
- mode = mode_strings[++i];
- while (mode[0] != '#') {
- if (info->hash)
- fprintf(stderr, "%s\n", mode);
- mode = mode_strings[++i];
- }
-}
-
-static blapitestCryptoFn
-get_test_mode(const char *modestring)
-{
- int i;
- int nummodes = sizeof(mode_strings) / sizeof(char *);
- for (i=0; i<nummodes; i++)
- if (PL_strcmp(modestring, mode_strings[i]) == 0)
- return crypto_fns[i];
- PR_fprintf(PR_STDERR, "%s: invalid mode: %s\n", progName, modestring);
- return NULL;
-}
-
-static void
-get_params(blapitestInfo *info, char *mode, int num)
-{
- SECItem *item;
- /* XXX
- * this should use NSPR, but the string functions (strchr and atoi)
- * barf when the commented code below is used.
- PRFileDesc *file;
- */
- FILE *file;
- char filename[32];
- char *mark, *param, *val;
- int index = 0;
- int len;
- sprintf(filename, "%s/tests/%s/params%d", testdir, mode, num);
- /*
- file = PR_Open(filename, PR_RDONLY, 00440);
- if (file)
- SECU_FileToItem(item, file);
- else
- return;
- param = (char *)item->data;
- */
- file = fopen(filename, "r");
- if (!file) return;
- param = malloc(100);
- len = fread(param, 1, 100, file);
- while (index < len) {
- mark = PL_strchr(param, '=');
- *mark = '\0';
- val = mark + 1;
- mark = PL_strchr(val, '\n');
- *mark = '\0';
- if (PL_strcmp(param, "rounds") == 0) {
- info->rounds = atoi(val);
- } else if (PL_strcmp(param, "wordsize") == 0) {
- info->wordsize = atoi(val);
- }
- index += PL_strlen(param) + PL_strlen(val) + 2;
- param = mark + 1;
- }
-}
-
-static SECStatus
-get_ascii_file_data(SECItem *item, char *mode, char *type, int num)
-{
- char filename[32];
- PRFileDesc *file;
- SECStatus rv;
- sprintf(filename, "%s/tests/%s/%s%d", testdir, mode, type, num);
- file = PR_Open(filename, PR_RDONLY, 00440);
- if (file) {
- rv = SECU_FileToItem(item, file);
- } else {
- /* Not a failure if "mode" does not need "type". */
- return SECSuccess;
- }
- if ((PL_strcmp(mode, "rsa") == 0 || PL_strcmp(mode, "dsa") == 0) &&
- PL_strcmp(type, "key") == 0)
- atob(SECITEM_DupItem(item), item);
- /* remove a trailing newline, else byte count will be wrong */
- if (item->data[item->len-1] == '\n')
- item->len--;
- PR_Close(file);
- return rv;
-}
-
-static SECStatus
-blapi_selftest(char **modesToTest, int numModesToTest)
-{
- blapitestCryptoFn cryptofn;
- blapitestInfo info;
- SECItem output, asciiOut, item, inpCopy;
- SECStatus rv;
- char filename[32];
- PRFileDesc *file;
- char *mode;
- int i, j, nummodes;
-
- PORT_Memset(&info, 0, sizeof(info));
- info.repetitions = 1;
- info.useseed = PR_TRUE;
- info.usesigseed = PR_TRUE;
- if (modesToTest) {
- /* user gave a list of modes to test */
- nummodes = numModesToTest;
- } else {
- /* test all modes */
- nummodes = sizeof(mode_strings) / sizeof(char *);
- }
- for (i=0; i<nummodes; i++) {
- if (modesToTest) {
- mode = modesToTest[i];
- } else {
- mode = mode_strings[i];
- }
- /* skip pqg - nothing to do for self-test. */
- if (PL_strcmp(mode, "pqg") == 0)
- continue;
- cryptofn = get_test_mode(mode);
- if (mode[0] == '#') continue;
- /* get the number of tests in the directory */
- sprintf(filename, "%s/tests/%s/%s", testdir, mode, "numtests");
- file = PR_Open(filename, PR_RDONLY, 00440);
- if (!file) {
- fprintf(stderr, "File %s does not exist.\n", filename);
- return SECFailure;
- }
- rv = SECU_FileToItem(&item, file);
- PR_Close(file);
- /* loop over the tests in the directory */
- for (j=0; j<(int)(item.data[0] - '0'); j++) {
- rv = get_ascii_file_data(&info.key, mode, "key", j);
- rv = get_ascii_file_data(&info.iv, mode, "iv", j);
- rv = get_ascii_file_data(&info.in, mode, "plaintext", j);
- rv = get_ascii_file_data(&info.seed, mode, "keyseed", j);
- rv = get_ascii_file_data(&info.sigseed, mode, "sigseed", j);
- SECITEM_CopyItem(NULL, &inpCopy, &info.in);
- get_params(&info, mode, j);
- sprintf(filename, "%s/tests/%s/%s%d", testdir, mode,
- "ciphertext", j);
- file = PR_Open(filename, PR_RDONLY, 00440);
- rv = SECU_FileToItem(&asciiOut, file);
- PR_Close(file);
- rv = atob(&asciiOut, &output);
- info.encrypt = info.hash = info.sign = PR_TRUE;
- (*cryptofn)(&info);
- if (SECITEM_CompareItem(&output, &info.out) != 0) {
- printf("encrypt self-test for %s failed!\n", mode);
- } else {
- printf("encrypt self-test for %s passed.\n", mode);
- }
- info.encrypt = info.hash = info.sign = PR_FALSE;
- info.decrypt = info.verify = PR_TRUE;
- if (PL_strcmp(mode, "dsa") == 0) {
- rv = (*cryptofn)(&info);
- if (rv == SECSuccess) {
- printf("signature self-test for %s passed.\n", mode);
- } else {
- printf("signature self-test for %s failed!\n", mode);
- }
- } else {
- SECITEM_ZfreeItem(&info.in, PR_FALSE);
- SECITEM_ZfreeItem(&info.out, PR_FALSE);
- SECITEM_CopyItem(NULL, &info.in, &output);
- info.out.len = 0;
- rv = (*cryptofn)(&info);
- if (rv == SECSuccess) {
- if (SECITEM_CompareItem(&inpCopy, &info.out) != 0) {
- printf("decrypt self-test for %s failed!\n", mode);
- } else {
- printf("decrypt self-test for %s passed.\n", mode);
- }
- }
- }
- }
- }
- return SECSuccess;
-}
-
-static SECStatus
-get_file_data(char *filename, SECItem *item, PRBool b64)
-{
- SECStatus rv = SECSuccess;
- PRFileDesc *file = PR_Open(filename, PR_RDONLY, 006600);
- if (file) {
- SECItem asciiItem;
- rv = SECU_FileToItem(&asciiItem, file);
- CHECKERROR(rv, __LINE__);
- if (b64) {
- rv = atob(&asciiItem, item);
- } else {
- SECITEM_CopyItem(NULL, item, &asciiItem);
- if (item->data[item->len-1] == '\n')
- item->len--;
- }
- CHECKERROR(rv, __LINE__);
- PR_Close(file);
- }
- return rv;
-}
-
-SECStatus
-dump_file(char *mode, char *filename)
-{
- SECItem item;
- if (PL_strcmp(mode, "rsa") == 0) {
- } else if (PL_strcmp(mode, "pqg") == 0) {
- PQGParams *pqg;
- get_file_data(filename, &item, PR_TRUE);
- pqg = pqg_from_filedata(&item);
- dump_pqg(pqg);
- } else if (PL_strcmp(mode, "dsa") == 0) {
- DSAPrivateKey *key;
- get_file_data(filename, &item, PR_TRUE);
- key = dsakey_from_filedata(&item);
- dump_dsakey(key);
- }
- return SECFailure;
-}
-
-int main(int argc, char **argv)
-{
- char *infile, *outfile, *keyfile, *ivfile, *sigfile, *seedfile,
- *sigseedfile, *pqgfile;
- PRBool b64 = PR_TRUE;
- blapitestInfo info;
- blapitestCryptoFn cryptofn = NULL;
- PLOptState *optstate;
- PLOptStatus status;
- PRBool dofips = PR_FALSE;
- PRBool doselftest = PR_FALSE;
- PRBool zerobuffer = PR_FALSE;
- char *dumpfile = NULL;
- char *mode = NULL;
- char *modesToTest[20];
- int numModesToTest = 0;
- SECStatus rv;
-
- PORT_Memset(&info, 0, sizeof(info));
- info.bufsize = 8;
- info.keysize = DES_KEY_LENGTH;
- info.rsapubexp = 17;
- info.rounds = 10;
- info.wordsize = 4;
- infile=outfile=keyfile=pqgfile=ivfile=sigfile=seedfile=sigseedfile=NULL;
- info.repetitions = 1;
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
- optstate = PL_CreateOptState(argc, argv,
- "DEFHP:STVab:d:ce:g:j:i:o:p:k:m:t:qr:s:v:w:xyz:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'D': info.decrypt = PR_TRUE; break;
- case 'E': info.encrypt = PR_TRUE; break;
- case 'F': dofips = PR_TRUE; break;
- case 'H': info.hash = PR_TRUE; break;
- case 'P': dumpfile = PL_strdup(optstate->value); break;
- case 'S': info.sign = PR_TRUE; break;
- case 'T': doselftest = PR_TRUE; break;
- case 'V': info.verify = PR_TRUE; break;
- case 'a': b64 = PR_FALSE; break;
- case 'b': info.bufsize = PORT_Atoi(optstate->value); break;
- case 'c': info.multihash = PR_TRUE; break;
- case 'd': testdir = PL_strdup(optstate->value); break;
- case 'e': info.rsapubexp = PORT_Atoi(optstate->value); break;
- case 'g': info.keysize = PORT_Atoi(optstate->value); break;
- case 'i': infile = PL_strdup(optstate->value); break;
- case 'j': pqgfile = PL_strdup(optstate->value); break;
- case 'k': keyfile = PL_strdup(optstate->value); break;
- case 'm': cryptofn = get_test_mode(optstate->value);
- mode = PL_strdup(optstate->value);
- break;
- case 'o': outfile = PL_strdup(optstate->value); break;
- case 'p': info.performance = PR_TRUE;
- info.repetitions = PORT_Atoi(optstate->value);
- break;
- case 'q': zerobuffer = PR_TRUE; break;
- case 'r': info.rounds = PORT_Atoi(optstate->value); break;
- case 's': sigfile = PL_strdup(optstate->value); break;
- case 't': sigseedfile = PL_strdup(optstate->value); break;
- case 'v': ivfile = PL_strdup(optstate->value); break;
- case 'w': info.wordsize = PORT_Atoi(optstate->value); break;
- case 'x': info.useseed = PR_TRUE; break;
- case 'y': info.usesigseed = PR_TRUE; break;
- case 'z': seedfile = PL_strdup(optstate->value); break;
- case '\0': if (optstate->value[0] != '-')
- modesToTest[numModesToTest++] =
- PL_strdup(optstate->value);
- break;
- default: break;
- }
- }
-
- if (dumpfile)
- return dump_file(mode, dumpfile);
-
- if (doselftest) {
- if (numModesToTest > 0) {
- return blapi_selftest(modesToTest, numModesToTest);
- } else {
- return blapi_selftest(NULL, 0);
- }
- }
-
- if (dofips) {
- CK_RV foo = pk11_fipsPowerUpSelfTest();
- PR_fprintf(PR_STDOUT, "CK_RV: %d.\n", foo);
- return 0;
- }
-
- if (!info.encrypt && !info.decrypt && !info.hash &&
- !info.sign && !info.verify)
- Usage();
-
- if (!cryptofn) {
- printmodes(&info);
- return -1;
- }
-
- if (info.decrypt && !infile)
- Usage();
-
- if (info.performance) {
- char buf[256];
- PRStatus stat;
- stat = PR_GetSystemInfo(PR_SI_HOSTNAME, buf, sizeof(buf));
- printf("HOST: %s\n", buf);
- stat = PR_GetSystemInfo(PR_SI_SYSNAME, buf, sizeof(buf));
- printf("SYSTEM: %s\n", buf);
- stat = PR_GetSystemInfo(PR_SI_RELEASE, buf, sizeof(buf));
- printf("RELEASE: %s\n", buf);
- stat = PR_GetSystemInfo(PR_SI_ARCHITECTURE, buf, sizeof(buf));
- printf("ARCH: %s\n", buf);
- }
-
- RNG_RNGInit();
-
- if (keyfile) {
- /* RSA and DSA keys are always b64 encoded. */
- if (b64 || PL_strcmp(mode,"rsa")==0 || PL_strcmp(mode,"dsa")==0)
- get_file_data(keyfile, &info.key, PR_TRUE);
- else
- get_file_data(keyfile, &info.key, b64);
- }
- if (ivfile)
- get_file_data(ivfile, &info.iv, b64);
- if (infile)
- get_file_data(infile, &info.in, b64);
- if (sigfile)
- get_file_data(sigfile, &info.out, PR_TRUE);
- if (seedfile) {
- get_file_data(seedfile, &info.seed, b64);
- info.useseed = PR_TRUE;
- }
- if (sigseedfile) {
- get_file_data(sigseedfile, &info.sigseed, b64);
- info.usesigseed = PR_TRUE;
- }
- if (pqgfile)
- get_file_data(pqgfile, &info.pqg, PR_TRUE);
-
- if (zerobuffer) {
- PRFileDesc *ifile;
- info.in.len = info.bufsize;
- info.in.data = PORT_ZAlloc(info.in.len);
- ifile = PR_Open("tmp.pt", PR_WRONLY|PR_CREATE_FILE, 00660);
- rv = btoa_file(&info.in, ifile);
- CHECKERROR((rv < 0), __LINE__);
- PR_Close(ifile);
- }
-
- rv = (*cryptofn)(&info);
- CHECKERROR(rv, __LINE__);
-
- if (!sigfile && info.out.len > 0) {
- PRFileDesc *ofile;
- if (!outfile)
- ofile = PR_Open("tmp.out", PR_WRONLY|PR_CREATE_FILE, 00660);
- else
- ofile = PR_Open(outfile, PR_WRONLY|PR_CREATE_FILE, 00660);
- rv = btoa_file(&info.out, ofile);
- PR_Close(ofile);
- CHECKERROR((rv < 0), __LINE__);
- }
-
- RNG_RNGShutdown();
-
- return SECSuccess;
-}
diff --git a/security/nss/cmd/bltest/manifest.mn b/security/nss/cmd/bltest/manifest.mn
deleted file mode 100644
index ad31bb961..000000000
--- a/security/nss/cmd/bltest/manifest.mn
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-REQUIRES = seccmd dbm
-
-PROGRAM = bltest
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- $(NULL)
-
-CSRCS = \
- blapitest.c \
- $(NULL)
-
diff --git a/security/nss/cmd/bltest/tests/README b/security/nss/cmd/bltest/tests/README
deleted file mode 100644
index 998639aee..000000000
--- a/security/nss/cmd/bltest/tests/README
+++ /dev/null
@@ -1,26 +0,0 @@
-This directory contains a set of tests for each cipher supported by BLAPI. Each subdirectory contains known plaintext and ciphertext pairs (and keys and/or iv's if needed). The tests can be run as a full set with:
-bltest -T
-or as subsets, for example:
-bltest -T des_ecb rc2 rsa
-
-In each subdirectory, the plaintext, key, and iv are ascii, and treated as such. The ciphertext is base64-encoded to avoid the hassle of binary files.
-
-To add a test, incremement the value in the numtests file. Create a plaintext, key, and iv file, such that the name of the file is incrememted one from the last set of tests. For example, if you are adding the second test, put your data in files named plaintext1, key1, and iv1 (ignoring key and iv if they are not needed, of course). Make sure your key and iv are the correct number of bytes for your cipher (a trailing \n is okay, but any other trailing bytes will be used!). Once you have your input data, create output data by running bltest on a trusted implementation. For example, for a new DES ECB test, run
-bltest -E -m des_ecb -i plaintext1 -k key1 -o ciphertext1 -a
-in the tests/des_ecb directory. Then run
-bltest -T des_ecb
-from the cmd/bltest directory in the tree of the implementation you want to test.
-
-Note that the -a option above is important, it tells bltest to expect the input to be straight ASCII, and not base64 encoded binary!
-
-Special cases:
-
-RC5:
-RC5 can take additional parameters, the number of rounds to perform and the wordsize to use. The number of rounds is between is between 0 and 255, and the wordsize is either is either 16, 32, or 64 bits (at this time only 32-bit is supported). These parameters are specified in a paramsN file, where N is an index as above. The format of the file is "rounds=R\nwordsize=W\n".
-
-public key modes (RSA and DSA):
-Asymmetric key ciphers use keys with special properties, so creating a key file with "Mozilla!" in it will not get you very far! To create a public key, run bltest with the plaintext you want to encrypt, using a trusted implementation. bltest will generate a key and store it in "tmp.key", rename that file to keyN. For example:
-bltest -E -m rsa -i plaintext0 -o ciphertext0 -e 65537 -g 32 -a
-mv tmp.key key0
-
-[note: specifying a keysize (-g) when using RSA is important!] \ No newline at end of file
diff --git a/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0
deleted file mode 100644
index b5b78e440..000000000
--- a/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-KV3MDNGKWOc=
diff --git a/security/nss/cmd/bltest/tests/des3_cbc/iv0 b/security/nss/cmd/bltest/tests/des3_cbc/iv0
deleted file mode 100644
index 97b5955f7..000000000
--- a/security/nss/cmd/bltest/tests/des3_cbc/iv0
+++ /dev/null
@@ -1 +0,0 @@
-12345678
diff --git a/security/nss/cmd/bltest/tests/des3_cbc/key0 b/security/nss/cmd/bltest/tests/des3_cbc/key0
deleted file mode 100644
index 588efd111..000000000
--- a/security/nss/cmd/bltest/tests/des3_cbc/key0
+++ /dev/null
@@ -1 +0,0 @@
-abcdefghijklmnopqrstuvwx
diff --git a/security/nss/cmd/bltest/tests/des3_cbc/numtests b/security/nss/cmd/bltest/tests/des3_cbc/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/des3_cbc/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/des3_cbc/plaintext0 b/security/nss/cmd/bltest/tests/des3_cbc/plaintext0
deleted file mode 100644
index 5513e438c..000000000
--- a/security/nss/cmd/bltest/tests/des3_cbc/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-Mozilla!
diff --git a/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0
deleted file mode 100644
index 7bdcde21d..000000000
--- a/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-RgckVNh4QcM=
diff --git a/security/nss/cmd/bltest/tests/des3_ecb/key0 b/security/nss/cmd/bltest/tests/des3_ecb/key0
deleted file mode 100644
index 588efd111..000000000
--- a/security/nss/cmd/bltest/tests/des3_ecb/key0
+++ /dev/null
@@ -1 +0,0 @@
-abcdefghijklmnopqrstuvwx
diff --git a/security/nss/cmd/bltest/tests/des3_ecb/numtests b/security/nss/cmd/bltest/tests/des3_ecb/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/des3_ecb/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/des3_ecb/plaintext0 b/security/nss/cmd/bltest/tests/des3_ecb/plaintext0
deleted file mode 100644
index 5513e438c..000000000
--- a/security/nss/cmd/bltest/tests/des3_ecb/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-Mozilla!
diff --git a/security/nss/cmd/bltest/tests/des_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/des_cbc/ciphertext0
deleted file mode 100644
index 56acfeeaf..000000000
--- a/security/nss/cmd/bltest/tests/des_cbc/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-Perdg9FMYQ4=
diff --git a/security/nss/cmd/bltest/tests/des_cbc/iv0 b/security/nss/cmd/bltest/tests/des_cbc/iv0
deleted file mode 100644
index 97b5955f7..000000000
--- a/security/nss/cmd/bltest/tests/des_cbc/iv0
+++ /dev/null
@@ -1 +0,0 @@
-12345678
diff --git a/security/nss/cmd/bltest/tests/des_cbc/key0 b/security/nss/cmd/bltest/tests/des_cbc/key0
deleted file mode 100644
index 65513c116..000000000
--- a/security/nss/cmd/bltest/tests/des_cbc/key0
+++ /dev/null
@@ -1 +0,0 @@
-zyxwvuts
diff --git a/security/nss/cmd/bltest/tests/des_cbc/numtests b/security/nss/cmd/bltest/tests/des_cbc/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/des_cbc/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/des_cbc/plaintext0 b/security/nss/cmd/bltest/tests/des_cbc/plaintext0
deleted file mode 100644
index 5513e438c..000000000
--- a/security/nss/cmd/bltest/tests/des_cbc/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-Mozilla!
diff --git a/security/nss/cmd/bltest/tests/des_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/des_ecb/ciphertext0
deleted file mode 100644
index 86ed115a1..000000000
--- a/security/nss/cmd/bltest/tests/des_ecb/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-3bNoWzzNiFc=
diff --git a/security/nss/cmd/bltest/tests/des_ecb/key0 b/security/nss/cmd/bltest/tests/des_ecb/key0
deleted file mode 100644
index 65513c116..000000000
--- a/security/nss/cmd/bltest/tests/des_ecb/key0
+++ /dev/null
@@ -1 +0,0 @@
-zyxwvuts
diff --git a/security/nss/cmd/bltest/tests/des_ecb/numtests b/security/nss/cmd/bltest/tests/des_ecb/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/des_ecb/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/des_ecb/plaintext0 b/security/nss/cmd/bltest/tests/des_ecb/plaintext0
deleted file mode 100644
index 5513e438c..000000000
--- a/security/nss/cmd/bltest/tests/des_ecb/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-Mozilla!
diff --git a/security/nss/cmd/bltest/tests/dsa/ciphertext0 b/security/nss/cmd/bltest/tests/dsa/ciphertext0
deleted file mode 100644
index 784581fae..000000000
--- a/security/nss/cmd/bltest/tests/dsa/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-gG8blX+paEQhO6vfYbOJTk8VnulxdWZwl4q2LG+QZuxFMOmuKedJ0g==
diff --git a/security/nss/cmd/bltest/tests/dsa/key0 b/security/nss/cmd/bltest/tests/dsa/key0
deleted file mode 100644
index ce4aab925..000000000
--- a/security/nss/cmd/bltest/tests/dsa/key0
+++ /dev/null
@@ -1,6 +0,0 @@
-AAAAQPMqxsvVL4Wyzr79fr0/61V0IbRwQ+KdFgP1rdaCzTmh+zMXOL47dBC5sL2v
-0df+bpOitrFZeiLchi6Mc+wpjREAAAAUmMYJXJpQuVvoX782XJeR1RiGRo0AAABA
-gwPAlkPOf8Mm/ZhKhzxu/IJv5QPsFmV6cZsASJmYlgty3gIheyB+V/H0rTmSgTTu
-jgqFjPhwEkCDVKV8ciuQ/QAAAEEAqfgFS3p3KP86A9LIzJBVTIwsV7xB6dp1J6w5
-070lCOfMWQYFR2jx8SxDWsar9SfNTNx4TKJPHLpd278pJ4J2tAAAABQyMC1ieXRl
-IHNlZWQgZm9yIGtleQ==
diff --git a/security/nss/cmd/bltest/tests/dsa/keyseed0 b/security/nss/cmd/bltest/tests/dsa/keyseed0
deleted file mode 100644
index c90af8bb7..000000000
--- a/security/nss/cmd/bltest/tests/dsa/keyseed0
+++ /dev/null
@@ -1 +0,0 @@
-20-byte seed for key
diff --git a/security/nss/cmd/bltest/tests/dsa/numtests b/security/nss/cmd/bltest/tests/dsa/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/dsa/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/dsa/plaintext0 b/security/nss/cmd/bltest/tests/dsa/plaintext0
deleted file mode 100644
index 8b561c5b7..000000000
--- a/security/nss/cmd/bltest/tests/dsa/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-Buffer to sign w/DSA
diff --git a/security/nss/cmd/bltest/tests/dsa/pqg0 b/security/nss/cmd/bltest/tests/dsa/pqg0
deleted file mode 100644
index a6459738f..000000000
--- a/security/nss/cmd/bltest/tests/dsa/pqg0
+++ /dev/null
@@ -1,4 +0,0 @@
-AAAAQPMqxsvVL4Wyzr79fr0/61V0IbRwQ+KdFgP1rdaCzTmh+zMXOL47dBC5sL2v
-0df+bpOitrFZeiLchi6Mc+wpjREAAAAUmMYJXJpQuVvoX782XJeR1RiGRo0AAABA
-gwPAlkPOf8Mm/ZhKhzxu/IJv5QPsFmV6cZsASJmYlgty3gIheyB+V/H0rTmSgTTu
-jgqFjPhwEkCDVKV8ciuQ/Q==
diff --git a/security/nss/cmd/bltest/tests/dsa/sigseed0 b/security/nss/cmd/bltest/tests/dsa/sigseed0
deleted file mode 100644
index 45f7e2421..000000000
--- a/security/nss/cmd/bltest/tests/dsa/sigseed0
+++ /dev/null
@@ -1 +0,0 @@
-20-byte seed for sig
diff --git a/security/nss/cmd/bltest/tests/md2/ciphertext0 b/security/nss/cmd/bltest/tests/md2/ciphertext0
deleted file mode 100644
index 0b7bc262f..000000000
--- a/security/nss/cmd/bltest/tests/md2/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-CS/UNcrWhB5Knt7Gf8Tz3Q==
diff --git a/security/nss/cmd/bltest/tests/md2/numtests b/security/nss/cmd/bltest/tests/md2/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/md2/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/md2/plaintext0 b/security/nss/cmd/bltest/tests/md2/plaintext0
deleted file mode 100644
index dce2994ba..000000000
--- a/security/nss/cmd/bltest/tests/md2/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-16-bytes to MD2.
diff --git a/security/nss/cmd/bltest/tests/md5/ciphertext0 b/security/nss/cmd/bltest/tests/md5/ciphertext0
deleted file mode 100644
index 7bb485d01..000000000
--- a/security/nss/cmd/bltest/tests/md5/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-XN8lnQuWAiMqmSGfvd8Hdw==
diff --git a/security/nss/cmd/bltest/tests/md5/numtests b/security/nss/cmd/bltest/tests/md5/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/md5/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/md5/plaintext0 b/security/nss/cmd/bltest/tests/md5/plaintext0
deleted file mode 100644
index 5ae3875e2..000000000
--- a/security/nss/cmd/bltest/tests/md5/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-63-byte input to MD5 can be a bit tricky, but no problems here.
diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0
deleted file mode 100644
index 91ddac381..000000000
--- a/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-3ki6eVsWpY8=
diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/iv0 b/security/nss/cmd/bltest/tests/rc2_cbc/iv0
deleted file mode 100644
index 97b5955f7..000000000
--- a/security/nss/cmd/bltest/tests/rc2_cbc/iv0
+++ /dev/null
@@ -1 +0,0 @@
-12345678
diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/key0 b/security/nss/cmd/bltest/tests/rc2_cbc/key0
deleted file mode 100644
index 65513c116..000000000
--- a/security/nss/cmd/bltest/tests/rc2_cbc/key0
+++ /dev/null
@@ -1 +0,0 @@
-zyxwvuts
diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/numtests b/security/nss/cmd/bltest/tests/rc2_cbc/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/rc2_cbc/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0 b/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0
deleted file mode 100644
index 5513e438c..000000000
--- a/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-Mozilla!
diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0
deleted file mode 100644
index c569f4dbd..000000000
--- a/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-WT+tc4fANhQ=
diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/key0 b/security/nss/cmd/bltest/tests/rc2_ecb/key0
deleted file mode 100644
index 65513c116..000000000
--- a/security/nss/cmd/bltest/tests/rc2_ecb/key0
+++ /dev/null
@@ -1 +0,0 @@
-zyxwvuts
diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/numtests b/security/nss/cmd/bltest/tests/rc2_ecb/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/rc2_ecb/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0 b/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0
deleted file mode 100644
index 5513e438c..000000000
--- a/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-Mozilla!
diff --git a/security/nss/cmd/bltest/tests/rc4/ciphertext0 b/security/nss/cmd/bltest/tests/rc4/ciphertext0
deleted file mode 100644
index e0c2147dc..000000000
--- a/security/nss/cmd/bltest/tests/rc4/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-34sTZJtr20k=
diff --git a/security/nss/cmd/bltest/tests/rc4/ciphertext1 b/security/nss/cmd/bltest/tests/rc4/ciphertext1
deleted file mode 100644
index 21e0026fa..000000000
--- a/security/nss/cmd/bltest/tests/rc4/ciphertext1
+++ /dev/null
@@ -1 +0,0 @@
-34sTZJtr20nGP6VxS3BIBxxIYm6QGIa1rehFHn51z9M=
diff --git a/security/nss/cmd/bltest/tests/rc4/key0 b/security/nss/cmd/bltest/tests/rc4/key0
deleted file mode 100644
index 65513c116..000000000
--- a/security/nss/cmd/bltest/tests/rc4/key0
+++ /dev/null
@@ -1 +0,0 @@
-zyxwvuts
diff --git a/security/nss/cmd/bltest/tests/rc4/key1 b/security/nss/cmd/bltest/tests/rc4/key1
deleted file mode 100644
index 65513c116..000000000
--- a/security/nss/cmd/bltest/tests/rc4/key1
+++ /dev/null
@@ -1 +0,0 @@
-zyxwvuts
diff --git a/security/nss/cmd/bltest/tests/rc4/numtests b/security/nss/cmd/bltest/tests/rc4/numtests
deleted file mode 100644
index 0cfbf0888..000000000
--- a/security/nss/cmd/bltest/tests/rc4/numtests
+++ /dev/null
@@ -1 +0,0 @@
-2
diff --git a/security/nss/cmd/bltest/tests/rc4/plaintext0 b/security/nss/cmd/bltest/tests/rc4/plaintext0
deleted file mode 100644
index 5513e438c..000000000
--- a/security/nss/cmd/bltest/tests/rc4/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-Mozilla!
diff --git a/security/nss/cmd/bltest/tests/rc4/plaintext1 b/security/nss/cmd/bltest/tests/rc4/plaintext1
deleted file mode 100644
index d41abc7b8..000000000
--- a/security/nss/cmd/bltest/tests/rc4/plaintext1
+++ /dev/null
@@ -1 +0,0 @@
-Mozilla!Mozilla!Mozilla!Mozilla!
diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0
deleted file mode 100644
index 2c5ae7e44..000000000
--- a/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-qsv4Fn2J6d0=
diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/iv0 b/security/nss/cmd/bltest/tests/rc5_cbc/iv0
deleted file mode 100644
index 97b5955f7..000000000
--- a/security/nss/cmd/bltest/tests/rc5_cbc/iv0
+++ /dev/null
@@ -1 +0,0 @@
-12345678
diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/key0 b/security/nss/cmd/bltest/tests/rc5_cbc/key0
deleted file mode 100644
index 65513c116..000000000
--- a/security/nss/cmd/bltest/tests/rc5_cbc/key0
+++ /dev/null
@@ -1 +0,0 @@
-zyxwvuts
diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/numtests b/security/nss/cmd/bltest/tests/rc5_cbc/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/rc5_cbc/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/params0 b/security/nss/cmd/bltest/tests/rc5_cbc/params0
deleted file mode 100644
index d68e0362d..000000000
--- a/security/nss/cmd/bltest/tests/rc5_cbc/params0
+++ /dev/null
@@ -1,2 +0,0 @@
-rounds=10
-wordsize=4
diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0 b/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0
deleted file mode 100644
index 5513e438c..000000000
--- a/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-Mozilla!
diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0
deleted file mode 100644
index 67c88bc8a..000000000
--- a/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-4ZKK/1v5Ohc=
diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/key0 b/security/nss/cmd/bltest/tests/rc5_ecb/key0
deleted file mode 100644
index 65513c116..000000000
--- a/security/nss/cmd/bltest/tests/rc5_ecb/key0
+++ /dev/null
@@ -1 +0,0 @@
-zyxwvuts
diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/numtests b/security/nss/cmd/bltest/tests/rc5_ecb/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/rc5_ecb/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/params0 b/security/nss/cmd/bltest/tests/rc5_ecb/params0
deleted file mode 100644
index d68e0362d..000000000
--- a/security/nss/cmd/bltest/tests/rc5_ecb/params0
+++ /dev/null
@@ -1,2 +0,0 @@
-rounds=10
-wordsize=4
diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0 b/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0
deleted file mode 100644
index 5513e438c..000000000
--- a/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-Mozilla!
diff --git a/security/nss/cmd/bltest/tests/rsa/ciphertext0 b/security/nss/cmd/bltest/tests/rsa/ciphertext0
deleted file mode 100644
index e6357efd7..000000000
--- a/security/nss/cmd/bltest/tests/rsa/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-qPVrXv0y3SC5rY44bIi6GE4Aec8uDpHH7/cCg0FU5as=
diff --git a/security/nss/cmd/bltest/tests/rsa/key0 b/security/nss/cmd/bltest/tests/rsa/key0
deleted file mode 100644
index 1352fe986..000000000
--- a/security/nss/cmd/bltest/tests/rsa/key0
+++ /dev/null
@@ -1,4 +0,0 @@
-AAAAAAAAACC5lyu2K2ro8YGnvOCKaL1sFX1HEIblIVbuMXsa8oeFSwAAAAERAAAA
-IBXVjKwFG6LvPG4WOIjBBzmxGNpkQwDs3W5qZcXVzqahAAAAEOEOH/WnhZCJyM39
-oNfhf18AAAAQ0xvmxqXXs3L62xxogUl9lQAAABAaeiHgqkvy4wiQtG1Gkv/tAAAA
-EMaw2TNu6SFdKFXAYluQdjEAAAAQi0u+IlgKCt/hatGAsTrfzQ==
diff --git a/security/nss/cmd/bltest/tests/rsa/numtests b/security/nss/cmd/bltest/tests/rsa/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/rsa/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/rsa/plaintext0 b/security/nss/cmd/bltest/tests/rsa/plaintext0
deleted file mode 100644
index d915bc88c..000000000
--- a/security/nss/cmd/bltest/tests/rsa/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-512bitsforRSAPublicKeyEncryption
diff --git a/security/nss/cmd/bltest/tests/sha1/ciphertext0 b/security/nss/cmd/bltest/tests/sha1/ciphertext0
deleted file mode 100644
index a33d020cd..000000000
--- a/security/nss/cmd/bltest/tests/sha1/ciphertext0
+++ /dev/null
@@ -1 +0,0 @@
-cDSMAygXMPIJZC5bntZ4ZhecQ9g=
diff --git a/security/nss/cmd/bltest/tests/sha1/numtests b/security/nss/cmd/bltest/tests/sha1/numtests
deleted file mode 100644
index d00491fd7..000000000
--- a/security/nss/cmd/bltest/tests/sha1/numtests
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/security/nss/cmd/bltest/tests/sha1/plaintext0 b/security/nss/cmd/bltest/tests/sha1/plaintext0
deleted file mode 100644
index 863e79c65..000000000
--- a/security/nss/cmd/bltest/tests/sha1/plaintext0
+++ /dev/null
@@ -1 +0,0 @@
-A cage went in search of a bird.
diff --git a/security/nss/cmd/btoa/Makefile b/security/nss/cmd/btoa/Makefile
deleted file mode 100644
index 763faa253..000000000
--- a/security/nss/cmd/btoa/Makefile
+++ /dev/null
@@ -1,75 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/btoa/btoa.c b/security/nss/cmd/btoa/btoa.c
deleted file mode 100644
index 009004a01..000000000
--- a/security/nss/cmd/btoa/btoa.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "plgetopt.h"
-#include "secutil.h"
-#include "nssb64.h"
-
-#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
-#if !defined(WIN32)
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
-extern int fprintf(FILE *, char *, ...);
-#endif
-#endif
-
-#if defined(WIN32)
-#include "fcntl.h"
-#include "io.h"
-#endif
-
-static PRInt32
-output_ascii (void *arg, const char *obuf, PRInt32 size)
-{
- FILE *outFile = arg;
- int nb;
-
- nb = fwrite(obuf, 1, size, outFile);
- if (nb != size) {
- PORT_SetError(SEC_ERROR_IO);
- return -1;
- }
-
- return nb;
-}
-
-static SECStatus
-encode_file(FILE *outFile, FILE *inFile)
-{
- NSSBase64Encoder *cx;
- int nb;
- SECStatus status = SECFailure;
- unsigned char ibuf[4096];
-
- cx = NSSBase64Encoder_Create(output_ascii, outFile);
- if (!cx) {
- return -1;
- }
-
- for (;;) {
- if (feof(inFile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb != sizeof(ibuf)) {
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- goto loser;
- }
- /* eof */
- break;
- }
- }
-
- status = NSSBase64Encoder_Update(cx, ibuf, nb);
- if (status != SECSuccess) goto loser;
- }
-
- status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
- if (status != SECSuccess)
- return status;
-
- /*
- * Add a trailing CRLF. Note this must be done *after* the call
- * to Destroy above (because only then are we sure all data has
- * been written out).
- */
- fwrite("\r\n", 1, 2, outFile);
- return SECSuccess;
-
- loser:
- (void) NSSBase64Encoder_Destroy(cx, PR_TRUE);
- return status;
-}
-
-static void Usage(char *progName)
-{
- fprintf(stderr,
- "Usage: %s [-i input] [-o output]\n",
- progName);
- fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
- fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
- exit(-1);
-}
-
-int main(int argc, char **argv)
-{
- char *progName;
- SECStatus rv;
- FILE *inFile, *outFile;
- PLOptState *optstate;
- PLOptStatus status;
-
- inFile = 0;
- outFile = 0;
- progName = strrchr(argv[0], '/');
- if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
-
- /* Parse command line arguments */
- optstate = PL_CreateOptState(argc, argv, "i:o:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- default:
- Usage(progName);
- break;
-
- case 'i':
- inFile = fopen(optstate->value, "rb");
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
- }
- }
- if (status == PL_OPT_BAD)
- Usage(progName);
- if (!inFile) {
-#if defined(WIN32)
- /* If we're going to read binary data from stdin, we must put stdin
- ** into O_BINARY mode or else incoming \r\n's will become \n's.
- */
-
- int smrv = _setmode(_fileno(stdin), _O_BINARY);
- if (smrv == -1) {
- fprintf(stderr,
- "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
- progName);
- return smrv;
- }
-#endif
- inFile = stdin;
- }
- if (!outFile)
- outFile = stdout;
- rv = encode_file(outFile, inFile);
- if (rv != SECSuccess) {
- fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
- progName, PORT_GetError(), errno);
- return -1;
- }
- return 0;
-}
diff --git a/security/nss/cmd/btoa/makefile.win b/security/nss/cmd/btoa/makefile.win
deleted file mode 100644
index 28d3ee873..000000000
--- a/security/nss/cmd/btoa/makefile.win
+++ /dev/null
@@ -1,130 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-VERBOSE = 1
-include <manifest.mn>
-
-#cannot define PROGRAM in manifest compatibly with NT and UNIX
-PROGRAM = btoa
-PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
-include <$(DEPTH)\config\config.mak>
-
-# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
-# rules.mak will append C_OBJS onto OBJS.
-# OBJS = $(CSRCS:.c=.obj)
-
-# include files are looked for in $LINCS and $INCS.
-# $LINCS is in manifest.mnw, computed from REQUIRES=
-INCS = $(INCS) \
- -I$(DEPTH)/security/lib/cert \
- -I../include \
- $(NULL)
-
-IGNORE_ME = \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
- $(NULL)
-
-
-WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
-
-# these files are the content of libdbm
-DBM_LIB = \
- $(WINFE)/DB.obj \
- $(WINFE)/HASH.obj \
- $(WINFE)/H_BIGKEY.obj \
- $(WINFE)/H_PAGE.obj \
- $(WINFE)/H_LOG2.obj \
- $(WINFE)/H_FUNC.obj \
- $(WINFE)/HASH_BUF.obj \
- $(NULL)
-
-MOZ_LIBS = \
- $(WINFE)/ALLXPSTR.obj \
- $(WINFE)/XP_ERROR.obj \
- $(WINFE)/XPASSERT.obj \
- $(WINFE)/XP_REG.obj \
- $(WINFE)/XP_TRACE.obj \
- $(DBM_LIB) \
- $(WINFE)/XP_STR.obj \
- $(WINFE)/MKTEMP.obj \
- $(NULL)
-
-SEC_LIBS = \
- $(DIST)/lib/cert$(MOZ_BITS).lib \
- $(DIST)/lib/crypto$(MOZ_BITS).lib \
- $(DIST)/lib/hash$(MOZ_BITS).lib \
- $(DIST)/lib/key$(MOZ_BITS).lib \
- $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
- $(DIST)/lib/secmod$(MOZ_BITS).lib \
- $(DIST)/lib/secutl$(MOZ_BITS).lib \
- $(DIST)/lib/ssl$(MOZ_BITS).lib \
- $(NULL)
-
-LLFLAGS = $(LLFLAGS) \
- ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
- $(SEC_LIBS) \
- $(MOZ_LIBS) \
- $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
- $(LIBNSPR) \
- $(NULL)
-
-
-include <$(DEPTH)\config\rules.mak>
-
-INSTALL = $(MAKE_INSTALL)
-
-objs: $(OBJS)
-
-$(PROGRAM)::
- $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
-
-programs: $(PROGRAM)
-
-install:: $(TARGETS)
- $(INSTALL) $(TARGETS) $(DIST)/bin
-
-
-symbols:
- @echo "CSRCS = $(CSRCS)"
- @echo "INCS = $(INCS)"
- @echo "OBJS = $(OBJS)"
- @echo "LIBRARY = $(LIBRARY)"
- @echo "PROGRAM = $(PROGRAM)"
- @echo "TARGETS = $(TARGETS)"
- @echo "DIST = $(DIST)"
- @echo "VERSION_NUMBER = $(VERSION_NUMBER)"
- @echo "WINFE = $(WINFE)"
- @echo "DBM_LIB = $(DBM_LIB)"
- @echo "INSTALL = $(INSTALL)"
-
diff --git a/security/nss/cmd/btoa/manifest.mn b/security/nss/cmd/btoa/manifest.mn
deleted file mode 100644
index 8bbf6ee00..000000000
--- a/security/nss/cmd/btoa/manifest.mn
+++ /dev/null
@@ -1,49 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-# MODULE is implicitly REQUIRED, doesn't need to be listed below.
-REQUIRES = seccmd dbm
-
-DEFINES = -DNSPR20
-
-CSRCS = btoa.c
-
-PROGRAM = btoa
-
diff --git a/security/nss/cmd/certcgi/Makefile b/security/nss/cmd/certcgi/Makefile
deleted file mode 100644
index 573c12cac..000000000
--- a/security/nss/cmd/certcgi/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/certcgi/ca.html b/security/nss/cmd/certcgi/ca.html
deleted file mode 100644
index b9ffd8238..000000000
--- a/security/nss/cmd/certcgi/ca.html
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-
-<form method="post" name="ca_form" action="mailto:jerdonek@netscape.com">
-<input type="radio" name="caChoiceradio" value="SignWithDefaultkey"
- onClick="{parent.choice_change(this.form)}">
- Use the Cert-O-matic certificate to issue the cert</p>
-<input type="radio" name="caChoiceradio" value="SignWithRandomChain"
- onClick="{parent.choice_change(this.form)}"> Use a
- <input type="text" size="2" maxsize="2" name="autoCAs"> CA long
- automatically generated chain ending with the Cert-O-Matic Cert
- (18 maximum)</p>
-<input type="radio" name="caChoiceradio" value="SignWithSpecifiedChain"
- onClick="{parent.choice_change(this.form)}"> Use a
- <input type="text" size="1" maxlength="1" name="manCAs"
- onChange="{parent.ca_num_change(this.value,this.form)}"> CA long
- user input chain ending in the Cert-O-Matic Cert.</p>
-</form>
diff --git a/security/nss/cmd/certcgi/ca_form.html b/security/nss/cmd/certcgi/ca_form.html
deleted file mode 100644
index 6858903a6..000000000
--- a/security/nss/cmd/certcgi/ca_form.html
+++ /dev/null
@@ -1,385 +0,0 @@
-<html>
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
- <form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi">
- <table border=0 cellspacing=10 cellpadding=0>
- <tr>
- <td>
- Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p>
- </td>
- <td></td><td></td><td>
- Mail: </td><td><input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}"></p>
- RFC 1274<input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)">
- e-mail<input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)"></td>
- <tr>
- <td>
- Organization: </td><td> <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td>
- <td></td><td></td><td>
- Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td>
- <tr>
- <td>
- RFC 1274 UID: </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td>
- <td></td><td></td><td>
- Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td>
- <tr>
- <td>
- State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td>
- <td></td><td></td><td>
- Country: </td><td><input type="text" size="2" maxsize="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}"></p></td>
- </table>
- <table border=0 cellspacing=10 cellpadding=0>
- <tr>
- <td>
- Serial Number:</p>
- <DD>
- <input type="radio" name="serial" value="auto" checked> Auto Generate</P>
- <DD>
- <input type="radio" name="serial" value="input">
- Use this value: <input type="text" name="serial_value" size="8" maxlength="8"></p>
- </td>
- <td></td><td></td><td></td><td></td>
- <td>
- X.509 version:</p>
- <DD>
- <input type="radio" name="ver" value="1" checked> Version 1</p>
- <DD>
- <input type="radio" name="ver" value="3"> Version 3</P></td>
- <td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td>
- <td>
- Key Type:</p>
- <DD>
- <input type="radio" name="keyType" value="rsa" checked> RSA</p>
- <DD>
- <input type="radio" name="keyType" value="dsa"> DSA</P></td>
- </table>
- DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P>
- <Select name="keysize">
- <option>1024 (High Grade)
- <option>768 (Medium Grade)
- <option>512 (Low Grade)
- </select>
- </p>
- <hr>
- </p>
- <table border=1 cellspacing=5 cellpadding=5>
- <tr>
- <td>
- <b>Netscape Certificate Type: </b></p>
- Activate extension: <input type="checkbox" name="netscape-cert-type"></P>
- Critical: <input type="checkbox" name="netscape-cert-type-crit">
- <td>
- <input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P>
- <input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P>
- <input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P>
- <input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P>
- <input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P>
- <input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P>
- <input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P>
- <input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P>
- </tr>
- <tr>
- <td>
- <b>Netscape Base URL:</b></p>
- Activate extension: <input type="checkbox" name="netscape-base-url"></P>
- Critical: <input type="checkbox" name="netscape-base-url-crit">
- <td>
- <input type="text" name="netscape-base-url-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape Revocation URL:</b></p>
- Activate extension: <input type="checkbox" name="netscape-revocation-url"></P>
- Critical: <input type="checkbox" name="netscape-revocation-url-crit">
- <td>
- <input type="text" name="netscape-revocation-url-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape CA Revocation URL:</b></p>
- Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P>
- Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit">
- <td>
- <input type="text" name="netscape-ca-revocation-url-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape Certificate Renewal URL:</b></p>
- Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P>
- Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit">
- <td>
- <input type="text" name="netscape-cert-renewal-url-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape CA Policy URL:</b></p>
- Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P>
- Critical: <input type="checkbox" name="netscape-ca-policy-url-crit">
- <td>
- <input type="text" name="netscape-ca-policy-url-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape SSL Server Name:</b></p>
- Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P>
- Critical: <input type="checkbox" name="netscape-ssl-server-name-crit">
- <td>
- <input type="text" name="netscape-ssl-server-name-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape Comment:</b></p>
- Activate extension: <input type="checkbox" name="netscape-comment"></P>
- Critical: <input type="checkbox" name="netscape-comment-crit">
- <td>
- <textarea name="netscape-comment-text" rows="5" cols="50"></textarea>
- </tr>
- </table>
- </p>
- <hr>
- </p>
- <table border=1 cellspacing=5 cellpadding=5>
- <form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi">
- <tr>
- <td>
- <b>Key Usage: </b></p>
- Activate extension: <input type="checkbox" name="keyUsage"></P>
- Critical: <input type="checkbox" name="keyUsage-crit">
- <td>
- <input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P>
- <input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P>
- <input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P>
- <input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P>
- <input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P>
- <input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P>
- <input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P>
- </tr>
- <tr>
- <td>
- <b>Extended Key Usage: </b></p>
- Activate extension: <input type="checkbox" name="extKeyUsage"></P>
- Critical: <input type="checkbox" name="extKeyUsage-crit">
- <td>
- <input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P>
- <input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P>
- <input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P>
- <input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P>
- <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
- <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
- <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
- </tr>
- <tr>
- <td>
- <b>Basic Constraints:</b></p>
- Activate extension: <input type="checkbox" name="basicConstraints"></P>
- Critical: <input type="checkbox" name="basicConstraints-crit">
- <td>
- CA:</p>
- <dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p>
- <dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p>
- <input type="checkbox" name="basicConstraints-pathLengthConstraint">
- Include Path length: <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p>
- </tr>
- <tr>
- <td>
- <b>Authority Key Identifier:</b></p>
- Activate extension: <input type="checkbox" name="authorityKeyIdentifier">
- <td>
- <input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p>
- <input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p>
- </tr>
- <tr>
- <td>
- <b>Subject Key Identifier:</b></p>
- Activate extension: <input type="checkbox" name="subjectKeyIdentifier">
- <td>
- Key Identifier:
- <input type="text" name="subjectKeyIdentifier-text"></p>
- This is an:<p>
- <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p>
- <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p>
- </tr>
- <tr>
- <td>
- <b>Private Key Usage Period:</b></p>
- Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p>
- Critical: <input type="checkbox" name="privKeyUsagePeriod-crit">
- <td>
- Use:</p>
- <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p>
- <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p>
- <dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p>
- <b>Not to be used to sign before:</b></p>
- <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p>
- <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p>
- <dd><dd>(YYYY/MM/DD HH:MM:SS):
- <input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/
- <input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/
- <input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2">
- <input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">:
- <input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">:
- <input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p>
- <b>Not to be used to sign after:</b></p>
- <dd>(YYYY/MM/DD HH:MM:SS):
- <input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/
- <input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/
- <input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2">
- <input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">:
- <input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">:
- <input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p>
- </tr>
- <tr>
- <td>
- <b>Subject Alternative Name:</b></p>
- Activate extension: <input type="checkbox" name="SubAltName"></P>
- Critical: <input type="checkbox" name="SubAltName-crit">
- <td>
- <table>
- <tr>
- <td>
- General Names:</p>
- <select name="SubAltNameSelect" multiple size="10">
- </select></p></p>
- <input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}">
- <input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)">
- </td><td>
- <table><tr><td>
- Name Type: </td></tr><tr><td>
- <input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name,
- OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td>
- <input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td>
- <input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td>
- <input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td>
- <input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td>
- <input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td>
- <input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td>
- <input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td>
- <input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td>
- <input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr>
- </table>
- Name: <input type="text" name="SubAltNameText">
- Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p>
- </tr>
- </table>
- </tr>
-
-
- <tr>
- <td>
- <b>Issuer Alternative Name:</b></p>
- Activate extension: <input type="checkbox" name="IssuerAltName"></P>
- Critical: <input type="checkbox" name="IssuerAltName-crit">
- <td>
- <input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p>
- <input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name:
- <table>
- <tr>
- <td>
- General Names:</p>
- <select name="IssuerAltNameSelect" multiple size="10">
- </select></p></p>
- <input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}">
- <input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)">
- </td><td>
- <table><tr><td>
- Name Type: </td></tr><tr><td>
- <input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name,
- OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td>
- <input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td>
- <input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td>
- <input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td>
- <input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td>
- <input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td>
- <input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td>
- <input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td>
- <input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr>
- </table>
- Name: <input type="text" name="IssuerAltNameText">
- Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p>
- </tr>
- </table>
- </tr>
-
- <tr>
- <td>
- <b>Name Constraints:</b></p>
- Activate extension: <input type="checkbox" name="NameConstraints"></P>
- <td>
- <table>
- <tr>
- <td>
- Name Constraints:</p>
-
-
- <select name="NameConstraintSelect" multiple size="10">
- </select></p></p>
- <input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}">
- <input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)">
- </td><td>
- <table><tr><td>
- Name Type: </td></tr><tr><td>
- <input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name,
- OID: <input type="text" name="NameConstraintOtherNameOID" size="6"> </td><td>
- <input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td>
- <input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td>
- <input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td>
- <input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td>
- <input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td>
- <input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td>
- <input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td>
- <input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr>
- </table>
- Name: <input type="text" name="NameConstraintText">
- Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p>
- Constraint type:<p>
- <dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p>
- <dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p>
- Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p>
- Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p>
-
-
-
- </tr>
- </table>
- </tr>
- </table>
- </form>
-
-
-
-
-
-
-
-
-
-
diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c
deleted file mode 100644
index 1762f5b30..000000000
--- a/security/nss/cmd/certcgi/certcgi.c
+++ /dev/null
@@ -1,2460 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/* Cert-O-Matic CGI */
-
-
-#include "nspr.h"
-#include "prtypes.h"
-#include "prtime.h"
-#include "prlong.h"
-
-#include "pk11func.h"
-#include "cert.h"
-#include "cdbhdl.h"
-#include "cryptohi.h"
-#include "secoid.h"
-#include "secder.h"
-#include "genname.h"
-#include "xconst.h"
-#include "secutil.h"
-#include "pqgutil.h"
-#include "certxutl.h"
-#include "secrng.h" /* for RNG_ */
-
-
-/* #define TEST 1 */
-/* #define FILEOUT 1 */
-/* #define OFFLINE 1 */
-#define START_FIELDS 100
-#define PREFIX_LEN 6
-#define SERIAL_FILE "../serial"
-#define DB_DIRECTORY ".."
-
-
-typedef struct PairStr Pair;
-
-struct PairStr {
- char *name;
- char *data;
-};
-
-
-char prefix[PREFIX_LEN];
-
-
-const SEC_ASN1Template CERTIA5TypeTemplate[] = {
- { SEC_ASN1_IA5_STRING }
-};
-
-
-
-SECKEYPrivateKey *privkeys[9] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL};
-
-
-#ifdef notdef
-const SEC_ASN1Template CERT_GeneralNameTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate }
-};
-#endif
-
-
-static void
-error_out(char *error_string)
-{
- printf("Content-type: text/plain\n\n");
- printf(error_string);
- fflush(stderr);
- fflush(stdout);
- exit(1);
-}
-
-static void
-error_allocate(void)
-{
- error_out("ERROR: Unable to allocate memory");
-}
-
-
-static char *
-make_copy_string(char *read_pos,
- int length,
- char sentinal_value)
- /* copys string from to a new string it creates and
- returns a pointer to the new string */
-{
- int remaining = length;
- char *write_pos;
- char *new;
-
- new = write_pos = (char *) PORT_Alloc (length);
- if (new == NULL) {
- error_allocate();
- }
- while (*read_pos != sentinal_value) {
- if (remaining == 1) {
- remaining += length;
- length = length * 2;
- new = PORT_Realloc(new,length);
- if (new == NULL) {
- error_allocate();
- }
- write_pos = new + length - remaining;
- }
- *write_pos = *read_pos;
- ++write_pos;
- ++read_pos;
- remaining = remaining - 1;
- }
- *write_pos = '\0';
- return new;
-}
-
-
-static char *
-PasswordStub(PK11SlotInfo *slot,
- void *cx)
-{
- return NULL;
-}
-
-
-static SECStatus
-clean_input(Pair *data)
- /* converts the non-alphanumeric characters in a form post
- from hex codes back to characters */
-{
- int length;
- int hi_digit;
- int low_digit;
- char character;
- char *begin_pos;
- char *read_pos;
- char *write_pos;
- PRBool name = PR_TRUE;
-
- begin_pos = data->name;
- while (begin_pos != NULL) {
- length = strlen(begin_pos);
- read_pos = write_pos = begin_pos;
- while ((read_pos - begin_pos) < length) {
- if (*read_pos == '+') {
- *read_pos = ' ';
- }
- if (*read_pos == '%') {
- hi_digit = *(read_pos + 1);
- low_digit = *(read_pos +2);
- read_pos += 3;
- if (isdigit(hi_digit)){
- hi_digit = hi_digit - '0';
- } else {
- hi_digit = toupper(hi_digit);
- if (isxdigit(hi_digit)) {
- hi_digit = (hi_digit - 'A') + 10;
- } else {
- error_out("ERROR: Form data incorrectly formated");
- }
- }
- if (isdigit(low_digit)){
- low_digit = low_digit - '0';
- } else {
- low_digit = toupper(low_digit);
- if ((low_digit >='A') && (low_digit <= 'F')) {
- low_digit = (low_digit - 'A') + 10;
- } else {
- error_out("ERROR: Form data incorrectly formated");
- }
- }
- character = (hi_digit << 4) | low_digit;
- if (character != 10) {
- *write_pos = character;
- ++write_pos;
- }
- } else {
- *write_pos = *read_pos;
- ++write_pos;
- ++read_pos;
- }
- }
- *write_pos = '\0';
- if (name == PR_TRUE) {
- begin_pos = data->data;
- name = PR_FALSE;
- } else {
- data++;
- begin_pos = data->name;
- name = PR_TRUE;
- }
- }
- return SECSuccess;
-}
-
-static char *
-make_name(char *new_data)
- /* gets the next field name in the input string and returns
- a pointer to a string containing a copy of it */
-{
- int length = 20;
- char *name;
-
- name = make_copy_string(new_data, length, '=');
- return name;
-}
-
-static char *
-make_data(char *new_data)
- /* gets the data for the next field in the input string
- and returns a pointer to a string containing it */
-{
- int length = 100;
- char *data;
- char *read_pos;
-
- read_pos = new_data;
- while (*(read_pos - 1) != '=') {
- ++read_pos;
- }
- data = make_copy_string(read_pos, length, '&');
- return data;
-}
-
-
-static Pair
-make_pair(char *new_data)
- /* makes a pair name/data pair from the input string */
-{
- Pair temp;
-
- temp.name = make_name(new_data);
- temp.data = make_data(new_data);
- return temp;
-}
-
-
-
-static Pair *
-make_datastruct(char *data, int len)
- /* parses the input from the form post into a data
- structure of field name/data pairs */
-{
- Pair *datastruct;
- Pair *current;
- char *curr_pos;
- int fields = START_FIELDS;
- int remaining = START_FIELDS;
-
- curr_pos = data;
- datastruct = current = (Pair *) PORT_Alloc(fields * sizeof(Pair));
- if (datastruct == NULL) {
- error_allocate();
- }
- while (curr_pos - data < len) {
- if (remaining == 1) {
- remaining += fields;
- fields = fields * 2;
- datastruct = (Pair *) PORT_Realloc
- (datastruct, fields * sizeof(Pair));
- if (datastruct == NULL) {
- error_allocate;
- }
- current = datastruct + (fields - remaining);
- }
- *current = make_pair(curr_pos);
- while (*curr_pos != '&') {
- ++curr_pos;
- }
- ++curr_pos;
- ++current;
- remaining = remaining - 1;
- }
- current->name = NULL;
- return datastruct;
-}
-
-static char *
-return_name(Pair *data_struct,
- int n)
- /* returns a pointer to the name of the nth
- (starting from 0) item in the data structure */
-{
- char *name;
-
- if ((data_struct + n)->name != NULL) {
- name = (data_struct + n)->name;
- return name;
- } else {
- return NULL;
- }
-}
-
-static char *
-return_data(Pair *data_struct,int n)
- /* returns a pointer to the data of the nth (starting from 0)
- itme in the data structure */
-{
- char *data;
-
- data = (data_struct + n)->data;
- return data;
-}
-
-
-static char *
-add_prefix(char *field_name)
-{
- extern char prefix[PREFIX_LEN];
- int i = 0;
- char *rv;
- char *write;
-
- rv = write = PORT_Alloc(PORT_Strlen(prefix) + PORT_Strlen(field_name) + 1);
- for(i = 0; i < PORT_Strlen(prefix); i++) {
- *write = prefix[i];
- write++;
- }
- *write = '\0';
- rv = PORT_Strcat(rv,field_name);
- return rv;
-}
-
-
-static char *
-find_field(Pair *data,
- char *field_name,
- PRBool add_pre)
- /* returns a pointer to the data of the first pair
- thats name matches the string it is passed */
-{
- int i = 0;
- char *retrieved;
- int found = 0;
-
- if (add_pre) {
- field_name = add_prefix(field_name);
- }
- while(return_name(data, i) != NULL) {
- if (PORT_Strcmp(return_name(data, i), field_name) == 0) {
- retrieved = return_data(data, i);
- found = 1;
- break;
- }
- i++;
- }
- if (!found) {
- retrieved = NULL;
- }
- return retrieved;
-}
-
-static PRBool
-find_field_bool(Pair *data,
- char *fieldname,
- PRBool add_pre)
-{
- char *rv;
-
- rv = find_field(data, fieldname, add_pre);
-
- if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) {
- return PR_TRUE;
- } else {
- return PR_FALSE;
- }
-}
-
-static char *
-update_data_by_name(Pair *data,
- char *field_name,
- char *new_data)
- /* replaces the data in the data structure associated with
- a name with new data, returns null if not found */
-{
- int i = 0;
- int found = 0;
- int length = 100;
- char *new;
-
- while (return_name(data, i) != NULL) {
- if (PORT_Strcmp(return_name(data, i), field_name) == 0) {
- new = make_copy_string( new_data, length, '\0');
- PORT_Free(return_data(data, i));
- found = 1;
- (*(data + i)).data = new;
- break;
- }
- i++;
- }
- if (!found) {
- new = NULL;
- }
- return new;
-}
-
-static char *
-update_data_by_index(Pair *data,
- int n,
- char *new_data)
- /* replaces the data of a particular index in the data structure */
-{
- int length = 100;
- char *new;
-
- new = make_copy_string(new_data, length, '\0');
- PORT_Free(return_data(data, n));
- (*(data + n)).data = new;
- return new;
-}
-
-
-static Pair *
-add_field(Pair *data,
- char* field_name,
- char* field_data)
- /* adds a new name/data pair to the data structure */
-{
- int i = 0;
- int j;
- int name_length = 100;
- int data_length = 100;
-
- while(return_name(data, i) != NULL) {
- i++;
- }
- j = START_FIELDS;
- while ( j < (i + 1) ) {
- j = j * 2;
- }
- if (j == (i + 1)) {
- data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair));
- if (data == NULL) {
- error_allocate();
- }
- }
- (*(data + i)).name = make_copy_string(field_name, name_length, '\0');
- (*(data + i)).data = make_copy_string(field_data, data_length, '\0');
- (data + i + 1)->name = NULL;
- return data;
-}
-
-
-static CERTCertificateRequest *
-makeCertReq(Pair *form_data,
- int which_priv_key)
- /* makes and encodes a certrequest */
-{
-
- PK11SlotInfo *slot;
- CERTCertificateRequest *certReq = NULL;
- CERTSubjectPublicKeyInfo *spki;
- SECKEYPrivateKey *privkey = NULL;
- SECKEYPublicKey *pubkey = NULL;
- CERTName *name;
- char *key;
- extern SECKEYPrivateKey *privkeys[9];
- int keySizeInBits;
- char *challenge = "foo";
- SECStatus rv = SECSuccess;
- PQGParams *pqgParams = NULL;
- PQGVerify *pqgVfy = NULL;
-
- name = CERT_AsciiToName(find_field(form_data, "subject", PR_TRUE));
- if (name == NULL) {
- error_out("ERROR: Unable to create Subject Name");
- }
- key = find_field(form_data, "key", PR_TRUE);
- if (key == NULL) {
- switch (*find_field(form_data, "keysize", PR_TRUE)) {
- case '0':
- keySizeInBits = 2048;
- break;
- case '1':
- keySizeInBits = 1024;
- break;
- case '2':
- keySizeInBits = 512;
- break;
- default:
- error_out("ERROR: Unsupported Key length selected");
- }
- if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) {
- rv = PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to generate PQG parameters");
- }
- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
- privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN,
- pqgParams,&pubkey, PR_FALSE,
- PR_TRUE, NULL);
- } else {
- privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL);
- }
- privkeys[which_priv_key] = privkey;
- spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey);
- } else {
- spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge,
- NULL);
- if (spki == NULL) {
- error_out("ERROR: Unable to decode Public Key and Challenge String");
- }
- }
- certReq = CERT_CreateCertificateRequest(name, spki, NULL);
- if (certReq == NULL) {
- error_out("ERROR: Unable to create Certificate Request");
- }
- if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
- }
- if (spki != NULL) {
- SECKEY_DestroySubjectPublicKeyInfo(spki);
- }
- if (pqgParams != NULL) {
- PQG_DestroyParams(pqgParams);
- }
- if (pqgVfy != NULL) {
- PQG_DestroyVerify(pqgVfy);
- }
- return certReq;
-}
-
-
-
-static CERTCertificate *
-MakeV1Cert(CERTCertDBHandle *handle,
- CERTCertificateRequest *req,
- char *issuerNameStr,
- PRBool selfsign,
- int serialNumber,
- int warpmonths,
- Pair *data)
-{
- CERTCertificate *issuerCert = NULL;
- CERTValidity *validity;
- CERTCertificate *cert = NULL;
- PRExplodedTime printableTime;
- PRTime now,
- after;
- SECStatus rv;
-
-
-
- if ( !selfsign ) {
- issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
- if (!issuerCert) {
- error_out("ERROR: Could not find issuer's certificate");
- return NULL;
- }
- }
- if (find_field_bool(data, "manValidity", PR_TRUE)) {
- rv = DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE));
- } else {
- now = PR_Now();
- }
- PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
- if ( warpmonths ) {
- printableTime.tm_month += warpmonths;
- now = PR_ImplodeTime (&printableTime);
- PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
- }
- if (find_field_bool(data, "manValidity", PR_TRUE)) {
- rv = DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE));
- PR_ExplodeTime (after, PR_GMTParameters, &printableTime);
- } else {
- printableTime.tm_month += 3;
- after = PR_ImplodeTime (&printableTime);
- }
- /* note that the time is now in micro-second unit */
- validity = CERT_CreateValidity (now, after);
-
- if ( selfsign ) {
- cert = CERT_CreateCertificate
- (serialNumber,&(req->subject), validity, req);
- } else {
- cert = CERT_CreateCertificate
- (serialNumber,&(issuerCert->subject), validity, req);
- }
-
- CERT_DestroyValidity(validity);
- if ( issuerCert ) {
- CERT_DestroyCertificate (issuerCert);
- }
- return(cert);
-}
-
-static int
-get_serial_number(Pair *data)
-{
- int serial = 0;
- int error;
- char *filename = SERIAL_FILE;
- char *SN;
- FILE *serialFile;
-
-
- if (find_field_bool(data, "serial-auto", PR_TRUE)) {
- serialFile = fopen(filename, "r");
- if (serialFile != NULL) {
- fread(&serial, sizeof(int), 1, serialFile);
- if (ferror(serialFile) != 0) {
- error_out("Error: Unable to read serial number file");
- }
- if (serial == 4294967295) {
- serial = 21;
- }
- fclose(serialFile);
- ++serial;
- serialFile = fopen(filename,"w");
- if (serialFile == NULL) {
- error_out("ERROR: Unable to open serial number file for writing");
- }
- fwrite(&serial, sizeof(int), 1, serialFile);
- if (ferror(serialFile) != 0) {
- error_out("Error: Unable to write to serial number file");
- }
- } else {
- fclose(serialFile);
- serialFile = fopen(filename,"w");
- if (serialFile == NULL) {
- error_out("ERROR: Unable to open serial number file");
- }
- serial = 21;
- fwrite(&serial, sizeof(int), 1, serialFile);
- if (ferror(serialFile) != 0) {
- error_out("Error: Unable to write to serial number file");
- }
- error = ferror(serialFile);
- if (error != 0) {
- error_out("ERROR: Unable to write to serial file");
- }
- }
- fclose(serialFile);
- } else {
- SN = find_field(data, "serial_value", PR_TRUE);
- while (*SN != '\0') {
- serial = serial * 16;
- if ((*SN >= 'A') && (*SN <='F')) {
- serial += *SN - 'A' + 10;
- } else {
- if ((*SN >= 'a') && (*SN <='f')) {
- serial += *SN - 'a' + 10;
- } else {
- serial += *SN - '0';
- }
- }
- ++SN;
- }
- }
- return serial;
-}
-
-
-
-
-
-static CERTCertDBHandle
-*OpenCertDB(void)
- /* NOTE: This routine has been modified to allow the libsec/pcertdb.c
- * routines to automatically find and convert the old cert database
- * into the new v3.0 format (cert db version 5).
- */
-{
- CERTCertDBHandle *certHandle;
- SECStatus rv;
-
- /* Allocate a handle to fill with CERT_OpenCertDB below */
- certHandle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle));
- if (!certHandle) {
- error_out("ERROR: unable to get database handle");
- return NULL;
- }
-
- rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL);
-
- if (rv) {
- error_out("ERROR: Could not open certificate database");
- if (certHandle) free (certHandle); /* we don't want to leave
- anything behind... */
- return NULL;
- } else {
- CERT_SetDefaultCertDB(certHandle);
- }
-
- return certHandle;
-}
-
-typedef SECStatus (* EXTEN_VALUE_ENCODER)
- (PRArenaPool *extHandle, void *value, SECItem *encodedValue);
-
-static SECStatus
-EncodeAndAddExtensionValue(
- PRArenaPool *arena,
- void *extHandle,
- void *value,
- PRBool criticality,
- int extenType,
- EXTEN_VALUE_ENCODER EncodeValueFn)
-{
- SECItem encodedValue;
- SECStatus rv;
-
-
- encodedValue.data = NULL;
- encodedValue.len = 0;
- rv = (*EncodeValueFn)(arena, value, &encodedValue);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to encode extension value");
- }
- rv = CERT_AddExtension
- (extHandle, extenType, &encodedValue, criticality, PR_TRUE);
- return (rv);
-}
-
-
-
-static SECStatus
-AddKeyUsage (void *extHandle,
- Pair *data)
-{
- SECItem bitStringValue;
- unsigned char keyUsage = 0x0;
-
- if (find_field_bool(data,"keyUsage-digitalSignature", PR_TRUE)){
- keyUsage |= (0x80 >> 0);
- }
- if (find_field_bool(data,"keyUsage-nonRepudiation", PR_TRUE)){
- keyUsage |= (0x80 >> 1);
- }
- if (find_field_bool(data,"keyUsage-keyEncipherment", PR_TRUE)){
- keyUsage |= (0x80 >> 2);
- }
- if (find_field_bool(data,"keyUsage-dataEncipherment", PR_TRUE)){
- keyUsage |= (0x80 >> 3);
- }
- if (find_field_bool(data,"keyUsage-keyAgreement", PR_TRUE)){
- keyUsage |= (0x80 >> 4);
- }
- if (find_field_bool(data,"keyUsage-keyCertSign", PR_TRUE)) {
- keyUsage |= (0x80 >> 5);
- }
- if (find_field_bool(data,"keyUsage-cRLSign", PR_TRUE)) {
- keyUsage |= (0x80 >> 6);
- }
-
- bitStringValue.data = &keyUsage;
- bitStringValue.len = 1;
-
- return (CERT_EncodeAndAddBitStrExtension
- (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue,
- (find_field_bool(data, "keyUsage-crit", PR_TRUE))));
-
-}
-
-static CERTOidSequence *
-CreateOidSequence(void)
-{
- CERTOidSequence *rv = (CERTOidSequence *)NULL;
- PRArenaPool *arena = (PRArenaPool *)NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if( (PRArenaPool *)NULL == arena ) {
- goto loser;
- }
-
- rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
- if( (CERTOidSequence *)NULL == rv ) {
- goto loser;
- }
-
- rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *));
- if( (SECItem **)NULL == rv->oids ) {
- goto loser;
- }
-
- rv->arena = arena;
- return rv;
-
- loser:
- if( (PRArenaPool *)NULL != arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return (CERTOidSequence *)NULL;
-}
-
-static SECStatus
-AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
-{
- SECItem **oids;
- PRUint32 count = 0;
- SECOidData *od;
-
- od = SECOID_FindOIDByTag(oidTag);
- if( (SECOidData *)NULL == od ) {
- return SECFailure;
- }
-
- for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) {
- count++;
- }
-
- /* ArenaZRealloc */
-
- {
- PRUint32 i;
-
- oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count+2));
- if( (SECItem **)NULL == oids ) {
- return SECFailure;
- }
-
- for( i = 0; i < count; i++ ) {
- oids[i] = os->oids[i];
- }
-
- /* ArenaZFree(os->oids); */
- }
-
- os->oids = oids;
- os->oids[count] = &od->oid;
-
- return SECSuccess;
-}
-
-static SECItem *
-EncodeOidSequence(CERTOidSequence *os)
-{
- SECItem *rv;
- extern const SEC_ASN1Template CERT_OidSeqTemplate[];
-
- rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem));
- if( (SECItem *)NULL == rv ) {
- goto loser;
- }
-
- if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) {
- goto loser;
- }
-
- return rv;
-
- loser:
- return (SECItem *)NULL;
-}
-
-static SECStatus
-AddExtKeyUsage(void *extHandle, Pair *data)
-{
- SECStatus rv;
- CERTOidSequence *os;
- SECItem *value;
- PRBool crit;
-
- os = CreateOidSequence();
- if( (CERTOidSequence *)NULL == os ) {
- return SECFailure;
- }
-
- if( find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
- if( SECSuccess != rv ) goto loser;
- }
-
- value = EncodeOidSequence(os);
-
- crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE);
-
- rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value,
- crit, PR_TRUE);
- /*FALLTHROUGH*/
- loser:
- CERT_DestroyOidSequence(os);
- return rv;
-}
-
-static SECStatus
-AddSubKeyID(void *extHandle,
- Pair *data,
- CERTCertificate *subjectCert)
-{
- SECItem encodedValue;
- SECStatus rv;
- char *read;
- char *write;
- char *first;
- char character;
- int high_digit = 0,
- low_digit = 0;
- int len;
- PRBool odd = PR_FALSE;
-
-
- encodedValue.data = NULL;
- encodedValue.len = 0;
- first = read = write = find_field(data,"subjectKeyIdentifier-text",
- PR_TRUE);
- len = PORT_Strlen(first);
- odd = ((len % 2) != 0 ) ? PR_TRUE : PR_FALSE;
- if (find_field_bool(data, "subjectKeyIdentifier-radio-hex", PR_TRUE)) {
- if (odd) {
- error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string");
- }
- while (*read != '\0') {
- if (!isxdigit(*read)) {
- error_out("ERROR: Improperly formated subject key identifier");
- }
- *read = toupper(*read);
- if ((*read >= 'A') && (*read <= 'F')) {
- high_digit = *read - 'A' + 10;
- } else {
- high_digit = *read - '0';
- }
- ++read;
- if (!isxdigit(*read)) {
- error_out("ERROR: Improperly formated subject key identifier");
- }
- *read = toupper(*read);
- if ((*read >= 'A') && (*read <= 'F')) {
- low_digit = *(read) - 'A' + 10;
- } else {
- low_digit = *(read) - '0';
- }
- character = (high_digit << 4) | low_digit;
- *write = character;
- ++write;
- ++read;
- }
- *write = '\0';
- len = write - first;
- }
- subjectCert->subjectKeyID.data = (unsigned char *) find_field
- (data,"subjectKeyIdentifier-text", PR_TRUE);
- subjectCert->subjectKeyID.len = len;
- rv = CERT_EncodeSubjectKeyID
- (NULL, find_field(data,"subjectKeyIdentifier-text", PR_TRUE),
- len, &encodedValue);
- if (rv) {
- return (rv);
- }
- return (CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID,
- &encodedValue, PR_FALSE, PR_TRUE));
-}
-
-
-static SECStatus
-AddAuthKeyID (void *extHandle,
- Pair *data,
- char *issuerNameStr,
- CERTCertDBHandle *handle)
-{
- CERTAuthKeyID *authKeyID = NULL;
- PRArenaPool *arena = NULL;
- SECStatus rv = SECSuccess;
- CERTCertificate *issuerCert = NULL;
- CERTGeneralName *genNames;
- CERTName *directoryName = NULL;
-
-
- issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- error_allocate();
- }
-
- authKeyID = PORT_ArenaZAlloc (arena, sizeof (CERTAuthKeyID));
- if (authKeyID == NULL) {
- error_allocate();
- }
- if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier",
- PR_TRUE)) {
- authKeyID->keyID.data = PORT_ArenaAlloc (arena, PORT_Strlen
- ((char *)issuerCert->subjectKeyID.data));
- if (authKeyID->keyID.data == NULL) {
- error_allocate();
- }
- PORT_Memcpy (authKeyID->keyID.data, issuerCert->subjectKeyID.data,
- authKeyID->keyID.len =
- PORT_Strlen((char *)issuerCert->subjectKeyID.data));
- } else {
-
- PORT_Assert (arena);
- genNames = (CERTGeneralName *) PORT_ArenaZAlloc (arena, (sizeof(CERTGeneralName)));
- if (genNames == NULL){
- error_allocate();
- }
- genNames->l.next = genNames->l.prev = &(genNames->l);
- genNames->type = certDirectoryName;
-
- directoryName = CERT_AsciiToName(issuerCert->subjectName);
- if (!directoryName) {
- error_out("ERROR: Unable to create Directory Name");
- }
- rv = CERT_CopyName (arena, &genNames->name.directoryName,
- directoryName);
- CERT_DestroyName (directoryName);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to copy Directory Name");
- }
- authKeyID->authCertIssuer = genNames;
- if (authKeyID->authCertIssuer == NULL && SECFailure ==
- PORT_GetError ()) {
- error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension");
- }
- authKeyID->authCertSerialNumber = issuerCert->serialNumber;
- }
- rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE,
- SEC_OID_X509_AUTH_KEY_ID,
- (EXTEN_VALUE_ENCODER)
- CERT_EncodeAuthKeyID);
- if (arena) {
- PORT_FreeArena (arena, PR_FALSE);
- }
- return (rv);
-}
-
-
-static SECStatus
-AddPrivKeyUsagePeriod(void *extHandle,
- Pair *data,
- CERTCertificate *cert)
-{
- char *notBeforeStr;
- char *notAfterStr;
- PRArenaPool *arena = NULL;
- SECStatus rv = SECSuccess;
- PKUPEncodedContext *pkup;
-
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- error_allocate();
- }
- pkup = PORT_ArenaZAlloc (arena, sizeof (PKUPEncodedContext));
- if (pkup == NULL) {
- error_allocate();
- }
- notBeforeStr = (char *) PORT_Alloc(16 * sizeof(char));
- notAfterStr = (char *) PORT_Alloc(16 * sizeof(char));
- *notBeforeStr = '\0';
- *notAfterStr = '\0';
- pkup->arena = arena;
- pkup->notBefore.len = 0;
- pkup->notBefore.data = NULL;
- pkup->notAfter.len = 0;
- pkup->notAfter.data = NULL;
- if (find_field_bool(data, "privKeyUsagePeriod-radio-notBefore", PR_TRUE) ||
- find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
- pkup->notBefore.len = 15;
- pkup->notBefore.data = (unsigned char *)notBeforeStr;
- if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual",
- PR_TRUE)) {
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-year",
- PR_TRUE));
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-month",
- PR_TRUE));
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-day",
- PR_TRUE));
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-hour",
- PR_TRUE));
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-minute",
- PR_TRUE));
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-second",
- PR_TRUE));
- if ((*(notBeforeStr + 14) != '\0') ||
- (!isdigit(*(notBeforeStr + 13))) ||
- (*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') ||
- (!isdigit(*(notBeforeStr + 11))) ||
- (*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') ||
- (!isdigit(*(notBeforeStr + 9))) ||
- (*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') ||
- (!isdigit(*(notBeforeStr + 7))) ||
- (*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') ||
- (!isdigit(*(notBeforeStr + 5))) ||
- (*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') ||
- (!isdigit(*(notBeforeStr + 3))) ||
- (!isdigit(*(notBeforeStr + 2))) ||
- (!isdigit(*(notBeforeStr + 1))) ||
- (!isdigit(*(notBeforeStr + 0))) ||
- (*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') ||
- (*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') ||
- (*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) {
- error_out("ERROR: Improperly formated private key usage period");
- }
- *(notBeforeStr + 14) = 'Z';
- *(notBeforeStr + 15) = '\0';
- } else {
- if ((*(cert->validity.notBefore.data) > '5') ||
- ((*(cert->validity.notBefore.data) == '5') &&
- (*(cert->validity.notBefore.data + 1) != '0'))) {
- PORT_Strcat(notBeforeStr, "19");
- } else {
- PORT_Strcat(notBeforeStr, "20");
- }
- PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data);
- }
- }
- if (find_field_bool(data, "privKeyUsagePeriod-radio-notAfter", PR_TRUE) ||
- find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
- pkup->notAfter.len = 15;
- pkup->notAfter.data = (unsigned char *)notAfterStr;
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-year",
- PR_TRUE));
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-month",
- PR_TRUE));
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-day",
- PR_TRUE));
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-hour",
- PR_TRUE));
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-minute",
- PR_TRUE));
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-second",
- PR_TRUE));
- if ((*(notAfterStr + 14) != '\0') ||
- (!isdigit(*(notAfterStr + 13))) ||
- (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') ||
- (!isdigit(*(notAfterStr + 11))) ||
- (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') ||
- (!isdigit(*(notAfterStr + 9))) ||
- (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') ||
- (!isdigit(*(notAfterStr + 7))) ||
- (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') ||
- (!isdigit(*(notAfterStr + 5))) ||
- (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') ||
- (!isdigit(*(notAfterStr + 3))) ||
- (!isdigit(*(notAfterStr + 2))) ||
- (!isdigit(*(notAfterStr + 1))) ||
- (!isdigit(*(notAfterStr + 0))) ||
- (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') ||
- (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') ||
- (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) {
- error_out("ERROR: Improperly formated private key usage period");
- }
- *(notAfterStr + 14) = 'Z';
- *(notAfterStr + 15) = '\0';
- }
-
- PORT_Assert (arena);
-
- rv = EncodeAndAddExtensionValue(arena, extHandle, pkup,
- find_field_bool(data,
- "privKeyUsagePeriod-crit",
- PR_TRUE),
- SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
- (EXTEN_VALUE_ENCODER)
- CERT_EncodePublicKeyUsagePeriod);
- if (arena) {
- PORT_FreeArena (arena, PR_FALSE);
- }
- if (notBeforeStr != NULL) {
- PORT_Free(notBeforeStr);
- }
- if (notAfterStr != NULL) {
- PORT_Free(notAfterStr);
- }
- return (rv);
-}
-
-static SECStatus
-AddBasicConstraint(void *extHandle,
- Pair *data)
-{
- CERTBasicConstraints basicConstraint;
- SECItem encodedValue;
- SECStatus rv;
-
- encodedValue.data = NULL;
- encodedValue.len = 0;
- basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
- basicConstraint.isCA = (find_field_bool(data,"basicConstraints-cA-radio-CA",
- PR_TRUE));
- if (find_field_bool(data,"basicConstraints-pathLengthConstraint", PR_TRUE)){
- basicConstraint.pathLenConstraint = atoi
- (find_field(data,"basicConstraints-pathLengthConstraint-text",
- PR_TRUE));
- }
-
- rv = CERT_EncodeBasicConstraintValue (NULL, &basicConstraint,
- &encodedValue);
- if (rv)
- return (rv);
- rv = CERT_AddExtension(extHandle, SEC_OID_X509_BASIC_CONSTRAINTS,
- &encodedValue,
- (find_field_bool(data,"basicConstraints-crit",
- PR_TRUE)), PR_TRUE);
-
- PORT_Free (encodedValue.data);
- return (rv);
-}
-
-
-
-static SECStatus
-AddNscpCertType (void *extHandle,
- Pair *data)
-{
- SECItem bitStringValue;
- unsigned char CertType = 0x0;
-
- if (find_field_bool(data,"netscape-cert-type-ssl-client", PR_TRUE)){
- CertType |= (0x80 >> 0);
- }
- if (find_field_bool(data,"netscape-cert-type-ssl-server", PR_TRUE)){
- CertType |= (0x80 >> 1);
- }
- if (find_field_bool(data,"netscape-cert-type-smime", PR_TRUE)){
- CertType |= (0x80 >> 2);
- }
- if (find_field_bool(data,"netscape-cert-type-object-signing", PR_TRUE)){
- CertType |= (0x80 >> 3);
- }
- if (find_field_bool(data,"netscape-cert-type-reserved", PR_TRUE)){
- CertType |= (0x80 >> 4);
- }
- if (find_field_bool(data,"netscape-cert-type-ssl-ca", PR_TRUE)) {
- CertType |= (0x80 >> 5);
- }
- if (find_field_bool(data,"netscape-cert-type-smime-ca", PR_TRUE)) {
- CertType |= (0x80 >> 6);
- }
- if (find_field_bool(data,"netscape-cert-type-object-signing-ca", PR_TRUE)) {
- CertType |= (0x80 >> 7);
- }
-
- bitStringValue.data = &CertType;
- bitStringValue.len = 1;
-
- return (CERT_EncodeAndAddBitStrExtension
- (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue,
- (find_field_bool(data, "netscape-cert-type-crit", PR_TRUE))));
-}
-
-
-static SECStatus
-add_IA5StringExtension(void *extHandle,
- char *string,
- PRBool crit,
- int idtag)
-{
- SECItem encodedValue;
- SECStatus rv;
-
- encodedValue.data = NULL;
- encodedValue.len = 0;
-
- rv = CERT_EncodeIA5TypeExtension(NULL, string, &encodedValue);
- if (rv) {
- return (rv);
- }
- return (CERT_AddExtension(extHandle, idtag, &encodedValue, crit, PR_TRUE));
-}
-
-static SECItem *
-string_to_oid(char *string)
-{
- int i;
- int length = 20;
- int remaining;
- int first_value;
- int second_value;
- int value;
- int oidLength;
- unsigned char *oidString;
- unsigned char *write;
- unsigned char *read;
- unsigned char *temp;
- SECItem *oid;
-
-
- remaining = length;
- i = 0;
- while (*string == ' ') {
- string++;
- }
- while (isdigit(*(string + i))) {
- i++;
- }
- if (*(string + i) == '.') {
- *(string + i) = '\0';
- } else {
- error_out("ERROR: Improperly formated OID");
- }
- first_value = atoi(string);
- if (first_value < 0 || first_value > 2) {
- error_out("ERROR: Improperly formated OID");
- }
- string += i + 1;
- i = 0;
- while (isdigit(*(string + i))) {
- i++;
- }
- if (*(string + i) == '.') {
- *(string + i) = '\0';
- } else {
- error_out("ERROR: Improperly formated OID");
- }
- second_value = atoi(string);
- if (second_value < 0 || second_value > 39) {
- error_out("ERROR: Improperly formated OID");
- }
- oidString = PORT_ZAlloc(2);
- *oidString = (first_value * 40) + second_value;
- *(oidString + 1) = '\0';
- oidLength = 1;
- string += i + 1;
- i = 0;
- temp = write = PORT_ZAlloc(length);
- while (*string != '\0') {
- value = 0;
- while(isdigit(*(string + i))) {
- i++;
- }
- if (*(string + i) == '\0') {
- value = atoi(string);
- string += i;
- } else {
- if (*(string + i) == '.') {
- *(string + i) == '\0';
- value = atoi(string);
- string += i + 1;
- } else {
- *(string + i) = '\0';
- i++;
- value = atoi(string);
- if (*(string + i) == ' ') {
- while (*(string + i) == ' ')
- i++;
- }
- if (*(string + i) != '\0') {
- error_out("ERROR: Improperly formated OID");
- }
- }
- }
- i = 0;
- while (value != 0) {
- if (remaining < 1) {
- remaining += length;
- length = length * 2;
- temp = PORT_Realloc(temp, length);
- write = temp + length - remaining;
- }
- *write = (value & 0x7f) | (0x80);
- write++;
- remaining--;
- value = value >> 7;
- }
- *temp = *temp & (0x7f);
- oidLength += write - temp;
- oidString = PORT_Realloc(oidString, (oidLength + 1));
- read = write - 1;
- write = oidLength + oidString - 1;
- for (i = 0; i < (length - remaining); i++) {
- *write = *read;
- write--;
- read++;
- }
- write = temp;
- remaining = length;
- }
- *(oidString + oidLength) = '\0';
- oid = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
- oid->data = oidString;
- oid->len = oidLength;
- PORT_Free(temp);
- return oid;
-}
-
-static SECItem *
-string_to_ipaddress(char *string)
-{
- int i = 0;
- int value;
- int j = 0;
- SECItem *ipaddress;
-
-
- while (*string == ' ') {
- string++;
- }
- ipaddress = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
- ipaddress->data = PORT_ZAlloc(9);
- while (*string != '\0' && j < 8) {
- while (isdigit(*(string + i))) {
- i++;
- }
- if (*(string + i) == '.') {
- *(string + i) = '\0';
- value = atoi(string);
- string = string + i + 1;
- i = 0;
- } else {
- if (*(string + i) == '\0') {
- value = atoi(string);
- string = string + i;
- i = 0;
- } else {
- *(string + i) = '\0';
- while (*(string + i) == ' ') {
- i++;
- }
- if (*(string + i) == '\0') {
- value = atoi(string);
- string = string + i;
- i = 0;
- } else {
- error_out("ERROR: Improperly formated IP Address");
- }
- }
- }
- if (value >= 0 || value < 256) {
- *(ipaddress->data + j) = value;
- } else {
- error_out("ERROR: Improperly formated IP Address");
- }
- j++;
- }
- *(ipaddress->data + j) = '\0';
- if (j != 4 && j != 8) {
- error_out("ERROR: Improperly formated IP Address");
- }
- ipaddress->len = j;
- return ipaddress;
-}
-
-static SECItem *
-string_to_binary(char *string)
-{
- SECItem *rv;
- int high_digit;
- int low_digit;
-
- rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
- if (rv == NULL) {
- error_allocate();
- }
- rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2);
- while (!isxdigit(*string)) {
- string++;
- }
- rv->len = 0;
- while (*string != '\0') {
- if (isxdigit(*string)) {
- if (*string >= '0' && *string <= '9') {
- high_digit = *string - '0';
- } else {
- *string = toupper(*string);
- high_digit = *string - 'A';
- }
- string++;
- if (*string >= '0' && *string <= '9') {
- low_digit = *string - '0';
- } else {
- *string = toupper(*string);
- low_digit = *string = 'A';
- }
- (rv->len)++;
- } else {
- if (*string == ':') {
- string++;
- } else {
- if (*string == ' ') {
- while (*string == ' ') {
- string++;
- }
- }
- if (*string != '\0') {
- error_out("ERROR: Improperly formated binary encoding");
- }
- }
- }
- }
-
- return rv;
-}
-
-static SECStatus
-MakeGeneralName(char *name,
- CERTGeneralName *genName,
- PRArenaPool *arena)
-{
- SECItem *oid;
- SECOidData *oidData;
- SECItem *ipaddress;
- SECItem *temp = NULL;
- int i;
- int nameType;
- PRBool binary = PR_FALSE;
- SECStatus rv = SECSuccess;
- PRBool nickname;
-
- PORT_Assert(genName);
- PORT_Assert(arena);
- nameType = *(name + PORT_Strlen(name) - 1) - '0';
- if (nameType == 0 && *(name +PORT_Strlen(name) - 2) == '1') {
- nickname = PR_TRUE;
- nameType = certOtherName;
- }
- if (nameType < 1 || nameType > 9) {
- error_out("ERROR: Unknown General Name Type");
- }
- *(name + PORT_Strlen(name) - 4) = '\0';
- genName->type = nameType;
-
- switch (genName->type) {
- case certURI:
- case certRFC822Name:
- case certDNSName: {
- genName->name.other.data = (unsigned char *)name;
- genName->name.other.len = PORT_Strlen(name);
- break;
- }
-
- case certIPAddress: {
- ipaddress = string_to_ipaddress(name);
- genName->name.other.data = ipaddress->data;
- genName->name.other.len = ipaddress->len;
- break;
- }
-
- case certRegisterID: {
- oid = string_to_oid(name);
- genName->name.other.data = oid->data;
- genName->name.other.len = oid->len;
- break;
- }
-
- case certEDIPartyName:
- case certX400Address: {
-
- genName->name.other.data = PORT_ArenaAlloc (arena,
- PORT_Strlen (name) + 2);
- if (genName->name.other.data == NULL) {
- error_allocate();
- }
-
- PORT_Memcpy (genName->name.other.data + 2, name, PORT_Strlen (name));
- /* This may not be accurate for all cases.
- For now, use this tag type */
- genName->name.other.data[0] = (char)(((genName->type - 1) &
- 0x1f)| 0x80);
- genName->name.other.data[1] = (char)PORT_Strlen (name);
- genName->name.other.len = PORT_Strlen (name) + 2;
- break;
- }
-
- case certOtherName: {
- i = 0;
- if (!nickname) {
- while (!isdigit(*(name + PORT_Strlen(name) - i))) {
- i++;
- }
- if (*(name + PORT_Strlen(name) - i) == '1') {
- binary = PR_TRUE;
- } else {
- binary = PR_FALSE;
- }
- while (*(name + PORT_Strlen(name) - i) != '-') {
- i++;
- }
- *(name + PORT_Strlen(name) - i - 1) = '\0';
- i = 0;
- while (*(name + i) != '-') {
- i++;
- }
- *(name + i - 1) = '\0';
- oid = string_to_oid(name + i + 2);
- } else {
- oidData = SECOID_FindOIDByTag(SEC_OID_NETSCAPE_NICKNAME);
- oid = &oidData->oid;
- while (*(name + PORT_Strlen(name) - i) != '-') {
- i++;
- }
- *(name + PORT_Strlen(name) - i) = '\0';
- }
- genName->name.OthName.oid.data = oid->data;
- genName->name.OthName.oid.len = oid->len;
- if (binary) {
- temp = string_to_binary(name);
- genName->name.OthName.name.data = temp->data;
- genName->name.OthName.name.len = temp->len;
- } else {
- temp = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
- if (temp == NULL) {
- error_allocate();
- }
- temp->data = (unsigned char *)name;
- temp->len = PORT_Strlen(name);
- SEC_ASN1EncodeItem (arena, &(genName->name.OthName.name), temp,
- CERTIA5TypeTemplate);
- }
- PORT_Free(temp);
- break;
- }
-
- case certDirectoryName: {
- CERTName *directoryName = NULL;
-
- directoryName = CERT_AsciiToName (name);
- if (!directoryName) {
- error_out("ERROR: Improperly formated alternative name");
- break;
- }
- rv = CERT_CopyName (arena, &genName->name.directoryName,
- directoryName);
- CERT_DestroyName (directoryName);
-
- break;
- }
- }
- genName->l.next = &(genName->l);
- genName->l.prev = &(genName->l);
- return rv;
-}
-
-
-static CERTGeneralName *
-MakeAltName(Pair *data,
- char *which,
- PRArenaPool *arena)
-{
- CERTGeneralName *SubAltName;
- CERTGeneralName *current;
- CERTGeneralName *newname;
- char *name = NULL;
- SECStatus rv = SECSuccess;
- int len;
-
-
- len = PORT_Strlen(which);
- name = find_field(data, which, PR_TRUE);
- SubAltName = current = (CERTGeneralName *) PORT_ZAlloc
- (sizeof(CERTGeneralName));
- if (current == NULL) {
- error_allocate();
- }
- while (name != NULL) {
-
- rv = MakeGeneralName(name, current, arena);
-
- if (rv != SECSuccess) {
- break;
- }
- if (*(which + len -1) < '9') {
- *(which + len - 1) = *(which + len - 1) + 1;
- } else {
- if (isdigit(*(which + len - 2) )) {
- *(which + len - 2) = *(which + len - 2) + 1;
- *(which + len - 1) = '0';
- } else {
- *(which + len - 1) = '1';
- *(which + len) = '0';
- *(which + len + 1) = '\0';
- len++;
- }
- }
- len = PORT_Strlen(which);
- name = find_field(data, which, PR_TRUE);
- if (name != NULL) {
- newname = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName));
- if (newname == NULL) {
- error_allocate();
- }
- current->l.next = &(newname->l);
- newname->l.prev = &(current->l);
- current = newname;
- newname = NULL;
- } else {
- current->l.next = &(SubAltName->l);
- SubAltName->l.prev = &(current->l);
- }
- }
- if (rv == SECFailure) {
- return NULL;
- }
- return SubAltName;
-}
-
-static CERTNameConstraints *
-MakeNameConstraints(Pair *data,
- PRArenaPool *arena)
-{
- CERTNameConstraints *NameConstraints;
- CERTNameConstraint *current = NULL;
- CERTNameConstraint *last_permited = NULL;
- CERTNameConstraint *last_excluded = NULL;
- char *constraint = NULL;
- char *which;
- SECStatus rv = SECSuccess;
- int len;
- int i;
- long max;
- long min;
- PRBool permited;
-
-
- NameConstraints = (CERTNameConstraints *) PORT_ZAlloc
- (sizeof(CERTNameConstraints));
- which = make_copy_string("NameConstraintSelect0", 25,'\0');
- len = PORT_Strlen(which);
- constraint = find_field(data, which, PR_TRUE);
- NameConstraints->permited = NameConstraints->excluded = NULL;
- while (constraint != NULL) {
- current = (CERTNameConstraint *) PORT_ZAlloc
- (sizeof(CERTNameConstraint));
- if (current == NULL) {
- error_allocate();
- }
- i = 0;
- while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
- i++;
- }
- *(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
- max = (long) atoi(constraint + PORT_Strlen(constraint) + 3);
- if (max > 0) {
- (void) SEC_ASN1EncodeInteger(arena, &current->max, max);
- }
- i = 0;
- while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
- i++;
- }
- *(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
- min = (long) atoi(constraint + PORT_Strlen(constraint) + 3);
- (void) SEC_ASN1EncodeInteger(arena, &current->min, min);
- while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
- i++;
- }
- *(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
- if (*(constraint + PORT_Strlen(constraint) + 3) == 'p') {
- permited = PR_TRUE;
- } else {
- permited = PR_FALSE;
- }
- rv = MakeGeneralName(constraint, &(current->name), arena);
-
- if (rv != SECSuccess) {
- break;
- }
- if (*(which + len - 1) < '9') {
- *(which + len - 1) = *(which + len - 1) + 1;
- } else {
- if (isdigit(*(which + len - 2) )) {
- *(which + len - 2) = *(which + len - 2) + 1;
- *(which + len - 1) = '0';
- } else {
- *(which + len - 1) = '1';
- *(which + len) = '0';
- *(which + len + 1) = '\0';
- len++;
- }
- }
- len = PORT_Strlen(which);
- if (permited) {
- if (NameConstraints->permited == NULL) {
- NameConstraints->permited = last_permited = current;
- }
- last_permited->l.next = &(current->l);
- current->l.prev = &(last_permited->l);
- last_permited = current;
- } else {
- if (NameConstraints->excluded == NULL) {
- NameConstraints->excluded = last_excluded = current;
- }
- last_excluded->l.next = &(current->l);
- current->l.prev = &(last_excluded->l);
- last_excluded = current;
- }
- constraint = find_field(data, which, PR_TRUE);
- if (constraint != NULL) {
- current = (CERTNameConstraint *) PORT_ZAlloc(sizeof(CERTNameConstraint));
- if (current = NULL) {
- error_allocate();
- }
- }
- }
- if (NameConstraints->permited != NULL) {
- last_permited->l.next = &(NameConstraints->permited->l);
- NameConstraints->permited->l.prev = &(last_permited->l);
- }
- if (NameConstraints->excluded != NULL) {
- last_excluded->l.next = &(NameConstraints->excluded->l);
- NameConstraints->excluded->l.prev = &(last_excluded->l);
- }
- if (which != NULL) {
- PORT_Free(which);
- }
- if (rv == SECFailure) {
- return NULL;
- }
- return NameConstraints;
-}
-
-
-
-static SECStatus
-AddAltName(void *extHandle,
- Pair *data,
- char *issuerNameStr,
- CERTCertDBHandle *handle,
- int type)
-{
- PRBool autoIssuer = PR_FALSE;
- PRArenaPool *arena = NULL;
- CERTGeneralName *genName = NULL;
- CERTName *directoryName = NULL;
- char *which = NULL;
- char *name = NULL;
- SECStatus rv = SECSuccess;
- SECItem *issuersAltName = NULL;
- CERTCertificate *issuerCert = NULL;
- void *mark;
-
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- error_allocate();
- }
- if (type == 0) {
- which = make_copy_string("SubAltNameSelect0", 20,'\0');
- genName = MakeAltName(data, which, arena);
- } else {
- if (autoIssuer) {
- autoIssuer = find_field_bool(data,"IssuerAltNameSourceRadio-auto",
- PR_TRUE);
- issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
- rv = cert_FindExtension((*issuerCert).extensions,
- SEC_OID_X509_SUBJECT_ALT_NAME,
- issuersAltName);
- if (issuersAltName == NULL) {
- name = PORT_Alloc(PORT_Strlen((*issuerCert).subjectName) + 4);
- PORT_Strcpy(name, (*issuerCert).subjectName);
- PORT_Strcat(name, " - 5");
- }
- } else {
- which = make_copy_string("IssuerAltNameSelect0", 20,'\0');
- genName = MakeAltName(data, which, arena);
- }
- }
- if (type == 0) {
- EncodeAndAddExtensionValue(arena, extHandle, genName,
- find_field_bool(data, "SubAltName-crit",
- PR_TRUE),
- SEC_OID_X509_SUBJECT_ALT_NAME,
- (EXTEN_VALUE_ENCODER)
- CERT_EncodeAltNameExtension);
-
- } else {
- if (autoIssuer && (name == NULL)) {
- rv = CERT_AddExtension
- (extHandle, SEC_OID_X509_ISSUER_ALT_NAME, issuersAltName,
- find_field_bool(data, "IssuerAltName-crit", PR_TRUE), PR_TRUE);
- } else {
- EncodeAndAddExtensionValue(arena, extHandle, genName,
- find_field_bool(data,
- "IssuerAltName-crit",
- PR_TRUE),
- SEC_OID_X509_ISSUER_ALT_NAME,
- (EXTEN_VALUE_ENCODER)
- CERT_EncodeAltNameExtension);
- }
- }
- if (which != NULL) {
- PORT_Free(which);
- }
- if (issuerCert != NULL) {
- CERT_DestroyCertificate(issuerCert);
- }
- if (arena != NULL) {
- PORT_ArenaRelease (arena, mark);
- }
- return rv;
-}
-
-
-static SECStatus
-AddNameConstraints(void *extHandle,
- Pair *data)
-{
- PRBool autoIssuer = PR_FALSE;
- PRArenaPool *arena = NULL;
- CERTNameConstraints *constraints = NULL;
- char *constraint = NULL;
- SECStatus rv = SECSuccess;
-
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- error_allocate();
- }
- constraints = MakeNameConstraints(data, arena);
- if (constraints != NULL) {
- EncodeAndAddExtensionValue(arena, extHandle, constraints, PR_TRUE,
- SEC_OID_X509_NAME_CONSTRAINTS,
- (EXTEN_VALUE_ENCODER)
- CERT_EncodeNameConstraintsExtension);
- }
- if (arena != NULL) {
- PORT_ArenaRelease (arena, NULL);
- }
- return rv;
-}
-
-
-static SECStatus
-add_extensions(CERTCertificate *subjectCert,
- Pair *data,
- char *issuerNameStr,
- CERTCertDBHandle *handle)
-{
- void *extHandle;
- SECStatus rv = SECSuccess;
-
-
- extHandle = CERT_StartCertExtensions (subjectCert);
- if (extHandle == NULL) {
- error_out("ERROR: Unable to get certificates extension handle");
- }
- if (find_field_bool(data, "keyUsage", PR_TRUE)) {
- rv = AddKeyUsage(extHandle, data);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Key Usage extension");
- }
- }
-
- if( find_field_bool(data, "extKeyUsage", PR_TRUE) ) {
- rv = AddExtKeyUsage(extHandle, data);
- if( SECSuccess != rv ) {
- error_out("ERROR: Unable to add Extended Key Usage extension");
- }
- }
-
- if (find_field_bool(data, "basicConstraints", PR_TRUE)) {
- rv = AddBasicConstraint(extHandle, data);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Basic Constraint extension");
- }
- }
- if (find_field_bool(data, "subjectKeyIdentifier", PR_TRUE)) {
- rv = AddSubKeyID(extHandle, data, subjectCert);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Subject Key Identifier Extension");
- }
- }
- if (find_field_bool(data, "authorityKeyIdentifier", PR_TRUE)) {
- rv = AddAuthKeyID (extHandle, data, issuerNameStr, handle);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Authority Key Identifier extension");
- }
- }
- if (find_field_bool(data, "privKeyUsagePeriod", PR_TRUE)) {
- rv = AddPrivKeyUsagePeriod (extHandle, data, subjectCert);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Private Key Usage Period extension");
- }
- }
- if (find_field_bool(data, "SubAltName", PR_TRUE)) {
- rv = AddAltName (extHandle, data, NULL, NULL, 0);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Subject Alternative Name extension");
- }
- }
- if (find_field_bool(data, "IssuerAltName", PR_TRUE)) {
- rv = AddAltName (extHandle, data, issuerNameStr, handle, 1);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Issuer Alternative Name Extension");
- }
- }
- if (find_field_bool(data, "NameConstraints", PR_TRUE)) {
- rv = AddNameConstraints(extHandle, data);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Name Constraints Extension");
- }
- }
- if (find_field_bool(data, "netscape-cert-type", PR_TRUE)) {
- rv = AddNscpCertType(extHandle, data);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape Certificate Type Extension");
- }
- }
- if (find_field_bool(data, "netscape-base-url", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data, "netscape-base-url-text",
- PR_TRUE),
- find_field_bool(data,
- "netscape-base-url-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_BASE_URL);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape Base URL Extension");
- }
- }
- if (find_field_bool(data, "netscape-revocation-url", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data,
- "netscape-revocation-url-text",
- PR_TRUE),
- find_field_bool
- (data, "netscape-revocation-url-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_REVOCATION_URL);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape Revocation URL Extension");
- }
- }
- if (find_field_bool(data, "netscape-ca-revocation-url", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data,
- "netscape-ca-revocation-url-text",
- PR_TRUE),
- find_field_bool
- (data, "netscape-ca-revocation-url-crit"
- , PR_TRUE),
- SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape CA Revocation URL Extension");
- }
- }
- if (find_field_bool(data, "netscape-cert-renewal-url", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data,
- "netscape-cert-renewal-url-text",
- PR_TRUE),
- find_field_bool
- (data, "netscape-cert-renewal-url-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape Certificate Renewal URL Extension");
- }
- }
- if (find_field_bool(data, "netscape-ca-policy-url", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data,
- "netscape-ca-policy-url-text",
- PR_TRUE),
- find_field_bool
- (data, "netscape-ca-policy-url-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_CA_POLICY_URL);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape CA Policy URL Extension");
- }
- }
- if (find_field_bool(data, "netscape-ssl-server-name", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data,
- "netscape-ssl-server-name-text",
- PR_TRUE),
- find_field_bool
- (data, "netscape-ssl-server-name-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape SSL Server Name Extension");
- }
- }
- if (find_field_bool(data, "netscape-comment", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data, "netscape-comment-text",
- PR_TRUE),
- find_field_bool(data,
- "netscape-comment-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_COMMENT);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape Comment Extension");
- }
- }
- CERT_FinishExtensions(extHandle);
- return (rv);
-}
-
-
-
-char *
-return_dbpasswd(PK11SlotInfo *slot, PRBool retry, void *data)
-{
- char *rv;
-
- /* don't clobber our poor smart card */
- if (retry == PR_TRUE) {
- return NULL;
- }
- rv = PORT_Alloc(sizeof(char) * 4);
- PORT_Strcpy(rv, "foo");
- return rv;
-}
-
-
-SECKEYPrivateKey *
-FindPrivateKeyFromNameStr(char *name,
- CERTCertDBHandle *certHandle)
-{
- SECKEYPrivateKey *key;
- CERTCertificate *cert;
- SECStatus status = SECSuccess;
-
-
- cert = CERT_FindCertByNameString(certHandle, name);
- if (cert == NULL) {
- error_out("ERROR: Unable to retrieve issuers certificate");
- }
- key = PK11_FindKeyByAnyCert(cert, NULL);
- return key;
-}
-
-static SECItem *
-SignCert(CERTCertificate *cert,
- char *issuerNameStr,
- Pair *data,
- CERTCertDBHandle *handle,
- int which_key)
-{
- SECItem der;
- SECItem *result = NULL;
- SECKEYPrivateKey *caPrivateKey = NULL;
- SECStatus rv;
- PRArenaPool *arena;
- SECOidTag algID;
-
- if (which_key == 0) {
- caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle);
- } else {
- caPrivateKey = privkeys[which_key - 1];
- }
- if (caPrivateKey == NULL) {
- error_out("ERROR: unable to retrieve issuers key");
- }
-
- arena = cert->arena;
-
- switch(caPrivateKey->keyType) {
- case rsaKey:
- algID = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
- break;
- case dsaKey:
- algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- break;
- default:
- error_out("ERROR: Unknown key type for issuer.");
- goto done;
- break;
- }
-
- rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0);
- if (rv != SECSuccess) {
- error_out("ERROR: Could not set signature algorithm id.");
- }
-
- if (find_field_bool(data,"ver-1", PR_TRUE)) {
- *(cert->version.data) = 0;
- cert->version.len = 1;
- } else {
- *(cert->version.data) = 2;
- cert->version.len = 1;
- }
- der.data = NULL;
- der.len = 0;
- (void) SEC_ASN1EncodeItem (arena, &der, cert, CERT_CertificateTemplate);
- if (der.data == NULL) {
- error_out("ERROR: Could not encode certificate.\n");
- }
- rv = SEC_DerSignData (arena, &(cert->derCert), der.data, der.len, caPrivateKey,
- algID);
- if (rv != SECSuccess) {
- error_out("ERROR: Could not sign encoded certificate data.\n");
- }
-done:
- SECKEY_DestroyPrivateKey(caPrivateKey);
- return &(cert->derCert);
-}
-
-
-void
-main()
-{
- int length = 500;
- int remaining = 500;
- int n;
- int fields = 3;
- int i;
- int serial;
- int chainLen;
- int which_key;
- char *pos;
-#ifdef OFFLINE
- char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iydzPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXcsAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZaOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dtrue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoiceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24";
-#else
- char *form_output;
-#endif
- char *issuerNameStr;
- char *certName;
- char *DBdir = DB_DIRECTORY;
- char *prefixs[10] = {"CA#1-", "CA#2-", "CA#3-",
- "CA#4-", "CA#5-", "CA#6-",
- "CA#7-", "CA#8-", "CA#9-", ""};
- Pair *form_data;
- CERTCertificate *cert;
- CERTCertDBHandle *handle;
- CERTCertificateRequest *certReq = NULL;
- int warpmonths = 0;
- SECItem *certDER;
-#ifdef FILEOUT
- FILE *outfile;
-#endif
- SECStatus status = SECSuccess;
- extern char prefix[PREFIX_LEN];
- SEC_PKCS7ContentInfo *certChain;
- SECItem *encodedCertChain;
- PRBool UChain = PR_FALSE;
-
-
-
-#ifdef TEST
- sleep(20);
-#endif
- RNG_SystemInfoForRNG();
- SECU_ConfigDirectory(DBdir);
-
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
- PK11_SetPasswordFunc(return_dbpasswd);
- handle = NULL;
- handle = OpenCertDB();
- if (handle == NULL) {
- error_out("Error: Unable to open certificate database");
- }
- prefix[0]= '\0';
-#if !defined(OFFLINE)
- form_output = (char*) PORT_Alloc(length);
- if (form_output == NULL) {
- error_allocate();
- }
- pos = form_output;
- while (feof(stdin) == 0 ) {
- if (remaining <= 1) {
- remaining += length;
- length = length * 2;
- form_output = PORT_Realloc(form_output, (length));
- if (form_output == NULL) {
- error_allocate();
- }
- pos = form_output + length - remaining;
- }
- n = fread(pos, sizeof(char), (size_t) (remaining - 1), stdin);
- pos += n;
- remaining -= n;
- }
- *pos = '&';
- pos++;
- length = pos - form_output;
-#else
- length = PORT_Strlen(form_output);
-#endif
-#ifdef FILEOUT
- printf("Content-type: text/plain\n\n");
- fwrite(form_output, sizeof(char), (size_t)length, stdout);
- printf("\n");
-#endif
-#ifdef FILEOUT
- fwrite(form_output, sizeof(char), (size_t)length, stdout);
- printf("\n");
- fflush(stdout);
-#endif
- form_data = make_datastruct(form_output, length);
- status = clean_input(form_data);
-#if !defined(OFFLINE)
- PORT_Free(form_output);
-#endif
-#ifdef FILEOUT
- i = 0;
- while(return_name(form_data, i) != NULL) {
- printf("%s",return_name(form_data,i));
- printf("=\n");
- printf("%s",return_data(form_data,i));
- printf("\n");
- i++;
- }
- printf("I got that done, woo hoo\n");
- fflush(stdout);
-#endif
- issuerNameStr = PORT_Alloc(35 * sizeof(char));
- if (find_field_bool(form_data, "caChoiceradio-SignWithSpecifiedChain",
- PR_FALSE)) {
- UChain = PR_TRUE;
- chainLen = atoi(find_field(form_data, "manCAs", PR_FALSE));
- PORT_Strcpy(prefix, prefixs[0]);
- issuerNameStr = PORT_Strcpy(issuerNameStr,
- "CN=Cert-O-Matic II, O=Cert-O-Matic II");
- if (chainLen == 0) {
- UChain = PR_FALSE;
- }
- } else {
- if (find_field_bool(form_data, "caChoiceradio-SignWithRandomChain",
- PR_FALSE)) {
- PORT_Strcpy(prefix,prefixs[9]);
- chainLen = atoi(find_field(form_data, "autoCAs", PR_FALSE));
- if (chainLen < 1 || chainLen > 18) {
- issuerNameStr = PORT_Strcpy(issuerNameStr,
- "CN=CA18, O=Cert-O-Matic II");
- }
- issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=CA");
- issuerNameStr = PORT_Strcat(issuerNameStr,
- find_field(form_data,"autoCAs", PR_FALSE));
- issuerNameStr = PORT_Strcat(issuerNameStr,", O=Cert-O-Matic II");
- } else {
- issuerNameStr = PORT_Strcpy(issuerNameStr,
- "CN=Cert-O-Matic II, O=Cert-O-Matic II");
- }
- chainLen = 0;
- }
-
- i = -1;
- which_key = 0;
- do {
- extern SECStatus cert_GetKeyID(CERTCertificate *cert);
- i++;
- if (i != 0 && UChain) {
- PORT_Strcpy(prefix, prefixs[i]);
- }
- /* find_field(form_data,"subject", PR_TRUE); */
- certReq = makeCertReq(form_data, which_key);
-#ifdef OFFLINE
- serial = 900;
-#else
- serial = get_serial_number(form_data);
-#endif
- cert = MakeV1Cert(handle, certReq, issuerNameStr, PR_FALSE,
- serial, warpmonths, form_data);
- if (certReq != NULL) {
- CERT_DestroyCertificateRequest(certReq);
- }
- if (find_field_bool(form_data,"ver-3", PR_TRUE)) {
- status = add_extensions(cert, form_data, issuerNameStr, handle);
- if (status != SECSuccess) {
- error_out("ERROR: Unable to add extensions");
- }
- }
- status = cert_GetKeyID(cert);
- if (status == SECFailure) {
- error_out("ERROR: Unable to get Key ID.");
- }
- certDER = SignCert(cert, issuerNameStr, form_data, handle, which_key);
- CERT_NewTempCertificate(handle, certDER, NULL, PR_FALSE, PR_TRUE);
- issuerNameStr = find_field(form_data, "subject", PR_TRUE);
- /* SECITEM_FreeItem(certDER, PR_TRUE); */
- CERT_DestroyCertificate(cert);
- if (i == (chainLen - 1)) {
- i = 8;
- }
- ++which_key;
- } while (i < 9 && UChain);
-
-
-
-#ifdef FILEOUT
- outfile = fopen("../certout", "wb");
-#endif
- certName = find_field(form_data, "subject", PR_FALSE);
- cert = CERT_FindCertByNameString(handle, certName);
- certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, handle);
- if (certChain == NULL) {
- error_out("ERROR: No certificates in cert chain");
- }
- encodedCertChain = SEC_PKCS7EncodeItem (NULL, NULL, certChain, NULL, NULL,
- NULL);
- if (encodedCertChain) {
-#if !defined(FILEOUT)
- printf("Content-type: application/x-x509-user-cert\n\n");
- fwrite (encodedCertChain->data, 1, encodedCertChain->len, stdout);
-#else
- fwrite (encodedCertChain->data, 1, encodedCertChain->len, outfile);
-#endif
-
- } else {
- error_out("Error: Unable to DER encode certificate");
- }
-#ifdef FILEOUT
- printf("\nI got here!\n");
- fflush(outfile);
- fclose(outfile);
-#endif
- fflush(stdout);
- return;
-}
-
-
-
-
-
-
-
-
-
-
-
diff --git a/security/nss/cmd/certcgi/index.html b/security/nss/cmd/certcgi/index.html
deleted file mode 100644
index d7a80d7a2..000000000
--- a/security/nss/cmd/certcgi/index.html
+++ /dev/null
@@ -1,956 +0,0 @@
-<HTML> <!-- -*- Mode: Java; tab-width: 8 -*- -->
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-<HEAD>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<SCRIPT LANGUAGE="JavaScript1.2">
-
-script_url = 'http://troll.mcom.com/certo/production/cgi-bin/certcgi.cgi'
-
-ext_page_ver1 =
- make_page_intro('Version 1 extensions', "#FFFFFF") +
- '<layer ID="ext1">' +
- 'Version 1 X.509 certs do not support extensions' +
- '</layer>' +
- '</body></html>';
-
-cur_page = 1;
-
-num_ca = 0;
-
-index_list =
- '0, your_certificate_index_label,' +
- '0, netscape_extensions_index_label,' +
- '0, standard_extensions_index_label,' +
- '0, certifying_authorities_index_label';
-
-var main_page =
- make_page_intro('Your Key', "#FFFFFF") +
- '<layer ID="main" SRC="main.html">' +
- '</layer>' +
- '</body></html>' ;
-
-add_index_list = '';
-
-max_pages = 13;
-
-ver = 3
-
-ext_page_array = new Array(max_pages);
-
-index_label = 'Options';
-
-your_certificate_index_label = 'Your Certificate';
-
-netscape_extensions_index_label = 'Netscape X.509 Extensions';
-
-standard_extensions_index_label = 'Standard X.509 Extensions';
-
-certifying_authorities_index_label = 'Certifying Authorities';
-
-add_sub_alt_name_index_label = 'Add Subject Alternative Name';
-
-function setSubAltNameType(form)
-{
- with(form)
- {
- if (SubAltNameRadio[0].checked)
- {
- return true;
- }
- if (SubAltNameRadio[3].checked || SubAltNameRadio[5].checked)
- {
- SubAltNameDataType.checked = true;
- return true;
- }
- if (SubAltNameRadio[1].checked || SubAltNameRadio[2].checked ||
- SubAltNameRadio[4].checked || SubAltNameRadio[6].checked ||
- SubAltNameRadio[7].checked || SubAltNameRadio[8].checked)
- {
- SubAltNameDataType.checked = false;
- return true;
- }
- }
- return true;
-}
-
-function setIssuerAltNameType(form)
-{
- with(form)
- {
- if (IssuerAltNameRadio[0].checked)
- {
- return true;
- }
- if (IssuerAltNameRadio[3].checked || IssuerAltNameRadio[5].checked)
- {
- IssuerAltNameDataType.checked = true;
- return true;
- }
- if (IssuerAltNameRadio[1].checked || IssuerAltNameRadio[2].checked ||
- IssuerAltNameRadio[4].checked || IssuerAltNameRadio[6].checked ||
- IssuerAltNameRadio[7].checked || IssuerAltNameRadio[8].checked)
- {
- IssuerAltNameDataType.checked = false;
- return true;
- }
- }
- return true;
-}
-
-
-function setNameConstraintNameType(form)
-{
- with(form)
- {
- if (NameConstraintRadio[0].checked)
- {
- return true;
- }
- if (NameConstraintRadio[3].checked || NameConstraintRadio[5].checked)
- {
- NameConstraintNameDataType.checked = true;
- return true;
- }
- if (NameConstraintRadio[1].checked || NameConstraintRadio[2].checked ||
- NameConstraintRadio[4].checked || NameConstraintRadio[6].checked ||
- NameConstraintRadio[7].checked || NameConstraintRadio[8].checked)
- {
- NameConstraintNameDataType.checked = false;
- return true;
- }
- }
- return true;
-}
-
-
-function addSubAltName(form)
-{
-
- with(form)
- {
- var len = SubAltNameSelect.length;
- var value;
- var i = 0;
- while(!(i == (SubAltNameRadio.length - 1)) & !(SubAltNameRadio[i].checked == true))
- {
- i++;
- }
- if (i != 0)
- {
- value = SubAltNameText.value + " - " + (i + 1);
- }
- else
- {
- value = SubAltNameText.value + " - " + SubAltNameOtherNameOID.value + " - ";
- if (SubAltNameDataType.checked)
- {
- value += "1 - ";
- }
- else
- {
- value += "0 - ";
- }
- value += (i + 1);
- if (SubAltNameOtherNameOID.value == "")
- {
- alert("Other names must include an OID");
- return false;
- }
- }
-
- if ((SubAltNameText.value == "") | (SubAltNameRadio[i].checked != true))
- {
- alert("Alternative Names must include values for name and name type.");
- }
- else
- {
- SubAltNameSelect.options[len] = new Option(value, value);
- }
- }
- return true;
-}
-
-function deleteSubAltName(form)
-{
- with(form)
- {
- while (SubAltNameSelect.selectedIndex >= 0)
- {
- SubAltNameSelect[SubAltNameSelect.selectedIndex] = null;
- }
- }
-}
-
-function addIssuerAltName(form)
-{
- with(form)
- {
- var len = IssuerAltNameSelect.length;
- var value;
- var i = 0;
-
- while(!(i == (IssuerAltNameRadio.length -1)) & !(IssuerAltNameRadio[i].checked == true))
- {
- i++;
- }
- if (i != 0)
- {
- value = IssuerAltNameText.value + " - " + (i + 1);
- }
- else
- {
- value = IssuerAltNameText.value + " - " + IssuerAltNameOtherNameOID.value + " - ";
- if (IssuerAltNameDataType.checked)
- {
- value += "1 - ";
- }
- else
- {
- value += "0 - ";
- }
- value += (i + 1);
- if (IssuerAltNameOtherNameOID.value == "")
- {
- alert("Other names must include an OID");
- return false;
- }
- }
- if ((IssuerAltNameText.value == "") | (IssuerAltNameRadio[i].checked != true))
- {
- alert("Alternative Names must include values for name and name type.")
- }
- else
- {
- IssuerAltNameSelect.options[len] = new Option(value, value);
- }
- }
- return true;
-}
-
-function deleteIssuerAltName(form)
-{
- with(form)
- {
- while (IssuerAltNameSelect.selectedIndex >= 0)
- {
- IssuerAltNameSelect[IssuerAltNameSelect.selectedIndex] = null;
- }
- }
-}
-
-
-
-function addNameConstraint(form)
-{
- with(form)
- {
- var len = NameConstraintSelect.length;
- var value;
- var i = 0;
- var min = NameConstraintMin.value;
- var max = NameConstraintMax.value;
-
- while(!(i == (NameConstraintRadio.length - 1) ) & !(NameConstraintRadio[i].checked == true))
- {
- i++;
- }
- value = NameConstraintText.value + " - ";
- if (i == 0)
- {
- value += NameConstraintOtherNameOID.value + " - ";
- if (NameConstraintNameDataType.checked)
- {
- value += "1 - ";
- }
- else
- {
- value += "0 - ";
- }
- if (NameConstraintOtherNameOID.value == "")
- {
- alert("Other names must include an OID");
- return false;
- }
- }
- value += (i + 1) + " - ";
- if (NameConstraintTypeRadio[0].checked == true)
- {
- value += "p - ";
- }
- else
- {
- value += "e - ";
- }
- value += min + " - " + max;
- if ((min == "") | (NameConstraintText.value == "") | (NameConstraintRadio[i].checked != true))
- {
- alert("Name Constraints must include values for minimum, name, and name type.")
- }
- else
- {
- NameConstraintSelect.options[len] = new Option(value, value);
- }
- }
- return true;
-}
-
-function deleteNameConstraint(form)
-{
- with(form)
- {
- while (NameConstraintSelect.selectedIndex >= 0)
- {
- NameConstraintSelect[NameConstraintSelect.selectedIndex] = null;
- }
- }
-}
-
-
-function submit_it()
-{
- save_cur_page(cur_page);
-
- var array_string;
- var subject = ext_page_array[0][22][0];
- var serial = ext_page_array[0][10][0];
- var ver1 = (ver == 1);
- var ver3 = (ver == 3);
- var serial_number = ext_page_array[0][12][0];
- var notBefore = ext_page_array[0][20][0];
- var notAfter = ext_page_array[0][21][0];
- var manValidity = ext_page_array[0][19][0];
-
- if (subject == "")
- {
- alert("The DN field must contain some data");
- return false;
- }
- if (!serial & serial_number == "")
- {
- alert("No serial number specified");
- return false;
- }
- if (ext_page_array[0][15][0])
- {
- var keygen = "<keygen name=\"key\" challenge=\"foo\">";
- }
- else
- {
- switch (ext_page_array[0][17][0]) {
- case 2:
- var keygen = "<keygen keytype=\"dsa\" pqg=\"MIGdAkEAjfKklEkidqo9JXWbsGhpy+rA2Dr7jQz3y7gyTw14guXQdi/FtyEOr8Lprawyq3qsSWk9+/g3JMLsBzbuMcgCkQIVAMdzIYxzfsjumTtPLe0w9I7azpFfAkEAYm0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5UhklycxC6fb0ZLCIzFcq9T5teIAg==\" name=\"key\" challenge=\"foo\">";
- break;
- case 1:
- var keygen = "<keygen keytype=\"dsa\" pqg=\"MIHaAmDCboVgX0+6pEeMlbwsasWDVBcJNHPKMzkq9kbCRK2U3k+tE15n+Dc2g3ZjDYr1um51e2iLC34/BwAAAAAAAAAAAAAAAAAAAAAAAAABbBhnlFN5Djmt0Mk8cdEBY5H8iPMCFMhUnFtbpjn3EyfH2DjVg3ALh7FtAmA2zWzhpeCwvOTjYnQorlXiv0WcnSiWmaC79CRYkFt5i+UEfRxwP1eNGJBVB1T+CPW6JGd4WhgsqtSf53pn5DEtv++O7lNfXyOhWhb3KaWHYIx8fuAXtioIWkWmpfEIVZA=\" name=\"key\" challenge=\"foo\">";
- break;
- case 0:
- var keygen = "<keygen keytype=\"dsa\" pqg=\"MIIBHAKBgId8SiiWrcdua5zbsBhPkKfFcnHBG7T/bQla7c6OixGjjmSSuq2fJLvMKa579CaxHxLZzZZXIHmAk9poRgWl2GUUkCJ68XSum8OQzDPXPsofcEdeANjw3mIAAAAAAAAAAAAAAAAAAAAAAAAIE+MkW5hguLIQqWvEVi9dMpbNu6OZAhTIA+y3TgyiwA0D8pt686ofaL1IOQKBgAiZQC6UCXztr2iXxJrAC+51gN5oX/R9Thilln9RGegsWnHrdxUOpcm5vAWp1LU8TOXtujE8kqkm3UxIRhUWQORe9IxLANAXmZJqkw9FEVHkxj6Cy9detwT2MyBzSwS6avsf7aLisgHmI/IHSeapJsQ3NQa3rikb6zRiqIV+TVa6\" name=\"key\" challenge=\"foo\">";
- break;
- }
- }
- array_string = build_array_string();
- hiddens = "<input type=\"hidden\" name=\"subject\" value=\'" + subject + "\'> \n" +
- "<input type=\"hidden\" name=\"serial-auto\" value=\"" + serial + "\"> \n" +
- "<input type=\"hidden\" name=\"serial_value\" value=\"" + serial_number + "\"> \n" +
- "<input type=\"hidden\" name=\"ver-1\" value=\"" + ver1 + "\"> \n" +
- "<input type=\"hidden\" name=\"ver-3\" value=\"" + ver3 + "\"> \n" +
- "<input type=\"hidden\" name=\"notBefore\" value=\"" + notBefore + "\"> \n" +
- "<input type=\"hidden\" name=\"notAfter\" value=\"" + notAfter + "\"> \n" +
- "<input type=\"hidden\" name=\"manValidity\" value=\"" + manValidity + "\"> \n" +
- array_string;
-
- var good_submit_page =
- '<html>' +
- '<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" BGCOLOR="#FFFFFF">' +
- '<form method="post" action="' + script_url + '">' +
- 'Select size for your key:' + keygen + '</p>' +
- '<input type="submit"></p>' +
- hiddens +
- '</form>\n' +
- '</body>\n' +
- '</html>\n';
-
- window.frames.extensions.document.write(good_submit_page);
- window.frames.extensions.document.close();
- cur_page = max_pages + 1;
- make_index(window);
- return false;
-}
-
-
-
-function build_array_string()
-{
- var j;
- var array_string = '';
- var pages;
-
- if ((ext_page_array[3][4][0] > 0) && ext_page_array[3][3][0])
- {
- pages = 4 + parseInt(ext_page_array[3][4][0]);
- }
- else
- {
- pages = 4;
- }
- for (j = 1; j < pages; j++)
- {
- if ((j > 1 || (ver == 3)) &&
- (ext_page_array[j].length > 1))
- {
- if (j < 4)
- {
- for (i = 0; i < ext_page_array[j].length; i++)
- {
- if (ext_page_array[j][i][3].indexOf("radio") == -1)
- {
- if (ext_page_array[j][i][3].indexOf("multiple") == -1)
- {
- array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n';
- }
- else
- {
- for (k = 0; k < ext_page_array[j][i][0].length; k++)
- {
- array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + k + '\" value=\'' + ext_page_array[j][i][0][k] + '\'> \n';
- }
- }
- }
- else
- {
- array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + '-' + ext_page_array[j][i][2] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n';
- }
- }
- }
- else
- {
- for (i = 0; i < ext_page_array[j].length; i++)
- {
- if (ext_page_array[j][i][3].indexOf("radio") == -1)
- {
- if (ext_page_array[j][i][3].indexOf("multiple") == -1)
- {
- array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + '\" value=\'' + ext_page_array[j][i][0] +'\'> \n';
- }
- else
- {
- for (k = 0; k < ext_page_array[j][i][0].length; k++)
- {
- array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + k + '\" value=\'' + ext_page_array[j][i][0][k] + '\'> \n';
- }
- }
- }
- else
- {
- array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + '-' + ext_page_array[j][i][2] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n';
- }
- }
- }
- }
- }
- return array_string;
-}
-
-
-
-function init_ext_page_array()
-{
- for (i = 0; i < max_pages; i++)
- {
- ext_page_array[i] = '';
- }
-}
-
-function ca_num_change(n,ca_form)
-{
- with(ca_form)
- {
- n = parseInt(n,10);
- if (caChoiceradio[2].checked)
- {
- if (n)
- {
- update_index(n);
- }
- else
- {
- update_index(0);
- }
- }
- }
-}
-
-function choice_change(ca_form)
-{
- with(ca_form)
- {
- if (caChoiceradio[2].checked)
- {
- ca_num_change(manCAs.value,ca_form);
- }
- else
- {
- update_index(0);
- }
- }
-}
-
-function update_index(n)
-{
- var add_string = '';
- for (var i = 0; i < n; i++)
- {
- var j = i + 1;
- add_string = add_string + ',1, \'CA #' + j + '\'';
- }
- top.add_index_list = add_string;
- num_ca = n;
- make_index(window);
-}
-
-function set_ver1()
-// redraws the extensions page for version 1 certificates
-{
- ver = 1
- if (cur_page == 2 || cur_page == 3)
- {
- sa_switch_pane(window, cur_page, cur_page);
- }
-}
-
-
-function set_ver3()
-// redraws the extensions page for version 3 certificates
-{
- ver = 3
- if (cur_page == 2)
- {
- sa_switch_pane(window, 0, 2);
- }
- else if (cur_page == 3)
- {
- sa_switch_pane(window, 0, 3);
- }
-}
-
-function reset_subject(marker, value, form)
-// Updates the subject field from a subordinate field
-{
- with(form)
- {
- var field_sep = '", ';
- var begin_index = subject.value.indexOf(marker);
- if (begin_index != 0 && subject.value[begin_index - 1] != ' ')
- {
- begin_index = subject.value.indexOf(marker, begin_index +1);
- }
- var end_index = subject.value.indexOf(field_sep, begin_index);
- if (begin_index > -1) // is it a delete/change?
- {
- if (end_index == -1) // is it the last one (includes only one)?
- {
- if (value.length > 0) // do I have to change it?
- {
- if (begin_index == 0) // is is the only one?
- {
- subject.value = marker + '"' + value + '"';
- }
- else // it is the last of many
- {
- subject.value = subject.value.substring(0,begin_index) + marker + '"' + value + '"';
- }
- }
- else // must be a delete
- {
- if (begin_index == 0) // is it the only one?
- {
- begin_index += 2;
- }
- subject.value = subject.value.substring(0,(begin_index - 2));
- }
- }
- else // it is the first of many or a middle one
- {
- if (value.length >0) // do I have to change it?
- {
- subject.value = subject.value.substring(0,(begin_index + marker.length + 1)) + value + subject.value.substring(end_index,subject.length);
- }
- else // it is a delete
- {
- subject.value = subject.value.substring(0,begin_index) + subject.value.substring((end_index + 3),subject.length);
- }
- }
- }
- else // It is either an insert or a do nothing
- {
- if (value.length > 0) // is it an insert?
- {
- if (subject.value.length == 0) // is subject currently empty?
- {
- subject.value = marker + '"' + value + '"';
- }
- else
- {
- subject.value = subject.value + ', ' + marker + '"' + value + '"';
- }
- }
- }
- }
-}
-
-
-
-function reset_subjectFields(form)
-// updates all the subordinate fields from the subject field of a form
-// ************ move the strings to global variables, to make maintentance easier ****************
-{
-
- update_subject_Field(form, 'CN=\"', form.name);
- update_subject_Field(form, 'MAIL=\"', form.email);
- update_subject_Field(form, 'O=\"', form.org);
- update_subject_Field(form, 'C=\"', form.country);
- update_subject_Field(form, ' L=\"', form.loc);
- update_subject_Field(form, 'ST=\"', form.state);
- update_subject_Field(form, 'E=\"', form.email);
- update_subject_Field(form, 'OU=\"', form.org_unit);
- update_subject_Field(form, 'UID=\"', form.uid);
-}
-
-function update_subject_Field(form, marker, update_field)
-//updates a single subordinate field from the subject field of a form
-// *************** need to deal with the two types of e-mail addresses **************
-{
- with(form)
- {
- var field_sep = '", ';
- var begin_index = subject.value.indexOf(marker) + marker.length;
- var end_index = subject.value.indexOf(field_sep, begin_index);
- if (end_index == -1)
- {
- end_index = subject.value.indexOf('"',begin_index);
- }
- if (begin_index != (-1 + marker.length) )
- {
- update_field.value = subject.value.substring(begin_index, end_index);
- }
- else
- {
- update_field.value = '';
- }
- }
-}
-
-
-function switch_mail(form)
- // *************** I need to figure out if I want to delete the other type of e-mail address ************
-{
- if (form.email_type[0].checked)
- {
- var del = 'E=';
- var ins = 'MAIL=';
- }
- else
- {
- var del = 'MAIL=';
- var ins = 'E=';
- }
- reset_subject(del, '', form);
- reset_subject(ins, form.email.value, form);
-}
-
-function make_page_intro(title, bgcolor)
-{
- var style = '<STYLE TYPE="text/css">BODY{' +
- 'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' +
- 'font-size: 10pt;' +
- '}' +
- 'TD{' +
- 'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' +
- 'font-size: 10pt;}' +
- '</STYLE>';
-
- if (bgcolor == null) { bgcolor = "#C0C0C0"; }
- return '<HTML><HEAD>' +
- '<TITLE>' + title + '</TITLE>' +
- '</HEAD>' +
- '<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" ' +
- 'BGCOLOR="' + bgcolor + '">';
-}
-
-
-function make_index(window)
-{
- with (window.frames.index)
- {
- eval ('index_string = make_index_page(cur_page, ' + index_list + add_index_list + ' )');
- fool1 = make_page_intro(index_label, "#FFFFFF") +
- index_string + '</BODY></HTML>';
- document.write(fool1);
- document.close();
- }
-}
-
-
-function save_cur_page(page_number)
-{
- var len;
- var j = page_number - 1;
- if (frames.extensions.document.layers.length != 0)
- {
- with (frames.extensions.document.layers[0].document)
- {
- if ((page_number != 2 && page_number != 3 && page_number <= max_pages) ||
- ver == 3)
- {
- ext_page_array[j] = new Array(forms[0].elements.length);
- for (i = 0; i < forms[0].elements.length; i++)
- {
- ext_page_array[j][i] = new Array(4);
- switch (forms[0].elements[i].type)
- {
- case 'radio': case 'checkbox':
- ext_page_array[j][i][0] = forms[0].elements[i].checked;
- break;
- case 'select-one':
- ext_page_array[j][i][0] = forms[0].elements[i].selectedIndex;
- break;
- case 'select-multiple':
- len = forms[0].elements[i].options.length;
- ext_page_array[j][i][0] = new Array(len);
- for(k = 0; k < len; k++)
- {
- ext_page_array[j][i][0][k] = forms[0].elements[i].options[k].value;
- }
- break;
- default:
- ext_page_array[j][i][0] = forms[0].elements[i].value;
- }
- ext_page_array[j][i][1] = forms[0].elements[i].name;
- ext_page_array[j][i][2] = forms[0].elements[i].value;
- ext_page_array[j][i][3] = forms[0].elements[i].type;
- }
- }
- }
- }
-}
-
-function reload_form(page_number)
-{
- var j = page_number - 1;
- with (frames.extensions.document.layers[0].document)
- {
- if (((page_number < 2 || page_number > 3) || ver == 3)
- && page_number != 0 && (ext_page_array[j].length > 1))
- {
- for (i = 0; i < ext_page_array[j].length; i++)
- {
- switch (forms[0].elements[i].type)
- {
- case 'radio': case 'checkbox':
- forms[0].elements[i].checked = ext_page_array[j][i][0];
- break;
- case 'select-one':
- forms[0].elements[i].selectedIndex = ext_page_array[j][i][0];
- break;
- case 'select-multiple':
- for (k = 0; k < ext_page_array[j][i][0].length; k++)
- {
- forms[0].elements[i].options[k] = new Option(ext_page_array[j][i][0][k],
- ext_page_array[j][i][0][k]);
- }
- break;
- default:
- forms[0].elements[i].value = ext_page_array[j][i][0];
- }
- }
- }
- }
-}
-
-function sa_switch_pane(top_window, old_pane, new_pane)
-{
- var ext_page_stnd =
- make_page_intro(standard_extensions_index_label, "#FFFFFF") +
- '<layer ID="ext" SRC="stnd_ext_form.html">' +
- '</layer>' +
- '</body></html>';
-
- var ext_page_nscp =
- make_page_intro(netscape_extensions_index_label, "#FFFFFF") +
- '<layer ID="ext" SRC="nscp_ext_form.html">' +
- '</layer>' +
- '</body></html>';
-
- var ext_page_ca =
- make_page_intro(certifying_authorities_index_label, "#FFFFFF") +
- '<layer ID="ext" SRC="ca.html">' +
- '</layer>' +
- '</body</html>';
-
- var ext_page_ca_exp =
- make_page_intro('Certifying Authority Details', "#FFFFFF") +
- '<layer ID="ext" SRC="ca_form.html">' +
- '</layer>' +
- '</body></html>';
-
-
- if (old_pane > 0 && cur_page <= max_pages)
- {
- save_cur_page(old_pane);
- }
- cur_page = new_pane;
- make_index(top_window);
- if (new_pane == 2 || new_pane == 3)
- {
- if (ver == 1)
- {
- frames.extensions.document.write(ext_page_ver1);
- frames.extensions.document.close();
- }
- else
- {
- if (new_pane == 2)
- {
- frames.extensions.document.write(ext_page_nscp);
- frames.extensions.document.close();
- reload_form(new_pane);
- }
- else
- {
- frames.extensions.document.write(ext_page_stnd);
- frames.extensions.document.close();
- reload_form(new_pane);
- }
- }
- }
- else
- {
- if (new_pane == 4)
- {
- frames.extensions.document.write(ext_page_ca);
- frames.extensions.document.close();
- reload_form(new_pane);
- }
- else
- {
- if (new_pane == 1)
- {
- frames.extensions.document.write(main_page);
- frames.extensions.document.close();
- reload_form(new_pane);
- }
- else
- {
- frames.extensions.document.write(ext_page_ca_exp);
- frames.extensions.document.close();
- reload_form(new_pane);
- }
- }
- }
-}
-
-function make_index_page(selected)
-{
- var n_strings = ( make_index_page.arguments.length - 1 ) / 2;
- var table_background;
- var command;
- var indent;
- var label;
- var ret_string = "";
-
- ret_string += '<TABLE CELLSPACING=4>';
- for ( var i = 1; i <= n_strings; i++ ) {
- if ( i == selected ) {
- table_background = 'BGCOLOR=#BBCCBB';
- } else {
- table_background = '';
- }
-
- indent = make_index_page.arguments[(i*2) - 1];
- label = make_index_page.arguments[(i*2)];
-
- if ( indent == 0 ) {
- ret_string += ('<TR><TD COLSPAN=2 ' + table_background + '>');
- } else {
- ret_string += ('<TR><TD>&nbsp;&nbsp;</TD><TD ' + table_background + '>');
- }
-
- command = "'parent.sa_switch_pane(parent," + selected + "," + i + ")'";
- ret_string += ('<A HREF="javascript:void setTimeout(' + command + ',0)">');
- if ( indent == 0 ) { ret_string += "<B>"; }
- ret_string += label;
- if ( indent == 0 ) { ret_string += "</B>"; }
- ret_string += '</A></TD></TR>';
- }
- if (selected == (max_pages + 1))
- {
- table_background = 'BGCOLOR=#BBCCBB';
- } else {
- table_background = '';
- }
- ret_string +=
- '<TR><TD COLSPAN=2 ' + table_background +
- '><b><A HREF="javascript:void setTimeout(\'top.submit_it()\', 0)">Finish</A></b>' +
- '</TD></TR>' +
- '<input type="submit"></form>' +
- '</TABLE>';
- return(ret_string);
-}
-
-
-function make_page(window)
-// Draws the initial page setup
-{
- selected = cur_page
- init_ext_page_array()
-
- with (window.frames.extensions) {
- document.write(main_page);
- document.close();
- }
-
- make_index(window);
-
-}
-</script>
-
-</HEAD>
-<title>Cert-O-Matic</title>
- <FRAMESET cols="150,*" BORDER=3 ONLOAD="make_page(window)">
- <FRAME SRC="about:blank" NAME="index"
- MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3>
- <FRAME SRC="about:blank" NAME="extensions"
- MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3>
- </FRAMESET>
-</HTML>
diff --git a/security/nss/cmd/certcgi/main.html b/security/nss/cmd/certcgi/main.html
deleted file mode 100644
index 2c47a8b76..000000000
--- a/security/nss/cmd/certcgi/main.html
+++ /dev/null
@@ -1,105 +0,0 @@
-<HTML>
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-<HEAD>
- <TITLE>Main Layer for CertOMatic</TITLE>
-</HEAD>
-
- <form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi">
- <table border=0 cellspacing=10 cellpadding=0>
- <tr>
- <td>
- Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p>
- </td>
- <td></td><td></td>
- <td>
- Organization: </td><td> <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td>
- <tr>
- <td>
- <input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)">MAIL=
-
- <input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)">E=
- </td>
- <td>
- <input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}">
- </td>
- <td></td><td></td><td>
- Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td>
- <tr>
- <td>
- UID= </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td>
- <td></td><td></td><td>
- Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td>
- <tr>
- <td>
- State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td>
- <td></td><td></td><td>
- Country: </td><td><input type="text" size="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}" maxlength="2"></p></td>
- <tr>
- <td COLSPAN=2>
- Serial Number:
- <DD><input type="radio" name="serial" value="auto" checked> Auto Generate
- <DD><input type="radio" name="serial" value="input">
- Use this value:&nbsp; <input type="text" name="serial_value" size="8" maxlength="8"></p>
- </td>
- <td></td> <td></td>
- <td COLSPAN=2>
- X.509 version:
- <DD><input type="radio" name="ver" value="1" onClick="if (this.checked) {window.top.set_ver1();}"> Version 1
- <DD><input type="radio" name="ver" value="3" checked onClick="if (this.checked) {window.top.set_ver3();}"> Version 3</P></td>
- <tr>
- <td COLSPAN=2>
- Key Type:
- <DD><input type="radio" name="keyType" value="rsa" checked> RSA
- <DD><input type="radio" name="keyType" value="dsa"> DSA</p>
- Intermediate CA Key Sizes:
- <DD><select name="keysize">
- <option>2048 (Very High Grade)
- <option>1024 (High Grade)
- <option>512 (Low Grade)
- </select>
- </td>
- <td></td> <td></td>
- <td COLSPAN=2>
- Validity:
- <DD><input type="radio" name="validity" value="auto" checked>
- Generate Automatically
- <DD><input type="radio" name="validity" value="man"> Use these values:
- <DD>Not Before:&nbsp; <input type="text" size="15" maxlength="17" name="notBefore">
- <DD>Not After:&nbsp;&nbsp;&nbsp; <input type="text" size="15" maxlength="17" name="notAfter">
- <DD>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
- <FONT SIZE=-1><TT>YYMMDDhhmm[ss]{Z|+hhmm|-hhmm} </TT></FONT>
- </table>
- DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P>
- </form>
-</HTML>
diff --git a/security/nss/cmd/certcgi/manifest.mn b/security/nss/cmd/certcgi/manifest.mn
deleted file mode 100644
index e4c00ce13..000000000
--- a/security/nss/cmd/certcgi/manifest.mn
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIREd.
-MODULE = security
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-REQUIRES = seccmd dbm
-
-DEFINES = -DNSPR20
-
-CSRCS = certcgi.c
-
-PROGRAM = certcgi
-
diff --git a/security/nss/cmd/certcgi/nscp_ext_form.html b/security/nss/cmd/certcgi/nscp_ext_form.html
deleted file mode 100644
index b0d385534..000000000
--- a/security/nss/cmd/certcgi/nscp_ext_form.html
+++ /dev/null
@@ -1,113 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-
- <body>
- <table border=1 cellspacing=5 cellpadding=5>
- <form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi">
- <tr>
- <td>
- <b>Netscape Certificate Type: </b></p>
- Activate extension: <input type="checkbox" name="netscape-cert-type"></P>
- Critical: <input type="checkbox" name="netscape-cert-type-crit">
- <td>
- <input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P>
- <input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P>
- <input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P>
- <input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P>
- <input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P>
- <input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P>
- <input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P>
- <input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P>
- </tr>
- <tr>
- <td>
- <b>Netscape Base URL:</b></p>
- Activate extension: <input type="checkbox" name="netscape-base-url"></P>
- Critical: <input type="checkbox" name="netscape-base-url-crit">
- <td>
- <input type="text" name="netscape-base-url-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape Revocation URL:</b></p>
- Activate extension: <input type="checkbox" name="netscape-revocation-url"></P>
- Critical: <input type="checkbox" name="netscape-revocation-url-crit">
- <td>
- <input type="text" name="netscape-revocation-url-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape CA Revocation URL:</b></p>
- Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P>
- Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit">
- <td>
- <input type="text" name="netscape-ca-revocation-url-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape Certificate Renewal URL:</b></p>
- Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P>
- Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit">
- <td>
- <input type="text" name="netscape-cert-renewal-url-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape CA Policy URL:</b></p>
- Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P>
- Critical: <input type="checkbox" name="netscape-ca-policy-url-crit">
- <td>
- <input type="text" name="netscape-ca-policy-url-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape SSL Server Name:</b></p>
- Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P>
- Critical: <input type="checkbox" name="netscape-ssl-server-name-crit">
- <td>
- <input type="text" name="netscape-ssl-server-name-text" size="50">
- </tr>
- <tr>
- <td>
- <b>Netscape Comment:</b></p>
- Activate extension: <input type="checkbox" name="netscape-comment"></P>
- Critical: <input type="checkbox" name="netscape-comment-crit">
- <td>
- <textarea name="netscape-comment-text" rows="5" cols="50"></textarea>
- </tr>
-
- </table>
- </body>
-</html>
diff --git a/security/nss/cmd/certcgi/stnd_ext_form.html b/security/nss/cmd/certcgi/stnd_ext_form.html
deleted file mode 100644
index 26868c62c..000000000
--- a/security/nss/cmd/certcgi/stnd_ext_form.html
+++ /dev/null
@@ -1,247 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-
- <body>
- <table border=1 cellspacing=5 cellpadding=5>
- <form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi">
- <tr>
- <td>
- <b>Key Usage: </b></p>
- Activate extension: <input type="checkbox" name="keyUsage"></P>
- Critical: <input type="checkbox" name="keyUsage-crit">
- <td>
- <input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P>
- <input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P>
- <input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P>
- <input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P>
- <input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P>
- <input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P>
- <input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P>
- </tr>
- <tr>
- <td>
- <b>Extended Key Usage: </b></p>
- Activate extension: <input type="checkbox" name="extKeyUsage"></P>
- Critical: <input type="checkbox" name="extKeyUsage-crit">
- <td>
- <input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P>
- <input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P>
- <input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P>
- <input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P>
- <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
- <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
- <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
- </tr>
- <tr>
- <td>
- <b>Basic Constraints:</b></p>
- Activate extension: <input type="checkbox" name="basicConstraints"></P>
- Critical: <input type="checkbox" name="basicConstraints-crit">
- <td>
- CA:</p>
- <dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p>
- <dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p>
- <input type="checkbox" name="basicConstraints-pathLengthConstraint">
- Include Path length: <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p>
- </tr>
- <tr>
- <td>
- <b>Authority Key Identifier:</b></p>
- Activate extension: <input type="checkbox" name="authorityKeyIdentifier">
- <td>
- <input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p>
- <input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p>
- </tr>
- <tr>
- <td>
- <b>Subject Key Identifier:</b></p>
- Activate extension: <input type="checkbox" name="subjectKeyIdentifier">
- <td>
- Key Identifier:
- <input type="text" name="subjectKeyIdentifier-text"></p>
- This is an:<p>
- <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p>
- <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p>
- </tr>
- <tr>
- <td>
- <b>Private Key Usage Period:</b></p>
- Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p>
- Critical: <input type="checkbox" name="privKeyUsagePeriod-crit">
- <td>
- Use:</p>
- <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p>
- <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p>
- <dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p>
- <b>Not to be used to sign before:</b></p>
- <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p>
- <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p>
- <dd><dd>(YYYY/MM/DD HH:MM:SS):
- <input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/
- <input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/
- <input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2">
- <input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">:
- <input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">:
- <input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p>
- <b>Not to be used to sign after:</b></p>
- <dd>(YYYY/MM/DD HH:MM:SS):
- <input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/
- <input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/
- <input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2">
- <input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">:
- <input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">:
- <input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p>
- </tr>
- <tr>
- <td>
- <b>Subject Alternative Name:</b></p>
- Activate extension: <input type="checkbox" name="SubAltName"></P>
- Critical: <input type="checkbox" name="SubAltName-crit">
- <td>
- <table>
- <tr>
- <td>
- General Names:</p>
- <select name="SubAltNameSelect" multiple size="10">
- </select></p></p>
- <input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}">
- <input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)">
- </td><td>
- <table><tr><td>
- Name Type: </td></tr><tr><td>
- <input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name,
- OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td>
- <input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td>
- <input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td>
- <input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td>
- <input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td>
- <input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td>
- <input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td>
- <input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td>
- <input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td>
- <input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr>
- </table>
- Name: <input type="text" name="SubAltNameText">
- Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p>
- </tr>
- </table>
- </tr>
-
-
- <tr>
- <td>
- <b>Issuer Alternative Name:</b></p>
- Activate extension: <input type="checkbox" name="IssuerAltName"></P>
- Critical: <input type="checkbox" name="IssuerAltName-crit">
- <td>
- <input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p>
- <input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name:
- <table>
- <tr>
- <td>
- General Names:</p>
- <select name="IssuerAltNameSelect" multiple size="10">
- </select></p></p>
- <input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}">
- <input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)">
- </td><td>
- <table><tr><td>
- Name Type: </td></tr><tr><td>
- <input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name,
- OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td>
- <input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td>
- <input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td>
- <input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td>
- <input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td>
- <input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td>
- <input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td>
- <input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td>
- <input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr>
- </table>
- Name: <input type="text" name="IssuerAltNameText">
- Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p>
- </tr>
- </table>
- </tr>
-
- <tr>
- <td>
- <b>Name Constraints:</b></p>
- Activate extension: <input type="checkbox" name="NameConstraints"></P>
- <td>
- <table>
- <tr>
- <td>
- Name Constraints:</p>
- <select name="NameConstraintSelect" multiple size="10">
- </select></p></p>
- <input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}">
- <input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)">
- </td><td>
- <table><tr><td>
- Name Type: </td></tr><tr><td>
- <input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name,
- OID: <input type="text" name="NameConstraintOtherNameOID" size="6"> </td><td>
- <input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td>
- <input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td>
- <input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td>
- <input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td>
- <input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td>
- <input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td>
- <input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td>
- <input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr>
- </table>
- Name: <input type="text" name="NameConstraintText">
- Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p>
- Constraint type:<p>
- <dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p>
- <dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p>
- Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p>
- Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p>
- </tr>
- </table>
- </tr>
-
- </table>
- </body>
-</html>
-
-
-
-
-
-
-
-
diff --git a/security/nss/cmd/certutil/Makefile b/security/nss/cmd/certutil/Makefile
deleted file mode 100644
index 8650a607d..000000000
--- a/security/nss/cmd/certutil/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c
deleted file mode 100644
index 907f4a68d..000000000
--- a/security/nss/cmd/certutil/certutil.c
+++ /dev/null
@@ -1,2583 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
-** certutil.c
-**
-** utility for managing certificates and the cert database
-**
-*/
-#include <stdio.h>
-#include <string.h>
-
-#if defined(WIN32)
-#include "fcntl.h"
-#include "io.h"
-#endif
-
-#include "secutil.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#include "nspr.h"
-#include "prtypes.h"
-#include "prtime.h"
-#include "prlong.h"
-
-#include "pk11func.h"
-#include "secasn1.h"
-#include "cert.h"
-#include "cryptohi.h"
-#include "secoid.h"
-#include "certdb.h"
-#include "cdbhdl.h"
-
-/* SEC_Init is now declared in secutil.h */
-/* We really should convert to using NSS, but it doesn't provide all
- * of the functionality we need (like opening the databases writeable). */
-
-#define MIN_KEY_BITS 512
-#define MAX_KEY_BITS 2048
-#define DEFAULT_KEY_BITS 1024
-
-#define GEN_BREAK(e) rv=e; break;
-
-
-extern SECKEYPrivateKey *CERTUTIL_GeneratePrivateKey(KeyType keytype,
- PK11SlotInfo *slot,
- int rsasize,
- int publicExponent,
- char *noise,
- SECKEYPublicKey **pubkeyp,
- char *pqgFile,
- char *passFile);
-
-static char *progName;
-
-static CERTGeneralName *
-GetGeneralName (PRArenaPool *arena)
-{
- CERTGeneralName *namesList = NULL;
- CERTGeneralName *current;
- CERTGeneralName *tail = NULL;
- SECStatus rv = SECSuccess;
- int intValue;
- char buffer[512];
- void *mark;
-
- PORT_Assert (arena);
- mark = PORT_ArenaMark (arena);
- do {
- puts ("\nSelect one of the following general name type: \n");
- puts ("\t1 - instance of other name\n\t2 - rfc822Name\n\t3 - dnsName\n");
- puts ("\t4 - x400Address\n\t5 - directoryName\n\t6 - ediPartyName\n");
- puts ("\t7 - uniformResourceidentifier\n\t8 - ipAddress\n\t9 - registerID\n");
- puts ("\tOther - omit\n\t\tChoice:");
- scanf ("%d", &intValue);
- if (intValue >= certOtherName || intValue <= certRegisterID) {
- if (namesList == NULL) {
- namesList = current = tail = (CERTGeneralName *) PORT_ArenaAlloc
- (arena, sizeof (CERTGeneralName));
- } else {
- current = (CERTGeneralName *) PORT_ArenaAlloc(arena,
- sizeof (CERTGeneralName));
- }
- if (current == NULL) {
- GEN_BREAK (SECFailure);
- }
- } else {
- break;
- }
- current->type = intValue;
- puts ("\nEnter data:");
- fflush (stdout);
- gets (buffer);
- switch (current->type) {
- case certURI:
- case certDNSName:
- case certRFC822Name:
- current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer));
- if (current->name.other.data == NULL) {
- GEN_BREAK (SECFailure);
- }
- PORT_Memcpy
- (current->name.other.data, buffer, current->name.other.len = strlen(buffer));
- break;
-
- case certEDIPartyName:
- case certIPAddress:
- case certOtherName:
- case certRegisterID:
- case certX400Address: {
-
- current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer) + 2);
- if (current->name.other.data == NULL) {
- GEN_BREAK (SECFailure);
- }
-
- PORT_Memcpy (current->name.other.data + 2, buffer, strlen (buffer));
- /* This may not be accurate for all cases. For now, use this tag type */
- current->name.other.data[0] = (char)(((current->type - 1) & 0x1f)| 0x80);
- current->name.other.data[1] = (char)strlen (buffer);
- current->name.other.len = strlen (buffer) + 2;
- break;
- }
-
- case certDirectoryName: {
- CERTName *directoryName = NULL;
-
- directoryName = CERT_AsciiToName (buffer);
- if (!directoryName) {
- fprintf(stderr, "certutil: improperly formatted name: \"%s\"\n", buffer);
- break;
- }
-
- rv = CERT_CopyName (arena, &current->name.directoryName, directoryName);
- CERT_DestroyName (directoryName);
-
- break;
- }
- }
- if (rv != SECSuccess)
- break;
- current->l.next = &(namesList->l);
- current->l.prev = &(tail->l);
- tail->l.next = &(current->l);
- tail = current;
-
- }while (1);
-
- if (rv != SECSuccess) {
- PORT_SetError (rv);
- PORT_ArenaRelease (arena, mark);
- namesList = NULL;
- }
- return (namesList);
-}
-
-static SECStatus
-GetString(PRArenaPool *arena, char *prompt, SECItem *value)
-{
- char buffer[251];
-
- value->data = NULL;
- value->len = 0;
-
- puts (prompt);
- gets (buffer);
- if (strlen (buffer) > 0) {
- value->data = PORT_ArenaAlloc (arena, strlen (buffer));
- if (value->data == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return (SECFailure);
- }
- PORT_Memcpy (value->data, buffer, value->len = strlen(buffer));
- }
- return (SECSuccess);
-}
-
-static CERTCertificateRequest *
-GetCertRequest(PRFileDesc *inFile)
-{
- CERTCertificateRequest *certReq = NULL;
- CERTSignedData signedData;
- PRArenaPool *arena = NULL;
- SECItem reqDER;
- SECStatus rv;
-
- reqDER.data = NULL;
- do {
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- GEN_BREAK (SEC_ERROR_NO_MEMORY);
- }
-
- rv = SECU_ReadDERFromFile(&reqDER, inFile, PR_FALSE);
- if (rv)
- break;
- certReq = (CERTCertificateRequest*) PORT_ArenaZAlloc
- (arena, sizeof(CERTCertificateRequest));
- if (!certReq)
- break;
- certReq->arena = arena;
-
- /* Since cert request is a signed data, must decode to get the inner
- data
- */
- PORT_Memset(&signedData, 0, sizeof(signedData));
- rv = SEC_ASN1DecodeItem(arena, &signedData, CERT_SignedDataTemplate,
- &reqDER);
- if (rv)
- break;
-
- rv = SEC_ASN1DecodeItem(arena, certReq, CERT_CertificateRequestTemplate,
- &signedData.data);
- } while (0);
-
- if (rv) {
- PRErrorCode perr = PR_GetError();
- fprintf(stderr, "%s: unable to decode DER cert request (%s)\n", progName,
- SECU_Strerror(perr));
- }
- return (certReq);
-}
-
-static PRBool
-GetYesNo(char *prompt)
-{
- char buf[3];
-
- PR_Sync(PR_STDIN);
- PR_Write(PR_STDOUT, prompt, strlen(prompt)+1);
- PR_Read(PR_STDIN, buf, sizeof(buf));
- return (buf[0] == 'y' || buf[0] == 'Y') ? PR_TRUE : PR_FALSE;
-#if 0
- char charValue;
-
- puts (prompt);
- scanf ("%c", &charValue);
- if (charValue != 'y' && charValue != 'Y')
- return (0);
- return (1);
-#endif
-}
-
-static SECStatus
-AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
- PRFileDesc *inFile, PRBool ascii, PRBool emailcert)
-{
- CERTCertTrust *trust = NULL;
- CERTCertificate *cert = NULL, *tempCert = NULL;
- SECItem certDER;
- SECStatus rv;
-
- certDER.data = NULL;
- do {
- /* Read in the entire file specified with the -i argument */
- rv = SECU_ReadDERFromFile(&certDER, inFile, ascii);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "unable to read input file");
- break;
- }
-
- /* Read in an ASCII cert and return a CERTCertificate */
- cert = CERT_DecodeCertFromPackage((char *)certDER.data, certDER.len);
- if (!cert) {
- SECU_PrintError(progName, "could not obtain certificate from file");
- GEN_BREAK(SECFailure);
- }
-
- /* Create a cert trust to pass to SEC_AddPermCertificate */
- trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
- if (!trust) {
- SECU_PrintError(progName, "unable to allocate cert trust");
- GEN_BREAK(SECFailure);
- }
-
- rv = CERT_DecodeTrustString(trust, trusts);
- if (rv) {
- SECU_PrintError(progName, "unable to decode trust string");
- GEN_BREAK(SECFailure);
- }
-
- if ( emailcert ) {
- CERTIssuerAndSN *issuerAndSN;
- SECItem *derCert;
-
- issuerAndSN = CERT_GetCertIssuerAndSN(NULL, cert);
- derCert = &cert->derCert;
-
-#ifdef NOTDEF /* take this out for now */
- tempCert = CERT_ImportCertsFromSMIME(handle, 1, &derCert,
- issuerAndSN, NULL, NULL,
- NULL, PR_TRUE);
-#else
- tempCert = NULL;
-#endif
- if (tempCert == NULL) {
- SECU_PrintError(progName,
- "unable to add email cert to the temp database");
- GEN_BREAK(SECFailure);
- }
-
- } else {
- /* Make sure there isn't a nickname conflict */
- if (SEC_CertNicknameConflict(name, &cert->derSubject, handle)) {
- SECU_PrintError(progName, "certificate '%s' conflicts", name);
- GEN_BREAK(SECFailure);
- }
-
- /* CERT_ImportCert only collects certificates and returns the
- * first certficate. It does not insert these certificates into
- * the dbase. For now, just call CERT_NewTempCertificate.
- * This will result in decoding the der twice. This have to
- * be handle properly.
- */
-
- tempCert = CERT_NewTempCertificate(handle, &cert->derCert, NULL,
- PR_FALSE, PR_TRUE);
-
- if (!PK11_IsInternal(slot)) {
- tempCert->trust = trust;
- rv = PK11_ImportCertForKeyToSlot(slot, tempCert, name,
- PR_FALSE, NULL);
- }
-
- if (tempCert == NULL) {
- SECU_PrintError(progName,
- "unable to add cert to the temp database");
- GEN_BREAK(SECFailure);
- }
-
- rv = CERT_AddTempCertToPerm(tempCert, name, trust);
- if (rv) {
- SECU_PrintError(progName,
- "could not add certificate to database");
- GEN_BREAK(SECFailure);
- }
- }
- } while (0);
-
- CERT_DestroyCertificate (tempCert);
- CERT_DestroyCertificate (cert);
- PORT_Free(trust);
- PORT_Free(certDER.data);
-
- return rv;
-}
-
-static SECStatus
-CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
- CERTName *subject, char *phone, int ascii, PRFileDesc *outFile)
-{
- CERTSubjectPublicKeyInfo *spki;
- CERTCertificateRequest *cr;
- SECItem *encoding;
- SECItem result;
- SECStatus rv;
- PRArenaPool *arena;
- PRInt32 numBytes;
-
- /* Create info about public key */
- spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
- if (!spki) {
- SECU_PrintError(progName, "unable to create subject public key");
- return SECFailure;
- }
-
- /* Generate certificate request */
- cr = CERT_CreateCertificateRequest(subject, spki, 0);
- if (!cr) {
- SECU_PrintError(progName, "unable to make certificate request");
- return SECFailure;
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- SECU_PrintError(progName, "out of memory");
- return SECFailure;
- }
-
- /* Der encode the request */
- encoding = SEC_ASN1EncodeItem(arena, NULL, cr,
- CERT_CertificateRequestTemplate);
- if (encoding == NULL) {
- SECU_PrintError(progName, "der encoding of request failed");
- return SECFailure;
- }
-
- /* Sign the request */
- switch (keyType) {
- case rsaKey:
- rv = SEC_DerSignData(arena, &result, encoding->data, encoding->len,
- privk, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION);
- break;
- case dsaKey:
- rv = SEC_DerSignData(arena, &result, encoding->data, encoding->len,
- privk, SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST);
- break;
- default:
- SECU_PrintError(progName, "Must use rsa or dsa key type");
- return SECFailure;
- }
-
- if (rv) {
- SECU_PrintError(progName, "signing of data failed");
- return SECFailure;
- }
-
- /* Encode request in specified format */
- if (ascii) {
- char *obuf;
- char *name, *email, *org, *state, *country;
- SECItem *it;
- int total;
-
- it = &result;
-
- obuf = BTOA_ConvertItemToAscii(it);
- total = PL_strlen(obuf);
-
- name = CERT_GetCommonName(subject);
- if (!name) {
- fprintf(stderr, "You must specify a common name\n");
- return SECFailure;
- }
-
- if (!phone)
- phone = strdup("(not specified)");
-
- email = CERT_GetCertEmailAddress(subject);
- if (!email)
- email = strdup("(not specified)");
-
- org = CERT_GetOrgName(subject);
- if (!org)
- org = strdup("(not specified)");
-
- state = CERT_GetStateName(subject);
- if (!state)
- state = strdup("(not specified)");
-
- country = CERT_GetCountryName(subject);
- if (!country)
- country = strdup("(not specified)");
-
- PR_fprintf(outFile,
- "\nCertificate request generated by Netscape certutil\n");
- PR_fprintf(outFile, "Phone: %s\n\n", phone);
- PR_fprintf(outFile, "Common Name: %s\n", name);
- PR_fprintf(outFile, "Email: %s\n", email);
- PR_fprintf(outFile, "Organization: %s\n", org);
- PR_fprintf(outFile, "State: %s\n", state);
- PR_fprintf(outFile, "Country: %s\n\n", country);
-
- PR_fprintf(outFile, "%s\n", NS_CERTREQ_HEADER);
- numBytes = PR_Write(outFile, obuf, total);
- if (numBytes != total) {
- SECU_PrintSystemError(progName, "write error");
- return SECFailure;
- }
- PR_fprintf(outFile, "%s\n", NS_CERTREQ_TRAILER);
- } else {
- numBytes = PR_Write(outFile, result.data, result.len);
- if (numBytes != (int)result.len) {
- SECU_PrintSystemError(progName, "write error");
- return SECFailure;
- }
- }
- return SECSuccess;
-}
-
-static SECStatus
-ChangeTrustAttributes(CERTCertDBHandle *handle, char *name, char *trusts)
-{
- SECStatus rv;
- CERTCertificate *cert;
- CERTCertTrust *trust;
-
- cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
- if (!cert) {
- SECU_PrintError(progName, "could not find certificate named \"%s\"",
- name);
- return SECFailure;
- }
-
- trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
- if (!trust) {
- SECU_PrintError(progName, "unable to allocate cert trust");
- return SECFailure;
- }
-
- /* This function only decodes these characters: pPwcTCu, */
- rv = CERT_DecodeTrustString(trust, trusts);
- if (rv) {
- SECU_PrintError(progName, "unable to decode trust string");
- return SECFailure;
- }
-
- rv = CERT_ChangeCertTrust(handle, cert, trust);
- if (rv) {
- SECU_PrintError(progName, "unable to modify trust attributes");
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-static SECStatus
-printCertCB(CERTCertificate *cert, void *arg)
-{
- SECStatus rv;
- SECItem data;
-
- data.data = cert->derCert.data;
- data.len = cert->derCert.len;
-
- rv = SECU_PrintSignedData(stdout, &data, "Certificate", 0,
- SECU_PrintCertificate);
- if (rv) {
- SECU_PrintError(progName, "problem printing certificate");
- return(SECFailure);
- }
- SECU_PrintTrustFlags(stdout, &cert->dbEntry->trust,
- "Certificate Trust Flags", 1);
- return(SECSuccess);
-}
-
-static SECStatus
-ListCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,
- PRBool raw, PRBool ascii)
-{
- SECStatus rv;
- CERTCertificate *cert;
- SECItem data;
- PRInt32 numBytes;
-
- /* For now, split handling of slot to internal vs. other. slot should
- * probably be allowed to be NULL so that all slots can be listed.
- * In that case, need to add a call to PK11_TraverseSlotCerts().
- */
- if (PK11_IsInternal(slot)) {
- if (name == NULL) {
- /* Print all certs in internal slot db. */
- rv = SECU_PrintCertificateNames(handle, PR_STDOUT,
- PR_FALSE, PR_TRUE);
- if (rv) {
- SECU_PrintError(progName,
- "problem printing certificate nicknames");
- return SECFailure;
- }
- } else if (raw || ascii) {
- /* Dump binary or ascii DER for the cert to stdout. */
- cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
- if (!cert) {
- SECU_PrintError(progName,
- "could not find certificate named \"%s\"", name);
- return SECFailure;
- }
- data.data = cert->derCert.data;
- data.len = cert->derCert.len;
- if (ascii) {
- PR_fprintf(PR_STDOUT, "%s\n%s\n%s\n", NS_CERT_HEADER,
- BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
- } else if (raw) {
- numBytes = PR_Write(PR_STDOUT, data.data, data.len);
- if (numBytes != data.len) {
- SECU_PrintSystemError(progName, "error writing raw cert");
- return SECFailure;
- }
- }
- } else {
- /* Pretty-print cert. */
- rv = CERT_TraversePermCertsForNickname(handle, name, printCertCB,
- NULL);
- }
- } else {
- /* List certs on a non-internal slot. */
- if (PK11_NeedLogin(slot))
- PK11_Authenticate(slot, PR_TRUE, NULL);
- rv = PK11_TraverseCertsInSlot(slot, SECU_PrintCertNickname, stdout);
- if (rv) {
- SECU_PrintError(progName, "problem printing certificate nicknames");
- return SECFailure;
- }
- }
-
- return SECSuccess; /* not rv ?? */
-}
-
-static SECStatus
-DeleteCert(CERTCertDBHandle *handle, char *name)
-{
- SECStatus rv;
- CERTCertificate *cert;
-
- cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
- if (!cert) {
- SECU_PrintError(progName, "could not find certificate named \"%s\"",
- name);
- return SECFailure;
- }
-
- rv = SEC_DeletePermCertificate(cert);
- if (rv) {
- SECU_PrintError(progName, "unable to delete certificate");
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-static SECStatus
-ValidateCert(CERTCertDBHandle *handle, char *name, char *date,
- char *certUsage, PRBool checkSig, PRBool logit)
-{
- SECStatus rv;
- CERTCertificate *cert;
- int64 timeBoundary;
- SECCertUsage usage;
- CERTVerifyLog reallog;
- CERTVerifyLog *log = NULL;
-
- switch (*certUsage) {
- case 'C':
- usage = certUsageSSLClient;
- break;
- case 'V':
- usage = certUsageSSLServer;
- break;
- case 'S':
- usage = certUsageEmailSigner;
- break;
- case 'R':
- usage = certUsageEmailRecipient;
- break;
- default:
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return (SECFailure);
- }
- do {
- cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
- if (!cert) {
- SECU_PrintError(progName, "could not find certificate named \"%s\"",
- name);
- GEN_BREAK (SECFailure)
- }
-
- if (date != NULL) {
- rv = DER_AsciiToTime(&timeBoundary, date);
- if (rv) {
- SECU_PrintError(progName, "invalid input date");
- GEN_BREAK (SECFailure)
- }
- } else {
- timeBoundary = PR_Now();
- }
-
- if ( logit ) {
- log = &reallog;
-
- log->count = 0;
- log->head = NULL;
- log->tail = NULL;
- log->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( log->arena == NULL ) {
- SECU_PrintError(progName, "out of memory");
- GEN_BREAK (SECFailure)
- }
- }
-
- rv = CERT_VerifyCert(handle, cert, checkSig, usage,
- timeBoundary, NULL, log);
- if ( log ) {
- if ( log->head == NULL ) {
- fprintf(stdout, "%s: certificate is valid\n", progName);
- GEN_BREAK (SECSuccess)
- } else {
- char *name;
- CERTVerifyLogNode *node;
-
- node = log->head;
- while ( node ) {
- if ( node->cert->nickname != NULL ) {
- name = node->cert->nickname;
- } else {
- name = node->cert->subjectName;
- }
- fprintf(stderr, "%s : %s\n", name,
- SECU_Strerror(node->error));
- CERT_DestroyCertificate(node->cert);
- node = node->next;
- }
- }
- } else {
- if (rv != SECSuccess) {
- PRErrorCode perr = PORT_GetError();
- fprintf(stdout, "%s: certificate is invalid: %s\n",
- progName, SECU_Strerror(perr));
- GEN_BREAK (SECFailure)
- }
- fprintf(stdout, "%s: certificate is valid\n", progName);
- GEN_BREAK (SECSuccess)
- }
- } while (0);
-
- return (rv);
-}
-
-SECKEYLowPrivateKey*
-GetPrivKeyFromNickname(char *nickname)
-{
- /* check if key actually exists */
- if (SECU_CheckKeyNameExists(NULL, nickname) == PR_FALSE) {
- SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
- return NULL;
- }
-
- /* Read in key */
- return SECU_GetPrivateKey(NULL, nickname);
-}
-
-static SECStatus
-DumpPublicKey(int dbindex, char *nickname, FILE *out)
-{
- SECKEYLowPrivateKey *privKey;
- SECKEYLowPublicKey *publicKey;
-
- if (dbindex) {
- /*privKey = secu_GetPrivKeyFromIndex(dbindex);*/
- } else {
- privKey = GetPrivKeyFromNickname(nickname);
- }
- publicKey = SECKEY_LowConvertToPublicKey(privKey);
-
- /* Output public key (in the clear) */
- switch(publicKey->keyType) {
- case rsaKey:
- fprintf(out, "RSA Public-Key:\n");
- SECU_PrintInteger(out, &publicKey->u.rsa.modulus, "modulus", 1);
- SECU_PrintInteger(out, &publicKey->u.rsa.publicExponent,
- "publicExponent", 1);
- break;
- case dsaKey:
- fprintf(out, "DSA Public-Key:\n");
- SECU_PrintInteger(out, &publicKey->u.dsa.params.prime, "prime", 1);
- SECU_PrintInteger(out, &publicKey->u.dsa.params.subPrime,
- "subPrime", 1);
- SECU_PrintInteger(out, &publicKey->u.dsa.params.base, "base", 1);
- SECU_PrintInteger(out, &publicKey->u.dsa.publicValue, "publicValue", 1);
- break;
- default:
- fprintf(out, "unknown key type\n");
- break;
- }
- return SECSuccess;
-}
-
-static SECStatus
-DumpPrivateKey(int dbindex, char *nickname, FILE *out)
-{
- SECKEYLowPrivateKey *key;
- if (dbindex) {
- /*key = secu_GetPrivKeyFromIndex(dbindex);*/
- } else {
- key = GetPrivKeyFromNickname(nickname);
- }
-
- switch(key->keyType) {
- case rsaKey:
- fprintf(out, "RSA Private-Key:\n");
- SECU_PrintInteger(out, &key->u.rsa.modulus, "modulus", 1);
- SECU_PrintInteger(out, &key->u.rsa.publicExponent, "publicExponent", 1);
- SECU_PrintInteger(out, &key->u.rsa.privateExponent,
- "privateExponent", 1);
- SECU_PrintInteger(out, &key->u.rsa.prime1, "prime1", 1);
- SECU_PrintInteger(out, &key->u.rsa.prime2, "prime2", 1);
- SECU_PrintInteger(out, &key->u.rsa.exponent1, "exponent2", 1);
- SECU_PrintInteger(out, &key->u.rsa.exponent2, "exponent2", 1);
- SECU_PrintInteger(out, &key->u.rsa.coefficient, "coefficient", 1);
- break;
- case dsaKey:
- fprintf(out, "DSA Private-Key:\n");
- SECU_PrintInteger(out, &key->u.dsa.params.prime, "prime", 1);
- SECU_PrintInteger(out, &key->u.dsa.params.subPrime, "subPrime", 1);
- SECU_PrintInteger(out, &key->u.dsa.params.base, "base", 1);
- SECU_PrintInteger(out, &key->u.dsa.publicValue, "publicValue", 1);
- SECU_PrintInteger(out, &key->u.dsa.privateValue, "privateValue", 1);
- break;
- default:
- fprintf(out, "unknown key type\n");
- break;
- }
- return SECSuccess;
-}
-
-static SECStatus
-printKeyCB(SECKEYPublicKey *key, SECItem *data, void *arg)
-{
- if (key->keyType == rsaKey) {
- fprintf(stdout, "RSA Public-Key:\n");
- SECU_PrintInteger(stdout, &key->u.rsa.modulus, "modulus", 1);
- } else {
- fprintf(stdout, "DSA Public-Key:\n");
- SECU_PrintInteger(stdout, &key->u.dsa.publicValue, "publicValue", 1);
- }
- return SECSuccess;
-}
-
-/* callback for listing certs through pkcs11 */
-SECStatus
-secu_PrintKeyFromCert(CERTCertificate *cert, void *data)
-{
- FILE *out;
- char *name;
- SECKEYPublicKey *key;
-
- out = (FILE *)data;
- key = CERT_ExtractPublicKey(cert);
- if (!key) {
- fprintf(out, "XXX could not extract key for %s.\n", cert->nickname);
- return SECFailure;
- }
- /* XXX should have a type field also */
- fprintf(out, "<%d> %s\n", 0, cert->nickname);
-
- return SECSuccess;
-}
-
-static SECStatus
-ListKeys(PK11SlotInfo *slot, char *keyname, int index,
- KeyType keyType, PRBool dopriv)
-{
- SECStatus rv;
-
- if (keyname) {
- if (dopriv) {
- return DumpPrivateKey(index, keyname, stdout);
- } else {
- return DumpPublicKey(index, keyname, stdout);
- }
- }
- /* For now, split handling of slot to internal vs. other. slot should
- * probably be allowed to be NULL so that all slots can be listed.
- * In that case, need to add a call to PK11_TraverseSlotCerts().
- */
- if (PK11_IsInternal(slot)) {
- /* Print all certs in internal slot db. */
- rv = SECU_PrintKeyNames(SECKEY_GetDefaultKeyDB(), stdout);
- if (rv) {
- SECU_PrintError(progName, "problem listing keys");
- return SECFailure;
- }
- } else {
- /* XXX need a function as below */
- /* could iterate over certs on slot and print keys */
- /* this would miss stranded keys */
- /*rv = PK11_TraverseSlotKeys(slotname, keyType, printKeyCB, NULL, NULL);*/
- if (PK11_NeedLogin(slot))
- PK11_Authenticate(slot, PR_TRUE, NULL);
- rv = PK11_TraverseCertsInSlot(slot, secu_PrintKeyFromCert, stdout);
- if (rv) {
- SECU_PrintError(progName, "problem listing keys");
- return SECFailure;
- }
- return SECFailure;
- }
- return rv;
-}
-
-static SECStatus
-DeleteKey(SECKEYKeyDBHandle *handle, char *nickname)
-{
- SECStatus rv;
-
- rv = SECU_DeleteKeyByName(handle, nickname);
- if (rv != SECSuccess) {
- SECU_PrintError("problem deleting private key \"%s\"\n", nickname);
- }
- return rv;
-}
-
-
-/*
- * L i s t M o d u l e s
- *
- * Print a list of the PKCS11 modules that are
- * available. This is useful for smartcard people to
- * make sure they have the drivers loaded.
- *
- */
-static SECStatus
-ListModules(void)
-{
- PK11SlotList *list;
- PK11SlotListElement *le;
-
- /* get them all! */
- list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,NULL);
- if (list == NULL) return SECFailure;
-
- /* look at each slot*/
- for (le = list->head ; le; le = le->next) {
- printf ("\n");
- printf (" slot: %s\n", PK11_GetSlotName(le->slot));
- printf (" token: %s\n", PK11_GetTokenName(le->slot));
- }
- PK11_FreeSlotList(list);
-
- return SECSuccess;
-}
-
-static void
-Usage(char *progName)
-{
-#define FPS fprintf(stderr,
- FPS "Type %s -H for more detailed descriptions\n", progName);
- FPS "Usage: %s -N [-d certdir] [-f pwfile]\n", progName);
- FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-a] [-i input]\n",
- progName);
- FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n"
- "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n"
- "\t\t [-f pwfile] [-d certdir] [-1] [-2] [-3] [-4] [-5] [-6]\n",
- progName);
- FPS "\t%s -D -n cert-name [-d certdir]\n", progName);
- FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-a] [-i input]\n",
- progName);
- FPS "\t%s -G -n key-name [-h token-name] [-k rsa] [-g key-size] [-y exp]\n"
- "\t\t [-f pwfile] [-z noisefile] [-d certdir]\n", progName);
- FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n"
- "\t\t [-z noisefile] [-d certdir]\n", progName);
- FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n",
- progName);
- FPS "\t\t [-f pwfile] [-d certdir]\n");
- FPS "\t%s -L [-n cert-name] [-d certdir] [-r] [-a]\n", progName);
- FPS "\t%s -M -n cert-name -t trustargs [-d certdir]\n",
- progName);
- FPS "\t%s -R -s subj -o cert-request-file [-d certdir] [-p phone] [-a]\n"
- "\t\t [-k key-type] [-h token-name] [-f pwfile] [-g key-size]\n",
- progName);
- FPS "\t%s -V -n cert-name -u usage [-b time] [-e] [-d certdir]\n",
- progName);
- FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x] -t trustargs\n"
- "\t\t [-k key-type] [-h token-name] [-g key-size]\n"
- "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n"
- "\t\t [-f pwfile] [-d certdir]\n"
- "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6]\n",
- progName);
- FPS "\t%s -U [-d certdir]\n", progName);
- exit(-1);
-}
-
-static void LongUsage(char *progName)
-{
-
- FPS "%-15s Add a certificate to the database (create if needed)\n",
- "-A");
- FPS "%-15s Add an Email certificate to the database (create if needed)\n",
- "-E");
- FPS "%-20s Specify the nickname of the certificate to add\n",
- " -n cert-name");
- FPS "%-20s Set the certificate trust attributes:\n",
- " -t trustargs");
- FPS "%-25s p \t valid peer\n", "");
- FPS "%-25s P \t trusted peer (implies p)\n", "");
- FPS "%-25s c \t valid CA\n", "");
- FPS "%-25s T \t trusted CA to issue client certs (implies c)\n", "");
- FPS "%-25s C \t trusted CA to issue server certs (implies c)\n", "");
- FPS "%-25s u \t user cert\n", "");
- FPS "%-25s w \t send warning\n", "");
-#ifdef DEBUG_NSSTEAM_ONLY
- FPS "%-25s g \t make step-up cert\n", "");
-#endif /* DEBUG_NSSTEAM_ONLY */
- FPS "%-20s Specify the password file\n",
- " -f pwfile");
- FPS "%-20s Cert database directory (default is ~/.netscape)\n",
- " -d certdir");
- FPS "%-20s The input certificate is encoded in ASCII (RFC1113)\n",
- " -a");
- FPS "%-20s Specify the certificate file (default is stdin)\n",
- " -i input");
- FPS "\n");
-
- FPS "%-15s Create a new binary certificate from a BINARY cert request\n",
- "-C");
- FPS "%-20s The nickname of the issuer cert\n",
- " -c issuer-name");
- FPS "%-20s The BINARY certificate request file\n",
- " -i cert-request ");
- FPS "%-20s Output binary cert to this file (default is stdout)\n",
- " -o output-cert");
- FPS "%-20s Self sign\n",
- " -x");
- FPS "%-20s Cert serial number\n",
- " -m serial-number");
- FPS "%-20s Time Warp\n",
- " -w warp-months");
- FPS "%-20s Months valid (default is 3)\n",
- " -v months-valid");
- FPS "%-20s Specify the password file\n",
- " -f pwfile");
- FPS "%-20s Cert database directory (default is ~/.netscape)\n",
- " -d certdir");
- FPS "%-20s Create key usage extension\n",
- " -1 ");
- FPS "%-20s Create basic constraint extension\n",
- " -2 ");
- FPS "%-20s Create authority key ID extension\n",
- " -3 ");
- FPS "%-20s Create crl distribution point extension\n",
- " -4 ");
- FPS "%-20s Create netscape cert type extension\n",
- " -5 ");
- FPS "%-20s Create extended key usage extension\n",
- " -6 ");
- FPS "\n");
-
- FPS "%-15s Generate a new key pair\n",
- "-G");
- FPS "%-20s Name of token in which to generate key (default is internal)\n",
- " -h token-name");
- FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
- " -k key-type");
- FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n",
- " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
- FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n",
- " -y exp");
- FPS "%-20s Specify the password file\n",
- " -f password-file");
- FPS "%-20s Specify the noise file to be used\n",
- " -z noisefile");
- FPS "%-20s read PQG value from pqgfile (dsa only)\n",
- " -q pqgfile");
- FPS "%-20s Key database directory (default is ~/.netscape)\n",
- " -d keydir");
- FPS "\n");
-
- FPS "%-15s Delete a certificate from the database\n",
- "-D");
- FPS "%-20s The nickname of the cert to delete\n",
- " -n cert-name");
- FPS "%-20s Cert database directory (default is ~/.netscape)\n",
- " -d certdir");
- FPS "\n");
-
- FPS "%-15s List all modules\n", /*, or print out a single named module\n",*/
- "-U");
- FPS "%-20s Module database directory (default is '~/.netscape')\n",
- " -d moddir");
-
- FPS "%-15s List all keys\n", /*, or print out a single named key\n",*/
- "-K");
- FPS "%-20s Name of token in which to look for keys (default is internal,"
- " use \"all\" to list keys on all tokens)\n",
- " -h token-name ");
- FPS "%-20s Type of key pair to list (\"all\", \"dsa\", \"rsa\" (default))\n",
- " -k key-type");
- FPS "%-20s Specify the password file\n",
- " -f password-file");
- FPS "%-20s Key database directory (default is ~/.netscape)\n",
- " -d keydir");
- FPS "\n");
-
- FPS "%-15s List all certs, or print out a single named cert\n",
- "-L");
- FPS "%-20s Pretty print named cert (list all if unspecified)\n",
- " -n cert-name");
- FPS "%-20s Cert database directory (default is ~/.netscape)\n",
- " -d certdir");
- FPS "%-20s For single cert, print binary DER encoding\n",
- " -r");
- FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n",
- " -a");
- FPS "\n");
-
- FPS "%-15s Modify trust attributes of certificate\n",
- "-M");
- FPS "%-20s The nickname of the cert to modify\n",
- " -n cert-name");
- FPS "%-20s Set the certificate trust attributes (see -A above)\n",
- " -t trustargs");
- FPS "%-20s Cert database directory (default is ~/.netscape)\n",
- " -d certdir");
- FPS "\n");
-
- FPS "%-15s Create a new certificate database\n",
- "-N");
- FPS "%-20s Cert database directory (default is ~/.netscape)\n",
- " -d certdir");
- FPS "\n");
-
- FPS "%-15s Generate a certificate request (stdout)\n",
- "-R");
- FPS "%-20s Specify the subject name (using RFC1485)\n",
- " -s subject");
- FPS "%-20s Output the cert request to this file\n",
- " -o output-req");
- FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
- " -k key-type");
- FPS "%-20s Name of token in which to generate key (default is internal)\n",
- " -h token-name");
- FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
- " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
- FPS "%-20s Specify the password file\n",
- " -f pwfile");
- FPS "%-20s Key database directory (default is ~/.netscape)\n",
- " -d keydir");
- FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n",
- " -p phone");
- FPS "%-20s Output the cert request in ASCII (RFC1113); default is binary\n",
- " -a");
- FPS "\n");
-
- FPS "%-15s Validate a certificate\n",
- "-V");
- FPS "%-20s The nickname of the cert to Validate\n",
- " -n cert-name");
- FPS "%-20s validity time (\"YYMMDDHHMMSS[+HHMM|-HHMM|Z]\")\n",
- " -b time");
- FPS "%-20s Check certificate signature \n",
- " -e ");
- FPS "%-20s Specify certificate usage:\n", " -u certusage");
- FPS "%-25s C \t SSL Client\n", "");
- FPS "%-25s V \t SSL Server\n", "");
- FPS "%-25s S \t Email signer\n", "");
- FPS "%-25s R \t Email Recipient\n", "");
- FPS "%-20s Cert database directory (default is ~/.netscape)\n",
- " -d certdir");
- FPS "\n");
-
- FPS "%-15s Make a certificate and add to database\n",
- "-S");
- FPS "%-20s Specify the nickname of the cert\n",
- " -n key-name");
- FPS "%-20s Specify the subject name (using RFC1485)\n",
- " -s subject");
- FPS "%-20s The nickname of the issuer cert\n",
- " -c issuer-name");
- FPS "%-20s Set the certificate trust attributes (see -A above)\n",
- " -t trustargs");
- FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
- " -k key-type");
- FPS "%-20s Name of token in which to generate key (default is internal)\n",
- " -h token-name");
- FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
- " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
- FPS "%-20s Self sign\n",
- " -x");
- FPS "%-20s Cert serial number\n",
- " -m serial-number");
- FPS "%-20s Time Warp\n",
- " -w warp-months");
- FPS "%-20s Months valid (default is 3)\n",
- " -v months-valid");
- FPS "%-20s Specify the password file\n",
- " -f pwfile");
- FPS "%-20s Cert database directory (default is ~/.netscape)\n",
- " -d certdir");
- FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n",
- " -p phone");
- FPS "%-20s Create key usage extension\n",
- " -1 ");
- FPS "%-20s Create basic constraint extension\n",
- " -2 ");
- FPS "%-20s Create authority key ID extension\n",
- " -3 ");
- FPS "%-20s Create crl distribution point extension\n",
- " -4 ");
- FPS "%-20s Create netscape cert type extension\n",
- " -5 ");
- FPS "%-20s Create extended key usage extension\n",
- " -6 ");
- FPS "\n");
-
- exit(-1);
-#undef FPS
-}
-
-
-static CERTCertificate *
-MakeV1Cert( CERTCertDBHandle * handle,
- CERTCertificateRequest *req,
- char * issuerNickName,
- PRBool selfsign,
- int serialNumber,
- int warpmonths,
- int validitylength)
-{
- CERTCertificate *issuerCert = NULL;
- CERTValidity *validity;
- CERTCertificate *cert = NULL;
-#ifndef NSPR20
- PRTime printableTime;
- int64 now, after;
-#else
- PRExplodedTime printableTime;
- PRTime now, after;
-#endif
-
-
-
- if ( !selfsign ) {
- issuerCert = CERT_FindCertByNicknameOrEmailAddr(handle, issuerNickName);
- if (!issuerCert) {
- SECU_PrintError(progName, "could not find certificate named \"%s\"",
- issuerNickName);
- return NULL;
- }
- }
-
- now = PR_Now();
-#ifndef NSPR20
- PR_ExplodeGMTTime (&printableTime, now);
-#else
- PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
-#endif
- if ( warpmonths ) {
-#ifndef NSPR20
- printableTime.tm_mon += warpmonths;
- now = PR_ImplodeTime (&printableTime, 0, 0);
- PR_ExplodeGMTTime (&printableTime, now);
-#else
- printableTime.tm_month += warpmonths;
- now = PR_ImplodeTime (&printableTime);
- PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
-#endif
- }
-#ifndef NSPR20
- printableTime.tm_mon += validitylength;
- printableTime.tm_mon += 3;
- after = PR_ImplodeTime (&printableTime, 0, 0);
-
-#else
- printableTime.tm_month += validitylength;
- printableTime.tm_month += 3;
- after = PR_ImplodeTime (&printableTime);
-#endif
-
- /* note that the time is now in micro-second unit */
- validity = CERT_CreateValidity (now, after);
-
- if ( selfsign ) {
- cert = CERT_CreateCertificate
- (serialNumber,&(req->subject), validity, req);
- } else {
- cert = CERT_CreateCertificate
- (serialNumber,&(issuerCert->subject), validity, req);
- }
-
- CERT_DestroyValidity(validity);
- if ( issuerCert ) {
- CERT_DestroyCertificate (issuerCert);
- }
-
- return(cert);
-}
-
-static SECStatus
-AddKeyUsage (void *extHandle)
-{
- SECItem bitStringValue;
- unsigned char keyUsage = 0x0;
- char buffer[5];
- int value;
-
- while (1) {
- fprintf(stdout, "%-25s 0 - Digital Signature\n", "");
- fprintf(stdout, "%-25s 1 - Non-repudiation\n", "");
- fprintf(stdout, "%-25s 2 - Key encipherment\n", "");
- fprintf(stdout, "%-25s 3 - Data encipherment\n", "");
- fprintf(stdout, "%-25s 4 - Key agreement\n", "");
- fprintf(stdout, "%-25s 5 - Cert signning key\n", "");
- fprintf(stdout, "%-25s 6 - CRL signning key\n", "");
- fprintf(stdout, "%-25s Other to finish\n", "");
- gets (buffer);
- value = atoi (buffer);
- if (value < 0 || value > 6)
- break;
- keyUsage |= (0x80 >> value);
- }
-
- bitStringValue.data = &keyUsage;
- bitStringValue.len = 1;
- buffer[0] = 'n';
- puts ("Is this a critical extension [y/n]? ");
- gets (buffer);
-
- return (CERT_EncodeAndAddBitStrExtension
- (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue,
- (buffer[0] == 'y' || buffer[0] == 'Y') ? PR_TRUE : PR_FALSE));
-
-}
-
-
-static CERTOidSequence *
-CreateOidSequence(void)
-{
- CERTOidSequence *rv = (CERTOidSequence *)NULL;
- PRArenaPool *arena = (PRArenaPool *)NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if( (PRArenaPool *)NULL == arena ) {
- goto loser;
- }
-
- rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
- if( (CERTOidSequence *)NULL == rv ) {
- goto loser;
- }
-
- rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *));
- if( (SECItem **)NULL == rv->oids ) {
- goto loser;
- }
-
- rv->arena = arena;
- return rv;
-
- loser:
- if( (PRArenaPool *)NULL != arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return (CERTOidSequence *)NULL;
-}
-
-static SECStatus
-AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
-{
- SECItem **oids;
- PRUint32 count = 0;
- SECOidData *od;
-
- od = SECOID_FindOIDByTag(oidTag);
- if( (SECOidData *)NULL == od ) {
- return SECFailure;
- }
-
- for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) {
- count++;
- }
-
- /* ArenaZRealloc */
-
- {
- PRUint32 i;
-
- oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count+2));
- if( (SECItem **)NULL == oids ) {
- return SECFailure;
- }
-
- for( i = 0; i < count; i++ ) {
- oids[i] = os->oids[i];
- }
-
- /* ArenaZFree(os->oids); */
- }
-
- os->oids = oids;
- os->oids[count] = &od->oid;
-
- return SECSuccess;
-}
-
-static SECItem *
-EncodeOidSequence(CERTOidSequence *os)
-{
- SECItem *rv;
- extern const SEC_ASN1Template CERT_OidSeqTemplate[];
-
- rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem));
- if( (SECItem *)NULL == rv ) {
- goto loser;
- }
-
- if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) {
- goto loser;
- }
-
- return rv;
-
- loser:
- return (SECItem *)NULL;
-}
-
-static SECStatus
-AddExtKeyUsage (void *extHandle)
-{
- char buffer[5];
- int value;
- CERTOidSequence *os;
- SECStatus rv;
- SECItem *item;
-
- os = CreateOidSequence();
- if( (CERTOidSequence *)NULL == os ) {
- return SECFailure;
- }
-
- while (1) {
- fprintf(stdout, "%-25s 0 - Server Auth\n", "");
- fprintf(stdout, "%-25s 1 - Client Auth\n", "");
- fprintf(stdout, "%-25s 2 - Code Signing\n", "");
- fprintf(stdout, "%-25s 3 - Email Protection\n", "");
- fprintf(stdout, "%-25s 4 - Timestamp\n", "");
- fprintf(stdout, "%-25s 5 - OSCP Responder\n", "");
-#ifdef DEBUG_NSSTEAM_ONLY
- fprintf(stdout, "%-25s 6 - Step-up\n", "");
-#endif /* DEBUG_NSSTEAM_ONLY */
- fprintf(stdout, "%-25s Other to finish\n", "");
-
- gets(buffer);
- value = atoi(buffer);
-
- switch( value ) {
- case 0:
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH);
- break;
- case 1:
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
- break;
- case 2:
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN);
- break;
- case 3:
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT);
- break;
- case 4:
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP);
- break;
- case 5:
- rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
- break;
-#ifdef DEBUG_NSSTEAM_ONLY
- case 6:
- rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
- break;
-#endif /* DEBUG_NSSTEAM_ONLY */
- default:
- goto endloop;
- }
-
- if( SECSuccess != rv ) goto loser;
- }
-
- endloop:;
- item = EncodeOidSequence(os);
-
- buffer[0] = 'n';
- puts ("Is this a critical extension [y/n]? ");
- gets (buffer);
-
- rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, item,
- ((buffer[0] == 'y' || buffer[0] == 'Y')
- ? PR_TRUE : PR_FALSE), PR_TRUE);
- /*FALLTHROUGH*/
- loser:
- CERT_DestroyOidSequence(os);
- return rv;
-}
-
-static SECStatus
-AddNscpCertType (void *extHandle)
-{
- SECItem bitStringValue;
- unsigned char keyUsage = 0x0;
- char buffer[5];
- int value;
-
- while (1) {
- fprintf(stdout, "%-25s 0 - SSL Client\n", "");
- fprintf(stdout, "%-25s 1 - SSL Server\n", "");
- fprintf(stdout, "%-25s 2 - S/MIME\n", "");
- fprintf(stdout, "%-25s 3 - Object Signing\n", "");
- fprintf(stdout, "%-25s 4 - Reserved for futuer use\n", "");
- fprintf(stdout, "%-25s 5 - SSL CA\n", "");
- fprintf(stdout, "%-25s 6 - S/MIME CA\n", "");
- fprintf(stdout, "%-25s 7 - Object Signing CA\n", "");
- fprintf(stdout, "%-25s Other to finish\n", "");
- gets (buffer);
- value = atoi (buffer);
- if (value < 0 || value > 7)
- break;
- keyUsage |= (0x80 >> value);
- }
-
- bitStringValue.data = &keyUsage;
- bitStringValue.len = 1;
- buffer[0] = 'n';
- puts ("Is this a critical extension [y/n]? ");
- gets (buffer);
-
- return (CERT_EncodeAndAddBitStrExtension
- (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue,
- (buffer[0] == 'y' || buffer[0] == 'Y') ? PR_TRUE : PR_FALSE));
-
-}
-
-typedef SECStatus (* EXTEN_VALUE_ENCODER)
- (PRArenaPool *extHandle, void *value, SECItem *encodedValue);
-
-static SECStatus
-EncodeAndAddExtensionValue(
- PRArenaPool * arena,
- void * extHandle,
- void * value,
- PRBool criticality,
- int extenType,
- EXTEN_VALUE_ENCODER EncodeValueFn)
-{
- SECItem encodedValue;
- SECStatus rv;
-
-
- encodedValue.data = NULL;
- encodedValue.len = 0;
- do {
- rv = (*EncodeValueFn)(arena, value, &encodedValue);
- if (rv != SECSuccess)
- break;
-
- rv = CERT_AddExtension
- (extHandle, extenType, &encodedValue, criticality,PR_TRUE);
- } while (0);
-
- return (rv);
-}
-
-static SECStatus
-AddBasicConstraint(void *extHandle)
-{
- CERTBasicConstraints basicConstraint;
- SECItem encodedValue;
- SECStatus rv;
- char buffer[10];
-
- encodedValue.data = NULL;
- encodedValue.len = 0;
- do {
- basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
- puts ("Is this a CA certificate [y/n]?");
- gets (buffer);
- basicConstraint.isCA = (buffer[0] == 'Y' || buffer[0] == 'y') ?
- PR_TRUE : PR_FALSE;
-
- puts ("Enter the path length constraint, enter to skip [<0 for unlimited path]:");
- gets (buffer);
- if (PORT_Strlen (buffer) > 0)
- basicConstraint.pathLenConstraint = atoi (buffer);
-
- rv = CERT_EncodeBasicConstraintValue (NULL, &basicConstraint, &encodedValue);
- if (rv)
- return (rv);
-
- buffer[0] = 'n';
- puts ("Is this a critical extension [y/n]? ");
- gets (buffer);
- rv = CERT_AddExtension
- (extHandle, SEC_OID_X509_BASIC_CONSTRAINTS,
- &encodedValue, (buffer[0] == 'y' || buffer[0] == 'Y') ?
- PR_TRUE : PR_FALSE ,PR_TRUE);
- } while (0);
- PORT_Free (encodedValue.data);
- return (rv);
-}
-
-static SECItem *
-SignCert(CERTCertDBHandle *handle,
-CERTCertificate *cert, PRBool selfsign,
-SECKEYPrivateKey *selfsignprivkey, char *issuerNickName, void *pwarg)
-{
- SECItem der;
- SECItem *result = NULL;
- SECKEYPrivateKey *caPrivateKey = NULL;
- SECStatus rv;
- PRArenaPool *arena;
- SECOidTag algID;
- void *dummy;
-
- if( selfsign ) {
- caPrivateKey = selfsignprivkey;
- } else {
- /*CERTCertificate *issuer = CERT_FindCertByNickname(handle, issuerNickName);*/
- CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, NULL);
- if( (CERTCertificate *)NULL == issuer ) {
- SECU_PrintError(progName, "unable to find issuer with nickname %s",
- issuerNickName);
- return (SECItem *)NULL;
- }
-
- caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg);
- if (caPrivateKey == NULL) {
- SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName);
- return NULL;
- }
- }
-
- arena = cert->arena;
-
- switch(caPrivateKey->keyType) {
- case rsaKey:
- algID = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
- break;
- case dsaKey:
- algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- break;
- default:
- fprintf(stderr, "Unknown key type for issuer.");
- goto done;
- break;
- }
-
- rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0);
- if (rv != SECSuccess) {
- fprintf(stderr, "Could not set signature algorithm id.");
- goto done;
- }
-
- /* we only deal with cert v3 here */
- *(cert->version.data) = 2;
- cert->version.len = 1;
-
- der.len = 0;
- der.data = NULL;
- dummy = SEC_ASN1EncodeItem (arena, &der, cert, CERT_CertificateTemplate);
- if (!dummy) {
- fprintf (stderr, "Could not encode certificate.\n");
- goto done;
- }
-
- result = (SECItem *) PORT_ArenaZAlloc (arena, sizeof (SECItem));
- if (result == NULL) {
- fprintf (stderr, "Could not allocate item for certificate data.\n");
- goto done;
- }
-
- rv = SEC_DerSignData (arena, result, der.data, der.len, caPrivateKey,
- algID);
- if (rv != SECSuccess) {
- fprintf (stderr, "Could not sign encoded certificate data.\n");
- PORT_Free(result);
- result = NULL;
- goto done;
- }
- cert->derCert = *result;
-done:
- SECKEY_DestroyPrivateKey(caPrivateKey);
- return result;
-}
-
-static SECStatus
-AddAuthKeyID (void *extHandle)
-{
- CERTAuthKeyID *authKeyID = NULL;
- PRArenaPool *arena = NULL;
- SECStatus rv = SECSuccess;
- char buffer[512];
-
- do {
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- SECU_PrintError(progName, "out of memory");
- GEN_BREAK (SECFailure);
- }
-
- if (GetYesNo ("Enter value for the authKeyID extension [y/n]?\n") == 0)
- break;
-
- authKeyID = PORT_ArenaZAlloc (arena, sizeof (CERTAuthKeyID));
- if (authKeyID == NULL) {
- GEN_BREAK (SECFailure);
- }
-
- rv = GetString (arena, "Enter value for the key identifier fields, enter to omit:",
- &authKeyID->keyID);
- if (rv != SECSuccess)
- break;
- authKeyID->authCertIssuer = GetGeneralName (arena);
- if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError ())
- break;
-
-
- rv = GetString (arena, "Enter value for the authCertSerial field, enter to omit:",
- &authKeyID->authCertSerialNumber);
-
- buffer[0] = 'n';
- puts ("Is this a critical extension [y/n]? ");
- gets (buffer);
-
- rv = EncodeAndAddExtensionValue
- (arena, extHandle, authKeyID,
- (buffer[0] == 'y' || buffer[0] == 'Y') ? PR_TRUE : PR_FALSE,
- SEC_OID_X509_AUTH_KEY_ID,
- (EXTEN_VALUE_ENCODER) CERT_EncodeAuthKeyID);
- if (rv)
- break;
-
- } while (0);
- if (arena)
- PORT_FreeArena (arena, PR_FALSE);
- return (rv);
-}
-
-static SECStatus
-AddCrlDistPoint(void *extHandle)
-{
- PRArenaPool *arena = NULL;
- CERTCrlDistributionPoints *crlDistPoints = NULL;
- CRLDistributionPoint *current;
- SECStatus rv = SECSuccess;
- int count = 0, intValue;
- char buffer[5];
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena )
- return (SECFailure);
-
- do {
- current = NULL;
- current = PORT_ArenaZAlloc (arena, sizeof (*current));
- if (current == NULL) {
- GEN_BREAK (SECFailure);
- }
-
- /* Get the distributionPointName fields - this field is optional */
- puts ("Enter the type of the distribution point name:\n");
- puts ("\t1 - Full Name\n\t2 - Relative Name\n\tOther - omit\n\t\tChoice: ");
- scanf ("%d", &intValue);
- switch (intValue) {
- case generalName:
- current->distPointType = intValue;
- current->distPoint.fullName = GetGeneralName (arena);
- rv = PORT_GetError();
- break;
-
- case relativeDistinguishedName: {
- CERTName *name;
- char buffer[512];
-
- current->distPointType = intValue;
- puts ("Enter the relative name: ");
- fflush (stdout);
- gets (buffer);
- /* For simplicity, use CERT_AsciiToName to converse from a string
- to NAME, but we only interest in the first RDN */
- name = CERT_AsciiToName (buffer);
- if (!name) {
- GEN_BREAK (SECFailure);
- }
- rv = CERT_CopyRDN (arena, &current->distPoint.relativeName, name->rdns[0]);
- CERT_DestroyName (name);
- break;
- }
- }
- if (rv != SECSuccess)
- break;
-
- /* Get the reason flags */
- puts ("\nSelect one of the following for the reason flags\n");
- puts ("\t0 - unused\n\t1 - keyCompromise\n\t2 - caCompromise\n\t3 - affiliationChanged\n");
- puts ("\t4 - superseded\n\t5 - cessationOfOperation\n\t6 - certificateHold\n");
- puts ("\tother - omit\t\tChoice: ");
-
- scanf ("%d", &intValue);
- if (intValue >= 0 && intValue <8) {
- current->reasons.data = PORT_ArenaAlloc (arena, sizeof(char));
- if (current->reasons.data == NULL) {
- GEN_BREAK (SECFailure);
- }
- *current->reasons.data = (char)(0x80 >> intValue);
- current->reasons.len = 1;
- }
- puts ("Enter value for the CRL Issuer name:\n");
- current->crlIssuer = GetGeneralName (arena);
- if (current->crlIssuer == NULL && (rv = PORT_GetError()) == SECFailure)
- break;
-
- if (crlDistPoints == NULL) {
- crlDistPoints = PORT_ArenaZAlloc (arena, sizeof (*crlDistPoints));
- if (crlDistPoints == NULL) {
- GEN_BREAK (SECFailure);
- }
- }
-
- crlDistPoints->distPoints = PORT_ArenaGrow (arena,
- crlDistPoints->distPoints,
- sizeof (*crlDistPoints->distPoints) * count,
- sizeof (*crlDistPoints->distPoints) *(count + 1));
- if (crlDistPoints->distPoints == NULL) {
- GEN_BREAK (SECFailure);
- }
-
- crlDistPoints->distPoints[count] = current;
- ++count;
- if (GetYesNo ("Enter more value for the CRL distribution point extension [y/n]\n") == 0) {
- /* Add null to the end of the crlDistPoints to mark end of data */
- crlDistPoints->distPoints = PORT_ArenaGrow(arena,
- crlDistPoints->distPoints,
- sizeof (*crlDistPoints->distPoints) * count,
- sizeof (*crlDistPoints->distPoints) *(count + 1));
- crlDistPoints->distPoints[count] = NULL;
- break;
- }
-
-
- } while (1);
-
- if (rv == SECSuccess) {
- buffer[0] = 'n';
- puts ("Is this a critical extension [y/n]? ");
- gets (buffer);
-
- rv = EncodeAndAddExtensionValue(arena, extHandle, crlDistPoints,
- (buffer[0] == 'Y' || buffer[0] == 'y') ? PR_TRUE : PR_FALSE,
- SEC_OID_X509_CRL_DIST_POINTS,
- (EXTEN_VALUE_ENCODER) CERT_EncodeCRLDistributionPoints);
- }
- if (arena)
- PORT_FreeArena (arena, PR_FALSE);
- return (rv);
-}
-
-static SECStatus
-CreateCert(
- CERTCertDBHandle *handle,
- char * issuerNickName,
- PRFileDesc *inFile,
- PRFileDesc *outFile,
- SECKEYPrivateKey *selfsignprivkey,
- void *pwarg,
- int serialNumber,
- int warpmonths,
- int validitylength,
- PRBool selfsign,
- PRBool keyUsage,
- PRBool extKeyUsage,
- PRBool basicConstraint,
- PRBool authKeyID,
- PRBool crlDistPoints,
- PRBool nscpCertType)
-{
- void * extHandle;
- SECItem * certDER;
- PRArenaPool *arena = NULL;
- CERTCertificate *subjectCert = NULL;
- /*CERTCertificate *issuerCert = NULL;*/
- CERTCertificateRequest *certReq = NULL;
- SECStatus rv = SECSuccess;
- SECItem reqDER;
-
- reqDER.data = NULL;
- do {
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) {
- GEN_BREAK (SEC_ERROR_NO_MEMORY);
- }
-
- /* Create a certrequest object from the input cert request der */
- certReq = GetCertRequest(inFile);
- if (certReq == NULL) {
- GEN_BREAK (SECFailure)
- }
-
- subjectCert = MakeV1Cert (handle, certReq, issuerNickName, selfsign,
- serialNumber, warpmonths, validitylength);
- if (subjectCert == NULL) {
- GEN_BREAK (SECFailure)
- }
-
- extHandle = CERT_StartCertExtensions (subjectCert);
- if (extHandle == NULL) {
- GEN_BREAK (SECFailure)
- }
-
- /* Add key usage extension */
- if (keyUsage) {
- rv = AddKeyUsage(extHandle);
- if (rv)
- break;
- }
-
- /* Add extended key usage extension */
- if (extKeyUsage) {
- rv = AddExtKeyUsage(extHandle);
- if (rv)
- break;
- }
-
- /* Add basic constraint extension */
- if (basicConstraint) {
- rv = AddBasicConstraint(extHandle);
- if (rv)
- break;
- }
-
- if (authKeyID) {
- rv = AddAuthKeyID (extHandle);
- if (rv)
- break;
- }
-
-
- if (crlDistPoints) {
- rv = AddCrlDistPoint (extHandle);
- if (rv)
- break;
- }
-
- if (nscpCertType) {
- rv = AddNscpCertType(extHandle);
- if (rv)
- break;
- }
-
-
- CERT_FinishExtensions(extHandle);
-
- certDER = SignCert (handle, subjectCert, selfsign, selfsignprivkey, issuerNickName,pwarg);
-
- if (certDER)
- PR_Write(outFile, certDER->data, certDER->len);
- /*fwrite (certDER->data, 1, certDER->len, outFile);*/
-
- } while (0);
- CERT_DestroyCertificateRequest (certReq);
- CERT_DestroyCertificate (subjectCert);
- PORT_FreeArena (arena, PR_FALSE);
- if (rv != SECSuccess) {
- PRErrorCode perr = PR_GetError();
- fprintf(stderr, "%s: unable to create cert (%s)\n", progName,
- SECU_Strerror(perr));
- }
- return (rv);
-}
-
-/* Certutil commands */
-enum {
- cmd_AddCert = 0,
- cmd_CreateNewCert,
- cmd_DeleteCert,
- cmd_AddEmailCert,
- cmd_DeleteKey,
- cmd_GenKeyPair,
- cmd_PrintHelp,
- cmd_ListKeys,
- cmd_ListCerts,
- cmd_ModifyCertTrust,
- cmd_NewDBs,
- cmd_CertReq,
- cmd_CreateAndAddCert,
- cmd_ListModules,
- cmd_CheckCertValidity,
- cmd_ChangePassword
-};
-
-/* Certutil options */
-enum {
- opt_AddKeyUsageExt = 0,
- opt_AddBasicConstraintExt,
- opt_AddAuthorityKeyIDExt,
- opt_AddCRLDistPtsExt,
- opt_AddNSCertTypeExt,
- opt_AddExtKeyUsageExt,
- opt_ASCIIForIO,
- opt_ValidityTime,
- opt_IssuerName,
- opt_CertDir,
- opt_VerifySig,
- opt_PasswordFile,
- opt_KeySize,
- opt_TokenName,
- opt_InputFile,
- opt_KeyIndex,
- opt_KeyType,
- opt_DetailedInfo,
- opt_SerialNumber,
- opt_Nickname,
- opt_OutputFile,
- opt_PhoneNumber,
- opt_PQGFile,
- opt_BinaryDER,
- opt_Subject,
- opt_Trust,
- opt_Usage,
- opt_Validity,
- opt_OffsetMonths,
- opt_SelfSign,
- opt_Exponent,
- opt_NoiseFile
-};
-
-static secuCommandFlag certutil_commands[] =
-{
- { /* cmd_AddCert */ 'A', PR_FALSE, 0, PR_FALSE },
- { /* cmd_CreateNewCert */ 'C', PR_FALSE, 0, PR_FALSE },
- { /* cmd_DeleteCert */ 'D', PR_FALSE, 0, PR_FALSE },
- { /* cmd_AddEmailCert */ 'E', PR_FALSE, 0, PR_FALSE },
- { /* cmd_DeleteKey */ 'F', PR_FALSE, 0, PR_FALSE },
- { /* cmd_GenKeyPair */ 'G', PR_FALSE, 0, PR_FALSE },
- { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ListKeys */ 'K', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ListCerts */ 'L', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ModifyCertTrust */ 'M', PR_FALSE, 0, PR_FALSE },
- { /* cmd_NewDBs */ 'N', PR_FALSE, 0, PR_FALSE },
- { /* cmd_CertReq */ 'R', PR_FALSE, 0, PR_FALSE },
- { /* cmd_CreateAndAddCert */ 'S', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ListModules */ 'U', PR_FALSE, 0, PR_FALSE },
- { /* cmd_CheckCertValidity */ 'V', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ChangePassword */ 'W', PR_FALSE, 0, PR_FALSE }
-};
-
-static secuCommandFlag certutil_options[] =
-{
- { /* opt_AddKeyUsageExt */ '1', PR_FALSE, 0, PR_FALSE },
- { /* opt_AddBasicConstraintExt*/ '2', PR_FALSE, 0, PR_FALSE },
- { /* opt_AddAuthorityKeyIDExt*/ '3', PR_FALSE, 0, PR_FALSE },
- { /* opt_AddCRLDistPtsExt */ '4', PR_FALSE, 0, PR_FALSE },
- { /* opt_AddNSCertTypeExt */ '5', PR_FALSE, 0, PR_FALSE },
- { /* opt_AddExtKeyUsageExt */ '6', PR_FALSE, 0, PR_FALSE },
- { /* opt_ASCIIForIO */ 'a', PR_FALSE, 0, PR_FALSE },
- { /* opt_ValidityTime */ 'b', PR_TRUE, 0, PR_FALSE },
- { /* opt_IssuerName */ 'c', PR_TRUE, 0, PR_FALSE },
- { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
- { /* opt_VerifySig */ 'e', PR_FALSE, 0, PR_FALSE },
- { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE },
- { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE },
- { /* opt_InputFile */ 'i', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeyIndex */ 'j', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeyType */ 'k', PR_TRUE, 0, PR_FALSE },
- { /* opt_DetailedInfo */ 'l', PR_FALSE, 0, PR_FALSE },
- { /* opt_SerialNumber */ 'm', PR_TRUE, 0, PR_FALSE },
- { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
- { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE },
- { /* opt_PhoneNumber */ 'p', PR_TRUE, 0, PR_FALSE },
- { /* opt_PQGFile */ 'q', PR_TRUE, 0, PR_FALSE },
- { /* opt_BinaryDER */ 'r', PR_FALSE, 0, PR_FALSE },
- { /* opt_Subject */ 's', PR_TRUE, 0, PR_FALSE },
- { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE },
- { /* opt_Usage */ 'u', PR_TRUE, 0, PR_FALSE },
- { /* opt_Validity */ 'v', PR_TRUE, 0, PR_FALSE },
- { /* opt_OffsetMonths */ 'w', PR_TRUE, 0, PR_FALSE },
- { /* opt_SelfSign */ 'x', PR_FALSE, 0, PR_FALSE },
- { /* opt_Exponent */ 'y', PR_TRUE, 0, PR_FALSE },
- { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE }
-};
-
-int
-main(int argc, char **argv)
-{
- CERTCertDBHandle *certHandle;
- SECKEYKeyDBHandle *keyHandle;
- PK11SlotInfo *slot = NULL;
- CERTName * subject = 0;
- PRFileDesc *inFile = 0;
- PRFileDesc *outFile = 0;
- char * certfile = "tempcert";
- char * certreqfile = "tempcertreq";
- char * slotname = "internal";
- KeyType keytype = rsaKey;
- /*char * keyslot = NULL;*/
- /*char * keynickname = NULL;*/
- char * name = NULL;
- int keysize = DEFAULT_KEY_BITS;
- int publicExponent = 0x010001;
- int serialNumber = 0;
- int warpmonths = 0;
- int validitylength = 0;
- int commandsEntered = 0;
- char commandToRun = '\0';
- secuPWData pwdata = { PW_NONE, 0 };
-
- SECKEYPrivateKey *privkey;
- SECKEYPublicKey *pubkey = NULL;
-
- int i;
- SECStatus rv;
-
- secuCommand certutil;
- certutil.numCommands = sizeof(certutil_commands) / sizeof(secuCommandFlag);
- certutil.numOptions = sizeof(certutil_options) / sizeof(secuCommandFlag);
- certutil.commands = certutil_commands;
- certutil.options = certutil_options;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- rv = SECU_ParseCommandLine(argc, argv, progName, &certutil);
-
- if (rv != SECSuccess)
- Usage(progName);
-
- if (certutil.commands[cmd_PrintHelp].activated)
- LongUsage(progName);
-
-#if 0
- /* Not supported at the moment. */
- /* -E add email cert */
- if (certutil.commands[cmd_AddEmailCert].activated) {
- certutil.commands[cmd_AddCert].activated = PR_TRUE;
- }
-#endif
-
- if (certutil.options[opt_PasswordFile].arg) {
- pwdata.source = PW_FROMFILE;
- pwdata.data = certutil.options[opt_PasswordFile].arg;
- }
-
- if (certutil.options[opt_CertDir].activated)
- SECU_ConfigDirectory(certutil.options[opt_CertDir].arg);
-
- if (certutil.options[opt_KeySize].activated) {
- keysize = PORT_Atoi(certutil.options[opt_KeySize].arg);
- if ((keysize < MIN_KEY_BITS) || (keysize > MAX_KEY_BITS)) {
- PR_fprintf(PR_STDERR,
- "%s -g: Keysize must be between %d and %d.\n",
- MIN_KEY_BITS, MAX_KEY_BITS);
- return -1;
- }
- }
-
- /* -h specify token name */
- if (certutil.options[opt_TokenName].activated) {
- if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0)
- slotname = NULL;
- else
- slotname = PL_strdup(certutil.options[opt_TokenName].arg);
- }
-
- /* -k key type */
- if (certutil.options[opt_KeyType].activated) {
- if (PL_strcmp(certutil.options[opt_KeyType].arg, "rsa") == 0) {
- keytype = rsaKey;
- } else if (PL_strcmp(certutil.options[opt_KeyType].arg, "dsa") == 0) {
- keytype = dsaKey;
- } else if (PL_strcmp(certutil.options[opt_KeyType].arg, "all") == 0) {
- keytype = nullKey;
- } else {
- PR_fprintf(PR_STDERR, "%s -k: %s is not a recognized type.\n",
- progName, certutil.options[opt_KeyType].arg);
- return -1;
- }
- }
-
- /* -m serial number */
- if (certutil.options[opt_SerialNumber].activated) {
- serialNumber = PORT_Atoi(certutil.options[opt_SerialNumber].arg);
- if (serialNumber < 0) {
- PR_fprintf(PR_STDERR, "%s -m: %s is not a valid serial number.\n",
- progName, certutil.options[opt_SerialNumber].arg);
- return -1;
- }
- }
-
- /* -q PQG file */
- if (certutil.options[opt_PQGFile].activated) {
- if (keytype != dsaKey) {
- PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
- progName);
- return -1;
- }
- }
-
- /* -s subject name */
- if (certutil.options[opt_Subject].activated) {
- subject = CERT_AsciiToName(certutil.options[opt_Subject].arg);
- if (!subject) {
- PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n",
- progName, certutil.options[opt_Subject].arg);
- return -1;
- }
- }
-
- /* -v validity period */
- if (certutil.options[opt_Validity].activated) {
- validitylength = PORT_Atoi(certutil.options[opt_Validity].arg);
- if (validitylength < 0) {
- PR_fprintf(PR_STDERR, "%s -v: incorrect validity period: \"%s\"\n",
- progName, certutil.options[opt_Validity].arg);
- return -1;
- }
- }
-
- /* -w warp months */
- if (certutil.options[opt_OffsetMonths].activated) {
- warpmonths = PORT_Atoi(certutil.options[opt_OffsetMonths].arg);
- if (warpmonths < 0) {
- PR_fprintf(PR_STDERR, "%s -w: incorrect offset months: \"%s\"\n",
- progName, certutil.options[opt_OffsetMonths].arg);
- return -1;
- }
- }
-
- /* -y public exponent (for RSA) */
- if (certutil.options[opt_Exponent].activated) {
- publicExponent = PORT_Atoi(certutil.options[opt_Exponent].arg);
- if ((publicExponent != 3) &&
- (publicExponent != 17) &&
- (publicExponent != 65537)) {
- PR_fprintf(PR_STDERR, "%s -y: incorrect public exponent %d.",
- progName, publicExponent);
- PR_fprintf(PR_STDERR, "Must be 3, 17, or 65537.\n");
- return -1;
- }
- }
-
- /* Check number of commands entered. */
- commandsEntered = 0;
- for (i=0; i< certutil.numCommands; i++) {
- if (certutil.commands[i].activated) {
- commandToRun = certutil.commands[i].flag;
- commandsEntered++;
- }
- if (commandsEntered > 1)
- break;
- }
- if (commandsEntered > 1) {
- PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName);
- PR_fprintf(PR_STDERR, "You entered: ");
- for (i=0; i< certutil.numCommands; i++) {
- if (certutil.commands[i].activated)
- PR_fprintf(PR_STDERR, " -%c", certutil.commands[i].flag);
- }
- PR_fprintf(PR_STDERR, "\n");
- return -1;
- }
- if (commandsEntered == 0) {
- PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName);
- Usage(progName);
- }
-
- /* -A, -D, -F, -M, -S, -V, and all require -n */
- if ((certutil.commands[cmd_AddCert].activated ||
- certutil.commands[cmd_DeleteCert].activated ||
- certutil.commands[cmd_DeleteKey].activated ||
- certutil.commands[cmd_ModifyCertTrust].activated ||
- certutil.commands[cmd_CreateAndAddCert].activated ||
- certutil.commands[cmd_CheckCertValidity].activated) &&
- !certutil.options[opt_Nickname].activated) {
- PR_fprintf(PR_STDERR,
- "%s -%c: nickname is required for this command (-n).\n",
- progName, commandToRun);
- return -1;
- }
-
- /* -A, -M, -S require trust */
- if ((certutil.commands[cmd_AddCert].activated ||
- certutil.commands[cmd_ModifyCertTrust].activated ||
- certutil.commands[cmd_CreateAndAddCert].activated) &&
- !certutil.options[opt_Trust].activated) {
- PR_fprintf(PR_STDERR,
- "%s -%c: trust is required for this command (-t).\n",
- progName, commandToRun);
- return -1;
- }
-
- /* if -L is given raw or ascii mode, it must be for only one cert. */
- if (certutil.commands[cmd_ListCerts].activated &&
- (certutil.options[opt_ASCIIForIO].activated ||
- certutil.options[opt_BinaryDER].activated) &&
- !certutil.options[opt_Nickname].activated) {
- PR_fprintf(PR_STDERR,
- "%s: nickname is required to dump cert in raw or ascii mode.\n",
- progName);
- return -1;
- }
-
- /* -L can only be in (raw || ascii). */
- if (certutil.commands[cmd_ListCerts].activated &&
- certutil.options[opt_ASCIIForIO].activated &&
- certutil.options[opt_BinaryDER].activated) {
- PR_fprintf(PR_STDERR,
- "%s: cannot specify both -r and -a when dumping cert.\n",
- progName);
- return -1;
- }
-
- /* If making a cert request, need a subject. */
- if ((certutil.commands[cmd_CertReq].activated ||
- certutil.commands[cmd_CreateAndAddCert].activated) &&
- !certutil.options[opt_Subject].activated) {
- PR_fprintf(PR_STDERR,
- "%s -%c: subject is required to create a cert request.\n",
- progName, commandToRun);
- return -1;
- }
-
- /* If making a cert, need a serial number. */
- if ((certutil.commands[cmd_CreateNewCert].activated ||
- certutil.commands[cmd_CreateAndAddCert].activated) &&
- !certutil.options[opt_SerialNumber].activated) {
- /* Make a default serial number from the current time. */
- PRTime now = PR_Now();
- serialNumber = LL_L2UI(serialNumber, now);
- }
-
- /* Validation needs the usage to validate for. */
- if (certutil.commands[cmd_CheckCertValidity].activated &&
- !certutil.options[opt_Usage].activated) {
- PR_fprintf(PR_STDERR,
- "%s -V: specify a usage to validate the cert for (-u).\n",
- progName);
- return -1;
- }
-
- /* To make a cert, need either a issuer or to self-sign it. */
- if (certutil.commands[cmd_CreateAndAddCert].activated &&
- !(certutil.options[opt_IssuerName].activated ||
- certutil.options[opt_SelfSign].activated)) {
- PR_fprintf(PR_STDERR,
- "%s -S: must specify issuer (-c) or self-sign (-x).\n",
- progName);
- return -1;
- }
-
- /* Using slotname == NULL for listing keys on all slots, but only that. */
- if (!certutil.commands[cmd_ListKeys].activated && slotname == NULL) {
- PR_fprintf(PR_STDERR,
- "%s -%c: cannot use \"-h all\" for this command.\n",
- progName, commandToRun);
- return -1;
- }
-
- /* Using keytype == nullKey for list all key types, but only that. */
- if (!certutil.commands[cmd_ListKeys].activated && keytype == nullKey) {
- PR_fprintf(PR_STDERR,
- "%s -%c: cannot use \"-k all\" for this command.\n",
- progName, commandToRun);
- return -1;
- }
-
- /* -S open outFile, temporary file for cert request. */
- if (certutil.commands[cmd_CreateAndAddCert].activated) {
- outFile = PR_Open(certreqfile, PR_RDWR | PR_CREATE_FILE, 00660);
- if (!outFile) {
- PR_fprintf(PR_STDERR, "%s -o: unable to open \"%s\" for writing\n",
- progName, certreqfile);
- return -1;
- }
- }
-
- /* Open the input file. */
- if (certutil.options[opt_InputFile].activated) {
- inFile = PR_Open(certutil.options[opt_InputFile].arg, PR_RDONLY, 0);
- if (!inFile) {
- PR_fprintf(PR_STDERR,
- "%s: unable to open \"%s\" for reading.\n",
- progName, certutil.options[opt_InputFile].arg);
- return -1;
- }
- }
-
- /* Open the output file. */
- if (certutil.options[opt_OutputFile].activated && !outFile) {
- outFile = PR_Open(certutil.options[opt_OutputFile].arg,
- PR_CREATE_FILE | PR_RDWR, 00660);
- if (!outFile) {
- PR_fprintf(PR_STDERR,
- "%s: unable to open \"%s\" for writing.\n",
- progName, certutil.options[opt_OutputFile].arg);
- return -1;
- }
- }
-
- name = SECU_GetOptionArg(&certutil, opt_Nickname);
-
- PK11_SetPasswordFunc(SECU_GetModulePassword);
-
- /* Initialize NSPR and NSS. */
- PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
- certHandle = SECU_OpenCertDB(PR_FALSE);
- if (certHandle == NULL) {
- SECU_PrintError(progName, "unable to open cert database");
- return -1;
- }
- keyHandle = SECKEY_GetDefaultKeyDB();
-
- if (slotname == NULL || PL_strcmp(slotname, "internal") == 0)
- slot = PK11_GetInternalKeySlot();
- else
- slot = PK11_FindSlotByName(slotname);
-
- /* If creating new database, initialize the password. */
- if (certutil.commands[cmd_NewDBs].activated) {
- SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg);
- }
-
- /* The following 8 options are mutually exclusive with all others. */
-
- /* List certs (-L) */
- if (certutil.commands[cmd_ListCerts].activated) {
- rv = ListCerts(certHandle, name, slot,
- certutil.options[opt_BinaryDER].activated,
- certutil.options[opt_ASCIIForIO].activated);
- return !rv - 1;
- }
- /* XXX needs work */
- /* List keys (-K) */
- if (certutil.commands[cmd_ListKeys].activated) {
- rv = ListKeys(slot, name, 0 /*keyindex*/, keytype, PR_FALSE /*dopriv*/);
- return !rv - 1;
- }
- /* List modules (-U) */
- if (certutil.commands[cmd_ListModules].activated) {
- rv = ListModules();
- return !rv - 1;
- }
- /* Delete cert (-D) */
- if (certutil.commands[cmd_DeleteCert].activated) {
- rv = DeleteCert(certHandle, name);
- return !rv - 1;
- }
- /* Delete key (-F) */
- if (certutil.commands[cmd_DeleteKey].activated) {
- rv = DeleteKey(keyHandle, name);
- return !rv - 1;
- }
- /* Modify trust attribute for cert (-M) */
- if (certutil.commands[cmd_ModifyCertTrust].activated) {
- rv = ChangeTrustAttributes(certHandle, name,
- certutil.options[opt_Trust].arg);
- return !rv - 1;
- }
- /* Change key db password (-W) (future - change pw to slot?) */
- if (certutil.commands[cmd_ChangePassword].activated) {
- rv = SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg);
- return !rv - 1;
- }
- /* Check cert validity against current time (-V) */
- if (certutil.commands[cmd_CheckCertValidity].activated) {
- rv = ValidateCert(certHandle, name,
- certutil.options[opt_ValidityTime].arg,
- certutil.options[opt_Usage].arg,
- certutil.options[opt_VerifySig].activated,
- certutil.options[opt_DetailedInfo].activated);
- return !rv - 1;
- }
-
- /*
- * Key generation
- */
-
- /* These commands require keygen. */
- if (certutil.commands[cmd_CertReq].activated ||
- certutil.commands[cmd_CreateAndAddCert].activated ||
- certutil.commands[cmd_GenKeyPair].activated) {
- /* XXX Give it a nickname. */
- privkey =
- CERTUTIL_GeneratePrivateKey(keytype, slot, keysize,
- publicExponent,
- certutil.options[opt_NoiseFile].arg,
- &pubkey,
- certutil.options[opt_PQGFile].arg,
- certutil.options[opt_PasswordFile].arg);
- if (privkey == NULL) {
- SECU_PrintError(progName, "unable to generate key(s)\n");
- return -1;
- }
- PORT_Assert(pubkey != NULL);
-
- /* If all that was needed was keygen, exit. */
- if (certutil.commands[cmd_GenKeyPair].activated) {
- return SECSuccess;
- }
- }
-
- /*
- * Certificate request
- */
-
- /* Make a cert request (-R or -S). */
- if (certutil.commands[cmd_CreateAndAddCert].activated ||
- certutil.commands[cmd_CertReq].activated) {
- rv = CertReq(privkey, pubkey, keytype, subject,
- certutil.options[opt_PhoneNumber].arg,
- certutil.options[opt_ASCIIForIO].activated,
- outFile ? outFile : PR_STDOUT);
- if (rv)
- return -1;
- }
-
- /*
- * Certificate creation
- */
-
- /* If making and adding a cert, load the cert request file
- * and output the cert to another file.
- */
- if (certutil.commands[cmd_CreateAndAddCert].activated) {
- PR_Close(outFile);
- inFile = PR_Open(certreqfile, PR_RDONLY, 0);
- outFile = PR_Open(certfile, PR_RDWR | PR_CREATE_FILE, 00660);
- }
-
- /* Create a certificate (-C or -S). */
- if (certutil.commands[cmd_CreateAndAddCert].activated ||
- certutil.commands[cmd_CreateNewCert].activated) {
- rv = CreateCert(certHandle,
- certutil.options[opt_IssuerName].arg,
- inFile, outFile, privkey, &pwdata,
- serialNumber, warpmonths, validitylength,
- certutil.options[opt_SelfSign].activated,
- certutil.options[opt_AddKeyUsageExt].activated,
- certutil.options[opt_AddExtKeyUsageExt].activated,
- certutil.options[opt_AddBasicConstraintExt].activated,
- certutil.options[opt_AddAuthorityKeyIDExt].activated,
- certutil.options[opt_AddCRLDistPtsExt].activated,
- certutil.options[opt_AddNSCertTypeExt].activated);
- if (rv)
- return -1;
- }
-
- /*
- * Adding a cert to the database (or slot)
- */
-
- if (certutil.commands[cmd_CreateAndAddCert].activated) {
- PR_Close(inFile);
- PR_Close(outFile);
- inFile = PR_Open(certfile, PR_RDONLY, 0);
- if (!inFile) {
- PR_fprintf(PR_STDERR, "Failed to open file \"%s\".\n", certfile);
- return -1;
- }
- }
-
- if (certutil.commands[cmd_CreateAndAddCert].activated ||
- certutil.commands[cmd_AddCert].activated) {
- rv = AddCert(slot, certHandle, name,
- certutil.options[opt_Trust].arg,
- inFile,
- certutil.options[opt_ASCIIForIO].activated,
- PR_FALSE /* Email cert not supported */ );
- if (rv)
- return -1;
- }
-
- if (certutil.commands[cmd_CreateAndAddCert].activated) {
- PR_Close(inFile);
- PR_Delete(certfile);
- PR_Delete(certreqfile);
- }
-
- if ( certHandle ) {
- CERT_ClosePermCertDB(certHandle);
- }
-
- return rv;
-}
diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c
deleted file mode 100644
index 5b023f27e..000000000
--- a/security/nss/cmd/certutil/keystuff.c
+++ /dev/null
@@ -1,491 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "secutil.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#include <sys/time.h>
-#include <termios.h>
-#endif
-
-#if defined(XP_WIN)
-#include <time.h>
-#include <conio.h>
-#endif
-
-#if defined(__sun) && !defined(SVR4)
-extern int fclose(FILE*);
-extern int fprintf(FILE *, char *, ...);
-extern int isatty(int);
-extern char *sys_errlist[];
-#define strerror(errno) sys_errlist[errno]
-#endif
-
-#include "nspr.h"
-#include "prtypes.h"
-#include "prtime.h"
-#include "prlong.h"
-
-#include "pk11func.h"
-#include "secrng.h"
-#include "pqgutil.h"
-
-#define NUM_KEYSTROKES 120
-#define RAND_BUF_SIZE 60
-
-#define ERROR_BREAK rv = SECFailure;break;
-
-
-static void
-UpdateRNG(void)
-{
- char * randbuf;
- int fd, i, count;
- char c;
-#ifdef XP_UNIX
- cc_t orig_cc_min;
- cc_t orig_cc_time;
- tcflag_t orig_lflag;
- struct termios tio;
-#endif
-
-#define FPS fprintf(stderr,
- FPS "\n");
- FPS "A random seed must be generated that will be used in the\n");
- FPS "creation of your key. One of the easiest ways to create a\n");
- FPS "random seed is to use the timing of keystrokes on a keyboard.\n");
- FPS "\n");
- FPS "To begin, type keys on the keyboard until this progress meter\n");
- FPS "is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!\n");
- FPS "\n");
- FPS "\n");
- FPS "Continue typing until the progress meter is full:\n\n");
- FPS "| |\r");
-
- /* turn off echo on stdin & return on 1 char instead of NL */
- fd = fileno(stdin);
-
-#ifdef XP_UNIX
- tcgetattr(fd, &tio);
- orig_lflag = tio.c_lflag;
- orig_cc_min = tio.c_cc[VMIN];
- orig_cc_time = tio.c_cc[VTIME];
- tio.c_lflag &= ~ECHO;
- tio.c_lflag &= ~ICANON;
- tio.c_cc[VMIN] = 1;
- tio.c_cc[VTIME] = 0;
- tcsetattr(fd, TCSAFLUSH, &tio);
-#endif
-
- /* Get random noise from keyboard strokes */
- randbuf = (char *) PORT_Alloc(RAND_BUF_SIZE);
- count = 0;
- while (count < NUM_KEYSTROKES+1) {
-#ifdef XP_UNIX
- c = getc(stdin);
-#else
- c = getch();
-#endif
- RNG_GetNoise(&randbuf[1], sizeof(randbuf)-1);
- RNG_RandomUpdate(randbuf, sizeof(randbuf));
- if (c != randbuf[0]) {
- randbuf[0] = c;
- FPS "\r|");
- for (i=0; i<count/(NUM_KEYSTROKES/RAND_BUF_SIZE); i++) {
- FPS "*");
- }
- if (count%(NUM_KEYSTROKES/RAND_BUF_SIZE) == 1)
- FPS "/");
- count++;
- }
- }
- free(randbuf);
-
- FPS "\n\n");
- FPS "Finished. Press enter to continue: ");
- while (getc(stdin) != '\n')
- ;
- FPS "\n");
-
-#undef FPS
-
-#ifdef XP_UNIX
- /* set back termio the way it was */
- tio.c_lflag = orig_lflag;
- tio.c_cc[VMIN] = orig_cc_min;
- tio.c_cc[VTIME] = orig_cc_time;
- tcsetattr(fd, TCSAFLUSH, &tio);
-#endif
-}
-
-
-static unsigned char P[] = { 0x00, 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76,
- 0xaa, 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69,
- 0xcb, 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c,
- 0xf7, 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82,
- 0xe5, 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e,
- 0xaf, 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a,
- 0xac, 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24,
- 0xc2, 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02,
- 0x91 };
-static unsigned char Q[] = { 0x00, 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8,
- 0xee, 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4,
- 0x8e, 0xda, 0xce, 0x91, 0x5f };
-static unsigned char G[] = { 0x00, 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a,
- 0x13, 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5,
- 0x00, 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef,
- 0xcb, 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c,
- 0x2e, 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba,
- 0xbf, 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c,
- 0x9c, 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08,
- 0x8c, 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88,
- 0x02 };
-
-static PQGParams default_pqg_params = {
- NULL,
- { 0, P, sizeof(P) },
- { 0, Q, sizeof(Q) },
- { 0, G, sizeof(G) }
-};
-
-static PQGParams *
-decode_pqg_params(char *str)
-{
- char *buf;
- unsigned int len;
- PRArenaPool *arena;
- PQGParams *params;
- SECStatus status;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL)
- return NULL;
-
- params = PORT_ArenaZAlloc(arena, sizeof(PQGParams));
- if (params == NULL)
- goto loser;
- params->arena = arena;
-
- buf = (char *)ATOB_AsciiToData(str, &len);
- if ((buf == NULL) || (len == 0))
- goto loser;
-
- status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, buf, len);
- if (status != SECSuccess)
- goto loser;
-
- return params;
-
-loser:
- if (arena != NULL)
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
-}
-
-static int
-pqg_prime_bits(char *str)
-{
- PQGParams *params = NULL;
- int primeBits = 0, i;
-
- params = decode_pqg_params(str);
- if (params == NULL)
- goto done; /* lose */
-
- for (i = 0; params->prime.data[i] == 0; i++)
- /* empty */;
- primeBits = (params->prime.len - i) * 8;
-
-done:
- if (params != NULL)
- PQG_DestroyParams(params);
- return primeBits;
-}
-
-static char *
-SECU_GetpqgString(char *filename)
-{
- unsigned char phrase[400];
- FILE *fh;
- char *rv;
-
- fh = fopen(filename,"r");
- rv = fgets ((char*) phrase, sizeof(phrase), fh);
-
- fclose(fh);
- if (phrase[strlen(phrase)-1] == '\n')
- phrase[strlen(phrase)-1] = '\0';
- if (rv) {
- return (char*) PORT_Strdup((char*)phrase);
- }
- fprintf(stderr,"pqg file contain no data\n");
- return NULL;
-}
-
-PQGParams*
-getpqgfromfile(int keyBits, char *pqgFile)
-{
- char *end, *str, *pqgString;
- int primeBits;
-
- pqgString = SECU_GetpqgString(pqgFile);
- if (pqgString)
- str = PORT_Strdup(pqgString);
- else
- return NULL;
-
- do {
- end = PORT_Strchr(str, ',');
- if (end)
- *end = '\0';
- primeBits = pqg_prime_bits(str);
- if (keyBits == primeBits)
- goto found_match;
- str = end + 1;
- } while (end);
-
- PORT_Free(pqgString);
- PORT_Free(str);
- return NULL;
-
-found_match:
- PORT_Free(pqgString);
- PORT_Free(str);
- return decode_pqg_params(str);
-}
-
-SECKEYPrivateKey *
-CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
- int publicExponent, char *noise,
- SECKEYPublicKey **pubkeyp, char *pqgFile,
- char *passFile)
-{
- CK_MECHANISM_TYPE mechanism;
- SECOidTag algtag;
- PK11RSAGenParams rsaparams;
- PQGParams *dsaparams = NULL;
- void *params;
- secuPWData pwdata = { PW_NONE, 0 };
-
- /*
- * Do some random-number initialization.
- */
- RNG_SystemInfoForRNG();
-
- if (noise) {
- RNG_FileForRNG(noise);
- } else {
- UpdateRNG();
- }
-
- switch (keytype) {
- case rsaKey:
- rsaparams.keySizeInBits = size;
- rsaparams.pe = publicExponent;
- mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
- algtag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
- params = &rsaparams;
- break;
- case dsaKey:
- mechanism = CKM_DSA_KEY_PAIR_GEN;
- algtag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- if (pqgFile) {
- dsaparams = getpqgfromfile(size, pqgFile);
- } else {
- dsaparams = &default_pqg_params;
- }
- params = dsaparams;
- default:
- return NULL;
- }
-
- if (slot == NULL)
- return NULL;
-
- if (passFile) {
- pwdata.source = PW_FROMFILE;
- pwdata.data = passFile;
- }
-
- if (PK11_Authenticate(slot, PR_TRUE, &pwdata) != SECSuccess)
- return NULL;
-
- fprintf(stderr, "\n\n");
- fprintf(stderr, "Generating key. This may take a few moments...\n\n");
-
- return PK11_GenerateKeyPair(slot, mechanism, params, pubkeyp,
- PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/,
- NULL /*wincx*/);
-}
-
-/*
- * The following is all functionality moved over from keyutil, which may
- * or may not become completely obsolete. So, some of this stuff may
- * end up being turned on from within certutil. Some is probably not
- * even feasible anymore (Add/Delete?).
- */
-#ifdef LATER
-
-static SECStatus
-ListKeys(FILE *out)
-{
- int rt;
-
- rt = SECU_PrintKeyNames(handle, out);
- if (rt) {
- SECU_PrintError(progName, "unable to list nicknames");
- return SECFailure;
- }
- return SECSuccess;
-}
-
-static SECStatus
-DumpPublicKey(char *nickname, FILE *out)
-{
- SECKEYLowPrivateKey *privKey;
- SECKEYLowPublicKey *publicKey;
-
- /* check if key actually exists */
- if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) {
- SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
- return SECFailure;
- }
-
- /* Read in key */
- privKey = SECU_GetPrivateKey(handle, nickname);
- if (!privKey) {
- return SECFailure;
- }
-
- publicKey = SECKEY_LowConvertToPublicKey(privKey);
-
- /* Output public key (in the clear) */
- switch(publicKey->keyType) {
- case rsaKey:
- fprintf(out, "RSA Public-Key:\n");
- SECU_PrintInteger(out, &publicKey->u.rsa.modulus, "modulus", 1);
- SECU_PrintInteger(out, &publicKey->u.rsa.publicExponent,
- "publicExponent", 1);
- break;
- case dsaKey:
- fprintf(out, "DSA Public-Key:\n");
- SECU_PrintInteger(out, &publicKey->u.dsa.params.prime, "prime", 1);
- SECU_PrintInteger(out, &publicKey->u.dsa.params.subPrime,
- "subPrime", 1);
- SECU_PrintInteger(out, &publicKey->u.dsa.params.base, "base", 1);
- SECU_PrintInteger(out, &publicKey->u.dsa.publicValue, "publicValue", 1);
- break;
- default:
- fprintf(out, "unknown key type\n");
- break;
- }
- return SECSuccess;
-}
-
-static SECStatus
-DumpPrivateKey(char *nickname, FILE *out)
-{
- SECKEYLowPrivateKey *key;
-
- /* check if key actually exists */
- if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) {
- SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
- return SECFailure;
- }
-
- /* Read in key */
- key = SECU_GetPrivateKey(handle, nickname);
- if (!key) {
- SECU_PrintError(progName, "error retrieving key");
- return SECFailure;
- }
-
- switch(key->keyType) {
- case rsaKey:
- fprintf(out, "RSA Private-Key:\n");
- SECU_PrintInteger(out, &key->u.rsa.modulus, "modulus", 1);
- SECU_PrintInteger(out, &key->u.rsa.publicExponent, "publicExponent", 1);
- SECU_PrintInteger(out, &key->u.rsa.privateExponent,
- "privateExponent", 1);
- SECU_PrintInteger(out, &key->u.rsa.prime[0], "prime[0]", 1);
- SECU_PrintInteger(out, &key->u.rsa.prime[1], "prime[1]", 1);
- SECU_PrintInteger(out, &key->u.rsa.primeExponent[0],
- "primeExponent[0]", 1);
- SECU_PrintInteger(out, &key->u.rsa.primeExponent[1],
- "primeExponent[1]", 1);
- SECU_PrintInteger(out, &key->u.rsa.coefficient, "coefficient", 1);
- break;
- case dsaKey:
- fprintf(out, "DSA Private-Key:\n");
- SECU_PrintInteger(out, &key->u.dsa.params.prime, "prime", 1);
- SECU_PrintInteger(out, &key->u.dsa.params.subPrime, "subPrime", 1);
- SECU_PrintInteger(out, &key->u.dsa.params.base, "base", 1);
- SECU_PrintInteger(out, &key->u.dsa.publicValue, "publicValue", 1);
- SECU_PrintInteger(out, &key->u.dsa.privateValue, "privateValue", 1);
- break;
- default:
- fprintf(out, "unknown key type\n");
- break;
- }
- return SECSuccess;
-}
-
-static SECStatus
-ChangePassword(void)
-{
- SECStatus rv;
-
- /* Write out database with a new password */
- rv = SECU_ChangeKeyDBPassword(handle);
- if (rv) {
- SECU_PrintError(progName, "unable to change key password");
- }
- return rv;
-}
-
-static SECStatus DeletePrivateKey (char *nickName)
-{
- int rv;
-
- rv = SECU_DeleteKeyByName (keyHandle, nickName);
- if (rv != SECSuccess)
- fprintf(stderr, "%s: problem deleting private key (%s)\n",
- progName, SECU_Strerror(PR_GetError()));
- return (rv);
-
-}
-
-#endif /* LATER */
diff --git a/security/nss/cmd/certutil/makefile.win b/security/nss/cmd/certutil/makefile.win
deleted file mode 100644
index 26cdc0651..000000000
--- a/security/nss/cmd/certutil/makefile.win
+++ /dev/null
@@ -1,155 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-VERBOSE = 1
-include <manifest.mn>
-
-PROGRAM = certutil
-PROGRAM = $(OBJDIR)\$(PROGRAM).exe
-
-include <$(DEPTH)\config\config.mak>
-
-
-# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
-# rules.mak will append C_OBJS onto OBJS.
-# OBJS = $(CSRCS:.c=.obj)
-
-# include files are looked for in $LINCS and $INCS.
-# $LINCS is in manifest.mnw, computed from REQUIRES=
-INCS = $(INCS) \
- -I$(DEPTH)/security/lib/cert \
- -I../include \
- $(NULL)
-
-IGNORE_ME = \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
-
-
-WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
-
-# these files are the content of libdbm
-DBM_LIB = \
- $(WINFE)/DB.obj \
- $(WINFE)/HASH.obj \
- $(WINFE)/H_BIGKEY.obj \
- $(WINFE)/H_PAGE.obj \
- $(WINFE)/H_LOG2.obj \
- $(WINFE)/H_FUNC.obj \
- $(WINFE)/HASH_BUF.obj \
- $(NULL)
-
-MOZ_LIBS = \
- $(WINFE)/ALLXPSTR.obj \
- $(WINFE)/XP_ERROR.obj \
- $(WINFE)/XPASSERT.obj \
- $(WINFE)/XP_REG.obj \
- $(WINFE)/XP_TRACE.obj \
- $(DBM_LIB) \
- $(WINFE)/XP_STR.obj \
- $(WINFE)/MKTEMP.obj \
- $(NULL)
-
-SEC_LIBS = \
- $(DIST)/lib/cert$(MOZ_BITS).lib \
- $(DIST)/lib/crypto$(MOZ_BITS).lib \
- $(DIST)/lib/hash$(MOZ_BITS).lib \
- $(DIST)/lib/key$(MOZ_BITS).lib \
- $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
- $(DIST)/lib/secmod$(MOZ_BITS).lib \
- $(DIST)/lib/secutl$(MOZ_BITS).lib \
- $(DIST)/lib/ssl$(MOZ_BITS).lib \
- $(NULL)
-
-LLFLAGS = $(LLFLAGS) \
- ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
- $(SEC_LIBS) \
- $(MOZ_LIBS) \
- $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
- $(LIBNSPR) \
- $(NULL)
-
-
-# awt3240.lib # brpref32.lib # cert32.lib
-# crypto32.lib # dllcom.lib # editor32.lib
-# edpref32.lib # edtplug.lib # font.lib
-# hash32.lib # htmldg32.lib # img32.lib
-# javart32.lib # jbn3240.lib # jdb3240.lib
-# jmc.lib # jpeg3240.lib # jpw3240.lib
-# jrt3240.lib # js3240.lib # jsd3240.lib
-# key32.lib # libapplet32.lib # libnjs32.lib
-# libnsc32.lib # libreg32.lib # mm3240.lib
-# mnpref32.lib # netcst32.lib # nsdlg32.lib
-# nsldap32.lib # nsldaps32.lib # nsn32.lib
-# pkcs1232.lib # pkcs732.lib # pr3240.lib
-# prefui32.lib # prefuuid.lib # secmod32.lib
-# secnav32.lib # secutl32.lib # softup32.lib
-# sp3240.lib # ssl32.lib # uni3200.lib
-# unicvt32.lib # win32md.lib # winfont.lib
-# xppref32.lib # zlib32.lib
-
-include <$(DEPTH)\config\rules.mak>
-
-
-INSTALL = $(MAKE_INSTALL)
-
-objs: $(OBJS)
-
-$(PROGRAM)::
- $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
-
-programs: $(PROGRAM)
-
-install:: $(TARGETS)
- $(INSTALL) $(TARGETS) $(DIST)/bin
-
-# ALLXPSTR.obj XP_ALLOC.obj XP_HASH.obj XP_RGB.obj XP_WRAP.obj
-# CXPRINT.obj XP_C.cl XP_LIST.obj XP_SEC.obj netscape.exp
-# CXPRNDLG.obj XP_CNTXT.obj XP_MD5.obj XP_STR.obj xp.pch
-# EXPORT.obj XP_CORE.obj XP_MESG.obj XP_THRMO.obj xppref32.dll
-# XPASSERT.obj XP_ERROR.obj XP_RECT.obj XP_TIME.obj
-# XPLOCALE.obj XP_FILE.obj XP_REG.obj XP_TRACE.obj
-
-symbols:
- @echo "CSRCS = $(CSRCS)"
- @echo "INCS = $(INCS)"
- @echo "OBJS = $(OBJS)"
- @echo "LIBRARY = $(LIBRARY)"
- @echo "PROGRAM = $(PROGRAM)"
- @echo "TARGETS = $(TARGETS)"
- @echo "DIST = $(DIST)"
- @echo "VERSION_NUMBER = $(VERSION_NUMBER)"
- @echo "WINFE = $(WINFE)"
- @echo "DBM_LIB = $(DBM_LIB)"
- @echo "INSTALL = $(INSTALL)"
-
diff --git a/security/nss/cmd/certutil/manifest.mn b/security/nss/cmd/certutil/manifest.mn
deleted file mode 100644
index f7f6520d3..000000000
--- a/security/nss/cmd/certutil/manifest.mn
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-DEFINES += -DNSPR20 -DSECUTIL_NEW
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-CSRCS = \
- certutil.c \
- keystuff.c \
- $(NULL)
-
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = dbm seccmd
-
-PROGRAM = certutil
diff --git a/security/nss/cmd/checkcert/Makefile b/security/nss/cmd/checkcert/Makefile
deleted file mode 100644
index 573c12cac..000000000
--- a/security/nss/cmd/checkcert/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/checkcert/checkcert.c b/security/nss/cmd/checkcert/checkcert.c
deleted file mode 100644
index 887263aeb..000000000
--- a/security/nss/cmd/checkcert/checkcert.c
+++ /dev/null
@@ -1,636 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secutil.h"
-#include "plgetopt.h"
-#include "cert.h"
-#include "secoid.h"
-#include "cryptohi.h"
-
-/* maximum supported modulus length in bits (indicate problem if over this) */
-#define MAX_MODULUS (1024)
-
-
-static void Usage(char *progName)
-{
- fprintf(stderr, "Usage: %s [aAvf] [certtocheck] [issuingcert]\n",
- progName);
- fprintf(stderr, "%-20s Cert to check is base64 encoded\n",
- "-a");
- fprintf(stderr, "%-20s Issuer's cert is base64 encoded\n",
- "-A");
- fprintf(stderr, "%-20s Verbose (indicate decoding progress etc.)\n",
- "-v");
- fprintf(stderr, "%-20s Force sanity checks even if pretty print fails.\n",
- "-f");
- fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
- fprintf(stderr, "%-20s Specify the input type (no default)\n",
- "-t type");
- exit(-1);
-}
-
-
-/*
- * Check integer field named fieldName, printing out results and
- * returning the length of the integer in bits
- */
-
-static
-int checkInteger(SECItem *intItem, char *fieldName, int verbose)
-{
- int len, bitlen;
- if (verbose) {
- printf("Checking %s\n", fieldName);
- }
-
- len = intItem->len;
-
- if (len && (intItem->data[0] & 0x80)) {
- printf("PROBLEM: %s is NEGATIVE 2's-complement integer.\n",
- fieldName);
- }
-
-
- /* calculate bit length and check for unnecessary leading zeros */
- bitlen = len << 3;
- if (len > 1 && intItem->data[0] == 0) {
- /* leading zero byte(s) */
- if (!(intItem->data[1] & 0x80)) {
- printf("PROBLEM: %s has unneeded leading zeros. Violates DER.\n",
- fieldName);
- }
- /* strip leading zeros in length calculation */
- {
- int i=0;
- while (bitlen > 8 && intItem->data[i] == 0) {
- bitlen -= 8;
- i++;
- }
- }
- }
- return bitlen;
-}
-
-
-
-
-static
-void checkName(CERTName *n, char *fieldName, int verbose)
-{
- char *v=0;
- if (verbose) {
- printf("Checking %s\n", fieldName);
- }
-
- v = CERT_GetCountryName(n);
- if (!v) {
- printf("PROBLEM: %s lacks Country Name (C)\n",
- fieldName);
- }
- PORT_Free(v);
-
- v = CERT_GetOrgName(n);
- if (!v) {
- printf("PROBLEM: %s lacks Organization Name (O)\n",
- fieldName);
- }
- PORT_Free(v);
-
- v = CERT_GetOrgUnitName(n);
- if (!v) {
- printf("WARNING: %s lacks Organization Unit Name (OU)\n",
- fieldName);
- }
- PORT_Free(v);
-
- v = CERT_GetCommonName(n);
- if (!v) {
- printf("PROBLEM: %s lacks Common Name (CN)\n",
- fieldName);
- }
- PORT_Free(v);
-}
-
-
-
-
-/*
- * Private version of verification that checks for agreement between
- * signature algorithm oid (at the SignedData level) and oid in DigestInfo.
- *
- */
-
-
-/* Returns the tag for the hash algorithm in the given signature algorithm */
- static
- int hashAlg(int sigAlgTag) {
- int rv;
- switch(sigAlgTag) {
- case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
- rv = SEC_OID_MD2;
- break;
- case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
- rv = SEC_OID_MD5;
- break;
- case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
- rv = SEC_OID_SHA1;
- break;
- default:
- rv = -1;
- }
- return rv;
- }
-
-
-
-struct VFYContextStr {
- int alg;
- unsigned char digest[32];
- void *hasher;
- void (*begin)(void *);
- void (*update)(void *, unsigned char*, unsigned);
- SECStatus (*end)(void *, unsigned char*, unsigned int*, unsigned);
- void (*destroy)(void *, PRBool);
-};
-
-
-static
-SECStatus
-OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
- SECItem *sig, SECAlgorithmID *sigAlgorithm)
-{
- SECStatus rv;
- VFYContext *cx;
- SECOidData *sigAlgOid, *oiddata;
- int sigAlgTag;
- int hashAlgTag;
- int showDigestOid=0;
-
- cx = VFY_CreateContext(key, sig, SECOID_GetAlgorithmTag(sigAlgorithm),
- NULL);
- if (cx == NULL)
- return SECFailure;
-
- sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm);
- if (sigAlgOid == 0)
- return SECFailure;
- sigAlgTag = sigAlgOid->offset;
-
- hashAlgTag = hashAlg(sigAlgTag);
- if (hashAlgTag == -1) {
- printf("PROBLEM: Unsupported Digest Algorithm in DigestInfo");
- showDigestOid = 1;
- } else if (hashAlgTag != cx->alg) {
- printf("PROBLEM: Digest OID in DigestInfo is incompatible "
- "with Signature Algorithm\n");
- showDigestOid = 1;
- }
-
- if (showDigestOid) {
- oiddata = SECOID_FindOIDByTag(cx->alg);
- if ( oiddata ) {
- printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc);
- } else {
- SECU_PrintAsHex(stdout,
- &oiddata->oid, "PROBLEM: UNKNOWN OID", 0);
- }
- }
-
- rv = VFY_Begin(cx);
- if (rv == SECSuccess) {
- rv = VFY_Update(cx, buf, len);
- if (rv == SECSuccess)
- rv = VFY_End(cx);
- }
-
- VFY_DestroyContext(cx, PR_TRUE);
- return rv;
-}
-
-
-
-static
-SECStatus
-OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert)
-{
- SECItem sig;
- SECKEYPublicKey *pubKey = 0;
- SECStatus rv;
-
- /* check the certificate's validity */
- rv = CERT_CertTimesValid(cert);
- if ( rv ) {
- return(SECFailure);
- }
-
- /* get cert's public key */
- pubKey = CERT_ExtractPublicKey(cert);
- if ( !pubKey ) {
- return(SECFailure);
- }
-
- /* check the signature */
- sig = sd->signature;
- DER_ConvertBitString(&sig);
- rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig,
- &sd->signatureAlgorithm);
-
- SECKEY_DestroyPublicKey(pubKey);
-
- if ( rv ) {
- return(SECFailure);
- }
-
- return(SECSuccess);
-}
-
-
-
-
-static
-CERTCertificate *createEmptyCertificate(void)
-{
- PRArenaPool *arena = 0;
- CERTCertificate *c = 0;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- return 0;
- }
-
-
- c = (CERTCertificate *) PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
-
- if (c) {
- c->referenceCount = 1;
- c->arena = arena;
- } else {
- PORT_FreeArena(arena,PR_TRUE);
- }
-
- return c;
-}
-
-
-
-
-int main(int argc, char **argv)
-{
- int rv, verbose=0, force=0;
- int ascii=0, issuerAscii=0;
- char *progName=0;
- PRFileDesc *inFile=0, *issuerCertFile=0;
- SECItem derCert, derIssuerCert;
- PRArenaPool *arena=0;
- CERTSignedData *signedData=0;
- CERTCertificate *cert=0, *issuerCert=0;
- SECKEYPublicKey *rsapubkey=0;
- SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption;
- SECAlgorithmID sha1WithRSAEncryption, rsaEncryption;
- SECItem spk;
- int selfSigned=0;
- int invalid=0;
- char *inFileName = NULL, *issuerCertFileName = NULL;
- PLOptState *optstate;
- PLOptStatus status;
-
- PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption));
- PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption));
- PORT_Memset(&sha1WithRSAEncryption, 0, sizeof(sha1WithRSAEncryption));
- PORT_Memset(&rsaEncryption, 0, sizeof(rsaEncryption));
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- optstate = PL_CreateOptState(argc, argv, "aAvf");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'v':
- verbose = 1;
- break;
-
- case 'f':
- force = 1;
- break;
-
- case 'a':
- ascii = 1;
- break;
-
- case 'A':
- issuerAscii = 1;
- break;
-
- case '\0':
- if (!inFileName)
- inFileName = PL_strdup(optstate->value);
- else if (!issuerCertFileName)
- issuerCertFileName = PL_strdup(optstate->value);
- else
- Usage(progName);
- break;
- }
- }
-
- if (!inFileName || !issuerCertFileName || status == PL_OPT_BAD) {
- /* insufficient or excess args */
- Usage(progName);
- }
-
- inFile = PR_Open(inFileName, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, inFileName);
- exit(1);
- }
-
- issuerCertFile = PR_Open(issuerCertFileName, PR_RDONLY, 0);
- if (!issuerCertFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, issuerCertFileName);
- exit(1);
- }
-
- if (SECU_ReadDERFromFile(&derCert, inFile, ascii) != SECSuccess) {
- printf("Couldn't read input certificate as DER binary or base64\n");
- exit(1);
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == 0) {
- fprintf(stderr,"%s: can't allocate scratch arena!", progName);
- exit(1);
- }
-
- if (issuerCertFile) {
- CERTSignedData *issuerCertSD=0;
- if (SECU_ReadDERFromFile(&derIssuerCert, issuerCertFile, issuerAscii)
- != SECSuccess) {
- printf("Couldn't read issuer certificate as DER binary or base64.\n");
- exit(1);
- }
- issuerCertSD = (CERTSignedData *) PORT_ArenaZAlloc(arena,
- sizeof(CERTSignedData));
- if (!issuerCertSD) {
- fprintf(stderr,"%s: can't allocate issuer signed data!", progName);
- exit(1);
- }
- rv = SEC_ASN1DecodeItem(arena, issuerCertSD, CERT_SignedDataTemplate,
- &derIssuerCert);
- if (rv) {
- fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n",
- progName);
- exit(1);
- }
- issuerCert = createEmptyCertificate();
- if (!issuerCert) {
- printf("%s: can't allocate space for issuer cert.", progName);
- exit(1);
- }
- rv = SEC_ASN1DecodeItem(arena, issuerCert, CERT_CertificateTemplate,
- &issuerCertSD->data);
- if (rv) {
- printf("%s: Does not appear to be an X509 Certificate.\n",
- progName);
- exit(1);
- }
- }
-
- signedData = (CERTSignedData *) PORT_ArenaZAlloc(arena,sizeof(CERTSignedData));
- if (!signedData) {
- fprintf(stderr,"%s: can't allocate signedData!", progName);
- exit(1);
- }
-
- rv = SEC_ASN1DecodeItem(arena, signedData, CERT_SignedDataTemplate,
- &derCert);
- if (rv) {
- fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n",
- progName);
- exit(1);
- }
-
- if (verbose) {
- printf("Decoded ok as X509 SIGNED data.\n");
- }
-
- cert = createEmptyCertificate();
- if (!cert) {
- fprintf(stderr, "%s: can't allocate cert", progName);
- exit(1);
- }
-
- rv = SEC_ASN1DecodeItem(arena, cert, CERT_CertificateTemplate,
- &signedData->data);
- if (rv) {
- fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n",
- progName);
- exit(1);
- }
-
-
- if (verbose) {
- printf("Decoded ok as an X509 certificate.\n");
- }
-
-
- rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0,
- SECU_PrintCertificate);
-
- if (rv) {
- fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n",
- progName, PORT_GetError());
- if (!force) {
- exit(1);
- }
- }
-
-
- /* Do various checks on the cert */
-
- printf("\n");
-
- /* Check algorithms */
- SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption,
- SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL);
-
- SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption,
- SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL);
-
- SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption,
- SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL);
-
- SECOID_SetAlgorithmID(arena, &rsaEncryption,
- SEC_OID_PKCS1_RSA_ENCRYPTION, NULL);
-
- {
- int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature,
- &md5WithRSAEncryption) == 0);
- int isMD2RSA = (SECOID_CompareAlgorithmID(&cert->signature,
- &md2WithRSAEncryption) == 0);
- int isSHA1RSA = (SECOID_CompareAlgorithmID(&cert->signature,
- &sha1WithRSAEncryption) == 0);
-
- if (verbose) {
- printf("\nDoing algorithm checks.\n");
- }
-
- if (!(isMD5RSA || isMD2RSA || isSHA1RSA)) {
- printf("PROBLEM: Signature not PKCS1 MD5, MD2, or SHA1 + RSA.\n");
- } else if (!isMD5RSA) {
- printf("WARNING: Signature not PKCS1 MD5 with RSA Encryption\n");
- }
-
- if (SECOID_CompareAlgorithmID(&cert->signature,
- &signedData->signatureAlgorithm)) {
- printf("PROBLEM: Algorithm in sig and certInfo don't match.\n");
- }
- }
-
- if (SECOID_CompareAlgorithmID(&cert->subjectPublicKeyInfo.algorithm,
- &rsaEncryption)) {
- printf("PROBLEM: Public key algorithm is not PKCS1 RSA Encryption.\n");
- }
-
- /* Check further public key properties */
- spk = cert->subjectPublicKeyInfo.subjectPublicKey;
- DER_ConvertBitString(&spk);
-
- if (verbose) {
- printf("\nsubjectPublicKey DER\n");
- rv = DER_PrettyPrint(stdout, &spk, PR_FALSE);
- printf("\n");
- }
-
- rsapubkey = (SECKEYPublicKey *)
- PORT_ArenaZAlloc(arena,sizeof(SECKEYPublicKey));
- if (!rsapubkey) {
- fprintf(stderr, "%s: rsapubkey allocation failed.\n", progName);
- exit(1);
- }
-
- rv = SEC_ASN1DecodeItem(arena, rsapubkey, SECKEY_RSAPublicKeyTemplate,
- &spk);
- if (rv) {
- printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n");
- } else {
- int mlen;
- int pubexp;
- if (verbose) {
- printf("Decoded RSA Public Key ok. Doing key checks.\n");
- }
- PORT_Assert(rsapubkey->keyType == rsaKey); /* XXX RSA */
- mlen = checkInteger(&rsapubkey->u.rsa.modulus, "Modulus", verbose);
- printf("INFO: Public Key modulus length in bits: %d\n", mlen);
- if (mlen > MAX_MODULUS) {
- printf("PROBLEM: Modulus length exceeds %d bits.\n",
- MAX_MODULUS);
- }
- if (mlen < 512) {
- printf("WARNING: Short modulus.\n");
- }
- if (mlen != (1 << (ffs(mlen)-1))) {
- printf("WARNING: Unusual modulus length (not a power of two).\n");
- }
- checkInteger(&rsapubkey->u.rsa.publicExponent, "Public Exponent",
- verbose);
- pubexp = DER_GetInteger(&rsapubkey->u.rsa.publicExponent);
- if (pubexp != 17 && pubexp != 3 && pubexp != 65537) {
- printf("WARNING: Public exponent not any of: 3, 17, 65537\n");
- }
- }
-
-
- /* Name checks */
- checkName(&cert->issuer, "Issuer Name", verbose);
- checkName(&cert->subject, "Subject Name", verbose);
-
- if (issuerCert) {
- SECComparison c =
- CERT_CompareName(&cert->issuer, &issuerCert->subject);
- if (c) {
- printf("PROBLEM: Issuer Name and Subject in Issuing Cert differ\n");
- }
- }
-
- /* Check if self-signed */
- selfSigned = (CERT_CompareName(&cert->issuer, &cert->subject) == 0);
- if (selfSigned) {
- printf("INFO: Certificate is self signed.\n");
- } else {
- printf("INFO: Certificate is NOT self-signed.\n");
- }
-
-
- /* Validity time check */
- if (CERT_CertTimesValid(cert) == SECSuccess) {
- printf("INFO: Inside validity period of certificate.\n");
- } else {
- printf("PROBLEM: Not in validity period of certificate.\n");
- invalid = 1;
- }
-
- /* Signature check if self-signed */
- if (selfSigned && !invalid) {
- if (rsapubkey->u.rsa.modulus.len) {
- SECStatus ver;
- if (verbose) {
- printf("Checking self signature.\n");
- }
- ver = OurVerifySignedData(signedData, cert);
- if (ver != SECSuccess) {
- printf("PROBLEM: Verification of self-signature failed!\n");
- } else {
- printf("INFO: Self-signature verifies ok.\n");
- }
- } else {
- printf("INFO: Not checking signature due to key problems.\n");
- }
- } else if (!selfSigned && !invalid && issuerCert) {
- SECStatus ver;
- ver = OurVerifySignedData(signedData, issuerCert);
- if (ver != SECSuccess) {
- printf("PROBLEM: Verification of issuer's signature failed!\n");
- } else {
- printf("INFO: Issuer's signature verifies ok.\n");
- }
- } else {
- printf("INFO: Not checking signature.\n");
- }
-
- return 0;
-}
-
-
-
diff --git a/security/nss/cmd/checkcert/makefile.win b/security/nss/cmd/checkcert/makefile.win
deleted file mode 100644
index ff1fe62a7..000000000
--- a/security/nss/cmd/checkcert/makefile.win
+++ /dev/null
@@ -1,130 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-VERBOSE = 1
-include <manifest.mn>
-
-#cannot define PROGRAM in manifest compatibly with NT and UNIX
-PROGRAM = checkcert
-PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
-include <$(DEPTH)\config\config.mak>
-
-# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
-# rules.mak will append C_OBJS onto OBJS.
-# OBJS = $(CSRCS:.c=.obj)
-
-# include files are looked for in $LINCS and $INCS.
-# $LINCS is in manifest.mnw, computed from REQUIRES=
-INCS = $(INCS) \
- -I$(DEPTH)/security/lib/cert \
- -I../include \
- $(NULL)
-
-IGNORE_ME = \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
- $(NULL)
-
-
-WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
-
-# these files are the content of libdbm
-DBM_LIB = \
- $(WINFE)/DB.obj \
- $(WINFE)/HASH.obj \
- $(WINFE)/H_BIGKEY.obj \
- $(WINFE)/H_PAGE.obj \
- $(WINFE)/H_LOG2.obj \
- $(WINFE)/H_FUNC.obj \
- $(WINFE)/HASH_BUF.obj \
- $(NULL)
-
-MOZ_LIBS = \
- $(WINFE)/ALLXPSTR.obj \
- $(WINFE)/XP_ERROR.obj \
- $(WINFE)/XPASSERT.obj \
- $(WINFE)/XP_REG.obj \
- $(WINFE)/XP_TRACE.obj \
- $(DBM_LIB) \
- $(WINFE)/XP_STR.obj \
- $(WINFE)/MKTEMP.obj \
- $(NULL)
-
-SEC_LIBS = \
- $(DIST)/lib/cert$(MOZ_BITS).lib \
- $(DIST)/lib/crypto$(MOZ_BITS).lib \
- $(DIST)/lib/hash$(MOZ_BITS).lib \
- $(DIST)/lib/key$(MOZ_BITS).lib \
- $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
- $(DIST)/lib/secmod$(MOZ_BITS).lib \
- $(DIST)/lib/secutl$(MOZ_BITS).lib \
- $(DIST)/lib/ssl$(MOZ_BITS).lib \
- $(NULL)
-
-LLFLAGS = $(LLFLAGS) \
- ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
- $(SEC_LIBS) \
- $(MOZ_LIBS) \
- $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
- $(LIBNSPR) \
- $(NULL)
-
-
-include <$(DEPTH)\config\rules.mak>
-
-INSTALL = $(MAKE_INSTALL)
-
-objs: $(OBJS)
-
-$(PROGRAM)::
- $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
-
-programs: $(PROGRAM)
-
-install:: $(TARGETS)
- $(INSTALL) $(TARGETS) $(DIST)/bin
-
-
-symbols:
- @echo "CSRCS = $(CSRCS)"
- @echo "INCS = $(INCS)"
- @echo "OBJS = $(OBJS)"
- @echo "LIBRARY = $(LIBRARY)"
- @echo "PROGRAM = $(PROGRAM)"
- @echo "TARGETS = $(TARGETS)"
- @echo "DIST = $(DIST)"
- @echo "VERSION_NUMBER = $(VERSION_NUMBER)"
- @echo "WINFE = $(WINFE)"
- @echo "DBM_LIB = $(DBM_LIB)"
- @echo "INSTALL = $(INSTALL)"
-
diff --git a/security/nss/cmd/checkcert/manifest.mn b/security/nss/cmd/checkcert/manifest.mn
deleted file mode 100644
index 9d5a99f73..000000000
--- a/security/nss/cmd/checkcert/manifest.mn
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-REQUIRES = seccmd dbm
-
-DEFINES = -DNSPR20
-
-CSRCS = checkcert.c
-
-PROGRAM = checkcert
diff --git a/security/nss/cmd/crlutil/Makefile b/security/nss/cmd/crlutil/Makefile
deleted file mode 100644
index 573c12cac..000000000
--- a/security/nss/cmd/crlutil/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c
deleted file mode 100644
index a075e25c2..000000000
--- a/security/nss/cmd/crlutil/crlutil.c
+++ /dev/null
@@ -1,394 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
-** certutil.c
-**
-** utility for managing certificates and the cert database
-**
-*/
-/* test only */
-
-#include "nspr.h"
-#include "plgetopt.h"
-#include "secutil.h"
-#include "cert.h"
-#include "certdb.h"
-#include "cdbhdl.h"
-
-#define SEC_CERT_DB_EXISTS 0
-#define SEC_CREATE_CERT_DB 1
-
-static char *progName;
-
-static CERTCertDBHandle
-*OpenCertDB(int createNew)
- /* NOTE: This routine has been modified to allow the libsec/pcertdb.c routines to automatically
- ** find and convert the old cert database into the new v3.0 format (cert db version 5).
- */
-{
- CERTCertDBHandle *certHandle;
- SECStatus rv;
-
- /* Allocate a handle to fill with CERT_OpenCertDB below */
- certHandle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle));
- if (!certHandle) {
- SECU_PrintError(progName, "unable to get database handle");
- return NULL;
- }
-
-
- rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL);
-
- if (rv) {
- SECU_PrintError(progName, "could not open certificate database");
- if (certHandle) free (certHandle); /* we don't want to leave anything behind... */
- return NULL;
- }
-
- return certHandle;
-}
-static CERTSignedCrl *FindCRL
- (CERTCertDBHandle *certHandle, char *name, int type)
-{
- CERTSignedCrl *crl = NULL;
- CERTCertificate *cert = NULL;
-
-
- cert = CERT_FindCertByNickname(certHandle, name);
- if (!cert) {
- SECU_PrintError(progName, "could not find certificate named %s", name);
- return ((CERTSignedCrl *)NULL);
- }
-
- crl = SEC_FindCrlByKey(certHandle, &cert->derSubject, type);
- if (crl ==NULL)
- SECU_PrintError
- (progName, "could not find %s's CRL", name);
- CERT_DestroyCertificate (cert);
- return (crl);
-}
-
-static void DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
-{
- CERTCertificate *cert = NULL;
- CERTSignedCrl *crl = NULL;
-
- crl = FindCRL (certHandle, nickName, crlType);
-
- if (crl) {
- SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0);
- CERT_DestroyCrl (crl);
- }
-}
-
-static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType)
-{
- CERTCrlHeadNode *crlList = NULL;
- CERTCrlNode *crlNode = NULL;
- CERTName *name = NULL;
- PRArenaPool *arena = NULL;
- SECStatus rv;
- void *mark;
-
- do {
- arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (arena == NULL) {
- fprintf(stderr, "%s: fail to allocate memory\n", progName);
- break;
- }
-
- name = PORT_ArenaZAlloc (arena, sizeof(*name));
- if (name == NULL) {
- fprintf(stderr, "%s: fail to allocate memory\n", progName);
- break;
- }
- name->arena = arena;
-
- rv = SEC_LookupCrls (certHandle, &crlList, crlType);
- if (rv != SECSuccess) {
- fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName,
- SECU_Strerror(PORT_GetError()));
- break;
- }
-
- /* just in case */
- if (!crlList)
- break;
-
- crlNode = crlList->first;
-
- fprintf (stdout, "\n");
- fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
- while (crlNode) {
- mark = PORT_ArenaMark (arena);
- rv = SEC_ASN1DecodeItem
- (arena, name, CERT_NameTemplate, &(crlNode->crl->crl.derName));
- if (!name){
- fprintf(stderr, "%s: fail to get the CRL issuer name\n", progName,
- SECU_Strerror(PORT_GetError()));
- break;
- }
-
- fprintf (stdout, "\n%-40s %-5s\n", CERT_NameToAscii(name), "CRL");
- crlNode = crlNode->next;
- PORT_ArenaRelease (arena, mark);
- }
-
- } while (0);
- if (crlList)
- PORT_FreeArena (crlList->arena, PR_FALSE);
- PORT_FreeArena (arena, PR_FALSE);
-}
-
-static void ListCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
-{
- if (nickName == NULL)
- ListCRLNames (certHandle, crlType);
- else
- DisplayCRL (certHandle, nickName, crlType);
-}
-
-
-
-static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type)
-{
- CERTSignedCrl *crl = NULL;
- SECStatus rv = SECFailure;
-
- crl = FindCRL (certHandle, name, type);
- if (!crl) {
- SECU_PrintError
- (progName, "could not find the issuer %s's CRL", name);
- return SECFailure;
- }
- rv = SEC_DeletePermCRL (crl);
- if (rv != SECSuccess) {
- SECU_PrintError
- (progName, "fail to delete the issuer %s's CRL from the perm dbase (reason: %s)",
- name, SECU_Strerror(PORT_GetError()));
- return SECFailure;
- }
-
- rv = SEC_DeleteTempCrl (crl);
- if (rv != SECSuccess) {
- SECU_PrintError
- (progName, "fail to delete the issuer %s's CRL from the temp dbase (reason: %s)",
- name, SECU_Strerror(PORT_GetError()));
- return SECFailure;
- }
- return (rv);
-}
-
-SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
- PRFileDesc *inFile)
-{
- CERTCertificate *cert = NULL;
- CERTSignedCrl *crl = NULL;
- SECItem crlDER;
- int rv;
-
- crlDER.data = NULL;
-
-
- /* Read in the entire file specified with the -f argument */
- rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "unable to read input file");
- return (SECFailure);
- }
-
- crl = CERT_ImportCRL (certHandle, &crlDER, url, type, NULL);
- if (!crl) {
- const char *errString;
-
- errString = SECU_Strerror(PORT_GetError());
- if (PORT_Strlen (errString) == 0)
- SECU_PrintError
- (progName, "CRL is not import (error: input CRL is not up to date.)");
- else
- SECU_PrintError
- (progName, "unable to import CRL");
- }
- PORT_Free (crlDER.data);
- CERT_DestroyCrl (crl);
- return (rv);
-}
-
-
-static void Usage(char *progName)
-{
- fprintf(stderr,
- "Usage: %s -L [-n nickname[ [-d keydir] [-t crlType]\n"
- " %s -D -n nickname [-d keydir]\n"
- " %s -I -i crl -t crlType [-u url] [-d keydir]\n",
- progName, progName, progName);
-
- fprintf (stderr, "%-15s List CRL\n", "-L");
- fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n",
- "-n nickname");
- fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
- "-d keydir");
-
- fprintf (stderr, "%-15s Delete a CRL from the cert dbase\n", "-D");
- fprintf(stderr, "%-20s Specify the nickname for the CA certificate\n",
- "-n nickname");
- fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
-
- fprintf (stderr, "%-15s Import a CRL to the cert dbase\n", "-I");
- fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n",
- "-i crl");
- fprintf(stderr, "%-20s Specify the url.\n", "-u url");
- fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
-
- fprintf(stderr, "%-20s CRL Types (default is SEC_CRL_TYPE):\n", " ");
- fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " ");
- fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " ");
-
- exit(-1);
-}
-
-int main(int argc, char **argv)
-{
- SECItem privKeyDER;
- CERTCertDBHandle *certHandle;
- FILE *certFile;
- PRFileDesc *inFile;
- int listCRL;
- int importCRL;
- int opt;
- int deleteCRL;
- int rv;
- char *nickName;
- char *progName;
- char *url;
- int crlType;
- PLOptState *optstate;
- PLOptStatus status;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- rv = 0;
- deleteCRL = importCRL = listCRL = 0;
- certFile = NULL;
- inFile = NULL;
- nickName = url = NULL;
- privKeyDER.data = NULL;
- certHandle = NULL;
- crlType = SEC_CRL_TYPE;
- /*
- * Parse command line arguments
- */
- optstate = PL_CreateOptState(argc, argv, "IALd:i:Dn:Ct:u:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'C':
- listCRL = 1;
- break;
-
- case 'D':
- deleteCRL = 1;
- break;
-
- case 'I':
- importCRL = 1;
- break;
-
- case 'L':
- listCRL = 1;
- break;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'i':
- inFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'n':
- nickName = strdup(optstate->value);
- break;
-
- case 'u':
- url = strdup(optstate->value);
- break;
-
- case 't': {
- char *type;
-
- type = strdup(optstate->value);
- crlType = atoi (type);
- if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) {
- fprintf(stderr, "%s: invalid crl type\n", progName);
- return -1;
- }
- break;
- }
- }
- }
-
- if (deleteCRL && !nickName) Usage (progName);
- if (!(listCRL || deleteCRL || importCRL)) Usage (progName);
- if (importCRL && !inFile) Usage (progName);
-
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
-
- certHandle = OpenCertDB(SEC_CREATE_CERT_DB);
- if (certHandle == NULL) {
- SECU_PrintError(progName, "unable to open the cert db");
- return (-1);
- }
-
- /* Read in the private key info */
- if (deleteCRL)
- DeleteCRL (certHandle, nickName, crlType);
- else if (listCRL)
- ListCRL (certHandle, nickName, crlType);
- else if (importCRL)
- rv = ImportCRL (certHandle, url, crlType, inFile);
-
- return (rv);
-}
diff --git a/security/nss/cmd/crlutil/makefile.win b/security/nss/cmd/crlutil/makefile.win
deleted file mode 100644
index 1f1b627ff..000000000
--- a/security/nss/cmd/crlutil/makefile.win
+++ /dev/null
@@ -1,130 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-VERBOSE = 1
-include <manifest.mn>
-
-#cannot define PROGRAM in manifest compatibly with NT and UNIX
-PROGRAM = crlutil
-PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
-include <$(DEPTH)\config\config.mak>
-
-# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
-# rules.mak will append C_OBJS onto OBJS.
-# OBJS = $(CSRCS:.c=.obj)
-
-# include files are looked for in $LINCS and $INCS.
-# $LINCS is in manifest.mnw, computed from REQUIRES=
-INCS = $(INCS) \
- -I$(DEPTH)/security/lib/cert \
- -I../include \
- $(NULL)
-
-IGNORE_ME = \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
- $(NULL)
-
-
-WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
-
-# these files are the content of libdbm
-DBM_LIB = \
- $(WINFE)/DB.obj \
- $(WINFE)/HASH.obj \
- $(WINFE)/H_BIGKEY.obj \
- $(WINFE)/H_PAGE.obj \
- $(WINFE)/H_LOG2.obj \
- $(WINFE)/H_FUNC.obj \
- $(WINFE)/HASH_BUF.obj \
- $(NULL)
-
-MOZ_LIBS = \
- $(WINFE)/ALLXPSTR.obj \
- $(WINFE)/XP_ERROR.obj \
- $(WINFE)/XPASSERT.obj \
- $(WINFE)/XP_REG.obj \
- $(WINFE)/XP_TRACE.obj \
- $(DBM_LIB) \
- $(WINFE)/XP_STR.obj \
- $(WINFE)/MKTEMP.obj \
- $(NULL)
-
-SEC_LIBS = \
- $(DIST)/lib/cert$(MOZ_BITS).lib \
- $(DIST)/lib/crypto$(MOZ_BITS).lib \
- $(DIST)/lib/hash$(MOZ_BITS).lib \
- $(DIST)/lib/key$(MOZ_BITS).lib \
- $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
- $(DIST)/lib/secmod$(MOZ_BITS).lib \
- $(DIST)/lib/secutl$(MOZ_BITS).lib \
- $(DIST)/lib/ssl$(MOZ_BITS).lib \
- $(NULL)
-
-LLFLAGS = $(LLFLAGS) \
- ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
- $(SEC_LIBS) \
- $(MOZ_LIBS) \
- $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
- $(LIBNSPR) \
- $(NULL)
-
-
-include <$(DEPTH)\config\rules.mak>
-
-INSTALL = $(MAKE_INSTALL)
-
-objs: $(OBJS)
-
-$(PROGRAM)::
- $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
-
-programs: $(PROGRAM)
-
-install:: $(TARGETS)
- $(INSTALL) $(TARGETS) $(DIST)/bin
-
-
-symbols:
- @echo "CSRCS = $(CSRCS)"
- @echo "INCS = $(INCS)"
- @echo "OBJS = $(OBJS)"
- @echo "LIBRARY = $(LIBRARY)"
- @echo "PROGRAM = $(PROGRAM)"
- @echo "TARGETS = $(TARGETS)"
- @echo "DIST = $(DIST)"
- @echo "VERSION_NUMBER = $(VERSION_NUMBER)"
- @echo "WINFE = $(WINFE)"
- @echo "DBM_LIB = $(DBM_LIB)"
- @echo "INSTALL = $(INSTALL)"
-
diff --git a/security/nss/cmd/crlutil/manifest.mn b/security/nss/cmd/crlutil/manifest.mn
deleted file mode 100644
index 854a0f5d1..000000000
--- a/security/nss/cmd/crlutil/manifest.mn
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = seccmd dbm
-
-DEFINES = -DNSPR20
-
-CSRCS = crlutil.c
-
-# this has to be different for NT and UNIX.
-# PROGRAM = ./$(OBJDIR)/crlutil.exe
-PROGRAM = crlutil
diff --git a/security/nss/cmd/crmf-cgi/Makefile b/security/nss/cmd/crmf-cgi/Makefile
deleted file mode 100644
index e9b03eaf1..000000000
--- a/security/nss/cmd/crmf-cgi/Makefile
+++ /dev/null
@@ -1,96 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.2)
-OS_LIBS += -lsvld
-endif
-
-ifeq ($(OS_ARCH)$(OS_RELEASE), SunOS5.6)
-OS_LIBS += -ldl -lxnet -lposix4 -lsocket -lnsl
-endif
-
-ifeq ($(OS_ARCH), WINNT)
-EXTRA_LIBS += $(DIST)/lib/crmf.lib
-else
-EXTRA_LIBS += $(DIST)/lib/libcrmf.a
-endif
-
-include ../platlibs.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-lame:
- echo $(CPU_ARCH)
-
-include ../platrules.mk
diff --git a/security/nss/cmd/crmf-cgi/config.mk b/security/nss/cmd/crmf-cgi/config.mk
deleted file mode 100644
index 2b159a024..000000000
--- a/security/nss/cmd/crmf-cgi/config.mk
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(PROGRAM)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-LIBRARY =
-
diff --git a/security/nss/cmd/crmf-cgi/crmfcgi.c b/security/nss/cmd/crmf-cgi/crmfcgi.c
deleted file mode 100644
index 0cd8b9fcf..000000000
--- a/security/nss/cmd/crmf-cgi/crmfcgi.c
+++ /dev/null
@@ -1,1123 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "seccomon.h"
-#include "nss.h"
-#include "key.h"
-#include "cert.h"
-#include "pk11func.h"
-#include "secmod.h"
-#include "cmmf.h"
-#include "crmf.h"
-#include "base64.h"
-#include "secasn1.h"
-#include "crypto.h"
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-
-#define DEFAULT_ALLOC_SIZE 200
-#define DEFAULT_CGI_VARS 20
-
-typedef struct CGIVariableStr {
- char *name;
- char *value;
-} CGIVariable;
-
-typedef struct CGIVarTableStr {
- CGIVariable **variables;
- int numVars;
- int numAlloc;
-} CGIVarTable;
-
-typedef struct CertResponseInfoStr {
- CERTCertificate *cert;
- long certReqID;
-} CertResponseInfo;
-
-typedef struct ChallengeCreationInfoStr {
- long random;
- SECKEYPublicKey *pubKey;
-} ChallengeCreationInfo;
-
-char *missingVar = NULL;
-
-/*
- * Error values.
- */
-typedef enum {
- NO_ERROR = 0,
- NSS_INIT_FAILED,
- AUTH_FAILED,
- REQ_CGI_VAR_NOT_PRESENT,
- CRMF_REQ_NOT_PRESENT,
- BAD_ASCII_FOR_REQ,
- CGI_VAR_MISSING,
- COULD_NOT_FIND_CA,
- COULD_NOT_DECODE_REQS,
- OUT_OF_MEMORY,
- ERROR_RETRIEVING_REQUEST_MSG,
- ERROR_RETRIEVING_CERT_REQUEST,
- ERROR_RETRIEVING_SUBJECT_FROM_REQ,
- ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ,
- ERROR_CREATING_NEW_CERTIFICATE,
- COULD_NOT_START_EXTENSIONS,
- ERROR_RETRIEVING_EXT_FROM_REQ,
- ERROR_ADDING_EXT_TO_CERT,
- ERROR_ENDING_EXTENSIONS,
- COULD_NOT_FIND_ISSUER_PRIVATE_KEY,
- UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER,
- ERROR_SETTING_SIGN_ALG,
- ERROR_ENCODING_NEW_CERT,
- ERROR_SIGNING_NEW_CERT,
- ERROR_CREATING_CERT_REP_CONTENT,
- ERROR_CREATING_SINGLE_CERT_RESPONSE,
- ERROR_SETTING_CERT_RESPONSES,
- ERROR_CREATING_CA_LIST,
- ERROR_ADDING_ISSUER_TO_CA_LIST,
- ERROR_ENCODING_CERT_REP_CONTENT,
- NO_POP_FOR_REQUEST,
- UNSUPPORTED_POP,
- ERROR_RETRIEVING_POP_SIGN_KEY,
- ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY,
- ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY,
- DO_CHALLENGE_RESPONSE,
- ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT,
- ERROR_ENCODING_CERT_REQ_FOR_POP,
- ERROR_VERIFYING_SIGNATURE_POP,
- ERROR_RETRIEVING_PUB_KEY_FOR_CHALL,
- ERROR_CREATING_EMPTY_CHAL_CONTENT,
- ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER,
- ERROR_SETTING_CHALLENGE,
- ERROR_ENCODING_CHALL,
- ERROR_CONVERTING_CHALL_TO_BASE64,
- ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN,
- ERROR_CREATING_KEY_RESP_FROM_DER,
- ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE,
- ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED,
- ERROR_GETTING_KEY_ENCIPHERMENT,
- ERROR_NO_POP_FOR_PRIVKEY,
- ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE
-} ErrorCode;
-
-const char *
-CGITableFindValue(CGIVarTable *varTable, const char *key);
-
-void
-spitOutHeaders(void)
-{
- printf("Content-type: text/html\n\n");
-}
-
-void
-dumpRequest(CGIVarTable *varTable)
-{
- int i;
- CGIVariable *var;
-
- printf ("<table border=1 cellpadding=1 cellspacing=1 width=\"100%%\">\n");
- printf ("<tr><td><b><center>Variable Name<center></b></td>"
- "<td><b><center>Value</center></b></td></tr>\n");
- for (i=0; i<varTable->numVars; i++) {
- var = varTable->variables[i];
- printf ("<tr><td><pre>%s</pre></td><td><pre>%s</pre></td></tr>\n",
- var->name, var->value);
- }
- printf("</table>\n");
-}
-
-void
-echo_request(CGIVarTable *varTable)
-{
- spitOutHeaders();
- printf("<html><head><title>CGI Echo Page</title></head>\n"
- "<body><h1>Got the following request</h1>\n");
- dumpRequest(varTable);
- printf("</body></html>");
-}
-
-void
-processVariable(CGIVariable *var)
-{
- char *plusSign, *percentSign;
-
- /*First look for all of the '+' and convert them to spaces */
- plusSign = var->value;
- while ((plusSign=strchr(plusSign, '+')) != NULL) {
- *plusSign = ' ';
- }
- percentSign = var->value;
- while ((percentSign=strchr(percentSign, '%')) != NULL) {
- char string[3];
- int value;
-
- string[0] = percentSign[1];
- string[1] = percentSign[2];
- string[2] = '\0';
-
- sscanf(string,"%x", &value);
- *percentSign = (char)value;
- memmove(&percentSign[1], &percentSign[3], 1+strlen(&percentSign[3]));
- }
-}
-
-char *
-parseNextVariable(CGIVarTable *varTable, char *form_output)
-{
- char *ampersand, *equal;
- CGIVariable *var;
-
- if (varTable->numVars == varTable->numAlloc) {
- CGIVariable **newArr = realloc(varTable->variables,
- (varTable->numAlloc + DEFAULT_CGI_VARS)*sizeof(CGIVariable*));
- if (newArr == NULL) {
- return NULL;
- }
- varTable->variables = newArr;
- varTable->numAlloc += DEFAULT_CGI_VARS;
- }
- equal = strchr(form_output, '=');
- if (equal == NULL) {
- return NULL;
- }
- ampersand = strchr(equal, '&');
- if (ampersand == NULL) {
- return NULL;
- }
- equal[0] = '\0';
- if (ampersand != NULL) {
- ampersand[0] = '\0';
- }
- var = malloc(sizeof(CGIVariable));
- var->name = form_output;
- var->value = &equal[1];
- varTable->variables[varTable->numVars] = var;
- varTable->numVars++;
- processVariable(var);
- return (ampersand != NULL) ? &ampersand[1] : NULL;
-}
-
-void
-ParseInputVariables(CGIVarTable *varTable, char *form_output)
-{
- varTable->variables = malloc(sizeof(CGIVariable*)*DEFAULT_CGI_VARS);
- varTable->numVars = 0;
- varTable->numAlloc = DEFAULT_CGI_VARS;
- while (form_output && form_output[0] != '\0') {
- form_output = parseNextVariable(varTable, form_output);
- }
-}
-
-const char *
-CGITableFindValue(CGIVarTable *varTable, const char *key)
-{
- const char *retVal = NULL;
- int i;
-
- for (i=0; i<varTable->numVars; i++) {
- if (strcmp(varTable->variables[i]->name, key) == 0) {
- retVal = varTable->variables[i]->value;
- break;
- }
- }
- return retVal;
-}
-
-char*
-passwordCallback(PK11SlotInfo *slot, PRBool retry, void *arg)
-{
- const char *passwd;
- if (retry) {
- return NULL;
- }
- passwd = CGITableFindValue((CGIVarTable*)arg, "dbPassword");
- if (passwd == NULL) {
- return NULL;
- }
- return PORT_Strdup(passwd);
-}
-
-ErrorCode
-initNSS(CGIVarTable *varTable)
-{
- const char *nssDir;
- PK11SlotInfo *keySlot;
- SECStatus rv;
-
- nssDir = CGITableFindValue(varTable,"NSSDirectory");
- if (nssDir == NULL) {
- missingVar = "NSSDirectory";
- return REQ_CGI_VAR_NOT_PRESENT;
- }
- rv = NSS_Init(nssDir);
- if (rv != SECSuccess) {
- return NSS_INIT_FAILED;
- }
- PK11_SetPasswordFunc(passwordCallback);
- keySlot = PK11_GetInternalKeySlot();
- rv = PK11_Authenticate(keySlot, PR_FALSE, varTable);
- if (rv != SECSuccess) {
- return AUTH_FAILED;
- }
- return NO_ERROR;
-}
-
-void
-dumpErrorMessage(ErrorCode errNum)
-{
- spitOutHeaders();
- printf("<html><head><title>Error</title></head><body><h1>Error processing "
- "data</h1> Received the error %d<p>", errNum);
- if (errNum == REQ_CGI_VAR_NOT_PRESENT) {
- printf ("The missing variable is %s.", missingVar);
- }
- printf ("<i>More useful information here in the future.</i></body></html>");
-}
-
-ErrorCode
-initOldCertReq(CERTCertificateRequest *oldCertReq,
- CERTName *subject, CERTSubjectPublicKeyInfo *spki)
-{
- PRArenaPool *poolp;
-
- poolp = oldCertReq->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- SEC_ASN1EncodeInteger(poolp, &oldCertReq->version,
- SEC_CERTIFICATE_VERSION_3);
- CERT_CopyName(poolp, &oldCertReq->subject, subject);
- SECKEY_CopySubjectPublicKeyInfo(poolp, &oldCertReq->subjectPublicKeyInfo,
- spki);
- oldCertReq->attributes = NULL;
- return NO_ERROR;
-}
-
-ErrorCode
-addExtensions(CERTCertificate *newCert, CRMFCertRequest *certReq)
-{
- int numExtensions, i;
- void *extHandle;
- ErrorCode rv = NO_ERROR;
- CRMFCertExtension *ext;
- SECStatus srv;
-
- numExtensions = CRMF_CertRequestGetNumberOfExtensions(certReq);
- if (numExtensions == 0) {
- /* No extensions to add */
- return NO_ERROR;
- }
- extHandle = CERT_StartCertExtensions(newCert);
- if (extHandle == NULL) {
- rv = COULD_NOT_START_EXTENSIONS;
- goto loser;
- }
- for (i=0; i<numExtensions; i++) {
- ext = CRMF_CertRequestGetExtensionAtIndex(certReq, i);
- if (ext == NULL) {
- rv = ERROR_RETRIEVING_EXT_FROM_REQ;
- }
- srv = CERT_AddExtension(extHandle, CRMF_CertExtensionGetOidTag(ext),
- CRMF_CertExtensionGetValue(ext),
- CRMF_CertExtensionGetIsCritical(ext), PR_FALSE);
- if (srv != SECSuccess) {
- rv = ERROR_ADDING_EXT_TO_CERT;
- }
- }
- srv = CERT_FinishExtensions(extHandle);
- if (srv != SECSuccess) {
- rv = ERROR_ENDING_EXTENSIONS;
- goto loser;
- }
- return NO_ERROR;
- loser:
- return rv;
-}
-
-void
-writeOutItem(const char *filePath, SECItem *der)
-{
- PRFileDesc *outfile;
-
- outfile = PR_Open (filePath,
- PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
- PR_Write(outfile, der->data, der->len);
- PR_Close(outfile);
-
-}
-
-ErrorCode
-createNewCert(CERTCertificate**issuedCert,CERTCertificateRequest *oldCertReq,
- CRMFCertReqMsg *currReq, CRMFCertRequest *certReq,
- CERTCertificate *issuerCert, CGIVarTable *varTable)
-{
- CERTCertificate *newCert = NULL;
- CERTValidity *validity;
- PRExplodedTime printableTime;
- PRTime now, after;
- ErrorCode rv=NO_ERROR;
- SECKEYPrivateKey *issuerPrivKey;
- SECItem derCert = { 0 };
- SECOidTag signTag;
- SECStatus srv;
- long version;
-
- now = PR_Now();
- PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
- printableTime.tm_month += 9;
- after = PR_ImplodeTime(&printableTime);
- validity = CERT_CreateValidity(now, after);
- newCert = *issuedCert =
- CERT_CreateCertificate(rand(), &(issuerCert->subject), validity,
- oldCertReq);
- if (newCert == NULL) {
- rv = ERROR_CREATING_NEW_CERTIFICATE;
- goto loser;
- }
- rv = addExtensions(newCert, certReq);
- if (rv != NO_ERROR) {
- goto loser;
- }
- issuerPrivKey = PK11_FindKeyByAnyCert(issuerCert, varTable);
- if (issuerPrivKey == NULL) {
- rv = COULD_NOT_FIND_ISSUER_PRIVATE_KEY;
- }
- switch(issuerPrivKey->keyType) {
- case rsaKey:
- signTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
- break;
- case dsaKey:
- signTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- break;
- default:
- rv = UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER;
- goto loser;
- }
- srv = SECOID_SetAlgorithmID(newCert->arena, &newCert->signature,
- signTag, 0);
- if (srv != SECSuccess) {
- rv = ERROR_SETTING_SIGN_ALG;
- goto loser;
- }
- srv = CRMF_CertRequestGetCertTemplateVersion(certReq, &version);
- if (srv != SECSuccess) {
- /* No version included in the request */
- *(newCert->version.data) = SEC_CERTIFICATE_VERSION_3;
- } else {
- SECITEM_FreeItem(&newCert->version, PR_FALSE);
- SEC_ASN1EncodeInteger(newCert->arena, &newCert->version, version);
- }
- SEC_ASN1EncodeItem(newCert->arena, &derCert, newCert,
- CERT_CertificateTemplate);
- if (derCert.data == NULL) {
- rv = ERROR_ENCODING_NEW_CERT;
- goto loser;
- }
- srv = SEC_DerSignData(newCert->arena, &(newCert->derCert), derCert.data,
- derCert.len, issuerPrivKey, signTag);
- if (srv != SECSuccess) {
- rv = ERROR_SIGNING_NEW_CERT;
- goto loser;
- }
-#ifdef WRITE_OUT_RESPONSE
- writeOutItem("newcert.der", &newCert->derCert);
-#endif
- return NO_ERROR;
- loser:
- *issuedCert = NULL;
- if (newCert) {
- CERT_DestroyCertificate(newCert);
- }
- return rv;
-
-}
-
-void
-formatCMMFResponse(char *nickname, char *base64Response)
-{
- char *currLine, *nextLine;
-
- printf("var retVal = crypto.importUserCertificates(\"%s\",\n", nickname);
- currLine = base64Response;
- while (1) {
- nextLine = strchr(currLine, '\n');
- if (nextLine == NULL) {
- /* print out the last line here. */
- printf ("\"%s\",\n", currLine);
- break;
- }
- nextLine[0] = '\0';
- printf("\"%s\\n\"+\n", currLine);
- currLine = nextLine+1;
- }
- printf("true);\n"
- "if(retVal == '') {\n"
- "\tdocument.write(\"<h1>New Certificate Succesfully Imported.</h1>\");\n"
- "} else {\n"
- "\tdocument.write(\"<h2>Unable to import New Certificate</h2>\");\n"
- "\tdocument.write(\"crypto.importUserCertificates returned <b>\");\n"
- "\tdocument.write(retVal);\n"
- "\tdocument.write(\"</b>\");\n"
- "}\n");
-}
-
-void
-spitOutCMMFResponse(char *nickname, char *base64Response)
-{
- spitOutHeaders();
- printf("<html>\n<head>\n<title>CMMF Resonse Page</title>\n</head>\n\n"
- "<body><h1>CMMF Response Page</h1>\n"
- "<script language=\"JavaScript\">\n"
- "<!--\n");
- formatCMMFResponse(nickname, base64Response);
- printf("// -->\n"
- "</script>\n</body>\n</html>");
-}
-
-char*
-getNickname(CERTCertificate *cert)
-{
- char *nickname;
-
- if (cert->nickname != NULL) {
- return cert->nickname;
- }
- nickname = CERT_GetCommonName(&cert->subject);
- if (nickname != NULL) {
- return nickname;
- }
- return CERT_NameToAscii(&cert->subject);
-}
-
-ErrorCode
-createCMMFResponse(CertResponseInfo *issuedCerts, int numCerts,
- CERTCertificate *issuerCert, char **base64der)
-{
- CMMFCertRepContent *certRepContent=NULL;
- ErrorCode rv = NO_ERROR;
- CMMFCertResponse **responses, *currResponse;
- CERTCertList *caList;
- int i;
- SECStatus srv;
- PRArenaPool *poolp;
- SECItem *der;
-
- certRepContent = CMMF_CreateCertRepContent();
- if (certRepContent == NULL) {
- rv = ERROR_CREATING_CERT_REP_CONTENT;
- goto loser;
- }
- responses = PORT_NewArray(CMMFCertResponse*, numCerts);
- if (responses == NULL) {
- rv = OUT_OF_MEMORY;
- goto loser;
- }
- for (i=0; i<numCerts;i++) {
- responses[i] = currResponse =
- CMMF_CreateCertResponse(issuedCerts[i].certReqID);
- if (currResponse == NULL) {
- rv = ERROR_CREATING_SINGLE_CERT_RESPONSE;
- goto loser;
- }
- CMMF_CertResponseSetPKIStatusInfoStatus(currResponse, cmmfGranted);
- CMMF_CertResponseSetCertificate(currResponse, issuedCerts[i].cert);
- }
- srv = CMMF_CertRepContentSetCertResponses(certRepContent, responses,
- numCerts);
- if (srv != SECSuccess) {
- rv = ERROR_SETTING_CERT_RESPONSES;
- goto loser;
- }
- caList = CERT_NewCertList();
- if (caList == NULL) {
- rv = ERROR_CREATING_CA_LIST;
- goto loser;
- }
- srv = CERT_AddCertToListTail(caList, issuerCert);
- if (srv != SECSuccess) {
- rv = ERROR_ADDING_ISSUER_TO_CA_LIST;
- goto loser;
- }
- srv = CMMF_CertRepContentSetCAPubs(certRepContent, caList);
- CERT_DestroyCertList(caList);
- poolp = PORT_NewArena(1024);
- der = SEC_ASN1EncodeItem(poolp, NULL, certRepContent,
- CMMFCertRepContentTemplate);
- if (der == NULL) {
- rv = ERROR_ENCODING_CERT_REP_CONTENT;
- goto loser;
- }
-#ifdef WRITE_OUT_RESPONSE
- writeOutItem("CertRepContent.der", der);
-#endif
- *base64der = BTOA_DataToAscii(der->data, der->len);
- return NO_ERROR;
- loser:
- return rv;
-}
-
-ErrorCode
-issueCerts(CertResponseInfo *issuedCerts, int numCerts,
- CERTCertificate *issuerCert)
-{
- ErrorCode rv;
- char *base64Response;
-
- rv = createCMMFResponse(issuedCerts, numCerts, issuerCert, &base64Response);
- if (rv != NO_ERROR) {
- goto loser;
- }
- spitOutCMMFResponse(getNickname(issuedCerts[0].cert),base64Response);
- return NO_ERROR;
- loser:
- return rv;
-}
-
-ErrorCode
-verifySignature(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
- CRMFCertRequest *certReq, CERTCertificate *newCert)
-{
- SECStatus srv;
- ErrorCode rv = NO_ERROR;
- CRMFPOPOSigningKey *signKey = NULL;
- SECAlgorithmID *algID = NULL;
- SECItem *signature = NULL;
- SECKEYPublicKey *pubKey = NULL;
- SECItem *reqDER = NULL;
-
- srv = CRMF_CertReqMsgGetPOPOSigningKey(currReq, &signKey);
- if (srv != SECSuccess || signKey == NULL) {
- rv = ERROR_RETRIEVING_POP_SIGN_KEY;
- goto loser;
- }
- algID = CRMF_POPOSigningKeyGetAlgID(signKey);
- if (algID == NULL) {
- rv = ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY;
- goto loser;
- }
- signature = CRMF_POPOSigningKeyGetSignature(signKey);
- if (signature == NULL) {
- rv = ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY;
- goto loser;
- }
- /* Make the length the number of bytes instead of bits */
- signature->len = (signature->len+7)/8;
- pubKey = CERT_ExtractPublicKey(newCert);
- if (pubKey == NULL) {
- rv = ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT;
- goto loser;
- }
- reqDER = SEC_ASN1EncodeItem(NULL, NULL, certReq, CRMFCertRequestTemplate);
- if (reqDER == NULL) {
- rv = ERROR_ENCODING_CERT_REQ_FOR_POP;
- goto loser;
- }
- srv = VFY_VerifyData(reqDER->data, reqDER->len, pubKey, signature,
- SECOID_FindOIDTag(&algID->algorithm), varTable);
- if (srv != SECSuccess) {
- rv = ERROR_VERIFYING_SIGNATURE_POP;
- goto loser;
- }
- /* Fall thru in successfull case. */
- loser:
- if (pubKey != NULL) {
- SECKEY_DestroyPublicKey(pubKey);
- }
- if (reqDER != NULL) {
- SECITEM_FreeItem(reqDER, PR_TRUE);
- }
- if (signature != NULL) {
- SECITEM_FreeItem(signature, PR_TRUE);
- }
- if (algID != NULL) {
- SECOID_DestroyAlgorithmID(algID, PR_TRUE);
- }
- if (signKey != NULL) {
- CRMF_DestroyPOPOSigningKey(signKey);
- }
- return rv;
-}
-
-ErrorCode
-doChallengeResponse(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
- CRMFCertRequest *certReq, CERTCertificate *newCert,
- ChallengeCreationInfo *challs, int *numChall)
-{
- CRMFPOPOPrivKey *privKey = NULL;
- CRMFPOPOPrivKeyChoice privKeyChoice;
- SECStatus srv;
- ErrorCode rv = NO_ERROR;
-
- srv = CRMF_CertReqMsgGetPOPKeyEncipherment(currReq, &privKey);
- if (srv != SECSuccess || privKey == NULL) {
- rv = ERROR_GETTING_KEY_ENCIPHERMENT;
- goto loser;
- }
- privKeyChoice = CRMF_POPOPrivKeyGetChoice(privKey);
- CRMF_DestroyPOPOPrivKey(privKey);
- switch (privKeyChoice) {
- case crmfSubsequentMessage:
- challs = &challs[*numChall];
- challs->random = rand();
- challs->pubKey = CERT_ExtractPublicKey(newCert);
- if (challs->pubKey == NULL) {
- rv = ERROR_RETRIEVING_PUB_KEY_FOR_CHALL;
- goto loser;
- }
- (*numChall)++;
- rv = DO_CHALLENGE_RESPONSE;
- break;
- case crmfThisMessage:
- /* There'd better be a PKIArchiveControl in this message */
- if (!CRMF_CertRequestIsControlPresent(certReq,
- crmfPKIArchiveOptionsControl)) {
- rv = ERROR_NO_POP_FOR_PRIVKEY;
- goto loser;
- }
- break;
- default:
- rv = ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE;
- goto loser;
- }
-loser:
- return rv;
-}
-
-ErrorCode
-doProofOfPossession(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
- CRMFCertRequest *certReq, CERTCertificate *newCert,
- ChallengeCreationInfo *challs, int *numChall)
-{
- CRMFPOPChoice popChoice;
- ErrorCode rv = NO_ERROR;
-
- popChoice = CRMF_CertReqMsgGetPOPType(currReq);
- if (popChoice == crmfNoPOPChoice) {
- rv = NO_POP_FOR_REQUEST;
- goto loser;
- }
- switch (popChoice) {
- case crmfSignature:
- rv = verifySignature(varTable, currReq, certReq, newCert);
- break;
- case crmfKeyEncipherment:
- rv = doChallengeResponse(varTable, currReq, certReq, newCert,
- challs, numChall);
- break;
- case crmfRAVerified:
- case crmfKeyAgreement:
- default:
- rv = UNSUPPORTED_POP;
- goto loser;
- }
- loser:
- return rv;
-}
-
-void
-convertB64ToJS(char *base64)
-{
- int i;
-
- for (i=0; base64[i] != '\0'; i++) {
- if (base64[i] == '\n') {
- printf ("\\n");
- }else {
- printf ("%c", base64[i]);
- }
- }
-}
-
-void
-formatChallenge(char *chall64, char *certRepContentDER,
- ChallengeCreationInfo *challInfo, int numChalls)
-{
- printf ("function respondToChallenge() {\n"
- " var chalForm = document.chalForm;\n\n"
- " chalForm.CertRepContent.value = '");
- convertB64ToJS(certRepContentDER);
- printf ("';\n"
- " chalForm.ChallResponse.value = crypto.popChallengeResponse('");
- convertB64ToJS(chall64);
- printf("');\n"
- " chalForm.submit();\n"
- "}\n");
-
-}
-
-void
-spitOutChallenge(char *chall64, char *certRepContentDER,
- ChallengeCreationInfo *challInfo, int numChalls,
- char *nickname)
-{
- int i;
-
- spitOutHeaders();
- printf("<html>\n"
- "<head>\n"
- "<title>Challenge Page</title>\n"
- "<script language=\"JavaScript\">\n"
- "<!--\n");
- /* The JavaScript function actually gets defined within
- * this function call
- */
- formatChallenge(chall64, certRepContentDER, challInfo, numChalls);
- printf("// -->\n"
- "</script>\n"
- "</head>\n"
- "<body onLoad='respondToChallenge()'>\n"
- "<h1>Cartman is now responding to the Challenge "
- "presented by the CGI</h1>\n"
- "<form action='crmfcgi' method='post' name='chalForm'>\n"
- "<input type='hidden' name=CertRepContent value=''>\n"
- "<input type='hidden' name=ChallResponse value=''>\n");
- for (i=0;i<numChalls; i++) {
- printf("<input type='hidden' name='chal%d' value='%d'>\n",
- i+1, challInfo[i].random);
- }
- printf("<input type='hidden' name='nickname' value='%s'>\n", nickname);
- printf("</form>\n</body>\n</html>");
-}
-
-ErrorCode
-issueChallenge(CertResponseInfo *issuedCerts, int numCerts,
- ChallengeCreationInfo *challInfo, int numChalls,
- CERTCertificate *issuer, CGIVarTable *varTable)
-{
- ErrorCode rv = NO_ERROR;
- CMMFPOPODecKeyChallContent *chalContent = NULL;
- int i;
- SECStatus srv;
- PRArenaPool *poolp;
- CERTGeneralName *genName;
- SECItem *challDER = NULL;
- char *chall64, *certRepContentDER;
-
- rv = createCMMFResponse(issuedCerts, numCerts, issuer,
- &certRepContentDER);
- if (rv != NO_ERROR) {
- goto loser;
- }
- chalContent = CMMF_CreatePOPODecKeyChallContent();
- if (chalContent == NULL) {
- rv = ERROR_CREATING_EMPTY_CHAL_CONTENT;
- goto loser;
- }
- poolp = PORT_NewArena(1024);
- if (poolp == NULL) {
- rv = OUT_OF_MEMORY;
- goto loser;
- }
- genName = CERT_GetCertificateNames(issuer, poolp);
- if (genName == NULL) {
- rv = ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER;
- goto loser;
- }
- for (i=0;i<numChalls;i++) {
- srv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent,
- challInfo[i].random,
- genName,
- challInfo[i].pubKey,
- varTable);
- SECKEY_DestroyPublicKey(challInfo[i].pubKey);
- if (srv != SECSuccess) {
- rv = ERROR_SETTING_CHALLENGE;
- goto loser;
- }
- }
- challDER = SEC_ASN1EncodeItem(NULL, NULL, chalContent,
- CMMFPOPODecKeyChallContentTemplate);
- if (challDER == NULL) {
- rv = ERROR_ENCODING_CHALL;
- goto loser;
- }
- chall64 = BTOA_DataToAscii(challDER->data, challDER->len);
- SECITEM_FreeItem(challDER, PR_TRUE);
- if (chall64 == NULL) {
- rv = ERROR_CONVERTING_CHALL_TO_BASE64;
- goto loser;
- }
- spitOutChallenge(chall64, certRepContentDER, challInfo, numChalls,
- getNickname(issuedCerts[0].cert));
- loser:
- return rv;
-}
-
-
-ErrorCode
-processRequest(CGIVarTable *varTable)
-{
- CERTCertDBHandle *certdb;
- SECKEYKeyDBHandle *keydb;
- CRMFCertReqMessages *certReqs = NULL;
- const char *crmfReq;
- const char *caNickname;
- CERTCertificate *caCert = NULL;
- CertResponseInfo *issuedCerts = NULL;
- CERTSubjectPublicKeyInfo spki = { 0 };
- ErrorCode rv=NO_ERROR;
- PRBool doChallengeResponse = PR_FALSE;
- SECItem der = { 0 };
- SECStatus srv;
- CERTCertificateRequest oldCertReq = { 0 };
- CRMFCertReqMsg **reqMsgs = NULL,*currReq = NULL;
- CRMFCertRequest **reqs = NULL, *certReq = NULL;
- CERTName subject = { 0 };
- int numReqs,i;
- ChallengeCreationInfo *challInfo=NULL;
- int numChalls = 0;
-
- certdb = CERT_GetDefaultCertDB();
- keydb = SECKEY_GetDefaultKeyDB();
- crmfReq = CGITableFindValue(varTable, "CRMFRequest");
- if (crmfReq == NULL) {
- rv = CGI_VAR_MISSING;
- missingVar = "CRMFRequest";
- goto loser;
- }
- caNickname = CGITableFindValue(varTable, "CANickname");
- if (caNickname == NULL) {
- rv = CGI_VAR_MISSING;
- missingVar = "CANickname";
- goto loser;
- }
- caCert = CERT_FindCertByNickname(certdb, caNickname);
- if (caCert == NULL) {
- rv = COULD_NOT_FIND_CA;
- goto loser;
- }
- srv = ATOB_ConvertAsciiToItem(&der, crmfReq);
- if (srv != SECSuccess) {
- rv = BAD_ASCII_FOR_REQ;
- goto loser;
- }
- certReqs = CRMF_CreateCertReqMessagesFromDER(der.data, der.len);
- SECITEM_FreeItem(&der, PR_FALSE);
- if (certReqs == NULL) {
- rv = COULD_NOT_DECODE_REQS;
- goto loser;
- }
- numReqs = CRMF_CertReqMessagesGetNumMessages(certReqs);
- issuedCerts = PORT_ZNewArray(CertResponseInfo, numReqs);
- challInfo = PORT_ZNewArray(ChallengeCreationInfo, numReqs);
- if (issuedCerts == NULL || challInfo == NULL) {
- rv = OUT_OF_MEMORY;
- goto loser;
- }
- reqMsgs = PORT_ZNewArray(CRMFCertReqMsg*, numReqs);
- reqs = PORT_ZNewArray(CRMFCertRequest*, numReqs);
- if (reqMsgs == NULL || reqs == NULL) {
- rv = OUT_OF_MEMORY;
- goto loser;
- }
- for (i=0; i<numReqs; i++) {
- currReq = reqMsgs[i] =
- CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqs, i);
- if (currReq == NULL) {
- rv = ERROR_RETRIEVING_REQUEST_MSG;
- goto loser;
- }
- certReq = reqs[i] = CRMF_CertReqMsgGetCertRequest(currReq);
- if (certReq == NULL) {
- rv = ERROR_RETRIEVING_CERT_REQUEST;
- goto loser;
- }
- srv = CRMF_CertRequestGetCertTemplateSubject(certReq, &subject);
- if (srv != SECSuccess) {
- rv = ERROR_RETRIEVING_SUBJECT_FROM_REQ;
- goto loser;
- }
- srv = CRMF_CertRequestGetCertTemplatePublicKey(certReq, &spki);
- if (srv != SECSuccess) {
- rv = ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ;
- goto loser;
- }
- rv = initOldCertReq(&oldCertReq, &subject, &spki);
- if (rv != NO_ERROR) {
- goto loser;
- }
- rv = createNewCert(&issuedCerts[i].cert, &oldCertReq, currReq, certReq,
- caCert, varTable);
- if (rv != NO_ERROR) {
- goto loser;
- }
- rv = doProofOfPossession(varTable, currReq, certReq, issuedCerts[i].cert,
- challInfo, &numChalls);
- if (rv != NO_ERROR) {
- if (rv == DO_CHALLENGE_RESPONSE) {
- doChallengeResponse = PR_TRUE;
- } else {
- goto loser;
- }
- }
- CRMF_CertReqMsgGetID(currReq, &issuedCerts[i].certReqID);
- CRMF_DestroyCertReqMsg(currReq);
- CRMF_DestroyCertRequest(certReq);
- }
- if (doChallengeResponse) {
- rv = issueChallenge(issuedCerts, numReqs, challInfo, numChalls, caCert,
- varTable);
- } else {
- rv = issueCerts(issuedCerts, numReqs, caCert);
- }
- loser:
- if (certReqs != NULL) {
- CRMF_DestroyCertReqMessages(certReqs);
- }
- return rv;
-}
-
-ErrorCode
-processChallengeResponse(CGIVarTable *varTable, const char *certRepContent)
-{
- SECItem binDER = { 0 };
- SECStatus srv;
- ErrorCode rv = NO_ERROR;
- const char *clientResponse;
- const char *formChalValue;
- const char *nickname;
- CMMFPOPODecKeyRespContent *respContent = NULL;
- int numResponses,i;
- long curResponse, expectedResponse;
- char cgiChalVar[10];
-#ifdef WRITE_OUT_RESPONSE
- SECItem certRepBinDER = { 0 };
-
- ATOB_ConvertAsciiToItem(&certRepBinDER, certRepContent);
- writeOutItem("challCertRepContent.der", &certRepBinDER);
- PORT_Free(certRepBinDER.data);
-#endif
- clientResponse = CGITableFindValue(varTable, "ChallResponse");
- if (clientResponse == NULL) {
- rv = REQ_CGI_VAR_NOT_PRESENT;
- missingVar = "ChallResponse";
- goto loser;
- }
- srv = ATOB_ConvertAsciiToItem(&binDER, clientResponse);
- if (srv != SECSuccess) {
- rv = ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN;
- goto loser;
- }
- respContent = CMMF_CreatePOPODecKeyRespContentFromDER(binDER.data,
- binDER.len);
- SECITEM_FreeItem(&binDER, PR_FALSE);
- binDER.data = NULL;
- if (respContent == NULL) {
- rv = ERROR_CREATING_KEY_RESP_FROM_DER;
- goto loser;
- }
- numResponses = CMMF_POPODecKeyRespContentGetNumResponses(respContent);
- for (i=0;i<numResponses;i++){
- srv = CMMF_POPODecKeyRespContentGetResponse(respContent,i,&curResponse);
- if (srv != SECSuccess) {
- rv = ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE;
- goto loser;
- }
- sprintf(cgiChalVar, "chal%d", i+1);
- formChalValue = CGITableFindValue(varTable, cgiChalVar);
- if (formChalValue == NULL) {
- rv = REQ_CGI_VAR_NOT_PRESENT;
- missingVar = strdup(cgiChalVar);
- goto loser;
- }
- sscanf(formChalValue, "%ld", &expectedResponse);
- if (expectedResponse != curResponse) {
- rv = ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED;
- goto loser;
- }
- }
- nickname = CGITableFindValue(varTable, "nickname");
- if (nickname == NULL) {
- rv = REQ_CGI_VAR_NOT_PRESENT;
- missingVar = "nickname";
- goto loser;
- }
- spitOutCMMFResponse(nickname, certRepContent);
- loser:
- if (respContent != NULL) {
- CMMF_DestroyPOPODecKeyRespContent(respContent);
- }
- return rv;
-}
-
-int
-main()
-{
- char *form_output = NULL;
- int form_output_len, form_output_used;
- CGIVarTable varTable = { 0 };
- ErrorCode errNum = 0;
- char *certRepContent;
-
-#ifdef ATTACH_CGI
- /* Put an ifinite loop in here so I can attach to
- * the process after the process is spun off
- */
- { int stupid = 1;
- while (stupid);
- }
-#endif
-
- form_output_used = 0;
- srand(time(NULL));
- while (feof(stdin) == 0) {
- if (form_output == NULL) {
- form_output = PORT_NewArray(char, DEFAULT_ALLOC_SIZE+1);
- form_output_len = DEFAULT_ALLOC_SIZE;
- } else if ((form_output_used + DEFAULT_ALLOC_SIZE) >= form_output_len) {
- form_output_len += DEFAULT_ALLOC_SIZE;
- form_output = PORT_Realloc(form_output, form_output_len+1);
- }
- form_output_used += fread(&form_output[form_output_used], sizeof(char),
- DEFAULT_ALLOC_SIZE, stdin);
- }
- ParseInputVariables(&varTable, form_output);
- certRepContent = CGITableFindValue(&varTable, "CertRepContent");
- if (certRepContent == NULL) {
- errNum = initNSS(&varTable);
- if (errNum != 0) {
- goto loser;
- }
- errNum = processRequest(&varTable);
- } else {
- errNum = processChallengeResponse(&varTable, certRepContent);
- }
- if (errNum != NO_ERROR) {
- goto loser;
- }
- goto done;
-loser:
- dumpErrorMessage(errNum);
-done:
- free (form_output);
- return 0;
-}
-
diff --git a/security/nss/cmd/crmf-cgi/crmfcgi.html b/security/nss/cmd/crmf-cgi/crmfcgi.html
deleted file mode 100644
index e91923ece..000000000
--- a/security/nss/cmd/crmf-cgi/crmfcgi.html
+++ /dev/null
@@ -1,165 +0,0 @@
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-
-<html>
-<head>
-<title>CRMF Test Page for PSM</title>
-<script language=javascript>
-var request;
-//This variable must be set to the first value
-//in the select field "testType" in the form.
-var keyGenType="SigningOnlyRSA";
-
-var requestedDN = "CN=Javi CA Shack ID, O=NSS";
-
-function setTestType() {
- var testType = document.crmfForm.testType;
-
- keyGenType = testType.options[testType.selectedIndex].value;
-}
-
-function setRequest() {
- with (document.crmfForm) {
- CRMFRequest.value = request.request;
- submit();
- }
-}
-
-function generateSignAndEncryptRSARequest() {
- request = crypto.generateCRMFRequest(requestedDN,
- null, null, null, "setRequest()",
- crypto.algorithms.rsa.keyEx.keySizes[0],
- null, "rsa-dual-use");
-}
-
-function generateSigningOnlyRSARequest() {
- request = crypto.generateCRMFRequest(requestedDN,null,null,null,"setRequest()",
- crypto.algorithms.rsa.signing.keySizes[0],
- null, "rsa-sign");
-}
-
-function generateEncryptionOnlyRSARequest() {
- request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()",
- crypto.algorithms.rsa.keyEx.keySizes[0],
- null, "rsa-ex");
-}
-
-function generateDualRSAKeys() {
- request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()",
- crypto.algorithms.rsa.keyEx.keySizes[0],
- null, "rsa-ex",
- crypto.algorithms.rsa.signing.keySizes[0],
- null, "rsa-sign");
-}
-
-function generateDSAKey() {
- request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()",
- crypto.algorithms.dsa.keySizes[0],
- null, "dsa-sign-nonrepudiation");
-}
-
-function processForm(form) {
- with (form) {
- if (typeof(crypto.version) == "undefined") {
- alert('You must be running PSM in order to use this page.');
- return false;
- }
- if (NSSDirectory.value == "") {
- alert('You must provide a path for NSS to use.');
- return false;
- }
- if (dbPassword.value == "") {
- alert('You must provide a password for the certificate database.');
- return false;
- }
- if (CANickname.value == "") {
- alert('You must provide a CA Nickname to use.');
- return false;
- }
- //Now do the correct key generation.
- if (keyGenType == "SignAndEncryptRSA") {
- generateSignAndEncryptRSARequest();
- } else if (keyGenType == "SigningOnlyRSA") {
- generateSigningOnlyRSARequest();
- } else if (keyGenType == "EncryptionOnlyRSA") {
- generateEncryptionOnlyRSARequest();
- } else if (keyGenType == "DualRSAKeys") {
- generateDualRSAKeys();
- } else if (keyGenType == "DSAKeyGen") {
- generateDSAKey();
- }
- }
- return true;
-}
-</script>
-</head>
-<body>
-<h1><center>CRMF Test page for PSM</center></h1>
-This page is designed to be used in combination with the executable
-produced by ns/security/cmd/crmf-cgi in a CGI environment. In order
-to successfully use this page, modify its action to post to a a server
-where you have installed the crmfcgi executable and you'll be able to
-test the functionality.
-<hr>
-<form name="crmfForm" method=post action="http://www.cgi-site.com/cgi-bin/crmfcgi">
-<h2>Certificate Database information</h2>
-First, enter all the information for the CGI to use for initializing
-NSS. The CGI will use the directory entered below as the directory
-where to look for the certificate and key databases.
-<pre>
-Path for NSS Config: <input size=40 type="text" name="NSSDirectory">
-</pre>
-Enter the password for the certificate database found in the direcotry
-above.
-<pre>
-Database Password: <input type="password" name="dbPassword" size=40>
-</pre>
-Now enter the nickname of the certificate to use for signing the
-certificate issued during this test.
-<pre>
-CA Nickname: <input size=40 type="text" name="CANickname">
-</pre>
-<h2>Now, figure out which type of key generation you want to test:</h2>
-<select name="testType" onChange="setTestType()">`
-<option value="SigningOnlyRSA">Signing Only-RSA
-<option value="EncryptionOnlyRSA">Encryption Only-RSA
-<option value="SignAndEncryptRSA">Sign and Encrypt Single Key -RSA
-<option value="DualRSAKeys">Dual Keys-RSA
-<option value="DSAKeyGen">DSA Key Gen
-</select>
-<input type="hidden" name=CRMFRequest value="">
-<hr>
-<input type="button" value="OK" onclick="processForm(document.crmfForm)">
-</form>
-</body>
-</html>
diff --git a/security/nss/cmd/crmf-cgi/manifest.mn b/security/nss/cmd/crmf-cgi/manifest.mn
deleted file mode 100644
index 98cd2c401..000000000
--- a/security/nss/cmd/crmf-cgi/manifest.mn
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-DEPTH = .
-MODULE = security
-
-EXPORTS = \
- $(NULL)
-
-CSRCS = \
- crmfcgi.c \
- $(NULL)
-
-
-REQUIRES = security dbm
-
-ifdef ATTACH_CGI
-DEFINES += -DATTACH_CGI
-endif
-
-ifdef WRITE_OUT_RESPONSE
-DEFINES += -DWRITE_OUT_RESPONSE
-endif
-
-PROGRAM = crmfcgi
-
diff --git a/security/nss/cmd/crmftest/Makefile b/security/nss/cmd/crmftest/Makefile
deleted file mode 100644
index 3c393e58d..000000000
--- a/security/nss/cmd/crmftest/Makefile
+++ /dev/null
@@ -1,99 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-include config.mk
-
-ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.2)
-OS_LIBS += -lsvld
-endif
-
-ifeq ($(OS_ARCH)$(OS_RELEASE), SunOS5.6)
-OS_LIBS += -ldl -lxnet -lposix4 -lsocket -lnsl
-endif
-
-ifeq ($(OS_ARCH), WINNT)
-EXTRA_LIBS += $(DIST)/lib/crmf.lib
-else
-EXTRA_LIBS += $(DIST)/lib/libcrmf.a
-endif
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-LDDIST = $(DIST)/lib
-
-ifeq ($(OS_ARCH), WINNT)
-EXTRA_LIBS += $(LDDIST)/sectool.lib
-endif
-
-lame:
- echo $(CPU_ARCH)
-
-include ../platrules.mk
diff --git a/security/nss/cmd/crmftest/config.mk b/security/nss/cmd/crmftest/config.mk
deleted file mode 100644
index 7dc65faac..000000000
--- a/security/nss/cmd/crmftest/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(PROGRAM)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-LIBRARY =
-
diff --git a/security/nss/cmd/crmftest/manifest.mn b/security/nss/cmd/crmftest/manifest.mn
deleted file mode 100644
index b27e4a3d8..000000000
--- a/security/nss/cmd/crmftest/manifest.mn
+++ /dev/null
@@ -1,53 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-DEPTH = .
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-EXPORTS = \
- $(NULL)
-
-CSRCS = \
- testcrmf.c \
- $(NULL)
-
-
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = dbm
-
-PROGRAM = crmftest
-
diff --git a/security/nss/cmd/crmftest/testcrmf.c b/security/nss/cmd/crmftest/testcrmf.c
deleted file mode 100644
index db9add0bc..000000000
--- a/security/nss/cmd/crmftest/testcrmf.c
+++ /dev/null
@@ -1,1527 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "crmf.h"
-#include "secrng.h"
-#include "secpkcs5.h"
-#include "pk11func.h"
-#include "pkcs11.h"
-#include "secmod.h"
-#include "secmodi.h"
-#include "key.h"
-#include "prio.h"
-#include "pqggen.h"
-#include "cmmf.h"
-#include "seccomon.h"
-#include "secmod.h"
-#include "prlock.h"
-#include "secmodi.h"
-#include "pkcs11.h"
-#include "pk11func.h"
-#include "secitem.h"
-#include "key.h"
-#include "rsa.h"
-#include "secpkcs5.h"
-#include "secasn1.h"
-#include "sechash.h"
-#include "cert.h"
-#include "secerr.h"
-#include <stdio.h>
-#include "prprf.h"
-#if !defined(XP_UNIX) && !defined(LINUX)
-extern int getopt(int, char **, char*);
-extern char *optarg;
-#endif
-#define MAX_KEY_LEN 512
-
-int64 notBefore;
-char *personalCert = NULL;
-char *recoveryEncrypter = NULL;
-char *caCertName = NULL;
-
-CERTCertDBHandle *db;
-SECKEYKeyDBHandle *keydb;
-
-void
-debug_test(SECItem *src, char *filePath)
-{
- PRFileDesc *fileDesc;
-
- fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
- if (fileDesc == NULL) {
- printf ("Could not cretae file %s.\n", filePath);
- return;
- }
- PR_Write(fileDesc, src->data, src->len);
-
-}
-
-SECStatus
-get_serial_number(long *dest)
-{
- RNGContext *rng;
- SECStatus rv;
-
- if (dest == NULL) {
- return SECFailure;
- }
- rng = RNG_CreateContext();
- if (rng == NULL) {
- *dest = 0;
- return SECFailure;
- }
- rv = RNG_GenerateRandomBytes(rng, (void*)dest, sizeof(long));
- RNG_DestroyContext(rng, PR_TRUE);
- return SECSuccess;
-}
-
-char *
-promptForPassword (PK11SlotInfo *slot, PRBool retry, void *cx)
-{
- char passWord[80];
- char *retPass = NULL;
-
- if (retry) {
- printf ("Incorrect password. Please re-enter the password.\n");
- }
- printf ("WARNING: Password will be echoed to the screen.\n");
- printf ("Please enter the password for slot \"%s\":",
- PK11_GetTokenName(slot));
- scanf ("%s", passWord);
- retPass = PORT_Strdup(passWord);
- return retPass;
-}
-
-PK11RSAGenParams *
-GetRSAParams(void)
-{
- PK11RSAGenParams *rsaParams;
-
- rsaParams = PORT_ZNew(PK11RSAGenParams);
-
- if (rsaParams == NULL)
- return NULL;
-
- rsaParams->keySizeInBits = MAX_KEY_LEN;
- rsaParams->pe = 0x1001;
-
- return rsaParams;
-
-}
-
-SECStatus
-SetSlotPassword(PK11SlotInfo *slot)
-{
- char userPin[80];
-
- printf ("Initialization of PIN's for your Database.\n");
- printf ("------------------------------------------\n");
- printf ("Please enter the PIN's for your Database.\n");
- printf ("Warning: ALL PIN'S WILL BE ECHOED TO SCREEN!!!\n");
- printf ("Now enter the PIN for the user: ");
- scanf ("%s", userPin);
- return PK11_InitPin (slot, NULL, userPin);
-}
-
-PQGParams*
-GetDSAParams(void)
-{
- PQGParams *params = NULL;
- PQGVerify *vfy = NULL;
-
- SECStatus rv;
-
- rv = PQG_ParamGen(0, &params, &vfy);
- if (rv != SECSuccess) {
- return NULL;
- }
- PQG_DestroyVerify(vfy);
- return params;
-}
-
-CERTSubjectPublicKeyInfo *
-GetSubjectPubKeyInfo(SECKEYPrivateKey **destPrivKey,
- SECKEYPublicKey **destPubKey) {
- CERTSubjectPublicKeyInfo *spki = NULL;
- SECKEYPrivateKey *privKey = NULL;
- SECKEYPublicKey *pubKey = NULL;
- PK11SlotInfo *keySlot = NULL;
- PK11RSAGenParams *rsaParams = NULL;
- PQGParams *dsaParams = NULL;
-
- keySlot = PK11_GetInternalKeySlot();
- PK11_Authenticate(keySlot, PR_FALSE, NULL);
- PK11_Authenticate(PK11_GetInternalSlot(), PR_FALSE, NULL);
- rsaParams = GetRSAParams();
- privKey = PK11_GenerateKeyPair(keySlot, CKM_RSA_PKCS_KEY_PAIR_GEN,
- (void*)rsaParams, &pubKey, PR_FALSE,
- PR_FALSE, NULL);
-/* dsaParams = GetDSAParams();
- if (dsaParams == NULL) {
- return NULL;
- }
- privKey = PK11_GenerateKeyPair(keySlot, CKM_DSA_KEY_PAIR_GEN,
- (void*)dsaParams, &pubKey, PR_FALSE,
- PR_FALSE, NULL);*/
- if (privKey == NULL || pubKey == NULL) {
- if (pubKey) {
- SECKEY_DestroyPublicKey(pubKey);
- }
- if (privKey) {
- SECKEY_DestroyPrivateKey(privKey);
- }
- return NULL;
- }
-
- spki = SECKEY_CreateSubjectPublicKeyInfo(pubKey);
- *destPrivKey = privKey;
- *destPubKey = pubKey;
- return spki;
-}
-
-
-SECStatus
-InitPKCS11(void)
-{
- PK11SlotInfo *cryptoSlot, *keySlot;
-
- PK11_SetPasswordFunc(promptForPassword);
-
- cryptoSlot = PK11_GetInternalSlot();
- keySlot = PK11_GetInternalKeySlot();
-
- if (PK11_NeedUserInit(cryptoSlot) && PK11_NeedLogin(cryptoSlot)) {
- if (SetSlotPassword (cryptoSlot) != SECSuccess) {
- printf ("Initializing the PIN's failed.\n");
- return SECFailure;
- }
- }
-
- if (PK11_NeedUserInit(keySlot) && PK11_NeedLogin(keySlot)) {
- if (SetSlotPassword (keySlot) != SECSuccess) {
- printf ("Initializing the PIN's failed.\n");
- return SECFailure;
- }
- }
-
- PK11_FreeSlot(cryptoSlot);
- PK11_FreeSlot(keySlot);
- return SECSuccess;
-}
-
-
-void
-WriteItOut (void *arg, const char *buf, unsigned long len)
-{
- PRFileDesc *fileDesc = (PRFileDesc*)arg;
-
- PR_Write(fileDesc, (void*)buf, len);
-}
-
-SECItem
-GetRandomBitString(void)
-{
-#define NUM_BITS 800
-#define BITS_IN_BYTE 8
- SECItem bitString;
- int numBytes = NUM_BITS/BITS_IN_BYTE;
- unsigned char *bits = PORT_ZNewArray(unsigned char, numBytes);
- RNGContext *rng;
-
- rng = RNG_CreateContext();
- RNG_GenerateRandomBytes(rng, (void*)bits, numBytes);
- RNG_DestroyContext(rng, PR_TRUE);
- bitString.data = bits;
- bitString.len = NUM_BITS;
- bitString.type = siBuffer;
- return bitString;
-}
-
-CRMFCertExtCreationInfo*
-GetExtensions(void)
-{
- CRMFCertExtCreationInfo *extInfo;
- CRMFCertExtension *currExt;
- CRMFCertExtension *extension;
- SECItem data;
- PRBool prFalse = PR_FALSE;
- unsigned char keyUsage[4];
-
- data.len = 4;
- data.data = keyUsage;
- keyUsage[0] = 0x03;
- keyUsage[1] = 0x02;
- keyUsage[2] = 0x07;
- keyUsage[3] = KU_DIGITAL_SIGNATURE;
- extension = CRMF_CreateCertExtension(SEC_OID_X509_KEY_USAGE,prFalse,
- &data);
- extInfo = PORT_ZNew(CRMFCertExtCreationInfo);
- extInfo->numExtensions = 1;
- extInfo->extensions = PORT_ZNewArray(CRMFCertExtension*, 1);
- extInfo->extensions[0] = extension;
- return extInfo;
-}
-
-void
-FreeExtInfo(CRMFCertExtCreationInfo *extInfo)
-{
- int i;
-
- for (i=0; i<extInfo->numExtensions; i++) {
- CRMF_DestroyCertExtension(extInfo->extensions[i]);
- }
- PORT_Free(extInfo->extensions);
- PORT_Free(extInfo);
-}
-
-int
-CreateCertRequest (CRMFCertRequest **inCertReq, SECKEYPrivateKey **privKey,
- SECKEYPublicKey **pubKey)
-{
- long serialNumber;
- long version = 3;
- char *issuerStr = PORT_Strdup ("CN=Javi's CA Shack, O=Information Systems");
- char *subjectStr = PORT_Strdup ("CN=Javi's CA Shack ID, O=Engineering, "
- "C=US");
- CRMFCertRequest *certReq;
- SECAlgorithmID * algID;
- CERTName *issuer, *subject;
- CRMFValidityCreationInfo validity;
- CERTSubjectPublicKeyInfo *spki;
- SECStatus rv;
- SECOidTag tag, tag2;
- SECItem issuerUID, subjectUID;
- CRMFCertExtCreationInfo *extInfo;
- CRMFEncryptedKey *encKey;
- CERTCertificate *caCert;
- CRMFPKIArchiveOptions *pkiArchOpt;
-
- *inCertReq = NULL;
- certReq = CRMF_CreateCertRequest(0x0ff02345);
- if (certReq == NULL) {
- printf ("Could not initialize a certificate request.\n");
- return 1;
- }
- rv = CRMF_CertRequestSetTemplateField (certReq, crmfVersion, (void*)(&version));
- if (rv != SECSuccess) {
- printf("Could not add the version number to the "
- "Certificate Request.\n");
- CRMF_DestroyCertRequest(certReq);
- return 2;
- }
-
- if (get_serial_number(&serialNumber) != SECSuccess) {
- printf ("Could not generate a serial number for cert request.\n");
- CRMF_DestroyCertRequest(certReq);
- return 3;
- }
-
- rv = CRMF_CertRequestSetTemplateField (certReq, crmfSerialNumber,
- (void*)(&serialNumber));
- if (rv != SECSuccess) {
- printf ("Could not add serial number to certificate template\n.");
- CRMF_DestroyCertRequest(certReq);
- return 4;
- }
-
- issuer = CERT_AsciiToName(issuerStr);
- if (issuer == NULL) {
- printf ("Could not create CERTName structure from %s.\n", issuerStr);
- CRMF_DestroyCertRequest(certReq);
- return 5;
- }
- rv = CRMF_CertRequestSetTemplateField (certReq, crmfIssuer, (void*) issuer);
- PORT_Free(issuerStr);
- CERT_DestroyName(issuer);
- if (rv != SECSuccess) {
- printf ("Could not add issuer to cert template\n");
- CRMF_DestroyCertRequest(certReq);
- return 6;
- }
-
- subject = CERT_AsciiToName(subjectStr);
- if (subject == NULL) {
- printf ("Could not create CERTName structure from %s.\n", subjectStr);
- CRMF_DestroyCertRequest(certReq);
- return 7;
- }
- PORT_Free(subjectStr);
- rv = CRMF_CertRequestSetTemplateField (certReq, crmfSubject, (void*)subject);
- if (rv != SECSuccess) {
- printf ("Could not add subject to cert template\n");
- CRMF_DestroyCertRequest(certReq);
- return 8;
- }
- CERT_DestroyName(subject);
-
- algID =
- SEC_PKCS5CreateAlgorithmID (SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
- NULL, 1);
- if (algID == NULL) {
- printf ("Couldn't create algorithm ID\n");
- CRMF_DestroyCertRequest(certReq);
- return 9;
- }
- rv = CRMF_CertRequestSetTemplateField(certReq, crmfSigningAlg, (void*)algID);
- SECOID_DestroyAlgorithmID(algID, PR_TRUE);
- if (rv != SECSuccess) {
- printf ("Could not add the signing algorithm to the cert template.\n");
- CRMF_DestroyCertRequest(certReq);
- return 10;
- }
-
- validity.notBefore = &notBefore;
- validity.notAfter = NULL;
- notBefore = PR_Now();
- rv = CRMF_CertRequestSetTemplateField(certReq, crmfValidity,(void*)(&validity));
- if (rv != SECSuccess) {
- printf ("Could not add validity to cert template\n");
- CRMF_DestroyCertRequest(certReq);
- return 11;
- }
-
- spki = GetSubjectPubKeyInfo(privKey, pubKey);
- if (spki == NULL) {
- printf ("Could not create a Subject Public Key Info to add\n");
- CRMF_DestroyCertRequest(certReq);
- return 12;
- }
- rv = CRMF_CertRequestSetTemplateField(certReq, crmfPublicKey, (void*)spki);
- SECKEY_DestroySubjectPublicKeyInfo(spki);
- if (rv != SECSuccess) {
- printf ("Could not add the public key to the template\n");
- CRMF_DestroyCertRequest(certReq);
- return 13;
- }
-
- caCert =
- CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
- caCertName);
- if (caCert == NULL) {
- printf ("Could not find the certificate for %s\n", caCertName);
- CRMF_DestroyCertRequest(certReq);
- return 50;
- }
-
- issuerUID = GetRandomBitString();
- subjectUID = GetRandomBitString();
- CRMF_CertRequestSetTemplateField(certReq,crmfIssuerUID, (void*)&issuerUID);
- CRMF_CertRequestSetTemplateField(certReq,crmfSubjectUID, (void*)&subjectUID);
- PORT_Free(issuerUID.data);
- PORT_Free(subjectUID.data);
- extInfo = GetExtensions();
- CRMF_CertRequestSetTemplateField(certReq, crmfExtension, (void*)extInfo);
- FreeExtInfo(extInfo);
- encKey = CRMF_CreateEncryptedKeyWithEncryptedValue(*privKey, caCert);
- CERT_DestroyCertificate(caCert);
- if (encKey == NULL) {
- printf ("Could not create Encrypted Key with Encrypted Value.\n");
- return 14;
- }
- pkiArchOpt = CRMF_CreatePKIArchiveOptions(crmfEncryptedPrivateKey, encKey);
- CRMF_DestroyEncryptedKey(encKey);
- if (pkiArchOpt == NULL) {
- printf ("Could not create PKIArchiveOptions.\n");
- return 15;
- }
- rv = CRMF_CertRequestSetPKIArchiveOptions(certReq, pkiArchOpt);
- CRMF_DestroyPKIArchiveOptions(pkiArchOpt);
- if (rv != SECSuccess) {
- printf ("Could not add the PKIArchiveControl to Cert Request.\n");
- return 16;
- }
- *inCertReq = certReq;
- return 0;
-}
-
-int
-Encode (CRMFCertReqMsg *inCertReq,
- CRMFCertReqMsg *secondReq, char *configdir)
-{
-#define PATH_LEN 150
-#define CRMF_FILE "CertReqMessages.der"
- char filePath[PATH_LEN];
- PRFileDesc *fileDesc;
- SECStatus rv;
- int irv = 0;
- CRMFCertReqMsg *msgArr[3];
- CRMFCertReqMsg *newMsg;
-
- PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE);
- fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
- if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- irv = 14;
- goto finish;
- }
-/* rv = CRMF_EncodeCertReqMsg (inCertReq, WriteItOut, (void*)fileDesc);*/
- msgArr[0] = inCertReq;
- msgArr[1] = secondReq;
- msgArr[2] = NULL;
- rv = CRMF_EncodeCertReqMessages(msgArr, WriteItOut, (void*)fileDesc);
- if (rv != SECSuccess) {
- printf ("An error occurred while encoding.\n");
- irv = 15;
- goto finish;
- }
- finish:
- PR_Close(fileDesc);
- return irv;
-}
-
-int
-AddProofOfPossession(CRMFCertReqMsg *certReqMsg, SECKEYPrivateKey *privKey,
- SECKEYPublicKey *pubKey, CRMFPOPChoice inPOPChoice)
-{
-
- switch(inPOPChoice){
- case crmfSignature:
- CRMF_CertReqMsgSetSignaturePOP(certReqMsg, privKey, pubKey, NULL, NULL,
- NULL);
- break;
- case crmfRAVerified:
- CRMF_CertReqMsgSetRAVerifiedPOP(certReqMsg);
- break;
- case crmfKeyEncipherment:
- CRMF_CertReqMsgSetKeyEnciphermentPOP(certReqMsg,
- crmfSubsequentMessage,
- crmfChallengeResp, NULL);
- break;
- case crmfKeyAgreement:
- {
- SECItem pendejo;
- unsigned char lame[] = { 0xf0, 0x0f, 0xf0, 0x0f, 0xf0 };
-
- pendejo.data = lame;
- pendejo.len = 5;
-
- CRMF_CertReqMsgSetKeyAgreementPOP(certReqMsg, crmfThisMessage,
- crmfNoSubseqMess, &pendejo);
- }
- break;
- default:
- return 1;
- }
- return 0;
-}
-
-#define BUFF_SIZE 150
-
-int
-Decode(char *configdir)
-{
- char filePath[PATH_LEN];
- unsigned char buffer[BUFF_SIZE];
- char *asn1Buff;
- PRFileDesc *fileDesc;
- PRInt32 fileLen = 0;
- PRInt32 bytesRead;
- CRMFCertReqMsg *certReqMsg;
- CRMFCertRequest *certReq;
- CRMFGetValidity validity= {NULL, NULL};
- CRMFCertReqMessages *certReqMsgs;
- int numMsgs, i;
- long lame;
-
- PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE);
- fileDesc = PR_Open(filePath, PR_RDONLY, 0644);
- while (1) {
- bytesRead = PR_Read(fileDesc, buffer, BUFF_SIZE);
- if (bytesRead <= 0) break;
- fileLen += bytesRead;
- }
- if (bytesRead < 0) {
- printf ("Error while getting the length of the file %s\n", filePath);
- return 200;
- }
-
- PR_Close(fileDesc);
- fileDesc = PR_Open(filePath, PR_RDONLY, 0644);
- asn1Buff = PORT_ZNewArray(char, fileLen);
- bytesRead = PR_Read(fileDesc, asn1Buff, fileLen);
- if (bytesRead != fileLen) {
- printf ("Error while reading in the contents of %s\n", filePath);
- return 201;
- }
- /*certReqMsg = CRMF_CreateCertReqMsgFromDER(asn1Buff, fileLen);
- if (certReqMsg == NULL) {
- printf ("Error while decoding the CertReqMsg\n");
- return 202;
- }
- certReq = CRMF_CertReqMsgGetCertRequest(certReqMsg);
-*/
- certReqMsgs = CRMF_CreateCertReqMessagesFromDER(asn1Buff, fileLen);
- if (certReqMsgs == NULL) {
- printf ("Error decoding CertReqMessages.\n");
- return 202;
- }
- numMsgs = CRMF_CertReqMessagesGetNumMessages(certReqMsgs);
- if (numMsgs <= 0) {
- printf ("WARNING: The DER contained %d messages.\n", numMsgs);
- }
- for (i=0; i < numMsgs; i++) {
- certReqMsg = CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqMsgs, i);
- if (certReqMsg == NULL) {
- printf ("ERROR: Could not access the message at index %d of %s\n",
- i, filePath);
- }
- CRMF_CertReqMsgGetID(certReqMsg, &lame);
- certReq = CRMF_CertReqMsgGetCertRequest(certReqMsg);
- CRMF_CertRequestGetCertTemplateValidity(certReq, &validity);
- CRMF_DestroyGetValidity(&validity);
- CRMF_DestroyCertRequest(certReq);
- CRMF_DestroyCertReqMsg(certReqMsg);
- }
- CRMF_DestroyCertReqMessages(certReqMsgs);
- PORT_Free(asn1Buff);
- return 0;
-}
-
-void
-GetBitsFromFile(char *filePath, SECItem *fileBits)
-{
- PRFileDesc *fileDesc;
- int bytesRead, fileLen=0;
- char buffer[BUFF_SIZE], *asn1Buf;
-
- fileDesc = PR_Open(filePath, PR_RDONLY, 0644);
- while (1) {
- bytesRead = PR_Read(fileDesc, buffer, BUFF_SIZE);
- if (bytesRead <= 0) break;
- fileLen += bytesRead;
- }
- if (bytesRead < 0) {
- printf ("Error while getting the length of file %s.\n", filePath);
- goto loser;
- }
- PR_Close(fileDesc);
-
- fileDesc = PR_Open(filePath, PR_RDONLY, 0644);
- asn1Buf = PORT_ZNewArray(char, fileLen);
- if (asn1Buf == NULL) {
- printf ("Out of memory in function GetBitsFromFile\n");
- goto loser;
- }
- bytesRead = PR_Read(fileDesc, asn1Buf, fileLen);
- if (bytesRead != fileLen) {
- printf ("Error while reading the contents of %s\n", filePath);
- goto loser;
- }
- fileBits->data = (unsigned char*)asn1Buf;
- fileBits->len = fileLen;
- return;
- loser:
- if (asn1Buf) {
- PORT_Free(asn1Buf);
- }
- fileBits->data = NULL;
- fileBits->len = 0;
-}
-
-int
-DecodeCMMFCertRepContent(char *derFile)
-{
- int fileLen=0;
- char *asn1Buf;
- SECItem fileBits;
- CMMFCertRepContent *certRepContent;
-
-
- GetBitsFromFile(derFile, &fileBits);
- if (fileBits.data == NULL) {
- printf("Could not get bits from file %s\n", derFile);
- return 304;
- }
- asn1Buf = (char*)fileBits.data;
- fileLen = fileBits.len;
- certRepContent = CMMF_CreateCertRepContentFromDER(db, asn1Buf, fileLen);
- if (certRepContent == NULL) {
- printf ("Error while decoding %s\n", derFile);
- return 303;
- }
- CMMF_DestroyCertRepContent(certRepContent);
- PORT_Free(asn1Buf);
- return 0;
-}
-
-int
-DoCMMFStuff(char *configdir)
-{
- CMMFCertResponse *certResp=NULL, *certResp2=NULL, *certResponses[3];
- CMMFCertRepContent *certRepContent=NULL;
- CERTCertificate *cert=NULL, *caCert=NULL;
- CERTCertList *list=NULL;
- PRFileDesc *fileDesc=NULL;
- char filePath[PATH_LEN];
- int rv = 0;
- long random;
- CMMFKeyRecRepContent *repContent=NULL;
- SECKEYPrivateKey *privKey = NULL;
- SECKEYPublicKey *caPubKey;
- SECStatus srv;
- SECItem fileBits;
-
- certResp = CMMF_CreateCertResponse(0xff123);
- CMMF_CertResponseSetPKIStatusInfoStatus(certResp, cmmfGranted);
- cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), personalCert);
- if (cert == NULL) {
- printf ("Could not find the certificate for %s\n", personalCert);
- rv = 416;
- goto finish;
- }
- CMMF_CertResponseSetCertificate(certResp, cert);
- certResp2 = CMMF_CreateCertResponse(0xff122);
- CMMF_CertResponseSetPKIStatusInfoStatus(certResp2, cmmfGranted);
- CMMF_CertResponseSetCertificate(certResp2, cert);
-
- certResponses[0] = certResp;
- certResponses[1] = NULL;
- certResponses[2] = NULL;
-
- certRepContent = CMMF_CreateCertRepContent();
- CMMF_CertRepContentSetCertResponses(certRepContent, certResponses, 1);
-
- list = CERT_GetCertChainFromCert(cert, PR_Now(), certUsageEmailSigner);
- CMMF_CertRepContentSetCAPubs(certRepContent, list);
-
- PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, "CertRepContent.der");
- fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
- if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- rv = 400;
- goto finish;
- }
-
- srv = CMMF_EncodeCertRepContent(certRepContent, WriteItOut,
- (void*)fileDesc);
- PORT_Assert (srv == SECSuccess);
- PR_Close(fileDesc);
- rv = DecodeCMMFCertRepContent(filePath);
- if (rv != 0) {
- goto finish;
- }
- random = 0xa4e7;
- caCert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
- caCertName);
- if (caCert == NULL) {
- printf ("Could not get the certifcate for %s\n", caCertName);
- rv = 411;
- goto finish;
- }
- repContent = CMMF_CreateKeyRecRepContent();
- if (repContent == NULL) {
- printf ("Could not allocate a CMMFKeyRecRepContent structure\n");
- rv = 407;
- goto finish;
- }
- srv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(repContent,
- cmmfGrantedWithMods);
- if (srv != SECSuccess) {
- printf ("Error trying to set PKIStatusInfo for "
- "CMMFKeyRecRepContent.\n");
- rv = 406;
- goto finish;
- }
- srv = CMMF_KeyRecRepContentSetNewSignCert(repContent, cert);
- if (srv != SECSuccess) {
- printf ("Error trying to set the new signing certificate for "
- "key recovery\n");
- rv = 408;
- goto finish;
- }
- srv = CMMF_KeyRecRepContentSetCACerts(repContent, list);
- if (srv != SECSuccess) {
- printf ("Errory trying to add the list of CA certs to the "
- "CMMFKeyRecRepContent structure.\n");
- rv = 409;
- goto finish;
- }
- privKey = PK11_FindKeyByAnyCert(cert, NULL);
- if (privKey == NULL) {
- printf ("Could not get the private key associated with the\n"
- "certificate %s\n", personalCert);
- rv = 410;
- goto finish;
- }
- caPubKey = CERT_ExtractPublicKey(caCert);
- if (caPubKey == NULL) {
- printf ("Could not extract the public from the "
- "certificate for \n%s\n", caCertName);
- rv = 412;
- goto finish;
- }
- CERT_DestroyCertificate(caCert);
- caCert = NULL;
- srv = CMMF_KeyRecRepContentSetCertifiedKeyPair(repContent, cert, privKey,
- caPubKey);
- SECKEY_DestroyPrivateKey(privKey);
- SECKEY_DestroyPublicKey(caPubKey);
- if (srv != SECSuccess) {
- printf ("Could not set the Certified Key Pair\n");
- rv = 413;
- goto finish;
- }
- PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir,
- "KeyRecRepContent.der");
- fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
- if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- rv = 414;
- goto finish;
- }
-
- srv = CMMF_EncodeKeyRecRepContent(repContent, WriteItOut,
- (void*)fileDesc);
- PORT_Assert (srv == SECSuccess);
- PR_Close(fileDesc);
- CMMF_DestroyKeyRecRepContent(repContent);
- GetBitsFromFile(filePath, &fileBits);
- repContent =
- CMMF_CreateKeyRecRepContentFromDER(db, (const char *) fileBits.data,
- fileBits.len);
- if (repContent == NULL) {
- printf ("ERROR: CMMF_CreateKeyRecRepContentFromDER failed on file:\n"
- "\t%s\n", filePath);
- rv = 415;
- goto finish;
- }
- finish:
- if (repContent) {
- CMMF_DestroyKeyRecRepContent(repContent);
- }
- if (cert) {
- CERT_DestroyCertificate(cert);
- }
- if (list) {
- CERT_DestroyCertList(list);
- }
- if (certResp) {
- CMMF_DestroyCertResponse(certResp);
- }
- if (certResp2) {
- CMMF_DestroyCertResponse(certResp2);
- }
- if (certRepContent) {
- CMMF_DestroyCertRepContent(certRepContent);
- }
- return rv;
-}
-
-static CK_MECHANISM_TYPE
-mapWrapKeyType(KeyType keyType)
-{
- switch (keyType) {
- case rsaKey:
- return CKM_RSA_PKCS;
- default:
- break;
- }
- return CKM_INVALID_MECHANISM;
-}
-
-#define KNOWN_MESSAGE_LENGTH 20 /*160 bits*/
-
-int
-DoKeyRecovery(char *configdir, SECKEYPrivateKey *privKey)
-{
- SECKEYPublicKey *pubKey;
- PK11SlotInfo *slot;
- CK_OBJECT_HANDLE id;
- CK_MECHANISM mech = { CKM_INVALID_MECHANISM, NULL, 0};
- unsigned char *known_message = (unsigned char*)"Known Crypto Message";
- unsigned char plaintext[KNOWN_MESSAGE_LENGTH];
- char filePath[PATH_LEN];
- CK_RV crv;
- unsigned char *ciphertext;
- CK_ULONG max_bytes_encrypted, bytes_encrypted;
- unsigned char *text_compared;
- CK_ULONG bytes_compared, bytes_decrypted;
- SECKEYPrivateKey *unwrappedPrivKey, *caPrivKey;
- CMMFKeyRecRepContent *keyRecRep;
- SECStatus rv;
- CERTCertificate *caCert, *myCert;
- SECKEYPublicKey *caPubKey;
- PRFileDesc *fileDesc;
- SECItem fileBits, nickname;
- CMMFCertifiedKeyPair *certKeyPair;
-
- /*caCert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
- caCertName);*/
- myCert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), personalCert);
- if (myCert == NULL) {
- printf ("Could not find the certificate for %s\n", personalCert);
- return 700;
- }
- caCert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
- recoveryEncrypter);
- if (caCert == NULL) {
- printf ("Could not find the certificate for %s\n", recoveryEncrypter);
- return 701;
- }
- caPubKey = CERT_ExtractPublicKey(caCert);
- pubKey = SECKEY_ConvertToPublicKey(privKey);
- max_bytes_encrypted = PK11_GetPrivateModulusLen(privKey);
- slot = PK11_GetBestSlot(mapWrapKeyType(privKey->keyType), NULL);
- id = PK11_ImportPublicKey(slot, pubKey, PR_FALSE);
- switch(privKey->keyType) {
- case rsaKey:
- mech.mechanism = CKM_RSA_PKCS;
- break;
- case dsaKey:
- mech.mechanism = CKM_DSA;
- break;
- case dhKey:
- mech.mechanism = CKM_DH_PKCS_DERIVE;
- break;
- default:
- printf ("Bad Key type in key recovery.\n");
- return 512;
-
- }
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_EncryptInit(slot->session, &mech, id);
- if (crv != CKR_OK) {
- PK11_ExitSlotMonitor(slot);
- PK11_FreeSlot(slot);
- printf ("C_EncryptInit failed in KeyRecovery\n");
- return 500;
- }
- ciphertext = PORT_NewArray(unsigned char, max_bytes_encrypted);
- if (ciphertext == NULL) {
- PK11_ExitSlotMonitor(slot);
- PK11_FreeSlot(slot);
- printf ("Could not allocate memory for ciphertext.\n");
- return 501;
- }
- bytes_encrypted = max_bytes_encrypted;
- crv = PK11_GETTAB(slot)->C_Encrypt(slot->session,
- known_message,
- KNOWN_MESSAGE_LENGTH,
- ciphertext,
- &bytes_encrypted);
- PK11_ExitSlotMonitor(slot);
- PK11_FreeSlot(slot);
- if (crv != CKR_OK) {
- PORT_Free(ciphertext);
- return 502;
- }
- /* Always use the smaller of these two values . . . */
- bytes_compared = ( bytes_encrypted > KNOWN_MESSAGE_LENGTH )
- ? KNOWN_MESSAGE_LENGTH
- : bytes_encrypted;
-
- /* If there was a failure, the plaintext */
- /* goes at the end, therefore . . . */
- text_compared = ( bytes_encrypted > KNOWN_MESSAGE_LENGTH )
- ? (ciphertext + bytes_encrypted -
- KNOWN_MESSAGE_LENGTH )
- : ciphertext;
-
- keyRecRep = CMMF_CreateKeyRecRepContent();
- if (keyRecRep == NULL) {
- PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- printf ("Could not allocate a CMMFKeyRecRepContent structre.\n");
- return 503;
- }
- rv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(keyRecRep,
- cmmfGranted);
- if (rv != SECSuccess) {
- PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- printf ("Could not set the status for the KeyRecRepContent\n");
- return 504;
- }
- /* The myCert here should correspond to the certificate corresponding
- * to the private key, but for this test any certificate will do.
- */
- rv = CMMF_KeyRecRepContentSetCertifiedKeyPair(keyRecRep, myCert,
- privKey, caPubKey);
- if (rv != SECSuccess) {
- PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- printf ("Could not set the Certified Key Pair\n");
- return 505;
- }
- PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir,
- "KeyRecRepContent.der");
- fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
- if (fileDesc == NULL) {
- PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- printf ("Could not open file %s\n", filePath);
- return 506;
- }
- rv = CMMF_EncodeKeyRecRepContent(keyRecRep, WriteItOut, fileDesc);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- PR_Close(fileDesc);
-
- if (rv != SECSuccess) {
- PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- printf ("Error while encoding CMMFKeyRecRepContent\n");
- return 507;
- }
- GetBitsFromFile(filePath, &fileBits);
- if (fileBits.data == NULL) {
- PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- printf ("Could not get the bits from file %s\n", filePath);
- return 508;
- }
- keyRecRep =
- CMMF_CreateKeyRecRepContentFromDER(db,(const char*)fileBits.data,
- fileBits.len);
- if (keyRecRep == NULL) {
- printf ("Could not decode the KeyRecRepContent in file %s\n",
- filePath);
- PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- return 509;
- }
- caPrivKey = PK11_FindKeyByAnyCert(caCert, NULL);
- if (CMMF_KeyRecRepContentGetPKIStatusInfoStatus(keyRecRep) !=
- cmmfGranted) {
- PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- printf ("A bad status came back with the "
- "KeyRecRepContent structure\n");
- return 510;
- }
-#define NICKNAME "Key Recovery Test Key"
- nickname.data = (unsigned char*)NICKNAME;
- nickname.len = PORT_Strlen(NICKNAME);
- certKeyPair = CMMF_KeyRecRepContentGetCertKeyAtIndex(keyRecRep, 0);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- rv = CMMF_CertifiedKeyPairUnwrapPrivKey(certKeyPair,
- caPrivKey,
- &nickname,
- PK11_GetInternalKeySlot(),
- db,
- &unwrappedPrivKey, NULL);
- CMMF_DestroyCertifiedKeyPair(certKeyPair);
- if (rv != SECSuccess) {
- printf ("Unwrapping the private key failed.\n");
- return 511;
- }
- /*Now let's try to decrypt the ciphertext with the "recovered" key*/
- PK11_EnterSlotMonitor(slot);
- crv =
- PK11_GETTAB(slot)->C_DecryptInit(unwrappedPrivKey->pkcs11Slot->session,
- &mech,
- unwrappedPrivKey->pkcs11ID);
- if (crv != CKR_OK) {
- PK11_ExitSlotMonitor(slot);
- PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- printf ("Decrypting with the recovered key failed.\n");
- return 513;
- }
- bytes_decrypted = KNOWN_MESSAGE_LENGTH;
- crv = PK11_GETTAB(slot)->C_Decrypt(unwrappedPrivKey->pkcs11Slot->session,
- ciphertext,
- bytes_encrypted, plaintext,
- &bytes_decrypted);
- SECKEY_DestroyPrivateKey(unwrappedPrivKey);
- PK11_ExitSlotMonitor(slot);
- PORT_Free(ciphertext);
- if (crv != CKR_OK) {
- PK11_FreeSlot(slot);
- printf ("Decrypting the ciphertext with recovered key failed.\n");
- return 514;
- }
- if ((bytes_decrypted != KNOWN_MESSAGE_LENGTH) ||
- (PORT_Memcmp(plaintext, known_message, KNOWN_MESSAGE_LENGTH) != 0)) {
- PK11_FreeSlot(slot);
- printf ("The recovered plaintext does not equal the known message:\n"
- "\tKnown message: %s\n"
- "\tRecovered plaintext: %s\n", known_message, plaintext);
- return 515;
- }
- return 0;
-}
-
-int
-DoChallengeResponse(char *configdir, SECKEYPrivateKey *privKey,
- SECKEYPublicKey *pubKey)
-{
- CMMFPOPODecKeyChallContent *chalContent = NULL;
- CMMFPOPODecKeyRespContent *respContent = NULL;
- CERTCertificate *myCert = NULL;
- CERTGeneralName *myGenName = NULL;
- PRArenaPool *poolp = NULL;
- SECItem DecKeyChallBits;
- long *randomNums;
- int numChallengesFound=0;
- int numChallengesSet = 1,i;
- long retrieved;
- char filePath[PATH_LEN];
- RNGContext *rng;
- SECStatus rv;
- PRFileDesc *fileDesc;
- SECItem *publicValue, *keyID;
- SECKEYPrivateKey *foundPrivKey;
-
- chalContent = CMMF_CreatePOPODecKeyChallContent();
- myCert = CERT_FindCertByNickname(db, personalCert);
- if (myCert == NULL) {
- printf ("Could not find the certificate for %s\n", personalCert);
- return 900;
- }
- poolp = PORT_NewArena(1024);
- if (poolp == NULL) {
- printf("Could no allocate a new arena in DoChallengeResponse\n");
- return 901;
- }
- myGenName = CERT_GetCertificateNames(myCert, poolp);
- if (myGenName == NULL) {
- printf ("Could not get the general names for %s certificate\n",
- personalCert);
- return 902;
- }
- randomNums = PORT_ArenaNewArray(poolp,long, numChallengesSet);
- rng = RNG_CreateContext();
- RNG_GenerateRandomBytes(rng, randomNums, numChallengesSet*sizeof(long));
- for (i=0; i<numChallengesSet; i++) {
- rv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent,
- randomNums[i],
- myGenName,
- pubKey,
- NULL);
- }
- RNG_DestroyContext(rng, PR_TRUE);
- if (rv != SECSuccess) {
- printf ("Could not set the challenge in DoChallengeResponse\n");
- return 903;
- }
- PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyChallContent.der",
- configdir);
- fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
- if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- return 904;
- }
- rv = CMMF_EncodePOPODecKeyChallContent(chalContent,WriteItOut,
- (void*)fileDesc);
- PR_Close(fileDesc);
- CMMF_DestroyPOPODecKeyChallContent(chalContent);
- if (rv != SECSuccess) {
- printf ("Could not encode the POPODecKeyChallContent.\n");
- return 905;
- }
- GetBitsFromFile(filePath, &DecKeyChallBits);
- chalContent =
- CMMF_CreatePOPODecKeyChallContentFromDER
- ((const char*)DecKeyChallBits.data, DecKeyChallBits.len);
- PORT_Free(DecKeyChallBits.data);
- if (chalContent == NULL) {
- printf ("Could not create the POPODecKeyChallContent from DER\n");
- return 906;
- }
- numChallengesFound =
- CMMF_POPODecKeyChallContentGetNumChallenges(chalContent);
- if (numChallengesFound != numChallengesSet) {
- printf ("Number of Challenges Found (%d) does not equal the number "
- "set (%d)\n", numChallengesFound, numChallengesSet);
- return 907;
- }
- for (i=0; i<numChallengesSet; i++) {
- publicValue = CMMF_POPODecKeyChallContentGetPublicValue(chalContent, i);
- if (publicValue == NULL) {
- printf("Could not get the public value for challenge at index %d\n",
- i);
- return 908;
- }
- keyID = PK11_MakeIDFromPubKey(publicValue);
- if (keyID == NULL) {
- printf ("Could not make the keyID from the public value\n");
- return 909;
- }
- foundPrivKey = PK11_FindKeyByKeyID(privKey->pkcs11Slot,keyID, NULL);
- if (foundPrivKey == NULL) {
- printf ("Could not find the private key corresponding to the public"
- " value.\n");
- return 910;
- }
- rv = CMMF_POPODecKeyChallContDecryptChallenge(chalContent, i,
- foundPrivKey);
- if (rv != SECSuccess) {
- printf ("Could not decrypt the challenge at index %d\n", i);
- return 911;
- }
- rv = CMMF_POPODecKeyChallContentGetRandomNumber(chalContent, i,
- &retrieved);
- if (rv != SECSuccess) {
- printf ("Could not get the random number from the challenge at "
- "index %d\n", i);
- return 912;
- }
- if (retrieved != randomNums[i]) {
- printf ("Retrieved the number (%d), expected (%d)\n", retrieved,
- randomNums[i]);
- return 913;
- }
- }
- CMMF_DestroyPOPODecKeyChallContent(chalContent);
- PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyRespContent.der",
- configdir);
- fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
- if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- return 914;
- }
- rv = CMMF_EncodePOPODecKeyRespContent(randomNums, numChallengesSet,
- WriteItOut, fileDesc);
- PR_Close(fileDesc);
- if (rv != 0) {
- printf ("Could not encode the POPODecKeyRespContent\n");
- return 915;
- }
- GetBitsFromFile(filePath, &DecKeyChallBits);
- respContent =
- CMMF_CreatePOPODecKeyRespContentFromDER((const char*)DecKeyChallBits.data,
- DecKeyChallBits.len);
- if (respContent == NULL) {
- printf ("Could not decode the contents of the file %s\n", filePath);
- return 916;
- }
- numChallengesFound =
- CMMF_POPODecKeyRespContentGetNumResponses(respContent);
- if (numChallengesFound != numChallengesSet) {
- printf ("Number of responses found (%d) does not match the number "
- "of challenges set (%d)\n",
- numChallengesFound, numChallengesSet);
- return 917;
- }
- for (i=0; i<numChallengesSet; i++) {
- rv = CMMF_POPODecKeyRespContentGetResponse(respContent, i, &retrieved);
- if (rv != SECSuccess) {
- printf ("Could not retrieve the response at index %d\n", i);
- return 918;
- }
- if (retrieved != randomNums[i]) {
- printf ("Retrieved the number (%ld), expected (%ld)\n", retrieved,
- randomNums[i]);
- return 919;
- }
-
- }
- CMMF_DestroyPOPODecKeyRespContent(respContent);
- return 0;
-}
-
-char *
-certdb_name_cb(void *arg, int dbVersion)
-{
- char *configdir = (char *)arg;
- char *dbver;
-
- switch (dbVersion) {
- case 7:
- dbver = "7";
- break;
- case 6:
- dbver = "6";
- break;
- case 5:
- dbver = "5";
- case 4:
- default:
- dbver = "";
- break;
- }
- return PR_smprintf("%s/cert%s.db", configdir, dbver);
-}
-
-SECStatus
-OpenCertDB(char *configdir)
-{
- CERTCertDBHandle *certdb;
- SECStatus status = SECFailure;
-
- certdb = PORT_ZNew(CERTCertDBHandle);
- if (certdb == NULL) {
- goto loser;
- }
- status = CERT_OpenCertDB(certdb, PR_TRUE, certdb_name_cb, configdir);
- if (status == SECSuccess) {
- CERT_SetDefaultCertDB(certdb);
- db = certdb;
- } else {
- PORT_Free(certdb);
- }
- loser:
- return status;
-}
-
-char *
-keydb_name_cb(void *arg, int dbVersion)
-{
- char *configdir = (char*) arg;
- char *dbver;
-
- switch(dbVersion){
- case 3:
- dbver = "3";
- break;
- case 2:
- default:
- dbver = "";
- break;
- }
- return PR_smprintf("%s/key%s.db", configdir, dbver);
-}
-
-SECStatus
-OpenKeyDB(char *configdir)
-{
- SECKEYKeyDBHandle *keydb;
-
- keydb = SECKEY_OpenKeyDB(PR_FALSE, keydb_name_cb, configdir);
- if (keydb == NULL) {
- return SECFailure;
- }
- SECKEY_SetDefaultKeyDB(keydb);
- return SECSuccess;
-}
-
-SECStatus
-OpenSecModDB(char *configdir)
-{
- char *secmodname = PR_smprintf("%d/secmod.db", configdir);
- if (secmodname == NULL) {
- return SECFailure;
- }
- SECMOD_init(secmodname);
- return SECSuccess;
-}
-
-void
-CloseHCL(void)
-{
- CERTCertDBHandle *certHandle;
- SECKEYKeyDBHandle *keyHandle;
-
- certHandle = CERT_GetDefaultCertDB();
- if (certHandle) {
- CERT_ClosePermCertDB(certHandle);
- }
- keyHandle = SECKEY_GetDefaultKeyDB();
- if (keyHandle) {
- SECKEY_CloseKeyDB(keyHandle);
- }
-}
-
-SECStatus
-InitHCL(char *configdir)
-{
- SECStatus status;
- SECStatus rv = SECFailure;
-
- RNG_RNGInit();
- RNG_SystemInfoForRNG();
-
- status = OpenCertDB(configdir);
- if (status != SECSuccess) {
- goto loser;
- }
-
- status = OpenKeyDB(configdir);
- if (status != SECSuccess) {
- goto loser;
- }
-
- status = OpenSecModDB(configdir);
- if (status != SECSuccess) {
- goto loser;
- }
-
- rv = SECSuccess;
-
- loser:
- if (rv != SECSuccess) {
- CloseHCL();
- }
- return rv;
-}
-void
-Usage (void)
-{
- printf ("Usage:\n"
- "\tcrmftest -d [Database Directory] -p [Personal Cert]\n"
- "\t -e [Encrypter] -s [CA Certificate]\n\n"
- "Database Directory\n"
- "\tThis is the directory where the key3.db, cert7.db, and\n"
- "\tsecmod.db files are located. This is also the directory\n"
- "\twhere the program will place CRMF/CMMF der files\n"
- "Personal Cert\n"
- "\tThis is the certificate that already exists in the cert\n"
- "\tdatabase to use while encoding the response. The private\n"
- "\tkey associated with the certificate must also exist in the\n"
- "\tkey database.\n"
- "Encrypter\n"
- "\tThis is the certificate to use when encrypting the the \n"
- "\tkey recovery response. The private key for this cert\n"
- "\tmust also be present in the key database.\n"
- "CA Certificate\n"
- "\tThis is the nickname of the certificate to use as the\n"
- "\tCA when doing all of the encoding.\n");
-}
-
-int
-main(int argc, char **argv)
-{
- CRMFCertRequest *certReq, *certReq2;
- CRMFCertReqMsg *certReqMsg;
- CRMFCertReqMsg *secondMsg;
- char *configdir;
- int irv;
- SECStatus rv;
- SECKEYPrivateKey *privKey;
- SECKEYPublicKey *pubKey;
- int o;
- PRBool hclInit = PR_FALSE, pArg = PR_FALSE, eArg = PR_FALSE,
- sArg = PR_FALSE;
-
- printf ("\ncrmftest v1.0\n");
- while (-1 != (o = getopt(argc, argv, "d:p:e:s:"))) {
- switch(o) {
- case 'd':
- configdir = PORT_Strdup(optarg);
- rv = InitHCL(configdir);
- if (rv != SECSuccess) {
- printf ("InitHCL failed\n");
- return 101;
- }
- hclInit = PR_TRUE;
- break;
- case 'p':
- personalCert = PORT_Strdup(optarg);
- if (personalCert == NULL) {
- return 603;
- }
- pArg = PR_TRUE;
- break;
- case 'e':
- recoveryEncrypter = PORT_Strdup(optarg);
- if (recoveryEncrypter == NULL) {
- return 602;
- }
- eArg = PR_TRUE;
- break;
- case 's':
- caCertName = PORT_Strdup(optarg);
- if (caCertName == NULL) {
- return 604;
- }
- sArg = PR_TRUE;
- break;
- default:
- Usage();
- return 601;
- }
- }
- if (!hclInit || !pArg || !eArg || !sArg) {
- Usage();
- return 600;
- }
-
- InitPKCS11();
-
- irv = CreateCertRequest(&certReq, &privKey, &pubKey);
- if (irv != 0 || certReq == NULL) {
- goto loser;
- }
-
- certReqMsg = CRMF_CreateCertReqMsg();
- secondMsg = CRMF_CreateCertReqMsg();
- CRMF_CertReqMsgSetCertRequest(certReqMsg, certReq);
- CRMF_CertReqMsgSetCertRequest(secondMsg, certReq);
-
- irv = AddProofOfPossession(certReqMsg, privKey, pubKey, crmfSignature);
- irv = AddProofOfPossession(secondMsg, privKey, pubKey, crmfKeyAgreement);
- irv = Encode (certReqMsg, secondMsg, configdir);
- if (irv != 0) {
- goto loser;
- }
-
- rv = CRMF_DestroyCertRequest (certReq);
- if (rv != SECSuccess) {
- printf ("Error when destroy certificate request.\n");
- irv = 100;
- goto loser;
- }
-
- rv = CRMF_DestroyCertReqMsg(certReqMsg);
- CRMF_DestroyCertReqMsg(secondMsg);
-
- irv = Decode (configdir);
- if (irv != 0) {
- printf("Error while decoding\n");
- goto loser;
- }
-
- if ((irv = DoCMMFStuff(configdir)) != 0) {
- printf ("CMMF tests failed.\n");
- goto loser;
- }
-
- if ((irv = DoKeyRecovery(configdir, privKey)) != 0) {
- printf ("Error doing key recovery\n");
- goto loser;
- }
-
- if ((irv = DoChallengeResponse(configdir, privKey, pubKey)) != 0) {
- printf ("Error doing challenge-response\n");
- goto loser;
- }
- printf ("Exiting successfully!!!\n\n");
- irv = 0;
-
- loser:
- CloseHCL();
- PORT_Free(configdir);
- return irv;
-}
diff --git a/security/nss/cmd/derdump/Makefile b/security/nss/cmd/derdump/Makefile
deleted file mode 100644
index 573c12cac..000000000
--- a/security/nss/cmd/derdump/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/derdump/derdump.c b/security/nss/cmd/derdump/derdump.c
deleted file mode 100644
index d3084ea6b..000000000
--- a/security/nss/cmd/derdump/derdump.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secutil.h"
-
-#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
-#if !defined(WIN32)
-extern int fprintf(FILE *, char *, ...);
-#endif
-#endif
-#include "plgetopt.h"
-
-static void Usage(char *progName)
-{
- fprintf(stderr,
- "Usage: %s [-r] [-i input] [-o output]\n",
- progName);
- fprintf(stderr, "%-20s For formatted items, dump raw bytes as well\n",
- "-r");
- fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
- fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
- exit(-1);
-}
-
-int main(int argc, char **argv)
-{
- char *progName;
- int option;
- FILE *outFile;
- PRFileDesc *inFile;
- SECItem der;
- SECStatus rv;
- int16 xp_error;
- PRBool raw = PR_FALSE;
- PLOptState *optstate;
- PLOptStatus status;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- /* Parse command line arguments */
- inFile = 0;
- outFile = 0;
- optstate = PL_CreateOptState(argc, argv, "i:o:r");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'i':
- inFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'r':
- raw = PR_TRUE;
- break;
-
- default:
- Usage(progName);
- break;
- }
- }
- if (status == PL_OPT_BAD)
- Usage(progName);
-
- if (!inFile) inFile = PR_STDIN;
- if (!outFile) outFile = stdout;
-
- rv = SECU_ReadDERFromFile(&der, inFile, PR_FALSE);
- if (rv == SECSuccess) {
- rv = DER_PrettyPrint(outFile, &der, raw);
- if (rv == SECSuccess)
- return 0;
- }
-
- xp_error = PORT_GetError();
- if (xp_error) {
- SECU_PrintError(progName, "error %d", xp_error);
- }
- if (errno) {
- SECU_PrintSystemError(progName, "errno=%d", errno);
- }
- return 1;
-}
diff --git a/security/nss/cmd/derdump/makefile.win b/security/nss/cmd/derdump/makefile.win
deleted file mode 100644
index 9a9d4edef..000000000
--- a/security/nss/cmd/derdump/makefile.win
+++ /dev/null
@@ -1,130 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-VERBOSE = 1
-include <manifest.mn>
-
-#cannot define PROGRAM in manifest compatibly with NT and UNIX
-PROGRAM = derdump
-PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
-include <$(DEPTH)\config\config.mak>
-
-# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
-# rules.mak will append C_OBJS onto OBJS.
-# OBJS = $(CSRCS:.c=.obj)
-
-# include files are looked for in $LINCS and $INCS.
-# $LINCS is in manifest.mnw, computed from REQUIRES=
-INCS = $(INCS) \
- -I$(DEPTH)/security/lib/cert \
- -I../include \
- $(NULL)
-
-IGNORE_ME = \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
- $(NULL)
-
-
-WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
-
-# these files are the content of libdbm
-DBM_LIB = \
- $(WINFE)/DB.obj \
- $(WINFE)/HASH.obj \
- $(WINFE)/H_BIGKEY.obj \
- $(WINFE)/H_PAGE.obj \
- $(WINFE)/H_LOG2.obj \
- $(WINFE)/H_FUNC.obj \
- $(WINFE)/HASH_BUF.obj \
- $(NULL)
-
-MOZ_LIBS = \
- $(WINFE)/ALLXPSTR.obj \
- $(WINFE)/XP_ERROR.obj \
- $(WINFE)/XPASSERT.obj \
- $(WINFE)/XP_REG.obj \
- $(WINFE)/XP_TRACE.obj \
- $(DBM_LIB) \
- $(WINFE)/XP_STR.obj \
- $(WINFE)/MKTEMP.obj \
- $(NULL)
-
-SEC_LIBS = \
- $(DIST)/lib/cert$(MOZ_BITS).lib \
- $(DIST)/lib/crypto$(MOZ_BITS).lib \
- $(DIST)/lib/hash$(MOZ_BITS).lib \
- $(DIST)/lib/key$(MOZ_BITS).lib \
- $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
- $(DIST)/lib/secmod$(MOZ_BITS).lib \
- $(DIST)/lib/secutl$(MOZ_BITS).lib \
- $(DIST)/lib/ssl$(MOZ_BITS).lib \
- $(NULL)
-
-LLFLAGS = $(LLFLAGS) \
- ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
- $(SEC_LIBS) \
- $(MOZ_LIBS) \
- $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
- $(LIBNSPR) \
- $(NULL)
-
-
-include <$(DEPTH)\config\rules.mak>
-
-INSTALL = $(MAKE_INSTALL)
-
-objs: $(OBJS)
-
-$(PROGRAM)::
- $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
-
-programs: $(PROGRAM)
-
-install:: $(TARGETS)
- $(INSTALL) $(TARGETS) $(DIST)/bin
-
-
-symbols:
- @echo "CSRCS = $(CSRCS)"
- @echo "INCS = $(INCS)"
- @echo "OBJS = $(OBJS)"
- @echo "LIBRARY = $(LIBRARY)"
- @echo "PROGRAM = $(PROGRAM)"
- @echo "TARGETS = $(TARGETS)"
- @echo "DIST = $(DIST)"
- @echo "VERSION_NUMBER = $(VERSION_NUMBER)"
- @echo "WINFE = $(WINFE)"
- @echo "DBM_LIB = $(DBM_LIB)"
- @echo "INSTALL = $(INSTALL)"
-
diff --git a/security/nss/cmd/derdump/manifest.mn b/security/nss/cmd/derdump/manifest.mn
deleted file mode 100644
index c00df3509..000000000
--- a/security/nss/cmd/derdump/manifest.mn
+++ /dev/null
@@ -1,49 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = seccmd dbm
-
-DEFINES = -DNSPR20
-
-CSRCS = derdump.c
-
-PROGRAM = derdump
diff --git a/security/nss/cmd/digest/Makefile b/security/nss/cmd/digest/Makefile
deleted file mode 100644
index 573c12cac..000000000
--- a/security/nss/cmd/digest/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/digest/digest.c b/security/nss/cmd/digest/digest.c
deleted file mode 100644
index b9987265b..000000000
--- a/security/nss/cmd/digest/digest.c
+++ /dev/null
@@ -1,250 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secutil.h"
-#include "pk11func.h"
-#include "secoid.h"
-
-#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
-#if !defined(WIN32)
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
-extern int fprintf(FILE *, char *, ...);
-#endif
-#endif
-
-#include "plgetopt.h"
-
-static SECOidData *
-HashTypeToOID(HASH_HashType hashtype)
-{
- SECOidTag hashtag;
-
- if (hashtype <= HASH_AlgNULL || hashtype >= HASH_AlgTOTAL)
- return NULL;
-
- switch (hashtype) {
- case HASH_AlgMD2:
- hashtag = SEC_OID_MD2;
- break;
- case HASH_AlgMD5:
- hashtag = SEC_OID_MD5;
- break;
- case HASH_AlgSHA1:
- hashtag = SEC_OID_SHA1;
- break;
- default:
- fprintf(stderr, "A new hash type has been added to HASH_HashType.\n");
- fprintf(stderr, "This program needs to be updated!\n");
- return NULL;
- }
-
- return SECOID_FindOIDByTag(hashtag);
-}
-
-static SECOidData *
-HashNameToOID(const char *hashName)
-{
- HASH_HashType htype;
- SECOidData *hashOID;
-
- for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) {
- hashOID = HashTypeToOID(htype);
- if (PORT_Strcasecmp(hashName, hashOID->desc) == 0)
- break;
- }
-
- if (htype == HASH_AlgTOTAL)
- return NULL;
-
- return hashOID;
-}
-
-static void
-Usage(char *progName)
-{
- HASH_HashType htype;
-
- fprintf(stderr,
- "Usage: %s -t type [-i input] [-o output]\n",
- progName);
- fprintf(stderr, "%-20s Specify the digest method (must be one of\n",
- "-t type");
- fprintf(stderr, "%-20s ", "");
- for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) {
- fprintf(stderr, HashTypeToOID(htype)->desc);
- if (htype == (HASH_AlgTOTAL - 2))
- fprintf(stderr, " or ");
- else if (htype != (HASH_AlgTOTAL - 1))
- fprintf(stderr, ", ");
- }
- fprintf(stderr, " (case ignored))\n");
- fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
- fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
- exit(-1);
-}
-
-static int
-DigestFile(FILE *outFile, FILE *inFile, SECOidData *hashOID)
-{
- int nb;
- unsigned char ibuf[4096], digest[32];
- PK11Context *hashcx;
- unsigned int len;
- SECStatus rv;
-
- hashcx = PK11_CreateDigestContext(hashOID->offset);
- if (hashcx == NULL) {
- return -1;
- }
- PK11_DigestBegin(hashcx);
-
-
- for (;;) {
- if (feof(inFile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb != sizeof(ibuf)) {
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- PK11_DestroyContext(hashcx,PR_TRUE);
- return -1;
- }
- /* eof */
- break;
- }
- }
- rv = PK11_DigestOp(hashcx, ibuf, nb);
- if (rv != SECSuccess) {
- PK11_DestroyContext(hashcx, PR_TRUE);
- return -1;
- }
- }
-
- rv = PK11_DigestFinal(hashcx, digest, &len, 32);
- PK11_DestroyContext(hashcx, PR_TRUE);
-
- if (rv != SECSuccess) return -1;
-
- nb = fwrite(digest, 1, len, outFile);
- if (nb != len) {
- PORT_SetError(SEC_ERROR_IO);
- return -1;
- }
-
- return 0;
-}
-
-#include "nss.h"
-
-int
-main(int argc, char **argv)
-{
- char *progName;
- int opt;
- FILE *inFile, *outFile;
- char *hashName;
- SECOidData *hashOID;
- PLOptState *optstate;
- PLOptStatus status;
- SECStatus rv;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- inFile = NULL;
- outFile = NULL;
- hashName = NULL;
-
- rv = NSS_Init("/tmp");
- if (rv != SECSuccess) {
- fprintf(stderr, "%s: NSS_Init failed in directory %s\n",
- progName, "/tmp");
- return -1;
- }
-
- /*
- * Parse command line arguments
- */
- optstate = PL_CreateOptState(argc, argv, "t:i:o:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'i':
- inFile = fopen(optstate->value, "r");
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 't':
- hashName = strdup(optstate->value);
- break;
- }
- }
-
- if (!hashName) Usage(progName);
-
- if (!inFile) inFile = stdin;
- if (!outFile) outFile = stdout;
-
- hashOID = HashNameToOID(hashName);
- if (hashOID == NULL) {
- fprintf(stderr, "%s: invalid digest type\n", progName);
- Usage(progName);
- }
-
- if (DigestFile(outFile, inFile, hashOID)) {
- fprintf(stderr, "%s: problem digesting data (%s)\n",
- progName, SECU_Strerror(PORT_GetError()));
- return -1;
- }
-
- return 0;
-}
diff --git a/security/nss/cmd/digest/makefile.win b/security/nss/cmd/digest/makefile.win
deleted file mode 100644
index e8ec27ca2..000000000
--- a/security/nss/cmd/digest/makefile.win
+++ /dev/null
@@ -1,130 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-VERBOSE = 1
-include <manifest.mn>
-
-#cannot define PROGRAM in manifest compatibly with NT and UNIX
-PROGRAM = digest
-PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
-include <$(DEPTH)\config\config.mak>
-
-# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
-# rules.mak will append C_OBJS onto OBJS.
-# OBJS = $(CSRCS:.c=.obj)
-
-# include files are looked for in $LINCS and $INCS.
-# $LINCS is in manifest.mnw, computed from REQUIRES=
-INCS = $(INCS) \
- -I$(DEPTH)/security/lib/cert \
- -I../include \
- $(NULL)
-
-IGNORE_ME = \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
- $(NULL)
-
-
-WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
-
-# these files are the content of libdbm
-DBM_LIB = \
- $(WINFE)/DB.obj \
- $(WINFE)/HASH.obj \
- $(WINFE)/H_BIGKEY.obj \
- $(WINFE)/H_PAGE.obj \
- $(WINFE)/H_LOG2.obj \
- $(WINFE)/H_FUNC.obj \
- $(WINFE)/HASH_BUF.obj \
- $(NULL)
-
-MOZ_LIBS = \
- $(WINFE)/ALLXPSTR.obj \
- $(WINFE)/XP_ERROR.obj \
- $(WINFE)/XPASSERT.obj \
- $(WINFE)/XP_REG.obj \
- $(WINFE)/XP_TRACE.obj \
- $(DBM_LIB) \
- $(WINFE)/XP_STR.obj \
- $(WINFE)/MKTEMP.obj \
- $(NULL)
-
-SEC_LIBS = \
- $(DIST)/lib/cert$(MOZ_BITS).lib \
- $(DIST)/lib/crypto$(MOZ_BITS).lib \
- $(DIST)/lib/hash$(MOZ_BITS).lib \
- $(DIST)/lib/key$(MOZ_BITS).lib \
- $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
- $(DIST)/lib/secmod$(MOZ_BITS).lib \
- $(DIST)/lib/secutl$(MOZ_BITS).lib \
- $(DIST)/lib/ssl$(MOZ_BITS).lib \
- $(NULL)
-
-LLFLAGS = $(LLFLAGS) \
- ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
- $(SEC_LIBS) \
- $(MOZ_LIBS) \
- $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
- $(LIBNSPR) \
- $(NULL)
-
-
-include <$(DEPTH)\config\rules.mak>
-
-INSTALL = $(MAKE_INSTALL)
-
-objs: $(OBJS)
-
-$(PROGRAM)::
- $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
-
-programs: $(PROGRAM)
-
-install:: $(TARGETS)
- $(INSTALL) $(TARGETS) $(DIST)/bin
-
-
-symbols:
- @echo "CSRCS = $(CSRCS)"
- @echo "INCS = $(INCS)"
- @echo "OBJS = $(OBJS)"
- @echo "LIBRARY = $(LIBRARY)"
- @echo "PROGRAM = $(PROGRAM)"
- @echo "TARGETS = $(TARGETS)"
- @echo "DIST = $(DIST)"
- @echo "VERSION_NUMBER = $(VERSION_NUMBER)"
- @echo "WINFE = $(WINFE)"
- @echo "DBM_LIB = $(DBM_LIB)"
- @echo "INSTALL = $(INSTALL)"
-
diff --git a/security/nss/cmd/digest/manifest.mn b/security/nss/cmd/digest/manifest.mn
deleted file mode 100644
index 8150b2c1d..000000000
--- a/security/nss/cmd/digest/manifest.mn
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = seccmd dbm
-
-DEFINES = -DNSPR20
-
-CSRCS = digest.c
-
-PROGRAM = digest
-
diff --git a/security/nss/cmd/include/secnew.h b/security/nss/cmd/include/secnew.h
deleted file mode 100644
index eb4c30acd..000000000
--- a/security/nss/cmd/include/secnew.h
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifndef __secnew_h_
-#define __secnew_h_
-
-#include <stdio.h>
-
-typedef struct BERTemplateStr BERTemplate;
-typedef struct BERParseStr BERParse;
-typedef struct SECArbStr SECArb;
-
-/*
- * An array of these structures define an encoding for an object using
- * DER. The array is terminated with an entry where kind == 0.
- */
-struct BERTemplateStr {
- /* Kind of item to decode/encode */
- unsigned long kind;
-
- /*
- * Offset from base of structure to SECItem that will hold
- * decoded/encoded value.
- */
- unsigned short offset;
-
- /*
- * Used with DER_SET or DER_SEQUENCE. If not zero then points to a
- * sub-template. The sub-template is filled in and completed before
- * continuing on.
- */
- BERTemplate *sub;
-
- /*
- * Argument value, dependent on kind. Size of structure to allocate
- * when kind==DER_POINTER For Context-Specific Implicit types its the
- * underlying type to use.
- */
- unsigned long arg;
-};
-
-/*
- * an arbitrary object
- */
-struct SECArbStr {
- unsigned long tag; /* NOTE: does not support high tag form */
- unsigned long length; /* as reported in stream */
- union {
- SECItem item;
- struct {
- int numSubs;
- SECArb **subs;
- } cons;
- } body;
-};
-
-/*
- * Decode a piece of der encoded data.
- * "dest" points to a structure that will be filled in with the
- * decoding results.
- * "t" is a template structure which defines the shape of the
- * expected data.
- * "src" is the ber encoded data.
- */
-
-extern SECStatus BER_Decode(PRArenaPool * arena, void *dest, BERTemplate *t,
- SECArb *arb);
-
-
-/*
- * Encode a data structure into DER.
- * "dest" will be filled in (and memory allocated) to hold the der
- * encoded structure in "src"
- * "t" is a template structure which defines the shape of the
- * stored data
- * "src" is a pointer to the structure that will be encoded
- */
-
-extern SECStatus BER_Encode(PRArenaPool *arena, SECItem *dest, BERTemplate *t,
- void *src);
-
-/*
- * Client provided function that will get called with all the bytes
- * passing through the parser
- */
-typedef void (*BERFilterProc)(void *instance, unsigned char *buf, int length);
-
-/*
- * Client provided function that can will be called after the tag and
- * length information has been collected. It can be set up to be called
- * either before or after the data has been colleced.
- */
-typedef void (*BERNotifyProc)(
- void *instance, SECArb *arb, int depth, PRBool before);
-
-extern BERParse *BER_ParseInit(PRArenaPool *arena, PRBool forceDER);
-extern SECArb *BER_ParseFini(BERParse *h);
-extern SECStatus BER_ParseSome(BERParse *h, unsigned char *buf, int len);
-
-extern void BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance);
-extern void BER_SetLeafStorage(BERParse *h, PRBool keep);
-extern void BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance,
- PRBool beforeData);
-
-/*
- * A BERUnparseProc is used as a callback to put the encoded SECArb tree
- * tree to some stream. It returns PR_TRUE if the unparsing is to be
- * aborted.
- */
-typedef SECStatus (*BERUnparseProc)(
- void *instance, unsigned char *data, int length, SECArb* arb);
-
-/*
- * BER_Unparse walks the SECArb tree calling the BERUnparseProc with
- * various pieces. It returns SECFailure if there was an error during that
- * tree walk.
- */
-extern SECStatus BER_Unparse(SECArb *arb, BERUnparseProc proc, void *instance);
-
-/*
- * BER_ResolveLengths does a recursive walk through the tree generating
- * non-zero entries for the length field of each node. It will fail if it
- * discoveres a non-constructed node with a unknown length data field.
- * Leaves are supposed to be of known length.
- */
-extern SECStatus BER_ResolveLengths(SECArb *arb);
-
-/*
- * BER_PRettyPrintArb will write an ASCII version of the tree to the FILE
- * out.
- */
-extern SECStatus BER_PrettyPrintArb(FILE *out, SECArb* a);
-
-#endif /* __secnew_h_ */
diff --git a/security/nss/cmd/keyutil/Makefile b/security/nss/cmd/keyutil/Makefile
deleted file mode 100644
index a2ed814be..000000000
--- a/security/nss/cmd/keyutil/Makefile
+++ /dev/null
@@ -1,73 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-include ../platrules.mk
diff --git a/security/nss/cmd/keyutil/keyutil.c b/security/nss/cmd/keyutil/keyutil.c
deleted file mode 100644
index 65e6ad8b0..000000000
--- a/security/nss/cmd/keyutil/keyutil.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "secutil.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#include <sys/time.h>
-#include <termios.h>
-#endif
-
-#include "secopt.h"
-
-#if defined(XP_WIN)
-#include <time.h>
-#include <conio.h>
-#endif
-
-#if defined(__sun) && !defined(SVR4)
-extern int fclose(FILE*);
-extern int fprintf(FILE *, char *, ...);
-extern int getopt(int, char**, char*);
-extern int isatty(int);
-extern char *optarg;
-extern char *sys_errlist[];
-#define strerror(errno) sys_errlist[errno]
-#endif
-
-#include "nspr.h"
-#include "prtypes.h"
-#include "prtime.h"
-#include "prlong.h"
-
-static char *progName;
-
-static SECStatus
-ListKeys(SECKEYKeyDBHandle *handle, FILE *out)
-{
- int rt;
-
- rt = SECU_PrintKeyNames(handle, out);
- if (rt) {
- SECU_PrintError(progName, "unable to list nicknames");
- return SECFailure;
- }
- return SECSuccess;
-}
-
-static SECStatus
-DumpPublicKey(SECKEYKeyDBHandle *handle, char *nickname, FILE *out)
-{
- SECKEYLowPrivateKey *privKey;
- SECKEYLowPublicKey *publicKey;
-
- /* check if key actually exists */
- if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) {
- SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
- return SECFailure;
- }
-
- /* Read in key */
- privKey = SECU_GetPrivateKey(handle, nickname);
- if (!privKey) {
- return SECFailure;
- }
-
- publicKey = SECKEY_LowConvertToPublicKey(privKey);
-
- /* Output public key (in the clear) */
- switch(publicKey->keyType) {
- case rsaKey:
- fprintf(out, "RSA Public-Key:\n");
- SECU_PrintInteger(out, &publicKey->u.rsa.modulus, "modulus", 1);
- SECU_PrintInteger(out, &publicKey->u.rsa.publicExponent,
- "publicExponent", 1);
- break;
- case dsaKey:
- fprintf(out, "DSA Public-Key:\n");
- SECU_PrintInteger(out, &publicKey->u.dsa.params.prime, "prime", 1);
- SECU_PrintInteger(out, &publicKey->u.dsa.params.subPrime,
- "subPrime", 1);
- SECU_PrintInteger(out, &publicKey->u.dsa.params.base, "base", 1);
- SECU_PrintInteger(out, &publicKey->u.dsa.publicValue, "publicValue", 1);
- break;
- default:
- fprintf(out, "unknown key type\n");
- break;
- }
- return SECSuccess;
-}
-
-static SECStatus
-DumpPrivateKey(SECKEYKeyDBHandle *handle, char *nickname, FILE *out)
-{
- SECKEYLowPrivateKey *key;
-
- /* check if key actually exists */
- if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) {
- SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
- return SECFailure;
- }
-
- /* Read in key */
- key = SECU_GetPrivateKey(handle, nickname);
- if (!key) {
- SECU_PrintError(progName, "error retrieving key");
- return SECFailure;
- }
-
- switch(key->keyType) {
- case rsaKey:
- fprintf(out, "RSA Private-Key:\n");
- SECU_PrintInteger(out, &key->u.rsa.modulus, "modulus", 1);
- SECU_PrintInteger(out, &key->u.rsa.publicExponent, "publicExponent", 1);
- SECU_PrintInteger(out, &key->u.rsa.privateExponent,
- "privateExponent", 1);
- SECU_PrintInteger(out, &key->u.rsa.prime1, "prime1", 1);
- SECU_PrintInteger(out, &key->u.rsa.prime2, "prime2", 1);
- SECU_PrintInteger(out, &key->u.rsa.exponent1, "exponent1", 1);
- SECU_PrintInteger(out, &key->u.rsa.exponent2, "exponent2", 1);
- SECU_PrintInteger(out, &key->u.rsa.coefficient, "coefficient", 1);
- break;
- case dsaKey:
- fprintf(out, "DSA Private-Key:\n");
- SECU_PrintInteger(out, &key->u.dsa.params.prime, "prime", 1);
- SECU_PrintInteger(out, &key->u.dsa.params.subPrime, "subPrime", 1);
- SECU_PrintInteger(out, &key->u.dsa.params.base, "base", 1);
- SECU_PrintInteger(out, &key->u.dsa.publicValue, "publicValue", 1);
- SECU_PrintInteger(out, &key->u.dsa.privateValue, "privateValue", 1);
- break;
- default:
- fprintf(out, "unknown key type\n");
- break;
- }
- return SECSuccess;
-}
-
-static SECStatus
-ChangePassword(SECKEYKeyDBHandle *handle)
-{
- SECStatus rv;
-
- /* Write out database with a new password */
- rv = SECU_ChangeKeyDBPassword(handle, NULL);
- if (rv) {
- SECU_PrintError(progName, "unable to change key password");
- }
- return rv;
-}
-
-static SECStatus
-DeletePrivateKey (SECKEYKeyDBHandle *keyHandle, char *nickName)
-{
- SECStatus rv;
-
- rv = SECU_DeleteKeyByName (keyHandle, nickName);
- if (rv != SECSuccess)
- fprintf(stderr, "%s: problem deleting private key (%s)\n",
- progName, SECU_Strerror(PR_GetError()));
- return (rv);
-
-}
-
-
-static void
-Usage(const char *progName)
-{
- fprintf(stderr,
- "Usage: %s -p name [-d keydir]\n", progName);
- fprintf(stderr,
- " %s -P name [-d keydir]\n", progName);
- fprintf(stderr,
- " %s -D name [-d keydir]\n", progName);
- fprintf(stderr,
- " %s -l [-d keydir]\n", progName);
- fprintf(stderr,
- " %s -c [-d keydir]\n", progName);
-
- fprintf(stderr, "%-20s Pretty print public key info for named key\n",
- "-p nickname");
- fprintf(stderr, "%-20s Pretty print private key info for named key\n",
- "-P nickname");
- fprintf(stderr, "%-20s Delete named private key from the key database\n",
- "-D nickname");
- fprintf(stderr, "%-20s List the nicknames for the keys in a database\n",
- "-l");
- fprintf(stderr, "%-20s Change the key database password\n",
- "-c");
- fprintf(stderr, "\n");
- fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
- "-d keydir");
-
- exit(-1);
-}
-
-int main(int argc, char **argv)
-{
- int o, changePassword, deleteKey, dumpPublicKey, dumpPrivateKey, list;
- char *nickname;
- SECStatus rv;
- SECKEYKeyDBHandle *keyHandle;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- /* Parse command line arguments */
- changePassword = deleteKey = dumpPublicKey = dumpPrivateKey = list = 0;
- nickname = NULL;
-
- while ((o = getopt(argc, argv, "ADP:cd:glp:")) != -1) {
- switch (o) {
- case '?':
- Usage(progName);
- break;
-
- case 'A':
- fprintf(stderr, "%s: Can no longer add a key.", progName);
- fprintf(stderr, " Use pkcs12 to import a key.\n\n");
- Usage(progName);
- break;
-
- case 'D':
- deleteKey = 1;
- nickname = optarg;
- break;
-
- case 'P':
- dumpPrivateKey = 1;
- nickname = optarg;
- break;
-
- case 'c':
- changePassword = 1;
- break;
-
- case 'd':
- SECU_ConfigDirectory(optarg);
- break;
-
- case 'g':
- fprintf(stderr, "%s: Can no longer generate a key.", progName);
- fprintf(stderr, " Use certutil to generate a cert request.\n\n");
- Usage(progName);
- break;
-
- case 'l':
- list = 1;
- break;
-
- case 'p':
- dumpPublicKey = 1;
- nickname = optarg;
- break;
- }
- }
-
- if (dumpPublicKey+changePassword+dumpPrivateKey+list+deleteKey != 1)
- Usage(progName);
-
- if ((list || changePassword) && nickname)
- Usage(progName);
-
- if ((dumpPublicKey || dumpPrivateKey || deleteKey) && !nickname)
- Usage(progName);
-
-
- /* Call the libsec initialization routines */
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- SEC_Init();
-
- /*
- * XXX Note that the following opens the key database writable.
- * If dumpPublicKey or dumpPrivateKey or list, though, we only want
- * to open it read-only. There needs to be a better interface
- * to the initialization routines so that we can specify which way
- * to open it.
- */
- rv = SECU_PKCS11Init();
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "SECU_PKCS11Init failed");
- return -1;
- }
-
- keyHandle = SECKEY_GetDefaultKeyDB();
- if (keyHandle == NULL) {
- SECU_PrintError(progName, "could not open key database");
- return -1;
- }
-
- if (dumpPublicKey) {
- rv = DumpPublicKey(keyHandle, nickname, stdout);
- } else
- if (changePassword) {
- rv = ChangePassword(keyHandle);
- } else
- if (dumpPrivateKey) {
- rv = DumpPrivateKey(keyHandle, nickname, stdout);
- } else
- if (list) {
- rv = ListKeys(keyHandle, stdout);
- } else
- if (deleteKey) {
- rv = DeletePrivateKey(keyHandle, nickname);
- }
-
-
- return rv ? -1 : 0;
-}
diff --git a/security/nss/cmd/keyutil/manifest.mn b/security/nss/cmd/keyutil/manifest.mn
deleted file mode 100644
index 40b938cac..000000000
--- a/security/nss/cmd/keyutil/manifest.mn
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-DEFINES += -DNSPR20
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-CSRCS = \
- keyutil.c \
- $(NULL)
-
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = seccmd dbm
-
-
-PROGRAM = keyutil
diff --git a/security/nss/cmd/lib/Makefile b/security/nss/cmd/lib/Makefile
deleted file mode 100644
index 0769c80a3..000000000
--- a/security/nss/cmd/lib/Makefile
+++ /dev/null
@@ -1,75 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
diff --git a/security/nss/cmd/lib/NSPRerrs.h b/security/nss/cmd/lib/NSPRerrs.h
deleted file mode 100644
index bacdef6b2..000000000
--- a/security/nss/cmd/lib/NSPRerrs.h
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/* General NSPR 2.0 errors */
-/* Caller must #include "prerror.h" */
-
-ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." )
-ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." )
-ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." )
-ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." )
-ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." )
-ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." )
-ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." )
-ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
-ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." )
-ER2( PR_IO_ERROR, "I/O function error." )
-ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." )
-ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." )
-ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." )
-ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
-ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
-ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
-ER2( PR_IS_CONNECTED_ERROR, "Already connected." )
-ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." )
-ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." )
-ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." )
-ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
-ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." )
-ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." )
-ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." )
-ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." )
-ER2( PR_FIND_SYMBOL_ERROR,
-"Symbol not found in any of the loaded dynamic libraries." )
-ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
-ER2( PR_DIRECTORY_LOOKUP_ERROR,
-"A directory lookup on a network address has failed." )
-ER2( PR_TPD_RANGE_ERROR,
-"Attempt to access a TPD key that is out of range." )
-ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
-ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
-ER2( PR_NOT_SOCKET_ERROR,
-"Network operation attempted on non-network file descriptor." )
-ER2( PR_NOT_TCP_SOCKET_ERROR,
-"TCP-specific function attempted on a non-TCP file descriptor." )
-ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
-ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
-ER2( PR_OPERATION_NOT_SUPPORTED_ERROR,
-"The requested operation is not supported by the platform." )
-ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR,
-"The host operating system does not support the protocol requested." )
-ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." )
-ER2( PR_BUFFER_OVERFLOW_ERROR,
-"The value requested is too large to be stored in the data buffer provided." )
-ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." )
-ER2( PR_RANGE_ERROR, "Unused." )
-ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." )
-ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." )
-ER2( PR_FILE_TOO_BIG_ERROR,
-"Write would result in file larger than the system allows." )
-ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." )
-ER2( PR_PIPE_ERROR, "Unused." )
-ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." )
-ER2( PR_IS_DIRECTORY_ERROR,
-"Cannot perform a normal file operation on a directory." )
-ER2( PR_LOOP_ERROR, "Symbolic link loop." )
-ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." )
-ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." )
-ER2( PR_NOT_DIRECTORY_ERROR,
-"Cannot perform directory operation on a normal file." )
-ER2( PR_READ_ONLY_FILESYSTEM_ERROR,
-"Cannot write to a read-only file system." )
-ER2( PR_DIRECTORY_NOT_EMPTY_ERROR,
-"Cannot delete a directory that is not empty." )
-ER2( PR_FILESYSTEM_MOUNTED_ERROR,
-"Cannot delete or rename a file object while the file system is busy." )
-ER2( PR_NOT_SAME_DEVICE_ERROR,
-"Cannot rename a file to a file system on another device." )
-ER2( PR_DIRECTORY_CORRUPTED_ERROR,
-"The directory object in the file system is corrupted." )
-ER2( PR_FILE_EXISTS_ERROR,
-"Cannot create or rename a filename that already exists." )
-ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR,
-"Directory is full. No additional filenames may be added." )
-ER2( PR_INVALID_DEVICE_STATE_ERROR,
-"The required device was in an invalid state." )
-ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
-ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." )
-ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." )
-ER2( PR_FILE_SEEK_ERROR, "Seek error." )
-ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." )
-ER2( PR_IN_PROGRESS_ERROR,
-"Operation is still in progress (probably a non-blocking connect)." )
-ER2( PR_ALREADY_INITIATED_ERROR,
-"Operation has already been initiated (probably a non-blocking connect)." )
-
-#ifdef PR_GROUP_EMPTY_ERROR
-ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." )
-#endif
-
-#ifdef PR_INVALID_STATE_ERROR
-ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." )
-#endif
-
-ER2( PR_MAX_ERROR, "Placeholder for the end of the list" )
diff --git a/security/nss/cmd/lib/SECerrs.h b/security/nss/cmd/lib/SECerrs.h
deleted file mode 100644
index 2059df6a2..000000000
--- a/security/nss/cmd/lib/SECerrs.h
+++ /dev/null
@@ -1,441 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/* General security error codes */
-/* Caller must #include "secerr.h" */
-
-ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0,
-"An I/O error occurred during security authorization.")
-
-ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1,
-"security library failure.")
-
-ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2,
-"security library: received bad data.")
-
-ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3,
-"security library: output length error.")
-
-ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4,
-"security library has experienced an input length error.")
-
-ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5,
-"security library: invalid arguments.")
-
-ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6,
-"security library: invalid algorithm.")
-
-ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7,
-"security library: invalid AVA.")
-
-ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8,
-"Improperly formatted time string.")
-
-ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9,
-"security library: improperly formatted DER-encoded message.")
-
-ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10,
-"Peer's certificate has an invalid signature.")
-
-ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11,
-"Peer's Certificate has expired.")
-
-ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12,
-"Peer's Certificate has been revoked.")
-
-ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13,
-"Peer's Certificate issuer is not recognized.")
-
-ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14,
-"Peer's public key is invalid.")
-
-ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15,
-"The security password entered is incorrect.")
-
-ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16,
-"New password entered incorrectly. Please try again.")
-
-ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17,
-"security library: no nodelock.")
-
-ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18,
-"security library: bad database.")
-
-ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19,
-"security library: memory allocation failure.")
-
-ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20,
-"Peer's certificate issuer has been marked as not trusted by the user.")
-
-ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21,
-"Peer's certificate has been marked as not trusted by the user.")
-
-ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22),
-"Certificate already exists in your database.")
-
-ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23),
-"Downloaded certificate's name duplicates one already in your database.")
-
-ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24),
-"Error adding certificate to database.")
-
-ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25),
-"Error refiling the key for this certificate.")
-
-ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26),
-"The private key for this certificate cannot be found in key database")
-
-ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27),
-"This certificate is valid.")
-
-ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28),
-"This certificate is not valid.")
-
-ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29),
-"Cert Library: No Response")
-
-ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30),
-"The certificate issuer's certificate has expired. Check your system date and time.")
-
-ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31),
-"The CRL for the certificate's issuer has expired. Update it or check your system data and time.")
-
-ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32),
-"The CRL for the certificate's issuer has an invalid signature.")
-
-ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33),
-"New CRL has an invalid format.")
-
-ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34),
-"Certificate extension value is invalid.")
-
-ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35),
-"Certificate extension not found.")
-
-ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36),
-"Issuer certificate is invalid.")
-
-ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37),
-"Certificate path length constraint is invalid.")
-
-ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38),
-"Certificate usages field is invalid.")
-
-ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39),
-"**Internal ONLY module**")
-
-ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40),
-"The key does not support the requested operation.")
-
-ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41),
-"Certificate contains unknown critical extension.")
-
-ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42),
-"New CRL is not later than the current one.")
-
-ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43),
-"Not encrypted or signed: you do not yet have an email certificate.")
-
-ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44),
-"Not encrypted: you do not have certificates for each of the recipients.")
-
-ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45),
-"Cannot decrypt: you are not a recipient, or matching certificate and \
-private key not found.")
-
-ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46),
-"Cannot decrypt: key encryption algorithm does not match your certificate.")
-
-ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47),
-"Signature verification failed: no signer found, too many signers found, \
-or improper or corrupted data.")
-
-ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
-"Unsupported or unknown key algorithm.")
-
-ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
-"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
-
-
-/* Fortezza Alerts */
-ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
-"Fortezza card has not been properly initialized. \
-Please remove it and return it to your issuer.")
-
-ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
-"No Fortezza cards Found")
-
-ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
-"No Fortezza card selected")
-
-ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
-"Please select a personality to get more info on")
-
-ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
-"Personality not found")
-
-ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
-"No more information on that Personality")
-
-ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
-"Invalid Pin")
-
-ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
-"Couldn't initialize Fortezza personalities.")
-/* end fortezza alerts. */
-
-ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
-"No KRL for this site's certificate has been found.")
-
-ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59),
-"The KRL for this site's certificate has expired.")
-
-ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60),
-"The KRL for this site's certificate has an invalid signature.")
-
-ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61),
-"The key for this site's certificate has been revoked.")
-
-ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62),
-"New KRL has an invalid format.")
-
-ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63),
-"security library: need random data.")
-
-ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64),
-"security library: no security module can perform the requested operation.")
-
-ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65),
-"The security card or token does not exist, needs to be initialized, or has been removed.")
-
-ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66),
-"security library: read-only database.")
-
-ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67),
-"No slot or token was selected.")
-
-ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68),
-"A certificate with the same nickname already exists.")
-
-ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69),
-"A key with the same nickname already exists.")
-
-ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70),
-"error while creating safe object")
-
-ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71),
-"error while creating baggage object")
-
-ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72),
-"Couldn't remove the principal")
-
-ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73),
-"Couldn't delete the privilege")
-
-ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74),
-"This principal doesn't have a certificate")
-
-ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75),
-"Required algorithm is not allowed.")
-
-ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76),
-"Error attempting to export certificates.")
-
-ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77),
-"Error attempting to import certificates.")
-
-ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78),
-"Unable to import. Decoding error. File not valid.")
-
-ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79),
-"Unable to import. Invalid MAC. Incorrect password or corrupt file.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80),
-"Unable to import. MAC algorithm not supported.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
-"Unable to import. Only password integrity and privacy modes supported.")
-
-ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82),
-"Unable to import. File structure is corrupt.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
-"Unable to import. Encryption algorithm not supported.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84),
-"Unable to import. File version not supported.")
-
-ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
-"Unable to import. Incorrect privacy password.")
-
-ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86),
-"Unable to import. Same nickname already exists in database.")
-
-ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87),
-"The user pressed cancel.")
-
-ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88),
-"Not imported, already in database.")
-
-ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89),
-"Message not sent.")
-
-ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90),
-"Certificate key usage inadequate for attempted operation.")
-
-ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91),
-"Certificate type not approved for application.")
-
-ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92),
-"Address in signing certificate does not match address in message headers.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93),
-"Unable to import. Error attempting to import private key.")
-
-ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94),
-"Unable to import. Error attempting to import certificate chain.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
-"Unable to export. Unable to locate certificate or key by nickname.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96),
-"Unable to export. Private Key could not be located and exported.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97),
-"Unable to export. Unable to write the export file.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98),
-"Unable to import. Unable to read the import file.")
-
-ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
-"Unable to export. Key database corrupt or deleted.")
-
-ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100),
-"Unable to generate public/private key pair.")
-
-ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101),
-"Password entered is invalid. Please pick a different one.")
-
-ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
-"Old password entered incorrectly. Please try again.")
-
-ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
-"Certificate nickname already in use.")
-
-ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
-"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
-
-/* ER3(SEC_ERROR_UNKNOWN, (SEC_ERROR_BASE + 105), */
-
-ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
-"Invalid module name.")
-
-ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107),
-"Invalid module path/filename")
-
-ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108),
-"Unable to add module")
-
-ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109),
-"Unable to delete module")
-
-ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110),
-"New KRL is not later than the current one.")
-
-ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111),
-"New CKL has different issuer than current CKL. Delete current CKL.")
-
-ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112),
-"The Certifying Authority for this certificate is not permitted to issue a \
-certificate with this name.")
-
-ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113),
-"The key revocation list for this certificate is not yet valid.")
-
-ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114),
-"The certificate revocation list for this certificate is not yet valid.")
-
-ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115),
-"The requested certificate could not be found.")
-
-ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116),
-"The signer's certificate could not be found.")
-
-ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117),
-"The location for the certificate status server has invalid format.")
-
-ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118),
-"The OCSP response cannot be fully decoded; it is of an unknown type.")
-
-ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119),
-"The OCSP server returned unexpected/invalid HTTP data.")
-
-ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120),
-"The OCSP server found the request to be corrupted or improperly formed.")
-
-ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121),
-"The OCSP server experienced an internal error.")
-
-ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122),
-"The OCSP server suggests trying again later.")
-
-ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123),
-"The OCSP server requires a signature on this request.")
-
-ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124),
-"The OCSP server has refused this request as unauthorized.")
-
-ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125),
-"The OCSP server returned an unrecognizable status.")
-
-ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126),
-"The OCSP server has no status for the certificate.")
-
-ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127),
-"You must enable OCSP before performing this operation.")
-
-ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128),
-"You must set the OCSP default responder before performing this operation.")
-
-ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129),
-"The response from the OCSP server was corrupted or improperly formed.")
-
-ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130),
-"The signer of the OCSP response is not authorized to give status for \
-this certificate.")
-
-ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131),
-"The OCSP response is not yet valid (contains a date in the future).")
-
-ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132),
-"The OCSP response contains out-of-date information.")
diff --git a/security/nss/cmd/lib/SSLerrs.h b/security/nss/cmd/lib/SSLerrs.h
deleted file mode 100644
index 06803b849..000000000
--- a/security/nss/cmd/lib/SSLerrs.h
+++ /dev/null
@@ -1,366 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/* SSL-specific security error codes */
-/* caller must include "sslerr.h" */
-
-ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0,
-"Unable to communicate securely. Peer does not support high-grade encryption.")
-
-ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1,
-"Unable to communicate securely. Peer requires high-grade encryption which is not supported.")
-
-ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2,
-"Cannot communicate securely with peer: no common encryption algorithm(s).")
-
-ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3,
-"Unable to find the certificate or key necessary for authentication.")
-
-ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4,
-"Unable to communicate securely with peer: peers's certificate was rejected.")
-
-/* unused (SSL_ERROR_BASE + 5),*/
-
-ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6,
-"The server has encountered bad data from the client.")
-
-ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7,
-"The client has encountered bad data from the server.")
-
-ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8,
-"Unsupported certificate type.")
-
-ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9,
-"Peer using unsupported version of security protocol.")
-
-/* unused (SSL_ERROR_BASE + 10),*/
-
-ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11,
-"Client authentication failed: private key in key database does not match public key in certificate database.")
-
-ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12,
-"Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
-
-/* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13),
- defined in sslerr.h
-*/
-
-ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14),
-"Peer only supports SSL version 2, which is locally disabled.")
-
-
-ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15),
-"SSL received a record with an incorrect Message Authentication Code.")
-
-ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16),
-"SSL peer reports incorrect Message Authentication Code.")
-
-ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17),
-"SSL peer cannot verify your certificate.")
-
-ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18),
-"SSL peer rejected your certificate as revoked.")
-
-ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19),
-"SSL peer rejected your certificate as expired.")
-
-ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20),
-"Cannot connect: SSL is disabled.")
-
-ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21),
-"Cannot connect: SSL peer is in another FORTEZZA domain.")
-
-
-ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22),
-"An unknown SSL cipher suite has been requested.")
-
-ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23),
-"No cipher suites are present and enabled in this program.")
-
-ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24),
-"SSL received a record with bad block padding.")
-
-ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25),
-"SSL received a record that exceeded the maximum permissible length.")
-
-ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26),
-"SSL attempted to send a record that exceeded the maximum permissible length.")
-
-/*
- * Received a malformed (too long or short or invalid content) SSL handshake.
- */
-ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27),
-"SSL received a malformed Hello Request handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28),
-"SSL received a malformed Client Hello handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29),
-"SSL received a malformed Server Hello handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30),
-"SSL received a malformed Certificate handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31),
-"SSL received a malformed Server Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32),
-"SSL received a malformed Certificate Request handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33),
-"SSL received a malformed Server Hello Done handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34),
-"SSL received a malformed Certificate Verify handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35),
-"SSL received a malformed Client Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36),
-"SSL received a malformed Finished handshake message.")
-
-/*
- * Received a malformed (too long or short) SSL record.
- */
-ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37),
-"SSL received a malformed Change Cipher Spec record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38),
-"SSL received a malformed Alert record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39),
-"SSL received a malformed Handshake record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40),
-"SSL received a malformed Application Data record.")
-
-/*
- * Received an SSL handshake that was inappropriate for the state we're in.
- * E.g. Server received message from server, or wrong state in state machine.
- */
-ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41),
-"SSL received an unexpected Hello Request handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42),
-"SSL received an unexpected Client Hello handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43),
-"SSL received an unexpected Server Hello handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44),
-"SSL received an unexpected Certificate handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45),
-"SSL received an unexpected Server Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46),
-"SSL received an unexpected Certificate Request handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47),
-"SSL received an unexpected Server Hello Done handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48),
-"SSL received an unexpected Certificate Verify handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49),
-"SSL received an unexpected Cllient Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50),
-"SSL received an unexpected Finished handshake message.")
-
-/*
- * Received an SSL record that was inappropriate for the state we're in.
- */
-ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51),
-"SSL received an unexpected Change Cipher Spec record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52),
-"SSL received an unexpected Alert record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53),
-"SSL received an unexpected Handshake record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
-"SSL received an unexpected Application Data record.")
-
-/*
- * Received record/message with unknown discriminant.
- */
-ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55),
-"SSL received a record with an unknown content type.")
-
-ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56),
-"SSL received a handshake message with an unknown message type.")
-
-ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57),
-"SSL received an alert record with an unknown alert description.")
-
-/*
- * Received an alert reporting what we did wrong. (more alerts above)
- */
-ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58),
-"SSL peer has closed this connection.")
-
-ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59),
-"SSL peer was not expecting a handshake message it received.")
-
-ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60),
-"SSL peer was unable to succesfully decompress an SSL record it received.")
-
-ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61),
-"SSL peer was unable to negotiate an acceptable set of security parameters.")
-
-ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62),
-"SSL peer rejected a handshake message for unacceptable content.")
-
-ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63),
-"SSL peer does not support certificates of the type it received.")
-
-ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64),
-"SSL peer had some unspecified issue with the certificate it received.")
-
-
-ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65),
-"SSL experienced a failure of its random number generator.")
-
-ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66),
-"Unable to digitally sign data required to verify your certificate.")
-
-ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67),
-"SSL was unable to extract the public key from the peer's certificate.")
-
-ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68),
-"Unspecified failure while processing SSL Server Key Exchange handshake.")
-
-ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69),
-"Unspecified failure while processing SSL Client Key Exchange handshake.")
-
-ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70),
-"Bulk data encryption algorithm failed in selected cipher suite.")
-
-ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71),
-"Bulk data decryption algorithm failed in selected cipher suite.")
-
-ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72),
-"Attempt to write encrypted data to underlying socket failed.")
-
-ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73),
-"MD5 digest function failed.")
-
-ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74),
-"SHA-1 digest function failed.")
-
-ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75),
-"MAC computation failed.")
-
-ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76),
-"Failure to create Symmetric Key context.")
-
-ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77),
-"Failure to unwrap the Symmetric key in Client Key Exchange message.")
-
-ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78),
-"SSL Server attempted to use domestic-grade public key with export cipher suite.")
-
-ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79),
-"PKCS11 code failed to translate an IV into a param.")
-
-ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80),
-"Failed to initialize the selected cipher suite.")
-
-ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81),
-"Client failed to generate session keys for SSL session.")
-
-ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82),
-"Server has no key for the attempted key exchange algorithm.")
-
-ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83),
-"PKCS#11 token was inserted or removed while operation was in progress.")
-
-ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84),
-"No PKCS#11 token could be found to do a required operation.")
-
-ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85),
-"Cannot communicate securely with peer: no common compression algorithm(s).")
-
-ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86),
-"Cannot initiate another SSL handshake until current handshake is complete.")
-
-ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87),
-"Received incorrect handshakes hash values from peer.")
-
-ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88),
-"The certificate provided cannot be used with the selected key exchange algorithm.")
-
-ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89),
-"No certificate authority is trusted for SSL client authentication.")
-
-ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90),
-"Client's SSL session ID not found in server's session cache.")
-
-ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91),
-"Peer was unable to decrypt an SSL record it received.")
-
-ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92),
-"Peer received an SSL record that was longer than is permitted.")
-
-ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93),
-"Peer does not recognize and trust the CA that issued your certificate.")
-
-ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94),
-"Peer received a valid certificate, but access was denied.")
-
-ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95),
-"Peer could not decode an SSL handshake message.")
-
-ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96),
-"Peer reports failure of signature verification or key exchange.")
-
-ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97),
-"Peer reports negotiation not in compliance with export regulations.")
-
-ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98),
-"Peer reports incompatible or unsupported protocol version.")
-
-ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99),
-"Server requires ciphers more secure than those supported by client.")
-
-ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100),
-"Peer reports it experienced an internal error.")
-
-ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101),
-"Peer user canceled handshake.")
-
-ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102),
-"Peer does not permit renegotiation of SSL security parameters.")
-
diff --git a/security/nss/cmd/lib/berparse.c b/security/nss/cmd/lib/berparse.c
deleted file mode 100644
index c040ab2b1..000000000
--- a/security/nss/cmd/lib/berparse.c
+++ /dev/null
@@ -1,404 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "secutil.h"
-
-typedef enum {
- tagDone, lengthDone, leafDone, compositeDone,
- notDone,
- parseError, parseComplete
-} ParseState;
-
-typedef unsigned char Byte;
-typedef void (*ParseProc)(BERParse *h, unsigned char **buf, int *len);
-typedef struct {
- SECArb arb;
- int pos; /* length from global start to item start */
- SECArb *parent;
-} ParseStackElem;
-
-struct BERParseStr {
- PRArenaPool *his;
- PRArenaPool *mine;
- ParseProc proc;
- int stackDepth;
- ParseStackElem *stackPtr;
- ParseStackElem *stack;
- int pending; /* bytes remaining to complete this part */
- int pos; /* running length of consumed characters */
- ParseState state;
- PRBool keepLeaves;
- PRBool derOnly;
- BERFilterProc filter;
- void *filterArg;
- BERNotifyProc before;
- void *beforeArg;
- BERNotifyProc after;
- void *afterArg;
-};
-
-#define UNKNOWN -1
-
-static unsigned char NextChar(BERParse *h, unsigned char **buf, int *len)
-{
- unsigned char c = *(*buf)++;
- (*len)--;
- h->pos++;
- if (h->filter)
- (*h->filter)(h->filterArg, &c, 1);
- return c;
-}
-
-static void ParseTag(BERParse *h, unsigned char **buf, int *len)
-{
- SECArb* arb = &(h->stackPtr->arb);
- arb->tag = NextChar(h, buf, len);
-
- PORT_Assert(h->state == notDone);
-
- /*
- * NOTE: This does not handle the high-tag-number form
- */
- if ((arb->tag & DER_HIGH_TAG_NUMBER) == DER_HIGH_TAG_NUMBER) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return;
- }
-
- h->pending = UNKNOWN;
- arb->length = UNKNOWN;
- if (arb->tag & DER_CONSTRUCTED) {
- arb->body.cons.numSubs = 0;
- arb->body.cons.subs = NULL;
- } else {
- arb->body.item.len = UNKNOWN;
- arb->body.item.data = NULL;
- }
-
- h->state = tagDone;
-}
-
-static void ParseLength(BERParse *h, unsigned char **buf, int *len)
-{
- Byte b;
- SECArb *arb = &(h->stackPtr->arb);
-
- PORT_Assert(h->state == notDone);
-
- if (h->pending == UNKNOWN) {
- b = NextChar(h, buf, len);
- if ((b & 0x80) == 0) { /* short form */
- arb->length = b;
- /*
- * if the tag and the length are both zero bytes, then this
- * should be the marker showing end of list for the
- * indefinite length composite
- */
- if (arb->length == 0 && arb->tag == 0)
- h->state = compositeDone;
- else
- h->state = lengthDone;
- return;
- }
-
- h->pending = b & 0x7f;
- /* 0 implies this is an indefinite length */
- if (h->pending > 4) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return;
- }
- arb->length = 0;
- }
-
- while ((*len > 0) && (h->pending > 0)) {
- b = NextChar(h, buf, len);
- arb->length = (arb->length << 8) + b;
- h->pending--;
- }
- if (h->pending == 0) {
- if (h->derOnly && (arb->length == 0))
- h->state = parseError;
- else
- h->state = lengthDone;
- }
- return;
-}
-
-static void ParseLeaf(BERParse *h, unsigned char **buf, int *len)
-{
- int count;
- SECArb *arb = &(h->stackPtr->arb);
-
- PORT_Assert(h->state == notDone);
- PORT_Assert(h->pending >= 0);
-
- if (*len < h->pending)
- count = *len;
- else
- count = h->pending;
-
- if (h->keepLeaves)
- memcpy(arb->body.item.data + arb->body.item.len, *buf, count);
- if (h->filter)
- (*h->filter)(h->filterArg, *buf, count);
- *buf += count;
- *len -= count;
- arb->body.item.len += count;
- h->pending -= count;
- h->pos += count;
- if (h->pending == 0) {
- h->state = leafDone;
- }
- return;
-}
-
-static void CreateArbNode(BERParse *h)
-{
- SECArb *arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
-
- *arb = h->stackPtr->arb;
-
- /*
- * Special case closing the root
- */
- if (h->stackPtr == h->stack) {
- PORT_Assert(arb->tag & DER_CONSTRUCTED);
- h->state = parseComplete;
- } else {
- SECArb *parent = h->stackPtr->parent;
- parent->body.cons.subs = DS_ArenaGrow(
- h->his, parent->body.cons.subs,
- (parent->body.cons.numSubs) * sizeof(SECArb*),
- (parent->body.cons.numSubs + 1) * sizeof(SECArb*));
- parent->body.cons.subs[parent->body.cons.numSubs] = arb;
- parent->body.cons.numSubs++;
- h->proc = ParseTag;
- h->state = notDone;
- h->pending = UNKNOWN;
- }
- if (h->after)
- (*h->after)(h->afterArg, arb, h->stackPtr - h->stack, PR_FALSE);
-}
-
-SECStatus BER_ParseSome(BERParse *h, unsigned char *buf, int len)
-{
- if (h->state == parseError) return PR_TRUE;
-
- while (len) {
- (*h->proc)(h, &buf, &len);
- if (h->state == parseComplete) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- if (h->state == parseError) return PR_TRUE;
- PORT_Assert(h->state != parseComplete);
-
- if (h->state <= compositeDone) {
- if (h->proc == ParseTag) {
- PORT_Assert(h->state == tagDone);
- h->proc = ParseLength;
- h->state = notDone;
- } else if (h->proc == ParseLength) {
- SECArb *arb = &(h->stackPtr->arb);
- PORT_Assert(h->state == lengthDone || h->state == compositeDone);
-
- if (h->before)
- (*h->before)(h->beforeArg, arb,
- h->stackPtr - h->stack, PR_TRUE);
-
- /*
- * Check to see if this is the end of an indefinite
- * length composite
- */
- if (h->state == compositeDone) {
- SECArb *parent = h->stackPtr->parent;
- PORT_Assert(parent);
- PORT_Assert(parent->tag & DER_CONSTRUCTED);
- if (parent->length != 0) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- /*
- * NOTE: This does not check for an indefinite length
- * composite being contained inside a definite length
- * composite. It is not clear that is legal.
- */
- h->stackPtr--;
- CreateArbNode(h);
- } else {
- h->stackPtr->pos = h->pos;
-
-
- if (arb->tag & DER_CONSTRUCTED) {
- SECArb *parent;
- /*
- * Make sure there is room on the stack before we
- * stick anything else there.
- */
- PORT_Assert(h->stackPtr - h->stack < h->stackDepth);
- if (h->stackPtr - h->stack == h->stackDepth - 1) {
- int newDepth = h->stackDepth * 2;
- h->stack = DS_ArenaGrow(h->mine, h->stack,
- sizeof(ParseStackElem) * h->stackDepth,
- sizeof(ParseStackElem) * newDepth);
- h->stackPtr = h->stack + h->stackDepth + 1;
- h->stackDepth = newDepth;
- }
- parent = &(h->stackPtr->arb);
- h->stackPtr++;
- h->stackPtr->parent = parent;
- h->proc = ParseTag;
- h->state = notDone;
- h->pending = UNKNOWN;
- } else {
- if (arb->length < 0) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- arb->body.item.len = 0;
- if (arb->length > 0 && h->keepLeaves) {
- arb->body.item.data =
- PORT_ArenaAlloc(h->his, arb->length);
- } else {
- arb->body.item.data = NULL;
- }
- h->proc = ParseLeaf;
- h->state = notDone;
- h->pending = arb->length;
- }
- }
- } else {
- ParseStackElem *parent;
- PORT_Assert(h->state = leafDone);
- PORT_Assert(h->proc == ParseLeaf);
-
- for (;;) {
- CreateArbNode(h);
- if (h->stackPtr == h->stack)
- break;
- parent = (h->stackPtr - 1);
- PORT_Assert(parent->arb.tag & DER_CONSTRUCTED);
- if (parent->arb.length == 0) /* need explicit end */
- break;
- if (parent->pos + parent->arb.length > h->pos)
- break;
- if (parent->pos + parent->arb.length < h->pos) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- h->stackPtr = parent;
- }
- }
-
- }
- }
- return PR_FALSE;
-}
-BERParse *BER_ParseInit(PRArenaPool *arena, PRBool derOnly)
-{
- BERParse *h;
- PRArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (temp == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
- h = PORT_ArenaAlloc(temp, sizeof(BERParse));
- if (h == NULL) {
- PORT_FreeArena(temp, PR_FALSE);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
- h->his = arena;
- h->mine = temp;
- h->proc = ParseTag;
- h->stackDepth = 20;
- h->stack = PORT_ArenaZAlloc(h->mine,
- sizeof(ParseStackElem) * h->stackDepth);
- h->stackPtr = h->stack;
- h->state = notDone;
- h->pos = 0;
- h->keepLeaves = PR_TRUE;
- h->before = NULL;
- h->after = NULL;
- h->filter = NULL;
- h->derOnly = derOnly;
- return h;
-}
-
-SECArb *BER_ParseFini(BERParse *h)
-{
- PRArenaPool *myArena = h->mine;
- SECArb *arb;
-
- if (h->state != parseComplete) {
- arb = NULL;
- } else {
- arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
- *arb = h->stackPtr->arb;
- }
-
- PORT_FreeArena(myArena, PR_FALSE);
-
- return arb;
-}
-
-
-void BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance)
-{
- h->filter = proc;
- h->filterArg = instance;
-}
-
-void BER_SetLeafStorage(BERParse *h, PRBool keep)
-{
- h->keepLeaves = keep;
-}
-
-void BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance,
- PRBool beforeData)
-{
- if (beforeData) {
- h->before = proc;
- h->beforeArg = instance;
- } else {
- h->after = proc;
- h->afterArg = instance;
- }
-}
-
-
-
diff --git a/security/nss/cmd/lib/config.mk b/security/nss/cmd/lib/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/cmd/lib/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c
deleted file mode 100644
index 7f699dec4..000000000
--- a/security/nss/cmd/lib/derprint.c
+++ /dev/null
@@ -1,619 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "secutil.h"
-#include "secoid.h"
-
-#ifdef __sun
-extern int fprintf(FILE *strm, const char *format, .../* args */);
-extern int fflush(FILE *stream);
-#endif
-
-#define RIGHT_MARGIN 24
-/*#define RAW_BYTES 1 */
-
-static int prettyColumn = 0;
-
-static int
-getInteger256(unsigned char *data, unsigned int nb)
-{
- int val;
-
- switch (nb) {
- case 1:
- val = data[0];
- break;
- case 2:
- val = (data[0] << 8) | data[1];
- break;
- case 3:
- val = (data[0] << 16) | (data[1] << 8) | data[2];
- break;
- case 4:
- val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
- break;
- default:
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
-
- return val;
-}
-
-static int
-prettyNewline(FILE *out)
-{
- int rv;
-
- if (prettyColumn != -1) {
- rv = fprintf(out, "\n");
- prettyColumn = -1;
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- }
- return 0;
-}
-
-static int
-prettyIndent(FILE *out, unsigned level)
-{
- unsigned int i;
- int rv;
-
- if (prettyColumn == -1) {
- prettyColumn = level;
- for (i = 0; i < level; i++) {
- rv = fprintf(out, " ");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- }
- }
-
- return 0;
-}
-
-static int
-prettyPrintByte(FILE *out, unsigned char item, unsigned int level)
-{
- int rv;
-
- rv = prettyIndent(out, level);
- if (rv < 0)
- return rv;
-
- rv = fprintf(out, "%02x ", item);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- prettyColumn++;
- if (prettyColumn >= RIGHT_MARGIN) {
- return prettyNewline(out);
- }
-
- return 0;
-}
-
-static int
-prettyPrintLeaf(FILE *out, unsigned char *data,
- unsigned int len, unsigned int lv)
-{
- unsigned int i;
- int rv;
-
- for (i = 0; i < len; i++) {
- rv = prettyPrintByte(out, *data++, lv);
- if (rv < 0)
- return rv;
- }
- return prettyNewline(out);
-}
-
-static int
-prettyPrintStringStart(FILE *out, unsigned char *str,
- unsigned int len, unsigned int level)
-{
-#define BUF_SIZE 100
- unsigned char buf[BUF_SIZE];
- int rv;
-
- if (len >= BUF_SIZE)
- len = BUF_SIZE - 1;
-
- rv = prettyNewline(out);
- if (rv < 0)
- return rv;
-
- rv = prettyIndent(out, level);
- if (rv < 0)
- return rv;
-
- memcpy(buf, str, len);
- buf[len] = '\000';
-
- rv = fprintf(out, "\"%s\"", buf);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- return 0;
-#undef BUF_SIZE
-}
-
-static int
-prettyPrintString(FILE *out, unsigned char *str,
- unsigned int len, unsigned int level, PRBool raw)
-{
- int rv;
-
- rv = prettyPrintStringStart(out, str, len, level);
- if (rv < 0)
- return rv;
-
- rv = prettyNewline(out);
- if (rv < 0)
- return rv;
-
- if (raw) {
- rv = prettyPrintLeaf(out, str, len, level);
- if (rv < 0)
- return rv;
- }
-
- return 0;
-}
-
-static int
-prettyPrintTime(FILE *out, unsigned char *str,
- unsigned int len, unsigned int level, PRBool raw, PRBool utc)
-{
- SECItem time_item;
- int rv;
-
- rv = prettyPrintStringStart(out, str, len, level);
- if (rv < 0)
- return rv;
-
- time_item.data = str;
- time_item.len = len;
-
- rv = fprintf(out, " (");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- if (utc)
- SECU_PrintUTCTime(out, &time_item, NULL, 0);
- else
- SECU_PrintGeneralizedTime(out, &time_item, NULL, 0);
-
- rv = fprintf(out, ")");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- rv = prettyNewline(out);
- if (rv < 0)
- return rv;
-
- if (raw) {
- rv = prettyPrintLeaf(out, str, len, level);
- if (rv < 0)
- return rv;
- }
-
- return 0;
-}
-
-static int
-prettyPrintObjectID(FILE *out, unsigned char *data,
- unsigned int len, unsigned int level, PRBool raw)
-{
- SECOidData *oiddata;
- SECItem oiditem;
- unsigned int i;
- unsigned long val;
- int rv;
-
-
- /*
- * First print the Object Id in numeric format
- */
-
- rv = prettyIndent(out, level);
- if (rv < 0)
- return rv;
-
- val = data[0];
- i = val % 40;
- val = val / 40;
- rv = fprintf(out, "%lu %u ", val, i);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- val = 0;
- for (i = 1; i < len; ++i) {
- unsigned long j;
-
- j = data[i];
- val = (val << 7) | (j & 0x7f);
- if (j & 0x80)
- continue;
- rv = fprintf(out, "%lu ", val);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- val = 0;
- }
-
- /*
- * Now try to look it up and print a symbolic version.
- */
- oiditem.data = data;
- oiditem.len = len;
- oiddata = SECOID_FindOID(&oiditem);
- if (oiddata != NULL) {
- i = PORT_Strlen(oiddata->desc);
- if ((prettyColumn + 1 + (i / 3)) > RIGHT_MARGIN) {
- rv = prettyNewline(out);
- if (rv < 0)
- return rv;
- }
-
- rv = prettyIndent(out, level);
- if (rv < 0)
- return rv;
-
- rv = fprintf(out, "(%s)", oiddata->desc);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- }
-
- /*
- * Finally, on a new line, print the raw bytes (if requested).
- */
- if (raw) {
- rv = prettyNewline(out);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- for (i = 0; i < len; i++) {
- rv = prettyPrintByte(out, *data++, level);
- if (rv < 0)
- return rv;
- }
- }
-
- return prettyNewline(out);
-}
-
-static char *prettyTagType [32] = {
- "End of Contents",
- "Boolean",
- "Integer",
- "Bit String",
- "Octet String",
- "NULL",
- "Object Identifier",
- "0x07",
- "0x08",
- "0x09",
- "Enumerated",
- "0x0B",
- "UTF8 String",
- "0x0D",
- "0x0E",
- "0x0F",
- "Sequence",
- "Set",
- "0x12",
- "Printable String",
- "T61 String",
- "0x15",
- "IA5 String",
- "UTC Time",
- "Generalized Time",
- "0x19",
- "Visible String",
- "0x1B",
- "Universal String",
- "0x1D",
- "BMP String",
- "High-Tag-Number"
-};
-
-static int
-prettyPrintTag(FILE *out, unsigned char *src, unsigned char *end,
- unsigned char *codep, unsigned int level, PRBool raw)
-{
- int rv;
- unsigned char code, tagnum;
-
- if (src >= end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
-
- code = *src;
- tagnum = code & SEC_ASN1_TAGNUM_MASK;
-
- /*
- * NOTE: This code does not (yet) handle the high-tag-number form!
- */
- if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
-
- if (raw)
- rv = prettyPrintByte(out, code, level);
- else
- rv = prettyIndent(out, level);
-
- if (rv < 0)
- return rv;
-
- if (code & SEC_ASN1_CONSTRUCTED) {
- rv = fprintf(out, "C-");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- }
-
- switch (code & SEC_ASN1_CLASS_MASK) {
- case SEC_ASN1_UNIVERSAL:
- rv = fprintf(out, "%s ", prettyTagType[tagnum]);
- break;
- case SEC_ASN1_APPLICATION:
- rv = fprintf(out, "Application: %d ", tagnum);
- break;
- case SEC_ASN1_CONTEXT_SPECIFIC:
- rv = fprintf(out, "[%d] ", tagnum);
- break;
- case SEC_ASN1_PRIVATE:
- rv = fprintf(out, "Private: %d ", tagnum);
- break;
- }
-
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- *codep = code;
-
- return 1;
-}
-
-static int
-prettyPrintLength(FILE *out, unsigned char *data, unsigned char *end,
- int *lenp, PRBool *indefinitep, unsigned int lv, PRBool raw)
-{
- unsigned char lbyte;
- int lenLen;
- int rv;
-
- if (data >= end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
-
- rv = fprintf(out, " ");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- *indefinitep = PR_FALSE;
-
- lbyte = *data++;
- if (lbyte >= 0x80) {
- /* Multibyte length */
- unsigned nb = (unsigned) (lbyte & 0x7f);
- if (nb > 4) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
- if (nb > 0) {
- int il;
-
- if ((data + nb) > end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
- il = getInteger256(data, nb);
- if (il < 0) return -1;
- *lenp = (unsigned) il;
- } else {
- *lenp = 0;
- *indefinitep = PR_TRUE;
- }
- lenLen = nb + 1;
- if (raw) {
- int i;
-
- rv = prettyPrintByte(out, lbyte, lv);
- if (rv < 0)
- return rv;
- for (i = 0; i < nb; i++) {
- rv = prettyPrintByte(out, data[i], lv);
- if (rv < 0)
- return rv;
- }
- }
- } else {
- *lenp = lbyte;
- lenLen = 1;
- if (raw) {
- rv = prettyPrintByte(out, lbyte, lv);
- if (rv < 0)
- return rv;
- }
- }
- if (*indefinitep)
- rv = fprintf(out, "(indefinite)\n");
- else
- rv = fprintf(out, "(%d)\n", *lenp);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- prettyColumn = -1;
- return lenLen;
-}
-
-static int
-prettyPrintItem(FILE *out, unsigned char *data, unsigned char *end,
- unsigned int lv, PRBool raw)
-{
- int slen;
- int lenLen;
- unsigned char *orig = data;
- int rv;
-
- while (data < end) {
- unsigned char code;
- PRBool indefinite;
-
- slen = prettyPrintTag(out, data, end, &code, lv, raw);
- if (slen < 0)
- return slen;
- data += slen;
-
- lenLen = prettyPrintLength(out, data, end, &slen, &indefinite, lv, raw);
- if (lenLen < 0)
- return lenLen;
- data += lenLen;
-
- /*
- * Just quit now if slen more bytes puts us off the end.
- */
- if ((data + slen) > end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
-
- if (code & SEC_ASN1_CONSTRUCTED) {
- if (slen > 0 || indefinite) {
- slen = prettyPrintItem(out, data,
- slen == 0 ? end : data + slen,
- lv+1, raw);
- if (slen < 0)
- return slen;
- data += slen;
- }
- } else if (code == 0) {
- if (slen != 0 || lenLen != 1) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
- break;
- } else {
- switch (code) {
- case SEC_ASN1_PRINTABLE_STRING:
- case SEC_ASN1_IA5_STRING:
- case SEC_ASN1_VISIBLE_STRING:
- rv = prettyPrintString(out, data, slen, lv+1, raw);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_UTC_TIME:
- rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_TRUE);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_GENERALIZED_TIME:
- rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_FALSE);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_OBJECT_ID:
- rv = prettyPrintObjectID(out, data, slen, lv+1, raw);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_BOOLEAN: /* could do nicer job */
- case SEC_ASN1_INTEGER: /* could do nicer job */
- case SEC_ASN1_BIT_STRING: /* could do nicer job */
- case SEC_ASN1_OCTET_STRING:
- case SEC_ASN1_NULL:
- case SEC_ASN1_ENUMERATED: /* could do nicer job, as INTEGER */
- case SEC_ASN1_UTF8_STRING:
- case SEC_ASN1_T61_STRING: /* print as printable string? */
- case SEC_ASN1_UNIVERSAL_STRING:
- case SEC_ASN1_BMP_STRING:
- default:
- rv = prettyPrintLeaf(out, data, slen, lv+1);
- if (rv < 0)
- return rv;
- break;
- }
- data += slen;
- }
- }
-
- rv = prettyNewline(out);
- if (rv < 0)
- return rv;
-
- return data - orig;
-}
-
-SECStatus
-DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw)
-{
- int rv;
-
- prettyColumn = -1;
-
- rv = prettyPrintItem(out, it->data, it->data + it->len, 0, raw);
- if (rv < 0)
- return SECFailure;
- return SECSuccess;
-}
diff --git a/security/nss/cmd/lib/dongle.c b/security/nss/cmd/lib/dongle.c
deleted file mode 100644
index 1c819ee51..000000000
--- a/security/nss/cmd/lib/dongle.c
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "secutil.h"
-#include "sechash.h"
-
-#ifdef XP_UNIX
-#include <unistd.h>
-#include <netdb.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#endif
-#ifdef XP_WIN
-#include <windows.h>
-#include <winsock.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#endif
-#ifdef XP_MAC
-#include <unistd.h>
-#endif
-
-#ifdef XP_UNIX
-#include "prnetdb.h"
-#else
-#define PRHostEnt struct hostent
-#define PR_NETDB_BUF_SIZE 5
-#endif
-
-static RC4Context *
-sec_MakeDongleKey(void)
-{
- RC4Context *rc4;
- char hostname[64];
- PRHostEnt hpbuf, *hent;
- char dbbuf[PR_NETDB_BUF_SIZE];
- int ipaddr;
- struct stat s;
- int found = 1; /* Whether /vmunix, etc. found */
- unsigned char *buf, *totalbuf;
- MD5Context *md5 = 0;
- unsigned char digest[16];
- unsigned int digestLen;
-
- /* NOTE: Fix MAC and WIN to stat something comparable to kernel on UNIX */
-#ifdef XP_MAC
- return NULL;
-#elif defined(XP_WIN)
- return NULL;
-#endif
-
- /* gather system data */
- if( gethostname( hostname, 64 ) < 0 ) {
- return(NULL);
- }
-
-#ifdef XP_UNIX
-#ifndef NSPR20
- hent = PR_gethostbyname(hostname, &hpbuf, dbbuf, sizeof(dbbuf), 0);
-#else
- if (PR_GetHostByName(hostname, dbbuf, sizeof(dbbuf), &hpbuf) == PR_SUCCESS)
- hent = &hpbuf;
- else
- hent = NULL;
-#endif
-#else
- hent = gethostbyname(hostname);
-#endif
- if (hent == NULL) {
- return(NULL);
- }
-
- ipaddr = htonl(((struct in_addr *)hent->h_addr)->s_addr);
-
- /*
- ** /unix IRIX & AIX & SCO
- ** /vmunix SunOS & OSF
- ** /kernel/unix Solaris
- ** /vmlinuz Linux
- ** /hp-ux HP-UX
- ** /bsd BSD
- */
- if ( (stat("/unix", &s) == -1 ) && (stat("/vmunix", &s) == -1) &&
- (stat("/bsd", &s) == -1) && (stat("kernel/unix", &s)== -1) &&
- (stat("/hp-ux", &s) == -1) && (stat("/vmlinuz", &s) == -1) ) {
- found = 0;
- }
-
- buf = totalbuf = (unsigned char *)
- XP_CALLOC(1, 1000 + sizeof(ipaddr) + sizeof(s) + PORT_Strlen(hostname));
-
- if ( buf == 0 ) {
- return(NULL);
- }
-
- PORT_Memcpy(buf, hostname, PORT_Strlen(hostname));
- buf += PORT_Strlen(hostname);
-
- PORT_Memcpy(buf, &ipaddr, sizeof(ipaddr));
- buf += sizeof(ipaddr);
-
- if (found) {
- PORT_Memcpy(buf, &s.st_mode, sizeof(s.st_mode));
- buf += sizeof(s.st_mode);
-
- PORT_Memcpy(buf, &s.st_ino, sizeof(s.st_ino));
- buf += sizeof(s.st_ino);
-
- PORT_Memcpy(buf, &s.st_dev, sizeof(s.st_dev));
- buf += sizeof(s.st_dev);
-
- PORT_Memcpy(buf, &s.st_mtime, sizeof(s.st_mtime));
- buf += sizeof(s.st_mtime);
- }
-
- /* Digest the system info using MD5 */
- md5 = MD5_NewContext();
- if (md5 == NULL) {
- return (NULL);
- }
-
- MD5_Begin(md5);
- MD5_Update(md5, totalbuf, PORT_Strlen((char *)totalbuf));
- MD5_End(md5, digest, &digestLen, MD5_LENGTH);
-
- /* Make an RC4 key using the digest */
- rc4 = RC4_CreateContext(digest, digestLen);
-
- /* Zero out information */
- MD5_DestroyContext(md5, PR_TRUE);
- PORT_Memset(digest, 0 , sizeof(digest));
-
-
- return(rc4);
-}
-
-extern unsigned char *
-SEC_ReadDongleFile(int fd)
-{
- RC4Context *rc4;
- struct stat s;
- unsigned char *inbuf, *pw;
- int nb;
- unsigned int pwlen, inlen;
- SECStatus rv;
-
- rc4 = sec_MakeDongleKey();
- if (rc4 == NULL) {
- return(0);
- }
-
- /* get size of file */
- if ( fstat(fd, &s) < 0 ) {
- return(0);
- }
-
- inlen = s.st_size;
-
- inbuf = (unsigned char *) PORT_Alloc(inlen);
- if (!inbuf) {
- return(0);
- }
-
- nb = read(fd, (char *)inbuf, inlen);
- if (nb != inlen) {
- return(0);
- }
-
- pw = (unsigned char *) PORT_Alloc(inlen);
- if (pw == 0) {
- return(0);
- }
-
- rv = RC4_Decrypt(rc4, pw, &pwlen, inlen, inbuf, inlen);
- if (rv) {
- return(0);
- }
-
- PORT_Free(inbuf);
-
- return(pw);
-}
-
-extern SECStatus
-SEC_WriteDongleFile(int fd, unsigned char *pw)
-{
- RC4Context *rc4;
- unsigned char *outbuf;
- unsigned int outlen;
- SECStatus rv;
- int nb;
-
- rc4 = sec_MakeDongleKey();
- if (rc4 == NULL) {
- return(SECFailure);
- }
-
- outbuf = (unsigned char *) PORT_Alloc(PORT_Strlen((char *)pw) + 1);
- if (!outbuf) {
- return(SECFailure);
- }
-
- rv = RC4_Encrypt(rc4, outbuf, &outlen, PORT_Strlen((char *)pw), pw,
- PORT_Strlen((char *)pw));
- if (rv) {
- return(SECFailure);
- }
-
- RC4_DestroyContext(rc4, PR_TRUE);
-
- nb = write(fd, (char *)outbuf, outlen);
- if (nb != outlen) {
- return(SECFailure);
- }
-
- PORT_Free(outbuf);
-
- return(SECSuccess);
-}
-
diff --git a/security/nss/cmd/lib/fe_util.c b/security/nss/cmd/lib/fe_util.c
deleted file mode 100644
index 646277e35..000000000
--- a/security/nss/cmd/lib/fe_util.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "secpkcs7.h"
-
-void
-fe_GetProgramDirectory(char *path, int len)
-{
- PORT_Strcpy( path, ".");
-}
-
diff --git a/security/nss/cmd/lib/ffs.c b/security/nss/cmd/lib/ffs.c
deleted file mode 100644
index 3fce2c7c2..000000000
--- a/security/nss/cmd/lib/ffs.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifdef XP_PC
-
-int ffs( unsigned int i)
-{
- int rv = 1;
-
- if (!i) return 0;
-
- while (!(i & 1)) {
- i >>= 1;
- ++rv;
- }
-
- return rv;
-}
-#endif
diff --git a/security/nss/cmd/lib/filestub.c b/security/nss/cmd/lib/filestub.c
deleted file mode 100644
index 368b7284d..000000000
--- a/security/nss/cmd/lib/filestub.c
+++ /dev/null
@@ -1,1118 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#define CMD_STUB 1 /* this is just a stub for security/cmd/* */
-#define MOZ_LITE 1 /* don't need that other stuff, either */
-
-#if 0
-#include "stdafx.h"
-#include "dialog.h"
-#include "mainfrm.h"
-#include "custom.h"
-#include "shcut.h"
-#include "edt.h"
-#include "prmon.h"
-#include "fegui.h"
-#include "prefapi.h"
-#include <io.h>
-#include "secrng.h"
-#include "mailass.h"
-#include "ipframe.h"
-#include "mnprefs.h"
-
-#else
-
-#include <xp_core.h>
-#include <xp_file.h>
-#include <xp_mcom.h>
-
-#define ASSERT assert
-#endif
-
-#ifdef XP_MAC
-#include "prpriv.h" /* For PR_NewNamedMonitor */
-#else
-#include "private/prpriv.h"
-#endif
-
-#ifdef XP_WIN
-
-#ifndef _AFXDLL
-/* MSVC Debugging new...goes to regular new in release mode */
-#define new DEBUG_NEW
-#endif
-
-#ifdef __BORLANDC__
- #define _lseek lseek
-#endif
-
-#define WIDTHBYTES(i) ((i + 31) / 32 * 4)
-#define MAXREAD 32767
-
-MODULE_PRIVATE char * XP_CacheFileName();
-
-#define MAXSTRINGLEN 8192
-
-#ifndef CMD_STUB
-
-/* Return a string the same as the In string
-** but with all of the \n's replaced with \r\n's
-*/
-MODULE_PRIVATE char *
-FE_Windowsify(const char * In)
-{
- char *Out;
- char *o, *i;
- int32 len;
-
- if(!In)
- return NULL;
-
- /* if every character is a \n then new string is twice as long */
- len = (int32) XP_STRLEN(In) * 2 + 1;
- Out = (char *) XP_ALLOC(len);
- if(!Out)
- return NULL;
-
- /* Move the characters over one by one. If the current character is */
- /* a \n replace add a \r before moving the \n over */
- for(i = (char *) In, o = Out; i && *i; *o++ = *i++)
- if(*i == '\n')
- *o++ = '\r';
-
- /* Make sure our new string is NULL terminated */
- *o = '\0';
- return(Out);
-}
-
-
-/* Return some adjusted out full path on the mac. */
-/* For windows, we just return what was passed in. */
-/* We must provide it in a seperate buffer, otherwise they might change */
-/* the original and change also what they believe to be saved. */
-char *
-WH_FilePlatformName(const char *pName)
-{
-
- if(pName) {
- return XP_STRDUP(pName);
- }
-
- return NULL;
-}
-
-
-char *
-FE_GetProgramDirectory(char *buffer, int length)
-{
- ::GetModuleFileName(theApp.m_hInstance, buffer, length);
-
- /* Find the trailing slash. */
- char *pSlash = ::strrchr(buffer, '\\');
- if(pSlash) {
- *(pSlash+1) = '\0';
- } else {
- buffer[0] = '\0';
- }
- return (buffer);
-}
-
-
-char*
-XP_TempDirName(void)
-{
- char *tmp = theApp.m_pTempDir;
- if (!tmp)
- return XP_STRDUP(".");
- return XP_STRDUP(tmp);
-}
-
-/* Windows _tempnam() lets the TMP environment variable override things sent
-** in so it look like we're going to have to make a temp name by hand.
-
-** The user should *NOT* free the returned string.
-** It is stored in static space
-** and so is not valid across multiple calls to this function.
-
-** The names generated look like
-** c:\netscape\cache\m0.moz
-** c:\netscape\cache\m1.moz
-** up to...
-** c:\netscape\cache\m9999999.moz
-** after that if fails
-** */
-PUBLIC char *
-xp_TempFileName(int type, const char * request_prefix, const char * extension,
- char* file_buf)
-{
- const char * directory = NULL;
- char * ext = NULL; /* file extension if any */
- char * prefix = NULL; /* file prefix if any */
-
-
- XP_StatStruct statinfo;
- int status;
-
- /* */
- /* based on the type of request determine what directory we should be */
- /* looking into */
- /* */
- switch(type) {
- case xpCache:
- directory = theApp.m_pCacheDir;
- ext = ".MOZ";
- prefix = CACHE_PREFIX;
- break;
-#ifndef MOZ_LITE
- case xpSNewsRC:
- case xpNewsRC:
- case xpNewsgroups:
- case xpSNewsgroups:
- case xpTemporaryNewsRC:
- directory = g_MsgPrefs.m_csNewsDir;
- ext = (char *)extension;
- prefix = (char *)request_prefix;
- break;
- case xpMailFolderSummary:
- case xpMailFolder:
- directory = g_MsgPrefs.m_csMailDir;
- ext = (char *)extension;
- prefix = (char *)request_prefix;
- break;
- case xpAddrBook:
- /*changed to support multi-profile */
- /*directory = theApp.m_pInstallDir->GetCharValue(); */
- directory = (const char *)theApp.m_UserDirectory;
- if ((request_prefix == 0) || (XP_STRLEN (request_prefix) == 0))
- prefix = "abook";
- ext = ".nab";
- break;
-#endif /* MOZ_LITE */
- case xpCacheFAT:
- directory = theApp.m_pCacheDir;
- prefix = "fat";
- ext = "db";
- break;
- case xpJPEGFile:
- directory = theApp.m_pTempDir;
- ext = ".jpg";
- prefix = (char *)request_prefix;
- break;
- case xpPKCS12File:
- directory = theApp.m_pTempDir;
- ext = ".p12";
- prefix = (char *)request_prefix;
- break;
- case xpTemporary:
- default:
- directory = theApp.m_pTempDir;
- ext = (char *)extension;
- prefix = (char *)request_prefix;
- break;
- }
-
- if(!directory)
- return(NULL);
-
- if(!prefix)
- prefix = "X";
-
- if(!ext)
- ext = ".TMP";
-
- /* We need to base our temporary file names on time, and not on sequential */
- /* addition because of the cache not being updated when the user */
- /* crashes and files that have been deleted are over written with */
- /* other files; bad data. */
- /* The 52 valid DOS file name characters are */
- /* 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_^$~!#%&-{}@`'() */
- /* We will only be using the first 32 of the choices. */
- /* */
- /* Time name format will be M+++++++.MOZ */
- /* Where M is the single letter prefix (can be longer....) */
- /* Where +++++++ is the 7 character time representation (a full 8.3 */
- /* file name will be made). */
- /* Where .MOZ is the file extension to be used. */
- /* */
- /* In the event that the time requested is the same time as the last call */
- /* to this function, then the current time is incremented by one, */
- /* as is the last time called to facilitate unique file names. */
- /* In the event that the invented file name already exists (can't */
- /* really happen statistically unless the clock is messed up or we */
- /* manually incremented the time), then the times are incremented */
- /* until an open name can be found. */
- /* */
- /* time_t (the time) has 32 bits, or 4,294,967,296 combinations. */
- /* We will map the 32 bits into the 7 possible characters as follows: */
- /* Starting with the lsb, sets of 5 bits (32 values) will be mapped */
- /* over to the appropriate file name character, and then */
- /* incremented to an approprate file name character. */
- /* The left over 2 bits will be mapped into the seventh file name */
- /* character. */
- /* */
-
- int i_letter, i_timechars, i_numtries = 0;
- char ca_time[8];
- time_t this_call = (time_t)0;
-
- /* We have to base the length of our time string on the length */
- /* of the incoming prefix.... */
- /* */
- i_timechars = 8 - strlen(prefix);
-
- /* Infinite loop until the conditions are satisfied. */
- /* There is no danger, unless every possible file name is used. */
- /* */
- while(1) {
- /* We used to use the time to generate this. */
- /* Now, we use some crypto to avoid bug #47027 */
- RNG_GenerateGlobalRandomBytes((void *)&this_call, sizeof(this_call));
-
- /* Convert the time into a 7 character string. */
- /* Strip only the signifigant 5 bits. */
- /* We'll want to reverse the string to make it look coherent */
- /* in a directory of file names. */
- /* */
- for(i_letter = 0; i_letter < i_timechars; i_letter++) {
- ca_time[i_letter] = (char)((this_call >> (i_letter * 5)) & 0x1F);
-
- /* Convert any numbers to their equivalent ascii code */
- /* */
- if(ca_time[i_letter] <= 9) {
- ca_time[i_letter] += '0';
- }
- /* Convert the character to it's equivalent ascii code */
- /* */
- else {
- ca_time[i_letter] += 'A' - 10;
- }
- }
-
- /* End the created time string. */
- /* */
- ca_time[i_letter] = '\0';
-
- /* Reverse the time string. */
- /* */
- _strrev(ca_time);
-
- /* Create the fully qualified path and file name. */
- /* */
- sprintf(file_buf, "%s\\%s%s%s", directory, prefix, ca_time, ext);
-
- /* Determine if the file exists, and mark that we've tried yet */
- /* another file name (mark to be used later). */
- /* */
- /* Use the system call instead of XP_Stat since we already */
- /* know the name and we don't want recursion */
- /* */
- status = _stat(file_buf, &statinfo);
- i_numtries++;
-
- /* If it does not exists, we are successful, return the name. */
- /* */
- if(status == -1) {
- /* don't generate a directory as part of the cache temp names.
- * When the cache file name is passed into the other XP_File
- * functions we will append the cache directory to the name
- * to get the complete path.
- * This will allow the cache to be moved around
- * and for netscape to be used to generate external cache FAT's.
- */
- if(type == xpCache )
- sprintf(file_buf, "%s%s%s", prefix, ca_time, ext);
-
- TRACE("Temp file name is %s\n", file_buf);
- return(file_buf);
- }
-
- /* If there is no room for additional characters in the time, */
- /* we'll have to return NULL here, or we go infinite. */
- /* This is a one case scenario where the requested prefix is */
- /* actually 8 letters long! */
- /* Infinite loops could occur with a 7, 6, 5, etc character prefixes */
- /* if available files are all eaten up (rare to impossible), in */
- /* which case, we should check at some arbitrary frequency of */
- /* tries before we give up instead of attempting to Vulcanize */
- /* this code. Live long and prosper. */
- /* */
- if(i_timechars == 0) {
- break;
- } else if(i_numtries == 0x00FF) {
- break;
- }
- }
-
- /* Requested name is thought to be impossible to generate. */
- /* */
- TRACE("No more temp file names....\n");
- return(NULL);
-
-}
-
-PUBLIC char *
-WH_TempFileName(int type, const char * request_prefix, const char * extension)
-{
- static char file_buf[_MAX_PATH]; /* protected by _pr_TempName_lock */
- char* result;
-
- if (_pr_TempName_lock == NULL)
- _pr_TempName_lock = PR_NewNamedMonitor("TempName-lock");
- PR_EnterMonitor(_pr_TempName_lock);
-
- result = XP_STRDUP(xp_TempFileName(type, request_prefix, extension, file_buf));
- PR_ExitMonitor(_pr_TempName_lock);
- return result;
-}
-
-#endif /* CMD_STUB */
-
-/* */
-/* Return a string that is equal to the NetName string but with the */
-/* cross-platform characters changed back into DOS characters */
-/* The caller is responsible for XP_FREE()ing the string */
-/* */
-MODULE_PRIVATE char *
-XP_NetToDosFileName(const char * NetName)
-{
- char *p, *newName;
- BOOL bChopSlash = FALSE;
-
- if(!NetName)
- return NULL;
-
- /* If the name is only '/' or begins '//' keep the */
- /* whole name else strip the leading '/' */
-
- if(NetName[0] == '/')
- bChopSlash = TRUE;
-
- /* save just / as a path */
- if(NetName[0] == '/' && NetName[1] == '\0')
- bChopSlash = FALSE;
-
- /* spanky Win9X path name */
- if(NetName[0] == '/' && NetName[1] == '/')
- bChopSlash = FALSE;
-
- if(bChopSlash)
- newName = XP_STRDUP(&(NetName[1]));
- else
- newName = XP_STRDUP(NetName);
-
- if(!newName)
- return NULL;
-
- for(p = newName; *p; p++) {
- switch(*p) {
- case '|':
- *p = ':';
- break;
- case '/':
- *p = '\\';
- break;
- default:
- break;
- }
- }
-
- return(newName);
-
-}
-
-
-/* */
-/* Returns the absolute name of a file */
-/* */
-/* The result of this function can be used with the standard */
-/* open/fopen ansi file functions */
-/* */
-PUBLIC char *
-xp_FileName(const char * name, XP_FileType type, char* *myName)
-{
- char * newName = NULL;
- char * netLibName = NULL;
- char * tempName = NULL;
- char * prefStr = NULL;
- BOOL bNeedToRegister = FALSE; /* == do we need to register a new */
- /* newshost->file name mapping */
- struct _stat sInfo;
- int iDot;
- int iColon;
-
-#ifndef CMD_STUB
- CString csHostName;
- CString csHost;
- CString fileName;
-#endif
-
- switch(type) {
-
-#ifndef CMD_STUB
- case xpCacheFAT:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\fat.db", (const char *)theApp.m_pCacheDir);
- break;
- case xpExtCacheIndex:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\extcache.fat", (const char *)theApp.m_pCacheDir);
- break;
-
- case xpSARCacheIndex:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\archive.fat", theApp.m_pSARCacheDir);
- break;
-
- case xpHTTPCookie:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- /*sprintf(newName, "%s\\cookies.txt", theApp.m_pInstallDir->GetCharValue()); */
- /* changed to support multi-profile */
- sprintf(newName, "%s\\cookies.txt", (const char *)theApp.m_UserDirectory);
- break;
-#ifndef MOZ_LITE
- case xpSNewsRC:
- case xpNewsRC:
- /* see if we are asking about the default news host */
- /* else look up in netlib */
- if ( !name || !strlen(name) )
- name = g_MsgPrefs.m_csNewsHost;
-
- netLibName = NET_MapNewsrcHostToFilename((char *)name,
- (type == xpSNewsRC),
- FALSE);
-
- /* if we found something in our map just skip the rest of this */
- if(netLibName && *netLibName) {
- newName = XP_STRDUP(netLibName);
- break;
- }
-
- /* whatever name we eventually end up with we will need to register it */
- /* before we leave the function */
- bNeedToRegister = TRUE;
-
- /* If we are on the default host see if there is a newsrc file in the */
- /* news directory. If so, that is what we want */
- if(!stricmp(name, g_MsgPrefs.m_csNewsHost)) {
- csHostName = g_MsgPrefs.m_csNewsDir;
- csHostName += "\\newsrc";
- if(_stat((const char *) csHostName, &sInfo) == 0) {
- newName = XP_STRDUP((const char *) csHostName);
- break;
- }
- }
-
- /* See if we are going to be able to build a file name based */
- /* on the hostname */
- csHostName = g_MsgPrefs.m_csNewsDir;
- csHostName += '\\';
-
- /* build up '<hostname>.rc' so we can tell how long its going to be */
- /* we will use that as the default name to try */
- if(type == xpSNewsRC)
- csHost += 's';
- csHost += name;
-
- /* if we have a news host news.foo.com we just want to use the "news" */
- /* part */
- iDot = csHost.Find('.');
- if(iDot != -1)
- csHost = csHost.Left(iDot);
-
-#ifdef XP_WIN16
- if(csHost.GetLength() > 8)
- csHost = csHost.Left(8);
-#endif
-
- iColon = csHost.Find(':');
- if (iColon != -1) {
- /* Windows file system seems to do horrid things if you have */
- /* a filename with a colon in it. */
- csHost = csHost.Left(iColon);
- }
-
- csHost += ".rc";
-
- /* csHost is now of the form <hostname>.rc and is in 8.3 format */
- /* if we are on a Win16 box */
-
- csHostName += csHost;
-
- /* looks like a file with that name already exists -- panic */
- if(_stat((const char *) csHostName, &sInfo) != -1) {
-
- char host[5];
-
- /* else generate a new file in news directory */
- strncpy(host, name, 4);
- host[4] = '\0';
-
- newName = WH_TempFileName(type, host, ".rc");
- if(!newName)
- return(NULL);
-
- } else {
-
- newName = XP_STRDUP((const char *) csHostName);
-
- }
-
- break;
- case xpNewsrcFileMap:
- /* return name of FAT file in news directory */
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\fat", (const char *)g_MsgPrefs.m_csNewsDir);
- break;
- case xpNewsgroups:
- case xpSNewsgroups:
- /* look up in netlib */
- if ( !name || !strlen(name) )
- name = g_MsgPrefs.m_csNewsHost;
-
- netLibName = NET_MapNewsrcHostToFilename((char *)name,
- (type == xpSNewsgroups),
- TRUE);
-
- if(!netLibName) {
-
- csHostName = g_MsgPrefs.m_csNewsDir;
- csHostName += '\\';
-
- if(type == xpSNewsgroups)
- csHost += 's';
- csHost += name;
-
- /* see if we can just use "<hostname>.rcg" */
- /* it might be news.foo.com so just take "news" */
- int iDot = csHost.Find('.');
- if(iDot != -1)
- csHost = csHost.Left(iDot);
-
-#ifdef XP_WIN16
- if(csHost.GetLength() > 8)
- csHost = csHost.Left(8);
-#endif
-
- iColon = csHost.Find(':');
- if (iColon != -1) {
- /* Windows file system seems to do horrid things if you have */
- /* a filename with a colon in it. */
- csHost = csHost.Left(iColon);
- }
-
- csHost += ".rcg";
-
- /* csHost is now of the form <hostname>.rcg */
-
- csHostName += csHost;
-
- /* looks like a file with that name already exists -- panic */
- if(_stat((const char *) csHostName, &sInfo) != -1) {
-
- char host[5];
-
- /* else generate a new file in news directory */
- strncpy(host, name, 4);
- host[4] = '\0';
-
- newName = WH_TempFileName(type, host, ".rcg");
- if(!newName)
- return(NULL);
-
- } else {
-
- newName = XP_STRDUP((const char *) csHostName);
-
- }
-
- if ( !name || !strlen(name))
- NET_RegisterNewsrcFile(newName,(char *)(const char *)g_MsgPrefs.m_csNewsHost,
- (type == xpSNewsgroups), TRUE );
- else
- NET_RegisterNewsrcFile(newName,(char*)name,(type == xpSNewsgroups), TRUE );
-
- } else {
-
- newName = XP_STRDUP(netLibName);
-
- }
- break;
- case xpMimeTypes:
- name = NULL;
- break;
-#endif /* MOZ_LITE */
- case xpGlobalHistory:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- /* changed to support multi-profile */
- /*sprintf(newName, "%s\\netscape.hst", theApp.m_pInstallDir->GetCharValue()); */
- sprintf(newName, "%s\\netscape.hst", (const char *)theApp.m_UserDirectory);
- break;
- case xpGlobalHistoryList:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf( newName, "%s\\ns_hstry.htm" );
- break;
- case xpKeyChain:
- name = NULL;
- break;
-
- /* larubbio */
- case xpSARCache:
- if(!name) {
- return NULL;
- }
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\%s", theApp.m_pSARCacheDir, name);
- break;
-
- case xpCache:
- if(!name) {
- tempName = WH_TempFileName(xpCache, NULL, NULL);
- if (!tempName) return NULL;
- name = tempName;
- }
- newName = (char *) XP_ALLOC(_MAX_PATH);
- if ((strchr(name,'|') || strchr(name,':'))) { /* Local File URL if find a | */
- if(name[0] == '/')
- strcpy(newName,name+1); /* skip past extra slash */
- else
- strcpy(newName,name); /* absolute path is valid */
- } else {
- sprintf(newName, "%s\\%s", (const char *)theApp.m_pCacheDir, name);
- }
- break;
- case xpBookmarks:
- case xpHotlist:
- if (!name || !strlen(name))
- name = theApp.m_pBookmarkFile;
- break;
-#endif /* CMD_STUB */
-
- case xpSocksConfig:
- prefStr = NULL;
-#ifndef CMD_STUB
- PREF_CopyCharPref("browser.socksfile_location", &prefStr);
-#else
- ASSERT(0);
-#endif
- name = prefStr;
- break;
-
-#ifndef CMD_STUB
- case xpCertDB:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- if ( name ) {
- sprintf(newName, "%s\\cert%s.db", (const char *)theApp.m_UserDirectory, name);
- } else {
- sprintf(newName, "%s\\cert.db", (const char *)theApp.m_UserDirectory);
- }
- break;
- case xpCertDBNameIDX:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\certni.db", (const char *)theApp.m_UserDirectory);
- break;
- case xpKeyDB:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- if ( name ) {
- sprintf(newName, "%s\\key%s.db", (const char *)theApp.m_UserDirectory, name);
- } else {
- sprintf(newName, "%s\\key.db", (const char *)theApp.m_UserDirectory);
- }
- break;
- case xpSecModuleDB:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\secmod.db", (const char *)theApp.m_UserDirectory);
- break;
- case xpSignedAppletDB:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- if ( name ) {
- sprintf(newName, "%s\\signed%s.db", (const char *)theApp.m_UserDirectory, name);
- } else {
- sprintf(newName, "%s\\signed.db", (const char *)theApp.m_UserDirectory);
- }
- break;
-#ifndef MOZ_LITE
- case xpAddrBook:
-#ifdef XP_WIN16
- if(!name || !strlen(name) )
- newName = WH_TempName(type, NULL);
-#else
- newName = (char *) XP_ALLOC(_MAX_PATH);
- strcpy(newName, name);
-
- /* strip off the extension */
- {
- char * pEnd = max(strrchr(newName, '\\'), strrchr(newName, '/'));
- if(!pEnd)
- pEnd = newName;
-
- pEnd = strchr(pEnd, '.');
- if(pEnd)
- *pEnd = '\0';
- }
- strcat(newName, ".nab");
-#endif
- break;
- case xpAddrBookNew:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\%s", (const char *)theApp.m_UserDirectory, name);
- break;
- case xpVCardFile:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- strcpy(newName, name);
-
- /* strip off the extension */
- {
- char * pEnd = max(strrchr(newName, '\\'), strrchr(newName, '/'));
- if(!pEnd)
- pEnd = newName;
-
- pEnd = strchr(pEnd, '.');
- if(pEnd)
- *pEnd = '\0';
- }
- strcat(newName, ".vcf");
- break;
- case xpLDIFFile:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- strcpy(newName, name);
-
- /* strip off the extension */
- {
- char * pEnd = max(strrchr(newName, '\\'), strrchr(newName, '/'));
- if(!pEnd)
- pEnd = newName;
-
- pEnd = strchr(pEnd, '.');
- if(pEnd)
- *pEnd = '\0';
- }
-#ifdef XP_WIN16
- strcat(newName, ".ldi");
-#else
- strcat(newName, ".ldif");
-#endif
- break;
- case xpTemporaryNewsRC:
- {
- CString csHostName = g_MsgPrefs.m_csNewsDir;
- csHostName += "\\news.tmp";
- newName = XP_STRDUP((const char *) csHostName);
- }
- break;
-#endif /* MOZ_LITE */
- case xpPKCS12File:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- strcpy(newName, name);
-
- /* strip off the extension */
- {
- char * pEnd = max(strrchr(newName, '\\'), strrchr(newName, '/'));
- if(!pEnd)
- pEnd = newName;
-
- pEnd = strchr(pEnd, '.');
- if(pEnd)
- *pEnd = '\0';
- }
- strcat(newName, ".p12");
- break;
- case xpTemporary:
- if(!name || !strlen(name) )
- newName = WH_TempName(type, NULL);
- break;
-#ifndef MOZ_LITE
- case xpMailFolder:
- if(!name)
- name = g_MsgPrefs.m_csMailDir;
- break;
- case xpMailFolderSummary:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- strcpy(newName, name);
-
- /* strip off the extension */
- {
- char * pEnd = max(strrchr(newName, '\\'), strrchr(newName, '/'));
- if(!pEnd)
- pEnd = newName;
-
-#ifdef XP_WIN16 /* backend won't allow '.' in win16 folder names, but just to be safe. */
- pEnd = strchr(pEnd, '.');
- if(pEnd)
- *pEnd = '\0';
-#endif
- }
- strcat(newName, ".snm");
- break;
- case xpMailSort:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\rules.dat", (const char *)g_MsgPrefs.m_csMailDir);
- break;
- case xpMailFilterLog:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\mailfilt.log", (const char *)g_MsgPrefs.m_csMailDir);
- break;
- case xpNewsFilterLog:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\newsfilt.log", (const char *)g_MsgPrefs.m_csNewsDir);
- break;
- case xpMailPopState:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\popstate.dat", (const char *)g_MsgPrefs.m_csMailDir);
- break;
- case xpMailSubdirectory:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- strcpy(newName, name);
-
- /* strip off the trailing slash if any */
- {
- char * pEnd = max(strrchr(newName, '\\'), strrchr(newName, '/'));
- if(!pEnd)
- pEnd = newName;
- }
-
- strcat(newName, ".sbd");
- break;
-#endif /* MOZ_LITE */
- /* name of global cross-platform registry */
- case xpRegistry:
- /* eventually need to support arbitrary names; this is the default */
- newName = (char *) XP_ALLOC(_MAX_PATH);
- if ( newName != NULL ) {
- GetWindowsDirectory(newName, _MAX_PATH);
- int namelen = strlen(newName);
- if ( newName[namelen-1] == '\\' )
- namelen--;
- strcpy(newName+namelen, "\\nsreg.dat");
- }
- break;
- /* name of news group database */
-#ifndef MOZ_LITE
- case xpXoverCache:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\%s", (const char *)g_MsgPrefs.m_csNewsDir, name);
- break;
-#endif /* MOZ_LITE */
- case xpProxyConfig:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- /*sprintf(newName, "%s\\proxy.cfg", theApp.m_pInstallDir->GetCharValue()); */
- sprintf(newName, "%s\\proxy.cfg", (const char *)theApp.m_UserDirectory);
- break;
-
- /* add any cases where no modification is necessary here */
- /* The name is fine all by itself, no need to modify it */
- case xpFileToPost:
- case xpExtCache:
- case xpURL:
- /* name is OK as it is */
- break;
-#ifndef MOZ_LITE
- case xpNewsHostDatabase:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- sprintf(newName, "%s\\news.db", (const char *)g_MsgPrefs.m_csNewsDir);
- break;
-
- case xpImapRootDirectory:
- newName = PR_smprintf ("%s\\ImapMail", (const char *)theApp.m_UserDirectory);
- break;
- case xpImapServerDirectory:
- {
- int len = 0;
- char *tempImapServerDir = XP_STRDUP(name);
- char *imapServerDir = tempImapServerDir;
-#ifdef XP_WIN16
- if ((len = XP_STRLEN(imapServerDir)) > 8) {
- imapServerDir = imapServerDir + len - 8;
- }
-#endif
- newName = PR_smprintf ("%s\\ImapMail\\%s", (const char *)theApp.m_UserDirectory, imapServerDir);
- if (tempImapServerDir) XP_FREE(tempImapServerDir);
- }
- break;
-
- case xpJSMailFilters:
- newName = PR_smprintf("%s\\filters.js", (const char *)g_MsgPrefs.m_csMailDir);
- break;
-#endif /* MOZ_LITE */
- case xpFolderCache:
- newName = PR_smprintf ("%s\\summary.dat", (const char *)theApp.m_UserDirectory);
- break;
-
- case xpCryptoPolicy:
- newName = (char *) XP_ALLOC(_MAX_PATH);
- FE_GetProgramDirectory(newName, _MAX_PATH);
- strcat(newName, "moz40p3");
- break;
-#endif /* CMD_STUB */
-
- default:
- ASSERT(0); /* all types should be covered */
- break;
- }
-
-#ifndef MOZ_LITE
- /* make sure we have the correct newsrc file registered for next time */
- if((type == xpSNewsRC || type == xpNewsRC) && bNeedToRegister)
- NET_RegisterNewsrcFile(newName, (char *)name, (type == xpSNewsRC), FALSE );
-#endif
-
- /* determine what file we are supposed to load and make sure it looks */
- /* like a DOS pathname and not some unix-like name */
- if(newName) {
- *myName = XP_NetToDosFileName((const char*)newName);
- XP_FREE(newName);
- } else {
- *myName = XP_NetToDosFileName((const char*)name);
- }
-
- if (tempName) XP_FREE(tempName);
-
- if (prefStr) XP_FREE(prefStr);
-
- /* whee, we're done */
- return(*myName);
-}
-
-/* */
-/* Open a file with the given name */
-/* If a special file type is provided we might need to get the name */
-/* out of the preferences list */
-/* */
-PUBLIC XP_File
-XP_FileOpen(const char * name, XP_FileType type, const XP_FilePerm perm)
-{
- XP_File fp;
- char *filename = WH_FileName(name, type);
-
- if(!filename)
- return(NULL);
-
-#ifdef DEBUG_nobody
- TRACE("Opening a file type (%d) permissions: %s (%s)\n", type, perm, filename);
-#endif
-
-#ifdef XP_WIN32
- if (type == xpURL) {
- HANDLE hFile;
- DWORD dwType;
-
- /* Check if we're trying to open a device. We don't allow this */
- hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL,
- OPEN_EXISTING, 0, NULL);
-
- if (hFile != INVALID_HANDLE_VALUE) {
- dwType = GetFileType(hFile);
- CloseHandle(hFile);
-
- if (dwType != FILE_TYPE_DISK) {
- XP_FREE(filename);
- return NULL;
- }
- }
- }
-#endif
-
-#ifdef XP_WIN16
- /* Windows uses ANSI codepage, DOS uses OEM codepage, */
- /* fopen takes OEM codepage */
- /* That's why we need to do conversion here. */
- CString oembuff = filename;
- oembuff.AnsiToOem();
- fp = fopen(oembuff, (char *) perm);
-
- if (fp && type == xpURL) {
- union _REGS inregs, outregs;
-
- /* Check if we opened a device. Execute an Interrupt 21h to invoke */
- /* MS-DOS system call 44h */
- inregs.x.ax = 0x4400; /* MS-DOS function to get device information */
- inregs.x.bx = _fileno(fp);
- _int86(0x21, &inregs, &outregs);
-
- if (outregs.x.dx & 0x80) {
- /* It's a device. Don't allow any reading/writing */
- fclose(fp);
- XP_FREE(filename);
- return NULL;
- }
- }
-#else
- fp = fopen(filename, (char *) perm);
-#endif
- XP_FREE(filename);
- return(fp);
-}
-
-
-
-/******************************************************************************/
-/* Thread-safe entry points: */
-
-extern PRMonitor* _pr_TempName_lock;
-
-#ifndef CMD_STUB
-
-char *
-WH_TempName(XP_FileType type, const char * prefix)
-{
- static char buf[_MAX_PATH]; /* protected by _pr_TempName_lock */
- char* result;
-
- if (_pr_TempName_lock == NULL)
- _pr_TempName_lock = PR_NewNamedMonitor("TempName-lock");
- PR_EnterMonitor(_pr_TempName_lock);
-
- result = XP_STRDUP(xp_TempFileName(type, prefix, NULL, buf));
-
- PR_ExitMonitor(_pr_TempName_lock);
-
- return result;
-}
-
-#endif /* CMD_STUB */
-
-PUBLIC char *
-WH_FileName (const char *name, XP_FileType type)
-{
- char* myName;
- char* result;
- /*
- ** I'm not sure this lock is really needed by windows, but just
- ** to be safe:
- */
- /* XP_ASSERT(_pr_TempName_lock); */
- /* PR_EnterMonitor(_pr_TempName_lock); */
- result = xp_FileName(name, type, &myName);
- /* PR_ExitMonitor(_pr_TempName_lock); */
- return myName;
-}
-
-#endif /* XP_WIN */
diff --git a/security/nss/cmd/lib/makefile.win b/security/nss/cmd/lib/makefile.win
deleted file mode 100644
index 92081a2f8..000000000
--- a/security/nss/cmd/lib/makefile.win
+++ /dev/null
@@ -1,66 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-include <manifest.mn>
-
-include <$(DEPTH)\config\config.mak>
-
-# include files are aought in LINCS and INCS.
-# LINCS are generated from REQUIRES in manigest.mn
-INCS = $(INCS) \
- -I..\include \
- -I..\..\lib\cert \
- $(NULL)
-
-IGNORE_ME = \
- -I$(DEPTH)\dist\public\security \
- -I$(DEPTH)\dist\public\nspr \
- -I$(DEPTH)\cmd\winfe \
- $(NULL)
-
-LCFLAGS = -DUSE_SSL -DEXPORT_VERSION
-
-PDBFILE = $(LIBNAME).pdb
-
-# work around a bug in rules.mak
-LIBRARY_SUFFIX = $(MOZ_BITS)
-
-include <$(DEPTH)\config\rules.mak>
-
-install:: $(LIBRARY)
-# $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib
-
-
-symbols::
- @echo "LIBRARY_NAME is $(LIBRARY_NAME)"
- @echo "LIBRARY is $(LIBRARY)"
diff --git a/security/nss/cmd/lib/manifest.mn b/security/nss/cmd/lib/manifest.mn
deleted file mode 100644
index b8a671d84..000000000
--- a/security/nss/cmd/lib/manifest.mn
+++ /dev/null
@@ -1,67 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-LIBRARY_NAME = sectool
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = seccmd
-
-DEFINES = -DNSPR20
-
-EXPORTS = secutil.h \
- $(NULL)
-
-CSRCS = secutil.c \
- secpwd.c \
- derprint.c \
- secerror.c \
- ffs.c \
- $(NULL)
-
-OLD_CSRCS = dongle.c \
- derprint.c \
- err.c \
- fe_util.c \
- ffs.c \
- filestub.c \
- secarb.c \
- secpwd.c \
- secutil.c \
- sslstubs.c \
- strerror.c \
- stubs.c \
- $(NULL)
-
-REQUIRES = security nspr dbm
-
diff --git a/security/nss/cmd/lib/secarb.c b/security/nss/cmd/lib/secarb.c
deleted file mode 100644
index 176fcbf8b..000000000
--- a/security/nss/cmd/lib/secarb.c
+++ /dev/null
@@ -1,372 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "secutil.h"
-
-#ifdef __sun
-extern int fprintf(FILE *strm, const char *format, .../* args */);
-extern int fflush(FILE *stream);
-#endif
-
-#define RIGHT_MARGIN 24
-/*#define RAW_BYTES 1 */
-
-typedef unsigned char Byte;
-
-static int prettyColumn; /* NOTE: This is NOT reentrant. */
-
-static char *prettyTagType [32] = {
- "End of Contents", "Boolean", "Integer", "Bit String", "Octet String",
- "NULL", "Object Identifier", "0x07", "0x08", "0x09", "0x0A",
- "0x0B", "0X0C", "0X0D", "0X0E", "0X0F", "Sequence", "Set",
- "0x12", "Printable String", "T61 String", "0x15", "IA5 String",
- "UTCTime",
- "0x18", "0x19", "0x1A", "0x1B", "0x1C", "0x1D", "0x1E",
- "High-Tag-Number"
-};
-
-static SECStatus prettyNewline(FILE *out)
-{
- int rv;
-
- if (prettyColumn != -1) {
- rv = fprintf(out, "\n");
- prettyColumn = -1;
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
- }
- return SECSuccess;
-}
-
-static SECStatus prettyIndent(FILE *out, unsigned level)
-{
- unsigned i;
- SECStatus rv;
-
- if (prettyColumn == -1) {
- prettyColumn = level;
- for (i = 0; i < level; i++) {
- rv = (SECStatus) fprintf(out, " ");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
- }
- }
- return SECSuccess;
-}
-
-static SECStatus prettyPrintByte(FILE *out, Byte item, unsigned level)
-{
- SECStatus rv;
-
- rv = prettyIndent(out, level);
- if (rv) return rv;
-
- rv = (SECStatus) fprintf(out, "%02x ", item);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
- prettyColumn++;
- if (prettyColumn >= RIGHT_MARGIN) {
- rv = prettyNewline(out);
- return rv;
- }
- return SECSuccess;
-}
-
-static SECStatus prettyPrintCString(FILE *out, char *str, unsigned level)
-{
- SECStatus rv;
-
- rv = prettyNewline(out);
- if (rv) return rv;
-
- rv = prettyIndent(out, level);
- if (rv) return rv;
-
- rv = (SECStatus) fprintf(out, str);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
-
- rv = prettyNewline(out);
- return rv;
-}
-
-static SECStatus prettyPrintLeafString(FILE *out, SECArb *arb, unsigned lv)
-{
- unsigned char buf[100];
- SECStatus rv;
- int length = arb->body.item.len;
-
- if (length > 0 && arb->body.item.data == NULL)
- return prettyPrintCString(out, "(string contents not available)", lv);
-
- if (length >= sizeof(buf))
- length = sizeof(buf) - 1;
-
- rv = prettyNewline(out);
- if (rv) return rv;
-
- rv = prettyIndent(out, lv);
- if (rv) return rv;
-
- memcpy(buf, arb->body.item.data, length);
- buf[length] = '\000';
-
- rv = (SECStatus) fprintf(out, "\"%s\"", buf);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
- rv = prettyNewline(out);
- if (rv) return rv;
-
- return SECSuccess;
-}
-
-static SECStatus prettyPrintLeaf(FILE *out, SECArb* arb, unsigned lv)
-{
- unsigned i;
- SECStatus rv;
- Byte *data = arb->body.item.data;
-
- if (data == NULL && arb->body.item.len > 0)
- return prettyPrintCString(out, "(data not availabe)", lv);
-
- for (i = 0; i < arb->body.item.len; i++) {
- rv = prettyPrintByte(out, *data++, lv);
- if (rv) return rv;
- }
-
- rv = prettyNewline(out);
- return rv;
-}
-
-static SECStatus prettyPrintEndContents(FILE *out, unsigned level)
-{
- return prettyPrintCString(out, prettyTagType[0], level);
-}
-
-static SECStatus prettyPrintTag(FILE *out, SECArb *arb, unsigned level)
-{
- int rv;
-
-#ifdef RAW_BYTES
- if (prettyPrintByte(out, arb->tag, level)) return PR_TRUE;
-#else
- if (prettyIndent(out, level)) return PR_TRUE;
-#endif
-
- if (arb->tag & DER_CONSTRUCTED) {
- rv = fprintf(out, "C-");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return PR_TRUE;
- }
- }
-
- switch(arb->tag & 0xC0) {
- case DER_UNIVERSAL:
- rv = fprintf(out, "%s ", prettyTagType[arb->tag & 0x17]);
- break;
- case DER_APPLICATION:
- rv = fprintf(out, "Application: %d ", arb->tag & 0x17);
- break;
- case DER_CONTEXT_SPECIFIC:
- rv = fprintf(out, "[%d] ", arb->tag & 0x17);
- break;
- case DER_PRIVATE:
- rv = fprintf(out, "Private: %d ", arb->tag & 0x17);
- break;
- }
-
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-static SECStatus prettyPrintLength(FILE *out, SECArb *arb, unsigned lv)
-{
- int rv = fprintf(out, " (%d)\n", arb->length);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return -1;
- }
- prettyColumn = -1;
- return PR_FALSE;
-}
-
-static SECStatus prettyPrint(FILE *out, SECArb *arb, unsigned lv)
-{
- int i;
-
- prettyPrintTag(out, arb, lv);
- prettyPrintLength(out, arb, lv);
-
- if (arb->tag & DER_CONSTRUCTED) {
- for (i = 0; i < arb->body.cons.numSubs; i++)
- prettyPrint(out, arb->body.cons.subs[i], lv + 1);
- if (arb->length == 0)
- prettyPrintEndContents(out, lv);
- } else {
- if (arb->tag == DER_PRINTABLE_STRING || arb->tag == DER_UTC_TIME) {
- if (prettyPrintLeafString(out, arb, lv+1)) return PR_TRUE;
-#ifdef RAW_BYTES
- if (prettyPrintLeaf(out, arb, lv+1)) return PR_TRUE;
-#endif
- } else {
- if (prettyPrintLeaf(out, arb, lv+1)) return PR_TRUE;
- }
- }
-
- return prettyNewline(out);
-}
-
-SECStatus BER_PrettyPrintArb(FILE *out, SECArb *a)
-{
- prettyColumn = -1;
- return prettyPrint(out, a, 0);
-}
-
-/*
- * PackHeader puts the tag and length field into a buffer provided by the
- * client. It assumes the client has made the buffer at least big
- * enough. (8 bytes will suffice for now). It returns the number of
- * valid bytes
- */
-static int PackHeader(SECArb *arb, unsigned char *header)
-{
- int tagBytes, lengthBytes;
- unsigned long length = arb->length;
- /*
- * XXX only handles short form tags
- */
- header[0] = arb->tag;
- tagBytes = 1;
-
- if (length < 0x80) {
- if ((arb->tag & DER_CONSTRUCTED) && (arb->length == 0))
- header[tagBytes] = 0x80; /* indefinite length form */
- else
- header[tagBytes] = arb->length;
- lengthBytes = 1;
- } else {
- int i;
- lengthBytes = 0;
- for (i = 0; i < 4; i++) {
- if ((length & 0xFF000000) || (lengthBytes > 0)) {
- header[tagBytes + lengthBytes + 1] = length >> 24;
- lengthBytes++;
- }
- length <<= 8;
- }
- header[tagBytes] = 0x80 + lengthBytes;
- lengthBytes++; /* allow for the room for the length length */
- }
- return tagBytes + lengthBytes;
-}
-
-SECStatus BER_Unparse(SECArb *arb, BERUnparseProc proc, void *instance)
-{
- int i, length;
- SECStatus rv;
- unsigned char header[12];
-
- length = PackHeader(arb, header);
- rv = (*proc)(instance, header, length, arb);
- if (rv) return rv;
-
- if (arb->tag & DER_CONSTRUCTED) {
- for (i = 0; i < arb->body.cons.numSubs; i++) {
- rv = BER_Unparse(arb->body.cons.subs[i], proc, instance);
- if (rv) return rv;
- }
- if (arb->length == 0) {
- rv = (*proc)(instance, "\0\0", 2, arb);
- if (rv) return rv;
- }
- } else {
- if ((arb->length > 0) && (arb->body.item.data == NULL))
- return SECFailure;
- if (arb->length != arb->body.item.len)
- return SECFailure;
- rv = (*proc)(instance, arb->body.item.data, arb->length, arb);
- }
- return SECSuccess;
-}
-
-static int ResolveLength(SECArb *arb)
-{
- int length, i, rv;
- unsigned char header[12];
-
- /*
- * One theory is that there might be valid subtrees along with
- * still yet uknown length trees. That would imply that the scan
- * should not be aborted on first failure.
- */
-
- length = PackHeader(arb, header);
- if (arb->tag | DER_CONSTRUCTED) {
- if (arb->length > 0)
- length += arb->length;
- else {
- for (i = 0; i < arb->body.cons.numSubs; i++) {
- rv = ResolveLength(arb->body.cons.subs[i]);
- if (rv < 0) return -1;
- length += rv;
- }
- arb->length = length;
- }
- } else {
- if (arb->length != arb->body.item.len)
- return -1;
- length += arb->length;
- }
- return length;
-}
-
-SECStatus BER_ResolveLengths(SECArb *arb)
-{
- int rv;
- rv = ResolveLength(arb);
- if (rv < 0) return SECFailure;
- return SECSuccess;
-}
diff --git a/security/nss/cmd/lib/secerror.c b/security/nss/cmd/lib/secerror.c
deleted file mode 100644
index 3cfe28b50..000000000
--- a/security/nss/cmd/lib/secerror.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "nspr.h"
-
-struct tuple_str {
- PRErrorCode errNum;
- const char * errString;
-};
-
-typedef struct tuple_str tuple_str;
-
-#define ER2(a,b) {a, b},
-#define ER3(a,b,c) {a, c},
-
-#include "secerr.h"
-#include "sslerr.h"
-
-const tuple_str errStrings[] = {
-
-/* keep this list in asceding order of error numbers */
-#include "SSLerrs.h"
-#include "SECerrs.h"
-#include "NSPRerrs.h"
-
-};
-
-const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
-
-/* Returns a UTF-8 encoded constant error string for "errNum".
- * Returns NULL of errNum is unknown.
- */
-const char *
-SECU_Strerror(PRErrorCode errNum) {
- PRInt32 low = 0;
- PRInt32 high = numStrings - 1;
- PRInt32 i;
- PRErrorCode num;
- static int initDone;
-
- /* make sure table is in ascending order.
- * binary search depends on it.
- */
- if (!initDone) {
- PRErrorCode lastNum = 0x80000000;
- for (i = low; i <= high; ++i) {
- num = errStrings[i].errNum;
- if (num <= lastNum) {
- fprintf(stderr,
-"sequence error in error strings at item %d\n"
-"error %d (%s)\n"
-"should come after \n"
-"error %d (%s)\n",
- i, lastNum, errStrings[i-1].errString,
- num, errStrings[i].errString);
- }
- lastNum = num;
- }
- initDone = 1;
- }
-
- /* Do binary search of table. */
- while (low + 1 < high) {
- i = (low + high) / 2;
- num = errStrings[i].errNum;
- if (errNum == num)
- return errStrings[i].errString;
- if (errNum < num)
- high = i;
- else
- low = i;
- }
- if (errNum == errStrings[low].errNum)
- return errStrings[low].errString;
- if (errNum == errStrings[high].errNum)
- return errStrings[high].errString;
- return NULL;
-}
diff --git a/security/nss/cmd/lib/secpwd.c b/security/nss/cmd/lib/secpwd.c
deleted file mode 100644
index b2edcaed2..000000000
--- a/security/nss/cmd/lib/secpwd.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "secutil.h"
-
-/*
- * NOTE: The contents of this file are NOT used by the client.
- * (They are part of the security library as a whole, but they are
- * NOT USED BY THE CLIENT.) Do not change things on behalf of the
- * client (like localizing strings), or add things that are only
- * for the client (put them elsewhere).
- */
-
-
-#ifdef XP_UNIX
-#include <termios.h>
-#endif
-
-#ifdef _WINDOWS
-#include <conio.h>
-#define QUIET_FGETS quiet_fgets
-static int quiet_fgets (char *buf, int length, FILE *input);
-#else
-#define QUIET_FGETS fgets
-#endif
-
-static void echoOff(int fd)
-{
-#ifdef XP_UNIX
- if (isatty(fd)) {
- struct termios tio;
- tcgetattr(fd, &tio);
- tio.c_lflag &= ~ECHO;
- tcsetattr(fd, TCSAFLUSH, &tio);
- }
-#endif
-}
-
-static void echoOn(int fd)
-{
-#ifdef XP_UNIX
- if (isatty(fd)) {
- struct termios tio;
- tcgetattr(fd, &tio);
- tio.c_lflag |= ECHO;
- tcsetattr(fd, TCSAFLUSH, &tio);
- }
-#endif
-}
-
-char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
- PRBool (*ok)(char *))
-{
- char phrase[200];
- int infd = fileno(input);
- int isTTY = isatty(infd);
- for (;;) {
- /* Prompt for password */
- if (isTTY) {
- fprintf(output, "%s", prompt);
- fflush (output);
- echoOff(infd);
- }
-
- QUIET_FGETS ( phrase, sizeof(phrase), input);
-
- if (isTTY) {
- fprintf(output, "\n");
- echoOn(infd);
- }
-
- /* stomp on newline */
- phrase[PORT_Strlen(phrase)-1] = 0;
-
- /* Validate password */
- if (!(*ok)(phrase)) {
- /* Not weird enough */
- if (!isTTY) return 0;
- fprintf(output, "Password must be at least 8 characters long with one or more\n");
- fprintf(output, "non-alphabetic characters\n");
- continue;
- }
- return (char*) PORT_Strdup(phrase);
- }
-}
-
-
-
-PRBool SEC_CheckPassword(char *cp)
-{
- int len;
- char *end;
-
- len = PORT_Strlen(cp);
- if (len < 8) {
- return PR_FALSE;
- }
- end = cp + len;
- while (cp < end) {
- unsigned char ch = *cp++;
- if (!((ch >= 'A') && (ch <= 'Z')) &&
- !((ch >= 'a') && (ch <= 'z'))) {
- /* pass phrase has at least one non alphabetic in it */
- return PR_TRUE;
- }
- }
- return PR_FALSE;
-}
-
-PRBool SEC_BlindCheckPassword(char *cp)
-{
- if (cp != NULL) {
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-/* Get a password from the input terminal, without echoing */
-
-#ifdef _WINDOWS
-static int quiet_fgets (char *buf, int length, FILE *input)
- {
- int c;
- char *end = buf;
-
- /* fflush (input); */
- memset (buf, 0, length);
-
- if (input != stdin) {
- return fgets(buf,length,input);
- }
-
- while (1)
- {
- c = getch();
-
- if (c == '\b')
- {
- if (end > buf)
- end--;
- }
-
- else if (--length > 0)
- *end++ = c;
-
- if (!c || c == '\n' || c == '\r')
- break;
- }
-
- return 0;
- }
-#endif
diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
deleted file mode 100644
index cb2112bdf..000000000
--- a/security/nss/cmd/lib/secutil.c
+++ /dev/null
@@ -1,3196 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
-** secutil.c - various functions used by security stuff
-**
-*/
-
-#include "prtypes.h"
-#include "prtime.h"
-#include "prlong.h"
-#include "prerror.h"
-#include "prprf.h"
-#include "plgetopt.h"
-
-#include "secutil.h"
-#include "secpkcs7.h"
-#include <sys/stat.h>
-#include <stdarg.h>
-
-#ifdef XP_UNIX
-#include <unistd.h>
-#endif
-
-/* for SEC_TraverseNames */
-#include "cert.h"
-#include "certt.h"
-#include "certdb.h"
-#include "cdbhdl.h"
-
-#include "secmod.h"
-#include "pk11func.h"
-#include "secoid.h"
-#include "blapi.h" /* for RNG_RNGInit */
-
-static char consoleName[] = {
-#ifdef XP_UNIX
- "/dev/tty"
-#else
- "CON:"
-#endif
-};
-
-char *
-SECU_GetString(int16 error_number)
-{
-
- static char errString[80];
- sprintf(errString, "Unknown error string (%d)", error_number);
- return errString;
-}
-
-void
-SECU_PrintError(char *progName, char *msg, ...)
-{
- va_list args;
- PRErrorCode err = PORT_GetError();
- const char * errString = SECU_Strerror(err);
-
- va_start(args, msg);
-
- fprintf(stderr, "%s: ", progName);
- vfprintf(stderr, msg, args);
- if (errString != NULL && PORT_Strlen(errString) > 0)
- fprintf(stderr, ": %s\n", errString);
- else
- fprintf(stderr, "\n");
-
- va_end(args);
-}
-
-void
-SECU_PrintSystemError(char *progName, char *msg, ...)
-{
- va_list args;
-
- va_start(args, msg);
- fprintf(stderr, "%s: ", progName);
- vfprintf(stderr, msg, args);
- fprintf(stderr, ": %s\n", strerror(errno));
- va_end(args);
-}
-
-static void
-secu_ClearPassword(char *p)
-{
- if (p) {
- PORT_Memset(p, 0, PORT_Strlen(p));
- PORT_Free(p);
- }
-}
-
-static SECItem *
-secu_GetZeroLengthPassword(SECKEYKeyDBHandle *handle)
-{
- SECItem *pwitem;
- SECStatus rv;
-
- /* hash the empty string as a password */
- pwitem = SECKEY_DeriveKeyDBPassword(handle, "");
- if (pwitem == NULL) {
- return NULL;
- }
-
- /* check to see if this is the right password */
- rv = SECKEY_CheckKeyDBPassword(handle, pwitem);
- if (rv == SECFailure) {
- return NULL;
- }
-
- return pwitem;
-}
-
-char *
-SECU_GetPasswordString(void *arg, char *prompt)
-{
-#ifndef _WINDOWS
- char *p = NULL;
- FILE *input, *output;
-
- /* open terminal */
- input = fopen(consoleName, "r");
- if (input == NULL) {
- fprintf(stderr, "Error opening input terminal for read\n");
- return NULL;
- }
-
- output = fopen(consoleName, "w");
- if (output == NULL) {
- fprintf(stderr, "Error opening output terminal for write\n");
- return NULL;
- }
-
- p = SEC_GetPassword (input, output, prompt, SEC_BlindCheckPassword);
-
-
- fclose(input);
- fclose(output);
-
- return p;
-
-#else
- /* Win32 version of above. opening the console may fail
- on windows95, and certainly isn't necessary.. */
-
- char *p = NULL;
-
- p = SEC_GetPassword (stdin, stdout, prompt, SEC_BlindCheckPassword);
- return p;
-
-#endif
-}
-
-SECItem *
-SECU_GetPassword(void *arg, SECKEYKeyDBHandle *handle)
-{
- char *p = NULL;
- SECStatus rv;
- SECItem *pwitem;
-
- /* Check to see if zero length password or not */
- pwitem = secu_GetZeroLengthPassword(handle);
- if (pwitem) {
- return pwitem;
- }
-
- p = SECU_GetPasswordString(arg,"Password: ");
-
- /* Check to see if zero length password or not */
- pwitem = secu_GetZeroLengthPassword(handle);
- if (pwitem) {
- return pwitem;
- }
- /* hash the password */
- pwitem = SECKEY_DeriveKeyDBPassword(handle, p);
-
- /* clear out the password strings */
- secu_ClearPassword(p);
-
-
- if ( pwitem == NULL ) {
- fprintf(stderr, "Error hashing password\n");
- return NULL;
- }
-
- /* confirm the password */
- rv = SECKEY_CheckKeyDBPassword(handle, pwitem);
- if (rv) {
- fprintf(stderr, "Sorry\n");
- SECITEM_ZfreeItem(pwitem, PR_TRUE);
- return NULL;
- }
-
- return pwitem;
-}
-
-/*
- * p a s s w o r d _ h a r d c o d e
- *
- * A function to use the password passed in the -f(pwfile) argument
- * of the command line.
- * After use once, null it out otherwise PKCS11 calls us forever.?
- *
- */
-char *
-SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
-{
- unsigned char phrase[200];
- PRFileDesc *fd;
- PRInt32 nb;
- char *pwFile = arg;
-
- if (!pwFile)
- return 0;
-
- if (retry) {
- return 0; /* no good retrying - the files contents will be the same */
- }
-
- fd = PR_Open(pwFile, PR_RDONLY, 0);
- if (!fd) {
- fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
- return NULL;
- }
-
- nb = PR_Read(fd, phrase, sizeof(phrase));
-
- PR_Close(fd);
- /* handle the Windows EOL case */
- if ((nb > 2) && (phrase[nb-2] == '\r') ) nb--;
- if (phrase[nb-1] == '\n') {
- phrase[nb-1] = '\0';
- if (nb == 0) {
- fprintf(stderr,"password file contains no data\n");
- return NULL;
- } else {
- return (char*) PORT_Strdup((char*)phrase);
- }
- }
- return (char*) PORT_Strdup((char*)phrase);
-}
-
-char *
-SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
-{
- char prompt[255];
- secuPWData *pwdata = arg;
- secuPWData pwnull = { PW_NONE, 0 };
-
- if (arg == NULL)
- pwdata = &pwnull;
-
- if (retry && pwdata->source != PW_NONE) {
- PR_fprintf(PR_STDERR, "incorrect password entered at command line.\n");
- return NULL;
- }
-
- sprintf(prompt, "Enter Password or Pin for \"%s\":",
- PK11_GetTokenName(slot));
-
- switch (pwdata->source) {
- case PW_NONE:
- return SECU_GetPasswordString(NULL, prompt);
- case PW_FROMFILE:
- return SECU_FilePasswd(slot, retry, pwdata->data);
- case PW_PLAINTEXT:
- return PL_strdup(arg);
- default:
- break;
- }
-
- return NULL;
-}
-
-char *
-secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
-{
- char *p0 = NULL;
- char *p1 = NULL;
- FILE *input, *output;
- secuPWData *pwdata = arg;
-
- if (pwdata->source == PW_NONE) {
- /* open terminal */
-#ifdef _WINDOWS
- input = stdin;
-#else
- input = fopen(consoleName, "r");
- if (input == NULL) {
- PR_fprintf(PR_STDERR, "Error opening input terminal for read\n");
- return NULL;
- }
-#endif
-
- /* we have no password, so initialize database with one */
- PR_fprintf(PR_STDERR,
- "In order to finish creating your database, you\n");
- PR_fprintf(PR_STDERR, "must enter a password which will be used to\n");
- PR_fprintf(PR_STDERR, "encrypt this key and any future keys.\n\n");
- PR_fprintf(PR_STDERR,
- "The password must be at least 8 characters long,\n");
- PR_fprintf(PR_STDERR, "and must contain at least one non-alphabetic ");
- PR_fprintf(PR_STDERR, "character.\n\n");
- } else if (pwdata->source == PW_FROMFILE) {
- input = fopen(pwdata->data, "r");
- if (input == NULL) {
- PR_fprintf(PR_STDERR, "Error opening \"%s\" for read\n",
- pwdata->data);
- return NULL;
- }
- } else {
- p0 = PL_strdup(pwdata->data);
- }
-
- output = fopen(consoleName, "w");
- if (output == NULL) {
- PR_fprintf(PR_STDERR, "Error opening output terminal for write\n");
- return NULL;
- }
-
-
- for (;;) {
- if (!p0) {
- p0 = SEC_GetPassword(input, output, "Enter new password: ",
- SEC_BlindCheckPassword);
- }
- if (pwdata->source == PW_NONE) {
- p1 = SEC_GetPassword(input, output, "Re-enter password: ",
- SEC_BlindCheckPassword);
- }
- if (pwdata->source != PW_NONE || (PORT_Strcmp(p0, p1) == 0)) {
- break;
- }
- PR_fprintf(PR_STDERR, "Passwords do not match. Try again.\n");
- }
-
- /* clear out the duplicate password string */
- secu_ClearPassword(p1);
-
- fclose(input);
- fclose(output);
-
- return p0;
-}
-
-SECStatus
-SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile)
-{
- SECStatus rv;
- secuPWData pwdata, newpwdata;
- char *oldpw = NULL, *newpw = NULL;
-
- if (passwd) {
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = passwd;
- } else if (pwFile) {
- pwdata.source = PW_FROMFILE;
- pwdata.data = pwFile;
- } else {
- pwdata.source = PW_NONE;
- pwdata.data = NULL;
- }
-
- if (PK11_NeedUserInit(slot)) {
- newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata);
- rv = PK11_InitPin(slot, (char*)NULL, newpw);
- goto done;
- }
-
- for (;;) {
- oldpw = SECU_GetModulePassword(slot, PR_FALSE, &pwdata);
-
- if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
- if (pwdata.source == PW_NONE) {
- PR_fprintf(PR_STDERR, "Invalid password. Try again.\n");
- } else {
- PR_fprintf(PR_STDERR, "Invalid password.\n");
- PORT_Memset(oldpw, 0, PL_strlen(oldpw));
- PORT_Free(oldpw);
- return SECFailure;
- }
- } else
- break;
-
- PORT_Free(oldpw);
- }
-
- newpwdata.source = PW_NONE;
- newpwdata.data = NULL;
-
- newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata);
-
- if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
- PR_fprintf(PR_STDERR, "Failed to change password.\n");
- return SECFailure;
- }
-
- PORT_Memset(oldpw, 0, PL_strlen(oldpw));
- PORT_Free(oldpw);
-
- PR_fprintf(PR_STDOUT, "Password changed successfully.\n");
-
-done:
- PORT_Memset(newpw, 0, PL_strlen(newpw));
- PORT_Free(newpw);
- return SECSuccess;
-}
-
-struct matchobj {
- SECItem index;
- char *nname;
- PRBool found;
-};
-
-
-static SECStatus
-secu_match_nickname(DBT *k, DBT *d, void *pdata)
-{
- struct matchobj *match;
- unsigned char *buf;
- char *nname;
- int nnlen;
-
- match = (struct matchobj *)pdata;
- buf = (unsigned char *)d->data;
-
- if (match->found == PR_TRUE)
- return SECSuccess;
-
- nnlen = buf[2];
- nname = (char *)(buf + 3 + buf[1]);
- if (PORT_Strncmp(match->nname, nname, nnlen) == 0) {
- match->index.len = k->size;
- match->index.data = PORT_ZAlloc(k->size + 1);
- PORT_Memcpy(match->index.data, k->data, k->size);
- match->found = PR_TRUE;
- }
- return SECSuccess;
-}
-
-SECItem *
-SECU_GetKeyIDFromNickname(char *name)
-{
- struct matchobj match;
- SECKEYKeyDBHandle *handle;
- SECItem *keyid;
-
- match.nname = name;
- match.found = PR_FALSE;
-
- handle = SECKEY_GetDefaultKeyDB();
-
- SECKEY_TraverseKeys(handle, secu_match_nickname, &match);
-
- if (match.found == PR_FALSE)
- return NULL;
-
- keyid = SECITEM_DupItem(&match.index);
- return keyid;
-}
-
-PRBool
-SECU_CheckKeyNameExists(SECKEYKeyDBHandle *handle, char *nickname)
-{
- SECItem *keyid;
-
- keyid = SECU_GetKeyIDFromNickname(nickname);
- if(keyid == NULL)
- return PR_FALSE;
- SECITEM_FreeItem(keyid, PR_TRUE);
- return PR_TRUE;
-}
-
-SECKEYPrivateKey *
-SECU_FindPrivateKeyFromNickname(char *name)
-{
- SECItem * keyid;
- SECKEYPrivateKey *key;
- PK11SlotInfo * slot = PK11_GetInternalKeySlot();
- SECStatus rv;
-
- keyid = SECU_GetKeyIDFromNickname(name);
- if (keyid == NULL)
- return NULL;
-
- PK11_SetPasswordFunc(SECU_GetModulePassword);
- if(PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot,NULL)) {
- rv = PK11_DoPassword(slot, PR_TRUE, NULL);
- if (rv != SECSuccess)
- return NULL;
- }
-
- key = PK11_FindKeyByKeyID(slot, keyid, NULL);
- SECITEM_FreeItem(keyid, PR_TRUE);
- return key;
-}
-
-SECKEYLowPrivateKey *
-SECU_FindLowPrivateKeyFromNickname(char *name)
-{
- SECItem *keyID;
- SECKEYLowPrivateKey *key;
-
- keyID = SECU_GetKeyIDFromNickname(name);
- if (keyID == NULL)
- return NULL;
-
- key = SECKEY_FindKeyByPublicKey(SECKEY_GetDefaultKeyDB(), keyID,
- SECU_GetPassword, NULL);
- SECITEM_FreeItem(keyID, PR_TRUE);
- return key;
-}
-
-SECStatus
-SECU_DeleteKeyByName(SECKEYKeyDBHandle *handle, char *nickname)
-{
- SECItem *keyID = NULL;
- SECStatus rv;
-
- keyID = SECU_GetKeyIDFromNickname(nickname);
- if (keyID == NULL)
- return SECFailure;
-
- rv = SECKEY_DeleteKey(handle, keyID);
- SECITEM_FreeItem(keyID, PR_TRUE);
-
- return rv;
-}
-
-SECKEYLowPrivateKey *
-SECU_GetPrivateKey(SECKEYKeyDBHandle *handle, char *nickname)
-{
- return SECU_FindLowPrivateKeyFromNickname(nickname);
-}
-
-SECStatus
-SECU_ChangeKeyDBPassword(SECKEYKeyDBHandle *handle)
-{
- static SECItem *newpwitem, *oldpwitem;
- char *p0 = 0;
- char *p1 = 0;
- int isTTY;
- SECStatus rv;
- int failed = 0;
- FILE *input, *output;
- PRBool newdb = PR_FALSE;
-
- if (SECKEY_HasKeyDBPassword(handle) == SECFailure) {
- fprintf(stderr, "Database not initialized. Setting password.\n");
- newdb = PR_TRUE;
- }
-
- /* check for password file */
- /*
- if (newdb && pwFile != NULL) {
- p0 = SECU_FilePasswd(NULL, 0, NULL);
- goto pwfinish;
- }
- */
-
- /* check if old password is empty string */
- oldpwitem = secu_GetZeroLengthPassword(handle);
-
- /* open terminal */
-#ifdef _WINDOWS
- input = stdin;
-#else
- input = fopen(consoleName, "r");
- if (input == NULL) {
- fprintf(stderr, "Error opening input terminal\n");
- return SECFailure;
- }
-#endif
-
- output = fopen(consoleName, "w");
- if (output == NULL) {
- fprintf(stderr, "Error opening output terminal\n");
- return SECFailure;
- }
-
- /* if old password is not zero length, ask for new password */
- if ((newdb == PR_FALSE) && (oldpwitem == NULL)) {
- p0 = SEC_GetPassword(input, output, "Old Password: ",
- SEC_BlindCheckPassword);
-
- oldpwitem = SECKEY_DeriveKeyDBPassword(handle, p0);
- secu_ClearPassword(p0);
-
- if (oldpwitem == NULL) {
- fprintf(stderr, "Error hashing password\n");
- fclose(input);
- fclose(output);
- return SECFailure;
- }
-
- rv = SECKEY_CheckKeyDBPassword(handle, oldpwitem);
- if (rv) {
- fprintf(stderr, "Sorry\n");
- SECITEM_ZfreeItem(oldpwitem, PR_TRUE);
- fclose(input);
- fclose(output);
- return SECFailure;
- }
- }
-
- isTTY = isatty(0);
- for (;;) {
- p0 = SEC_GetPassword(input, output, "Enter new password: ",
- SEC_BlindCheckPassword);
- if (isTTY) {
- p1 = SEC_GetPassword(input, output, "Re-enter password: ",
- SEC_BlindCheckPassword);
- }
-
- if (!isTTY || ( PORT_Strcmp(p0, p1) == 0) ) {
- break;
- }
- fprintf(stderr, "Passwords do not match. Try again.\n");
- }
-
- newpwitem = SECKEY_DeriveKeyDBPassword(handle, p0);
-
- /*
- fclose(input);
- fclose(output);
- */
-
- pwfinish:
-
- secu_ClearPassword(p0);
- secu_ClearPassword(p1);
-
- if (newpwitem == NULL) {
- fprintf(stderr, "Error hashing new password\n");
- SECITEM_ZfreeItem(oldpwitem, PR_TRUE);
- fclose(input);
- fclose(output);
- return SECFailure;
- }
-
- if (newdb == PR_TRUE) {
- rv = SECKEY_SetKeyDBPassword(handle, newpwitem);
- if (rv) {
- fprintf(stderr, "Error setting database password\n");
- failed = 1;
- }
- } else {
- rv = SECKEY_ChangeKeyDBPassword(handle, oldpwitem, newpwitem);
- if (rv) {
- fprintf(stderr, "Error changing database password\n");
- failed = 1;
- }
- }
-
- SECITEM_ZfreeItem(newpwitem, PR_TRUE);
- SECITEM_ZfreeItem(oldpwitem, PR_TRUE);
-
- if (input != stdin) fclose(input);
- fclose(output);
-
- if (failed) {
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-#ifdef notdef
-static SECItem *
-secu_GetDonglePassword(void *arg, SECKEYKeyDBHandle *handle)
-{
- SECItem *pwitem;
- char *p = NULL;
- char *pathname;
- SECStatus rv;
- int fd;
-
- pathname = (char *)arg;
-
- fd = open((char *)pathname, O_RDONLY);
- if (!fd) {
- fprintf(stderr, "Unable to open dongle file \"%s\".\n", (char *)arg);
- }
-
- p = SEC_ReadDongleFile(fd);
- if (!p) {
- fprintf(stderr, "Unable to obtain dongle password\n");
- }
-
- /* check if we need to update the key database */
- if ( handle->version < PRIVATE_KEY_DB_FILE_VERSION ) {
- SECKEY_UpdateKeyDB(handle, p);
- }
-
- /* hash the password */
- pwitem = SECKEY_DeriveKeyDBPassword(handle, p);
-
- /* clear out the password strings */
- secu_ClearPassword(p);
-
- if (pwitem == NULL) {
- fprintf(stderr, "Error hashing password\n");
- return NULL;
- }
-
- /* confirm the password */
- rv = SECKEY_CheckKeyDBPassword(handle, pwitem);
- if (rv) {
- fprintf(stderr, "Sorry, dongle password is invalid\n");
- SECITEM_ZfreeItem(pwitem, PR_TRUE);
- return NULL;
- }
-
- return pwitem;
-}
-
-SECKEYPrivateKey *
-SECU_GetPrivateDongleKey(SECKEYKeyDBHandle *handle, char *nickname,
- char *pathname)
-{
- SECKEYPrivateKey *key;
- char *fullpath;
- int rv;
-
- fullpath = SECU_AppendFilenameToDir(pathname, "dongle");
-
- /* If dongle file doesn't exist, prompt for password */
- rv = access(fullpath, R_OK);
- if (rv < 0) {
- return SECU_GetPrivateKey(handle, nickname);
- }
-
- /* try dongle file */
- key = SECKEY_FindKeyByName(handle, nickname, secu_GetDonglePassword,
- fullpath);
-
- /* if no key, maybe dongle is broken, so prompt for password */
- if (key == NULL) {
- key = SECU_GetPrivateKey(handle, nickname);
- }
-
- return key;
-}
-#endif
-
-char *
-SECU_DefaultSSLDir(void)
-{
- char *dir;
- static char sslDir[1000];
-
- dir = getenv("SSL_DIR");
- if (!dir)
- return NULL;
-
- sprintf(sslDir, "%s", dir);
-
- if (sslDir[strlen(sslDir)-1] == '/')
- sslDir[strlen(sslDir)-1] = 0;
-
- return sslDir;
-}
-
-char *
-SECU_AppendFilenameToDir(char *dir, char *filename)
-{
- static char path[1000];
-
- if (dir[strlen(dir)-1] == '/')
- sprintf(path, "%s%s", dir, filename);
- else
- sprintf(path, "%s/%s", dir, filename);
- return path;
-}
-
-char *
-SECU_ConfigDirectory(const char* base)
-{
- static PRBool initted = PR_FALSE;
- const char *dir = ".netscape";
- char *home;
- static char buf[1000];
-
- if (initted) return buf;
-
-
- if (base == NULL || *base == 0) {
- home = getenv("HOME");
- if (!home) home = "";
-
- if (*home && home[strlen(home) - 1] == '/')
- sprintf (buf, "%.900s%s", home, dir);
- else
- sprintf (buf, "%.900s/%s", home, dir);
- } else {
- sprintf(buf, "%.900s", base);
- if (buf[strlen(buf) - 1] == '/')
- buf[strlen(buf) - 1] = 0;
- }
-
-
- initted = PR_TRUE;
- return buf;
-}
-
-char *
-SECU_CertDBNameCallback(void *arg, int dbVersion)
-{
- char *fnarg;
- char *dir;
- char *filename;
-
- dir = SECU_ConfigDirectory(NULL);
-
- switch ( dbVersion ) {
- case 7:
- fnarg = "7";
- break;
- case 6:
- fnarg = "6";
- break;
- case 5:
- fnarg = "5";
- break;
- case 4:
- default:
- fnarg = "";
- break;
- }
- filename = PR_smprintf("%s/cert%s.db", dir, fnarg);
- return(filename);
-}
-
-char *
-SECU_KeyDBNameCallback(void *arg, int dbVersion)
-{
- char *fnarg;
- char *dir;
- char *filename;
- struct stat fd;
-
- dir = SECU_ConfigDirectory(NULL);
-
- if (stat(dir, &fd) != 0) {
- fprintf(stderr, "No directory \"%s\" exists.\n", dir);
- return NULL;
- }
-
-
- switch ( dbVersion ) {
- case 3:
- fnarg = "3";
- break;
- case 2:
- default:
- fnarg = "";
- break;
- }
- filename = PR_smprintf("%s/key%s.db", dir, fnarg);
- return(filename);
-}
-
-char *
-SECU_SECModDBName(void)
-{
- char *dir;
- char *filename;
-
- dir = SECU_ConfigDirectory(NULL);
-
- filename = PR_smprintf("%s/secmod.db", dir);
- return(filename);
-}
-
-SECKEYKeyDBHandle *
-SECU_OpenKeyDB(PRBool readOnly)
-{
- SECKEYKeyDBHandle *handle;
-
- handle = SECKEY_OpenKeyDB(readOnly, SECU_KeyDBNameCallback, NULL);
- SECKEY_SetDefaultKeyDB(handle);
-
- return(handle);
-}
-
-CERTCertDBHandle *
-SECU_OpenCertDB(PRBool readOnly)
- /* NOTE: This routine has been modified to allow the libsec/pcertdb.c
- * routines to automatically find and convert the old cert database
- * into the new v3.0 format (cert db version 5).
- */
-{
- CERTCertDBHandle *certHandle;
- SECStatus rv;
-
- /* Allocate a handle to fill with CERT_OpenCertDB below */
- certHandle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle));
- if (!certHandle) {
- return NULL;
- }
-
- rv = CERT_OpenCertDB(certHandle, readOnly, SECU_CertDBNameCallback, NULL);
-
- if (rv) {
- if (certHandle)
- PORT_Free (certHandle);
- /* we don't want to leave anything behind... */
- return NULL;
- } else {
- CERT_SetDefaultCertDB(certHandle);
- }
-
- return certHandle;
-}
-
-/*Turn off SSL for now */
-/* This gets called by SSL when server wants our cert & key */
-int
-SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
- struct CERTDistNamesStr *caNames,
- struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey)
-{
- SECKEYPrivateKey *key;
- CERTCertificate *cert;
- int errsave;
-
- if (arg == NULL) {
- fprintf(stderr, "no key/cert name specified for client auth\n");
- return -1;
- }
- cert = PK11_FindCertFromNickname(arg, NULL);
- errsave = PORT_GetError();
- if (!cert) {
- if (errsave == SEC_ERROR_BAD_PASSWORD)
- fprintf(stderr, "Bad password\n");
- else if (errsave > 0)
- fprintf(stderr, "Unable to read cert (error %d)\n", errsave);
- else if (errsave == SEC_ERROR_BAD_DATABASE)
- fprintf(stderr, "Unable to get cert from database (%d)\n", errsave);
- else
- fprintf(stderr, "SECKEY_FindKeyByName: internal error %d\n", errsave);
- return -1;
- }
-
- key = PK11_FindKeyByAnyCert(arg,NULL);
- if (!key) {
- fprintf(stderr, "Unable to get key (%d)\n", PORT_GetError());
- return -1;
- }
-
-
- *pRetCert = cert;
- *pRetKey = key;
-
- return 0;
-}
-
-SECStatus
-secu_StdinToItem(SECItem *dst)
-{
- unsigned char buf[1000];
- PRInt32 numBytes;
- PRBool notDone = PR_TRUE;
-
- dst->len = 0;
- dst->data = NULL;
-
- while (notDone) {
- numBytes = PR_Read(PR_STDIN, buf, sizeof(buf));
-
- if (numBytes < 0) {
- PORT_SetError(PR_IO_ERROR);
- return SECFailure;
- }
-
- if (numBytes == 0)
- break;
-
- if (buf[numBytes-1] == '\n') {
- buf[numBytes-1] = '\0';
- notDone = PR_FALSE;
- }
-
- if (dst->data) {
- dst->data = (unsigned char*)PORT_Realloc(dst->data,
- dst->len+numBytes);
- PORT_Memcpy(dst->data+dst->len, buf, numBytes);
- } else {
- dst->data = (unsigned char*)PORT_Alloc(numBytes);
- PORT_Memcpy(dst->data, buf, numBytes);
- }
- dst->len += numBytes;
- }
-
- return SECSuccess;
-}
-
-SECStatus
-SECU_FileToItem(SECItem *dst, PRFileDesc *src)
-{
- PRFileInfo info;
- PRInt32 numBytes;
- PRStatus prStatus;
-
- if (src == PR_STDIN)
- return secu_StdinToItem(dst);
-
- prStatus = PR_GetOpenFileInfo(src, &info);
-
- if (prStatus != PR_SUCCESS) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
-
- dst->len = info.size;
- dst->data = (unsigned char*) PORT_Alloc(dst->len);
- if (!dst->data) {
- return SECFailure;
- }
-
- numBytes = PR_Read(src, dst->data, dst->len);
- if (numBytes != dst->len) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-SECStatus
-SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
-{
- SECStatus rv;
- char *asc, *body, *trailer;
- if (ascii) {
- /* First convert ascii to binary */
- SECItem filedata;
-
- /* Read in ascii data */
- rv = SECU_FileToItem(&filedata, inFile);
- asc = filedata.data;
- if (!asc) {
- fprintf(stderr, "unable to read data from input file\n");
- return SECFailure;
- }
-
- /* check for headers and trailers and remove them */
- if ((body = strstr(asc, "-----BEGIN")) != NULL) {
- body = PORT_Strchr(body, '\n') + 1;
- trailer = strstr(body, "-----END");
- if (trailer != NULL) {
- *trailer = '\0';
- } else {
- fprintf(stderr, "input has header but no trailer\n");
- return SECFailure;
- }
- } else {
- body = asc;
- }
-
- /* Convert to binary */
- rv = ATOB_ConvertAsciiToItem(der, body);
- if (rv) {
- fprintf(stderr, "error converting ascii to binary (%s)\n",
- SECU_Strerror(PORT_GetError()));
- return SECFailure;
- }
- PORT_Free(asc);
- } else {
- /* Read in binary der */
- rv = SECU_FileToItem(der, inFile);
- if (rv) {
- fprintf(stderr, "error converting der (%s)\n",
- SECU_Strerror(PORT_GetError()));
- return SECFailure;
- }
- }
- return SECSuccess;
-}
-
-#define INDENT_MULT 4
-void
-SECU_Indent(FILE *out, int level)
-{
- int i;
- for (i = 0; i < level; i++) {
- fprintf(out, " ");
- }
-}
-
-static void secu_Newline(FILE *out)
-{
- fprintf(out, "\n");
-}
-
-void
-SECU_PrintAsHex(FILE *out, SECItem *data, char *m, int level)
-{
- unsigned i;
- int column;
-
- if ( m ) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- level++;
- }
-
- SECU_Indent(out, level); column = level*INDENT_MULT;
- for (i = 0; i < data->len; i++) {
- if (i != data->len - 1) {
- fprintf(out, "%02x:", data->data[i]);
- column += 4;
- } else {
- fprintf(out, "%02x", data->data[i]);
- column += 3;
- break;
- }
- if (column > 76) {
- secu_Newline(out);
- SECU_Indent(out, level); column = level*INDENT_MULT;
- }
- }
- level--;
- if (column != level*INDENT_MULT) {
- secu_Newline(out);
- }
-}
-
-void
-SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level)
-{
- int iv;
-
- if (i->len > 4) {
- SECU_PrintAsHex(out, i, m, level);
- } else {
- iv = DER_GetInteger(i);
- SECU_Indent(out, level);
- if (m) {
- fprintf(out, "%s: %d (0x%x)\n", m, iv, iv);
- } else {
- fprintf(out, "%d (0x%x)\n", iv, iv);
- }
- }
-}
-
-void
-SECU_PrintString(FILE *out, SECItem *i, char *m, int level)
-{
- char *string;
- unsigned char *data = i->data;
- int len = i->len;
- int lenlen;
- int tag;
-
- string = PORT_ZAlloc(i->len+1);
-
- tag = *data++; len--;
- if (data[1] & 0x80) {
- lenlen = data[1] & 0x1f;
- } else {
- lenlen = 1;
- }
- data += lenlen; len -= lenlen;
- if (len <= 0) return;
- PORT_Memcpy(string,data,len);
-
- /* should check the validity of tag, and convert the string as necessary */
- SECU_Indent(out, level);
- if (m) {
- fprintf(out, "%s: \"%s\"\n", m, string);
- } else {
- fprintf(out, "\"%s\"\n", string);
- }
-}
-
-static void
-secu_PrintBoolean(FILE *out, SECItem *i, char *m, int level)
-{
- int val = 0;
-
- if ( i->data ) {
- val = i->data[0];
- }
-
- if (m) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", m); level++;
- }
- if ( val ) {
- SECU_Indent(out, level); fprintf(out, "%s\n", "True");
- } else {
- SECU_Indent(out, level); fprintf(out, "%s\n", "False");
- }
-}
-
-/*
- * Format and print "time". If the tag message "m" is not NULL,
- * do indent formatting based on "level" and add a newline afterward;
- * otherwise just print the formatted time string only.
- */
-static void
-secu_PrintTime(FILE *out, int64 time, char *m, int level)
-{
- PRExplodedTime printableTime;
- char *timeString;
-
- /* Convert to local time */
- PR_ExplodeTime(time, PR_GMTParameters, &printableTime);
-
- timeString = PORT_Alloc(100);
- if (timeString == NULL)
- return;
-
- if (m != NULL) {
- SECU_Indent(out, level);
- fprintf(out, "%s: ", m);
- }
-
- PR_FormatTime(timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime);
- fprintf(out, timeString);
-
- if (m != NULL)
- fprintf(out, "\n");
-
- PORT_Free(timeString);
-}
-
-/*
- * Format and print the UTC Time "t". If the tag message "m" is not NULL,
- * do indent formatting based on "level" and add a newline afterward;
- * otherwise just print the formatted time string only.
- */
-void
-SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level)
-{
- int64 time;
- SECStatus rv;
-
- rv = DER_UTCTimeToTime(&time, t);
- if (rv != SECSuccess)
- return;
-
- secu_PrintTime(out, time, m, level);
-}
-
-/*
- * Format and print the Generalized Time "t". If the tag message "m"
- * is not NULL, * do indent formatting based on "level" and add a newline
- * afterward; otherwise just print the formatted time string only.
- */
-void
-SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, int level)
-{
- int64 time;
- SECStatus rv;
-
-
- rv = DER_GeneralizedTimeToTime(&time, t);
- if (rv != SECSuccess)
- return;
-
- secu_PrintTime(out, time, m, level);
-}
-
-static void secu_PrintAny(FILE *out, SECItem *i, char *m, int level);
-
-void
-SECU_PrintSet(FILE *out, SECItem *t, char *m, int level)
-{
- int type= t->data[0] & 0x1f;
- int start;
- unsigned char *bp;
-
- SECU_Indent(out, level);
- if (m) {
- fprintf(out, "%s: ", m);
- }
- fprintf(out,"%s {\n",
- type == SEC_ASN1_SET ? "Set" : "Sequence");
-
- start = 2;
- if (t->data[1] & 0x80) {
- start = (t->data[1] & 0x7f) +1;
- }
- for (bp=&t->data[start]; bp < &t->data[t->len]; ) {
- SECItem tmp;
- unsigned int i,len,lenlen;
-
- if (bp[1] & 0x80) {
- lenlen = bp[1] & 0x1f;
- len = 0;
- for (i=0; i < lenlen; i++) {
- len = len * 255 + bp[2+i];
- }
- } else {
- lenlen = 1;
- len = bp[1];
- }
- tmp.len = len+lenlen+1;
- tmp.data = bp;
- bp += tmp.len;
- secu_PrintAny(out,&tmp,NULL,level+1);
- }
- SECU_Indent(out, level); fprintf(out, "}\n");
-
-}
-
-static void
-secu_PrintAny(FILE *out, SECItem *i, char *m, int level)
-{
- if ( i->len ) {
- switch (i->data[0] & 0x1f) {
- case SEC_ASN1_INTEGER:
- SECU_PrintInteger(out, i, m, level);
- break;
- case SEC_ASN1_OBJECT_ID:
- SECU_PrintObjectID(out, i, m, level);
- break;
- case SEC_ASN1_BOOLEAN:
- secu_PrintBoolean(out, i, m, level);
- break;
- case SEC_ASN1_UTF8_STRING:
- case SEC_ASN1_PRINTABLE_STRING:
- case SEC_ASN1_VISIBLE_STRING:
- case SEC_ASN1_BMP_STRING:
- case SEC_ASN1_IA5_STRING:
- case SEC_ASN1_T61_STRING:
- case SEC_ASN1_UNIVERSAL_STRING:
- SECU_PrintString(out, i, m, level);
- break;
- case SEC_ASN1_GENERALIZED_TIME:
- SECU_PrintGeneralizedTime(out, i, m, level);
- break;
- case SEC_ASN1_UTC_TIME:
- SECU_PrintUTCTime(out, i, m, level);
- break;
- case SEC_ASN1_NULL:
- SECU_Indent(out, level); fprintf(out, "%s: NULL\n", m);
- break;
- case SEC_ASN1_SET:
- case SEC_ASN1_SEQUENCE:
- SECU_PrintSet(out, i, m, level);
- break;
-
- default:
- SECU_PrintAsHex(out, i, m, level);
- break;
- }
- }
-}
-
-static int
-secu_PrintValidity(FILE *out, CERTValidity *v, char *m, int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintUTCTime(out, &v->notBefore, "Not Before", level+1);
- SECU_PrintUTCTime(out, &v->notAfter, "Not After", level+1);
- return 0;
-}
-
-void
-SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
-{
- char *name;
- SECOidData *oiddata;
-
- oiddata = SECOID_FindOID(oid);
- if (oiddata == NULL) {
- SECU_PrintAsHex(out, oid, m, level);
- return;
- }
- name = oiddata->desc;
-
- SECU_Indent(out, level);
- if (m != NULL)
- fprintf(out, "%s: ", m);
- fprintf(out, "%s\n", name);
-}
-
-void
-SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level)
-{
- SECU_PrintObjectID(out, &a->algorithm, m, level);
-
- if (a->parameters.len == 0
- || (a->parameters.len == 2
- && PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) {
- /* No arguments or NULL argument */
- } else {
- /* Print args to algorithm */
- SECU_PrintAsHex(out, &a->parameters, "Args", level+1);
- }
-}
-
-static void
-secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
-{
- SECItem *value;
- int i;
- char om[100];
-
- if (m) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- }
-
- /*
- * Should make this smarter; look at the type field and then decode
- * and print the value(s) appropriately!
- */
- SECU_PrintObjectID(out, &(attr->type), "Type", level+1);
- if (attr->values != NULL) {
- i = 0;
- while ((value = attr->values[i++]) != NULL) {
- sprintf(om, "Value (%d)%s", i, attr->encoded ? " (encoded)" : "");
- if (attr->encoded || attr->typeTag == NULL) {
- SECU_PrintAsHex(out, value, om, level+1);
- } else {
- switch (attr->typeTag->offset) {
- default:
- SECU_PrintAsHex(out, value, om, level+1);
- break;
- case SEC_OID_PKCS9_CONTENT_TYPE:
- SECU_PrintObjectID(out, value, om, level+1);
- break;
- case SEC_OID_PKCS9_SIGNING_TIME:
- SECU_PrintUTCTime(out, value, om, level+1);
- break;
- }
- }
- }
- }
-}
-
-static void
-secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
-{
-#if 0 /*
- * um, yeah, that might be nice, but if you look at the callers
- * you will see that they do not *set* this, so this will not work!
- * Instead, somebody needs to fix the callers to be smarter about
- * public key stuff, if that is important.
- */
- PORT_Assert(pk->keyType == rsaKey);
-#endif
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1);
- SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1);
-}
-
-static void
-secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
- SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
- SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
- SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
-}
-
-static int
-secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
- CERTSubjectPublicKeyInfo *i, char *msg, int level)
-{
- SECKEYPublicKey *pk;
- int rv;
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", msg);
- SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level+1);
-
- pk = (SECKEYPublicKey*) PORT_ZAlloc(sizeof(SECKEYPublicKey));
- if (!pk)
- return PORT_GetError();
-
- DER_ConvertBitString(&i->subjectPublicKey);
- switch(SECOID_FindOIDTag(&i->algorithm.algorithm)) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_RSAPublicKeyTemplate,
- &i->subjectPublicKey);
- if (rv)
- return rv;
- secu_PrintRSAPublicKey(out, pk, "RSA Public Key", level +1);
- break;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_DSAPublicKeyTemplate,
- &i->subjectPublicKey);
- if (rv)
- return rv;
- secu_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
- break;
- default:
- fprintf(out, "bad SPKI algorithm type\n");
- return 0;
- }
-
- return 0;
-}
-
-static SECStatus
-secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level)
-{
- SECItem decodedValue;
- SECStatus rv;
- int64 invalidTime;
- char *formattedTime = NULL;
-
- decodedValue.data = NULL;
- rv = SEC_ASN1DecodeItem (NULL, &decodedValue, SEC_GeneralizedTimeTemplate,
- value);
- if (rv == SECSuccess) {
- rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
- if (rv == SECSuccess) {
- formattedTime = CERT_GenTime2FormattedAscii
- (invalidTime, "%a %b %d %H:%M:%S %Y");
- SECU_Indent(out, level +1);
- fprintf (out, "%s: %s\n", msg, formattedTime);
- PORT_Free (formattedTime);
- }
- }
- PORT_Free (decodedValue.data);
- return (rv);
-}
-
-static SECStatus
-PrintExtKeyUsageExten (FILE *out, SECItem *value, char *msg, int level)
-{
- CERTOidSequence *os;
- SECItem **op;
-
- SECU_Indent(out, level); fprintf(out, "Extended Key Usage Extension:\n");
-
- os = CERT_DecodeOidSequence(value);
- if( (CERTOidSequence *)NULL == os ) {
- return SECFailure;
- }
-
- if( (SECItem **)NULL == op ) {
- return SECFailure;
- }
-
- for( op = os->oids; *op; op++ ) {
- SECOidData *od = SECOID_FindOID(*op);
-
- if( (SECOidData *)NULL == od ) {
- SECU_Indent(out, level+1);
- SECU_PrintAsHex(out, *op, "Unknown:", level+2);
- secu_Newline(out);
- continue;
- }
-
- SECU_Indent(out, level+1);
- if( od->desc ) fprintf(out, "%s", od->desc);
- else SECU_PrintAsHex(out, &od->oid, "", level+2);
-
- secu_Newline(out);
- }
-
- return SECSuccess;
-}
-
-char *
-itemToString(SECItem *item)
-{
- char *string;
-
- string = PORT_ZAlloc(item->len+1);
- if (string == NULL) return NULL;
- PORT_Memcpy(string,item->data,item->len);
- string[item->len] = 0;
- return string;
-}
-
-static SECStatus
-secu_PrintPolicyQualifier(FILE *out,CERTPolicyQualifier *policyQualifier,char *msg,int level)
-{
- CERTUserNotice *userNotice;
- SECItem **itemList = NULL;
- char *string;
-
- SECU_PrintObjectID(out, &policyQualifier->qualifierID ,
- "Policy Qualifier Name", level);
-
- switch (policyQualifier->oid) {
- case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
- userNotice = CERT_DecodeUserNotice(&policyQualifier->qualifierValue);
- if (userNotice) {
- if (userNotice->noticeReference.organization.len != 0) {
- string=itemToString(&userNotice->noticeReference.organization);
- itemList = userNotice->noticeReference.noticeNumbers;
- while (*itemList) {
- SECU_PrintInteger(out,*itemList,string,level+1);
- itemList++;
- }
- PORT_Free(string);
- }
- if (userNotice->displayText.len != 0) {
- SECU_PrintString(out,&userNotice->displayText,
- "Display Text", level+1);
- }
- break;
- }
- /* fall through on error */
- case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
- default:
- secu_PrintAny(out, &policyQualifier->qualifierValue, "Policy Qualifier Data", level+1);
- break;
- }
-
- return SECSuccess;
-
-}
-
-static SECStatus
-secu_PrintPolicyInfo(FILE *out,CERTPolicyInfo *policyInfo,char *msg,int level)
-{
- CERTPolicyQualifier **policyQualifiers;
-
- policyQualifiers = policyInfo->policyQualifiers;
- SECU_PrintObjectID(out, &policyInfo->policyID , "Policy Name", level);
-
- while (*policyQualifiers != NULL) {
- secu_PrintPolicyQualifier(out,*policyQualifiers,"",level+1);
- policyQualifiers++;
- }
- return SECSuccess;
-
-}
-
-static SECStatus
-secu_PrintPolicy(FILE *out, SECItem *value, char *msg, int level)
-{
- CERTCertificatePolicies *policies = NULL;
- CERTPolicyInfo **policyInfos;
-
- if (msg) {
- SECU_Indent(out, level);
- fprintf(out,"%s: \n",msg);
- level++;
- }
- policies = CERT_DecodeCertificatePoliciesExtension(value);
- if (policies == NULL) {
- SECU_PrintAsHex(out, value, "Invalid Policy Data", level);
- return SECFailure;
- }
-
- policyInfos = policies->policyInfos;
- while (*policyInfos != NULL) {
- secu_PrintPolicyInfo(out,*policyInfos,"",level);
- policyInfos++;
- }
-
- CERT_DestroyCertificatePoliciesExtension(policies);
- return SECSuccess;
-}
-
-char *nsTypeBits[] = {
-"SSL Client","SSL Server","S/MIME","Object Signing","Reserved","SSL CA","S/MIME CA","ObjectSigning CA" };
-
-static SECStatus
-secu_PrintBasicConstraints(FILE *out, SECItem *value, char *msg, int level) {
- CERTBasicConstraints constraints;
- SECStatus rv;
-
- SECU_Indent(out, level);
- if (msg) {
- fprintf(out,"%s: ",msg);
- }
- rv = CERT_DecodeBasicConstraintValue(&constraints,value);
- if (rv == SECSuccess && constraints.isCA) {
- fprintf(out,"Is a CA with a maximum path length of %d.\n",
- constraints.pathLenConstraint);
- } else {
- fprintf(out,"Is not a CA.\n");
- }
- return SECSuccess;
-}
-
-static SECStatus
-secu_PrintNSCertType(FILE *out, SECItem *value, char *msg, int level) {
- char NS_Type=0;
- int len, i, found=0;
-
- if (value->data[1] & 0x80) {
- len = 3;
- } else {
- len = value->data[1];
- }
- if ((value->data[0] != SEC_ASN1_BIT_STRING) || (len < 2)) {
- secu_PrintAny(out, value, "Data", level);
- return SECSuccess;
- }
- NS_Type=value->data[3];
-
-
- if (msg) {
- SECU_Indent(out, level);
- fprintf(out,"%s: ",msg);
- } else {
- SECU_Indent(out, level);
- fprintf(out,"Netscape Certificate Type: ");
- }
- for (i=0; i < 8; i++) {
- if ( (0x80 >> i) & NS_Type) {
- fprintf(out,"%c%s",found?',':'<',nsTypeBits[i]);
- found = 1;
- }
- }
- if (found) { fprintf(out,">\n"); } else { fprintf(out,"none\n"); }
- return SECSuccess;
-}
-
-void
-SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
- char *msg, int level)
-{
- SECOidTag oidTag;
-
- if ( extensions ) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", msg);
-
- while ( *extensions ) {
- SECItem *tmpitem;
- SECU_Indent(out, level+1); fprintf(out, "Name:\n");
-
- tmpitem = &(*extensions)->id;
- SECU_PrintObjectID(out, tmpitem, NULL, level+2);
-
- tmpitem = &(*extensions)->critical;
- if ( tmpitem->len ) {
- secu_PrintBoolean(out, tmpitem, "Critical", level+1);
- }
-
- oidTag = SECOID_FindOIDTag (&((*extensions)->id));
- tmpitem = &((*extensions)->value);
-
- switch (oidTag) {
- case SEC_OID_X509_INVALID_DATE:
- case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME:
- secu_PrintX509InvalidDate(out, tmpitem, "Date", level + 1);
- break;
- case SEC_OID_X509_CERTIFICATE_POLICIES:
- secu_PrintPolicy(out, tmpitem, "Data", level +1);
- break;
- case SEC_OID_NS_CERT_EXT_BASE_URL:
- case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
- case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
- case SEC_OID_NS_CERT_EXT_CA_CRL_URL:
- case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
- case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
- case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
- case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
- case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
- case SEC_OID_OCSP_RESPONDER:
- SECU_PrintString(out,tmpitem, "URL", level+1);
- break;
- case SEC_OID_NS_CERT_EXT_COMMENT:
- SECU_PrintString(out,tmpitem, "Comment", level+1);
- break;
- case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
- SECU_PrintString(out,tmpitem, "ServerName", level+1);
- break;
- case SEC_OID_NS_CERT_EXT_CERT_TYPE:
- secu_PrintNSCertType(out,tmpitem,"Data",level+1);
- break;
- case SEC_OID_X509_BASIC_CONSTRAINTS:
- secu_PrintBasicConstraints(out,tmpitem,"Data",level+1);
- break;
- case SEC_OID_X509_SUBJECT_ALT_NAME:
- case SEC_OID_X509_ISSUER_ALT_NAME:
- /*
- * We should add at least some of the more interesting cases
- * here, but need to have subroutines to back them up.
- */
- case SEC_OID_NS_CERT_EXT_NETSCAPE_OK:
- case SEC_OID_NS_CERT_EXT_ISSUER_LOGO:
- case SEC_OID_NS_CERT_EXT_SUBJECT_LOGO:
- case SEC_OID_NS_CERT_EXT_ENTITY_LOGO:
- case SEC_OID_NS_CERT_EXT_USER_PICTURE:
- case SEC_OID_NS_KEY_USAGE_GOVT_APPROVED:
-
- /* x.509 v3 Extensions */
- case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR:
- case SEC_OID_X509_SUBJECT_KEY_ID:
- case SEC_OID_X509_KEY_USAGE:
- case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD:
- case SEC_OID_X509_NAME_CONSTRAINTS:
- case SEC_OID_X509_CRL_DIST_POINTS:
- case SEC_OID_X509_POLICY_MAPPINGS:
- case SEC_OID_X509_POLICY_CONSTRAINTS:
- case SEC_OID_X509_AUTH_KEY_ID:
- goto defualt;
- case SEC_OID_X509_EXT_KEY_USAGE:
- PrintExtKeyUsageExten(out, tmpitem, "", level+1);
- break;
- case SEC_OID_X509_AUTH_INFO_ACCESS:
-
- case SEC_OID_X509_CRL_NUMBER:
- case SEC_OID_X509_REASON_CODE:
-
- /* PKIX OIDs */
- case SEC_OID_PKIX_OCSP:
- case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
- case SEC_OID_PKIX_OCSP_NONCE:
- case SEC_OID_PKIX_OCSP_CRL:
- case SEC_OID_PKIX_OCSP_RESPONSE:
- case SEC_OID_PKIX_OCSP_NO_CHECK:
- case SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF:
- case SEC_OID_PKIX_OCSP_SERVICE_LOCATOR:
- case SEC_OID_PKIX_REGCTRL_REGTOKEN:
- case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
- case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
- case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
- case SEC_OID_PKIX_REGINFO_UTF8_PAIRS:
- case SEC_OID_PKIX_REGINFO_CERT_REQUEST:
- case SEC_OID_EXT_KEY_USAGE_SERVER_AUTH:
- case SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH:
- case SEC_OID_EXT_KEY_USAGE_CODE_SIGN:
- case SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT:
- case SEC_OID_EXT_KEY_USAGE_TIME_STAMP:
-
- default:
- defualt:
- /*SECU_PrintAsHex(out, tmpitem, "Data", level+1); */
- secu_PrintAny(out, tmpitem, "Data", level+1);
- break;
- }
-
- secu_Newline(out);
- extensions++;
- }
- }
-}
-
-
-void
-SECU_PrintName(FILE *out, CERTName *name, char *msg, int level)
-{
- char *str;
-
- SECU_Indent(out, level); fprintf(out, "%s: ", msg);
-
- str = CERT_NameToAscii(name);
- if (!str)
- str = "!Invalid AVA!";
- fprintf(out, str);
-
- secu_Newline(out);
-}
-
-static int keyindex;
-
-static SECStatus
-secu_PrintKeyNickname(DBT *k, DBT *d, void *data)
-{
- FILE *out;
- char *name;
- unsigned char *buf;
-
- buf = (unsigned char *)d->data;
- out = (FILE *)data;
-
- name = (char *)PORT_Alloc(buf[2]);
- if (name == NULL) {
- return(SECFailure);
- }
-
- PORT_Memcpy(name, (buf + 3 + buf[1]), buf[2]);
-
- /* print everything but password-check entry */
- if (PORT_Strcmp(name, "password-check") != 0) {
- keyindex++;
- fprintf(out, "<%d> %s\n", keyindex, name);
- }
- PORT_Free(name);
-
- return (SECSuccess);
-}
-
-int
-SECU_PrintKeyNames(SECKEYKeyDBHandle *handle, FILE *out)
-{
- int rv;
-
- SECU_Indent(out, 0);
- fprintf(out, "Version %d database\n\n", SECKEY_GetKeyDBVersion(handle));
- fprintf(out, "<Key Index> Key Name\n--------\n");
- keyindex = 0;
- rv = SECKEY_TraverseKeys(handle, secu_PrintKeyNickname, out);
- if (rv) {
- return -1;
- }
-
- return 0;
-}
-
-#if 0
-struct indexedkey
-{
- int index;
- SECKEY_LowPrivateKey *key;
-};
-
-static SECStatus
-secu_GetKeyIndex(DBT *k, DBT *d, void *data)
-{
- char *name;
- unsigned char *buf;
- struct indexedkey *idkey = (struct indexedkey*)data;
- /*SECKEYLowPrivateKey *key = *(SECKEYLowPrivateKey**)data;*/
-
- buf = (unsigned char *)d->data;
-
- name = (char *)PORT_Alloc(buf[2]);
- if (name == NULL) {
- return(SECFailure);
- }
-
- PORT_Memcpy(name, (buf + 3 + buf[1]), buf[2]);
-
- /* print everything but password-check entry */
- if (PORT_Strcmp(name, "password-check") != 0) {
- keyindex++;
- if (keyindex == idkey->index)
- idkey->key = SECKEY_DecryptKey(k,idkey->slot->password,
- SECKEY_GetDefaultKeyDB());
- }
- PORT_Free(name);
-
- return (SECSuccess);
-}
-
-SECKEYLowPrivateKey*
-secu_GetPrivKeyFromIndex(int index, PK11Slot slot);
-{
- /*SECKEYLowPrivateKey* key;*/
- struct indexedkey idkey = { index, NULL };
-
- keyindex = 0;
- rv = SECKEY_TraverseKeys(SECKEY_GetDefaultKeyDB(),
- secu_GetKeyIndex, &idkey);
-
- if (rv) {
- return NULL;
- }
- return key;
-}
-#endif
-
-
-void
-printflags(char *trusts, unsigned int flags)
-{
- if (flags & CERTDB_VALID_CA)
- if (!(flags & CERTDB_TRUSTED_CA) &&
- !(flags & CERTDB_TRUSTED_CLIENT_CA))
- PORT_Strcat(trusts, "c");
- if (flags & CERTDB_VALID_PEER)
- if (!(flags & CERTDB_TRUSTED))
- PORT_Strcat(trusts, "p");
- if (flags & CERTDB_TRUSTED_CA)
- PORT_Strcat(trusts, "C");
- if (flags & CERTDB_TRUSTED_CLIENT_CA)
- PORT_Strcat(trusts, "T");
- if (flags & CERTDB_TRUSTED)
- PORT_Strcat(trusts, "P");
- if (flags & CERTDB_USER)
- PORT_Strcat(trusts, "u");
- if (flags & CERTDB_SEND_WARN)
- PORT_Strcat(trusts, "w");
- if (flags & CERTDB_INVISIBLE_CA)
- PORT_Strcat(trusts, "I");
- if (flags & CERTDB_GOVT_APPROVED_CA)
- PORT_Strcat(trusts, "G");
- return;
-}
-
-/* callback for listing certs through pkcs11 */
-SECStatus
-SECU_PrintCertNickname(CERTCertificate *cert, void *data)
-{
- CERTCertTrust *trust;
- FILE *out;
- char trusts[30];
- char *name;
-
- PORT_Memset (trusts, 0, sizeof (trusts));
- out = (FILE *)data;
-
- if ( cert->dbEntry ) {
- name = cert->dbEntry->nickname;
- if ( name == NULL ) {
- name = cert->emailAddr;
- }
-
- trust = &cert->dbEntry->trust;
- printflags(trusts, trust->sslFlags);
- PORT_Strcat(trusts, ",");
- printflags(trusts, trust->emailFlags);
- PORT_Strcat(trusts, ",");
- printflags(trusts, trust->objectSigningFlags);
- fprintf(out, "%-60s %-5s\n", name, trusts);
- }
-
- return (SECSuccess);
-}
-
-typedef struct {
- char * name;
- CERTCertTrust trust;
-} certNameAndTrustEntry;
-
-typedef struct {
- int numCerts;
- certNameAndTrustEntry *nameAndTrustEntries;
-} certNameAndTrustList;
-
-SECStatus
-sec_CountCerts(CERTCertificate *cert, SECItem *unknown, void *arg)
-{
- (*(int*)arg)++;
- return SECSuccess;
-}
-
-SECStatus
-sec_CollectCertNamesAndTrust(CERTCertificate *cert, SECItem *unknown, void *arg)
-{
- certNameAndTrustList *pCertNames = (certNameAndTrustList*)arg;
- char *name;
- int i;
-
- i = pCertNames->numCerts;
- name = cert->dbEntry->nickname ? cert->dbEntry->nickname : cert->emailAddr;
-
- if (name)
- pCertNames->nameAndTrustEntries[i].name = PORT_Strdup(name);
- else
- pCertNames->nameAndTrustEntries[i].name = PORT_Strdup("<unknown>");
-
- PORT_Memcpy(&pCertNames->nameAndTrustEntries[i].trust, cert->trust, sizeof(*cert->trust));
-
- pCertNames->numCerts++;
-
- return SECSuccess;
-}
-
-static int
-sec_name_and_trust_compare_by_name(const void *p1, const void *p2)
-{
- certNameAndTrustEntry *e1 = (certNameAndTrustEntry *)p1;
- certNameAndTrustEntry *e2 = (certNameAndTrustEntry *)p2;
- return PORT_Strcmp(e1->name, e2->name);
-}
-
-static int
-sec_combine_trust_flags(CERTCertTrust *trust)
-{
- if (trust == NULL)
- return NULL;
- return trust->sslFlags | trust->emailFlags | trust->objectSigningFlags;
-}
-
-static int
-sec_name_and_trust_compare_by_trust(const void *p1, const void *p2)
-{
- certNameAndTrustEntry *e1 = (certNameAndTrustEntry *)p1;
- certNameAndTrustEntry *e2 = (certNameAndTrustEntry *)p2;
- int e1_is_ca, e2_is_ca;
- int e1_is_user, e2_is_user;
- int rv;
-
- e1_is_ca = (sec_combine_trust_flags(&e1->trust) & CERTDB_VALID_CA) != 0;
- e2_is_ca = (sec_combine_trust_flags(&e2->trust) & CERTDB_VALID_CA) != 0;
- e1_is_user = (sec_combine_trust_flags(&e1->trust) & CERTDB_USER) != 0;
- e2_is_user = (sec_combine_trust_flags(&e2->trust) & CERTDB_USER) != 0;
-
- /* first, sort by user status, then CA status, */
- /* then by actual comparison of CA flags, then by name */
- if ((rv = (e2_is_user - e1_is_user)) == 0 && (rv = (e1_is_ca - e2_is_ca)) == 0)
- if (e1_is_ca || (rv = memcmp(&e1->trust, &e2->trust, sizeof(CERTCertTrust))) == 0)
- return PORT_Strcmp(e1->name, e2->name);
- else
- return rv;
- else
- return rv;
-}
-
-SECStatus
-SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc *out,
- PRBool sortByName, PRBool sortByTrust)
-{
- certNameAndTrustList certNames = { 0, NULL };
- int numCerts, i;
- SECStatus rv;
- int (*comparefn)(const void *, const void *);
- char trusts[30];
-
- numCerts = 0;
-
- rv = SEC_TraversePermCerts(handle, sec_CountCerts, &numCerts);
- if (rv != SECSuccess)
- return SECFailure;
-
- certNames.nameAndTrustEntries =
- (certNameAndTrustEntry *)PORT_Alloc(numCerts * sizeof(certNameAndTrustEntry));
- if (certNames.nameAndTrustEntries == NULL)
- return SECFailure;
-
- rv = SEC_TraversePermCerts(handle, sec_CollectCertNamesAndTrust, &certNames);
- if (rv != SECSuccess)
- return SECFailure;
-
- if (sortByName)
- comparefn = sec_name_and_trust_compare_by_name;
- else if (sortByTrust)
- comparefn = sec_name_and_trust_compare_by_trust;
- else
- comparefn = NULL;
-
- if (comparefn)
- qsort(certNames.nameAndTrustEntries, certNames.numCerts,
- sizeof(certNameAndTrustEntry), comparefn);
-
- PR_fprintf(out, "\n%-60s %-5s\n\n", "Certificate Name", "Trust Attributes");
- for (i = 0; i < certNames.numCerts; i++) {
- PORT_Memset (trusts, 0, sizeof(trusts));
- printflags(trusts, certNames.nameAndTrustEntries[i].trust.sslFlags);
- PORT_Strcat(trusts, ",");
- printflags(trusts, certNames.nameAndTrustEntries[i].trust.emailFlags);
- PORT_Strcat(trusts, ",");
- printflags(trusts, certNames.nameAndTrustEntries[i].trust.objectSigningFlags);
- PR_fprintf(out, "%-60s %-5s\n",
- certNames.nameAndTrustEntries[i].name, trusts);
- }
- PR_fprintf(out, "\n");
- PR_fprintf(out, "p Valid peer\n");
- PR_fprintf(out, "P Trusted peer (implies p)\n");
- PR_fprintf(out, "c Valid CA\n");
- PR_fprintf(out, "T Trusted CA to issue client certs (implies c)\n");
- PR_fprintf(out, "C Trusted CA to certs(only server certs for ssl) (implies c)\n");
- PR_fprintf(out, "u User cert\n");
- PR_fprintf(out, "w Send warning\n");
-
- for (i = 0; i < certNames.numCerts; i++)
- PORT_Free(certNames.nameAndTrustEntries[i].name);
- PORT_Free(certNames.nameAndTrustEntries);
-
- return rv;
-}
-
-int
-SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = NULL;
- CERTCertificateRequest *cr;
- int rv;
-
- /* Decode certificate request */
- cr = (CERTCertificateRequest*) PORT_ZAlloc(sizeof(CERTCertificateRequest));
- if (!cr)
- return PORT_GetError();
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena)
- return SEC_ERROR_NO_MEMORY;
-
- rv = SEC_ASN1DecodeItem(arena, cr, CERT_CertificateRequestTemplate, der);
- if (rv) {
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
- }
-
- /* Pretty print it out */
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &cr->version, "Version", level+1);
- SECU_PrintName(out, &cr->subject, "Subject", level+1);
- rv = secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo,
- "Subject Public Key Info", level+1);
- if (rv) {
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
- }
- secu_PrintAny(out, cr->attributes[0], "Attributes", level+1);
-
- PORT_FreeArena(arena, PR_FALSE);
- return 0;
-}
-
-int
-SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = NULL;
- CERTCertificate *c;
- int rv;
- int iv;
-
- /* Decode certificate */
- c = (CERTCertificate*) PORT_ZAlloc(sizeof(CERTCertificate));
- if (!c)
- return PORT_GetError();
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena)
- return SEC_ERROR_NO_MEMORY;
-
- rv = SEC_ASN1DecodeItem(arena, c, CERT_CertificateTemplate, der);
- if (rv) {
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
- }
-
- /* Pretty print it out */
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- iv = DER_GetInteger(&c->version);
- SECU_Indent(out, level+1); fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
-
- SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1);
- SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1);
- SECU_PrintName(out, &c->issuer, "Issuer", level+1);
- secu_PrintValidity(out, &c->validity, "Validity", level+1);
- SECU_PrintName(out, &c->subject, "Subject", level+1);
- rv = secu_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo,
- "Subject Public Key Info", level+1);
- if (rv) {
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
- }
- SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level+1);
-
- PORT_FreeArena(arena, PR_FALSE);
- return 0;
-}
-
-int
-SECU_PrintPublicKey(FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = NULL;
- SECKEYPublicKey key;
- int rv;
-
- PORT_Memset(&key, 0, sizeof(key));
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena)
- return SEC_ERROR_NO_MEMORY;
-
- rv = SEC_ASN1DecodeItem(arena, &key, SECKEY_RSAPublicKeyTemplate, der);
- if (rv) {
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
- }
-
- /* Pretty print it out */
- secu_PrintRSAPublicKey(out, &key, m, level);
-
- PORT_FreeArena(arena, PR_FALSE);
- return 0;
-}
-
-int
-SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = NULL;
- SECKEYEncryptedPrivateKeyInfo key;
- int rv;
-
- PORT_Memset(&key, 0, sizeof(key));
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena)
- return SEC_ERROR_NO_MEMORY;
-
- rv = SEC_ASN1DecodeItem(arena, &key, SECKEY_EncryptedPrivateKeyInfoTemplate,
- der);
- if (rv) {
- PORT_FreeArena(arena, PR_TRUE);
- return rv;
- }
-
- /* Pretty print it out */
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintAlgorithmID(out, &key.algorithm, "Encryption Algorithm",
- level+1);
- SECU_PrintAsHex(out, &key.encryptedData, "Encrypted Data", level+1);
-
- PORT_FreeArena(arena, PR_TRUE);
- return 0;
-}
-
-/*
-** PKCS7 Support
-*/
-
-/* forward declaration */
-static int
-secu_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *, int);
-
-/*
-** secu_PrintPKCS7EncContent
-** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it)
-*/
-static void
-secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
- char *m, int level)
-{
- if (src->contentTypeTag == NULL)
- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
-
- SECU_Indent(out, level);
- fprintf(out, "%s:\n", m);
- SECU_Indent(out, level + 1);
- fprintf(out, "Content Type: %s\n",
- (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
- : "Unknown");
- SECU_PrintAlgorithmID(out, &(src->contentEncAlg),
- "Content Encryption Algorithm", level+1);
- SECU_PrintAsHex(out, &(src->encContent),
- "Encrypted Content", level+1);
-}
-
-/*
-** secu_PrintRecipientInfo
-** Prints a PKCS7RecipientInfo type
-*/
-static void
-secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m,
- int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(info->version), "Version", level + 1);
-
- SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
- level + 1);
- SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
- "Serial Number", level + 1);
-
- /* Parse and display encrypted key */
- SECU_PrintAlgorithmID(out, &(info->keyEncAlg),
- "Key Encryption Algorithm", level + 1);
- SECU_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1);
-}
-
-/*
-** secu_PrintSignerInfo
-** Prints a PKCS7SingerInfo type
-*/
-static void
-secu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m, int level)
-{
- SEC_PKCS7Attribute *attr;
- int iv;
- char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(info->version), "Version", level + 1);
-
- SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
- level + 1);
- SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
- "Serial Number", level + 1);
-
- SECU_PrintAlgorithmID(out, &(info->digestAlg), "Digest Algorithm",
- level + 1);
-
- if (info->authAttr != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Authenticated Attributes:\n");
- iv = 0;
- while ((attr = info->authAttr[iv++]) != NULL) {
- sprintf(om, "Attribute (%d)", iv);
- secu_PrintAttribute(out, attr, om, level + 2);
- }
- }
-
- /* Parse and display signature */
- SECU_PrintAlgorithmID(out, &(info->digestEncAlg),
- "Digest Encryption Algorithm", level + 1);
- SECU_PrintAsHex(out, &(info->encDigest), "Encrypted Digest", level + 1);
-
- if (info->unAuthAttr != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Unauthenticated Attributes:\n");
- iv = 0;
- while ((attr = info->unAuthAttr[iv++]) != NULL) {
- sprintf(om, "Attribute (%x)", iv);
- secu_PrintAttribute(out, attr, om, level + 2);
- }
- }
-}
-
-void
-SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level)
-{
- CERTCrlEntry *entry;
- int iv;
- char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintAlgorithmID(out, &(crl->signatureAlg), "Signature Algorithm",
- level + 1);
- SECU_PrintName(out, &(crl->name), "Name", level + 1);
- SECU_PrintUTCTime(out, &(crl->lastUpdate), "Last Update", level + 1);
- SECU_PrintUTCTime(out, &(crl->nextUpdate), "Next Update", level + 1);
-
- if (crl->entries != NULL) {
- iv = 0;
- while ((entry = crl->entries[iv++]) != NULL) {
- sprintf(om, "Entry (%x):\n", iv);
- SECU_Indent(out, level + 1); fprintf(out, om);
- SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number",
- level + 2);
- SECU_PrintUTCTime(out, &(entry->revocationDate), "Revocation Date",
- level + 2);
- SECU_PrintExtensions
- (out, entry->extensions, "Signed CRL Entries Extensions", level + 1);
- }
- }
- SECU_PrintExtensions
- (out, crl->extensions, "Signed CRL Extension", level + 1);
-}
-
-/*
-** secu_PrintPKCS7Signed
-** Pretty print a PKCS7 signed data type (up to version 1).
-*/
-static int
-secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, char *m, int level)
-{
- SECAlgorithmID *digAlg; /* digest algorithms */
- SECItem *aCert; /* certificate */
- CERTSignedCrl *aCrl; /* certificate revocation list */
- SEC_PKCS7SignerInfo *sigInfo; /* signer information */
- int rv, iv;
- char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
-
- /* Parse and list digest algorithms (if any) */
- if (src->digestAlgorithms != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
- iv = 0;
- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
- sprintf(om, "Digest Algorithm (%x)", iv);
- SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
- }
- }
-
- /* Now for the content */
- rv = secu_PrintPKCS7ContentInfo(out, &(src->contentInfo),
- "Content Information", level + 1);
- if (rv != 0)
- return rv;
-
- /* Parse and list certificates (if any) */
- if (src->rawCerts != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
- iv = 0;
- while ((aCert = src->rawCerts[iv++]) != NULL) {
- sprintf(om, "Certificate (%x)", iv);
- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
- SECU_PrintCertificate);
- if (rv)
- return rv;
- }
- }
-
- /* Parse and list CRL's (if any) */
- if (src->crls != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signed Revocation Lists:\n");
- iv = 0;
- while ((aCrl = src->crls[iv++]) != NULL) {
- sprintf(om, "Signed Revocation List (%x)", iv);
- SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om);
- SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
- "Signature Algorithm", level+3);
- DER_ConvertBitString(&aCrl->signatureWrap.signature);
- SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
- level+3);
- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
- level + 3);
- }
- }
-
- /* Parse and list signatures (if any) */
- if (src->signerInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signer Information List:\n");
- iv = 0;
- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
- sprintf(om, "Signer Information (%x)", iv);
- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
- }
- }
-
- return 0;
-}
-
-/*
-** secu_PrintPKCS7Enveloped
-** Pretty print a PKCS7 enveloped data type (up to version 1).
-*/
-static void
-secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
- char *m, int level)
-{
- SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */
- int iv;
- char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
-
- /* Parse and list recipients (this is not optional) */
- if (src->recipientInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Recipient Information List:\n");
- iv = 0;
- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
- sprintf(om, "Recipient Information (%x)", iv);
- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
- }
- }
-
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
-}
-
-/*
-** secu_PrintPKCS7SignedEnveloped
-** Pretty print a PKCS7 singed and enveloped data type (up to version 1).
-*/
-static int
-secu_PrintPKCS7SignedAndEnveloped(FILE *out,
- SEC_PKCS7SignedAndEnvelopedData *src,
- char *m, int level)
-{
- SECAlgorithmID *digAlg; /* pointer for digest algorithms */
- SECItem *aCert; /* pointer for certificate */
- CERTSignedCrl *aCrl; /* pointer for certificate revocation list */
- SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */
- SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */
- int rv, iv;
- char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
-
- /* Parse and list recipients (this is not optional) */
- if (src->recipientInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Recipient Information List:\n");
- iv = 0;
- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
- sprintf(om, "Recipient Information (%x)", iv);
- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
- }
- }
-
- /* Parse and list digest algorithms (if any) */
- if (src->digestAlgorithms != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
- iv = 0;
- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
- sprintf(om, "Digest Algorithm (%x)", iv);
- SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
- }
- }
-
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
-
- /* Parse and list certificates (if any) */
- if (src->rawCerts != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
- iv = 0;
- while ((aCert = src->rawCerts[iv++]) != NULL) {
- sprintf(om, "Certificate (%x)", iv);
- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
- SECU_PrintCertificate);
- if (rv)
- return rv;
- }
- }
-
- /* Parse and list CRL's (if any) */
- if (src->crls != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signed Revocation Lists:\n");
- iv = 0;
- while ((aCrl = src->crls[iv++]) != NULL) {
- sprintf(om, "Signed Revocation List (%x)", iv);
- SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om);
- SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
- "Signature Algorithm", level+3);
- DER_ConvertBitString(&aCrl->signatureWrap.signature);
- SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
- level+3);
- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
- level + 3);
- }
- }
-
- /* Parse and list signatures (if any) */
- if (src->signerInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signer Information List:\n");
- iv = 0;
- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
- sprintf(om, "Signer Information (%x)", iv);
- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
- }
- }
-
- return 0;
-}
-
-int
-SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = NULL;
- CERTCrl *c = NULL;
- int rv;
-
- do {
- /* Decode CRL */
- c = (CERTCrl*) PORT_ZAlloc(sizeof(CERTCrl));
- if (!c) {
- rv = PORT_GetError();
- break;
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) {
- rv = SEC_ERROR_NO_MEMORY;
- break;
- }
-
- rv = SEC_ASN1DecodeItem(arena, c, CERT_CrlTemplate, der);
- if (rv != SECSuccess)
- break;
- SECU_PrintCRLInfo (out, c, m, level);
- } while (0);
- PORT_FreeArena (arena, PR_FALSE);
- PORT_Free (c);
- return (rv);
-}
-
-
-/*
-** secu_PrintPKCS7Encrypted
-** Pretty print a PKCS7 encrypted data type (up to version 1).
-*/
-static void
-secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src,
- char *m, int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
-
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
-}
-
-/*
-** secu_PrintPKCS7Digested
-** Pretty print a PKCS7 digested data type (up to version 1).
-*/
-static void
-secu_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src,
- char *m, int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
-
- SECU_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm",
- level + 1);
- secu_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information",
- level + 1);
- SECU_PrintAsHex(out, &src->digest, "Digest", level + 1);
-}
-
-/*
-** secu_PrintPKCS7ContentInfo
-** Takes a SEC_PKCS7ContentInfo type and sends the contents to the
-** appropriate function
-*/
-static int
-secu_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src,
- char *m, int level)
-{
- char *desc;
- SECOidTag kind;
- int rv;
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- level++;
-
- if (src->contentTypeTag == NULL)
- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
-
- if (src->contentTypeTag == NULL) {
- desc = "Unknown";
- kind = SEC_OID_PKCS7_DATA;
- } else {
- desc = src->contentTypeTag->desc;
- kind = src->contentTypeTag->offset;
- }
-
- if (src->content.data == NULL) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", desc);
- level++;
- SECU_Indent(out, level); fprintf(out, "<no content>\n");
- return 0;
- }
-
- rv = 0;
- switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */
- rv = secu_PrintPKCS7Signed(out, src->content.signedData, desc, level);
- break;
-
- case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */
- secu_PrintPKCS7Enveloped(out, src->content.envelopedData, desc, level);
- break;
-
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */
- rv = secu_PrintPKCS7SignedAndEnveloped(out,
- src->content.signedAndEnvelopedData,
- desc, level);
- break;
-
- case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */
- secu_PrintPKCS7Digested(out, src->content.digestedData, desc, level);
- break;
-
- case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */
- secu_PrintPKCS7Encrypted(out, src->content.encryptedData, desc, level);
- break;
-
- default:
- SECU_PrintAsHex(out, src->content.data, desc, level);
- break;
- }
-
- return rv;
-}
-
-/*
-** SECU_PrintPKCS7ContentInfo
-** Decode and print any major PKCS7 data type (up to version 1).
-*/
-int
-SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, int level)
-{
- SEC_PKCS7ContentInfo *cinfo;
- int rv;
-
- cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
- if (cinfo != NULL) {
- /* Send it to recursive parsing and printing module */
- rv = secu_PrintPKCS7ContentInfo(out, cinfo, m, level);
- SEC_PKCS7DestroyContentInfo(cinfo);
- } else {
- rv = -1;
- }
-
- return rv;
-}
-
-/*
-** End of PKCS7 functions
-*/
-
-void
-printFlags(FILE *out, unsigned int flags, int level)
-{
- if ( flags & CERTDB_VALID_PEER ) {
- SECU_Indent(out, level); fprintf(out, "Valid Peer\n");
- }
- if ( flags & CERTDB_TRUSTED ) {
- SECU_Indent(out, level); fprintf(out, "Trusted\n");
- }
- if ( flags & CERTDB_SEND_WARN ) {
- SECU_Indent(out, level); fprintf(out, "Warn When Sending\n");
- }
- if ( flags & CERTDB_VALID_CA ) {
- SECU_Indent(out, level); fprintf(out, "Valid CA\n");
- }
- if ( flags & CERTDB_TRUSTED_CA ) {
- SECU_Indent(out, level); fprintf(out, "Trusted CA\n");
- }
- if ( flags & CERTDB_NS_TRUSTED_CA ) {
- SECU_Indent(out, level); fprintf(out, "Netscape Trusted CA\n");
- }
- if ( flags & CERTDB_USER ) {
- SECU_Indent(out, level); fprintf(out, "User\n");
- }
- if ( flags & CERTDB_TRUSTED_CLIENT_CA ) {
- SECU_Indent(out, level); fprintf(out, "Trusted Client CA\n");
- }
-#ifdef DEBUG
- if ( flags & CERTDB_GOVT_APPROVED_CA ) {
- SECU_Indent(out, level); fprintf(out, "Step-up\n");
- }
-#endif /* DEBUG */
-}
-
-void
-SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_Indent(out, level+1); fprintf(out, "SSL Flags:\n");
- printFlags(out, trust->sslFlags, level+2);
- SECU_Indent(out, level+1); fprintf(out, "Email Flags:\n");
- printFlags(out, trust->emailFlags, level+2);
- SECU_Indent(out, level+1); fprintf(out, "Object Signing Flags:\n");
- printFlags(out, trust->objectSigningFlags, level+2);
-}
-
-int SECU_PrintSignedData(FILE *out, SECItem *der, char *m,
- int level, SECU_PPFunc inner)
-{
- PRArenaPool *arena = NULL;
- CERTSignedData *sd;
- int rv;
-
- /* Strip off the signature */
- sd = (CERTSignedData*) PORT_ZAlloc(sizeof(CERTSignedData));
- if (!sd)
- return PORT_GetError();
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena)
- return SEC_ERROR_NO_MEMORY;
-
- rv = SEC_ASN1DecodeItem(arena, sd, CERT_SignedDataTemplate, der);
- if (rv) {
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
- }
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- rv = (*inner)(out, &sd->data, "Data", level+1);
- if (rv) {
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
- }
-
- SECU_PrintAlgorithmID(out, &sd->signatureAlgorithm, "Signature Algorithm",
- level+1);
- DER_ConvertBitString(&sd->signature);
- SECU_PrintAsHex(out, &sd->signature, "Signature", level+1);
-
- PORT_FreeArena(arena, PR_FALSE);
- return 0;
-
-}
-
-SECStatus
-SECU_PKCS11Init(PRBool readOnly) {
- static PRBool isInit = PR_FALSE;
- SECKEYKeyDBHandle *kdb_handle;
- char * secmodule;
- int rv;
-
- if (isInit)
- return SECSuccess;
-
- isInit = PR_TRUE;
-
- /*
- * Initialize the private key database.
- */
- /* in the "ideal world"(tm), the Key database would be initialized in
- * the Software PKCS#11 module. Unfortunately there's not enough of
- * an interface to pass all the info to the PCKS#11 module, so go ahead
- * and initialize here...
- */
- RNG_RNGInit(); /* Guess what SECKEY_OpenKeyDB calls if there is
- * no keyDB? You got it Get Random Data... just one more
- * reason to want to move this call into pkcs11.c
- */
-
- kdb_handle = SECU_OpenKeyDB(readOnly);
-
- if (kdb_handle != NULL) {
- SECKEY_SetDefaultKeyDB(kdb_handle);
- }
-
- /*
- * set our default password function
- */
- PK11_SetPasswordFunc(SECU_GetModulePassword);
- /*
- * OK, now we initialize the PKCS11 subsystems
- */
- secmodule = SECU_SECModDBName();
- SECMOD_init(secmodule);
- return SECSuccess; /* check the return codes?? */
-}
-
-SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubk)
-{
- SECKEYLowPublicKey *copyk;
- PRArenaPool *arena;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- copyk = (SECKEYLowPublicKey *)
- PORT_ArenaZAlloc (arena, sizeof (SECKEYLowPublicKey));
- if (copyk != NULL) {
- SECStatus rv = SECSuccess;
-
- copyk->arena = arena;
- copyk->keyType = pubk->keyType;
- switch (pubk->keyType) {
- case rsaKey:
- rv = SECITEM_CopyItem(arena, &copyk->u.rsa.modulus,
- &pubk->u.rsa.modulus);
- if (rv == SECSuccess) {
- rv = SECITEM_CopyItem (arena, &copyk->u.rsa.publicExponent,
- &pubk->u.rsa.publicExponent);
- if (rv == SECSuccess)
- return copyk;
- }
- break;
- case nullKey:
- return copyk;
- default:
- rv = SECFailure;
- break;
- }
- if (rv == SECSuccess)
- return copyk;
-
- SECKEY_LowDestroyPublicKey (copyk);
- } else {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- }
-
- PORT_FreeArena (arena, PR_FALSE);
- return NULL;
-}
-
-
-#ifdef AIX
-int _OS_SELECT (int nfds, void *readfds, void *writefds,
- void *exceptfds, struct timeval *timeout) {
- return select (nfds,readfds,writefds,exceptfds,timeout);
-}
-#endif
-
-SECItem *
-SECU_GetPBEPassword(void *arg)
-{
- char *p = NULL;
- SECItem *pwitem = NULL;
-
- p = SECU_GetPasswordString(arg,"Password: ");
-
- /* NOTE: This function is obviously unfinished. */
-
- if ( pwitem == NULL ) {
- fprintf(stderr, "Error hashing password\n");
- return NULL;
- }
-
- return pwitem;
-}
-
-SECStatus
-SECU_ParseCommandLine(int argc, char **argv, char *progName, secuCommand *cmd)
-{
- PRBool found;
- PLOptState *optstate;
- PLOptStatus status;
- char *optstring;
- int i, j;
-
- optstring = (char *)malloc(cmd->numCommands + 2*cmd->numOptions);
- j = 0;
-
- for (i=0; i<cmd->numCommands; i++) {
- optstring[j++] = cmd->commands[i].flag;
- }
- for (i=0; i<cmd->numOptions; i++) {
- optstring[j++] = cmd->options[i].flag;
- if (cmd->options[i].needsArg)
- optstring[j++] = ':';
- }
- optstring[j] = '\0';
- optstate = PL_CreateOptState(argc, argv, optstring);
-
- /* Parse command line arguments */
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
-
- /* Wasn't really an option, just standalone arg. */
- if (optstate->option == '\0')
- continue;
-
- found = PR_FALSE;
-
- for (i=0; i<cmd->numCommands; i++) {
- if (cmd->commands[i].flag == optstate->option) {
- cmd->commands[i].activated = PR_TRUE;
- if (optstate->value) {
- cmd->commands[i].arg = optstate->value;
- }
- found = PR_TRUE;
- break;
- }
- }
-
- if (found)
- continue;
-
- for (i=0; i<cmd->numOptions; i++) {
- if (cmd->options[i].flag == optstate->option) {
- cmd->options[i].activated = PR_TRUE;
- if (optstate->value) {
- cmd->options[i].arg = optstate->value;
- }
- found = PR_TRUE;
- break;
- }
- }
-
- if (!found)
- return SECFailure;
- }
- if (status == PL_OPT_BAD)
- return SECFailure;
- return SECSuccess;
-}
-
-char *
-SECU_GetOptionArg(secuCommand *cmd, int optionNum)
-{
- if (optionNum < 0 || optionNum >= cmd->numOptions)
- return NULL;
- if (cmd->options[optionNum].activated)
- return PL_strdup(cmd->options[optionNum].arg);
- else
- return NULL;
-}
-
-static char SECUErrorBuf[64];
-
-char *
-SECU_ErrorStringRaw(int16 err)
-{
- if (err == 0)
- sprintf(SECUErrorBuf, "");
- else if (err == SEC_ERROR_BAD_DATA)
- sprintf(SECUErrorBuf, "Bad data");
- else if (err == SEC_ERROR_BAD_DATABASE)
- sprintf(SECUErrorBuf, "Problem with database");
- else if (err == SEC_ERROR_BAD_DER)
- sprintf(SECUErrorBuf, "Problem with DER");
- else if (err == SEC_ERROR_BAD_KEY)
- sprintf(SECUErrorBuf, "Problem with key");
- else if (err == SEC_ERROR_BAD_PASSWORD)
- sprintf(SECUErrorBuf, "Incorrect password");
- else if (err == SEC_ERROR_BAD_SIGNATURE)
- sprintf(SECUErrorBuf, "Bad signature");
- else if (err == SEC_ERROR_EXPIRED_CERTIFICATE)
- sprintf(SECUErrorBuf, "Expired certificate");
- else if (err == SEC_ERROR_EXTENSION_VALUE_INVALID)
- sprintf(SECUErrorBuf, "Invalid extension value");
- else if (err == SEC_ERROR_INPUT_LEN)
- sprintf(SECUErrorBuf, "Problem with input length");
- else if (err == SEC_ERROR_INVALID_ALGORITHM)
- sprintf(SECUErrorBuf, "Invalid algorithm");
- else if (err == SEC_ERROR_INVALID_ARGS)
- sprintf(SECUErrorBuf, "Invalid arguments");
- else if (err == SEC_ERROR_INVALID_AVA)
- sprintf(SECUErrorBuf, "Invalid AVA");
- else if (err == SEC_ERROR_INVALID_TIME)
- sprintf(SECUErrorBuf, "Invalid time");
- else if (err == SEC_ERROR_IO)
- sprintf(SECUErrorBuf, "Security I/O error");
- else if (err == SEC_ERROR_LIBRARY_FAILURE)
- sprintf(SECUErrorBuf, "Library failure");
- else if (err == SEC_ERROR_NO_MEMORY)
- sprintf(SECUErrorBuf, "Out of memory");
- else if (err == SEC_ERROR_OLD_CRL)
- sprintf(SECUErrorBuf, "CRL is older than the current one");
- else if (err == SEC_ERROR_OUTPUT_LEN)
- sprintf(SECUErrorBuf, "Problem with output length");
- else if (err == SEC_ERROR_UNKNOWN_ISSUER)
- sprintf(SECUErrorBuf, "Unknown issuer");
- else if (err == SEC_ERROR_UNTRUSTED_CERT)
- sprintf(SECUErrorBuf, "Untrusted certificate");
- else if (err == SEC_ERROR_UNTRUSTED_ISSUER)
- sprintf(SECUErrorBuf, "Untrusted issuer");
- else if (err == SSL_ERROR_BAD_CERTIFICATE)
- sprintf(SECUErrorBuf, "Bad certificate");
- else if (err == SSL_ERROR_BAD_CLIENT)
- sprintf(SECUErrorBuf, "Bad client");
- else if (err == SSL_ERROR_BAD_SERVER)
- sprintf(SECUErrorBuf, "Bad server");
- else if (err == SSL_ERROR_EXPORT_ONLY_SERVER)
- sprintf(SECUErrorBuf, "Export only server");
- else if (err == SSL_ERROR_NO_CERTIFICATE)
- sprintf(SECUErrorBuf, "No certificate");
- else if (err == SSL_ERROR_NO_CYPHER_OVERLAP)
- sprintf(SECUErrorBuf, "No cypher overlap");
- else if (err == SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE)
- sprintf(SECUErrorBuf, "Unsupported certificate type");
- else if (err == SSL_ERROR_UNSUPPORTED_VERSION)
- sprintf(SECUErrorBuf, "Unsupported version");
- else if (err == SSL_ERROR_US_ONLY_SERVER)
- sprintf(SECUErrorBuf, "U.S. only server");
- else if (err == PR_IO_ERROR)
- sprintf(SECUErrorBuf, "I/O error");
-
- else if (err == SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE)
- sprintf (SECUErrorBuf, "Expired Issuer Certificate");
- else if (err == SEC_ERROR_REVOKED_CERTIFICATE)
- sprintf (SECUErrorBuf, "Revoked certificate");
- else if (err == SEC_ERROR_NO_KEY)
- sprintf (SECUErrorBuf, "No private key in database for this cert");
- else if (err == SEC_ERROR_CERT_NOT_VALID)
- sprintf (SECUErrorBuf, "Certificate is not valid");
- else if (err == SEC_ERROR_EXTENSION_NOT_FOUND)
- sprintf (SECUErrorBuf, "Certificate extension was not found");
- else if (err == SEC_ERROR_EXTENSION_VALUE_INVALID)
- sprintf (SECUErrorBuf, "Certificate extension value invalid");
- else if (err == SEC_ERROR_CA_CERT_INVALID)
- sprintf (SECUErrorBuf, "Issuer certificate is invalid");
- else if (err == SEC_ERROR_CERT_USAGES_INVALID)
- sprintf (SECUErrorBuf, "Certificate usages is invalid");
- else if (err == SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION)
- sprintf (SECUErrorBuf, "Certificate has unknown critical extension");
- else if (err == SEC_ERROR_PKCS7_BAD_SIGNATURE)
- sprintf (SECUErrorBuf, "Bad PKCS7 signature");
- else if (err == SEC_ERROR_INADEQUATE_KEY_USAGE)
- sprintf (SECUErrorBuf, "Certificate not approved for this operation");
- else if (err == SEC_ERROR_INADEQUATE_CERT_TYPE)
- sprintf (SECUErrorBuf, "Certificate not approved for this operation");
-
- return SECUErrorBuf;
-}
-
-char *
-SECU_ErrorString(int16 err)
-{
- char *error_string;
-
- *SECUErrorBuf = 0;
- SECU_ErrorStringRaw (err);
-
- if (*SECUErrorBuf == 0) {
- error_string = SECU_GetString(err);
- if (error_string == NULL || *error_string == '\0')
- sprintf(SECUErrorBuf, "No error string found for %d.", err);
- else
- return error_string;
- }
-
- return SECUErrorBuf;
-}
diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h
deleted file mode 100644
index 469eb87e1..000000000
--- a/security/nss/cmd/lib/secutil.h
+++ /dev/null
@@ -1,344 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifndef _SEC_UTIL_H_
-#define _SEC_UTIL_H_
-
-#include "seccomon.h"
-#include "secitem.h"
-#include "prerror.h"
-#include "base64.h"
-#include "key.h"
-#include "secpkcs7.h"
-#include "secasn1.h"
-#include "secder.h"
-#include <stdio.h>
-
-#define SEC_CT_PRIVATE_KEY "private-key"
-#define SEC_CT_PUBLIC_KEY "public-key"
-#define SEC_CT_CERTIFICATE "certificate"
-#define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
-#define SEC_CT_PKCS7 "pkcs7"
-#define SEC_CT_CRL "crl"
-
-#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----"
-#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----"
-
-#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----"
-#define NS_CERT_TRAILER "-----END CERTIFICATE-----"
-
-/* From libsec/pcertdb.c --- it's not declared in sec.h */
-extern SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle,
- SECItem *derCert, char *nickname, CERTCertTrust *trust);
-
-
-#ifdef SECUTIL_NEW
-typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item,
- char *msg, int level);
-#else
-typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
-#endif
-
-typedef struct {
- enum {
- PW_NONE,
- PW_FROMFILE,
- PW_PLAINTEXT
- } source;
- char *data;
-} secuPWData;
-
-/*
-** Change a password on a token, or initialize a token with a password
-** if it does not already have one.
-** Use passwd to send the password in plaintext, pwFile to specify a
-** file containing the password, or NULL for both to prompt the user.
-*/
-SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile);
-
-/* These were stolen from the old sec.h... */
-/*
-** Check a password for legitimacy. Passwords must be at least 8
-** characters long and contain one non-alphabetic. Return DSTrue if the
-** password is ok, DSFalse otherwise.
-*/
-extern PRBool SEC_CheckPassword(char *password);
-
-/*
-** Blind check of a password. Complement to SEC_CheckPassword which
-** ignores length and content type, just retuning DSTrue is the password
-** exists, DSFalse if NULL
-*/
-extern PRBool SEC_BlindCheckPassword(char *password);
-
-/*
-** Get a password.
-** First prompt with "msg" on "out", then read the password from "in".
-** The password is then checked using "chkpw".
-*/
-extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg,
- PRBool (*chkpw)(char *));
-
-char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg);
-
-char *SECU_GetPasswordString(void *arg, char *prompt);
-
-/*
-** Write a dongle password.
-** Uses MD5 to hash constant system data (hostname, etc.), and then
-** creates RC4 key to encrypt a password "pw" into a file "fd".
-*/
-extern SECStatus SEC_WriteDongleFile(int fd, char *pw);
-
-/*
-** Get a dongle password.
-** Uses MD5 to hash constant system data (hostname, etc.), and then
-** creates RC4 key to decrypt and return a password from file "fd".
-*/
-extern char *SEC_ReadDongleFile(int fd);
-
-
-/* End stolen headers */
-
-
-/* Get the Key ID (modulus) from the cert with the given nickname. */
-extern SECItem * SECU_GetKeyIDFromNickname(char *name);
-
-/* Change the key db password in the database */
-extern SECStatus SECU_ChangeKeyDBPassword(SECKEYKeyDBHandle *kdbh);
-
-/* Check if a key name exists. Return PR_TRUE if true, PR_FALSE if not */
-extern PRBool SECU_CheckKeyNameExists(SECKEYKeyDBHandle *handle, char *nickname);
-
-/* Find a key by a nickname. Calls SECKEY_FindKeyByName */
-extern SECKEYLowPrivateKey *SECU_GetPrivateKey(SECKEYKeyDBHandle *kdbh, char *nickname);
-
-/* Get key encrypted with dongle file in "pathname" */
-extern SECKEYLowPrivateKey *SECU_GetPrivateDongleKey(SECKEYKeyDBHandle *handle,
- char *nickname, char *pathname);
-
-extern SECItem *SECU_GetPassword(void *arg, SECKEYKeyDBHandle *handle);
-
-/* Just sticks the two strings together with a / if needed */
-char *SECU_AppendFilenameToDir(char *dir, char *filename);
-
-/* Returns result of getenv("SSL_DIR") or NULL */
-extern char *SECU_DefaultSSLDir(void);
-
-/*
-** Should be called once during initialization to set the default
-** directory for looking for cert.db, key.db, and cert-nameidx.db files
-** Removes trailing '/' in 'base'
-** If 'base' is NULL, defaults to set to .netscape in home directory.
-*/
-extern char *SECU_ConfigDirectory(const char* base);
-
-
-extern char *SECU_CertDBNameCallback(void *arg, int dbVersion);
-extern char *SECU_KeyDBNameCallback(void *arg, int dbVersion);
-
-extern SECKEYPrivateKey *SECU_FindPrivateKeyFromNickname(char *name);
-extern SECKEYLowPrivateKey *SECU_FindLowPrivateKeyFromNickname(char *name);
-extern SECStatus SECU_DeleteKeyByName(SECKEYKeyDBHandle *handle, char *nickname);
-
-extern SECKEYKeyDBHandle *SECU_OpenKeyDB(PRBool readOnly);
-extern CERTCertDBHandle *SECU_OpenCertDB(PRBool readOnly);
-
-/*
-** Basic callback function for SSL_GetClientAuthDataHook
-*/
-extern int
-SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
- struct CERTDistNamesStr *caNames,
- struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey);
-
-/* print out an error message */
-extern void SECU_PrintError(char *progName, char *msg, ...);
-
-/* print out a system error message */
-extern void SECU_PrintSystemError(char *progName, char *msg, ...);
-
-/* Return informative error string */
-extern const char * SECU_Strerror(PRErrorCode errNum);
-
-/* Read the contents of a file into a SECItem */
-extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src);
-
-/* Read in a DER from a file, may be ascii */
-extern SECStatus
-SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii);
-
-/* Indent based on "level" */
-extern void SECU_Indent(FILE *out, int level);
-
-/* Print integer value and hex */
-extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level);
-
-/* Print ObjectIdentifier symbolically */
-extern void SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level);
-
-/* Print AlgorithmIdentifier symbolically */
-extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
- int level);
-
-/* Print SECItem as hex */
-extern void SECU_PrintAsHex(FILE *out, SECItem *i, char *m, int level);
-
-/*
- * Format and print the UTC Time "t". If the tag message "m" is not NULL,
- * do indent formatting based on "level" and add a newline afterward;
- * otherwise just print the formatted time string only.
- */
-extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level);
-
-/*
- * Format and print the Generalized Time "t". If the tag message "m"
- * is not NULL, * do indent formatting based on "level" and add a newline
- * afterward; otherwise just print the formatted time string only.
- */
-extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m,
- int level);
-
-/* Dump all key nicknames */
-extern int SECU_PrintKeyNames(SECKEYKeyDBHandle *handle, FILE *out);
-
-/* callback for listing certs through pkcs11 */
-extern SECStatus SECU_PrintCertNickname(CERTCertificate *cert, void *data);
-
-/* Dump all certificate nicknames in a database */
-extern SECStatus
-SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out,
- PRBool sortByName, PRBool sortByTrust);
-
-/* See if nickname already in database. Return 1 true, 0 false, -1 error */
-int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname);
-
-/* Dump contents of cert req */
-extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m,
- int level);
-
-/* Dump contents of certificate */
-extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level);
-
-/* print trust flags on a cert */
-extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level);
-
-/* Dump contents of public key */
-extern int SECU_PrintPublicKey(FILE *out, SECItem *der, char *m, int level);
-
-/* Dump contents of private key */
-extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level);
-
-/* Pretty-print any PKCS7 thing */
-extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
- int level);
-
-/* Init PKCS11 stuff */
-extern SECStatus SECU_PKCS11Init(PRBool readOnly);
-
-/* Dump contents of signed data */
-extern int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, int level,
- SECU_PPFunc inner);
-
-extern int SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level);
-
-extern void
-SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level);
-
-extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
- char *msg, int level);
-
-extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level);
-
-/* Convert a High public Key to a Low public Key */
-extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey);
-
-extern SECItem *SECU_GetPBEPassword(void *arg);
-
-extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg);
-
-extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw);
-extern void SEC_Init(void);
-
-extern char *SECU_SECModDBName(void);
-
-/*
- *
- * Utilities for parsing security tools command lines
- *
- */
-
-/* A single command flag */
-typedef struct {
- char flag;
- PRBool needsArg;
- char *arg;
- PRBool activated;
-} secuCommandFlag;
-
-/* A full array of command/option flags */
-typedef struct
-{
- int numCommands;
- int numOptions;
-
- secuCommandFlag *commands;
- secuCommandFlag *options;
-} secuCommand;
-
-/* fill the "arg" and "activated" fields for each flag */
-SECStatus
-SECU_ParseCommandLine(int argc, char **argv, char *progName, secuCommand *cmd);
-char *
-SECU_GetOptionArg(secuCommand *cmd, int optionNum);
-
-/*
- *
- * Error messaging
- *
- */
-
-/* Return informative error string */
-char *SECU_ErrorString(int16 err);
-
-/* Return informative error string. Does not call XP_GetString */
-char *SECU_ErrorStringRaw(int16 err);
-
-#ifndef XP_UNIX
-extern int ffs(unsigned int i);
-#endif
-
-#include "secerr.h"
-#include "sslerr.h"
-
-#endif /* _SEC_UTIL_H_ */
diff --git a/security/nss/cmd/lib/sslstubs.c b/security/nss/cmd/lib/sslstubs.c
deleted file mode 100644
index a7ceda64a..000000000
--- a/security/nss/cmd/lib/sslstubs.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "secport.h" /* for UUID */
-#ifdef XP_WIN
-#include <IO.H>
-#endif
-
-#ifndef NOT_NULL
-char *NOT_NULL(const char *x)
-{
- return((char *) x);
-}
-#endif
-
-/* Override the macro definition in xpassert.h if necessary. */
-#ifdef XP_AssertAtLine
-#undef XP_AssertAtLine
-#endif
-
-void XP_AssertAtLine(char *pFileName, int iLine)
-{
- abort();
-}
-
-void FE_Trace(const char *msg)
-{
- fputs(msg, stderr);
-}
-
-#ifdef XP_WIN
-RPC_STATUS __stdcall UuidCreate(UUID *Uuid)
-{
- return 0;
-}
-
-void FEU_StayingAlive(void)
-{
-}
-
-int dupsocket(int sock)
-{
- return dup(sock);
-}
-#endif
diff --git a/security/nss/cmd/lib/strerror.c b/security/nss/cmd/lib/strerror.c
deleted file mode 100644
index 32af63603..000000000
--- a/security/nss/cmd/lib/strerror.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "secutil.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#if defined(XP_WIN)
-#include <errno.h>
-#include <winsock.h>
-#define EWOULDBLOCK WSAEWOULDBLOCK
-#endif
-
-#include <stdio.h>
-#include <string.h>
-
-static char *(mcom_include_merrors_i_strings)(int16 i) ;
-static char *(mcom_include_secerr_i_strings)(int16 i) ;
-static char *(mcom_include_sslerr_i_strings)(int16 i) ;
-static char *(mcom_include_xp_error_i_strings)(int16 i) ;
-static char *(mcom_include_xp_msg_i_strings)(int16 i) ;
-
-
-#ifdef XP_WIN
-
-#define EWOULDBLOCK WSAEWOULDBLOCK
-#define EINPROGRESS WSAEINPROGRESS
-#define EALREADY WSAEALREADY
-#define ENOTSOCK WSAENOTSOCK
-#define EDESTADDRREQ WSAEDESTADDRREQ
-#define EMSGSIZE WSAEMSGSIZE
-#define EPROTOTYPE WSAEPROTOTYPE
-#define ENOPROTOOPT WSAENOPROTOOPT
-#define EPROTONOSUPPORT WSAEPROTONOSUPPORT
-#define ESOCKTNOSUPPORT WSAESOCKTNOSUPPORT
-#define EOPNOTSUPP WSAEOPNOTSUPP
-#define EPFNOSUPPORT WSAEPFNOSUPPORT
-#define EAFNOSUPPORT WSAEAFNOSUPPORT
-#define EADDRINUSE WSAEADDRINUSE
-#define EADDRNOTAVAIL WSAEADDRNOTAVAIL
-#define ENETDOWN WSAENETDOWN
-#define ENETUNREACH WSAENETUNREACH
-#define ENETRESET WSAENETRESET
-#define ECONNABORTED WSAECONNABORTED
-#define ECONNRESET WSAECONNRESET
-#define ENOBUFS WSAENOBUFS
-#define EISCONN WSAEISCONN
-#define ENOTCONN WSAENOTCONN
-#define ESHUTDOWN WSAESHUTDOWN
-#define ETOOMANYREFS WSAETOOMANYREFS
-#define ETIMEDOUT WSAETIMEDOUT
-#define ECONNREFUSED WSAECONNREFUSED
-#define ELOOP WSAELOOP
-#define EHOSTDOWN WSAEHOSTDOWN
-#define EHOSTUNREACH WSAEHOSTUNREACH
-#define EPROCLIM WSAEPROCLIM
-#define EUSERS WSAEUSERS
-#define EDQUOT WSAEDQUOT
-#define ESTALE WSAESTALE
-#define EREMOTE WSAEREMOTE
-
-#endif
-
-#undef XP_WIN
-#undef XP_UNIX
-#undef RESOURCE_STR_X
-#undef RESOURCE_STR
-
-#define XP_UNIX 1
-#define RESOURCE_STR 1
-
-#include "allxpstr.h"
-
-const char *
-SECU_Strerror(int error)
-{
- char * errString;
- int16 err = error + RES_OFFSET;
-
- errString = mcom_include_merrors_i_strings(err) ;
- if (!errString)
- errString = mcom_include_secerr_i_strings(err) ;
- if (!errString)
- errString = mcom_include_sslerr_i_strings(err) ;
- if (!errString)
- errString = mcom_include_xp_error_i_strings(err) ;
- if (!errString)
- errString = mcom_include_xp_msg_i_strings(err) ;
- if (!errString)
- errString = "ERROR NOT FOUND! \n";
-
-/* printf( "%s\n", errString); */
-
- return (const char *)errString;
-}
-
diff --git a/security/nss/cmd/lib/stubs.c b/security/nss/cmd/lib/stubs.c
deleted file mode 100644
index 6dfafcb66..000000000
--- a/security/nss/cmd/lib/stubs.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "secport.h" /* for UUID */
-
-#if !defined(SUNOS) && !defined(SUN) && !defined(SOLARIS)
-void SSL_InitHashLock (void)
- {
- }
-
-void SSL3_Init (void)
- {
- }
-#endif
-
-int
-PREF_GetCharPref(const char *pref_name, char * return_buffer, int * length)
-{
- assert(0);
- return -1;
-}
diff --git a/security/nss/cmd/makefile.inc b/security/nss/cmd/makefile.inc
deleted file mode 100644
index 029576e7c..000000000
--- a/security/nss/cmd/makefile.inc
+++ /dev/null
@@ -1,84 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-INCLUDES += \
- -I$(DEPTH)/security/lib/cert \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
- -I../include \
- $(NULL)
-
-
-# For the time being, sec stuff is export only
-# US_FLAGS = -DEXPORT_VERSION -DUS_VERSION
-
-US_FLAGS = -DEXPORT_VERSION
-EXPORT_FLAGS = -DEXPORT_VERSION
-
-BASE_LIBS = \
- $(DIST)/lib/libdbm.a \
- $(DIST)/lib/libxp.a \
- $(DIST)/lib/libnspr21.a \
- $(NULL)
-
-
-#There is a circular dependancy in security/lib, and here is a gross fix
-SEC_LIBS = \
- $(DIST)/lib/libsecnav.a \
- $(DIST)/lib/libssl.a \
- $(DIST)/lib/libpkcs7.a \
- $(DIST)/lib/libcert.a \
- $(DIST)/lib/libkey.a \
- $(DIST)/lib/libsecmod.a \
- $(DIST)/lib/libcrypto.a \
- $(DIST)/lib/libsecutil.a \
- $(DIST)/lib/libssl.a \
- $(DIST)/lib/libpkcs7.a \
- $(DIST)/lib/libcert.a \
- $(DIST)/lib/libkey.a \
- $(DIST)/lib/libsecmod.a \
- $(DIST)/lib/libcrypto.a \
- $(DIST)/lib/libsecutil.a \
- $(DIST)/lib/libhash.a \
- $(NULL)
-
-MYLIBDIR= ../lib/$(OBJDIR)
-MYLIB = $(MYLIBDIR)/libsectool.a
-
-US_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
-EX_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
-
-# this hack is necessary because rules.mk doesn't put anything like $(LIBS)
-# on the link command line (!?!?!?!)
-LDFLAGS += $(EX_LIBS)
-
diff --git a/security/nss/cmd/makefile.win b/security/nss/cmd/makefile.win
deleted file mode 100644
index 5e506590b..000000000
--- a/security/nss/cmd/makefile.win
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-VERBOSE = 1
-include <manifest.mn>
-
-include <$(DEPTH)\config\config.mak>
-
-include <$(DEPTH)\config\rules.mak>
-
-objs: $(OBJS)
-
-programs: $(PROGRAM)
-
-syms:
- @echo "OBJS is $(OBJS)"
- @echo "INCS is $(INCS)"
-
diff --git a/security/nss/cmd/makepqg/Makefile b/security/nss/cmd/makepqg/Makefile
deleted file mode 100644
index 36bf774fb..000000000
--- a/security/nss/cmd/makepqg/Makefile
+++ /dev/null
@@ -1,77 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
-
diff --git a/security/nss/cmd/makepqg/makefile.win b/security/nss/cmd/makepqg/makefile.win
deleted file mode 100644
index 462448d73..000000000
--- a/security/nss/cmd/makepqg/makefile.win
+++ /dev/null
@@ -1,156 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-VERBOSE = 1
-include <manifest.mn>
-
-PROGRAM = makepqg
-PROGRAM = $(OBJDIR)\$(PROGRAM).exe
-
-include <$(DEPTH)\config\config.mak>
-
-
-# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
-# rules.mak will append C_OBJS onto OBJS.
-# OBJS = $(CSRCS:.c=.obj)
-
-# include files are looked for in $LINCS and $INCS.
-# $LINCS is in manifest.mnw, computed from REQUIRES=
-INCS = $(INCS) \
- -I$(DEPTH)/security/lib/cert \
- -I$(DEPTH)/security/lib/crypto \
- -I../include \
- $(NULL)
-
-IGNORE_ME = \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
-
-
-WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
-
-# these files are the content of libdbm
-DBM_LIB = \
- $(WINFE)/DB.obj \
- $(WINFE)/HASH.obj \
- $(WINFE)/H_BIGKEY.obj \
- $(WINFE)/H_PAGE.obj \
- $(WINFE)/H_LOG2.obj \
- $(WINFE)/H_FUNC.obj \
- $(WINFE)/HASH_BUF.obj \
- $(NULL)
-
-MOZ_LIBS = \
- $(WINFE)/ALLXPSTR.obj \
- $(WINFE)/XP_ERROR.obj \
- $(WINFE)/XPASSERT.obj \
- $(WINFE)/XP_REG.obj \
- $(WINFE)/XP_TRACE.obj \
- $(DBM_LIB) \
- $(WINFE)/XP_STR.obj \
- $(WINFE)/MKTEMP.obj \
- $(NULL)
-
-SEC_LIBS = \
- $(DIST)/lib/cert$(MOZ_BITS).lib \
- $(DIST)/lib/crypto$(MOZ_BITS).lib \
- $(DIST)/lib/hash$(MOZ_BITS).lib \
- $(DIST)/lib/key$(MOZ_BITS).lib \
- $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
- $(DIST)/lib/secmod$(MOZ_BITS).lib \
- $(DIST)/lib/secutl$(MOZ_BITS).lib \
- $(DIST)/lib/ssl$(MOZ_BITS).lib \
- $(NULL)
-
-LLFLAGS = $(LLFLAGS) \
- ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
- $(SEC_LIBS) \
- $(MOZ_LIBS) \
- $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
- $(LIBNSPR) \
- $(NULL)
-
-
-# awt3240.lib # brpref32.lib # cert32.lib
-# crypto32.lib # dllcom.lib # editor32.lib
-# edpref32.lib # edtplug.lib # font.lib
-# hash32.lib # htmldg32.lib # img32.lib
-# javart32.lib # jbn3240.lib # jdb3240.lib
-# jmc.lib # jpeg3240.lib # jpw3240.lib
-# jrt3240.lib # js3240.lib # jsd3240.lib
-# key32.lib # libapplet32.lib # libnjs32.lib
-# libnsc32.lib # libreg32.lib # mm3240.lib
-# mnpref32.lib # netcst32.lib # nsdlg32.lib
-# nsldap32.lib # nsldaps32.lib # nsn32.lib
-# pkcs1232.lib # pkcs732.lib # pr3240.lib
-# prefui32.lib # prefuuid.lib # secmod32.lib
-# secnav32.lib # secutl32.lib # softup32.lib
-# sp3240.lib # ssl32.lib # uni3200.lib
-# unicvt32.lib # win32md.lib # winfont.lib
-# xppref32.lib # zlib32.lib
-
-include <$(DEPTH)\config\rules.mak>
-
-
-INSTALL = $(MAKE_INSTALL)
-
-objs: $(OBJS)
-
-$(PROGRAM)::
- $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
-
-programs: $(PROGRAM)
-
-install:: $(TARGETS)
- $(INSTALL) $(TARGETS) $(DIST)/bin
-
-# ALLXPSTR.obj XP_ALLOC.obj XP_HASH.obj XP_RGB.obj XP_WRAP.obj
-# CXPRINT.obj XP_C.cl XP_LIST.obj XP_SEC.obj netscape.exp
-# CXPRNDLG.obj XP_CNTXT.obj XP_MD5.obj XP_STR.obj xp.pch
-# EXPORT.obj XP_CORE.obj XP_MESG.obj XP_THRMO.obj xppref32.dll
-# XPASSERT.obj XP_ERROR.obj XP_RECT.obj XP_TIME.obj
-# XPLOCALE.obj XP_FILE.obj XP_REG.obj XP_TRACE.obj
-
-symbols:
- @echo "CSRCS = $(CSRCS)"
- @echo "INCS = $(INCS)"
- @echo "OBJS = $(OBJS)"
- @echo "LIBRARY = $(LIBRARY)"
- @echo "PROGRAM = $(PROGRAM)"
- @echo "TARGETS = $(TARGETS)"
- @echo "DIST = $(DIST)"
- @echo "VERSION_NUMBER = $(VERSION_NUMBER)"
- @echo "WINFE = $(WINFE)"
- @echo "DBM_LIB = $(DBM_LIB)"
- @echo "INSTALL = $(INSTALL)"
-
diff --git a/security/nss/cmd/makepqg/makepqg.c b/security/nss/cmd/makepqg/makepqg.c
deleted file mode 100644
index ead4698ad..000000000
--- a/security/nss/cmd/makepqg/makepqg.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "prtypes.h"
-#include "prtime.h"
-#include "prlong.h"
-
-#include "secutil.h"
-#include "secitem.h"
-#include "pk11func.h"
-#include "pqgutil.h"
-#include "secrng.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#include "plgetopt.h"
-
-#define BPB 8 /* bits per byte. */
-
-char *progName;
-
-
-void
-Usage(void)
-{
- fprintf(stderr, "Usage: %s\n", progName);
- fprintf(stderr,
-"-a Output DER-encoded PQG params, BTOA encoded.\n"
-" -l prime-length Length of prime in bits (1024 is default)\n"
-" -o file Output to this file (default is stdout)\n"
-"-b Output DER-encoded PQG params in binary\n"
-" -l prime-length Length of prime in bits (1024 is default)\n"
-" -o file Output to this file (default is stdout)\n"
-"-r Output P, Q and G in ASCII hexadecimal. \n"
-" -l prime-length Length of prime in bits (1024 is default)\n"
-" -o file Output to this file (default is stdout)\n"
-"-g bits Generate SEED this many bits long.\n"
-);
- exit(-1);
-
-}
-
-int
-outputPQGParams(PQGParams * pqgParams, PRBool output_binary, PRBool output_raw,
- FILE * outFile)
-{
- PRArenaPool * arena = NULL;
- char * PQG;
- SECItem encodedParams;
-
- if (output_raw) {
- SECItem item;
-
- PQG_GetPrimeFromParams(pqgParams, &item);
- SECU_PrintInteger(outFile, &item, "Prime", 1);
- SECITEM_FreeItem(&item, PR_FALSE);
-
- PQG_GetSubPrimeFromParams(pqgParams, &item);
- SECU_PrintInteger(outFile, &item, "Subprime", 1);
- SECITEM_FreeItem(&item, PR_FALSE);
-
- PQG_GetBaseFromParams(pqgParams, &item);
- SECU_PrintInteger(outFile, &item, "Base", 1);
- SECITEM_FreeItem(&item, PR_FALSE);
-
- fprintf(outFile, "\n");
- return 0;
- }
-
- encodedParams.data = NULL;
- encodedParams.len = 0;
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- SEC_ASN1EncodeItem(arena, &encodedParams, pqgParams,
- SECKEY_PQGParamsTemplate);
- if (output_binary) {
- fwrite(encodedParams.data, encodedParams.len, sizeof(char), outFile);
- printf("\n");
- return 0;
- }
-
- /* must be output ASCII */
- PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len);
-
- fprintf(outFile,"%s",PQG);
- printf("\n");
- return 0;
-}
-
-int
-outputPQGVerify(PQGVerify * pqgVerify, PRBool output_binary, PRBool output_raw,
- FILE * outFile)
-{
- if (output_raw) {
- SECItem item;
- unsigned int counter;
-
- PQG_GetHFromVerify(pqgVerify, &item);
- SECU_PrintInteger(outFile, &item, "h", 1);
- SECITEM_FreeItem(&item, PR_FALSE);
-
- PQG_GetSeedFromVerify(pqgVerify, &item);
- SECU_PrintInteger(outFile, &item, "SEED", 1);
- fprintf(outFile, " g: %d\n", item.len * BPB);
- SECITEM_FreeItem(&item, PR_FALSE);
-
- counter = PQG_GetCounterFromVerify(pqgVerify);
- fprintf(outFile, " counter: %d\n", counter);
- fprintf(outFile, "\n");
- return 0;
- }
- return 0;
-}
-
-int
-main(int argc, char **argv)
-{
- FILE * outFile = NULL;
- PQGParams * pqgParams = NULL;
- PQGVerify * pqgVerify = NULL;
- int keySizeInBits = 1024;
- int j;
- int o;
- int g = 0;
- SECStatus rv = 0;
- SECStatus passed = 0;
- PRBool output_ascii = PR_FALSE;
- PRBool output_binary = PR_FALSE;
- PRBool output_raw = PR_FALSE;
- PLOptState *optstate;
- PLOptStatus status;
-
-
- progName = strrchr(argv[0], '/');
- if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
-
- /* Parse command line arguments */
- optstate = PL_CreateOptState(argc, argv, "l:abro:g:" );
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
-
- case 'l':
- keySizeInBits = atoi(optstate->value);
- break;
-
- case 'a':
- output_ascii = PR_TRUE;
- break;
-
- case 'b':
- output_binary = PR_TRUE;
- break;
-
- case 'r':
- output_raw = PR_TRUE;
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "wb");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- rv = -1;
- }
- break;
-
- case 'g':
- g = atoi(optstate->value);
- break;
-
- default:
- case '?':
- Usage();
- break;
-
- }
- }
-
- if (rv != 0) {
- return rv;
- }
-
- /* exactly 1 of these options must be set. */
- if (1 != ((output_ascii != PR_FALSE) +
- (output_binary != PR_FALSE) +
- (output_raw != PR_FALSE))) {
- Usage();
- }
-
- j = PQG_PBITS_TO_INDEX(keySizeInBits);
- if (j < 0) {
- fprintf(stderr, "%s: Illegal prime length, \n"
- "\tacceptable values are between 512 and 1024,\n"
- "\tand divisible by 64\n", progName);
- return -1;
- }
- if (g != 0 && (g < 160 || g >= 2048 || g % 8 != 0)) {
- fprintf(stderr, "%s: Illegal g bits, \n"
- "\tacceptable values are between 160 and 2040,\n"
- "\tand divisible by 8\n", progName);
- return -1;
- }
-
- if (outFile == NULL) {
- outFile = stdout;
- }
-
- RNG_RNGInit();
- RNG_SystemInfoForRNG();
- if (g)
- rv = PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g/8),
- &pqgParams, &pqgVerify);
- else
- rv = PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify);
-
- if (rv != SECSuccess || pqgParams == NULL) {
- fprintf(stderr, "%s: PQG parameter generation failed.\n", progName);
- goto loser;
- }
- fprintf(stderr, "%s: PQG parameter generation completed.\n", progName);
-
- o = outputPQGParams(pqgParams, output_binary, output_raw, outFile);
- o = outputPQGVerify(pqgVerify, output_binary, output_raw, outFile);
-
- rv = PQG_VerifyParams(pqgParams, pqgVerify, &passed);
- if (rv != SECSuccess) {
- fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName);
- goto loser;
- }
- if (passed != SECSuccess) {
- fprintf(stderr, "%s: PQG parameters failed verification.\n", progName);
- goto loser;
- }
- fprintf(stderr, "%s: PQG parameters passed verification.\n", progName);
-
- PQG_DestroyParams(pqgParams);
- PQG_DestroyVerify(pqgVerify);
- return 0;
-
-loser:
- PQG_DestroyParams(pqgParams);
- PQG_DestroyVerify(pqgVerify);
- return 1;
-}
diff --git a/security/nss/cmd/makepqg/manifest.mn b/security/nss/cmd/makepqg/manifest.mn
deleted file mode 100644
index 2a47c49bf..000000000
--- a/security/nss/cmd/makepqg/manifest.mn
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-REQUIRES = security seccmd dbm
-
-# DIRS =
-
-CSRCS = makepqg.c
-
-PROGRAM = makepqg
-
diff --git a/security/nss/cmd/makepqg/testit.ksh b/security/nss/cmd/makepqg/testit.ksh
deleted file mode 100644
index 98cb7fa9d..000000000
--- a/security/nss/cmd/makepqg/testit.ksh
+++ /dev/null
@@ -1,41 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-COUNTER=75
-while [ $COUNTER -ge "1" ]
-do
- COUNTER=$(eval expr $COUNTER - 1)
- echo $COUNTER
- */makepqg.exe -r -l 640 -g 160 || exit 1
-done
-
diff --git a/security/nss/cmd/manifest.mn b/security/nss/cmd/manifest.mn
deleted file mode 100644
index 0ccd24b80..000000000
--- a/security/nss/cmd/manifest.mn
+++ /dev/null
@@ -1,82 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-DEPTH = ../..
-# MODULE = seccmd
-
-REQUIRES = security nspr libdbm
-
-DIRS = lib \
- zlib \
- atob \
- btoa \
- certcgi \
- certutil \
- checkcert \
- crlutil \
- derdump \
- digest \
- makepqg \
- ocspclnt \
- oidcalc \
- p7content \
- p7env \
- p7sign \
- p7verify \
- pp \
- rngtest \
- sdrtest \
- selfserv \
- ssltap \
- strsclnt \
- swfort \
- tstclnt \
- smimetools \
- $(NULL)
-
-TEMPORARILY_DONT_BUILD = \
- SSLsample \
- modutil \
- $(NULL)
-
-# rsaperf \
-#
-# needs to look at what needs to happen to make jar build in
-# the binary release environment.
-#
-# perror requires lib/strerror.c which requires the client code installed
-# to build (requires allxpstr.h)
-#
-DONT_BULD = jar \
- perror \
-$(NULL)
diff --git a/security/nss/cmd/modutil/Makefile b/security/nss/cmd/modutil/Makefile
deleted file mode 100644
index 5f4321fec..000000000
--- a/security/nss/cmd/modutil/Makefile
+++ /dev/null
@@ -1,85 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
-ifeq ($(OS_ARCH), WINNT)
-installparse.c: installparse.y
- yacc -d installparse.y
- mv ytab.c installparse.c
- mv ytab.h installparse.h
-else
-installparse.c: installparse.y
- yacc -d installparse.y
- mv y.tab.c installparse.c
- mv y.tab.h installparse.h
-endif
diff --git a/security/nss/cmd/modutil/README b/security/nss/cmd/modutil/README
deleted file mode 100644
index 12d192c9f..000000000
--- a/security/nss/cmd/modutil/README
+++ /dev/null
@@ -1,7 +0,0 @@
- CRYPTOGRAPHIC MODULE UTILITY (modutil)
- VERSION 1.0
- ===============================================
-
-The file specification.html documentats the software.
-
-The file pk11jar.html documents the PKCS #11 JAR format.
diff --git a/security/nss/cmd/modutil/README.TXT b/security/nss/cmd/modutil/README.TXT
deleted file mode 100644
index 279e3ebe6..000000000
--- a/security/nss/cmd/modutil/README.TXT
+++ /dev/null
@@ -1,7 +0,0 @@
- CRYPTOGRAPHIC MODULE UTILITY (modutil)
- VERSION 1.0
- ===============================================
-
-The file specification.html documentats the software.
-
-The file pk11jar.html documents the PKCS #11 JAR format.
diff --git a/security/nss/cmd/modutil/config.mk b/security/nss/cmd/modutil/config.mk
deleted file mode 100644
index 3da32a667..000000000
--- a/security/nss/cmd/modutil/config.mk
+++ /dev/null
@@ -1,77 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Set the LDFLAGS value to encompass all normal link options, all #
-# library names, and all special system linking options #
-#######################################################################
-
-LDFLAGS = \
- $(DYNAMIC_LIB_PATH) \
- $(LDOPTS) \
- $(LIBSECTOOLS) \
- $(LIBSECMOD) \
- $(LIBHASH) \
- $(LIBCERT) \
- $(LIBKEY) \
- $(LIBCRYPTO) \
- $(LIBSECUTIL) \
- $(LIBDBM) \
- $(LIBPLC3) \
- $(LIBPLDS3) \
- $(LIBPR3) \
- $(DLLSYSTEM) \
- $(LIBJAR) \
- $(LIBZLIB) \
- $(LIBPKCS7) \
- $(LIBPLC3)
-
-# Strip out the symbols
-ifdef BUILD_OPT
- ifneq ($(OS_ARCH),WINNT)
- LDFLAGS += -s
- endif
-endif
-
-#######################################################################
-# Adjust specific variables for all platforms #
-#######################################################################
-
-
-ifeq ($(OS_ARCH),WINNT)
- PACKAGE_FILES = license.txt README.TXT specification.html pk11jar.html modutil.exe
-else
- PACKAGE_FILES = license.doc README specification.html pk11jar.html modutil
-endif
-
-ARCHIVE_NAME = modutil_$(OS_CONFIG)
diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h
deleted file mode 100644
index 504e32f24..000000000
--- a/security/nss/cmd/modutil/error.h
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef MODUTIL_ERROR_H
-#define MODUTIL_ERROR_H
-
-typedef enum {
- NO_ERR=0,
- INVALID_USAGE_ERR,
- UNEXPECTED_ARG_ERR,
- UNKNOWN_OPTION_ERR,
- MULTIPLE_COMMAND_ERR,
- OPTION_NEEDS_ARG_ERR,
- DUPLICATE_OPTION_ERR,
- MISSING_PARAM_ERR,
- INVALID_FIPS_ARG,
- NO_COMMAND_ERR,
- NO_DBDIR_ERR,
- FIPS_SWITCH_FAILED_ERR,
- FIPS_ALREADY_ON_ERR,
- FIPS_ALREADY_OFF_ERR,
- FILE_ALREADY_EXISTS_ERR,
- FILE_DOESNT_EXIST_ERR,
- FILE_NOT_READABLE_ERR,
- FILE_NOT_WRITEABLE_ERR,
- DIR_DOESNT_EXIST_ERR,
- DIR_NOT_READABLE_ERR,
- DIR_NOT_WRITEABLE_ERR,
- INVALID_CONSTANT_ERR,
- ADD_MODULE_FAILED_ERR,
- OUT_OF_MEM_ERR,
- DELETE_INTERNAL_ERR,
- DELETE_FAILED_ERR,
- NO_LIST_LOCK_ERR,
- NO_MODULE_LIST_ERR,
- NO_SUCH_MODULE_ERR,
- MOD_INFO_ERR,
- SLOT_INFO_ERR,
- TOKEN_INFO_ERR,
- NO_SUCH_TOKEN_ERR,
- CHANGEPW_FAILED_ERR,
- BAD_PW_ERR,
- DB_ACCESS_ERR,
- AUTHENTICATION_FAILED_ERR,
- NO_SUCH_SLOT_ERR,
- ENABLE_FAILED_ERR,
- UPDATE_MOD_FAILED_ERR,
- DEFAULT_FAILED_ERR,
- UNDEFAULT_FAILED_ERR,
- STDIN_READ_ERR,
- UNSPECIFIED_ERR,
- NOCERTDB_MISUSE_ERR,
-
- LAST_ERR /* must be last */
-} Error;
-#define SUCCESS NO_ERR
-
-/* !!! Should move this into its own .c and un-static it. */
-static char *errStrings[] = {
- "Operation completed successfully.\n",
- "ERROR: Invalid command line.\n",
- "ERROR: Not expecting argument \"%s\".\n",
- "ERROR: Unknown option: %s.\n",
- "ERROR: %s: multiple commands are not allowed on the command line.\n",
- "ERROR: %s: option needs an argument.\n",
- "ERROR: %s: option cannot be given more than once.\n",
- "ERROR: Command \"%s\" requires parameter \"%s\".\n",
- "ERROR: Argument to -fips must be \"true\" or \"false\".\n",
- "ERROR: No command was specified.\n",
- "ERROR: Cannot determine database directory: use the -dbdir option.\n",
- "ERROR: Unable to switch FIPS modes.\n",
- "FIPS mode already enabled.\n",
- "FIPS mode already disabled.\n",
- "ERROR: File \"%s\" already exists.\n",
- "ERROR: File \"%s\" does not exist.\n",
- "ERROR: File \"%s\" is not readable.\n",
- "ERROR: File \"%s\" is not writeable.\n",
- "ERROR: Directory \"%s\" does not exist.\n",
- "ERROR: Directory \"%s\" is not readable.\n",
- "ERROR: Directory \"%s\" is not writeable.\n",
- "\"%s\" is not a recognized value.\n",
- "ERROR: Failed to add module \"%s\".\n",
- "ERROR: Out of memory.\n",
- "ERROR: Cannot delete internal module.\n",
- "ERROR: Failed to delete module \"%s\".\n",
- "ERROR: Unable to obtain lock on module list.\n",
- "ERROR: Unable to obtain module list.\n",
- "ERROR: Module \"%s\" not found in database.\n",
- "ERROR: Unable to get information about module \"%s\".\n",
- "ERROR: Unable to get information about slot \"%s\".\n",
- "ERROR: Unable to get information about token \"%s\".\n",
- "ERROR: Token \"%s\" not found.\n",
- "ERROR: Unable to change password on token \"%s\".\n",
- "ERROR: Incorrect password.\n",
- "ERROR: Unable to access database \"%s\".\n",
- "ERROR: Unable to authenticate to token \"%s\".\n",
- "ERROR: Slot \"%s\" not found.\n",
- "ERROR: Failed to %s slot \"%s\".\n",
- "ERROR: Failed to update module \"%s\".\n",
- "ERROR: Failed to change defaults.\n",
- "ERROR: Failed to change default.\n",
- "ERROR: Unable to read from standard input.\n",
- "ERROR: Unknown error occurred.\n",
- "ERROR: -nocertdb option can only be used with the -jar command.\n"
-};
-
-typedef enum {
- FIPS_ENABLED_MSG=0,
- FIPS_DISABLED_MSG,
- USING_DBDIR_MSG,
- CREATING_DB_MSG,
- ADD_MODULE_SUCCESS_MSG,
- DELETE_SUCCESS_MSG,
- CHANGEPW_SUCCESS_MSG,
- BAD_PW_MSG,
- PW_MATCH_MSG,
- DONE_MSG,
- ENABLE_SUCCESS_MSG,
- DEFAULT_SUCCESS_MSG,
- UNDEFAULT_SUCCESS_MSG,
- BROWSER_RUNNING_MSG,
- ABORTING_MSG,
-
- LAST_MSG /* must be last */
-} Message;
-
-static char *msgStrings[] = {
- "FIPS mode enabled.\n",
- "FIPS mode disabled.\n",
- "Using database directory %s...\n",
- "Creating \"%s\"...",
- "Module \"%s\" added to database.\n",
- "Module \"%s\" deleted from database.\n",
- "Token \"%s\" password changed successfully.\n",
- "Incorrect password, try again...\n",
- "Passwords do not match, try again...\n",
- "done.\n",
- "Slot \"%s\" %s.\n",
- "Successfully changed defaults.\n",
- "Successfully changed defaults.\n",
-"\nWARNING: Performing this operation while the browser is running could cause"
-"\ncorruption of your security databases. If the browser is currently running,"
-"\nyou should exit browser before continuing this operation. Type "
-"\n'q <enter>' to abort, or <enter> to continue: ",
- "\nAborting...\n"
-};
-
-#endif /* MODUTIL_ERROR_H */
diff --git a/security/nss/cmd/modutil/install-ds.c b/security/nss/cmd/modutil/install-ds.c
deleted file mode 100644
index e6b90ded3..000000000
--- a/security/nss/cmd/modutil/install-ds.c
+++ /dev/null
@@ -1,1541 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "install-ds.h"
-#include <prmem.h>
-#include <plstr.h>
-#include <prprf.h>
-#include <string.h>
-
-#define PORT_Strcasecmp PL_strcasecmp
-
-#define MODULE_FILE_STRING "ModuleFile"
-#define MODULE_NAME_STRING "ModuleName"
-#define MECH_FLAGS_STRING "DefaultMechanismFlags"
-#define CIPHER_FLAGS_STRING "DefaultCipherFlags"
-#define FILES_STRING "Files"
-#define FORWARD_COMPATIBLE_STRING "ForwardCompatible"
-#define PLATFORMS_STRING "Platforms"
-#define RELATIVE_DIR_STRING "RelativePath"
-#define ABSOLUTE_DIR_STRING "AbsolutePath"
-#define FILE_PERMISSIONS_STRING "FilePermissions"
-#define EQUIVALENT_PLATFORM_STRING "EquivalentPlatform"
-#define EXECUTABLE_STRING "Executable"
-
-#define DEFAULT_PERMISSIONS 0777
-
-#define PLATFORM_SEPARATOR_CHAR ':'
-
-/* Error codes */
-enum {
- BOGUS_RELATIVE_DIR=0,
- BOGUS_ABSOLUTE_DIR,
- BOGUS_FILE_PERMISSIONS,
- NO_RELATIVE_DIR,
- NO_ABSOLUTE_DIR,
- EMPTY_PLATFORM_STRING,
- BOGUS_PLATFORM_STRING,
- REPEAT_MODULE_FILE,
- REPEAT_MODULE_NAME,
- BOGUS_MODULE_FILE,
- BOGUS_MODULE_NAME,
- REPEAT_MECH,
- BOGUS_MECH_FLAGS,
- REPEAT_CIPHER,
- BOGUS_CIPHER_FLAGS,
- REPEAT_FILES,
- REPEAT_EQUIV,
- BOGUS_EQUIV,
- EQUIV_TOO_MUCH_INFO,
- NO_FILES,
- NO_MODULE_FILE,
- NO_MODULE_NAME,
- NO_PLATFORMS,
- EQUIV_LOOP,
- UNKNOWN_MODULE_FILE
-};
-
-/* Indexed by the above error codes */
-static const char *errString[] = {
- "%s: Invalid relative directory",
- "%s: Invalid absolute directory",
- "%s: Invalid file permissions",
- "%s: No relative directory specified",
- "%s: No absolute directory specified",
- "Empty string given for platform name",
- "%s: invalid platform string",
- "More than one ModuleFile entry given for platform %s",
- "More than one ModuleName entry given for platform %s",
- "Invalid ModuleFile specification for platform %s",
- "Invalid ModuleName specification for platform %s",
- "More than one DefaultMechanismFlags entry given for platform %s",
- "Invalid DefaultMechanismFlags specification for platform %s",
- "More than one DefaultCipherFlags entry given for platform %s",
- "Invalid DefaultCipherFlags entry given for platform %s",
- "More than one Files entry given for platform %s",
- "More than one EquivalentPlatform entry given for platform %s",
- "Invalid EquivalentPlatform specification for platform %s",
- "Module %s uses an EquivalentPlatform but also specifies its own"
- " information",
- "No Files specification in module %s",
- "No ModuleFile specification in module %s",
- "No ModuleName specification in module %s",
- "No Platforms specification in installer script",
- "Platform %s has an equivalency loop",
- "Module file \"%s\" in platform \"%s\" does not exist"
-};
-
-static char* PR_Strdup(const char* str);
-
-#define PAD(x) {int i; for(i=0;i<x;i++) printf(" ");}
-#define PADINC 4
-
-Pk11Install_File*
-Pk11Install_File_new()
-{
- Pk11Install_File* new_this;
- new_this = (Pk11Install_File*)PR_Malloc(sizeof(Pk11Install_File));
- Pk11Install_File_init(new_this);
- return new_this;
-}
-
-void
-Pk11Install_File_init(Pk11Install_File* _this)
-{
- _this->jarPath=NULL;
- _this->relativePath=NULL;
- _this->absolutePath=NULL;
- _this->executable=PR_FALSE;
- _this->permissions=0;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: ~Pk11Install_File
-// Class: Pk11Install_File
-// Notes: Destructor.
-*/
-void
-Pk11Install_File_delete(Pk11Install_File* _this)
-{
- Pk11Install_File_Cleanup(_this);
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Cleanup
-// Class: Pk11Install_File
-*/
-void
-Pk11Install_File_Cleanup(Pk11Install_File* _this)
-{
- if(_this->jarPath) {
- PR_Free(_this->jarPath);
- _this->jarPath = NULL;
- }
- if(_this->relativePath) {
- PR_Free(_this->relativePath);
- _this->relativePath = NULL;
- }
- if(_this->absolutePath) {
- PR_Free(_this->absolutePath);
- _this->absolutePath = NULL;
- }
-
- _this->permissions = 0;
- _this->executable = PR_FALSE;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Generate
-// Class: Pk11Install_File
-// Notes: Creates a file data structure from a syntax tree.
-// Returns: NULL for success, otherwise an error message.
-*/
-char*
-Pk11Install_File_Generate(Pk11Install_File* _this,
- const Pk11Install_Pair *pair)
-{
- Pk11Install_ListIter *iter;
- Pk11Install_Value *val;
- Pk11Install_Pair *subpair;
- Pk11Install_ListIter *subiter;
- Pk11Install_Value *subval;
- char* errStr;
- char *endp;
- PRBool gotPerms;
-
- iter=NULL;
- subiter=NULL;
- errStr=NULL;
- gotPerms=PR_FALSE;
-
- /* Clear out old values */
- Pk11Install_File_Cleanup(_this);
-
- _this->jarPath = PR_Strdup(pair->key);
-
- /* Go through all the pairs under this file heading */
- iter = Pk11Install_ListIter_new(pair->list);
- for( ; (val = iter->current); Pk11Install_ListIter_nextItem(iter)) {
- if(val->type == PAIR_VALUE) {
- subpair = val->pair;
-
- /* Relative directory */
- if(!PORT_Strcasecmp(subpair->key, RELATIVE_DIR_STRING)) {
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)){
- errStr = PR_smprintf(errString[BOGUS_RELATIVE_DIR],
- _this->jarPath);
- goto loser;
- }
- _this->relativePath = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(subiter);
- subiter = NULL;
-
- /* Absolute directory */
- } else if( !PORT_Strcasecmp(subpair->key, ABSOLUTE_DIR_STRING)) {
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)){
- errStr = PR_smprintf(errString[BOGUS_ABSOLUTE_DIR],
- _this->jarPath);
- goto loser;
- }
- _this->absolutePath = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(subiter);
- subiter = NULL;
-
- /* file permissions */
- } else if( !PORT_Strcasecmp(subpair->key,
- FILE_PERMISSIONS_STRING)) {
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)){
- errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
- _this->jarPath);
- goto loser;
- }
- _this->permissions = (int) strtol(subval->string, &endp, 8);
- if(*endp != '\0' || subval->string == "\0") {
- errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
- _this->jarPath);
- goto loser;
- }
- gotPerms = PR_TRUE;
- Pk11Install_ListIter_delete(subiter);
- subiter = NULL;
- }
- } else {
- if(!PORT_Strcasecmp(val->string, EXECUTABLE_STRING)) {
- _this->executable = PR_TRUE;
- }
- }
- }
-
- /* Default permission value */
- if(!gotPerms) {
- _this->permissions = DEFAULT_PERMISSIONS;
- }
-
- /* Make sure we got all the information */
- if(!_this->relativePath && !_this->absolutePath) {
- errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath);
- goto loser;
- }
-#if 0
- if(!_this->relativePath ) {
- errStr = PR_smprintf(errString[NO_RELATIVE_DIR], _this->jarPath);
- goto loser;
- }
- if(!_this->absolutePath) {
- errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath);
- goto loser;
- }
-#endif
-
-loser:
- if(iter) {
- Pk11Install_ListIter_delete(iter);
- PR_Free(iter);
- }
- if(subiter) {
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- }
- return errStr;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Print
-// Class: Pk11Install_File
-*/
-void
-Pk11Install_File_Print(Pk11Install_File* _this, int pad)
-{
- PAD(pad); printf("jarPath: %s\n",
- _this->jarPath ? _this->jarPath : "<NULL>");
- PAD(pad); printf("relativePath: %s\n",
- _this->relativePath ? _this->relativePath: "<NULL>");
- PAD(pad); printf("absolutePath: %s\n",
- _this->absolutePath ? _this->absolutePath: "<NULL>");
- PAD(pad); printf("permissions: %o\n", _this->permissions);
-}
-
-Pk11Install_PlatformName*
-Pk11Install_PlatformName_new()
-{
- Pk11Install_PlatformName* new_this;
- new_this = (Pk11Install_PlatformName*)
- PR_Malloc(sizeof(Pk11Install_PlatformName));
- Pk11Install_PlatformName_init(new_this);
- return new_this;
-}
-
-void
-Pk11Install_PlatformName_init(Pk11Install_PlatformName* _this)
-{
- _this->OS = NULL;
- _this->verString = NULL;
- _this->numDigits = 0;
- _this->arch = NULL;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: ~Pk11Install_PlatformName
-// Class: Pk11Install_PlatformName
-*/
-void
-Pk11Install_PlatformName_delete(Pk11Install_PlatformName* _this)
-{
- Pk11Install_PlatformName_Cleanup(_this);
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Cleanup
-// Class: Pk11Install_PlatformName
-*/
-void
-Pk11Install_PlatformName_Cleanup(Pk11Install_PlatformName* _this)
-{
- if(_this->OS) {
- PR_Free(_this->OS);
- _this->OS = NULL;
- }
- if(_this->verString) {
- int i;
- for (i=0; i<_this->numDigits; i++) {
- PR_Free(_this->verString[i]);
- }
- PR_Free(_this->verString);
- _this->verString = NULL;
- }
- if(_this->arch) {
- PR_Free(_this->arch);
- _this->arch = NULL;
- }
- _this->numDigits = 0;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Generate
-// Class: Pk11Install_PlatformName
-// Notes: Extracts the information from a platform string.
-*/
-char*
-Pk11Install_PlatformName_Generate(Pk11Install_PlatformName* _this,
- const char *str)
-{
- char *errStr;
- char *copy;
- char *end, *start; /* start and end of a section (OS, version, arch)*/
- char *pend, *pstart; /* start and end of one portion of version*/
- char *endp; /* used by strtol*/
- int periods, i;
-
- errStr=NULL;
- copy=NULL;
-
- if(!str) {
- errStr = PR_smprintf(errString[EMPTY_PLATFORM_STRING]);
- goto loser;
- }
- copy = PR_Strdup(str);
-
- /*
- // Get the OS
- */
- end = strchr(copy, PLATFORM_SEPARATOR_CHAR);
- if(!end || end==copy) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- *end = '\0';
-
- _this->OS = PR_Strdup(copy);
-
- /*
- // Get the digits of the version of form: x.x.x (arbitrary number of digits)
- */
-
- start = end+1;
- end = strchr(start, PLATFORM_SEPARATOR_CHAR);
- if(!end) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- *end = '\0';
-
- if(end!=start) {
- /* Find out how many periods*/
- periods = 0;
- pstart = start;
- while( (pend=strchr(pstart, '.')) ) {
- periods++;
- pstart = pend+1;
- }
- _this->numDigits= 1+ periods;
- _this->verString = (char**)PR_Malloc(sizeof(char*)*_this->numDigits);
-
- pstart = start;
- i = 0;
- /* Get the digits before each period*/
- while( (pend=strchr(pstart, '.')) ) {
- if(pend == pstart) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- *pend = '\0';
- _this->verString[i] = PR_Strdup(pstart);
- endp = pend;
- if(endp==pstart || (*endp != '\0')) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- pstart = pend+1;
- i++;
- }
- /* Last digit comes after the last period*/
- if(*pstart == '\0') {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- _this->verString[i] = PR_Strdup(pstart);
- /*
- if(endp==pstart || (*endp != '\0')) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- */
- } else {
- _this->verString = NULL;
- _this->numDigits = 0;
- }
-
- /*
- // Get the architecture
- */
- start = end+1;
- if( strchr(start, PLATFORM_SEPARATOR_CHAR) ) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- _this->arch = PR_Strdup(start);
-
- if(copy) {
- PR_Free(copy);
- }
- return NULL;
-loser:
- if(_this->OS) {
- PR_Free(_this->OS);
- _this->OS = NULL;
- }
- if(_this->verString) {
- for (i=0; i<_this->numDigits; i++) {
- PR_Free(_this->verString[i]);
- }
- PR_Free(_this->verString);
- _this->verString = NULL;
- }
- _this->numDigits = 0;
- if(_this->arch) {
- PR_Free(_this->arch);
- _this->arch = NULL;
- }
-
- return errStr;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: operator ==
-// Class: Pk11Install_PlatformName
-// Returns: PR_TRUE if the platform have the same OS, arch, and version
-*/
-PRBool
-Pk11Install_PlatformName_equal(Pk11Install_PlatformName* _this,
- Pk11Install_PlatformName* cmp)
-{
- int i;
-
- if(!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) {
- return PR_FALSE;
- }
-
- if( PORT_Strcasecmp(_this->OS, cmp->OS) ||
- PORT_Strcasecmp(_this->arch, cmp->arch) ||
- _this->numDigits != cmp->numDigits ) {
- return PR_FALSE;
- }
-
- for(i=0; i < _this->numDigits; i++) {
- if(PORT_Strcasecmp(_this->verString[i], cmp->verString[i])) {
- return PR_FALSE;
- }
- }
- return PR_TRUE;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: operator <=
-// Class: Pk11Install_PlatformName
-// Returns: PR_TRUE if the platform have the same OS and arch and a lower
-// or equal release.
-*/
-PRBool
-Pk11Install_PlatformName_lteq(Pk11Install_PlatformName* _this,
- Pk11Install_PlatformName* cmp)
-{
- return (Pk11Install_PlatformName_equal(_this,cmp) ||
- Pk11Install_PlatformName_lt(_this,cmp)) ? PR_TRUE : PR_FALSE;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: operator <
-// Class: Pk11Install_PlatformName
-// Returns: PR_TRUE if the platform have the same OS and arch and a greater
-// release.
-*/
-PRBool
-Pk11Install_PlatformName_lt(Pk11Install_PlatformName* _this,
- Pk11Install_PlatformName* cmp)
-{
- int i, scmp;
-
- if(!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) {
- return PR_FALSE;
- }
-
- if( PORT_Strcasecmp(_this->OS, cmp->OS) ) {
- return PR_FALSE;
- }
- if( PORT_Strcasecmp(_this->arch, cmp->arch) ) {
- return PR_FALSE;
- }
-
- for(i=0; (i < _this->numDigits) && (i < cmp->numDigits); i++) {
- scmp = PORT_Strcasecmp(_this->verString[i], cmp->verString[i]);
- if (scmp > 0) {
- return PR_FALSE;
- } else if (scmp < 0) {
- return PR_TRUE;
- }
- }
- /* All the digits they have in common are the same. */
- if(_this->numDigits < cmp->numDigits) {
- return PR_TRUE;
- }
-
- return PR_FALSE;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: GetString
-// Class: Pk11Install_PlatformName
-// Returns: String composed of OS, release, and architecture separated
-// by the separator char. Memory is allocated by this function
-// but is the responsibility of the caller to de-allocate.
-*/
-char*
-Pk11Install_PlatformName_GetString(Pk11Install_PlatformName* _this)
-{
- char *ret;
- char *ver;
- char *OS_;
- char *arch_;
-
- OS_=NULL;
- arch_=NULL;
-
- OS_ = _this->OS ? _this->OS : "";
- arch_ = _this->arch ? _this->arch : "";
-
- ver = Pk11Install_PlatformName_GetVerString(_this);
- ret = PR_smprintf("%s%c%s%c%s", OS_, PLATFORM_SEPARATOR_CHAR, ver,
- PLATFORM_SEPARATOR_CHAR, arch_);
-
- PR_Free(ver);
-
- return ret;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: GetVerString
-// Class: Pk11Install_PlatformName
-// Returns: The version string for this platform, in the form x.x.x with an
-// arbitrary number of digits. Memory allocated by function,
-// must be de-allocated by caller.
-*/
-char*
-Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this)
-{
- char *tmp;
- char *ret;
- int i;
- char buf[80];
-
- tmp = (char*)PR_Malloc(80*_this->numDigits+1);
- tmp[0] = '\0';
-
- for(i=0; i < _this->numDigits-1; i++) {
- sprintf(buf, "%s.", _this->verString[i]);
- strcat(tmp, buf);
- }
- if(i < _this->numDigits) {
- sprintf(buf, "%s", _this->verString[i]);
- strcat(tmp, buf);
- }
-
- ret = PR_Strdup(tmp);
- free(tmp);
-
- return ret;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Print
-// Class: Pk11Install_PlatformName
-*/
-void
-Pk11Install_PlatformName_Print(Pk11Install_PlatformName* _this, int pad)
-{
- PAD(pad); printf("OS: %s\n", _this->OS ? _this->OS : "<NULL>");
- PAD(pad); printf("Digits: ");
- if(_this->numDigits == 0) {
- printf("None\n");
- } else {
- printf("%s\n", Pk11Install_PlatformName_GetVerString(_this));
- }
- PAD(pad); printf("arch: %s\n", _this->arch ? _this->arch : "<NULL>");
-}
-
-Pk11Install_Platform*
-Pk11Install_Platform_new()
-{
- Pk11Install_Platform* new_this;
- new_this = (Pk11Install_Platform*)PR_Malloc(sizeof(Pk11Install_Platform));
- Pk11Install_Platform_init(new_this);
- return new_this;
-}
-
-void
-Pk11Install_Platform_init(Pk11Install_Platform* _this)
-{
- Pk11Install_PlatformName_init(&_this->name);
- Pk11Install_PlatformName_init(&_this->equivName);
- _this->equiv = NULL;
- _this->usesEquiv = PR_FALSE;
- _this->moduleFile = NULL;
- _this->moduleName = NULL;
- _this->modFile = -1;
- _this->mechFlags = 0;
- _this->cipherFlags = 0;
- _this->files = NULL;
- _this->numFiles = 0;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: ~Pk11Install_Platform
-// Class: Pk11Install_Platform
-*/
-void
-Pk11Install_Platform_delete(Pk11Install_Platform* _this)
-{
- Pk11Install_Platform_Cleanup(_this);
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Cleanup
-// Class: Pk11Install_Platform
-*/
-void
-Pk11Install_Platform_Cleanup(Pk11Install_Platform* _this)
-{
- int i;
- if(_this->moduleFile) {
- PR_Free(_this->moduleFile);
- _this->moduleFile = NULL;
- }
- if(_this->moduleName) {
- PR_Free(_this->moduleName);
- _this->moduleName = NULL;
- }
- if(_this->files) {
- for (i=0;i<_this->numFiles;i++) {
- Pk11Install_File_delete(&_this->files[i]);
- }
- PR_Free(_this->files);
- _this->files = NULL;
- }
- _this->equiv = NULL;
- _this->usesEquiv = PR_FALSE;
- _this->modFile = -1;
- _this->numFiles = 0;
- _this->mechFlags = _this->cipherFlags = 0;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Generate
-// Class: Pk11Install_Platform
-// Notes: Creates a platform data structure from a syntax tree.
-// Returns: NULL for success, otherwise an error message.
-*/
-char*
-Pk11Install_Platform_Generate(Pk11Install_Platform* _this,
- const Pk11Install_Pair *pair)
-{
- char* errStr;
- char* endptr;
- char* tmp;
- int i;
- Pk11Install_ListIter *iter;
- Pk11Install_Value *val;
- Pk11Install_Value *subval;
- Pk11Install_Pair *subpair;
- Pk11Install_ListIter *subiter;
- PRBool gotModuleFile, gotModuleName, gotMech,
- gotCipher, gotFiles, gotEquiv;
-
- errStr=NULL;
- iter=subiter=NULL;
- val=subval=NULL;
- subpair=NULL;
- gotModuleFile=gotModuleName=gotMech=gotCipher=gotFiles=gotEquiv=PR_FALSE;
- Pk11Install_Platform_Cleanup(_this);
-
- errStr = Pk11Install_PlatformName_Generate(&_this->name,pair->key);
- if(errStr) {
- tmp = PR_smprintf("%s: %s", pair->key, errStr);
- PR_smprintf_free(errStr);
- errStr = tmp;
- goto loser;
- }
-
- iter = Pk11Install_ListIter_new(pair->list);
- for( ; (val=iter->current); Pk11Install_ListIter_nextItem(iter)) {
- if(val->type==PAIR_VALUE) {
- subpair = val->pair;
-
- if( !PORT_Strcasecmp(subpair->key, MODULE_FILE_STRING)) {
- if(gotModuleFile) {
- errStr = PR_smprintf(errString[REPEAT_MODULE_FILE],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)) {
- errStr = PR_smprintf(errString[BOGUS_MODULE_FILE],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- _this->moduleFile = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter = NULL;
- gotModuleFile = PR_TRUE;
- } else if(!PORT_Strcasecmp(subpair->key, MODULE_NAME_STRING)){
- if(gotModuleName) {
- errStr = PR_smprintf(errString[REPEAT_MODULE_NAME],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)) {
- errStr = PR_smprintf(errString[BOGUS_MODULE_NAME],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- _this->moduleName = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter = NULL;
- gotModuleName = PR_TRUE;
- } else if(!PORT_Strcasecmp(subpair->key, MECH_FLAGS_STRING)) {
- endptr=NULL;
-
- if(gotMech) {
- errStr = PR_smprintf(errString[REPEAT_MECH],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)) {
- errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- _this->mechFlags = strtol(subval->string, &endptr, 0);
- if(*endptr!='\0' || (endptr==subval->string) ) {
- errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter=NULL;
- gotMech = PR_TRUE;
- } else if(!PORT_Strcasecmp(subpair->key,CIPHER_FLAGS_STRING)) {
- endptr=NULL;
-
- if(gotCipher) {
- errStr = PR_smprintf(errString[REPEAT_CIPHER],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)) {
- errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- _this->cipherFlags = strtol(subval->string, &endptr, 0);
- if(*endptr!='\0' || (endptr==subval->string) ) {
- errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter=NULL;
- gotCipher = PR_TRUE;
- } else if(!PORT_Strcasecmp(subpair->key, FILES_STRING)) {
- if(gotFiles) {
- errStr = PR_smprintf(errString[REPEAT_FILES],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- _this->numFiles = subpair->list->numPairs;
- _this->files = (Pk11Install_File*)
- PR_Malloc(sizeof(Pk11Install_File)*_this->numFiles);
- for(i=0; i < _this->numFiles; i++,
- Pk11Install_ListIter_nextItem(subiter)) {
- Pk11Install_File_init(&_this->files[i]);
- val = subiter->current;
- if(val && (val->type==PAIR_VALUE)) {
- errStr = Pk11Install_File_Generate(&_this->files[i],val->pair);
- if(errStr) {
- tmp = PR_smprintf("%s: %s",
- Pk11Install_PlatformName_GetString(&_this->name),errStr);
- PR_smprintf_free(errStr);
- errStr = tmp;
- goto loser;
- }
- }
- }
- gotFiles = PR_TRUE;
- } else if(!PORT_Strcasecmp(subpair->key,
- EQUIVALENT_PLATFORM_STRING)) {
- if(gotEquiv) {
- errStr = PR_smprintf(errString[REPEAT_EQUIV],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE) ) {
- errStr = PR_smprintf(errString[BOGUS_EQUIV],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- errStr = Pk11Install_PlatformName_Generate(&_this->equivName,
- subval->string);
- if(errStr) {
- tmp = PR_smprintf("%s: %s",
- Pk11Install_PlatformName_GetString(&_this->name), errStr);
- tmp = PR_smprintf("%s: %s",
- Pk11Install_PlatformName_GetString(&_this->name), errStr);
- PR_smprintf_free(errStr);
- errStr = tmp;
- goto loser;
- }
- _this->usesEquiv = PR_TRUE;
- }
- }
- }
-
- /* Make sure we either have an EquivalentPlatform or all the other info */
- if(_this->usesEquiv &&
- (gotFiles || gotModuleFile || gotModuleName || gotMech || gotCipher)) {
- errStr = PR_smprintf(errString[EQUIV_TOO_MUCH_INFO],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- if(!gotFiles && !_this->usesEquiv) {
- errStr = PR_smprintf(errString[NO_FILES],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- if(!gotModuleFile && !_this->usesEquiv) {
- errStr= PR_smprintf(errString[NO_MODULE_FILE],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- if(!gotModuleName && !_this->usesEquiv) {
- errStr = PR_smprintf(errString[NO_MODULE_NAME],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
-
- /* Point the modFile pointer to the correct file */
- if(gotModuleFile) {
- for(i=0; i < _this->numFiles; i++) {
- if(!PORT_Strcasecmp(_this->moduleFile, _this->files[i].jarPath) ) {
- _this->modFile = i;
- break;
- }
- }
- if(_this->modFile==-1) {
- errStr = PR_smprintf(errString[UNKNOWN_MODULE_FILE],
- _this->moduleFile,
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- }
-
-loser:
- if(iter) {
- PR_Free(iter);
- }
- if(subiter) {
- PR_Free(subiter);
- }
- return errStr;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Print
-// Class: Pk11Install_Platform
-*/
-void
-Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad)
-{
- int i;
-
- PAD(pad); printf("Name:\n");
- Pk11Install_PlatformName_Print(&_this->name,pad+PADINC);
- PAD(pad); printf("equivName:\n");
- Pk11Install_PlatformName_Print(&_this->equivName,pad+PADINC);
- PAD(pad);
- if(_this->usesEquiv) {
- printf("Uses equiv, which points to:\n");
- Pk11Install_Platform_Print(_this->equiv,pad+PADINC);
- } else {
- printf("Doesn't use equiv\n");
- }
- PAD(pad);
- printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile
- : "<NULL>");
- PAD(pad); printf("mechFlags: %lx\n", _this->mechFlags);
- PAD(pad); printf("cipherFlags: %lx\n", _this->cipherFlags);
- PAD(pad); printf("Files:\n");
- for(i=0; i < _this->numFiles; i++) {
- Pk11Install_File_Print(&_this->files[i],pad+PADINC);
- PAD(pad); printf("--------------------\n");
- }
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Pk11Install_Info
-// Class: Pk11Install_Info
-*/
-Pk11Install_Info*
-Pk11Install_Info_new()
-{
- Pk11Install_Info* new_this;
- new_this = (Pk11Install_Info*)PR_Malloc(sizeof(Pk11Install_Info));
- Pk11Install_Info_init(new_this);
- return new_this;
-}
-
-void
-Pk11Install_Info_init(Pk11Install_Info* _this)
-{
- _this->platforms = NULL;
- _this->numPlatforms = 0;
- _this->forwardCompatible = NULL;
- _this->numForwardCompatible = 0;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: ~Pk11Install_Info
-// Class: Pk11Install_Info
-*/
-void
-Pk11Install_Info_delete(Pk11Install_Info* _this)
-{
- Pk11Install_Info_Cleanup(_this);
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Cleanup
-// Class: Pk11Install_Info
-*/
-void
-Pk11Install_Info_Cleanup(Pk11Install_Info* _this)
-{
- int i;
- if(_this->platforms) {
- for (i=0;i<_this->numPlatforms;i++) {
- Pk11Install_Platform_delete(&_this->platforms[i]);
- }
- PR_Free(&_this->platforms);
- _this->platforms = NULL;
- _this->numPlatforms = 0;
- }
-
- if(_this->forwardCompatible) {
- for (i=0;i<_this->numForwardCompatible;i++) {
- Pk11Install_PlatformName_delete(&_this->forwardCompatible[i]);
- }
- PR_Free(&_this->forwardCompatible);
- _this->numForwardCompatible = 0;
- }
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Generate
-// Class: Pk11Install_Info
-// Takes: Pk11Install_ValueList *list, the top-level list
-// resulting from parsing an installer file.
-// Returns: char*, NULL if successful, otherwise an error string.
-// Caller is responsible for freeing memory.
-*/
-char*
-Pk11Install_Info_Generate(Pk11Install_Info* _this,
- const Pk11Install_ValueList *list)
-{
- char *errStr;
- Pk11Install_ListIter *iter;
- Pk11Install_Value *val;
- Pk11Install_Pair *pair;
- Pk11Install_ListIter *subiter;
- Pk11Install_Value *subval;
- Pk11Install_Platform *first, *second;
- int i, j;
-
- errStr=NULL;
- iter=subiter=NULL;
- Pk11Install_Info_Cleanup(_this);
-
- iter = Pk11Install_ListIter_new(list);
- for( ; (val=iter->current); Pk11Install_ListIter_nextItem(iter)) {
- if(val->type == PAIR_VALUE) {
- pair = val->pair;
-
- if(!PORT_Strcasecmp(pair->key, FORWARD_COMPATIBLE_STRING)) {
- subiter = Pk11Install_ListIter_new(pair->list);
- _this->numForwardCompatible = pair->list->numStrings;
- _this->forwardCompatible = (Pk11Install_PlatformName*)
- PR_Malloc(sizeof(Pk11Install_PlatformName)*
- _this->numForwardCompatible);
- for(i=0; i < _this->numForwardCompatible; i++,
- Pk11Install_ListIter_nextItem(subiter)) {
- subval = subiter->current;
- if(subval->type == STRING_VALUE) {
- errStr = Pk11Install_PlatformName_Generate(
- &_this->forwardCompatible[i], subval->string);
- if(errStr) {
- goto loser;
- }
- }
- }
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter = NULL;
- } else if(!PORT_Strcasecmp(pair->key, PLATFORMS_STRING)) {
- subiter = Pk11Install_ListIter_new(pair->list);
- _this->numPlatforms = pair->list->numPairs;
- _this->platforms = (Pk11Install_Platform*)
- PR_Malloc(sizeof(Pk11Install_Platform)*
- _this->numPlatforms);
- for(i=0; i < _this->numPlatforms; i++,
- Pk11Install_ListIter_nextItem(subiter)) {
- Pk11Install_Platform_init(&_this->platforms[i]);
- subval = subiter->current;
- if(subval->type == PAIR_VALUE) {
- errStr = Pk11Install_Platform_Generate(&_this->platforms[i],subval->pair);
- if(errStr) {
- goto loser;
- }
- }
- }
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter = NULL;
- }
- }
- }
-
- if(_this->numPlatforms == 0) {
- errStr = PR_smprintf(errString[NO_PLATFORMS]);
- goto loser;
- }
-
-/*
- //
- // Now process equivalent platforms
- //
-
- // First the naive pass
-*/
- for(i=0; i < _this->numPlatforms; i++) {
- if(_this->platforms[i].usesEquiv) {
- _this->platforms[i].equiv = NULL;
- for(j=0; j < _this->numPlatforms; j++) {
- if (Pk11Install_PlatformName_equal(&_this->platforms[i].equivName,
- &_this->platforms[j].name)) {
- if(i==j) {
- errStr = PR_smprintf(errString[EQUIV_LOOP],
- Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
- goto loser;
- }
- _this->platforms[i].equiv = &_this->platforms[j];
- break;
- }
- }
- if(_this->platforms[i].equiv == NULL) {
- errStr = PR_smprintf(errString[BOGUS_EQUIV],
- Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
- goto loser;
- }
- }
- }
-
-/*
- // Now the intelligent pass, which will also detect loops.
- // We will send two pointers through the linked list of equivalent
- // platforms. Both start with the current node. "first" traverses
- // two nodes for each iteration. "second" lags behind, only traversing
- // one node per iteration. Eventually one of two things will happen:
- // first will hit the end of the list (a platform that doesn't use
- // an equivalency), or first will equal second if there is a loop.
-*/
- for(i=0; i < _this->numPlatforms; i++) {
- if(_this->platforms[i].usesEquiv) {
- second = _this->platforms[i].equiv;
- if(!second->usesEquiv) {
- /* The first link is the terminal node */
- continue;
- }
- first = second->equiv;
- while(first->usesEquiv) {
- if(first == second) {
- errStr = PR_smprintf(errString[EQUIV_LOOP],
- Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
- goto loser;
- }
- first = first->equiv;
- if(!first->usesEquiv) {
- break;
- }
- if(first == second) {
- errStr = PR_smprintf(errString[EQUIV_LOOP],
- Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
- goto loser;
- }
- second = second->equiv;
- first = first->equiv;
- }
- _this->platforms[i].equiv = first;
- }
- }
-
-loser:
- if(iter) {
- Pk11Install_ListIter_delete(iter);
- PR_Free(iter);
- iter = NULL;
- }
- if(subiter) {
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter = NULL;
- }
- return errStr;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: GetBestPlatform
-// Class: Pk11Install_Info
-// Takes: char *myPlatform, the platform we are currently running
-// on.
-*/
-Pk11Install_Platform*
-Pk11Install_Info_GetBestPlatform(Pk11Install_Info* _this, char *myPlatform)
-{
- Pk11Install_PlatformName plat;
- char *errStr;
- int i, j;
-
- errStr=NULL;
-
- Pk11Install_PlatformName_init(&plat);
- if( (errStr=Pk11Install_PlatformName_Generate(&plat, myPlatform)) ) {
- PR_smprintf_free(errStr);
- return NULL;
- }
-
- /* First try real platforms */
- for(i=0; i < _this->numPlatforms; i++) {
- if(Pk11Install_PlatformName_equal(&_this->platforms[i].name,&plat)) {
- if(_this->platforms[i].equiv) {
- return _this->platforms[i].equiv;
- }
- else {
- return &_this->platforms[i];
- }
- }
- }
-
- /* Now try forward compatible platforms */
- for(i=0; i < _this->numForwardCompatible; i++) {
- if(Pk11Install_PlatformName_lteq(&_this->forwardCompatible[i],&plat)) {
- break;
- }
- }
- if(i == _this->numForwardCompatible) {
- return NULL;
- }
-
- /* Got a forward compatible name, find the actual platform. */
- for(j=0; j < _this->numPlatforms; j++) {
- if(Pk11Install_PlatformName_equal(&_this->platforms[j].name,
- &_this->forwardCompatible[i])) {
- if(_this->platforms[j].equiv) {
- return _this->platforms[j].equiv;
- } else {
- return &_this->platforms[j];
- }
- }
- }
-
- return NULL;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Method: Print
-// Class: Pk11Install_Info
-*/
-void
-Pk11Install_Info_Print(Pk11Install_Info* _this, int pad)
-{
- int i;
-
- PAD(pad); printf("Forward Compatible:\n");
- for(i = 0; i < _this->numForwardCompatible; i++) {
- Pk11Install_PlatformName_Print(&_this->forwardCompatible[i],pad+PADINC);
- PAD(pad); printf("-------------------\n");
- }
- PAD(pad); printf("Platforms:\n");
- for( i = 0; i < _this->numPlatforms; i++) {
- Pk11Install_Platform_Print(&_this->platforms[i],pad+PADINC);
- PAD(pad); printf("-------------------\n");
- }
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-*/
-static char*
-PR_Strdup(const char* str)
-{
- char *tmp;
- tmp = (char*) PR_Malloc((unsigned int)(strlen(str)+1));
- strcpy(tmp, str);
- return tmp;
-}
-
-/* The global value list, the top of the tree */
-Pk11Install_ValueList* Pk11Install_valueList=NULL;
-
-/****************************************************************************/
-void
-Pk11Install_ValueList_AddItem(Pk11Install_ValueList* _this,
- Pk11Install_Value *item)
-{
- _this->numItems++;
- if (item->type == STRING_VALUE) {
- _this->numStrings++;
- } else {
- _this->numPairs++;
- }
- item->next = _this->head;
- _this->head = item;
-}
-
-/****************************************************************************/
-Pk11Install_ListIter*
-Pk11Install_ListIter_new_default()
-{
- Pk11Install_ListIter* new_this;
- new_this = (Pk11Install_ListIter*)
- PR_Malloc(sizeof(Pk11Install_ListIter));
- Pk11Install_ListIter_init(new_this);
- return new_this;
-}
-
-/****************************************************************************/
-void
-Pk11Install_ListIter_init(Pk11Install_ListIter* _this)
-{
- _this->list = NULL;
- _this->current = NULL;
-}
-
-/****************************************************************************/
-Pk11Install_ListIter*
-Pk11Install_ListIter_new(const Pk11Install_ValueList *_list)
-{
- Pk11Install_ListIter* new_this;
- new_this = (Pk11Install_ListIter*)
- PR_Malloc(sizeof(Pk11Install_ListIter));
- new_this->list = _list;
- new_this->current = _list->head;
- return new_this;
-}
-
-/****************************************************************************/
-void
-Pk11Install_ListIter_delete(Pk11Install_ListIter* _this)
-{
- _this->list=NULL;
- _this->current=NULL;
-}
-
-/****************************************************************************/
-void
-Pk11Install_ListIter_reset(Pk11Install_ListIter* _this)
-{
- if(_this->list) {
- _this->current = _this->list->head;
- }
-}
-
-/*************************************************************************/
-Pk11Install_Value*
-Pk11Install_ListIter_nextItem(Pk11Install_ListIter* _this)
-{
- if(_this->current) {
- _this->current = _this->current->next;
- }
-
- return _this->current;
-}
-
-/****************************************************************************/
-Pk11Install_ValueList*
-Pk11Install_ValueList_new()
-{
- Pk11Install_ValueList* new_this;
- new_this = (Pk11Install_ValueList*)
- PR_Malloc(sizeof(Pk11Install_ValueList));
- new_this->numItems = 0;
- new_this->numPairs = 0;
- new_this->numStrings = 0;
- new_this->head = NULL;
- return new_this;
-}
-
-/****************************************************************************/
-void
-Pk11Install_ValueList_delete(Pk11Install_ValueList* _this)
-{
-
- Pk11Install_Value *tmp;
- Pk11Install_Value *list;
- list = _this->head;
-
- while(list != NULL) {
- tmp = list;
- list = list->next;
- PR_Free(tmp);
- }
- PR_Free(_this);
-}
-
-/****************************************************************************/
-Pk11Install_Value*
-Pk11Install_Value_new_default()
-{
- Pk11Install_Value* new_this;
- new_this = (Pk11Install_Value*)PR_Malloc(sizeof(Pk11Install_Value));
- new_this->type = STRING_VALUE;
- new_this->string = NULL;
- new_this->pair = NULL;
- new_this->next = NULL;
- return new_this;
-}
-
-/****************************************************************************/
-Pk11Install_Value*
-Pk11Install_Value_new(ValueType _type, Pk11Install_Pointer ptr)
-{
- Pk11Install_Value* new_this;
- new_this = Pk11Install_Value_new_default();
- new_this->type = _type;
- if(_type == STRING_VALUE) {
- new_this->pair = NULL;
- new_this->string = ptr.string;
- } else {
- new_this->string = NULL;
- new_this->pair = ptr.pair;
- }
- return new_this;
-}
-
-/****************************************************************************/
-void
-Pk11Install_Value_delete(Pk11Install_Value* _this)
-{
- if(_this->type == STRING_VALUE) {
- PR_Free(_this->string);
- } else {
- PR_Free(_this->pair);
- }
-}
-
-/****************************************************************************/
-Pk11Install_Pair*
-Pk11Install_Pair_new_default()
-{
- return Pk11Install_Pair_new(NULL,NULL);
-}
-
-/****************************************************************************/
-Pk11Install_Pair*
-Pk11Install_Pair_new(char *_key, Pk11Install_ValueList *_list)
-{
- Pk11Install_Pair* new_this;
- new_this = (Pk11Install_Pair*)PR_Malloc(sizeof(Pk11Install_Pair));
- new_this->key = _key;
- new_this->list = _list;
- return new_this;
-}
-
-/****************************************************************************/
-void
-Pk11Install_Pair_delete(Pk11Install_Pair* _this)
-{
- PR_Free(_this->key);
- Pk11Install_ValueList_delete(_this->list);
- PR_Free(_this->list);
-}
-
-/*************************************************************************/
-void
-Pk11Install_Pair_Print(Pk11Install_Pair* _this, int pad)
-{
- while (_this) {
- /*PAD(pad); printf("**Pair\n");
- PAD(pad); printf("***Key====\n");*/
- PAD(pad); printf("%s {\n", _this->key);
- /*PAD(pad); printf("====\n");*/
- /*PAD(pad); printf("***ValueList\n");*/
- Pk11Install_ValueList_Print(_this->list,pad+PADINC);
- PAD(pad); printf("}\n");
- }
-}
-
-/*************************************************************************/
-void
-Pk11Install_ValueList_Print(Pk11Install_ValueList* _this, int pad)
-{
- Pk11Install_Value *v;
-
- /*PAD(pad);printf("**Value List**\n");*/
- for(v = _this->head; v != NULL; v=v->next) {
- Pk11Install_Value_Print(v,pad);
- }
-}
-
-/*************************************************************************/
-void
-Pk11Install_Value_Print(Pk11Install_Value* _this, int pad)
-{
- /*PAD(pad); printf("**Value, type=%s\n",
- type==STRING_VALUE ? "string" : "pair");*/
- if(_this->type==STRING_VALUE) {
- /*PAD(pad+PADINC); printf("====\n");*/
- PAD(pad); printf("%s\n", _this->string);
- /*PAD(pad+PADINC); printf("====\n");*/
- } else {
- Pk11Install_Pair_Print(_this->pair,pad+PADINC);
- }
-}
diff --git a/security/nss/cmd/modutil/install-ds.h b/security/nss/cmd/modutil/install-ds.h
deleted file mode 100644
index eb7b7ce4e..000000000
--- a/security/nss/cmd/modutil/install-ds.h
+++ /dev/null
@@ -1,290 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef INSTALL_DS_H
-#define INSTALL_DS_H
-
-#include <stdio.h>
-#include <prio.h>
-#include <prmem.h>
-
-extern PRFileDesc *Pk11Install_FD;
-extern int Pk11Install_yylex();
-extern int Pk11Install_yylinenum;
-extern char *Pk11Install_yyerrstr;
-
-typedef enum { STRING_VALUE, PAIR_VALUE } ValueType;
-
-typedef struct Pk11Install_Pair_str Pk11Install_Pair;
-typedef union Pk11Install_Pointer_str Pk11Install_Pointer;
-typedef struct Pk11Install_Value_str Pk11Install_Value;
-typedef struct Pk11Install_ValueList_str Pk11Install_ValueList;
-typedef struct Pk11Install_ListIter_str Pk11Install_ListIter;
-typedef struct Pk11Install_File_str Pk11Install_File;
-typedef struct Pk11Install_PlatformName_str Pk11Install_PlatformName;
-typedef struct Pk11Install_Platform_str Pk11Install_Platform;
-typedef struct Pk11Install_Info_str Pk11Install_Info;
-
-extern Pk11Install_Pointer Pk11Install_yylval;
-extern Pk11Install_ValueList* Pk11Install_valueList;
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Pk11Install_Pair
-//////////////////////////////////////////////////////////////////////////
-*/
-
-struct Pk11Install_Pair_str {
- char * key;
- Pk11Install_ValueList *list;
-
-};
-
-Pk11Install_Pair*
-Pk11Install_Pair_new_default();
-Pk11Install_Pair*
-Pk11Install_Pair_new( char* _key, Pk11Install_ValueList* _list);
-void
-Pk11Install_Pair_delete(Pk11Install_Pair* _this);
-void
-Pk11Install_Pair_Print(Pk11Install_Pair* _this, int pad);
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Pk11Install_Pointer
-//////////////////////////////////////////////////////////////////////////
-*/
-union Pk11Install_Pointer_str {
- Pk11Install_ValueList *list;
- Pk11Install_Value *value;
- Pk11Install_Pair *pair;
- char *string;
-};
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Pk11Install_Value
-//////////////////////////////////////////////////////////////////////////
-*/
-struct Pk11Install_Value_str {
-
- ValueType type;
- char *string;
- Pk11Install_Pair *pair;
- struct Pk11Install_Value_str *next;
-};
-
-Pk11Install_Value*
-Pk11Install_Value_new_default();
-Pk11Install_Value*
-Pk11Install_Value_new(ValueType _type, Pk11Install_Pointer ptr);
-void
-Pk11Install_Value_delete(Pk11Install_Value* _this);
-void
-Pk11Install_Value_Print(Pk11Install_Value* _this, int pad);
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Pk11Install_ValueList
-//////////////////////////////////////////////////////////////////////////
-*/
-struct Pk11Install_ValueList_str {
- int numItems;
- int numPairs;
- int numStrings;
- Pk11Install_Value *head;
-};
-
-Pk11Install_ValueList*
-Pk11Install_ValueList_new();
-void
-Pk11Install_ValueList_delete(Pk11Install_ValueList* _this);
-void
-Pk11Install_ValueList_AddItem(Pk11Install_ValueList* _this,
- Pk11Install_Value* item);
-void
-Pk11Install_ValueList_Print(Pk11Install_ValueList* _this, int pad);
-
-
-/*
-//////////////////////////////////////////////////////////////////////////
-// Pk11Install_ListIter
-//////////////////////////////////////////////////////////////////////////
-*/
-struct Pk11Install_ListIter_str {
- const Pk11Install_ValueList *list;
- Pk11Install_Value *current;
-};
-
-Pk11Install_ListIter*
-Pk11Install_ListIter_new_default();
-void
-Pk11Install_ListIter_init(Pk11Install_ListIter* _this);
-Pk11Install_ListIter*
-Pk11Install_ListIter_new(const Pk11Install_ValueList* _list);
-void
-Pk11Install_ListIter_delete(Pk11Install_ListIter* _this);
-void
-Pk11Install_ListIter_reset(Pk11Install_ListIter* _this);
-Pk11Install_Value*
-Pk11Install_ListIter_nextItem(Pk11Install_ListIter* _this);
-
-/************************************************************************
- *
- * Pk11Install_File
- */
-struct Pk11Install_File_str {
- char *jarPath;
- char *relativePath;
- char *absolutePath;
- PRBool executable;
- int permissions;
-};
-
-Pk11Install_File*
-Pk11Install_File_new();
-void
-Pk11Install_File_init(Pk11Install_File* _this);
-void
-Pk11Install_file_delete(Pk11Install_File* _this);
-/*// Parses a syntax tree to obtain all attributes.
-// Returns NULL for success, error message if parse error.*/
-char*
-Pk11Install_File_Generate(Pk11Install_File* _this,
- const Pk11Install_Pair* pair);
-void
-Pk11Install_File_Print(Pk11Install_File* _this, int pad);
-void
-Pk11Install_File_Cleanup(Pk11Install_File* _this);
-
-/************************************************************************
- *
- * Pk11Install_PlatformName
- */
-struct Pk11Install_PlatformName_str {
- char *OS;
- char **verString;
- int numDigits;
- char *arch;
-};
-
-Pk11Install_PlatformName*
-Pk11Install_PlatformName_new();
-void
-Pk11Install_PlatformName_init(Pk11Install_PlatformName* _this);
-void
-Pk11Install_PlatformName_delete(Pk11Install_PlatformName* _this);
-char*
-Pk11Install_PlatformName_Generate(Pk11Install_PlatformName* _this,
- const char* str);
-char*
-Pk11Install_PlatformName_GetString(Pk11Install_PlatformName* _this);
-char*
-Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this);
-void
-Pk11Install_PlatformName_Print(Pk11Install_PlatformName* _this, int pad);
-void
-Pk11Install_PlatformName_Cleanup(Pk11Install_PlatformName* _this);
-PRBool
-Pk11Install_PlatformName_equal(Pk11Install_PlatformName* _this,
- Pk11Install_PlatformName* cmp);
-PRBool
-Pk11Install_PlatformName_lteq(Pk11Install_PlatformName* _this,
- Pk11Install_PlatformName* cmp);
-PRBool
-Pk11Install_PlatformName_lt(Pk11Install_PlatformName* _this,
- Pk11Install_PlatformName* cmp);
-
-/************************************************************************
- *
- * Pk11Install_Platform
- */
-struct Pk11Install_Platform_str {
- Pk11Install_PlatformName name;
- Pk11Install_PlatformName equivName;
- struct Pk11Install_Platform_str *equiv;
- PRBool usesEquiv;
- char *moduleFile;
- char *moduleName;
- int modFile;
- unsigned long mechFlags;
- unsigned long cipherFlags;
- Pk11Install_File *files;
- int numFiles;
-};
-
-Pk11Install_Platform*
-Pk11Install_Platform_new();
-void
-Pk11Install_Platform_init(Pk11Install_Platform* _this);
-void
-Pk11Install_Platform_delete(Pk11Install_Platform* _this);
-/*// Returns NULL for success, error message if parse error.*/
-char*
-Pk11Install_Platform_Generate(Pk11Install_Platform* _this,
- const Pk11Install_Pair *pair);
-void
-Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad);
-void
-Pk11Install_Platform_Cleanup(Pk11Install_Platform* _this);
-
-/************************************************************************
- *
- * Pk11Install_Info
- */
-struct Pk11Install_Info_str {
- Pk11Install_Platform *platforms;
- int numPlatforms;
- Pk11Install_PlatformName *forwardCompatible;
- int numForwardCompatible;
-};
-
-Pk11Install_Info*
-Pk11Install_Info_new();
-void
-Pk11Install_Info_init();
-void
-Pk11Install_Info_delete(Pk11Install_Info* _this);
-/*// Returns NULL for success, error message if parse error.*/
-char*
-Pk11Install_Info_Generate(Pk11Install_Info* _this,
- const Pk11Install_ValueList *list);
- /*// Returns NULL if there is no matching platform*/
-Pk11Install_Platform*
-Pk11Install_Info_GetBestPlatform(Pk11Install_Info* _this, char* myPlatform);
-void
-Pk11Install_Info_Print(Pk11Install_Info* _this, int pad);
-void
-Pk11Install_Info_Cleanup(Pk11Install_Info* _this);
-
-#endif // INSTALL_DS_H
diff --git a/security/nss/cmd/modutil/install.c b/security/nss/cmd/modutil/install.c
deleted file mode 100644
index 1d44da9e0..000000000
--- a/security/nss/cmd/modutil/install.c
+++ /dev/null
@@ -1,979 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "install.h"
-#include "install-ds.h"
-#include <prlock.h>
-#include <prio.h>
-#include <prmem.h>
-#include <prprf.h>
-#include <prsystem.h>
-#include <prproces.h>
-
-/*extern "C" {*/
-#include <jar.h>
-/*}*/
-
-extern /*"C"*/
-int Pk11Install_AddNewModule(char* moduleName, char* dllPath,
- unsigned long defaultMechanismFlags,
- unsigned long cipherEnableFlags);
-extern /*"C"*/
-short Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out,
- PRBool query);
-extern /*"C"*/
-char* mySECU_ErrorString(int16);
-extern
-int Pk11Install_yyparse();
-
-#define INSTALL_METAINFO_TAG "Pkcs11_install_script"
-#define SCRIPT_TEMP_FILE "pkcs11inst.tmp"
-#define ROOT_MARKER "%root%"
-#define TEMP_MARKER "%temp%"
-#define PRINTF_ROOT_MARKER "%%root%%"
-#define TEMPORARY_DIRECTORY_NAME "pk11inst.dir"
-#define JAR_BASE_END (JAR_BASE+100)
-
-static PRLock* errorHandlerLock=NULL;
-static Pk11Install_ErrorHandler errorHandler=NULL;
-static char* PR_Strdup(const char* str);
-static int rm_dash_r (char *path);
-static int make_dirs(char *path, int file_perms);
-static int dir_perms(int perms);
-
-static Pk11Install_Error DoInstall(JAR *jar, const char *installDir,
- const char* tempDir, Pk11Install_Platform *platform,
- PRFileDesc *feedback, PRBool noverify);
-
-static char *errorString[]= {
- "Operation was successful", /* PK11_INSTALL_NO_ERROR */
- "Directory \"%s\" does not exist", /* PK11_INSTALL_DIR_DOESNT_EXIST */
- "File \"%s\" does not exist", /* PK11_INSTALL_FILE_DOESNT_EXIST */
- "File \"%s\" is not readable", /* PK11_INSTALL_FILE_NOT_READABLE */
- "%s", /* PK11_INSTALL_ERROR_STRING */
- "Error in JAR file %s: %s", /* PK11_INSTALL_JAR_ERROR */
- "No Pkcs11_install_script specified in JAR metainfo file",
- /* PK11_INSTALL_NO_INSTALLER_SCRIPT */
- "Could not delete temporary file \"%s\"",
- /*PK11_INSTALL_DELETE_TEMP_FILE */
- "Could not open temporary file \"%s\"", /*PK11_INSTALL_OPEN_SCRIPT_FILE*/
- "%s: %s", /* PK11_INSTALL_SCRIPT_PARSE */
- "Error in script: %s",
- "Unable to obtain system platform information",
- "Installer script has no information about the current platform (%s)",
- "Relative directory \"%s\" does not contain "PRINTF_ROOT_MARKER,
- "Module File \"%s\" not found",
- "Error occurred installing module \"%s\" into database",
- "Error extracting \"%s\" from JAR file: %s",
- "Directory \"%s\" is not writeable",
- "Could not create directory \"%s\"",
- "Could not remove directory \"%s\"",
- "Unable to execute \"%s\"",
- "Unable to wait for process \"%s\"",
- "\"%s\" returned error code %d",
- "User aborted operation",
- "Unspecified error"
-};
-
-enum {
- INSTALLED_FILE_MSG=0,
- INSTALLED_MODULE_MSG,
- INSTALLER_SCRIPT_NAME,
- MY_PLATFORM_IS,
- USING_PLATFORM,
- PARSED_INSTALL_SCRIPT,
- EXEC_FILE_MSG,
- EXEC_SUCCESS,
- INSTALLATION_COMPLETE_MSG,
- USER_ABORT
-};
-
-static char *msgStrings[] = {
- "Installed file %s to %s\n",
- "Installed module \"%s\" into module database\n",
- "Using installer script \"%s\"\n",
- "Current platform is %s\n",
- "Using installation parameters for platform %s\n",
- "Successfully parsed installation script\n",
- "Executing \"%s\"...\n",
- "\"%s\" executed successfully\n",
- "\nInstallation completed successfully\n",
- "\nAborting...\n"
-};
-
-/**************************************************************************
- * S t r i n g N o d e
- */
-typedef struct StringNode_str {
- char *str;
- struct StringNode_str* next;
-} StringNode;
-
-StringNode* StringNode_new()
-{
- StringNode* new_this;
- new_this = (StringNode*)malloc(sizeof(StringNode));
- new_this->str=NULL;
- new_this->next=NULL;
- return new_this;
-}
-
-void StringNode_delete(StringNode* s)
-{
- if(s->str) {
- PR_Free(s->str);
- s->str=NULL;
- }
-}
-
-/*************************************************************************
- * S t r i n g L i s t
- */
-typedef struct StringList_str {
- StringNode* head;
- StringNode* tail;
-} StringList;
-
-void StringList_new(StringList* list)
-{
- list->head=NULL;
- list->tail=NULL;
-}
-
-void StringList_delete(StringList* list)
-{
- StringNode *tmp;
- while(list->head) {
- tmp = list->head;
- list->head = list->head->next;
- StringNode_delete(tmp);
- }
-}
-
-void
-StringList_Append(StringList* list, char* str)
-{
- if(!str) {
- return;
- }
-
- if(!list->tail) {
- /* This is the first element */
- list->head = list->tail = StringNode_new();
- } else {
- list->tail->next = StringNode_new();
- list->tail = list->tail->next;
- }
-
- list->tail->str = PR_Strdup(str);
- list->tail->next = NULL; /* just to be sure */
-}
-
-/**************************************************************************
- *
- * P k 1 1 I n s t a l l _ S e t E r r o r H a n d l e r
- *
- * Sets the error handler to be used by the library. Returns the current
- * error handler function.
- */
-Pk11Install_ErrorHandler
-Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler)
-{
- Pk11Install_ErrorHandler old;
-
- if(!errorHandlerLock) {
- errorHandlerLock = PR_NewLock();
- }
-
- PR_Lock(errorHandlerLock);
-
- old = errorHandler;
- errorHandler = handler;
-
- PR_Unlock(errorHandlerLock);
-
- return old;
-}
-
-/**************************************************************************
- *
- * P k 1 1 I n s t a l l _ I n i t
- *
- * Does initialization that otherwise would be done on the fly. Only
- * needs to be called by multithreaded apps, before they make any calls
- * to this library.
- */
-void
-Pk11Install_Init()
-{
- if(!errorHandlerLock) {
- errorHandlerLock = PR_NewLock();
- }
-}
-
-/**************************************************************************
- *
- * P k 1 1 I n s t a l l _ R e l e a s e
- *
- * Releases static data structures used by the library. Don't use the
- * library after calling this, unless you call Pk11Install_Init()
- * first. This function doesn't have to be called at all unless you're
- * really anal about freeing memory before your program exits.
- */
-void
-Pk11Install_Release()
-{
- if(errorHandlerLock) {
- PR_Free(errorHandlerLock);
- errorHandlerLock = NULL;
- }
-}
-
-/*************************************************************************
- *
- * e r r o r
- *
- * Takes an error code and its arguments, creates the error string,
- * and sends the string to the handler function if it exists.
- */
-
-#ifdef OSF1
-/* stdarg has already been pulled in from NSPR */
-#undef va_start
-#undef va_end
-#undef va_arg
-#include <varargs.h>
-#else
-#include <stdarg.h>
-#endif
-
-#ifdef OSF1
-static void
-error(long va_alist, ...)
-#else
-static void
-error(Pk11Install_Error errcode, ...)
-#endif
-{
-
- va_list ap;
- char *errstr;
- Pk11Install_ErrorHandler handler;
-
- if(!errorHandlerLock) {
- errorHandlerLock = PR_NewLock();
- }
-
- PR_Lock(errorHandlerLock);
-
- handler = errorHandler;
-
- PR_Unlock(errorHandlerLock);
-
- if(handler) {
-#ifdef OSF1
- va_start(ap);
- errstr = PR_vsmprintf(errorString[va_arg(ap, Pk11Install_Error)], ap);
-#else
- va_start(ap, errcode);
- errstr = PR_vsmprintf(errorString[errcode], ap);
-#endif
- handler(errstr);
- PR_smprintf_free(errstr);
- va_end(ap);
- }
-}
-
-/*************************************************************************
- *
- * j a r _ c a l l b a c k
- */
-static int
-jar_callback(int status, JAR *foo, const char *bar, char *pathname,
- char *errortext) {
- char *string;
-
- string = PR_smprintf("JAR error %d: %s in file %s\n", status, errortext,
- pathname);
- error(PK11_INSTALL_ERROR_STRING, string);
- PR_smprintf_free(string);
- return 0;
-}
-
-/*************************************************************************
- *
- * P k 1 1 I n s t a l l _ D o I n s t a l l
- *
- * jarFile is the path of a JAR in the PKCS #11 module JAR format.
- * installDir is the directory relative to which files will be
- * installed.
- */
-Pk11Install_Error
-Pk11Install_DoInstall(char *jarFile, const char *installDir,
- const char *tempDir, PRFileDesc *feedback, short force, PRBool noverify)
-{
- JAR *jar;
- char *installer;
- unsigned long installer_len;
- int status;
- Pk11Install_Error ret;
- PRBool made_temp_file;
- Pk11Install_Info installInfo;
- Pk11Install_Platform *platform;
- char* errMsg;
- char sysname[SYS_INFO_BUFFER_LENGTH], release[SYS_INFO_BUFFER_LENGTH],
- arch[SYS_INFO_BUFFER_LENGTH];
- char *myPlatform;
-
- jar=NULL;
- ret = PK11_INSTALL_UNSPECIFIED;
- made_temp_file=PR_FALSE;
- errMsg=NULL;
- Pk11Install_Info_init(&installInfo);
-
- /*
- printf("Inside DoInstall, jarFile=%s, installDir=%s, tempDir=%s\n",
- jarFile, installDir, tempDir);
- */
-
- /*
- * Check out jarFile and installDir for validity
- */
- if( PR_Access(installDir, PR_ACCESS_EXISTS) != PR_SUCCESS ) {
- error(PK11_INSTALL_DIR_DOESNT_EXIST, installDir);
- return PK11_INSTALL_DIR_DOESNT_EXIST;
- }
- if(!tempDir) {
- tempDir = ".";
- }
- if( PR_Access(tempDir, PR_ACCESS_EXISTS) != PR_SUCCESS ) {
- error(PK11_INSTALL_DIR_DOESNT_EXIST, tempDir);
- return PK11_INSTALL_DIR_DOESNT_EXIST;
- }
- if( PR_Access(tempDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS ) {
- error(PK11_INSTALL_DIR_NOT_WRITEABLE, tempDir);
- return PK11_INSTALL_DIR_NOT_WRITEABLE;
- }
- if( (PR_Access(jarFile, PR_ACCESS_EXISTS) != PR_SUCCESS) ) {
- error(PK11_INSTALL_FILE_DOESNT_EXIST, jarFile);
- return PK11_INSTALL_FILE_DOESNT_EXIST;
- }
- if( PR_Access(jarFile, PR_ACCESS_READ_OK) != PR_SUCCESS ) {
- error(PK11_INSTALL_FILE_NOT_READABLE, jarFile);
- return PK11_INSTALL_FILE_NOT_READABLE;
- }
-
- /*
- * Extract the JAR file
- */
- jar = JAR_new();
- JAR_set_callback(JAR_CB_SIGNAL, jar, jar_callback);
-
- if(noverify) {
- status = JAR_pass_archive_unverified(jar, jarArchGuess, jarFile, "url");
- } else {
- status = JAR_pass_archive(jar, jarArchGuess, jarFile, "url");
- }
- if( (status < 0) || (jar->valid < 0) ) {
- if (status >= JAR_BASE && status <= JAR_BASE_END) {
- error(PK11_INSTALL_JAR_ERROR, jarFile, JAR_get_error(status));
- } else {
- error(PK11_INSTALL_JAR_ERROR, jarFile,
- mySECU_ErrorString((int16) PORT_GetError()) );
- }
- ret=PK11_INSTALL_JAR_ERROR;
- goto loser;
- }
- /*printf("passed the archive\n");*/
-
- /*
- * Show the user security information, allow them to abort or continue
- */
- if( Pk11Install_UserVerifyJar(jar, PR_STDOUT,
- force?PR_FALSE:PR_TRUE) && !force) {
- if(feedback) {
- PR_fprintf(feedback, msgStrings[USER_ABORT]);
- }
- ret=PK11_INSTALL_USER_ABORT;
- goto loser;
- }
-
- /*
- * Get the name of the installation file
- */
- if( JAR_get_metainfo(jar, NULL, INSTALL_METAINFO_TAG, (void**)&installer,
- (unsigned long*)&installer_len) ) {
- error(PK11_INSTALL_NO_INSTALLER_SCRIPT);
- ret=PK11_INSTALL_NO_INSTALLER_SCRIPT;
- goto loser;
- }
- if(feedback) {
- PR_fprintf(feedback, msgStrings[INSTALLER_SCRIPT_NAME], installer);
- }
-
- /*
- * Extract the installation file
- */
- if( PR_Access(SCRIPT_TEMP_FILE, PR_ACCESS_EXISTS) == PR_SUCCESS) {
- if( PR_Delete(SCRIPT_TEMP_FILE) != PR_SUCCESS) {
- error(PK11_INSTALL_DELETE_TEMP_FILE, SCRIPT_TEMP_FILE);
- ret=PK11_INSTALL_DELETE_TEMP_FILE;
- goto loser;
- }
- }
- if(noverify) {
- status = JAR_extract(jar, installer, SCRIPT_TEMP_FILE);
- } else {
- status = JAR_verified_extract(jar, installer, SCRIPT_TEMP_FILE);
- }
- if(status) {
- if (status >= JAR_BASE && status <= JAR_BASE_END) {
- error(PK11_INSTALL_JAR_EXTRACT, installer, JAR_get_error(status));
- } else {
- error(PK11_INSTALL_JAR_EXTRACT, installer,
- mySECU_ErrorString((int16) PORT_GetError()) );
- }
- ret = PK11_INSTALL_JAR_EXTRACT;
- goto loser;
- } else {
- made_temp_file = PR_TRUE;
- }
-
- /*
- * Parse the installation file into a syntax tree
- */
- Pk11Install_FD = PR_Open(SCRIPT_TEMP_FILE, PR_RDONLY, 0);
- if(!Pk11Install_FD) {
- error(PK11_INSTALL_OPEN_SCRIPT_FILE, SCRIPT_TEMP_FILE);
- ret=PK11_INSTALL_OPEN_SCRIPT_FILE;
- goto loser;
- }
- if(Pk11Install_yyparse()) {
- error(PK11_INSTALL_SCRIPT_PARSE, installer,
- Pk11Install_yyerrstr ? Pk11Install_yyerrstr : "");
- ret=PK11_INSTALL_SCRIPT_PARSE;
- goto loser;
- }
-
-#if 0
- /* for debugging */
- Pk11Install_valueList->Print(0);
-#endif
-
- /*
- * From the syntax tree, build a semantic structure
- */
- errMsg = Pk11Install_Info_Generate(&installInfo,Pk11Install_valueList);
- if(errMsg) {
- error(PK11_INSTALL_SEMANTIC, errMsg);
- ret=PK11_INSTALL_SEMANTIC;
- goto loser;
- }
-#if 0
- installInfo.Print(0);
-#endif
-
- if(feedback) {
- PR_fprintf(feedback, msgStrings[PARSED_INSTALL_SCRIPT]);
- }
-
- /*
- * Figure out which platform to use
- */
- {
- sysname[0] = release[0] = arch[0] = '\0';
-
- if( (PR_GetSystemInfo(PR_SI_SYSNAME, sysname, SYS_INFO_BUFFER_LENGTH)
- != PR_SUCCESS) ||
- (PR_GetSystemInfo(PR_SI_RELEASE, release, SYS_INFO_BUFFER_LENGTH)
- != PR_SUCCESS) ||
- (PR_GetSystemInfo(PR_SI_ARCHITECTURE, arch, SYS_INFO_BUFFER_LENGTH)
- != PR_SUCCESS) ) {
- error(PK11_INSTALL_SYSINFO);
- ret=PK11_INSTALL_SYSINFO;
- goto loser;
- }
- myPlatform = PR_smprintf("%s:%s:%s", sysname, release, arch);
- platform = Pk11Install_Info_GetBestPlatform(&installInfo,myPlatform);
- if(!platform) {
- error(PK11_INSTALL_NO_PLATFORM, myPlatform);
- PR_smprintf_free(myPlatform);
- ret=PK11_INSTALL_NO_PLATFORM;
- goto loser;
- }
- if(feedback) {
- PR_fprintf(feedback, msgStrings[MY_PLATFORM_IS], myPlatform);
- PR_fprintf(feedback, msgStrings[USING_PLATFORM],
- Pk11Install_PlatformName_GetString(&platform->name));
- }
- PR_smprintf_free(myPlatform);
- }
-
- /* Run the install for that platform */
- ret = DoInstall(jar, installDir, tempDir, platform, feedback, noverify);
- if(ret) {
- goto loser;
- }
-
- ret = PK11_INSTALL_SUCCESS;
-loser:
- if(Pk11Install_valueList) {
- Pk11Install_ValueList_delete(Pk11Install_valueList);
- PR_Free(Pk11Install_valueList);
- Pk11Install_valueList = NULL;
- }
- if(jar) {
- JAR_destroy(jar);
- }
- if(made_temp_file) {
- PR_Delete(SCRIPT_TEMP_FILE);
- }
- if(errMsg) {
- PR_smprintf_free(errMsg);
- }
- return ret;
-}
-
-/*
-/////////////////////////////////////////////////////////////////////////
-// actually run the installation, copying files to and fro
-*/
-static Pk11Install_Error
-DoInstall(JAR *jar, const char *installDir, const char *tempDir,
- Pk11Install_Platform *platform, PRFileDesc *feedback, PRBool noverify)
-{
- Pk11Install_File *file;
- Pk11Install_Error ret;
- char *reldir;
- char *dest;
- char *modDest;
- char *cp;
- int i;
- int status;
- char *tempname, *temp;
- StringList executables;
- StringNode *execNode;
- PRProcessAttr *attr;
- PRProcess *proc;
- char *argv[2];
- char *envp[1];
- int errcode;
-
- ret=PK11_INSTALL_UNSPECIFIED;
- reldir=NULL;
- dest=NULL;
- modDest=NULL;
- tempname=NULL;
-
- StringList_new(&executables);
- /*
- // Create Temporary directory
- */
- tempname = PR_smprintf("%s/%s", tempDir, TEMPORARY_DIRECTORY_NAME);
- if( PR_Access(tempname, PR_ACCESS_EXISTS)==PR_SUCCESS ) {
- /* Left over from previous run? Delete it. */
- rm_dash_r(tempname);
- }
- if(PR_MkDir(tempname, 0700) != PR_SUCCESS) {
- error(PK11_INSTALL_CREATE_DIR, tempname);
- ret = PK11_INSTALL_CREATE_DIR;
- goto loser;
- }
-
- /*
- // Install all the files
- */
- for(i=0; i < platform->numFiles; i++) {
- file = &platform->files[i];
-
- if(file->relativePath) {
- PRBool foundMarker = PR_FALSE;
- reldir = PR_Strdup(file->relativePath);
-
- /* Replace all the markers with the directories for which they stand */
- while(1) {
- if( (cp=PL_strcasestr(reldir, ROOT_MARKER)) ) {
- /* Has a %root% marker */
- *cp = '\0';
- temp = PR_smprintf("%s%s%s", reldir, installDir,
- cp+strlen(ROOT_MARKER));
- PR_Free(reldir);
- reldir = temp;
- foundMarker = PR_TRUE;
- } else if( (cp = PL_strcasestr(reldir, TEMP_MARKER)) ) {
- /* Has a %temp% marker */
- *cp = '\0';
- temp = PR_smprintf("%s%s%s", reldir, tempname,
- cp+strlen(TEMP_MARKER));
- PR_Free(reldir);
- reldir = temp;
- foundMarker = PR_TRUE;
- } else {
- break;
- }
- }
- if(!foundMarker) {
- /* Has no markers...this isn't really a relative directory */
- error(PK11_INSTALL_BOGUS_REL_DIR, file->relativePath);
- ret = PK11_INSTALL_BOGUS_REL_DIR;
- goto loser;
- }
- dest = reldir;
- reldir = NULL;
- } else if(file->absolutePath) {
- dest = PR_Strdup(file->absolutePath);
- }
-
- /* Remember if this is the module file, we'll need to add it later */
- if(i == platform->modFile) {
- modDest = PR_Strdup(dest);
- }
-
- /* Remember is this is an executable, we'll need to run it later */
- if(file->executable) {
- StringList_Append(&executables,dest);
- /*executables.Append(dest);*/
- }
-
- /* Make sure the directory we are targetting exists */
- if( make_dirs(dest, file->permissions) ) {
- ret=PK11_INSTALL_CREATE_DIR;
- goto loser;
- }
-
- /* Actually extract the file onto the filesystem */
- if(noverify) {
- status = JAR_extract(jar, (char*)file->jarPath, dest);
- } else {
- status = JAR_verified_extract(jar, (char*)file->jarPath, dest);
- }
- if(status) {
- if (status >= JAR_BASE && status <= JAR_BASE_END) {
- error(PK11_INSTALL_JAR_EXTRACT, file->jarPath,
- JAR_get_error(status));
- } else {
- error(PK11_INSTALL_JAR_EXTRACT, file->jarPath,
- mySECU_ErrorString((int16) PORT_GetError()) );
- }
- ret=PK11_INSTALL_JAR_EXTRACT;
- goto loser;
- }
- if(feedback) {
- PR_fprintf(feedback, msgStrings[INSTALLED_FILE_MSG],
- file->jarPath, dest);
- }
-
- /* no NSPR command to change permissions? */
-#ifdef XP_UNIX
- chmod(dest, file->permissions);
-#endif
-
- /* Memory clean-up tasks */
- if(reldir) {
- PR_Free(reldir);
- reldir = NULL;
- }
- if(dest) {
- PR_Free(dest);
- dest = NULL;
- }
- }
- /* Make sure we found the module file */
- if(!modDest) {
- /* Internal problem here, since every platform is supposed to have
- a module file */
- error(PK11_INSTALL_NO_MOD_FILE, platform->moduleName);
- ret=PK11_INSTALL_NO_MOD_FILE;
- goto loser;
- }
-
- /*
- // Execute any executable files
- */
- {
- argv[1] = NULL;
- envp[0] = NULL;
- for(execNode = executables.head; execNode; execNode = execNode->next) {
- attr = PR_NewProcessAttr();
- argv[0] = PR_Strdup(execNode->str);
-
- /* Announce our intentions */
- if(feedback) {
- PR_fprintf(feedback, msgStrings[EXEC_FILE_MSG], execNode->str);
- }
-
- /* start the process */
- if( !(proc=PR_CreateProcess(execNode->str, argv, envp, attr)) ) {
- PR_Free(argv[0]);
- PR_DestroyProcessAttr(attr);
- error(PK11_INSTALL_EXEC_FILE, execNode->str);
- ret=PK11_INSTALL_EXEC_FILE;
- goto loser;
- }
-
- /* wait for it to finish */
- if( PR_WaitProcess(proc, &errcode) != PR_SUCCESS) {
- PR_Free(argv[0]);
- PR_DestroyProcessAttr(attr);
- error(PK11_INSTALL_WAIT_PROCESS, execNode->str);
- ret=PK11_INSTALL_WAIT_PROCESS;
- goto loser;
- }
-
- /* What happened? */
- if(errcode) {
- /* process returned an error */
- error(PK11_INSTALL_PROC_ERROR, execNode->str, errcode);
- } else if(feedback) {
- /* process ran successfully */
- PR_fprintf(feedback, msgStrings[EXEC_SUCCESS], execNode->str);
- }
-
- PR_Free(argv[0]);
- PR_DestroyProcessAttr(attr);
- }
- }
-
- /*
- // Add the module
- */
- status = Pk11Install_AddNewModule((char*)platform->moduleName,
- (char*)modDest, platform->mechFlags, platform->cipherFlags );
-
- if(status != SECSuccess) {
- error(PK11_INSTALL_ADD_MODULE, platform->moduleName);
- ret=PK11_INSTALL_ADD_MODULE;
- goto loser;
- }
- if(feedback) {
- PR_fprintf(feedback, msgStrings[INSTALLED_MODULE_MSG],
- platform->moduleName);
- }
-
- if(feedback) {
- PR_fprintf(feedback, msgStrings[INSTALLATION_COMPLETE_MSG]);
- }
-
- ret = PK11_INSTALL_SUCCESS;
-
-loser:
- if(reldir) {
- PR_Free(reldir);
- }
- if(dest) {
- PR_Free(dest);
- }
- if(modDest) {
- PR_Free(modDest);
- }
- if(tempname) {
- PRFileInfo info;
- if(PR_GetFileInfo(tempname, &info) == PR_SUCCESS) {
- if((info.type == PR_FILE_DIRECTORY)) {
- /* Recursively remove temporary directory */
- if(rm_dash_r(tempname)) {
- error(PK11_INSTALL_REMOVE_DIR,
- tempname);
- ret=PK11_INSTALL_REMOVE_DIR;
- }
-
- }
- }
- PR_Free(tempname);
- }
- StringList_delete(&executables);
- return ret;
-}
-
-/*
-//////////////////////////////////////////////////////////////////////////
-*/
-static char*
-PR_Strdup(const char* str)
-{
- char *tmp = (char*) PR_Malloc(strlen(str)+1);
- strcpy(tmp, str);
- return tmp;
-}
-
-/*
- * r m _ d a s h _ r
- *
- * Remove a file, or a directory recursively.
- *
- */
-static int
-rm_dash_r (char *path)
-{
- PRDir *dir;
- PRDirEntry *entry;
- PRFileInfo fileinfo;
- char filename[240];
-
- if(PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) {
- /*fprintf(stderr, "Error: Unable to access %s\n", filename);*/
- return -1;
- }
- if(fileinfo.type == PR_FILE_DIRECTORY) {
-
- dir = PR_OpenDir(path);
- if(!dir) {
- return -1;
- }
-
- /* Recursively delete all entries in the directory */
- while((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
- sprintf(filename, "%s/%s", path, entry->name);
- if(rm_dash_r(filename)) return -1;
- }
-
- if(PR_CloseDir(dir) != PR_SUCCESS) {
- return -1;
- }
-
- /* Delete the directory itself */
- if(PR_RmDir(path) != PR_SUCCESS) {
- return -1;
- }
- } else {
- if(PR_Delete(path) != PR_SUCCESS) {
- return -1;
- }
- }
- return 0;
-}
-
-/***************************************************************************
- *
- * m a k e _ d i r s
- *
- * Ensure that the directory portion of the path exists. This may require
- * making the directory, and its parent, and its parent's parent, etc.
- */
-static int
-make_dirs(char *path, int file_perms)
-{
- char *Path;
- char *start;
- char *sep;
- int ret = 0;
- PRFileInfo info;
-
- if(!path) {
- return 0;
- }
-
- Path = PR_Strdup(path);
- start = strpbrk(Path, "/\\");
- if(!start) {
- return 0;
- }
- start++; /* start right after first slash */
-
- /* Each time through the loop add one more directory. */
- while( (sep=strpbrk(start, "/\\")) ) {
- *sep = '\0';
-
- if( PR_GetFileInfo(Path, &info) != PR_SUCCESS) {
- /* No such dir, we have to create it */
- if( PR_MkDir(Path, dir_perms(file_perms)) != PR_SUCCESS) {
- error(PK11_INSTALL_CREATE_DIR, Path);
- ret = PK11_INSTALL_CREATE_DIR;
- goto loser;
- }
- } else {
- /* something exists by this name, make sure it's a directory */
- if( info.type != PR_FILE_DIRECTORY ) {
- error(PK11_INSTALL_CREATE_DIR, Path);
- ret = PK11_INSTALL_CREATE_DIR;
- goto loser;
- }
- }
-
- /* If this is the lowest directory level, make sure it is writeable */
- if(!strpbrk(sep+1, "/\\")) {
- if( PR_Access(Path, PR_ACCESS_WRITE_OK)!=PR_SUCCESS) {
- error(PK11_INSTALL_DIR_NOT_WRITEABLE, Path);
- ret = PK11_INSTALL_DIR_NOT_WRITEABLE;
- goto loser;
- }
- }
-
- start = sep+1; /* start after the next slash */
- *sep = '/';
- }
-
-loser:
- PR_Free(Path);
- return ret;
-}
-
-/*************************************************************************
- * d i r _ p e r m s
- *
- * Guesses the desired permissions on a directory based on the permissions
- * of a file that will be stored in it. Give read, write, and
- * execute to the owner (so we can create the file), read and
- * execute to anyone who has read permissions on the file, and write
- * to anyone who has write permissions on the file.
- */
-static int
-dir_perms(int perms)
-{
- int ret = 0;
-
- /* owner */
- ret |= 0700;
-
- /* group */
- if(perms & 0040) {
- /* read on the file -> read and execute on the directory */
- ret |= 0050;
- }
- if(perms & 0020) {
- /* write on the file -> write on the directory */
- ret |= 0020;
- }
-
- /* others */
- if(perms & 0004) {
- /* read on the file -> read and execute on the directory */
- ret |= 0005;
- }
- if(perms & 0002) {
- /* write on the file -> write on the directory */
- ret |= 0002;
- }
-
- return ret;
-}
diff --git a/security/nss/cmd/modutil/install.h b/security/nss/cmd/modutil/install.h
deleted file mode 100644
index 3874ed77e..000000000
--- a/security/nss/cmd/modutil/install.h
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef PK11INSTALL_H
-#define PK11INSTALL_H
-
-#include <prio.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef void (*Pk11Install_ErrorHandler)(char *);
-
-typedef enum {
- PK11_INSTALL_NO_ERROR=0,
- PK11_INSTALL_DIR_DOESNT_EXIST,
- PK11_INSTALL_FILE_DOESNT_EXIST,
- PK11_INSTALL_FILE_NOT_READABLE,
- PK11_INSTALL_ERROR_STRING,
- PK11_INSTALL_JAR_ERROR,
- PK11_INSTALL_NO_INSTALLER_SCRIPT,
- PK11_INSTALL_DELETE_TEMP_FILE,
- PK11_INSTALL_OPEN_SCRIPT_FILE,
- PK11_INSTALL_SCRIPT_PARSE,
- PK11_INSTALL_SEMANTIC,
- PK11_INSTALL_SYSINFO,
- PK11_INSTALL_NO_PLATFORM,
- PK11_INSTALL_BOGUS_REL_DIR,
- PK11_INSTALL_NO_MOD_FILE,
- PK11_INSTALL_ADD_MODULE,
- PK11_INSTALL_JAR_EXTRACT,
- PK11_INSTALL_DIR_NOT_WRITEABLE,
- PK11_INSTALL_CREATE_DIR,
- PK11_INSTALL_REMOVE_DIR,
- PK11_INSTALL_EXEC_FILE,
- PK11_INSTALL_WAIT_PROCESS,
- PK11_INSTALL_PROC_ERROR,
- PK11_INSTALL_USER_ABORT,
- PK11_INSTALL_UNSPECIFIED
-} Pk11Install_Error;
-#define PK11_INSTALL_SUCCESS PK11_INSTALL_NO_ERROR
-
-/**************************************************************************
- *
- * P k 1 1 I n s t a l l _ I n i t
- *
- * Does initialization that otherwise would be done on the fly. Only
- * needs to be called by multithreaded apps, before they make any calls
- * to this library.
- */
-void
-Pk11Install_Init();
-
-/**************************************************************************
- *
- * P k 1 1 I n s t a l l _ S e t E r r o r H a n d l e r
- *
- * Sets the error handler to be used by the library. Returns the current
- * error handler function.
- */
-Pk11Install_ErrorHandler
-Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler);
-
-
-/**************************************************************************
- *
- * P k 1 1 I n s t a l l _ R e l e a s e
- *
- * Releases static data structures used by the library. Don't use the
- * library after calling this, unless you call Pk11Install_Init()
- * first. This function doesn't have to be called at all unless you're
- * really anal about freeing memory before your program exits.
- */
-void
-Pk11Install_Release();
-
-/*************************************************************************
- *
- * P k 1 1 I n s t a l l _ D o I n s t a l l
- *
- * jarFile is the path of a JAR in the PKCS #11 module JAR format.
- * installDir is the directory relative to which files will be
- * installed.
- * feedback is a file descriptor to which to write informative (not error)
- * status messages: what files are being installed, what modules are being
- * installed. If feedback==NULL, no messages will be displayed.
- * If force != 0, interactive prompts will be suppressed.
- * If noverify == PR_TRUE, signatures won't be checked on the JAR file.
- */
-Pk11Install_Error
-Pk11Install_DoInstall(char *jarFile, const char *installDir,
- const char *tempDir, PRFileDesc *feedback, short force,
- PRBool noverify);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /*PK11INSTALL_H*/
diff --git a/security/nss/cmd/modutil/installparse.c b/security/nss/cmd/modutil/installparse.c
deleted file mode 100644
index 5afa19ba6..000000000
--- a/security/nss/cmd/modutil/installparse.c
+++ /dev/null
@@ -1,745 +0,0 @@
-
-# line 37 "installparse.y"
-
-#define yyparse Pk11Install_yyparse
-#define yylex Pk11Install_yylex
-#define yyerror Pk11Install_yyerror
-#define yychar Pk11Install_yychar
-#define yyval Pk11Install_yyval
-#define yylval Pk11Install_yylval
-#define yydebug Pk11Install_yydebug
-#define yynerrs Pk11Install_yynerrs
-#define yyerrflag Pk11Install_yyerrflag
-#define yyss Pk11Install_yyss
-#define yyssp Pk11Install_yyssp
-#define yyvs Pk11Install_yyvs
-#define yyvsp Pk11Install_yyvsp
-#define yylhs Pk11Install_yylhs
-#define yylen Pk11Install_yylen
-#define yydefred Pk11Install_yydefred
-#define yydgoto Pk11Install_yydgoto
-#define yysindex Pk11Install_yysindex
-#define yyrindex Pk11Install_yyrindex
-#define yygindex Pk11Install_yygindex
-#define yytable Pk11Install_yytable
-#define yycheck Pk11Install_yycheck
-#define yyname Pk11Install_yyname
-#define yyrule Pk11Install_yyrule
-
-/* C Stuff */
-#include "install-ds.h"
-#include <prprf.h>
-
-#define YYSTYPE Pk11Install_Pointer
-extern char *Pk11Install_yytext;
-char *Pk11Install_yyerrstr=NULL;
-
-# define OPENBRACE 257
-# define CLOSEBRACE 258
-# define STRING 259
-
-#ifdef __STDC__
-#include <stdlib.h>
-#include <string.h>
-#else
-#include <malloc.h>
-#include <memory.h>
-#endif
-
-#include <values.h>
-
-#ifdef __cplusplus
-
-#ifndef yyerror
- void yyerror(const char *);
-#endif
-
-#ifndef yylex
-#ifdef __EXTERN_C__
- extern "C" { int yylex(void); }
-#else
- int yylex(void);
-#endif
-#endif
- int yyparse(void);
-
-#endif
-#define yyclearin yychar = -1
-#define yyerrok yyerrflag = 0
-extern int yychar;
-extern int yyerrflag;
-#ifndef YYSTYPE
-#define YYSTYPE int
-#endif
-YYSTYPE yylval;
-YYSTYPE yyval;
-typedef int yytabelem;
-#ifndef YYMAXDEPTH
-#define YYMAXDEPTH 150
-#endif
-#if YYMAXDEPTH > 0
-int yy_yys[YYMAXDEPTH], *yys = yy_yys;
-YYSTYPE yy_yyv[YYMAXDEPTH], *yyv = yy_yyv;
-#else /* user does initial allocation */
-int *yys;
-YYSTYPE *yyv;
-#endif
-static int yymaxdepth = YYMAXDEPTH;
-# define YYERRCODE 256
-
-# line 117 "installparse.y"
-
-/*----------------------- Program Section --------------------------------*/
-
-/*************************************************************************/
-void
-Pk11Install_yyerror(char *message)
-{
- char *tmp;
- if(Pk11Install_yyerrstr) {
- tmp=PR_smprintf("%sline %d: %s\n", Pk11Install_yyerrstr,
- Pk11Install_yylinenum, message);
- PR_smprintf_free(Pk11Install_yyerrstr);
- } else {
- tmp = PR_smprintf("line %d: %s\n", Pk11Install_yylinenum, message);
- }
- Pk11Install_yyerrstr=tmp;
-}
-static const yytabelem yyexca[] ={
--1, 1,
- 0, -1,
- -2, 0,
--1, 5,
- 257, 7,
- -2, 5,
- };
-# define YYNPROD 8
-# define YYLAST 13
-static const yytabelem yyact[]={
-
- 5, 10, 8, 2, 6, 4, 3, 7, 1, 0,
- 0, 0, 9 };
-static const yytabelem yypact[]={
-
- -259,-10000000,-10000000, -259,-10000000,-10000000, -255,-10000000, -259, -257,
--10000000 };
-static const yytabelem yypgo[]={
-
- 0, 8, 3, 6, 5, 4 };
-static const yytabelem yyr1[]={
-
- 0, 1, 2, 2, 3, 3, 4, 5 };
-static const yytabelem yyr2[]={
-
- 0, 3, 5, 1, 3, 3, 9, 3 };
-static const yytabelem yychk[]={
-
--10000000, -1, -2, -3, -4, 259, -5, -2, 257, -2,
- 258 };
-static const yytabelem yydef[]={
-
- 3, -2, 1, 3, 4, -2, 0, 2, 3, 0,
- 6 };
-typedef struct
-#ifdef __cplusplus
- yytoktype
-#endif
-{ char *t_name; int t_val; } yytoktype;
-#ifndef YYDEBUG
-# define YYDEBUG 0 /* don't allow debugging */
-#endif
-
-#if YYDEBUG
-
-yytoktype yytoks[] =
-{
- "OPENBRACE", 257,
- "CLOSEBRACE", 258,
- "STRING", 259,
- "-unknown-", -1 /* ends search */
-};
-
-char * yyreds[] =
-{
- "-no such reduction-",
- "toplist : valuelist",
- "valuelist : value valuelist",
- "valuelist : /* empty */",
- "value : key_value_pair",
- "value : STRING",
- "key_value_pair : key OPENBRACE valuelist CLOSEBRACE",
- "key : STRING",
-};
-#endif /* YYDEBUG */
-# line 1 "/usr/ccs/bin/yaccpar"
-/*
- * Copyright (c) 1993 by Sun Microsystems, Inc.
- */
-
-#pragma ident "@(#)yaccpar 6.14 97/01/16 SMI"
-
-/*
-** Skeleton parser driver for yacc output
-*/
-
-/*
-** yacc user known macros and defines
-*/
-#define YYERROR goto yyerrlab
-#define YYACCEPT return(0)
-#define YYABORT return(1)
-#define YYBACKUP( newtoken, newvalue )\
-{\
- if ( yychar >= 0 || ( yyr2[ yytmp ] >> 1 ) != 1 )\
- {\
- yyerror( "syntax error - cannot backup" );\
- goto yyerrlab;\
- }\
- yychar = newtoken;\
- yystate = *yyps;\
- yylval = newvalue;\
- goto yynewstate;\
-}
-#define YYRECOVERING() (!!yyerrflag)
-#define YYNEW(type) malloc(sizeof(type) * yynewmax)
-#define YYCOPY(to, from, type) \
- (type *) memcpy(to, (char *) from, yymaxdepth * sizeof (type))
-#define YYENLARGE( from, type) \
- (type *) realloc((char *) from, yynewmax * sizeof(type))
-#ifndef YYDEBUG
-# define YYDEBUG 1 /* make debugging available */
-#endif
-
-/*
-** user known globals
-*/
-int yydebug; /* set to 1 to get debugging */
-
-/*
-** driver internal defines
-*/
-#define YYFLAG (-10000000)
-
-/*
-** global variables used by the parser
-*/
-YYSTYPE *yypv; /* top of value stack */
-int *yyps; /* top of state stack */
-
-int yystate; /* current state */
-int yytmp; /* extra var (lasts between blocks) */
-
-int yynerrs; /* number of errors */
-int yyerrflag; /* error recovery flag */
-int yychar; /* current input token number */
-
-
-
-#ifdef YYNMBCHARS
-#define YYLEX() yycvtok(yylex())
-/*
-** yycvtok - return a token if i is a wchar_t value that exceeds 255.
-** If i<255, i itself is the token. If i>255 but the neither
-** of the 30th or 31st bit is on, i is already a token.
-*/
-#if defined(__STDC__) || defined(__cplusplus)
-int yycvtok(int i)
-#else
-int yycvtok(i) int i;
-#endif
-{
- int first = 0;
- int last = YYNMBCHARS - 1;
- int mid;
- wchar_t j;
-
- if(i&0x60000000){/*Must convert to a token. */
- if( yymbchars[last].character < i ){
- return i;/*Giving up*/
- }
- while ((last>=first)&&(first>=0)) {/*Binary search loop*/
- mid = (first+last)/2;
- j = yymbchars[mid].character;
- if( j==i ){/*Found*/
- return yymbchars[mid].tvalue;
- }else if( j<i ){
- first = mid + 1;
- }else{
- last = mid -1;
- }
- }
- /*No entry in the table.*/
- return i;/* Giving up.*/
- }else{/* i is already a token. */
- return i;
- }
-}
-#else/*!YYNMBCHARS*/
-#define YYLEX() yylex()
-#endif/*!YYNMBCHARS*/
-
-/*
-** yyparse - return 0 if worked, 1 if syntax error not recovered from
-*/
-#if defined(__STDC__) || defined(__cplusplus)
-int yyparse(void)
-#else
-int yyparse()
-#endif
-{
- register YYSTYPE *yypvt = 0; /* top of value stack for $vars */
-
-#if defined(__cplusplus) || defined(lint)
-/*
- hacks to please C++ and lint - goto's inside
- switch should never be executed
-*/
- static int __yaccpar_lint_hack__ = 0;
- switch (__yaccpar_lint_hack__)
- {
- case 1: goto yyerrlab;
- case 2: goto yynewstate;
- }
-#endif
-
- /*
- ** Initialize externals - yyparse may be called more than once
- */
- yypv = &yyv[-1];
- yyps = &yys[-1];
- yystate = 0;
- yytmp = 0;
- yynerrs = 0;
- yyerrflag = 0;
- yychar = -1;
-
-#if YYMAXDEPTH <= 0
- if (yymaxdepth <= 0)
- {
- if ((yymaxdepth = YYEXPAND(0)) <= 0)
- {
- yyerror("yacc initialization error");
- YYABORT;
- }
- }
-#endif
-
- {
- register YYSTYPE *yy_pv; /* top of value stack */
- register int *yy_ps; /* top of state stack */
- register int yy_state; /* current state */
- register int yy_n; /* internal state number info */
- goto yystack; /* moved from 6 lines above to here to please C++ */
-
- /*
- ** get globals into registers.
- ** branch to here only if YYBACKUP was called.
- */
- yynewstate:
- yy_pv = yypv;
- yy_ps = yyps;
- yy_state = yystate;
- goto yy_newstate;
-
- /*
- ** get globals into registers.
- ** either we just started, or we just finished a reduction
- */
- yystack:
- yy_pv = yypv;
- yy_ps = yyps;
- yy_state = yystate;
-
- /*
- ** top of for (;;) loop while no reductions done
- */
- yy_stack:
- /*
- ** put a state and value onto the stacks
- */
-#if YYDEBUG
- /*
- ** if debugging, look up token value in list of value vs.
- ** name pairs. 0 and negative (-1) are special values.
- ** Note: linear search is used since time is not a real
- ** consideration while debugging.
- */
- if ( yydebug )
- {
- register int yy_i;
-
- printf( "State %d, token ", yy_state );
- if ( yychar == 0 )
- printf( "end-of-file\n" );
- else if ( yychar < 0 )
- printf( "-none-\n" );
- else
- {
- for ( yy_i = 0; yytoks[yy_i].t_val >= 0;
- yy_i++ )
- {
- if ( yytoks[yy_i].t_val == yychar )
- break;
- }
- printf( "%s\n", yytoks[yy_i].t_name );
- }
- }
-#endif /* YYDEBUG */
- if ( ++yy_ps >= &yys[ yymaxdepth ] ) /* room on stack? */
- {
- /*
- ** reallocate and recover. Note that pointers
- ** have to be reset, or bad things will happen
- */
- int yyps_index = (yy_ps - yys);
- int yypv_index = (yy_pv - yyv);
- int yypvt_index = (yypvt - yyv);
- int yynewmax;
-#ifdef YYEXPAND
- yynewmax = YYEXPAND(yymaxdepth);
-#else
- yynewmax = 2 * yymaxdepth; /* double table size */
- if (yymaxdepth == YYMAXDEPTH) /* first time growth */
- {
- char *newyys = (char *)YYNEW(int);
- char *newyyv = (char *)YYNEW(YYSTYPE);
- if (newyys != 0 && newyyv != 0)
- {
- yys = YYCOPY(newyys, yys, int);
- yyv = YYCOPY(newyyv, yyv, YYSTYPE);
- }
- else
- yynewmax = 0; /* failed */
- }
- else /* not first time */
- {
- yys = YYENLARGE(yys, int);
- yyv = YYENLARGE(yyv, YYSTYPE);
- if (yys == 0 || yyv == 0)
- yynewmax = 0; /* failed */
- }
-#endif
- if (yynewmax <= yymaxdepth) /* tables not expanded */
- {
- yyerror( "yacc stack overflow" );
- YYABORT;
- }
- yymaxdepth = yynewmax;
-
- yy_ps = yys + yyps_index;
- yy_pv = yyv + yypv_index;
- yypvt = yyv + yypvt_index;
- }
- *yy_ps = yy_state;
- *++yy_pv = yyval;
-
- /*
- ** we have a new state - find out what to do
- */
- yy_newstate:
- if ( ( yy_n = yypact[ yy_state ] ) <= YYFLAG )
- goto yydefault; /* simple state */
-#if YYDEBUG
- /*
- ** if debugging, need to mark whether new token grabbed
- */
- yytmp = yychar < 0;
-#endif
- if ( ( yychar < 0 ) && ( ( yychar = YYLEX() ) < 0 ) )
- yychar = 0; /* reached EOF */
-#if YYDEBUG
- if ( yydebug && yytmp )
- {
- register int yy_i;
-
- printf( "Received token " );
- if ( yychar == 0 )
- printf( "end-of-file\n" );
- else if ( yychar < 0 )
- printf( "-none-\n" );
- else
- {
- for ( yy_i = 0; yytoks[yy_i].t_val >= 0;
- yy_i++ )
- {
- if ( yytoks[yy_i].t_val == yychar )
- break;
- }
- printf( "%s\n", yytoks[yy_i].t_name );
- }
- }
-#endif /* YYDEBUG */
- if ( ( ( yy_n += yychar ) < 0 ) || ( yy_n >= YYLAST ) )
- goto yydefault;
- if ( yychk[ yy_n = yyact[ yy_n ] ] == yychar ) /*valid shift*/
- {
- yychar = -1;
- yyval = yylval;
- yy_state = yy_n;
- if ( yyerrflag > 0 )
- yyerrflag--;
- goto yy_stack;
- }
-
- yydefault:
- if ( ( yy_n = yydef[ yy_state ] ) == -2 )
- {
-#if YYDEBUG
- yytmp = yychar < 0;
-#endif
- if ( ( yychar < 0 ) && ( ( yychar = YYLEX() ) < 0 ) )
- yychar = 0; /* reached EOF */
-#if YYDEBUG
- if ( yydebug && yytmp )
- {
- register int yy_i;
-
- printf( "Received token " );
- if ( yychar == 0 )
- printf( "end-of-file\n" );
- else if ( yychar < 0 )
- printf( "-none-\n" );
- else
- {
- for ( yy_i = 0;
- yytoks[yy_i].t_val >= 0;
- yy_i++ )
- {
- if ( yytoks[yy_i].t_val
- == yychar )
- {
- break;
- }
- }
- printf( "%s\n", yytoks[yy_i].t_name );
- }
- }
-#endif /* YYDEBUG */
- /*
- ** look through exception table
- */
- {
- register const int *yyxi = yyexca;
-
- while ( ( *yyxi != -1 ) ||
- ( yyxi[1] != yy_state ) )
- {
- yyxi += 2;
- }
- while ( ( *(yyxi += 2) >= 0 ) &&
- ( *yyxi != yychar ) )
- ;
- if ( ( yy_n = yyxi[1] ) < 0 )
- YYACCEPT;
- }
- }
-
- /*
- ** check for syntax error
- */
- if ( yy_n == 0 ) /* have an error */
- {
- /* no worry about speed here! */
- switch ( yyerrflag )
- {
- case 0: /* new error */
- yyerror( "syntax error" );
- goto skip_init;
- yyerrlab:
- /*
- ** get globals into registers.
- ** we have a user generated syntax type error
- */
- yy_pv = yypv;
- yy_ps = yyps;
- yy_state = yystate;
- skip_init:
- yynerrs++;
- /* FALLTHRU */
- case 1:
- case 2: /* incompletely recovered error */
- /* try again... */
- yyerrflag = 3;
- /*
- ** find state where "error" is a legal
- ** shift action
- */
- while ( yy_ps >= yys )
- {
- yy_n = yypact[ *yy_ps ] + YYERRCODE;
- if ( yy_n >= 0 && yy_n < YYLAST &&
- yychk[yyact[yy_n]] == YYERRCODE) {
- /*
- ** simulate shift of "error"
- */
- yy_state = yyact[ yy_n ];
- goto yy_stack;
- }
- /*
- ** current state has no shift on
- ** "error", pop stack
- */
-#if YYDEBUG
-# define _POP_ "Error recovery pops state %d, uncovers state %d\n"
- if ( yydebug )
- printf( _POP_, *yy_ps,
- yy_ps[-1] );
-# undef _POP_
-#endif
- yy_ps--;
- yy_pv--;
- }
- /*
- ** there is no state on stack with "error" as
- ** a valid shift. give up.
- */
- YYABORT;
- case 3: /* no shift yet; eat a token */
-#if YYDEBUG
- /*
- ** if debugging, look up token in list of
- ** pairs. 0 and negative shouldn't occur,
- ** but since timing doesn't matter when
- ** debugging, it doesn't hurt to leave the
- ** tests here.
- */
- if ( yydebug )
- {
- register int yy_i;
-
- printf( "Error recovery discards " );
- if ( yychar == 0 )
- printf( "token end-of-file\n" );
- else if ( yychar < 0 )
- printf( "token -none-\n" );
- else
- {
- for ( yy_i = 0;
- yytoks[yy_i].t_val >= 0;
- yy_i++ )
- {
- if ( yytoks[yy_i].t_val
- == yychar )
- {
- break;
- }
- }
- printf( "token %s\n",
- yytoks[yy_i].t_name );
- }
- }
-#endif /* YYDEBUG */
- if ( yychar == 0 ) /* reached EOF. quit */
- YYABORT;
- yychar = -1;
- goto yy_newstate;
- }
- }/* end if ( yy_n == 0 ) */
- /*
- ** reduction by production yy_n
- ** put stack tops, etc. so things right after switch
- */
-#if YYDEBUG
- /*
- ** if debugging, print the string that is the user's
- ** specification of the reduction which is just about
- ** to be done.
- */
- if ( yydebug )
- printf( "Reduce by (%d) \"%s\"\n",
- yy_n, yyreds[ yy_n ] );
-#endif
- yytmp = yy_n; /* value to switch over */
- yypvt = yy_pv; /* $vars top of value stack */
- /*
- ** Look in goto table for next state
- ** Sorry about using yy_state here as temporary
- ** register variable, but why not, if it works...
- ** If yyr2[ yy_n ] doesn't have the low order bit
- ** set, then there is no action to be done for
- ** this reduction. So, no saving & unsaving of
- ** registers done. The only difference between the
- ** code just after the if and the body of the if is
- ** the goto yy_stack in the body. This way the test
- ** can be made before the choice of what to do is needed.
- */
- {
- /* length of production doubled with extra bit */
- register int yy_len = yyr2[ yy_n ];
-
- if ( !( yy_len & 01 ) )
- {
- yy_len >>= 1;
- yyval = ( yy_pv -= yy_len )[1]; /* $$ = $1 */
- yy_state = yypgo[ yy_n = yyr1[ yy_n ] ] +
- *( yy_ps -= yy_len ) + 1;
- if ( yy_state >= YYLAST ||
- yychk[ yy_state =
- yyact[ yy_state ] ] != -yy_n )
- {
- yy_state = yyact[ yypgo[ yy_n ] ];
- }
- goto yy_stack;
- }
- yy_len >>= 1;
- yyval = ( yy_pv -= yy_len )[1]; /* $$ = $1 */
- yy_state = yypgo[ yy_n = yyr1[ yy_n ] ] +
- *( yy_ps -= yy_len ) + 1;
- if ( yy_state >= YYLAST ||
- yychk[ yy_state = yyact[ yy_state ] ] != -yy_n )
- {
- yy_state = yyact[ yypgo[ yy_n ] ];
- }
- }
- /* save until reenter driver code */
- yystate = yy_state;
- yyps = yy_ps;
- yypv = yy_pv;
- }
- /*
- ** code supplied by user is placed in this switch
- */
- switch( yytmp )
- {
-
-case 1:
-# line 84 "installparse.y"
-{
- Pk11Install_valueList = yypvt[-0].list;
-} break;
-case 2:
-# line 89 "installparse.y"
-{
- Pk11Install_ValueList_AddItem(yypvt[-0].list,yypvt[-1].value);
- yyval.list = yypvt[-0].list;
-} break;
-case 3:
-# line 94 "installparse.y"
-{
- yyval.list = Pk11Install_ValueList_new();
-} break;
-case 4:
-# line 99 "installparse.y"
-{
- yyval.value= Pk11Install_Value_new(PAIR_VALUE,yypvt[-0]);
-} break;
-case 5:
-# line 103 "installparse.y"
-{
- yyval.value= Pk11Install_Value_new(STRING_VALUE, yypvt[-0]);
-} break;
-case 6:
-# line 108 "installparse.y"
-{
- yyval.pair = Pk11Install_Pair_new(yypvt[-3].string,yypvt[-1].list);
-} break;
-case 7:
-# line 113 "installparse.y"
-{
- yyval.string = yypvt[-0].string;
-} break;
-# line 531 "/usr/ccs/bin/yaccpar"
- }
- goto yystack; /* reset registers in driver code */
-}
-
diff --git a/security/nss/cmd/modutil/installparse.h b/security/nss/cmd/modutil/installparse.h
deleted file mode 100644
index f57ad8f55..000000000
--- a/security/nss/cmd/modutil/installparse.h
+++ /dev/null
@@ -1,3 +0,0 @@
-# define OPENBRACE 257
-# define CLOSEBRACE 258
-# define STRING 259
diff --git a/security/nss/cmd/modutil/installparse.l b/security/nss/cmd/modutil/installparse.l
deleted file mode 100644
index 6befe16cb..000000000
--- a/security/nss/cmd/modutil/installparse.l
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-/* lex file for analyzing PKCS #11 Module installation instructions */
-
-/*----------------------------- Definitions ---------------------------*/
-%{
-#include <string.h>
-
-#include "install-ds.h" /* defines tokens and data structures */
-#include "installparse.h" /* produced by yacc -d */
-#include <prprf.h>
-static char *putSimpleString(char*); /* return copy of string */
-static char *putComplexString(char*); /* strip out quotes, deal with */
- /* escaped characters */
-
-void Pk11Install_yyerror(char *);
-
-/* Overrides to use NSPR */
-#define malloc PR_Malloc
-#define realloc PR_Realloc
-#define free PR_Free
-
-int Pk11Install_yylinenum=1;
-static char *err;
-
-#define YY_NEVER_INTERACTIVE 1
-#define yyunput Pkcs11Install_yyunput
-
-/* This is the default YY_INPUT modified for NSPR */
-#define YY_INPUT(buf,result,max_size) \
- if ( yy_current_buffer->yy_is_interactive ) { \
- char c; \
- int n; \
- for ( n = 0; n < max_size && \
- PR_Read(Pk11Install_FD, &c, 1)==1 && c != '\n'; ++n ) { \
- buf[n] = c; \
- } \
- if ( c == '\n' ) { \
- buf[n++] = c; \
- } \
- result = n; \
- } else { \
- result = PR_Read(Pk11Install_FD, buf, max_size); \
- }
-
-%}
-
-/*** Regular expression definitions ***/
-/* simple_string has no whitespace, quotes, or braces */
-simple_string [^ \t\r\n\""{""}"]+
-
-/* complex_string is enclosed in quotes. Inside the quotes, quotes and
- backslashes must be backslash-escaped. No newlines or carriage returns
- are allowed inside the quotes. Otherwise, anything goes. */
-complex_string \"([^\"\\\r\n]|(\\\")|(\\\\))+\"
-
-/* Standard whitespace */
-whitespace [ \t\r]+
-
-other .
-
-/*---------------------------- Actions --------------------------------*/
-%%
-
-"{" return OPENBRACE;
-"}" return CLOSEBRACE;
-{simple_string} {Pk11Install_yylval.string =
- putSimpleString(Pk11Install_yytext);
- return STRING;}
-{complex_string} {Pk11Install_yylval.string =
- putComplexString(Pk11Install_yytext);
- return STRING;}
-
-"\n" Pk11Install_yylinenum++;
-
-{whitespace} ;
-
-{other} {err = PR_smprintf("Invalid lexeme: %s",Pk11Install_yytext);
- Pk11Install_yyerror(err);
- PR_smprintf_free(err);
- return 1;
- }
-
-%%
-/*------------------------ Program Section ----------------------------*/
-
-PRFileDesc *Pk11Install_FD=NULL;
-
-/*************************************************************************/
-/* dummy function required by lex */
-int Pk11Install_yywrap(void) { return 1;}
-
-/*************************************************************************/
-/* Return a copy of the given string */
-static char*
-putSimpleString(char *str)
-{
- char *tmp = (char*) PR_Malloc(strlen(str)+1);
- strcpy(tmp, str);
- return tmp;
-}
-
-/*************************************************************************/
-/* Strip out quotes, replace escaped characters with what they stand for.
- This function assumes that what is passed in is actually a complex
- string, so error checking is lax. */
-static char*
-putComplexString(char *str)
-{
- int size, i,j;
- char *tmp;
-
- if(!str) {
- return NULL;
- }
- size = strlen(str);
-
- /* Allocate the new space. This string will actually be too big,
- since quotes and backslashes will be stripped out. But that's ok. */
- tmp = (char*) PR_Malloc(size+1);
-
- /* Copy it over */
- for(i=0, j=0; i < size; i++) {
- if(str[i]=='\"') {
- continue; /* skip un-escaped quotes */
- } else if(str[i]=='\\') {
- ++i; /* escaped character. skip the backslash */
- }
- tmp[j++] = str[i];
- }
- tmp[j] = '\0';
-
- return tmp;
-}
diff --git a/security/nss/cmd/modutil/installparse.y b/security/nss/cmd/modutil/installparse.y
deleted file mode 100644
index 6a32e25ab..000000000
--- a/security/nss/cmd/modutil/installparse.y
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/* yacc file for parsing PKCS #11 module installation instructions */
-/*------------------------ Definition Section ---------------------------*/
-
-%{
-#define yyparse Pk11Install_yyparse
-#define yylex Pk11Install_yylex
-#define yyerror Pk11Install_yyerror
-#define yychar Pk11Install_yychar
-#define yyval Pk11Install_yyval
-#define yylval Pk11Install_yylval
-#define yydebug Pk11Install_yydebug
-#define yynerrs Pk11Install_yynerrs
-#define yyerrflag Pk11Install_yyerrflag
-#define yyss Pk11Install_yyss
-#define yyssp Pk11Install_yyssp
-#define yyvs Pk11Install_yyvs
-#define yyvsp Pk11Install_yyvsp
-#define yylhs Pk11Install_yylhs
-#define yylen Pk11Install_yylen
-#define yydefred Pk11Install_yydefred
-#define yydgoto Pk11Install_yydgoto
-#define yysindex Pk11Install_yysindex
-#define yyrindex Pk11Install_yyrindex
-#define yygindex Pk11Install_yygindex
-#define yytable Pk11Install_yytable
-#define yycheck Pk11Install_yycheck
-#define yyname Pk11Install_yyname
-#define yyrule Pk11Install_yyrule
-
-/* C Stuff */
-#include "install-ds.h"
-#include <prprf.h>
-
-#define YYSTYPE Pk11Install_Pointer
-extern char *Pk11Install_yytext;
-char *Pk11Install_yyerrstr=NULL;
-
-%}
-
-/* Tokens */
-%token OPENBRACE
-%token CLOSEBRACE
-%token STRING
-%start toplist
-
-%%
-
-/*--------------------------- Productions -------------------------------*/
-
-toplist : valuelist
-{
- Pk11Install_valueList = $1.list;
-}
-
-valuelist : value valuelist
-{
- Pk11Install_ValueList_AddItem($2.list,$1.value);
- $$.list = $2.list;
-}
-|
-{
- $$.list = Pk11Install_ValueList_new();
-};
-
-value : key_value_pair
-{
- $$.value= Pk11Install_Value_new(PAIR_VALUE,$1);
-}
-| STRING
-{
- $$.value= Pk11Install_Value_new(STRING_VALUE, $1);
-};
-
-key_value_pair : key OPENBRACE valuelist CLOSEBRACE
-{
- $$.pair = Pk11Install_Pair_new($1.string,$3.list);
-};
-
-key : STRING
-{
- $$.string = $1.string;
-};
-
-%%
-/*----------------------- Program Section --------------------------------*/
-
-/*************************************************************************/
-void
-Pk11Install_yyerror(char *message)
-{
- char *tmp;
- if(Pk11Install_yyerrstr) {
- tmp=PR_smprintf("%sline %d: %s\n", Pk11Install_yyerrstr,
- Pk11Install_yylinenum, message);
- PR_smprintf_free(Pk11Install_yyerrstr);
- } else {
- tmp = PR_smprintf("line %d: %s\n", Pk11Install_yylinenum, message);
- }
- Pk11Install_yyerrstr=tmp;
-}
diff --git a/security/nss/cmd/modutil/instsec.c b/security/nss/cmd/modutil/instsec.c
deleted file mode 100644
index 031bca85a..000000000
--- a/security/nss/cmd/modutil/instsec.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include <plarena.h>
-#include <prio.h>
-#include <prprf.h>
-#include <seccomon.h>
-#include <secmod.h>
-#include <jar.h>
-#include <secutil.h>
-
-/* These are installation functions that make calls to the security library.
- * We don't want to include security include files in the C++ code too much.
- */
-
-static char* PR_fgets(char *buf, int size, PRFileDesc *file);
-
-/***************************************************************************
- *
- * P k 1 1 I n s t a l l _ A d d N e w M o d u l e
- */
-int
-Pk11Install_AddNewModule(char* moduleName, char* dllPath,
- unsigned long defaultMechanismFlags,
- unsigned long cipherEnableFlags)
-{
- return (SECMOD_AddNewModule(moduleName, dllPath,
- SECMOD_PubMechFlagstoInternal(defaultMechanismFlags),
- SECMOD_PubCipherFlagstoInternal(cipherEnableFlags))
- == SECSuccess) ? 0 : -1;
-}
-
-/*************************************************************************
- *
- * P k 1 1 I n s t a l l _ U s e r V e r i f y J a r
- *
- * Gives the user feedback on the signatures of a JAR files, asks them
- * whether they actually want to continue.
- * Assumes the jar structure has already been created and is valid.
- * Returns 0 if the user wants to continue the installation, nonzero
- * if the user wishes to abort.
- */
-short
-Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out, PRBool query)
-{
- JAR_Context *ctx;
- JAR_Cert *fing;
- JAR_Item *item;
- char stdinbuf[80];
- int count=0;
-
- CERTCertificate *cert, *prev=NULL;
-
- PR_fprintf(out, "\nThis installation JAR file was signed by:\n");
-
- ctx = JAR_find(jar, NULL, jarTypeSign);
-
- while(JAR_find_next(ctx, &item) >= 0 ) {
- fing = (JAR_Cert*) item->data;
- cert = fing->cert;
- if(cert==prev) {
- continue;
- }
-
- count++;
- PR_fprintf(out, "----------------------------------------------\n");
- if(cert) {
- if(cert->nickname) {
- PR_fprintf(out, "**NICKNAME**\n%s\n", cert->nickname);
- }
- if(cert->subjectName) {
- PR_fprintf(out, "**SUBJECT NAME**\n%s\n", cert->subjectName); }
- if(cert->issuerName) {
- PR_fprintf(out, "**ISSUER NAME**\n%s\n", cert->issuerName);
- }
- } else {
- PR_fprintf(out, "No matching certificate could be found.\n");
- }
- PR_fprintf(out, "----------------------------------------------\n\n");
-
- prev=cert;
- }
-
- JAR_find_end(ctx);
-
- if(count==0) {
- PR_fprintf(out, "No signatures found: JAR FILE IS UNSIGNED.\n");
- }
-
- if(query) {
- PR_fprintf(out,
-"Do you wish to continue this installation? (y/n) ");
-
- if(PR_fgets(stdinbuf, 80, PR_STDIN) != NULL) {
- char *response;
-
- if( (response=strtok(stdinbuf, " \t\n\r")) ) {
- if( !PL_strcasecmp(response, "y") ||
- !PL_strcasecmp(response, "yes") ) {
- return 0;
- }
- }
- }
- }
-
- return 1;
-}
-
-/**************************************************************************
- *
- * P R _ f g e t s
- *
- * fgets implemented with NSPR.
- */
-static char*
-PR_fgets(char *buf, int size, PRFileDesc *file)
-{
- int i;
- int status;
- char c;
-
- i=0;
- while(i < size-1) {
- status = PR_Read(file, (void*) &c, 1);
- if(status==-1) {
- return NULL;
- } else if(status==0) {
- break;
- }
- buf[i++] = c;
- if(c=='\n') {
- break;
- }
- }
- buf[i]='\0';
-
- return buf;
-}
-
-/**************************************************************************
- *
- * m y S E C U _ E r r o r S t r i n g
- *
- */
-char* mySECU_ErrorString(int16 errnum)
-{
- return SECU_Strerror(errnum);
-}
diff --git a/security/nss/cmd/modutil/lex.Pk11Install_yy.c b/security/nss/cmd/modutil/lex.Pk11Install_yy.c
deleted file mode 100644
index 3943503db..000000000
--- a/security/nss/cmd/modutil/lex.Pk11Install_yy.c
+++ /dev/null
@@ -1,1691 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#define yy_create_buffer Pk11Install_yy_create_buffer
-#define yy_delete_buffer Pk11Install_yy_delete_buffer
-#define yy_scan_buffer Pk11Install_yy_scan_buffer
-#define yy_scan_string Pk11Install_yy_scan_string
-#define yy_scan_bytes Pk11Install_yy_scan_bytes
-#define yy_flex_debug Pk11Install_yy_flex_debug
-#define yy_init_buffer Pk11Install_yy_init_buffer
-#define yy_flush_buffer Pk11Install_yy_flush_buffer
-#define yy_load_buffer_state Pk11Install_yy_load_buffer_state
-#define yy_switch_to_buffer Pk11Install_yy_switch_to_buffer
-#define yyin Pk11Install_yyin
-#define yyleng Pk11Install_yyleng
-#define yylex Pk11Install_yylex
-#define yyout Pk11Install_yyout
-#define yyrestart Pk11Install_yyrestart
-#define yytext Pk11Install_yytext
-#define yywrap Pk11Install_yywrap
-
-#line 20 "lex.Pk11Install_yy.c"
-/* A lexical scanner generated by flex */
-
-/* Scanner skeleton version:
- * $Header$
- */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-
-#include <stdio.h>
-
-
-/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
-#ifdef c_plusplus
-#ifndef __cplusplus
-#define __cplusplus
-#endif
-#endif
-
-
-#ifdef __cplusplus
-
-#include <stdlib.h>
-//#include <unistd.h>
-
-/* Use prototypes in function declarations. */
-#define YY_USE_PROTOS
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else /* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_PROTOS
-#define YY_USE_CONST
-
-#endif /* __STDC__ */
-#endif /* ! __cplusplus */
-
-#ifdef __TURBOC__
- #pragma warn -rch
- #pragma warn -use
-#include <io.h>
-#include <stdlib.h>
-#define YY_USE_CONST
-#define YY_USE_PROTOS
-#endif
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-
-#ifdef YY_USE_PROTOS
-#define YY_PROTO(proto) proto
-#else
-#define YY_PROTO(proto) ()
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index. If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition. This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN yy_start = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state. The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START ((yy_start - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart( yyin )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#define YY_BUF_SIZE 16384
-
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-
-extern int yyleng;
-extern FILE *yyin, *yyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-/* The funky do-while in the following #define is used to turn the definition
- * int a single C statement (which needs a semi-colon terminator). This
- * avoids problems with code like:
- *
- * if ( condition_holds )
- * yyless( 5 );
- * else
- * do_something_else();
- *
- * Prior to using the do-while the compiler would get upset at the
- * "else" because it interpreted the "if" statement as being all
- * done when it reached the ';' after the yyless() call.
- */
-
-/* Return all but the first 'n' matched characters back to the input stream. */
-
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- *yy_cp = yy_hold_char; \
- YY_RESTORE_YY_MORE_OFFSET \
- yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \
- YY_DO_BEFORE_ACTION; /* set up yytext again */ \
- } \
- while ( 0 )
-
-#define unput(c) yyunput( c, yytext_ptr )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-typedef unsigned int yy_size_t;
-
-
-struct yy_buffer_state
- {
- FILE *yy_input_file;
-
- char *yy_ch_buf; /* input buffer */
- char *yy_buf_pos; /* current position in input buffer */
-
- /* Size of input buffer in bytes, not including room for EOB
- * characters.
- */
- yy_size_t yy_buf_size;
-
- /* Number of characters read into yy_ch_buf, not including EOB
- * characters.
- */
- int yy_n_chars;
-
- /* Whether we "own" the buffer - i.e., we know we created it,
- * and can realloc() it to grow it, and should free() it to
- * delete it.
- */
- int yy_is_our_buffer;
-
- /* Whether this is an "interactive" input source; if so, and
- * if we're using stdio for input, then we want to use getc()
- * instead of fread(), to make sure we stop fetching input after
- * each newline.
- */
- int yy_is_interactive;
-
- /* Whether we're considered to be at the beginning of a line.
- * If so, '^' rules will be active on the next match, otherwise
- * not.
- */
- int yy_at_bol;
-
- /* Whether to try to fill the input buffer when we reach the
- * end of it.
- */
- int yy_fill_buffer;
-
- int yy_buffer_status;
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
- /* When an EOF's been seen but there's still some text to process
- * then we mark the buffer as YY_EOF_PENDING, to indicate that we
- * shouldn't try reading from the input source any more. We might
- * still have a bunch of tokens to match, though, because of
- * possible backing-up.
- *
- * When we actually see the EOF, we change the status to "new"
- * (via yyrestart()), so that the user can continue scanning by
- * just pointing yyin at a new input file.
- */
-#define YY_BUFFER_EOF_PENDING 2
- };
-
-static YY_BUFFER_STATE yy_current_buffer = 0;
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- */
-#define YY_CURRENT_BUFFER yy_current_buffer
-
-
-/* yy_hold_char holds the character lost when yytext is formed. */
-static char yy_hold_char;
-
-static int yy_n_chars; /* number of characters read into yy_ch_buf */
-
-
-int yyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 1; /* whether we need to initialize */
-static int yy_start = 0; /* start state number */
-
-/* Flag which is used to allow yywrap()'s to do buffer switches
- * instead of setting up a fresh yyin. A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void yyrestart YY_PROTO(( FILE *input_file ));
-
-void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer ));
-void yy_load_buffer_state YY_PROTO(( void ));
-YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size ));
-void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b ));
-void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file ));
-void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b ));
-#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer )
-
-YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size ));
-YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str ));
-YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len ));
-
-static void *yy_flex_alloc YY_PROTO(( yy_size_t ));
-static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t ));
-static void yy_flex_free YY_PROTO(( void * ));
-
-#define yy_new_buffer yy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
- { \
- if ( ! yy_current_buffer ) \
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
- yy_current_buffer->yy_is_interactive = is_interactive; \
- }
-
-#define yy_set_bol(at_bol) \
- { \
- if ( ! yy_current_buffer ) \
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
- yy_current_buffer->yy_at_bol = at_bol; \
- }
-
-#define YY_AT_BOL() (yy_current_buffer->yy_at_bol)
-
-typedef unsigned char YY_CHAR;
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-typedef int yy_state_type;
-extern char *yytext;
-#define yytext_ptr yytext
-
-static yy_state_type yy_get_previous_state YY_PROTO(( void ));
-static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state ));
-static int yy_get_next_buffer YY_PROTO(( void ));
-static void yy_fatal_error YY_PROTO(( yyconst char msg[] ));
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up yytext.
- */
-#define YY_DO_BEFORE_ACTION \
- yytext_ptr = yy_bp; \
- yyleng = (int) (yy_cp - yy_bp); \
- yy_hold_char = *yy_cp; \
- *yy_cp = '\0'; \
- yy_c_buf_p = yy_cp;
-
-#define YY_NUM_RULES 8
-#define YY_END_OF_BUFFER 9
-static yyconst short int yy_accept[16] =
- { 0,
- 0, 0, 9, 3, 6, 5, 7, 1, 2, 3,
- 6, 0, 0, 4, 0
- } ;
-
-static yyconst int yy_ec[256] =
- { 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
- 1, 1, 4, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 2, 1, 5, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 6, 1, 1, 1, 1, 1, 1, 1, 1,
-
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 7, 1, 8, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
-
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1
- } ;
-
-static yyconst int yy_meta[9] =
- { 0,
- 1, 2, 3, 4, 3, 1, 5, 5
- } ;
-
-static yyconst short int yy_base[19] =
- { 0,
- 0, 0, 19, 0, 0, 21, 12, 21, 21, 0,
- 0, 4, 6, 21, 21, 13, 11, 15
- } ;
-
-static yyconst short int yy_def[19] =
- { 0,
- 15, 1, 15, 16, 17, 15, 18, 15, 15, 16,
- 17, 18, 15, 15, 0, 15, 15, 15
- } ;
-
-static yyconst short int yy_nxt[30] =
- { 0,
- 4, 5, 6, 5, 7, 4, 8, 9, 14, 13,
- 12, 12, 11, 10, 11, 12, 12, 13, 15, 12,
- 3, 15, 15, 15, 15, 15, 15, 15, 15
- } ;
-
-static yyconst short int yy_chk[30] =
- { 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 12, 12,
- 13, 13, 17, 16, 17, 18, 18, 7, 3, 18,
- 15, 15, 15, 15, 15, 15, 15, 15, 15
- } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *yytext;
-#line 1 "installparse.l"
-#define INITIAL 0
-/* lex file for analyzing PKCS #11 Module installation instructions */
-/*----------------------------- Definitions ---------------------------*/
-#line 5 "installparse.l"
-#include <string.h>
-
-#include "install-ds.h" /* defines tokens and data structures */
-#include "installparse.h" /* produced by yacc -d */
-#include <prprf.h>
-static char *putSimpleString(char*); /* return copy of string */
-static char *putComplexString(char*); /* strip out quotes, deal with */
- /* escaped characters */
-
-void Pk11Install_yyerror(char *);
-
-/* Overrides to use NSPR */
-#define malloc PR_Malloc
-#define realloc PR_Realloc
-#define free PR_Free
-
-int Pk11Install_yylinenum=1;
-static char *err;
-
-#define YY_NEVER_INTERACTIVE 1
-#define yyunput Pkcs11Install_yyunput
-
-/* This is the default YY_INPUT modified for NSPR */
-#define YY_INPUT(buf,result,max_size) \
- if ( yy_current_buffer->yy_is_interactive ) { \
- char c; \
- int n; \
- for ( n = 0; n < max_size && \
- PR_Read(Pk11Install_FD, &c, 1)==1 && c != '\n'; ++n ) { \
- buf[n] = c; \
- } \
- if ( c == '\n' ) { \
- buf[n++] = c; \
- } \
- result = n; \
- } else { \
- result = PR_Read(Pk11Install_FD, buf, max_size); \
- }
-
-/*** Regular expression definitions ***/
-/* simple_string has no whitespace, quotes, or braces */
-/* complex_string is enclosed in quotes. Inside the quotes, quotes and
- backslashes must be backslash-escaped. Otherwise, anything goes. */
-/* Standard whitespace */
-/*---------------------------- Actions --------------------------------*/
-#line 437 "lex.Pk11Install_yy.cpp"
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int yywrap YY_PROTO(( void ));
-#else
-extern int yywrap YY_PROTO(( void ));
-#endif
-#endif
-
-#ifndef YY_NO_UNPUT
-static void yyunput YY_PROTO(( int c, char *buf_ptr ));
-#endif
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int ));
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen YY_PROTO(( yyconst char * ));
-#endif
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-static int yyinput YY_PROTO(( void ));
-#else
-static int input YY_PROTO(( void ));
-#endif
-#endif
-
-#if YY_STACK_USED
-static int yy_start_stack_ptr = 0;
-static int yy_start_stack_depth = 0;
-static int *yy_start_stack = 0;
-#ifndef YY_NO_PUSH_STATE
-static void yy_push_state YY_PROTO(( int new_state ));
-#endif
-#ifndef YY_NO_POP_STATE
-static void yy_pop_state YY_PROTO(( void ));
-#endif
-#ifndef YY_NO_TOP_STATE
-static int yy_top_state YY_PROTO(( void ));
-#endif
-
-#else
-#define YY_NO_PUSH_STATE 1
-#define YY_NO_POP_STATE 1
-#define YY_NO_TOP_STATE 1
-#endif
-
-#ifdef YY_MALLOC_DECL
-YY_MALLOC_DECL
-#else
-#if __STDC__
-#ifndef __cplusplus
-#include <stdlib.h>
-#endif
-#else
-/* Just try to get by without declaring the routines. This will fail
- * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int)
- * or sizeof(void*) != sizeof(int).
- */
-#endif
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
-#endif
-
-/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
- if ( yy_current_buffer->yy_is_interactive ) \
- { \
- int c = '*', n; \
- for ( n = 0; n < max_size && \
- (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
- buf[n] = (char) c; \
- if ( c == '\n' ) \
- buf[n++] = (char) c; \
- if ( c == EOF && ferror( yyin ) ) \
- YY_FATAL_ERROR( "input in flex scanner failed" ); \
- result = n; \
- } \
- else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \
- && ferror( yyin ) ) \
- YY_FATAL_ERROR( "input in flex scanner failed" );
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL int yylex YY_PROTO(( void ))
-#endif
-
-/* Code executed at the beginning of each rule, after yytext and yyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
- YY_USER_ACTION
-
-YY_DECL
- {
- register yy_state_type yy_current_state;
- register char *yy_cp, *yy_bp;
- register int yy_act;
-
-#line 60 "installparse.l"
-
-
-#line 591 "lex.Pk11Install_yy.cpp"
-
- if ( yy_init )
- {
- yy_init = 0;
-
-#ifdef YY_USER_INIT
- YY_USER_INIT;
-#endif
-
- if ( ! yy_start )
- yy_start = 1; /* first start state */
-
- if ( ! yyin )
- yyin = stdin;
-
- if ( ! yyout )
- yyout = stdout;
-
- if ( ! yy_current_buffer )
- yy_current_buffer =
- yy_create_buffer( yyin, YY_BUF_SIZE );
-
- yy_load_buffer_state();
- }
-
- while ( 1 ) /* loops until end-of-file is reached */
- {
- yy_cp = yy_c_buf_p;
-
- /* Support of yytext. */
- *yy_cp = yy_hold_char;
-
- /* yy_bp points to the position in yy_ch_buf of the start of
- * the current run.
- */
- yy_bp = yy_cp;
-
- yy_current_state = yy_start;
-yy_match:
- do
- {
- register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 16 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- ++yy_cp;
- }
- while ( yy_base[yy_current_state] != 21 );
-
-yy_find_action:
- yy_act = yy_accept[yy_current_state];
- if ( yy_act == 0 )
- { /* have to back up */
- yy_cp = yy_last_accepting_cpos;
- yy_current_state = yy_last_accepting_state;
- yy_act = yy_accept[yy_current_state];
- }
-
- YY_DO_BEFORE_ACTION;
-
-
-do_action: /* This label is used only to access EOF actions. */
-
-
- switch ( yy_act )
- { /* beginning of action switch */
- case 0: /* must back up */
- /* undo the effects of YY_DO_BEFORE_ACTION */
- *yy_cp = yy_hold_char;
- yy_cp = yy_last_accepting_cpos;
- yy_current_state = yy_last_accepting_state;
- goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
-#line 62 "installparse.l"
-return OPENBRACE;
- YY_BREAK
-case 2:
-YY_RULE_SETUP
-#line 63 "installparse.l"
-return CLOSEBRACE;
- YY_BREAK
-case 3:
-YY_RULE_SETUP
-#line 64 "installparse.l"
-{Pk11Install_yylval.string =
- putSimpleString(Pk11Install_yytext);
- return STRING;}
- YY_BREAK
-case 4:
-YY_RULE_SETUP
-#line 67 "installparse.l"
-{Pk11Install_yylval.string =
- putComplexString(Pk11Install_yytext);
- return STRING;}
- YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 71 "installparse.l"
-Pk11Install_yylinenum++;
- YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 73 "installparse.l"
-;
- YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 75 "installparse.l"
-{err = PR_smprintf("Invalid lexeme: %s",Pk11Install_yytext);
- Pk11Install_yyerror(err);
- PR_smprintf_free(err);
- return 1;
- }
- YY_BREAK
-case 8:
-YY_RULE_SETUP
-#line 81 "installparse.l"
-ECHO;
- YY_BREAK
-#line 722 "lex.Pk11Install_yy.cpp"
-case YY_STATE_EOF(INITIAL):
- yyterminate();
-
- case YY_END_OF_BUFFER:
- {
- /* Amount of text matched not including the EOB char. */
- int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1;
-
- /* Undo the effects of YY_DO_BEFORE_ACTION. */
- *yy_cp = yy_hold_char;
- YY_RESTORE_YY_MORE_OFFSET
-
- if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW )
- {
- /* We're scanning a new file or input source. It's
- * possible that this happened because the user
- * just pointed yyin at a new source and called
- * yylex(). If so, then we have to assure
- * consistency between yy_current_buffer and our
- * globals. Here is the right place to do so, because
- * this is the first action (other than possibly a
- * back-up) that will match for the new input source.
- */
- yy_n_chars = yy_current_buffer->yy_n_chars;
- yy_current_buffer->yy_input_file = yyin;
- yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
- }
-
- /* Note that here we test for yy_c_buf_p "<=" to the position
- * of the first EOB in the buffer, since yy_c_buf_p will
- * already have been incremented past the NUL character
- * (since all states make transitions on EOB to the
- * end-of-buffer state). Contrast this with the test
- * in input().
- */
- if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] )
- { /* This was really a NUL. */
- yy_state_type yy_next_state;
-
- yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state();
-
- /* Okay, we're now positioned to make the NUL
- * transition. We couldn't have
- * yy_get_previous_state() go ahead and do it
- * for us because it doesn't know how to deal
- * with the possibility of jamming (and we don't
- * want to build jamming into it because then it
- * will run more slowly).
- */
-
- yy_next_state = yy_try_NUL_trans( yy_current_state );
-
- yy_bp = yytext_ptr + YY_MORE_ADJ;
-
- if ( yy_next_state )
- {
- /* Consume the NUL. */
- yy_cp = ++yy_c_buf_p;
- yy_current_state = yy_next_state;
- goto yy_match;
- }
-
- else
- {
- yy_cp = yy_c_buf_p;
- goto yy_find_action;
- }
- }
-
- else switch ( yy_get_next_buffer() )
- {
- case EOB_ACT_END_OF_FILE:
- {
- yy_did_buffer_switch_on_eof = 0;
-
- if ( yywrap() )
- {
- /* Note: because we've taken care in
- * yy_get_next_buffer() to have set up
- * yytext, we can now set up
- * yy_c_buf_p so that if some total
- * hoser (like flex itself) wants to
- * call the scanner after we return the
- * YY_NULL, it'll still work - another
- * YY_NULL will get returned.
- */
- yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
-
- yy_act = YY_STATE_EOF(YY_START);
- goto do_action;
- }
-
- else
- {
- if ( ! yy_did_buffer_switch_on_eof )
- YY_NEW_FILE;
- }
- break;
- }
-
- case EOB_ACT_CONTINUE_SCAN:
- yy_c_buf_p =
- yytext_ptr + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state();
-
- yy_cp = yy_c_buf_p;
- yy_bp = yytext_ptr + YY_MORE_ADJ;
- goto yy_match;
-
- case EOB_ACT_LAST_MATCH:
- yy_c_buf_p =
- &yy_current_buffer->yy_ch_buf[yy_n_chars];
-
- yy_current_state = yy_get_previous_state();
-
- yy_cp = yy_c_buf_p;
- yy_bp = yytext_ptr + YY_MORE_ADJ;
- goto yy_find_action;
- }
- break;
- }
-
- default:
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--no action found" );
- } /* end of action switch */
- } /* end of scanning one token */
- } /* end of yylex */
-
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- * EOB_ACT_LAST_MATCH -
- * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- * EOB_ACT_END_OF_FILE - end of file
- */
-
-static int yy_get_next_buffer()
- {
- register char *dest = yy_current_buffer->yy_ch_buf;
- register char *source = yytext_ptr;
- register int number_to_move, i;
- int ret_val;
-
- if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] )
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--end of buffer missed" );
-
- if ( yy_current_buffer->yy_fill_buffer == 0 )
- { /* Don't try to fill the buffer, so this is an EOF. */
- if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 )
- {
- /* We matched a single character, the EOB, so
- * treat this as a final EOF.
- */
- return EOB_ACT_END_OF_FILE;
- }
-
- else
- {
- /* We matched some text prior to the EOB, first
- * process it.
- */
- return EOB_ACT_LAST_MATCH;
- }
- }
-
- /* Try to read more data. */
-
- /* First move last chars to start of buffer. */
- number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1;
-
- for ( i = 0; i < number_to_move; ++i )
- *(dest++) = *(source++);
-
- if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING )
- /* don't do the read, it's not guaranteed to return an EOF,
- * just force an EOF
- */
- yy_current_buffer->yy_n_chars = yy_n_chars = 0;
-
- else
- {
- int num_to_read =
- yy_current_buffer->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )
- { /* Not enough room in the buffer - grow it. */
-#ifdef YY_USES_REJECT
- YY_FATAL_ERROR(
-"input buffer overflow, can't enlarge buffer because scanner uses REJECT" );
-#else
-
- /* just a shorter name for the current buffer */
- YY_BUFFER_STATE b = yy_current_buffer;
-
- int yy_c_buf_p_offset =
- (int) (yy_c_buf_p - b->yy_ch_buf);
-
- if ( b->yy_is_our_buffer )
- {
- int new_size = b->yy_buf_size * 2;
-
- if ( new_size <= 0 )
- b->yy_buf_size += b->yy_buf_size / 8;
- else
- b->yy_buf_size *= 2;
-
- b->yy_ch_buf = (char *)
- /* Include room in for 2 EOB chars. */
- yy_flex_realloc( (void *) b->yy_ch_buf,
- b->yy_buf_size + 2 );
- }
- else
- /* Can't grow it, we don't own it. */
- b->yy_ch_buf = 0;
-
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR(
- "fatal error - scanner input buffer overflow" );
-
- yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
-
- num_to_read = yy_current_buffer->yy_buf_size -
- number_to_move - 1;
-#endif
- }
-
- if ( num_to_read > YY_READ_BUF_SIZE )
- num_to_read = YY_READ_BUF_SIZE;
-
- /* Read in more data. */
- YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]),
- yy_n_chars, num_to_read );
-
- yy_current_buffer->yy_n_chars = yy_n_chars;
- }
-
- if ( yy_n_chars == 0 )
- {
- if ( number_to_move == YY_MORE_ADJ )
- {
- ret_val = EOB_ACT_END_OF_FILE;
- yyrestart( yyin );
- }
-
- else
- {
- ret_val = EOB_ACT_LAST_MATCH;
- yy_current_buffer->yy_buffer_status =
- YY_BUFFER_EOF_PENDING;
- }
- }
-
- else
- ret_val = EOB_ACT_CONTINUE_SCAN;
-
- yy_n_chars += number_to_move;
- yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
- yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
-
- yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
-
- return ret_val;
- }
-
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-static yy_state_type yy_get_previous_state()
- {
- register yy_state_type yy_current_state;
- register char *yy_cp;
-
- yy_current_state = yy_start;
-
- for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp )
- {
- register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 16 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- }
-
- return yy_current_state;
- }
-
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- * next_state = yy_try_NUL_trans( current_state );
- */
-
-#ifdef YY_USE_PROTOS
-static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state )
-#else
-static yy_state_type yy_try_NUL_trans( yy_current_state )
-yy_state_type yy_current_state;
-#endif
- {
- register int yy_is_jam;
- register char *yy_cp = yy_c_buf_p;
-
- register YY_CHAR yy_c = 1;
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 16 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- yy_is_jam = (yy_current_state == 15);
-
- return yy_is_jam ? 0 : yy_current_state;
- }
-
-
-#ifndef YY_NO_UNPUT
-#ifdef YY_USE_PROTOS
-static void yyunput( int c, register char *yy_bp )
-#else
-static void yyunput( c, yy_bp )
-int c;
-register char *yy_bp;
-#endif
- {
- register char *yy_cp = yy_c_buf_p;
-
- /* undo effects of setting up yytext */
- *yy_cp = yy_hold_char;
-
- if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
- { /* need to shift things up to make room */
- /* +2 for EOB chars. */
- register int number_to_move = yy_n_chars + 2;
- register char *dest = &yy_current_buffer->yy_ch_buf[
- yy_current_buffer->yy_buf_size + 2];
- register char *source =
- &yy_current_buffer->yy_ch_buf[number_to_move];
-
- while ( source > yy_current_buffer->yy_ch_buf )
- *--dest = *--source;
-
- yy_cp += (int) (dest - source);
- yy_bp += (int) (dest - source);
- yy_current_buffer->yy_n_chars =
- yy_n_chars = yy_current_buffer->yy_buf_size;
-
- if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
- YY_FATAL_ERROR( "flex scanner push-back overflow" );
- }
-
- *--yy_cp = (char) c;
-
-
- yytext_ptr = yy_bp;
- yy_hold_char = *yy_cp;
- yy_c_buf_p = yy_cp;
- }
-#endif /* ifndef YY_NO_UNPUT */
-
-
-#ifdef __cplusplus
-static int yyinput()
-#else
-static int input()
-#endif
- {
- int c;
-
- *yy_c_buf_p = yy_hold_char;
-
- if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR )
- {
- /* yy_c_buf_p now points to the character we want to return.
- * If this occurs *before* the EOB characters, then it's a
- * valid NUL; if not, then we've hit the end of the buffer.
- */
- if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] )
- /* This was really a NUL. */
- *yy_c_buf_p = '\0';
-
- else
- { /* need more input */
- int offset = yy_c_buf_p - yytext_ptr;
- ++yy_c_buf_p;
-
- switch ( yy_get_next_buffer() )
- {
- case EOB_ACT_LAST_MATCH:
- /* This happens because yy_g_n_b()
- * sees that we've accumulated a
- * token and flags that we need to
- * try matching the token before
- * proceeding. But for input(),
- * there's no matching to consider.
- * So convert the EOB_ACT_LAST_MATCH
- * to EOB_ACT_END_OF_FILE.
- */
-
- /* Reset buffer status. */
- yyrestart( yyin );
-
- /* fall through */
-
- case EOB_ACT_END_OF_FILE:
- {
- if ( yywrap() )
- return EOF;
-
- if ( ! yy_did_buffer_switch_on_eof )
- YY_NEW_FILE;
-#ifdef __cplusplus
- return yyinput();
-#else
- return input();
-#endif
- }
-
- case EOB_ACT_CONTINUE_SCAN:
- yy_c_buf_p = yytext_ptr + offset;
- break;
- }
- }
- }
-
- c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */
- *yy_c_buf_p = '\0'; /* preserve yytext */
- yy_hold_char = *++yy_c_buf_p;
-
-
- return c;
- }
-
-
-#ifdef YY_USE_PROTOS
-void yyrestart( FILE *input_file )
-#else
-void yyrestart( input_file )
-FILE *input_file;
-#endif
- {
- if ( ! yy_current_buffer )
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE );
-
- yy_init_buffer( yy_current_buffer, input_file );
- yy_load_buffer_state();
- }
-
-
-#ifdef YY_USE_PROTOS
-void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer )
-#else
-void yy_switch_to_buffer( new_buffer )
-YY_BUFFER_STATE new_buffer;
-#endif
- {
- if ( yy_current_buffer == new_buffer )
- return;
-
- if ( yy_current_buffer )
- {
- /* Flush out information for old buffer. */
- *yy_c_buf_p = yy_hold_char;
- yy_current_buffer->yy_buf_pos = yy_c_buf_p;
- yy_current_buffer->yy_n_chars = yy_n_chars;
- }
-
- yy_current_buffer = new_buffer;
- yy_load_buffer_state();
-
- /* We don't actually know whether we did this switch during
- * EOF (yywrap()) processing, but the only time this flag
- * is looked at is after yywrap() is called, so it's safe
- * to go ahead and always set it.
- */
- yy_did_buffer_switch_on_eof = 1;
- }
-
-
-#ifdef YY_USE_PROTOS
-void yy_load_buffer_state( void )
-#else
-void yy_load_buffer_state()
-#endif
- {
- yy_n_chars = yy_current_buffer->yy_n_chars;
- yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
- yyin = yy_current_buffer->yy_input_file;
- yy_hold_char = *yy_c_buf_p;
- }
-
-
-#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_create_buffer( FILE *file, int size )
-#else
-YY_BUFFER_STATE yy_create_buffer( file, size )
-FILE *file;
-int size;
-#endif
- {
- YY_BUFFER_STATE b;
-
- b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
- b->yy_buf_size = size;
-
- /* yy_ch_buf has to be 2 characters longer than the size given because
- * we need to put in 2 end-of-buffer characters.
- */
- b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 );
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
- b->yy_is_our_buffer = 1;
-
- yy_init_buffer( b, file );
-
- return b;
- }
-
-
-#ifdef YY_USE_PROTOS
-void yy_delete_buffer( YY_BUFFER_STATE b )
-#else
-void yy_delete_buffer( b )
-YY_BUFFER_STATE b;
-#endif
- {
- if ( ! b )
- return;
-
- if ( b == yy_current_buffer )
- yy_current_buffer = (YY_BUFFER_STATE) 0;
-
- if ( b->yy_is_our_buffer )
- yy_flex_free( (void *) b->yy_ch_buf );
-
- yy_flex_free( (void *) b );
- }
-
-
-#ifndef YY_ALWAYS_INTERACTIVE
-#ifndef YY_NEVER_INTERACTIVE
-extern int isatty YY_PROTO(( int ));
-#endif
-#endif
-
-#ifdef YY_USE_PROTOS
-void yy_init_buffer( YY_BUFFER_STATE b, FILE *file )
-#else
-void yy_init_buffer( b, file )
-YY_BUFFER_STATE b;
-FILE *file;
-#endif
-
-
- {
- yy_flush_buffer( b );
-
- b->yy_input_file = file;
- b->yy_fill_buffer = 1;
-
-#if YY_ALWAYS_INTERACTIVE
- b->yy_is_interactive = 1;
-#else
-#if YY_NEVER_INTERACTIVE
- b->yy_is_interactive = 0;
-#else
- b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-#endif
-#endif
- }
-
-
-#ifdef YY_USE_PROTOS
-void yy_flush_buffer( YY_BUFFER_STATE b )
-#else
-void yy_flush_buffer( b )
-YY_BUFFER_STATE b;
-#endif
-
- {
- if ( ! b )
- return;
-
- b->yy_n_chars = 0;
-
- /* We always need two end-of-buffer characters. The first causes
- * a transition to the end-of-buffer state. The second causes
- * a jam in that state.
- */
- b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
- b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
- b->yy_buf_pos = &b->yy_ch_buf[0];
-
- b->yy_at_bol = 1;
- b->yy_buffer_status = YY_BUFFER_NEW;
-
- if ( b == yy_current_buffer )
- yy_load_buffer_state();
- }
-
-
-#ifndef YY_NO_SCAN_BUFFER
-#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size )
-#else
-YY_BUFFER_STATE yy_scan_buffer( base, size )
-char *base;
-yy_size_t size;
-#endif
- {
- YY_BUFFER_STATE b;
-
- if ( size < 2 ||
- base[size-2] != YY_END_OF_BUFFER_CHAR ||
- base[size-1] != YY_END_OF_BUFFER_CHAR )
- /* They forgot to leave room for the EOB's. */
- return 0;
-
- b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
- b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
- b->yy_buf_pos = b->yy_ch_buf = base;
- b->yy_is_our_buffer = 0;
- b->yy_input_file = 0;
- b->yy_n_chars = b->yy_buf_size;
- b->yy_is_interactive = 0;
- b->yy_at_bol = 1;
- b->yy_fill_buffer = 0;
- b->yy_buffer_status = YY_BUFFER_NEW;
-
- yy_switch_to_buffer( b );
-
- return b;
- }
-#endif
-
-
-#ifndef YY_NO_SCAN_STRING
-#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str )
-#else
-YY_BUFFER_STATE yy_scan_string( yy_str )
-yyconst char *yy_str;
-#endif
- {
- int len;
- for ( len = 0; yy_str[len]; ++len )
- ;
-
- return yy_scan_bytes( yy_str, len );
- }
-#endif
-
-
-#ifndef YY_NO_SCAN_BYTES
-#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len )
-#else
-YY_BUFFER_STATE yy_scan_bytes( bytes, len )
-yyconst char *bytes;
-int len;
-#endif
- {
- YY_BUFFER_STATE b;
- char *buf;
- yy_size_t n;
- int i;
-
- /* Get memory for full buffer, including space for trailing EOB's. */
- n = len + 2;
- buf = (char *) yy_flex_alloc( n );
- if ( ! buf )
- YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
-
- for ( i = 0; i < len; ++i )
- buf[i] = bytes[i];
-
- buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
-
- b = yy_scan_buffer( buf, n );
- if ( ! b )
- YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
-
- /* It's okay to grow etc. this buffer, and we should throw it
- * away when we're done.
- */
- b->yy_is_our_buffer = 1;
-
- return b;
- }
-#endif
-
-
-#ifndef YY_NO_PUSH_STATE
-#ifdef YY_USE_PROTOS
-static void yy_push_state( int new_state )
-#else
-static void yy_push_state( new_state )
-int new_state;
-#endif
- {
- if ( yy_start_stack_ptr >= yy_start_stack_depth )
- {
- yy_size_t new_size;
-
- yy_start_stack_depth += YY_START_STACK_INCR;
- new_size = yy_start_stack_depth * sizeof( int );
-
- if ( ! yy_start_stack )
- yy_start_stack = (int *) yy_flex_alloc( new_size );
-
- else
- yy_start_stack = (int *) yy_flex_realloc(
- (void *) yy_start_stack, new_size );
-
- if ( ! yy_start_stack )
- YY_FATAL_ERROR(
- "out of memory expanding start-condition stack" );
- }
-
- yy_start_stack[yy_start_stack_ptr++] = YY_START;
-
- BEGIN(new_state);
- }
-#endif
-
-
-#ifndef YY_NO_POP_STATE
-static void yy_pop_state()
- {
- if ( --yy_start_stack_ptr < 0 )
- YY_FATAL_ERROR( "start-condition stack underflow" );
-
- BEGIN(yy_start_stack[yy_start_stack_ptr]);
- }
-#endif
-
-
-#ifndef YY_NO_TOP_STATE
-static int yy_top_state()
- {
- return yy_start_stack[yy_start_stack_ptr - 1];
- }
-#endif
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-#ifdef YY_USE_PROTOS
-static void yy_fatal_error( yyconst char msg[] )
-#else
-static void yy_fatal_error( msg )
-char msg[];
-#endif
- {
- (void) fprintf( stderr, "%s\n", msg );
- exit( YY_EXIT_FAILURE );
- }
-
-
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- yytext[yyleng] = yy_hold_char; \
- yy_c_buf_p = yytext + n; \
- yy_hold_char = *yy_c_buf_p; \
- *yy_c_buf_p = '\0'; \
- yyleng = n; \
- } \
- while ( 0 )
-
-
-/* Internal utility routines. */
-
-#ifndef yytext_ptr
-#ifdef YY_USE_PROTOS
-static void yy_flex_strncpy( char *s1, yyconst char *s2, int n )
-#else
-static void yy_flex_strncpy( s1, s2, n )
-char *s1;
-yyconst char *s2;
-int n;
-#endif
- {
- register int i;
- for ( i = 0; i < n; ++i )
- s1[i] = s2[i];
- }
-#endif
-
-#ifdef YY_NEED_STRLEN
-#ifdef YY_USE_PROTOS
-static int yy_flex_strlen( yyconst char *s )
-#else
-static int yy_flex_strlen( s )
-yyconst char *s;
-#endif
- {
- register int n;
- for ( n = 0; s[n]; ++n )
- ;
-
- return n;
- }
-#endif
-
-
-#ifdef YY_USE_PROTOS
-static void *yy_flex_alloc( yy_size_t size )
-#else
-static void *yy_flex_alloc( size )
-yy_size_t size;
-#endif
- {
- return (void *) malloc( size );
- }
-
-#ifdef YY_USE_PROTOS
-static void *yy_flex_realloc( void *ptr, yy_size_t size )
-#else
-static void *yy_flex_realloc( ptr, size )
-void *ptr;
-yy_size_t size;
-#endif
- {
- /* The cast to (char *) in the following accommodates both
- * implementations that use char* generic pointers, and those
- * that use void* generic pointers. It works with the latter
- * because both ANSI C and C++ allow castless assignment from
- * any pointer type to void*, and deal with argument conversions
- * as though doing an assignment.
- */
- return (void *) realloc( (char *) ptr, size );
- }
-
-#ifdef YY_USE_PROTOS
-static void yy_flex_free( void *ptr )
-#else
-static void yy_flex_free( ptr )
-void *ptr;
-#endif
- {
- free( ptr );
- }
-
-#if YY_MAIN
-int main()
- {
- yylex();
- return 0;
- }
-#endif
-#line 81 "installparse.l"
-
-/*------------------------ Program Section ----------------------------*/
-
-PRFileDesc *Pk11Install_FD=NULL;
-
-/*************************************************************************/
-/* dummy function required by lex */
-int Pk11Install_yywrap(void) { return 1;}
-
-/*************************************************************************/
-/* Return a copy of the given string */
-static char*
-putSimpleString(char *str)
-{
- char *tmp = (char*) PR_Malloc(strlen(str)+1);
- strcpy(tmp, str);
- return tmp;
-}
-
-/*************************************************************************/
-/* Strip out quotes, replace escaped characters with what they stand for.
- This function assumes that what is passed in is actually a complex
- string, so error checking is lax. */
-static char*
-putComplexString(char *str)
-{
- int size, i,j;
- char *tmp;
-
- if(!str) {
- return NULL;
- }
- size = strlen(str);
-
- /* Allocate the new space. This string will actually be too big,
- since quotes and backslashes will be stripped out. But that's ok. */
- tmp = (char*) PR_Malloc(size+1);
-
- /* Copy it over */
- for(i=0, j=0; i < size; i++) {
- if(str[i]=='\"') {
- continue; /* skip un-escaped quotes */
- } else if(str[i]=='\\') {
- ++i; /* escaped character. skip the backslash */
- }
- tmp[j++] = str[i];
- }
- tmp[j] = '\0';
-
- return tmp;
-}
diff --git a/security/nss/cmd/modutil/manifest.mn b/security/nss/cmd/modutil/manifest.mn
deleted file mode 100644
index 47600a284..000000000
--- a/security/nss/cmd/modutil/manifest.mn
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = sectools
-
-EXPORTS =
-
-CSRCS = modutil.c \
- pk11.c \
- instsec.c \
- install.c \
- installparse.c \
- install-ds.c \
- lex.Pk11Install_yy.c \
- $(NULL)
-
-CPPSRCS =
-
-PROGRAM = modutil
-
-REQUIRES = seccmd security dbm
-
-DEFINES = -DNSPR20
-
-INCLUDES =
diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c
deleted file mode 100644
index 655e8c96b..000000000
--- a/security/nss/cmd/modutil/modutil.c
+++ /dev/null
@@ -1,873 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "modutil.h"
-#include "install.h"
-#include <plstr.h>
-#include "secrng.h"
-#include "certdb.h" /* for CERT_DB_FILE_VERSION */
-
-static void install_error(char *message);
-static char* PR_fgets(char *buf, int size, PRFileDesc *file);
-
-/* This enum must be kept in sync with the commandNames list */
-typedef enum {
- NO_COMMAND,
- ADD_COMMAND,
- CHANGEPW_COMMAND,
- CREATE_COMMAND,
- DEFAULT_COMMAND,
- DELETE_COMMAND,
- DISABLE_COMMAND,
- ENABLE_COMMAND,
- FIPS_COMMAND,
- JAR_COMMAND,
- LIST_COMMAND,
- UNDEFAULT_COMMAND
-} Command;
-
-/* This list must be kept in sync with the Command enum */
-static char *commandNames[] = {
- "(no command)",
- "-add",
- "-changepw",
- "-create",
- "-default",
- "-delete",
- "-disable",
- "-enable",
- "-fips",
- "-jar",
- "-list",
- "-undefault"
-};
-
-
-/* this enum must be kept in sync with the optionStrings list */
-typedef enum {
- ADD_ARG=0,
- CHANGEPW_ARG,
- CIPHERS_ARG,
- CREATE_ARG,
- DBDIR_ARG,
- DEFAULT_ARG,
- DELETE_ARG,
- DISABLE_ARG,
- ENABLE_ARG,
- FIPS_ARG,
- FORCE_ARG,
- JAR_ARG,
- LIBFILE_ARG,
- LIST_ARG,
- MECHANISMS_ARG,
- NEWPWFILE_ARG,
- PWFILE_ARG,
- SLOT_ARG,
- UNDEFAULT_ARG,
- INSTALLDIR_ARG,
- TEMPDIR_ARG,
- NOCERTDB_ARG,
-
- NUM_ARGS /* must be last */
-} Arg;
-
-/* This list must be kept in sync with the Arg enum */
-static char *optionStrings[] = {
- "-add",
- "-changepw",
- "-ciphers",
- "-create",
- "-dbdir",
- "-default",
- "-delete",
- "-disable",
- "-enable",
- "-fips",
- "-force",
- "-jar",
- "-libfile",
- "-list",
- "-mechanisms",
- "-newpwfile",
- "-pwfile",
- "-slot",
- "-undefault",
- "-installdir",
- "-tempdir",
- "-nocertdb"
-};
-
-/* Increment i if doing so would have i still be less than j. If you
- are able to do this, return 0. Otherwise return 1. */
-#define TRY_INC(i,j) ( ((i+1)<j) ? (++i, 0) : 1 )
-
-/********************************************************************
- *
- * file-wide variables obtained from the command line
- */
-static Command command = NO_COMMAND;
-static char* pwFile = NULL;
-static char* newpwFile = NULL;
-static char* moduleName = NULL;
-static char* slotName = NULL;
-static char* tokenName = NULL;
-static char* libFile = NULL;
-static char* dbdir = NULL;
-static char* mechanisms = NULL;
-static char* ciphers = NULL;
-static char* fipsArg = NULL;
-static char* jarFile = NULL;
-static char* installDir = NULL;
-static char* tempDir = NULL;
-static short force = 0;
-static PRBool nocertdb = PR_FALSE;
-
-/*******************************************************************
- *
- * p a r s e _ a r g s
- */
-static Error
-parse_args(int argc, char *argv[])
-{
- int i;
- char *arg;
- int optionType;
-
- /* Loop over all arguments */
- for(i=1; i < argc; i++) {
- arg = argv[i];
-
- /* Make sure this is an option and not some floating argument */
- if(arg[0] != '-') {
- PR_fprintf(PR_STDERR, errStrings[UNEXPECTED_ARG_ERR], argv[i]);
- return UNEXPECTED_ARG_ERR;
- }
-
- /* Find which option this is */
- for(optionType=0; optionType < NUM_ARGS; optionType++) {
- if(! strcmp(arg, optionStrings[optionType])) {
- break;
- }
- }
-
- /* Deal with this specific option */
- switch(optionType) {
- case NUM_ARGS:
- default:
- PR_fprintf(PR_STDERR, errStrings[UNKNOWN_OPTION_ERR], arg);
- return UNKNOWN_OPTION_ERR;
- break;
- case ADD_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = ADD_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- moduleName = argv[i];
- break;
- case CHANGEPW_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = CHANGEPW_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- tokenName = argv[i];
- break;
- case CIPHERS_ARG:
- if(ciphers != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- ciphers = argv[i];
- break;
- case CREATE_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = CREATE_COMMAND;
- break;
- case DBDIR_ARG:
- if(dbdir != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- dbdir = argv[i];
- break;
- case UNDEFAULT_ARG:
- case DEFAULT_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- if(optionType == DEFAULT_ARG) {
- command = DEFAULT_COMMAND;
- } else {
- command = UNDEFAULT_COMMAND;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- moduleName = argv[i];
- break;
- case DELETE_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = DELETE_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- moduleName = argv[i];
- break;
- case DISABLE_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = DISABLE_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- moduleName = argv[i];
- break;
- case ENABLE_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = ENABLE_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- moduleName = argv[i];
- break;
- case FIPS_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = FIPS_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- fipsArg = argv[i];
- break;
- case FORCE_ARG:
- force = 1;
- break;
- case NOCERTDB_ARG:
- nocertdb = PR_TRUE;
- break;
- case INSTALLDIR_ARG:
- if(installDir != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- installDir = argv[i];
- break;
- case TEMPDIR_ARG:
- if(tempDir != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- tempDir = argv[i];
- break;
- case JAR_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = JAR_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- jarFile = argv[i];
- break;
- case LIBFILE_ARG:
- if(libFile != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- libFile = argv[i];
- break;
- case LIST_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = LIST_COMMAND;
- /* This option may or may not have an argument */
- if( (i+1 < argc) && (argv[i+1][0] != '-') ) {
- moduleName = argv[++i];
- }
- break;
- case MECHANISMS_ARG:
- if(mechanisms != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- mechanisms = argv[i];
- break;
- case NEWPWFILE_ARG:
- if(newpwFile != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- newpwFile = argv[i];
- break;
- case PWFILE_ARG:
- if(pwFile != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- pwFile = argv[i];
- break;
- case SLOT_ARG:
- if(slotName != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- slotName = argv[i];
- break;
- }
- }
- return SUCCESS;
-}
-
-/************************************************************************
- *
- * v e r i f y _ p a r a m s
- */
-static Error
-verify_params()
-{
- switch(command) {
- case ADD_COMMAND:
- if(libFile == NULL) {
- PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
- commandNames[ADD_COMMAND], optionStrings[LIBFILE_ARG]);
- return MISSING_PARAM_ERR;
- }
- break;
- case CHANGEPW_COMMAND:
- break;
- case CREATE_COMMAND:
- break;
- case DELETE_COMMAND:
- break;
- case DISABLE_COMMAND:
- break;
- case ENABLE_COMMAND:
- break;
- case FIPS_COMMAND:
- if(PL_strcasecmp(fipsArg, "true") &&
- PL_strcasecmp(fipsArg, "false")) {
- PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
- return INVALID_FIPS_ARG;
- }
- break;
- case JAR_COMMAND:
- if(installDir == NULL) {
- PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
- commandNames[JAR_COMMAND], optionStrings[INSTALLDIR_ARG]);
- return MISSING_PARAM_ERR;
- }
- break;
- case LIST_COMMAND:
- break;
- case UNDEFAULT_COMMAND:
- case DEFAULT_COMMAND:
- if(mechanisms == NULL) {
- PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
- commandNames[command], optionStrings[MECHANISMS_ARG]);
- return MISSING_PARAM_ERR;
- }
- break;
- default:
- /* Ignore this here */
- break;
- }
-
- return SUCCESS;
-}
-
-/********************************************************************
- *
- * i n i t _ c r y p t o
- *
- * Does crypto initialization that all commands will require.
- * If -nocertdb option is specified, don't open key or cert db (we don't
- * need them if we aren't going to be verifying signatures). This is
- * because serverland doesn't always have cert and key database files
- * available.
- */
-static Error
-init_crypto(PRBool create, PRBool readOnly)
-{
- char *moddbname=NULL, *dir, *keydbname, *certdbname;
- PRBool free_moddbname = PR_FALSE;
- Error retval;
-
- if(SECU_ConfigDirectory(dbdir)[0] == '\0') {
- PR_fprintf(PR_STDERR, errStrings[NO_DBDIR_ERR]);
- retval=NO_DBDIR_ERR;
- goto loser;
- }
- moddbname = SECU_SECModDBName(); /* this changes later in the function */
- dir = SECU_ConfigDirectory(NULL);
- keydbname = SECU_KeyDBNameCallback(NULL, PRIVATE_KEY_DB_FILE_VERSION);
- certdbname = SECU_CertDBNameCallback(NULL, CERT_DB_FILE_VERSION);
-
- /* Make sure db directory exists and is readable */
- if(PR_Access(dir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dir);
- retval = DIR_DOESNT_EXIST_ERR;
- goto loser;
- } else if(PR_Access(dir, PR_ACCESS_READ_OK) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dir);
- retval = DIR_NOT_READABLE_ERR;
- goto loser;
- }
-
- /* Check for the proper permissions on databases */
- if(create) {
- /* Make sure dbs don't already exist, and the directory is
- writeable */
- if(PR_Access(moddbname, PR_ACCESS_EXISTS)==PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_ALREADY_EXISTS_ERR],
- moddbname);
- retval=FILE_ALREADY_EXISTS_ERR;
- goto loser;
- } else if(PR_Access(keydbname, PR_ACCESS_EXISTS)==PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_ALREADY_EXISTS_ERR], keydbname);
- retval=FILE_ALREADY_EXISTS_ERR;
- goto loser;
- } else if(PR_Access(certdbname, PR_ACCESS_EXISTS)==PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_ALREADY_EXISTS_ERR],certdbname);
- retval=FILE_ALREADY_EXISTS_ERR;
- goto loser;
- } else if(PR_Access(dir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dir);
- retval=DIR_NOT_WRITEABLE_ERR;
- goto loser;
- }
- } else {
- /* Make sure dbs are readable and writeable */
- if(PR_Access(moddbname, PR_ACCESS_READ_OK) != PR_SUCCESS) {
-#ifndef XP_PC
- /* in serverland, they always use secmod.db, even on UNIX. Try
- this */
- moddbname = PR_smprintf("%s/secmod.db", dir);
- free_moddbname = PR_TRUE;
- if(PR_Access(moddbname, PR_ACCESS_READ_OK) != PR_SUCCESS) {
-#endif
- PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], moddbname);
- retval=FILE_NOT_READABLE_ERR;
- goto loser;
-#ifndef XP_PC
- }
-#endif
- }
- if(!nocertdb) { /* don't open cert and key db if -nocertdb */
- if(PR_Access(keydbname, PR_ACCESS_READ_OK) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR],
- keydbname);
- retval=FILE_NOT_READABLE_ERR;
- goto loser;
- }
- if(PR_Access(certdbname, PR_ACCESS_READ_OK) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR],
- certdbname);
- retval=FILE_NOT_READABLE_ERR;
- goto loser;
- }
- }
-
- /* Check for write access if we'll be making changes */
- if( !readOnly ) {
- if(PR_Access(moddbname, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR],
- moddbname);
- retval=FILE_NOT_WRITEABLE_ERR;
- goto loser;
- }
- if(!nocertdb) { /* don't open key and cert db if -nocertdb */
- if(PR_Access(keydbname, PR_ACCESS_WRITE_OK)
- != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR],
- keydbname);
- retval=FILE_NOT_WRITEABLE_ERR;
- goto loser;
- }
- if(PR_Access(certdbname, PR_ACCESS_WRITE_OK)
- != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR],
- certdbname);
- retval=FILE_NOT_WRITEABLE_ERR;
- goto loser;
- }
- }
- }
- PR_fprintf(PR_STDOUT, msgStrings[USING_DBDIR_MSG],
- SECU_ConfigDirectory(NULL));
- }
- SEC_Init();
-
- /* Open/create key database */
- RNG_RNGInit(); /* This is required before SECU_OpenKeyDB */
- if(!nocertdb) {
- if(create) PR_fprintf(PR_STDOUT, msgStrings[CREATING_DB_MSG],
- keydbname);
- if(SECU_OpenKeyDB(readOnly) == NULL) {
- PR_fprintf(PR_STDERR, "\n");
- PR_fprintf(PR_STDERR, errStrings[DB_ACCESS_ERR], keydbname);
- retval=DB_ACCESS_ERR;
- goto loser;
- }
- if(create) PR_fprintf(PR_STDOUT, msgStrings[DONE_MSG]);
- }
-
- /* Open/create cert database */
- if(!nocertdb) {
- if(create) PR_fprintf(PR_STDOUT, msgStrings[CREATING_DB_MSG],
- certdbname);
- if(SECU_OpenCertDB(readOnly) == NULL) {
- PR_fprintf(PR_STDERR, "\n");
- PR_fprintf(PR_STDERR, errStrings[DB_ACCESS_ERR], certdbname);
- retval=DB_ACCESS_ERR;
- goto loser;
- }
- if(create) PR_fprintf(PR_STDOUT, msgStrings[DONE_MSG]);
- }
-
- /* Open/create module database */
- if(create) PR_fprintf(PR_STDOUT, msgStrings[CREATING_DB_MSG], moddbname);
- SECMOD_init(moddbname);
- if(create) PR_fprintf(PR_STDOUT, msgStrings[DONE_MSG]);
-
- retval=SUCCESS;
-loser:
- if(free_moddbname) {
- PR_Free(moddbname);
- }
- return retval;
-}
-
-/*************************************************************************
- *
- * u s a g e
- */
-static void
-usage()
-{
- PR_fprintf(PR_STDOUT,
-"\nNetscape Cryptographic Module Utility\n"
-"Usage: modutil [command] [options]\n\n"
-" COMMANDS\n"
-"---------------------------------------------------------------------------\n"
-"-add MODULE_NAME Add the named module to the module database\n"
-" -libfile LIBRARY_FILE The name of the file (.so or .dll)\n"
-" containing the implementation of PKCS #11\n"
-" [-ciphers CIPHER_LIST] Enable the given ciphers on this module\n"
-" [-mechanisms MECHANISM_LIST] Make the module a default provider of the\n"
-" given mechanisms\n"
-"-changepw TOKEN Change the password on the named token\n"
-" [-pwfile FILE] The old password is in this file\n"
-" [-newpwfile FILE] The new password is in this file\n"
-"-create Create a new set of security databases\n"
-"-default MODULE Make the given module a default provider\n"
-" -mechanisms MECHANISM_LIST of the given mechanisms\n"
-" [-slot SLOT] limit change to only the given slot\n"
-"-delete MODULE Remove the named module from the module\n"
-" database\n"
-"-disable MODULE Disable the named module\n"
-" [-slot SLOT] Disable only the named slot on the module\n"
-"-enable MODULE Enable the named module\n"
-" [-slot SLOT] Enable only the named slot on the module\n"
-"-fips [ true | false ] If true, enable FIPS mode. If false,\n"
-" disable FIPS mode\n"
-"-force Do not run interactively\n"
-"-jar JARFILE Install a PKCS #11 module from the given\n"
-" JAR file in the PKCS #11 JAR format\n"
-" -installdir DIR Use DIR as the root directory of the\n"
-" installation\n"
-" [-tempdir DIR] Use DIR as the temporary installation\n"
-" directory. If not specified, the current\n"
-" directory is used\n"
-"-list [MODULE] Lists information about the specified module\n"
-" or about all modules if none is specified\n"
-"-undefault MODULE The given module is NOT a default provider\n"
-" -mechanisms MECHANISM_LIST of the listed mechanisms\n"
-" [-slot SLOT] limit change to only the given slot\n"
-"---------------------------------------------------------------------------\n"
-"\n"
-" OPTIONS\n"
-"---------------------------------------------------------------------------\n"
-"-dbdir DIR Directory DIR contains the security databases\n"
-"-nocertdb Do not load certificate or key databases. No\n"
-" verification will be performed on JAR files.\n"
-"---------------------------------------------------------------------------\n"
-"\n"
-"Mechanism lists are colon-separated. The following mechanisms are recognized:\n"
-"RSA, DSA, RC2, RC4, RC5, DES, DH, FORTEZZA, SHA1, MD5, MD2, SSL, TLS, RANDOM,\n"
-" FRIENDLY\n"
-"\n"
-"Cipher lists are colon-separated. The following ciphers are recognized:\n"
-"FORTEZZA\n"
-"\nQuestions or bug reports should be sent to modutil-support@netscape.com.\n"
-);
-
-}
-
-/*************************************************************************
- *
- * m a i n
- */
-int
-main(int argc, char *argv[])
-{
- int errcode = SUCCESS;
- PRBool createdb, readOnly;
-#define STDINBUF_SIZE 80
- char stdinbuf[STDINBUF_SIZE];
-
- PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
-
- if(parse_args(argc, argv) != SUCCESS) {
- usage();
- errcode = INVALID_USAGE_ERR;
- goto loser;
- }
-
- if(verify_params() != SUCCESS) {
- usage();
- errcode = INVALID_USAGE_ERR;
- goto loser;
- }
-
- if(command==NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[NO_COMMAND_ERR]);
- usage();
- errcode = INVALID_USAGE_ERR;
- goto loser;
- }
-
- /* Set up crypto stuff */
- createdb = command==CREATE_COMMAND;
- readOnly = command==LIST_COMMAND;
-
- /* Make sure browser is not running if we're writing to a database */
- /* Do this before initializing crypto */
- if(!readOnly && !force) {
- char *response;
-
- PR_fprintf(PR_STDOUT, msgStrings[BROWSER_RUNNING_MSG]);
- if( ! PR_fgets(stdinbuf, STDINBUF_SIZE, PR_STDIN)) {
- PR_fprintf(PR_STDERR, errStrings[STDIN_READ_ERR]);
- errcode = STDIN_READ_ERR;
- goto loser;
- }
- if( (response=strtok(stdinbuf, " \r\n\t")) ) {
- if(!PL_strcasecmp(response, "q")) {
- PR_fprintf(PR_STDOUT, msgStrings[ABORTING_MSG]);
- errcode = SUCCESS;
- goto loser;
- }
- }
- PR_fprintf(PR_STDOUT, "\n");
- }
-
- errcode = init_crypto(createdb, readOnly);
- if( errcode != SUCCESS) {
- goto loser;
- }
-
-
- /* Execute the command */
- switch(command) {
- case ADD_COMMAND:
- errcode = AddModule(moduleName, libFile, ciphers, mechanisms);
- break;
- case CHANGEPW_COMMAND:
- errcode = ChangePW(tokenName, pwFile, newpwFile);
- break;
- case CREATE_COMMAND:
- /* The work was already done in init_crypto() */
- break;
- case DEFAULT_COMMAND:
- errcode = SetDefaultModule(moduleName, slotName, mechanisms);
- break;
- case DELETE_COMMAND:
- errcode = DeleteModule(moduleName);
- break;
- case DISABLE_COMMAND:
- errcode = EnableModule(moduleName, slotName, PR_FALSE);
- break;
- case ENABLE_COMMAND:
- errcode = EnableModule(moduleName, slotName, PR_TRUE);
- break;
- case FIPS_COMMAND:
- errcode = FipsMode(fipsArg);
- break;
- case JAR_COMMAND:
- Pk11Install_SetErrorHandler(install_error);
- errcode = Pk11Install_DoInstall(jarFile, installDir, tempDir,
- PR_STDOUT, force, nocertdb);
- break;
- case LIST_COMMAND:
- if(moduleName) {
- errcode = ListModule(moduleName);
- } else {
- errcode = ListModules();
- }
- break;
- case UNDEFAULT_COMMAND:
- errcode = UnsetDefaultModule(moduleName, slotName, mechanisms);
- break;
- default:
- PR_fprintf(PR_STDERR, "This command is not supported yet.\n");
- errcode = INVALID_USAGE_ERR;
- break;
- }
-
-loser:
- PR_Cleanup();
- return errcode;
-}
-
-/************************************************************************
- *
- * i n s t a l l _ e r r o r
- *
- * Callback function to handle errors in PK11 JAR file installation.
- */
-static void
-install_error(char *message)
-{
- PR_fprintf(PR_STDERR, "Install error: %s\n", message);
-}
-
-/*************************************************************************
- *
- * o u t _ o f _ m e m o r y
- */
-void
-out_of_memory(void)
-{
- PR_fprintf(PR_STDERR, errStrings[OUT_OF_MEM_ERR]);
- exit(OUT_OF_MEM_ERR);
-}
-
-
-/**************************************************************************
- *
- * P R _ f g e t s
- *
- * fgets implemented with NSPR.
- */
-static char*
-PR_fgets(char *buf, int size, PRFileDesc *file)
-{
- int i;
- int status;
- char c;
-
- i=0;
- while(i < size-1) {
- status = PR_Read(file, (void*) &c, 1);
- if(status==-1) {
- return NULL;
- } else if(status==0) {
- break;
- }
- buf[i++] = c;
- if(c=='\n') {
- break;
- }
- }
- buf[i]='\0';
-
- return buf;
-}
diff --git a/security/nss/cmd/modutil/modutil.h b/security/nss/cmd/modutil/modutil.h
deleted file mode 100644
index 16c58fb49..000000000
--- a/security/nss/cmd/modutil/modutil.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef MODUTIL_H
-#define MODUTIL_H
-
-#include <stdio.h>
-#include <prio.h>
-#include <prprf.h>
-#include <prinit.h>
-#include <prmem.h>
-#include <plarena.h>
-#include <string.h>
-#include <seccomon.h>
-#include <secmod.h>
-#include <secutil.h>
-
-#include <prlock.h>
-
-#include "error.h"
-
-Error FipsMode(char *arg);
-Error AddModule(char *moduleName, char *libFile, char *ciphers,
- char *mechanisms);
-Error DeleteModule(char *moduleName);
-Error ListModule(char *moduleName);
-Error ListModules();
-Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
-Error EnableModule(char *moduleName, char *slotName, PRBool enable);
-Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
-Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
-void out_of_memory(void);
-
-#endif /*MODUTIL_H*/
diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c
deleted file mode 100644
index ce922424c..000000000
--- a/security/nss/cmd/modutil/pk11.c
+++ /dev/null
@@ -1,808 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "modutil.h"
-#include "secmodti.h"
-#include "pk11func.h"
-
-extern PK11DefaultArrayEntry PK11_DefaultArray[];
-extern int num_pk11_default_mechanisms;
-extern SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo*, PK11DefaultArrayEntry*,
- PRBool);
-
-/*************************************************************************
- *
- * F i p s M o d e
- * If arg=="true", enable FIPS mode on the internal module. If arg=="false",
- * disable FIPS mode on the internal module.
- */
-Error
-FipsMode(char *arg)
-{
-
- char *internal_name;
-
- if(!PORT_Strcasecmp(arg, "true")) {
- if(!PK11_IsFIPS()) {
- internal_name = PR_smprintf("%s",
- SECMOD_GetInternalModule()->commonName);
- if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
- PR_smprintf_free(internal_name);
- PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
- return FIPS_SWITCH_FAILED_ERR;
- }
- PR_smprintf_free(internal_name);
- PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
- } else {
- PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
- return FIPS_ALREADY_ON_ERR;
- }
- } else if(!PORT_Strcasecmp(arg, "false")) {
- if(PK11_IsFIPS()) {
- internal_name = PR_smprintf("%s",
- SECMOD_GetInternalModule()->commonName);
- if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
- PR_smprintf_free(internal_name);
- PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
- return FIPS_SWITCH_FAILED_ERR;
- }
- PR_smprintf_free(internal_name);
- PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
- } else {
- PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]);
- return FIPS_ALREADY_OFF_ERR;
- }
- } else {
- PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
- return INVALID_FIPS_ARG;
- }
-
- return SUCCESS;
-}
-
-/************************************************************************
- * Cipher and Mechanism name-bitmask translation tables
- */
-
-typedef struct {
- char *name;
- unsigned long mask;
-} MaskString;
-
-static MaskString mechanismStrings[] = {
- {"RSA", PUBLIC_MECH_RSA_FLAG},
- {"DSA", PUBLIC_MECH_DSA_FLAG},
- {"RC2", PUBLIC_MECH_RC2_FLAG},
- {"RC4", PUBLIC_MECH_RC4_FLAG},
- {"RC5", PUBLIC_MECH_RC5_FLAG},
- {"DES", PUBLIC_MECH_DES_FLAG},
- {"DH", PUBLIC_MECH_DH_FLAG},
- {"FORTEZZA", PUBLIC_MECH_FORTEZZA_FLAG},
- {"SHA1", PUBLIC_MECH_SHA1_FLAG},
- {"MD5", PUBLIC_MECH_MD5_FLAG},
- {"MD2", PUBLIC_MECH_MD2_FLAG},
- {"SSL", PUBLIC_MECH_SSL_FLAG},
- {"TLS", PUBLIC_MECH_TLS_FLAG},
- {"RANDOM", PUBLIC_MECH_RANDOM_FLAG},
- {"FRIENDLY", PUBLIC_MECH_FRIENDLY_FLAG}
-};
-static int numMechanismStrings = 13;
-
-static MaskString cipherStrings[] = {
- {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG}
-};
-static int numCipherStrings= 1;
-
-/* Maximum length of a colon-separated list of all the strings in an
- * array. */
-#define MAX_STRING_LIST_LEN 240 /* or less */
-
-/************************************************************************
- *
- * g e t F l a g s F r o m S t r i n g
- *
- * Parses a mechanism list passed on the command line and converts it
- * to an unsigned long bitmask.
- * string is a colon-separated string of constants
- * array is an array of MaskStrings.
- * elements is the number of elements in array.
- */
-static unsigned long
-getFlagsFromString(char *string, MaskString array[], int elements)
-{
- unsigned long ret = 0;
- short i = 0;
- char *cp;
- char *buf;
- char *end;
-
- if(!string || !string[0]) {
- return ret;
- }
-
- /* Make a temporary copy of the string */
- buf = PR_Malloc(strlen(string)+1);
- if(!buf) {
- out_of_memory();
- }
- strcpy(buf, string);
-
- /* Look at each element of the list passed in */
- for(cp=buf; cp && *cp; cp = (end ? end+1 : NULL) ) {
- /* Look at the string up to the next colon */
- end = strchr(cp, ':');
- if(end) {
- *end = '\0';
- }
-
- /* Find which element this is */
- for(i=0; i < elements; i++) {
- if( !PORT_Strcasecmp(cp, array[i].name) ) {
- break;
- }
- }
- if(i == elements) {
- /* Skip a bogus string, but print a warning message */
- PR_fprintf(PR_STDERR, errStrings[INVALID_CONSTANT_ERR], cp);
- continue;
- }
- ret |= array[i].mask;
- }
-
- PR_Free(buf);
- return ret;
-}
-
-/**********************************************************************
- *
- * g e t S t r i n g F r o m F l a g s
- *
- * The return string's memory is owned by this function. Copy it
- * if you need it permanently or you want to change it.
- */
-static char *
-getStringFromFlags(unsigned long flags, MaskString array[], int elements)
-{
- static char buf[MAX_STRING_LIST_LEN];
- int i;
- int count=0;
-
- buf[0] = '\0';
- for(i=0; i<elements; i++) {
- if( flags & array[i].mask ) {
- ++count;
- if(count!=1) {
- strcat(buf, ":");
- }
- strcat(buf, array[i].name);
- }
- }
- return buf;
-}
-
-/**********************************************************************
- *
- * A d d M o d u l e
- *
- * Add the named module, with the given library file, ciphers, and
- * default mechanism flags
- */
-Error
-AddModule(char *moduleName, char *libFile, char *cipherString,
- char *mechanismString)
-{
- unsigned long ciphers;
- unsigned long mechanisms;
- SECStatus status;
-
- mechanisms =
- getFlagsFromString(mechanismString, mechanismStrings,
- numMechanismStrings);
- ciphers =
- getFlagsFromString(cipherString, cipherStrings, numCipherStrings);
-
- status =
- SECMOD_AddNewModule(moduleName, libFile,
- SECMOD_PubMechFlagstoInternal(mechanisms),
- SECMOD_PubCipherFlagstoInternal(ciphers) );
-
- if(status != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR], moduleName);
- return ADD_MODULE_FAILED_ERR;
- } else {
- PR_fprintf(PR_STDOUT, msgStrings[ADD_MODULE_SUCCESS_MSG], moduleName);
- return SUCCESS;
- }
-}
-
-/***********************************************************************
- *
- * D e l e t e M o d u l e
- *
- * Deletes the named module from the database.
- */
-Error
-DeleteModule(char *moduleName)
-{
- SECStatus status;
- int type;
-
- status = SECMOD_DeleteModule(moduleName, &type);
-
- if(status != SECSuccess) {
- if(type == SECMOD_FIPS || type == SECMOD_INTERNAL) {
- PR_fprintf(PR_STDERR, errStrings[DELETE_INTERNAL_ERR]);
- return DELETE_INTERNAL_ERR;
- } else {
- PR_fprintf(PR_STDERR, errStrings[DELETE_FAILED_ERR], moduleName);
- return DELETE_FAILED_ERR;
- }
- }
-
- PR_fprintf(PR_STDOUT, msgStrings[DELETE_SUCCESS_MSG], moduleName);
- return SUCCESS;
-}
-
-/************************************************************************
- *
- * L i s t M o d u l e s
- *
- * Lists all the modules in the database, along with their slots and tokens.
- */
-Error
-ListModules()
-{
- SECMODListLock *lock;
- SECMODModuleList *list;
- SECMODModuleList *mlp;
- Error ret=UNSPECIFIED_ERR;
- int count = 0, i;
-
- lock = SECMOD_GetDefaultModuleListLock();
- if(!lock) {
- PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]);
- return NO_LIST_LOCK_ERR;
- }
-
- SECMOD_GetReadLock(lock);
-
- list = SECMOD_GetDefaultModuleList();
- if(!list) {
- PR_fprintf(PR_STDERR, errStrings[NO_MODULE_LIST_ERR]);
- ret = NO_MODULE_LIST_ERR;
- goto loser;
- }
-
- PR_fprintf(PR_STDOUT,
- "\nListing of PKCS #11 Modules\n"
- "-----------------------------------------------------------\n");
-
- for(mlp=list; mlp != NULL; mlp = mlp->next) {
- ++count;
- if(count!=1) {
- PR_fprintf(PR_STDOUT, "\n");
- }
-
- PR_fprintf(PR_STDOUT, "%3d. %s\n", count, mlp->module->commonName);
-
- if(mlp->module->dllName) {
- PR_fprintf(PR_STDOUT, "\tlibrary name: %s\n", mlp->module->dllName);
- }
-
- if(mlp->module->slotCount == 0) {
- PR_fprintf(PR_STDOUT,
- "\t slots: There are no slots attached to this module\n");
- } else {
- PR_fprintf(PR_STDOUT,
- "\t slots: %d slot%s attached\n", mlp->module->slotCount,
- (mlp->module->slotCount==1 ? "" : "s") );
- }
-
- if(mlp->module->loaded == 0) {
- PR_fprintf(PR_STDOUT, "\tstatus: Not loaded\n");
- } else {
- PR_fprintf(PR_STDOUT, "\tstatus: loaded\n");
- }
-
- /* Print slot and token names */
- for (i = 0; i < mlp->module->slotCount; i++) {
- PK11SlotInfo *slot = mlp->module->slots[i];
-
- PR_fprintf(PR_STDOUT, "\n");
- PR_fprintf(PR_STDOUT, "\t slot: %s\n", PK11_GetSlotName(slot));
- PR_fprintf(PR_STDOUT, "\ttoken: %s\n", PK11_GetTokenName(slot));
- }
- }
-
- PR_fprintf(PR_STDOUT,
- "-----------------------------------------------------------\n");
-
- ret = SUCCESS;
-
-loser:
- SECMOD_ReleaseReadLock(lock);
- return ret;
-}
-
-/* Strings describing PK11DisableReasons */
-static int numDisableReasonStr = 5;
-static char *disableReasonStr[] = {
- "no reason",
- "user disabled",
- "could not initialize token",
- "could not verify token",
- "token not present"
-};
-
-/***********************************************************************
- *
- * L i s t M o d u l e
- *
- * Lists detailed information about the named module.
- */
-Error
-ListModule(char *moduleName)
-{
- SECMODModule *module;
- PK11SlotInfo *slot;
- int slotnum;
- CK_INFO modinfo;
- CK_SLOT_INFO slotinfo;
- CK_TOKEN_INFO tokeninfo;
- char *ciphers, *mechanisms;
- PK11DisableReasons reason;
-
- if(!moduleName) {
- return SUCCESS;
- }
-
- module = SECMOD_FindModule(moduleName);
- if(!module) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
- return NO_SUCH_MODULE_ERR;
- }
-
- if(PK11_GetModInfo(module, &modinfo) != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[MOD_INFO_ERR], moduleName);
- return MOD_INFO_ERR;
- }
-
- /* Module info */
- PR_fprintf(PR_STDOUT,
- "\n-----------------------------------------------------------\n");
- PR_fprintf(PR_STDOUT, "Name: %s\n", module->commonName);
- if(module->internal || !module->dllName) {
- PR_fprintf(PR_STDOUT, "Library file: **Internal ONLY module**\n");
- } else {
- PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName);
- }
-
- PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID);
- PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription);
- PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n",
- modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor);
- PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n",
- modinfo.libraryVersion.major, modinfo.libraryVersion.minor);
-
- /* Get cipher and mechanism flags */
- ciphers = getStringFromFlags(module->ssl[0], cipherStrings,
- numCipherStrings);
- if(ciphers[0] == '\0') {
- ciphers = "None";
- }
- PR_fprintf(PR_STDOUT, "Cipher Enable Flags: %s\n", ciphers);
- mechanisms = NULL;
- if(module->slotCount > 0) {
- mechanisms = getStringFromFlags(module->slots[0]->defaultFlags,
- mechanismStrings, numMechanismStrings);
- }
- if(mechanisms[0] =='\0') {
- mechanisms = "None";
- }
- PR_fprintf(PR_STDOUT, "Default Mechanism Flags: %s\n", mechanisms);
-
-#define PAD " "
-
- /* Loop over each slot */
- for(slotnum=0; slotnum < module->slotCount; slotnum++) {
- slot = module->slots[slotnum];
- if(PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR],
- PK11_GetSlotName(slot));
- return SLOT_INFO_ERR;
- }
- if(PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR],
- slot->token_name);
- return TOKEN_INFO_ERR;
- }
-
- /* Slot Info */
- PR_fprintf(PR_STDOUT, "\n"PAD"Slot: %s\n", PK11_GetSlotName(slot));
- mechanisms = getStringFromFlags(slot->defaultFlags,
- mechanismStrings, numMechanismStrings);
- if(mechanisms[0] =='\0') {
- mechanisms = "None";
- }
- PR_fprintf(PR_STDOUT, PAD"Slot Mechanism Flags: %s\n", mechanisms);
- PR_fprintf(PR_STDOUT, PAD"Manufacturer: %.32s\n",
- slotinfo.manufacturerID);
- if(slot->isHW) {
- PR_fprintf(PR_STDOUT, PAD"Type: Hardware\n");
- } else {
- PR_fprintf(PR_STDOUT, PAD"Type: Software\n");
- }
- PR_fprintf(PR_STDOUT, PAD"Version Number: %d.%d\n",
- slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor);
- PR_fprintf(PR_STDOUT, PAD"Firmware Version: %d.%d\n",
- slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor);
- if(slot->disabled) {
- reason = PK11_GetDisabledReason(slot);
- if(reason < numDisableReasonStr) {
- PR_fprintf(PR_STDOUT, PAD"Status: DISABLED (%s)\n",
- disableReasonStr[reason]);
- } else {
- PR_fprintf(PR_STDOUT, PAD"Status: DISABLED\n");
- }
- } else {
- PR_fprintf(PR_STDOUT, PAD"Status: Enabled\n");
- }
-
- /* Token Info */
- PR_fprintf(PR_STDOUT, PAD"Token Name: %.32s\n",
- tokeninfo.label);
- PR_fprintf(PR_STDOUT, PAD"Token Manufacturer: %.32s\n",
- tokeninfo.manufacturerID);
- PR_fprintf(PR_STDOUT, PAD"Token Model: %.16s\n", tokeninfo.model);
- PR_fprintf(PR_STDOUT, PAD"Token Serial Number: %.16s\n",
- tokeninfo.serialNumber);
- PR_fprintf(PR_STDOUT, PAD"Token Version: %d.%d\n",
- tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor);
- PR_fprintf(PR_STDOUT, PAD"Token Firmware Version: %d.%d\n",
- tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor);
- if(tokeninfo.flags & CKF_WRITE_PROTECTED) {
- PR_fprintf(PR_STDOUT, PAD"Access: Write Protected\n");
- } else {
- PR_fprintf(PR_STDOUT, PAD"Access: NOT Write Protected\n");
- }
- if(tokeninfo.flags & CKF_LOGIN_REQUIRED) {
- PR_fprintf(PR_STDOUT, PAD"Login Type: Login required\n");
- } else {
- PR_fprintf(PR_STDOUT, PAD
- "Login Type: Public (no login required)\n");
- }
- if(tokeninfo.flags & CKF_USER_PIN_INITIALIZED) {
- PR_fprintf(PR_STDOUT, PAD"User Pin: Initialized\n");
- } else {
- PR_fprintf(PR_STDOUT, PAD"User Pin: NOT Initialized\n");
- }
- }
- PR_fprintf(PR_STDOUT,
- "\n-----------------------------------------------------------\n");
- return SUCCESS;
-}
-
-/************************************************************************
- *
- * C h a n g e P W
- */
-Error
-ChangePW(char *tokenName, char *pwFile, char *newpwFile)
-{
- char *oldpw=NULL, *newpw=NULL, *newpw2=NULL;
- PK11SlotInfo *slot;
- Error ret=UNSPECIFIED_ERR;
- PRBool matching;
-
- slot = PK11_FindSlotByName(tokenName);
- if(!slot) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName);
- return NO_SUCH_TOKEN_ERR;
- }
-
- PK11_SetPasswordFunc(SECU_GetModulePassword);
-
- /* Get old password */
- if(! PK11_NeedUserInit(slot)) {
- if(pwFile) {
- oldpw = SECU_GetPasswordString(pwFile, "");
- if(PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]);
- ret=BAD_PW_ERR;
- goto loser;
- }
- } else {
- for(matching=PR_FALSE; !matching; ) {
- oldpw = SECU_GetPasswordString(NULL, "Enter old password: ");
- if(PK11_CheckUserPassword(slot, oldpw) == SECSuccess) {
- matching = PR_TRUE;
- } else {
- PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]);
- }
- }
- }
- }
-
- /* Get new password */
- if(newpwFile) {
- newpw = SECU_GetPasswordString(newpwFile, "");
- } else {
- for(matching=PR_FALSE; !matching; ) {
- newpw = SECU_GetPasswordString(NULL, "Enter new password: ");
- newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: ");
- if(strcmp(newpw, newpw2)) {
- PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]);
- } else {
- matching = PR_TRUE;
- }
- }
- }
-
- /* Change the password */
- if(PK11_NeedUserInit(slot)) {
- if(PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
- ret = CHANGEPW_FAILED_ERR;
- goto loser;
- }
- } else {
- if(PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
- ret = CHANGEPW_FAILED_ERR;
- goto loser;
- }
- }
-
- PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName);
- ret = SUCCESS;
-
-loser:
- if(oldpw) {
- memset(oldpw, 0, strlen(oldpw));
- PORT_Free(oldpw);
- }
- if(newpw) {
- memset(newpw, 0, strlen(newpw));
- PORT_Free(newpw);
- }
- if(newpw2) {
- memset(newpw2, 0, strlen(newpw));
- PORT_Free(newpw2);
- }
- return ret;
-}
-
-/***********************************************************************
- *
- * E n a b l e M o d u l e
- *
- * If enable==PR_TRUE, enables the module or slot.
- * If enable==PR_FALSE, disables the module or slot.
- * moduleName is the name of the module.
- * slotName is the name of the slot. It is optional.
- */
-Error
-EnableModule(char *moduleName, char *slotName, PRBool enable)
-{
- int i;
- SECMODModule *module;
- PK11SlotInfo *slot = NULL;
- PRBool found = PR_FALSE;
-
- module = SECMOD_FindModule(moduleName);
- if(!module) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
- return NO_SUCH_MODULE_ERR;
- }
-
- for(i=0; i < module->slotCount; i++) {
- slot = module->slots[i];
- if(slotName && strcmp(PK11_GetSlotName(slot), slotName)) {
- /* Not the right slot */
- continue;
- }
- if(enable) {
- if(! PK11_UserEnableSlot(slot)) {
- PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
- "enable", PK11_GetSlotName(slot));
- return ENABLE_FAILED_ERR;
- } else {
- found = PR_TRUE;
- PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
- PK11_GetSlotName(slot), "enabled");
- }
- } else {
- if(! PK11_UserDisableSlot(slot)) {
- PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
- "disable", PK11_GetSlotName(slot));
- return ENABLE_FAILED_ERR;
- } else {
- found = PR_TRUE;
- PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
- PK11_GetSlotName(slot), "disabled");
- }
- }
- }
-
- if(slotName && !found) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
- return NO_SUCH_SLOT_ERR;
- }
-
- /* Delete and re-add module to save changes */
- if( SECMOD_DeletePermDB(module) != SECSuccess ) {
- PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName);
- return UPDATE_MOD_FAILED_ERR;
- }
- if( SECMOD_AddPermDB(module) != SECSuccess ) {
- /* We're in big trouble here */
- PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName);
- return UPDATE_MOD_FAILED_ERR;
- }
-
- return SUCCESS;
-}
-
-/*************************************************************************
- *
- * S e t D e f a u l t M o d u l e
- *
- */
-Error
-SetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
-{
- SECMODModule *module;
- PK11SlotInfo *slot;
- int s, i;
- unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
- numMechanismStrings);
- PRBool found = PR_FALSE;
- Error errcode = UNSPECIFIED_ERR;
-
- mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
-
- module = SECMOD_FindModule(moduleName);
- if(!module) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
- errcode = NO_SUCH_MODULE_ERR;
- goto loser;
- }
-
- /* Go through each slot */
- for(s=0; s < module->slotCount; s++) {
- slot = module->slots[s];
-
- if ((slotName != NULL) &&
- !((strcmp(PK11_GetSlotName(slot),slotName) == 0) ||
- (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) {
- /* we are only interested in changing the one slot */
- continue;
- }
-
- found = PR_TRUE;
-
- /* Go through each mechanism */
- for(i=0; i < num_pk11_default_mechanisms; i++) {
- if(PK11_DefaultArray[i].flag & mechFlags) {
- /* Enable this default mechanism */
- PK11_UpdateSlotAttribute(slot, &(PK11_DefaultArray[i]),
- PR_TRUE);
- }
- }
- }
- if (slotName && !found) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
- errcode = NO_SUCH_SLOT_ERR;
- goto loser;
- }
-
- /* Delete and re-add module to save changes */
- if( SECMOD_DeletePermDB(module) != SECSuccess ) {
- PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR],
- moduleName);
- errcode = DEFAULT_FAILED_ERR;
- goto loser;
- }
- if( SECMOD_AddPermDB(module) != SECSuccess ) {
- /* We're in big trouble here */
- PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR],
- moduleName);
- errcode = DEFAULT_FAILED_ERR;
- goto loser;
- }
-
- PR_fprintf(PR_STDOUT, msgStrings[DEFAULT_SUCCESS_MSG]);
-
- errcode = SUCCESS;
-loser:
- return errcode;
-}
-
-/************************************************************************
- *
- * U n s e t D e f a u l t M o d u l e
- */
-Error
-UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
-{
- SECMODModule * module;
- PK11SlotInfo *slot;
- int s, i;
- unsigned long mechFlags = getFlagsFromString(mechanisms,
- mechanismStrings, numMechanismStrings);
- PRBool found = PR_FALSE;
-
- mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
-
- module = SECMOD_FindModule(moduleName);
- if(!module) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
- return NO_SUCH_MODULE_ERR;
- }
-
- for(s=0; s < module->slotCount; s++) {
- slot = module->slots[s];
- if ((slotName != NULL) &&
- !((strcmp(PK11_GetSlotName(slot),slotName) == 0) ||
- (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) {
- /* we are only interested in changing the one slot */
- continue;
- }
- for(i=0; i <num_pk11_default_mechanisms; i++) {
- if(PK11_DefaultArray[i].flag & mechFlags) {
- PK11_UpdateSlotAttribute(slot, &(PK11_DefaultArray[i]),
- PR_FALSE);
- }
- }
- }
- if (slotName && !found) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
- return NO_SUCH_SLOT_ERR;
- }
-
- /* Delete and re-add module to save changes */
- if( SECMOD_DeletePermDB(module) != SECSuccess ) {
- PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR],
- moduleName);
- return UNDEFAULT_FAILED_ERR;
- }
- if( SECMOD_AddPermDB(module) != SECSuccess ) {
- /* We're in big trouble here */
- PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR],
- moduleName);
- return UNDEFAULT_FAILED_ERR;
- }
-
- PR_fprintf(PR_STDOUT, msgStrings[UNDEFAULT_SUCCESS_MSG]);
- return SUCCESS;
-}
diff --git a/security/nss/cmd/modutil/pk11jar.html b/security/nss/cmd/modutil/pk11jar.html
deleted file mode 100644
index 9440db014..000000000
--- a/security/nss/cmd/modutil/pk11jar.html
+++ /dev/null
@@ -1,309 +0,0 @@
-<html>
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-<head>
-<title>PKCS #11 JAR Format</title>
-</head>
-<body bgcolor=white text=black link=blue vlink=purple alink=red>
-<center><h1>PKCS #11 JAR Format</h1></center>
-
-<p>PKCS #11 modules can be packaged into JAR files that support automatic
-installation onto the filesystem and into the security module database.
-The JAR file should contain:
-<ul>
-<li>All files that will be installed onto the target machine. This will
-include at least the PKCS #11 module library file (.DLL or .so), and
-may also include any other file that should be installed (such as
-documentation).
-<li>A script to perform the installation.
-</ul>
-The script can be in one of two forms. If the JAR file is to be
-run by Communicator (or any program that interprets Javascript), the
-instructions will be in the form of a SmartUpdate script.
-<a href="http://devedge/library/documentation/security/jmpkcs/">Documentation
-</a> on creating this script can be found on DevEdge.
-
-<p>If the
-JAR file is to be run by a server, modutil, or any other program that
-doesn't interpret Javascript, a special information file must be included
-in the format described in this document.
-
-<h2>Declaring the Script in the Manifest File</h2>
-The script can have any name, but it must be declared in the manifest file
-of the JAR archive. The metainfo tag for this is
-<code>Pkcs11_install_script</code>. Meta-information is put in the manifest
-file by putting it in a file which is passed to
-<a href="http://developer.netscape.com/software/index_frame.html?content=signedobj/jarpack.html#signtool1.3">Signtool</a>. For example,
-suppose the PKCS #11 installer script is in the file <code>pk11install</code>.
-In Signtool's metainfo file, you would have a line like this:
-<blockquote><pre>
-+ Pkcs11_install_script: pk11install
-</pre></blockquote>
-
-<h2>Sample Script File</h2>
-<blockquote><pre>
-ForwardCompatible { IRIX:6.2:mips Solaris:5.5.1:sparc }
-Platforms {
- WINNT::x86 {
- ModuleName { "Fortezza Module" }
- ModuleFile { win32/fort32.dll }
- DefaultMechanismFlags{0x0001}
- DefaultCipherFlags{0x0001}
- Files {
- win32/setup.exe {
- Executable
- RelativePath { %temp%/setup.exe }
- }
- win32/setup.hlp {
- RelativePath { %temp%/setup.hlp }
- }
- win32/setup.cab {
- RelativePath { %temp%/setup.cab }
- }
- }
- }
- WIN95::x86 {
- EquivalentPlatform {WINNT::x86}
- }
- Solaris:5.5.1:sparc {
- ModuleName { "Fortezza UNIX Module" }
- ModuleFile { unix/fort.so }
- DefaultMechanismFlags{0x0001}
- CipherEnableFlags{0x0001}
- Files {
- unix/fort.so {
- RelativePath{%root%/lib/fort.so}
- AbsolutePath{/usr/local/netscape/lib/fort.so}
- FilePermissions{555}
- }
- xplat/instr.html {
- RelativePath{%root%/docs/inst.html}
- AbsolutePath{/usr/local/netscape/docs/inst.html}
- FilePermissions{555}
- }
- }
- }
- IRIX:6.2:mips {
- EquivalentPlatform { Solaris:5.5.1:sparc }
- }
-}
-</pre></blockquote>
-
-<hr>
-
-<h2>Script File Grammar</h2>
-<blockquote><pre>
---> <i>valuelist</i>
-
-<i>valuelist</i> --> <i>value</i> <i>valuelist</i>
-<i> </i> <i>&lt;null&gt;</i>
-
-<i>value</i> --> <i>key_value_pair</i>
-<i> </i> <i>string</i>
-
-<i>key_value_pair</i> --> <i>key</i> { <i>valuelist</i> }
-
-<i>key</i> --> <i>string</i>
-
-<i>string</i> --> <i>simple_string</i>
-<i> </i> "<i>complex_string</i>"
-
-<i>simple_string</i> --> [^ \t\n\""{""}"]+ <font size=-1><i>(no whitespace, quotes, or braces)</i></font>
-
-<i>complex_string</i> --> ([^\"\\\r\n]|(\\\")|(\\\\))+ <font size=-1><i>(quotes and backslashes must be escaped with a backslash, no newlines or carriage returns are allowed in the string)</i></font>
-</pre></blockquote>
-Outside of complex strings, all whitespace (space, tab, newline) is considered
-equal and is used only to delimit tokens.
-
-<hr>
-
-<h2>Keys</h2>
-Keys are case-insensitive.
-<h3>Global Keys</h3>
-<dl>
-<dt><code>ForwardCompatible</code>
-<dd>Gives a list of platforms that are forward compatible. If the current
-platform cannot be found in the list of supported platforms, then the
-ForwardCompatible list will be checked for any platforms that have the same
-OS and architecture and an earlier version. If one is found, its
-attributes will be used for the current platform.
-<dt><code>Platforms</code> (<i>required</i>)
-<dd>Gives a list of platforms. Each entry in the list is itself a key-value
-pair:
-the key is the name of the platform, and the valuelist contains various
-attributes of the platform. The ModuleName, ModuleFile, and Files attributes
-must be specified, unless an EquivalentPlatform attribute is specified.
-The platform string is in the following
-format: <u><i>system name</i></u>:<u><i>os release</i></u>:<u><i>architecture</i></u>. The installer
-will obtain these values from NSPR. <u><i>os release</i></u> is an empty
-string on non-UNIX operating systems. The following system names and platforms
-are currently defined by NSPR:<code>
-<ul>
-<li>AIX (rs6000)
-<li>BSDI (x86)
-<li>FREEBSD (x86)
-<li>HPUX (hppa1.1)
-<li>IRIX (mips)
-<li>LINUX (ppc, alpha, x86)
-<li>MacOS (PowerPC) </code>(<i>Note: NSPR actually defines the OS as
-"</i><code>Mac OS</code><i>". The
-space makes the name unsuitable for being embedded in identifiers. Until
-NSPR changes, you will have to add some special code to deal with this case.
-</i>)<code>
-<li>NCR (x86)
-<li>NEC (mips)
-<li>OS2 (x86)
-<li>OSF (alpha)
-<li>ReliantUNIX (mips)
-<li>SCO (x86)
-<li>SOLARIS (sparc)
-<li>SONY (mips)
-<li>SUNOS (sparc)
-<li>UnixWare (x86)
-<li>WIN16 (x86)
-<li>WIN95 (x86)
-<li>WINNT (x86)
-</ul>
-</code>
-Examples of valid platform strings: <code>IRIX:6.2:mips, Solaris:5.5.1:sparc,
-Linux:2.0.32:x86, WIN95::x86</code>.
-</dl>
-
-<h3>Per-Platform Keys</h3>
-These keys only have meaning within the value list of an entry in
-the <code>Platforms</code> list.
-<dl>
-<dt><code>ModuleName</code> (<i>required</i>)
-<dd>Gives the common name for the module. This name will be used to
-reference the module from Communicator, modutil, servers, or any other
-program that uses the Netscape security module database.
-<dt><code>ModuleFile</code> (<i>required</i>)
-<dd>Names the PKCS #11 module file (DLL or .so) for this platform. The name
-is given as the relative path of the file within the JAR archive.
-<dt><code>Files</code> (<i>required</i>)
-<dd>Lists the files that should be installed for this module. Each entry
-in the file list is a key-value pair: the key is the path of the file in
-the JAR archive, and
-the valuelist contains attributes of the file. At least RelativePath and
-AbsoluteDir must be specified in this valuelist.
-<dt><code>DefaultMechanismFlags</code>
-<dd>This key-value pair specifies
-of which mechanisms this module will be a default provider. It is a bitstring
-specified in hexadecimal (0x) format. It is constructed as a bitwise OR
-of the following constants. If the <code>DefaultMechanismFlags</code>
-entry is omitted, the value will default to 0x0.
-<blockquote><pre>
-RSA: 0x0000 0001
-DSA: 0x0000 0002
-RC2: 0x0000 0004
-RC4: 0x0000 0008
-DES: 0x0000 0010
-DH: 0x0000 0020
-FORTEZZA: 0x0000 0040
-RC5: 0x0000 0080
-SHA1: 0x0000 0100
-MD5: 0x0000 0200
-MD2: 0x0000 0400
-RANDOM: 0x0800 0000
-FRIENDLY: 0x1000 0000
-OWN_PW_DEFAULTS: 0x2000 0000
-DISABLE: 0x4000 0000
-</pre></blockquote>
-<dt><code>CipherEnableFlags</code>
-<dd>This key-value pair specifies
-which SSL ciphers will be enabled. It is a bitstring specified in
-hexadecimal (0x) format. It is constructed as a bitwise OR of the following
-constants. If the <code>CipherEnableFlags</code> entry is omitted, the
-value will default to 0x0.
-<blockquote><pre>
-FORTEZZA: 0x0000 0001
-</pre></blockquote>
-<dt><code>EquivalentPlatform</code>
-<dd>Specifies that the attributes of the named platform should also be used
-for the current platform. Saves typing when there is more than one platform
-that uses the same settings.
-</dl>
-
-<h3>Per-File Keys</h3>
-These keys only have meaning within the valuelist of an entry in a
-<code>Files</code> list. At least one of <code>RelativePath</code> and
-<code>AbsolutePath</code> must be specified. If both are specified, the
-relative path will be tried first and the absolute path used only if no
-relative root directory is provided by the installer program.
-<dl>
-<dt><code>RelativePath</code>
-<dd>Specifies the destination directory of the file, relative to some directory
-decided at install-time. Two variables can be used in the relative
-path, "%root%" and "%temp%". "%root%" will be replaced at run-time with
-the directory relative to which files should be installed; for
-example, it may be the server's root directory or Communicator's root
-directory. "%temp%" is a directory that will be created at the beginning
-of the installation and destroyed at the end of the installation. Its purpose
-is to hold executable files (such as setup programs), or files that are
-used by these programs. For example, a Windows installation might consist
-of a <code>setup.exe</code> installation program, a help file, and a .cab file
-containing compressed information. All these files could be installed into the
-temporary directory. Files destined for the temporary directory are guaranteed
-to be in place before any executable file is run, and will not be deleted
-until all executable files have finished.
-<dt><code>AbsoluteDir</code>
-<dd>Specifies the destination directory of the file as an absolute path.
-This will only be used if the installer is unable to determine a
-relative directory.
-<dt><code>Executable</code>
-<dd>This string specifies that the file is to be executed during the
-course of the
-installation. Typically this would be used for a setup program provided
-by a module vendor, such as a self-extracting <code>setup.exe</code>.
-More than one file can be specified as executable, in which case they will
-be run in the order they are specified in the script file.
-<dt><code>FilePermissions</code>
-<dd>This string is interpreted as a string of octal digits, according to the
-standard UNIX format. It is a bitwise OR of the following constants:
-<blockquote><pre>
-user read: 400
-user write: 200
-user execute: 100
-group read: 040
-group write: 020
-group execute: 010
-other read: 004
-other write: 002
-other execute: 001
-</pre></blockquote>
-Some platforms may not understand these permissions. They will only be
-applied insofar as makes sense for the current platform. If this attribute
-is omitted, a default of 777 is assumed.
-
-</body>
-</html>
diff --git a/security/nss/cmd/modutil/rules.mk b/security/nss/cmd/modutil/rules.mk
deleted file mode 100644
index c22175ffd..000000000
--- a/security/nss/cmd/modutil/rules.mk
+++ /dev/null
@@ -1,46 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-generate: installparse.c installparse.l
-
-installparse.c:
- yacc -p Pk11Install_yy -d installparse.y
- mv y.tab.c installparse.c
- mv y.tab.h installparse.h
-
-installparse.l:
- lex -olex.Pk11Install_yy.c -PPk11Install_yy installparse.l
- @echo
- @echo "**YOU MUST COMMENT OUT UNISTD.H FROM lex.Pk11Install_yy.cpp**"
-
-install.c: install-ds.h install.h
diff --git a/security/nss/cmd/modutil/specification.html b/security/nss/cmd/modutil/specification.html
deleted file mode 100644
index 48a1ab7cd..000000000
--- a/security/nss/cmd/modutil/specification.html
+++ /dev/null
@@ -1,351 +0,0 @@
-<html>
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-<head>
-<title>Modutil Specification</title>
-</head>
-<body bgcolor=white fgcolor=black>
-<center><h1>PKCS #11 Module Management Utility
-<br><i>Specification</i></h1></center>
-
-<!---------------------------------------------------------------------->
-<!-------------------------- capabilities ------------------------------>
-<!---------------------------------------------------------------------->
-<h2>Capabilities</h2>
-<ul>
-<li>Add a PKCS #11 module, specifying a name and library file.
-(<a href="#add">-add</a>)
-<li>Add a PKCS #11 module from a server-formatted JAR file.
-(<a href="#jar">-jar</a>)
-<li>Change the password on or initialize a token.
-(<a href="#changepw">-changepw</a>)
-<li>Create databases (secmod[ule].db, key3.db, cert7.db) from scratch.
-(<a href="#create">-create</a>)
-<li>Switch to and from FIPS-140-1 compliant mode.
-(<a href="#fips">-fips</a>)
-<li>Delete a PKCS #11 module. (<a href="#delete">-delete</a>)
-<li>List installed PKCS #11 modules. (<a href="#list">-list</a>)
-<li>List detailed info on a particular module and its tokens, including
-whether needs login, is hardware, needs user init
-(<a href="#list">-list</a>)
-<li>Specify which modules should be the default provider of various
-cryptographic operations.(<a href="#default">-default</a>,
-<a href="#undefault">-undefault</a>)
-<li>Disable and enable slots, find out whether and why they are disabled.
-(<a href="#disable">-disable</a>, <a href="#enable">-enable</a>,
-<a href="#list">-list</a>)
-</ul>
-
-<hr>
-
-<!---------------------------------------------------------------------->
-<!-------------------------- Usage ------------------------------------->
-<!---------------------------------------------------------------------->
-<h2>Usage</h2>
-<code>modutil [<i>command</i>] [<i>options</i>]</code>
-<p>At most one command can be specified. With no arguments,
-<code>modutil</code> prints a usage message.
-<h3>Commands:</h3>
-<table border>
-<tr bgcolor="#cccccc">
-<th>Command</th><th>Description</th>
-</tr>
-
-<!---------------------------- -add ------------------------------>
-<tr>
-<td> <a name="add"></a>
-<code>-add <u><i>module name</i></u> -libfile <u><i>library file</i></u>
- [-ciphers <u><i>cipher enable list</i></u>]
- [-mechanisms <u><i>default mechanism list</i></u>]
-</code></td>
-<td>Adds a new module to the database with the given name.
-
-<p><u><i>library file</i></u> is the path of the DLL or other library file
-containing the module's implementation of the PKCS #11 interface.
-
-<p><u><i>cipher enable flags</i></u> is a colon-separated list of ciphers
-that will be enabled on this module. The list should be enclosed within quotes
-if necessary to prevent shell interpretation. The following ciphers are
-currently available:
-<ul>
-<li>FORTEZZA
-</ul>
-
-<p><u><i>default mechanism flags</i></u> is a colon-separated list of
-mechanisms for which this module should be the default provider. The
-list should be enclosed within quotes if necessary to prevent shell
-interpretation. <b>This
-list does not enable the mechanisms; it only specifies that this module
-will be a default provider for the listed mechanisms.</b> If more than
-one module claims to be a default provider for a given mechanism, it is
-undefined which will actually be chosen to provide that mechanism. The
-following mechanisms are currently available:
-<ul>
-<li>RSA
-<li>DSA
-<li>RC2
-<li>RC4
-<li>RC5
-<li>DES
-<li>DH
-<li>FORTEZZA
-<li>SHA1
-<li>MD5
-<li>MD2
-<li>RANDOM <i>(random number generation)</i>
-<li>FRIENDLY <i>(certificates are publicly-readable)</i>
-</ul>
-</td>
-</tr>
-
-<!-------------------------- -changepw ------------------------------------->
-<tr>
-<td><a name="changepw"></a><code>-changepw <u><i>token name</i></u>
-[-pwfile <u><i>old password file</i></u>]
-[-newpwfile <u><i>new password file</i></u>]</code></td>
-<td>Changes the password on the named token. If the token has not been
-initialized, this command will initialize the PIN.
-If a password file is given, the password will be read from that file;
-otherwise, the password will be obtained interactively.
-<b>Storing passwords in a file is much less secure than supplying them
-interactively.</b>
-<p>The password on the Netscape internal module cannot be changed if
-the <code>-nocertdb</code> option is specified.
-</td>
-</tr>
-
-<!-------------------------- -create ------------------------------------->
-<tr>
-<td><a name="create"></a><code>-create</code></td>
-<td>Creates a new secmod[ule].db, key3.db, and cert7.db in the directory
-specified with the
-<code>-dbdir</code> option, if one is specified. If no directory is
-specified, UNIX systems will use the user's .netscape directory, while other
-systems will return with an error message. If any of these databases already
-exist in the chosen directory, an error message is returned.
-<p>If used with <code>-nocertdb</code>, only secmod[ule].db will be created;
-cert7.db and key3.db will not be created.
-</td>
-</tr>
-
-<!------------------------------ -default -------------------------------->
-<tr>
-<td> <a name="default"></a> <code>-default <u><i>module name</i></u>
--mechanisms <u><i>mechanism list</i></u></code>
-</td>
-<td>Specifies that the given module will be a default provider of the
-listed mechanisms. The mechanism list is the same as in the <code>-add</code>
-command.
-</td>
-</tr>
-
-<!-------------------------- -delete ------------------------------------->
-<tr>
-<td><a name="delete"></a><code>-delete <u><i>module name</i></u></code></td>
-<td>Deletes the named module from the database</td>
-</tr>
-
-<!-------------------------- -disable ------------------------------------->
-<tr>
-<td> <a name="disable"></a> <code>-disable <u><i>module name</i></u>
-[-slot <u><i>slot name</i></u>]</code></td>
-<td>Disables the named slot. If no slot is specified, all slots on
-the module are disabled.</td>
-</tr>
-
-<!-------------------------- -enable ------------------------------------->
-<tr>
-<td> <a name="enable"></a> <code>-enable <u><i>module name</i></u>
-[-slot <u><i>slot name</i></u>]</code></td>
-<td>Enables the named slot. If no slot is specified, all slots on
-the module are enabled.</td>
-</tr>
-
-<!-------------------------- -fips ------------------------------------->
-<tr>
-<td><a name="fips"></a><code>-fips [true | false]</code></td>
-<td>Enables or disables FIPS mode on the internal module. Passing
-<code>true</code> enables FIPS mode, passing <code>false</code> disables
-FIPS mode.</td>
-</tr>
-
-<!-------------------------- -force ------------------------------------->
-<tr>
-<td><a name="force"></a><code>-force</code></td>
-<td>Disables interactive prompts, so modutil can be run in a script.
-Should only be used by experts, since the prompts may relate to security
-or database integrity. Before using this option, test the command
-interactively once to see the warnings that are produced.</td>
-</tr>
-
-<!-------------------------- -jar ------------------------------------->
-<tr>
-<td><a name="jar"></a><code>-jar <u><i>JAR file</i></u>
--installdir <u><i>root installation directory</i></u>
-[-tempdir <u><i>temporary directory</i></u>]</code></td>
-<td>Adds a new module from the given JAR file. The JAR file uses the
-server <a href="pk11jar.html">PKCS #11 JAR format</a> to describe the names of
-any files that need to be installed, the name of the module, mechanism flags,
-and cipher flags. The <u><i>root installation directory</i></u>
-is the directory relative to which files will be installed. This should be a
- directory
-under which it would be natural to store dynamic library files, such as
-a server's root directory, or Communicator's root directory.
-The <u><i>temporary directory</i></u> is where temporary modutil files
-will be created in the course of the installation. If no temporary directory
-is specified, the current directory will be used.
-<p>If used with the <code>-nocertdb</code> option, the signatures on the JAR
-file will not be checked.</td>
-</tr>
-
-<!----------------------------- -list ------------------------------>
-<tr>
-<td><a name="list"></a><code>-list [<u><i>module name</i></u>]</code></td>
-<td>Without an argument, lists the PKCS #11 modules present in the module
-database.
-<blockquote>
-<pre>
-% <b>modutil -list</b>
-Using database directory /u/nicolson/.netscape...
-
-Listing of PKCS #11 Modules
------------------------------------------------------------
- 1. Netscape Internal PKCS #11 Module
- slots: 2 slots attached
- status: loaded
-
- slot: Communicator Internal Cryptographic Services Version 4.0
- token: Communicator Generic Crypto Svcs
-
- slot: Communicator User Private Key and Certificate Services
- token: Communicator Certificate DB
------------------------------------------------------------
-</pre>
-</blockquote>
-<p>With an argument, provides a detailed description of the named module
-and its slots and tokens.
-<blockquote>
-<pre>
-% <b>modutil -list "Netscape Internal PKCS #11 Module"</b>
-Using database directory /u/nicolson/.netscape...
-
------------------------------------------------------------
-Name: Netscape Internal PKCS #11 Module
-Library file: **Internal ONLY module**
-Manufacturer: Netscape Communications Corp
-Description: Communicator Internal Crypto Svc
-PKCS #11 Version 2.0
-Library Version: 4.0
-Cipher Enable Flags: None
-Default Mechanism Flags: RSA:DSA:RC2:RC4:DES:SHA1:MD5:MD2
-
- Slot: Communicator Internal Cryptographic Services Version 4.0
- Manufacturer: Netscape Communications Corp
- Type: Software
- Version Number: 4.1
- Firmware Version: 0.0
- Status: Enabled
- Token Name: Communicator Generic Crypto Svcs
- Token Manufacturer: Netscape Communications Corp
- Token Model: Libsec 4.0
- Token Serial Number: 0000000000000000
- Token Version: 4.0
- Token Firmware Version: 0.0
- Access: Write Protected
- Login Type: Public (no login required)
- User Pin: NOT Initialized
-
- Slot: Communicator User Private Key and Certificate Services
- Manufacturer: Netscape Communications Corp
- Type: Software
- Version Number: 3.0
- Firmware Version: 0.0
- Status: Enabled
- Token Name: Communicator Certificate DB
- Token Manufacturer: Netscape Communications Corp
- Token Model: Libsec 4.0
- Token Serial Number: 0000000000000000
- Token Version: 7.0
- Token Firmware Version: 0.0
- Access: NOT Write Protected
- Login Type: Login required
- User Pin: Initialized
-
------------------------------------------------------------
-</pre>
-</blockquote>
-</td>
-</tr>
-
-<!------------------------------ Undefault ------------------------------->
-<tr>
-<td><a name="undefault"></a><code>-undefault <u><i>module name</i></u>
--mechanisms <u><i>mechanism list</i></u></code></td>
-<td>Specifies that the given module will NOT be a default provider of
-the listed mechanisms. This command clears the default mechanism flags
-for the given module.</td>
-</tr>
-
-</table>
-
-<!------------------------------------------------------------------------>
-<!------------------------------ Options --------------------------------->
-<!------------------------------------------------------------------------>
-<h3>Options:</h3>
-<table border>
-<tr bgcolor="#cccccc"><th>Option</th><th>Description</th> </tr>
-
-<!------------------------------ -dbdir ---------------------------------->
-<tr>
-<td><code>-dbdir <u><i>directory</i></u></code></td>
-<td>Specifies which directory holds the module database. On UNIX systems,
-the user's netscape directory is the default. On other systems, there is
-no default, and this option must be used.</td>
-</tr>
-
-<!------------------------------ -dbdir ---------------------------------->
-<tr>
-<td><code>-nocertdb</code></td>
-<td>Do not open the certificate or key databases. This has several effects.
-With the <code>-create</code> command, this means that only a secmod.db file
-will be created; cert7.db and key3.db will not be created. With the
-<code>-jar</code> command, signatures on the JAR file will not be checked.
-With the <code>-changepw</code> command, the password on the Netscape internal
-module cannot be set or changed, since this password is stored in key3.db.
-</td>
-</tr>
-
-</table>
-
-</body>
-</html>
diff --git a/security/nss/cmd/ocspclnt/Makefile b/security/nss/cmd/ocspclnt/Makefile
deleted file mode 100644
index 490f738e5..000000000
--- a/security/nss/cmd/ocspclnt/Makefile
+++ /dev/null
@@ -1,73 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
diff --git a/security/nss/cmd/ocspclnt/manifest.mn b/security/nss/cmd/ocspclnt/manifest.mn
deleted file mode 100644
index f57a6d385..000000000
--- a/security/nss/cmd/ocspclnt/manifest.mn
+++ /dev/null
@@ -1,52 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-CSRCS = \
- ocspclnt.c \
- $(NULL)
-
-# headers for the MODULE (defined above) are implicitly required.
-REQUIRES = dbm seccmd
-
-# WINNT uses EXTRA_LIBS as the list of libs to link in.
-# Unix uses OS_LIBS for that purpose.
-# We can solve this via conditional makefile code, but
-# can't do this in manifest.mn because OS_ARCH isn't defined there.
-# So, look in the local Makefile for the defines for the list of libs.
-
-PROGRAM = ocspclnt
diff --git a/security/nss/cmd/ocspclnt/ocspclnt.c b/security/nss/cmd/ocspclnt/ocspclnt.c
deleted file mode 100644
index c26633fbe..000000000
--- a/security/nss/cmd/ocspclnt/ocspclnt.c
+++ /dev/null
@@ -1,1220 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Test program for client-side OCSP.
- *
- * $Id$
- */
-
-#include "secutil.h"
-#include "nspr.h"
-#include "plgetopt.h"
-#include "nss.h"
-#include "cert.h"
-#include "ocsp.h"
-#include "xconst.h" /*
- * XXX internal header file; needed to get at
- * cert_DecodeAuthInfoAccessExtension -- would be
- * nice to not need this, but that would require
- * better/different APIs.
- */
-
-#ifndef NO_PP /*
- * Compile with this every once in a while to be
- * sure that no dependencies on it get added
- * outside of the pretty-printing routines.
- */
-#include "ocspti.h" /* internals for pretty-printing routines *only* */
-#endif /* NO_PP */
-
-#define DEFAULT_DB_DIR "~/.netscape"
-
-
-static void
-synopsis (char *program_name)
-{
- PRFileDesc *pr_stderr;
-
- pr_stderr = PR_STDERR;
- PR_fprintf (pr_stderr, "Usage:");
- PR_fprintf (pr_stderr,
- "\t%s -p [-d <dir>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t%s -P [-d <dir>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t%s -r <name> [-L] [-s <name>] [-d <dir>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t%s -R <name> [-l <location>] [-s <name>] [-d <dir>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t%s -S <name> [-l <location> -t <name>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t\t [-s <name>] [-w <time>] [-d <dir>]\n");
- PR_fprintf (pr_stderr,
- "\t%s -V <name> -u <usage> [-l <location> -t <name>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t\t [-s <name>] [-w <time>] [-d <dir>]\n");
-}
-
-
-static void
-short_usage (char *program_name)
-{
- PR_fprintf (PR_STDERR,
- "Type %s -H for more detailed descriptions\n",
- program_name);
- synopsis (program_name);
-}
-
-
-static void
-long_usage (char *program_name)
-{
- PRFileDesc *pr_stderr;
-
- pr_stderr = PR_STDERR;
- synopsis (program_name);
- PR_fprintf (pr_stderr, "\nCommands (must specify exactly one):\n");
- PR_fprintf (pr_stderr,
- " %-13s Pretty-print a binary request read from stdin\n",
- "-p");
- PR_fprintf (pr_stderr,
- " %-13s Pretty-print a binary response read from stdin\n",
- "-P");
- PR_fprintf (pr_stderr,
- " %-13s Create a request for cert \"nickname\" on stdout\n",
- "-r nickname");
- PR_fprintf (pr_stderr,
- " %-13s Get response for cert \"nickname\", dump to stdout\n",
- "-R nickname");
- PR_fprintf (pr_stderr,
- " %-13s Get status for cert \"nickname\"\n",
- "-S nickname");
- PR_fprintf (pr_stderr,
- " %-13s Fully verify cert \"nickname\", w/ status check\n",
- "-V nickname");
- PR_fprintf (pr_stderr, "Options:\n");
- PR_fprintf (pr_stderr,
- " %-13s Add the service locator extension to the request\n",
- "-L");
- PR_fprintf (pr_stderr,
- " %-13s Find security databases in \"dbdir\" (default %s)\n",
- "-d dbdir", DEFAULT_DB_DIR);
- PR_fprintf (pr_stderr,
- " %-13s Use \"location\" as URL of responder\n",
- "-l location");
- PR_fprintf (pr_stderr,
- " %-13s Trust cert \"nickname\" as response signer\n",
- "-t nickname");
- PR_fprintf (pr_stderr,
- " %-13s Sign requests with cert \"nickname\"\n",
- "-s nickname");
- PR_fprintf (pr_stderr,
- " %-13s Type of certificate usage for verification:\n",
- "-u usage");
- PR_fprintf (pr_stderr,
- "%-17s c SSL Client\n", "");
- PR_fprintf (pr_stderr,
- "%-17s s SSL Server\n", "");
- PR_fprintf (pr_stderr,
- "%-17s e Email Recipient\n", "");
- PR_fprintf (pr_stderr,
- "%-17s E Email Signer\n", "");
- PR_fprintf (pr_stderr,
- "%-17s S Object Signer\n", "");
- PR_fprintf (pr_stderr,
- "%-17s C CA\n", "");
- PR_fprintf (pr_stderr,
- " %-13s Validity time (default current time), one of:\n",
- "-w time");
- PR_fprintf (pr_stderr,
- "%-17s %-25s (GMT)\n", "", "YYMMDDhhmm[ss]Z");
- PR_fprintf (pr_stderr,
- "%-17s %-25s (later than GMT)\n", "", "YYMMDDhhmm[ss]+hhmm");
- PR_fprintf (pr_stderr,
- "%-17s %-25s (earlier than GMT)\n", "", "YYMMDDhhmm[ss]-hhmm");
-}
-
-
-/*
- * XXX This is a generic function that would probably make a good
- * replacement for SECU_DER_Read (which is not at all specific to DER,
- * despite its name), but that requires fixing all of the tools...
- * Still, it should be done, whenenver I/somebody has the time.
- * (Also, consider whether this actually belongs in the security
- * library itself, not just in the command library.)
- *
- * This function takes an open file (a PRFileDesc *) and reads the
- * entire file into a SECItem. (Obviously, the file is intended to
- * be small enough that such a thing is advisable.) Both the SECItem
- * and the buffer it points to are allocated from the heap; the caller
- * is expected to free them. ("SECITEM_FreeItem(item, PR_TRUE)")
- */
-static SECItem *
-read_file_into_item (PRFileDesc *in_file, SECItemType si_type)
-{
- PRStatus prv;
- SECItem *item;
- PRFileInfo file_info;
- PRInt32 bytes_read;
-
- prv = PR_GetOpenFileInfo (in_file, &file_info);
- if (prv != PR_SUCCESS)
- return NULL;
-
- if (file_info.size == 0) {
- /* XXX Need a better error; just grabbed this one for expediency. */
- PORT_SetError (SEC_ERROR_INPUT_LEN);
- return NULL;
- }
-
- if (file_info.size > 0xffff) { /* I think this is too big. */
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- item = PORT_Alloc (sizeof (SECItem));
- if (item == NULL)
- return NULL;
-
- item->type = si_type;
- item->len = (unsigned int) file_info.size;
- item->data = PORT_Alloc ((size_t)item->len);
- if (item->data == NULL)
- goto loser;
-
- bytes_read = PR_Read (in_file, item->data, (PRInt32) item->len);
- if (bytes_read < 0) {
- /* Something went wrong; error is already set for us. */
- goto loser;
- } else if (bytes_read == 0) {
- /* Something went wrong; we read nothing. But no system/nspr error. */
- /* XXX Need to set an error here. */
- goto loser;
- } else if (item->len != (unsigned int)bytes_read) {
- /* Something went wrong; we read less (or more!?) than we expected. */
- /* XXX Need to set an error here. */
- goto loser;
- }
-
- return item;
-
-loser:
- SECITEM_FreeItem (item, PR_TRUE);
- return NULL;
-}
-
-
-/*
- * Create a DER-encoded OCSP request (for the certificate whose nickname
- * is "name") and dump it out.
- */
-static SECStatus
-create_request (FILE *out_file, CERTCertDBHandle *handle, const char *cert_name,
- PRBool add_service_locator, PRBool add_acceptable_responses)
-{
- CERTCertificate *cert = NULL;
- CERTCertList *certs = NULL;
- CERTOCSPRequest *request = NULL;
- int64 now = PR_Now();
- SECItem *encoding = NULL;
- SECStatus rv = SECFailure;
-
- if (handle == NULL || cert_name == NULL)
- goto loser;
-
- cert = CERT_FindCertByNicknameOrEmailAddr (handle, (char *) cert_name);
- if (cert == NULL)
- goto loser;
-
- /*
- * We need to create a list of one.
- */
- certs = CERT_NewCertList();
- if (certs == NULL)
- goto loser;
-
- if (CERT_AddCertToListTail (certs, cert) != SECSuccess)
- goto loser;
-
- /*
- * Now that cert is included in the list, we need to be careful
- * that we do not try to destroy it twice. This will prevent that.
- */
- cert = NULL;
-
- request = CERT_CreateOCSPRequest (certs, now, add_service_locator, NULL);
- if (request == NULL)
- goto loser;
-
- if (add_acceptable_responses) {
- rv = CERT_AddOCSPAcceptableResponses(request,
- SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
- if (rv != SECSuccess)
- goto loser;
- }
-
- encoding = CERT_EncodeOCSPRequest (NULL, request, NULL);
- if (encoding == NULL)
- goto loser;
-
- if (fwrite (encoding->data, encoding->len, 1, out_file) != 1)
- goto loser;
-
- rv = SECSuccess;
-
-loser:
- if (encoding != NULL)
- SECITEM_FreeItem(encoding, PR_TRUE);
- if (request != NULL)
- CERT_DestroyOCSPRequest(request);
- if (certs != NULL)
- CERT_DestroyCertList (certs);
- if (cert != NULL)
- CERT_DestroyCertificate (cert);
-
- return rv;
-}
-
-
-/*
- * Create a DER-encoded OCSP request (for the certificate whose nickname is
- * "cert_name"), then get and dump a corresponding response. The responder
- * location is either specified explicitly (as "responder_url") or found
- * via the AuthorityInfoAccess URL in the cert.
- */
-static SECStatus
-dump_response (FILE *out_file, CERTCertDBHandle *handle, const char *cert_name,
- const char *responder_url)
-{
- CERTCertificate *cert = NULL;
- CERTCertList *certs = NULL;
- char *loc = NULL;
- int64 now = PR_Now();
- SECItem *response = NULL;
- SECStatus rv = SECFailure;
- PRBool includeServiceLocator;
-
- if (handle == NULL || cert_name == NULL)
- goto loser;
-
- cert = CERT_FindCertByNicknameOrEmailAddr (handle, (char *) cert_name);
- if (cert == NULL)
- goto loser;
-
- if (responder_url != NULL) {
- loc = (char *) responder_url;
- includeServiceLocator = PR_TRUE;
- } else {
- loc = CERT_GetOCSPAuthorityInfoAccessLocation (cert);
- if (loc == NULL)
- goto loser;
- includeServiceLocator = PR_FALSE;
- }
-
- /*
- * We need to create a list of one.
- */
- certs = CERT_NewCertList();
- if (certs == NULL)
- goto loser;
-
- if (CERT_AddCertToListTail (certs, cert) != SECSuccess)
- goto loser;
-
- /*
- * Now that cert is included in the list, we need to be careful
- * that we do not try to destroy it twice. This will prevent that.
- */
- cert = NULL;
-
- response = CERT_GetEncodedOCSPResponse (NULL, certs, loc, now,
- includeServiceLocator,
- NULL, NULL, NULL);
- if (response == NULL)
- goto loser;
-
- if (fwrite (response->data, response->len, 1, out_file) != 1)
- goto loser;
-
- rv = SECSuccess;
-
-loser:
- if (response != NULL)
- SECITEM_FreeItem (response, PR_TRUE);
- if (certs != NULL)
- CERT_DestroyCertList (certs);
- if (loc != NULL && loc != responder_url)
- PORT_Free (loc);
- if (cert != NULL)
- CERT_DestroyCertificate (cert);
-
- return rv;
-}
-
-
-/*
- * Get the status for the specified certificate (whose nickname is "cert_name").
- * Directly use the OCSP function rather than doing a full verification.
- */
-static SECStatus
-get_cert_status (FILE *out_file, CERTCertDBHandle *handle,
- const char *cert_name, int64 verify_time)
-{
- CERTCertificate *cert = NULL;
- SECStatus rv = SECFailure;
-
- if (handle == NULL || cert_name == NULL)
- goto loser;
-
- cert = CERT_FindCertByNicknameOrEmailAddr (handle, (char *) cert_name);
- if (cert == NULL)
- goto loser;
-
- rv = CERT_CheckOCSPStatus (handle, cert, verify_time, NULL);
-
- fprintf (out_file, "Check of certificate \"%s\" ", cert_name);
- if (rv == SECSuccess) {
- fprintf (out_file, "succeeded.\n");
- } else {
- const char *error_string = SECU_Strerror(PORT_GetError());
- fprintf (out_file, "failed. Reason:\n");
- if (error_string != NULL && PORT_Strlen(error_string) > 0)
- fprintf (out_file, "%s\n", error_string);
- else
- fprintf (out_file, "Unknown\n");
- }
-
- rv = SECSuccess;
-
-loser:
- if (cert != NULL)
- CERT_DestroyCertificate (cert);
-
- return rv;
-}
-
-
-/*
- * Verify the specified certificate (whose nickname is "cert_name").
- * OCSP is already turned on, so we just need to call the standard
- * certificate verification API and let it do all the work.
- */
-static SECStatus
-verify_cert (FILE *out_file, CERTCertDBHandle *handle, const char *cert_name,
- SECCertUsage cert_usage, int64 verify_time)
-{
- CERTCertificate *cert = NULL;
- SECStatus rv = SECFailure;
-
- if (handle == NULL || cert_name == NULL)
- goto loser;
-
- cert = CERT_FindCertByNicknameOrEmailAddr (handle, (char *) cert_name);
- if (cert == NULL)
- goto loser;
-
- rv = CERT_VerifyCert (handle, cert, PR_TRUE, cert_usage, verify_time,
- NULL, NULL);
-
- fprintf (out_file, "Verification of certificate \"%s\" ", cert_name);
- if (rv == SECSuccess) {
- fprintf (out_file, "succeeded.\n");
- } else {
- const char *error_string = SECU_Strerror(PORT_GetError());
- fprintf (out_file, "failed. Reason:\n");
- if (error_string != NULL && PORT_Strlen(error_string) > 0)
- fprintf (out_file, "%s\n", error_string);
- else
- fprintf (out_file, "Unknown\n");
- }
-
- rv = SECSuccess;
-
-loser:
- if (cert != NULL)
- CERT_DestroyCertificate (cert);
-
- return rv;
-}
-
-
-#ifdef NO_PP
-
-static SECStatus
-print_request (FILE *out_file, SECItem *data)
-{
- fprintf (out_file, "Cannot pretty-print request compiled with NO_PP.\n");
- return SECSuccess;
-}
-
-static SECStatus
-print_response (FILE *out_file, SECItem *data, CERTCertDBHandle *handle)
-{
- fprintf (out_file, "Cannot pretty-print response compiled with NO_PP.\n");
- return SECSuccess;
-}
-
-#else /* NO_PP */
-
-static void
-print_ocsp_version (FILE *out_file, SECItem *version, int level)
-{
- if (version->len > 0) {
- SECU_PrintInteger (out_file, version, "Version", level);
- } else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "Version: DEFAULT\n");
- }
-}
-
-
-static void
-print_ocsp_cert_id (FILE *out_file, CERTOCSPCertID *cert_id, int level)
-{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Cert ID:\n");
- level++;
-
- SECU_PrintAlgorithmID (out_file, &(cert_id->hashAlgorithm),
- "Hash Algorithm", level);
- SECU_PrintAsHex (out_file, &(cert_id->issuerNameHash),
- "Issuer Name Hash", level);
- SECU_PrintAsHex (out_file, &(cert_id->issuerKeyHash),
- "Issuer Key Hash", level);
- SECU_PrintInteger (out_file, &(cert_id->serialNumber),
- "Serial Number", level);
- /* XXX lookup the cert; if found, print something nice (nickname?) */
-}
-
-
-static void
-print_raw_certificates (FILE *out_file, SECItem **raw_certs, int level)
-{
- SECItem *raw_cert;
- int i = 0;
- char cert_label[50];
-
- SECU_Indent (out_file, level);
-
- if (raw_certs == NULL) {
- fprintf (out_file, "No Certificates.\n");
- return;
- }
-
- fprintf (out_file, "Certificate List:\n");
- while ((raw_cert = raw_certs[i++]) != NULL) {
- sprintf (cert_label, "Certificate (%d)", i);
- (void) SECU_PrintSignedData (out_file, raw_cert, cert_label, level + 1,
- SECU_PrintCertificate);
- }
-}
-
-
-static void
-print_ocsp_extensions (FILE *out_file, CERTCertExtension **extensions,
- char *msg, int level)
-{
- if (extensions) {
- SECU_PrintExtensions (out_file, extensions, msg, level);
- } else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No %s\n", msg);
- }
-}
-
-
-static void
-print_single_request (FILE *out_file, ocspSingleRequest *single, int level)
-{
- print_ocsp_cert_id (out_file, single->reqCert, level);
- print_ocsp_extensions (out_file, single->singleRequestExtensions,
- "Single Request Extensions", level);
-}
-
-
-/*
- * Decode the DER/BER-encoded item "data" as an OCSP request
- * and pretty-print the subfields.
- */
-static SECStatus
-print_request (FILE *out_file, SECItem *data)
-{
- CERTOCSPRequest *request;
- ocspTBSRequest *tbsRequest;
- int level = 0;
-
- PORT_Assert (out_file != NULL);
- PORT_Assert (data != NULL);
- if (out_file == NULL || data == NULL) {
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- request = CERT_DecodeOCSPRequest (data);
- if (request == NULL || request->tbsRequest == NULL)
- return SECFailure;
-
- tbsRequest = request->tbsRequest;
-
- fprintf (out_file, "TBS Request:\n");
- level++;
-
- print_ocsp_version (out_file, &(tbsRequest->version), level);
-
- /*
- * XXX Probably should be an interface to get the signer name
- * without looking inside the tbsRequest at all.
- */
- if (tbsRequest->requestorName != NULL) {
- SECU_Indent (out_file, level);
- fprintf (out_file, "XXX print the requestorName\n");
- } else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No Requestor Name.\n");
- }
-
- if (tbsRequest->requestList != NULL) {
- int i;
-
- for (i = 0; tbsRequest->requestList[i] != NULL; i++) {
- SECU_Indent (out_file, level);
- fprintf (out_file, "Request %d:\n", i);
- print_single_request (out_file, tbsRequest->requestList[i],
- level + 1);
- }
- } else {
- fprintf (out_file, "Request list is empty.\n");
- }
-
- print_ocsp_extensions (out_file, tbsRequest->requestExtensions,
- "Request Extensions", level);
-
- if (request->optionalSignature != NULL) {
- ocspSignature *whole_sig;
- SECItem rawsig;
-
- fprintf (out_file, "Signature:\n");
-
- whole_sig = request->optionalSignature;
- SECU_PrintAlgorithmID (out_file, &(whole_sig->signatureAlgorithm),
- "Signature Algorithm", level);
-
- rawsig = whole_sig->signature;
- DER_ConvertBitString (&rawsig);
- SECU_PrintAsHex (out_file, &rawsig, "Signature", level);
-
- print_raw_certificates (out_file, whole_sig->derCerts, level);
-
- fprintf (out_file, "XXX verify the sig and print result\n");
- } else {
- fprintf (out_file, "No Signature\n");
- }
-
- CERT_DestroyOCSPRequest (request);
- return SECSuccess;
-}
-
-
-static void
-print_revoked_info (FILE *out_file, ocspRevokedInfo *revoked_info, int level)
-{
- SECU_PrintGeneralizedTime (out_file, &(revoked_info->revocationTime),
- "Revocation Time", level);
-
- if (revoked_info->revocationReason != NULL) {
- SECU_PrintAsHex (out_file, revoked_info->revocationReason,
- "Revocation Reason", level);
- } else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No Revocation Reason.\n");
- }
-}
-
-
-static void
-print_cert_status (FILE *out_file, ocspCertStatus *status, int level)
-{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Status: ");
-
- switch (status->certStatusType) {
- case ocspCertStatus_good:
- fprintf (out_file, "Cert is good.\n");
- break;
- case ocspCertStatus_revoked:
- fprintf (out_file, "Cert has been revoked.\n");
- print_revoked_info (out_file, status->certStatusInfo.revokedInfo,
- level + 1);
- break;
- case ocspCertStatus_unknown:
- fprintf (out_file, "Cert is unknown to responder.\n");
- break;
- default:
- fprintf (out_file, "Unrecognized status.\n");
- break;
- }
-}
-
-
-static void
-print_single_response (FILE *out_file, CERTOCSPSingleResponse *single,
- int level)
-{
- print_ocsp_cert_id (out_file, single->certID, level);
-
- print_cert_status (out_file, single->certStatus, level);
-
- SECU_PrintGeneralizedTime (out_file, &(single->thisUpdate),
- "This Update", level);
-
- if (single->nextUpdate != NULL) {
- SECU_PrintGeneralizedTime (out_file, single->nextUpdate,
- "Next Update", level);
- } else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No Next Update\n");
- }
-
- print_ocsp_extensions (out_file, single->singleExtensions,
- "Single Response Extensions", level);
-}
-
-
-static void
-print_responder_id (FILE *out_file, ocspResponderID *responderID, int level)
-{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Responder ID ");
-
- switch (responderID->responderIDType) {
- case ocspResponderID_byName:
- fprintf (out_file, "(byName):\n");
- SECU_PrintName (out_file, &(responderID->responderIDValue.name),
- "Name", level + 1);
- break;
- case ocspResponderID_byKey:
- fprintf (out_file, "(byKey):\n");
- SECU_PrintAsHex (out_file, &(responderID->responderIDValue.keyHash),
- "Key Hash", level + 1);
- break;
- default:
- fprintf (out_file, "Unrecognized Responder ID Type\n");
- break;
- }
-}
-
-
-static void
-print_response_data (FILE *out_file, ocspResponseData *responseData, int level)
-{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Response Data:\n");
- level++;
-
- print_ocsp_version (out_file, &(responseData->version), level);
-
- print_responder_id (out_file, responseData->responderID, level);
-
- SECU_PrintGeneralizedTime (out_file, &(responseData->producedAt),
- "Produced At", level);
-
- if (responseData->responses != NULL) {
- int i;
-
- for (i = 0; responseData->responses[i] != NULL; i++) {
- SECU_Indent (out_file, level);
- fprintf (out_file, "Response %d:\n", i);
- print_single_response (out_file, responseData->responses[i],
- level + 1);
- }
- } else {
- fprintf (out_file, "Response list is empty.\n");
- }
-
- print_ocsp_extensions (out_file, responseData->responseExtensions,
- "Response Extensions", level);
-}
-
-
-static void
-print_basic_response (FILE *out_file, ocspBasicOCSPResponse *basic, int level)
-{
- SECItem rawsig;
-
- SECU_Indent (out_file, level);
- fprintf (out_file, "Basic OCSP Response:\n");
- level++;
-
- print_response_data (out_file, basic->tbsResponseData, level);
-
- SECU_PrintAlgorithmID (out_file,
- &(basic->responseSignature.signatureAlgorithm),
- "Signature Algorithm", level);
-
- rawsig = basic->responseSignature.signature;
- DER_ConvertBitString (&rawsig);
- SECU_PrintAsHex (out_file, &rawsig, "Signature", level);
-
- print_raw_certificates (out_file, basic->responseSignature.derCerts, level);
-}
-
-
-/*
- * Note this must match (exactly) the enumeration ocspResponseStatus.
- */
-static char *responseStatusNames[] = {
- "successful (Response has valid confirmations)",
- "malformedRequest (Illegal confirmation request)",
- "internalError (Internal error in issuer)",
- "tryLater (Try again later)",
- "unused ((4) is not used)",
- "sigRequired (Must sign the request)",
- "unauthorized (Request unauthorized)",
- "other (Status value out of defined range)"
-};
-
-/*
- * Decode the DER/BER-encoded item "data" as an OCSP response
- * and pretty-print the subfields.
- */
-static SECStatus
-print_response (FILE *out_file, SECItem *data, CERTCertDBHandle *handle)
-{
- CERTOCSPResponse *response;
- int level = 0;
-
- PORT_Assert (out_file != NULL);
- PORT_Assert (data != NULL);
- if (out_file == NULL || data == NULL) {
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- response = CERT_DecodeOCSPResponse (data);
- if (response == NULL)
- return SECFailure;
-
- PORT_Assert (response->statusValue <= ocspResponse_other);
- fprintf (out_file, "Response Status: %s\n",
- responseStatusNames[response->statusValue]);
-
- if (response->statusValue == ocspResponse_successful) {
- ocspResponseBytes *responseBytes = response->responseBytes;
- SECStatus sigStatus;
- CERTCertificate *signerCert = NULL;
-
- PORT_Assert (responseBytes != NULL);
-
- level++;
- fprintf (out_file, "Response Bytes:\n");
- SECU_PrintObjectID (out_file, &(responseBytes->responseType),
- "Response Type", level);
- switch (response->responseBytes->responseTypeTag) {
- case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
- print_basic_response (out_file,
- responseBytes->decodedResponse.basic,
- level);
- break;
- default:
- SECU_Indent (out_file, level);
- fprintf (out_file, "Unknown response syntax\n");
- break;
- }
-
- sigStatus = CERT_VerifyOCSPResponseSignature (response, handle,
- NULL, &signerCert);
- SECU_Indent (out_file, level);
- fprintf (out_file, "Signature verification ");
- if (sigStatus != SECSuccess) {
- fprintf (out_file, "failed: %s\n", SECU_Strerror (PORT_GetError()));
- } else {
- fprintf (out_file, "succeeded.\n");
- if (signerCert != NULL) {
- SECU_PrintName (out_file, &signerCert->subject, "Signer",
- level);
- CERT_DestroyCertificate (signerCert);
- } else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No signer cert returned?\n");
- }
- }
- } else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "Unsuccessful response, no more information.\n");
- }
-
- CERT_DestroyOCSPResponse (response);
- return SECSuccess;
-}
-
-#endif /* NO_PP */
-
-
-static SECStatus
-cert_usage_from_char (const char *cert_usage_str, SECCertUsage *cert_usage)
-{
- PORT_Assert (cert_usage_str != NULL);
- PORT_Assert (cert_usage != NULL);
-
- if (PORT_Strlen (cert_usage_str) != 1)
- return SECFailure;
-
- switch (*cert_usage_str) {
- case 'c':
- *cert_usage = certUsageSSLClient;
- break;
- case 's':
- *cert_usage = certUsageSSLServer;
- break;
- case 'e':
- *cert_usage = certUsageEmailRecipient;
- break;
- case 'E':
- *cert_usage = certUsageEmailSigner;
- break;
- case 'S':
- *cert_usage = certUsageObjectSigner;
- break;
- case 'C':
- *cert_usage = certUsageVerifyCA;
- break;
- default:
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-
-int
-main (int argc, char **argv)
-{
- int retval;
- char *program_name;
- PRFileDesc *in_file;
- FILE *out_file; /* not PRFileDesc until SECU accepts it */
- int crequest, dresponse;
- int prequest, presponse;
- int ccert, vcert;
- const char *db_dir, *date_str, *cert_usage_str, *name;
- const char *responder_name, *responder_url, *signer_name;
- PRBool add_acceptable_responses, add_service_locator;
- SECItem *data = NULL;
- PLOptState *optstate;
- SECStatus rv;
- CERTCertDBHandle *handle = NULL;
- SECCertUsage cert_usage;
- int64 verify_time;
-
- retval = -1; /* what we return/exit with on error */
-
- program_name = PL_strrchr(argv[0], '/');
- program_name = program_name ? (program_name + 1) : argv[0];
-
- in_file = PR_STDIN;
- out_file = stdout;
-
- crequest = 0;
- dresponse = 0;
- prequest = 0;
- presponse = 0;
- ccert = 0;
- vcert = 0;
-
- db_dir = NULL;
- date_str = NULL;
- cert_usage_str = NULL;
- name = NULL;
- responder_name = NULL;
- responder_url = NULL;
- signer_name = NULL;
-
- add_acceptable_responses = PR_FALSE;
- add_service_locator = PR_FALSE;
-
- optstate = PL_CreateOptState (argc, argv, "AHLPR:S:V:d:l:pr:s:t:u:w:");
- if (optstate == NULL) {
- SECU_PrintError (program_name, "PL_CreateOptState failed");
- return retval;
- }
-
- while (PL_GetNextOpt (optstate) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- short_usage (program_name);
- return retval;
-
- case 'A':
- add_acceptable_responses = PR_TRUE;
- break;
-
- case 'H':
- long_usage (program_name);
- return retval;
-
- case 'L':
- add_service_locator = PR_TRUE;
- break;
-
- case 'P':
- presponse = 1;
- break;
-
- case 'R':
- dresponse = 1;
- name = optstate->value;
- break;
-
- case 'S':
- ccert = 1;
- name = optstate->value;
- break;
-
- case 'V':
- vcert = 1;
- name = optstate->value;
- break;
-
- case 'd':
- db_dir = optstate->value;
- break;
-
- case 'l':
- responder_url = optstate->value;
- break;
-
- case 'p':
- prequest = 1;
- break;
-
- case 'r':
- crequest = 1;
- name = optstate->value;
- break;
-
- case 's':
- signer_name = optstate->value;
- break;
-
- case 't':
- responder_name = optstate->value;
- break;
-
- case 'u':
- cert_usage_str = optstate->value;
- break;
-
- case 'w':
- date_str = optstate->value;
- break;
- }
- }
-
- if ((crequest + dresponse + prequest + presponse + ccert + vcert) != 1) {
- PR_fprintf (PR_STDERR, "%s: must specify exactly one command\n\n",
- program_name);
- short_usage (program_name);
- return retval;
- }
-
- if (vcert) {
- if (cert_usage_str == NULL) {
- PR_fprintf (PR_STDERR, "%s: verification requires cert usage\n\n",
- program_name);
- short_usage (program_name);
- return retval;
- }
-
- rv = cert_usage_from_char (cert_usage_str, &cert_usage);
- if (rv != SECSuccess) {
- PR_fprintf (PR_STDERR, "%s: invalid cert usage (\"%s\")\n\n",
- program_name, cert_usage_str);
- long_usage (program_name);
- return retval;
- }
- }
-
- if (ccert + vcert) {
- if (responder_url != NULL || responder_name != NULL) {
- /*
- * To do a full status check, both the URL and the cert name
- * of the responder must be specified if either one is.
- */
- if (responder_url == NULL || responder_name == NULL) {
- if (responder_url == NULL)
- PR_fprintf (PR_STDERR,
- "%s: must also specify responder location\n\n",
- program_name);
- else
- PR_fprintf (PR_STDERR,
- "%s: must also specify responder name\n\n",
- program_name);
- short_usage (program_name);
- return retval;
- }
- }
-
- if (date_str != NULL) {
- rv = DER_AsciiToTime (&verify_time, (char *) date_str);
- if (rv != SECSuccess) {
- SECU_PrintError (program_name, "error converting time string");
- PR_fprintf (PR_STDERR, "\n");
- long_usage (program_name);
- return retval;
- }
- } else {
- verify_time = PR_Now();
- }
- }
-
- retval = -2; /* errors change from usage to runtime */
-
- /*
- * Initialize the NSPR and Security libraries.
- */
- PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- db_dir = SECU_ConfigDirectory (db_dir);
- rv = NSS_Init (db_dir);
- if (rv != SECSuccess) {
- SECU_PrintError (program_name, "NSS_Init failed");
- goto prdone;
- }
-
- if (prequest + presponse) {
- data = read_file_into_item (in_file, siBuffer);
- if (data == NULL) {
- SECU_PrintError (program_name, "problem reading input");
- goto nssdone;
- }
- }
-
- if (crequest + dresponse + presponse + ccert + vcert) {
- handle = CERT_GetDefaultCertDB();
- if (handle == NULL) {
- SECU_PrintError (program_name, "problem getting certdb handle");
- goto nssdone;
- }
-
- /*
- * It would be fine to do the enable for all of these commands,
- * but this way we check that everything but an overall verify
- * can be done without it. That is, that the individual pieces
- * work on their own.
- */
- if (vcert) {
- rv = CERT_EnableOCSPChecking (handle);
- if (rv != SECSuccess) {
- SECU_PrintError (program_name, "error enabling OCSP checking");
- goto nssdone;
- }
- }
-
- if ((ccert + vcert) && (responder_name != NULL)) {
- rv = CERT_SetOCSPDefaultResponder (handle, responder_url,
- responder_name);
- if (rv != SECSuccess) {
- SECU_PrintError (program_name,
- "error setting default responder");
- goto nssdone;
- }
-
- rv = CERT_EnableOCSPDefaultResponder (handle);
- if (rv != SECSuccess) {
- SECU_PrintError (program_name,
- "error enabling default responder");
- goto nssdone;
- }
- }
- }
-
-#define NOTYET(opt) \
- { \
- PR_fprintf (PR_STDERR, "%s not yet working\n", opt); \
- exit (-1); \
- }
-
- if (crequest) {
- if (signer_name != NULL) {
- NOTYET("-s");
- }
- rv = create_request (out_file, handle, name, add_service_locator,
- add_acceptable_responses);
- } else if (dresponse) {
- if (signer_name != NULL) {
- NOTYET("-s");
- }
- rv = dump_response (out_file, handle, name, responder_url);
- } else if (prequest) {
- rv = print_request (out_file, data);
- } else if (presponse) {
- rv = print_response (out_file, data, handle);
- } else if (ccert) {
- if (signer_name != NULL) {
- NOTYET("-s");
- }
- rv = get_cert_status (out_file, handle, name, verify_time);
- } else if (vcert) {
- if (signer_name != NULL) {
- NOTYET("-s");
- }
- rv = verify_cert (out_file, handle, name, cert_usage, verify_time);
- }
-
- if (rv != SECSuccess)
- SECU_PrintError (program_name, "error performing requested operation");
- else
- retval = 0;
-
-nssdone:
- if (data != NULL) {
- SECITEM_FreeItem (data, PR_TRUE);
- }
-
- if (handle != NULL) {
- (void) CERT_DisableOCSPChecking (handle);
- CERT_ClosePermCertDB (handle);
- }
-
- NSS_Shutdown ();
-
-prdone:
- PR_Cleanup ();
- return retval;
-}
diff --git a/security/nss/cmd/oidcalc/Makefile b/security/nss/cmd/oidcalc/Makefile
deleted file mode 100644
index 689240abd..000000000
--- a/security/nss/cmd/oidcalc/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/oidcalc/manifest.mn b/security/nss/cmd/oidcalc/manifest.mn
deleted file mode 100644
index 890e112ef..000000000
--- a/security/nss/cmd/oidcalc/manifest.mn
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-REQUIRES = seccmd dbm
-
-DEFINES = -DNSPR20
-
-CSRCS = oidcalc.c
-
-PROGRAM = oidcalc
diff --git a/security/nss/cmd/oidcalc/oidcalc.c b/security/nss/cmd/oidcalc/oidcalc.c
deleted file mode 100644
index cadc425a4..000000000
--- a/security/nss/cmd/oidcalc/oidcalc.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-int
-main(int argc, char **argv)
-{
- char *curstr;
- char *nextstr;
- unsigned int firstval;
- unsigned int secondval;
- unsigned int val;
- unsigned char buf[5];
- int count;
-
- if ( argc != 2 ) {
- fprintf(stderr, "wrong number of args\n");
- exit(-1);
- }
-
- curstr = argv[1];
-
- nextstr = strchr(curstr, '.');
-
- if ( nextstr == NULL ) {
- fprintf(stderr, "only one component\n");
- exit(-1);
- }
-
- *nextstr = '\0';
- firstval = atoi(curstr);
-
- curstr = nextstr + 1;
-
- nextstr = strchr(curstr, '.');
-
- if ( nextstr ) {
- *nextstr = '\0';
- }
-
- secondval = atoi(curstr);
-
- if ( ( firstval < 0 ) || ( firstval > 2 ) ) {
- fprintf(stderr, "first component out of range\n");
- exit(-1);
-
- }
-
- if ( ( secondval < 0 ) || ( secondval > 39 ) ) {
- fprintf(stderr, "second component out of range\n");
- exit(-1);
- }
-
- printf("0x%x, ", ( firstval * 40 ) + secondval );
- while ( nextstr ) {
- curstr = nextstr + 1;
-
- nextstr = strchr(curstr, '.');
-
- if ( nextstr ) {
- *nextstr = '\0';
- }
-
- memset(buf, 0, sizeof(buf));
- val = atoi(curstr);
- count = 0;
- while ( val ) {
- buf[count] = ( val & 0x7f );
- val = val >> 7;
- count++;
- }
-
- while ( count-- ) {
- if ( count ) {
- printf("0x%x, ", buf[count] | 0x80 );
- } else {
- printf("0x%x, ", buf[count] );
- }
- }
- }
- printf("\n");
- return 0;
-}
-
diff --git a/security/nss/cmd/p7content/Makefile b/security/nss/cmd/p7content/Makefile
deleted file mode 100644
index 4e39ffc3f..000000000
--- a/security/nss/cmd/p7content/Makefile
+++ /dev/null
@@ -1,75 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/p7content/manifest.mn b/security/nss/cmd/p7content/manifest.mn
deleted file mode 100644
index ff3479636..000000000
--- a/security/nss/cmd/p7content/manifest.mn
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-CSRCS = p7content.c
-
-REQUIRES = seccmd dbm
-
-PROGRAM = p7content
-# PROGRAM = ./$(OBJDIR)/p7content.exe
-
diff --git a/security/nss/cmd/p7content/p7content.c b/security/nss/cmd/p7content/p7content.c
deleted file mode 100644
index 2c1afb6dc..000000000
--- a/security/nss/cmd/p7content/p7content.c
+++ /dev/null
@@ -1,312 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * p7content -- A command to display pkcs7 content.
- *
- * $Id$
- */
-
-#include "nspr.h"
-#include "secutil.h"
-#include "plgetopt.h"
-#include "secpkcs7.h"
-#include "cert.h"
-#include "certdb.h"
-#include "cdbhdl.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-
-#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
-extern int fwrite(char *, size_t, size_t, FILE*);
-extern int fprintf(FILE *, char *, ...);
-#endif
-
-extern void SEC_Init(void); /* XXX */
-
-
-static void
-Usage(char *progName)
-{
- fprintf(stderr,
- "Usage: %s [-d dbdir] [-i input] [-o output]\n",
- progName);
- fprintf(stderr,
- "%-20s Key/Cert database directory (default is ~/.netscape)\n",
- "-d dbdir");
- fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
- fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
- exit(-1);
-}
-
-static SECKEYKeyDBHandle *
-OpenKeyDB(char *progName)
-{
- SECKEYKeyDBHandle *keyHandle;
-
- keyHandle = SECU_OpenKeyDB(PR_FALSE);
- if (keyHandle == NULL) {
- SECU_PrintError(progName, "could not open key database");
- return NULL;
- }
-
- return(keyHandle);
-}
-
-static CERTCertDBHandle certHandleStatic; /* avoid having to allocate */
-
-static CERTCertDBHandle *
-OpenCertDB(char *progName)
-{
- CERTCertDBHandle *certHandle;
- SECStatus rv;
-
- certHandle = &certHandleStatic;
- rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "could not open cert database");
- return NULL;
- }
-
- return certHandle;
-}
-
-static PRBool saw_content;
-
-static void
-PrintBytes(void *arg, const char *buf, unsigned long len)
-{
- FILE *out;
-
- out = arg;
- fwrite (buf, len, 1, out);
-
- saw_content = PR_TRUE;
-}
-
-/*
- * XXX Someday we may want to do real policy stuff here. This allows
- * anything to be decrypted, which is okay for a test program but does
- * not set an example of how a real client with a real policy would
- * need to do it.
- */
-static PRBool
-decryption_allowed(SECAlgorithmID *algid, PK11SymKey *key)
-{
- return PR_TRUE;
-}
-
-int
-DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
-{
- SECItem derdata;
- SEC_PKCS7ContentInfo *cinfo;
- SEC_PKCS7DecoderContext *dcx;
-
- if (SECU_ReadDERFromFile(&derdata, in, PR_FALSE)) {
- SECU_PrintError(progName, "error converting der");
- return -1;
- }
-
- fprintf(out,
- "Content printed between bars (newline added before second bar):");
- fprintf(out, "\n---------------------------------------------\n");
-
- saw_content = PR_FALSE;
- dcx = SEC_PKCS7DecoderStart(PrintBytes, out, SECU_GetPassword, NULL,
- NULL, NULL, decryption_allowed);
- if (dcx != NULL) {
-#if 0 /* Test that decoder works when data is really streaming in. */
- {
- unsigned long i;
- for (i = 0; i < derdata.len; i++)
- SEC_PKCS7DecoderUpdate(dcx, derdata.data + i, 1);
- }
-#else
- SEC_PKCS7DecoderUpdate(dcx, derdata.data, derdata.len);
-#endif
- cinfo = SEC_PKCS7DecoderFinish(dcx);
- }
-
- fprintf(out, "\n---------------------------------------------\n");
-
- if (cinfo == NULL)
- return -1;
-
- fprintf(out, "Content was%s encrypted.\n",
- SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not");
-
- if (SEC_PKCS7ContentIsSigned(cinfo)) {
- char *signer_cname, *signer_ename;
- SECItem *signing_time;
-
- if (saw_content) {
- fprintf(out, "Signature is ");
- PORT_SetError(0);
- if (SEC_PKCS7VerifySignature(cinfo, certUsageEmailSigner, PR_FALSE))
- fprintf(out, "valid.\n");
- else
- fprintf(out, "invalid (Reason: %s).\n",
- SECU_Strerror(PORT_GetError()));
- } else {
- fprintf(out,
- "Content is detached; signature cannot be verified.\n");
- }
-
- signer_cname = SEC_PKCS7GetSignerCommonName(cinfo);
- if (signer_cname != NULL) {
- fprintf(out, "The signer's common name is %s\n", signer_cname);
- PORT_Free(signer_cname);
- } else {
- fprintf(out, "No signer common name.\n");
- }
-
- signer_ename = SEC_PKCS7GetSignerEmailAddress(cinfo);
- if (signer_ename != NULL) {
- fprintf(out, "The signer's email address is %s\n", signer_ename);
- PORT_Free(signer_ename);
- } else {
- fprintf(out, "No signer email address.\n");
- }
-
- signing_time = SEC_PKCS7GetSigningTime(cinfo);
- if (signing_time != NULL) {
- SECU_PrintUTCTime(out, signing_time, "Signing time", 0);
- } else {
- fprintf(out, "No signing time included.\n");
- }
- } else {
- fprintf(out, "Content was not signed.\n");
- }
-
- fprintf(out, "There were%s certs or crls included.\n",
- SEC_PKCS7ContainsCertsOrCrls(cinfo) ? "" : " no");
-
- SEC_PKCS7DestroyContentInfo(cinfo);
- return 0;
-}
-
-
-/*
- * Print the contents of a PKCS7 message, indicating signatures, etc.
- */
-
-int
-main(int argc, char **argv)
-{
- char *progName;
- FILE *outFile;
- PRFileDesc *inFile;
- SECKEYKeyDBHandle *keyHandle;
- CERTCertDBHandle *certHandle;
- PLOptState *optstate;
- PLOptStatus status;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- inFile = NULL;
- outFile = NULL;
-
- /*
- * Parse command line arguments
- */
- optstate = PL_CreateOptState(argc, argv, "d:i:o:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'i':
- inFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- default:
- Usage(progName);
- break;
- }
- }
- if (status == PL_OPT_BAD)
- Usage(progName);
-
- if (!inFile) inFile = PR_STDIN;
- if (!outFile) outFile = stdout;
-
- /* Call the initialization routines */
- PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
-
- /* open key database */
- keyHandle = OpenKeyDB(progName);
- if (keyHandle == NULL) {
- return -1;
- }
- SECKEY_SetDefaultKeyDB(keyHandle);
-
- /* open cert database */
- certHandle = OpenCertDB(progName);
- if (certHandle == NULL) {
- return -1;
- }
- CERT_SetDefaultCertDB(certHandle);
-
- if (DecodeAndPrintFile(outFile, inFile, progName)) {
- SECU_PrintError(progName, "problem decoding data");
- return -1;
- }
-
- return 0;
-}
diff --git a/security/nss/cmd/p7env/Makefile b/security/nss/cmd/p7env/Makefile
deleted file mode 100644
index 4e39ffc3f..000000000
--- a/security/nss/cmd/p7env/Makefile
+++ /dev/null
@@ -1,75 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/p7env/manifest.mn b/security/nss/cmd/p7env/manifest.mn
deleted file mode 100644
index c1b3c1f4a..000000000
--- a/security/nss/cmd/p7env/manifest.mn
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-CSRCS = p7env.c
-
-REQUIRES = seccmd dbm
-
-PROGRAM = p7env
-# PROGRAM = ./$(OBJDIR)/p7env.exe
-
diff --git a/security/nss/cmd/p7env/p7env.c b/security/nss/cmd/p7env/p7env.c
deleted file mode 100644
index 0482b175d..000000000
--- a/security/nss/cmd/p7env/p7env.c
+++ /dev/null
@@ -1,288 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * p7env -- A command to create a pkcs7 enveloped data.
- *
- * $Id$
- */
-
-#include "nspr.h"
-#include "secutil.h"
-#include "plgetopt.h"
-#include "secpkcs7.h"
-#include "cert.h"
-#include "certdb.h"
-#include "cdbhdl.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-
-#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
-extern int fprintf(FILE *, char *, ...);
-#endif
-
-extern void SEC_Init(void); /* XXX */
-
-
-static void
-Usage(char *progName)
-{
- fprintf(stderr,
- "Usage: %s -r recipient [-d dbdir] [-i input] [-o output]\n",
- progName);
- fprintf(stderr, "%-20s Nickname of cert to use for encryption\n",
- "-r recipient");
- fprintf(stderr, "%-20s Cert database directory (default is ~/.netscape)\n",
- "-d dbdir");
- fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
- fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
- exit(-1);
-}
-
-static CERTCertDBHandle certHandleStatic; /* avoid having to allocate */
-
-static CERTCertDBHandle *
-OpenCertDB(char *progName)
-{
- CERTCertDBHandle *certHandle;
- SECStatus rv;
-
- certHandle = &certHandleStatic;
- rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "could not open cert database");
- return NULL;
- }
-
- return certHandle;
-}
-
-struct recipient {
- struct recipient *next;
- char *nickname;
- CERTCertificate *cert;
-};
-
-static void
-EncryptOut(void *arg, const char *buf, unsigned long len)
-{
- FILE *out;
-
- out = arg;
- fwrite (buf, len, 1, out);
-}
-
-static int
-EncryptFile(FILE *outFile, FILE *inFile, struct recipient *recipients,
- char *progName)
-{
- SEC_PKCS7ContentInfo *cinfo;
- SEC_PKCS7EncoderContext *ecx;
- struct recipient *rcpt;
- SECStatus rv;
-
- if (outFile == NULL || inFile == NULL || recipients == NULL)
- return -1;
-
- /* XXX Need a better way to handle that certUsage stuff! */
- /* XXX keysize? */
- cinfo = SEC_PKCS7CreateEnvelopedData (recipients->cert,
- certUsageEmailRecipient,
- NULL, SEC_OID_DES_EDE3_CBC, 0,
- NULL, NULL);
- if (cinfo == NULL)
- return -1;
-
- for (rcpt = recipients->next; rcpt != NULL; rcpt = rcpt->next) {
- rv = SEC_PKCS7AddRecipient (cinfo, rcpt->cert, certUsageEmailRecipient,
- NULL);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "error adding recipient \"%s\"",
- rcpt->nickname);
- return -1;
- }
- }
-
- ecx = SEC_PKCS7EncoderStart (cinfo, EncryptOut, outFile, NULL);
- if (ecx == NULL)
- return -1;
-
- for (;;) {
- char ibuf[1024];
- int nb;
-
- if (feof(inFile))
- break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- rv = SECFailure;
- }
- break;
- }
- rv = SEC_PKCS7EncoderUpdate(ecx, ibuf, nb);
- if (rv != SECSuccess)
- break;
- }
-
- if (SEC_PKCS7EncoderFinish(ecx, NULL, NULL) != SECSuccess)
- rv = SECFailure;
-
- SEC_PKCS7DestroyContentInfo (cinfo);
-
- if (rv != SECSuccess)
- return -1;
-
- return 0;
-}
-
-int
-main(int argc, char **argv)
-{
- char *progName;
- FILE *inFile, *outFile;
- char *certName;
- CERTCertDBHandle *certHandle;
- CERTCertificate *cert;
- struct recipient *recipients, *rcpt;
- PLOptState *optstate;
- PLOptStatus status;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- inFile = NULL;
- outFile = NULL;
- certName = NULL;
- recipients = NULL;
- rcpt = NULL;
-
- /*
- * Parse command line arguments
- * XXX This needs to be enhanced to allow selection of algorithms
- * and key sizes (or to look up algorithms and key sizes for each
- * recipient in the magic database).
- */
- optstate = PL_CreateOptState(argc, argv, "d:i:o:r:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'i':
- inFile = fopen(optstate->value, "r");
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'r':
- if (rcpt == NULL) {
- recipients = rcpt = PORT_Alloc (sizeof(struct recipient));
- } else {
- rcpt->next = PORT_Alloc (sizeof(struct recipient));
- rcpt = rcpt->next;
- }
- if (rcpt == NULL) {
- fprintf(stderr, "%s: unable to allocate recipient struct\n",
- progName);
- return -1;
- }
- rcpt->nickname = strdup(optstate->value);
- rcpt->cert = NULL;
- rcpt->next = NULL;
- break;
- }
- }
-
- if (!recipients) Usage(progName);
-
- if (!inFile) inFile = stdin;
- if (!outFile) outFile = stdout;
-
- /* Call the libsec initialization routines */
- PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
-
- /* open cert database */
- certHandle = OpenCertDB(progName);
- if (certHandle == NULL) {
- return -1;
- }
- CERT_SetDefaultCertDB(certHandle);
-
- /* find certs */
- for (rcpt = recipients; rcpt != NULL; rcpt = rcpt->next) {
- rcpt->cert = CERT_FindCertByNickname(certHandle, rcpt->nickname);
- if (rcpt->cert == NULL) {
- SECU_PrintError(progName,
- "the cert for name \"%s\" not found in database",
- rcpt->nickname);
- return -1;
- }
- }
-
- if (EncryptFile(outFile, inFile, recipients, progName)) {
- SECU_PrintError(progName, "problem encrypting data");
- return -1;
- }
-
- return 0;
-}
diff --git a/security/nss/cmd/p7sign/Makefile b/security/nss/cmd/p7sign/Makefile
deleted file mode 100644
index 4e39ffc3f..000000000
--- a/security/nss/cmd/p7sign/Makefile
+++ /dev/null
@@ -1,75 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/p7sign/manifest.mn b/security/nss/cmd/p7sign/manifest.mn
deleted file mode 100644
index a2c165e8f..000000000
--- a/security/nss/cmd/p7sign/manifest.mn
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-CSRCS = p7sign.c
-
-REQUIRES = seccmd dbm
-
-PROGRAM = p7sign
-# PROGRAM = ./$(OBJDIR)/p7sign.exe
-
diff --git a/security/nss/cmd/p7sign/p7sign.c b/security/nss/cmd/p7sign/p7sign.c
deleted file mode 100644
index d8047a89a..000000000
--- a/security/nss/cmd/p7sign/p7sign.c
+++ /dev/null
@@ -1,318 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * p7sign -- A command to create a *detached* pkcs7 signature (over a given
- * input file).
- *
- * $Id$
- */
-
-#include "nspr.h"
-#include "plgetopt.h"
-#include "secutil.h"
-#include "secpkcs7.h"
-#include "cert.h"
-#include "certdb.h"
-#include "cdbhdl.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-
-#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
-extern int fprintf(FILE *, char *, ...);
-#endif
-
-extern void SEC_Init(void); /* XXX */
-
-
-static void
-Usage(char *progName)
-{
- fprintf(stderr,
- "Usage: %s -k keyname [-d keydir] [-i input] [-o output]\n",
- progName);
- fprintf(stderr, "%-20s Nickname of key to use for signature\n",
- "-k keyname");
- fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
- "-d keydir");
- fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
- fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
- fprintf(stderr, "%-20s Encapsulate content in signature message\n",
- "-e");
- exit(-1);
-}
-
-static SECKEYKeyDBHandle *
-OpenKeyDB(char *progName)
-{
- SECKEYKeyDBHandle *keyHandle;
-
- keyHandle = SECU_OpenKeyDB(PR_FALSE);
- if (keyHandle == NULL) {
- SECU_PrintError(progName, "could not open key database");
- return NULL;
- }
-
- return(keyHandle);
-}
-
-static CERTCertDBHandle certHandleStatic; /* avoid having to allocate */
-
-static CERTCertDBHandle *
-OpenCertDB(char *progName)
-{
- CERTCertDBHandle *certHandle;
- SECStatus rv;
-
- certHandle = &certHandleStatic;
- rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "could not open cert database");
- return NULL;
- } else {
- CERT_SetDefaultCertDB(certHandle);
- }
-
- return certHandle;
-}
-
-static void
-SignOut(void *arg, const char *buf, unsigned long len)
-{
- FILE *out;
-
- out = arg;
- fwrite (buf, len, 1, out);
-}
-
-static int
-CreateDigest(SECItem *data, char *digestdata, unsigned int *len, unsigned int maxlen)
-{
- SECHashObject *hashObj;
- void *hashcx;
-
- /* XXX probably want to extend interface to allow other hash algorithms */
- hashObj = &SECHashObjects[HASH_AlgSHA1];
-
- hashcx = (* hashObj->create)();
- if (hashcx == NULL)
- return -1;
-
- (* hashObj->begin)(hashcx);
- (* hashObj->update)(hashcx, data->data, data->len);
- (* hashObj->end)(hashcx, (unsigned char *)digestdata, len, maxlen);
- (* hashObj->destroy)(hashcx, PR_TRUE);
- return 0;
-}
-
-static int
-SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert,
- PRBool encapsulated)
-{
- int nb;
- char digestdata[32];
- unsigned int len;
- SECItem digest, data2sign;
- SEC_PKCS7ContentInfo *cinfo;
- SECStatus rv;
-
- if (outFile == NULL || inFile == NULL || cert == NULL)
- return -1;
-
- /* suck the file in */
- if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE) != SECSuccess)
- return -1;
-
- if (!encapsulated) {
- /* unfortunately, we must create the digest ourselves */
- /* SEC_PKCS7CreateSignedData should have a flag to not include */
- /* the content for non-encapsulated content at encode time, but */
- /* should always compute the hash itself */
- if (CreateDigest(&data2sign, digestdata, &len, 32) < 0)
- return -1;
- digest.data = (unsigned char *)digestdata;
- digest.len = len;
- }
-
- /* XXX Need a better way to handle that usage stuff! */
- cinfo = SEC_PKCS7CreateSignedData (cert, certUsageEmailSigner, NULL,
- SEC_OID_SHA1,
- encapsulated ? NULL : &digest,
- NULL, NULL);
- if (cinfo == NULL)
- return -1;
-
- if (encapsulated) {
- SEC_PKCS7SetContent(cinfo, (char *)data2sign.data, data2sign.len);
- }
-
- rv = SEC_PKCS7IncludeCertChain (cinfo, NULL);
- if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return -1;
- }
-
- rv = SEC_PKCS7Encode (cinfo, SignOut, outFile, NULL,
- SECU_GetPassword, NULL);
-
- SEC_PKCS7DestroyContentInfo (cinfo);
-
- if (rv != SECSuccess)
- return -1;
-
- return 0;
-}
-
-int
-main(int argc, char **argv)
-{
- char *progName;
- FILE *outFile;
- PRFileDesc *inFile;
- char *keyName;
- SECKEYKeyDBHandle *keyHandle;
- CERTCertDBHandle *certHandle;
- CERTCertificate *cert;
- PRBool encapsulated = PR_FALSE;
- PLOptState *optstate;
- PLOptStatus status;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- inFile = NULL;
- outFile = NULL;
- keyName = NULL;
-
- /*
- * Parse command line arguments
- */
- optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'e':
- /* create a message with the signed content encapsulated */
- encapsulated = PR_TRUE;
- break;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'i':
- inFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'k':
- keyName = strdup(optstate->value);
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
- }
- }
-
- if (!keyName) Usage(progName);
-
- if (!inFile) inFile = PR_STDIN;
- if (!outFile) outFile = stdout;
-
- /* Call the initialization routines */
- PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
-
- /* open key database */
- keyHandle = OpenKeyDB(progName);
- if (keyHandle == NULL) {
- return -1;
- }
-
-#if 0
- /* check if key actually exists */
- if (! SECU_CheckKeyNameExists(keyHandle, keyName)) {
- SECU_PrintError(progName, "the key \"%s\" does not exist", keyName);
- return -1;
- }
-#endif
-
- SECKEY_SetDefaultKeyDB(keyHandle);
-
- /* open cert database */
- certHandle = OpenCertDB(progName);
- if (certHandle == NULL) {
- return -1;
- }
-
- /* find cert */
- cert = CERT_FindCertByNickname(certHandle, keyName);
- if (cert == NULL) {
- SECU_PrintError(progName,
- "the corresponding cert for key \"%s\" does not exist",
- keyName);
- return -1;
- }
-
- CERT_SetDefaultCertDB(certHandle);
-
- if (SignFile(outFile, inFile, cert, encapsulated)) {
- SECU_PrintError(progName, "problem signing data");
- return -1;
- }
-
- return 0;
-}
diff --git a/security/nss/cmd/p7verify/Makefile b/security/nss/cmd/p7verify/Makefile
deleted file mode 100644
index 4e39ffc3f..000000000
--- a/security/nss/cmd/p7verify/Makefile
+++ /dev/null
@@ -1,75 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/p7verify/manifest.mn b/security/nss/cmd/p7verify/manifest.mn
deleted file mode 100644
index fbfb91d13..000000000
--- a/security/nss/cmd/p7verify/manifest.mn
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-CSRCS = p7verify.c
-
-REQUIRES = seccmd dbm
-
-PROGRAM = p7verify
-# PROGRAM = ./$(OBJDIR)/p7verify.exe
-
diff --git a/security/nss/cmd/p7verify/p7verify.c b/security/nss/cmd/p7verify/p7verify.c
deleted file mode 100644
index f9485de51..000000000
--- a/security/nss/cmd/p7verify/p7verify.c
+++ /dev/null
@@ -1,324 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * p7verify -- A command to do a verification of a *detached* pkcs7 signature.
- *
- * $Id$
- */
-
-#include "nspr.h"
-#include "secutil.h"
-#include "plgetopt.h"
-#include "secpkcs7.h"
-#include "cert.h"
-#include "certdb.h"
-#include "cdbhdl.h"
-#include "secoid.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-
-#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fprintf(FILE *, char *, ...);
-#endif
-
-extern void SEC_Init(void); /* XXX */
-
-static HASH_HashType
-AlgorithmToHashType(SECAlgorithmID *digestAlgorithms)
-{
-
- SECOidTag tag;
-
- tag = SECOID_GetAlgorithmTag(digestAlgorithms);
-
- switch (tag) {
- case SEC_OID_MD2:
- return HASH_AlgMD2;
- case SEC_OID_MD5:
- return HASH_AlgMD5;
- case SEC_OID_SHA1:
- return HASH_AlgSHA1;
- default:
- fprintf(stderr, "should never get here\n");
- return HASH_AlgNULL;
- }
-}
-
-static int
-DigestFile(unsigned char *digest, unsigned int *len, unsigned int maxLen,
- FILE *inFile, HASH_HashType hashType)
-{
- int nb;
- char ibuf[4096];
- SECHashObject *hashObj;
- void *hashcx;
-
- hashObj = &SECHashObjects[hashType];
-
- hashcx = (* hashObj->create)();
- if (hashcx == NULL)
- return -1;
-
- (* hashObj->begin)(hashcx);
-
- for (;;) {
- if (feof(inFile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb != sizeof(ibuf)) {
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- (* hashObj->destroy)(hashcx, PR_TRUE);
- return -1;
- }
- /* eof */
- break;
- }
- }
- (* hashObj->update)(hashcx, ibuf, nb);
- }
-
- (* hashObj->end)(hashcx, digest, len, maxLen);
- (* hashObj->destroy)(hashcx, PR_TRUE);
-
- return 0;
-}
-
-
-static void
-Usage(char *progName)
-{
- fprintf(stderr,
- "Usage: %s -c content -s signature [-d dbdir] [-u certusage]\n",
- progName);
- fprintf(stderr, "%-20s content file that was signed\n",
- "-c content");
- fprintf(stderr, "%-20s file containing signature for that content\n",
- "-s signature");
- fprintf(stderr,
- "%-20s Key/Cert database directory (default is ~/.netscape)\n",
- "-d dbdir");
- fprintf(stderr, "%-20s Define the type of certificate usage (default is certUsageEmailSigner)\n",
- "-u certusage");
- fprintf(stderr, "%-25s 0 - certUsageSSLClient\n", " ");
- fprintf(stderr, "%-25s 1 - certUsageSSLServer\n", " ");
- fprintf(stderr, "%-25s 2 - certUsageSSLServerWithStepUp\n", " ");
- fprintf(stderr, "%-25s 3 - certUsageSSLCA\n", " ");
- fprintf(stderr, "%-25s 4 - certUsageEmailSigner\n", " ");
- fprintf(stderr, "%-25s 5 - certUsageEmailRecipient\n", " ");
- fprintf(stderr, "%-25s 6 - certUsageObjectSigner\n", " ");
- fprintf(stderr, "%-25s 7 - certUsageUserCertImport\n", " ");
- fprintf(stderr, "%-25s 8 - certUsageVerifyCA\n", " ");
- fprintf(stderr, "%-25s 9 - certUsageProtectedObjectSigner\n", " ");
- fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " ");
- fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " ");
-
- exit(-1);
-}
-
-static CERTCertDBHandle certHandleStatic; /* avoid having to allocate */
-
-static CERTCertDBHandle *
-OpenCertDB(char *progName)
-{
- CERTCertDBHandle *certHandle;
- SECStatus rv;
-
- certHandle = &certHandleStatic;
- rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "could not open cert database");
- return NULL;
- }
-
- return certHandle;
-}
-
-static int
-HashDecodeAndVerify(FILE *out, FILE *content, PRFileDesc *signature,
- SECCertUsage usage, char *progName)
-{
- SECItem derdata;
- SEC_PKCS7ContentInfo *cinfo;
- SEC_PKCS7SignedData *signedData;
- HASH_HashType digestType;
- SECItem digest;
- unsigned char buffer[32];
-
- if (SECU_ReadDERFromFile(&derdata, signature, PR_FALSE) != SECSuccess) {
- SECU_PrintError(progName, "error reading signature file");
- return -1;
- }
-
- cinfo = SEC_PKCS7DecodeItem(&derdata, NULL, NULL, SECU_GetPassword, NULL,
- NULL, NULL, NULL);
- if (cinfo == NULL)
- return -1;
-
- if (! SEC_PKCS7ContentIsSigned(cinfo)) {
- fprintf (out, "Signature file is pkcs7 data, but not signed.\n");
- return -1;
- }
-
- signedData = cinfo->content.signedData;
-
- /* assume that there is only one digest algorithm for now */
- digestType = AlgorithmToHashType(signedData->digestAlgorithms[0]);
- if (digestType == HASH_AlgNULL) {
- fprintf (out, "Invalid hash algorithmID\n");
- return -1;
- }
-
- digest.data = buffer;
- if (DigestFile (digest.data, &digest.len, 32, content, digestType)) {
- SECU_PrintError (progName, "problem computing message digest");
- return -1;
- }
-
- fprintf(out, "Signature is ");
- if (SEC_PKCS7VerifyDetachedSignature (cinfo, usage, &digest, digestType,
- PR_FALSE))
- fprintf(out, "valid.\n");
- else
- fprintf(out, "invalid (Reason: %s).\n",
- SECU_Strerror(PORT_GetError()));
-
- SEC_PKCS7DestroyContentInfo(cinfo);
- return 0;
-}
-
-
-int
-main(int argc, char **argv)
-{
- char *progName;
- FILE *contentFile, *outFile;
- PRFileDesc *signatureFile;
- SECKEYKeyDBHandle *keyHandle;
- SECCertUsage certUsage = certUsageEmailSigner;
- CERTCertDBHandle *certHandle;
- PLOptState *optstate;
- PLOptStatus status;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- contentFile = NULL;
- signatureFile = NULL;
- outFile = NULL;
-
- /*
- * Parse command line arguments
- */
- optstate = PL_CreateOptState(argc, argv, "c:d:o:s:u:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'c':
- contentFile = fopen(optstate->value, "r");
- if (!contentFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 's':
- signatureFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!signatureFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'u': {
- int usageType;
-
- usageType = atoi (strdup(optstate->value));
- if (usageType < certUsageSSLClient || usageType > certUsageAnyCA)
- return -1;
- certUsage = (SECCertUsage)usageType;
- break;
- }
-
- }
- }
-
- if (!contentFile) Usage (progName);
- if (!signatureFile) Usage (progName);
- if (!outFile) outFile = stdout;
-
- /* Call the libsec initialization routines */
- PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
-
- /* open cert database */
- certHandle = OpenCertDB(progName);
- if (certHandle == NULL) {
- return -1;
- }
- CERT_SetDefaultCertDB(certHandle);
-
- if (HashDecodeAndVerify(outFile, contentFile, signatureFile,
- certUsage, progName)) {
- SECU_PrintError(progName, "problem decoding/verifying signature");
- return -1;
- }
-
- return 0;
-}
diff --git a/security/nss/cmd/pk12util/Makefile b/security/nss/cmd/pk12util/Makefile
deleted file mode 100644
index 183d8a607..000000000
--- a/security/nss/cmd/pk12util/Makefile
+++ /dev/null
@@ -1,94 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-#include config.mk
-
-include $(CORE_DEPTH)/security/cmd/platlibs.mk
-
-# can't do this in manifest.mn because OS_ARCH isn't defined there.
-ifeq ($(OS_ARCH), WINNT)
-
-EXTRA_LIBS = \
- $(DIST)/lib/pkcs12.lib \
- $(DIST)/lib/pkcs7.lib \
- $(NULL)
-
-else
-
-EXTRA_LIBS += \
- $(DIST)/lib/libpkcs12.a \
- $(DIST)/lib/libpkcs7.a \
- $(NULL)
-endif
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-# NOTE: CC linker has to be used to resolve C++ stuff, hence the #
-# customized rules.mk #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
diff --git a/security/nss/cmd/pk12util/manifest.mn b/security/nss/cmd/pk12util/manifest.mn
deleted file mode 100644
index 020326ac3..000000000
--- a/security/nss/cmd/pk12util/manifest.mn
+++ /dev/null
@@ -1,58 +0,0 @@
-#
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-EXPORTS =
-
-CSRCS = pk12util.c \
- $(NULL)
-
-#CSRCS = keydb-v2.c \
-# keyconv32.c \
-# pcertdb-v5.c \
-# certinit-v5.c \
-# certconv75.c \
-# pk12util.c \
-# cvtdb.c \
-# $(NULL)
-
-PROGRAM = pk12util
-
-REQUIRES = security dbm seccmd
-
-DEFINES = -DNSPR20 -DPK12UTIL
-
diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c
deleted file mode 100644
index 8a8a3099e..000000000
--- a/security/nss/cmd/pk12util/pk12util.c
+++ /dev/null
@@ -1,1235 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "nspr.h"
-#include "cdbhdl.h"
-#include "secutil.h"
-#include "pk11func.h"
-#include "pkcs12.h"
-#include "p12plcy.h"
-
-#include "pk12util.h"
-
-#define PKCS12_IN_BUFFER_SIZE 200
-
-char *progName;
-
-PRIntn pk12uErrno = 0;
-
-static void
-Usage(char *progName)
-{
-#define FPS PR_fprintf(PR_STDERR,
- FPS "Usage: %s -i importfile [-d certdir] [-h tokenname]\n", progName);
- FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n");
- FPS "Usage: %s -o exportfile -n certname [-d certdir] [-h tokenname]\n", progName);
- FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n");
- exit(PK12UERR_USAGE);
-}
-
-static PRBool
-p12u_OpenExportFile(p12uContext *p12cxt, PRBool fileRead)
-{
- if(!p12cxt || !p12cxt->filename) {
- return PR_FALSE;
- }
-
- if(fileRead) {
- p12cxt->file = PR_Open(p12cxt->filename,
- PR_RDONLY, 0400);
- } else {
- p12cxt->file = PR_Open(p12cxt->filename,
- PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE,
- 0600);
- }
-
- if(!p12cxt->file) {
- p12cxt->error = PR_TRUE;
- PR_SetError(SEC_ERROR_NO_MEMORY, 0);
- return PR_FALSE;
- }
-
- return PR_TRUE;
-}
-
-static void
-p12u_DestroyExportFileInfo(p12uContext **exp_ptr, PRBool removeFile)
-{
- if(!exp_ptr || !(*exp_ptr)) {
- return;
- }
-
- if((*exp_ptr)->file != NULL) {
- PR_Close((*exp_ptr)->file);
- }
-
- if((*exp_ptr)->data != NULL) {
- SECITEM_ZfreeItem((*exp_ptr)->data, PR_FALSE);
- }
-
- if((*exp_ptr)->filename != NULL) {
- if(removeFile) {
- PR_Delete((*exp_ptr)->filename);
- }
- PR_Free((*exp_ptr)->filename);
- }
-
- PR_Free(*exp_ptr);
- *exp_ptr = NULL;
-}
-
-static p12uContext *
-p12u_InitFile(PRBool fileImport, char *filename)
-{
- p12uContext *p12cxt;
- PRBool fileExist;
-
- if(fileImport)
- fileExist = PR_TRUE;
- else
- fileExist = PR_FALSE;
-
- p12cxt = (p12uContext *)PR_CALLOC(sizeof(p12uContext));
- if(!p12cxt) {
- PR_SetError(SEC_ERROR_NO_MEMORY, 0);
- return NULL;
- }
-
- p12cxt->error = PR_FALSE;
- p12cxt->errorValue = 0;
- p12cxt->filename = filename;
-
- if(!p12u_OpenExportFile(p12cxt, fileImport)) {
- PR_SetError(p12cxt->errorValue, 0);
- p12u_DestroyExportFileInfo(&p12cxt, PR_FALSE);
- return NULL;
- }
-
- return p12cxt;
-}
-
-static p12uContext *
-p12u_CreateTemporaryDigestFile(void)
-{
- p12uContext *p12cxt;
-
- p12cxt = (p12uContext *)PR_CALLOC(sizeof(p12uContext));
- if(!p12cxt) {
- PR_SetError(SEC_ERROR_NO_MEMORY, 0);
- return NULL;
- }
-
- p12cxt->filename = "Pk12uTemp"/*WH_TempName(xpTemporary, NULL)*/;
- if(!p12cxt->filename) {
- PR_SetError(SEC_ERROR_NO_MEMORY, 0);
- p12u_DestroyExportFileInfo(&p12cxt, PR_FALSE);
- return NULL;
- }
-
- p12cxt->file = PR_Open(p12cxt->filename, PR_RDONLY, 0400);
- if (!p12cxt->filename) {
- p12u_DestroyExportFileInfo(&p12cxt, PR_FALSE);
- return NULL;
- }
-
- return p12cxt;
-}
-
-static int
-p12u_ReadFromImportFile(p12uContext *p12cxt, unsigned char *buf,
- unsigned long len)
-{
- int readLen;
-
- if(!p12cxt || (p12cxt->error!=0)) {
- return PR_FALSE;
- }
-
- if(p12cxt->file == NULL) {
- p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_READ;
- p12cxt->error = PR_TRUE;
- return - 1;
- }
-
- readLen = PR_Read(p12cxt->file, (char *)buf, (int32)len);
- if(readLen == -1) {
- p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_READ;
- p12cxt->error = PR_TRUE;
- }
-
- return readLen;
-}
-
-static SECStatus
-p12u_DigestOpen(void *arg, PRBool readData)
-{
- p12uContext *p12cxt = arg;
-
-
- if(!p12cxt || p12cxt->error || !p12cxt->filename) {
- return SECFailure;
- }
-
- if(readData) {
- p12cxt->file = PR_Open(p12cxt->filename, PR_RDONLY, 0400);
- } else {
- p12cxt->file = PR_Open(p12cxt->filename,
- PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE,
- 0600);
- }
-
- if(p12cxt->file == NULL) {
- p12cxt->error = PR_TRUE;
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-static SECStatus
-p12u_DigestClose(void *arg, PRBool removeFile)
-{
- p12uContext *p12cxt = arg;
-
- if(!p12cxt || p12cxt->error ||
- !p12cxt->filename || !p12cxt->file) {
- return SECFailure;
- }
-
- PR_Close(p12cxt->file);
- p12cxt->file = NULL;
-
- if(removeFile) {
- PR_Delete(p12cxt->filename);
- PR_Free(p12cxt->filename);
- p12cxt->filename = NULL;
- }
-
- return SECSuccess;
-}
-
-static int
-p12u_DigestRead(void *arg, unsigned char *buf, unsigned long len)
-{
- p12uContext *p12cxt = arg;
-
- if(!p12cxt || p12cxt->error ||
- !p12cxt->filename || !p12cxt->file) {
- return -1;
- }
-
- if(!buf || len == 0) {
- return -1;
- }
-
- return PR_Read(p12cxt->file, buf, len);
-}
-
-static int
-p12u_DigestWrite(void *arg, unsigned char *buf, unsigned long len)
-{
- p12uContext *p12cxt = arg;
-
- if(!p12cxt || p12cxt->error ||
- !p12cxt->filename || !p12cxt->file) {
- return -1;
- }
-
- if(!buf || len == 0) {
- return -1;
- }
-
- return PR_Write(p12cxt->file, buf, len);
-}
-
-SECItem *
-P12U_NicknameCollisionCallback(SECItem *old_nick, PRBool *cancel, void *wincx)
-{
- char *nick = NULL;
- SECItem *ret_nick = NULL;
-
- if(cancel == NULL) {
- pk12uErrno = PK12UERR_USER_CANCELLED;
- return NULL;
- }
-
- if (!old_nick)
- fprintf(stdout, "pk12util: no nickname for cert...not handled\n");
-
- /* XXX not handled yet */
- *cancel = PR_TRUE;
- return NULL;
-
-#if 0
- nick = strdup( DEFAULT_CERT_NICKNAME );
-
- if(old_nick && !PORT_Strcmp((char *)old_nick->data, nick)) {
- PORT_Free(nick);
- return NULL;
- }
-
- ret_nick = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(ret_nick == NULL) {
- PORT_Free(nick);
- return NULL;
- }
-
- ret_nick->data = (unsigned char *)nick;
- ret_nick->len = PORT_Strlen(nick);
-
- return ret_nick;
-#endif
-}
-
-/*
- * Not implemented.
- */
-static SECItem *
-p12u_ConvertToUnicode(SECItem *textItem)
-{
- return NULL;
-}
-
-/*
- * Not implemented.
- */
-static SECItem *
-p12u_ConvertFromUnicode(SECItem *textItem)
-{
- return NULL;
-}
-
-static SECStatus
-p12u_SwapUnicodeBytes(SECItem *uniItem)
-{
- unsigned int i;
- unsigned char a;
-
- if((uniItem == NULL) || (uniItem->len % 2)) {
- return SECFailure;
- }
-
- for(i = 0; i < uniItem->len; i += 2) {
- a = uniItem->data[i];
- uniItem->data[i] = uniItem->data[i+1];
- uniItem->data[i+1] = a;
- }
-
- return SECSuccess;
-}
-
-PRBool
-P12U_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf,
- unsigned int inBufLen, unsigned char *outBuf,
- unsigned int maxOutBufLen, unsigned int *outBufLen,
- PRBool swapBytes)
-{
- SECItem *(*convertFunc)(SECItem *);
- SECItem *dupSrc, src, *returnItem;
-#ifdef DEBUG
- int i;
- char theChar;
-#endif
-
- if(!inBuf || !outBuf || !outBufLen) {
- return PR_FALSE;
- }
-
- src.data = inBuf;
- src.len = inBufLen;
- *outBufLen = 0;
-
- dupSrc = SECITEM_DupItem(&src);
- if(!dupSrc) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return PR_FALSE;
- }
-
- if (toUnicode) {
- convertFunc = p12u_ConvertToUnicode;
- } else {
- if(swapBytes && p12u_SwapUnicodeBytes(dupSrc) != SECSuccess) {
- SECITEM_ZfreeItem(dupSrc, PR_TRUE);
- return PR_FALSE;
- }
- convertFunc = p12u_ConvertFromUnicode;
- }
-
- returnItem = (*convertFunc)(dupSrc);
- SECITEM_ZfreeItem(dupSrc, PR_TRUE);
- if(!returnItem) {
- return PR_FALSE;
- }
-
-#ifdef WHY
- if(returnItem->len > maxOutBufLen) {
- SECITEM_ZfreeItem(returnItem, PR_TRUE);
- return PR_FALSE;
- }
-#endif /* WHY */
- if(toUnicode && swapBytes &&
- (p12u_SwapUnicodeBytes(returnItem) != SECSuccess)) {
- SECITEM_ZfreeItem(returnItem, PR_TRUE);
- return PR_FALSE;
- }
-
- *outBufLen = returnItem->len;
- PORT_Memcpy(outBuf, returnItem->data, returnItem->len);
-#ifdef DEBUG
- printf("P12U_UCS2_ASCIIConversion: outBuf=");
- for(i=0;i<returnItem->len;i++) {
- theChar = (char)outBuf[i];
- printf("%c",theChar);
- }
- printf("\ni=%d\n",i);
-#endif /* DEBUG */
- SECITEM_ZfreeItem(returnItem, PR_TRUE);
- return PR_TRUE;
-}
-
-SECStatus
-P12U_UnicodeConversion(PRArenaPool *arena, SECItem *dest, SECItem *src,
- PRBool toUnicode, PRBool swapBytes)
-{
- unsigned int allocLen;
-
- if(!dest || !src) {
- return SECFailure;
- }
-
- allocLen = ((toUnicode) ? (src->len << 2) : src->len);
-
- if(arena) {
- dest->data = PORT_ArenaZAlloc(arena, allocLen);
- } else {
- dest->data = PORT_ZAlloc(allocLen);
- }
-
- if(P12U_UCS2_ASCIIConversion(toUnicode, src->data, src->len,
- dest->data, allocLen, &dest->len,
- swapBytes) == PR_FALSE) {
- if(!arena) {
- PORT_Free(dest->data);
- }
- dest->data = NULL;
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-/*
- * Not implemented.
- */
-static PRBool
-p12u_UCS2ToUTF8(unsigned char *inBuf, unsigned int inBufLen,
- unsigned char *outBuf, unsigned int maxOutBufLen,
- unsigned int *outBufLen)
-{
- return PR_FALSE;
-}
-
-/*
- * Not implemented.
- */
-static PRBool
-p12u_UTF8ToUCS2(unsigned char *inBuf, unsigned int inBufLen,
- unsigned char *outBuf, unsigned int maxOutBufLen,
- unsigned int *outBufLen)
-{
- return PR_FALSE;
-}
-
-PRBool
-P12U_UCS2_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
- unsigned int inBufLen,unsigned char *outBuf,
- unsigned int maxOutBufLen, unsigned int *outBufLen)
-{
- PRBool retval;
-#ifdef DEBUG
- unsigned int i;
-#endif
-
- if(!inBuf || !outBuf || !outBufLen) {
- return PR_FALSE;
- }
-
- *outBufLen = 0;
-
-#ifdef DEBUG
- printf("---UCS2_UTF8Conversion (%s) ---\nInput: ",
- (toUnicode?"to UCS2":"to UTF8"));
- for(i=0; i< inBufLen; i++) {
- printf("%c", (char) inBuf[i]);
- }
- printf("\n");
- for(i=0; i< inBufLen; i++) {
- printf("%2x ", (char) inBuf[i]);
- }
- printf("\n");
-#endif
-
- if(toUnicode) {
- retval = p12u_UTF8ToUCS2(inBuf, inBufLen, outBuf, maxOutBufLen,
- outBufLen);
- } else {
- retval = p12u_UCS2ToUTF8(inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen);
- }
-#ifdef DEBUG
- printf("Output: ");
- for(i=0; i< *outBufLen; i++) {
- printf("%c", (char) outBuf[i]);
- }
- printf("\n");
- for(i=0; i< *outBufLen; i++) {
- printf("%2x ", (char) outBuf[i]);
- }
- printf("\n\n");
-#endif
- return retval;
-}
-
-static PRBool
-p12u_UCS4ToUTF8(unsigned char *inBuf, unsigned int inBufLen,
- unsigned char *outBuf, unsigned int maxOutBufLen,
- unsigned int *outBufLen)
-{
- uint16 *ucs2String, i;
- unsigned char *ucs2Buf, *utf8Buf;
-
- ucs2Buf = PORT_ZAlloc(inBufLen * 8);
- if(!ucs2Buf) {
- return PR_FALSE;
- }
-
- for(i = 0; i < inBufLen; i+=4) {
-#ifdef IS_LITTLE_ENDIAN
- ucs2Buf[i/2+1] = inBuf[i+2];
- ucs2Buf[i/2] = inBuf[i+3];
-#else
- ucs2Buf[i/2] = inBuf[i+2];
- ucs2Buf[i/2+1] = inBuf[i+3];
-#endif
- }
-
- ucs2String = (uint16 *)ucs2Buf;
-
- /* Not implemented. */
- return PR_FALSE;
- /*
- utf8Buf = XXXX_UCS2ToUTF8(ucs2String, (inBufLen >> 1));
- */
- utf8Buf = NULL;
- PORT_Free(ucs2Buf);
- if(!utf8Buf) {
- return PR_FALSE;
- }
-
- *outBufLen = PORT_Strlen((const char *)utf8Buf) + 1;
- if(*outBufLen > maxOutBufLen) {
- *outBufLen = 0;
- PORT_Free(utf8Buf);
- return PR_FALSE;
- }
-
- PORT_Memcpy(outBuf, utf8Buf, *outBufLen);
- outBuf[*outBufLen] = 0;
- PORT_Free(utf8Buf);
- return PR_TRUE;
-}
-
-static PRBool
-p12u_UTF8ToUCS4(unsigned char *inBuf, unsigned int inBufLen,
- unsigned char *outBuf, unsigned int maxOutBufLen,
- unsigned int *outBufLen)
-{
- uint16 *ucs2String = NULL, i;
- unsigned char *ucs2Buf;
- int32 numChars = 0;
-
- /* Not Implemented */
- return PR_FALSE;
- /*
- ucs2String = XXXX_UTF8ToUCS2(inBuf, &numChars);
- */
- ucs2String = NULL;
- if(!ucs2String) {
- return PR_FALSE;
- }
-
- if((4 * numChars) > (int32)maxOutBufLen) {
- PORT_Free(ucs2String);
- return PR_FALSE;
- }
-
- ucs2Buf = (unsigned char *)ucs2String;
- for(i = 0; i < numChars; i++) {
-#ifdef IS_LITTLE_ENDIAN
- outBuf[4*i] = outBuf[4*i+1] = 0;
- outBuf[4*i+2] = ucs2Buf[2*i+1];
- outBuf[4*i+3] = ucs2Buf[2*i];
-#else
- outBuf[4*i] = outBuf[4*i+1] = 0;
- outBuf[4*i+2] = ucs2Buf[2*i];
- outBuf[4*i+3] = ucs2Buf[2*i+1];
-#endif
- }
-
- *outBufLen = (4 * numChars);
-
- PORT_Free(ucs2String);
- return PR_TRUE;
-}
-
-PRBool
-P12U_UCS4_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
- unsigned int inBufLen,unsigned char *outBuf,
- unsigned int maxOutBufLen, unsigned int *outBufLen)
-{
- PRBool retval;
-#ifdef DEBUG
- unsigned int i;
-#endif
- if(!inBuf || !outBuf || !outBufLen) {
- return PR_FALSE;
- }
-
-#ifdef DEBUG
- /*
- printf("---UCS4_UTF8Conversion (%s)---\nInput: "
- (toUnicode?"to UCS4":"to UTF8"));
- */
- for(i=0; i< inBufLen; i++) {
- printf("%c", (char) inBuf[i]);
- }
- printf("\n");
- for(i=0; i< inBufLen; i++) {
- printf("%2x ", (char) inBuf[i]);
- }
- printf("\n\n");
-#endif
-
- *outBufLen = 0;
-
- if(toUnicode) {
- retval = p12u_UTF8ToUCS4(inBuf, inBufLen,
- outBuf, maxOutBufLen, outBufLen);
- } else {
- retval = p12u_UCS4ToUTF8(inBuf, inBufLen,
- outBuf, maxOutBufLen, outBufLen);
- }
-#ifdef DEBUG
- printf("Output: ");
- for(i=0; i< *outBufLen; i++) {
- printf("%c", (char) outBuf[i]);
- }
- printf("\n");
- for(i=0; i< *outBufLen; i++) {
- printf("%2x ", (char) outBuf[i]);
- }
- printf("\n\n");
-#endif
-
- return retval;
-}
-
-/*
- *
- */
-SECItem *
-P12U_GetP12FilePassword(PRBool confirmPw, secuPWData *p12FilePw)
-{
- char *p0 = NULL, *p1 = NULL;
- SECItem *pwItem = NULL;
-
- if (p12FilePw == NULL || p12FilePw->source == PW_NONE) {
- for (;;) {
- p0 = SECU_GetPasswordString(NULL,
- "Enter password for PKCS12 file: ");
- if (!confirmPw)
- break;
- p1 = SECU_GetPasswordString(NULL, "Re-enter password: ");
- if (PL_strcmp(p0, p1) == 0)
- break;
- }
- } else if (p12FilePw->source == PW_FROMFILE) {
- p0 = SECU_FilePasswd(NULL, PR_FALSE, p12FilePw->data);
- } else { /* Plaintext */
- p0 = p12FilePw->data;
- }
-
- pwItem = SECITEM_AllocItem(NULL, NULL, PL_strlen(p0));
- pwItem->data = PL_strdup(p0);
-
- PORT_Memset(p0, 0, PL_strlen(p0));
- PORT_Free(p0);
-
- PORT_Memset(p1, 0, PL_strlen(p1));
- PORT_Free(p1);
-
- return pwItem;
-}
-
-SECStatus
-P12U_InitSlot(PK11SlotInfo *slot, secuPWData *slotPw)
-{
- SECStatus rv;
-
- /* New databases, initialize keydb password. */
- if (PK11_NeedUserInit(slot)) {
- rv = SECU_ChangePW(slot,
- (slotPw->source == PW_PLAINTEXT) ? slotPw->data : 0,
- (slotPw->source == PW_FROMFILE) ? slotPw->data : 0);
- if (rv != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s: Failed to initialize slot \"%s\".\n",
- progName, PK11_GetSlotName(slot));
- return SECFailure;
- }
- }
-
- if (PK11_Authenticate(slot, PR_TRUE, slotPw) != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s: Failed to authenticate to PKCS11 slot.\n",
- progName);
- PORT_SetError(SEC_ERROR_USER_CANCELLED);
- pk12uErrno = PK12UERR_USER_CANCELLED;
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-/* !!! "kinda gross," said Tori. */
-static void
-p12u_EnableAllCiphers()
-{
- SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
- SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
- SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
- SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
- SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
- SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
-}
-
-/*
- * given a filename for pkcs12 file, imports certs and keys
- *
- * Change: altitude
- * I've changed this function so that it takes the keydb and pkcs12 file
- * passwords from files. The "pwdKeyDB" and "pwdP12File"
- * variables have been added for this purpose.
- */
-PRIntn
-P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
- secuPWData *slotPw, secuPWData *p12FilePw)
-{
- p12uContext *p12cxt = NULL, *tmpcxt = NULL;
- unsigned char inBuf[PKCS12_IN_BUFFER_SIZE];
- SEC_PKCS12DecoderContext *p12dcx = NULL;
- SECItem *pwitem = NULL, uniPwitem = {0, 0};
- SECStatus rv = SECFailure;
- PRBool swapUnicode = PR_FALSE;
- int error;
-
-#ifdef IS_LITTLE_ENDIAN
- swapUnicode = PR_TRUE;
-#endif
-
- rv = P12U_InitSlot(slot, slotPw);
- if (rv != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s: Failed to authenticate to \"%s\".\n",
- progName, PK11_GetSlotName(slot));
- pk12uErrno = PK12UERR_PK11GETSLOT;
- goto loser;
- }
-
- p12cxt = p12u_InitFile(PR_TRUE, in_file);
- if(!p12cxt) {
- printf("%s: Initialization failed: %s\n", progName, in_file);
- pk12uErrno = PK12UERR_INIT_FILE;
- goto loser;
- }
-
- /* get the password */
- pwitem = P12U_GetP12FilePassword(PR_FALSE, p12FilePw);
- if (!pwitem) {
- pk12uErrno = PK12UERR_USER_CANCELLED;
- goto loser;
- }
-
- if(P12U_UnicodeConversion(NULL, &uniPwitem, pwitem, PR_TRUE,
- swapUnicode) != SECSuccess) {
- printf("%s: Unicode conversion failed \n", progName);
- pk12uErrno = PK12UERR_UNICODECONV;
- goto loser;
- }
-
- tmpcxt = p12u_CreateTemporaryDigestFile();
- if(!tmpcxt) {
- printf("%s: Create Temporary digest file failed.\n", progName);
- pk12uErrno = PK12UERR_TMPDIGCREATE;
- goto loser;
- }
-
- /* init the decoder context */
- p12dcx = SEC_PKCS12DecoderStart(&uniPwitem, slot, NULL,
- p12u_DigestOpen, p12u_DigestClose,
- p12u_DigestRead, p12u_DigestWrite,
- tmpcxt);
- if(!p12dcx) {
- printf("%s: PKCS12 decoder start failed.\n", progName);
- pk12uErrno = PK12UERR_PK12DECODESTART;
- goto loser;
- }
-
- /* decode the item */
- while(PR_TRUE) {
-
- int readLen = p12u_ReadFromImportFile(p12cxt, inBuf,
- PKCS12_IN_BUFFER_SIZE);
- if(readLen < 0) {
- printf("%s: Reading from importfile failed\n", progName);
- pk12uErrno = PK12UERR_IMPORTFILEREAD;
- goto loser;
- }
-
- rv = SEC_PKCS12DecoderUpdate(p12dcx, inBuf, readLen);
- if(rv != SECSuccess || readLen != PKCS12_IN_BUFFER_SIZE) {
- break;
- }
- }
-
- if(rv != SECSuccess) {
- error = PR_GetError();
- if(error == SEC_ERROR_DECRYPTION_DISALLOWED) {
- PR_SetError(error, 0);
- goto loser;
- }
-#ifdef EXTRA
- /* unable to import as a new blob, it might be an old one */
- if(p12u_TryToImportOldPDU(p12cxt, pwitem, slot, import_arg->nickCb,
- import_arg->proto_win) != SECSuccess) {
- goto loser;
- }
- goto tried_pdu_import;
-#endif /* EXTRA */
- printf("%s: PKCS12 decoding failed.\n", progName);
- pk12uErrno = PK12UERR_DECODE;
- }
-
- rv = SECFailure;
-
- /* does the blob authenticate properly? */
- if(SEC_PKCS12DecoderVerify(p12dcx) != SECSuccess) {
- printf("%s: PKCS12 decode not verified\n", progName);
- pk12uErrno = PK12UERR_DECODEVERIFY;
- goto loser;
- }
-
- /* make sure the bags are okey dokey -- nicknames correct, etc. */
- if (SEC_PKCS12DecoderValidateBags(p12dcx, P12U_NicknameCollisionCallback)
- != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_PKCS12_DUPLICATE_DATA) {
- pk12uErrno = PK12UERR_CERTALREADYEXISTS;
- }
- printf("%s: PKCS12 decode validate bags failed.\n", progName);
- pk12uErrno = PK12UERR_DECODEVALIBAGS;
- goto loser;
- }
-
- /* stuff 'em in */
- if(SEC_PKCS12DecoderImportBags(p12dcx) != SECSuccess) {
- printf("%s: PKCS12 decode import bags failed.\n", progName);
- pk12uErrno = PK12UERR_DECODEIMPTBAGS;
- goto loser;
- }
-
-#if 0
- /* important - to add the password hash into the key database */
- rv = PK11_CheckUserPassword(slot, pw_string);
- if( rv != SECSuccess ) {
- printf("Failed to CheckUserPassword\n");
- exit(-1);
- }
-#endif
-
- PR_Close(p12cxt->file);
- p12cxt->file = NULL;
- PK11_FreeSlot(slot);
-
- rv = SECSuccess;
-
-loser:
- if (rv != SECSuccess) {
- /* pk12u_report_failure */
- } else {
- /* pk12u_report_success ? */
- }
-
- if (p12dcx) {
- SEC_PKCS12DecoderFinish(p12dcx);
- }
-
- p12u_DestroyExportFileInfo(&p12cxt, PR_FALSE);
-
- if (uniPwitem.data) {
- SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
- }
-
- if (pwitem) {
- SECITEM_ZfreeItem(pwitem, PR_TRUE);
- }
-
- return rv;
-}
-
-static void
-p12u_DoPKCS12ExportErrors()
-{
- int error_value;
-
- error_value = PORT_GetError();
- if ((error_value == SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY) ||
- (error_value == SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME) ||
- (error_value == SEC_ERROR_PKCS12_UNABLE_TO_WRITE)) {
- fprintf(stderr, SECU_ErrorStringRaw((int16)error_value));
- } else if(error_value == SEC_ERROR_USER_CANCELLED) {
- ;
- } else {
- fprintf(stderr, SECU_ErrorStringRaw(SEC_ERROR_EXPORTING_CERTIFICATES));
- }
-}
-
-static void
-p12u_WriteToExportFile(void *arg, const char *buf, unsigned long len)
-{
- p12uContext *p12cxt = arg;
- int writeLen;
-
- if(!p12cxt || (p12cxt->error == PR_TRUE)) {
- return;
- }
-
- if(p12cxt->file == NULL) {
- p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
- p12cxt->error = PR_TRUE;
- return;
- }
-
- writeLen = PR_Write(p12cxt->file, (unsigned char *)buf, (int32)len);
-
- if(writeLen != (int)len) {
- PR_Close(p12cxt->file);
- PR_Delete(p12cxt->filename);
- p12cxt->file = NULL;
- p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
- p12cxt->error = PR_TRUE;
- }
-}
-
-void
-P12U_ExportPKCS12Object(char *nn, char *outfile,
- secuPWData *slotPw, secuPWData *p12FilePw)
-{
- SEC_PKCS12ExportContext *p12ecx = NULL;
- SEC_PKCS12SafeInfo *keySafe = NULL, *certSafe = NULL;
- SECItem *pwitem = NULL;
- PK11SlotInfo *slot = NULL;
- p12uContext *p12cxt = NULL;
- CERTCertificate *cert;
-
- cert = PK11_FindCertFromNickname(nn, NULL);
- if(!cert) {
- printf("%s: find cert by nickname failed.\n", progName);
- pk12uErrno = PK12UERR_FINDCERTBYNN;
- return;
- }
-
- /* Password to use for PKCS12 file. */
- pwitem = P12U_GetP12FilePassword(PR_TRUE, p12FilePw);
- if(!pwitem) {
- goto loser;
- }
-
- p12ecx = SEC_PKCS12CreateExportContext(NULL, NULL, cert->slot, NULL);
- if(!p12ecx) {
- printf("%s: export context creation failed.\n", progName);
- pk12uErrno = PK12UERR_EXPORTCXCREATE;
- goto loser;
- }
-
- if(SEC_PKCS12AddPasswordIntegrity(p12ecx, pwitem, SEC_OID_SHA1)
- != SECSuccess) {
- printf("%s: PKCS12 add password integrity failed.\n", progName);
- pk12uErrno = PK12UERR_PK12ADDPWDINTEG;
- goto loser;
- }
-
- keySafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx);
- if(!SEC_PKCS12IsEncryptionAllowed() || PK11_IsFIPS()) {
- certSafe = keySafe;
- } else {
- certSafe = SEC_PKCS12CreatePasswordPrivSafe(p12ecx, pwitem,
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC);
- }
-
- if(!certSafe || !keySafe) {
- printf("%s: key or cert safe creation failed.\n", progName);
- pk12uErrno = PK12UERR_CERTKEYSAFE;
- goto loser;
- }
-
- if(SEC_PKCS12AddCertAndKey(p12ecx, certSafe, NULL, cert,
- CERT_GetDefaultCertDB(), keySafe, NULL, PR_TRUE, pwitem,
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC)
- != SECSuccess) {
- printf("%s: add cert and key failed.\n", progName);
- pk12uErrno = PK12UERR_ADDCERTKEY;
- goto loser;
- }
-
- p12cxt = p12u_InitFile(PR_FALSE, outfile);
- if(!p12cxt) {
- printf("%s: Initialization failed: %s\n", progName, outfile);
- pk12uErrno = PK12UERR_INIT_FILE;
- goto loser;
- }
-
- if(SEC_PKCS12Encode(p12ecx, p12u_WriteToExportFile, p12cxt)
- != SECSuccess) {
- printf("%s: PKCS12 encode failed.\n", progName);
- pk12uErrno = PK12UERR_ENCODE;
- goto loser;
- }
-
- p12u_DestroyExportFileInfo(&p12cxt, PR_FALSE);
- SECITEM_ZfreeItem(pwitem, PR_TRUE);
- CERT_DestroyCertificate(cert);
- if(slot) {
- PK11_FreeSlot(slot);
- }
-
- fprintf(stdout, "%s: PKCS12 EXPORT SUCCESSFUL\n", progName);
- SEC_PKCS12DestroyExportContext(p12ecx);
-
- return;
-
-loser:
- SEC_PKCS12DestroyExportContext(p12ecx);
-
- if (slotPw)
- PR_Free(slotPw->data);
-
- if (p12FilePw)
- PR_Free(p12FilePw->data);
-
- if(slot && (slot != cert->slot)) {
- PK11_FreeSlot(slot);
- }
- if(cert) {
- CERT_DestroyCertificate(cert);
- }
- p12u_DestroyExportFileInfo(&p12cxt, PR_TRUE);
- if(pwitem) {
- SECITEM_ZfreeItem(pwitem, PR_TRUE);
- }
- p12u_DoPKCS12ExportErrors();
- return;
-}
-
-static PRUintn
-P12U_Init()
-{
- PK11_SetPasswordFunc(SECU_GetModulePassword);
-
- PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
-
- /* needed for PK11_FindCertByNickname on internal token */
- SECU_OpenCertDB(PR_TRUE);
-
- /* enable all ciphers */
- p12u_EnableAllCiphers();
-
- /* setup unicode callback functions */
- PORT_SetUCS2_ASCIIConversionFunction(P12U_UCS2_ASCIIConversion);
-#ifdef nodef
- PORT_SetUCS4_UTF8ConversionFunction(P12U_UCS4_UTF8Conversion);
- PORT_SetUCS2_UTF8ConversionFunction(P12U_UCS2_UTF8Conversion);
-#endif
-
- return 0;
-}
-
-/*
- * Shutdown the security library.
- *
- * Currently closes the certificate and key databases.
- * XXX this should be handled elsewhere (NSS_Shutdown?)
- */
-void
-P12U_Shutdown(void)
-{
- CERTCertDBHandle *cdb_handle;
- SECKEYKeyDBHandle *kdb_handle;
-
- cdb_handle = CERT_GetDefaultCertDB();
- if (cdb_handle != NULL) {
- CERT_ClosePermCertDB(cdb_handle);
- }
-
- kdb_handle = SECKEY_GetDefaultKeyDB();
- if (kdb_handle != NULL) {
- SECKEY_CloseKeyDB(kdb_handle);
- }
-}
-
-enum {
- opt_CertDir = 0,
- opt_TokenName,
- opt_Import,
- opt_SlotPWFile,
- opt_SlotPW,
- opt_Mode,
- opt_Nickname,
- opt_Export,
- opt_P12FilePWFile,
- opt_P12FilePW
-};
-
-static secuCommandFlag pk12util_options[] =
-{
- { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
- { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE },
- { /* opt_Import */ 'i', PR_TRUE, 0, PR_FALSE },
- { /* opt_SlotPWFile */ 'k', PR_TRUE, 0, PR_FALSE },
- { /* opt_SlotPW */ 'K', PR_TRUE, 0, PR_FALSE },
- { /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE },
- { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
- { /* opt_Export */ 'o', PR_TRUE, 0, PR_FALSE },
- { /* opt_P12FilePWFile */ 'w', PR_TRUE, 0, PR_FALSE },
- { /* opt_P12FilePW */ 'W', PR_TRUE, 0, PR_FALSE }
-};
-
-int
-main(int argc, char **argv)
-{
- PRIntn ret = 0;
- secuPWData slotPw = { PW_NONE, NULL };
- secuPWData p12FilePw = { PW_NONE, NULL };
- PK11SlotInfo *slot;
- char *slotname = NULL;
- SECStatus rv;
-
- secuCommand pk12util;
- pk12util.numCommands = 0;
- pk12util.commands = 0;
- pk12util.numOptions = sizeof(pk12util_options) / sizeof(secuCommandFlag);
- pk12util.options = pk12util_options;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- rv = SECU_ParseCommandLine(argc, argv, progName, &pk12util);
-
- if (rv != SECSuccess)
- Usage(progName);
-
- if (pk12util.options[opt_Import].activated &&
- pk12util.options[opt_Export].activated) {
- Usage(progName);
- }
-
- if (pk12util.options[opt_Export].activated &&
- !pk12util.options[opt_Nickname].activated) {
- Usage(progName);
- }
-
- if (pk12util.options[opt_CertDir].activated)
- SECU_ConfigDirectory(pk12util.options[opt_CertDir].arg);
-
- slotname = SECU_GetOptionArg(&pk12util, opt_TokenName);
-
- if (pk12util.options[opt_P12FilePWFile].activated) {
- p12FilePw.source = PW_FROMFILE;
- p12FilePw.data = PL_strdup(pk12util.options[opt_P12FilePWFile].arg);
- }
-
- if (pk12util.options[opt_P12FilePW].activated) {
- p12FilePw.source = PW_PLAINTEXT;
- p12FilePw.data = PL_strdup(pk12util.options[opt_P12FilePW].arg);
- }
-
- if (pk12util.options[opt_SlotPWFile].activated) {
- slotPw.source = PW_FROMFILE;
- slotPw.data = PL_strdup(pk12util.options[opt_SlotPWFile].arg);
- }
-
- if (pk12util.options[opt_SlotPW].activated) {
- slotPw.source = PW_PLAINTEXT;
- slotPw.data = PL_strdup(pk12util.options[opt_SlotPW].arg);
- }
-
- P12U_Init();
-
- if (pk12util.options[opt_Import].activated) {
-
- if (!slotname || PL_strcmp(slotname, "internal") == 0)
- slot = PK11_GetInternalKeySlot();
- else
- slot = PK11_FindSlotByName(slotname);
-
- if (!slot) {
- PR_fprintf(PR_STDERR, "%s: Invalid slot \"%s\".\n",
- progName, slotname);
- goto done;
- }
-
- if ((ret = P12U_ImportPKCS12Object(pk12util.options[opt_Import].arg,
- slot, &slotPw, &p12FilePw)) != 0)
- goto done;
-
- } else if (pk12util.options[opt_Export].activated) {
-
- P12U_ExportPKCS12Object(pk12util.options[opt_Nickname].arg,
- pk12util.options[opt_Export].arg,
- &slotPw, &p12FilePw);
- } else {
- Usage(progName);
- pk12uErrno = PK12UERR_USAGE;
- }
-
-done:
- NSS_Shutdown();
- exit(pk12uErrno);
-}
diff --git a/security/nss/cmd/pk12util/pk12util.h b/security/nss/cmd/pk12util/pk12util.h
deleted file mode 100644
index 112f61c01..000000000
--- a/security/nss/cmd/pk12util/pk12util.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * ERROR codes in pk12util
- * - should be organized better later
- */
-#define PK12UERR_USER_CANCELLED 1
-#define PK12UERR_USAGE 2
-#define PK12UERR_CERTDB_OPEN 8
-#define PK12UERR_KEYDB_OPEN 9
-#define PK12UERR_INIT_FILE 10
-#define PK12UERR_UNICODECONV 11
-#define PK12UERR_TMPDIGCREATE 12
-#define PK12UERR_PK11GETSLOT 13
-#define PK12UERR_PK12DECODESTART 14
-#define PK12UERR_IMPORTFILEREAD 15
-#define PK12UERR_DECODE 16
-#define PK12UERR_DECODEVERIFY 17
-#define PK12UERR_DECODEVALIBAGS 18
-#define PK12UERR_DECODEIMPTBAGS 19
-#define PK12UERR_CERTALREADYEXISTS 20
-#define PK12UERR_PATCHDB 22
-#define PK12UERR_GETDEFCERTDB 23
-#define PK12UERR_FINDCERTBYNN 24
-#define PK12UERR_EXPORTCXCREATE 25
-#define PK12UERR_PK12ADDPWDINTEG 26
-#define PK12UERR_CERTKEYSAFE 27
-#define PK12UERR_ADDCERTKEY 28
-#define PK12UERR_ENCODE 29
-
-
-/* additions for importing and exporting PKCS 12 files */
-typedef struct p12uContextStr {
- char *filename; /* name of file */
- PRFileDesc *file; /* pointer to file */
- PRBool error; /* error occurred? */
- int errorValue; /* which error occurred? */
- SECItem *data;
-} p12uContext;
diff --git a/security/nss/cmd/platlibs.mk b/security/nss/cmd/platlibs.mk
deleted file mode 100644
index 63e206806..000000000
--- a/security/nss/cmd/platlibs.mk
+++ /dev/null
@@ -1,117 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-# can't do this in manifest.mn because OS_ARCH isn't defined there.
-ifeq ($(OS_ARCH), WINNT)
-
-# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
-ifdef MOZILLA_SECURITY_BUILD
- CRYPTOLIB=$(DIST)/lib/crypto.lib
-endif
-ifdef MOZILLA_BSAFE_BUILD
- CRYPTOLIB=$(DIST)/lib/bsafe41.lib
-endif
-
-EXTRA_LIBS += \
- $(DIST)/lib/smime.lib \
- $(DIST)/lib/ssl.lib \
- $(DIST)/lib/jar.lib \
- $(DIST)/lib/zlib.lib \
- $(DIST)/lib/nss.lib \
- $(DIST)/lib/ssl.lib \
- $(DIST)/lib/sectool.lib \
- $(DIST)/lib/pkcs7.lib \
- $(DIST)/lib/certhi.lib \
- $(DIST)/lib/cryptohi.lib \
- $(DIST)/lib/pk11wrap.lib \
- $(DIST)/lib/certdb.lib \
- $(DIST)/lib/softoken.lib \
- $(DIST)/lib/freebl.lib \
- $(CRYPTOLIB) \
- $(DIST)/lib/freebl.lib \
- $(DIST)/lib/swfci.lib \
- $(DIST)/lib/secutil.lib \
- $(DIST)/lib/dbm.lib \
- $(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4.lib \
- $(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4.lib \
- $(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.lib \
- $(NULL)
-
-# $(PROGRAM) has NO explicit dependencies on $(OS_LIBS)
-OS_LIBS += \
- wsock32.lib \
- winmm.lib \
- $(NULL)
-else
-
-# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
-ifdef MOZILLA_SECURITY_BUILD
- CRYPTOLIB=$(DIST)/lib/libcrypto.a
-endif
-ifdef MOZILLA_BSAFE_BUILD
- CRYPTOLIB=$(DIST)/lib/libbsafe.a
-endif
-EXTRA_LIBS += \
- $(DIST)/lib/libsmime.a \
- $(DIST)/lib/libssl.a \
- $(DIST)/lib/libjar.a \
- $(DIST)/lib/libzlib.a \
- $(DIST)/lib/libnss.a \
- $(DIST)/lib/libssl.a \
- $(DIST)/lib/libsectool.a \
- $(DIST)/lib/libpkcs7.a \
- $(DIST)/lib/libcerthi.a \
- $(DIST)/lib/libpk11wrap.a \
- $(DIST)/lib/libcryptohi.a \
- $(DIST)/lib/libcerthi.a \
- $(DIST)/lib/libpk11wrap.a \
- $(DIST)/lib/libsoftoken.a \
- $(DIST)/lib/libcertdb.a \
- $(DIST)/lib/libswfci.a \
- $(DIST)/lib/libfreebl.a \
- $(CRYPTOLIB) \
- $(DIST)/lib/libfreebl.a \
- $(DIST)/lib/libsecutil.a \
- $(DIST)/lib/libdbm.a \
- $(NULL)
-
-# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
-# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
-EXTRA_SHARED_LIBS += \
- -L$(DIST)/lib/ \
- -lplc4 \
- -lplds4 \
- -lnspr4 \
- $(NULL)
-endif
-
diff --git a/security/nss/cmd/platrules.mk b/security/nss/cmd/platrules.mk
deleted file mode 100644
index 5570b659b..000000000
--- a/security/nss/cmd/platrules.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-show:
- @echo "DEFINES = ${DEFINES}"
- @echo "EXTRA_LIBS = >$(EXTRA_LIBS)<"
- @echo "IMPORT_LIBRARY = $(IMPORT_LIBRARY)"
- @echo "LIBRARY = $(LIBRARY)"
- @echo "OBJS = $(OBJS)"
- @echo "OS_ARCH = $(OS_ARCH)"
- @echo "PROGRAM = >$(PROGRAM)<"
- @echo "PROGRAMS = $(PROGRAMS)"
- @echo "PURE_LIBRARY = $(PURE_LIBRARY)"
- @echo "SHARED_LIBRARY = $(SHARED_LIBRARY)"
- @echo "TARGETS = >$(TARGETS)<"
-
-showplatform:
- @echo $(PLATFORM)
diff --git a/security/nss/cmd/pp/Makefile b/security/nss/cmd/pp/Makefile
deleted file mode 100644
index 4e39ffc3f..000000000
--- a/security/nss/cmd/pp/Makefile
+++ /dev/null
@@ -1,75 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/pp/manifest.mn b/security/nss/cmd/pp/manifest.mn
deleted file mode 100644
index dc0da84f9..000000000
--- a/security/nss/cmd/pp/manifest.mn
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-REQUIRES = seccmd dbm
-
-DEFINES = -DNSPR20
-
-CSRCS = pp.c
-
-PROGRAM = pp
diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c
deleted file mode 100644
index f4d108d57..000000000
--- a/security/nss/cmd/pp/pp.c
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Pretty-print some well-known BER or DER encoded data (e.g. certificates,
- * keys, pkcs7)
- *
- * $Id$
- */
-
-#include "secutil.h"
-
-#if defined(__sun) && !defined(SVR4)
-extern int fprintf(FILE *, char *, ...);
-#endif
-
-#include "plgetopt.h"
-
-#include "pk11func.h"
-#include "nspr.h"
-
-static void Usage(char *progName)
-{
- fprintf(stderr,
- "Usage: %s -t type [-a] [-i input] [-o output]\n",
- progName);
- fprintf(stderr, "%-20s Specify the input type (must be one of %s,\n",
- "-t type", SEC_CT_PRIVATE_KEY);
- fprintf(stderr, "%-20s %s, %s, %s,\n", "", SEC_CT_PUBLIC_KEY,
- SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST);
- fprintf(stderr, "%-20s %s or %s)\n", "", SEC_CT_PKCS7, SEC_CT_CRL);
- fprintf(stderr, "%-20s Input is in ascii encoded form (RFC1113)\n",
- "-a");
- fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
- fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
- exit(-1);
-}
-
-int main(int argc, char **argv)
-{
- int rv, ascii;
- char *progName;
- FILE *outFile;
- PRFileDesc *inFile;
- SECItem der, data;
- char *typeTag;
- PLOptState *optstate;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- ascii = 0;
- inFile = 0;
- outFile = 0;
- typeTag = 0;
- optstate = PL_CreateOptState(argc, argv, "at:i:o:");
- while ( PL_GetNextOpt(optstate) == PL_OPT_OK ) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'a':
- ascii = 1;
- break;
-
- case 'i':
- inFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 't':
- typeTag = strdup(optstate->value);
- break;
- }
- }
-
- if (!typeTag) Usage(progName);
-
- if (!inFile) inFile = PR_STDIN;
- if (!outFile) outFile = stdout;
-
- PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
-
- rv = SECU_ReadDERFromFile(&der, inFile, ascii);
-
- /* Data is untyped, using the specified type */
- data.data = der.data;
- data.len = der.len;
-
- /* Pretty print it */
- if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) {
- rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0,
- SECU_PrintCertificate);
- } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) {
- rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0,
- SECU_PrintCertificateRequest);
- } else if (PORT_Strcmp (typeTag, SEC_CT_CRL) == 0) {
- rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl);
- } else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) {
- rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0);
- } else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) {
- rv = SECU_PrintPublicKey(outFile, &data, "Public Key", 0);
- } else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0) {
- rv = SECU_PrintPKCS7ContentInfo(outFile, &data,
- "PKCS #7 Content Info", 0);
- } else {
- fprintf(stderr, "%s: don't know how to print out '%s' files\n",
- progName, typeTag);
- return -1;
- }
-
- if (rv) {
- fprintf(stderr, "%s: problem converting data (%s)\n",
- progName, SECU_Strerror(PORT_GetError()));
- return -1;
- }
- return 0;
-}
diff --git a/security/nss/cmd/samples/cert b/security/nss/cmd/samples/cert
deleted file mode 100644
index 3f8ec48df..000000000
--- a/security/nss/cmd/samples/cert
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB7TCCAVYCAgMaMA0GCSqGSIb3DQEBBAUAMEcxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQLEwdUZXN0IENBMSYwJAYDVQQKEx1OZXRzY2FwZSBDb21tdW5pY2F0aW9ucyBD
-b3JwLjAeFw05NTEyMDgwMjQwMjdaFw05NjAzMDcwMjQwMjdaMDgxFjAUBgNVBAMT
-DURhdmlkIGthcmx0b24xETAPBgNVBAoTCE5ldHNjYXBlMQswCQYDVQQGEwJVUzCB
-nTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAltV2TH+QxqlgfUFk+UyiYAjByxrC
-dCSIa/FwRaPceLvE7ycD9L6AC4JA6k58E6ICsr/Y8TsXT4UmZhhLNc50VgSo8cGQ
-lajqIDvntq8M1uCXiVOnXmIAqoB6E8GiqW+9evOkgkumMksSwXiXAhMM7vJt3IU6
-b+FwdF5cRs0u1FUCAQMwDQYJKoZIhvcNAQEEBQADgYEAkFdr3ypcvI2+Xgwfp7+d
-YtN7w4UnQ7LR9FKmlnBauTVLmUtichn/O3WMT9cYTtZm5QQVRaE3qrGh0Nr6Ko1E
-nIHowd36TN45zkFraWoATfCV/f+P37WaADp20l2ryEY0Jpe4gnoeZ0+/ffoxyajC
-LZEJL6Dv2Ed83cebLjYxKsI=
-
------END CERTIFICATE-----
-
diff --git a/security/nss/cmd/samples/cert0 b/security/nss/cmd/samples/cert0
deleted file mode 100644
index 05cdc8553..000000000
--- a/security/nss/cmd/samples/cert0
+++ /dev/null
Binary files differ
diff --git a/security/nss/cmd/samples/cert1 b/security/nss/cmd/samples/cert1
deleted file mode 100644
index 38a7d299a..000000000
--- a/security/nss/cmd/samples/cert1
+++ /dev/null
Binary files differ
diff --git a/security/nss/cmd/samples/cert2 b/security/nss/cmd/samples/cert2
deleted file mode 100644
index 147c3eb9e..000000000
--- a/security/nss/cmd/samples/cert2
+++ /dev/null
Binary files differ
diff --git a/security/nss/cmd/samples/pkcs7.ber b/security/nss/cmd/samples/pkcs7.ber
deleted file mode 100644
index 6e3814c37..000000000
--- a/security/nss/cmd/samples/pkcs7.ber
+++ /dev/null
Binary files differ
diff --git a/security/nss/cmd/samples/pkcs7bday.ber b/security/nss/cmd/samples/pkcs7bday.ber
deleted file mode 100644
index 0ee6cfc13..000000000
--- a/security/nss/cmd/samples/pkcs7bday.ber
+++ /dev/null
Binary files differ
diff --git a/security/nss/cmd/samples/pkcs7cnet.ber b/security/nss/cmd/samples/pkcs7cnet.ber
deleted file mode 100644
index df2bb2dd1..000000000
--- a/security/nss/cmd/samples/pkcs7cnet.ber
+++ /dev/null
Binary files differ
diff --git a/security/nss/cmd/samples/pkcs7news.ber b/security/nss/cmd/samples/pkcs7news.ber
deleted file mode 100644
index c46a1786d..000000000
--- a/security/nss/cmd/samples/pkcs7news.ber
+++ /dev/null
Binary files differ
diff --git a/security/nss/cmd/samples/x509v3.der b/security/nss/cmd/samples/x509v3.der
deleted file mode 100644
index 1ada57c56..000000000
--- a/security/nss/cmd/samples/x509v3.der
+++ /dev/null
Binary files differ
diff --git a/security/nss/cmd/samples/x509v3.txt b/security/nss/cmd/samples/x509v3.txt
deleted file mode 100644
index dde307697..000000000
--- a/security/nss/cmd/samples/x509v3.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-MIIByzCCAXWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBLMQswCQYDVQQGEwJVUzEW
-MBQGA1UEChMNVmVyaVNpZ24gSW5jLjEUMBIGA1UECxMLRW5naW5lZXJpbmcxDjAM
-BgNVBAMTBUphc29uMB4XDTk1MDgwODA3MDAwMFoXDTk2MDgwNzA3MDAwMFowSzEL
-MAkGA1UEBhMCVVMxFjAUBgNVBAoTDVZlcmlTaWduIEluYy4xFDASBgNVBAsTC0Vu
-Z2luZWVyaW5nMQ4wDAYDVQQDEwVKYXNvbjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
-QQCvpXRU9t3NPFXvxJz2vuxX4zI55AA+xY1PsAEadhwWEMF2EnpG8woF4EGTwLdx
-xrw3Eirzu5RAAhqegCN1aPVBAgMBAAGjRDBCMBQGA2FiYwEB/wQKZXh0ZW5zaW9u
-MTAUBgNkZWYBAf8ECmV4dGVuc2lvbjIwFAYDZ2hpAQH/BApleHRlbnNpb24zMA0G
-CSqGSIb3DQEBBAUAA0EAawLNWFSYMtywAqkSYJb1gejljqi9QAtLZIM2ui+RCTP2
-jEjW5bp4oU1RX2iBSfU+MdEZx9DpMNjqBLrgOy1Djw==
diff --git a/security/nss/cmd/sdrtest/Makefile b/security/nss/cmd/sdrtest/Makefile
deleted file mode 100644
index 490f738e5..000000000
--- a/security/nss/cmd/sdrtest/Makefile
+++ /dev/null
@@ -1,73 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
diff --git a/security/nss/cmd/sdrtest/manifest.mn b/security/nss/cmd/sdrtest/manifest.mn
deleted file mode 100644
index 05e23b867..000000000
--- a/security/nss/cmd/sdrtest/manifest.mn
+++ /dev/null
@@ -1,52 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-CSRCS = \
- sdrtest.c \
- $(NULL)
-
-# headers for the MODULE (defined above) are implicitly required.
-REQUIRES = dbm seccmd
-
-# WINNT uses EXTRA_LIBS as the list of libs to link in.
-# Unix uses OS_LIBS for that purpose.
-# We can solve this via conditional makefile code, but
-# can't do this in manifest.mn because OS_ARCH isn't defined there.
-# So, look in the local Makefile for the defines for the list of libs.
-
-PROGRAM = sdrtest
diff --git a/security/nss/cmd/sdrtest/sdrtest.c b/security/nss/cmd/sdrtest/sdrtest.c
deleted file mode 100644
index 139593868..000000000
--- a/security/nss/cmd/sdrtest/sdrtest.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Test program for SDR (Secret Decoder Ring) functions.
- *
- * $Id$
- */
-
-#include "nspr.h"
-#include "string.h"
-#include "nss.h"
-#include "secutil.h"
-#include "cert.h"
-#include "pk11func.h"
-
-#include "plgetopt.h"
-#include "pk11sdr.h"
-
-#define DEFAULT_VALUE "Test"
-
-static void
-synopsis (char *program_name)
-{
- PRFileDesc *pr_stderr;
-
- pr_stderr = PR_STDERR;
- PR_fprintf (pr_stderr, "Usage:");
- PR_fprintf (pr_stderr,
- "\t%s [-i <input-file>] [-o <output-file>] [-r <text>] [-d <dir>]\n",
- program_name);
-}
-
-
-static void
-short_usage (char *program_name)
-{
- PR_fprintf (PR_STDERR,
- "Type %s -H for more detailed descriptions\n",
- program_name);
- synopsis (program_name);
-}
-
-
-static void
-long_usage (char *program_name)
-{
- PRFileDesc *pr_stderr;
-
- pr_stderr = PR_STDERR;
- synopsis (program_name);
- PR_fprintf (pr_stderr, "\nSecret Decoder Test:\n");
- PR_fprintf (pr_stderr,
- " %-13s Read encrypted data from \"file\"\n",
- "-i file");
- PR_fprintf (pr_stderr,
- " %-13s Write newly generated encrypted data to \"file\"\n",
- "-o file");
- PR_fprintf (pr_stderr,
- " %-13s Use \"text\" as the plaintext for encryption and verification\n",
- "-t text");
- PR_fprintf (pr_stderr,
- " %-13s Find security databases in \"dbdir\"\n",
- "-d dbdir");
-}
-
-int
-main (int argc, char **argv)
-{
- int retval = 0; /* 0 - test succeeded. -1 - test failed */
- SECStatus rv;
- CERTCertDBHandle *certHandle = NULL;
- PK11SlotInfo *slot = 0;
- PLOptState *optstate;
- char *program_name;
- const char *input_file = NULL; /* read encrypted data from here (or create) */
- const char *output_file = NULL; /* write new encrypted data here */
- const char *value = DEFAULT_VALUE; /* Use this for plaintext */
- SECItem data;
- SECItem result;
- SECItem text;
- PRBool verbose = PR_FALSE;
-
- result.data = 0;
- text.data = 0; text.len = 0;
-
- program_name = PL_strrchr(argv[0], '/');
- program_name = program_name ? (program_name + 1) : argv[0];
-
- optstate = PL_CreateOptState (argc, argv, "Hd:i:o:t:v");
- if (optstate == NULL) {
- SECU_PrintError (program_name, "PL_CreateOptState failed");
- return -1;
- }
-
- while (PL_GetNextOpt (optstate) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- short_usage (program_name);
- return retval;
-
- case 'H':
- long_usage (program_name);
- return retval;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'i':
- input_file = optstate->value;
- break;
-
- case 'o':
- output_file = optstate->value;
- break;
-
- case 't':
- value = optstate->value;
- break;
-
- case 'v':
- verbose = PR_TRUE;
- break;
- }
- }
-
- /*
- * Initialize the NSPR and Security libraries.
- */
- PK11_SetPasswordFunc(SECU_GetModulePassword);
-
- /* Initialize NSPR and NSS. */
- PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- certHandle = SECU_OpenCertDB(PR_FALSE);
- if (!certHandle) goto prdone;
-
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
-
- slot = PK11_GetInternalKeySlot();
- if (PK11_NeedUserInit(slot))
- {
- if (verbose) printf("Initializing new key database\n");
- PK11_InitPin(slot, 0, 0);
- }
-
- /* Convert value into an item */
- data.data = (unsigned char *)value;
- data.len = strlen(value);
-
- /* Get the encrypted result, either from the input file
- * or from encrypting the plaintext value
- */
- if (input_file)
- {
- PRFileDesc *file /* = PR_OpenFile(input_file, 0) */;
- PRFileInfo info;
- PRStatus s;
- PRInt32 count;
-
- if (verbose) printf("Reading data from %s\n", input_file);
-
- file = PR_Open(input_file, PR_RDONLY, 0);
- if (!file) {
- if (verbose) printf("Open of file failed\n");
- retval = -1;
- goto loser;
- }
-
- s = PR_GetOpenFileInfo(file, &info);
- if (s != PR_SUCCESS) {
- if (verbose) printf("File info operation failed\n");
- retval = -1;
- goto file_loser;
- }
-
- result.len = info.size;
- result.data = (unsigned char *)malloc(result.len);
- if (!result.data) {
- if (verbose) printf("Allocation of buffer failed\n");
- retval = -1;
- goto file_loser;
- }
-
- count = PR_Read(file, result.data, result.len);
- if (count != result.len) {
- if (verbose) printf("Read failed\n");
- retval = -1;
- goto file_loser;
- }
-
-file_loser:
- PR_Close(file);
- if (retval != 0) goto loser;
- }
- else
- {
- SECItem keyid = { 0, 0, 0 };
-
- rv = PK11SDR_Encrypt(&keyid, &data, &result, 0);
- if (rv != SECSuccess) {
- if (verbose) printf("Encrypt operation failed\n");
- retval = -1;
- goto loser;
- }
-
- if (verbose) printf("Encrypted result is %d bytes long\n", result.len);
-
- /* -v printf("Result is %.*s\n", text.len, text.data); */
- if (output_file)
- {
- PRFileDesc *file;
- PRInt32 count;
-
- if (verbose) printf("Writing result to %s\n", output_file);
-
- /* Write to file */
- file = PR_Open(output_file, PR_CREATE_FILE|PR_WRONLY, 0666);
- if (!file) {
- if (verbose) printf("Open of output file failed\n");
- retval = -1;
- goto loser;
- }
-
- count = PR_Write(file, result.data, result.len);
-
- PR_Close(file);
-
- if (count != result.len) {
- if (verbose) printf("Write failed\n");
- retval = -1;
- goto loser;
- }
- }
- }
-
- /* Decrypt the value */
- rv = PK11SDR_Decrypt(&result, &text, 0);
- if (rv != SECSuccess) {
- if (verbose) printf("Decrypt operation failed\n");
- retval = -1;
- goto loser;
- }
-
- if (verbose) printf("Decrypted result is %.*s\n", text.len, text.data);
-
- /* Compare to required value */
- if (text.len != data.len || memcmp(data.data, text.data, text.len) != 0)
- {
- if (verbose) printf("Comparison failed\n");
- retval = -1;
- goto loser;
- }
-
-loser:
- if (text.data) free(text.data);
- if (result.data) free(result.data);
- if (certHandle) CERT_ClosePermCertDB(certHandle);
- NSS_Shutdown();
-
-prdone:
- PR_Cleanup ();
- return retval;
-}
diff --git a/security/nss/cmd/selfserv/Makefile b/security/nss/cmd/selfserv/Makefile
deleted file mode 100644
index f2a407990..000000000
--- a/security/nss/cmd/selfserv/Makefile
+++ /dev/null
@@ -1,74 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/selfserv/makefile.win b/security/nss/cmd/selfserv/makefile.win
deleted file mode 100644
index 8fda0b906..000000000
--- a/security/nss/cmd/selfserv/makefile.win
+++ /dev/null
@@ -1,136 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-VERBOSE = 1
-include <manifest.mn>
-
-#cannot define PROGRAM in manifest compatibly with NT and UNIX
-PROGRAM = selfserv
-PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
-include <$(DEPTH)\config\config.mak>
-
-# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
-# rules.mak will append C_OBJS onto OBJS.
-# OBJS = $(CSRCS:.c=.obj)
-
-# include files are looked for in $LINCS and $INCS.
-# $LINCS is in manifest.mnw, computed from REQUIRES=
-INCS = $(INCS) \
- -I$(DEPTH)/security/lib/cert \
- -I../include \
- $(NULL)
-
-IGNORE_ME = \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
- $(NULL)
-
-
-WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
-
-# these files are the content of libdbm
-DBM_LIB = \
- $(WINFE)/DB.obj \
- $(WINFE)/HASH.obj \
- $(WINFE)/H_BIGKEY.obj \
- $(WINFE)/H_PAGE.obj \
- $(WINFE)/H_LOG2.obj \
- $(WINFE)/H_FUNC.obj \
- $(WINFE)/HASH_BUF.obj \
- $(NULL)
-
-MOZ_LIBS = \
- $(WINFE)/ALLXPSTR.obj \
- $(WINFE)/XP_ERROR.obj \
- $(WINFE)/XPASSERT.obj \
- $(WINFE)/XP_REG.obj \
- $(WINFE)/XP_TRACE.obj \
- $(DBM_LIB) \
- $(WINFE)/XP_STR.obj \
- $(WINFE)/MKTEMP.obj \
- $(NULL)
-
-IGNORE_ME2 = \
- $(WINFE)/feutil.obj \
- $(WINFE)/fenet.obj \
- $(WINFE)/fegui.obj \
- $(NULL)
-
-SEC_LIBS = \
- $(DIST)/lib/cert$(MOZ_BITS).lib \
- $(DIST)/lib/crypto$(MOZ_BITS).lib \
- $(DIST)/lib/hash$(MOZ_BITS).lib \
- $(DIST)/lib/key$(MOZ_BITS).lib \
- $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
- $(DIST)/lib/secmod$(MOZ_BITS).lib \
- $(DIST)/lib/secutl$(MOZ_BITS).lib \
- $(DIST)/lib/ssl$(MOZ_BITS).lib \
- $(NULL)
-
-LLFLAGS = $(LLFLAGS) \
- $(SEC_LIBS) \
- ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
- $(MOZ_LIBS) \
- $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
- $(LIBNSPR) \
- $(NULL)
-
-
-include <$(DEPTH)\config\rules.mak>
-
-INSTALL = $(MAKE_INSTALL)
-
-objs: $(OBJS)
-
-$(PROGRAM)::
- $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
-
-programs: $(PROGRAM)
-
-install:: $(TARGETS)
- $(INSTALL) $(TARGETS) $(DIST)/bin
-
-
-symbols:
- @echo "CSRCS = $(CSRCS)"
- @echo "INCS = $(INCS)"
- @echo "OBJS = $(OBJS)"
- @echo "LIBRARY = $(LIBRARY)"
- @echo "PROGRAM = $(PROGRAM)"
- @echo "TARGETS = $(TARGETS)"
- @echo "DIST = $(DIST)"
- @echo "VERSION_NUMBER = $(VERSION_NUMBER)"
- @echo "WINFE = $(WINFE)"
- @echo "DBM_LIB = $(DBM_LIB)"
- @echo "INSTALL = $(INSTALL)"
-
diff --git a/security/nss/cmd/selfserv/manifest.mn b/security/nss/cmd/selfserv/manifest.mn
deleted file mode 100644
index f8050ed9e..000000000
--- a/security/nss/cmd/selfserv/manifest.mn
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-DEFINES += -DNSPR20
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-CSRCS = selfserv.c
-
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = seccmd dbm
-
-PROGRAM = selfserv
-
diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c
deleted file mode 100644
index f5fb03312..000000000
--- a/security/nss/cmd/selfserv/selfserv.c
+++ /dev/null
@@ -1,1305 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/* -r flag is interepreted as follows:
- * 1 -r means request, not require, on initial handshake.
- * 2 -r's mean request and require, on initial handshake.
- * 3 -r's mean request, not require, on second handshake.
- * 4 -r's mean request and require, on second handshake.
- */
-#include <stdio.h>
-#include <string.h>
-
-#include "secutil.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#include <stdlib.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-
-#include "nspr.h"
-#include "prio.h"
-#include "prerror.h"
-#include "prnetdb.h"
-#include "plgetopt.h"
-#include "pk11func.h"
-#include "secitem.h"
-#include "nss.h"
-#include "ssl.h"
-#include "sslproto.h"
-
-#ifndef PORT_Sprintf
-#define PORT_Sprintf sprintf
-#endif
-
-#ifndef PORT_Strstr
-#define PORT_Strstr strstr
-#endif
-
-#ifndef PORT_Malloc
-#define PORT_Malloc PR_Malloc
-#endif
-
-int cipherSuites[] = {
- SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
- SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,
- SSL_RSA_WITH_RC4_128_MD5,
- SSL_RSA_WITH_3DES_EDE_CBC_SHA,
- SSL_RSA_WITH_DES_CBC_SHA,
- SSL_RSA_EXPORT_WITH_RC4_40_MD5,
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
- SSL_FORTEZZA_DMS_WITH_NULL_SHA,
- SSL_RSA_WITH_NULL_MD5,
- 0
-};
-
-int ssl2CipherSuites[] = {
- SSL_EN_RC4_128_WITH_MD5, /* A */
- SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */
- SSL_EN_RC2_128_CBC_WITH_MD5, /* C */
- SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
- SSL_EN_DES_64_CBC_WITH_MD5, /* E */
- SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */
- 0
-};
-
-int ssl3CipherSuites[] = {
- SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
- SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
- SSL_RSA_WITH_RC4_128_MD5, /* c */
- SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
- SSL_RSA_WITH_DES_CBC_SHA, /* e */
- SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
- SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
- SSL_RSA_WITH_NULL_MD5, /* i */
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
- SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
- 0
-};
-
-int stopping;
-int verbose;
-SECItem bigBuf;
-
-/* Add custom password handler because SECU_GetModulePassword
- * makes automation of this program next to impossible.
- */
-
-char *
-ownPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
-{
- char * passwd = NULL;
-
- if ( (!retry) && arg ) {
- passwd = PL_strdup((char *)arg);
- }
-
- return passwd;
-}
-
-#define PRINTF if (verbose) printf
-#define FPRINTF if (verbose) fprintf
-#define FLUSH if (verbose) { fflush(stdout); fflush(stderr); }
-
-static void
-Usage(const char *progName)
-{
- fprintf(stderr,
-
-"Usage: %s -n rsa_nickname -p port [-3RTmrvx] [-w password]\n"
-" [-c ciphers] [-d dbdir] [-f fortezza_nickname] \n"
-"-3 means disable SSL v3\n"
-"-T means disable TLS\n"
-"-R means disable detection of rollback from TLS to SSL3\n"
-"-m means test the model-socket feature of SSL_ImportFD.\n"
-"-r flag is interepreted as follows:\n"
-" 1 -r means request, not require, cert on initial handshake.\n"
-" 2 -r's mean request and require, cert on initial handshake.\n"
-" 3 -r's mean request, not require, cert on second handshake.\n"
-" 4 -r's mean request and require, cert on second handshake.\n"
-"-v means verbose output\n"
-"-x means use export policy.\n"
-"-c ciphers Letter(s) chosen from the following list\n"
-"A SSL2 RC4 128 WITH MD5\n"
-"B SSL2 RC4 128 EXPORT40 WITH MD5\n"
-"C SSL2 RC2 128 CBC WITH MD5\n"
-"D SSL2 RC2 128 CBC EXPORT40 WITH MD5\n"
-"E SSL2 DES 64 CBC WITH MD5\n"
-"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
-"\n"
-"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n"
-"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n"
-"c SSL3 RSA WITH RC4 128 MD5\n"
-"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
-"e SSL3 RSA WITH DES CBC SHA\n"
-"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
-"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
-"h SSL3 FORTEZZA DMS WITH NULL SHA\n"
-"i SSL3 RSA WITH NULL MD5\n"
-"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
-"k SSL3 RSA FIPS WITH DES CBC SHA\n"
-"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
-"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n",
- progName);
- exit(1);
-}
-
-static void
-networkStart(void)
-{
-#if defined(XP_WIN) && !defined(NSPR20)
-
- WORD wVersionRequested;
- WSADATA wsaData;
- int err;
- wVersionRequested = MAKEWORD(1, 1);
-
- err = WSAStartup(wVersionRequested, &wsaData);
-
- if (err != 0) {
- /* Tell the user that we couldn't find a useable winsock.dll. */
- fputs("WSAStartup failed!\n", stderr);
- exit(1);
- }
-
-/* Confirm that the Windows Sockets DLL supports 1.1.*/
-/* Note that if the DLL supports versions greater */
-/* than 1.1 in addition to 1.1, it will still return */
-/* 1.1 in wVersion since that is the version we */
-/* requested. */
-
- if ( LOBYTE( wsaData.wVersion ) != 1 ||
- HIBYTE( wsaData.wVersion ) != 1 ) {
- /* Tell the user that we couldn't find a useable winsock.dll. */
- fputs("wrong winsock version\n", stderr);
- WSACleanup();
- exit(1);
- }
- /* The Windows Sockets DLL is acceptable. Proceed. */
-
-#endif
-}
-
-static void
-networkEnd(void)
-{
-#if defined(XP_WIN) && !defined(NSPR20)
- WSACleanup();
-#endif
-}
-
-static const char *
-errWarn(char * funcString)
-{
- PRErrorCode perr = PR_GetError();
- const char * errString = SECU_Strerror(perr);
-
- fprintf(stderr, "exit after %s with error %d:\n%s\n",
- funcString, perr, errString);
- return errString;
-}
-
-static void
-errExit(char * funcString)
-{
-#if defined (XP_WIN) && !defined(NSPR20)
- int err;
- LPVOID lpMsgBuf;
-
- err = WSAGetLastError();
-
- FormatMessage(
- FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
- NULL,
- err,
- MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
- (LPTSTR) &lpMsgBuf,
- 0,
- NULL
- );
-
- /* Display the string. */
- /*MessageBox( NULL, lpMsgBuf, "GetLastError", MB_OK|MB_ICONINFORMATION ); */
- fprintf(stderr, "%s\n", lpMsgBuf);
-
- /* Free the buffer. */
- LocalFree( lpMsgBuf );
-#endif
-
- errWarn(funcString);
- exit(1);
-}
-
-void
-disableSSL2Ciphers(void)
-{
- int i;
-
- /* disable all the SSL2 cipher suites */
- for (i = 0; ssl2CipherSuites[i] != 0; ++i) {
- SSL_EnableCipher(ssl2CipherSuites[i], SSL_NOT_ALLOWED);
- }
-}
-
-void
-disableSSL3Ciphers(void)
-{
- int i;
-
- /* disable all the SSL3 cipher suites */
- for (i = 0; ssl3CipherSuites[i] != 0; ++i) {
- SSL_EnableCipher(ssl3CipherSuites[i], SSL_NOT_ALLOWED);
- }
-}
-
-static int
-mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
- PRBool isServer)
-{
- SECStatus rv;
- CERTCertificate * peerCert;
-
- peerCert = SSL_PeerCertificate(fd);
-
- PRINTF("Subject: %s\nIssuer : %s\n",
- peerCert->subjectName, peerCert->issuerName);
-
- rv = SSL_AuthCertificate(arg, fd, checkSig, isServer);
-
- if (rv == SECSuccess) {
- fputs("-- SSL3: Certificate Validated.\n", stderr);
- } else {
- int err = PR_GetError();
- FPRINTF(stderr, "-- SSL3: Certificate Invalid, err %d.\n%s\n",
- err, SECU_Strerror(err));
- }
- FLUSH;
- return rv;
-}
-
-void printSecurityInfo(PRFileDesc *fd)
-{
- char * cp; /* bulk cipher name */
- char * ip; /* cert issuer DN */
- char * sp; /* cert subject DN */
- int op; /* High, Low, Off */
- int kp0; /* total key bits */
- int kp1; /* secret key bits */
- int result;
-
-/* statistics from ssl3_SendClientHello (sch) */
-extern long ssl3_sch_sid_cache_hits;
-extern long ssl3_sch_sid_cache_misses;
-extern long ssl3_sch_sid_cache_not_ok;
-
-/* statistics from ssl3_HandleServerHello (hsh) */
-extern long ssl3_hsh_sid_cache_hits;
-extern long ssl3_hsh_sid_cache_misses;
-extern long ssl3_hsh_sid_cache_not_ok;
-
-/* statistics from ssl3_HandleClientHello (hch) */
-extern long ssl3_hch_sid_cache_hits;
-extern long ssl3_hch_sid_cache_misses;
-extern long ssl3_hch_sid_cache_not_ok;
-
- result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
- if (result != SECSuccess)
- return;
- PRINTF("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
- "subject DN: %s\n"
- "issuer DN: %s\n", cp, kp1, kp0, op, sp, ip);
- PR_Free(cp);
- PR_Free(ip);
- PR_Free(sp);
-
- PRINTF("%ld cache hits; %ld cache misses, %ld cache not reusable\n",
- ssl3_hch_sid_cache_hits, ssl3_hch_sid_cache_misses,
- ssl3_hch_sid_cache_not_ok);
- FLUSH;
-
-}
-
-/**************************************************************************
-** Begin thread management routines and data.
-**************************************************************************/
-
-#define MAX_THREADS 32
-
-typedef int startFn(PRFileDesc *a, PRFileDesc *b, int c);
-
-PRLock * threadLock;
-PRCondVar * threadStartQ;
-PRCondVar * threadEndQ;
-
-int numUsed;
-int numRunning;
-
-typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState;
-
-typedef struct perThreadStr {
- PRFileDesc *a;
- PRFileDesc *b;
- int c;
- int rv;
- startFn * startFunc;
- PRThread * prThread;
- PRBool inUse;
- runState running;
-} perThread;
-
-perThread threads[MAX_THREADS];
-
-void
-thread_wrapper(void * arg)
-{
- perThread * slot = (perThread *)arg;
-
- /* wait for parent to finish launching us before proceeding. */
- PR_Lock(threadLock);
- PR_Unlock(threadLock);
-
- slot->rv = (* slot->startFunc)(slot->a, slot->b, slot->c);
-
- PR_Lock(threadLock);
- slot->running = rs_zombie;
-
- /* notify the thread exit handler. */
- PR_NotifyCondVar(threadEndQ);
-
- PR_Unlock(threadLock);
-}
-
-SECStatus
-launch_thread(
- startFn *startFunc,
- PRFileDesc *a,
- PRFileDesc *b,
- int c)
-{
- perThread * slot;
- int i;
-
- if (!threadStartQ) {
- threadLock = PR_NewLock();
- threadStartQ = PR_NewCondVar(threadLock);
- threadEndQ = PR_NewCondVar(threadLock);
- }
- PR_Lock(threadLock);
- while (numRunning >= MAX_THREADS) {
- PR_WaitCondVar(threadStartQ, PR_INTERVAL_NO_TIMEOUT);
- }
- for (i = 0; i < numUsed; ++i) {
- slot = threads + i;
- if (slot->running == rs_idle)
- break;
- }
- if (i >= numUsed) {
- if (i >= MAX_THREADS) {
- /* something's really wrong here. */
- PORT_Assert(i < MAX_THREADS);
- PR_Unlock(threadLock);
- return SECFailure;
- }
- ++numUsed;
- PORT_Assert(numUsed == i + 1);
- slot = threads + i;
- }
-
- slot->a = a;
- slot->b = b;
- slot->c = c;
-
- slot->startFunc = startFunc;
-
- slot->prThread = PR_CreateThread(PR_USER_THREAD,
- thread_wrapper, slot,
- PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
- PR_JOINABLE_THREAD, 0);
- if (slot->prThread == NULL) {
- PR_Unlock(threadLock);
- printf("Failed to launch thread!\n");
- return SECFailure;
- }
-
- slot->inUse = 1;
- slot->running = 1;
- ++numRunning;
- PR_Unlock(threadLock);
- PRINTF("Launched thread in slot %d \n", i);
- FLUSH;
-
- return SECSuccess;
-}
-
-int
-reap_threads(void)
-{
- perThread * slot;
- int i;
-
- if (!threadLock)
- return 0;
- PR_Lock(threadLock);
- while (numRunning > 0) {
- PR_WaitCondVar(threadEndQ, PR_INTERVAL_NO_TIMEOUT);
- for (i = 0; i < numUsed; ++i) {
- slot = threads + i;
- if (slot->running == rs_zombie) {
- /* Handle cleanup of thread here. */
- PRINTF("Thread in slot %d returned %d\n", i, slot->rv);
-
- /* Now make sure the thread has ended OK. */
- PR_JoinThread(slot->prThread);
- slot->running = rs_idle;
- --numRunning;
-
- /* notify the thread launcher. */
- PR_NotifyCondVar(threadStartQ);
- }
- }
- }
-
- /* Safety Sam sez: make sure count is right. */
- for (i = 0; i < numUsed; ++i) {
- slot = threads + i;
- if (slot->running != rs_idle) {
- FPRINTF(stderr, "Thread in slot %d is in state %d!\n",
- i, slot->running);
- }
- }
- PR_Unlock(threadLock);
- FLUSH;
- return 0;
-}
-
-void
-destroy_thread_data(void)
-{
- PORT_Memset(threads, 0, sizeof threads);
-
- if (threadEndQ) {
- PR_DestroyCondVar(threadEndQ);
- threadEndQ = NULL;
- }
- if (threadStartQ) {
- PR_DestroyCondVar(threadStartQ);
- threadStartQ = NULL;
- }
- if (threadLock) {
- PR_DestroyLock(threadLock);
- threadLock = NULL;
- }
-}
-
-/**************************************************************************
-** End thread management routines.
-**************************************************************************/
-
-PRBool useModelSocket = PR_FALSE;
-PRBool disableSSL3 = PR_FALSE;
-PRBool disableTLS = PR_FALSE;
-PRBool disableRollBack = PR_FALSE;
-
-static const char stopCmd[] = { "GET /stop " };
-static const char outHeader[] = {
- "HTTP/1.0 200 OK\r\n"
- "Server: Generic Web Server\r\n"
- "Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n"
- "Content-type: text/plain\r\n"
- "\r\n"
-};
-
-struct lockedVarsStr {
- PRLock * lock;
- int count;
- int waiters;
- PRCondVar * condVar;
-};
-
-typedef struct lockedVarsStr lockedVars;
-
-void
-lockedVars_Init( lockedVars * lv)
-{
- lv->count = 0;
- lv->waiters = 0;
- lv->lock = PR_NewLock();
- lv->condVar = PR_NewCondVar(lv->lock);
-}
-
-void
-lockedVars_Destroy( lockedVars * lv)
-{
- PR_DestroyCondVar(lv->condVar);
- lv->condVar = NULL;
-
- PR_DestroyLock(lv->lock);
- lv->lock = NULL;
-}
-
-void
-lockedVars_WaitForDone(lockedVars * lv)
-{
- PR_Lock(lv->lock);
- while (lv->count > 0) {
- PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
- }
- PR_Unlock(lv->lock);
-}
-
-int /* returns count */
-lockedVars_AddToCount(lockedVars * lv, int addend)
-{
- int rv;
-
- PR_Lock(lv->lock);
- rv = lv->count += addend;
- if (rv <= 0) {
- PR_NotifyCondVar(lv->condVar);
- }
- PR_Unlock(lv->lock);
- return rv;
-}
-
-int
-do_writes(
- PRFileDesc * ssl_sock,
- PRFileDesc * model_sock,
- int requestCert
- )
-{
- int sent = 0;
- int count = 0;
- lockedVars * lv = (lockedVars *)model_sock;
-
- while (sent < bigBuf.len) {
-
- count = PR_Write(ssl_sock, bigBuf.data + sent, bigBuf.len - sent);
- if (count < 0) {
- errWarn("PR_Write bigBuf");
- break;
- }
- FPRINTF(stderr, "PR_Write wrote %d bytes from bigBuf\n", count );
- sent += count;
- }
- if (count >= 0) { /* last write didn't fail. */
- PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND);
- }
-
- /* notify the reader that we're done. */
- lockedVars_AddToCount(lv, -1);
- FLUSH;
- return (sent < bigBuf.len) ? SECFailure : SECSuccess;
-}
-
-int
-handle_fdx_connection(
- PRFileDesc * tcp_sock,
- PRFileDesc * model_sock,
- int requestCert
- )
-{
- PRFileDesc * ssl_sock = NULL;
- SECStatus result;
- int firstTime = 1;
- lockedVars lv;
- PRSocketOptionData opt;
- char buf[10240];
-
- opt.option = PR_SockOpt_Nonblocking;
- opt.value.non_blocking = PR_FALSE;
- PR_SetSocketOption(tcp_sock, &opt);
-
- if (useModelSocket && model_sock) {
- SECStatus rv;
- ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
- if (!ssl_sock) {
- errWarn("SSL_ImportFD with model");
- goto cleanup;
- }
- rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 1);
- if (rv != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- goto cleanup;
- }
- } else {
- ssl_sock = tcp_sock;
- }
-
- lockedVars_Init(&lv);
- lockedVars_AddToCount(&lv, 1);
-
- /* Attempt to launch the writer thread. */
- result = launch_thread(do_writes, ssl_sock, (PRFileDesc *)&lv,
- requestCert);
-
- if (result == SECSuccess)
- do {
- /* do reads here. */
- int count;
- count = PR_Read(ssl_sock, buf, sizeof buf);
- if (count < 0) {
- errWarn("FDX PR_Read");
- break;
- }
- FPRINTF(stderr, "FDX PR_Read read %d bytes.\n", count );
- if (firstTime) {
- firstTime = 0;
- printSecurityInfo(ssl_sock);
- }
- } while (lockedVars_AddToCount(&lv, 0) > 0);
-
- /* Wait for writer to finish */
- lockedVars_WaitForDone(&lv);
- lockedVars_Destroy(&lv);
- FLUSH;
-
-cleanup:
- if (ssl_sock)
- PR_Close(ssl_sock);
- else
- PR_Close(tcp_sock);
-
- return SECSuccess;
-}
-
-int
-handle_connection(
- PRFileDesc *tcp_sock,
- PRFileDesc *model_sock,
- int requestCert
- )
-{
- PRFileDesc * ssl_sock = NULL;
- char * post;
- char * pBuf; /* unused space at end of buf */
- const char * errString;
- PRStatus status;
- int bufRem; /* unused bytes at end of buf */
- int bufDat; /* characters received in buf */
- int newln = 0; /* # of consecutive newlns */
- int i;
- int rv;
- PRSocketOptionData opt;
- char msgBuf[120];
- char buf[10240];
-
- pBuf = buf;
- bufRem = sizeof buf;
- memset(buf, 0, sizeof buf);
-
- opt.option = PR_SockOpt_Nonblocking;
- opt.value.non_blocking = PR_FALSE;
- PR_SetSocketOption(tcp_sock, &opt);
-
- if (useModelSocket && model_sock) {
- SECStatus rv;
- ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
- if (!ssl_sock) {
- errWarn("SSL_ImportFD with model");
- goto cleanup;
- }
- rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 1);
- if (rv != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- goto cleanup;
- }
- } else {
- ssl_sock = tcp_sock;
- }
-
- while (1) {
- newln = 0;
- i = 0;
- rv = PR_Read(ssl_sock, pBuf, bufRem);
- if (rv == 0) {
- break;
- }
- if (rv < 0) {
- errWarn("HDX PR_Read");
- goto cleanup;
- }
-
- pBuf += rv;
- bufRem -= rv;
- bufDat = pBuf - buf;
- /* Parse the input, starting at the beginning of the buffer.
- * Stop when we detect two consecutive \n's (or \r\n's)
- * as this signifies the end of the GET or POST portion.
- * The posted data follows.
- */
- while (i < bufDat && newln < 2) {
- int octet = buf[i++];
- if (octet == '\n') {
- newln++;
- } else if (octet != '\r') {
- newln = 0;
- }
- }
-
- /* came to the end of the buffer, or second newln
- * If we didn't get an empty line (CRLFCRLF) then keep on reading.
- */
- if (newln < 2)
- continue;
-
- /* we're at the end of the HTTP request.
- * If the request is a POST, then there will be one more
- * line of data.
- * This parsing is a hack, but ok for SSL test purposes.
- */
- post = PORT_Strstr(buf, "POST ");
- if (!post || *post != 'P')
- break;
-
- /* It's a post, so look for the next and final CR/LF. */
- /* We should parse content length here, but ... */
- while (i < bufDat && newln < 3) {
- int octet = buf[i++];
- if (octet == '\n') {
- newln++;
- }
- }
- if (newln == 3)
- break;
- }
-
- bufDat = pBuf - buf;
- if (bufDat) do { /* just close if no data */
- /* Have either (a) a complete get, (b) a complete post, (c) EOF */
- if (i > 0 && !strncmp(buf, stopCmd, 4)) {
- PRFileDesc *local_file_fd = NULL;
- PRInt32 bytes;
- char * pSave;
- PRFileInfo info;
- char saveChar;
- /* try to open the file named.
- * If succesful, then write it to the client.
- */
- pSave = strpbrk(buf + 4, " \r\n");
- if (pSave) {
- saveChar = *pSave;
- *pSave = 0;
- }
- status = PR_GetFileInfo(buf + 4, &info);
- if (status == PR_SUCCESS &&
- info.type == PR_FILE_FILE &&
- info.size >= 0 &&
- NULL != (local_file_fd = PR_Open(buf + 4, PR_RDONLY, 0))) {
-
- bytes = PR_TransmitFile(ssl_sock, local_file_fd, outHeader,
- sizeof outHeader - 1,
- PR_TRANSMITFILE_KEEP_OPEN,
- PR_INTERVAL_NO_TIMEOUT);
- if (bytes < 0) {
- errString = errWarn("PR_TransmitFile");
- i = PORT_Strlen(errString);
- PORT_Memcpy(buf, errString, i);
- goto send_answer;
- } else {
- bytes -= sizeof outHeader - 1;
- FPRINTF(stderr,
- "PR_TransmitFile wrote %d bytes from %s\n",
- bytes, buf + 4);
- }
- PR_Close(local_file_fd);
- break;
- }
- /* file didn't open. */
- if (pSave) {
- *pSave = saveChar; /* put it back. */
- }
- }
-send_answer:
- /* if user has requested client auth in a subsequent handshake,
- * do it here.
- */
- if (requestCert > 2) { /* request cert was 3 or 4 */
- CERTCertificate * cert = SSL_PeerCertificate(ssl_sock);
- if (cert) {
- CERT_DestroyCertificate(cert);
- } else {
- rv = SSL_Enable(ssl_sock, SSL_REQUEST_CERTIFICATE, 1);
- if (rv < 0) {
- errWarn("second SSL_Enable SSL_REQUEST_CERTIFICATE");
- break;
- }
- rv = SSL_Enable(ssl_sock, SSL_REQUIRE_CERTIFICATE,
- (requestCert == 4));
- if (rv < 0) {
- errWarn("second SSL_Enable SSL_REQUIRE_CERTIFICATE");
- break;
- }
- rv = SSL_RedoHandshake(ssl_sock);
- if (rv != 0) {
- errWarn("SSL_RedoHandshake");
- break;
- }
- rv = SSL_ForceHandshake(ssl_sock);
- if (rv < 0) {
- errWarn("SSL_ForceHandshake");
- break;
- }
- }
- }
-
- rv = PR_Write(ssl_sock, outHeader, (sizeof(outHeader)) - 1);
- if (rv < 0) {
- errWarn("PR_Write");
- break;
- }
- if (i <= 0) { /* hit eof */
- PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n",
- bufDat);
- rv = PR_Write(ssl_sock, msgBuf, PORT_Strlen(msgBuf));
- if (rv < 0) {
- errWarn("PR_Write");
- break;
- }
- } else {
- /* fwrite(buf, 1, i, stdout); /* display it */
- rv = PR_Write(ssl_sock, buf, i);
- if (rv < 0) {
- errWarn("PR_Write");
- break;
- }
- printSecurityInfo(ssl_sock);
- if (i < bufDat) {
- PORT_Sprintf(buf, "Discarded %d characters.\r\n", rv - i);
- rv = PR_Write(ssl_sock, buf, PORT_Strlen(buf));
- if (rv < 0) {
- errWarn("PR_Write");
- break;
- }
- }
- }
- rv = PR_Write(ssl_sock, "EOF\r\n\r\n\r\n", 9);
- if (rv < 0) {
- errWarn("PR_Write");
- break;
- }
- } while (0);
-
-cleanup:
- PR_Close(ssl_sock);
-
- /* do a nice shutdown if asked. */
- if (!strncmp(buf, stopCmd, strlen(stopCmd))) {
- stopping = 1;
-/* return SECFailure; */
- }
- return SECSuccess; /* success */
-}
-
-int
-do_accepts(
- PRFileDesc *listen_sock,
- PRFileDesc *model_sock,
- int requestCert
- )
-{
- PRNetAddr addr;
-
- while (!stopping) {
- PRFileDesc *tcp_sock;
- SECStatus result;
-
- FPRINTF(stderr, "\n\n\nAbout to call accept.\n");
- tcp_sock = PR_Accept(listen_sock, &addr, PR_INTERVAL_NO_TIMEOUT);
- if (tcp_sock == NULL) {
- errWarn("PR_Accept");
- break;
- }
-
- if (bigBuf.data != NULL)
- result = launch_thread(handle_fdx_connection, tcp_sock, model_sock, requestCert);
- else
- result = launch_thread(handle_connection, tcp_sock, model_sock, requestCert);
-
- if (result != SECSuccess) {
- PR_Close(tcp_sock);
- break;
- }
- }
-
- fprintf(stderr, "Closing listen socket.\n");
- PR_Close(listen_sock);
- return SECSuccess;
-}
-
-void
-server_main(
- unsigned short port,
- int requestCert,
- SECKEYPrivateKey ** privKey,
- CERTCertificate ** cert)
-{
- PRFileDesc *listen_sock;
- PRFileDesc *model_sock = NULL;
- int rv;
- SSLKEAType kea;
- PRNetAddr addr;
- SECStatus secStatus;
- PRSocketOptionData opt;
-
- networkStart();
-
- addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
-
- /* all suites except RSA_NULL_MD5 are enabled by default */
-
- listen_sock = PR_NewTCPSocket();
- if (listen_sock == NULL) {
- errExit("PR_NewTCPSocket");
- }
-
- opt.option = PR_SockOpt_Nonblocking;
- opt.value.non_blocking = PR_FALSE;
- PR_SetSocketOption(listen_sock, &opt);
-
- opt.option=PR_SockOpt_Reuseaddr;
- opt.value.reuse_addr = PR_TRUE;
- PR_SetSocketOption(listen_sock, &opt);
-
- if (useModelSocket) {
- model_sock = PR_NewTCPSocket();
- if (model_sock == NULL) {
- errExit("PR_NewTCPSocket on model socket");
- }
- model_sock = SSL_ImportFD(NULL, model_sock);
- if (model_sock == NULL) {
- errExit("SSL_ImportFD");
- }
- } else {
- model_sock = listen_sock = SSL_ImportFD(NULL, listen_sock);
- if (listen_sock == NULL) {
- errExit("SSL_ImportFD");
- }
- }
-
- /* do SSL configuration. */
-
-#if 0
- /* This is supposed to be true by default.
- ** Setting it explicitly should not be necessary.
- ** Let's test and make sure that's true.
- */
- rv = SSL_Enable(model_sock, SSL_SECURITY, 1);
- if (rv < 0) {
- errExit("SSL_Enable SSL_SECURITY");
- }
-#endif
-
- rv = SSL_Enable(model_sock, SSL_ENABLE_SSL3, !disableSSL3);
- if (rv != SECSuccess) {
- errExit("error enabling SSLv3 ");
- }
-
- rv = SSL_Enable(model_sock, SSL_ENABLE_TLS, !disableTLS);
- if (rv != SECSuccess) {
- errExit("error enabling TLS ");
- }
-
- rv = SSL_Enable(model_sock, SSL_ROLLBACK_DETECTION, !disableRollBack);
- if (rv != SECSuccess) {
- errExit("error enabling RollBack detection ");
- }
-
- for (kea = kt_rsa; kea < kt_kea_size; kea++) {
- if (cert[kea] != NULL) {
- secStatus = SSL_ConfigSecureServer(model_sock,
- cert[kea], privKey[kea], kea);
- if (secStatus != SECSuccess)
- errExit("SSL_ConfigSecureServer");
- }
- }
-
- if (bigBuf.data) { /* doing FDX */
- rv = SSL_Enable(model_sock, SSL_ENABLE_FDX, 1);
- if (rv < 0) {
- errExit("SSL_Enable SSL_ENABLE_FDX");
- }
- }
-
- /* This cipher is not on by default. The Acceptance test
- * would like it to be. Turn this cipher on.
- */
-
- secStatus = SSL_EnableCipher( SSL_RSA_WITH_NULL_MD5, PR_TRUE);
- if ( secStatus != SECSuccess ) {
- errExit("SSL_EnableCipher:SSL_RSA_WITH_NULL_MD5");
- }
-
-
- if (requestCert) {
- SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
- (void *)CERT_GetDefaultCertDB());
- if (requestCert <= 2) {
- rv = SSL_Enable(model_sock, SSL_REQUEST_CERTIFICATE, 1);
- if (rv < 0) {
- errExit("first SSL_Enable SSL_REQUEST_CERTIFICATE");
- }
- rv = SSL_Enable(model_sock, SSL_REQUIRE_CERTIFICATE,
- (requestCert == 2));
- if (rv < 0) {
- errExit("first SSL_Enable SSL_REQUIRE_CERTIFICATE");
- }
- }
- }
- /* end of ssl configuration. */
-
-
- rv = PR_Bind(listen_sock, &addr);
- if (rv < 0) {
- errExit("PR_Bind");
- }
-
- rv = PR_Listen(listen_sock, 5);
- if (rv < 0) {
- errExit("PR_Listen");
- }
-
- rv = launch_thread(do_accepts, listen_sock, model_sock, requestCert);
- if (rv != SECSuccess) {
- PR_Close(listen_sock);
- } else {
- reap_threads();
- destroy_thread_data();
- }
-
- if (useModelSocket && model_sock) {
- PR_Close(model_sock);
- }
-
- networkEnd();
-}
-
-SECStatus
-readBigFile(const char * fileName)
-{
- PRFileInfo info;
- PRStatus status;
- SECStatus rv = SECFailure;
- int count;
- int hdrLen;
- PRFileDesc *local_file_fd = NULL;
-
- status = PR_GetFileInfo(fileName, &info);
-
- if (status == PR_SUCCESS &&
- info.type == PR_FILE_FILE &&
- info.size > 0 &&
- NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) {
-
- hdrLen = PORT_Strlen(outHeader);
- bigBuf.len = hdrLen + info.size;
- bigBuf.data = PORT_Malloc(bigBuf.len + 4095);
- if (!bigBuf.data) {
- errWarn("PORT_Malloc");
- goto done;
- }
-
- PORT_Memcpy(bigBuf.data, outHeader, hdrLen);
-
- count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size);
- if (count != info.size) {
- errWarn("PR_Read local file");
- goto done;
- }
- rv = SECSuccess;
-done:
- PR_Close(local_file_fd);
- }
- return rv;
-}
-
-int
-main(int argc, char **argv)
-{
- char * progName = NULL;
- char * nickName = NULL;
- char * fNickName = NULL;
- char * fileName = NULL;
- char * cipherString= NULL;
- char * dir = ".";
- char * passwd = NULL;
- char * tmp;
- CERTCertificate * cert [kt_kea_size] = { NULL };
- SECKEYPrivateKey * privKey[kt_kea_size] = { NULL };
- int requestCert = 0;
- unsigned short port = 0;
- SECStatus rv;
- PRBool useExportPolicy = PR_FALSE;
- PLOptState *optstate;
-
- tmp = strrchr(argv[0], '/');
- tmp = tmp ? tmp + 1 : argv[0];
- progName = strrchr(tmp, '\\');
- progName = progName ? progName + 1 : tmp;
-
- optstate = PL_CreateOptState(argc, argv, "RT2:3c:d:p:mn:f:rvw:x");
- while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
- switch(optstate->option) {
- default:
- case '?': Usage(progName); break;
-
- case '2': fileName = optstate->value; break;
-
- case '3': disableSSL3 = PR_TRUE; break;
-
- case 'R': disableRollBack = PR_TRUE; break;
-
- case 'T': disableTLS = PR_TRUE; break;
-
- case 'c': cipherString = strdup(optstate->value); break;
-
- case 'd': dir = optstate->value; break;
-
- case 'f': fNickName = optstate->value; break;
-
- case 'm': useModelSocket = PR_TRUE; break;
-
- case 'n': nickName = optstate->value; break;
-
- case 'p': port = PORT_Atoi(optstate->value); break;
-
- case 'r': ++requestCert; break;
-
- case 'v': verbose++; break;
-
- case 'w': passwd = optstate->value; break;
-
- case 'x': useExportPolicy = PR_TRUE; break;
- }
- }
-
- if ((nickName == NULL) && (fNickName == NULL))
- Usage(progName);
-
- if (port == 0)
- Usage(progName);
-
- /* Call the NSPR initialization routines */
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
- if (fileName)
- readBigFile(fileName);
-
- /* set our password function */
- PK11_SetPasswordFunc( passwd ? ownPasswd : SECU_GetModulePassword);
-
- /* Call the libsec initialization routines */
- rv = NSS_Init(dir);
- if (rv != SECSuccess) {
- fputs("NSS_Init failed.\n", stderr);
- exit(1);
- }
-
- /* set the policy bits true for all the cipher suites. */
- if (useExportPolicy)
- NSS_SetExportPolicy();
- else
- NSS_SetDomesticPolicy();
-
- /* all the SSL2 and SSL3 cipher suites are enabled by default. */
- if (cipherString) {
- int ndx;
-
- /* disable all the ciphers, then enable the ones we want. */
- disableSSL2Ciphers();
- disableSSL3Ciphers();
-
- while (0 != (ndx = *cipherString++)) {
- int *cptr;
- int cipher;
-
- if (! isalpha(ndx))
- Usage(progName);
- cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
- for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
- /* do nothing */;
- if (cipher) {
- SECStatus status;
- status = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
- if (status != SECSuccess)
- SECU_PrintError(progName, "SSL_CipherPrefSet()");
- }
- }
- }
-
- if (nickName) {
-
- cert[kt_rsa] = PK11_FindCertFromNickname(nickName, passwd);
- if (cert[kt_rsa] == NULL) {
- fprintf(stderr, "Can't find certificate %s\n", nickName);
- exit(1);
- }
-
- privKey[kt_rsa] = PK11_FindKeyByAnyCert(cert[kt_rsa], passwd);
- if (privKey[kt_rsa] == NULL) {
- fprintf(stderr, "Can't find Private Key for cert %s\n", nickName);
- exit(1);
- }
-
- }
- if (fNickName) {
- cert[kt_fortezza] = PK11_FindCertFromNickname(fNickName, NULL);
- if (cert[kt_fortezza] == NULL) {
- fprintf(stderr, "Can't find certificate %s\n", fNickName);
- exit(1);
- }
-
- privKey[kt_fortezza] = PK11_FindKeyByAnyCert(cert[kt_fortezza], NULL);
- }
-
- rv = SSL_ConfigMPServerSIDCache(256, 0, 0, NULL);
- if (rv != SECSuccess) {
- errExit("SSL_ConfigMPServerSIDCache");
- }
-
- server_main(port, requestCert, privKey, cert);
-
- NSS_Shutdown();
- PR_Cleanup();
- return 0;
-}
-
diff --git a/security/nss/cmd/signtool/Makefile b/security/nss/cmd/signtool/Makefile
deleted file mode 100644
index 966fafd6f..000000000
--- a/security/nss/cmd/signtool/Makefile
+++ /dev/null
@@ -1,89 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include $(CORE_DEPTH)/security/cmd/platlibs.mk
-
-# can't do this in manifest.mn because OS_ARCH isn't defined there.
-ifeq ($(OS_ARCH), WINNT)
-
-EXTRA_LIBS = \
- $(DIST)/lib/jar.lib \
- $(DIST)/lib/zlib.lib \
- $(NULL)
-
-#OS_LIBS += \
-# wsock32.lib \
-# winmm.lib \
-# $(NULL)
-else
-
-EXTRA_LIBS += \
- $(DIST)/lib/libjar.a \
- $(DIST)/lib/libzlib.a \
- $(NULL)
-endif
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
diff --git a/security/nss/cmd/signtool/README b/security/nss/cmd/signtool/README
deleted file mode 100644
index 2bdb705c7..000000000
--- a/security/nss/cmd/signtool/README
+++ /dev/null
@@ -1,119 +0,0 @@
- Signing Tool (signtool)
- 1.3 Release Notes
- ========================================
-
-Documentation is provided online at mozilla.org
-
-Problems or questions not covered by the online documentation can be
-discussed in the DevEdge Security Newsgroup.
-
-=== New Features in 1.3
-=======================
-
-The security library components have been upgraded to utilize NSS_2_7_1_RTM.
-This means that the maximum RSA keysize now supported should be 4096 bits.
-
-=== Zigbert 0.6 Support
-=======================
-This program was previously named Zigbert. The last version of zigbert
-was Zigbert 0.6. Because all the functionality of Zigbert is maintained in
-signtool 1.2, Zigbert is no longer supported. If you have problems
-using Zigbert, please upgrade to signtool 1.2.
-
-=== New Features in 1.2
-=======================
-
-Certificate Generation Improvements
------------------------------------
-Two new options have been added to control generation of self-signed object
-signing certificates with the -G option. The -s option takes the size (in bits)
-of the generated RSA private key. The -t option takes the name of the PKCS #11
-token on which to generate the keypair and install the certificate. Both
-options are optional. By default, the private key is 1024 bits and is generated
-on the internal software token.
-
-
-=== New Features in 1.1
-=======================
-
-File I/O
---------
-Signtool can now read its options from a command file specified with the -f
-option on the command line. The format for the file is described in the
-documentation.
-Error messages and informational output can be redirected to an output file
-by supplying the "--outfile" option on the command line or the "outfile="
-option in the command file.
-
-New Options
------------
-"--norecurse" tells Signtool not to recurse into subdirectories when signing
-directories or parsing HTML with the -J option.
-"--leavearc" tells Signtool not to delete the temporary .arc directories
-produced by the -J option. This can aid debugging.
-"--verbosity" tells Signtool how much information to display. 0 is the
-default. -1 suppresses most messages, except for errors.
-
-=== Bug Fixes in 1.1
-====================
-
--J option revamped
-------------------
-The -J option, which parses HTML files, extracts Java and Javascript code,
-and stores them in signed JAR files, has been re-implemented. Several bugs
-have been fixed:
-- CODEBASE attribute is no longer ignored
-- CLASS and SRC attributes can be be paths ("xxx/xxx/x.class") rather than
- just filenames ("x.class").
-- LINK tags are handled correctly
-- various HTML parsing bugs fixed
-- error messages are more informative
-
-No Password on Key Database
----------------------------
-If you had not yet set a Communicator password (which locks key3.db, the
-key database), signtool would fail with a cryptic error message whenever it
-attempted to verify the password. Now this condition is detected at the
-beginning of the program, and a more informative message is displayed.
-
--x and -e Options
------------------
-Previously, only one of each of these options could be specified on the command
-line. Now arbitrarily many can be specified. For example, to sign only files
-with .class or .js extensions, the arguments "-eclass -ejs" could both be
-specified. To exclude the directories "subdir1" and "subdir2" from signing,
-the arguments "-x subdir1 -x subdir2" could both be specified.
-
-New Features in 1.0
-===================
-
-Creation of JAR files
-----------------------
-The -Z option causes signtool to output a JAR file formed by storing the
-signed archive in ZIP format. This eliminates the need to use a separate ZIP
-utility. The -c option specifies the compression level of the resulting
-JAR file.
-
-Generation of Object-Signing Certificates and Keys
---------------------------------------------------
-The -G option will create a new, self-signed object-signing certificate
-which can be used for testing purposes. The generated certificate and
-associated public and private keys will be installed in the cert7.db and
-key3.db files in the directory specified with the -d option (unless the key
-is generated on an external token using the -t option). On Unix systems,
-if no directory is specified, the user's Netscape directory (~/.netscape)
-will be used. In addition, the certificate is output in X509 format to the
-files x509.raw and x509.cacert in the current directory. x509.cacert can
-be published on a web page and imported into browsers that visit that page.
-
-Extraction and Signing of JavaScript from HTML
-----------------------------------------------
-The -J option activates the same functionality provided by the signpages
-Perl script. It will parse a directory of html files, creating archives
-of the JavaScript called from the HTML. These archives are then signed and
-made into JAR files.
-
-Enhanced Smart Card Support
----------------------------
-Certificates that reside on smart cards are displayed when using the -L and
--l options.
diff --git a/security/nss/cmd/signtool/README.TXT b/security/nss/cmd/signtool/README.TXT
deleted file mode 100644
index db79ec992..000000000
--- a/security/nss/cmd/signtool/README.TXT
+++ /dev/null
@@ -1,119 +0,0 @@
- Signing Tool (signtool)
- 1.3 Release Notes
- ========================================
-
-Documentation is provided online at mozilla.org
-
-Problems or questions not covered by the online documentation can be
-discussed in the DevEdge Security Newsgroup.
-
-=== New Features in 1.3
-=======================
-
-The security library components have been upgraded to utilize NSS_2_7_1_RTM.
-This means that the maximum RSA keysize now supported should be 4096 bits.
-
-=== Zigbert 0.6 Support
-=======================
-This program was previously named Zigbert. The last version of zigbert
-was Zigbert 0.6. Because all the functionality of Zigbert is maintained in
-signtool 1.2, Zigbert is no longer supported. If you have problems
-using Zigbert, please upgrade to signtool 1.2.
-
-=== New Features in 1.2
-=======================
-
-Certificate Generation Improvements
------------------------------------
-Two new options have been added to control generation of self-signed object
-signing certificates with the -G option. The -s option takes the size (in bits)
-of the generated RSA private key. The -t option takes the name of the PKCS #11
-token on which to generate the keypair and install the certificate. Both
-options are optional. By default, the private key is 1024 bits and is generated
-on the internal software token.
-
-
-=== New Features in 1.1
-=======================
-
-File I/O
---------
-Signtool can now read its options from a command file specified with the -f
-option on the command line. The format for the file is described in the
-documentation.
-Error messages and informational output can be redirected to an output file
-by supplying the "--outfile" option on the command line or the "outfile="
-option in the command file.
-
-New Options
------------
-"--norecurse" tells Signtool not to recurse into subdirectories when signing
-directories or parsing HTML with the -J option.
-"--leavearc" tells Signtool not to delete the temporary .arc directories
-produced by the -J option. This can aid debugging.
-"--verbosity" tells Signtool how much information to display. 0 is the
-default. -1 suppresses most messages, except for errors.
-
-=== Bug Fixes in 1.1
-====================
-
--J option revamped
-------------------
-The -J option, which parses HTML files, extracts Java and Javascript code,
-and stores them in signed JAR files, has been re-implemented. Several bugs
-have been fixed:
-- CODEBASE attribute is no longer ignored
-- CLASS and SRC attributes can be be paths ("xxx/xxx/x.class") rather than
- just filenames ("x.class").
-- LINK tags are handled correctly
-- various HTML parsing bugs fixed
-- error messages are more informative
-
-No Password on Key Database
----------------------------
-If you had not yet set a Communicator password (which locks key3.db, the
-key database), signtool would fail with a cryptic error message whenever it
-attempted to verify the password. Now this condition is detected at the
-beginning of the program, and a more informative message is displayed.
-
--x and -e Options
------------------
-Previously, only one of each of these options could be specified on the command
-line. Now arbitrarily many can be specified. For example, to sign only files
-with .class or .js extensions, the arguments "-eclass -ejs" could both be
-specified. To exclude the directories "subdir1" and "subdir2" from signing,
-the arguments "-x subdir1 -x subdir2" could both be specified.
-
-New Features in 1.0
-===================
-
-Creation of JAR files
-----------------------
-The -Z option causes signtool to output a JAR file formed by storing the
-signed archive in ZIP format. This eliminates the need to use a separate ZIP
-utility. The -c option specifies the compression level of the resulting
-JAR file.
-
-Generation of Object-Signing Certificates and Keys
---------------------------------------------------
-The -G option will create a new, self-signed object-signing certificate
-which can be used for testing purposes. The generated certificate and
-associated public and private keys will be installed in the cert7.db and
-key3.db files in the directory specified with the -d option (unless the key
-is generated on an external token using the -t option). On Unix systems,
-if no directory is specified, the user's Netscape directory (~/.netscape)
-will be used. In addition, the certificate is output in X509 format to the
-files x509.raw and x509.cacert in the current directory. x509.cacert can
-be published on a web page and imported into browsers that visit that page.
-
-Extraction and Signing of JavaScript from HTML
-----------------------------------------------
-The -J option activates the same functionality provided by the signpages
-Perl script. It will parse a directory of html files, creating archives
-of the JavaScript called from the HTML. These archives are then signed and
-made into JAR files.
-
-Enhanced Smart Card Support
----------------------------
-Certificates that reside on smart cards are displayed when using the -L and
--l options.
diff --git a/security/nss/cmd/signtool/certgen.c b/security/nss/cmd/signtool/certgen.c
deleted file mode 100644
index 4adb1930c..000000000
--- a/security/nss/cmd/signtool/certgen.c
+++ /dev/null
@@ -1,728 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "signtool.h"
-
-#include "cdbhdl.h"
-#include "secoid.h"
-#include "cryptohi.h"
-#include "certdb.h"
-
-static char* GetSubjectFromUser(unsigned long serial);
-static CERTCertificate* GenerateSelfSignedObjectSigningCert(char *nickname,
- CERTCertDBHandle *db, char *subject, unsigned long serial, int keysize,
- char *token);
-static SECStatus ChangeTrustAttributes(CERTCertDBHandle *db,
- CERTCertificate *cert, char *trusts);
-static SECStatus set_cert_type(CERTCertificate *cert, unsigned int type);
-static SECItem *sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk);
-static CERTCertificate* install_cert(CERTCertDBHandle *db, PK11SlotInfo *slot,
- SECItem *derCert, char *nickname);
-static SECStatus GenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk,
- SECKEYPrivateKey **privk, int keysize);
-static CERTCertificateRequest* make_cert_request(char *subject,
- SECKEYPublicKey *pubk);
-static CERTCertificate * make_cert(CERTCertificateRequest *req,
- unsigned long serial, CERTName *ca_subject);
-static void output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db);
-
-
-/***********************************************************************
- *
- * G e n e r a t e C e r t
- *
- * Runs the whole process of creating a new cert, getting info from the
- * user, etc.
- */
-void
-GenerateCert(char *nickname, int keysize, char *token)
-{
- CERTCertDBHandle *db;
- CERTCertificate *cert;
- char *subject;
- unsigned long serial;
- char stdinbuf[160];
-
- /* Print warning about having the browser open */
- PR_fprintf(PR_STDOUT /*always go to console*/,
-"\nWARNING: Performing this operation while the browser is running could cause"
-"\ncorruption of your security databases. If the browser is currently running,"
-"\nyou should exit the browser before continuing this operation. Enter "
-"\n\"y\" to continue, or anything else to abort: ");
- pr_fgets(stdinbuf, 160, PR_STDIN);
- PR_fprintf(PR_STDOUT, "\n");
- if(tolower(stdinbuf[0]) != 'y') {
- PR_fprintf(errorFD, "Operation aborted at user's request.\n");
- errorCount++;
- return;
- }
-
- db = OpenCertDB(PR_FALSE /*readOnly*/);
- if(!db) {
- FatalError("Unable to open certificate database");
- }
-
- if(PK11_FindCertFromNickname(nickname, NULL)) {
- PR_fprintf(errorFD,
-"ERROR: Certificate with nickname \"%s\" already exists in database. You\n"
-"must choose a different nickname.\n", nickname);
- errorCount++;
- exit(ERRX);
- }
-
- LL_L2UI(serial, PR_Now());
-
- subject = GetSubjectFromUser(serial);
-
- cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject,
- serial, keysize, token);
-
- if(cert) {
- output_ca_cert(cert, db);
- }
-
- PORT_Free(subject);
-}
-
-#undef VERBOSE_PROMPTS
-
-/*********************************************************************8
- * G e t S u b j e c t F r o m U s e r
- *
- * Construct the subject information line for a certificate by querying
- * the user on stdin.
- */
-static char*
-GetSubjectFromUser(unsigned long serial)
-{
- char buf[STDIN_BUF_SIZE];
- char common_name_buf[STDIN_BUF_SIZE];
- char *common_name, *state, *orgunit, *country, *org, *locality;
- char *email, *uid;
- char *subject;
- char *cp;
- int subjectlen=0;
-
- common_name = state = orgunit = country = org = locality = email =
- uid = subject = NULL;
-
- /* Get subject information */
- PR_fprintf(PR_STDOUT,
-"\nEnter certificate information. All fields are optional. Acceptable\n"
-"characters are numbers, letters, spaces, and apostrophes.\n");
-
-#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nCOMMON NAME\n"
-"Enter the full name you want to give your certificate. (Example: Test-Only\n"
-"Object Signing Certificate)\n"
-"-->");
-#else
- PR_fprintf(PR_STDOUT, "certificate common name: ");
-#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if(*cp == '\0') {
- sprintf(common_name_buf, "%s (%lu)", DEFAULT_COMMON_NAME, serial);
- cp = common_name_buf;
- }
- common_name = PORT_ZAlloc(strlen(cp) + 6);
- if(!common_name) {out_of_memory();}
- sprintf(common_name, "CN=%s, ", cp);
- subjectlen += strlen(common_name);
-
-#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nORGANIZATION NAME\n"
-"Enter the name of your organization. For example, this could be the name\n"
-"of your company.\n"
-"-->");
-#else
- PR_fprintf(PR_STDOUT, "organization: ");
-#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if(*cp != '\0') {
- org = PORT_ZAlloc(strlen(cp) + 5);
- if(!org) {out_of_memory();}
- sprintf(org, "O=%s, ", cp);
- subjectlen += strlen(org);
- }
-
-#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nORGANIZATION UNIT\n"
-"Enter the name of your organization unit. For example, this could be the\n"
-"name of your department.\n"
-"-->");
-#else
- PR_fprintf(PR_STDOUT, "organization unit: ");
-#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if(*cp != '\0') {
- orgunit = PORT_ZAlloc(strlen(cp)+6);
- if(!orgunit) {out_of_memory();}
- sprintf(orgunit, "OU=%s, ", cp);
- subjectlen += strlen(orgunit);
- }
-
-#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nSTATE\n"
-"Enter the name of your state or province.\n"
-"-->");
-#else
- PR_fprintf(PR_STDOUT, "state or province: ");
-#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if(*cp != '\0') {
- state = PORT_ZAlloc(strlen(cp)+6);
- if(!state) {out_of_memory();}
- sprintf(state, "ST=%s, ", cp);
- subjectlen += strlen(state);
- }
-
-#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nCOUNTRY\n"
-"Enter the 2-character abbreviation for the name of your country.\n"
-"-->");
-#else
- PR_fprintf(PR_STDOUT, "country (must be exactly 2 characters): ");
-#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(cp);
- if(strlen(cp) != 2) {
- *cp = '\0'; /* country code must be 2 chars */
- }
- if(*cp != '\0') {
- country = PORT_ZAlloc(strlen(cp)+5);
- if(!country) {out_of_memory();}
- sprintf(country, "C=%s, ", cp);
- subjectlen += strlen(country);
- }
-
-#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nUSERNAME\n"
-"Enter your system username or UID\n"
-"-->");
-#else
- PR_fprintf(PR_STDOUT, "username: ");
-#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if(*cp != '\0') {
- uid = PORT_ZAlloc(strlen(cp)+7);
- if(!uid) {out_of_memory();}
- sprintf(uid, "UID=%s, ", cp);
- subjectlen += strlen(uid);
- }
-
-#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nEMAIL ADDRESS\n"
-"Enter your email address.\n"
-"-->");
-#else
- PR_fprintf(PR_STDOUT, "email address: ");
-#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if(*cp != '\0') {
- email = PORT_ZAlloc(strlen(cp)+5);
- if(!email) {out_of_memory();}
- sprintf(email, "E=%s,", cp);
- subjectlen += strlen(email);
- }
-
- subjectlen++;
-
- subject = PORT_ZAlloc(subjectlen);
- if(!subject) {out_of_memory();}
-
- sprintf(subject, "%s%s%s%s%s%s%s",
- common_name ? common_name : "",
- org ? org : "",
- orgunit ? orgunit : "",
- state ? state : "",
- country ? country : "",
- uid ? uid : "",
- email ? email : ""
- );
- if( (strlen(subject) > 1) && (subject[strlen(subject)-1] == ' ') ) {
- subject[strlen(subject)-2] = '\0';
- }
-
- PORT_Free(common_name);
- PORT_Free(org);
- PORT_Free(orgunit);
- PORT_Free(state);
- PORT_Free(country);
- PORT_Free(uid);
- PORT_Free(email);
-
- return subject;
-}
-
-/**************************************************************************
- *
- * G e n e r a t e S e l f S i g n e d O b j e c t S i g n i n g C e r t
- * *phew*^
- *
- */
-static CERTCertificate*
-GenerateSelfSignedObjectSigningCert(char *nickname, CERTCertDBHandle *db,
- char *subject, unsigned long serial, int keysize, char *token)
-{
- CERTCertificate *cert, *temp_cert;
- SECItem *derCert;
- CERTCertificateRequest *req;
-
- PK11SlotInfo *slot = NULL;
- SECKEYPrivateKey *privk = NULL;
- SECKEYPublicKey *pubk = NULL;
-
- if( token ) {
- slot = PK11_FindSlotByName(token);
- } else {
- slot = PK11_GetInternalKeySlot();
- }
-
- if (slot == NULL) {
- PR_fprintf(errorFD, "Can't find PKCS11 slot %s\n",
- token ? token : "");
- errorCount++;
- exit (ERRX);
- }
-
- if( GenerateKeyPair(slot, &pubk, &privk, keysize) != SECSuccess) {
- FatalError("Error generating keypair.");
- }
- req = make_cert_request (subject, pubk);
- temp_cert = make_cert (req, serial, &req->subject);
- if(set_cert_type(temp_cert,
- NS_CERT_TYPE_OBJECT_SIGNING | NS_CERT_TYPE_OBJECT_SIGNING_CA)
- != SECSuccess) {
- FatalError("Unable to set cert type");
- }
-
- derCert = sign_cert (temp_cert, privk);
- cert = install_cert(db, slot, derCert, nickname);
- if(ChangeTrustAttributes(db, cert, ",,uC") != SECSuccess) {
- FatalError("Unable to change trust on generated certificate");
- }
-
- /* !!! Free memory ? !!! */
- PK11_FreeSlot(slot);
-
- return cert;
-}
-
-/**************************************************************************
- *
- * C h a n g e T r u s t A t t r i b u t e s
- */
-static SECStatus
-ChangeTrustAttributes(CERTCertDBHandle *db, CERTCertificate *cert, char *trusts)
-{
-
- CERTCertTrust *trust;
-
- if(!db || !cert || !trusts) {
- PR_fprintf(errorFD,"ChangeTrustAttributes got incomplete arguments.\n");
- errorCount++;
- return SECFailure;
- }
-
- trust = (CERTCertTrust*) PORT_ZAlloc(sizeof(CERTCertTrust));
- if(!trust) {
- PR_fprintf(errorFD, "ChangeTrustAttributes unable to allocate "
- "CERTCertTrust\n");
- errorCount++;
- return SECFailure;
- }
-
- if( CERT_DecodeTrustString(trust, trusts) ) {
- return SECFailure;
- }
-
- if( CERT_ChangeCertTrust(db, cert, trust) ) {
- PR_fprintf(errorFD, "unable to modify trust attributes for cert %s\n",
- cert->nickname ? cert->nickname : "");
- errorCount++;
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-/*************************************************************************
- *
- * s e t _ c e r t _ t y p e
- */
-static SECStatus
-set_cert_type(CERTCertificate *cert, unsigned int type)
-{
- void *context;
- SECStatus status = SECSuccess;
- SECItem certType;
- char ctype;
-
- context = CERT_StartCertExtensions(cert);
-
- certType.type = siBuffer;
- certType.data = (unsigned char*) &ctype;
- certType.len = 1;
- ctype = (unsigned char)type;
- if(CERT_EncodeAndAddBitStrExtension(context, SEC_OID_NS_CERT_EXT_CERT_TYPE,
- &certType, PR_TRUE /*critical*/) != SECSuccess) {
- status = SECFailure;
- }
-
- if(CERT_FinishExtensions(context) != SECSuccess) {
- status = SECFailure;
- }
-
- return status;
-}
-
-/********************************************************************
- *
- * s i g n _ c e r t
- */
-static SECItem *
-sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk)
-{
- SECStatus rv;
-
- SECItem der2;
- SECItem *result2;
-
- void *dummy;
- SECOidTag alg;
-
- switch (privk->keyType)
- {
- case rsaKey:
- alg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
- break;
-
- case dsaKey:
- alg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- break;
- default:
- FatalError("Unknown key type");
- }
-
- rv = SECOID_SetAlgorithmID (cert->arena, &cert->signature, alg, 0);
-
- if (rv != SECSuccess)
- {
- PR_fprintf(errorFD, "%s: unable to set signature alg id\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- der2.len = 0;
- der2.data = NULL;
-
- dummy = SEC_ASN1EncodeItem
- (cert->arena, &der2, cert, CERT_CertificateTemplate);
-
- if (rv != SECSuccess)
- {
- PR_fprintf(errorFD, "%s: error encoding cert\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- result2 = (SECItem *) PORT_ArenaZAlloc (cert->arena, sizeof (SECItem));
- if (result2 == NULL)
- out_of_memory();
-
- rv = SEC_DerSignData
- (cert->arena, result2, der2.data, der2.len, privk, alg);
-
- if (rv != SECSuccess)
- {
- PR_fprintf(errorFD, "can't sign encoded certificate data\n");
- errorCount++;
- exit (ERRX);
- }
- else if(verbosity >= 0) {
- PR_fprintf(outputFD, "certificate has been signed\n");
- }
-
- cert->derCert = *result2;
-
- return result2;
-}
-
-/*********************************************************************
- *
- * i n s t a l l _ c e r t
- *
- * Installs the cert in the permanent database.
- */
-static CERTCertificate*
-install_cert(CERTCertDBHandle *db, PK11SlotInfo *slot, SECItem *derCert,
- char *nickname)
-{
- CERTCertificate *newcert;
- CERTCertTrust trust;
- PK11SlotInfo *newSlot;
-
- newcert = CERT_NewTempCertificate(db, derCert, NULL,
- /*isperm*/ PR_FALSE, /*copyDER*/ PR_TRUE);
-
- if (newcert == NULL) {
- PR_fprintf(errorFD, "%s: can't create new certificate\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- newSlot = PK11_ImportCertForKey(newcert, nickname, NULL /*wincx*/);
- if( slot == NULL ) {
- PR_fprintf(errorFD, "Unable to install certificate\n");
- errorCount++;
- exit(ERRX);
- }
-
- PORT_Memset ((void *) &trust, 0, sizeof(trust));
- trust.objectSigningFlags |= CERTDB_USER;
-
- if( newSlot == PK11_GetInternalKeySlot() ) {
- /* newcert is now a permanent cert */
- if( CERT_ChangeCertTrust(db, newcert, &trust) != SECSuccess) {
- PR_fprintf(errorFD,
- "Failed to change trust of generated certificate\n");
- errorCount++;
- exit(ERRX);
- }
- } else {
- if (CERT_AddTempCertToPerm (newcert, nickname, &trust) != SECSuccess) {
- PR_fprintf(errorFD, "%s: Failure adding \"%s\" certificate to "
- "permanent DB\n", PROGRAM_NAME, nickname);
- errorCount++;
- exit (ERRX);
- }
- }
-
- if(verbosity >= 0){
- PR_fprintf(outputFD, "certificate \"%s\" added to database\n", nickname);
- }
-
- return newcert;
-}
-
-/******************************************************************
- *
- * G e n e r a t e K e y P a i r
- */
-static SECStatus
-GenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk,
- SECKEYPrivateKey **privk, int keysize)
-{
-
- PK11RSAGenParams rsaParams;
-
- if( keysize == -1 ) {
- rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
- } else {
- rsaParams.keySizeInBits = keysize;
- }
- rsaParams.pe = 0x10001;
-
- if(PK11_Authenticate( slot, PR_FALSE /*loadCerts*/, NULL /*wincx*/)
- != SECSuccess) {
- SECU_PrintError(progName, "failure authenticating to key database.\n");
- exit(ERRX);
- }
-
- *privk = PK11_GenerateKeyPair (slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
- pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, NULL /*wincx*/ );
-
- if (*privk != NULL && *pubk != NULL) {
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "generated public/private key pair\n");
- }
- } else {
- SECU_PrintError(progName, "failure generating key pair\n");
- exit (ERRX);
- }
-
- return SECSuccess;
-}
-
-/******************************************************************
- *
- * m a k e _ c e r t _ r e q u e s t
- */
-static CERTCertificateRequest*
-make_cert_request(char *subject, SECKEYPublicKey *pubk)
-{
- CERTName *subj;
- CERTSubjectPublicKeyInfo *spki;
-
- CERTCertificateRequest *req;
-
- /* Create info about public key */
- spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
- if (!spki) {
- SECU_PrintError(progName, "unable to create subject public key");
- exit (ERRX);
- }
-
- subj = CERT_AsciiToName (subject);
- if(subj == NULL) {
- FatalError("Invalid data in certificate description");
- }
-
- /* Generate certificate request */
- req = CERT_CreateCertificateRequest(subj, spki, 0);
- if (!req) {
- SECU_PrintError(progName, "unable to make certificate request");
- exit (ERRX);
- }
-
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "certificate request generated\n");
- }
-
- return req;
-}
-
-/******************************************************************
- *
- * m a k e _ c e r t
- */
-static CERTCertificate *
-make_cert(CERTCertificateRequest *req, unsigned long serial,
- CERTName *ca_subject)
-{
- CERTCertificate *cert;
-
- CERTValidity *validity = NULL;
-
- PRTime now, after;
- PRExplodedTime printableTime;
-
- now = PR_Now();
- PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
-
- printableTime.tm_month += 3;
- after = PR_ImplodeTime (&printableTime);
-
- validity = CERT_CreateValidity (now, after);
-
- if (validity == NULL)
- {
- PR_fprintf(errorFD, "%s: error creating certificate validity\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- cert = CERT_CreateCertificate
- (serial, ca_subject, validity, req);
-
- if (cert == NULL)
- {
- /* should probably be more precise here */
- PR_fprintf(errorFD, "%s: error while generating certificate\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- return cert;
- }
-
-/*************************************************************************
- *
- * o u t p u t _ c a _ c e r t
- */
-static void
-output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db)
- {
- FILE *out;
-
- SECItem *encodedCertChain;
- SEC_PKCS7ContentInfo *certChain;
- char *filename;
-
- /* the raw */
-
- filename = PORT_ZAlloc(strlen(DEFAULT_X509_BASENAME)+8);
- if(!filename) out_of_memory();
-
- sprintf(filename, "%s.raw", DEFAULT_X509_BASENAME);
- if ((out = fopen (filename, "wb")) == NULL)
- {
- PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME, filename);
- errorCount++;
- return;
- }
-
- certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, db);
- encodedCertChain
- = SEC_PKCS7EncodeItem (NULL, NULL, certChain, NULL, NULL, NULL);
-
- if (encodedCertChain)
- {
- fprintf(out, "Content-type: application/x-x509-ca-cert\n\n");
- fwrite (encodedCertChain->data, 1, encodedCertChain->len, out);
- }
- else {
- PR_fprintf(errorFD, "%s: Can't DER encode this certificate\n", PROGRAM_NAME);
- errorCount++;
- }
-
- fclose (out);
-
- /* and the cooked */
-
- sprintf(filename, "%s.cacert", DEFAULT_X509_BASENAME);
- if ((out = fopen (filename, "wb")) == NULL)
- {
- PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME, filename);
- errorCount++;
- return;
- }
-
- fprintf (out, "%s\n%s\n%s\n",
- NS_CERT_HEADER,
- BTOA_DataToAscii (cert->derCert.data, cert->derCert.len),
- NS_CERT_TRAILER);
-
- fclose (out);
-
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "Exported certificate to %s.raw and %s.cacert.\n",
- DEFAULT_X509_BASENAME, DEFAULT_X509_BASENAME);
- }
-}
diff --git a/security/nss/cmd/signtool/javascript.c b/security/nss/cmd/signtool/javascript.c
deleted file mode 100644
index 31cd24fca..000000000
--- a/security/nss/cmd/signtool/javascript.c
+++ /dev/null
@@ -1,1787 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "signtool.h"
-#include <prmem.h>
-#include <prio.h>
-#include <prenv.h>
-
-static int javascript_fn(char *relpath, char *basedir, char *reldir,
- char *filename, void *arg);
-static int extract_js (char *filename);
-static int copyinto (char *from, char *to);
-static PRStatus ensureExists (char *base, char *path);
-static int make_dirs(char *path, PRInt32 file_perms);
-
-static char *jartree = NULL;
-static int idOrdinal;
-static PRBool dumpParse=PR_FALSE;
-
-static char *event_handlers[] = {
-"onAbort",
-"onBlur",
-"onChange",
-"onClick",
-"onDblClick",
-"onDragDrop",
-"onError",
-"onFocus",
-"onKeyDown",
-"onKeyPress",
-"onKeyUp",
-"onLoad",
-"onMouseDown",
-"onMouseMove",
-"onMouseOut",
-"onMouseOver",
-"onMouseUp",
-"onMove",
-"onReset",
-"onResize",
-"onSelect",
-"onSubmit",
-"onUnload"
-};
-static int num_handlers = 23;
-
-/*
- * I n l i n e J a v a S c r i p t
- *
- * Javascript signing. Instead of passing an archive to signtool,
- * a directory containing html files is given. Archives are created
- * from the archive= and src= tag attributes inside the html,
- * as appropriate. Then the archives are signed.
- *
- */
-int
-InlineJavaScript(char *dir, PRBool recurse)
-{
- jartree = dir;
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "\nGenerating inline signatures from HTML files in: %s\n", dir);
- }
- if(PR_GetEnv("SIGNTOOL_DUMP_PARSE")) {
- dumpParse = PR_TRUE;
- }
-
- return foreach(dir, "", javascript_fn, recurse, PR_FALSE /*include dirs*/,
- (void*)NULL);
-
-}
-
-/************************************************************************
- *
- * j a v a s c r i p t _ f n
- */
-static int javascript_fn
- (char *relpath, char *basedir, char *reldir, char *filename, void *arg)
-{
- char fullname [FNSIZE];
-
- /* only process inline scripts from .htm, .html, and .shtml*/
-
- if(! (PL_strcaserstr(filename, ".htm") == filename + strlen(filename) -4) &&
- ! (PL_strcaserstr(filename, ".html") == filename + strlen(filename) -5)&&
- ! (PL_strcaserstr(filename, ".shtml") == filename + strlen(filename)-6)){
- return 0;
- }
-
- /* don't process scripts that signtool has already
- extracted (those that are inside .arc directories) */
-
- if(PL_strcaserstr(filename, ".arc") == filename + strlen(filename) - 4)
- return 0;
-
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "Processing HTML file: %s\n", relpath);
- }
-
- /* reset firstArchive at top of each HTML file */
-
- /* skip directories that contain extracted scripts */
-
- if(PL_strcaserstr(reldir, ".arc") == reldir + strlen(reldir) - 4)
- return 0;
-
- sprintf (fullname, "%s/%s", basedir, relpath);
- return extract_js (fullname);
-}
-
-/*===========================================================================
- =
- = D A T A S T R U C T U R E S
- =
-*/
-typedef enum {
- TEXT_HTML_STATE=0,
- SCRIPT_HTML_STATE
-} HTML_STATE ;
-
-typedef enum {
- /* we start in the start state */
- START_STATE,
-
- /* We are looking for or reading in an attribute */
- GET_ATT_STATE,
-
- /* We're burning ws before finding an attribute */
- PRE_ATT_WS_STATE,
-
- /* We're burning ws after an attribute. Looking for an '='. */
- POST_ATT_WS_STATE,
-
- /* We're burning ws after an '=', waiting for a value */
- PRE_VAL_WS_STATE,
-
- /* We're reading in a value */
- GET_VALUE_STATE,
-
- /* We're reading in a value that's inside quotes */
- GET_QUOTED_VAL_STATE,
-
- /* We've encountered the closing '>' */
- DONE_STATE,
-
- /* Error state */
- ERR_STATE
-} TAG_STATE ;
-
-typedef struct AVPair_Str {
- char *attribute;
- char *value;
- unsigned int valueLine; /* the line that the value ends on */
- struct AVPair_Str *next;
-} AVPair;
-
-typedef enum {
- APPLET_TAG,
- SCRIPT_TAG,
- LINK_TAG,
- STYLE_TAG,
- COMMENT_TAG,
- OTHER_TAG
-} TAG_TYPE ;
-
-typedef struct {
- TAG_TYPE type;
- AVPair *attList;
- AVPair *attListTail;
- char *text;
-} TagItem;
-
-typedef enum {
- TAG_ITEM,
- TEXT_ITEM
-} ITEM_TYPE ;
-
-typedef struct HTMLItem_Str{
- unsigned int startLine;
- unsigned int endLine;
- ITEM_TYPE type;
- union {
- TagItem *tag;
- char *text;
- } item;
- struct HTMLItem_Str *next;
-} HTMLItem;
-
-typedef struct {
- PRFileDesc *fd;
- PRInt32 curIndex;
- PRBool IsEOF;
-#define FILE_BUFFER_BUFSIZE 512
- char buf[FILE_BUFFER_BUFSIZE];
- PRInt32 startOffset;
- PRInt32 maxIndex;
- unsigned int lineNum;
-} FileBuffer;
-
-/*===========================================================================
- =
- = F U N C T I O N S
- =
-*/
-static HTMLItem* CreateTextItem(char *text, unsigned int startline,
- unsigned int endline);
-static HTMLItem* CreateTagItem(TagItem* ti, unsigned int startline,
- unsigned int endline);
-static TagItem* ProcessTag(FileBuffer* fb, char **errStr);
-static void DestroyHTMLItem(HTMLItem *item);
-static void DestroyTagItem(TagItem* ti);
-static TAG_TYPE GetTagType(char *att);
-static FileBuffer* FB_Create(PRFileDesc* fd);
-static int FB_GetChar(FileBuffer *fb);
-static PRInt32 FB_GetPointer(FileBuffer *fb);
-static PRInt32 FB_GetRange(FileBuffer *fb, PRInt32 start, PRInt32 end,
- char **buf);
-static unsigned int FB_GetLineNum(FileBuffer *fb);
-static void FB_Destroy(FileBuffer *fb);
-static void PrintTagItem(PRFileDesc *fd, TagItem *ti);
-static void PrintHTMLStream(PRFileDesc *fd, HTMLItem *head);
-
-/************************************************************************
- *
- * C r e a t e T e x t I t e m
- */
-static HTMLItem*
-CreateTextItem(char *text, unsigned int startline, unsigned int endline)
-{
- HTMLItem *item;
-
- item = PR_Malloc(sizeof(HTMLItem));
- if(!item) {
- return NULL;
- }
-
- item->type = TEXT_ITEM;
- item->item.text = text;
- item->next = NULL;
- item->startLine = startline;
- item->endLine = endline;
-
- return item;
-}
-
-/************************************************************************
- *
- * C r e a t e T a g I t e m
- */
-static HTMLItem*
-CreateTagItem(TagItem* ti, unsigned int startline, unsigned int endline)
-{
- HTMLItem *item;
-
- item = PR_Malloc(sizeof(HTMLItem));
- if(!item) {
- return NULL;
- }
-
- item->type = TAG_ITEM;
- item->item.tag = ti;
- item->next = NULL;
- item->startLine = startline;
- item->endLine = endline;
-
- return item;
-}
-
-static PRBool
-isAttChar(char c)
-{
- return (isalnum(c) || c=='/' || c=='-');
-}
-
-/************************************************************************
- *
- * P r o c e s s T a g
- */
-static TagItem*
-ProcessTag(FileBuffer* fb, char **errStr)
-{
- TAG_STATE state;
- PRInt32 startText, startID, curPos;
- PRBool firstAtt;
- int curchar;
- TagItem *ti=NULL;
- AVPair *curPair=NULL;
- char quotechar;
- unsigned int linenum;
- unsigned int startline;
-
- state = START_STATE;
-
- startID = FB_GetPointer(fb);
- startText = startID;
- firstAtt = PR_TRUE;
-
- ti = (TagItem*) PR_Malloc(sizeof(TagItem));
- if(!ti) out_of_memory();
- ti->type = OTHER_TAG;
- ti->attList = NULL;
- ti->attListTail = NULL;
- ti->text = NULL;
-
- startline = FB_GetLineNum(fb);
-
- while(state != DONE_STATE && state != ERR_STATE) {
- linenum = FB_GetLineNum(fb);
- curchar = FB_GetChar(fb);
- if(curchar == EOF) {
- *errStr = PR_smprintf(
- "line %d: Unexpected end-of-file while parsing tag starting at line %d.\n", linenum, startline);
- state = ERR_STATE;
- continue;
- }
-
- switch(state) {
- case START_STATE:
- if(curchar=='!') {
- /*
- * SGML tag or comment
- * Here's the general rule for SGML tags. Everything from
- * <! to > is the tag. Inside the tag, comments are
- * delimited with --. So we are looking for the first '>'
- * that is not commented out, that is, not inside a pair
- * of --: <!DOCTYPE --this is a comment >(psyche!) -->
- */
-
- PRBool inComment = PR_FALSE;
- short hyphenCount = 0; /* number of consecutive hyphens */
-
- while(1) {
- linenum = FB_GetLineNum(fb);
- curchar = FB_GetChar(fb);
- if(curchar == EOF) {
- /* Uh oh, EOF inside comment */
- *errStr = PR_smprintf(
- "line %d: Unexpected end-of-file inside comment starting at line %d.\n",
- linenum, startline);
- state = ERR_STATE;
- break;
- }
- if(curchar=='-') {
- if(hyphenCount==1) {
- /* This is a comment delimiter */
- inComment = !inComment;
- hyphenCount=0;
- } else {
- /* beginning of a comment delimiter? */
- hyphenCount=1;
- }
- } else if(curchar=='>') {
- if(!inComment) {
- /* This is the end of the tag */
- state = DONE_STATE;
- break;
- } else {
- /* The > is inside a comment, so it's not
- * really the end of the tag */
- hyphenCount=0;
- }
- } else {
- hyphenCount = 0;
- }
- }
- ti->type = COMMENT_TAG;
- break;
- }
- /* fall through */
- case GET_ATT_STATE:
- if(isspace(curchar) || curchar=='=' || curchar=='>') {
- /* end of the current attribute */
- curPos = FB_GetPointer(fb)-2;
- if(curPos >= startID) {
- /* We have an attribute */
- curPair = (AVPair*)PR_Malloc(sizeof(AVPair));
- if(!curPair) out_of_memory();
- curPair->value = NULL;
- curPair->next = NULL;
- FB_GetRange(fb, startID, curPos, &curPair->attribute);
-
- /* Stick this attribute on the list */
- if(ti->attListTail) {
- ti->attListTail->next = curPair;
- ti->attListTail = curPair;
- } else {
- ti->attList = ti->attListTail = curPair;
- }
-
- /* If this is the first attribute, find the type of tag
- * based on it. Also, start saving the text of the tag. */
- if(firstAtt) {
- ti->type = GetTagType(curPair->attribute);
- startText = FB_GetPointer(fb)-1;
- firstAtt = PR_FALSE;
- }
- } else {
- if(curchar=='=') {
- /* If we don't have any attribute but we do have an
- * equal sign, that's an error */
- *errStr = PR_smprintf("line %d: Malformed tag starting at line %d.\n", linenum, startline);
- state = ERR_STATE;
- break;
- }
- }
-
- /* Compute next state */
- if(curchar=='=') {
- startID = FB_GetPointer(fb);
- state = PRE_VAL_WS_STATE;
- } else if(curchar=='>') {
- state = DONE_STATE;
- } else if(curPair) {
- state = POST_ATT_WS_STATE;
- } else {
- state = PRE_ATT_WS_STATE;
- }
- } else if(isAttChar(curchar)) {
- /* Just another char in the attribute. Do nothing */
- state = GET_ATT_STATE;
- } else {
- /* bogus char */
- *errStr= PR_smprintf("line %d: Bogus chararacter '%c' in tag.\n",
- linenum, curchar);
- state = ERR_STATE;
- break;
- }
- break;
- case PRE_ATT_WS_STATE:
- if(curchar=='>') {
- state = DONE_STATE;
- } else if(isspace(curchar)) {
- /* more whitespace, do nothing */
- } else if(isAttChar(curchar)) {
- /* starting another attribute */
- startID = FB_GetPointer(fb)-1;
- state = GET_ATT_STATE;
- } else {
- /* bogus char */
- *errStr = PR_smprintf("line %d: Bogus character '%c' in tag.\n",
- linenum, curchar);
- state = ERR_STATE;
- break;
- }
- break;
- case POST_ATT_WS_STATE:
- if(curchar=='>') {
- state = DONE_STATE;
- } else if(isspace(curchar)) {
- /* more whitespace, do nothing */
- } else if(isAttChar(curchar)) {
- /* starting another attribute */
- startID = FB_GetPointer(fb)-1;
- state = GET_ATT_STATE;
- } else if(curchar=='=') {
- /* there was whitespace between the attribute and its equal
- * sign, which means there's a value coming up */
- state = PRE_VAL_WS_STATE;
- } else {
- /* bogus char */
- *errStr = PR_smprintf("line %d: Bogus character '%c' in tag.\n",
- linenum, curchar);
- state = ERR_STATE;
- break;
- }
- break;
- case PRE_VAL_WS_STATE:
- if(curchar=='>') {
- /* premature end-of-tag (sounds like a personal problem). */
- *errStr = PR_smprintf(
- "line %d: End of tag while waiting for value.\n", linenum);
- state = ERR_STATE;
- break;
- } else if(isspace(curchar)) {
- /* more whitespace, do nothing */
- break;
- } else {
- /* this must be some sort of value. Fall through
- * to GET_VALUE_STATE */
- startID=FB_GetPointer(fb)-1;
- state = GET_VALUE_STATE;
- }
- /* Fall through if we didn't break on '>' or whitespace */
- case GET_VALUE_STATE:
- if(isspace(curchar) || curchar=='>') {
- /* end of value */
- curPos = FB_GetPointer(fb)-2;
- if(curPos >= startID) {
- /* Grab the value */
- FB_GetRange(fb, startID, curPos, &curPair->value);
- curPair->valueLine = linenum;
- } else {
- /* empty value, leave as NULL */
- }
- if(isspace(curchar)) {
- state = PRE_ATT_WS_STATE;
- } else {
- state = DONE_STATE;
- }
- } else if(curchar=='\"' || curchar=='\'') {
- /* quoted value. Start recording the value inside the quote*/
- startID = FB_GetPointer(fb);
- state = GET_QUOTED_VAL_STATE;
- quotechar = curchar; /* look for matching quote type */
- } else {
- /* just more value */
- }
- break;
- case GET_QUOTED_VAL_STATE:
- if(curchar == quotechar) {
- /* end of quoted value */
- curPos = FB_GetPointer(fb)-2;
- if(curPos >= startID) {
- /* Grab the value */
- FB_GetRange(fb, startID, curPos, &curPair->value);
- curPair->valueLine = linenum;
- } else {
- /* empty value, leave it as NULL */
- }
- state = GET_ATT_STATE;
- startID = FB_GetPointer(fb);
- } else {
- /* more quoted value, continue */
- }
- break;
- case DONE_STATE:
- case ERR_STATE:
- default:
- ; /* should never get here */
- }
- }
-
- if(state == DONE_STATE) {
- /* Get the text of the tag */
- curPos = FB_GetPointer(fb)-1;
- FB_GetRange(fb, startText, curPos, &ti->text);
-
- /* Return the tag */
- return ti;
- }
-
- /* Uh oh, an error. Kill the tag item*/
- DestroyTagItem(ti);
- return NULL;
-}
-
-/************************************************************************
- *
- * D e s t r o y H T M L I t e m
- */
-static void
-DestroyHTMLItem(HTMLItem *item)
-{
- if(item->type == TAG_ITEM) {
- DestroyTagItem(item->item.tag);
- } else {
- if(item->item.text) {
- PR_Free(item->item.text);
- }
- }
-}
-
-/************************************************************************
- *
- * D e s t r o y T a g I t e m
- */
-static void
-DestroyTagItem(TagItem* ti)
-{
- AVPair *temp;
-
- if(ti->text) {
- PR_Free(ti->text); ti->text = NULL;
- }
-
- while(ti->attList) {
- temp = ti->attList;
- ti->attList = ti->attList->next;
-
- if(temp->attribute) {
- PR_Free(temp->attribute); temp->attribute = NULL;
- }
- if(temp->value) {
- PR_Free(temp->value); temp->value = NULL;
- }
- PR_Free(temp);
- }
-
- PR_Free(ti);
-}
-
-/************************************************************************
- *
- * G e t T a g T y p e
- */
-static TAG_TYPE
-GetTagType(char *att)
-{
- if(!PORT_Strcasecmp(att, "APPLET")) {
- return APPLET_TAG;
- }
- if(!PORT_Strcasecmp(att, "SCRIPT")) {
- return SCRIPT_TAG;
- }
- if(!PORT_Strcasecmp(att, "LINK")) {
- return LINK_TAG;
- }
- if(!PORT_Strcasecmp(att, "STYLE")) {
- return STYLE_TAG;
- }
- return OTHER_TAG;
-}
-
-/************************************************************************
- *
- * F B _ C r e a t e
- */
-static FileBuffer*
-FB_Create(PRFileDesc* fd)
-{
- FileBuffer *fb;
- PRInt32 amountRead;
- PRInt32 storedOffset;
-
- fb = (FileBuffer*) PR_Malloc(sizeof(FileBuffer));
- fb->fd = fd;
- storedOffset = PR_Seek(fd, 0, PR_SEEK_CUR);
- PR_Seek(fd, 0, PR_SEEK_SET);
- fb->startOffset = 0;
- amountRead = PR_Read(fd, fb->buf, FILE_BUFFER_BUFSIZE);
- if(amountRead == -1) goto loser;
- fb->maxIndex = amountRead-1;
- fb->curIndex = 0;
- fb->IsEOF = (fb->curIndex>fb->maxIndex) ? PR_TRUE : PR_FALSE;
- fb->lineNum = 1;
-
- PR_Seek(fd, storedOffset, PR_SEEK_SET);
- return fb;
-loser:
- PR_Seek(fd, storedOffset, PR_SEEK_SET);
- PR_Free(fb);
- return NULL;
-}
-
-/************************************************************************
- *
- * F B _ G e t C h a r
- */
-static int
-FB_GetChar(FileBuffer *fb)
-{
- PRInt32 storedOffset;
- PRInt32 amountRead;
- int retval=-1;
-
- if(fb->IsEOF) {
- return EOF;
- }
-
- storedOffset = PR_Seek(fb->fd, 0, PR_SEEK_CUR);
-
- retval = fb->buf[fb->curIndex++];
- if(retval=='\n') fb->lineNum++;
-
- if(fb->curIndex > fb->maxIndex) {
- /* We're at the end of the buffer. Try to get some new data from the
- * file */
- fb->startOffset += fb->maxIndex+1;
- PR_Seek(fb->fd, fb->startOffset, PR_SEEK_SET);
- amountRead = PR_Read(fb->fd, fb->buf, FILE_BUFFER_BUFSIZE);
- if(amountRead==-1) goto loser;
- fb->maxIndex = amountRead-1;
- fb->curIndex = 0;
- }
-
- fb->IsEOF = (fb->curIndex > fb->maxIndex) ? PR_TRUE : PR_FALSE;
-
-loser:
- PR_Seek(fb->fd, storedOffset, PR_SEEK_SET);
- return retval;
-}
-
-/************************************************************************
- *
- * F B _ G e t L i n e N u m
- *
- */
-static unsigned int
-FB_GetLineNum(FileBuffer *fb)
-{
- return fb->lineNum;
-}
-
-/************************************************************************
- *
- * F B _ G e t P o i n t e r
- *
- */
-static PRInt32
-FB_GetPointer(FileBuffer *fb)
-{
- return fb->startOffset + fb->curIndex;
-}
-
-/************************************************************************
- *
- * F B _ G e t R a n g e
- *
- */
-static PRInt32
-FB_GetRange(FileBuffer *fb, PRInt32 start, PRInt32 end, char **buf)
-{
- PRInt32 amountRead;
- PRInt32 storedOffset;
-
- *buf = PR_Malloc(end-start+2);
- if(*buf == NULL) {
- return 0;
- }
-
- storedOffset = PR_Seek(fb->fd, 0, PR_SEEK_CUR);
- PR_Seek(fb->fd, start, PR_SEEK_SET);
- amountRead = PR_Read(fb->fd, *buf, end-start+1);
- PR_Seek(fb->fd, storedOffset, PR_SEEK_SET);
- if(amountRead == -1) {
- PR_Free(*buf);
- *buf = NULL;
- return 0;
- }
-
- (*buf)[end-start+1] = '\0';
- return amountRead;
-}
-
-
-/************************************************************************
- *
- * F B _ D e s t r o y
- *
- */
-static void
-FB_Destroy(FileBuffer *fb)
-{
- if(fb) {
- PR_Free(fb);
- }
-}
-
-/************************************************************************
- *
- * P r i n t T a g I t e m
- *
- */
-static void
-PrintTagItem(PRFileDesc *fd, TagItem *ti)
-{
- AVPair *pair;
-
- PR_fprintf(fd, "TAG:\n----\nType: ");
- switch(ti->type) {
- case APPLET_TAG:
- PR_fprintf(fd, "applet\n");
- break;
- case SCRIPT_TAG:
- PR_fprintf(fd, "script\n");
- break;
- case LINK_TAG:
- PR_fprintf(fd, "link\n");
- break;
- case STYLE_TAG:
- PR_fprintf(fd, "style\n");
- break;
- case COMMENT_TAG:
- PR_fprintf(fd, "comment\n");
- break;
- case OTHER_TAG:
- default:
- PR_fprintf(fd, "other\n");
- break;
- }
-
- PR_fprintf(fd, "Attributes:\n");
- for(pair = ti->attList; pair; pair=pair->next) {
- PR_fprintf(fd, "\t%s=%s\n", pair->attribute,
- pair->value ? pair->value : "");
- }
- PR_fprintf(fd, "Text:%s\n", ti->text ? ti->text : "");
-
- PR_fprintf(fd, "---End of tag---\n");
-}
-
-
-/************************************************************************
- *
- * P r i n t H T M L S t r e a m
- *
- */
-static void
-PrintHTMLStream(PRFileDesc *fd, HTMLItem *head)
-{
- while(head) {
- if(head->type==TAG_ITEM) {
- PrintTagItem(fd, head->item.tag);
- } else {
- PR_fprintf(fd, "\nTEXT:\n-----\n%s\n-----\n\n", head->item.text);
- }
- head = head->next;
- }
-}
-
-/************************************************************************
- *
- * S a v e I n l i n e S c r i p t
- *
- */
-static int
-SaveInlineScript(char *text, char *id, char *basedir, char *archiveDir)
-{
- char *filename=NULL;
- PRFileDesc *fd=NULL;
- int retval = -1;
- PRInt32 writeLen;
- char *ilDir=NULL;
-
- if(!text || !id || !archiveDir) {
- return -1;
- }
-
- if(dumpParse) {
- PR_fprintf(outputFD, "SaveInlineScript: text=%s, id=%s, \n"
- "basedir=%s, archiveDir=%s\n",
- text, id, basedir, archiveDir);
- }
-
- /* Make sure the archive directory is around */
- if(ensureExists(basedir, archiveDir) != PR_SUCCESS) {
- PR_fprintf(errorFD,
- "ERROR: Unable to create archive directory %s.\n", archiveDir);
- errorCount++;
- return -1;
- }
-
- /* Make sure the inline script directory is around */
- ilDir = PR_smprintf("%s/inlineScripts", archiveDir);
- scriptdir = "inlineScripts";
- if(ensureExists(basedir, ilDir) != PR_SUCCESS) {
- PR_fprintf(errorFD,
- "ERROR: Unable to create directory %s.\n", ilDir);
- errorCount++;
- return -1;
- }
-
- filename = PR_smprintf("%s/%s/%s", basedir, ilDir, id);
-
- /* If the file already exists, give a warning, then blow it away */
- if(PR_Access(filename, PR_ACCESS_EXISTS) == PR_SUCCESS) {
- PR_fprintf(errorFD,
- "warning: file \"%s\" already exists--will overwrite.\n",
- filename);
- warningCount++;
- if(rm_dash_r(filename)) {
- PR_fprintf(errorFD,
- "ERROR: Unable to delete %s.\n", filename);
- errorCount++;
- goto finish;
- }
- }
-
- /* Write text into file with name id */
- fd = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 0777);
- if(!fd) {
- PR_fprintf(errorFD, "ERROR: Unable to create file \"%s\".\n",
- filename);
- errorCount++;
- goto finish;
- }
- writeLen = strlen(text);
- if( PR_Write(fd, text, writeLen) != writeLen) {
- PR_fprintf(errorFD, "ERROR: Unable to write to file \"%s\".\n",
- filename);
- errorCount++;
- goto finish;
- }
-
- retval = 0;
-finish:
- if(filename) {
- PR_smprintf_free(filename);
- }
- if(ilDir) {
- PR_smprintf_free(ilDir);
- }
- if(fd) {
- PR_Close(fd);
- }
- return retval;
-}
-
-/************************************************************************
- *
- * S a v e U n n a m a b l e S c r i p t
- *
- */
-static int
-SaveUnnamableScript(char *text, char *basedir, char *archiveDir,
- char *HTMLfilename)
-{
- char *id=NULL;
- char *ext=NULL;
- char *start=NULL;
- int retval = -1;
-
- if(!text || !archiveDir || !HTMLfilename) {
- return -1;
- }
-
- if(dumpParse) {
- PR_fprintf(outputFD, "SaveUnnamableScript: text=%s, basedir=%s,\n"
- "archiveDir=%s, filename=%s\n", text, basedir, archiveDir,
- HTMLfilename);
- }
-
- /* Construct the filename */
- ext = PL_strrchr(HTMLfilename, '.');
- if(ext) {
- *ext = '\0';
- }
- for(start=HTMLfilename; strpbrk(start, "/\\");
- start=strpbrk(start, "/\\")+1);
- if(*start=='\0') start = HTMLfilename;
- id = PR_smprintf("_%s%d", start, idOrdinal++);
- if(ext) {
- *ext = '.';
- }
-
- /* Now call SaveInlineScript to do the work */
- retval = SaveInlineScript(text, id, basedir, archiveDir);
-
- PR_Free(id);
-
- return retval;
-}
-
-/************************************************************************
- *
- * S a v e S o u r c e
- *
- */
-static int
-SaveSource(char *src, char *codebase, char *basedir, char *archiveDir)
-{
- char *from=NULL, *to=NULL;
- int retval = -1;
- char *arcDir=NULL;
-
- if(!src || !archiveDir) {
- return -1;
- }
-
- if(dumpParse) {
- PR_fprintf(outputFD, "SaveSource: src=%s, codebase=%s, basedir=%s,\n"
- "archiveDir=%s\n", src, codebase, basedir, archiveDir);
- }
-
- if(codebase) {
- arcDir = PR_smprintf("%s/%s/%s/", basedir, codebase, archiveDir);
- } else {
- arcDir = PR_smprintf("%s/%s/", basedir, archiveDir);
- }
-
- if(codebase) {
- from = PR_smprintf("%s/%s/%s", basedir, codebase, src);
- to = PR_smprintf("%s%s", arcDir, src);
- } else {
- from = PR_smprintf("%s/%s", basedir, src);
- to = PR_smprintf("%s%s", arcDir, src);
- }
-
- if(make_dirs(to, 0777)) {
- PR_fprintf(errorFD,
- "ERROR: Unable to create archive directory %s.\n", archiveDir);
- errorCount++;
- goto finish;
- }
-
- retval = copyinto(from, to);
-finish:
- if(from) PR_Free(from);
- if(to) PR_Free(to);
- if(arcDir) PR_Free(arcDir);
- return retval;
-}
-
-/************************************************************************
- *
- * T a g T y p e T o S t r i n g
- *
- */
-char *
-TagTypeToString(TAG_TYPE type)
-{
- switch(type) {
- case APPLET_TAG:
- return "APPLET";
- case SCRIPT_TAG:
- return "SCRIPT";
- case LINK_TAG:
- return "LINK";
- case STYLE_TAG:
- return "STYLE";
- default:
- return "unknown";
- }
- return "unknown";
-}
-
-/************************************************************************
- *
- * e x t r a c t _ j s
- *
- */
-static int
-extract_js(char *filename)
-{
- PRFileDesc *fd=NULL;
- FileBuffer *fb=NULL;
- HTML_STATE state;
- int curchar;
- HTMLItem *head = NULL;
- HTMLItem *tail = NULL;
- PRInt32 textStart;
- PRInt32 curOffset;
- TagItem *tagp=NULL;
- char *text=NULL;
- HTMLItem *curitem=NULL;
- int retval = -1;
- char *tagerr=NULL;
- unsigned int linenum, startLine;
- char *archiveDir=NULL, *firstArchiveDir=NULL;
- HTMLItem *styleList, *styleListTail;
- HTMLItem *entityList, *entityListTail;
- char *basedir=NULL;
-
- styleList = entityList = styleListTail = entityListTail = NULL;
-
- /* Initialize the implicit ID counter for each file */
- idOrdinal = 0;
-
- /*
- * First, parse the HTML into a stream of tags and text.
- */
-
- fd = PR_Open(filename, PR_RDONLY, 0);
- if(!fd) {
- PR_fprintf(errorFD, "Unable to open %s for reading.\n", filename);
- errorCount++;
- return -1;
- }
-
- /* Construct base directory of filename. */
- {
- char *cp;
-
- basedir = PL_strdup(filename);
-
- /* Remove trailing slashes */
- while( (cp = PL_strprbrk(basedir, "/\\")) ==
- (basedir + strlen(basedir) - 1)) {
- *cp = '\0';
- }
-
- /* Now remove everything from the last slash (which will be followed
- * by a filename) to the end */
- cp = PL_strprbrk(basedir, "/\\");
- if(cp) {
- *cp = '\0';
- }
- }
-
- state = TEXT_HTML_STATE;
-
- fb = FB_Create(fd);
-
- textStart=0;
- startLine = 0;
- while(linenum=FB_GetLineNum(fb), (curchar = FB_GetChar(fb)) != EOF) {
- switch(state) {
- case TEXT_HTML_STATE:
- if(curchar == '<') {
- /*
- * Found a tag
- */
- /* Save the text so far to a new text item */
- curOffset = FB_GetPointer(fb)-2;
- if(curOffset >= textStart) {
- if(FB_GetRange(fb, textStart, curOffset, &text) !=
- curOffset-textStart+1) {
- PR_fprintf(errorFD,
- "Unable to read from %s.\n", filename);
- errorCount++;
- goto loser;
- }
- /* little fudge here. If the first character on a line
- * is '<', meaning a new tag, the preceding text item
- * actually ends on the previous line. In this case
- * we will be saying that the text segment ends on the
- * next line. I don't think this matters for text items. */
- curitem = CreateTextItem(text, startLine, linenum);
- text = NULL;
- if(tail == NULL) {
- head = tail = curitem;
- } else {
- tail->next = curitem;
- tail = curitem;
- }
- }
-
- /* Process the tag */
- tagp = ProcessTag(fb, &tagerr);
- if(!tagp) {
- if(tagerr) {
- PR_fprintf(errorFD, "Error in file %s: %s\n",
- filename, tagerr);
- errorCount++;
- } else {
- PR_fprintf(errorFD,
- "Error in file %s, in tag starting at line %d\n",
- filename, linenum);
- errorCount++;
- }
- goto loser;
- }
- /* Add the tag to the list */
- curitem = CreateTagItem(tagp, linenum, FB_GetLineNum(fb));
- if(tail == NULL) {
- head = tail = curitem;
- } else {
- tail->next = curitem;
- tail = curitem;
- }
-
- /* What's the next state */
- if(tagp->type == SCRIPT_TAG) {
- state = SCRIPT_HTML_STATE;
- }
-
- /* Start recording text from the new offset */
- textStart = FB_GetPointer(fb);
- startLine = FB_GetLineNum(fb);
- } else {
- /* regular character. Next! */
- }
- break;
- case SCRIPT_HTML_STATE:
- if(curchar == '<') {
- char *cp;
- /*
- * If this is a </script> tag, then we're at the end of the
- * script. Otherwise, ignore
- */
- curOffset = FB_GetPointer(fb)-1;
- cp = NULL;
- if(FB_GetRange(fb, curOffset, curOffset+8, &cp) != 9) {
- if(cp) { PR_Free(cp); cp = NULL; }
- } else {
- /* compare the strings */
- if( !PORT_Strncasecmp(cp, "</script>", 9) ) {
- /* This is the end of the script. Record the text. */
- curOffset--;
- if(curOffset >= textStart) {
- if(FB_GetRange(fb, textStart, curOffset, &text) !=
- curOffset-textStart+1) {
- PR_fprintf(errorFD,
- "Unable to read from %s.\n", filename);
- errorCount++;
- goto loser;
- }
- curitem = CreateTextItem(text, startLine, linenum);
- text = NULL;
- if(tail == NULL) {
- head = tail = curitem;
- } else {
- tail->next = curitem;
- tail = curitem;
- }
- }
-
- /* Now parse the /script tag and put it on the list */
- tagp = ProcessTag(fb, &tagerr);
- if(!tagp) {
- if(tagerr) {
- PR_fprintf(errorFD,
- "Error in file %s: %s\n", filename, tagerr);
- } else {
- PR_fprintf(errorFD,
- "Error in file %s, in tag starting at"
- " line %d\n", filename, linenum);
- }
- errorCount++;
- goto loser;
- }
- curitem = CreateTagItem(tagp, linenum,
- FB_GetLineNum(fb));
- if(tail == NULL) {
- head = tail = curitem;
- } else {
- tail->next = curitem;
- tail = curitem;
- }
-
- /* go back to text state */
- state = TEXT_HTML_STATE;
-
- textStart = FB_GetPointer(fb);
- startLine = FB_GetLineNum(fb);
- }
- }
- }
- break;
- }
- }
-
- /* End of the file. Wrap up any remaining text */
- if(state == SCRIPT_HTML_STATE) {
- if(tail && tail->type==TAG_ITEM) {
- PR_fprintf(errorFD, "ERROR: <SCRIPT> tag at %s:%d is not followed "
- "by a </SCRIPT> tag.\n", filename, tail->startLine);
- } else {
- PR_fprintf(errorFD, "ERROR: <SCRIPT> tag in file %s is not followed"
- " by a </SCRIPT tag.\n", filename);
- }
- errorCount++;
- goto loser;
- }
- curOffset = FB_GetPointer(fb)-1;
- if(curOffset >= textStart) {
- text = NULL;
- if( FB_GetRange(fb, textStart, curOffset, &text) !=
- curOffset-textStart+1) {
- PR_fprintf(errorFD, "Unable to read from %s.\n", filename);
- errorCount++;
- goto loser;
- }
- curitem = CreateTextItem(text, startLine, linenum);
- text = NULL;
- if(tail == NULL) {
- head = tail = curitem;
- } else {
- tail->next = curitem;
- tail = curitem;
- }
- }
-
- if(dumpParse) {
- PrintHTMLStream(outputFD, head);
- }
-
-
-
-
- /*
- * Now we have a stream of tags and text. Go through and deal with each.
- */
- for(curitem = head; curitem; curitem = curitem->next) {
- TagItem *tagp=NULL;
- AVPair *pairp=NULL;
- char *src=NULL, *id=NULL, *codebase=NULL;
- PRBool hasEventHandler=PR_FALSE;
- int i;
-
- /* Reset archive directory for each tag */
- if(archiveDir) {
- PR_Free(archiveDir); archiveDir = NULL;
- }
-
- /* We only analyze tags */
- if(curitem->type != TAG_ITEM) {
- continue;
- }
-
- tagp = curitem->item.tag;
-
- /* go through the attributes to get information */
- for(pairp=tagp->attList; pairp; pairp=pairp->next) {
-
- /* ARCHIVE= */
- if( !PL_strcasecmp(pairp->attribute, "archive")) {
- if(archiveDir) {
- /* Duplicate attribute. Print warning */
- PR_fprintf(errorFD,
- "warning: \"%s\" attribute overwrites previous attribute"
- " in tag starting at %s:%d.\n",
- pairp->attribute, filename, curitem->startLine);
- warningCount++;
- PR_Free(archiveDir);
- }
- archiveDir = PL_strdup(pairp->value);
-
- /* Substiture ".arc" for ".jar" */
- if( (PL_strlen(archiveDir)<4) ||
- PL_strcasecmp((archiveDir+strlen(archiveDir)-4), ".jar")){
- PR_fprintf(errorFD,
- "warning: ARCHIVE attribute should end in \".jar\" in tag"
- " starting on %s:%d.\n", filename, curitem->startLine);
- warningCount++;
- PR_Free(archiveDir);
- archiveDir = PR_smprintf("%s.arc", archiveDir);
- } else {
- PL_strcpy(archiveDir+strlen(archiveDir)-4, ".arc");
- }
-
- /* Record the first archive. This will be used later if
- * the archive is not specified */
- if(firstArchiveDir == NULL) {
- firstArchiveDir = PL_strdup(archiveDir);
- }
- }
-
- /* CODEBASE= */
- else if( !PL_strcasecmp(pairp->attribute, "codebase")) {
- if(codebase) {
- /* Duplicate attribute. Print warning */
- PR_fprintf(errorFD,
- "warning: \"%s\" attribute overwrites previous attribute"
- " in tag staring at %s:%d.\n",
- pairp->attribute, filename, curitem->startLine);
- warningCount++;
- }
- codebase = pairp->value;
- }
-
- /* SRC= and HREF= */
- else if( !PORT_Strcasecmp(pairp->attribute, "src") ||
- !PORT_Strcasecmp(pairp->attribute, "href") ) {
- if(src) {
- /* Duplicate attribute. Print warning */
- PR_fprintf(errorFD,
- "warning: \"%s\" attribute overwrites previous attribute"
- " in tag staring at %s:%d.\n",
- pairp->attribute, filename, curitem->startLine);
- warningCount++;
- }
- src = pairp->value;
- }
-
- /* CODE= */
- else if(!PORT_Strcasecmp(pairp->attribute, "code") ) {
- /*!!!XXX Change PORT to PL all over this code !!! */
- if(src) {
- /* Duplicate attribute. Print warning */
- PR_fprintf(errorFD,
- "warning: \"%s\" attribute overwrites previous attribute"
- " ,in tag staring at %s:%d.\n",
- pairp->attribute, filename, curitem->startLine);
- warningCount++;
- }
- src = pairp->value;
-
- /* Append a .class if one is not already present */
- if( (PL_strlen(src)<6) ||
- PL_strcasecmp( (src + PL_strlen(src) - 6), ".class") ) {
- src = PR_smprintf("%s.class", src);
- /* Put this string back into the data structure so it
- * will be deallocated properly */
- PR_Free(pairp->value);
- pairp->value = src;
- }
- }
-
- /* ID= */
- else if (!PL_strcasecmp(pairp->attribute, "id") ) {
- if(id) {
- /* Duplicate attribute. Print warning */
- PR_fprintf(errorFD,
- "warning: \"%s\" attribute overwrites previous attribute"
- " in tag staring at %s:%d.\n",
- pairp->attribute, filename, curitem->startLine);
- warningCount++;
- }
- id = pairp->value;
- }
-
- /* STYLE= */
- /* style= attributes, along with JS entities, are stored into
- * files with dynamically generated names. The filenames are
- * based on the order in which the text is found in the file.
- * All JS entities on all lines up to and including the line
- * containing the end of the tag that has this style= attribute
- * will be processed before this style=attribute. So we need
- * to record the line that this _tag_ (not the attribute) ends on.
- */
- else if(!PL_strcasecmp(pairp->attribute, "style") && pairp->value) {
- HTMLItem *styleItem;
- /* Put this item on the style list */
- styleItem = CreateTextItem(PL_strdup(pairp->value),
- curitem->startLine, curitem->endLine);
- if(styleListTail == NULL) {
- styleList = styleListTail = styleItem;
- } else {
- styleListTail->next = styleItem;
- styleListTail = styleItem;
- }
- }
-
- /* Event handlers */
- else {
- for(i=0; i < num_handlers; i++) {
- if(!PL_strcasecmp(event_handlers[i], pairp->attribute)) {
- hasEventHandler = PR_TRUE;
- break;
- }
- }
- }
-
- /* JS Entity */
- {
- char *entityStart, *entityEnd;
- HTMLItem *entityItem;
-
- /* go through each JavaScript entity ( &{...}; ) and store it
- * in the entityList. The important thing is to record what
- * line number it's on, so we can get it in the right order
- * in relation to style= attributes.
- * Apparently, these can't flow across lines, so the start and
- * end line will be the same. That helps matters.
- */
- entityEnd = pairp->value;
- while( entityEnd &&
- (entityStart = PL_strstr(entityEnd, "&{")) != NULL) {
- entityStart +=2; /* point at beginning of actual entity */
- entityEnd = PL_strstr(entityStart, "}");
- if(entityEnd) {
- /* Put this item on the entity list */
- *entityEnd = '\0';
- entityItem = CreateTextItem(PL_strdup(entityStart),
- pairp->valueLine, pairp->valueLine);
- *entityEnd = '}';
- if(entityListTail) {
- entityListTail->next = entityItem;
- entityListTail = entityItem;
- } else {
- entityList = entityListTail = entityItem;
- }
- }
- }
- }
-
- }
-
- /* If no archive was supplied, we use the first one of the file */
- if(!archiveDir && firstArchiveDir) {
- archiveDir = PL_strdup(firstArchiveDir);
- }
-
- /* If we have an event handler, we need to archive this tag */
- if(hasEventHandler) {
- if(!id) {
- PR_fprintf(errorFD,
- "warning: tag starting at %s:%d has event handler but"
- " no ID attribute. The tag will not be signed.\n",
- filename, curitem->startLine);
- warningCount++;
- } else if(!archiveDir) {
- PR_fprintf(errorFD,
- "warning: tag starting at %s:%d has event handler but"
- " no ARCHIVE attribute. The tag will not be signed.\n",
- filename, curitem->startLine);
- warningCount++;
- } else {
- if(SaveInlineScript(tagp->text, id, basedir, archiveDir)) {
- goto loser;
- }
- }
- }
-
- switch(tagp->type) {
- case APPLET_TAG:
- if(!src) {
- PR_fprintf(errorFD,
- "error: APPLET tag starting on %s:%d has no CODE "
- "attribute.\n", filename, curitem->startLine);
- errorCount++;
- goto loser;
- } else if(!archiveDir) {
- PR_fprintf(errorFD,
- "error: APPLET tag starting on %s:%d has no ARCHIVE "
- "attribute.\n", filename, curitem->startLine);
- errorCount++;
- goto loser;
- } else {
- if(SaveSource(src, codebase, basedir, archiveDir)) {
- goto loser;
- }
- }
- break;
- case SCRIPT_TAG:
- case LINK_TAG:
- case STYLE_TAG:
- if(!archiveDir) {
- PR_fprintf(errorFD,
- "error: %s tag starting on %s:%d has no ARCHIVE "
- "attribute.\n", TagTypeToString(tagp->type),
- filename, curitem->startLine);
- errorCount++;
- goto loser;
- } else if(src) {
- if(SaveSource(src, codebase, basedir, archiveDir)) {
- goto loser;
- }
- } else if(id) {
- /* Save the next text item */
- if(!curitem->next || (curitem->next->type != TEXT_ITEM)) {
- PR_fprintf(errorFD,
- "warning: %s tag starting on %s:%d is not followed"
- " by script text.\n", TagTypeToString(tagp->type),
- filename, curitem->startLine);
- warningCount++;
- /* just create empty file */
- if(SaveInlineScript("", id, basedir, archiveDir)) {
- goto loser;
- }
- } else {
- curitem = curitem->next;
- if(SaveInlineScript(curitem->item.text, id, basedir,
- archiveDir)){
- goto loser;
- }
- }
- } else {
- /* No src or id tag--warning */
- PR_fprintf(errorFD,
- "warning: %s tag starting on %s:%d has no SRC or"
- " ID attributes. Will not sign.\n",
- TagTypeToString(tagp->type), filename, curitem->startLine);
- warningCount++;
- }
- break;
- default:
- /* do nothing for other tags */
- break;
- }
-
- }
-
- /* Now deal with all the unnamable scripts */
- if(firstArchiveDir) {
- HTMLItem *style, *entity;
-
- /* Go through the lists of JS entities and style attributes. Do them
- * in chronological order within a list. Pick the list with the lower
- * endLine. In case of a tie, entities come first.
- */
- style = styleList; entity = entityList;
- while(style || entity) {
- if(!entity || (style && (style->endLine < entity->endLine))) {
- /* Process style */
- SaveUnnamableScript(style->item.text, basedir, firstArchiveDir,
- filename);
- style=style->next;
- } else {
- /* Process entity */
- SaveUnnamableScript(entity->item.text, basedir, firstArchiveDir,
- filename);
- entity=entity->next;
- }
- }
- }
-
-
- retval = 0;
-loser:
- /* Blow away the stream */
- while(head) {
- curitem = head;
- head = head->next;
- DestroyHTMLItem(curitem);
- }
- while(styleList) {
- curitem = styleList;
- styleList = styleList->next;
- DestroyHTMLItem(curitem);
- }
- while(entityList) {
- curitem = entityList;
- entityList = entityList->next;
- DestroyHTMLItem(curitem);
- }
- if(text) {
- PR_Free(text); text=NULL;
- }
- if(fb) {
- FB_Destroy(fb); fb=NULL;
- }
- if(fd) {
- PR_Close(fd);
- }
- if(tagerr) {
- PR_smprintf_free(tagerr); tagerr=NULL;
- }
- if(archiveDir) {
- PR_Free(archiveDir); archiveDir=NULL;
- }
- if(firstArchiveDir) {
- PR_Free(firstArchiveDir); firstArchiveDir=NULL;
- }
- return retval;
-}
-
-/**********************************************************************
- *
- * e n s u r e E x i s t s
- *
- * Check for existence of indicated directory. If it doesn't exist,
- * it will be created.
- * Returns PR_SUCCESS if the directory is present, PR_FAILURE otherwise.
- */
-static PRStatus
-ensureExists (char *base, char *path)
-{
- char fn [FNSIZE];
- PRDir *dir;
- sprintf (fn, "%s/%s", base, path);
-
- /*PR_fprintf(outputFD, "Trying to open directory %s.\n", fn);*/
-
- if( (dir=PR_OpenDir(fn)) ) {
- PR_CloseDir(dir);
- return PR_SUCCESS;
- }
- return PR_MkDir(fn, 0777);
-}
-
-/***************************************************************************
- *
- * m a k e _ d i r s
- *
- * Ensure that the directory portion of the path exists. This may require
- * making the directory, and its parent, and its parent's parent, etc.
- */
-static int
-make_dirs(char *path, int file_perms)
-{
- char *Path;
- char *start;
- char *sep;
- int ret = 0;
- PRFileInfo info;
-
- if(!path) {
- return 0;
- }
-
- Path = PL_strdup(path);
- start = strpbrk(Path, "/\\");
- if(!start) {
- return 0;
- }
- start++; /* start right after first slash */
-
- /* Each time through the loop add one more directory. */
- while( (sep=strpbrk(start, "/\\")) ) {
- *sep = '\0';
-
- if( PR_GetFileInfo(Path, &info) != PR_SUCCESS) {
- /* No such dir, we have to create it */
- if( PR_MkDir(Path, file_perms) != PR_SUCCESS) {
- PR_fprintf(errorFD, "ERROR: Unable to create directory %s.\n",
- Path);
- errorCount++;
- ret = -1;
- goto loser;
- }
- } else {
- /* something exists by this name, make sure it's a directory */
- if( info.type != PR_FILE_DIRECTORY ) {
- PR_fprintf(errorFD, "ERROR: Unable to create directory %s.\n",
- Path);
- errorCount++;
- ret = -1;
- goto loser;
- }
- }
-
- start = sep+1; /* start after the next slash */
- *sep = '/';
- }
-
-loser:
- PR_Free(Path);
- return ret;
-}
-
-/*
- * c o p y i n t o
- *
- * Function to copy file "from" to path "to".
- *
- */
-static int
-copyinto (char *from, char *to)
-{
- PRInt32 num;
- char buf [BUFSIZ];
- PRFileDesc *infp=NULL, *outfp=NULL;
- int retval = -1;
-
- if ((infp = PR_Open(from, PR_RDONLY, 0777)) == NULL) {
- PR_fprintf(errorFD, "ERROR: Unable to open \"%s\" for reading.\n",
- from);
- errorCount++;
- goto finish;
- }
-
- /* If to already exists, print a warning before deleting it */
- if(PR_Access(to, PR_ACCESS_EXISTS) == PR_SUCCESS) {
- PR_fprintf(errorFD, "warning: %s already exists--will overwrite\n",
- to);
- warningCount++;
- if(rm_dash_r(to)) {
- PR_fprintf(errorFD,
- "ERROR: Unable to remove %s.\n", to);
- errorCount++;
- goto finish;
- }
- }
-
- if ((outfp = PR_Open(to, PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 0777))
- == NULL) {
- char *errBuf=NULL;
-
- errBuf = PR_Malloc(PR_GetErrorTextLength());
- PR_fprintf(errorFD, "ERROR: Unable to open \"%s\" for writing.\n",
- to);
- if(PR_GetErrorText(errBuf)) {
- PR_fprintf(errorFD, "Cause: %s\n", errBuf);
- }
- if(errBuf) {
- PR_Free(errBuf);
- }
- errorCount++;
- goto finish;
- }
-
- while( (num = PR_Read(infp, buf, BUFSIZ)) >0) {
- if(PR_Write(outfp, buf, num) != num) {
- PR_fprintf(errorFD, "ERROR: Error writing to %s.\n", to);
- errorCount++;
- goto finish;
- }
- }
-
- retval = 0;
-finish:
- if(infp) PR_Close(infp);
- if(outfp) PR_Close(outfp);
-
- return retval;
-}
diff --git a/security/nss/cmd/signtool/list.c b/security/nss/cmd/signtool/list.c
deleted file mode 100644
index da29889c0..000000000
--- a/security/nss/cmd/signtool/list.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "signtool.h"
-#include "pk11func.h"
-#include "certdb.h"
-
-static int num_trav_certs = 0;
-static SECStatus cert_trav_callback(CERTCertificate *cert, SECItem *k,
- void *data);
-
-/*********************************************************************
- *
- * L i s t C e r t s
- */
-int
-ListCerts(char *key, int list_certs)
-{
- SECStatus rv;
- char *ugly_list;
- CERTCertDBHandle *db;
-
- CERTCertificate *cert;
- CERTVerifyLog errlog;
-
- errlog.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if( errlog.arena == NULL) {
- out_of_memory();
- }
- errlog.head = NULL;
- errlog.tail = NULL;
- errlog.count = 0;
-
- ugly_list = PORT_ZAlloc (16);
-
- if (ugly_list == NULL) {
- out_of_memory();
- }
-
- *ugly_list = 0;
-
- db= OpenCertDB(PR_TRUE /*readOnly*/);
-
- if (list_certs == 2) {
- PR_fprintf(outputFD, "\nS Certificates\n");
- PR_fprintf(outputFD, "- ------------\n");
- } else {
- PR_fprintf(outputFD, "\nObject signing certificates\n");
- PR_fprintf(outputFD, "---------------------------------------\n");
- }
-
- num_trav_certs = 0;
-
- /* Traverse non-internal DBs */
- rv = PK11_TraverseSlotCerts(cert_trav_callback, (void*)&list_certs,
- NULL /*wincx*/);
-
- /* Traverse Internal DB */
- rv = SEC_TraversePermCerts(db, cert_trav_callback, (void*)&list_certs);
-
- if (num_trav_certs == 0) {
- PR_fprintf(outputFD,
- "You don't appear to have any object signing certificates.\n");
- }
-
- if (list_certs == 2) {
- PR_fprintf(outputFD, "- ------------\n");
- } else {
- PR_fprintf(outputFD, "---------------------------------------\n");
- }
-
- if (rv) {
- return -1;
- }
-
- if (list_certs == 1) {
- PR_fprintf(outputFD,
- "For a list including CA's, use \"%s -L\"\n", PROGRAM_NAME);
- }
-
- if(list_certs == 2) {
- PR_fprintf(outputFD,
- "Certificates that can be used to sign objects have *'s to "
- "their left.\n");
- }
-
- if (key) {
- /* Do an analysis of the given cert */
-
- SECStatus rv;
-
- cert = PK11_FindCertFromNickname(key, NULL /*wincx*/);
-
- if (cert) {
- PR_fprintf(outputFD,
- "\nThe certificate with nickname \"%s\" was found:\n",
- cert->nickname);
- PR_fprintf(outputFD,
- "\tsubject name: %s\n", cert->subjectName);
- PR_fprintf(outputFD,
- "\tissuer name: %s\n", cert->issuerName);
-
- PR_fprintf(outputFD, "\n");
-
- rv = CERT_CertTimesValid (cert);
- if(rv != SECSuccess) {
- PR_fprintf(outputFD, "**This certificate is expired**\n");
- } else {
- PR_fprintf(outputFD, "This certificate is not expired.\n");
- }
-
- rv = CERT_VerifyCert (db, cert, PR_TRUE,
- certUsageObjectSigner, PR_Now(), NULL, &errlog);
-
- if (rv != SECSuccess) {
- if(errlog.count > 0) {
- PR_fprintf(outputFD,
- "**Certificate validation failed for the "
- "following reason(s):**\n");
- } else {
- PR_fprintf(outputFD, "**Certificate validation failed**");
- }
- } else {
- PR_fprintf(outputFD, "This certificate is valid.\n");
- }
- displayVerifyLog(&errlog);
-
-
- } else {
- PR_fprintf(outputFD,
- "The certificate with nickname \"%s\" was NOT FOUND\n",
- key);
- }
- }
-
- if(errlog.arena != NULL) {
- PORT_FreeArena(errlog.arena, PR_FALSE);
- }
-
- return 0;
-}
-
-/********************************************************************
- *
- * c e r t _ t r a v _ c a l l b a c k
- */
-static SECStatus
-cert_trav_callback(CERTCertificate *cert, SECItem *k, void *data)
-{
- int isSigningCert;
- int list_certs = 1;
-
- char *name, *issuerCN, *expires;
- CERTCertificate *issuerCert = NULL;
-
- if(data) {
- list_certs = *((int*)data);
- }
-
- if (cert->nickname)
- {
- name = cert->nickname;
-
- isSigningCert = cert->nsCertType & NS_CERT_TYPE_OBJECT_SIGNING;
- issuerCert = CERT_FindCertIssuer (cert, PR_Now(), certUsageObjectSigner);
- issuerCN = CERT_GetCommonName (&cert->issuer);
-
- if (!isSigningCert && list_certs == 1)
- return (SECSuccess);
-
- /* Add this name or email to list */
-
- if (name)
- {
- int rv;
-
- num_trav_certs++;
- if(list_certs == 2) {
- PR_fprintf(outputFD, "%s ", isSigningCert ? "*" : " ");
- }
- PR_fprintf(outputFD, "%s\n", name);
-
- if (list_certs == 1)
- {
- if(issuerCert == NULL) {
- PR_fprintf(outputFD,
- "\t++ Error ++ Unable to find issuer certificate\n");
- return SECSuccess; /*function was a success even if cert is bogus*/
- }
- if (issuerCN == NULL)
- PR_fprintf(outputFD, " Issued by: %s\n", issuerCert->nickname);
- else
- PR_fprintf(outputFD,
- " Issued by: %s (%s)\n", issuerCert->nickname, issuerCN);
-
- expires = DER_UTCDayToAscii (&cert->validity.notAfter);
-
- if (expires)
- PR_fprintf(outputFD, " Expires: %s\n", expires);
-
- rv = CERT_CertTimesValid (cert);
-
- if (rv != SECSuccess)
- PR_fprintf(outputFD, " ++ Error ++ THIS CERTIFICATE IS EXPIRED\n");
-
- if (rv == SECSuccess)
- {
- rv = CERT_VerifyCertNow (cert->dbhandle, cert,
- PR_TRUE, certUsageObjectSigner, NULL);
-
- if (rv != SECSuccess)
- {
- rv = PORT_GetError();
- PR_fprintf(outputFD,
- " ++ Error ++ THIS CERTIFICATE IS NOT VALID (%s)\n",
- secErrorString(rv)); }
- }
-
- expires = DER_UTCDayToAscii (&issuerCert->validity.notAfter);
- if (expires == NULL) expires = "(unknown)";
-
- rv = CERT_CertTimesValid (issuerCert);
-
- if (rv != SECSuccess)
- PR_fprintf(outputFD,
- " ++ Error ++ ISSUER CERT \"%s\" EXPIRED ON %s\n",
- issuerCert->nickname, expires);
-
- if (rv == SECSuccess)
- {
- /*
- rv = CERT_VerifyCertNow (issuerCert->dbhandle, issuerCert,
- PR_TRUE, certUsageVerifyCA, NULL);
- */
- rv = CERT_VerifyCertNow (issuerCert->dbhandle, issuerCert,
- PR_TRUE, certUsageAnyCA, NULL);
-
- if (rv != SECSuccess)
- {
- rv = PORT_GetError();
- PR_fprintf(outputFD,
- " ++ Error ++ ISSUER CERT \"%s\" IS NOT VALID (%s)\n", issuerCert->nickname, secErrorString(rv));
- }
- }
- }
- }
- }
-
- return (SECSuccess);
-}
-
diff --git a/security/nss/cmd/signtool/manifest.mn b/security/nss/cmd/signtool/manifest.mn
deleted file mode 100644
index 87b96c1e9..000000000
--- a/security/nss/cmd/signtool/manifest.mn
+++ /dev/null
@@ -1,53 +0,0 @@
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-EXPORTS =
-
-CSRCS = signtool.c \
- certgen.c \
- javascript.c \
- list.c \
- sign.c \
- util.c \
- verify.c \
- zip.c \
- $(NULL)
-
-PROGRAM = signtool
-
-REQUIRES = security dbm seccmd
-
-DEFINES += -DNSPR20
diff --git a/security/nss/cmd/signtool/sign.c b/security/nss/cmd/signtool/sign.c
deleted file mode 100644
index 58a72ebef..000000000
--- a/security/nss/cmd/signtool/sign.c
+++ /dev/null
@@ -1,861 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "signtool.h"
-#include "zip.h"
-#include "prmem.h"
-#include "blapi.h"
-
-static int create_pk7 (char *dir, char *keyName, int *keyType);
-static int jar_find_key_type (CERTCertificate *cert);
-static int manifesto (char *dirname, char *install_script, PRBool recurse);
-static int manifesto_fn(char *relpath, char *basedir, char *reldir,
- char *filename, void *arg);
-static int sign_all_arc_fn(char *relpath, char *basedir, char *reldir,
- char *filename, void *arg);
-static int add_meta (FILE *fp, char *name);
-static int SignFile (FILE *outFile, FILE *inFile, CERTCertificate *cert);
-static int generate_SF_file (char *manifile, char *who);
-static int calculate_MD5_range (FILE *fp, long r1, long r2, JAR_Digest *dig);
-static void SignOut (void *arg, const char *buf, unsigned long len);
-
-static char *metafile = NULL;
-static int optimize = 0;
-static FILE *mf;
-static ZIPfile *zipfile=NULL;
-
-/*
- * S i g n A r c h i v e
- *
- * Sign an individual archive tree. A directory
- * called META-INF is created underneath this.
- *
- */
-int
-SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
- char *meta_file, char *install_script, int _optimize, PRBool recurse)
-{
- int status;
- char tempfn [FNSIZE], fullfn [FNSIZE];
- int keyType = rsaKey;
-
- metafile = meta_file;
- optimize = _optimize;
-
- if(zip_file) {
- zipfile = JzipOpen(zip_file, NULL /*no comment*/);
- }
-
- manifesto (tree, install_script, recurse);
-
- if (keyName)
- {
- status = create_pk7 (tree, keyName, &keyType);
- if (status < 0)
- {
- PR_fprintf(errorFD, "the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n", tree);
- errorCount++;
- exit (ERRX);
- }
- }
-
- /* mf to zip */
-
- strcpy (tempfn, "META-INF/manifest.mf");
- sprintf (fullfn, "%s/%s", tree, tempfn);
- JzipAdd(fullfn, tempfn, zipfile, compression_level);
-
- /* sf to zip */
-
- sprintf (tempfn, "META-INF/%s.sf", base);
- sprintf (fullfn, "%s/%s", tree, tempfn);
- JzipAdd(fullfn, tempfn, zipfile, compression_level);
-
- /* rsa/dsa to zip */
-
- sprintf (tempfn, "META-INF/%s.%s", base, (keyType==dsaKey ? "dsa" : "rsa"));
- sprintf (fullfn, "%s/%s", tree, tempfn);
- JzipAdd(fullfn, tempfn, zipfile, compression_level);
-
- JzipClose(zipfile);
-
- if(verbosity >= 0) {
- if (javascript) {
- PR_fprintf(outputFD,"jarfile \"%s\" signed successfully\n",
- zip_file);
- } else {
- PR_fprintf(outputFD, "tree \"%s\" signed successfully\n", tree);
- }
- }
-
- return 0;
-}
-
-typedef struct {
- char *keyName;
- int javascript;
- char *metafile;
- char *install_script;
- int optimize;
-} SignArcInfo;
-
-/*
- * S i g n A l l A r c
- *
- * Javascript may generate multiple .arc directories, one
- * for each jar archive needed. Sign them all.
- *
- */
-int
-SignAllArc(char *jartree, char *keyName, int javascript, char *metafile,
- char *install_script, int optimize, PRBool recurse)
-{
- SignArcInfo info;
-
- info.keyName = keyName;
- info.javascript = javascript;
- info.metafile = metafile;
- info.install_script = install_script;
- info.optimize = optimize;
-
- return foreach(jartree, "", sign_all_arc_fn, recurse,
- PR_TRUE /*include dirs*/, (void*)&info);
-}
-
-static int
-sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
- void *arg)
-{
- char *zipfile=NULL;
- char *arc=NULL, *archive=NULL;
- int retval=0;
- SignArcInfo *infop = (SignArcInfo*)arg;
-
- /* Make sure there is one and only one ".arc" in the relative path,
- * and that it is at the end of the path (don't sign .arcs within .arcs) */
- if ( (PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) - 4) &&
- (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4) ) {
-
- if(!infop) {
- retval = -1;
- goto finish;
- }
- archive = PR_smprintf("%s/%s", basedir, relpath);
-
- zipfile = PL_strdup(archive);
- arc = PORT_Strrchr (zipfile, '.');
-
- if (arc == NULL) {
- PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto finish;
- }
-
- PL_strcpy (arc, ".jar");
-
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "\nsigning: %s\n", zipfile);
- }
- retval = SignArchive(archive, infop->keyName, zipfile,
- infop->javascript, infop->metafile, infop->install_script,
- infop->optimize, PR_TRUE /* recurse */);
- }
-finish:
- if(archive) PR_Free(archive);
- if(zipfile) PR_Free(zipfile);
-
- return retval;
-}
-
-/*********************************************************************
- *
- * c r e a t e _ p k 7
- */
-static int
-create_pk7 (char *dir, char *keyName, int *keyType)
-{
- int status = 0;
- char *file_ext;
-
- CERTCertificate *cert;
- CERTCertDBHandle *db;
-
- SECKEYKeyDBHandle *keyHandle;
-
- FILE *in, *out;
-
- char sf_file [FNSIZE];
- char pk7_file [FNSIZE];
-
- /* open key database */
- keyHandle = SECU_OpenKeyDB(PR_TRUE /*readOnly*/);
-
- if (keyHandle == NULL)
- return -1;
-
- SECKEY_SetDefaultKeyDB (keyHandle);
-
- /* open cert database */
- db = OpenCertDB(PR_TRUE /*readOnly*/);
-
- if (db == NULL)
- return -1;
-
-
- /* find cert */
- /*cert = CERT_FindCertByNicknameOrEmailAddr(db, keyName);*/
- cert = PK11_FindCertFromNickname(keyName, NULL /*wincx*/);
-
- if (cert == NULL)
- {
- SECU_PrintError
- (
- PROGRAM_NAME,
- "the cert \"%s\" does not exist in the database",
- keyName
- );
- return -1;
- }
-
-
- /* determine the key type, which sets the extension for pkcs7 object */
-
- *keyType = jar_find_key_type (cert);
- file_ext = (*keyType == dsaKey) ? "dsa" : "rsa";
-
- sprintf (sf_file, "%s/META-INF/%s.sf", dir, base);
- sprintf (pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext);
-
- if ((in = fopen (sf_file, "rb")) == NULL)
- {
- PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME, sf_file);
- errorCount++;
- exit (ERRX);
- }
-
- if ((out = fopen (pk7_file, "wb")) == NULL)
- {
- PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME, sf_file);
- errorCount++;
- exit (ERRX);
- }
-
- status = SignFile (out, in, cert);
-
- fclose (in);
- fclose (out);
-
- if (status)
- {
- PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n",
- PROGRAM_NAME, SECU_ErrorString ((int16) PORT_GetError()));
- errorCount++;
- return -1;
- }
-
- return 0;
-}
-
-/*
- * j a r _ f i n d _ k e y _ t y p e
- *
- * Determine the key type for a given cert, which
- * should be rsaKey or dsaKey. Any error return 0.
- *
- */
-static int
-jar_find_key_type (CERTCertificate *cert)
-{
- PK11SlotInfo *slot = NULL;
- SECKEYPrivateKey *privk = NULL;
-
- /* determine its type */
- PK11_FindObjectForCert (cert, /*wincx*/ NULL, &slot);
-
- if (slot == NULL)
- {
- PR_fprintf(errorFD, "warning - can't find slot for this cert\n");
- warningCount++;
- return 0;
- }
-
- privk = PK11_FindPrivateKeyFromCert (slot, cert, /*wincx*/ NULL);
-
- if (privk == NULL)
- {
- PR_fprintf(errorFD, "warning - can't find private key for this cert\n");
- warningCount++;
- return 0;
- }
-
- return privk->keyType;
- }
-
-
-/*
- * m a n i f e s t o
- *
- * Run once for every subdirectory in which a
- * manifest is to be created -- usually exactly once.
- *
- */
-static int
-manifesto (char *dirname, char *install_script, PRBool recurse)
-{
- char metadir [FNSIZE], sfname [FNSIZE];
-
- /* Create the META-INF directory to hold signing info */
-
- if (PR_Access (dirname, PR_ACCESS_READ_OK))
- {
- PR_fprintf(errorFD, "%s: unable to read your directory: %s\n", PROGRAM_NAME,
- dirname);
- errorCount++;
- perror (dirname);
- exit (ERRX);
- }
-
- if (PR_Access (dirname, PR_ACCESS_WRITE_OK)) {
- PR_fprintf(errorFD, "%s: unable to write to your directory: %s\n",
- PROGRAM_NAME, dirname);
- errorCount++;
- perror(dirname);
- exit(ERRX);
- }
-
- sprintf (metadir, "%s/META-INF", dirname);
-
- strcpy (sfname, metadir);
-
- PR_MkDir (metadir, 0777);
-
- strcat (metadir, "/");
- strcat (metadir, MANIFEST);
-
- if ((mf = fopen (metadir, "wb")) == NULL)
- {
- perror (MANIFEST);
- PR_fprintf(errorFD, "%s: Probably, the directory you are trying to"
-
- " sign has\n", PROGRAM_NAME);
- PR_fprintf(errorFD, "%s: permissions problems or may not exist.\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "Generating %s file..\n", metadir);
- }
-
- fprintf(mf, "Manifest-Version: 1.0\n");
- fprintf (mf, "Created-By: %s\n", CREATOR);
- fprintf (mf, "Comments: %s\n", BREAKAGE);
-
- if (scriptdir)
- {
- fprintf (mf, "Comments: --\n");
- fprintf (mf, "Comments: --\n");
- fprintf (mf, "Comments: -- This archive signs Javascripts which may not necessarily\n");
- fprintf (mf, "Comments: -- be included in the physical jar file.\n");
- fprintf (mf, "Comments: --\n");
- fprintf (mf, "Comments: --\n");
- }
-
- if (install_script)
- fprintf (mf, "Install-Script: %s\n", install_script);
-
- if (metafile)
- add_meta (mf, "+");
-
- /* Loop through all files & subdirectories */
- foreach (dirname, "", manifesto_fn, recurse, PR_FALSE /*include dirs */,
- (void*)NULL);
-
- fclose (mf);
-
- strcat (sfname, "/");
- strcat (sfname, base);
- strcat (sfname, ".sf");
-
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "Generating %s.sf file..\n", base);
- }
- generate_SF_file (metadir, sfname);
-
- return 0;
-}
-
-/*
- * m a n i f e s t o _ f n
- *
- * Called by pointer from manifesto(), once for
- * each file within the directory.
- *
- */
-static int manifesto_fn
- (char *relpath, char *basedir, char *reldir, char *filename, void *arg)
-{
- int use_js;
-
- JAR_Digest dig;
- char fullname [FNSIZE];
-
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "--> %s\n", relpath);
- }
-
- /* extension matching */
- if(extensionsGiven) {
- char *ext;
-
- ext = PL_strrchr(relpath, '.');
- if(!ext) {
- return 0;
- } else {
- if(!PL_HashTableLookup(extensions, ext)) {
- return 0;
- }
- }
- }
-
- sprintf (fullname, "%s/%s", basedir, relpath);
-
- fprintf (mf, "\n");
-
- use_js = 0;
-
- if (scriptdir && !PORT_Strcmp (scriptdir, reldir))
- use_js++;
-
- /* sign non-.js files inside .arc directories
- using the javascript magic */
-
- if ( (PL_strcaserstr(filename, ".js") != filename + strlen(filename) - 3)
- && (PL_strcaserstr(reldir, ".arc") == reldir + strlen(filename)-4))
- use_js++;
-
- if (use_js)
- {
- fprintf (mf, "Name: %s\n", filename);
- fprintf (mf, "Magic: javascript\n");
-
- if (optimize == 0)
- fprintf (mf, "javascript.id: %s\n", filename);
-
- if (metafile)
- add_meta (mf, filename);
- }
- else
- {
- fprintf (mf, "Name: %s\n", relpath);
- if (metafile)
- add_meta (mf, relpath);
- }
-
- JAR_digest_file (fullname, &dig);
-
-
- if (optimize == 0)
- {
- fprintf (mf, "Digest-Algorithms: MD5 SHA1\n");
- fprintf (mf, "MD5-Digest: %s\n", BTOA_DataToAscii (dig.md5, MD5_LENGTH));
- }
-
- fprintf (mf, "SHA1-Digest: %s\n", BTOA_DataToAscii (dig.sha1, SHA1_LENGTH));
-
- if(!use_js) {
- JzipAdd(fullname, relpath, zipfile, compression_level);
- }
-
- return 0;
-}
-
-/*
- * a d d _ m e t a
- *
- * Parse the metainfo file, and add any details
- * necessary to the manifest file. In most cases you
- * should be using the -i option (ie, for SmartUpdate).
- *
- */
-static int add_meta (FILE *fp, char *name)
-{
- FILE *met;
- char buf [BUFSIZ];
-
- int place;
- char *pattern, *meta;
-
- int num = 0;
-
- if ((met = fopen (metafile, "r")) != NULL)
- {
- while (fgets (buf, BUFSIZ, met))
- {
- char *s;
-
- for (s = buf; *s && *s != '\n' && *s != '\r'; s++);
- *s = 0;
-
- if (*buf == 0)
- continue;
-
- pattern = buf;
-
- /* skip to whitespace */
- for (s = buf; *s && *s != ' ' && *s != '\t'; s++);
-
- /* terminate pattern */
- if (*s == ' ' || *s == '\t') *s++ = 0;
-
- /* eat through whitespace */
- while (*s == ' ' || *s == '\t') s++;
-
- meta = s;
-
- /* this will eventually be regexp matching */
-
- place = 0;
- if (!PORT_Strcmp (pattern, name))
- place = 1;
-
- if (place)
- {
- num++;
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "[%s] %s\n", name, meta);
- }
- fprintf (fp, "%s\n", meta);
- }
- }
- fclose (met);
- }
- else
- {
- PR_fprintf(errorFD, "%s: can't open metafile: %s\n", PROGRAM_NAME, metafile);
- errorCount++;
- exit (ERRX);
- }
-
- return num;
-}
-
-/**********************************************************************
- *
- * S i g n F i l e
- */
-static int
-SignFile (FILE *outFile, FILE *inFile, CERTCertificate *cert)
-{
- int nb;
- char ibuf[4096], digestdata[32];
- SECHashObject *hashObj;
- void *hashcx;
- unsigned int len;
-
- SECItem digest;
- SEC_PKCS7ContentInfo *cinfo;
- SECStatus rv;
-
- if (outFile == NULL || inFile == NULL || cert == NULL)
- return -1;
-
- /* XXX probably want to extend interface to allow other hash algorithms */
- hashObj = &SECHashObjects[HASH_AlgSHA1];
-
- hashcx = (* hashObj->create)();
- if (hashcx == NULL)
- return -1;
-
- (* hashObj->begin)(hashcx);
-
- for (;;)
- {
- if (feof(inFile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb == 0)
- {
- if (ferror(inFile))
- {
- PORT_SetError(SEC_ERROR_IO);
- (* hashObj->destroy)(hashcx, PR_TRUE);
- return -1;
- }
- /* eof */
- break;
- }
- (* hashObj->update)(hashcx, (unsigned char *) ibuf, nb);
- }
-
- (* hashObj->end)(hashcx, (unsigned char *) digestdata, &len, 32);
- (* hashObj->destroy)(hashcx, PR_TRUE);
-
- digest.data = (unsigned char *) digestdata;
- digest.len = len;
-
- cinfo = SEC_PKCS7CreateSignedData
- (cert, certUsageObjectSigner, NULL,
- SEC_OID_SHA1, &digest, NULL, NULL);
-
- if (cinfo == NULL)
- return -1;
-
- rv = SEC_PKCS7IncludeCertChain (cinfo, NULL);
- if (rv != SECSuccess)
- {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return -1;
- }
-
- if (no_time == 0)
- {
- rv = SEC_PKCS7AddSigningTime (cinfo);
- if (rv != SECSuccess)
- {
- /* don't check error */
- }
- }
-
- if(password) {
- rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL, password_hardcode,
- NULL);
- } else {
- rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL, SECU_GetPassword,
- NULL);
- }
-
-
- SEC_PKCS7DestroyContentInfo (cinfo);
-
- if (rv != SECSuccess)
- return -1;
-
- return 0;
-}
-
-/*
- * g e n e r a t e _ S F _ f i l e
- *
- * From the supplied manifest file, calculates
- * digests on the various sections, creating a .SF
- * file in the process.
- *
- */
-static int generate_SF_file (char *manifile, char *who)
-{
- FILE *sf;
- FILE *mf;
-
- long r1, r2, r3;
-
- char whofile [FNSIZE];
- char *buf, *name;
-
- JAR_Digest dig;
-
- int line = 0;
-
- strcpy (whofile, who);
-
- if ((mf = fopen (manifile, "rb")) == NULL)
- {
- perror (manifile);
- exit (ERRX);
- }
-
- if ((sf = fopen (whofile, "wb")) == NULL)
- {
- perror (who);
- exit (ERRX);
- }
-
- buf = (char *) PORT_ZAlloc (BUFSIZ);
-
- if (buf)
- name = (char *) PORT_ZAlloc (BUFSIZ);
-
- if (buf == NULL || name == NULL)
- out_of_memory();
-
- fprintf (sf, "Signature-Version: 1.0\n");
- fprintf (sf, "Created-By: %s\n", CREATOR);
- fprintf (sf, "Comments: %s\n", BREAKAGE);
-
- if (fgets (buf, BUFSIZ, mf) == NULL)
- {
- PR_fprintf(errorFD, "%s: empty manifest file!\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- if (strncmp (buf, "Manifest-Version:", 17))
- {
- PR_fprintf(errorFD, "%s: not a manifest file!\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- fseek (mf, 0L, SEEK_SET);
-
- /* Process blocks of headers, and calculate their hashen */
-
- while (1)
- {
- /* Beginning range */
- r1 = ftell (mf);
-
- if (fgets (name, BUFSIZ, mf) == NULL)
- break;
-
- line++;
-
- if (r1 != 0 && strncmp (name, "Name:", 5))
- {
- PR_fprintf(errorFD, "warning: unexpected input in manifest file \"%s\" at line %d:\n", manifile, line);
- PR_fprintf(errorFD, "%s\n", name);
- warningCount++;
- }
-
- while (fgets (buf, BUFSIZ, mf))
- {
- if (*buf == 0 || *buf == '\n' || *buf == '\r')
- break;
-
- line++;
-
- /* Ending range for hashing */
- r2 = ftell (mf);
- }
-
- r3 = ftell (mf);
-
- if (r1)
- {
- fprintf (sf, "\n");
- fprintf (sf, "%s", name);
- }
-
- calculate_MD5_range (mf, r1, r2, &dig);
-
- if (optimize == 0)
- {
- fprintf (sf, "Digest-Algorithms: MD5 SHA1\n");
- fprintf (sf, "MD5-Digest: %s\n",
- BTOA_DataToAscii (dig.md5, MD5_LENGTH));
- }
-
- fprintf (sf, "SHA1-Digest: %s\n",
- BTOA_DataToAscii (dig.sha1, SHA1_LENGTH));
-
- /* restore normalcy after changing offset position */
- fseek (mf, r3, SEEK_SET);
- }
-
- PORT_Free (buf);
- PORT_Free (name);
-
- fclose (sf);
- fclose (mf);
-
- return 0;
-}
-
-/*
- * c a l c u l a t e _ M D 5 _ r a n g e
- *
- * Calculate the MD5 digest on a range of bytes in
- * the specified fopen'd file. Returns base64.
- *
- */
-static int
-calculate_MD5_range (FILE *fp, long r1, long r2, JAR_Digest *dig)
-{
- int num;
- int range;
- unsigned char *buf;
-
- MD5Context *md5 = 0;
- SHA1Context *sha1 = 0;
-
- unsigned int sha1_length, md5_length;
-
- range = r2 - r1;
-
- /* position to the beginning of range */
- fseek (fp, r1, SEEK_SET);
-
- buf = (unsigned char *) PORT_ZAlloc (range);
- if (buf == NULL)
- out_of_memory();
-
- if ((num = fread (buf, 1, range, fp)) != range)
- {
- PR_fprintf(errorFD, "%s: expected %d bytes, got %d\n", PROGRAM_NAME,
- range, num);
- errorCount++;
- exit (ERRX);
- }
-
- md5 = MD5_NewContext();
- sha1 = SHA1_NewContext();
-
- if (md5 == NULL || sha1 == NULL)
- {
- PR_fprintf(errorFD, "%s: can't generate digest context\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- MD5_Begin (md5);
- SHA1_Begin (sha1);
-
- MD5_Update (md5, buf, range);
- SHA1_Update (sha1, buf, range);
-
- MD5_End (md5, dig->md5, &md5_length, MD5_LENGTH);
- SHA1_End (sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
-
- MD5_DestroyContext (md5, PR_TRUE);
- SHA1_DestroyContext (sha1, PR_TRUE);
-
- PORT_Free (buf);
-
- return 0;
-}
-
-static void SignOut (void *arg, const char *buf, unsigned long len)
-{
- fwrite (buf, len, 1, (FILE *) arg);
-}
diff --git a/security/nss/cmd/signtool/signtool.c b/security/nss/cmd/signtool/signtool.c
deleted file mode 100644
index eb9c43219..000000000
--- a/security/nss/cmd/signtool/signtool.c
+++ /dev/null
@@ -1,1011 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * SIGNTOOL
- *
- * A command line tool to create manifest files
- * from a directory hierarchy. It is assumed that
- * the tree will be equivalent to what resides
- * or will reside in an archive.
- *
- *
- */
-
-#include "signtool.h"
-#include <prmem.h>
-#include <prio.h>
-
-/***********************************************************************
- * Global Variable Definitions
- */
-char *progName; /* argv[0] */
-
-/* password on command line. Use for build testing only */
-char *password = NULL;
-
-/* directories or files to exclude in descent */
-PLHashTable *excludeDirs = NULL;
-static PRBool exclusionsGiven = PR_FALSE;
-
-/* zatharus is the man who knows no time, dies tragic death */
-int no_time = 0;
-
-/* -b basename of .rsa, .sf files */
-char *base = DEFAULT_BASE_NAME;
-
-/* Only sign files with this extension */
-PLHashTable *extensions=NULL;
-PRBool extensionsGiven = PR_FALSE;
-
-char *scriptdir = NULL;
-
-int verbosity = 0;
-
-PRFileDesc *outputFD=NULL, *errorFD=NULL;
-
-int errorCount=0, warningCount=0;
-
-int compression_level=DEFAULT_COMPRESSION_LEVEL;
-PRBool compression_level_specified = PR_FALSE;
-
-/* Command-line arguments */
-static char *genkey = NULL;
-static char *verify = NULL;
-static char *zipfile = NULL;
-static char *cert_dir = NULL;
-static int javascript = 0;
-static char *jartree = NULL;
-static char *keyName = NULL;
-static char *metafile = NULL;
-static char *install_script = NULL;
-static int list_certs = 0;
-static int list_modules = 0;
-static int optimize = 0;
-static char *tell_who = NULL;
-static char *outfile = NULL;
-static char *cmdFile = NULL;
-static PRBool noRecurse = PR_FALSE;
-static PRBool leaveArc = PR_FALSE;
-static int keySize = -1;
-static char *token = NULL;
-
-typedef enum {
- UNKNOWN_OPT,
- QUESTION_OPT,
- BASE_OPT,
- COMPRESSION_OPT,
- CERT_DIR_OPT,
- EXTENSION_OPT,
- INSTALL_SCRIPT_OPT,
- SCRIPTDIR_OPT,
- CERTNAME_OPT,
- LIST_OBJSIGN_CERTS_OPT,
- LIST_ALL_CERTS_OPT,
- METAFILE_OPT,
- OPTIMIZE_OPT,
- PASSWORD_OPT,
- VERIFY_OPT,
- WHO_OPT,
- EXCLUDE_OPT,
- NO_TIME_OPT,
- JAVASCRIPT_OPT,
- ZIPFILE_OPT,
- GENKEY_OPT,
- MODULES_OPT,
- NORECURSE_OPT,
- SIGNDIR_OPT,
- OUTFILE_OPT,
- COMMAND_FILE_OPT,
- LEAVE_ARC_OPT,
- VERBOSITY_OPT,
- KEYSIZE_OPT,
- TOKEN_OPT
-} OPT_TYPE;
-
-typedef enum {
- DUPLICATE_OPTION_ERR=0,
- OPTION_NEEDS_ARG_ERR
-} Error;
-
-static char *errStrings[] = {
-"warning: %s option specified more than once. Only last specification will be used.\n",
-"ERROR: option \"%s\" requires an argument.\n"
-};
-
-
-static int ProcessOneOpt(OPT_TYPE type, char *arg);
-
-/*********************************************************************
- *
- * P r o c e s s C o m m a n d F i l e
- */
-int
-ProcessCommandFile()
-{
- PRFileDesc *fd;
-#define CMD_FILE_BUFSIZE 1024
- char buf[CMD_FILE_BUFSIZE];
- char *equals;
- int linenum=0;
- int retval=-1;
- OPT_TYPE type;
-
- fd = PR_Open(cmdFile, PR_RDONLY, 0777);
- if(!fd) {
- PR_fprintf(errorFD, "ERROR: Unable to open command file %s.\n");
- errorCount++;
- return -1;
- }
-
- while(pr_fgets(buf, CMD_FILE_BUFSIZE, fd), buf && *buf!='\0') {
- char *eol;
- linenum++;
-
- /* Chop off final newline */
- eol = PL_strchr(buf, '\r');
- if(!eol) {
- eol = PL_strchr(buf, '\n');
- }
- if(eol) *eol = '\0';
-
- equals = PL_strchr(buf, '=');
- if(!equals) {
- continue;
- }
-
- *equals = '\0';
- equals++;
-
- /* Now buf points to the attribute, and equals points to the value. */
-
- /* This is pretty straightforward, just deal with whatever attribute
- * this is */
- if(!PL_strcasecmp(buf, "basename")) {
- type = BASE_OPT;
- } else if(!PL_strcasecmp(buf, "compression")) {
- type = COMPRESSION_OPT;
- } else if(!PL_strcasecmp(buf, "certdir")) {
- type = CERT_DIR_OPT;
- } else if(!PL_strcasecmp(buf, "extension")) {
- type = EXTENSION_OPT;
- } else if(!PL_strcasecmp(buf, "generate")) {
- type = GENKEY_OPT;
- } else if(!PL_strcasecmp(buf, "installScript")) {
- type = INSTALL_SCRIPT_OPT;
- } else if(!PL_strcasecmp(buf, "javascriptdir")) {
- type = SCRIPTDIR_OPT;
- } else if(!PL_strcasecmp(buf, "htmldir")) {
- type = JAVASCRIPT_OPT;
- if(jartree) {
- PR_fprintf(errorFD,
- "warning: directory to be signed specified more than once."
- " Only last specification will be used.\n");
- warningCount++;
- PR_Free(jartree); jartree=NULL;
- }
- jartree = PL_strdup(equals);
- } else if(!PL_strcasecmp(buf, "certname")) {
- type = CERTNAME_OPT;
- } else if(!PL_strcasecmp(buf, "signdir")) {
- type = SIGNDIR_OPT;
- } else if(!PL_strcasecmp(buf, "list")) {
- type = LIST_OBJSIGN_CERTS_OPT;
- } else if(!PL_strcasecmp(buf, "listall")) {
- type = LIST_ALL_CERTS_OPT;
- } else if(!PL_strcasecmp(buf, "metafile")) {
- type = METAFILE_OPT;
- } else if(!PL_strcasecmp(buf, "modules")) {
- type = MODULES_OPT;
- } else if(!PL_strcasecmp(buf, "optimize")) {
- type = OPTIMIZE_OPT;
- } else if(!PL_strcasecmp(buf, "password")) {
- type = PASSWORD_OPT;
- } else if(!PL_strcasecmp(buf, "verify")) {
- type = VERIFY_OPT;
- } else if(!PL_strcasecmp(buf, "who")) {
- type = WHO_OPT;
- } else if(!PL_strcasecmp(buf, "exclude")) {
- type = EXCLUDE_OPT;
- } else if(!PL_strcasecmp(buf, "notime")) {
- type = NO_TIME_OPT;
- } else if(!PL_strcasecmp(buf, "jarfile")) {
- type = ZIPFILE_OPT;
- } else if(!PL_strcasecmp(buf, "outfile")) {
- type = OUTFILE_OPT;
- } else if(!PL_strcasecmp(buf, "leavearc")) {
- type = LEAVE_ARC_OPT;
- } else if(!PL_strcasecmp(buf, "verbosity")) {
- type = VERBOSITY_OPT;
- } else if(!PL_strcasecmp(buf, "keysize")) {
- type = KEYSIZE_OPT;
- } else if(!PL_strcasecmp(buf, "token")) {
- type = TOKEN_OPT;
- } else {
- PR_fprintf(errorFD,
- "warning: unknown attribute \"%s\" in command file, line %d.\n",
- buf, linenum);
- warningCount++;
- type = UNKNOWN_OPT;
- }
-
- /* Process the option, whatever it is */
- if(type != UNKNOWN_OPT) {
- if(ProcessOneOpt(type, equals)==-1) {
- goto finish;
- }
- }
- }
-
- retval = 0;
-
-finish:
- PR_Close(fd);
- return retval;
-}
-
-/*********************************************************************
- *
- * p a r s e _ a r g s
- */
-static int
-parse_args(int argc, char *argv[])
-{
- char *opt;
- char *arg;
- int needsInc;
- int i;
- OPT_TYPE type;
-
- /* Loop over all arguments */
- for(i=1; i < argc; i++) {
- opt = argv[i];
- arg = NULL;
-
- if(opt[0] == '-') {
- if(opt[1] == '-') {
- /* word option */
- if(i < argc-1) {
- needsInc = 1;
- arg = argv[i+1];
- } else {
- needsInc = 0;
- arg = NULL;
- }
-
- if( !PL_strcasecmp(opt+2, "norecurse")) {
- type = NORECURSE_OPT;
- } else if( !PL_strcasecmp(opt+2, "leavearc")) {
- type = LEAVE_ARC_OPT;
- } else if( !PL_strcasecmp(opt+2, "verbosity")) {
- type = VERBOSITY_OPT;
- } else if( !PL_strcasecmp(opt+2, "outfile")) {
- type = OUTFILE_OPT;
- } else if( !PL_strcasecmp(opt+2, "keysize")) {
- type = KEYSIZE_OPT;
- } else if( !PL_strcasecmp(opt+2, "token")) {
- type = TOKEN_OPT;
- } else {
- PR_fprintf(errorFD, "warning: unknown option: %s\n", opt);
- warningCount++;
- type = UNKNOWN_OPT;
- }
- } else {
- /* char option */
- if(opt[2]!='\0') {
- needsInc = 0;
- arg = opt+2;
- } else if(i < argc-1) {
- needsInc = 1;
- arg = argv[i+1];
- } else {
- needsInc = 0;
- arg = NULL;
- }
-
- switch(opt[1]) {
- case '?':
- type = QUESTION_OPT;
- break;
- case 'b':
- type = BASE_OPT;
- break;
- case 'c':
- type = COMPRESSION_OPT;
- break;
- case 'd':
- type = CERT_DIR_OPT;
- break;
- case 'e':
- type = EXTENSION_OPT;
- break;
- case 'f':
- type = COMMAND_FILE_OPT;
- break;
- case 'i':
- type = INSTALL_SCRIPT_OPT;
- break;
- case 'j':
- type = SCRIPTDIR_OPT;
- break;
- case 'k':
- type = CERTNAME_OPT;
- break;
- case 'l':
- type = LIST_OBJSIGN_CERTS_OPT;
- break;
- case 'L':
- type = LIST_ALL_CERTS_OPT;
- break;
- case 'm':
- type = METAFILE_OPT;
- break;
- case 'o':
- type = OPTIMIZE_OPT;
- break;
- case 'p':
- type = PASSWORD_OPT;
- break;
- case 'v':
- type = VERIFY_OPT;
- break;
- case 'w':
- type = WHO_OPT;
- break;
- case 'x':
- type = EXCLUDE_OPT;
- break;
- case 'z':
- type = NO_TIME_OPT;
- break;
- case 'J':
- type = JAVASCRIPT_OPT;
- break;
- case 'Z':
- type = ZIPFILE_OPT;
- break;
- case 'G':
- type = GENKEY_OPT;
- break;
- case 'M':
- type = MODULES_OPT;
- break;
- case 's':
- type = KEYSIZE_OPT;
- break;
- case 't':
- type = TOKEN_OPT;
- break;
- default:
- type = UNKNOWN_OPT;
- PR_fprintf(errorFD, "warning: unrecognized option: -%c.\n",
- opt[1]);
- warningCount++;
- break;
- }
- }
- } else {
- if(i == argc-1) {
- type = UNKNOWN_OPT;
- if(jartree) {
- PR_fprintf(errorFD,
- "warning: directory to be signed specified more than once."
- " Only last specification will be used.\n");
- warningCount++;
- PR_Free(jartree); jartree = NULL;
- }
- jartree = PL_strdup(opt);
- } else {
- type = UNKNOWN_OPT;
- PR_fprintf(errorFD, "warning: unrecognized option: %s\n", opt);
- warningCount++;
- }
- }
-
- if(type != UNKNOWN_OPT) {
- short ateArg;
-
- ateArg = ProcessOneOpt(type, arg);
- if(ateArg==-1) {
- /* error */
- return -1;
- } else if(ateArg && needsInc) {
- i++;
- }
- }
- }
-
- return 0;
-}
-
-/*********************************************************************
- *
- * P r o c e s s O n e O p t
- *
- * Since options can come from different places (command file, word options,
- * char options), this is a central function that is called to deal with
- * them no matter where they come from.
- *
- * type is the type of option.
- * arg is the argument to the option, possibly NULL.
- * Returns 1 if the argument was eaten, 0 if it wasn't, and -1 for error.
- */
-static int
-ProcessOneOpt(OPT_TYPE type, char *arg)
-{
- int ate=0;
-
- switch(type) {
- case QUESTION_OPT:
- usage();
- break;
- case BASE_OPT:
- if(base) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-b");
- warningCount++;
- PR_Free(base); base=NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-b");
- errorCount++;
- goto loser;
- }
- base = PL_strdup(arg);
- ate = 1;
- break;
- case COMPRESSION_OPT:
- if(compression_level_specified) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-c");
- warningCount++;
- }
- if( !arg ) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-c");
- errorCount++;
- goto loser;
- }
- compression_level = atoi(arg);
- compression_level_specified = PR_TRUE;
- ate = 1;
- break;
- case CERT_DIR_OPT:
- if(cert_dir) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-d");
- warningCount++;
- PR_Free(cert_dir); cert_dir = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-d");
- errorCount++;
- goto loser;
- }
- cert_dir = PL_strdup(arg);
- ate = 1;
- break;
- case EXTENSION_OPT:
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "extension (-e)");
- errorCount++;
- goto loser;
- }
- PL_HashTableAdd(extensions, arg, arg);
- extensionsGiven = PR_TRUE;
- ate = 1;
- break;
- case INSTALL_SCRIPT_OPT:
- if(install_script) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "installScript (-i)");
- warningCount++;
- PR_Free(install_script); install_script = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "installScript (-i)");
- errorCount++;
- goto loser;
- }
- install_script = PL_strdup(arg);
- ate = 1;
- break;
- case SCRIPTDIR_OPT:
- if(scriptdir) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "javascriptdir (-j)");
- warningCount++;
- PR_Free(scriptdir); scriptdir = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "javascriptdir (-j)");
- errorCount++;
- goto loser;
- }
- scriptdir = PL_strdup(arg);
- ate = 1;
- break;
- case CERTNAME_OPT:
- if(keyName) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "keyName (-k)");
- warningCount++;
- PR_Free(keyName); keyName = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "keyName (-k)");
- errorCount++;
- goto loser;
- }
- keyName = PL_strdup(arg);
- ate = 1;
- break;
- case LIST_OBJSIGN_CERTS_OPT:
- case LIST_ALL_CERTS_OPT:
- if(list_certs != 0) {
- PR_fprintf(errorFD,
- "warning: only one of -l and -L may be specified.\n");
- warningCount++;
- }
- list_certs = (type==LIST_OBJSIGN_CERTS_OPT ? 1 : 2);
- break;
- case METAFILE_OPT:
- if(metafile) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "metafile (-m)");
- warningCount++;
- PR_Free(metafile); metafile = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "metafile (-m)");
- errorCount++;
- goto loser;
- }
- metafile = PL_strdup(arg);
- ate = 1;
- break;
- case OPTIMIZE_OPT:
- optimize = 1;
- break;
- case PASSWORD_OPT:
- if(password) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "password (-p)");
- warningCount++;
- PR_Free(password); password= NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "password (-p)");
- errorCount++;
- goto loser;
- }
- password = PL_strdup(arg);
- ate = 1;
- break;
- case VERIFY_OPT:
- if(verify) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "verify (-v)");
- warningCount++;
- PR_Free(verify); verify = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "verify (-v)");
- errorCount++;
- goto loser;
- }
- verify = PL_strdup(arg);
- ate = 1;
- break;
- case WHO_OPT:
- if(tell_who) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "who (-v)");
- warningCount++;
- PR_Free(tell_who); tell_who = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "who (-w)");
- errorCount++;
- goto loser;
- }
- tell_who = PL_strdup(arg);
- ate = 1;
- break;
- case EXCLUDE_OPT:
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "exclude (-x)");
- errorCount++;
- goto loser;
- }
- PL_HashTableAdd(excludeDirs, arg, arg);
- exclusionsGiven = PR_TRUE;
- ate = 1;
- break;
- case NO_TIME_OPT:
- no_time = 1;
- break;
- case JAVASCRIPT_OPT:
- javascript++;
- break;
- case ZIPFILE_OPT:
- if(zipfile) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "jarfile (-Z)");
- warningCount++;
- PR_Free(zipfile); zipfile = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "jarfile (-Z)");
- errorCount++;
- goto loser;
- }
- zipfile = PL_strdup(arg);
- ate = 1;
- break;
- case GENKEY_OPT:
- if(genkey) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "generate (-G)");
- warningCount++;
- PR_Free(zipfile); zipfile = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "generate (-G)");
- errorCount++;
- goto loser;
- }
- genkey = PL_strdup(arg);
- ate = 1;
- break;
- case MODULES_OPT:
- list_modules++;
- break;
- case SIGNDIR_OPT:
- if(jartree) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "signdir");
- warningCount++;
- PR_Free(jartree); jartree = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "signdir");
- errorCount++;
- goto loser;
- }
- jartree = PL_strdup(arg);
- ate = 1;
- break;
- case OUTFILE_OPT:
- if(outfile) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "outfile");
- warningCount++;
- PR_Free(outfile); outfile = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "outfile");
- errorCount++;
- goto loser;
- }
- outfile = PL_strdup(arg);
- ate = 1;
- break;
- case COMMAND_FILE_OPT:
- if(cmdFile) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-f");
- warningCount++;
- PR_Free(cmdFile); cmdFile = NULL;
- }
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-f");
- errorCount++;
- goto loser;
- }
- cmdFile = PL_strdup(arg);
- ate = 1;
- break;
- case NORECURSE_OPT:
- noRecurse = PR_TRUE;
- break;
- case LEAVE_ARC_OPT:
- leaveArc = PR_TRUE;
- break;
- case VERBOSITY_OPT:
- if(!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "--verbosity");
- errorCount++;
- goto loser;
- }
- verbosity = atoi(arg);
- ate = 1;
- break;
- case KEYSIZE_OPT:
- if( keySize != -1 ) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-s");
- warningCount++;
- }
- keySize = atoi(arg);
- ate = 1;
- if( keySize < 1 || keySize > MAX_RSA_KEY_SIZE ) {
- PR_fprintf(errorFD, "Invalid key size: %d.\n", keySize);
- errorCount++;
- goto loser;
- }
- break;
- case TOKEN_OPT:
- if( token ) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-t");
- PR_Free(token); token = NULL;
- }
- if( ! arg ) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-t");
- errorCount++;
- goto loser;
- }
- token = PL_strdup(arg);
- ate = 1;
- break;
- default:
- PR_fprintf(errorFD, "warning: unknown option\n");
- warningCount++;
- break;
- }
-
- return ate;
-loser:
- return -1;
-}
-
-
-/*********************************************************************
- *
- * m a i n
- */
-int
-main(int argc, char *argv[])
-{
- PRBool readOnly;
- int retval=0;
-
- outputFD = PR_STDOUT;
- errorFD = PR_STDERR;
-
- progName = argv[0];
-
- if (argc < 2)
- {
- usage();
- }
-
- excludeDirs = PL_NewHashTable(10, PL_HashString, PL_CompareStrings,
- PL_CompareStrings, NULL, NULL);
- extensions = PL_NewHashTable(10, PL_HashString, PL_CompareStrings,
- PL_CompareStrings, NULL, NULL);
-
- if(parse_args(argc, argv)) {
- retval = -1;
- goto cleanup;
- }
-
- /* Parse the command file if one was given */
- if(cmdFile) {
- if(ProcessCommandFile()) {
- retval = -1;
- goto cleanup;
- }
- }
-
- /* Set up output redirection */
- if(outfile) {
- if(PR_Access(outfile, PR_ACCESS_EXISTS)==PR_SUCCESS) {
- /* delete the file if it is already present */
- PR_fprintf(errorFD,
- "warning: %s already exists and will be overwritten.\n",
- outfile);
- warningCount++;
- if(PR_Delete(outfile) != PR_SUCCESS) {
- PR_fprintf(errorFD, "ERROR: unable to delete %s.\n", outfile);
- errorCount++;
- exit(ERRX);
- }
- }
- outputFD = PR_Open(outfile,
- PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 0777);
- if(!outputFD) {
- PR_fprintf(errorFD, "ERROR: Unable to create %s.\n", outfile);
- errorCount++;
- exit(ERRX);
- }
- errorFD = outputFD;
- }
-
- /* This seems to be a fairly common user error */
-
- if (verify && list_certs > 0)
- {
- PR_fprintf (errorFD, "%s: Can't use -l and -v at the same time\n",
- PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto cleanup;
- }
-
- /* -J assumes -Z now */
-
- if (javascript && zipfile)
- {
- PR_fprintf (errorFD, "%s: Can't use -J and -Z at the same time\n",
- PROGRAM_NAME);
- PR_fprintf (errorFD, "%s: -J option will create the jar files for you\n",
- PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto cleanup;
- }
-
- /* Less common mixing of -L with various options */
-
- if (list_certs > 0 &&
- (tell_who || zipfile || javascript ||
- scriptdir || extensionsGiven || exclusionsGiven || install_script)) {
- PR_fprintf(errorFD, "%s: Can't use -l or -L with that option\n",
- PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto cleanup;
- }
-
-
- if (!cert_dir)
- cert_dir = get_default_cert_dir();
-
- VerifyCertDir(cert_dir, keyName);
-
-
- if( compression_level < MIN_COMPRESSION_LEVEL ||
- compression_level > MAX_COMPRESSION_LEVEL) {
- PR_fprintf(errorFD, "Compression level must be between %d and %d.\n",
- MIN_COMPRESSION_LEVEL, MAX_COMPRESSION_LEVEL);
- errorCount++;
- retval = -1;
- goto cleanup;
- }
-
- if(jartree && !keyName) {
- PR_fprintf(errorFD, "You must specify a key with which to sign.\n");
- errorCount++;
- retval = -1;
- goto cleanup;
- }
-
- readOnly = (genkey == NULL); /* only key generation requires write */
- if(InitCrypto(cert_dir, readOnly)) {
- PR_fprintf(errorFD, "ERROR: Cryptographic initialization failed.\n");
- errorCount++;
- retval = -1;
- goto cleanup;
- }
-
- if (verify)
- {
- VerifyJar(verify);
- }
- else if (list_certs)
- {
- ListCerts(keyName, list_certs);
- }
- else if (list_modules)
- {
- JarListModules();
- }
- else if (genkey)
- {
- GenerateCert(genkey, keySize, token);
- }
- else if (tell_who)
- {
- JarWho(tell_who);
- }
- else if (javascript && jartree)
- {
- /* make sure directory exists */
- PRDir *dir;
- dir = PR_OpenDir(jartree);
- if(!dir) {
- PR_fprintf(errorFD, "ERROR: unable to open directory %s.\n", jartree);
- errorCount++;
- retval = -1;
- goto cleanup;
- } else {
- PR_CloseDir(dir);
- }
-
- /* undo junk from prior runs of signtool*/
- if(RemoveAllArc(jartree)) {
- PR_fprintf(errorFD, "Error removing archive directories under %s\n", jartree);
- errorCount++;
- retval = -1;
- goto cleanup;
- }
-
- /* traverse all the htm|html files in the directory */
- if(InlineJavaScript(jartree, !noRecurse)) {
- retval = -1;
- goto cleanup;
- }
-
- /* sign any resultant .arc directories created in above step */
- SignAllArc(jartree, keyName, javascript, metafile, install_script,
- optimize, !noRecurse);
-
- if(!leaveArc) {
- RemoveAllArc(jartree);
- }
-
- if(errorCount>0 || warningCount>0) {
- PR_fprintf(outputFD, "%d error%s, %d warning%s.\n", errorCount,
- errorCount==1?"":"s", warningCount, warningCount==1?"":"s");
- } else {
- PR_fprintf(outputFD, "Directory %s signed successfully.\n", jartree);
- }
- } else if (jartree)
- {
- SignArchive(jartree, keyName, zipfile, javascript, metafile,
- install_script, optimize, !noRecurse);
- }
- else
- usage();
-
-cleanup:
- if(extensions) {
- PL_HashTableDestroy(extensions); extensions = NULL;
- }
- if(excludeDirs) {
- PL_HashTableDestroy(excludeDirs); excludeDirs = NULL;
- }
- if(outputFD != PR_STDOUT) {
- PR_Close(outputFD);
- }
- rm_dash_r(TMP_OUTPUT);
- return retval;
-}
-
diff --git a/security/nss/cmd/signtool/signtool.h b/security/nss/cmd/signtool/signtool.h
deleted file mode 100644
index bd00ac23b..000000000
--- a/security/nss/cmd/signtool/signtool.h
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef SIGNTOOL_H
-#define SIGNTOOL_H
-
-#define DJN_TEST
-
-#include <stdio.h>
-#include <string.h>
-
-#include "errno.h"
-#include "prprf.h"
-#include "prio.h"
-#include "secutil.h"
-#include "jar.h"
-#include "jarfile.h"
-#include "secpkcs7.h"
-#include "pk11func.h"
-#include "secmod.h"
-#include "plhash.h"
-
-#ifdef _UNIX
-#include <unistd.h>
-#endif
-
-/**********************************************************************
- * General Defines
- */
-#define JAR_BASE_END JAR_BASE + 100
-#define ERRX (-1) /* the exit code used on failure */
-#define FNSIZE 256 /* the maximum length for filenames */
-#define MAX_RSA_KEY_SIZE 4096
-#define DEFAULT_RSA_KEY_SIZE 1024
-#define MANIFEST "manifest.mf"
-#define DEFAULT_X509_BASENAME "x509"
-#define DEFAULT_COMMON_NAME "Signtool 1.3 Testing Certificate"
-#define CREATOR "Signtool (signtool 1.3)"
-#define BREAKAGE "PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT."
-#define MIN_COMPRESSION_LEVEL (-1)
-#define MAX_COMPRESSION_LEVEL 9
-#define DEFAULT_COMPRESSION_LEVEL (-1) /* zlib understands this to be default*/
-#define STDIN_BUF_SIZE 160
-#define PROGRAM_NAME "signtool"
-#define LONG_PROGRAM_NAME "Signing Tool"
-#define DEFAULT_BASE_NAME "zigbert"
-#define VERSION "1.3"
-#define TMP_OUTPUT "signtool.tmp"
-
-
-/***************************************************************
- * Main Task Functions
- */
-void GenerateCert(char *nickname, int keysize, char *token);
-int ListCerts(char *key, int list_certs);
-int VerifyJar(char *filename);
-int SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
- char *meta_file, char *install_script, int _optimize, PRBool recurse);
-int SignAllArc(char *jartree, char *keyName, int javascript, char *metafile,
- char *install_script, int optimize, PRBool recurse);
-int InlineJavaScript(char *dir, PRBool recurse);
-void JarWho(char *filename);
-void JarListModules(void);
-
-/**************************************************************
- * Utility Functions
- */
-CERTCertDBHandle *OpenCertDB (PRBool readOnly);
-
-int RemoveAllArc(char *tree);
-void VerifyCertDir(char *dir, char *keyName);
-int InitCrypto(char *cert_dir, PRBool readOnly);
-int foreach (char *dirname, char *prefix,
- int (*fn)(char *filename, char *dirname, char *basedir,char *base,void*arg),
- PRBool recurse, PRBool includeDirs, void *arg);
-void print_error (int i);
-void give_help (int status);
-const char* secErrorString(long code);
-void displayVerifyLog(CERTVerifyLog *log);
-void usage (void);
-char* chop(char*);
-void out_of_memory(void);
-void FatalError(char *msg);
-char* get_default_cert_dir(void);
-SECItem *password_hardcode(void *arg, SECKEYKeyDBHandle *handle);
-char* pk11_password_hardcode(PK11SlotInfo *slot, PRBool retry, void *arg);
-int rm_dash_r(char *path);
-char* pr_fgets(char *buf, int size, PRFileDesc *file);
-
-
-/*****************************************************************
- * Global Variables (*gag*)
- */
-extern char *password; /* the password passed in on the command line */
-extern PLHashTable *excludeDirs; /* directory entry to skip while recursing */
-extern int no_time;
-extern char *base; /* basename of ".rsa" and ".sf" files */
-extern long *mozilla_event_queue;
-extern char *progName; /* argv[0] */
-extern PLHashTable *extensions;/* only sign files with this extension */
-extern PRBool extensionsGiven;
-extern char *scriptdir;
-extern int compression_level;
-extern PRFileDesc *outputFD, *errorFD;
-extern int verbosity;
-extern int errorCount;
-extern int warningCount;
-
-#endif /* SIGNTOOL_H */
diff --git a/security/nss/cmd/signtool/util.c b/security/nss/cmd/signtool/util.c
deleted file mode 100644
index 76d1487f0..000000000
--- a/security/nss/cmd/signtool/util.c
+++ /dev/null
@@ -1,1012 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "signtool.h"
-#include "cdbhdl.h"
-#include "prio.h"
-#include "prmem.h"
-
-static int is_dir (char *filename);
-static char *certDBNameCallback(void *arg, int dbVersion);
-
-/***********************************************************************
- *
- * O p e n C e r t D B
- */
-CERTCertDBHandle *
-OpenCertDB(PRBool readOnly)
-{
- CERTCertDBHandle *db;
- SECStatus rv;
-
- /* Allocate a handle to fill with CERT_OpenCertDB below */
- db = (CERTCertDBHandle *) PORT_ZAlloc (sizeof(CERTCertDBHandle));
- if (db == NULL)
- {
- SECU_PrintError(progName, "unable to get database handle");
- return NULL;
- }
-
- rv = CERT_OpenCertDB (db, readOnly, certDBNameCallback, NULL);
-
- if (rv)
- {
- SECU_PrintError(progName, "could not open certificate database");
- if (db) PORT_Free (db);
- return NULL;
- }
- else
- {
- CERT_SetDefaultCertDB(db);
- }
-
- return db;
-}
-
-/***********************************************************
- * Nasty hackish function definitions
- */
-
-long *mozilla_event_queue = 0;
-
-#ifndef XP_WIN
-char *XP_GetString (int i)
-{
- return SECU_ErrorStringRaw ((int16) i);
-}
-#endif
-
-void FE_SetPasswordEnabled()
-{
-}
-
-void /*MWContext*/ *FE_GetInitContext (void)
-{
- return 0;
-}
-
-void /*MWContext*/ *XP_FindSomeContext()
-{
- /* No windows context in command tools */
- return NULL;
-}
-
-void ET_moz_CallFunction()
-{
-}
-
-
-/*
- * R e m o v e A l l A r c
- *
- * Remove .arc directories that are lingering
- * from a previous run of signtool.
- *
- */
-int
-RemoveAllArc(char *tree)
-{
- PRDir *dir;
- PRDirEntry *entry;
- char *archive=NULL;
- int retval = 0;
-
- dir = PR_OpenDir (tree);
- if (!dir) return -1;
-
- for (entry = PR_ReadDir (dir,0); entry; entry = PR_ReadDir (dir,0)) {
-
- if(entry->name[0] == '.') {
- continue;
- }
-
- if(archive) PR_Free(archive);
- archive = PR_smprintf("%s/%s", tree, entry->name);
-
- if (PL_strcaserstr (entry->name, ".arc")
- == (entry->name + strlen(entry->name) - 4) ) {
-
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "removing: %s\n", archive);
- }
-
- if(rm_dash_r(archive)) {
- PR_fprintf(errorFD, "Error removing %s\n", archive);
- errorCount++;
- retval = -1;
- goto finish;
- }
- } else if(is_dir(archive)) {
- if(RemoveAllArc(archive)) {
- retval = -1;
- goto finish;
- }
- }
- }
-
-finish:
- PR_CloseDir (dir);
- if(archive) PR_Free(archive);
-
- return retval;
-}
-
-/*
- * r m _ d a s h _ r
- *
- * Remove a file, or a directory recursively.
- *
- */
-int rm_dash_r (char *path)
-{
- PRDir *dir;
- PRDirEntry *entry;
- PRFileInfo fileinfo;
- char filename[FNSIZE];
-
- if(PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) {
- /*fprintf(stderr, "Error: Unable to access %s\n", filename);*/
- return -1;
- }
- if(fileinfo.type == PR_FILE_DIRECTORY) {
-
- dir = PR_OpenDir(path);
- if(!dir) {
- PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
- errorCount++;
- return -1;
- }
-
- /* Recursively delete all entries in the directory */
- while((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
- sprintf(filename, "%s/%s", path, entry->name);
- if(rm_dash_r(filename)) return -1;
- }
-
- if(PR_CloseDir(dir) != PR_SUCCESS) {
- PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
- errorCount++;
- return -1;
- }
-
- /* Delete the directory itself */
- if(PR_RmDir(path) != PR_SUCCESS) {
- PR_fprintf(errorFD, "Error: Unable to delete %s\n", path);
- errorCount++;
- return -1;
- }
- } else {
- if(PR_Delete(path) != PR_SUCCESS) {
- PR_fprintf(errorFD, "Error: Unable to delete %s\n", path);
- errorCount++;
- return -1;
- }
- }
- return 0;
-}
-
-/*
- * u s a g e
- *
- * Print some useful help information
- *
- */
-void
-usage (void)
-{
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, "%s %s - a signing tool for jar files\n", LONG_PROGRAM_NAME, VERSION);
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, "Usage: %s [options] directory-tree \n\n", PROGRAM_NAME);
- PR_fprintf(outputFD, " -b\"basename\"\t\tbasename of .sf, .rsa files for signing\n");
- PR_fprintf(outputFD, " -c#\t\t\t\tCompression level, 0-9, 0=none\n");
- PR_fprintf(outputFD, " -d\"certificate directory\"\tcontains cert*.db and key*.db\n");
- PR_fprintf(outputFD, " -e\".ext\"\t\t\tsign only files with this extension\n");
- PR_fprintf(outputFD, " -f\"filename\"\t\t\tread commands from file\n");
- PR_fprintf(outputFD, " -G\"nickname\"\t\tcreate object-signing cert with this nickname\n");
- PR_fprintf(outputFD, " -i\"installer script\"\tassign installer javascript\n");
- PR_fprintf(outputFD, " -j\"javascript directory\"\tsign javascript files in this subtree\n");
- PR_fprintf(outputFD, " -J\t\t\t\tdirectory contains HTML files. Javascript will\n"
- "\t\t\t\tbe extracted and signed.\n");
- PR_fprintf(outputFD, " -k\"cert nickname\"\t\tsign with this certificate\n");
- PR_fprintf(outputFD, " --leavearc\t\t\tdo not delete .arc directories created\n"
- "\t\t\t\tby -J option\n");
- PR_fprintf(outputFD, " -m\"metafile\"\t\tinclude custom meta-information\n");
- PR_fprintf(outputFD, " --norecurse\t\t\tdo not operate on subdirectories\n");
- PR_fprintf(outputFD, " -o\t\t\t\toptimize - omit optional headers\n");
- PR_fprintf(outputFD, " --outfile \"filename\"\tredirect output to file\n");
- PR_fprintf(outputFD, " -p\"password\"\t\tfor password on command line (insecure)\n");
- PR_fprintf(outputFD, " -s keysize\t\t\tkeysize in bits of generated cert\n");
- PR_fprintf(outputFD, " -t token\t\t\tname of token on which to generate cert\n");
- PR_fprintf(outputFD, " --verbosity #\t\tSet amount of debugging information to generate.\n"
- "\t\t\t\tLower number means less output, 0 is default.\n");
- PR_fprintf(outputFD, " -x\"name\"\t\t\tdirectory or filename to exclude\n");
- PR_fprintf(outputFD, " -z\t\t\t\tomit signing time from signature\n");
- PR_fprintf(outputFD, " -Z\"jarfile\"\t\t\tcreate JAR file with the given name.\n"
- "\t\t\t\t(Default compression level is 6.)\n");
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, "%s -l\n", PROGRAM_NAME);
- PR_fprintf(outputFD, " lists the signing certificates in your database\n");
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, "%s -L\n", PROGRAM_NAME);
- PR_fprintf(outputFD, " lists all certificates in your database, marks object-signing certificates\n");
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, "%s -M\n", PROGRAM_NAME);
- PR_fprintf(outputFD, " lists the PKCS #11 modules available to %s\n", PROGRAM_NAME);
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, "%s -v file.jar\n", PROGRAM_NAME);
- PR_fprintf(outputFD, " show the contents of the specified jar file\n");
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, "%s -w file.jar\n", PROGRAM_NAME);
- PR_fprintf(outputFD, " if valid, tries to tell you who signed the jar file\n");
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, "For more details, visit\n");
- PR_fprintf(outputFD,
-" http://developer.netscape.com/library/documentation/signedobj/signtool/\n");
-
- exit (0);
-}
-
-/*
- * p r i n t _ e r r o r
- *
- * For the undocumented -E function. If an older version
- * of communicator gives you a numeric error, we can see what
- * really happened without doing hex math.
- *
- */
-
-void
-print_error (int err)
-{
- PR_fprintf(errorFD, "Error %d: %s\n", err, JAR_get_error (err));
- errorCount++;
- give_help (err);
-}
-
-/*
- * o u t _ o f _ m e m o r y
- *
- * Out of memory, exit Signtool.
- *
- */
-void
-out_of_memory (void)
-{
- PR_fprintf(errorFD, "%s: out of memory\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
-}
-
-/*
- * V e r i f y C e r t D i r
- *
- * Validate that the specified directory
- * contains a certificate database
- *
- */
-void
-VerifyCertDir(char *dir, char *keyName)
-{
- char fn [FNSIZE];
-
- sprintf (fn, "%s/cert7.db", dir);
-
- if (PR_Access (fn, PR_ACCESS_EXISTS))
- {
- PR_fprintf(errorFD, "%s: No certificate database in \"%s\"\n", PROGRAM_NAME,
- dir);
- PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "using certificate directory: %s\n", dir);
- }
-
- if (keyName == NULL)
- return;
-
- /* if the user gave the -k key argument, verify that
- a key database already exists */
-
- sprintf (fn, "%s/key3.db", dir);
-
- if (PR_Access (fn, PR_ACCESS_EXISTS))
- {
- PR_fprintf(errorFD, "%s: No private key database in \"%s\"\n", PROGRAM_NAME,
- dir);
- PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-}
-
-/*
- * f o r e a c h
- *
- * A recursive function to loop through all names in
- * the specified directory, as well as all subdirectories.
- *
- * FIX: Need to see if all platforms allow multiple
- * opendir's to be called.
- *
- */
-
-int
-foreach(char *dirname, char *prefix,
- int (*fn)(char *relpath, char *basedir, char *reldir, char *filename,
- void* arg),
- PRBool recurse, PRBool includeDirs, void *arg) {
- char newdir [FNSIZE];
- int retval = 0;
-
- PRDir *dir;
- PRDirEntry *entry;
-
- strcpy (newdir, dirname);
- if (*prefix) {
- strcat (newdir, "/");
- strcat (newdir, prefix);
- }
-
- dir = PR_OpenDir (newdir);
- if (!dir) return -1;
-
- for (entry = PR_ReadDir (dir,0); entry; entry = PR_ReadDir (dir,0)) {
- if (*entry->name == '.' || *entry->name == '#')
- continue;
-
- /* can't sign self */
- if (!strcmp (entry->name, "META-INF"))
- continue;
-
- /* -x option */
- if (PL_HashTableLookup(excludeDirs, entry->name))
- continue;
-
- strcpy (newdir, dirname);
- if (*dirname)
- strcat (newdir, "/");
-
- if (*prefix) {
- strcat (newdir, prefix);
- strcat (newdir, "/");
- }
- strcat (newdir, entry->name);
-
- if(!is_dir(newdir) || includeDirs) {
- char newpath [FNSIZE];
-
- strcpy (newpath, prefix);
- if (*newpath)
- strcat (newpath, "/");
- strcat (newpath, entry->name);
-
- if( (*fn) (newpath, dirname, prefix, (char *) entry->name, arg)) {
- retval = -1;
- break;
- }
- }
-
- if (is_dir (newdir)) {
- if(recurse) {
- char newprefix [FNSIZE];
-
- strcpy (newprefix, prefix);
- if (*newprefix) {
- strcat (newprefix, "/");
- }
- strcat (newprefix, entry->name);
-
- if(foreach (dirname, newprefix, fn, recurse, includeDirs,arg)) {
- retval = -1;
- break;
- }
- }
- }
-
- }
-
- PR_CloseDir (dir);
-
- return retval;
-}
-
-/*
- * i s _ d i r
- *
- * Return 1 if file is a directory.
- * Wonder if this runs on a mac, trust not.
- *
- */
-static int is_dir (char *filename)
-{
- PRFileInfo finfo;
-
- if( PR_GetFileInfo(filename, &finfo) != PR_SUCCESS ) {
- printf("Unable to get information about %s\n", filename);
- return 0;
- }
-
- return ( finfo.type == PR_FILE_DIRECTORY );
-}
-
-/*
- * p a s s w o r d _ h a r d c o d e
- *
- * A function to use the password passed in the -p(password) argument
- * of the command line. This is only to be used for build & testing purposes,
- * as it's extraordinarily insecure.
- *
- * After use once, null it out otherwise PKCS11 calls us forever.
- *
- */
-SECItem *
-password_hardcode(void *arg, SECKEYKeyDBHandle *handle)
-{
- SECItem *pw = NULL;
- if (password) {
- pw = SECITEM_AllocItem(NULL, NULL, PL_strlen(password));
- pw->data = PL_strdup(password);
- password = NULL;
- }
- return pw;
-}
-
-char *
-pk11_password_hardcode(PK11SlotInfo *slot, PRBool retry, void *arg)
-{
- char *pw;
- pw = password ? PORT_Strdup (password) : NULL;
- password = NULL;
- return pw;
-}
-
-/************************************************************************
- *
- * c e r t D B N a m e C a l l b a c k
- */
-static char *
-certDBNameCallback(void *arg, int dbVersion)
-{
- char *fnarg;
- char *dir;
- char *filename;
-
- dir = SECU_ConfigDirectory (NULL);
-
- switch ( dbVersion ) {
- case 7:
- fnarg = "7";
- break;
- case 6:
- fnarg = "6";
- break;
- case 5:
- fnarg = "5";
- break;
- case 4:
- default:
- fnarg = "";
- break;
- }
- filename = PR_smprintf("%s/cert%s.db", dir, fnarg);
- return(filename);
-}
-
-/***************************************************************
- *
- * s e c E r r o r S t r i n g
- *
- * Returns an error string corresponding to the given error code.
- * Doesn't cover all errors; returns a default for many.
- * Returned string is only valid until the next call of this function.
- */
-const char*
-secErrorString(long code)
-{
- static char errstring[80]; /* dynamically constructed error string */
- char *c; /* the returned string */
-
- switch(code) {
- case SEC_ERROR_IO: c = "io error";
- break;
- case SEC_ERROR_LIBRARY_FAILURE: c = "security library failure";
- break;
- case SEC_ERROR_BAD_DATA: c = "bad data";
- break;
- case SEC_ERROR_OUTPUT_LEN: c = "output length";
- break;
- case SEC_ERROR_INPUT_LEN: c = "input length";
- break;
- case SEC_ERROR_INVALID_ARGS: c = "invalid args";
- break;
- case SEC_ERROR_EXPIRED_CERTIFICATE: c = "expired certificate";
- break;
- case SEC_ERROR_REVOKED_CERTIFICATE: c = "revoked certificate";
- break;
- case SEC_ERROR_INADEQUATE_KEY_USAGE: c = "inadequate key usage";
- break;
- case SEC_ERROR_INADEQUATE_CERT_TYPE: c = "inadequate certificate type";
- break;
- case SEC_ERROR_UNTRUSTED_CERT: c = "untrusted cert";
- break;
- case SEC_ERROR_NO_KRL: c = "no key revocation list";
- break;
- case SEC_ERROR_KRL_BAD_SIGNATURE: c = "key revocation list: bad signature";
- break;
- case SEC_ERROR_KRL_EXPIRED: c = "key revocation list expired";
- break;
- case SEC_ERROR_REVOKED_KEY: c = "revoked key";
- break;
- case SEC_ERROR_CRL_BAD_SIGNATURE:
- c = "certificate revocation list: bad signature";
- break;
- case SEC_ERROR_CRL_EXPIRED: c = "certificate revocation list expired";
- break;
- case SEC_ERROR_CRL_NOT_YET_VALID:
- c = "certificate revocation list not yet valid";
- break;
- case SEC_ERROR_UNKNOWN_ISSUER: c = "unknown issuer";
- break;
- case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: c = "expired issuer certificate";
- break;
- case SEC_ERROR_BAD_SIGNATURE: c = "bad signature";
- break;
- case SEC_ERROR_BAD_KEY: c = "bad key";
- break;
- case SEC_ERROR_NOT_FORTEZZA_ISSUER: c = "not fortezza issuer";
- break;
- case SEC_ERROR_CA_CERT_INVALID:
- c = "Certificate Authority certificate invalid";
- break;
- case SEC_ERROR_EXTENSION_NOT_FOUND: c = "extension not found";
- break;
- case SEC_ERROR_CERT_NOT_IN_NAME_SPACE: c = "certificate not in name space";
- break;
- case SEC_ERROR_UNTRUSTED_ISSUER: c = "untrusted issuer";
- break;
- default:
- sprintf(errstring, "security error %ld", code);
- c = errstring;
- break;
- }
-
- return c;
-}
-
-/***************************************************************
- *
- * d i s p l a y V e r i f y L o g
- *
- * Prints the log of a cert verification.
- */
-void
-displayVerifyLog(CERTVerifyLog *log)
-{
- CERTVerifyLogNode *node;
- CERTCertificate *cert;
- char *name;
-
- if( !log || (log->count <= 0) ) {
- return;
- }
-
- for(node = log->head; node != NULL; node = node->next) {
-
- if( !(cert = node->cert) ) {
- continue;
- }
-
- /* Get a name for this cert */
- if(cert->nickname != NULL) {
- name = cert->nickname;
- } else if(cert->emailAddr != NULL) {
- name = cert->emailAddr;
- } else {
- name = cert->subjectName;
- }
-
- printf( "%s%s:\n",
- name,
- (node->depth > 0) ? " [Certificate Authority]" : ""
- );
-
- printf("\t%s\n", secErrorString(node->error));
-
- }
-}
-/*
- * J a r L i s t M o d u l e s
- *
- * Print a list of the PKCS11 modules that are
- * available. This is useful for smartcard people to
- * make sure they have the drivers loaded.
- *
- */
-void
-JarListModules(void)
-{
- int i;
- int count = 0;
-
- SECMODModuleList *modules = NULL;
- static SECMODListLock *moduleLock = NULL;
-
- SECMODModuleList *mlp;
-
- modules = SECMOD_GetDefaultModuleList();
-
- if (modules == NULL)
- {
- PR_fprintf(errorFD, "%s: Can't get module list\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- if ((moduleLock = SECMOD_NewListLock()) == NULL)
- {
- /* this is the wrong text */
- PR_fprintf(errorFD, "%s: unable to acquire lock on module list\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
-
- SECMOD_GetReadLock (moduleLock);
-
- PR_fprintf(outputFD, "\nListing of PKCS11 modules\n");
- PR_fprintf(outputFD, "-----------------------------------------------\n");
-
- for (mlp = modules; mlp != NULL; mlp = mlp->next)
- {
- count++;
- PR_fprintf(outputFD, "%3d. %s\n", count, mlp->module->commonName);
-
- if (mlp->module->internal)
- PR_fprintf(outputFD, " (this module is internally loaded)\n");
- else
- PR_fprintf(outputFD, " (this is an external module)\n");
-
- if (mlp->module->dllName)
- PR_fprintf(outputFD, " DLL name: %s\n", mlp->module->dllName);
-
- if (mlp->module->slotCount == 0)
- PR_fprintf(outputFD, " slots: There are no slots attached to this module\n");
- else
- PR_fprintf(outputFD, " slots: %d slots attached\n", mlp->module->slotCount);
-
- if (mlp->module->loaded == 0)
- PR_fprintf(outputFD, " status: Not loaded\n");
- else
- PR_fprintf(outputFD, " status: loaded\n");
-
- for (i = 0; i < mlp->module->slotCount; i++)
- {
- PK11SlotInfo *slot = mlp->module->slots[i];
-
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, " slot: %s\n", PK11_GetSlotName(slot));
- PR_fprintf(outputFD, " token: %s\n", PK11_GetTokenName(slot));
- }
- }
-
- PR_fprintf(outputFD, "-----------------------------------------------\n");
-
- if (count == 0)
- PR_fprintf(outputFD,
- "Warning: no modules were found (should have at least one)\n");
-
- SECMOD_ReleaseReadLock (moduleLock);
-}
-
-/**********************************************************************
- * c h o p
- *
- * Eliminates leading and trailing whitespace. Returns a pointer to the
- * beginning of non-whitespace, or an empty string if it's all whitespace.
- */
-char*
-chop(char *str)
-{
- char *start, *end;
-
- if(str) {
- start = str;
-
- /* Nip leading whitespace */
- while(isspace(*start)) {
- start++;
- }
-
- /* Nip trailing whitespace */
- if(strlen(start) > 0) {
- end = start + strlen(start) - 1;
- while(isspace(*end) && end > start) {
- end--;
- }
- *(end+1) = '\0';
- }
-
- return start;
- } else {
- return NULL;
- }
-}
-
-/***********************************************************************
- *
- * F a t a l E r r o r
- *
- * Outputs an error message and bails out of the program.
- */
-void
-FatalError(char *msg)
-{
- if(!msg) msg = "";
-
- PR_fprintf(errorFD, "FATAL ERROR: %s\n", msg);
- errorCount++;
- exit(ERRX);
-}
-
-/*************************************************************************
- *
- * I n i t C r y p t o
- */
-int
-InitCrypto(char *cert_dir, PRBool readOnly)
-{
- SECStatus rv;
- static int prior = 0;
- PK11SlotInfo *slotinfo;
-
- CERTCertDBHandle *db;
-
- if (prior == 0) {
- /* some functions such as OpenKeyDB expect this path to be
- * implicitly set prior to calling */
- SECU_ConfigDirectory (cert_dir);
-
- if ((rv = SECU_PKCS11Init(readOnly)) != SECSuccess) {
- PR_fprintf(errorFD, "%s: Unable to initialize PKCS11, code %d\n",
- PROGRAM_NAME, rv);
- errorCount++;
- exit (ERRX);
- }
-
- SEC_Init();
-
-
- /* Been there done that */
- prior++;
-
-
- /* open cert database and set the default certificate DB */
- db = OpenCertDB(readOnly);
-
- if (db == NULL) return -1;
-
- CERT_SetDefaultCertDB (db);
-
- if(password) {
- PK11_SetPasswordFunc(pk11_password_hardcode);
- }
-
- /* Must login to FIPS before you do anything else */
- if(PK11_IsFIPS()) {
- slotinfo = PK11_GetInternalSlot();
- if(!slotinfo) {
- fprintf(stderr, "%s: Unable to get PKCS #11 Internal Slot."
- "\n", PROGRAM_NAME);
- return -1;
- }
- if(PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/,
- NULL /*wincx*/) != SECSuccess) {
- fprintf(stderr, "%s: Unable to authenticate to %s.\n",
- PROGRAM_NAME, PK11_GetSlotName(slotinfo));
- return -1;
- }
- }
-
- /* Make sure there is a password set on the internal key slot */
- slotinfo = PK11_GetInternalKeySlot();
- if(!slotinfo) {
- fprintf(stderr, "%s: Unable to get PKCS #11 Internal Key Slot."
- "\n", PROGRAM_NAME);
- return -1;
- }
- if(PK11_NeedUserInit(slotinfo)) {
- PR_fprintf(errorFD,
-"\nWARNING: No password set on internal key database. Most operations will fail."
-"\nYou must use Communicator to create a password.\n");
- warningCount++;
- }
-
- /* Make sure we can authenticate to the key slot in FIPS mode */
- if(PK11_IsFIPS()) {
- if(PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/,
- NULL /*wincx*/) != SECSuccess) {
- fprintf(stderr, "%s: Unable to authenticate to %s.\n",
- PROGRAM_NAME, PK11_GetSlotName(slotinfo));
- return -1;
- }
- }
- }
-
- return 0;
-}
-
-/* Windows foolishness is now in the secutil lib */
-
-/*****************************************************************
- * g e t _ d e f a u l t _ c e r t _ d i r
- *
- * Attempt to locate a certificate directory.
- * Failing that, complain that the user needs to
- * use the -d(irectory) parameter.
- *
- */
-char *get_default_cert_dir (void)
-{
- char *home;
-
- char *cd = NULL;
- static char db [FNSIZE];
-
-#ifdef XP_UNIX
- home = getenv ("HOME");
-
- if (home && *home)
- {
- sprintf (db, "%s/.netscape", home);
- cd = db;
- }
-#endif
-
-#ifdef XP_PC
- FILE *fp;
-
- /* first check the environment override */
-
- home = getenv ("JAR_HOME");
-
- if (home && *home)
- {
- sprintf (db, "%s/cert7.db", home);
-
- if ((fp = fopen (db, "r")) != NULL)
- {
- fclose (fp);
- cd = home;
- }
- }
-
- /* try the old navigator directory */
-
- if (cd == NULL)
- {
- home = "c:/Program Files/Netscape/Navigator";
-
- sprintf (db, "%s/cert7.db", home);
-
- if ((fp = fopen (db, "r")) != NULL)
- {
- fclose (fp);
- cd = home;
- }
- }
-
- /* Try the current directory, I wonder if this
- is really a good idea. Remember, Windows only.. */
-
- if (cd == NULL)
- {
- home = ".";
-
- sprintf (db, "%s/cert7.db", home);
-
- if ((fp = fopen (db, "r")) != NULL)
- {
- fclose (fp);
- cd = home;
- }
- }
-
-#endif
-
- if (!cd)
- {
- PR_fprintf(errorFD,
- "You must specify the location of your certificate directory\n");
- PR_fprintf(errorFD,
- "with the -d option. Example: -d ~/.netscape in many cases with Unix.\n");
- errorCount++;
- exit (ERRX);
- }
-
- return cd;
-}
-
-/************************************************************************
- * g i v e _ h e l p
- */
-void give_help (int status)
-{
- if (status == SEC_ERROR_UNKNOWN_ISSUER)
- {
- PR_fprintf(errorFD,
- "The Certificate Authority (CA) for this certificate\n");
- PR_fprintf(errorFD,
- "does not appear to be in your database. You should contact\n");
- PR_fprintf(errorFD,
- "the organization which issued this certificate to obtain\n");
- PR_fprintf(errorFD, "a copy of its CA Certificate.\n");
- }
-}
-
-/**************************************************************************
- *
- * p r _ f g e t s
- *
- * fgets implemented with NSPR.
- */
-char*
-pr_fgets(char *buf, int size, PRFileDesc *file)
-{
- int i;
- int status;
- char c;
-
- i=0;
- while(i < size-1) {
- status = PR_Read(file, (void*) &c, 1);
- if(status==-1) {
- return NULL;
- } else if(status==0) {
- break;
- }
- buf[i++] = c;
- if(c=='\n') {
- break;
- }
- }
- buf[i]='\0';
-
- return buf;
-}
-
diff --git a/security/nss/cmd/signtool/verify.c b/security/nss/cmd/signtool/verify.c
deleted file mode 100644
index b75d4527e..000000000
--- a/security/nss/cmd/signtool/verify.c
+++ /dev/null
@@ -1,366 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "signtool.h"
-
-
-static int jar_cb(int status, JAR *jar, const char *metafile,
- char *pathname, char *errortext);
-static int verify_global (JAR *jar);
-
-/*************************************************************************
- *
- * V e r i f y J a r
- */
-int
-VerifyJar(char *filename)
-{
- FILE *fp;
-
- int ret;
- int status;
- char *err;
-
- JAR *jar;
- JAR_Context *ctx;
-
- JAR_Item *it;
-
- jar = JAR_new();
-
- if ((fp = fopen (filename, "r")) == NULL)
- {
- perror (filename);
- exit (ERRX);
- }
- else
- fclose (fp);
-
- JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);
-
-
- status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
-
- if (status < 0 || jar->valid < 0)
- {
- PR_fprintf(outputFD, "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
- if (status < 0)
- {
- char *errtext;
-
- if (status >= JAR_BASE && status <= JAR_BASE_END)
- {
- errtext = JAR_get_error (status);
- }
- else
- {
- errtext = SECU_ErrorString ((int16) PORT_GetError());
- }
-
- PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext);
-
- /* corrupt files should not have their contents listed */
-
- if (status == JAR_ERR_CORRUPT)
- return status;
- }
- PR_fprintf(outputFD,
- "entries shown below will have their digests checked only.\n");
- jar->valid = 0;
- }
- else
- PR_fprintf(outputFD,
- "archive \"%s\" has passed crypto verification.\n", filename);
-
- verify_global (jar);
-
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, "%16s %s\n", "status", "path");
- PR_fprintf(outputFD, "%16s %s\n", "------------", "-------------------");
-
- ctx = JAR_find (jar, NULL, jarTypeMF);
-
- while (JAR_find_next (ctx, &it) >= 0)
- {
- if (it && it->pathname)
- {
- rm_dash_r(TMP_OUTPUT);
- ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT);
- /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
-
- if (ret == JAR_ERR_PNF)
- err = "NOT PRESENT";
- else if (ret == JAR_ERR_HASH)
- err = "HASH FAILED";
- else
- err = "NOT VERIFIED";
-
- PR_fprintf(outputFD, "%16s %s\n",
- ret >= 0 ? "verified" : err, it->pathname);
-
- if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
- PR_fprintf(outputFD, " (reason: %s)\n", JAR_get_error (ret));
- }
- }
-
- JAR_find_end (ctx);
-
- if (status < 0 || jar->valid < 0)
- {
- PR_fprintf(outputFD,
- "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
- give_help (status);
- }
-
- JAR_destroy (jar);
-
- return 0;
-}
-
-/***************************************************************************
- *
- * v e r i f y _ g l o b a l
- */
-static int
-verify_global (JAR *jar)
-{
- FILE *fp;
- JAR_Context *ctx;
-
- char *ext;
-
- JAR_Item *it;
- JAR_Digest *globaldig;
-
- unsigned int sha1_length, md5_length;
-
- char buf [BUFSIZ];
-
- unsigned char *md5_digest, *sha1_digest;
-
- ctx = JAR_find (jar, "*", jarTypePhy);
-
- while (JAR_find_next (ctx, &it) >= 0) {
- if (!PORT_Strncmp (it->pathname, "META-INF", 8)) {
- for (ext = it->pathname; *ext; ext++);
- while (ext > it->pathname && *ext != '.') ext--;
-
- if(verbosity >= 0) {
- if (!PORT_Strcasecmp (ext, ".rsa")) {
- PR_fprintf(outputFD, "found a RSA signature file: %s\n",
- it->pathname);
- }
-
- if(!PORT_Strcasecmp (ext, ".dsa")) {
- PR_fprintf(outputFD, "found a DSA signature file: %s\n",
- it->pathname);
- }
-
- if (!PORT_Strcasecmp (ext, ".mf")) {
- PR_fprintf(outputFD,
- "found a MF master manifest file: %s\n", it->pathname);
- }
- }
-
- if (!PORT_Strcasecmp (ext, ".sf")) {
- if(verbosity >= 0) {
- PR_fprintf(outputFD,
- "found a SF signature manifest file: %s\n", it->pathname);
- }
-
- rm_dash_r(TMP_OUTPUT);
- if (JAR_extract (jar, it->pathname, TMP_OUTPUT) < 0) {
- PR_fprintf(errorFD, "%s: error extracting %s\n", PROGRAM_NAME,
- it->pathname);
- errorCount++;
- continue;
- }
-
- md5_digest = NULL;
- sha1_digest = NULL;
-
- if ((fp = fopen (TMP_OUTPUT, "rb")) != NULL) {
- while (fgets (buf, BUFSIZ, fp)) {
- char *s;
-
- if (*buf == 0 || *buf == '\n' || *buf == '\r') break;
-
- for (s = buf; *s && *s != '\n' && *s != '\r'; s++);
- *s = 0;
-
- if (!PORT_Strncmp (buf, "MD5-Digest: ", 12)) {
- md5_digest = ATOB_AsciiToData (buf + 12, &md5_length);
- }
-
- if (!PORT_Strncmp (buf, "SHA1-Digest: ", 13)) {
- sha1_digest = ATOB_AsciiToData (buf + 13, &sha1_length);
- }
-
- if (!PORT_Strncmp (buf, "SHA-Digest: ", 12)) {
- sha1_digest = ATOB_AsciiToData (buf + 12, &sha1_length);
- }
- }
-
- globaldig = jar->globalmeta;
-
- if (globaldig && md5_digest) {
- if(verbosity >= 0) {
- PR_fprintf(outputFD,
- " md5 digest on global metainfo: %s\n",
- PORT_Memcmp (md5_digest, globaldig->md5, MD5_LENGTH) ?
- "no match" : "match");
- }
- }
-
- if (globaldig && sha1_digest) {
- if(verbosity >= 0) {
- PR_fprintf(outputFD,
- " sha digest on global metainfo: %s\n",
- PORT_Memcmp(sha1_digest, globaldig->sha1,
- SHA1_LENGTH) ? "no match" : "match");
- }
- }
-
- if (globaldig == NULL) {
- if(verbosity >= 0) {
- PR_fprintf(outputFD,
- "global metadigest is not available, strange.\n");
- }
- }
-
- fclose (fp);
- }
- }
- }
- }
-
- JAR_find_end (ctx);
-
- return 0;
-}
-
-/************************************************************************
- *
- * J a r W h o
- */
-void
-JarWho(char *filename)
- {
- FILE *fp;
-
- JAR *jar;
- JAR_Context *ctx;
-
- int status;
-
- JAR_Item *it;
- JAR_Cert *fing;
-
- CERTCertificate *cert, *prev = NULL;
-
- jar = JAR_new();
-
- if ((fp = fopen (filename, "r")) == NULL)
- {
- perror (filename);
- exit (ERRX);
- }
- else
- fclose (fp);
-
- status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
-
- if (status < 0 || jar->valid < 0)
- {
- PR_fprintf(outputFD,
- "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
- if (jar->valid < 0 || status != -1)
- {
- char *errtext;
-
- if (status >= JAR_BASE && status <= JAR_BASE_END)
- {
- errtext = JAR_get_error (status);
- }
- else
- {
- errtext = SECU_ErrorString ((int16) PORT_GetError());
- }
-
- PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext);
- }
- }
-
- PR_fprintf(outputFD, "\nSigner information:\n\n");
-
- ctx = JAR_find (jar, NULL, jarTypeSign);
-
- while (JAR_find_next (ctx, &it) >= 0)
- {
- fing = (JAR_Cert *) it->data;
- cert = fing->cert;
-
- if (cert)
- {
- if (prev == cert)
- break;
-
- if (cert->nickname)
- PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
- if (cert->subjectName)
- PR_fprintf(outputFD, "subject name: %s\n", cert->subjectName);
- if (cert->issuerName)
- PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
- }
- else
- PR_fprintf(outputFD, "no certificate could be found\n");
-
- prev = cert;
- }
-
- JAR_find_end (ctx);
-
- JAR_destroy (jar);
-}
-
-/************************************************************************
- * j a r _ c b
- */
-static int jar_cb(int status, JAR *jar, const char *metafile,
- char *pathname, char *errortext)
-{
- PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext, pathname);
- errorCount++;
- return 0;
-}
-
diff --git a/security/nss/cmd/signtool/zip.c b/security/nss/cmd/signtool/zip.c
deleted file mode 100644
index bdd629ebf..000000000
--- a/security/nss/cmd/signtool/zip.c
+++ /dev/null
@@ -1,677 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "signtool.h"
-#include "zip.h"
-#include "zlib.h"
-
-static void inttox (int in, char *out);
-static void longtox (long in, char *out);
-
-/****************************************************************
- *
- * J z i p O p e n
- *
- * Opens a new ZIP file and creates a new ZIPfile structure to
- * control the process of installing files into a zip.
- */
-ZIPfile*
-JzipOpen(char *filename, char *comment)
-{
- ZIPfile *zipfile;
- PRExplodedTime prtime;
-
- zipfile = PORT_ZAlloc(sizeof(ZIPfile));
- if(!zipfile) out_of_memory();
-
- /* Construct time and date */
- PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &prtime);
- zipfile->date = ((prtime.tm_year-1980) << 9) |
- ((prtime.tm_month+1) << 5) |
- prtime.tm_mday;
- zipfile->time = (prtime.tm_hour<<11) |
- (prtime.tm_min<<5) |
- (prtime.tm_sec&0x3f);
-
- if (filename &&
- (zipfile->fp = PR_Open(filename,
- PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 0777)) == NULL) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "%s: can't open output jar, %s.%s\n", PROGRAM_NAME,
- filename, nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit (ERRX);
- }
-
- zipfile->list = NULL;
- if(filename) {
- zipfile->filename = PORT_ZAlloc(strlen(filename)+1);
- if(!zipfile->filename) out_of_memory();
- PORT_Strcpy(zipfile->filename, filename);
- }
- if(comment) {
- zipfile->comment = PORT_ZAlloc(strlen(comment)+1);
- if(!zipfile->comment) out_of_memory();
- PORT_Strcpy(zipfile->comment, comment);
- }
-
- return zipfile;
-}
-
-static
-void*
-my_alloc_func(void* opaque, uInt items, uInt size)
-{
- return PORT_Alloc(items*size);
-}
-
-static
-void
-my_free_func(void* opaque, void* address)
-{
- PORT_Free(address);
-}
-
-static
-void
-handle_zerror(int err, char *msg)
-{
- if(!msg) {
- msg = "";
- }
-
- errorCount++; /* unless Z_OK...see below */
-
- switch(err) {
- case Z_OK:
- PR_fprintf(errorFD, "No error: %s\n", msg);
- errorCount--; /* this was incremented above */
- break;
- case Z_MEM_ERROR:
- PR_fprintf(errorFD, "Deflation ran out of memory: %s\n", msg);
- break;
- case Z_STREAM_ERROR:
- PR_fprintf(errorFD, "Invalid compression level: %s\n", msg);
- break;
- case Z_VERSION_ERROR:
- PR_fprintf(errorFD, "Incompatible compression library version: %s\n", msg);
- break;
- case Z_DATA_ERROR:
- PR_fprintf(errorFD, "Compression data error: %s\n", msg);
- break;
- default:
- PR_fprintf(errorFD, "Unknown error in compression library: %s\n", msg);
- break;
- }
-}
-
-
-/****************************************************************
- *
- * J z i p A d d
- *
- * Adds a new file into a ZIP file. The ZIP file must have already
- * been opened with JzipOpen.
- */
-int
-JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
-{
- ZIPentry *entry;
- PRFileDesc *readfp;
- PRFileDesc *zipfp;
- int num;
- char inbuf[BUFSIZ], outbuf[BUFSIZ];
- unsigned long crc;
- z_stream zstream;
- int err;
- unsigned long local_size_pos;
- int deflate_percent;
-
-
- if( !fullname || !filename || !zipfile) {
- return -1;
- }
-
- zipfp = zipfile->fp;
-
-
- if( (readfp = PR_Open(fullname, PR_RDONLY, 0777)) == NULL) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "%s: %s\n", fullname, nsprErr ? nsprErr : "");
- errorCount++;
- if(nsprErr) PR_Free(nsprErr);
- exit(ERRX);
- }
-
- /*
- * Make sure the input file is not the output file.
- * Add a few bytes to the end of the JAR file and see if the input file
- * twitches
- */
- {
- PRInt32 endOfJar;
- PRInt32 inputSize;
- PRBool isSame;
-
- inputSize = PR_Available(readfp);
-
- endOfJar = PR_Seek(zipfp, 0L, PR_SEEK_CUR);
-
- if(PR_Write(zipfp, "abcde", 5) < 5) {
- char *nsprErr;
-
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing to zip file: %s\n",
- nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
-
- isSame = (PR_Available(readfp) != inputSize);
-
- PR_Seek(zipfp, endOfJar, PR_SEEK_SET);
-
- if(isSame) {
- /* It's the same file! Forget it! */
- PR_Close(readfp);
- return 0;
- }
- }
-
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "adding %s to %s...", fullname, zipfile->filename);
- }
-
- entry = PORT_ZAlloc(sizeof(ZIPentry));
- if(!entry) out_of_memory();
-
- entry->filename = PORT_Strdup(filename);
- entry->comment = NULL;
-
- /* Set up local file header */
- longtox(LSIG, entry->local.signature);
- inttox(strlen(filename), entry->local.filename_len);
- inttox(zipfile->time, entry->local.time);
- inttox(zipfile->date, entry->local.date);
- inttox(Z_DEFLATED, entry->local.method);
-
- /* Set up central directory entry */
- longtox(CSIG, entry->central.signature);
- inttox(strlen(filename), entry->central.filename_len);
- if(entry->comment) {
- inttox(strlen(entry->comment), entry->central.commentfield_len);
- }
- longtox(PR_Seek(zipfile->fp, 0, PR_SEEK_CUR),
- entry->central.localhdr_offset);
- inttox(zipfile->time, entry->central.time);
- inttox(zipfile->date, entry->central.date);
- inttox(Z_DEFLATED, entry->central.method);
-
- /* Compute crc. Too bad we have to process the whole file to do this*/
- crc = crc32(0L, NULL, 0);
- while( (num = PR_Read(readfp, inbuf, BUFSIZ)) > 0) {
- crc = crc32(crc, inbuf, num);
- }
- PR_Seek(readfp, 0L, PR_SEEK_SET);
-
- /* Store CRC */
- longtox(crc, entry->local.crc32);
- longtox(crc, entry->central.crc32);
-
- /* Stick this entry onto the end of the list */
- entry->next = NULL;
- if( zipfile->list == NULL ) {
- /* First entry */
- zipfile->list = entry;
- } else {
- ZIPentry *pe;
-
- pe = zipfile->list;
- while(pe->next != NULL) {
- pe = pe->next;
- }
- pe->next = entry;
- }
-
- /*
- * Start writing stuff out
- */
-
- local_size_pos = PR_Seek(zipfp, 0, PR_SEEK_CUR) + 18;
- /* File header */
- if(PR_Write(zipfp, &entry->local, sizeof(struct ZipLocal))
- < sizeof(struct ZipLocal)) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
-
- /* File Name */
- if( PR_Write(zipfp, filename, strlen(filename)) < strlen(filename)) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
-
- /*
- * File data
- */
- /* Initialize zstream */
- zstream.zalloc = my_alloc_func;
- zstream.zfree = my_free_func;
- zstream.opaque = NULL;
- zstream.next_in = inbuf;
- zstream.avail_in = BUFSIZ;
- zstream.next_out = outbuf;
- zstream.avail_out = BUFSIZ;
- /* Setting the windowBits to -MAX_WBITS is an undocumented feature of
- * zlib (see deflate.c in zlib). It is the same thing that Java does
- * when you specify the nowrap option for deflation in java.util.zip.
- * It causes zlib to leave out its headers and footers, which don't
- * work in PKZIP files.
- */
- err = deflateInit2(&zstream, compression_level, Z_DEFLATED,
- -MAX_WBITS, 8 /*default*/, Z_DEFAULT_STRATEGY);
- if(err != Z_OK) {
- handle_zerror(err, zstream.msg);
- exit(ERRX);
- }
-
- while( (zstream.avail_in = PR_Read(readfp, inbuf, BUFSIZ)) > 0) {
- zstream.next_in = inbuf;
- /* Process this chunk of data */
- while(zstream.avail_in > 0) {
- err = deflate(&zstream, Z_NO_FLUSH);
- if(err != Z_OK) {
- handle_zerror(err, zstream.msg);
- exit(ERRX);
- }
- if(zstream.avail_out <= 0) {
- if( PR_Write(zipfp, outbuf, BUFSIZ) < BUFSIZ) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- zstream.next_out = outbuf;
- zstream.avail_out = BUFSIZ;
- }
- }
- }
-
- /* Now flush everything */
- while(1) {
- err = deflate(&zstream, Z_FINISH);
- if(err == Z_STREAM_END) {
- break;
- } else if(err == Z_OK) {
- /* output buffer full, repeat */
- } else {
- handle_zerror(err, zstream.msg);
- exit(ERRX);
- }
- if( PR_Write(zipfp, outbuf, BUFSIZ) < BUFSIZ) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- zstream.avail_out = BUFSIZ;
- zstream.next_out = outbuf;
- }
-
- /* If there's any output left, write it out. */
- if((char*)zstream.next_out != outbuf) {
- if( PR_Write(zipfp, outbuf, (char*)zstream.next_out-outbuf) <
- (char*)zstream.next_out-outbuf) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- zstream.avail_out = BUFSIZ;
- zstream.next_out = outbuf;
- }
-
- /* Now that we know the compressed size, write this to the headers */
- longtox(zstream.total_in, entry->local.orglen);
- longtox(zstream.total_out, entry->local.size);
- if(PR_Seek(zipfp, local_size_pos, PR_SEEK_SET) == -1) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Accessing zip file: %s\n", nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- if( PR_Write(zipfp, entry->local.size, 8) != 8) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- if(PR_Seek(zipfp, 0L, PR_SEEK_END) == -1) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Accessing zip file: %s\n", nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- longtox(zstream.total_in, entry->central.orglen);
- longtox(zstream.total_out, entry->central.size);
-
- /* Close out the deflation operation */
- err = deflateEnd(&zstream);
- if(err != Z_OK) {
- handle_zerror(err, zstream.msg);
- exit(ERRX);
- }
-
- PR_Close(readfp);
-
- if((zstream.total_in > zstream.total_out) && (zstream.total_in > 0)) {
- deflate_percent = (int) ( (zstream.total_in-zstream.total_out)*100 /
- zstream.total_in );
- } else {
- deflate_percent = 0;
- }
- if(verbosity >= 0) {
- PR_fprintf(outputFD, "(deflated %d%%)\n", deflate_percent);
- }
-
- return 0;
-}
-
-/********************************************************************
- * J z i p C l o s e
- *
- * Finishes the ZipFile. ALSO DELETES THE ZIPFILE STRUCTURE PASSED IN!!
- */
-int
-JzipClose(ZIPfile *zipfile)
-{
- ZIPentry *pe, *dead;
- PRFileDesc *zipfp;
- struct ZipEnd zipend;
- unsigned int entrycount = 0;
-
- if(!zipfile) {
- return -1;
- }
-
- if(!zipfile->filename) {
- /* bogus */
- return 0;
- }
-
- zipfp = zipfile->fp;
- zipfile->central_start = PR_Seek(zipfp, 0L, PR_SEEK_CUR);
-
- /* Write out all the central directories */
- pe = zipfile->list;
- while(pe) {
- entrycount++;
-
- /* Write central directory info */
- if( PR_Write(zipfp, &pe->central, sizeof(struct ZipCentral))
- < sizeof(struct ZipCentral)) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
-
- /* Write filename */
- if( PR_Write(zipfp, pe->filename, strlen(pe->filename))
- < strlen(pe->filename)) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
-
- /* Write file comment */
- if(pe->comment) {
- if( PR_Write(zipfp, pe->comment, strlen(pe->comment))
- < strlen(pe->comment)) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- }
-
- /* Delete the structure */
- dead = pe;
- pe = pe->next;
- if(dead->filename) {
- PORT_Free(dead->filename);
- }
- if(dead->comment) {
- PORT_Free(dead->comment);
- }
- PORT_Free(dead);
- }
- zipfile->central_end = PR_Seek(zipfile->fp, 0L, PR_SEEK_CUR);
-
- /* Create the ZipEnd structure */
- PORT_Memset(&zipend, 0, sizeof(zipend));
- longtox(ESIG, zipend.signature);
- inttox(entrycount, zipend.total_entries_disk);
- inttox(entrycount, zipend.total_entries_archive);
- longtox(zipfile->central_end-zipfile->central_start,
- zipend.central_dir_size);
- longtox(zipfile->central_start, zipend.offset_central_dir);
- if(zipfile->comment) {
- inttox(strlen(zipfile->comment), zipend.commentfield_len);
- }
-
- /* Write out ZipEnd xtructure */
- if( PR_Write(zipfp, &zipend, sizeof(zipend)) < sizeof(zipend)) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
-
- /* Write out Zipfile comment */
- if(zipfile->comment) {
- if( PR_Write(zipfp, zipfile->comment, strlen(zipfile->comment))
- < strlen(zipfile->comment)) {
- char *nsprErr;
- if(PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength());
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if(nsprErr) PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- }
-
- PR_Close(zipfp);
-
- /* Free the memory of the zipfile structure */
- if(zipfile->filename) {
- PORT_Free(zipfile->filename);
- }
- if(zipfile->comment) {
- PORT_Free(zipfile->comment);
- }
- PORT_Free(zipfile);
-
- return 0;
-}
-
-/**********************************************
- * i n t t o x
- *
- * Converts a two byte ugly endianed integer
- * to our platform's integer.
- *
- */
-
-static void inttox (int in, char *out)
-{
- out [0] = (in & 0xFF);
- out [1] = (in & 0xFF00) >> 8;
-}
-
-/*********************************************
- * l o n g t o x
- *
- * Converts a four byte ugly endianed integer
- * to our platform's integer.
- *
- */
-
-static void longtox (long in, char *out)
-{
- out [0] = (in & 0xFF);
- out [1] = (in & 0xFF00) >> 8;
- out [2] = (in & 0xFF0000) >> 16;
- out [3] = (in & 0xFF000000) >> 24;
-}
-
diff --git a/security/nss/cmd/signtool/zip.h b/security/nss/cmd/signtool/zip.h
deleted file mode 100644
index 08512f3c4..000000000
--- a/security/nss/cmd/signtool/zip.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/* zip.h
- * Structures and functions for creating ZIP archives.
- */
-#ifndef ZIP_H
-#define ZIP_H
-
-/* For general information on ZIP formats, you can look at jarfile.h
- * in ns/security/lib/jar. Or look it up on the web...
- */
-
-/* One entry in a ZIPfile. This corresponds to one file in the archive.
- * We have to save this information because first all the files go into
- * the archive with local headers; then at the end of the file we have to
- * put the central directory entries for each file.
- */
-typedef struct ZIPentry_s {
- struct ZipLocal local; /* local header info */
- struct ZipCentral central; /* central directory info */
- char *filename; /* name of file */
- char *comment; /* comment for this file -- optional */
-
- struct ZIPentry_s *next;
-} ZIPentry;
-
-/* This structure contains the necessary data for putting a ZIP file
- * together. Has some overall information and a list of ZIPentrys.
- */
-typedef struct ZIPfile_s {
- char *filename; /* ZIP file name */
- char *comment; /* ZIP file comment -- may be NULL */
- PRFileDesc *fp; /* ZIP file pointer */
- ZIPentry *list; /* one entry for each file in the archive */
- unsigned int time; /* the GMT time of creation, in DOS format */
- unsigned int date; /* the GMT date of creation, in DOS format */
- unsigned long central_start; /* starting offset of central directory */
- unsigned long central_end; /*index right after the last byte of central*/
-} ZIPfile;
-
-
-/* Open a new ZIP file. Takes the name of the zip file and an optional
- * comment to be included in the file. Returns a new ZIPfile structure
- * which is used by JzipAdd and JzipClose
- */
-ZIPfile* JzipOpen(char *filename, char *comment);
-
-/* Add a file to a ZIP archive. Fullname is the path relative to the
- * current directory. Filename is what the name will be stored as in the
- * archive, and thus what it will be restored as. zipfile is a structure
- * returned from a previous call to JzipOpen.
- *
- * Non-zero return code means error (although usually the function will
- * call exit() rather than return an error--gotta fix this).
- */
-int JzipAdd(char *fullname, char *filename, ZIPfile *zipfile,
- int compression_level);
-
-/* Finalize a ZIP archive. Adds all the footer information to the end of
- * the file and closes it. Also DELETES THE ZIPFILE STRUCTURE that was
- * passed in. So you never have to allocate or free a ZIPfile yourself.
- *
- * Non-zero return code means error (although usually the function will
- * call exit() rather than return an error--gotta fix this).
- */
-int JzipClose (ZIPfile *zipfile);
-
-
-#endif /* ZIP_H */
diff --git a/security/nss/cmd/signver/Makefile b/security/nss/cmd/signver/Makefile
deleted file mode 100644
index 7ee1ed1c7..000000000
--- a/security/nss/cmd/signver/Makefile
+++ /dev/null
@@ -1,70 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include $(CORE_DEPTH)/security/cmd/platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
diff --git a/security/nss/cmd/signver/examples/1/form.pl b/security/nss/cmd/signver/examples/1/form.pl
deleted file mode 100755
index 2034bf728..000000000
--- a/security/nss/cmd/signver/examples/1/form.pl
+++ /dev/null
@@ -1,50 +0,0 @@
-#! /usr/bin/perl
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-
-print "Content-type: text/html\n\n";
-print "<B>Server Name:</B> ", $ENV{'SERVER_NAME'}, "<BR>", "\n";
-print "<B>Server Port:</B> ", $ENV{'SERVER_PORT'}, "<BR>", "\n";
-print "<B>Server Software:</B> ", $ENV{'SERVER_SOFTWARE'}, "<BR>", "\n";
-print "<B>Server Protocol:</B> ", $ENV{'SERVER_PROTOCOL'}, "<BR>", "\n";
-print "<B>CGI Revision:</B> ", $ENV{'GATEWAY_INTERFACE'}, "<BR>", "\n";
-print "<B>Browser:</B> ", $ENV{'HTTP_USER_AGENT'}, "<BR>", "\n";
-print "<B>Remote Address:</B> ", $ENV{'REMOTE_ADDR'}, "<BR>", "\n";
-print "<B>Remote Host:</B> ", $ENV{'REMOTE_HOST'}, "<BR>", "\n";
-print "<B>Remote User:</B> ", $ENV{'REMOTE_USER'}, "<BR>", "\n";
-print "You typed:\n";
-
-while( $_ = <STDIN>) {
- print "$_";
-}
-
diff --git a/security/nss/cmd/signver/examples/1/signedForm.html b/security/nss/cmd/signver/examples/1/signedForm.html
deleted file mode 100644
index 1444a1775..000000000
--- a/security/nss/cmd/signver/examples/1/signedForm.html
+++ /dev/null
@@ -1,84 +0,0 @@
-<html>
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-<head>
-<title>Form to sign</title>
-<script language="javascript">
-<!--
-function submitSigned(form){
- var signature = "";
- var dataToSign = "";
- var i;
-
- form.action='signedForm.pl';
- for (i = 0; i < form.length; i++)
- if (form.elements[i].type == "text")
- dataToSign += form.elements[i].value;
-
- // alert("Data to sign:\n" + dataToSign);
- signature = crypto.signText(dataToSign, "ask");
- /* alert("You cannot see this alert");
- alert("Data signature:\n" + signature); */
-
- if (signature != "error:userCancel") {
- for (i = 0; i < form.length; i++) {
- if (form.elements[i].type == "hidden") {
- if (form.elements[i].name == "dataToSign")
- form.elements[i].value = dataToSign;
- if (form.elements[i].name == "dataSignature")
- form.elements[i].value = signature;
- }
- }
- form.submit();
- }
-}
-//-->
-</script>
-</head>
-
-<body>
-<form method=post Action="form.pl">
-<input type=hidden size=30 name=dataSignature>
-<input type=hidden size=30 name=dataToSign>
-<input type=text size=30 name=p>
-<BR>
-<input type=text size=30 name=q>
-<BR>
-<input type=text size=30 name=r>
-<BR>
-<input type=submit value="Submit Data">
-<input type=button value="Sign and Submit Data" onclick=submitSigned(this.form)>
-<input type=reset value=Reset>
-</form>
-</body>
-</html>
diff --git a/security/nss/cmd/signver/examples/1/signedForm.nt.html b/security/nss/cmd/signver/examples/1/signedForm.nt.html
deleted file mode 100644
index 5487739ce..000000000
--- a/security/nss/cmd/signver/examples/1/signedForm.nt.html
+++ /dev/null
@@ -1,84 +0,0 @@
-<html>
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-<head>
-<title>Form to sign</title>
-<script language="javascript">
-<!--
-function submitSigned(form){
- var signature = "";
- var dataToSign = "";
- var i;
-
- form.action='cgi-bin/signedForm.pl';
- for (i = 0; i < form.length; i++)
- if (form.elements[i].type == "text")
- dataToSign += form.elements[i].value;
-
- // alert("Data to sign:\n" + dataToSign);
- signature = crypto.signText(dataToSign, "ask");
- /* alert("You cannot see this alert");
- alert("Data signature:\n" + signature); */
-
- if (signature != "error:userCancel") {
- for (i = 0; i < form.length; i++) {
- if (form.elements[i].type == "hidden") {
- if (form.elements[i].name == "dataToSign")
- form.elements[i].value = dataToSign;
- if (form.elements[i].name == "dataSignature")
- form.elements[i].value = signature;
- }
- }
- form.submit();
- }
-}
-//-->
-</script>
-</head>
-
-<body>
-<form method=post Action="cgi-bin/form.pl">
-<input type=hidden size=30 name=dataSignature>
-<input type=hidden size=30 name=dataToSign>
-<input type=text size=30 name=p>
-<BR>
-<input type=text size=30 name=q>
-<BR>
-<input type=text size=30 name=r>
-<BR>
-<input type=submit value="Submit Data">
-<input type=button value="Sign and Submit Data" onclick=submitSigned(this.form)>
-<input type=reset value=Reset>
-</form>
-</body>
-</html>
diff --git a/security/nss/cmd/signver/examples/1/signedForm.pl b/security/nss/cmd/signver/examples/1/signedForm.pl
deleted file mode 100755
index 3c2cd0ed3..000000000
--- a/security/nss/cmd/signver/examples/1/signedForm.pl
+++ /dev/null
@@ -1,88 +0,0 @@
-#! /usr/bin/perl
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-
-
-sub decode {
- read (STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
- @pairs = split(/&/, $buffer);
- foreach $pair (@pairs)
- {
- ($name, $value) = split(/=/, $pair);
- $value =~tr/+/ /;
- $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
- $FORM{$name} = $value;
-# print "name=$name value=$value<BR>\n";
- }
-}
-
-print "Content-type: text/html\n\n";
-
-&decode();
-
-$dataSignature = $FORM{'dataSignature'};
-$dataToSign = $FORM{'dataToSign'};
-
-unlink("signature");
-open(FILE1,">signature") || die("Cannot open file for writing\n");
-
-print FILE1 "$dataSignature";
-
-close(FILE1);
-
-
-unlink("data");
-open(FILE2,">data") || die("Cannot open file for writing\n");
-
-print FILE2 "$dataToSign";
-
-close(FILE2);
-
-
-print "<BR><B>Signed Data:</B><BR>", "$dataToSign", "<BR>";
-
-print "<BR><b>Verification Info:</b><BR>";
-
-$verInfo = `./signver -D . -s signature -d data -v`;
-print "<font color=red><b>$verInfo</b></font><BR>";
-
-print "<BR><B>Signature Data:</B><BR>", "$dataSignature", "<BR>";
-
-print "<BR><b>Signature Info:</b><BR>";
-
-foreach $line (`./signver -s signature -A`) {
- print "$line<BR>\n";
-}
-
-print "<b>End of Info</b><BR>";
-
diff --git a/security/nss/cmd/signver/manifest.mn b/security/nss/cmd/signver/manifest.mn
deleted file mode 100644
index 6209082b3..000000000
--- a/security/nss/cmd/signver/manifest.mn
+++ /dev/null
@@ -1,52 +0,0 @@
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-CSRCS = signver.c \
- pk7print.c \
- $(NULL)
-
-REQUIRES = security dbm seccmd
-
-PROGRAM = signver
-
-PACKAGE_FILES = README.txt signedForm.html signedForm.pl form.pl
-ifeq ($(subst /,_,$(shell uname -s)),WINNT)
-PACKAGE_FILES += signedForm.nt.pl signver.exe
-else
-PACKAGE_FILES += signver
-endif
-
-ARCHIVE_NAME = signver
diff --git a/security/nss/cmd/signver/pk7print.c b/security/nss/cmd/signver/pk7print.c
deleted file mode 100644
index 3310ec832..000000000
--- a/security/nss/cmd/signver/pk7print.c
+++ /dev/null
@@ -1,918 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
-** secutil.c - various functions used by security stuff
-**
-*/
-
-/* pkcs #7 -related functions */
-
-
-#include "secutil.h"
-#include "secpkcs7.h"
-#include "secoid.h"
-#include <sys/stat.h>
-#include <stdarg.h>
-
-#ifdef XP_UNIX
-#include <unistd.h>
-#endif
-
-/* for SEC_TraverseNames */
-#include "cert.h"
-#include "prtypes.h"
-#include "prtime.h"
-
-#include "prlong.h"
-#include "secmod.h"
-#include "pk11func.h"
-#include "prerror.h"
-
-
-
-
-/*
-** PKCS7 Support
-*/
-
-/* forward declaration */
-int
-sv_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *);
-
-
-void
-sv_PrintAsHex(FILE *out, SECItem *data, char *m)
-{
- unsigned i;
-
- if (m) fprintf(out, m);
-
- for (i = 0; i < data->len; i++) {
- if (i < data->len - 1) {
- fprintf(out, "%02x:", data->data[i]);
- } else {
- fprintf(out, "%02x\n", data->data[i]);
- break;
- }
- }
-}
-
-void
-sv_PrintInteger(FILE *out, SECItem *i, char *m)
-{
- int iv;
-
- if (i->len > 4) {
- sv_PrintAsHex(out, i, m);
- } else {
- iv = DER_GetInteger(i);
- fprintf(out, "%s%d (0x%x)\n", m, iv, iv);
- }
-}
-
-
-int
-sv_PrintUTCTime(FILE *out, SECItem *t, char *m)
-{
- PRExplodedTime printableTime;
- int64 time;
- char *timeString;
- int rv;
-
- rv = DER_UTCTimeToTime(&time, t);
- if (rv) return rv;
-
- /* Converse to local time */
- PR_ExplodeTime(time, PR_GMTParameters, &printableTime);
-
- timeString = (char *)PORT_Alloc(100);
-
- if ( timeString ) {
- PR_FormatTime( timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime );
- fprintf(out, "%s%s\n", m, timeString);
- PORT_Free(timeString);
- return 0;
- }
- return SECFailure;
-}
-
-
-int
-sv_PrintValidity(FILE *out, CERTValidity *v, char *m)
-{
- int rv;
-
- fprintf(out, m);
- rv = sv_PrintUTCTime(out, &v->notBefore, "notBefore=");
- if (rv) return rv;
- fprintf(out, m);
- sv_PrintUTCTime(out, &v->notAfter, "notAfter=");
- return rv;
-}
-
-void
-sv_PrintObjectID(FILE *out, SECItem *oid, char *m)
-{
- char *name;
- SECOidData *oiddata;
-
- oiddata = SECOID_FindOID(oid);
- if (oiddata == NULL) {
- sv_PrintAsHex(out, oid, m);
- return;
- }
- name = oiddata->desc;
-
- if (m != NULL)
- fprintf(out, "%s", m);
- fprintf(out, "%s\n", name);
-}
-
-void
-sv_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m)
-{
- sv_PrintObjectID(out, &a->algorithm, m);
-
- if ((a->parameters.len != 2) ||
- (PORT_Memcmp(a->parameters.data, "\005\000", 2) != 0)) {
- /* Print args to algorithm */
- sv_PrintAsHex(out, &a->parameters, "Args=");
- }
-}
-
-void
-sv_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m)
-{
- SECItem *value;
- int i;
- char om[100];
-
- fprintf(out, m);
-
- /*
- * XXX Make this smarter; look at the type field and then decode
- * and print the value(s) appropriately!
- */
- sv_PrintObjectID(out, &(attr->type), "type=");
- if (attr->values != NULL) {
- i = 0;
- while ((value = attr->values[i]) != NULL) {
- sprintf(om, "%svalue[%d]=%s", m, i++, attr->encoded ? "(encoded)" : "");
- if (attr->encoded || attr->typeTag == NULL) {
- sv_PrintAsHex(out, value, om);
- } else {
- switch (attr->typeTag->offset) {
- default:
- sv_PrintAsHex(out, value, om);
- break;
- case SEC_OID_PKCS9_CONTENT_TYPE:
- sv_PrintObjectID(out, value, om);
- break;
- case SEC_OID_PKCS9_SIGNING_TIME:
- sv_PrintUTCTime(out, value, om);
- break;
- }
- }
- }
- }
-}
-
-void
-sv_PrintName(FILE *out, CERTName *name, char *msg)
-{
- char *str;
-
- str = CERT_NameToAscii(name);
- fprintf(out, "%s%s\n", msg, str);
-}
-
-
-#if 0
-/*
-** secu_PrintPKCS7EncContent
-** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it)
-*/
-void
-secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
- char *m, int level)
-{
- if (src->contentTypeTag == NULL)
- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
-
- secu_Indent(out, level);
- fprintf(out, "%s:\n", m);
- secu_Indent(out, level + 1);
- fprintf(out, "Content Type: %s\n",
- (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
- : "Unknown");
- sv_PrintAlgorithmID(out, &(src->contentEncAlg),
- "Content Encryption Algorithm");
- sv_PrintAsHex(out, &(src->encContent),
- "Encrypted Content", level+1);
-}
-
-/*
-** secu_PrintRecipientInfo
-** Prints a PKCS7RecipientInfo type
-*/
-void
-secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m,
- int level)
-{
- secu_Indent(out, level); fprintf(out, "%s:\n", m);
- sv_PrintInteger(out, &(info->version), "Version");
-
- sv_PrintName(out, &(info->issuerAndSN->issuer), "Issuer");
- sv_PrintInteger(out, &(info->issuerAndSN->serialNumber),
- "Serial Number");
-
- /* Parse and display encrypted key */
- sv_PrintAlgorithmID(out, &(info->keyEncAlg),
- "Key Encryption Algorithm");
- sv_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1);
-}
-#endif
-
-/*
-** secu_PrintSignerInfo
-** Prints a PKCS7SingerInfo type
-*/
-void
-sv_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m)
-{
- SEC_PKCS7Attribute *attr;
- int iv;
-
- fprintf(out, m);
- sv_PrintInteger(out, &(info->version), "version=");
-
- fprintf(out, m);
- sv_PrintName(out, &(info->issuerAndSN->issuer), "issuerName=");
- fprintf(out, m);
- sv_PrintInteger(out, &(info->issuerAndSN->serialNumber),
- "serialNumber=");
-
- fprintf(out, m);
- sv_PrintAlgorithmID(out, &(info->digestAlg), "digestAlgorithm=");
-
- if (info->authAttr != NULL) {
- char mm[120];
-
- iv = 0;
- while (info->authAttr[iv] != NULL) iv++;
- fprintf(out, "%sauthenticatedAttributes=%d\n", m, iv);
- iv = 0;
- while ((attr = info->authAttr[iv]) != NULL) {
- sprintf(mm, "%sattribute[%d].", m, iv++);
- sv_PrintAttribute(out, attr, mm);
- }
- }
-
- /* Parse and display signature */
- fprintf(out, m);
- sv_PrintAlgorithmID(out, &(info->digestEncAlg), "digestEncryptionAlgorithm=");
- fprintf(out, m);
- sv_PrintAsHex(out, &(info->encDigest), "encryptedDigest=");
-
- if (info->unAuthAttr != NULL) {
- char mm[120];
-
- iv = 0;
- while (info->unAuthAttr[iv] != NULL) iv++;
- fprintf(out, "%sunauthenticatedAttributes=%d\n", m, iv);
- iv = 0;
- while ((attr = info->unAuthAttr[iv]) != NULL) {
- sprintf(mm, "%sattribute[%d].", m, iv++);
- sv_PrintAttribute(out, attr, mm);
- }
- }
-}
-
-void
-sv_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m)
-{
- fprintf(out, m);
- sv_PrintInteger(out, &pk->u.rsa.modulus, "modulus=");
- fprintf(out, m);
- sv_PrintInteger(out, &pk->u.rsa.publicExponent, "exponent=");
-}
-
-void
-sv_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m)
-{
- fprintf(out, m);
- sv_PrintInteger(out, &pk->u.dsa.params.prime, "prime=");
- fprintf(out, m);
- sv_PrintInteger(out, &pk->u.dsa.params.subPrime, "subprime=");
- fprintf(out, m);
- sv_PrintInteger(out, &pk->u.dsa.params.base, "base=");
- fprintf(out, m);
- sv_PrintInteger(out, &pk->u.dsa.publicValue, "publicValue=");
-}
-
-int
-sv_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
- CERTSubjectPublicKeyInfo *i, char *msg)
-{
- SECKEYPublicKey *pk;
- int rv;
- char mm[200];
-
- sprintf(mm, "%s.publicKeyAlgorithm=", msg);
- sv_PrintAlgorithmID(out, &i->algorithm, mm);
-
- pk = (SECKEYPublicKey*) PORT_ZAlloc(sizeof(SECKEYPublicKey));
- if (!pk) return PORT_GetError();
-
- DER_ConvertBitString(&i->subjectPublicKey);
- switch(SECOID_FindOIDTag(&i->algorithm.algorithm)) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_RSAPublicKeyTemplate,
- &i->subjectPublicKey);
- if (rv) return rv;
- sprintf(mm, "%s.rsaPublicKey.", msg);
- sv_PrintRSAPublicKey(out, pk, mm);
- break;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_DSAPublicKeyTemplate,
- &i->subjectPublicKey);
- if (rv) return rv;
- sprintf(mm, "%s.dsaPublicKey.", msg);
- sv_PrintDSAPublicKey(out, pk, mm);
- break;
- default:
- fprintf(out, "%s=bad SPKI algorithm type\n", msg);
- return 0;
- }
-
- return 0;
-}
-
-SECStatus
-sv_PrintInvalidDateExten (FILE *out, SECItem *value, char *msg)
-{
- SECItem decodedValue;
- SECStatus rv;
- int64 invalidTime;
- char *formattedTime = NULL;
-
- decodedValue.data = NULL;
- rv = SEC_ASN1DecodeItem (NULL, &decodedValue, SEC_GeneralizedTimeTemplate,
- value);
- if (rv == SECSuccess) {
- rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
- if (rv == SECSuccess) {
- formattedTime = CERT_GenTime2FormattedAscii(invalidTime, "%a %b %d %H:%M:%S %Y");
- fprintf (out, "%s: %s\n", msg, formattedTime);
- PORT_Free (formattedTime);
- }
- }
- PORT_Free (decodedValue.data);
-
- return (rv);
-}
-
-int
-sv_PrintExtensions(FILE *out, CERTCertExtension **extensions, char *msg)
-{
- SECOidTag oidTag;
-
- if (extensions) {
-
- while ( *extensions ) {
- SECItem *tmpitem;
-
- fprintf(out, "%sname=", msg);
-
- tmpitem = &(*extensions)->id;
- sv_PrintObjectID(out, tmpitem, NULL);
-
- tmpitem = &(*extensions)->critical;
- if ( tmpitem->len )
- fprintf(out, "%scritical=%s\n", msg,
- (tmpitem->data && tmpitem->data[0])? "True": "False");
-
- oidTag = SECOID_FindOIDTag (&((*extensions)->id));
-
- fprintf(out, msg);
- tmpitem = &((*extensions)->value);
- if (oidTag == SEC_OID_X509_INVALID_DATE)
- sv_PrintInvalidDateExten (out, tmpitem,"invalidExt");
- else
- sv_PrintAsHex(out,tmpitem, "data=");
-
- /*fprintf(out, "\n");*/
- extensions++;
- }
- }
-
- return 0;
-}
-
-void
-sv_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m)
-{
- CERTCrlEntry *entry;
- int iv;
- char om[100];
-
- fprintf(out, m);
- sv_PrintAlgorithmID(out, &(crl->signatureAlg), "signatureAlgorithm=");
- fprintf(out, m);
- sv_PrintName(out, &(crl->name), "name=");
- fprintf(out, m);
- sv_PrintUTCTime(out, &(crl->lastUpdate), "lastUpdate=");
- fprintf(out, m);
- sv_PrintUTCTime(out, &(crl->nextUpdate), "nextUpdate=");
-
- if (crl->entries != NULL) {
- iv = 0;
- while ((entry = crl->entries[iv]) != NULL) {
- fprintf(out, "%sentry[%d].", m, iv);
- sv_PrintInteger(out, &(entry->serialNumber), "serialNumber=");
- fprintf(out, "%sentry[%d].", m, iv);
- sv_PrintUTCTime(out, &(entry->revocationDate), "revocationDate=");
- sprintf(om, "%sentry[%d].signedCRLEntriesExtensions.", m, iv++);
- sv_PrintExtensions(out, entry->extensions, om);
- }
- }
- sprintf(om, "%ssignedCRLEntriesExtensions.", m);
- sv_PrintExtensions(out, crl->extensions, om);
-}
-
-
-int
-sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = NULL;
- CERTCertificate *c;
- int rv;
- int iv;
- char mm[200];
-
- /* Decode certificate */
- c = (CERTCertificate*) PORT_ZAlloc(sizeof(CERTCertificate));
- if (!c) return PORT_GetError();
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) return SEC_ERROR_NO_MEMORY;
-
- rv = SEC_ASN1DecodeItem(arena, c, CERT_CertificateTemplate, der);
- if (rv) {
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
- }
-
- /* Pretty print it out */
- iv = DER_GetInteger(&c->version);
- fprintf(out, "%sversion=%d (0x%x)\n", m, iv + 1, iv);
- sprintf(mm, "%sserialNumber=", m);
- sv_PrintInteger(out, &c->serialNumber, mm);
- sprintf(mm, "%ssignatureAlgorithm=", m);
- sv_PrintAlgorithmID(out, &c->signature, mm);
- sprintf(mm, "%sissuerName=", m);
- sv_PrintName(out, &c->issuer, mm);
- sprintf(mm, "%svalidity.", m);
- sv_PrintValidity(out, &c->validity, mm);
- sprintf(mm, "%ssubject=", m);
- sv_PrintName(out, &c->subject, mm);
- sprintf(mm, "%ssubjectPublicKeyInfo", m);
- rv = sv_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo, mm);
- if (rv) {
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
- }
- sprintf(mm, "%ssignedExtensions.", m);
- sv_PrintExtensions(out, c->extensions, mm);
-
- PORT_FreeArena(arena, PR_FALSE);
- return 0;
-}
-
-int
-sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner)
-{
- PRArenaPool *arena = NULL;
- CERTSignedData *sd;
- int rv;
-
- /* Strip off the signature */
- sd = (CERTSignedData*) PORT_ZAlloc(sizeof(CERTSignedData));
- if (!sd) return PORT_GetError();
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) return SEC_ERROR_NO_MEMORY;
-
- rv = SEC_ASN1DecodeItem(arena, sd, CERT_SignedDataTemplate, der);
- if (rv) {
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
- }
-
-/* fprintf(out, "%s:\n", m); */
- PORT_Strcat(m, "data.");
-
- rv = (*inner)(out, &sd->data, m, 0);
- if (rv) {
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
- }
-
- m[PORT_Strlen(m) - 5] = 0;
- fprintf(out, m);
- sv_PrintAlgorithmID(out, &sd->signatureAlgorithm, "signatureAlgorithm=");
- DER_ConvertBitString(&sd->signature);
- fprintf(out, m);
- sv_PrintAsHex(out, &sd->signature, "signature=");
-
- PORT_FreeArena(arena, PR_FALSE);
- return 0;
-
-}
-
-
-/*
-** secu_PrintPKCS7Signed
-** Pretty print a PKCS7 signed data type (up to version 1).
-*/
-int
-sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src)
-{
- SECAlgorithmID *digAlg; /* digest algorithms */
- SECItem *aCert; /* certificate */
- CERTSignedCrl *aCrl; /* certificate revocation list */
- SEC_PKCS7SignerInfo *sigInfo; /* signer information */
- int rv, iv;
- char om[120];
-
- sv_PrintInteger(out, &(src->version), "pkcs7.version=");
-
- /* Parse and list digest algorithms (if any) */
- if (src->digestAlgorithms != NULL) {
- iv = 0;
- while (src->digestAlgorithms[iv] != NULL)
- iv++;
- fprintf(out, "pkcs7.digestAlgorithmListLength=%d\n", iv);
- iv = 0;
- while ((digAlg = src->digestAlgorithms[iv]) != NULL) {
- sprintf(om, "pkcs7.digestAlgorithm[%d]=", iv++);
- sv_PrintAlgorithmID(out, digAlg, om);
- }
- }
-
- /* Now for the content */
- rv = sv_PrintPKCS7ContentInfo(out, &(src->contentInfo),
- "pkcs7.contentInformation=");
- if (rv != 0) return rv;
-
- /* Parse and list certificates (if any) */
- if (src->rawCerts != NULL) {
- iv = 0;
- while (src->rawCerts[iv] != NULL)
- iv++;
- fprintf(out, "pkcs7.certificateListLength=%d\n", iv);
-
- iv = 0;
- while ((aCert = src->rawCerts[iv]) != NULL) {
- sprintf(om, "certificate[%d].", iv++);
- rv = sv_PrintSignedData(out, aCert, om, sv_PrintCertificate);
- if (rv) return rv;
- }
- }
-
- /* Parse and list CRL's (if any) */
- if (src->crls != NULL) {
- iv = 0;
- while (src->crls[iv] != NULL) iv++;
- fprintf(out, "pkcs7.signedRevocationLists=%d\n", iv);
- iv = 0;
- while ((aCrl = src->crls[iv]) != NULL) {
- sprintf(om, "signedRevocationList[%d].", iv);
- fprintf(out, om);
- sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
- "signatureAlgorithm=");
- DER_ConvertBitString(&aCrl->signatureWrap.signature);
- fprintf(out, om);
- sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "signature=");
- sprintf(om, "certificateRevocationList[%d].", iv);
- sv_PrintCRLInfo(out, &aCrl->crl, om);
- iv++;
- }
- }
-
- /* Parse and list signatures (if any) */
- if (src->signerInfos != NULL) {
- iv = 0;
- while (src->signerInfos[iv] != NULL)
- iv++;
- fprintf(out, "pkcs7.signerInformationListLength=%d\n", iv);
- iv = 0;
- while ((sigInfo = src->signerInfos[iv]) != NULL) {
- sprintf(om, "signerInformation[%d].", iv++);
- sv_PrintSignerInfo(out, sigInfo, om);
- }
- }
-
- return 0;
-}
-
-#if 0
-/*
-** secu_PrintPKCS7Enveloped
-** Pretty print a PKCS7 enveloped data type (up to version 1).
-*/
-void
-secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
- char *m, int level)
-{
- SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */
- int iv;
- char om[100];
-
- secu_Indent(out, level); fprintf(out, "%s:\n", m);
- sv_PrintInteger(out, &(src->version), "Version", level + 1);
-
- /* Parse and list recipients (this is not optional) */
- if (src->recipientInfos != NULL) {
- secu_Indent(out, level + 1);
- fprintf(out, "Recipient Information List:\n");
- iv = 0;
- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
- sprintf(om, "Recipient Information (%x)", iv);
- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
- }
- }
-
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
-}
-
-/*
-** secu_PrintPKCS7SignedEnveloped
-** Pretty print a PKCS7 singed and enveloped data type (up to version 1).
-*/
-int
-secu_PrintPKCS7SignedAndEnveloped(FILE *out,
- SEC_PKCS7SignedAndEnvelopedData *src,
- char *m, int level)
-{
- SECAlgorithmID *digAlg; /* pointer for digest algorithms */
- SECItem *aCert; /* pointer for certificate */
- CERTSignedCrl *aCrl; /* pointer for certificate revocation list */
- SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */
- SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */
- int rv, iv;
- char om[100];
-
- secu_Indent(out, level); fprintf(out, "%s:\n", m);
- sv_PrintInteger(out, &(src->version), "Version", level + 1);
-
- /* Parse and list recipients (this is not optional) */
- if (src->recipientInfos != NULL) {
- secu_Indent(out, level + 1);
- fprintf(out, "Recipient Information List:\n");
- iv = 0;
- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
- sprintf(om, "Recipient Information (%x)", iv);
- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
- }
- }
-
- /* Parse and list digest algorithms (if any) */
- if (src->digestAlgorithms != NULL) {
- secu_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
- iv = 0;
- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
- sprintf(om, "Digest Algorithm (%x)", iv);
- sv_PrintAlgorithmID(out, digAlg, om);
- }
- }
-
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
-
- /* Parse and list certificates (if any) */
- if (src->rawCerts != NULL) {
- secu_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
- iv = 0;
- while ((aCert = src->rawCerts[iv++]) != NULL) {
- sprintf(om, "Certificate (%x)", iv);
- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
- SECU_PrintCertificate);
- if (rv)
- return rv;
- }
- }
-
- /* Parse and list CRL's (if any) */
- if (src->crls != NULL) {
- secu_Indent(out, level + 1);
- fprintf(out, "Signed Revocation Lists:\n");
- iv = 0;
- while ((aCrl = src->crls[iv++]) != NULL) {
- sprintf(om, "Signed Revocation List (%x)", iv);
- secu_Indent(out, level + 2); fprintf(out, "%s:\n", om);
- sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
- "Signature Algorithm");
- DER_ConvertBitString(&aCrl->signatureWrap.signature);
- sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
- level+3);
- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
- level + 3);
- }
- }
-
- /* Parse and list signatures (if any) */
- if (src->signerInfos != NULL) {
- secu_Indent(out, level + 1);
- fprintf(out, "Signer Information List:\n");
- iv = 0;
- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
- sprintf(om, "Signer Information (%x)", iv);
- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
- }
- }
-
- return 0;
-}
-
-PR_IMPLEMENT(int)
-SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = NULL;
- CERTCrl *c = NULL;
- int rv;
-
- do {
- /* Decode CRL */
- c = (CERTCrl*) PORT_ZAlloc(sizeof(CERTCrl));
- if (!c) {
- rv = PORT_GetError();
- break;
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) {
- rv = SEC_ERROR_NO_MEMORY;
- break;
- }
-
- rv = SEC_ASN1DecodeItem(arena, c, CERT_CrlTemplate, der);
- if (rv != SECSuccess)
- break;
- SECU_PrintCRLInfo (out, c, m, level);
- } while (0);
- PORT_FreeArena (arena, PR_FALSE);
- PORT_Free (c);
- return (rv);
-}
-
-/*
-** secu_PrintPKCS7Encrypted
-** Pretty print a PKCS7 encrypted data type (up to version 1).
-*/
-void
-secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src,
- char *m, int level)
-{
- secu_Indent(out, level); fprintf(out, "%s:\n", m);
- sv_PrintInteger(out, &(src->version), "Version", level + 1);
-
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
-}
-
-/*
-** secu_PrintPKCS7Digested
-** Pretty print a PKCS7 digested data type (up to version 1).
-*/
-void
-sv_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src)
-{
- secu_Indent(out, level); fprintf(out, "%s:\n", m);
- sv_PrintInteger(out, &(src->version), "Version", level + 1);
-
- sv_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm");
- sv_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information",
- level + 1);
- sv_PrintAsHex(out, &src->digest, "Digest", level + 1);
-}
-
-#endif
-
-/*
-** secu_PrintPKCS7ContentInfo
-** Takes a SEC_PKCS7ContentInfo type and sends the contents to the
-** appropriate function
-*/
-int
-sv_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src, char *m)
-{
- char *desc;
- SECOidTag kind;
- int rv;
-
- if (src->contentTypeTag == NULL)
- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
-
- if (src->contentTypeTag == NULL) {
- desc = "Unknown";
- kind = SEC_OID_PKCS7_DATA;
- } else {
- desc = src->contentTypeTag->desc;
- kind = src->contentTypeTag->offset;
- }
-
- fprintf(out, "%s%s\n", m, desc);
-
- if (src->content.data == NULL) {
- fprintf(out, "pkcs7.data=<no content>\n");
- return 0;
- }
-
- rv = 0;
- switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */
- rv = sv_PrintPKCS7Signed(out, src->content.signedData);
- break;
-
- case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */
- fprintf(out, "pkcs7EnvelopedData=<unsupported>\n");
- /*sv_PrintPKCS7Enveloped(out, src->content.envelopedData);*/
- break;
-
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */
- fprintf(out, "pkcs7SignedEnvelopedData=<unsupported>\n");
- /*rv = sv_PrintPKCS7SignedAndEnveloped(out,
- src->content.signedAndEnvelopedData);*/
- break;
-
- case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */
- fprintf(out, "pkcs7DigestedData=<unsupported>\n");
- /*sv_PrintPKCS7Digested(out, src->content.digestedData);*/
- break;
-
- case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */
- fprintf(out, "pkcs7EncryptedData=<unsupported>\n");
- /*sv_PrintPKCS7Encrypted(out, src->content.encryptedData);*/
- break;
-
- default:
- fprintf(out, "pkcs7UnknownData=<unsupported>\n");
- /*sv_PrintAsHex(out, src->content.data);*/
- break;
- }
-
- return rv;
-}
-
-
-int
-SV_PrintPKCS7ContentInfo(FILE *out, SECItem *der)
-{
- SEC_PKCS7ContentInfo *cinfo;
- int rv = -1;
-
- cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
-
- if (cinfo != NULL) {
- rv = sv_PrintPKCS7ContentInfo(out, cinfo, "pkcs7.contentInfo=");
- SEC_PKCS7DestroyContentInfo(cinfo);
- }
-
- return rv;
-}
-/*
-** End of PKCS7 functions
-*/
diff --git a/security/nss/cmd/signver/signver.c b/security/nss/cmd/signver/signver.c
deleted file mode 100644
index 9eaf93146..000000000
--- a/security/nss/cmd/signver/signver.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secutil.h"
-#include "secmod.h"
-#include "cdbhdl.h"
-#include "cert.h"
-#include "secoid.h"
-
-/* NSPR 2.0 header files */
-#include "prinit.h"
-#include "prprf.h"
-#include "prsystem.h"
-#include "prmem.h"
-/* Portable layer header files */
-#include "plstr.h"
-
-static int debugInfo = 0;
-
-static char *usageInfo[] = {
- "Options:",
- " -a signature file is ASCII",
- " -d certdir directory containing cert database",
- " -i dataFileName input file name containing data,",
- " leave filename blank to use stdin",
- " -s signatureFileName input file name containing signature,",
- " leave filename blank to use stdin",
- " -o outputFileName output file name, default stdout",
- " -A display all information from pkcs #7",
- " -C display all information from all certs",
- " -C -n display number of certificates",
- " -C -n certNum display all information from the certNum",
- " certificate in pkcs #7 signed object",
- " -C -n certNum f1 ... fN display information about specified",
- " fields from the certNum certificate in",
- " the pkcs #7 signed object",
- " -S display signer information list",
- " -S -n display number of signer information blocks",
- " -S -n signerNum display all information from the signerNum",
- " signer information block in pkcs #7",
- " -S -n signerNum f1 ... fN display information about specified",
- " fields from the signerNum signer",
- " information block in pkcs #7 object",
- " -V verify the signed object and display result",
- " -V -v verify the signed object and display",
- " result and reason for failure",
- "Version 2.0"
-};
-static int nUsageInfo = sizeof(usageInfo)/sizeof(char *);
-
-extern int SV_PrintPKCS7ContentInfo(FILE *, SECItem *);
-
-static void Usage(char *progName, FILE *outFile)
-{
- int i;
- fprintf(outFile, "Usage: %s options\n", progName);
- for (i = 0; i < nUsageInfo; i++)
- fprintf(outFile, "%s\n", usageInfo[i]);
- exit(-1);
-}
-
-static HASH_HashType
-AlgorithmToHashType(SECAlgorithmID *digestAlgorithms)
-{
- SECOidTag tag;
-
- tag = SECOID_GetAlgorithmTag(digestAlgorithms);
-
- switch (tag) {
- case SEC_OID_MD2:
- if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgMD2 SEC_OID_MD2\n");
- return HASH_AlgMD2;
- case SEC_OID_MD5:
- if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgMD5 SEC_OID_MD5\n");
- return HASH_AlgMD5;
- case SEC_OID_SHA1:
- if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgSHA1 SEC_OID_SHA1\n");
- return HASH_AlgSHA1;
- default:
- if (debugInfo) PR_fprintf(PR_STDERR, "should never get here\n");
- return HASH_AlgNULL;
- }
-}
-
-
-static int
-DigestData (unsigned char *digest, unsigned char *data,
- unsigned int *len, unsigned int maxLen,
- HASH_HashType hashType)
-{
- SECHashObject *hashObj;
- void *hashcx;
-
- hashObj = &SECHashObjects[hashType];
- hashcx = (* hashObj->create)();
- if (hashcx == NULL)
- return -1;
-
- (* hashObj->begin)(hashcx);
- (* hashObj->update)(hashcx, data, PORT_Strlen(data));
- (* hashObj->end)(hashcx, digest, len, maxLen);
- (* hashObj->destroy)(hashcx, PR_TRUE);
-
- return 0;
-}
-
-enum {
- cmd_DisplayAllPCKS7Info = 0,
- cmd_DisplayCertInfo,
- cmd_DisplaySignerInfo,
- cmd_VerifySignedObj
-};
-
-enum {
- opt_ASCII,
- opt_CertDir,
- opt_InputDataFile,
- opt_ItemNumber,
- opt_OutputFile,
- opt_InputSigFile,
- opt_TypeTag,
- opt_PrintWhyFailure
-};
-
-static secuCommandFlag signver_commands[] =
-{
- { /* cmd_DisplayAllPCKS7Info*/ 'A', PR_FALSE, 0, PR_FALSE },
- { /* cmd_DisplayCertInfo */ 'C', PR_FALSE, 0, PR_FALSE },
- { /* cmd_DisplaySignerInfo */ 'S', PR_FALSE, 0, PR_FALSE },
- { /* cmd_VerifySignedObj */ 'V', PR_FALSE, 0, PR_FALSE }
-};
-
-static secuCommandFlag signver_options[] =
-{
- { /* opt_ASCII */ 'a', PR_FALSE, 0, PR_FALSE },
- { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
- { /* opt_InputDataFile */ 'i', PR_TRUE, 0, PR_FALSE },
- { /* opt_ItemNumber */ 'n', PR_FALSE, 0, PR_FALSE },
- { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE },
- { /* opt_InputSigFile */ 's', PR_TRUE, 0, PR_FALSE },
- { /* opt_TypeTag */ 't', PR_TRUE, 0, PR_FALSE },
- { /* opt_PrintWhyFailure */ 'v', PR_FALSE, 0, PR_FALSE }
-};
-
-int main(int argc, char **argv)
-{
- PRExplodedTime explodedCurrent;
- SECItem der, data;
- char *progName;
- int rv;
- PRFileDesc *dataFile = 0;
- PRFileDesc *signFile = 0;
- FILE *outFile = stdout;
- char *typeTag = 0;
- PRBool displayAllCerts = PR_FALSE;
- PRBool displayAllSigners = PR_FALSE;
- PRFileInfo info;
- PRInt32 nb;
-
- secuCommand signver;
- signver.numCommands = sizeof(signver_commands) /sizeof(secuCommandFlag);
- signver.numOptions = sizeof(signver_options) / sizeof(secuCommandFlag);
- signver.commands = signver_commands;
- signver.options = signver_options;
-
-#ifdef XP_PC
- progName = strrchr(argv[0], '\\');
-#else
- progName = strrchr(argv[0], '/');
-#endif
- progName = progName ? progName+1 : argv[0];
-
- /*_asm int 3*/
-
- PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &explodedCurrent);
-#if 0
- if (explodedCurrent.tm_year >= 1998
- && explodedCurrent.tm_month >= 5 /* months past tm_year (0-11, Jan = 0) */
- && explodedCurrent.tm_mday >= 1) {
- PR_fprintf(PR_STDERR, "%s: expired\n", progName);
- return -1;
- }
-#endif
-
- SECU_ParseCommandLine(argc, argv, progName, &signver);
-
- /* Set the certdb directory (default is ~/.{browser}) */
- SECU_ConfigDirectory(signver.options[opt_CertDir].arg);
-
- /* Set the certificate type. */
- typeTag = SECU_GetOptionArg(&signver, opt_TypeTag);
-
- /* -i and -s without filenames */
- if (signver.options[opt_InputDataFile].activated &&
- signver.options[opt_InputSigFile].activated &&
- !signver.options[opt_InputDataFile].arg &&
- !signver.options[opt_InputSigFile].arg)
- PR_fprintf(PR_STDERR,
- "%s: Only data or signature file can use stdin (not both).\n",
- progName);
-
- /* Open the input data file (no arg == use stdin). */
- if (signver.options[opt_InputDataFile].activated) {
- if (signver.options[opt_InputDataFile].arg)
- dataFile = PR_Open(signver.options[opt_InputDataFile].arg,
- PR_RDONLY, 0);
- else
- dataFile = PR_STDIN;
- if (!dataFile) {
- PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading.\n",
- progName, signver.options[opt_InputDataFile].arg);
- return -1;
- }
- }
-
- /* Open the input signature file (no arg == use stdin). */
- if (signver.options[opt_InputSigFile].activated) {
- if (signver.options[opt_InputSigFile].arg)
- signFile = PR_Open(signver.options[opt_InputSigFile].arg,
- PR_RDONLY, 0);
- else
- signFile = PR_STDIN;
- if (!signFile) {
- PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading.\n",
- progName, signver.options[opt_InputSigFile].arg);
- return -1;
- }
- }
-
-#if 0
- if (!typeTag) ascii = 1;
-#endif
-
- /* Open|Create the output file. */
- if (signver.options[opt_OutputFile].activated) {
- outFile = fopen(signver.options[opt_OutputFile].arg, "w");
- /*
- outFile = PR_Open(signver.options[opt_OutputFile].arg,
- PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 00660);
- */
- if (!outFile) {
- PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for writing.\n",
- progName, signver.options[opt_OutputFile].arg);
- return -1;
- }
- }
-
- if (signver.commands[cmd_DisplayCertInfo].activated &&
- !signver.options[opt_ItemNumber].arg)
- displayAllCerts = PR_TRUE;
-
- if (signver.commands[cmd_DisplaySignerInfo].activated &&
- !signver.options[opt_ItemNumber].arg)
- displayAllSigners = PR_TRUE;
-
-#if 0
- case 'W':
- debugInfo = 1;
- break;
-#endif
-
- if (!signFile && !dataFile && !typeTag)
- Usage(progName, outFile);
-
- if (!signFile && !dataFile &&
- signver.commands[cmd_VerifySignedObj].activated) {
- PR_fprintf(PR_STDERR,
- "%s: unable to read all data from standard input\n",
- progName);
- return -1;
- }
-
- PR_SetError(0, 0); /* PR_Init("pp", 1, 1, 0);*/
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
-
- rv = SECU_ReadDERFromFile(&der, signFile,
- signver.options[opt_ASCII].activated);
-
- /* Data is untyped, using the specified type */
- data.data = der.data;
- data.len = der.len;
-
-
- /* Signature Verification */
- if (!signver.options[opt_TypeTag].activated) {
- if (signver.commands[cmd_VerifySignedObj].activated) {
- SEC_PKCS7ContentInfo *cinfo;
-
- cinfo = SEC_PKCS7DecodeItem(&data, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL);
- if (cinfo != NULL) {
-#if 0
- if (debugInfo) {
- PR_fprintf(PR_STDERR, "Content %s encrypted.\n",
- SEC_PKCS7ContentIsEncrypted(cinfo) ? "was" : "was not");
-
- PR_fprintf(PR_STDERR, "Content %s signed.\n",
- SEC_PKCS7ContentIsSigned(cinfo) ? "was" : "was not");
- }
-#endif
-
- if (SEC_PKCS7ContentIsSigned(cinfo)) {
- SEC_PKCS7SignedData *signedData;
- HASH_HashType digestType;
- SECItem digest, data;
- unsigned char *dataToVerify, digestBuffer[32];
-
- signedData = cinfo->content.signedData;
-
- /* assume that there is only one digest algorithm for now */
- digestType =
- AlgorithmToHashType(signedData->digestAlgorithms[0]);
- if (digestType == HASH_AlgNULL) {
- PR_fprintf(PR_STDERR, "Invalid hash algorithmID\n");
- return (-1);
- }
- rv = SECU_FileToItem(&data, dataFile);
- dataToVerify = data.data;
- if (dataToVerify) {
- SECKEYKeyDBHandle *keyHandle;
- CERTCertDBHandle *certHandle;
- /*certUsageObjectSigner;*/
- SECCertUsage usage = certUsageEmailSigner;
-
-
-#if 0
- if (debugInfo)
- PR_fprintf(PR_STDERR, "dataToVerify=%s\n",
- dataToVerify);
-#endif
- digest.data = digestBuffer;
- if (DigestData (digest.data, dataToVerify,
- &digest.len, 32, digestType)) {
- PR_fprintf(PR_STDERR, "Fail to compute message digest for verification. Reason: %s\n",
- SECU_ErrorString((int16)PORT_GetError()));
- return (-1);
- }
-#if 0
- if (debugInfo) {
- PR_fprintf(PR_STDERR, "Data Digest=:");
- for (i = 0; i < digest.len; i++)
- PR_fprintf(PR_STDERR, "%02x:", digest.data[i]);
- PR_fprintf(PR_STDERR, "\n");
- }
-#endif
-
- keyHandle = SECKEY_GetDefaultKeyDB();
- if (keyHandle == NULL) {
- PR_fprintf(PR_STDERR, ": %s\n", SECU_ErrorString((int16)PORT_GetError()));
- return -1;
- }
-
- /* open cert database */
- certHandle = SECU_OpenCertDB(PR_TRUE);
- if (certHandle == NULL) {
- PR_fprintf(PR_STDERR, "%s Problem open the cert dbase\n",
- progName);
- return -1;
- }
-
- if (signver.commands[cmd_VerifySignedObj].activated)
- fprintf(outFile, "signatureValid=");
- PORT_SetError(0);
- if (SEC_PKCS7VerifyDetachedSignature (cinfo, usage,
- &digest, digestType, PR_FALSE)) {
- if (signver.commands[cmd_VerifySignedObj].activated)
- fprintf(outFile, "yes");
- } else {
- if (signver.commands[cmd_VerifySignedObj].activated){
- fprintf(outFile, "no");
- if (signver.options[opt_PrintWhyFailure].activated)
- fprintf(outFile, ":%s", SECU_ErrorString((int16)PORT_GetError()));
- }
- }
- if (signver.commands[cmd_VerifySignedObj].activated)
- fprintf(outFile, "\n");
-
- SECITEM_FreeItem(&data, PR_FALSE);
- } else {
- PR_fprintf(PR_STDERR, "Cannot read data\n");
- return (-1);
- }
- }
-
- SEC_PKCS7DestroyContentInfo(cinfo);
- } else
- PR_fprintf(PR_STDERR, "Unable to decode PKCS7 data\n");
- }
-
- if (signver.commands[cmd_DisplayAllPCKS7Info].activated)
- SV_PrintPKCS7ContentInfo(outFile, &data);
-
- if (displayAllCerts)
- PR_fprintf(PR_STDERR, "-C option is not implemented in this version\n");
-
- if (displayAllSigners)
- PR_fprintf(PR_STDERR, "-S option is not implemented in this version\n");
-
- /* Pretty print it */
- } else if (PL_strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) {
- rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0,
- SECU_PrintCertificate);
- } else if (PL_strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) {
- rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0,
- SECU_PrintCertificateRequest);
- } else if (PL_strcmp (typeTag, SEC_CT_CRL) == 0) {
- rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl);
- } else if (PL_strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) {
- rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0);
- } else if (PL_strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) {
- rv = SECU_PrintPublicKey(outFile, &data, "Public Key", 0);
- } else if (PL_strcmp(typeTag, SEC_CT_PKCS7) == 0) {
- rv = SECU_PrintPKCS7ContentInfo(outFile, &data,
- "PKCS #7 Content Info", 0);
- } else {
- PR_fprintf(PR_STDERR, "%s: don't know how to print out '%s' files\n",
- progName, typeTag);
- return -1;
- }
-
- if (rv) {
- PR_fprintf(PR_STDERR, "%s: problem converting data (%s)\n",
- progName, SECU_ErrorString((int16)PORT_GetError()));
- return -1;
- }
- return 0;
-}
diff --git a/security/nss/cmd/smimetools/Makefile b/security/nss/cmd/smimetools/Makefile
deleted file mode 100644
index 9e3263d43..000000000
--- a/security/nss/cmd/smimetools/Makefile
+++ /dev/null
@@ -1,73 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-include rules.mk
-
-include ../platrules.mk
diff --git a/security/nss/cmd/smimetools/cmsutil.c b/security/nss/cmd/smimetools/cmsutil.c
deleted file mode 100644
index 094a1d75c..000000000
--- a/security/nss/cmd/smimetools/cmsutil.c
+++ /dev/null
@@ -1,877 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * cmsutil -- A command to work with CMS data
- *
- * $Id$
- */
-
-#include "nspr.h"
-#include "secutil.h"
-#include "plgetopt.h"
-#include "secpkcs7.h"
-#include "cert.h"
-#include "certdb.h"
-#include "cdbhdl.h"
-#include "secoid.h"
-#include "cms.h"
-#include "smime.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-
-extern void SEC_Init(void); /* XXX */
-
-static SECStatus
-DigestFile(PLArenaPool *poolp, SECItem ***digests, FILE *inFile, SECAlgorithmID **algids)
-{
- NSSCMSDigestContext *digcx;
- int nb;
- char ibuf[4096];
- SECStatus rv;
-
- digcx = NSS_CMSDigestContext_StartMultiple(algids);
- if (digcx == NULL)
- return SECFailure;
-
- for (;;) {
- if (feof(inFile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- NSS_CMSDigestContext_Cancel(digcx);
- return SECFailure;
- }
- /* eof */
- break;
- }
- NSS_CMSDigestContext_Update(digcx, (const unsigned char *)ibuf, nb);
- }
-
- rv = NSS_CMSDigestContext_FinishMultiple(digcx, poolp, digests);
-
- return rv;
-}
-
-
-static void
-Usage(char *progName)
-{
- fprintf(stderr, "Usage: %s [-D|-S|-E] [<options>] [-d dbdir] [-u certusage]\n", progName);
- fprintf(stderr, " -i infile use infile as source of data (default: stdin)\n");
- fprintf(stderr, " -o outfile use outfile as destination of data (default: stdout)\n");
- fprintf(stderr, " -d dbdir key/cert database directory (default: ~/.netscape)\n");
- fprintf(stderr, " -p password use password as key db password (default: prompt)\n");
- fprintf(stderr, " -u certusage set type of certificate usage (default: certUsageEmailSigner)\n");
- fprintf(stderr, "\n");
- fprintf(stderr, " -D decode a CMS message\n");
- fprintf(stderr, " -c content use this detached content\n");
- fprintf(stderr, " -n suppress output of content\n");
- fprintf(stderr, " -h num generate email headers with info about CMS message\n");
- fprintf(stderr, " -S create a CMS signed message\n");
- fprintf(stderr, " -N nick use certificate named \"nick\" for signing\n");
- fprintf(stderr, " -T do not include content in CMS message\n");
- fprintf(stderr, " -G include a signing time attribute\n");
- fprintf(stderr, " -P include a SMIMECapabilities attribute\n");
- fprintf(stderr, " -Y nick include a EncryptionKeyPreference attribute with cert\n");
- fprintf(stderr, " -E create a CMS enveloped message (NYI)\n");
- fprintf(stderr, " -r id,... create envelope for these recipients,\n");
- fprintf(stderr, " where id can be a certificate nickname or email address\n");
- fprintf(stderr, "\nCert usage codes:\n");
- fprintf(stderr, "%-25s 0 - certUsageSSLClient\n", " ");
- fprintf(stderr, "%-25s 1 - certUsageSSLServer\n", " ");
- fprintf(stderr, "%-25s 2 - certUsageSSLServerWithStepUp\n", " ");
- fprintf(stderr, "%-25s 3 - certUsageSSLCA\n", " ");
- fprintf(stderr, "%-25s 4 - certUsageEmailSigner\n", " ");
- fprintf(stderr, "%-25s 5 - certUsageEmailRecipient\n", " ");
- fprintf(stderr, "%-25s 6 - certUsageObjectSigner\n", " ");
- fprintf(stderr, "%-25s 7 - certUsageUserCertImport\n", " ");
- fprintf(stderr, "%-25s 8 - certUsageVerifyCA\n", " ");
- fprintf(stderr, "%-25s 9 - certUsageProtectedObjectSigner\n", " ");
- fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " ");
- fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " ");
-
- exit(-1);
-}
-
-static CERTCertDBHandle certHandleStatic; /* avoid having to allocate */
-
-static CERTCertDBHandle *
-OpenCertDB(char *progName)
-{
- CERTCertDBHandle *certHandle;
- SECStatus rv;
-
- certHandle = &certHandleStatic;
- rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "could not open cert database");
- return NULL;
- }
-
- return certHandle;
-}
-
-char *
-ownpw(PK11SlotInfo *info, PRBool retry, void *arg)
-{
- char * passwd = NULL;
-
- if ( (!retry) && arg ) {
- passwd = PL_strdup((char *)arg);
- }
-
- return passwd;
-}
-
-struct optionsStr {
- char *password;
- SECCertUsage certUsage;
- CERTCertDBHandle *certHandle;
-};
-
-struct decodeOptionsStr {
- FILE *contentFile;
- int headerLevel;
- PRBool suppressContent;
-};
-
-struct signOptionsStr {
- char *nickname;
- char *encryptionKeyPreferenceNick;
- PRBool signingTime;
- PRBool smimeProfile;
- PRBool detached;
-};
-
-struct envelopeOptionsStr {
- char **recipients;
-};
-
-static int
-decode(FILE *out, FILE *infile, char *progName, struct optionsStr options, struct decodeOptionsStr decodeOptions)
-{
- NSSCMSDecoderContext *dcx;
- NSSCMSMessage *cmsg;
- NSSCMSContentInfo *cinfo;
- NSSCMSSignedData *sigd = NULL;
- NSSCMSEnvelopedData *envd;
- SECAlgorithmID **digestalgs;
- unsigned char buffer[32];
- int nlevels, i, nsigners, j;
- char *signercn;
- NSSCMSSignerInfo *si;
- SECOidTag typetag;
- SECItem **digests;
- PLArenaPool *poolp;
- int nb;
- char ibuf[4096];
- PK11PasswordFunc pwcb;
- void *pwcb_arg;
- SECItem *item;
-
- pwcb = (options.password != NULL) ? ownpw : NULL;
- pwcb_arg = (options.password != NULL) ? (void *)options.password : NULL;
-
- dcx = NSS_CMSDecoder_Start(NULL,
- NULL, NULL, /* content callback */
- pwcb, pwcb_arg, /* password callback */
- NULL, NULL); /* decrypt key callback */
-
- for (;;) {
- if (feof(infile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), infile);
- if (nb == 0) {
- if (ferror(infile)) {
- fprintf(stderr, "ERROR: file i/o error.\n");
- NSS_CMSDecoder_Cancel(dcx);
- return SECFailure;
- }
- /* eof */
- break;
- }
- (void)NSS_CMSDecoder_Update(dcx, (const char *)ibuf, nb);
- }
- cmsg = NSS_CMSDecoder_Finish(dcx);
- if (cmsg == NULL)
- return -1;
-
- if (decodeOptions.headerLevel >= 0) {
- fprintf(out, "SMIME: ", decodeOptions.headerLevel, i);
- }
-
- nlevels = NSS_CMSMessage_ContentLevelCount(cmsg);
- for (i = 0; i < nlevels; i++) {
- cinfo = NSS_CMSMessage_ContentLevel(cmsg, i);
- typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
-
- if (decodeOptions.headerLevel >= 0)
- fprintf(out, "\tlevel=%d.%d; ", decodeOptions.headerLevel, nlevels - i);
-
- switch (typetag) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- if (decodeOptions.headerLevel >= 0)
- fprintf(out, "type=signedData; ");
- sigd = (NSSCMSSignedData *)NSS_CMSContentInfo_GetContent(cinfo);
- if (sigd == NULL) {
- SECU_PrintError(progName, "problem finding signedData component");
- return -1;
- }
-
- /* if we have a content file, but no digests for this signedData */
- if (decodeOptions.contentFile != NULL && !NSS_CMSSignedData_HasDigests(sigd)) {
- if ((poolp = PORT_NewArena(1024)) == NULL) {
- fprintf(stderr, "Out of memory.\n");
- return -1;
- }
- digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
- if (DigestFile (poolp, &digests, decodeOptions.contentFile, digestalgs) != SECSuccess) {
- SECU_PrintError(progName, "problem computing message digest");
- return -1;
- }
- if (NSS_CMSSignedData_SetDigests(sigd, digestalgs, digests) != SECSuccess) {
-
- SECU_PrintError(progName, "problem setting message digests");
- return -1;
- }
- PORT_FreeArena(poolp, PR_FALSE);
- }
-
- /* still no digests? */
- if (!NSS_CMSSignedData_HasDigests(sigd)) {
- SECU_PrintError(progName, "no message digests");
- return -1;
- }
-
- /* find out about signers */
- nsigners = NSS_CMSSignedData_SignerInfoCount(sigd);
- if (decodeOptions.headerLevel >= 0)
- fprintf(out, "nsigners=%d; ", nsigners);
- if (nsigners == 0) {
- /* must be a cert transport message */
- } else {
- /* import the certificates */
- if (NSS_CMSSignedData_ImportCerts(sigd, options.certHandle, options.certUsage, PR_FALSE) != SECSuccess) {
- SECU_PrintError(progName, "cert import failed");
- return -1;
- }
-
- for (j = 0; j < nsigners; j++) {
- si = NSS_CMSSignedData_GetSignerInfo(sigd, j);
-
- signercn = NSS_CMSSignerInfo_GetSignerCommonName(si);
- if (signercn == NULL)
- signercn = "";
- if (decodeOptions.headerLevel >= 0)
- fprintf(out, "\n\t\tsigner%d.id=\"%s\"; ", j, signercn);
- (void)NSS_CMSSignedData_VerifySignerInfo(sigd, j, options.certHandle, options.certUsage);
-
- if (decodeOptions.headerLevel >= 0)
- fprintf(out, "signer%d.status=%s; ", j, NSS_CMSUtil_VerificationStatusToString(NSS_CMSSignerInfo_GetVerificationStatus(si)));
- /* XXX what do we do if we don't print headers? */
- }
- }
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- if (decodeOptions.headerLevel >= 0)
- fprintf(out, "type=envelopedData; ");
- envd = (NSSCMSEnvelopedData *)NSS_CMSContentInfo_GetContent(cinfo);
- break;
- case SEC_OID_PKCS7_DATA:
- if (decodeOptions.headerLevel >= 0)
- fprintf(out, "type=data; ");
- break;
- default:
- break;
- }
- if (decodeOptions.headerLevel >= 0)
- fprintf(out, "\n");
- }
-
- if (!decodeOptions.suppressContent) {
- if (decodeOptions.contentFile) {
- char buffer[4096];
- size_t nbytes;
- /* detached content: print content file */
- fseek(decodeOptions.contentFile, 0, SEEK_SET);
- while ((nbytes = fread(buffer, 1, sizeof(buffer), decodeOptions.contentFile)) != 0) {
- fwrite(buffer, nbytes, 1, out);
- }
- } else {
- if ((item = NSS_CMSMessage_GetContent(cmsg)) != NULL) {
- fwrite(item->data, item->len, 1, out);
- }
- }
- }
-
- NSS_CMSMessage_Destroy(cmsg);
- return 0;
-}
-
-static void
-writeout(void *arg, const char *buf, unsigned long len)
-{
- FILE *f = (FILE *)arg;
-
- if (f != NULL && buf != NULL)
- (void)fwrite(buf, len, 1, f);
-}
-
-static int
-sign(FILE *out, FILE *infile, char *progName, struct optionsStr options, struct signOptionsStr signOptions)
-{
- NSSCMSEncoderContext *ecx;
- NSSCMSMessage *cmsg;
- NSSCMSContentInfo *cinfo;
- NSSCMSSignedData *sigd;
- NSSCMSSignerInfo *signerinfo;
- int nb;
- char ibuf[4096];
- PK11PasswordFunc pwcb;
- void *pwcb_arg;
- CERTCertificate *cert, *ekpcert;
-
- if (signOptions.nickname == NULL) {
- fprintf(stderr, "ERROR: please indicate the nickname of a certificate to sign with.\n");
- return SECFailure;
- }
-
- if ((cert = CERT_FindCertByNickname(options.certHandle, signOptions.nickname)) == NULL) {
- SECU_PrintError(progName, "the corresponding cert for key \"%s\" does not exist",
- signOptions.nickname);
- return SECFailure;
- }
-
- /*
- * create the message object
- */
- cmsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */
- if (cmsg == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS message.\n");
- return SECFailure;
- }
- /*
- * build chain of objects: message->signedData->data
- */
- if ((sigd = NSS_CMSSignedData_Create(cmsg)) == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS signedData object.\n");
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
- cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
- if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS signedData object.\n");
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
-
- cinfo = NSS_CMSSignedData_GetContentInfo(sigd);
- /* we're always passing data in and detaching optionally */
- if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, signOptions.detached) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
-
- /*
- * create & attach signer information
- */
- if ((signerinfo = NSS_CMSSignerInfo_Create(cmsg, cert, SEC_OID_SHA1)) == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS signerInfo object.\n");
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
-
- /* we want the cert chain included for this one */
- if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChain, options.certUsage) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot find cert chain.\n");
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
-
- if (signOptions.signingTime) {
- if (NSS_CMSSignerInfo_AddSigningTime(signerinfo, PR_Now()) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add signingTime attribute.\n");
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
- }
- if (signOptions.smimeProfile) {
- if (NSS_CMSSignerInfo_AddSMIMECaps(signerinfo) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add SMIMECaps attribute.\n");
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
- }
- if (signOptions.encryptionKeyPreferenceNick) {
- /* get the cert, add it to the message */
- if ((ekpcert = CERT_FindCertByNickname(options.certHandle, signOptions.encryptionKeyPreferenceNick)) == NULL) {
- SECU_PrintError(progName, "the corresponding cert for key \"%s\" does not exist",
- signOptions.encryptionKeyPreferenceNick);
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
- if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert, options.certHandle) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n");
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
- if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add encryption certificate.\n");
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
- } else {
- /* check signing cert for fitness as encryption cert */
- /* if yes, add signing cert as EncryptionKeyPreference */
- if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, cert, options.certHandle) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add default SMIMEEncKeyPrefs attribute.\n");
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
- }
-
- if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add CMS signerInfo object.\n");
- NSS_CMSMessage_Destroy(cmsg);
- return SECFailure;
- }
-
- /*
- * do not add signer independent certificates
- */
-
- pwcb = (options.password != NULL) ? ownpw : NULL;
- pwcb_arg = (options.password != NULL) ? (void *)options.password : NULL;
-
- ecx = NSS_CMSEncoder_Start(cmsg,
- writeout, out, /* DER output callback */
- NULL, NULL, /* destination storage */
- pwcb, pwcb_arg, /* password callback */
- NULL, NULL, /* decrypt key callback */
- NULL, NULL); /* detached digests (not used, we feed) */
-
- for (;;) {
- if (feof(infile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), infile);
- if (nb == 0) {
- if (ferror(infile)) {
- fprintf(stderr, "ERROR: file i/o error.\n");
- NSS_CMSEncoder_Cancel(ecx);
- return SECFailure;
- }
- /* eof */
- break;
- }
- (void)NSS_CMSEncoder_Update(ecx, (const char *)ibuf, nb);
- }
- if (NSS_CMSEncoder_Finish(ecx) != SECSuccess) {
- fprintf(stderr, "ERROR: DER encoding problem.\n");
- return SECFailure;
- }
-
- NSS_CMSMessage_Destroy(cmsg);
- return SECSuccess;
-}
-
-static int
-envelope(FILE *out, FILE *infile, char *progName, struct optionsStr options, struct envelopeOptionsStr envelopeOptions)
-{
- SECStatus retval = SECFailure;
- NSSCMSEncoderContext *ecx;
- NSSCMSMessage *cmsg = NULL;
- NSSCMSContentInfo *cinfo;
- NSSCMSEnvelopedData *envd;
- NSSCMSRecipientInfo *recipientinfo;
- int cnt;
- int nb;
- char ibuf[4096];
- PK11PasswordFunc pwcb;
- void *pwcb_arg;
- CERTCertificate **recipientcerts;
- PLArenaPool *tmppoolp = NULL;
- SECOidTag bulkalgtag;
- int keysize, i;
-
- if ((cnt = NSS_CMSArray_Count(envelopeOptions.recipients)) == 0) {
- fprintf(stderr, "ERROR: please indicate the nickname of a certificate to sign with.\n");
- goto loser;
- }
-
- if ((tmppoolp = PORT_NewArena (1024)) == NULL) {
- fprintf(stderr, "ERROR: out of memory.\n");
- goto loser;
- }
-
- /* XXX find the recipient's certs by email address or nickname */
- if ((recipientcerts = (CERTCertificate **)NSS_CMSArray_Alloc(tmppoolp, cnt)) == NULL) {
- fprintf(stderr, "ERROR: out of memory.\n");
- goto loser;
- }
-
- for (i=0; envelopeOptions.recipients[i] != NULL; i++) {
- if ((recipientcerts[i] = CERT_FindCertByNicknameOrEmailAddr(options.certHandle, envelopeOptions.recipients[i])) == NULL) {
- SECU_PrintError(progName, "cannot find certificate for \"%s\"", envelopeOptions.recipients[i]);
- goto loser;
- }
- }
- recipientcerts[i] = NULL;
-
- /* find a nice bulk algorithm */
- if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipientcerts, &bulkalgtag, &keysize) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot find common bulk algorithm.\n");
- goto loser;
- }
-
- /*
- * create the message object
- */
- cmsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */
- if (cmsg == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS message.\n");
- goto loser;
- }
- /*
- * build chain of objects: message->envelopedData->data
- */
- if ((envd = NSS_CMSEnvelopedData_Create(cmsg, bulkalgtag, keysize)) == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS envelopedData object.\n");
- goto loser;
- }
- cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
- if (NSS_CMSContentInfo_SetContent_EnvelopedData(cmsg, cinfo, envd) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS envelopedData object.\n");
- goto loser;
- }
- cinfo = NSS_CMSEnvelopedData_GetContentInfo(envd);
- /* we're always passing data in, so the content is NULL */
- if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
- goto loser;
- }
-
- /*
- * create & attach recipient information
- */
- for (i = 0; recipientcerts[i] != NULL; i++) {
- if ((recipientinfo = NSS_CMSRecipientInfo_Create(cmsg, recipientcerts[i])) == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS recipientInfo object.\n");
- goto loser;
- }
- if (NSS_CMSEnvelopedData_AddRecipient(envd, recipientinfo) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add CMS recipientInfo object.\n");
- goto loser;
- }
- }
-
- /* we might need a password for diffie hellman key agreement, so set it up... */
- pwcb = (options.password != NULL) ? ownpw : NULL;
- pwcb_arg = (options.password != NULL) ? (void *)options.password : NULL;
-
- ecx = NSS_CMSEncoder_Start(cmsg,
- writeout, out, /* DER output callback */
- NULL, NULL, /* destination storage */
- pwcb, pwcb_arg, /* password callback */
- NULL, NULL, /* decrypt key callback (not used) */
- NULL, NULL); /* detached digests (not used) */
-
- for (;;) {
- if (feof(infile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), infile);
- if (nb == 0) {
- if (ferror(infile)) {
- fprintf(stderr, "ERROR: file i/o error.\n");
- NSS_CMSEncoder_Cancel(ecx);
- goto loser;
- }
- /* eof */
- break;
- }
- (void)NSS_CMSEncoder_Update(ecx, (const char *)ibuf, nb);
- }
- if (NSS_CMSEncoder_Finish(ecx) != SECSuccess) {
- fprintf(stderr, "ERROR: DER encoding problem.\n");
- goto loser;
- }
-
- retval = SECSuccess;
-
-loser:
- if (cmsg)
- NSS_CMSMessage_Destroy(cmsg);
- if (tmppoolp)
- PORT_FreeArena(tmppoolp, PR_FALSE);
- return retval;
-}
-
-typedef enum { UNKNOWN, DECODE, SIGN, ENCRYPT } Mode;
-
-int
-main(int argc, char **argv)
-{
- char *progName;
- FILE *outFile, *inFile;
- PLOptState *optstate;
- PLOptStatus status;
- Mode mode = UNKNOWN;
- struct decodeOptionsStr decodeOptions = { 0 };
- struct signOptionsStr signOptions = { 0 };
- struct envelopeOptionsStr envelopeOptions = { 0 };
- struct optionsStr options = { 0 };
- int exitstatus;
- static char *ptrarray[128] = { 0 };
- int nrecipients = 0;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- inFile = stdin;
- outFile = stdout;
- mode = UNKNOWN;
- decodeOptions.contentFile = NULL;
- decodeOptions.suppressContent = PR_FALSE;
- decodeOptions.headerLevel = -1;
- options.certUsage = certUsageEmailSigner;
- options.password = NULL;
- signOptions.nickname = NULL;
- signOptions.detached = PR_FALSE;
- signOptions.signingTime = PR_FALSE;
- signOptions.smimeProfile = PR_FALSE;
- signOptions.encryptionKeyPreferenceNick = NULL;
- envelopeOptions.recipients = NULL;
-
- /*
- * Parse command line arguments
- */
- optstate = PL_CreateOptState(argc, argv, "DSEnN:TGPY:h:p:i:c:d:o:s:u:r:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'D':
- mode = DECODE;
- break;
- case 'S':
- mode = SIGN;
- break;
- case 'E':
- mode = ENCRYPT;
- break;
-
- case 'n':
- if (mode != DECODE) {
- fprintf(stderr, "%s: option -n only supported with option -D.\n", progName);
- Usage(progName);
- exit(1);
- }
- decodeOptions.suppressContent = PR_TRUE;
- break;
-
- case 'N':
- if (mode != SIGN) {
- fprintf(stderr, "%s: option -N only supported with option -S.\n", progName);
- Usage(progName);
- exit(1);
- }
- signOptions.nickname = strdup(optstate->value);
- break;
-
- case 'Y':
- if (mode != SIGN) {
- fprintf(stderr, "%s: option -Y only supported with option -S.\n", progName);
- Usage(progName);
- exit(1);
- }
- signOptions.encryptionKeyPreferenceNick = strdup(optstate->value);
- break;
-
- case 'T':
- if (mode != SIGN) {
- fprintf(stderr, "%s: option -T only supported with option -S.\n", progName);
- Usage(progName);
- exit(1);
- }
- signOptions.detached = PR_TRUE;
- break;
-
- case 'G':
- if (mode != SIGN) {
- fprintf(stderr, "%s: option -G only supported with option -S.\n", progName);
- Usage(progName);
- exit(1);
- }
- signOptions.signingTime = PR_TRUE;
- break;
-
- case 'P':
- if (mode != SIGN) {
- fprintf(stderr, "%s: option -P only supported with option -S.\n", progName);
- Usage(progName);
- exit(1);
- }
- signOptions.smimeProfile = PR_TRUE;
- break;
-
- case 'h':
- if (mode != DECODE) {
- fprintf(stderr, "%s: option -h only supported with option -D.\n", progName);
- Usage(progName);
- exit(1);
- }
- decodeOptions.headerLevel = atoi(optstate->value);
- if (decodeOptions.headerLevel < 0) {
- fprintf(stderr, "option -h cannot have a negative value.\n");
- exit(1);
- }
- break;
-
- case 'p':
- if (!optstate->value) {
- fprintf(stderr, "%s: option -p must have a value.\n", progName);
- Usage(progName);
- exit(1);
- }
-
- options.password = strdup(optstate->value);
- break;
-
- case 'i':
- if ((inFile = fopen(optstate->value, "r")) == NULL) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- exit(1);
- }
- break;
-
- case 'c':
- if (mode != DECODE) {
- fprintf(stderr, "%s: option -c only supported with option -D.\n", progName);
- Usage(progName);
- exit(1);
- }
- if ((decodeOptions.contentFile = fopen(optstate->value, "r")) == NULL) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading.\n",
- progName, optstate->value);
- exit(1);
- }
- break;
-
- case 'o':
- if ((outFile = fopen(optstate->value, "w")) == NULL) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- exit(1);
- }
- break;
-
- case 'r':
- if (!optstate->value) {
- fprintf(stderr, "%s: option -r must have a value.\n", progName);
- Usage(progName);
- exit(1);
- }
-#if 0
- fprintf(stderr, "recipient = %s\n", optstate->value);
-#endif
- envelopeOptions.recipients = ptrarray;
- envelopeOptions.recipients[nrecipients++] = strdup(optstate->value);
- envelopeOptions.recipients[nrecipients] = NULL;
- break;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'u': {
- int usageType;
-
- usageType = atoi (strdup(optstate->value));
- if (usageType < certUsageSSLClient || usageType > certUsageAnyCA)
- return -1;
- options.certUsage = (SECCertUsage)usageType;
- break;
- }
-
- }
- }
-
- /* Call the libsec initialization routines */
- PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- SECU_PKCS11Init(PR_FALSE);
- SEC_Init();
-
- /* open cert database */
- options.certHandle = OpenCertDB(progName);
- if (options.certHandle == NULL) {
- return -1;
- }
- CERT_SetDefaultCertDB(options.certHandle);
-
- exitstatus = 0;
- switch (mode) {
- case DECODE:
- if (decode(outFile, inFile, progName, options, decodeOptions)) {
- SECU_PrintError(progName, "problem decoding");
- exitstatus = 1;
- }
- break;
- case SIGN:
- if (sign(outFile, inFile, progName, options, signOptions)) {
- SECU_PrintError(progName, "problem signing");
- exitstatus = 1;
- }
- break;
- case ENCRYPT:
- if (envelope(outFile, inFile, progName, options, envelopeOptions)) {
- SECU_PrintError(progName, "problem encrypting");
- exitstatus = 1;
- }
- break;
- default:
- fprintf(stderr, "One of options -D, -S or -E must be set.\n");
- Usage(progName);
- exitstatus = 1;
- }
- if (outFile != stdout)
- fclose(outFile);
-
- exit(exitstatus);
-}
diff --git a/security/nss/cmd/smimetools/manifest.mn b/security/nss/cmd/smimetools/manifest.mn
deleted file mode 100644
index 9ed96c658..000000000
--- a/security/nss/cmd/smimetools/manifest.mn
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-CSRCS = cmsutil.c
-
-MYLIB = $(DIST)/lib/libsmime.a
-
-REQUIRES = seccmd dbm
-
-PROGRAM = cmsutil
-SCRIPTS = smime
diff --git a/security/nss/cmd/smimetools/rules.mk b/security/nss/cmd/smimetools/rules.mk
deleted file mode 100644
index 51e0baaed..000000000
--- a/security/nss/cmd/smimetools/rules.mk
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# $Id$
-#
-
-install::
- $(INSTALL) -m 755 $(SCRIPTS) $(SOURCE_BIN_DIR)
diff --git a/security/nss/cmd/smimetools/smime b/security/nss/cmd/smimetools/smime
deleted file mode 100755
index dba62c27a..000000000
--- a/security/nss/cmd/smimetools/smime
+++ /dev/null
@@ -1,573 +0,0 @@
-#!/usr/local/bin/perl
-
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-
-#
-# smime.pl - frontend for S/MIME message generation and parsing
-#
-# $Id$
-#
-
-use Getopt::Std;
-
-@boundarychars = ( "0" .. "9", "A" .. "F" );
-
-# path to cmsutil
-$cmsutilpath = "cmsutil";
-
-#
-# Thanks to Gisle Aas <gisle@aas.no> for the base64 functions
-# originally taken from MIME-Base64-2.11 at www.cpan.org
-#
-sub encode_base64($)
-{
- my $res = "";
- pos($_[0]) = 0; # ensure start at the beginning
- while ($_[0] =~ /(.{1,45})/gs) {
- $res .= substr(pack('u', $1), 1); # get rid of length byte after packing
- chop($res);
- }
- $res =~ tr|` -_|AA-Za-z0-9+/|;
- # fix padding at the end
- my $padding = (3 - length($_[0]) % 3) % 3;
- $res =~ s/.{$padding}$/'=' x $padding/e if $padding;
- # break encoded string into lines of no more than 76 characters each
- $res =~ s/(.{1,76})/$1\n/g;
- $res;
-}
-
-sub decode_base64($)
-{
- local($^W) = 0; # unpack("u",...) gives bogus warning in 5.00[123]
-
- my $str = shift;
- my $res = "";
-
- $str =~ tr|A-Za-z0-9+=/||cd; # remove non-base64 chars
- if (length($str) % 4) {
- require Carp;
- Carp::carp("Length of base64 data not a multiple of 4")
- }
- $str =~ s/=+$//; # remove padding
- $str =~ tr|A-Za-z0-9+/| -_|; # convert to uuencoded format
- while ($str =~ /(.{1,60})/gs) {
- my $len = chr(32 + length($1)*3/4); # compute length byte
- $res .= unpack("u", $len . $1 ); # uudecode
- }
- $res;
-}
-
-#
-# parse headers into a hash
-#
-# %headers = parseheaders($headertext);
-#
-sub parseheaders($)
-{
- my ($headerdata) = @_;
- my $hdr;
- my %hdrhash;
- my $hdrname;
- my $hdrvalue;
- my @hdrvalues;
- my $subhdrname;
- my $subhdrvalue;
-
- # the expression in split() correctly handles continuation lines
- foreach $hdr (split(/\n(?=\S)/, $headerdata)) {
- $hdr =~ s/\r*\n\s+/ /g; # collapse continuation lines
- ($hdrname, $hdrvalue) = $hdr =~ m/^(\S+):\s+(.*)$/;
-
- # ignore non-headers (or should we die horribly?)
- next unless (defined($hdrname));
- $hdrname =~ tr/A-Z/a-z/; # lowercase the header name
- @hdrvalues = split(/\s*;\s*/, $hdrvalue); # split header values (XXXX quoting)
-
- # there is guaranteed to be at least one value
- $hdrvalue = shift @hdrvalues;
- if ($hdrvalue =~ /^\s*\"(.*)\"\s*$/) { # strip quotes if there
- $hdrvalue = $1;
- }
-
- $hdrhash{$hdrname}{MAIN} = $hdrvalue;
- # print "XXX $hdrname = $hdrvalue\n";
-
- # deal with additional name-value pairs
- foreach $hdrvalue (@hdrvalues) {
- ($subhdrname, $subhdrvalue) = $hdrvalue =~ m/^(\S+)\s*=\s*(.*)$/;
- # ignore non-name-value pairs (or should we die?)
- next unless (defined($subhdrname));
- $subhdrname =~ tr/A-Z/a-z/;
- if ($subhdrvalue =~ /^\s*\"(.*)\"\s*$/) { # strip quotes if there
- $subhdrvalue = $1;
- }
- $hdrhash{$hdrname}{$subhdrname} = $subhdrvalue;
- }
-
- }
- return %hdrhash;
-}
-
-#
-# encryptentity($entity, $options) - encrypt an S/MIME entity,
-# creating a new application/pkcs7-smime entity
-#
-# entity - string containing entire S/MIME entity to encrypt
-# options - options for cmsutil
-#
-# this will generate and return a new application/pkcs7-smime entity containing
-# the enveloped input entity.
-#
-sub encryptentity($$)
-{
- my ($entity, $cmsutiloptions) = @_;
- my $out = "";
- my $boundary;
-
- $tmpencfile = "/tmp/encryptentity.$$";
-
- #
- # generate a random boundary string
- #
- $boundary = "------------ms" . join("", @boundarychars[map{rand @boundarychars }( 1 .. 24 )]);
-
- #
- # tell cmsutil to generate a enveloped CMS message using our data
- #
- open(CMS, "|$cmsutilpath -E $cmsutiloptions -o $tmpencfile") or die "ERROR: cannot pipe to cmsutil";
- print CMS $entity;
- unless (close(CMS)) {
- print STDERR "ERROR: encryption failed.\n";
- unlink($tmpsigfile);
- exit 1;
- }
-
- $out = "Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m\n";
- $out .= "Content-Transfer-Encoding: base64\n";
- $out .= "Content-Disposition: attachment; filename=smime.p7m\n";
- $out .= "\n"; # end of entity header
-
- open (ENC, $tmpencfile) or die "ERROR: cannot find newly generated encrypted content";
- local($/) = undef; # slurp whole file
- $out .= encode_base64(<ENC>), "\n"; # entity body is base64-encoded CMS message
- close(ENC);
-
- unlink($tmpencfile);
-
- $out;
-}
-
-#
-# signentity($entity, $options) - sign an S/MIME entity
-#
-# entity - string containing entire S/MIME entity to sign
-# options - options for cmsutil
-#
-# this will generate and return a new multipart/signed entity consisting
-# of the canonicalized original content, plus a signature block.
-#
-sub signentity($$)
-{
- my ($entity, $cmsutiloptions) = @_;
- my $out = "";
- my $boundary;
-
- $tmpsigfile = "/tmp/signentity.$$";
-
- #
- # generate a random boundary string
- #
- $boundary = "------------ms" . join("", @boundarychars[map{rand @boundarychars }( 1 .. 24 )]);
-
- #
- # tell cmsutil to generate a signed CMS message using the canonicalized data
- # The signedData has detached content (-T) and includes a signing time attribute (-G)
- #
- # if we do not provide a password on the command line, here's where we would be asked for it
- #
- open(CMS, "|$cmsutilpath -S -T -G $cmsutiloptions -o $tmpsigfile") or die "ERROR: cannot pipe to cmsutil";
- print CMS $entity;
- unless (close(CMS)) {
- print STDERR "ERROR: signature generation failed.\n";
- unlink($tmpsigfile);
- exit 1;
- }
-
- open (SIG, $tmpsigfile) or die "ERROR: cannot find newly generated signature";
-
- #
- # construct a new multipart/signed MIME entity consisting of the original content and
- # the signature
- #
- # (we assume that cmsutil generates a SHA1 digest)
- $out .= "Content-Type: multipart/signed; protocol=\"application/pkcs7-signature\"; micalg=sha1; boundary=\"${boundary}\"\n";
- $out .= "\n"; # end of entity header
- $out .= "This is a cryptographically signed message in MIME format.\n"; # explanatory comment
- $out .= "\n--${boundary}\n";
- $out .= $entity;
- $out .= "\n--${boundary}\n";
- $out .= "Content-Type: application/pkcs7-signature; name=smime.p7s\n";
- $out .= "Content-Transfer-Encoding: base64\n";
- $out .= "Content-Disposition: attachment; filename=smime.p7s\n";
- $out .= "Content-Description: S/MIME Cryptographic Signature\n";
- $out .= "\n"; # end of signature subentity header
-
- local($/) = undef; # slurp whole file
- $out .= encode_base64(<SIG>); # append base64-encoded signature
- $out .= "\n--${boundary}--\n";
-
- close(SIG);
- unlink($tmpsigfile);
-
- $out;
-}
-
-sub usage {
- print STDERR "usage: smime [options]\n";
- print STDERR " options:\n";
- print STDERR " -S nick generate signed message, use certificate named \"nick\"\n";
- print STDERR " -p passwd use \"passwd\" as security module password\n";
- print STDERR " -E rec1[,rec2...] generate encrypted message for recipients\n";
- print STDERR " -D decode a S/MIME message\n";
- print STDERR " -C pathname set pathname of \"cmsutil\"\n";
- print STDERR " -d directory set directory containing certificate db\n";
- print STDERR " (default: ~/.netscape)\n";
- print STDERR "\nWith -S or -E, smime will take a regular RFC822 message or MIME entity\n";
- print STDERR "on stdin and generate a signed or encrypted S/MIME message with the same\n";
- print STDERR "headers and content from it. The output can be used as input to a MTA.\n";
- print STDERR "-D causes smime to strip off all S/MIME layers if possible and output\n";
- print STDERR "the \"inner\" message.\n";
-}
-
-#
-# start of main procedures
-#
-
-#
-# process command line options
-#
-unless (getopts('S:E:p:d:C:D')) {
- usage();
- exit 1;
-}
-
-unless (defined($opt_S) or defined($opt_E) or defined($opt_D)) {
- print STDERR "ERROR: -S and/or -E, or -D must be specified.\n";
- usage();
- exit 1;
-}
-
-$signopts = "";
-$encryptopts = "";
-$decodeopts = "";
-
-# pass -d option along
-if (defined($opt_d)) {
- $signopts .= "-d \"$opt_d\" ";
- $encryptopts .= "-d \"$opt_d\" ";
- $decodeopts .= "-d \"$opt_d\" ";
-}
-
-if (defined($opt_S)) {
- $signopts .= "-N \"$opt_S\" ";
-}
-
-if (defined($opt_p)) {
- $signopts .= "-p \"$opt_p\" ";
- $decodeopts .= "-p \"$opt_p\" ";
-}
-
-if (defined($opt_E)) {
- @recipients = split(",", $opt_E);
- $encryptopts .= "-r ";
- $encryptopts .= join (" -r ", @recipients);
-}
-
-if (defined($opt_C)) {
- $cmsutilpath = $opt_C;
-}
-
-#
-# split headers into mime entity headers and RFC822 headers
-# The RFC822 headers are preserved and stay on the outer layer of the message
-#
-$rfc822headers = "";
-$mimeheaders = "";
-$mimebody = "";
-$skippedheaders = "";
-while (<STDIN>) {
- last if (/^$/);
- if (/^content-\S+: /i) {
- $lastref = \$mimeheaders;
- } elsif (/^mime-version: /i) {
- $lastref = \$skippedheaders; # skip it
- } elsif (/^\s/) {
- ;
- } else {
- $lastref = \$rfc822headers;
- }
- $$lastref .= $_;
-}
-
-#
-# if there are no MIME entity headers, generate some default ones
-#
-if ($mimeheaders eq "") {
- $mimeheaders .= "Content-Type: text/plain; charset=us-ascii\n";
- $mimeheaders .= "Content-Transfer-Encoding: 7bit\n";
-}
-
-#
-# slurp in the entity body
-#
-$saveRS = $/;
-$/ = undef;
-$mimebody = <STDIN>;
-$/ = $saveRS;
-
-if (defined $opt_D) {
- #
- # decode
- #
- # possible options would be:
- # - strip off only one layer
- # - strip off outer signature (if present)
- # - just print information about the structure of the message
- # - strip n layers, then dump DER of CMS message
-
- $layercounter = 1;
-
- while (1) {
- %hdrhash = parseheaders($mimeheaders);
- unless (exists($hdrhash{"content-type"}{MAIN})) {
- print STDERR "ERROR: no content type header found in MIME entity\n";
- last; # no content-type - we're done
- }
-
- $contenttype = $hdrhash{"content-type"}{MAIN};
- if ($contenttype eq "application/pkcs7-mime") {
- #
- # opaque-signed or enveloped message
- #
- unless (exists($hdrhash{"content-type"}{"smime-type"})) {
- print STDERR "ERROR: no smime-type attribute in application/pkcs7-smime entity.\n";
- last;
- }
- $smimetype = $hdrhash{"content-type"}{"smime-type"};
- if ($smimetype eq "signed-data" or $smimetype eq "enveloped-data") {
- # it's verification or decryption time!
-
- # can handle only base64 encoding for now
- # all other encodings are treated as binary (8bit)
- if ($hdrhash{"content-transfer-encoding"}{MAIN} eq "base64") {
- $mimebody = decode_base64($mimebody);
- }
-
- # if we need to dump the DER, we would do it right here
-
- # now write the DER
- $tmpderfile = "/tmp/der.$$";
- open(TMP, ">$tmpderfile") or die "ERROR: cannot write signature data to temporary file";
- print TMP $mimebody;
- unless (close(TMP)) {
- print STDERR "ERROR: writing signature data to temporary file.\n";
- unlink($tmpderfile);
- exit 1;
- }
-
- $mimeheaders = "";
- open(TMP, "$cmsutilpath -D $decodeopts -h $layercounter -i $tmpderfile |") or die "ERROR: cannot open pipe to cmsutil";
- $layercounter++;
- while (<TMP>) {
- last if (/^\r?$/); # empty lines mark end of header
- if (/^SMIME: /) { # add all SMIME info to the rfc822 hdrs
- $lastref = \$rfc822headers;
- } elsif (/^\s/) {
- ; # continuation lines go to the last dest
- } else {
- $lastref = \$mimeheaders; # all other headers are mime headers
- }
- $$lastref .= $_;
- }
- # slurp in rest of the data to $mimebody
- $saveRS = $/; $/ = undef; $mimebody = <TMP>; $/ = $saveRS;
- close(TMP);
-
- unlink($tmpderfile);
-
- } else {
- print STDERR "ERROR: unknown smime-type \"$smimetype\" in application/pkcs7-smime entity.\n";
- last;
- }
- } elsif ($contenttype eq "multipart/signed") {
- #
- # clear signed message
- #
- unless (exists($hdrhash{"content-type"}{"protocol"})) {
- print STDERR "ERROR: content type has no protocol attribute in multipart/signed entity.\n";
- last;
- }
- if ($hdrhash{"content-type"}{"protocol"} ne "application/pkcs7-signature") {
- # we cannot handle this guy
- print STDERR "ERROR: unknown protocol \"", $hdrhash{"content-type"}{"protocol"},
- "\" in multipart/signed entity.\n";
- last;
- }
- unless (exists($hdrhash{"content-type"}{"boundary"})) {
- print STDERR "ERROR: no boundary attribute in multipart/signed entity.\n";
- last;
- }
- $boundary = $hdrhash{"content-type"}{"boundary"};
-
- # split $mimebody along \n--$boundary\n - gets you four parts
- # first (0), any comments the sending agent might have put in
- # second (1), the message itself
- # third (2), the signature as a mime entity
- # fourth (3), trailing data (there shouldn't be any)
-
- @multiparts = split(/\r?\n--$boundary(?:--)?\r?\n/, $mimebody);
-
- #
- # parse the signature headers
- ($submimeheaders, $submimebody) = split(/^$/m, $multiparts[2]);
- %sighdrhash = parseheaders($submimeheaders);
- unless (exists($sighdrhash{"content-type"}{MAIN})) {
- print STDERR "ERROR: signature entity has no content type.\n";
- last;
- }
- if ($sighdrhash{"content-type"}{MAIN} ne "application/pkcs7-signature") {
- # we cannot handle this guy
- print STDERR "ERROR: unknown content type \"", $sighdrhash{"content-type"}{MAIN},
- "\" in signature entity.\n";
- last;
- }
- if ($sighdrhash{"content-transfer-encoding"}{MAIN} eq "base64") {
- $submimebody = decode_base64($submimebody);
- }
-
- # we would dump the DER at this point
-
- $tmpsigfile = "/tmp/sig.$$";
- open(TMP, ">$tmpsigfile") or die "ERROR: cannot write signature data to temporary file";
- print TMP $submimebody;
- unless (close(TMP)) {
- print STDERR "ERROR: writing signature data to temporary file.\n";
- unlink($tmpsigfile);
- exit 1;
- }
-
- $tmpmsgfile = "/tmp/msg.$$";
- open(TMP, ">$tmpmsgfile") or die "ERROR: cannot write message data to temporary file";
- print TMP $multiparts[1];
- unless (close(TMP)) {
- print STDERR "ERROR: writing message data to temporary file.\n";
- unlink($tmpsigfile);
- unlink($tmpmsgfile);
- exit 1;
- }
-
- $mimeheaders = "";
- open(TMP, "$cmsutilpath -D $decodeopts -h $layercounter -c $tmpmsgfile -i $tmpsigfile |") or die "ERROR: cannot open pipe to cmsutil";
- $layercounter++;
- while (<TMP>) {
- last if (/^\r?$/);
- if (/^SMIME: /) {
- $lastref = \$rfc822headers;
- } elsif (/^\s/) {
- ;
- } else {
- $lastref = \$mimeheaders;
- }
- $$lastref .= $_;
- }
- $saveRS = $/; $/ = undef; $mimebody = <TMP>; $/ = $saveRS;
- close(TMP);
- unlink($tmpsigfile);
- unlink($tmpmsgfile);
-
- } else {
-
- # not a content type we know - we're done
- last;
-
- }
- }
-
- # so now we have the S/MIME parsing information in rfc822headers
- # and the first mime entity we could not handle in mimeheaders and mimebody.
- # dump 'em out and we're done.
- print $rfc822headers;
- print $mimeheaders . "\n" . $mimebody;
-
-} else {
-
- #
- # encode (which is much easier than decode)
- #
-
- $mimeentity = $mimeheaders . "\n" . $mimebody;
-
- #
- # canonicalize inner entity (rudimentary yet)
- # convert single LFs to CRLF
- # if no Content-Transfer-Encoding header present:
- # if 8 bit chars present, use Content-Transfer-Encoding: quoted-printable
- # otherwise, use Content-Transfer-Encoding: 7bit
- #
- $mimeentity =~ s/\r*\n/\r\n/mg;
-
- #
- # now do the wrapping
- # we sign first, then encrypt because that's what Communicator needs
- #
- if (defined($opt_S)) {
- $mimeentity = signentity($mimeentity, $signopts);
- }
-
- if (defined($opt_E)) {
- $mimeentity = encryptentity($mimeentity, $encryptopts);
- }
-
- #
- # XXX sign again to do triple wrapping (RFC2634)
- #
-
- #
- # now write out the RFC822 headers
- # followed by the final $mimeentity
- #
- print $rfc822headers;
- print "MIME-Version: 1.0 (NSS SMIME - http://www.mozilla.org/projects/security)\n"; # set up the flag
- print $mimeentity;
-}
-
-exit 0;
diff --git a/security/nss/cmd/sslstrength/Makefile b/security/nss/cmd/sslstrength/Makefile
deleted file mode 100644
index a6a708692..000000000
--- a/security/nss/cmd/sslstrength/Makefile
+++ /dev/null
@@ -1,72 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include $(CORE_DEPTH)/security/cmd/platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
diff --git a/security/nss/cmd/sslstrength/manifest.mn b/security/nss/cmd/sslstrength/manifest.mn
deleted file mode 100644
index e76d1c639..000000000
--- a/security/nss/cmd/sslstrength/manifest.mn
+++ /dev/null
@@ -1,50 +0,0 @@
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-EXPORTS =
-
-CSRCS = sslstrength.c \
- $(NULL)
-
-PROGRAM = sslstrength
-
-REQUIRES = security dbm seccmd
-
-DEFINES = -DNSPR20
-
-PACKAGE_FILES = sslstrength
-
-ARCHIVE_NAME = sslstrength
diff --git a/security/nss/cmd/sslstrength/sslstr.cgi b/security/nss/cmd/sslstrength/sslstr.cgi
deleted file mode 100644
index ab6a1bff9..000000000
--- a/security/nss/cmd/sslstrength/sslstr.cgi
+++ /dev/null
@@ -1,296 +0,0 @@
-#!/usr/bin/perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-
-use CGI qw(:standard);
-
-
-
-# Replace this will the full path to the sslstrength executable.
-$sslstrength = "./sslstrength";
-
-
-# Replace this with the name of this CGI.
-
-$sslcgi = "sslstr.cgi";
-
-
-$query = new CGI;
-
-print header;
-
-print "<HTML><HEAD>
-<SCRIPT language='javascript'>
-
-function doexport(form) {
- form.ssl2ciphers.options[0].selected=0;
- form.ssl2ciphers.options[1].selected=0;
- form.ssl2ciphers.options[2].selected=0;
- form.ssl2ciphers.options[3].selected=0;
- form.ssl2ciphers.options[4].selected=1;
- form.ssl2ciphers.options[5].selected=1;
-
- form.ssl3ciphers.options[0].selected=1;
- form.ssl3ciphers.options[1].selected=1;
- form.ssl3ciphers.options[2].selected=0;
- form.ssl3ciphers.options[3].selected=1;
- form.ssl3ciphers.options[4].selected=1;
- form.ssl3ciphers.options[5].selected=1;
- form.ssl3ciphers.options[6].selected=0;
- form.ssl3ciphers.options[7].selected=0;
-
-
-}
-
-function dodomestic(form) {
- form.ssl2ciphers.options[0].selected=1;
- form.ssl2ciphers.options[1].selected=1;
- form.ssl2ciphers.options[2].selected=1;
- form.ssl2ciphers.options[3].selected=1;
- form.ssl2ciphers.options[4].selected=1;
- form.ssl2ciphers.options[5].selected=1;
-
- form.ssl3ciphers.options[0].selected=1;
- form.ssl3ciphers.options[1].selected=1;
- form.ssl3ciphers.options[2].selected=1;
- form.ssl3ciphers.options[3].selected=1;
- form.ssl3ciphers.options[4].selected=1;
- form.ssl3ciphers.options[5].selected=1;
- form.ssl3ciphers.options[6].selected=1;
- form.ssl3ciphers.options[7].selected=1;
-
-}
-
-function doclearssl2(form) {
- form.ssl2ciphers.options[0].selected=0;
- form.ssl2ciphers.options[1].selected=0;
- form.ssl2ciphers.options[2].selected=0;
- form.ssl2ciphers.options[3].selected=0;
- form.ssl2ciphers.options[4].selected=0;
- form.ssl2ciphers.options[5].selected=0;
-}
-
-
-function doclearssl3(form) {
- form.ssl3ciphers.options[0].selected=0;
- form.ssl3ciphers.options[1].selected=0;
- form.ssl3ciphers.options[2].selected=0;
- form.ssl3ciphers.options[3].selected=0;
- form.ssl3ciphers.options[4].selected=0;
- form.ssl3ciphers.options[5].selected=0;
- form.ssl3ciphers.options[6].selected=0;
- form.ssl3ciphers.options[7].selected=0;
-
-}
-
-function dohost(form,hostname) {
- form.host.value=hostname;
- }
-
-
-
-</SCRIPT>
-<TITLE>\n";
-print "SSLStrength\n";
-print "</TITLE></HEAD>\n";
-
-print "<h1>SSLStrength</h1>\n";
-
-if ($query->param('dotest')) {
- print "Output from sslstrength: \n";
- print "<pre>\n";
-
- $cs = "";
-
- @ssl2ciphers = $query->param('ssl2ciphers');
- for $cipher (@ssl2ciphers) {
- if ($cipher eq "SSL_EN_RC2_128_WITH_MD5") { $cs .= "a"; }
- if ($cipher eq "SSL_EN_RC2_128_CBC_WITH_MD5") { $cs .= "b"; }
- if ($cipher eq "SSL_EN_DES_192_EDE3_CBC_WITH_MD5") { $cs .= "c"; }
- if ($cipher eq "SSL_EN_DES_64_CBC_WITH_MD5") { $cs .= "d"; }
- if ($cipher eq "SSL_EN_RC4_128_EXPORT40_WITH_MD5") { $cs .= "e"; }
- if ($cipher eq "SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5") { $cs .= "f"; }
- }
-
- @ssl3ciphers = $query->param('ssl3ciphers');
- for $cipher (@ssl3ciphers) {
- if ($cipher eq "SSL_RSA_WITH_RC4_128_MD5") { $cs .= "i"; }
- if ($cipher eq "SSL_RSA_WITH_3DES_EDE_CBC_SHA") { $cs .= "j"; }
- if ($cipher eq "SSL_RSA_WITH_DES_CBC_SHA") { $cs .= "k"; }
- if ($cipher eq "SSL_RSA_EXPORT_WITH_RC4_40_MD5") { $cs .= "l"; }
- if ($cipher eq "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5") { $cs .= "m"; }
- if ($cipher eq "SSL_RSA_WITH_NULL_MD5") { $cs .= "o"; }
- if ($cipher eq "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA") { $cs .= "p"; }
- if ($cipher eq "SSL_RSA_FIPS_WITH_DES_CBC_SHA") { $cs .= "q"; }
- }
-
- $hs = $query->param('host');
- if ($hs eq "") {
- print "</pre>You must specify a host to connect to.<br><br>\n";
- exit(0);
- }
-
- $ps = $query->param('policy');
-
- $cmdstring = "$sslstrength $hs policy=$ps ciphers=$cs";
-
- print "running sslstrength:\n";
- print "$cmdstring\n";
-
- $r = open(SSLS, "$cmdstring |");
- if ($r == 0) {
- print "<pre>There was a problem starting $cmdstring<br><br>\n";
- exit(0);
- }
- while (<SSLS>) {
- print "$_";
- }
- close(SSLS);
-
-
- print "</pre>\n";
-
-}
-
-else {
-print "<FORM method=post action=$sslcgi>\n";
-print "<hr>
-<h2>Host Name</h2>
-<TABLE BORDER=0 CELLPADDING=20>
-<TR>
-<TD>
-Type hostname here:<br>
-<input type=text name=host size=30>&nbsp;<br><br>
-<TD>
- <b>Or click these buttons to test some well-known servers</b><br>
- <TABLE BORDER=0>
- <TR>
- <TD>
- Export servers:
- <TD>
- <input type=button value='F-Tech' onclick=dohost(this.form,'strongbox.ftech.net')>
- </TR>
- <TR>
- <TD>
- Domestic servers:
- <TD>
- <input type=button value='Wells Fargo' onclick=dohost(this.form,'banking.wellsfargo.com')>
- </TR>
- <TR>
- <TD>
- Step-Up Servers
- <TD>
- <input type=button value='Barclaycard' onclick=dohost(this.form,'enigma.barclaycard.co.uk')>
- <input type=button value='BBVnet' onclick=dohost(this.form,'www.bbvnet.com')>&nbsp;
- <input type=button value='BHIF' onclick=dohost(this.form,'empresas.bhif.cl')>&nbsp;
- </TR>
- </TABLE>
-</TR>
-</TABLE>
-<br>
-<hr>
-<br>
-<h2>Encryption policy</h2>
-<input type=radio name=policy VALUE=export onclick=doexport(this.form)>&nbsp;
-Export<br>
-<input type=radio name=policy VALUE=domestic CHECKED onclick=dodomestic(this.form)>&nbsp;
-Domestic<br>
-<br>
-<hr>
-<br>
-<h2>Cipher Selection</h2>
-(use ctrl to multi-select)<br>
-<table>
-<tr>
-<td>SSL 2 Ciphers
-<td>
-<SELECT NAME=ssl2ciphers SIZE=6 MULTIPLE align=bottom>
-<OPTION SELECTED>SSL_EN_RC4_128_WITH_MD5
-<OPTION SELECTED>SSL_EN_RC2_128_CBC_WITH_MD5
-<OPTION SELECTED>SSL_EN_DES_192_EDE3_CBC_WITH_MD5
-<OPTION SELECTED>SSL_EN_DES_64_CBC_WITH_MD5
-<OPTION SELECTED>SSL_EN_RC4_128_EXPORT40_WITH_MD5
-<OPTION SELECTED>SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5
-</SELECT>
-<input type=button Value='Clear all' onclick = 'doclearssl2(this.form)'>
-</tr>
-<tr>
-<td>SSL3 Ciphers
-<td>
-<SELECT NAME=ssl3ciphers SIZE=8 MULTIPLE>
-<OPTION SELECTED>SSL_RSA_WITH_RC4_128_MD5
-<OPTION SELECTED>SSL_RSA_WITH_3DES_EDE_CBC_SHA
-<OPTION SELECTED>SSL_RSA_WITH_DES_CBC_SHA
-<OPTION SELECTED>SSL_RSA_EXPORT_WITH_RC4_40_MD5
-<OPTION SELECTED>SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
-<OPTION SELECTED>SSL_RSA_WITH_NULL_MD5
-<OPTION SELECTED>SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
-<OPTION SELECTED>SSL_RSA_FIPS_WITH_DES_CBC_SHA
-</SELECT>
-<input type=button value='Clear all' onclick = 'doclearssl3(this.form)'>
-
-<TD>
-<input type=submit name=dotest value='Run SSLStrength'>
-</tr>
-</table>
-<input type=hidden name=dotest>
-<br>
-<br>
-</form>
-\n";
-
-}
-
-
-exit(0);
-
-
-__END__
-
- id CipherName Domestic Export
- a SSL_EN_RC4_128_WITH_MD5 (ssl2) Yes No
- b SSL_EN_RC2_128_CBC_WITH_MD5 (ssl2) Yes No
- c SSL_EN_DES_192_EDE3_CBC_WITH_MD5 (ssl2) Yes No
- d SSL_EN_DES_64_CBC_WITH_MD5 (ssl2) Yes No
- e SSL_EN_RC4_128_EXPORT40_WITH_MD5 (ssl2) Yes Yes
- f SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 (ssl2) Yes Yes
- i SSL_RSA_WITH_RC4_128_MD5 (ssl3) Yes Step-up only
- j SSL_RSA_WITH_3DES_EDE_CBC_SHA (ssl3) Yes Step-up only
- k SSL_RSA_WITH_DES_CBC_SHA (ssl3) Yes No
- l SSL_RSA_EXPORT_WITH_RC4_40_MD5 (ssl3) Yes Yes
- m SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (ssl3) Yes Yes
- o SSL_RSA_WITH_NULL_MD5 (ssl3) Yes Yes
-
-
-
diff --git a/security/nss/cmd/sslstrength/sslstrength.c b/security/nss/cmd/sslstrength/sslstrength.c
deleted file mode 100644
index 33cda1372..000000000
--- a/security/nss/cmd/sslstrength/sslstrength.c
+++ /dev/null
@@ -1,641 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef SSLTELNET
-#include <termios.h>
-#endif
-
-/* Portable layer header files */
-#include "prinit.h"
-#include "prprf.h"
-#include "prsystem.h"
-#include "prmem.h"
-#include "plstr.h"
-#include "prnetdb.h"
-#include "prinrval.h"
-
-#include "secutil.h"
-
-/* Security library files */
-#include "cert.h"
-#include "cdbhdl.h"
-#include "ssl.h"
-#include "sslproto.h"
-
-/* define this if you want telnet capability! */
-
-/* #define SSLTELNET 1 */
-
-PRInt32 debug;
-
-#ifdef DEBUG_stevep
-#define dbmsg(x) if (verbose) PR_fprintf(PR_STDOUT,x);
-#else
-#define dbmsg(x) ;
-#endif
-
-
-/* Set SSL Policy to Domestic (strong=1) or Export (strong=0) */
-
-#define ALLOW(x) SSL_SetPolicy(x,SSL_ALLOWED); SSL_EnableCipher(x,1);
-#define DISALLOW(x) SSL_SetPolicy(x,SSL_NOT_ALLOWED); SSL_EnableCipher(x,0);
-#define MAYBEALLOW(x) SSL_SetPolicy(x,SSL_RESTRICTED); SSL_EnableCipher(x,1);
-
-struct CipherPolicy {
- char number;
- long id;
- char *name;
- PRInt32 pref;
- PRInt32 domestic;
- PRInt32 export;
-};
-
-struct CipherPolicy ciphers[] = {
- { 'a',SSL_EN_RC4_128_WITH_MD5, "SSL_EN_RC4_128_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
- { 'b',SSL_EN_RC2_128_CBC_WITH_MD5, "SSL_EN_RC2_128_CBC_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
- { 'c',SSL_EN_DES_192_EDE3_CBC_WITH_MD5, "SSL_EN_DES_192_EDE3_CBC_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
- { 'd',SSL_EN_DES_64_CBC_WITH_MD5, "SSL_EN_DES_64_CBC_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
- { 'e',SSL_EN_RC4_128_EXPORT40_WITH_MD5, "SSL_EN_RC4_128_EXPORT40_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_ALLOWED },
- { 'f',SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, "SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_ALLOWED },
-#ifdef FORTEZZA
- { 'g',SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",1,SSL_ALLOWED,SSL_NOT_ALLOWED },
- { 'h',SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, "SSL_FORTEZZA_DMS_WITH_RC4_128_SHA",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
-#endif
- { 'i',SSL_RSA_WITH_RC4_128_MD5, "SSL_RSA_WITH_RC4_128_MD5 (ssl3)",1, SSL_ALLOWED,SSL_RESTRICTED },
- { 'j',SSL_RSA_WITH_3DES_EDE_CBC_SHA, "SSL_RSA_WITH_3DES_EDE_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_RESTRICTED },
- { 'k',SSL_RSA_WITH_DES_CBC_SHA, "SSL_RSA_WITH_DES_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
- { 'l',SSL_RSA_EXPORT_WITH_RC4_40_MD5, "SSL_RSA_EXPORT_WITH_RC4_40_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
- { 'm',SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
-#ifdef FORTEZZA
- { 'n',SSL_FORTEZZA_DMS_WITH_NULL_SHA, "SSL_FORTEZZA_DMS_WITH_NULL_SHA",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
-#endif
- { 'o',SSL_RSA_WITH_NULL_MD5, "SSL_RSA_WITH_NULL_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
- { 'p',SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
- { 'q',SSL_RSA_FIPS_WITH_DES_CBC_SHA, "SSL_RSA_FIPS_WITH_DES_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED }
-
-};
-
-void PrintErrString(char *progName,char *msg) {
-
- PRErrorCode e = PORT_GetError();
- char *s=NULL;
-
-
- if ((e >= PR_NSPR_ERROR_BASE) && (e < PR_MAX_ERROR)) {
-
- if (e == PR_DIRECTORY_LOOKUP_ERROR)
- s = PL_strdup("Hostname Lookup Failed");
- else if (e == PR_NETWORK_UNREACHABLE_ERROR)
- s = PL_strdup("Network Unreachable");
- else if (e == PR_CONNECT_TIMEOUT_ERROR)
- s = PL_strdup("Connection Timed Out");
- else s = PR_smprintf("%d",e);
-
- if (!s) return;
- }
- else {
- s = PL_strdup(SECU_ErrorString(e));
- }
-
- PR_fprintf(PR_STDOUT,"%s: ",progName);
- if (s) {
- if (strlen(s) > 0)
- PR_fprintf(PR_STDOUT, "%s\n", s);
- else
- PR_fprintf(PR_STDOUT, "\n");
-
- PR_Free(s);
- }
-
-}
-
-void PrintCiphers(int onlyenabled) {
- int ciphercount,i;
-
- if (onlyenabled) {
- PR_fprintf(PR_STDOUT,"Your Cipher preference:\n");
- }
-
- ciphercount = sizeof(ciphers)/sizeof(struct CipherPolicy);
- PR_fprintf(PR_STDOUT,
- " %s %-45s %-12s %-12s\n","id","CipherName","Domestic","Export");
-
- for (i=0;i<ciphercount;i++) {
- if ( (onlyenabled ==0) || ((onlyenabled==1)&&(ciphers[i].pref))) {
- PR_fprintf(PR_STDOUT,
- " %c %-45s %-12s %-12s\n",ciphers[i].number,ciphers[i].name,
- (ciphers[i].domestic==SSL_ALLOWED)?"Yes":
- ( (ciphers[i].domestic==SSL_NOT_ALLOWED)?"No":"Step-up only"),
- (ciphers[i].export==SSL_ALLOWED)?"Yes":
- ( (ciphers[i].export==SSL_NOT_ALLOWED)?"No":"Step-up only"));
- }
- }
-}
-
-
-void SetPolicy(char *c,int policy) { /* policy==1 : domestic, policy==0, export */
- int i,j,cpolicy;
- /* first, enable all relevant ciphers according to policy */
- for (j=0;j<(sizeof(ciphers)/sizeof(struct CipherPolicy));j++) {
- SSL_SetPolicy(ciphers[j].id,policy?ciphers[j].domestic:ciphers[j].export);
- SSL_EnableCipher(ciphers[j].id,0);
- ciphers[j].pref =0;
- }
-
-
- for (i=0;i<PL_strlen(c);i++) {
- for (j=0;j<(sizeof(ciphers)/sizeof(struct CipherPolicy));j++) {
- if (ciphers[j].number == c[i]) {
- cpolicy = policy?ciphers[j].domestic:ciphers[j].export;
- if (cpolicy == SSL_NOT_ALLOWED) {
- PR_fprintf(PR_STDOUT, "You're trying to enable a cipher (%c:%s) outside of your policy. ignored\n",
- c[i],ciphers[j].name);
- }
- else {
- ciphers[j].pref=1;
- SSL_EnableCipher(ciphers[j].id,1);
- }
- }
- }
- }
-}
-
-
-int MyAuthCertificateHook(void *arg, PRFileDesc *fd, PRBool checksig, PRBool isserver) {
- return SECSuccess;
-}
-
-
-void Usage() {
-#ifdef SSLTELNET
- PR_fprintf(PR_STDOUT,"SSLTelnet ");
-#else
- PR_fprintf(PR_STDOUT,"SSLStrength (No telnet functionality) ");
-#endif
- PR_fprintf(PR_STDOUT,"Version 1.5\n");
-
- PR_fprintf(PR_STDOUT,"Usage:\n sslstrength hostname[:port] [ciphers=xyz] [certdir=x] [debug] [verbose] "
-#ifdef SSLTELNET
-"[telnet]|[servertype]|[querystring=<string>] "
-#endif
-"[policy=export|domestic]\n sslstrength ciphers\n");
-}
-
-
-PRInt32 debug = 0;
-PRInt32 verbose = 0;
-
-PRInt32 main(PRInt32 argc,char **argv, char **envp)
-{
-
-
- /* defaults for command line arguments */
- char *hostnamearg=NULL;
- char *portnumarg=NULL;
- char *sslversionarg=NULL;
- char *keylenarg=NULL;
- char *certdir=NULL;
- char *hostname;
- char *nickname=NULL;
- char *progname=NULL;
- /* struct sockaddr_in addr; */
- PRNetAddr addr;
-
- int ss_on;
- char *ss_cipher;
- int ss_keysize;
- int ss_secretsize;
- char *ss_issuer;
- char *ss_subject;
- int policy=1;
- char *set_ssl_policy=NULL;
- int print_ciphers=0;
-
- char buf[10];
- char netdbbuf[PR_NETDB_BUF_SIZE];
- PRHostEnt hp;
- PRStatus r;
- PRNetAddr na;
- SECStatus rv;
- int portnum=443; /* default https: port */
- PRFileDesc *s,*fd;
-
- CERTCertDBHandle *handle;
- CERTCertificate *c;
- PRInt32 i;
-#ifdef SSLTELNET
- struct termios tmp_tc;
- char cb;
- int prev_lflag,prev_oflag,prev_iflag;
- int t_fin,t_fout;
- int servertype=0, telnet=0;
- char *querystring=NULL;
-#endif
-
- debug = 0;
-
- progname = (char *)PL_strrchr(argv[0], '/');
- progname = progname ? progname+1 : argv[0];
-
- /* Read in command line args */
- if (argc == 1) {
- Usage();
- return(0);
- }
-
- if (! PL_strcmp("ciphers",argv[1])) {
- PrintCiphers(0);
- exit(0);
- }
-
- hostname = argv[1];
-
- if (!PL_strcmp(hostname , "usage") || !PL_strcmp(hostname, "-help") ) {
- Usage();
- exit(0);
- }
-
- if ((portnumarg = PL_strchr(hostname,':'))) {
- *portnumarg = 0;
- portnumarg = &portnumarg[1];
- }
-
- if (portnumarg) {
- if (PL_strlen(portnumarg) == 0) {
- PR_fprintf(PR_STDOUT,"malformed port number supplied\n");
- return(1);
- }
- portnum = atoi(portnumarg);
- }
-
- for (i = 2 ; i < argc; i++)
- {
- if (!PL_strncmp(argv[i] , "sslversion=",11) )
- sslversionarg=&(argv[i][11]);
- else if (!PL_strncmp(argv[i], "certdir=",8) )
- certdir = &(argv[i][8]);
- else if (!PL_strncmp(argv[i], "ciphers=",8) )
- {
- set_ssl_policy=&(argv[i][8]);
- }
- else if (!PL_strncmp(argv[i], "policy=",7) ) {
- if (!PL_strcmp(&(argv[i][7]),"domestic")) policy=1;
- else if (!PL_strcmp(&(argv[i][7]),"export")) policy=0;
- else {
- PR_fprintf(PR_STDOUT,"sslstrength: invalid argument. policy must be one of (domestic,export)\n");
- }
- }
- else if (!PL_strcmp(argv[i] , "debug") )
- debug = 1;
-#ifdef SSLTELNET
- else if (!PL_strcmp(argv[i] , "telnet") )
- telnet = 1;
- else if (!PL_strcmp(argv[i] , "servertype") )
- servertype = 1;
- else if (!PL_strncmp(argv[i] , "querystring=",11) )
- querystring = &argv[i][12];
-#endif
- else if (!PL_strcmp(argv[i] , "verbose") )
- verbose = 1;
- }
-
-#ifdef SSLTELNET
- if (telnet && (servertype || querystring)) {
- PR_fprintf(PR_STDOUT,"You can't use telnet and (server or querystring) options at the same time\n");
- exit(1);
- }
-#endif
-
- PR_fprintf(PR_STDOUT,"Using %s policy\n",policy?"domestic":"export");
-
- /* use current directory for certificate database if not set */
-
- if (! certdir) {
- certdir = PR_smprintf(".");
- }
-
- SECU_ConfigDirectory(certdir);
-
-
- /* allow you to set env var SSLDIR to set the cert directory */
- if (! certdir) certdir = SECU_DefaultSSLDir();
- if (certdir) SECU_ConfigDirectory(certdir);
-
- /* PR_Init(progname, 1, 1, 0); */
- SECU_PKCS11Init(PR_FALSE /*readOnly==PR_FALSE*/);
-
- /* Lookup host */
- r = PR_GetHostByName(hostname,netdbbuf,PR_NETDB_BUF_SIZE,&hp);
-
- if (r) {
- PrintErrString(progname,"Host Name lookup failed");
- return(1);
- }
-
- /* should the third field really be 0? */
-
- PR_EnumerateHostEnt(0,&hp,0,&na);
- PR_InitializeNetAddr(PR_IpAddrNull,portnum,&na);
-
- PR_fprintf(PR_STDOUT,"Connecting to %s:%d\n",hostname, portnum);
-
- /* Create socket */
-
- fd = PR_NewTCPSocket();
- if (fd == NULL) {
- PrintErrString(progname, "error creating socket");
- return -1;
- }
-
- s = SSL_ImportFD(NULL,fd);
- if (s == NULL) {
- PrintErrString(progname, "error creating socket");
- return -1;
- }
-
- /* Initialize all the libsec goodies */
- SEC_Init();
-
- dbmsg("10: About to enable security\n");
-
- rv = SSL_Enable(s, SSL_SECURITY, 1);
- if (rv < 0) {
- PrintErrString(progname, "error enabling socket");
- return -1;
- }
-
- if (set_ssl_policy) {
- SetPolicy(set_ssl_policy,policy);
- }
- else {
- PR_fprintf(PR_STDOUT,"Using all ciphersuites usually found in client\n");
- if (policy) {
- SetPolicy("abcdefghijklmnopqrst",policy);
- }
- else {
- SetPolicy("efghijlmo",policy);
- }
- }
-
- PrintCiphers(1);
-
- rv = SSL_Enable(s, SSL_HANDSHAKE_AS_CLIENT, 1);
- if (rv < 0) {
- PrintErrString(progname, "error enabling client handshake");
- return -1;
- }
-
- handle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle));
- if (!handle) {
- PrintErrString(progname, "could not allocate database handle");
- return -1;
- }
-
- dbmsg("20: About to open certificate database\n");
-
-
- /* Open up the certificate database */
- rv = CERT_OpenCertDBFilename(handle, "cert7.db", PR_TRUE);
- if ( rv ) {
- PrintErrString(progname, "unable to open cert database");
- rv = CERT_OpenVolatileCertDB(handle);
- }
-
- CERT_SetDefaultCertDB(handle);
-
- dbmsg("30: About to set AuthCertificateHook\n");
-
-
- SSL_AuthCertificateHook(s, MyAuthCertificateHook, (void *)handle);
- /* SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); */
- /* SSL_GetClientAuthDataHook(s, GetClientAuthDataHook, (void *)nickname);*/
-
-
- dbmsg("40: About to SSLConnect\n");
-
- /* Try to connect to the server */
- /* now SSL_Connect takes new arguments. */
-
-
- r = PR_Connect(s, &na, PR_TicksPerSecond()*5);
- if (r < 0) {
- PrintErrString(progname, "unable to connect");
- return -1;
- }
-
- rv = SSL_ForceHandshake(s);
-
- if (rv) {
- PrintErrString(progname,"SSL Handshake failed. ");
- exit(1);
- }
-
- rv = SSL_SecurityStatus(s, &ss_on, &ss_cipher,
- &ss_keysize, &ss_secretsize,
- &ss_issuer, &ss_subject);
-
-
- dbmsg("60: done with security status, about to print\n");
-
- c = SSL_PeerCertificate(s);
- if (!c) PR_fprintf(PR_STDOUT,"Couldn't retrieve peers Certificate\n");
- PR_fprintf(PR_STDOUT,"SSL Connection Status\n",rv);
-
- PR_fprintf(PR_STDOUT," Cipher: %s\n",ss_cipher);
- PR_fprintf(PR_STDOUT," Key Size: %d\n",ss_keysize);
- PR_fprintf(PR_STDOUT," Secret Key Size: %d\n",ss_secretsize);
- PR_fprintf(PR_STDOUT," Issuer: %s\n",ss_issuer);
- PR_fprintf(PR_STDOUT," Subject: %s\n",ss_subject);
-
- PR_fprintf(PR_STDOUT," Valid: from %s to %s\n",
- c==NULL?"???":DER_UTCDayToAscii(&c->validity.notBefore),
- c==NULL?"???":DER_UTCDayToAscii(&c->validity.notAfter));
-
-#ifdef SSLTELNET
-
-
-
-
- if (servertype || querystring) {
- char buffer[1024];
- char ch;
- char qs[] = "HEAD / HTTP/1.0";
-
-
-
-
- if (!querystring) querystring = qs;
- PR_fprintf(PR_STDOUT,"\nServer query mode\n>>Sending:\n%s\n",querystring);
-
- PR_fprintf(PR_STDOUT,"\n*** Server said:\n");
- ch = querystring[PL_strlen(querystring)-1];
- if (ch == '"' || ch == '\'') {
- PR_fprintf(PR_STDOUT,"Warning: I'm not smart enough to cope with quotes mid-string like that\n");
- }
-
- rv = PR_Write(s,querystring,PL_strlen(querystring));
- if ((rv < 1) ) {
- PR_fprintf(PR_STDOUT,"Oh dear - couldn't send servertype query\n");
- goto closedown;
- }
-
- rv = PR_Write(s,"\r\n\r\n",4);
- rv = PR_Read(s,buffer,1024);
- if ((rv < 1) ) {
- PR_fprintf(PR_STDOUT,"Oh dear - couldn't read server repsonse\n");
- goto closedown;
- }
- PR_Write(PR_STDOUT,buffer,rv);
- }
-
-
- if (telnet) {
-
- PR_fprintf(PR_STDOUT,"---------------------------\n"
- "telnet mode. CTRL-C to exit\n"
- "---------------------------\n");
-
-
-
- /* fudge terminal attributes */
- t_fin = PR_FileDesc2NativeHandle(PR_STDIN);
- t_fout = PR_FileDesc2NativeHandle(PR_STDOUT);
-
- tcgetattr(t_fin,&tmp_tc);
- prev_lflag = tmp_tc.c_lflag;
- prev_oflag = tmp_tc.c_oflag;
- prev_iflag = tmp_tc.c_iflag;
- tmp_tc.c_lflag &= ~ECHO;
- /* tmp_tc.c_oflag &= ~ONLCR; */
- tmp_tc.c_lflag &= ~ICANON;
- tmp_tc.c_iflag &= ~ICRNL;
- tmp_tc.c_cflag |= CS8;
- tmp_tc.c_cc[VMIN] = 1;
- tmp_tc.c_cc[VTIME] = 0;
-
- tcsetattr(t_fin, TCSANOW, &tmp_tc);
- /* ioctl(tin, FIONBIO, (char *)&onoff);
- ioctl(tout, FIONBIO, (char *)&onoff);*/
-
-
- {
- PRPollDesc pds[2];
- char buffer[1024];
- int amt,amtwritten;
- char *x;
-
- /* STDIN */
- pds[0].fd = PR_STDIN;
- pds[0].in_flags = PR_POLL_READ;
- pds[1].fd = s;
- pds[1].in_flags = PR_POLL_READ | PR_POLL_EXCEPT;
-
- while (1) {
- int nfds;
-
- nfds = PR_Poll(pds,2,PR_SecondsToInterval(2));
- if (nfds == 0) continue;
-
- /** read input from keyboard*/
- /* note: this is very inefficient if reading from a file */
-
- if (pds[0].out_flags & PR_POLL_READ) {
- amt = PR_Read(PR_STDIN,&buffer,1);
- /* PR_fprintf(PR_STDOUT,"fd[0]:%d=%d\r\n",amt,buffer[0]); */
- if (amt == 0) {
- PR_fprintf(PR_STDOUT,"\n");
- goto loser;
- }
-
- if (buffer[0] == '\r') {
- buffer[0] = '\r';
- buffer[1] = '\n';
- amt = 2;
- }
- rv = PR_Write(PR_STDOUT,buffer,amt);
-
-
- rv = PR_Write(s,buffer,amt);
- if (rv == -1) {
- PR_fprintf(PR_STDOUT,"Error writing to socket: %d\n",PR_GetError());
- }
- }
-
- /***/
-
-
- /***/
- if (pds[1].out_flags & PR_POLL_EXCEPT) {
- PR_fprintf(PR_STDOUT,"\r\nServer closed connection\r\n");
- goto loser;
- }
- if (pds[1].out_flags & PR_POLL_READ) {
- amt = PR_Read(s,&buffer,1024);
-
- if (amt == 0) {
- PR_fprintf(PR_STDOUT,"\r\nServer closed connection\r\n");
- goto loser;
- }
- rv = PR_Write(PR_STDOUT,buffer,amt);
- }
- /***/
-
- }
- }
- loser:
-
- /* set terminal back to normal */
- tcgetattr(t_fin,&tmp_tc);
-
- tmp_tc.c_lflag = prev_lflag;
- tmp_tc.c_oflag = prev_oflag;
- tmp_tc.c_iflag = prev_iflag;
- tcsetattr(t_fin, TCSANOW, &tmp_tc);
-
- /* ioctl(tin, FIONBIO, (char *)&onoff);
- ioctl(tout, FIONBIO, (char *)&onoff); */
- }
-
-#endif
- /* SSLTELNET */
-
- closedown:
-
- PR_Close(s);
-
- return(0);
-
-} /* main */
-
-/*EOF*/
-
diff --git a/security/nss/cmd/sslstrength/sslwrap b/security/nss/cmd/sslstrength/sslwrap
deleted file mode 100755
index e6955dc92..000000000
--- a/security/nss/cmd/sslstrength/sslwrap
+++ /dev/null
@@ -1,181 +0,0 @@
-#!/usr/bin/perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-
-@profiles = (
-# "host:port" "policy" "ciphers" "exp-cipher" "expkeysize"
-
- [ "cfu:443", "export", "efijlmo", "RC4-40", "40" ],
- [ "hbombsgi:448", "export", "efijlmo", "RC4-40", "40" ],
- [ "hbombsgi:448", "domestic", "abcdefijklmo", "RC4", "128" ],
- [ "gandalf:5666", "domestic", "abcdefijklmo", "RC4", "128" ],
- [ "gandalf:5666", "export", "efijlmo", "RC4", "128" ],
- [ "gandalf:5666", "domestic", "j", "3DES-EDE-CBC", "168" ],
- [ "gandalf:5666", "domestic", "k", "DES-CBC", "56" ],
- [ "gandalf:5666", "export", "l", "RC4-40", "40" ],
- [ "gandalf:5666", "export", "efijlmo", "RC4", "128" ],
- [ "hbombcfu:443", "export", "efijlmo", "RC4", "128" ],
-
- );
-
-$file = &filename;
-
-open(HTML, ">$file.htm") || die"Cannot open html output file\n";
-
-$mutversion = "";
-$platform = $ARGV[0];
-
-
-print HTML
-"<HTML><HEAD>
-<TITLE>ssl/sslstrength: Version: $mutversion Platform: $platform Run date mm/dd/yy</TITLE></HEAD><BODY>\n";
-
-print HTML
-"<TABLE BORDER=1><TR>
-<TD><B>Test Case Number</B></TD>
-<TD><B>Program</B></TD>
-<TD><B>Description of Test Case</B></TD>
-<TD><B>Start date/time<B></TD>
-<TD><B>End date/time<B></TD>
-<TD><B>PASS/FAIL</B></TD>
-</TR>\n";
-
-$countpass =0;
-$countfail =0;
-
-
-$testnum =0;
-for $profile (@profiles) {
- $testnum ++;
- ($host, $policy, $ciphers, $expcipher, $expkeysize) = @$profile;
-
- $cmd = "./sslstrength $host policy=$policy ciphers=$ciphers";
-
- $starttime = &datestring." ".&timestring;
- print STDERR "$cmd\n";
- open(PIPE, "$cmd|") || die "Cannot start sslstrength\n";
-
- $cipher = "";
- $keysize = "";
- while (<PIPE>) {
- chop;
- if (/^ Cipher: *(.*)/) {
- $cipher = $1;
- }
- if (/^ Secret Key Size: (.*)/) {
- $keysize = $1;
- }
- }
- close(PIPE);
- $endtime = &datestring." ".&timestring;
-
- if (( $? != 0) || ($cipher ne $expcipher) || ($keysize ne $expkeysize)) {
- $countfail ++;
- $passed =0;
- }
- else {
- $countpass ++;
- $passed =1;
- }
-
-print HTML
-"<TR>
-<TD><B>$testnum</B></TD>
-<TD></TD>
-<TD>$cmd</TD>
-<TD>$starttime</TD>
-<TD>$endtime</TD>
-<TD><B>".($passed ? "PASS" : "<FONT COLOR=red>FAIL: return code =
-c=$cipher, ec=$expcipher, s=$keysize, es=$expkeysize.</FONT>")."
-</B></TD>
-</TR>\n";
-
-}
-
-print HTML "</table>\n";
-
-close(HTML);
-
-open (SUM, ">$file.sum") ||die "couldn't open summary file for writing\n";
-
-print SUM <<EOM;
-[Status]
-mut=SSL
-mutversion=1.0
-platform=$platform
-pass=$countpass
-fail=$countfail
-knownFail=0
-malformed=0
-EOM
-
- close(SUM);
-
-
-
-sub timestring
-{
-
- my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time);
- my $string;
-
- $string = sprintf "%2d:%02d:%02d",$hour, $min, $sec;
- return $string;
-}
-
-sub datestring
-{
-
- my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time);
- my $string;
-
- $string = sprintf "%d/%d/%2d",$mon+1, $mday+1, $year;
- return $string;
-}
-
-sub filename
-{
-
- my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time);
- my $string;
-
- $string = sprintf "%04d%02d%02d",$year+1900, $mon+1, $mday;
- return $string;
-}
-
-
-
-
-
-
diff --git a/security/nss/cmd/ssltap/Makefile b/security/nss/cmd/ssltap/Makefile
deleted file mode 100644
index f6d8cc93e..000000000
--- a/security/nss/cmd/ssltap/Makefile
+++ /dev/null
@@ -1,79 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-# Since ssltap doesn't use any of NSS, we'll skip NSS's link libs,
-# and just link with NSPR.
-#
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
--include ../platrules.mk
-
diff --git a/security/nss/cmd/ssltap/config.mk b/security/nss/cmd/ssltap/config.mk
deleted file mode 100644
index 23b15fbd5..000000000
--- a/security/nss/cmd/ssltap/config.mk
+++ /dev/null
@@ -1,52 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Set the LDFLAGS value to encompass all normal link options, all #
-# library names, and all special system linking options #
-#######################################################################
-
-LDFLAGS = \
- $(DYNAMIC_LIB_PATH) \
- $(LDOPTS) \
- $(LIBPLC) \
- $(LIBPR) \
- $(DLLSYSTEM)
-
-#######################################################################
-# Adjust specific variables for all platforms #
-#######################################################################
-
-OS_CFLAGS += -DNSPR20=1
-
-
diff --git a/security/nss/cmd/ssltap/manifest.mn b/security/nss/cmd/ssltap/manifest.mn
deleted file mode 100644
index 0719e6de4..000000000
--- a/security/nss/cmd/ssltap/manifest.mn
+++ /dev/null
@@ -1,53 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-EXPORTS =
-
-CSRCS = ssltap.c \
- $(NULL)
-
-PROGRAM = ssltap
-
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = security seccmd dbm
-
-PACKAGE_FILES = ssltap-manual.html licence.doc ssltap.exe
-
-ARCHIVE_NAME = ssltap
-
diff --git a/security/nss/cmd/ssltap/ssltap-manual.html b/security/nss/cmd/ssltap/ssltap-manual.html
deleted file mode 100644
index 28c9e17ee..000000000
--- a/security/nss/cmd/ssltap/ssltap-manual.html
+++ /dev/null
@@ -1,199 +0,0 @@
-<HTML>
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-<HEAD>
- <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
- <META NAME="GENERATOR" CONTENT="Mozilla/4.05 [en] (WinNT; U) [Netscape]">
- <META NAME="Author" CONTENT="Steve Parkinson">
- <TITLE>SSLTap - manual</TITLE>
-</HEAD>
-<BODY>
-
-<H1>
-SSLTap Manual page</H1>
-
-<H3>
-Summary</H3>
-A command-line proxy which is SSL-aware. It snoops on TCP connections,
-and displays the data going by, including SSL records and handshaking&nbsp;
-if the connection is SSL.
-<H3>
-Synopsis</H3>
-<TT>ssltap [-vhfsxl] [-p port] hostname:port</TT>
-
-<P><TT>&nbsp;&nbsp; -v&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [prints version string]</TT>
-<BR><TT>&nbsp;&nbsp; -h&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [outputs hex instead
-of ASCII]</TT>
-<BR><TT>&nbsp;&nbsp; -f&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [turn on Fancy HTML
-coloring]</TT>
-<BR><TT>&nbsp;&nbsp; -s&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [turn on SSL decoding]</TT>
-<BR><TT>&nbsp;&nbsp; -x&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [turn on extra SSL
-hex dumps]</TT>
-<BR><TT>&nbsp;&nbsp; -p port [specify rendezvous port (default 1924)]</TT>
-<BR><TT>&nbsp;&nbsp; -l&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [loop - continue
-to wait for more connections]</TT>
-<H3>
-Description</H3>
-SSLTap opens a socket on a rendezvous port, and waits for an incoming connection
-(client side). Once this connection arrives, SSLTap makes another connection
-to hostname:port (server side). It passes any data sent by the client to
-the server, and vice versa. However, SSLTap will also display the data
-to the console. It can do this for plain HTTP connections, or any TCP protocol.
-However, SSLTap can also work with SSL streams, as detailed below.
-
-<P>Let's assume your development machine is called 'intercept'. The simplest
-usage of SSLTap is to run the command <TT>'ssltap www.netscape.com:80'</TT>
-on intercept. The program will wait for an incoming connection on port
-1924. Next you would want to go to your browser, and enter the URL http://intercept:1924.
-The page retrieved by the browser will actually be gotten from the server
-at www.netscape.com, but will go via SSLTap.
-
-<P>Data sent from the client to the server is surrounded by a '--> [ ]'
-symbol, and data sent from the server to the client, a '&lt;---[&nbsp;
-]' symbol.
-
-<P>You'll notice that the page retrieved with this example looks incomplete.
-This is because SSLTap by default closes down after the first connection
-is complete, so the browser is not able to load images. To make the SSLTap
-continue to accept connections, switch on looping mode with the -l option.
-
-<P>You can change the default rendezvous port to something else with the
--p option.
-
-<P>The remaining options change the way the output is produced.
-
-<P>The -f option prints 'fancy' output - in colored HTML. Data sent from
-the client to the server is in blue. The server's reply is in red. This
-is designed so you can load the output up into a browser. When used with
-looping mode, the different connections are separated with horizontal lines.
-
-<P>-x will turn on HEX printing. Instead of being output as ascii, the
-data is shown as Hex, like this:
-<UL><TT>&lt;-- [</TT>
-<BR><TT>&nbsp;&nbsp; 0: 56 d5 16 3e&nbsp; a1 6b b1 4a&nbsp; 8f 67 c4 d7&nbsp;
-21 2f 6f dd&nbsp; | V..>.k.J.g..!/o.</TT>
-<BR><TT>&nbsp; 10: bb 22 c4 75&nbsp; 8c f4 ce 28&nbsp; 16 a6 20 aa&nbsp;
-fb 9a 59 a1&nbsp; | .".u...(.. ...Y.</TT>
-<BR><TT>&nbsp; 20: 51 91 14 d2&nbsp; fc 9f a7 ea&nbsp; 4d 9c f7 3a&nbsp;
-9d 83 62 4a&nbsp; | Q.......M..:..bJ</TT>
-<BR><TT>]</TT>
-<BR>&nbsp;</UL>
-
-<H4>
-SSL Parse mode</H4>
-The following options deal with SSL connections.
-<UL>-s will turn on SSL parsing. (SSLTap doesn't automatically detect SSL
-sessions.)
-<BR>-x will turn on extra SSL hexdumps. Mostly, if SSL can decode the data,
-it doesn't display the hex.</UL>
-The following SSL3 Data structures are parsed: Handshake, ClientHello,
-ServerHello, CertificateChain, Certificate. In addition, SSL2 ClientHello,
-ServerHello, ClientMasterKey are also partly parsed. NO DECRYPTION IS PERFORMED
-ON THE DATA. SSLTAP CANNOT DECRYPT the data.
-
-<P>If a certificate chain is detected, DER-encoded certificates will be
-saved into files in the current directory called 'cert.0x' where x is the
-sequence number of the certificate.
-<BR>&nbsp;
-<H3>
-Operation Hints</H3>
-Often, you'll find that the server certificate does not get transferred,
-or other parts of the handshake do not happen. This is because the browser
-is taking advantage of session-id-reuse (using the handshake results from
-a previous session). If you restart the browser, it'll clear the session
-id cache.
-
-<P>If you run the ssltap on a different machine that the ssl server you're
-trying to connect to, the browser will complain that the host name you're
-trying to connect to is different to the certificate, but it will still
-let you connect, after showing you a dialog.
-<H3>
-Bugs</H3>
-Please contact <A HREF="mailto:ssltap-support@netscape.com">ssltap-support@netscape.com</A>
-for bug reports.
-<H3>
-History</H3>
-2.1 - First public release (March 1998)
-<BR>&nbsp;
-<H3>
-Other</H3>
-For reference, here is a table of some well-known port numbers:
-<BR>&nbsp;
-<TABLE BORDER=2 >
-<TR>
-<TD>HTTP</TD>
-
-<TD>80</TD>
-</TR>
-
-<TR>
-<TD>SMTP</TD>
-
-<TD>25</TD>
-</TR>
-
-<TR>
-<TD>HTTPS</TD>
-
-<TD>443</TD>
-</TR>
-
-<TR>
-<TD>FTP</TD>
-
-<TD>21</TD>
-</TR>
-
-<TR>
-<TD>IMAPS</TD>
-
-<TD>993</TD>
-</TR>
-
-<TR>
-<TD>NNTP</TD>
-
-<TD>119</TD>
-</TR>
-
-<TR>
-<TD>NNTPS</TD>
-
-<TD>563</TD>
-</TR>
-</TABLE>
-&nbsp;
-
-<P>&nbsp;
-</BODY>
-</HTML>
diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c
deleted file mode 100644
index 70c77ce31..000000000
--- a/security/nss/cmd/ssltap/ssltap.c
+++ /dev/null
@@ -1,1339 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * ssltap.c
- *
- * Version 1.0 : Frederick Roeber : 11 June 1997
- * Version 2.0 : Steve Parkinson : 13 November 1997
- * Version 3.0 : Nelson Bolyard : 22 July 1998
- * Version 3.1 : Nelson Bolyard : 24 May 1999
- *
- * changes in version 2.0:
- * Uses NSPR20
- * Shows structure of SSL negotiation, if enabled.
- *
- * This "proxies" a socket connection (like a socks tunnel), but displays the
- * data is it flies by.
- *
- * In the code, the 'client' socket is the one on the client side of the
- * proxy, and the server socket is on the server side.
- *
- */
-
-#include "nspr.h"
-#include "plstr.h"
-#include "secutil.h"
-#include <memory.h> /* for memcpy, etc. */
-#include <string.h>
-#include <time.h>
-
-#include "plgetopt.h"
-
-#define VERSIONSTRING "$Revision$ ($Date$) $Author$"
-
-
-struct _DataBufferList;
-struct _DataBuffer;
-
-typedef struct _DataBufferList {
- struct _DataBuffer *first,*last;
- int size;
- int isEncrypted;
-} DataBufferList;
-
-typedef struct _DataBuffer {
- unsigned char *buffer;
- int length;
- int offset; /* offset of first good byte */
- struct _DataBuffer *next;
-} DataBuffer;
-
-
-DataBufferList
- clientstream = {NULL, NULL, 0, 0},
- serverstream = {NULL, NULL, 0, 0};
-
-struct sslhandshake {
- PRUint8 type;
- PRUint32 length;
-};
-
-typedef struct _SSLRecord {
- PRUint8 type;
- PRUint8 ver_maj,ver_min;
-
- PRUint8 length[2];
-} SSLRecord;
-
-typedef struct _ClientHelloV2 {
- PRUint8 length[2];
- PRUint8 type;
- PRUint8 version[2];
- PRUint8 cslength[2];
- PRUint8 sidlength[2];
- PRUint8 rndlength[2];
- PRUint8 csuites[1];
-} ClientHelloV2;
-
-typedef struct _ServerHelloV2 {
- PRUint8 length[2];
- PRUint8 type;
- PRUint8 sidhit;
- PRUint8 certtype;
- PRUint8 version[2];
- PRUint8 certlength[2];
- PRUint8 cslength[2];
- PRUint8 cidlength[2];
-} ServerHelloV2;
-
-typedef struct _ClientMasterKeyV2 {
- PRUint8 length[2];
- PRUint8 type;
-
- PRUint8 cipherkind[3];
- PRUint8 clearkey[2];
- PRUint8 secretkey[2];
-
-} ClientMasterKeyV2;
-
-
-
-#define TAPBUFSIZ 16384
-
-#define DEFPORT 1924
-#include <ctype.h>
-
-int hexparse=0;
-int sslparse=0;
-int sslhexparse=0;
-int looparound=0;
-int fancy=0;
-int isV2Session=0;
-
-#define GET_SHORT(x) ((PRUint16)(((PRUint16)((PRUint8*)x)[0]) << 8) + ((PRUint16)((PRUint8*)x)[1]))
-#define GET_24(x) ((PRUint32) ( \
- (((PRUint32)((PRUint8*)x)[0]) << 16) \
- + \
- (((PRUint32)((PRUint8*)x)[1]) << 8) \
- + \
- (((PRUint32)((PRUint8*)x)[2]) << 0) \
- ) )
-
-void print_hex(int amt, unsigned char *buf);
-void read_stream_bytes(unsigned char *d, DataBufferList *db, int length);
-
-void myhalt(int dblsize,int collectedsize) {
-
- while(1) ;
-
-}
-
-const char *get_error_text(int error) {
- switch (error) {
- case PR_IO_TIMEOUT_ERROR:
- return "Timeout";
- break;
- case PR_CONNECT_REFUSED_ERROR:
- return "Connection refused";
- break;
- case PR_NETWORK_UNREACHABLE_ERROR:
- return "Network unreachable";
- break;
- case PR_BAD_ADDRESS_ERROR:
- return "Bad address";
- break;
- case PR_CONNECT_RESET_ERROR:
- return "Connection reset";
- break;
- case PR_PIPE_ERROR:
- return "Pipe error";
- break;
- }
-
- return "";
-}
-
-
-
-
-
-void check_integrity(DataBufferList *dbl) {
- DataBuffer *db;
- int i;
-
- db = dbl->first;
- i =0;
- while (db) {
- i+= db->length - db->offset;
- db = db->next;
- }
- if (i != dbl->size) {
- myhalt(dbl->size,i);
- }
-}
-
-/* Free's the DataBuffer at the head of the list and returns the pointer
- * to the new head of the list.
- */
-DataBuffer *
-free_head(DataBufferList *dbl)
-{
- DataBuffer *db = dbl->first;
- PR_ASSERT(db->offset >= db->length);
- if (db->offset >= db->length) {
- dbl->first = db->next;
- if (dbl->first == NULL) {
- dbl->last = NULL;
- }
- PR_Free(db->buffer);
- PR_Free(db);
- db = dbl->first;
- }
- return db;
-}
-
-void
-read_stream_bytes(unsigned char *d, DataBufferList *dbl, int length) {
- int copied = 0;
- DataBuffer *db = dbl->first;
-
- if (!db) {
- PR_fprintf(PR_STDERR,"assert failed - dbl->first is null\n");
- exit(8);
- }
- while (length) {
- int toCopy;
- /* find the number of bytes to copy from the head buffer */
- /* if there's too many in this buffer, then only copy 'length' */
- toCopy = PR_MIN(db->length - db->offset, length);
-
- memcpy(d + copied, db->buffer + db->offset, toCopy);
- copied += toCopy;
- db->offset += toCopy;
- length -= toCopy;
- dbl->size -= toCopy;
-
- /* if we emptied the head buffer */
- if (db->offset >= db->length) {
- db = free_head(dbl);
- }
- }
-
- check_integrity(dbl);
-
-}
-
-void
-flush_stream(DataBufferList *dbl)
-{
- DataBuffer *db = dbl->first;
- check_integrity(dbl);
- while (db) {
- db->offset = db->length;
- db = free_head(dbl);
- }
- dbl->size = 0;
- check_integrity(dbl);
-}
-
-
-const char * V2CipherString(int cs_int) {
- char *cs_str;
- cs_str = NULL;
- switch (cs_int) {
-
- case 0x010080: cs_str = "SSL2/RSA/RC4-128/MD5"; break;
- case 0x020080: cs_str = "SSL2/RSA/RC4-40/MD5"; break;
- case 0x030080: cs_str = "SSL2/RSA/RC2CBC128/MD5"; break;
- case 0x040080: cs_str = "SSL2/RSA/RC2CBC40/MD5"; break;
- case 0x050080: cs_str = "SSL2/RSA/IDEA128CBC/MD5"; break;
- case 0x060040: cs_str = "SSL2/RSA/DES56-CBC/MD5"; break;
- case 0x0700C0: cs_str = "SSL2/RSA/3DES192EDE-CBC/MD5"; break;
-
- case 0x000001: cs_str = "SSL3/RSA/NULL/MD5"; break;
- case 0x000002: cs_str = "SSL3/RSA/NULL/SHA"; break;
- case 0x000003: cs_str = "SSL3/RSA/RC4-40/MD5"; break;
- case 0x000004: cs_str = "SSL3/RSA/RC4-128/MD5"; break;
- case 0x000005: cs_str = "SSL3/RSA/RC4-128/SHA"; break;
- case 0x000006: cs_str = "SSL3/RSA/RC2CBC40/MD5"; break;
- case 0x000007: cs_str = "SSL3/RSA/IDEA128CBC/SHA"; break;
- case 0x000008: cs_str = "SSL3/RSA/DES40-CBC/SHA"; break;
- case 0x000009: cs_str = "SSL3/RSA/DES56-CBC/SHA"; break;
- case 0x00000A: cs_str = "SSL3/RSA/3DES192EDE-CBC/SHA"; break;
-
- case 0x00000B: cs_str = "SSL3/DH-DSS/DES40-CBC/SHA"; break;
- case 0x00000C: cs_str = "SSL3/DH_DSS/DES56-CBC/SHA"; break;
- case 0x00000D: cs_str = "SSL3/DH-DSS/DES192EDE3CBC/SHA"; break;
- case 0x00000E: cs_str = "SSL3/DH-RSA/DES40-CBC/SHA"; break;
- case 0x00000F: cs_str = "SSL3/DH_RSA/DES56-CBC/SHA"; break;
- case 0x000010: cs_str = "SSL3/DH-RSA/3DES192EDE-CBC/SHA"; break;
-
- case 0x000011: cs_str = "SSL3/DHE-DSS/DES40-CBC/SHA"; break;
- case 0x000012: cs_str = "SSL3/DHE_DSS/DES56-CBC/SHA"; break;
- case 0x000013: cs_str = "SSL3/DHE-DSS/DES192EDE3CBC/SHA"; break;
- case 0x000014: cs_str = "SSL3/DHE-RSA/DES40-CBC/SHA"; break;
- case 0x000015: cs_str = "SSL3/DHE_RSA/DES56-CBC/SHA"; break;
- case 0x000016: cs_str = "SSL3/DHE-RSA/3DES192EDE-CBC/SHA"; break;
-
- case 0x000017: cs_str = "SSL3/DH-anon/RC4-40/MD5"; break;
- case 0x000018: cs_str = "SSL3/DH-anon/RC4-128/MD5"; break;
- case 0x000019: cs_str = "SSL3/DH-anon/DES40-CBC/SHA"; break;
- case 0x00001A: cs_str = "SSL3/DH-anon/DES56-CBC/SHA"; break;
- case 0x00001B: cs_str = "SSL3/DH-anon/3DES192EDE-CBC/SHA"; break;
-
- case 0x00001C: cs_str = "SSL3/FORTEZZA-DMS/NULL/SHA"; break;
- case 0x00001D: cs_str = "SSL3/FORTEZZA-DMS/FORTEZZA-CBC/SHA"; break;
- case 0x00001E: cs_str = "SSL3/FORTEZZA-DMS/RC4-128/SHA"; break;
-
- case 0x000062: cs_str = "TLS/RSA_EXPORT1024/DES56_CBC/SHA"; break;
- case 0x000064: cs_str = "TLS/RSA_EXPORT1024/RC4-56/SHA"; break;
- case 0x000063: cs_str = "TLS/DHE-DSS_EXPORT1024/DES56-CBC/SHA"; break;
- case 0x000065: cs_str = "TLS/DHE-DSS_EXPORT1024/RC4-56/SHA"; break;
- case 0x000066: cs_str = "TLS/DHE-DSS/RC4-128/SHA"; break;
-
- case 0x00ffe1: cs_str = "SSL3/RSA-FIPS/DES56-CBC/SHA"; break;
- case 0x00ffe0: cs_str = "SSL3/RSA-FIPS/3DES192EDE-CBC/SHA"; break;
-
- default: cs_str = "????/????????/?????????/???"; break;
- }
-
- return cs_str;
-}
-
-void partial_packet(int thispacket, int size, int needed)
-{
- PR_fprintf(PR_STDOUT,"(%u bytes", thispacket);
- if (thispacket < needed) {
- PR_fprintf(PR_STDOUT,", making %u", size);
- }
- PR_fprintf(PR_STDOUT," of %u", needed);
- if (size > needed) {
- PR_fprintf(PR_STDOUT,", with %u left over", size - needed);
- }
- PR_fprintf(PR_STDOUT,")\n");
-}
-
-char * get_time_string(void)
-{
- struct tm *tm;
- char *cp;
- char *eol;
- time_t tt;
-
- time(&tt);
-#if 0
- tm = localtime(&tt);
- cp = asctime(tm);
-#else
- cp = ctime(&tt);
-#endif
- eol = strchr(cp, '\n');
- if (eol)
- *eol = 0;
- return cp;
-}
-
-void print_sslv2(DataBufferList *s, unsigned char *tbuf, unsigned int alloclen)
-{
- ClientHelloV2 *chv2;
- ServerHelloV2 *shv2;
- unsigned char *pos;
- unsigned int p;
- unsigned int q;
- PRUint32 len;
-
- chv2 = (ClientHelloV2 *)tbuf;
- shv2 = (ServerHelloV2 *)tbuf;
- if (s->isEncrypted) {
- PR_fprintf(PR_STDOUT," [ssl2] Encrypted {...}\n");
- return;
- }
- PR_fprintf(PR_STDOUT," [%s]", get_time_string() );
- switch(chv2->type) {
- case 1:
- PR_fprintf(PR_STDOUT," [ssl2] ClientHelloV2 {\n");
- PR_fprintf(PR_STDOUT," version = {0x%02x, 0x%02x}\n",
- (PRUint32)chv2->version[0],(PRUint32)chv2->version[1]);
- PR_fprintf(PR_STDOUT," cipher-specs-length = %d (0x%02x)\n",
- (PRUint32)(GET_SHORT((chv2->cslength))),
- (PRUint32)(GET_SHORT((chv2->cslength))));
- PR_fprintf(PR_STDOUT," sid-length = %d (0x%02x)\n",
- (PRUint32)(GET_SHORT((chv2->sidlength))),
- (PRUint32)(GET_SHORT((chv2->sidlength))));
- PR_fprintf(PR_STDOUT," challenge-length = %d (0x%02x)\n",
- (PRUint32)(GET_SHORT((chv2->rndlength))),
- (PRUint32)(GET_SHORT((chv2->rndlength))));
- PR_fprintf(PR_STDOUT," cipher-suites = { \n");
- for (p=0;p<GET_SHORT((chv2->cslength));p+=3) {
- const char *cs_str=NULL;
- PRUint32 cs_int=0;
- cs_int = GET_24((&chv2->csuites[p]));
- cs_str = V2CipherString(cs_int);
-
- PR_fprintf(PR_STDOUT," (0x%06x) %s\n",
- cs_int, cs_str);
- }
- q = p;
- PR_fprintf(PR_STDOUT," }\n");
- if (chv2->sidlength) {
- PR_fprintf(PR_STDOUT," session-id = { ");
- for (p=0;p<GET_SHORT((chv2->sidlength));p+=2) {
- PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q]))));
- }
- }
- q += p;
- PR_fprintf(PR_STDOUT,"}\n");
- if (chv2->rndlength) {
- PR_fprintf(PR_STDOUT," challenge = { ");
- for (p=0;p<GET_SHORT((chv2->rndlength));p+=2) {
- PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q]))));
- }
- PR_fprintf(PR_STDOUT,"}\n");
- }
- PR_fprintf(PR_STDOUT,"}\n");
- break;
- /* end of V2 CLientHello Parsing */
-
- case 2: /* Client Master Key */
- {
- const char *cs_str=NULL;
- PRUint32 cs_int=0;
- ClientMasterKeyV2 *cmkv2;
- cmkv2 = (ClientMasterKeyV2 *)chv2;
- isV2Session = 1;
-
- PR_fprintf(PR_STDOUT," [ssl2] ClientMasterKeyV2 { \n");
-
- cs_int = GET_24(&cmkv2->cipherkind[0]);
- cs_str = V2CipherString(cs_int);
- PR_fprintf(PR_STDOUT," cipher-spec-chosen = (0x%06x) %s\n",
- cs_int, cs_str);
-
- PR_fprintf(PR_STDOUT," clear-portion = %d bits\n",
- 8*(PRUint32)(GET_SHORT((cmkv2->clearkey))));
-
- PR_fprintf(PR_STDOUT," }\n");
- clientstream.isEncrypted = 1;
- serverstream.isEncrypted = 1;
- }
- break;
-
-
- case 3:
- PR_fprintf(PR_STDOUT," [ssl2] Client Finished V2 {...}\n");
- isV2Session = 1;
- break;
-
-
- case 4: /* V2 Server Hello */
- isV2Session = 1;
-
- PR_fprintf(PR_STDOUT," [ssl2] ServerHelloV2 {\n");
- PR_fprintf(PR_STDOUT," sid hit = {0x%02x}\n",
- (PRUintn)shv2->sidhit);
- PR_fprintf(PR_STDOUT," version = {0x%02x, 0x%02x}\n",
- (PRUint32)shv2->version[0],(PRUint32)shv2->version[1]);
- PR_fprintf(PR_STDOUT," cipher-specs-length = %d (0x%02x)\n",
- (PRUint32)(GET_SHORT((shv2->cslength))),
- (PRUint32)(GET_SHORT((shv2->cslength))));
- PR_fprintf(PR_STDOUT," sid-length = %d (0x%02x)\n",
- (PRUint32)(GET_SHORT((shv2->cidlength))),
- (PRUint32)(GET_SHORT((shv2->cidlength))));
-
- pos = (unsigned char *)shv2;
- pos += 2; /* skip length header */
- pos += 11; /* position pointer to Certificate data area */
- q = GET_SHORT(&shv2->certlength);
- if (q >alloclen) {
- goto eosh;
- }
- pos += q; /* skip certificate */
-
- PR_fprintf(PR_STDOUT," cipher-suites = { ");
- len = GET_SHORT((shv2->cslength));
- for (p = 0; p < len; p += 3) {
- const char *cs_str=NULL;
- PRUint32 cs_int=0;
- cs_int = GET_24((pos+p));
- cs_str = V2CipherString(cs_int);
- PR_fprintf(PR_STDOUT,"\n ");
- PR_fprintf(PR_STDOUT,"(0x%06x) %s", cs_int, cs_str);
- }
- pos += len;
- PR_fprintf(PR_STDOUT," }\n"); /* End of cipher suites */
- len = (PRUint32)GET_SHORT((shv2->cidlength));
- if (len) {
- PR_fprintf(PR_STDOUT," connection-id = { ");
- for (p = 0; p < len; p += 2) {
- PR_fprintf(PR_STDOUT,"0x%04x ", (PRUint32)(GET_SHORT((pos + p))));
- }
- PR_fprintf(PR_STDOUT," }\n"); /* End of connection id */
- }
-eosh:
- PR_fprintf(PR_STDOUT,"\n }\n"); /* end of ServerHelloV2 */
- if (shv2->sidhit) {
- clientstream.isEncrypted = 1;
- serverstream.isEncrypted = 1;
- }
- break;
-
- case 5:
- PR_fprintf(PR_STDOUT," [ssl2] Server Verify V2 {...}\n");
- isV2Session = 1;
- break;
-
- case 6:
- PR_fprintf(PR_STDOUT," [ssl2] Server Finished V2 {...}\n");
- isV2Session = 1;
- break;
-
- case 7:
- PR_fprintf(PR_STDOUT," [ssl2] Request Certificate V2 {...}\n");
- isV2Session = 1;
- break;
-
- case 8:
- PR_fprintf(PR_STDOUT," [ssl2] Client Certificate V2 {...}\n");
- isV2Session = 1;
- break;
-
- default:
- PR_fprintf(PR_STDOUT," [ssl2] UnknownType 0x%02x {...}\n",
- (PRUint32)chv2->type);
- break;
- }
-}
-
-
-
-
-
-
-void print_ssl3_handshake(unsigned char *tbuf,
- unsigned int alloclen,
- SSLRecord * sr)
-{
- struct sslhandshake sslh;
- unsigned char * hsdata;
- int offset=0;
-
- PR_fprintf(PR_STDOUT," handshake {\n");
-
- while (offset < alloclen) {
- sslh.type = tbuf[offset];
- sslh.length = GET_24(tbuf+offset+1);
- hsdata= &tbuf[offset+4];
-
- if (sslhexparse) print_hex(4,tbuf+offset);
-
- PR_fprintf(PR_STDOUT," type = %d (",sslh.type);
- switch(sslh.type) {
- case 0: PR_fprintf(PR_STDOUT,"hello_request)\n"); break;
- case 1: PR_fprintf(PR_STDOUT,"client_hello)\n"); break;
- case 2: PR_fprintf(PR_STDOUT,"server_hello)\n"); break;
- case 11: PR_fprintf(PR_STDOUT,"certificate)\n"); break;
- case 12: PR_fprintf(PR_STDOUT,"server_key_exchange)\n"); break;
- case 13: PR_fprintf(PR_STDOUT,"certificate_request)\n"); break;
- case 14: PR_fprintf(PR_STDOUT,"server_hello_done)\n"); break;
- case 15: PR_fprintf(PR_STDOUT,"certificate_verify)\n"); break;
- case 16: PR_fprintf(PR_STDOUT,"client_key_exchange)\n"); break;
- case 20: PR_fprintf(PR_STDOUT,"finished)\n"); break;
- default: PR_fprintf(PR_STDOUT,"unknown)\n");
- }
-
- PR_fprintf(PR_STDOUT," length = %d (0x%06x)\n",sslh.length,sslh.length);
- switch (sslh.type) {
-
- case 1: /* client hello */
- switch (sr->ver_maj) {
- case 2: /* ssl version 2 */
- PR_fprintf(PR_STDOUT," ClientHelloV2 {...}\n");
- break;
- case 3: /* ssl version 3 */
- {
- int sidlength,pos,csuitelength,w;
- PR_fprintf(PR_STDOUT," ClientHelloV3 {\n");
- PR_fprintf(PR_STDOUT," client_version = {%d, %d}\n",
- (PRUint8)hsdata[0],(PRUint8)hsdata[1]);
- PR_fprintf(PR_STDOUT," random = {...}\n");
- if (sslhexparse) print_hex(32,&hsdata[2]);
- PR_fprintf(PR_STDOUT," session ID = {\n");
- sidlength = (int)hsdata[2+32];
- PR_fprintf(PR_STDOUT," length = %d\n",sidlength);
- PR_fprintf(PR_STDOUT," contents = {..}\n");
- if (sslhexparse) print_hex(sidlength,&hsdata[2+32+1]);
- PR_fprintf(PR_STDOUT," }\n");
- pos = 2+32+1+sidlength;
- csuitelength = GET_SHORT((hsdata+pos));
- PR_fprintf(PR_STDOUT," cipher_suites[%d] = { \n",
- csuitelength/2);
- if (csuitelength%1) {
- PR_fprintf(PR_STDOUT,
- "*error in protocol - csuitelength shouldn't be odd*\n");
- }
-
- for (w=0; w<csuitelength; w+=2) {
- const char *cs_str=NULL;
- PRUint32 cs_int=0;
- cs_int = GET_SHORT((hsdata+pos+2+w));
- cs_str = V2CipherString(cs_int);
-
- PR_fprintf(PR_STDOUT,
- " (0x%04x) %s\n", cs_int, cs_str);
- }
-
- /* for (w=0;w<csuitelength;w+=2) {
- PR_fprintf(PR_STDOUT,"0x%04x ",GET_SHORT((hsdata+pos+2+w)));
- } */
-
- PR_fprintf(PR_STDOUT,"\n }\n");
- PR_fprintf(PR_STDOUT," }\n");
-
-
-
- } /* end of ssl version 3 */
- break;
- default:
- PR_fprintf(PR_STDOUT," ClientHelloUndefinedVersion{}\n");
- } /* end of switch sr->ver_maj */
- break;
-
- case 2: /* server hello */
- {
- int sidlength, pos;
- const char *cs_str=NULL;
- PRUint32 cs_int=0;
- PR_fprintf(PR_STDOUT," ServerHello {\n");
- PR_fprintf(PR_STDOUT," server_version = {%d, %d}\n",
- (PRUint8)hsdata[0],(PRUint8)hsdata[1]);
- PR_fprintf(PR_STDOUT," random = {...}\n");
- if (sslhexparse) print_hex(32,&hsdata[2]);
- PR_fprintf(PR_STDOUT," session ID = {\n");
- sidlength = (int)hsdata[2+32];
- PR_fprintf(PR_STDOUT," length = %d\n",sidlength);
- PR_fprintf(PR_STDOUT," contents = {..}\n");
- if (sslhexparse) print_hex(sidlength,&hsdata[2+32+1]);
- PR_fprintf(PR_STDOUT," }\n");
- pos = 2+32+1+sidlength;
- cs_int = GET_SHORT((hsdata+pos));
- cs_str = V2CipherString(cs_int);
- PR_fprintf(PR_STDOUT," cipher_suite = (0x%04x) %s\n",
- cs_int, cs_str);
- PR_fprintf(PR_STDOUT," }\n");
- }
- break;
-
-
-
- case 11: /* certificate */
- {
- PRFileDesc *cfd;
- int pos;
- int certslength;
- int certlength;
- int certbytesread = 0;
- static int certFileNumber;
- char certFileName[20];
-
- PR_fprintf(PR_STDOUT," CertificateChain {\n");
- certslength = GET_24(hsdata);
- PR_fprintf(PR_STDOUT," chainlength = %d (0x%04x)\n",
- certslength,certslength);
- pos = 3;
- while (certbytesread < certslength) {
- certlength = GET_24((hsdata+pos));
- pos += 3;
- PR_fprintf(PR_STDOUT," Certificate {\n");
- PR_fprintf(PR_STDOUT," size = %d (0x%04x)\n",
- certlength,certlength);
-
- PR_snprintf(certFileName, sizeof certFileName, "cert.%03d",
- ++certFileNumber);
- cfd = PR_Open(certFileName, PR_WRONLY|PR_CREATE_FILE, 0664);
- if (!cfd) {
- PR_fprintf(PR_STDOUT,
- " data = { couldn't save file '%s' }\n",
- certFileName);
- } else {
- PR_Write(cfd, (hsdata+pos), certlength);
- PR_fprintf(PR_STDOUT,
- " data = { saved in file '%s' }\n",
- certFileName);
- PR_Close(cfd);
- }
-
- PR_fprintf(PR_STDOUT," }\n");
- pos += certlength;
- certbytesread += certlength+3;
- }
- PR_fprintf(PR_STDOUT," }\n");
- }
- break;
-
- case 13: /* certificate request */
- if (sslhexparse) {
- PR_fprintf(PR_STDOUT," CertificateRequest {\n");
- print_hex(sslh.length, hsdata);
- PR_fprintf(PR_STDOUT," }\n");
- }
- break;
-
- case 16: /* client key exchange */
- {
- PR_fprintf(PR_STDOUT," ClientKeyExchange {\n");
- PR_fprintf(PR_STDOUT," message = {...}\n");
- PR_fprintf(PR_STDOUT," }\n");
- }
- break;
-
- } /* end of switch sslh.type */
- offset += sslh.length + 4; /* +4 because of length (3 bytes) and type (1 byte) */
- } /* while */
- PR_fprintf(PR_STDOUT," }\n");
-}
-
-
-void print_ssl(DataBufferList *s, int length, unsigned char *buffer)
-{
- /* -------------------------------------------------------- */
- /* first, create a new buffer object for this piece of data. */
-
- DataBuffer *db;
- int i,l;
-
- if (s->size == 0 && length > 0 && buffer[0] >= 32 && buffer[0] < 128) {
- /* Not an SSL record, treat entire buffer as plaintext */
- PR_Write(PR_STDOUT,buffer,length);
- return;
- }
-
-
- check_integrity(s);
-
- i = 0;
- l = length;
-
- db = PR_NEW(struct _DataBuffer);
-
- db->buffer = (unsigned char*)PR_Malloc(length);
- db->length = length;
- db->offset = 0;
- memcpy(db->buffer, buffer, length);
- db->next = NULL;
-
- /* now, add it to the stream */
-
- if (s->last != NULL) s->last->next = db;
- s->last = db;
- s->size += length;
- if (s->first == NULL) s->first = db;
-
- check_integrity(s);
-
- /*------------------------------------------------------- */
- /* now we look at the stream to see if we have enough data to
- decode */
-
- while (s->size > 0 ) {
- unsigned char *tbuf = NULL;
-
- SSLRecord sr;
- unsigned alloclen;
- unsigned recordsize;
-
- check_integrity(s);
-
- if ( s->first == NULL) {
- PR_fprintf(PR_STDOUT,"ERROR: s->first is null\n");
- exit(9);
- }
-
- /* in the case of an SSL 2 client-hello (which is all ssltap supports) */
- /* will have the high-bit set, whereas an SSL 3 client-hello will not */
- /* SSL2 can also send records that begin with the high bit clear.
- * This code will incorrectly handle them. XXX
- */
- if (isV2Session || s->first->buffer[s->first->offset] & 0x80) {
- /* it's an SSL 2 packet */
- unsigned char lenbuf[3];
-
- /* first, we check if there's enough data for it to be an SSL2-type
- * record. What a pain.*/
- if (s->size < sizeof lenbuf) {
- partial_packet(length, s->size, sizeof lenbuf);
- return;
- }
-
- /* read the first two bytes off the stream. */
- read_stream_bytes(lenbuf, s, sizeof(lenbuf));
- alloclen = ((unsigned int)(lenbuf[0] & 0x7f) << 8) + lenbuf[1] +
- ((lenbuf[0] & 0x80) ? 2 : 3);
- PR_fprintf(PR_STDOUT, "alloclen = %u bytes\n", alloclen);
-
- /* put 'em back on the head of the stream. */
- db = PR_NEW(struct _DataBuffer);
-
- db->length = sizeof lenbuf;
- db->buffer = (unsigned char*) PR_Malloc(db->length);
- db->offset = 0;
- memcpy(db->buffer, lenbuf, sizeof lenbuf);
-
- db->next = s->first;
- s->first = db;
- if (s->last == NULL)
- s->last = db;
- s->size += db->length;
-
- /* if there wasn't enough, go back for more. */
- if (s->size < alloclen) {
- check_integrity(s);
- partial_packet(length, s->size, alloclen);
- return;
- }
- partial_packet(length, s->size, alloclen);
-
- /* read in the whole record. */
- tbuf = PR_Malloc(alloclen);
- read_stream_bytes(tbuf, s, alloclen);
-
- print_sslv2(s, tbuf, alloclen);
- PR_FREEIF(tbuf);
- check_integrity(s);
-
- continue;
- }
-
- /***********************************************************/
- /* It's SSL v3 */
- /***********************************************************/
- check_integrity(s);
-
- if (s->size < sizeof(SSLRecord)) {
- partial_packet(length, s->size, sizeof(SSLRecord));
- return;
- }
-
- read_stream_bytes((unsigned char *)&sr, s, sizeof sr);
-
- /* we have read the stream bytes. Look at the length of
- the ssl record. If we don't have enough data to satisfy this
- request, then put the bytes we just took back at the head
- of the queue */
- recordsize = GET_SHORT(sr.length);
-
- if (recordsize > s->size) {
- db = PR_NEW(struct _DataBuffer);
-
- db->length = sizeof sr;
- db->buffer = (unsigned char*) PR_Malloc(db->length);
- db->offset = 0;
- memcpy(db->buffer, &sr, sizeof sr);
- db->next = s->first;
-
- /* now, add it back on to the head of the stream */
-
- s->first = db;
- if (s->last == NULL)
- s->last = db;
- s->size += db->length;
-
- check_integrity(s);
- partial_packet(length, s->size, recordsize);
- return;
- }
- partial_packet(length, s->size, recordsize);
-
-
- PR_fprintf(PR_STDOUT,"SSLRecord { [%s]\n", get_time_string() );
- if (sslhexparse) {
- print_hex(5,(unsigned char*)&sr);
- }
-
- check_integrity(s);
-
- PR_fprintf(PR_STDOUT," type = %d (",sr.type);
- switch(sr.type) {
- case 20 :
- PR_fprintf(PR_STDOUT,"change_cipher_spec)\n");
- break;
- case 21 :
- PR_fprintf(PR_STDOUT,"alert)\n");
- break;
- case 22 :
- PR_fprintf(PR_STDOUT,"handshake)\n");
- break;
- case 23 :
- PR_fprintf(PR_STDOUT,"application_data)\n");
- break;
- default:
- PR_fprintf(PR_STDOUT,"unknown)\n");
- break;
- }
- PR_fprintf(PR_STDOUT," version = { %d,%d }\n",
- (PRUint32)sr.ver_maj,(PRUint32)sr.ver_min);
- PR_fprintf(PR_STDOUT," length = %d (0x%x)\n",
- (PRUint32)GET_SHORT(sr.length), (PRUint32)GET_SHORT(sr.length));
-
-
- alloclen = recordsize;
- PR_ASSERT(s->size >= alloclen);
- if (s->size >= alloclen) {
- tbuf = (unsigned char*) PR_Malloc(alloclen);
- read_stream_bytes(tbuf, s, alloclen);
-
- if (s->isEncrypted) {
- PR_fprintf(PR_STDOUT," < encrypted >\n");
- } else
-
- switch(sr.type) {
- case 20 : /* change_cipher_spec */
- if (sslhexparse) print_hex(alloclen,tbuf);
- s->isEncrypted = 1; /* mark to say we can only dump hex form now on */
- break;
-
- case 21 : /* alert */
- switch(tbuf[0]) {
- case 1: PR_fprintf(PR_STDOUT, " warning: "); break;
- case 2: PR_fprintf(PR_STDOUT, " fatal: "); break;
- default: PR_fprintf(PR_STDOUT, " unknown level %d: ", tbuf[0]); break;
- }
-
- switch(tbuf[1]) {
- case 0: PR_fprintf(PR_STDOUT, "close notify\n"); break;
- case 10: PR_fprintf(PR_STDOUT, "unexpected message\n"); break;
- case 20: PR_fprintf(PR_STDOUT, "bad record mac\n"); break;
- case 21: PR_fprintf(PR_STDOUT, "decryption failed\n"); break;
- case 22: PR_fprintf(PR_STDOUT, "record overflow\n"); break;
- case 30: PR_fprintf(PR_STDOUT, "decompression failure\n"); break;
- case 40: PR_fprintf(PR_STDOUT, "handshake failure\n"); break;
- case 41: PR_fprintf(PR_STDOUT, "no certificate\n"); break;
- case 42: PR_fprintf(PR_STDOUT, "bad certificate\n"); break;
- case 43: PR_fprintf(PR_STDOUT, "unsupported certificate\n"); break;
- case 44: PR_fprintf(PR_STDOUT, "certificate revoked\n"); break;
- case 45: PR_fprintf(PR_STDOUT, "certificate expired\n"); break;
- case 46: PR_fprintf(PR_STDOUT, "certificate unknown\n"); break;
- case 47: PR_fprintf(PR_STDOUT, "illegal parameter\n"); break;
- case 48: PR_fprintf(PR_STDOUT, "unknown CA\n"); break;
- case 49: PR_fprintf(PR_STDOUT, "access denied\n"); break;
- case 50: PR_fprintf(PR_STDOUT, "decode error\n"); break;
- case 51: PR_fprintf(PR_STDOUT, "decrypt error\n"); break;
- case 60: PR_fprintf(PR_STDOUT, "export restriction\n"); break;
- case 70: PR_fprintf(PR_STDOUT, "protocol version\n"); break;
- case 71: PR_fprintf(PR_STDOUT, "insufficient security\n"); break;
- case 80: PR_fprintf(PR_STDOUT, "internal error\n"); break;
- case 90: PR_fprintf(PR_STDOUT, "user canceled\n"); break;
- case 100: PR_fprintf(PR_STDOUT, "no renegotiation\n"); break;
- default: PR_fprintf(PR_STDOUT, "unknown error %d\n", tbuf[1]); break;
- }
-
- if (sslhexparse) print_hex(alloclen,tbuf);
- break;
-
- case 22 : /* handshake */
- print_ssl3_handshake( tbuf, alloclen, &sr );
- break;
-
- case 23 : /* application data */
- default:
- print_hex(alloclen,tbuf);
- break;
- }
- }
- PR_fprintf(PR_STDOUT,"}\n");
- PR_FREEIF(tbuf);
- check_integrity(s);
- }
-}
-
-void print_hex(int amt, unsigned char *buf) {
- int i,j,k;
- char *string = (char*)PR_Malloc(5000);
- char t[20];
-
-
- for(i=0;i<amt;i++) {
- t[1] =0;
-
- if (i%16 ==0) { /* if we are at the beginning of a line */
- PR_fprintf(PR_STDOUT,"%4x:",i); /* print the line number */
- strcpy(string,"");
- }
-
- if (i%4 == 0) {
- PR_fprintf(PR_STDOUT," ");
- }
-
- t[0] = buf[i];
-
- if (!isprint(t[0])) {
- t[0] = '.';
- }
- if (fancy) {
- switch (t[0]) {
- case '<':
- strcpy(t,"&lt;");
- break;
- case '>':
- strcpy(t,"&gt;");
- break;
- case '&':
- strcpy(t,"&amp;");
- break;
- }
- }
- strcat(string,t);
-
- PR_fprintf(PR_STDOUT,"%02x ",(PRUint8) buf[i]);
-
- /* if we've reached the end of the line - add the string */
- if (i%16 == 15) PR_fprintf(PR_STDOUT," | %s\n",string);
- }
- /* we reached the end of the buffer,*/
- /* do we have buffer left over? */
- j = i%16;
- if (j > 0) {
- for (k=0;k<(16-j);k++) PR_fprintf(PR_STDOUT," ");
- PR_fprintf(PR_STDOUT," |%s\n",string);
- }
- PR_Free(string);
-}
-
-void Usage(void) {
- PR_fprintf(PR_STDERR, "SSLTAP (C) 1997, 1998 Netscape Communications Corporation.\n");
- PR_fprintf(PR_STDERR, "Usage: ssltap [-vhfsxl] [-p port] hostname:port\n");
- PR_fprintf(PR_STDERR, " -v [prints version string]\n");
- PR_fprintf(PR_STDERR, " -h [outputs hex instead of ASCII]\n");
- PR_fprintf(PR_STDERR, " -f [turn on Fancy HTML coloring]\n");
- PR_fprintf(PR_STDERR, " -s [turn on SSL decoding]\n");
- PR_fprintf(PR_STDERR, " -x [turn on extra SSL hex dumps]\n");
- PR_fprintf(PR_STDERR, " -p port [specify rendezvous port (default 1924)]\n");
- PR_fprintf(PR_STDERR, " -l [loop - continue to wait for more connections]\n");
-
-
-}
-
-void
-showErr(const char * msg) {
- PRErrorCode err = PR_GetError();
- const char * errString;
-
- if (err == PR_UNKNOWN_ERROR)
- err = PR_CONNECT_RESET_ERROR; /* bug in NSPR. */
- errString = SECU_Strerror(err);
-
- if (!errString)
- errString = "(no text available)";
- PR_fprintf(PR_STDERR, "Error %d: %s: %s", err, errString, msg);
-}
-
-int main(int argc, char *argv[])
-{
- char *hostname;
- PRUint16 rendport=DEFPORT,port;
- PRHostEnt hp;
- PRStatus r;
- PRNetAddr na_client,na_server,na_rend;
- PRFileDesc *s_server,*s_client,*s_rend; /*rendezvous */
- char netdbbuf[PR_NETDB_BUF_SIZE];
- int c_count=0;
- PLOptState *optstate;
- PLOptStatus status;
-
- optstate = PL_CreateOptState(argc,argv,"fvxhslp:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'f':
- fancy++;
- break;
- case 'h':
- hexparse++;
- break;
- case 'v':
- PR_fprintf(PR_STDOUT,"Version: %s\n",VERSIONSTRING);
- break;
- case 's':
- sslparse++;
- break;
- case 'x':
- sslhexparse++;
- break;
- case 'l':
- looparound++;
- break;
- case 'p':
- rendport = atoi(optstate->value);
- break;
- case '\0':
- hostname = PL_strdup(optstate->value);
- }
- }
- if (status == PL_OPT_BAD)
- Usage();
-
- if (fancy) {
- if (!hexparse && !sslparse) {
- PR_fprintf(PR_STDERR,
-"Note: use of -f without -s or -h not recommended, \n"
-"as the output looks a little strange. It may be useful, however\n");
- }
- }
-
- if(! hostname ) Usage(), exit(2);
-
- {
- char *colon = (char *)strchr(hostname, ':');
- if (!colon) {
- PR_fprintf(PR_STDERR,
- "You must specify the host AND port you wish to connect to\n");
- Usage(), exit(3);
- }
- port = atoi(&colon[1]);
- *colon = '\0';
-
- if (port == 0) {
- PR_fprintf(PR_STDERR, "Port must be a nonzero number.\n");
- exit(4);
- }
- }
-
- /* find the 'server' IP address so we don't have to look it up later */
-
- if (fancy) {
- PR_fprintf(PR_STDOUT,"<HTML><HEAD><TITLE>SSLTAP output</TITLE></HEAD>\n");
- PR_fprintf(PR_STDOUT,"<BODY><PRE>\n");
- }
- PR_fprintf(PR_STDERR,"Looking up \"%s\"...\n", hostname);
- r = PR_GetHostByName(hostname,netdbbuf,PR_NETDB_BUF_SIZE,&hp);
- if (r) {
- showErr("Host Name lookup failed\n");
- exit(5);
- }
-
- PR_EnumerateHostEnt(0,&hp,0,&na_server);
- PR_InitializeNetAddr(PR_IpAddrNull,port,&na_server);
- /* set up the port which the client will connect to */
-
- r = PR_InitializeNetAddr(PR_IpAddrAny,rendport,&na_rend);
- if (r == PR_FAILURE) {
- PR_fprintf(PR_STDERR,
- "PR_InitializeNetAddr(,%d,) failed with error %d\n",PR_GetError());
- exit(0);
- }
-
-
- s_rend = PR_NewTCPSocket();
- if (!s_rend) {
- showErr("Couldn't create socket\n");
- exit(6);
- }
-
- if (PR_Bind(s_rend, &na_rend )) {
- PR_fprintf(PR_STDERR,"Couldn't bind to port %d (error %d)\n",rendport, PR_GetError());
- exit(-1);
- }
-
- if ( PR_Listen(s_rend, 5)) {
- showErr("Couldn't listen\n");
- exit(-1);
- }
-
- PR_fprintf(PR_STDERR,"Proxy socket ready and listening\n");
- do { /* accept one connection and process it. */
- PRPollDesc pds[2];
-
- s_client = PR_Accept(s_rend,&na_client,PR_SecondsToInterval(3600));
- if (s_client == NULL) {
- showErr("accept timed out\n");
- exit(7);
- }
-
- s_server = PR_NewTCPSocket();
- if (s_server == NULL) {
- showErr("couldn't open new socket to connect to server \n");
- exit(8);
- }
-
- r = PR_Connect(s_server,&na_server,PR_SecondsToInterval(5));
-
- if ( r == PR_FAILURE )
- {
- showErr("Couldn't connect\n");
- return -1;
- }
-
- if (looparound) {
- if (fancy) PR_fprintf(PR_STDOUT,"<p><HR><H2>");
- PR_fprintf(PR_STDOUT,"Connection #%d [%s]\n", c_count+1,
- get_time_string());
- if (fancy) PR_fprintf(PR_STDOUT,"</H2>");
- }
-
-
- PR_fprintf(PR_STDOUT,"Connected to %s:%d\n", hostname, port);
-
-#define PD_C 0
-#define PD_S 1
-
- pds[PD_C].fd = s_client;
- pds[PD_S].fd = s_server;
- pds[PD_C].in_flags = PR_POLL_READ;
- pds[PD_S].in_flags = PR_POLL_READ;
-
- /* make sure the new connections don't start out encrypted. */
- clientstream.isEncrypted = 0;
- serverstream.isEncrypted = 0;
- isV2Session = 0;
-
- while( (pds[PD_C].in_flags & PR_POLL_READ) != 0 ||
- (pds[PD_S].in_flags & PR_POLL_READ) != 0 )
- { /* Handle all messages on the connection */
- PRInt32 amt;
- PRInt32 wrote;
- unsigned char buffer[ TAPBUFSIZ ];
-
- amt = PR_Poll(pds,2,PR_INTERVAL_NO_TIMEOUT);
- if (amt <= 0) {
- if (amt)
- showErr( "PR_Poll failed.\n");
- else
- showErr( "PR_Poll timed out.\n");
- break;
- }
-
- if (pds[PD_C].out_flags & PR_POLL_EXCEPT) {
- showErr( "Exception on client-side socket.\n");
- break;
- }
-
- if (pds[PD_S].out_flags & PR_POLL_EXCEPT) {
- showErr( "Exception on server-side socket.\n");
- break;
- }
-
-
-/* read data, copy it to stdout, and write to other socket */
-
- if ((pds[PD_C].in_flags & PR_POLL_READ) != 0 &&
- (pds[PD_C].out_flags & PR_POLL_READ) != 0 ) {
-
- amt = PR_Read(s_client, buffer, sizeof(buffer));
-
- if ( amt < 0) {
- showErr( "Client socket read failed.\n");
- break;
- }
-
- if( amt == 0 ) {
- PR_fprintf(PR_STDOUT, "Read EOF on Client socket. [%s]\n",
- get_time_string() );
- pds[PD_C].in_flags &= ~PR_POLL_READ;
- PR_Shutdown(s_server, PR_SHUTDOWN_SEND);
- continue;
- }
-
- PR_fprintf(PR_STDOUT,"--> [\n");
- if (fancy) PR_fprintf(PR_STDOUT,"<font color=blue>");
-
- if (hexparse) print_hex(amt, buffer);
- if (sslparse) print_ssl(&clientstream,amt,buffer);
- if (!hexparse && !sslparse) PR_Write(PR_STDOUT,buffer,amt);
- if (fancy) PR_fprintf(PR_STDOUT,"</font>");
- PR_fprintf(PR_STDOUT,"]\n");
-
- wrote = PR_Write(s_server, buffer, amt);
- if (wrote != amt ) {
- if (wrote < 0) {
- showErr("Write to server socket failed.\n");
- break;
- } else {
- PR_fprintf(PR_STDERR, "Short write to server socket!\n");
- }
- }
- } /* end of read from client socket. */
-
-/* read data, copy it to stdout, and write to other socket */
- if ((pds[PD_S].in_flags & PR_POLL_READ) != 0 &&
- (pds[PD_S].out_flags & PR_POLL_READ) != 0 ) {
-
- amt = PR_Read(s_server, buffer, sizeof(buffer));
-
- if ( amt < 0) {
- showErr( "error on server-side socket.\n");
- break;
- }
-
- if( amt == 0 ) {
- PR_fprintf(PR_STDOUT, "Read EOF on Server socket. [%s]\n",
- get_time_string() );
- pds[PD_S].in_flags &= ~PR_POLL_READ;
- PR_Shutdown(s_client, PR_SHUTDOWN_SEND);
- continue;
- }
-
- PR_fprintf(PR_STDOUT,"<-- [\n");
- if (fancy) PR_fprintf(PR_STDOUT,"<font color=red>");
- if (hexparse) print_hex(amt, (unsigned char *)buffer);
- if (sslparse) print_ssl(&serverstream,amt,(unsigned char *)buffer);
- if (!hexparse && !sslparse) PR_Write(PR_STDOUT,buffer,amt);
- if (fancy) PR_fprintf(PR_STDOUT,"</font>");
- PR_fprintf(PR_STDOUT,"]\n");
-
-
- wrote = PR_Write(s_client, buffer, amt);
- if (wrote != amt ) {
- if (wrote < 0) {
- showErr("Write to client socket failed.\n");
- break;
- } else {
- PR_fprintf(PR_STDERR, "Short write to client socket!\n");
- }
- }
-
- } /* end of read from server socket. */
-
-/* Loop, handle next message. */
-
- } /* handle messages during a connection loop */
- PR_Close(s_client);
- PR_Close(s_server);
- flush_stream(&clientstream);
- flush_stream(&serverstream);
-
- c_count++;
- PR_fprintf(PR_STDERR,"Connection %d Complete [%s]\n", c_count,
- get_time_string() );
- } while (looparound); /* accept connection and process it. */
- PR_Close(s_rend);
- return 0;
-}
diff --git a/security/nss/cmd/strsclnt/Makefile b/security/nss/cmd/strsclnt/Makefile
deleted file mode 100644
index 4e39ffc3f..000000000
--- a/security/nss/cmd/strsclnt/Makefile
+++ /dev/null
@@ -1,75 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/strsclnt/manifest.mn b/security/nss/cmd/strsclnt/manifest.mn
deleted file mode 100644
index 2333e2c2e..000000000
--- a/security/nss/cmd/strsclnt/manifest.mn
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-DEFINES += -DNSPR20
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-CSRCS = strsclnt.c
-
-# the MODULE above is always implicitly REQUIREd
-REQUIRES = seccmd dbm
-
-PROGRAM = strsclnt
-# PROGRAM = ./$(OBJDIR)/strsclnt.exe
-
diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c
deleted file mode 100644
index 059a0696e..000000000
--- a/security/nss/cmd/strsclnt/strsclnt.c
+++ /dev/null
@@ -1,1108 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include <stdio.h>
-#include <string.h>
-
-#include "secutil.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#endif
-#include <stdlib.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-
-#include "plgetopt.h"
-
-#include "nspr.h"
-#include "prio.h"
-#include "prnetdb.h"
-#include "prerror.h"
-
-#include "pk11func.h"
-#include "secitem.h"
-#include "sslproto.h"
-#include "nss.h"
-#include "ssl.h"
-
-#ifndef PORT_Sprintf
-#define PORT_Sprintf sprintf
-#endif
-
-#ifndef PORT_Strstr
-#define PORT_Strstr strstr
-#endif
-
-#ifndef PORT_Malloc
-#define PORT_Malloc PR_Malloc
-#endif
-
-#define RD_BUF_SIZE (60 * 1024)
-
-int cipherSuites[] = {
- SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
- SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,
- SSL_RSA_WITH_RC4_128_MD5,
- SSL_RSA_WITH_3DES_EDE_CBC_SHA,
- SSL_RSA_WITH_DES_CBC_SHA,
- SSL_RSA_EXPORT_WITH_RC4_40_MD5,
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
- SSL_FORTEZZA_DMS_WITH_NULL_SHA,
- SSL_RSA_WITH_NULL_MD5,
- 0
-};
-
-/* Include these cipher suite arrays to re-use tstclnt's
- * cipher selection code.
- */
-
-int ssl2CipherSuites[] = {
- SSL_EN_RC4_128_WITH_MD5, /* A */
- SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */
- SSL_EN_RC2_128_CBC_WITH_MD5, /* C */
- SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
- SSL_EN_DES_64_CBC_WITH_MD5, /* E */
- SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */
- 0
-};
-
-int ssl3CipherSuites[] = {
- SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
- SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
- SSL_RSA_WITH_RC4_128_MD5, /* c */
- SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
- SSL_RSA_WITH_DES_CBC_SHA, /* e */
- SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
- SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
- SSL_RSA_WITH_NULL_MD5, /* i */
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
- SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
- 0
-};
-
-/* This global string is so that client main can see
- * which ciphers to use.
- */
-
-char *cipherString;
-
-int MakeCertOK;
-
-void
-disableSSL2Ciphers(void)
-{
- int i;
-
- /* disable all the SSL2 cipher suites */
- for (i = 0; ssl2CipherSuites[i] != 0; ++i) {
- SSL_EnableCipher(ssl2CipherSuites[i], SSL_NOT_ALLOWED);
- }
-}
-
-void
-disableSSL3Ciphers(void)
-{
- int i;
-
- /* disable all the SSL3 cipher suites */
- for (i = 0; ssl3CipherSuites[i] != 0; ++i) {
- SSL_EnableCipher(ssl3CipherSuites[i], SSL_NOT_ALLOWED);
- }
-}
-
-char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg)
-{
- char *passwd = NULL;
-
- if ( (!retry) && arg ) {
- passwd = PL_strdup((char *)arg);
- }
-
- return passwd;
-}
-
-int stopping;
-int verbose;
-SECItem bigBuf;
-
-#define PRINTF if (verbose) printf
-#define FPRINTF if (verbose) fprintf
-
-static void
-Usage(const char *progName)
-{
- fprintf(stderr,
- "Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n"
- " [-v] [-f fortezza_nickname] [-2 filename]\n"
- " [-w dbpasswd] [-C cipher(s)] hostname\n",
- progName);
- exit(1);
-}
-
-static void
-networkStart(void)
-{
-#if defined(XP_WIN) && !defined(NSPR20)
-
- WORD wVersionRequested;
- WSADATA wsaData;
- int err;
- wVersionRequested = MAKEWORD(1, 1);
-
- err = WSAStartup(wVersionRequested, &wsaData);
-
- if (err != 0) {
- /* Tell the user that we couldn't find a useable winsock.dll. */
- fputs("WSAStartup failed!\n", stderr);
- exit(1);
- }
-
-/* Confirm that the Windows Sockets DLL supports 1.1.*/
-/* Note that if the DLL supports versions greater */
-/* than 1.1 in addition to 1.1, it will still return */
-/* 1.1 in wVersion since that is the version we */
-/* requested. */
-
- if ( LOBYTE( wsaData.wVersion ) != 1 ||
- HIBYTE( wsaData.wVersion ) != 1 ) {
- /* Tell the user that we couldn't find a useable winsock.dll. */
- fputs("wrong winsock version\n", stderr);
- WSACleanup();
- exit(1);
- }
- /* The Windows Sockets DLL is acceptable. Proceed. */
-
-#endif
-}
-
-static void
-networkEnd(void)
-{
-#if defined(XP_WIN) && !defined(NSPR20)
- WSACleanup();
-#endif
-}
-
-static void
-errWarn(char * funcString)
-{
- PRErrorCode perr = PR_GetError();
- const char * errString = SECU_Strerror(perr);
-
- fprintf(stderr, "exit after %s with error %d:\n%s\n",
- funcString, perr, errString);
-}
-
-static void
-errExit(char * funcString)
-{
-#if defined (XP_WIN) && !defined(NSPR20)
- int err;
- LPVOID lpMsgBuf;
-
- err = WSAGetLastError();
-
- FormatMessage(
- FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
- NULL,
- err,
- MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
- (LPTSTR) &lpMsgBuf,
- 0,
- NULL
- );
-
- /* Display the string. */
- /*MessageBox( NULL, lpMsgBuf, "GetLastError", MB_OK|MB_ICONINFORMATION ); */
- fprintf(stderr, "%s\n", lpMsgBuf);
-
- /* Free the buffer. */
- LocalFree( lpMsgBuf );
-#endif
-
- errWarn(funcString);
- exit(1);
-}
-
-/* This invokes the "default" AuthCert handler in libssl.
-** The only reason to use this one is that it prints out info as it goes.
-*/
-static int
-mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
- PRBool isServer)
-{
- SECStatus rv;
- CERTCertificate * peerCert;
-
- peerCert = SSL_PeerCertificate(fd);
-
- PRINTF("Subject: %s\nIssuer : %s\n",
- peerCert->subjectName, peerCert->issuerName);
- /* invoke the "default" AuthCert handler. */
- rv = SSL_AuthCertificate(arg, fd, checkSig, isServer);
-
- if (rv == SECSuccess) {
- fputs("-- SSL3: Server Certificate Validated.\n", stderr);
- }
- /* error, if any, will be displayed by the Bad Cert Handler. */
- return rv;
-}
-
-static int /* should be SECStatus but public prototype says int. */
-myBadCertHandler( void *arg, PRFileDesc *fd)
-{
- int err = PR_GetError();
- fprintf(stderr, "-- SSL: Server Certificate Invalid, err %d.\n%s\n",
- err, SECU_Strerror(err));
- return (MakeCertOK ? SECSuccess : SECFailure);
-}
-
-/* statistics from ssl3_SendClientHello (sch) */
-extern long ssl3_sch_sid_cache_hits;
-extern long ssl3_sch_sid_cache_misses;
-extern long ssl3_sch_sid_cache_not_ok;
-
-/* statistics from ssl3_HandleServerHello (hsh) */
-extern long ssl3_hsh_sid_cache_hits;
-extern long ssl3_hsh_sid_cache_misses;
-extern long ssl3_hsh_sid_cache_not_ok;
-
-/* statistics from ssl3_HandleClientHello (hch) */
-extern long ssl3_hch_sid_cache_hits;
-extern long ssl3_hch_sid_cache_misses;
-extern long ssl3_hch_sid_cache_not_ok;
-
-void
-printSecurityInfo(PRFileDesc *fd)
-{
- char * cp; /* bulk cipher name */
- char * ip; /* cert issuer DN */
- char * sp; /* cert subject DN */
- int op; /* High, Low, Off */
- int kp0; /* total key bits */
- int kp1; /* secret key bits */
- int result;
-
- static int only_once;
-
- if (! only_once++ && fd) {
- result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
- if (result != SECSuccess)
- return;
-#if 0
- PRINTF("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
- "subject DN: %s\n"
- "issuer DN: %s\n", cp, kp1, kp0, op, sp, ip);
-#else
- PRINTF("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n",
- cp, kp1, kp0, op, sp, ip);
-#endif
- PR_Free(cp);
- PR_Free(ip);
- PR_Free(sp);
- }
-
- PRINTF("%ld cache hits; %ld cache misses, %ld cache not reusable\n",
- ssl3_hsh_sid_cache_hits,
- ssl3_hsh_sid_cache_misses,
- ssl3_hsh_sid_cache_not_ok);
-
-}
-
-/**************************************************************************
-** Begin thread management routines and data.
-**************************************************************************/
-
-#define MAX_THREADS 32
-
-typedef int startFn(void *a, void *b, int c);
-
-PRLock * threadLock;
-PRCondVar * threadStartQ;
-PRCondVar * threadEndQ;
-
-int numUsed;
-int numRunning;
-
-typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState;
-
-typedef struct perThreadStr {
- void * a;
- void * b;
- int c;
- int rv;
- startFn * startFunc;
- PRThread * prThread;
- PRBool inUse;
- runState running;
-} perThread;
-
-perThread threads[MAX_THREADS];
-
-void
-thread_wrapper(void * arg)
-{
- perThread * slot = (perThread *)arg;
-
- /* wait for parent to finish launching us before proceeding. */
- PR_Lock(threadLock);
- PR_Unlock(threadLock);
-
- slot->rv = (* slot->startFunc)(slot->a, slot->b, slot->c);
-
- /* Handle cleanup of thread here. */
- PRINTF("Thread in slot %d returned %d\n", slot - threads, slot->rv);
-
- PR_Lock(threadLock);
- slot->running = rs_idle;
- --numRunning;
-
- /* notify the thread launcher. */
- PR_NotifyCondVar(threadStartQ);
-
- PR_Unlock(threadLock);
-}
-
-SECStatus
-launch_thread(
- startFn * startFunc,
- void * a,
- void * b,
- int c)
-{
- perThread * slot;
- int i;
-
- if (!threadStartQ) {
- threadLock = PR_NewLock();
- threadStartQ = PR_NewCondVar(threadLock);
- threadEndQ = PR_NewCondVar(threadLock);
- }
- PR_Lock(threadLock);
- while (numRunning >= MAX_THREADS) {
- PR_WaitCondVar(threadStartQ, PR_INTERVAL_NO_TIMEOUT);
- }
- for (i = 0; i < numUsed; ++i) {
- slot = threads + i;
- if (slot->running == rs_idle)
- break;
- }
- if (i >= numUsed) {
- if (i >= MAX_THREADS) {
- /* something's really wrong here. */
- PORT_Assert(i < MAX_THREADS);
- PR_Unlock(threadLock);
- return SECFailure;
- }
- ++numUsed;
- PORT_Assert(numUsed == i + 1);
- slot = threads + i;
- }
-
- slot->a = a;
- slot->b = b;
- slot->c = c;
-
- slot->startFunc = startFunc;
-
- slot->prThread = PR_CreateThread(PR_USER_THREAD,
- thread_wrapper, slot,
- PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
- PR_UNJOINABLE_THREAD, 0);
- if (slot->prThread == NULL) {
- PR_Unlock(threadLock);
- printf("Failed to launch thread!\n");
- return SECFailure;
- }
-
- slot->inUse = 1;
- slot->running = 1;
- ++numRunning;
- PR_Unlock(threadLock);
- PRINTF("Launched thread in slot %d \n", i);
-
- return SECSuccess;
-}
-
-/* Wait until num_running == 0 */
-int
-reap_threads(void)
-{
- perThread * slot;
- int i;
-
- if (!threadLock)
- return 0;
- PR_Lock(threadLock);
- while (numRunning > 0) {
- PR_WaitCondVar(threadStartQ, PR_INTERVAL_NO_TIMEOUT);
- }
-
- /* Safety Sam sez: make sure count is right. */
- for (i = 0; i < numUsed; ++i) {
- slot = threads + i;
- if (slot->running != rs_idle) {
- FPRINTF(stderr, "Thread in slot %d is in state %d!\n",
- i, slot->running);
- }
- }
- PR_Unlock(threadLock);
- return 0;
-}
-
-void
-destroy_thread_data(void)
-{
- PORT_Memset(threads, 0, sizeof threads);
-
- if (threadEndQ) {
- PR_DestroyCondVar(threadEndQ);
- threadEndQ = NULL;
- }
- if (threadStartQ) {
- PR_DestroyCondVar(threadStartQ);
- threadStartQ = NULL;
- }
- if (threadLock) {
- PR_DestroyLock(threadLock);
- threadLock = NULL;
- }
-}
-
-/**************************************************************************
-** End thread management routines.
-**************************************************************************/
-
-PRBool useModelSocket = PR_TRUE;
-
-static const char stopCmd[] = { "GET /stop " };
-static const char outHeader[] = {
- "HTTP/1.0 200 OK\r\n"
- "Server: Netscape-Enterprise/2.0a\r\n"
- "Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n"
- "Content-type: text/plain\r\n"
- "\r\n"
-};
-
-struct lockedVarsStr {
- PRLock * lock;
- int count;
- int waiters;
- PRCondVar * condVar;
-};
-
-typedef struct lockedVarsStr lockedVars;
-
-void
-lockedVars_Init( lockedVars * lv)
-{
- lv->count = 0;
- lv->waiters = 0;
- lv->lock = PR_NewLock();
- lv->condVar = PR_NewCondVar(lv->lock);
-}
-
-void
-lockedVars_Destroy( lockedVars * lv)
-{
- PR_DestroyCondVar(lv->condVar);
- lv->condVar = NULL;
-
- PR_DestroyLock(lv->lock);
- lv->lock = NULL;
-}
-
-void
-lockedVars_WaitForDone(lockedVars * lv)
-{
- PR_Lock(lv->lock);
- while (lv->count > 0) {
- PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
- }
- PR_Unlock(lv->lock);
-}
-
-int /* returns count */
-lockedVars_AddToCount(lockedVars * lv, int addend)
-{
- int rv;
-
- PR_Lock(lv->lock);
- rv = lv->count += addend;
- if (rv <= 0) {
- PR_NotifyCondVar(lv->condVar);
- }
- PR_Unlock(lv->lock);
- return rv;
-}
-
-int
-do_writes(
- void * a,
- void * b,
- int c)
-{
- PRFileDesc * ssl_sock = (PRFileDesc *)a;
- lockedVars * lv = (lockedVars *)b;
- int sent = 0;
- int count = 0;
-
- while (sent < bigBuf.len) {
-
- count = PR_Write(ssl_sock, bigBuf.data + sent, bigBuf.len - sent);
- if (count < 0) {
- errWarn("PR_Write bigBuf");
- break;
- }
- FPRINTF(stderr, "PR_Write wrote %d bytes from bigBuf\n", count );
- sent += count;
- }
- if (count >= 0) { /* last write didn't fail. */
- PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND);
- }
-
- /* notify the reader that we're done. */
- lockedVars_AddToCount(lv, -1);
- return (sent < bigBuf.len) ? SECFailure : SECSuccess;
-}
-
-int
-handle_fdx_connection( PRFileDesc * ssl_sock, int connection)
-{
- SECStatus result;
- int firstTime = 1;
- int countRead = 0;
- lockedVars lv;
- char *buf;
-
-
- lockedVars_Init(&lv);
- lockedVars_AddToCount(&lv, 1);
-
- /* Attempt to launch the writer thread. */
- result = launch_thread(do_writes, ssl_sock, &lv, connection);
-
- if (result != SECSuccess)
- goto cleanup;
-
- buf = PR_Malloc(RD_BUF_SIZE);
-
- if (buf) {
- do {
- /* do reads here. */
- PRInt32 count;
-
- count = PR_Read(ssl_sock, buf, RD_BUF_SIZE);
- if (count < 0) {
- errWarn("PR_Read");
- break;
- }
- countRead += count;
- FPRINTF(stderr, "connection %d read %d bytes (%d total).\n",
- connection, count, countRead );
- if (firstTime) {
- firstTime = 0;
- printSecurityInfo(ssl_sock);
- }
- } while (lockedVars_AddToCount(&lv, 0) > 0);
- PR_Free(buf);
- buf = 0;
- }
-
- /* Wait for writer to finish */
- lockedVars_WaitForDone(&lv);
- lockedVars_Destroy(&lv);
-
- FPRINTF(stderr,
- "connection %d read %d bytes total. -----------------------------\n",
- connection, countRead);
-
-cleanup:
- /* Caller closes the socket. */
-
- return SECSuccess;
-}
-
-const char request[] = {"GET /abc HTTP/1.0\r\n\r\n" };
-
-SECStatus
-handle_connection( PRFileDesc *ssl_sock, int connection)
-{
- int countRead = 0;
- PRInt32 rv;
- char *buf;
-
- buf = PR_Malloc(RD_BUF_SIZE);
- if (!buf)
- return SECFailure;
-
- /* compose the http request here. */
-
- rv = PR_Write(ssl_sock, request, strlen(request));
- if (rv <= 0) {
- errWarn("PR_Write");
- PR_Free(buf);
- buf = 0;
- return SECFailure;
- }
- printSecurityInfo(ssl_sock);
-
- /* read until EOF */
- while (1) {
- rv = PR_Read(ssl_sock, buf, RD_BUF_SIZE);
- if (rv == 0) {
- break; /* EOF */
- }
- if (rv < 0) {
- errWarn("PR_Read");
- break;
- }
-
- countRead += rv;
- FPRINTF(stderr, "connection %d read %d bytes (%d total).\n",
- connection, rv, countRead );
- }
- PR_Free(buf);
- buf = 0;
-
- /* Caller closes the socket. */
-
- FPRINTF(stderr,
- "connection %d read %d bytes total. -----------------------------\n",
- connection, countRead);
-
- return SECSuccess; /* success */
-}
-
-/* one copy of this function is launched in a separate thread for each
-** connection to be made.
-*/
-int
-do_connects(
- void * a,
- void * b,
- int connection)
-{
- PRNetAddr * addr = (PRNetAddr *) a;
- PRFileDesc * model_sock = (PRFileDesc *) b;
- PRFileDesc * ssl_sock;
- PRFileDesc * tcp_sock;
- PRStatus prStatus;
- SECStatus result;
- int rv = SECSuccess;
- PRSocketOptionData opt;
-
-retry:
-
- tcp_sock = PR_NewTCPSocket();
- if (tcp_sock == NULL) {
- errExit("PR_NewTCPSocket");
- }
-
- opt.option = PR_SockOpt_Nonblocking;
- opt.value.non_blocking = PR_FALSE;
- prStatus = PR_SetSocketOption(tcp_sock, &opt);
- if (prStatus != PR_SUCCESS) {
- PR_Close(tcp_sock);
- return SECSuccess;
- }
-
- prStatus = PR_Connect(tcp_sock, addr, PR_INTERVAL_NO_TIMEOUT);
- if (prStatus != PR_SUCCESS) {
- PRErrorCode err = PR_GetError();
- if (err == PR_CONNECT_REFUSED_ERROR) {
- PR_Close(tcp_sock);
- PR_Sleep(PR_MillisecondsToInterval(10));
- goto retry;
- }
- errWarn("PR_Connect");
- goto done;
- }
-
- ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
- /* XXX if this import fails, close tcp_sock and return. */
- if (!ssl_sock) {
- PR_Close(tcp_sock);
- return SECSuccess;
- }
-
- rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 0);
- if (rv != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- goto done;
- }
-
- if (bigBuf.data != NULL) {
- result = handle_fdx_connection( ssl_sock, connection);
- } else {
- result = handle_connection( ssl_sock, connection);
- }
-
-done:
- PR_Close(ssl_sock);
- return SECSuccess;
-}
-
-/* Returns IP address for hostname as PRUint32 in Host Byte Order.
-** Since the value returned is an integer (not a string of bytes),
-** it is inherently in Host Byte Order.
-*/
-PRUint32
-getIPAddress(const char * hostName)
-{
- const unsigned char *p;
- PRStatus prStatus;
- PRUint32 rv;
- PRHostEnt prHostEnt;
- char scratch[PR_NETDB_BUF_SIZE];
-
- prStatus = PR_GetHostByName(hostName, scratch, sizeof scratch, &prHostEnt);
- if (prStatus != PR_SUCCESS)
- errExit("PR_GetHostByName");
-
-#undef h_addr
-#define h_addr h_addr_list[0] /* address, for backward compatibility */
-
- p = (const unsigned char *)(prHostEnt.h_addr); /* in Network Byte order */
- FPRINTF(stderr, "%s -> %d.%d.%d.%d\n", hostName, p[0], p[1], p[2], p[3]);
- rv = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
- return rv;
-}
-
-void
-client_main(
- unsigned short port,
- int connections,
- SECKEYPrivateKey ** privKey,
- CERTCertificate ** cert,
- const char * hostName,
- char * nickName)
-{
- PRFileDesc *model_sock = NULL;
- int i;
- int rv;
- SECStatus secStatus;
- PRUint32 ipAddress; /* in host byte order */
- PRNetAddr addr;
-
- networkStart();
-
- /* Assemble NetAddr struct for connections. */
- ipAddress = getIPAddress(hostName);
-
- addr.inet.family = PR_AF_INET;
- addr.inet.port = PR_htons(port);
- addr.inet.ip = PR_htonl(ipAddress);
-
- /* all suites except RSA_NULL_MD5 are enabled by Domestic Policy */
- NSS_SetDomesticPolicy();
-
-/* all the SSL2 and SSL3 cipher suites are enabled by default. */
- if (cipherString) {
- int ndx;
-
- /* disable all the ciphers, then enable the ones we want. */
- disableSSL2Ciphers();
- disableSSL3Ciphers();
-
- while (0 != (ndx = *cipherString++)) {
- int *cptr;
- int cipher;
-
- if (! isalpha(ndx))
- Usage("strsclnt");
- cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
- for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
- /* do nothing */;
- if (cipher) {
- SSL_EnableCipher(cipher, SSL_ALLOWED);
- }
- }
- }
-
- /* configure model SSL socket. */
-
- model_sock = PR_NewTCPSocket();
- if (model_sock == NULL) {
- errExit("PR_NewTCPSocket on model socket");
- }
-
- model_sock = SSL_ImportFD(NULL, model_sock);
- if (model_sock == NULL) {
- errExit("SSL_ImportFD");
- }
-
- /* do SSL configuration. */
-
- rv = SSL_Enable(model_sock, SSL_SECURITY, 1);
- if (rv < 0) {
- errExit("SSL_Enable SSL_SECURITY");
- }
-
- if (bigBuf.data) { /* doing FDX */
- rv = SSL_Enable(model_sock, SSL_ENABLE_FDX, 1);
- if (rv < 0) {
- errExit("SSL_Enable SSL_ENABLE_FDX");
- }
- }
-
- SSL_SetURL(model_sock, hostName);
-
- SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
- (void *)CERT_GetDefaultCertDB());
-
- SSL_BadCertHook(model_sock, myBadCertHandler, NULL);
-
- SSL_GetClientAuthDataHook(model_sock, NSS_GetClientAuthData, nickName);
-
- /* I'm not going to set the HandshakeCallback function. */
-
- /* end of ssl configuration. */
-
- rv = launch_thread(do_connects, &addr, model_sock, 1);
-
- if (connections > 1) {
- /* wait for the first connection to terminate, then launch the rest. */
- reap_threads();
- /* Start up the connections */
- for (i = 2; i <= connections; ++i) {
-
- rv = launch_thread(do_connects, &addr, model_sock, i);
-
- }
- }
-
- reap_threads();
- destroy_thread_data();
-
- PR_Close(model_sock);
-
- networkEnd();
-}
-
-SECStatus
-readBigFile(const char * fileName)
-{
- PRFileInfo info;
- PRStatus status;
- SECStatus rv = SECFailure;
- int count;
- int hdrLen;
- PRFileDesc *local_file_fd = NULL;
-
- status = PR_GetFileInfo(fileName, &info);
-
- if (status == PR_SUCCESS &&
- info.type == PR_FILE_FILE &&
- info.size > 0 &&
- NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) {
-
- hdrLen = PORT_Strlen(outHeader);
- bigBuf.len = hdrLen + info.size;
- bigBuf.data = PORT_Malloc(bigBuf.len + 4095);
- if (!bigBuf.data) {
- errWarn("PORT_Malloc");
- goto done;
- }
-
- PORT_Memcpy(bigBuf.data, outHeader, hdrLen);
-
- count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size);
- if (count != info.size) {
- errWarn("PR_Read local file");
- goto done;
- }
- rv = SECSuccess;
-done:
- PR_Close(local_file_fd);
- }
- return rv;
-}
-
-int
-main(int argc, char **argv)
-{
- char * dir = ".";
- char * fNickName = NULL;
- char * fileName = NULL;
- char * hostName = NULL;
- char * nickName = NULL;
- char * progName = NULL;
- char * tmp = NULL;
- CERTCertificate * cert [kt_kea_size] = { NULL };
- SECKEYPrivateKey * privKey[kt_kea_size] = { NULL };
- int optchar;
- int connections = 1;
- unsigned short port = 443;
- SECStatus rv;
- PRBool useCommandLinePasswd = PR_FALSE;
- char * passwd = NULL;
- PLOptState *optstate;
- PLOptStatus status;
-
- /* Call the NSPR initialization routines */
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
- tmp = strrchr(argv[0], '/');
- tmp = tmp ? tmp + 1 : argv[0];
- progName = strrchr(tmp, '\\');
- progName = progName ? progName + 1 : tmp;
-
-
- optstate = PL_CreateOptState(argc, argv, "2:C:c:d:f:n:op:vw:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch(optstate->option) {
-
- case '2':
- fileName = optstate->value;
- break;
- case 'C':
- cipherString = optstate->value;
- break;
-
- case 'c':
- connections = PORT_Atoi(optstate->value);
- break;
-
- case 'd':
- dir = optstate->value;
- break;
-
- case 'f':
- fNickName = optstate->value;
- break;
-
- case 'n':
- nickName = optstate->value;
- break;
- case 'o':
- MakeCertOK = 1;
- break;
-
- case 'p':
- port = PORT_Atoi(optstate->value);
- break;
-
- case 'v':
- verbose++;
- break;
- case 'w':
- passwd = optstate->value;
- useCommandLinePasswd = PR_TRUE;
- break;
- case '\0':
- hostName = PL_strdup(optstate->value);
- break;
- default:
- case '?':
- Usage(progName);
- break;
-
- }
- }
- if (!hostName || status == PL_OPT_BAD)
- Usage(progName);
-
- if (port == 0)
- Usage(progName);
-
- if (fileName)
- readBigFile(fileName);
-
- /* set our password function */
- if ( useCommandLinePasswd ) {
- PK11_SetPasswordFunc(ownPasswd);
- } else {
- PK11_SetPasswordFunc(SECU_GetModulePassword);
- }
-
- /* Call the libsec initialization routines */
- rv = NSS_Init(dir);
- if (rv != SECSuccess) {
- fputs("NSS_Init failed.\n", stderr);
- exit(1);
- }
-
- if (nickName) {
-
- if (useCommandLinePasswd) {
- cert[kt_rsa] = PK11_FindCertFromNickname(nickName, passwd);
- } else {
- cert[kt_rsa] = PK11_FindCertFromNickname(nickName, NULL);
- }
- if (cert[kt_rsa] == NULL) {
- fprintf(stderr, "Can't find certificate %s\n", nickName);
- exit(1);
- }
-
- if (useCommandLinePasswd) {
- privKey[kt_rsa] = PK11_FindKeyByAnyCert(cert[kt_rsa], passwd);
- } else {
- privKey[kt_rsa] = PK11_FindKeyByAnyCert(cert[kt_rsa], NULL);
- }
-
- if (privKey[kt_rsa] == NULL) {
- fprintf(stderr, "Can't find Private Key for cert %s\n", nickName);
- exit(1);
- }
-
- }
- if (fNickName) {
- cert[kt_fortezza] = PK11_FindCertFromNickname(fNickName, NULL);
- if (cert[kt_fortezza] == NULL) {
- fprintf(stderr, "Can't find certificate %s\n", fNickName);
- exit(1);
- }
-
- privKey[kt_fortezza] = PK11_FindKeyByAnyCert(cert[kt_fortezza], NULL);
- if (privKey[kt_fortezza] == NULL) {
- fprintf(stderr, "Can't find Private Key for cert %s\n", fNickName);
- exit(1);
- }
- }
-
- client_main(port, connections, privKey, cert, hostName, nickName);
-
- /* some final stats. */
- printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n",
- ssl3_hsh_sid_cache_hits,
- ssl3_hsh_sid_cache_misses,
- ssl3_hsh_sid_cache_not_ok);
-
- NSS_Shutdown();
- PR_Cleanup();
- return 0;
-}
-
diff --git a/security/nss/cmd/swfort/Makefile b/security/nss/cmd/swfort/Makefile
deleted file mode 100644
index a483a2463..000000000
--- a/security/nss/cmd/swfort/Makefile
+++ /dev/null
@@ -1,108 +0,0 @@
-#! gmake
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-
-CORE_DEPTH = ../../..
-
-include manifest.mn
-include $(CORE_DEPTH)/coreconf/config.mk
-
-# $(NULL)
-
-
-INCLUDES += \
- -I$(DIST)/../public/security \
- -I$(DIST)/../private/security \
- -I$(DEPTH)/security/lib/cert \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
- -I./include \
- $(NULL)
-
-
-# For the time being, sec stuff is export only
-# US_FLAGS = -DEXPORT_VERSION -DUS_VERSION
-
-US_FLAGS = -DEXPORT_VERSION
-EXPORT_FLAGS = -DEXPORT_VERSION
-
-BASE_LIBS = \
- $(DIST)/lib/libdbm.a \
- $(DIST)/lib/libxp.a \
- $(DIST)/lib/libnspr.a \
- $(NULL)
-
-# $(DIST)/lib/libpurenspr.a \
-
-#There are a circular dependancies in security/lib, and we deal with it by
-# double linking some libraries
-SEC_LIBS = \
- $(DIST)/lib/libsecnav.a \
- $(DIST)/lib/libssl.a \
- $(DIST)/lib/libpkcs7.a \
- $(DIST)/lib/libcert.a \
- $(DIST)/lib/libkey.a \
- $(DIST)/lib/libsecmod.a \
- $(DIST)/lib/libcrypto.a \
- $(DIST)/lib/libsecutil.a \
- $(DIST)/lib/libssl.a \
- $(DIST)/lib/libpkcs7.a \
- $(DIST)/lib/libcert.a \
- $(DIST)/lib/libkey.a \
- $(DIST)/lib/libsecmod.a \
- $(DIST)/lib/libcrypto.a \
- $(DIST)/lib/libsecutil.a \
- $(DIST)/lib/libhash.a \
- $(NULL)
-
-MYLIB = lib/$(OBJDIR)/libsectool.a
-
-US_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
-EX_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
-
-REQUIRES = libxp nspr security
-
-CSRCS = $(EXEC_SRCS) $(BI_SRCS)
-
-OBJS = $(CSRCS:.c=.o) $(BI_SRCS:.c=-us.o) $(BI_SRCS:.c=-ex.o)
-
-PROGS = $(addprefix $(OBJDIR)/, $(EXEC_SRCS:.c=$(BIN_SUFFIX)))
-US_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-us$(BIN_SUFFIX)))
-EX_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-ex$(BIN_SUFFIX)))
-
-
-NON_DIRS = $(PROGS) $(US_PROGS) $(EX_PROGS)
-TARGETS = $(NON_DIRS)
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-symbols::
- @echo "TARGETS = $(TARGETS)"
diff --git a/security/nss/cmd/swfort/instinit/Makefile b/security/nss/cmd/swfort/instinit/Makefile
deleted file mode 100644
index f912d54cd..000000000
--- a/security/nss/cmd/swfort/instinit/Makefile
+++ /dev/null
@@ -1,75 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../../platlibs.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-include ../../platrules.mk
diff --git a/security/nss/cmd/swfort/instinit/instinit.c b/security/nss/cmd/swfort/instinit/instinit.c
deleted file mode 100644
index 8f13bc450..000000000
--- a/security/nss/cmd/swfort/instinit/instinit.c
+++ /dev/null
@@ -1,455 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include <stdio.h>
-
-#include "prio.h"
-#include "seccomon.h"
-#include "swforti.h"
-#include "cert.h"
-#include "pk11func.h"
-#include "secmod.h"
-#include "secmodi.h"
-#include "secutil.h"
-#include "secrng.h"
-#include "cdbhdl.h"
-
-#define CERTDB_VALID_CA (1<<3)
-#define CERTDB_TRUSTED_CA (1<<4) /* trusted for issuing server certs */
-
-void secmod_GetInternalModule(SECMODModule *module);
-void sec_SetCheckKRLState(int i);
-
-#define STEP 16
-void
-printItem(SECItem *key) {
- int i;
- unsigned char *block;
- int len;
- for (block=key->data,len=key->len; len > 0; len -= STEP,block += STEP) {
- for(i=0; i < STEP && i < len; i++) printf(" %02x ",block[i]);
- printf("\n");
- }
- printf("\n");
-}
-
-void
-dump(unsigned char *block, int len) {
- int i;
- for (; len > 0; len -= STEP,block += STEP) {
- for(i=0; i < STEP && i < len; i++) printf(" %02x ",block[i]);
- printf("\n");
- }
- printf("\n");
-}
-
-
-/*
- * We need to move this to security/cmd .. so we can use the password
- * prompting infrastructure.
- */
-char *GetUserInput(char * prompt)
-{
- char phrase[200];
-
- fprintf(stderr, "%s", prompt);
- fflush (stderr);
-
- fgets ((char*) phrase, sizeof(phrase), stdin);
-
- /* stomp on newline */
- phrase[PORT_Strlen((char*)phrase)-1] = 0;
-
- /* Validate password */
- return (char*) PORT_Strdup((char*)phrase);
-}
-
-void ClearPass(char *pass) {
- PORT_Memset(pass,0,strlen(pass));
- PORT_Free(pass);
-}
-
-char *
-formatDERIssuer(FORTSWFile *file,SECItem *derIssuer)
-{
- CERTName name;
- SECStatus rv;
-
- PORT_Memset(&name,0,sizeof(name));;
- rv = SEC_ASN1DecodeItem(file->arena,&name,CERT_NameTemplate,derIssuer);
- if (rv != SECSuccess) {
- return NULL;
- }
- return CERT_NameToAscii(&name);
-}
-
-#define NETSCAPE_INIT_FILE "nsswft.swf"
-
-char *getDefaultTarget(void)
-{
- char *fname = NULL;
- char *home = NULL;
- static char unix_home[512];
-
- /* first try to get it from the environment */
- fname = getenv("SW_FORTEZZA_FILE");
- if (fname != NULL) {
- return PORT_Strdup(fname);
- }
-
-#ifdef XP_UNIX
- home = getenv("HOME");
- if (home) {
- strncpy(unix_home,home, sizeof(unix_home)-sizeof("/.netscape/"NETSCAPE_INIT_FILE));
- strcat(unix_home,"/.netscape/"NETSCAPE_INIT_FILE);
- return unix_home;
- }
-#endif
-#ifdef XP_WIN
- home = getenv("windir");
- if (home) {
- strncpy(unix_home,home, sizeof(unix_home)-sizeof("\\"NETSCAPE_INIT_FILE));
- strcat(unix_home,"\\"NETSCAPE_INIT_FILE);
- return unix_home;
- }
-#endif
- return (NETSCAPE_INIT_FILE);
-}
-
-void
-usage(char *prog) {
- fprintf(stderr,"usage: %s [-v][-f][-t transport_pass][-u user_pass][-o output_file] source_file\n",prog);
- exit(1);
-}
-
-main(int argc, char ** argv)
-{
-
- FORTSignedSWFile * swfile;
- int size;
- SECItem file;
- char *progname = *argv++;
- char *filename = NULL;
- char *outname = NULL;
- char *cp;
- int verbose = 0;
- int force = 0;
- CERTCertDBHandle certhandle = { 0 };
- CERTCertificate *cert;
- CERTCertTrust *trust;
- char * pass;
- SECStatus rv;
- int i;
- SECMODModule *module;
- int64 now; /* XXXX */
- char *issuer;
- char *transport_pass = NULL;
- char *user_pass = NULL;
- SECItem *outItem = NULL;
- PRFileDesc *fd;
- PRFileInfo info;
- PRStatus prv;
-
-
-
-
- /* put better argument parsing here */
- while ((cp = *argv++) != NULL) {
- if (*cp == '-') {
- while (*++cp) {
- switch (*cp) {
- /* verbose mode */
- case 'v':
- verbose++;
- break;
- /* explicitly set the target */
- case 'o':
- outname = *argv++;
- break;
- case 'f':
- /* skip errors in signatures without prompts */
- force++;
- break;
- case 't':
- /* provide password on command line */
- transport_pass = *argv++;
- break;
- case 'u':
- /* provide user password on command line */
- user_pass = *argv++;
- break;
- default:
- usage(progname);
- break;
- }
- }
- } else if (filename) {
- usage(progname);
- } else {
- filename = cp;
- }
- }
-
- if (filename == NULL) usage(progname);
- if (outname == NULL) outname = getDefaultTarget();
-
-
- now = PR_Now();
- /* read the file in */
- fd = PR_Open(filename,PR_RDONLY,0);
- if (fd == NULL) {
- fprintf(stderr,"%s: couldn't open file \"%s\".\n",progname,filename);
- exit(1);
- }
-
- prv = PR_GetOpenFileInfo(fd,&info);
- if (prv != PR_SUCCESS) {
- fprintf(stderr,"%s: couldn't get info on file \"%s\".\n",
- progname,filename);
- exit(1);
- }
-
- size = info.size;
-
- file.data = malloc(size);
- file.len = size;
-
- file.len = PR_Read(fd,file.data,file.len);
- if (file.len < 0) {
- fprintf(stderr,"%s: couldn't read file \"%s\".\n",progname, filename);
- exit(1);
- }
-
- PR_Close(fd);
-
- /* Parse the file */
- swfile = FORT_GetSWFile(&file);
- if (swfile == NULL) {
- fprintf(stderr,
- "%s: File \"%s\" not a valid FORTEZZA initialization file.\n",
- progname,filename);
- exit(1);
- }
-
- issuer = formatDERIssuer(&swfile->file,&swfile->file.derIssuer);
- if (issuer == NULL) {
- issuer = "<Invalid Issuer DER>";
- }
-
- if (verbose) {
- printf("Processing file %s ....\n",filename);
- printf(" Version %d\n",DER_GetInteger(&swfile->file.version));
- printf(" Issuer: %s\n",issuer);
- printf(" Serial Number: ");
- for (i=0; i < (int)swfile->file.serialID.len; i++) {
- printf(" %02x",swfile->file.serialID.data[i]);
- }
- printf("\n");
- }
-
-
- /* Check the Initalization phrase and save Kinit */
- if (!transport_pass) {
- pass = SECU_GetPasswordString(NULL,"Enter the Initialization Memphrase:");
- transport_pass = pass;
- }
- rv = FORT_CheckInitPhrase(swfile,transport_pass);
- if (rv != SECSuccess) {
- fprintf(stderr,
- "%s: Invalid Initialization Memphrase for file \"%s\".\n",
- progname,filename);
- exit(1);
- }
-
- /* Check the user or init phrase and save Ks, use Kinit to unwrap the
- * remaining data. */
- if (!user_pass) {
- pass = SECU_GetPasswordString(NULL,"Enter the User Memphrase or the User PIN:");
- user_pass = pass;
- }
- rv = FORT_CheckUserPhrase(swfile,user_pass);
- if (rv != SECSuccess) {
- fprintf(stderr,"%s: Invalid User Memphrase or PIN for file \"%s\".\n",
- progname,filename);
- exit(1);
- }
-
- /* now we want to verify the signature */
- /* Initialize the cert code */
- rv = CERT_OpenVolatileCertDB(&certhandle);
- if (rv != SECSuccess) {
- fprintf(stderr,"%s: Couldn't build temparary Cert Database.\n",
- progname);
- exit(1);
- }
- CERT_SetDefaultCertDB(&certhandle);
-
- RNG_RNGInit();
- PK11_InitSlotLists();
-
- module = SECMOD_NewInternal();
- if (module == NULL) {
- fprintf(stderr,"%s: Couldn't initialize security.\n",
- progname);
- exit(1);
- }
- rv = SECMOD_LoadModule(module);
- if (rv != SECSuccess) {
- fprintf(stderr,"%s: Couldn't initialize security.\n",
- progname);
- exit(1);
- }
-
- /*
- * This really shouldn't happen, but we aren't fully initializing the
- * NSS code here, so we end up calling some internal functions to do
- * some of this initialization.
- */
- secmod_GetInternalModule(module);
- sec_SetCheckKRLState(1);
-
- /* now dump the certs into the temparary data base */
- for (i=0; swfile->file.slotEntries[i]; i++) {
- int trusted = 0;
- SECItem *derCert = FORT_GetDERCert(swfile,
- swfile->file.slotEntries[i]->certIndex);
-
- if (derCert == NULL) {
- if (verbose) {
- printf(" Cert %02d: %s \"%s\" \n",
- swfile->file.slotEntries[i]->certIndex,
- "untrusted", "Couldn't decrypt Cert");
- }
- continue;
- }
- cert = CERT_NewTempCertificate(&certhandle,derCert, NULL,
- PR_FALSE, PR_TRUE);
- if (cert == NULL) {
- if (verbose) {
- printf(" Cert %02d: %s \"%s\" \n",
- swfile->file.slotEntries[i]->certIndex,
- "untrusted", "Couldn't decode Cert");
- }
- continue;
- }
- if (swfile->file.slotEntries[i]->trusted.data[0]) {
- /* Add TRUST */
- trust = PORT_ArenaAlloc(cert->arena,sizeof(CERTCertTrust));
- if (trust != NULL) {
- trust->sslFlags = CERTDB_VALID_CA|CERTDB_TRUSTED_CA;
- trust->emailFlags = CERTDB_VALID_CA|CERTDB_TRUSTED_CA;
- trust->objectSigningFlags = CERTDB_VALID_CA|CERTDB_TRUSTED_CA;
- cert->trust = trust;
- trusted++;
- }
- }
- if (verbose) {
- printf(" Cert %02d: %s \"%s\" \n",
- swfile->file.slotEntries[i]->certIndex,
- trusted?" trusted ":"untrusted",
- CERT_NameToAscii(&cert->subject));
- }
- }
-
- fflush(stdout);
-
-
- cert = CERT_FindCertByName(&certhandle,&swfile->file.derIssuer);
- if (cert == NULL) {
- fprintf(stderr,"%s: Couldn't find signer certificate \"%s\".\n",
- progname,issuer);
- rv = SECFailure;
- goto noverify;
- }
- rv = CERT_VerifySignedData(&swfile->signatureWrap,cert, now, NULL);
- if (rv != SECSuccess) {
- fprintf(stderr,
- "%s: Couldn't verify the signature on file \"%s\" with certificate \"%s\".\n",
- progname,filename,issuer);
- goto noverify;
- }
- rv = CERT_VerifyCert(&certhandle, cert, PR_TRUE, certUsageSSLServer,
- now ,NULL,NULL);
- /* not an normal cert, see if it's a CA? */
- if (rv != SECSuccess) {
- rv = CERT_VerifyCert(&certhandle, cert, PR_TRUE, certUsageAnyCA,
- now ,NULL,NULL);
- }
- if (rv != SECSuccess) {
- fprintf(stderr,"%s: Couldn't verify the signer certificate \"%s\".\n",
- progname,issuer);
- goto noverify;
- }
-
-noverify:
- if (rv != SECSuccess) {
- if (!force) {
- pass = GetUserInput(
- "Signature verify failed, continue without verification? ");
- if (!(pass && ((*pass == 'Y') || (*pass == 'y')))) {
- exit(1);
- }
- }
- }
-
-
- /* now write out the modified init file for future use */
- outItem = FORT_PutSWFile(swfile);
- if (outItem == NULL) {
- fprintf(stderr,"%s: Couldn't format target init file.\n",
- progname);
- goto noverify;
- }
-
- if (verbose) {
- printf("writing modified file out to \"%s\".\n",outname);
- }
-
- /* now write it out */
- fd = PR_Open(outname,PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE,0700);
- if (fd == NULL) {
- fprintf(stderr,"%s: couldn't open file \"%s\".\n",progname,outname);
- exit(1);
- }
-
- file.len = PR_Write(fd,outItem->data,outItem->len);
- if (file.len < 0) {
- fprintf(stderr,"%s: couldn't read file \"%s\".\n",progname, filename);
- exit(1);
- }
-
- PR_Close(fd);
-
- exit(0);
- return (0);
-}
-
diff --git a/security/nss/cmd/swfort/instinit/manifest.mn b/security/nss/cmd/swfort/instinit/manifest.mn
deleted file mode 100644
index c7f5b2967..000000000
--- a/security/nss/cmd/swfort/instinit/manifest.mn
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../../..
-
-DEFINES += -DNSPR20
-
-MODULE = security
-
-CSRCS = instinit.c
-
-REQUIRES = security nspr dbm seccmd
-
-PROGRAM = instinit
-# PROGRAM = ./$(OBJDIR)/selfserv.exe
-
diff --git a/security/nss/cmd/swfort/manifest.mn b/security/nss/cmd/swfort/manifest.mn
deleted file mode 100644
index 2f8be569d..000000000
--- a/security/nss/cmd/swfort/manifest.mn
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-REQUIRES = security seccmd dbm
-
-
-DIRS = instinit newuser
diff --git a/security/nss/cmd/swfort/newuser/Makefile b/security/nss/cmd/swfort/newuser/Makefile
deleted file mode 100644
index 907b29e6f..000000000
--- a/security/nss/cmd/swfort/newuser/Makefile
+++ /dev/null
@@ -1,87 +0,0 @@
-#! gmake
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-# can't do this in manifest.mn because OS_ARCH isn't defined there.
-ifeq ($(OS_ARCH), WINNT)
-
-EXTRA_LIBS = \
- ../../../lib/fortcrypt/$(OBJDIR)/cilib.lib \
- $(NULL)
-else
-
-EXTRA_LIBS += \
- ../../../lib/fortcrypt/$(OBJDIR)/cilib.a \
- $(NULL)
-endif
-
-include ../../platlibs.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-include ../../platrules.mk
-
diff --git a/security/nss/cmd/swfort/newuser/manifest.mn b/security/nss/cmd/swfort/newuser/manifest.mn
deleted file mode 100644
index cf7c70e16..000000000
--- a/security/nss/cmd/swfort/newuser/manifest.mn
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../../..
-
-DEFINES += -DNSPR20
-
-MODULE = security
-
-CSRCS = newuser.c mktst.c
-
-REQUIRES = security nspr dbm seccmd
-
-PROGRAM = newuser
-
diff --git a/security/nss/cmd/swfort/newuser/mktst.c b/security/nss/cmd/swfort/newuser/mktst.c
deleted file mode 100644
index 6e111d3dd..000000000
--- a/security/nss/cmd/swfort/newuser/mktst.c
+++ /dev/null
@@ -1,254 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include <stdio.h>
-
-#include "prio.h"
-#include "swforti.h"
-#include "maci.h"
-#include "secder.h"
-#include "blapi.h"
-
-void
-printkey(char *s, unsigned char *block) {
- int i;
- printf("%s \n 0x",s);
- for(i=0; i < 10; i++) printf("%02x",block[i]);
- printf("\n");
-}
-
-void
-printblock(char *s, unsigned char *block) {
- int i;
- printf("%s \n 0x",s);
- for(i=0; i < 8; i++) printf("%02x",block[i]);
- printf("\n 0x");
- for(i=8; i < 16; i++) printf("%02x",block[i]);
- printf("\n");
-}
-
-
-static char *leafbits="THIS IS NOT LEAF";
-
-static void
-encryptCertEntry(fortProtectedData *pdata,FORTSkipjackKeyPtr Ks,
- unsigned char *data,int len)
-{
- unsigned char *dataout;
- int enc_len;
- /* XXX Make length */
- pdata->dataIV.data = PORT_ZAlloc(24);
- pdata->dataIV.len = 24;
- PORT_Memcpy(pdata->dataIV.data,leafbits,SKIPJACK_LEAF_SIZE);
- fort_GenerateRandom(&pdata->dataIV.data[SKIPJACK_LEAF_SIZE],
- SKIPJACK_BLOCK_SIZE);
- enc_len = (len + (SKIPJACK_BLOCK_SIZE-1)) & ~(SKIPJACK_BLOCK_SIZE-1);
- dataout = pdata->dataEncryptedWithKs.data = PORT_ZAlloc(enc_len);
- pdata->dataEncryptedWithKs.len = enc_len;
- fort_skipjackEncrypt(Ks,&pdata->dataIV.data[SKIPJACK_LEAF_SIZE],
- enc_len, data,dataout);
- if (len > 255) {
- pdata->length.data = PORT_ZAlloc(2);
- pdata->length.data[0] = (len >> 8) & 0xff;
- pdata->length.data[1] = len & 0xff;
- pdata->length.len = 2;
- } else {
- pdata->length.data = PORT_ZAlloc(1);
- pdata->length.data[0] = len & 0xff;
- pdata->length.len = 1;
- }
-
-}
-
-unsigned char issuer[30] = { 0 };
-
-void
-makeCertSlot(fortSlotEntry *entry,int index,char *label,SECItem *cert,
- FORTSkipjackKeyPtr Ks, unsigned char *xKEA, unsigned char *xDSA,
- unsigned char *pubKey, int pubKeyLen, unsigned char *p, unsigned char *q,
- unsigned char *g)
-{
- unsigned char *key; /* private key */
-
- entry->trusted.data = PORT_Alloc(1);
- *entry->trusted.data = index == 0 ? 1 : 0;
- entry->trusted.len = 1;
- entry->certificateIndex.data = PORT_Alloc(1);
- *entry->certificateIndex.data = index;
- entry->certificateIndex.len = 1;
- entry->certIndex = index;
- encryptCertEntry(&entry->certificateLabel,Ks,
- (unsigned char *)label, strlen(label));
- encryptCertEntry(&entry->certificateData,Ks, cert->data, cert->len);
- if (xKEA) {
- entry->exchangeKeyInformation = PORT_ZNew(fortKeyInformation);
- entry->exchangeKeyInformation->keyFlags.data = PORT_ZAlloc(1);
- entry->exchangeKeyInformation->keyFlags.data[0] = 1;
- entry->exchangeKeyInformation->keyFlags.len = 1;
- key = PORT_Alloc(24);
- fort_skipjackWrap(Ks,24,xKEA,key);
- entry->exchangeKeyInformation->privateKeyWrappedWithKs.data = key;
- entry->exchangeKeyInformation->privateKeyWrappedWithKs.len = 24;
- entry->exchangeKeyInformation->derPublicKey.data = pubKey;
- entry->exchangeKeyInformation->derPublicKey.len = pubKeyLen;
- entry->exchangeKeyInformation->p.data = p;
- entry->exchangeKeyInformation->p.len = 128;
- entry->exchangeKeyInformation->q.data = q;
- entry->exchangeKeyInformation->q.len = 20;
- entry->exchangeKeyInformation->g.data = g;
- entry->exchangeKeyInformation->g.len = 128;
-
- entry->signatureKeyInformation = PORT_ZNew(fortKeyInformation);
- entry->signatureKeyInformation->keyFlags.data = PORT_ZAlloc(1);
- entry->signatureKeyInformation->keyFlags.data[0] = 1;
- entry->signatureKeyInformation->keyFlags.len = 1;
- key = PORT_Alloc(24);
- fort_skipjackWrap(Ks,24,xDSA,key);
- entry->signatureKeyInformation->privateKeyWrappedWithKs.data = key;
- entry->signatureKeyInformation->privateKeyWrappedWithKs.len = 24;
- entry->signatureKeyInformation->derPublicKey.data = pubKey;
- entry->signatureKeyInformation->derPublicKey.len = pubKeyLen;
- entry->signatureKeyInformation->p.data = p;
- entry->signatureKeyInformation->p.len = 128;
- entry->signatureKeyInformation->q.data = q;
- entry->signatureKeyInformation->q.len = 20;
- entry->signatureKeyInformation->g.data = g;
- entry->signatureKeyInformation->g.len = 128;
- } else {
- entry->exchangeKeyInformation = NULL;
- entry->signatureKeyInformation = NULL;
- }
-
- return;
-}
-
-
-void
-makeProtectedPhrase(FORTSWFile *file, fortProtectedPhrase *prot_phrase,
- FORTSkipjackKeyPtr Ks, FORTSkipjackKeyPtr Kinit, char *phrase)
-{
- SHA1Context *sha;
- unsigned char hashout[SHA1_LENGTH];
- FORTSkipjackKey Kfek;
- unsigned int len;
- unsigned char cw[4];
- unsigned char enc_version[2];
- unsigned char *data = NULL;
- int keySize;
- int i,version;
- char tmp_data[13];
-
- if (strlen(phrase) < 12) {
- PORT_Memset(tmp_data, ' ', sizeof(tmp_data));
- PORT_Memcpy(tmp_data,phrase,strlen(phrase));
- tmp_data[12] = 0;
- phrase = tmp_data;
- }
-
- /* now calculate the PBE key for fortezza */
- sha = SHA1_NewContext();
- SHA1_Begin(sha);
- version = DER_GetUInteger(&file->version);
- enc_version[0] = (version >> 8) & 0xff;
- enc_version[1] = version & 0xff;
- SHA1_Update(sha,enc_version,sizeof(enc_version));
- SHA1_Update(sha,file->derIssuer.data, file->derIssuer.len);
- SHA1_Update(sha,file->serialID.data, file->serialID.len);
- SHA1_Update(sha,(unsigned char *)phrase,strlen(phrase));
- SHA1_End(sha,hashout,&len,SHA1_LENGTH);
- PORT_Memcpy(Kfek,hashout,sizeof(FORTSkipjackKey));
-
- keySize = sizeof(CI_KEY);
- if (Kinit) keySize = SKIPJACK_BLOCK_SIZE*2;
- data = PORT_ZAlloc(keySize);
- prot_phrase->wrappedKValue.data = data;
- prot_phrase->wrappedKValue.len = keySize;
- fort_skipjackWrap(Kfek,sizeof(CI_KEY),Ks,data);
-
- /* first, decrypt the hashed/Encrypted Memphrase */
- data = (unsigned char *) PORT_ZAlloc(SHA1_LENGTH+sizeof(cw));
-
- /* now build the hash for comparisons */
- SHA1_Begin(sha);
- SHA1_Update(sha,(unsigned char *)phrase,strlen(phrase));
- SHA1_End(sha,hashout,&len,SHA1_LENGTH);
- SHA1_DestroyContext(sha,PR_TRUE);
-
-
- /* now calcuate the checkword and compare it */
- cw[0] = cw[1] = cw[2] = cw[3] = 0;
- for (i=0; i <5 ; i++) {
- cw[0] = cw[0] ^ hashout[i*4];
- cw[1] = cw[1] ^ hashout[i*4+1];
- cw[2] = cw[2] ^ hashout[i*4+2];
- cw[3] = cw[3] ^ hashout[i*4+3];
- }
-
- PORT_Memcpy(data,hashout,len);
- PORT_Memcpy(data+len,cw,sizeof(cw));
-
- prot_phrase->memPhraseIV.data = PORT_ZAlloc(24);
- prot_phrase->memPhraseIV.len = 24;
- PORT_Memcpy(prot_phrase->memPhraseIV.data,leafbits,SKIPJACK_LEAF_SIZE);
- fort_GenerateRandom(&prot_phrase->memPhraseIV.data[SKIPJACK_LEAF_SIZE],
- SKIPJACK_BLOCK_SIZE);
- prot_phrase->kValueIV.data = PORT_ZAlloc(24);
- prot_phrase->kValueIV.len = 24;
- PORT_Memcpy(prot_phrase->kValueIV.data,leafbits,SKIPJACK_LEAF_SIZE);
- fort_GenerateRandom(&prot_phrase->kValueIV.data[SKIPJACK_LEAF_SIZE],
- SKIPJACK_BLOCK_SIZE);
- fort_skipjackEncrypt(Ks,&prot_phrase->memPhraseIV.data[SKIPJACK_LEAF_SIZE],
- len+sizeof(cw), data,data);
-
- prot_phrase->hashedEncryptedMemPhrase.data = data;
- prot_phrase->hashedEncryptedMemPhrase.len = len+sizeof(cw);
-
- if (Kinit) {
- fort_skipjackEncrypt(Kinit,
- &prot_phrase->kValueIV.data[SKIPJACK_LEAF_SIZE],
- prot_phrase->wrappedKValue.len,
- prot_phrase->wrappedKValue.data,
- prot_phrase->wrappedKValue.data );
- }
-
- return;
-}
-
-
-void
-fill_in(SECItem *item,unsigned char *data, int len)
-{
- item->data = PORT_Alloc(len);
- PORT_Memcpy(item->data,data,len);
- item->len = len;
-}
-
diff --git a/security/nss/cmd/swfort/newuser/newuser.c b/security/nss/cmd/swfort/newuser/newuser.c
deleted file mode 100644
index db8572765..000000000
--- a/security/nss/cmd/swfort/newuser/newuser.c
+++ /dev/null
@@ -1,1143 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include <stdio.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#ifdef XP_UNIX
-#include <unistd.h>
-#endif
-#include "cryptint.h"
-#include "blapi.h" /* program calls low level functions directly!*/
-#include "pk11func.h"
-#include "secmod.h"
-#include "secmodi.h"
-#include "cert.h"
-#include "cdbhdl.h"
-#include "key.h"
-#include "swforti.h"
-#include "secutil.h"
-#include "secrng.h"
-
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-#define MAX_PERSONALITIES 50
-typedef struct {
- int index;
- CI_CERT_STR label;
- CERTCertificate *cert;
-} certlist;
-
-typedef struct {
- int card;
- int index;
- CI_CERT_STR label;
- certlist valid[MAX_PERSONALITIES];
- int count;
-} Cert;
-
-
-#define EMAIL_OID_LEN 9
-#define EMAIL_OID 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01
-unsigned char emailAVA[127] = {
- 0x31, 6+EMAIL_OID_LEN, /* Set */
- 0x30, 4+EMAIL_OID_LEN, /* Sequence */
- 0x06, EMAIL_OID_LEN, EMAIL_OID,
- 0x13, 0, /* printable String */
-};
-#define EMAIL_DATA_START 8+EMAIL_OID_LEN
-
-int emailOffset[] = { 1, 3, EMAIL_DATA_START-1 };
-int offsetCount = sizeof(emailOffset)/sizeof(emailOffset[0]);
-
-unsigned char hash[20] = { 'H', 'a', 's', 'h', ' ', 'F', 'a', 'i', 'l', 'e',
- 'd', ' ', '*', '*', '*', '*', '*', '*', '*', '*' };
-unsigned char sig[40] = { 'H', 'a', 's', 'h', ' ', 'F', 'a', 'i', 'l', 'e',
- 'd', ' ', '*', '*', '*', '*', '*', '*', '*', '*',
- '>', '>', '>', ' ', 'N', 'o', 't', ' ', 'S', 'i',
- 'g', 'n', 'd', ' ', '<', '<', '<', ' ', ' ', ' ' };
-
-
-/*void *malloc(int); */
-
-unsigned char *data_start(unsigned char *buf, int length, int *data_length)
-{
- unsigned char tag;
- int used_length= 0;
-
- tag = buf[used_length++];
-
- /* blow out when we come to the end */
- if (tag == 0) {
- return NULL;
- }
-
- *data_length = buf[used_length++];
-
- if (*data_length&0x80) {
- int len_count = *data_length & 0x7f;
-
- *data_length = 0;
-
- while (len_count-- > 0) {
- *data_length = (*data_length << 8) | buf[used_length++];
- }
- }
-
- if (*data_length > (length-used_length) ) {
- *data_length = length-used_length;
- return NULL;
- }
-
- return (buf + used_length);
-}
-
-unsigned char *
-GetAbove(unsigned char *cert,int cert_length,int *above_len)
-{
- unsigned char *buf = cert;
- int buf_length = cert_length;
- unsigned char *tmp;
- int len;
-
- *above_len = 0;
-
- /* optional serial number */
- if ((buf[0] & 0xa0) == 0xa0) {
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
- buf_length -= (tmp-buf) + len;
- buf = tmp + len;
- }
- /* serial number */
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
- buf_length -= (tmp-buf) + len;
- buf = tmp + len;
- /* skip the OID */
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
- buf_length -= (tmp-buf) + len;
- buf = tmp + len;
- /* issuer */
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
- buf_length -= (tmp-buf) + len;
- buf = tmp + len;
- /* skip the date */
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
- buf_length -= (tmp-buf) + len;
- buf = tmp + len;
-
- *above_len = buf - cert;
- return cert;
-}
-
-unsigned char *
-GetSubject(unsigned char *cert,int cert_length,int *subj_len) {
- unsigned char *buf = cert;
- int buf_length = cert_length;
- unsigned char *tmp;
- int len;
-
- *subj_len = 0;
-
- /* optional serial number */
- if ((buf[0] & 0xa0) == 0xa0) {
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
- buf_length -= (tmp-buf) + len;
- buf = tmp + len;
- }
- /* serial number */
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
- buf_length -= (tmp-buf) + len;
- buf = tmp + len;
- /* skip the OID */
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
- buf_length -= (tmp-buf) + len;
- buf = tmp + len;
- /* issuer */
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
- buf_length -= (tmp-buf) + len;
- buf = tmp + len;
- /* skip the date */
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
- buf_length -= (tmp-buf) + len;
- buf = tmp + len;
-
- return data_start(buf,buf_length,subj_len);
-}
-
-unsigned char *
-GetBelow(unsigned char *cert,int cert_length,int *below_len) {
- unsigned char *subj;
- int subj_len;
- unsigned char *below;
-
- *below_len = 0;
-
- subj = GetSubject(cert,cert_length,&subj_len);
-
- below = subj + subj_len;
- *below_len = cert_length - (below - cert);
- return below;
-}
-
-unsigned char *
-GetSignature(unsigned char *sig,int sig_length,int *subj_len) {
- unsigned char *buf = sig;
- int buf_length = sig_length;
- unsigned char *tmp;
- int len;
-
- *subj_len = 0;
-
- /* signature oid */
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
- buf_length -= (tmp-buf) + len;
- buf = tmp + len;
- /* signature data */
- tmp = data_start(buf,buf_length,&len);
- if (tmp == NULL) return NULL;
-
- *subj_len = len -1;
- return tmp+1;
-}
-
-int DER_Sequence(unsigned char *buf, int length) {
- int next = 0;
-
- buf[next++] = 0x30;
- if (length < 0x80) {
- buf[next++] = length;
- } else {
- buf[next++] = 0x82;
- buf[next++] = (length >> 8) & 0xff;
- buf[next++] = length & 0xff;
- }
- return next;
-}
-
-static
-int Cert_length(unsigned char *buf, int length) {
- unsigned char tag;
- int used_length= 0;
- int data_length;
-
- tag = buf[used_length++];
-
- /* blow out when we come to the end */
- if (tag == 0) {
- return 0;
- }
-
- data_length = buf[used_length++];
-
- if (data_length&0x80) {
- int len_count = data_length & 0x7f;
-
- data_length = 0;
-
- while (len_count-- > 0) {
- data_length = (data_length << 8) | buf[used_length++];
- }
- }
-
- if (data_length > (length-used_length) ) {
- return length;
- }
-
- return (data_length + used_length);
-}
-
-int
-InitCard(int card, char *inpass) {
- int cirv;
- char buf[50];
- char *pass;
-
- cirv = CI_Open( 0 /* flags */, card);
- if (cirv != CI_OK) return cirv;
-
- if (inpass == NULL) {
- sprintf(buf,"Enter PIN for card in socket %d: ",card);
- pass = SECU_GetPasswordString(NULL, buf);
-
- if (pass == NULL) {
- CI_Close(CI_POWER_DOWN_FLAG,card);
- return CI_FAIL;
- }
- } else pass=inpass;
-
- cirv = CI_CheckPIN(CI_USER_PIN,(unsigned char *)pass);
- if (cirv != CI_OK) {
- CI_Close(CI_POWER_DOWN_FLAG,card);
- }
- return cirv;
-}
-
-int
-isUser(CI_PERSON *person) {
- return 1;
-}
-
-int
-isCA(CI_PERSON *person) {
- return 0;
-}
-
-int FoundCert(int card, char *name, Cert *cert) {
- CI_PERSON personalities[MAX_PERSONALITIES];
- CI_PERSON *person;
- int cirv;
- int i;
- int user_len = strlen(name);
-
- PORT_Memset(personalities, 0, sizeof(CI_PERSON)*MAX_PERSONALITIES);
-
- cirv = CI_GetPersonalityList(MAX_PERSONALITIES,personalities);
- if (cirv != CI_OK) return 0;
-
-
- cert->count = 1;
- cert->valid[0].index = 0;
- memcpy(cert->valid[0].label,"RRXX0000Root PAA Certificate ",
- sizeof(cert->valid[0].label));
- cert->valid[0].cert = NULL;
- for (i=0; i < MAX_PERSONALITIES; i++) {
- person = &personalities[i];
- if ( (PORT_Memcmp(person->CertLabel,"RRXX",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"RTXX",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"LAXX",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"INKS",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"INKX",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"ONKS",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"ONKX",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"KEAK",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"3IKX",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"DSA1",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"DSAI",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"DSAO",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"3IXS",4) == 0) ||
- (PORT_Memcmp(person->CertLabel,"3OXS",4) == 0) ){
- int index;
-
- cert->valid[cert->count].cert = NULL;
- memcpy(cert->valid[cert->count].label,
- person->CertLabel,sizeof(person->CertLabel));
- for (index = sizeof(person->CertLabel)-1;
- cert->valid[cert->count].label[index] == ' '; index--) {
- cert->valid[cert->count].label[index] = 0;
- }
- cert->valid[cert->count++].index = person->CertificateIndex;
- }
- }
- for (i=0; i < MAX_PERSONALITIES; i++) {
- person = &personalities[i];
- if (strncmp((char *)&person->CertLabel[8],name,user_len) == 0) {
- cert->card = card;
- cert->index = person->CertificateIndex;
- memcpy(&cert->label,person->CertLabel,sizeof(person->CertLabel));
- return 1;
- }
- }
- return 0;
-}
-
-void
-Terminate(char *mess, int cirv, int card1, int card2)
-{
- fprintf(stderr,"FAIL: %s error %d\n",mess,cirv);
- if (card1 != -1) CI_Close(CI_POWER_DOWN_FLAG,card1);
- if (card2 != -1) CI_Close(CI_POWER_DOWN_FLAG,card2);
- CI_Terminate();
- exit(1);
-}
-
-void
-usage(char *prog)
-{
- fprintf(stderr,"usage: %s [-e email][-t transport][-u userpin][-U userpass][-s ssopin][-S ssopass][-o outfile] common_name ca_label\n",prog);
- exit(1);
-}
-
-#define CERT_SIZE 2048
-
-
-/* version and oid */
-unsigned char header[] = {
- /* Cert OID */
- 0x02, 0x10,
- 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00,
- 0x30, 0x0b, 0x06, 0x09,
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x13 };
-
-#define KEY_START 21
-#define KMID_OFFSET 4
-#define KEA_OFFSET 15
-#define DSA_OFFSET 148
-unsigned char key[] = {
- /* Sequence(Constructed): 293 bytes (0x125) */
- 0x30, 0x82, 0x01, 0x25,
- /*Sequence(Constructed): 11 bytes (0xb) */
- 0x30, 0x0b,
- /* ObjectId(Universal): 9 bytes (0x9) */
- 0x06, 0x09,
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x14,
- /* BitString(Universal): 276 bytes (0x114) */
- 0x03, 0x82, 0x01, 0x14,
- 0x00, 0x00, 0x01, 0xef, 0x04, 0x01, 0x00, 0x01,
- 0x00, 0x00, 0x69, 0x60, 0x70, 0x00, 0x80, 0x02,
- 0x2e, 0x46, 0xb9, 0xcb, 0x22, 0x72, 0x0b, 0x1c,
- 0xe6, 0x25, 0x20, 0x16, 0x86, 0x05, 0x8e, 0x2b,
- 0x98, 0xd1, 0x46, 0x3d, 0x00, 0xb8, 0x69, 0xe1,
- 0x1a, 0x42, 0x7d, 0x7d, 0xb5, 0xbf, 0x9f, 0x26,
- 0xd3, 0x2c, 0xb1, 0x73, 0x01, 0xb6, 0xb2, 0x6f,
- 0x7b, 0xa5, 0x54, 0x85, 0x60, 0x77, 0x81, 0x8a,
- 0x87, 0x86, 0xe0, 0x2d, 0xbf, 0xdb, 0x28, 0xe8,
- 0xfa, 0x20, 0x35, 0xb4, 0xc0, 0x94, 0x10, 0x8e,
- 0x1c, 0x58, 0xaa, 0x02, 0x60, 0x97, 0xf5, 0xb3,
- 0x2f, 0xf8, 0x99, 0x29, 0x28, 0x73, 0x47, 0x36,
- 0xdd, 0x1d, 0x78, 0x95, 0xeb, 0xb8, 0xec, 0x45,
- 0x96, 0x69, 0x6f, 0x54, 0xc8, 0x1f, 0x2d, 0x3a,
- 0xd9, 0x0e, 0x8e, 0xaa, 0x59, 0x11, 0x8c, 0x3b,
- 0x8d, 0xa4, 0xed, 0xf2, 0x7d, 0xdc, 0x42, 0xaa,
- 0xa4, 0xd2, 0x1c, 0xb9, 0x87, 0xd0, 0xd9, 0x3d,
- 0x8e, 0x89, 0xbb, 0x06, 0x54, 0xcf, 0x32, 0x00,
- 0x02, 0x00, 0x00, 0x80, 0x0b, 0x80, 0x6c, 0x0f,
- 0x71, 0xd1, 0xa1, 0xa9, 0x26, 0xb4, 0xf1, 0xcd,
- 0x6a, 0x7a, 0x09, 0xaa, 0x58, 0x28, 0xd7, 0x35,
- 0x74, 0x8e, 0x7c, 0x83, 0xcb, 0xfe, 0x00, 0x3b,
- 0x62, 0x00, 0xfb, 0x90, 0x37, 0xcd, 0x93, 0xcf,
- 0xf3, 0xe4, 0x6d, 0x8d, 0xdd, 0xb8, 0x53, 0xe0,
- 0x5c, 0xda, 0x1a, 0x7e, 0x56, 0x03, 0x95, 0x03,
- 0x2f, 0x74, 0x86, 0xb1, 0xa0, 0xbb, 0x05, 0x91,
- 0xe4, 0x76, 0x83, 0xe6, 0x62, 0xf9, 0x12, 0x64,
- 0x5a, 0x62, 0xd8, 0x94, 0x04, 0x1f, 0x83, 0x02,
- 0x2e, 0xc5, 0xa7, 0x17, 0x46, 0x46, 0x21, 0x96,
- 0xc3, 0xa9, 0x8e, 0x92, 0x18, 0xd1, 0x52, 0x08,
- 0x1d, 0xff, 0x8e, 0x24, 0xdb, 0x6c, 0xd8, 0xfe,
- 0x80, 0x93, 0xe1, 0xa5, 0x4a, 0x0a, 0x37, 0x24,
- 0x18, 0x07, 0xbe, 0x0f, 0xaf, 0x73, 0xea, 0x50,
- 0x64, 0xa1, 0xb3, 0x77, 0xe5, 0x41, 0x02, 0x82,
- 0x39, 0xb9, 0xe3, 0x94
-};
-
-unsigned char valitity[] = {
- 0x30, 0x1e,
- 0x17, 0x0d,
- '2','0','0','0','0','1','0','1','0','0','0','0','Z',
- 0x17, 0x0d,
- '2','0','0','5','1','2','0','1','0','0','0','0','Z'
-};
-
-
-unsigned char cnam_oid[] = { 0x06, 0x03, 0x55, 0x04, 0x03 };
-
-unsigned char signature[] = {
- /* the OID */
- 0x30, 0x0b, 0x06, 0x09,
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x13,
- /* signature wrap */
- 0x03, 0x29, 0x00,
- /* 40 byte dsa signature */
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
-};
-
-unsigned char fortezza_oid [] = {
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01, 0x13
-};
-
-unsigned char software_ou[] = {
- 0x31, 26, 0x30, 24,
- 0x06, 0x03, 0x55, 0x04, 0x0b,
- 0x13, 17,
- 'S','o','f','t','w',
- 'a','r','e',' ','F',
- 'O','R','T','E','Z','Z','A'
-};
-
-
-char letterarray[] = {
- 'a','b','c','d','e','f','g','h','i','j','k','l','m','n',
- 'o','p','q','r','s','t','u','v','w','x','y','z' };
-
-char constarray[] = {
- 'b','c','d','f','g','h','j','k','l','m','n',
- 'p','q','r','s','t','v','w','x','y','z' };
-
-char vowelarray[] = {
- 'a','e','i','o','u','y' };
-
-char digitarray[] = {
- '0','1','2','3','4','5','6','7','8','9' };
-
-unsigned long
-getRandom(unsigned long max) {
- unsigned short data;
- unsigned long result;
-
- fort_GenerateRandom((unsigned char *)&data,sizeof(data));
-
- result = (unsigned long)data * max;
- result = result >> 16;
- return result;
-}
-
-
-char getLetter(void)
-{
- return letterarray[getRandom(sizeof(letterarray))];
-}
-char getVowel(void)
-{
- return vowelarray[getRandom(sizeof(vowelarray))];
-}
-char getDigit(void)
-{
- return digitarray[getRandom(sizeof(digitarray))];
-}
-
-char getConst(void)
-{
- return constarray[getRandom(sizeof(constarray))];
-}
-
-char *getPinPhrase(void)
-{
- char * pass = PORT_ZAlloc(5);
-
- pass[0] = getDigit();
- pass[1] = getDigit();
- pass[2] = getDigit();
- pass[3] = getDigit();
-
- return pass;
-}
-
-char *getPassPhrase(void)
-{
- char * pass = PORT_ZAlloc(13);
-
- pass[0] = getConst()+'A'-'a';
- pass[1] = getVowel();
- pass[2] = getConst();
- pass[3] = getVowel();
- pass[4] = getConst();
- pass[5] = getVowel();
- pass[6] = getConst();
- pass[7] = getDigit();
- pass[8] = getDigit();
- pass[9] = getDigit();
- pass[10] = getDigit();
- pass[11] = getLetter()+'A'-'a';
-
- return pass;
-}
-
-extern void
-makeCertSlot(fortSlotEntry * entry,
- int index,
- char * label,
- SECItem * cert,
- FORTSkipjackKeyPtr Ks,
- unsigned char *xKEA,
- unsigned char *xDSA,
- unsigned char *pubKey,
- int pubKeyLen,
- unsigned char *p,
- unsigned char *q,
- unsigned char *g);
-
-extern void
-makeProtectedPhrase(FORTSWFile * file,
- fortProtectedPhrase *prot_phrase,
- FORTSkipjackKeyPtr Ks,
- FORTSkipjackKeyPtr Kinit,
- char * phrase);
-
-extern void
-fill_in(SECItem *item, unsigned char *data, int len);
-
-char *userLabel = "INKS0002 ";
-main(int argc, char **argv)
-{
- char *progname = *argv++;
- char *commonName = NULL;
- char *caname = NULL;
- char *email = NULL;
- char *outname = NULL;
- char *cp;
- int arg_count = 0;
- Cert caCert;
- SECItem userCert;
- int cirv,i;
- int cards, start;
- unsigned char *subject;
- int subject_len;
- int signature_len = sizeof(signature);
- int newSubject_len, newCertBody_len, len;
- int cname1_len, cname_len, pstring_len;
- int valitity_len = sizeof(valitity);
- unsigned char origCert[CERT_SIZE];
- unsigned char newSubject[CERT_SIZE];
- unsigned char newCertBody[CERT_SIZE];
- unsigned char newCert[CERT_SIZE];
- unsigned char pstring[CERT_SIZE];
- unsigned char cname1[CERT_SIZE];
- unsigned char cname[CERT_SIZE];
- CERTCertificate *myCACert = NULL;
- CERTCertificate *cert;
- CERTCertDBHandle certhandle;
- SECStatus rv;
- SECMODModule *module;
- unsigned char serial[16];
- SECKEYPublicKey *pubKey;
- DSAPrivateKey *keaPrivKey;
- DSAPrivateKey *dsaPrivKey;
- CI_RANDOM randomVal;
- PQGParams *params;
- int pca_index = -1;
- unsigned char *p,*q,*g;
- FORTSkipjackKey Ks;
- FORTSkipjackKey Kinit;
- FORTSWFile *file;
- FORTSignedSWFile *signed_file;
- FORTSignedSWFile *signed_file2;
- unsigned char random[20];
- unsigned char vers;
- unsigned char *data;
- char *transportPin=NULL;
- char *ssoMemPhrase=NULL;
- char *userMemPhrase=NULL;
- char *ssoPin=NULL;
- char *userPin=NULL;
- char *pass=NULL;
- SECItem *outItem;
- int email_len = 0;
- int emailAVA_len = 0;
-
-
- /* put better argument parsing here */
- while ((cp = *argv++) != NULL) {
- if (*cp == '-') {
- while (*++cp) {
- switch (*cp) {
- /* verbose mode */
- case 'e':
- email = *argv++;
- break;
- /* explicitly set the target */
- case 'o':
- outname = *argv++;
- break;
- case 't':
- /* provide password on command line */
- transportPin = *argv++;
- break;
- case 'u':
- /* provide user password on command line */
- userPin = *argv++;
- break;
- case 'U':
- /* provide user password on command line */
- userMemPhrase = *argv++;
- break;
- case 's':
- /* provide user password on command line */
- ssoPin = *argv++;
- break;
- case 'S':
- /* provide user password on command line */
- ssoMemPhrase = *argv++;
- break;
- case 'p':
- /* provide card password on command line */
- pass = *argv++;
- break;
- case 'd':
- transportPin="test1234567890";
- ssoMemPhrase="sso1234567890";
- userMemPhrase="user1234567890";
- ssoPin="9999";
- userPin="0000";
- break;
- default:
- usage(progname);
- break;
- }
- }
- } else switch (arg_count++) {
- case 0:
- commonName = cp;
- break;
- case 1:
- caname = cp;
- break;
- default:
- usage(progname);
- }
- }
-
- if (outname == NULL) outname = "swfort.sfi";
- if (caname == NULL) usage(progname);
-
-
-
- caCert.card = -1;
- memset(newCert,0,CERT_SIZE);
-
- if (commonName == NULL) usage(progname);
-
-
- cirv = CI_Initialize(&cards);
-
- start = 0;
- for (i=0; i < cards; i++) {
- cirv = InitCard(i+1,pass);
- if (cirv == CI_OK) {
- if (FoundCert(i+1,caname,&caCert)) {
- break;
- }
- }
- }
-
- if (caCert.card == -1) {
- fprintf(stderr,
- "WARNING: Couldn't find Signing CA...new cert will not be signed\n");
- }
-
-
- /*
- * initialize enough security to deal with certificates.
- */
- rv = CERT_OpenVolatileCertDB(&certhandle);
- if (rv != SECSuccess) {
- Terminate("Couldn't build temparary Cert Database",
- 1, -1, caCert.card);
- exit(1);
- }
- CERT_SetDefaultCertDB(&certhandle);
-
- RNG_RNGInit();
- CI_GenerateRandom(random);
- RNG_RandomUpdate(random,sizeof(random));
- CI_GenerateRandom(random);
- RNG_RandomUpdate(random,sizeof(random));
- PK11_InitSlotLists();
-
- module = SECMOD_NewInternal();
- if (module == NULL) {
- Terminate("Couldn't initialize security", 1, -1, caCert.card);
- exit(1);
- }
- rv = SECMOD_LoadModule(module);
- if (rv != SECSuccess) {
- Terminate("Couldn't initialize security", 2, -1, caCert.card);
- exit(1);
- }
-
- if (transportPin == NULL) transportPin = getPassPhrase();
- if (ssoMemPhrase == NULL) ssoMemPhrase = getPassPhrase();
- if (userMemPhrase == NULL) userMemPhrase = getPassPhrase();
- if (ssoPin == NULL) ssoPin = getPinPhrase();
- if (userPin == NULL) userPin = getPinPhrase();
-
-
-
- /* now dump the certs into the temparary data base */
- for (i=0; i < caCert.count; i++) {
- int trusted = 0;
- SECItem derCert;
-
- cirv = CI_Select(caCert.card);
- if (cirv != CI_OK) {
- Terminate("Couldn't select on CA card",cirv,
- -1, caCert.card);
- }
- cirv = CI_GetCertificate(caCert.valid[i].index,origCert);
- if (cirv != CI_OK) {
- continue;
- }
- derCert.data = origCert;
- derCert.len = Cert_length(origCert, sizeof(origCert));
- cert = CERT_NewTempCertificate(&certhandle,&derCert, NULL,
- PR_FALSE, PR_TRUE);
- caCert.valid[i].cert = cert;
- if (cert == NULL) continue;
- if (caCert.valid[i].index == caCert.index) myCACert=cert;
- if (caCert.valid[i].index == atoi((char *)&caCert.label[4]))
- pca_index = i;
- }
-
- if (myCACert == NULL) {
- Terminate("Couldn't find CA's Certificate", 1, -1, caCert.card);
- exit(1);
- }
-
-
- /*
- * OK now build the user cert.
- */
- /* first get the serial number and KMID */
- cirv = CI_GenerateRandom(randomVal);
- memcpy(&header[2],randomVal,sizeof(serial));
- memcpy(serial,randomVal,sizeof(serial));
- memcpy(&key[KEY_START+KMID_OFFSET],randomVal+sizeof(serial),7);
- /* KMID */
-
- /* now generate the keys */
- pubKey = CERT_ExtractPublicKey(myCACert);
- if (pubKey == NULL) {
- Terminate("Couldn't extract CA's public key",
- 1, -1, caCert.card);
- exit(1);
- }
-
-
- switch (pubKey->keyType) {
- case fortezzaKey:
- params = &pubKey->u.fortezza.params;
- break;
- case dsaKey:
- params = &pubKey->u.dsa.params;
- break;
- default:
- Terminate("Certificate is not a fortezza or DSA Cert",
- 1, -1, caCert.card);
- exit(1);
- }
-
- rv = DSA_NewKey(params,&keaPrivKey);
- if (rv != SECSuccess) {
- Terminate("Couldn't Generate KEA key",
- PORT_GetError(), -1, caCert.card);
- exit(1);
- }
- rv = DSA_NewKey(params,&dsaPrivKey);
- if (rv != SECSuccess) {
- Terminate("Couldn't Generate DSA key",
- PORT_GetError(), -1, caCert.card);
- exit(1);
- }
-
- if (keaPrivKey->publicValue.len == 129)
- keaPrivKey->publicValue.data++;
- if (dsaPrivKey->publicValue.len == 129)
- dsaPrivKey->publicValue.data++;
- if (keaPrivKey->privateValue.len == 21)
- keaPrivKey->privateValue.data++;
- if (dsaPrivKey->privateValue.len == 21)
- dsaPrivKey->privateValue.data++;
-
- /* save the parameters */
- p = params->prime.data;
- if (params->prime.len == 129) p++;
- q = params->subPrime.data;
- if (params->subPrime.len == 21) q++;
- g = params->base.data;
- if (params->base.len == 129) g++;
-
- memcpy(&key[KEY_START+KEA_OFFSET],
- keaPrivKey->publicValue.data,
- keaPrivKey->publicValue.len);
- memcpy(&key[KEY_START+DSA_OFFSET],
- dsaPrivKey->publicValue.data,
- dsaPrivKey->publicValue.len);
-
- /* build the der subject */
- subject = data_start(myCACert->derSubject.data,myCACert->derSubject.len,
- &subject_len);
-
- /* build the new Common name AVA */
- len = DER_Sequence(pstring,strlen(commonName));
- memcpy(pstring+len,commonName,strlen(commonName));
- len += strlen(commonName);
- pstring_len = len;
- pstring[0] = 0x13;
-
- len = DER_Sequence(cname1,sizeof(cnam_oid)+pstring_len);
- memcpy(cname1+len,cnam_oid,sizeof(cnam_oid)); len += sizeof(cnam_oid);
- memcpy(cname1+len,pstring,pstring_len); len += pstring_len;
- cname1_len = len;
-
- len = DER_Sequence(cname, cname1_len);
- memcpy(cname+len,cname1,cname1_len); len += cname1_len;
- cname_len = len;
- cname[0] = 0x31; /* make it a set rather than a sequence */
-
- if (email) {
- email_len = strlen(email);
- emailAVA_len = EMAIL_DATA_START + email_len;
- }
-
- /* now assemble it */
- len = DER_Sequence(newSubject,subject_len + sizeof(software_ou) +
- cname_len + emailAVA_len);
- memcpy(newSubject+len,subject,subject_len);
-
- for (i=0; i < subject_len; i++) {
- if (memcmp(newSubject+len+i,cnam_oid,sizeof(cnam_oid)) == 0) {
- newSubject[i+len+4] = 0x0b; /* change CN to OU */
- break;
- }
- }
- len += subject_len;
- memcpy(newSubject+len,software_ou,sizeof(software_ou));
- len += sizeof(software_ou);
- memcpy(newSubject+len,cname,cname_len); len += cname_len;
- newSubject_len = len;
-
- /*
- * build the email AVA
- */
- if (email) {
- memcpy(&emailAVA[EMAIL_DATA_START],email,email_len);
- for (i=0; i < offsetCount; i++) {
- emailAVA[emailOffset[i]] += email_len;
- }
- memcpy(newSubject+len,emailAVA,emailAVA_len);
- newSubject_len += emailAVA_len;
- }
-
-
- /*
- * Assemble the Cert
- */
-
- len = DER_Sequence(newCertBody,sizeof(header)+newSubject_len+
- valitity_len+myCACert->derSubject.len+sizeof(key));
- memcpy(newCertBody+len,header,sizeof(header));len += sizeof(header);
- memcpy(newCertBody+len,myCACert->derSubject.data,
- myCACert->derSubject.len);len += myCACert->derSubject.len;
- memcpy(newCertBody+len,valitity,valitity_len);len += valitity_len;
- memcpy(newCertBody+len,newSubject,newSubject_len);
- len += newSubject_len;
- memcpy(newCertBody+len,key,sizeof(key));len += sizeof(key);
- newCertBody_len = len;
-
-
- /*
- * generate the hash
- */
- cirv = CI_InitializeHash();
- if (cirv == CI_OK) {
- int hash_left = newCertBody_len & 63;
- int hash_len = newCertBody_len - hash_left;
- cirv = CI_Hash(hash_len,newCertBody);
- if (cirv == CI_OK) {
- cirv = CI_GetHash(hash_left,newCertBody+hash_len,hash);
- }
- }
-
- /*
- * now sign the hash
- */
- if ((cirv == CI_OK) && (caCert.card != -1)) {
- cirv = CI_Select(caCert.card);
- if (cirv == CI_OK) {
- cirv = CI_SetPersonality(caCert.index);
- if (cirv == CI_OK) {
- cirv = CI_Sign(hash,sig);
- }
- }
- } else cirv = -1;
-
- if (cirv != CI_OK) {
- memcpy(sig,hash,sizeof(hash));
- }
-
- /*
- * load in new signature
- */
- {
- int sig_len;
- unsigned char *sig_start =
- GetSignature(signature,signature_len,&sig_len);
- memcpy(sig_start,sig,sizeof(sig));
- }
-
- /*
- * now do the final wrap
- */
- len = DER_Sequence(newCert,newCertBody_len+signature_len);
- memcpy(newCert+len,newCertBody,newCertBody_len); len += newCertBody_len;
- memcpy(newCert+len, signature, signature_len); len +=signature_len;
- userCert.data = newCert;
- userCert.len = len;
-
-
- /* OK, we now have our cert, let's go build our software file */
- signed_file = PORT_ZNew(FORTSignedSWFile);
- file = &signed_file->file;
-
- signed_file->signatureWrap.signature.data = PORT_ZAlloc(40);
- signed_file->signatureWrap.signature.len = 40;
- signed_file->signatureWrap.signatureAlgorithm.algorithm.data =
- fortezza_oid;
- signed_file->signatureWrap.signatureAlgorithm.algorithm.len =
- sizeof(fortezza_oid);
-
- vers = 1;
- fill_in(&file->version,&vers,1);
- file->derIssuer.data = myCACert->derSubject.data;
- file->derIssuer.len = myCACert->derSubject.len;
- file->serialID.data = serial;
- file->serialID.len =sizeof(serial);
- /* generate out Ks value */
- fort_GenerateRandom(Ks,sizeof(Ks));
- makeProtectedPhrase(file,&file->initMemPhrase,Kinit,NULL,transportPin);
- makeProtectedPhrase(file,&file->ssoMemPhrase,Ks,Kinit,ssoMemPhrase);
- makeProtectedPhrase(file,&file->ssoPinPhrase,Ks,Kinit,ssoPin);
- makeProtectedPhrase(file,&file->userMemPhrase,Ks,Kinit,userMemPhrase);
- makeProtectedPhrase(file,&file->userPinPhrase,Ks,Kinit,userPin);
- file->wrappedRandomSeed.data = PORT_ZAlloc(12);
- file->wrappedRandomSeed.len = 12;
- cirv = fort_GenerateRandom(file->wrappedRandomSeed.data,10);
- if (cirv != CI_OK) {
- Terminate("Couldn't get Random Seed",
- cirv, -1, caCert.card);
- }
- fort_skipjackWrap(Ks,12,file->wrappedRandomSeed.data,
- file->wrappedRandomSeed.data);
- file->slotEntries = PORT_ZAlloc(sizeof(fortSlotEntry *)*5);
- /* paa */
- file->slotEntries[0] = PORT_ZNew(fortSlotEntry);
- makeCertSlot(file->slotEntries[0],0,caCert.valid[0].label,
- &caCert.valid[0].cert->derCert,
- Ks,NULL,NULL,NULL,0,p,q,g);
- /* pca */
- file->slotEntries[1] = PORT_ZNew(fortSlotEntry);
- makeCertSlot(file->slotEntries[1],1,caCert.valid[pca_index].label,
- &caCert.valid[pca_index].cert->derCert,
- Ks,NULL,NULL,NULL,0,p,q,g);
- /* ca */
- file->slotEntries[2] = PORT_ZNew(fortSlotEntry);
- /* make sure the caCert lable points to our new pca slot location */
- caCert.label[4] = '0';
- caCert.label[5] = '0';
- caCert.label[6] = '0';
- caCert.label[7] = '1';
- makeCertSlot(file->slotEntries[2],2,caCert.label,&myCACert->derCert,
- Ks,NULL,NULL,NULL,0,p,q,g);
- /* user */
- file->slotEntries[3] = PORT_ZNew(fortSlotEntry);
- strncpy(&userLabel[8],commonName,sizeof(CI_PERSON)-8);
- makeCertSlot(file->slotEntries[3],3,userLabel,&userCert,Ks,
- keaPrivKey->privateValue.data,
- dsaPrivKey->privateValue.data,
- key, sizeof(key), p, q, g);
- file->slotEntries[4] = 0;
-
- /* encode the file so we can sign it */
- outItem = FORT_PutSWFile(signed_file);
-
- /* get the der encoded data to sign */
- signed_file2 = FORT_GetSWFile(outItem);
-
- /* now sign it */
- len = signed_file2->signatureWrap.data.len;
- data = signed_file2->signatureWrap.data.data;
- /*
- * generate the hash
- */
- cirv = CI_InitializeHash();
- if (cirv == CI_OK) {
- int hash_left = len & 63;
- int hash_len = len - hash_left;
- cirv = CI_Hash(hash_len,data);
- if (cirv == CI_OK) {
- cirv = CI_GetHash(hash_left,data+hash_len,hash);
- }
- }
-
- /*
- * now sign the hash
- */
- if ((cirv == CI_OK) && (caCert.card != -1)) {
- cirv = CI_Select(caCert.card);
- if (cirv == CI_OK) {
- cirv = CI_SetPersonality(caCert.index);
- if (cirv == CI_OK) {
- cirv = CI_Sign(hash,sig);
- }
- }
- } else cirv = -1;
-
- if (cirv != CI_OK) {
- memcpy(sig,hash,sizeof(hash));
- }
- memcpy( signed_file->signatureWrap.signature.data,sig,sizeof(sig));
- signed_file->signatureWrap.signature.len = sizeof(sig)*8;
-
-
- /* encode it for the last time */
- outItem = FORT_PutSWFile(signed_file);
-
-
- /*
- * write it out to the .sfi file
- */
- {
- int fd = open(outname,O_WRONLY|O_CREAT|O_BINARY,0777);
-
- write(fd,outItem->data,outItem->len);
- close(fd);
- }
- CI_Close(CI_POWER_DOWN_FLAG,caCert.card);
- CI_Terminate();
-
- printf("Wrote %s to file %s.\n",commonName,outname);
- printf("Initialization Memphrase: %s\n",transportPin);
- printf("SSO Memphrase: %s\n",ssoMemPhrase);
- printf("User Memphrase: %s\n",userMemPhrase);
- printf("SSO pin: %s\n",ssoPin);
- printf("User pin: %s\n",userPin);
-
- return 0;
-}
-
diff --git a/security/nss/cmd/tstclnt/Makefile b/security/nss/cmd/tstclnt/Makefile
deleted file mode 100644
index 7e236b453..000000000
--- a/security/nss/cmd/tstclnt/Makefile
+++ /dev/null
@@ -1,82 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-ifeq ($(OS_ARCH), WINNT)
-ifndef BUILD_OPT
-LDFLAGS += /subsystem:console /profile /debug /machine:I386 /incremental:no
-OS_CFLAGS += -D_CONSOLE
-endif
-endif
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-#include ../platlibs.mk
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-include ../platrules.mk
-
diff --git a/security/nss/cmd/tstclnt/makefile.win b/security/nss/cmd/tstclnt/makefile.win
deleted file mode 100644
index 6cf6c12cf..000000000
--- a/security/nss/cmd/tstclnt/makefile.win
+++ /dev/null
@@ -1,130 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-VERBOSE = 1
-include <manifest.mn>
-
-#cannot define PROGRAM in manifest compatibly with NT and UNIX
-PROGRAM = tstclnt
-PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
-include <$(DEPTH)\config\config.mak>
-
-# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
-# rules.mak will append C_OBJS onto OBJS.
-# OBJS = $(CSRCS:.c=.obj)
-
-# include files are looked for in $LINCS and $INCS.
-# $LINCS is in manifest.mnw, computed from REQUIRES=
-INCS = $(INCS) \
- -I$(DEPTH)/security/lib/cert \
- -I../include \
- $(NULL)
-
-IGNORE_ME = \
- -I$(DEPTH)/security/lib/key \
- -I$(DEPTH)/security/lib/util \
- $(NULL)
-
-
-WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
-
-# these files are the content of libdbm
-DBM_LIB = \
- $(WINFE)/DB.obj \
- $(WINFE)/HASH.obj \
- $(WINFE)/H_BIGKEY.obj \
- $(WINFE)/H_PAGE.obj \
- $(WINFE)/H_LOG2.obj \
- $(WINFE)/H_FUNC.obj \
- $(WINFE)/HASH_BUF.obj \
- $(NULL)
-
-MOZ_LIBS = \
- $(WINFE)/ALLXPSTR.obj \
- $(WINFE)/XP_ERROR.obj \
- $(WINFE)/XPASSERT.obj \
- $(WINFE)/XP_REG.obj \
- $(WINFE)/XP_TRACE.obj \
- $(DBM_LIB) \
- $(WINFE)/XP_STR.obj \
- $(WINFE)/MKTEMP.obj \
- $(NULL)
-
-SEC_LIBS = \
- $(DIST)/lib/cert$(MOZ_BITS).lib \
- $(DIST)/lib/crypto$(MOZ_BITS).lib \
- $(DIST)/lib/hash$(MOZ_BITS).lib \
- $(DIST)/lib/key$(MOZ_BITS).lib \
- $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
- $(DIST)/lib/secmod$(MOZ_BITS).lib \
- $(DIST)/lib/secutl$(MOZ_BITS).lib \
- $(DIST)/lib/ssl$(MOZ_BITS).lib \
- $(NULL)
-
-LLFLAGS = $(LLFLAGS) \
- ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
- $(SEC_LIBS) \
- $(MOZ_LIBS) \
- $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
- $(LIBNSPR) \
- $(NULL)
-
-
-include <$(DEPTH)\config\rules.mak>
-
-INSTALL = $(MAKE_INSTALL)
-
-objs: $(OBJS)
-
-$(PROGRAM)::
- $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
-
-programs: $(PROGRAM)
-
-install:: $(TARGETS)
- $(INSTALL) $(TARGETS) $(DIST)/bin
-
-
-symbols:
- @echo "CSRCS = $(CSRCS)"
- @echo "INCS = $(INCS)"
- @echo "OBJS = $(OBJS)"
- @echo "LIBRARY = $(LIBRARY)"
- @echo "PROGRAM = $(PROGRAM)"
- @echo "TARGETS = $(TARGETS)"
- @echo "DIST = $(DIST)"
- @echo "VERSION_NUMBER = $(VERSION_NUMBER)"
- @echo "WINFE = $(WINFE)"
- @echo "DBM_LIB = $(DBM_LIB)"
- @echo "INSTALL = $(INSTALL)"
-
diff --git a/security/nss/cmd/tstclnt/manifest.mn b/security/nss/cmd/tstclnt/manifest.mn
deleted file mode 100644
index 00378736a..000000000
--- a/security/nss/cmd/tstclnt/manifest.mn
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = security
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-# The MODULE is always implicitly required.
-# Listing it here in REQUIRES makes it appear twice in the cc command line.
-REQUIRES = seccmd dbm
-
-# DIRS =
-
-CSRCS = tstclnt.c
-
-PROGRAM = tstclnt
-
diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c
deleted file mode 100644
index badb813df..000000000
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ /dev/null
@@ -1,652 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
-**
-** Sample client side test program that uses SSL and libsec
-**
-*/
-
-#include "secutil.h"
-
-#if defined(XP_UNIX)
-#include <unistd.h>
-#else
-#include "ctype.h" /* for isalpha() */
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-
-#include "nspr.h"
-#include "prio.h"
-#include "prnetdb.h"
-#include "nss.h"
-#include "ssl.h"
-#include "sslproto.h"
-#include "pk11func.h"
-#include "plgetopt.h"
-
-#define PRINTF if (verbose) printf
-#define FPRINTF if (verbose) fprintf
-
-int ssl2CipherSuites[] = {
- SSL_EN_RC4_128_WITH_MD5, /* A */
- SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */
- SSL_EN_RC2_128_CBC_WITH_MD5, /* C */
- SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
- SSL_EN_DES_64_CBC_WITH_MD5, /* E */
- SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */
- 0
-};
-
-int ssl3CipherSuites[] = {
- SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
- SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
- SSL_RSA_WITH_RC4_128_MD5, /* c */
- SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
- SSL_RSA_WITH_DES_CBC_SHA, /* e */
- SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
- SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
- SSL_RSA_WITH_NULL_MD5, /* i */
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
- SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
- 0
-};
-
-unsigned long __cmp_umuls;
-PRBool verbose = PR_TRUE;
-
-static char *progName;
-
-/* This exists only for the automated test suite. It allows us to
- * pass in a password on the command line.
- */
-
-char *password = NULL;
-
-char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg)
-{
- char *passwd = NULL;
- if ( (!retry) && arg ) {
- passwd = PL_strdup((char *)arg);
- }
- return passwd;
-}
-
-void printSecurityInfo(PRFileDesc *fd)
-{
- char * cp; /* bulk cipher name */
- char * ip; /* cert issuer DN */
- char * sp; /* cert subject DN */
- int op; /* High, Low, Off */
- int kp0; /* total key bits */
- int kp1; /* secret key bits */
- int result;
-
-/* statistics from ssl3_SendClientHello (sch) */
-extern long ssl3_sch_sid_cache_hits;
-extern long ssl3_sch_sid_cache_misses;
-extern long ssl3_sch_sid_cache_not_ok;
-
-/* statistics from ssl3_HandleServerHello (hsh) */
-extern long ssl3_hsh_sid_cache_hits;
-extern long ssl3_hsh_sid_cache_misses;
-extern long ssl3_hsh_sid_cache_not_ok;
-
-/* statistics from ssl3_HandleClientHello (hch) */
-extern long ssl3_hch_sid_cache_hits;
-extern long ssl3_hch_sid_cache_misses;
-extern long ssl3_hch_sid_cache_not_ok;
-
- result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
- if (result != SECSuccess)
- return;
- PRINTF("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
- "subject DN: %s\n"
- "issuer DN: %s\n", cp, kp1, kp0, op, sp, ip);
- PR_Free(cp);
- PR_Free(ip);
- PR_Free(sp);
-
- PRINTF("%ld cache hits; %ld cache misses, %ld cache not reusable\n",
- ssl3_hch_sid_cache_hits, ssl3_hch_sid_cache_misses,
- ssl3_hch_sid_cache_not_ok);
-
-}
-
-void
-handshakeCallback(PRFileDesc *fd, void *client_data)
-{
- printSecurityInfo(fd);
-}
-
-static void Usage(const char *progName)
-{
- printf(
-"Usage: %s -h host [-p port] [-d certdir] [-n nickname] [-23ox] \n"
-" [-c ciphers] [-w passwd]\n", progName);
- printf("%-20s Hostname to connect with\n", "-h host");
- printf("%-20s Port number for SSL server\n", "-p port");
- printf("%-20s Directory with cert database (default is ~/.netscape)\n",
- "-d certdir");
- printf("%-20s Nickname of key and cert for client auth\n", "-n nickname");
- printf("%-20s Disable SSL v2.\n", "-2");
- printf("%-20s Disable SSL v3.\n", "-3");
- printf("%-20s Disable TLS (SSL v3.1).\n", "-T");
- printf("%-20s Override bad server cert. Make it OK.\n", "-o");
- printf("%-20s Use export policy.\n", "-x");
- printf("%-20s Letter(s) chosen from the following list\n", "-c ciphers");
- printf(
-"A SSL2 RC4 128 WITH MD5\n"
-"B SSL2 RC4 128 EXPORT40 WITH MD5\n"
-"C SSL2 RC2 128 CBC WITH MD5\n"
-"D SSL2 RC2 128 CBC EXPORT40 WITH MD5\n"
-"E SSL2 DES 64 CBC WITH MD5\n"
-"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
-"\n"
-"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n"
-"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n"
-"c SSL3 RSA WITH RC4 128 MD5\n"
-"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
-"e SSL3 RSA WITH DES CBC SHA\n"
-"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
-"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
-"h SSL3 FORTEZZA DMS WITH NULL SHA\n"
-"i SSL3 RSA WITH NULL MD5\n"
-"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
-"k SSL3 RSA FIPS WITH DES CBC SHA\n"
-"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
-"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n"
- );
- exit(-1);
-}
-
-void
-milliPause(PRUint32 milli)
-{
- PRIntervalTime ticks = PR_MillisecondsToInterval(milli);
- PR_Sleep(ticks);
-}
-
-void
-disableSSL2Ciphers(void)
-{
- int i;
-
- /* disable all the SSL2 cipher suites */
- for (i = 0; ssl2CipherSuites[i] != 0; ++i) {
- SSL_EnableCipher(ssl2CipherSuites[i], SSL_NOT_ALLOWED);
- }
-}
-
-void
-disableSSL3Ciphers(void)
-{
- int i;
-
- /* disable all the SSL3 cipher suites */
- for (i = 0; ssl3CipherSuites[i] != 0; ++i) {
- SSL_EnableCipher(ssl3CipherSuites[i], SSL_NOT_ALLOWED);
- }
-}
-
-/*
- * Callback is called when incoming certificate is not valid.
- * Returns SECSuccess to accept the cert anyway, SECFailure to reject.
- */
-static SECStatus
-ownBadCertHandler(void * arg, PRFileDesc * socket)
-{
- PRErrorCode err = PR_GetError();
- /* can log invalid cert here */
- printf("Bad server certificate: %d, %s\n", err, SECU_Strerror(err));
- return SECSuccess; /* override, say it's OK. */
-}
-
-
-int main(int argc, char **argv)
-{
- PRFileDesc * s;
- PRFileDesc * std_out;
- CERTCertDBHandle * handle;
- char * host = NULL;
- char * port = "443";
- char * certDir = NULL;
- char * nickname = NULL;
- char * cipherString = NULL;
- int multiplier = 0;
- SECStatus rv;
- PRStatus status;
- PRInt32 filesReady;
- PRInt32 ip;
- int npds;
- int override = 0;
- int disableSSL2 = 0;
- int disableSSL3 = 0;
- int disableTLS = 0;
- int useExportPolicy = 0;
- int file_read = 0;
- PRSocketOptionData opt;
- PRNetAddr addr;
- PRHostEnt hp;
- PRPollDesc pollset[2];
- char buf[PR_NETDB_BUF_SIZE];
- PRBool useCommandLinePassword = PR_FALSE;
- int error=0;
- PLOptState *optstate;
- PLOptStatus optstatus;
-
- progName = strrchr(argv[0], '/');
- if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
-
- optstate = PL_CreateOptState(argc, argv, "23Tfc:h:p:d:m:n:ow:x");
- while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- default : Usage(progName); break;
-
- case '2': disableSSL2 = 1; break;
-
- case '3': disableSSL3 = 1; break;
-
- case 'T': disableTLS = 1; break;
-
- case 'c': cipherString = strdup(optstate->value); break;
-
- case 'h': host = strdup(optstate->value); break;
-#ifdef _WINDOWS
- case 'f': file_read = 1; break;
-#else
- case 'f': break;
-#endif
-
- case 'd':
- certDir = strdup(optstate->value);
- certDir = SECU_ConfigDirectory(certDir);
- break;
-
- case 'm':
- multiplier = atoi(optstate->value);
- if (multiplier < 0)
- multiplier = 0;
- break;
-
- case 'n': nickname = strdup(optstate->value); break;
-
- case 'o': override = 1; break;
-
- case 'p': port = strdup(optstate->value); break;
-
- case 'w':
- password = optstate->value;
- useCommandLinePassword = PR_TRUE;
- break;
-
- case 'x': useExportPolicy = 1; break;
- }
- }
-
- if (!host || !port) Usage(progName);
-
- if (!certDir) {
- certDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */
- certDir = SECU_ConfigDirectory(certDir); /* call even if it's NULL */
- }
-
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
- /* set our password function */
- if ( useCommandLinePassword ) {
- PK11_SetPasswordFunc(ownPasswd);
- } else {
- PK11_SetPasswordFunc(SECU_GetModulePassword);
- }
-
- /* open the cert DB, the key DB, and the secmod DB. */
- rv = NSS_Init(certDir);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "unable to open cert database");
-#if 0
- rv = CERT_OpenVolatileCertDB(handle);
- CERT_SetDefaultCertDB(handle);
-#else
- return -1;
-#endif
- }
- handle = CERT_GetDefaultCertDB();
-
- /* set the policy bits true for all the cipher suites. */
- if (useExportPolicy)
- NSS_SetExportPolicy();
- else
- NSS_SetDomesticPolicy();
-
- /* all the SSL2 and SSL3 cipher suites are enabled by default. */
- if (cipherString) {
- /* disable all the ciphers, then enable the ones we want. */
- disableSSL2Ciphers();
- disableSSL3Ciphers();
- }
-
- /* Lookup host */
- status = PR_GetHostByName(host, buf, sizeof(buf), &hp);
- if (status != PR_SUCCESS) {
- SECU_PrintError(progName, "error looking up host");
- return -1;
- }
- if (PR_EnumerateHostEnt(0, &hp, atoi(port), &addr) == -1) {
- SECU_PrintError(progName, "error looking up host address");
- return -1;
- }
-
- ip = PR_ntohl(addr.inet.ip);
- printf("%s: connecting to %s:%d (address=%d.%d.%d.%d)\n",
- progName, host, PR_ntohs(addr.inet.port),
- (ip >> 24) & 0xff,
- (ip >> 16) & 0xff,
- (ip >> 8) & 0xff,
- (ip >> 0) & 0xff);
-
- /* Create socket */
- s = PR_NewTCPSocket();
- if (s == NULL) {
- SECU_PrintError(progName, "error creating socket");
- return -1;
- }
-
- opt.option = PR_SockOpt_Nonblocking;
- opt.value.non_blocking = PR_TRUE;
- PR_SetSocketOption(s, &opt);
- /*PR_SetSocketOption(PR_GetSpecialFD(PR_StandardInput), &opt);*/
-
- s = SSL_ImportFD(NULL, s);
- if (s == NULL) {
- SECU_PrintError(progName, "error importing socket");
- return -1;
- }
-
- rv = SSL_Enable(s, SSL_SECURITY, 1);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "error enabling socket");
- return -1;
- }
-
- rv = SSL_Enable(s, SSL_HANDSHAKE_AS_CLIENT, 1);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "error enabling client handshake");
- return -1;
- }
-
- /* all the SSL2 and SSL3 cipher suites are enabled by default. */
- if (cipherString) {
- int ndx;
-
- while (0 != (ndx = *cipherString++)) {
- int *cptr;
- int cipher;
-
- if (! isalpha(ndx))
- Usage(progName);
- cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
- for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
- /* do nothing */;
- if (cipher) {
- SECStatus status;
- status = SSL_CipherPrefSet(s, cipher, SSL_ALLOWED);
- if (status != SECSuccess)
- SECU_PrintError(progName, "SSL_CipherPrefSet()");
- }
- }
- }
-
- rv = SSL_Enable(s, SSL_ENABLE_SSL2, !disableSSL2);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "error enabling SSLv2 ");
- return -1;
- }
-
- rv = SSL_Enable(s, SSL_ENABLE_SSL3, !disableSSL3);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "error enabling SSLv3 ");
- return -1;
- }
-
- rv = SSL_Enable(s, SSL_ENABLE_TLS, !disableTLS);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "error enabling TLS ");
- return -1;
- }
-
-#if 0
- /* disable ssl2 and ssl2-compatible client hellos. */
- rv = SSL_Enable(s, SSL_V2_COMPATIBLE_HELLO, 0);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "error disabling v2 compatibility");
- return -1;
- }
-#endif
-
- if (useCommandLinePassword) {
- SSL_SetPKCS11PinArg(s, password);
- }
-
- SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle);
- if (override) {
- SSL_BadCertHook(s, ownBadCertHandler, NULL);
- }
- SSL_GetClientAuthDataHook(s, NSS_GetClientAuthData, (void *)nickname);
- SSL_HandshakeCallback(s, handshakeCallback, NULL);
- SSL_SetURL(s, host);
-
- /* Try to connect to the server */
- status = PR_Connect(s, &addr, PR_INTERVAL_NO_TIMEOUT);
- if (status != PR_SUCCESS) {
- if (PR_GetError() == PR_IN_PROGRESS_ERROR) {
- SECU_PrintError(progName, "connect");
- milliPause(50 * multiplier);
- pollset[0].fd = s;
- pollset[0].in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
- pollset[0].out_flags = 0;
- while(1) {
- printf("%s: about to call PR_Poll for connect completion!\n", progName);
- filesReady = PR_Poll(pollset, 1, PR_INTERVAL_NO_TIMEOUT);
- if (filesReady < 0) {
- SECU_PrintError(progName, "unable to connect (poll)");
- return -1;
- }
- printf("%s: PR_Poll returned 0x%02x for socket out_flags.\n",
- progName, pollset[0].out_flags);
- if (filesReady == 0) { /* shouldn't happen! */
- printf("%s: PR_Poll returned zero!\n", progName);
- return -1;
- }
- /* Must milliPause between PR_Poll and PR_GetConnectStatus,
- * Or else winsock gets mighty confused.
- * Sleep(0);
- */
- milliPause(1);
- status = PR_GetConnectStatus(pollset);
- if (status == PR_SUCCESS) {
- break;
- }
- if (PR_GetError() != PR_IN_PROGRESS_ERROR) {
- SECU_PrintError(progName, "unable to connect (poll)");
- return -1;
- }
- SECU_PrintError(progName, "poll");
- milliPause(50 * multiplier);
- }
- } else {
- SECU_PrintError(progName, "unable to connect");
- return -1;
- }
- }
-
- pollset[0].fd = s;
- pollset[0].in_flags = PR_POLL_READ;
- pollset[1].fd = PR_GetSpecialFD(PR_StandardInput);
- pollset[1].in_flags = PR_POLL_READ;
- npds = 2;
- std_out = PR_GetSpecialFD(PR_StandardOutput);
-
-
- if (file_read) {
- pollset[1].out_flags = PR_POLL_READ;
- npds=1;
- }
-
- /*
- ** Select on stdin and on the socket. Write data from stdin to
- ** socket, read data from socket and write to stdout.
- */
- printf("%s: ready...\n", progName);
-
- while (pollset[0].in_flags || pollset[1].in_flags) {
- char buf[4000]; /* buffer for stdin */
- int nb; /* num bytes read from stdin. */
-
- pollset[0].out_flags = 0;
- if (!file_read) {
- pollset[1].out_flags = 0;
- }
-
- printf("%s: about to call PR_Poll !\n", progName);
- if (pollset[1].in_flags && file_read) {
- filesReady = PR_Poll(pollset, npds, PR_INTERVAL_NO_WAIT);
- filesReady++;
- } else {
- filesReady = PR_Poll(pollset, npds, PR_INTERVAL_NO_TIMEOUT);
- }
- if (filesReady < 0) {
- SECU_PrintError(progName, "select failed");
- error=-1;
- goto done;
- }
- if (filesReady == 0) { /* shouldn't happen! */
- printf("%s: PR_Poll returned zero!\n", progName);
- return -1;
- }
- printf("%s: PR_Poll returned!\n", progName);
- if (pollset[1].in_flags) {
- printf("%s: PR_Poll returned 0x%02x for stdin out_flags.\n",
- progName, pollset[1].out_flags);
-#ifndef _WINDOWS
- }
- if (pollset[1].out_flags & PR_POLL_READ) {
-#endif
- /* Read from stdin and write to socket */
- nb = PR_Read(pollset[1].fd, buf, sizeof(buf));
- printf("%s: stdin read %d bytes\n", progName, nb);
- if (nb < 0) {
- if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
- SECU_PrintError(progName, "read from stdin failed");
- error=-1;
- break;
- }
- } else if (nb == 0) {
- pollset[1].in_flags = 0;
- } else {
- char * bufp = buf;
- printf("%s: Writing %d bytes to server\n", progName, nb);
- do {
- PRInt32 cc = PR_Write(s, bufp, nb);
- if (cc < 0) {
- PRErrorCode err = PR_GetError();
- if (err != PR_WOULD_BLOCK_ERROR) {
- SECU_PrintError(progName,
- "write to SSL socket failed");
- error=-2;
- goto done;
- }
- cc = 0;
- }
- bufp += cc;
- nb -= cc;
- if (nb <= 0)
- break;
- pollset[0].in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
- pollset[0].out_flags = 0;
- printf("%s: about to call PR_Poll on writable socket !\n", progName);
- cc = PR_Poll(pollset, 1, PR_INTERVAL_NO_TIMEOUT);
- printf("%s: PR_Poll returned with writable socket !\n", progName);
- } while (1);
- pollset[0].in_flags = PR_POLL_READ;
- }
- }
-
- if (pollset[0].in_flags) {
- printf("%s: PR_Poll returned 0x%02x for socket out_flags.\n",
- progName, pollset[0].out_flags);
- }
- if ( (pollset[0].out_flags & PR_POLL_READ)
- || (pollset[0].out_flags & PR_POLL_ERR)
-#ifdef PR_POLL_HUP
- || (pollset[0].out_flags & PR_POLL_HUP)
-#endif
- ) {
- /* Read from socket and write to stdout */
- nb = PR_Read(pollset[0].fd, buf, sizeof(buf));
- printf("%s: Read from server %d bytes\n", progName, nb);
- if (nb < 0) {
- if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
- SECU_PrintError(progName, "read from socket failed");
- error=-1;
- goto done;
- }
- } else if (nb == 0) {
- /* EOF from socket... bye bye */
- pollset[0].in_flags = 0;
- } else {
- PR_Write(std_out, buf, nb);
- puts("\n\n");
- }
- }
- milliPause(50 * multiplier);
- }
-
- done:
- PR_Close(s);
- NSS_Shutdown();
- PR_Cleanup();
- return error;
-}
diff --git a/security/nss/cmd/zlib/Makefile b/security/nss/cmd/zlib/Makefile
deleted file mode 100644
index 82de20098..000000000
--- a/security/nss/cmd/zlib/Makefile
+++ /dev/null
@@ -1,52 +0,0 @@
-#! gmake
-#
-# CONFIDENTIAL AND PROPRIETARY SOURCE CODE OF
-# NETSCAPE COMMUNICATIONS CORPORATION
-# Copyright ¿ 1996, 1997 Netscape Communications Corporation. All Rights
-# Reserved. Use of this Source Code is subject to the terms of the
-# applicable license agreement from Netscape Communications Corporation.
-# The copyright notice(s) in this Source Code does not indicate actual or
-# intended publication of this Source Code.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
diff --git a/security/nss/cmd/zlib/README b/security/nss/cmd/zlib/README
deleted file mode 100644
index 28adc90b2..000000000
--- a/security/nss/cmd/zlib/README
+++ /dev/null
@@ -1,99 +0,0 @@
-zlib 1.0.4 is a general purpose data compression library. All the code
-is reentrant (thread safe). The data format used by the zlib library
-is described by RFCs (Request for Comments) 1950 to 1952 in the files
-ftp://ds.internic.net/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate
-format) and rfc1952.txt (gzip format). These documents are also available in
-other formats from ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html
-
-All functions of the compression library are documented in the file
-zlib.h. A usage example of the library is given in the file example.c
-which also tests that the library is working correctly. Another
-example is given in the file minigzip.c. The compression library itself
-is composed of all source files except example.c and minigzip.c.
-
-To compile all files and run the test program, follow the instructions
-given at the top of Makefile. In short "make test; make install"
-should work for most machines. For MSDOS, use one of the special
-makefiles such as Makefile.msc; for VMS, use Make_vms.com or descrip.mms.
-
-Questions about zlib should be sent to <zlib@quest.jpl.nasa.gov> or,
-if this fails, to the addresses given below in the Copyright section.
-The zlib home page is http://quest.jpl.nasa.gov/zlib/
-
-The changes made in version 1.0.4 are documented in the file ChangeLog.
-The main changes since 1.0.3 are:
-
-- In very rare conditions, deflate(s, Z_FINISH) could fail to produce an EOF
- bit, so the decompressor could decompress all the correct data but went
- on to attempt decompressing extra garbage data. This affected minigzip too.
-- zlibVersion and gzerror return const char* (needed for DLL)
-- port to RISCOS (no fdopen, no multiple dots, no unlink, no fileno)
-
-
-A Perl interface to zlib written by Paul Marquess <pmarquess@bfsec.bt.co.uk>
-is in the CPAN (Comprehensive Perl Archive Network) sites, such as:
-ftp://ftp.cis.ufl.edu/pub/perl/CPAN/modules/by-module/Compress/Compress-Zlib*
-
-
-Notes for some targets:
-
-- For Turbo C the small model is supported only with reduced performance to
- avoid any far allocation; it was tested with -DMAX_WBITS=11 -DMAX_MEM_LEVEL=3
-
-- For 64-bit Iris, deflate.c must be compiled without any optimization.
- With -O, one libpng test fails. The test works in 32 bit mode (with
- the -32 compiler flag). The compiler bug has been reported to SGI.
-
-- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1
- it works when compiled with cc.
-
-- zlib doesn't work on HP-UX 9.05 with one cc compiler (the one not
- accepting the -O option). It works with the other cc compiler.
-
-- To build a Windows DLL version, include in a DLL project zlib.def, zlib.rc
- and all .c files except example.c and minigzip.c; compile with -DZLIB_DLL
- For help on building a zlib DLL, contact Alessandro Iacopetti
- <iaco@email.alessandria.alpcom.it> http://lisa.unial.it/iaco ,
- or contact Brad Clarke <bclarke@cyberus.ca>.
-
-- gzdopen is not supported on RISCOS
-
-
-Acknowledgments:
-
- The deflate format used by zlib was defined by Phil Katz. The deflate
- and zlib specifications were written by Peter Deutsch. Thanks to all the
- people who reported problems and suggested various improvements in zlib;
- they are too numerous to cite here.
-
-Copyright notice:
-
- (C) 1995-1996 Jean-loup Gailly and Mark Adler
-
- This software is provided 'as-is', without any express or implied
- warranty. In no event will the authors be held liable for any damages
- arising from the use of this software.
-
- Permission is granted to anyone to use this software for any purpose,
- including commercial applications, and to alter it and redistribute it
- freely, subject to the following restrictions:
-
- 1. The origin of this software must not be misrepresented; you must not
- claim that you wrote the original software. If you use this software
- in a product, an acknowledgment in the product documentation would be
- appreciated but is not required.
- 2. Altered source versions must be plainly marked as such, and must not be
- misrepresented as being the original software.
- 3. This notice may not be removed or altered from any source distribution.
-
- Jean-loup Gailly Mark Adler
- gzip@prep.ai.mit.edu madler@alumni.caltech.edu
-
-If you use the zlib library in a product, we would appreciate *not*
-receiving lengthy legal documents to sign. The sources are provided
-for free but without warranty of any kind. The library has been
-entirely written by Jean-loup Gailly and Mark Adler; it does not
-include third-party code.
-
-If you redistribute modified sources, we would appreciate that you include
-in the file ChangeLog history information documenting your changes.
diff --git a/security/nss/cmd/zlib/adler32.c b/security/nss/cmd/zlib/adler32.c
deleted file mode 100644
index 9f4afd63c..000000000
--- a/security/nss/cmd/zlib/adler32.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/* adler32.c -- compute the Adler-32 checksum of a data stream
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-/* $Id$ */
-
-#include "zlib.h"
-
-#define BASE 65521L /* largest prime smaller than 65536 */
-#define NMAX 5552
-/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
-
-#define DO1(buf,i) {s1 += buf[i]; s2 += s1;}
-#define DO2(buf,i) DO1(buf,i); DO1(buf,i+1);
-#define DO4(buf,i) DO2(buf,i); DO2(buf,i+2);
-#define DO8(buf,i) DO4(buf,i); DO4(buf,i+4);
-#define DO16(buf) DO8(buf,0); DO8(buf,8);
-
-/* ========================================================================= */
-PR_PUBLIC_API(uLong) adler32(adler, buf, len)
- uLong adler;
- const Bytef *buf;
- uInt len;
-{
- unsigned long s1 = adler & 0xffff;
- unsigned long s2 = (adler >> 16) & 0xffff;
- int k;
-
- if (buf == Z_NULL) return 1L;
-
- while (len > 0) {
- k = len < NMAX ? len : NMAX;
- len -= k;
- while (k >= 16) {
- DO16(buf);
- buf += 16;
- k -= 16;
- }
- if (k != 0) do {
- s1 += *buf++;
- s2 += s1;
- } while (--k);
- s1 %= BASE;
- s2 %= BASE;
- }
- return (s2 << 16) | s1;
-}
diff --git a/security/nss/cmd/zlib/compress.c b/security/nss/cmd/zlib/compress.c
deleted file mode 100644
index 3e1cc7c09..000000000
--- a/security/nss/cmd/zlib/compress.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/* compress.c -- compress a memory buffer
- * Copyright (C) 1995-1996 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-/* $Id$ */
-
-#include "zlib.h"
-
-/* ===========================================================================
- Compresses the source buffer into the destination buffer. sourceLen is
- the byte length of the source buffer. Upon entry, destLen is the total
- size of the destination buffer, which must be at least 0.1% larger than
- sourceLen plus 8 bytes. Upon exit, destLen is the actual size of the
- compressed buffer.
- This function can be used to compress a whole file at once if the
- input file is mmap'ed.
- compress returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_BUF_ERROR if there was not enough room in the output
- buffer.
-*/
-PR_PUBLIC_API(int) compress (dest, destLen, source, sourceLen)
- Bytef *dest;
- uLongf *destLen;
- const Bytef *source;
- uLong sourceLen;
-{
- z_stream stream;
- int err;
-
- stream.next_in = (Bytef*)source;
- stream.avail_in = (uInt)sourceLen;
-#ifdef MAXSEG_64K
- /* Check for source > 64K on 16-bit machine: */
- if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
-#endif
- stream.next_out = dest;
- stream.avail_out = (uInt)*destLen;
- if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
-
- stream.zalloc = (alloc_func)0;
- stream.zfree = (free_func)0;
- stream.opaque = (voidpf)0;
-
- err = deflateInit(&stream, Z_DEFAULT_COMPRESSION);
- if (err != Z_OK) return err;
-
- err = deflate(&stream, Z_FINISH);
- if (err != Z_STREAM_END) {
- deflateEnd(&stream);
- return err == Z_OK ? Z_BUF_ERROR : err;
- }
- *destLen = stream.total_out;
-
- err = deflateEnd(&stream);
- return err;
-}
diff --git a/security/nss/cmd/zlib/config.mk b/security/nss/cmd/zlib/config.mk
deleted file mode 100644
index 53c5f1f50..000000000
--- a/security/nss/cmd/zlib/config.mk
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# CONFIDENTIAL AND PROPRIETARY SOURCE CODE OF
-# NETSCAPE COMMUNICATIONS CORPORATION
-# Copyright ¿ 1996, 1997 Netscape Communications Corporation. All Rights
-# Reserved. Use of this Source Code is subject to the terms of the
-# applicable license agreement from Netscape Communications Corporation.
-# The copyright notice(s) in this Source Code does not indicate actual or
-# intended publication of this Source Code.
-#
-
-#
-# Currently, override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
-#######################################################################
-# Set the LDFLAGS value to encompass all normal link options, all #
-# library names, and all special system linking options #
-#######################################################################
-
-SECTOOLS_LIBS = $(LDOPTS) $(LIBSSL) $(LIBPKCS7) $(LIBCERT) $(LIBKEY) $(LIBSECMOD) $(LIBCRYPTO) $(LIBSECUTIL) $(LIBSECMOD) $(LIBSSL) $(LIBPKCS7) $(LIBCERT) $(LIBKEY) $(LIBCRYPTO) $(LIBSECUTIL) $(LIBHASH) $(LIBDBM) $(DLLPLC) $(DLLPLDS) $(DLLPR) $(DLLSYSTEM)
-
-ifeq ($(OS_ARCH),AIX)
- OS_LIBS += $(SECTOOLS_LIBS)
-endif
-
-ifeq ($(OS_ARCH),NCR)
- OS_LIBS += $(SECTOOLS_LIBS)
-endif
-
-ifeq ($(OS_ARCH),SCO_SV)
- OS_LIBS += $(SECTOOLS_LIBS)
-endif
-
-LDFLAGS += $(SECTOOLS_LIBS)
-
-
-
-
diff --git a/security/nss/cmd/zlib/crc32.c b/security/nss/cmd/zlib/crc32.c
deleted file mode 100644
index 398871cf8..000000000
--- a/security/nss/cmd/zlib/crc32.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/* crc32.c -- compute the CRC-32 of a data stream
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-/* $Id$ */
-
-#include "zlib.h"
-
-#define local static
-
-#ifdef DYNAMIC_CRC_TABLE
-
-local int crc_table_empty = 1;
-local uLongf crc_table[256];
-local void make_crc_table OF((void));
-
-/*
- Generate a table for a byte-wise 32-bit CRC calculation on the polynomial:
- x^32+x^26+x^23+x^22+x^16+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1.
-
- Polynomials over GF(2) are represented in binary, one bit per coefficient,
- with the lowest powers in the most significant bit. Then adding polynomials
- is just exclusive-or, and multiplying a polynomial by x is a right shift by
- one. If we call the above polynomial p, and represent a byte as the
- polynomial q, also with the lowest power in the most significant bit (so the
- byte 0xb1 is the polynomial x^7+x^3+x+1), then the CRC is (q*x^32) mod p,
- where a mod b means the remainder after dividing a by b.
-
- This calculation is done using the shift-register method of multiplying and
- taking the remainder. The register is initialized to zero, and for each
- incoming bit, x^32 is added mod p to the register if the bit is a one (where
- x^32 mod p is p+x^32 = x^26+...+1), and the register is multiplied mod p by
- x (which is shifting right by one and adding x^32 mod p if the bit shifted
- out is a one). We start with the highest power (least significant bit) of
- q and repeat for all eight bits of q.
-
- The table is simply the CRC of all possible eight bit values. This is all
- the information needed to generate CRC's on data a byte at a time for all
- combinations of CRC register values and incoming bytes.
-*/
-local void make_crc_table()
-{
- uLong c;
- int n, k;
- uLong poly; /* polynomial exclusive-or pattern */
- /* terms of polynomial defining this crc (except x^32): */
- static Byte p[] = {0,1,2,4,5,7,8,10,11,12,16,22,23,26};
-
- /* make exclusive-or pattern from polynomial (0xedb88320L) */
- poly = 0L;
- for (n = 0; n < sizeof(p)/sizeof(Byte); n++)
- poly |= 1L << (31 - p[n]);
-
- for (n = 0; n < 256; n++)
- {
- c = (uLong)n;
- for (k = 0; k < 8; k++)
- c = c & 1 ? poly ^ (c >> 1) : c >> 1;
- crc_table[n] = c;
- }
- crc_table_empty = 0;
-}
-#else
-/* ========================================================================
- * Table of CRC-32's of all single-byte values (made by make_crc_table)
- */
-local uLongf crc_table[256] = {
- 0x00000000UL, 0x77073096UL, 0xee0e612cUL, 0x990951baUL, 0x076dc419UL,
- 0x706af48fUL, 0xe963a535UL, 0x9e6495a3UL, 0x0edb8832UL, 0x79dcb8a4UL,
- 0xe0d5e91eUL, 0x97d2d988UL, 0x09b64c2bUL, 0x7eb17cbdUL, 0xe7b82d07UL,
- 0x90bf1d91UL, 0x1db71064UL, 0x6ab020f2UL, 0xf3b97148UL, 0x84be41deUL,
- 0x1adad47dUL, 0x6ddde4ebUL, 0xf4d4b551UL, 0x83d385c7UL, 0x136c9856UL,
- 0x646ba8c0UL, 0xfd62f97aUL, 0x8a65c9ecUL, 0x14015c4fUL, 0x63066cd9UL,
- 0xfa0f3d63UL, 0x8d080df5UL, 0x3b6e20c8UL, 0x4c69105eUL, 0xd56041e4UL,
- 0xa2677172UL, 0x3c03e4d1UL, 0x4b04d447UL, 0xd20d85fdUL, 0xa50ab56bUL,
- 0x35b5a8faUL, 0x42b2986cUL, 0xdbbbc9d6UL, 0xacbcf940UL, 0x32d86ce3UL,
- 0x45df5c75UL, 0xdcd60dcfUL, 0xabd13d59UL, 0x26d930acUL, 0x51de003aUL,
- 0xc8d75180UL, 0xbfd06116UL, 0x21b4f4b5UL, 0x56b3c423UL, 0xcfba9599UL,
- 0xb8bda50fUL, 0x2802b89eUL, 0x5f058808UL, 0xc60cd9b2UL, 0xb10be924UL,
- 0x2f6f7c87UL, 0x58684c11UL, 0xc1611dabUL, 0xb6662d3dUL, 0x76dc4190UL,
- 0x01db7106UL, 0x98d220bcUL, 0xefd5102aUL, 0x71b18589UL, 0x06b6b51fUL,
- 0x9fbfe4a5UL, 0xe8b8d433UL, 0x7807c9a2UL, 0x0f00f934UL, 0x9609a88eUL,
- 0xe10e9818UL, 0x7f6a0dbbUL, 0x086d3d2dUL, 0x91646c97UL, 0xe6635c01UL,
- 0x6b6b51f4UL, 0x1c6c6162UL, 0x856530d8UL, 0xf262004eUL, 0x6c0695edUL,
- 0x1b01a57bUL, 0x8208f4c1UL, 0xf50fc457UL, 0x65b0d9c6UL, 0x12b7e950UL,
- 0x8bbeb8eaUL, 0xfcb9887cUL, 0x62dd1ddfUL, 0x15da2d49UL, 0x8cd37cf3UL,
- 0xfbd44c65UL, 0x4db26158UL, 0x3ab551ceUL, 0xa3bc0074UL, 0xd4bb30e2UL,
- 0x4adfa541UL, 0x3dd895d7UL, 0xa4d1c46dUL, 0xd3d6f4fbUL, 0x4369e96aUL,
- 0x346ed9fcUL, 0xad678846UL, 0xda60b8d0UL, 0x44042d73UL, 0x33031de5UL,
- 0xaa0a4c5fUL, 0xdd0d7cc9UL, 0x5005713cUL, 0x270241aaUL, 0xbe0b1010UL,
- 0xc90c2086UL, 0x5768b525UL, 0x206f85b3UL, 0xb966d409UL, 0xce61e49fUL,
- 0x5edef90eUL, 0x29d9c998UL, 0xb0d09822UL, 0xc7d7a8b4UL, 0x59b33d17UL,
- 0x2eb40d81UL, 0xb7bd5c3bUL, 0xc0ba6cadUL, 0xedb88320UL, 0x9abfb3b6UL,
- 0x03b6e20cUL, 0x74b1d29aUL, 0xead54739UL, 0x9dd277afUL, 0x04db2615UL,
- 0x73dc1683UL, 0xe3630b12UL, 0x94643b84UL, 0x0d6d6a3eUL, 0x7a6a5aa8UL,
- 0xe40ecf0bUL, 0x9309ff9dUL, 0x0a00ae27UL, 0x7d079eb1UL, 0xf00f9344UL,
- 0x8708a3d2UL, 0x1e01f268UL, 0x6906c2feUL, 0xf762575dUL, 0x806567cbUL,
- 0x196c3671UL, 0x6e6b06e7UL, 0xfed41b76UL, 0x89d32be0UL, 0x10da7a5aUL,
- 0x67dd4accUL, 0xf9b9df6fUL, 0x8ebeeff9UL, 0x17b7be43UL, 0x60b08ed5UL,
- 0xd6d6a3e8UL, 0xa1d1937eUL, 0x38d8c2c4UL, 0x4fdff252UL, 0xd1bb67f1UL,
- 0xa6bc5767UL, 0x3fb506ddUL, 0x48b2364bUL, 0xd80d2bdaUL, 0xaf0a1b4cUL,
- 0x36034af6UL, 0x41047a60UL, 0xdf60efc3UL, 0xa867df55UL, 0x316e8eefUL,
- 0x4669be79UL, 0xcb61b38cUL, 0xbc66831aUL, 0x256fd2a0UL, 0x5268e236UL,
- 0xcc0c7795UL, 0xbb0b4703UL, 0x220216b9UL, 0x5505262fUL, 0xc5ba3bbeUL,
- 0xb2bd0b28UL, 0x2bb45a92UL, 0x5cb36a04UL, 0xc2d7ffa7UL, 0xb5d0cf31UL,
- 0x2cd99e8bUL, 0x5bdeae1dUL, 0x9b64c2b0UL, 0xec63f226UL, 0x756aa39cUL,
- 0x026d930aUL, 0x9c0906a9UL, 0xeb0e363fUL, 0x72076785UL, 0x05005713UL,
- 0x95bf4a82UL, 0xe2b87a14UL, 0x7bb12baeUL, 0x0cb61b38UL, 0x92d28e9bUL,
- 0xe5d5be0dUL, 0x7cdcefb7UL, 0x0bdbdf21UL, 0x86d3d2d4UL, 0xf1d4e242UL,
- 0x68ddb3f8UL, 0x1fda836eUL, 0x81be16cdUL, 0xf6b9265bUL, 0x6fb077e1UL,
- 0x18b74777UL, 0x88085ae6UL, 0xff0f6a70UL, 0x66063bcaUL, 0x11010b5cUL,
- 0x8f659effUL, 0xf862ae69UL, 0x616bffd3UL, 0x166ccf45UL, 0xa00ae278UL,
- 0xd70dd2eeUL, 0x4e048354UL, 0x3903b3c2UL, 0xa7672661UL, 0xd06016f7UL,
- 0x4969474dUL, 0x3e6e77dbUL, 0xaed16a4aUL, 0xd9d65adcUL, 0x40df0b66UL,
- 0x37d83bf0UL, 0xa9bcae53UL, 0xdebb9ec5UL, 0x47b2cf7fUL, 0x30b5ffe9UL,
- 0xbdbdf21cUL, 0xcabac28aUL, 0x53b39330UL, 0x24b4a3a6UL, 0xbad03605UL,
- 0xcdd70693UL, 0x54de5729UL, 0x23d967bfUL, 0xb3667a2eUL, 0xc4614ab8UL,
- 0x5d681b02UL, 0x2a6f2b94UL, 0xb40bbe37UL, 0xc30c8ea1UL, 0x5a05df1bUL,
- 0x2d02ef8dL
-};
-#endif
-
-/* =========================================================================
- * This function can be used by asm versions of crc32()
- */
-uLongf *get_crc_table()
-{
-#ifdef DYNAMIC_CRC_TABLE
- if (crc_table_empty) make_crc_table();
-#endif
- return (uLongf *)crc_table;
-}
-
-/* ========================================================================= */
-#define DO1(buf) crc = crc_table[((int)crc ^ (*buf++)) & 0xff] ^ (crc >> 8);
-#define DO2(buf) DO1(buf); DO1(buf);
-#define DO4(buf) DO2(buf); DO2(buf);
-#define DO8(buf) DO4(buf); DO4(buf);
-
-/* ========================================================================= */
-PR_PUBLIC_API(uLong) crc32(crc, buf, len)
- uLong crc;
- const Bytef *buf;
- uInt len;
-{
- if (buf == Z_NULL) return 0L;
-#ifdef DYNAMIC_CRC_TABLE
- if (crc_table_empty)
- make_crc_table();
-#endif
- crc = crc ^ 0xffffffffUL;
- while (len >= 8)
- {
- DO8(buf);
- len -= 8;
- }
- if (len) do {
- DO1(buf);
- } while (--len);
- return crc ^ 0xffffffffUL;
-}
diff --git a/security/nss/cmd/zlib/deflate.c b/security/nss/cmd/zlib/deflate.c
deleted file mode 100644
index f748ce156..000000000
--- a/security/nss/cmd/zlib/deflate.c
+++ /dev/null
@@ -1,1209 +0,0 @@
-/* deflate.c -- compress data using the deflation algorithm
- * Copyright (C) 1995-1996 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-/*
- * ALGORITHM
- *
- * The "deflation" process depends on being able to identify portions
- * of the input text which are identical to earlier input (within a
- * sliding window trailing behind the input currently being processed).
- *
- * The most straightforward technique turns out to be the fastest for
- * most input files: try all possible matches and select the longest.
- * The key feature of this algorithm is that insertions into the string
- * dictionary are very simple and thus fast, and deletions are avoided
- * completely. Insertions are performed at each input character, whereas
- * string matches are performed only when the previous match ends. So it
- * is preferable to spend more time in matches to allow very fast string
- * insertions and avoid deletions. The matching algorithm for small
- * strings is inspired from that of Rabin & Karp. A brute force approach
- * is used to find longer strings when a small match has been found.
- * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze
- * (by Leonid Broukhis).
- * A previous version of this file used a more sophisticated algorithm
- * (by Fiala and Greene) which is guaranteed to run in linear amortized
- * time, but has a larger average cost, uses more memory and is patented.
- * However the F&G algorithm may be faster for some highly redundant
- * files if the parameter max_chain_length (described below) is too large.
- *
- * ACKNOWLEDGEMENTS
- *
- * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and
- * I found it in 'freeze' written by Leonid Broukhis.
- * Thanks to many people for bug reports and testing.
- *
- * REFERENCES
- *
- * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification".
- * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc
- *
- * A description of the Rabin and Karp algorithm is given in the book
- * "Algorithms" by R. Sedgewick, Addison-Wesley, p252.
- *
- * Fiala,E.R., and Greene,D.H.
- * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595
- *
- */
-
-/* $Id$ */
-
-#include "deflate.h"
-
-char deflate_copyright[] = " deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly ";
-/*
- If you use the zlib library in a product, an acknowledgment is welcome
- in the documentation of your product. If for some reason you cannot
- include such an acknowledgment, I would appreciate that you keep this
- copyright string in the executable of your product.
- */
-
-/* ===========================================================================
- * Function prototypes.
- */
-typedef enum {
- need_more, /* block not completed, need more input or more output */
- block_done, /* block flush performed */
- finish_started, /* finish started, need only more output at next deflate */
- finish_done /* finish done, accept no more input or output */
-} block_state;
-
-typedef block_state (*compress_func) OF((deflate_state *s, int flush));
-/* Compression function. Returns the block state after the call. */
-
-local void fill_window OF((deflate_state *s));
-local block_state deflate_stored OF((deflate_state *s, int flush));
-local block_state deflate_fast OF((deflate_state *s, int flush));
-local block_state deflate_slow OF((deflate_state *s, int flush));
-local void lm_init OF((deflate_state *s));
-local uInt longest_match OF((deflate_state *s, IPos cur_match));
-local void putShortMSB OF((deflate_state *s, uInt b));
-local void flush_pending OF((z_streamp strm));
-local int read_buf OF((z_streamp strm, charf *buf, unsigned size));
-#ifdef ASMV
- void match_init OF((void)); /* asm code initialization */
-#endif
-
-#ifdef DEBUG_NEVER
-local void check_match OF((deflate_state *s, IPos start, IPos match,
- int length));
-#endif
-
-/* ===========================================================================
- * Local data
- */
-
-#define NIL 0
-/* Tail of hash chains */
-
-#ifndef TOO_FAR
-# define TOO_FAR 4096
-#endif
-/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */
-
-#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
-/* Minimum amount of lookahead, except at the end of the input file.
- * See deflate.c for comments about the MIN_MATCH+1.
- */
-
-/* Values for max_lazy_match, good_match and max_chain_length, depending on
- * the desired pack level (0..9). The values given below have been tuned to
- * exclude worst case performance for pathological files. Better values may be
- * found for specific files.
- */
-typedef struct config_s {
- ush good_length; /* reduce lazy search above this match length */
- ush max_lazy; /* do not perform lazy search above this match length */
- ush nice_length; /* quit search above this match length */
- ush max_chain;
- compress_func func;
-} config;
-
-local config configuration_table[10] = {
-/* good lazy nice chain */
-/* 0 */ {0, 0, 0, 0, deflate_stored}, /* store only */
-/* 1 */ {4, 4, 8, 4, deflate_fast}, /* maximum speed, no lazy matches */
-/* 2 */ {4, 5, 16, 8, deflate_fast},
-/* 3 */ {4, 6, 32, 32, deflate_fast},
-
-/* 4 */ {4, 4, 16, 16, deflate_slow}, /* lazy matches */
-/* 5 */ {8, 16, 32, 32, deflate_slow},
-/* 6 */ {8, 16, 128, 128, deflate_slow},
-/* 7 */ {8, 32, 128, 256, deflate_slow},
-/* 8 */ {32, 128, 258, 1024, deflate_slow},
-/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* maximum compression */
-
-/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4
- * For deflate_fast() (levels <= 3) good is ignored and lazy has a different
- * meaning.
- */
-
-#define EQUAL 0
-/* result of memcmp for equal strings */
-
-struct static_tree_desc_s {int dummy;}; /* for buggy compilers */
-
-/* ===========================================================================
- * Update a hash value with the given input byte
- * IN assertion: all calls to to UPDATE_HASH are made with consecutive
- * input characters, so that a running hash key can be computed from the
- * previous key instead of complete recalculation each time.
- */
-#define UPDATE_HASH(s,h,c) (h = (((h)<<s->hash_shift) ^ (c)) & s->hash_mask)
-
-
-/* ===========================================================================
- * Insert string str in the dictionary and set match_head to the previous head
- * of the hash chain (the most recent string with same hash key). Return
- * the previous length of the hash chain.
- * IN assertion: all calls to to INSERT_STRING are made with consecutive
- * input characters and the first MIN_MATCH bytes of str are valid
- * (except for the last MIN_MATCH-1 bytes of the input file).
- */
-#define INSERT_STRING(s, str, match_head) \
- (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
- s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \
- s->head[s->ins_h] = (Pos)(str))
-
-/* ===========================================================================
- * Initialize the hash table (avoiding 64K overflow for 16 bit systems).
- * prev[] will be initialized on the fly.
- */
-#define CLEAR_HASH(s) \
- s->head[s->hash_size-1] = NIL; \
- zmemzero((charf *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head));
-
-/* ========================================================================= */
-PR_PUBLIC_API(int) deflateInit_(strm, level, version, stream_size)
- z_streamp strm;
- int level;
- const char *version;
- int stream_size;
-{
- return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL,
- Z_DEFAULT_STRATEGY, version, stream_size);
- /* To do: ignore strm->next_in if we use it as window */
-}
-
-/* ========================================================================= */
-PR_PUBLIC_API(int) deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
- version, stream_size)
- z_streamp strm;
- int level;
- int method;
- int windowBits;
- int memLevel;
- int strategy;
- const char *version;
- int stream_size;
-{
- deflate_state *s;
- int noheader = 0;
-
- ushf *overlay;
- /* We overlay pending_buf and d_buf+l_buf. This works since the average
- * output size for (length,distance) codes is <= 24 bits.
- */
-
- if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
- stream_size != sizeof(z_stream)) {
- return Z_VERSION_ERROR;
- }
- if (strm == Z_NULL) return Z_STREAM_ERROR;
-
- strm->msg = Z_NULL;
- if (strm->zalloc == Z_NULL) {
- strm->zalloc = zcalloc;
- strm->opaque = (voidpf)0;
- }
- if (strm->zfree == Z_NULL) strm->zfree = zcfree;
-
- if (level == Z_DEFAULT_COMPRESSION) level = 6;
-
- if (windowBits < 0) { /* undocumented feature: suppress zlib header */
- noheader = 1;
- windowBits = -windowBits;
- }
- if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
- windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
- strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
- return Z_STREAM_ERROR;
- }
- s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state));
- if (s == Z_NULL) return Z_MEM_ERROR;
- strm->state = (struct internal_state FAR *)s;
- s->strm = strm;
-
- s->noheader = noheader;
- s->w_bits = windowBits;
- s->w_size = 1 << s->w_bits;
- s->w_mask = s->w_size - 1;
-
- s->hash_bits = memLevel + 7;
- s->hash_size = 1 << s->hash_bits;
- s->hash_mask = s->hash_size - 1;
- s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH);
-
- s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
- s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
- s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
-
- s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
-
- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
- s->pending_buf = (uchf *) overlay;
-
- if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
- s->pending_buf == Z_NULL) {
- strm->msg = (char*)ERR_MSG(Z_MEM_ERROR);
- deflateEnd (strm);
- return Z_MEM_ERROR;
- }
- s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
-
- s->level = level;
- s->strategy = strategy;
- s->method = (Byte)method;
-
- return deflateReset(strm);
-}
-
-/* ========================================================================= */
-PR_PUBLIC_API(int) deflateSetDictionary (strm, dictionary, dictLength)
- z_streamp strm;
- const Bytef *dictionary;
- uInt dictLength;
-{
- deflate_state *s;
- uInt length = dictLength;
- uInt n;
- IPos hash_head = 0;
-
- if (strm == Z_NULL || strm->state == Z_NULL || dictionary == Z_NULL ||
- strm->state->status != INIT_STATE) return Z_STREAM_ERROR;
-
- s = strm->state;
- strm->adler = adler32(strm->adler, dictionary, dictLength);
-
- if (length < MIN_MATCH) return Z_OK;
- if (length > MAX_DIST(s)) {
- length = MAX_DIST(s);
- dictionary += dictLength - length;
- }
- zmemcpy((charf *)s->window, dictionary, length);
- s->strstart = length;
- s->block_start = (long)length;
-
- /* Insert all strings in the hash table (except for the last two bytes).
- * s->lookahead stays null, so s->ins_h will be recomputed at the next
- * call of fill_window.
- */
- s->ins_h = s->window[0];
- UPDATE_HASH(s, s->ins_h, s->window[1]);
- for (n = 0; n <= length - MIN_MATCH; n++) {
- INSERT_STRING(s, n, hash_head);
- }
- if (hash_head) hash_head = 0; /* to make compiler happy */
- return Z_OK;
-}
-
-/* ========================================================================= */
-PR_PUBLIC_API(int) deflateReset (strm)
- z_streamp strm;
-{
- deflate_state *s;
-
- if (strm == Z_NULL || strm->state == Z_NULL ||
- strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR;
-
- strm->total_in = strm->total_out = 0;
- strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */
- strm->data_type = Z_UNKNOWN;
-
- s = (deflate_state *)strm->state;
- s->pending = 0;
- s->pending_out = s->pending_buf;
-
- if (s->noheader < 0) {
- s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */
- }
- s->status = s->noheader ? BUSY_STATE : INIT_STATE;
- strm->adler = 1;
- s->last_flush = Z_NO_FLUSH;
-
- _tr_init(s);
- lm_init(s);
-
- return Z_OK;
-}
-
-/* ========================================================================= */
-PR_PUBLIC_API(int) deflateParams(strm, level, strategy)
- z_streamp strm;
- int level;
- int strategy;
-{
- deflate_state *s;
- compress_func func;
- int err = Z_OK;
-
- if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
- s = strm->state;
-
- if (level == Z_DEFAULT_COMPRESSION) {
- level = 6;
- }
- if (level < 0 || level > 9 || strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
- return Z_STREAM_ERROR;
- }
- func = configuration_table[s->level].func;
-
- if (func != configuration_table[level].func && strm->total_in != 0) {
- /* Flush the last buffer: */
- err = deflate(strm, Z_PARTIAL_FLUSH);
- }
- if (s->level != level) {
- s->level = level;
- s->max_lazy_match = configuration_table[level].max_lazy;
- s->good_match = configuration_table[level].good_length;
- s->nice_match = configuration_table[level].nice_length;
- s->max_chain_length = configuration_table[level].max_chain;
- }
- s->strategy = strategy;
- return err;
-}
-
-/* =========================================================================
- * Put a short in the pending buffer. The 16-bit value is put in MSB order.
- * IN assertion: the stream state is correct and there is enough room in
- * pending_buf.
- */
-local void putShortMSB (s, b)
- deflate_state *s;
- uInt b;
-{
- put_byte(s, (Byte)(b >> 8));
- put_byte(s, (Byte)(b & 0xff));
-}
-
-/* =========================================================================
- * Flush as much pending output as possible. All deflate() output goes
- * through this function so some applications may wish to modify it
- * to avoid allocating a large strm->next_out buffer and copying into it.
- * (See also read_buf()).
- */
-local void flush_pending(strm)
- z_streamp strm;
-{
- unsigned len = strm->state->pending;
-
- if (len > strm->avail_out) len = strm->avail_out;
- if (len == 0) return;
-
- zmemcpy(strm->next_out, strm->state->pending_out, len);
- strm->next_out += len;
- strm->state->pending_out += len;
- strm->total_out += len;
- strm->avail_out -= len;
- strm->state->pending -= len;
- if (strm->state->pending == 0) {
- strm->state->pending_out = strm->state->pending_buf;
- }
-}
-
-/* ========================================================================= */
-PR_PUBLIC_API(int) deflate (strm, flush)
- z_streamp strm;
- int flush;
-{
- int old_flush; /* value of flush param for previous deflate call */
- deflate_state *s;
-
- if (strm == Z_NULL || strm->state == Z_NULL ||
- flush > Z_FINISH || flush < 0) {
- return Z_STREAM_ERROR;
- }
- s = strm->state;
-
- if (strm->next_out == Z_NULL ||
- (strm->next_in == Z_NULL && strm->avail_in != 0) ||
- (s->status == FINISH_STATE && flush != Z_FINISH)) {
- ERR_RETURN(strm, Z_STREAM_ERROR);
- }
- if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR);
-
- s->strm = strm; /* just in case */
- old_flush = s->last_flush;
- s->last_flush = flush;
-
- /* Write the zlib header */
- if (s->status == INIT_STATE) {
-
- uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8;
- uInt level_flags = (s->level-1) >> 1;
-
- if (level_flags > 3) level_flags = 3;
- header |= (level_flags << 6);
- if (s->strstart != 0) header |= PRESET_DICT;
- header += 31 - (header % 31);
-
- s->status = BUSY_STATE;
- putShortMSB(s, header);
-
- /* Save the adler32 of the preset dictionary: */
- if (s->strstart != 0) {
- putShortMSB(s, (uInt)(strm->adler >> 16));
- putShortMSB(s, (uInt)(strm->adler & 0xffff));
- }
- strm->adler = 1L;
- }
-
- /* Flush as much pending output as possible */
- if (s->pending != 0) {
- flush_pending(strm);
- if (strm->avail_out == 0) {
- /* Since avail_out is 0, deflate will be called again with
- * more output space, but possibly with both pending and
- * avail_in equal to zero. There won't be anything to do,
- * but this is not an error situation so make sure we
- * return OK instead of BUF_ERROR at next call of deflate:
- */
- s->last_flush = -1;
- return Z_OK;
- }
-
- /* Make sure there is something to do and avoid duplicate consecutive
- * flushes. For repeated and useless calls with Z_FINISH, we keep
- * returning Z_STREAM_END instead of Z_BUFF_ERROR.
- */
- } else if (strm->avail_in == 0 && flush <= old_flush &&
- flush != Z_FINISH) {
- ERR_RETURN(strm, Z_BUF_ERROR);
- }
-
- /* User must not provide more input after the first FINISH: */
- if (s->status == FINISH_STATE && strm->avail_in != 0) {
- ERR_RETURN(strm, Z_BUF_ERROR);
- }
-
- /* Start a new block or continue the current one.
- */
- if (strm->avail_in != 0 || s->lookahead != 0 ||
- (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) {
- block_state bstate;
-
- bstate = (*(configuration_table[s->level].func))(s, flush);
-
- if (bstate == finish_started || bstate == finish_done) {
- s->status = FINISH_STATE;
- }
- if (bstate == need_more || bstate == finish_started) {
- if (strm->avail_out == 0) {
- s->last_flush = -1; /* avoid BUF_ERROR next call, see above */
- }
- return Z_OK;
- /* If flush != Z_NO_FLUSH && avail_out == 0, the next call
- * of deflate should use the same flush parameter to make sure
- * that the flush is complete. So we don't have to output an
- * empty block here, this will be done at next call. This also
- * ensures that for a very small output buffer, we emit at most
- * one empty block.
- */
- }
- if (bstate == block_done) {
- if (flush == Z_PARTIAL_FLUSH) {
- _tr_align(s);
- } else { /* FULL_FLUSH or SYNC_FLUSH */
- _tr_stored_block(s, (char*)0, 0L, 0);
- /* For a full flush, this empty block will be recognized
- * as a special marker by inflate_sync().
- */
- if (flush == Z_FULL_FLUSH) {
- CLEAR_HASH(s); /* forget history */
- }
- }
- flush_pending(strm);
- if (strm->avail_out == 0) {
- s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */
- return Z_OK;
- }
- }
- }
- Assert(strm->avail_out > 0, "bug2");
-
- if (flush != Z_FINISH) return Z_OK;
- if (s->noheader) return Z_STREAM_END;
-
- /* Write the zlib trailer (adler32) */
- putShortMSB(s, (uInt)(strm->adler >> 16));
- putShortMSB(s, (uInt)(strm->adler & 0xffff));
- flush_pending(strm);
- /* If avail_out is zero, the application will call deflate again
- * to flush the rest.
- */
- s->noheader = -1; /* write the trailer only once! */
- return s->pending != 0 ? Z_OK : Z_STREAM_END;
-}
-
-/* ========================================================================= */
-PR_PUBLIC_API(int) deflateEnd (strm)
- z_streamp strm;
-{
- int status;
-
- if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
-
- /* Deallocate in reverse order of allocations: */
- TRY_FREE(strm, strm->state->pending_buf);
- TRY_FREE(strm, strm->state->head);
- TRY_FREE(strm, strm->state->prev);
- TRY_FREE(strm, strm->state->window);
-
- status = strm->state->status;
- ZFREE(strm, strm->state);
- strm->state = Z_NULL;
-
- return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK;
-}
-
-/* ========================================================================= */
-PR_PUBLIC_API(int) deflateCopy (dest, source)
- z_streamp dest;
- z_streamp source;
-{
- if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
- return Z_STREAM_ERROR;
- }
- *dest = *source;
- return Z_STREAM_ERROR; /* to be implemented */
-#if 0
- dest->state = (struct internal_state FAR *)
- (*dest->zalloc)(1, sizeof(deflate_state));
- if (dest->state == Z_NULL) return Z_MEM_ERROR;
-
- *(dest->state) = *(source->state);
- return Z_OK;
-#endif
-}
-
-/* ===========================================================================
- * Read a new buffer from the current input stream, update the adler32
- * and total number of bytes read. All deflate() input goes through
- * this function so some applications may wish to modify it to avoid
- * allocating a large strm->next_in buffer and copying from it.
- * (See also flush_pending()).
- */
-local int read_buf(strm, buf, size)
- z_streamp strm;
- charf *buf;
- unsigned size;
-{
- unsigned len = strm->avail_in;
-
- if (len > size) len = size;
- if (len == 0) return 0;
-
- strm->avail_in -= len;
-
- if (!strm->state->noheader) {
- strm->adler = adler32(strm->adler, strm->next_in, len);
- }
- zmemcpy(buf, strm->next_in, len);
- strm->next_in += len;
- strm->total_in += len;
-
- return (int)len;
-}
-
-/* ===========================================================================
- * Initialize the "longest match" routines for a new zlib stream
- */
-local void lm_init (s)
- deflate_state *s;
-{
- s->window_size = (ulg)2L*s->w_size;
-
- CLEAR_HASH(s);
-
- /* Set the default configuration parameters:
- */
- s->max_lazy_match = configuration_table[s->level].max_lazy;
- s->good_match = configuration_table[s->level].good_length;
- s->nice_match = configuration_table[s->level].nice_length;
- s->max_chain_length = configuration_table[s->level].max_chain;
-
- s->strstart = 0;
- s->block_start = 0L;
- s->lookahead = 0;
- s->match_length = s->prev_length = MIN_MATCH-1;
- s->match_available = 0;
- s->ins_h = 0;
-#ifdef ASMV
- match_init(); /* initialize the asm code */
-#endif
-}
-
-/* ===========================================================================
- * Set match_start to the longest match starting at the given string and
- * return its length. Matches shorter or equal to prev_length are discarded,
- * in which case the result is equal to prev_length and match_start is
- * garbage.
- * IN assertions: cur_match is the head of the hash chain for the current
- * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1
- * OUT assertion: the match length is not greater than s->lookahead.
- */
-#ifndef ASMV
-/* For 80x86 and 680x0, an optimized version will be provided in match.asm or
- * match.S. The code will be functionally equivalent.
- */
-local uInt longest_match(s, cur_match)
- deflate_state *s;
- IPos cur_match; /* current match */
-{
- unsigned chain_length = s->max_chain_length;/* max hash chain length */
- register Bytef *scan = s->window + s->strstart; /* current string */
- register Bytef *match; /* matched string */
- register int len; /* length of current match */
- int best_len = s->prev_length; /* best match length so far */
- int nice_match = s->nice_match; /* stop if match long enough */
- IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
- s->strstart - (IPos)MAX_DIST(s) : NIL;
- /* Stop when cur_match becomes <= limit. To simplify the code,
- * we prevent matches with the string of window index 0.
- */
- Posf *prev = s->prev;
- uInt wmask = s->w_mask;
-
-#ifdef UNALIGNED_OK
- /* Compare two bytes at a time. Note: this is not always beneficial.
- * Try with and without -DUNALIGNED_OK to check.
- */
- register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
- register ush scan_start = *(ushf*)scan;
- register ush scan_end = *(ushf*)(scan+best_len-1);
-#else
- register Bytef *strend = s->window + s->strstart + MAX_MATCH;
- register Byte scan_end1 = scan[best_len-1];
- register Byte scan_end = scan[best_len];
-#endif
-
- /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
- * It is easy to get rid of this optimization if necessary.
- */
- Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
-
- /* Do not waste too much time if we already have a good match: */
- if (s->prev_length >= s->good_match) {
- chain_length >>= 2;
- }
- /* Do not look for matches beyond the end of the input. This is necessary
- * to make deflate deterministic.
- */
- if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead;
-
- Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
-
- do {
- Assert(cur_match < s->strstart, "no future");
- match = s->window + cur_match;
-
- /* Skip to next match if the match length cannot increase
- * or if the match length is less than 2:
- */
-#if (defined(UNALIGNED_OK) && MAX_MATCH == 258)
- /* This code assumes sizeof(unsigned short) == 2. Do not use
- * UNALIGNED_OK if your compiler uses a different size.
- */
- if (*(ushf*)(match+best_len-1) != scan_end ||
- *(ushf*)match != scan_start) continue;
-
- /* It is not necessary to compare scan[2] and match[2] since they are
- * always equal when the other bytes match, given that the hash keys
- * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at
- * strstart+3, +5, ... up to strstart+257. We check for insufficient
- * lookahead only every 4th comparison; the 128th check will be made
- * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is
- * necessary to put more guard bytes at the end of the window, or
- * to check more often for insufficient lookahead.
- */
- Assert(scan[2] == match[2], "scan[2]?");
- scan++, match++;
- do {
- } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- scan < strend);
- /* The funny "do {}" generates better code on most compilers */
-
- /* Here, scan <= window+strstart+257 */
- Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
- if (*scan == *match) scan++;
-
- len = (MAX_MATCH - 1) - (int)(strend-scan);
- scan = strend - (MAX_MATCH-1);
-
-#else /* UNALIGNED_OK */
-
- if (match[best_len] != scan_end ||
- match[best_len-1] != scan_end1 ||
- *match != *scan ||
- *++match != scan[1]) continue;
-
- /* The check at best_len-1 can be removed because it will be made
- * again later. (This heuristic is not always a win.)
- * It is not necessary to compare scan[2] and match[2] since they
- * are always equal when the other bytes match, given that
- * the hash keys are equal and that HASH_BITS >= 8.
- */
- scan += 2, match++;
- Assert(*scan == *match, "match[2]?");
-
- /* We check for insufficient lookahead only every 8th comparison;
- * the 256th check will be made at strstart+258.
- */
- do {
- } while (*++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- scan < strend);
-
- Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
-
- len = MAX_MATCH - (int)(strend - scan);
- scan = strend - MAX_MATCH;
-
-#endif /* UNALIGNED_OK */
-
- if (len > best_len) {
- s->match_start = cur_match;
- best_len = len;
- if (len >= nice_match) break;
-#ifdef UNALIGNED_OK
- scan_end = *(ushf*)(scan+best_len-1);
-#else
- scan_end1 = scan[best_len-1];
- scan_end = scan[best_len];
-#endif
- }
- } while ((cur_match = prev[cur_match & wmask]) > limit
- && --chain_length != 0);
-
- if ((uInt)best_len <= s->lookahead) return best_len;
- return s->lookahead;
-}
-#endif /* ASMV */
-
-#ifdef DEBUG_NEVER
-/* ===========================================================================
- * Check that the match at match_start is indeed a match.
- */
-local void check_match(s, start, match, length)
- deflate_state *s;
- IPos start, match;
- int length;
-{
- /* check that the match is indeed a match */
- if (zmemcmp((charf *)s->window + match,
- (charf *)s->window + start, length) != EQUAL) {
-#if 0
- fprintf(stderr, " start %u, match %u, length %d\n",
- start, match, length);
-#endif
- do {
- fprintf(stderr, "%c%c", s->window[match++], s->window[start++]);
- } while (--length != 0);
- z_error("invalid match");
- }
- if (verbose > 1) {
- fprintf(stderr,"\\[%d,%d]", start-match, length);
- do { putc(s->window[start++], stderr); } while (--length != 0);
- }
-}
-#else
-# define check_match(s, start, match, length)
-#endif
-
-/* ===========================================================================
- * Fill the window when the lookahead becomes insufficient.
- * Updates strstart and lookahead.
- *
- * IN assertion: lookahead < MIN_LOOKAHEAD
- * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD
- * At least one byte has been read, or avail_in == 0; reads are
- * performed for at least two bytes (required for the zip translate_eol
- * option -- not supported here).
- */
-local void fill_window(s)
- deflate_state *s;
-{
- register unsigned n, m;
- register Posf *p;
- unsigned more; /* Amount of free space at the end of the window. */
- uInt wsize = s->w_size;
-
- do {
- more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart);
-
- /* Deal with !@#$% 64K limit: */
- if (more == 0 && s->strstart == 0 && s->lookahead == 0) {
- more = wsize;
-
- } else if (more == (unsigned)(-1)) {
- /* Very unlikely, but possible on 16 bit machine if strstart == 0
- * and lookahead == 1 (input done one byte at time)
- */
- more--;
-
- /* If the window is almost full and there is insufficient lookahead,
- * move the upper half to the lower one to make room in the upper half.
- */
- } else if (s->strstart >= wsize+MAX_DIST(s)) {
-
- zmemcpy((charf *)s->window, (charf *)s->window+wsize,
- (unsigned)wsize);
- s->match_start -= wsize;
- s->strstart -= wsize; /* we now have strstart >= MAX_DIST */
-
- s->block_start -= (long) wsize;
-
- /* Slide the hash table (could be avoided with 32 bit values
- at the expense of memory usage):
- */
- n = s->hash_size;
- p = &s->head[n];
- do {
- m = *--p;
- *p = (Pos)(m >= wsize ? m-wsize : NIL);
- } while (--n);
-
- n = wsize;
- p = &s->prev[n];
- do {
- m = *--p;
- *p = (Pos)(m >= wsize ? m-wsize : NIL);
- /* If n is not on any hash chain, prev[n] is garbage but
- * its value will never be used.
- */
- } while (--n);
-
- more += wsize;
- }
- if (s->strm->avail_in == 0) return;
-
- /* If there was no sliding:
- * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&
- * more == window_size - lookahead - strstart
- * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)
- * => more >= window_size - 2*WSIZE + 2
- * In the BIG_MEM or MMAP case (not yet supported),
- * window_size == input_size + MIN_LOOKAHEAD &&
- * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.
- * Otherwise, window_size == 2*WSIZE so more >= 2.
- * If there was sliding, more >= WSIZE. So in all cases, more >= 2.
- */
- Assert(more >= 2, "more < 2");
-
- n = read_buf(s->strm, (charf *)s->window + s->strstart + s->lookahead,
- more);
- s->lookahead += n;
-
- /* Initialize the hash value now that we have some input: */
- if (s->lookahead >= MIN_MATCH) {
- s->ins_h = s->window[s->strstart];
- UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
-#if MIN_MATCH != 3
- Call UPDATE_HASH() MIN_MATCH-3 more times
-#endif
- }
- /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,
- * but this is not important since only literal bytes will be emitted.
- */
-
- } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0);
-}
-
-/* ===========================================================================
- * Flush the current block, with given end-of-file flag.
- * IN assertion: strstart is set to the end of the current match.
- */
-#define FLUSH_BLOCK_ONLY(s, eof) { \
- _tr_flush_block(s, (s->block_start >= 0L ? \
- (charf *)&s->window[(unsigned)s->block_start] : \
- (charf *)Z_NULL), \
- (ulg)((long)s->strstart - s->block_start), \
- (eof)); \
- s->block_start = s->strstart; \
- flush_pending(s->strm); \
- Tracev((stderr,"[FLUSH]")); \
-}
-
-/* Same but force premature exit if necessary. */
-#define FLUSH_BLOCK(s, eof) { \
- FLUSH_BLOCK_ONLY(s, eof); \
- if (s->strm->avail_out == 0) return (eof) ? finish_started : need_more; \
-}
-
-/* ===========================================================================
- * Copy without compression as much as possible from the input stream, return
- * the current block state.
- * This function does not insert new strings in the dictionary since
- * uncompressible data is probably not useful. This function is used
- * only for the level=0 compression option.
- * NOTE: this function should be optimized to avoid extra copying.
- */
-local block_state deflate_stored(s, flush)
- deflate_state *s;
- int flush;
-{
- for (;;) {
- /* Fill the window as much as possible: */
- if (s->lookahead <= 1) {
-
- Assert(s->strstart < s->w_size+MAX_DIST(s) ||
- s->block_start >= (long)s->w_size, "slide too late");
-
- fill_window(s);
- if (s->lookahead == 0 && flush == Z_NO_FLUSH) return need_more;
-
- if (s->lookahead == 0) break; /* flush the current block */
- }
- Assert(s->block_start >= 0L, "block gone");
-
- s->strstart += s->lookahead;
- s->lookahead = 0;
-
- /* Stored blocks are limited to 0xffff bytes: */
- if (s->strstart == 0 || s->strstart > 0xfffe) {
- /* strstart == 0 is possible when wraparound on 16-bit machine */
- s->lookahead = s->strstart - 0xffff;
- s->strstart = 0xffff;
- }
-
- /* Emit a stored block if it is large enough: */
- if (s->strstart - (uInt)s->block_start >= MAX_DIST(s)) {
- FLUSH_BLOCK(s, 0);
- }
- }
- FLUSH_BLOCK(s, flush == Z_FINISH);
- return flush == Z_FINISH ? finish_done : block_done;
-}
-
-/* ===========================================================================
- * Compress as much as possible from the input stream, return the current
- * block state.
- * This function does not perform lazy evaluation of matches and inserts
- * new strings in the dictionary only for unmatched strings or for short
- * matches. It is used only for the fast compression options.
- */
-local block_state deflate_fast(s, flush)
- deflate_state *s;
- int flush;
-{
- IPos hash_head = NIL; /* head of the hash chain */
- int bflush; /* set if current block must be flushed */
-
- for (;;) {
- /* Make sure that we always have enough lookahead, except
- * at the end of the input file. We need MAX_MATCH bytes
- * for the next match, plus MIN_MATCH bytes to insert the
- * string following the next match.
- */
- if (s->lookahead < MIN_LOOKAHEAD) {
- fill_window(s);
- if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
- return need_more;
- }
- if (s->lookahead == 0) break; /* flush the current block */
- }
-
- /* Insert the string window[strstart .. strstart+2] in the
- * dictionary, and set hash_head to the head of the hash chain:
- */
- if (s->lookahead >= MIN_MATCH) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
-
- /* Find the longest match, discarding those <= prev_length.
- * At this point we have always match_length < MIN_MATCH
- */
- if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) {
- /* To simplify the code, we prevent matches with the string
- * of window index 0 (in particular we have to avoid a match
- * of the string with itself at the start of the input file).
- */
- if (s->strategy != Z_HUFFMAN_ONLY) {
- s->match_length = longest_match (s, hash_head);
- }
- /* longest_match() sets match_start */
- }
- if (s->match_length >= MIN_MATCH) {
- check_match(s, s->strstart, s->match_start, s->match_length);
-
- bflush = _tr_tally(s, s->strstart - s->match_start,
- s->match_length - MIN_MATCH);
-
- s->lookahead -= s->match_length;
-
- /* Insert new strings in the hash table only if the match length
- * is not too large. This saves time but degrades compression.
- */
- if (s->match_length <= s->max_insert_length &&
- s->lookahead >= MIN_MATCH) {
- s->match_length--; /* string at strstart already in hash table */
- do {
- s->strstart++;
- INSERT_STRING(s, s->strstart, hash_head);
- /* strstart never exceeds WSIZE-MAX_MATCH, so there are
- * always MIN_MATCH bytes ahead.
- */
- } while (--s->match_length != 0);
- s->strstart++;
- } else {
- s->strstart += s->match_length;
- s->match_length = 0;
- s->ins_h = s->window[s->strstart];
- UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
-#if MIN_MATCH != 3
- Call UPDATE_HASH() MIN_MATCH-3 more times
-#endif
- /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not
- * matter since it will be recomputed at next deflate call.
- */
- }
- } else {
- /* No match, output a literal byte */
- Tracevv((stderr,"%c", s->window[s->strstart]));
- bflush = _tr_tally (s, 0, s->window[s->strstart]);
- s->lookahead--;
- s->strstart++;
- }
- if (bflush) FLUSH_BLOCK(s, 0);
- }
- FLUSH_BLOCK(s, flush == Z_FINISH);
- return flush == Z_FINISH ? finish_done : block_done;
-}
-
-/* ===========================================================================
- * Same as above, but achieves better compression. We use a lazy
- * evaluation for matches: a match is finally adopted only if there is
- * no better match at the next window position.
- */
-local block_state deflate_slow(s, flush)
- deflate_state *s;
- int flush;
-{
- IPos hash_head = NIL; /* head of hash chain */
- int bflush; /* set if current block must be flushed */
-
- /* Process the input block. */
- for (;;) {
- /* Make sure that we always have enough lookahead, except
- * at the end of the input file. We need MAX_MATCH bytes
- * for the next match, plus MIN_MATCH bytes to insert the
- * string following the next match.
- */
- if (s->lookahead < MIN_LOOKAHEAD) {
- fill_window(s);
- if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
- return need_more;
- }
- if (s->lookahead == 0) break; /* flush the current block */
- }
-
- /* Insert the string window[strstart .. strstart+2] in the
- * dictionary, and set hash_head to the head of the hash chain:
- */
- if (s->lookahead >= MIN_MATCH) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
-
- /* Find the longest match, discarding those <= prev_length.
- */
- s->prev_length = s->match_length, s->prev_match = s->match_start;
- s->match_length = MIN_MATCH-1;
-
- if (hash_head != NIL && s->prev_length < s->max_lazy_match &&
- s->strstart - hash_head <= MAX_DIST(s)) {
- /* To simplify the code, we prevent matches with the string
- * of window index 0 (in particular we have to avoid a match
- * of the string with itself at the start of the input file).
- */
- if (s->strategy != Z_HUFFMAN_ONLY) {
- s->match_length = longest_match (s, hash_head);
- }
- /* longest_match() sets match_start */
-
- if (s->match_length <= 5 && (s->strategy == Z_FILTERED ||
- (s->match_length == MIN_MATCH &&
- s->strstart - s->match_start > TOO_FAR))) {
-
- /* If prev_match is also MIN_MATCH, match_start is garbage
- * but we will ignore the current match anyway.
- */
- s->match_length = MIN_MATCH-1;
- }
- }
- /* If there was a match at the previous step and the current
- * match is not better, output the previous match:
- */
- if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) {
- uInt max_insert = s->strstart + s->lookahead - MIN_MATCH;
- /* Do not insert strings in hash table beyond this. */
-
- check_match(s, s->strstart-1, s->prev_match, s->prev_length);
-
- bflush = _tr_tally(s, s->strstart -1 - s->prev_match,
- s->prev_length - MIN_MATCH);
-
- /* Insert in hash table all strings up to the end of the match.
- * strstart-1 and strstart are already inserted. If there is not
- * enough lookahead, the last two strings are not inserted in
- * the hash table.
- */
- s->lookahead -= s->prev_length-1;
- s->prev_length -= 2;
- do {
- if (++s->strstart <= max_insert) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
- } while (--s->prev_length != 0);
- s->match_available = 0;
- s->match_length = MIN_MATCH-1;
- s->strstart++;
-
- if (bflush) FLUSH_BLOCK(s, 0);
-
- } else if (s->match_available) {
- /* If there was no match at the previous position, output a
- * single literal. If there was a match but the current match
- * is longer, truncate the previous match to a single literal.
- */
- Tracevv((stderr,"%c", s->window[s->strstart-1]));
- if (_tr_tally (s, 0, s->window[s->strstart-1])) {
- FLUSH_BLOCK_ONLY(s, 0);
- }
- s->strstart++;
- s->lookahead--;
- if (s->strm->avail_out == 0) return need_more;
- } else {
- /* There is no previous match to compare with, wait for
- * the next step to decide.
- */
- s->match_available = 1;
- s->strstart++;
- s->lookahead--;
- }
- }
- Assert (flush != Z_NO_FLUSH, "no flush?");
- if (s->match_available) {
- Tracevv((stderr,"%c", s->window[s->strstart-1]));
- _tr_tally (s, 0, s->window[s->strstart-1]);
- s->match_available = 0;
- }
- FLUSH_BLOCK(s, flush == Z_FINISH);
- return flush == Z_FINISH ? finish_done : block_done;
-}
diff --git a/security/nss/cmd/zlib/deflate.h b/security/nss/cmd/zlib/deflate.h
deleted file mode 100644
index 410b21984..000000000
--- a/security/nss/cmd/zlib/deflate.h
+++ /dev/null
@@ -1,275 +0,0 @@
-/* deflate.h -- internal compression state
- * Copyright (C) 1995-1996 Jean-loup Gailly
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-/* $Id$ */
-
-#ifndef _DEFLATE_H
-#define _DEFLATE_H
-
-#include "zutil.h"
-
-/* ===========================================================================
- * Internal compression state.
- */
-
-#define LENGTH_CODES 29
-/* number of length codes, not counting the special END_BLOCK code */
-
-#define LITERALS 256
-/* number of literal bytes 0..255 */
-
-#define L_CODES (LITERALS+1+LENGTH_CODES)
-/* number of Literal or Length codes, including the END_BLOCK code */
-
-#define D_CODES 30
-/* number of distance codes */
-
-#define BL_CODES 19
-/* number of codes used to transfer the bit lengths */
-
-#define HEAP_SIZE (2*L_CODES+1)
-/* maximum heap size */
-
-#define MAX_BITS 15
-/* All codes must not exceed MAX_BITS bits */
-
-#define INIT_STATE 42
-#define BUSY_STATE 113
-#define FINISH_STATE 666
-/* Stream status */
-
-
-/* Data structure describing a single value and its code string. */
-typedef struct ct_data_s {
- union {
- ush freq; /* frequency count */
- ush code; /* bit string */
- } fc;
- union {
- ush dad; /* father node in Huffman tree */
- ush len; /* length of bit string */
- } dl;
-} FAR ct_data;
-
-#define Freq fc.freq
-#define Code fc.code
-#define Dad dl.dad
-#define Len dl.len
-
-typedef struct static_tree_desc_s static_tree_desc;
-
-typedef struct tree_desc_s {
- ct_data *dyn_tree; /* the dynamic tree */
- int max_code; /* largest code with non zero frequency */
- static_tree_desc *stat_desc; /* the corresponding static tree */
-} FAR tree_desc;
-
-typedef ush Pos;
-typedef Pos FAR Posf;
-typedef unsigned IPos;
-
-/* A Pos is an index in the character window. We use short instead of int to
- * save space in the various tables. IPos is used only for parameter passing.
- */
-
-typedef struct internal_state {
- z_streamp strm; /* pointer back to this zlib stream */
- int status; /* as the name implies */
- Bytef *pending_buf; /* output still pending */
- Bytef *pending_out; /* next pending byte to output to the stream */
- int pending; /* nb of bytes in the pending buffer */
- int noheader; /* suppress zlib header and adler32 */
- Byte data_type; /* UNKNOWN, BINARY or ASCII */
- Byte method; /* STORED (for zip only) or DEFLATED */
- int last_flush; /* value of flush param for previous deflate call */
-
- /* used by deflate.c: */
-
- uInt w_size; /* LZ77 window size (32K by default) */
- uInt w_bits; /* log2(w_size) (8..16) */
- uInt w_mask; /* w_size - 1 */
-
- Bytef *window;
- /* Sliding window. Input bytes are read into the second half of the window,
- * and move to the first half later to keep a dictionary of at least wSize
- * bytes. With this organization, matches are limited to a distance of
- * wSize-MAX_MATCH bytes, but this ensures that IO is always
- * performed with a length multiple of the block size. Also, it limits
- * the window size to 64K, which is quite useful on MSDOS.
- * To do: use the user input buffer as sliding window.
- */
-
- ulg window_size;
- /* Actual size of window: 2*wSize, except when the user input buffer
- * is directly used as sliding window.
- */
-
- Posf *prev;
- /* Link to older string with same hash index. To limit the size of this
- * array to 64K, this link is maintained only for the last 32K strings.
- * An index in this array is thus a window index modulo 32K.
- */
-
- Posf *head; /* Heads of the hash chains or NIL. */
-
- uInt ins_h; /* hash index of string to be inserted */
- uInt hash_size; /* number of elements in hash table */
- uInt hash_bits; /* log2(hash_size) */
- uInt hash_mask; /* hash_size-1 */
-
- uInt hash_shift;
- /* Number of bits by which ins_h must be shifted at each input
- * step. It must be such that after MIN_MATCH steps, the oldest
- * byte no longer takes part in the hash key, that is:
- * hash_shift * MIN_MATCH >= hash_bits
- */
-
- long block_start;
- /* Window position at the beginning of the current output block. Gets
- * negative when the window is moved backwards.
- */
-
- uInt match_length; /* length of best match */
- IPos prev_match; /* previous match */
- int match_available; /* set if previous match exists */
- uInt strstart; /* start of string to insert */
- uInt match_start; /* start of matching string */
- uInt lookahead; /* number of valid bytes ahead in window */
-
- uInt prev_length;
- /* Length of the best match at previous step. Matches not greater than this
- * are discarded. This is used in the lazy match evaluation.
- */
-
- uInt max_chain_length;
- /* To speed up deflation, hash chains are never searched beyond this
- * length. A higher limit improves compression ratio but degrades the
- * speed.
- */
-
- uInt max_lazy_match;
- /* Attempt to find a better match only when the current match is strictly
- * smaller than this value. This mechanism is used only for compression
- * levels >= 4.
- */
-# define max_insert_length max_lazy_match
- /* Insert new strings in the hash table only if the match length is not
- * greater than this length. This saves time but degrades compression.
- * max_insert_length is used only for compression levels <= 3.
- */
-
- int level; /* compression level (1..9) */
- int strategy; /* favor or force Huffman coding*/
-
- uInt good_match;
- /* Use a faster search when the previous match is longer than this */
-
- int nice_match; /* Stop searching when current match exceeds this */
-
- /* used by trees.c: */
- /* Didn't use ct_data typedef below to supress compiler warning */
- struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */
- struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */
- struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */
-
- struct tree_desc_s l_desc; /* desc. for literal tree */
- struct tree_desc_s d_desc; /* desc. for distance tree */
- struct tree_desc_s bl_desc; /* desc. for bit length tree */
-
- ush bl_count[MAX_BITS+1];
- /* number of codes at each bit length for an optimal tree */
-
- int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */
- int heap_len; /* number of elements in the heap */
- int heap_max; /* element of largest frequency */
- /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.
- * The same heap array is used to build all trees.
- */
-
- uch depth[2*L_CODES+1];
- /* Depth of each subtree used as tie breaker for trees of equal frequency
- */
-
- uchf *l_buf; /* buffer for literals or lengths */
-
- uInt lit_bufsize;
- /* Size of match buffer for literals/lengths. There are 4 reasons for
- * limiting lit_bufsize to 64K:
- * - frequencies can be kept in 16 bit counters
- * - if compression is not successful for the first block, all input
- * data is still in the window so we can still emit a stored block even
- * when input comes from standard input. (This can also be done for
- * all blocks if lit_bufsize is not greater than 32K.)
- * - if compression is not successful for a file smaller than 64K, we can
- * even emit a stored file instead of a stored block (saving 5 bytes).
- * This is applicable only for zip (not gzip or zlib).
- * - creating new Huffman trees less frequently may not provide fast
- * adaptation to changes in the input data statistics. (Take for
- * example a binary file with poorly compressible code followed by
- * a highly compressible string table.) Smaller buffer sizes give
- * fast adaptation but have of course the overhead of transmitting
- * trees more frequently.
- * - I can't count above 4
- */
-
- uInt last_lit; /* running index in l_buf */
-
- ushf *d_buf;
- /* Buffer for distances. To simplify the code, d_buf and l_buf have
- * the same number of elements. To use different lengths, an extra flag
- * array would be necessary.
- */
-
- ulg opt_len; /* bit length of current block with optimal trees */
- ulg static_len; /* bit length of current block with static trees */
- ulg compressed_len; /* total bit length of compressed file */
- uInt matches; /* number of string matches in current block */
- int last_eob_len; /* bit length of EOB code for last block */
-
-#ifdef DEBUG
- ulg bits_sent; /* bit length of the compressed data */
-#endif
-
- ush bi_buf;
- /* Output buffer. bits are inserted starting at the bottom (least
- * significant bits).
- */
- int bi_valid;
- /* Number of valid bits in bi_buf. All bits above the last valid bit
- * are always zero.
- */
-
-} FAR deflate_state;
-
-/* Output a byte on the stream.
- * IN assertion: there is enough room in pending_buf.
- */
-#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);}
-
-
-#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
-/* Minimum amount of lookahead, except at the end of the input file.
- * See deflate.c for comments about the MIN_MATCH+1.
- */
-
-#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD)
-/* In order to simplify the code, particularly on 16 bit machines, match
- * distances are limited to MAX_DIST instead of WSIZE.
- */
-
- /* in trees.c */
-void _tr_init OF((deflate_state *s));
-int _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc));
-ulg _tr_flush_block OF((deflate_state *s, charf *buf, ulg stored_len,
- int eof));
-void _tr_align OF((deflate_state *s));
-void _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len,
- int eof));
-#endif
diff --git a/security/nss/cmd/zlib/example.c b/security/nss/cmd/zlib/example.c
deleted file mode 100644
index 7c9176094..000000000
--- a/security/nss/cmd/zlib/example.c
+++ /dev/null
@@ -1,503 +0,0 @@
-/* example.c -- usage example of the zlib compression library
- * Copyright (C) 1995-1996 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* $Id$ */
-
-#include <stdio.h>
-#include "zlib.h"
-
-#ifdef STDC
-# include <string.h>
-# include <stdlib.h>
-#else
- extern void exit OF((int));
-#endif
-
-#define CHECK_ERR(err, msg) { \
- if (err != Z_OK) { \
- fprintf(stderr, "%s error: %d\n", msg, err); \
- exit(1); \
- } \
-}
-
-const char hello[] = "hello, hello!";
-/* "hello world" would be more standard, but the repeated "hello"
- * stresses the compression code better, sorry...
- */
-
-const char dictionary[] = "hello";
-uLong dictId; /* Adler32 value of the dictionary */
-
-void test_compress OF((Byte *compr, uLong comprLen,
- Byte *uncompr, uLong uncomprLen));
-void test_gzio OF((const char *out, const char *in,
- Byte *uncompr, int uncomprLen));
-void test_deflate OF((Byte *compr, uLong comprLen));
-void test_inflate OF((Byte *compr, uLong comprLen,
- Byte *uncompr, uLong uncomprLen));
-void test_large_deflate OF((Byte *compr, uLong comprLen,
- Byte *uncompr, uLong uncomprLen));
-void test_large_inflate OF((Byte *compr, uLong comprLen,
- Byte *uncompr, uLong uncomprLen));
-void test_flush OF((Byte *compr, uLong comprLen));
-void test_sync OF((Byte *compr, uLong comprLen,
- Byte *uncompr, uLong uncomprLen));
-void test_dict_deflate OF((Byte *compr, uLong comprLen));
-void test_dict_inflate OF((Byte *compr, uLong comprLen,
- Byte *uncompr, uLong uncomprLen));
-int main OF((int argc, char *argv[]));
-
-/* ===========================================================================
- * Test compress() and uncompress()
- */
-void test_compress(compr, comprLen, uncompr, uncomprLen)
- Byte *compr, *uncompr;
- uLong comprLen, uncomprLen;
-{
- int err;
- uLong len = strlen(hello)+1;
-
- err = compress(compr, &comprLen, (const Bytef*)hello, len);
- CHECK_ERR(err, "compress");
-
- strcpy((char*)uncompr, "garbage");
-
- err = uncompress(uncompr, &uncomprLen, compr, comprLen);
- CHECK_ERR(err, "uncompress");
-
- if (strcmp((char*)uncompr, hello)) {
- fprintf(stderr, "bad uncompress\n");
- } else {
- printf("uncompress(): %s\n", uncompr);
- }
-}
-
-/* ===========================================================================
- * Test read/write of .gz files
- */
-void test_gzio(out, in, uncompr, uncomprLen)
- const char *out; /* output file */
- const char *in; /* input file */
- Byte *uncompr;
- int uncomprLen;
-{
- int err;
- int len = strlen(hello)+1;
- gzFile file;
-
- file = gzopen(out, "wb");
- if (file == NULL) {
- fprintf(stderr, "gzopen error\n");
- exit(1);
- }
-
- if (gzwrite(file, (const voidp)hello, (unsigned)len) != len) {
- fprintf(stderr, "gzwrite err: %s\n", gzerror(file, &err));
- }
- gzclose(file);
-
- file = gzopen(in, "rb");
- if (file == NULL) {
- fprintf(stderr, "gzopen error\n");
- }
- strcpy((char*)uncompr, "garbage");
-
- uncomprLen = gzread(file, uncompr, (unsigned)uncomprLen);
- if (uncomprLen != len) {
- fprintf(stderr, "gzread err: %s\n", gzerror(file, &err));
- }
- gzclose(file);
-
- if (strcmp((char*)uncompr, hello)) {
- fprintf(stderr, "bad gzread\n");
- } else {
- printf("gzread(): %s\n", uncompr);
- }
-}
-
-/* ===========================================================================
- * Test deflate() with small buffers
- */
-void test_deflate(compr, comprLen)
- Byte *compr;
- uLong comprLen;
-{
- z_stream c_stream; /* compression stream */
- int err;
- int len = strlen(hello)+1;
-
- c_stream.zalloc = (alloc_func)0;
- c_stream.zfree = (free_func)0;
- c_stream.opaque = (voidpf)0;
-
- err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION);
- CHECK_ERR(err, "deflateInit");
-
- c_stream.next_in = (Bytef*)hello;
- c_stream.next_out = compr;
-
- while (c_stream.total_in != (uLong)len && c_stream.total_out < comprLen) {
- c_stream.avail_in = c_stream.avail_out = 1; /* force small buffers */
- err = deflate(&c_stream, Z_NO_FLUSH);
- CHECK_ERR(err, "deflate");
- }
- /* Finish the stream, still forcing small buffers: */
- for (;;) {
- c_stream.avail_out = 1;
- err = deflate(&c_stream, Z_FINISH);
- if (err == Z_STREAM_END) break;
- CHECK_ERR(err, "deflate");
- }
-
- err = deflateEnd(&c_stream);
- CHECK_ERR(err, "deflateEnd");
-}
-
-/* ===========================================================================
- * Test inflate() with small buffers
- */
-void test_inflate(compr, comprLen, uncompr, uncomprLen)
- Byte *compr, *uncompr;
- uLong comprLen, uncomprLen;
-{
- int err;
- z_stream d_stream; /* decompression stream */
-
- strcpy((char*)uncompr, "garbage");
-
- d_stream.zalloc = (alloc_func)0;
- d_stream.zfree = (free_func)0;
- d_stream.opaque = (voidpf)0;
-
- err = inflateInit(&d_stream);
- CHECK_ERR(err, "inflateInit");
-
- d_stream.next_in = compr;
- d_stream.next_out = uncompr;
-
- while (d_stream.total_out < uncomprLen && d_stream.total_in < comprLen) {
- d_stream.avail_in = d_stream.avail_out = 1; /* force small buffers */
- err = inflate(&d_stream, Z_NO_FLUSH);
- if (err == Z_STREAM_END) break;
- CHECK_ERR(err, "inflate");
- }
-
- err = inflateEnd(&d_stream);
- CHECK_ERR(err, "inflateEnd");
-
- if (strcmp((char*)uncompr, hello)) {
- fprintf(stderr, "bad inflate\n");
- } else {
- printf("inflate(): %s\n", uncompr);
- }
-}
-
-/* ===========================================================================
- * Test deflate() with large buffers and dynamic change of compression level
- */
-void test_large_deflate(compr, comprLen, uncompr, uncomprLen)
- Byte *compr, *uncompr;
- uLong comprLen, uncomprLen;
-{
- z_stream c_stream; /* compression stream */
- int err;
-
- c_stream.zalloc = (alloc_func)0;
- c_stream.zfree = (free_func)0;
- c_stream.opaque = (voidpf)0;
-
- err = deflateInit(&c_stream, Z_BEST_SPEED);
- CHECK_ERR(err, "deflateInit");
-
- c_stream.next_out = compr;
- c_stream.avail_out = (uInt)comprLen;
-
- /* At this point, uncompr is still mostly zeroes, so it should compress
- * very well:
- */
- c_stream.next_in = uncompr;
- c_stream.avail_in = (uInt)uncomprLen;
- err = deflate(&c_stream, Z_NO_FLUSH);
- CHECK_ERR(err, "deflate");
- if (c_stream.avail_in != 0) {
- fprintf(stderr, "deflate not greedy\n");
- }
-
- /* Feed in already compressed data and switch to no compression: */
- deflateParams(&c_stream, Z_NO_COMPRESSION, Z_DEFAULT_STRATEGY);
- c_stream.next_in = compr;
- c_stream.avail_in = (uInt)comprLen/2;
- err = deflate(&c_stream, Z_NO_FLUSH);
- CHECK_ERR(err, "deflate");
-
- /* Switch back to compressing mode: */
- deflateParams(&c_stream, Z_BEST_COMPRESSION, Z_FILTERED);
- c_stream.next_in = uncompr;
- c_stream.avail_in = (uInt)uncomprLen;
- err = deflate(&c_stream, Z_NO_FLUSH);
- CHECK_ERR(err, "deflate");
-
- err = deflate(&c_stream, Z_FINISH);
- if (err != Z_STREAM_END) {
- fprintf(stderr, "deflate should report Z_STREAM_END\n");
- }
- err = deflateEnd(&c_stream);
- CHECK_ERR(err, "deflateEnd");
-}
-
-/* ===========================================================================
- * Test inflate() with large buffers
- */
-void test_large_inflate(compr, comprLen, uncompr, uncomprLen)
- Byte *compr, *uncompr;
- uLong comprLen, uncomprLen;
-{
- int err;
- z_stream d_stream; /* decompression stream */
-
- strcpy((char*)uncompr, "garbage");
-
- d_stream.zalloc = (alloc_func)0;
- d_stream.zfree = (free_func)0;
- d_stream.opaque = (voidpf)0;
-
- err = inflateInit(&d_stream);
- CHECK_ERR(err, "inflateInit");
-
- d_stream.next_in = compr;
- d_stream.avail_in = (uInt)comprLen;
-
- for (;;) {
- d_stream.next_out = uncompr; /* discard the output */
- d_stream.avail_out = (uInt)uncomprLen;
- err = inflate(&d_stream, Z_NO_FLUSH);
- if (err == Z_STREAM_END) break;
- CHECK_ERR(err, "large inflate");
- }
-
- err = inflateEnd(&d_stream);
- CHECK_ERR(err, "inflateEnd");
-
- if (d_stream.total_out != 2*uncomprLen + comprLen/2) {
- fprintf(stderr, "bad large inflate: %ld\n", d_stream.total_out);
- } else {
- printf("large_inflate(): OK\n");
- }
-}
-
-/* ===========================================================================
- * Test deflate() with full flush
- */
-void test_flush(compr, comprLen)
- Byte *compr;
- uLong comprLen;
-{
- z_stream c_stream; /* compression stream */
- int err;
- int len = strlen(hello)+1;
-
- c_stream.zalloc = (alloc_func)0;
- c_stream.zfree = (free_func)0;
- c_stream.opaque = (voidpf)0;
-
- err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION);
- CHECK_ERR(err, "deflateInit");
-
- c_stream.next_in = (Bytef*)hello;
- c_stream.next_out = compr;
- c_stream.avail_in = 3;
- c_stream.avail_out = (uInt)comprLen;
- err = deflate(&c_stream, Z_FULL_FLUSH);
- CHECK_ERR(err, "deflate");
-
- compr[3]++; /* force an error in first compressed block */
- c_stream.avail_in = len - 3;
-
- err = deflate(&c_stream, Z_FINISH);
- if (err != Z_STREAM_END) {
- CHECK_ERR(err, "deflate");
- }
- err = deflateEnd(&c_stream);
- CHECK_ERR(err, "deflateEnd");
-}
-
-/* ===========================================================================
- * Test inflateSync()
- */
-void test_sync(compr, comprLen, uncompr, uncomprLen)
- Byte *compr, *uncompr;
- uLong comprLen, uncomprLen;
-{
- int err;
- z_stream d_stream; /* decompression stream */
-
- strcpy((char*)uncompr, "garbage");
-
- d_stream.zalloc = (alloc_func)0;
- d_stream.zfree = (free_func)0;
- d_stream.opaque = (voidpf)0;
-
- err = inflateInit(&d_stream);
- CHECK_ERR(err, "inflateInit");
-
- d_stream.next_in = compr;
- d_stream.next_out = uncompr;
- d_stream.avail_in = 2; /* just read the zlib header */
- d_stream.avail_out = (uInt)uncomprLen;
-
- inflate(&d_stream, Z_NO_FLUSH);
- CHECK_ERR(err, "inflate");
-
- d_stream.avail_in = (uInt)comprLen-2; /* read all compressed data */
- err = inflateSync(&d_stream); /* but skip the damaged part */
- CHECK_ERR(err, "inflateSync");
-
- err = inflate(&d_stream, Z_FINISH);
- if (err != Z_DATA_ERROR) {
- fprintf(stderr, "inflate should report DATA_ERROR\n");
- /* Because of incorrect adler32 */
- }
- err = inflateEnd(&d_stream);
- CHECK_ERR(err, "inflateEnd");
-
- printf("after inflateSync(): hel%s\n", uncompr);
-}
-
-/* ===========================================================================
- * Test deflate() with preset dictionary
- */
-void test_dict_deflate(compr, comprLen)
- Byte *compr;
- uLong comprLen;
-{
- z_stream c_stream; /* compression stream */
- int err;
-
- c_stream.zalloc = (alloc_func)0;
- c_stream.zfree = (free_func)0;
- c_stream.opaque = (voidpf)0;
-
- err = deflateInit(&c_stream, Z_BEST_COMPRESSION);
- CHECK_ERR(err, "deflateInit");
-
- err = deflateSetDictionary(&c_stream,
- (const Bytef*)dictionary, sizeof(dictionary));
- CHECK_ERR(err, "deflateSetDictionary");
-
- dictId = c_stream.adler;
- c_stream.next_out = compr;
- c_stream.avail_out = (uInt)comprLen;
-
- c_stream.next_in = (Bytef*)hello;
- c_stream.avail_in = (uInt)strlen(hello)+1;
-
- err = deflate(&c_stream, Z_FINISH);
- if (err != Z_STREAM_END) {
- fprintf(stderr, "deflate should report Z_STREAM_END\n");
- }
- err = deflateEnd(&c_stream);
- CHECK_ERR(err, "deflateEnd");
-}
-
-/* ===========================================================================
- * Test inflate() with a preset dictionary
- */
-void test_dict_inflate(compr, comprLen, uncompr, uncomprLen)
- Byte *compr, *uncompr;
- uLong comprLen, uncomprLen;
-{
- int err;
- z_stream d_stream; /* decompression stream */
-
- strcpy((char*)uncompr, "garbage");
-
- d_stream.zalloc = (alloc_func)0;
- d_stream.zfree = (free_func)0;
- d_stream.opaque = (voidpf)0;
-
- err = inflateInit(&d_stream);
- CHECK_ERR(err, "inflateInit");
-
- d_stream.next_in = compr;
- d_stream.avail_in = (uInt)comprLen;
-
- d_stream.next_out = uncompr;
- d_stream.avail_out = (uInt)uncomprLen;
-
- for (;;) {
- err = inflate(&d_stream, Z_NO_FLUSH);
- if (err == Z_STREAM_END) break;
- if (err == Z_NEED_DICT) {
- if (d_stream.adler != dictId) {
- fprintf(stderr, "unexpected dictionary");
- exit(1);
- }
- err = inflateSetDictionary(&d_stream, (const Bytef*)dictionary,
- sizeof(dictionary));
- }
- CHECK_ERR(err, "inflate with dict");
- }
-
- err = inflateEnd(&d_stream);
- CHECK_ERR(err, "inflateEnd");
-
- if (strcmp((char*)uncompr, hello)) {
- fprintf(stderr, "bad inflate with dict\n");
- } else {
- printf("inflate with dictionary: %s\n", uncompr);
- }
-}
-
-/* ===========================================================================
- * Usage: example [output.gz [input.gz]]
- */
-
-int main(argc, argv)
- int argc;
- char *argv[];
-{
- Byte *compr, *uncompr;
- uLong comprLen = 10000*sizeof(int); /* don't overflow on MSDOS */
- uLong uncomprLen = comprLen;
-
- if (zlibVersion()[0] != ZLIB_VERSION[0]) {
- fprintf(stderr, "incompatible zlib version\n");
- exit(1);
-
- } else if (strcmp(zlibVersion(), ZLIB_VERSION) != 0) {
- fprintf(stderr, "warning: different zlib version\n");
- }
-
- compr = (Byte*)calloc((uInt)comprLen, 1);
- uncompr = (Byte*)calloc((uInt)uncomprLen, 1);
- /* compr and uncompr are cleared to avoid reading uninitialized
- * data and to ensure that uncompr compresses well.
- */
- if (compr == Z_NULL || uncompr == Z_NULL) {
- printf("out of memory\n");
- exit(1);
- }
-
- test_compress(compr, comprLen, uncompr, uncomprLen);
-
- test_gzio((argc > 1 ? argv[1] : "foo.gz"),
- (argc > 2 ? argv[2] : "foo.gz"),
- uncompr, (int)uncomprLen);
-
- test_deflate(compr, comprLen);
- test_inflate(compr, comprLen, uncompr, uncomprLen);
-
- test_large_deflate(compr, comprLen, uncompr, uncomprLen);
- test_large_inflate(compr, comprLen, uncompr, uncomprLen);
-
- test_flush(compr, comprLen);
- test_sync(compr, comprLen, uncompr, uncomprLen);
-
- test_dict_deflate(compr, comprLen);
- test_dict_inflate(compr, comprLen, uncompr, uncomprLen);
-
- exit(0);
- return 0; /* to avoid warning */
-}
diff --git a/security/nss/cmd/zlib/gzio.c b/security/nss/cmd/zlib/gzio.c
deleted file mode 100644
index c52d30d30..000000000
--- a/security/nss/cmd/zlib/gzio.c
+++ /dev/null
@@ -1,537 +0,0 @@
-/* gzio.c -- IO on .gz files
- * Copyright (C) 1995-1996 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-
-/* $Id$ */
-
-#include <stdio.h>
-
-#include "zutil.h"
-
-struct internal_state {int dummy;}; /* for buggy compilers */
-
-#define Z_BUFSIZE 4096
-
-#define ALLOC(size) malloc(size)
-#define TRYFREE(p) {if (p) free(p);}
-
-static int gz_magic[2] = {0x1f, 0x8b}; /* gzip magic header */
-
-/* gzip flag byte */
-#define ASCII_FLAG 0x01 /* bit 0 set: file probably ascii text */
-#define HEAD_CRC 0x02 /* bit 1 set: header CRC present */
-#define EXTRA_FIELD 0x04 /* bit 2 set: extra field present */
-#define ORIG_NAME 0x08 /* bit 3 set: original file name present */
-#define COMMENT 0x10 /* bit 4 set: file comment present */
-#define RESERVED 0xE0 /* bits 5..7: reserved */
-
-typedef struct gz_stream {
- z_stream stream;
- int z_err; /* error code for last stream operation */
- int z_eof; /* set if end of input file */
- FILE *file; /* .gz file */
- Byte *inbuf; /* input buffer */
- Byte *outbuf; /* output buffer */
- uLong crc; /* crc32 of uncompressed data */
- char *msg; /* error message */
- char *path; /* path name for debugging only */
- int transparent; /* 1 if input file is not a .gz file */
- char mode; /* 'w' or 'r' */
-} gz_stream;
-
-
-local gzFile gz_open OF((const char *path, const char *mode, int fd));
-local int get_byte OF((gz_stream *s));
-local void check_header OF((gz_stream *s));
-local int destroy OF((gz_stream *s));
-local void putLong OF((FILE *file, uLong x));
-local uLong getLong OF((gz_stream *s));
-
-/* ===========================================================================
- Opens a gzip (.gz) file for reading or writing. The mode parameter
- is as in fopen ("rb" or "wb"). The file is given either by file descriptor
- or path name (if fd == -1).
- gz_open return NULL if the file could not be opened or if there was
- insufficient memory to allocate the (de)compression state; errno
- can be checked to distinguish the two cases (if errno is zero, the
- zlib error is Z_MEM_ERROR).
-*/
-local gzFile gz_open (path, mode, fd)
- const char *path;
- const char *mode;
- int fd;
-{
- int err;
- int level = Z_DEFAULT_COMPRESSION; /* compression level */
- char *p = (char*)mode;
- gz_stream *s;
- char fmode[80]; /* copy of mode, without the compression level */
- char *m = fmode;
-
- if (!path || !mode) return Z_NULL;
-
- s = (gz_stream *)ALLOC(sizeof(gz_stream));
- if (!s) return Z_NULL;
-
- s->stream.zalloc = (alloc_func)0;
- s->stream.zfree = (free_func)0;
- s->stream.opaque = (voidpf)0;
- s->stream.next_in = s->inbuf = Z_NULL;
- s->stream.next_out = s->outbuf = Z_NULL;
- s->stream.avail_in = s->stream.avail_out = 0;
- s->file = NULL;
- s->z_err = Z_OK;
- s->z_eof = 0;
- s->crc = crc32(0L, Z_NULL, 0);
- s->msg = NULL;
- s->transparent = 0;
-
- s->path = (char*)ALLOC(strlen(path)+1);
- if (s->path == NULL) {
- return destroy(s), (gzFile)Z_NULL;
- }
- strcpy(s->path, path); /* do this early for debugging */
-
- s->mode = '\0';
- do {
- if (*p == 'r') s->mode = 'r';
- if (*p == 'w' || *p == 'a') s->mode = 'w';
- if (*p >= '0' && *p <= '9') {
- level = *p - '0';
- } else {
- *m++ = *p; /* copy the mode */
- }
- } while (*p++ && m != fmode + sizeof(fmode));
- if (s->mode == '\0') return destroy(s), (gzFile)Z_NULL;
-
- if (s->mode == 'w') {
- err = deflateInit2(&(s->stream), level,
- Z_DEFLATED, -MAX_WBITS, DEF_MEM_LEVEL, 0);
- /* windowBits is passed < 0 to suppress zlib header */
-
- s->stream.next_out = s->outbuf = (Byte*)ALLOC(Z_BUFSIZE);
-
- if (err != Z_OK || s->outbuf == Z_NULL) {
- return destroy(s), (gzFile)Z_NULL;
- }
- } else {
- err = inflateInit2(&(s->stream), -MAX_WBITS);
- s->stream.next_in = s->inbuf = (Byte*)ALLOC(Z_BUFSIZE);
-
- if (err != Z_OK || s->inbuf == Z_NULL) {
- return destroy(s), (gzFile)Z_NULL;
- }
- }
- s->stream.avail_out = Z_BUFSIZE;
-
- errno = 0;
- s->file = fd < 0 ? FOPEN(path, fmode) : (FILE*)fdopen(fd, fmode);
-
- if (s->file == NULL) {
- return destroy(s), (gzFile)Z_NULL;
- }
- if (s->mode == 'w') {
- /* Write a very simple .gz header:
- */
- fprintf(s->file, "%c%c%c%c%c%c%c%c%c%c", gz_magic[0], gz_magic[1],
- Z_DEFLATED, 0 /*flags*/, 0,0,0,0 /*time*/, 0 /*xflags*/, OS_CODE);
- } else {
- check_header(s); /* skip the .gz header */
- }
- return (gzFile)s;
-}
-
-/* ===========================================================================
- Opens a gzip (.gz) file for reading or writing.
-*/
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern gzFile) gzopen (const char *path, const char *mode)
-#else
-extern gzFile EXPORT gzopen OF((const char *path, const char *mode))
-#endif
-{
- return gz_open (path, mode, -1);
-}
-
-/* ===========================================================================
- Associate a gzFile with the file descriptor fd. fd is not dup'ed here
- to mimic the behavio(u)r of fdopen.
-*/
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern gzFile) gzdopen (int fd, const char *mode)
-#else
-extern gzFile EXPORT gzdopen OF((int fd, const char *mode))
-#endif
-{
- char name[20];
-
- if (fd < 0) return (gzFile)Z_NULL;
- sprintf(name, "<fd:%d>", fd); /* for debugging */
-
- return gz_open (name, mode, fd);
-}
-
-/* ===========================================================================
- Read a byte from a gz_stream; update next_in and avail_in. Return EOF
- for end of file.
- IN assertion: the stream s has been sucessfully opened for reading.
-*/
-local int get_byte(s)
- gz_stream *s;
-{
- if (s->z_eof) return EOF;
- if (s->stream.avail_in == 0) {
- errno = 0;
- s->stream.avail_in = fread(s->inbuf, 1, Z_BUFSIZE, s->file);
- if (s->stream.avail_in == 0) {
- s->z_eof = 1;
- if (ferror(s->file)) s->z_err = Z_ERRNO;
- return EOF;
- }
- s->stream.next_in = s->inbuf;
- }
- s->stream.avail_in--;
- return *(s->stream.next_in)++;
-}
-
-/* ===========================================================================
- Check the gzip header of a gz_stream opened for reading. Set the stream
- mode to transparent if the gzip magic header is not present; set s->err
- to Z_DATA_ERROR if the magic header is present but the rest of the header
- is incorrect.
- IN assertion: the stream s has already been created sucessfully;
- s->stream.avail_in is zero for the first time, but may be non-zero
- for concatenated .gz files.
-*/
-local void check_header(s)
- gz_stream *s;
-{
- int method; /* method byte */
- int flags; /* flags byte */
- uInt len;
- int c;
-
- /* Check the gzip magic header */
- for (len = 0; len < 2; len++) {
- c = get_byte(s);
- if (c != gz_magic[len]) {
- s->transparent = 1;
- if (c != EOF) s->stream.avail_in++, s->stream.next_in--;
- s->z_err = s->stream.avail_in != 0 ? Z_OK : Z_STREAM_END;
- return;
- }
- }
- method = get_byte(s);
- flags = get_byte(s);
- if (method != Z_DEFLATED || (flags & RESERVED) != 0) {
- s->z_err = Z_DATA_ERROR;
- return;
- }
-
- /* Discard time, xflags and OS code: */
- for (len = 0; len < 6; len++) (void)get_byte(s);
-
- if ((flags & EXTRA_FIELD) != 0) { /* skip the extra field */
- len = (uInt)get_byte(s);
- len += ((uInt)get_byte(s))<<8;
- /* len is garbage if EOF but the loop below will quit anyway */
- while (len-- != 0 && get_byte(s) != EOF) ;
- }
- if ((flags & ORIG_NAME) != 0) { /* skip the original file name */
- while ((c = get_byte(s)) != 0 && c != EOF) ;
- }
- if ((flags & COMMENT) != 0) { /* skip the .gz file comment */
- while ((c = get_byte(s)) != 0 && c != EOF) ;
- }
- if ((flags & HEAD_CRC) != 0) { /* skip the header crc */
- for (len = 0; len < 2; len++) (void)get_byte(s);
- }
- s->z_err = s->z_eof ? Z_DATA_ERROR : Z_OK;
-}
-
- /* ===========================================================================
- * Cleanup then free the given gz_stream. Return a zlib error code.
- Try freeing in the reverse order of allocations.
- */
-local int destroy (s)
- gz_stream *s;
-{
- int err = Z_OK;
-
- if (!s) return Z_STREAM_ERROR;
-
- TRYFREE(s->msg);
-
- if (s->stream.state != NULL) {
- if (s->mode == 'w') {
- err = deflateEnd(&(s->stream));
- } else if (s->mode == 'r') {
- err = inflateEnd(&(s->stream));
- }
- }
- if (s->file != NULL && fclose(s->file)) {
- err = Z_ERRNO;
- }
- if (s->z_err < 0) err = s->z_err;
-
- TRYFREE(s->inbuf);
- TRYFREE(s->outbuf);
- TRYFREE(s->path);
- TRYFREE(s);
- return err;
-}
-
-/* ===========================================================================
- Reads the given number of uncompressed bytes from the compressed file.
- gzread returns the number of bytes actually read (0 for end of file).
-*/
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzread (gzFile file, voidp buf, unsigned len)
-#else
-extern int EXPORT gzread OF((gzFile file, voidp buf, unsigned len))
-#endif
-{
- gz_stream *s = (gz_stream*)file;
- Bytef *start = buf; /* starting point for crc computation */
- Byte *next_out; /* == stream.next_out but not forced far (for MSDOS) */
-
- if (s == NULL || s->mode != 'r') return Z_STREAM_ERROR;
-
- if (s->z_err == Z_DATA_ERROR || s->z_err == Z_ERRNO) return -1;
- if (s->z_err == Z_STREAM_END) return 0; /* EOF */
-
- s->stream.next_out = next_out = buf;
- s->stream.avail_out = len;
-
- while (s->stream.avail_out != 0) {
-
- if (s->transparent) {
- /* Copy first the lookahead bytes: */
- uInt n = s->stream.avail_in;
- if (n > s->stream.avail_out) n = s->stream.avail_out;
- if (n > 0) {
- zmemcpy(s->stream.next_out, s->stream.next_in, n);
- next_out += n;
- s->stream.next_out = next_out;
- s->stream.next_in += n;
- s->stream.avail_out -= n;
- s->stream.avail_in -= n;
- }
- if (s->stream.avail_out > 0) {
- s->stream.avail_out -= fread(next_out, 1, s->stream.avail_out,
- s->file);
- }
- return (int)(len - s->stream.avail_out);
- }
- if (s->stream.avail_in == 0 && !s->z_eof) {
-
- errno = 0;
- s->stream.avail_in = fread(s->inbuf, 1, Z_BUFSIZE, s->file);
- if (s->stream.avail_in == 0) {
- s->z_eof = 1;
- if (ferror(s->file)) {
- s->z_err = Z_ERRNO;
- break;
- }
- }
- s->stream.next_in = s->inbuf;
- }
- s->z_err = inflate(&(s->stream), Z_NO_FLUSH);
-
- if (s->z_err == Z_STREAM_END) {
- /* Check CRC and original size */
- s->crc = crc32(s->crc, start, (uInt)(s->stream.next_out - start));
- start = s->stream.next_out;
-
- if (getLong(s) != s->crc || getLong(s) != s->stream.total_out) {
- s->z_err = Z_DATA_ERROR;
- } else {
- /* Check for concatenated .gz files: */
- check_header(s);
- if (s->z_err == Z_OK) {
- inflateReset(&(s->stream));
- s->crc = crc32(0L, Z_NULL, 0);
- }
- }
- }
- if (s->z_err != Z_OK || s->z_eof) break;
- }
- s->crc = crc32(s->crc, start, (uInt)(s->stream.next_out - start));
-
- return (int)(len - s->stream.avail_out);
-}
-
-/* ===========================================================================
- Writes the given number of uncompressed bytes into the compressed file.
- gzwrite returns the number of bytes actually written (0 in case of error).
-*/
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzwrite (gzFile file, const voidp buf, unsigned len)
-#else
-extern int EXPORT gzwrite OF((gzFile file, const voidp buf, unsigned len))
-#endif
-{
- gz_stream *s = (gz_stream*)file;
-
- if (s == NULL || s->mode != 'w') return Z_STREAM_ERROR;
-
- s->stream.next_in = buf;
- s->stream.avail_in = len;
-
- while (s->stream.avail_in != 0) {
-
- if (s->stream.avail_out == 0) {
-
- s->stream.next_out = s->outbuf;
- if (fwrite(s->outbuf, 1, Z_BUFSIZE, s->file) != Z_BUFSIZE) {
- s->z_err = Z_ERRNO;
- break;
- }
- s->stream.avail_out = Z_BUFSIZE;
- }
- s->z_err = deflate(&(s->stream), Z_NO_FLUSH);
- if (s->z_err != Z_OK) break;
- }
- s->crc = crc32(s->crc, buf, len);
-
- return (int)(len - s->stream.avail_in);
-}
-
-/* ===========================================================================
- Flushes all pending output into the compressed file. The parameter
- flush is as in the deflate() function.
- gzflush should be called only when strictly necessary because it can
- degrade compression.
-*/
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzflush (gzFile file, int flush)
-#else
-extern int EXPORT gzflush OF((gzFile file, int flush))
-#endif
-{
- uInt len;
- int done = 0;
- gz_stream *s = (gz_stream*)file;
-
- if (s == NULL || s->mode != 'w') return Z_STREAM_ERROR;
-
- s->stream.avail_in = 0; /* should be zero already anyway */
-
- for (;;) {
- len = Z_BUFSIZE - s->stream.avail_out;
-
- if (len != 0) {
- if ((uInt)fwrite(s->outbuf, 1, len, s->file) != len) {
- s->z_err = Z_ERRNO;
- return Z_ERRNO;
- }
- s->stream.next_out = s->outbuf;
- s->stream.avail_out = Z_BUFSIZE;
- }
- if (done) break;
- s->z_err = deflate(&(s->stream), flush);
-
- /* deflate has finished flushing only when it hasn't used up
- * all the available space in the output buffer:
- */
- done = (s->stream.avail_out != 0 || s->z_err == Z_STREAM_END);
-
- if (s->z_err != Z_OK && s->z_err != Z_STREAM_END) break;
- }
- fflush(s->file);
- return s->z_err == Z_STREAM_END ? Z_OK : s->z_err;
-}
-
-/* ===========================================================================
- Outputs a long in LSB order to the given file
-*/
-local void putLong (file, x)
- FILE *file;
- uLong x;
-{
- int n;
- for (n = 0; n < 4; n++) {
- fputc((int)(x & 0xff), file);
- x >>= 8;
- }
-}
-
-/* ===========================================================================
- Reads a long in LSB order from the given gz_stream. Sets
-*/
-local uLong getLong (s)
- gz_stream *s;
-{
- uLong x = (uLong)get_byte(s);
- int c;
-
- x += ((uLong)get_byte(s))<<8;
- x += ((uLong)get_byte(s))<<16;
- c = get_byte(s);
- if (c == EOF) s->z_err = Z_DATA_ERROR;
- x += ((uLong)c)<<24;
- return x;
-}
-
-/* ===========================================================================
- Flushes all pending output if necessary, closes the compressed file
- and deallocates all the (de)compression state.
-*/
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzclose (gzFile file)
-#else
-extern int EXPORT gzclose OF((gzFile file))
-#endif
-{
- int err;
- gz_stream *s = (gz_stream*)file;
-
- if (s == NULL) return Z_STREAM_ERROR;
-
- if (s->mode == 'w') {
- err = gzflush (file, Z_FINISH);
- if (err != Z_OK) return destroy(file);
-
- putLong (s->file, s->crc);
- putLong (s->file, s->stream.total_in);
-
- }
- return destroy(file);
-}
-
-/* ===========================================================================
- Returns the error message for the last error which occured on the
- given compressed file. errnum is set to zlib error number. If an
- error occured in the file system and not in the compression library,
- errnum is set to Z_ERRNO and the application may consult errno
- to get the exact error code.
-*/
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern const char *) gzerror (gzFile file, int *errnum)
-#else
-extern const char * EXPORT gzerror OF((gzFile file, int *errnum))
-#endif
-{
- char *m;
- gz_stream *s = (gz_stream*)file;
-
- if (s == NULL) {
- *errnum = Z_STREAM_ERROR;
- return (const char*)ERR_MSG(Z_STREAM_ERROR);
- }
- *errnum = s->z_err;
- if (*errnum == Z_OK) return (const char*)"";
-
- m = (char*)(*errnum == Z_ERRNO ? zstrerror(errno) : s->stream.msg);
-
- if (m == NULL || *m == '\0') m = (char*)ERR_MSG(s->z_err);
-
- TRYFREE(s->msg);
- s->msg = (char*)ALLOC(strlen(s->path) + strlen(m) + 3);
- strcpy(s->msg, s->path);
- strcat(s->msg, ": ");
- strcat(s->msg, m);
- return (const char*)s->msg;
-}
diff --git a/security/nss/cmd/zlib/infblock.c b/security/nss/cmd/zlib/infblock.c
deleted file mode 100644
index 8eddbafed..000000000
--- a/security/nss/cmd/zlib/infblock.c
+++ /dev/null
@@ -1,406 +0,0 @@
-/* infblock.c -- interpret and process block types to last block
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-
-#include "zutil.h"
-#include "infblock.h"
-#include "inftrees.h"
-#include "infcodes.h"
-#include "infutil.h"
-
-struct inflate_codes_state {int dummy;}; /* for buggy compilers */
-
-/* Table for deflate from PKZIP's appnote.txt. */
-local uInt border[] = { /* Order of the bit length code lengths */
- 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
-
-/*
- Notes beyond the 1.93a appnote.txt:
-
- 1. Distance pointers never point before the beginning of the output
- stream.
- 2. Distance pointers can point back across blocks, up to 32k away.
- 3. There is an implied maximum of 7 bits for the bit length table and
- 15 bits for the actual data.
- 4. If only one code exists, then it is encoded using one bit. (Zero
- would be more efficient, but perhaps a little confusing.) If two
- codes exist, they are coded using one bit each (0 and 1).
- 5. There is no way of sending zero distance codes--a dummy must be
- sent if there are none. (History: a pre 2.0 version of PKZIP would
- store blocks with no distance codes, but this was discovered to be
- too harsh a criterion.) Valid only for 1.93a. 2.04c does allow
- zero distance codes, which is sent as one code of zero bits in
- length.
- 6. There are up to 286 literal/length codes. Code 256 represents the
- end-of-block. Note however that the static length tree defines
- 288 codes just to fill out the Huffman codes. Codes 286 and 287
- cannot be used though, since there is no length base or extra bits
- defined for them. Similarily, there are up to 30 distance codes.
- However, static trees define 32 codes (all 5 bits) to fill out the
- Huffman codes, but the last two had better not show up in the data.
- 7. Unzip can check dynamic Huffman blocks for complete code sets.
- The exception is that a single code would not be complete (see #4).
- 8. The five bits following the block type is really the number of
- literal codes sent minus 257.
- 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits
- (1+6+6). Therefore, to output three times the length, you output
- three codes (1+1+1), whereas to output four times the same length,
- you only need two codes (1+3). Hmm.
- 10. In the tree reconstruction algorithm, Code = Code + Increment
- only if BitLength(i) is not zero. (Pretty obvious.)
- 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19)
- 12. Note: length code 284 can represent 227-258, but length code 285
- really is 258. The last length deserves its own, short code
- since it gets used a lot in very redundant files. The length
- 258 is special since 258 - 3 (the min match length) is 255.
- 13. The literal/length and distance code bit lengths are read as a
- single stream of lengths. It is possible (and advantageous) for
- a repeat code (16, 17, or 18) to go across the boundary between
- the two sets of lengths.
- */
-
-
-void inflate_blocks_reset(s, z, c)
-inflate_blocks_statef *s;
-z_streamp z;
-uLongf *c;
-{
- if (s->checkfn != Z_NULL)
- *c = s->check;
- if (s->mode == BTREE || s->mode == DTREE)
- ZFREE(z, s->sub.trees.blens);
- if (s->mode == CODES)
- {
- inflate_codes_free(s->sub.decode.codes, z);
- inflate_trees_free(s->sub.decode.td, z);
- inflate_trees_free(s->sub.decode.tl, z);
- }
- s->mode = TYPE;
- s->bitk = 0;
- s->bitb = 0;
- s->read = s->write = s->window;
- if (s->checkfn != Z_NULL)
- z->adler = s->check = (*s->checkfn)(0L, Z_NULL, 0);
- Trace((stderr, "inflate: blocks reset\n"));
-}
-
-
-inflate_blocks_statef *inflate_blocks_new(z, c, w)
-z_streamp z;
-check_func c;
-uInt w;
-{
- inflate_blocks_statef *s;
-
- if ((s = (inflate_blocks_statef *)ZALLOC
- (z,1,sizeof(struct inflate_blocks_state))) == Z_NULL)
- return s;
- if ((s->window = (Bytef *)ZALLOC(z, 1, w)) == Z_NULL)
- {
- ZFREE(z, s);
- return Z_NULL;
- }
- s->end = s->window + w;
- s->checkfn = c;
- s->mode = TYPE;
- Trace((stderr, "inflate: blocks allocated\n"));
- inflate_blocks_reset(s, z, &s->check);
- return s;
-}
-
-
-#ifdef DEBUG
- extern uInt inflate_hufts;
-#endif
-int inflate_blocks(s, z, r)
-inflate_blocks_statef *s;
-z_streamp z;
-int r;
-{
- uInt t; /* temporary storage */
- uLong b; /* bit buffer */
- uInt k; /* bits in bit buffer */
- Bytef *p; /* input data pointer */
- uInt n; /* bytes available there */
- Bytef *q; /* output window write pointer */
- uInt m; /* bytes to end of window or read pointer */
-
- /* copy input/output information to locals (UPDATE macro restores) */
- LOAD
-
- /* process input based on current state */
- while (1) switch (s->mode)
- {
- case TYPE:
- NEEDBITS(3)
- t = (uInt)b & 7;
- s->last = t & 1;
- switch (t >> 1)
- {
- case 0: /* stored */
- Trace((stderr, "inflate: stored block%s\n",
- s->last ? " (last)" : ""));
- DUMPBITS(3)
- t = k & 7; /* go to byte boundary */
- DUMPBITS(t)
- s->mode = LENS; /* get length of stored block */
- break;
- case 1: /* fixed */
- Trace((stderr, "inflate: fixed codes block%s\n",
- s->last ? " (last)" : ""));
- {
- uInt bl, bd;
- inflate_huft *tl, *td;
-
- inflate_trees_fixed(&bl, &bd, &tl, &td);
- s->sub.decode.codes = inflate_codes_new(bl, bd, tl, td, z);
- if (s->sub.decode.codes == Z_NULL)
- {
- r = Z_MEM_ERROR;
- LEAVE
- }
- s->sub.decode.tl = Z_NULL; /* don't try to free these */
- s->sub.decode.td = Z_NULL;
- }
- DUMPBITS(3)
- s->mode = CODES;
- break;
- case 2: /* dynamic */
- Trace((stderr, "inflate: dynamic codes block%s\n",
- s->last ? " (last)" : ""));
- DUMPBITS(3)
- s->mode = TABLE;
- break;
- case 3: /* illegal */
- DUMPBITS(3)
- s->mode = BAD;
- z->msg = (char*)"invalid block type";
- r = Z_DATA_ERROR;
- LEAVE
- }
- break;
- case LENS:
- NEEDBITS(32)
- if ((((~b) >> 16) & 0xffff) != (b & 0xffff))
- {
- s->mode = BAD;
- z->msg = (char*)"invalid stored block lengths";
- r = Z_DATA_ERROR;
- LEAVE
- }
- s->sub.left = (uInt)b & 0xffff;
- b = k = 0; /* dump bits */
- Tracev((stderr, "inflate: stored length %u\n", s->sub.left));
- s->mode = s->sub.left ? STORED : (s->last ? DRY : TYPE);
- break;
- case STORED:
- if (n == 0)
- LEAVE
- NEEDOUT
- t = s->sub.left;
- if (t > n) t = n;
- if (t > m) t = m;
- zmemcpy(q, p, t);
- p += t; n -= t;
- q += t; m -= t;
- if ((s->sub.left -= t) != 0)
- break;
- Tracev((stderr, "inflate: stored end, %lu total out\n",
- z->total_out + (q >= s->read ? q - s->read :
- (s->end - s->read) + (q - s->window))));
- s->mode = s->last ? DRY : TYPE;
- break;
- case TABLE:
- NEEDBITS(14)
- s->sub.trees.table = t = (uInt)b & 0x3fff;
-#ifndef PKZIP_BUG_WORKAROUND
- if ((t & 0x1f) > 29 || ((t >> 5) & 0x1f) > 29)
- {
- s->mode = BAD;
- z->msg = (char*)"too many length or distance symbols";
- r = Z_DATA_ERROR;
- LEAVE
- }
-#endif
- t = 258 + (t & 0x1f) + ((t >> 5) & 0x1f);
- if (t < 19)
- t = 19;
- if ((s->sub.trees.blens = (uIntf*)ZALLOC(z, t, sizeof(uInt))) == Z_NULL)
- {
- r = Z_MEM_ERROR;
- LEAVE
- }
- DUMPBITS(14)
- s->sub.trees.index = 0;
- Tracev((stderr, "inflate: table sizes ok\n"));
- s->mode = BTREE;
- case BTREE:
- while (s->sub.trees.index < 4 + (s->sub.trees.table >> 10))
- {
- NEEDBITS(3)
- s->sub.trees.blens[border[s->sub.trees.index++]] = (uInt)b & 7;
- DUMPBITS(3)
- }
- while (s->sub.trees.index < 19)
- s->sub.trees.blens[border[s->sub.trees.index++]] = 0;
- s->sub.trees.bb = 7;
- t = inflate_trees_bits(s->sub.trees.blens, &s->sub.trees.bb,
- &s->sub.trees.tb, z);
- if (t != Z_OK)
- {
- ZFREE(z, s->sub.trees.blens);
- r = t;
- if (r == Z_DATA_ERROR)
- s->mode = BAD;
- LEAVE
- }
- s->sub.trees.index = 0;
- Tracev((stderr, "inflate: bits tree ok\n"));
- s->mode = DTREE;
- case DTREE:
- while (t = s->sub.trees.table,
- s->sub.trees.index < 258 + (t & 0x1f) + ((t >> 5) & 0x1f))
- {
- inflate_huft *h;
- uInt i, j, c;
-
- t = s->sub.trees.bb;
- NEEDBITS(t)
- h = s->sub.trees.tb + ((uInt)b & inflate_mask[t]);
- t = h->word.what.Bits;
- c = h->more.Base;
- if (c < 16)
- {
- DUMPBITS(t)
- s->sub.trees.blens[s->sub.trees.index++] = c;
- }
- else /* c == 16..18 */
- {
- i = c == 18 ? 7 : c - 14;
- j = c == 18 ? 11 : 3;
- NEEDBITS(t + i)
- DUMPBITS(t)
- j += (uInt)b & inflate_mask[i];
- DUMPBITS(i)
- i = s->sub.trees.index;
- t = s->sub.trees.table;
- if (i + j > 258 + (t & 0x1f) + ((t >> 5) & 0x1f) ||
- (c == 16 && i < 1))
- {
- inflate_trees_free(s->sub.trees.tb, z);
- ZFREE(z, s->sub.trees.blens);
- s->mode = BAD;
- z->msg = (char*)"invalid bit length repeat";
- r = Z_DATA_ERROR;
- LEAVE
- }
- c = c == 16 ? s->sub.trees.blens[i - 1] : 0;
- do {
- s->sub.trees.blens[i++] = c;
- } while (--j);
- s->sub.trees.index = i;
- }
- }
- inflate_trees_free(s->sub.trees.tb, z);
- s->sub.trees.tb = Z_NULL;
- {
- uInt bl, bd;
- inflate_huft *tl, *td;
- inflate_codes_statef *c;
-
- bl = 9; /* must be <= 9 for lookahead assumptions */
- bd = 6; /* must be <= 9 for lookahead assumptions */
- t = s->sub.trees.table;
-#ifdef DEBUG
- inflate_hufts = 0;
-#endif
- t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
- s->sub.trees.blens, &bl, &bd, &tl, &td, z);
- ZFREE(z, s->sub.trees.blens);
- if (t != Z_OK)
- {
- if (t == (uInt)Z_DATA_ERROR)
- s->mode = BAD;
- r = t;
- LEAVE
- }
- Tracev((stderr, "inflate: trees ok, %d * %d bytes used\n",
- inflate_hufts, sizeof(inflate_huft)));
- if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL)
- {
- inflate_trees_free(td, z);
- inflate_trees_free(tl, z);
- r = Z_MEM_ERROR;
- LEAVE
- }
- s->sub.decode.codes = c;
- s->sub.decode.tl = tl;
- s->sub.decode.td = td;
- }
- s->mode = CODES;
- case CODES:
- UPDATE
- if ((r = inflate_codes(s, z, r)) != Z_STREAM_END)
- return inflate_flush(s, z, r);
- r = Z_OK;
- inflate_codes_free(s->sub.decode.codes, z);
- inflate_trees_free(s->sub.decode.td, z);
- inflate_trees_free(s->sub.decode.tl, z);
- LOAD
- Tracev((stderr, "inflate: codes end, %lu total out\n",
- z->total_out + (q >= s->read ? q - s->read :
- (s->end - s->read) + (q - s->window))));
- if (!s->last)
- {
- s->mode = TYPE;
- break;
- }
- if (k > 7) /* return unused byte, if any */
- {
- Assert(k < 16, "inflate_codes grabbed too many bytes")
- k -= 8;
- n++;
- p--; /* can always return one */
- }
- s->mode = DRY;
- case DRY:
- FLUSH
- if (s->read != s->write)
- LEAVE
- s->mode = DONE;
- case DONE:
- r = Z_STREAM_END;
- LEAVE
- case BAD:
- r = Z_DATA_ERROR;
- LEAVE
- default:
- r = Z_STREAM_ERROR;
- LEAVE
- }
-}
-
-
-int inflate_blocks_free(s, z, c)
-inflate_blocks_statef *s;
-z_streamp z;
-uLongf *c;
-{
- inflate_blocks_reset(s, z, c);
- ZFREE(z, s->window);
- ZFREE(z, s);
- Trace((stderr, "inflate: blocks freed\n"));
- return Z_OK;
-}
-
-
-void inflate_set_dictionary(s, d, n)
-inflate_blocks_statef *s;
-const Bytef *d;
-uInt n;
-{
- zmemcpy((charf *)s->window, d, n);
- s->read = s->write = s->window + n;
-}
diff --git a/security/nss/cmd/zlib/infblock.h b/security/nss/cmd/zlib/infblock.h
deleted file mode 100644
index 3ecd50cd3..000000000
--- a/security/nss/cmd/zlib/infblock.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/* infblock.h -- header to use infblock.c
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-struct inflate_blocks_state;
-typedef struct inflate_blocks_state FAR inflate_blocks_statef;
-
-extern inflate_blocks_statef * inflate_blocks_new OF((
- z_streamp z,
- check_func c, /* check function */
- uInt w)); /* window size */
-
-extern int inflate_blocks OF((
- inflate_blocks_statef *,
- z_streamp ,
- int)); /* initial return code */
-
-extern void inflate_blocks_reset OF((
- inflate_blocks_statef *,
- z_streamp ,
- uLongf *)); /* check value on output */
-
-extern int inflate_blocks_free OF((
- inflate_blocks_statef *,
- z_streamp ,
- uLongf *)); /* check value on output */
-
-extern void inflate_set_dictionary OF((
- inflate_blocks_statef *s,
- const Bytef *d, /* dictionary */
- uInt n)); /* dictionary length */
diff --git a/security/nss/cmd/zlib/infcodes.c b/security/nss/cmd/zlib/infcodes.c
deleted file mode 100644
index 3ae3818a1..000000000
--- a/security/nss/cmd/zlib/infcodes.c
+++ /dev/null
@@ -1,247 +0,0 @@
-/* infcodes.c -- process literals and length/distance pairs
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-#include "zutil.h"
-#include "inftrees.h"
-#include "infblock.h"
-#include "infcodes.h"
-#include "infutil.h"
-#include "inffast.h"
-
-/* simplify the use of the inflate_huft type with some defines */
-#define base more.Base
-#define next more.Next
-#define exop word.what.Exop
-#define bits word.what.Bits
-
-/* inflate codes private state */
-struct inflate_codes_state {
-
- /* mode */
- enum { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */
- START, /* x: set up for LEN */
- LEN, /* i: get length/literal/eob next */
- LENEXT, /* i: getting length extra (have base) */
- DIST, /* i: get distance next */
- DISTEXT, /* i: getting distance extra */
- COPY, /* o: copying bytes in window, waiting for space */
- LIT, /* o: got literal, waiting for output space */
- WASH, /* o: got eob, possibly still output waiting */
- END, /* x: got eob and all data flushed */
- BADCODE} /* x: got error */
- mode; /* current inflate_codes mode */
-
- /* mode dependent information */
- uInt len;
- union {
- struct {
- inflate_huft *tree; /* pointer into tree */
- uInt need; /* bits needed */
- } code; /* if LEN or DIST, where in tree */
- uInt lit; /* if LIT, literal */
- struct {
- uInt get; /* bits to get for extra */
- uInt dist; /* distance back to copy from */
- } copy; /* if EXT or COPY, where and how much */
- } sub; /* submode */
-
- /* mode independent information */
- Byte lbits; /* ltree bits decoded per branch */
- Byte dbits; /* dtree bits decoder per branch */
- inflate_huft *ltree; /* literal/length/eob tree */
- inflate_huft *dtree; /* distance tree */
-
-};
-
-
-inflate_codes_statef *inflate_codes_new(bl, bd, tl, td, z)
-uInt bl, bd;
-inflate_huft *tl;
-inflate_huft *td; /* need separate declaration for Borland C++ */
-z_streamp z;
-{
- inflate_codes_statef *c;
-
- if ((c = (inflate_codes_statef *)
- ZALLOC(z,1,sizeof(struct inflate_codes_state))) != Z_NULL)
- {
- c->mode = START;
- c->lbits = (Byte)bl;
- c->dbits = (Byte)bd;
- c->ltree = tl;
- c->dtree = td;
- Tracev((stderr, "inflate: codes new\n"));
- }
- return c;
-}
-
-
-int inflate_codes(s, z, r)
-inflate_blocks_statef *s;
-z_streamp z;
-int r;
-{
- uInt j; /* temporary storage */
- inflate_huft *t; /* temporary pointer */
- uInt e; /* extra bits or operation */
- uLong b; /* bit buffer */
- uInt k; /* bits in bit buffer */
- Bytef *p; /* input data pointer */
- uInt n; /* bytes available there */
- Bytef *q; /* output window write pointer */
- uInt m; /* bytes to end of window or read pointer */
- Bytef *f; /* pointer to copy strings from */
- inflate_codes_statef *c = s->sub.decode.codes; /* codes state */
-
- /* copy input/output information to locals (UPDATE macro restores) */
- LOAD
-
- /* process input and output based on current state */
- while (1) switch (c->mode)
- { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */
- case START: /* x: set up for LEN */
-#ifndef SLOW
- if (m >= 258 && n >= 10)
- {
- UPDATE
- r = inflate_fast(c->lbits, c->dbits, c->ltree, c->dtree, s, z);
- LOAD
- if (r != Z_OK)
- {
- c->mode = r == Z_STREAM_END ? WASH : BADCODE;
- break;
- }
- }
-#endif /* !SLOW */
- c->sub.code.need = c->lbits;
- c->sub.code.tree = c->ltree;
- c->mode = LEN;
- case LEN: /* i: get length/literal/eob next */
- j = c->sub.code.need;
- NEEDBITS(j)
- t = c->sub.code.tree + ((uInt)b & inflate_mask[j]);
- DUMPBITS(t->bits)
- e = (uInt)(t->exop);
- if (e == 0) /* literal */
- {
- c->sub.lit = t->base;
- Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ?
- "inflate: literal '%c'\n" :
- "inflate: literal 0x%02x\n", t->base));
- c->mode = LIT;
- break;
- }
- if (e & 16) /* length */
- {
- c->sub.copy.get = e & 15;
- c->len = t->base;
- c->mode = LENEXT;
- break;
- }
- if ((e & 64) == 0) /* next table */
- {
- c->sub.code.need = e;
- c->sub.code.tree = t->next;
- break;
- }
- if (e & 32) /* end of block */
- {
- Tracevv((stderr, "inflate: end of block\n"));
- c->mode = WASH;
- break;
- }
- c->mode = BADCODE; /* invalid code */
- z->msg = (char*)"invalid literal/length code";
- r = Z_DATA_ERROR;
- LEAVE
- case LENEXT: /* i: getting length extra (have base) */
- j = c->sub.copy.get;
- NEEDBITS(j)
- c->len += (uInt)b & inflate_mask[j];
- DUMPBITS(j)
- c->sub.code.need = c->dbits;
- c->sub.code.tree = c->dtree;
- Tracevv((stderr, "inflate: length %u\n", c->len));
- c->mode = DIST;
- case DIST: /* i: get distance next */
- j = c->sub.code.need;
- NEEDBITS(j)
- t = c->sub.code.tree + ((uInt)b & inflate_mask[j]);
- DUMPBITS(t->bits)
- e = (uInt)(t->exop);
- if (e & 16) /* distance */
- {
- c->sub.copy.get = e & 15;
- c->sub.copy.dist = t->base;
- c->mode = DISTEXT;
- break;
- }
- if ((e & 64) == 0) /* next table */
- {
- c->sub.code.need = e;
- c->sub.code.tree = t->next;
- break;
- }
- c->mode = BADCODE; /* invalid code */
- z->msg = (char*)"invalid distance code";
- r = Z_DATA_ERROR;
- LEAVE
- case DISTEXT: /* i: getting distance extra */
- j = c->sub.copy.get;
- NEEDBITS(j)
- c->sub.copy.dist += (uInt)b & inflate_mask[j];
- DUMPBITS(j)
- Tracevv((stderr, "inflate: distance %u\n", c->sub.copy.dist));
- c->mode = COPY;
- case COPY: /* o: copying bytes in window, waiting for space */
-#ifndef __TURBOC__ /* Turbo C bug for following expression */
- f = (uInt)(q - s->window) < c->sub.copy.dist ?
- s->end - (c->sub.copy.dist - (q - s->window)) :
- q - c->sub.copy.dist;
-#else
- f = q - c->sub.copy.dist;
- if ((uInt)(q - s->window) < c->sub.copy.dist)
- f = s->end - (c->sub.copy.dist - (uInt)(q - s->window));
-#endif
- while (c->len)
- {
- NEEDOUT
- OUTBYTE(*f++)
- if (f == s->end)
- f = s->window;
- c->len--;
- }
- c->mode = START;
- break;
- case LIT: /* o: got literal, waiting for output space */
- NEEDOUT
- OUTBYTE(c->sub.lit)
- c->mode = START;
- break;
- case WASH: /* o: got eob, possibly more output */
- FLUSH
- if (s->read != s->write)
- LEAVE
- c->mode = END;
- case END:
- r = Z_STREAM_END;
- LEAVE
- case BADCODE: /* x: got error */
- r = Z_DATA_ERROR;
- LEAVE
- default:
- r = Z_STREAM_ERROR;
- LEAVE
- }
-}
-
-
-void inflate_codes_free(c, z)
-inflate_codes_statef *c;
-z_streamp z;
-{
- ZFREE(z, c);
- Tracev((stderr, "inflate: codes free\n"));
-}
diff --git a/security/nss/cmd/zlib/infcodes.h b/security/nss/cmd/zlib/infcodes.h
deleted file mode 100644
index c2c38df2c..000000000
--- a/security/nss/cmd/zlib/infcodes.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/* infcodes.h -- header to use infcodes.c
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-struct inflate_codes_state;
-typedef struct inflate_codes_state FAR inflate_codes_statef;
-
-extern inflate_codes_statef *inflate_codes_new OF((
- uInt, uInt,
- inflate_huft *, inflate_huft *,
- z_streamp ));
-
-extern int inflate_codes OF((
- inflate_blocks_statef *,
- z_streamp ,
- int));
-
-extern void inflate_codes_free OF((
- inflate_codes_statef *,
- z_streamp ));
-
diff --git a/security/nss/cmd/zlib/inffast.c b/security/nss/cmd/zlib/inffast.c
deleted file mode 100644
index 86eee4a29..000000000
--- a/security/nss/cmd/zlib/inffast.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/* inffast.c -- process literals and length/distance pairs fast
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-#include "zutil.h"
-#include "inftrees.h"
-#include "infblock.h"
-#include "infcodes.h"
-#include "infutil.h"
-#include "inffast.h"
-
-struct inflate_codes_state {int dummy;}; /* for buggy compilers */
-
-/* simplify the use of the inflate_huft type with some defines */
-#define base more.Base
-#define next more.Next
-#define exop word.what.Exop
-#define bits word.what.Bits
-
-/* macros for bit input with no checking and for returning unused bytes */
-#define GRABBITS(j) {while(k<(j)){b|=((uLong)NEXTBYTE)<<k;k+=8;}}
-#define UNGRAB {n+=(c=k>>3);p-=c;k&=7;}
-
-/* Called with number of bytes left to write in window at least 258
- (the maximum string length) and number of input bytes available
- at least ten. The ten bytes are six bytes for the longest length/
- distance pair plus four bytes for overloading the bit buffer. */
-
-int inflate_fast(bl, bd, tl, td, s, z)
-uInt bl, bd;
-inflate_huft *tl;
-inflate_huft *td; /* need separate declaration for Borland C++ */
-inflate_blocks_statef *s;
-z_streamp z;
-{
- inflate_huft *t; /* temporary pointer */
- uInt e; /* extra bits or operation */
- uLong b; /* bit buffer */
- uInt k; /* bits in bit buffer */
- Bytef *p; /* input data pointer */
- uInt n; /* bytes available there */
- Bytef *q; /* output window write pointer */
- uInt m; /* bytes to end of window or read pointer */
- uInt ml; /* mask for literal/length tree */
- uInt md; /* mask for distance tree */
- uInt c; /* bytes to copy */
- uInt d; /* distance back to copy from */
- Bytef *r; /* copy source pointer */
-
- /* load input, output, bit values */
- LOAD
-
- /* initialize masks */
- ml = inflate_mask[bl];
- md = inflate_mask[bd];
-
- /* do until not enough input or output space for fast loop */
- do { /* assume called with m >= 258 && n >= 10 */
- /* get literal/length code */
- GRABBITS(20) /* max bits for literal/length code */
- if ((e = (t = tl + ((uInt)b & ml))->exop) == 0)
- {
- DUMPBITS(t->bits)
- Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ?
- "inflate: * literal '%c'\n" :
- "inflate: * literal 0x%02x\n", t->base));
- *q++ = (Byte)t->base;
- m--;
- continue;
- }
- do {
- DUMPBITS(t->bits)
- if (e & 16)
- {
- /* get extra bits for length */
- e &= 15;
- c = t->base + ((uInt)b & inflate_mask[e]);
- DUMPBITS(e)
- Tracevv((stderr, "inflate: * length %u\n", c));
-
- /* decode distance base of block to copy */
- GRABBITS(15); /* max bits for distance code */
- e = (t = td + ((uInt)b & md))->exop;
- do {
- DUMPBITS(t->bits)
- if (e & 16)
- {
- /* get extra bits to add to distance base */
- e &= 15;
- GRABBITS(e) /* get extra bits (up to 13) */
- d = t->base + ((uInt)b & inflate_mask[e]);
- DUMPBITS(e)
- Tracevv((stderr, "inflate: * distance %u\n", d));
-
- /* do the copy */
- m -= c;
- if ((uInt)(q - s->window) >= d) /* offset before dest */
- { /* just copy */
- r = q - d;
- *q++ = *r++; c--; /* minimum count is three, */
- *q++ = *r++; c--; /* so unroll loop a little */
- }
- else /* else offset after destination */
- {
- e = d - (uInt)(q - s->window); /* bytes from offset to end */
- r = s->end - e; /* pointer to offset */
- if (c > e) /* if source crosses, */
- {
- c -= e; /* copy to end of window */
- do {
- *q++ = *r++;
- } while (--e);
- r = s->window; /* copy rest from start of window */
- }
- }
- do { /* copy all or what's left */
- *q++ = *r++;
- } while (--c);
- break;
- }
- else if ((e & 64) == 0)
- e = (t = t->next + ((uInt)b & inflate_mask[e]))->exop;
- else
- {
- z->msg = (char*)"invalid distance code";
- UNGRAB
- UPDATE
- return Z_DATA_ERROR;
- }
- } while (1);
- break;
- }
- if ((e & 64) == 0)
- {
- if ((e = (t = t->next + ((uInt)b & inflate_mask[e]))->exop) == 0)
- {
- DUMPBITS(t->bits)
- Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ?
- "inflate: * literal '%c'\n" :
- "inflate: * literal 0x%02x\n", t->base));
- *q++ = (Byte)t->base;
- m--;
- break;
- }
- }
- else if (e & 32)
- {
- Tracevv((stderr, "inflate: * end of block\n"));
- UNGRAB
- UPDATE
- return Z_STREAM_END;
- }
- else
- {
- z->msg = (char*)"invalid literal/length code";
- UNGRAB
- UPDATE
- return Z_DATA_ERROR;
- }
- } while (1);
- } while (m >= 258 && n >= 10);
-
- /* not enough input or output--restore pointers and return */
- UNGRAB
- UPDATE
- return Z_OK;
-}
diff --git a/security/nss/cmd/zlib/inffast.h b/security/nss/cmd/zlib/inffast.h
deleted file mode 100644
index 8cc644efb..000000000
--- a/security/nss/cmd/zlib/inffast.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/* inffast.h -- header to use inffast.c
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-extern int inflate_fast OF((
- uInt,
- uInt,
- inflate_huft *,
- inflate_huft *,
- inflate_blocks_statef *,
- z_streamp ));
diff --git a/security/nss/cmd/zlib/inflate.c b/security/nss/cmd/zlib/inflate.c
deleted file mode 100644
index 8cd0c141c..000000000
--- a/security/nss/cmd/zlib/inflate.c
+++ /dev/null
@@ -1,346 +0,0 @@
-/* inflate.c -- zlib interface to inflate modules
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-
-#include "zutil.h"
-#include "infblock.h"
-
-struct inflate_blocks_state {int dummy;}; /* for buggy compilers */
-
-/* inflate private state */
-struct internal_state {
-
- /* mode */
- enum {
- METHOD, /* waiting for method byte */
- FLAG, /* waiting for flag byte */
- DICT4, /* four dictionary check bytes to go */
- DICT3, /* three dictionary check bytes to go */
- DICT2, /* two dictionary check bytes to go */
- DICT1, /* one dictionary check byte to go */
- DICT0, /* waiting for inflateSetDictionary */
- BLOCKS, /* decompressing blocks */
- CHECK4, /* four check bytes to go */
- CHECK3, /* three check bytes to go */
- CHECK2, /* two check bytes to go */
- CHECK1, /* one check byte to go */
- DONE, /* finished check, done */
- BAD} /* got an error--stay here */
- mode; /* current inflate mode */
-
- /* mode dependent information */
- union {
- uInt method; /* if FLAGS, method byte */
- struct {
- uLong was; /* computed check value */
- uLong need; /* stream check value */
- } check; /* if CHECK, check values to compare */
- uInt marker; /* if BAD, inflateSync's marker bytes count */
- } sub; /* submode */
-
- /* mode independent information */
- int nowrap; /* flag for no wrapper */
- uInt wbits; /* log2(window size) (8..15, defaults to 15) */
- inflate_blocks_statef
- *blocks; /* current inflate_blocks state */
-
-};
-
-
-PR_PUBLIC_API(int) inflateReset(z)
-z_streamp z;
-{
- uLong c;
-
- if (z == Z_NULL || z->state == Z_NULL)
- return Z_STREAM_ERROR;
- z->total_in = z->total_out = 0;
- z->msg = Z_NULL;
- z->state->mode = z->state->nowrap ? BLOCKS : METHOD;
- inflate_blocks_reset(z->state->blocks, z, &c);
- Trace((stderr, "inflate: reset\n"));
- return Z_OK;
-}
-
-
-PR_PUBLIC_API(int) inflateEnd(z)
-z_streamp z;
-{
- uLong c;
-
- if (z == Z_NULL || z->state == Z_NULL || z->zfree == Z_NULL)
- return Z_STREAM_ERROR;
- if (z->state->blocks != Z_NULL)
- inflate_blocks_free(z->state->blocks, z, &c);
- ZFREE(z, z->state);
- z->state = Z_NULL;
- Trace((stderr, "inflate: end\n"));
- return Z_OK;
-}
-
-
-PR_PUBLIC_API(int) inflateInit2_(z, w, version, stream_size)
-z_streamp z;
-int w;
-const char *version;
-int stream_size;
-{
- if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
- stream_size != sizeof(z_stream))
- return Z_VERSION_ERROR;
-
- /* initialize state */
- if (z == Z_NULL)
- return Z_STREAM_ERROR;
- z->msg = Z_NULL;
- if (z->zalloc == Z_NULL)
- {
- z->zalloc = zcalloc;
- z->opaque = (voidpf)0;
- }
- if (z->zfree == Z_NULL) z->zfree = zcfree;
- if ((z->state = (struct internal_state FAR *)
- ZALLOC(z,1,sizeof(struct internal_state))) == Z_NULL)
- return Z_MEM_ERROR;
- z->state->blocks = Z_NULL;
-
- /* handle undocumented nowrap option (no zlib header or check) */
- z->state->nowrap = 0;
- if (w < 0)
- {
- w = - w;
- z->state->nowrap = 1;
- }
-
- /* set window size */
- if (w < 8 || w > 15)
- {
- inflateEnd(z);
- return Z_STREAM_ERROR;
- }
- z->state->wbits = (uInt)w;
-
- /* create inflate_blocks state */
- if ((z->state->blocks =
- inflate_blocks_new(z, z->state->nowrap ? Z_NULL : adler32, (uInt)1 << w))
- == Z_NULL)
- {
- inflateEnd(z);
- return Z_MEM_ERROR;
- }
- Trace((stderr, "inflate: allocated\n"));
-
- /* reset state */
- inflateReset(z);
- return Z_OK;
-}
-
-
-PR_PUBLIC_API(int) inflateInit_(z, version, stream_size)
-z_streamp z;
-const char *version;
-int stream_size;
-{
- return inflateInit2_(z, DEF_WBITS, version, stream_size);
-}
-
-
-#define NEEDBYTE {if(z->avail_in==0)return r;r=Z_OK;}
-#define NEXTBYTE (z->avail_in--,z->total_in++,*z->next_in++)
-
-PR_PUBLIC_API(int) inflate(z, f)
-z_streamp z;
-int f;
-{
- int r;
- uInt b;
-
- if (z == Z_NULL || z->state == Z_NULL || z->next_in == Z_NULL || f < 0)
- return Z_STREAM_ERROR;
- r = Z_BUF_ERROR;
- while (1) switch (z->state->mode)
- {
- case METHOD:
- NEEDBYTE
- if (((z->state->sub.method = NEXTBYTE) & 0xf) != Z_DEFLATED)
- {
- z->state->mode = BAD;
- z->msg = (char*)"unknown compression method";
- z->state->sub.marker = 5; /* can't try inflateSync */
- break;
- }
- if ((z->state->sub.method >> 4) + 8 > z->state->wbits)
- {
- z->state->mode = BAD;
- z->msg = (char*)"invalid window size";
- z->state->sub.marker = 5; /* can't try inflateSync */
- break;
- }
- z->state->mode = FLAG;
- case FLAG:
- NEEDBYTE
- b = NEXTBYTE;
- if (((z->state->sub.method << 8) + b) % 31)
- {
- z->state->mode = BAD;
- z->msg = (char*)"incorrect header check";
- z->state->sub.marker = 5; /* can't try inflateSync */
- break;
- }
- Trace((stderr, "inflate: zlib header ok\n"));
- if (!(b & PRESET_DICT))
- {
- z->state->mode = BLOCKS;
- break;
- }
- z->state->mode = DICT4;
- case DICT4:
- NEEDBYTE
- z->state->sub.check.need = (uLong)NEXTBYTE << 24;
- z->state->mode = DICT3;
- case DICT3:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE << 16;
- z->state->mode = DICT2;
- case DICT2:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE << 8;
- z->state->mode = DICT1;
- case DICT1:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE;
- z->adler = z->state->sub.check.need;
- z->state->mode = DICT0;
- return Z_NEED_DICT;
- case DICT0:
- z->state->mode = BAD;
- z->msg = (char*)"need dictionary";
- z->state->sub.marker = 0; /* can try inflateSync */
- return Z_STREAM_ERROR;
- case BLOCKS:
- r = inflate_blocks(z->state->blocks, z, r);
- if (r == Z_DATA_ERROR)
- {
- z->state->mode = BAD;
- z->state->sub.marker = 0; /* can try inflateSync */
- break;
- }
- if (r != Z_STREAM_END)
- return r;
- r = Z_OK;
- inflate_blocks_reset(z->state->blocks, z, &z->state->sub.check.was);
- if (z->state->nowrap)
- {
- z->state->mode = DONE;
- break;
- }
- z->state->mode = CHECK4;
- case CHECK4:
- NEEDBYTE
- z->state->sub.check.need = (uLong)NEXTBYTE << 24;
- z->state->mode = CHECK3;
- case CHECK3:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE << 16;
- z->state->mode = CHECK2;
- case CHECK2:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE << 8;
- z->state->mode = CHECK1;
- case CHECK1:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE;
-
- if (z->state->sub.check.was != z->state->sub.check.need)
- {
- z->state->mode = BAD;
- z->msg = (char*)"incorrect data check";
- z->state->sub.marker = 5; /* can't try inflateSync */
- break;
- }
- Trace((stderr, "inflate: zlib check ok\n"));
- z->state->mode = DONE;
- case DONE:
- return Z_STREAM_END;
- case BAD:
- return Z_DATA_ERROR;
- default:
- return Z_STREAM_ERROR;
- }
-}
-
-
-PR_PUBLIC_API(int) inflateSetDictionary(z, dictionary, dictLength)
-z_streamp z;
-const Bytef *dictionary;
-uInt dictLength;
-{
- uInt length = dictLength;
-
- if (z == Z_NULL || z->state == Z_NULL || z->state->mode != DICT0)
- return Z_STREAM_ERROR;
-
- if (adler32(1L, dictionary, dictLength) != z->adler) return Z_DATA_ERROR;
- z->adler = 1L;
-
- if (length >= ((uInt)1<<z->state->wbits))
- {
- length = (1<<z->state->wbits)-1;
- dictionary += dictLength - length;
- }
- inflate_set_dictionary(z->state->blocks, dictionary, length);
- z->state->mode = BLOCKS;
- return Z_OK;
-}
-
-
-PR_PUBLIC_API(int) inflateSync(z)
-z_streamp z;
-{
- uInt n; /* number of bytes to look at */
- Bytef *p; /* pointer to bytes */
- uInt m; /* number of marker bytes found in a row */
- uLong r, w; /* temporaries to save total_in and total_out */
-
- /* set up */
- if (z == Z_NULL || z->state == Z_NULL)
- return Z_STREAM_ERROR;
- if (z->state->mode != BAD)
- {
- z->state->mode = BAD;
- z->state->sub.marker = 0;
- }
- if ((n = z->avail_in) == 0)
- return Z_BUF_ERROR;
- p = z->next_in;
- m = z->state->sub.marker;
-
- /* search */
- while (n && m < 4)
- {
- if (*p == (Byte)(m < 2 ? 0 : 0xff))
- m++;
- else if (*p)
- m = 0;
- else
- m = 4 - m;
- p++, n--;
- }
-
- /* restore */
- z->total_in += p - z->next_in;
- z->next_in = p;
- z->avail_in = n;
- z->state->sub.marker = m;
-
- /* return no joy or set up to restart on a new block */
- if (m != 4)
- return Z_DATA_ERROR;
- r = z->total_in; w = z->total_out;
- inflateReset(z);
- z->total_in = r; z->total_out = w;
- z->state->mode = BLOCKS;
- return Z_OK;
-}
diff --git a/security/nss/cmd/zlib/inftrees.c b/security/nss/cmd/zlib/inftrees.c
deleted file mode 100644
index 91dc00375..000000000
--- a/security/nss/cmd/zlib/inftrees.c
+++ /dev/null
@@ -1,479 +0,0 @@
-/* inftrees.c -- generate Huffman trees for efficient decoding
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-
-#include "zutil.h"
-#include "inftrees.h"
-
-char inflate_copyright[] = " inflate 1.0.4 Copyright 1995-1996 Mark Adler ";
-/*
- If you use the zlib library in a product, an acknowledgment is welcome
- in the documentation of your product. If for some reason you cannot
- include such an acknowledgment, I would appreciate that you keep this
- copyright string in the executable of your product.
- */
-struct internal_state {int dummy;}; /* for buggy compilers */
-
-/* simplify the use of the inflate_huft type with some defines */
-#define base more.Base
-#define next more.Next
-#define exop word.what.Exop
-#define bits word.what.Bits
-
-
-local int huft_build OF((
- uIntf *, /* code lengths in bits */
- uInt, /* number of codes */
- uInt, /* number of "simple" codes */
- uIntf *, /* list of base values for non-simple codes */
- uIntf *, /* list of extra bits for non-simple codes */
- inflate_huft * FAR*,/* result: starting table */
- uIntf *, /* maximum lookup bits (returns actual) */
- z_streamp )); /* for zalloc function */
-
-local voidpf falloc OF((
- voidpf, /* opaque pointer (not used) */
- uInt, /* number of items */
- uInt)); /* size of item */
-
-/* Tables for deflate from PKZIP's appnote.txt. */
-local uInt cplens[31] = { /* Copy lengths for literal codes 257..285 */
- 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,
- 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0};
- /* see note #13 above about 258 */
-local uInt cplext[31] = { /* Extra bits for literal codes 257..285 */
- 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2,
- 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 112, 112}; /* 112==invalid */
-local uInt cpdist[30] = { /* Copy offsets for distance codes 0..29 */
- 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
- 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,
- 8193, 12289, 16385, 24577};
-local uInt cpdext[30] = { /* Extra bits for distance codes */
- 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6,
- 7, 7, 8, 8, 9, 9, 10, 10, 11, 11,
- 12, 12, 13, 13};
-
-/*
- Huffman code decoding is performed using a multi-level table lookup.
- The fastest way to decode is to simply build a lookup table whose
- size is determined by the longest code. However, the time it takes
- to build this table can also be a factor if the data being decoded
- is not very long. The most common codes are necessarily the
- shortest codes, so those codes dominate the decoding time, and hence
- the speed. The idea is you can have a shorter table that decodes the
- shorter, more probable codes, and then point to subsidiary tables for
- the longer codes. The time it costs to decode the longer codes is
- then traded against the time it takes to make longer tables.
-
- This results of this trade are in the variables lbits and dbits
- below. lbits is the number of bits the first level table for literal/
- length codes can decode in one step, and dbits is the same thing for
- the distance codes. Subsequent tables are also less than or equal to
- those sizes. These values may be adjusted either when all of the
- codes are shorter than that, in which case the longest code length in
- bits is used, or when the shortest code is *longer* than the requested
- table size, in which case the length of the shortest code in bits is
- used.
-
- There are two different values for the two tables, since they code a
- different number of possibilities each. The literal/length table
- codes 286 possible values, or in a flat code, a little over eight
- bits. The distance table codes 30 possible values, or a little less
- than five bits, flat. The optimum values for speed end up being
- about one bit more than those, so lbits is 8+1 and dbits is 5+1.
- The optimum values may differ though from machine to machine, and
- possibly even between compilers. Your mileage may vary.
- */
-
-
-/* If BMAX needs to be larger than 16, then h and x[] should be uLong. */
-#define BMAX 15 /* maximum bit length of any code */
-#define N_MAX 288 /* maximum number of codes in any set */
-
-#ifdef DEBUG
- uInt inflate_hufts;
-#endif
-
-local int huft_build(b, n, s, d, e, t, m, zs)
-uIntf *b; /* code lengths in bits (all assumed <= BMAX) */
-uInt n; /* number of codes (assumed <= N_MAX) */
-uInt s; /* number of simple-valued codes (0..s-1) */
-uIntf *d; /* list of base values for non-simple codes */
-uIntf *e; /* list of extra bits for non-simple codes */
-inflate_huft * FAR *t; /* result: starting table */
-uIntf *m; /* maximum lookup bits, returns actual */
-z_streamp zs; /* for zalloc function */
-/* Given a list of code lengths and a maximum table size, make a set of
- tables to decode that set of codes. Return Z_OK on success, Z_BUF_ERROR
- if the given code set is incomplete (the tables are still built in this
- case), Z_DATA_ERROR if the input is invalid (an over-subscribed set of
- set of lengths), or Z_MEM_ERROR if not enough memory. */
-{
-
- uInt a; /* counter for codes of length k */
- uInt c[BMAX+1]; /* bit length count table */
- uInt f; /* i repeats in table every f entries */
- int g; /* maximum code length */
- int h; /* table level */
- register uInt i; /* counter, current code */
- register uInt j; /* counter */
- register int k; /* number of bits in current code */
- int l; /* bits per table (returned in m) */
- register uIntf *p; /* pointer into c[], b[], or v[] */
- inflate_huft *q; /* points to current table */
- struct inflate_huft_s r; /* table entry for structure assignment */
- inflate_huft *u[BMAX]; /* table stack */
- uInt v[N_MAX]; /* values in order of bit length */
- register int w; /* bits before this table == (l * h) */
- uInt x[BMAX+1]; /* bit offsets, then code stack */
- uIntf *xp; /* pointer into x */
- int y; /* number of dummy codes added */
- uInt z; /* number of entries in current table */
-
-
- /* Generate counts for each bit length */
- p = c;
-#define C0 *p++ = 0;
-#define C2 C0 C0 C0 C0
-#define C4 C2 C2 C2 C2
- C4 /* clear c[]--assume BMAX+1 is 16 */
- p = b; i = n;
- do {
- c[*p++]++; /* assume all entries <= BMAX */
- } while (--i);
- if (c[0] == n) /* null input--all zero length codes */
- {
- *t = (inflate_huft *)Z_NULL;
- *m = 0;
- return Z_OK;
- }
-
-
- /* Find minimum and maximum length, bound *m by those */
- l = *m;
- for (j = 1; j <= BMAX; j++)
- if (c[j])
- break;
- k = j; /* minimum code length */
- if ((uInt)l < j)
- l = j;
- for (i = BMAX; i; i--)
- if (c[i])
- break;
- g = i; /* maximum code length */
- if ((uInt)l > i)
- l = i;
- *m = l;
-
-
- /* Adjust last length count to fill out codes, if needed */
- for (y = 1 << j; j < i; j++, y <<= 1)
- if ((y -= c[j]) < 0)
- return Z_DATA_ERROR;
- if ((y -= c[i]) < 0)
- return Z_DATA_ERROR;
- c[i] += y;
-
-
- /* Generate starting offsets into the value table for each length */
- x[1] = j = 0;
- p = c + 1; xp = x + 2;
- while (--i) { /* note that i == g from above */
- *xp++ = (j += *p++);
- }
-
-
- /* Make a table of values in order of bit lengths */
- p = b; i = 0;
- do {
- if ((j = *p++) != 0)
- v[x[j]++] = i;
- } while (++i < n);
- n = x[g]; /* set n to length of v */
-
-
- /* Generate the Huffman codes and for each, make the table entries */
- x[0] = i = 0; /* first Huffman code is zero */
- p = v; /* grab values in bit order */
- h = -1; /* no tables yet--level -1 */
- w = -l; /* bits decoded == (l * h) */
- u[0] = (inflate_huft *)Z_NULL; /* just to keep compilers happy */
- q = (inflate_huft *)Z_NULL; /* ditto */
- z = 0; /* ditto */
-
- /* go through the bit lengths (k already is bits in shortest code) */
- for (; k <= g; k++)
- {
- a = c[k];
- while (a--)
- {
- /* here i is the Huffman code of length k bits for value *p */
- /* make tables up to required level */
- while (k > w + l)
- {
- h++;
- w += l; /* previous table always l bits */
-
- /* compute minimum size table less than or equal to l bits */
- z = g - w;
- z = z > (uInt)l ? l : z; /* table size upper limit */
- if ((f = 1 << (j = k - w)) > a + 1) /* try a k-w bit table */
- { /* too few codes for k-w bit table */
- f -= a + 1; /* deduct codes from patterns left */
- xp = c + k;
- if (j < z)
- while (++j < z) /* try smaller tables up to z bits */
- {
- if ((f <<= 1) <= *++xp)
- break; /* enough codes to use up j bits */
- f -= *xp; /* else deduct codes from patterns */
- }
- }
- z = 1 << j; /* table entries for j-bit table */
-
- /* allocate and link in new table */
- if ((q = (inflate_huft *)ZALLOC
- (zs,z + 1,sizeof(inflate_huft))) == Z_NULL)
- {
- if (h)
- inflate_trees_free(u[0], zs);
- return Z_MEM_ERROR; /* not enough memory */
- }
-#ifdef DEBUG
- inflate_hufts += z + 1;
-#endif
- *t = q + 1; /* link to list for huft_free() */
- *(t = &(q->next)) = Z_NULL;
- u[h] = ++q; /* table starts after link */
-
- /* connect to last table, if there is one */
- if (h)
- {
- x[h] = i; /* save pattern for backing up */
- r.bits = (Byte)l; /* bits to dump before this table */
- r.exop = (Byte)j; /* bits in this table */
- r.next = q; /* pointer to this table */
- j = i >> (w - l); /* (get around Turbo C bug) */
- u[h-1][j] = r; /* connect to last table */
- }
- }
-
- /* set up table entry in r */
- r.bits = (Byte)(k - w);
- if (p >= v + n)
- r.exop = 128 + 64; /* out of values--invalid code */
- else if (*p < s)
- {
- r.exop = (Byte)(*p < 256 ? 0 : 32 + 64); /* 256 is end-of-block */
- r.base = *p++; /* simple code is just the value */
- }
- else
- {
- r.exop = (Byte)(e[*p - s] + 16 + 64);/* non-simple--look up in lists */
- r.base = d[*p++ - s];
- }
-
- /* fill code-like entries with r */
- f = 1 << (k - w);
- for (j = i >> w; j < z; j += f)
- q[j] = r;
-
- /* backwards increment the k-bit code i */
- for (j = 1 << (k - 1); i & j; j >>= 1)
- i ^= j;
- i ^= j;
-
- /* backup over finished tables */
- while ((i & ((1 << w) - 1)) != x[h])
- {
- h--; /* don't need to update q */
- w -= l;
- }
- }
- }
-
-
- /* Return Z_BUF_ERROR if we were given an incomplete table */
- return y != 0 && g != 1 ? Z_BUF_ERROR : Z_OK;
-}
-
-
-int inflate_trees_bits(c, bb, tb, z)
-uIntf *c; /* 19 code lengths */
-uIntf *bb; /* bits tree desired/actual depth */
-inflate_huft * FAR *tb; /* bits tree result */
-z_streamp z; /* for zfree function */
-{
- int r;
-
- r = huft_build(c, 19, 19, (uIntf*)Z_NULL, (uIntf*)Z_NULL, tb, bb, z);
- if (r == Z_DATA_ERROR)
- z->msg = (char*)"oversubscribed dynamic bit lengths tree";
- else if (r == Z_BUF_ERROR || *bb == 0)
- {
- inflate_trees_free(*tb, z);
- z->msg = (char*)"incomplete dynamic bit lengths tree";
- r = Z_DATA_ERROR;
- }
- return r;
-}
-
-
-int inflate_trees_dynamic(nl, nd, c, bl, bd, tl, td, z)
-uInt nl; /* number of literal/length codes */
-uInt nd; /* number of distance codes */
-uIntf *c; /* that many (total) code lengths */
-uIntf *bl; /* literal desired/actual bit depth */
-uIntf *bd; /* distance desired/actual bit depth */
-inflate_huft * FAR *tl; /* literal/length tree result */
-inflate_huft * FAR *td; /* distance tree result */
-z_streamp z; /* for zfree function */
-{
- int r;
-
- /* build literal/length tree */
- r = huft_build(c, nl, 257, cplens, cplext, tl, bl, z);
- if (r != Z_OK || *bl == 0)
- {
- if (r == Z_DATA_ERROR)
- z->msg = (char*)"oversubscribed literal/length tree";
- else if (r != Z_MEM_ERROR)
- {
- inflate_trees_free(*tl, z);
- z->msg = (char*)"incomplete literal/length tree";
- r = Z_DATA_ERROR;
- }
- return r;
- }
-
- /* build distance tree */
- r = huft_build(c + nl, nd, 0, cpdist, cpdext, td, bd, z);
- if (r != Z_OK || (*bd == 0 && nl > 257))
- {
- if (r == Z_DATA_ERROR)
- z->msg = (char*)"oversubscribed literal/length tree";
- else if (r == Z_BUF_ERROR) {
-#ifdef PKZIP_BUG_WORKAROUND
- r = Z_OK;
- }
-#else
- inflate_trees_free(*td, z);
- z->msg = (char*)"incomplete distance tree";
- r = Z_DATA_ERROR;
- }
- else if (r != Z_MEM_ERROR)
- {
- z->msg = (char*)"empty distance tree with lengths";
- r = Z_DATA_ERROR;
- }
- inflate_trees_free(*tl, z);
- return r;
-#endif
- }
-
- /* done */
- return Z_OK;
-}
-
-
-/* build fixed tables only once--keep them here */
-local int fixed_built = 0;
-#define FIXEDH 530 /* number of hufts used by fixed tables */
-local inflate_huft fixed_mem[FIXEDH];
-local uInt fixed_bl;
-local uInt fixed_bd;
-local inflate_huft *fixed_tl;
-local inflate_huft *fixed_td;
-
-
-local voidpf falloc(q, n, s)
-voidpf q; /* opaque pointer */
-uInt n; /* number of items */
-uInt s; /* size of item */
-{
- Assert(s == sizeof(inflate_huft) && n <= *(intf *)q,
- "inflate_trees falloc overflow");
- *(intf *)q -= n+s-s; /* s-s to avoid warning */
- return (voidpf)(fixed_mem + *(intf *)q);
-}
-
-
-int inflate_trees_fixed(bl, bd, tl, td)
-uIntf *bl; /* literal desired/actual bit depth */
-uIntf *bd; /* distance desired/actual bit depth */
-inflate_huft * FAR *tl; /* literal/length tree result */
-inflate_huft * FAR *td; /* distance tree result */
-{
- /* build fixed tables if not already (multiple overlapped executions ok) */
- if (!fixed_built)
- {
- int k; /* temporary variable */
- unsigned c[288]; /* length list for huft_build */
- z_stream z; /* for falloc function */
- int f = FIXEDH; /* number of hufts left in fixed_mem */
-
- /* set up fake z_stream for memory routines */
- z.zalloc = falloc;
- z.zfree = Z_NULL;
- z.opaque = (voidpf)&f;
-
- /* literal table */
- for (k = 0; k < 144; k++)
- c[k] = 8;
- for (; k < 256; k++)
- c[k] = 9;
- for (; k < 280; k++)
- c[k] = 7;
- for (; k < 288; k++)
- c[k] = 8;
- fixed_bl = 7;
- huft_build(c, 288, 257, cplens, cplext, &fixed_tl, &fixed_bl, &z);
-
- /* distance table */
- for (k = 0; k < 30; k++)
- c[k] = 5;
- fixed_bd = 5;
- huft_build(c, 30, 0, cpdist, cpdext, &fixed_td, &fixed_bd, &z);
-
- /* done */
- Assert(f == 0, "invalid build of fixed tables");
- fixed_built = 1;
- }
- *bl = fixed_bl;
- *bd = fixed_bd;
- *tl = fixed_tl;
- *td = fixed_td;
- return Z_OK;
-}
-
-
-int inflate_trees_free(t, z)
-inflate_huft *t; /* table to free */
-z_streamp z; /* for zfree function */
-/* Free the malloc'ed tables built by huft_build(), which makes a linked
- list of the tables it made, with the links in a dummy first entry of
- each table. */
-{
- register inflate_huft *p, *q, *r;
-
- /* Reverse linked list */
- p = Z_NULL;
- q = t;
- while (q != Z_NULL)
- {
- r = (q - 1)->next;
- (q - 1)->next = p;
- p = q;
- q = r;
- }
- /* Go through linked list, freeing from the malloced (t[-1]) address. */
- while (p != Z_NULL)
- {
- q = (--p)->next;
- ZFREE(z,p);
- p = q;
- }
- return Z_OK;
-}
diff --git a/security/nss/cmd/zlib/inftrees.h b/security/nss/cmd/zlib/inftrees.h
deleted file mode 100644
index b06613ddd..000000000
--- a/security/nss/cmd/zlib/inftrees.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/* inftrees.h -- header to use inftrees.c
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-/* Huffman code lookup table entry--this entry is four bytes for machines
- that have 16-bit pointers (e.g. PC's in the small or medium model). */
-
-typedef struct inflate_huft_s FAR inflate_huft;
-
-struct inflate_huft_s {
- union {
- struct {
- Byte Exop; /* number of extra bits or operation */
- Byte Bits; /* number of bits in this code or subcode */
- } what;
- Bytef *pad; /* pad structure to a power of 2 (4 bytes for */
- } word; /* 16-bit, 8 bytes for 32-bit machines) */
- union {
- uInt Base; /* literal, length base, or distance base */
- inflate_huft *Next; /* pointer to next level of table */
- } more;
-};
-
-#ifdef DEBUG
- extern uInt inflate_hufts;
-#endif
-
-extern int inflate_trees_bits OF((
- uIntf *, /* 19 code lengths */
- uIntf *, /* bits tree desired/actual depth */
- inflate_huft * FAR *, /* bits tree result */
- z_streamp )); /* for zalloc, zfree functions */
-
-extern int inflate_trees_dynamic OF((
- uInt, /* number of literal/length codes */
- uInt, /* number of distance codes */
- uIntf *, /* that many (total) code lengths */
- uIntf *, /* literal desired/actual bit depth */
- uIntf *, /* distance desired/actual bit depth */
- inflate_huft * FAR *, /* literal/length tree result */
- inflate_huft * FAR *, /* distance tree result */
- z_streamp )); /* for zalloc, zfree functions */
-
-extern int inflate_trees_fixed OF((
- uIntf *, /* literal desired/actual bit depth */
- uIntf *, /* distance desired/actual bit depth */
- inflate_huft * FAR *, /* literal/length tree result */
- inflate_huft * FAR *)); /* distance tree result */
-
-extern int inflate_trees_free OF((
- inflate_huft *, /* tables to free */
- z_streamp )); /* for zfree function */
-
diff --git a/security/nss/cmd/zlib/infutil.c b/security/nss/cmd/zlib/infutil.c
deleted file mode 100644
index eb21199c3..000000000
--- a/security/nss/cmd/zlib/infutil.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/* inflate_util.c -- data and routines common to blocks and codes
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-#include "zutil.h"
-#include "infblock.h"
-#include "inftrees.h"
-#include "infcodes.h"
-#include "infutil.h"
-
-struct inflate_codes_state {int dummy;}; /* for buggy compilers */
-
-/* And'ing with mask[n] masks the lower n bits */
-uInt inflate_mask[17] = {
- 0x0000,
- 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff,
- 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff
-};
-
-
-/* copy as much as possible from the sliding window to the output area */
-int inflate_flush(s, z, r)
-inflate_blocks_statef *s;
-z_streamp z;
-int r;
-{
- uInt n;
- Bytef *p;
- Bytef *q;
-
- /* local copies of source and destination pointers */
- p = z->next_out;
- q = s->read;
-
- /* compute number of bytes to copy as far as end of window */
- n = (uInt)((q <= s->write ? s->write : s->end) - q);
- if (n > z->avail_out) n = z->avail_out;
- if (n && r == Z_BUF_ERROR) r = Z_OK;
-
- /* update counters */
- z->avail_out -= n;
- z->total_out += n;
-
- /* update check information */
- if (s->checkfn != Z_NULL)
- z->adler = s->check = (*s->checkfn)(s->check, q, n);
-
- /* copy as far as end of window */
- zmemcpy(p, q, n);
- p += n;
- q += n;
-
- /* see if more to copy at beginning of window */
- if (q == s->end)
- {
- /* wrap pointers */
- q = s->window;
- if (s->write == s->end)
- s->write = s->window;
-
- /* compute bytes to copy */
- n = (uInt)(s->write - q);
- if (n > z->avail_out) n = z->avail_out;
- if (n && r == Z_BUF_ERROR) r = Z_OK;
-
- /* update counters */
- z->avail_out -= n;
- z->total_out += n;
-
- /* update check information */
- if (s->checkfn != Z_NULL)
- z->adler = s->check = (*s->checkfn)(s->check, q, n);
-
- /* copy */
- zmemcpy(p, q, n);
- p += n;
- q += n;
- }
-
- /* update pointers */
- z->next_out = p;
- s->read = q;
-
- /* done */
- return r;
-}
diff --git a/security/nss/cmd/zlib/infutil.h b/security/nss/cmd/zlib/infutil.h
deleted file mode 100644
index 702cd290c..000000000
--- a/security/nss/cmd/zlib/infutil.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/* infutil.h -- types and macros common to blocks and codes
- * Copyright (C) 1995-1996 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-#ifndef _INFUTIL_H
-#define _INFUTIL_H
-
-typedef enum {
- TYPE, /* get type bits (3, including end bit) */
- LENS, /* get lengths for stored */
- STORED, /* processing stored block */
- TABLE, /* get table lengths */
- BTREE, /* get bit lengths tree for a dynamic block */
- DTREE, /* get length, distance trees for a dynamic block */
- CODES, /* processing fixed or dynamic block */
- DRY, /* output remaining window bytes */
- DONE, /* finished last block, done */
- BAD} /* got a data error--stuck here */
-inflate_block_mode;
-
-/* inflate blocks semi-private state */
-struct inflate_blocks_state {
-
- /* mode */
- inflate_block_mode mode; /* current inflate_block mode */
-
- /* mode dependent information */
- union {
- uInt left; /* if STORED, bytes left to copy */
- struct {
- uInt table; /* table lengths (14 bits) */
- uInt index; /* index into blens (or border) */
- uIntf *blens; /* bit lengths of codes */
- uInt bb; /* bit length tree depth */
- inflate_huft *tb; /* bit length decoding tree */
- } trees; /* if DTREE, decoding info for trees */
- struct {
- inflate_huft *tl;
- inflate_huft *td; /* trees to free */
- inflate_codes_statef
- *codes;
- } decode; /* if CODES, current state */
- } sub; /* submode */
- uInt last; /* true if this block is the last block */
-
- /* mode independent information */
- uInt bitk; /* bits in bit buffer */
- uLong bitb; /* bit buffer */
- Bytef *window; /* sliding window */
- Bytef *end; /* one byte after sliding window */
- Bytef *read; /* window read pointer */
- Bytef *write; /* window write pointer */
- check_func checkfn; /* check function */
- uLong check; /* check on output */
-
-};
-
-
-/* defines for inflate input/output */
-/* update pointers and return */
-#define UPDBITS {s->bitb=b;s->bitk=k;}
-#define UPDIN {z->avail_in=n;z->total_in+=p-z->next_in;z->next_in=p;}
-#define UPDOUT {s->write=q;}
-#define UPDATE {UPDBITS UPDIN UPDOUT}
-#define LEAVE {UPDATE return inflate_flush(s,z,r);}
-/* get bytes and bits */
-#define LOADIN {p=z->next_in;n=z->avail_in;b=s->bitb;k=s->bitk;}
-#define NEEDBYTE {if(n)r=Z_OK;else LEAVE}
-#define NEXTBYTE (n--,*p++)
-#define NEEDBITS(j) {while(k<(j)){NEEDBYTE;b|=((uLong)NEXTBYTE)<<k;k+=8;}}
-#define DUMPBITS(j) {b>>=(j);k-=(j);}
-/* output bytes */
-#define WAVAIL (uInt)(q<s->read?s->read-q-1:s->end-q)
-#define LOADOUT {q=s->write;m=(uInt)WAVAIL;}
-#define WRAP {if(q==s->end&&s->read!=s->window){q=s->window;m=(uInt)WAVAIL;}}
-#define FLUSH {UPDOUT r=inflate_flush(s,z,r); LOADOUT}
-#define NEEDOUT {if(m==0){WRAP if(m==0){FLUSH WRAP if(m==0) LEAVE}}r=Z_OK;}
-#define OUTBYTE(a) {*q++=(Byte)(a);m--;}
-/* load local pointers */
-#define LOAD {LOADIN LOADOUT}
-
-/* masks for lower bits (size given to avoid silly warnings with Visual C++) */
-extern uInt inflate_mask[17];
-
-/* copy as much as possible from the sliding window to the output area */
-extern int inflate_flush OF((
- inflate_blocks_statef *,
- z_streamp ,
- int));
-
-struct internal_state {int dummy;}; /* for buggy compilers */
-
-#endif
diff --git a/security/nss/cmd/zlib/makefile.win b/security/nss/cmd/zlib/makefile.win
deleted file mode 100644
index 0f87b40b8..000000000
--- a/security/nss/cmd/zlib/makefile.win
+++ /dev/null
@@ -1,91 +0,0 @@
-NODEPEND=1
-IGNORE_MANIFEST = 1
-
-#//------------------------------------------------------------------------
-#//
-# New build system where zip dll is build indepenant of java stubs.
-#//
-#//------------------------------------------------------------------------
-MODULE = zlib
-EXPORTS = \
- zlib.h \
- zconf.h \
- $(NULL)
-
-
-#//------------------------------------------------------------------------
-#//
-#// Specify the depth of the current directory relative to the
-#// root of NS
-#//
-#//------------------------------------------------------------------------
-DEPTH= ..\..\..\
-
-MAKE_OBJ_TYPE=DLL
-#//------------------------------------------------------------------------
-#//
-#// Define any Public Make Variables here: (ie. PDFFILE, MAPFILE, ...)
-#//
-#//------------------------------------------------------------------------
-DLLNAME=$(ZIPDLL)
-PDBFILE=$(MOD_ZIP).pdb
-MAPFILE=$(MOD_ZIP).map
-!if "$(MOZ_BITS)" == "16"
-DEFFILE=zip16.def
-!endif
-#RESFILE=zip.res
-
-#//------------------------------------------------------------------------
-#//
-#// Define the files necessary to build the target (ie. OBJS)
-#//
-#//------------------------------------------------------------------------
-OBJS= \
- .\$(OBJDIR)\adler32.obj \
- .\$(OBJDIR)\compress.obj \
- .\$(OBJDIR)\crc32.obj \
- .\$(OBJDIR)\deflate.obj \
- .\$(OBJDIR)\gzio.obj \
- .\$(OBJDIR)\infblock.obj \
- .\$(OBJDIR)\infcodes.obj \
- .\$(OBJDIR)\inffast.obj \
- .\$(OBJDIR)\inflate.obj \
- .\$(OBJDIR)\inftrees.obj \
- .\$(OBJDIR)\infutil.obj \
- .\$(OBJDIR)\trees.obj \
- .\$(OBJDIR)\uncompr.obj \
- .\$(OBJDIR)\zutil.obj \
- $(NULL)
-
-#//------------------------------------------------------------------------
-#//
-#// Define any Public Targets here (ie. PROGRAM, LIBRARY, DLL, ...)
-#// (these must be defined before the common makefiles are included)
-#//
-#//------------------------------------------------------------------------
-
-DLL=.\$(OBJDIR)\$(DLLNAME)
-MAPFILE= $(MOD_ZIP).map
-
-
-#//------------------------------------------------------------------------
-#//
-#// Define any local options for the make tools
-#// (ie. LCFLAGS, LLFLAGS, LLIBS, LINCS)
-#//
-#//------------------------------------------------------------------------
-LLIBS=$(LLIBS) $(LIBNSPR)
-LINCS=$(LINCS) -I. -I_gen
-# clobber and clobber_all will remove the following garbage:
-GARBAGE = $(GARBAGE) _gen
-
-#//------------------------------------------------------------------------
-#//
-#// Include the common makefile rules
-#//
-#//------------------------------------------------------------------------
-include <$(DEPTH)/sun-java/config/rules.mak>
-
-export:: $(DLL)
- $(MAKE_INSTALL) .\$(OBJDIR)\$(DLLNAME) $(DIST)\bin
- $(MAKE_INSTALL) .\$(OBJDIR)\$(MOD_ZIP).lib $(DIST)\lib
diff --git a/security/nss/cmd/zlib/manifest.mn b/security/nss/cmd/zlib/manifest.mn
deleted file mode 100644
index 389b1640f..000000000
--- a/security/nss/cmd/zlib/manifest.mn
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# CONFIDENTIAL AND PROPRIETARY SOURCE CODE OF
-# NETSCAPE COMMUNICATIONS CORPORATION
-# Copyright ¿ 1996, 1997 Netscape Communications Corporation. All Rights
-# Reserved. Use of this Source Code is subject to the terms of the
-# applicable license agreement from Netscape Communications Corporation.
-# The copyright notice(s) in this Source Code does not indicate actual or
-# intended publication of this Source Code.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = seccmd
-
-EXPORTS = zlib.h zconf.h
-
-CSRCS = adler32.c \
- crc32.c \
- compress.c \
- uncompr.c \
- deflate.c \
- trees.c \
- zutil.c \
- inflate.c \
- infblock.c \
- inftrees.c \
- infcodes.c \
- infutil.c \
- inffast.c \
- $(NULL)
-
-LIBRARY_NAME = zlib
-
-# REQUIRES = security
-
-DEFINES = -DNSPR20=1 -DMOZILLA_CLIENT=1
-
diff --git a/security/nss/cmd/zlib/minigzip.c b/security/nss/cmd/zlib/minigzip.c
deleted file mode 100644
index 60a48a12d..000000000
--- a/security/nss/cmd/zlib/minigzip.c
+++ /dev/null
@@ -1,246 +0,0 @@
-/* minigzip.c -- simulate gzip using the zlib compression library
- * Copyright (C) 1995-1996 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/*
- * minigzip is a minimal implementation of the gzip utility. This is
- * only an example of using zlib and isn't meant to replace the
- * full-featured gzip. No attempt is made to deal with file systems
- * limiting names to 14 or 8+3 characters, etc... Error checking is
- * very limited. So use minigzip only for testing; use gzip for the
- * real thing. On MSDOS, use only on file names without extension
- * or in pipe mode.
- */
-
-/* $Id$ */
-
-#include <stdio.h>
-#include "zlib.h"
-
-#ifdef STDC
-# include <string.h>
-# include <stdlib.h>
-#else
- extern void exit OF((int));
-#endif
-
-
-#if defined(MSDOS) || defined(OS2) || defined(WIN32)
-# include <fcntl.h>
-# include <io.h>
-# define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
-#else
-# define SET_BINARY_MODE(file)
-#endif
-
-#ifdef VMS
-# define unlink delete
-# define GZ_SUFFIX "-gz"
-#endif
-#ifdef RISCOS
-# define unlink remove
-# define GZ_SUFFIX "-gz"
-# define fileno(file) file->__file
-#endif
-
-#ifndef GZ_SUFFIX
-# define GZ_SUFFIX ".gz"
-#endif
-#define SUFFIX_LEN sizeof(GZ_SUFFIX)
-
-extern int unlink OF((const char *));
-
-#define BUFLEN 4096
-#define MAX_NAME_LEN 1024
-
-#define local static
-/* For MSDOS and other systems with limitation on stack size. For Unix,
- #define local
- works also.
- */
-
-char *prog;
-
-void error OF((const char *msg));
-void gz_compress OF((FILE *in, gzFile out));
-void gz_uncompress OF((gzFile in, FILE *out));
-void file_compress OF((char *file));
-void file_uncompress OF((char *file));
-int main OF((int argc, char *argv[]));
-
-/* ===========================================================================
- * Display error message and exit
- */
-void error(msg)
- const char *msg;
-{
- fprintf(stderr, "%s: %s\n", prog, msg);
- exit(1);
-}
-
-/* ===========================================================================
- * Compress input to output then close both files.
- */
-void gz_compress(in, out)
- FILE *in;
- gzFile out;
-{
- local char buf[BUFLEN];
- int len;
- int err;
-
- for (;;) {
- len = fread(buf, 1, sizeof(buf), in);
- if (ferror(in)) {
- perror("fread");
- exit(1);
- }
- if (len == 0) break;
-
- if (gzwrite(out, buf, (unsigned)len) != len) error(gzerror(out, &err));
- }
- fclose(in);
- if (gzclose(out) != Z_OK) error("failed gzclose");
-}
-
-/* ===========================================================================
- * Uncompress input to output then close both files.
- */
-void gz_uncompress(in, out)
- gzFile in;
- FILE *out;
-{
- local char buf[BUFLEN];
- int len;
- int err;
-
- for (;;) {
- len = gzread(in, buf, sizeof(buf));
- if (len < 0) error (gzerror(in, &err));
- if (len == 0) break;
-
- if ((int)fwrite(buf, 1, (unsigned)len, out) != len) {
- error("failed fwrite");
- }
- }
- if (fclose(out)) error("failed fclose");
-
- if (gzclose(in) != Z_OK) error("failed gzclose");
-}
-
-
-/* ===========================================================================
- * Compress the given file: create a corresponding .gz file and remove the
- * original.
- */
-void file_compress(file)
- char *file;
-{
- local char outfile[MAX_NAME_LEN];
- FILE *in;
- gzFile out;
-
- strcpy(outfile, file);
- strcat(outfile, GZ_SUFFIX);
-
- in = fopen(file, "rb");
- if (in == NULL) {
- perror(file);
- exit(1);
- }
- out = gzopen(outfile, "wb"); /* use "wb9" for maximal compression */
- if (out == NULL) {
- fprintf(stderr, "%s: can't gzopen %s\n", prog, outfile);
- exit(1);
- }
- gz_compress(in, out);
-
- unlink(file);
-}
-
-
-/* ===========================================================================
- * Uncompress the given file and remove the original.
- */
-void file_uncompress(file)
- char *file;
-{
- local char buf[MAX_NAME_LEN];
- char *infile, *outfile;
- FILE *out;
- gzFile in;
- int len = strlen(file);
-
- strcpy(buf, file);
-
- if (len > SUFFIX_LEN && strcmp(file+len-SUFFIX_LEN, GZ_SUFFIX) == 0) {
- infile = file;
- outfile = buf;
- outfile[len-3] = '\0';
- } else {
- outfile = file;
- infile = buf;
- strcat(infile, GZ_SUFFIX);
- }
- in = gzopen(infile, "rb");
- if (in == NULL) {
- fprintf(stderr, "%s: can't gzopen %s\n", prog, infile);
- exit(1);
- }
- out = fopen(outfile, "wb");
- if (out == NULL) {
- perror(file);
- exit(1);
- }
-
- gz_uncompress(in, out);
-
- unlink(infile);
-}
-
-
-/* ===========================================================================
- * Usage: minigzip [-d] [files...]
- */
-
-int main(argc, argv)
- int argc;
- char *argv[];
-{
- int uncompr = 0;
- gzFile file;
-
- prog = argv[0];
- argc--, argv++;
-
- if (argc > 0) {
- uncompr = (strcmp(*argv, "-d") == 0);
- if (uncompr) {
- argc--, argv++;
- }
- }
- if (argc == 0) {
- SET_BINARY_MODE(stdin);
- SET_BINARY_MODE(stdout);
- if (uncompr) {
- file = gzdopen(fileno(stdin), "rb");
- if (file == NULL) error("can't gzdopen stdin");
- gz_uncompress(file, stdout);
- } else {
- file = gzdopen(fileno(stdout), "wb"); /* "wb9" for max compr. */
- if (file == NULL) error("can't gzdopen stdout");
- gz_compress(stdin, file);
- }
- } else {
- do {
- if (uncompr) {
- file_uncompress(*argv);
- } else {
- file_compress(*argv);
- }
- } while (argv++, --argc);
- }
- exit(0);
- return 0; /* to avoid warning */
-}
diff --git a/security/nss/cmd/zlib/netscape_mods.doc b/security/nss/cmd/zlib/netscape_mods.doc
deleted file mode 100644
index c8a72d159..000000000
--- a/security/nss/cmd/zlib/netscape_mods.doc
+++ /dev/null
@@ -1,43 +0,0 @@
-
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1998 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- */
-
-Netscape Modifications to Zlib source -
-
-
-Changes were made to the following files to
-create a zlib dll:
-
- adler32.c
- compress.c
- crc32.c
- deflate.c
- gzio.c
- inflate.c
- uncompr.c
- zutil.c
-
-
-Various changes for cross platform builds
-are clearly marked through out the source.
-
-
diff --git a/security/nss/cmd/zlib/stubs.c b/security/nss/cmd/zlib/stubs.c
deleted file mode 100644
index 2e7a053ef..000000000
--- a/security/nss/cmd/zlib/stubs.c
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- !!! WARNING: If you add files here, be sure to:
- 1. add them to the Metrowerks project
- 2. edit Makefile and makefile.win to add a dependency on the .c file
-*/
-
-
-/* XXX Mac */
-#ifndef XP_MAC
-#include "_stubs/java_util_zip_Adler32.c"
-#include "_stubs/java_util_zip_CRC32.c"
-#include "_stubs/java_util_zip_Deflater.c"
-#include "_stubs/java_util_zip_Inflater.c"
-PR_PUBLIC_API(void) _java_zlib_init(void) { }
-#endif
-
-
diff --git a/security/nss/cmd/zlib/trees.c b/security/nss/cmd/zlib/trees.c
deleted file mode 100644
index 84623d992..000000000
--- a/security/nss/cmd/zlib/trees.c
+++ /dev/null
@@ -1,1143 +0,0 @@
-/* trees.c -- output deflated data using Huffman coding
- * Copyright (C) 1995-1996 Jean-loup Gailly
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-/*
- * ALGORITHM
- *
- * The "deflation" process uses several Huffman trees. The more
- * common source values are represented by shorter bit sequences.
- *
- * Each code tree is stored in a compressed form which is itself
- * a Huffman encoding of the lengths of all the code strings (in
- * ascending order by source values). The actual code strings are
- * reconstructed from the lengths in the inflate process, as described
- * in the deflate specification.
- *
- * REFERENCES
- *
- * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification".
- * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc
- *
- * Storer, James A.
- * Data Compression: Methods and Theory, pp. 49-50.
- * Computer Science Press, 1988. ISBN 0-7167-8156-5.
- *
- * Sedgewick, R.
- * Algorithms, p290.
- * Addison-Wesley, 1983. ISBN 0-201-06672-6.
- */
-
-/* $Id$ */
-
-#include "deflate.h"
-
-#ifdef DEBUG
-# include <ctype.h>
-#endif
-
-/* ===========================================================================
- * Constants
- */
-
-#define MAX_BL_BITS 7
-/* Bit length codes must not exceed MAX_BL_BITS bits */
-
-#define END_BLOCK 256
-/* end of block literal code */
-
-#define REP_3_6 16
-/* repeat previous bit length 3-6 times (2 bits of repeat count) */
-
-#define REPZ_3_10 17
-/* repeat a zero length 3-10 times (3 bits of repeat count) */
-
-#define REPZ_11_138 18
-/* repeat a zero length 11-138 times (7 bits of repeat count) */
-
-local int extra_lbits[LENGTH_CODES] /* extra bits for each length code */
- = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0};
-
-local int extra_dbits[D_CODES] /* extra bits for each distance code */
- = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13};
-
-local int extra_blbits[BL_CODES]/* extra bits for each bit length code */
- = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7};
-
-local uch bl_order[BL_CODES]
- = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15};
-/* The lengths of the bit length codes are sent in order of decreasing
- * probability, to avoid transmitting the lengths for unused bit length codes.
- */
-
-#define Buf_size (8 * 2*sizeof(char))
-/* Number of bits used within bi_buf. (bi_buf might be implemented on
- * more than 16 bits on some systems.)
- */
-
-/* ===========================================================================
- * Local data. These are initialized only once.
- */
-
-local ct_data static_ltree[L_CODES+2];
-/* The static literal tree. Since the bit lengths are imposed, there is no
- * need for the L_CODES extra codes used during heap construction. However
- * The codes 286 and 287 are needed to build a canonical tree (see _tr_init
- * below).
- */
-
-local ct_data static_dtree[D_CODES];
-/* The static distance tree. (Actually a trivial tree since all codes use
- * 5 bits.)
- */
-
-local uch dist_code[512];
-/* distance codes. The first 256 values correspond to the distances
- * 3 .. 258, the last 256 values correspond to the top 8 bits of
- * the 15 bit distances.
- */
-
-local uch length_code[MAX_MATCH-MIN_MATCH+1];
-/* length code for each normalized match length (0 == MIN_MATCH) */
-
-local int base_length[LENGTH_CODES];
-/* First normalized length for each code (0 = MIN_MATCH) */
-
-local int base_dist[D_CODES];
-/* First normalized distance for each code (0 = distance of 1) */
-
-struct static_tree_desc_s {
- ct_data *static_tree; /* static tree or NULL */
- intf *extra_bits; /* extra bits for each code or NULL */
- int extra_base; /* base index for extra_bits */
- int elems; /* max number of elements in the tree */
- int max_length; /* max bit length for the codes */
-};
-
-local static_tree_desc static_l_desc =
-{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS};
-
-local static_tree_desc static_d_desc =
-{static_dtree, extra_dbits, 0, D_CODES, MAX_BITS};
-
-local static_tree_desc static_bl_desc =
-{(ct_data *)0, extra_blbits, 0, BL_CODES, MAX_BL_BITS};
-
-/* ===========================================================================
- * Local (static) routines in this file.
- */
-
-local void tr_static_init OF((void));
-local void init_block OF((deflate_state *s));
-local void pqdownheap OF((deflate_state *s, ct_data *tree, int k));
-local void gen_bitlen OF((deflate_state *s, tree_desc *desc));
-local void gen_codes OF((ct_data *tree, int max_code, ushf *bl_count));
-local void build_tree OF((deflate_state *s, tree_desc *desc));
-local void scan_tree OF((deflate_state *s, ct_data *tree, int max_code));
-local void send_tree OF((deflate_state *s, ct_data *tree, int max_code));
-local int build_bl_tree OF((deflate_state *s));
-local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes,
- int blcodes));
-local void compress_block OF((deflate_state *s, ct_data *ltree,
- ct_data *dtree));
-local void set_data_type OF((deflate_state *s));
-local unsigned bi_reverse OF((unsigned value, int length));
-local void bi_windup OF((deflate_state *s));
-local void bi_flush OF((deflate_state *s));
-local void copy_block OF((deflate_state *s, charf *buf, unsigned len,
- int header));
-
-#ifndef DEBUG_NEVER
-# define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len)
- /* Send a code of the given tree. c and tree must not have side effects */
-
-#else /* DEBUG */
-# define send_code(s, c, tree) \
- { if (verbose>2) fprintf(stderr,"\ncd %3d ",(c)); \
- send_bits(s, tree[c].Code, tree[c].Len); }
-#endif
-
-#define d_code(dist) \
- ((dist) < 256 ? dist_code[dist] : dist_code[256+((dist)>>7)])
-/* Mapping from a distance to a distance code. dist is the distance - 1 and
- * must not have side effects. dist_code[256] and dist_code[257] are never
- * used.
- */
-
-/* ===========================================================================
- * Output a short LSB first on the stream.
- * IN assertion: there is enough room in pendingBuf.
- */
-#define put_short(s, w) { \
- put_byte(s, (uch)((w) & 0xff)); \
- put_byte(s, (uch)((ush)(w) >> 8)); \
-}
-
-/* ===========================================================================
- * Send a value on a given number of bits.
- * IN assertion: length <= 16 and value fits in length bits.
- */
-#ifdef DEBUG
-local void send_bits OF((deflate_state *s, int value, int length));
-
-local void send_bits(s, value, length)
- deflate_state *s;
- int value; /* value to send */
- int length; /* number of bits */
-{
- Tracevv((stderr," l %2d v %4x ", length, value));
- Assert(length > 0 && length <= 15, "invalid length");
- s->bits_sent += (ulg)length;
-
- /* If not enough room in bi_buf, use (valid) bits from bi_buf and
- * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid))
- * unused bits in value.
- */
- if (s->bi_valid > (int)Buf_size - length) {
- s->bi_buf |= (value << s->bi_valid);
- put_short(s, s->bi_buf);
- s->bi_buf = (ush)value >> (Buf_size - s->bi_valid);
- s->bi_valid += length - Buf_size;
- } else {
- s->bi_buf |= value << s->bi_valid;
- s->bi_valid += length;
- }
-}
-#else /* !DEBUG */
-
-#define send_bits(s, value, length) \
-{ int len = length;\
- if (s->bi_valid > (int)Buf_size - len) {\
- int val = value;\
- s->bi_buf |= (val << s->bi_valid);\
- put_short(s, s->bi_buf);\
- s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\
- s->bi_valid += len - Buf_size;\
- } else {\
- s->bi_buf |= (value) << s->bi_valid;\
- s->bi_valid += len;\
- }\
-}
-#endif /* DEBUG */
-
-
-#ifndef MAX
-#define MAX(a,b) (a >= b ? a : b)
-#endif
-/* the arguments must not have side effects */
-
-/* ===========================================================================
- * Initialize the various 'constant' tables. In a multi-threaded environment,
- * this function may be called by two threads concurrently, but this is
- * harmless since both invocations do exactly the same thing.
- */
-local void tr_static_init()
-{
- static int static_init_done = 0;
- int n; /* iterates over tree elements */
- int bits; /* bit counter */
- int length; /* length value */
- int code; /* code value */
- int dist; /* distance index */
- ush bl_count[MAX_BITS+1];
- /* number of codes at each bit length for an optimal tree */
-
- if (static_init_done) return;
-
- /* Initialize the mapping length (0..255) -> length code (0..28) */
- length = 0;
- for (code = 0; code < LENGTH_CODES-1; code++) {
- base_length[code] = length;
- for (n = 0; n < (1<<extra_lbits[code]); n++) {
- length_code[length++] = (uch)code;
- }
- }
- Assert (length == 256, "tr_static_init: length != 256");
- /* Note that the length 255 (match length 258) can be represented
- * in two different ways: code 284 + 5 bits or code 285, so we
- * overwrite length_code[255] to use the best encoding:
- */
- length_code[length-1] = (uch)code;
-
- /* Initialize the mapping dist (0..32K) -> dist code (0..29) */
- dist = 0;
- for (code = 0 ; code < 16; code++) {
- base_dist[code] = dist;
- for (n = 0; n < (1<<extra_dbits[code]); n++) {
- dist_code[dist++] = (uch)code;
- }
- }
- Assert (dist == 256, "tr_static_init: dist != 256");
- dist >>= 7; /* from now on, all distances are divided by 128 */
- for ( ; code < D_CODES; code++) {
- base_dist[code] = dist << 7;
- for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) {
- dist_code[256 + dist++] = (uch)code;
- }
- }
- Assert (dist == 256, "tr_static_init: 256+dist != 512");
-
- /* Construct the codes of the static literal tree */
- for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0;
- n = 0;
- while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++;
- while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++;
- while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++;
- while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++;
- /* Codes 286 and 287 do not exist, but we must include them in the
- * tree construction to get a canonical Huffman tree (longest code
- * all ones)
- */
- gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count);
-
- /* The static distance tree is trivial: */
- for (n = 0; n < D_CODES; n++) {
- static_dtree[n].Len = 5;
- static_dtree[n].Code = bi_reverse((unsigned)n, 5);
- }
- static_init_done = 1;
-}
-
-/* ===========================================================================
- * Initialize the tree data structures for a new zlib stream.
- */
-void _tr_init(s)
- deflate_state *s;
-{
- tr_static_init();
-
- s->compressed_len = 0L;
-
- s->l_desc.dyn_tree = s->dyn_ltree;
- s->l_desc.stat_desc = &static_l_desc;
-
- s->d_desc.dyn_tree = s->dyn_dtree;
- s->d_desc.stat_desc = &static_d_desc;
-
- s->bl_desc.dyn_tree = s->bl_tree;
- s->bl_desc.stat_desc = &static_bl_desc;
-
- s->bi_buf = 0;
- s->bi_valid = 0;
- s->last_eob_len = 8; /* enough lookahead for inflate */
-#ifdef DEBUG
- s->bits_sent = 0L;
-#endif
-
- /* Initialize the first block of the first file: */
- init_block(s);
-}
-
-/* ===========================================================================
- * Initialize a new block.
- */
-local void init_block(s)
- deflate_state *s;
-{
- int n; /* iterates over tree elements */
-
- /* Initialize the trees. */
- for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0;
- for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0;
- for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0;
-
- s->dyn_ltree[END_BLOCK].Freq = 1;
- s->opt_len = s->static_len = 0L;
- s->last_lit = s->matches = 0;
-}
-
-#define SMALLEST 1
-/* Index within the heap array of least frequent node in the Huffman tree */
-
-
-/* ===========================================================================
- * Remove the smallest element from the heap and recreate the heap with
- * one less element. Updates heap and heap_len.
- */
-#define pqremove(s, tree, top) \
-{\
- top = s->heap[SMALLEST]; \
- s->heap[SMALLEST] = s->heap[s->heap_len--]; \
- pqdownheap(s, tree, SMALLEST); \
-}
-
-/* ===========================================================================
- * Compares to subtrees, using the tree depth as tie breaker when
- * the subtrees have equal frequency. This minimizes the worst case length.
- */
-#define smaller(tree, n, m, depth) \
- (tree[n].Freq < tree[m].Freq || \
- (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m]))
-
-/* ===========================================================================
- * Restore the heap property by moving down the tree starting at node k,
- * exchanging a node with the smallest of its two sons if necessary, stopping
- * when the heap property is re-established (each father smaller than its
- * two sons).
- */
-local void pqdownheap(s, tree, k)
- deflate_state *s;
- ct_data *tree; /* the tree to restore */
- int k; /* node to move down */
-{
- int v = s->heap[k];
- int j = k << 1; /* left son of k */
- while (j <= s->heap_len) {
- /* Set j to the smallest of the two sons: */
- if (j < s->heap_len &&
- smaller(tree, s->heap[j+1], s->heap[j], s->depth)) {
- j++;
- }
- /* Exit if v is smaller than both sons */
- if (smaller(tree, v, s->heap[j], s->depth)) break;
-
- /* Exchange v with the smallest son */
- s->heap[k] = s->heap[j]; k = j;
-
- /* And continue down the tree, setting j to the left son of k */
- j <<= 1;
- }
- s->heap[k] = v;
-}
-
-/* ===========================================================================
- * Compute the optimal bit lengths for a tree and update the total bit length
- * for the current block.
- * IN assertion: the fields freq and dad are set, heap[heap_max] and
- * above are the tree nodes sorted by increasing frequency.
- * OUT assertions: the field len is set to the optimal bit length, the
- * array bl_count contains the frequencies for each bit length.
- * The length opt_len is updated; static_len is also updated if stree is
- * not null.
- */
-local void gen_bitlen(s, desc)
- deflate_state *s;
- tree_desc *desc; /* the tree descriptor */
-{
- ct_data *tree = desc->dyn_tree;
- int max_code = desc->max_code;
- ct_data *stree = desc->stat_desc->static_tree;
- intf *extra = desc->stat_desc->extra_bits;
- int base = desc->stat_desc->extra_base;
- int max_length = desc->stat_desc->max_length;
- int h; /* heap index */
- int n, m; /* iterate over the tree elements */
- int bits; /* bit length */
- int xbits; /* extra bits */
- ush f; /* frequency */
- int overflow = 0; /* number of elements with bit length too large */
-
- for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0;
-
- /* In a first pass, compute the optimal bit lengths (which may
- * overflow in the case of the bit length tree).
- */
- tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */
-
- for (h = s->heap_max+1; h < HEAP_SIZE; h++) {
- n = s->heap[h];
- bits = tree[tree[n].Dad].Len + 1;
- if (bits > max_length) bits = max_length, overflow++;
- tree[n].Len = (ush)bits;
- /* We overwrite tree[n].Dad which is no longer needed */
-
- if (n > max_code) continue; /* not a leaf node */
-
- s->bl_count[bits]++;
- xbits = 0;
- if (n >= base) xbits = extra[n-base];
- f = tree[n].Freq;
- s->opt_len += (ulg)f * (bits + xbits);
- if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits);
- }
- if (overflow == 0) return;
-
- Trace((stderr,"\nbit length overflow\n"));
- /* This happens for example on obj2 and pic of the Calgary corpus */
-
- /* Find the first bit length which could increase: */
- do {
- bits = max_length-1;
- while (s->bl_count[bits] == 0) bits--;
- s->bl_count[bits]--; /* move one leaf down the tree */
- s->bl_count[bits+1] += 2; /* move one overflow item as its brother */
- s->bl_count[max_length]--;
- /* The brother of the overflow item also moves one step up,
- * but this does not affect bl_count[max_length]
- */
- overflow -= 2;
- } while (overflow > 0);
-
- /* Now recompute all bit lengths, scanning in increasing frequency.
- * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all
- * lengths instead of fixing only the wrong ones. This idea is taken
- * from 'ar' written by Haruhiko Okumura.)
- */
- for (bits = max_length; bits != 0; bits--) {
- n = s->bl_count[bits];
- while (n != 0) {
- m = s->heap[--h];
- if (m > max_code) continue;
- if (tree[m].Len != (unsigned) bits) {
- Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits));
- s->opt_len += ((long)bits - (long)tree[m].Len)
- *(long)tree[m].Freq;
- tree[m].Len = (ush)bits;
- }
- n--;
- }
- }
-}
-
-/* ===========================================================================
- * Generate the codes for a given tree and bit counts (which need not be
- * optimal).
- * IN assertion: the array bl_count contains the bit length statistics for
- * the given tree and the field len is set for all tree elements.
- * OUT assertion: the field code is set for all tree elements of non
- * zero code length.
- */
-local void gen_codes (tree, max_code, bl_count)
- ct_data *tree; /* the tree to decorate */
- int max_code; /* largest code with non zero frequency */
- ushf *bl_count; /* number of codes at each bit length */
-{
- ush next_code[MAX_BITS+1]; /* next code value for each bit length */
- ush code = 0; /* running code value */
- int bits; /* bit index */
- int n; /* code index */
-
- /* The distribution counts are first used to generate the code values
- * without bit reversal.
- */
- for (bits = 1; bits <= MAX_BITS; bits++) {
- next_code[bits] = code = (code + bl_count[bits-1]) << 1;
- }
- /* Check that the bit counts in bl_count are consistent. The last code
- * must be all ones.
- */
- Assert (code + bl_count[MAX_BITS]-1 == (1<<MAX_BITS)-1,
- "inconsistent bit counts");
- Tracev((stderr,"\ngen_codes: max_code %d ", max_code));
-
- for (n = 0; n <= max_code; n++) {
- int len = tree[n].Len;
- if (len == 0) continue;
- /* Now reverse the bits */
- tree[n].Code = bi_reverse(next_code[len]++, len);
-
- Tracecv(tree != static_ltree, (stderr,"\nn %3d %c l %2d c %4x (%x) ",
- n, (isgraph(n) ? n : ' '), len, tree[n].Code, next_code[len]-1));
- }
-}
-
-/* ===========================================================================
- * Construct one Huffman tree and assigns the code bit strings and lengths.
- * Update the total bit length for the current block.
- * IN assertion: the field freq is set for all tree elements.
- * OUT assertions: the fields len and code are set to the optimal bit length
- * and corresponding code. The length opt_len is updated; static_len is
- * also updated if stree is not null. The field max_code is set.
- */
-local void build_tree(s, desc)
- deflate_state *s;
- tree_desc *desc; /* the tree descriptor */
-{
- ct_data *tree = desc->dyn_tree;
- ct_data *stree = desc->stat_desc->static_tree;
- int elems = desc->stat_desc->elems;
- int n, m; /* iterate over heap elements */
- int max_code = -1; /* largest code with non zero frequency */
- int node; /* new node being created */
-
- /* Construct the initial heap, with least frequent element in
- * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1].
- * heap[0] is not used.
- */
- s->heap_len = 0, s->heap_max = HEAP_SIZE;
-
- for (n = 0; n < elems; n++) {
- if (tree[n].Freq != 0) {
- s->heap[++(s->heap_len)] = max_code = n;
- s->depth[n] = 0;
- } else {
- tree[n].Len = 0;
- }
- }
-
- /* The pkzip format requires that at least one distance code exists,
- * and that at least one bit should be sent even if there is only one
- * possible code. So to avoid special checks later on we force at least
- * two codes of non zero frequency.
- */
- while (s->heap_len < 2) {
- node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0);
- tree[node].Freq = 1;
- s->depth[node] = 0;
- s->opt_len--; if (stree) s->static_len -= stree[node].Len;
- /* node is 0 or 1 so it does not have extra bits */
- }
- desc->max_code = max_code;
-
- /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree,
- * establish sub-heaps of increasing lengths:
- */
- for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n);
-
- /* Construct the Huffman tree by repeatedly combining the least two
- * frequent nodes.
- */
- node = elems; /* next internal node of the tree */
- do {
- pqremove(s, tree, n); /* n = node of least frequency */
- m = s->heap[SMALLEST]; /* m = node of next least frequency */
-
- s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */
- s->heap[--(s->heap_max)] = m;
-
- /* Create a new node father of n and m */
- tree[node].Freq = tree[n].Freq + tree[m].Freq;
- s->depth[node] = (uch) (MAX(s->depth[n], s->depth[m]) + 1);
- tree[n].Dad = tree[m].Dad = (ush)node;
-#ifdef DUMP_BL_TREE
- if (tree == s->bl_tree) {
- fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)",
- node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq);
- }
-#endif
- /* and insert the new node in the heap */
- s->heap[SMALLEST] = node++;
- pqdownheap(s, tree, SMALLEST);
-
- } while (s->heap_len >= 2);
-
- s->heap[--(s->heap_max)] = s->heap[SMALLEST];
-
- /* At this point, the fields freq and dad are set. We can now
- * generate the bit lengths.
- */
- gen_bitlen(s, (tree_desc *)desc);
-
- /* The field len is now set, we can generate the bit codes */
- gen_codes ((ct_data *)tree, max_code, s->bl_count);
-}
-
-/* ===========================================================================
- * Scan a literal or distance tree to determine the frequencies of the codes
- * in the bit length tree.
- */
-local void scan_tree (s, tree, max_code)
- deflate_state *s;
- ct_data *tree; /* the tree to be scanned */
- int max_code; /* and its largest code of non zero frequency */
-{
- int n; /* iterates over all tree elements */
- int prevlen = -1; /* last emitted length */
- int curlen; /* length of current code */
- int nextlen = tree[0].Len; /* length of next code */
- int count = 0; /* repeat count of the current code */
- int max_count = 7; /* max repeat count */
- int min_count = 4; /* min repeat count */
-
- if (nextlen == 0) max_count = 138, min_count = 3;
- tree[max_code+1].Len = (ush)0xffff; /* guard */
-
- for (n = 0; n <= max_code; n++) {
- curlen = nextlen; nextlen = tree[n+1].Len;
- if (++count < max_count && curlen == nextlen) {
- continue;
- } else if (count < min_count) {
- s->bl_tree[curlen].Freq += count;
- } else if (curlen != 0) {
- if (curlen != prevlen) s->bl_tree[curlen].Freq++;
- s->bl_tree[REP_3_6].Freq++;
- } else if (count <= 10) {
- s->bl_tree[REPZ_3_10].Freq++;
- } else {
- s->bl_tree[REPZ_11_138].Freq++;
- }
- count = 0; prevlen = curlen;
- if (nextlen == 0) {
- max_count = 138, min_count = 3;
- } else if (curlen == nextlen) {
- max_count = 6, min_count = 3;
- } else {
- max_count = 7, min_count = 4;
- }
- }
-}
-
-/* ===========================================================================
- * Send a literal or distance tree in compressed form, using the codes in
- * bl_tree.
- */
-local void send_tree (s, tree, max_code)
- deflate_state *s;
- ct_data *tree; /* the tree to be scanned */
- int max_code; /* and its largest code of non zero frequency */
-{
- int n; /* iterates over all tree elements */
- int prevlen = -1; /* last emitted length */
- int curlen; /* length of current code */
- int nextlen = tree[0].Len; /* length of next code */
- int count = 0; /* repeat count of the current code */
- int max_count = 7; /* max repeat count */
- int min_count = 4; /* min repeat count */
-
- /* tree[max_code+1].Len = -1; */ /* guard already set */
- if (nextlen == 0) max_count = 138, min_count = 3;
-
- for (n = 0; n <= max_code; n++) {
- curlen = nextlen; nextlen = tree[n+1].Len;
- if (++count < max_count && curlen == nextlen) {
- continue;
- } else if (count < min_count) {
- do { send_code(s, curlen, s->bl_tree); } while (--count != 0);
-
- } else if (curlen != 0) {
- if (curlen != prevlen) {
- send_code(s, curlen, s->bl_tree); count--;
- }
- Assert(count >= 3 && count <= 6, " 3_6?");
- send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2);
-
- } else if (count <= 10) {
- send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3);
-
- } else {
- send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7);
- }
- count = 0; prevlen = curlen;
- if (nextlen == 0) {
- max_count = 138, min_count = 3;
- } else if (curlen == nextlen) {
- max_count = 6, min_count = 3;
- } else {
- max_count = 7, min_count = 4;
- }
- }
-}
-
-/* ===========================================================================
- * Construct the Huffman tree for the bit lengths and return the index in
- * bl_order of the last bit length code to send.
- */
-local int build_bl_tree(s)
- deflate_state *s;
-{
- int max_blindex; /* index of last bit length code of non zero freq */
-
- /* Determine the bit length frequencies for literal and distance trees */
- scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code);
- scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code);
-
- /* Build the bit length tree: */
- build_tree(s, (tree_desc *)(&(s->bl_desc)));
- /* opt_len now includes the length of the tree representations, except
- * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.
- */
-
- /* Determine the number of bit length codes to send. The pkzip format
- * requires that at least 4 bit length codes be sent. (appnote.txt says
- * 3 but the actual value used is 4.)
- */
- for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) {
- if (s->bl_tree[bl_order[max_blindex]].Len != 0) break;
- }
- /* Update opt_len to include the bit length tree and counts */
- s->opt_len += 3*(max_blindex+1) + 5+5+4;
- Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld",
- s->opt_len, s->static_len));
-
- return max_blindex;
-}
-
-/* ===========================================================================
- * Send the header for a block using dynamic Huffman trees: the counts, the
- * lengths of the bit length codes, the literal tree and the distance tree.
- * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.
- */
-local void send_all_trees(s, lcodes, dcodes, blcodes)
- deflate_state *s;
- int lcodes, dcodes, blcodes; /* number of codes for each tree */
-{
- int rank; /* index in bl_order */
-
- Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes");
- Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,
- "too many codes");
- Tracev((stderr, "\nbl counts: "));
- send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */
- send_bits(s, dcodes-1, 5);
- send_bits(s, blcodes-4, 4); /* not -3 as stated in appnote.txt */
- for (rank = 0; rank < blcodes; rank++) {
- Tracev((stderr, "\nbl code %2d ", bl_order[rank]));
- send_bits(s, s->bl_tree[bl_order[rank]].Len, 3);
- }
- Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent));
-
- send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */
- Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent));
-
- send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */
- Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent));
-}
-
-/* ===========================================================================
- * Send a stored block
- */
-void _tr_stored_block(s, buf, stored_len, eof)
- deflate_state *s;
- charf *buf; /* input block */
- ulg stored_len; /* length of input block */
- int eof; /* true if this is the last block for a file */
-{
- send_bits(s, (STORED_BLOCK<<1)+eof, 3); /* send block type */
- s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L;
- s->compressed_len += (stored_len + 4) << 3;
-
- copy_block(s, buf, (unsigned)stored_len, 1); /* with header */
-}
-
-/* ===========================================================================
- * Send one empty static block to give enough lookahead for inflate.
- * This takes 10 bits, of which 7 may remain in the bit buffer.
- * The current inflate code requires 9 bits of lookahead. If the
- * last two codes for the previous block (real code plus EOB) were coded
- * on 5 bits or less, inflate may have only 5+3 bits of lookahead to decode
- * the last real code. In this case we send two empty static blocks instead
- * of one. (There are no problems if the previous block is stored or fixed.)
- * To simplify the code, we assume the worst case of last real code encoded
- * on one bit only.
- */
-void _tr_align(s)
- deflate_state *s;
-{
- send_bits(s, STATIC_TREES<<1, 3);
- send_code(s, END_BLOCK, static_ltree);
- s->compressed_len += 10L; /* 3 for block type, 7 for EOB */
- bi_flush(s);
- /* Of the 10 bits for the empty block, we have already sent
- * (10 - bi_valid) bits. The lookahead for the last real code (before
- * the EOB of the previous block) was thus at least one plus the length
- * of the EOB plus what we have just sent of the empty static block.
- */
- if (1 + s->last_eob_len + 10 - s->bi_valid < 9) {
- send_bits(s, STATIC_TREES<<1, 3);
- send_code(s, END_BLOCK, static_ltree);
- s->compressed_len += 10L;
- bi_flush(s);
- }
- s->last_eob_len = 7;
-}
-
-/* ===========================================================================
- * Determine the best encoding for the current block: dynamic trees, static
- * trees or store, and output the encoded block to the zip file. This function
- * returns the total compressed length for the file so far.
- */
-ulg _tr_flush_block(s, buf, stored_len, eof)
- deflate_state *s;
- charf *buf; /* input block, or NULL if too old */
- ulg stored_len; /* length of input block */
- int eof; /* true if this is the last block for a file */
-{
- ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */
- int max_blindex = 0; /* index of last bit length code of non zero freq */
-
- /* Build the Huffman trees unless a stored block is forced */
- if (s->level > 0) {
-
- /* Check if the file is ascii or binary */
- if (s->data_type == Z_UNKNOWN) set_data_type(s);
-
- /* Construct the literal and distance trees */
- build_tree(s, (tree_desc *)(&(s->l_desc)));
- Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len,
- s->static_len));
-
- build_tree(s, (tree_desc *)(&(s->d_desc)));
- Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len,
- s->static_len));
- /* At this point, opt_len and static_len are the total bit lengths of
- * the compressed block data, excluding the tree representations.
- */
-
- /* Build the bit length tree for the above two trees, and get the index
- * in bl_order of the last bit length code to send.
- */
- max_blindex = build_bl_tree(s);
-
- /* Determine the best encoding. Compute first the block length in bytes*/
- opt_lenb = (s->opt_len+3+7)>>3;
- static_lenb = (s->static_len+3+7)>>3;
-
- Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
- opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
- s->last_lit));
-
- if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
-
- } else {
- Assert(buf != (char*)0, "lost buf");
- opt_lenb = static_lenb = stored_len + 5; /* force a stored block */
- }
-
- /* If compression failed and this is the first and last block,
- * and if the .zip file can be seeked (to rewrite the local header),
- * the whole file is transformed into a stored file:
- */
-#ifdef STORED_FILE_OK
-# ifdef FORCE_STORED_FILE
- if (eof && s->compressed_len == 0L) { /* force stored file */
-# else
- if (stored_len <= opt_lenb && eof && s->compressed_len==0L && seekable()) {
-# endif
- /* Since LIT_BUFSIZE <= 2*WSIZE, the input data must be there: */
- if (buf == (charf*)0) error ("block vanished");
-
- copy_block(buf, (unsigned)stored_len, 0); /* without header */
- s->compressed_len = stored_len << 3;
- s->method = STORED;
- } else
-#endif /* STORED_FILE_OK */
-
-#ifdef FORCE_STORED
- if (buf != (char*)0) { /* force stored block */
-#else
- if (stored_len+4 <= opt_lenb && buf != (char*)0) {
- /* 4: two words for the lengths */
-#endif
- /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.
- * Otherwise we can't have processed more than WSIZE input bytes since
- * the last block flush, because compression would have been
- * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to
- * transform a block into a stored block.
- */
- _tr_stored_block(s, buf, stored_len, eof);
-
-#ifdef FORCE_STATIC
- } else if (static_lenb >= 0) { /* force static trees */
-#else
- } else if (static_lenb == opt_lenb) {
-#endif
- send_bits(s, (STATIC_TREES<<1)+eof, 3);
- compress_block(s, (ct_data *)static_ltree, (ct_data *)static_dtree);
- s->compressed_len += 3 + s->static_len;
- } else {
- send_bits(s, (DYN_TREES<<1)+eof, 3);
- send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1,
- max_blindex+1);
- compress_block(s, (ct_data *)s->dyn_ltree, (ct_data *)s->dyn_dtree);
- s->compressed_len += 3 + s->opt_len;
- }
- Assert (s->compressed_len == s->bits_sent, "bad compressed size");
- init_block(s);
-
- if (eof) {
- bi_windup(s);
- s->compressed_len += 7; /* align on byte boundary */
- }
- Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3,
- s->compressed_len-7*eof));
-
- return s->compressed_len >> 3;
-}
-
-/* ===========================================================================
- * Save the match info and tally the frequency counts. Return true if
- * the current block must be flushed.
- */
-int _tr_tally (s, dist, lc)
- deflate_state *s;
- unsigned dist; /* distance of matched string */
- unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
-{
- s->d_buf[s->last_lit] = (ush)dist;
- s->l_buf[s->last_lit++] = (uch)lc;
- if (dist == 0) {
- /* lc is the unmatched char */
- s->dyn_ltree[lc].Freq++;
- } else {
- s->matches++;
- /* Here, lc is the match length - MIN_MATCH */
- dist--; /* dist = match distance - 1 */
- Assert((ush)dist < (ush)MAX_DIST(s) &&
- (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&
- (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match");
-
- s->dyn_ltree[length_code[lc]+LITERALS+1].Freq++;
- s->dyn_dtree[d_code(dist)].Freq++;
- }
-
- /* Try to guess if it is profitable to stop the current block here */
- if (s->level > 2 && (s->last_lit & 0xfff) == 0) {
- /* Compute an upper bound for the compressed length */
- ulg out_length = (ulg)s->last_lit*8L;
- ulg in_length = (ulg)((long)s->strstart - s->block_start);
- int dcode;
- for (dcode = 0; dcode < D_CODES; dcode++) {
- out_length += (ulg)s->dyn_dtree[dcode].Freq *
- (5L+extra_dbits[dcode]);
- }
- out_length >>= 3;
- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
- s->last_lit, in_length, out_length,
- 100L - out_length*100L/in_length));
- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
- }
- return (s->last_lit == s->lit_bufsize-1);
- /* We avoid equality with lit_bufsize because of wraparound at 64K
- * on 16 bit machines and because stored blocks are restricted to
- * 64K-1 bytes.
- */
-}
-
-/* ===========================================================================
- * Send the block data compressed using the given Huffman trees
- */
-local void compress_block(s, ltree, dtree)
- deflate_state *s;
- ct_data *ltree; /* literal tree */
- ct_data *dtree; /* distance tree */
-{
- unsigned dist; /* distance of matched string */
- int lc; /* match length or unmatched char (if dist == 0) */
- unsigned lx = 0; /* running index in l_buf */
- unsigned code; /* the code to send */
- int extra; /* number of extra bits to send */
-
- if (s->last_lit != 0) do {
- dist = s->d_buf[lx];
- lc = s->l_buf[lx++];
- if (dist == 0) {
- send_code(s, lc, ltree); /* send a literal byte */
- Tracecv(isgraph(lc), (stderr," '%c' ", lc));
- } else {
- /* Here, lc is the match length - MIN_MATCH */
- code = length_code[lc];
- send_code(s, code+LITERALS+1, ltree); /* send the length code */
- extra = extra_lbits[code];
- if (extra != 0) {
- lc -= base_length[code];
- send_bits(s, lc, extra); /* send the extra length bits */
- }
- dist--; /* dist is now the match distance - 1 */
- code = d_code(dist);
- Assert (code < D_CODES, "bad d_code");
-
- send_code(s, code, dtree); /* send the distance code */
- extra = extra_dbits[code];
- if (extra != 0) {
- dist -= base_dist[code];
- send_bits(s, dist, extra); /* send the extra distance bits */
- }
- } /* literal or match pair ? */
-
- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
- Assert((uInt)s->pending < s->lit_bufsize + 2*lx, "pendingBuf overflow");
-
- } while (lx < s->last_lit);
-
- send_code(s, END_BLOCK, ltree);
- s->last_eob_len = ltree[END_BLOCK].Len;
-}
-
-/* ===========================================================================
- * Set the data type to ASCII or BINARY, using a crude approximation:
- * binary if more than 20% of the bytes are <= 6 or >= 128, ascii otherwise.
- * IN assertion: the fields freq of dyn_ltree are set and the total of all
- * frequencies does not exceed 64K (to fit in an int on 16 bit machines).
- */
-local void set_data_type(s)
- deflate_state *s;
-{
- int n = 0;
- unsigned ascii_freq = 0;
- unsigned bin_freq = 0;
- while (n < 7) bin_freq += s->dyn_ltree[n++].Freq;
- while (n < 128) ascii_freq += s->dyn_ltree[n++].Freq;
- while (n < LITERALS) bin_freq += s->dyn_ltree[n++].Freq;
- s->data_type = (Byte)(bin_freq > (ascii_freq >> 2) ? Z_BINARY : Z_ASCII);
-}
-
-/* ===========================================================================
- * Reverse the first len bits of a code, using straightforward code (a faster
- * method would use a table)
- * IN assertion: 1 <= len <= 15
- */
-local unsigned bi_reverse(code, len)
- unsigned code; /* the value to invert */
- int len; /* its bit length */
-{
- register unsigned res = 0;
- do {
- res |= code & 1;
- code >>= 1, res <<= 1;
- } while (--len > 0);
- return res >> 1;
-}
-
-/* ===========================================================================
- * Flush the bit buffer, keeping at most 7 bits in it.
- */
-local void bi_flush(s)
- deflate_state *s;
-{
- if (s->bi_valid == 16) {
- put_short(s, s->bi_buf);
- s->bi_buf = 0;
- s->bi_valid = 0;
- } else if (s->bi_valid >= 8) {
- put_byte(s, (Byte)s->bi_buf);
- s->bi_buf >>= 8;
- s->bi_valid -= 8;
- }
-}
-
-/* ===========================================================================
- * Flush the bit buffer and align the output on a byte boundary
- */
-local void bi_windup(s)
- deflate_state *s;
-{
- if (s->bi_valid > 8) {
- put_short(s, s->bi_buf);
- } else if (s->bi_valid > 0) {
- put_byte(s, (Byte)s->bi_buf);
- }
- s->bi_buf = 0;
- s->bi_valid = 0;
-#ifdef DEBUG
- s->bits_sent = (s->bits_sent+7) & ~7;
-#endif
-}
-
-/* ===========================================================================
- * Copy a stored block, storing first the length and its
- * one's complement if requested.
- */
-local void copy_block(s, buf, len, header)
- deflate_state *s;
- charf *buf; /* the input data */
- unsigned len; /* its length */
- int header; /* true if block header must be written */
-{
- bi_windup(s); /* align on byte boundary */
- s->last_eob_len = 8; /* enough lookahead for inflate */
-
- if (header) {
- put_short(s, (ush)len);
- put_short(s, (ush)~len);
-#ifdef DEBUG
- s->bits_sent += 2*16;
-#endif
- }
-#ifdef DEBUG
- s->bits_sent += (ulg)len<<3;
-#endif
- while (len--) {
- put_byte(s, *buf++);
- }
-}
diff --git a/security/nss/cmd/zlib/uncompr.c b/security/nss/cmd/zlib/uncompr.c
deleted file mode 100644
index 5e5a83247..000000000
--- a/security/nss/cmd/zlib/uncompr.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/* uncompr.c -- decompress a memory buffer
- * Copyright (C) 1995-1996 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-/* $Id$ */
-
-#include "zlib.h"
-
-/* ===========================================================================
- Decompresses the source buffer into the destination buffer. sourceLen is
- the byte length of the source buffer. Upon entry, destLen is the total
- size of the destination buffer, which must be large enough to hold the
- entire uncompressed data. (The size of the uncompressed data must have
- been saved previously by the compressor and transmitted to the decompressor
- by some mechanism outside the scope of this compression library.)
- Upon exit, destLen is the actual size of the compressed buffer.
- This function can be used to decompress a whole file at once if the
- input file is mmap'ed.
-
- uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_BUF_ERROR if there was not enough room in the output
- buffer, or Z_DATA_ERROR if the input data was corrupted.
-*/
-PR_PUBLIC_API(int) uncompress (dest, destLen, source, sourceLen)
- Bytef *dest;
- uLongf *destLen;
- const Bytef *source;
- uLong sourceLen;
-{
- z_stream stream;
- int err;
-
- stream.next_in = (Bytef*)source;
- stream.avail_in = (uInt)sourceLen;
- /* Check for source > 64K on 16-bit machine: */
- if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
-
- stream.next_out = dest;
- stream.avail_out = (uInt)*destLen;
- if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
-
- stream.zalloc = (alloc_func)0;
- stream.zfree = (free_func)0;
-
- err = inflateInit(&stream);
- if (err != Z_OK) return err;
-
- err = inflate(&stream, Z_FINISH);
- if (err != Z_STREAM_END) {
- inflateEnd(&stream);
- return err;
- }
- *destLen = stream.total_out;
-
- err = inflateEnd(&stream);
- return err;
-}
diff --git a/security/nss/cmd/zlib/zconf.h b/security/nss/cmd/zlib/zconf.h
deleted file mode 100644
index 278aaa5d5..000000000
--- a/security/nss/cmd/zlib/zconf.h
+++ /dev/null
@@ -1,190 +0,0 @@
-/* zconf.h -- configuration of the zlib compression library
- * Copyright (C) 1995-1996 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-/* $Id$ */
-
-#ifndef _ZCONF_H
-#define _ZCONF_H
-
-/*
- * If you *really* need a unique prefix for all types and library functions,
- * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
- */
-#ifdef Z_PREFIX
-# define deflateInit_ z_deflateInit_
-# define deflate z_deflate
-# define deflateEnd z_deflateEnd
-# define inflateInit_ z_inflateInit_
-# define inflate z_inflate
-# define inflateEnd z_inflateEnd
-# define deflateInit2_ z_deflateInit2_
-# define deflateSetDictionary z_deflateSetDictionary
-# define deflateCopy z_deflateCopy
-# define deflateReset z_deflateReset
-# define deflateParams z_deflateParams
-# define inflateInit2_ z_inflateInit2_
-# define inflateSetDictionary z_inflateSetDictionary
-# define inflateSync z_inflateSync
-# define inflateReset z_inflateReset
-# define compress z_compress
-# define uncompress z_uncompress
-# define adler32 z_adler32
-# define crc32 z_crc32
-# define get_crc_table z_get_crc_table
-
-# define Byte z_Byte
-# define uInt z_uInt
-# define uLong z_uLong
-# define Bytef z_Bytef
-# define charf z_charf
-# define intf z_intf
-# define uIntf z_uIntf
-# define uLongf z_uLongf
-# define voidpf z_voidpf
-# define voidp z_voidp
-#endif
-
-#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
-# define WIN32
-#endif
-#if defined(__GNUC__) || defined(WIN32) || defined(__386__) || defined(i386)
-# ifndef __32BIT__
-# define __32BIT__
-# endif
-#endif
-#if defined(__MSDOS__) && !defined(MSDOS)
-# define MSDOS
-#endif
-
-/*
- * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
- * than 64k bytes at a time (needed on systems with 16-bit int).
- */
-#if defined(MSDOS) && !defined(__32BIT__)
-# define MAXSEG_64K
-#endif
-#ifdef MSDOS
-# define UNALIGNED_OK
-#endif
-
-#if (defined(MSDOS) || defined(_WINDOWS) || defined(WIN32) || defined(XP_OS2)) && !defined(STDC)
-# define STDC
-#endif
-#if (defined(__STDC__) || defined(__cplusplus)) && !defined(STDC)
-# define STDC
-#endif
-
-#ifndef STDC
-# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
-# define const
-# endif
-#endif
-
-/* Some Mac compilers merge all .h files incorrectly: */
-#if defined(__MWERKS__) || defined(applec) ||defined(THINK_C) ||defined(__SC__)
-# define NO_DUMMY_DECL
-#endif
-
-/* Maximum value for memLevel in deflateInit2 */
-#ifndef MAX_MEM_LEVEL
-# ifdef MAXSEG_64K
-# define MAX_MEM_LEVEL 8
-# else
-# define MAX_MEM_LEVEL 9
-# endif
-#endif
-
-/* Maximum value for windowBits in deflateInit2 and inflateInit2 */
-#ifndef MAX_WBITS
-# define MAX_WBITS 15 /* 32K LZ77 window */
-#endif
-
-/* The memory requirements for deflate are (in bytes):
- 1 << (windowBits+2) + 1 << (memLevel+9)
- that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values)
- plus a few kilobytes for small objects. For example, if you want to reduce
- the default memory requirements from 256K to 128K, compile with
- make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
- Of course this will generally degrade compression (there's no free lunch).
-
- The memory requirements for inflate are (in bytes) 1 << windowBits
- that is, 32K for windowBits=15 (default value) plus a few kilobytes
- for small objects.
-*/
-
- /* Type declarations */
-
-#ifndef OF /* function prototypes */
-# ifdef STDC
-# define OF(args) args
-# else
-# define OF(args) ()
-# endif
-#endif
-
-/* The following definitions for FAR are needed only for MSDOS mixed
- * model programming (small or medium model with some far allocations).
- * This was tested only with MSC; for other MSDOS compilers you may have
- * to define NO_MEMCPY in zutil.h. If you don't need the mixed model,
- * just define FAR to be empty.
- */
-#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(__32BIT__)
- /* MSC small or medium model */
-# define SMALL_MEDIUM
-# ifdef _MSC_VER
-# define FAR __far
-# else
-# define FAR far
-# endif
-#endif
-#if defined(__BORLANDC__) && (defined(__SMALL__) || defined(__MEDIUM__))
-# ifndef __32BIT__
-# define SMALL_MEDIUM
-# define FAR __far
-# endif
-#endif
-#ifndef FAR
-# define FAR
-#endif
-
-typedef unsigned char Byte; /* 8 bits */
-typedef unsigned int uInt; /* 16 bits or more */
-typedef unsigned long uLong; /* 32 bits or more */
-
-#if defined(__BORLANDC__) && defined(SMALL_MEDIUM)
- /* Borland C/C++ ignores FAR inside typedef */
-# define Bytef Byte FAR
-#else
- typedef Byte FAR Bytef;
-#endif
-typedef char FAR charf;
-typedef int FAR intf;
-typedef uInt FAR uIntf;
-typedef uLong FAR uLongf;
-
-#ifdef STDC
- typedef void FAR *voidpf;
- typedef void *voidp;
-#else
- typedef Byte FAR *voidpf;
- typedef Byte *voidp;
-#endif
-
-#ifdef MOZILLA_CLIENT
-#include "prtypes.h"
-#else
-/* Compile with -DZLIB_DLL for Windows DLL support */
-#if (defined(_WINDOWS) || defined(WINDOWS)) && defined(ZLIB_DLL)
-# include <windows.h>
-# define EXPORT WINAPI
-#else
-# define EXPORT
-#endif
-
-#define PR_PUBLIC_API(type) type
-
-#endif /* MOZILLA_CLIENT */
-
-#endif /* _ZCONF_H */
diff --git a/security/nss/cmd/zlib/zip16.def b/security/nss/cmd/zlib/zip16.def
deleted file mode 100644
index 664eeab09..000000000
--- a/security/nss/cmd/zlib/zip16.def
+++ /dev/null
@@ -1,24 +0,0 @@
-LIBRARY zip1640.DLL
-EXETYPE WINDOWS
-PROTMODE
-
-DESCRIPTION '16-bit Zip DLL'
-
-STUB 'WINSTUB.EXE'
-
-CODE LOADONCALL MOVEABLE DISCARDABLE
-DATA PRELOAD MOVEABLE SINGLE
-
-HEAPSIZE 8192
-
-EXPORTS
-
-IMPORTS
- _malloc = nspr3.2
- _realloc = nspr3.3
- _calloc = nspr3.4
- _free = nspr3.5
- _getenv = nspr3.9
- _printf = nspr3.11
- _sscanf = nspr3.33
-
diff --git a/security/nss/cmd/zlib/zip_nodl.c b/security/nss/cmd/zlib/zip_nodl.c
deleted file mode 100644
index e8ea67d7e..000000000
--- a/security/nss/cmd/zlib/zip_nodl.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/* Automatically generated file; do not edit */
-
-#include "prtypes.h"
-
-#include "prlink.h"
-
-extern void Java_java_util_zip_Adler32_update_stub();
-extern void Java_java_util_zip_Adler32_update1_stub();
-extern void Java_java_util_zip_CRC32_update_stub();
-extern void Java_java_util_zip_CRC32_update1_stub();
-extern void Java_java_util_zip_Deflater_setDictionary_stub();
-extern void Java_java_util_zip_Deflater_deflate_stub();
-extern void Java_java_util_zip_Deflater_getAdler_stub();
-extern void Java_java_util_zip_Deflater_getTotalIn_stub();
-extern void Java_java_util_zip_Deflater_getTotalOut_stub();
-extern void Java_java_util_zip_Deflater_reset_stub();
-extern void Java_java_util_zip_Deflater_end_stub();
-extern void Java_java_util_zip_Deflater_init_stub();
-extern void Java_java_util_zip_Inflater_setDictionary_stub();
-extern void Java_java_util_zip_Inflater_inflate_stub();
-extern void Java_java_util_zip_Inflater_getAdler_stub();
-extern void Java_java_util_zip_Inflater_getTotalIn_stub();
-extern void Java_java_util_zip_Inflater_getTotalOut_stub();
-extern void Java_java_util_zip_Inflater_reset_stub();
-extern void Java_java_util_zip_Inflater_end_stub();
-extern void Java_java_util_zip_Inflater_init_stub();
-
-PRStaticLinkTable zip_nodl_tab[] = {
- { "Java_java_util_zip_Adler32_update_stub", Java_java_util_zip_Adler32_update_stub },
- { "Java_java_util_zip_Adler32_update1_stub", Java_java_util_zip_Adler32_update1_stub },
- { "Java_java_util_zip_CRC32_update_stub", Java_java_util_zip_CRC32_update_stub },
- { "Java_java_util_zip_CRC32_update1_stub", Java_java_util_zip_CRC32_update1_stub },
- { "Java_java_util_zip_Deflater_setDictionary_stub", Java_java_util_zip_Deflater_setDictionary_stub },
- { "Java_java_util_zip_Deflater_deflate_stub", Java_java_util_zip_Deflater_deflate_stub },
- { "Java_java_util_zip_Deflater_getAdler_stub", Java_java_util_zip_Deflater_getAdler_stub },
- { "Java_java_util_zip_Deflater_getTotalIn_stub", Java_java_util_zip_Deflater_getTotalIn_stub },
- { "Java_java_util_zip_Deflater_getTotalOut_stub", Java_java_util_zip_Deflater_getTotalOut_stub },
- { "Java_java_util_zip_Deflater_reset_stub", Java_java_util_zip_Deflater_reset_stub },
- { "Java_java_util_zip_Deflater_end_stub", Java_java_util_zip_Deflater_end_stub },
- { "Java_java_util_zip_Deflater_init_stub", Java_java_util_zip_Deflater_init_stub },
- { "Java_java_util_zip_Inflater_setDictionary_stub", Java_java_util_zip_Inflater_setDictionary_stub },
- { "Java_java_util_zip_Inflater_inflate_stub", Java_java_util_zip_Inflater_inflate_stub },
- { "Java_java_util_zip_Inflater_getAdler_stub", Java_java_util_zip_Inflater_getAdler_stub },
- { "Java_java_util_zip_Inflater_getTotalIn_stub", Java_java_util_zip_Inflater_getTotalIn_stub },
- { "Java_java_util_zip_Inflater_getTotalOut_stub", Java_java_util_zip_Inflater_getTotalOut_stub },
- { "Java_java_util_zip_Inflater_reset_stub", Java_java_util_zip_Inflater_reset_stub },
- { "Java_java_util_zip_Inflater_end_stub", Java_java_util_zip_Inflater_end_stub },
- { "Java_java_util_zip_Inflater_init_stub", Java_java_util_zip_Inflater_init_stub },
- { 0, 0, },
-};
diff --git a/security/nss/cmd/zlib/zlib.h b/security/nss/cmd/zlib/zlib.h
deleted file mode 100644
index b216f00a3..000000000
--- a/security/nss/cmd/zlib/zlib.h
+++ /dev/null
@@ -1,892 +0,0 @@
-/* zlib.h -- interface of the 'zlib' general purpose compression library
- version 1.0.4, Jul 24th, 1996.
-
- Copyright (C) 1995-1996 Jean-loup Gailly and Mark Adler
-
- This software is provided 'as-is', without any express or implied
- warranty. In no event will the authors be held liable for any damages
- arising from the use of this software.
-
- Permission is granted to anyone to use this software for any purpose,
- including commercial applications, and to alter it and redistribute it
- freely, subject to the following restrictions:
-
- 1. The origin of this software must not be misrepresented; you must not
- claim that you wrote the original software. If you use this software
- in a product, an acknowledgment in the product documentation would be
- appreciated but is not required.
- 2. Altered source versions must be plainly marked as such, and must not be
- misrepresented as being the original software.
- 3. This notice may not be removed or altered from any source distribution.
-
- Jean-loup Gailly Mark Adler
- gzip@prep.ai.mit.edu madler@alumni.caltech.edu
-
-
- The data format used by the zlib library is described by RFCs (Request for
- Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt
- (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format).
-*/
-/* This file was modified since it was taken from the zlib distribution */
-
-#ifndef _ZLIB_H
-#define _ZLIB_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "zconf.h"
-
-#define ZLIB_VERSION "1.0.4"
-
-/*
- The 'zlib' compression library provides in-memory compression and
- decompression functions, including integrity checks of the uncompressed
- data. This version of the library supports only one compression method
- (deflation) but other algorithms may be added later and will have the same
- stream interface.
-
- For compression the application must provide the output buffer and
- may optionally provide the input buffer for optimization. For decompression,
- the application must provide the input buffer and may optionally provide
- the output buffer for optimization.
-
- Compression can be done in a single step if the buffers are large
- enough (for example if an input file is mmap'ed), or can be done by
- repeated calls of the compression function. In the latter case, the
- application must provide more input and/or consume the output
- (providing more output space) before each call.
-
- The library does not install any signal handler. It is recommended to
- add at least a handler for SIGSEGV when decompressing; the library checks
- the consistency of the input data whenever possible but may go nuts
- for some forms of corrupted input.
-*/
-
-typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size));
-typedef void (*free_func) OF((voidpf opaque, voidpf address));
-
-struct internal_state;
-
-typedef struct z_stream_s {
- Bytef *next_in; /* next input byte */
- uInt avail_in; /* number of bytes available at next_in */
- uLong total_in; /* total nb of input bytes read so far */
-
- Bytef *next_out; /* next output byte should be put there */
- uInt avail_out; /* remaining free space at next_out */
- uLong total_out; /* total nb of bytes output so far */
-
- char *msg; /* last error message, NULL if no error */
- struct internal_state FAR *state; /* not visible by applications */
-
- alloc_func zalloc; /* used to allocate the internal state */
- free_func zfree; /* used to free the internal state */
- voidpf opaque; /* private data object passed to zalloc and zfree */
-
- int data_type; /* best guess about the data type: ascii or binary */
- uLong adler; /* adler32 value of the uncompressed data */
- uLong reserved; /* reserved for future use */
-} z_stream;
-
-typedef z_stream FAR *z_streamp;
-
-/*
- The application must update next_in and avail_in when avail_in has
- dropped to zero. It must update next_out and avail_out when avail_out
- has dropped to zero. The application must initialize zalloc, zfree and
- opaque before calling the init function. All other fields are set by the
- compression library and must not be updated by the application.
-
- The opaque value provided by the application will be passed as the first
- parameter for calls of zalloc and zfree. This can be useful for custom
- memory management. The compression library attaches no meaning to the
- opaque value.
-
- zalloc must return Z_NULL if there is not enough memory for the object.
- On 16-bit systems, the functions zalloc and zfree must be able to allocate
- exactly 65536 bytes, but will not be required to allocate more than this
- if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS,
- pointers returned by zalloc for objects of exactly 65536 bytes *must*
- have their offset normalized to zero. The default allocation function
- provided by this library ensures this (see zutil.c). To reduce memory
- requirements and avoid any allocation of 64K objects, at the expense of
- compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h).
-
- The fields total_in and total_out can be used for statistics or
- progress reports. After compression, total_in holds the total size of
- the uncompressed data and may be saved for use in the decompressor
- (particularly if the decompressor wants to decompress everything in
- a single step).
-*/
-
- /* constants */
-
-#define Z_NO_FLUSH 0
-#define Z_PARTIAL_FLUSH 1
-#define Z_SYNC_FLUSH 2
-#define Z_FULL_FLUSH 3
-#define Z_FINISH 4
-/* Allowed flush values; see deflate() below for details */
-
-#define Z_OK 0
-#define Z_STREAM_END 1
-#define Z_NEED_DICT 2
-#define Z_ERRNO (-1)
-#define Z_STREAM_ERROR (-2)
-#define Z_DATA_ERROR (-3)
-#define Z_MEM_ERROR (-4)
-#define Z_BUF_ERROR (-5)
-#define Z_VERSION_ERROR (-6)
-/* Return codes for the compression/decompression functions. Negative
- * values are errors, positive values are used for special but normal events.
- */
-
-#define Z_NO_COMPRESSION 0
-#define Z_BEST_SPEED 1
-#define Z_BEST_COMPRESSION 9
-#define Z_DEFAULT_COMPRESSION (-1)
-/* compression levels */
-
-#define Z_FILTERED 1
-#define Z_HUFFMAN_ONLY 2
-#define Z_DEFAULT_STRATEGY 0
-/* compression strategy; see deflateInit2() below for details */
-
-#define Z_BINARY 0
-#define Z_ASCII 1
-#define Z_UNKNOWN 2
-/* Possible values of the data_type field */
-
-#define Z_DEFLATED 8
-/* The deflate compression method (the only one supported in this version) */
-
-#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */
-
-#define zlib_version zlibVersion()
-/* for compatibility with versions < 1.0.2 */
-
- /* basic functions */
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern const char *) zlibVersion (void);
-#else
-extern const char * EXPORT zlibVersion OF((void));
-#endif
-/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
- If the first character differs, the library code actually used is
- not compatible with the zlib.h header file used by the application.
- This check is automatically made by deflateInit and inflateInit.
- */
-
-/*
-extern int EXPORT deflateInit OF((z_streamp strm, int level));
-
- Initializes the internal stream state for compression. The fields
- zalloc, zfree and opaque must be initialized before by the caller.
- If zalloc and zfree are set to Z_NULL, deflateInit updates them to
- use default allocation functions.
-
- The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
- 1 gives best speed, 9 gives best compression, 0 gives no compression at
- all (the input data is simply copied a block at a time).
- Z_DEFAULT_COMPRESSION requests a default compromise between speed and
- compression (currently equivalent to level 6).
-
- deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_STREAM_ERROR if level is not a valid compression level,
- Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible
- with the version assumed by the caller (ZLIB_VERSION).
- msg is set to null if there is no error message. deflateInit does not
- perform any compression: this will be done by deflate().
-*/
-
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflate (z_streamp strm, int flush);
-#else
-extern int EXPORT deflate OF((z_streamp strm, int flush));
-#endif
-/*
- Performs one or both of the following actions:
-
- - Compress more input starting at next_in and update next_in and avail_in
- accordingly. If not all input can be processed (because there is not
- enough room in the output buffer), next_in and avail_in are updated and
- processing will resume at this point for the next call of deflate().
-
- - Provide more output starting at next_out and update next_out and avail_out
- accordingly. This action is forced if the parameter flush is non zero.
- Forcing flush frequently degrades the compression ratio, so this parameter
- should be set only when necessary (in interactive applications).
- Some output may be provided even if flush is not set.
-
- Before the call of deflate(), the application should ensure that at least
- one of the actions is possible, by providing more input and/or consuming
- more output, and updating avail_in or avail_out accordingly; avail_out
- should never be zero before the call. The application can consume the
- compressed output when it wants, for example when the output buffer is full
- (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK
- and with zero avail_out, it must be called again after making room in the
- output buffer because there might be more output pending.
-
- If the parameter flush is set to Z_PARTIAL_FLUSH, the current compression
- block is terminated and flushed to the output buffer so that the
- decompressor can get all input data available so far. For method 9, a future
- variant on method 8, the current block will be flushed but not terminated.
- Z_SYNC_FLUSH has the same effect as partial flush except that the compressed
- output is byte aligned (the compressor can clear its internal bit buffer)
- and the current block is always terminated; this can be useful if the
- compressor has to be restarted from scratch after an interruption (in which
- case the internal state of the compressor may be lost).
- If flush is set to Z_FULL_FLUSH, the compression block is terminated, a
- special marker is output and the compression dictionary is discarded; this
- is useful to allow the decompressor to synchronize if one compressed block
- has been damaged (see inflateSync below). Flushing degrades compression and
- so should be used only when necessary. Using Z_FULL_FLUSH too often can
- seriously degrade the compression. If deflate returns with avail_out == 0,
- this function must be called again with the same value of the flush
- parameter and more output space (updated avail_out), until the flush is
- complete (deflate returns with non-zero avail_out).
-
- If the parameter flush is set to Z_FINISH, pending input is processed,
- pending output is flushed and deflate returns with Z_STREAM_END if there
- was enough output space; if deflate returns with Z_OK, this function must be
- called again with Z_FINISH and more output space (updated avail_out) but no
- more input data, until it returns with Z_STREAM_END or an error. After
- deflate has returned Z_STREAM_END, the only possible operations on the
- stream are deflateReset or deflateEnd.
-
- Z_FINISH can be used immediately after deflateInit if all the compression
- is to be done in a single step. In this case, avail_out must be at least
- 0.1% larger than avail_in plus 12 bytes. If deflate does not return
- Z_STREAM_END, then it must be called again as described above.
-
- deflate() may update data_type if it can make a good guess about
- the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered
- binary. This field is only for information purposes and does not affect
- the compression algorithm in any manner.
-
- deflate() returns Z_OK if some progress has been made (more input
- processed or more output produced), Z_STREAM_END if all input has been
- consumed and all output has been produced (only when flush is set to
- Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
- if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible.
-*/
-
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateEnd (z_streamp strm);
-#else
-extern int EXPORT deflateEnd OF((z_streamp strm));
-#endif
-/*
- All dynamically allocated data structures for this stream are freed.
- This function discards any unprocessed input and does not flush any
- pending output.
-
- deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
- stream state was inconsistent, Z_DATA_ERROR if the stream was freed
- prematurely (some input or output was discarded). In the error case,
- msg may be set but then points to a static string (which must not be
- deallocated).
-*/
-
-
-/*
-extern int EXPORT inflateInit OF((z_streamp strm));
-
- Initializes the internal stream state for decompression. The fields
- zalloc, zfree and opaque must be initialized before by the caller. If
- zalloc and zfree are set to Z_NULL, inflateInit updates them to use default
- allocation functions.
-
- inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_VERSION_ERROR if the zlib library version is incompatible
- with the version assumed by the caller. msg is set to null if there is no
- error message. inflateInit does not perform any decompression: this will be
- done by inflate().
-*/
-
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) inflate (z_streamp strm, int flush);
-#else
-extern int EXPORT inflate OF((z_streamp strm, int flush));
-#endif
-/*
- Performs one or both of the following actions:
-
- - Decompress more input starting at next_in and update next_in and avail_in
- accordingly. If not all input can be processed (because there is not
- enough room in the output buffer), next_in is updated and processing
- will resume at this point for the next call of inflate().
-
- - Provide more output starting at next_out and update next_out and avail_out
- accordingly. inflate() provides as much output as possible, until there
- is no more input data or no more space in the output buffer (see below
- about the flush parameter).
-
- Before the call of inflate(), the application should ensure that at least
- one of the actions is possible, by providing more input and/or consuming
- more output, and updating the next_* and avail_* values accordingly.
- The application can consume the uncompressed output when it wants, for
- example when the output buffer is full (avail_out == 0), or after each
- call of inflate(). If inflate returns Z_OK and with zero avail_out, it
- must be called again after making room in the output buffer because there
- might be more output pending.
-
- If the parameter flush is set to Z_PARTIAL_FLUSH, inflate flushes as much
- output as possible to the output buffer. The flushing behavior of inflate is
- not specified for values of the flush parameter other than Z_PARTIAL_FLUSH
- and Z_FINISH, but the current implementation actually flushes as much output
- as possible anyway.
-
- inflate() should normally be called until it returns Z_STREAM_END or an
- error. However if all decompression is to be performed in a single step
- (a single call of inflate), the parameter flush should be set to
- Z_FINISH. In this case all pending input is processed and all pending
- output is flushed; avail_out must be large enough to hold all the
- uncompressed data. (The size of the uncompressed data may have been saved
- by the compressor for this purpose.) The next operation on this stream must
- be inflateEnd to deallocate the decompression state. The use of Z_FINISH
- is never required, but can be used to inform inflate that a faster routine
- may be used for the single inflate() call.
-
- inflate() returns Z_OK if some progress has been made (more input
- processed or more output produced), Z_STREAM_END if the end of the
- compressed data has been reached and all uncompressed output has been
- produced, Z_NEED_DICT if a preset dictionary is needed at this point (see
- inflateSetDictionary below), Z_DATA_ERROR if the input data was corrupted,
- Z_STREAM_ERROR if the stream structure was inconsistent (for example if
- next_in or next_out was NULL), Z_MEM_ERROR if there was not enough memory,
- Z_BUF_ERROR if no progress is possible or if there was not enough room in
- the output buffer when Z_FINISH is used. In the Z_DATA_ERROR case, the
- application may then call inflateSync to look for a good compression block.
- In the Z_NEED_DICT case, strm->adler is set to the Adler32 value of the
- dictionary chosen by the compressor.
-*/
-
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) inflateEnd (z_streamp strm);
-#else
-extern int EXPORT inflateEnd OF((z_streamp strm));
-#endif
-/*
- All dynamically allocated data structures for this stream are freed.
- This function discards any unprocessed input and does not flush any
- pending output.
-
- inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state
- was inconsistent. In the error case, msg may be set but then points to a
- static string (which must not be deallocated).
-*/
-
- /* Advanced functions */
-
-/*
- The following functions are needed only in some special applications.
-*/
-
-/*
-extern int EXPORT deflateInit2 OF((z_streamp strm,
- int level,
- int method,
- int windowBits,
- int memLevel,
- int strategy));
-
- This is another version of deflateInit with more compression options. The
- fields next_in, zalloc, zfree and opaque must be initialized before by
- the caller.
-
- The method parameter is the compression method. It must be Z_DEFLATED in
- this version of the library. (Method 9 will allow a 64K history buffer and
- partial block flushes.)
-
- The windowBits parameter is the base two logarithm of the window size
- (the size of the history buffer). It should be in the range 8..15 for this
- version of the library (the value 16 will be allowed for method 9). Larger
- values of this parameter result in better compression at the expense of
- memory usage. The default value is 15 if deflateInit is used instead.
-
- The memLevel parameter specifies how much memory should be allocated
- for the internal compression state. memLevel=1 uses minimum memory but
- is slow and reduces compression ratio; memLevel=9 uses maximum memory
- for optimal speed. The default value is 8. See zconf.h for total memory
- usage as a function of windowBits and memLevel.
-
- The strategy parameter is used to tune the compression algorithm. Use the
- value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a
- filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman encoding only (no
- string match). Filtered data consists mostly of small values with a
- somewhat random distribution. In this case, the compression algorithm is
- tuned to compress them better. The effect of Z_FILTERED is to force more
- Huffman coding and less string matching; it is somewhat intermediate
- between Z_DEFAULT and Z_HUFFMAN_ONLY. The strategy parameter only affects
- the compression ratio but not the correctness of the compressed output even
- if it is not set appropriately.
-
- If next_in is not null, the library will use this buffer to hold also
- some history information; the buffer must either hold the entire input
- data, or have at least 1<<(windowBits+1) bytes and be writable. If next_in
- is null, the library will allocate its own history buffer (and leave next_in
- null). next_out need not be provided here but must be provided by the
- application for the next call of deflate().
-
- If the history buffer is provided by the application, next_in must
- must never be changed by the application since the compressor maintains
- information inside this buffer from call to call; the application
- must provide more input only by increasing avail_in. next_in is always
- reset by the library in this case.
-
- deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was
- not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as
- an invalid method). msg is set to null if there is no error message.
- deflateInit2 does not perform any compression: this will be done by
- deflate().
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateSetDictionary (z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength);
-#else
-extern int EXPORT deflateSetDictionary OF((z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength));
-#endif
-/*
- Initializes the compression dictionary (history buffer) from the given
- byte sequence without producing any compressed output. This function must
- be called immediately after deflateInit or deflateInit2, before any call
- of deflate. The compressor and decompressor must use exactly the same
- dictionary (see inflateSetDictionary).
- The dictionary should consist of strings (byte sequences) that are likely
- to be encountered later in the data to be compressed, with the most commonly
- used strings preferably put towards the end of the dictionary. Using a
- dictionary is most useful when the data to be compressed is short and
- can be predicted with good accuracy; the data can then be compressed better
- than with the default empty dictionary. In this version of the library,
- only the last 32K bytes of the dictionary are used.
- Upon return of this function, strm->adler is set to the Adler32 value
- of the dictionary; the decompressor may later use this value to determine
- which dictionary has been used by the compressor. (The Adler32 value
- applies to the whole dictionary even if only a subset of the dictionary is
- actually used by the compressor.)
-
- deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a
- parameter is invalid (such as NULL dictionary) or the stream state
- is inconsistent (for example if deflate has already been called for this
- stream). deflateSetDictionary does not perform any compression: this will
- be done by deflate().
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateCopy (z_streamp dest, z_streamp source);
-#else
-extern int EXPORT deflateCopy OF((z_streamp dest, z_streamp source));
-#endif
-/*
- Sets the destination stream as a complete copy of the source stream. If
- the source stream is using an application-supplied history buffer, a new
- buffer is allocated for the destination stream. The compressed output
- buffer is always application-supplied. It's the responsibility of the
- application to provide the correct values of next_out and avail_out for the
- next call of deflate.
-
- This function can be useful when several compression strategies will be
- tried, for example when there are several ways of pre-processing the input
- data with a filter. The streams that will be discarded should then be freed
- by calling deflateEnd. Note that deflateCopy duplicates the internal
- compression state which can be quite large, so this strategy is slow and
- can consume lots of memory.
-
- deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
- (such as zalloc being NULL). msg is left unchanged in both source and
- destination.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateReset (z_streamp strm);
-#else
-extern int EXPORT deflateReset OF((z_streamp strm));
-#endif
-/*
- This function is equivalent to deflateEnd followed by deflateInit,
- but does not free and reallocate all the internal compression state.
- The stream will keep the same compression level and any other attributes
- that may have been set by deflateInit2.
-
- deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
- stream state was inconsistent (such as zalloc or state being NULL).
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateParams (z_streamp strm, int level, int strategy);
-#else
-extern int EXPORT deflateParams OF((z_streamp strm, int level, int strategy));
-#endif
-/*
- Dynamically update the compression level and compression strategy.
- This can be used to switch between compression and straight copy of
- the input data, or to switch to a different kind of input data requiring
- a different strategy. If the compression level is changed, the input
- available so far is compressed with the old level (and may be flushed);
- the new level will take effect only at the next call of deflate().
-
- Before the call of deflateParams, the stream state must be set as for
- a call of deflate(), since the currently available input may have to
- be compressed and flushed. In particular, strm->avail_out must be non-zero.
-
- deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source
- stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR
- if strm->avail_out was zero.
-*/
-
-/*
-extern int EXPORT inflateInit2 OF((z_streamp strm,
- int windowBits));
-
- This is another version of inflateInit with more compression options. The
- fields next_out, zalloc, zfree and opaque must be initialized before by
- the caller.
-
- The windowBits parameter is the base two logarithm of the maximum window
- size (the size of the history buffer). It should be in the range 8..15 for
- this version of the library (the value 16 will be allowed soon). The
- default value is 15 if inflateInit is used instead. If a compressed stream
- with a larger window size is given as input, inflate() will return with
- the error code Z_DATA_ERROR instead of trying to allocate a larger window.
-
- If next_out is not null, the library will use this buffer for the history
- buffer; the buffer must either be large enough to hold the entire output
- data, or have at least 1<<windowBits bytes. If next_out is null, the
- library will allocate its own buffer (and leave next_out null). next_in
- need not be provided here but must be provided by the application for the
- next call of inflate().
-
- If the history buffer is provided by the application, next_out must
- never be changed by the application since the decompressor maintains
- history information inside this buffer from call to call; the application
- can only reset next_out to the beginning of the history buffer when
- avail_out is zero and all output has been consumed.
-
- inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was
- not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as
- windowBits < 8). msg is set to null if there is no error message.
- inflateInit2 does not perform any decompression: this will be done by
- inflate().
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) inflateSetDictionary (z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength);
-#else
-extern int EXPORT inflateSetDictionary OF((z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength));
-#endif
-/*
- Initializes the decompression dictionary (history buffer) from the given
- uncompressed byte sequence. This function must be called immediately after
- a call of inflate if this call returned Z_NEED_DICT. The dictionary chosen
- by the compressor can be determined from the Adler32 value returned by this
- call of inflate. The compressor and decompressor must use exactly the same
- dictionary (see deflateSetDictionary).
-
- inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a
- parameter is invalid (such as NULL dictionary) or the stream state is
- inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the
- expected one (incorrect Adler32 value). inflateSetDictionary does not
- perform any decompression: this will be done by subsequent calls of
- inflate().
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) inflateSync (z_streamp strm);
-#else
-extern int EXPORT inflateSync OF((z_streamp strm));
-#endif
-/*
- Skips invalid compressed data until the special marker (see deflate()
- above) can be found, or until all available input is skipped. No output
- is provided.
-
- inflateSync returns Z_OK if the special marker has been found, Z_BUF_ERROR
- if no more input was provided, Z_DATA_ERROR if no marker has been found,
- or Z_STREAM_ERROR if the stream structure was inconsistent. In the success
- case, the application may save the current current value of total_in which
- indicates where valid compressed data was found. In the error case, the
- application may repeatedly call inflateSync, providing more input each time,
- until success or end of the input data.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) inflateReset (z_streamp strm);
-#else
-extern int EXPORT inflateReset OF((z_streamp strm));
-#endif
-/*
- This function is equivalent to inflateEnd followed by inflateInit,
- but does not free and reallocate all the internal decompression state.
- The stream will keep attributes that may have been set by inflateInit2.
-
- inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
- stream state was inconsistent (such as zalloc or state being NULL).
-*/
-
-
- /* utility functions */
-
-/*
- The following utility functions are implemented on top of the
- basic stream-oriented functions. To simplify the interface, some
- default options are assumed (compression level, window size,
- standard memory allocation functions). The source code of these
- utility functions can easily be modified if you need special options.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) compress (Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen);
-#else
-extern int EXPORT compress OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen));
-#endif
-/*
- Compresses the source buffer into the destination buffer. sourceLen is
- the byte length of the source buffer. Upon entry, destLen is the total
- size of the destination buffer, which must be at least 0.1% larger than
- sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the
- compressed buffer.
- This function can be used to compress a whole file at once if the
- input file is mmap'ed.
- compress returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_BUF_ERROR if there was not enough room in the output
- buffer.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) uncompress (Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen);
-#else
-extern int EXPORT uncompress OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen));
-#endif
-/*
- Decompresses the source buffer into the destination buffer. sourceLen is
- the byte length of the source buffer. Upon entry, destLen is the total
- size of the destination buffer, which must be large enough to hold the
- entire uncompressed data. (The size of the uncompressed data must have
- been saved previously by the compressor and transmitted to the decompressor
- by some mechanism outside the scope of this compression library.)
- Upon exit, destLen is the actual size of the compressed buffer.
- This function can be used to decompress a whole file at once if the
- input file is mmap'ed.
-
- uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_BUF_ERROR if there was not enough room in the output
- buffer, or Z_DATA_ERROR if the input data was corrupted.
-*/
-
-
-typedef voidp gzFile;
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern gzFile) gzopen (const char *path, const char *mode);
-#else
-extern gzFile EXPORT gzopen OF((const char *path, const char *mode));
-#endif
-/*
- Opens a gzip (.gz) file for reading or writing. The mode parameter
- is as in fopen ("rb" or "wb") but can also include a compression level
- ("wb9"). gzopen can be used to read a file which is not in gzip format;
- in this case gzread will directly read from the file without decompression.
- gzopen returns NULL if the file could not be opened or if there was
- insufficient memory to allocate the (de)compression state; errno
- can be checked to distinguish the two cases (if errno is zero, the
- zlib error is Z_MEM_ERROR).
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern gzFile) gzdopen (int fd, const char *mode);
-#else
-extern gzFile EXPORT gzdopen OF((int fd, const char *mode));
-#endif
-/*
- gzdopen() associates a gzFile with the file descriptor fd. File
- descriptors are obtained from calls like open, dup, creat, pipe or
- fileno (in the file has been previously opened with fopen).
- The mode parameter is as in gzopen.
- The next call of gzclose on the returned gzFile will also close the
- file descriptor fd, just like fclose(fdopen(fd), mode) closes the file
- descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode).
- gzdopen returns NULL if there was insufficient memory to allocate
- the (de)compression state.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzread (gzFile file, voidp buf, unsigned len);
-#else
-extern int EXPORT gzread OF((gzFile file, voidp buf, unsigned len));
-#endif
-/*
- Reads the given number of uncompressed bytes from the compressed file.
- If the input file was not in gzip format, gzread copies the given number
- of bytes into the buffer.
- gzread returns the number of uncompressed bytes actually read (0 for
- end of file, -1 for error). */
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzwrite (gzFile file, const voidp buf, unsigned len);
-#else
-extern int EXPORT gzwrite OF((gzFile file, const voidp buf, unsigned len));
-#endif
-/*
- Writes the given number of uncompressed bytes into the compressed file.
- gzwrite returns the number of uncompressed bytes actually written
- (0 in case of error).
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzflush (gzFile file, int flush);
-#else
-extern int EXPORT gzflush OF((gzFile file, int flush));
-#endif
-/*
- Flushes all pending output into the compressed file. The parameter
- flush is as in the deflate() function. The return value is the zlib
- error number (see function gzerror below). gzflush returns Z_OK if
- the flush parameter is Z_FINISH and all output could be flushed.
- gzflush should be called only when strictly necessary because it can
- degrade compression.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzclose (gzFile file);
-#else
-extern int EXPORT gzclose OF((gzFile file));
-#endif
-/*
- Flushes all pending output if necessary, closes the compressed file
- and deallocates all the (de)compression state. The return value is the zlib
- error number (see function gzerror below).
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern const char *) gzerror (gzFile file, int *errnum);
-#else
-extern const char * EXPORT gzerror OF((gzFile file, int *errnum));
-#endif
-/*
- Returns the error message for the last error which occurred on the
- given compressed file. errnum is set to zlib error number. If an
- error occurred in the file system and not in the compression library,
- errnum is set to Z_ERRNO and the application may consult errno
- to get the exact error code.
-*/
-
- /* checksum functions */
-
-/*
- These functions are not related to compression but are exported
- anyway because they might be useful in applications using the
- compression library.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern uLong) adler32 (uLong adler, const Bytef *buf, uInt len);
-#else
-extern uLong EXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
-#endif
-
-/*
- Update a running Adler-32 checksum with the bytes buf[0..len-1] and
- return the updated checksum. If buf is NULL, this function returns
- the required initial value for the checksum.
- An Adler-32 checksum is almost as reliable as a CRC32 but can be computed
- much faster. Usage example:
-
- uLong adler = adler32(0L, Z_NULL, 0);
-
- while (read_buffer(buffer, length) != EOF) {
- adler = adler32(adler, buffer, length);
- }
- if (adler != original_adler) error();
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern uLong) crc32 (uLong crc, const Bytef *buf, uInt len);
-#else
-extern uLong EXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
-#endif
-/*
- Update a running crc with the bytes buf[0..len-1] and return the updated
- crc. If buf is NULL, this function returns the required initial value
- for the crc. Pre- and post-conditioning (one's complement) is performed
- within this function so it shouldn't be done by the application.
- Usage example:
-
- uLong crc = crc32(0L, Z_NULL, 0);
-
- while (read_buffer(buffer, length) != EOF) {
- crc = crc32(crc, buffer, length);
- }
- if (crc != original_crc) error();
-*/
-
-
- /* various hacks, don't look :) */
-
-/* deflateInit and inflateInit are macros to allow checking the zlib version
- * and the compiler's view of z_stream:
- */
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateInit_ (z_streamp strm, int level, const char *version,
- int stream_size);
-PR_PUBLIC_API(extern int) inflateInit_ (z_streamp strm, const char *version,
- int stream_size);
-PR_PUBLIC_API(extern int) deflateInit2_ (z_streamp strm, int level, int method,
- int windowBits, int memLevel, int strategy,
- const char *version, int stream_size);
-PR_PUBLIC_API(extern int) inflateInit2_ (z_streamp strm, int windowBits,
- const char *version, int stream_size);
-#else
-extern int EXPORT deflateInit_ OF((z_streamp strm, int level, const char *version,
- int stream_size));
-extern int EXPORT inflateInit_ OF((z_streamp strm, const char *version,
- int stream_size));
-extern int EXPORT deflateInit2_ OF((z_streamp strm, int level, int method,
- int windowBits, int memLevel, int strategy,
- const char *version, int stream_size));
-extern int EXPORT inflateInit2_ OF((z_streamp strm, int windowBits,
- const char *version, int stream_size));
-#endif /* MOZILLA_CLIENT */
-
-
-#define deflateInit(strm, level) \
- deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream))
-#define inflateInit(strm) \
- inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream))
-#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
- deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
- (strategy), ZLIB_VERSION, sizeof(z_stream))
-#define inflateInit2(strm, windowBits) \
- inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream))
-
-#if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL)
- struct internal_state {int dummy;}; /* hack for buggy compilers */
-#endif
-
-uLongf *get_crc_table OF((void)); /* can be used by asm versions of crc32() */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _ZLIB_H */
diff --git a/security/nss/cmd/zlib/zutil.c b/security/nss/cmd/zlib/zutil.c
deleted file mode 100644
index afca3ed0c..000000000
--- a/security/nss/cmd/zlib/zutil.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/* zutil.c -- target dependent utility functions for the compression library
- * Copyright (C) 1995-1996 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-/* $Id$ */
-
-#include <stdio.h>
-
-#include "zutil.h"
-
-#ifdef MOZILLA_CLIENT
-#include "prtypes.h"
-#include "prlog.h"
-#endif
-
-struct internal_state {int dummy;}; /* for buggy compilers */
-
-#ifndef STDC
-extern void exit OF((int));
-#endif
-
-const char *z_errmsg[10] = {
-"need dictionary", /* Z_NEED_DICT 2 */
-"stream end", /* Z_STREAM_END 1 */
-"", /* Z_OK 0 */
-"file error", /* Z_ERRNO (-1) */
-"stream error", /* Z_STREAM_ERROR (-2) */
-"data error", /* Z_DATA_ERROR (-3) */
-"insufficient memory", /* Z_MEM_ERROR (-4) */
-"buffer error", /* Z_BUF_ERROR (-5) */
-"incompatible version",/* Z_VERSION_ERROR (-6) */
-""};
-
-
-PR_PUBLIC_API(const char *) zlibVersion()
-{
- return ZLIB_VERSION;
-}
-
-#if defined(DEBUG) && defined(MOZILLA_CLIENT)
-void z_error (m)
- char *m;
-{
- PR_ASSERT(0);
-}
-#endif
-
-#ifndef HAVE_MEMCPY
-
-void zmemcpy(dest, source, len)
- Bytef* dest;
- Bytef* source;
- uInt len;
-{
- if (len == 0) return;
- do {
- *dest++ = *source++; /* ??? to be unrolled */
- } while (--len != 0);
-}
-
-int zmemcmp(s1, s2, len)
- Bytef* s1;
- Bytef* s2;
- uInt len;
-{
- uInt j;
-
- for (j = 0; j < len; j++) {
- if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1;
- }
- return 0;
-}
-
-void zmemzero(dest, len)
- Bytef* dest;
- uInt len;
-{
- if (len == 0) return;
- do {
- *dest++ = 0; /* ??? to be unrolled */
- } while (--len != 0);
-}
-#endif
-
-#ifdef __TURBOC__
-#if (defined( __BORLANDC__) || !defined(SMALL_MEDIUM)) && !defined(__32BIT__)
-/* Small and medium model in Turbo C are for now limited to near allocation
- * with reduced MAX_WBITS and MAX_MEM_LEVEL
- */
-# define MY_ZCALLOC
-
-/* Turbo C malloc() does not allow dynamic allocation of 64K bytes
- * and farmalloc(64K) returns a pointer with an offset of 8, so we
- * must fix the pointer. Warning: the pointer must be put back to its
- * original form in order to free it, use zcfree().
- */
-
-#define MAX_PTR 10
-/* 10*64K = 640K */
-
-local int next_ptr = 0;
-
-typedef struct ptr_table_s {
- voidpf org_ptr;
- voidpf new_ptr;
-} ptr_table;
-
-local ptr_table table[MAX_PTR];
-/* This table is used to remember the original form of pointers
- * to large buffers (64K). Such pointers are normalized with a zero offset.
- * Since MSDOS is not a preemptive multitasking OS, this table is not
- * protected from concurrent access. This hack doesn't work anyway on
- * a protected system like OS/2. Use Microsoft C instead.
- */
-
-voidpf zcalloc (voidpf opaque, unsigned items, unsigned size)
-{
- voidpf buf = opaque; /* just to make some compilers happy */
- ulg bsize = (ulg)items*size;
-
- /* If we allocate less than 65520 bytes, we assume that farmalloc
- * will return a usable pointer which doesn't have to be normalized.
- */
- if (bsize < 65520L) {
- buf = farmalloc(bsize);
- if (*(ush*)&buf != 0) return buf;
- } else {
- buf = farmalloc(bsize + 16L);
- }
- if (buf == NULL || next_ptr >= MAX_PTR) return NULL;
- table[next_ptr].org_ptr = buf;
-
- /* Normalize the pointer to seg:0 */
- *((ush*)&buf+1) += ((ush)((uch*)buf-0) + 15) >> 4;
- *(ush*)&buf = 0;
- table[next_ptr++].new_ptr = buf;
- return buf;
-}
-
-void zcfree (voidpf opaque, voidpf ptr)
-{
- int n;
- if (*(ush*)&ptr != 0) { /* object < 64K */
- farfree(ptr);
- return;
- }
- /* Find the original pointer */
- for (n = 0; n < next_ptr; n++) {
- if (ptr != table[n].new_ptr) continue;
-
- farfree(table[n].org_ptr);
- while (++n < next_ptr) {
- table[n-1] = table[n];
- }
- next_ptr--;
- return;
- }
- ptr = opaque; /* just to make some compilers happy */
- Assert(0, "zcfree: ptr not found");
-}
-#endif
-#endif /* __TURBOC__ */
-
-
-#if defined(M_I86) && !defined(__32BIT__)
-/* Microsoft C in 16-bit mode */
-
-# define MY_ZCALLOC
-
-#if (!defined(_MSC_VER) || (_MSC_VER < 600))
-# define _halloc halloc
-# define _hfree hfree
-#endif
-
-voidpf zcalloc (voidpf opaque, unsigned items, unsigned size)
-{
- if (opaque) opaque = 0; /* to make compiler happy */
- return _halloc((long)items, size);
-}
-
-void zcfree (voidpf opaque, voidpf ptr)
-{
- if (opaque) opaque = 0; /* to make compiler happy */
- _hfree(ptr);
-}
-
-#endif /* MSC */
-
-
-#ifndef MY_ZCALLOC /* Any system without a special alloc function */
-
-#ifndef STDC
-extern voidp calloc OF((uInt items, uInt size));
-extern void free OF((voidpf ptr));
-#endif
-
-voidpf zcalloc (opaque, items, size)
- voidpf opaque;
- unsigned items;
- unsigned size;
-{
- if (opaque) items += size - size; /* make compiler happy */
- return (voidpf)calloc(items, size);
-}
-
-void zcfree (opaque, ptr)
- voidpf opaque;
- voidpf ptr;
-{
- free(ptr);
- if (opaque) return; /* make compiler happy */
-}
-
-#endif /* MY_ZCALLOC */
diff --git a/security/nss/cmd/zlib/zutil.h b/security/nss/cmd/zlib/zutil.h
deleted file mode 100644
index 12a59356c..000000000
--- a/security/nss/cmd/zlib/zutil.h
+++ /dev/null
@@ -1,210 +0,0 @@
-/* zutil.h -- internal interface and configuration of the compression library
- * Copyright (C) 1995-1996 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-/* $Id$ */
-
-#ifndef _Z_UTIL_H
-#define _Z_UTIL_H
-
-#include "zlib.h"
-
-#if defined(MSDOS)||defined(VMS)||defined(CRAY)||defined(WIN32)||defined(RISCOS)
-# include <stddef.h>
-# include <errno.h>
-#else
- extern int errno;
-#endif
-#ifdef STDC
-# include <string.h>
-# include <stdlib.h>
-#endif
-
-#ifndef local
-# define local static
-#endif
-/* compile with -Dlocal if your debugger can't find static symbols */
-
-typedef unsigned char uch;
-typedef uch FAR uchf;
-typedef unsigned short ush;
-typedef ush FAR ushf;
-typedef unsigned long ulg;
-
-extern const char *z_errmsg[10]; /* indexed by 2-zlib_error */
-/* (size given to avoid silly warnings with Visual C++) */
-
-#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)]
-
-#define ERR_RETURN(strm,err) \
- return (strm->msg = (char*)ERR_MSG(err), (err))
-/* To be used only when the state is known to be valid */
-
- /* common constants */
-
-#ifndef DEF_WBITS
-# define DEF_WBITS MAX_WBITS
-#endif
-/* default windowBits for decompression. MAX_WBITS is for compression only */
-
-#if MAX_MEM_LEVEL >= 8
-# define DEF_MEM_LEVEL 8
-#else
-# define DEF_MEM_LEVEL MAX_MEM_LEVEL
-#endif
-/* default memLevel */
-
-#define STORED_BLOCK 0
-#define STATIC_TREES 1
-#define DYN_TREES 2
-/* The three kinds of block type */
-
-#define MIN_MATCH 3
-#define MAX_MATCH 258
-/* The minimum and maximum match lengths */
-
-#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */
-
- /* target dependencies */
-
-#ifdef MSDOS
-# define OS_CODE 0x00
-# ifdef __TURBOC__
-# include <alloc.h>
-# else /* MSC or DJGPP */
-# include <malloc.h>
-# endif
-#endif
-
-#ifdef OS2
-# define OS_CODE 0x06
-#endif
-
-#ifdef WIN32 /* Window 95 & Windows NT */
-# define OS_CODE 0x0b
-#endif
-
-#if defined(VAXC) || defined(VMS)
-# define OS_CODE 0x02
-# define FOPEN(name, mode) \
- fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
-#endif
-
-#ifdef AMIGA
-# define OS_CODE 0x01
-#endif
-
-#if defined(ATARI) || defined(atarist)
-# define OS_CODE 0x05
-#endif
-
-#ifdef MACOS
-# define OS_CODE 0x07
-#endif
-
-#ifdef __50SERIES /* Prime/PRIMOS */
-# define OS_CODE 0x0F
-#endif
-
-#ifdef TOPS20
-# define OS_CODE 0x0a
-#endif
-
-#if defined(_BEOS_) || defined(RISCOS)
-# define fdopen(fd,mode) NULL /* No fdopen() */
-#endif
-
- /* Common defaults */
-
-#ifndef OS_CODE
-# define OS_CODE 0x03 /* assume Unix */
-#endif
-
-#ifndef FOPEN
-# define FOPEN(name, mode) fopen((name), (mode))
-#endif
-
- /* functions */
-
-#ifdef HAVE_STRERROR
-#ifndef MOZILLA_CLIENT
- extern char *strerror OF((int));
-#endif
-# define zstrerror(errnum) strerror(errnum)
-#else
-# define zstrerror(errnum) ""
-#endif
-
-#if defined(pyr)
-# define NO_MEMCPY
-#endif
-#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(_MSC_VER)
- /* Use our own functions for small and medium model with MSC <= 5.0.
- * You may have to use the same strategy for Borland C (untested).
- */
-# define NO_MEMCPY
-#endif
-#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY)
-# define HAVE_MEMCPY
-#endif
-#ifdef HAVE_MEMCPY
-# ifdef SMALL_MEDIUM /* MSDOS small or medium model */
-# define zmemcpy _fmemcpy
-# define zmemcmp _fmemcmp
-# define zmemzero(dest, len) _fmemset(dest, 0, len)
-# else
-# define zmemcpy memcpy
-# define zmemcmp memcmp
-# define zmemzero(dest, len) memset(dest, 0, len)
-# endif
-#else
- extern void zmemcpy OF((Bytef* dest, Bytef* source, uInt len));
- extern int zmemcmp OF((Bytef* s1, Bytef* s2, uInt len));
- extern void zmemzero OF((Bytef* dest, uInt len));
-#endif
-
-/* Diagnostic functions */
-#ifdef DEBUG_ZLIB
-# include <stdio.h>
-# ifndef verbose
-# define verbose 0
-# endif
- extern void z_error OF((char *m));
-# define Assert(cond,msg) {if(!(cond)) z_error(msg);}
-# define Trace(x) fprintf x
-# define Tracev(x) {if (verbose) fprintf x ;}
-# define Tracevv(x) {if (verbose>1) fprintf x ;}
-# define Tracec(c,x) {if (verbose && (c)) fprintf x ;}
-# define Tracecv(c,x) {if (verbose>1 && (c)) fprintf x ;}
-#else
-# include <stdio.h>
-# ifndef verbose
-# define verbose 0
-# endif
- extern void z_error OF((char *m));
-# define Assert(cond,msg)
-# define Trace(x)
-# define Tracev(x)
-# define Tracevv(x)
-# define Tracec(c,x)
-# define Tracecv(c,x)
-#endif
-
-
-typedef uLong (*check_func) OF((uLong check, const Bytef *buf, uInt len));
-
-voidpf zcalloc OF((voidpf opaque, unsigned items, unsigned size));
-void zcfree OF((voidpf opaque, voidpf ptr));
-
-#define ZALLOC(strm, items, size) \
- (*((strm)->zalloc))((strm)->opaque, (items), (size))
-#define ZFREE(strm, addr) (*((strm)->zfree))((strm)->opaque, (voidpf)(addr))
-#define TRY_FREE(s, p) {if (p) ZFREE(s, p);}
-
-#endif /* _Z_UTIL_H */
diff --git a/security/nss/lib/Makefile b/security/nss/lib/Makefile
deleted file mode 100644
index 91ab94618..000000000
--- a/security/nss/lib/Makefile
+++ /dev/null
@@ -1,88 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-ifdef MOZILLA_SECURITY_BUILD
-FILES=$(shell ls -d $(CORE_DEPTH)/../../ns/security/lib/crypto/*)
-
-export::
- if test -d $(CORE_DEPTH)/../../ns/security/lib/crypto; then \
- $(NSINSTALL) -D crypto; \
- for file in $(FILES) ; do \
- if test -f $$file; then \
- $(NSINSTALL) -m 444 $$file crypto; \
- fi; \
- done; \
- $(NSINSTALL) -m 444 crypto/nscertinit.c certdb; \
- fi
-endif
diff --git a/security/nss/lib/asn1/Makefile b/security/nss/lib/asn1/Makefile
deleted file mode 100644
index 03e1fb4c6..000000000
--- a/security/nss/lib/asn1/Makefile
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-include manifest.mn
-include config.mk
-include $(CORE_DEPTH)/coreconf/config.mk
-include $(CORE_DEPTH)/coreconf/rules.mk
diff --git a/security/nss/lib/asn1/asn1.c b/security/nss/lib/asn1/asn1.c
deleted file mode 100644
index 3d5cfc8f7..000000000
--- a/security/nss/lib/asn1/asn1.c
+++ /dev/null
@@ -1,1726 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * asn1.c
- *
- * At this point in time, this file contains the NSS wrappers for
- * the old "SEC" ASN.1 encoder/decoder stuff.
- */
-
-#ifndef ASN1M_H
-#include "asn1m.h"
-#endif /* ASN1M_H */
-
-#include "plarena.h"
-#include "secasn1.h"
-
-/*
- * The pointer-tracking stuff
- */
-
-#ifdef DEBUG
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker decoder_pointer_tracker;
-
-static PRStatus
-decoder_add_pointer
-(
- const nssASN1Decoder *decoder
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&decoder_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&decoder_pointer_tracker, decoder);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- return PR_SUCCESS;
-}
-
-static PRStatus
-decoder_remove_pointer
-(
- const nssASN1Decoder *decoder
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&decoder_pointer_tracker, decoder);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
-}
-
-/*
- * nssASN1Decoder_verify
- *
- * This routine is only available in debug builds.
- *
- * If the specified pointer is a valid pointer to an nssASN1Decoder
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Decoder_verify
-(
- nssASN1Decoder *decoder
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&decoder_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&decoder_pointer_tracker, decoder);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_ASN1DECODER);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-static nssPointerTracker encoder_pointer_tracker;
-
-static PRStatus
-encoder_add_pointer
-(
- const nssASN1Encoder *encoder
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&encoder_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&encoder_pointer_tracker, encoder);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- return PR_SUCCESS;
-}
-
-static PRStatus
-encoder_remove_pointer
-(
- const nssASN1Encoder *encoder
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&encoder_pointer_tracker, encoder);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
-}
-
-/*
- * nssASN1Encoder_verify
- *
- * This routine is only available in debug builds.
- *
- * If the specified pointer is a valid pointer to an nssASN1Encoder
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Encoder_verify
-(
- nssASN1Encoder *encoder
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&encoder_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&encoder_pointer_tracker, encoder);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_ASN1ENCODER);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-#endif /* DEBUG */
-
-/*
- * nssASN1Decoder_Create
- *
- * This routine creates an ASN.1 Decoder, which will use the specified
- * template to decode a datastream into the specified destination
- * structure. If the optional arena argument is non-NULL, blah blah
- * blah. XXX fgmr Should we include an nssASN1EncodingType argument,
- * as a hint? Or is each encoding distinctive? This routine may
- * return NULL upon error, in which case an error will have been
- * placed upon the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * ...
- *
- * Return value:
- * NULL upon error
- * A pointer to an ASN.1 Decoder upon success.
- */
-
-NSS_IMPLEMENT nssASN1Decoder *
-nssASN1Decoder_Create
-(
- NSSArena *arenaOpt,
- void *destination,
- const nssASN1Template template[]
-)
-{
- SEC_ASN1DecoderContext *rv;
- PLArenaPool *hack = (PLArenaPool *)arenaOpt;
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (nssASN1Decoder *)NULL;
- }
- }
-
- /*
- * May destination be NULL? I'd think so, since one might
- * have only a filter proc. But if not, check the pointer here.
- */
-
- if( (nssASN1Template *)NULL == template ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (nssASN1Decoder *)NULL;
- }
-#endif /* DEBUG */
-
- rv = SEC_ASN1DecoderStart(hack, destination, template);
- if( (SEC_ASN1DecoderContext *)NULL == rv ) {
- nss_SetError(PORT_GetError()); /* also evil */
- return (nssASN1Decoder *)NULL;
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != decoder_add_pointer(rv) ) {
- (void)SEC_ASN1DecoderFinish(rv);
- return (nssASN1Decoder *)NULL;
- }
-#endif /* DEBUG */
-
- return (nssASN1Decoder *)rv;
-}
-
-/*
- * nssASN1Decoder_Update
- *
- * This routine feeds data to the decoder. In the event of an error,
- * it will place an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_INVALID_ASN1DECODER
- * NSS_ERROR_INVALID_BER
- * ...
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success.
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Decoder_Update
-(
- nssASN1Decoder *decoder,
- const void *data,
- PRUint32 amount
-)
-{
- PRStatus rv;
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Decoder_verify(decoder) ) {
- return PR_FAILURE;
- }
-
- if( (void *)NULL == data ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- rv = SEC_ASN1DecoderUpdate((SEC_ASN1DecoderContext *)decoder,
- (const char *)data,
- (unsigned long)amount);
- if( PR_SUCCESS != rv ) {
- nss_SetError(PORT_GetError()); /* ugly */
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-/*
- * nssASN1Decoder_Finish
- *
- * This routine finishes the decoding and destroys the decoder.
- * In the event of an error, it will place an error on the error
- * stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Decoder_Finish
-(
- nssASN1Decoder *decoder
-)
-{
- PRStatus rv;
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Decoder_verify(decoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- rv = SEC_ASN1DecoderFinish((SEC_ASN1DecoderContext *)decoder);
-
- if( PR_SUCCESS != rv ) {
- nss_SetError(PORT_GetError()); /* ugly */
- }
-
-#ifdef DEBUG
- {
- PRStatus rv2 = decoder_remove_pointer(decoder);
- if( PR_SUCCESS == rv ) {
- rv = rv2;
- }
- }
-#endif /* DEBUG */
-
- return rv;
-}
-
-/*
- * nssASN1Decoder_SetFilter
- *
- * This routine registers a callback filter routine with the decoder,
- * which will be called blah blah blah. The specified argument will
- * be passed as-is to the filter routine. The routine pointer may
- * be NULL, in which case no filter callback will be called. If the
- * noStore boolean is PR_TRUE, then decoded fields will not be stored
- * in the destination structure specified when the decoder was
- * created. This routine returns a PRStatus value; in the event of
- * an error, it will place an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Decoder_SetFilter
-(
- nssASN1Decoder *decoder,
- nssASN1DecoderFilterFunction *callback,
- void *argument,
- PRBool noStore
-)
-{
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Decoder_verify(decoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( (nssASN1DecoderFilterFunction *)NULL == callback ) {
- SEC_ASN1DecoderClearFilterProc((SEC_ASN1DecoderContext *)decoder);
- } else {
- SEC_ASN1DecoderSetFilterProc((SEC_ASN1DecoderContext *)decoder,
- (SEC_ASN1WriteProc)callback,
- argument, noStore);
- }
-
- /* No error returns defined for those routines */
-
- return PR_SUCCESS;
-}
-
-/*
- * nssASN1Decoder_GetFilter
- *
- * If the optional pCallbackOpt argument to this routine is non-null,
- * then the pointer to any callback function established for this
- * decoder with nssASN1Decoder_SetFilter will be stored at the
- * location indicated by it. If the optional pArgumentOpt
- * pointer is non-null, the filter's closure argument will be stored
- * there. If the optional pNoStoreOpt pointer is non-null, the
- * noStore value specified when setting the filter will be stored
- * there. This routine returns a PRStatus value; in the event of
- * an error it will place an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-NSS_IMPLEMENT PRStatus
-nssASN1Decoder_GetFilter
-(
- nssASN1Decoder *decoder,
- nssASN1DecoderFilterFunction **pCallbackOpt,
- void **pArgumentOpt,
- PRBool *pNoStoreOpt
-)
-{
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Decoder_verify(decoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( (nssASN1DecoderFilterFunction **)NULL != pCallbackOpt ) {
- *pCallbackOpt = (nssASN1DecoderFilterFunction *)NULL;
- }
-
- if( (void **)NULL != pArgumentOpt ) {
- *pArgumentOpt = (void *)NULL;
- }
-
- if( (PRBool *)NULL != pNoStoreOpt ) {
- *pNoStoreOpt = PR_FALSE;
- }
-
- /* Error because it's unimplemented */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
-}
-
-/*
- * nssASN1Decoder_SetNotify
- *
- * This routine registers a callback notify routine with the decoder,
- * which will be called whenever.. The specified argument will be
- * passed as-is to the notify routine. The routine pointer may be
- * NULL, in which case no notify routine will be called. This routine
- * returns a PRStatus value; in the event of an error it will place
- * an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Decoder_SetNotify
-(
- nssASN1Decoder *decoder,
- nssASN1NotifyFunction *callback,
- void *argument
-)
-{
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Decoder_verify(decoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( (nssASN1NotifyFunction *)NULL == callback ) {
- SEC_ASN1DecoderClearNotifyProc((SEC_ASN1DecoderContext *)decoder);
- } else {
- SEC_ASN1DecoderSetNotifyProc((SEC_ASN1DecoderContext *)decoder,
- (SEC_ASN1NotifyProc)callback,
- argument);
- }
-
- /* No error returns defined for those routines */
-
- return PR_SUCCESS;
-}
-
-/*
- * nssASN1Decoder_GetNotify
- *
- * If the optional pCallbackOpt argument to this routine is non-null,
- * then the pointer to any callback function established for this
- * decoder with nssASN1Decoder_SetNotify will be stored at the
- * location indicated by it. If the optional pArgumentOpt pointer is
- * non-null, the filter's closure argument will be stored there.
- * This routine returns a PRStatus value; in the event of an error it
- * will place an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Decoder_GetNotify
-(
- nssASN1Decoder *decoder,
- nssASN1NotifyFunction **pCallbackOpt,
- void **pArgumentOpt
-)
-{
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Decoder_verify(decoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( (nssASN1NotifyFunction **)NULL != pCallbackOpt ) {
- *pCallbackOpt = (nssASN1NotifyFunction *)NULL;
- }
-
- if( (void **)NULL != pArgumentOpt ) {
- *pArgumentOpt = (void *)NULL;
- }
-
- /* Error because it's unimplemented */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
-}
-
-/*
- * nssASN1_Decode
- *
- * This routine will decode the specified data into the specified
- * destination structure, as specified by the specified template.
- * This routine returns a PRStatus value; in the event of an error
- * it will place an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_INVALID_BER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1_Decode
-(
- NSSArena *arenaOpt,
- void *destination,
- const nssASN1Template template[],
- const void *berData,
- PRUint32 amount
-)
-{
- PRStatus rv;
- nssASN1Decoder *decoder;
-
- /* This call will do our pointer-checking for us! */
- decoder = nssASN1Decoder_Create(arenaOpt, destination, template);
- if( (nssASN1Decoder *)NULL == decoder ) {
- return PR_FAILURE;
- }
-
- rv = nssASN1Decoder_Update(decoder, berData, amount);
- if( PR_SUCCESS != nssASN1Decoder_Finish(decoder) ) {
- rv = PR_FAILURE;
- }
-
- return rv;
-}
-
-/*
- * nssASN1_DecodeBER
- *
- * This routine will decode the data in the specified NSSBER
- * into the destination structure, as specified by the template.
- * This routine returns a PRStatus value; in the event of an error
- * it will place an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_INVALID_NSSBER
- * NSS_ERROR_INVALID_BER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1_DecodeBER
-(
- NSSArena *arenaOpt,
- void *destination,
- const nssASN1Template template[],
- const NSSBER *data
-)
-{
- return nssASN1_Decode(arenaOpt, destination, template,
- data->data, data->size);
-}
-
-/*
- * nssASN1Encoder_Create
- *
- * This routine creates an ASN.1 Encoder, blah blah blah. This
- * may return NULL upon error, in which case an error will have been
- * placed on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * ...
- *
- * Return value:
- * NULL upon error
- * A pointer to an ASN.1 Encoder upon success
- */
-
-NSS_IMPLEMENT nssASN1Encoder *
-nssASN1Encoder_Create
-(
- const void *source,
- const nssASN1Template template[],
- NSSASN1EncodingType encoding,
- nssASN1EncoderWriteFunction *sink,
- void *argument
-)
-{
- SEC_ASN1EncoderContext *rv;
-
-#ifdef DEBUG
- if( (void *)NULL == source ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (nssASN1Encoder *)NULL;
- }
-
- if( (nssASN1Template *)NULL == template ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (nssASN1Encoder *)NULL;
- }
-
- if( (nssASN1EncoderWriteFunction *)NULL == sink ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (nssASN1Encoder *)NULL;
- }
-#endif /* DEBUG */
-
- switch( encoding ) {
- case NSSASN1BER:
- case NSSASN1DER:
- break;
- case NSSASN1CER:
- case NSSASN1LWER:
- case NSSASN1PER:
- case NSSASN1UnknownEncoding:
- default:
- nss_SetError(NSS_ERROR_ENCODING_NOT_SUPPORTED);
- return (nssASN1Encoder *)NULL;
- }
-
- rv = SEC_ASN1EncoderStart((void *)source, template,
- (SEC_ASN1WriteProc)sink, argument);
- if( (SEC_ASN1EncoderContext *)NULL == rv ) {
- nss_SetError(PORT_GetError()); /* ugly */
- return (nssASN1Encoder *)NULL;
- }
-
- if( NSSASN1DER == encoding ) {
- sec_ASN1EncoderSetDER(rv);
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != encoder_add_pointer(rv) ) {
- (void)SEC_ASN1EncoderFinish(rv);
- return (nssASN1Encoder *)NULL;
- }
-#endif /* DEBUG */
-
- return (nssASN1Encoder *)rv;
-}
-
-/*
- * nssASN1Encoder_Update
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Encoder_Update
-(
- nssASN1Encoder *encoder,
- const void *data,
- PRUint32 length
-)
-{
- PRStatus rv;
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Encoder_verify(encoder) ) {
- return PR_FAILURE;
- }
-
- /*
- * Can data legitimately be NULL? If not, verify..
- */
-#endif /* DEBUG */
-
- rv = SEC_ASN1EncoderUpdate((SEC_ASN1EncoderContext *)encoder,
- (const char *)data,
- (unsigned long)length);
- if( PR_SUCCESS != rv ) {
- nss_SetError(PORT_GetError()); /* ugly */
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-/*
- * nssASN1Encoder_Finish
- *
- * Destructor.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Encoder_Finish
-(
- nssASN1Encoder *encoder
-)
-{
- PRStatus rv;
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Encoder_verify(encoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- SEC_ASN1EncoderFinish((SEC_ASN1EncoderContext *)encoder);
- rv = PR_SUCCESS; /* no error return defined for that call */
-
-#ifdef DEBUG
- {
- PRStatus rv2 = encoder_remove_pointer(encoder);
- if( PR_SUCCESS == rv ) {
- rv = rv2;
- }
- }
-#endif /* DEBUG */
-
- return rv;
-}
-
-/*
- * nssASN1Encoder_SetNotify
- *
- * This routine registers a callback notify routine with the encoder,
- * which will be called whenever.. The specified argument will be
- * passed as-is to the notify routine. The routine pointer may be
- * NULL, in which case no notify routine will be called. This routine
- * returns a PRStatus value; in the event of an error it will place
- * an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Encoder_SetNotify
-(
- nssASN1Encoder *encoder,
- nssASN1NotifyFunction *callback,
- void *argument
-)
-{
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Encoder_verify(encoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( (nssASN1NotifyFunction *)NULL == callback ) {
- SEC_ASN1EncoderClearNotifyProc((SEC_ASN1EncoderContext *)encoder);
- } else {
- SEC_ASN1EncoderSetNotifyProc((SEC_ASN1EncoderContext *)encoder,
- (SEC_ASN1NotifyProc)callback,
- argument);
- }
-
- /* no error return defined for those routines */
-
- return PR_SUCCESS;
-}
-
-/*
- * nssASN1Encoder_GetNotify
- *
- * If the optional pCallbackOpt argument to this routine is non-null,
- * then the pointer to any callback function established for this
- * decoder with nssASN1Encoder_SetNotify will be stored at the
- * location indicated by it. If the optional pArgumentOpt pointer is
- * non-null, the filter's closure argument will be stored there.
- * This routine returns a PRStatus value; in the event of an error it
- * will place an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Encoder_GetNotify
-(
- nssASN1Encoder *encoder,
- nssASN1NotifyFunction **pCallbackOpt,
- void **pArgumentOpt
-)
-{
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Encoder_verify(encoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( (nssASN1NotifyFunction **)NULL != pCallbackOpt ) {
- *pCallbackOpt = (nssASN1NotifyFunction *)NULL;
- }
-
- if( (void **)NULL != pArgumentOpt ) {
- *pArgumentOpt = (void *)NULL;
- }
-
- /* Error because it's unimplemented */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
-}
-
-/*
- * nssASN1Encoder_SetStreaming
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Encoder_SetStreaming
-(
- nssASN1Encoder *encoder,
- PRBool streaming
-)
-{
- SEC_ASN1EncoderContext *cx = (SEC_ASN1EncoderContext *)encoder;
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Encoder_verify(encoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( streaming ) {
- SEC_ASN1EncoderSetStreaming(cx);
- } else {
- SEC_ASN1EncoderClearStreaming(cx);
- }
-
- /* no error return defined for those routines */
-
- return PR_SUCCESS;
-}
-
-/*
- * nssASN1Encoder_GetStreaming
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Encoder_GetStreaming
-(
- nssASN1Encoder *encoder,
- PRBool *pStreaming
-)
-{
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Encoder_verify(encoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( (PRBool *)NULL != pStreaming ) {
- *pStreaming = PR_FALSE;
- }
-
- /* Error because it's unimplemented */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
-}
-
-/*
- * nssASN1Encoder_SetTakeFromBuffer
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Encoder_SetTakeFromBuffer
-(
- nssASN1Encoder *encoder,
- PRBool takeFromBuffer
-)
-{
- SEC_ASN1EncoderContext *cx = (SEC_ASN1EncoderContext *)encoder;
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Encoder_verify(encoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( takeFromBuffer ) {
- SEC_ASN1EncoderSetTakeFromBuf(cx);
- } else {
- SEC_ASN1EncoderClearTakeFromBuf(cx);
- }
-
- /* no error return defined for those routines */
-
- return PR_SUCCESS;
-}
-
-/*
- * nssASN1Encoder_GetTakeFromBuffer
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1Encoder_GetTakeFromBuffer
-(
- nssASN1Encoder *encoder,
- PRBool *pTakeFromBuffer
-)
-{
-#ifdef DEBUG
- if( PR_SUCCESS != nssASN1Encoder_verify(encoder) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( (PRBool *)NULL != pTakeFromBuffer ) {
- *pTakeFromBuffer = PR_FALSE;
- }
-
- /* Error because it's unimplemented */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
-}
-
-/*
- * nssASN1_Encode
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_ENCODING_NOT_SUPPORTED
- * ...
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1_Encode
-(
- const void *source,
- const nssASN1Template template[],
- NSSASN1EncodingType encoding,
- nssASN1EncoderWriteFunction *sink,
- void *argument
-)
-{
- PRStatus rv;
- nssASN1Encoder *encoder;
-
- encoder = nssASN1Encoder_Create(source, template, encoding, sink, argument);
- if( (nssASN1Encoder *)NULL == encoder ) {
- return PR_FAILURE;
- }
-
- rv = nssASN1Encoder_Update(encoder, (const void *)NULL, 0);
- if( PR_SUCCESS != nssASN1Encoder_Finish(encoder) ) {
- rv = PR_FAILURE;
- }
-
- return rv;
-}
-
-/*
- * nssasn1_encode_item_count
- *
- * This is a helper function for nssASN1_EncodeItem. It just counts
- * up the space required for an encoding.
- */
-
-static void
-nssasn1_encode_item_count
-(
- void *arg,
- const char *buf,
- unsigned long len,
- int depth,
- nssASN1EncodingPart data_kind
-)
-{
- unsigned long *count;
-
- count = (unsigned long*)arg;
- PR_ASSERT (count != NULL);
-
- *count += len;
-}
-
-/*
- * nssasn1_encode_item_store
- *
- * This is a helper function for nssASN1_EncodeItem. It appends the
- * new data onto the destination item.
- */
-
-static void
-nssasn1_encode_item_store
-(
- void *arg,
- const char *buf,
- unsigned long len,
- int depth,
- nssASN1EncodingPart data_kind
-)
-{
- NSSItem *dest;
-
- dest = (NSSItem*)arg;
- PR_ASSERT (dest != NULL);
-
- memcpy((unsigned char *)dest->data + dest->size, buf, len);
- dest->size += len;
-}
-
-/*
- * nssASN1_EncodeItem
- *
- * There must be a better name. If the optional arena argument is
- * non-null, it'll be used for the space. If the optional rvOpt is
- * non-null, it'll be the return value-- if it is null, a new one
- * will be allocated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_ENCODING_NOT_SUPPORTED
- *
- * Return value:
- * NULL upon error
- * A valid pointer to an NSSDER upon success
- */
-
-NSS_IMPLEMENT NSSDER *
-nssASN1_EncodeItem
-(
- NSSArena *arenaOpt,
- NSSDER *rvOpt,
- const void *source,
- const nssASN1Template template[],
- NSSASN1EncodingType encoding
-)
-{
- PLArenaPool *hack = (PLArenaPool *)arenaOpt;
- NSSDER *rv;
- PRUint32 len = 0;
- PRStatus status;
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-
- if( (void *)NULL == source ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSDER *)NULL;
- }
-
- if( (nssASN1Template *)NULL == template ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSDER *)NULL;
- }
-#endif /* DEBUG */
-
- status = nssASN1_Encode(source, template, encoding,
- (nssASN1EncoderWriteFunction *)nssasn1_encode_item_count,
- &len);
- if( PR_SUCCESS != status ) {
- return (NSSDER *)NULL;
- }
-
- if( (NSSDER *)NULL == rvOpt ) {
- rv = nss_ZNEW(arenaOpt, NSSDER);
- if( (NSSDER *)NULL == rv ) {
- return (NSSDER *)NULL;
- }
- } else {
- rv = rvOpt;
- }
-
- rv->size = len;
- rv->data = nss_ZAlloc(arenaOpt, len);
- if( (void *)NULL == rv->data ) {
- if( (NSSDER *)NULL == rvOpt ) {
- nss_ZFreeIf(rv);
- }
- return (NSSDER *)NULL;
- }
-
- rv->size = 0; /* for nssasn1_encode_item_store */
-
- status = nssASN1_Encode(source, template, encoding,
- (nssASN1EncoderWriteFunction *)nssasn1_encode_item_store,
- rv);
- if( PR_SUCCESS != status ) {
- nss_ZFreeIf(rv->data);
- if( (NSSDER *)NULL == rvOpt ) {
- nss_ZFreeIf(rv);
- }
- return (NSSDER *)NULL;
- }
-
- PR_ASSERT(rv->size == len);
-
- return rv;
-}
-
-/*
- * nssASN1_CreatePRUint32FromBER
- *
- */
-
-NSS_IMPLEMENT PRStatus
-nssASN1_CreatePRUint32FromBER
-(
- NSSBER *encoded,
- PRUint32 *pResult
-)
-{
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FALSE;
-}
-
-/*
- * nssASN1_GetDERFromPRUint32
- *
- */
-
-NSS_EXTERN NSSDER *
-nssASN1_GetDERFromPRUint32
-(
- NSSArena *arenaOpt,
- NSSDER *rvOpt,
- PRUint32 value
-)
-{
- NSSDER *rv;
- PLArenaPool *hack = (PLArenaPool *)arenaOpt;
- SECItem *item;
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- if( (NSSDER *)NULL == rvOpt ) {
- rv = nss_ZNEW(arenaOpt, NSSDER);
- if( (NSSDER *)NULL == rv ) {
- return (NSSDER *)NULL;
- }
- } else {
- rv = rvOpt;
- }
-
- item = SEC_ASN1EncodeUnsignedInteger(hack, (SECItem *)rv, value);
- if( (SECItem *)NULL == item ) {
- if( (NSSDER *)NULL == rvOpt ) {
- (void)nss_ZFreeIf(rv);
- }
-
- nss_SetError(PORT_GetError()); /* ugly */
- return (NSSDER *)NULL;
- }
-
- /*
- * I happen to know that these things look alike.. but I'm only
- * doing it for these "temporary" wrappers. This is an evil thing.
- */
- return (NSSDER *)item;
-}
-
-/*himom*/
-NSS_IMPLEMENT PRStatus
-nssASN1_CreatePRInt32FromBER
-(
- NSSBER *encoded,
- PRInt32 *pResult
-)
-{
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FALSE;
-}
-
-/*
- * nssASN1_GetDERFromPRInt32
- *
- */
-
-NSS_IMPLEMENT NSSDER *
-nssASN1_GetDERFromPRInt32
-(
- NSSArena *arenaOpt,
- NSSDER *rvOpt,
- PRInt32 value
-)
-{
- NSSDER *rv;
- PLArenaPool *hack = (PLArenaPool *)arenaOpt;
- SECItem *item;
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- if( (NSSDER *)NULL == rvOpt ) {
- rv = nss_ZNEW(arenaOpt, NSSDER);
- if( (NSSDER *)NULL == rv ) {
- return (NSSDER *)NULL;
- }
- } else {
- rv = rvOpt;
- }
-
- item = SEC_ASN1EncodeInteger(hack, (SECItem *)rv, value);
- if( (SECItem *)NULL == item ) {
- if( (NSSDER *)NULL == rvOpt ) {
- (void)nss_ZFreeIf(rv);
- }
-
- nss_SetError(PORT_GetError()); /* ugly */
- return (NSSDER *)NULL;
- }
-
- /*
- * I happen to know that these things look alike.. but I'm only
- * doing it for these "temporary" wrappers. This is an evil thing.
- */
- return (NSSDER *)item;
-}
-
-/*
- * Generic Templates
- * One for each of the simple types, plus a special one for ANY, plus:
- * - a pointer to each one of those
- * - a set of each one of those
- *
- * Note that these are alphabetical (case insensitive); please add new
- * ones in the appropriate place.
- */
-
-const nssASN1Template *nssASN1Template_Any = (nssASN1Template *)SEC_AnyTemplate;
-const nssASN1Template *nssASN1Template_BitString = (nssASN1Template *)SEC_BitStringTemplate;
-const nssASN1Template *nssASN1Template_BMPString = (nssASN1Template *)SEC_BMPStringTemplate;
-const nssASN1Template *nssASN1Template_Boolean = (nssASN1Template *)SEC_BooleanTemplate;
-const nssASN1Template *nssASN1Template_Enumerated = (nssASN1Template *)SEC_EnumeratedTemplate;
-const nssASN1Template *nssASN1Template_GeneralizedTime = (nssASN1Template *)SEC_GeneralizedTimeTemplate;
-const nssASN1Template *nssASN1Template_IA5String = (nssASN1Template *)SEC_IA5StringTemplate;
-const nssASN1Template *nssASN1Template_Integer = (nssASN1Template *)SEC_IntegerTemplate;
-const nssASN1Template *nssASN1Template_Null = (nssASN1Template *)SEC_NullTemplate;
-const nssASN1Template *nssASN1Template_ObjectID = (nssASN1Template *)SEC_ObjectIDTemplate;
-const nssASN1Template *nssASN1Template_OctetString = (nssASN1Template *)SEC_OctetStringTemplate;
-const nssASN1Template *nssASN1Template_PrintableString = (nssASN1Template *)SEC_PrintableStringTemplate;
-const nssASN1Template *nssASN1Template_T61String = (nssASN1Template *)SEC_T61StringTemplate;
-const nssASN1Template *nssASN1Template_UniversalString = (nssASN1Template *)SEC_UniversalStringTemplate;
-const nssASN1Template *nssASN1Template_UTCTime = (nssASN1Template *)SEC_UTCTimeTemplate;
-const nssASN1Template *nssASN1Template_UTF8String = (nssASN1Template *)SEC_UTF8StringTemplate;
-const nssASN1Template *nssASN1Template_VisibleString = (nssASN1Template *)SEC_VisibleStringTemplate;
-
-const nssASN1Template *nssASN1Template_PointerToAny = (nssASN1Template *)SEC_PointerToAnyTemplate;
-const nssASN1Template *nssASN1Template_PointerToBitString = (nssASN1Template *)SEC_PointerToBitStringTemplate;
-const nssASN1Template *nssASN1Template_PointerToBMPString = (nssASN1Template *)SEC_PointerToBMPStringTemplate;
-const nssASN1Template *nssASN1Template_PointerToBoolean = (nssASN1Template *)SEC_PointerToBooleanTemplate;
-const nssASN1Template *nssASN1Template_PointerToEnumerated = (nssASN1Template *)SEC_PointerToEnumeratedTemplate;
-const nssASN1Template *nssASN1Template_PointerToGeneralizedTime = (nssASN1Template *)SEC_PointerToGeneralizedTimeTemplate;
-const nssASN1Template *nssASN1Template_PointerToIA5String = (nssASN1Template *)SEC_PointerToIA5StringTemplate;
-const nssASN1Template *nssASN1Template_PointerToInteger = (nssASN1Template *)SEC_PointerToIntegerTemplate;
-const nssASN1Template *nssASN1Template_PointerToNull = (nssASN1Template *)SEC_PointerToNullTemplate;
-const nssASN1Template *nssASN1Template_PointerToObjectID = (nssASN1Template *)SEC_PointerToObjectIDTemplate;
-const nssASN1Template *nssASN1Template_PointerToOctetString = (nssASN1Template *)SEC_PointerToOctetStringTemplate;
-const nssASN1Template *nssASN1Template_PointerToPrintableString = (nssASN1Template *)SEC_PointerToPrintableStringTemplate;
-const nssASN1Template *nssASN1Template_PointerToT61String = (nssASN1Template *)SEC_PointerToT61StringTemplate;
-const nssASN1Template *nssASN1Template_PointerToUniversalString = (nssASN1Template *)SEC_PointerToUniversalStringTemplate;
-const nssASN1Template *nssASN1Template_PointerToUTCTime = (nssASN1Template *)SEC_PointerToUTCTimeTemplate;
-const nssASN1Template *nssASN1Template_PointerToUTF8String = (nssASN1Template *)SEC_PointerToUTF8StringTemplate;
-const nssASN1Template *nssASN1Template_PointerToVisibleString = (nssASN1Template *)SEC_PointerToVisibleStringTemplate;
-
-const nssASN1Template *nssASN1Template_SetOfAny = (nssASN1Template *)SEC_SetOfAnyTemplate;
-const nssASN1Template *nssASN1Template_SetOfBitString = (nssASN1Template *)SEC_SetOfBitStringTemplate;
-const nssASN1Template *nssASN1Template_SetOfBMPString = (nssASN1Template *)SEC_SetOfBMPStringTemplate;
-const nssASN1Template *nssASN1Template_SetOfBoolean = (nssASN1Template *)SEC_SetOfBooleanTemplate;
-const nssASN1Template *nssASN1Template_SetOfEnumerated = (nssASN1Template *)SEC_SetOfEnumeratedTemplate;
-const nssASN1Template *nssASN1Template_SetOfGeneralizedTime = (nssASN1Template *)SEC_SetOfGeneralizedTimeTemplate;
-const nssASN1Template *nssASN1Template_SetOfIA5String = (nssASN1Template *)SEC_SetOfIA5StringTemplate;
-const nssASN1Template *nssASN1Template_SetOfInteger = (nssASN1Template *)SEC_SetOfIntegerTemplate;
-const nssASN1Template *nssASN1Template_SetOfNull = (nssASN1Template *)SEC_SetOfNullTemplate;
-const nssASN1Template *nssASN1Template_SetOfObjectID = (nssASN1Template *)SEC_SetOfObjectIDTemplate;
-const nssASN1Template *nssASN1Template_SetOfOctetString = (nssASN1Template *)SEC_SetOfOctetStringTemplate;
-const nssASN1Template *nssASN1Template_SetOfPrintableString = (nssASN1Template *)SEC_SetOfPrintableStringTemplate;
-const nssASN1Template *nssASN1Template_SetOfT61String = (nssASN1Template *)SEC_SetOfT61StringTemplate;
-const nssASN1Template *nssASN1Template_SetOfUniversalString = (nssASN1Template *)SEC_SetOfUniversalStringTemplate;
-const nssASN1Template *nssASN1Template_SetOfUTCTime = (nssASN1Template *)SEC_SetOfUTCTimeTemplate;
-const nssASN1Template *nssASN1Template_SetOfUTF8String = (nssASN1Template *)SEC_SetOfUTF8StringTemplate;
-const nssASN1Template *nssASN1Template_SetOfVisibleString = (nssASN1Template *)SEC_SetOfVisibleStringTemplate;
-
-/*
- *
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssUTF8_CreateFromBER
-(
- NSSArena *arenaOpt,
- nssStringType type,
- NSSBER *berData
-)
-{
- NSSUTF8 *rv = NULL;
- PRUint8 tag;
- NSSArena *a;
- NSSItem in;
- NSSItem out;
- PRStatus st;
- const nssASN1Template *templ;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-
- if( (NSSBER *)NULL == berData ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSUTF8 *)NULL;
- }
-
- if( (void *)NULL == berData->data ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSUTF8 *)NULL;
- }
-#endif /* NSSDEBUG */
-
- a = NSSArena_Create();
- if( (NSSArena *)NULL == a ) {
- return (NSSUTF8 *)NULL;
- }
-
- in = *berData;
-
- /*
- * By the way, at first I succumbed to the temptation to make
- * this an incestuous nested switch statement. Count yourself
- * lucky I cleaned it up.
- */
-
- switch( type ) {
- case nssStringType_DirectoryString:
- /*
- * draft-ietf-pkix-ipki-part1-11 says in part:
- *
- * DirectoryString { INTEGER:maxSize } ::= CHOICE {
- * teletexString TeletexString (SIZE (1..maxSize)),
- * printableString PrintableString (SIZE (1..maxSize)),
- * universalString UniversalString (SIZE (1..maxSize)),
- * bmpString BMPString (SIZE(1..maxSize)),
- * utf8String UTF8String (SIZE(1..maxSize))
- * }
- *
- * The tags are:
- * TeletexString UNIVERSAL 20
- * PrintableString UNIVERSAL 19
- * UniversalString UNIVERSAL 28
- * BMPString UNIVERSAL 30
- * UTF8String UNIVERSAL 12
- *
- * "UNIVERSAL" tags have bits 8 and 7 zero, bit 6 is zero for
- * primitive encodings, and if the tag value is less than 30,
- * the tag value is directly encoded in bits 5 through 1.
- */
- in.data = (void *)&(((PRUint8 *)berData->data)[1]);
- in.size = berData->size-1;
-
- tag = *(PRUint8 *)berData->data;
- switch( tag & nssASN1_TAGNUM_MASK ) {
- case 20:
- /*
- * XXX fgmr-- we have to accept Latin-1 for Teletex; (see
- * below) but is T61 a suitable value for "Latin-1"?
- */
- templ = nssASN1Template_T61String;
- type = nssStringType_TeletexString;
- break;
- case 19:
- templ = nssASN1Template_PrintableString;
- type = nssStringType_PrintableString;
- break;
- case 28:
- templ = nssASN1Template_UniversalString;
- type = nssStringType_UniversalString;
- break;
- case 30:
- templ = nssASN1Template_BMPString;
- type = nssStringType_BMPString;
- break;
- case 12:
- templ = nssASN1Template_UTF8String;
- type = nssStringType_UTF8String;
- break;
- default:
- nss_SetError(NSS_ERROR_INVALID_POINTER); /* "pointer"? */
- (void)NSSArena_Destroy(a);
- return (NSSUTF8 *)NULL;
- }
-
- break;
-
- case nssStringType_TeletexString:
- /*
- * XXX fgmr-- we have to accept Latin-1 for Teletex; (see
- * below) but is T61 a suitable value for "Latin-1"?
- */
- templ = nssASN1Template_T61String;
- break;
-
- case nssStringType_PrintableString:
- templ = nssASN1Template_PrintableString;
- break;
-
- case nssStringType_UniversalString:
- templ = nssASN1Template_UniversalString;
- break;
-
- case nssStringType_BMPString:
- templ = nssASN1Template_BMPString;
- break;
-
- case nssStringType_UTF8String:
- templ = nssASN1Template_UTF8String;
- break;
-
- case nssStringType_PHGString:
- templ = nssASN1Template_IA5String;
- break;
-
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
- (void)NSSArena_Destroy(a);
- return (NSSUTF8 *)NULL;
- }
-
- st = nssASN1_DecodeBER(a, &out, templ, &in);
-
- if( PR_SUCCESS == st ) {
- rv = nssUTF8_Create(arenaOpt, type, out.data, out.size);
- }
- (void)NSSArena_Destroy(a);
-
- return rv;
-}
-
-NSS_EXTERN NSSDER *
-nssUTF8_GetDEREncoding
-(
- NSSArena *arenaOpt,
- nssStringType type,
- const NSSUTF8 *string
-)
-{
- NSSDER *rv = (NSSDER *)NULL;
- NSSItem str;
- NSSDER *der;
- const nssASN1Template *templ;
- NSSArena *a;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-
- if( (const NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSDER *)NULL;
- }
-#endif /* NSSDEBUG */
-
- str.data = (void *)string;
- str.size = nssUTF8_Size(string, (PRStatus *)NULL);
- if( 0 == str.size ) {
- return (NSSDER *)NULL;
- }
-
- a = NSSArena_Create();
- if( (NSSArena *)NULL == a ) {
- return (NSSDER *)NULL;
- }
-
- switch( type ) {
- case nssStringType_DirectoryString:
- {
- NSSDER *utf;
- PRUint8 *c;
-
- utf = nssASN1_EncodeItem(a, (NSSDER *)NULL, &str,
- nssASN1Template_UTF8String,
- NSSASN1DER);
- if( (NSSDER *)NULL == utf ) {
- (void)NSSArena_Destroy(a);
- return (NSSDER *)NULL;
- }
-
- rv = nss_ZNEW(arenaOpt, NSSDER);
- if( (NSSDER *)NULL == rv ) {
- (void)NSSArena_Destroy(a);
- return (NSSDER *)NULL;
- }
-
- rv->size = utf->size + 1;
- rv->data = nss_ZAlloc(arenaOpt, rv->size);
- if( (void *)NULL == rv->data ) {
- (void)nss_ZFreeIf(rv);
- (void)NSSArena_Destroy(a);
- return (NSSDER *)NULL;
- }
-
- c = (PRUint8 *)rv->data;
- (void)nsslibc_memcpy(&c[1], utf->data, utf->size);
- *c = 12; /* UNIVERSAL primitive encoding tag for UTF8String */
-
- (void)NSSArena_Destroy(a);
- return rv;
- }
- case nssStringType_TeletexString:
- /*
- * XXX fgmr-- we have to accept Latin-1 for Teletex; (see
- * below) but is T61 a suitable value for "Latin-1"?
- */
- templ = nssASN1Template_T61String;
- break;
- case nssStringType_PrintableString:
- templ = nssASN1Template_PrintableString;
- break;
-
- case nssStringType_UniversalString:
- templ = nssASN1Template_UniversalString;
- break;
-
- case nssStringType_BMPString:
- templ = nssASN1Template_BMPString;
- break;
-
- case nssStringType_UTF8String:
- templ = nssASN1Template_UTF8String;
- break;
-
- case nssStringType_PHGString:
- templ = nssASN1Template_IA5String;
- break;
-
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
- (void)NSSArena_Destroy(a);
- return (NSSDER *)NULL;
- }
-
- der = nssUTF8_GetDEREncoding(a, type, string);
- if( (NSSItem *)NULL == der ) {
- (void)NSSArena_Destroy(a);
- return (NSSDER *)NULL;
- }
-
- rv = nssASN1_EncodeItem(arenaOpt, (NSSDER *)NULL, der, templ, NSSASN1DER);
- if( (NSSDER *)NULL == rv ) {
- (void)NSSArena_Destroy(a);
- return (NSSDER *)NULL;
- }
-
- (void)NSSArena_Destroy(a);
- return rv;
-}
diff --git a/security/nss/lib/asn1/asn1.h b/security/nss/lib/asn1/asn1.h
deleted file mode 100644
index a81f3213d..000000000
--- a/security/nss/lib/asn1/asn1.h
+++ /dev/null
@@ -1,879 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef ASN1_H
-#define ASN1_H
-
-#ifdef DEBUG
-static const char ASN1_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * asn1.h
- *
- * This file contains the ASN.1 encoder/decoder routines available
- * internally within NSS. It's not clear right now if this file
- * will be folded into base.h or something, I just needed to get this
- * going. At the moment, most of these routines wrap the old SEC_ASN1
- * calls.
- */
-
-#ifndef ASN1T_H
-#include "asn1t.h"
-#endif /* ASN1T_H */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * nssASN1Decoder
- *
- * ... description here ...
- *
- * nssASN1Decoder_Create (Factory/Constructor)
- * nssASN1Decoder_Update
- * nssASN1Decoder_Finish (Destructor)
- * nssASN1Decoder_SetFilter
- * nssASN1Decoder_GetFilter
- * nssASN1Decoder_SetNotify
- * nssASN1Decoder_GetNotify
- *
- * Debug builds only:
- *
- * nssASN1Decoder_verify
- *
- * Related functions that aren't type methods:
- *
- * nssASN1_Decode
- * nssASN1_DecodeBER
- */
-
-/*
- * nssASN1Decoder_Create
- *
- * This routine creates an ASN.1 Decoder, which will use the specified
- * template to decode a datastream into the specified destination
- * structure. If the optional arena argument is non-NULL, blah blah
- * blah. XXX fgmr Should we include an nssASN1EncodingType argument,
- * as a hint? Or is each encoding distinctive? This routine may
- * return NULL upon error, in which case an error will have been
- * placed upon the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * ...
- *
- * Return value:
- * NULL upon error
- * A pointer to an ASN.1 Decoder upon success.
- */
-
-NSS_EXTERN nssASN1Decoder *
-nssASN1Decoder_Create
-(
- NSSArena *arenaOpt,
- void *destination,
- const nssASN1Template template[]
-);
-
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-
-/*
- * nssASN1Decoder_Update
- *
- * This routine feeds data to the decoder. In the event of an error,
- * it will place an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_INVALID_ASN1DECODER
- * NSS_ERROR_INVALID_BER
- * ...
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success.
- */
-
-NSS_EXTERN PRStatus
-nssASN1Decoder_Update
-(
- nssASN1Decoder *decoder,
- const void *data,
- PRUint32 amount
-);
-
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_INVALID_ASN1DECODER;
-extern const NSSError NSS_ERROR_INVALID_BER;
-
-/*
- * nssASN1Decoder_Finish
- *
- * This routine finishes the decoding and destroys the decoder.
- * In the event of an error, it will place an error on the error
- * stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Decoder_Finish
-(
- nssASN1Decoder *decoder
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1DECODER;
-
-/*
- * nssASN1Decoder_SetFilter
- *
- * This routine registers a callback filter routine with the decoder,
- * which will be called blah blah blah. The specified argument will
- * be passed as-is to the filter routine. The routine pointer may
- * be NULL, in which case no filter callback will be called. If the
- * noStore boolean is PR_TRUE, then decoded fields will not be stored
- * in the destination structure specified when the decoder was
- * created. This routine returns a PRStatus value; in the event of
- * an error, it will place an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Decoder_SetFilter
-(
- nssASN1Decoder *decoder,
- nssASN1DecoderFilterFunction *callback,
- void *argument,
- PRBool noStore
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1DECODER;
-
-/*
- * nssASN1Decoder_GetFilter
- *
- * If the optional pCallbackOpt argument to this routine is non-null,
- * then the pointer to any callback function established for this
- * decoder with nssASN1Decoder_SetFilter will be stored at the
- * location indicated by it. If the optional pArgumentOpt
- * pointer is non-null, the filter's closure argument will be stored
- * there. If the optional pNoStoreOpt pointer is non-null, the
- * noStore value specified when setting the filter will be stored
- * there. This routine returns a PRStatus value; in the event of
- * an error it will place an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Decoder_GetFilter
-(
- nssASN1Decoder *decoder,
- nssASN1DecoderFilterFunction **pCallbackOpt,
- void **pArgumentOpt,
- PRBool *pNoStoreOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1DECODER;
-
-/*
- * nssASN1Decoder_SetNotify
- *
- * This routine registers a callback notify routine with the decoder,
- * which will be called whenever.. The specified argument will be
- * passed as-is to the notify routine. The routine pointer may be
- * NULL, in which case no notify routine will be called. This routine
- * returns a PRStatus value; in the event of an error it will place
- * an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Decoder_SetNotify
-(
- nssASN1Decoder *decoder,
- nssASN1NotifyFunction *callback,
- void *argument
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1DECODER;
-
-/*
- * nssASN1Decoder_GetNotify
- *
- * If the optional pCallbackOpt argument to this routine is non-null,
- * then the pointer to any callback function established for this
- * decoder with nssASN1Decoder_SetNotify will be stored at the
- * location indicated by it. If the optional pArgumentOpt pointer is
- * non-null, the filter's closure argument will be stored there.
- * This routine returns a PRStatus value; in the event of an error it
- * will place an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Decoder_GetNotify
-(
- nssASN1Decoder *decoder,
- nssASN1NotifyFunction **pCallbackOpt,
- void **pArgumentOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1DECODER;
-
-/*
- * nssASN1Decoder_verify
- *
- * This routine is only available in debug builds.
- *
- * If the specified pointer is a valid pointer to an nssASN1Decoder
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssASN1Decoder_verify
-(
- nssASN1Decoder *decoder
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1DECODER;
-#endif /* DEBUG */
-
-/*
- * nssASN1_Decode
- *
- * This routine will decode the specified data into the specified
- * destination structure, as specified by the specified template.
- * This routine returns a PRStatus value; in the event of an error
- * it will place an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_INVALID_BER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1_Decode
-(
- NSSArena *arenaOpt,
- void *destination,
- const nssASN1Template template[],
- const void *berData,
- PRUint32 amount
-);
-
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_INVALID_BER;
-
-/*
- * nssASN1_DecodeBER
- *
- * This routine will decode the data in the specified NSSBER
- * into the destination structure, as specified by the template.
- * This routine returns a PRStatus value; in the event of an error
- * it will place an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_INVALID_NSSBER
- * NSS_ERROR_INVALID_BER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1_DecodeBER
-(
- NSSArena *arenaOpt,
- void *destination,
- const nssASN1Template template[],
- const NSSBER *data
-);
-
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_INVALID_BER;
-
-/*
- * nssASN1Encoder
- *
- * ... description here ...
- *
- * nssASN1Encoder_Create (Factory/Constructor)
- * nssASN1Encoder_Update
- * nssASN1Encoder_Finish (Destructor)
- * nssASN1Encoder_SetNotify
- * nssASN1Encoder_GetNotify
- * nssASN1Encoder_SetStreaming
- * nssASN1Encoder_GetStreaming
- * nssASN1Encoder_SetTakeFromBuffer
- * nssASN1Encoder_GetTakeFromBuffer
- *
- * Debug builds only:
- *
- * nssASN1Encoder_verify
- *
- * Related functions that aren't type methods:
- *
- * nssASN1_Encode
- * nssASN1_EncodeItem
- */
-
-/*
- * nssASN1Encoder_Create
- *
- * This routine creates an ASN.1 Encoder, blah blah blah. This
- * may return NULL upon error, in which case an error will have been
- * placed on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_ENCODING_NOT_SUPPORTED
- * ...
- *
- * Return value:
- * NULL upon error
- * A pointer to an ASN.1 Encoder upon success
- */
-
-NSS_EXTERN nssASN1Encoder *
-nssASN1Encoder_Create
-(
- const void *source,
- const nssASN1Template template[],
- NSSASN1EncodingType encoding,
- nssASN1EncoderWriteFunction *sink,
- void *argument
-);
-
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_ENCODING_NOT_SUPPORTED;
-
-/*
- * nssASN1Encoder_Update
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Encoder_Update
-(
- nssASN1Encoder *encoder,
- const void *data,
- PRUint32 length
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1ENCODER;
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-
-/*
- * nssASN1Encoder_Finish
- *
- * Destructor.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Encoder_Finish
-(
- nssASN1Encoder *encoder
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1ENCODER;
-
-/*
- * nssASN1Encoder_SetNotify
- *
- * This routine registers a callback notify routine with the encoder,
- * which will be called whenever.. The specified argument will be
- * passed as-is to the notify routine. The routine pointer may be
- * NULL, in which case no notify routine will be called. This routine
- * returns a PRStatus value; in the event of an error it will place
- * an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1DECODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Encoder_SetNotify
-(
- nssASN1Encoder *encoder,
- nssASN1NotifyFunction *callback,
- void *argument
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1ENCODER;
-
-/*
- * nssASN1Encoder_GetNotify
- *
- * If the optional pCallbackOpt argument to this routine is non-null,
- * then the pointer to any callback function established for this
- * decoder with nssASN1Encoder_SetNotify will be stored at the
- * location indicated by it. If the optional pArgumentOpt pointer is
- * non-null, the filter's closure argument will be stored there.
- * This routine returns a PRStatus value; in the event of an error it
- * will place an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Encoder_GetNotify
-(
- nssASN1Encoder *encoder,
- nssASN1NotifyFunction **pCallbackOpt,
- void **pArgumentOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1ENCODER;
-
-/*
- * nssASN1Encoder_SetStreaming
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Encoder_SetStreaming
-(
- nssASN1Encoder *encoder,
- PRBool streaming
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1ENCODER;
-
-/*
- * nssASN1Encoder_GetStreaming
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Encoder_GetStreaming
-(
- nssASN1Encoder *encoder,
- PRBool *pStreaming
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1ENCODER;
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-
-/*
- * nssASN1Encoder_SetTakeFromBuffer
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Encoder_SetTakeFromBuffer
-(
- nssASN1Encoder *encoder,
- PRBool takeFromBuffer
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1ENCODER;
-
-/*
- * nssASN1Encoder_GetTakeFromBuffer
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1Encoder_GetTakeFromBuffer
-(
- nssASN1Encoder *encoder,
- PRBool *pTakeFromBuffer
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1ENCODER;
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-
-/*
- * nssASN1Encoder_verify
- *
- * This routine is only available in debug builds.
- *
- * If the specified pointer is a valid pointer to an nssASN1Encoder
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ASN1ENCODER
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssASN1Encoder_verify
-(
- nssASN1Encoder *encoder
-);
-
-extern const NSSError NSS_ERROR_INVALID_ASN1ENCODER;
-#endif /* DEBUG */
-
-/*
- * nssASN1_Encode
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_ENCODING_NOT_SUPPORTED
- * ...
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssASN1_Encode
-(
- const void *source,
- const nssASN1Template template[],
- NSSASN1EncodingType encoding,
- nssASN1EncoderWriteFunction *sink,
- void *argument
-);
-
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_ENCODING_NOT_SUPPORTED;
-
-/*
- * nssASN1_EncodeItem
- *
- * There must be a better name. If the optional arena argument is
- * non-null, it'll be used for the space. If the optional rvOpt is
- * non-null, it'll be the return value-- if it is null, a new one
- * will be allocated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_ENCODING_NOT_SUPPORTED
- *
- * Return value:
- * NULL upon error
- * A valid pointer to an NSSDER upon success
- */
-
-NSS_EXTERN NSSDER *
-nssASN1_EncodeItem
-(
- NSSArena *arenaOpt,
- NSSDER *rvOpt,
- const void *source,
- const nssASN1Template template[],
- NSSASN1EncodingType encoding
-);
-
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_ENCODING_NOT_SUPPORTED;
-
-/*
- * Other basic types' encoding and decoding helper functions:
- *
- * nssASN1_CreatePRUint32FromBER
- * nssASN1_GetDERFromPRUint32
- * nssASN1_CreatePRInt32FromBER
- * nssASN1_GetDERFromPRInt32
- * ..etc..
- */
-
-/*
- * nssASN1_CreatePRUint32FromBER
- *
- */
-
-NSS_EXTERN PRStatus
-nssASN1_CreatePRUint32FromBER
-(
- NSSBER *encoded,
- PRUint32 *pResult
-);
-
-/*
- * nssASN1_GetDERFromPRUint32
- *
- */
-
-NSS_EXTERN NSSDER *
-nssASN1_GetDERFromPRUint32
-(
- NSSArena *arenaOpt,
- NSSDER *rvOpt,
- PRUint32 value
-);
-
-/*
- * nssASN1_CreatePRInt32FromBER
- *
- */
-
-NSS_EXTERN PRStatus
-nssASN1_CreatePRInt32FromBER
-(
- NSSBER *encoded,
- PRInt32 *pResult
-);
-
-/*
- * nssASN1_GetDERFromPRInt32
- *
- */
-
-NSS_EXTERN NSSDER *
-nssASN1_GetDERFromPRInt32
-(
- NSSArena *arenaOpt,
- NSSDER *rvOpt,
- PRInt32 value
-);
-
-/*
- * Builtin templates
- */
-
-/*
- * Generic Templates
- * One for each of the simple types, plus a special one for ANY, plus:
- * - a pointer to each one of those
- * - a set of each one of those
- *
- * Note that these are alphabetical (case insensitive); please add new
- * ones in the appropriate place.
- */
-
-extern const nssASN1Template *nssASN1Template_Any;
-extern const nssASN1Template *nssASN1Template_BitString;
-extern const nssASN1Template *nssASN1Template_BMPString;
-extern const nssASN1Template *nssASN1Template_Boolean;
-extern const nssASN1Template *nssASN1Template_Enumerated;
-extern const nssASN1Template *nssASN1Template_GeneralizedTime;
-extern const nssASN1Template *nssASN1Template_IA5String;
-extern const nssASN1Template *nssASN1Template_Integer;
-extern const nssASN1Template *nssASN1Template_Null;
-extern const nssASN1Template *nssASN1Template_ObjectID;
-extern const nssASN1Template *nssASN1Template_OctetString;
-extern const nssASN1Template *nssASN1Template_PrintableString;
-extern const nssASN1Template *nssASN1Template_T61String;
-extern const nssASN1Template *nssASN1Template_UniversalString;
-extern const nssASN1Template *nssASN1Template_UTCTime;
-extern const nssASN1Template *nssASN1Template_UTF8String;
-extern const nssASN1Template *nssASN1Template_VisibleString;
-
-extern const nssASN1Template *nssASN1Template_PointerToAny;
-extern const nssASN1Template *nssASN1Template_PointerToBitString;
-extern const nssASN1Template *nssASN1Template_PointerToBMPString;
-extern const nssASN1Template *nssASN1Template_PointerToBoolean;
-extern const nssASN1Template *nssASN1Template_PointerToEnumerated;
-extern const nssASN1Template *nssASN1Template_PointerToGeneralizedTime;
-extern const nssASN1Template *nssASN1Template_PointerToIA5String;
-extern const nssASN1Template *nssASN1Template_PointerToInteger;
-extern const nssASN1Template *nssASN1Template_PointerToNull;
-extern const nssASN1Template *nssASN1Template_PointerToObjectID;
-extern const nssASN1Template *nssASN1Template_PointerToOctetString;
-extern const nssASN1Template *nssASN1Template_PointerToPrintableString;
-extern const nssASN1Template *nssASN1Template_PointerToT61String;
-extern const nssASN1Template *nssASN1Template_PointerToUniversalString;
-extern const nssASN1Template *nssASN1Template_PointerToUTCTime;
-extern const nssASN1Template *nssASN1Template_PointerToUTF8String;
-extern const nssASN1Template *nssASN1Template_PointerToVisibleString;
-
-extern const nssASN1Template *nssASN1Template_SetOfAny;
-extern const nssASN1Template *nssASN1Template_SetOfBitString;
-extern const nssASN1Template *nssASN1Template_SetOfBMPString;
-extern const nssASN1Template *nssASN1Template_SetOfBoolean;
-extern const nssASN1Template *nssASN1Template_SetOfEnumerated;
-extern const nssASN1Template *nssASN1Template_SetOfGeneralizedTime;
-extern const nssASN1Template *nssASN1Template_SetOfIA5String;
-extern const nssASN1Template *nssASN1Template_SetOfInteger;
-extern const nssASN1Template *nssASN1Template_SetOfNull;
-extern const nssASN1Template *nssASN1Template_SetOfObjectID;
-extern const nssASN1Template *nssASN1Template_SetOfOctetString;
-extern const nssASN1Template *nssASN1Template_SetOfPrintableString;
-extern const nssASN1Template *nssASN1Template_SetOfT61String;
-extern const nssASN1Template *nssASN1Template_SetOfUniversalString;
-extern const nssASN1Template *nssASN1Template_SetOfUTCTime;
-extern const nssASN1Template *nssASN1Template_SetOfUTF8String;
-extern const nssASN1Template *nssASN1Template_SetOfVisibleString;
-
-/*
- *
- */
-
-NSS_EXTERN NSSUTF8 *
-nssUTF8_CreateFromBER
-(
- NSSArena *arenaOpt,
- nssStringType type,
- NSSBER *berData
-);
-
-NSS_EXTERN NSSDER *
-nssUTF8_GetDEREncoding
-(
- NSSArena *arenaOpt,
- /* Should have an NSSDER *rvOpt */
- nssStringType type,
- const NSSUTF8 *string
-);
-
-PR_END_EXTERN_C
-
-#endif /* ASN1_H */
diff --git a/security/nss/lib/asn1/asn1m.h b/security/nss/lib/asn1/asn1m.h
deleted file mode 100644
index 37ed91919..000000000
--- a/security/nss/lib/asn1/asn1m.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef ASN1M_H
-#define ASN1M_H
-
-#ifdef DEBUG
-static const char ASN1M_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * asn1m.h
- *
- * This file contains the ASN.1 encoder/decoder routines available
- * only within the ASN.1 module itself.
- */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * nssasn1_number_length
- *
- */
-
-NSS_EXTERN PRUint32
-nssasn1_length_length
-(
- PRUint32 number
-);
-
-/*
- * nssasn1_get_subtemplate
- *
- */
-
-NSS_EXTERN const nssASN1Template *
-nssasn1_get_subtemplate
-(
- const nssASN1Template template[],
- void *thing,
- PRBool encoding
-);
-
-PR_END_EXTERN_C
-
-#endif /* ASN1M_H */
diff --git a/security/nss/lib/asn1/asn1t.h b/security/nss/lib/asn1/asn1t.h
deleted file mode 100644
index 6183b7fd7..000000000
--- a/security/nss/lib/asn1/asn1t.h
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef ASN1T_H
-#define ASN1T_H
-
-#ifdef DEBUG
-static const char ASN1T_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * asn1t.h
- *
- * This file contains the ASN.1 encoder/decoder types available
- * internally within NSS. It's not clear right now if this file
- * will be folded into baset.h or something, I just needed to
- * get this going. At the moment, these types are wrappers for
- * the old types.
- */
-
-#ifndef BASET_H
-#include "baset.h"
-#endif /* BASET_H */
-
-#ifndef NSSASN1T_H
-#include "nssasn1t.h"
-#endif /* NSSASN1T_H */
-
-#include "seccomon.h"
-#include "secasn1t.h"
-
-PR_BEGIN_EXTERN_C
-
-/*
- * XXX fgmr
- *
- * This sort of bites. Let's keep an eye on this, to make sure
- * we aren't stuck with it forever.
- */
-
-struct nssASN1ItemStr {
- PRUint32 reserved;
- PRUint8 *data;
- PRUint32 size;
-};
-
-typedef struct nssASN1ItemStr nssASN1Item;
-
-/*
- * I'm not documenting these here, since this'll require another
- * pass anyway.
- */
-
-typedef SEC_ASN1Template nssASN1Template;
-
-#define nssASN1_TAG_MASK SEC_ASN1_TAG_MASK
-
-#define nssASN1_TAGNUM_MASK SEC_ASN1_TAGNUM_MASK
-#define nssASN1_BOOLEAN SEC_ASN1_BOOLEAN
-#define nssASN1_INTEGER SEC_ASN1_INTEGER
-#define nssASN1_BIT_STRING SEC_ASN1_BIT_STRING
-#define nssASN1_OCTET_STRING SEC_ASN1_OCTET_STRING
-#define nssASN1_NULL SEC_ASN1_NULL
-#define nssASN1_OBJECT_ID SEC_ASN1_OBJECT_ID
-#define nssASN1_OBJECT_DESCRIPTOR SEC_ASN1_OBJECT_DESCRIPTOR
-/* External type and instance-of type 0x08 */
-#define nssASN1_REAL SEC_ASN1_REAL
-#define nssASN1_ENUMERATED SEC_ASN1_ENUMERATED
-#define nssASN1_EMBEDDED_PDV SEC_ASN1_EMBEDDED_PDV
-#define nssASN1_UTF8_STRING SEC_ASN1_UTF8_STRING
-#define nssASN1_SEQUENCE SEC_ASN1_SEQUENCE
-#define nssASN1_SET SEC_ASN1_SET
-#define nssASN1_NUMERIC_STRING SEC_ASN1_NUMERIC_STRING
-#define nssASN1_PRINTABLE_STRING SEC_ASN1_PRINTABLE_STRING
-#define nssASN1_T61_STRING SEC_ASN1_T61_STRING
-#define nssASN1_TELETEX_STRING nssASN1_T61_STRING
-#define nssASN1_VIDEOTEX_STRING SEC_ASN1_VIDEOTEX_STRING
-#define nssASN1_IA5_STRING SEC_ASN1_IA5_STRING
-#define nssASN1_UTC_TIME SEC_ASN1_UTC_TIME
-#define nssASN1_GENERALIZED_TIME SEC_ASN1_GENERALIZED_TIME
-#define nssASN1_GRAPHIC_STRING SEC_ASN1_GRAPHIC_STRING
-#define nssASN1_VISIBLE_STRING SEC_ASN1_VISIBLE_STRING
-#define nssASN1_GENERAL_STRING SEC_ASN1_GENERAL_STRING
-#define nssASN1_UNIVERSAL_STRING SEC_ASN1_UNIVERSAL_STRING
-/* 0x1d */
-#define nssASN1_BMP_STRING SEC_ASN1_BMP_STRING
-#define nssASN1_HIGH_TAG_NUMBER SEC_ASN1_HIGH_TAG_NUMBER
-
-#define nssASN1_METHOD_MASK SEC_ASN1_METHOD_MASK
-#define nssASN1_PRIMITIVE SEC_ASN1_PRIMITIVE
-#define nssASN1_CONSTRUCTED SEC_ASN1_CONSTRUCTED
-
-#define nssASN1_CLASS_MASK SEC_ASN1_CLASS_MASK
-#define nssASN1_UNIVERSAL SEC_ASN1_UNIVERSAL
-#define nssASN1_APPLICATION SEC_ASN1_APPLICATION
-#define nssASN1_CONTEXT_SPECIFIC SEC_ASN1_CONTEXT_SPECIFIC
-#define nssASN1_PRIVATE SEC_ASN1_PRIVATE
-
-#define nssASN1_OPTIONAL SEC_ASN1_OPTIONAL
-#define nssASN1_EXPLICIT SEC_ASN1_EXPLICIT
-#define nssASN1_ANY SEC_ASN1_ANY
-#define nssASN1_INLINE SEC_ASN1_INLINE
-#define nssASN1_POINTER SEC_ASN1_POINTER
-#define nssASN1_GROUP SEC_ASN1_GROUP
-#define nssASN1_DYNAMIC SEC_ASN1_DYNAMIC
-#define nssASN1_SKIP SEC_ASN1_SKIP
-#define nssASN1_INNER SEC_ASN1_INNER
-#define nssASN1_SAVE SEC_ASN1_SAVE
-#define nssASN1_MAY_STREAM SEC_ASN1_MAY_STREAM
-#define nssASN1_SKIP_REST SEC_ASN1_SKIP_REST
-#define nssASN1_CHOICE SEC_ASN1_CHOICE
-
-#define nssASN1_SEQUENCE_OF SEC_ASN1_SEQUENCE_OF
-#define nssASN1_SET_OF SEC_ASN1_SET_OF
-#define nssASN1_ANY_CONTENTS SEC_ASN1_ANY_CONTENTS
-
-typedef SEC_ChooseASN1TemplateFunc nssASN1ChooseTemplateFunction;
-
-typedef SEC_ASN1DecoderContext nssASN1Decoder;
-typedef SEC_ASN1EncoderContext nssASN1Encoder;
-
-typedef enum {
- nssASN1EncodingPartIdentifier = SEC_ASN1_Identifier,
- nssASN1EncodingPartLength = SEC_ASN1_Length,
- nssASN1EncodingPartContents = SEC_ASN1_Contents,
- nssASN1EncodingPartEndOfContents = SEC_ASN1_EndOfContents
-} nssASN1EncodingPart;
-
-typedef SEC_ASN1NotifyProc nssASN1NotifyFunction;
-
-typedef SEC_ASN1WriteProc nssASN1EncoderWriteFunction;
-typedef SEC_ASN1WriteProc nssASN1DecoderFilterFunction;
-
-PR_END_EXTERN_C
-
-#endif /* ASN1T_H */
diff --git a/security/nss/lib/asn1/config.mk b/security/nss/lib/asn1/config.mk
deleted file mode 100644
index 80b3135f4..000000000
--- a/security/nss/lib/asn1/config.mk
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-ifdef BUILD_IDG
-DEFINES += -DNSSDEBUG
-endif
diff --git a/security/nss/lib/asn1/manifest.mn b/security/nss/lib/asn1/manifest.mn
deleted file mode 100644
index 658266d8e..000000000
--- a/security/nss/lib/asn1/manifest.mn
+++ /dev/null
@@ -1,55 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-CORE_DEPTH = ../../..
-
-PRIVATE_EXPORTS = \
- asn1t.h \
- asn1m.h \
- asn1.h \
- $(NULL)
-
-EXPORTS = \
- nssasn1t.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- asn1.c \
- $(NULL)
-
-REQUIRES = security nspr
-
-LIBRARY_NAME = asn1
diff --git a/security/nss/lib/asn1/nssasn1t.h b/security/nss/lib/asn1/nssasn1t.h
deleted file mode 100644
index 2488892b4..000000000
--- a/security/nss/lib/asn1/nssasn1t.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSASN1T_H
-#define NSSASN1T_H
-
-#ifdef DEBUG
-static const char NSSASN1T_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nssasn1t.h
- *
- * This file contains the public types related to our ASN.1 encoder
- * and decoder.
- */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * NSSASN1EncodingType
- *
- * This type enumerates specific types of ASN.1 encodings.
- */
-
-typedef enum {
- NSSASN1BER, /* Basic Encoding Rules */
- NSSASN1CER, /* Canonical Encoding Rules */
- NSSASN1DER, /* Distinguished Encoding Rules */
- NSSASN1LWER, /* LightWeight Encoding Rules */
- NSSASN1PER, /* Packed Encoding Rules */
- NSSASN1UnknownEncoding = -1
-} NSSASN1EncodingType;
-
-PR_END_EXTERN_C
-
-#endif /* NSSASN1T_H */
diff --git a/security/nss/lib/base/Makefile b/security/nss/lib/base/Makefile
deleted file mode 100644
index 03e1fb4c6..000000000
--- a/security/nss/lib/base/Makefile
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-include manifest.mn
-include config.mk
-include $(CORE_DEPTH)/coreconf/config.mk
-include $(CORE_DEPTH)/coreconf/rules.mk
diff --git a/security/nss/lib/base/arena.c b/security/nss/lib/base/arena.c
deleted file mode 100644
index ce192d719..000000000
--- a/security/nss/lib/base/arena.c
+++ /dev/null
@@ -1,1121 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * arena.c
- *
- * This contains the implementation of NSS's thread-safe arenas.
- */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-#ifdef ARENA_THREADMARK
-#include "prthread.h"
-#endif /* ARENA_THREADMARK */
-
-#include "prlock.h"
-#include "plarena.h"
-
-/*
- * NSSArena
- *
- * This is based on NSPR's arena code, but it is threadsafe.
- *
- * The public methods relating to this type are:
- *
- * NSSArena_Create -- constructor
- * NSSArena_Destroy
- *
- * The nonpublic methods relating to this type are:
- *
- * nssArena_Create -- constructor
- * nssArena_Destroy
- * nssArena_Mark
- * nssArena_Release
- * nssArena_Unmark
- *
- * nss_ZAlloc
- * nss_ZFreeIf
- * nss_ZRealloc
- *
- * In debug builds, the following calls are available:
- *
- * nssArena_verifyPointer
- * nssArena_registerDestructor
- * nssArena_deregisterDestructor
- */
-
-struct NSSArenaStr {
- PLArenaPool pool;
- PRLock *lock;
-#ifdef ARENA_THREADMARK
- PRThread *marking_thread;
- nssArenaMark *first_mark;
- nssArenaMark *last_mark;
-#endif /* ARENA_THREADMARK */
-#ifdef ARENA_DESTRUCTOR_LIST
- struct arena_destructor_node *first_destructor;
- struct arena_destructor_node *last_destructor;
-#endif /* ARENA_DESTRUCTOR_LIST */
-};
-
-/*
- * nssArenaMark
- *
- * This type is used to mark the current state of an NSSArena.
- */
-
-struct nssArenaMarkStr {
- PRUint32 magic;
- void *mark;
-#ifdef ARENA_THREADMARK
- nssArenaMark *next;
-#endif /* ARENA_THREADMARK */
-#ifdef ARENA_DESTRUCTOR_LIST
- struct arena_destructor_node *next_destructor;
- struct arena_destructor_node *prev_destructor;
-#endif /* ARENA_DESTRUCTOR_LIST */
-};
-
-#define MARK_MAGIC 0x4d41524b /* "MARK" how original */
-
-/*
- * But first, the pointer-tracking code
- */
-#ifdef DEBUG
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker arena_pointer_tracker;
-
-static PRStatus
-arena_add_pointer
-(
- const NSSArena *arena
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&arena_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&arena_pointer_tracker, arena);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- return PR_SUCCESS;
-}
-
-static PRStatus
-arena_remove_pointer
-(
- const NSSArena *arena
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&arena_pointer_tracker, arena);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
-}
-
-/*
- * nssArena_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSArena object,
- * this routine will return PR_SUCCESS. Otherwise, it will put an
- * error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_IMPLEMENT PRStatus
-nssArena_verifyPointer
-(
- const NSSArena *arena
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&arena_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- /*
- * This is a little disingenious. We have to initialize the
- * tracker, because someone could "legitimately" try to verify
- * an arena pointer before one is ever created. And this step
- * might fail, due to lack of memory. But the only way that
- * this step can fail is if it's doing the call_once stuff,
- * (later calls just no-op). And if it didn't no-op, there
- * aren't any valid arenas.. so the argument certainly isn't one.
- */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&arena_pointer_tracker, arena);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-#endif /* DEBUG */
-
-#ifdef ARENA_DESTRUCTOR_LIST
-
-struct arena_destructor_node {
- struct arena_destructor_node *next;
- struct arena_destructor_node *prev;
- void (*destructor)(void *argument);
- void *arg;
-};
-
-/*
- * nssArena_registerDestructor
- *
- * This routine stores a pointer to a callback and an arbitrary
- * pointer-sized argument in the arena, at the current point in
- * the mark stack. If the arena is destroyed, or an "earlier"
- * mark is released, then this destructor will be called at that
- * time. Note that the destructor will be called with the arena
- * locked, which means the destructor may free memory in that
- * arena, but it may not allocate or cause to be allocated any
- * memory. This callback facility was included to support our
- * debug-version pointer-tracker feature; overuse runs counter to
- * the the original intent of arenas. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * unsuccessful, it will set an error on the error stack and
- * return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_IMPLEMENT PRStatus
-nssArena_registerDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-)
-{
- struct arena_destructor_node *it;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- it = nss_ZNEW(arena, struct arena_destructor_node);
- if( (struct arena_destructor_node *)NULL == it ) {
- return PR_FAILURE;
- }
-
- it->prev = arena->last_destructor;
- arena->last_destructor->next = it;
- arena->last_destructor = it;
- it->destructor = destructor;
- it->arg = arg;
-
- if( (nssArenaMark *)NULL != arena->last_mark ) {
- arena->last_mark->prev_destructor = it->prev;
- arena->last_mark->next_destructor = it->next;
- }
-
- return PR_SUCCESS;
-}
-
-NSS_IMPLEMENT PRStatus
-nssArena_deregisterDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-)
-{
- struct arena_destructor_node *it;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- for( it = arena->first_destructor; it; it = it->next ) {
- if( (it->destructor == destructor) && (it->arg == arg) ) {
- break;
- }
- }
-
- if( (struct arena_destructor_node *)NULL == it ) {
- nss_SetError(NSS_ERROR_NOT_FOUND);
- return PR_FAILURE;
- }
-
- if( it == arena->first_destructor ) {
- arena->first_destructor = it->next;
- }
-
- if( it == arena->last_destructor ) {
- arena->last_destructor = it->prev;
- }
-
- if( (struct arena_destructor_node *)NULL != it->prev ) {
- it->prev->next = it->next;
- }
-
- if( (struct arena_destructor_node *)NULL != it->next ) {
- it->next->prev = it->prev;
- }
-
- {
- nssArenaMark *m;
- for( m = arena->first_mark; m; m = m->next ) {
- if( m->next_destructor == it ) {
- m->next_destructor = it->next;
- }
- if( m->prev_destructor == it ) {
- m->prev_destructor = it->prev;
- }
- }
- }
-
- nss_ZFreeIf(it);
- return PR_SUCCESS;
-}
-
-static void
-nss_arena_call_destructor_chain
-(
- struct arena_destructor_node *it
-)
-{
- for( ; it ; it = it->next ) {
- (*(it->destructor))(it->arg);
- }
-}
-
-#endif /* ARENA_DESTRUCTOR_LIST */
-
-/*
- * NSSArena_Create
- *
- * This routine creates a new memory arena. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The top-level error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSArena upon success
- */
-
-NSS_IMPLEMENT NSSArena *
-NSSArena_Create
-(
- void
-)
-{
- nss_ClearErrorStack();
- return nssArena_Create();
-}
-
-/*
- * nssArena_Create
- *
- * This routine creates a new memory arena. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSArena upon success
- */
-
-NSS_IMPLEMENT NSSArena *
-nssArena_Create
-(
- void
-)
-{
- NSSArena *rv = (NSSArena *)NULL;
-
- rv = nss_ZNEW((NSSArena *)NULL, NSSArena);
- if( (NSSArena *)NULL == rv ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSArena *)NULL;
- }
-
- rv->lock = PR_NewLock();
- if( (PRLock *)NULL == rv->lock ) {
- (void)nss_ZFreeIf(rv);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSArena *)NULL;
- }
-
- /*
- * Arena sizes. The current security code has 229 occurrences of
- * PORT_NewArena. The default chunksizes specified break down as
- *
- * Size Mult. Specified as
- * 512 1 512
- * 1024 7 1024
- * 2048 5 2048
- * 2048 5 CRMF_DEFAULT_ARENA_SIZE
- * 2048 190 DER_DEFAULT_CHUNKSIZE
- * 2048 20 SEC_ASN1_DEFAULT_ARENA_SIZE
- * 4096 1 4096
- *
- * Obviously this "default chunksize" flexibility isn't very
- * useful to us, so I'll just pick 2048.
- */
-
- PL_InitArenaPool(&rv->pool, "NSS", 2048, sizeof(double));
-
-#ifdef DEBUG
- {
- PRStatus st;
- st = arena_add_pointer(rv);
- if( PR_SUCCESS != st ) {
- PL_FinishArenaPool(&rv->pool);
- PR_DestroyLock(rv->lock);
- (void)nss_ZFreeIf(rv);
- return (NSSArena *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return rv;
-}
-
-/*
- * NSSArena_Destroy
- *
- * This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The top-level error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSArena_Destroy
-(
- NSSArena *arena
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssArena_Destroy(arena);
-}
-
-/*
- * nssArena_Destroy
- *
- * This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_IMPLEMENT PRStatus
-nssArena_Destroy
-(
- NSSArena *arena
-)
-{
- PRLock *lock;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- PR_Lock(arena->lock);
- if( (PRLock *)NULL == arena->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != arena_remove_pointer(arena) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
-#ifdef ARENA_DESTRUCTOR_LIST
- /* Note that the arena is locked at this time */
- nss_arena_call_destructor_chain(arena->first_destructor);
-#endif /* ARENA_DESTRUCTOR_LIST */
-
- PL_FinishArenaPool(&arena->pool);
- lock = arena->lock;
- arena->lock = (PRLock *)NULL;
- PR_Unlock(lock);
- PR_DestroyLock(lock);
- (void)nss_ZFreeIf(arena);
- return PR_SUCCESS;
-}
-
-/*
- * nssArena_Mark
- *
- * This routine "marks" the current state of an arena. Space
- * allocated after the arena has been marked can be freed by
- * releasing the arena back to the mark with nssArena_Release,
- * or committed by calling nssArena_Unmark. When successful,
- * this routine returns a valid nssArenaMark pointer. This
- * routine may return NULL upon error, in which case it will
- * have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- *
- * Return value:
- * NULL upon failure
- * An nssArenaMark pointer upon success
- */
-
-NSS_IMPLEMENT nssArenaMark *
-nssArena_Mark
-(
- NSSArena *arena
-)
-{
- nssArenaMark *rv;
- void *p;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return (nssArenaMark *)NULL;
- }
-#endif /* NSSDEBUG */
-
- PR_Lock(arena->lock);
- if( (PRLock *)NULL == arena->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return (nssArenaMark *)NULL;
- }
-
-#ifdef ARENA_THREADMARK
- if( (PRThread *)NULL == arena->marking_thread ) {
- /* Unmarked. Store our thread ID */
- arena->marking_thread = PR_GetCurrentThread();
- /* This call never fails. */
- } else {
- /* Marked. Verify it's the current thread */
- if( PR_GetCurrentThread() != arena->marking_thread ) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- return (nssArenaMark *)NULL;
- }
- }
-#endif /* ARENA_THREADMARK */
-
- p = PL_ARENA_MARK(&arena->pool);
- /* No error possible */
-
- /* Do this after the mark */
- rv = nss_ZNEW(arena, nssArenaMark);
- if( (nssArenaMark *)NULL == rv ) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (nssArenaMark *)NULL;
- }
-
-#ifdef ARENA_THREADMARK
- arena->last_mark->next = rv;
- arena->last_mark = rv;
-#endif /* ARENA_THREADMARK */
-
- rv->mark = p;
- rv->magic = MARK_MAGIC;
-
-#ifdef ARENA_DESTRUCTOR_LIST
- rv->prev_destructor = arena->last_destructor;
-#endif /* ARENA_DESTRUCTOR_LIST */
-
- PR_Unlock(arena->lock);
-
- return rv;
-}
-
-/*
- * nss_arena_unmark_release
- *
- * This static routine implements the routines nssArena_Release
- * ans nssArena_Unmark, which are almost identical.
- */
-
-static PRStatus
-nss_arena_unmark_release
-(
- NSSArena *arena,
- nssArenaMark *arenaMark,
- PRBool release
-)
-{
- void *inner_mark;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( MARK_MAGIC != arenaMark->magic ) {
- nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
- return PR_FAILURE;
- }
-
- PR_Lock(arena->lock);
- if( (PRLock *)NULL == arena->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
-
-#ifdef ARENA_THREADMARK
- if( (PRThread *)NULL != arena->marking_thread ) {
- if( PR_GetCurrentThread() != arena->marking_thread ) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- return PR_FAILURE;
- }
- }
-#endif /* ARENA_THREADMARK */
-
- if( MARK_MAGIC != arenaMark->magic ) {
- /* Just got released */
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
- return PR_FAILURE;
- }
-
- arenaMark->magic = 0;
- inner_mark = arenaMark->mark;
-
-#ifdef ARENA_THREADMARK
- {
- nssArenaMark **pMark = &arena->first_mark;
- nssArenaMark *rest;
- nssArenaMark *last = (nssArenaMark *)NULL;
-
- /* Find this mark */
- while( *pMark != arenaMark ) {
- last = *pMark;
- pMark = &(*pMark)->next;
- }
-
- /* Remember the pointer, then zero it */
- rest = (*pMark)->next;
- *pMark = (nssArenaMark *)NULL;
-
- arena->last_mark = last;
-
- /* Invalidate any later marks being implicitly released */
- for( ; (nssArenaMark *)NULL != rest; rest = rest->next ) {
- rest->magic = 0;
- }
-
- /* If we just got rid of the first mark, clear the thread ID */
- if( (nssArenaMark *)NULL == arena->first_mark ) {
- arena->marking_thread = (PRThread *)NULL;
- }
- }
-#endif /* ARENA_THREADMARK */
-
- if( release ) {
-#ifdef ARENA_DESTRUCTOR_LIST
- if( (struct arena_destructor_node *)NULL != arenaMark->prev_destructor ) {
- arenaMark->prev_destructor->next = (struct arena_destructor_node *)NULL;
- }
- arena->last_destructor = arenaMark->prev_destructor;
-
- /* Note that the arena is locked at this time */
- nss_arena_call_destructor_chain(arenaMark->next_destructor);
-#endif /* ARENA_DESTRUCTOR_LIST */
-
- PR_ARENA_RELEASE(&arena->pool, inner_mark);
- /* No error return */
- }
-
- PR_Unlock(arena->lock);
- return PR_SUCCESS;
-}
-
-/*
- * nssArena_Release
- *
- * This routine invalidates and releases all memory allocated from
- * the specified arena after the point at which the specified mark
- * was obtained. This routine returns a PRStatus value; if successful,
- * it will return PR_SUCCESS. If unsuccessful, it will set an error
- * on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ARENA_MARK
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_IMPLEMENT PRStatus
-nssArena_Release
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-)
-{
- return nss_arena_unmark_release(arena, arenaMark, PR_TRUE);
-}
-
-/*
- * nssArena_Unmark
- *
- * This routine "commits" the indicated mark and any marks after
- * it, making them unreleasable. Note that any earlier marks can
- * still be released, and such a release will invalidate these
- * later unmarked regions. If an arena is to be safely shared by
- * more than one thread, all marks must be either released or
- * unmarked. This routine returns a PRStatus value; if successful,
- * it will return PR_SUCCESS. If unsuccessful, it will set an error
- * on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ARENA_MARK
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_IMPLEMENT PRStatus
-nssArena_Unmark
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-)
-{
- return nss_arena_unmark_release(arena, arenaMark, PR_FALSE);
-}
-
-/*
- * We prefix this header to all allocated blocks. It is a multiple
- * of the alignment size. Note that this usage of a header may make
- * purify spew bogus warnings about "potentially leaked blocks" of
- * memory; if that gets too annoying we can add in a pointer to the
- * header in the header itself. There's not a lot of safety here;
- * maybe we should add a magic value?
- */
-struct pointer_header {
- NSSArena *arena;
- PRUint32 size;
-};
-
-/*
- * nss_ZAlloc
- *
- * This routine allocates and zeroes a section of memory of the
- * size, and returns to the caller a pointer to that memory. If
- * the optional arena argument is non-null, the memory will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in
- * which case it will have set an error upon the error stack. The
- * value specified for size may be zero; in which case a valid
- * zero-length block of memory will be allocated. This block may
- * be expanded by calling nss_ZRealloc.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- *
- * Return value:
- * NULL upon error
- * A pointer to the new segment of zeroed memory
- */
-
-NSS_IMPLEMENT void *
-nss_ZAlloc
-(
- NSSArena *arenaOpt,
- PRUint32 size
-)
-{
- struct pointer_header *h;
- PRUint32 my_size = size + sizeof(struct pointer_header);
-
- if( my_size < sizeof(struct pointer_header) ) {
- /* Wrapped */
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
-
- if( (NSSArena *)NULL == arenaOpt ) {
- /* Heap allocation, no locking required. */
- h = (struct pointer_header *)PR_Calloc(1, my_size);
- if( (struct pointer_header *)NULL == h ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
-
- h->arena = (NSSArena *)NULL;
- h->size = size;
- /* We used calloc: it's already zeroed */
-
- return (void *)((char *)h + sizeof(struct pointer_header));
- } else {
- void *p;
- void *rv;
- /* Arena allocation */
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (void *)NULL;
- }
-#endif /* NSSDEBUG */
-
- PR_Lock(arenaOpt->lock);
- if( (PRLock *)NULL == arenaOpt->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return (void *)NULL;
- }
-
-#ifdef ARENA_THREADMARK
- if( (PRThread *)NULL != arenaOpt->marking_thread ) {
- if( PR_GetCurrentThread() != arenaOpt->marking_thread ) {
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- PR_Unlock(arenaOpt->lock);
- return (void *)NULL;
- }
- }
-#endif /* ARENA_THREADMARK */
-
- PR_ARENA_ALLOCATE(p, &arenaOpt->pool, my_size);
- if( (void *)NULL == p ) {
- PR_Unlock(arenaOpt->lock);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
-
- /*
- * Do this before we unlock. This way if the user is using
- * an arena in one thread while destroying it in another, he'll
- * fault/FMR in his code, not ours.
- */
- h = (struct pointer_header *)p;
- h->arena = arenaOpt;
- h->size = size;
- rv = (void *)((char *)h + sizeof(struct pointer_header));
- (void)nsslibc_memset(rv, 0, size);
-
- PR_Unlock(arenaOpt->lock);
-
- return rv;
- }
- /*NOTREACHED*/
-}
-
-/*
- * nss_ZFreeIf
- *
- * If the specified pointer is non-null, then the region of memory
- * to which it points -- which must have been allocated with
- * nss_ZAlloc -- will be zeroed and released. This routine
- * returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will set an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_IMPLEMENT PRStatus
-nss_ZFreeIf
-(
- void *pointer
-)
-{
- struct pointer_header *h;
-
- if( (void *)NULL == pointer ) {
- return PR_SUCCESS;
- }
-
- h = (struct pointer_header *)&((char *)pointer)
- [ - sizeof(struct pointer_header) ];
-
- /* Check any magic here */
-
- if( (NSSArena *)NULL == h->arena ) {
- /* Heap */
- (void)nsslibc_memset(pointer, 0, h->size);
- PR_Free(h);
- return PR_SUCCESS;
- } else {
- /* Arena */
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(h->arena) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- PR_Lock(h->arena->lock);
- if( (PRLock *)NULL == h->arena->lock ) {
- /* Just got destroyed.. so this pointer is invalid */
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-
- (void)nsslibc_memset(pointer, 0, h->size);
-
- /* No way to "free" it within an NSPR arena. */
-
- PR_Unlock(h->arena->lock);
- return PR_SUCCESS;
- }
- /*NOTREACHED*/
-}
-
-/*
- * nss_ZRealloc
- *
- * This routine reallocates a block of memory obtained by calling
- * nss_ZAlloc or nss_ZRealloc. The portion of memory
- * between the new and old sizes -- which is either being newly
- * obtained or released -- is in either case zeroed. This routine
- * may return NULL upon failure, in which case it will have placed
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- *
- * Return value:
- * NULL upon error
- * A pointer to the replacement segment of memory
- */
-
-NSS_EXTERN void *
-nss_ZRealloc
-(
- void *pointer,
- PRUint32 newSize
-)
-{
- struct pointer_header *h, *new_h;
- PRUint32 my_newSize = newSize + sizeof(struct pointer_header);
- void *rv;
-
- if( my_newSize < sizeof(struct pointer_header) ) {
- /* Wrapped */
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
-
- if( (void *)NULL == pointer ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
-
- h = (struct pointer_header *)&((char *)pointer)
- [ - sizeof(struct pointer_header) ];
-
- /* Check any magic here */
-
- if( newSize == h->size ) {
- /* saves thrashing */
- return pointer;
- }
-
- if( (NSSArena *)NULL == h->arena ) {
- /* Heap */
- new_h = (struct pointer_header *)PR_Calloc(1, my_newSize);
- if( (struct pointer_header *)NULL == new_h ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
-
- new_h->arena = (NSSArena *)NULL;
- new_h->size = newSize;
- rv = (void *)((char *)new_h + sizeof(struct pointer_header));
-
- if( newSize > h->size ) {
- (void)nsslibc_memcpy(rv, pointer, h->size);
- (void)nsslibc_memset(&((char *)rv)[ h->size ],
- 0, (newSize - h->size));
- } else {
- (void)nsslibc_memcpy(rv, pointer, newSize);
- }
-
- (void)nsslibc_memset(pointer, 0, h->size);
- h->size = 0;
- PR_Free(h);
-
- return rv;
- } else {
- void *p;
- /* Arena */
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(h->arena) ) {
- return (void *)NULL;
- }
-#endif /* NSSDEBUG */
-
- PR_Lock(h->arena->lock);
- if( (PRLock *)NULL == h->arena->lock ) {
- /* Just got destroyed.. so this pointer is invalid */
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
-
-#ifdef ARENA_THREADMARK
- if( (PRThread *)NULL != h->arena->marking_thread ) {
- if( PR_GetCurrentThread() != h->arena->marking_thread ) {
- PR_Unlock(h->arena->lock);
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- return (void *)NULL;
- }
- }
-#endif /* ARENA_THREADMARK */
-
- if( newSize < h->size ) {
- /*
- * We have no general way of returning memory to the arena
- * (mark/release doesn't work because things may have been
- * allocated after this object), so the memory is gone
- * anyway. We might as well just return the same pointer to
- * the user, saying "yeah, uh-hunh, you can only use less of
- * it now." We'll zero the leftover part, of course. And
- * in fact we might as well *not* adjust h->size-- this way,
- * if the user reallocs back up to something not greater than
- * the original size, then voila, there's the memory! This
- * way a thrash big/small/big/small doesn't burn up the arena.
- */
- char *extra = &((char *)pointer)[ newSize ];
- (void)nsslibc_memset(extra, 0, (h->size - newSize));
- PR_Unlock(h->arena->lock);
- return pointer;
- }
-
- PR_ARENA_ALLOCATE(p, &h->arena->pool, my_newSize);
- if( (void *)NULL == p ) {
- PR_Unlock(h->arena->lock);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
-
- new_h = (struct pointer_header *)p;
- new_h->arena = h->arena;
- new_h->size = newSize;
- rv = (void *)((char *)h + sizeof(struct pointer_header));
- (void)nsslibc_memcpy(rv, pointer, h->size);
- (void)nsslibc_memset(&((char *)rv)[ h->size ], 0,
- (newSize - h->size));
- (void)nsslibc_memset(pointer, 0, h->size);
- h->arena = (NSSArena *)NULL;
- h->size = 0;
- PR_Unlock(h->arena->lock);
- return rv;
- }
- /*NOTREACHED*/
-}
diff --git a/security/nss/lib/base/base.h b/security/nss/lib/base/base.h
deleted file mode 100644
index 4206cb542..000000000
--- a/security/nss/lib/base/base.h
+++ /dev/null
@@ -1,1063 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef BASE_H
-#define BASE_H
-
-#ifdef DEBUG
-static const char BASE_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * base.h
- *
- * This header file contains basic prototypes and preprocessor
- * definitions used throughout nss but not available publicly.
- */
-
-#ifndef BASET_H
-#include "baset.h"
-#endif /* BASET_H */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#include "plhash.h"
-
-PR_BEGIN_EXTERN_C
-
-/*
- * NSSArena
- *
- * The nonpublic methods relating to this type are:
- *
- * nssArena_Create -- constructor
- * nssArena_Destroy
- * nssArena_Mark
- * nssArena_Release
- * nssArena_Unmark
- *
- * nss_ZAlloc
- * nss_ZFreeIf
- * nss_ZRealloc
- *
- * Additionally, there are some preprocessor macros:
- *
- * nss_ZNEW
- * nss_ZNEWARRAY
- *
- * In debug builds, the following calls are available:
- *
- * nssArena_verifyPointer
- * nssArena_registerDestructor
- * nssArena_deregisterDestructor
- *
- * The following preprocessor macro is also always available:
- *
- * nssArena_VERIFYPOINTER
- *
- * A constant PLHashAllocOps structure is available for users
- * of the NSPL PLHashTable routines.
- *
- * nssArenaHashAllocOps
- */
-
-/*
- * nssArena_Create
- *
- * This routine creates a new memory arena. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSArena upon success
- */
-
-/*
- * XXX fgmr
- * Arenas can be named upon creation; this is mostly of use when
- * debugging. Should we expose that here, allowing an optional
- * "const char *name" argument? Should the public version of this
- * call (NSSArena_Create) have it too?
- */
-
-NSS_EXTERN NSSArena *
-nssArena_Create
-(
- void
-);
-
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * nssArena_Destroy
- *
- * This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_EXTERN PRStatus
-nssArena_Destroy
-(
- NSSArena *arena
-);
-
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-
-/*
- * nssArena_Mark
- *
- * This routine "marks" the current state of an arena. Space
- * allocated after the arena has been marked can be freed by
- * releasing the arena back to the mark with nssArena_Release,
- * or committed by calling nssArena_Unmark. When successful,
- * this routine returns a valid nssArenaMark pointer. This
- * routine may return NULL upon error, in which case it will
- * have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- *
- * Return value:
- * NULL upon failure
- * An nssArenaMark pointer upon success
- */
-
-NSS_EXTERN nssArenaMark *
-nssArena_Mark
-(
- NSSArena *arena
-);
-
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
-
-/*
- * nssArena_Release
- *
- * This routine invalidates and releases all memory allocated from
- * the specified arena after the point at which the specified mark
- * was obtained. This routine returns a PRStatus value; if successful,
- * it will return PR_SUCCESS. If unsuccessful, it will set an error
- * on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ARENA_MARK
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_EXTERN PRStatus
-nssArena_Release
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-);
-
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
-
-/*
- * nssArena_Unmark
- *
- * This routine "commits" the indicated mark and any marks after
- * it, making them unreleasable. Note that any earlier marks can
- * still be released, and such a release will invalidate these
- * later unmarked regions. If an arena is to be safely shared by
- * more than one thread, all marks must be either released or
- * unmarked. This routine returns a PRStatus value; if successful,
- * it will return PR_SUCCESS. If unsuccessful, it will set an error
- * on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ARENA_MARK
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_EXTERN PRStatus
-nssArena_Unmark
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-);
-
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
-extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
-
-#ifdef ARENA_DESTRUCTOR_LIST
-
-/*
- * nssArena_registerDestructor
- *
- * This routine stores a pointer to a callback and an arbitrary
- * pointer-sized argument in the arena, at the current point in
- * the mark stack. If the arena is destroyed, or an "earlier"
- * mark is released, then this destructor will be called at that
- * time. Note that the destructor will be called with the arena
- * locked, which means the destructor may free memory in that
- * arena, but it may not allocate or cause to be allocated any
- * memory. This callback facility was included to support our
- * debug-version pointer-tracker feature; overuse runs counter to
- * the the original intent of arenas. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * unsuccessful, it will set an error on the error stack and
- * return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_EXTERN PRStatus
-nssArena_registerDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-);
-
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * nssArena_deregisterDestructor
- *
- * This routine will remove the first destructor in the specified
- * arena which has the specified destructor and argument values.
- * The destructor will not be called. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * unsuccessful, it will set an error on the error stack and
- * return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NOT_FOUND
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_EXTERN PRStatus
-nssArena_deregisterDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-);
-
-extern const NSSError NSS_ERROR_INVALID_ITEM;
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_NOT_FOUND;
-
-#endif /* ARENA_DESTRUCTOR_LIST */
-
-/*
- * nss_ZAlloc
- *
- * This routine allocates and zeroes a section of memory of the
- * size, and returns to the caller a pointer to that memory. If
- * the optional arena argument is non-null, the memory will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in
- * which case it will have set an error upon the error stack. The
- * value specified for size may be zero; in which case a valid
- * zero-length block of memory will be allocated. This block may
- * be expanded by calling nss_ZRealloc.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- *
- * Return value:
- * NULL upon error
- * A pointer to the new segment of zeroed memory
- */
-
-NSS_EXTERN void *
-nss_ZAlloc
-(
- NSSArena *arenaOpt,
- PRUint32 size
-);
-
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
-
-/*
- * nss_ZFreeIf
- *
- * If the specified pointer is non-null, then the region of memory
- * to which it points -- which must have been allocated with
- * nss_ZAlloc -- will be zeroed and released. This routine
- * returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will set an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_EXTERN PRStatus
-nss_ZFreeIf
-(
- void *pointer
-);
-
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-
-/*
- * nss_ZRealloc
- *
- * This routine reallocates a block of memory obtained by calling
- * nss_ZAlloc or nss_ZRealloc. The portion of memory
- * between the new and old sizes -- which is either being newly
- * obtained or released -- is in either case zeroed. This routine
- * may return NULL upon failure, in which case it will have placed
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- *
- * Return value:
- * NULL upon error
- * A pointer to the replacement segment of memory
- */
-
-NSS_EXTERN void *
-nss_ZRealloc
-(
- void *pointer,
- PRUint32 newSize
-);
-
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
-
-/*
- * nss_ZNEW
- *
- * This preprocessor macro will allocate memory for a new object
- * of the specified type with nss_ZAlloc, and will cast the
- * return value appropriately. If the optional arena argument is
- * non-null, the memory will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have set an error
- * upon the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to the new segment of zeroed memory
- */
-
-/* The following line exceeds 72 characters, but emacs screws up if I split it. */
-#define nss_ZNEW(arenaOpt, type) ((type *)nss_ZAlloc((arenaOpt), sizeof(type)))
-
-/*
- * nss_ZNEWARRAY
- *
- * This preprocessor macro will allocate memory for an array of
- * new objects, and will cast the return value appropriately.
- * If the optional arena argument is non-null, the memory will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon
- * error, in which case it will have set an error upon the error
- * stack. The array size may be specified as zero.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to the new segment of zeroed memory
- */
-
-/* The following line exceeds 72 characters, but emacs screws up if I split it. */
-#define nss_ZNEWARRAY(arenaOpt, type, quantity) ((type *)nss_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
-
-/*
- * nssArena_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSArena object,
- * this routine will return PR_SUCCESS. Otherwise, it will put an
- * error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssArena_verifyPointer
-(
- const NSSArena *arena
-);
-
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-#endif /* DEBUG */
-
-/*
- * nssArena_VERIFYPOINTER
- *
- * This macro is always available. In debug builds it will call
- * nssArena_verifyPointer; in non-debug builds, it will merely
- * check that the pointer is not null. Note that in non-debug
- * builds it cannot place an error on the error stack.
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-#ifdef DEBUG
-#define nssArena_VERIFYPOINTER(p) nssArena_verifyPointer(p)
-#else /* DEBUG */
-/* The following line exceeds 72 characters, but emacs screws up if I split it. */
-#define nssArena_VERIFYPOINTER(p) (((NSSArena *)NULL == (p))?PR_FAILURE:PR_SUCCESS)
-#endif /* DEBUG */
-
-/*
- * nssArenaHashAllocOps
- *
- * This constant structure contains allocation callbacks designed for
- * use with the NSPL routine PL_NewHashTable. For example:
- *
- * NSSArena *hashTableArena = nssArena_Create();
- * PLHashTable *t = PL_NewHashTable(n, hasher, key_compare,
- * value_compare, nssArenaHashAllocOps, hashTableArena);
- */
-
-NSS_EXTERN_DATA PLHashAllocOps nssArenaHashAllocOps;
-
-/*
- * The error stack
- *
- * The nonpublic methods relating to the error stack are:
- *
- * nss_SetError
- * nss_ClearErrorStack
- */
-
-/*
- * nss_SetError
- *
- * This routine places a new error code on the top of the calling
- * thread's error stack. Calling this routine wiht an error code
- * of zero will clear the error stack.
- */
-
-NSS_EXTERN void
-nss_SetError
-(
- PRUint32 error
-);
-
-/*
- * nss_ClearErrorStack
- *
- * This routine clears the calling thread's error stack.
- */
-
-NSS_EXTERN void
-nss_ClearErrorStack
-(
- void
-);
-
-/*
- * NSSUTF8
- *
- * nssUTF8_CaseIgnoreMatch
- * nssUTF8_Duplicate
- * nssUTF8_Size
- * nssUTF8_Length
- * nssUTF8_CopyIntoFixedBuffer
- */
-
-/*
- * nssUTF8_CaseIgnoreMatch
- *
- * Returns true if the two UTF8-encoded strings pointed to by the
- * two specified NSSUTF8 pointers differ only in typcase.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_TRUE if the strings match, ignoring case
- * PR_FALSE if they don't
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssUTF8_CaseIgnoreMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-);
-
-/*
- * nssUTF8_Duplicate
- *
- * This routine duplicates the UTF8-encoded string pointed to by the
- * specified NSSUTF8 pointer. If the optional arenaOpt argument is
- * not null, the memory required will be obtained from that arena;
- * otherwise, the memory required will be obtained from the heap.
- * A pointer to the new string will be returned. In case of error,
- * an error will be placed on the error stack and NULL will be
- * returned.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- */
-
-NSS_EXTERN NSSUTF8 *
-nssUTF8_Duplicate
-(
- const NSSUTF8 *s,
- NSSArena *arenaOpt
-);
-
-/*
- * nssUTF8_PrintableMatch
- *
- * Returns true if the two Printable strings pointed to by the
- * two specified NSSUTF8 pointers match when compared with the
- * rules for Printable String (leading and trailing spaces are
- * disregarded, extents of whitespace match irregardless of length,
- * and case is not significant), then PR_TRUE will be returned.
- * Otherwise, PR_FALSE will be returned. Upon failure, PR_FALSE
- * will be returned. If the optional statusOpt argument is not
- * NULL, then PR_SUCCESS or PR_FAILURE will be stored in that
- * location.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_TRUE if the strings match, ignoring case
- * PR_FALSE if they don't
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssUTF8_PrintableMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-);
-
-/*
- * nssUTF8_Size
- *
- * This routine returns the length in bytes (including the terminating
- * null) of the UTF8-encoded string pointed to by the specified
- * NSSUTF8 pointer. Zero is returned on error.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_VALUE_TOO_LARGE
- *
- * Return value:
- * nonzero size of the string
- * 0 on error
- */
-
-NSS_EXTERN PRUint32
-nssUTF8_Size
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
-
-/*
- * nssUTF8_Length
- *
- * This routine returns the length in characters (not including the
- * terminating null) of the UTF8-encoded string pointed to by the
- * specified NSSUTF8 pointer.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_VALUE_TOO_LARGE
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * length of the string (which may be zero)
- * 0 on error
- */
-
-NSS_EXTERN PRUint32
-nssUTF8_Length
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
-extern const NSSError NSS_ERROR_INVALID_STRING;
-
-/*
- * nssUTF8_Create
- *
- * This routine creates a UTF8 string from a string in some other
- * format. Some types of string may include embedded null characters,
- * so for them the length parameter must be used. For string types
- * that are null-terminated, the length parameter is optional; if it
- * is zero, it will be ignored. If the optional arena argument is
- * non-null, the memory used for the new string will be obtained from
- * that arena, otherwise it will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * placed an error on the error stack.
- *
- * The error may be one of the following:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_UNSUPPORTED_TYPE
- *
- * Return value:
- * NULL upon error
- * A non-null pointer to a new UTF8 string otherwise
- */
-
-NSS_EXTERN NSSUTF8 *
-nssUTF8_Create
-(
- NSSArena *arenaOpt,
- nssStringType type,
- const void *inputString,
- PRUint32 size /* in bytes, not characters */
-);
-
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_UNSUPPORTED_TYPE;
-
-NSS_EXTERN NSSItem *
-nssUTF8_GetEncoding
-(
- NSSArena *arenaOpt,
- NSSItem *rvOpt,
- nssStringType type,
- NSSUTF8 *string
-);
-
-/*
- * nssUTF8_CopyIntoFixedBuffer
- *
- * This will copy a UTF8 string into a fixed-length buffer, making
- * sure that the all characters are valid. Any remaining space will
- * be padded with the specified ASCII character, typically either
- * null or space.
- *
- * Blah, blah, blah.
- */
-
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
-
-NSS_EXTERN PRStatus
-nssUTF8_CopyIntoFixedBuffer
-(
- NSSUTF8 *string,
- char *buffer,
- PRUint32 bufferSize,
- char pad
-);
-
-/*
- * nssUTF8_Equal
- *
- */
-
-NSS_EXTERN PRBool
-nssUTF8_Equal
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-);
-
-/*
- * nssPointerTracker
- *
- * This type and these methods are only present in debug builds.
- *
- * The nonpublic methods relating to this type are:
- *
- * nssPointerTracker_initialize
- * nssPointerTracker_finalize
- * nssPointerTracker_add
- * nssPointerTracker_remove
- * nssPointerTracker_verify
- */
-
-/*
- * nssPointerTracker_initialize
- *
- * This method is only present in debug builds.
- *
- * This routine initializes an nssPointerTracker object. Note that
- * the object must have been declared *static* to guarantee that it
- * is in a zeroed state initially. This routine is idempotent, and
- * may even be safely called by multiple threads simultaneously with
- * the same argument. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. On failure it will set an
- * error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_initialize
-(
- nssPointerTracker *tracker
-);
-
-extern const NSSError NSS_ERROR_NO_MEMORY;
-#endif /* DEBUG */
-
-/*
- * nssPointerTracker_finalize
- *
- * This method is only present in debug builds.
- *
- * This routine returns the nssPointerTracker object to the pre-
- * initialized state, releasing all resources used by the object.
- * It will *NOT* destroy the objects being tracked by the pointer
- * (should any remain), and therefore cannot be used to "sweep up"
- * remaining objects. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCES. On failure it will set an
- * error on the error stack and return PR_FAILURE. If any objects
- * remain in the tracker when it is finalized, that will be treated
- * as an error.
- *
- * The error may be one of the following values:
- * NSS_ERROR_TRACKER_NOT_EMPTY
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_finalize
-(
- nssPointerTracker *tracker
-);
-
-extern const NSSError NSS_ERROR_TRACKER_NOT_EMPTY;
-#endif /* DEBUG */
-
-/*
- * nssPointerTracker_add
- *
- * This method is only present in debug builds.
- *
- * This routine adds the specified pointer to the nssPointerTracker
- * object. It should be called in constructor objects to register
- * new valid objects. The nssPointerTracker is threadsafe, but this
- * call is not idempotent. This routine returns a PRStatus value;
- * if successful it will return PR_SUCCESS. On failure it will set
- * an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_TRACKER_NOT_INITIALIZED
- * NSS_ERROR_DUPLICATE_POINTER
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_add
-(
- nssPointerTracker *tracker,
- const void *pointer
-);
-
-extern const NSSError NSS_ERROR_NO_MEMORY;
-extern const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED;
-extern const NSSError NSS_ERROR_DUPLICATE_POINTER;
-#endif /* DEBUG */
-
-/*
- * nssPointerTracker_remove
- *
- * This method is only present in debug builds.
- *
- * This routine removes the specified pointer from the
- * nssPointerTracker object. It does not call any destructor for the
- * object; rather, this should be called from the object's destructor.
- * The nssPointerTracker is threadsafe, but this call is not
- * idempotent. This routine returns a PRStatus value; if successful
- * it will return PR_SUCCESS. On failure it will set an error on the
- * error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_TRACKER_NOT_INITIALIZED
- * NSS_ERROR_POINTER_NOT_REGISTERED
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_remove
-(
- nssPointerTracker *tracker,
- const void *pointer
-);
-
-extern const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED;
-extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
-#endif /* DEBUG */
-
-/*
- * nssPointerTracker_verify
- *
- * This method is only present in debug builds.
- *
- * This routine verifies that the specified pointer has been registered
- * with the nssPointerTracker object. The nssPointerTracker object is
- * threadsafe, and this call may be safely called from multiple threads
- * simultaneously with the same arguments. This routine returns a
- * PRStatus value; if the pointer is registered this will return
- * PR_SUCCESS. Otherwise it will set an error on the error stack and
- * return PR_FAILURE. Although the error is suitable for leaving on
- * the stack, callers may wish to augment the information available by
- * placing a more type-specific error on the stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_POINTER_NOT_REGISTERED
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILRUE
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_verify
-(
- nssPointerTracker *tracker,
- const void *pointer
-);
-
-extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
-#endif /* DEBUG */
-
-/*
- * libc
- *
- * nsslibc_memcpy
- * nsslibc_memset
- * nsslibc_offsetof
- */
-
-/*
- * nsslibc_memcpy
- *
- * Errors:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * NULL on error
- * The destination pointer on success
- */
-
-NSS_EXTERN void *
-nsslibc_memcpy
-(
- void *dest,
- const void *source,
- PRUint32 n
-);
-
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-
-/*
- * nsslibc_memset
- *
- * Errors:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * NULL on error
- * The destination pointer on success
- */
-
-NSS_EXTERN void *
-nsslibc_memset
-(
- void *dest,
- PRUint8 byte,
- PRUint32 n
-);
-
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-
-/*
- * nsslibc_memequal
- *
- * Errors:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_TRUE if they match
- * PR_FALSE if they don't
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nsslibc_memequal
-(
- const void *a,
- const void *b,
- PRUint32 len,
- PRStatus *statusOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-
-#define nsslibc_offsetof(str, memb) ((PRPtrdiff)(&(((str *)0)->memb)))
-
-/*
- * nss_NewThreadPrivateIndex
- *
- */
-
-NSS_EXTERN PRStatus
-nss_NewThreadPrivateIndex
-(
- PRUintn *ip
-);
-
-/*
- * nss_GetThreadPrivate
- *
- */
-
-NSS_EXTERN void *
-nss_GetThreadPrivate
-(
- PRUintn i
-);
-
-/*
- * nss_SetThreadPrivate
- *
- */
-
-NSS_EXTERN void
-nss_SetThreadPrivate
-(
- PRUintn i,
- void *v
-);
-
-
-PR_END_EXTERN_C
-
-#endif /* BASE_H */
diff --git a/security/nss/lib/base/baset.h b/security/nss/lib/base/baset.h
deleted file mode 100644
index b0e676fc2..000000000
--- a/security/nss/lib/base/baset.h
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef BASET_H
-#define BASET_H
-
-#ifdef DEBUG
-static const char BASET_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * baset.h
- *
- * This file contains definitions for the basic types used throughout
- * nss but not available publicly.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-#include "plhash.h"
-
-PR_BEGIN_EXTERN_C
-
-/*
- * nssArenaMark
- *
- * This type is used to mark the current state of an NSSArena.
- */
-
-struct nssArenaMarkStr;
-typedef struct nssArenaMarkStr nssArenaMark;
-
-#ifdef DEBUG
-/*
- * ARENA_THREADMARK
- *
- * Optionally, this arena implementation can be compiled with some
- * runtime checking enabled, which will catch the situation where
- * one thread "marks" the arena, another thread allocates memory,
- * and then the mark is released. Usually this is a surprise to
- * the second thread, and this leads to weird runtime errors.
- * Define ARENA_THREADMARK to catch these cases; we define it for all
- * (internal and external) debug builds.
- */
-#define ARENA_THREADMARK
-
-/*
- * ARENA_DESTRUCTOR_LIST
- *
- * Unfortunately, our pointer-tracker facility, used in debug
- * builds to agressively fight invalid pointers, requries that
- * pointers be deregistered when objects are destroyed. This
- * conflicts with the standard arena usage where "memory-only"
- * objects (that don't hold onto resources outside the arena)
- * can be allocated in an arena, and never destroyed other than
- * when the arena is destroyed. Therefore we have added a
- * destructor-registratio facility to our arenas. This was not
- * a simple decision, since we're getting ever-further away from
- * the original arena philosophy. However, it was felt that
- * adding this in debug builds wouldn't be so bad; as it would
- * discourage them from being used for "serious" purposes.
- * This facility requires ARENA_THREADMARK to be defined.
- */
-#ifdef ARENA_THREADMARK
-#define ARENA_DESTRUCTOR_LIST
-#endif /* ARENA_THREADMARK */
-
-#endif /* DEBUG */
-
-/*
- * nssPointerTracker
- *
- * This type is used in debug builds (both external and internal) to
- * track our object pointers. Objects of this type must be statically
- * allocated, which means the structure size must be available to the
- * compiler. Therefore we must expose the contents of this structure.
- * But please don't access elements directly; use the accessors.
- */
-
-#ifdef DEBUG
-struct nssPointerTrackerStr {
- PRCallOnceType once;
- PRLock *lock;
- PLHashTable *table;
-};
-typedef struct nssPointerTrackerStr nssPointerTracker;
-#endif /* DEBUG */
-
-/*
- * nssStringType
- *
- * There are several types of strings in the real world. We try to
- * use only UTF8 and avoid the rest, but that's not always possible.
- * So we have a couple converter routines to go to and from the other
- * string types. We have to be able to specify those string types,
- * so we have this enumeration.
- */
-
-enum nssStringTypeEnum {
- nssStringType_DirectoryString,
- nssStringType_TeletexString, /* Not "teletext" with trailing 't' */
- nssStringType_PrintableString,
- nssStringType_UniversalString,
- nssStringType_BMPString,
- nssStringType_UTF8String,
- nssStringType_PHGString,
- nssStringType_GeneralString,
-
- nssStringType_Unknown = -1
-};
-typedef enum nssStringTypeEnum nssStringType;
-
-PR_END_EXTERN_C
-
-#endif /* BASET_H */
diff --git a/security/nss/lib/base/config.mk b/security/nss/lib/base/config.mk
deleted file mode 100644
index 80b3135f4..000000000
--- a/security/nss/lib/base/config.mk
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-ifdef BUILD_IDG
-DEFINES += -DNSSDEBUG
-endif
diff --git a/security/nss/lib/base/error.c b/security/nss/lib/base/error.c
deleted file mode 100644
index d3b44c7a0..000000000
--- a/security/nss/lib/base/error.c
+++ /dev/null
@@ -1,298 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * error.c
- *
- * This file contains the code implementing the per-thread error
- * stacks upon which most NSS routines report their errors.
- */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-/*
- * The stack itself has a header, and a sequence of integers.
- * The header records the amount of space (as measured in stack
- * slots) already allocated for the stack, and the count of the
- * number of records currently being used.
- */
-
-struct stack_header_str {
- PRUint16 space;
- PRUint16 count;
-};
-
-struct error_stack_str {
- struct stack_header_str header;
- PRInt32 stack[1];
-};
-typedef struct error_stack_str error_stack;
-
-/*
- * error_stack_index
- *
- * Thread-private data must be indexed. This is that index.
- * See PR_NewThreadPrivateIndex for more information.
- */
-
-static PRUintn error_stack_index;
-
-/*
- * call_once
- *
- * The thread-private index must be obtained (once!) at runtime.
- * This block is used for that one-time call.
- */
-
-static PRCallOnceType error_call_once;
-
-/*
- * error_once_function
- *
- * This is the once-called callback.
- */
-
-static PRStatus
-error_once_function
-(
- void
-)
-{
- return nss_NewThreadPrivateIndex(&error_stack_index);
- /* return PR_NewThreadPrivateIndex(&error_stack_index, PR_Free); */
-}
-
-/*
- * error_get_my_stack
- *
- * This routine returns the calling thread's error stack, creating
- * it if necessary. It may return NULL upon error, which implicitly
- * means that it ran out of memory.
- */
-
-static error_stack *
-error_get_my_stack
-(
- void
-)
-{
- PRStatus st;
- error_stack *rv;
- PRUintn new_size;
- PRUint32 new_bytes;
- error_stack *new_stack;
-
- if( 0 == error_stack_index ) {
- st = PR_CallOnce(&error_call_once, error_once_function);
- if( PR_SUCCESS != st ) {
- return (error_stack *)NULL;
- }
- }
-
- rv = (error_stack *)nss_GetThreadPrivate(error_stack_index);
- if( (error_stack *)NULL == rv ) {
- /* Doesn't exist; create one */
- new_size = 16;
- } else {
- if( rv->header.count == rv->header.space ) {
- /* Too small, expand it */
- new_size = rv->header.space + 16;
- } else {
- /* Okay, return it */
- return rv;
- }
- }
-
- new_bytes = (new_size * sizeof(PRInt32)) +
- sizeof(struct stack_header_str);
- /* Use NSPR's calloc/realloc, not NSS's, to avoid loops! */
- if( (error_stack *)NULL == rv ) {
- new_stack = PR_Calloc(1, new_bytes);
- } else {
- new_stack = PR_Realloc(rv, new_bytes);
- }
-
- if( (error_stack *)NULL != new_stack ) {
- new_stack->header.space = new_size;
- }
-
- /* Set the value, whether or not the allocation worked */
- nss_SetThreadPrivate(error_stack_index, new_stack);
- return new_stack;
-}
-
-/*
- * The error stack
- *
- * The public methods relating to the error stack are:
- *
- * NSS_GetError
- * NSS_GetErrorStack
- *
- * The nonpublic methods relating to the error stack are:
- *
- * nss_SetError
- * nss_ClearErrorStack
- *
- */
-
-/*
- * NSS_GetError
- *
- * This routine returns the highest-level (most general) error set
- * by the most recent NSS library routine called by the same thread
- * calling this routine.
- *
- * This routine cannot fail. However, it may return zero, which
- * indicates that the previous NSS library call did not set an error.
- *
- * Return value:
- * 0 if no error has been set
- * A nonzero error number
- */
-
-NSS_IMPLEMENT PRInt32
-NSS_GetError
-(
- void
-)
-{
- error_stack *es = error_get_my_stack();
-
- if( (error_stack *)NULL == es ) {
- return NSS_ERROR_NO_MEMORY; /* Good guess! */
- }
-
- if( 0 == es->header.count ) {
- return 0;
- }
-
- return es->stack[ es->header.count-1 ];
-}
-
-/*
- * NSS_GetErrorStack
- *
- * This routine returns a pointer to an array of integers, containing
- * the entire sequence or "stack" of errors set by the most recent NSS
- * library routine called by the same thread calling this routine.
- * NOTE: the caller DOES NOT OWN the memory pointed to by the return
- * value. The pointer will remain valid until the calling thread
- * calls another NSS routine. The lowest-level (most specific) error
- * is first in the array, and the highest-level is last. The array is
- * zero-terminated. This routine may return NULL upon error; this
- * indicates a low-memory situation.
- *
- * Return value:
- * NULL upon error, which is an implied NSS_ERROR_NO_MEMORY
- * A NON-caller-owned pointer to an array of integers
- */
-
-NSS_IMPLEMENT PRInt32 *
-NSS_GetErrorStack
-(
- void
-)
-{
- error_stack *es = error_get_my_stack();
-
- if( (error_stack *)NULL == es ) {
- return (PRInt32 *)NULL;
- }
-
- /* Make sure it's terminated */
- es->stack[ es->header.count ] = 0;
-
- return es->stack;
-}
-
-/*
- * nss_SetError
- *
- * This routine places a new error code on the top of the calling
- * thread's error stack. Calling this routine wiht an error code
- * of zero will clear the error stack.
- */
-
-NSS_IMPLEMENT void
-nss_SetError
-(
- PRUint32 error
-)
-{
- error_stack *es;
-
- if( 0 == error ) {
- nss_ClearErrorStack();
- return;
- }
-
- es = error_get_my_stack();
- if( (error_stack *)NULL == es ) {
- /* Oh, well. */
- return;
- }
-
- es->stack[ es->header.count ] = error;
- es->header.count++;
- return;
-}
-
-/*
- * nss_ClearErrorStack
- *
- * This routine clears the calling thread's error stack.
- */
-
-NSS_IMPLEMENT void
-nss_ClearErrorStack
-(
- void
-)
-{
- error_stack *es = error_get_my_stack();
- if( (error_stack *)NULL == es ) {
- /* Oh, well. */
- return;
- }
-
- es->header.count = 0;
- es->stack[0] = 0;
- return;
-}
diff --git a/security/nss/lib/base/errorval.c b/security/nss/lib/base/errorval.c
deleted file mode 100644
index 5c8835726..000000000
--- a/security/nss/lib/base/errorval.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * errorval.c
- *
- * This file contains the actual error constants used in NSS.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-const NSSError NSS_ERROR_NO_ERROR = 0;
-const NSSError NSS_ERROR_INTERNAL_ERROR = 1;
-const NSSError NSS_ERROR_NO_MEMORY = 2;
-const NSSError NSS_ERROR_INVALID_POINTER = 3;
-const NSSError NSS_ERROR_INVALID_ARENA = 4;
-const NSSError NSS_ERROR_INVALID_ARENA_MARK = 5;
-const NSSError NSS_ERROR_DUPLICATE_POINTER = 6;
-const NSSError NSS_ERROR_POINTER_NOT_REGISTERED = 7;
-const NSSError NSS_ERROR_TRACKER_NOT_EMPTY = 8;
-const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED = 9;
-const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD = 10;
-const NSSError NSS_ERROR_VALUE_TOO_LARGE = 11;
-const NSSError NSS_ERROR_UNSUPPORTED_TYPE = 12;
-const NSSError NSS_ERROR_BUFFER_TOO_SHORT = 13;
-const NSSError NSS_ERROR_INVALID_ATOB_CONTEXT = 14;
-const NSSError NSS_ERROR_INVALID_BASE64 = 15;
-const NSSError NSS_ERROR_INVALID_BTOA_CONTEXT = 16;
-const NSSError NSS_ERROR_INVALID_ITEM = 17;
-const NSSError NSS_ERROR_INVALID_STRING = 18;
-const NSSError NSS_ERROR_INVALID_ASN1ENCODER = 19;
-const NSSError NSS_ERROR_INVALID_ASN1DECODER = 20;
-
-const NSSError NSS_ERROR_INVALID_BER = 21;
-const NSSError NSS_ERROR_INVALID_ATAV = 22;
-const NSSError NSS_ERROR_INVALID_ARGUMENT = 23;
-const NSSError NSS_ERROR_INVALID_UTF8 = 24;
-const NSSError NSS_ERROR_INVALID_NSSOID = 25;
-const NSSError NSS_ERROR_UNKNOWN_ATTRIBUTE = 26;
-
-const NSSError NSS_ERROR_NOT_FOUND = 27;
diff --git a/security/nss/lib/base/hashops.c b/security/nss/lib/base/hashops.c
deleted file mode 100644
index bd2de9a9c..000000000
--- a/security/nss/lib/base/hashops.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * hashops.c
- *
- * This file includes a set of PLHashAllocOps that use NSSArenas.
- */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-static PR_CALLBACK void *
-nss_arena_hash_alloc_table
-(
- void *pool,
- PRSize size
-)
-{
- NSSArena *arena = (NSSArena *)pool;
-
-#ifdef NSSDEBUG
- if( (void *)NULL != arena ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return (void *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- return nss_ZAlloc(arena, size);
-}
-
-static PR_CALLBACK void
-nss_arena_hash_free_table
-(
- void *pool,
- void *item
-)
-{
- (void)nss_ZFreeIf(item);
-}
-
-static PR_CALLBACK PLHashEntry *
-nss_arena_hash_alloc_entry
-(
- void *pool,
- const void *key
-)
-{
- NSSArena *arena = (NSSArena *)pool;
-
-#ifdef NSSDEBUG
- if( (void *)NULL != arena ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return (void *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- return nss_ZNEW(arena, PLHashEntry);
-}
-
-static PR_CALLBACK void
-nss_arena_hash_free_entry
-(
- void *pool,
- PLHashEntry *he,
- PRUintn flag
-)
-{
- if( HT_FREE_ENTRY == flag ) {
- (void)nss_ZFreeIf(he);
- }
-}
-
-NSS_IMPLEMENT_DATA PLHashAllocOps
-nssArenaHashAllocOps = {
- nss_arena_hash_alloc_table,
- nss_arena_hash_free_table,
- nss_arena_hash_alloc_entry,
- nss_arena_hash_free_entry
-};
diff --git a/security/nss/lib/base/item.c b/security/nss/lib/base/item.c
deleted file mode 100644
index 073e437d3..000000000
--- a/security/nss/lib/base/item.c
+++ /dev/null
@@ -1,228 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * item.c
- *
- * This contains some item-manipulation code.
- */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-/*
- * nssItem_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * A pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSItem *
-nssItem_Create
-(
- NSSArena *arenaOpt,
- NSSItem *rvOpt,
- PRUint32 length,
- const void *data
-)
-{
- NSSItem *rv = (NSSItem *)NULL;
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSItem *)NULL;
- }
- }
-
- if( (const void *)NULL == data ) {
- if( length > 0 ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSItem *)NULL;
- }
- }
-#endif /* DEBUG */
-
- if( (NSSItem *)NULL == rvOpt ) {
- rv = (NSSItem *)nss_ZNEW(arenaOpt, NSSItem);
- if( (NSSItem *)NULL == rv ) {
- goto loser;
- }
- } else {
- rv = rvOpt;
- }
-
- rv->size = length;
- rv->data = nss_ZAlloc(arenaOpt, length);
- if( (void *)NULL == rv->data ) {
- goto loser;
- }
-
- if( length > 0 ) {
- (void)nsslibc_memcpy(rv->data, data, length);
- }
-
- return rv;
-
- loser:
- if( rv != rvOpt ) {
- nss_ZFreeIf(rv);
- }
-
- return (NSSItem *)NULL;
-}
-
-/*
- * nssItem_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSItem *
-nssItem_Duplicate
-(
- NSSItem *obj,
- NSSArena *arenaOpt,
- NSSItem *rvOpt
-)
-{
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSItem *)NULL;
- }
- }
-
- if( (NSSItem *)NULL == obj ) {
- nss_SetError(NSS_ERROR_INVALID_ITEM);
- return (NSSItem *)NULL;
- }
-#endif /* DEBUG */
-
- return nssItem_Create(arenaOpt, rvOpt, obj->size, obj->data);
-}
-
-#ifdef DEBUG
-/*
- * nssItem_verifyPointer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssItem_verifyPointer
-(
- const NSSItem *item
-)
-{
- if( ((const NSSItem *)NULL == item) ||
- (((void *)NULL == item->data) && (item->size > 0)) ) {
- nss_SetError(NSS_ERROR_INVALID_ITEM);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-#endif /* DEBUG */
-
-/*
- * nssItem_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_TRUE if the items are identical
- * PR_FALSE if they aren't
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-nssItem_Equal
-(
- const NSSItem *one,
- const NSSItem *two,
- PRStatus *statusOpt
-)
-{
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- if( ((const NSSItem *)NULL == one) && ((const NSSItem *)NULL == two) ) {
- return PR_TRUE;
- }
-
- if( ((const NSSItem *)NULL == one) || ((const NSSItem *)NULL == two) ) {
- return PR_FALSE;
- }
-
- if( one->size != two->size ) {
- return PR_FALSE;
- }
-
- return nsslibc_memequal(one->data, two->data, one->size, statusOpt);
-}
diff --git a/security/nss/lib/base/libc.c b/security/nss/lib/base/libc.c
deleted file mode 100644
index 68ab9d920..000000000
--- a/security/nss/lib/base/libc.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * libc.c
- *
- * This file contains our wrappers/reimplementations for "standard"
- * libc functions. Things like "memcpy." We add to this as we need
- * it. Oh, and let's keep it in alphabetical order, should it ever
- * get large. Most string/character stuff should be in utf8.c, not
- * here. This file (and maybe utf8.c) should be the only ones in
- * NSS to include files with angle brackets.
- */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-#include <string.h> /* memcpy, memset */
-
-/*
- * nsslibc_memcpy
- * nsslibc_memset
- * nsslibc_offsetof
- * nsslibc_memequal
- */
-
-/*
- * nsslibc_memcpy
- *
- * Errors:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * NULL on error
- * The destination pointer on success
- */
-
-NSS_IMPLEMENT void *
-nsslibc_memcpy
-(
- void *dest,
- const void *source,
- PRUint32 n
-)
-{
-#ifdef NSSDEBUG
- if( ((void *)NULL == dest) || ((const void *)NULL == source) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return memcpy(dest, source, (size_t)n);
-}
-
-/*
- * nsslibc_memset
- *
- * Errors:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * NULL on error
- * The destination pointer on success
- */
-
-NSS_IMPLEMENT void *
-nsslibc_memset
-(
- void *dest,
- PRUint8 byte,
- PRUint32 n
-)
-{
-#ifdef NSSDEBUG
- if( ((void *)NULL == dest) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return memset(dest, (int)byte, (size_t)n);
-}
-
-/*
- * nsslibc_memequal
- *
- * Errors:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_TRUE if they match
- * PR_FALSE if they don't
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-nsslibc_memequal
-(
- const void *a,
- const void *b,
- PRUint32 len,
- PRStatus *statusOpt
-)
-{
-#ifdef NSSDEBUG
- if( (((void *)NULL == a) || ((void *)NULL == b)) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- if( 0 == memcmp(a, b, len) ) {
- return PR_TRUE;
- } else {
- return PR_FALSE;
- }
-}
-
-/*
- * nsslibc_memcmp
- */
-
-NSS_IMPLEMENT PRInt32
-nsslibc_memcmp
-(
- const void *a,
- const void *b,
- PRUint32 len,
- PRStatus *statusOpt
-)
-{
- int v;
-
-#ifdef NSSDEBUG
- if( (((void *)NULL == a) || ((void *)NULL == b)) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return -2;
- }
-#endif /* NSSDEBUG */
-
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- v = memcmp(a, b, len);
- return (PRInt32)v;
-}
-
-/*
- * offsetof is a preprocessor definition
- */
diff --git a/security/nss/lib/base/manifest.mn b/security/nss/lib/base/manifest.mn
deleted file mode 100644
index 89e64f938..000000000
--- a/security/nss/lib/base/manifest.mn
+++ /dev/null
@@ -1,62 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-CORE_DEPTH = ../../..
-
-PRIVATE_EXPORTS = \
- baset.h \
- base.h \
- $(NULL)
-
-EXPORTS = \
- nssbaset.h \
- nssbase.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- arena.c \
- error.c \
- errorval.c \
- hashops.c \
- libc.c \
- tracker.c \
- utf8.c \
- whatnspr.c \
- $(NULL)
-
-REQUIRES = security nspr
-
-LIBRARY_NAME = nssb
diff --git a/security/nss/lib/base/nssbase.h b/security/nss/lib/base/nssbase.h
deleted file mode 100644
index 3960a7810..000000000
--- a/security/nss/lib/base/nssbase.h
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSBASE_H
-#define NSSBASE_H
-
-#ifdef DEBUG
-static const char NSSBASE_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nssbase.h
- *
- * This header file contains the prototypes of the basic public
- * NSS routines.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * NSSArena
- *
- * The public methods relating to this type are:
- *
- * NSSArena_Create -- constructor
- * NSSArena_Destroy
- */
-
-/*
- * NSSArena_Create
- *
- * This routine creates a new memory arena. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The top-level error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSArena upon success
- */
-
-NSS_EXTERN NSSArena *
-NSSArena_Create
-(
- void
-);
-
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSArena_Destroy
- *
- * This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The top-level error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSArena_Destroy
-(
- NSSArena *arena
-);
-
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-
-/*
- * The error stack
- *
- * The public methods relating to the error stack are:
- *
- * NSS_GetError
- * NSS_GetErrorStack
- */
-
-/*
- * NSS_GetError
- *
- * This routine returns the highest-level (most general) error set
- * by the most recent NSS library routine called by the same thread
- * calling this routine.
- *
- * This routine cannot fail. It may return NSS_ERROR_NO_ERROR, which
- * indicates that the previous NSS library call did not set an error.
- *
- * Return value:
- * 0 if no error has been set
- * A nonzero error number
- */
-
-NSS_EXTERN NSSError
-NSS_GetError
-(
- void
-);
-
-extern const NSSError NSS_ERROR_NO_ERROR;
-
-/*
- * NSS_GetErrorStack
- *
- * This routine returns a pointer to an array of NSSError values,
- * containingthe entire sequence or "stack" of errors set by the most
- * recent NSS library routine called by the same thread calling this
- * routine. NOTE: the caller DOES NOT OWN the memory pointed to by
- * the return value. The pointer will remain valid until the calling
- * thread calls another NSS routine. The lowest-level (most specific)
- * error is first in the array, and the highest-level is last. The
- * array is zero-terminated. This routine may return NULL upon error;
- * this indicates a low-memory situation.
- *
- * Return value:
- * NULL upon error, which is an implied NSS_ERROR_NO_MEMORY
- * A NON-caller-owned pointer to an array of NSSError values
- */
-
-NSS_EXTERN NSSError *
-NSS_GetErrorStack
-(
- void
-);
-
-PR_END_EXTERN_C
-
-#endif /* NSSBASE_H */
diff --git a/security/nss/lib/base/nssbaset.h b/security/nss/lib/base/nssbaset.h
deleted file mode 100644
index 70b269c96..000000000
--- a/security/nss/lib/base/nssbaset.h
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSBASET_H
-#define NSSBASET_H
-
-#ifdef DEBUG
-static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nssbaset.h
- *
- * This file contains the most low-level, fundamental public types.
- */
-
-#include "nspr.h"
-
-/*
- * NSS_EXTERN, NSS_IMPLEMENT, NSS_EXTERN_DATA, NSS_IMPLEMENT_DATA
- *
- * NSS has its own versions of these NSPR macros, in a form which
- * does not confuse ctags and other related utilities. NSPR
- * defines these macros to take the type as an argument, because
- * of a requirement to support win16 dlls. We do not have that
- * requirement, so we can drop that restriction.
- */
-
-#define NSS_EXTERN PR_EXTERN(/* */)
-#define NSS_IMPLEMENT PR_IMPLEMENT(/* */)
-#define NSS_EXTERN_DATA PR_EXTERN_DATA(/* */)
-#define NSS_IMPLEMENT_DATA PR_IMPLEMENT_DATA(/* */)
-
-PR_BEGIN_EXTERN_C
-
-/*
- * NSSError
- *
- * Calls to NSS routines may result in one or more errors being placed
- * on the calling thread's "error stack." Every possible error that
- * may be returned from a function is declared where the function is
- * prototyped. All errors are of the following type.
- */
-
-typedef PRInt32 NSSError;
-
-/*
- * NSSArena
- *
- * Arenas are logical sets of heap memory, from which memory may be
- * allocated. When an arena is destroyed, all memory allocated within
- * that arena is implicitly freed. These arenas are thread-safe:
- * an arena pointer may be used by multiple threads simultaneously.
- * However, as they are not backed by shared memory, they may only be
- * used within one process.
- */
-
-struct NSSArenaStr;
-typedef struct NSSArenaStr NSSArena;
-
-/*
- * NSSItem
- *
- * This is the basic type used to refer to an unconstrained datum of
- * arbitrary size.
- */
-
-struct NSSItemStr {
- void *data;
- PRUint32 size;
-};
-typedef struct NSSItemStr NSSItem;
-
-
-/*
- * NSSBER
- *
- * Data packed according to the Basic Encoding Rules of ASN.1.
- */
-
-typedef NSSItem NSSBER;
-
-/*
- * NSSDER
- *
- * Data packed according to the Distinguished Encoding Rules of ASN.1;
- * this form is also known as the Canonical Encoding Rules form (CER).
- */
-
-typedef NSSBER NSSDER;
-
-/*
- * NSSBitString
- *
- * Some ASN.1 types use "bit strings," which are passed around as
- * octet strings but whose length is counted in bits. We use this
- * typedef of NSSItem to point out the occasions when the length
- * is counted in bits, not octets.
- */
-
-typedef NSSItem NSSBitString;
-
-/*
- * NSSUTF8
- *
- * Character strings encoded in UTF-8, as defined by RFC 2279.
- */
-
-typedef PRUint8 NSSUTF8;
-
-/*
- * NSSASCII7
- *
- * Character strings guaranteed to be 7-bit ASCII.
- */
-
-typedef PRUint8 NSSASCII7;
-
-PR_END_EXTERN_C
-
-#endif /* NSSBASET_H */
diff --git a/security/nss/lib/base/tracker.c b/security/nss/lib/base/tracker.c
deleted file mode 100644
index 00d499354..000000000
--- a/security/nss/lib/base/tracker.c
+++ /dev/null
@@ -1,544 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * tracker.c
- *
- * This file contains the code used by the pointer-tracking calls used
- * in the debug builds to catch bad pointers. The entire contents are
- * only available in debug builds (both internal and external builds).
- */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-#ifdef DEBUG
-
-/*
- * call_once
- *
- * Unfortunately, NSPR's PR_CallOnce function doesn't accept a closure
- * variable. So I have a static version here which does. This code
- * is based on NSPR's, and uses the NSPR function to initialize the
- * required lock.
- */
-
-/*
- * The is the "once block" that's passed to the "real" PR_CallOnce
- * function, to call the local initializer myOnceFunction once.
- */
-static PRCallOnceType myCallOnce;
-
-/*
- * This structure is used by the call_once function to make sure that
- * any "other" threads calling the call_once don't return too quickly,
- * before the initializer has finished.
- */
-static struct {
- PRLock *ml;
- PRCondVar *cv;
-} mod_init;
-
-/*
- * This is the initializer for the above mod_init structure.
- */
-static PRStatus
-myOnceFunction
-(
- void
-)
-{
- mod_init.ml = PR_NewLock();
- if( (PRLock *)NULL == mod_init.ml ) {
- return PR_FAILURE;
- }
-
- mod_init.cv = PR_NewCondVar(mod_init.ml);
- if( (PRCondVar *)NULL == mod_init.cv ) {
- PR_DestroyLock(mod_init.ml);
- mod_init.ml = (PRLock *)NULL;
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-/*
- * The nss call_once callback takes a closure argument.
- */
-typedef PRStatus (PR_CALLBACK *nssCallOnceFN)(void *arg);
-
-/*
- * NSS's call_once function.
- */
-static PRStatus
-call_once
-(
- PRCallOnceType *once,
- nssCallOnceFN func,
- void *arg
-)
-{
- PRStatus rv;
-
- if( !myCallOnce.initialized ) {
- rv = PR_CallOnce(&myCallOnce, myOnceFunction);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
- }
-
- if( !once->initialized ) {
- if( 0 == PR_AtomicSet(&once->inProgress, 1) ) {
- once->status = (*func)(arg);
- PR_Lock(mod_init.ml);
- once->initialized = 1;
- PR_NotifyAllCondVar(mod_init.cv);
- PR_Unlock(mod_init.ml);
- } else {
- PR_Lock(mod_init.ml);
- while( !once->initialized ) {
- PR_WaitCondVar(mod_init.cv, PR_INTERVAL_NO_TIMEOUT);
- }
- PR_Unlock(mod_init.ml);
- }
- }
-
- return once->status;
-}
-
-/*
- * Now we actually get to my own "call once" payload function.
- * But wait, to create the hash, I need a hash function!
- */
-
-/*
- * identity_hash
- *
- * This static callback is a PLHashFunction as defined in plhash.h
- * It merely returns the value of the object pointer as its hash.
- * There are no possible errors.
- */
-
-static PR_CALLBACK PLHashNumber
-identity_hash
-(
- const void *key
-)
-{
- return (PLHashNumber)key;
-}
-
-/*
- * trackerOnceFunc
- *
- * This function is called once, using the nssCallOnce function above.
- * It creates a new pointer tracker object; initialising its hash
- * table and protective lock.
- */
-
-static PRStatus
-trackerOnceFunc
-(
- void *arg
-)
-{
- nssPointerTracker *tracker = (nssPointerTracker *)arg;
-
- tracker->lock = PR_NewLock();
- if( (PRLock *)NULL == tracker->lock ) {
- return PR_FAILURE;
- }
-
- tracker->table = PL_NewHashTable(0,
- identity_hash,
- PL_CompareValues,
- PL_CompareValues,
- (PLHashAllocOps *)NULL,
- (void *)NULL);
- if( (PLHashTable *)NULL == tracker->table ) {
- PR_DestroyLock(tracker->lock);
- tracker->lock = (PRLock *)NULL;
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-/*
- * nssPointerTracker_initialize
- *
- * This method is only present in debug builds.
- *
- * This routine initializes an nssPointerTracker object. Note that
- * the object must have been declared *static* to guarantee that it
- * is in a zeroed state initially. This routine is idempotent, and
- * may even be safely called by multiple threads simultaneously with
- * the same argument. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. On failure it will set an
- * error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_IMPLEMENT PRStatus
-nssPointerTracker_initialize
-(
- nssPointerTracker *tracker
-)
-{
- PRStatus rv = call_once(&tracker->once, trackerOnceFunc, tracker);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- }
-
- return rv;
-}
-
-#ifdef DONT_DESTROY_EMPTY_TABLES
-/* See same #ifdef below */
-/*
- * count_entries
- *
- * This static routine is a PLHashEnumerator, as defined in plhash.h.
- * It merely causes the enumeration function to count the number of
- * entries.
- */
-
-static PR_CALLBACK PRIntn
-count_entries
-(
- PLHashEntry *he,
- PRIntn index,
- void *arg
-)
-{
- return HT_ENUMERATE_NEXT;
-}
-#endif /* DONT_DESTROY_EMPTY_TABLES */
-
-/*
- * zero_once
- *
- * This is a guaranteed zeroed once block. It's used to help clear
- * the tracker.
- */
-
-static const PRCallOnceType zero_once;
-
-/*
- * nssPointerTracker_finalize
- *
- * This method is only present in debug builds.
- *
- * This routine returns the nssPointerTracker object to the pre-
- * initialized state, releasing all resources used by the object.
- * It will *NOT* destroy the objects being tracked by the pointer
- * (should any remain), and therefore cannot be used to "sweep up"
- * remaining objects. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCES. On failure it will set an
- * error on the error stack and return PR_FAILURE. If any objects
- * remain in the tracker when it is finalized, that will be treated
- * as an error.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_TRACKER_NOT_INITIALIZED
- * NSS_ERROR_TRACKER_NOT_EMPTY
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_IMPLEMENT PRStatus
-nssPointerTracker_finalize
-(
- nssPointerTracker *tracker
-)
-{
- PRLock *lock;
- PRIntn count;
-
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-
- if( (PRLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
-
- lock = tracker->lock;
- PR_Lock(lock);
-
- if( (PLHashTable *)NULL == tracker->table ) {
- PR_Unlock(lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
-
-#ifdef DONT_DESTROY_EMPTY_TABLES
- /*
- * I changed my mind; I think we don't want this after all.
- * Comments?
- */
- count = PL_HashTableEnumerateEntries(tracker->table,
- count_entries,
- (void *)NULL);
-
- if( 0 != count ) {
- PR_Unlock(lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_EMPTY);
- return PR_FAILURE;
- }
-#endif /* DONT_DESTROY_EMPTY_TABLES */
-
- PL_HashTableDestroy(tracker->table);
- /* memset(tracker, 0, sizeof(nssPointerTracker)); */
- tracker->once = zero_once;
- tracker->lock = (PRLock *)NULL;
- tracker->table = (PLHashTable *)NULL;
-
- PR_Unlock(lock);
- PR_DestroyLock(lock);
-
- return PR_SUCCESS;
-}
-
-/*
- * nssPointerTracker_add
- *
- * This method is only present in debug builds.
- *
- * This routine adds the specified pointer to the nssPointerTracker
- * object. It should be called in constructor objects to register
- * new valid objects. The nssPointerTracker is threadsafe, but this
- * call is not idempotent. This routine returns a PRStatus value;
- * if successful it will return PR_SUCCESS. On failure it will set
- * an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_TRACKER_NOT_INITIALIZED
- * NSS_ERROR_DUPLICATE_POINTER
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_IMPLEMENT PRStatus
-nssPointerTracker_add
-(
- nssPointerTracker *tracker,
- const void *pointer
-)
-{
- void *check;
- PLHashEntry *entry;
-
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-
- if( (PRLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
-
- PR_Lock(tracker->lock);
-
- if( (PLHashTable *)NULL == tracker->table ) {
- PR_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
-
- check = PL_HashTableLookup(tracker->table, pointer);
- if( (void *)NULL != check ) {
- PR_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_DUPLICATE_POINTER);
- return PR_FAILURE;
- }
-
- entry = PL_HashTableAdd(tracker->table, pointer, (void *)pointer);
-
- PR_Unlock(tracker->lock);
-
- if( (PLHashEntry *)NULL == entry ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-/*
- * nssPointerTracker_remove
- *
- * This method is only present in debug builds.
- *
- * This routine removes the specified pointer from the
- * nssPointerTracker object. It does not call any destructor for the
- * object; rather, this should be called from the object's destructor.
- * The nssPointerTracker is threadsafe, but this call is not
- * idempotent. This routine returns a PRStatus value; if successful
- * it will return PR_SUCCESS. On failure it will set an error on the
- * error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_TRACKER_NOT_INITIALIZED
- * NSS_ERROR_POINTER_NOT_REGISTERED
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILURE
- */
-
-NSS_IMPLEMENT PRStatus
-nssPointerTracker_remove
-(
- nssPointerTracker *tracker,
- const void *pointer
-)
-{
- PRBool registered;
-
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-
- if( (PRLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
-
- PR_Lock(tracker->lock);
-
- if( (PLHashTable *)NULL == tracker->table ) {
- PR_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
-
- registered = PL_HashTableRemove(tracker->table, pointer);
- PR_Unlock(tracker->lock);
-
- if( !registered ) {
- nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-/*
- * nssPointerTracker_verify
- *
- * This method is only present in debug builds.
- *
- * This routine verifies that the specified pointer has been registered
- * with the nssPointerTracker object. The nssPointerTracker object is
- * threadsafe, and this call may be safely called from multiple threads
- * simultaneously with the same arguments. This routine returns a
- * PRStatus value; if the pointer is registered this will return
- * PR_SUCCESS. Otherwise it will set an error on the error stack and
- * return PR_FAILURE. Although the error is suitable for leaving on
- * the stack, callers may wish to augment the information available by
- * placing a more type-specific error on the stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_TRACKER_NOT_INITIALIZED
- * NSS_ERROR_POINTER_NOT_REGISTERED
- *
- * Return value:
- * PR_SUCCESS
- * PR_FAILRUE
- */
-
-NSS_IMPLEMENT PRStatus
-nssPointerTracker_verify
-(
- nssPointerTracker *tracker,
- const void *pointer
-)
-{
- void *check;
-
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-
- if( (PRLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
-
- PR_Lock(tracker->lock);
-
- if( (PLHashTable *)NULL == tracker->table ) {
- PR_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
-
- check = PL_HashTableLookup(tracker->table, pointer);
- PR_Unlock(tracker->lock);
-
- if( (void *)NULL == check ) {
- nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-#endif /* DEBUG */
diff --git a/security/nss/lib/base/utf8.c b/security/nss/lib/base/utf8.c
deleted file mode 100644
index 12b3d5d46..000000000
--- a/security/nss/lib/base/utf8.c
+++ /dev/null
@@ -1,759 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * utf8.c
- *
- * This file contains some additional utility routines required for
- * handling UTF8 strings.
- */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-#include "plstr.h"
-
-/*
- * NOTES:
- *
- * There's an "is hex string" function in pki1/atav.c. If we need
- * it in more places, pull that one out.
- */
-
-/*
- * nssUTF8_CaseIgnoreMatch
- *
- * Returns true if the two UTF8-encoded strings pointed to by the
- * two specified NSSUTF8 pointers differ only in typcase.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_TRUE if the strings match, ignoring case
- * PR_FALSE if they don't
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-nssUTF8_CaseIgnoreMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-)
-{
-#ifdef NSSDEBUG
- if( ((const NSSUTF8 *)NULL == a) ||
- ((const NSSUTF8 *)NULL == b) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- /*
- * XXX fgmr
- *
- * This is, like, so wrong!
- */
- if( 0 == PL_strcasecmp((const char *)a, (const char *)b) ) {
- return PR_TRUE;
- } else {
- return PR_FALSE;
- }
-}
-
-/*
- * nssUTF8_PrintableMatch
- *
- * Returns true if the two Printable strings pointed to by the
- * two specified NSSUTF8 pointers match when compared with the
- * rules for Printable String (leading and trailing spaces are
- * disregarded, extents of whitespace match irregardless of length,
- * and case is not significant), then PR_TRUE will be returned.
- * Otherwise, PR_FALSE will be returned. Upon failure, PR_FALSE
- * will be returned. If the optional statusOpt argument is not
- * NULL, then PR_SUCCESS or PR_FAILURE will be stored in that
- * location.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_TRUE if the strings match, ignoring case
- * PR_FALSE if they don't
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-nssUTF8_PrintableMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-)
-{
- PRUint8 *c;
- PRUint8 *d;
-
-#ifdef NSSDEBUG
- if( ((const NSSUTF8 *)NULL == a) ||
- ((const NSSUTF8 *)NULL == b) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- c = (PRUint8 *)a;
- d = (PRUint8 *)b;
-
- while( ' ' == *c ) {
- c++;
- }
-
- while( ' ' == *d ) {
- d++;
- }
-
- while( ('\0' != *c) && ('\0' != *d) ) {
- PRUint8 e, f;
-
- e = *c;
- f = *d;
-
- if( ('a' <= e) && (e <= 'z') ) {
- e -= ('a' - 'A');
- }
-
- if( ('a' <= f) && (f <= 'z') ) {
- f -= ('a' - 'A');
- }
-
- if( e != f ) {
- return PR_FALSE;
- }
-
- c++;
- d++;
-
- if( ' ' == *c ) {
- while( ' ' == *c ) {
- c++;
- }
- c--;
- }
-
- if( ' ' == *d ) {
- while( ' ' == *d ) {
- d++;
- }
- d--;
- }
- }
-
- while( ' ' == *c ) {
- c++;
- }
-
- while( ' ' == *d ) {
- d++;
- }
-
- if( *c == *d ) {
- /* And both '\0', btw */
- return PR_TRUE;
- } else {
- return PR_FALSE;
- }
-}
-
-/*
- * nssUTF8_Duplicate
- *
- * This routine duplicates the UTF8-encoded string pointed to by the
- * specified NSSUTF8 pointer. If the optional arenaOpt argument is
- * not null, the memory required will be obtained from that arena;
- * otherwise, the memory required will be obtained from the heap.
- * A pointer to the new string will be returned. In case of error,
- * an error will be placed on the error stack and NULL will be
- * returned.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssUTF8_Duplicate
-(
- const NSSUTF8 *s,
- NSSArena *arenaOpt
-)
-{
- NSSUTF8 *rv;
- PRUint32 len;
-
-#ifdef NSSDEBUG
- if( (const NSSUTF8 *)NULL == s ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- len = PL_strlen((const char *)s);
-#ifdef PEDANTIC
- if( '\0' != ((const char *)s)[ len ] ) {
- /* must have wrapped, e.g., too big for PRUint32 */
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-#endif /* PEDANTIC */
- len++; /* zero termination */
-
- rv = nss_ZAlloc(arenaOpt, len);
- if( (void *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
-
- (void)nsslibc_memcpy(rv, s, len);
- return rv;
-}
-
-/*
- * nssUTF8_Size
- *
- * This routine returns the length in bytes (including the terminating
- * null) of the UTF8-encoded string pointed to by the specified
- * NSSUTF8 pointer. Zero is returned on error.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_VALUE_TOO_LARGE
- *
- * Return value:
- * 0 on error
- * nonzero length of the string.
- */
-
-NSS_IMPLEMENT PRUint32
-nssUTF8_Size
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-)
-{
- PRUint32 sv;
-
-#ifdef NSSDEBUG
- if( (const NSSUTF8 *)NULL == s ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return 0;
- }
-#endif /* NSSDEBUG */
-
- sv = PL_strlen((const char *)s) + 1;
-#ifdef PEDANTIC
- if( '\0' != ((const char *)s)[ sv-1 ] ) {
- /* wrapped */
- nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return 0;
- }
-#endif /* PEDANTIC */
-
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- return sv;
-}
-
-/*
- * nssUTF8_Length
- *
- * This routine returns the length in characters (not including the
- * terminating null) of the UTF8-encoded string pointed to by the
- * specified NSSUTF8 pointer.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_VALUE_TOO_LARGE
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * length of the string (which may be zero)
- * 0 on error
- */
-
-NSS_IMPLEMENT PRUint32
-nssUTF8_Length
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-)
-{
- PRUint32 l = 0;
- const PRUint8 *c = (const PRUint8 *)s;
-
-#ifdef NSSDEBUG
- if( (const NSSUTF8 *)NULL == s ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- goto loser;
- }
-#endif /* NSSDEBUG */
-
- /*
- * From RFC 2044:
- *
- * UCS-4 range (hex.) UTF-8 octet sequence (binary)
- * 0000 0000-0000 007F 0xxxxxxx
- * 0000 0080-0000 07FF 110xxxxx 10xxxxxx
- * 0000 0800-0000 FFFF 1110xxxx 10xxxxxx 10xxxxxx
- * 0001 0000-001F FFFF 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
- * 0020 0000-03FF FFFF 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
- * 0400 0000-7FFF FFFF 1111110x 10xxxxxx ... 10xxxxxx
- */
-
- while( 0 != *c ) {
- PRUint32 incr;
- if( (*c & 0x80) == 0 ) {
- incr = 1;
- } else if( (*c & 0xE0) == 0xC0 ) {
- incr = 2;
- } else if( (*c & 0xF0) == 0xE0 ) {
- incr = 3;
- } else if( (*c & 0xF8) == 0xF0 ) {
- incr = 4;
- } else if( (*c & 0xFC) == 0xF8 ) {
- incr = 5;
- } else if( (*c & 0xFE) == 0xFC ) {
- incr = 6;
- } else {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- goto loser;
- }
-
- l += incr;
-
-#ifdef PEDANTIC
- if( l < incr ) {
- /* Wrapped-- too big */
- nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
- goto loser;
- }
-
- {
- PRUint8 *d;
- for( d = &c[1]; d < &c[incr]; d++ ) {
- if( (*d & 0xC0) != 0xF0 ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- goto loser;
- }
- }
- }
-#endif /* PEDANTIC */
-
- c += incr;
- }
-
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- return l;
-
- loser:
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return 0;
-}
-
-
-/*
- * nssUTF8_Create
- *
- * This routine creates a UTF8 string from a string in some other
- * format. Some types of string may include embedded null characters,
- * so for them the length parameter must be used. For string types
- * that are null-terminated, the length parameter is optional; if it
- * is zero, it will be ignored. If the optional arena argument is
- * non-null, the memory used for the new string will be obtained from
- * that arena, otherwise it will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * placed an error on the error stack.
- *
- * The error may be one of the following:
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_UNSUPPORTED_TYPE
- *
- * Return value:
- * NULL upon error
- * A non-null pointer to a new UTF8 string otherwise
- */
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR; /* XXX fgmr */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssUTF8_Create
-(
- NSSArena *arenaOpt,
- nssStringType type,
- const void *inputString,
- PRUint32 size /* in bytes, not characters */
-)
-{
- NSSUTF8 *rv = NULL;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-
- if( (const void *)NULL == inputString ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSUTF8 *)NULL;
- }
-#endif /* NSSDEBUG */
-
- switch( type ) {
- case nssStringType_DirectoryString:
- /* This is a composite type requiring BER */
- nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
- break;
- case nssStringType_TeletexString:
- /*
- * draft-ietf-pkix-ipki-part1-11 says in part:
- *
- * In addition, many legacy implementations support names encoded
- * in the ISO 8859-1 character set (Latin1String) but tag them as
- * TeletexString. The Latin1String includes characters used in
- * Western European countries which are not part of the
- * TeletexString charcter set. Implementations that process
- * TeletexString SHOULD be prepared to handle the entire ISO
- * 8859-1 character set.[ISO 8859-1].
- */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_PrintableString:
- /*
- * PrintableString consists of A-Za-z0-9 ,()+,-./:=?
- * This is a subset of ASCII, which is a subset of UTF8.
- * So we can just duplicate the string over.
- */
-
- if( 0 == size ) {
- rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
- } else {
- rv = nss_ZAlloc(arenaOpt, size+1);
- if( (NSSUTF8 *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
-
- (void)nsslibc_memcpy(rv, inputString, size);
- }
-
- break;
- case nssStringType_UniversalString:
- /* 4-byte unicode */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_BMPString:
- /* Base Multilingual Plane of Unicode */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_UTF8String:
- if( 0 == size ) {
- rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
- } else {
- rv = nss_ZAlloc(arenaOpt, size+1);
- if( (NSSUTF8 *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
-
- (void)nsslibc_memcpy(rv, inputString, size);
- }
-
- break;
- case nssStringType_PHGString:
- /*
- * PHGString is an IA5String (with case-insensitive comparisons).
- * IA5 is ~almost~ ascii; ascii has dollar-sign where IA5 has
- * currency symbol.
- */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_GeneralString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
- break;
- }
-
- return rv;
-}
-
-NSS_IMPLEMENT NSSItem *
-nssUTF8_GetEncoding
-(
- NSSArena *arenaOpt,
- NSSItem *rvOpt,
- nssStringType type,
- NSSUTF8 *string
-)
-{
- NSSItem *rv = (NSSItem *)NULL;
- PRStatus status = PR_SUCCESS;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSItem *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSItem *)NULL;
- }
-#endif /* NSSDEBUG */
-
- switch( type ) {
- case nssStringType_DirectoryString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_TeletexString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_PrintableString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_UniversalString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_BMPString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_UTF8String:
- {
- NSSUTF8 *dup = nssUTF8_Duplicate(string, arenaOpt);
- if( (NSSUTF8 *)NULL == dup ) {
- return (NSSItem *)NULL;
- }
-
- if( (NSSItem *)NULL == rvOpt ) {
- rv = nss_ZNEW(arenaOpt, NSSItem);
- if( (NSSItem *)NULL == rv ) {
- (void)nss_ZFreeIf(dup);
- return (NSSItem *)NULL;
- }
- } else {
- rv = rvOpt;
- }
-
- rv->data = dup;
- dup = (NSSUTF8 *)NULL;
- rv->size = nssUTF8_Size(rv->data, &status);
- if( (0 == rv->size) && (PR_SUCCESS != status) ) {
- if( (NSSItem *)NULL == rvOpt ) {
- (void)nss_ZFreeIf(rv);
- }
- return (NSSItem *)NULL;
- }
- }
- break;
- case nssStringType_PHGString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
- break;
- }
-
- return rv;
-}
-
-/*
- * nssUTF8_CopyIntoFixedBuffer
- *
- * This will copy a UTF8 string into a fixed-length buffer, making
- * sure that the all characters are valid. Any remaining space will
- * be padded with the specified ASCII character, typically either
- * null or space.
- *
- * Blah, blah, blah.
- */
-
-NSS_IMPLEMENT PRStatus
-nssUTF8_CopyIntoFixedBuffer
-(
- NSSUTF8 *string,
- char *buffer,
- PRUint32 bufferSize,
- char pad
-)
-{
- PRUint32 stringSize = 0;
-
-#ifdef NSSDEBUG
- if( (char *)NULL == buffer ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FALSE;
- }
-
- if( 0 == bufferSize ) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FALSE;
- }
-
- if( (pad & 0x80) != 0x00 ) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSUTF8 *)NULL == string ) {
- string = (unsigned char*) "";
- }
-
- stringSize = nssUTF8_Size(string, (PRStatus *)NULL);
- stringSize--; /* don't count the trailing null */
- if( stringSize > bufferSize ) {
- PRUint32 bs = bufferSize;
- (void)nsslibc_memcpy(buffer, string, bufferSize);
-
- if( ( ((buffer[ bs-1 ] & 0x80) == 0x00)) ||
- ((bs > 1) && ((buffer[ bs-2 ] & 0xE0) == 0xC0)) ||
- ((bs > 2) && ((buffer[ bs-3 ] & 0xF0) == 0xE0)) ||
- ((bs > 3) && ((buffer[ bs-4 ] & 0xF8) == 0xF0)) ||
- ((bs > 4) && ((buffer[ bs-5 ] & 0xFC) == 0xF8)) ||
- ((bs > 5) && ((buffer[ bs-6 ] & 0xFE) == 0xFC)) ) {
- /* It fit exactly */
- return PR_SUCCESS;
- }
-
- /* Too long. We have to trim the last character */
- for( bs; bs > 0; bs-- ) {
- if( (buffer[bs-1] & 0xC0) != 0x80 ) {
- buffer[bs-1] = pad;
- break;
- } else {
- buffer[bs-1] = pad;
- }
- }
- } else {
- (void)nsslibc_memset(buffer, pad, bufferSize);
- (void)nsslibc_memcpy(buffer, string, stringSize);
- }
-
- return PR_SUCCESS;
-}
-
-/*
- * nssUTF8_Equal
- *
- */
-
-NSS_IMPLEMENT PRBool
-nssUTF8_Equal
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-)
-{
- PRUint32 la, lb;
-
-#ifdef NSSDEBUG
- if( ((const NSSUTF8 *)NULL == a) ||
- ((const NSSUTF8 *)NULL == b) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-#endif /* NSSDEBUG */
-
- la = nssUTF8_Size(a, statusOpt);
- if( 0 == la ) {
- return PR_FALSE;
- }
-
- lb = nssUTF8_Size(b, statusOpt);
- if( 0 == lb ) {
- return PR_FALSE;
- }
-
- if( la != lb ) {
- return PR_FALSE;
- }
-
- return nsslibc_memequal(a, b, la, statusOpt);
-}
diff --git a/security/nss/lib/base/whatnspr.c b/security/nss/lib/base/whatnspr.c
deleted file mode 100644
index e82c34166..000000000
--- a/security/nss/lib/base/whatnspr.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-/*
- * This file isolates us from differences in NSPR versions.
- * We have to detect the library with which we're running at
- * runtime, and switch behaviours there. This lets us do
- * stuff like load cryptoki modules in Communicator.
- *
- * Hey, it's the PORT layer all over again!
- */
-
-static int whatnspr = 0;
-
-static int
-set_whatnspr
-(
- void
-)
-{
- /*
- * The only runtime difference I could find was the
- * return value of PR_dtoa. We can't just look for
- * a symbol in NSPR >=2, because it'll always be
- * found (because we compile against NSPR >=2).
- * Maybe we could look for a symbol merely in NSPR 1?
- *
- */
-
- char buffer[64];
- int decpt = 0, sign = 0;
- char *rve = (char *)0;
- /* extern int PR_dtoa(double, int, int, int *, int *, char **, char *, int); */
- int r = (int)PR_dtoa((double)1.0, 0, 5, &decpt, &sign, &rve,
- buffer, sizeof(buffer));
-
- switch( r ) {
- case 0:
- case -1:
- whatnspr = 2;
- /*
- * If we needed to, *now* we could look up "libVersionPoint"
- * and get more data there.. except all current NSPR's (up
- * to NSPR 4.x at time of writing) still say 2 in their
- * version structure.
- */
- break;
- default:
- whatnspr = 1;
- break;
- }
-
- return whatnspr;
-}
-
-#define WHATNSPR (whatnspr ? whatnspr : set_whatnspr())
-
-NSS_IMPLEMENT PRStatus
-nss_NewThreadPrivateIndex
-(
- PRUintn *ip
-)
-{
- switch( WHATNSPR ) {
- case 1:
- {
- PRLibrary *l = (PRLibrary *)0;
- void *f = PR_FindSymbolAndLibrary("PR_NewThreadPrivateID", &l);
- typedef PRInt32 (*ntpt)(void);
- ntpt ntp = (ntpt) f;
-
- PR_ASSERT((void *)0 != f);
-
- *ip = ntp();
- return PR_SUCCESS;
- }
- case 2:
- default:
- return PR_NewThreadPrivateIndex(ip, NULL);
- }
-}
-
-NSS_IMPLEMENT void *
-nss_GetThreadPrivate
-(
- PRUintn i
-)
-{
- switch( WHATNSPR ) {
- case 1:
- {
- PRLibrary *l = (PRLibrary *)0;
- void *f = PR_FindSymbolAndLibrary("PR_GetThreadPrivate", &l);
- typedef void *(*gtpt)(PRThread *, PRInt32);
- gtpt gtp = (gtpt) f;
-
- PR_ASSERT((void *)0 != f);
-
- return gtp(PR_CurrentThread(), i);
- }
- case 2:
- default:
- return PR_GetThreadPrivate(i);
- }
-}
-
-NSS_IMPLEMENT void
-nss_SetThreadPrivate
-(
- PRUintn i,
- void *v
-)
-{
- switch( WHATNSPR ) {
- case 1:
- {
- PRLibrary *l = (PRLibrary *)0;
- void *f = PR_FindSymbolAndLibrary("PR_SetThreadPrivate", &l);
- typedef PRStatus (*stpt)(PRThread *, PRInt32, void *);
- stpt stp = (stpt) f;
-
- PR_ASSERT((void *)0 != f);
-
- (void)stp(PR_CurrentThread(), i, v);
- return;
- }
- case 2:
- default:
- (void)PR_SetThreadPrivate(i, v);
- return;
- }
-}
diff --git a/security/nss/lib/certdb/.cvsignore b/security/nss/lib/certdb/.cvsignore
deleted file mode 100644
index ec60123e5..000000000
--- a/security/nss/lib/certdb/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
-nscertinit.c
diff --git a/security/nss/lib/certdb/Makefile b/security/nss/lib/certdb/Makefile
deleted file mode 100644
index 12eff17ab..000000000
--- a/security/nss/lib/certdb/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c
deleted file mode 100644
index f9b2c7ae5..000000000
--- a/security/nss/lib/certdb/alg1485.c
+++ /dev/null
@@ -1,953 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "cert.h"
-#include "xconst.h"
-#include "genname.h"
-#include "secitem.h"
-#include "secerr.h"
-
-struct NameToKind {
- char *name;
- SECOidTag kind;
-};
-
-static struct NameToKind name2kinds[] = {
- { "CN", SEC_OID_AVA_COMMON_NAME, },
- { "ST", SEC_OID_AVA_STATE_OR_PROVINCE, },
- { "OU", SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, },
- { "DC", SEC_OID_AVA_DC, },
- { "C", SEC_OID_AVA_COUNTRY_NAME, },
- { "O", SEC_OID_AVA_ORGANIZATION_NAME, },
- { "L", SEC_OID_AVA_LOCALITY, },
- { "dnQualifier", SEC_OID_AVA_DN_QUALIFIER, },
- { "E", SEC_OID_PKCS9_EMAIL_ADDRESS, },
- { "UID", SEC_OID_RFC1274_UID, },
- { "MAIL", SEC_OID_RFC1274_MAIL, },
- { 0, SEC_OID_UNKNOWN },
-};
-
-#define C_DOUBLE_QUOTE '\042'
-
-#define C_BACKSLASH '\134'
-
-#define C_EQUAL '='
-
-#define OPTIONAL_SPACE(c) \
- (((c) == ' ') || ((c) == '\r') || ((c) == '\n'))
-
-#define SPECIAL_CHAR(c) \
- (((c) == ',') || ((c) == '=') || ((c) == C_DOUBLE_QUOTE) || \
- ((c) == '\r') || ((c) == '\n') || ((c) == '+') || \
- ((c) == '<') || ((c) == '>') || ((c) == '#') || \
- ((c) == ';') || ((c) == C_BACKSLASH))
-
-
-
-
-
-
-
-#if 0
-/*
-** Find the start and end of a <string>. Strings can be wrapped in double
-** quotes to protect special characters.
-*/
-static int BracketThing(char **startp, char *end, char *result)
-{
- char *start = *startp;
- char c;
-
- /* Skip leading white space */
- while (start < end) {
- c = *start++;
- if (!OPTIONAL_SPACE(c)) {
- start--;
- break;
- }
- }
- if (start == end) return 0;
-
- switch (*start) {
- case '#':
- /* Process hex thing */
- start++;
- *startp = start;
- while (start < end) {
- c = *start++;
- if (((c >= '0') && (c <= '9')) ||
- ((c >= 'a') && (c <= 'f')) ||
- ((c >= 'A') && (c <= 'F'))) {
- continue;
- }
- break;
- }
- rv = IS_HEX;
- break;
-
- case C_DOUBLE_QUOTE:
- start++;
- *startp = start;
- while (start < end) {
- c = *start++;
- if (c == C_DOUBLE_QUOTE) {
- break;
- }
- *result++ = c;
- }
- rv = IS_STRING;
- break;
-
- default:
- while (start < end) {
- c = *start++;
- if (SPECIAL_CHAR(c)) {
- start--;
- break;
- }
- *result++ = c;
- }
- rv = IS_STRING;
- break;
- }
-
- /* Terminate result string */
- *result = 0;
- return start;
-}
-
-static char *BracketSomething(char **startp, char* end, int spacesOK)
-{
- char *start = *startp;
- char c;
- int stopAtDQ;
-
- /* Skip leading white space */
- while (start < end) {
- c = *start;
- if (!OPTIONAL_SPACE(c)) {
- break;
- }
- start++;
- }
- if (start == end) return 0;
- stopAtDQ = 0;
- if (*start == C_DOUBLE_QUOTE) {
- stopAtDQ = 1;
- }
-
- /*
- ** Find the end of the something. The something is terminated most of
- ** the time by a space. However, if spacesOK is true then it is
- ** terminated by a special character only.
- */
- *startp = start;
- while (start < end) {
- c = *start;
- if (stopAtDQ) {
- if (c == C_DOUBLE_QUOTE) {
- *start = ' ';
- break;
- }
- } else {
- if (SPECIAL_CHAR(c)) {
- break;
- }
- if (!spacesOK && OPTIONAL_SPACE(c)) {
- break;
- }
- }
- start++;
- }
- return start;
-}
-#endif
-
-#define IS_PRINTABLE(c) \
- ((((c) >= 'a') && ((c) <= 'z')) || \
- (((c) >= 'A') && ((c) <= 'Z')) || \
- (((c) >= '0') && ((c) <= '9')) || \
- ((c) == ' ') || \
- ((c) == '\'') || \
- ((c) == '\050') || /* ( */ \
- ((c) == '\051') || /* ) */ \
- (((c) >= '+') && ((c) <= '/')) || /* + , - . / */ \
- ((c) == ':') || \
- ((c) == '=') || \
- ((c) == '?'))
-
-static PRBool
-IsPrintable(unsigned char *data, unsigned len)
-{
- unsigned char ch, *end;
-
- end = data + len;
- while (data < end) {
- ch = *data++;
- if (!IS_PRINTABLE(ch)) {
- return PR_FALSE;
- }
- }
- return PR_TRUE;
-}
-
-static void
-skipSpace(char **pbp, char *endptr)
-{
- char *bp = *pbp;
- while (bp < endptr && OPTIONAL_SPACE(*bp)) {
- bp++;
- }
- *pbp = bp;
-}
-
-static SECStatus
-scanTag(char **pbp, char *endptr, char *tagBuf, int tagBufSize)
-{
- char *bp, *tagBufp;
- int taglen;
-
- PORT_Assert(tagBufSize > 0);
-
- /* skip optional leading space */
- skipSpace(pbp, endptr);
- if (*pbp == endptr) {
- /* nothing left */
- return SECFailure;
- }
-
- /* fill tagBuf */
- taglen = 0;
- bp = *pbp;
- tagBufp = tagBuf;
- while (bp < endptr && !OPTIONAL_SPACE(*bp) && (*bp != C_EQUAL)) {
- if (++taglen >= tagBufSize) {
- *pbp = bp;
- return SECFailure;
- }
- *tagBufp++ = *bp++;
- }
- /* null-terminate tagBuf -- guaranteed at least one space left */
- *tagBufp++ = 0;
- *pbp = bp;
-
- /* skip trailing spaces till we hit something - should be an equal sign */
- skipSpace(pbp, endptr);
- if (*pbp == endptr) {
- /* nothing left */
- return SECFailure;
- }
- if (**pbp != C_EQUAL) {
- /* should be an equal sign */
- return SECFailure;
- }
- /* skip over the equal sign */
- (*pbp)++;
-
- return SECSuccess;
-}
-
-static SECStatus
-scanVal(char **pbp, char *endptr, char *valBuf, int valBufSize)
-{
- char *bp, *valBufp;
- int vallen;
- PRBool isQuoted;
-
- PORT_Assert(valBufSize > 0);
-
- /* skip optional leading space */
- skipSpace(pbp, endptr);
- if(*pbp == endptr) {
- /* nothing left */
- return SECFailure;
- }
-
- bp = *pbp;
-
- /* quoted? */
- if (*bp == C_DOUBLE_QUOTE) {
- isQuoted = PR_TRUE;
- /* skip over it */
- bp++;
- } else {
- isQuoted = PR_FALSE;
- }
-
- valBufp = valBuf;
- vallen = 0;
- while (bp < endptr) {
- char c = *bp;
- if (c == C_BACKSLASH) {
- /* escape character */
- bp++;
- if (bp >= endptr) {
- /* escape charater must appear with paired char */
- *pbp = bp;
- return SECFailure;
- }
- } else if (!isQuoted && SPECIAL_CHAR(c)) {
- /* unescaped special and not within quoted value */
- break;
- } else if (c == C_DOUBLE_QUOTE) {
- /* reached unescaped double quote */
- break;
- }
- /* append character */
- vallen++;
- if (vallen >= valBufSize) {
- *pbp = bp;
- return SECFailure;
- }
- *valBufp++ = *bp++;
- }
-
- /* stip trailing spaces from unquoted values */
- if (!isQuoted) {
- if (valBufp > valBuf) {
- valBufp--;
- while ((valBufp > valBuf) && OPTIONAL_SPACE(*valBufp)) {
- valBufp--;
- }
- valBufp++;
- }
- }
-
- if (isQuoted) {
- /* insist that we stopped on a double quote */
- if (*bp != C_DOUBLE_QUOTE) {
- *pbp = bp;
- return SECFailure;
- }
- /* skip over the quote and skip optional space */
- bp++;
- skipSpace(&bp, endptr);
- }
-
- *pbp = bp;
-
- if (valBufp == valBuf) {
- /* empty value -- not allowed */
- return SECFailure;
- }
-
- /* null-terminate valBuf -- guaranteed at least one space left */
- *valBufp++ = 0;
-
- return SECSuccess;
-}
-
-CERTAVA *
-CERT_ParseRFC1485AVA(PRArenaPool *arena, char **pbp, char *endptr,
- PRBool singleAVA)
-{
- CERTAVA *a;
- struct NameToKind *n2k;
- int vt;
- int valLen;
- char *bp;
-
- char tagBuf[32];
- char valBuf[384];
-
- if (scanTag(pbp, endptr, tagBuf, sizeof(tagBuf)) == SECFailure ||
- scanVal(pbp, endptr, valBuf, sizeof(valBuf)) == SECFailure) {
- PORT_SetError(SEC_ERROR_INVALID_AVA);
- return 0;
- }
-
- /* insist that if we haven't finished we've stopped on a separator */
- bp = *pbp;
- if (bp < endptr) {
- if (singleAVA || (*bp != ',' && *bp != ';')) {
- PORT_SetError(SEC_ERROR_INVALID_AVA);
- *pbp = bp;
- return 0;
- }
- /* ok, skip over separator */
- bp++;
- }
- *pbp = bp;
-
- for (n2k = name2kinds; n2k->name; n2k++) {
- if (PORT_Strcasecmp(n2k->name, tagBuf) == 0) {
- valLen = PORT_Strlen(valBuf);
- if (n2k->kind == SEC_OID_AVA_COUNTRY_NAME) {
- vt = SEC_ASN1_PRINTABLE_STRING;
- if (valLen != 2) {
- PORT_SetError(SEC_ERROR_INVALID_AVA);
- return 0;
- }
- if (!IsPrintable((unsigned char*) valBuf, 2)) {
- PORT_SetError(SEC_ERROR_INVALID_AVA);
- return 0;
- }
- } else if ((n2k->kind == SEC_OID_PKCS9_EMAIL_ADDRESS) ||
- (n2k->kind == SEC_OID_RFC1274_MAIL)) {
- vt = SEC_ASN1_IA5_STRING;
- } else {
- /* Hack -- for rationale see X.520 DirectoryString defn */
- if (IsPrintable((unsigned char*)valBuf, valLen)) {
- vt = SEC_ASN1_PRINTABLE_STRING;
- } else {
- vt = SEC_ASN1_UNIVERSAL_STRING;
- }
- }
- a = CERT_CreateAVA(arena, n2k->kind, vt, (char *) valBuf);
- return a;
- }
- }
- /* matched no kind -- invalid tag */
- PORT_SetError(SEC_ERROR_INVALID_AVA);
- return 0;
-}
-
-static CERTName *
-ParseRFC1485Name(char *buf, int len)
-{
- SECStatus rv;
- CERTName *name;
- char *bp, *e;
- CERTAVA *ava;
- CERTRDN *rdn;
-
- name = CERT_CreateName(NULL);
- if (name == NULL) {
- return NULL;
- }
-
- e = buf + len;
- bp = buf;
- while (bp < e) {
- ava = CERT_ParseRFC1485AVA(name->arena, &bp, e, PR_FALSE);
- if (ava == 0) goto loser;
- rdn = CERT_CreateRDN(name->arena, ava, 0);
- if (rdn == 0) goto loser;
- rv = CERT_AddRDN(name, rdn);
- if (rv) goto loser;
- skipSpace(&bp, e);
- }
-
- if (name->rdns[0] == 0) {
- /* empty name -- illegal */
- goto loser;
- }
-
- /* Reverse order of RDNS to comply with RFC */
- {
- CERTRDN **firstRdn;
- CERTRDN **lastRdn;
- CERTRDN *tmp;
-
- /* get first one */
- firstRdn = name->rdns;
-
- /* find last one */
- lastRdn = name->rdns;
- while (*lastRdn) lastRdn++;
- lastRdn--;
-
- /* reverse list */
- for ( ; firstRdn < lastRdn; firstRdn++, lastRdn--) {
- tmp = *firstRdn;
- *firstRdn = *lastRdn;
- *lastRdn = tmp;
- }
- }
-
- /* return result */
- return name;
-
- loser:
- CERT_DestroyName(name);
- return NULL;
-}
-
-CERTName *
-CERT_AsciiToName(char *string)
-{
- CERTName *name;
- name = ParseRFC1485Name(string, PORT_Strlen(string));
- return name;
-}
-
-/************************************************************************/
-
-static SECStatus
-AppendStr(char **bufp, unsigned *buflenp, char *str)
-{
- char *buf;
- unsigned bufLen, bufSize, len;
-
- /* Figure out how much to grow buf by (add in the '\0') */
- buf = *bufp;
- bufLen = *buflenp;
- len = PORT_Strlen(str);
- bufSize = bufLen + len;
- if (buf) {
- buf = (char*) PORT_Realloc(buf, bufSize);
- } else {
- bufSize++;
- buf = (char*) PORT_Alloc(bufSize);
- }
- if (!buf) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- *bufp = buf;
- *buflenp = bufSize;
-
- /* Concatenate str onto buf */
- buf = buf + bufLen;
- if (bufLen) buf--; /* stomp on old '\0' */
- PORT_Memcpy(buf, str, len+1); /* put in new null */
- return SECSuccess;
-}
-
-SECStatus
-CERT_RFC1485_EscapeAndQuote(char *dst, int dstlen, char *src, int srclen)
-{
- int i, reqLen=0;
- char *d = dst;
- PRBool needsQuoting = PR_FALSE;
-
- /* need to make an initial pass to determine if quoting is needed */
- for (i = 0; i < srclen; i++) {
- char c = src[i];
- reqLen++;
- if (SPECIAL_CHAR(c)) {
- /* entirety will need quoting */
- needsQuoting = PR_TRUE;
- }
- if (c == C_DOUBLE_QUOTE || c == C_BACKSLASH) {
- /* this char will need escaping */
- reqLen++;
- }
- }
- /* if it begins or ends in optional space it needs quoting */
- if (srclen > 0 &&
- (OPTIONAL_SPACE(src[srclen-1]) || OPTIONAL_SPACE(src[0]))) {
- needsQuoting = PR_TRUE;
- }
-
- if (needsQuoting) reqLen += 2;
-
- /* space for terminal null */
- reqLen++;
-
- if (reqLen > dstlen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
-
- d = dst;
- if (needsQuoting) *d++ = C_DOUBLE_QUOTE;
- for (i = 0; i < srclen; i++) {
- char c = src[i];
- if (c == C_DOUBLE_QUOTE || c == C_BACKSLASH) {
- /* escape it */
- *d++ = C_BACKSLASH;
- }
- *d++ = c;
- }
- if (needsQuoting) *d++ = C_DOUBLE_QUOTE;
- *d++ = 0;
- return SECSuccess;
-}
-
-static SECStatus
-AppendAVA(char **bufp, unsigned *buflenp, CERTAVA *ava)
-{
- char *tagName;
- char tmpBuf[384];
- unsigned len, maxLen;
- int lenLen;
- int tag;
- SECStatus rv;
- SECItem *avaValue = NULL;
-
- tag = CERT_GetAVATag(ava);
- switch (tag) {
- case SEC_OID_AVA_COUNTRY_NAME:
- tagName = "C";
- maxLen = 2;
- break;
- case SEC_OID_AVA_ORGANIZATION_NAME:
- tagName = "O";
- maxLen = 64;
- break;
- case SEC_OID_AVA_COMMON_NAME:
- tagName = "CN";
- maxLen = 64;
- break;
- case SEC_OID_AVA_LOCALITY:
- tagName = "L";
- maxLen = 128;
- break;
- case SEC_OID_AVA_STATE_OR_PROVINCE:
- tagName = "ST";
- maxLen = 128;
- break;
- case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
- tagName = "OU";
- maxLen = 64;
- break;
- case SEC_OID_AVA_DC:
- tagName = "DC";
- maxLen = 128;
- break;
- case SEC_OID_AVA_DN_QUALIFIER:
- tagName = "dnQualifier";
- maxLen = 0x7fff;
- break;
- case SEC_OID_PKCS9_EMAIL_ADDRESS:
- tagName = "E";
- maxLen = 128;
- break;
- case SEC_OID_RFC1274_UID:
- tagName = "UID";
- maxLen = 256;
- break;
- case SEC_OID_RFC1274_MAIL:
- tagName = "MAIL";
- maxLen = 256;
- break;
- default:
-#if 0
- PORT_SetError(SEC_ERROR_INVALID_AVA);
- return SECFailure;
-#else
- rv = AppendStr(bufp, buflenp, "ERR=Unknown AVA");
- return rv;
-#endif
- }
-
- avaValue = CERT_DecodeAVAValue(&ava->value);
- if(!avaValue) {
- return SECFailure;
- }
-
- /* Check value length */
- if ((avaValue->len < 2) || (avaValue->len > maxLen)) {
- PORT_SetError(SEC_ERROR_INVALID_AVA);
- return SECFailure;
- }
-
- len = PORT_Strlen(tagName);
- PORT_Memcpy(tmpBuf, tagName, len);
- tmpBuf[len++] = '=';
-
- /* escape and quote as necessary */
- rv = CERT_RFC1485_EscapeAndQuote(tmpBuf+len, sizeof(tmpBuf)-len,
- (char *)avaValue->data, avaValue->len);
- SECITEM_FreeItem(avaValue, PR_TRUE);
- if (rv) return SECFailure;
-
- rv = AppendStr(bufp, buflenp, tmpBuf);
- return rv;
-}
-
-char *
-CERT_NameToAscii(CERTName *name)
-{
- SECStatus rv;
- CERTRDN** rdns;
- CERTRDN** lastRdn;
- CERTRDN** rdn;
- CERTAVA** avas;
- CERTAVA* ava;
- PRBool first = PR_TRUE;
- char *buf = NULL;
- unsigned buflen = 0;
-
- rdns = name->rdns;
- if (rdns == NULL) {
- return NULL;
- }
-
- /* find last RDN */
- lastRdn = rdns;
- while (*lastRdn) lastRdn++;
- lastRdn--;
-
- /*
- * Loop over name contents in _reverse_ RDN order appending to string
- */
- for (rdn = lastRdn; rdn >= rdns; rdn--) {
- avas = (*rdn)->avas;
- while ((ava = *avas++) != NULL) {
- /* Put in comma separator */
- if (!first) {
- rv = AppendStr(&buf, &buflen, ", ");
- if (rv) goto loser;
- } else {
- first = PR_FALSE;
- }
-
- /* Add in tag type plus value into buf */
- rv = AppendAVA(&buf, &buflen, ava);
- if (rv) goto loser;
- }
- }
- return buf;
- loser:
- PORT_Free(buf);
- return NULL;
-}
-
-/*
- * Return the string representation of a DER encoded distinguished name
- * "dername" - The DER encoded name to convert
- */
-char *
-CERT_DerNameToAscii(SECItem *dername)
-{
- int rv;
- PRArenaPool *arena = NULL;
- CERTName name;
- char *retstr = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( arena == NULL) {
- goto loser;
- }
-
- rv = SEC_ASN1DecodeItem(arena, &name, CERT_NameTemplate, dername);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- retstr = CERT_NameToAscii(&name);
-
-loser:
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(retstr);
-}
-
-static char *
-CERT_GetNameElement(CERTName *name, int wantedTag)
-{
- CERTRDN** rdns;
- CERTRDN *rdn;
- CERTAVA** avas;
- CERTAVA* ava;
- char *buf = 0;
- int tag;
- SECItem *decodeItem = NULL;
-
- rdns = name->rdns;
- while ((rdn = *rdns++) != 0) {
- avas = rdn->avas;
- while ((ava = *avas++) != 0) {
- tag = CERT_GetAVATag(ava);
- if ( tag == wantedTag ) {
- decodeItem = CERT_DecodeAVAValue(&ava->value);
- if(!decodeItem) {
- return NULL;
- }
- buf = (char *)PORT_ZAlloc(decodeItem->len + 1);
- if ( buf ) {
- PORT_Memcpy(buf, decodeItem->data, decodeItem->len);
- buf[decodeItem->len] = 0;
- }
- SECITEM_FreeItem(decodeItem, PR_TRUE);
- goto done;
- }
- }
- }
-
- done:
- return buf;
-}
-
-char *
-CERT_GetCertificateEmailAddress(CERTCertificate *cert)
-{
- char *rawEmailAddr = NULL;
- char *emailAddr = NULL;
- SECItem subAltName;
- SECStatus rv;
- CERTGeneralName *nameList = NULL;
- CERTGeneralName *current;
- PRArenaPool *arena = NULL;
- int i;
-
- subAltName.data = NULL;
-
- rawEmailAddr = CERT_GetNameElement(&(cert->subject), SEC_OID_PKCS9_EMAIL_ADDRESS);
- if ( rawEmailAddr == NULL ) {
- rawEmailAddr = CERT_GetNameElement(&(cert->subject), SEC_OID_RFC1274_MAIL);
- }
- if ( rawEmailAddr == NULL) {
-
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, &subAltName);
- if (rv != SECSuccess) {
- goto finish;
- }
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) {
- goto finish;
- }
- nameList = current = CERT_DecodeAltNameExtension(arena, &subAltName);
- if (!nameList ) {
- goto finish;
- }
- if (nameList != NULL) {
- do {
- if (current->type == certDirectoryName) {
- rawEmailAddr = CERT_GetNameElement(&(current->name.directoryName),
- SEC_OID_PKCS9_EMAIL_ADDRESS);
- if ( rawEmailAddr == NULL ) {
- rawEmailAddr = CERT_GetNameElement(&(current->name.directoryName),
- SEC_OID_RFC1274_MAIL);
- }
- } else if (current->type == certRFC822Name) {
- rawEmailAddr = (char*)PORT_ZAlloc(current->name.other.len + 1);
- if (!rawEmailAddr) {
- goto finish;
- }
- PORT_Memcpy(rawEmailAddr, current->name.other.data,
- current->name.other.len);
- rawEmailAddr[current->name.other.len] = '\0';
- }
- if (rawEmailAddr) {
- break;
- }
- current = cert_get_next_general_name(current);
- } while (current != nameList);
- }
- }
- if (rawEmailAddr) {
- emailAddr = (char*)PORT_ArenaZAlloc(cert->arena, PORT_Strlen(rawEmailAddr) + 1);
- for (i = 0; i <= PORT_Strlen(rawEmailAddr); i++) {
- emailAddr[i] = tolower(rawEmailAddr[i]);
- }
- } else {
- emailAddr = NULL;
- }
-
-finish:
- if ( rawEmailAddr ) {
- PORT_Free(rawEmailAddr);
- }
-
- /* Don't free nameList, it's part of the arena. */
-
- if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- if ( subAltName.data ) {
- SECITEM_FreeItem(&subAltName, PR_FALSE);
- }
-
- return(emailAddr);
-}
-
-char *
-CERT_GetCertEmailAddress(CERTName *name)
-{
- char *rawEmailAddr;
- char *emailAddr;
-
-
- rawEmailAddr = CERT_GetNameElement(name, SEC_OID_PKCS9_EMAIL_ADDRESS);
- if ( rawEmailAddr == NULL ) {
- rawEmailAddr = CERT_GetNameElement(name, SEC_OID_RFC1274_MAIL);
- }
- emailAddr = CERT_FixupEmailAddr(rawEmailAddr);
- if ( rawEmailAddr ) {
- PORT_Free(rawEmailAddr);
- }
- return(emailAddr);
-}
-
-char *
-CERT_GetCommonName(CERTName *name)
-{
- return(CERT_GetNameElement(name, SEC_OID_AVA_COMMON_NAME));
-}
-
-char *
-CERT_GetCountryName(CERTName *name)
-{
- return(CERT_GetNameElement(name, SEC_OID_AVA_COUNTRY_NAME));
-}
-
-char *
-CERT_GetLocalityName(CERTName *name)
-{
- return(CERT_GetNameElement(name, SEC_OID_AVA_LOCALITY));
-}
-
-char *
-CERT_GetStateName(CERTName *name)
-{
- return(CERT_GetNameElement(name, SEC_OID_AVA_STATE_OR_PROVINCE));
-}
-
-char *
-CERT_GetOrgName(CERTName *name)
-{
- return(CERT_GetNameElement(name, SEC_OID_AVA_ORGANIZATION_NAME));
-}
-
-char *
-CERT_GetDomainComponentName(CERTName *name)
-{
- return(CERT_GetNameElement(name, SEC_OID_AVA_DC));
-}
-
-char *
-CERT_GetOrgUnitName(CERTName *name)
-{
- return(CERT_GetNameElement(name, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME));
-}
-
-char *
-CERT_GetDnQualifier(CERTName *name)
-{
- return(CERT_GetNameElement(name, SEC_OID_AVA_DN_QUALIFIER));
-}
-
-char *
-CERT_GetCertUid(CERTName *name)
-{
- return(CERT_GetNameElement(name, SEC_OID_RFC1274_UID));
-}
-
diff --git a/security/nss/lib/certdb/cdbhdl.h b/security/nss/lib/certdb/cdbhdl.h
deleted file mode 100644
index 916f8035d..000000000
--- a/security/nss/lib/certdb/cdbhdl.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * cdbhdl.h - certificate database handle
- * private to the certdb module
- *
- * $Id$
- */
-#ifndef _CDBHDL_H_
-#define _CDBHDL_H_
-
-#include "nspr.h"
-#include "mcom_db.h"
-#include "certt.h"
-
-/*
- * Handle structure for open certificate databases
- */
-struct CERTCertDBHandleStr {
- DB *permCertDB;
- DB *tempCertDB;
- void *spkDigestInfo;
- CERTStatusConfig *statusConfig;
- PRMonitor *dbMon;
-};
-
-#endif
diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h
deleted file mode 100644
index c12b77489..000000000
--- a/security/nss/lib/certdb/cert.h
+++ /dev/null
@@ -1,1387 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * cert.h - public data structures and prototypes for the certificate library
- *
- * $Id$
- */
-
-#ifndef _CERT_H_
-#define _CERT_H_
-
-#include "plarena.h"
-#include "plhash.h"
-#include "prlong.h"
-#include "prlog.h"
-
-#include "seccomon.h"
-#include "secdert.h"
-#include "secoidt.h"
-#include "keyt.h"
-#include "certt.h"
-
-SEC_BEGIN_PROTOS
-
-/****************************************************************************
- *
- * RFC1485 ascii to/from X.? RelativeDistinguishedName (aka CERTName)
- *
- ****************************************************************************/
-
-/*
-** Convert an ascii RFC1485 encoded name into its CERTName equivalent.
-*/
-extern CERTName *CERT_AsciiToName(char *string);
-
-/*
-** Convert an CERTName into its RFC1485 encoded equivalent.
-*/
-extern char *CERT_NameToAscii(CERTName *name);
-
-extern CERTAVA *CERT_CopyAVA(PRArenaPool *arena, CERTAVA *src);
-
-/*
-** Examine an AVA and return the tag that refers to it. The AVA tags are
-** defined as SEC_OID_AVA*.
-*/
-extern SECOidTag CERT_GetAVATag(CERTAVA *ava);
-
-/*
-** Compare two AVA's, returning the difference between them.
-*/
-extern SECComparison CERT_CompareAVA(CERTAVA *a, CERTAVA *b);
-
-/*
-** Create an RDN (relative-distinguished-name). The argument list is a
-** NULL terminated list of AVA's.
-*/
-extern CERTRDN *CERT_CreateRDN(PRArenaPool *arena, CERTAVA *avas, ...);
-
-/*
-** Make a copy of "src" storing it in "dest".
-*/
-extern SECStatus CERT_CopyRDN(PRArenaPool *arena, CERTRDN *dest, CERTRDN *src);
-
-/*
-** Destory an RDN object.
-** "rdn" the RDN to destroy
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void CERT_DestroyRDN(CERTRDN *rdn, PRBool freeit);
-
-/*
-** Add an AVA to an RDN.
-** "rdn" the RDN to add to
-** "ava" the AVA to add
-*/
-extern SECStatus CERT_AddAVA(PRArenaPool *arena, CERTRDN *rdn, CERTAVA *ava);
-
-/*
-** Compare two RDN's, returning the difference between them.
-*/
-extern SECComparison CERT_CompareRDN(CERTRDN *a, CERTRDN *b);
-
-/*
-** Create an X.500 style name using a NULL terminated list of RDN's.
-*/
-extern CERTName *CERT_CreateName(CERTRDN *rdn, ...);
-
-/*
-** Make a copy of "src" storing it in "dest". Memory is allocated in
-** "dest" for each of the appropriate sub objects. Memory is not freed in
-** "dest" before allocation is done (use CERT_DestroyName(dest, PR_FALSE) to
-** do that).
-*/
-extern SECStatus CERT_CopyName(PRArenaPool *arena, CERTName *dest, CERTName *src);
-
-/*
-** Destroy a Name object.
-** "name" the CERTName to destroy
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void CERT_DestroyName(CERTName *name);
-
-/*
-** Add an RDN to a name.
-** "name" the name to add the RDN to
-** "rdn" the RDN to add to name
-*/
-extern SECStatus CERT_AddRDN(CERTName *name, CERTRDN *rdn);
-
-/*
-** Compare two names, returning the difference between them.
-*/
-extern SECComparison CERT_CompareName(CERTName *a, CERTName *b);
-
-/*
-** Convert a CERTName into something readable
-*/
-extern char *CERT_FormatName (CERTName *name);
-
-/*
-** Convert a der-encoded integer to a hex printable string form.
-** Perhaps this should be a SEC function but it's only used for certs.
-*/
-extern char *CERT_Hexify (SECItem *i, int do_colon);
-
-/**************************************************************************************
- *
- * Certificate handling operations
- *
- **************************************************************************************/
-
-/*
-** Create a new validity object given two unix time values.
-** "notBefore" the time before which the validity is not valid
-** "notAfter" the time after which the validity is not valid
-*/
-extern CERTValidity *CERT_CreateValidity(int64 notBefore, int64 notAfter);
-
-/*
-** Destroy a validity object.
-** "v" the validity to destroy
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void CERT_DestroyValidity(CERTValidity *v);
-
-/*
-** Copy the "src" object to "dest". Memory is allocated in "dest" for
-** each of the appropriate sub-objects. Memory in "dest" is not freed
-** before memory is allocated (use CERT_DestroyValidity(v, PR_FALSE) to do
-** that).
-*/
-extern SECStatus CERT_CopyValidity
- (PRArenaPool *arena, CERTValidity *dest, CERTValidity *src);
-
-/*
-** Create a new certificate object. The result must be wrapped with an
-** CERTSignedData to create a signed certificate.
-** "serialNumber" the serial number
-** "issuer" the name of the certificate issuer
-** "validity" the validity period of the certificate
-** "req" the certificate request that prompted the certificate issuance
-*/
-extern CERTCertificate *
-CERT_CreateCertificate (unsigned long serialNumber, CERTName *issuer,
- CERTValidity *validity, CERTCertificateRequest *req);
-
-/*
-** Destroy a certificate object
-** "cert" the certificate to destroy
-** NOTE: certificate's are reference counted. This call decrements the
-** reference count, and if the result is zero, then the object is destroyed
-** and optionally freed.
-*/
-extern void CERT_DestroyCertificate(CERTCertificate *cert);
-
-/*
-** Make a shallow copy of a certificate "c". Just increments the
-** reference count on "c".
-*/
-extern CERTCertificate *CERT_DupCertificate(CERTCertificate *c);
-
-/*
-** Create a new certificate request. This result must be wrapped with an
-** CERTSignedData to create a signed certificate request.
-** "name" the subject name (who the certificate request is from)
-** "spki" describes/defines the public key the certificate is for
-** "attributes" if non-zero, some optional attribute data
-*/
-extern CERTCertificateRequest *
-CERT_CreateCertificateRequest (CERTName *name, CERTSubjectPublicKeyInfo *spki,
- SECItem **attributes);
-
-/*
-** Destroy a certificate-request object
-** "r" the certificate-request to destroy
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void CERT_DestroyCertificateRequest(CERTCertificateRequest *r);
-
-/*
-** Extract a public key object from a SubjectPublicKeyInfo
-*/
-extern SECKEYPublicKey *CERT_ExtractPublicKey(CERTCertificate *cert);
-
-/*
- * used to get a public key with Key Material ID. Only used for fortezza V1
- * certificates.
- */
-extern SECKEYPublicKey *CERT_KMIDPublicKey(CERTCertificate *cert);
-
-
-/*
-** Retrieve the Key Type associated with the cert we're dealing with
-*/
-
-extern KeyType CERT_GetCertKeyType (CERTSubjectPublicKeyInfo *spki);
-
-/*
-** Initialize the certificate database. This is called to create
-** the initial list of certificates in the database.
-*/
-extern SECStatus CERT_InitCertDB(CERTCertDBHandle *handle);
-
-/*
-** Default certificate database routines
-*/
-extern void CERT_SetDefaultCertDB(CERTCertDBHandle *handle);
-
-extern CERTCertDBHandle *CERT_GetDefaultCertDB(void);
-
-extern CERTCertList *CERT_GetCertChainFromCert(CERTCertificate *cert,
- int64 time,
- SECCertUsage usage);
-
-/************************************************************************************
- *
- * X.500 Name handling operations
- *
- ************************************************************************************/
-
-/*
-** Create an AVA (attribute-value-assertion)
-** "arena" the memory arena to alloc from
-** "kind" is one of SEC_OID_AVA_*
-** "valueType" is one of DER_PRINTABLE_STRING, DER_IA5_STRING, or
-** DER_T61_STRING
-** "value" is the null terminated string containing the value
-*/
-extern CERTAVA *CERT_CreateAVA
- (PRArenaPool *arena, SECOidTag kind, int valueType, char *value);
-
-/*
-** Extract the Distinguished Name from a DER encoded certificate
-** "derCert" is the DER encoded certificate
-** "derName" is the SECItem that the name is returned in
-*/
-extern SECStatus CERT_NameFromDERCert(SECItem *derCert, SECItem *derName);
-
-/*
-** Extract the Issuers Distinguished Name from a DER encoded certificate
-** "derCert" is the DER encoded certificate
-** "derName" is the SECItem that the name is returned in
-*/
-extern SECStatus CERT_IssuerNameFromDERCert(SECItem *derCert,
- SECItem *derName);
-
-
-
-/*
-** Generate a database search key for a certificate, based on the
-** issuer and serial number.
-** "arena" the memory arena to alloc from
-** "derCert" the DER encoded certificate
-** "key" the returned key
-*/
-extern SECStatus CERT_KeyFromDERCert(PRArenaPool *arena, SECItem *derCert, SECItem *key);
-
-extern SECStatus CERT_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer,
- SECItem *sn, SECItem *key);
-
-/*
-** Generate a database search key for a crl, based on the
-** issuer.
-** "arena" the memory arena to alloc from
-** "derCrl" the DER encoded crl
-** "key" the returned key
-*/
-extern SECStatus CERT_KeyFromDERCrl(PRArenaPool *arena, SECItem *derCrl, SECItem *key);
-
-/*
-** Open the certificate database. Use callback to get name of database.
-*/
-extern SECStatus CERT_OpenCertDB(CERTCertDBHandle *handle, PRBool readOnly,
- CERTDBNameFunc namecb, void *cbarg);
-
-/* Open the certificate database. Use given filename for database. */
-extern SECStatus CERT_OpenCertDBFilename(CERTCertDBHandle *handle,
- char *certdbname, PRBool readOnly);
-
-/*
-** Open and initialize a cert database that is entirely in memory. This
-** can be used when the permanent database can not be opened or created.
-*/
-extern SECStatus CERT_OpenVolatileCertDB(CERTCertDBHandle *handle);
-
-/*
-** Check the hostname to make sure that it matches the shexp that
-** is given in the common name of the certificate.
-*/
-extern SECStatus CERT_VerifyCertName(CERTCertificate *cert, const char *hostname);
-
-/*
-** Add a domain name to the list of names that the user has explicitly
-** allowed (despite cert name mismatches) for use with a server cert.
-*/
-extern SECStatus CERT_AddOKDomainName(CERTCertificate *cert, const char *hostname);
-
-/*
-** Decode a DER encoded certificate into an CERTCertificate structure
-** "derSignedCert" is the DER encoded signed certificate
-** "copyDER" is true if the DER should be copied, false if the
-** existing copy should be referenced
-** "nickname" is the nickname to use in the database. If it is NULL
-** then a temporary nickname is generated.
-*/
-extern CERTCertificate *
-CERT_DecodeDERCertificate (SECItem *derSignedCert, PRBool copyDER, char *nickname);
-/*
-** Decode a DER encoded CRL/KRL into an CERTSignedCrl structure
-** "derSignedCrl" is the DER encoded signed crl/krl.
-** "type" is this a CRL or KRL.
-*/
-#define SEC_CRL_TYPE 1
-#define SEC_KRL_TYPE 0
-
-extern CERTSignedCrl *
-CERT_DecodeDERCrl (PRArenaPool *arena, SECItem *derSignedCrl,int type);
-
-/* Validate CRL then import it to the dbase. If there is already a CRL with the
- * same CA in the dbase, it will be replaced if derCRL is more up to date.
- * If the process successes, a CRL will be returned. Otherwise, a NULL will
- * be returned. The caller should call PORT_GetError() for the exactly error
- * code.
- */
-extern CERTSignedCrl *
-CERT_ImportCRL (CERTCertDBHandle *handle, SECItem *derCRL, char *url,
- int type, void * wincx);
-
-extern void CERT_DestroyCrl (CERTSignedCrl *crl);
-
-/*
-** Decode a certificate and put it into the temporary certificate database
-*/
-extern CERTCertificate *
-CERT_NewTempCertificate (CERTCertDBHandle *handle, SECItem *derCert,
- char *nickname, PRBool isperm, PRBool copyDER);
-
-/*
-** Add a certificate to the temporary database.
-** "dbCert" is the certificate from the perm database.
-** "isperm" indicates if the cert is in the permanent database.
-*/
-extern CERTCertificate *
-CERT_AddTempCertificate (CERTCertDBHandle *handle, certDBEntryCert *entry,
- PRBool isperm);
-
-/*
-** Add a temporary certificate to the permanent database.
-** "cert" is the temporary cert
-** "nickname" is the permanent nickname to use
-** "trust" is the certificate trust parameters to assign to the cert
-*/
-extern SECStatus
-CERT_AddTempCertToPerm (CERTCertificate *cert, char *nickname, CERTCertTrust *trust);
-
-/*
-** Find a certificate in the database
-** "key" is the database key to look for
-*/
-extern CERTCertificate *CERT_FindCertByKey(CERTCertDBHandle *handle, SECItem *key);
-
-/*
- * Lookup a certificate in the databases without locking
- * "certKey" is the database key to look for
- *
- * XXX - this should be internal, but pkcs 11 needs to call it during a
- * traversal.
- */
-CERTCertificate *
-CERT_FindCertByKeyNoLocking(CERTCertDBHandle *handle, SECItem *certKey);
-
-/*
-** Find a certificate in the database by name
-** "name" is the distinguished name to look up
-*/
-extern CERTCertificate *
-CERT_FindCertByName (CERTCertDBHandle *handle, SECItem *name);
-
-/*
-** Find a certificate in the database by name
-** "name" is the distinguished name to look up (in ascii)
-*/
-extern CERTCertificate *
-CERT_FindCertByNameString (CERTCertDBHandle *handle, char *name);
-
-/*
-** Find a certificate in the database by name and keyid
-** "name" is the distinguished name to look up
-** "keyID" is the value of the subjectKeyID to match
-*/
-extern CERTCertificate *
-CERT_FindCertByKeyID (CERTCertDBHandle *handle, SECItem *name, SECItem *keyID);
-
-/*
-** Generate a certificate key from the issuer and serialnumber, then look it
-** up in the database. Return the cert if found.
-** "issuerAndSN" is the issuer and serial number to look for
-*/
-extern CERTCertificate *
-CERT_FindCertByIssuerAndSN (CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN);
-
-/*
-** Find a certificate in the database by a nickname
-** "nickname" is the ascii string nickname to look for
-*/
-extern CERTCertificate *
-CERT_FindCertByNickname (CERTCertDBHandle *handle, char *nickname);
-/*
-** Find a certificate in the database by a DER encoded certificate
-** "derCert" is the DER encoded certificate
-*/
-extern CERTCertificate *
-CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert);
-
-/*
-** Find a certificate in the database by a email address
-** "emailAddr" is the email address to look up
-*/
-CERTCertificate *
-CERT_FindCertByEmailAddr(CERTCertDBHandle *handle, char *emailAddr);
-
-/*
-** Find a certificate in the database by a email address or nickname
-** "name" is the email address or nickname to look up
-*/
-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, char *name);
-
-/*
-** Find a certificate in the database by a digest of a subject public key
-** "spkDigest" is the digest to look up
-*/
-extern CERTCertificate *
-CERT_FindCertBySPKDigest(CERTCertDBHandle *handle, SECItem *spkDigest);
-
-/*
- * Find the issuer of a cert
- */
-CERTCertificate *
-CERT_FindCertIssuer(CERTCertificate *cert, int64 validTime, SECCertUsage usage);
-
-/*
-** Delete a certificate from the temporary database
-** "cert" is the certificate to be deleted
-*/
-extern SECStatus CERT_DeleteTempCertificate(CERTCertificate *cert);
-
-/*
-** Flush and close the permanent database.
-*/
-extern void CERT_ClosePermCertDB(CERTCertDBHandle *handle);
-
-/*
-** Check the validity times of a certificate vs. time 't', allowing
-** some slop for broken clocks and stuff.
-** "cert" is the certificate to be checked
-** "t" is the time to check against
-** "allowOverride" if true then check to see if the invalidity has
-** been overridden by the user.
-*/
-extern SECCertTimeValidity CERT_CheckCertValidTimes(CERTCertificate *cert,
- int64 t,
- PRBool allowOverride);
-
-/*
-** WARNING - this function is depricated, and will either go away or have
-** a new API in the near future.
-**
-** Check the validity times of a certificate vs. the current time, allowing
-** some slop for broken clocks and stuff.
-** "cert" is the certificate to be checked
-*/
-extern SECStatus CERT_CertTimesValid(CERTCertificate *cert);
-
-/*
-** Extract the validity times from a certificate
-** "c" is the certificate
-** "notBefore" is the start of the validity period
-** "notAfter" is the end of the validity period
-*/
-extern SECStatus
-CERT_GetCertTimes (CERTCertificate *c, int64 *notBefore, int64 *notAfter);
-
-/*
-** Extract the issuer and serial number from a certificate
-*/
-extern CERTIssuerAndSN *CERT_GetCertIssuerAndSN(PRArenaPool *,
- CERTCertificate *);
-
-/*
-** verify the signature of a signed data object with a given certificate
-** "sd" the signed data object to be verified
-** "cert" the certificate to use to check the signature
-*/
-extern SECStatus CERT_VerifySignedData(CERTSignedData *sd,
- CERTCertificate *cert,
- int64 t,
- void *wincx);
-
-/*
-** verify a certificate by checking validity times against a certain time,
-** that we trust the issuer, and that the signature on the certificate is
-** valid.
-** "cert" the certificate to verify
-** "checkSig" only check signatures if true
-*/
-extern SECStatus
-CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, int64 t,
- void *wincx, CERTVerifyLog *log);
-
-/* same as above, but uses current time */
-extern SECStatus
-CERT_VerifyCertNow(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, void *wincx);
-
-/*
-** This must only be called on a cert that is known to have an issuer
-** with an invalid time
-*/
-extern CERTCertificate *
-CERT_FindExpiredIssuer (CERTCertDBHandle *handle, CERTCertificate *cert);
-
-/*
-** Read a base64 ascii encoded DER certificate and convert it to our
-** internal format.
-** "certstr" is a null-terminated string containing the certificate
-*/
-extern CERTCertificate *CERT_ConvertAndDecodeCertificate(char *certstr);
-
-/*
-** Read a certificate in some foreign format, and convert it to our
-** internal format.
-** "certbuf" is the buffer containing the certificate
-** "certlen" is the length of the buffer
-** NOTE - currently supports netscape base64 ascii encoded raw certs
-** and netscape binary DER typed files.
-*/
-extern CERTCertificate *CERT_DecodeCertFromPackage(char *certbuf, int certlen);
-
-extern SECStatus
-CERT_ImportCAChain (SECItem *certs, int numcerts, SECCertUsage certUsage);
-
-/*
-** Read a certificate chain in some foreign format, and pass it to a
-** callback function.
-** "certbuf" is the buffer containing the certificate
-** "certlen" is the length of the buffer
-** "f" is the callback function
-** "arg" is the callback argument
-*/
-typedef SECStatus (*CERTImportCertificateFunc)
- (void *arg, SECItem **certs, int numcerts);
-
-extern SECStatus
-CERT_DecodeCertPackage(char *certbuf, int certlen, CERTImportCertificateFunc f,
- void *arg);
-
-/*
-** Pretty print a certificate in HTML
-** "cert" is the certificate to print
-** "showImages" controls whether or not to use about:security URLs
-** for subject and issuer images. This should only be true
-** in the browser.
-*/
-extern char *CERT_HTMLCertInfo(CERTCertificate *cert, PRBool showImages,
- PRBool showIssuer);
-
-/*
-** Returns the value of an AVA. This was a formerly static
-** function that has been exposed due to the need to decode
-** and convert unicode strings to UTF8.
-**
-** XXX This function resides in certhtml.c, should it be
-** moved elsewhere?
-*/
-extern SECItem *CERT_DecodeAVAValue(SECItem *derAVAValue);
-
-
-/*
-** extract various element strings from a distinguished name.
-** "name" the distinguished name
-*/
-extern char *CERT_GetCommonName(CERTName *name);
-
-extern char *CERT_GetCertificateEmailAddress(CERTCertificate *cert);
-
-extern char *CERT_GetCertEmailAddress(CERTName *name);
-
-extern char *CERT_GetCommonName(CERTName *name);
-
-extern char *CERT_GetCountryName(CERTName *name);
-
-extern char *CERT_GetLocalityName(CERTName *name);
-
-extern char *CERT_GetStateName(CERTName *name);
-
-extern char *CERT_GetOrgName(CERTName *name);
-
-extern char *CERT_GetOrgUnitName(CERTName *name);
-
-extern char *CERT_GetDomainComponentName(CERTName *name);
-
-extern char *CERT_GetCertUid(CERTName *name);
-
-/* manipulate the trust parameters of a certificate */
-
-extern SECStatus CERT_GetCertTrust(CERTCertificate *cert, CERTCertTrust *trust);
-
-extern SECStatus
-CERT_ChangeCertTrust (CERTCertDBHandle *handle, CERTCertificate *cert,
- CERTCertTrust *trust);
-
-extern SECStatus
-CERT_ChangeCertTrustByUsage(CERTCertDBHandle *certdb, CERTCertificate *cert,
- SECCertUsage usage);
-
-/*************************************************************************
- *
- * manipulate the extensions of a certificate
- *
- ************************************************************************/
-
-/*
-** Set up a cert for adding X509v3 extensions. Returns an opaque handle
-** used by the next two routines.
-** "cert" is the certificate we are adding extensions to
-*/
-extern void *CERT_StartCertExtensions(CERTCertificate *cert);
-
-/*
-** Add an extension to a certificate.
-** "exthandle" is the handle returned by the previous function
-** "idtag" is the integer tag for the OID that should ID this extension
-** "value" is the value of the extension
-** "critical" is the critical extension flag
-** "copyData" is a flag indicating whether the value data should be
-** copied.
-*/
-extern SECStatus CERT_AddExtension (void *exthandle, int idtag,
- SECItem *value, PRBool critical, PRBool copyData);
-
-extern SECStatus CERT_AddExtensionByOID (void *exthandle, SECItem *oid,
- SECItem *value, PRBool critical, PRBool copyData);
-
-extern SECStatus CERT_EncodeAndAddExtension
- (void *exthandle, int idtag, void *value, PRBool critical,
- const SEC_ASN1Template *atemplate);
-
-extern SECStatus CERT_EncodeAndAddBitStrExtension
- (void *exthandle, int idtag, SECItem *value, PRBool critical);
-
-/*
-** Finish adding cert extensions. Does final processing on extension
-** data, putting it in the right format, and freeing any temporary
-** storage.
-** "exthandle" is the handle used to add extensions to a certificate
-*/
-extern SECStatus CERT_FinishExtensions(void *exthandle);
-
-
-/* If the extension is found, return its criticality and value.
-** This allocate storage for the returning extension value.
-*/
-extern SECStatus CERT_GetExtenCriticality
- (CERTCertExtension **extensions, int tag, PRBool *isCritical);
-
-extern void
-CERT_DestroyOidSequence(CERTOidSequence *oidSeq);
-
-/****************************************************************************
- *
- * DER encode and decode extension values
- *
- ****************************************************************************/
-
-/* Encode the value of the basicConstraint extension.
-** arena - where to allocate memory for the encoded value.
-** value - extension value to encode
-** encodedValue - output encoded value
-*/
-extern SECStatus CERT_EncodeBasicConstraintValue
- (PRArenaPool *arena, CERTBasicConstraints *value, SECItem *encodedValue);
-
-/*
-** Encode the value of the authorityKeyIdentifier extension.
-*/
-extern SECStatus CERT_EncodeAuthKeyID
- (PRArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue);
-
-/*
-** Encode the value of the crlDistributionPoints extension.
-*/
-extern SECStatus CERT_EncodeCRLDistributionPoints
- (PRArenaPool *arena, CERTCrlDistributionPoints *value,SECItem *derValue);
-
-/*
-** Decodes a DER encoded basicConstaint extension value into a readable format
-** value - decoded value
-** encodedValue - value to decoded
-*/
-extern SECStatus CERT_DecodeBasicConstraintValue
- (CERTBasicConstraints *value, SECItem *encodedValue);
-
-/* Decodes a DER encoded authorityKeyIdentifier extension value into a
-** readable format.
-** arena - where to allocate memory for the decoded value
-** encodedValue - value to be decoded
-** Returns a CERTAuthKeyID structure which contains the decoded value
-*/
-extern CERTAuthKeyID *CERT_DecodeAuthKeyID
- (PRArenaPool *arena, SECItem *encodedValue);
-
-
-/* Decodes a DER encoded crlDistributionPoints extension value into a
-** readable format.
-** arena - where to allocate memory for the decoded value
-** der - value to be decoded
-** Returns a CERTCrlDistributionPoints structure which contains the
-** decoded value
-*/
-extern CERTCrlDistributionPoints * CERT_DecodeCRLDistributionPoints
- (PRArenaPool *arena, SECItem *der);
-
-/* Extract certain name type from a generalName */
-extern void *CERT_GetGeneralNameByType
- (CERTGeneralName *genNames, CERTGeneralNameType type, PRBool derFormat);
-
-
-extern CERTOidSequence *
-CERT_DecodeOidSequence(SECItem *seqItem);
-
-
-
-
-/****************************************************************************
- *
- * Find extension values of a certificate
- *
- ***************************************************************************/
-
-extern SECStatus CERT_FindCertExtension
- (CERTCertificate *cert, int tag, SECItem *value);
-
-extern SECStatus CERT_FindNSCertTypeExtension
- (CERTCertificate *cert, SECItem *value);
-
-extern char * CERT_FindNSStringExtension (CERTCertificate *cert, int oidtag);
-
-extern SECStatus CERT_FindIssuerCertExtension
- (CERTCertificate *cert, int tag, SECItem *value);
-
-extern SECStatus CERT_FindCertExtensionByOID
- (CERTCertificate *cert, SECItem *oid, SECItem *value);
-
-extern char *CERT_FindCertURLExtension (CERTCertificate *cert, int tag,
- int catag);
-
-/* Returns the decoded value of the authKeyID extension.
-** Note that this uses passed in the arena to allocate storage for the result
-*/
-extern CERTAuthKeyID * CERT_FindAuthKeyIDExten (PRArenaPool *arena,CERTCertificate *cert);
-
-/* Returns the decoded value of the basicConstraint extension.
- */
-extern SECStatus CERT_FindBasicConstraintExten
- (CERTCertificate *cert, CERTBasicConstraints *value);
-
-/* Returns the decoded value of the crlDistributionPoints extension.
-** Note that the arena in cert is used to allocate storage for the result
-*/
-extern CERTCrlDistributionPoints * CERT_FindCRLDistributionPoints
- (CERTCertificate *cert);
-
-/* Returns value of the keyUsage extension. This uses PR_Alloc to allocate
-** buffer for the decoded value, The caller should free up the storage
-** allocated in value->data.
-*/
-extern SECStatus CERT_FindKeyUsageExtension (CERTCertificate *cert,
- SECItem *value);
-
-/* Return the decoded value of the subjectKeyID extension. The caller should
-** free up the storage allocated in retItem->data.
-*/
-extern SECStatus CERT_FindSubjectKeyIDExten (CERTCertificate *cert,
- SECItem *retItem);
-
-/*
-** If cert is a v3 certificate, and a critical keyUsage extension is included,
-** then check the usage against the extension value. If a non-critical
-** keyUsage extension is included, this will return SECSuccess without
-** checking, since the extension is an advisory field, not a restriction.
-** If cert is not a v3 certificate, this will return SECSuccess.
-** cert - certificate
-** usage - one of the x.509 v3 the Key Usage Extension flags
-*/
-extern SECStatus CERT_CheckCertUsage (CERTCertificate *cert,
- unsigned char usage);
-
-/****************************************************************************
- *
- * CRL v2 Extensions supported routines
- *
- ****************************************************************************/
-
-extern SECStatus CERT_FindCRLExtensionByOID
- (CERTCrl *crl, SECItem *oid, SECItem *value);
-
-extern SECStatus CERT_FindCRLExtension
- (CERTCrl *crl, int tag, SECItem *value);
-
-extern SECStatus
- CERT_FindInvalidDateExten (CERTCrl *crl, int64 *value);
-
-extern void *CERT_StartCRLExtensions (CERTCrl *crl);
-
-extern CERTCertNicknames *CERT_GetCertNicknames (CERTCertDBHandle *handle,
- int what, void *wincx);
-
-/*
-** Finds the crlNumber extension and decodes its value into 'value'
-*/
-extern SECStatus CERT_FindCRLNumberExten (CERTCrl *crl, CERTCrlNumber *value);
-
-extern void CERT_FreeNicknames(CERTCertNicknames *nicknames);
-
-extern PRBool CERT_CompareCerts(CERTCertificate *c1, CERTCertificate *c2);
-
-extern PRBool CERT_CompareCertsForRedirection(CERTCertificate *c1,
- CERTCertificate *c2);
-
-/*
-** Generate an array of the Distinguished Names that the given cert database
-** "trusts"
-*/
-extern CERTDistNames *CERT_GetSSLCACerts(CERTCertDBHandle *handle);
-
-extern void CERT_FreeDistNames(CERTDistNames *names);
-
-/*
-** Generate an array of Distinguished names from an array of nicknames
-*/
-extern CERTDistNames *CERT_DistNamesFromNicknames
- (CERTCertDBHandle *handle, char **nicknames, int nnames);
-
-/*
-** Generate a certificate chain from a certificate.
-*/
-extern CERTCertificateList *
-CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
- PRBool includeRoot);
-
-extern CERTCertificateList *
-CERT_CertListFromCert(CERTCertificate *cert);
-
-extern void CERT_DestroyCertificateList(CERTCertificateList *list);
-
-/* is cert a newer than cert b? */
-PRBool CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb);
-
-typedef SECStatus (* CERTCertCallback)(CERTCertificate *cert, void *arg);
-
-SECStatus
-CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle, SECItem *derSubject,
- CERTCertCallback cb, void *cbarg);
-int
-CERT_NumPermCertsForSubject(CERTCertDBHandle *handle, SECItem *derSubject);
-
-SECStatus
-CERT_TraversePermCertsForNickname(CERTCertDBHandle *handle, char *nickname,
- CERTCertCallback cb, void *cbarg);
-
-int
-CERT_NumPermCertsForNickname(CERTCertDBHandle *handle, char *nickname);
-
-int
-CERT_NumCertsForCertSubject(CERTCertificate *cert);
-
-int
-CERT_NumPermCertsForCertSubject(CERTCertificate *cert);
-
-SECStatus
-CERT_TraverseCertsForSubject(CERTCertDBHandle *handle,
- CERTSubjectList *subjectList,
- CERTCertCallback cb, void *cbarg);
-
-/* currently a stub for address book */
-PRBool
-CERT_IsCertRevoked(CERTCertificate *cert);
-
-void
-CERT_DestroyCertArray(CERTCertificate **certs, unsigned int ncerts);
-
-/* convert an email address to lower case */
-char *CERT_FixupEmailAddr(char *emailAddr);
-
-/* decode string representation of trust flags into trust struct */
-SECStatus
-CERT_DecodeTrustString(CERTCertTrust *trust, char *trusts);
-
-/* encode trust struct into string representation of trust flags */
-char *
-CERT_EncodeTrustString(CERTCertTrust *trust);
-
-/* find the next or prev cert in a subject list */
-CERTCertificate *
-CERT_PrevSubjectCert(CERTCertificate *cert);
-CERTCertificate *
-CERT_NextSubjectCert(CERTCertificate *cert);
-
-/*
- * import a collection of certs into the temporary or permanent cert
- * database
- */
-SECStatus
-CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
- unsigned int ncerts, SECItem **derCerts,
- CERTCertificate ***retCerts, PRBool keepCerts,
- PRBool caOnly, char *nickname);
-
-SECStatus
-CERT_SaveImportedCert(CERTCertificate *cert, SECCertUsage usage,
- PRBool caOnly, char *nickname);
-
-char *
-CERT_MakeCANickname(CERTCertificate *cert);
-
-PRBool
-CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype);
-
-SECStatus
-CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
- SECItem *profileTime);
-
-/*
- * find the smime symmetric capabilities profile for a given cert
- */
-SECItem *
-CERT_FindSMimeProfile(CERTCertificate *cert);
-
-int
-CERT_GetDBContentVersion(CERTCertDBHandle *handle);
-
-void
-CERT_SetDBContentVersion(int version, CERTCertDBHandle *handle);
-
-SECStatus
-CERT_AddNewCerts(CERTCertDBHandle *handle);
-
-CERTPackageType
-CERT_CertPackageType(SECItem *package, SECItem *certitem);
-
-CERTCertificatePolicies *
-CERT_DecodeCertificatePoliciesExtension(SECItem *extnValue);
-
-void
-CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies);
-
-CERTUserNotice *
-CERT_DecodeUserNotice(SECItem *noticeItem);
-
-void
-CERT_DestroyUserNotice(CERTUserNotice *userNotice);
-
-typedef char * (* CERTPolicyStringCallback)(char *org,
- unsigned long noticeNumber,
- void *arg);
-void
-CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg);
-
-char *
-CERT_GetCertCommentString(CERTCertificate *cert);
-
-PRBool
-CERT_GovtApprovedBitSet(CERTCertificate *cert);
-
-SECStatus
-CERT_AddPermNickname(CERTCertificate *cert, char *nickname);
-
-/*
- * Given a cert, find the cert with the same subject name that
- * has the given key usage. If the given cert has the correct keyUsage, then
- * return it, otherwise search the list in order.
- */
-CERTCertificate *
-CERT_FindCertByUsage(CERTCertificate *basecert, unsigned int requiredKeyUsage);
-
-
-CERTCertList *
-CERT_MatchUserCert(CERTCertDBHandle *handle,
- SECCertUsage usage,
- int nCANames, char **caNames,
- void *proto_win);
-
-CERTCertList *
-CERT_NewCertList(void);
-
-void
-CERT_DestroyCertList(CERTCertList *certs);
-
-/* remove the node and free the cert */
-void
-CERT_RemoveCertListNode(CERTCertListNode *node);
-
-SECStatus
-CERT_AddCertToListTail(CERTCertList *certs, CERTCertificate *cert);
-
-typedef PRBool (* CERTSortCallback)(CERTCertificate *certa,
- CERTCertificate *certb,
- void *arg);
-SECStatus
-CERT_AddCertToListSorted(CERTCertList *certs, CERTCertificate *cert,
- CERTSortCallback f, void *arg);
-
-/* callback for CERT_AddCertToListSorted that sorts based on validity
- * period and a given time.
- */
-PRBool
-CERT_SortCBValidity(CERTCertificate *certa,
- CERTCertificate *certb,
- void *arg);
-
-SECStatus
-CERT_CheckForEvilCert(CERTCertificate *cert);
-
-CERTGeneralName *
-CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena);
-
-int
-CERT_GetNamesLength(CERTGeneralName *names);
-
-CERTCertificate *
-CERT_CompareNameSpace(CERTCertificate *cert,
- CERTGeneralName *namesList,
- SECItem *namesListIndex,
- PRArenaPool *arena,
- CERTCertDBHandle *handle);
-
-SECStatus
-CERT_EncodeSubjectKeyID(PRArenaPool *arena, char *value, int len, SECItem *encodedValue);
-
-char *
-CERT_GetNickName(CERTCertificate *cert, CERTCertDBHandle *handle, PRArenaPool *nicknameArena);
-
-/*
- * Creates or adds to a list of all certs with a give subject name, sorted by
- * validity time, newest first. Invalid certs are considered older than
- * valid certs. If validOnly is set, do not include invalid certs on list.
- */
-CERTCertList *
-CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle,
- SECItem *name, int64 sorttime, PRBool validOnly);
-
-/*
- * Creates or adds to a list of all certs with a give nickname, sorted by
- * validity time, newest first. Invalid certs are considered older than valid
- * certs. If validOnly is set, do not include invalid certs on list.
- */
-CERTCertList *
-CERT_CreateNicknameCertList(CERTCertList *certList, CERTCertDBHandle *handle,
- char *nickname, int64 sorttime, PRBool validOnly);
-
-/*
- * Creates or adds to a list of all certs with a give email addr, sorted by
- * validity time, newest first. Invalid certs are considered older than valid
- * certs. If validOnly is set, do not include invalid certs on list.
- */
-CERTCertList *
-CERT_CreateEmailAddrCertList(CERTCertList *certList, CERTCertDBHandle *handle,
- char *emailAddr, int64 sorttime, PRBool validOnly);
-
-/*
- * remove certs from a list that don't have keyUsage and certType
- * that match the given usage.
- */
-SECStatus
-CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
- PRBool ca);
-
-/*
- * check the key usage of a cert against a set of required values
- */
-SECStatus
-CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage);
-
-/*
- * return required key usage and cert type based on cert usage
- */
-SECStatus
-CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage,
- PRBool ca,
- unsigned int *retKeyUsage,
- unsigned int *retCertType);
-/*
- * return required trust flags for various cert usages for CAs
- */
-SECStatus
-CERT_TrustFlagsForCACertUsage(SECCertUsage usage,
- unsigned int *retFlags,
- SECTrustType *retTrustType);
-
-/*
- * Find all user certificates that match the given criteria.
- *
- * "handle" - database to search
- * "usage" - certificate usage to match
- * "oneCertPerName" - if set then only return the "best" cert per
- * name
- * "validOnly" - only return certs that are curently valid
- * "proto_win" - window handle passed to pkcs11
- */
-CERTCertList *
-CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
- SECCertUsage usage,
- PRBool oneCertPerName,
- PRBool validOnly,
- void *proto_win);
-
-/*
- * Find a user certificate that matchs the given criteria.
- *
- * "handle" - database to search
- * "nickname" - nickname to match
- * "usage" - certificate usage to match
- * "validOnly" - only return certs that are curently valid
- * "proto_win" - window handle passed to pkcs11
- */
-CERTCertificate *
-CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
- char *nickname,
- SECCertUsage usage,
- PRBool validOnly,
- void *proto_win);
-
-/*
- * Filter a list of certificates, removing those certs that do not have
- * one of the named CA certs somewhere in their cert chain.
- *
- * "certList" - the list of certificates to filter
- * "nCANames" - number of CA names
- * "caNames" - array of CA names in string(rfc 1485) form
- * "usage" - what use the certs are for, this is used when
- * selecting CA certs
- */
-SECStatus
-CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
- char **caNames, SECCertUsage usage);
-
-/*
- * Collect the nicknames from all certs in a CertList. If the cert is not
- * valid, append a string to that nickname.
- *
- * "certList" - the list of certificates
- * "expiredString" - the string to append to the nickname of any expired cert
- * "notYetGoodString" - the string to append to the nickname of any cert
- * that is not yet valid
- */
-CERTCertNicknames *
-CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString,
- char *notYetGoodString);
-
-/*
- * Extract the nickname from a nickmake string that may have either
- * expiredString or notYetGoodString appended.
- *
- * Args:
- * "namestring" - the string containing the nickname, and possibly
- * one of the validity label strings
- * "expiredString" - the expired validity label string
- * "notYetGoodString" - the not yet good validity label string
- *
- * Returns the raw nickname
- */
-char *
-CERT_ExtractNicknameString(char *namestring, char *expiredString,
- char *notYetGoodString);
-
-/*
- * Given a certificate, return a string containing the nickname, and possibly
- * one of the validity strings, based on the current validity state of the
- * certificate.
- *
- * "arena" - arena to allocate returned string from. If NULL, then heap
- * is used.
- * "cert" - the cert to get nickname from
- * "expiredString" - the string to append to the nickname if the cert is
- * expired.
- * "notYetGoodString" - the string to append to the nickname if the cert is
- * not yet good.
- */
-char *
-CERT_GetCertNicknameWithValidity(PRArenaPool *arena, CERTCertificate *cert,
- char *expiredString, char *notYetGoodString);
-
-/*
- * Return the string representation of a DER encoded distinguished name
- * "dername" - The DER encoded name to convert
- */
-char *
-CERT_DerNameToAscii(SECItem *dername);
-
-/*
- * Supported usage values and types:
- * certUsageSSLClient
- * certUsageSSLServer
- * certUsageSSLServerWithStepUp
- * certUsageEmailSigner
- * certUsageEmailRecipient
- * certUsageObjectSigner
- */
-
-CERTCertificate *
-CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
- CERTCertOwner owner, SECCertUsage usage,
- PRBool preferTrusted, int64 validTime, PRBool validOnly);
-
-
-/*********************************************************************/
-/* A thread safe implementation of General Names */
-/*********************************************************************/
-
-/* Destroy a Single CERTGeneralName */
-void
-CERT_DestroyGeneralName(CERTGeneralName *name);
-
-/* Destroys a CERTGeneralNameList */
-void
-CERT_DestroyGeneralNameList(CERTGeneralNameList *list);
-
-/* Creates a CERTGeneralNameList */
-CERTGeneralNameList *
-CERT_CreateGeneralNameList(CERTGeneralName *name);
-
-/* Compares two CERTGeneralNameList */
-SECStatus
-CERT_CompareGeneralNameLists(CERTGeneralNameList *a, CERTGeneralNameList *b);
-
-/* returns a copy of the first name of the type requested */
-void *
-CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
- CERTGeneralNameType type,
- PRArenaPool *arena);
-
-/* Adds a name to the tail of the list */
-void
-CERT_AddGeneralNameToList(CERTGeneralNameList *list,
- CERTGeneralNameType type,
- void *data, SECItem *oid);
-
-/* returns a duplicate of the CERTGeneralNameList */
-CERTGeneralNameList *
-CERT_DupGeneralNameList(CERTGeneralNameList *list);
-
-/* returns the length of a CERTGeneralName */
-int
-CERT_GetNamesLength(CERTGeneralName *names);
-
-/*
- * Acquire the global lock on the cert database.
- * This lock is currently used for the following operations:
- * adding or deleting a cert to either the temp or perm databases
- * converting a temp to perm or perm to temp
- * changing(maybe just adding?) the trust of a cert
- * adjusting the reference count of a cert
- */
-void
-CERT_LockDB(CERTCertDBHandle *handle);
-
-/*
- * Free the global cert database lock.
- */
-void
-CERT_UnlockDB(CERTCertDBHandle *handle);
-
-/*
- * Get the certificate status checking configuratino data for
- * the certificate database
- */
-CERTStatusConfig *
-CERT_GetStatusConfig(CERTCertDBHandle *handle);
-
-/*
- * Set the certificate status checking information for the
- * database. The input structure becomes part of the certificate
- * database and will be freed by calling the 'Destroy' function in
- * the configuration object.
- */
-void
-CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *config);
-
-/*
- * Acquire the cert reference count lock
- * There is currently one global lock for all certs, but I'm putting a cert
- * arg here so that it will be easy to make it per-cert in the future if
- * that turns out to be necessary.
- */
-void
-CERT_LockCertRefCount(CERTCertificate *cert);
-
-/*
- * Free the cert reference count lock
- */
-void
-CERT_UnlockCertRefCount(CERTCertificate *cert);
-
-/*
- * Acquire the cert trust lock
- * There is currently one global lock for all certs, but I'm putting a cert
- * arg here so that it will be easy to make it per-cert in the future if
- * that turns out to be necessary.
- */
-void
-CERT_LockCertTrust(CERTCertificate *cert);
-
-/*
- * Free the cert trust lock
- */
-void
-CERT_UnlockCertTrust(CERTCertificate *cert);
-
-/*
- * Digest the cert's subject public key using the specified algorithm.
- * The necessary storage for the digest data is allocated. If "fill" is
- * non-null, the data is put there, otherwise a SECItem is allocated.
- * Allocation from "arena" if it is non-null, heap otherwise. Any problem
- * results in a NULL being returned (and an appropriate error set).
- */
-extern SECItem *
-CERT_SPKDigestValueForCert(PRArenaPool *arena, CERTCertificate *cert,
- SECOidTag digestAlg, SECItem *fill);
-
-
-SEC_END_PROTOS
-
-#endif /* _CERT_H_ */
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c
deleted file mode 100644
index 17f084f5b..000000000
--- a/security/nss/lib/certdb/certdb.c
+++ /dev/null
@@ -1,2271 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Certificate handling code
- *
- * $Id$
- */
-
-#include "prlock.h"
-#include "prmon.h"
-#include "prtime.h"
-#include "cert.h"
-#include "secder.h"
-#include "secoid.h"
-#include "secasn1.h"
-#include "blapi.h" /* for SHA1_HashBuf */
-#include "genname.h"
-#include "keyhi.h"
-#include "secitem.h"
-#include "mcom_db.h"
-#include "certdb.h"
-#include "prprf.h"
-#include "sechash.h"
-#include "prlong.h"
-#include "certxutl.h"
-#include "portreg.h"
-#include "secerr.h"
-#include "sslerr.h"
-#include "nsslocks.h"
-#include "cdbhdl.h"
-
-/*
- * Certificate database handling code
- */
-
-
-const SEC_ASN1Template CERT_CertExtensionTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertExtension) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTCertExtension,id) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
- offsetof(CERTCertExtension,critical) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(CERTCertExtension,value) },
- { 0, }
-};
-
-const SEC_ASN1Template CERT_SequenceOfCertExtensionTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, CERT_CertExtensionTemplate }
-};
-
-const SEC_ASN1Template CERT_CertificateTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertificate) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 0, /* XXX DER_DEFAULT */
- offsetof(CERTCertificate,version),
- SEC_IntegerTemplate },
- { SEC_ASN1_INTEGER,
- offsetof(CERTCertificate,serialNumber) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificate,signature),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_SAVE,
- offsetof(CERTCertificate,derIssuer) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificate,issuer),
- CERT_NameTemplate },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificate,validity),
- CERT_ValidityTemplate },
- { SEC_ASN1_SAVE,
- offsetof(CERTCertificate,derSubject) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificate,subject),
- CERT_NameTemplate },
- { SEC_ASN1_SAVE,
- offsetof(CERTCertificate,derPublicKey) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificate,subjectPublicKeyInfo),
- CERT_SubjectPublicKeyInfoTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CERTCertificate,issuerID),
- SEC_ObjectIDTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
- offsetof(CERTCertificate,subjectID),
- SEC_ObjectIDTemplate },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 3,
- offsetof(CERTCertificate,extensions),
- CERT_SequenceOfCertExtensionTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_SignedCertificateTemplate[] =
-{
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertificate) },
- { SEC_ASN1_SAVE,
- offsetof(CERTCertificate,signatureWrap.data) },
- { SEC_ASN1_INLINE,
- 0, CERT_CertificateTemplate },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificate,signatureWrap.signatureAlgorithm),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_BIT_STRING,
- offsetof(CERTCertificate,signatureWrap.signature) },
- { 0 }
-};
-
-/*
- * Find the subjectName in a DER encoded certificate
- */
-const SEC_ASN1Template SEC_CertSubjectTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECItem) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
- 0, SEC_SkipTemplate }, /* version */
- { SEC_ASN1_SKIP }, /* serial number */
- { SEC_ASN1_SKIP }, /* signature algorithm */
- { SEC_ASN1_SKIP }, /* issuer */
- { SEC_ASN1_SKIP }, /* validity */
- { SEC_ASN1_ANY, 0, NULL }, /* subject */
- { SEC_ASN1_SKIP_REST },
- { 0 }
-};
-
-/*
- * Find the issuerName in a DER encoded certificate
- */
-const SEC_ASN1Template SEC_CertIssuerTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECItem) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
- 0, SEC_SkipTemplate }, /* version */
- { SEC_ASN1_SKIP }, /* serial number */
- { SEC_ASN1_SKIP }, /* signature algorithm */
- { SEC_ASN1_ANY, 0, NULL }, /* issuer */
- { SEC_ASN1_SKIP_REST },
- { 0 }
-};
-
-/*
- * Find the issuer and serialNumber in a DER encoded certificate.
- * This data is used as the database lookup key since its the unique
- * identifier of a certificate.
- */
-const SEC_ASN1Template CERT_CertKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertKey) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
- 0, SEC_SkipTemplate }, /* version */
- { SEC_ASN1_INTEGER,
- offsetof(CERTCertKey,serialNumber) },
- { SEC_ASN1_SKIP }, /* signature algorithm */
- { SEC_ASN1_ANY,
- offsetof(CERTCertKey,derIssuer) },
- { SEC_ASN1_SKIP_REST },
- { 0 }
-};
-
-
-
-SECStatus
-CERT_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer, SECItem *sn,
- SECItem *key)
-{
- key->len = sn->len + issuer->len;
-
- key->data = (unsigned char*)PORT_ArenaAlloc(arena, key->len);
- if ( !key->data ) {
- goto loser;
- }
-
- /* copy the serialNumber */
- PORT_Memcpy(key->data, sn->data, sn->len);
-
- /* copy the issuer */
- PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len);
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-
-/*
- * Extract the subject name from a DER certificate
- */
-SECStatus
-CERT_NameFromDERCert(SECItem *derCert, SECItem *derName)
-{
- int rv;
- PRArenaPool *arena;
- CERTSignedData sd;
- void *tmpptr;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( ! arena ) {
- return(SECFailure);
- }
-
- PORT_Memset(&sd, 0, sizeof(CERTSignedData));
- rv = SEC_ASN1DecodeItem(arena, &sd, CERT_SignedDataTemplate, derCert);
-
- if ( rv ) {
- goto loser;
- }
-
- PORT_Memset(derName, 0, sizeof(SECItem));
- rv = SEC_ASN1DecodeItem(arena, derName, SEC_CertSubjectTemplate, &sd.data);
-
- if ( rv ) {
- goto loser;
- }
-
- tmpptr = derName->data;
- derName->data = (unsigned char*)PORT_Alloc(derName->len);
- if ( derName->data == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(derName->data, tmpptr, derName->len);
-
- PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return(SECFailure);
-}
-
-SECStatus
-CERT_IssuerNameFromDERCert(SECItem *derCert, SECItem *derName)
-{
- int rv;
- PRArenaPool *arena;
- CERTSignedData sd;
- void *tmpptr;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( ! arena ) {
- return(SECFailure);
- }
-
- PORT_Memset(&sd, 0, sizeof(CERTSignedData));
- rv = SEC_ASN1DecodeItem(arena, &sd, CERT_SignedDataTemplate, derCert);
-
- if ( rv ) {
- goto loser;
- }
-
- PORT_Memset(derName, 0, sizeof(SECItem));
- rv = SEC_ASN1DecodeItem(arena, derName, SEC_CertIssuerTemplate, &sd.data);
-
- if ( rv ) {
- goto loser;
- }
-
- tmpptr = derName->data;
- derName->data = (unsigned char*)PORT_Alloc(derName->len);
- if ( derName->data == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(derName->data, tmpptr, derName->len);
-
- PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return(SECFailure);
-}
-
-/*
- * Generate a database key, based on serial number and issuer, from a
- * DER certificate.
- */
-SECStatus
-CERT_KeyFromDERCert(PRArenaPool *arena, SECItem *derCert, SECItem *key)
-{
- int rv;
- CERTSignedData sd;
- CERTCertKey certkey;
-
- PORT_Memset(&sd, 0, sizeof(CERTSignedData));
- PORT_Memset(&certkey, 0, sizeof(CERTCertKey));
-
- PORT_Memset(&sd, 0, sizeof(CERTSignedData));
- rv = SEC_ASN1DecodeItem(arena, &sd, CERT_SignedDataTemplate, derCert);
-
- if ( rv ) {
- goto loser;
- }
-
- PORT_Memset(&certkey, 0, sizeof(CERTCertKey));
- rv = SEC_ASN1DecodeItem(arena, &certkey, CERT_CertKeyTemplate, &sd.data);
-
- if ( rv ) {
- goto loser;
- }
-
- return(CERT_KeyFromIssuerAndSN(arena, &certkey.derIssuer,
- &certkey.serialNumber, key));
-loser:
- return(SECFailure);
-}
-
-/*
- * fill in keyUsage field of the cert based on the cert extension
- * if the extension is not critical, then we allow all uses
- */
-static SECStatus
-GetKeyUsage(CERTCertificate *cert)
-{
- SECStatus rv;
- SECItem tmpitem;
-
- rv = CERT_FindKeyUsageExtension(cert, &tmpitem);
- if ( rv == SECSuccess ) {
- /* remember the actual value of the extension */
- cert->rawKeyUsage = tmpitem.data[0];
- cert->keyUsagePresent = PR_TRUE;
- cert->keyUsage = tmpitem.data[0];
-
- PORT_Free(tmpitem.data);
- tmpitem.data = NULL;
-
- } else {
- /* if the extension is not present, then we allow all uses */
- cert->keyUsage = KU_ALL;
- cert->rawKeyUsage = KU_ALL;
- cert->keyUsagePresent = PR_FALSE;
- }
-
- if ( CERT_GovtApprovedBitSet(cert) ) {
- cert->keyUsage |= KU_NS_GOVT_APPROVED;
- cert->rawKeyUsage |= KU_NS_GOVT_APPROVED;
- }
-
- return(SECSuccess);
-}
-
-
-/*
- * determine if a fortezza V1 Cert is a CA or not.
- */
-static PRBool
-fortezzaIsCA( CERTCertificate *cert) {
- PRBool isCA = PR_FALSE;
- CERTSubjectPublicKeyInfo *spki = &cert->subjectPublicKeyInfo;
- int tag;
-
- tag = SECOID_GetAlgorithmTag(&spki->algorithm);
- if ((tag == SEC_OID_MISSI_KEA_DSS_OLD) ||
- (tag == SEC_OID_MISSI_KEA_DSS) ||
- (tag == SEC_OID_MISSI_DSS_OLD) ||
- (tag == SEC_OID_MISSI_DSS) ) {
- SECItem rawkey;
- unsigned char *rawptr;
- unsigned char *end;
- int len;
-
- rawkey = spki->subjectPublicKey;
- DER_ConvertBitString(&rawkey);
- rawptr = rawkey.data;
- end = rawkey.data + rawkey.len;
-
- /* version */
- rawptr += sizeof(((SECKEYPublicKey*)0)->u.fortezza.KMID)+2;
-
- /* clearance (the string up to the first byte with the hi-bit on */
- while ((rawptr < end) && (*rawptr++ & 0x80));
- if (rawptr >= end) { return PR_FALSE; }
-
- /* KEAPrivilege (the string up to the first byte with the hi-bit on */
- while ((rawptr < end) && (*rawptr++ & 0x80));
- if (rawptr >= end) { return PR_FALSE; }
-
- /* skip the key */
- len = (*rawptr << 8) | rawptr[1];
- rawptr += 2 + len;
-
- /* shared key */
- if (rawptr >= end) { return PR_FALSE; }
- /* DSS Version is next */
- rawptr += 2;
-
- /* DSSPrivilege (the string up to the first byte with the hi-bit on */
- if (*rawptr & 0x30) isCA = PR_TRUE;
-
- }
- return isCA;
-}
-
-static SECStatus
-findOIDinOIDSeqByTagNum(CERTOidSequence *seq, SECOidTag tagnum)
-{
- SECItem **oids;
- SECItem *oid;
- SECStatus rv = SECFailure;
-
- if (seq != NULL) {
- oids = seq->oids;
- while (oids != NULL && *oids != NULL) {
- oid = *oids;
- if (SECOID_FindOIDTag(oid) == tagnum) {
- rv = SECSuccess;
- break;
- }
- oids++;
- }
- }
- return rv;
-}
-
-/*
- * fill in nsCertType field of the cert based on the cert extension
- */
-SECStatus
-CERT_GetCertType(CERTCertificate *cert)
-{
- SECStatus rv;
- SECItem tmpitem;
- SECItem encodedExtKeyUsage;
- CERTOidSequence *extKeyUsage = NULL;
- PRBool basicConstraintPresent = PR_FALSE;
- CERTBasicConstraints basicConstraint;
-
- tmpitem.data = NULL;
- CERT_FindNSCertTypeExtension(cert, &tmpitem);
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE,
- &encodedExtKeyUsage);
- if (rv == SECSuccess) {
- extKeyUsage = CERT_DecodeOidSequence(&encodedExtKeyUsage);
- }
- rv = CERT_FindBasicConstraintExten(cert, &basicConstraint);
- if (rv == SECSuccess) {
- basicConstraintPresent = PR_TRUE;
- }
- if (tmpitem.data != NULL || extKeyUsage != NULL) {
- if (tmpitem.data == NULL) {
- cert->nsCertType = 0;
- } else {
- cert->nsCertType = tmpitem.data[0];
- }
-
- /* free tmpitem data pointer to avoid memory leak */
- PORT_Free(tmpitem.data);
- tmpitem.data = NULL;
-
- /*
- * for this release, we will allow SSL certs with an email address
- * to be used for email
- */
- if ( ( cert->nsCertType & NS_CERT_TYPE_SSL_CLIENT ) &&
- cert->emailAddr ) {
- cert->nsCertType |= NS_CERT_TYPE_EMAIL;
- }
- /*
- * for this release, we will allow SSL intermediate CAs to be
- * email intermediate CAs too.
- */
- if ( cert->nsCertType & NS_CERT_TYPE_SSL_CA ) {
- cert->nsCertType |= NS_CERT_TYPE_EMAIL_CA;
- }
- /*
- * allow a cert with the extended key usage of EMail Protect
- * to be used for email or as an email CA, if basic constraints
- * indicates that it is a CA.
- */
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT) ==
- SECSuccess) {
- if (basicConstraintPresent == PR_TRUE &&
- (basicConstraint.isCA)) {
- cert->nsCertType |= NS_CERT_TYPE_EMAIL_CA;
- } else {
- cert->nsCertType |= NS_CERT_TYPE_EMAIL;
- }
- }
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) ==
- SECSuccess){
- if (basicConstraintPresent == PR_TRUE &&
- (basicConstraint.isCA)) {
- cert->nsCertType |= NS_CERT_TYPE_SSL_CA;
- } else {
- cert->nsCertType |= NS_CERT_TYPE_SSL_SERVER;
- }
- }
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH) ==
- SECSuccess){
- if (basicConstraintPresent == PR_TRUE &&
- (basicConstraint.isCA)) {
- cert->nsCertType |= NS_CERT_TYPE_SSL_CA;
- } else {
- cert->nsCertType |= NS_CERT_TYPE_SSL_CLIENT;
- }
- }
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_EXT_KEY_USAGE_CODE_SIGN) ==
- SECSuccess) {
- if (basicConstraintPresent == PR_TRUE &&
- (basicConstraint.isCA)) {
- cert->nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
- } else {
- cert->nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING;
- }
- }
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_EXT_KEY_USAGE_TIME_STAMP) ==
- SECSuccess) {
- cert->nsCertType |= EXT_KEY_USAGE_TIME_STAMP;
- }
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_OCSP_RESPONDER) ==
- SECSuccess) {
- cert->nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
- }
- } else {
- /* if no extension, then allow any ssl or email (no ca or object
- * signing)
- */
- cert->nsCertType = NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER |
- NS_CERT_TYPE_EMAIL;
-
- /* if the basic constraint extension says the cert is a CA, then
- allow SSL CA and EMAIL CA and Status Responder */
- if ((basicConstraintPresent == PR_TRUE)
- && (basicConstraint.isCA)) {
- cert->nsCertType |= NS_CERT_TYPE_SSL_CA;
- cert->nsCertType |= NS_CERT_TYPE_EMAIL_CA;
- cert->nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
- } else if (CERT_IsCACert(cert, NULL) == PR_TRUE) {
- cert->nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
- }
-
- /* if the cert is a fortezza CA cert, then allow SSL CA and EMAIL CA */
- if (fortezzaIsCA(cert)) {
- cert->nsCertType |= NS_CERT_TYPE_SSL_CA;
- cert->nsCertType |= NS_CERT_TYPE_EMAIL_CA;
- }
- }
-
- if (extKeyUsage != NULL) {
- PORT_Free(encodedExtKeyUsage.data);
- CERT_DestroyOidSequence(extKeyUsage);
- }
- return(SECSuccess);
-}
-
-/*
- * cert_GetKeyID() - extract or generate the subjectKeyID from a certificate
- */
-SECStatus
-cert_GetKeyID(CERTCertificate *cert)
-{
- SECItem tmpitem;
- SECStatus rv;
- SECKEYPublicKey *key;
-
- cert->subjectKeyID.len = 0;
-
- /* see of the cert has a key identifier extension */
- rv = CERT_FindSubjectKeyIDExten(cert, &tmpitem);
- if ( rv == SECSuccess ) {
- cert->subjectKeyID.data = (unsigned char*) PORT_ArenaAlloc(cert->arena, tmpitem.len);
- if ( cert->subjectKeyID.data != NULL ) {
- PORT_Memcpy(cert->subjectKeyID.data, tmpitem.data, tmpitem.len);
- cert->subjectKeyID.len = tmpitem.len;
- cert->keyIDGenerated = PR_FALSE;
- }
-
- PORT_Free(tmpitem.data);
- }
-
- /* if the cert doesn't have a key identifier extension and the cert is
- * a V1 fortezza certificate, use the cert's 8 byte KMID as the
- * key identifier. */
- key = CERT_KMIDPublicKey(cert);
-
- if (key != NULL) {
-
- if (key->keyType == fortezzaKey) {
-
- cert->subjectKeyID.data = (unsigned char *)PORT_ArenaAlloc(cert->arena, 8);
- if ( cert->subjectKeyID.data != NULL ) {
- PORT_Memcpy(cert->subjectKeyID.data, key->u.fortezza.KMID, 8);
- cert->subjectKeyID.len = 8;
- cert->keyIDGenerated = PR_FALSE;
- }
- }
-
- SECKEY_DestroyPublicKey(key);
- }
-
- /* if the cert doesn't have a key identifier extension, then generate one*/
- if ( cert->subjectKeyID.len == 0 ) {
- /*
- * pkix says that if the subjectKeyID is not present, then we should
- * use the SHA-1 hash of the DER-encoded publicKeyInfo from the cert
- */
- cert->subjectKeyID.data = (unsigned char *)PORT_ArenaAlloc(cert->arena, SHA1_LENGTH);
- if ( cert->subjectKeyID.data != NULL ) {
- rv = SHA1_HashBuf(cert->subjectKeyID.data,
- cert->derPublicKey.data,
- cert->derPublicKey.len);
- if ( rv == SECSuccess ) {
- cert->subjectKeyID.len = SHA1_LENGTH;
- }
- }
- }
-
- if ( cert->subjectKeyID.len == 0 ) {
- return(SECFailure);
- }
- return(SECSuccess);
-
-}
-
-/*
- * take a DER certificate and decode it into a certificate structure
- */
-CERTCertificate *
-CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
- char *nickname)
-{
- CERTCertificate *cert;
- PRArenaPool *arena;
- void *data;
- int rv;
- int len;
- char *tmpname;
-
- /* make a new arena */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- return 0;
- }
-
- /* allocate the certificate structure */
- cert = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
-
- if ( !cert ) {
- goto loser;
- }
-
- cert->arena = arena;
-
- if ( copyDER ) {
- /* copy the DER data for the cert into this arena */
- data = (void *)PORT_ArenaAlloc(arena, derSignedCert->len);
- if ( !data ) {
- goto loser;
- }
- cert->derCert.data = (unsigned char *)data;
- cert->derCert.len = derSignedCert->len;
- PORT_Memcpy(data, derSignedCert->data, derSignedCert->len);
- } else {
- /* point to passed in DER data */
- cert->derCert = *derSignedCert;
- }
-
- /* decode the certificate info */
- rv = SEC_ASN1DecodeItem(arena, cert, SEC_SignedCertificateTemplate,
- &cert->derCert);
-
- if ( rv ) {
- goto loser;
- }
-
- if (cert_HasUnknownCriticalExten (cert->extensions) == PR_TRUE) {
- PORT_SetError(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
- goto loser;
- }
-
- /* generate and save the database key for the cert */
- rv = CERT_KeyFromDERCert(arena, &cert->derCert, &cert->certKey);
- if ( rv ) {
- goto loser;
- }
-
- /* set the nickname */
- if ( nickname == NULL ) {
- cert->nickname = NULL;
- } else {
- /* copy and install the nickname */
- len = PORT_Strlen(nickname) + 1;
- cert->nickname = (char*)PORT_ArenaAlloc(arena, len);
- if ( cert->nickname == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(cert->nickname, nickname, len);
- }
-
- /* set the email address */
- cert->emailAddr = CERT_GetCertificateEmailAddress(cert);
-
- /* initialize the subjectKeyID */
- rv = cert_GetKeyID(cert);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* initialize keyUsage */
- rv = GetKeyUsage(cert);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* initialize the certType */
- rv = CERT_GetCertType(cert);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- tmpname = CERT_NameToAscii(&cert->subject);
- if ( tmpname != NULL ) {
- cert->subjectName = PORT_ArenaStrdup(cert->arena, tmpname);
- PORT_Free(tmpname);
- }
-
- tmpname = CERT_NameToAscii(&cert->issuer);
- if ( tmpname != NULL ) {
- cert->issuerName = PORT_ArenaStrdup(cert->arena, tmpname);
- PORT_Free(tmpname);
- }
-
- cert->referenceCount = 1;
- cert->slot = NULL;
- cert->pkcs11ID = CK_INVALID_KEY;
- cert->dbnickname = NULL;
-
- return(cert);
-
-loser:
-
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(0);
-}
-
-/*
-** Amount of time that a certifiate is allowed good before it is actually
-** good. This is used for pending certificates, ones that are about to be
-** valid. The slop is designed to allow for some variance in the clocks
-** of the machine checking the certificate.
-*/
-#define PENDING_SLOP (24L*60L*60L)
-
-SECStatus
-CERT_GetCertTimes(CERTCertificate *c, int64 *notBefore, int64 *notAfter)
-{
- int rv;
-
- /* convert DER not-before time */
- rv = DER_UTCTimeToTime(notBefore, &c->validity.notBefore);
- if (rv) {
- return(SECFailure);
- }
-
- /* convert DER not-after time */
- rv = DER_UTCTimeToTime(notAfter, &c->validity.notAfter);
- if (rv) {
- return(SECFailure);
- }
-
- return(SECSuccess);
-}
-
-/*
- * Check the validity times of a certificate
- */
-SECCertTimeValidity
-CERT_CheckCertValidTimes(CERTCertificate *c, int64 t, PRBool allowOverride)
-{
- int64 notBefore, notAfter, pendingSlop;
- SECStatus rv;
-
- /* if cert is already marked OK, then don't bother to check */
- if ( allowOverride && c->timeOK ) {
- return(secCertTimeValid);
- }
-
- rv = CERT_GetCertTimes(c, &notBefore, &notAfter);
-
- if (rv) {
- return(secCertTimeExpired); /*XXX is this the right thing to do here?*/
- }
-
- LL_I2L(pendingSlop, PENDING_SLOP);
- LL_SUB(notBefore, notBefore, pendingSlop);
- if ( LL_CMP( t, <, notBefore ) ) {
- PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE);
- return(secCertTimeNotValidYet);
- }
- if ( LL_CMP( t, >, notAfter) ) {
- PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE);
- return(secCertTimeExpired);
- }
-
- return(secCertTimeValid);
-}
-
-SECStatus
-SEC_GetCrlTimes(CERTCrl *date, int64 *notBefore, int64 *notAfter)
-{
- int rv;
-
- /* convert DER not-before time */
- rv = DER_UTCTimeToTime(notBefore, &date->lastUpdate);
- if (rv) {
- return(SECFailure);
- }
-
- /* convert DER not-after time */
- if (date->nextUpdate.data) {
- rv = DER_UTCTimeToTime(notAfter, &date->nextUpdate);
- if (rv) {
- return(SECFailure);
- }
- }
- else {
- LL_I2L(*notAfter, 0L);
- }
- return(SECSuccess);
-}
-
-/* These routines should probably be combined with the cert
- * routines using an common extraction routine.
- */
-SECCertTimeValidity
-SEC_CheckCrlTimes(CERTCrl *crl, int64 t) {
- int64 notBefore, notAfter, pendingSlop;
- SECStatus rv;
-
- rv = SEC_GetCrlTimes(crl, &notBefore, &notAfter);
-
- if (rv) {
- return(secCertTimeExpired);
- }
-
- LL_I2L(pendingSlop, PENDING_SLOP);
- LL_SUB(notBefore, notBefore, pendingSlop);
- if ( LL_CMP( t, <, notBefore ) ) {
- return(secCertTimeNotValidYet);
- }
-
- /* If next update is omitted and the test for notBefore passes, then
- we assume that the crl is up to date.
- */
- if ( LL_IS_ZERO(notAfter) ) {
- return(secCertTimeValid);
- }
-
- if ( LL_CMP( t, >, notAfter) ) {
- return(secCertTimeExpired);
- }
-
- return(secCertTimeValid);
-}
-
-PRBool
-SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old) {
- int64 newNotBefore, newNotAfter;
- int64 oldNotBefore, oldNotAfter;
- SECStatus rv;
-
- /* problems with the new CRL? reject it */
- rv = SEC_GetCrlTimes(inNew, &newNotBefore, &newNotAfter);
- if (rv) return PR_FALSE;
-
- /* problems with the old CRL? replace it */
- rv = SEC_GetCrlTimes(old, &oldNotBefore, &oldNotAfter);
- if (rv) return PR_TRUE;
-
- /* Question: what about the notAfter's? */
- return ((PRBool)LL_CMP(oldNotBefore, <, newNotBefore));
-}
-
-/*
- * return required key usage and cert type based on cert usage
- */
-SECStatus
-CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage,
- PRBool ca,
- unsigned int *retKeyUsage,
- unsigned int *retCertType)
-{
- unsigned int requiredKeyUsage = 0;
- unsigned int requiredCertType = 0;
-
- if ( ca ) {
- switch ( usage ) {
- case certUsageSSLServerWithStepUp:
- requiredKeyUsage = KU_NS_GOVT_APPROVED | KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageSSLClient:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageSSLServer:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageSSLCA:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageEmailSigner:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_EMAIL_CA;
- break;
- case certUsageEmailRecipient:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_EMAIL_CA;
- break;
- case certUsageObjectSigner:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA;
- break;
- case certUsageAnyCA:
- case certUsageStatusResponder:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA |
- NS_CERT_TYPE_EMAIL_CA |
- NS_CERT_TYPE_SSL_CA;
- break;
- default:
- PORT_Assert(0);
- goto loser;
- }
- } else {
- switch ( usage ) {
- case certUsageSSLClient:
- requiredKeyUsage = KU_DIGITAL_SIGNATURE;
- requiredCertType = NS_CERT_TYPE_SSL_CLIENT;
- break;
- case certUsageSSLServer:
- requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT;
- requiredCertType = NS_CERT_TYPE_SSL_SERVER;
- break;
- case certUsageSSLServerWithStepUp:
- requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT |
- KU_NS_GOVT_APPROVED;
- requiredCertType = NS_CERT_TYPE_SSL_SERVER;
- break;
- case certUsageSSLCA:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageEmailSigner:
- requiredKeyUsage = KU_DIGITAL_SIGNATURE;
- requiredCertType = NS_CERT_TYPE_EMAIL;
- break;
- case certUsageEmailRecipient:
- requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT;
- requiredCertType = NS_CERT_TYPE_EMAIL;
- break;
- case certUsageObjectSigner:
- requiredKeyUsage = KU_DIGITAL_SIGNATURE;
- requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING;
- break;
- case certUsageStatusResponder:
- requiredKeyUsage = KU_DIGITAL_SIGNATURE;
- requiredCertType = EXT_KEY_USAGE_STATUS_RESPONDER;
- break;
- default:
- PORT_Assert(0);
- goto loser;
- }
- }
-
- if ( retKeyUsage != NULL ) {
- *retKeyUsage = requiredKeyUsage;
- }
- if ( retCertType != NULL ) {
- *retCertType = requiredCertType;
- }
-
- return(SECSuccess);
-loser:
- return(SECFailure);
-}
-
-/*
- * check the key usage of a cert against a set of required values
- */
-SECStatus
-CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage)
-{
- SECKEYPublicKey *key;
-
- /* choose between key agreement or key encipherment based on key
- * type in cert
- */
- if ( requiredUsage & KU_KEY_AGREEMENT_OR_ENCIPHERMENT ) {
- key = CERT_ExtractPublicKey(cert);
- if ( ( key->keyType == keaKey ) || ( key->keyType == fortezzaKey ) ||
- ( key->keyType == dhKey ) ) {
- requiredUsage |= KU_KEY_AGREEMENT;
- } else {
- requiredUsage |= KU_KEY_ENCIPHERMENT;
- }
-
- /* now turn off the special bit */
- requiredUsage &= (~KU_KEY_AGREEMENT_OR_ENCIPHERMENT);
-
- SECKEY_DestroyPublicKey(key);
- }
-
- if ( ( cert->keyUsage & requiredUsage ) != requiredUsage ) {
- return(SECFailure);
- }
- return(SECSuccess);
-}
-
-
-CERTCertificate *
-CERT_DupCertificate(CERTCertificate *c)
-{
- if (c) {
- CERT_LockCertRefCount(c);
- ++c->referenceCount;
- CERT_UnlockCertRefCount(c);
- }
- return c;
-}
-
-/*
- * Allow use of default cert database, so that apps(such as mozilla) don't
- * have to pass the handle all over the place.
- */
-static CERTCertDBHandle *default_cert_db_handle = 0;
-
-void
-CERT_SetDefaultCertDB(CERTCertDBHandle *handle)
-{
- default_cert_db_handle = handle;
-
- return;
-}
-
-CERTCertDBHandle *
-CERT_GetDefaultCertDB(void)
-{
- return(default_cert_db_handle);
-}
-
-/*
- * Open volatile certificate database and index databases. This is a
- * fallback if the real databases can't be opened or created. It is only
- * resident in memory, so it will not be persistent. We do this so that
- * we don't crash if the databases can't be created.
- */
-SECStatus
-CERT_OpenVolatileCertDB(CERTCertDBHandle *handle)
-{
- /*
- * Open the memory resident perm cert database.
- */
- handle->permCertDB = dbopen( 0, O_RDWR | O_CREAT, 0600, DB_HASH, 0 );
- if ( !handle->permCertDB ) {
- goto loser;
- }
-
- /*
- * Open the memory resident decoded cert database.
- */
- handle->tempCertDB = dbopen( 0, O_RDWR | O_CREAT, 0600, DB_HASH, 0 );
- if ( !handle->tempCertDB ) {
- goto loser;
- }
-
- handle->dbMon = PR_NewMonitor();
- PORT_Assert(handle->dbMon != NULL);
-
- handle->spkDigestInfo = NULL;
- handle->statusConfig = NULL;
-
- /* initialize the cert database */
- (void) CERT_InitCertDB(handle);
-
- return (SECSuccess);
-
-loser:
-
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
-
- if ( handle->permCertDB ) {
- (* handle->permCertDB->close)(handle->permCertDB);
- handle->permCertDB = 0;
- }
-
- if ( handle->tempCertDB ) {
- (* handle->tempCertDB->close)(handle->tempCertDB);
- handle->tempCertDB = 0;
- }
-
- return(SECFailure);
-}
-
-/* XXX this would probably be okay/better as an xp routine? */
-static void
-sec_lower_string(char *s)
-{
- if ( s == NULL ) {
- return;
- }
-
- while ( *s ) {
- *s = PORT_Tolower(*s);
- s++;
- }
-
- return;
-}
-
-/*
-** Add a domain name to the list of names that the user has explicitly
-** allowed (despite cert name mismatches) for use with a server cert.
-*/
-SECStatus
-CERT_AddOKDomainName(CERTCertificate *cert, const char *hn)
-{
- CERTOKDomainName *domainOK;
- int newNameLen;
-
- if (!hn || !(newNameLen = strlen(hn))) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- domainOK = (CERTOKDomainName *)PORT_ArenaZAlloc(cert->arena,
- (sizeof *domainOK) + newNameLen);
- if (!domainOK)
- return SECFailure; /* error code is already set. */
-
- PORT_Strcpy(domainOK->name, hn);
- sec_lower_string(domainOK->name);
-
- /* put at head of list. */
- domainOK->next = cert->domainOK;
- cert->domainOK = domainOK;
- return SECSuccess;
-}
-
-/* Make sure that the name of the host we are connecting to matches the
- * name that is incoded in the common-name component of the certificate
- * that they are using.
- */
-SECStatus
-CERT_VerifyCertName(CERTCertificate *cert, const char *hn)
-{
- char * cn;
- char * domain;
- char * hndomain;
- char * hostname;
- int regvalid;
- int match;
- SECStatus rv;
- CERTOKDomainName *domainOK;
-
- if (!hn || !strlen(hn)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- hostname = PORT_Strdup(hn);
- if ( hostname == NULL ) {
- return(SECFailure);
- }
- sec_lower_string(hostname);
-
- /* if the name is one that the user has already approved, it's OK. */
- for (domainOK = cert->domainOK; domainOK; domainOK = domainOK->next) {
- if (0 == PORT_Strcmp(hostname, domainOK->name)) {
- PORT_Free(hostname);
- return SECSuccess;
- }
- }
-
- /* try the cert extension first, then the common name */
- cn = CERT_FindNSStringExtension(cert, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME);
- if ( cn == NULL ) {
- cn = CERT_GetCommonName(&cert->subject);
- }
-
- sec_lower_string(cn);
-
- if ( cn ) {
- if ( ( hndomain = PORT_Strchr(hostname, '.') ) == NULL ) {
- /* No domain in server name */
- if ( ( domain = PORT_Strchr(cn, '.') ) != NULL ) {
- /* there is a domain in the cn string, so chop it off */
- *domain = '\0';
- }
- }
-
- regvalid = PORT_RegExpValid(cn);
-
- if ( regvalid == NON_SXP ) {
- /* compare entire hostname with cert name */
- if ( PORT_Strcmp(hostname, cn) == 0 ) {
- rv = SECSuccess;
- goto done;
- }
-
- if ( hndomain ) {
- /* compare just domain name with cert name */
- if ( PORT_Strcmp(hndomain+1, cn) == 0 ) {
- rv = SECSuccess;
- goto done;
- }
- }
-
- PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
- rv = SECFailure;
- goto done;
-
- } else {
- /* try to match the shexp */
- match = PORT_RegExpCaseSearch(hostname, cn);
-
- if ( match == 0 ) {
- rv = SECSuccess;
- } else {
- PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
- rv = SECFailure;
- }
- goto done;
- }
- }
-
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
-
-done:
- /* free the common name */
- if ( cn ) {
- PORT_Free(cn);
- }
-
- if ( hostname ) {
- PORT_Free(hostname);
- }
-
- return(rv);
-}
-
-PRBool
-CERT_CompareCerts(CERTCertificate *c1, CERTCertificate *c2)
-{
- SECComparison comp;
-
- comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
- if ( comp == SECEqual ) { /* certs are the same */
- return(PR_TRUE);
- } else {
- return(PR_FALSE);
- }
-}
-
-static SECStatus
-StringsEqual(char *s1, char *s2) {
- if ( ( s1 == NULL ) || ( s2 == NULL ) ) {
- if ( s1 != s2 ) { /* only one is null */
- return(SECFailure);
- }
- return(SECSuccess); /* both are null */
- }
-
- if ( PORT_Strcmp( s1, s2 ) != 0 ) {
- return(SECFailure); /* not equal */
- }
-
- return(SECSuccess); /* strings are equal */
-}
-
-
-PRBool
-CERT_CompareCertsForRedirection(CERTCertificate *c1, CERTCertificate *c2)
-{
- SECComparison comp;
- char *c1str, *c2str;
- SECStatus eq;
-
- comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
- if ( comp == SECEqual ) { /* certs are the same */
- return(PR_TRUE);
- }
-
- /* check if they are issued by the same CA */
- comp = SECITEM_CompareItem(&c1->derIssuer, &c2->derIssuer);
- if ( comp != SECEqual ) { /* different issuer */
- return(PR_FALSE);
- }
-
- /* check country name */
- c1str = CERT_GetCountryName(&c1->subject);
- c2str = CERT_GetCountryName(&c2->subject);
- eq = StringsEqual(c1str, c2str);
- PORT_Free(c1str);
- PORT_Free(c2str);
- if ( eq != SECSuccess ) {
- return(PR_FALSE);
- }
-
- /* check locality name */
- c1str = CERT_GetLocalityName(&c1->subject);
- c2str = CERT_GetLocalityName(&c2->subject);
- eq = StringsEqual(c1str, c2str);
- PORT_Free(c1str);
- PORT_Free(c2str);
- if ( eq != SECSuccess ) {
- return(PR_FALSE);
- }
-
- /* check state name */
- c1str = CERT_GetStateName(&c1->subject);
- c2str = CERT_GetStateName(&c2->subject);
- eq = StringsEqual(c1str, c2str);
- PORT_Free(c1str);
- PORT_Free(c2str);
- if ( eq != SECSuccess ) {
- return(PR_FALSE);
- }
-
- /* check org name */
- c1str = CERT_GetOrgName(&c1->subject);
- c2str = CERT_GetOrgName(&c2->subject);
- eq = StringsEqual(c1str, c2str);
- PORT_Free(c1str);
- PORT_Free(c2str);
- if ( eq != SECSuccess ) {
- return(PR_FALSE);
- }
-
-#ifdef NOTDEF
- /* check orgUnit name */
- /*
- * We need to revisit this and decide which fields should be allowed to be
- * different
- */
- c1str = CERT_GetOrgUnitName(&c1->subject);
- c2str = CERT_GetOrgUnitName(&c2->subject);
- eq = StringsEqual(c1str, c2str);
- PORT_Free(c1str);
- PORT_Free(c2str);
- if ( eq != SECSuccess ) {
- return(PR_FALSE);
- }
-#endif
-
- return(PR_TRUE); /* all fields but common name are the same */
-}
-
-
-/* CERT_CertChainFromCert and CERT_DestroyCertificateList moved
- to certhigh.c */
-
-
-CERTIssuerAndSN *
-CERT_GetCertIssuerAndSN(PRArenaPool *arena, CERTCertificate *cert)
-{
- CERTIssuerAndSN *result;
- SECStatus rv;
-
- if ( arena == NULL ) {
- arena = cert->arena;
- }
-
- result = (CERTIssuerAndSN*)PORT_ArenaZAlloc(arena, sizeof(*result));
- if (result == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- rv = SECITEM_CopyItem(arena, &result->derIssuer, &cert->derIssuer);
- if (rv != SECSuccess)
- return NULL;
-
- rv = CERT_CopyName(arena, &result->issuer, &cert->issuer);
- if (rv != SECSuccess)
- return NULL;
-
- rv = SECITEM_CopyItem(arena, &result->serialNumber, &cert->serialNumber);
- if (rv != SECSuccess)
- return NULL;
-
- return result;
-}
-
-char *
-CERT_MakeCANickname(CERTCertificate *cert)
-{
- char *firstname = NULL;
- char *org = NULL;
- char *nickname = NULL;
- int count;
- CERTCertificate *dummycert;
- CERTCertDBHandle *handle;
-
- handle = cert->dbhandle;
-
- nickname = CERT_GetNickName(cert, handle, cert->arena);
- if (nickname == NULL) {
- firstname = CERT_GetCommonName(&cert->subject);
- if ( firstname == NULL ) {
- firstname = CERT_GetOrgUnitName(&cert->subject);
- }
-
- org = CERT_GetOrgName(&cert->issuer);
- if ( org == NULL ) {
- goto loser;
- }
-
- count = 1;
- while ( 1 ) {
-
- if ( firstname ) {
- if ( count == 1 ) {
- nickname = PR_smprintf("%s - %s", firstname, org);
- } else {
- nickname = PR_smprintf("%s - %s #%d", firstname, org, count);
- }
- } else {
- if ( count == 1 ) {
- nickname = PR_smprintf("%s", org);
- } else {
- nickname = PR_smprintf("%s #%d", org, count);
- }
- }
- if ( nickname == NULL ) {
- goto loser;
- }
-
- /* look up the nickname to make sure it isn't in use already */
- dummycert = CERT_FindCertByNickname(handle, nickname);
-
- if ( dummycert == NULL ) {
- goto done;
- }
-
- /* found a cert, destroy it and loop */
- CERT_DestroyCertificate(dummycert);
-
- /* free the nickname */
- PORT_Free(nickname);
-
- count++;
- }
- }
-loser:
- if ( nickname ) {
- PORT_Free(nickname);
- }
-
- nickname = "";
-
-done:
- if ( firstname ) {
- PORT_Free(firstname);
- }
- if ( org ) {
- PORT_Free(org);
- }
-
- return(nickname);
-}
-
-/* CERT_Import_CAChain moved to certhigh.c */
-
-void
-CERT_DestroyCrl (CERTSignedCrl *crl)
-{
- SEC_DestroyCrl (crl);
-}
-
-
-
-/*
- * Does a cert belong to a CA? We decide based on perm database trust
- * flags, Netscape Cert Type Extension, and KeyUsage Extension.
- */
-PRBool
-CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype)
-{
- CERTCertTrust *trust;
- SECStatus rv;
- unsigned int type;
- PRBool ret;
-
- ret = PR_FALSE;
- type = 0;
-
- if ( cert->isperm ) {
- trust = cert->trust;
- if ( ( trust->sslFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA ) {
- ret = PR_TRUE;
- type |= NS_CERT_TYPE_SSL_CA;
- }
-
- if ( ( trust->emailFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA ) {
- ret = PR_TRUE;
- type |= NS_CERT_TYPE_EMAIL_CA;
- }
-
- if ( ( trust->objectSigningFlags & CERTDB_VALID_CA ) ==
- CERTDB_VALID_CA ) {
- ret = PR_TRUE;
- type |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
- }
- } else {
- if ( cert->nsCertType &
- ( NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
- NS_CERT_TYPE_OBJECT_SIGNING_CA ) ) {
- ret = PR_TRUE;
- type = (cert->nsCertType & NS_CERT_TYPE_CA);
- } else {
- CERTBasicConstraints constraints;
- rv = CERT_FindBasicConstraintExten(cert, &constraints);
- if ( rv == SECSuccess ) {
- if ( constraints.isCA ) {
- ret = PR_TRUE;
- type = (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
- }
- }
- }
-
- /* finally check if it's a FORTEZZA V1 CA */
- if (ret == PR_FALSE) {
- if (fortezzaIsCA(cert)) {
- ret = PR_TRUE;
- type = (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
- }
- }
- }
- if ( rettype != NULL ) {
- *rettype = type;
- }
-
- return(ret);
-}
-
-/*
- * is certa newer than certb? If one is expired, pick the other one.
- */
-PRBool
-CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb)
-{
- int64 notBeforeA, notAfterA, notBeforeB, notAfterB, now;
- SECStatus rv;
- PRBool newerbefore, newerafter;
-
- rv = CERT_GetCertTimes(certa, &notBeforeA, &notAfterA);
- if ( rv != SECSuccess ) {
- return(PR_FALSE);
- }
-
- rv = CERT_GetCertTimes(certb, &notBeforeB, &notAfterB);
- if ( rv != SECSuccess ) {
- return(PR_TRUE);
- }
-
- newerbefore = PR_FALSE;
- if ( LL_CMP(notBeforeA, >, notBeforeB) ) {
- newerbefore = PR_TRUE;
- }
-
- newerafter = PR_FALSE;
- if ( LL_CMP(notAfterA, >, notAfterB) ) {
- newerafter = PR_TRUE;
- }
-
- if ( newerbefore && newerafter ) {
- return(PR_TRUE);
- }
-
- if ( ( !newerbefore ) && ( !newerafter ) ) {
- return(PR_FALSE);
- }
-
- /* get current UTC time */
- now = PR_Now();
-
- if ( newerbefore ) {
- /* cert A was issued after cert B, but expires sooner */
- /* if A is expired, then pick B */
- if ( LL_CMP(notAfterA, <, now ) ) {
- return(PR_FALSE);
- }
- return(PR_TRUE);
- } else {
- /* cert B was issued after cert A, but expires sooner */
- /* if B is expired, then pick A */
- if ( LL_CMP(notAfterB, <, now ) ) {
- return(PR_TRUE);
- }
- return(PR_FALSE);
- }
-}
-
-void
-CERT_DestroyCertArray(CERTCertificate **certs, unsigned int ncerts)
-{
- unsigned int i;
-
- if ( certs ) {
- for ( i = 0; i < ncerts; i++ ) {
- if ( certs[i] ) {
- CERT_DestroyCertificate(certs[i]);
- }
- }
-
- PORT_Free(certs);
- }
-
- return;
-}
-
-char *
-CERT_FixupEmailAddr(char *emailAddr)
-{
- char *retaddr;
- char *str;
-
- if ( emailAddr == NULL ) {
- return(NULL);
- }
-
- /* copy the string */
- str = retaddr = PORT_Strdup(emailAddr);
- if ( str == NULL ) {
- return(NULL);
- }
-
- /* make it lower case */
- while ( *str ) {
- *str = tolower( *str );
- str++;
- }
-
- return(retaddr);
-}
-
-/*
- * NOTE - don't allow encode of govt-approved or invisible bits
- */
-SECStatus
-CERT_DecodeTrustString(CERTCertTrust *trust, char *trusts)
-{
- int i;
- unsigned int *pflags;
-
- trust->sslFlags = 0;
- trust->emailFlags = 0;
- trust->objectSigningFlags = 0;
-
- pflags = &trust->sslFlags;
-
- for (i=0; i < PORT_Strlen(trusts); i++) {
- switch (trusts[i]) {
- case 'p':
- *pflags = *pflags | CERTDB_VALID_PEER;
- break;
-
- case 'P':
- *pflags = *pflags | CERTDB_TRUSTED | CERTDB_VALID_PEER;
- break;
-
- case 'w':
- *pflags = *pflags | CERTDB_SEND_WARN;
- break;
-
- case 'c':
- *pflags = *pflags | CERTDB_VALID_CA;
- break;
-
- case 'T':
- *pflags = *pflags | CERTDB_TRUSTED_CLIENT_CA | CERTDB_VALID_CA;
- break;
-
- case 'C' :
- *pflags = *pflags | CERTDB_TRUSTED_CA | CERTDB_VALID_CA;
- break;
-
- case 'u':
- *pflags = *pflags | CERTDB_USER;
- break;
-
-#ifdef DEBUG_NSSTEAM_ONLY
- case 'i':
- *pflags = *pflags | CERTDB_INVISIBLE_CA;
- break;
- case 'g':
- *pflags = *pflags | CERTDB_GOVT_APPROVED_CA;
- break;
-#endif /* DEBUG_NSSTEAM_ONLY */
-
- case ',':
- if ( pflags == &trust->sslFlags ) {
- pflags = &trust->emailFlags;
- } else {
- pflags = &trust->objectSigningFlags;
- }
- break;
- default:
- return SECFailure;
- }
- }
-
- return SECSuccess;
-}
-
-static void
-EncodeFlags(char *trusts, unsigned int flags)
-{
- if (flags & CERTDB_VALID_CA)
- if (!(flags & CERTDB_TRUSTED_CA) &&
- !(flags & CERTDB_TRUSTED_CLIENT_CA))
- PORT_Strcat(trusts, "c");
- if (flags & CERTDB_VALID_PEER)
- if (!(flags & CERTDB_TRUSTED))
- PORT_Strcat(trusts, "p");
- if (flags & CERTDB_TRUSTED_CA)
- PORT_Strcat(trusts, "C");
- if (flags & CERTDB_TRUSTED_CLIENT_CA)
- PORT_Strcat(trusts, "T");
- if (flags & CERTDB_TRUSTED)
- PORT_Strcat(trusts, "P");
- if (flags & CERTDB_USER)
- PORT_Strcat(trusts, "u");
- if (flags & CERTDB_SEND_WARN)
- PORT_Strcat(trusts, "w");
- if (flags & CERTDB_INVISIBLE_CA)
- PORT_Strcat(trusts, "I");
- if (flags & CERTDB_GOVT_APPROVED_CA)
- PORT_Strcat(trusts, "G");
- return;
-}
-
-char *
-CERT_EncodeTrustString(CERTCertTrust *trust)
-{
- char tmpTrustSSL[32];
- char tmpTrustEmail[32];
- char tmpTrustSigning[32];
- char *retstr = NULL;
-
- if ( trust ) {
- tmpTrustSSL[0] = '\0';
- tmpTrustEmail[0] = '\0';
- tmpTrustSigning[0] = '\0';
-
- EncodeFlags(tmpTrustSSL, trust->sslFlags);
- EncodeFlags(tmpTrustEmail, trust->emailFlags);
- EncodeFlags(tmpTrustSigning, trust->objectSigningFlags);
-
- retstr = PR_smprintf("%s,%s,%s", tmpTrustSSL, tmpTrustEmail,
- tmpTrustSigning);
- }
-
- return(retstr);
-}
-
-SECStatus
-CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
- unsigned int ncerts, SECItem **derCerts,
- CERTCertificate ***retCerts, PRBool keepCerts,
- PRBool caOnly, char *nickname)
-{
- int i;
- CERTCertificate **certs = NULL;
- SECStatus rv;
- int fcerts;
-
- if ( ncerts ) {
- certs = (CERTCertificate**)PORT_ZAlloc(sizeof(CERTCertificate *) * ncerts );
- if ( certs == NULL ) {
- return(SECFailure);
- }
-
- /* decode all of the certs into the temporary DB */
- for ( i = 0, fcerts= 0; i < ncerts; i++) {
- certs[fcerts] = CERT_NewTempCertificate(certdb, derCerts[i], NULL,
- PR_FALSE, PR_TRUE);
- if (certs[fcerts]) fcerts++;
- }
-
- if ( keepCerts ) {
- for ( i = 0; i < fcerts; i++ ) {
- SECKEY_UpdateCertPQG(certs[i]);
- if(CERT_IsCACert(certs[i], NULL) && (fcerts > 1)) {
- /* if we are importing only a single cert and specifying
- * a nickname, we want to use that nickname if it a CA,
- * otherwise if there are more than one cert, we don't
- * know which cert it belongs to.
- */
- rv = CERT_SaveImportedCert(certs[i], usage, caOnly, NULL);
- } else {
- rv = CERT_SaveImportedCert(certs[i], usage, caOnly,
- nickname);
- }
- /* don't care if it fails - keep going */
- }
- }
- }
-
- if ( retCerts ) {
- *retCerts = certs;
- } else {
- CERT_DestroyCertArray(certs, fcerts);
- }
-
- return(SECSuccess);
-
-#if 0 /* dead code here - why ?? XXX */
-loser:
- if ( retCerts ) {
- *retCerts = NULL;
- }
- if ( certs ) {
- CERT_DestroyCertArray(certs, ncerts);
- }
- return(SECFailure);
-#endif
-}
-
-/*
- * a real list of certificates - need to convert CERTCertificateList
- * stuff and ASN 1 encoder/decoder over to using this...
- */
-CERTCertList *
-CERT_NewCertList(void)
-{
- PRArenaPool *arena = NULL;
- CERTCertList *ret = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- ret = (CERTCertList *)PORT_ArenaZAlloc(arena, sizeof(CERTCertList));
- if ( ret == NULL ) {
- goto loser;
- }
-
- ret->arena = arena;
-
- PR_INIT_CLIST(&ret->list);
-
- return(ret);
-
-loser:
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-void
-CERT_DestroyCertList(CERTCertList *certs)
-{
- PRCList *node;
-
- while( !PR_CLIST_IS_EMPTY(&certs->list) ) {
- node = PR_LIST_HEAD(&certs->list);
- CERT_DestroyCertificate(((CERTCertListNode *)node)->cert);
- PR_REMOVE_LINK(node);
- }
-
- PORT_FreeArena(certs->arena, PR_FALSE);
-
- return;
-}
-
-void
-CERT_RemoveCertListNode(CERTCertListNode *node)
-{
- CERT_DestroyCertificate(node->cert);
- PR_REMOVE_LINK(&node->links);
- return;
-}
-
-SECStatus
-CERT_AddCertToListTail(CERTCertList *certs, CERTCertificate *cert)
-{
- CERTCertListNode *node;
-
- node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
- sizeof(CERTCertListNode));
- if ( node == NULL ) {
- goto loser;
- }
-
- PR_INSERT_BEFORE(&node->links, &certs->list);
- /* certs->count++; */
- node->cert = cert;
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * Sort callback function to determine if cert a is newer than cert b.
- * Not valid certs are considered older than valid certs.
- */
-PRBool
-CERT_SortCBValidity(CERTCertificate *certa,
- CERTCertificate *certb,
- void *arg)
-{
- int64 sorttime;
- int64 notBeforeA, notAfterA, notBeforeB, notAfterB;
- SECStatus rv;
- PRBool newerbefore, newerafter;
- PRBool aNotValid = PR_FALSE, bNotValid = PR_FALSE;
-
- sorttime = *(int64 *)arg;
-
- rv = CERT_GetCertTimes(certa, &notBeforeA, &notAfterA);
- if ( rv != SECSuccess ) {
- return(PR_FALSE);
- }
-
- rv = CERT_GetCertTimes(certb, &notBeforeB, &notAfterB);
- if ( rv != SECSuccess ) {
- return(PR_TRUE);
- }
- newerbefore = PR_FALSE;
- if ( LL_CMP(notBeforeA, >, notBeforeB) ) {
- newerbefore = PR_TRUE;
- }
- newerafter = PR_FALSE;
- if ( LL_CMP(notAfterA, >, notAfterB) ) {
- newerafter = PR_TRUE;
- }
-
- /* check if A is valid at sorttime */
- if ( CERT_CheckCertValidTimes(certa, sorttime, PR_FALSE)
- != secCertTimeValid ) {
- aNotValid = PR_TRUE;
- }
-
- /* check if B is valid at sorttime */
- if ( CERT_CheckCertValidTimes(certb, sorttime, PR_FALSE)
- != secCertTimeValid ) {
- bNotValid = PR_TRUE;
- }
-
- /* a is valid, b is not */
- if ( bNotValid && ( ! aNotValid ) ) {
- return(PR_TRUE);
- }
-
- /* b is valid, a is not */
- if ( aNotValid && ( ! bNotValid ) ) {
- return(PR_FALSE);
- }
-
- /* a and b are either valid or not valid */
- if ( newerbefore && newerafter ) {
- return(PR_TRUE);
- }
-
- if ( ( !newerbefore ) && ( !newerafter ) ) {
- return(PR_FALSE);
- }
-
- if ( newerbefore ) {
- /* cert A was issued after cert B, but expires sooner */
- return(PR_TRUE);
- } else {
- /* cert B was issued after cert A, but expires sooner */
- return(PR_FALSE);
- }
-}
-
-
-SECStatus
-CERT_AddCertToListSorted(CERTCertList *certs,
- CERTCertificate *cert,
- CERTSortCallback f,
- void *arg)
-{
- CERTCertListNode *node;
- CERTCertListNode *head;
- PRBool ret;
-
- node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
- sizeof(CERTCertListNode));
- if ( node == NULL ) {
- goto loser;
- }
-
- head = CERT_LIST_HEAD(certs);
-
- while ( !CERT_LIST_END(head, certs) ) {
-
- /* if cert is already in the list, then don't add it again */
- if ( cert == head->cert ) {
- /*XXX*/
- /* don't keep a reference */
- CERT_DestroyCertificate(cert);
- goto done;
- }
-
- ret = (* f)(cert, head->cert, arg);
- /* if sort function succeeds, then insert before current node */
- if ( ret ) {
- PR_INSERT_BEFORE(&node->links, &head->links);
- goto done;
- }
-
- head = CERT_LIST_NEXT(head);
- }
- /* if we get to the end, then just insert it at the tail */
- PR_INSERT_BEFORE(&node->links, &certs->list);
-
-done:
- /* certs->count++; */
- node->cert = cert;
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/* This routine is here because pcertdb.c still has a call to it.
- * The SMIME profile code in pcertdb.c should be split into high (find
- * the email cert) and low (store the profile) code. At that point, we
- * can move this to certhigh.c where it belongs.
- *
- * remove certs from a list that don't have keyUsage and certType
- * that match the given usage.
- */
-SECStatus
-CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
- PRBool ca)
-{
- unsigned int requiredKeyUsage;
- unsigned int requiredCertType;
- CERTCertListNode *node, *savenode;
- PRBool bad;
- SECStatus rv;
- unsigned int certType;
- PRBool dummyret;
-
- if (certList == NULL) goto loser;
-
- rv = CERT_KeyUsageAndTypeForCertUsage(usage, ca, &requiredKeyUsage,
- &requiredCertType);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- node = CERT_LIST_HEAD(certList);
-
- while ( !CERT_LIST_END(node, certList) ) {
-
- bad = PR_FALSE;
-
- /* bad key usage */
- if ( CERT_CheckKeyUsage(node->cert, requiredKeyUsage )
- != SECSuccess ) {
- bad = PR_TRUE;
- }
- /* bad cert type */
- if ( ca ) {
- /* This function returns a more comprehensive cert type that
- * takes trust flags into consideration. Should probably
- * fix the cert decoding code to do this.
- */
- dummyret = CERT_IsCACert(node->cert, &certType);
- } else {
- certType = node->cert->nsCertType;
- }
-
- if ( ! ( certType & requiredCertType ) ) {
- bad = PR_TRUE;
- }
-
- if ( bad ) {
- /* remove the node if it is bad */
- savenode = CERT_LIST_NEXT(node);
- CERT_RemoveCertListNode(node);
- node = savenode;
- } else {
- node = CERT_LIST_NEXT(node);
- }
- }
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * Acquire the global lock on the cert database.
- * This lock is currently used for the following operations:
- * adding or deleting a cert to either the temp or perm databases
- * converting a temp to perm or perm to temp
- * changing(maybe just adding????) the trust of a cert
- * chaning the DB status checking Configuration
- */
-void
-CERT_LockDB(CERTCertDBHandle *handle)
-{
- PR_EnterMonitor(handle->dbMon);
- return;
-}
-
-/*
- * Free the global cert database lock.
- */
-void
-CERT_UnlockDB(CERTCertDBHandle *handle)
-{
- PRStatus prstat;
-
- prstat = PR_ExitMonitor(handle->dbMon);
-
- PORT_Assert(prstat == PR_SUCCESS);
-
- return;
-}
-
-static PRLock *certRefCountLock = NULL;
-
-/*
- * Acquire the cert reference count lock
- * There is currently one global lock for all certs, but I'm putting a cert
- * arg here so that it will be easy to make it per-cert in the future if
- * that turns out to be necessary.
- */
-void
-CERT_LockCertRefCount(CERTCertificate *cert)
-{
- if ( certRefCountLock == NULL ) {
- nss_InitLock(&certRefCountLock);
- PORT_Assert(certRefCountLock != NULL);
- }
-
- PR_Lock(certRefCountLock);
- return;
-}
-
-/*
- * Free the cert reference count lock
- */
-void
-CERT_UnlockCertRefCount(CERTCertificate *cert)
-{
- PRStatus prstat;
-
- PORT_Assert(certRefCountLock != NULL);
-
- prstat = PR_Unlock(certRefCountLock);
-
- PORT_Assert(prstat == PR_SUCCESS);
-
- return;
-}
-
-static PRLock *certTrustLock = NULL;
-
-/*
- * Acquire the cert trust lock
- * There is currently one global lock for all certs, but I'm putting a cert
- * arg here so that it will be easy to make it per-cert in the future if
- * that turns out to be necessary.
- */
-void
-CERT_LockCertTrust(CERTCertificate *cert)
-{
- if ( certTrustLock == NULL ) {
- nss_InitLock(&certTrustLock);
- PORT_Assert(certTrustLock != NULL);
- }
-
- PR_Lock(certTrustLock);
- return;
-}
-
-/*
- * Free the cert trust lock
- */
-void
-CERT_UnlockCertTrust(CERTCertificate *cert)
-{
- PRStatus prstat;
-
- PORT_Assert(certTrustLock != NULL);
-
- prstat = PR_Unlock(certTrustLock);
-
- PORT_Assert(prstat == PR_SUCCESS);
-
- return;
-}
-
-
-/*
- * Get the StatusConfig data for this handle
- */
-CERTStatusConfig *
-CERT_GetStatusConfig(CERTCertDBHandle *handle)
-{
- return handle->statusConfig;
-}
-
-/*
- * Set the StatusConfig data for this handle. There
- * should not be another configuration set.
- */
-void
-CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *statusConfig)
-{
- PORT_Assert(handle->statusConfig == NULL);
-
- handle->statusConfig = statusConfig;
-}
diff --git a/security/nss/lib/certdb/certdb.h b/security/nss/lib/certdb/certdb.h
deleted file mode 100644
index 7710b72c9..000000000
--- a/security/nss/lib/certdb/certdb.h
+++ /dev/null
@@ -1,396 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _CERTDB_H_
-#define _CERTDB_H_
-
-#include "plarena.h"
-#include "prlong.h"
-/*
- * Certificate Database related definitions and data structures
- */
-
-/* version number of certificate database */
-#define CERT_DB_FILE_VERSION 7
-#ifdef USE_NS_ROOTS
-#define CERT_DB_CONTENT_VERSION 24
-#else
-#define CERT_DB_CONTENT_VERSION 2
-#endif
-
-#define SEC_DB_ENTRY_HEADER_LEN 3
-#define SEC_DB_KEY_HEADER_LEN 1
-
-/* All database entries have this form:
- *
- * byte offset field
- * ----------- -----
- * 0 version
- * 1 type
- * 2 flags
- */
-
-/* database entry types */
-typedef enum {
- certDBEntryTypeVersion = 0,
- certDBEntryTypeCert = 1,
- certDBEntryTypeNickname = 2,
- certDBEntryTypeSubject = 3,
- certDBEntryTypeRevocation = 4,
- certDBEntryTypeKeyRevocation = 5,
- certDBEntryTypeSMimeProfile = 6,
- certDBEntryTypeContentVersion = 7
-} certDBEntryType;
-
-typedef struct {
- certDBEntryType type;
- unsigned int version;
- unsigned int flags;
- PRArenaPool *arena;
-} certDBEntryCommon;
-
-/*
- * Certificate entry:
- *
- * byte offset field
- * ----------- -----
- * 0 sslFlags-msb
- * 1 sslFlags-lsb
- * 2 emailFlags-msb
- * 3 emailFlags-lsb
- * 4 objectSigningFlags-msb
- * 5 objectSigningFlags-lsb
- * 6 derCert-len-msb
- * 7 derCert-len-lsb
- * 8 nickname-len-msb
- * 9 nickname-len-lsb
- * ... derCert
- * ... nickname
- *
- * NOTE: the nickname string as stored in the database is null terminated,
- * in other words, the last byte of the db entry is always 0
- * if a nickname is present.
- * NOTE: if nickname is not present, then nickname-len-msb and
- * nickname-len-lsb will both be zero.
- */
-struct _certDBEntryCert {
- certDBEntryCommon common;
- CERTCertTrust trust;
- SECItem derCert;
- char *nickname;
-};
-
-/*
- * Certificate Nickname entry:
- *
- * byte offset field
- * ----------- -----
- * 0 subjectname-len-msb
- * 1 subjectname-len-lsb
- * 2... subjectname
- *
- * The database key for this type of entry is a nickname string
- * The "subjectname" value is the DER encoded DN of the identity
- * that matches this nickname.
- */
-typedef struct {
- certDBEntryCommon common;
- char *nickname;
- SECItem subjectName;
-} certDBEntryNickname;
-
-#define DB_NICKNAME_ENTRY_HEADER_LEN 2
-
-/*
- * Certificate Subject entry:
- *
- * byte offset field
- * ----------- -----
- * 0 ncerts-msb
- * 1 ncerts-lsb
- * 2 nickname-msb
- * 3 nickname-lsb
- * 4 emailAddr-msb
- * 5 emailAddr-lsb
- * ... nickname
- * ... emailAddr
- * ...+2*i certkey-len-msb
- * ...+1+2*i certkey-len-lsb
- * ...+2*ncerts+2*i keyid-len-msb
- * ...+1+2*ncerts+2*i keyid-len-lsb
- * ... certkeys
- * ... keyids
- *
- * The database key for this type of entry is the DER encoded subject name
- * The "certkey" value is an array of certificate database lookup keys that
- * points to the database entries for the certificates that matche
- * this subject.
- *
- */
-typedef struct _certDBEntrySubject {
- certDBEntryCommon common;
- SECItem derSubject;
- unsigned int ncerts;
- char *nickname;
- char *emailAddr;
- SECItem *certKeys;
- SECItem *keyIDs;
-} certDBEntrySubject;
-
-#define DB_SUBJECT_ENTRY_HEADER_LEN 6
-
-/*
- * Certificate SMIME profile entry:
- *
- * byte offset field
- * ----------- -----
- * 0 subjectname-len-msb
- * 1 subjectname-len-lsb
- * 2 smimeoptions-len-msb
- * 3 smimeoptions-len-lsb
- * 4 options-date-len-msb
- * 5 options-date-len-lsb
- * 6... subjectname
- * ... smimeoptions
- * ... options-date
- *
- * The database key for this type of entry is the email address string
- * The "subjectname" value is the DER encoded DN of the identity
- * that matches this nickname.
- * The "smimeoptions" value is a string that represents the algorithm
- * capabilities on the remote user.
- * The "options-date" is the date that the smime options value was created.
- * This is generally the signing time of the signed message that contained
- * the options. It is a UTCTime value.
- */
-typedef struct {
- certDBEntryCommon common;
- char *emailAddr;
- SECItem subjectName;
- SECItem smimeOptions;
- SECItem optionsDate;
-} certDBEntrySMime;
-
-#define DB_SMIME_ENTRY_HEADER_LEN 6
-
-/*
- * Crl/krl entry:
- *
- * byte offset field
- * ----------- -----
- * 0 derCert-len-msb
- * 1 derCert-len-lsb
- * 2 url-len-msb
- * 3 url-len-lsb
- * ... derCert
- * ... url
- *
- * NOTE: the url string as stored in the database is null terminated,
- * in other words, the last byte of the db entry is always 0
- * if a nickname is present.
- * NOTE: if url is not present, then url-len-msb and
- * url-len-lsb will both be zero.
- */
-#define DB_CRL_ENTRY_HEADER_LEN 4
-struct _certDBEntryRevocation {
- certDBEntryCommon common;
- SECItem derCrl;
- char *url; /* where to load the crl from */
-};
-
-/*
- * Database Version Entry:
- *
- * byte offset field
- * ----------- -----
- * only the low level header...
- *
- * The database key for this type of entry is the string "Version"
- */
-typedef struct {
- certDBEntryCommon common;
-} certDBEntryVersion;
-
-#define SEC_DB_VERSION_KEY "Version"
-#define SEC_DB_VERSION_KEY_LEN sizeof(SEC_DB_VERSION_KEY)
-
-/*
- * Database Content Version Entry:
- *
- * byte offset field
- * ----------- -----
- * 0 contentVersion
- *
- * The database key for this type of entry is the string "ContentVersion"
- */
-typedef struct {
- certDBEntryCommon common;
- char contentVersion;
-} certDBEntryContentVersion;
-
-#define SEC_DB_CONTENT_VERSION_KEY "ContentVersion"
-#define SEC_DB_CONTENT_VERSION_KEY_LEN sizeof(SEC_DB_CONTENT_VERSION_KEY)
-
-typedef union {
- certDBEntryCommon common;
- certDBEntryVersion version;
- certDBEntryCert cert;
- certDBEntryNickname nickname;
- certDBEntrySubject subject;
- certDBEntryRevocation revocation;
-} certDBEntry;
-
-/* length of the fixed part of a database entry */
-#define DBCERT_V4_HEADER_LEN 7
-#define DB_CERT_V5_ENTRY_HEADER_LEN 7
-#define DB_CERT_V6_ENTRY_HEADER_LEN 7
-#define DB_CERT_ENTRY_HEADER_LEN 10
-
-/* common flags for all types of certificates */
-#define CERTDB_VALID_PEER (1<<0)
-#define CERTDB_TRUSTED (1<<1)
-#define CERTDB_SEND_WARN (1<<2)
-#define CERTDB_VALID_CA (1<<3)
-#define CERTDB_TRUSTED_CA (1<<4) /* trusted for issuing server certs */
-#define CERTDB_NS_TRUSTED_CA (1<<5)
-#define CERTDB_USER (1<<6)
-#define CERTDB_TRUSTED_CLIENT_CA (1<<7) /* trusted for issuing client certs */
-#define CERTDB_INVISIBLE_CA (1<<8) /* don't show in UI */
-#define CERTDB_GOVT_APPROVED_CA (1<<9) /* can do strong crypto in export ver */
-
-SEC_BEGIN_PROTOS
-
-/*
-** Add a DER encoded certificate to the permanent database.
-** "derCert" is the DER encoded certificate.
-** "nickname" is the nickname to use for the cert
-** "trust" is the trust parameters for the cert
-*/
-SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle, SECItem *derCert,
- char *nickname, CERTCertTrust *trust);
-
-certDBEntryCert *
-SEC_FindPermCertByKey(CERTCertDBHandle *handle, SECItem *certKey);
-
-certDBEntryCert
-*SEC_FindPermCertByName(CERTCertDBHandle *handle, SECItem *name);
-
-SECStatus SEC_OpenPermCertDB(CERTCertDBHandle *handle,
- PRBool readOnly,
- CERTDBNameFunc namecb,
- void *cbarg);
-
-SECStatus SEC_DeletePermCertificate(CERTCertificate *cert);
-
-typedef SECStatus (* PermCertCallback)(CERTCertificate *cert, SECItem *k,
- void *pdata);
-/*
-** Traverse the entire permanent database, and pass the certs off to a
-** user supplied function.
-** "certfunc" is the user function to call for each certificate
-** "udata" is the user's data, which is passed through to "certfunc"
-*/
-SECStatus
-SEC_TraversePermCerts(CERTCertDBHandle *handle,
- PermCertCallback certfunc,
- void *udata );
-
-SECStatus
-SEC_AddTempNickname(CERTCertDBHandle *handle, char *nickname, SECItem *certKey);
-
-SECStatus
-SEC_DeleteTempNickname(CERTCertDBHandle *handle, char *nickname);
-
-PRBool
-SEC_CertNicknameConflict(char *nickname, SECItem *derSubject,
- CERTCertDBHandle *handle);
-
-PRBool
-SEC_CertDBKeyConflict(SECItem *derCert, CERTCertDBHandle *handle);
-
-SECStatus
-SEC_GetCrlTimes(CERTCrl *dates, int64 *notBefore, int64 *notAfter);
-
-SECCertTimeValidity
-SEC_CheckCrlTimes(CERTCrl *crl, int64 t);
-
-PRBool
-SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old);
-
-CERTSignedCrl *
-SEC_AddPermCrlToTemp(CERTCertDBHandle *handle, certDBEntryRevocation *entry);
-
-SECStatus
-SEC_DeleteTempCrl(CERTSignedCrl *crl);
-
-CERTSignedCrl *
-SEC_FindCrlByKey(CERTCertDBHandle *handle, SECItem *crlKey, int type);
-
-CERTSignedCrl *
-SEC_FindCrlByName(CERTCertDBHandle *handle, SECItem *crlKey, int type);
-
-CERTSignedCrl *
-SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl, int type);
-
-SECStatus
-SEC_DestroyCrl(CERTSignedCrl *crl);
-
-CERTSignedCrl *
-SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl, int type);
-
-CERTSignedCrl *
-cert_DBInsertCRL
- (CERTCertDBHandle *handle, char *url,
- CERTSignedCrl *newCrl, SECItem *derCrl, int type);
-
-SECStatus
-SEC_CheckKRL(CERTCertDBHandle *handle,SECKEYPublicKey *key,
- CERTCertificate *rootCert, int64 t, void *wincx);
-
-SECStatus
-SEC_CheckCRL(CERTCertDBHandle *handle,CERTCertificate *cert,
- CERTCertificate *caCert, int64 t, void *wincx);
-
-SECStatus
-SEC_DeletePermCRL(CERTSignedCrl *crl);
-
-
-SECStatus
-SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes, int type);
-
-SECStatus
-SEC_CrlReplaceUrl(CERTSignedCrl *crl,char *url);
-
-SEC_END_PROTOS
-
-#endif /* _CERTDB_H_ */
diff --git a/security/nss/lib/certdb/certinit.c b/security/nss/lib/certdb/certinit.c
deleted file mode 100644
index bc60ec733..000000000
--- a/security/nss/lib/certdb/certinit.c
+++ /dev/null
@@ -1,399 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "cert.h"
-#include "base64.h"
-#include "mcom_db.h"
-#include "certdb.h"
-
-static char example_com_server_ca[] =
-"MIICBTCCAW6gAwIBAgIBATANBgkqhkiG9w0BAQQFADA+MREwDwYICZIm9ZgeZAET"
-"A2NvbTEVMBMGCAmSJvWYHmQBEwdFeGFtcGxlMRIwEAYDVQQDEwlTZXJ2ZXIgQ0Ew"
-"HhcNMDAwMjAzMjIyMDA3WhcNMTAwNTAzMjIyMDA3WjA+MREwDwYICZIm9ZgeZAET"
-"A2NvbTEVMBMGCAmSJvWYHmQBEwdFeGFtcGxlMRIwEAYDVQQDEwlTZXJ2ZXIgQ0Ew"
-"gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALGiKEvTd2k4ZJbdAVWokfFlB6Hz"
-"WJXveXm8+IgmFlgtAnicZI11z5wAutFRvDpun7WmRLgHxvEhU3tLoiACGYdGJXPw"
-"+lI2pzHzFSd63B0qcA/NVAW3EOBJeaEFwy0jkUaCIki8qQV06g8RosNX/zv6a+OF"
-"d5NMpS0fecK4fEvdAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN"
-"AQEEBQADgYEAi5rFiG6afWS1PHigssk2LwAJws5cszPbVIeIMHCBbtu259V7uWts"
-"gNxUPJRjeQBsK0ItAfinC0xxLeuMbRfIdZoRYv/OYDxCwGW7hUcNLi+fHlGnJNXH"
-"TWaCRdOwkljnws4v8ABas2DYA/k7xUFAygkIJd9NtE29ZrdrWpfSavI=";
-
-static char example_com_individual_ca[] =
-"MIICDTCCAXagAwIBAgIBAjANBgkqhkiG9w0BAQQFADBCMREwDwYICZIm9ZgeZAET"
-"A2NvbTEVMBMGCAmSJvWYHmQBEwdFeGFtcGxlMRYwFAYDVQQDEw1JbmRpdmlkdWFs"
-"IENBMB4XDTAwMDIwMzIyMjE1NFoXDTEwMDUwMzIyMjE1NFowQjERMA8GCAmSJvWY"
-"HmQBEwNjb20xFTATBggJkib1mB5kARMHRXhhbXBsZTEWMBQGA1UEAxMNSW5kaXZp"
-"ZHVhbCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu5syfboe93MOkGec"
-"dOuJholyX42wcaH/RgnL3C/8NnZp9WWaTaguvn7KrbCj4TAMzu0pabUN8apB3J60"
-"9C/FlixjXF7r73OzbyTCM5ja6/bPfmHMPmDl9l/9tKqhh+loFvRizXDaWSFRViDS"
-"XvKNeQztwwAOpEAqnJwyTkn4FjECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAN"
-"BgkqhkiG9w0BAQQFAAOBgQB1XK+5pXdXYq3O3TC/ZY5LWlZ7zuoWUO75OpuMY7XF"
-"iW/jeXbVT5IYZXoRGXJFGGaDmnAuK1/m6FTDhjSTG0XUmd5tg4aFieI+LY4rkYEv"
-"mbJElxKabXl5hVD4mg2bwYlFY7XBmifTa1Ll3HDX3VZM0DC1bm4KCHBnY0qXjSYq"
-"PA==";
-
-static char example_com_objsign_ca[] =
-"MIICETCCAXqgAwIBAgIBAzANBgkqhkiG9w0BAQQFADBEMREwDwYICZIm9ZgeZAET"
-"A2NvbTEVMBMGCAmSJvWYHmQBEwdFeGFtcGxlMRgwFgYDVQQDEw9Db2RlIFNpZ25p"
-"bmcgQ0EwHhcNMDAwMjAzMjIyMzEzWhcNMTAwNTAzMjIyMzEzWjBEMREwDwYICZIm"
-"9ZgeZAETA2NvbTEVMBMGCAmSJvWYHmQBEwdFeGFtcGxlMRgwFgYDVQQDEw9Db2Rl"
-"IFNpZ25pbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALcy76InmpM9"
-"S9K2MlNSjusx6nkYWWbx7eDRTV+xhRPeDxW4t8jtKPqDF5LTusyM9WCI/nneqsIP"
-"7iTSHpxlGx37J1VbqKX5fZsfJ3wKv6ZIylzeRuFY9MFypPA2UmVd1ACDOUB3YDvY"
-"mrCVkOPEhjnZKbq4FfCpf8KNL2A5EBcZAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB"
-"Af8wDQYJKoZIhvcNAQEEBQADgYEAI0IXzwgBRXvow3JQi8Y4YdG2wZc4BWRGW87x"
-"2zOD7GOA0CWN149vb6rEchECykDsJj9LoBl6o1aRxk9WkIFnXmMOJSuJA+ilCe//"
-"81a5OhKbe0p7ym6rh190BLwh2VePFeyabq6NipfZlN6qgWUzoepf+jVblufW/2EI"
-"fbMSylc=";
-
-/* This is the cert->certKey (serial number and issuer name) of
- * the cert that we want to revoke.
- */
-static unsigned char revoked_system_principal_key[] = {
-0x40, 0x18, 0xf2, 0x35, 0x86, 0x06, 0x78, 0xce, 0x87, 0x89,
-0x0c, 0x5d, 0x68, 0x67, 0x33, 0x09, 0x30, 0x81, 0xc1, 0x31,
-0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x16,
-0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54,
-0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f,
-0x72, 0x6b, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
-0x0b, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67,
-0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x3a, 0x30,
-0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x56, 0x65,
-0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x4f, 0x62, 0x6a,
-0x65, 0x63, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e,
-0x67, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x43, 0x6c, 0x61,
-0x73, 0x73, 0x20, 0x33, 0x20, 0x4f, 0x72, 0x67, 0x61, 0x6e,
-0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x49, 0x30,
-0x47, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x40, 0x77, 0x77,
-0x77, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e,
-0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x50, 0x53, 0x20, 0x49,
-0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x62, 0x79, 0x20, 0x52,
-0x65, 0x66, 0x2e, 0x20, 0x4c, 0x49, 0x41, 0x42, 0x49, 0x4c,
-0x49, 0x54, 0x59, 0x20, 0x4c, 0x54, 0x44, 0x2e, 0x28, 0x63,
-0x29, 0x39, 0x37, 0x20, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69,
-0x67, 0x6e
-};
-
-SECStatus
-CERT_CheckForEvilCert(CERTCertificate *cert)
-{
- if ( cert->certKey.len == sizeof(revoked_system_principal_key) ) {
- if ( PORT_Memcmp(cert->certKey.data,
- revoked_system_principal_key,
- sizeof(revoked_system_principal_key)) == 0 ) {
- return(SECFailure);
- }
- }
-
- return(SECSuccess);
-}
-
-#define DEFAULT_TRUST_FLAGS (CERTDB_VALID_CA | \
- CERTDB_TRUSTED_CA | \
- CERTDB_NS_TRUSTED_CA)
-
-typedef enum {
- certUpdateNone,
- certUpdateAdd,
- certUpdateDelete,
- certUpdateAddTrust,
- certUpdateRemoveTrust,
- certUpdateSetTrust
-} certUpdateOp;
-
-typedef struct {
- char *cert;
- char *nickname;
- CERTCertTrust trust;
- int updateVersion;
- certUpdateOp op;
- CERTCertTrust trustDelta;
-} certInitEntry;
-
-static certInitEntry initialcerts[] = {
- {
- example_com_server_ca,
- "Example.com Server CA",
- { DEFAULT_TRUST_FLAGS | CERTDB_GOVT_APPROVED_CA, 0, 0 },
- 1,
- certUpdateAdd,
- { 0, 0, 0 }
- },
- {
- example_com_server_ca,
- "Example.com Server CA",
- { DEFAULT_TRUST_FLAGS | CERTDB_GOVT_APPROVED_CA, 0, 0 },
- 2,
- certUpdateAddTrust,
- { CERTDB_GOVT_APPROVED_CA, 0, 0 }
- },
-
- {
- example_com_individual_ca,
- "Example.com Individual CA",
- { 0, DEFAULT_TRUST_FLAGS, 0 },
- 1,
- certUpdateAdd,
- { 0, 0, 0 }
- },
- {
- example_com_individual_ca,
- "Example.com Individual CA",
- { 0, DEFAULT_TRUST_FLAGS, 0 },
- 2,
- certUpdateRemoveTrust,
- { 0, 0, DEFAULT_TRUST_FLAGS }
- },
-
- {
- example_com_objsign_ca,
- "Example.com Code Signing CA",
- { 0, 0, DEFAULT_TRUST_FLAGS },
- 2,
- certUpdateAdd,
- { 0, 0, 0 }
- },
-
- {
- 0, 0
- }
-};
-
-
-static SECStatus
-ConvertAndCheckCertificate(CERTCertDBHandle *handle, char *asciicert,
- char *nickname, CERTCertTrust *trust)
-{
- SECItem sdder;
- SECStatus rv;
- CERTCertificate *cert;
- PRBool conflict;
- SECItem derSubject;
-
- /* First convert ascii to binary */
- rv = ATOB_ConvertAsciiToItem (&sdder, asciicert);
- if (rv != SECSuccess) {
- return(rv);
- }
-
- /*
- ** Inside the ascii is a Signed Certificate.
- */
-
- cert = NULL;
-
- /* make sure that no conflicts exist */
- conflict = SEC_CertDBKeyConflict(&sdder, handle);
- if ( conflict ) {
- goto done;
- }
-
- rv = CERT_NameFromDERCert(&sdder, &derSubject);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- conflict = SEC_CertNicknameConflict(nickname, &derSubject, handle);
- if ( conflict ) {
- goto done;
- }
-
- cert = CERT_NewTempCertificate(handle, &sdder, NULL, PR_FALSE, PR_TRUE);
- if ( cert == NULL ) {
- goto loser;
- }
-
- rv = CERT_AddTempCertToPerm(cert, nickname, trust);
-
- CERT_DestroyCertificate(cert);
-
- if (rv == SECSuccess) {
- /*
- ** XXX should verify signatures too, if we have the certificate for
- ** XXX its issuer...
- */
- }
-
-done:
- PORT_Free(sdder.data);
- return(rv);
-
-loser:
- return(SECFailure);
-}
-
-extern void certdb_InitDBLock(void);
-
-SECStatus
-CERT_InitCertDB(CERTCertDBHandle *handle)
-{
- SECStatus rv;
- certInitEntry *entry;
-
- certdb_InitDBLock();
-
- entry = initialcerts;
-
- while ( entry->cert != NULL) {
- if ( entry->op != certUpdateDelete ) {
- rv = ConvertAndCheckCertificate(handle, entry->cert,
- entry->nickname, &entry->trust);
- /* keep going */
- }
-
- entry++;
- }
-done:
- CERT_SetDBContentVersion(CERT_DB_CONTENT_VERSION, handle);
- return(rv);
-}
-
-static CERTCertificate *
-CertFromEntry(CERTCertDBHandle *handle, char *asciicert)
-{
- SECItem sdder;
- SECStatus rv;
- CERTCertificate *cert;
-
- /* First convert ascii to binary */
- rv = ATOB_ConvertAsciiToItem (&sdder, asciicert);
- if (rv != SECSuccess) {
- return(NULL);
- }
-
- /*
- ** Inside the ascii is a Signed Certificate.
- */
-
- cert = CERT_NewTempCertificate(handle, &sdder, NULL, PR_FALSE, PR_TRUE);
-
- return(cert);
-}
-
-SECStatus
-CERT_AddNewCerts(CERTCertDBHandle *handle)
-{
- int oldversion;
- int newversion;
- certInitEntry *entry;
- CERTCertTrust tmptrust;
- SECStatus rv;
- CERTCertificate *cert;
-
- newversion = CERT_DB_CONTENT_VERSION;
-
- oldversion = CERT_GetDBContentVersion(handle);
-
- if ( newversion > oldversion ) {
- entry = initialcerts;
-
- while ( entry->cert != NULL ) {
- if ( entry->updateVersion > oldversion ) {
- switch ( entry->op ) {
- default:
- break;
- case certUpdateAdd:
- rv = ConvertAndCheckCertificate(handle, entry->cert,
- entry->nickname,
- &entry->trust);
- break;
- case certUpdateDelete:
- cert = CertFromEntry(handle, entry->cert);
- if ( cert != NULL ) {
- if ( cert->isperm ) {
- rv = SEC_DeletePermCertificate(cert);
- }
- CERT_DestroyCertificate(cert);
- }
- break;
- case certUpdateAddTrust:
- cert = CertFromEntry(handle, entry->cert);
- if ( cert != NULL ) {
- if ( cert->isperm ) {
- tmptrust = *cert->trust;
- tmptrust.sslFlags |= entry->trustDelta.sslFlags;
- tmptrust.emailFlags |=
- entry->trustDelta.emailFlags;
- tmptrust.objectSigningFlags |=
- entry->trustDelta.objectSigningFlags;
- rv = CERT_ChangeCertTrust(handle, cert,
-&tmptrust);
- }
- CERT_DestroyCertificate(cert);
- }
- break;
- case certUpdateRemoveTrust:
- cert = CertFromEntry(handle, entry->cert);
- if ( cert != NULL ) {
- if ( cert->isperm ) {
- tmptrust = *cert->trust;
- tmptrust.sslFlags &=
- (~entry->trustDelta.sslFlags);
- tmptrust.emailFlags &=
- (~entry->trustDelta.emailFlags);
- tmptrust.objectSigningFlags &=
- (~entry->trustDelta.objectSigningFlags);
- rv = CERT_ChangeCertTrust(handle, cert,
-&tmptrust);
- }
- CERT_DestroyCertificate(cert);
- }
- break;
- case certUpdateSetTrust:
- cert = CertFromEntry(handle, entry->cert);
- if ( cert != NULL ) {
- if ( cert->isperm ) {
- tmptrust = *cert->trust;
- tmptrust.sslFlags = entry->trustDelta.sslFlags;
- tmptrust.emailFlags =
- entry->trustDelta.emailFlags;
- tmptrust.objectSigningFlags =
- entry->trustDelta.objectSigningFlags;
- rv = CERT_ChangeCertTrust(handle, cert,
-&tmptrust);
- }
- CERT_DestroyCertificate(cert);
- }
- break;
- }
- }
-
- entry++;
- }
-
- CERT_SetDBContentVersion(newversion, handle);
- }
-
- return(SECSuccess);
-}
diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h
deleted file mode 100644
index ffaaaca66..000000000
--- a/security/nss/lib/certdb/certt.h
+++ /dev/null
@@ -1,804 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * certt.h - public data structures for the certificate library
- *
- * $Id$
- */
-#ifndef _CERTT_H_
-#define _CERTT_H_
-
-#include "prclist.h"
-#include "pkcs11t.h"
-#include "seccomon.h"
-#include "secmodt.h"
-#include "secoidt.h"
-#include "plarena.h"
-#include "prcvar.h"
-#include "prlock.h"
-#include "prio.h"
-#include "prmon.h"
-
-/* Non-opaque objects */
-typedef struct CERTAVAStr CERTAVA;
-typedef struct CERTAttributeStr CERTAttribute;
-typedef struct CERTAuthInfoAccessStr CERTAuthInfoAccess;
-typedef struct CERTAuthKeyIDStr CERTAuthKeyID;
-typedef struct CERTBasicConstraintsStr CERTBasicConstraints;
-typedef struct CERTCertDBHandleStr CERTCertDBHandle;
-typedef struct CERTCertExtensionStr CERTCertExtension;
-typedef struct CERTCertKeyStr CERTCertKey;
-typedef struct CERTCertListStr CERTCertList;
-typedef struct CERTCertListNodeStr CERTCertListNode;
-typedef struct CERTCertNicknamesStr CERTCertNicknames;
-typedef struct CERTCertTrustStr CERTCertTrust;
-typedef struct CERTCertificateStr CERTCertificate;
-typedef struct CERTCertificateListStr CERTCertificateList;
-typedef struct CERTCertificateRequestStr CERTCertificateRequest;
-typedef struct CERTCrlStr CERTCrl;
-typedef struct CERTCrlDistributionPointsStr CERTCrlDistributionPoints;
-typedef struct CERTCrlEntryStr CERTCrlEntry;
-typedef struct CERTCrlHeadNodeStr CERTCrlHeadNode;
-typedef struct CERTCrlKeyStr CERTCrlKey;
-typedef struct CERTCrlNodeStr CERTCrlNode;
-typedef struct CERTDERCertsStr CERTDERCerts;
-typedef struct CERTDistNamesStr CERTDistNames;
-typedef struct CERTGeneralNameStr CERTGeneralName;
-typedef struct CERTGeneralNameListStr CERTGeneralNameList;
-typedef struct CERTIssuerAndSNStr CERTIssuerAndSN;
-typedef struct CERTNameStr CERTName;
-typedef struct CERTNameConstraintStr CERTNameConstraint;
-typedef struct CERTNameConstraintsStr CERTNameConstraints;
-typedef struct CERTOKDomainNameStr CERTOKDomainName;
-typedef struct CERTPublicKeyAndChallengeStr CERTPublicKeyAndChallenge;
-typedef struct CERTRDNStr CERTRDN;
-typedef struct CERTSignedCrlStr CERTSignedCrl;
-typedef struct CERTSignedDataStr CERTSignedData;
-typedef struct CERTStatusConfigStr CERTStatusConfig;
-typedef struct CERTSubjectListStr CERTSubjectList;
-typedef struct CERTSubjectNodeStr CERTSubjectNode;
-typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
-typedef struct CERTValidityStr CERTValidity;
-typedef struct CERTVerifyLogStr CERTVerifyLog;
-typedef struct CERTVerifyLogNodeStr CERTVerifyLogNode;
-typedef struct CRLDistributionPointStr CRLDistributionPoint;
-
-/* CRL extensions type */
-typedef unsigned long CERTCrlNumber;
-
-/*
-** An X.500 AVA object
-*/
-struct CERTAVAStr {
- SECItem type;
- SECItem value;
-};
-
-/*
-** An X.500 RDN object
-*/
-struct CERTRDNStr {
- CERTAVA **avas;
-};
-
-/*
-** An X.500 name object
-*/
-struct CERTNameStr {
- PRArenaPool *arena;
- CERTRDN **rdns;
-};
-
-/*
-** An X.509 validity object
-*/
-struct CERTValidityStr {
- PRArenaPool *arena;
- SECItem notBefore;
- SECItem notAfter;
-};
-
-/*
- * A serial number and issuer name, which is used as a database key
- */
-struct CERTCertKeyStr {
- SECItem serialNumber;
- SECItem derIssuer;
-};
-
-/*
-** A signed data object. Used to implement the "signed" macro used
-** in the X.500 specs.
-*/
-struct CERTSignedDataStr {
- SECItem data;
- SECAlgorithmID signatureAlgorithm;
- SECItem signature;
-};
-
-/*
-** An X.509 subject-public-key-info object
-*/
-struct CERTSubjectPublicKeyInfoStr {
- PRArenaPool *arena;
- SECAlgorithmID algorithm;
- SECItem subjectPublicKey;
-};
-
-struct CERTPublicKeyAndChallengeStr {
- SECItem spki;
- SECItem challenge;
-};
-
-typedef struct _certDBEntryCert certDBEntryCert;
-typedef struct _certDBEntryRevocation certDBEntryRevocation;
-
-struct CERTCertTrustStr {
- unsigned int sslFlags;
- unsigned int emailFlags;
- unsigned int objectSigningFlags;
-};
-
-/*
- * defined the types of trust that exist
- */
-typedef enum {
- trustSSL,
- trustEmail,
- trustObjectSigning,
- trustTypeNone
-} SECTrustType;
-
-#define SEC_GET_TRUST_FLAGS(trust,type) \
- (((type)==trustSSL)?((trust)->sslFlags): \
- (((type)==trustEmail)?((trust)->emailFlags): \
- (((type)==trustObjectSigning)?((trust)->objectSigningFlags):0)))
-
-/*
-** An X.509.3 certificate extension
-*/
-struct CERTCertExtensionStr {
- SECItem id;
- SECItem critical;
- SECItem value;
-};
-
-struct CERTSubjectNodeStr {
- struct CERTSubjectNodeStr *next;
- struct CERTSubjectNodeStr *prev;
- SECItem certKey;
- SECItem keyID;
-};
-
-struct CERTSubjectListStr {
- PRArenaPool *arena;
- int ncerts;
- char *emailAddr;
- CERTSubjectNode *head;
- CERTSubjectNode *tail; /* do we need tail? */
- struct _certDBEntrySubject *entry;
-};
-
-/*
-** An X.509 certificate object (the unsigned form)
-*/
-struct CERTCertificateStr {
- /* the arena is used to allocate any data structures that have the same
- * lifetime as the cert. This is all stuff that hangs off of the cert
- * structure, and is all freed at the same time. I is used when the
- * cert is decoded, destroyed, and at some times when it changes
- * state
- */
- PRArenaPool *arena;
-
- /* The following fields are static after the cert has been decoded */
- char *subjectName;
- char *issuerName;
- CERTSignedData signatureWrap; /* XXX */
- SECItem derCert; /* original DER for the cert */
- SECItem derIssuer; /* DER for issuer name */
- SECItem derSubject; /* DER for subject name */
- SECItem derPublicKey; /* DER for the public key */
- SECItem certKey; /* database key for this cert */
- SECItem version;
- SECItem serialNumber;
- SECAlgorithmID signature;
- CERTName issuer;
- CERTValidity validity;
- CERTName subject;
- CERTSubjectPublicKeyInfo subjectPublicKeyInfo;
- SECItem issuerID;
- SECItem subjectID;
- CERTCertExtension **extensions;
- char *emailAddr;
- CERTCertDBHandle *dbhandle;
- SECItem subjectKeyID; /* x509v3 subject key identifier */
- PRBool keyIDGenerated; /* was the keyid generated? */
- unsigned int keyUsage; /* what uses are allowed for this cert */
- unsigned int rawKeyUsage; /* value of the key usage extension */
- PRBool keyUsagePresent; /* was the key usage extension present */
- unsigned int nsCertType; /* value of the ns cert type extension */
-
- /* these values can be set by the application to bypass certain checks
- * or to keep the cert in memory for an entire session.
- * XXX - need an api to set these
- */
- PRBool keepSession; /* keep this cert for entire session*/
- PRBool timeOK; /* is the bad validity time ok? */
- CERTOKDomainName *domainOK; /* these domain names are ok */
-
- /*
- * these values can change when the cert changes state. These state
- * changes include transitions from temp to perm or vice-versa, and
- * changes of trust flags
- */
- PRBool isperm;
- PRBool istemp;
- char *nickname;
- char *dbnickname;
- certDBEntryCert *dbEntry; /* database entry struct */
- CERTCertTrust *trust;
-
- /* the reference count is modified whenever someone looks up, dups
- * or destroys a certificate
- */
- int referenceCount;
-
- /* The subject list is a list of all certs with the same subject name.
- * It can be modified any time a cert is added or deleted from either
- * the in-memory(temporary) or on-disk(permanent) database.
- */
- CERTSubjectList *subjectList;
-
- /* these fields are used by client GUI code to keep track of ssl sockets
- * that are blocked waiting on GUI feedback related to this cert.
- * XXX - these should be moved into some sort of application specific
- * data structure. They are only used by the browser right now.
- */
- struct SECSocketNode *socketlist;
- int socketcount;
- struct SECSocketNode *authsocketlist;
- int authsocketcount;
-
- /* This is PKCS #11 stuff. */
- PK11SlotInfo *slot; /*if this cert came of a token, which is it*/
- CK_OBJECT_HANDLE pkcs11ID; /*and which object on that token is it */
- PRBool ownSlot; /*true if the cert owns the slot reference */
-};
-#define SEC_CERTIFICATE_VERSION_1 0 /* default created */
-#define SEC_CERTIFICATE_VERSION_2 1 /* v2 */
-#define SEC_CERTIFICATE_VERSION_3 2 /* v3 extensions */
-
-#define SEC_CRL_VERSION_1 0 /* default */
-#define SEC_CRL_VERSION_2 1 /* v2 extensions */
-
-/*
- * used to identify class of cert in mime stream code
- */
-#define SEC_CERT_CLASS_CA 1
-#define SEC_CERT_CLASS_SERVER 2
-#define SEC_CERT_CLASS_USER 3
-#define SEC_CERT_CLASS_EMAIL 4
-
-struct CERTDERCertsStr {
- PRArenaPool *arena;
- int numcerts;
- SECItem *rawCerts;
-};
-
-/*
-** A PKCS ? Attribute
-** XXX this is duplicated through out the code, it *should* be moved
-** to a central location. Where would be appropriate?
-*/
-struct CERTAttributeStr {
- SECItem attrType;
- SECItem **attrValue;
-};
-
-/*
-** A PKCS#10 certificate-request object (the unsigned form)
-*/
-struct CERTCertificateRequestStr {
- PRArenaPool *arena;
- SECItem version;
- CERTName subject;
- CERTSubjectPublicKeyInfo subjectPublicKeyInfo;
- SECItem **attributes;
-};
-#define SEC_CERTIFICATE_REQUEST_VERSION 0 /* what we *create* */
-
-
-/*
-** A certificate list object.
-*/
-struct CERTCertificateListStr {
- SECItem *certs;
- int len; /* number of certs */
- PRArenaPool *arena;
-};
-
-struct CERTCertListNodeStr {
- PRCList links;
- CERTCertificate *cert;
- void *appData;
-};
-
-struct CERTCertListStr {
- PRCList list;
- PRArenaPool *arena;
-};
-
-#define CERT_LIST_HEAD(l) ((CERTCertListNode *)PR_LIST_HEAD(&l->list))
-#define CERT_LIST_NEXT(n) ((CERTCertListNode *)n->links.next)
-#define CERT_LIST_END(n,l) (((void *)n) == ((void *)&l->list))
-
-struct CERTCrlEntryStr {
- SECItem serialNumber;
- SECItem revocationDate;
- CERTCertExtension **extensions;
-};
-
-struct CERTCrlStr {
- PRArenaPool *arena;
- SECItem version;
- SECAlgorithmID signatureAlg;
- SECItem derName;
- CERTName name;
- SECItem lastUpdate;
- SECItem nextUpdate; /* optional for x.509 CRL */
- CERTCrlEntry **entries;
- CERTCertExtension **extensions;
-};
-
-struct CERTCrlKeyStr {
- SECItem derName;
- SECItem dummy; /* The decoder can not skip a primitive,
- this serves as a place holder for the
- decoder to finish its task only
- */
-};
-
-struct CERTSignedCrlStr {
- PRArenaPool *arena;
- CERTCrl crl;
- certDBEntryRevocation *dbEntry; /* database entry struct */
- PRBool keep; /* keep this crl in the cache for the session*/
- PRBool isperm;
- PRBool istemp;
- int referenceCount;
- CERTCertDBHandle *dbhandle;
- CERTSignedData signatureWrap; /* XXX */
- char *url;
-};
-
-
-struct CERTCrlHeadNodeStr {
- PRArenaPool *arena;
- CERTCertDBHandle *dbhandle;
- CERTCrlNode *first;
- CERTCrlNode *last;
-};
-
-
-struct CERTCrlNodeStr {
- CERTCrlNode *next;
- int type;
- CERTSignedCrl *crl;
-};
-
-
-/*
- * Array of X.500 Distinguished Names
- */
-struct CERTDistNamesStr {
- PRArenaPool *arena;
- int nnames;
- SECItem *names;
- void *head; /* private */
-};
-
-
-#define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
-#define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
-#define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
-#define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
-#define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
-#define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
-#define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
-#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
-
-#define EXT_KEY_USAGE_TIME_STAMP (0x8000)
-#define EXT_KEY_USAGE_STATUS_RESPONDER (0x4000)
-
-#define NS_CERT_TYPE_APP ( NS_CERT_TYPE_SSL_CLIENT | \
- NS_CERT_TYPE_SSL_SERVER | \
- NS_CERT_TYPE_EMAIL | \
- NS_CERT_TYPE_OBJECT_SIGNING )
-
-#define NS_CERT_TYPE_CA ( NS_CERT_TYPE_SSL_CA | \
- NS_CERT_TYPE_EMAIL_CA | \
- NS_CERT_TYPE_OBJECT_SIGNING_CA | \
- EXT_KEY_USAGE_STATUS_RESPONDER )
-typedef enum {
- certUsageSSLClient,
- certUsageSSLServer,
- certUsageSSLServerWithStepUp,
- certUsageSSLCA,
- certUsageEmailSigner,
- certUsageEmailRecipient,
- certUsageObjectSigner,
- certUsageUserCertImport,
- certUsageVerifyCA,
- certUsageProtectedObjectSigner,
- certUsageStatusResponder,
- certUsageAnyCA
-} SECCertUsage;
-
-/*
- * Does the cert belong to the user, a peer, or a CA.
- */
-typedef enum {
- certOwnerUser,
- certOwnerPeer,
- certOwnerCA
-} CERTCertOwner;
-
-/*
- * This enum represents the state of validity times of a certificate
- */
-typedef enum {
- secCertTimeValid,
- secCertTimeExpired,
- secCertTimeNotValidYet
-} SECCertTimeValidity;
-
-/*
- * Interface for getting certificate nickname strings out of the database
- */
-
-/* these are values for the what argument below */
-#define SEC_CERT_NICKNAMES_ALL 1
-#define SEC_CERT_NICKNAMES_USER 2
-#define SEC_CERT_NICKNAMES_SERVER 3
-#define SEC_CERT_NICKNAMES_CA 4
-
-struct CERTCertNicknamesStr {
- PRArenaPool *arena;
- void *head;
- int numnicknames;
- char **nicknames;
- int what;
- int totallen;
-};
-
-struct CERTIssuerAndSNStr {
- SECItem derIssuer;
- CERTName issuer;
- SECItem serialNumber;
-};
-
-
-/* X.509 v3 Key Usage Extension flags */
-#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
-#define KU_NON_REPUDIATION (0x40) /* bit 1 */
-#define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
-#define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
-#define KU_KEY_AGREEMENT (0x08) /* bit 4 */
-#define KU_KEY_CERT_SIGN (0x04) /* bit 5 */
-#define KU_CRL_SIGN (0x02) /* bit 6 */
-#define KU_ALL (KU_DIGITAL_SIGNATURE | \
- KU_NON_REPUDIATION | \
- KU_KEY_ENCIPHERMENT | \
- KU_DATA_ENCIPHERMENT | \
- KU_KEY_AGREEMENT | \
- KU_KEY_CERT_SIGN | \
- KU_CRL_SIGN)
-
-/* This value will not occur in certs. It is used internally for the case
- * when the key type is not know ahead of time and either key agreement or
- * key encipherment are the correct value based on key type
- */
-#define KU_KEY_AGREEMENT_OR_ENCIPHERMENT (0x4000)
-
-/* internal bits that do not match bits in the x509v3 spec, but are used
- * for similar purposes
- */
-#define KU_NS_GOVT_APPROVED (0x8000) /*don't make part of KU_ALL!*/
-/*
- * x.509 v3 Basic Constraints Extension
- * If isCA is false, the pathLenConstraint is ignored.
- * Otherwise, the following pathLenConstraint values will apply:
- * < 0 - there is no limit to the certificate path
- * 0 - CA can issues end-entity certificates only
- * > 0 - the number of certificates in the certificate path is
- * limited to this number
- */
-#define CERT_UNLIMITED_PATH_CONSTRAINT -2
-
-struct CERTBasicConstraintsStr {
- PRBool isCA; /* on if is CA */
- int pathLenConstraint; /* maximum number of certificates that can be
- in the cert path. Only applies to a CA
- certificate; otherwise, it's ignored.
- */
-};
-
-/* Maximum length of a certificate chain */
-#define CERT_MAX_CERT_CHAIN 20
-
-/* x.509 v3 Reason Falgs, used in CRLDistributionPoint Extension */
-#define RF_UNUSED (0x80) /* bit 0 */
-#define RF_KEY_COMPROMISE (0x40) /* bit 1 */
-#define RF_CA_COMPROMISE (0x20) /* bit 2 */
-#define RF_AFFILIATION_CHANGED (0x10) /* bit 3 */
-#define RF_SUPERSEDED (0x08) /* bit 4 */
-#define RF_CESSATION_OF_OPERATION (0x04) /* bit 5 */
-#define RF_CERTIFICATE_HOLD (0x02) /* bit 6 */
-
-/* If we needed to extract the general name field, use this */
-/* General Name types */
-typedef enum {
- certOtherName = 1,
- certRFC822Name = 2,
- certDNSName = 3,
- certX400Address = 4,
- certDirectoryName = 5,
- certEDIPartyName = 6,
- certURI = 7,
- certIPAddress = 8,
- certRegisterID = 9
-} CERTGeneralNameType;
-
-
-typedef struct OtherNameStr {
- SECItem name;
- SECItem oid;
-}OtherName;
-
-
-
-struct CERTGeneralNameStr {
- CERTGeneralNameType type; /* name type */
- union {
- CERTName directoryName; /* distinguish name */
- OtherName OthName; /* Other Name */
- SECItem other; /* the rest of the name forms */
- }name;
- SECItem derDirectoryName; /* this is saved to simplify directory name
- comparison */
- PRCList l;
-};
-
-struct CERTGeneralNameListStr {
- PRArenaPool *arena;
- CERTGeneralName *name;
- int refCount;
- int len;
- PRLock *lock;
-};
-
-struct CERTNameConstraintStr {
- CERTGeneralName name;
- SECItem DERName;
- SECItem min;
- SECItem max;
- PRCList l;
-};
-
-
-struct CERTNameConstraintsStr {
- CERTNameConstraint *permited;
- CERTNameConstraint *excluded;
- SECItem **DERPermited;
- SECItem **DERExcluded;
-};
-
-
-/* X.509 v3 Authority Key Identifier extension. For the authority certificate
- issuer field, we only support URI now.
- */
-struct CERTAuthKeyIDStr {
- SECItem keyID; /* unique key identifier */
- CERTGeneralName *authCertIssuer; /* CA's issuer name. End with a NULL */
- SECItem authCertSerialNumber; /* CA's certificate serial number */
- SECItem **DERAuthCertIssuer; /* This holds the DER encoded format of
- the authCertIssuer field. It is used
- by the encoding engine. It should be
- used as a read only field by the caller.
- */
-};
-
-/* x.509 v3 CRL Distributeion Point */
-
-/*
- * defined the types of CRL Distribution points
- */
-typedef enum {
- generalName = 1, /* only support this for now */
- relativeDistinguishedName = 2
-} DistributionPointTypes;
-
-struct CRLDistributionPointStr {
- DistributionPointTypes distPointType;
- union {
- CERTGeneralName *fullName;
- CERTRDN relativeName;
- } distPoint;
- SECItem reasons;
- CERTGeneralName *crlIssuer;
-
- /* Reserved for internal use only*/
- SECItem derDistPoint;
- SECItem derRelativeName;
- SECItem **derCrlIssuer;
- SECItem **derFullName;
- SECItem bitsmap;
-};
-
-struct CERTCrlDistributionPointsStr {
- CRLDistributionPoint **distPoints;
-};
-
-/*
- * This structure is used to keep a log of errors when verifying
- * a cert chain. This allows multiple errors to be reported all at
- * once.
- */
-struct CERTVerifyLogNodeStr {
- CERTCertificate *cert; /* what cert had the error */
- long error; /* what error was it? */
- unsigned int depth; /* how far up the chain are we */
- void *arg; /* error specific argument */
- struct CERTVerifyLogNodeStr *next; /* next in the list */
- struct CERTVerifyLogNodeStr *prev; /* next in the list */
-};
-
-
-struct CERTVerifyLogStr {
- PRArenaPool *arena;
- unsigned int count;
- struct CERTVerifyLogNodeStr *head;
- struct CERTVerifyLogNodeStr *tail;
-};
-
-
-struct CERTOKDomainNameStr {
- CERTOKDomainName *next;
- char name[1]; /* actual length may be longer. */
-};
-
-
-typedef SECStatus PR_CALLBACK (*CERTStatusChecker) (CERTCertDBHandle *handle,
- CERTCertificate *cert,
- int64 time,
- void *pwArg);
-
-typedef SECStatus PR_CALLBACK (*CERTStatusDestroy) (CERTStatusConfig *handle);
-
-struct CERTStatusConfigStr {
- CERTStatusChecker statusChecker; /* NULL means no checking enabled */
- CERTStatusDestroy statusDestroy; /* enabled or no, will clean up */
- void *statusContext; /* cx specific to checking protocol */
-};
-
-struct CERTAuthInfoAccessStr {
- SECItem method;
- SECItem derLocation;
- CERTGeneralName *location; /* decoded location */
-};
-
-
-/* This is the typedef for the callback passed to CERT_OpenCertDB() */
-/* callback to return database name based on version number */
-typedef char * (*CERTDBNameFunc)(void *arg, int dbVersion);
-
-/*
- * types of cert packages that we can decode
- */
-typedef enum {
- certPackageNone,
- certPackageCert,
- certPackagePKCS7,
- certPackageNSCertSeq,
- certPackageNSCertWrap
-} CERTPackageType;
-
-/*
- * these types are for the PKIX Certificate Policies extension
- */
-typedef struct {
- SECOidTag oid;
- SECItem qualifierID;
- SECItem qualifierValue;
-} CERTPolicyQualifier;
-
-typedef struct {
- SECOidTag oid;
- SECItem policyID;
- CERTPolicyQualifier **policyQualifiers;
-} CERTPolicyInfo;
-
-typedef struct {
- PRArenaPool *arena;
- CERTPolicyInfo **policyInfos;
-} CERTCertificatePolicies;
-
-typedef struct {
- SECItem organization;
- SECItem **noticeNumbers;
-} CERTNoticeReference;
-
-typedef struct {
- PRArenaPool *arena;
- CERTNoticeReference noticeReference;
- SECItem derNoticeReference;
- SECItem displayText;
-} CERTUserNotice;
-
-typedef struct {
- PRArenaPool *arena;
- SECItem **oids;
-} CERTOidSequence;
-
-
-/* XXX Lisa thinks the template declarations belong in cert.h, not here? */
-
-#include "secasn1t.h" /* way down here because I expect template stuff to
- * move out of here anyway */
-
-extern const SEC_ASN1Template CERT_CertificateRequestTemplate[];
-extern const SEC_ASN1Template CERT_CertificateTemplate[];
-extern const SEC_ASN1Template SEC_SignedCertificateTemplate[];
-extern const SEC_ASN1Template CERT_CertExtensionTemplate[];
-extern const SEC_ASN1Template CERT_SequenceOfCertExtensionTemplate[];
-extern const SEC_ASN1Template SECKEY_PublicKeyTemplate[];
-extern const SEC_ASN1Template CERT_SubjectPublicKeyInfoTemplate[];
-extern const SEC_ASN1Template CERT_ValidityTemplate[];
-extern const SEC_ASN1Template CERT_PublicKeyAndChallengeTemplate[];
-extern const SEC_ASN1Template SEC_CertSequenceTemplate[];
-
-extern const SEC_ASN1Template CERT_IssuerAndSNTemplate[];
-extern const SEC_ASN1Template CERT_NameTemplate[];
-extern const SEC_ASN1Template CERT_SetOfSignedCrlTemplate[];
-extern const SEC_ASN1Template CERT_RDNTemplate[];
-extern const SEC_ASN1Template CERT_SignedDataTemplate[];
-extern const SEC_ASN1Template CERT_CrlTemplate[];
-
-/*
-** XXX should the attribute stuff be centralized for all of ns/security?
-*/
-extern const SEC_ASN1Template CERT_AttributeTemplate[];
-extern const SEC_ASN1Template CERT_SetOfAttributeTemplate[];
-
-#endif /* _CERTT_H_ */
diff --git a/security/nss/lib/certdb/certv3.c b/security/nss/lib/certdb/certv3.c
deleted file mode 100644
index ea1016234..000000000
--- a/security/nss/lib/certdb/certv3.c
+++ /dev/null
@@ -1,406 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Code for dealing with X509.V3 extensions.
- *
- * $Id$
- */
-
-#include "cert.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "secder.h"
-#include "secasn1.h"
-#include "certxutl.h"
-#include "secerr.h"
-
-SECStatus
-CERT_FindCertExtensionByOID(CERTCertificate *cert, SECItem *oid,
- SECItem *value)
-{
- return (cert_FindExtensionByOID (cert->extensions, oid, value));
-}
-
-
-SECStatus
-CERT_FindCertExtension(CERTCertificate *cert, int tag, SECItem *value)
-{
- return (cert_FindExtension (cert->extensions, tag, value));
-}
-
-static void
-SetExts(void *object, CERTCertExtension **exts)
-{
- CERTCertificate *cert = (CERTCertificate *)object;
-
- cert->extensions = exts;
- DER_SetUInteger (cert->arena, &(cert->version), SEC_CERTIFICATE_VERSION_3);
-}
-
-void *
-CERT_StartCertExtensions(CERTCertificate *cert)
-{
- return (cert_StartExtensions ((void *)cert, cert->arena, SetExts));
-}
-
-/* find the given extension in the certificate of the Issuer of 'cert' */
-SECStatus
-CERT_FindIssuerCertExtension(CERTCertificate *cert, int tag, SECItem *value)
-{
- CERTCertificate *issuercert;
- SECStatus rv;
-
- issuercert = CERT_FindCertByName(cert->dbhandle, &cert->derIssuer);
- if ( issuercert ) {
- rv = cert_FindExtension(issuercert->extensions, tag, value);
- CERT_DestroyCertificate(issuercert);
- } else {
- rv = SECFailure;
- }
-
- return(rv);
-}
-
-/* find a URL extension in the cert or its CA
- * apply the base URL string if it exists
- */
-char *
-CERT_FindCertURLExtension(CERTCertificate *cert, int tag, int catag)
-{
- SECStatus rv;
- SECItem urlitem;
- SECItem baseitem;
- SECItem urlstringitem = {siBuffer,0};
- SECItem basestringitem = {siBuffer,0};
- PRArenaPool *arena = NULL;
- PRBool hasbase;
- char *urlstring;
- char *str;
- int len;
- int i;
-
- urlstring = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( ! arena ) {
- goto loser;
- }
-
- hasbase = PR_FALSE;
- urlitem.data = NULL;
- baseitem.data = NULL;
-
- rv = cert_FindExtension(cert->extensions, tag, &urlitem);
- if ( rv == SECSuccess ) {
- rv = cert_FindExtension(cert->extensions, SEC_OID_NS_CERT_EXT_BASE_URL,
- &baseitem);
- if ( rv == SECSuccess ) {
- hasbase = PR_TRUE;
- }
-
- } else if ( catag ) {
- /* if the cert doesn't have the extensions, see if the issuer does */
- rv = CERT_FindIssuerCertExtension(cert, catag, &urlitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- rv = CERT_FindIssuerCertExtension(cert, SEC_OID_NS_CERT_EXT_BASE_URL,
- &baseitem);
- if ( rv == SECSuccess ) {
- hasbase = PR_TRUE;
- }
- } else {
- goto loser;
- }
-
- rv = SEC_ASN1DecodeItem(arena, &urlstringitem, SEC_IA5StringTemplate,
- &urlitem);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
- if ( hasbase ) {
- rv = SEC_ASN1DecodeItem(arena, &basestringitem, SEC_IA5StringTemplate,
- &baseitem);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
-
- len = urlstringitem.len + ( hasbase ? basestringitem.len : 0 ) + 1;
-
- str = urlstring = (char *)PORT_Alloc(len);
- if ( urlstring == NULL ) {
- goto loser;
- }
-
- /* copy the URL base first */
- if ( hasbase ) {
-
- /* if the urlstring has a : in it, then we assume it is an absolute
- * URL, and will not get the base string pre-pended
- */
- for ( i = 0; i < urlstringitem.len; i++ ) {
- if ( urlstringitem.data[i] == ':' ) {
- goto nobase;
- }
- }
-
- PORT_Memcpy(str, basestringitem.data, basestringitem.len);
- str += basestringitem.len;
-
- }
-
-nobase:
- /* copy the rest (or all) of the URL */
- PORT_Memcpy(str, urlstringitem.data, urlstringitem.len);
- str += urlstringitem.len;
-
- *str = '\0';
- goto done;
-
-loser:
- if ( urlstring ) {
- PORT_Free(urlstring);
- }
-
- urlstring = NULL;
-done:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- if ( baseitem.data ) {
- PORT_Free(baseitem.data);
- }
- if ( urlitem.data ) {
- PORT_Free(urlitem.data);
- }
-
- return(urlstring);
-}
-
-/*
- * get the value of the Netscape Certificate Type Extension
- */
-SECStatus
-CERT_FindNSCertTypeExtension(CERTCertificate *cert, SECItem *retItem)
-{
-
- return (CERT_FindBitStringExtension
- (cert->extensions, SEC_OID_NS_CERT_EXT_CERT_TYPE, retItem));
-}
-
-
-/*
- * get the value of a string type extension
- */
-char *
-CERT_FindNSStringExtension(CERTCertificate *cert, int oidtag)
-{
- SECItem wrapperItem, tmpItem = {siBuffer,0};
- SECStatus rv;
- PRArenaPool *arena = NULL;
- char *retstring = NULL;
-
- wrapperItem.data = NULL;
- tmpItem.data = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( ! arena ) {
- goto loser;
- }
-
- rv = cert_FindExtension(cert->extensions, oidtag,
- &wrapperItem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = SEC_ASN1DecodeItem(arena, &tmpItem, SEC_IA5StringTemplate,
- &wrapperItem);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- retstring = (char *)PORT_Alloc(tmpItem.len + 1 );
- if ( retstring == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(retstring, tmpItem.data, tmpItem.len);
- retstring[tmpItem.len] = '\0';
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- if ( wrapperItem.data ) {
- PORT_Free(wrapperItem.data);
- }
-
- return(retstring);
-}
-
-/*
- * get the value of the X.509 v3 Key Usage Extension
- */
-SECStatus
-CERT_FindKeyUsageExtension(CERTCertificate *cert, SECItem *retItem)
-{
-
- return (CERT_FindBitStringExtension(cert->extensions,
- SEC_OID_X509_KEY_USAGE, retItem));
-}
-
-/*
- * get the value of the X.509 v3 Key Usage Extension
- */
-SECStatus
-CERT_FindSubjectKeyIDExten(CERTCertificate *cert, SECItem *retItem)
-{
-
- SECItem encodedValue;
- SECStatus rv;
-
- encodedValue.data = NULL;
- rv = cert_FindExtension
- (cert->extensions, SEC_OID_X509_SUBJECT_KEY_ID, &encodedValue);
- if (rv != SECSuccess)
- return (rv);
- rv = SEC_ASN1DecodeItem (NULL, retItem, SEC_OctetStringTemplate,
- &encodedValue);
- PORT_Free (encodedValue.data);
-
- return (rv);
-}
-
-SECStatus
-CERT_FindBasicConstraintExten(CERTCertificate *cert,
- CERTBasicConstraints *value)
-{
- SECItem encodedExtenValue;
- SECStatus rv;
-
- encodedExtenValue.data = NULL;
- encodedExtenValue.len = 0;
-
- rv = cert_FindExtension(cert->extensions, SEC_OID_X509_BASIC_CONSTRAINTS,
- &encodedExtenValue);
- if ( rv != SECSuccess ) {
- return (rv);
- }
-
- rv = CERT_DecodeBasicConstraintValue (value, &encodedExtenValue);
-
- /* free the raw extension data */
- PORT_Free(encodedExtenValue.data);
- encodedExtenValue.data = NULL;
-
- return(rv);
-}
-
-CERTAuthKeyID *
-CERT_FindAuthKeyIDExten (PRArenaPool *arena, CERTCertificate *cert)
-{
- SECItem encodedExtenValue;
- SECStatus rv;
- CERTAuthKeyID *ret;
-
- encodedExtenValue.data = NULL;
- encodedExtenValue.len = 0;
-
- rv = cert_FindExtension(cert->extensions, SEC_OID_X509_AUTH_KEY_ID,
- &encodedExtenValue);
- if ( rv != SECSuccess ) {
- return (NULL);
- }
-
- ret = CERT_DecodeAuthKeyID (arena, &encodedExtenValue);
-
- PORT_Free(encodedExtenValue.data);
- encodedExtenValue.data = NULL;
-
- return(ret);
-}
-
-SECStatus
-CERT_CheckCertUsage(CERTCertificate *cert, unsigned char usage)
-{
- PRBool critical;
- SECItem keyUsage;
- SECStatus rv;
-
- /* There is no extension, v1 or v2 certificate */
- if (cert->extensions == NULL) {
- return (SECSuccess);
- }
-
- keyUsage.data = NULL;
-
- do {
- /* if the keyUsage extension exists and is critical, make sure that the
- CA certificate is used for certificate signing purpose only. If the
- extension does not exist, we will assum that it can be used for
- certificate signing purpose.
- */
- rv = CERT_GetExtenCriticality(cert->extensions,
- SEC_OID_X509_KEY_USAGE,
- &critical);
- if (rv == SECFailure) {
- rv = (PORT_GetError () == SEC_ERROR_EXTENSION_NOT_FOUND) ?
- SECSuccess : SECFailure;
- break;
- }
-
- if (critical == PR_FALSE) {
- rv = SECSuccess;
- break;
- }
-
- rv = CERT_FindKeyUsageExtension(cert, &keyUsage);
- if (rv != SECSuccess) {
- break;
- }
- if (!(keyUsage.data[0] & usage)) {
- PORT_SetError (SEC_ERROR_CERT_USAGES_INVALID);
- rv = SECFailure;
- }
- }while (0);
- PORT_Free (keyUsage.data);
- return (rv);
-}
diff --git a/security/nss/lib/certdb/certxutl.c b/security/nss/lib/certdb/certxutl.c
deleted file mode 100644
index 619f576b2..000000000
--- a/security/nss/lib/certdb/certxutl.c
+++ /dev/null
@@ -1,482 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Certificate Extensions handling code
- *
- */
-
-#include "cert.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "secder.h"
-#include "secasn1.h"
-#include "certxutl.h"
-#include "secerr.h"
-
-#ifdef OLD
-#include "ocspti.h" /* XXX a better extensions interface would not
- * require knowledge of data structures of callers */
-#endif
-
-static CERTCertExtension *
-GetExtension (CERTCertExtension **extensions, SECItem *oid)
-{
- CERTCertExtension **exts;
- CERTCertExtension *ext = NULL;
- SECComparison comp;
-
- exts = extensions;
-
- if (exts) {
- while ( *exts ) {
- ext = *exts;
- comp = SECITEM_CompareItem(oid, &ext->id);
- if ( comp == SECEqual )
- break;
-
- exts++;
- }
- return (*exts ? ext : NULL);
- }
- return (NULL);
-}
-
-SECStatus
-cert_FindExtensionByOID (CERTCertExtension **extensions, SECItem *oid, SECItem *value)
-{
- CERTCertExtension *ext;
- SECStatus rv = SECSuccess;
-
- ext = GetExtension (extensions, oid);
- if (ext == NULL) {
- PORT_SetError (SEC_ERROR_EXTENSION_NOT_FOUND);
- return (SECFailure);
- }
- if (value)
- rv = SECITEM_CopyItem(NULL, value, &ext->value);
- return (rv);
-}
-
-
-SECStatus
-CERT_GetExtenCriticality (CERTCertExtension **extensions, int tag, PRBool *isCritical)
-{
- CERTCertExtension *ext;
- SECOidData *oid;
-
- if (!isCritical)
- return (SECSuccess);
-
- /* find the extension in the extensions list */
- oid = SECOID_FindOIDByTag((SECOidTag)tag);
- if ( !oid ) {
- return(SECFailure);
- }
- ext = GetExtension (extensions, &oid->oid);
- if (ext == NULL) {
- PORT_SetError (SEC_ERROR_EXTENSION_NOT_FOUND);
- return (SECFailure);
- }
-
- /* If the criticality is omitted, then it is false by default.
- ex->critical.data is NULL */
- if (ext->critical.data == NULL)
- *isCritical = PR_FALSE;
- else
- *isCritical = (ext->critical.data[0] == 0xff) ? PR_TRUE : PR_FALSE;
- return (SECSuccess);
-}
-
-SECStatus
-cert_FindExtension(CERTCertExtension **extensions, int tag, SECItem *value)
-{
- SECOidData *oid;
-
- oid = SECOID_FindOIDByTag((SECOidTag)tag);
- if ( !oid ) {
- return(SECFailure);
- }
-
- return(cert_FindExtensionByOID(extensions, &oid->oid, value));
-}
-
-
-typedef struct _extNode {
- struct _extNode *next;
- CERTCertExtension *ext;
-} extNode;
-
-typedef struct {
- void (*setExts)(void *object, CERTCertExtension **exts);
- void *object;
- PRArenaPool *ownerArena;
- PRArenaPool *arena;
- extNode *head;
- int count;
-}extRec;
-
-/*
- * cert_StartExtensions
- *
- * NOTE: This interface changed significantly to remove knowledge
- * about callers data structures (owner objects)
- */
-void *
-cert_StartExtensions(void *owner, PRArenaPool *ownerArena,
- void (*setExts)(void *object, CERTCertExtension **exts))
-{
- PRArenaPool *arena;
- extRec *handle;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- return(0);
- }
-
- handle = (extRec *)PORT_ArenaAlloc(arena, sizeof(extRec));
- if ( !handle ) {
- PORT_FreeArena(arena, PR_FALSE);
- return(0);
- }
-
- handle->object = owner;
- handle->ownerArena = ownerArena;
- handle->setExts = setExts;
-
- handle->arena = arena;
- handle->head = 0;
- handle->count = 0;
-
- return(handle);
-}
-
-static unsigned char hextrue = 0xff;
-
-/*
- * Note - assumes that data pointed to by oid->data will not move
- */
-SECStatus
-CERT_AddExtensionByOID (void *exthandle, SECItem *oid, SECItem *value,
- PRBool critical, PRBool copyData)
-{
- CERTCertExtension *ext;
- SECStatus rv;
- extNode *node;
- extRec *handle;
-
- handle = (extRec *)exthandle;
-
- /* allocate space for extension and list node */
- ext = (CERTCertExtension*)PORT_ArenaZAlloc(handle->ownerArena,
- sizeof(CERTCertExtension));
- if ( !ext ) {
- return(SECFailure);
- }
-
- node = (extNode*)PORT_ArenaAlloc(handle->arena, sizeof(extNode));
- if ( !node ) {
- return(SECFailure);
- }
-
- /* add to list */
- node->next = handle->head;
- handle->head = node;
-
- /* point to ext struct */
- node->ext = ext;
-
- /* the object ID of the extension */
- ext->id = *oid;
-
- /* set critical field */
- if ( critical ) {
- ext->critical.data = (unsigned char*)&hextrue;
- ext->critical.len = 1;
- }
-
- /* set the value */
- if ( copyData ) {
- rv = SECITEM_CopyItem(handle->ownerArena, &ext->value, value);
- if ( rv ) {
- return(SECFailure);
- }
- } else {
- ext->value = *value;
- }
-
- handle->count++;
-
- return(SECSuccess);
-
-}
-
-SECStatus
-CERT_AddExtension(void *exthandle, int idtag, SECItem *value,
- PRBool critical, PRBool copyData)
-{
- SECOidData *oid;
-
- oid = SECOID_FindOIDByTag((SECOidTag)idtag);
- if ( !oid ) {
- return(SECFailure);
- }
-
- return(CERT_AddExtensionByOID(exthandle, &oid->oid, value, critical, copyData));
-}
-
-SECStatus
-CERT_EncodeAndAddExtension(void *exthandle, int idtag, void *value,
- PRBool critical, const SEC_ASN1Template *atemplate)
-{
- extRec *handle;
- SECItem *encitem;
-
- handle = (extRec *)exthandle;
-
- encitem = SEC_ASN1EncodeItem(handle->ownerArena, NULL, value, atemplate);
- if ( encitem == NULL ) {
- return(SECFailure);
- }
-
- return CERT_AddExtension(exthandle, idtag, encitem, critical, PR_FALSE);
-}
-
-void
-PrepareBitStringForEncoding (SECItem *bitsmap, SECItem *value)
-{
- unsigned char onebyte;
- unsigned int i, len = 0;
-
- /* to prevent warning on some platform at compile time */
- onebyte = '\0';
- /* Get the position of the right-most turn-on bit */
- for (i = 0; i < (value->len ) * 8; ++i) {
- if (i % 8 == 0)
- onebyte = value->data[i/8];
- if (onebyte & 0x80)
- len = i;
- onebyte <<= 1;
-
- }
- bitsmap->data = value->data;
- /* Add one here since we work with base 1 */
- bitsmap->len = len + 1;
-}
-
-SECStatus
-CERT_EncodeAndAddBitStrExtension (void *exthandle, int idtag,
- SECItem *value, PRBool critical)
-{
- SECItem bitsmap;
-
- PrepareBitStringForEncoding (&bitsmap, value);
- return (CERT_EncodeAndAddExtension
- (exthandle, idtag, &bitsmap, critical, SEC_BitStringTemplate));
-}
-
-SECStatus
-CERT_FinishExtensions(void *exthandle)
-{
- extRec *handle;
- extNode *node;
- CERTCertExtension **exts;
- SECStatus rv = SECFailure;
-
- handle = (extRec *)exthandle;
-
- /* allocate space for extensions array */
- exts = PORT_ArenaNewArray(handle->ownerArena, CERTCertExtension *,
- handle->count + 1);
- if (exts == NULL) {
- goto loser;
- }
-
- /* put extensions in owner object and update its version number */
-
-#ifdef OLD
- switch (handle->type) {
- case CertificateExtensions:
- handle->owner.cert->extensions = exts;
- DER_SetUInteger (ownerArena, &(handle->owner.cert->version),
- SEC_CERTIFICATE_VERSION_3);
- break;
- case CrlExtensions:
- handle->owner.crl->extensions = exts;
- DER_SetUInteger (ownerArena, &(handle->owner.crl->version),
- SEC_CRL_VERSION_2);
- break;
- case OCSPRequestExtensions:
- handle->owner.request->tbsRequest->requestExtensions = exts;
- break;
- case OCSPSingleRequestExtensions:
- handle->owner.singleRequest->singleRequestExtensions = exts;
- break;
- case OCSPResponseSingleExtensions:
- handle->owner.singleResponse->singleExtensions = exts;
- break;
- }
-#endif
-
- handle->setExts(handle->object, exts);
-
- /* update the version number */
-
- /* copy each extension pointer */
- node = handle->head;
- while ( node ) {
- *exts = node->ext;
-
- node = node->next;
- exts++;
- }
-
- /* terminate the array of extensions */
- *exts = 0;
-
- rv = SECSuccess;
-
-loser:
- /* free working arena */
- PORT_FreeArena(handle->arena, PR_FALSE);
- return rv;
-}
-
-/*
- * get the value of the Netscape Certificate Type Extension
- */
-SECStatus
-CERT_FindBitStringExtension (CERTCertExtension **extensions, int tag,
- SECItem *retItem)
-{
- SECItem wrapperItem, tmpItem = {siBuffer,0};
- SECStatus rv;
- PRArenaPool *arena = NULL;
-
- wrapperItem.data = NULL;
- tmpItem.data = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( ! arena ) {
- return(SECFailure);
- }
-
- rv = cert_FindExtension(extensions, tag, &wrapperItem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = SEC_ASN1DecodeItem(arena, &tmpItem, SEC_BitStringTemplate,
- &wrapperItem);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- retItem->data = (unsigned char *)PORT_Alloc( ( tmpItem.len + 7 ) >> 3 );
- if ( retItem->data == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(retItem->data, tmpItem.data, ( tmpItem.len + 7 ) >> 3);
- retItem->len = tmpItem.len;
-
- rv = SECSuccess;
- goto done;
-
-loser:
- rv = SECFailure;
-
-done:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- if ( wrapperItem.data ) {
- PORT_Free(wrapperItem.data);
- }
-
- return(rv);
-}
-
-PRBool
-cert_HasCriticalExtension (CERTCertExtension **extensions)
-{
- CERTCertExtension **exts;
- CERTCertExtension *ext = NULL;
- PRBool hasCriticalExten = PR_FALSE;
-
- exts = extensions;
-
- if (exts) {
- while ( *exts ) {
- ext = *exts;
- /* If the criticality is omitted, it's non-critical */
- if (ext->critical.data && ext->critical.data[0] == 0xff) {
- hasCriticalExten = PR_TRUE;
- break;
- }
- exts++;
- }
- }
- return (hasCriticalExten);
-}
-
-PRBool
-cert_HasUnknownCriticalExten (CERTCertExtension **extensions)
-{
- CERTCertExtension **exts;
- CERTCertExtension *ext = NULL;
- PRBool hasUnknownCriticalExten = PR_FALSE;
-
- exts = extensions;
-
- if (exts) {
- while ( *exts ) {
- ext = *exts;
- /* If the criticality is omitted, it's non-critical.
- If an extension is critical, make sure that we know
- how to process the extension.
- */
- if (ext->critical.data && ext->critical.data[0] == 0xff) {
- if (SECOID_KnownCertExtenOID (&ext->id) == PR_FALSE) {
- hasUnknownCriticalExten = PR_TRUE;
- break;
- }
- }
- exts++;
- }
- }
- return (hasUnknownCriticalExten);
-}
diff --git a/security/nss/lib/certdb/certxutl.h b/security/nss/lib/certdb/certxutl.h
deleted file mode 100644
index 381226a43..000000000
--- a/security/nss/lib/certdb/certxutl.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * x.509 v3 certificate extension helper routines
- *
- */
-
-
-#ifndef _CERTXUTL_H_
-#define _CERTXUTL_H_
-
-#include "nspr.h"
-
-#ifdef OLD
-typedef enum {
- CertificateExtensions,
- CrlExtensions,
- OCSPRequestExtensions,
- OCSPSingleRequestExtensions,
- OCSPResponseSingleExtensions
-} ExtensionsType;
-#endif
-
-extern PRBool
-cert_HasCriticalExtension (CERTCertExtension **extensions);
-
-extern SECStatus
-CERT_FindBitStringExtension (CERTCertExtension **extensions,
- int tag, SECItem *retItem);
-extern void *
-cert_StartExtensions (void *owner, PLArenaPool *arena,
- void (*setExts)(void *object, CERTCertExtension **exts));
-
-extern SECStatus
-cert_FindExtension (CERTCertExtension **extensions, int tag, SECItem *value);
-
-extern SECStatus
-cert_FindExtensionByOID (CERTCertExtension **extensions,
- SECItem *oid, SECItem *value);
-
-extern SECStatus
-cert_GetExtenCriticality (CERTCertExtension **extensions,
- int tag, PRBool *isCritical);
-
-extern PRBool
-cert_HasUnknownCriticalExten (CERTCertExtension **extensions);
-
-#endif
diff --git a/security/nss/lib/certdb/config.mk b/security/nss/lib/certdb/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/certdb/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c
deleted file mode 100644
index 1e0e909e1..000000000
--- a/security/nss/lib/certdb/crl.c
+++ /dev/null
@@ -1,387 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Moved from secpkcs7.c
- *
- * $Id$
- */
-
-#include "cert.h"
-#include "secder.h"
-#include "secasn1.h"
-#include "secoid.h"
-#include "certdb.h"
-#include "certxutl.h"
-#include "prtime.h"
-#include "secerr.h"
-
-const SEC_ASN1Template SEC_CERTExtensionTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertExtension) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTCertExtension,id) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
- offsetof(CERTCertExtension,critical), },
- { SEC_ASN1_OCTET_STRING,
- offsetof(CERTCertExtension,value) },
- { 0, }
-};
-
-static const SEC_ASN1Template SEC_CERTExtensionsTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_CERTExtensionTemplate}
-};
-
-/*
- * XXX Also, these templates, especially the Krl/FORTEZZA ones, need to
- * be tested; Lisa did the obvious translation but they still should be
- * verified.
- */
-
-const SEC_ASN1Template CERT_IssuerAndSNTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTIssuerAndSN) },
- { SEC_ASN1_SAVE,
- offsetof(CERTIssuerAndSN,derIssuer) },
- { SEC_ASN1_INLINE,
- offsetof(CERTIssuerAndSN,issuer),
- CERT_NameTemplate },
- { SEC_ASN1_INTEGER,
- offsetof(CERTIssuerAndSN,serialNumber) },
- { 0 }
-};
-
-static const SEC_ASN1Template cert_KrlEntryTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCrlEntry) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(CERTCrlEntry,serialNumber) },
- { SEC_ASN1_UTC_TIME,
- offsetof(CERTCrlEntry,revocationDate) },
- { 0 }
-};
-
-static const SEC_ASN1Template cert_KrlTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCrl) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCrl,signatureAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_SAVE,
- offsetof(CERTCrl,derName) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCrl,name),
- CERT_NameTemplate },
- { SEC_ASN1_UTC_TIME,
- offsetof(CERTCrl,lastUpdate) },
- { SEC_ASN1_UTC_TIME,
- offsetof(CERTCrl,nextUpdate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTCrl,entries),
- cert_KrlEntryTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template cert_SignedKrlTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTSignedCrl) },
- { SEC_ASN1_SAVE,
- offsetof(CERTSignedCrl,signatureWrap.data) },
- { SEC_ASN1_INLINE,
- offsetof(CERTSignedCrl,crl),
- cert_KrlTemplate },
- { SEC_ASN1_INLINE,
- offsetof(CERTSignedCrl,signatureWrap.signatureAlgorithm),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_BIT_STRING,
- offsetof(CERTSignedCrl,signatureWrap.signature) },
- { 0 }
-};
-
-static const SEC_ASN1Template cert_CrlKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCrlKey) },
- { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(CERTCrlKey,dummy) },
- { SEC_ASN1_SKIP },
- { SEC_ASN1_ANY, offsetof(CERTCrlKey,derName) },
- { SEC_ASN1_SKIP_REST },
- { 0 }
-};
-
-static const SEC_ASN1Template cert_CrlEntryTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCrlEntry) },
- { SEC_ASN1_INTEGER,
- offsetof(CERTCrlEntry,serialNumber) },
- { SEC_ASN1_UTC_TIME,
- offsetof(CERTCrlEntry,revocationDate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTCrlEntry, extensions),
- SEC_CERTExtensionTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CERT_CrlTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCrl) },
- { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof (CERTCrl, version) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCrl,signatureAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_SAVE,
- offsetof(CERTCrl,derName) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCrl,name),
- CERT_NameTemplate },
- { SEC_ASN1_UTC_TIME,
- offsetof(CERTCrl,lastUpdate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_UTC_TIME,
- offsetof(CERTCrl,nextUpdate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTCrl,entries),
- cert_CrlEntryTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_EXPLICIT | 0,
- offsetof(CERTCrl,extensions),
- SEC_CERTExtensionsTemplate},
- { 0 }
-};
-
-static const SEC_ASN1Template cert_SignedCrlTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTSignedCrl) },
- { SEC_ASN1_SAVE,
- offsetof(CERTSignedCrl,signatureWrap.data) },
- { SEC_ASN1_INLINE,
- offsetof(CERTSignedCrl,crl),
- CERT_CrlTemplate },
- { SEC_ASN1_INLINE,
- offsetof(CERTSignedCrl,signatureWrap.signatureAlgorithm),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_BIT_STRING,
- offsetof(CERTSignedCrl,signatureWrap.signature) },
- { 0 }
-};
-
-const SEC_ASN1Template CERT_SetOfSignedCrlTemplate[] = {
- { SEC_ASN1_SET_OF, 0, cert_SignedCrlTemplate },
-};
-
-/* Check the version of the CRL. If there is a critical extension in the crl
- or crl entry, then the version must be v2. Otherwise, it should be v1. If
- the crl contains critical extension(s), then we must recognized the extension's
- OID.
- */
-SECStatus cert_check_crl_version (CERTCrl *crl)
-{
- CERTCrlEntry **entries;
- CERTCrlEntry *entry;
- PRBool hasCriticalExten = PR_FALSE;
- SECStatus rv = SECSuccess;
- int version;
-
- /* CRL version is defaulted to v1 */
- version = SEC_CRL_VERSION_1;
- if (crl->version.data != 0)
- version = (int)DER_GetUInteger (&crl->version);
-
- if (version > SEC_CRL_VERSION_2) {
- PORT_SetError (SEC_ERROR_BAD_DER);
- return (SECFailure);
- }
-
- /* Check the crl extensions for a critial extension. If one is found,
- and the version is not v2, then we are done.
- */
- if (crl->extensions) {
- hasCriticalExten = cert_HasCriticalExtension (crl->extensions);
- if (hasCriticalExten) {
- if (version != SEC_CRL_VERSION_2)
- return (SECFailure);
- /* make sure that there is no unknown critical extension */
- if (cert_HasUnknownCriticalExten (crl->extensions) == PR_TRUE) {
- PORT_SetError (SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
- return (SECFailure);
- }
- }
- }
-
-
- if (crl->entries == NULL) {
- if (hasCriticalExten == PR_FALSE && version == SEC_CRL_VERSION_2) {
- PORT_SetError (SEC_ERROR_BAD_DER);
- return (SECFailure);
- }
- return (SECSuccess);
- }
- /* Look in the crl entry extensions. If there is a critical extension,
- then the crl version must be v2; otherwise, it should be v1.
- */
- entries = crl->entries;
- while (*entries) {
- entry = *entries;
- if (entry->extensions) {
- /* If there is a critical extension in the entries, then the
- CRL must be of version 2. If we already saw a critical extension,
- there is no need to check the version again.
- */
- if (hasCriticalExten == PR_FALSE) {
- hasCriticalExten = cert_HasCriticalExtension (entry->extensions);
- if (hasCriticalExten && version != SEC_CRL_VERSION_2) {
- rv = SECFailure;
- break;
- }
- }
-
- /* For each entry, make sure that it does not contain an unknown
- critical extension. If it does, we must reject the CRL since
- we don't know how to process the extension.
- */
- if (cert_HasUnknownCriticalExten (entry->extensions) == PR_TRUE) {
- PORT_SetError (SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
- rv = SECFailure;
- break;
- }
- }
- ++entries;
- }
- if (rv == SECFailure)
- return (rv);
-
- /* There is no critical extension, but the version is set to v2 */
- if (version != SEC_CRL_VERSION_1 && hasCriticalExten == PR_FALSE) {
- PORT_SetError (SEC_ERROR_BAD_DER);
- return (SECFailure);
- }
- return (SECSuccess);
-}
-
-/*
- * Generate a database key, based on the issuer name from a
- * DER crl.
- */
-SECStatus
-CERT_KeyFromDERCrl(PRArenaPool *arena, SECItem *derCrl, SECItem *key)
-{
- SECStatus rv;
- CERTSignedData sd;
- CERTCrlKey crlkey;
-
- PORT_Memset (&sd, 0, sizeof (sd));
- rv = SEC_ASN1DecodeItem (arena, &sd, CERT_SignedDataTemplate, derCrl);
- if (rv != SECSuccess) {
- return rv;
- }
-
- PORT_Memset (&crlkey, 0, sizeof (crlkey));
- rv = SEC_ASN1DecodeItem(arena, &crlkey, cert_CrlKeyTemplate, &sd.data);
- if (rv != SECSuccess) {
- return rv;
- }
-
- key->len = crlkey.derName.len;
- key->data = crlkey.derName.data;
-
- return(SECSuccess);
-}
-
-/*
- * take a DER CRL or KRL and decode it into a CRL structure
- */
-CERTSignedCrl *
-CERT_DecodeDERCrl(PRArenaPool *narena, SECItem *derSignedCrl, int type)
-{
- PRArenaPool *arena;
- CERTSignedCrl *crl;
- SECStatus rv;
-
- /* make a new arena */
- if (narena == NULL) {
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- return NULL;
- }
- } else {
- arena = narena;
- }
-
- /* allocate the CRL structure */
- crl = (CERTSignedCrl *)PORT_ArenaZAlloc(arena, sizeof(CERTSignedCrl));
- if ( !crl ) {
- goto loser;
- }
-
- crl->arena = arena;
-
- /* Save the arena in the inner crl for CRL extensions support */
- crl->crl.arena = arena;
-
- /* decode the CRL info */
- switch (type) {
- case SEC_CRL_TYPE:
- rv = SEC_ASN1DecodeItem
- (arena, crl, cert_SignedCrlTemplate, derSignedCrl);
- if (rv != SECSuccess)
- break;
-
- /* If the version is set to v2, make sure that it contains at
- least 1 critical extension either the crl extensions or
- crl entry extensions. */
- rv = cert_check_crl_version (&crl->crl);
- break;
-
- case SEC_KRL_TYPE:
- rv = SEC_ASN1DecodeItem
- (arena, crl, cert_SignedKrlTemplate, derSignedCrl);
- break;
- default:
- rv = SECFailure;
- break;
- }
-
- if (rv != SECSuccess) {
- goto loser;
- }
-
- crl->referenceCount = 1;
-
- return(crl);
-
-loser:
-
- if ((narena == NULL) && arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(0);
-}
diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c
deleted file mode 100644
index a603b8cec..000000000
--- a/security/nss/lib/certdb/genname.c
+++ /dev/null
@@ -1,1589 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "plarena.h"
-#include "seccomon.h"
-#include "secitem.h"
-#include "secoidt.h"
-#include "mcom_db.h"
-#include "secasn1.h"
-#include "secder.h"
-#include "certt.h"
-#include "cert.h"
-#include "xconst.h"
-#include "secerr.h"
-#include "secoid.h"
-#include "prprf.h"
-#include "genname.h"
-
-
-
-static const SEC_ASN1Template CERTNameConstraintTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNameConstraint) },
- { SEC_ASN1_ANY, offsetof(CERTNameConstraint, DERName) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTNameConstraint, min), SEC_IntegerTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CERTNameConstraint, max), SEC_IntegerTemplate },
- { 0, }
-};
-
-const SEC_ASN1Template CERT_NameConstraintSubtreeSubTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate }
-};
-
-
-const SEC_ASN1Template CERT_NameConstraintSubtreePermitedTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 0, 0, CERT_NameConstraintSubtreeSubTemplate }
-};
-
-const SEC_ASN1Template CERT_NameConstraintSubtreeExcludedTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 1, 0, CERT_NameConstraintSubtreeSubTemplate }
-};
-
-
-static const SEC_ASN1Template CERTNameConstraintsTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNameConstraints) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTNameConstraints, DERPermited), CERT_NameConstraintSubtreeSubTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CERTNameConstraints, DERExcluded), CERT_NameConstraintSubtreeSubTemplate},
- { 0, }
-};
-
-
-static const SEC_ASN1Template CERTOthNameTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(OtherName) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(OtherName, oid) },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0,
- offsetof(OtherName, name), SEC_AnyTemplate },
- { 0, }
-};
-
-static const SEC_ASN1Template CERTOtherNameTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 0 ,
- offsetof(CERTGeneralName, name.OthName), CERTOthNameTemplate,
- sizeof(CERTGeneralName) }
-};
-
-static const SEC_ASN1Template CERTOtherName2Template[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 ,
- 0, NULL, sizeof(CERTGeneralName) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, oid) },
- { SEC_ASN1_ANY,
- offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, name) },
- { 0, }
-};
-
-static const SEC_ASN1Template CERT_RFC822NameTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 1 ,
- offsetof(CERTGeneralName, name.other), SEC_IA5StringTemplate,
- sizeof (CERTGeneralName)}
-};
-
-static const SEC_ASN1Template CERT_DNSNameTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 2 ,
- offsetof(CERTGeneralName, name.other), SEC_IA5StringTemplate,
- sizeof (CERTGeneralName)}
-};
-
-static const SEC_ASN1Template CERT_X400AddressTemplate[] = {
- { SEC_ASN1_ANY | SEC_ASN1_CONTEXT_SPECIFIC | 3,
- offsetof(CERTGeneralName, name.other), SEC_AnyTemplate,
- sizeof (CERTGeneralName)}
-};
-
-static const SEC_ASN1Template CERT_DirectoryNameTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 4,
- offsetof(CERTGeneralName, derDirectoryName), SEC_AnyTemplate,
- sizeof (CERTGeneralName)}
-};
-
-
-static const SEC_ASN1Template CERT_EDIPartyNameTemplate[] = {
- { SEC_ASN1_ANY | SEC_ASN1_CONTEXT_SPECIFIC | 5,
- offsetof(CERTGeneralName, name.other), SEC_AnyTemplate,
- sizeof (CERTGeneralName)}
-};
-
-static const SEC_ASN1Template CERT_URITemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 6 ,
- offsetof(CERTGeneralName, name.other), SEC_IA5StringTemplate,
- sizeof (CERTGeneralName)}
-};
-
-static const SEC_ASN1Template CERT_IPAddressTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 7 ,
- offsetof(CERTGeneralName, name.other), SEC_OctetStringTemplate,
- sizeof (CERTGeneralName)}
-};
-
-static const SEC_ASN1Template CERT_RegisteredIDTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 8 ,
- offsetof(CERTGeneralName, name.other), SEC_ObjectIDTemplate,
- sizeof (CERTGeneralName)}
-};
-
-
-const SEC_ASN1Template CERT_GeneralNamesTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate }
-};
-
-
-
-void
-CERT_DestroyGeneralNameList(CERTGeneralNameList *list)
-{
- PRLock *lock;
-
- if (list != NULL) {
- lock = list->lock;
- PR_Lock(lock);
- if (--list->refCount <= 0 && list->arena != NULL) {
- PORT_FreeArena(list->arena, PR_FALSE);
- PR_Unlock(lock);
- PR_DestroyLock(lock);
- } else {
- PR_Unlock(lock);
- }
- }
- return;
-}
-
-CERTGeneralNameList *
-CERT_CreateGeneralNameList(CERTGeneralName *name) {
- PRArenaPool *arena;
- CERTGeneralNameList *list = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- goto done;
- }
- list = (CERTGeneralNameList *)
- PORT_ArenaZAlloc(arena, sizeof(CERTGeneralNameList));
- if (name != NULL) {
- list->name = (CERTGeneralName *)
- PORT_ArenaZAlloc(arena, sizeof(CERTGeneralName));
- list->name->l.next = list->name->l.prev = &list->name->l;
- CERT_CopyGeneralName(arena, list->name, name);
- }
- list->lock = PR_NewLock();
- list->arena = arena;
- list->refCount = 1;
-done:
- return list;
-}
-
-CERTGeneralName *
-cert_get_next_general_name(CERTGeneralName *current)
-{
- PRCList *next;
-
- next = current->l.next;
- return (CERTGeneralName *) (((char *) next) - offsetof(CERTGeneralName, l));
-}
-
-CERTGeneralName *
-cert_get_prev_general_name(CERTGeneralName *current)
-{
- PRCList *prev;
- prev = current->l.prev;
- return (CERTGeneralName *) (((char *) prev) - offsetof(CERTGeneralName, l));
-}
-
-CERTNameConstraint *
-cert_get_next_name_constraint(CERTNameConstraint *current)
-{
- PRCList *next;
-
- next = current->l.next;
- return (CERTNameConstraint *) (((char *) next) - offsetof(CERTNameConstraint, l));
-}
-
-CERTNameConstraint *
-cert_get_prev_name_constraint(CERTNameConstraint *current)
-{
- PRCList *prev;
- prev = current->l.prev;
- return (CERTNameConstraint *) (((char *) prev) - offsetof(CERTNameConstraint, l));
-}
-
-SECItem *
-cert_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest, PRArenaPool *arena)
-{
-
-
- PORT_Assert(arena);
- if (arena == NULL) {
- goto loser;
- }
- if (dest == NULL) {
- dest = (SECItem *) PORT_ArenaZAlloc(arena, sizeof(SECItem));
- }
- switch (genName->type) {
- case certURI:
- dest = SEC_ASN1EncodeItem(arena, dest, genName,
- CERT_URITemplate);
- break;
- case certRFC822Name:
- dest = SEC_ASN1EncodeItem(arena, dest, genName,
- CERT_RFC822NameTemplate);
- break;
- case certDNSName:
- dest = SEC_ASN1EncodeItem(arena, dest, genName,
- CERT_DNSNameTemplate);
- break;
- case certIPAddress:
- dest = SEC_ASN1EncodeItem(arena, dest, genName,
- CERT_IPAddressTemplate);
- break;
- case certOtherName:
- dest = SEC_ASN1EncodeItem(arena, dest, genName,
- CERTOtherNameTemplate);
- break;
- case certRegisterID:
- dest = SEC_ASN1EncodeItem(arena, dest, genName,
- CERT_RegisteredIDTemplate);
- break;
- case certEDIPartyName:
- /* for this type, we expect the value is already encoded */
- dest = SEC_ASN1EncodeItem (arena, dest, genName,
- CERT_EDIPartyNameTemplate);
- break;
- case certX400Address:
- /* for this type, we expect the value is already encoded */
- dest = SEC_ASN1EncodeItem (arena, dest, genName,
- CERT_X400AddressTemplate);
- break;
- case certDirectoryName:
- if (genName->derDirectoryName.data == NULL) {
- /* The field hasn't been encoded yet. */
- SEC_ASN1EncodeItem (arena, &(genName->derDirectoryName),
- &(genName->name.directoryName),
- CERT_NameTemplate);
- }
- if (genName->derDirectoryName.data == NULL) {
- goto loser;
- }
- dest = SEC_ASN1EncodeItem(arena, dest, genName,
- CERT_DirectoryNameTemplate);
- break;
- }
- if (!dest) {
- goto loser;
- }
- return dest;
-loser:
- return NULL;
-}
-
-
-
-SECItem **
-cert_EncodeGeneralNames(PRArenaPool *arena, CERTGeneralName *names)
-{
- CERTGeneralName *current_name;
- SECItem **items = NULL;
- int count = 0;
- int i;
- PRCList *head;
-
- PORT_Assert(arena);
- current_name = names;
- if (names != NULL) {
- count = 1;
- }
- head = &(names->l);
- while (current_name->l.next != head) {
- current_name = cert_get_next_general_name(current_name);
- ++count;
- }
- current_name = cert_get_next_general_name(current_name);
- items = (SECItem **) PORT_ArenaAlloc(arena, sizeof(SECItem *) * (count + 1));
-
- if (items == NULL) {
- goto loser;
- }
- for (i = 0; i < count; i++) {
- items[i] = cert_EncodeGeneralName(current_name, (SECItem *) NULL, arena);
- if (items[i] == NULL) {
- goto loser;
- }
- current_name = cert_get_next_general_name(current_name);
- }
- items[i] = NULL;
- return items;
-loser:
- return NULL;
-}
-
-CERTGeneralName *
-cert_DecodeGeneralName(PRArenaPool *arena,
- SECItem *encodedName,
- CERTGeneralName *genName)
-{
- CERTGeneralNameType genNameType;
- SECStatus rv = SECSuccess;
-
- PORT_Assert(arena);
- if (genName == NULL) {
- genName = (CERTGeneralName *) PORT_ArenaZAlloc(arena, sizeof(CERTGeneralName));
- }
- genNameType = (CERTGeneralNameType)((*(encodedName->data) & 0x0f) + 1);
- switch (genNameType) {
- case certURI:
- rv = SEC_ASN1DecodeItem(arena, genName, CERT_URITemplate, encodedName);
- break;
- case certRFC822Name:
- rv = SEC_ASN1DecodeItem(arena, genName, CERT_RFC822NameTemplate, encodedName);
- break;
- case certDNSName:
- rv = SEC_ASN1DecodeItem(arena, genName, CERT_DNSNameTemplate, encodedName);
- break;
- case certIPAddress:
- rv = SEC_ASN1DecodeItem(arena, genName, CERT_IPAddressTemplate, encodedName);
- break;
- case certOtherName:
- rv = SEC_ASN1DecodeItem(arena, genName, CERTOtherNameTemplate, encodedName);
- break;
- case certRegisterID:
- rv = SEC_ASN1DecodeItem(arena, genName, CERT_RegisteredIDTemplate, encodedName);
- break;
- case certEDIPartyName:
- rv = SEC_ASN1DecodeItem(arena, genName, CERT_EDIPartyNameTemplate, encodedName);
- break;
- case certX400Address:
- rv = SEC_ASN1DecodeItem(arena, genName, CERT_X400AddressTemplate, encodedName);
- break;
- case certDirectoryName:
- rv = SEC_ASN1DecodeItem
- (arena, genName, CERT_DirectoryNameTemplate, encodedName);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SEC_ASN1DecodeItem
- (arena, &(genName->name.directoryName), CERT_NameTemplate,
- &(genName->derDirectoryName));
- break;
- }
-
- if (rv != SECSuccess) {
- goto loser;
- }
- genName->type = genNameType;
- genName->l.next = (PRCList *) ((char *) genName) + offsetof(CERTGeneralName, l);
- genName->l.prev = genName->l.next;
- return genName;
-loser:
- return NULL;
-}
-
-CERTGeneralName *
-cert_DecodeGeneralNames (PRArenaPool *arena,
- SECItem **encodedGenName)
-{
- PRCList *head = NULL;
- PRCList *tail = NULL;
- CERTGeneralName *currentName = NULL;
-
- PORT_Assert(arena);
- if (!encodedGenName) {
- goto loser;
- }
- while (*encodedGenName != NULL) {
- currentName = cert_DecodeGeneralName(arena, *encodedGenName, NULL);
- if (currentName == NULL) {
- goto loser;
- }
- if (head == NULL) {
- head = &(currentName->l);
- tail = head;
- }
- currentName->l.next = head;
- currentName->l.prev = tail;
- tail = &(currentName->l);
- (cert_get_prev_general_name(currentName))->l.next = tail;
- encodedGenName++;
- }
- (cert_get_next_general_name(currentName))->l.prev = tail;
- return cert_get_next_general_name(currentName);
-loser:
- return NULL;
-}
-
-void
-CERT_DestroyGeneralName(CERTGeneralName *name)
-{
- cert_DestroyGeneralNames(name);
-}
-
-SECStatus
-cert_DestroyGeneralNames(CERTGeneralName *name)
-{
- CERTGeneralName *first;
- CERTGeneralName *next = NULL;
-
-
- first = name;
- do {
- next = cert_get_next_general_name(name);
- PORT_Free(name);
- name = next;
- } while (name != first);
- return SECSuccess;
-}
-
-SECItem *
-cert_EncodeNameConstraint(CERTNameConstraint *constraint,
- SECItem *dest,
- PRArenaPool *arena)
-{
- PORT_Assert(arena);
- if (dest == NULL) {
- dest = (SECItem *) PORT_ArenaZAlloc(arena, sizeof(SECItem));
- if (dest == NULL) {
- return NULL;
- }
- }
- cert_EncodeGeneralName(&(constraint->name), &(constraint->DERName),
- arena);
-
- dest = SEC_ASN1EncodeItem (arena, dest, constraint,
- CERTNameConstraintTemplate);
- return dest;
-}
-
-SECStatus
-cert_EncodeNameConstraintSubTree(CERTNameConstraint *constraints,
- PRArenaPool *arena,
- SECItem ***dest,
- PRBool permited)
-{
- CERTNameConstraint *current_constraint = constraints;
- SECItem **items = NULL;
- int count = 0;
- int i;
- PRCList *head;
-
- PORT_Assert(arena);
- if (constraints != NULL) {
- count = 1;
- }
- head = (PRCList *) (((char *) constraints) + offsetof(CERTNameConstraint, l));
- while (current_constraint->l.next != head) {
- current_constraint = cert_get_next_name_constraint(current_constraint);
- ++count;
- }
- current_constraint = cert_get_next_name_constraint(current_constraint);
- items = (SECItem **) PORT_ArenaZAlloc(arena, sizeof(SECItem *) * (count + 1));
-
- if (items == NULL) {
- goto loser;
- }
- for (i = 0; i < count; i++) {
- items[i] = cert_EncodeNameConstraint(current_constraint,
- (SECItem *) NULL, arena);
- if (items[i] == NULL) {
- goto loser;
- }
- current_constraint = cert_get_next_name_constraint(current_constraint);
- }
- *dest = items;
- if (*dest == NULL) {
- goto loser;
- }
- return SECSuccess;
-loser:
- return SECFailure;
-}
-
-SECStatus
-cert_EncodeNameConstraints(CERTNameConstraints *constraints,
- PRArenaPool *arena,
- SECItem *dest)
-{
- SECStatus rv = SECSuccess;
-
- PORT_Assert(arena);
- if (constraints->permited != NULL) {
- rv = cert_EncodeNameConstraintSubTree(constraints->permited, arena,
- &constraints->DERPermited, PR_TRUE);
- if (rv == SECFailure) {
- goto loser;
- }
- }
- if (constraints->excluded != NULL) {
- rv = cert_EncodeNameConstraintSubTree(constraints->excluded, arena,
- &constraints->DERExcluded, PR_FALSE);
- if (rv == SECFailure) {
- goto loser;
- }
- }
- dest = SEC_ASN1EncodeItem(arena, dest, constraints,
- CERTNameConstraintsTemplate);
- if (dest == NULL) {
- goto loser;
- }
- return SECSuccess;
-loser:
- return SECFailure;
-}
-
-
-CERTNameConstraint *
-cert_DecodeNameConstraint(PRArenaPool *arena,
- SECItem *encodedConstraint)
-{
- CERTNameConstraint *constraint;
- SECStatus rv = SECSuccess;
- CERTGeneralName *temp;
-
-
-
- PORT_Assert(arena);
- constraint = (CERTNameConstraint *) PORT_ArenaZAlloc(arena, sizeof(CERTNameConstraint));
- rv = SEC_ASN1DecodeItem(arena, constraint, CERTNameConstraintTemplate, encodedConstraint);
- if (rv != SECSuccess) {
- goto loser;
- }
- temp = cert_DecodeGeneralName(arena, &(constraint->DERName), &(constraint->name));
- if (temp != &(constraint->name)) {
- goto loser;
- }
-
- /* ### sjlee: since the name constraint contains only one
- * CERTGeneralName, the list within CERTGeneralName shouldn't
- * point anywhere else. Otherwise, bad things will happen.
- */
- constraint->name.l.prev = constraint->name.l.next = &(constraint->name.l);
- return constraint;
-loser:
- return NULL;
-}
-
-
-CERTNameConstraint *
-cert_DecodeNameConstraintSubTree(PRArenaPool *arena,
- SECItem **subTree,
- PRBool permited)
-{
- CERTNameConstraint *current = NULL;
- CERTNameConstraint *first = NULL;
- CERTNameConstraint *last = NULL;
- CERTNameConstraint *next = NULL;
- int i = 0;
-
- while (subTree[i] != NULL) {
- current = cert_DecodeNameConstraint(arena, subTree[i]);
- if (current == NULL) {
- goto loser;
- }
- if (last == NULL) {
- first = last = current;
- }
- current->l.prev = &(last->l);
- current->l.next = last->l.next;
- last->l.next = &(current->l);
- i++;
- }
- first->l.prev = &(current->l);
- return first;
-loser:
- if (first) {
- current = first;
- do {
- next = cert_get_next_name_constraint(current);
- PORT_Free(current);
- current = next;
- }while (current != first);
- }
- return NULL;
-}
-
-CERTNameConstraints *
-cert_DecodeNameConstraints(PRArenaPool *arena,
- SECItem *encodedConstraints)
-{
- CERTNameConstraints *constraints;
- SECStatus rv;
-
- PORT_Assert(arena);
- PORT_Assert(encodedConstraints);
- constraints = (CERTNameConstraints *) PORT_ArenaZAlloc(arena,
- sizeof(CERTNameConstraints));
- if (constraints == NULL) {
- goto loser;
- }
- rv = SEC_ASN1DecodeItem(arena, constraints, CERTNameConstraintsTemplate,
- encodedConstraints);
- if (rv != SECSuccess) {
- goto loser;
- }
- if (constraints->DERPermited != NULL && constraints->DERPermited[0] != NULL) {
- constraints->permited = cert_DecodeNameConstraintSubTree(arena,
- constraints->DERPermited,
- PR_TRUE);
- if (constraints->permited == NULL) {
- goto loser;
- }
- }
- if (constraints->DERExcluded != NULL && constraints->DERExcluded[0] != NULL) {
- constraints->excluded = cert_DecodeNameConstraintSubTree(arena,
- constraints->DERExcluded,
- PR_FALSE);
- if (constraints->excluded == NULL) {
- goto loser;
- }
- }
- return constraints;
-loser:
- return NULL;
-}
-
-
-SECStatus
-CERT_CopyGeneralName(PRArenaPool *arena,
- CERTGeneralName *dest,
- CERTGeneralName *src)
-{
- SECStatus rv;
- CERTGeneralName *destHead = dest;
- CERTGeneralName *srcHead = src;
- CERTGeneralName *temp;
-
- PORT_Assert(dest != NULL);
- dest->type = src->type;
- do {
- switch (src->type) {
- case certDirectoryName: {
- rv = SECITEM_CopyItem(arena, &dest->derDirectoryName, &src->derDirectoryName);
- if (rv != SECSuccess) {
- return rv;
- }
- rv = CERT_CopyName(arena, &dest->name.directoryName, &src->name.directoryName);
- break;
- }
- case certOtherName: {
- rv = SECITEM_CopyItem(arena, &dest->name.OthName.name, &src->name.OthName.name);
- if (rv != SECSuccess) {
- return rv;
- }
- rv = SECITEM_CopyItem(arena, &dest->name.OthName.oid, &src->name.OthName.oid);
- break;
- }
- default: {
- rv = SECITEM_CopyItem(arena, &dest->name.other, &src->name.other);
- }
- }
- src = cert_get_next_general_name(src);
- /* if there is only one general name, we shouldn't do this */
- if (src != srcHead) {
- if (dest->l.next == &destHead->l) {
- if (arena) {
- temp = (CERTGeneralName *)
- PORT_ArenaZAlloc(arena, sizeof(CERTGeneralName));
- } else {
- temp = (CERTGeneralName *)
- PORT_ZAlloc(sizeof(CERTGeneralName));
- }
- temp->l.next = &destHead->l;
- temp->l.prev = &dest->l;
- destHead->l.prev = &temp->l;
- dest->l.next = &temp->l;
- dest = temp;
- } else {
- dest = cert_get_next_general_name(dest);
- }
- }
- } while (src != srcHead && rv == SECSuccess);
- return rv;
-}
-
-
-CERTGeneralNameList *
-CERT_DupGeneralNameList(CERTGeneralNameList *list)
-{
- if (list != NULL) {
- PR_Lock(list->lock);
- list->refCount++;
- PR_Unlock(list->lock);
- }
- return list;
-}
-
-CERTNameConstraint *
-CERT_CopyNameConstraint(PRArenaPool *arena,
- CERTNameConstraint *dest,
- CERTNameConstraint *src)
-{
- SECStatus rv;
-
- if (dest == NULL) {
- dest = (CERTNameConstraint *) PORT_ArenaZAlloc(arena, sizeof(CERTNameConstraint));
- /* mark that it is not linked */
- dest->name.l.prev = dest->name.l.next = &(dest->name.l);
- }
- rv = CERT_CopyGeneralName(arena, &dest->name, &src->name);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SECITEM_CopyItem(arena, &dest->DERName, &src->DERName);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SECITEM_CopyItem(arena, &dest->min, &src->min);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SECITEM_CopyItem(arena, &dest->max, &src->max);
- if (rv != SECSuccess) {
- goto loser;
- }
- dest->l.prev = dest->l.next = &dest->l;
- return dest;
-loser:
- return NULL;
-}
-
-
-CERTGeneralName *
-cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2)
-{
- PRCList *begin1;
- PRCList *begin2;
- PRCList *end1;
- PRCList *end2;
-
- if (list1 == NULL){
- return list2;
- } else if (list2 == NULL) {
- return list1;
- } else {
- begin1 = &list1->l;
- begin2 = &list2->l;
- end1 = list1->l.prev;
- end2 = list2->l.prev;
- end1->next = begin2;
- end2->next = begin1;
- begin1->prev = end2;
- begin2->prev = end1;
- return list1;
- }
-}
-
-
-CERTNameConstraint *
-cert_CombineConstraintsLists(CERTNameConstraint *list1, CERTNameConstraint *list2)
-{
- PRCList *begin1;
- PRCList *begin2;
- PRCList *end1;
- PRCList *end2;
-
- if (list1 == NULL){
- return list2;
- } else if (list2 == NULL) {
- return list1;
- } else {
- begin1 = &list1->l;
- begin2 = &list2->l;
- end1 = list1->l.prev;
- end2 = list2->l.prev;
- end1->next = begin2;
- end2->next = begin1;
- begin1->prev = end2;
- begin2->prev = end1;
- return list1;
- }
-}
-
-
-CERTNameConstraint *
-CERT_AddNameConstraint(CERTNameConstraint *list,
- CERTNameConstraint *constraint)
-{
- PORT_Assert(constraint != NULL);
- constraint->l.next = constraint->l.prev = &constraint->l;
- list = cert_CombineConstraintsLists(list, constraint);
- return list;
-}
-
-
-SECStatus
-CERT_GetNameConstriantByType (CERTNameConstraint *constraints,
- CERTGeneralNameType type,
- CERTNameConstraint **returnList,
- PRArenaPool *arena)
-{
- CERTNameConstraint *current;
- CERTNameConstraint *temp;
-
- *returnList = NULL;
- if (!constraints)
- return SECSuccess;
- current = constraints;
-
- do {
- if (current->name.type == type ||
- (type == certDirectoryName && current->name.type == certRFC822Name)) {
- temp = NULL;
- temp = CERT_CopyNameConstraint(arena, temp, current);
- if (temp == NULL) {
- goto loser;
- }
- *returnList = CERT_AddNameConstraint(*returnList, temp);
- }
- current = cert_get_next_name_constraint(current);
- } while (current != constraints);
- return SECSuccess;
-loser:
- return SECFailure;
-}
-
-
-void *
-CERT_GetGeneralNameByType (CERTGeneralName *genNames,
- CERTGeneralNameType type, PRBool derFormat)
-{
- CERTGeneralName *current;
-
- if (!genNames)
- return (NULL);
- current = genNames;
-
- do {
- if (current->type == type) {
- switch (type) {
- case certDNSName:
- case certEDIPartyName:
- case certIPAddress:
- case certRegisterID:
- case certRFC822Name:
- case certX400Address:
- case certURI: {
- return &(current->name.other);
- }
- case certOtherName: {
- return &(current->name.OthName);
- break;
- }
- case certDirectoryName: {
- if (derFormat) {
- return &(current->derDirectoryName);
- } else{
- return &(current->name.directoryName);
- }
- break;
- }
- }
- }
- current = cert_get_next_general_name(current);
- } while (current != genNames);
- return (NULL);
-}
-
-int
-CERT_GetNamesLength(CERTGeneralName *names)
-{
- int length = 0;
- CERTGeneralName *first;
-
- first = names;
- if (names != NULL) {
- do {
- length++;
- names = cert_get_next_general_name(names);
- } while (names != first);
- }
- return length;
-}
-
-CERTGeneralName *
-CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena)
-{
- CERTGeneralName *DN;
- CERTGeneralName *altName;
- SECItem altNameExtension;
- SECStatus rv;
-
-
- DN = (CERTGeneralName *) PORT_ArenaZAlloc(arena, sizeof(CERTGeneralName));
- if (DN == NULL) {
- goto loser;
- }
- rv = CERT_CopyName(arena, &DN->name.directoryName, &cert->subject);
- DN->type = certDirectoryName;
- DN->l.next = DN->l.prev = &DN->l;
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SECITEM_CopyItem(arena, &DN->derDirectoryName, &cert->derSubject);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
- &altNameExtension);
- if (rv != SECSuccess) {
- return DN;
- }
- altName = CERT_DecodeAltNameExtension(arena, &altNameExtension);
- if (altName == NULL) {
- goto loser;
- }
- DN = cert_CombineNamesLists(DN, altName);
- return DN;
-loser:
- return NULL;
-}
-
-static SECStatus
-compareNameToConstraint(char *name, char *constraint, PRBool substring)
-{
- SECStatus rv;
-
- if (*constraint == '\0' && *name == '\0') {
- return SECSuccess;
- }
- if (*constraint == '*') {
- return compareNameToConstraint(name, constraint + 1, PR_TRUE);
- }
- if (substring) {
- if (*constraint == '\0') {
- return SECSuccess;
- }
- while (*name != *constraint) {
- if (*name == '\0') {
- return SECFailure;
- }
- name++;
- }
- rv = compareNameToConstraint(name + 1, constraint + 1, PR_FALSE);
- if (rv == SECSuccess) {
- return rv;
- }
- name++;
- } else {
- if (*name == *constraint) {
- name++;
- constraint++;
- } else {
- return SECFailure;
- }
- }
- return compareNameToConstraint(name, constraint, substring);
-}
-
-SECStatus
-cert_CompareNameWithConstraints(CERTGeneralName *name,
- CERTNameConstraint *constraints,
- PRBool excluded)
-{
- SECStatus rv = SECSuccess;
- char *nameString = NULL;
- char *constraintString = NULL;
- int start;
- int end;
- int tag;
- CERTRDN **nameRDNS, *nameRDN;
- CERTRDN **constraintRDNS, *constraintRDN;
- CERTAVA **nameAVAS, *nameAVA;
- CERTAVA **constraintAVAS, *constraintAVA;
- CERTNameConstraint *current;
- SECItem *avaValue;
- CERTName constraintName;
- CERTName certName;
- SECComparison status = SECEqual;
- PRArenaPool *certNameArena;
- PRArenaPool *constraintNameArena;
-
- certName.arena = NULL;
- certName.rdns = NULL;
- constraintName.arena = NULL;
- constraintName.rdns = NULL;
- if (constraints != NULL) {
- current = constraints;
- if (name->type == certDirectoryName) {
- certNameArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- CERT_CopyName(certNameArena, &certName, &name->name.directoryName);
- nameRDNS = certName.rdns;
- for (;;) {
- nameRDN = *nameRDNS++;
- nameAVAS = nameRDN->avas;
- for(;;) {
- nameAVA = *nameAVAS++;
- tag = CERT_GetAVATag(nameAVA);
- if ( tag == SEC_OID_PKCS9_EMAIL_ADDRESS ||
- tag == SEC_OID_RFC1274_MAIL) {
- avaValue = CERT_DecodeAVAValue(&nameAVA->value);
- nameString = (char*)PORT_ZAlloc(avaValue->len + 1);
- nameString = PORT_Strncpy(nameString, (char *) avaValue->data, avaValue->len);
- start = 0;
- while(nameString[start] != '@' && nameString[start + 1] != '\0') {
- start++;
- }
- start++;
- do{
- if (current->name.type == certRFC822Name) {
- constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
- constraintString = PORT_Strncpy(constraintString,
- (char *) current->name.name.other.data,
- current->name.name.other.len);
- rv = compareNameToConstraint(nameString + start, constraintString,
- PR_FALSE);
-
- if (constraintString != NULL) {
- PORT_Free(constraintString);
- constraintString = NULL;
- }
- if (nameString != NULL) {
- PORT_Free(nameString);
- nameString = NULL;
- }
- if (rv == SECSuccess && excluded == PR_TRUE) {
- goto found;
- }
- if (rv == SECSuccess && excluded == PR_FALSE) {
- break;
- }
- }
- current = cert_get_next_name_constraint(current);
- } while (current != constraints);
- }
- if (rv != SECSuccess && excluded == PR_FALSE) {
- goto loser;
- }
- if (*nameAVAS == NULL) {
- break;
- }
- }
- if (*nameRDNS == NULL) {
- break;
- }
- }
- }
- current = constraints;
- do {
- switch (name->type) {
- case certDNSName:
- nameString = (char*)PORT_ZAlloc(name->name.other.len + 1);
- nameString = PORT_Strncpy(nameString, (char *) name->name.other.data,
- name->name.other.len);
- constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
- constraintString = PORT_Strncpy(constraintString,
- (char *) current->name.name.other.data,
- current->name.name.other.len);
- rv = compareNameToConstraint(nameString, constraintString, PR_FALSE);
- if (nameString != NULL) {
- PORT_Free(nameString);
- }
- if (constraintString != NULL) {
- PORT_Free(constraintString);
- }
- break;
- case certRFC822Name:
- nameString = (char*)PORT_ZAlloc(name->name.other.len + 1);
- nameString = PORT_Strncpy(nameString, (char *) name->name.other.data,
- name->name.other.len);
- start = 0;
- while(nameString[start] != '@' && nameString[start + 1] != '\0') {
- start++;
- }
- start++;
- constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
- constraintString = PORT_Strncpy(constraintString,
- (char *) current->name.name.other.data,
- current->name.name.other.len);
- rv = compareNameToConstraint(nameString + start, constraintString, PR_FALSE);
- if (nameString != NULL) {
- PORT_Free(nameString);
- }
- if (constraintString != NULL) {
- PORT_Free(constraintString);
- }
- break;
- case certURI:
- nameString = (char*)PORT_ZAlloc(name->name.other.len + 1);
- nameString = PORT_Strncpy(nameString, (char *) name->name.other.data,
- name->name.other.len);
- while(PORT_Strncmp(nameString + start, "://", 3) != 0 &&
- nameString[start + 3] != '\0') {
- start++;
- }
- start +=3;
- end = 0;
- while(nameString[start + end] != '/' &&
- nameString[start + end] != '\0') {
- end++;
- }
- nameString[start + end] = '\0';
- constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
- constraintString = PORT_Strncpy(constraintString,
- (char *) current->name.name.other.data,
- current->name.name.other.len);
- rv = compareNameToConstraint(nameString + start, constraintString, PR_FALSE);
- if (nameString != NULL) {
- PORT_Free(nameString);
- }
- if (constraintString != NULL) {
- PORT_Free(constraintString);
- }
- break;
- case certDirectoryName:
- if (current->name.type == certDirectoryName) {
- constraintNameArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- CERT_CopyName(constraintNameArena, &constraintName, &current->name.name.directoryName);
- constraintRDNS = constraintName.rdns;
- for (;;) {
- constraintRDN = *constraintRDNS++;
- constraintAVAS = constraintRDN->avas;
- for(;;) {
- constraintAVA = *constraintAVAS++;
- certNameArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- CERT_CopyName(certNameArena, &certName, &name->name.directoryName);
- nameRDNS = certName.rdns;
- for (;;) {
- nameRDN = *nameRDNS++;
- nameAVAS = nameRDN->avas++;
- for(;;) {
- nameAVA = *nameAVAS++;
- status = CERT_CompareAVA(constraintAVA, nameAVA);
- if (status == SECEqual || *nameAVAS == NULL) {
- break;
- }
- }
- if (status == SECEqual || *nameRDNS == NULL) {
- break;
- }
- }
- if (status != SECEqual || *constraintAVAS == NULL) {
- break;
- }
- }
- if (status != SECEqual || *constraintRDNS == NULL) {
- break;
- }
- }
- if (status == SECEqual) {
- if (excluded == PR_FALSE) {
- goto found;
- } else {
- goto loser;
- }
- }
- break;
- } else if (current->name.type == certRFC822Name) {
- current = cert_get_next_name_constraint(current);
- continue;
- }
- default:
- /* other types are not supported */
- if (excluded) {
- goto found;
- } else {
- goto loser;
- }
- }
- if (rv == SECSuccess && status == SECEqual) {
- goto found;
- }
- current = cert_get_next_name_constraint(current);
- } while (current !=constraints);
- } else {
- goto found;
- }
-loser:
- if (certName.arena) {
- CERT_DestroyName(&certName);
- }
- if (constraintName.arena) {
- CERT_DestroyName(&constraintName);
- }
- return SECFailure;
-found:
- if (certName.arena) {
- CERT_DestroyName(&certName);
- }
- if (constraintName.arena) {
- CERT_DestroyName(&constraintName);
- }
- return SECSuccess;
-}
-
-
-CERTCertificate *
-CERT_CompareNameSpace(CERTCertificate *cert,
- CERTGeneralName *namesList,
- SECItem *namesListIndex,
- PRArenaPool *arena,
- CERTCertDBHandle *handle)
-{
- SECStatus rv;
- SECItem constraintsExtension;
- CERTNameConstraints *constraints;
- CERTGeneralName *currentName;
- int count = 0;
- CERTNameConstraint *matchingConstraints;
- CERTCertificate *badCert = NULL;
-
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS, &constraintsExtension);
- if (rv != SECSuccess) {
- return NULL;
- }
- constraints = cert_DecodeNameConstraints(arena, &constraintsExtension);
- currentName = namesList;
- if (constraints == NULL) {
- goto loser;
- }
- do {
- if (constraints->excluded != NULL) {
- rv = CERT_GetNameConstriantByType(constraints->excluded, currentName->type,
- &matchingConstraints, arena);
- if (rv != SECSuccess) {
- goto loser;
- }
- if (matchingConstraints != NULL) {
- rv = cert_CompareNameWithConstraints(currentName, matchingConstraints,
- PR_TRUE);
- if (rv != SECFailure) {
- goto loser;
- }
- }
- }
- if (constraints->permited != NULL) {
- rv = CERT_GetNameConstriantByType(constraints->permited, currentName->type,
- &matchingConstraints, arena);
- if (rv != SECSuccess) {
- goto loser;
- }
- if (matchingConstraints != NULL) {
- rv = cert_CompareNameWithConstraints(currentName, matchingConstraints,
- PR_FALSE);
- if (rv != SECSuccess) {
- goto loser;
- }
- } else {
- goto loser;
- }
- }
- currentName = cert_get_next_general_name(currentName);
- count ++;
- } while (currentName != namesList);
- return NULL;
-loser:
- badCert = CERT_FindCertByName (handle, &namesListIndex[count]);
- return badCert;
-}
-
-
-
-
-
-char *
-CERT_GetNickName(CERTCertificate *cert,
- CERTCertDBHandle *handle,
- PRArenaPool *nicknameArena)
-{
- CERTGeneralName *current;
- CERTGeneralName *names;
- SECItem altNameExtension;
- char *nickname = NULL;
- char *returnName = NULL;
- char *tempname = NULL;
- SECItem *nick;
- SECStatus rv;
- PRArenaPool *arena = NULL;
- int count;
- int length;
-
-
-
- if (handle == NULL) {
- handle = CERT_GetDefaultCertDB();
- }
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
- &altNameExtension);
- if (rv != SECSuccess) {
- goto loser;
- }
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- goto loser;
- }
- names = CERT_DecodeAltNameExtension(arena, &altNameExtension);
- if (names == NULL) {
- goto loser;
- }
- current = names;
- do {
- if (current->type == certOtherName &&
- SECOID_FindOIDTag(&current->name.OthName.oid) == SEC_OID_NETSCAPE_NICKNAME) {
- rv = SEC_ASN1DecodeItem(arena, nick, SEC_IA5StringTemplate,
- &current->name.OthName.name);
- if (rv != SECSuccess) {
- goto loser;
- }
- nickname = (char*)PORT_ZAlloc(nick->len + 1);
- if (nickname == NULL) {
- goto loser;
- }
- nickname = PORT_Strncpy(nickname, (char *) nick->data, nick->len);
- length = nick->len;
- count = 1;
- tempname = nickname;
- while (CERT_FindCertByNickname(handle, nickname) != NULL) {
- nickname = PR_smprintf("%s #%d", tempname, count);
- count++;
- }
- goto done;
- }
- current = cert_get_next_general_name(current);
- } while (current != names);
-loser:
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- if (nickname != NULL) {
- PORT_Free(nickname);
- }
- return NULL;
-done:
- if (nicknameArena != NULL) {
- returnName = PORT_ArenaStrdup(cert->arena, nickname);
- } else {
- returnName = PORT_Strdup(nickname);
- }
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- PORT_Free(nickname);
- return returnName;
-}
-
-
-SECStatus
-CERT_CompareGeneralName(CERTGeneralName *a, CERTGeneralName *b)
-{
- CERTGeneralName *currentA;
- CERTGeneralName *currentB;
- PRBool found;
-
- currentA = a;
- currentB = b;
- if (a != NULL) {
- do {
- if (currentB == NULL) {
- return SECFailure;
- }
- currentB = cert_get_next_general_name(currentB);
- currentA = cert_get_next_general_name(currentA);
- } while (currentA != a);
- }
- if (currentB != b) {
- return SECFailure;
- }
- currentA = a;
- do {
- currentB = b;
- found = PR_FALSE;
- do {
- if (currentB->type == currentA->type) {
- switch (currentB->type) {
- case certDNSName:
- case certEDIPartyName:
- case certIPAddress:
- case certRegisterID:
- case certRFC822Name:
- case certX400Address:
- case certURI:
- if (SECITEM_CompareItem(&currentA->name.other,
- &currentB->name.other)
- == SECEqual) {
- found = PR_TRUE;
- }
- break;
- case certOtherName:
- if (SECITEM_CompareItem(&currentA->name.OthName.oid,
- &currentB->name.OthName.oid)
- == SECEqual &&
- SECITEM_CompareItem(&currentA->name.OthName.name,
- &currentB->name.OthName.name)
- == SECEqual) {
- found = PR_TRUE;
- }
- break;
- case certDirectoryName:
- if (CERT_CompareName(&currentA->name.directoryName,
- &currentB->name.directoryName)
- == SECEqual) {
- found = PR_TRUE;
- }
- }
-
- }
- currentB = cert_get_next_general_name(currentB);
- } while (currentB != b && found != PR_TRUE);
- if (found != PR_TRUE) {
- return SECFailure;
- }
- currentA = cert_get_next_general_name(currentA);
- } while (currentA != a);
- return SECSuccess;
-}
-
-SECStatus
-CERT_CompareGeneralNameLists(CERTGeneralNameList *a, CERTGeneralNameList *b)
-{
- SECStatus rv;
-
- if (a == b) {
- return SECSuccess;
- }
- if (a != NULL && b != NULL) {
- PR_Lock(a->lock);
- PR_Lock(b->lock);
- rv = CERT_CompareGeneralName(a->name, b->name);
- PR_Unlock(a->lock);
- PR_Unlock(b->lock);
- } else {
- rv = SECFailure;
- }
- return rv;
-}
-
-void *
-CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
- CERTGeneralNameType type,
- PRArenaPool *arena)
-{
- CERTName *name = NULL;
- SECItem *item = NULL;
- OtherName *other = NULL;
- OtherName *tmpOther = NULL;
- void *data;
-
- PR_Lock(list->lock);
- data = CERT_GetGeneralNameByType(list->name, type, PR_FALSE);
- if (data != NULL) {
- switch (type) {
- case certDNSName:
- case certEDIPartyName:
- case certIPAddress:
- case certRegisterID:
- case certRFC822Name:
- case certX400Address:
- case certURI:
- if (arena != NULL) {
- item = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem));
- if (item != NULL) {
- SECITEM_CopyItem(arena, item, (SECItem *) data);
- }
- } else {
- item = SECITEM_DupItem((SECItem *) data);
- }
- PR_Unlock(list->lock);
- return item;
- case certOtherName:
- other = (OtherName *) data;
- if (arena != NULL) {
- tmpOther = (OtherName *)PORT_ArenaAlloc(arena,
- sizeof(OtherName));
- } else {
- tmpOther = (OtherName *) PORT_Alloc(sizeof(OtherName));
- }
- if (tmpOther != NULL) {
- SECITEM_CopyItem(arena, &tmpOther->oid, &other->oid);
- SECITEM_CopyItem(arena, &tmpOther->name, &other->name);
- }
- PR_Unlock(list->lock);
- return tmpOther;
- case certDirectoryName:
- if (arena == NULL) {
- PR_Unlock(list->lock);
- return NULL;
- } else {
- name = (CERTName *) PORT_ArenaZAlloc(list->arena,
- sizeof(CERTName));
- if (name != NULL) {
- CERT_CopyName(arena, name, (CERTName *) data);
- }
- PR_Unlock(list->lock);
- return name;
- }
- }
- }
- PR_Unlock(list->lock);
- return NULL;
-}
-
-void
-CERT_AddGeneralNameToList(CERTGeneralNameList *list,
- CERTGeneralNameType type,
- void *data, SECItem *oid)
-{
- CERTGeneralName *name;
-
- if (list != NULL && data != NULL) {
- PR_Lock(list->lock);
- name = (CERTGeneralName *)
- PORT_ArenaZAlloc(list->arena, sizeof(CERTGeneralName));
- name->type = type;
- switch (type) {
- case certDNSName:
- case certEDIPartyName:
- case certIPAddress:
- case certRegisterID:
- case certRFC822Name:
- case certX400Address:
- case certURI:
- SECITEM_CopyItem(list->arena, &name->name.other, (SECItem *)data);
- break;
- case certOtherName:
- SECITEM_CopyItem(list->arena, &name->name.OthName.name,
- (SECItem *) data);
- SECITEM_CopyItem(list->arena, &name->name.OthName.oid,
- oid);
- break;
- case certDirectoryName:
- CERT_CopyName(list->arena, &name->name.directoryName,
- (CERTName *) data);
- break;
- }
- name->l.prev = name->l.next = &name->l;
- list->name = cert_CombineNamesLists(list->name, name);
- list->len++;
- PR_Unlock(list->lock);
- }
- return;
-}
diff --git a/security/nss/lib/certdb/genname.h b/security/nss/lib/certdb/genname.h
deleted file mode 100644
index 0e33b8eaf..000000000
--- a/security/nss/lib/certdb/genname.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _GENAME_H_
-#define _GENAME_H_
-
-#include "plarena.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "secasn1.h"
-#include "secder.h"
-#include "certt.h"
-
-/************************************************************************/
-SEC_BEGIN_PROTOS
-
-extern const SEC_ASN1Template CERT_GeneralNamesTemplate[];
-
-extern CERTGeneralName *
-cert_get_next_general_name(CERTGeneralName *current);
-
-extern CERTGeneralName *
-cert_get_prev_general_name(CERTGeneralName *current);
-
-extern SECItem *
-cert_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest,
- PRArenaPool *arena);
-
-extern SECItem **
-cert_EncodeGeneralNames(PRArenaPool *arena, CERTGeneralName *names);
-
-extern CERTGeneralName *
-cert_DecodeGeneralName(PRArenaPool *arena, SECItem *encodedName,
- CERTGeneralName *genName);
-
-extern CERTGeneralName *
-cert_DecodeGeneralNames(PRArenaPool *arena, SECItem **encodedGenName);
-
-extern SECStatus
-cert_DestroyGeneralNames(CERTGeneralName *name);
-
-extern SECStatus
-cert_EncodeNameConstraints(CERTNameConstraints *constraints, PRArenaPool *arena,
- SECItem *dest);
-
-extern CERTNameConstraints *
-cert_DecodeNameConstraints(PRArenaPool *arena, SECItem *encodedConstraints);
-
-extern CERTGeneralName *
-cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2);
-
-extern CERTNameConstraint *
-cert_CombineConstraintsLists(CERTNameConstraint *list1, CERTNameConstraint *list2);
-
-SECStatus
-CERT_CompareGeneralName(CERTGeneralName *a, CERTGeneralName *b);
-
-SECStatus
-CERT_CopyGeneralName(PRArenaPool *arena,
- CERTGeneralName *dest,
- CERTGeneralName *src);
-
-/* General Name Lists are a thread safe, reference counting layer to
- * general names */
-
-void
-CERT_DestroyGeneralNameList(CERTGeneralNameList *list);
-
-CERTGeneralNameList *
-CERT_CreateGeneralNameList(CERTGeneralName *name);
-
-SECStatus
-CERT_CompareGeneralNameLists(CERTGeneralNameList *a, CERTGeneralNameList *b);
-
-void *
-CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
- CERTGeneralNameType type,
- PRArenaPool *arena);
-
-void
-CERT_AddGeneralNameToList(CERTGeneralNameList *list,
- CERTGeneralNameType type,
- void *data, SECItem *oid);
-
-
-CERTGeneralNameList *
-CERT_DupGeneralNameList(CERTGeneralNameList *list);
-
-
-int
-CERT_GetNamesLength(CERTGeneralName *names);
-/************************************************************************/
-SEC_END_PROTOS
-
-#endif
diff --git a/security/nss/lib/certdb/manifest.mn b/security/nss/lib/certdb/manifest.mn
deleted file mode 100644
index 168cd2b6a..000000000
--- a/security/nss/lib/certdb/manifest.mn
+++ /dev/null
@@ -1,76 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-EXPORTS = \
- cert.h \
- certt.h \
- certdb.h \
- cdbhdl.h \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- genname.h \
- xconst.h \
- certxutl.h \
- $(NULL)
-
-MODULE = security
-
-ifdef MOZILLA_SECURITY_BUILD
-CERTINIT=nscertinit.c
-DEFINES += -DUSE_NS_ROOTS
-else
-CERTINIT=certinit.c
-endif
-
-CSRCS = \
- alg1485.c \
- certdb.c \
- certv3.c \
- $(CERTINIT) \
- certxutl.c \
- crl.c \
- genname.c \
- pcertdb.c \
- polcyxtn.c \
- secname.c \
- xauthkid.c \
- xbsconst.c \
- xconst.c \
- $(NULL)
-
-REQUIRES = security dbm
-
-LIBRARY_NAME = certdb
-
diff --git a/security/nss/lib/certdb/pcertdb.c b/security/nss/lib/certdb/pcertdb.c
deleted file mode 100644
index 9edd232b0..000000000
--- a/security/nss/lib/certdb/pcertdb.c
+++ /dev/null
@@ -1,7340 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Permanent Certificate database handling code
- *
- * $Id$
- */
-#include "prtime.h"
-
-#include "cert.h"
-#include "mcom_db.h"
-#include "certdb.h"
-#include "secitem.h"
-#include "secder.h"
-
-/* Call to PK11_FreeSlot below */
-
-#include "secasn1.h"
-#include "secerr.h"
-#include "prlock.h"
-#include "prmon.h"
-#include "nsslocks.h"
-#include "base64.h"
-#include "sechash.h"
-#include "plhash.h"
-
-#include "cdbhdl.h"
-
-/*
- * the following functions are wrappers for the db library that implement
- * a global lock to make the database thread safe.
- */
-static PRLock *dbLock = NULL;
-
-void
-certdb_InitDBLock(void)
-{
- if (dbLock == NULL) {
- nss_InitLock(&dbLock);
- PORT_Assert(dbLock != NULL);
- }
-
- return;
-}
-
-static int
-certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags)
-{
- PRStatus prstat;
- int ret;
-
- PORT_Assert(dbLock != NULL);
- PR_Lock(dbLock);
-
- ret = (* db->get)(db, key, data, flags);
-
- prstat = PR_Unlock(dbLock);
-
- return(ret);
-}
-
-static int
-certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags)
-{
- PRStatus prstat;
- int ret;
-
- PORT_Assert(dbLock != NULL);
- PR_Lock(dbLock);
-
- ret = (* db->put)(db, key, data, flags);
-
- prstat = PR_Unlock(dbLock);
-
- return(ret);
-}
-
-static int
-certdb_Sync(DB *db, unsigned int flags)
-{
- PRStatus prstat;
- int ret;
-
- PORT_Assert(dbLock != NULL);
- PR_Lock(dbLock);
-
- ret = (* db->sync)(db, flags);
-
- prstat = PR_Unlock(dbLock);
-
- return(ret);
-}
-
-static int
-certdb_Del(DB *db, DBT *key, unsigned int flags)
-{
- PRStatus prstat;
- int ret;
-
- PORT_Assert(dbLock != NULL);
- PR_Lock(dbLock);
-
- ret = (* db->del)(db, key, flags);
-
- prstat = PR_Unlock(dbLock);
-
- return(ret);
-}
-
-static int
-certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags)
-{
- PRStatus prstat;
- int ret;
-
- PORT_Assert(dbLock != NULL);
- PR_Lock(dbLock);
-
- ret = (* db->seq)(db, key, data, flags);
-
- prstat = PR_Unlock(dbLock);
-
- return(ret);
-}
-
-static void
-certdb_Close(DB *db)
-{
- PRStatus prstat;
-
- PORT_Assert(dbLock != NULL);
- PR_Lock(dbLock);
-
- (* db->close)(db);
-
- prstat = PR_Unlock(dbLock);
-
- return;
-}
-
-/* forward references */
-static void CERT_DestroyCertificateNoLocking(CERTCertificate *cert);
-static SECStatus AddCertToSPKDigestTable(CERTCertDBHandle *handle,
- CERTCertificate *cert);
-static SECStatus RemoveCertFromSPKDigestTable(CERTCertDBHandle *handle,
- CERTCertificate *cert);
-
-static SECStatus
-DeleteDBEntry(CERTCertDBHandle *handle, certDBEntryType type, SECItem *dbkey)
-{
- DBT key;
- int ret;
-
- /* init the database key */
- key.data = dbkey->data;
- key.size = dbkey->len;
-
- dbkey->data[0] = (unsigned char)type;
-
- /* delete entry from database */
- ret = certdb_Del(handle->permCertDB, &key, 0 );
- if ( ret != 0 ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- ret = certdb_Sync(handle->permCertDB, 0);
- if ( ret ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-static SECStatus
-ReadDBEntry(CERTCertDBHandle *handle, certDBEntryCommon *entry,
- SECItem *dbkey, SECItem *dbentry, PRArenaPool *arena)
-{
- DBT data, key;
- int ret;
- unsigned char *buf;
-
- /* init the database key */
- key.data = dbkey->data;
- key.size = dbkey->len;
-
- dbkey->data[0] = (unsigned char)entry->type;
-
- /* read entry from database */
- ret = certdb_Get(handle->permCertDB, &key, &data, 0 );
- if ( ret != 0 ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- /* validate the entry */
- if ( data.size < SEC_DB_ENTRY_HEADER_LEN ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
- buf = (unsigned char *)data.data;
- if ( buf[0] != (unsigned char)CERT_DB_FILE_VERSION ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
- if ( buf[1] != (unsigned char)entry->type ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- /* copy out header information */
- entry->version = (unsigned int)buf[0];
- entry->type = (certDBEntryType)buf[1];
- entry->flags = (unsigned int)buf[2];
-
- /* format body of entry for return to caller */
- dbentry->len = data.size - SEC_DB_ENTRY_HEADER_LEN;
- if ( dbentry->len ) {
- dbentry->data = (unsigned char *)PORT_ArenaAlloc(arena, dbentry->len);
- if ( dbentry->data == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- PORT_Memcpy(dbentry->data, &buf[SEC_DB_ENTRY_HEADER_LEN],
- dbentry->len);
- } else {
- dbentry->data = NULL;
- }
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/**
- ** Implement low level database access
- **/
-static SECStatus
-WriteDBEntry(CERTCertDBHandle *handle, certDBEntryCommon *entry,
- SECItem *dbkey, SECItem *dbentry)
-{
- int ret;
- DBT data, key;
- unsigned char *buf;
-
- data.data = dbentry->data;
- data.size = dbentry->len;
-
- buf = (unsigned char*)data.data;
-
- buf[0] = (unsigned char)entry->version;
- buf[1] = (unsigned char)entry->type;
- buf[2] = (unsigned char)entry->flags;
-
- key.data = dbkey->data;
- key.size = dbkey->len;
-
- dbkey->data[0] = (unsigned char)entry->type;
-
- /* put the record into the database now */
- ret = certdb_Put(handle->permCertDB, &key, &data, 0);
-
- if ( ret != 0 ) {
- goto loser;
- }
-
- ret = certdb_Sync( handle->permCertDB, 0 );
-
- if ( ret ) {
- goto loser;
- }
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * encode a database cert record
- */
-static SECStatus
-EncodeDBCertEntry(certDBEntryCert *entry, PRArenaPool *arena, SECItem *dbitem)
-{
- unsigned int nnlen;
- unsigned char *buf;
- char *nn;
- char zbuf = 0;
-
- if ( entry->nickname ) {
- nn = entry->nickname;
- } else {
- nn = &zbuf;
- }
- nnlen = PORT_Strlen(nn) + 1;
-
- /* allocate space for encoded database record, including space
- * for low level header
- */
- dbitem->len = entry->derCert.len + nnlen + DB_CERT_ENTRY_HEADER_LEN +
- SEC_DB_ENTRY_HEADER_LEN;
-
- dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
- if ( dbitem->data == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* fill in database record */
- buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
-
- buf[0] = ( entry->trust.sslFlags >> 8 ) & 0xff;
- buf[1] = entry->trust.sslFlags & 0xff;
- buf[2] = ( entry->trust.emailFlags >> 8 ) & 0xff;
- buf[3] = entry->trust.emailFlags & 0xff;
- buf[4] = ( entry->trust.objectSigningFlags >> 8 ) & 0xff;
- buf[5] = entry->trust.objectSigningFlags & 0xff;
- buf[6] = ( entry->derCert.len >> 8 ) & 0xff;
- buf[7] = entry->derCert.len & 0xff;
- buf[8] = ( nnlen >> 8 ) & 0xff;
- buf[9] = nnlen & 0xff;
-
- PORT_Memcpy(&buf[DB_CERT_ENTRY_HEADER_LEN], entry->derCert.data,
- entry->derCert.len);
-
- PORT_Memcpy(&buf[DB_CERT_ENTRY_HEADER_LEN + entry->derCert.len],
- nn, nnlen);
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * encode a database key for a cert record
- */
-static SECStatus
-EncodeDBCertKey(SECItem *certKey, PRArenaPool *arena, SECItem *dbkey)
-{
- dbkey->len = certKey->len + SEC_DB_KEY_HEADER_LEN;
- dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
- if ( dbkey->data == NULL ) {
- goto loser;
- }
- PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN],
- certKey->data, certKey->len);
- dbkey->data[0] = certDBEntryTypeCert;
-
- return(SECSuccess);
-loser:
- return(SECFailure);
-}
-
-static SECStatus
-EncodeDBGenericKey(SECItem *certKey, PRArenaPool *arena, SECItem *dbkey,
- certDBEntryType entryType)
-{
- /*
- * we only allow _one_ KRL key!
- */
- if (entryType == certDBEntryTypeKeyRevocation) {
- dbkey->len = SEC_DB_KEY_HEADER_LEN;
- dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
- if ( dbkey->data == NULL ) {
- goto loser;
- }
- dbkey->data[0] = (unsigned char) entryType;
- return(SECSuccess);
- }
-
-
- dbkey->len = certKey->len + SEC_DB_KEY_HEADER_LEN;
- dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
- if ( dbkey->data == NULL ) {
- goto loser;
- }
- PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN],
- certKey->data, certKey->len);
- dbkey->data[0] = (unsigned char) entryType;
-
- return(SECSuccess);
-loser:
- return(SECFailure);
-}
-
-static SECStatus
-DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry)
-{
- unsigned int nnlen;
- int headerlen;
- int lenoff;
-
- /* allow updates of old versions of the database */
- switch ( entry->common.version ) {
- case 5:
- headerlen = DB_CERT_V5_ENTRY_HEADER_LEN;
- lenoff = 3;
- break;
- case 6:
- /* should not get here */
- PORT_Assert(0);
- headerlen = DB_CERT_V6_ENTRY_HEADER_LEN;
- lenoff = 3;
- break;
- case 7:
- headerlen = DB_CERT_ENTRY_HEADER_LEN;
- lenoff = 6;
- break;
- default:
- /* better not get here */
- PORT_Assert(0);
- headerlen = DB_CERT_V5_ENTRY_HEADER_LEN;
- lenoff = 3;
- break;
- }
-
- /* is record long enough for header? */
- if ( dbentry->len < headerlen ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- /* is database entry correct length? */
- entry->derCert.len = ( ( dbentry->data[lenoff] << 8 ) |
- dbentry->data[lenoff+1] );
- nnlen = ( ( dbentry->data[lenoff+2] << 8 ) | dbentry->data[lenoff+3] );
- if ( ( entry->derCert.len + nnlen + headerlen )
- != dbentry->len) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- /* copy the dercert */
- entry->derCert.data = (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
- entry->derCert.len);
- if ( entry->derCert.data == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->derCert.data, &dbentry->data[headerlen],
- entry->derCert.len);
-
- /* copy the nickname */
- if ( nnlen > 1 ) {
- entry->nickname = (char *)PORT_ArenaAlloc(entry->common.arena, nnlen);
- if ( entry->nickname == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->nickname,
- &dbentry->data[headerlen +
- entry->derCert.len],
- nnlen);
- } else {
- entry->nickname = NULL;
- }
-
- if ( entry->common.version < 7 ) {
- /* allow updates of v5 db */
- entry->trust.sslFlags = dbentry->data[0];
- entry->trust.emailFlags = dbentry->data[1];
- entry->trust.objectSigningFlags = dbentry->data[2];
- } else {
- entry->trust.sslFlags = ( dbentry->data[0] << 8 ) | dbentry->data[1];
- entry->trust.emailFlags = ( dbentry->data[2] << 8 ) | dbentry->data[3];
- entry->trust.objectSigningFlags =
- ( dbentry->data[4] << 8 ) | dbentry->data[5];
- }
-
- return(SECSuccess);
-loser:
- return(SECFailure);
-}
-
-
-/*
- * Create a new certDBEntryCert from existing data
- */
-static certDBEntryCert *
-NewDBCertEntry(SECItem *derCert, char *nickname,
- CERTCertTrust *trust, int flags)
-{
- certDBEntryCert *entry;
- PRArenaPool *arena = NULL;
- int nnlen;
-
- arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE );
-
- if ( !arena ) {
- goto loser;
- }
-
- entry = (certDBEntryCert *)PORT_ArenaZAlloc(arena, sizeof(certDBEntryCert));
-
- if ( entry == NULL ) {
- goto loser;
- }
-
- /* fill in the dbCert */
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeCert;
- entry->common.version = CERT_DB_FILE_VERSION;
- entry->common.flags = flags;
-
- if ( trust ) {
- entry->trust = *trust;
- }
-
- entry->derCert.data = (unsigned char *)PORT_ArenaAlloc(arena, derCert->len);
- if ( !entry->derCert.data ) {
- goto loser;
- }
- entry->derCert.len = derCert->len;
- PORT_Memcpy(entry->derCert.data, derCert->data, derCert->len);
-
- nnlen = ( nickname ? strlen(nickname) + 1 : 0 );
-
- if ( nnlen ) {
- entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
- if ( !entry->nickname ) {
- goto loser;
- }
- PORT_Memcpy(entry->nickname, nickname, nnlen);
-
- } else {
- entry->nickname = 0;
- }
-
- return(entry);
-
-loser:
-
- /* allocation error, free arena and return */
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return(0);
-}
-
-/*
- * Decode a version 4 DBCert from the byte stream database format
- * and construct a current database entry struct
- */
-static certDBEntryCert *
-DecodeV4DBCertEntry(unsigned char *buf, int len)
-{
- certDBEntryCert *entry;
- int certlen;
- int nnlen;
- PRArenaPool *arena;
-
- /* make sure length is at least long enough for the header */
- if ( len < DBCERT_V4_HEADER_LEN ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- return(0);
- }
-
- /* get other lengths */
- certlen = buf[3] << 8 | buf[4];
- nnlen = buf[5] << 8 | buf[6];
-
- /* make sure DB entry is the right size */
- if ( ( certlen + nnlen + DBCERT_V4_HEADER_LEN ) != len ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- return(0);
- }
-
- /* allocate arena */
- arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE );
-
- if ( !arena ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return(0);
- }
-
- /* allocate structure and members */
- entry = (certDBEntryCert *) PORT_ArenaAlloc(arena, sizeof(certDBEntryCert));
-
- if ( !entry ) {
- goto loser;
- }
-
- entry->derCert.data = (unsigned char *)PORT_ArenaAlloc(arena, certlen);
- if ( !entry->derCert.data ) {
- goto loser;
- }
- entry->derCert.len = certlen;
-
- if ( nnlen ) {
- entry->nickname = (char *) PORT_ArenaAlloc(arena, nnlen);
- if ( !entry->nickname ) {
- goto loser;
- }
- } else {
- entry->nickname = 0;
- }
-
- entry->common.arena = arena;
- entry->common.version = CERT_DB_FILE_VERSION;
- entry->common.type = certDBEntryTypeCert;
- entry->common.flags = 0;
- entry->trust.sslFlags = buf[0];
- entry->trust.emailFlags = buf[1];
- entry->trust.objectSigningFlags = buf[2];
-
- PORT_Memcpy(entry->derCert.data, &buf[DBCERT_V4_HEADER_LEN], certlen);
- PORT_Memcpy(entry->nickname, &buf[DBCERT_V4_HEADER_LEN + certlen], nnlen);
-
- return(entry);
-
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return(0);
-}
-
-/*
- * Encode a Certificate database entry into byte stream suitable for
- * the database
- */
-static SECStatus
-WriteDBCertEntry(CERTCertDBHandle *handle, certDBEntryCert *entry)
-{
- SECItem dbitem, dbkey;
- PRArenaPool *tmparena = NULL;
- SECItem tmpitem;
- SECStatus rv;
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBCertEntry(entry, tmparena, &dbitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* get the database key and format it */
- rv = CERT_KeyFromDERCert(tmparena, &entry->derCert, &tmpitem);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- rv = EncodeDBCertKey(&tmpitem, tmparena, &dbkey);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- /* now write it to the database */
- rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- return(SECFailure);
-}
-
-
-/*
- * delete a certificate entry
- */
-static SECStatus
-DeleteDBCertEntry(CERTCertDBHandle *handle, SECItem *certKey)
-{
- SECItem dbkey;
- PRArenaPool *arena = NULL;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBCertKey(certKey, arena, &dbkey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = DeleteDBEntry(handle, certDBEntryTypeCert, &dbkey);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(SECFailure);
-}
-
-/*
- * Read a certificate entry
- */
-static certDBEntryCert *
-ReadDBCertEntry(CERTCertDBHandle *handle, SECItem *certKey)
-{
- PRArenaPool *arena = NULL;
- PRArenaPool *tmparena = NULL;
- certDBEntryCert *entry;
- SECItem dbkey;
- SECItem dbentry;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntryCert *)PORT_ArenaAlloc(arena, sizeof(certDBEntryCert));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeCert;
-
- rv = EncodeDBCertKey(certKey, tmparena, &dbkey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- rv = DecodeDBCertEntry(entry, &dbentry);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(entry);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-/*
- * encode a database cert record
- */
-static SECStatus
-EncodeDBCrlEntry(certDBEntryRevocation *entry, PRArenaPool *arena, SECItem *dbitem)
-{
- unsigned int nnlen = 0;
- unsigned char *buf;
-
- if (entry->url) {
- nnlen = PORT_Strlen(entry->url) + 1;
- }
-
- /* allocate space for encoded database record, including space
- * for low level header
- */
- dbitem->len = entry->derCrl.len + nnlen
- + SEC_DB_ENTRY_HEADER_LEN + DB_CRL_ENTRY_HEADER_LEN;
-
- dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
- if ( dbitem->data == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* fill in database record */
- buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
-
- buf[0] = ( entry->derCrl.len >> 8 ) & 0xff;
- buf[1] = entry->derCrl.len & 0xff;
- buf[2] = ( nnlen >> 8 ) & 0xff;
- buf[3] = nnlen & 0xff;
-
- PORT_Memcpy(&buf[DB_CRL_ENTRY_HEADER_LEN], entry->derCrl.data,
- entry->derCrl.len);
-
- if (nnlen != 0) {
- PORT_Memcpy(&buf[DB_CRL_ENTRY_HEADER_LEN + entry->derCrl.len],
- entry->url, nnlen);
- }
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-static SECStatus
-DecodeDBCrlEntry(certDBEntryRevocation *entry, SECItem *dbentry)
-{
- unsigned int nnlen;
-
- /* is record long enough for header? */
- if ( dbentry->len < DB_CRL_ENTRY_HEADER_LEN ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- /* is database entry correct length? */
- entry->derCrl.len = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
- nnlen = ( ( dbentry->data[2] << 8 ) | dbentry->data[3] );
- if ( ( entry->derCrl.len + nnlen + DB_CRL_ENTRY_HEADER_LEN )
- != dbentry->len) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- /* copy the dercert */
- entry->derCrl.data = (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
- entry->derCrl.len);
- if ( entry->derCrl.data == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->derCrl.data, &dbentry->data[DB_CRL_ENTRY_HEADER_LEN],
- entry->derCrl.len);
-
- /* copy the url */
- entry->url = NULL;
- if (nnlen != 0) {
- entry->url = (char *)PORT_ArenaAlloc(entry->common.arena, nnlen);
- if ( entry->url == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->url,
- &dbentry->data[DB_CRL_ENTRY_HEADER_LEN + entry->derCrl.len],
- nnlen);
- }
-
- return(SECSuccess);
-loser:
- return(SECFailure);
-}
-
-/*
- * Create a new certDBEntryRevocation from existing data
- */
-static certDBEntryRevocation *
-NewDBCrlEntry(SECItem *derCrl, char * url, certDBEntryType crlType, int flags)
-{
- certDBEntryRevocation *entry;
- PRArenaPool *arena = NULL;
- int nnlen;
-
- arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE );
-
- if ( !arena ) {
- goto loser;
- }
-
- entry = (certDBEntryRevocation*)
- PORT_ArenaZAlloc(arena, sizeof(certDBEntryRevocation));
-
- if ( entry == NULL ) {
- goto loser;
- }
-
- /* fill in the dbRevolcation */
- entry->common.arena = arena;
- entry->common.type = crlType;
- entry->common.version = CERT_DB_FILE_VERSION;
- entry->common.flags = flags;
-
-
- entry->derCrl.data = (unsigned char *)PORT_ArenaAlloc(arena, derCrl->len);
- if ( !entry->derCrl.data ) {
- goto loser;
- }
-
- if (url) {
- nnlen = PORT_Strlen(url) + 1;
- entry->url = (char *)PORT_ArenaAlloc(arena, nnlen);
- if ( !entry->url ) {
- goto loser;
- }
- PORT_Memcpy(entry->url, url, nnlen);
- } else {
- entry->url = NULL;
- }
-
-
- entry->derCrl.len = derCrl->len;
- PORT_Memcpy(entry->derCrl.data, derCrl->data, derCrl->len);
-
- return(entry);
-
-loser:
-
- /* allocation error, free arena and return */
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return(0);
-}
-
-
-static SECStatus
-WriteDBCrlEntry(CERTCertDBHandle *handle, certDBEntryRevocation *entry )
-{
- SECItem dbkey;
- PRArenaPool *tmparena = NULL;
- SECItem tmpitem,encodedEntry;
- SECStatus rv;
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- goto loser;
- }
-
- /* get the database key and format it */
- rv = CERT_KeyFromDERCrl(tmparena, &entry->derCrl, &tmpitem);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- rv = EncodeDBCrlEntry(entry, tmparena, &encodedEntry);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- rv = EncodeDBGenericKey(&tmpitem, tmparena, &dbkey, entry->common.type);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- /* now write it to the database */
- rv = WriteDBEntry(handle, &entry->common, &dbkey, &encodedEntry);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- return(SECFailure);
-}
-/*
- * delete a crl entry
- */
-static SECStatus
-DeleteDBCrlEntry(CERTCertDBHandle *handle, SECItem *crlKey,
- certDBEntryType crlType)
-{
- SECItem dbkey;
- PRArenaPool *arena = NULL;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBGenericKey(crlKey, arena, &dbkey, crlType);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = DeleteDBEntry(handle, crlType, &dbkey);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(SECFailure);
-}
-
-/*
- * Read a certificate entry
- */
-static certDBEntryRevocation *
-ReadDBCrlEntry(CERTCertDBHandle *handle, SECItem *certKey,
- certDBEntryType crlType)
-{
- PRArenaPool *arena = NULL;
- PRArenaPool *tmparena = NULL;
- certDBEntryRevocation *entry;
- SECItem dbkey;
- SECItem dbentry;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntryRevocation *)
- PORT_ArenaAlloc(arena, sizeof(certDBEntryRevocation));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- entry->common.arena = arena;
- entry->common.type = crlType;
-
- rv = EncodeDBGenericKey(certKey, tmparena, &dbkey, crlType);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- rv = DecodeDBCrlEntry(entry, &dbentry);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(entry);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-/*
- * destroy a database entry
- */
-static void
-DestroyDBEntry(certDBEntry *entry)
-{
- PRArenaPool *arena = entry->common.arena;
-
- /* Zero out the entry struct, so that any further attempts to use it
- * will cause an exception (e.g. null pointer reference). */
- PORT_Memset(&entry->common, 0, sizeof entry->common);
- PORT_FreeArena(arena, PR_FALSE);
-
- return;
-}
-
-/*
- * Encode a database nickname record
- */
-static SECStatus
-EncodeDBNicknameEntry(certDBEntryNickname *entry, PRArenaPool *arena,
- SECItem *dbitem)
-{
- unsigned char *buf;
-
- /* allocate space for encoded database record, including space
- * for low level header
- */
- dbitem->len = entry->subjectName.len + DB_NICKNAME_ENTRY_HEADER_LEN +
- SEC_DB_ENTRY_HEADER_LEN;
-
- dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
- if ( dbitem->data == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* fill in database record */
- buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
-
- buf[0] = ( entry->subjectName.len >> 8 ) & 0xff;
- buf[1] = entry->subjectName.len & 0xff;
-
- PORT_Memcpy(&buf[DB_NICKNAME_ENTRY_HEADER_LEN], entry->subjectName.data,
- entry->subjectName.len);
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * Encode a database key for a nickname record
- */
-static SECStatus
-EncodeDBNicknameKey(char *nickname, PRArenaPool *arena,
- SECItem *dbkey)
-{
- unsigned int nnlen;
-
- nnlen = PORT_Strlen(nickname) + 1; /* includes null */
-
- /* now get the database key and format it */
- dbkey->len = nnlen + SEC_DB_KEY_HEADER_LEN;
- dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
- if ( dbkey->data == NULL ) {
- goto loser;
- }
- PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], nickname, nnlen);
- dbkey->data[0] = certDBEntryTypeNickname;
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-static SECStatus
-DecodeDBNicknameEntry(certDBEntryNickname *entry, SECItem *dbentry)
-{
- /* is record long enough for header? */
- if ( dbentry->len < DB_NICKNAME_ENTRY_HEADER_LEN ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- /* is database entry correct length? */
- entry->subjectName.len = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
- if (( entry->subjectName.len + DB_NICKNAME_ENTRY_HEADER_LEN ) !=
- dbentry->len ){
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- /* copy the certkey */
- entry->subjectName.data =
- (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
- entry->subjectName.len);
- if ( entry->subjectName.data == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->subjectName.data,
- &dbentry->data[DB_NICKNAME_ENTRY_HEADER_LEN],
- entry->subjectName.len);
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * create a new nickname entry
- */
-static certDBEntryNickname *
-NewDBNicknameEntry(char *nickname, SECItem *subjectName, unsigned int flags)
-{
- PRArenaPool *arena = NULL;
- certDBEntryNickname *entry;
- int nnlen;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntryNickname *)PORT_ArenaAlloc(arena,
- sizeof(certDBEntryNickname));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* init common fields */
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeNickname;
- entry->common.version = CERT_DB_FILE_VERSION;
- entry->common.flags = flags;
-
- /* copy the nickname */
- nnlen = PORT_Strlen(nickname) + 1;
-
- entry->nickname = (char*)PORT_ArenaAlloc(arena, nnlen);
- if ( entry->nickname == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(entry->nickname, nickname, nnlen);
-
- rv = SECITEM_CopyItem(arena, &entry->subjectName, subjectName);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- return(entry);
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-/*
- * delete a nickname entry
- */
-static SECStatus
-DeleteDBNicknameEntry(CERTCertDBHandle *handle, char *nickname)
-{
- PRArenaPool *arena = NULL;
- SECStatus rv;
- SECItem dbkey;
-
- if ( nickname == NULL ) {
- return(SECSuccess);
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBNicknameKey(nickname, arena, &dbkey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = DeleteDBEntry(handle, certDBEntryTypeNickname, &dbkey);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(SECFailure);
-}
-
-/*
- * Read a nickname entry
- */
-static certDBEntryNickname *
-ReadDBNicknameEntry(CERTCertDBHandle *handle, char *nickname)
-{
- PRArenaPool *arena = NULL;
- PRArenaPool *tmparena = NULL;
- certDBEntryNickname *entry;
- SECItem dbkey;
- SECItem dbentry;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntryNickname *)PORT_ArenaAlloc(arena,
- sizeof(certDBEntryNickname));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeNickname;
-
- rv = EncodeDBNicknameKey(nickname, tmparena, &dbkey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- /* is record long enough for header? */
- if ( dbentry.len < DB_NICKNAME_ENTRY_HEADER_LEN ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- rv = DecodeDBNicknameEntry(entry, &dbentry);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(entry);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-/*
- * Encode a nickname entry into byte stream suitable for
- * the database
- */
-static SECStatus
-WriteDBNicknameEntry(CERTCertDBHandle *handle, certDBEntryNickname *entry)
-{
- SECItem dbitem, dbkey;
- PRArenaPool *tmparena = NULL;
- SECStatus rv;
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBNicknameEntry(entry, tmparena, &dbitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = EncodeDBNicknameKey(entry->nickname, tmparena, &dbkey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* now write it to the database */
- rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- return(SECFailure);
-
-}
-
-/*
- * Encode a database smime record
- */
-static SECStatus
-EncodeDBSMimeEntry(certDBEntrySMime *entry, PRArenaPool *arena,
- SECItem *dbitem)
-{
- unsigned char *buf;
-
- /* allocate space for encoded database record, including space
- * for low level header
- */
- dbitem->len = entry->subjectName.len + entry->smimeOptions.len +
- entry->optionsDate.len +
- DB_SMIME_ENTRY_HEADER_LEN + SEC_DB_ENTRY_HEADER_LEN;
-
- dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
- if ( dbitem->data == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* fill in database record */
- buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
-
- buf[0] = ( entry->subjectName.len >> 8 ) & 0xff;
- buf[1] = entry->subjectName.len & 0xff;
- buf[2] = ( entry->smimeOptions.len >> 8 ) & 0xff;
- buf[3] = entry->smimeOptions.len & 0xff;
- buf[4] = ( entry->optionsDate.len >> 8 ) & 0xff;
- buf[5] = entry->optionsDate.len & 0xff;
-
- /* if no smime options, then there should not be an options date either */
- PORT_Assert( ! ( ( entry->smimeOptions.len == 0 ) &&
- ( entry->optionsDate.len != 0 ) ) );
-
- PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN], entry->subjectName.data,
- entry->subjectName.len);
- if ( entry->smimeOptions.len ) {
- PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN+entry->subjectName.len],
- entry->smimeOptions.data,
- entry->smimeOptions.len);
- PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN + entry->subjectName.len +
- entry->smimeOptions.len],
- entry->optionsDate.data,
- entry->optionsDate.len);
- }
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * Encode a database key for a SMIME record
- */
-static SECStatus
-EncodeDBSMimeKey(char *emailAddr, PRArenaPool *arena,
- SECItem *dbkey)
-{
- unsigned int addrlen;
-
- addrlen = PORT_Strlen(emailAddr) + 1; /* includes null */
-
- /* now get the database key and format it */
- dbkey->len = addrlen + SEC_DB_KEY_HEADER_LEN;
- dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
- if ( dbkey->data == NULL ) {
- goto loser;
- }
- PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], emailAddr, addrlen);
- dbkey->data[0] = certDBEntryTypeSMimeProfile;
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * Decode a database SMIME record
- */
-static SECStatus
-DecodeDBSMimeEntry(certDBEntrySMime *entry, SECItem *dbentry, char *emailAddr)
-{
- /* is record long enough for header? */
- if ( dbentry->len < DB_SMIME_ENTRY_HEADER_LEN ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- /* is database entry correct length? */
- entry->subjectName.len = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
- entry->smimeOptions.len = ( ( dbentry->data[2] << 8 ) | dbentry->data[3] );
- entry->optionsDate.len = ( ( dbentry->data[4] << 8 ) | dbentry->data[5] );
- if (( entry->subjectName.len + entry->smimeOptions.len +
- entry->optionsDate.len + DB_SMIME_ENTRY_HEADER_LEN ) != dbentry->len){
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- /* copy the subject name */
- entry->subjectName.data =
- (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
- entry->subjectName.len);
- if ( entry->subjectName.data == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->subjectName.data,
- &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN],
- entry->subjectName.len);
-
- /* copy the smime options */
- if ( entry->smimeOptions.len ) {
- entry->smimeOptions.data =
- (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
- entry->smimeOptions.len);
- if ( entry->smimeOptions.data == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->smimeOptions.data,
- &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN +
- entry->subjectName.len],
- entry->smimeOptions.len);
- }
- if ( entry->optionsDate.len ) {
- entry->optionsDate.data =
- (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
- entry->optionsDate.len);
- if ( entry->optionsDate.data == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->optionsDate.data,
- &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN +
- entry->subjectName.len +
- entry->smimeOptions.len],
- entry->optionsDate.len);
- }
-
- /* both options and options date must either exist or not exist */
- if ( ( ( entry->optionsDate.len == 0 ) ||
- ( entry->smimeOptions.len == 0 ) ) &&
- entry->smimeOptions.len != entry->optionsDate.len ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- entry->emailAddr = (char *)PORT_Alloc(PORT_Strlen(emailAddr)+1);
- if ( entry->emailAddr ) {
- PORT_Strcpy(entry->emailAddr, emailAddr);
- }
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * create a new SMIME entry
- */
-static certDBEntrySMime *
-NewDBSMimeEntry(char *emailAddr, SECItem *subjectName, SECItem *smimeOptions,
- SECItem *optionsDate, unsigned int flags)
-{
- PRArenaPool *arena = NULL;
- certDBEntrySMime *entry;
- int addrlen;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntrySMime *)PORT_ArenaAlloc(arena,
- sizeof(certDBEntrySMime));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* init common fields */
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeSMimeProfile;
- entry->common.version = CERT_DB_FILE_VERSION;
- entry->common.flags = flags;
-
- /* copy the email addr */
- addrlen = PORT_Strlen(emailAddr) + 1;
-
- entry->emailAddr = (char*)PORT_ArenaAlloc(arena, addrlen);
- if ( entry->emailAddr == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(entry->emailAddr, emailAddr, addrlen);
-
- /* copy the subject name */
- rv = SECITEM_CopyItem(arena, &entry->subjectName, subjectName);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* copy the smime options */
- if ( smimeOptions ) {
- rv = SECITEM_CopyItem(arena, &entry->smimeOptions, smimeOptions);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- } else {
- PORT_Assert(optionsDate == NULL);
- entry->smimeOptions.data = NULL;
- entry->smimeOptions.len = 0;
- }
-
- /* copy the options date */
- if ( optionsDate ) {
- rv = SECITEM_CopyItem(arena, &entry->optionsDate, optionsDate);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- } else {
- PORT_Assert(smimeOptions == NULL);
- entry->optionsDate.data = NULL;
- entry->optionsDate.len = 0;
- }
-
- return(entry);
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-/*
- * delete a SMIME entry
- */
-static SECStatus
-DeleteDBSMimeEntry(CERTCertDBHandle *handle, char *emailAddr)
-{
- PRArenaPool *arena = NULL;
- SECStatus rv;
- SECItem dbkey;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBSMimeKey(emailAddr, arena, &dbkey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = DeleteDBEntry(handle, certDBEntryTypeSMimeProfile, &dbkey);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(SECFailure);
-}
-
-/*
- * Read a SMIME entry
- */
-static certDBEntrySMime *
-ReadDBSMimeEntry(CERTCertDBHandle *handle, char *emailAddr)
-{
- PRArenaPool *arena = NULL;
- PRArenaPool *tmparena = NULL;
- certDBEntrySMime *entry;
- SECItem dbkey;
- SECItem dbentry;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntrySMime *)PORT_ArenaAlloc(arena,
- sizeof(certDBEntrySMime));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeSMimeProfile;
-
- rv = EncodeDBSMimeKey(emailAddr, tmparena, &dbkey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- /* is record long enough for header? */
- if ( dbentry.len < DB_SMIME_ENTRY_HEADER_LEN ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- rv = DecodeDBSMimeEntry(entry, &dbentry, emailAddr);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(entry);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-/*
- * Encode a SMIME entry into byte stream suitable for
- * the database
- */
-static SECStatus
-WriteDBSMimeEntry(CERTCertDBHandle *handle, certDBEntrySMime *entry)
-{
- SECItem dbitem, dbkey;
- PRArenaPool *tmparena = NULL;
- SECStatus rv;
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBSMimeEntry(entry, tmparena, &dbitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = EncodeDBSMimeKey(entry->emailAddr, tmparena, &dbkey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* now write it to the database */
- rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- return(SECFailure);
-
-}
-
-/*
- * Encode a database subject record
- */
-static SECStatus
-EncodeDBSubjectEntry(certDBEntrySubject *entry, PRArenaPool *arena,
- SECItem *dbitem)
-{
- unsigned char *buf;
- int len;
- unsigned int ncerts;
- unsigned int i;
- unsigned char *tmpbuf;
- unsigned int nnlen = 0;
- unsigned int eaddrlen = 0;
- int keyidoff;
- SECItem *certKeys;
- SECItem *keyIDs;
-
- if ( entry->nickname ) {
- nnlen = PORT_Strlen(entry->nickname) + 1;
- }
- if ( entry->emailAddr ) {
- eaddrlen = PORT_Strlen(entry->emailAddr) + 1;
- }
-
- ncerts = entry->ncerts;
-
- /* compute the length of the entry */
- keyidoff = DB_SUBJECT_ENTRY_HEADER_LEN + nnlen + eaddrlen;
- len = keyidoff + 4 * ncerts;
- for ( i = 0; i < ncerts; i++ ) {
- len += entry->certKeys[i].len;
- len += entry->keyIDs[i].len;
- }
-
- /* allocate space for encoded database record, including space
- * for low level header
- */
- dbitem->len = len + SEC_DB_ENTRY_HEADER_LEN;
-
- dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
- if ( dbitem->data == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* fill in database record */
- buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
-
- buf[0] = ( ncerts >> 8 ) & 0xff;
- buf[1] = ncerts & 0xff;
- buf[2] = ( nnlen >> 8 ) & 0xff;
- buf[3] = nnlen & 0xff;
- buf[4] = ( eaddrlen >> 8 ) & 0xff;
- buf[5] = eaddrlen & 0xff;
-
- PORT_Memcpy(&buf[DB_SUBJECT_ENTRY_HEADER_LEN], entry->nickname, nnlen);
- PORT_Memcpy(&buf[DB_SUBJECT_ENTRY_HEADER_LEN+nnlen], entry->emailAddr,
- eaddrlen);
-
- for ( i = 0; i < ncerts; i++ ) {
-
- certKeys = entry->certKeys;
- keyIDs = entry->keyIDs;
-
- buf[keyidoff+i*2] = ( certKeys[i].len >> 8 ) & 0xff;
- buf[keyidoff+1+i*2] = certKeys[i].len & 0xff;
- buf[keyidoff+ncerts*2+i*2] = ( keyIDs[i].len >> 8 ) & 0xff;
- buf[keyidoff+1+ncerts*2+i*2] = keyIDs[i].len & 0xff;
- }
-
- /* temp pointer used to stuff certkeys and keyids into the buffer */
- tmpbuf = &buf[keyidoff+ncerts*4];
-
- for ( i = 0; i < ncerts; i++ ) {
- certKeys = entry->certKeys;
- PORT_Memcpy(tmpbuf, certKeys[i].data, certKeys[i].len);
- tmpbuf = tmpbuf + certKeys[i].len;
- }
-
- for ( i = 0; i < ncerts; i++ ) {
- keyIDs = entry->keyIDs;
- PORT_Memcpy(tmpbuf, keyIDs[i].data, keyIDs[i].len);
- tmpbuf = tmpbuf + keyIDs[i].len;
- }
-
- PORT_Assert(tmpbuf == &buf[len]);
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * Encode a database key for a subject record
- */
-static SECStatus
-EncodeDBSubjectKey(SECItem *derSubject, PRArenaPool *arena,
- SECItem *dbkey)
-{
- dbkey->len = derSubject->len + SEC_DB_KEY_HEADER_LEN;
- dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
- if ( dbkey->data == NULL ) {
- goto loser;
- }
- PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], derSubject->data,
- derSubject->len);
- dbkey->data[0] = certDBEntryTypeSubject;
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-static SECStatus
-DecodeDBSubjectEntry(certDBEntrySubject *entry, SECItem *dbentry,
- SECItem *derSubject)
-{
- unsigned int ncerts;
- PRArenaPool *arena;
- unsigned int len, itemlen;
- unsigned char *tmpbuf;
- unsigned int i;
- SECStatus rv;
- unsigned int keyidoff;
- unsigned int nnlen, eaddrlen;
-
- arena = entry->common.arena;
-
- rv = SECITEM_CopyItem(arena, &entry->derSubject, derSubject);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* is record long enough for header? */
- if ( dbentry->len < DB_SUBJECT_ENTRY_HEADER_LEN ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- entry->ncerts = ncerts = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
- nnlen = ( ( dbentry->data[2] << 8 ) | dbentry->data[3] );
- eaddrlen = ( ( dbentry->data[4] << 8 ) | dbentry->data[5] );
- if ( dbentry->len < ( ncerts * 4 + DB_SUBJECT_ENTRY_HEADER_LEN +
- nnlen + eaddrlen) ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- entry->certKeys = (SECItem *)PORT_ArenaAlloc(arena,
- sizeof(SECItem) * ncerts);
- entry->keyIDs = (SECItem *)PORT_ArenaAlloc(arena,
- sizeof(SECItem) * ncerts);
-
- if ( ( entry->certKeys == NULL ) || ( entry->keyIDs == NULL ) ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- if ( nnlen > 1 ) { /* null terminator is stored */
- entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
- if ( entry->nickname == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->nickname,
- &dbentry->data[DB_SUBJECT_ENTRY_HEADER_LEN],
- nnlen);
- } else {
- entry->nickname = NULL;
- }
-
- if ( eaddrlen > 1 ) { /* null terminator is stored */
- entry->emailAddr = (char *)PORT_ArenaAlloc(arena, eaddrlen);
- if ( entry->emailAddr == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->emailAddr,
- &dbentry->data[DB_SUBJECT_ENTRY_HEADER_LEN+nnlen],
- eaddrlen);
- } else {
- entry->emailAddr = NULL;
- }
-
- /* collect the lengths of the certKeys and keyIDs, and total the
- * overall length.
- */
- keyidoff = DB_SUBJECT_ENTRY_HEADER_LEN + nnlen + eaddrlen;
- len = keyidoff + 4 * ncerts;
-
- tmpbuf = &dbentry->data[0];
-
- for ( i = 0; i < ncerts; i++ ) {
-
- itemlen = ( tmpbuf[keyidoff + 2*i] << 8 ) | tmpbuf[keyidoff + 1 + 2*i] ;
- len += itemlen;
- entry->certKeys[i].len = itemlen;
-
- itemlen = ( tmpbuf[keyidoff + 2*ncerts + 2*i] << 8 ) |
- tmpbuf[keyidoff + 1 + 2*ncerts + 2*i] ;
- len += itemlen;
- entry->keyIDs[i].len = itemlen;
- }
-
- /* is database entry correct length? */
- if ( len != dbentry->len ){
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- tmpbuf = &tmpbuf[keyidoff + 4*ncerts];
- for ( i = 0; i < ncerts; i++ ) {
- entry->certKeys[i].data =
- (unsigned char *)PORT_ArenaAlloc(arena, entry->certKeys[i].len);
- if ( entry->certKeys[i].data == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->certKeys[i].data, tmpbuf, entry->certKeys[i].len);
- tmpbuf = &tmpbuf[entry->certKeys[i].len];
- }
-
- for ( i = 0; i < ncerts; i++ ) {
- entry->keyIDs[i].data =
- (unsigned char *)PORT_ArenaAlloc(arena, entry->keyIDs[i].len);
- if ( entry->keyIDs[i].data == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- PORT_Memcpy(entry->keyIDs[i].data, tmpbuf, entry->keyIDs[i].len);
- tmpbuf = &tmpbuf[entry->keyIDs[i].len];
- }
-
- PORT_Assert(tmpbuf == &dbentry->data[dbentry->len]);
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * create a new subject entry with a single cert
- */
-static certDBEntrySubject *
-NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey,
- SECItem *keyID, char *nickname, char *emailAddr,
- unsigned int flags)
-{
- PRArenaPool *arena = NULL;
- certDBEntrySubject *entry;
- SECStatus rv;
- unsigned int nnlen;
- unsigned int eaddrlen;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntrySubject *)PORT_ArenaAlloc(arena,
- sizeof(certDBEntrySubject));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* init common fields */
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeSubject;
- entry->common.version = CERT_DB_FILE_VERSION;
- entry->common.flags = flags;
-
- /* copy the subject */
- rv = SECITEM_CopyItem(arena, &entry->derSubject, derSubject);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- entry->ncerts = 1;
- /* copy nickname */
- if ( nickname && ( *nickname != '\0' ) ) {
- nnlen = PORT_Strlen(nickname) + 1;
- entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
- if ( entry->nickname == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(entry->nickname, nickname, nnlen);
- } else {
- entry->nickname = NULL;
- }
-
- /* copy email addr */
- if ( emailAddr && ( *emailAddr != '\0' ) ) {
- emailAddr = CERT_FixupEmailAddr(emailAddr);
- if ( emailAddr == NULL ) {
- entry->emailAddr = NULL;
- goto loser;
- }
-
- eaddrlen = PORT_Strlen(emailAddr) + 1;
- entry->emailAddr = (char *)PORT_ArenaAlloc(arena, eaddrlen);
- if ( entry->emailAddr == NULL ) {
- PORT_Free(emailAddr);
- goto loser;
- }
-
- PORT_Memcpy(entry->emailAddr, emailAddr, eaddrlen);
- PORT_Free(emailAddr);
- } else {
- entry->emailAddr = NULL;
- }
-
- /* allocate space for certKeys and keyIDs */
- entry->certKeys = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem));
- entry->keyIDs = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem));
- if ( ( entry->certKeys == NULL ) || ( entry->keyIDs == NULL ) ) {
- goto loser;
- }
-
- /* copy the certKey and keyID */
- rv = SECITEM_CopyItem(arena, &entry->certKeys[0], certKey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- rv = SECITEM_CopyItem(arena, &entry->keyIDs[0], keyID);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- return(entry);
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-/*
- * delete a subject entry
- */
-static SECStatus
-DeleteDBSubjectEntry(CERTCertDBHandle *handle, SECItem *derSubject)
-{
- SECItem dbkey;
- PRArenaPool *arena = NULL;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBSubjectKey(derSubject, arena, &dbkey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = DeleteDBEntry(handle, certDBEntryTypeSubject, &dbkey);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(SECFailure);
-}
-
-/*
- * Read the subject entry
- */
-static certDBEntrySubject *
-ReadDBSubjectEntry(CERTCertDBHandle *handle, SECItem *derSubject)
-{
- PRArenaPool *arena = NULL;
- PRArenaPool *tmparena = NULL;
- certDBEntrySubject *entry;
- SECItem dbkey;
- SECItem dbentry;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntrySubject *)PORT_ArenaAlloc(arena,
- sizeof(certDBEntrySubject));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeSubject;
-
- rv = EncodeDBSubjectKey(derSubject, tmparena, &dbkey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- rv = DecodeDBSubjectEntry(entry, &dbentry, derSubject);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(entry);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-/*
- * Encode a subject name entry into byte stream suitable for
- * the database
- */
-static SECStatus
-WriteDBSubjectEntry(CERTCertDBHandle *handle, certDBEntrySubject *entry)
-{
- SECItem dbitem, dbkey;
- PRArenaPool *tmparena = NULL;
- SECStatus rv;
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBSubjectEntry(entry, tmparena, &dbitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = EncodeDBSubjectKey(&entry->derSubject, tmparena, &dbkey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* now write it to the database */
- rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- return(SECFailure);
-
-}
-
-static SECStatus
-UpdateSubjectWithEmailAddr(CERTCertificate *cert, char *emailAddr)
-{
- CERTSubjectList *subjectList;
- PRBool save = PR_FALSE, delold = PR_FALSE;
- certDBEntrySubject *entry;
- SECStatus rv;
-
- emailAddr = CERT_FixupEmailAddr(emailAddr);
- if ( emailAddr == NULL ) {
- return(SECFailure);
- }
-
- subjectList = cert->subjectList;
- PORT_Assert(subjectList != NULL);
-
- if ( subjectList->emailAddr ) {
- if ( PORT_Strcmp(subjectList->emailAddr, emailAddr) != 0 ) {
- save = PR_TRUE;
- delold = PR_TRUE;
- }
- } else {
- save = PR_TRUE;
- }
-
- if ( delold ) {
- /* delete the old smime entry, because this cert now has a new
- * smime entry pointing to it
- */
- PORT_Assert(save);
- PORT_Assert(subjectList->emailAddr != NULL);
- DeleteDBSMimeEntry(cert->dbhandle, subjectList->emailAddr);
- }
-
- if ( save ) {
- unsigned int len;
-
- entry = subjectList->entry;
-
- PORT_Assert(entry != NULL);
- len = PORT_Strlen(emailAddr) + 1;
- entry->emailAddr = (char *)PORT_ArenaAlloc(entry->common.arena, len);
- if ( entry->emailAddr == NULL ) {
- goto loser;
- }
- PORT_Memcpy(entry->emailAddr, emailAddr, len);
-
- /* delete the subject entry */
- DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
-
- /* write the new one */
- rv = WriteDBSubjectEntry(cert->dbhandle, entry);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
-
- PORT_Free(emailAddr);
- return(SECSuccess);
-
-loser:
- PORT_Free(emailAddr);
- return(SECFailure);
-}
-
-/*
- * writes a nickname to an existing subject entry that does not currently
- * have one
- */
-static SECStatus
-AddNicknameToSubject(CERTCertificate *cert, char *nickname)
-{
- CERTSubjectList *subjectList;
- certDBEntrySubject *entry;
- SECStatus rv;
-
- if ( nickname == NULL ) {
- return(SECFailure);
- }
-
- subjectList = cert->subjectList;
- PORT_Assert(subjectList != NULL);
- if ( subjectList == NULL ) {
- goto loser;
- }
-
- entry = subjectList->entry;
- PORT_Assert(entry != NULL);
- if ( entry == NULL ) {
- goto loser;
- }
-
- PORT_Assert(entry->nickname == NULL);
- if ( entry->nickname != NULL ) {
- goto loser;
- }
-
- entry->nickname = (nickname) ? PORT_ArenaStrdup(entry->common.arena, nickname) : NULL;
-
- if ( entry->nickname == NULL ) {
- goto loser;
- }
-
- /* delete the subject entry */
- DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
-
- /* write the new one */
- rv = WriteDBSubjectEntry(cert->dbhandle, entry);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * create a new version entry
- */
-static certDBEntryVersion *
-NewDBVersionEntry(unsigned int flags)
-{
- PRArenaPool *arena = NULL;
- certDBEntryVersion *entry;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntryVersion *)PORT_ArenaAlloc(arena,
- sizeof(certDBEntryVersion));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeVersion;
- entry->common.version = CERT_DB_FILE_VERSION;
- entry->common.flags = flags;
-
- return(entry);
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-/*
- * Read the version entry
- */
-static certDBEntryVersion *
-ReadDBVersionEntry(CERTCertDBHandle *handle)
-{
- PRArenaPool *arena = NULL;
- PRArenaPool *tmparena = NULL;
- certDBEntryVersion *entry;
- SECItem dbkey;
- SECItem dbentry;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntryVersion *)PORT_ArenaAlloc(arena,
- sizeof(certDBEntryVersion));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeVersion;
-
- /* now get the database key and format it */
- dbkey.len = SEC_DB_VERSION_KEY_LEN + SEC_DB_KEY_HEADER_LEN;
- dbkey.data = (unsigned char *)PORT_ArenaAlloc(tmparena, dbkey.len);
- if ( dbkey.data == NULL ) {
- goto loser;
- }
- PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], SEC_DB_VERSION_KEY,
- SEC_DB_VERSION_KEY_LEN);
-
- ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(entry);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-
-/*
- * Encode a version entry into byte stream suitable for
- * the database
- */
-static SECStatus
-WriteDBVersionEntry(CERTCertDBHandle *handle, certDBEntryVersion *entry)
-{
- SECItem dbitem, dbkey;
- PRArenaPool *tmparena = NULL;
- SECStatus rv;
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- goto loser;
- }
-
- /* allocate space for encoded database record, including space
- * for low level header
- */
- dbitem.len = SEC_DB_ENTRY_HEADER_LEN;
-
- dbitem.data = (unsigned char *)PORT_ArenaAlloc(tmparena, dbitem.len);
- if ( dbitem.data == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* now get the database key and format it */
- dbkey.len = SEC_DB_VERSION_KEY_LEN + SEC_DB_KEY_HEADER_LEN;
- dbkey.data = (unsigned char *)PORT_ArenaAlloc(tmparena, dbkey.len);
- if ( dbkey.data == NULL ) {
- goto loser;
- }
- PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], SEC_DB_VERSION_KEY,
- SEC_DB_VERSION_KEY_LEN);
-
- /* now write it to the database */
- rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- return(SECFailure);
-}
-
-/*
- * create a new version entry
- */
-static certDBEntryContentVersion *
-NewDBContentVersionEntry(unsigned int flags)
-{
- PRArenaPool *arena = NULL;
- certDBEntryContentVersion *entry;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntryContentVersion *)
- PORT_ArenaAlloc(arena, sizeof(certDBEntryContentVersion));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeContentVersion;
- entry->common.version = CERT_DB_FILE_VERSION;
- entry->common.flags = flags;
-
- entry->contentVersion = CERT_DB_CONTENT_VERSION;
-
- return(entry);
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-/*
- * Read the version entry
- */
-static certDBEntryContentVersion *
-ReadDBContentVersionEntry(CERTCertDBHandle *handle)
-{
- PRArenaPool *arena = NULL;
- PRArenaPool *tmparena = NULL;
- certDBEntryContentVersion *entry;
- SECItem dbkey;
- SECItem dbentry;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- entry = (certDBEntryContentVersion *)
- PORT_ArenaAlloc(arena, sizeof(certDBEntryContentVersion));
- if ( entry == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- entry->common.arena = arena;
- entry->common.type = certDBEntryTypeContentVersion;
-
- /* now get the database key and format it */
- dbkey.len = SEC_DB_CONTENT_VERSION_KEY_LEN + SEC_DB_KEY_HEADER_LEN;
- dbkey.data = (unsigned char *)PORT_ArenaAlloc(tmparena, dbkey.len);
- if ( dbkey.data == NULL ) {
- goto loser;
- }
- PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], SEC_DB_CONTENT_VERSION_KEY,
- SEC_DB_CONTENT_VERSION_KEY_LEN);
-
- dbentry.len = 0;
- dbentry.data = NULL;
-
- ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
-
- if ( dbentry.len != 1 ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- entry->contentVersion = dbentry.data[0];
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(entry);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-/*
- * Encode a version entry into byte stream suitable for
- * the database
- */
-static SECStatus
-WriteDBContentVersionEntry(CERTCertDBHandle *handle,
- certDBEntryContentVersion *entry)
-{
- SECItem dbitem, dbkey;
- PRArenaPool *tmparena = NULL;
- SECStatus rv;
-
- tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( tmparena == NULL ) {
- goto loser;
- }
-
- /* allocate space for encoded database record, including space
- * for low level header
- */
- dbitem.len = SEC_DB_ENTRY_HEADER_LEN + 1;
-
- dbitem.data = (unsigned char *)PORT_ArenaAlloc(tmparena, dbitem.len);
- if ( dbitem.data == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- dbitem.data[SEC_DB_ENTRY_HEADER_LEN] = entry->contentVersion;
-
- /* now get the database key and format it */
- dbkey.len = SEC_DB_CONTENT_VERSION_KEY_LEN + SEC_DB_KEY_HEADER_LEN;
- dbkey.data = (unsigned char *)PORT_ArenaAlloc(tmparena, dbkey.len);
- if ( dbkey.data == NULL ) {
- goto loser;
- }
- PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], SEC_DB_CONTENT_VERSION_KEY,
- SEC_DB_CONTENT_VERSION_KEY_LEN);
-
- /* now write it to the database */
- rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- PORT_FreeArena(tmparena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( tmparena ) {
- PORT_FreeArena(tmparena, PR_FALSE);
- }
- return(SECFailure);
-}
-
-/*
- * delete a content version entry
- */
-static SECStatus
-DeleteDBContentVersionEntry(CERTCertDBHandle *handle)
-{
- SECItem dbkey;
- PRArenaPool *arena = NULL;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- /* now get the database key and format it */
- dbkey.len = SEC_DB_CONTENT_VERSION_KEY_LEN + SEC_DB_KEY_HEADER_LEN;
- dbkey.data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey.len);
- if ( dbkey.data == NULL ) {
- goto loser;
- }
- PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], SEC_DB_CONTENT_VERSION_KEY,
- SEC_DB_CONTENT_VERSION_KEY_LEN);
-
- rv = DeleteDBEntry(handle, certDBEntryTypeContentVersion, &dbkey);
- if ( rv == SECFailure ) {
- goto loser;
- }
-
- PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(SECFailure);
-}
-
-/*
- * Routines and datastructures to manage the list of certificates for a
- * particular subject name.
- */
-
-/*
- * Create a new certificate subject list. If entry exists, then populate
- * the list with the entries from the permanent database.
- */
-static CERTSubjectList *
-NewSubjectList(certDBEntrySubject *entry)
-{
- PRArenaPool *permarena;
- unsigned int i;
- CERTSubjectList *subjectList;
- CERTSubjectNode *node;
- SECStatus rv;
-
- permarena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( permarena == NULL ) {
- goto loser;
- }
- subjectList = (CERTSubjectList *)PORT_ArenaAlloc(permarena,
- sizeof(CERTSubjectList));
- if ( subjectList == NULL ) {
- goto loser;
- }
-
- subjectList->arena = permarena;
- subjectList->ncerts = 0;
- subjectList->head = NULL;
- subjectList->tail = NULL;
- subjectList->entry = entry;
- subjectList->emailAddr = NULL;
- if ( entry ) {
-
- /* initialize the list with certs from database entry */
- for ( i = 0; i < entry->ncerts; i++ ) {
- /* Init the node */
- node = (CERTSubjectNode *)PORT_ArenaAlloc(permarena,
- sizeof(CERTSubjectNode));
- if ( node == NULL ) {
- goto loser;
- }
-
- /* copy certKey and keyID to node */
- rv = SECITEM_CopyItem(permarena, &node->certKey,
- &entry->certKeys[i]);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- rv = SECITEM_CopyItem(permarena, &node->keyID,
- &entry->keyIDs[i]);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* the certs are already in order, so just add them
- * to the tail.
- */
- node->next = NULL;
- if ( subjectList->tail == NULL ) {
- /* first in list */
- subjectList->head = node;
- subjectList->tail = node;
- node->prev = NULL;
- } else {
- /* add to end of list */
- node->prev = subjectList->tail;
- subjectList->tail = node;
- node->prev->next = node;
- }
- subjectList->ncerts++;
- }
- }
-
- return(subjectList);
-
-loser:
- PORT_FreeArena(permarena, PR_FALSE);
- return(NULL);
-}
-
-/*
- * Find the Subject entry in the temp database. It it is not in the
- * temp database, then get it from the perm DB. It its not there either,
- * then create a new one.
- */
-static CERTSubjectList *
-FindSubjectList(CERTCertDBHandle *handle, SECItem *subject, PRBool create)
-{
- PRArenaPool *arena = NULL;
- SECItem keyitem;
- SECStatus rv;
- DBT namekey;
- DBT tmpdata;
- int ret;
- CERTSubjectList *subjectList = NULL;
- certDBEntrySubject *entry;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBSubjectKey(subject, arena, &keyitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- namekey.data = keyitem.data;
- namekey.size = keyitem.len;
-
- /* lookup in the temporary database */
- ret = certdb_Get(handle->tempCertDB, &namekey, &tmpdata, 0);
-
- /* error accessing the database */
- if ( ret < 0 ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- if ( ret == 0 ) { /* found in temp database */
- if ( tmpdata.size != sizeof(CERTCertificate *) ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- /* copy pointer out of database */
- PORT_Memcpy(&subjectList, tmpdata.data, tmpdata.size);
- } else { /* not found in temporary database */
- entry = ReadDBSubjectEntry(handle, subject);
- if ( entry || create ) {
- /* decode or create new subject list */
- subjectList = NewSubjectList(entry);
-
- /* put it in the temp database */
- if ( subjectList ) {
- tmpdata.data = (unsigned char *)(&subjectList);
- tmpdata.size = sizeof(subjectList);
- ret = certdb_Put(handle->tempCertDB, &namekey,
- &tmpdata, R_NOOVERWRITE);
- if ( ret ) {
- goto loser;
- }
- }
- } else {
- PORT_SetError(SEC_ERROR_UNKNOWN_CERT);
- goto loser;
- }
- }
-
- goto done;
-
-loser:
- subjectList = NULL;
-
-done:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(subjectList);
-}
-
-/*
- * Add a temp cert to the temp subject list
- */
-static SECStatus
-AddTempCertToSubjectList(CERTCertificate *cert)
-{
- CERTSubjectList *subjectList;
- CERTSubjectNode *node, *newnode;
- CERTCertificate *cmpcert;
- PRBool newer;
- SECStatus rv;
-
- PORT_Assert(cert->isperm == PR_FALSE);
- PORT_Assert(cert->subjectList == NULL);
-
- subjectList = FindSubjectList(cert->dbhandle, &cert->derSubject, PR_TRUE);
-
- if ( subjectList == NULL ) {
- goto loser;
- }
-
- newnode = (CERTSubjectNode*)PORT_ArenaAlloc(subjectList->arena,
- sizeof(CERTSubjectNode));
- /* copy certKey and keyID to node */
- rv = SECITEM_CopyItem(subjectList->arena, &newnode->certKey,
- &cert->certKey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- rv = SECITEM_CopyItem(subjectList->arena, &newnode->keyID,
- &cert->subjectKeyID);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- node = subjectList->head;
-
- if ( node ) {
- /* list is not empty */
- while ( node ) {
- cmpcert = CERT_FindCertByKeyNoLocking(cert->dbhandle,
- &node->certKey);
- if ( cmpcert ) {
-
- newer = CERT_IsNewer(cert, cmpcert);
- CERT_DestroyCertificateNoLocking(cmpcert);
- if ( newer ) {
- /* insert before this cert */
- newnode->next = node;
- newnode->prev = node->prev;
- if ( newnode->prev ) {
- newnode->prev->next = newnode;
- } else {
- /* at the head of the list */
- subjectList->head = newnode;
- }
- node->prev = newnode;
- goto done;
- }
- }
- node = node->next;
- }
- /* if we get here, we add the node to the end of the list */
- newnode->prev = subjectList->tail;
- newnode->next = NULL;
- subjectList->tail->next = newnode;
- subjectList->tail = newnode;
- } else {
- /* this is a new/empty list */
- newnode->next = NULL;
- newnode->prev = NULL;
- subjectList->head = newnode;
- subjectList->tail = newnode;
- }
-
-done:
- subjectList->ncerts++;
- cert->subjectList = subjectList;
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * Find the node in a subjectList that belongs a cert
- */
-static CERTSubjectNode *
-FindCertSubjectNode(CERTCertificate *cert)
-{
- CERTSubjectList *subjectList;
- CERTSubjectNode *node = NULL;
-
- PORT_Assert(cert->subjectList);
-
- subjectList = cert->subjectList;
-
- if ( subjectList ) {
- node = subjectList->head;
- }
-
- while ( node ) {
- if ( SECITEM_CompareItem(&node->certKey, &cert->certKey) == SECEqual ){
- return(node);
- break;
- }
-
- node = node->next;
- }
-
- return(NULL);
-}
-
-/*
- * Remove a temp cert from the temp subject list
- */
-static SECStatus
-RemoveTempCertFromSubjectList(CERTCertificate *cert)
-{
- CERTSubjectList *subjectList;
- CERTSubjectNode *node;
- SECItem keyitem;
- DBT namekey;
- SECStatus rv;
- int ret;
- CERTCertDBHandle *handle;
-
- PORT_Assert(cert->subjectList);
-
- /* don't remove perm certs */
- if ( cert->isperm ) {
- return(SECSuccess);
- }
-
- subjectList = cert->subjectList;
-
- node = FindCertSubjectNode(cert);
-
- if ( node ) {
- /* found it, unlink it */
- if ( node->next ) {
- node->next->prev = node->prev;
- } else {
- /* removing from tail of list */
- subjectList->tail = node->prev;
- }
- if ( node->prev ) {
- node->prev->next = node->next;
- } else {
- /* removing from head of list */
- subjectList->head = node->next;
- }
-
- subjectList->ncerts--;
-
- /* dont need to free the node, because it is from subjectList
- * arena.
- */
-
- /* remove reference from cert */
- cert->subjectList = NULL;
-
- /* if the list is now empty, remove the list from the db and free it */
- if ( subjectList->head == NULL ) {
- PORT_Assert(subjectList->ncerts == 0);
- rv = EncodeDBSubjectKey(&cert->derSubject, subjectList->arena,
- &keyitem);
- if ( rv == SECSuccess ) {
- namekey.data = keyitem.data;
- namekey.size = keyitem.len;
-
- handle = cert->dbhandle;
-
- ret = certdb_Del(handle->tempCertDB, &namekey, 0);
- /* keep going if it fails */
-
- if ( cert->dbnickname ) {
- rv = SEC_DeleteTempNickname(handle, cert->dbnickname);
- } else if ( cert->nickname ) {
- rv = SEC_DeleteTempNickname(handle, cert->nickname);
- }
-
- /* keep going if it fails */
- }
-
- PORT_FreeArena(subjectList->arena, PR_FALSE);
- }
- }
-
- PORT_Assert(cert->subjectList == NULL);
-
- if ( cert->subjectList != NULL ) {
- return(SECFailure);
- }
-
- return(SECSuccess);
-}
-
-/*
- * cert is no longer a perm cert, but will remain a temp cert
- */
-static SECStatus
-RemovePermSubjectNode(CERTCertificate *cert)
-{
- CERTSubjectList *subjectList;
- certDBEntrySubject *entry;
- unsigned int i;
- SECStatus rv;
-
- PORT_Assert(cert->isperm);
- if ( !cert->isperm ) {
- return(SECFailure);
- }
-
- subjectList = cert->subjectList;
- PORT_Assert(subjectList);
- if ( subjectList == NULL ) {
- return(SECFailure);
- }
- entry = subjectList->entry;
- PORT_Assert(entry);
- if ( entry == NULL ) {
- return(SECFailure);
- }
-
- PORT_Assert(entry->ncerts);
- rv = SECFailure;
-
- if ( entry->ncerts > 1 ) {
- for ( i = 0; i < entry->ncerts; i++ ) {
- if ( SECITEM_CompareItem(&entry->certKeys[i], &cert->certKey) ==
- SECEqual ) {
- /* copy rest of list forward one entry */
- for ( i = i + 1; i < entry->ncerts; i++ ) {
- entry->certKeys[i-1] = entry->certKeys[i];
- entry->keyIDs[i-1] = entry->keyIDs[i];
- }
- entry->ncerts--;
- DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
- rv = WriteDBSubjectEntry(cert->dbhandle, entry);
- break;
- }
- }
- } else {
- /* no entries left, delete the perm entry in the DB */
- if ( subjectList->entry->emailAddr ) {
- /* if the subject had an email record, then delete it too */
- DeleteDBSMimeEntry(cert->dbhandle, subjectList->entry->emailAddr);
- }
-
- DestroyDBEntry((certDBEntry *)subjectList->entry);
- subjectList->entry = NULL;
- DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
- }
-
- return(rv);
-}
-
-/*
- * add a cert to the perm subject list
- */
-static SECStatus
-AddPermSubjectNode(CERTCertificate *cert, char *nickname)
-{
- CERTSubjectList *subjectList;
- certDBEntrySubject *entry;
- SECItem *newCertKeys, *newKeyIDs;
- int i;
- SECStatus rv;
- CERTCertificate *cmpcert;
- unsigned int nnlen;
- int ncerts;
-
- subjectList = cert->subjectList;
-
- PORT_Assert(subjectList);
- if ( subjectList == NULL ) {
- return(SECFailure);
- }
-
- entry = subjectList->entry;
-
- if ( entry ) {
- ncerts = entry->ncerts;
-
- if ( nickname && entry->nickname ) {
- /* nicknames must be the same */
- PORT_Assert(PORT_Strcmp(nickname, entry->nickname) == 0);
- }
-
- if ( ( entry->nickname == NULL ) && ( nickname != NULL ) ) {
- /* copy nickname into the entry */
- nnlen = PORT_Strlen(nickname) + 1;
- entry->nickname = (char *)PORT_ArenaAlloc(entry->common.arena,
- nnlen);
- if ( entry->nickname == NULL ) {
- return(SECFailure);
- }
- PORT_Memcpy(entry->nickname, nickname, nnlen);
- }
-
- /* a DB entry already exists, so add this cert */
- newCertKeys = (SECItem *)PORT_ArenaAlloc(entry->common.arena,
- sizeof(SECItem) *
- ( ncerts + 1 ) );
- newKeyIDs = (SECItem *)PORT_ArenaAlloc(entry->common.arena,
- sizeof(SECItem) *
- ( ncerts + 1 ) );
-
- if ( ( newCertKeys == NULL ) || ( newKeyIDs == NULL ) ) {
- return(SECFailure);
- }
-
- for ( i = 0; i < ncerts; i++ ) {
- cmpcert = CERT_FindCertByKeyNoLocking(cert->dbhandle,
- &entry->certKeys[i]);
- PORT_Assert(cmpcert);
-
- if ( CERT_IsNewer(cert, cmpcert) ) {
- /* insert before cmpcert */
- rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[i],
- &cert->certKey);
- if ( rv != SECSuccess ) {
- return(SECFailure);
- }
- rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[i],
- &cert->subjectKeyID);
- if ( rv != SECSuccess ) {
- return(SECFailure);
- }
- /* copy the rest of the entry */
- for ( ; i < ncerts; i++ ) {
- newCertKeys[i+1] = entry->certKeys[i];
- newKeyIDs[i+1] = entry->keyIDs[i];
- }
-
- /* update certKeys and keyIDs */
- entry->certKeys = newCertKeys;
- entry->keyIDs = newKeyIDs;
-
- /* increment count */
- entry->ncerts++;
- break;
- }
- /* copy this cert entry */
- newCertKeys[i] = entry->certKeys[i];
- newKeyIDs[i] = entry->keyIDs[i];
- }
-
- if ( entry->ncerts == ncerts ) {
- /* insert new one at end */
- rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[ncerts],
- &cert->certKey);
- if ( rv != SECSuccess ) {
- return(SECFailure);
- }
- rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[ncerts],
- &cert->subjectKeyID);
- if ( rv != SECSuccess ) {
- return(SECFailure);
- }
-
- /* update certKeys and keyIDs */
- entry->certKeys = newCertKeys;
- entry->keyIDs = newKeyIDs;
-
- /* increment count */
- entry->ncerts++;
- }
- } else {
- /* need to make a new DB entry */
- entry = NewDBSubjectEntry(&cert->derSubject, &cert->certKey,
- &cert->subjectKeyID, nickname,
- NULL, 0);
- cert->subjectList->entry = entry;
- }
- if ( entry ) {
- DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
- rv = WriteDBSubjectEntry(cert->dbhandle, entry);
- } else {
- rv = SECFailure;
- }
-
- return(rv);
-}
-
-
-
-SECStatus
-CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle, SECItem *derSubject,
- CERTCertCallback cb, void *cbarg)
-{
- certDBEntrySubject *entry;
- int i;
- CERTCertificate *cert;
- SECStatus rv = SECSuccess;
-
- entry = ReadDBSubjectEntry(handle, derSubject);
-
- if ( entry == NULL ) {
- return(SECFailure);
- }
-
- for( i = 0; i < entry->ncerts; i++ ) {
- cert = CERT_FindCertByKey(handle, &entry->certKeys[i]);
- rv = (* cb)(cert, cbarg);
- CERT_DestroyCertificate(cert);
- if ( rv == SECFailure ) {
- break;
- }
- }
-
- DestroyDBEntry((certDBEntry *)entry);
-
- return(rv);
-}
-
-int
-CERT_NumPermCertsForSubject(CERTCertDBHandle *handle, SECItem *derSubject)
-{
- certDBEntrySubject *entry;
- int ret;
-
- entry = ReadDBSubjectEntry(handle, derSubject);
-
- if ( entry == NULL ) {
- return(SECFailure);
- }
-
- ret = entry->ncerts;
-
- DestroyDBEntry((certDBEntry *)entry);
-
- return(ret);
-}
-
-SECStatus
-CERT_TraversePermCertsForNickname(CERTCertDBHandle *handle, char *nickname,
- CERTCertCallback cb, void *cbarg)
-{
- certDBEntryNickname *nnentry = NULL;
- certDBEntrySMime *smentry = NULL;
- SECStatus rv;
- SECItem *derSubject = NULL;
-
- nnentry = ReadDBNicknameEntry(handle, nickname);
- if ( nnentry ) {
- derSubject = &nnentry->subjectName;
- } else {
- smentry = ReadDBSMimeEntry(handle, nickname);
- if ( smentry ) {
- derSubject = &smentry->subjectName;
- }
- }
-
- if ( derSubject ) {
- rv = CERT_TraversePermCertsForSubject(handle, derSubject,
- cb, cbarg);
- } else {
- rv = SECFailure;
- }
-
- if ( nnentry ) {
- DestroyDBEntry((certDBEntry *)nnentry);
- }
- if ( smentry ) {
- DestroyDBEntry((certDBEntry *)smentry);
- }
-
- return(rv);
-}
-
-int
-CERT_NumPermCertsForNickname(CERTCertDBHandle *handle, char *nickname)
-{
- certDBEntryNickname *entry;
- int ret;
-
- entry = ReadDBNicknameEntry(handle, nickname);
-
- if ( entry ) {
- ret = CERT_NumPermCertsForSubject(handle, &entry->subjectName);
- DestroyDBEntry((certDBEntry *)entry);
- } else {
- ret = 0;
- }
- return(ret);
-}
-
-int
-CERT_NumCertsForCertSubject(CERTCertificate *cert)
-{
- int ret = 0;
-
- if ( cert->subjectList ) {
- ret = cert->subjectList->ncerts;
- }
- return(ret);
-}
-
-int
-CERT_NumPermCertsForCertSubject(CERTCertificate *cert)
-{
- int ret = 0;
-
- if ( cert->subjectList ) {
- if ( cert->subjectList->entry ) {
- ret = cert->subjectList->entry->ncerts;
- }
- }
- return(ret);
-}
-
-SECStatus
-CERT_TraverseCertsForSubject(CERTCertDBHandle *handle,
- CERTSubjectList *subjectList,
- CERTCertCallback cb, void *cbarg)
-{
- CERTSubjectNode *node;
- CERTCertificate *cert;
- SECStatus rv = SECSuccess;
-
- CERT_LockDB(handle);
-
- node = subjectList->head;
- while ( node ) {
-
- cert = CERT_FindCertByKeyNoLocking(handle, &node->certKey);
-
- PORT_Assert(cert != NULL);
-
- if ( cert != NULL ) {
- rv = (* cb)(cert, cbarg);
- CERT_DestroyCertificateNoLocking(cert);
- if ( rv == SECFailure ) {
- break;
- }
- }
-
- node = node->next;
- }
-
- CERT_UnlockDB(handle);
-
- return(rv);
-}
-
-
-/*
- * Given a cert, find the cert with the same subject name that
- * has the given key usage. If the given cert has the correct keyUsage, then
- * return it, otherwise search the list in order.
- */
-CERTCertificate *
-CERT_FindCertByUsage(CERTCertificate *basecert, unsigned int requiredKeyUsage)
-{
- CERTSubjectNode *node;
- CERTCertificate *cert;
- CERTSubjectList *subjectList;
-
- if ( ( basecert->keyUsage & requiredKeyUsage ) == requiredKeyUsage ) {
- return(CERT_DupCertificate(basecert));
- }
-
- CERT_LockDB(basecert->dbhandle);
-
- subjectList = basecert->subjectList;
-
- node = subjectList->head;
- while ( node ) {
-
- cert = CERT_FindCertByKeyNoLocking(basecert->dbhandle, &node->certKey);
-
- PORT_Assert(cert != NULL);
-
- if ( cert != NULL ) {
- if ( ( cert->keyUsage & requiredKeyUsage ) ==
- requiredKeyUsage ) {
- CERT_UnlockDB(basecert->dbhandle);
- return(cert);
- }
-
- CERT_DestroyCertificateNoLocking(cert);
- }
-
- node = node->next;
- }
-
- CERT_UnlockDB(basecert->dbhandle);
-
- return(NULL);
-}
-
-
-/*
- * add a nickname to a cert that doesn't have one
- */
-static SECStatus
-AddNicknameToPermCert(CERTCertificate *cert, char *nickname)
-{
- certDBEntryCert *entry;
- int rv;
-
- PORT_Assert(cert->isperm);
- if ( !cert->isperm ) {
- goto loser;
- }
-
- entry = cert->dbEntry;
- PORT_Assert(entry != NULL);
- if ( entry == NULL ) {
- goto loser;
- }
-
- entry->nickname = PORT_ArenaStrdup(entry->common.arena, nickname);
-
- rv = WriteDBCertEntry(cert->dbhandle, entry);
- if ( rv ) {
- goto loser;
- }
-
- cert->nickname = PORT_ArenaStrdup(cert->arena, nickname);
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * add a nickname to a cert that is already in the perm database, but doesn't
- * have one yet (it is probably an e-mail cert).
- */
-SECStatus
-CERT_AddPermNickname(CERTCertificate *cert, char *nickname)
-{
- SECStatus rv;
-
- CERT_LockDB(cert->dbhandle);
-
- PORT_Assert(cert->nickname == NULL);
- PORT_Assert(cert->isperm);
- PORT_Assert(cert->subjectList != NULL);
- PORT_Assert(cert->subjectList->entry != NULL);
-
- if ( cert->nickname != NULL ) {
- goto done;
- }
-
- if ( cert->subjectList == NULL ) {
- goto loser;
- }
-
- if ( cert->subjectList->entry == NULL ) {
- goto loser;
- }
-
- if ( cert->subjectList->entry->nickname == NULL ) {
- /* no nickname for subject */
- rv = AddNicknameToSubject(cert, nickname);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- rv = AddNicknameToPermCert(cert, nickname);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- rv = SEC_AddTempNickname(cert->dbhandle, nickname,
- &cert->derSubject);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- } else {
- /* subject already has a nickname */
- rv = AddNicknameToPermCert(cert, cert->subjectList->entry->nickname);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
-
-done:
- CERT_UnlockDB(cert->dbhandle);
- return(SECSuccess);
-loser:
- CERT_UnlockDB(cert->dbhandle);
- return(SECFailure);
-}
-
-static certDBEntryCert *
-AddCertToPermDB(CERTCertDBHandle *handle, CERTCertificate *cert,
- char *nickname, CERTCertTrust *trust)
-{
- certDBEntryCert *certEntry = NULL;
- certDBEntryNickname *nicknameEntry = NULL;
- certDBEntrySubject *subjectEntry = NULL;
- int state = 0;
- SECStatus rv;
- PRBool donnentry = PR_FALSE;
-
- if ( nickname ) {
- donnentry = PR_TRUE;
- }
-
- if ( cert->subjectList != NULL ) {
- if ( cert->subjectList->entry != NULL ) {
- if ( cert->subjectList->entry->ncerts > 0 ) {
- /* of other certs with same subject exist, then they already
- * have a nickname, so don't add a new one.
- */
- donnentry = PR_FALSE;
- nickname = cert->subjectList->entry->nickname;
- }
- }
- }
-
- certEntry = NewDBCertEntry(&cert->derCert, nickname, trust, 0);
- if ( certEntry == NULL ) {
- goto loser;
- }
-
- if ( donnentry ) {
- nicknameEntry = NewDBNicknameEntry(nickname, &cert->derSubject, 0);
- if ( nicknameEntry == NULL ) {
- goto loser;
- }
- }
-
- rv = WriteDBCertEntry(handle, certEntry);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- state = 1;
-
- if ( nicknameEntry ) {
- rv = WriteDBNicknameEntry(handle, nicknameEntry);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
-
- state = 2;
-
- /* add to or create new subject entry */
- if ( cert->subjectList ) {
- rv = AddPermSubjectNode(cert, nickname);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- } else {
- /* make a new subject entry - this case is only used when updating
- * an old version of the database. This is OK because the oldnickname
- * db format didn't allow multiple certs with the same subject.
- */
- subjectEntry = NewDBSubjectEntry(&cert->derSubject, &cert->certKey,
- &cert->subjectKeyID, nickname,
- NULL, 0);
- if ( subjectEntry == NULL ) {
- goto loser;
- }
- rv = WriteDBSubjectEntry(handle, subjectEntry);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
-
- state = 3;
-
- if ( nicknameEntry ) {
- DestroyDBEntry((certDBEntry *)nicknameEntry);
- }
-
- if ( subjectEntry ) {
- DestroyDBEntry((certDBEntry *)subjectEntry);
- }
-
- return(certEntry);
-
-loser:
- /* don't leave partial entry in the database */
- if ( state > 0 ) {
- rv = DeleteDBCertEntry(handle, &cert->certKey);
- }
- if ( ( state > 1 ) && donnentry ) {
- rv = DeleteDBNicknameEntry(handle, nickname);
- }
- if ( state > 2 ) {
- rv = DeleteDBSubjectEntry(handle, &cert->derSubject);
- }
- if ( certEntry ) {
- DestroyDBEntry((certDBEntry *)certEntry);
- }
- if ( nicknameEntry ) {
- DestroyDBEntry((certDBEntry *)nicknameEntry);
- }
- if ( subjectEntry ) {
- DestroyDBEntry((certDBEntry *)subjectEntry);
- }
-
- return(NULL);
-}
-
-/*
- * NOTE - Version 6 DB did not go out to the real world in a release,
- * so we can remove this function in a later release.
- */
-static SECStatus
-UpdateV6DB(CERTCertDBHandle *handle, DB *updatedb)
-{
- int ret;
- DBT key, data;
- unsigned char *buf, *tmpbuf = NULL;
- certDBEntryType type;
- certDBEntryNickname *nnEntry = NULL;
- certDBEntrySubject *subjectEntry = NULL;
- certDBEntrySMime *emailEntry = NULL;
- char *nickname;
- char *emailAddr;
- SECStatus rv;
-
- /*
- * Sequence through the old database and copy all of the entries
- * to the new database. Subject name entries will have the new
- * fields inserted into them (with zero length).
- */
- ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST);
- if ( ret ) {
- return(SECFailure);
- }
-
- do {
- buf = (unsigned char *)data.data;
-
- if ( data.size >= 3 ) {
- if ( buf[0] == 6 ) { /* version number */
- type = (certDBEntryType)buf[1];
- if ( type == certDBEntryTypeSubject ) {
- /* expando subjecto entrieo */
- tmpbuf = (unsigned char *)PORT_Alloc(data.size + 4);
- if ( tmpbuf ) {
- /* copy header stuff */
- PORT_Memcpy(tmpbuf, buf, SEC_DB_ENTRY_HEADER_LEN + 2);
- /* insert 4 more bytes of zero'd header */
- PORT_Memset(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 2],
- 0, 4);
- /* copy rest of the data */
- PORT_Memcpy(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 6],
- &buf[SEC_DB_ENTRY_HEADER_LEN + 2],
- data.size - (SEC_DB_ENTRY_HEADER_LEN + 2));
-
- data.data = (void *)tmpbuf;
- data.size += 4;
- buf = tmpbuf;
- }
- } else if ( type == certDBEntryTypeCert ) {
- /* expando certo entrieo */
- tmpbuf = (unsigned char *)PORT_Alloc(data.size + 3);
- if ( tmpbuf ) {
- /* copy header stuff */
- PORT_Memcpy(tmpbuf, buf, SEC_DB_ENTRY_HEADER_LEN);
-
- /* copy trust flage, setting msb's to 0 */
- tmpbuf[SEC_DB_ENTRY_HEADER_LEN] = 0;
- tmpbuf[SEC_DB_ENTRY_HEADER_LEN+1] =
- buf[SEC_DB_ENTRY_HEADER_LEN];
- tmpbuf[SEC_DB_ENTRY_HEADER_LEN+2] = 0;
- tmpbuf[SEC_DB_ENTRY_HEADER_LEN+3] =
- buf[SEC_DB_ENTRY_HEADER_LEN+1];
- tmpbuf[SEC_DB_ENTRY_HEADER_LEN+4] = 0;
- tmpbuf[SEC_DB_ENTRY_HEADER_LEN+5] =
- buf[SEC_DB_ENTRY_HEADER_LEN+2];
-
- /* copy rest of the data */
- PORT_Memcpy(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 6],
- &buf[SEC_DB_ENTRY_HEADER_LEN + 3],
- data.size - (SEC_DB_ENTRY_HEADER_LEN + 3));
-
- data.data = (void *)tmpbuf;
- data.size += 3;
- buf = tmpbuf;
- }
-
- }
-
- /* update the record version number */
- buf[0] = CERT_DB_FILE_VERSION;
-
- /* copy to the new database */
- ret = certdb_Put(handle->permCertDB, &key, &data, 0);
- if ( tmpbuf ) {
- PORT_Free(tmpbuf);
- tmpbuf = NULL;
- }
- }
- }
- } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 );
-
- ret = certdb_Sync(handle->permCertDB, 0);
-
- ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST);
- if ( ret ) {
- return(SECFailure);
- }
-
- do {
- buf = (unsigned char *)data.data;
-
- if ( data.size >= 3 ) {
- if ( buf[0] == CERT_DB_FILE_VERSION ) { /* version number */
- type = (certDBEntryType)buf[1];
- if ( type == certDBEntryTypeNickname ) {
- nickname = &((char *)key.data)[1];
-
- /* get the matching nickname entry in the new DB */
- nnEntry = ReadDBNicknameEntry(handle, nickname);
- if ( nnEntry == NULL ) {
- goto endloop;
- }
-
- /* find the subject entry pointed to by nickname */
- subjectEntry = ReadDBSubjectEntry(handle,
- &nnEntry->subjectName);
- if ( subjectEntry == NULL ) {
- goto endloop;
- }
-
- subjectEntry->nickname =
- (char *)PORT_ArenaAlloc(subjectEntry->common.arena,
- key.size - 1);
- if ( subjectEntry->nickname ) {
- PORT_Memcpy(subjectEntry->nickname, nickname,
- key.size - 1);
- rv = WriteDBSubjectEntry(handle, subjectEntry);
- }
- } else if ( type == certDBEntryTypeSMimeProfile ) {
- emailAddr = &((char *)key.data)[1];
-
- /* get the matching smime entry in the new DB */
- emailEntry = ReadDBSMimeEntry(handle, emailAddr);
- if ( emailEntry == NULL ) {
- goto endloop;
- }
-
- /* find the subject entry pointed to by nickname */
- subjectEntry = ReadDBSubjectEntry(handle,
- &emailEntry->subjectName);
- if ( subjectEntry == NULL ) {
- goto endloop;
- }
-
- subjectEntry->nickname =
- (char *)PORT_ArenaAlloc(subjectEntry->common.arena,
- key.size - 1);
- if ( subjectEntry->emailAddr ) {
- PORT_Memcpy(subjectEntry->emailAddr, emailAddr,
- key.size - 1);
- rv = WriteDBSubjectEntry(handle, subjectEntry);
- }
- }
-
-endloop:
- if ( subjectEntry ) {
- DestroyDBEntry((certDBEntry *)subjectEntry);
- subjectEntry = NULL;
- }
- if ( nnEntry ) {
- DestroyDBEntry((certDBEntry *)nnEntry);
- nnEntry = NULL;
- }
- if ( emailEntry ) {
- DestroyDBEntry((certDBEntry *)emailEntry);
- emailEntry = NULL;
- }
- }
- }
- } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 );
-
- ret = certdb_Sync(handle->permCertDB, 0);
-
- (* updatedb->close)(updatedb);
- return(SECSuccess);
-}
-
-
-static SECStatus
-updateV5Callback(CERTCertificate *cert, SECItem *k, void *pdata)
-{
- CERTCertDBHandle *handle;
- certDBEntryCert *entry;
- CERTCertTrust *trust;
-
- handle = (CERTCertDBHandle *)pdata;
- trust = &cert->dbEntry->trust;
-
- /* SSL user certs can be used for email if they have an email addr */
- if ( cert->emailAddr && ( trust->sslFlags & CERTDB_USER ) &&
- ( trust->emailFlags == 0 ) ) {
- trust->emailFlags = CERTDB_USER;
- }
-
- entry = AddCertToPermDB(handle, cert, cert->dbEntry->nickname,
- &cert->dbEntry->trust);
- if ( entry ) {
- DestroyDBEntry((certDBEntry *)entry);
- }
-
- return(SECSuccess);
-}
-
-static SECStatus
-UpdateV5DB(CERTCertDBHandle *handle, DB *updatedb)
-{
- CERTCertDBHandle updatehandle;
- SECStatus rv;
-
- updatehandle.permCertDB = updatedb;
- updatehandle.dbMon = PR_NewMonitor();
-
- rv = SEC_TraversePermCerts(&updatehandle, updateV5Callback,
- (void *)handle);
-
- PR_DestroyMonitor(updatehandle.dbMon);
-
- return(rv);
-}
-
-static SECStatus
-UpdateV4DB(CERTCertDBHandle *handle, DB *updatedb)
-{
- DBT key, data;
- certDBEntryCert *entry, *entry2;
- SECItem derSubject;
- int ret;
- PRArenaPool *arena = NULL;
- CERTCertificate *cert;
-
- ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST);
-
- if ( ret ) {
- return(SECFailure);
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- return(SECFailure);
- }
-
- do {
- if ( data.size != 1 ) { /* skip version number */
-
- /* decode the old DB entry */
- entry = (certDBEntryCert *)DecodeV4DBCertEntry((unsigned char*)data.data, data.size);
- derSubject.data = NULL;
-
- if ( entry ) {
- cert = CERT_DecodeDERCertificate(&entry->derCert, PR_TRUE,
- entry->nickname);
-
- if ( cert != NULL ) {
- /* add to new database */
- entry2 = AddCertToPermDB(handle, cert, entry->nickname,
- &entry->trust);
-
- CERT_DestroyCertificate(cert);
- if ( entry2 ) {
- DestroyDBEntry((certDBEntry *)entry2);
- }
- }
- DestroyDBEntry((certDBEntry *)entry);
- }
- }
- } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 );
-
- PORT_FreeArena(arena, PR_FALSE);
- (* updatedb->close)(updatedb);
- return(SECSuccess);
-}
-
-/*
- * return true if a database key conflict exists
- */
-PRBool
-SEC_CertDBKeyConflict(SECItem *derCert, CERTCertDBHandle *handle)
-{
- SECStatus rv;
- DBT tmpdata;
- DBT namekey;
- int ret;
- SECItem keyitem;
- PRArenaPool *arena = NULL;
- SECItem derKey;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- /* get the db key of the cert */
- rv = CERT_KeyFromDERCert(arena, derCert, &derKey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = EncodeDBCertKey(&derKey, arena, &keyitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- namekey.data = keyitem.data;
- namekey.size = keyitem.len;
-
- /* lookup in the temporary database */
- ret = certdb_Get(handle->tempCertDB, &namekey, &tmpdata, 0);
-
- if ( ret == 0 ) { /* found in temp database */
- goto loser;
- } else { /* not found in temporary database */
- ret = certdb_Get(handle->permCertDB, &namekey, &tmpdata, 0);
- if ( ret == 0 ) {
- goto loser;
- }
- }
-
- PORT_FreeArena(arena, PR_FALSE);
-
- return(PR_FALSE);
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(PR_TRUE);
-}
-
-#ifdef NOTDEF
-/*
- * return true if a subject name conflict exists
- * NOTE: caller must have already made sure that this exact cert
- * doesn't exist in the DB
- */
-PRBool
-SEC_CertSubjectConflict(SECItem *derCert, CERTCertDBHandle *handle)
-{
- SECStatus rv;
- DBT tmpdata;
- DBT namekey;
- int ret;
- SECItem keyitem;
- PRArenaPool *arena = NULL;
- SECItem derName;
-
- derName.data = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- /* get the subject name of the cert */
- rv = CERT_NameFromDERCert(derCert, &derName);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = EncodeDBSubjectKey(&derName, arena, &keyitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- namekey.data = keyitem.data;
- namekey.size = keyitem.len;
-
- /* lookup in the temporary database */
- ret = certdb_Get(handle->tempCertDB, &namekey, &tmpdata, 0);
-
- if ( ret == 0 ) { /* found in temp database */
- return(PR_TRUE);
- } else { /* not found in temporary database */
- ret = certdb_Get(handle->permCertDB, &namekey, &tmpdata, 0);
- if ( ret == 0 ) {
- return(PR_TRUE);
- }
- }
-
- PORT_FreeArena(arena, PR_FALSE);
- PORT_Free(derName.data);
-
- return(PR_FALSE);
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- if ( derName.data ) {
- PORT_Free(derName.data);
- }
-
- return(PR_TRUE);
-}
-#endif
-
-/*
- * return true if a nickname conflict exists
- * NOTE: caller must have already made sure that this exact cert
- * doesn't exist in the DB
- */
-PRBool
-SEC_CertNicknameConflict(char *nickname, SECItem *derSubject,
- CERTCertDBHandle *handle)
-{
- PRBool rv;
- certDBEntryNickname *entry;
-
- if ( nickname == NULL ) {
- return(PR_FALSE);
- }
-
- entry = ReadDBNicknameEntry(handle, nickname);
-
- if ( entry == NULL ) {
- /* no entry for this nickname, so no conflict */
- return(PR_FALSE);
- }
-
- rv = PR_TRUE;
- if ( SECITEM_CompareItem(derSubject, &entry->subjectName) == SECEqual ) {
- /* if subject names are the same, then no conflict */
- rv = PR_FALSE;
- }
-
- DestroyDBEntry((certDBEntry *)entry);
- return(rv);
-}
-
-/*
- * Open the certificate database and index databases. Create them if
- * they are not there or bad.
- */
-SECStatus
-SEC_OpenPermCertDB(CERTCertDBHandle *handle, PRBool readOnly,
- CERTDBNameFunc namecb, void *cbarg)
-{
- SECStatus rv;
- int openflags;
- certDBEntryVersion *versionEntry = NULL;
- DB *updatedb = NULL;
- char *tmpname;
- char *certdbname;
- PRBool updated = PR_FALSE;
- PRBool forceUpdate = PR_FALSE;
-
- certdbname = (* namecb)(cbarg, CERT_DB_FILE_VERSION);
- if ( certdbname == NULL ) {
- return(SECFailure);
- }
-
- if ( readOnly ) {
- openflags = O_RDONLY;
- } else {
- openflags = O_RDWR;
- }
-
- /*
- * first open the permanent file based database.
- */
- handle->permCertDB = dbopen( certdbname, openflags, 0600, DB_HASH, 0 );
-
- /* check for correct version number */
- if ( handle->permCertDB ) {
- versionEntry = ReadDBVersionEntry(handle);
-
- if ( versionEntry == NULL ) {
- /* no version number */
- certdb_Close(handle->permCertDB);
- handle->permCertDB = 0;
- } else if ( versionEntry->common.version != CERT_DB_FILE_VERSION ) {
- /* wrong version number, can't update in place */
- DestroyDBEntry((certDBEntry *)versionEntry);
- return(SECFailure);
- }
-
- }
-
-
- /* if first open fails, try to create a new DB */
- if ( handle->permCertDB == NULL ) {
-
- /* don't create if readonly */
- if ( readOnly ) {
- goto loser;
- }
-
- handle->permCertDB = dbopen(certdbname,
- O_RDWR | O_CREAT | O_TRUNC,
- 0600, DB_HASH, 0);
-
- /* if create fails then we lose */
- if ( handle->permCertDB == 0 ) {
- goto loser;
- }
-
- versionEntry = NewDBVersionEntry(0);
- if ( versionEntry == NULL ) {
- goto loser;
- }
-
- rv = WriteDBVersionEntry(handle, versionEntry);
-
- DestroyDBEntry((certDBEntry *)versionEntry);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* try to upgrade old db here */
- tmpname = (* namecb)(cbarg, 6); /* get v6 db name */
- if ( tmpname ) {
- updatedb = dbopen( tmpname, O_RDONLY, 0600, DB_HASH, 0 );
- PORT_Free(tmpname);
- if ( updatedb ) {
- rv = UpdateV6DB(handle, updatedb);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- updated = PR_TRUE;
- } else { /* no v6 db, so try v5 db */
- tmpname = (* namecb)(cbarg, 5); /* get v5 db name */
- if ( tmpname ) {
- updatedb = dbopen( tmpname, O_RDONLY, 0600, DB_HASH, 0 );
- PORT_Free(tmpname);
- if ( updatedb ) {
- rv = UpdateV5DB(handle, updatedb);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- updated = PR_TRUE;
- } else { /* no v5 db, so try v4 db */
- /* try to upgrade v4 db */
- tmpname = (* namecb)(cbarg, 4); /* get v4 db name */
- if ( tmpname ) {
- updatedb = dbopen( tmpname, O_RDONLY, 0600,
- DB_HASH, 0 );
- PORT_Free(tmpname);
- if ( updatedb ) {
- rv = UpdateV4DB(handle, updatedb);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- forceUpdate = PR_TRUE;
- updated = PR_TRUE;
- }
- }
- }
- }
- }
- }
-
- /* initialize the database with our well known certificates
- * or in the case of update, just fall down to CERT_AddNewCerts()
- * below.
- * Note - if we are updating a really old database, then we try
- * to push all of the certs into it.
- */
- if ( ( !updated ) || forceUpdate ) {
- rv = CERT_InitCertDB(handle);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
- }
-
- rv = CERT_AddNewCerts(handle);
-
- return (SECSuccess);
-
-loser:
-
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
-
- if ( handle->permCertDB ) {
- certdb_Close(handle->permCertDB);
- handle->permCertDB = 0;
- }
-
- return(SECFailure);
-}
-
-/*
- * delete all DB records associated with a particular certificate
- */
-static SECStatus
-DeletePermCert(CERTCertificate *cert)
-{
- SECStatus rv;
- SECStatus ret;
-
- ret = SECSuccess;
-
- rv = DeleteDBCertEntry(cert->dbhandle, &cert->certKey);
- if ( rv != SECSuccess ) {
- ret = SECFailure;
- }
-
- if ( cert->nickname ) {
- rv = DeleteDBNicknameEntry(cert->dbhandle, cert->nickname);
- if ( rv != SECSuccess ) {
- ret = SECFailure;
- }
- }
-
- rv = RemovePermSubjectNode(cert);
-
- return(ret);
-}
-
-/*
- * Delete a certificate from the permanent database.
- */
-SECStatus
-SEC_DeletePermCertificate(CERTCertificate *cert)
-{
- SECStatus rv;
-
- if ( !cert->isperm ) {
- return(SECSuccess);
- }
- CERT_LockDB(cert->dbhandle);
- /* delete the records from the permanent database */
- rv = DeletePermCert(cert);
-
- /* no longer permanent */
- cert->isperm = PR_FALSE;
-
- /* get rid of dbcert and stuff pointing to it */
- DestroyDBEntry((certDBEntry *)cert->dbEntry);
- cert->dbEntry = NULL;
- cert->trust = NULL;
-
- /* delete it from the temporary database too. It will remain in
- * memory until all references go away.
- */
- if (cert->slot) {
- /* If it's owned by a PKCS #11 slot, don't deleted if from the temp DB just
- * yet... rv inherited from DeletePermCert (as if anyone checks the return
- * code from this function anyway. */
- CERT_DestroyCertificateNoLocking(cert);
- rv = SECSuccess;
- } else {
- rv = CERT_DeleteTempCertificate(cert);
- }
-
- CERT_UnlockDB(cert->dbhandle);
- return(rv);
-}
-
-/*
- * Lookup a certificate in the databases.
- */
-certDBEntryCert *
-SEC_FindPermCertByKey(CERTCertDBHandle *handle, SECItem *key)
-{
- return(ReadDBCertEntry(handle, key));
-}
-
-/*
- * Lookup a certificate in the database by name
- */
-certDBEntryCert *
-SEC_FindPermCertByName(CERTCertDBHandle *handle, SECItem *derSubject)
-{
- certDBEntrySubject *subjectEntry;
- certDBEntryCert *certEntry;
-
- subjectEntry = ReadDBSubjectEntry(handle, derSubject);
-
- if ( subjectEntry == NULL ) {
- goto loser;
- }
-
- certEntry = ReadDBCertEntry(handle, &subjectEntry->certKeys[0]);
- DestroyDBEntry((certDBEntry *)subjectEntry);
-
- return(certEntry);
-
-loser:
- return(NULL);
-}
-
-/*
- * Lookup a certificate in the database by nickname
- */
-certDBEntryCert *
-SEC_FindPermCertByNickname(CERTCertDBHandle *handle, char *nickname)
-{
- certDBEntryNickname *nicknameEntry;
- certDBEntryCert *certEntry;
-
- nicknameEntry = ReadDBNicknameEntry(handle, nickname);
-
- if ( nicknameEntry == NULL ) {
- goto loser;
- }
-
- certEntry = SEC_FindPermCertByName(handle, &nicknameEntry->subjectName);
- DestroyDBEntry((certDBEntry *)nicknameEntry);
-
- return(certEntry);
-
-loser:
- return(NULL);
-}
-
-/*
- * Traverse all of the entries in the database of a particular type
- * call the given function for each one.
- */
-SECStatus
-SEC_TraverseDBEntries(CERTCertDBHandle *handle,
- certDBEntryType type,
- SECStatus (* callback)(SECItem *data, SECItem *key,
- certDBEntryType type, void *pdata),
- void *udata )
-{
- DBT data;
- DBT key;
- SECStatus rv;
- int ret;
- SECItem dataitem;
- SECItem keyitem;
- unsigned char *buf;
- unsigned char *keybuf;
-
- ret = certdb_Seq(handle->permCertDB, &key, &data, R_FIRST);
-
- if ( ret ) {
- return(SECFailure);
- }
-
- do {
- buf = (unsigned char *)data.data;
-
- if ( buf[1] == (unsigned char)type ) {
- dataitem.len = data.size;
- dataitem.data = buf;
- dataitem.type = siBuffer;
- keyitem.len = key.size - SEC_DB_KEY_HEADER_LEN;
- keybuf = (unsigned char *)key.data;
- keyitem.data = &keybuf[SEC_DB_KEY_HEADER_LEN];
- keyitem.type = siBuffer;
-
- rv = (* callback)(&dataitem, &keyitem, type, udata);
- if ( rv != SECSuccess ) {
- return(rv);
- }
- }
- } while ( certdb_Seq(handle->permCertDB, &key, &data, R_NEXT) == 0 );
-
- return(SECSuccess);
-}
-
-typedef struct {
- PermCertCallback certfunc;
- CERTCertDBHandle *handle;
- void *data;
-} PermCertCallbackState;
-
-/*
- * traversal callback to decode certs and call callers callback
- */
-static SECStatus
-certcallback(SECItem *dbdata, SECItem *dbkey, certDBEntryType type, void *data)
-{
- PermCertCallbackState *mystate;
- SECStatus rv;
- certDBEntryCert entry;
- SECItem entryitem;
- CERTCertificate *cert;
- PRArenaPool *arena = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- mystate = (PermCertCallbackState *)data;
- entry.common.version = (unsigned int)dbdata->data[0];
- entry.common.type = (certDBEntryType)dbdata->data[1];
- entry.common.flags = (unsigned int)dbdata->data[2];
- entry.common.arena = arena;
-
- entryitem.len = dbdata->len - SEC_DB_ENTRY_HEADER_LEN;
- entryitem.data = &dbdata->data[SEC_DB_ENTRY_HEADER_LEN];
-
- rv = DecodeDBCertEntry(&entry, &entryitem);
- if (rv != SECSuccess ) {
- goto loser;
- }
- entry.derCert.type = siBuffer;
-
- cert = CERT_DecodeDERCertificate(&entry.derCert, PR_FALSE,
- entry.nickname);
- cert->dbEntry = &entry;
- cert->trust = &entry.trust;
- cert->dbhandle = mystate->handle;
-
- if ( CERT_IsCACert(cert, NULL) ||
- (( cert->trust->sslFlags & CERTDB_VALID_CA ) ||
- ( cert->trust->emailFlags & CERTDB_VALID_CA ) ||
- ( cert->trust->objectSigningFlags & CERTDB_VALID_CA)) ) {
- cert->nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
- }
-
- rv = (* mystate->certfunc)(cert, dbkey, mystate->data);
-
- /* arena destroyed by SEC_DestroyCert */
- CERT_DestroyCertificateNoLocking(cert);
-
- return(rv);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return(SECFailure);
-}
-
-/*
- * Traverse all of the certificates in the permanent database and
- * call the given function for each one; expect the caller to have lock.
- */
-static SECStatus
-TraversePermCertsNoLocking(CERTCertDBHandle *handle,
- SECStatus (* certfunc)(CERTCertificate *cert,
- SECItem *k,
- void *pdata),
- void *udata )
-{
- SECStatus rv;
- PermCertCallbackState mystate;
-
- mystate.certfunc = certfunc;
- mystate.handle = handle;
- mystate.data = udata;
- rv = SEC_TraverseDBEntries(handle, certDBEntryTypeCert, certcallback,
- (void *)&mystate);
-
- return(rv);
-}
-
-/*
- * Traverse all of the certificates in the permanent database and
- * call the given function for each one.
- */
-SECStatus
-SEC_TraversePermCerts(CERTCertDBHandle *handle,
- SECStatus (* certfunc)(CERTCertificate *cert, SECItem *k,
- void *pdata),
- void *udata )
-{
- SECStatus rv;
-
- CERT_LockDB(handle);
- rv = TraversePermCertsNoLocking(handle, certfunc, udata);
- CERT_UnlockDB(handle);
-
- return(rv);
-}
-
-
-
-/*
- * Close the database
- */
-void
-CERT_ClosePermCertDB(CERTCertDBHandle *handle)
-{
- if ( handle ) {
- if ( handle->permCertDB ) {
- if ( handle->statusConfig ) {
- PORT_Assert(handle->statusConfig->statusDestroy != NULL);
- (void) (* handle->statusConfig->statusDestroy)(handle->statusConfig);
- handle->statusConfig = NULL; /* Destroy frees the structure */
- PORT_Assert(handle->statusConfig == NULL);
- }
- certdb_Close( handle->permCertDB );
- handle->permCertDB = 0;
- }
- }
- return;
-}
-
-/*
- * Get the trust attributes from a certificate
- */
-SECStatus
-CERT_GetCertTrust(CERTCertificate *cert, CERTCertTrust *trust)
-{
- SECStatus rv;
-
- CERT_LockCertTrust(cert);
-
- if ( cert->trust == NULL ) {
- rv = SECFailure;
- } else {
- *trust = *cert->trust;
- rv = SECSuccess;
- }
-
- CERT_UnlockCertTrust(cert);
- return(rv);
-}
-
-/*
- * Change the trust attributes of a certificate and make them permanent
- * in the database.
- */
-SECStatus
-CERT_ChangeCertTrust(CERTCertDBHandle *handle, CERTCertificate *cert,
- CERTCertTrust *trust)
-{
- certDBEntryCert *entry;
- int rv;
- SECStatus ret;
-
- CERT_LockDB(handle);
- CERT_LockCertTrust(cert);
- /* only set the trust on permanent certs */
- if ( cert->trust == NULL ) {
- ret = SECFailure;
- goto done;
- }
-
- *cert->trust = *trust;
- if ( cert->dbEntry == NULL ) {
- ret = SECSuccess; /* not in permanent database */
- goto done;
- }
-
- entry = cert->dbEntry;
- entry->trust = *trust;
-
- rv = WriteDBCertEntry(handle, entry);
- if ( rv ) {
- ret = SECFailure;
- goto done;
- }
-
- ret = SECSuccess;
-
-done:
- CERT_UnlockCertTrust(cert);
- CERT_UnlockDB(handle);
- return(ret);
-}
-
-
-SECStatus
-CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
- CERTCertTrust *trust)
-{
- char *oldnn;
- certDBEntryCert *entry;
- SECStatus rv;
- PRBool conflict;
- SECStatus ret;
-
- PORT_Assert(cert->dbhandle);
-
- CERT_LockDB(cert->dbhandle);
-
- PORT_Assert(cert->istemp);
- PORT_Assert(!cert->isperm);
- PORT_Assert(!cert->dbEntry);
-
- /* don't add a conflicting nickname */
- conflict = SEC_CertNicknameConflict(nickname, &cert->derSubject,
- cert->dbhandle);
- if ( conflict ) {
- ret = SECFailure;
- goto done;
- }
-
- /* save old nickname so that we can delete it */
- oldnn = cert->nickname;
-
- entry = AddCertToPermDB(cert->dbhandle, cert, nickname, trust);
-
- if ( entry == NULL ) {
- ret = SECFailure;
- goto done;
- }
-
- cert->nickname = (entry->nickname) ? PORT_ArenaStrdup(cert->arena,entry->nickname) : NULL;
- cert->trust = &entry->trust;
- cert->isperm = PR_TRUE;
- cert->dbEntry = entry;
-
- if ( nickname && oldnn && ( PORT_Strcmp(nickname, oldnn) != 0 ) ) {
- /* only delete the old one if they are not the same */
- /* delete old nickname from temp database */
- rv = SEC_DeleteTempNickname(cert->dbhandle, oldnn);
- if ( rv != SECSuccess ) {
- /* do we care?? */
- }
- }
- /* add new nickname to temp database */
- if ( cert->nickname ) {
- rv = SEC_AddTempNickname(cert->dbhandle, cert->nickname,
- &cert->derSubject);
- if ( rv != SECSuccess ) {
- ret = SECFailure;
- goto done;
- }
- }
-
- ret = SECSuccess;
-done:
- CERT_UnlockDB(cert->dbhandle);
- return(ret);
-}
-
-/*
- * Open the certificate database and index databases. Create them if
- * they are not there or bad.
- */
-SECStatus
-CERT_OpenCertDB(CERTCertDBHandle *handle, PRBool readOnly,
- CERTDBNameFunc namecb, void *cbarg)
-{
- int rv;
-
- certdb_InitDBLock();
-
- handle->dbMon = PR_NewMonitor();
- PORT_Assert(handle->dbMon != NULL);
-
- handle->spkDigestInfo = NULL;
- handle->statusConfig = NULL;
-
- /*
- * Open the memory resident decoded cert database.
- */
- handle->tempCertDB = dbopen( 0, O_RDWR | O_CREAT, 0600, DB_HASH, 0 );
- if ( !handle->tempCertDB ) {
- goto loser;
- }
-
- rv = SEC_OpenPermCertDB(handle, readOnly, namecb, cbarg);
- if ( rv ) {
- goto loser;
- }
-
- return (SECSuccess);
-
-loser:
-
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
-
- if ( handle->tempCertDB ) {
- certdb_Close(handle->tempCertDB);
- handle->tempCertDB = 0;
- }
-
- return(SECFailure);
-}
-
-static char *
-certDBFilenameCallback(void *arg, int dbVersion)
-{
- return((char *)arg);
-}
-
-SECStatus
-CERT_OpenCertDBFilename(CERTCertDBHandle *handle, char *certdbname,
- PRBool readOnly)
-{
- return(CERT_OpenCertDB(handle, readOnly, certDBFilenameCallback,
- (void *)certdbname));
-}
-
-/*
- * Add a nickname to the temp database
- */
-SECStatus
-SEC_AddTempNickname(CERTCertDBHandle *handle, char *nickname,
- SECItem *subjectName)
-{
- DBT namekey;
- int ret;
- SECItem nameitem;
- SECStatus rv;
- DBT keydata;
- PRArenaPool *arena = NULL;
- SECItem tmpitem;
-
- PORT_Assert(nickname != NULL);
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- rv = EncodeDBNicknameKey(nickname, arena, &nameitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- namekey.data = nameitem.data;
- namekey.size = nameitem.len;
-
- /* see if an entry already exists */
- ret = certdb_Get(handle->tempCertDB, &namekey, &keydata, 0);
-
- if ( ret == 0 ) {
- /* found in temp database */
- tmpitem.data = (unsigned char*)keydata.data;
- tmpitem.len = keydata.size;
-
- if ( SECITEM_CompareItem(subjectName, &tmpitem) == SECEqual ) {
- /* same subject name */
- goto done;
- } else {
- /* different subject name is an error */
- goto loser;
- }
- }
-
- keydata.data = subjectName->data;
- keydata.size = subjectName->len;
-
- /* put into temp byname index */
- ret = certdb_Put(handle->tempCertDB, &namekey, &keydata, R_NOOVERWRITE);
-
- if ( ret ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
-done:
- PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return(SECFailure);
-}
-
-SECStatus
-SEC_DeleteTempNickname(CERTCertDBHandle *handle, char *nickname)
-{
- DBT namekey;
- SECStatus rv;
- PRArenaPool *arena = NULL;
- SECItem nameitem;
- int ret;
-
- PORT_Assert(nickname != NULL);
- if ( nickname == NULL ) {
- return(SECSuccess);
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* format a database key based on the nickname */
- if ( nickname ) {
- rv = EncodeDBNicknameKey(nickname, arena, &nameitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- namekey.data = nameitem.data;
- namekey.size = nameitem.len;
-
- ret = certdb_Del(handle->tempCertDB, &namekey, 0);
- if ( ret ) {
- goto loser;
- }
- }
-
- PORT_FreeArena(arena, PR_FALSE);
-
- return(SECSuccess);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return(SECFailure);
-}
-
-/*
- * Decode a certificate and enter it into the temporary certificate database.
- * Deal with nicknames correctly
- *
- * nickname is only used if isperm == PR_TRUE
- *
- * This is the private entry point, and locking is optional
- */
-static CERTCertificate *
-NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, char *nickname,
- PRBool isperm, PRBool copyDER, PRBool lockdb)
-
-{
- DBT key;
- DBT data;
- int status;
- CERTCertificate *cert = NULL;
- PRBool promoteError = PR_TRUE;
- PRArenaPool *arena = NULL;
- SECItem keyitem;
- SECStatus rv;
-
- if ( isperm == PR_FALSE ) {
- cert = CERT_FindCertByDERCert(handle, derCert);
- if ( cert ) {
- return(cert);
- }
-
- nickname = NULL;
- }
-
- if ( lockdb ) {
- CERT_LockDB(handle);
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- cert = CERT_DecodeDERCertificate(derCert, copyDER, nickname );
-
- if ( cert == NULL ) {
- /* We want to save the decoding error here */
- promoteError = PR_FALSE;
- goto loser;
- }
-
- cert->dbhandle = handle;
-
- /* only save pointer to cert in database */
- data.data = &cert;
- data.size = sizeof(cert);
-
- /* if this is a perm cert, then it is already in the subject db */
- if ( isperm == PR_FALSE ) {
- /* enter into the subject index */
- rv = AddTempCertToSubjectList(cert);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- /*
- * Since it's not a perm cert, add it to the key hash lookup; if it
- * is permanent it will either already be there or will get put there
- * later along with the rest of the perm certs. A failure of the
- * addition does not seem to warrant failing this whole function,
- * so we intentionally ignore the returned status.
- */
- (void) AddCertToSPKDigestTable(handle, cert);
- } else {
- cert->subjectList = FindSubjectList(cert->dbhandle, &cert->derSubject,
- PR_FALSE);
- }
-
- rv = EncodeDBCertKey(&cert->certKey, arena, &keyitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- key.data = keyitem.data;
- key.size = keyitem.len;
-
- /* enter into main db */
- status = certdb_Put(handle->tempCertDB, &key, &data, R_NOOVERWRITE);
- if ( status ) {
- goto loser;
- }
-
- if ( cert->nickname ) {
- status = SEC_AddTempNickname(handle, cert->nickname,
- &cert->derSubject);
- if ( status ) {
- promoteError = PR_FALSE;
- goto loser;
- }
- }
-
- cert->isperm = isperm;
- cert->istemp = PR_TRUE;
-
- PORT_FreeArena(arena, PR_FALSE);
-
- if ( lockdb ) {
- CERT_UnlockDB(handle);
- }
-
- return(cert);
-
-loser:
- if ( cert ) {
- CERT_DestroyCertificateNoLocking(cert);
- }
-
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- if ( promoteError ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- }
-
- if ( lockdb ) {
- CERT_UnlockDB(handle);
- }
-
- return(0);
-}
-
-/*
- * Decode a certificate and enter it into the temporary certificate database.
- * Deal with nicknames correctly
- *
- * nickname is only used if isperm == PR_TRUE
- *
- * This is the public entry point and does locking.
- */
-CERTCertificate *
-CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
- char *nickname, PRBool isperm, PRBool copyDER)
-{
- return( NewTempCertificate(handle, derCert, nickname, isperm, copyDER,
- PR_TRUE) );
-}
-
-/*
- * Decode a permanent certificate and enter it into the temporary certificate
- * database.
- */
-static CERTCertificate *
-SEC_AddPermCertToTemp(CERTCertDBHandle *handle, certDBEntryCert *entry)
-{
- CERTCertificate *cert;
-
- /* we already hold the lock */
- cert = NewTempCertificate(handle, &entry->derCert, entry->nickname,
- PR_TRUE, PR_TRUE, PR_FALSE);
- if ( !cert ) {
- return(0);
- }
-
- cert->dbEntry = entry;
-
- cert->trust = &entry->trust;
-
- return(cert);
-}
-
-SECStatus
-CERT_DeleteTempCertificate(CERTCertificate *cert)
-{
- SECStatus rv;
- DBT nameKey;
- CERTCertDBHandle *handle;
- SECItem keyitem;
- PRArenaPool *arena;
- int ret;
-
- handle = cert->dbhandle;
-
- if ( !cert->istemp ) {
- return(SECSuccess);
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- if (cert->slot) {
- PK11_FreeSlot(cert->slot);
- cert->slot = NULL;
- cert->pkcs11ID = CK_INVALID_KEY;
- }
-
- /* delete from subject list (also takes care of nickname) */
- rv = RemoveTempCertFromSubjectList(cert);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- if ( !cert->isperm ) {
- /*
- * Remove the cert from the subject public key digest table,
- * though we do not care if the removal fails (perhaps meaning
- * the cert wasn't even there).
- */
- (void) RemoveCertFromSPKDigestTable(handle, cert);
- }
-
- rv = EncodeDBCertKey(&cert->certKey, arena, &keyitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- nameKey.data = keyitem.data;
- nameKey.size = keyitem.len;
- /* delete the cert */
- ret = certdb_Del(handle->tempCertDB, &nameKey, 0);
- if ( ret ) {
- goto loser;
- }
-
- cert->istemp = PR_FALSE;
-
- PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(SECFailure);
-}
-
-/*
- * Lookup a certificate in the databases.
- */
-static CERTCertificate *
-FindCertByKey(CERTCertDBHandle *handle, SECItem *certKey, PRBool lockdb)
-{
- DBT tmpdata;
- int ret;
- SECItem keyitem;
- DBT key;
- SECStatus rv;
- CERTCertificate *cert = NULL;
- PRArenaPool *arena = NULL;
- certDBEntryCert *entry;
- PRBool locked = PR_FALSE;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBCertKey(certKey, arena, &keyitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- key.data = keyitem.data;
- key.size = keyitem.len;
-
- if ( lockdb ) {
- locked = PR_TRUE;
- CERT_LockDB(handle);
- }
-
- /* lookup in the temporary database */
- ret = certdb_Get( handle->tempCertDB, &key, &tmpdata, 0 );
-
- /* error accessing the database */
- if ( ret < 0 ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- if ( ret == 0 ) { /* found in temp database */
- if ( tmpdata.size != sizeof(CERTCertificate *) ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- PORT_Memcpy(&cert, tmpdata.data, tmpdata.size);
- CERT_LockCertRefCount(cert);
- cert->referenceCount++;
- CERT_UnlockCertRefCount(cert);
- }
- if ( ret != 0 ) {
- /* not found in temporary database */
-
- /* find in perm database */
- entry = SEC_FindPermCertByKey(handle, certKey);
-
- if ( entry == NULL ) {
- goto loser;
- }
-
- cert = SEC_AddPermCertToTemp(handle, entry);
- }
-
-loser:
- if ( locked ) {
- CERT_UnlockDB(handle);
- }
-
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(cert);
-}
-
-/*
- * Lookup a certificate in the databases, with locking
- */
-CERTCertificate *
-CERT_FindCertByKey(CERTCertDBHandle *handle, SECItem *certKey)
-{
- return(FindCertByKey(handle, certKey, PR_TRUE));
-}
-
-/*
- * Lookup a certificate in the databases without locking
- */
-CERTCertificate *
-CERT_FindCertByKeyNoLocking(CERTCertDBHandle *handle, SECItem *certKey)
-{
- return(FindCertByKey(handle, certKey, PR_FALSE));
-}
-
-/*
- * Generate a key from an issuerAndSerialNumber, and find the
- * associated cert in the database.
- */
-CERTCertificate *
-CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN)
-{
- SECItem certKey;
- CERTCertificate *cert;
-
- certKey.len = issuerAndSN->serialNumber.len + issuerAndSN->derIssuer.len;
- certKey.data = (unsigned char*)PORT_Alloc(certKey.len);
-
- if ( certKey.data == NULL ) {
- return(0);
- }
-
- /* copy the serialNumber */
- PORT_Memcpy(certKey.data, issuerAndSN->serialNumber.data,
- issuerAndSN->serialNumber.len);
-
- /* copy the issuer */
- PORT_Memcpy( &certKey.data[issuerAndSN->serialNumber.len],
- issuerAndSN->derIssuer.data, issuerAndSN->derIssuer.len);
-
- cert = CERT_FindCertByKey(handle, &certKey);
-
- PORT_Free(certKey.data);
-
- return(cert);
-}
-
-/*
- * Lookup a certificate in the database by name
- */
-CERTCertificate *
-CERT_FindCertByName(CERTCertDBHandle *handle, SECItem *name)
-{
- CERTCertificate *cert = NULL;
- CERTSubjectList *subjectList;
-
- CERT_LockDB(handle);
-
- subjectList = FindSubjectList(handle, name, PR_FALSE);
-
- if ( subjectList ) {
- PORT_Assert(subjectList->head);
- cert = CERT_FindCertByKeyNoLocking(handle,
- &subjectList->head->certKey);
- }
-
- CERT_UnlockDB(handle);
-
- return(cert);
-}
-
-/*
- * Lookup a certificate in the database by name and key ID
- */
-CERTCertificate *
-CERT_FindCertByKeyID(CERTCertDBHandle *handle, SECItem *name, SECItem *keyID)
-{
- CERTCertificate *cert = NULL;
- CERTSubjectList *subjectList;
- CERTSubjectNode *node;
-
- CERT_LockDB(handle);
-
- /* find the list of certs for the given subject */
- subjectList = FindSubjectList(handle, name, PR_FALSE);
-
- if ( subjectList ) {
- PORT_Assert(subjectList->head);
- node = subjectList->head;
-
- /* walk through the certs until we find one with a matching key ID */
- while ( node ) {
- if ( SECITEM_CompareItem(keyID, &node->keyID) == SECEqual ) {
- cert = CERT_FindCertByKeyNoLocking(handle, &node->certKey);
- break;
- }
- node = node->next;
- }
- }
-
- CERT_UnlockDB(handle);
-
- return(cert);
-}
-
-/*
- * look up a cert by its nickname string
- */
-CERTCertificate *
-CERT_FindCertByNickname(CERTCertDBHandle *handle, char *nickname)
-{
- DBT tmpdata;
- DBT namekey;
- CERTCertificate *cert;
- SECStatus rv;
- int ret;
- SECItem keyitem;
- PRArenaPool *arena = NULL;
- certDBEntryCert *entry;
-
- PORT_Assert(nickname != NULL);
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBNicknameKey(nickname, arena, &keyitem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- namekey.data = keyitem.data;
- namekey.size = keyitem.len;
-
- /* lookup in the temporary database */
- ret = certdb_Get(handle->tempCertDB, &namekey, &tmpdata, 0);
-
- /* error accessing the database */
- if ( ret < 0 ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- if ( ret == 0 ) { /* found in temp database */
- SECItem nameitem;
-
- nameitem.len = tmpdata.size;
- nameitem.data = (unsigned char *)PORT_Alloc(tmpdata.size);
- if ( nameitem.data == NULL ) {
- goto loser;
- }
- PORT_Memcpy(nameitem.data, tmpdata.data, nameitem.len);
- cert = CERT_FindCertByName(handle, &nameitem);
- PORT_Free(nameitem.data);
- } else { /* not found in temporary database */
-
- CERT_LockDB(handle);
-
- entry = SEC_FindPermCertByNickname(handle, nickname);
-
- if ( entry == NULL ) {
- CERT_UnlockDB(handle);
- goto loser;
- }
-
- cert = SEC_AddPermCertToTemp(handle, entry);
- CERT_UnlockDB(handle);
- }
-
- PORT_FreeArena(arena, PR_FALSE);
-
- return(cert);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(0);
-}
-
-/*
- * look for the given DER certificate in the database
- */
-CERTCertificate *
-CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert)
-{
- PRArenaPool *arena;
- SECItem certKey;
- SECStatus rv;
- CERTCertificate *cert = NULL;
-
- /* create a scratch arena */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- return(NULL);
- }
-
- /* extract the database key from the cert */
- rv = CERT_KeyFromDERCert(arena, derCert, &certKey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* find the certificate */
- cert = CERT_FindCertByKey(handle, &certKey);
-
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return(cert);
-}
-
-/*
- * The following is bunch of types and code to allow looking up a certificate
- * by a hash of its subject public key. Because the words "hash" and "key"
- * are overloaded and thus terribly confusing, I tried to disambiguate things.
- * - Where I could, I used "digest" instead of "hash" when referring to
- * hashing of the subject public key. The PLHashTable interfaces and
- * our own HASH_Foo interfaces had to be left as is, obviously. The latter
- * should be thought of as "digest" in this case.
- * - There are three keys in use here -- the subject public key, the key
- * used to do a lookup in the PLHashTable, and the key used to do a lookup
- * in the cert database. As the latter is a fairly pervasive interface,
- * I left it alone. The other two uses I changed to "spk" or "SPK" when
- * referring to the subject public key, and "index" when referring to the
- * key into the PLHashTable.
- */
-
-typedef struct SPKDigestInfoStr {
- PLHashTable *table;
- PRBool permPopulated;
-} SPKDigestInfo;
-
-/*
- * Since the key hash information is "hidden" (in a void pointer in the handle)
- * these macros with the appropriate casts make it easy to get at the parts.
- */
-#define SPK_DIGEST_TABLE(handle) \
- (((SPKDigestInfo *)(handle->spkDigestInfo))->table)
-
-/*
-** Hash allocator ops for the SPKDigest hash table. The rules are:
-** + The index and value fields are "owned" by the hash table, and are
-** freed when the table entry is deleted.
-** + Replacing a value in the table is not allowed, since the caller can't
-** tell whether the index field was used or not, resulting in a memory
-** leak. (This is a bug in the PL_Hash routines.
-*/
-static void * PR_CALLBACK
-spkAllocTable(void *pool, PRSize size)
-{
-#if defined(XP_MAC)
-#pragma unused (pool)
-#endif
-
- return PR_MALLOC(size);
-}
-
-static void PR_CALLBACK
-spkFreeTable(void *pool, void *item)
-{
-#if defined(XP_MAC)
-#pragma unused (pool)
-#endif
-
- PR_Free(item);
-}
-
-/* NOTE: the key argument here appears to be useless, since the RawAdd
- * routine in PL_Hash just uses the original anyway.
- */
-static PLHashEntry * PR_CALLBACK
-spkAllocEntry(void *pool, const void *key)
-{
-#if defined(XP_MAC)
-#pragma unused (pool,key)
-#endif
-
- return PR_NEW(PLHashEntry);
-}
-
-static void PR_CALLBACK
-spkFreeEntry(void *pool, PLHashEntry *he, PRUintn flag)
-{
-#if defined(XP_MAC)
-#pragma unused (pool)
-#endif
-
- SECItem *value = (SECItem *)he->value;
-
- /* The flag should always be to free the whole entry. Otherwise the
- * index field gets leaked because the caller can't tell whether
- * the "new" value (which is the same as the old) was used or not.
- */
- PORT_Assert(flag == HT_FREE_ENTRY);
-
- /* We always free the value */
- SECITEM_FreeItem(value, PR_TRUE);
-
- if (flag == HT_FREE_ENTRY)
- {
- /* Comes from BTOA, is this the right free call? */
- PORT_Free((char *)he->key);
- PR_Free(he);
- }
-}
-
-static PLHashAllocOps spkHashAllocOps = {
- spkAllocTable, spkFreeTable,
- spkAllocEntry, spkFreeEntry
-};
-
-
-/*
- * Create the key hash lookup table. Note that the table, and the
- * structure which holds it and a little more information, is never freed.
- * This is because the temporary database is never actually closed out,
- * so there is no safe/obvious place to free the whole thing.
- *
- * The database must be locked already.
- */
-static SECStatus
-InitDBspkDigestInfo(CERTCertDBHandle *handle)
-{
- SPKDigestInfo *spkDigestInfo;
- PLHashTable *table;
-
- PORT_Assert(handle != NULL);
- PORT_Assert(handle->spkDigestInfo == NULL);
-
- spkDigestInfo = PORT_ZAlloc(sizeof(SPKDigestInfo));
- if ( spkDigestInfo == NULL ) {
- return(SECFailure);
- }
-
- table = PL_NewHashTable(128, PL_HashString, PL_CompareStrings,
- (PLHashComparator) SECITEM_ItemsAreEqual,
- &spkHashAllocOps, NULL);
- if ( table == NULL ) {
- PORT_Free(spkDigestInfo);
- return(SECFailure);
- }
-
- spkDigestInfo->table = table;
- handle->spkDigestInfo = spkDigestInfo;
- return(SECSuccess);
-}
-
-static SECHashObject *
-OidTagToRawDigestObject(SECOidTag digestAlg)
-{
- SECHashObject *rawDigestObject;
-
- switch (digestAlg) {
- case SEC_OID_MD2:
- rawDigestObject = &SECRawHashObjects[HASH_AlgMD2];
- break;
- case SEC_OID_MD5:
- rawDigestObject = &SECRawHashObjects[HASH_AlgMD5];
- break;
- case SEC_OID_SHA1:
- rawDigestObject = &SECRawHashObjects[HASH_AlgSHA1];
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- rawDigestObject = NULL;
- break;
- }
- return(rawDigestObject);
-}
-
-/*
- * Digest the cert's subject public key using the specified algorithm.
- * The necessary storage for the digest data is allocated. If "fill" is
- * non-null, the data is put there, otherwise a SECItem is allocated.
- * Allocation from "arena" if it is non-null, heap otherwise. Any problem
- * results in a NULL being returned (and an appropriate error set).
- */
-SECItem *
-CERT_SPKDigestValueForCert(PRArenaPool *arena, CERTCertificate *cert,
- SECOidTag digestAlg, SECItem *fill)
-{
- SECHashObject *digestObject;
- void *digestContext;
- SECItem *result = NULL;
- void *mark = NULL;
- SECItem spk;
-
- if ( arena != NULL ) {
- mark = PORT_ArenaMark(arena);
- }
-
- /*
- * This can end up being called before PKCS #11 is initialized,
- * so we have to use the raw digest functions.
- */
- digestObject = OidTagToRawDigestObject(digestAlg);
- if ( digestObject == NULL ) {
- goto loser;
- }
-
- result = SECITEM_AllocItem(arena, fill, digestObject->length);
- if ( result == NULL ) {
- goto loser;
- }
-
- /*
- * Copy just the length and data pointer (nothing needs to be freed)
- * of the subject public key so we can convert the length from bits
- * to bytes, which is what the digest function expects.
- */
- spk = cert->subjectPublicKeyInfo.subjectPublicKey;
- DER_ConvertBitString(&spk);
-
- /*
- * Now digest the value, using the specified algorithm.
- */
- digestContext = digestObject->create();
- if ( digestContext == NULL ) {
- goto loser;
- }
- digestObject->begin(digestContext);
- digestObject->update(digestContext, spk.data, spk.len);
- digestObject->end(digestContext, result->data, &(result->len), result->len);
- digestObject->destroy(digestContext, PR_TRUE);
-
- if ( arena != NULL ) {
- PORT_ArenaUnmark(arena, mark);
- }
- return(result);
-
-loser:
- if ( arena != NULL ) {
- PORT_ArenaRelease(arena, mark);
- } else {
- if ( result != NULL ) {
- SECITEM_FreeItem(result, (fill == NULL) ? PR_TRUE : PR_FALSE);
- }
- }
- return(NULL);
-}
-
-/*
- * Return the index for the spk digest lookup table for "spkDigest".
- *
- * Caller is responsible for freeing the returned string.
- */
-static char *
-spkDigestIndexFromDigest(SECItem *spkDigest)
-{
- return BTOA_ConvertItemToAscii(spkDigest);
-}
-
-/*
- * Return the index for the spk digest lookup table for this certificate,
- * based on the specified digest algorithm.
- *
- * Caller is responsible for freeing the returned string.
- */
-static char *
-spkDigestIndexFromCert(CERTCertificate *cert, SECOidTag digestAlg)
-{
- SECItem *spkDigest;
- char *index;
-
- spkDigest = CERT_SPKDigestValueForCert(NULL, cert, digestAlg, NULL);
- if ( spkDigest == NULL )
- return(NULL);
-
- index = spkDigestIndexFromDigest(spkDigest);
-
- SECITEM_FreeItem(spkDigest, PR_TRUE);
-
- return(index);
-}
-
-/*
- * Remove the spk digest for the given cert from the spk digest table,
- * based on the given digest algorithm.
- *
- * The database must be locked already.
- */
-static SECStatus
-RemoveCertFromSPKDigestTableForAlg(CERTCertDBHandle *handle,
- CERTCertificate *cert, SECOidTag digestAlg)
-{
- SECStatus rv = SECSuccess;
- char *index = NULL;
- PLHashTable *table;
-
- /* Expect to only be called if there is a table to work with. */
- PORT_Assert(handle->spkDigestInfo != NULL);
-
- table = SPK_DIGEST_TABLE(handle);
- PORT_Assert(table != NULL);
-
- index = spkDigestIndexFromCert(cert, digestAlg);
- if ( index == NULL ) {
- rv = SECFailure;
- goto done;
- }
-
- if ( PL_HashTableRemove(table, index) != PR_TRUE ) {
- /* not found means nothing to remove, which is fine */
- }
-
-done:
- if ( index != NULL ) {
- PORT_Free(index);
- }
- return(rv);
-}
-
-/*
- * Remove the spk digests for the given cert from the spk digest table,
- * for all known digest algorithms.
- *
- * The database must be locked already.
- */
-static SECStatus
-RemoveCertFromSPKDigestTable(CERTCertDBHandle *handle, CERTCertificate *cert)
-{
- /*
- * If no certs have been added yet, then nothing to do.
- */
- if ( handle->spkDigestInfo == NULL ) {
- return(SECSuccess);
- }
-
- (void) RemoveCertFromSPKDigestTableForAlg(handle, cert, SEC_OID_MD2);
- (void) RemoveCertFromSPKDigestTableForAlg(handle, cert, SEC_OID_MD5);
- return RemoveCertFromSPKDigestTableForAlg(handle, cert, SEC_OID_SHA1);
-}
-
-/*
- * Add the spk digest for the given cert to the spk digest table,
- * based on the given digest algorithm.
- *
- * If a cert for the same spk digest is already in the table, choose whichever
- * cert is "newer". (The other cert cannot be found via spk digest.)
- *
- * The database must be locked already.
- *
- * XXX Note that this implementation results in leaking the index value.
- * Fixing that did not seem worth the trouble, given we will only leak
- * once per cert. This whole thing should be done differently in the
- * new rewrite (Stan), and then the problem will go away.
- */
-static SECStatus
-AddCertToSPKDigestTableForAlg(CERTCertDBHandle *handle, CERTCertificate *cert,
- SECItem *certDBKey, SECOidTag digestAlg)
-{
- SECStatus rv = SECFailure;
- SECItem *oldCertDBKey;
- PRBool addit = PR_TRUE;
- CERTCertificate *oldCert = NULL;
- char *index = NULL;
- PLHashTable *table;
-
- /*
- * After running some testing doing key hash lookups (like using OCSP),
- * if these are never hit, they can probably be removed.
- */
- PORT_Assert(handle != NULL);
- PORT_Assert(handle == cert->dbhandle);
- PORT_Assert(handle->spkDigestInfo != NULL);
- PORT_Assert((certDBKey == &cert->certKey)
- || (SECITEM_CompareItem(certDBKey,
- &cert->certKey) == SECEqual));
-
- table = SPK_DIGEST_TABLE(handle);
- PORT_Assert(table != NULL);
-
- index = spkDigestIndexFromCert(cert, digestAlg);
- if ( index == NULL ) {
- goto loser;
- }
-
- /*
- * See if this cert's spk digest is already in the table.
- */
- oldCertDBKey = PL_HashTableLookup(table, index);
- if ( oldCertDBKey != NULL ) {
- /*
- * The spk digest *is* already in the table. We need to find that
- * cert and see -- if it is the same, then we can just leave as is.
- * Otherwise we have to choose which cert we want represented;
- * in that case the best plan I can think of is to hang onto the
- * most recent one.
- */
- oldCert = CERT_FindCertByKey(handle, oldCertDBKey);
- if ( oldCert != NULL ) {
- if ( cert == oldCert ) {
- /* They are the same cert, so we are done. */
- addit = PR_FALSE;
- } else if ( CERT_IsNewer(cert, oldCert) ) {
- if ( PL_HashTableRemove(table, index) != PR_TRUE ) {
- goto loser;
- }
- } else {
- /* oldCert is "newer", so we are done. */
- addit = PR_FALSE;
- }
- }
- }
-
- if ( addit ) {
- certDBKey = SECITEM_DupItem(certDBKey);
- if ( certDBKey == NULL ) {
- goto loser;
- }
- if ( PL_HashTableAdd(table, index, certDBKey) == NULL ) {
- SECITEM_FreeItem(certDBKey, PR_TRUE);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- index = NULL; /* don't want to free it */
- }
-
- rv = SECSuccess;
-
-loser:
- if ( index != NULL ) {
- PORT_Free(index);
- }
- if ( oldCert != NULL ) {
- CERT_DestroyCertificate(oldCert);
- }
- return(rv);
-}
-
-/*
- * Add the spk digest for the given cert to the spk digest table,
- * for all known digest algorithms.
- *
- * The database must be locked already, and the digest table already created.
- */
-static SECStatus
-AddCertToSPKDigestTableForAllAlgs(CERTCertDBHandle *handle,
- CERTCertificate *cert, SECItem *certDBKey)
-{
- (void) AddCertToSPKDigestTableForAlg(handle, cert, certDBKey, SEC_OID_MD2);
- (void) AddCertToSPKDigestTableForAlg(handle, cert, certDBKey, SEC_OID_MD5);
- return AddCertToSPKDigestTableForAlg(handle, cert, certDBKey, SEC_OID_SHA1);
-}
-
-/*
- * Add the spk digests for the given cert to the spk digest table,
- * for all known digest algorithms. (This function is called when a
- * new cert is added to the temporary database.)
- *
- * If the spk digest table does not yet exist, create it.
- *
- * In an ideal world, we would not hardwire the digest algorithms.
- * But it is the case that we do not currently support any digest
- * algorithms outside of these three. In the newer, cleaned-up world,
- * this may be done differently.
- *
- * The database must be locked already.
- */
-static SECStatus
-AddCertToSPKDigestTable(CERTCertDBHandle *handle, CERTCertificate *cert)
-{
- SECStatus rv;
-
- if ( handle->spkDigestInfo == NULL ) {
- rv = InitDBspkDigestInfo(handle);
- if ( rv != SECSuccess ) {
- return(rv);
- }
- }
-
- return AddCertToSPKDigestTableForAllAlgs(handle, cert, &cert->certKey);
-}
-
-/*
- * Add the spk digest for the given cert to the spk digest table,
- * for all known digest algorithms. This function is called while
- * traversing all of the certs in the permanent database -- since
- * that imposes some constraints on its arguments this routine is a
- * simple cover for the "real" interface.
- *
- * The database must be locked already, and the digest table already created.
- */
-static SECStatus
-AddCertToSPKDigestTableInTraversal(CERTCertificate *cert, SECItem *certDBKey,
- void *data)
-{
- CERTCertDBHandle *handle = data;
-
- return AddCertToSPKDigestTableForAllAlgs(handle, cert, certDBKey);
-}
-
-/*
- * Add the spk digests for the all permanent certs to the spk digest table,
- * for all known digest algorithms.
- *
- * This locks the database, and then checks to make sure that the work
- * actually needs to get done.
- *
- * If the spk digest table does not yet exist, it is created.
- */
-static SECStatus
-PopulateSPKDigestTable(CERTCertDBHandle *handle)
-{
- SPKDigestInfo *spkDigestInfo;
- SECStatus rv = SECSuccess;
-
- CERT_LockDB(handle);
-
- spkDigestInfo = handle->spkDigestInfo;
- if ( spkDigestInfo == NULL ) {
- rv = InitDBspkDigestInfo(handle);
- if ( rv != SECSuccess ) {
- return(rv);
- }
- spkDigestInfo = handle->spkDigestInfo;
- PORT_Assert(spkDigestInfo != NULL);
- } else {
- /*
- * Check to see if someone already did it; it is important to do
- * this after getting the lock.
- */
- if ( spkDigestInfo->permPopulated == PR_TRUE ) {
- goto done;
- }
- }
-
- rv = TraversePermCertsNoLocking(handle, AddCertToSPKDigestTableInTraversal,
- handle);
-
- if ( rv != SECSuccess ) {
- goto done;
- }
-
- spkDigestInfo->permPopulated = PR_TRUE;
-
-done:
- CERT_UnlockDB(handle);
-
- return(rv);
-}
-
-/*
- * Lookup a certificate by a digest of a subject public key. If it is
- * found, it is returned (and must then be destroyed by the caller).
- * NULL is returned otherwise -- if there was a problem performing the
- * lookup, an appropriate error is set (e.g. SEC_ERROR_NO_MEMORY);
- * if the cert simply was not found, the error is SEC_ERROR_UNKNOWN_CERT.
- *
- * If the lookup table has not yet been created or populated, do that first.
- */
-CERTCertificate *
-CERT_FindCertBySPKDigest(CERTCertDBHandle *handle, SECItem *spkDigest)
-{
- SPKDigestInfo *spkDigestInfo;
- char *index = NULL;
- SECItem *certDBKey;
- CERTCertificate *cert = NULL;
-
- PORT_Assert(handle != NULL);
- spkDigestInfo = handle->spkDigestInfo;
-
- if ( spkDigestInfo == NULL || spkDigestInfo->permPopulated != PR_TRUE ) {
- if ( PopulateSPKDigestTable(handle) != SECSuccess ) {
- goto loser;
- }
- }
-
- index = spkDigestIndexFromDigest(spkDigest);
- if ( index == NULL ) {
- goto loser;
- }
-
- certDBKey = PL_HashTableLookup(SPK_DIGEST_TABLE(handle), index);
- if ( certDBKey != NULL ) {
- cert = CERT_FindCertByKey(handle, certDBKey);
- }
-
- if ( cert == NULL ) {
- PORT_SetError(SEC_ERROR_UNKNOWN_CERT);
- }
-
-loser:
- if ( index != NULL ) {
- PORT_Free(index);
- }
- return(cert);
-}
-
-static void
-DestroyCertificate(CERTCertificate *cert, PRBool lockdb)
-{
- int refCount;
- CERTCertDBHandle *handle;
-
- if ( cert ) {
-
- handle = cert->dbhandle;
-
- /*
- * handle may be NULL, for example if the cert was created with
- * CERT_DecodeDERCertificate.
- */
- if ( lockdb && handle ) {
- CERT_LockDB(handle);
- }
-
- CERT_LockCertRefCount(cert);
- PORT_Assert(cert->referenceCount > 0);
- refCount = --cert->referenceCount;
- CERT_UnlockCertRefCount(cert);
-
- if ( ( refCount == 0 ) && !cert->keepSession ) {
- certDBEntryCert *entry = cert->dbEntry;
- PRArenaPool * arena = cert->arena;
-
- if ( cert->istemp ) {
- CERT_DeleteTempCertificate(cert);
- }
-
- if ( entry ) {
- DestroyDBEntry((certDBEntry *)entry);
- }
-
- /* zero cert before freeing. Any stale references to this cert
- * after this point will probably cause an exception. */
- PORT_Memset(cert, 0, sizeof *cert);
-
- cert = NULL;
-
- /* free the arena that contains the cert. */
- PORT_FreeArena(arena, PR_FALSE);
- }
- if ( lockdb && handle ) {
- CERT_UnlockDB(handle);
- }
- }
-
- return;
-}
-
-void
-CERT_DestroyCertificate(CERTCertificate *cert)
-{
- DestroyCertificate(cert, PR_TRUE);
- return;
-}
-
-void
-CERT_DestroyCertificateNoLocking(CERTCertificate *cert)
-{
- DestroyCertificate(cert, PR_FALSE);
- return;
-}
-
-/*
- * cache a CRL from the permanent database into the temporary database
- */
-CERTSignedCrl *
-SEC_AddPermCrlToTemp(CERTCertDBHandle *handle, certDBEntryRevocation *entry)
-{
- CERTSignedCrl *crl = NULL;
- DBT key;
- DBT data;
- int status;
- PRArenaPool *arena = NULL;
- SECItem keyitem;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- crl = CERT_DecodeDERCrl(NULL, &entry->derCrl,
- entry->common.type == certDBEntryTypeRevocation ?
- SEC_CRL_TYPE : SEC_KRL_TYPE);
-
- if ( crl == NULL ) {
- goto loser;
- }
-
- /* only save pointer to cert in database */
- data.data = &crl;
- data.size = sizeof(crl);
-
-
- rv = EncodeDBGenericKey(&(crl->crl.derName), arena,
- &keyitem, entry->common.type);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- if (entry->url) {
- int nnlen = PORT_Strlen(entry->url) + 1;
- crl->url = (char *)PORT_ArenaAlloc(crl->arena, nnlen);
- if ( !crl->url ) {
- goto loser;
- }
- PORT_Memcpy(crl->url, entry->url, nnlen);
- } else {
- crl->url = NULL;
- }
-
- key.data = keyitem.data;
- key.size = keyitem.len;
-
- /* enter into main db */
- status = certdb_Put(handle->tempCertDB, &key, &data, R_NOOVERWRITE);
- if ( status ) {
- goto loser;
- }
-
- crl->istemp = PR_TRUE;
- crl->isperm = PR_TRUE;
- crl->dbhandle = handle;
- crl->dbEntry = entry;
-
-
- PORT_FreeArena(arena, PR_FALSE);
-
- crl->keep = PR_TRUE;
- return(crl);
-
-loser:
- if ( crl ) {
- SEC_DestroyCrl(crl);
- }
-
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- return(0);
-}
-
-SECStatus
-SEC_DeleteTempCrl(CERTSignedCrl *crl)
-{
- SECStatus rv;
- DBT nameKey;
- CERTCertDBHandle *handle;
- SECItem keyitem;
- PRArenaPool *arena;
- int ret;
-
- handle = crl->dbhandle;
-
- if ( !crl->istemp ) {
- return(SECSuccess);
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBGenericKey
- (&crl->crl.derName, arena, &keyitem, crl->dbEntry->common.type);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- nameKey.data = keyitem.data;
- nameKey.size = keyitem.len;
-
- /* delete the cert */
- ret = certdb_Del(handle->tempCertDB, &nameKey, 0);
- if ( ret ) {
- goto loser;
- }
-
- crl->istemp = PR_FALSE;
-
- PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(SECFailure);
-}
-
-/*
- * Lookup a CRL in the databases. We mirror the same fast caching data base
- * caching stuff used by certificates....?
- */
-CERTSignedCrl *
-SEC_FindCrlByKey(CERTCertDBHandle *handle, SECItem *crlKey, int type)
-{
- DBT tmpdata;
- int ret;
- SECItem keyitem;
- DBT key;
- SECStatus rv;
- CERTSignedCrl *crl = NULL;
- PRArenaPool *arena = NULL;
- certDBEntryRevocation *entry;
- certDBEntryType crlType = (type == SEC_CRL_TYPE) ?
- certDBEntryTypeRevocation : certDBEntryTypeKeyRevocation;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- rv = EncodeDBGenericKey(crlKey, arena, &keyitem, crlType);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- key.data = keyitem.data;
- key.size = keyitem.len;
-
- /* lookup in the temporary database */
- ret = certdb_Get( handle->tempCertDB, &key, &tmpdata, 0 );
-
- /* error accessing the database */
- if ( ret < 0 ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- if ( ret == 0 ) { /* found in temp database */
- if ( tmpdata.size != sizeof(CERTSignedCrl *) ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- goto loser;
- }
-
- PORT_Memcpy(&crl, tmpdata.data, tmpdata.size);
- crl->referenceCount++;
- } else { /* not found in temporary database */
-
- /* find in perm database */
- entry = ReadDBCrlEntry(handle, crlKey, crlType);
-
- if ( entry == NULL ) {
- goto loser;
- }
-
- crl = SEC_AddPermCrlToTemp(handle, entry);
- }
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(crl);
-}
-
-
-CERTSignedCrl *
-SEC_FindCrlByName(CERTCertDBHandle *handle, SECItem *crlKey, int type)
-{
- return SEC_FindCrlByKey(handle,crlKey,type);
-}
-
-CERTSignedCrl *
-SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl, int type)
-{
- PRArenaPool *arena;
- SECItem crlKey;
- SECStatus rv;
- CERTSignedCrl *crl = NULL;
-
- /* create a scratch arena */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- return(NULL);
- }
-
- /* extract the database key from the cert */
- rv = CERT_KeyFromDERCrl(arena, derCrl, &crlKey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* find the crl */
- crl = SEC_FindCrlByKey(handle, &crlKey, type);
-
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return(crl);
-}
-
-
-SECStatus
-SEC_DestroyCrl(CERTSignedCrl *crl)
-{
- if (crl) {
- if (crl->referenceCount-- <= 1) {
- if (!crl->keep) {
- SEC_DeleteTempCrl(crl);
- if (crl->dbEntry) {
- DestroyDBEntry((certDBEntry *)crl->dbEntry);
- }
- PORT_FreeArena(crl->arena, PR_FALSE);
- }
- }
- }
- return SECSuccess;
-}
-
-CERTSignedCrl *
-cert_DBInsertCRL (CERTCertDBHandle *handle, char *url,
- CERTSignedCrl *newCrl, SECItem *derCrl, int type)
-{
- CERTSignedCrl *oldCrl = NULL, *crl = NULL;
- certDBEntryRevocation *entry = NULL;
- PRArenaPool *arena = NULL;
- SECCertTimeValidity validity;
- certDBEntryType crlType = (type == SEC_CRL_TYPE) ?
- certDBEntryTypeRevocation : certDBEntryTypeKeyRevocation;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) goto done;
-
- validity = SEC_CheckCrlTimes(&newCrl->crl,PR_Now());
- if ( validity == secCertTimeExpired) {
- if (type == SEC_CRL_TYPE) {
- PORT_SetError(SEC_ERROR_CRL_EXPIRED);
- } else {
- PORT_SetError(SEC_ERROR_KRL_EXPIRED);
- }
- goto done;
- } else if (validity == secCertTimeNotValidYet) {
- if (type == SEC_CRL_TYPE) {
- PORT_SetError(SEC_ERROR_CRL_NOT_YET_VALID);
- } else {
- PORT_SetError(SEC_ERROR_KRL_NOT_YET_VALID);
- }
- goto done;
- }
-
- oldCrl = SEC_FindCrlByKey(handle, &newCrl->crl.derName, type);
-
- /* if there is an old crl, make sure the one we are installing
- * is newer. If not, exit out, otherwise delete the old crl.
- */
- if (oldCrl != NULL) {
- if (!SEC_CrlIsNewer(&newCrl->crl,&oldCrl->crl)) {
-
- if (type == SEC_CRL_TYPE) {
- PORT_SetError(SEC_ERROR_OLD_CRL);
- } else {
- PORT_SetError(SEC_ERROR_OLD_KRL);
- }
-
- goto done;
- }
-
- if ((SECITEM_CompareItem(&newCrl->crl.derName,
- &oldCrl->crl.derName) != SECEqual) &&
- (type == SEC_KRL_TYPE) ) {
-
- PORT_SetError(SEC_ERROR_CKL_CONFLICT);
- goto done;
- }
-
- /* if we have a url in the database, use that one */
- if (oldCrl->url) {
- int nnlen = PORT_Strlen(oldCrl->url) + 1;
- url = (char *)PORT_ArenaAlloc(arena, nnlen);
- if ( url != NULL ) {
- PORT_Memcpy(url, oldCrl->url, nnlen);
- }
- }
-
-
- /* really destroy this crl */
- /* first drum it out of the permanment Data base */
- SEC_DeletePermCRL(oldCrl);
- /* then get rid of our reference to it... */
- SEC_DestroyCrl(oldCrl);
- oldCrl = NULL;
-
- }
-
- /* Write the new entry into the data base */
- entry = NewDBCrlEntry(derCrl, url, crlType, 0);
- if (entry == NULL) goto done;
-
- rv = WriteDBCrlEntry(handle, entry);
- if (rv != SECSuccess) goto done;
-
- crl = SEC_AddPermCrlToTemp(handle, entry);
- if (crl) entry = NULL; /*crl->dbEntry now points to entry data */
- crl->isperm = PR_TRUE;
-
-done:
- if (entry) DestroyDBEntry((certDBEntry *)entry);
- if (arena) PORT_FreeArena(arena, PR_FALSE);
- if (oldCrl) SEC_DestroyCrl(oldCrl);
-
- return crl;
-}
-
-
-/*
- * create a new CRL from DER material.
- *
- * The signature on this CRL must be checked before you
- * load it. ???
- */
-CERTSignedCrl *
-SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl, int type)
-{
- CERTSignedCrl *newCrl = NULL, *crl = NULL;
-
- /* make this decode dates! */
- newCrl = CERT_DecodeDERCrl(NULL, derCrl, type);
- if (newCrl == NULL) {
- if (type == SEC_CRL_TYPE) {
- PORT_SetError(SEC_ERROR_CRL_INVALID);
- } else {
- PORT_SetError(SEC_ERROR_KRL_INVALID);
- }
- goto done;
- }
-
- crl = cert_DBInsertCRL (handle, url, newCrl, derCrl, type);
-
-
-done:
- if (newCrl) PORT_FreeArena(newCrl->arena, PR_FALSE);
-
- return crl;
-}
-
-
-/*
- * replace the existing URL in the data base with a new one
- */
-SECStatus
-SEC_CrlReplaceUrl(CERTSignedCrl *crl,char *url) {
- SECStatus rv = SECFailure;
- certDBEntryRevocation *entry = NULL;
- int nnlen=0;
-
- SEC_DeletePermCRL(crl);
-
- /* Write the new entry into the data base */
- entry = NewDBCrlEntry(&crl->dbEntry->derCrl, url, crl->dbEntry->common.type, 0);
- if (entry == NULL) goto done;
-
- rv = WriteDBCrlEntry(crl->dbhandle, entry);
- if (rv != SECSuccess) goto done;
-
- if (url) {
- nnlen = PORT_Strlen(url) + 1;
- crl->url = (char *)PORT_ArenaAlloc(crl->arena, nnlen);
- if ( !crl->url ) {
- goto done;
- }
- PORT_Memcpy(crl->url, url, nnlen);
- } else {
- crl->url = NULL;
- }
-done:
- return rv;
-}
-
-
-/*
- * collect a linked list of CRL's
- */
-static SECStatus CollectCrls(SECItem *dbdata, SECItem *dbkey,
- certDBEntryType type, void *data) {
- SECStatus rv;
- certDBEntryRevocation entry;
- SECItem entryitem;
- PRArenaPool *arena = NULL;
- CERTCrlHeadNode *head;
- CERTCrlNode *new_node;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- head = (CERTCrlHeadNode *)data;
- entry.common.version = (unsigned int)dbdata->data[0];
- entry.common.type = (certDBEntryType)dbdata->data[1];
- entry.common.flags = (unsigned int)dbdata->data[2];
- entry.common.arena = arena;
-
- entryitem.len = dbdata->len - SEC_DB_ENTRY_HEADER_LEN;
- entryitem.data = &dbdata->data[SEC_DB_ENTRY_HEADER_LEN];
-
- rv = DecodeDBCrlEntry(&entry, &entryitem);
- if (rv != SECSuccess ) {
- goto loser;
- }
-
- new_node = (CERTCrlNode *)PORT_ArenaAlloc(head->arena, sizeof(CERTCrlNode));
- if (new_node == NULL) {
- goto loser;
- }
-
- new_node->type = (entry.common.type == certDBEntryTypeRevocation) ?
- SEC_CRL_TYPE : SEC_KRL_TYPE;
- new_node->crl=CERT_DecodeDERCrl(head->arena,&entry.derCrl,new_node->type);
-
- if (entry.url) {
- int nnlen = PORT_Strlen(entry.url) + 1;
- new_node->crl->url = (char *)PORT_ArenaAlloc(head->arena, nnlen);
- if ( !new_node->crl->url ) {
- goto loser;
- }
- PORT_Memcpy(new_node->crl->url, entry.url, nnlen);
- } else {
- new_node->crl->url = NULL;
- }
-
-
- new_node->next = NULL;
- if (head->last) {
- head->last->next = new_node;
- head->last = new_node;
- } else {
- head->first = head->last = new_node;
- }
- return (SECSuccess);
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return(SECFailure);
-}
-
-
-SECStatus
-SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes, int type)
-{
- CERTCrlHeadNode *head;
- PRArenaPool *arena = NULL;
- SECStatus rv;
-
- *nodes = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- return SECFailure;
- }
-
- /* build a head structure */
- head = (CERTCrlHeadNode *)PORT_ArenaAlloc(arena, sizeof(CERTCrlHeadNode));
- head->arena = arena;
- head->first = NULL;
- head->last = NULL;
- head->dbhandle = handle;
-
- /* Look up the proper crl types */
- *nodes = head;
-
- CERT_LockDB(handle);
-
- switch (type) {
- case SEC_CRL_TYPE:
- rv = SEC_TraverseDBEntries(handle, certDBEntryTypeRevocation,
- CollectCrls, (void *)head);
- break;
- case SEC_KRL_TYPE:
- rv = SEC_TraverseDBEntries(handle, certDBEntryTypeKeyRevocation,
- CollectCrls, (void *)head);
- break;
- case -1:
- rv = SEC_TraverseDBEntries(handle, certDBEntryTypeKeyRevocation,
- CollectCrls, (void *)head);
- if (rv != SECSuccess) break;
- rv = SEC_TraverseDBEntries(handle, certDBEntryTypeRevocation,
- CollectCrls, (void *)head);
- break;
- default:
- rv = SECFailure;
- break;
- }
-
- CERT_UnlockDB(handle);
-
- if (rv != SECSuccess) {
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- *nodes = NULL;
- }
- }
-
- return rv;
-}
-
-
-SECStatus
-SEC_DeletePermCRL(CERTSignedCrl *crl) {
- SECStatus rv;
-
- if (crl == NULL) {
- return SECFailure;
- }
-
- rv = DeleteDBCrlEntry(crl->dbhandle, &crl->crl.derName,
- crl->dbEntry->common.type);
- if (rv != SECSuccess) goto done;
-
- /* now force it to be freed when all the reference counts go */
- crl->keep = PR_FALSE;
- /* force it out of the temporary data base */
- SEC_DeleteTempCrl(crl);
-
-done:
- return rv;
-}
-
-/*
- * find a cert by email address
- *
- * pick one that is a valid recipient, meaning that it is an encryption
- * cert.
- *
- */
-static CERTCertificate*
-find_smime_recipient_cert(CERTCertDBHandle* handle, const char* email_addr)
-{
- CERTCertificate* cert = NULL;
- CERTCertList* certList = NULL;
- SECStatus rv;
-
- certList = CERT_CreateEmailAddrCertList(NULL, handle, (char*)email_addr,
- PR_Now(), PR_TRUE);
- if (certList == NULL) {
- return NULL;
- }
-
- rv = CERT_FilterCertListByUsage(certList, certUsageEmailRecipient,
- PR_FALSE);
-
- if (!CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) {
- cert = CERT_DupCertificate(CERT_LIST_HEAD(certList)->cert);
- }
-
- CERT_DestroyCertList(certList);
-
- return cert; /* cert may point to a cert or may be NULL */
-}
-
-/*
- * This function has the logic that decides if another person's cert and
- * email profile from an S/MIME message should be saved. It can deal with
- * the case when there is no profile.
- */
-SECStatus
-CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
- SECItem *profileTime)
-{
- certDBEntrySMime *entry = NULL, *oldentry = NULL;
- int64 oldtime;
- int64 newtime;
- SECStatus rv;
- CERTCertificate *oldcert = NULL;
- PRBool saveit;
- CERTCertTrust trust;
- CERTCertTrust tmptrust;
- char *emailAddr;
-
- emailAddr = cert->emailAddr;
-
- PORT_Assert(emailAddr);
- if ( emailAddr == NULL ) {
- goto loser;
- }
-
- saveit = PR_FALSE;
-
- oldcert = find_smime_recipient_cert(cert->dbhandle, emailAddr);
- if (oldcert) {
- /* see if there is an entry already */
- oldentry = ReadDBSMimeEntry(cert->dbhandle, emailAddr);
- }
-
- /* both profileTime and emailProfile have to exist or not exist */
- if ( emailProfile == NULL ) {
- profileTime = NULL;
- } else if ( profileTime == NULL ) {
- emailProfile = NULL;
- }
-
- if ( oldentry == NULL ) {
- /* no old entry for this address */
- PORT_Assert(oldcert == NULL);
- saveit = PR_TRUE;
- } else {
- /* there was already a profile for this email addr */
- if ( profileTime ) {
- /* we have an old and new profile - save whichever is more recent*/
- if ( oldentry->optionsDate.len == 0 ) {
- /* always replace if old entry doesn't have a time */
- oldtime = LL_MININT;
- } else {
- rv = DER_UTCTimeToTime(&oldtime, &oldentry->optionsDate);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
-
- rv = DER_UTCTimeToTime(&newtime, profileTime);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- if ( LL_CMP(newtime, >, oldtime ) ) {
- /* this is a newer profile, save it and cert */
- saveit = PR_TRUE;
- }
- } else {
- /* we don't have a new profile or time */
- if ( oldentry->optionsDate.len == 0 ) {
- /* the old entry doesn't have a time either, so compare certs*/
- if ( CERT_IsNewer(cert, oldcert) ) {
- /* new cert is newer, use it instead */
- saveit = PR_TRUE;
- }
- } else {
- if (oldcert) {
- if (CERT_IsNewer(cert, oldcert)) {
- saveit = PR_TRUE;
- }
- } else {
- saveit = PR_TRUE;
- }
- }
- }
- }
-
- if ( saveit ) {
- if ( oldcert && ( oldcert != cert ) ) {
- /* old cert is different from new cert */
- if ( PORT_Memcmp(oldcert->trust, &trust, sizeof(trust)) == 0 ) {
- /* old cert is only for e-mail, so delete it */
- SEC_DeletePermCertificate(oldcert);
- } else {
- /* old cert is for other things too, so just change trust */
- tmptrust = *oldcert->trust;
- tmptrust.emailFlags &= ( ~CERTDB_VALID_PEER );
- rv = CERT_ChangeCertTrust(oldcert->dbhandle, oldcert,
- &tmptrust);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
- }
-
-/* Subroutine */
- /* now save the entry */
- entry = NewDBSMimeEntry(emailAddr, &cert->derSubject, emailProfile,
- profileTime, 0);
- if ( entry == NULL ) {
- goto loser;
- }
-
- CERT_LockDB(cert->dbhandle);
-
- rv = DeleteDBSMimeEntry(cert->dbhandle, emailAddr);
- /* if delete fails, try to write new entry anyway... */
-
- rv = WriteDBSMimeEntry(cert->dbhandle, entry);
- if ( rv != SECSuccess ) {
- CERT_UnlockDB(cert->dbhandle);
- goto loser;
- }
-
- /* link subject entry back here */
- rv = UpdateSubjectWithEmailAddr(cert, emailAddr);
- if ( rv != SECSuccess ) {
- CERT_UnlockDB(cert->dbhandle);
- goto loser;
- }
-
- CERT_UnlockDB(cert->dbhandle);
-/* End Subroutine */
- }
-
- rv = SECSuccess;
- goto done;
-
-loser:
- rv = SECFailure;
-
-done:
- if ( oldcert ) {
- CERT_DestroyCertificate(oldcert);
- }
-
- if ( entry ) {
- DestroyDBEntry((certDBEntry *)entry);
- }
- if ( oldentry ) {
- DestroyDBEntry((certDBEntry *)oldentry);
- }
-
- return(rv);
-}
-
-CERTCertificate *
-CERT_FindCertByEmailAddr(CERTCertDBHandle *handle, char *emailAddr)
-{
- certDBEntrySMime *entry;
- CERTCertificate *cert = NULL;
-
- emailAddr = CERT_FixupEmailAddr(emailAddr);
- if ( emailAddr == NULL ) {
- return(NULL);
- }
-
- entry = ReadDBSMimeEntry(handle, emailAddr);
-
- /* XXX - this will have to change when multiple certs per subject
- * are allowed
- */
- if ( entry != NULL ) {
- cert = CERT_FindCertByName(handle, &entry->subjectName);
- }
-
- if ( entry ) {
- DestroyDBEntry((certDBEntry *)entry);
- }
-
- PORT_Free(emailAddr);
-
- return(cert);
-}
-
-/*
- * find the smime symmetric capabilities profile for a given cert
- */
-SECItem *
-CERT_FindSMimeProfile(CERTCertificate *cert)
-{
- certDBEntrySMime *entry;
- SECItem *retitem = NULL;
-
- PORT_Assert(cert->emailAddr != NULL);
-
- if ( cert->emailAddr == NULL ) {
- return(NULL);
- }
-
- entry = ReadDBSMimeEntry(cert->dbhandle, cert->emailAddr);
-
- if ( entry ) {
- retitem = SECITEM_DupItem(&entry->smimeOptions);
- DestroyDBEntry((certDBEntry *)entry);
- }
-
- return(retitem);
-}
-
-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, char *name)
-{
- CERTCertificate *cert;
- cert = CERT_FindCertByNickname(handle, name);
- if ( cert == NULL ) {
- cert = CERT_FindCertByEmailAddr(handle, name);
- }
-
- return(cert);
-}
-
-PRBool
-CERT_IsCertRevoked(CERTCertificate *cert)
-{
- return(PR_FALSE);
-}
-
-CERTCertificate *
-CERT_NextSubjectCert(CERTCertificate *cert)
-{
- CERTSubjectNode *node;
- CERTCertificate *retcert = NULL;
-
- CERT_LockDB(cert->dbhandle);
-
- node = FindCertSubjectNode(cert);
- PORT_Assert(node != NULL);
-
- if ( node->next != NULL ) {
- retcert = CERT_FindCertByKeyNoLocking(cert->dbhandle,
- &node->next->certKey);
- }
-
- CERT_UnlockDB(cert->dbhandle);
-
- return(retcert);
-}
-
-CERTCertificate *
-CERT_PrevSubjectCert(CERTCertificate *cert)
-{
- CERTSubjectNode *node;
- CERTCertificate *retcert = NULL;
-
- CERT_LockDB(cert->dbhandle);
- node = FindCertSubjectNode(cert);
- PORT_Assert(node != NULL);
-
- if ( node->prev != NULL ) {
- retcert = CERT_FindCertByKeyNoLocking(cert->dbhandle,
- &node->prev->certKey);
- }
- CERT_UnlockDB(cert->dbhandle);
-
- return(retcert);
-}
-
-SECStatus
-CERT_SaveImportedCert(CERTCertificate *cert, SECCertUsage usage,
- PRBool caOnly, char *nickname)
-{
- SECStatus rv;
- PRBool saveit;
- CERTCertTrust trust;
- CERTCertTrust tmptrust;
- PRBool isCA;
- unsigned int certtype;
- PRBool freeNickname = PR_FALSE;
-
- isCA = CERT_IsCACert(cert, NULL);
- if ( caOnly && ( !isCA ) ) {
- return(SECSuccess);
- }
-
- saveit = PR_TRUE;
-
- PORT_Memset((void *)&trust, 0, sizeof(trust));
-
- certtype = cert->nsCertType;
-
- /* if no CA bits in cert type, then set all CA bits */
- if ( isCA && ( ! ( certtype & NS_CERT_TYPE_CA ) ) ) {
- certtype |= NS_CERT_TYPE_CA;
- }
-
- /* if no app bits in cert type, then set all app bits */
- if ( ( !isCA ) && ( ! ( certtype & NS_CERT_TYPE_APP ) ) ) {
- certtype |= NS_CERT_TYPE_APP;
- }
-
- if ( isCA && !nickname ) {
- nickname = CERT_MakeCANickname(cert);
- if ( nickname != NULL ) {
- freeNickname = PR_TRUE;
- }
- }
-
- switch ( usage ) {
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- if ( isCA ) {
- if ( certtype & NS_CERT_TYPE_EMAIL_CA ) {
- trust.emailFlags = CERTDB_VALID_CA;
- }
- } else {
- PORT_Assert(nickname == NULL);
-
- if ( cert->emailAddr == NULL ) {
- saveit = PR_FALSE;
- }
-
- if ( certtype & NS_CERT_TYPE_EMAIL ) {
- trust.emailFlags = CERTDB_VALID_PEER;
- if ( ! ( cert->rawKeyUsage & KU_KEY_ENCIPHERMENT ) ) {
- /* don't save it if KeyEncipherment is not allowed */
- saveit = PR_FALSE;
- }
- }
- }
- break;
- case certUsageUserCertImport:
- if ( isCA ) {
- if ( certtype & NS_CERT_TYPE_SSL_CA ) {
- trust.sslFlags = CERTDB_VALID_CA;
- }
-
- if ( certtype & NS_CERT_TYPE_EMAIL_CA ) {
- trust.emailFlags = CERTDB_VALID_CA;
- }
-
- if ( certtype & NS_CERT_TYPE_OBJECT_SIGNING_CA ) {
- trust.objectSigningFlags = CERTDB_VALID_CA;
- }
-
- } else {
- if ( certtype & NS_CERT_TYPE_SSL_CLIENT ) {
- trust.sslFlags = CERTDB_VALID_PEER;
- }
-
- if ( certtype & NS_CERT_TYPE_EMAIL ) {
- trust.emailFlags = CERTDB_VALID_PEER;
- }
-
- if ( certtype & NS_CERT_TYPE_OBJECT_SIGNING ) {
- trust.objectSigningFlags = CERTDB_VALID_PEER;
- }
- }
- break;
- default: /* XXX added to quiet warnings; no other cases needed? */
- break;
- }
-
- if ( (trust.sslFlags | trust.emailFlags | trust.objectSigningFlags) == 0 ){
- saveit = PR_FALSE;
- }
-
- if ( saveit ) {
- if ( cert->isperm ) {
- /* Cert already in the DB. Just adjust flags */
- tmptrust = *cert->trust;
- tmptrust.sslFlags |= trust.sslFlags;
- tmptrust.emailFlags |= trust.emailFlags;
- tmptrust.objectSigningFlags |= trust.objectSigningFlags;
-
- rv = CERT_ChangeCertTrust(cert->dbhandle, cert,
- &tmptrust);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- } else {
- /* Cert not already in the DB. Add it */
- rv = CERT_AddTempCertToPerm(cert, nickname, &trust);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
- }
-
- rv = SECSuccess;
- goto done;
-
-loser:
- rv = SECFailure;
-done:
-
- if ( freeNickname ) {
- PORT_Free(nickname);
- }
-
- return(rv);
-}
-
-SECStatus
-CERT_ChangeCertTrustByUsage(CERTCertDBHandle *certdb,
- CERTCertificate *cert, SECCertUsage usage)
-{
- SECStatus rv;
- CERTCertTrust trust;
- CERTCertTrust tmptrust;
- unsigned int certtype;
- PRBool saveit;
-
- saveit = PR_TRUE;
-
- PORT_Memset((void *)&trust, 0, sizeof(trust));
-
- certtype = cert->nsCertType;
-
- /* if no app bits in cert type, then set all app bits */
- if ( ! ( certtype & NS_CERT_TYPE_APP ) ) {
- certtype |= NS_CERT_TYPE_APP;
- }
-
- switch ( usage ) {
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- if ( certtype & NS_CERT_TYPE_EMAIL ) {
- trust.emailFlags = CERTDB_VALID_PEER;
- if ( ! ( cert->rawKeyUsage & KU_KEY_ENCIPHERMENT ) ) {
- /* don't save it if KeyEncipherment is not allowed */
- saveit = PR_FALSE;
- }
- }
- break;
- case certUsageUserCertImport:
- if ( certtype & NS_CERT_TYPE_EMAIL ) {
- trust.emailFlags = CERTDB_VALID_PEER;
- }
- /* VALID_USER is already set if the cert was imported,
- * in the case that the cert was already in the database
- * through SMIME or other means, we should set the USER
- * flags, if they are not already set.
- */
- if( cert->isperm ) {
- if ( certtype & NS_CERT_TYPE_SSL_CLIENT ) {
- if( !(cert->trust->sslFlags & CERTDB_USER) ) {
- trust.sslFlags |= CERTDB_USER;
- }
- }
-
- if ( certtype & NS_CERT_TYPE_EMAIL ) {
- if( !(cert->trust->emailFlags & CERTDB_USER) ) {
- trust.emailFlags |= CERTDB_USER;
- }
- }
-
- if ( certtype & NS_CERT_TYPE_OBJECT_SIGNING ) {
- if( !(cert->trust->objectSigningFlags & CERTDB_USER) ) {
- trust.objectSigningFlags |= CERTDB_USER;
- }
- }
- }
- break;
- default: /* XXX added to quiet warnings; no other cases needed? */
- break;
- }
-
- if ( (trust.sslFlags | trust.emailFlags | trust.objectSigningFlags) == 0 ){
- saveit = PR_FALSE;
- }
-
- if ( saveit && cert->isperm ) {
- /* Cert already in the DB. Just adjust flags */
- tmptrust = *cert->trust;
- tmptrust.sslFlags |= trust.sslFlags;
- tmptrust.emailFlags |= trust.emailFlags;
- tmptrust.objectSigningFlags |= trust.objectSigningFlags;
-
- rv = CERT_ChangeCertTrust(cert->dbhandle, cert,
- &tmptrust);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
-
- rv = SECSuccess;
- goto done;
-
-loser:
- rv = SECFailure;
-done:
-
- return(rv);
-}
-
-int
-CERT_GetDBContentVersion(CERTCertDBHandle *handle)
-{
- certDBEntryContentVersion *entry;
- int ret;
-
- entry = ReadDBContentVersionEntry(handle);
-
- if ( entry == NULL ) {
- return(0);
- }
-
- ret = entry->contentVersion;
-
- DestroyDBEntry((certDBEntry *)entry);
-
- return(ret);
-}
-
-void
-CERT_SetDBContentVersion(int version, CERTCertDBHandle *handle)
-{
- SECStatus rv;
- certDBEntryContentVersion *entry;
-
- entry = NewDBContentVersionEntry(0);
-
- if ( entry == NULL ) {
- return;
- }
-
- rv = DeleteDBContentVersionEntry(handle);
- rv = WriteDBContentVersionEntry(handle, entry);
-
- DestroyDBEntry((certDBEntry *)entry);
-
- return;
-}
-
-/*
- * Creates or adds to a list of all certs with a give subject name, sorted by
- * validity time, newest first. Invalid certs are considered older than
- * valid certs. If validOnly is set, do not include invalid certs on list.
- */
-CERTCertList *
-CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle,
- SECItem *name, int64 sorttime, PRBool validOnly)
-{
- CERTCertificate *cert = NULL;
- CERTSubjectList *subjectList = NULL;
- CERTSubjectNode *node;
- SECStatus rv;
-
- if ( certList == NULL ) {
- certList = CERT_NewCertList();
- }
-
- if ( certList == NULL ) {
- goto loser;
- }
-
- subjectList = FindSubjectList(handle, name, PR_FALSE);
-
- if ( subjectList != NULL ) {
- node = subjectList->head;
- PORT_Assert(node);
- while (node) {
- cert = CERT_FindCertByKey(handle, &node->certKey);
-
- /* if validOnly, then check validity period before adding to list*/
- if ( ( !validOnly ) ||
- ( CERT_CheckCertValidTimes(cert, sorttime, PR_FALSE)
- == secCertTimeValid ) ) {
- rv = CERT_AddCertToListSorted(certList, cert,
- CERT_SortCBValidity,
- (void *)&sorttime);
- if ( rv != SECSuccess ) {
- CERT_DestroyCertificate(cert);
- goto loser;
- }
- } else {
- CERT_DestroyCertificate(cert);
- }
-
- node = node->next;
- }
- }
-
- return(certList);
-
-loser:
- if ( certList != NULL ) {
- CERT_DestroyCertList(certList);
- }
-
- return(NULL);
-}
-
-/*
- * Creates or adds to a list of all certs with a give nickname, sorted by
- * validity time, newest first. Invalid certs are considered older than valid
- * certs. If validOnly is set, do not include invalid certs on list.
- */
-CERTCertList *
-CERT_CreateNicknameCertList(CERTCertList *certList, CERTCertDBHandle *handle,
- char *nickname, int64 sorttime, PRBool validOnly)
-{
- CERTCertificate *cert;
- CERTCertList *ret;
-
- cert = CERT_FindCertByNickname(handle, nickname);
- if ( cert == NULL ) {
- return(NULL);
- }
-
- ret = CERT_CreateSubjectCertList(certList, handle, &cert->derSubject,
- sorttime, validOnly);
-
- CERT_DestroyCertificate(cert);
-
- return(ret);
-}
-
-/*
- * Creates or adds to a list of all certs with a give email addr, sorted by
- * validity time, newest first. Invalid certs are considered older than valid
- * certs. If validOnly is set, do not include invalid certs on list.
- */
-CERTCertList *
-CERT_CreateEmailAddrCertList(CERTCertList *certList, CERTCertDBHandle *handle,
- char *emailAddr, int64 sorttime, PRBool validOnly)
-{
- CERTCertificate *cert;
- CERTCertList *ret;
-
- cert = CERT_FindCertByEmailAddr(handle, emailAddr);
- if ( cert == NULL ) {
- return(NULL);
- }
-
- ret = CERT_CreateSubjectCertList(certList, handle, &cert->derSubject,
- sorttime, validOnly);
-
- CERT_DestroyCertificate(cert);
-
- return(ret);
-}
diff --git a/security/nss/lib/certdb/polcyxtn.c b/security/nss/lib/certdb/polcyxtn.c
deleted file mode 100644
index 7f3dd3a78..000000000
--- a/security/nss/lib/certdb/polcyxtn.c
+++ /dev/null
@@ -1,541 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Support for various policy related extensions
- *
- * $Id$
- */
-
-#include "seccomon.h"
-#include "secport.h"
-#include "secder.h"
-#include "cert.h"
-#include "secoid.h"
-#include "secasn1.h"
-#include "secerr.h"
-#include "nspr.h"
-
-const SEC_ASN1Template CERT_NoticeReferenceTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTNoticeReference) },
-/* NOTE: this should be a choice */
- { SEC_ASN1_IA5_STRING,
- offsetof(CERTNoticeReference, organization) },
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTNoticeReference, noticeNumbers),
- SEC_IntegerTemplate },
- { 0 }
-};
-
-/* this template can not be encoded because of the option inline */
-const SEC_ASN1Template CERT_UserNoticeTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTUserNotice) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE | SEC_ASN1_CONSTRUCTED,
- offsetof(CERTUserNotice, derNoticeReference) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
- offsetof(CERTUserNotice, displayText) },
- { 0 }
-};
-
-const SEC_ASN1Template CERT_PolicyQualifierTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTPolicyQualifier) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTPolicyQualifier, qualifierID) },
- { SEC_ASN1_ANY,
- offsetof(CERTPolicyQualifier, qualifierValue) },
- { 0 }
-};
-
-const SEC_ASN1Template CERT_PolicyInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTPolicyInfo) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTPolicyInfo, policyID) },
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTPolicyInfo, policyQualifiers),
- CERT_PolicyQualifierTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template CERT_CertificatePoliciesTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTCertificatePolicies, policyInfos),
- CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) }
-};
-
-static void
-breakLines(char *string)
-{
- char *tmpstr;
- char *lastspace = NULL;
- int curlen = 0;
- int c;
-
- tmpstr = string;
-
- while ( ( c = *tmpstr ) != '\0' ) {
- switch ( c ) {
- case ' ':
- lastspace = tmpstr;
- break;
- case '\n':
- lastspace = NULL;
- curlen = 0;
- break;
- }
-
- if ( ( curlen >= 55 ) && ( lastspace != NULL ) ) {
- *lastspace = '\n';
- curlen = ( tmpstr - lastspace );
- lastspace = NULL;
- }
-
- curlen++;
- tmpstr++;
- }
-
- return;
-}
-
-CERTCertificatePolicies *
-CERT_DecodeCertificatePoliciesExtension(SECItem *extnValue)
-{
- PRArenaPool *arena = NULL;
- SECStatus rv;
- CERTCertificatePolicies *policies;
- CERTPolicyInfo **policyInfos, *policyInfo;
- CERTPolicyQualifier **policyQualifiers, *policyQualifier;
-
- /* make a new arena */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- goto loser;
- }
-
- /* allocate the certifiate policies structure */
- policies = (CERTCertificatePolicies *)
- PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicies));
-
- if ( policies == NULL ) {
- goto loser;
- }
-
- policies->arena = arena;
-
- /* decode the policy info */
- rv = SEC_ASN1DecodeItem(arena, policies, CERT_CertificatePoliciesTemplate,
- extnValue);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* initialize the oid tags */
- policyInfos = policies->policyInfos;
- while (*policyInfos != NULL ) {
- policyInfo = *policyInfos;
- policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
- policyQualifiers = policyInfo->policyQualifiers;
- while ( *policyQualifiers != NULL ) {
- policyQualifier = *policyQualifiers;
- policyQualifier->oid =
- SECOID_FindOIDTag(&policyQualifier->qualifierID);
- policyQualifiers++;
- }
- policyInfos++;
- }
-
- return(policies);
-
-loser:
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-void
-CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies)
-{
- if ( policies != NULL ) {
- PORT_FreeArena(policies->arena, PR_FALSE);
- }
- return;
-}
-
-
-CERTUserNotice *
-CERT_DecodeUserNotice(SECItem *noticeItem)
-{
- PRArenaPool *arena = NULL;
- SECStatus rv;
- CERTUserNotice *userNotice;
-
- /* make a new arena */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- goto loser;
- }
-
- /* allocate the userNotice structure */
- userNotice = (CERTUserNotice *)PORT_ArenaZAlloc(arena,
- sizeof(CERTUserNotice));
-
- if ( userNotice == NULL ) {
- goto loser;
- }
-
- userNotice->arena = arena;
-
- /* decode the user notice */
- rv = SEC_ASN1DecodeItem(arena, userNotice, CERT_UserNoticeTemplate,
- noticeItem);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- if (userNotice->derNoticeReference.data != NULL) {
- /* sigh, the asn1 parser stripped the sequence encoding, re add it
- * before we decode.
- */
- SECItem tmpbuf;
- int newBytes;
-
- newBytes = SEC_ASN1LengthLength(userNotice->derNoticeReference.len)+1;
- tmpbuf.len = newBytes + userNotice->derNoticeReference.len;
- tmpbuf.data = PORT_ZAlloc(tmpbuf.len);
- if (tmpbuf.data == NULL) {
- goto loser;
- }
- tmpbuf.data[0] = SEC_ASN1_SEQUENCE | SEC_ASN1_CONSTRUCTED;
- SEC_ASN1EncodeLength(&tmpbuf.data[1],userNotice->derNoticeReference.len);
- PORT_Memcpy(&tmpbuf.data[newBytes],userNotice->derNoticeReference.data,
- userNotice->derNoticeReference.len);
-
- /* OK, no decode it */
- rv = SEC_ASN1DecodeItem(arena, &userNotice->noticeReference,
- CERT_NoticeReferenceTemplate, &tmpbuf);
-
- PORT_Free(tmpbuf.data); tmpbuf.data = NULL;
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
-
- return(userNotice);
-
-loser:
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-void
-CERT_DestroyUserNotice(CERTUserNotice *userNotice)
-{
- if ( userNotice != NULL ) {
- PORT_FreeArena(userNotice->arena, PR_FALSE);
- }
- return;
-}
-
-static CERTPolicyStringCallback policyStringCB = NULL;
-static void *policyStringCBArg = NULL;
-
-void
-CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg)
-{
- policyStringCB = cb;
- policyStringCBArg = cbarg;
- return;
-}
-
-char *
-stringFromUserNotice(SECItem *noticeItem)
-{
- SECItem *org;
- unsigned int len, headerlen;
- char *stringbuf;
- CERTUserNotice *userNotice;
- char *policystr;
- char *retstr = NULL;
- SECItem *displayText;
- SECItem **noticeNumbers;
- unsigned int strnum;
-
- /* decode the user notice */
- userNotice = CERT_DecodeUserNotice(noticeItem);
- if ( userNotice == NULL ) {
- return(NULL);
- }
-
- org = &userNotice->noticeReference.organization;
- if ( (org->len != 0 ) && ( policyStringCB != NULL ) ) {
- /* has a noticeReference */
-
- /* extract the org string */
- len = org->len;
- stringbuf = (char*)PORT_Alloc(len + 1);
- if ( stringbuf != NULL ) {
- PORT_Memcpy(stringbuf, org->data, len);
- stringbuf[len] = '\0';
-
- noticeNumbers = userNotice->noticeReference.noticeNumbers;
- while ( *noticeNumbers != NULL ) {
- /* XXX - only one byte integers right now*/
- strnum = (*noticeNumbers)->data[0];
- policystr = (* policyStringCB)(stringbuf,
- strnum,
- policyStringCBArg);
- if ( policystr != NULL ) {
- if ( retstr != NULL ) {
- retstr = PR_sprintf_append(retstr, "\n%s", policystr);
- } else {
- retstr = PR_sprintf_append(retstr, "%s", policystr);
- }
-
- PORT_Free(policystr);
- }
-
- noticeNumbers++;
- }
-
- PORT_Free(stringbuf);
- }
- }
-
- if ( retstr == NULL ) {
- if ( userNotice->displayText.len != 0 ) {
- displayText = &userNotice->displayText;
-
- if ( displayText->len > 2 ) {
- if ( displayText->data[0] == SEC_ASN1_VISIBLE_STRING ) {
- headerlen = 2;
- if ( displayText->data[1] & 0x80 ) {
- /* multibyte length */
- headerlen += ( displayText->data[1] & 0x7f );
- }
-
- len = displayText->len - headerlen;
- retstr = (char*)PORT_Alloc(len + 1);
- if ( retstr != NULL ) {
- PORT_Memcpy(retstr, &displayText->data[headerlen],len);
- retstr[len] = '\0';
- }
- }
- }
- }
- }
-
- CERT_DestroyUserNotice(userNotice);
-
- return(retstr);
-}
-
-char *
-CERT_GetCertCommentString(CERTCertificate *cert)
-{
- char *retstring = NULL;
- SECStatus rv;
- SECItem policyItem;
- CERTCertificatePolicies *policies = NULL;
- CERTPolicyInfo **policyInfos;
- CERTPolicyQualifier **policyQualifiers, *qualifier;
-
- policyItem.data = NULL;
-
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES,
- &policyItem);
- if ( rv != SECSuccess ) {
- goto nopolicy;
- }
-
- policies = CERT_DecodeCertificatePoliciesExtension(&policyItem);
- if ( policies == NULL ) {
- goto nopolicy;
- }
-
- policyInfos = policies->policyInfos;
- /* search through policyInfos looking for the verisign policy */
- while (*policyInfos != NULL ) {
- if ( (*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES ) {
- policyQualifiers = (*policyInfos)->policyQualifiers;
- /* search through the policy qualifiers looking for user notice */
- while ( *policyQualifiers != NULL ) {
- qualifier = *policyQualifiers;
- if ( qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER ) {
- retstring =
- stringFromUserNotice(&qualifier->qualifierValue);
- break;
- }
-
- policyQualifiers++;
- }
- break;
- }
- policyInfos++;
- }
-
-nopolicy:
- if ( policyItem.data != NULL ) {
- PORT_Free(policyItem.data);
- }
-
- if ( policies != NULL ) {
- CERT_DestroyCertificatePoliciesExtension(policies);
- }
-
- if ( retstring == NULL ) {
- retstring = CERT_FindNSStringExtension(cert,
- SEC_OID_NS_CERT_EXT_COMMENT);
- }
-
- if ( retstring != NULL ) {
- breakLines(retstring);
- }
-
- return(retstring);
-}
-
-
-const SEC_ASN1Template CERT_OidSeqTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTOidSequence, oids),
- SEC_ObjectIDTemplate }
-};
-
-CERTOidSequence *
-CERT_DecodeOidSequence(SECItem *seqItem)
-{
- PRArenaPool *arena = NULL;
- SECStatus rv;
- CERTOidSequence *oidSeq;
-
- /* make a new arena */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- goto loser;
- }
-
- /* allocate the userNotice structure */
- oidSeq = (CERTOidSequence *)PORT_ArenaZAlloc(arena,
- sizeof(CERTOidSequence));
-
- if ( oidSeq == NULL ) {
- goto loser;
- }
-
- oidSeq->arena = arena;
-
- /* decode the user notice */
- rv = SEC_ASN1DecodeItem(arena, oidSeq, CERT_OidSeqTemplate, seqItem);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- return(oidSeq);
-
-loser:
- return(NULL);
-}
-
-
-void
-CERT_DestroyOidSequence(CERTOidSequence *oidSeq)
-{
- if ( oidSeq != NULL ) {
- PORT_FreeArena(oidSeq->arena, PR_FALSE);
- }
- return;
-}
-
-PRBool
-CERT_GovtApprovedBitSet(CERTCertificate *cert)
-{
- SECStatus rv;
- SECItem extItem;
- CERTOidSequence *oidSeq = NULL;
- PRBool ret;
- SECItem **oids;
- SECItem *oid;
- SECOidTag oidTag;
-
- extItem.data = NULL;
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- oidSeq = CERT_DecodeOidSequence(&extItem);
- if ( oidSeq == NULL ) {
- goto loser;
- }
-
- oids = oidSeq->oids;
- while ( oids != NULL && *oids != NULL ) {
- oid = *oids;
-
- oidTag = SECOID_FindOIDTag(oid);
-
- if ( oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED ) {
- goto success;
- }
-
- oids++;
- }
-
-loser:
- ret = PR_FALSE;
- goto done;
-success:
- ret = PR_TRUE;
-done:
- if ( oidSeq != NULL ) {
- CERT_DestroyOidSequence(oidSeq);
- }
- if (extItem.data != NULL) {
- PORT_Free(extItem.data);
- }
- return(ret);
-}
diff --git a/security/nss/lib/certdb/secname.c b/security/nss/lib/certdb/secname.c
deleted file mode 100644
index 4bef4b6d9..000000000
--- a/security/nss/lib/certdb/secname.c
+++ /dev/null
@@ -1,625 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "cert.h"
-#include "secoid.h"
-#include "secder.h" /* XXX remove this when remove the DERTemplates */
-#include "secasn1.h"
-#include "secitem.h"
-#include <stdarg.h>
-#include "secerr.h"
-
-static const SEC_ASN1Template cert_AVATemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTAVA) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTAVA,type), },
- { SEC_ASN1_ANY,
- offsetof(CERTAVA,value), },
- { 0, }
-};
-
-const SEC_ASN1Template CERT_RDNTemplate[] = {
- { SEC_ASN1_SET_OF,
- offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
-};
-
-
-static int
-CountArray(void **array)
-{
- int count = 0;
- if (array) {
- while (*array++) {
- count++;
- }
- }
- return count;
-}
-
-static void
-**AddToArray(PRArenaPool *arena, void **array, void *element)
-{
- unsigned count;
- void **ap;
-
- /* Count up number of slots already in use in the array */
- count = 0;
- ap = array;
- if (ap) {
- while (*ap++) {
- count++;
- }
- }
-
- if (array) {
- array = (void**) PORT_ArenaGrow(arena, array,
- (count + 1) * sizeof(void *),
- (count + 2) * sizeof(void *));
- } else {
- array = (void**) PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
- }
- if (array) {
- array[count] = element;
- array[count+1] = 0;
- }
- return array;
-}
-
-#if 0
-static void
-**RemoveFromArray(void **array, void *element)
-{
- unsigned count;
- void **ap;
- int slot;
-
- /* Look for element */
- ap = array;
- if (ap) {
- count = 1; /* count the null at the end */
- slot = -1;
- for (; *ap; ap++, count++) {
- if (*ap == element) {
- /* Found it */
- slot = ap - array;
- }
- }
- if (slot >= 0) {
- /* Found it. Squish array down */
- PORT_Memmove((void*) (array + slot), (void*) (array + slot + 1),
- (count - slot - 1) * sizeof(void*));
- /* Don't bother reallocing the memory */
- }
- }
- return array;
-}
-#endif /* 0 */
-
-SECOidTag
-CERT_GetAVATag(CERTAVA *ava)
-{
- SECOidData *oid;
- if (!ava->type.data) return (SECOidTag)-1;
-
- oid = SECOID_FindOID(&ava->type);
-
- if ( oid ) {
- return(oid->offset);
- }
- return (SECOidTag)-1;
-}
-
-static SECStatus
-SetupAVAType(PRArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp)
-{
- unsigned char *oid;
- unsigned oidLen;
- unsigned char *cp;
- unsigned maxLen;
- SECOidData *oidrec;
-
- oidrec = SECOID_FindOIDByTag(type);
- if (oidrec == NULL)
- return SECFailure;
-
- oid = oidrec->oid.data;
- oidLen = oidrec->oid.len;
-
- switch (type) {
- case SEC_OID_AVA_COUNTRY_NAME:
- maxLen = 2;
- break;
- case SEC_OID_AVA_ORGANIZATION_NAME:
- maxLen = 64;
- break;
- case SEC_OID_AVA_COMMON_NAME:
- maxLen = 64;
- break;
- case SEC_OID_AVA_LOCALITY:
- maxLen = 128;
- break;
- case SEC_OID_AVA_STATE_OR_PROVINCE:
- maxLen = 128;
- break;
- case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
- maxLen = 64;
- break;
- case SEC_OID_AVA_DC:
- maxLen = 128;
- break;
- case SEC_OID_AVA_DN_QUALIFIER:
- maxLen = 0x7fff;
- break;
- case SEC_OID_PKCS9_EMAIL_ADDRESS:
- maxLen = 128;
- break;
- case SEC_OID_RFC1274_UID:
- maxLen = 256; /* RFC 1274 specifies 256 */
- break;
- case SEC_OID_RFC1274_MAIL:
- maxLen = 256; /* RFC 1274 specifies 256 */
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, oidLen);
- if (cp == NULL) {
- return SECFailure;
- }
- it->len = oidLen;
- PORT_Memcpy(cp, oid, oidLen);
- *maxLenp = maxLen;
- return SECSuccess;
-}
-
-static SECStatus
-SetupAVAValue(PRArenaPool *arena, int valueType, char *value, SECItem *it,
- unsigned maxLen)
-{
- unsigned valueLen, valueLenLen, total;
- unsigned ucs4Len = 0, ucs4MaxLen;
- unsigned char *cp, *ucs4Val;
-
- switch (valueType) {
- case SEC_ASN1_PRINTABLE_STRING:
- case SEC_ASN1_IA5_STRING:
- case SEC_ASN1_T61_STRING:
- valueLen = PORT_Strlen(value);
- break;
- case SEC_ASN1_UNIVERSAL_STRING:
- valueLen = PORT_Strlen(value);
- ucs4Val = (unsigned char *)PORT_ArenaZAlloc(arena,
- PORT_Strlen(value) * 6);
- ucs4MaxLen = PORT_Strlen(value) * 6;
- if(!ucs4Val || !PORT_UCS4_UTF8Conversion(PR_TRUE, (unsigned char *)value, valueLen,
- ucs4Val, ucs4MaxLen, &ucs4Len)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- value = (char *)ucs4Val;
- valueLen = ucs4Len;
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if (((valueType != SEC_ASN1_UNIVERSAL_STRING) && (valueLen > maxLen)) ||
- (valueType == SEC_ASN1_UNIVERSAL_STRING) && (valueLen > (maxLen * 4))) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- valueLenLen = DER_LengthLength(valueLen);
- total = 1 + valueLenLen + valueLen;
- it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, total);
- if (!cp) {
- return SECFailure;
- }
- it->len = total;
- cp = (unsigned char*) DER_StoreHeader(cp, valueType, valueLen);
- PORT_Memcpy(cp, value, valueLen);
- return SECSuccess;
-}
-
-CERTAVA *
-CERT_CreateAVA(PRArenaPool *arena, SECOidTag kind, int valueType, char *value)
-{
- CERTAVA *ava;
- int rv;
- unsigned maxLen;
-
- ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
- if (ava) {
- rv = SetupAVAType(arena, kind, &ava->type, &maxLen);
- if (rv) {
- /* Illegal AVA type */
- return 0;
- }
- rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen);
- if (rv) {
- /* Illegal value type */
- return 0;
- }
- }
- return ava;
-}
-
-CERTAVA *
-CERT_CopyAVA(PRArenaPool *arena, CERTAVA *from)
-{
- CERTAVA *ava;
- int rv;
-
- ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
- if (ava) {
- rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
- if (rv) goto loser;
- rv = SECITEM_CopyItem(arena, &ava->value, &from->value);
- if (rv) goto loser;
- }
- return ava;
-
- loser:
- return 0;
-}
-
-/************************************************************************/
-/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */
-static const SEC_ASN1Template cert_RDNTemplate[] = {
- { SEC_ASN1_SET_OF,
- offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
-};
-
-
-CERTRDN *
-CERT_CreateRDN(PRArenaPool *arena, CERTAVA *ava0, ...)
-{
- CERTAVA *ava;
- CERTRDN *rdn;
- va_list ap;
- unsigned count;
- CERTAVA **avap;
-
- rdn = (CERTRDN*) PORT_ArenaAlloc(arena, sizeof(CERTRDN));
- if (rdn) {
- /* Count number of avas going into the rdn */
- count = 1;
- va_start(ap, ava0);
- while ((ava = va_arg(ap, CERTAVA*)) != 0) {
- count++;
- }
- va_end(ap);
-
- /* Now fill in the pointers */
- rdn->avas = avap =
- (CERTAVA**) PORT_ArenaAlloc( arena, (count + 1)*sizeof(CERTAVA*));
- if (!avap) {
- return 0;
- }
- *avap++ = ava0;
- va_start(ap, ava0);
- while ((ava = va_arg(ap, CERTAVA*)) != 0) {
- *avap++ = ava;
- }
- va_end(ap);
- *avap++ = 0;
- }
- return rdn;
-}
-
-SECStatus
-CERT_AddAVA(PRArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
-{
- rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava);
- return rdn->avas ? SECSuccess : SECFailure;
-}
-
-SECStatus
-CERT_CopyRDN(PRArenaPool *arena, CERTRDN *to, CERTRDN *from)
-{
- CERTAVA **avas, *fava, *tava;
- SECStatus rv;
-
- /* Copy each ava from from */
- avas = from->avas;
- while ((fava = *avas++) != 0) {
- tava = CERT_CopyAVA(arena, fava);
- if (!tava) return SECFailure;
- rv = CERT_AddAVA(arena, to, tava);
- if (rv) return rv;
- }
- return SECSuccess;
-}
-
-/************************************************************************/
-
-const SEC_ASN1Template CERT_NameTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTName,rdns), CERT_RDNTemplate, sizeof(CERTName) }
-};
-
-CERTName *
-CERT_CreateName(CERTRDN *rdn0, ...)
-{
- CERTRDN *rdn;
- CERTName *name;
- va_list ap;
- unsigned count;
- CERTRDN **rdnp;
- PRArenaPool *arena;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- return(0);
- }
-
- name = (CERTName*) PORT_ArenaAlloc(arena, sizeof(CERTName));
- if (name) {
- name->arena = arena;
-
- /* Count number of RDNs going into the Name */
- count = 1;
- va_start(ap, rdn0);
- while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
- count++;
- }
- va_end(ap);
-
- /* Now fill in the pointers */
- name->rdns = rdnp =
- (CERTRDN**) PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN*));
- if (!name->rdns) {
- goto loser;
- }
- *rdnp++ = rdn0;
- va_start(ap, rdn0);
- while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
- *rdnp++ = rdn;
- }
- va_end(ap);
- *rdnp++ = 0;
- }
- return name;
-
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return(0);
-}
-
-void
-CERT_DestroyName(CERTName *name)
-{
- if (name)
- {
- PRArenaPool *arena = name->arena;
- name->rdns = NULL;
- name->arena = NULL;
- if (arena) PORT_FreeArena(arena, PR_FALSE);
- }
-}
-
-SECStatus
-CERT_AddRDN(CERTName *name, CERTRDN *rdn)
-{
- name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn);
- return name->rdns ? SECSuccess : SECFailure;
-}
-
-SECStatus
-CERT_CopyName(PRArenaPool *arena, CERTName *to, CERTName *from)
-{
- CERTRDN **rdns, *frdn, *trdn;
- SECStatus rv;
-
- CERT_DestroyName(to);
- to->arena = arena;
-
- /* Copy each rdn from from */
- rdns = from->rdns;
- while ((frdn = *rdns++) != 0) {
- trdn = CERT_CreateRDN(arena, 0);
- if ( trdn == NULL ) {
- return(SECFailure);
- }
- rv = CERT_CopyRDN(arena, trdn, frdn);
- if (rv) return rv;
- rv = CERT_AddRDN(to, trdn);
- if (rv) return rv;
- }
- return SECSuccess;
-}
-
-/************************************************************************/
-
-SECComparison
-CERT_CompareAVA(CERTAVA *a, CERTAVA *b)
-{
- SECComparison rv;
-
- rv = SECITEM_CompareItem(&a->type, &b->type);
- if (rv) {
- /*
- ** XXX for now we are going to just assume that a bitwise
- ** comparison of the value codes will do the trick.
- */
- }
- rv = SECITEM_CompareItem(&a->value, &b->value);
- return rv;
-}
-
-SECComparison
-CERT_CompareRDN(CERTRDN *a, CERTRDN *b)
-{
- CERTAVA **aavas, *aava;
- CERTAVA **bavas, *bava;
- int ac, bc;
- SECComparison rv = SECEqual;
-
- aavas = a->avas;
- bavas = b->avas;
-
- /*
- ** Make sure array of ava's are the same length. If not, then we are
- ** not equal
- */
- ac = CountArray((void**) aavas);
- bc = CountArray((void**) bavas);
- if (ac < bc) return SECLessThan;
- if (ac > bc) return SECGreaterThan;
-
- for (;;) {
- aava = *aavas++;
- bava = *bavas++;
- if (!aava) {
- break;
- }
- rv = CERT_CompareAVA(aava, bava);
- if (rv) return rv;
- }
- return rv;
-}
-
-SECComparison
-CERT_CompareName(CERTName *a, CERTName *b)
-{
- CERTRDN **ardns, *ardn;
- CERTRDN **brdns, *brdn;
- int ac, bc;
- SECComparison rv = SECEqual;
-
- ardns = a->rdns;
- brdns = b->rdns;
-
- /*
- ** Make sure array of rdn's are the same length. If not, then we are
- ** not equal
- */
- ac = CountArray((void**) ardns);
- bc = CountArray((void**) brdns);
- if (ac < bc) return SECLessThan;
- if (ac > bc) return SECGreaterThan;
-
- for (;;) {
- ardn = *ardns++;
- brdn = *brdns++;
- if (!ardn) {
- break;
- }
- rv = CERT_CompareRDN(ardn, brdn);
- if (rv) return rv;
- }
- return rv;
-}
-
-/* Moved from certhtml.c */
-SECItem *
-CERT_DecodeAVAValue(SECItem *derAVAValue)
-{
- SECItem *retItem;
- const SEC_ASN1Template *theTemplate = NULL;
- PRBool convertUCS4toUTF8 = PR_FALSE;
- PRBool convertUCS2toUTF8 = PR_FALSE;
- SECItem avaValue = {siBuffer, 0};
-
- if(!derAVAValue) {
- return NULL;
- }
-
- switch(derAVAValue->data[0]) {
- case SEC_ASN1_UNIVERSAL_STRING:
- convertUCS4toUTF8 = PR_TRUE;
- theTemplate = SEC_UniversalStringTemplate;
- break;
- case SEC_ASN1_IA5_STRING:
- theTemplate = SEC_IA5StringTemplate;
- break;
- case SEC_ASN1_PRINTABLE_STRING:
- theTemplate = SEC_PrintableStringTemplate;
- break;
- case SEC_ASN1_T61_STRING:
- theTemplate = SEC_T61StringTemplate;
- break;
- case SEC_ASN1_BMP_STRING:
- convertUCS2toUTF8 = PR_TRUE;
- theTemplate = SEC_BMPStringTemplate;
- break;
- default:
- return NULL;
- }
-
- PORT_Memset(&avaValue, 0, sizeof(SECItem));
- if(SEC_ASN1DecodeItem(NULL, &avaValue, theTemplate, derAVAValue)
- != SECSuccess) {
- return NULL;
- }
-
- if (convertUCS4toUTF8) {
- unsigned int utf8ValLen = avaValue.len * 3;
- unsigned char *utf8Val = (unsigned char*)PORT_ZAlloc(utf8ValLen);
-
- if(!PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
- utf8Val, utf8ValLen, &utf8ValLen)) {
- PORT_Free(utf8Val);
- PORT_Free(avaValue.data);
- return NULL;
- }
-
- PORT_Free(avaValue.data);
- avaValue.data = utf8Val;
- avaValue.len = utf8ValLen;
-
- } else if (convertUCS2toUTF8) {
-
- unsigned int utf8ValLen = avaValue.len * 3;
- unsigned char *utf8Val = (unsigned char*)PORT_ZAlloc(utf8ValLen);
-
- if(!PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
- utf8Val, utf8ValLen, &utf8ValLen)) {
- PORT_Free(utf8Val);
- PORT_Free(avaValue.data);
- return NULL;
- }
-
- PORT_Free(avaValue.data);
- avaValue.data = utf8Val;
- avaValue.len = utf8ValLen;
- }
-
- retItem = SECITEM_DupItem(&avaValue);
- PORT_Free(avaValue.data);
- return retItem;
-}
diff --git a/security/nss/lib/certdb/xauthkid.c b/security/nss/lib/certdb/xauthkid.c
deleted file mode 100644
index 8b7ac4a92..000000000
--- a/security/nss/lib/certdb/xauthkid.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * X.509 v3 Subject Key Usage Extension
- *
- */
-
-#include "prtypes.h"
-#include "mcom_db.h"
-#include "seccomon.h"
-#include "secdert.h"
-#include "secoidt.h"
-#include "secasn1t.h"
-#include "secasn1.h"
-#include "secport.h"
-#include "certt.h"
-#include "genname.h"
-#include "secerr.h"
-
-
-const SEC_ASN1Template CERTAuthKeyIDTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthKeyID) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTAuthKeyID,keyID), SEC_OctetStringTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 2,
- offsetof(CERTAuthKeyID,authCertSerialNumber), SEC_IntegerTemplate},
- { 0 }
-};
-
-
-
-SECStatus CERT_EncodeAuthKeyID (PRArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue)
-{
- SECStatus rv = SECFailure;
-
- PORT_Assert (value);
- PORT_Assert (arena);
- PORT_Assert (value->DERAuthCertIssuer == NULL);
- PORT_Assert (encodedValue);
-
- do {
-
- /* If both of the authCertIssuer and the serial number exist, encode
- the name first. Otherwise, it is an error if one exist and the other
- is not.
- */
- if (value->authCertIssuer) {
- if (!value->authCertSerialNumber.data) {
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- break;
- }
-
- value->DERAuthCertIssuer = cert_EncodeGeneralNames
- (arena, value->authCertIssuer);
- if (!value->DERAuthCertIssuer) {
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- break;
- }
- }
- else if (value->authCertSerialNumber.data) {
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- break;
- }
-
- if (SEC_ASN1EncodeItem (arena, encodedValue, value,
- CERTAuthKeyIDTemplate) == NULL)
- break;
- rv = SECSuccess;
-
- } while (0);
- return(rv);
-}
-
-CERTAuthKeyID *
-CERT_DecodeAuthKeyID (PRArenaPool *arena, SECItem *encodedValue)
-{
- CERTAuthKeyID * value = NULL;
- SECStatus rv = SECFailure;
- void * mark;
-
- PORT_Assert (arena);
-
- do {
- mark = PORT_ArenaMark (arena);
- value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value));
- value->DERAuthCertIssuer = NULL;
- if (value == NULL)
- break;
- rv = SEC_ASN1DecodeItem
- (arena, value, CERTAuthKeyIDTemplate, encodedValue);
- if (rv != SECSuccess)
- break;
-
- value->authCertIssuer = cert_DecodeGeneralNames (arena, value->DERAuthCertIssuer);
- if (value->authCertIssuer == NULL)
- break;
-
- /* what if the general name contains other format but not URI ?
- hl
- */
- if ((value->authCertSerialNumber.data && !value->authCertIssuer) ||
- (!value->authCertSerialNumber.data && value->authCertIssuer)){
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- break;
- }
- } while (0);
-
- if (rv != SECSuccess) {
- PORT_ArenaRelease (arena, mark);
- return ((CERTAuthKeyID *)NULL);
- }
- PORT_ArenaUnmark(arena, mark);
- return (value);
-}
diff --git a/security/nss/lib/certdb/xbsconst.c b/security/nss/lib/certdb/xbsconst.c
deleted file mode 100644
index f03595cb7..000000000
--- a/security/nss/lib/certdb/xbsconst.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * X.509 v3 Basic Constraints Extension
- */
-
-#include "prtypes.h"
-#include "mcom_db.h"
-#include "seccomon.h"
-#include "secdert.h"
-#include "secoidt.h"
-#include "secasn1t.h"
-#include "secasn1.h"
-#include "certt.h"
-#include "secder.h"
-#include "prprf.h"
-#include "secerr.h"
-
-typedef struct EncodedContext{
- SECItem isCA;
- SECItem pathLenConstraint;
- SECItem encodedValue;
- PRArenaPool *arena;
-}EncodedContext;
-
-static const SEC_ASN1Template CERTBasicConstraintsTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(EncodedContext) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
- offsetof(EncodedContext,isCA)},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
- offsetof(EncodedContext,pathLenConstraint) },
- { 0, }
-};
-
-static unsigned char hexTrue = 0xff;
-static unsigned char hexFalse = 0x00;
-
-#define GEN_BREAK(status) rv = status; break;
-
-SECStatus CERT_EncodeBasicConstraintValue
- (PRArenaPool *arena, CERTBasicConstraints *value, SECItem *encodedValue)
-{
- EncodedContext encodeContext;
- PRArenaPool *our_pool = NULL;
- SECStatus rv = SECSuccess;
-
- do {
- PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
- if (!value->isCA && value->pathLenConstraint >= 0) {
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- GEN_BREAK (SECFailure);
- }
-
- encodeContext.arena = arena;
- if (value->isCA == PR_TRUE) {
- encodeContext.isCA.data = &hexTrue ;
- encodeContext.isCA.len = 1;
- }
-
- /* If the pathLenConstraint is less than 0, then it should be
- * omitted from the encoding.
- */
- if (value->isCA && value->pathLenConstraint >= 0) {
- our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (our_pool == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- GEN_BREAK (SECFailure);
- }
- if (SEC_ASN1EncodeUnsignedInteger
- (our_pool, &encodeContext.pathLenConstraint,
- (unsigned long)value->pathLenConstraint) == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- GEN_BREAK (SECFailure);
- }
- }
- if (SEC_ASN1EncodeItem (arena, encodedValue, &encodeContext,
- CERTBasicConstraintsTemplate) == NULL)
- GEN_BREAK (SECFailure);
- } while (0);
- if (our_pool)
- PORT_FreeArena (our_pool, PR_FALSE);
- return(rv);
-
-}
-
-SECStatus CERT_DecodeBasicConstraintValue
- (CERTBasicConstraints *value, SECItem *encodedValue)
-{
- EncodedContext decodeContext;
- PRArenaPool *our_pool;
- SECStatus rv = SECSuccess;
-
- do {
- PORT_Memset (&decodeContext, 0, sizeof (decodeContext));
- /* initialize the value just in case we got "0x30 00", or when the
- pathLenConstraint is omitted.
- */
- decodeContext.isCA.data =&hexFalse;
- decodeContext.isCA.len = 1;
-
- our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (our_pool == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- GEN_BREAK (SECFailure);
- }
-
- rv = SEC_ASN1DecodeItem
- (our_pool, &decodeContext, CERTBasicConstraintsTemplate, encodedValue);
- if (rv == SECFailure)
- break;
-
- value->isCA = (PRBool)(*decodeContext.isCA.data);
- if (decodeContext.pathLenConstraint.data == NULL) {
- /* if the pathLenConstraint is not encoded, and the current setting
- is CA, then the pathLenConstraint should be set to a negative number
- for unlimited certificate path.
- */
- if (value->isCA)
- value->pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
- }
- else if (value->isCA)
- value->pathLenConstraint = DER_GetUInteger (&decodeContext.pathLenConstraint);
- else {
- /* here we get an error where the subject is not a CA, but
- the pathLenConstraint is set */
- PORT_SetError (SEC_ERROR_BAD_DER);
- GEN_BREAK (SECFailure);
- break;
- }
-
- } while (0);
- PORT_FreeArena (our_pool, PR_FALSE);
- return (rv);
-
-}
diff --git a/security/nss/lib/certdb/xconst.c b/security/nss/lib/certdb/xconst.c
deleted file mode 100644
index 0f404f958..000000000
--- a/security/nss/lib/certdb/xconst.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * X.509 Extension Encoding
- */
-
-#include "prtypes.h"
-#include "mcom_db.h"
-#include "seccomon.h"
-#include "secdert.h"
-#include "secoidt.h"
-#include "secasn1t.h"
-#include "secasn1.h"
-#include "certt.h"
-#include "secder.h"
-#include "prprf.h"
-#include "xconst.h"
-#include "genname.h"
-#include "secasn1.h"
-
-
-
-static const SEC_ASN1Template CERTSubjectKeyIDTemplate[] = {
-{ SEC_ASN1_OCTET_STRING }
-};
-
-
-static const SEC_ASN1Template CERTIA5TypeTemplate[] = {
-{ SEC_ASN1_IA5_STRING }
-};
-
-
-static const SEC_ASN1Template CERTPrivateKeyUsagePeriodTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(PKUPEncodedContext) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(PKUPEncodedContext, notBefore), SEC_GeneralizedTimeTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(PKUPEncodedContext, notAfter), SEC_GeneralizedTimeTemplate},
- { 0, }
-};
-
-
-const SEC_ASN1Template CERTAltNameTemplate[] = {
- { SEC_ASN1_CONSTRUCTED, offsetof(AltNameEncodedContext, encodedGenName),
- CERT_GeneralNamesTemplate}
-};
-
-const SEC_ASN1Template CERTAuthInfoAccessItemTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTAuthInfoAccess) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTAuthInfoAccess, method) },
- { SEC_ASN1_ANY,
- offsetof(CERTAuthInfoAccess, derLocation) },
- { 0, }
-};
-
-const SEC_ASN1Template CERTAuthInfoAccessTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, CERTAuthInfoAccessItemTemplate }
-};
-
-
-SECStatus
-CERT_EncodeSubjectKeyID(PRArenaPool *arena, char *value, int len, SECItem *encodedValue)
-{
- SECItem encodeContext;
- SECStatus rv = SECSuccess;
-
-
- PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
-
- if (value != NULL) {
- encodeContext.data = (unsigned char *)value;
- encodeContext.len = len;
- }
- if (SEC_ASN1EncodeItem (arena, encodedValue, &encodeContext,
- CERTSubjectKeyIDTemplate) == NULL) {
- rv = SECFailure;
- }
-
- return(rv);
-}
-
-
-SECStatus
-CERT_EncodePublicKeyUsagePeriod(PRArenaPool *arena, PKUPEncodedContext *pkup, SECItem *encodedValue)
-{
- SECStatus rv = SECSuccess;
-
- if (SEC_ASN1EncodeItem (arena, encodedValue, pkup,
- CERTPrivateKeyUsagePeriodTemplate) == NULL) {
- rv = SECFailure;
- }
- return(rv);
-}
-
-
-SECStatus
-CERT_EncodeIA5TypeExtension(PRArenaPool *arena, char *value, SECItem *encodedValue)
-{
- SECItem encodeContext;
- SECStatus rv = SECSuccess;
-
-
- PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
-
- if (value != NULL) {
- encodeContext.data = (unsigned char *)value;
- encodeContext.len = strlen(value);
- }
- if (SEC_ASN1EncodeItem (arena, encodedValue, &encodeContext,
- CERTIA5TypeTemplate) == NULL) {
- rv = SECFailure;
- }
-
- return(rv);
-}
-
-SECStatus
-CERT_EncodeAltNameExtension(PRArenaPool *arena, CERTGeneralName *value, SECItem *encodedValue)
-{
- SECItem **encodedGenName;
- SECStatus rv = SECSuccess;
-
- encodedGenName = cert_EncodeGeneralNames(arena, value);
- if (SEC_ASN1EncodeItem (arena, encodedValue, &encodedGenName,
- CERT_GeneralNamesTemplate) == NULL) {
- rv = SECFailure;
- }
-
- return rv;
-}
-
-CERTGeneralName *
-CERT_DecodeAltNameExtension(PRArenaPool *arena, SECItem *EncodedAltName)
-{
- SECStatus rv = SECSuccess;
- AltNameEncodedContext encodedContext;
-
- encodedContext.encodedGenName = NULL;
- PORT_Memset(&encodedContext, 0, sizeof(AltNameEncodedContext));
- rv = SEC_ASN1DecodeItem (arena, &encodedContext, CERT_GeneralNamesTemplate,
- EncodedAltName);
- if (rv == SECFailure) {
- goto loser;
- }
- return cert_DecodeGeneralNames(arena, encodedContext.encodedGenName);
-loser:
- return NULL;
-}
-
-
-SECStatus
-CERT_EncodeNameConstraintsExtension(PRArenaPool *arena,
- CERTNameConstraints *value,
- SECItem *encodedValue)
-{
- SECStatus rv = SECSuccess;
-
- rv = cert_EncodeNameConstraints(value, arena, encodedValue);
- return rv;
-}
-
-
-CERTNameConstraints *
-CERT_DecodeNameConstraintsExtension(PRArenaPool *arena,
- SECItem *encodedConstraints)
-{
- return cert_DecodeNameConstraints(arena, encodedConstraints);
-}
-
-
-CERTAuthInfoAccess **
-cert_DecodeAuthInfoAccessExtension(PRArenaPool *arena,
- SECItem *encodedExtension)
-{
- CERTAuthInfoAccess **info = NULL;
- SECStatus rv;
- int i;
-
- rv = SEC_ASN1DecodeItem(arena, &info, CERTAuthInfoAccessTemplate,
- encodedExtension);
- if (rv != SECSuccess || info == NULL) {
- return NULL;
- }
-
- for (i = 0; info[i] != NULL; i++) {
- info[i]->location = cert_DecodeGeneralName(arena,
- &(info[i]->derLocation),
- NULL);
- }
- return info;
-}
-
-SECStatus
-cert_EncodeAuthInfoAccessExtension(PRArenaPool *arena,
- CERTAuthInfoAccess **info,
- SECItem *dest)
-{
- SECItem *dummy;
- int i;
-
- PORT_Assert(info != NULL);
- PORT_Assert(dest != NULL);
- if (info == NULL || dest == NULL) {
- return SECFailure;
- }
-
- for (i = 0; info[i] != NULL; i++) {
- if (cert_EncodeGeneralName(info[i]->location, &(info[i]->derLocation),
- arena) == NULL)
- /* Note that this may leave some of the locations filled in. */
- return SECFailure;
- }
- dummy = SEC_ASN1EncodeItem(arena, dest, &info,
- CERTAuthInfoAccessTemplate);
- if (dummy == NULL) {
- return SECFailure;
- }
- return SECSuccess;
-}
diff --git a/security/nss/lib/certdb/xconst.h b/security/nss/lib/certdb/xconst.h
deleted file mode 100644
index 42c49f2e4..000000000
--- a/security/nss/lib/certdb/xconst.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "certt.h"
-
-typedef struct PKUPEncodedContext{
- SECItem notBefore;
- SECItem notAfter;
- /* SECItem encodedValue; */
- PRArenaPool *arena;
-}PKUPEncodedContext;
-
-typedef struct AltNameEncodedContext{
- SECItem **encodedGenName;
-}AltNameEncodedContext;
-
-
-typedef struct NameConstraint{
- CERTGeneralName generalName;
- int min;
- int max;
-}NameConstraint;
-
-
-
-extern SECStatus
-CERT_EncodePublicKeyUsagePeriod(PRArenaPool *arena, PKUPEncodedContext *pkup,
- SECItem *encodedValue);
-
-extern SECStatus
-CERT_EncodeAltNameExtension(PRArenaPool *arena, CERTGeneralName *value, SECItem *encodedValue);
-
-extern SECStatus
-CERT_EncodeNameConstraintsExtension(PRArenaPool *arena, CERTNameConstraints *value,
- SECItem *encodedValue);
-extern CERTGeneralName *
-CERT_DecodeAltNameExtension(PRArenaPool *arena, SECItem *EncodedAltName);
-
-extern CERTNameConstraints *
-CERT_DecodeNameConstraintsExtension(PRArenaPool *arena, SECItem *encodedConstraints);
-
-extern SECStatus
-CERT_EncodeSubjectKeyID(PRArenaPool *arena, char *value, int len, SECItem *encodedValue);
-
-extern SECStatus
-CERT_EncodeIA5TypeExtension(PRArenaPool *arena, char *value, SECItem *encodedValue);
-
-CERTAuthInfoAccess **
-cert_DecodeAuthInfoAccessExtension(PRArenaPool *arena,
- SECItem *encodedExtension);
-
-SECStatus
-cert_EncodeAuthInfoAccessExtension(PRArenaPool *arena,
- CERTAuthInfoAccess **info,
- SECItem *dest);
diff --git a/security/nss/lib/certhigh/Makefile b/security/nss/lib/certhigh/Makefile
deleted file mode 100644
index 08b7137d5..000000000
--- a/security/nss/lib/certhigh/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
--include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/certhigh/certhigh.c b/security/nss/lib/certhigh/certhigh.c
deleted file mode 100644
index c75f97a6e..000000000
--- a/security/nss/lib/certhigh/certhigh.c
+++ /dev/null
@@ -1,1053 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "nspr.h"
-#include "secerr.h"
-#include "secasn1.h"
-#include "seccomon.h"
-#include "pk11func.h"
-#include "certdb.h"
-#include "certt.h"
-#include "cert.h"
-
-/*
- * Find all user certificates that match the given criteria.
- *
- * "handle" - database to search
- * "usage" - certificate usage to match
- * "oneCertPerName" - if set then only return the "best" cert per
- * name
- * "validOnly" - only return certs that are curently valid
- * "proto_win" - window handle passed to pkcs11
- */
-CERTCertList *
-CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
- SECCertUsage usage,
- PRBool oneCertPerName,
- PRBool validOnly,
- void *proto_win)
-{
- CERTCertNicknames *nicknames = NULL;
- char **nnptr;
- int nn;
- CERTCertificate *cert = NULL;
- CERTCertList *certList = NULL;
- SECStatus rv;
- int64 time;
- CERTCertListNode *node = NULL;
- CERTCertListNode *freenode = NULL;
- int n;
-
- time = PR_Now();
-
- nicknames = CERT_GetCertNicknames(handle, SEC_CERT_NICKNAMES_USER,
- proto_win);
-
- if ( ( nicknames == NULL ) || ( nicknames->numnicknames == 0 ) ) {
- goto loser;
- }
-
- nnptr = nicknames->nicknames;
- nn = nicknames->numnicknames;
-
- while ( nn > 0 ) {
- cert = NULL;
- /* use the pk11 call so that we pick up any certs on tokens,
- * which may require login
- */
- if ( proto_win != NULL ) {
- cert = PK11_FindCertFromNickname(*nnptr,proto_win);
- }
-
- /* Sigh, It turns out if the cert is already in the temp db, because
- * it's in the perm db, then the nickname lookup doesn't work.
- * since we already have the cert here, though, than we can just call
- * CERT_CreateSubjectCertList directly. For those cases where we didn't
- * find the cert in pkcs #11 (because we didn't have a password arg,
- * or because the nickname is for a peer, server, or CA cert, then we
- * go look the cert up.
- */
- if (cert == NULL) {
- cert = CERT_FindCertByNickname(handle,*nnptr);
- }
-
- if ( cert != NULL ) {
- /* collect certs for this nickname, sorting them into the list */
- certList = CERT_CreateSubjectCertList(certList, handle,
- &cert->derSubject, time, validOnly);
-
- /* drop the extra reference */
- CERT_DestroyCertificate(cert);
- }
-
- nnptr++;
- nn--;
- }
-
- /* remove certs with incorrect usage */
- rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* remove any extra certs for each name */
- if ( oneCertPerName ) {
- PRBool *flags;
-
- nn = nicknames->numnicknames;
- nnptr = nicknames->nicknames;
-
- flags = (PRBool *)PORT_ZAlloc(sizeof(PRBool) * nn);
- if ( flags == NULL ) {
- goto loser;
- }
-
- node = CERT_LIST_HEAD(certList);
-
- /* treverse all certs in the list */
- while ( !CERT_LIST_END(node, certList) ) {
-
- /* find matching nickname index */
- for ( n = 0; n < nn; n++ ) {
- if ( PORT_Strcmp(nnptr[n], node->cert->nickname) == 0 ) {
- /* We found a match. If this is the first one, then
- * set the flag and move on to the next cert. If this
- * is not the first one then delete it from the list.
- */
- if ( flags[n] ) {
- /* We have already seen a cert with this nickname,
- * so delete this one.
- */
- freenode = node;
- node = CERT_LIST_NEXT(node);
- CERT_RemoveCertListNode(freenode);
- } else {
- /* keep the first cert for each nickname, but set the
- * flag so we know to delete any others with the same
- * nickname.
- */
- flags[n] = PR_TRUE;
- node = CERT_LIST_NEXT(node);
- }
- break;
- }
- }
- if ( n == nn ) {
- /* if we get here it means that we didn't find a matching
- * nickname, which should not happen.
- */
- PORT_Assert(0);
- node = CERT_LIST_NEXT(node);
- }
- }
- PORT_Free(flags);
- }
-
- goto done;
-
-loser:
- if ( certList != NULL ) {
- CERT_DestroyCertList(certList);
- certList = NULL;
- }
-
-done:
- if ( nicknames != NULL ) {
- CERT_FreeNicknames(nicknames);
- }
-
- return(certList);
-}
-
-/*
- * Find a user certificate that matchs the given criteria.
- *
- * "handle" - database to search
- * "nickname" - nickname to match
- * "usage" - certificate usage to match
- * "validOnly" - only return certs that are curently valid
- * "proto_win" - window handle passed to pkcs11
- */
-CERTCertificate *
-CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
- char *nickname,
- SECCertUsage usage,
- PRBool validOnly,
- void *proto_win)
-{
- CERTCertificate *cert = NULL;
- CERTCertList *certList = NULL;
- SECStatus rv;
- int64 time;
-
- time = PR_Now();
-
- /* use the pk11 call so that we pick up any certs on tokens,
- * which may require login
- */
- /* XXX - why is this restricted? */
- if ( proto_win != NULL ) {
- cert = PK11_FindCertFromNickname(nickname,proto_win);
- }
-
-
- /* sigh, There are still problems find smart cards from the temp
- * db. This will get smart cards working again. The real fix
- * is to make sure we can search the temp db by their token nickname.
- */
- if (cert == NULL) {
- cert = CERT_FindCertByNickname(handle,nickname);
- }
-
- if ( cert != NULL ) {
- /* collect certs for this nickname, sorting them into the list */
- certList = CERT_CreateSubjectCertList(certList, handle,
- &cert->derSubject, time, validOnly);
-
- /* drop the extra reference */
- CERT_DestroyCertificate(cert);
- cert = NULL;
- }
-
- if ( certList == NULL ) {
- goto loser;
- }
-
- /* remove certs with incorrect usage */
- rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- if ( ! CERT_LIST_END(CERT_LIST_HEAD(certList), certList) ) {
- cert = CERT_DupCertificate(CERT_LIST_HEAD(certList)->cert);
- }
-
-loser:
- if ( certList != NULL ) {
- CERT_DestroyCertList(certList);
- }
-
- return(cert);
-}
-
-CERTCertList *
-CERT_MatchUserCert(CERTCertDBHandle *handle,
- SECCertUsage usage,
- int nCANames, char **caNames,
- void *proto_win)
-{
- CERTCertList *certList = NULL;
- SECStatus rv;
-
- certList = CERT_FindUserCertsByUsage(handle, usage, PR_TRUE, PR_TRUE,
- proto_win);
- if ( certList == NULL ) {
- goto loser;
- }
-
- rv = CERT_FilterCertListByCANames(certList, nCANames, caNames, usage);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- goto done;
-
-loser:
- if ( certList != NULL ) {
- CERT_DestroyCertList(certList);
- certList = NULL;
- }
-
-done:
-
- return(certList);
-}
-
-
-typedef struct stringNode {
- struct stringNode *next;
- char *string;
-} stringNode;
-
-static SECStatus
-CollectNicknames( CERTCertificate *cert, SECItem *k, void *data)
-{
- CERTCertNicknames *names;
- PRBool saveit = PR_FALSE;
- CERTCertTrust *trust;
- stringNode *node;
- int len;
-
- names = (CERTCertNicknames *)data;
-
- if ( cert->nickname ) {
- trust = cert->trust;
-
- switch(names->what) {
- case SEC_CERT_NICKNAMES_ALL:
- if ( ( trust->sslFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) ||
- ( trust->emailFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) ||
- ( trust->objectSigningFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) ) {
- saveit = PR_TRUE;
- }
-
- break;
- case SEC_CERT_NICKNAMES_USER:
- if ( ( trust->sslFlags & CERTDB_USER ) ||
- ( trust->emailFlags & CERTDB_USER ) ||
- ( trust->objectSigningFlags & CERTDB_USER ) ) {
- saveit = PR_TRUE;
- }
-
- break;
- case SEC_CERT_NICKNAMES_SERVER:
- if ( trust->sslFlags & CERTDB_VALID_PEER ) {
- saveit = PR_TRUE;
- }
-
- break;
- case SEC_CERT_NICKNAMES_CA:
- if ( ( ( trust->sslFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA ) ||
- ( ( trust->emailFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA ) ||
- ( ( trust->objectSigningFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA ) ) {
- saveit = PR_TRUE;
- }
- break;
- }
- }
-
- /* traverse the list of collected nicknames and make sure we don't make
- * a duplicate
- */
- if ( saveit ) {
- node = (stringNode *)names->head;
- while ( node != NULL ) {
- if ( PORT_Strcmp(cert->nickname, node->string) == 0 ) {
- /* if the string matches, then don't save this one */
- saveit = PR_FALSE;
- break;
- }
- node = node->next;
- }
- }
-
- if ( saveit ) {
-
- /* allocate the node */
- node = (stringNode*)PORT_ArenaAlloc(names->arena, sizeof(stringNode));
- if ( node == NULL ) {
- return(SECFailure);
- }
-
- /* copy the string */
- len = PORT_Strlen(cert->nickname) + 1;
- node->string = (char*)PORT_ArenaAlloc(names->arena, len);
- if ( node->string == NULL ) {
- return(SECFailure);
- }
- PORT_Memcpy(node->string, cert->nickname, len);
-
- /* link it into the list */
- node->next = (stringNode *)names->head;
- names->head = (void *)node;
-
- /* bump the count */
- names->numnicknames++;
- }
-
- return(SECSuccess);
-}
-
-CERTCertNicknames *
-CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx)
-{
- PRArenaPool *arena;
- CERTCertNicknames *names;
- int i;
- SECStatus rv;
- stringNode *node;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return(NULL);
- }
-
- names = (CERTCertNicknames *)PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
- if ( names == NULL ) {
- goto loser;
- }
-
- names->arena = arena;
- names->head = NULL;
- names->numnicknames = 0;
- names->nicknames = NULL;
- names->what = what;
- names->totallen = 0;
-
- rv = SEC_TraversePermCerts(handle, CollectNicknames, (void *)names);
- if ( rv ) {
- goto loser;
- }
-
- if ( wincx != NULL ) {
- rv = PK11_TraverseSlotCerts(CollectNicknames, (void *)names, wincx);
- if ( rv ) {
- goto loser;
- }
- }
-
- if ( names->numnicknames ) {
- names->nicknames = (char**)PORT_ArenaAlloc(arena,
- names->numnicknames * sizeof(char *));
-
- if ( names->nicknames == NULL ) {
- goto loser;
- }
-
- node = (stringNode *)names->head;
-
- for ( i = 0; i < names->numnicknames; i++ ) {
- PORT_Assert(node != NULL);
-
- names->nicknames[i] = node->string;
- names->totallen += PORT_Strlen(node->string);
- node = node->next;
- }
-
- PORT_Assert(node == NULL);
- }
-
- return(names);
-
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return(NULL);
-}
-
-void
-CERT_FreeNicknames(CERTCertNicknames *nicknames)
-{
- PORT_FreeArena(nicknames->arena, PR_FALSE);
-
- return;
-}
-
-/* [ FROM pcertdb.c ] */
-
-typedef struct dnameNode {
- struct dnameNode *next;
- SECItem name;
-} dnameNode;
-
-void
-CERT_FreeDistNames(CERTDistNames *names)
-{
- PORT_FreeArena(names->arena, PR_FALSE);
-
- return;
-}
-
-static SECStatus
-CollectDistNames( CERTCertificate *cert, SECItem *k, void *data)
-{
- CERTDistNames *names;
- PRBool saveit = PR_FALSE;
- CERTCertTrust *trust;
- dnameNode *node;
- int len;
-
- names = (CERTDistNames *)data;
-
- if ( cert->trust ) {
- trust = cert->trust;
-
- /* only collect names of CAs trusted for issuing SSL clients */
- if ( ( trust->sslFlags &
- ( CERTDB_VALID_CA | CERTDB_TRUSTED_CLIENT_CA ) ) ==
- ( CERTDB_VALID_CA | CERTDB_TRUSTED_CLIENT_CA ) ) {
- saveit = PR_TRUE;
- }
- }
-
- if ( saveit ) {
- /* allocate the node */
- node = (dnameNode*)PORT_ArenaAlloc(names->arena, sizeof(dnameNode));
- if ( node == NULL ) {
- return(SECFailure);
- }
-
- /* copy the name */
- node->name.len = len = cert->derSubject.len;
- node->name.data = (unsigned char*)PORT_ArenaAlloc(names->arena, len);
- if ( node->name.data == NULL ) {
- return(SECFailure);
- }
- PORT_Memcpy(node->name.data, cert->derSubject.data, len);
-
- /* link it into the list */
- node->next = (dnameNode *)names->head;
- names->head = (void *)node;
-
- /* bump the count */
- names->nnames++;
- }
-
- return(SECSuccess);
-}
-
-/*
- * Return all of the CAs that are "trusted" for SSL.
- */
-CERTDistNames *
-CERT_GetSSLCACerts(CERTCertDBHandle *handle)
-{
- PRArenaPool *arena;
- CERTDistNames *names;
- int i;
- SECStatus rv;
- dnameNode *node;
-
- /* allocate an arena to use */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return(NULL);
- }
-
- /* allocate the header structure */
- names = (CERTDistNames *)PORT_ArenaAlloc(arena, sizeof(CERTDistNames));
- if ( names == NULL ) {
- goto loser;
- }
-
- /* initialize the header struct */
- names->arena = arena;
- names->head = NULL;
- names->nnames = 0;
- names->names = NULL;
-
- /* collect the names from the database */
- rv = SEC_TraversePermCerts(handle, CollectDistNames, (void *)names);
- if ( rv ) {
- goto loser;
- }
-
- /* construct the array from the list */
- if ( names->nnames ) {
- names->names = (SECItem*)PORT_ArenaAlloc(arena, names->nnames * sizeof(SECItem));
-
- if ( names->names == NULL ) {
- goto loser;
- }
-
- node = (dnameNode *)names->head;
-
- for ( i = 0; i < names->nnames; i++ ) {
- PORT_Assert(node != NULL);
-
- names->names[i] = node->name;
- node = node->next;
- }
-
- PORT_Assert(node == NULL);
- }
-
- return(names);
-
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return(NULL);
-}
-
-CERTDistNames *
-CERT_DistNamesFromNicknames(CERTCertDBHandle *handle, char **nicknames,
- int nnames)
-{
- CERTDistNames *dnames = NULL;
- PRArenaPool *arena;
- int i, rv;
- SECItem *names = NULL;
- CERTCertificate *cert = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) goto loser;
- dnames = (CERTDistNames*)PORT_Alloc(sizeof(CERTDistNames));
- if (dnames == NULL) goto loser;
-
- dnames->arena = arena;
- dnames->nnames = nnames;
- dnames->names = names = (SECItem*)PORT_Alloc(nnames * sizeof(SECItem));
- if (names == NULL) goto loser;
-
- for (i = 0; i < nnames; i++) {
- cert = CERT_FindCertByNicknameOrEmailAddr(handle, nicknames[i]);
- if (cert == NULL) goto loser;
- rv = SECITEM_CopyItem(arena, &names[i], &cert->derSubject);
- if (rv == SECFailure) goto loser;
- CERT_DestroyCertificate(cert);
- }
- return dnames;
-
-loser:
- if (cert != NULL)
- CERT_DestroyCertificate(cert);
- if (arena != NULL)
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
-}
-
-/* [ from pcertdb.c - calls Ascii to Name ] */
-/*
- * Lookup a certificate in the database by name
- */
-CERTCertificate *
-CERT_FindCertByNameString(CERTCertDBHandle *handle, char *nameStr)
-{
- CERTName *name;
- SECItem *nameItem;
- CERTCertificate *cert = NULL;
- PRArenaPool *arena = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( arena == NULL ) {
- goto loser;
- }
-
- name = CERT_AsciiToName(nameStr);
-
- if ( name ) {
- nameItem = SEC_ASN1EncodeItem (arena, NULL, (void *)name,
- CERT_NameTemplate);
- if ( nameItem == NULL ) {
- goto loser;
- }
-
- cert = CERT_FindCertByName(handle, nameItem);
- CERT_DestroyName(name);
- }
-
-loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(cert);
-}
-
-/* From certv3.c */
-
-CERTCrlDistributionPoints *
-CERT_FindCRLDistributionPoints (CERTCertificate *cert)
-{
- SECItem encodedExtenValue;
- SECStatus rv;
-
- encodedExtenValue.data = NULL;
- encodedExtenValue.len = 0;
-
- rv = cert_FindExtension(cert->extensions, SEC_OID_X509_CRL_DIST_POINTS,
- &encodedExtenValue);
- if ( rv != SECSuccess ) {
- return (NULL);
- }
-
- return (CERT_DecodeCRLDistributionPoints (cert->arena,
- &encodedExtenValue));
-}
-
-/* From crl.c */
-CERTSignedCrl * CERT_ImportCRL
- (CERTCertDBHandle *handle, SECItem *derCRL, char *url, int type, void *wincx)
-{
- CERTCertificate *caCert;
- CERTSignedCrl *newCrl, *crl;
- SECStatus rv;
-
- newCrl = crl = NULL;
-
- PORT_Assert (handle != NULL);
- do {
-
- newCrl = CERT_DecodeDERCrl(NULL, derCRL, type);
- if (newCrl == NULL) {
- if (type == SEC_CRL_TYPE) {
- /* only promote error when the error code is too generic */
- if (PORT_GetError () == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_CRL_INVALID);
- } else {
- PORT_SetError(SEC_ERROR_KRL_INVALID);
- }
- break;
- }
-
- caCert = CERT_FindCertByName (handle, &newCrl->crl.derName);
- if (caCert == NULL) {
- PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
- break;
- }
-
- /* If caCert is a v3 certificate, make sure that it can be used for
- crl signing purpose */
- rv = CERT_CheckCertUsage (caCert, KU_CRL_SIGN);
- if (rv != SECSuccess) {
- break;
- }
-
- rv = CERT_VerifySignedData(&newCrl->signatureWrap, caCert,
- PR_Now(), wincx);
- if (rv != SECSuccess) {
- if (type == SEC_CRL_TYPE) {
- PORT_SetError(SEC_ERROR_CRL_BAD_SIGNATURE);
- } else {
- PORT_SetError(SEC_ERROR_KRL_BAD_SIGNATURE);
- }
- break;
- }
-
- /* Do CRL validation and add to the dbase if this crl is more present then the one
- in the dbase, if one exists.
- */
- crl = cert_DBInsertCRL (handle, url, newCrl, derCRL, type);
-
- } while (0);
-
- SEC_DestroyCrl (newCrl);
- return (crl);
-}
-
-/* From certdb.c */
-SECStatus
-CERT_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage)
-{
- SECStatus rv;
- SECItem *derCert;
- SECItem certKey;
- PRArenaPool *arena;
- CERTCertificate *cert = NULL;
- CERTCertificate *newcert = NULL;
- CERTCertDBHandle *handle;
- CERTCertTrust trust;
- PRBool isca;
- char *nickname;
- unsigned int certtype;
-
- handle = CERT_GetDefaultCertDB();
-
- arena = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( ! arena ) {
- goto loser;
- }
-
- while (numcerts--) {
- derCert = certs;
- certs++;
-
- /* get the key (issuer+cn) from the cert */
- rv = CERT_KeyFromDERCert(arena, derCert, &certKey);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* same cert already exists in the database, don't need to do
- * anything more with it
- */
- cert = CERT_FindCertByKey(handle, &certKey);
- if ( cert ) {
- CERT_DestroyCertificate(cert);
- cert = NULL;
- continue;
- }
-
- /* decode my certificate */
- newcert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
- if ( newcert == NULL ) {
- goto loser;
- }
-
- /* make sure that cert is valid */
- rv = CERT_CertTimesValid(newcert);
- if ( rv == SECFailure ) {
- goto endloop;
- }
-
- /* does it have the CA extension */
-
- /*
- * Make sure that if this is an intermediate CA in the chain that
- * it was given permission by its signer to be a CA.
- */
- isca = CERT_IsCACert(newcert, &certtype);
-
- if ( !isca ) {
- goto endloop;
- }
-
- /* SSL ca's must have the ssl bit set */
- if ( ( certUsage == certUsageSSLCA ) &&
- ( ( certtype & NS_CERT_TYPE_SSL_CA ) != NS_CERT_TYPE_SSL_CA ) ) {
- goto endloop;
- }
-
- /* it passed all of the tests, so lets add it to the database */
- /* mark it as a CA */
- PORT_Memset((void *)&trust, 0, sizeof(trust));
- switch ( certUsage ) {
- case certUsageSSLCA:
- trust.sslFlags = CERTDB_VALID_CA;
- break;
- case certUsageUserCertImport:
- if ( ( certtype & NS_CERT_TYPE_SSL_CA ) == NS_CERT_TYPE_SSL_CA ) {
- trust.sslFlags = CERTDB_VALID_CA;
- }
- if ( ( certtype & NS_CERT_TYPE_EMAIL_CA ) ==
- NS_CERT_TYPE_EMAIL_CA ) {
- trust.emailFlags = CERTDB_VALID_CA;
- }
- if ( ( certtype & NS_CERT_TYPE_OBJECT_SIGNING_CA ) ==
- NS_CERT_TYPE_OBJECT_SIGNING_CA ) {
- trust.objectSigningFlags = CERTDB_VALID_CA;
- }
- break;
- default:
- PORT_Assert(0);
- break;
- }
-
- cert = CERT_NewTempCertificate(handle, derCert, NULL, PR_FALSE, PR_TRUE);
- if ( cert == NULL ) {
- goto loser;
- }
-
- /* get a default nickname for it */
- nickname = CERT_MakeCANickname(cert);
-
- rv = CERT_AddTempCertToPerm(cert, nickname, &trust);
- /* free the nickname */
- if ( nickname ) {
- PORT_Free(nickname);
- }
-
- CERT_DestroyCertificate(cert);
- cert = NULL;
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
-endloop:
- if ( newcert ) {
- CERT_DestroyCertificate(newcert);
- newcert = NULL;
- }
-
- }
-
- rv = SECSuccess;
- goto done;
-loser:
- rv = SECFailure;
-done:
-
- if ( newcert ) {
- CERT_DestroyCertificate(newcert);
- newcert = NULL;
- }
-
- if ( cert ) {
- CERT_DestroyCertificate(cert);
- cert = NULL;
- }
-
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(rv);
-}
-
-/* Moved from certdb.c */
-/*
-** CERT_CertChainFromCert
-**
-** Construct a CERTCertificateList consisting of the given certificate and all
-** of the issuer certs until we either get to a self-signed cert or can't find
-** an issuer. Since we don't know how many certs are in the chain we have to
-** build a linked list first as we count them.
-*/
-
-typedef struct certNode {
- struct certNode *next;
- CERTCertificate *cert;
-} certNode;
-
-CERTCertificateList *
-CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
- PRBool includeRoot)
-{
- CERTCertificateList *chain = NULL;
- CERTCertificate *c;
- SECItem *p;
- int rv, len = 0;
- PRArenaPool *tmpArena, *arena;
- certNode *head, *tail, *node;
-
- /*
- * Initialize stuff so we can goto loser.
- */
- head = NULL;
- arena = NULL;
-
- /* arena for linked list */
- tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (tmpArena == NULL) goto no_memory;
-
- /* arena for SecCertificateList */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) goto no_memory;
-
- head = tail = (certNode*)PORT_ArenaZAlloc(tmpArena, sizeof(certNode));
- if (head == NULL) goto no_memory;
-
- /* put primary cert first in the linked list */
- head->cert = c = CERT_DupCertificate(cert);
- if (head->cert == NULL) goto loser;
- len++;
-
- /* add certs until we come to a self-signed one */
- while(SECITEM_CompareItem(&c->derIssuer, &c->derSubject) != SECEqual) {
- c = CERT_FindCertIssuer(tail->cert, PR_Now(), usage);
- if (c == NULL) {
- /* no root is found, so make sure we don't attempt to delete one
- * below
- */
- includeRoot = PR_TRUE;
- break;
- }
-
- tail->next = (certNode*)PORT_ArenaZAlloc(tmpArena, sizeof(certNode));
- tail = tail->next;
- if (tail == NULL) goto no_memory;
-
- tail->cert = c;
- len++;
- }
-
- /* now build the CERTCertificateList */
- chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificateList));
- if (chain == NULL) goto no_memory;
- chain->certs = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
- if (chain->certs == NULL) goto no_memory;
-
- for(node = head, p = chain->certs; node; node = node->next, p++) {
- rv = SECITEM_CopyItem(arena, p, &node->cert->derCert);
- CERT_DestroyCertificate(node->cert);
- node->cert = NULL;
- if (rv < 0) goto loser;
- }
- if ( includeRoot ) {
- chain->len = len;
- } else {
- chain->len = len - 1;
- }
-
- chain->arena = arena;
-
- PORT_FreeArena(tmpArena, PR_FALSE);
-
- return chain;
-
-no_memory:
- PORT_SetError(SEC_ERROR_NO_MEMORY);
-loser:
- if (head != NULL) {
- for (node = head; node; node = node->next) {
- if (node->cert != NULL)
- CERT_DestroyCertificate(node->cert);
- }
- }
-
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- if (tmpArena != NULL) {
- PORT_FreeArena(tmpArena, PR_FALSE);
- }
-
- return NULL;
-}
-
-CERTCertificateList *
-CERT_CertListFromCert(CERTCertificate *cert)
-{
- CERTCertificateList *chain = NULL;
- int rv;
- PRArenaPool *arena;
-
- /* arena for SecCertificateList */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) goto no_memory;
-
- /* build the CERTCertificateList */
- chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificateList));
- if (chain == NULL) goto no_memory;
- chain->certs = (SECItem*)PORT_ArenaAlloc(arena, 1 * sizeof(SECItem));
- if (chain->certs == NULL) goto no_memory;
- rv = SECITEM_CopyItem(arena, chain->certs, &(cert->derCert));
- if (rv < 0) goto loser;
- chain->len = 1;
- chain->arena = arena;
-
- return chain;
-
-no_memory:
- PORT_SetError(SEC_ERROR_NO_MEMORY);
-loser:
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return NULL;
-}
-
-void
-CERT_DestroyCertificateList(CERTCertificateList *list)
-{
- PORT_FreeArena(list->arena, PR_FALSE);
-}
-
diff --git a/security/nss/lib/certhigh/certhtml.c b/security/nss/lib/certhigh/certhtml.c
deleted file mode 100644
index 4190a52a3..000000000
--- a/security/nss/lib/certhigh/certhtml.c
+++ /dev/null
@@ -1,623 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * certhtml.c --- convert a cert to html
- *
- * $Id$
- */
-
-#include "seccomon.h"
-#include "secitem.h"
-#include "sechash.h"
-#include "cert.h"
-#include "keyhi.h"
-#include "secder.h"
-#include "prprf.h"
-#include "secport.h"
-#include "secasn1.h"
-#include "pk11func.h"
-
-static char *hex = "0123456789ABCDEF";
-
-/*
-** Convert a der-encoded integer to a hex printable string form
-*/
-char *CERT_Hexify (SECItem *i, int do_colon)
-{
- unsigned char *cp, *end;
- char *rv, *o;
-
- if (!i->len) {
- return PORT_Strdup("00");
- }
-
- rv = o = (char*) PORT_Alloc(i->len * 3);
- if (!rv) return rv;
-
- cp = i->data;
- end = cp + i->len;
- while (cp < end) {
- unsigned char ch = *cp++;
- *o++ = hex[(ch >> 4) & 0xf];
- *o++ = hex[ch & 0xf];
- if (cp != end) {
- if (do_colon) {
- *o++ = ':';
- }
- }
- }
- *o = 0; /* Null terminate the string */
- return rv;
-}
-
-static char *
-gatherStrings(char **strings)
-{
- char **strs;
- int len;
- char *ret;
- char *s;
-
- /* find total length of all strings */
- strs = strings;
- len = 0;
- while ( *strs ) {
- len += PORT_Strlen(*strs);
- strs++;
- }
-
- /* alloc enough memory for it */
- ret = (char*)PORT_Alloc(len + 1);
- if ( !ret ) {
- return(ret);
- }
-
- s = ret;
-
- /* copy the strings */
- strs = strings;
- while ( *strs ) {
- PORT_Strcpy(s, *strs);
- s += PORT_Strlen(*strs);
- strs++;
- }
-
- return( ret );
-}
-
-static PRBool
-CERT_IsAVAInUnicode(CERTAVA *ava, SECOidTag type)
-{
- switch(type) {
- case SEC_OID_AVA_COUNTRY_NAME:
- case SEC_OID_PKCS9_EMAIL_ADDRESS:
- case SEC_OID_RFC1274_MAIL:
- return PR_FALSE;
- default:
- if(ava->value.data[0] == SEC_ASN1_UNIVERSAL_STRING) {
- return PR_TRUE;
- }
- break;
- }
-
- return PR_FALSE;
-}
-
-#define BREAK "<br>"
-#define BREAKLEN 4
-#define COMMA ", "
-#define COMMALEN 2
-
-#define MAX_OUS 20
-#define MAX_DC MAX_OUS
-
-
-char *CERT_FormatName (CERTName *name)
-{
- CERTRDN** rdns;
- CERTRDN * rdn;
- CERTAVA** avas;
- CERTAVA* ava;
- char * buf = 0;
- char * tmpbuf = 0;
- SECItem * cn = 0;
- SECItem * email = 0;
- SECItem * org = 0;
- SECItem * loc = 0;
- SECItem * state = 0;
- SECItem * country = 0;
- SECItem * dq = 0;
-
- unsigned len = 0;
- int tag;
- int i;
- int ou_count = 0;
- int dc_count = 0;
- PRBool first;
- SECItem * orgunit[MAX_OUS];
- SECItem * dc[MAX_DC];
-
- /* Loop over name components and gather the interesting ones */
- rdns = name->rdns;
- while ((rdn = *rdns++) != 0) {
- avas = rdn->avas;
- while ((ava = *avas++) != 0) {
- tag = CERT_GetAVATag(ava);
- switch(tag) {
- case SEC_OID_AVA_COMMON_NAME:
- cn = CERT_DecodeAVAValue(&ava->value);
- len += cn->len;
- break;
- case SEC_OID_AVA_COUNTRY_NAME:
- country = CERT_DecodeAVAValue(&ava->value);
- len += country->len;
- break;
- case SEC_OID_AVA_LOCALITY:
- loc = CERT_DecodeAVAValue(&ava->value);
- len += loc->len;
- break;
- case SEC_OID_AVA_STATE_OR_PROVINCE:
- state = CERT_DecodeAVAValue(&ava->value);
- len += state->len;
- break;
- case SEC_OID_AVA_ORGANIZATION_NAME:
- org = CERT_DecodeAVAValue(&ava->value);
- len += org->len;
- break;
- case SEC_OID_AVA_DN_QUALIFIER:
- dq = CERT_DecodeAVAValue(&ava->value);
- len += dq->len;
- break;
- case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
- if (ou_count < MAX_OUS) {
- orgunit[ou_count] = CERT_DecodeAVAValue(&ava->value);
- len += orgunit[ou_count++]->len;
- }
- break;
- case SEC_OID_AVA_DC:
- if (dc_count < MAX_DC) {
- dc[dc_count] = CERT_DecodeAVAValue(&ava->value);
- len += dc[dc_count++]->len;
- }
- break;
- case SEC_OID_PKCS9_EMAIL_ADDRESS:
- case SEC_OID_RFC1274_MAIL:
- email = CERT_DecodeAVAValue(&ava->value);
- len += email->len;
- break;
- default:
- break;
- }
- }
- }
-
- /* XXX - add some for formatting */
- len += 128;
-
- /* allocate buffer */
- buf = (char *)PORT_Alloc(len);
- if ( !buf ) {
- return(0);
- }
-
- tmpbuf = buf;
-
- if ( cn ) {
- PORT_Memcpy(tmpbuf, cn->data, cn->len);
- tmpbuf += cn->len;
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- SECITEM_FreeItem(cn, PR_TRUE);
- }
- if ( email ) {
- PORT_Memcpy(tmpbuf, email->data, email->len);
- tmpbuf += ( email->len );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- SECITEM_FreeItem(email, PR_TRUE);
- }
- for (i=ou_count-1; i >= 0; i--) {
- PORT_Memcpy(tmpbuf, orgunit[i]->data, orgunit[i]->len);
- tmpbuf += ( orgunit[i]->len );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- SECITEM_FreeItem(orgunit[i], PR_TRUE);
- }
- if ( dq ) {
- PORT_Memcpy(tmpbuf, dq->data, dq->len);
- tmpbuf += ( dq->len );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- SECITEM_FreeItem(dq, PR_TRUE);
- }
- if ( org ) {
- PORT_Memcpy(tmpbuf, org->data, org->len);
- tmpbuf += ( org->len );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- SECITEM_FreeItem(org, PR_TRUE);
- }
- for (i=dc_count-1; i >= 0; i--) {
- PORT_Memcpy(tmpbuf, dc[i]->data, dc[i]->len);
- tmpbuf += ( dc[i]->len );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- SECITEM_FreeItem(dc[i], PR_TRUE);
- }
- first = PR_TRUE;
- if ( loc ) {
- PORT_Memcpy(tmpbuf, loc->data, loc->len);
- tmpbuf += ( loc->len );
- first = PR_FALSE;
- SECITEM_FreeItem(loc, PR_TRUE);
- }
- if ( state ) {
- if ( !first ) {
- PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
- tmpbuf += COMMALEN;
- }
- PORT_Memcpy(tmpbuf, state->data, state->len);
- tmpbuf += ( state->len );
- first = PR_FALSE;
- SECITEM_FreeItem(state, PR_TRUE);
- }
- if ( country ) {
- if ( !first ) {
- PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
- tmpbuf += COMMALEN;
- }
- PORT_Memcpy(tmpbuf, country->data, country->len);
- tmpbuf += ( country->len );
- first = PR_FALSE;
- SECITEM_FreeItem(country, PR_TRUE);
- }
- if ( !first ) {
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- }
-
- *tmpbuf = 0;
-
- return(buf);
-}
-
-static char *sec_FortezzaClearance(SECItem *clearance) {
- unsigned char clr = 0;
-
- if (clearance->len > 0) { clr = clearance->data[0]; }
-
- if (clr & 0x4) return "Top Secret";
- if (clr & 0x8) return "Secret";
- if (clr & 0x10) return "Confidential";
- if (clr & 0x20) return "Sensitive";
- if (clr & 0x40) return "Unclassified";
- return "None";
-}
-
-static char *sec_FortezzaMessagePriviledge(SECItem *priv) {
- unsigned char clr = 0;
-
- if (priv->len > 0) { clr = (priv->data[0]) & 0x78; }
-
- if (clr == 0x00) {
- return "None";
- } else {
-
- return PR_smprintf("%s%s%s%s%s%s%s",
-
- clr&0x40?"Critical/Flash":"",
- (clr&0x40) && (clr&0x38) ? ", " : "" ,
-
- clr&0x20?"Immediate/Priority":"",
- (clr&0x20) && (clr&0x18) ? ", " : "" ,
-
- clr&0x10?"Routine/Deferred":"",
- (clr&0x10) && (clr&0x08) ? ", " : "" ,
-
- clr&0x08?"Rekey Agent":"");
- }
-
-}
-
-static char *sec_FortezzaCertPriviledge(SECItem *priv) {
- unsigned char clr = 0;
-
- if (priv->len > 0) { clr = priv->data[0]; }
-
- return PR_smprintf("%s%s%s%s%s%s%s%s%s%s%s%s",
- clr&0x40?"Organizational Releaser":"",
- (clr&0x40) && (clr&0x3e) ? "," : "" ,
- clr&0x20?"Policy Creation Authority":"",
- (clr&0x20) && (clr&0x1e) ? "," : "" ,
- clr&0x10?"Certificate Authority":"",
- (clr&0x10) && (clr&0x0e) ? "," : "" ,
- clr&0x08?"Local Managment Authority":"",
- (clr&0x08) && (clr&0x06) ? "," : "" ,
- clr&0x04?"Configuration Vector Authority":"",
- (clr&0x04) && (clr&0x02) ? "," : "" ,
- clr&0x02?"No Signature Capability":"",
- clr&0x7e?"":"Signing Only"
- );
-}
-
-static char *htmlcertstrings[] = {
- "<table border=0 cellspacing=0 cellpadding=0><tr><td valign=top>"
- "<font size=2><b>This Certificate belongs to:</b><br>"
- "<table border=0 cellspacing=0 cellpadding=0><tr><td>",
- 0, /* image goes here */
- 0,
- 0,
- "</td><td width=10> </td><td><font size=2>",
- 0, /* subject name goes here */
- "</td></tr></table></font></td><td width=20> </td><td valign=top>"
- "<font size=2><b>This Certificate was issued by:</b><br>"
- "<table border=0 cellspacing=0 cellpadding=0><tr><td>",
- 0, /* image goes here */
- 0,
- 0,
- "</td><td width=10> </td><td><font size=2>",
- 0, /* issuer name goes here */
- "</td></tr></table></font></td></tr></table>"
- "<b>Serial Number:</b> ",
- 0,
- "<br><b>This Certificate is valid from ",
- 0, /* notBefore goes here */
- " to ",
- 0, /* notAfter does here */
- "</b><br><b>Clearance:</b>",
- 0,
- "<br><b>DSS Priviledges:</b>",
- 0,
- "<br><b>KEA Priviledges:</b>",
- 0,
- "<br><b>KMID:</b>",
- 0,
- "<br><b>Certificate Fingerprint:</b>"
- "<table border=0 cellspacing=0 cellpadding=0><tr>"
- "<td width=10> </td><td><font size=2>",
- 0, /* fingerprint goes here */
- "</td></tr></table>",
- 0, /* comment header goes here */
- 0, /* comment goes here */
- 0, /* comment trailer goes here */
- 0
-};
-
-char *
-CERT_HTMLCertInfo(CERTCertificate *cert, PRBool showImages, PRBool showIssuer)
-{
- SECStatus rv;
- char *issuer, *subject, *serialNumber, *version;
- char *notBefore, *notAfter;
- char *ret;
- char *nickname;
- SECItem dummyitem;
- unsigned char fingerprint[16]; /* result of MD5, always 16 bytes */
- char *fpstr;
- SECItem fpitem;
- char *commentstring = NULL;
- SECKEYPublicKey *pubk;
- char *DSSPriv;
- char *KMID = NULL;
- char *servername;
-
- if (!cert) {
- return(0);
- }
-
- issuer = CERT_FormatName (&cert->issuer);
- subject = CERT_FormatName (&cert->subject);
- version = CERT_Hexify (&cert->version,1);
- serialNumber = CERT_Hexify (&cert->serialNumber,1);
- notBefore = DER_UTCDayToAscii(&cert->validity.notBefore);
- notAfter = DER_UTCDayToAscii(&cert->validity.notAfter);
- servername = CERT_FindNSStringExtension(cert,
- SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME);
-
- nickname = cert->nickname;
- if ( nickname == NULL ) {
- showImages = PR_FALSE;
- }
-
- dummyitem.data = NULL;
- rv = CERT_FindCertExtension(cert, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
- &dummyitem);
- if ( dummyitem.data ) {
- PORT_Free(dummyitem.data);
- }
-
- if ( rv || !showImages ) {
- htmlcertstrings[1] = "";
- htmlcertstrings[2] = "";
- htmlcertstrings[3] = "";
- } else {
- htmlcertstrings[1] = "<img src=\"about:security?subject-logo=";
- htmlcertstrings[2] = nickname;
- htmlcertstrings[3] = "\">";
- }
-
- if ( servername ) {
- char *tmpstr;
- tmpstr = (char *)PORT_Alloc(PORT_Strlen(subject) +
- PORT_Strlen(servername) +
- sizeof("<br>") + 1);
- if ( tmpstr ) {
- PORT_Strcpy(tmpstr, servername);
- PORT_Strcat(tmpstr, "<br>");
- PORT_Strcat(tmpstr, subject);
- PORT_Free(subject);
- subject = tmpstr;
- }
- }
-
- htmlcertstrings[5] = subject;
-
- dummyitem.data = NULL;
-
- rv = CERT_FindCertExtension(cert, SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
- &dummyitem);
- if ( dummyitem.data ) {
- PORT_Free(dummyitem.data);
- }
-
- if ( rv || !showImages ) {
- htmlcertstrings[7] = "";
- htmlcertstrings[8] = "";
- htmlcertstrings[9] = "";
- } else {
- htmlcertstrings[7] = "<img src=\"about:security?issuer-logo=";
- htmlcertstrings[8] = nickname;
- htmlcertstrings[9] = "\">";
- }
-
-
- if (showIssuer == PR_TRUE) {
- htmlcertstrings[11] = issuer;
- } else {
- htmlcertstrings[11] = "";
- }
-
- htmlcertstrings[13] = serialNumber;
- htmlcertstrings[15] = notBefore;
- htmlcertstrings[17] = notAfter;
-
- pubk = CERT_ExtractPublicKey(cert);
- DSSPriv = NULL;
- if (pubk && (pubk->keyType == fortezzaKey)) {
- htmlcertstrings[18] = "</b><br><b>Clearance:</b>";
- htmlcertstrings[19] = sec_FortezzaClearance(
- &pubk->u.fortezza.clearance);
- htmlcertstrings[20] = "<br><b>DSS Priviledges:</b>";
- DSSPriv = sec_FortezzaCertPriviledge(
- &pubk->u.fortezza.DSSpriviledge);
- htmlcertstrings[21] = DSSPriv;
- htmlcertstrings[22] = "<br><b>KEA Priviledges:</b>";
- htmlcertstrings[23] = sec_FortezzaMessagePriviledge(
- &pubk->u.fortezza.KEApriviledge);
- htmlcertstrings[24] = "<br><b>KMID:</b>";
- dummyitem.data = &pubk->u.fortezza.KMID[0];
- dummyitem.len = sizeof(pubk->u.fortezza.KMID);
- KMID = CERT_Hexify (&dummyitem,0);
- htmlcertstrings[25] = KMID;
- } else {
- /* clear out the headers in the non-fortezza cases */
- htmlcertstrings[18] = "";
- htmlcertstrings[19] = "";
- htmlcertstrings[20] = "";
- htmlcertstrings[21] = "";
- htmlcertstrings[22] = "";
- htmlcertstrings[23] = "";
- htmlcertstrings[24] = "";
- htmlcertstrings[25] = "</b>";
- }
-
- if (pubk) {
- SECKEY_DestroyPublicKey(pubk);
- }
-
-#define HTML_OFF 27
- rv = PK11_HashBuf(SEC_OID_MD5, fingerprint,
- cert->derCert.data, cert->derCert.len);
-
- fpitem.data = fingerprint;
- fpitem.len = sizeof(fingerprint);
-
- fpstr = CERT_Hexify (&fpitem,1);
-
- htmlcertstrings[HTML_OFF] = fpstr;
-
- commentstring = CERT_GetCertCommentString(cert);
-
- if (commentstring == NULL) {
- htmlcertstrings[HTML_OFF+2] = "";
- htmlcertstrings[HTML_OFF+3] = "";
- htmlcertstrings[HTML_OFF+4] = "";
- } else {
- htmlcertstrings[HTML_OFF+2] =
- "<b>Comment:</b>"
- "<table border=0 cellspacing=0 cellpadding=0><tr>"
- "<td width=10> </td><td><font size=3>"
- "<textarea name=foobar rows=4 cols=55 onfocus=\"this.blur()\">";
- htmlcertstrings[HTML_OFF+3] = commentstring;
- htmlcertstrings[HTML_OFF+4] = "</textarea></font></td></tr></table>";
- }
-
- ret = gatherStrings(htmlcertstrings);
-
- if ( issuer ) {
- PORT_Free(issuer);
- }
-
- if ( subject ) {
- PORT_Free(subject);
- }
-
- if ( version ) {
- PORT_Free(version);
- }
-
- if ( serialNumber ) {
- PORT_Free(serialNumber);
- }
-
- if ( notBefore ) {
- PORT_Free(notBefore);
- }
-
- if ( notAfter ) {
- PORT_Free(notAfter);
- }
-
- if ( fpstr ) {
- PORT_Free(fpstr);
- }
- if (DSSPriv) {
- PORT_Free(DSSPriv);
- }
-
- if (KMID) {
- PORT_Free(KMID);
- }
-
- if ( commentstring ) {
- PORT_Free(commentstring);
- }
-
- if ( servername ) {
- PORT_Free(servername);
- }
-
- return(ret);
-}
-
diff --git a/security/nss/lib/certhigh/certread.c b/security/nss/lib/certhigh/certread.c
deleted file mode 100644
index 5c5ddab78..000000000
--- a/security/nss/lib/certhigh/certread.c
+++ /dev/null
@@ -1,535 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "cert.h"
-#include "secpkcs7.h"
-#include "base64.h"
-#include "secitem.h"
-#include "secder.h"
-#include "secasn1.h"
-#include "secoid.h"
-
-SECStatus
-SEC_ReadPKCS7Certs(SECItem *pkcs7Item, CERTImportCertificateFunc f, void *arg)
-{
- SEC_PKCS7ContentInfo *contentInfo = NULL;
- SECStatus rv;
- SECItem **certs;
- int count;
-
- contentInfo = SEC_PKCS7DecodeItem(pkcs7Item, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL);
- if ( contentInfo == NULL ) {
- goto loser;
- }
-
- if ( SEC_PKCS7ContentType (contentInfo) != SEC_OID_PKCS7_SIGNED_DATA ) {
- goto loser;
- }
-
- certs = contentInfo->content.signedData->rawCerts;
- if ( certs ) {
- count = 0;
-
- while ( *certs ) {
- count++;
- certs++;
- }
- rv = (* f)(arg, contentInfo->content.signedData->rawCerts, count);
- }
-
- rv = SECSuccess;
-
- goto done;
-loser:
- rv = SECFailure;
-
-done:
- if ( contentInfo ) {
- SEC_PKCS7DestroyContentInfo(contentInfo);
- }
-
- return(rv);
-}
-
-const SEC_ASN1Template SEC_CertSequenceTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF,
- 0, SECAnyTemplate }
-};
-
-SECStatus
-SEC_ReadCertSequence(SECItem *certsItem, CERTImportCertificateFunc f, void *arg)
-{
- SECStatus rv;
- SECItem **certs;
- int count;
- SECItem **rawCerts = NULL;
- PRArenaPool *arena;
- SEC_PKCS7ContentInfo *contentInfo = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- return SECFailure;
- }
-
- contentInfo = SEC_PKCS7DecodeItem(certsItem, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL);
- if ( contentInfo == NULL ) {
- goto loser;
- }
-
- if ( SEC_PKCS7ContentType (contentInfo) != SEC_OID_NS_TYPE_CERT_SEQUENCE ) {
- goto loser;
- }
-
-
- rv = SEC_ASN1DecodeItem(arena, &rawCerts, SEC_CertSequenceTemplate,
- contentInfo->content.data);
-
- if (rv != SECSuccess) {
- goto loser;
- }
-
- certs = rawCerts;
- if ( certs ) {
- count = 0;
-
- while ( *certs ) {
- count++;
- certs++;
- }
- rv = (* f)(arg, rawCerts, count);
- }
-
- rv = SECSuccess;
-
- goto done;
-loser:
- rv = SECFailure;
-
-done:
- if ( contentInfo ) {
- SEC_PKCS7DestroyContentInfo(contentInfo);
- }
-
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(rv);
-}
-
-CERTCertificate *
-CERT_ConvertAndDecodeCertificate(char *certstr)
-{
- CERTCertificate *cert;
- SECStatus rv;
- SECItem der;
-
- rv = ATOB_ConvertAsciiToItem(&der, certstr);
- if (rv != SECSuccess)
- return NULL;
-
- cert = CERT_DecodeDERCertificate(&der, PR_TRUE, NULL);
-
- PORT_Free(der.data);
- return cert;
-}
-
-#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----"
-#define NS_CERT_TRAILER "-----END CERTIFICATE-----"
-
-#define CERTIFICATE_TYPE_STRING "certificate"
-#define CERTIFICATE_TYPE_LEN (sizeof(CERTIFICATE_TYPE_STRING)-1)
-
-CERTPackageType
-CERT_CertPackageType(SECItem *package, SECItem *certitem)
-{
- unsigned char *cp;
- int seqLen, seqLenLen;
- SECItem oiditem;
- SECOidData *oiddata;
- CERTPackageType type = certPackageNone;
-
- cp = package->data;
-
- /* is a DER encoded certificate of some type? */
- if ( ( *cp & 0x1f ) == SEC_ASN1_SEQUENCE ) {
- cp++;
-
- if ( *cp & 0x80) {
- /* Multibyte length */
- seqLenLen = cp[0] & 0x7f;
-
- switch (seqLenLen) {
- case 4:
- seqLen = ((unsigned long)cp[1]<<24) |
- ((unsigned long)cp[2]<<16) | (cp[3]<<8) | cp[4];
- break;
- case 3:
- seqLen = ((unsigned long)cp[1]<<16) | (cp[2]<<8) | cp[3];
- break;
- case 2:
- seqLen = (cp[1]<<8) | cp[2];
- break;
- case 1:
- seqLen = cp[1];
- break;
- default:
- /* indefinite length */
- seqLen = 0;
- }
- cp += ( seqLenLen + 1 );
-
- } else {
- seqLenLen = 0;
- seqLen = *cp;
- cp++;
- }
-
- /* check entire length if definite length */
- if ( seqLen || seqLenLen ) {
- if ( package->len != ( seqLen + seqLenLen + 2 ) ) {
- /* not a DER package */
- return(type);
- }
- }
-
- /* check the type string */
- /* netscape wrapped DER cert */
- if ( ( cp[0] == SEC_ASN1_OCTET_STRING ) &&
- ( cp[1] == CERTIFICATE_TYPE_LEN ) &&
- ( PORT_Strcmp((char *)&cp[2], CERTIFICATE_TYPE_STRING) ) ) {
-
- cp += ( CERTIFICATE_TYPE_LEN + 2 );
-
- /* it had better be a certificate by now!! */
- if ( certitem ) {
- certitem->data = cp;
- certitem->len = package->len -
- ( cp - (unsigned char *)package->data );
- }
- type = certPackageNSCertWrap;
-
- } else if ( cp[0] == SEC_ASN1_OBJECT_ID ) {
- /* XXX - assume DER encoding of OID len!! */
- oiditem.len = cp[1];
- oiditem.data = (unsigned char *)&cp[2];
- oiddata = SECOID_FindOID(&oiditem);
- if ( oiddata == NULL ) {
- /* failure */
- return(type);
- }
-
- if ( certitem ) {
- certitem->data = package->data;
- certitem->len = package->len;
- }
-
- switch ( oiddata->offset ) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- type = certPackagePKCS7;
- break;
- case SEC_OID_NS_TYPE_CERT_SEQUENCE:
- type = certPackageNSCertSeq;
- break;
- default:
- break;
- }
-
- } else {
- /* it had better be a certificate by now!! */
- if ( certitem ) {
- certitem->data = package->data;
- certitem->len = package->len;
- }
-
- type = certPackageCert;
- }
- }
-
- return(type);
-}
-
-/*
- * read an old style ascii or binary certificate chain
- */
-SECStatus
-CERT_DecodeCertPackage(char *certbuf,
- int certlen,
- CERTImportCertificateFunc f,
- void *arg)
-{
- unsigned char *cp;
- int seqLen, seqLenLen;
- int cl;
- unsigned char *bincert = NULL, *certbegin = NULL, *certend = NULL;
- unsigned int binLen;
- char *ascCert = NULL;
- int asciilen;
- CERTCertificate *cert;
- SECItem certitem, oiditem;
- SECStatus rv;
- SECOidData *oiddata;
- SECItem *pcertitem = &certitem;
-
- if ( certbuf == NULL ) {
- return(SECFailure);
- }
-
- cert = 0;
- cp = (unsigned char *)certbuf;
-
- /* is a DER encoded certificate of some type? */
- if ( ( *cp & 0x1f ) == SEC_ASN1_SEQUENCE ) {
- cp++;
-
- if ( *cp & 0x80) {
- /* Multibyte length */
- seqLenLen = cp[0] & 0x7f;
-
- switch (seqLenLen) {
- case 4:
- seqLen = ((unsigned long)cp[1]<<24) |
- ((unsigned long)cp[2]<<16) | (cp[3]<<8) | cp[4];
- break;
- case 3:
- seqLen = ((unsigned long)cp[1]<<16) | (cp[2]<<8) | cp[3];
- break;
- case 2:
- seqLen = (cp[1]<<8) | cp[2];
- break;
- case 1:
- seqLen = cp[1];
- break;
- default:
- /* indefinite length */
- seqLen = 0;
- }
- cp += ( seqLenLen + 1 );
-
- } else {
- seqLenLen = 0;
- seqLen = *cp;
- cp++;
- }
-
- /* check entire length if definite length */
- if ( seqLen || seqLenLen ) {
- if ( certlen != ( seqLen + seqLenLen + 2 ) ) {
- goto notder;
- }
- }
-
- /* check the type string */
- /* netscape wrapped DER cert */
- if ( ( cp[0] == SEC_ASN1_OCTET_STRING ) &&
- ( cp[1] == CERTIFICATE_TYPE_LEN ) &&
- ( PORT_Strcmp((char *)&cp[2], CERTIFICATE_TYPE_STRING) ) ) {
-
- cp += ( CERTIFICATE_TYPE_LEN + 2 );
-
- /* it had better be a certificate by now!! */
- certitem.data = cp;
- certitem.len = certlen - ( cp - (unsigned char *)certbuf );
-
- rv = (* f)(arg, &pcertitem, 1);
-
- return(rv);
- } else if ( cp[0] == SEC_ASN1_OBJECT_ID ) {
- /* XXX - assume DER encoding of OID len!! */
- oiditem.len = cp[1];
- oiditem.data = (unsigned char *)&cp[2];
- oiddata = SECOID_FindOID(&oiditem);
- if ( oiddata == NULL ) {
- return(SECFailure);
- }
-
- certitem.data = (unsigned char*)certbuf;
- certitem.len = certlen;
-
- switch ( oiddata->offset ) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- return(SEC_ReadPKCS7Certs(&certitem, f, arg));
- break;
- case SEC_OID_NS_TYPE_CERT_SEQUENCE:
- return(SEC_ReadCertSequence(&certitem, f, arg));
- break;
- default:
- break;
- }
-
- } else {
- /* it had better be a certificate by now!! */
- certitem.data = (unsigned char*)certbuf;
- certitem.len = certlen;
-
- rv = (* f)(arg, &pcertitem, 1);
- return(rv);
- }
- }
-
- /* now look for a netscape base64 ascii encoded cert */
-notder:
- cp = (unsigned char *)certbuf;
- cl = certlen;
- certbegin = 0;
- certend = 0;
-
- /* find the beginning marker */
- while ( cl > sizeof(NS_CERT_HEADER) ) {
- if ( !PORT_Strncasecmp((char *)cp, NS_CERT_HEADER,
- sizeof(NS_CERT_HEADER)-1) ) {
- cp = cp + sizeof(NS_CERT_HEADER);
- certbegin = cp;
- break;
- }
-
- /* skip to next eol */
- do {
- cp++;
- cl--;
- } while ( ( *cp != '\n') && cl );
-
- /* skip all blank lines */
- while ( ( *cp == '\n') && cl ) {
- cp++;
- cl--;
- }
- }
-
- if ( certbegin ) {
-
- /* find the ending marker */
- while ( cl > sizeof(NS_CERT_TRAILER) ) {
- if ( !PORT_Strncasecmp((char *)cp, NS_CERT_TRAILER,
- sizeof(NS_CERT_TRAILER)-1) ) {
- certend = (unsigned char *)cp;
- break;
- }
-
- /* skip to next eol */
- do {
- cp++;
- cl--;
- } while ( ( *cp != '\n') && cl );
-
- /* skip all blank lines */
- while ( ( *cp == '\n') && cl ) {
- cp++;
- cl--;
- }
- }
- }
-
- if ( certbegin && certend ) {
-
- /* Convert the ASCII data into a nul-terminated string */
- asciilen = certend - certbegin;
- ascCert = (char *)PORT_Alloc(asciilen+1);
- if (!ascCert) {
- rv = SECFailure;
- goto loser;
- }
-
- PORT_Memcpy(ascCert, certbegin, asciilen);
- ascCert[asciilen] = '\0';
-
- /* convert to binary */
- bincert = ATOB_AsciiToData(ascCert, &binLen);
- if (!bincert) {
- rv = SECFailure;
- goto loser;
- }
-
- /* now recurse to decode the binary */
- rv = CERT_DecodeCertPackage((char *)bincert, binLen, f, arg);
-
- } else {
- rv = SECFailure;
- }
-
-loser:
-
- if ( bincert ) {
- PORT_Free(bincert);
- }
-
- if ( ascCert ) {
- PORT_Free(ascCert);
- }
-
- return(rv);
-}
-
-typedef struct {
- PRArenaPool *arena;
- SECItem cert;
-} collect_args;
-
-static SECStatus
-collect_certs(void *arg, SECItem **certs, int numcerts)
-{
- SECStatus rv;
- collect_args *collectArgs;
-
- collectArgs = (collect_args *)arg;
-
- rv = SECITEM_CopyItem(collectArgs->arena, &collectArgs->cert, *certs);
-
- return(rv);
-}
-
-
-/*
- * read an old style ascii or binary certificate
- */
-CERTCertificate *
-CERT_DecodeCertFromPackage(char *certbuf, int certlen)
-{
- collect_args collectArgs;
- SECStatus rv;
- CERTCertificate *cert = NULL;
-
- collectArgs.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- rv = CERT_DecodeCertPackage(certbuf, certlen, collect_certs,
- (void *)&collectArgs);
- if ( rv == SECSuccess ) {
- cert = CERT_DecodeDERCertificate(&collectArgs.cert, PR_TRUE, NULL);
- }
-
- PORT_FreeArena(collectArgs.arena, PR_FALSE);
-
- return(cert);
-}
diff --git a/security/nss/lib/certhigh/certreq.c b/security/nss/lib/certhigh/certreq.c
deleted file mode 100644
index 0c3038139..000000000
--- a/security/nss/lib/certhigh/certreq.c
+++ /dev/null
@@ -1,228 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "cert.h"
-#include "secder.h"
-#include "key.h"
-#include "secitem.h"
-#include "secasn1.h"
-
-const SEC_ASN1Template CERT_AttributeTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTAttribute) },
- { SEC_ASN1_OBJECT_ID, offsetof(CERTAttribute, attrType) },
- { SEC_ASN1_SET_OF, offsetof(CERTAttribute, attrValue),
- SEC_AnyTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template CERT_SetOfAttributeTemplate[] = {
- { SEC_ASN1_SET_OF, 0, CERT_AttributeTemplate },
-};
-
-const SEC_ASN1Template CERT_CertificateRequestTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertificateRequest) },
- { SEC_ASN1_INTEGER,
- offsetof(CERTCertificateRequest,version) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificateRequest,subject),
- CERT_NameTemplate },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificateRequest,subjectPublicKeyInfo),
- CERT_SubjectPublicKeyInfoTemplate },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTCertificateRequest,attributes),
- CERT_SetOfAttributeTemplate },
- { 0 }
-};
-
-CERTCertificate *
-CERT_CreateCertificate(unsigned long serialNumber,
- CERTName *issuer,
- CERTValidity *validity,
- CERTCertificateRequest *req)
-{
- CERTCertificate *c;
- int rv;
- PRArenaPool *arena;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- return(0);
- }
-
- c = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
-
- if (c) {
- c->referenceCount = 1;
- c->arena = arena;
-
- /*
- * Default is a plain version 1.
- * If extensions are added, it will get changed as appropriate.
- */
- rv = DER_SetUInteger(arena, &c->version, SEC_CERTIFICATE_VERSION_1);
- if (rv) goto loser;
-
- rv = DER_SetUInteger(arena, &c->serialNumber, serialNumber);
- if (rv) goto loser;
-
- rv = CERT_CopyName(arena, &c->issuer, issuer);
- if (rv) goto loser;
-
- rv = CERT_CopyValidity(arena, &c->validity, validity);
- if (rv) goto loser;
-
- rv = CERT_CopyName(arena, &c->subject, &req->subject);
- if (rv) goto loser;
- rv = SECKEY_CopySubjectPublicKeyInfo(arena, &c->subjectPublicKeyInfo,
- &req->subjectPublicKeyInfo);
- if (rv) goto loser;
- }
- return c;
-
- loser:
- CERT_DestroyCertificate(c);
- return 0;
-}
-
-/************************************************************************/
-
-CERTCertificateRequest *
-CERT_CreateCertificateRequest(CERTName *subject,
- CERTSubjectPublicKeyInfo *spki,
- SECItem **attributes)
-{
- CERTCertificateRequest *certreq;
- PRArenaPool *arena;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- return NULL;
- }
-
- certreq = (CERTCertificateRequest *)
- PORT_ArenaZAlloc(arena, sizeof(CERTCertificateRequest));
-
- if (certreq != NULL) {
- certreq->arena = arena;
-
- rv = DER_SetUInteger(arena, &certreq->version,
- SEC_CERTIFICATE_REQUEST_VERSION);
- if (rv != SECSuccess)
- goto loser;
-
- rv = CERT_CopyName(arena, &certreq->subject, subject);
- if (rv != SECSuccess)
- goto loser;
-
- rv = SECKEY_CopySubjectPublicKeyInfo(arena,
- &certreq->subjectPublicKeyInfo,
- spki);
- if (rv != SECSuccess)
- goto loser;
-
- /* Copy over attribute information */
- if (attributes) {
- int i = 0;
-
- /* allocate space for attributes */
- while(attributes[i] != NULL) i++;
- certreq->attributes = (SECItem**)PORT_ArenaZAlloc(arena,
- sizeof(SECItem *) * (i + 1));
- if(!certreq->attributes) {
- goto loser;
- }
-
- /* copy attributes */
- i = 0;
- while(attributes[i]) {
- /*
- ** Attributes are a SetOf Attribute which implies
- ** lexigraphical ordering. It is assumes that the
- ** attributes are passed in sorted. If we need to
- ** add functionality to sort them, there is an
- ** example in the PKCS 7 code.
- */
- certreq->attributes[i] = (SECItem*)PORT_ArenaZAlloc(arena,
- sizeof(SECItem));
- if(!certreq->attributes[i]) {
- goto loser;
- };
- rv = SECITEM_CopyItem(arena, certreq->attributes[i],
- attributes[i]);
- if (rv != SECSuccess) {
- goto loser;
- }
- i++;
- }
- certreq->attributes[i] = NULL;
- } else {
- /*
- ** Invent empty attribute information. According to the
- ** pkcs#10 spec, attributes has this ASN.1 type:
- **
- ** attributes [0] IMPLICIT Attributes
- **
- ** Which means, we should create a NULL terminated list
- ** with the first entry being NULL;
- */
- certreq->attributes = (SECItem**)PORT_ArenaZAlloc(arena, sizeof(SECItem *));
- if(!certreq->attributes) {
- goto loser;
- }
- certreq->attributes[0] = NULL;
- }
- } else {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return certreq;
-
-loser:
- CERT_DestroyCertificateRequest(certreq);
- return NULL;
-}
-
-void
-CERT_DestroyCertificateRequest(CERTCertificateRequest *req)
-{
- if (req && req->arena) {
- PORT_FreeArena(req->arena, PR_FALSE);
- }
- return;
-}
-
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c
deleted file mode 100644
index 807c0a9e0..000000000
--- a/security/nss/lib/certhigh/certvfy.c
+++ /dev/null
@@ -1,1575 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "nspr.h"
-#include "secerr.h"
-#include "secport.h"
-#include "seccomon.h"
-#include "secoid.h"
-#include "sslerr.h"
-#include "genname.h"
-#include "keyhi.h"
-#include "cert.h"
-#include "certdb.h"
-#include "cryptohi.h"
-
-#define PENDING_SLOP (24L*60L*60L)
-
-/*
- * WARNING - this function is depricated, and will go away in the near future.
- * It has been superseded by CERT_CheckCertValidTimes().
- *
- * Check the validity times of a certificate
- */
-SECStatus
-CERT_CertTimesValid(CERTCertificate *c)
-{
- int64 now, notBefore, notAfter, pendingSlop;
- SECStatus rv;
-
- /* if cert is already marked OK, then don't bother to check */
- if ( c->timeOK ) {
- return(SECSuccess);
- }
-
- /* get current UTC time */
- now = PR_Now();
- rv = CERT_GetCertTimes(c, &notBefore, &notAfter);
-
- if (rv) {
- return(SECFailure);
- }
-
- LL_I2L(pendingSlop, PENDING_SLOP);
- LL_SUB(notBefore, notBefore, pendingSlop);
-
- if (LL_CMP(now, <, notBefore) || LL_CMP(now, >, notAfter)) {
- PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE);
- return(SECFailure);
- }
-
- return(SECSuccess);
-}
-
-/*
- * verify the signature of a signed data object with the given certificate
- */
-SECStatus
-CERT_VerifySignedData(CERTSignedData *sd, CERTCertificate *cert,
- int64 t, void *wincx)
-{
- SECItem sig;
- SECKEYPublicKey *pubKey = 0;
- SECStatus rv;
- SECCertTimeValidity validity;
- SECOidTag algid;
-
- /* check the certificate's validity */
- validity = CERT_CheckCertValidTimes(cert, t, PR_FALSE);
- if ( validity != secCertTimeValid ) {
- return(SECFailure);
- }
-
- /* get cert's public key */
- pubKey = CERT_ExtractPublicKey(cert);
- if ( !pubKey ) {
- return(SECFailure);
- }
-
- /* check the signature */
- sig = sd->signature;
- DER_ConvertBitString(&sig);
-
- algid = SECOID_GetAlgorithmTag(&sd->signatureAlgorithm);
- rv = VFY_VerifyData(sd->data.data, sd->data.len, pubKey, &sig,
- algid, wincx);
-
- SECKEY_DestroyPublicKey(pubKey);
-
- if ( rv ) {
- return(SECFailure);
- }
-
- return(SECSuccess);
-}
-
-
-/*
- * This must only be called on a cert that is known to have an issuer
- * with an invalid time
- */
-CERTCertificate *
-CERT_FindExpiredIssuer(CERTCertDBHandle *handle, CERTCertificate *cert)
-{
- CERTCertificate *issuerCert = NULL;
- CERTCertificate *subjectCert;
- int count;
- SECStatus rv;
- SECComparison rvCompare;
-
- subjectCert = CERT_DupCertificate(cert);
- if ( subjectCert == NULL ) {
- goto loser;
- }
-
- for ( count = 0; count < CERT_MAX_CERT_CHAIN; count++ ) {
- /* find the certificate of the issuer */
- issuerCert = CERT_FindCertByName(handle, &subjectCert->derIssuer);
-
- if ( ! issuerCert ) {
- goto loser;
- }
-
- rv = CERT_CertTimesValid(issuerCert);
- if ( rv == SECFailure ) {
- /* this is the invalid issuer */
- CERT_DestroyCertificate(subjectCert);
- return(issuerCert);
- }
-
- /* make sure that the issuer is not self signed. If it is, then
- * stop here to prevent looping.
- */
- rvCompare = SECITEM_CompareItem(&issuerCert->derSubject,
- &issuerCert->derIssuer);
- if (rvCompare == SECEqual) {
- PORT_Assert(0); /* No expired issuer! */
- goto loser;
- }
- CERT_DestroyCertificate(subjectCert);
- subjectCert = issuerCert;
- }
-
-loser:
- if ( issuerCert ) {
- CERT_DestroyCertificate(issuerCert);
- }
-
- if ( subjectCert ) {
- CERT_DestroyCertificate(subjectCert);
- }
-
- return(NULL);
-}
-
-/* Software FORTEZZA installation hack. The software fortezza installer does
- * not have access to the krl and cert.db file. Accept FORTEZZA Certs without
- * KRL's in this case.
- */
-static int dont_use_krl = 0;
-/* not a public exposed function... */
-void sec_SetCheckKRLState(int value) { dont_use_krl = value; }
-
-SECStatus
-SEC_CheckKRL(CERTCertDBHandle *handle,SECKEYPublicKey *key,
- CERTCertificate *rootCert, int64 t, void * wincx)
-{
- CERTSignedCrl *crl = NULL;
- SECStatus rv = SECFailure;
- SECStatus rv2;
- CERTCrlEntry **crlEntry;
- SECCertTimeValidity validity;
- CERTCertificate *issuerCert = NULL;
-
- if (dont_use_krl) return SECSuccess;
-
- /* first look up the KRL */
- crl = SEC_FindCrlByName(handle,&rootCert->derSubject, SEC_KRL_TYPE);
- if (crl == NULL) {
- PORT_SetError(SEC_ERROR_NO_KRL);
- goto done;
- }
-
- /* get the issuing certificate */
- issuerCert = CERT_FindCertByName(handle, &crl->crl.derName);
- if (issuerCert == NULL) {
- PORT_SetError(SEC_ERROR_KRL_BAD_SIGNATURE);
- goto done;
- }
-
-
- /* now verify the KRL signature */
- rv2 = CERT_VerifySignedData(&crl->signatureWrap, issuerCert, t, wincx);
- if (rv2 != SECSuccess) {
- PORT_SetError(SEC_ERROR_KRL_BAD_SIGNATURE);
- goto done;
- }
-
- /* Verify the date validity of the KRL */
- validity = SEC_CheckCrlTimes(&crl->crl, t);
- if (validity == secCertTimeExpired) {
- PORT_SetError(SEC_ERROR_KRL_EXPIRED);
- goto done;
- }
-
- /* now make sure the key in this cert is still valid */
- if (key->keyType != fortezzaKey) {
- PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
- goto done; /* This should be an assert? */
- }
-
- /* now make sure the key is not on the revocation list */
- for (crlEntry = crl->crl.entries; crlEntry && *crlEntry; crlEntry++) {
- if (PORT_Memcmp((*crlEntry)->serialNumber.data,
- key->u.fortezza.KMID,
- (*crlEntry)->serialNumber.len) == 0) {
- PORT_SetError(SEC_ERROR_REVOKED_KEY);
- goto done;
- }
- }
- rv = SECSuccess;
-
-done:
- if (issuerCert) CERT_DestroyCertificate(issuerCert);
- if (crl) SEC_DestroyCrl(crl);
- return rv;
-}
-
-SECStatus
-SEC_CheckCRL(CERTCertDBHandle *handle,CERTCertificate *cert,
- CERTCertificate *caCert, int64 t, void * wincx)
-{
- CERTSignedCrl *crl = NULL;
- SECStatus rv = SECSuccess;
- CERTCrlEntry **crlEntry;
- SECCertTimeValidity validity;
-
- /* first look up the CRL */
- crl = SEC_FindCrlByName(handle,&caCert->derSubject, SEC_CRL_TYPE);
- if (crl == NULL) {
- /* XXX for now no CRL is ok */
- goto done;
- }
-
- /* now verify the CRL signature */
- rv = CERT_VerifySignedData(&crl->signatureWrap, caCert, t, wincx);
- if (rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_CRL_BAD_SIGNATURE);
- rv = SECWouldBlock; /* Soft error, ask the user */
- goto done;
- }
-
- /* Verify the date validity of the KRL */
- validity = SEC_CheckCrlTimes(&crl->crl,t);
- if (validity == secCertTimeExpired) {
- PORT_SetError(SEC_ERROR_CRL_EXPIRED);
- rv = SECWouldBlock; /* Soft error, ask the user */
- } else if (validity == secCertTimeNotValidYet) {
- PORT_SetError(SEC_ERROR_CRL_NOT_YET_VALID);
- rv = SECWouldBlock; /* Soft error, ask the user */
- }
-
- /* now make sure the key is not on the revocation list */
- for (crlEntry = crl->crl.entries; crlEntry && *crlEntry; crlEntry++) {
- if (SECITEM_CompareItem(&(*crlEntry)->serialNumber,&cert->serialNumber) == SECEqual) {
- PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
- rv = SECFailure; /* cert is revoked */
- goto done;
- }
- }
-
-done:
- if (crl) SEC_DestroyCrl(crl);
- return rv;
-}
-
-/*
- * Find the issuer of a cert. Use the authorityKeyID if it exists.
- */
-CERTCertificate *
-CERT_FindCertIssuer(CERTCertificate *cert, int64 validTime, SECCertUsage usage)
-{
- CERTAuthKeyID * authorityKeyID = NULL;
- CERTCertificate * issuerCert = NULL;
- SECItem * caName;
- PRArenaPool *tmpArena = NULL;
- SECItem issuerCertKey;
- SECStatus rv;
-
- tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !tmpArena ) {
- goto loser;
- }
- authorityKeyID = CERT_FindAuthKeyIDExten(tmpArena,cert);
-
- if ( authorityKeyID != NULL ) {
- /* has the authority key ID extension */
- if ( authorityKeyID->keyID.data != NULL ) {
- /* extension contains a key ID, so lookup based on it */
- issuerCert = CERT_FindCertByKeyID(cert->dbhandle, &cert->derIssuer,
- &authorityKeyID->keyID);
- if ( issuerCert == NULL ) {
- PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
- goto loser;
- }
-
- } else if ( authorityKeyID->authCertIssuer != NULL ) {
- /* no key ID, so try issuer and serial number */
- caName = (SECItem*)CERT_GetGeneralNameByType(authorityKeyID->authCertIssuer,
- certDirectoryName, PR_TRUE);
-
- /*
- * caName is NULL when the authCertIssuer field is not
- * being used, or other name form is used instead.
- * If the directoryName format and serialNumber fields are
- * used, we use them to find the CA cert.
- * Note:
- * By the time it gets here, we known for sure that if the
- * authCertIssuer exists, then the authCertSerialNumber
- * must also exists (CERT_DecodeAuthKeyID() ensures this).
- * We don't need to check again.
- */
-
- if (caName != NULL) {
- rv = CERT_KeyFromIssuerAndSN(tmpArena, caName,
- &authorityKeyID->authCertSerialNumber,
- &issuerCertKey);
- if ( rv == SECSuccess ) {
- issuerCert = CERT_FindCertByKey(cert->dbhandle,
- &issuerCertKey);
- }
-
- if ( issuerCert == NULL ) {
- PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
- goto loser;
- }
- }
- }
- }
- if ( issuerCert == NULL ) {
- /* if there is not authorityKeyID, then try to find the issuer */
- /* find a valid CA cert with correct usage */
- issuerCert = CERT_FindMatchingCert(cert->dbhandle,
- &cert->derIssuer,
- certOwnerCA, usage, PR_TRUE,
- validTime, PR_TRUE);
-
- /* if that fails, then fall back to grabbing any cert with right name*/
- if ( issuerCert == NULL ) {
- issuerCert = CERT_FindCertByName(cert->dbhandle, &cert->derIssuer);
- if ( issuerCert == NULL ) {
- PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
- }
- }
- }
-
-loser:
- if (tmpArena != NULL) {
- PORT_FreeArena(tmpArena, PR_FALSE);
- tmpArena = NULL;
- }
-
- return(issuerCert);
-}
-
-/*
- * return required trust flags for various cert usages for CAs
- */
-SECStatus
-CERT_TrustFlagsForCACertUsage(SECCertUsage usage,
- unsigned int *retFlags,
- SECTrustType *retTrustType)
-{
- unsigned int requiredFlags;
- SECTrustType trustType;
-
- switch ( usage ) {
- case certUsageSSLClient:
- requiredFlags = CERTDB_TRUSTED_CLIENT_CA;
- trustType = trustSSL;
- break;
- case certUsageSSLServer:
- case certUsageSSLCA:
- requiredFlags = CERTDB_TRUSTED_CA;
- trustType = trustSSL;
- break;
- case certUsageSSLServerWithStepUp:
- requiredFlags = CERTDB_TRUSTED_CA | CERTDB_GOVT_APPROVED_CA;
- trustType = trustSSL;
- break;
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- requiredFlags = CERTDB_TRUSTED_CA;
- trustType = trustEmail;
- break;
- case certUsageObjectSigner:
- requiredFlags = CERTDB_TRUSTED_CA;
- trustType = trustObjectSigning;
- break;
- case certUsageVerifyCA:
- case certUsageAnyCA:
- case certUsageStatusResponder:
- requiredFlags = CERTDB_TRUSTED_CA;
- trustType = trustTypeNone;
- break;
- default:
- PORT_Assert(0);
- goto loser;
- }
- if ( retFlags != NULL ) {
- *retFlags = requiredFlags;
- }
- if ( retTrustType != NULL ) {
- *retTrustType = trustType;
- }
-
- return(SECSuccess);
-loser:
- return(SECFailure);
-}
-
-
-
-
-
-static void
-AddToVerifyLog(CERTVerifyLog *log, CERTCertificate *cert, unsigned long error,
- unsigned int depth, void *arg)
-{
- CERTVerifyLogNode *node, *tnode;
-
- PORT_Assert(log != NULL);
-
- node = (CERTVerifyLogNode *)PORT_ArenaAlloc(log->arena,
- sizeof(CERTVerifyLogNode));
- if ( node != NULL ) {
- node->cert = CERT_DupCertificate(cert);
- node->error = error;
- node->depth = depth;
- node->arg = arg;
-
- if ( log->tail == NULL ) {
- /* empty list */
- log->head = log->tail = node;
- node->prev = NULL;
- node->next = NULL;
- } else if ( depth >= log->tail->depth ) {
- /* add to tail */
- node->prev = log->tail;
- log->tail->next = node;
- log->tail = node;
- node->next = NULL;
- } else if ( depth < log->head->depth ) {
- /* add at head */
- node->prev = NULL;
- node->next = log->head;
- log->head->prev = node;
- log->head = node;
- } else {
- /* add in middle */
- tnode = log->tail;
- while ( tnode != NULL ) {
- if ( depth >= tnode->depth ) {
- /* insert after tnode */
- node->prev = tnode;
- node->next = tnode->next;
- tnode->next->prev = node;
- tnode->next = node;
- break;
- }
-
- tnode = tnode->prev;
- }
- }
-
- log->count++;
- }
- return;
-}
-
-#define EXIT_IF_NOT_LOGGING(log) \
- if ( log == NULL ) { \
- goto loser; \
- }
-
-#define LOG_ERROR_OR_EXIT(log,cert,depth,arg) \
- if ( log != NULL ) { \
- AddToVerifyLog(log, cert, PORT_GetError(), depth, (void *)arg); \
- } else { \
- goto loser; \
- }
-
-#define LOG_ERROR(log,cert,depth,arg) \
- if ( log != NULL ) { \
- AddToVerifyLog(log, cert, PORT_GetError(), depth, (void *)arg); \
- }
-
-
-
-
-SECStatus
-CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, int64 t,
- void *wincx, CERTVerifyLog *log)
-{
- SECTrustType trustType;
- CERTBasicConstraints basicConstraint;
- CERTCertificate *issuerCert = NULL;
- CERTCertificate *subjectCert = NULL;
- CERTCertificate *badCert = NULL;
- PRBool isca;
- PRBool isFortezzaV1 = PR_FALSE;
- SECStatus rv;
- SECComparison rvCompare;
- SECStatus rvFinal = SECSuccess;
- int count;
- int currentPathLen = -1;
- int flags;
- unsigned int caCertType;
- unsigned int requiredCAKeyUsage;
- unsigned int requiredFlags;
- PRArenaPool *arena = NULL;
- CERTGeneralName *namesList = NULL;
- CERTGeneralName *subjectNameList = NULL;
- SECItem *namesIndex = NULL;
- int namesIndexLen = 10;
- int namesCount = 0;
-
- enum { cbd_None, cbd_User, cbd_CA } last_type = cbd_None;
- SECKEYPublicKey *key;
-
- if (CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_TRUE,
- &requiredCAKeyUsage,
- &caCertType)
- != SECSuccess ) {
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredCAKeyUsage = 0;
- caCertType = 0;
- }
-
- switch ( certUsage ) {
- case certUsageSSLClient:
- case certUsageSSLServer:
- case certUsageSSLCA:
- case certUsageSSLServerWithStepUp:
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- case certUsageObjectSigner:
- case certUsageVerifyCA:
- case certUsageStatusResponder:
- if ( CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags,
- &trustType) != SECSuccess ) {
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredFlags = 0;
- trustType = trustSSL;
- }
- break;
- default:
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredFlags = 0;
- trustType = trustSSL;/* This used to be 0, but we need something
- * that matches the enumeration type.
- */
- caCertType = 0;
- }
-
- subjectCert = CERT_DupCertificate(cert);
- if ( subjectCert == NULL ) {
- goto loser;
- }
-
- /* determine if the cert is fortezza. Getting the key is an easy
- * way to determine it, especially since we need to get the privillege
- * from the key anyway.
- */
- key = CERT_ExtractPublicKey(cert);
-
- if (key != NULL) {
- isFortezzaV1 = (PRBool)(key->keyType == fortezzaKey);
-
- /* find out what type of cert we are starting with */
- if (isFortezzaV1) {
- unsigned char priv = 0;;
-
- rv = SEC_CheckKRL(handle, key, NULL, t, wincx);
- if (rv == SECFailure) {
- /**** PORT_SetError is already set by SEC_CheckKRL **/
- SECKEY_DestroyPublicKey(key);
- /**** Bob - should we log and continue when logging? **/
- LOG_ERROR(log,subjectCert,0,0);
- goto loser;
- }
-
- if (key->u.fortezza.DSSpriviledge.len > 0) {
- priv = key->u.fortezza.DSSpriviledge.data[0];
- }
-
- last_type = (priv & 0x30) ? cbd_CA : cbd_User;
- }
-
- SECKEY_DestroyPublicKey(key);
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- goto loser;
- }
-
- namesIndex = (SECItem *) PORT_ZAlloc(sizeof(SECItem) * namesIndexLen);
- if (namesIndex == NULL) {
- goto loser;
- }
-
- for ( count = 0; count < CERT_MAX_CERT_CHAIN; count++ ) {
- int subjectNameListLen;
- int i;
-
- /* Construct a list of names for the current and all previous certifcates
- to be verified against the name constraints extension of the issuer
- certificate. */
- subjectNameList = CERT_GetCertificateNames(subjectCert, arena);
- subjectNameListLen = CERT_GetNamesLength(subjectNameList);
- for (i = 0; i < subjectNameListLen; i++) {
- if (namesIndexLen < namesCount + i) {
- namesIndexLen = namesIndexLen * 2;
- namesIndex = (SECItem *) PORT_Realloc(namesIndex, namesIndexLen *
- sizeof(SECItem));
- if (namesIndex == NULL) {
- goto loser;
- }
- }
- rv = SECITEM_CopyItem(arena, &(namesIndex[namesCount + i]), &(subjectCert->derSubject));
- }
- namesCount += subjectNameListLen;
- namesList = cert_CombineNamesLists(namesList, subjectNameList);
-
- /* find the certificate of the issuer */
- issuerCert = CERT_FindCertIssuer(subjectCert, t, certUsage);
- if ( ! issuerCert ) {
- PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
- LOG_ERROR(log,subjectCert,count,0);
- goto loser;
- }
-
- /* verify the signature on the cert */
- if ( checkSig ) {
- rv = CERT_VerifySignedData(&subjectCert->signatureWrap,
- issuerCert, t, wincx);
-
- if ( rv != SECSuccess ) {
- if ( PORT_GetError() == SEC_ERROR_EXPIRED_CERTIFICATE ) {
- PORT_SetError(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- } else {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- LOG_ERROR_OR_EXIT(log,subjectCert,count,0);
- }
- }
- }
-
- /*
- * XXX - fortezza may need error logging stuff added
- */
- if (isFortezzaV1) {
- unsigned char priv = 0;
-
- /* read the key */
- key = CERT_ExtractPublicKey(issuerCert);
-
- /* Cant' get Key? fail. */
- if (key == NULL) {
- PORT_SetError(SEC_ERROR_BAD_KEY);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- goto fortezzaDone;
- }
-
-
- /* if the issuer is not an old fortezza cert, we bail */
- if (key->keyType != fortezzaKey) {
- SECKEY_DestroyPublicKey(key);
- /* CA Cert not fortezza */
- PORT_SetError(SEC_ERROR_NOT_FORTEZZA_ISSUER);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- goto fortezzaDone;
- }
-
- /* get the privilege mask */
- if (key->u.fortezza.DSSpriviledge.len > 0) {
- priv = key->u.fortezza.DSSpriviledge.data[0];
- }
-
- /*
- * make sure the CA's keys are OK
- */
-
- rv = SEC_CheckKRL(handle, key, NULL, t, wincx);
- if (rv != SECSuccess) {
- SECKEY_DestroyPublicKey(key);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- goto fortezzaDone;
- /** fall through looking for more stuff **/
- } else {
- SECKEY_DestroyPublicKey(key);
- }
-
- switch (last_type) {
- case cbd_User:
- /* first check for subordination */
- /*rv = FortezzaSubordinateCheck(cert,issuerCert);*/
- rv = SECSuccess;
-
- /* now check for issuer privilege */
- if ((rv != SECSuccess) || ((priv & 0x10) == 0)) {
- /* bail */
- PORT_SetError (SEC_ERROR_CA_CERT_INVALID);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- }
- break;
- case cbd_CA:
- case cbd_None:
- if ((priv & 0x20) == 0) {
- /* bail */
- PORT_SetError (SEC_ERROR_CA_CERT_INVALID);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- }
- break;
- default:
- /* bail */ /* shouldn't ever happen */
- PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- }
-
-fortezzaDone:
- last_type = cbd_CA;
- }
-
- /* If the basicConstraint extension is included in an immediate CA
- * certificate, make sure that the isCA flag is on. If the
- * pathLenConstraint component exists, it must be greater than the
- * number of CA certificates we have seen so far. If the extension
- * is omitted, we will assume that this is a CA certificate with
- * an unlimited pathLenConstraint (since it already passes the
- * netscape-cert-type extension checking).
- *
- * In the fortezza (V1) case, we've already checked the CA bits
- * in the key, so we're presumed to be a CA; however we really don't
- * want to bypass Basic constraint or netscape extension parsing.
- *
- * In Fortezza V2, basicConstraint will be set for every CA,PCA,PAA
- */
-
- rv = CERT_FindBasicConstraintExten(issuerCert, &basicConstraint);
- if ( rv != SECSuccess ) {
- if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- } else {
- currentPathLen = CERT_UNLIMITED_PATH_CONSTRAINT;
- }
- /* no basic constraints found, if we're fortezza, CA bit is already
- * verified (isca = PR_TRUE). otherwise, we aren't (yet) a ca
- * isca = PR_FALSE */
- isca = isFortezzaV1;
- } else {
- if ( basicConstraint.isCA == PR_FALSE ) {
- PORT_SetError (SEC_ERROR_CA_CERT_INVALID);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- }
-
- /* make sure that the path len constraint is properly set.
- */
- if ( basicConstraint.pathLenConstraint ==
- CERT_UNLIMITED_PATH_CONSTRAINT ) {
- currentPathLen = CERT_UNLIMITED_PATH_CONSTRAINT;
- } else if ( currentPathLen == CERT_UNLIMITED_PATH_CONSTRAINT ) {
- /* error if the previous CA's path length constraint is
- * unlimited but its CA's path is not.
- */
- PORT_SetError (SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,basicConstraint.pathLenConstraint);
- } else if (basicConstraint.pathLenConstraint > currentPathLen) {
- currentPathLen = basicConstraint.pathLenConstraint;
- } else {
- PORT_SetError (SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,basicConstraint.pathLenConstraint);
- }
-
- isca = PR_TRUE;
- }
-
- /* XXX - the error logging may need to go down into CRL stuff at some
- * point
- */
- /* check revoked list (issuer) */
- rv = SEC_CheckCRL(handle, subjectCert, issuerCert, t, wincx);
- if (rv == SECFailure) {
- LOG_ERROR_OR_EXIT(log,subjectCert,count,0);
- } else if (rv == SECWouldBlock) {
- /* We found something fishy, so we intend to issue an
- * error to the user, but the user may wish to continue
- * processing, in which case we better make sure nothing
- * worse has happened... so keep cranking the loop */
- rvFinal = SECFailure;
- LOG_ERROR(log,subjectCert,count,0);
- }
-
-
- if ( issuerCert->trust ) {
- /*
- * check the trust parms of the issuer
- */
- if ( certUsage == certUsageVerifyCA ) {
- if ( subjectCert->nsCertType & NS_CERT_TYPE_EMAIL_CA ) {
- trustType = trustEmail;
- } else if ( subjectCert->nsCertType & NS_CERT_TYPE_SSL_CA ) {
- trustType = trustSSL;
- } else {
- trustType = trustObjectSigning;
- }
- }
-
- flags = SEC_GET_TRUST_FLAGS(issuerCert->trust, trustType);
-
- if ( (flags & CERTDB_VALID_CA) ||
- (certUsage == certUsageStatusResponder)) {
- if ( ( flags & requiredFlags ) == requiredFlags ||
- certUsage == certUsageStatusResponder ) {
- /* we found a trusted one, so return */
- rv = rvFinal;
- goto done;
- }
- }
- }
-
- /*
- * Make sure that if this is an intermediate CA in the chain that
- * it was given permission by its signer to be a CA.
- */
- if ( isca ) {
- /*
- * if basicConstraints says it is a ca, then we check the
- * nsCertType. If the nsCertType has any CA bits set, then
- * it must have the right one.
- */
- if ( issuerCert->nsCertType & NS_CERT_TYPE_CA ) {
- if ( issuerCert->nsCertType & caCertType ) {
- isca = PR_TRUE;
- } else {
- isca = PR_FALSE;
- }
- }
- } else {
- if ( issuerCert->nsCertType & caCertType ) {
- isca = PR_TRUE;
- } else {
- isca = PR_FALSE;
- }
- }
-
- if ( !isca ) {
- PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- }
-
- /* make sure key usage allows cert signing */
- if (CERT_CheckKeyUsage(issuerCert, requiredCAKeyUsage) != SECSuccess) {
- PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,requiredCAKeyUsage);
- }
- /* make sure that the entire chain is within the name space of the current issuer
- * certificate.
- */
-
- badCert = CERT_CompareNameSpace(issuerCert, namesList, namesIndex, arena, handle);
- if (badCert != NULL) {
- PORT_SetError(SEC_ERROR_CERT_NOT_IN_NAME_SPACE);
- LOG_ERROR_OR_EXIT(log, badCert, count + 1, 0);
- goto loser;
- }
- /* make sure that the issuer is not self signed. If it is, then
- * stop here to prevent looping.
- */
- rvCompare = SECITEM_CompareItem(&issuerCert->derSubject,
- &issuerCert->derIssuer);
- if (rvCompare == SECEqual) {
- PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
- LOG_ERROR(log, issuerCert, count+1, 0);
- goto loser;
- }
-
- CERT_DestroyCertificate(subjectCert);
- subjectCert = issuerCert;
- }
-
- subjectCert = NULL;
- PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
- LOG_ERROR(log,issuerCert,count,0);
-loser:
- rv = SECFailure;
-done:
- if (namesIndex != NULL) {
- PORT_Free(namesIndex);
- }
- if ( issuerCert ) {
- CERT_DestroyCertificate(issuerCert);
- }
-
- if ( subjectCert ) {
- CERT_DestroyCertificate(subjectCert);
- }
-
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return rv;
-}
-
-/*
- * verify a certificate by checking if its valid and that we
- * trust the issuer.
- * Note that this routine does not verify the signature of the certificate.
- */
-SECStatus
-CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, int64 t,
- void *wincx, CERTVerifyLog *log)
-{
- SECStatus rv;
- unsigned int requiredKeyUsage;
- unsigned int requiredCertType;
- unsigned int flags;
- unsigned int certType;
- PRBool allowOverride;
- SECCertTimeValidity validity;
- CERTStatusConfig *statusConfig;
-
- /* check if this cert is in the Evil list */
- rv = CERT_CheckForEvilCert(cert);
- if ( rv != SECSuccess ) {
- PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
- LOG_ERROR_OR_EXIT(log,cert,0,0);
- }
-
- /* make sure that the cert is valid at time t */
- allowOverride = (PRBool)((certUsage == certUsageSSLServer) ||
- (certUsage == certUsageSSLServerWithStepUp));
- validity = CERT_CheckCertValidTimes(cert, t, allowOverride);
- if ( validity != secCertTimeValid ) {
- LOG_ERROR_OR_EXIT(log,cert,0,validity);
- }
-
- /* check key usage and netscape cert type */
- CERT_GetCertType(cert);
- certType = cert->nsCertType;
- switch ( certUsage ) {
- case certUsageSSLClient:
- case certUsageSSLServer:
- case certUsageSSLServerWithStepUp:
- case certUsageSSLCA:
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- case certUsageObjectSigner:
- case certUsageStatusResponder:
- rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE,
- &requiredKeyUsage,
- &requiredCertType);
- if ( rv != SECSuccess ) {
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredKeyUsage = 0;
- requiredCertType = 0;
- }
- break;
- case certUsageVerifyCA:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_CA;
- if ( ! ( certType & NS_CERT_TYPE_CA ) ) {
- certType |= NS_CERT_TYPE_CA;
- }
- break;
- default:
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredKeyUsage = 0;
- requiredCertType = 0;
- }
- if ( CERT_CheckKeyUsage(cert, requiredKeyUsage) != SECSuccess ) {
- PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
- LOG_ERROR_OR_EXIT(log,cert,0,requiredKeyUsage);
- }
- if ( !( certType & requiredCertType ) ) {
- PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE);
- LOG_ERROR_OR_EXIT(log,cert,0,requiredCertType);
- }
-
- /* check trust flags to see if this cert is directly trusted */
- if ( cert->trust ) { /* the cert is in the DB */
- switch ( certUsage ) {
- case certUsageSSLClient:
- case certUsageSSLServer:
- flags = cert->trust->sslFlags;
-
- /* is the cert directly trusted or not trusted ? */
- if ( flags & CERTDB_VALID_PEER ) {/*the trust record is valid*/
- if ( flags & CERTDB_TRUSTED ) { /* trust this cert */
- goto winner;
- } else { /* don't trust this cert */
- PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
- LOG_ERROR_OR_EXIT(log,cert,0,flags);
- }
- }
- break;
- case certUsageSSLServerWithStepUp:
- /* XXX - step up certs can't be directly trusted */
- break;
- case certUsageSSLCA:
- break;
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- flags = cert->trust->emailFlags;
-
- /* is the cert directly trusted or not trusted ? */
- if ( ( flags & ( CERTDB_VALID_PEER | CERTDB_TRUSTED ) ) ==
- ( CERTDB_VALID_PEER | CERTDB_TRUSTED ) ) {
- goto winner;
- }
- break;
- case certUsageObjectSigner:
- flags = cert->trust->objectSigningFlags;
-
- /* is the cert directly trusted or not trusted ? */
- if ( flags & CERTDB_VALID_PEER ) {/*the trust record is valid*/
- if ( flags & CERTDB_TRUSTED ) { /* trust this cert */
- goto winner;
- } else { /* don't trust this cert */
- PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
- LOG_ERROR_OR_EXIT(log,cert,0,flags);
- }
- }
- break;
- case certUsageVerifyCA:
- case certUsageStatusResponder:
- flags = cert->trust->sslFlags;
- /* is the cert directly trusted or not trusted ? */
- if ( ( flags & ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) ==
- ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) {
- goto winner;
- }
- flags = cert->trust->emailFlags;
- /* is the cert directly trusted or not trusted ? */
- if ( ( flags & ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) ==
- ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) {
- goto winner;
- }
- flags = cert->trust->objectSigningFlags;
- /* is the cert directly trusted or not trusted ? */
- if ( ( flags & ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) ==
- ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) {
- goto winner;
- }
- break;
- case certUsageAnyCA:
- case certUsageProtectedObjectSigner:
- case certUsageUserCertImport:
- /* XXX to make the compiler happy. Should these be
- * explicitly handled?
- */
- break;
- }
- }
-
- rv = CERT_VerifyCertChain(handle, cert, checkSig, certUsage,
- t, wincx, log);
- if (rv != SECSuccess) {
- EXIT_IF_NOT_LOGGING(log);
- }
-
- /*
- * Check revocation status, but only if the cert we are checking
- * is not a status reponder itself. We only do this in the case
- * where we checked the cert chain (above); explicit trust "wins"
- * (avoids status checking, just as it avoids CRL checking, which
- * is all done inside VerifyCertChain) by bypassing this code.
- */
- statusConfig = CERT_GetStatusConfig(handle);
- if (certUsage != certUsageStatusResponder && statusConfig != NULL) {
- if (statusConfig->statusChecker != NULL) {
- rv = (* statusConfig->statusChecker)(handle, cert,
- t, wincx);
- if (rv != SECSuccess) {
- LOG_ERROR_OR_EXIT(log,cert,0,0);
- }
- }
- }
-
-winner:
- return(SECSuccess);
-
-loser:
- rv = SECFailure;
-
- return(rv);
-}
-
-/*
- * verify a certificate by checking if its valid and that we
- * trust the issuer. Verify time against now.
- */
-SECStatus
-CERT_VerifyCertNow(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, void *wincx)
-{
- return(CERT_VerifyCert(handle, cert, checkSig,
- certUsage, PR_Now(), wincx, NULL));
-}
-
-/* [ FROM pcertdb.c ] */
-/*
- * Supported usage values and types:
- * certUsageSSLClient
- * certUsageSSLServer
- * certUsageSSLServerWithStepUp
- * certUsageEmailSigner
- * certUsageEmailRecipient
- * certUsageObjectSigner
- */
-
-CERTCertificate *
-CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
- CERTCertOwner owner, SECCertUsage usage,
- PRBool preferTrusted, int64 validTime, PRBool validOnly)
-{
- CERTCertList *certList = NULL;
- CERTCertificate *cert = NULL;
- unsigned int requiredTrustFlags;
- SECTrustType requiredTrustType;
- unsigned int flags;
-
- PRBool lookingForCA = PR_FALSE;
- SECStatus rv;
- CERTCertListNode *node;
- CERTCertificate *saveUntrustedCA = NULL;
-
- /* if preferTrusted is set, must be a CA cert */
- PORT_Assert( ! ( preferTrusted && ( owner != certOwnerCA ) ) );
-
- if ( owner == certOwnerCA ) {
- lookingForCA = PR_TRUE;
- if ( preferTrusted ) {
- rv = CERT_TrustFlagsForCACertUsage(usage, &requiredTrustFlags,
- &requiredTrustType);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- requiredTrustFlags |= CERTDB_VALID_CA;
- }
- }
-
- certList = CERT_CreateSubjectCertList(NULL, handle, derName, validTime,
- validOnly);
- if ( certList != NULL ) {
- rv = CERT_FilterCertListByUsage(certList, usage, lookingForCA);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- node = CERT_LIST_HEAD(certList);
-
- while ( !CERT_LIST_END(node, certList) ) {
- cert = node->cert;
-
- /* looking for a trusted CA cert */
- if ( ( owner == certOwnerCA ) && preferTrusted &&
- ( requiredTrustType != trustTypeNone ) ) {
-
- if ( cert->trust == NULL ) {
- flags = 0;
- } else {
- flags = SEC_GET_TRUST_FLAGS(cert->trust, requiredTrustType);
- }
-
- if ( ( flags & requiredTrustFlags ) != requiredTrustFlags ) {
- /* cert is not trusted */
- /* if this is the first cert to get this far, then save
- * it, so we can use it if we can't find a trusted one
- */
- if ( saveUntrustedCA == NULL ) {
- saveUntrustedCA = cert;
- }
- goto endloop;
- }
- }
- /* if we got this far, then this cert meets all criteria */
- break;
-
-endloop:
- node = CERT_LIST_NEXT(node);
- cert = NULL;
- }
-
- /* use the saved one if we have it */
- if ( cert == NULL ) {
- cert = saveUntrustedCA;
- }
-
- /* if we found one then bump the ref count before freeing the list */
- if ( cert != NULL ) {
- /* bump the ref count */
- cert = CERT_DupCertificate(cert);
- }
-
- CERT_DestroyCertList(certList);
- }
-
- return(cert);
-
-loser:
- if ( certList != NULL ) {
- CERT_DestroyCertList(certList);
- }
-
- return(NULL);
-}
-
-
-/* [ From certdb.c ] */
-/*
- * Filter a list of certificates, removing those certs that do not have
- * one of the named CA certs somewhere in their cert chain.
- *
- * "certList" - the list of certificates to filter
- * "nCANames" - number of CA names
- * "caNames" - array of CA names in string(rfc 1485) form
- * "usage" - what use the certs are for, this is used when
- * selecting CA certs
- */
-SECStatus
-CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
- char **caNames, SECCertUsage usage)
-{
- CERTCertificate *issuerCert = NULL;
- CERTCertificate *subjectCert;
- CERTCertListNode *node, *freenode;
- CERTCertificate *cert;
- int n;
- char **names;
- PRBool found;
- int64 time;
-
- if ( nCANames <= 0 ) {
- return(SECSuccess);
- }
-
- time = PR_Now();
-
- node = CERT_LIST_HEAD(certList);
-
- while ( ! CERT_LIST_END(node, certList) ) {
- cert = node->cert;
-
- subjectCert = CERT_DupCertificate(cert);
-
- /* traverse the CA certs for this cert */
- found = PR_FALSE;
- while ( subjectCert != NULL ) {
- n = nCANames;
- names = caNames;
-
- if (subjectCert->issuerName != NULL) {
- while ( n > 0 ) {
- if ( PORT_Strcmp(*names, subjectCert->issuerName) == 0 ) {
- found = PR_TRUE;
- break;
- }
-
- n--;
- names++;
- }
- }
-
- if ( found ) {
- break;
- }
-
- issuerCert = CERT_FindCertIssuer(subjectCert, time, usage);
- if ( issuerCert == subjectCert ) {
- CERT_DestroyCertificate(issuerCert);
- issuerCert = NULL;
- break;
- }
- CERT_DestroyCertificate(subjectCert);
- subjectCert = issuerCert;
-
- }
- CERT_DestroyCertificate(subjectCert);
- if ( !found ) {
- /* CA was not found, so remove this cert from the list */
- freenode = node;
- node = CERT_LIST_NEXT(node);
- CERT_RemoveCertListNode(freenode);
- } else {
- /* CA was found, so leave it in the list */
- node = CERT_LIST_NEXT(node);
- }
- }
-
- return(SECSuccess);
-}
-
-/*
- * Given a certificate, return a string containing the nickname, and possibly
- * one of the validity strings, based on the current validity state of the
- * certificate.
- *
- * "arena" - arena to allocate returned string from. If NULL, then heap
- * is used.
- * "cert" - the cert to get nickname from
- * "expiredString" - the string to append to the nickname if the cert is
- * expired.
- * "notYetGoodString" - the string to append to the nickname if the cert is
- * not yet good.
- */
-char *
-CERT_GetCertNicknameWithValidity(PRArenaPool *arena, CERTCertificate *cert,
- char *expiredString, char *notYetGoodString)
-{
- SECCertTimeValidity validity;
- char *nickname, *tmpstr;
-
- validity = CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE);
-
- /* if the cert is good, then just use the nickname directly */
- if ( validity == secCertTimeValid ) {
- if ( arena == NULL ) {
- nickname = PORT_Strdup(cert->nickname);
- } else {
- nickname = PORT_ArenaStrdup(arena, cert->nickname);
- }
-
- if ( nickname == NULL ) {
- goto loser;
- }
- } else {
-
- /* if the cert is not valid, then tack one of the strings on the
- * end
- */
- if ( validity == secCertTimeExpired ) {
- tmpstr = PR_smprintf("%s%s", cert->nickname,
- expiredString);
- } else {
- /* not yet valid */
- tmpstr = PR_smprintf("%s%s", cert->nickname,
- notYetGoodString);
- }
- if ( tmpstr == NULL ) {
- goto loser;
- }
-
- if ( arena ) {
- /* copy the string into the arena and free the malloc'd one */
- nickname = PORT_ArenaStrdup(arena, tmpstr);
- PORT_Free(tmpstr);
- } else {
- nickname = tmpstr;
- }
- if ( nickname == NULL ) {
- goto loser;
- }
- }
- return(nickname);
-
-loser:
- return(NULL);
-}
-
-/*
- * Collect the nicknames from all certs in a CertList. If the cert is not
- * valid, append a string to that nickname.
- *
- * "certList" - the list of certificates
- * "expiredString" - the string to append to the nickname of any expired cert
- * "notYetGoodString" - the string to append to the nickname of any cert
- * that is not yet valid
- */
-CERTCertNicknames *
-CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString,
- char *notYetGoodString)
-{
- CERTCertNicknames *names;
- PRArenaPool *arena;
- CERTCertListNode *node;
- char **nn;
-
- /* allocate an arena */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- return(NULL);
- }
-
- /* allocate the structure */
- names = PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
- if ( names == NULL ) {
- goto loser;
- }
-
- /* init the structure */
- names->arena = arena;
- names->head = NULL;
- names->numnicknames = 0;
- names->nicknames = NULL;
- names->totallen = 0;
-
- /* count the certs in the list */
- node = CERT_LIST_HEAD(certList);
- while ( ! CERT_LIST_END(node, certList) ) {
- names->numnicknames++;
- node = CERT_LIST_NEXT(node);
- }
-
- /* allocate nicknames array */
- names->nicknames = PORT_ArenaAlloc(arena,
- sizeof(char *) * names->numnicknames);
- if ( names->nicknames == NULL ) {
- goto loser;
- }
-
- /* just in case printf can't deal with null strings */
- if (expiredString == NULL ) {
- expiredString = "";
- }
-
- if ( notYetGoodString == NULL ) {
- notYetGoodString = "";
- }
-
- /* traverse the list of certs and collect the nicknames */
- nn = names->nicknames;
- node = CERT_LIST_HEAD(certList);
- while ( ! CERT_LIST_END(node, certList) ) {
- *nn = CERT_GetCertNicknameWithValidity(arena, node->cert,
- expiredString,
- notYetGoodString);
- if ( *nn == NULL ) {
- goto loser;
- }
-
- names->totallen += PORT_Strlen(*nn);
-
- nn++;
- node = CERT_LIST_NEXT(node);
- }
-
- return(names);
-
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return(NULL);
-}
-
-/*
- * Extract the nickname from a nickmake string that may have either
- * expiredString or notYetGoodString appended.
- *
- * Args:
- * "namestring" - the string containing the nickname, and possibly
- * one of the validity label strings
- * "expiredString" - the expired validity label string
- * "notYetGoodString" - the not yet good validity label string
- *
- * Returns the raw nickname
- */
-char *
-CERT_ExtractNicknameString(char *namestring, char *expiredString,
- char *notYetGoodString)
-{
- int explen, nyglen, namelen;
- int retlen;
- char *retstr;
-
- namelen = PORT_Strlen(namestring);
- explen = PORT_Strlen(expiredString);
- nyglen = PORT_Strlen(notYetGoodString);
-
- if ( namelen > explen ) {
- if ( PORT_Strcmp(expiredString, &namestring[namelen-explen]) == 0 ) {
- retlen = namelen - explen;
- retstr = (char *)PORT_Alloc(retlen+1);
- if ( retstr == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(retstr, namestring, retlen);
- retstr[retlen] = '\0';
- goto done;
- }
- }
-
- if ( namelen > nyglen ) {
- if ( PORT_Strcmp(notYetGoodString, &namestring[namelen-nyglen]) == 0) {
- retlen = namelen - nyglen;
- retstr = (char *)PORT_Alloc(retlen+1);
- if ( retstr == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(retstr, namestring, retlen);
- retstr[retlen] = '\0';
- goto done;
- }
- }
-
- /* if name string is shorter than either invalid string, then it must
- * be a raw nickname
- */
- retstr = PORT_Strdup(namestring);
-
-done:
- return(retstr);
-
-loser:
- return(NULL);
-}
-
-CERTCertList *
-CERT_GetCertChainFromCert(CERTCertificate *cert, int64 time, SECCertUsage usage)
-{
- CERTCertList *chain;
-
- if (cert != NULL) {
- chain = CERT_NewCertList();
- cert = CERT_DupCertificate(cert);
- while (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject)
- != SECEqual) {
- CERT_AddCertToListTail(chain, cert);
- cert = CERT_FindCertIssuer(cert, time, usage);
- }
- CERT_AddCertToListTail(chain, cert);
- return chain;
- }
- return NULL;
-}
-
-
diff --git a/security/nss/lib/certhigh/config.mk b/security/nss/lib/certhigh/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/certhigh/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/certhigh/crlv2.c b/security/nss/lib/certhigh/crlv2.c
deleted file mode 100644
index 2600d9878..000000000
--- a/security/nss/lib/certhigh/crlv2.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Code for dealing with x.509 v3 crl and crl entries extensions.
- *
- * $Id$
- */
-
-#include "cert.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "secoidt.h"
-#include "secder.h"
-#include "secasn1.h"
-#include "certxutl.h"
-
-SECStatus
-CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid, SECItem *value)
-{
- return (cert_FindExtensionByOID (crl->extensions, oid, value));
-}
-
-
-SECStatus
-CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value)
-{
- return (cert_FindExtension (crl->extensions, tag, value));
-}
-
-
-/* Callback to set extensions and adjust verison */
-static void
-SetCrlExts(void *object, CERTCertExtension **exts)
-{
- CERTCrl *crl = (CERTCrl *)object;
-
- crl->extensions = exts;
- DER_SetUInteger (crl->arena, &crl->version, SEC_CRL_VERSION_2);
-}
-
-void *
-CERT_StartCRLExtensions(CERTCrl *crl)
-{
- return (cert_StartExtensions ((void *)crl, crl->arena, SetCrlExts));
-}
-
-
-SECStatus CERT_FindCRLNumberExten (CERTCrl *crl, CERTCrlNumber *value)
-{
- SECItem encodedExtenValue;
- SECStatus rv;
-
- encodedExtenValue.data = NULL;
- encodedExtenValue.len = 0;
-
- rv = cert_FindExtension
- (crl->extensions, SEC_OID_X509_CRL_NUMBER, &encodedExtenValue);
- if ( rv != SECSuccess )
- return (rv);
-
- rv = SEC_ASN1DecodeItem (NULL, value, SEC_IntegerTemplate,
- &encodedExtenValue);
- PORT_Free (encodedExtenValue.data);
- return (rv);
-}
-
-SECStatus CERT_FindCRLReasonExten (CERTCrl *crl, SECItem *value)
-{
- return (CERT_FindBitStringExtension
- (crl->extensions, SEC_OID_X509_REASON_CODE, value));
-}
-
-SECStatus CERT_FindInvalidDateExten (CERTCrl *crl, int64 *value)
-{
- SECItem encodedExtenValue;
- SECItem decodedExtenValue = {siBuffer,0};
- SECStatus rv;
-
- encodedExtenValue.data = decodedExtenValue.data = NULL;
- encodedExtenValue.len = decodedExtenValue.len = 0;
-
- rv = cert_FindExtension
- (crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue);
- if ( rv != SECSuccess )
- return (rv);
-
- rv = SEC_ASN1DecodeItem (NULL, &decodedExtenValue,
- SEC_GeneralizedTimeTemplate, &encodedExtenValue);
- if (rv != SECSuccess)
- return (rv);
- rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
- PORT_Free (decodedExtenValue.data);
- PORT_Free (encodedExtenValue.data);
- return (rv);
-}
diff --git a/security/nss/lib/certhigh/manifest.mn b/security/nss/lib/certhigh/manifest.mn
deleted file mode 100644
index 260a3e258..000000000
--- a/security/nss/lib/certhigh/manifest.mn
+++ /dev/null
@@ -1,60 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-EXPORTS = \
- ocsp.h \
- ocspt.h \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- ocspti.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- certhtml.c \
- certread.c \
- certreq.c \
- crlv2.c \
- ocsp.c \
- certhigh.c \
- certvfy.c \
- xcrldist.c \
- $(NULL)
-
-REQUIRES = security dbm
-
-LIBRARY_NAME = certhi
-
diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c
deleted file mode 100644
index 5eb340b28..000000000
--- a/security/nss/lib/certhigh/ocsp.c
+++ /dev/null
@@ -1,3897 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Implementation of OCSP services, for both client and server.
- * (XXX, really, mostly just for client right now, but intended to do both.)
- *
- * $Id$
- */
-
-#include "prerror.h"
-#include "prprf.h"
-#include "plarena.h"
-#include "prnetdb.h"
-
-#include "seccomon.h"
-#include "secitem.h"
-#include "secoidt.h"
-#include "secasn1.h"
-#include "secder.h"
-#include "cert.h"
-#include "xconst.h"
-#include "secerr.h"
-#include "secoid.h"
-#include "hasht.h"
-#include "sechash.h"
-#include "secasn1.h"
-#include "keyhi.h"
-#include "cryptohi.h"
-#include "ocsp.h"
-#include "ocspti.h"
-#include "genname.h"
-#include "certxutl.h"
-#include "pk11func.h" /* for PK11_HashBuf */
-#include <stdarg.h>
-
-
-/*
- * The following structure is only used internally. It is allocated when
- * someone turns on OCSP checking, and hangs off of the status-configuration
- * structure in the certdb structure. We use it to keep configuration
- * information specific to OCSP checking.
- */
-typedef struct ocspCheckingContextStr {
- PRBool useDefaultResponder;
- char *defaultResponderURI;
- char *defaultResponderNickname;
- CERTCertificate *defaultResponderCert;
-} ocspCheckingContext;
-
-
-/*
- * Forward declarations of sub-types, so I can lay out the types in the
- * same order as the ASN.1 is laid out in the OCSP spec itself.
- *
- * These are in alphabetical order (case-insensitive); please keep it that way!
- */
-extern const SEC_ASN1Template ocsp_CertIDTemplate[];
-extern const SEC_ASN1Template ocsp_PointerToSignatureTemplate[];
-extern const SEC_ASN1Template ocsp_PointerToResponseBytesTemplate[];
-extern const SEC_ASN1Template ocsp_ResponseDataTemplate[];
-extern const SEC_ASN1Template ocsp_RevokedInfoTemplate[];
-extern const SEC_ASN1Template ocsp_SingleRequestTemplate[];
-extern const SEC_ASN1Template ocsp_SingleResponseTemplate[];
-extern const SEC_ASN1Template ocsp_TBSRequestTemplate[];
-
-
-/*
- * Request-related templates...
- */
-
-/*
- * OCSPRequest ::= SEQUENCE {
- * tbsRequest TBSRequest,
- * optionalSignature [0] EXPLICIT Signature OPTIONAL }
- */
-static const SEC_ASN1Template ocsp_OCSPRequestTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTOCSPRequest) },
- { SEC_ASN1_POINTER,
- offsetof(CERTOCSPRequest, tbsRequest),
- ocsp_TBSRequestTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTOCSPRequest, optionalSignature),
- ocsp_PointerToSignatureTemplate },
- { 0 }
-};
-
-/*
- * TBSRequest ::= SEQUENCE {
- * version [0] EXPLICIT Version DEFAULT v1,
- * requestorName [1] EXPLICIT GeneralName OPTIONAL,
- * requestList SEQUENCE OF Request,
- * requestExtensions [2] EXPLICIT Extensions OPTIONAL }
- *
- * Version ::= INTEGER { v1(0) }
- *
- * Note: this should be static but the AIX compiler doesn't like it (because it
- * was forward-declared above); it is not meant to be exported, but this
- * is the only way it will compile.
- */
-const SEC_ASN1Template ocsp_TBSRequestTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspTBSRequest) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(ocspTBSRequest, version),
- SEC_IntegerTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(ocspTBSRequest, derRequestorName),
- SEC_PointerToAnyTemplate },
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(ocspTBSRequest, requestList),
- ocsp_SingleRequestTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
- offsetof(ocspTBSRequest, requestExtensions),
- CERT_SequenceOfCertExtensionTemplate },
- { 0 }
-};
-
-/*
- * Signature ::= SEQUENCE {
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING,
- * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-static const SEC_ASN1Template ocsp_SignatureTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspSignature) },
- { SEC_ASN1_INLINE,
- offsetof(ocspSignature, signatureAlgorithm),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_BIT_STRING,
- offsetof(ocspSignature, signature) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(ocspSignature, derCerts),
- SEC_SequenceOfAnyTemplate },
- { 0 }
-};
-
-/*
- * This template is just an extra level to use in an explicitly-tagged
- * reference to a Signature.
- *
- * Note: this should be static but the AIX compiler doesn't like it (because it
- * was forward-declared above); it is not meant to be exported, but this
- * is the only way it will compile.
- */
-const SEC_ASN1Template ocsp_PointerToSignatureTemplate[] = {
- { SEC_ASN1_POINTER, 0, ocsp_SignatureTemplate }
-};
-
-/*
- * Request ::= SEQUENCE {
- * reqCert CertID,
- * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
- *
- * Note: this should be static but the AIX compiler doesn't like it (because it
- * was forward-declared above); it is not meant to be exported, but this
- * is the only way it will compile.
- */
-const SEC_ASN1Template ocsp_SingleRequestTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspSingleRequest) },
- { SEC_ASN1_POINTER,
- offsetof(ocspSingleRequest, reqCert),
- ocsp_CertIDTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(ocspSingleRequest, singleRequestExtensions),
- CERT_SequenceOfCertExtensionTemplate },
- { 0 }
-};
-
-
-/*
- * This data structure and template (CertID) is used by both OCSP
- * requests and responses. It is the only one that is shared.
- *
- * CertID ::= SEQUENCE {
- * hashAlgorithm AlgorithmIdentifier,
- * issuerNameHash OCTET STRING, -- Hash of Issuer DN
- * issuerKeyHash OCTET STRING, -- Hash of Issuer public key
- * serialNumber CertificateSerialNumber }
- *
- * CertificateSerialNumber ::= INTEGER
- *
- * Note: this should be static but the AIX compiler doesn't like it (because it
- * was forward-declared above); it is not meant to be exported, but this
- * is the only way it will compile.
- */
-const SEC_ASN1Template ocsp_CertIDTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTOCSPCertID) },
- { SEC_ASN1_INLINE,
- offsetof(CERTOCSPCertID, hashAlgorithm),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(CERTOCSPCertID, issuerNameHash) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(CERTOCSPCertID, issuerKeyHash) },
- { SEC_ASN1_INTEGER,
- offsetof(CERTOCSPCertID, serialNumber) },
- { 0 }
-};
-
-
-/*
- * Response-related templates...
- */
-
-/*
- * OCSPResponse ::= SEQUENCE {
- * responseStatus OCSPResponseStatus,
- * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
- */
-static const SEC_ASN1Template ocsp_OCSPResponseTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTOCSPResponse) },
- { SEC_ASN1_ENUMERATED,
- offsetof(CERTOCSPResponse, responseStatus) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTOCSPResponse, responseBytes),
- ocsp_PointerToResponseBytesTemplate },
- { 0 }
-};
-
-/*
- * ResponseBytes ::= SEQUENCE {
- * responseType OBJECT IDENTIFIER,
- * response OCTET STRING }
- */
-static const SEC_ASN1Template ocsp_ResponseBytesTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspResponseBytes) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(ocspResponseBytes, responseType) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(ocspResponseBytes, response) },
- { 0 }
-};
-
-/*
- * This template is just an extra level to use in an explicitly-tagged
- * reference to a ResponseBytes.
- *
- * Note: this should be static but the AIX compiler doesn't like it (because it
- * was forward-declared above); it is not meant to be exported, but this
- * is the only way it will compile.
- */
-const SEC_ASN1Template ocsp_PointerToResponseBytesTemplate[] = {
- { SEC_ASN1_POINTER, 0, ocsp_ResponseBytesTemplate }
-};
-
-/*
- * BasicOCSPResponse ::= SEQUENCE {
- * tbsResponseData ResponseData,
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING,
- * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-static const SEC_ASN1Template ocsp_BasicOCSPResponseTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspBasicOCSPResponse) },
- { SEC_ASN1_POINTER,
- offsetof(ocspBasicOCSPResponse, tbsResponseData),
- ocsp_ResponseDataTemplate },
- { SEC_ASN1_INLINE,
- offsetof(ocspBasicOCSPResponse, responseSignature.signatureAlgorithm),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_BIT_STRING,
- offsetof(ocspBasicOCSPResponse, responseSignature.signature) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(ocspBasicOCSPResponse, responseSignature.derCerts),
- SEC_SequenceOfAnyTemplate },
- { 0 }
-};
-
-/*
- * ResponseData ::= SEQUENCE {
- * version [0] EXPLICIT Version DEFAULT v1,
- * responderID ResponderID,
- * producedAt GeneralizedTime,
- * responses SEQUENCE OF SingleResponse,
- * responseExtensions [1] EXPLICIT Extensions OPTIONAL }
- *
- * Note: this should be static but the AIX compiler doesn't like it (because it
- * was forward-declared above); it is not meant to be exported, but this
- * is the only way it will compile.
- */
-const SEC_ASN1Template ocsp_ResponseDataTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspResponseData) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(ocspResponseData, version),
- SEC_IntegerTemplate },
- { SEC_ASN1_ANY,
- offsetof(ocspResponseData, derResponderID) },
- { SEC_ASN1_GENERALIZED_TIME,
- offsetof(ocspResponseData, producedAt) },
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(ocspResponseData, responses),
- ocsp_SingleResponseTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(ocspResponseData, responseExtensions),
- CERT_SequenceOfCertExtensionTemplate },
- { 0 }
-};
-
-/*
- * ResponderID ::= CHOICE {
- * byName [1] EXPLICIT Name,
- * byKey [2] EXPLICIT KeyHash }
- *
- * KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
- * (excluding the tag and length fields)
- *
- * XXX Because the ASN.1 encoder and decoder currently do not provide
- * a way to automatically handle a CHOICE, we need to do it in two
- * steps, looking at the type tag and feeding the exact choice back
- * to the ASN.1 code. Hopefully that will change someday and this
- * can all be simplified down into a single template. Anyway, for
- * now we list each choice as its own template:
- */
-static const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[] = {
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(ocspResponderID, responderIDValue.name),
- CERT_NameTemplate }
-};
-static const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[] = {
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
- offsetof(ocspResponderID, responderIDValue.keyHash),
- SEC_OctetStringTemplate }
-};
-static const SEC_ASN1Template ocsp_ResponderIDOtherTemplate[] = {
- { SEC_ASN1_ANY,
- offsetof(ocspResponderID, responderIDValue.other) }
-};
-
-/*
- * SingleResponse ::= SEQUENCE {
- * certID CertID,
- * certStatus CertStatus,
- * thisUpdate GeneralizedTime,
- * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
- * singleExtensions [1] EXPLICIT Extensions OPTIONAL }
- *
- * Note: this should be static but the AIX compiler doesn't like it (because it
- * was forward-declared above); it is not meant to be exported, but this
- * is the only way it will compile.
- */
-const SEC_ASN1Template ocsp_SingleResponseTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTOCSPSingleResponse) },
- { SEC_ASN1_POINTER,
- offsetof(CERTOCSPSingleResponse, certID),
- ocsp_CertIDTemplate },
- { SEC_ASN1_ANY,
- offsetof(CERTOCSPSingleResponse, derCertStatus) },
- { SEC_ASN1_GENERALIZED_TIME,
- offsetof(CERTOCSPSingleResponse, thisUpdate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTOCSPSingleResponse, nextUpdate),
- SEC_PointerToGeneralizedTimeTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CERTOCSPSingleResponse, singleExtensions),
- CERT_SequenceOfCertExtensionTemplate },
- { 0 }
-};
-
-/*
- * CertStatus ::= CHOICE {
- * good [0] IMPLICIT NULL,
- * revoked [1] IMPLICIT RevokedInfo,
- * unknown [2] IMPLICIT UnknownInfo }
- *
- * Because the ASN.1 encoder and decoder currently do not provide
- * a way to automatically handle a CHOICE, we need to do it in two
- * steps, looking at the type tag and feeding the exact choice back
- * to the ASN.1 code. Hopefully that will change someday and this
- * can all be simplified down into a single template. Anyway, for
- * now we list each choice as its own template:
- */
-static const SEC_ASN1Template ocsp_CertStatusGoodTemplate[] = {
- { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(ocspCertStatus, certStatusInfo.goodInfo),
- SEC_NullTemplate }
-};
-static const SEC_ASN1Template ocsp_CertStatusRevokedTemplate[] = {
- { SEC_ASN1_POINTER | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(ocspCertStatus, certStatusInfo.revokedInfo),
- ocsp_RevokedInfoTemplate }
-};
-static const SEC_ASN1Template ocsp_CertStatusUnknownTemplate[] = {
- { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 2,
- offsetof(ocspCertStatus, certStatusInfo.unknownInfo),
- SEC_NullTemplate }
-};
-static const SEC_ASN1Template ocsp_CertStatusOtherTemplate[] = {
- { SEC_ASN1_POINTER,
- offsetof(ocspCertStatus, certStatusInfo.otherInfo),
- SEC_AnyTemplate }
-};
-
-/*
- * RevokedInfo ::= SEQUENCE {
- * revocationTime GeneralizedTime,
- * revocationReason [0] EXPLICIT CRLReason OPTIONAL }
- *
- * Note: this should be static but the AIX compiler doesn't like it (because it
- * was forward-declared above); it is not meant to be exported, but this
- * is the only way it will compile.
- */
-const SEC_ASN1Template ocsp_RevokedInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspRevokedInfo) },
- { SEC_ASN1_GENERALIZED_TIME,
- offsetof(ocspRevokedInfo, revocationTime) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(ocspRevokedInfo, revocationReason),
- SEC_PointerToEnumeratedTemplate },
- { 0 }
-};
-
-
-/*
- * OCSP-specific extension templates:
- */
-
-/*
- * ServiceLocator ::= SEQUENCE {
- * issuer Name,
- * locator AuthorityInfoAccessSyntax OPTIONAL }
- */
-static const SEC_ASN1Template ocsp_ServiceLocatorTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspServiceLocator) },
- { SEC_ASN1_POINTER,
- offsetof(ocspServiceLocator, issuer),
- CERT_NameTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
- offsetof(ocspServiceLocator, locator) },
- { 0 }
-};
-
-
-/*
- * REQUEST SUPPORT FUNCTIONS (encode/create/decode/destroy):
- */
-
-/*
- * FUNCTION: CERT_EncodeOCSPRequest
- * DER encodes an OCSP Request, possibly adding a signature as well.
- * XXX Signing is not yet supported, however; see comments in code.
- * INPUTS:
- * PRArenaPool *arena
- * The return value is allocated from here.
- * If a NULL is passed in, allocation is done from the heap instead.
- * CERTOCSPRequest *request
- * The request to be encoded.
- * void *pwArg
- * Pointer to argument for password prompting, if needed. (Definitely
- * not needed if not signing.)
- * RETURN:
- * Returns a NULL on error and a pointer to the SECItem with the
- * encoded value otherwise. Any error is likely to be low-level
- * (e.g. no memory).
- */
-SECItem *
-CERT_EncodeOCSPRequest(PRArenaPool *arena, CERTOCSPRequest *request,
- void *pwArg)
-{
- ocspTBSRequest *tbsRequest;
- SECStatus rv;
-
- /* XXX All of these should generate errors if they fail. */
- PORT_Assert(request);
- PORT_Assert(request->tbsRequest);
-
- tbsRequest = request->tbsRequest;
-
- if (request->tbsRequest->extensionHandle != NULL) {
- rv = CERT_FinishExtensions(request->tbsRequest->extensionHandle);
- request->tbsRequest->extensionHandle = NULL;
- if (rv != SECSuccess)
- return NULL;
- }
-
- /*
- * XXX When signed requests are supported and request->optionalSignature
- * is not NULL:
- * - need to encode tbsRequest->requestorName
- * - need to encode tbsRequest
- * - need to sign that encoded result (using cert in sig), filling in the
- * request->optionalSignature structure with the result, the signing
- * algorithm and (perhaps?) the cert (and its chain?) in derCerts
- */
-
- return SEC_ASN1EncodeItem(arena, NULL, request, ocsp_OCSPRequestTemplate);
-}
-
-
-/*
- * FUNCTION: CERT_DecodeOCSPRequest
- * Decode a DER encoded OCSP Request.
- * INPUTS:
- * SECItem *src
- * Pointer to a SECItem holding DER encoded OCSP Request.
- * RETURN:
- * Returns a pointer to a CERTOCSPRequest containing the decoded request.
- * On error, returns NULL. Most likely error is trouble decoding
- * (SEC_ERROR_OCSP_MALFORMED_REQUEST), or low-level problem (no memory).
- */
-CERTOCSPRequest *
-CERT_DecodeOCSPRequest(SECItem *src)
-{
- PRArenaPool *arena = NULL;
- SECStatus rv = SECFailure;
- CERTOCSPRequest *dest = NULL;
- int i;
-
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- goto loser;
- }
- dest = (CERTOCSPRequest *) PORT_ArenaZAlloc(arena,
- sizeof(CERTOCSPRequest));
- if (dest == NULL) {
- goto loser;
- }
- dest->arena = arena;
-
- rv = SEC_ASN1DecodeItem(arena, dest, ocsp_OCSPRequestTemplate, src);
- if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
- goto loser;
- }
-
- /*
- * XXX I would like to find a way to get rid of the necessity
- * of doing this copying of the arena pointer.
- */
- for (i = 0; dest->tbsRequest->requestList[i] != NULL; i++) {
- dest->tbsRequest->requestList[i]->arena = arena;
- }
-
- return dest;
-
-loser:
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return NULL;
-}
-
-
-/*
- * Create and fill-in a CertID. This function fills in the hash values
- * (issuerNameHash and issuerKeyHash), and is hardwired to use SHA1.
- * Someday it might need to be more flexible about hash algorithm, but
- * for now we have no intention/need to create anything else, and until
- * we have more flexible underlying interfaces, it's just not as easy
- * as it should be to just take an algorithm id and call some helper
- * functions to do all the work (no algid->length translation, no function
- * to hash from and into a SECItem, etc.).
- *
- * Error causes a null to be returned; most likely cause is trouble
- * finding the certificate issuer (SEC_ERROR_UNKNOWN_ISSUER).
- * Other errors are low-level problems (no memory, bad database, etc.).
- */
-static CERTOCSPCertID *
-ocsp_CreateCertID(PRArenaPool *arena, CERTCertificate *cert, int64 time)
-{
- CERTOCSPCertID *certID;
- CERTCertificate *issuerCert = NULL;
- SECItem *tempItem = NULL;
- void *mark = PORT_ArenaMark(arena);
- SECStatus rv;
-
- PORT_Assert(arena != NULL);
-
- certID = PORT_ArenaZNew(arena, CERTOCSPCertID);
- if (certID == NULL) {
- goto loser;
- }
-
- rv = SECOID_SetAlgorithmID(arena, &certID->hashAlgorithm, SEC_OID_SHA1,
- NULL);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- issuerCert = CERT_FindCertIssuer(cert, time, certUsageAnyCA);
- if (issuerCert == NULL) {
- goto loser;
- }
-
- tempItem = SEC_ASN1EncodeItem(NULL, NULL, &issuerCert->subject,
- CERT_NameTemplate);
- if (tempItem == NULL) {
- goto loser;
- }
-
- if (SECITEM_AllocItem(arena, &(certID->issuerNameHash),
- SHA1_LENGTH) == NULL) {
- goto loser;
- }
- rv = PK11_HashBuf(SEC_OID_SHA1, certID->issuerNameHash.data,
- tempItem->data, tempItem->len);
- if (rv != SECSuccess) {
- goto loser;
- }
- SECITEM_FreeItem(tempItem, PR_TRUE);
- tempItem = NULL;
-
- if (CERT_SPKDigestValueForCert(arena, issuerCert, SEC_OID_SHA1,
- &(certID->issuerKeyHash)) == NULL) {
- goto loser;
- }
-
- /* now we are done with issuerCert */
- CERT_DestroyCertificate(issuerCert);
- issuerCert = NULL;
-
- rv = SECITEM_CopyItem(arena, &certID->serialNumber, &cert->serialNumber);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- PORT_ArenaUnmark(arena, mark);
- return certID;
-
-loser:
- if (issuerCert != NULL) {
- CERT_DestroyCertificate(issuerCert);
- }
- if (tempItem != NULL) {
- SECITEM_FreeItem(tempItem, PR_TRUE);
- }
- PORT_ArenaRelease(arena, mark);
- return NULL;
-}
-
-
-/*
- * Callback to set Extensions in request object
- */
-void SetSingleReqExts(void *object, CERTCertExtension **exts)
-{
- ocspSingleRequest *singleRequest =
- (ocspSingleRequest *)object;
-
- singleRequest->singleRequestExtensions = exts;
-}
-
-/*
- * Add the Service Locator extension to the singleRequestExtensions
- * for the given singleRequest.
- *
- * All errors are internal or low-level problems (e.g. no memory).
- */
-static SECStatus
-ocsp_AddServiceLocatorExtension(ocspSingleRequest *singleRequest,
- CERTCertificate *cert)
-{
- ocspServiceLocator *serviceLocator = NULL;
- void *extensionHandle = NULL;
- SECStatus rv = SECFailure;
-
- serviceLocator = PORT_ZNew(ocspServiceLocator);
- if (serviceLocator == NULL)
- goto loser;
-
- /*
- * Normally it would be a bad idea to do a direct reference like
- * this rather than allocate and copy the name *or* at least dup
- * a reference of the cert. But all we need is to be able to read
- * the issuer name during the encoding we are about to do, so a
- * copy is just a waste of time.
- */
- serviceLocator->issuer = &cert->issuer;
-
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_AUTH_INFO_ACCESS,
- &serviceLocator->locator);
- if (rv != SECSuccess) {
- if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND)
- goto loser;
- }
-
- /* prepare for following loser gotos */
- rv = SECFailure;
-
- extensionHandle = cert_StartExtensions(singleRequest,
- singleRequest->arena, SetSingleReqExts);
- if (extensionHandle == NULL)
- goto loser;
-
- rv = CERT_EncodeAndAddExtension(extensionHandle,
- SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
- serviceLocator, PR_FALSE,
- ocsp_ServiceLocatorTemplate);
-
-loser:
- if (extensionHandle != NULL) {
- /*
- * Either way we have to finish out the extension context (so it gets
- * freed). But careful not to override any already-set bad status.
- */
- SECStatus tmprv = CERT_FinishExtensions(extensionHandle);
- if (rv == SECSuccess)
- rv = tmprv;
- }
-
- /*
- * Finally, free the serviceLocator structure itself and we are done.
- */
- if (serviceLocator != NULL) {
- if (serviceLocator->locator.data != NULL)
- SECITEM_FreeItem(&serviceLocator->locator, PR_FALSE);
- PORT_Free(serviceLocator);
- }
-
- return rv;
-}
-
-/*
- * Creates an array of ocspSingleRequest based on a list of certs.
- * Note that the code which later compares the request list with the
- * response expects this array to be in the exact same order as the
- * certs are found in the list. It would be harder to change that
- * order than preserve it, but since the requirement is not obvious,
- * it deserves to be mentioned.
- *
- * Any problem causes a null return and error set:
- * SEC_ERROR_UNKNOWN_ISSUER
- * Other errors are low-level problems (no memory, bad database, etc.).
- */
-static ocspSingleRequest **
-ocsp_CreateSingleRequestList(PRArenaPool *arena, CERTCertList *certList,
- int64 time, PRBool includeLocator)
-{
- ocspSingleRequest **requestList = NULL;
- CERTCertListNode *node;
- int i, count;
- void *mark = PORT_ArenaMark(arena);
-
- node = CERT_LIST_HEAD(certList);
- for (count = 0; !CERT_LIST_END(node, certList); count++) {
- node = CERT_LIST_NEXT(node);
- }
-
- if (count == 0)
- goto loser;
-
- requestList = PORT_ArenaNewArray(arena, ocspSingleRequest *, count + 1);
- if (requestList == NULL)
- goto loser;
-
- node = CERT_LIST_HEAD(certList);
- for (i = 0; !CERT_LIST_END(node, certList); i++) {
- requestList[i] = PORT_ArenaZNew(arena, ocspSingleRequest);
- if (requestList[i] == NULL)
- goto loser;
-
- requestList[i]->arena = arena;
- requestList[i]->reqCert = ocsp_CreateCertID(arena, node->cert, time);
- if (requestList[i]->reqCert == NULL)
- goto loser;
-
- if (includeLocator == PR_TRUE) {
- SECStatus rv;
-
- rv = ocsp_AddServiceLocatorExtension(requestList[i], node->cert);
- if (rv != SECSuccess)
- goto loser;
- }
-
- node = CERT_LIST_NEXT(node);
- }
-
- PORT_Assert(i == count);
-
- PORT_ArenaUnmark(arena, mark);
- requestList[i] = NULL;
- return requestList;
-
-loser:
- PORT_ArenaRelease(arena, mark);
- return NULL;
-}
-
-
-/*
- * FUNCTION: CERT_CreateOCSPRequest
- * Creates a CERTOCSPRequest, requesting the status of the certs in
- * the given list.
- * INPUTS:
- * CERTCertList *certList
- * A list of certs for which status will be requested.
- * Note that all of these certificates should have the same issuer,
- * or it's expected the response will be signed by a trusted responder.
- * If the certs need to be broken up into multiple requests, that
- * must be handled by the caller (and thus by having multiple calls
- * to this routine), who knows about where the request(s) are being
- * sent and whether there are any trusted responders in place.
- * int64 time
- * Indicates the time for which the certificate status is to be
- * determined -- this may be used in the search for the cert's issuer
- * but has no effect on the request itself.
- * PRBool addServiceLocator
- * If true, the Service Locator extension should be added to the
- * single request(s) for each cert.
- * CERTCertificate *signerCert
- * If non-NULL, means sign the request using this cert. Otherwise,
- * do not sign.
- * XXX note that request signing is not yet supported; see comment in code
- * RETURN:
- * A pointer to a CERTOCSPRequest structure containing an OCSP request
- * for the cert list. On error, null is returned, with an error set
- * indicating the reason. This is likely SEC_ERROR_UNKNOWN_ISSUER.
- * (The issuer is needed to create a request for the certificate.)
- * Other errors are low-level problems (no memory, bad database, etc.).
- */
-CERTOCSPRequest *
-CERT_CreateOCSPRequest(CERTCertList *certList, int64 time,
- PRBool addServiceLocator,
- CERTCertificate *signerCert)
-{
- PRArenaPool *arena = NULL;
- CERTOCSPRequest *request = NULL;
- ocspTBSRequest *tbsRequest = NULL;
-
- /*
- * XXX This should set an error, but since it is only temporary and
- * since PSM will not initially provide a way to turn on signing of
- * requests anyway, I figure we can just skip defining an error that
- * will be obsolete in the next release. When we are prepared to
- * put signing of requests back in, this entire check will go away,
- * and later in this function we will need to allocate a signature
- * structure for the request, fill in the "derCerts" field in it,
- * save the signerCert there, as well as fill in the "requestorName"
- * field of the tbsRequest.
- */
- if (signerCert != NULL) {
- return NULL;
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- goto loser;
- }
-
- request = PORT_ArenaZNew(arena, CERTOCSPRequest);
- if (request == NULL) {
- goto loser;
- }
- request->arena = arena;
-
- tbsRequest = PORT_ArenaZNew(arena, ocspTBSRequest);
- if (tbsRequest == NULL) {
- goto loser;
- }
- request->tbsRequest = tbsRequest;
-
- /* version 1 is the default, so we need not fill in a version number */
-
- /*
- * Now create the list of single requests, one for each cert.
- */
- tbsRequest->requestList = ocsp_CreateSingleRequestList(arena, certList,
- time,
- addServiceLocator);
- if (tbsRequest->requestList == NULL) {
- goto loser;
- }
- return request;
-
-loser:
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return NULL;
-}
-
-
-/*
- * FUNCTION: CERT_AddOCSPAcceptableResponses
- * Add the AcceptableResponses extension to an OCSP Request.
- * INPUTS:
- * CERTOCSPRequest *request
- * The request to which the extension should be added.
- * ...
- * A list (of one or more) of SECOidTag -- each of the response types
- * to be added. The last OID *must* be SEC_OID_PKIX_OCSP_BASIC_RESPONSE.
- * (This marks the end of the list, and it must be specified because a
- * client conforming to the OCSP standard is required to handle the basic
- * response type.) The OIDs are not checked in any way.
- * RETURN:
- * SECSuccess if the extension is added; SECFailure if anything goes wrong.
- * All errors are internal or low-level problems (e.g. no memory).
- */
-
-void SetRequestExts(void *object, CERTCertExtension **exts)
-{
- CERTOCSPRequest *request = (CERTOCSPRequest *)object;
-
- request->tbsRequest->requestExtensions = exts;
-}
-
-SECStatus
-CERT_AddOCSPAcceptableResponses(CERTOCSPRequest *request, ...)
-{
- void *extHandle;
- va_list ap;
- int i, count;
- SECOidTag responseType;
- SECOidData *responseOid;
- SECItem **acceptableResponses = NULL;
- SECStatus rv = SECFailure;
-
- extHandle = request->tbsRequest->extensionHandle;
- if (extHandle == NULL) {
- extHandle = cert_StartExtensions(request, request->arena, SetRequestExts);
- if (extHandle == NULL)
- goto loser;
- }
-
- /* Count number of OIDS going into the extension value. */
- count = 0;
- va_start(ap, request);
- do {
- count++;
- responseType = va_arg(ap, SECOidTag);
- } while (responseType != SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
- va_end(ap);
-
- acceptableResponses = PORT_NewArray(SECItem *, count + 1);
- if (acceptableResponses == NULL)
- goto loser;
-
- va_start(ap, request);
- for (i = 0; i < count; i++) {
- responseType = va_arg(ap, SECOidTag);
- responseOid = SECOID_FindOIDByTag(responseType);
- acceptableResponses[i] = &(responseOid->oid);
- }
- va_end(ap);
- acceptableResponses[i] = NULL;
-
- rv = CERT_EncodeAndAddExtension(extHandle, SEC_OID_PKIX_OCSP_RESPONSE,
- &acceptableResponses, PR_FALSE,
- SEC_SequenceOfObjectIDTemplate);
- if (rv != SECSuccess)
- goto loser;
-
- PORT_Free(acceptableResponses);
- if (request->tbsRequest->extensionHandle == NULL)
- request->tbsRequest->extensionHandle = extHandle;
- return SECSuccess;
-
-loser:
- if (acceptableResponses != NULL)
- PORT_Free(acceptableResponses);
- if (extHandle != NULL)
- (void) CERT_FinishExtensions(extHandle);
- return rv;
-}
-
-
-/*
- * FUNCTION: CERT_DestroyOCSPRequest
- * Frees an OCSP Request structure.
- * INPUTS:
- * CERTOCSPRequest *request
- * Pointer to CERTOCSPRequest to be freed.
- * RETURN:
- * No return value; no errors.
- */
-void
-CERT_DestroyOCSPRequest(CERTOCSPRequest *request)
-{
- if (request == NULL)
- return;
-
- if (request->tbsRequest != NULL) {
- if (request->tbsRequest->requestorName != NULL)
- CERT_DestroyGeneralNameList(request->tbsRequest->requestorName);
- if (request->tbsRequest->extensionHandle != NULL)
- (void) CERT_FinishExtensions(request->tbsRequest->extensionHandle);
- }
-
- if (request->optionalSignature != NULL) {
- if (request->optionalSignature->cert != NULL)
- CERT_DestroyCertificate(request->optionalSignature->cert);
-
- /*
- * XXX Need to free derCerts? Or do they come out of arena?
- * (Currently we never fill in derCerts, which is why the
- * answer is not obvious. Once we do, add any necessary code
- * here and remove this comment.)
- */
- }
-
- /*
- * We should actually never have a request without an arena,
- * but check just in case. (If there isn't one, there is not
- * much we can do about it...)
- */
- PORT_Assert(request->arena != NULL);
- if (request->arena != NULL)
- PORT_FreeArena(request->arena, PR_FALSE);
-}
-
-
-/*
- * RESPONSE SUPPORT FUNCTIONS (encode/create/decode/destroy):
- */
-
-/*
- * Helper function for encoding or decoding a ResponderID -- based on the
- * given type, return the associated template for that choice.
- */
-static const SEC_ASN1Template *
-ocsp_ResponderIDTemplateByType(ocspResponderIDType responderIDType)
-{
- const SEC_ASN1Template *responderIDTemplate;
-
- switch (responderIDType) {
- case ocspResponderID_byName:
- responderIDTemplate = ocsp_ResponderIDByNameTemplate;
- break;
- case ocspResponderID_byKey:
- responderIDTemplate = ocsp_ResponderIDByKeyTemplate;
- break;
- case ocspResponderID_other:
- default:
- PORT_Assert(responderIDType == ocspResponderID_other);
- responderIDTemplate = ocsp_ResponderIDOtherTemplate;
- break;
- }
-
- return responderIDTemplate;
-}
-
-/*
- * Helper function for encoding or decoding a CertStatus -- based on the
- * given type, return the associated template for that choice.
- */
-static const SEC_ASN1Template *
-ocsp_CertStatusTemplateByType(ocspCertStatusType certStatusType)
-{
- const SEC_ASN1Template *certStatusTemplate;
-
- switch (certStatusType) {
- case ocspCertStatus_good:
- certStatusTemplate = ocsp_CertStatusGoodTemplate;
- break;
- case ocspCertStatus_revoked:
- certStatusTemplate = ocsp_CertStatusRevokedTemplate;
- break;
- case ocspCertStatus_unknown:
- certStatusTemplate = ocsp_CertStatusUnknownTemplate;
- break;
- case ocspCertStatus_other:
- default:
- PORT_Assert(certStatusType == ocspCertStatus_other);
- certStatusTemplate = ocsp_CertStatusOtherTemplate;
- break;
- }
-
- return certStatusTemplate;
-}
-
-/*
- * Helper function for decoding a certStatus -- turn the actual DER tag
- * into our local translation.
- */
-static ocspCertStatusType
-ocsp_CertStatusTypeByTag(int derTag)
-{
- ocspCertStatusType certStatusType;
-
- switch (derTag) {
- case 0:
- certStatusType = ocspCertStatus_good;
- break;
- case 1:
- certStatusType = ocspCertStatus_revoked;
- break;
- case 2:
- certStatusType = ocspCertStatus_unknown;
- break;
- default:
- certStatusType = ocspCertStatus_other;
- break;
- }
-
- return certStatusType;
-}
-
-/*
- * Helper function for decoding SingleResponses -- they each contain
- * a status which is encoded as CHOICE, which needs to be decoded "by hand".
- *
- * Note -- on error, this routine does not release the memory it may
- * have allocated; it expects its caller to do that.
- */
-static SECStatus
-ocsp_FinishDecodingSingleResponses(PRArenaPool *arena,
- CERTOCSPSingleResponse **responses)
-{
- ocspCertStatus *certStatus;
- ocspCertStatusType certStatusType;
- const SEC_ASN1Template *certStatusTemplate;
- int derTag;
- int i;
- SECStatus rv = SECFailure;
-
- if (responses == NULL) /* nothing to do */
- return SECSuccess;
-
- for (i = 0; responses[i] != NULL; i++) {
- /*
- * The following assert points out internal errors (problems in
- * the template definitions or in the ASN.1 decoder itself, etc.).
- */
- PORT_Assert(responses[i]->derCertStatus.data != NULL);
-
- derTag = responses[i]->derCertStatus.data[0] & SEC_ASN1_TAGNUM_MASK;
- certStatusType = ocsp_CertStatusTypeByTag(derTag);
- certStatusTemplate = ocsp_CertStatusTemplateByType(certStatusType);
-
- certStatus = PORT_ArenaZAlloc(arena, sizeof(ocspCertStatus));
- if (certStatus == NULL) {
- goto loser;
- }
- rv = SEC_ASN1DecodeItem(arena, certStatus, certStatusTemplate,
- &responses[i]->derCertStatus);
- if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- goto loser;
- }
-
- certStatus->certStatusType = certStatusType;
- responses[i]->certStatus = certStatus;
- }
-
- return SECSuccess;
-
-loser:
- return rv;
-}
-
-/*
- * Helper function for decoding a responderID -- turn the actual DER tag
- * into our local translation.
- */
-static ocspResponderIDType
-ocsp_ResponderIDTypeByTag(int derTag)
-{
- ocspResponderIDType responderIDType;
-
- switch (derTag) {
- case 1:
- responderIDType = ocspResponderID_byName;
- break;
- case 2:
- responderIDType = ocspResponderID_byKey;
- break;
- default:
- responderIDType = ocspResponderID_other;
- break;
- }
-
- return responderIDType;
-}
-
-/*
- * Decode "src" as a BasicOCSPResponse, returning the result.
- */
-static ocspBasicOCSPResponse *
-ocsp_DecodeBasicOCSPResponse(PRArenaPool *arena, SECItem *src)
-{
- void *mark;
- ocspBasicOCSPResponse *basicResponse;
- ocspResponseData *responseData;
- ocspResponderID *responderID;
- ocspResponderIDType responderIDType;
- const SEC_ASN1Template *responderIDTemplate;
- int derTag;
- SECStatus rv;
-
- mark = PORT_ArenaMark(arena);
-
- basicResponse = PORT_ArenaZAlloc(arena, sizeof(ocspBasicOCSPResponse));
- if (basicResponse == NULL) {
- goto loser;
- }
-
- rv = SEC_ASN1DecodeItem(arena, basicResponse,
- ocsp_BasicOCSPResponseTemplate, src);
- if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- goto loser;
- }
-
- responseData = basicResponse->tbsResponseData;
-
- /*
- * The following asserts point out internal errors (problems in
- * the template definitions or in the ASN.1 decoder itself, etc.).
- */
- PORT_Assert(responseData != NULL);
- PORT_Assert(responseData->derResponderID.data != NULL);
-
- /*
- * XXX Because responderID is a CHOICE, which is not currently handled
- * by our ASN.1 decoder, we have to decode it "by hand".
- */
- derTag = responseData->derResponderID.data[0] & SEC_ASN1_TAGNUM_MASK;
- responderIDType = ocsp_ResponderIDTypeByTag(derTag);
- responderIDTemplate = ocsp_ResponderIDTemplateByType(responderIDType);
-
- responderID = PORT_ArenaZAlloc(arena, sizeof(ocspResponderID));
- if (responderID == NULL) {
- goto loser;
- }
- rv = SEC_ASN1DecodeItem(arena, responderID, responderIDTemplate,
- &responseData->derResponderID);
- if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- goto loser;
- }
-
- responderID->responderIDType = responderIDType;
- responseData->responderID = responderID;
-
- /*
- * XXX Each SingleResponse also contains a CHOICE, which has to be
- * fixed up by hand.
- */
- rv = ocsp_FinishDecodingSingleResponses(arena, responseData->responses);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- PORT_ArenaUnmark(arena, mark);
- return basicResponse;
-
-loser:
- PORT_ArenaRelease(arena, mark);
- return NULL;
-}
-
-
-/*
- * Decode the responseBytes based on the responseType found in "rbytes",
- * leaving the resulting translated/decoded information in there as well.
- */
-static SECStatus
-ocsp_DecodeResponseBytes(PRArenaPool *arena, ocspResponseBytes *rbytes)
-{
- PORT_Assert(rbytes != NULL); /* internal error, really */
- if (rbytes == NULL)
- PORT_SetError(SEC_ERROR_INVALID_ARGS); /* XXX set better error? */
-
- rbytes->responseTypeTag = SECOID_FindOIDTag(&rbytes->responseType);
- switch (rbytes->responseTypeTag) {
- case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
- {
- ocspBasicOCSPResponse *basicResponse;
-
- basicResponse = ocsp_DecodeBasicOCSPResponse(arena,
- &rbytes->response);
- if (basicResponse == NULL)
- return SECFailure;
-
- rbytes->decodedResponse.basic = basicResponse;
- }
- break;
-
- /*
- * Add new/future response types here.
- */
-
- default:
- PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE);
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-
-/*
- * FUNCTION: CERT_DecodeOCSPResponse
- * Decode a DER encoded OCSP Response.
- * INPUTS:
- * SECItem *src
- * Pointer to a SECItem holding DER encoded OCSP Response.
- * RETURN:
- * Returns a pointer to a CERTOCSPResponse (the decoded OCSP Response);
- * the caller is responsible for destroying it. Or NULL if error (either
- * response could not be decoded (SEC_ERROR_OCSP_MALFORMED_RESPONSE),
- * it was of an unexpected type (SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE),
- * or a low-level or internal error occurred).
- */
-CERTOCSPResponse *
-CERT_DecodeOCSPResponse(SECItem *src)
-{
- PRArenaPool *arena = NULL;
- CERTOCSPResponse *response = NULL;
- SECStatus rv = SECFailure;
- ocspResponseStatus sv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- goto loser;
- }
- response = (CERTOCSPResponse *) PORT_ArenaZAlloc(arena,
- sizeof(CERTOCSPResponse));
- if (response == NULL) {
- goto loser;
- }
- response->arena = arena;
-
- rv = SEC_ASN1DecodeItem(arena, response, ocsp_OCSPResponseTemplate, src);
- if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- goto loser;
- }
-
- sv = (ocspResponseStatus) DER_GetInteger(&response->responseStatus);
- response->statusValue = sv;
- if (sv != ocspResponse_successful) {
- /*
- * If the response status is anything but successful, then we
- * are all done with decoding; the status is all there is.
- */
- return response;
- }
-
- /*
- * A successful response contains much more information, still encoded.
- * Now we need to decode that.
- */
- rv = ocsp_DecodeResponseBytes(arena, response->responseBytes);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- return response;
-
-loser:
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return NULL;
-}
-
-/*
- * The way an OCSPResponse is defined, there are many levels to descend
- * before getting to the actual response information. And along the way
- * we need to check that the response *type* is recognizable, which for
- * now means that it is a BasicOCSPResponse, because that is the only
- * type currently defined. Rather than force all routines to perform
- * a bunch of sanity checking every time they want to work on a response,
- * this function isolates that and gives back the interesting part.
- * Note that no copying is done, this just returns a pointer into the
- * substructure of the response which is passed in.
- *
- * XXX This routine only works when a valid response structure is passed
- * into it; this is checked with many assertions. Assuming the response
- * was creating by decoding, it wouldn't make it this far without being
- * okay. That is a sufficient assumption since the entire OCSP interface
- * is only used internally. When this interface is officially exported,
- * each assertion below will need to be followed-up with setting an error
- * and returning (null).
- */
-static ocspResponseData *
-ocsp_GetResponseData(CERTOCSPResponse *response)
-{
- ocspBasicOCSPResponse *basic;
- ocspResponseData *responseData;
-
- PORT_Assert(response != NULL);
-
- PORT_Assert(response->responseBytes != NULL);
-
- PORT_Assert(response->responseBytes->responseTypeTag
- == SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
-
- basic = response->responseBytes->decodedResponse.basic;
- PORT_Assert(basic != NULL);
-
- responseData = basic->tbsResponseData;
- PORT_Assert(responseData != NULL);
-
- return responseData;
-}
-
-/*
- * Much like the routine above, except it returns the response signature.
- * Again, no copy is done.
- */
-static ocspSignature *
-ocsp_GetResponseSignature(CERTOCSPResponse *response)
-{
- ocspBasicOCSPResponse *basic;
-
- PORT_Assert(response != NULL);
- PORT_Assert(response->responseBytes != NULL);
- PORT_Assert(response->responseBytes->responseTypeTag
- == SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
-
- basic = response->responseBytes->decodedResponse.basic;
- PORT_Assert(basic != NULL);
-
- return &(basic->responseSignature);
-}
-
-
-/*
- * FUNCTION: CERT_DestroyOCSPResponse
- * Frees an OCSP Response structure.
- * INPUTS:
- * CERTOCSPResponse *request
- * Pointer to CERTOCSPResponse to be freed.
- * RETURN:
- * No return value; no errors.
- */
-void
-CERT_DestroyOCSPResponse(CERTOCSPResponse *response)
-{
- if (response != NULL) {
- ocspSignature *signature = ocsp_GetResponseSignature(response);
- if (signature->cert != NULL)
- CERT_DestroyCertificate(signature->cert);
-
- /*
- * We should actually never have a response without an arena,
- * but check just in case. (If there isn't one, there is not
- * much we can do about it...)
- */
- PORT_Assert(response->arena != NULL);
- if (response->arena != NULL) {
- PORT_FreeArena(response->arena, PR_FALSE);
- }
- }
-}
-
-
-/*
- * OVERALL OCSP CLIENT SUPPORT (make and send a request, verify a response):
- */
-
-
-/*
- * Pick apart a URL, saving the important things in the passed-in pointers.
- *
- * We expect to find "http://<hostname>[:<port>]/[path]", though we will
- * tolerate that final slash character missing, as well as beginning and
- * trailing whitespace, and any-case-characters for "http". All of that
- * tolerance is what complicates this routine. What we want is just to
- * pick out the hostname, the port, and the path.
- *
- * On a successful return, the caller will need to free the output pieces
- * of hostname and path, which are copies of the values found in the url.
- */
-static SECStatus
-ocsp_ParseURL(char *url, char **pHostname, PRUint16 *pPort, char **pPath)
-{
- unsigned short port = 80; /* default, in case not in url */
- char *hostname = NULL;
- char *path = NULL;
- char *save;
- char c;
- int len;
-
- if (url == NULL)
- goto loser;
-
- /*
- * Skip beginning whitespace.
- */
- c = *url;
- while ((c == ' ' || c == '\t') && c != '\0') {
- url++;
- c = *url;
- }
- if (c == '\0')
- goto loser;
-
- /*
- * Confirm, then skip, protocol. (Since we only know how to do http,
- * that is all we will accept).
- */
- if (PORT_Strncasecmp(url, "http://", 7) != 0)
- goto loser;
- url += 7;
-
- /*
- * Whatever comes next is the hostname (or host IP address). We just
- * save it aside and then search for its end so we can determine its
- * length and copy it.
- *
- * XXX Note that because we treat a ':' as a terminator character
- * (and below, we expect that to mean there is a port specification
- * immediately following), we will not handle IPv6 addresses. That is
- * apparently an acceptable limitation, for the time being. Some day,
- * when there is a clear way to specify a URL with an IPv6 address that
- * can be parsed unambiguously, this code should be made to do that.
- */
- save = url;
- c = *url;
- while (c != '/' && c != ':' && c != '\0' && c != ' ' && c != '\t') {
- url++;
- c = *url;
- }
- len = url - save;
- hostname = PORT_Alloc(len + 1);
- if (hostname == NULL)
- goto loser;
- PORT_Memcpy(hostname, save, len);
- hostname[len] = '\0';
-
- /*
- * Now we figure out if there was a port specified or not.
- * If so, we need to parse it (as a number) and skip it.
- */
- if (c == ':') {
- url++;
- port = (unsigned short) PORT_Atoi(url);
- c = *url;
- while (c != '/' && c != '\0' && c != ' ' && c != '\t') {
- if (c < '0' || c > '9')
- goto loser;
- url++;
- c = *url;
- }
- }
-
- /*
- * Last thing to find is a path. There *should* be a slash,
- * if nothing else -- but if there is not we provide one.
- */
- if (c == '/') {
- save = url;
- while (c != '\0' && c != ' ' && c != '\t') {
- url++;
- c = *url;
- }
- len = url - save;
- path = PORT_Alloc(len + 1);
- if (path == NULL)
- goto loser;
- PORT_Memcpy(path, save, len);
- path[len] = '\0';
- } else {
- path = PORT_Strdup("/");
- }
-
- *pHostname = hostname;
- *pPort = port;
- *pPath = path;
- return SECSuccess;
-
-loser:
- if (hostname != NULL)
- PORT_Free(hostname);
- if (path != NULL)
- PORT_Free(path);
- PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
- return SECFailure;
-}
-
-/*
- * Open a socket to the specified host on the specified port, and return it.
- * The host is either a hostname or an IP address.
- */
-static PRFileDesc *
-ocsp_ConnectToHost(const char *host, PRUint16 port)
-{
- PRFileDesc *sock = NULL;
- PRIntervalTime timeout;
- PRNetAddr addr;
- char *netdbbuf = NULL;
-
- sock = PR_NewTCPSocket();
- if (sock == NULL)
- goto loser;
-
- /* XXX Some day need a way to set (and get?) the following value */
- timeout = PR_SecondsToInterval(30);
-
- /*
- * If the following converts an IP address string in "dot notation"
- * into a PRNetAddr. If it fails, we assume that is because we do not
- * have such an address, but instead a host *name*. In that case we
- * then lookup the host by name. Using the NSPR function this way
- * means we do not have to have our own logic for distinguishing a
- * valid numerical IP address from a hostname.
- */
- if (PR_StringToNetAddr(host, &addr) != PR_SUCCESS) {
- PRIntn hostIndex;
- PRHostEnt hostEntry;
-
- netdbbuf = PORT_Alloc(PR_NETDB_BUF_SIZE);
- if (netdbbuf == NULL)
- goto loser;
-
- if (PR_GetHostByName(host, netdbbuf, PR_NETDB_BUF_SIZE,
- &hostEntry) != PR_SUCCESS)
- goto loser;
-
- hostIndex = 0;
- do {
- hostIndex = PR_EnumerateHostEnt(hostIndex, &hostEntry, port, &addr);
- if (hostIndex < 0)
- goto loser;
- } while (PR_Connect(sock, &addr, timeout) != PR_SUCCESS
- && hostIndex > 0);
-
- if (hostIndex == 0)
- goto loser;
-
- PORT_Free(netdbbuf);
- } else {
- /*
- * First put the port into the address, then connect.
- */
- if (PR_InitializeNetAddr(PR_IpAddrNull, port, &addr) != PR_SUCCESS)
- goto loser;
- if (PR_Connect(sock, &addr, timeout) != PR_SUCCESS)
- goto loser;
- }
-
- return sock;
-
-loser:
- if (sock != NULL)
- PR_Close(sock);
- if (netdbbuf != NULL)
- PORT_Free(netdbbuf);
- return NULL;
-}
-
-/*
- * Sends an encoded OCSP request to the server identified by "location",
- * and returns the socket on which it was sent (so can listen for the reply).
- * "location" is expected to be a valid URL -- an error parsing it produces
- * SEC_ERROR_CERT_BAD_ACCESS_LOCATION. Other errors are likely problems
- * connecting to it, or writing to it, or allocating memory, and the low-level
- * errors appropriate to the problem will be set.
- */
-static PRFileDesc *
-ocsp_SendEncodedRequest(char *location, SECItem *encodedRequest)
-{
- char *hostname = NULL;
- char *path = NULL;
- PRUint16 port;
- SECStatus rv;
- PRFileDesc *sock = NULL;
- PRFileDesc *returnSock = NULL;
- char *header = NULL;
-
- /*
- * Take apart the location, getting the hostname, port, and path.
- */
- rv = ocsp_ParseURL(location, &hostname, &port, &path);
- if (rv != SECSuccess)
- goto loser;
-
- PORT_Assert(hostname != NULL);
- PORT_Assert(path != NULL);
-
- sock = ocsp_ConnectToHost(hostname, port);
- if (sock == NULL)
- goto loser;
-
- header = PR_smprintf("POST %s HTTP/1.0\r\n"
- "Host: %s:%d\r\n"
- "Content-Type: application/ocsp-request\r\n"
- "Content-Length: %u\r\n\r\n",
- path, hostname, port, encodedRequest->len);
- if (header == NULL)
- goto loser;
-
- /*
- * The NSPR documentation promises that if it can, it will write the full
- * amount; this will not return a partial value expecting us to loop.
- */
- if (PR_Write(sock, header, (PRInt32) PORT_Strlen(header)) < 0)
- goto loser;
-
- if (PR_Write(sock, encodedRequest->data,
- (PRInt32) encodedRequest->len) < 0)
- goto loser;
-
- returnSock = sock;
- sock = NULL;
-
-loser:
- if (header != NULL)
- PORT_Free(header);
- if (sock != NULL)
- PR_Close(sock);
- if (path != NULL)
- PORT_Free(path);
- if (hostname != NULL)
- PORT_Free(hostname);
-
- return returnSock;
-}
-
-/*
- * Read from "fd" into "buf" -- expect/attempt to read a "minimum" number
- * of bytes, but do not exceed "maximum". (Obviously, stop at less than
- * "minimum" if hit end-of-stream.) Only problems are low-level i/o errors.
- */
-static int
-ocsp_MinMaxRead(PRFileDesc *fd, unsigned char *buf, int minimum, int maximum)
-{
- int total = 0;
-
- while (total < minimum) {
- PRInt32 got;
-
- got = PR_Read(fd, buf + total, (PRInt32) (maximum - total));
- if (got < 0) {
- if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
- break;
- }
- continue;
- } else if (got == 0) { /* EOS */
- break;
- }
-
- total += got;
- }
-
- return total;
-}
-
-#ifdef BUFSIZ
-#define OCSP_BUFSIZE BUFSIZ
-#else
-#define OCSP_BUFSIZE 1024
-#endif
-
-/*
- * Listens on the given socket and returns an encoded response when received.
- * Properly formatted HTTP response headers are expected to be read from the
- * socket, preceding a binary-encoded OCSP response. Problems with parsing
- * cause the error SEC_ERROR_OCSP_BAD_HTTP_RESPONSE to be set; any other
- * problems are likely low-level i/o or memory allocation errors.
- */
-static SECItem *
-ocsp_GetEncodedResponse(PRArenaPool *arena, PRFileDesc *sock)
-{
- unsigned char *buf = NULL;
- int bufsize, bytesRead, len;
- const unsigned char *bufEnd;
- const char *s;
- const char *newline = NULL;
- PRBool headersDone = PR_FALSE;
- PRBool pendingCR = PR_FALSE;
- PRBool contentTypeOK = PR_FALSE;
- unsigned int contentLength = 0;
- void *mark = NULL;
- SECItem *result = NULL;
-
-
- bufsize = OCSP_BUFSIZE;
- buf = PORT_Alloc(bufsize);
- if (buf == NULL) {
- goto loser;
- }
- /*
- * I picked 128 because:
- * - It is a nice "round" number. ;-)
- * - I am sure it should cover at least the first line of the http
- * response (on the order of 20 should be enough but I am allowing
- * for excessive leading whitespace) so that I don't have to keep
- * checking for going past the end of the buffer until after that.
- * - I am sure that any interesting response will be bigger than that;
- * the exception is one that is status-only, like "tryLater".
- * - Given a trim response (no extra whitespace), it should cover
- * all of the http headers, and just a bit of the content.
- * This is what I was aiming for, to minimize data copying.
- */
- bytesRead = ocsp_MinMaxRead(sock, buf, 128, bufsize);
- if (bytesRead <= 0) {
- if (bytesRead == 0)
- PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
- goto loser;
- }
- bufEnd = buf + bytesRead;
- /*
- * Skip leading whitespace.
- */
- for (s = (char *)buf; s < (char *)bufEnd; s++) {
- if (*s != ' ' && *s != '\t') {
- break;
- }
- }
- /*
- * Here we expect to find something like "HTTP/1.x 200 OK\r\n".
- * (The status code may be anything, but should be 3 digits.
- * The comment (e.g. "OK") may be anything as well.) I figure that
- * the minimal line would be "HTTP/x.y zzz\n", which is 13 chars.
- * That may not even meet the spec, but we will accept it -- anything
- * less than that, though, we will not.
- */
- if (((char *)bufEnd - s) < 13 || PORT_Strncasecmp(s, "http/", 5) != 0) {
- PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
- goto loser;
- }
- s += 5; /* skip "http/" */
- /*
- * I don't see a reason to look at the version number. Assuming that
- * whatever version it is, it supports the one or two headers we are
- * looking for, and doesn't completely change the interpretation of
- * status values, it shouldn't matter. We shouldn't reject something
- * that would otherwise work just because the code was picky about
- * version number. So we just skip it, hoping real incompatibility
- * will manifest itself in the parsing.
- */
- while (*s++ != ' ') { /* skip "x.y ", without interpretation */
- /*
- * We expect the version number to be only a few characters,
- * and that we should easily have enough in the buffer to cover.
- * So, if we go past the end, just bail.
- */
- if (s >= (char *)bufEnd) {
- PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
- goto loser;
- }
- }
- /*
- * Now get, and check, the status. Accept 200-299; reject all else.
- * There are some 200s that basically have no content, but that will
- * fall out as bad below, and it's just easier to handle it that way
- * than to try to know all the different status values.
- */
- {
- int statusCode = PORT_Atoi(s);
-
- if (statusCode < 200 || statusCode >= 300) {
- PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
- goto loser;
- }
- }
- s += 3; /* skip 3-digit status code */
- /*
- * The rest of the line is a comment, which we just want to skip.
- * The next thing to do is continue through all of the HTTP headers,
- * watching for the couple we are interested in. The end of the
- * headers (and thus the beginning of the content) is marked by
- * two consecutive newlines. (According to spec that should be
- * CRLF followed by CRLF, but we are being generous and allowing
- * for people who send only CRs or only LFs, too.)
- *
- * XXX Explain better about how the following code works.
- * Especially what the potential values of "newline" are and what
- * each one means.
- */
- while (1) {
- /*
- * Move forward to the next line, stopping when we find a CRLF,
- * CR, or LF, or the end of the buffer. We have to be careful
- * when we find a lone CR at the end of the buffer, because if
- * the next character read is an LF we want to treat it as one
- * newline altogether.
- *
- * We also need to detect two newlines in a row, which is what
- * marks the end of the headers and time for us to quit out of
- * the outer loop.
- */
- for (; s < (char *)bufEnd; s++) {
- if (*s == '\r' || *s == '\n') {
- if (s == newline) {
- headersDone = PR_TRUE; /* 2nd consecutive newline */
- }
- newline = s;
- if (newline[0] == '\r') {
- if (s == (char *)bufEnd - 1) {
- /* CR at end - wait for the next character */
- newline = NULL;
- pendingCR = PR_TRUE;
- break;
- } else if (newline[1] == '\n') {
- /* CRLF seen; swallow both */
- newline++;
- }
- }
- newline++;
- break;
- }
- /*
- * After the first time through, we no longer need to remember
- * where the previous line started. We needed it for checking
- * for consecutive newlines, but now we need it to be clear in
- * case we finish the loop by finishing off the buffer.
- */
- newline = NULL;
- }
- if (headersDone) {
- s = newline;
- break;
- }
- /*
- * When we are here, either:
- * - newline is NULL, meaning we're at the end of the buffer
- * and we need to refill it, or
- * - newline points to the first character on the new line
- */
- if (newline == NULL) {
- /* So, we need to refill the buffer. */
- len = pendingCR ? 1 : 0;
- bytesRead = ocsp_MinMaxRead(sock, buf + len, 64 - len,
- bufsize - len);
- if (bytesRead <= 0) {
- if (bytesRead == 0)
- PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
- goto loser;
- }
- s = (char *)buf;
- bufEnd = buf + len + bytesRead;
- if (pendingCR) {
- buf[0] = '\r';
- pendingCR = PR_FALSE;
- }
- continue;
- }
- /*
- * So, we have a good newline pointer (just past a CR, LF or CRLF),
- * but now we want to make sure that what it points to is long
- * enough to be something we are looking for. If it isn't, add
- * more to the buffer after first copying what's left to the
- * beginning.
- */
- if (((char *)bufEnd - newline) < 40) {
- len = (char *)bufEnd - newline;
- PORT_Memmove(buf, newline, len);
- bytesRead = ocsp_MinMaxRead(sock, buf + len, 40 - len,
- bufsize - len);
- if (bytesRead <= 0) {
- if (bytesRead == 0)
- PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
- goto loser;
- }
- newline = (char *)buf;
- bufEnd = buf + len + bytesRead;
- }
- /*
- * Okay, now we know that we are looking at an HTTP header line
- * with enough length to be safe for our comparisons. See if it is
- * one of the ones we are interested in. (That is, "Content-Length"
- * or "Content-Type".)
- */
- if (PORT_Strncasecmp(newline, "content-", 8) == 0) {
- s = newline + 8;
- if (PORT_Strncasecmp(s, "type: ", 6) == 0) {
- s += 6;
- if (PORT_Strncasecmp(s, "application/ocsp-response",
- 25) != 0) {
- break;
- }
- contentTypeOK = PR_TRUE;
- s += 25;
- } else if (PORT_Strncasecmp(s, "length: ", 8) == 0) {
- s += 8;
- contentLength = PORT_Atoi(s);
- }
- newline = NULL;
- } else {
- /*
- * Not an interesting header. We will go around the loop
- * again to find the next line.
- */
- s = newline;
- }
- }
-
- /*
- * Check that we got the correct content type. (If !contentTypeOK,
- * the content-type header was either bad or missing.)
- */
- if (!contentTypeOK) {
- PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
- goto loser;
- }
-
- /*
- * Now we need to handle the actual content. We may not have a
- * good content-length; things are harder if we do not -- in that
- * case we will just read until we get EOS.
- */
-
- /*
- * We are finally about the allocate the return area; before that
- * mark the arena so we can release-back on error.
- */
- if (arena != NULL) {
- mark = PORT_ArenaMark(arena);
- }
- /*
- * How much of the content is already in the buffer?
- */
- if (s == NULL) {
- len = 0;
- } else {
- len = (char *)bufEnd - s;
- if (contentLength && len > contentLength) {
- len = contentLength;
- }
- }
- /*
- * Now allocate the item to hold the data.
- */
- result = SECITEM_AllocItem(arena, NULL,
- contentLength ? contentLength : len);
- if (result == NULL) {
- goto loser;
- }
- /*
- * And copy the data left in the buffer.
- */
- if (len) {
- PORT_Memcpy(result->data, s, len);
- }
-
- /*
- * Now we need to read all of the (rest of the) content. If we know
- * the length, it's easy, just one big read. If not, we need to loop,
- * reading until there is nothing left to read.
- */
- if (contentLength) {
- int remaining;
-
- /*
- * It may be the case that our last buffer ended exactly on the
- * second CR of the CRLF pair which denotes the end of the headers.
- * If so, we have to be prepared to read, and skip over, an LF.
- * Since we want to read the rest of the content directly into
- * the buffer we are returning, we read one byte specifically and
- * see if it is an LF. If not, we just copy that byte into the
- * first byte of our return value.
- */
- if (pendingCR) {
- PORT_Assert(len == 0);
- bytesRead = ocsp_MinMaxRead(sock, buf, 1, 1);
- if (bytesRead < 1) {
- goto loser;
- }
- if (buf[0] != '\n') {
- result->data[0] = buf[0];
- len = 1;
- }
- }
- remaining = contentLength - len;
- if (remaining) {
- bytesRead = ocsp_MinMaxRead(sock, result->data + len,
- remaining, remaining);
- if (bytesRead < remaining) {
- if (bytesRead > 0) {
- PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
- }
- goto loser;
- }
- }
- } else while (1) {
- /*
- * Read as much as we can. There is no real minimum here,
- * we will just take whatever we can get and copy it over
- * into our result area.
- */
- bytesRead = ocsp_MinMaxRead(sock, buf, 1, bufsize);
- if (bytesRead < 0) {
- goto loser;
- }
- if (bytesRead == 0) { /* EOS: all done reading */
- break;
- }
- /*
- * Now make room for that many more bytes in our result area.
- */
- if (SECITEM_ReallocItem(arena, result, len,
- len + bytesRead) != SECSuccess) {
- goto loser;
- }
- /*
- * The first time through this loop, it may be the case that
- * we have the final LF of our CRLF pair that ended the headers.
- * If so, we need to skip over it.
- */
- if (pendingCR && buf[0] == '\n') {
- PORT_Memcpy(result->data + len, buf + 1, bytesRead - 1);
- len += bytesRead - 1;
- } else {
- PORT_Memcpy(result->data + len, buf, bytesRead);
- len += bytesRead;
- }
- /*
- * In any case, after the first time through, we are done
- * looking for that LF.
- */
- pendingCR = PR_FALSE;
- /*
- * If we are reading "slowly", get ourselves a bigger buffer.
- */
- if (bytesRead == bufsize) {
- bufsize *= 2;
- PORT_Free(buf);
- buf = PORT_Alloc(bufsize);
- if (buf == NULL) {
- goto loser;
- }
- }
- }
-
- /*
- * Finally, we are done! The encoded response (the content of the
- * HTTP response) is now in "result". We just have a little cleaning
- * up to do before we return.
- */
- if (mark != NULL) {
- PORT_ArenaUnmark(arena, mark);
- }
- PORT_Free(buf);
- return result;
-
-loser:
- if (mark != NULL) {
- PORT_ArenaRelease(arena, mark);
- } else if (result != NULL) {
- SECITEM_FreeItem(result, PR_TRUE);
- }
- if (buf != NULL) {
- PORT_Free(buf);
- }
- return NULL;
-}
-
-
-/*
- * FUNCTION: CERT_GetEncodedOCSPResponse
- * Creates and sends a request to an OCSP responder, then reads and
- * returns the (encoded) response.
- * INPUTS:
- * PRArenaPool *arena
- * Pointer to arena from which return value will be allocated.
- * If NULL, result will be allocated from the heap (and thus should
- * be freed via SECITEM_FreeItem).
- * CERTCertList *certList
- * A list of certs for which status will be requested.
- * Note that all of these certificates should have the same issuer,
- * or it's expected the response will be signed by a trusted responder.
- * If the certs need to be broken up into multiple requests, that
- * must be handled by the caller (and thus by having multiple calls
- * to this routine), who knows about where the request(s) are being
- * sent and whether there are any trusted responders in place.
- * char *location
- * The location of the OCSP responder (a URL).
- * int64 time
- * Indicates the time for which the certificate status is to be
- * determined -- this may be used in the search for the cert's issuer
- * but has no other bearing on the operation.
- * PRBool addServiceLocator
- * If true, the Service Locator extension should be added to the
- * single request(s) for each cert.
- * CERTCertificate *signerCert
- * If non-NULL, means sign the request using this cert. Otherwise,
- * do not sign.
- * void *pwArg
- * Pointer to argument for password prompting, if needed. (Definitely
- * not needed if not signing.)
- * OUTPUTS:
- * CERTOCSPRequest **pRequest
- * Pointer in which to store the OCSP request created for the given
- * list of certificates. It is only filled in if the entire operation
- * is successful and the pointer is not null -- and in that case the
- * caller is then reponsible for destroying it.
- * RETURN:
- * Returns a pointer to the SECItem holding the response.
- * On error, returns null with error set describing the reason:
- * SEC_ERROR_UNKNOWN_ISSUER
- * SEC_ERROR_CERT_BAD_ACCESS_LOCATION
- * SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
- * Other errors are low-level problems (no memory, bad database, etc.).
- */
-SECItem *
-CERT_GetEncodedOCSPResponse(PRArenaPool *arena, CERTCertList *certList,
- char *location, int64 time,
- PRBool addServiceLocator,
- CERTCertificate *signerCert, void *pwArg,
- CERTOCSPRequest **pRequest)
-{
- CERTOCSPRequest *request = NULL;
- SECItem *encodedRequest = NULL;
- SECItem *encodedResponse = NULL;
- PRFileDesc *sock = NULL;
- SECStatus rv;
-
- request = CERT_CreateOCSPRequest(certList, time, addServiceLocator,
- signerCert);
- if (request == NULL)
- goto loser;
-
- rv = CERT_AddOCSPAcceptableResponses(request,
- SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
- if (rv != SECSuccess)
- goto loser;
-
- encodedRequest = CERT_EncodeOCSPRequest(NULL, request, pwArg);
- if (encodedRequest == NULL)
- goto loser;
-
- sock = ocsp_SendEncodedRequest(location, encodedRequest);
- if (sock == NULL)
- goto loser;
-
- encodedResponse = ocsp_GetEncodedResponse(arena, sock);
- if (encodedResponse != NULL && pRequest != NULL) {
- *pRequest = request;
- request = NULL; /* avoid destroying below */
- }
-
-loser:
- if (request != NULL)
- CERT_DestroyOCSPRequest(request);
- if (encodedRequest != NULL)
- SECITEM_FreeItem(encodedRequest, PR_TRUE);
- if (sock != NULL)
- PR_Close(sock);
-
- return encodedResponse;
-}
-
-
-/* Checks a certificate for the key usage extension of OCSP signer. */
-static PRBool
-ocsp_CertIsOCSPSigner(CERTCertificate *cert)
-{
- SECStatus rv;
- SECItem extItem;
- SECItem **oids;
- SECItem *oid;
- SECOidTag oidTag;
- PRBool retval;
- CERTOidSequence *oidSeq = NULL;
-
-
- extItem.data = NULL;
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- oidSeq = CERT_DecodeOidSequence(&extItem);
- if ( oidSeq == NULL ) {
- goto loser;
- }
-
- oids = oidSeq->oids;
- while ( *oids != NULL ) {
- oid = *oids;
-
- oidTag = SECOID_FindOIDTag(oid);
-
- if ( oidTag == SEC_OID_OCSP_RESPONDER ) {
- goto success;
- }
-
- oids++;
- }
-
-loser:
- retval = PR_FALSE;
- goto done;
-success:
- retval = PR_TRUE;
-done:
- if ( extItem.data != NULL ) {
- PORT_Free(extItem.data);
- }
- if ( oidSeq != NULL ) {
- CERT_DestroyOidSequence(oidSeq);
- }
-
- return(retval);
-}
-
-
-#ifdef LATER /*
- * XXX This function is not currently used, but will
- * be needed later when we do revocation checking of
- * the responder certificate. Of course, it may need
- * revising then, if the cert extension interface has
- * changed. (Hopefully it will!)
- */
-
-/* Checks a certificate to see if it has the OCSP no check extension. */
-static PRBool
-ocsp_CertHasNoCheckExtension(CERTCertificate *cert)
-{
- SECStatus rv;
- SECItem extItem;
-
- extItem.data = NULL;
- rv = CERT_FindCertExtension(cert, SEC_OID_PKIX_OCSP_NO_CHECK,
- &extItem);
- if (extItem.data != NULL) {
- PORT_Free(extItem.data);
- }
- if (rv == SECSuccess) {
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-#endif /* LATER */
-
-/*
- * Check the signature on some OCSP data. This is a helper function that
- * can be used to check either a request or a response. The result is
- * saved in the signature structure itself for future reference (to avoid
- * repeating the expensive verification operation), as well as returned.
- * In addition to checking the signature, the certificate (and its chain)
- * are also checked for validity (at the specified time) and usage.
- *
- * The type of cert lookup to be performed is specified by "lookupByName":
- * if true, then "certIndex" is actually a CERTName; otherwise it is a
- * SECItem which contains a key hash.
- *
- * If the signature verifies okay, and the argument "pSignerCert" is not
- * null, that parameter will be filled-in with a pointer to the signer's
- * certificate. The caller is then responsible for destroying the cert.
- *
- * A return of SECSuccess means the verification succeeded. If not,
- * an error will be set with the reason. Most likely are:
- * SEC_ERROR_UNKNOWN_SIGNER - signer's cert could not be found
- * SEC_ERROR_BAD_SIGNATURE - the signature did not verify
- * Other errors are any of the many possible failures in cert verification
- * (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
- * verifying the signer's cert, or low-level problems (no memory, etc.)
- */
-static SECStatus
-ocsp_CheckSignature(ocspSignature *signature, void *tbs,
- const SEC_ASN1Template *encodeTemplate,
- CERTCertDBHandle *handle, SECCertUsage certUsage,
- int64 checkTime, PRBool lookupByName, void *certIndex,
- void *pwArg, CERTCertificate **pSignerCert)
-{
- SECItem rawSignature;
- SECItem *encodedTBS = NULL;
- CERTCertificate *signerCert = NULL;
- SECKEYPublicKey *signerKey = NULL;
- CERTCertificate **certs = NULL;
- SECStatus rv = SECFailure;
- int certCount;
-
- /*
- * If this signature has already gone through verification, just
- * return the cached result.
- */
- if (signature->wasChecked) {
- if (signature->status == SECSuccess) {
- if (pSignerCert != NULL)
- *pSignerCert = CERT_DupCertificate(signature->cert);
- } else {
- PORT_SetError(signature->failureReason);
- }
- return signature->status;
- }
-
- /*
- * If the signature contains some certificates as well, temporarily
- * import them in case they are needed for verification.
- *
- * Note that the result of this is that each cert in "certs" needs
- * to be destroyed.
- */
- certCount = 0;
- if (signature->derCerts != NULL) {
- for (; signature->derCerts[certCount] != NULL; certCount++) {
- /* just counting */
- }
- }
- rv = CERT_ImportCerts(handle, certUsage, certCount,
- signature->derCerts, &certs,
- PR_FALSE, PR_FALSE, NULL);
- if (rv != SECSuccess)
- goto finish;
-
- /*
- * Now look up the certificate that did the signing.
- * The signer can be specified either by name or by key hash.
- */
- if (lookupByName) {
- SECItem *encodedName;
-
- encodedName = SEC_ASN1EncodeItem(NULL, NULL, certIndex,
- CERT_NameTemplate);
- if (encodedName == NULL)
- goto finish;
-
- signerCert = CERT_FindCertByName(handle, encodedName);
- SECITEM_FreeItem(encodedName, PR_TRUE);
- } else {
- signerCert = CERT_FindCertBySPKDigest(handle, certIndex);
- }
-
- if (signerCert == NULL) {
- rv = SECFailure;
- if (PORT_GetError() == SEC_ERROR_UNKNOWN_CERT) {
- /* Make the error a little more specific. */
- PORT_SetError(SEC_ERROR_UNKNOWN_SIGNER);
- }
- goto finish;
- }
-
- /*
- * We could mark this true at the top of this function, or always
- * below at "finish", but if the problem was just that we could not
- * find the signer's cert, leave that as if the signature hasn't
- * been checked in case a subsequent call might have better luck.
- */
- signature->wasChecked = PR_TRUE;
-
- /*
- * Just because we have a cert does not mean it is any good; check
- * it for validity, trust and usage.
- */
- rv = CERT_VerifyCert(handle, signerCert, PR_TRUE, certUsage, checkTime,
- pwArg, NULL);
- if (rv != SECSuccess)
- goto finish;
-
- /*
- * Now get the public key from the signer's certificate; we need
- * it to perform the verification.
- */
- signerKey = CERT_ExtractPublicKey(signerCert);
- if (signerKey == NULL)
- goto finish;
-
- /*
- * Prepare the data to be verified; it needs to be DER encoded first.
- */
- encodedTBS = SEC_ASN1EncodeItem(NULL, NULL, tbs, encodeTemplate);
- if (encodedTBS == NULL)
- goto finish;
-
- /*
- * We copy the signature data *pointer* and length, so that we can
- * modify the length without damaging the original copy. This is a
- * simple copy, not a dup, so no destroy/free is necessary.
- */
- rawSignature = signature->signature;
- /*
- * The raw signature is a bit string, but we need to represent its
- * length in bytes, because that is what the verify function expects.
- */
- DER_ConvertBitString(&rawSignature);
-
- rv = VFY_VerifyData(encodedTBS->data, encodedTBS->len, signerKey,
- &rawSignature,
- SECOID_GetAlgorithmTag(&signature->signatureAlgorithm),
- pwArg);
-
-finish:
- if (signature->wasChecked)
- signature->status = rv;
-
- if (rv != SECSuccess) {
- signature->failureReason = PORT_GetError();
- if (signerCert != NULL)
- CERT_DestroyCertificate(signerCert);
- } else {
- /*
- * Save signer's certificate in signature.
- */
- signature->cert = signerCert;
- if (pSignerCert != NULL) {
- /*
- * Pass pointer to signer's certificate back to our caller,
- * who is also now responsible for destroying it.
- */
- *pSignerCert = CERT_DupCertificate(signerCert);
- }
- }
-
- if (encodedTBS != NULL)
- SECITEM_FreeItem(encodedTBS, PR_TRUE);
-
- if (signerKey != NULL)
- SECKEY_DestroyPublicKey(signerKey);
-
- if (certs != NULL)
- CERT_DestroyCertArray(certs, certCount);
-
- return rv;
-}
-
-
-/*
- * FUNCTION: CERT_VerifyOCSPResponseSignature
- * Check the signature on an OCSP Response. Will also perform a
- * verification of the signer's certificate. Note, however, that a
- * successful verification does not make any statement about the
- * signer's *authority* to provide status for the certificate(s),
- * that must be checked individually for each certificate.
- * INPUTS:
- * CERTOCSPResponse *response
- * Pointer to response structure with signature to be checked.
- * CERTCertDBHandle *handle
- * Pointer to CERTCertDBHandle for certificate DB to use for verification.
- * void *pwArg
- * Pointer to argument for password prompting, if needed.
- * OUTPUTS:
- * CERTCertificate **pSignerCert
- * Pointer in which to store signer's certificate; only filled-in if
- * non-null.
- * RETURN:
- * Returns SECSuccess when signature is valid, anything else means invalid.
- * Possible errors set:
- * SEC_ERROR_OCSP_MALFORMED_RESPONSE - unknown type of ResponderID
- * SEC_ERROR_INVALID_TIME - bad format of "ProducedAt" time
- * SEC_ERROR_UNKNOWN_SIGNER - signer's cert could not be found
- * SEC_ERROR_BAD_SIGNATURE - the signature did not verify
- * Other errors are any of the many possible failures in cert verification
- * (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
- * verifying the signer's cert, or low-level problems (no memory, etc.)
- */
-SECStatus
-CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
- CERTCertDBHandle *handle, void *pwArg,
- CERTCertificate **pSignerCert)
-{
- ocspResponseData *tbsData; /* this is what is signed */
- PRBool byName;
- void *certIndex;
- int64 producedAt;
- SECStatus rv;
-
- tbsData = ocsp_GetResponseData(response);
-
- PORT_Assert(tbsData->responderID != NULL);
- switch (tbsData->responderID->responderIDType) {
- case ocspResponderID_byName:
- byName = PR_TRUE;
- certIndex = &tbsData->responderID->responderIDValue.name;
- break;
- case ocspResponderID_byKey:
- byName = PR_FALSE;
- certIndex = &tbsData->responderID->responderIDValue.keyHash;
- break;
- case ocspResponderID_other:
- default:
- PORT_Assert(0);
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- return SECFailure;
- }
-
- /*
- * ocsp_CheckSignature will also verify the signer certificate; we
- * need to tell it *when* that certificate must be valid -- for our
- * purposes we expect it to be valid when the response was signed.
- * The value of "producedAt" is the signing time.
- */
- rv = DER_GeneralizedTimeToTime(&producedAt, &tbsData->producedAt);
- if (rv != SECSuccess)
- return rv;
-
- return ocsp_CheckSignature(ocsp_GetResponseSignature(response),
- tbsData, ocsp_ResponseDataTemplate,
- handle, certUsageStatusResponder, producedAt,
- byName, certIndex, pwArg, pSignerCert);
-}
-
-/*
- * See if two certIDs match. This can be easy or difficult, depending
- * on whether the same hash algorithm was used.
- */
-static PRBool
-ocsp_CertIDsMatch(CERTCertDBHandle *handle,
- CERTOCSPCertID *certID1, CERTOCSPCertID *certID2)
-{
- PRBool match = PR_FALSE;
- CERTCertificate *issuer1 = NULL;
- CERTCertificate *issuer2 = NULL;
- SECItem *foundHash = NULL;
- CERTCertificate *found;
- SECOidTag hashAlg;
- SECItem *givenHash;
-
- /*
- * In order to match, they must have the same issuer and the same
- * serial number.
- *
- * We just compare the easier things first.
- */
- if (SECITEM_CompareItem(&certID1->serialNumber,
- &certID2->serialNumber) != SECEqual) {
- goto done;
- }
-
- if (SECOID_CompareAlgorithmID(&certID1->hashAlgorithm,
- &certID2->hashAlgorithm) == SECEqual) {
- /*
- * If the hash algorithms match then we can do a simple compare
- * of the hash values themselves.
- */
- if ((SECITEM_CompareItem(&certID1->issuerNameHash,
- &certID2->issuerNameHash) == SECEqual)
- && (SECITEM_CompareItem(&certID1->issuerKeyHash,
- &certID2->issuerKeyHash) == SECEqual)) {
- match = PR_TRUE;
- }
- goto done;
- }
-
- /*
- * The hash algorithms are different; this is harder. We have
- * to do a lookup of each one and compare them.
- */
- issuer1 = CERT_FindCertBySPKDigest(handle, &certID1->issuerKeyHash);
- issuer2 = CERT_FindCertBySPKDigest(handle, &certID2->issuerKeyHash);
-
- if (issuer1 == NULL && issuer2 == NULL) {
- /* If we cannot find an issuer cert, we have no way to compare. */
- goto done;
- }
-
- if (issuer1 != NULL && issuer2 != NULL) {
- /* If we found a cert for each hash, we can just compare them. */
- if (issuer1 == issuer2)
- match = PR_TRUE;
- goto done;
- }
-
- /*
- * We found one issuer, but not both. So we have to use the other certID
- * hash algorithm on the key in the found issuer cert to see if they match.
- */
-
- if (issuer1 != NULL) {
- found = issuer1;
- hashAlg = SECOID_FindOIDTag(&certID2->hashAlgorithm.algorithm);
- givenHash = &certID2->issuerKeyHash;
- } else {
- found = issuer2;
- hashAlg = SECOID_FindOIDTag(&certID1->hashAlgorithm.algorithm);
- givenHash = &certID1->issuerKeyHash;
- }
-
- foundHash = CERT_SPKDigestValueForCert(NULL, found, hashAlg, NULL);
- if (foundHash == NULL) {
- goto done;
- }
-
- if (SECITEM_CompareItem(foundHash, givenHash) == SECEqual) {
- /*
- * Strictly speaking, we should compare the issuerNameHash, too,
- * but I think the added complexity doesn't actually buy anything.
- */
- match = PR_TRUE;
- }
-
-done:
- if (issuer1 != NULL) {
- CERT_DestroyCertificate(issuer1);
- }
- if (issuer2 != NULL) {
- CERT_DestroyCertificate(issuer2);
- }
- if (foundHash != NULL) {
- SECITEM_FreeItem(foundHash, PR_TRUE);
- }
- return match;
-}
-
-/*
- * Find the single response for the cert specified by certID.
- * No copying is done; this just returns a pointer to the appropriate
- * response within responses, if it is found (and null otherwise).
- * This is fine, of course, since this function is internal-use only.
- */
-static CERTOCSPSingleResponse *
-ocsp_GetSingleResponseForCertID(CERTOCSPSingleResponse **responses,
- CERTCertDBHandle *handle,
- CERTOCSPCertID *certID)
-{
- CERTOCSPSingleResponse *single;
- int i;
-
- if (responses == NULL)
- return NULL;
-
- for (i = 0; responses[i] != NULL; i++) {
- single = responses[i];
- if (ocsp_CertIDsMatch(handle, certID, single->certID) == PR_TRUE) {
- return single;
- }
- }
-
- /*
- * The OCSP server should have included a response even if it knew
- * nothing about the certificate in question. Since it did not,
- * this will make it look as if it had.
- *
- * XXX Should we make this a separate error to notice the server's
- * bad behavior?
- */
- PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_CERT);
- return NULL;
-}
-
-static ocspCheckingContext *
-ocsp_GetCheckingContext(CERTCertDBHandle *handle)
-{
- CERTStatusConfig *statusConfig;
- ocspCheckingContext *ocspcx = NULL;
-
- statusConfig = CERT_GetStatusConfig(handle);
- if (statusConfig != NULL) {
- ocspcx = statusConfig->statusContext;
-
- /*
- * This is actually an internal error, because we should never
- * have a good statusConfig without a good statusContext, too.
- * For lack of anything better, though, we just assert and use
- * the same error as if there were no statusConfig (set below).
- */
- PORT_Assert(ocspcx != NULL);
- }
-
- if (ocspcx == NULL)
- PORT_SetError(SEC_ERROR_OCSP_NOT_ENABLED);
-
- return ocspcx;
-}
-
-/*
- * Return true if the given signerCert is the default responder for
- * the given certID. If not, or if any error, return false.
- */
-static PRBool
-ocsp_CertIsDefaultResponderForCertID(CERTCertDBHandle *handle,
- CERTCertificate *signerCert,
- CERTOCSPCertID *certID)
-{
- ocspCheckingContext *ocspcx;
-
- ocspcx = ocsp_GetCheckingContext(handle);
- if (ocspcx == NULL)
- goto loser;
-
- /*
- * Right now we have only one default responder. It applies to
- * all certs when it is used, so the check is simple and certID
- * has no bearing on the answer. Someday in the future we may
- * allow configuration of different responders for different
- * issuers, and then we would have to use the issuer specified
- * in certID to determine if signerCert is the right one.
- */
- if (ocspcx->useDefaultResponder) {
- PORT_Assert(ocspcx->defaultResponderCert != NULL);
- if (ocspcx->defaultResponderCert == signerCert)
- return PR_TRUE;
- }
-
-loser:
- return PR_FALSE;
-}
-
-/*
- * Check that the given signer certificate is authorized to sign status
- * information for the given certID. Return true if it is, false if not
- * (or if there is any error along the way). If false is returned because
- * the signer is not authorized, the following error will be set:
- * SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
- * Other errors are low-level problems (no memory, bad database, etc.).
- *
- * There are three ways to be authorized. In the order in which we check,
- * using the terms used in the OCSP spec, the signer must be one of:
- * 1. A "trusted responder" -- it matches a local configuration
- * of OCSP signing authority for the certificate in question.
- * 2. The CA who issued the certificate in question.
- * 3. A "CA designated responder", aka an "authorized responder" -- it
- * must be represented by a special cert issued by the CA who issued
- * the certificate in question.
- */
-static PRBool
-ocsp_AuthorizedResponderForCertID(CERTCertDBHandle *handle,
- CERTCertificate *signerCert,
- CERTOCSPCertID *certID,
- int64 thisUpdate)
-{
- CERTCertificate *issuerCert = NULL;
- SECItem *issuerKeyHash = NULL;
- SECOidTag hashAlg;
- PRBool okay = PR_FALSE;
-
- /*
- * Check first for a trusted responder, which overrides everything else.
- */
- if (ocsp_CertIsDefaultResponderForCertID(handle, signerCert, certID))
- return PR_TRUE;
-
- /*
- * In the other two cases, we need to do an issuer comparison.
- * How we do it depends on whether the signer certificate has the
- * special extension (for a designated responder) or not.
- */
-
- if (ocsp_CertIsOCSPSigner(signerCert)) {
- /*
- * The signer is a designated responder. Its issuer must match
- * the issuer of the cert being checked.
- */
- issuerCert = CERT_FindCertIssuer(signerCert, thisUpdate,
- certUsageAnyCA);
- if (issuerCert == NULL) {
- /*
- * We could leave the SEC_ERROR_UNKNOWN_ISSUER error alone,
- * but the following will give slightly more information.
- * Once we have an error stack, things will be much better.
- */
- PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE);
- goto loser;
- }
- } else {
- /*
- * The signer must *be* the issuer of the cert being checked.
- */
- issuerCert = signerCert;
- }
-
- hashAlg = SECOID_FindOIDTag(&certID->hashAlgorithm.algorithm);
- issuerKeyHash = CERT_SPKDigestValueForCert(NULL, issuerCert, hashAlg, NULL);
- if (issuerKeyHash == NULL)
- goto loser;
-
- if (SECITEM_CompareItem(issuerKeyHash,
- &certID->issuerKeyHash) != SECEqual) {
- PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE);
- goto loser;
- }
-
- okay = PR_TRUE;
-
-loser:
- if (issuerKeyHash != NULL)
- SECITEM_FreeItem(issuerKeyHash, PR_TRUE);
-
- if (issuerCert != NULL && issuerCert != signerCert)
- CERT_DestroyCertificate(issuerCert);
-
- return okay;
-}
-
-/*
- * We need to check that a responder gives us "recent" information.
- * Since a responder can pre-package responses, we need to pick an amount
- * of time that is acceptable to us, and reject any response that is
- * older than that.
- *
- * XXX This *should* be based on some configuration parameter, so that
- * different usages could specify exactly what constitutes "sufficiently
- * recent". But that is not going to happen right away. For now, we
- * want something from within the last 24 hours. This macro defines that
- * number in seconds.
- */
-#define OCSP_ALLOWABLE_LAPSE_SECONDS (24L * 60L * 60L)
-
-static PRBool
-ocsp_TimeIsRecent(int64 checkTime)
-{
- int64 now = PR_Now();
- int64 lapse, tmp;
-
- LL_I2L(lapse, OCSP_ALLOWABLE_LAPSE_SECONDS);
- LL_I2L(tmp, PR_USEC_PER_SEC);
- LL_MUL(lapse, lapse, tmp); /* allowable lapse in microseconds */
-
- LL_ADD(checkTime, checkTime, lapse);
- if (LL_CMP(now, >, checkTime))
- return PR_FALSE;
-
- return PR_TRUE;
-}
-
-/*
- * Check that this single response is okay. A return of SECSuccess means:
- * 1. The signer (represented by "signerCert") is authorized to give status
- * for the cert represented by the individual response in "single".
- * 2. The value of thisUpdate is earlier than now.
- * 3. The value of producedAt is later than or the same as thisUpdate.
- * 4. If nextUpdate is given:
- * - The value of nextUpdate is later than now.
- * - The value of producedAt is earlier than nextUpdate.
- * Else if no nextUpdate:
- * - The value of thisUpdate is fairly recent.
- * - The value of producedAt is fairly recent.
- * However we do not need to perform an explicit check for this last
- * constraint because it is already guaranteed by checking that
- * producedAt is later than thisUpdate and thisUpdate is recent.
- * Oh, and any responder is "authorized" to say that a cert is unknown to it.
- *
- * If any of those checks fail, SECFailure is returned and an error is set:
- * SEC_ERROR_OCSP_FUTURE_RESPONSE
- * SEC_ERROR_OCSP_OLD_RESPONSE
- * SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
- * Other errors are low-level problems (no memory, bad database, etc.).
- */
-static SECStatus
-ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single,
- CERTCertDBHandle *handle,
- CERTCertificate *signerCert,
- int64 producedAt)
-{
- CERTOCSPCertID *certID = single->certID;
- int64 now, thisUpdate, nextUpdate;
- SECStatus rv;
-
- /*
- * If all the responder said was that the given cert was unknown to it,
- * that is a valid response. Not very interesting to us, of course,
- * but all this function is concerned with is validity of the response,
- * not the status of the cert.
- */
- PORT_Assert(single->certStatus != NULL);
- if (single->certStatus->certStatusType == ocspCertStatus_unknown)
- return SECSuccess;
-
- /*
- * We need to extract "thisUpdate" for use below and to pass along
- * to AuthorizedResponderForCertID in case it needs it for doing an
- * issuer look-up.
- */
- rv = DER_GeneralizedTimeToTime(&thisUpdate, &single->thisUpdate);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * First confirm that signerCert is authorized to give this status.
- */
- if (ocsp_AuthorizedResponderForCertID(handle, signerCert, certID,
- thisUpdate) != PR_TRUE)
- return SECFailure;
-
- /*
- * Now check the time stuff, as described above.
- */
- now = PR_Now();
- if (LL_CMP(thisUpdate, >, now) || LL_CMP(producedAt, <, thisUpdate)) {
- PORT_SetError(SEC_ERROR_OCSP_FUTURE_RESPONSE);
- return SECFailure;
- }
- if (single->nextUpdate != NULL) {
- rv = DER_GeneralizedTimeToTime(&nextUpdate, single->nextUpdate);
- if (rv != SECSuccess)
- return rv;
-
- if (LL_CMP(nextUpdate, <, now) || LL_CMP(producedAt, >, nextUpdate)) {
- PORT_SetError(SEC_ERROR_OCSP_OLD_RESPONSE);
- return SECFailure;
- }
- } else if (ocsp_TimeIsRecent(thisUpdate) != PR_TRUE) {
- PORT_SetError(SEC_ERROR_OCSP_OLD_RESPONSE);
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-
-/*
- * FUNCTION: CERT_GetOCSPAuthorityInfoAccessLocation
- * Get the value of the URI of the OCSP responder for the given cert.
- * This is found in the (optional) Authority Information Access extension
- * in the cert.
- * INPUTS:
- * CERTCertificate *cert
- * The certificate being examined.
- * RETURN:
- * char *
- * A copy of the URI for the OCSP method, if found. If either the
- * extension is not present or it does not contain an entry for OCSP,
- * SEC_ERROR_EXTENSION_NOT_FOUND will be set and a NULL returned.
- * Any other error will also result in a NULL being returned.
- *
- * This result should be freed (via PORT_Free) when no longer in use.
- */
-char *
-CERT_GetOCSPAuthorityInfoAccessLocation(CERTCertificate *cert)
-{
- CERTGeneralName *locname = NULL;
- SECItem *location = NULL;
- SECItem *encodedAuthInfoAccess = NULL;
- CERTAuthInfoAccess **authInfoAccess = NULL;
- char *locURI = NULL;
- PRArenaPool *arena = NULL;
- SECStatus rv;
- int i;
-
- /*
- * Allocate this one from the heap because it will get filled in
- * by CERT_FindCertExtension which will also allocate from the heap,
- * and we can free the entire thing on our way out.
- */
- encodedAuthInfoAccess = SECITEM_AllocItem(NULL, NULL, 0);
- if (encodedAuthInfoAccess == NULL)
- goto loser;
-
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_AUTH_INFO_ACCESS,
- encodedAuthInfoAccess);
- if (rv == SECFailure)
- goto loser;
-
- /*
- * The rest of the things allocated in the routine will come out of
- * this arena, which is temporary just for us to decode and get at the
- * AIA extension. The whole thing will be destroyed on our way out,
- * after we have copied the location string (url) itself (if found).
- */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL)
- goto loser;
-
- authInfoAccess = cert_DecodeAuthInfoAccessExtension(arena,
- encodedAuthInfoAccess);
- if (authInfoAccess == NULL)
- goto loser;
-
- for (i = 0; authInfoAccess[i] != NULL; i++) {
- if (SECOID_FindOIDTag(&authInfoAccess[i]->method) == SEC_OID_PKIX_OCSP)
- locname = authInfoAccess[i]->location;
- }
-
- /*
- * If we found an AIA extension, but it did not include an OCSP method,
- * that should look to our caller as if we did not find the extension
- * at all, because it is only an OCSP method that we care about.
- * So set the same error that would be set if the AIA extension was
- * not there at all.
- */
- if (locname == NULL) {
- PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
- goto loser;
- }
-
- /*
- * The following is just a pointer back into locname (i.e. not a copy);
- * thus it should not be freed.
- */
- location = CERT_GetGeneralNameByType(locname, certURI, PR_FALSE);
- if (location == NULL) {
- /*
- * XXX Appears that CERT_GetGeneralNameByType does not set an
- * error if there is no name by that type. For lack of anything
- * better, act as if the extension was not found. In the future
- * this should probably be something more like the extension was
- * badly formed.
- */
- PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
- goto loser;
- }
-
- /*
- * That location is really a string, but it has a specified length
- * without a null-terminator. We need a real string that does have
- * a null-terminator, and we need a copy of it anyway to return to
- * our caller -- so allocate and copy.
- */
- locURI = PORT_Alloc(location->len + 1);
- if (locURI == NULL) {
- goto loser;
- }
- PORT_Memcpy(locURI, location->data, location->len);
- locURI[location->len] = '\0';
-
-loser:
- if (arena != NULL)
- PORT_FreeArena(arena, PR_FALSE);
-
- if (encodedAuthInfoAccess != NULL)
- SECITEM_FreeItem(encodedAuthInfoAccess, PR_TRUE);
-
- return locURI;
-}
-
-
-/*
- * Figure out where we should go to find out the status of the given cert
- * via OCSP. If a default responder is set up, that is our answer.
- * If not, see if the certificate has an Authority Information Access (AIA)
- * extension for OCSP, and return the value of that. Otherwise return NULL.
- * We also let our caller know whether or not the responder chosen was
- * a default responder or not through the output variable isDefault;
- * its value has no meaning unless a good (non-null) value is returned
- * for the location.
- *
- * The result needs to be freed (PORT_Free) when no longer in use.
- */
-static char *
-ocsp_GetResponderLocation(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool *isDefault)
-{
- ocspCheckingContext *ocspcx;
-
- ocspcx = ocsp_GetCheckingContext(handle);
- if (ocspcx != NULL && ocspcx->useDefaultResponder) {
- /*
- * A default responder wins out, if specified.
- * XXX Someday this may be a more complicated determination based
- * on the cert's issuer. (That is, we could have different default
- * responders configured for different issuers.)
- */
- PORT_Assert(ocspcx->defaultResponderURI != NULL);
- *isDefault = PR_TRUE;
- return (PORT_Strdup(ocspcx->defaultResponderURI));
- }
-
- /*
- * No default responder set up, so go see if we can find an AIA
- * extension that has a value for OCSP, and get the url from that.
- */
- *isDefault = PR_FALSE;
- return CERT_GetOCSPAuthorityInfoAccessLocation(cert);
-}
-
-/*
- * Return SECSuccess if the cert was revoked *after* "time",
- * SECFailure otherwise.
- */
-static SECStatus
-ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, int64 time)
-{
- int64 revokedTime;
- SECStatus rv;
-
- rv = DER_GeneralizedTimeToTime(&revokedTime, &revokedInfo->revocationTime);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * Set the error even if we will return success; someone might care.
- */
- PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
-
- if (LL_CMP(revokedTime, >, time))
- return SECSuccess;
-
- return SECFailure;
-}
-
-/*
- * See if the cert represented in the single response had a good status
- * at the specified time.
- */
-static SECStatus
-ocsp_CertHasGoodStatus(CERTOCSPSingleResponse *single, int64 time)
-{
- ocspCertStatus *status;
- SECStatus rv;
-
- status = single->certStatus;
-
- switch (status->certStatusType) {
- case ocspCertStatus_good:
- rv = SECSuccess;
- break;
- case ocspCertStatus_revoked:
- rv = ocsp_CertRevokedAfter(status->certStatusInfo.revokedInfo, time);
- break;
- case ocspCertStatus_unknown:
- PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_CERT);
- rv = SECFailure;
- break;
- case ocspCertStatus_other:
- default:
- PORT_Assert(0);
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- rv = SECFailure;
- break;
- }
-
- return rv;
-}
-
-
-/*
- * FUNCTION: CERT_CheckOCSPStatus
- * Checks the status of a certificate via OCSP. Will only check status for
- * a certificate that has an AIA (Authority Information Access) extension
- * for OCSP *or* when a "default responder" is specified and enabled.
- * (If no AIA extension for OCSP and no default responder in place, the
- * cert is considered to have a good status and SECSuccess is returned.)
- * INPUTS:
- * CERTCertDBHandle *handle
- * certificate DB of the cert that is being checked
- * CERTCertificate *cert
- * the certificate being checked
- * XXX in the long term also need a boolean parameter that specifies
- * whether to check the cert chain, as well; for now we check only
- * the leaf (the specified certificate)
- * int64 time
- * time for which status is to be determined
- * void *pwArg
- * argument for password prompting, if needed
- * RETURN:
- * Returns SECSuccess if an approved OCSP responder "knows" the cert
- * *and* returns a non-revoked status for it; SECFailure otherwise,
- * with an error set describing the reason:
- *
- * SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
- * SEC_ERROR_OCSP_FUTURE_RESPONSE
- * SEC_ERROR_OCSP_MALFORMED_REQUEST
- * SEC_ERROR_OCSP_MALFORMED_RESPONSE
- * SEC_ERROR_OCSP_OLD_RESPONSE
- * SEC_ERROR_OCSP_REQUEST_NEEDS_SIG
- * SEC_ERROR_OCSP_SERVER_ERROR
- * SEC_ERROR_OCSP_TRY_SERVER_LATER
- * SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
- * SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
- * SEC_ERROR_OCSP_UNKNOWN_CERT
- * SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS
- * SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE
- *
- * SEC_ERROR_BAD_SIGNATURE
- * SEC_ERROR_CERT_BAD_ACCESS_LOCATION
- * SEC_ERROR_INVALID_TIME
- * SEC_ERROR_REVOKED_CERTIFICATE
- * SEC_ERROR_UNKNOWN_ISSUER
- * SEC_ERROR_UNKNOWN_SIGNER
- *
- * Other errors are any of the many possible failures in cert verification
- * (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
- * verifying the signer's cert, or low-level problems (error allocating
- * memory, error performing ASN.1 decoding, etc.).
- */
-SECStatus
-CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
- int64 time, void *pwArg)
-{
- char *location = NULL;
- PRBool locationIsDefault;
- CERTCertList *certList = NULL;
- SECItem *encodedResponse = NULL;
- CERTOCSPRequest *request = NULL;
- CERTOCSPResponse *response = NULL;
- CERTCertificate *signerCert = NULL;
- ocspResponseData *responseData;
- int64 producedAt;
- CERTOCSPCertID *certID;
- CERTOCSPSingleResponse *single;
- SECStatus rv = SECFailure;
-
-
- /*
- * The first thing we need to do is find the location of the responder.
- * This will be the value of the default responder (if enabled), else
- * it will come out of the AIA extension in the cert (if present).
- * If we have no such location, then this cert does not "deserve" to
- * be checked -- that is, we consider it a success and just return.
- * The way we tell that is by looking at the error number to see if
- * the problem was no AIA extension was found; any other error was
- * a true failure that we unfortunately have to treat as an overall
- * failure here.
- */
- location = ocsp_GetResponderLocation(handle, cert, &locationIsDefault);
- if (location == NULL) {
- if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND)
- return SECSuccess;
- else
- return SECFailure;
- }
-
- /*
- * For now, create a cert-list of one.
- * XXX In the fullness of time, we will want/need to handle a
- * certificate chain. This will be done either when a new parameter
- * tells us to, or some configuration variable tells us to. In any
- * case, handling it is complicated because we may need to send as
- * many requests (and receive as many responses) as we have certs
- * in the chain. If we are going to talk to a default responder,
- * and we only support one default responder, we can put all of the
- * certs together into one request. Otherwise, we must break them up
- * into multiple requests. (Even if all of the requests will go to
- * the same location, the signature on each response will be different,
- * because each issuer is different. Carefully read the OCSP spec
- * if you do not understand this.)
- */
-
- certList = CERT_NewCertList();
- if (certList == NULL)
- goto loser;
-
- /* dup it because freeing the list will destroy the cert, too */
- cert = CERT_DupCertificate(cert);
- if (cert == NULL)
- goto loser;
-
- if (CERT_AddCertToListTail(certList, cert) != SECSuccess) {
- CERT_DestroyCertificate(cert);
- goto loser;
- }
-
- /*
- * XXX If/when signing of requests is supported, that second NULL
- * should be changed to be the signer certificate. Not sure if that
- * should be passed into this function or retrieved via some operation
- * on the handle/context.
- */
- encodedResponse = CERT_GetEncodedOCSPResponse(NULL, certList, location,
- time, locationIsDefault,
- NULL, pwArg, &request);
- if (encodedResponse == NULL) {
- goto loser;
- }
-
- response = CERT_DecodeOCSPResponse(encodedResponse);
- if (response == NULL) {
- goto loser;
- }
-
- /*
- * Okay, we at least have a response that *looks* like a response!
- * Now see if the overall response status value is good or not.
- * If not, we set an error and give up. (It means that either the
- * server had a problem, or it didn't like something about our
- * request. Either way there is nothing to do but give up.)
- * Otherwise, we continue to find the actual per-cert status
- * in the response.
- */
- switch (response->statusValue) {
- case ocspResponse_successful:
- break;
- case ocspResponse_malformedRequest:
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
- goto loser;
- case ocspResponse_internalError:
- PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
- goto loser;
- case ocspResponse_tryLater:
- PORT_SetError(SEC_ERROR_OCSP_TRY_SERVER_LATER);
- goto loser;
- case ocspResponse_sigRequired:
- /* XXX We *should* retry with a signature, if possible. */
- PORT_SetError(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG);
- goto loser;
- case ocspResponse_unauthorized:
- PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST);
- goto loser;
- case ocspResponse_other:
- case ocspResponse_unused:
- default:
- PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS);
- goto loser;
- }
-
- /*
- * If we've made it this far, we expect a response with a good signature.
- * So, check for that.
- */
- rv = CERT_VerifyOCSPResponseSignature(response, handle, pwArg, &signerCert);
- if (rv != SECSuccess)
- goto loser;
-
- PORT_Assert(signerCert != NULL); /* internal consistency check */
- /* XXX probably should set error, return failure if signerCert is null */
-
- /*
- * The ResponseData part is the real guts of the response.
- */
- responseData = ocsp_GetResponseData(response);
- if (responseData == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- /*
- * There is one producedAt time for the entire response (and a separate
- * thisUpdate time for each individual single response). We need to
- * compare them, so get the overall time to pass into the check of each
- * single response.
- */
- rv = DER_GeneralizedTimeToTime(&producedAt, &responseData->producedAt);
- if (rv != SECSuccess)
- goto loser;
-
- /*
- * Again, we are only doing one request for one cert.
- * XXX When we handle cert chains, the following code will obviously
- * have to be modified, in coordation with the code above that will
- * have to determine how to make multiple requests, etc. It will need
- * to loop, and for each certID in the request, find the matching
- * single response and check the status specified by it.
- *
- * We are helped here in that we know that the requests are made with
- * the request list in the same order as the order of the certs we hand
- * to it. This is why I can directly access the first member of the
- * single request array for the one cert I care about.
- */
-
- certID = request->tbsRequest->requestList[0]->reqCert;
- single = ocsp_GetSingleResponseForCertID(responseData->responses,
- handle, certID);
- if (single == NULL)
- goto loser;
-
- rv = ocsp_VerifySingleResponse(single, handle, signerCert, producedAt);
- if (rv != SECSuccess)
- goto loser;
-
- /*
- * Okay, the last step is to check whether the status says revoked,
- * and if so how that compares to the time value passed into this routine.
- */
-
- rv = ocsp_CertHasGoodStatus(single, time);
-
-loser:
- if (signerCert != NULL)
- CERT_DestroyCertificate(signerCert);
- if (response != NULL)
- CERT_DestroyOCSPResponse(response);
- if (request != NULL)
- CERT_DestroyOCSPRequest(request);
- if (encodedResponse != NULL)
- SECITEM_FreeItem(encodedResponse, PR_TRUE);
- if (certList != NULL)
- CERT_DestroyCertList(certList);
- if (location != NULL)
- PORT_Free(location);
-
- return rv;
-}
-
-
-/*
- * Disable status checking and destroy related structures/data.
- */
-static SECStatus
-ocsp_DestroyStatusChecking(CERTStatusConfig *statusConfig)
-{
- ocspCheckingContext *statusContext;
-
- /*
- * Disable OCSP checking
- */
- statusConfig->statusChecker = NULL;
-
- statusContext = statusConfig->statusContext;
- PORT_Assert(statusContext != NULL);
- if (statusContext == NULL)
- return SECFailure;
-
- if (statusContext->defaultResponderURI != NULL)
- PORT_Free(statusContext->defaultResponderURI);
- if (statusContext->defaultResponderNickname != NULL)
- PORT_Free(statusContext->defaultResponderNickname);
-
- PORT_Free(statusContext);
- statusConfig->statusContext = NULL;
-
- PORT_Free(statusConfig);
-
- return SECSuccess;
-}
-
-
-/*
- * FUNCTION: CERT_DisableOCSPChecking
- * Turns off OCSP checking for the given certificate database.
- * This routine disables OCSP checking. Though it will return
- * SECFailure if OCSP checking is not enabled, it is "safe" to
- * call it that way and just ignore the return value, if it is
- * easier to just call it than to "remember" whether it is enabled.
- * INPUTS:
- * CERTCertDBHandle *handle
- * Certificate database for which OCSP checking will be disabled.
- * RETURN:
- * Returns SECFailure if an error occurred (usually means that OCSP
- * checking was not enabled or status contexts were not initialized --
- * error set will be SEC_ERROR_OCSP_NOT_ENABLED); SECSuccess otherwise.
- */
-SECStatus
-CERT_DisableOCSPChecking(CERTCertDBHandle *handle)
-{
- CERTStatusConfig *statusConfig;
- ocspCheckingContext *statusContext;
-
- if (handle == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- statusConfig = CERT_GetStatusConfig(handle);
- statusContext = ocsp_GetCheckingContext(handle);
- if (statusContext == NULL)
- return SECFailure;
-
- if (statusConfig->statusChecker != CERT_CheckOCSPStatus) {
- /*
- * Status configuration is present, but either not currently
- * enabled or not for OCSP.
- */
- PORT_SetError(SEC_ERROR_OCSP_NOT_ENABLED);
- return SECFailure;
- }
-
- /*
- * This is how we disable status checking. Everything else remains
- * in place in case we are enabled again.
- */
- statusConfig->statusChecker = NULL;
-
- return SECSuccess;
-}
-
-/*
- * Allocate and initialize the informational structures for status checking.
- * This is done when some configuration of OCSP is being done or when OCSP
- * checking is being turned on, whichever comes first.
- */
-static SECStatus
-ocsp_InitStatusChecking(CERTCertDBHandle *handle)
-{
- CERTStatusConfig *statusConfig = NULL;
- ocspCheckingContext *statusContext = NULL;
-
- PORT_Assert(CERT_GetStatusConfig(handle) == NULL);
- if (CERT_GetStatusConfig(handle) != NULL) {
- /* XXX or call statusConfig->statusDestroy and continue? */
- return SECFailure;
- }
-
- statusConfig = PORT_ZNew(CERTStatusConfig);
- if (statusConfig == NULL)
- goto loser;
-
- statusContext = PORT_ZNew(ocspCheckingContext);
- if (statusContext == NULL)
- goto loser;
-
- statusConfig->statusDestroy = ocsp_DestroyStatusChecking;
- statusConfig->statusContext = statusContext;
-
- CERT_SetStatusConfig(handle, statusConfig);
-
- return SECSuccess;
-
-loser:
- if (statusContext != NULL)
- PORT_Free(statusContext);
- if (statusConfig != NULL)
- PORT_Free(statusConfig);
- return SECFailure;
-}
-
-
-/*
- * FUNCTION: CERT_EnableOCSPChecking
- * Turns on OCSP checking for the given certificate database.
- * INPUTS:
- * CERTCertDBHandle *handle
- * Certificate database for which OCSP checking will be enabled.
- * RETURN:
- * Returns SECFailure if an error occurred (likely only problem
- * allocating memory); SECSuccess otherwise.
- */
-SECStatus
-CERT_EnableOCSPChecking(CERTCertDBHandle *handle)
-{
- CERTStatusConfig *statusConfig;
-
- SECStatus rv;
-
- if (handle == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- statusConfig = CERT_GetStatusConfig(handle);
- if (statusConfig == NULL) {
- rv = ocsp_InitStatusChecking(handle);
- if (rv != SECSuccess)
- return rv;
-
- /* Get newly established value */
- statusConfig = CERT_GetStatusConfig(handle);
- PORT_Assert(statusConfig != NULL);
- }
-
- /*
- * Setting the checker function is what really enables the checking
- * when each cert verification is done.
- */
- statusConfig->statusChecker = CERT_CheckOCSPStatus;
-
- return SECSuccess;
-}
-
-
-/*
- * FUNCTION: CERT_SetOCSPDefaultResponder
- * Specify the location and cert of the default responder.
- * If OCSP checking is already enabled *and* use of a default responder
- * is also already enabled, all OCSP checking from now on will go directly
- * to the specified responder. If OCSP checking is not enabled, or if
- * it is but use of a default responder is not enabled, the information
- * will be recorded and take effect whenever both are enabled.
- * INPUTS:
- * CERTCertDBHandle *handle
- * Cert database on which OCSP checking should use the default responder.
- * char *url
- * The location of the default responder (e.g. "http://foo.com:80/ocsp")
- * Note that the location will not be tested until the first attempt
- * to send a request there.
- * char *name
- * The nickname of the cert to trust (expected) to sign the OCSP responses.
- * If the corresponding cert cannot be found, SECFailure is returned.
- * RETURN:
- * Returns SECFailure if an error occurred; SECSuccess otherwise.
- * The most likely error is that the cert for "name" could not be found
- * (probably SEC_ERROR_UNKNOWN_CERT). Other errors are low-level (no memory,
- * bad database, etc.).
- */
-SECStatus
-CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
- const char *url, const char *name)
-{
- CERTCertificate *cert;
- ocspCheckingContext *statusContext;
- char *url_copy = NULL;
- char *name_copy = NULL;
- SECStatus rv;
-
- if (handle == NULL || url == NULL || name == NULL) {
- /*
- * XXX When interface is exported, probably want better errors;
- * perhaps different one for each parameter.
- */
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- /*
- * Find the certificate for the specified nickname. Do this first
- * because it seems the most likely to fail.
- *
- * XXX Shouldn't need that cast if the FindCertByNickname interface
- * used const to convey that it does not modify the name. Maybe someday.
- */
- cert = CERT_FindCertByNickname(handle, (char *) name);
- if (cert == NULL)
- return SECFailure;
-
- /*
- * Make a copy of the url and nickname.
- */
- url_copy = PORT_Strdup(url);
- name_copy = PORT_Strdup(name);
- if (url_copy == NULL || name_copy == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- statusContext = ocsp_GetCheckingContext(handle);
-
- /*
- * Allocate and init the context if it doesn't already exist.
- */
- if (statusContext == NULL) {
- rv = ocsp_InitStatusChecking(handle);
- if (rv != SECSuccess)
- goto loser;
-
- statusContext = ocsp_GetCheckingContext(handle);
- PORT_Assert(statusContext != NULL); /* extreme paranoia */
- }
-
- /*
- * Note -- we do not touch the status context until after all of
- * the steps which could cause errors. If something goes wrong,
- * we want to leave things as they were.
- */
-
- /*
- * Get rid of old url and name if there.
- */
- if (statusContext->defaultResponderNickname != NULL)
- PORT_Free(statusContext->defaultResponderNickname);
- if (statusContext->defaultResponderURI != NULL)
- PORT_Free(statusContext->defaultResponderURI);
-
- /*
- * And replace them with the new ones.
- */
- statusContext->defaultResponderURI = url_copy;
- statusContext->defaultResponderNickname = name_copy;
-
- /*
- * If there was already a cert in place, get rid of it and replace it.
- * Otherwise, we are not currently enabled, so we don't want to save it;
- * it will get re-found and set whenever use of a default responder is
- * enabled.
- */
- if (statusContext->defaultResponderCert != NULL) {
- CERT_DestroyCertificate(statusContext->defaultResponderCert);
- statusContext->defaultResponderCert = cert;
- } else {
- PORT_Assert(statusContext->useDefaultResponder == PR_FALSE);
- CERT_DestroyCertificate(cert);
- }
-
- return SECSuccess;
-
-loser:
- CERT_DestroyCertificate(cert);
- if (url_copy != NULL)
- PORT_Free(url_copy);
- if (name_copy != NULL)
- PORT_Free(name_copy);
- return rv;
-}
-
-
-/*
- * FUNCTION: CERT_EnableOCSPDefaultResponder
- * Turns on use of a default responder when OCSP checking.
- * If OCSP checking is already enabled, this will make subsequent checks
- * go directly to the default responder. (The location of the responder
- * and the nickname of the responder cert must already be specified.)
- * If OCSP checking is not enabled, this will be recorded and take effect
- * whenever it is enabled.
- * INPUTS:
- * CERTCertDBHandle *handle
- * Cert database on which OCSP checking should use the default responder.
- * RETURN:
- * Returns SECFailure if an error occurred; SECSuccess otherwise.
- * No errors are especially likely unless the caller did not previously
- * perform a successful call to SetOCSPDefaultResponder (in which case
- * the error set will be SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER).
- */
-SECStatus
-CERT_EnableOCSPDefaultResponder(CERTCertDBHandle *handle)
-{
- ocspCheckingContext *statusContext;
- CERTCertificate *cert;
-
- if (handle == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- statusContext = ocsp_GetCheckingContext(handle);
-
- if (statusContext == NULL) {
- /*
- * Strictly speaking, the error already set is "correct",
- * but cover over it with one more helpful in this context.
- */
- PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
- return SECFailure;
- }
-
- if (statusContext->defaultResponderURI == NULL) {
- PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
- return SECFailure;
- }
-
- if (statusContext->defaultResponderNickname == NULL) {
- PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
- return SECFailure;
- }
-
- /*
- * Find the cert for the nickname.
- */
- cert = CERT_FindCertByNickname(handle,
- statusContext->defaultResponderNickname);
- /*
- * We should never have trouble finding the cert, because its
- * existence should have been proven by SetOCSPDefaultResponder.
- */
- PORT_Assert(cert != NULL);
- if (cert == NULL)
- return SECFailure;
-
- /*
- * And hang onto it.
- */
- statusContext->defaultResponderCert = cert;
-
- /*
- * Finally, record the fact that we now have a default responder enabled.
- */
- statusContext->useDefaultResponder = PR_TRUE;
- return SECSuccess;
-}
-
-
-/*
- * FUNCTION: CERT_DisableOCSPDefaultResponder
- * Turns off use of a default responder when OCSP checking.
- * (Does nothing if use of a default responder is not enabled.)
- * INPUTS:
- * CERTCertDBHandle *handle
- * Cert database on which OCSP checking should stop using a default
- * responder.
- * RETURN:
- * Returns SECFailure if an error occurred; SECSuccess otherwise.
- * Errors very unlikely (like random memory corruption...).
- */
-SECStatus
-CERT_DisableOCSPDefaultResponder(CERTCertDBHandle *handle)
-{
- CERTStatusConfig *statusConfig;
- ocspCheckingContext *statusContext;
-
- if (handle == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- statusConfig = CERT_GetStatusConfig(handle);
- if (statusConfig == NULL)
- return SECSuccess;
-
- statusContext = ocsp_GetCheckingContext(handle);
- PORT_Assert(statusContext != NULL);
- if (statusContext == NULL)
- return SECFailure;
-
- if (statusContext->defaultResponderCert != NULL) {
- CERT_DestroyCertificate(statusContext->defaultResponderCert);
- statusContext->defaultResponderCert = NULL;
- }
-
- /*
- * Finally, record the fact.
- */
- statusContext->useDefaultResponder = PR_FALSE;
- return SECSuccess;
-}
diff --git a/security/nss/lib/certhigh/ocsp.h b/security/nss/lib/certhigh/ocsp.h
deleted file mode 100644
index 51f81e867..000000000
--- a/security/nss/lib/certhigh/ocsp.h
+++ /dev/null
@@ -1,452 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Interface to the OCSP implementation.
- *
- * $Id$
- */
-
-#ifndef _OCSP_H_
-#define _OCSP_H_
-
-
-#include "plarena.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "keyt.h"
-#include "certt.h"
-#include "ocspt.h"
-
-
-/************************************************************************/
-SEC_BEGIN_PROTOS
-
-/*
- * FUNCTION: CERT_EnableOCSPChecking
- * Turns on OCSP checking for the given certificate database.
- * INPUTS:
- * CERTCertDBHandle *handle
- * Certificate database for which OCSP checking will be enabled.
- * RETURN:
- * Returns SECFailure if an error occurred (likely only problem
- * allocating memory); SECSuccess otherwise.
- */
-extern SECStatus
-CERT_EnableOCSPChecking(CERTCertDBHandle *handle);
-
-/*
- * FUNCTION: CERT_DisableOCSPChecking
- * Turns off OCSP checking for the given certificate database.
- * This routine disables OCSP checking. Though it will return
- * SECFailure if OCSP checking is not enabled, it is "safe" to
- * call it that way and just ignore the return value, if it is
- * easier to just call it than to "remember" whether it is enabled.
- * INPUTS:
- * CERTCertDBHandle *handle
- * Certificate database for which OCSP checking will be disabled.
- * RETURN:
- * Returns SECFailure if an error occurred (usually means that OCSP
- * checking was not enabled or status contexts were not initialized --
- * error set will be SEC_ERROR_OCSP_NOT_ENABLED); SECSuccess otherwise.
- */
-extern SECStatus
-CERT_DisableOCSPChecking(CERTCertDBHandle *handle);
-
-/*
- * FUNCTION: CERT_SetOCSPDefaultResponder
- * Specify the location and cert of the default responder.
- * If OCSP checking is already enabled *and* use of a default responder
- * is also already enabled, all OCSP checking from now on will go directly
- * to the specified responder. If OCSP checking is not enabled, or if
- * it is but use of a default responder is not enabled, the information
- * will be recorded and take effect whenever both are enabled.
- * INPUTS:
- * CERTCertDBHandle *handle
- * Cert database on which OCSP checking should use the default responder.
- * char *url
- * The location of the default responder (e.g. "http://foo.com:80/ocsp")
- * Note that the location will not be tested until the first attempt
- * to send a request there.
- * char *name
- * The nickname of the cert to trust (expected) to sign the OCSP responses.
- * If the corresponding cert cannot be found, SECFailure is returned.
- * RETURN:
- * Returns SECFailure if an error occurred; SECSuccess otherwise.
- * The most likely error is that the cert for "name" could not be found
- * (probably SEC_ERROR_UNKNOWN_CERT). Other errors are low-level (no memory,
- * bad database, etc.).
- */
-extern SECStatus
-CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
- const char *url, const char *name);
-
-/*
- * FUNCTION: CERT_EnableOCSPDefaultResponder
- * Turns on use of a default responder when OCSP checking.
- * If OCSP checking is already enabled, this will make subsequent checks
- * go directly to the default responder. (The location of the responder
- * and the nickname of the responder cert must already be specified.)
- * If OCSP checking is not enabled, this will be recorded and take effect
- * whenever it is enabled.
- * INPUTS:
- * CERTCertDBHandle *handle
- * Cert database on which OCSP checking should use the default responder.
- * RETURN:
- * Returns SECFailure if an error occurred; SECSuccess otherwise.
- * No errors are especially likely unless the caller did not previously
- * perform a successful call to SetOCSPDefaultResponder (in which case
- * the error set will be SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER).
- */
-extern SECStatus
-CERT_EnableOCSPDefaultResponder(CERTCertDBHandle *handle);
-
-/*
- * FUNCTION: CERT_DisableOCSPDefaultResponder
- * Turns off use of a default responder when OCSP checking.
- * (Does nothing if use of a default responder is not enabled.)
- * INPUTS:
- * CERTCertDBHandle *handle
- * Cert database on which OCSP checking should stop using a default
- * responder.
- * RETURN:
- * Returns SECFailure if an error occurred; SECSuccess otherwise.
- * Errors very unlikely (like random memory corruption...).
- */
-extern SECStatus
-CERT_DisableOCSPDefaultResponder(CERTCertDBHandle *handle);
-
-/*
- * -------------------------------------------------------
- * The Functions above are those expected to be used by a client
- * providing OCSP status checking along with every cert verification.
- * The functions below are for OCSP testing, debugging, or clients
- * or servers performing more specialized OCSP tasks.
- * -------------------------------------------------------
- */
-
-/*
- * FUNCTION: CERT_CreateOCSPRequest
- * Creates a CERTOCSPRequest, requesting the status of the certs in
- * the given list.
- * INPUTS:
- * CERTCertList *certList
- * A list of certs for which status will be requested.
- * Note that all of these certificates should have the same issuer,
- * or it's expected the response will be signed by a trusted responder.
- * If the certs need to be broken up into multiple requests, that
- * must be handled by the caller (and thus by having multiple calls
- * to this routine), who knows about where the request(s) are being
- * sent and whether there are any trusted responders in place.
- * int64 time
- * Indicates the time for which the certificate status is to be
- * determined -- this may be used in the search for the cert's issuer
- * but has no effect on the request itself.
- * PRBool addServiceLocator
- * If true, the Service Locator extension should be added to the
- * single request(s) for each cert.
- * CERTCertificate *signerCert
- * If non-NULL, means sign the request using this cert. Otherwise,
- * do not sign.
- * XXX note that request signing is not yet supported; see comment in code
- * RETURN:
- * A pointer to a CERTOCSPRequest structure containing an OCSP request
- * for the cert list. On error, null is returned, with an error set
- * indicating the reason. This is likely SEC_ERROR_UNKNOWN_ISSUER.
- * (The issuer is needed to create a request for the certificate.)
- * Other errors are low-level problems (no memory, bad database, etc.).
- */
-extern CERTOCSPRequest *
-CERT_CreateOCSPRequest(CERTCertList *certList, int64 time,
- PRBool addServiceLocator,
- CERTCertificate *signerCert);
-
-/*
- * FUNCTION: CERT_AddOCSPAcceptableResponses
- * Add the AcceptableResponses extension to an OCSP Request.
- * INPUTS:
- * CERTOCSPRequest *request
- * The request to which the extension should be added.
- * ...
- * A list (of one or more) of SECOidTag -- each of the response types
- * to be added. The last OID *must* be SEC_OID_PKIX_OCSP_BASIC_RESPONSE.
- * (This marks the end of the list, and it must be specified because a
- * client conforming to the OCSP standard is required to handle the basic
- * response type.) The OIDs are not checked in any way.
- * RETURN:
- * SECSuccess if the extension is added; SECFailure if anything goes wrong.
- * All errors are internal or low-level problems (e.g. no memory).
- */
-extern SECStatus
-CERT_AddOCSPAcceptableResponses(CERTOCSPRequest *request, ...);
-
-/*
- * FUNCTION: CERT_EncodeOCSPRequest
- * DER encodes an OCSP Request, possibly adding a signature as well.
- * XXX Signing is not yet supported, however; see comments in code.
- * INPUTS:
- * PRArenaPool *arena
- * The return value is allocated from here.
- * If a NULL is passed in, allocation is done from the heap instead.
- * CERTOCSPRequest *request
- * The request to be encoded.
- * void *pwArg
- * Pointer to argument for password prompting, if needed. (Definitely
- * not needed if not signing.)
- * RETURN:
- * Returns a NULL on error and a pointer to the SECItem with the
- * encoded value otherwise. Any error is likely to be low-level
- * (e.g. no memory).
- */
-extern SECItem *
-CERT_EncodeOCSPRequest(PRArenaPool *arena, CERTOCSPRequest *request,
- void *pwArg);
-
-/*
- * FUNCTION: CERT_DecodeOCSPRequest
- * Decode a DER encoded OCSP Request.
- * INPUTS:
- * SECItem *src
- * Pointer to a SECItem holding DER encoded OCSP Request.
- * RETURN:
- * Returns a pointer to a CERTOCSPRequest containing the decoded request.
- * On error, returns NULL. Most likely error is trouble decoding
- * (SEC_ERROR_OCSP_MALFORMED_REQUEST), or low-level problem (no memory).
- */
-extern CERTOCSPRequest *
-CERT_DecodeOCSPRequest(SECItem *src);
-
-/*
- * FUNCTION: CERT_DestroyOCSPRequest
- * Frees an OCSP Request structure.
- * INPUTS:
- * CERTOCSPRequest *request
- * Pointer to CERTOCSPRequest to be freed.
- * RETURN:
- * No return value; no errors.
- */
-extern void
-CERT_DestroyOCSPRequest(CERTOCSPRequest *request);
-
-/*
- * FUNCTION: CERT_DecodeOCSPResponse
- * Decode a DER encoded OCSP Response.
- * INPUTS:
- * SECItem *src
- * Pointer to a SECItem holding DER encoded OCSP Response.
- * RETURN:
- * Returns a pointer to a CERTOCSPResponse (the decoded OCSP Response);
- * the caller is responsible for destroying it. Or NULL if error (either
- * response could not be decoded (SEC_ERROR_OCSP_MALFORMED_RESPONSE),
- * it was of an unexpected type (SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE),
- * or a low-level or internal error occurred).
- */
-extern CERTOCSPResponse *
-CERT_DecodeOCSPResponse(SECItem *src);
-
-/*
- * FUNCTION: CERT_DestroyOCSPResponse
- * Frees an OCSP Response structure.
- * INPUTS:
- * CERTOCSPResponse *request
- * Pointer to CERTOCSPResponse to be freed.
- * RETURN:
- * No return value; no errors.
- */
-extern void
-CERT_DestroyOCSPResponse(CERTOCSPResponse *response);
-
-/*
- * FUNCTION: CERT_GetEncodedOCSPResponse
- * Creates and sends a request to an OCSP responder, then reads and
- * returns the (encoded) response.
- * INPUTS:
- * PRArenaPool *arena
- * Pointer to arena from which return value will be allocated.
- * If NULL, result will be allocated from the heap (and thus should
- * be freed via SECITEM_FreeItem).
- * CERTCertList *certList
- * A list of certs for which status will be requested.
- * Note that all of these certificates should have the same issuer,
- * or it's expected the response will be signed by a trusted responder.
- * If the certs need to be broken up into multiple requests, that
- * must be handled by the caller (and thus by having multiple calls
- * to this routine), who knows about where the request(s) are being
- * sent and whether there are any trusted responders in place.
- * char *location
- * The location of the OCSP responder (a URL).
- * int64 time
- * Indicates the time for which the certificate status is to be
- * determined -- this may be used in the search for the cert's issuer
- * but has no other bearing on the operation.
- * PRBool addServiceLocator
- * If true, the Service Locator extension should be added to the
- * single request(s) for each cert.
- * CERTCertificate *signerCert
- * If non-NULL, means sign the request using this cert. Otherwise,
- * do not sign.
- * void *pwArg
- * Pointer to argument for password prompting, if needed. (Definitely
- * not needed if not signing.)
- * OUTPUTS:
- * CERTOCSPRequest **pRequest
- * Pointer in which to store the OCSP request created for the given
- * list of certificates. It is only filled in if the entire operation
- * is successful and the pointer is not null -- and in that case the
- * caller is then reponsible for destroying it.
- * RETURN:
- * Returns a pointer to the SECItem holding the response.
- * On error, returns null with error set describing the reason:
- * SEC_ERROR_UNKNOWN_ISSUER
- * SEC_ERROR_CERT_BAD_ACCESS_LOCATION
- * SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
- * Other errors are low-level problems (no memory, bad database, etc.).
- */
-extern SECItem *
-CERT_GetEncodedOCSPResponse(PRArenaPool *arena, CERTCertList *certList,
- char *location, int64 time,
- PRBool addServiceLocator,
- CERTCertificate *signerCert, void *pwArg,
- CERTOCSPRequest **pRequest);
-
-/*
- * FUNCTION: CERT_VerifyOCSPResponseSignature
- * Check the signature on an OCSP Response. Will also perform a
- * verification of the signer's certificate. Note, however, that a
- * successful verification does not make any statement about the
- * signer's *authority* to provide status for the certificate(s),
- * that must be checked individually for each certificate.
- * INPUTS:
- * CERTOCSPResponse *response
- * Pointer to response structure with signature to be checked.
- * CERTCertDBHandle *handle
- * Pointer to CERTCertDBHandle for certificate DB to use for verification.
- * void *pwArg
- * Pointer to argument for password prompting, if needed.
- * OUTPUTS:
- * CERTCertificate **pSignerCert
- * Pointer in which to store signer's certificate; only filled-in if
- * non-null.
- * RETURN:
- * Returns SECSuccess when signature is valid, anything else means invalid.
- * Possible errors set:
- * SEC_ERROR_OCSP_MALFORMED_RESPONSE - unknown type of ResponderID
- * SEC_ERROR_INVALID_TIME - bad format of "ProducedAt" time
- * SEC_ERROR_UNKNOWN_SIGNER - signer's cert could not be found
- * SEC_ERROR_BAD_SIGNATURE - the signature did not verify
- * Other errors are any of the many possible failures in cert verification
- * (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
- * verifying the signer's cert, or low-level problems (no memory, etc.)
- */
-extern SECStatus
-CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
- CERTCertDBHandle *handle, void *pwArg,
- CERTCertificate **pSignerCert);
-
-/*
- * FUNCTION: CERT_GetOCSPAuthorityInfoAccessLocation
- * Get the value of the URI of the OCSP responder for the given cert.
- * This is found in the (optional) Authority Information Access extension
- * in the cert.
- * INPUTS:
- * CERTCertificate *cert
- * The certificate being examined.
- * RETURN:
- * char *
- * A copy of the URI for the OCSP method, if found. If either the
- * extension is not present or it does not contain an entry for OCSP,
- * SEC_ERROR_EXTENSION_NOT_FOUND will be set and a NULL returned.
- * Any other error will also result in a NULL being returned.
- *
- * This result should be freed (via PORT_Free) when no longer in use.
- */
-extern char *
-CERT_GetOCSPAuthorityInfoAccessLocation(CERTCertificate *cert);
-
-/*
- * FUNCTION: CERT_CheckOCSPStatus
- * Checks the status of a certificate via OCSP. Will only check status for
- * a certificate that has an AIA (Authority Information Access) extension
- * for OCSP *or* when a "default responder" is specified and enabled.
- * (If no AIA extension for OCSP and no default responder in place, the
- * cert is considered to have a good status and SECSuccess is returned.)
- * INPUTS:
- * CERTCertDBHandle *handle
- * certificate DB of the cert that is being checked
- * CERTCertificate *cert
- * the certificate being checked
- * XXX in the long term also need a boolean parameter that specifies
- * whether to check the cert chain, as well; for now we check only
- * the leaf (the specified certificate)
- * int64 time
- * time for which status is to be determined
- * void *pwArg
- * argument for password prompting, if needed
- * RETURN:
- * Returns SECSuccess if an approved OCSP responder "knows" the cert
- * *and* returns a non-revoked status for it; SECFailure otherwise,
- * with an error set describing the reason:
- *
- * SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
- * SEC_ERROR_OCSP_FUTURE_RESPONSE
- * SEC_ERROR_OCSP_MALFORMED_REQUEST
- * SEC_ERROR_OCSP_MALFORMED_RESPONSE
- * SEC_ERROR_OCSP_OLD_RESPONSE
- * SEC_ERROR_OCSP_REQUEST_NEEDS_SIG
- * SEC_ERROR_OCSP_SERVER_ERROR
- * SEC_ERROR_OCSP_TRY_SERVER_LATER
- * SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
- * SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
- * SEC_ERROR_OCSP_UNKNOWN_CERT
- * SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS
- * SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE
- *
- * SEC_ERROR_BAD_SIGNATURE
- * SEC_ERROR_CERT_BAD_ACCESS_LOCATION
- * SEC_ERROR_INVALID_TIME
- * SEC_ERROR_REVOKED_CERTIFICATE
- * SEC_ERROR_UNKNOWN_ISSUER
- * SEC_ERROR_UNKNOWN_SIGNER
- *
- * Other errors are any of the many possible failures in cert verification
- * (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
- * verifying the signer's cert, or low-level problems (error allocating
- * memory, error performing ASN.1 decoding, etc.).
- */
-extern SECStatus
-CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
- int64 time, void *pwArg);
-/************************************************************************/
-SEC_END_PROTOS
-
-#endif /* _OCSP_H_ */
diff --git a/security/nss/lib/certhigh/ocspt.h b/security/nss/lib/certhigh/ocspt.h
deleted file mode 100644
index 3f1563855..000000000
--- a/security/nss/lib/certhigh/ocspt.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Public header for exported OCSP types.
- *
- * $Id$
- */
-
-#ifndef _OCSPT_H_
-#define _OCSPT_H_
-
-/*
- * The following are all opaque types. If someone needs to get at
- * a field within, then we need to fix the API. Try very hard not
- * make the type available to them.
- */
-typedef struct CERTOCSPRequestStr CERTOCSPRequest;
-typedef struct CERTOCSPResponseStr CERTOCSPResponse;
-
-/*
- * XXX I think only those first two above should need to be exported,
- * but until I know for certain I am leaving the rest of these here, too.
- */
-typedef struct CERTOCSPCertIDStr CERTOCSPCertID;
-typedef struct CERTOCSPCertStatusStr CERTOCSPCertStatus;
-typedef struct CERTOCSPSingleResponseStr CERTOCSPSingleResponse;
-
-#endif /* _OCSPT_H_ */
diff --git a/security/nss/lib/certhigh/ocspti.h b/security/nss/lib/certhigh/ocspti.h
deleted file mode 100644
index 5f530c4bf..000000000
--- a/security/nss/lib/certhigh/ocspti.h
+++ /dev/null
@@ -1,398 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Private header defining OCSP types.
- *
- * $Id$
- */
-
-#ifndef _OCSPTI_H_
-#define _OCSPTI_H_
-
-#include "ocspt.h"
-
-#include "certt.h"
-#include "plarena.h"
-#include "seccomon.h"
-#include "secoidt.h"
-
-
-/*
- * Some notes about naming conventions...
- *
- * The public data types all start with "CERTOCSP" (e.g. CERTOCSPRequest).
- * (Even the public types are opaque, however. Only their names are
- * "exported".)
- *
- * Internal-only data types drop the "CERT" prefix and use only the
- * lower-case "ocsp" (e.g. ocspTBSRequest), for brevity sake.
- *
- * In either case, the base/suffix of the type name usually matches the
- * name as defined in the OCSP specification. The exceptions to this are:
- * - When there is overlap between the "OCSP" or "ocsp" prefix and
- * the name used in the standard. That is, you cannot strip off the
- * "CERTOCSP" or "ocsp" prefix and necessarily get the name of the
- * type as it is defined in the standard; the "real" name will be
- * *either* "OCSPSuffix" or just "Suffix".
- * - When the name in the standard was a little too generic. (e.g. The
- * standard defines "Request" but we call it a "SingleRequest".)
- * In this case a comment above the type definition calls attention
- * to the difference.
- *
- * The definitions laid out in this header file are intended to follow
- * the same order as the definitions in the OCSP specification itself.
- * With the OCSP standard in hand, you should be able to move through
- * this file and follow along. To future modifiers of this file: please
- * try to keep it that way. The only exceptions are the few cases where
- * we need to define a type before it is referenced (e.g. enumerations),
- * whereas in the OCSP specification these are usually defined the other
- * way around (reference before definition).
- */
-
-
-/*
- * Forward-declarations of internal-only data structures.
- *
- * These are in alphabetical order (case-insensitive); please keep it that way!
- */
-typedef struct ocspBasicOCSPResponseStr ocspBasicOCSPResponse;
-typedef struct ocspCertStatusStr ocspCertStatus;
-typedef struct ocspResponderIDStr ocspResponderID;
-typedef struct ocspResponseBytesStr ocspResponseBytes;
-typedef struct ocspResponseDataStr ocspResponseData;
-typedef struct ocspRevokedInfoStr ocspRevokedInfo;
-typedef struct ocspServiceLocatorStr ocspServiceLocator;
-typedef struct ocspSignatureStr ocspSignature;
-typedef struct ocspSingleRequestStr ocspSingleRequest;
-typedef struct ocspSingleResponseStr ocspSingleResponse;
-typedef struct ocspTBSRequestStr ocspTBSRequest;
-
-
-/*
- * An OCSPRequest; this is what is sent (encoded) to an OCSP responder.
- */
-struct CERTOCSPRequestStr {
- PRArenaPool *arena; /* local; not part of encoding */
- ocspTBSRequest *tbsRequest;
- ocspSignature *optionalSignature;
-};
-
-/*
- * A TBSRequest; when an OCSPRequest is signed, the encoding of this
- * is what the signature is actually applied to. ("TBS" == To Be Signed)
- * Whether signed or not, however, this structure will be present, and
- * is the "meat" of the OCSPRequest.
- *
- * Note that the "requestorName" field cannot be encoded/decoded in the
- * same pass as the entire request -- it needs to be handled with a special
- * call to convert to/from our internal form of a GeneralName. Thus the
- * "derRequestorName" field, which is the actual DER-encoded bytes.
- *
- * The "extensionHandle" field is used on creation only; it holds
- * in-progress extensions as they are optionally added to the request.
- */
-struct ocspTBSRequestStr {
- SECItem version; /* an INTEGER */
- SECItem *derRequestorName; /* encoded GeneralName; see above */
- CERTGeneralNameList *requestorName; /* local; not part of encoding */
- ocspSingleRequest **requestList;
- CERTCertExtension **requestExtensions;
- void *extensionHandle; /* local; not part of encoding */
-};
-
-/*
- * This is the actual signature information for an OCSPRequest (applied to
- * the TBSRequest structure) or for a BasicOCSPResponse (applied to a
- * ResponseData structure).
- *
- * Note that the "signature" field itself is a BIT STRING; operations on
- * it need to keep that in mind, converting the length to bytes as needed
- * and back again afterward (so that the length is usually expressing bits).
- *
- * The "cert" field is the signer's certificate. In the case of a received
- * signature, it will be filled in when the signature is verified. In the
- * case of a created signature, it is filled in on creation and will be the
- * cert used to create the signature when the signing-and-encoding occurs,
- * as well as the cert (and its chain) to fill in derCerts if requested.
- *
- * The extra fields cache information about the signature after we have
- * attempted a verification. "wasChecked", if true, means the signature
- * has been checked against the appropriate data and thus that "status"
- * contains the result of that verification. If "status" is not SECSuccess,
- * "failureReason" is a copy of the error code that was set at the time;
- * presumably it tells why the signature verification failed.
- */
-struct ocspSignatureStr {
- SECAlgorithmID signatureAlgorithm;
- SECItem signature; /* a BIT STRING */
- SECItem **derCerts; /* a SEQUENCE OF Certificate */
- CERTCertificate *cert; /* local; not part of encoding */
- PRBool wasChecked; /* local; not part of encoding */
- SECStatus status; /* local; not part of encoding */
- int failureReason; /* local; not part of encoding */
-};
-
-/*
- * An OCSPRequest contains a SEQUENCE OF these, one for each certificate
- * whose status is being checked.
- *
- * Note that in the OCSP specification this is just called "Request",
- * but since that seemed confusing (vs. an OCSPRequest) and to be more
- * consistent with the parallel type "SingleResponse", I called it a
- * "SingleRequest".
- *
- * XXX figure out how to get rid of that arena -- there must be a way
- */
-struct ocspSingleRequestStr {
- PRArenaPool *arena; /* just a copy of the response arena,
- * needed here for extension handling
- * routines, on creation only */
- CERTOCSPCertID *reqCert;
- CERTCertExtension **singleRequestExtensions;
-};
-
-/*
- * A CertID is the means of identifying a certificate, used both in requests
- * and in responses.
- *
- * When in a SingleRequest it specifies the certificate to be checked.
- * When in a SingleResponse it is the cert whose status is being given.
- */
-struct CERTOCSPCertIDStr {
- SECAlgorithmID hashAlgorithm;
- SECItem issuerNameHash; /* an OCTET STRING */
- SECItem issuerKeyHash; /* an OCTET STRING */
- SECItem serialNumber; /* an INTEGER */
-};
-
-/*
- * This describes the value of the responseStatus field in an OCSPResponse.
- * The corresponding ASN.1 definition is:
- *
- * OCSPResponseStatus ::= ENUMERATED {
- * successful (0), --Response has valid confirmations
- * malformedRequest (1), --Illegal confirmation request
- * internalError (2), --Internal error in issuer
- * tryLater (3), --Try again later
- * --(4) is not used
- * sigRequired (5), --Must sign the request
- * unauthorized (6), --Request unauthorized
- * }
- */
-typedef enum {
- ocspResponse_successful = 0,
- ocspResponse_malformedRequest = 1,
- ocspResponse_internalError = 2,
- ocspResponse_tryLater = 3,
- ocspResponse_unused = 4,
- ocspResponse_sigRequired = 5,
- ocspResponse_unauthorized = 6,
- ocspResponse_other /* unknown/unrecognized value */
-} ocspResponseStatus;
-
-/*
- * An OCSPResponse is what is sent (encoded) by an OCSP responder.
- *
- * The field "responseStatus" is the ASN.1 encoded value; the field
- * "statusValue" is simply that same value translated into our local
- * type ocspResponseStatus.
- */
-struct CERTOCSPResponseStr {
- PRArenaPool *arena; /* local; not part of encoding */
- SECItem responseStatus; /* an ENUMERATED, see above */
- ocspResponseStatus statusValue; /* local; not part of encoding */
- ocspResponseBytes *responseBytes; /* only when status is successful */
-};
-
-/*
- * A ResponseBytes (despite appearances) is what contains the meat
- * of a successful response -- but still in encoded form. The type
- * given as "responseType" tells you how to decode the string.
- *
- * We look at the OID and translate it into our local OID representation
- * "responseTypeTag", and use that value to tell us how to decode the
- * actual response itself. For now the only kind of OCSP response we
- * know about is a BasicOCSPResponse. However, the intention in the
- * OCSP specification is to allow for other response types, so we are
- * building in that flexibility from the start and thus put a pointer
- * to that data structure inside of a union. Whenever OCSP adds more
- * response types, just add them to the union.
- */
-struct ocspResponseBytesStr {
- SECItem responseType; /* an OBJECT IDENTIFIER */
- SECOidTag responseTypeTag; /* local; not part of encoding */
- SECItem response; /* an OCTET STRING */
- union {
- ocspBasicOCSPResponse *basic; /* when type is id-pkix-ocsp-basic */
- } decodedResponse; /* local; not part of encoding */
-};
-
-/*
- * A BasicOCSPResponse -- when the responseType in a ResponseBytes is
- * id-pkix-ocsp-basic, the "response" OCTET STRING above is the DER
- * encoding of one of these.
- *
- * Note that in the OCSP specification, the signature fields are not
- * part of a separate sub-structure. But since they are the same fields
- * as we define for the signature in a request, it made sense to share
- * the C data structure here and in some shared code to operate on them.
- */
-struct ocspBasicOCSPResponseStr {
- ocspResponseData *tbsResponseData; /* "tbs" == To Be Signed */
- ocspSignature responseSignature;
-};
-
-/*
- * A ResponseData is the part of a BasicOCSPResponse that is signed
- * (after it is DER encoded). It contains the real details of the response
- * (a per-certificate status).
- */
-struct ocspResponseDataStr {
- SECItem version; /* an INTEGER */
- SECItem derResponderID;
- ocspResponderID *responderID; /* local; not part of encoding */
- SECItem producedAt; /* a GeneralizedTime */
- CERTOCSPSingleResponse **responses;
- CERTCertExtension **responseExtensions;
-};
-
-/*
- * A ResponderID identifies the responder -- or more correctly, the
- * signer of the response. The ASN.1 definition of a ResponderID is:
- *
- * ResponderID ::= CHOICE {
- * byName [1] EXPLICIT Name,
- * byKey [2] EXPLICIT KeyHash }
- *
- * Because it is CHOICE, the type of identification used and the
- * identification itself are actually encoded together. To represent
- * this same information internally, we explicitly define a type and
- * save it, along with the value, into a data structure.
- */
-
-typedef enum {
- ocspResponderID_byName,
- ocspResponderID_byKey,
- ocspResponderID_other /* unknown kind of responderID */
-} ocspResponderIDType;
-
-struct ocspResponderIDStr {
- ocspResponderIDType responderIDType;/* local; not part of encoding */
- union {
- CERTName name; /* when ocspResponderID_byName */
- SECItem keyHash; /* when ocspResponderID_byKey */
- SECItem other; /* when ocspResponderID_other */
- } responderIDValue;
-};
-
-/*
- * The ResponseData in a BasicOCSPResponse contains a SEQUENCE OF
- * SingleResponse -- one for each certificate whose status is being supplied.
- *
- * XXX figure out how to get rid of that arena -- there must be a way
- */
-struct CERTOCSPSingleResponseStr {
- PRArenaPool *arena; /* just a copy of the response arena,
- * needed here for extension handling
- * routines, on creation only */
- CERTOCSPCertID *certID;
- SECItem derCertStatus;
- ocspCertStatus *certStatus; /* local; not part of encoding */
- SECItem thisUpdate; /* a GeneralizedTime */
- SECItem *nextUpdate; /* a GeneralizedTime */
- CERTCertExtension **singleExtensions;
-};
-
-/*
- * A CertStatus is the actual per-certificate status. Its ASN.1 definition:
- *
- * CertStatus ::= CHOICE {
- * good [0] IMPLICIT NULL,
- * revoked [1] IMPLICIT RevokedInfo,
- * unknown [2] IMPLICIT UnknownInfo }
- *
- * (where for now UnknownInfo is defined to be NULL but in the
- * future may be replaced with an enumeration).
- *
- * Because it is CHOICE, the status value and its associated information
- * (if any) are actually encoded together. To represent this same
- * information internally, we explicitly define a type and save it,
- * along with the value, into a data structure.
- */
-
-typedef enum {
- ocspCertStatus_good, /* cert is not revoked */
- ocspCertStatus_revoked, /* cert is revoked */
- ocspCertStatus_unknown, /* cert was unknown to the responder */
- ocspCertStatus_other /* status was not an expected value */
-} ocspCertStatusType;
-
-/*
- * This is the actual per-certificate status.
- *
- * The "goodInfo" and "unknownInfo" items are only place-holders for a NULL.
- * (Though someday OCSP may replace UnknownInfo with an enumeration that
- * gives more detailed information.)
- */
-struct ocspCertStatusStr {
- ocspCertStatusType certStatusType; /* local; not part of encoding */
- union {
- SECItem *goodInfo; /* when ocspCertStatus_good */
- ocspRevokedInfo *revokedInfo; /* when ocspCertStatus_revoked */
- SECItem *unknownInfo; /* when ocspCertStatus_unknown */
- SECItem *otherInfo; /* when ocspCertStatus_other */
- } certStatusInfo;
-};
-
-/*
- * A RevokedInfo gives information about a revoked certificate -- when it
- * was revoked and why.
- */
-struct ocspRevokedInfoStr {
- SECItem revocationTime; /* a GeneralizedTime */
- SECItem *revocationReason; /* a CRLReason; ignored for now */
-};
-
-/*
- * ServiceLocator can be included as one of the singleRequestExtensions.
- * When added, it specifies the (name of the) issuer of the cert being
- * checked, and optionally the value of the AuthorityInfoAccess extension
- * if the cert has one.
- */
-struct ocspServiceLocatorStr {
- CERTName *issuer;
- SECItem locator; /* DER encoded authInfoAccess extension from cert */
-};
-
-#endif /* _OCSPTI_H_ */
diff --git a/security/nss/lib/certhigh/xcrldist.c b/security/nss/lib/certhigh/xcrldist.c
deleted file mode 100644
index d560cfd23..000000000
--- a/security/nss/lib/certhigh/xcrldist.c
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Code for dealing with x.509 v3 CRL Distribution Point extension.
- */
-#include "genname.h"
-#include "certt.h"
-#include "secerr.h"
-
-extern void PrepareBitStringForEncoding (SECItem *bitMap, SECItem *value);
-
-static const SEC_ASN1Template FullNameTemplate[] = {
- {SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
- offsetof (CRLDistributionPoint,derFullName), CERT_GeneralNamesTemplate}
-};
-
-static const SEC_ASN1Template RelativeNameTemplate[] = {
- {SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,
- offsetof (CRLDistributionPoint,distPoint.relativeName), CERT_RDNTemplate}
-};
-
-static const SEC_ASN1Template CRLDistributionPointTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRLDistributionPoint) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0,
- offsetof(CRLDistributionPoint,derDistPoint), SEC_AnyTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CRLDistributionPoint,bitsmap), SEC_BitStringTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_CONSTRUCTED | 2,
- offsetof(CRLDistributionPoint, derCrlIssuer), CERT_GeneralNamesTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CERTCRLDistributionPointsTemplate[] = {
- {SEC_ASN1_SEQUENCE_OF, 0, CRLDistributionPointTemplate}
-};
-
-SECStatus
-CERT_EncodeCRLDistributionPoints (PRArenaPool *arena, CERTCrlDistributionPoints *value,
- SECItem *derValue)
-{
- CRLDistributionPoint **pointList, *point;
- PRArenaPool *ourPool = NULL;
- SECStatus rv = SECSuccess;
-
- PORT_Assert (derValue);
- PORT_Assert (value && value->distPoints);
-
- do {
- ourPool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (ourPool == NULL) {
- rv = SECFailure;
- break;
- }
-
- pointList = value->distPoints;
- while (*pointList) {
- point = *pointList;
- point->derFullName = NULL;
- point->derDistPoint.data = NULL;
-
- if (point->distPointType == generalName) {
- point->derFullName = cert_EncodeGeneralNames
- (ourPool, point->distPoint.fullName);
-
- if (point->derFullName) {
- rv = (SEC_ASN1EncodeItem (ourPool, &point->derDistPoint,
- point, FullNameTemplate) == NULL) ? SECFailure : SECSuccess;
- } else {
- rv = SECFailure;
- }
- }
- else if (point->distPointType == relativeDistinguishedName) {
- if (SEC_ASN1EncodeItem
- (ourPool, &point->derDistPoint,
- point, RelativeNameTemplate) == NULL)
- rv = SECFailure;
- }
- /* distributionPointName is omitted */
- else if (point->distPointType != 0) {
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- rv = SECFailure;
- }
- if (rv != SECSuccess)
- break;
-
- if (point->reasons.data)
- PrepareBitStringForEncoding (&point->bitsmap, &point->reasons);
-
- if (point->crlIssuer) {
- point->derCrlIssuer = cert_EncodeGeneralNames
- (ourPool, point->crlIssuer);
- if (!point->crlIssuer)
- break;
- }
-
- ++pointList;
- }
- if (rv != SECSuccess)
- break;
- if (SEC_ASN1EncodeItem
- (arena, derValue, value, CERTCRLDistributionPointsTemplate) == NULL) {
- rv = SECFailure;
- break;
- }
- } while (0);
- PORT_FreeArena (ourPool, PR_FALSE);
- return (rv);
-}
-
-CERTCrlDistributionPoints *
-CERT_DecodeCRLDistributionPoints (PRArenaPool *arena, SECItem *encodedValue)
-{
- CERTCrlDistributionPoints *value = NULL;
- CRLDistributionPoint **pointList, *point;
- SECStatus rv;
-
- PORT_Assert (arena);
- do {
- value = (CERTCrlDistributionPoints*)PORT_ArenaZAlloc (arena, sizeof (*value));
- if (value == NULL) {
- rv = SECFailure;
- break;
- }
-
- rv = SEC_ASN1DecodeItem
- (arena, &value->distPoints, CERTCRLDistributionPointsTemplate,
- encodedValue);
- if (rv != SECSuccess)
- break;
-
- pointList = value->distPoints;
- while (*pointList) {
- point = *pointList;
-
- /* get the data if the distributionPointName is not omitted */
- if (point->derDistPoint.data != NULL) {
- point->distPointType = (DistributionPointTypes)
- ((point->derDistPoint.data[0] & 0x1f) +1);
- if (point->distPointType == generalName) {
- SECItem innerDER;
-
- innerDER.data = NULL;
- rv = SEC_ASN1DecodeItem
- (arena, point, FullNameTemplate, &(point->derDistPoint));
- if (rv != SECSuccess)
- break;
- point->distPoint.fullName = cert_DecodeGeneralNames
- (arena, point->derFullName);
-
- if (!point->distPoint.fullName)
- break;
- }
- else if ( relativeDistinguishedName) {
- rv = SEC_ASN1DecodeItem
- (arena, point, RelativeNameTemplate, &(point->derDistPoint));
- if (rv != SECSuccess)
- break;
- }
- else {
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- break;
- }
- }
-
- /* Get the reason code if it's not omitted in the encoding */
- if (point->bitsmap.data != NULL) {
- point->reasons.data = (unsigned char*) PORT_ArenaAlloc
- (arena, (point->bitsmap.len + 7) >> 3);
- if (!point->reasons.data) {
- rv = SECFailure;
- break;
- }
- PORT_Memcpy (point->reasons.data, point->bitsmap.data,
- point->reasons.len = ((point->bitsmap.len + 7) >> 3));
- }
-
- /* Get the crl issuer name if it's not omitted in the encoding */
- if (point->derCrlIssuer != NULL) {
- point->crlIssuer = cert_DecodeGeneralNames
- (arena, point->derCrlIssuer);
-
- if (!point->crlIssuer)
- break;
- }
- ++pointList;
- }
- } while (0);
- return (rv == SECSuccess ? value : NULL);
-}
diff --git a/security/nss/lib/ckfw/.cvsignore b/security/nss/lib/ckfw/.cvsignore
deleted file mode 100644
index 988228d5a..000000000
--- a/security/nss/lib/ckfw/.cvsignore
+++ /dev/null
@@ -1,4 +0,0 @@
-nssckepv.h
-nssckg.h
-nssckft.h
-nssck.api
diff --git a/security/nss/lib/ckfw/Makefile b/security/nss/lib/ckfw/Makefile
deleted file mode 100644
index df7317052..000000000
--- a/security/nss/lib/ckfw/Makefile
+++ /dev/null
@@ -1,46 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-include manifest.mn
-include config.mk
-include $(CORE_DEPTH)/coreconf/config.mk
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-# This'll need some help from a build person.
-
-nssckepv.h: ck.api ckapi.perl
-nssckft.h: ck.api ckapi.perl
-nssckg.h: ck.api ckapi.perl
- perl ckapi.perl < ck.api
-
diff --git a/security/nss/lib/ckfw/builtins/.cvsignore b/security/nss/lib/ckfw/builtins/.cvsignore
deleted file mode 100644
index ccbbcce86..000000000
--- a/security/nss/lib/ckfw/builtins/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
-certdata.c
diff --git a/security/nss/lib/ckfw/builtins/Makefile b/security/nss/lib/ckfw/builtins/Makefile
deleted file mode 100644
index 31d5ab3fb..000000000
--- a/security/nss/lib/ckfw/builtins/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-include manifest.mn
-include config.mk
-include $(CORE_DEPTH)/coreconf/config.mk
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-# This'll need some help from a build person.
-
-certdata.c: certdata.txt certdata.perl
- perl certdata.perl < certdata.txt
diff --git a/security/nss/lib/ckfw/builtins/anchor.c b/security/nss/lib/ckfw/builtins/anchor.c
deleted file mode 100644
index 12c77a75c..000000000
--- a/security/nss/lib/ckfw/builtins/anchor.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * builtins/anchor.c
- *
- * This file "anchors" the actual cryptoki entry points in this module's
- * shared library, which is required for dynamic loading. See the
- * comments in nssck.api for more information.
- */
-
-#include "builtins.h"
-
-#define MODULE_NAME builtins
-#define INSTANCE_NAME (NSSCKMDInstance *)&nss_builtins_mdInstance
-#include "nssck.api"
diff --git a/security/nss/lib/ckfw/builtins/builtins.h b/security/nss/lib/ckfw/builtins/builtins.h
deleted file mode 100644
index b506ccdc0..000000000
--- a/security/nss/lib/ckfw/builtins/builtins.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char BUILTINS_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "nssckmdt.h"
-#include "nssckfw.h"
-
-/*
- * I'm including this for access to the arena functions.
- * Looks like we should publish that API.
- */
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-/*
- * This is where the Netscape extensions live, at least for now.
- */
-#ifndef CKT_H
-#include "ckt.h"
-#endif /* CKT_H */
-
-struct builtinsInternalObjectStr {
- CK_ULONG n;
- CK_ATTRIBUTE_TYPE *types;
- NSSItem *items;
-};
-typedef struct builtinsInternalObjectStr builtinsInternalObject;
-
-NSS_EXTERN_DATA const builtinsInternalObject nss_builtins_data[];
-NSS_EXTERN_DATA const PRUint32 nss_builtins_nObjects;
-
-NSS_EXTERN_DATA const CK_VERSION nss_builtins_CryptokiVersion;
-NSS_EXTERN_DATA const NSSUTF8 * nss_builtins_ManufacturerID;
-NSS_EXTERN_DATA const NSSUTF8 * nss_builtins_LibraryDescription;
-NSS_EXTERN_DATA const CK_VERSION nss_builtins_LibraryVersion;
-NSS_EXTERN_DATA const NSSUTF8 * nss_builtins_SlotDescription;
-NSS_EXTERN_DATA const CK_VERSION nss_builtins_HardwareVersion;
-NSS_EXTERN_DATA const CK_VERSION nss_builtins_FirmwareVersion;
-NSS_EXTERN_DATA const NSSUTF8 * nss_builtins_TokenLabel;
-NSS_EXTERN_DATA const NSSUTF8 * nss_builtins_TokenModel;
-NSS_EXTERN_DATA const NSSUTF8 * nss_builtins_TokenSerialNumber;
-
-NSS_EXTERN_DATA const NSSCKMDInstance nss_builtins_mdInstance;
-NSS_EXTERN_DATA const NSSCKMDSlot nss_builtins_mdSlot;
-NSS_EXTERN_DATA const NSSCKMDToken nss_builtins_mdToken;
-
-NSS_EXTERN NSSCKMDSession *
-nss_builtins_CreateSession
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
-
-NSS_EXTERN NSSCKMDFindObjects *
-nss_builtins_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
-
-NSS_EXTERN NSSCKMDObject *
-nss_builtins_CreateMDObject
-(
- NSSArena *arena,
- builtinsInternalObject *io,
- CK_RV *pError
-);
diff --git a/security/nss/lib/ckfw/builtins/certdata.perl b/security/nss/lib/ckfw/builtins/certdata.perl
deleted file mode 100644
index 5ccd2e5ad..000000000
--- a/security/nss/lib/ckfw/builtins/certdata.perl
+++ /dev/null
@@ -1,291 +0,0 @@
-#!perl -w
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-my $cvs_id = '@(#) $RCSfile$ $Revision$ $Date$ $Name$';
-use strict;
-
-my %constants;
-my $count = 0;
-my $o;
-my @objects = ();
-my @objsize;
-my $cvsid;
-
-$constants{CKO_DATA} = "static const CK_OBJECT_CLASS cko_data = CKO_DATA;\n";
-$constants{CK_TRUE} = "static const CK_BBOOL ck_true = CK_TRUE;\n";
-$constants{CK_FALSE} = "static const CK_BBOOL ck_false = CK_FALSE;\n";
-
-while(<>) {
- my @fields = ();
- my $size;
-
- s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/;
- next if (/^\s*$/);
-
- if( /(^CVS_ID\s+)(.*)/ ) {
-# print "The CVS ID is $2\n";
- $cvsid = $2 . "\"; $cvs_id\"";
- my $scratch = $cvsid;
- $size = 1 + $scratch =~ s/[^"\n]//g;
- @{$objects[0][0]} = ( "CKA_CLASS", "&cko_data", "sizeof(CK_OBJECT_CLASS)" );
- @{$objects[0][1]} = ( "CKA_TOKEN", "&ck_true", "sizeof(CK_BBOOL)" );
- @{$objects[0][2]} = ( "CKA_PRIVATE", "&ck_false", "sizeof(CK_BBOOL)" );
- @{$objects[0][3]} = ( "CKA_MODIFIABLE", "&ck_false", "sizeof(CK_BBOOL)" );
- @{$objects[0][4]} = ( "CKA_LABEL", "\"CVS ID\"", "7" );
- @{$objects[0][5]} = ( "CKA_APPLICATION", "\"NSS\"", "4" );
- @{$objects[0][6]} = ( "CKA_VALUE", $cvsid, "$size" );
- $objsize[0] = 7;
- next;
- }
-
- # This was taken from the perl faq #4.
- my $text = $_;
- push(@fields, $+) while $text =~ m{
- "([^\"\\]*(?:\\.[^\"\\]*)*)"\s? # groups the phrase inside the quotes
- | ([^\s]+)\s?
- | \s
- }gx;
- push(@fields, undef) if substr($text,-1,1) eq '\s';
-
- if( $fields[0] =~ /BEGINDATA/ ) {
- next;
- }
-
- if( $fields[1] =~ /MULTILINE/ ) {
- $fields[2] = "";
- while(<>) {
- last if /END/;
- chomp;
- $fields[2] .= "\"$_\"\n";
- }
- }
-
- if( $fields[1] =~ /UTF8/ ) {
- if( $fields[2] =~ /^"/ ) {
- ;
- } else {
- $fields[2] = "\"" . $fields[2] . "\"";
- }
-
- my $scratch = $fields[2];
- $size = $scratch =~ s/[^"\n]//g; # should supposedly handle multilines, too..
- $size += 1; # null terminate
- }
-
- if( $fields[1] =~ /OCTAL/ ) {
- if( $fields[2] =~ /^"/ ) {
- ;
- } else {
- $fields[2] = "\"" . $fields[2] . "\"";
- }
-
- my $scratch = $fields[2];
- $size = $scratch =~ tr/\\//;
- # no null termination
- }
-
- if( $fields[1] =~ /^CK_/ ) {
- my $lcv = $fields[2];
- $lcv =~ tr/A-Z/a-z/;
- if( !defined($constants{$fields[2]}) ) {
- $constants{$fields[2]} = "static const $fields[1] $lcv = $fields[2];\n";
- }
-
- $size = "sizeof($fields[1])";
- $fields[2] = "&$lcv";
- }
-
- if( $fields[0] =~ /CKA_CLASS/ ) {
- $count++;
- $objsize[$count] = 0;
- }
-
- @{$objects[$count][$objsize[$count]++]} = ( "$fields[0]", $fields[2], "$size" );
-
-# print "$fields[0] | $fields[1] | $size | $fields[2]\n";
-}
-
-doprint();
-
-sub dudump {
-my $i;
-#for( $i = 0; $i <= $count; $i++ ) {
-# print "\n";
-# $o = $objects[$i];
-# my @ob = @{$o};
-# my $l;
-# my $j;
-# for( $j = 0; $j < @ob; $j++ ) {
-# $l = $ob[$j];
-# my @a = @{$l};
-# print "$a[0] ! $a[1] ! $a[2]\n";
-# }
-#}
-
-}
-
-sub doprint {
-my $i;
-
-open(CFILE, ">certdata.c") || die "Can't open certdata.c: $!";
-
-print CFILE <<EOD
-/* THIS IS A GENERATED FILE */
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifdef DEBUG
-static const char CVS_ID[] = $cvsid;
-#endif /* DEBUG */
-
-#ifndef BUILTINS_H
-#include "builtins.h"
-#endif /* BUILTINS_H */
-
-EOD
- ;
-
-while(($a,$b) = each(%constants)) {
- print CFILE $b;
-}
-
-for( $i = 0; $i <= $count; $i++ ) {
- if( 0 == $i ) {
- print CFILE "#ifdef DEBUG\n";
- }
-
- print CFILE "static const CK_ATTRIBUTE_TYPE nss_builtins_types_$i [] = {\n";
- $o = $objects[$i];
- my @ob = @{$o};
- my $j;
- for( $j = 0; $j < @ob; $j++ ) {
- my $l = $ob[$j];
- my @a = @{$l};
- print CFILE " $a[0]";
- if( $j+1 != @ob ) {
- print CFILE ", ";
- }
- }
- print CFILE "\n};\n";
-
- if( 0 == $i ) {
- print CFILE "#endif /* DEBUG */\n";
- }
-}
-
-for( $i = 0; $i <= $count; $i++ ) {
- if( 0 == $i ) {
- print CFILE "#ifdef DEBUG\n";
- }
-
- print CFILE "static const NSSItem nss_builtins_items_$i [] = {\n";
- $o = $objects[$i];
- my @ob = @{$o};
- my $j;
- for( $j = 0; $j < @ob; $j++ ) {
- my $l = $ob[$j];
- my @a = @{$l};
- print CFILE " { (void *)$a[1], (PRUint32)$a[2] }";
- if( $j+1 != @ob ) {
- print CFILE ",\n";
- } else {
- print CFILE "\n";
- }
- }
- print CFILE "};\n";
-
- if( 0 == $i ) {
- print CFILE "#endif /* DEBUG */\n";
- }
-}
-
-print CFILE "\nPR_IMPLEMENT_DATA(const builtinsInternalObject)\n";
-print CFILE "nss_builtins_data[] = {\n";
-
-for( $i = 0; $i <= $count; $i++ ) {
-
- if( 0 == $i ) {
- print CFILE "#ifdef DEBUG\n";
- }
-
- print CFILE " { $objsize[$i], nss_builtins_types_$i, nss_builtins_items_$i }";
-
- if( $i == $count ) {
- print CFILE "\n";
- } else {
- print CFILE ",\n";
- }
-
- if( 0 == $i ) {
- print CFILE "#endif /* DEBUG */\n";
- }
-}
-
-print CFILE "};\n";
-
-print CFILE "PR_IMPLEMENT_DATA(const PRUint32)\n";
-print CFILE "#ifdef DEBUG\n";
-print CFILE " nss_builtins_nObjects = $count+1;\n";
-print CFILE "#else\n";
-print CFILE " nss_builtins_nObjects = $count;\n";
-print CFILE "#endif /* DEBUG */\n";
-}
diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt
deleted file mode 100644
index 355993a29..000000000
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ /dev/null
@@ -1,143 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CVS_ID "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-#
-# certdata.txt
-#
-# This file contains the object definitions for the certs and other
-# information "built into" NSS.
-#
-# Object definitions:
-#
-# Certificates
-#
-# -- Attribute -- -- type -- -- value --
-# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-# CKA_TOKEN CK_BBOOL CK_TRUE
-# CKA_PRIVATE CK_BBOOL CK_FALSE
-# CKA_MODIFIABLE CK_BBOOL CK_FALSE
-# CKA_LABEL UTF8 (varies)
-# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-# CKA_SUBJECT DER+base64 (varies)
-# CKA_ID byte array (varies)
-# CKA_ISSUER DER+base64 (varies)
-# CKA_SERIAL_NUMBER DER+base64 (varies)
-# CKA_VALUE DER+base64 (varies)
-# CKA_NETSCAPE_EMAIL ASCII7 (unused here)
-#
-# Trust
-#
-# -- Attribute -- -- type -- -- value --
-# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST
-# CKA_TOKEN CK_BBOOL CK_TRUE
-# CKA_PRIVATE CK_BBOOL CK_FALSE
-# CKA_MODIFIABLE CK_BBOOL CK_FALSE
-# CKA_LABEL UTF8 (varies)
-# CKA_ISSUER DER+base64 (varies)
-# CKA_SERIAL_NUMBER DER+base64 (varies)
-# CKA_CERT_HASH binary+base64 (varies)
-# CKA_EXPIRES CK_DATE (not used here)
-# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies)
-# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies)
-# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies)
-# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies)
-# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies)
-# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies)
-# CKA_TRUST_CRL_SIGN CK_TRUST (varies)
-# CKA_TRUST_SERVER_AUTH CK_TRUST (varies)
-# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies)
-# CKA_TRUST_CODE_SIGNING CK_TRUST (varies)
-# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies)
-# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies)
-# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)
-# CKA_TRUST_IPSEC_USER CK_TRUST (varies)
-# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)
-# (other trust attributes can be defined)
-#
-
-BEGINDATA
-
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Test certificate #3"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\243\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\103\101\061\023\060
-\021\006\012\011\222\046\211\223\362\054\144\001\001\023\003\155
-\142\146\061\034\060\032\006\003\125\004\013\023\023\111\156\144
-\165\163\164\162\151\141\154\040\114\151\147\150\164\151\156\147
-\061\033\060\031\006\003\125\004\012\023\022\115\157\156\153\145
-\171\142\165\164\164\145\162\040\106\141\162\155\163\061\037\060
-\035\006\011\052\206\110\206\367\015\001\011\001\026\020\152\157
-\145\100\156\145\164\163\143\141\160\145\056\156\145\164\061\026
-\060\024\006\003\125\004\003\023\015\144\165\155\160\143\145\162
-\164\040\164\145\163\164
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\064\061\030\060\026\006\003\125\004\012\023\017\103\145\162
-\164\055\117\055\115\141\164\151\143\040\111\111\061\030\060\026
-\006\003\125\004\003\023\017\103\145\162\164\055\117\055\115\141
-\164\151\143\040\111\111
-END
-CKA_SERIAL_NUMBER OCTAL \001\276
-CKA_VALUE MULTILINE_OCTAL
-\0
-END
-
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Test certificate #3"
-CKA_ISSUER MULTILINE_OCTAL
-\060\064\061\030\060\026\006\003\125\004\012\023\017\103\145\162
-\164\055\117\055\115\141\164\151\143\040\111\111\061\030\060\026
-\006\003\125\004\003\023\017\103\145\162\164\055\117\055\115\141
-\164\151\143\040\111\111
-END
-CKA_SERIAL_NUMBER OCTAL \001\276
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED
-CKA_TRUST_CLIENT_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED
-CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_NON_REPUDIATION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
diff --git a/security/nss/lib/ckfw/builtins/config.mk b/security/nss/lib/ckfw/builtins/config.mk
deleted file mode 100644
index 80b3135f4..000000000
--- a/security/nss/lib/ckfw/builtins/config.mk
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-ifdef BUILD_IDG
-DEFINES += -DNSSDEBUG
-endif
diff --git a/security/nss/lib/ckfw/builtins/constants.c b/security/nss/lib/ckfw/builtins/constants.c
deleted file mode 100644
index 1173c75b0..000000000
--- a/security/nss/lib/ckfw/builtins/constants.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * builtins/constants.c
- *
- * Identification and other constants, all collected here in one place.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-NSS_IMPLEMENT_DATA const CK_VERSION
-nss_builtins_CryptokiVersion = { 2, 1 };
-
-NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_builtins_ManufacturerID = "Netscape Communications Corp.";
-
-NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_builtins_LibraryDescription = "NSS Builtin Object Cryptoki Module";
-
-NSS_IMPLEMENT_DATA const CK_VERSION
-nss_builtins_LibraryVersion = { 1, 0 };
-
-NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_builtins_SlotDescription = "";
-
-NSS_IMPLEMENT_DATA const CK_VERSION
-nss_builtins_HardwareVersion = { 1, 0 };
-
-NSS_IMPLEMENT_DATA const CK_VERSION
-nss_builtins_FirmwareVersion = { 1, 0 };
-
-NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_builtins_TokenLabel = "Builtin Object Token";
-
-NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_builtins_TokenModel = "1";
-
-/* should this be e.g. the certdata.txt RCS revision number? */
-NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_builtins_TokenSerialNumber = "1";
-
diff --git a/security/nss/lib/ckfw/builtins/find.c b/security/nss/lib/ckfw/builtins/find.c
deleted file mode 100644
index 774f0abde..000000000
--- a/security/nss/lib/ckfw/builtins/find.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef BUILTINS_H
-#include "builtins.h"
-#endif /* BUILTINS_H */
-
-/*
- * builtins/find.c
- *
- * This file implements the NSSCKMDFindObjects object for the
- * "builtin objects" cryptoki module.
- */
-
-struct builtinsFOStr {
- NSSArena *arena;
- CK_ULONG n;
- CK_ULONG i;
- builtinsInternalObject **objs;
-};
-
-static void
-builtins_mdFindObjects_Final
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
-
- nss_ZFreeIf(fo->objs);
- nss_ZFreeIf(fo);
-
- return;
-}
-
-static NSSCKMDObject *
-builtins_mdFindObjects_Next
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
-{
- struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
- builtinsInternalObject *io;
-
- if( fo->i == fo->n ) {
- *pError = CKR_OK;
- return (NSSCKMDObject *)NULL;
- }
-
- io = fo->objs[ fo->i ];
- fo->i++;
-
- return nss_builtins_CreateMDObject(arena, io, pError);
-}
-
-static CK_BBOOL
-builtins_attrmatch
-(
- CK_ATTRIBUTE_PTR a,
- NSSItem *b
-)
-{
- PRBool prb;
-
- if( a->ulValueLen != b->size ) {
- return CK_FALSE;
- }
-
- prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
-
- if( PR_TRUE == prb ) {
- return CK_TRUE;
- } else {
- return CK_FALSE;
- }
-}
-
-
-static CK_BBOOL
-builtins_match
-(
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- builtinsInternalObject *o
-)
-{
- CK_ULONG i;
-
- for( i = 0; i < ulAttributeCount; i++ ) {
- CK_ULONG j;
-
- for( j = 0; j < o->n; j++ ) {
- if( o->types[j] == pTemplate[i].type ) {
- if( CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j]) ) {
- return CK_FALSE;
- } else {
- break;
- }
- }
- }
-
- if( j == o->n ) {
- /* Loop ran to the end: no matching attribute */
- return CK_FALSE;
- }
- }
-
- /* Every attribute passed */
- return CK_TRUE;
-}
-
-NSS_IMPLEMENT NSSCKMDFindObjects *
-nss_builtins_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
-{
- /* This could be made more efficient. I'm rather rushed. */
- NSSArena *arena;
- NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
- struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL;
- builtinsInternalObject **temp = (builtinsInternalObject **)NULL;
- PRUint32 i;
-
- arena = NSSCKFWSession_GetArena(fwSession, pError);
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
-
- rv = nss_ZNEW(arena, NSSCKMDFindObjects);
- if( (NSSCKMDFindObjects *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- fo = nss_ZNEW(arena, struct builtinsFOStr);
- if( (struct builtinsFOStr *)NULL == fo ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- fo->arena = arena;
- /* fo->n and fo->i are already zero */
-
- rv->etc = (void *)fo;
- rv->Final = builtins_mdFindObjects_Final;
- rv->Next = builtins_mdFindObjects_Next;
- rv->null = (void *)NULL;
-
- temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *,
- nss_builtins_nObjects);
- if( (builtinsInternalObject **)NULL == temp ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- for( i = 0; i < nss_builtins_nObjects; i++ ) {
- builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i];
-
- if( CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o) ) {
- temp[ fo->n ] = o;
- fo->n++;
- }
- }
-
- fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n);
- if( (builtinsInternalObject **)NULL == temp ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n);
- nss_ZFreeIf(temp);
- temp = (builtinsInternalObject **)NULL;
-
- return rv;
-
- loser:
- nss_ZFreeIf(temp);
- nss_ZFreeIf(fo);
- nss_ZFreeIf(rv);
- return (NSSCKMDFindObjects *)NULL;
-}
-
diff --git a/security/nss/lib/ckfw/builtins/instance.c b/security/nss/lib/ckfw/builtins/instance.c
deleted file mode 100644
index e97c0d4bf..000000000
--- a/security/nss/lib/ckfw/builtins/instance.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "builtins.h"
-
-/*
- * builtins/instance.c
- *
- * This file implements the NSSCKMDInstance object for the
- * "builtin objects" cryptoki module.
- */
-
-/*
- * NSSCKMDInstance methods
- */
-
-static CK_ULONG
-builtins_mdInstance_GetNSlots
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return (CK_ULONG)1;
-}
-
-static CK_VERSION
-builtins_mdInstance_GetCryptokiVersion
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- return nss_builtins_CryptokiVersion;
-}
-
-static NSSUTF8 *
-builtins_mdInstance_GetManufacturerID
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return (NSSUTF8 *)nss_builtins_ManufacturerID;
-}
-
-static NSSUTF8 *
-builtins_mdInstance_GetLibraryDescription
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return (NSSUTF8 *)nss_builtins_LibraryDescription;
-}
-
-static CK_VERSION
-builtins_mdInstance_GetLibraryVersion
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- return nss_builtins_LibraryVersion;
-}
-
-static CK_RV
-builtins_mdInstance_GetSlots
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *slots[]
-)
-{
- slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot;
- return CKR_OK;
-}
-
-NSS_IMPLEMENT_DATA const NSSCKMDInstance
-nss_builtins_mdInstance = {
- (void *)NULL, /* etc */
- NULL, /* Initialize */
- NULL, /* Finalize */
- builtins_mdInstance_GetNSlots,
- builtins_mdInstance_GetCryptokiVersion,
- builtins_mdInstance_GetManufacturerID,
- builtins_mdInstance_GetLibraryDescription,
- builtins_mdInstance_GetLibraryVersion,
- NULL, /* ModuleHandlesSessionObjects -- defaults to false */
- builtins_mdInstance_GetSlots,
- NULL, /* WaitForSlotEvent */
- (void *)NULL /* null terminator */
-};
diff --git a/security/nss/lib/ckfw/builtins/manifest.mn b/security/nss/lib/ckfw/builtins/manifest.mn
deleted file mode 100644
index 9b134b01f..000000000
--- a/security/nss/lib/ckfw/builtins/manifest.mn
+++ /dev/null
@@ -1,55 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-CORE_DEPTH = ../../../..
-
-MODULE = security
-
-CSRCS = \
- anchor.c \
- constants.c \
- find.c \
- instance.c \
- object.c \
- session.c \
- slot.c \
- token.c \
- certdata.c \
- $(NULL)
-
-REQUIRES = security nspr
-
-LIBRARY_NAME = nssckbi
-
-EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lnspr4 -lplc4 -lplds4 \ No newline at end of file
diff --git a/security/nss/lib/ckfw/builtins/object.c b/security/nss/lib/ckfw/builtins/object.c
deleted file mode 100644
index 18cefda8a..000000000
--- a/security/nss/lib/ckfw/builtins/object.c
+++ /dev/null
@@ -1,254 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "builtins.h"
-
-/*
- * builtins/object.c
- *
- * This file implements the NSSCKMDObject object for the
- * "builtin objects" cryptoki module.
- */
-
-/*
- * Finalize - unneeded
- * Destroy - CKR_SESSION_READ_ONLY
- * IsTokenObject - CK_TRUE
- * GetAttributeCount
- * GetAttributeTypes
- * GetAttributeSize
- * GetAttribute
- * SetAttribute - unneeded
- * GetObjectSize
- */
-
-static CK_RV
-builtins_mdObject_Destroy
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- return CKR_SESSION_READ_ONLY;
-}
-
-static CK_BBOOL
-builtins_mdObject_IsTokenObject
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- return CK_TRUE;
-}
-
-static CK_ULONG
-builtins_mdObject_GetAttributeCount
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- return io->n;
-}
-
-static CK_RV
-builtins_mdObject_GetAttributeTypes
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-)
-{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
-
- if( io->n != ulCount ) {
- return CKR_BUFFER_TOO_SMALL;
- }
-
- for( i = 0; i < io->n; i++ ) {
- typeArray[i] = io->types[i];
- }
-
- return CKR_OK;
-}
-
-static CK_ULONG
-builtins_mdObject_GetAttributeSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
-{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
-
- for( i = 0; i < io->n; i++ ) {
- if( attribute == io->types[i] ) {
- return (CK_ULONG)(io->items[i].size);
- }
- }
-
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- return 0;
-}
-
-static NSSItem *
-builtins_mdObject_GetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
-{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
-
- for( i = 0; i < io->n; i++ ) {
- if( attribute == io->types[i] ) {
- return &io->items[i];
- }
- }
-
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- return (NSSItem *)NULL;
-}
-
-static CK_ULONG
-builtins_mdObject_GetObjectSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
- CK_ULONG rv = sizeof(CK_ULONG);
-
- for( i = 0; i < io->n; i++ ) {
- rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size;
- }
-
- return rv;
-}
-
-static NSSCKMDObject
-builtins_prototype_mdObject = {
- (void *)NULL, /* etc */
- NULL, /* Finalize */
- builtins_mdObject_Destroy,
- builtins_mdObject_IsTokenObject,
- builtins_mdObject_GetAttributeCount,
- builtins_mdObject_GetAttributeTypes,
- builtins_mdObject_GetAttributeSize,
- builtins_mdObject_GetAttribute,
- NULL, /* SetAttribute */
- builtins_mdObject_GetObjectSize,
- (void *)NULL /* null terminator */
-};
-
-NSS_IMPLEMENT NSSCKMDObject *
-nss_builtins_CreateMDObject
-(
- NSSArena *arena,
- builtinsInternalObject *io,
- CK_RV *pError
-)
-{
- NSSCKMDObject *rv;
-
- rv = nss_ZNEW(arena, NSSCKMDObject);
- if( (NSSCKMDObject *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDObject *)NULL;
- }
-
- *rv = builtins_prototype_mdObject;
- rv->etc = (void *)io;
-
- return rv;
-}
diff --git a/security/nss/lib/ckfw/builtins/session.c b/security/nss/lib/ckfw/builtins/session.c
deleted file mode 100644
index e8d7f7522..000000000
--- a/security/nss/lib/ckfw/builtins/session.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "builtins.h"
-
-/*
- * builtins/session.c
- *
- * This file implements the NSSCKMDSession object for the
- * "builtin objects" cryptoki module.
- */
-
-static NSSCKMDFindObjects *
-builtins_mdSession_FindObjectsInit
-(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
-{
- return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
-}
-
-NSS_IMPLEMENT NSSCKMDSession *
-nss_builtins_CreateSession
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
-{
- NSSArena *arena;
- NSSCKMDSession *rv;
-
- arena = NSSCKFWSession_GetArena(fwSession, pError);
- if( (NSSArena *)NULL == arena ) {
- return (NSSCKMDSession *)NULL;
- }
-
- rv = nss_ZNEW(arena, NSSCKMDSession);
- if( (NSSCKMDSession *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDSession *)NULL;
- }
-
- /*
- * rv was zeroed when allocated, so we only
- * need to set the non-zero members.
- */
-
- rv->etc = (void *)fwSession;
- /* rv->Close */
- /* rv->GetDeviceError */
- /* rv->Login */
- /* rv->Logout */
- /* rv->InitPIN */
- /* rv->SetPIN */
- /* rv->GetOperationStateLen */
- /* rv->GetOperationState */
- /* rv->SetOperationState */
- /* rv->CreateObject */
- /* rv->CopyObject */
- rv->FindObjectsInit = builtins_mdSession_FindObjectsInit;
- /* rv->SeedRandom */
- /* rv->GetRandom */
- /* rv->null */
-
- return rv;
-}
diff --git a/security/nss/lib/ckfw/builtins/slot.c b/security/nss/lib/ckfw/builtins/slot.c
deleted file mode 100644
index 1a2df9e70..000000000
--- a/security/nss/lib/ckfw/builtins/slot.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "builtins.h"
-
-/*
- * builtins/slot.c
- *
- * This file implements the NSSCKMDSlot object for the
- * "builtin objects" cryptoki module.
- */
-
-static NSSUTF8 *
-builtins_mdSlot_GetSlotDescription
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return (NSSUTF8 *)nss_builtins_SlotDescription;
-}
-
-static NSSUTF8 *
-builtins_mdSlot_GetManufacturerID
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return (NSSUTF8 *)nss_builtins_ManufacturerID;
-}
-
-static CK_VERSION
-builtins_mdSlot_GetHardwareVersion
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- return nss_builtins_HardwareVersion;
-}
-
-static CK_VERSION
-builtins_mdSlot_GetFirmwareVersion
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- return nss_builtins_FirmwareVersion;
-}
-
-static NSSCKMDToken *
-builtins_mdSlot_GetToken
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return (NSSCKMDToken *)&nss_builtins_mdToken;
-}
-
-NSS_IMPLEMENT_DATA const NSSCKMDSlot
-nss_builtins_mdSlot = {
- (void *)NULL, /* etc */
- NULL, /* Initialize */
- NULL, /* Destroy */
- builtins_mdSlot_GetSlotDescription,
- builtins_mdSlot_GetManufacturerID,
- NULL, /* GetTokenPresent -- defaults to true */
- NULL, /* GetRemovableDevice -- defaults to false */
- NULL, /* GetHardwareSlot -- defaults to false */
- builtins_mdSlot_GetHardwareVersion,
- builtins_mdSlot_GetFirmwareVersion,
- builtins_mdSlot_GetToken,
- (void *)NULL /* null terminator */
-};
diff --git a/security/nss/lib/ckfw/builtins/token.c b/security/nss/lib/ckfw/builtins/token.c
deleted file mode 100644
index ddf068e8e..000000000
--- a/security/nss/lib/ckfw/builtins/token.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "builtins.h"
-
-/*
- * builtins/token.c
- *
- * This file implements the NSSCKMDToken object for the
- * "builtin objects" cryptoki module.
- */
-
-static NSSUTF8 *
-builtins_mdToken_GetLabel
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return (NSSUTF8 *)nss_builtins_TokenLabel;
-}
-
-static NSSUTF8 *
-builtins_mdToken_GetManufacturerID
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return (NSSUTF8 *)nss_builtins_ManufacturerID;
-}
-
-static NSSUTF8 *
-builtins_mdToken_GetModel
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return (NSSUTF8 *)nss_builtins_TokenModel;
-}
-
-static NSSUTF8 *
-builtins_mdToken_GetSerialNumber
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return (NSSUTF8 *)nss_builtins_TokenSerialNumber;
-}
-
-static CK_BBOOL
-builtins_mdToken_GetIsWriteProtected
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- return CK_TRUE;
-}
-
-static CK_VERSION
-builtins_mdToken_GetHardwareVersion
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- return nss_builtins_HardwareVersion;
-}
-
-static CK_VERSION
-builtins_mdToken_GetFirmwareVersion
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- return nss_builtins_FirmwareVersion;
-}
-
-static NSSCKMDSession *
-builtins_mdToken_OpenSession
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_BBOOL rw,
- CK_RV *pError
-)
-{
- return nss_builtins_CreateSession(fwSession, pError);
-}
-
-NSS_IMPLEMENT_DATA const NSSCKMDToken
-nss_builtins_mdToken = {
- (void *)NULL, /* etc */
- NULL, /* Setup */
- NULL, /* Invalidate */
- NULL, /* InitToken -- default errs */
- builtins_mdToken_GetLabel,
- builtins_mdToken_GetManufacturerID,
- builtins_mdToken_GetModel,
- builtins_mdToken_GetSerialNumber,
- NULL, /* GetHasRNG -- default is false */
- builtins_mdToken_GetIsWriteProtected,
- NULL, /* GetLoginRequired -- default is false */
- NULL, /* GetUserPinInitialized -- default is false */
- NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
- NULL, /* GetHasClockOnToken -- default is false */
- NULL, /* GetHasProtectedAuthenticationPath -- default is false */
- NULL, /* GetSupportsDualCryptoOperations -- default is false */
- NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetMaxPinLen -- irrelevant */
- NULL, /* GetMinPinLen -- irrelevant */
- NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
- builtins_mdToken_GetHardwareVersion,
- builtins_mdToken_GetFirmwareVersion,
- NULL, /* GetUTCTime -- no clock */
- builtins_mdToken_OpenSession,
- NULL, /* GetMechanismCount -- default is zero */
- NULL, /* GetMechanismTypes -- irrelevant */
- NULL, /* GetMechanism -- irrelevant */
- (void *)NULL /* null terminator */
-};
diff --git a/security/nss/lib/ckfw/ck.api b/security/nss/lib/ckfw/ck.api
deleted file mode 100644
index 6bae20fd3..000000000
--- a/security/nss/lib/ckfw/ck.api
+++ /dev/null
@@ -1,571 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-# This file is in part derived from a file "pkcs11f.h" made available
-# by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11f.h
-
-CVS_ID "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-# Fields
-# FUNCTION introduces a Cryptoki function
-# CK_type specifies and introduces an argument
-#
-
-# General-purpose
-
-# C_Initialize initializes the Cryptoki library.
-FUNCTION C_Initialize
-CK_VOID_PTR pInitArgs # if this is not NULL_PTR, it gets
- # cast to CK_C_INITIALIZE_ARGS_PTR
- # and dereferenced
-
-# C_Finalize indicates that an application is done with the
-# Cryptoki library.
-FUNCTION C_Finalize
-CK_VOID_PTR pReserved # reserved. Should be NULL_PTR
-
-# C_GetInfo returns general information about Cryptoki.
-FUNCTION C_GetInfo
-CK_INFO_PTR pInfo # location that receives information
-
-# C_GetFunctionList returns the function list.
-FUNCTION C_GetFunctionList
-CK_FUNCTION_LIST_PTR_PTR ppFunctionList # receives pointer to function
- # list
-
-
-# Slot and token management
-
-# C_GetSlotList obtains a list of slots in the system.
-FUNCTION C_GetSlotList
-CK_BBOOL tokenPresent # only slots with tokens?
-CK_SLOT_ID_PTR pSlotList # receives array of slot IDs
-CK_ULONG_PTR pulCount # receives number of slots
-
-# C_GetSlotInfo obtains information about a particular slot in the
-# system.
-FUNCTION C_GetSlotInfo
-CK_SLOT_ID slotID # the ID of the slot
-CK_SLOT_INFO_PTR pInfo # receives the slot information
-
-# C_GetTokenInfo obtains information about a particular token in the
-# system.
-FUNCTION C_GetTokenInfo
-CK_SLOT_ID slotID # ID of the token's slot
-CK_TOKEN_INFO_PTR pInfo # receives the token information
-
-# C_GetMechanismList obtains a list of mechanism types supported by a
-# token.
-FUNCTION C_GetMechanismList
-CK_SLOT_ID slotID # ID of token's slot
-CK_MECHANISM_TYPE_PTR pMechanismList # gets mech. array
-CK_ULONG_PTR pulCount # gets # of mechs.
-
-# C_GetMechanismInfo obtains information about a particular mechanism
-# possibly supported by a token.
-FUNCTION C_GetMechanismInfo
-CK_SLOT_ID slotID # ID of the token's slot
-CK_MECHANISM_TYPE type # type of mechanism
-CK_MECHANISM_INFO_PTR pInfo # receives mechanism info
-
-# C_InitToken initializes a token.
-FUNCTION C_InitToken
-CK_SLOT_ID slotID # ID of the token's slot
-CK_CHAR_PTR pPin # the SO's initial PIN
-CK_ULONG ulPinLen # length in bytes of the PIN
-CK_CHAR_PTR pLabel # 32-byte token label (blank padded)
-
-# C_InitPIN initializes the normal user's PIN.
-FUNCTION C_InitPIN
-CK_SESSION_HANDLE hSession # the session's handle
-CK_CHAR_PTR pPin # the normal user's PIN
-CK_ULONG ulPinLen # length in bytes of the PIN
-
-# C_SetPIN modifies the PIN of the user who is logged in.
-FUNCTION C_SetPIN
-CK_SESSION_HANDLE hSession # the session's handle
-CK_CHAR_PTR pOldPin # the old PIN
-CK_ULONG ulOldLen # length of the old PIN
-CK_CHAR_PTR pNewPin # the new PIN
-CK_ULONG ulNewLen # length of the new PIN
-
-
-# Session management
-
-# C_OpenSession opens a session between an application and a token.
-FUNCTION C_OpenSession
-CK_SLOT_ID slotID # the slot's ID
-CK_FLAGS flags # from CK_SESSION_INFO
-CK_VOID_PTR pApplication # passed to callback
-CK_NOTIFY Notify # callback function
-CK_SESSION_HANDLE_PTR phSession # gets session handle
-
-# C_CloseSession closes a session between an application and a token.
-FUNCTION C_CloseSession
-CK_SESSION_HANDLE hSession # the session's handle
-
-# C_CloseAllSessions closes all sessions with a token.
-FUNCTION C_CloseAllSessions
-CK_SLOT_ID slotID # the token's slot
-
-# C_GetSessionInfo obtains information about the session.
-FUNCTION C_GetSessionInfo
-CK_SESSION_HANDLE hSession # the session's handle
-CK_SESSION_INFO_PTR pInfo # receives session info
-
-# C_GetOperationState obtains the state of the cryptographic
-# operation in a session.
-FUNCTION C_GetOperationState
-CK_SESSION_HANDLE hSession # session's handle
-CK_BYTE_PTR pOperationState # gets state
-CK_ULONG_PTR pulOperationStateLen # gets state length
-
-# C_SetOperationState restores the state of the cryptographic
-# operation in a session.
-FUNCTION C_SetOperationState
-CK_SESSION_HANDLE hSession # session's handle
-CK_BYTE_PTR pOperationState # holds state
-CK_ULONG ulOperationStateLen # holds state length
-CK_OBJECT_HANDLE hEncryptionKey # en/decryption key
-CK_OBJECT_HANDLE hAuthenticationKey # sign/verify key
-
-# C_Login logs a user into a token.
-FUNCTION C_Login
-CK_SESSION_HANDLE hSession # the session's handle
-CK_USER_TYPE userType # the user type
-CK_CHAR_PTR pPin # the user's PIN
-CK_ULONG ulPinLen # the length of the PIN
-
-# C_Logout logs a user out from a token.
-FUNCTION C_Logout
-CK_SESSION_HANDLE hSession # the session's handle
-
-
-# Object management
-
-# C_CreateObject creates a new object.
-FUNCTION C_CreateObject
-CK_SESSION_HANDLE hSession # the session's handle
-CK_ATTRIBUTE_PTR pTemplate # the object's template
-CK_ULONG ulCount # attributes in template
-CK_OBJECT_HANDLE_PTR phObject # gets new object's handle.
-
-# C_CopyObject copies an object, creating a new object for the copy.
-FUNCTION C_CopyObject
-CK_SESSION_HANDLE hSession # the session's handle
-CK_OBJECT_HANDLE hObject # the object's handle
-CK_ATTRIBUTE_PTR pTemplate # template for new object
-CK_ULONG ulCount # attributes in template
-CK_OBJECT_HANDLE_PTR phNewObject # receives handle of copy
-
-# C_DestroyObject destroys an object.
-FUNCTION C_DestroyObject
-CK_SESSION_HANDLE hSession # the session's handle
-CK_OBJECT_HANDLE hObject # the object's handle
-
-# C_GetObjectSize gets the size of an object in bytes.
-FUNCTION C_GetObjectSize
-CK_SESSION_HANDLE hSession # the session's handle
-CK_OBJECT_HANDLE hObject # the object's handle
-CK_ULONG_PTR pulSize # receives size of object
-
-# C_GetAttributeValue obtains the value of one or more object
-# attributes.
-FUNCTION C_GetAttributeValue
-CK_SESSION_HANDLE hSession # the session's handle
-CK_OBJECT_HANDLE hObject # the object's handle
-CK_ATTRIBUTE_PTR pTemplate # specifies attrs; gets vals
-CK_ULONG ulCount # attributes in template
-
-# C_SetAttributeValue modifies the value of one or more object
-# attributes
-FUNCTION C_SetAttributeValue
-CK_SESSION_HANDLE hSession # the session's handle
-CK_OBJECT_HANDLE hObject # the object's handle
-CK_ATTRIBUTE_PTR pTemplate # specifies attrs and values
-CK_ULONG ulCount # attributes in template
-
-# C_FindObjectsInit initializes a search for token and session
-# objects that match a template.
-FUNCTION C_FindObjectsInit
-CK_SESSION_HANDLE hSession # the session's handle
-CK_ATTRIBUTE_PTR pTemplate # attribute values to match
-CK_ULONG ulCount # attrs in search template
-
-# C_FindObjects continues a search for token and session objects that
-# match a template, obtaining additional object handles.
-FUNCTION C_FindObjects
-CK_SESSION_HANDLE hSession # session's handle
-CK_OBJECT_HANDLE_PTR phObject # gets obj. handles
-CK_ULONG ulMaxObjectCount # max handles to get
-CK_ULONG_PTR pulObjectCount # actual # returned
-
-# C_FindObjectsFinal finishes a search for token and session objects.
-FUNCTION C_FindObjectsFinal
-CK_SESSION_HANDLE hSession # the session's handle
-
-
-# Encryption and decryption
-
-# C_EncryptInit initializes an encryption operation.
-FUNCTION C_EncryptInit
-CK_SESSION_HANDLE hSession # the session's handle
-CK_MECHANISM_PTR pMechanism # the encryption mechanism
-CK_OBJECT_HANDLE hKey # handle of encryption key
-
-# C_Encrypt encrypts single-part data.
-FUNCTION C_Encrypt
-CK_SESSION_HANDLE hSession # session's handle
-CK_BYTE_PTR pData # the plaintext data
-CK_ULONG ulDataLen # bytes of plaintext
-CK_BYTE_PTR pEncryptedData # gets ciphertext
-CK_ULONG_PTR pulEncryptedDataLen # gets c-text size
-
-# C_EncryptUpdate continues a multiple-part encryption operation.
-FUNCTION C_EncryptUpdate
-CK_SESSION_HANDLE hSession # session's handle
-CK_BYTE_PTR pPart # the plaintext data
-CK_ULONG ulPartLen # plaintext data len
-CK_BYTE_PTR pEncryptedPart # gets ciphertext
-CK_ULONG_PTR pulEncryptedPartLen # gets c-text size
-
-# C_EncryptFinal finishes a multiple-part encryption operation.
-FUNCTION C_EncryptFinal
-CK_SESSION_HANDLE hSession # session handle
-CK_BYTE_PTR pLastEncryptedPart # last c-text
-CK_ULONG_PTR pulLastEncryptedPartLen # gets last size
-
-# C_DecryptInit initializes a decryption operation.
-FUNCTION C_DecryptInit
-CK_SESSION_HANDLE hSession # the session's handle
-CK_MECHANISM_PTR pMechanism # the decryption mechanism
-CK_OBJECT_HANDLE hKey # handle of decryption key
-
-# C_Decrypt decrypts encrypted data in a single part.
-FUNCTION C_Decrypt
-CK_SESSION_HANDLE hSession # session's handle
-CK_BYTE_PTR pEncryptedData # ciphertext
-CK_ULONG ulEncryptedDataLen # ciphertext length
-CK_BYTE_PTR pData # gets plaintext
-CK_ULONG_PTR pulDataLen # gets p-text size
-
-# C_DecryptUpdate continues a multiple-part decryption operation.
-FUNCTION C_DecryptUpdate
-CK_SESSION_HANDLE hSession # session's handle
-CK_BYTE_PTR pEncryptedPart # encrypted data
-CK_ULONG ulEncryptedPartLen # input length
-CK_BYTE_PTR pPart # gets plaintext
-CK_ULONG_PTR pulPartLen # p-text size
-
-# C_DecryptFinal finishes a multiple-part decryption operation.
-FUNCTION C_DecryptFinal
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pLastPart # gets plaintext
-CK_ULONG_PTR pulLastPartLen # p-text size
-
-
-# Message digesting
-
-# C_DigestInit initializes a message-digesting operation.
-FUNCTION C_DigestInit
-CK_SESSION_HANDLE hSession # the session's handle
-CK_MECHANISM_PTR pMechanism # the digesting mechanism
-
-# C_Digest digests data in a single part.
-FUNCTION C_Digest
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pData # data to be digested
-CK_ULONG ulDataLen # bytes of data to digest
-CK_BYTE_PTR pDigest # gets the message digest
-CK_ULONG_PTR pulDigestLen # gets digest length
-
-# C_DigestUpdate continues a multiple-part message-digesting operation.
-FUNCTION C_DigestUpdate
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pPart # data to be digested
-CK_ULONG ulPartLen # bytes of data to be digested
-
-# C_DigestKey continues a multi-part message-digesting operation, by
-# digesting the value of a secret key as part of the data already
-# digested.
-FUNCTION C_DigestKey
-CK_SESSION_HANDLE hSession # the session's handle
-CK_OBJECT_HANDLE hKey # secret key to digest
-
-# C_DigestFinal finishes a multiple-part message-digesting operation.
-FUNCTION C_DigestFinal
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pDigest # gets the message digest
-CK_ULONG_PTR pulDigestLen # gets byte count of digest
-
-
-# Signing and MACing
-
-# C_SignInit initializes a signature (private key encryption)
-# operation, where the signature is (will be) an appendix to the
-# data, and plaintext cannot be recovered from the signature.
-FUNCTION C_SignInit
-CK_SESSION_HANDLE hSession # the session's handle
-CK_MECHANISM_PTR pMechanism # the signature mechanism
-CK_OBJECT_HANDLE hKey # handle of signature key
-
-# C_Sign signs (encrypts with private key) data in a single part,
-# where the signature is (will be) an appendix to the data, and
-# plaintext cannot be recovered from the signature.
-FUNCTION C_Sign
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pData # the data to sign
-CK_ULONG ulDataLen # count of bytes to sign
-CK_BYTE_PTR pSignature # gets the signature
-CK_ULONG_PTR pulSignatureLen # gets signature length
-
-# C_SignUpdate continues a multiple-part signature operation, where
-# the signature is (will be) an appendix to the data, and plaintext
-# cannot be recovered from the signature.
-FUNCTION C_SignUpdate
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pPart # the data to sign
-CK_ULONG ulPartLen # count of bytes to sign
-
-# C_SignFinal finishes a multiple-part signature operation, returning
-# the signature.
-FUNCTION C_SignFinal
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pSignature # gets the signature
-CK_ULONG_PTR pulSignatureLen # gets signature length
-
-# C_SignRecoverInit initializes a signature operation, where the data
-# can be recovered from the signature.
-FUNCTION C_SignRecoverInit
-CK_SESSION_HANDLE hSession # the session's handle
-CK_MECHANISM_PTR pMechanism # the signature mechanism
-CK_OBJECT_HANDLE hKey # handle of the signature key
-
-# C_SignRecover signs data in a single operation, where the data can
-# be recovered from the signature.
-FUNCTION C_SignRecover
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pData # the data to sign
-CK_ULONG ulDataLen # count of bytes to sign
-CK_BYTE_PTR pSignature # gets the signature
-CK_ULONG_PTR pulSignatureLen # gets signature length
-
-
-# Verifying signatures and MACs
-
-# C_VerifyInit initializes a verification operation, where the
-# signature is an appendix to the data, and plaintext cannot cannot
-# be recovered from the signature (e.g. DSA).
-FUNCTION C_VerifyInit
-CK_SESSION_HANDLE hSession # the session's handle
-CK_MECHANISM_PTR pMechanism # the verification mechanism
-CK_OBJECT_HANDLE hKey # verification key
-
-# C_Verify verifies a signature in a single-part operation, where the
-# signature is an appendix to the data, and plaintext cannot be
-# recovered from the signature.
-FUNCTION C_Verify
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pData # signed data
-CK_ULONG ulDataLen # length of signed data
-CK_BYTE_PTR pSignature # signature
-CK_ULONG ulSignatureLen # signature length
-
-# C_VerifyUpdate continues a multiple-part verification operation,
-# where the signature is an appendix to the data, and plaintext cannot be
-# recovered from the signature.
-FUNCTION C_VerifyUpdate
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pPart # signed data
-CK_ULONG ulPartLen # length of signed data
-
-# C_VerifyFinal finishes a multiple-part verification operation,
-# checking the signature.
-FUNCTION C_VerifyFinal
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pSignature # signature to verify
-CK_ULONG ulSignatureLen # signature length
-
-# C_VerifyRecoverInit initializes a signature verification operation,
-# where the data is recovered from the signature.
-FUNCTION C_VerifyRecoverInit
-CK_SESSION_HANDLE hSession # the session's handle
-CK_MECHANISM_PTR pMechanism # the verification mechanism
-CK_OBJECT_HANDLE hKey # verification key
-
-# C_VerifyRecover verifies a signature in a single-part operation,
-# where the data is recovered from the signature.
-FUNCTION C_VerifyRecover
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pSignature # signature to verify
-CK_ULONG ulSignatureLen # signature length
-CK_BYTE_PTR pData # gets signed data
-CK_ULONG_PTR pulDataLen # gets signed data len
-
-
-# Dual-function cryptographic operations
-
-# C_DigestEncryptUpdate continues a multiple-part digesting and
-# encryption operation.
-FUNCTION C_DigestEncryptUpdate
-CK_SESSION_HANDLE hSession # session's handle
-CK_BYTE_PTR pPart # the plaintext data
-CK_ULONG ulPartLen # plaintext length
-CK_BYTE_PTR pEncryptedPart # gets ciphertext
-CK_ULONG_PTR pulEncryptedPartLen # gets c-text length
-
-# C_DecryptDigestUpdate continues a multiple-part decryption and
-# digesting operation.
-FUNCTION C_DecryptDigestUpdate
-CK_SESSION_HANDLE hSession # session's handle
-CK_BYTE_PTR pEncryptedPart # ciphertext
-CK_ULONG ulEncryptedPartLen # ciphertext length
-CK_BYTE_PTR pPart # gets plaintext
-CK_ULONG_PTR pulPartLen # gets plaintext len
-
-# C_SignEncryptUpdate continues a multiple-part signing and
-# encryption operation.
-FUNCTION C_SignEncryptUpdate
-CK_SESSION_HANDLE hSession # session's handle
-CK_BYTE_PTR pPart # the plaintext data
-CK_ULONG ulPartLen # plaintext length
-CK_BYTE_PTR pEncryptedPart # gets ciphertext
-CK_ULONG_PTR pulEncryptedPartLen # gets c-text length
-
-# C_DecryptVerifyUpdate continues a multiple-part decryption and
-# verify operation.
-FUNCTION C_DecryptVerifyUpdate
-CK_SESSION_HANDLE hSession # session's handle
-CK_BYTE_PTR pEncryptedPart # ciphertext
-CK_ULONG ulEncryptedPartLen # ciphertext length
-CK_BYTE_PTR pPart # gets plaintext
-CK_ULONG_PTR pulPartLen # gets p-text length
-
-
-# Key management
-
-# C_GenerateKey generates a secret key, creating a new key object.
-FUNCTION C_GenerateKey
-CK_SESSION_HANDLE hSession # the session's handle
-CK_MECHANISM_PTR pMechanism # key generation mech.
-CK_ATTRIBUTE_PTR pTemplate # template for new key
-CK_ULONG ulCount # # of attrs in template
-CK_OBJECT_HANDLE_PTR phKey # gets handle of new key
-
-# C_GenerateKeyPair generates a public-key/private-key pair, creating
-# new key objects.
-FUNCTION C_GenerateKeyPair
-CK_SESSION_HANDLE hSession # session handle
-CK_MECHANISM_PTR pMechanism # key-gen mech.
-CK_ATTRIBUTE_PTR pPublicKeyTemplate # template for pub. key
-CK_ULONG ulPublicKeyAttributeCount # # pub. attrs.
-CK_ATTRIBUTE_PTR pPrivateKeyTemplate # template for priv. key
-CK_ULONG ulPrivateKeyAttributeCount # # priv. attrs.
-CK_OBJECT_HANDLE_PTR phPublicKey # gets pub. key handle
-CK_OBJECT_HANDLE_PTR phPrivateKey # gets priv. key handle
-
-# C_WrapKey wraps (i.e., encrypts) a key.
-FUNCTION C_WrapKey
-CK_SESSION_HANDLE hSession # the session's handle
-CK_MECHANISM_PTR pMechanism # the wrapping mechanism
-CK_OBJECT_HANDLE hWrappingKey # wrapping key
-CK_OBJECT_HANDLE hKey # key to be wrapped
-CK_BYTE_PTR pWrappedKey # gets wrapped key
-CK_ULONG_PTR pulWrappedKeyLen # gets wrapped key size
-
-# C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key
-# object.
-FUNCTION C_UnwrapKey
-CK_SESSION_HANDLE hSession # session's handle
-CK_MECHANISM_PTR pMechanism # unwrapping mech.
-CK_OBJECT_HANDLE hUnwrappingKey # unwrapping key
-CK_BYTE_PTR pWrappedKey # the wrapped key
-CK_ULONG ulWrappedKeyLen # wrapped key len
-CK_ATTRIBUTE_PTR pTemplate # new key template
-CK_ULONG ulAttributeCount # template length
-CK_OBJECT_HANDLE_PTR phKey # gets new handle
-
-# C_DeriveKey derives a key from a base key, creating a new key object.
-FUNCTION C_DeriveKey
-CK_SESSION_HANDLE hSession # session's handle
-CK_MECHANISM_PTR pMechanism # key deriv. mech.
-CK_OBJECT_HANDLE hBaseKey # base key
-CK_ATTRIBUTE_PTR pTemplate # new key template
-CK_ULONG ulAttributeCount # template length
-CK_OBJECT_HANDLE_PTR phKey # gets new handle
-
-
-# Random number generation
-
-# C_SeedRandom mixes additional seed material into the token's random
-# number generator.
-FUNCTION C_SeedRandom
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR pSeed # the seed material
-CK_ULONG ulSeedLen # length of seed material
-
-# C_GenerateRandom generates random data.
-FUNCTION C_GenerateRandom
-CK_SESSION_HANDLE hSession # the session's handle
-CK_BYTE_PTR RandomData # receives the random data
-CK_ULONG ulRandomLen # # of bytes to generate
-
-
-# Parallel function management
-
-# C_GetFunctionStatus is a legacy function; it obtains an updated
-# status of a function running in parallel with an application.
-FUNCTION C_GetFunctionStatus
-CK_SESSION_HANDLE hSession # the session's handle
-
-# C_CancelFunction is a legacy function; it cancels a function running
-# in parallel.
-FUNCTION C_CancelFunction
-CK_SESSION_HANDLE hSession # the session's handle
-
-
-# Functions added in for Cryptoki Version 2.01 or later
-
-# C_WaitForSlotEvent waits for a slot event (token insertion, removal,
-# etc.) to occur.
-FUNCTION C_WaitForSlotEvent
-CK_FLAGS flags # blocking/nonblocking flag
-CK_SLOT_ID_PTR pSlot # location that receives the slot ID
-CK_VOID_PTR pRserved # reserved. Should be NULL_PTR
-
-## C_ConfigureSlot passes an installation-specified bytestring to a
-## slot.
-#FUNCTION C_ConfigureSlot
-#CK_SLOT_ID slotID # the slot to configure
-#CK_BYTE_PTR pConfig # the configuration string
-#CK_ULONG ulConfigLen # length of the config string
diff --git a/security/nss/lib/ckfw/ck.h b/security/nss/lib/ckfw/ck.h
deleted file mode 100644
index 04df10656..000000000
--- a/security/nss/lib/ckfw/ck.h
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef CK_H
-#define CK_H
-
-#ifdef DEBUG
-static const char CK_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * ck.h
- *
- * This header file consolidates all header files needed by the source
- * files implementing the NSS Cryptoki Framework. This makes managing
- * the source files a bit easier.
- */
-
-/* Types */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-#ifndef NSSCKFT_H
-#include "nssckft.h"
-#endif /* NSSCKFT_H */
-
-#ifndef NSSCKEPV_H
-#include "nssckepv.h"
-#endif /* NSSCKEPV_H */
-
-#ifndef NSSCKFWT_H
-#include "nssckfwt.h"
-#endif /* NSSCKFWT_H */
-
-#ifndef NSSCKMDT_H
-#include "nssckmdt.h"
-#endif /* NSSCKMDT_H */
-
-#ifndef CKT_H
-#include "ckt.h"
-#endif /* CKT_H */
-
-#ifndef CKFWTM_H
-#include "ckfwtm.h"
-#endif /* CKFWTM_H */
-
-/* Prototypes */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef NSSCKG_H
-#include "nssckg.h"
-#endif /* NSSCKG_H */
-
-#ifndef NSSCKFW_H
-#include "nssckfw.h"
-#endif /* NSSCKFW_H */
-
-#ifndef NSSCKFWC_H
-#include "nssckfwc.h"
-#endif /* NSSCKFWC_H */
-
-#ifndef CKFW_H
-#include "ckfw.h"
-#endif /* CKFW_H */
-
-#ifndef CKFWM_H
-#include "ckfwm.h"
-#endif /* CKFWM_H */
-
-#ifndef CKMD_H
-#include "ckmd.h"
-#endif /* CKMD_H */
-
-/* NSS-private */
-
-/* nss_ZNEW and the like. We might want to publish the memory APIs.. */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-#endif /* CK_H */
diff --git a/security/nss/lib/ckfw/ckapi.perl b/security/nss/lib/ckfw/ckapi.perl
deleted file mode 100644
index 5ec2d20b2..000000000
--- a/security/nss/lib/ckfw/ckapi.perl
+++ /dev/null
@@ -1,497 +0,0 @@
-#!perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-$cvs_id = '@(#) $RCSfile$ $Revision$ $Date$ $Name$';
-
-$copyright = '/* THIS IS A GENERATED FILE */
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-';
-
-$count = -1;
-$i = 0;
-while(<>) {
- s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/;
- next if (/^\s*$/);
-
-# print;
-
- /^([\S]+)\s+([^"][\S]*|"[^"]*")/;
- $name = $1;
- $value = $2;
-
- if( ($name =~ "FUNCTION") && !($name =~ "CK_FUNCTION") ) {
- $count++;
- $x[$count]{name} = $value;
- $i = 0;
- } else {
- if( $count < 0 ) {
- $value =~ s/"//g;
- $g{$name} = $value;
- } else {
- $x[$count]{args}[$i]{type} = $name;
- $x[$count]{args}[$i]{name} = $value;
- $i++;
- $x[$count]{nargs} = $i; # rewritten each time, oh well
- }
- }
-}
-
-# dodump();
-doprint();
-
-sub dodump {
- for( $j = 0; $j <= $count; $j++ ) {
- print "CK_RV CK_ENTRY $x[$j]{name}\n";
- for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
- print " $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}";
- if( $i == ($x[$j]{nargs} - 1) ) {
- print "\n";
- } else {
- print ",\n";
- }
- }
- }
-}
-
-sub doprint {
-open(PROTOTYPE, ">nssckg.h") || die "Can't open nssckg.h: $!";
-open(TYPEDEF, ">nssckft.h") || die "Can't open nssckft.h: $!";
-open(EPV, ">nssckepv.h") || die "Can't open nssckepv.h: $!";
-open(API, ">nssck.api") || die "Can't open nssck.api: $!";
-
-select PROTOTYPE;
-
-print $copyright;
-print <<EOD
-#ifndef NSSCKG_H
-#define NSSCKG_H
-
-#ifdef DEBUG
-static const char NSSCKG_CVS_ID[] = "$g{CVS_ID} ; $cvs_id";
-#endif /* DEBUG */
-
-/*
- * nssckg.h
- *
- * This automatically-generated header file prototypes the Cryptoki
- * functions specified by PKCS#11.
- */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-EOD
- ;
-
-for( $j = 0; $j <= $count; $j++ ) {
- print "CK_RV CK_ENTRY $x[$j]{name}\n";
- print "(\n";
- for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
- print " $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}";
- if( $i == ($x[$j]{nargs} - 1) ) {
- print "\n";
- } else {
- print ",\n";
- }
- }
- print ");\n\n";
-}
-
-print <<EOD
-#endif /* NSSCKG_H */
-EOD
- ;
-
-select TYPEDEF;
-
-print $copyright;
-print <<EOD
-#ifndef NSSCKFT_H
-#define NSSCKFT_H
-
-#ifdef DEBUG
-static const char NSSCKFT_CVS_ID[] = "$g{CVS_ID} ; $cvs_id";
-#endif /* DEBUG */
-
-/*
- * nssckft.h
- *
- * The automatically-generated header file declares a typedef
- * each of the Cryptoki functions specified by PKCS#11.
- */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-EOD
- ;
-
-for( $j = 0; $j <= $count; $j++ ) {
-# print "typedef CK_RV (CK_ENTRY *CK_$x[$j]{name})(\n";
- print "typedef CK_CALLBACK_FUNCTION(CK_RV, CK_$x[$j]{name})(\n";
- for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
- print " $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}";
- if( $i == ($x[$j]{nargs} - 1) ) {
- print "\n";
- } else {
- print ",\n";
- }
- }
- print ");\n\n";
-}
-
-print <<EOD
-#endif /* NSSCKFT_H */
-EOD
- ;
-
-select EPV;
-
-print $copyright;
-print <<EOD
-#ifndef NSSCKEPV_H
-#define NSSCKEPV_H
-
-#ifdef DEBUG
-static const char NSSCKEPV_CVS_ID[] = "$g{CVS_ID} ; $cvs_id";
-#endif /* DEBUG */
-
-/*
- * nssckepv.h
- *
- * This automatically-generated header file defines the type
- * CK_FUNCTION_LIST specified by PKCS#11.
- */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-#ifndef NSSCKFT_H
-#include "nssckft.h"
-#endif /* NSSCKFT_H */
-
-struct CK_FUNCTION_LIST {
- CK_VERSION version;
-EOD
- ;
-
-for( $j = 0; $j <= $count; $j++ ) {
- print " CK_$x[$j]{name} $x[$j]{name};\n";
-}
-
-print <<EOD
-};
-
-#endif /* NSSCKEPV_H */
-EOD
- ;
-
-select API;
-
-print $copyright;
-print <<EOD
-
-#ifdef DEBUG
-static const char NSSCKAPI_CVS_ID[] = "$g{CVS_ID} ; $cvs_id";
-#endif /* DEBUG */
-
-/*
- * nssck.api
- *
- * This automatically-generated file is used to generate a set of
- * Cryptoki entry points within the object space of a Module using
- * the NSS Cryptoki Framework.
- *
- * The Module should have a .c file with the following:
- *
- * #define MODULE_NAME name
- * #define INSTANCE_NAME instance
- * #include "nssck.api"
- *
- * where "name" is some module-specific name that can be used to
- * disambiguate various modules. This included file will then
- * define the actual Cryptoki routines which pass through to the
- * Framework calls. All routines, except C_GetFunctionList, will
- * be prefixed with the name; C_GetFunctionList will be generated
- * to return an entry-point vector with these routines. The
- * instance specified should be the basic instance of NSSCKMDInstance.
- *
- * If, prior to including nssck.api, the .c file also specifies
- *
- * #define DECLARE_STRICT_CRYTPOKI_NAMES
- *
- * Then a set of "stub" routines not prefixed with the name will
- * be included. This would allow the combined module and framework
- * to be used in applications which are hard-coded to use the
- * PKCS#11 names (instead of going through the EPV). Please note
- * that such applications should be careful resolving symbols when
- * more than one PKCS#11 module is loaded.
- */
-
-#ifndef MODULE_NAME
-#error "Error: MODULE_NAME must be defined."
-#endif /* MODULE_NAME */
-
-#ifndef INSTANCE_NAME
-#error "Error: INSTANCE_NAME must be defined."
-#endif /* INSTANCE_NAME */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-#ifndef NSSCKFWT_H
-#include "nssckfwt.h"
-#endif /* NSSCKFWT_H */
-
-#ifndef NSSCKFWC_H
-#include "nssckfwc.h"
-#endif /* NSSCKFWC_H */
-
-#ifndef NSSCKEPV_H
-#include "nssckepv.h"
-#endif /* NSSCKEPV_H */
-
-#define __ADJOIN(x,y) x##y
-
-/*
- * The anchor. This object is used to store an "anchor" pointer in
- * the Module's object space, so the wrapper functions can relate
- * back to this instance.
- */
-
-static NSSCKFWInstance *fwInstance = (NSSCKFWInstance *)0;
-
-CK_RV CK_ENTRY
-__ADJOIN(MODULE_NAME,C_Initialize)
-(
- CK_VOID_PTR pInitArgs
-)
-{
- return NSSCKFWC_Initialize(&fwInstance, INSTANCE_NAME, pInitArgs);
-}
-
-#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
-CK_RV CK_ENTRY
-C_Initialize
-(
- CK_VOID_PTR pInitArgs
-)
-{
- return __ADJOIN(MODULE_NAME,C_Initialize)(pInitArgs);
-}
-#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
-
-CK_RV CK_ENTRY
-__ADJOIN(MODULE_NAME,C_Finalize)
-(
- CK_VOID_PTR pReserved
-)
-{
- return NSSCKFWC_Finalize(&fwInstance);
-}
-
-#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
-CK_RV CK_ENTRY
-C_Finalize
-(
- CK_VOID_PTR pReserved
-)
-{
- return __ADJOIN(MODULE_NAME,C_Finalize)(pReserved);
-}
-#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
-
-CK_RV CK_ENTRY
-__ADJOIN(MODULE_NAME,C_GetInfo)
-(
- CK_INFO_PTR pInfo
-)
-{
- return NSSCKFWC_GetInfo(fwInstance, pInfo);
-}
-
-#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
-CK_RV CK_ENTRY
-C_GetInfo
-(
- CK_INFO_PTR pInfo
-)
-{
- return __ADJOIN(MODULE_NAME,C_GetInfo)(pInfo);
-}
-#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
-
-/*
- * C_GetFunctionList is defined at the end.
- */
-
-EOD
- ;
-
-for( $j = 4; $j <= $count; $j++ ) {
- print "CK_RV CK_ENTRY\n";
- print "__ADJOIN(MODULE_NAME,$x[$j]{name})\n";
- print "(\n";
- for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
- print " $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}";
- if( $i == ($x[$j]{nargs} - 1) ) {
- print "\n";
- } else {
- print ",\n";
- }
- }
- print ")\n";
- print "{\n";
- print " return NSSCKFW$x[$j]{name}(fwInstance, ";
- for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
- print "$x[$j]{args}[$i]{name}";
- if( $i == ($x[$j]{nargs} - 1) ) {
- print ");\n";
- } else {
- print ", ";
- }
- }
- print "}\n\n";
-
- print "#ifdef DECLARE_STRICT_CRYPTOKI_NAMES\n";
- print "CK_RV CK_ENTRY\n";
- print "$x[$j]{name}\n";
- print "(\n";
- for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
- print " $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}";
- if( $i == ($x[$j]{nargs} - 1) ) {
- print "\n";
- } else {
- print ",\n";
- }
- }
- print ")\n";
- print "{\n";
- print " return __ADJOIN(MODULE_NAME,$x[$j]{name})(";
- for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
- print "$x[$j]{args}[$i]{name}";
- if( $i == ($x[$j]{nargs} - 1) ) {
- print ");\n";
- } else {
- print ", ";
- }
- }
- print "}\n";
- print "#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */\n\n";
-}
-
-print <<EOD
-CK_RV CK_ENTRY
-__ADJOIN(MODULE_NAME,C_GetFunctionList)
-(
- CK_FUNCTION_LIST_PTR_PTR ppFunctionList
-);
-
-static CK_FUNCTION_LIST FunctionList = {
- { 2, 1 },
-EOD
- ;
-
-for( $j = 0; $j <= $count; $j++ ) {
- print "__ADJOIN(MODULE_NAME,$x[$j]{name})";
- if( $j < $count ) {
- print ",\n";
- } else {
- print "\n};\n\n";
- }
-}
-
-print <<EOD
-CK_RV CK_ENTRY
-__ADJOIN(MODULE_NAME,C_GetFunctionList)
-(
- CK_FUNCTION_LIST_PTR_PTR ppFunctionList
-)
-{
- *ppFunctionList = &FunctionList;
- return CKR_OK;
-}
-
-/* This one is always present */
-CK_RV CK_ENTRY
-C_GetFunctionList
-(
- CK_FUNCTION_LIST_PTR_PTR ppFunctionList
-)
-{
- return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList);
-}
-
-#undef __ADJOIN
-
-EOD
- ;
-
-select STDOUT;
-
-}
diff --git a/security/nss/lib/ckfw/ckfw.h b/security/nss/lib/ckfw/ckfw.h
deleted file mode 100644
index 2e83f8c35..000000000
--- a/security/nss/lib/ckfw/ckfw.h
+++ /dev/null
@@ -1,1858 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef CKFW_H
-#define CKFW_H
-
-#ifdef DEBUG
-static const char CKFW_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * ckfw.h
- *
- * This file prototypes the private calls of the NSS Cryptoki Framework.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-#ifndef NSSCKFWT_H
-#include "nssckfwt.h"
-#endif /* NSSCKFWT_H */
-
-#ifndef NSSCKMDT_H
-#include "nssckmdt.h"
-#endif /* NSSCKMDT_H */
-
-/*
- * NSSCKFWInstance
- *
- * -- create/destroy --
- * nssCKFWInstance_Create
- * nssCKFWInstance_Destroy
- *
- * -- implement public accessors --
- * nssCKFWInstance_GetMDInstance
- * nssCKFWInstance_GetArena
- * nssCKFWInstance_MayCreatePthreads
- * nssCKFWInstance_CreateMutex
- * nssCKFWInstance_GetConfigurationData
- *
- * -- private accessors --
- * nssCKFWInstance_CreateSessionHandle
- * nssCKFWInstance_ResolveSessionHandle
- * nssCKFWInstance_DestroySessionHandle
- * nssCKFWInstance_FindSessionHandle
- * nssCKFWInstance_CreateObjectHandle
- * nssCKFWInstance_ResolveObjectHandle
- * nssCKFWInstance_DestroyObjectHandle
- * nssCKFWInstance_FindObjectHandle
- *
- * -- module fronts --
- * nssCKFWInstance_GetNSlots
- * nssCKFWInstance_GetCryptokiVersion
- * nssCKFWInstance_GetManufacturerID
- * nssCKFWInstance_GetFlags
- * nssCKFWInstance_GetLibraryDescription
- * nssCKFWInstance_GetLibraryVersion
- * nssCKFWInstance_GetModuleHandlesSessionObjects
- * nssCKFWInstance_GetSlots
- * nssCKFWInstance_WaitForSlotEvent
- *
- * -- debugging versions only --
- * nssCKFWInstance_verifyPointer
- */
-
-/*
- * nssCKFWInstance_Create
- *
- */
-NSS_EXTERN NSSCKFWInstance *
-nssCKFWInstance_Create
-(
- CK_C_INITIALIZE_ARGS_PTR pInitArgs,
- NSSCKMDInstance *mdInstance,
- CK_RV *pError
-);
-
-/*
- * nssCKFWInstance_Destroy
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWInstance_Destroy
-(
- NSSCKFWInstance *fwInstance
-);
-
-/*
- * nssCKFWInstance_GetMDInstance
- *
- */
-NSS_EXTERN NSSCKMDInstance *
-nssCKFWInstance_GetMDInstance
-(
- NSSCKFWInstance *fwInstance
-);
-
-/*
- * nssCKFWInstance_GetArena
- *
- */
-NSS_EXTERN NSSArena *
-nssCKFWInstance_GetArena
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
-
-/*
- * nssCKFWInstance_MayCreatePthreads
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWInstance_MayCreatePthreads
-(
- NSSCKFWInstance *fwInstance
-);
-
-/*
- * nssCKFWInstance_CreateMutex
- *
- */
-NSS_EXTERN NSSCKFWMutex *
-nssCKFWInstance_CreateMutex
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-);
-
-/*
- * nssCKFWInstance_GetConfigurationData
- *
- */
-NSS_EXTERN NSSUTF8 *
-nssCKFWInstance_GetConfigurationData
-(
- NSSCKFWInstance *fwInstance
-);
-
-/*
- * nssCKFWInstance_CreateSessionHandle
- *
- */
-NSS_EXTERN CK_SESSION_HANDLE
-nssCKFWInstance_CreateSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
-
-/*
- * nssCKFWInstance_ResolveSessionHandle
- *
- */
-NSS_EXTERN NSSCKFWSession *
-nssCKFWInstance_ResolveSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
-
-/*
- * nssCKFWInstance_DestroySessionHandle
- *
- */
-NSS_EXTERN void
-nssCKFWInstance_DestroySessionHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
-
-/*
- * nssCKFWInstance_FindSessionHandle
- *
- */
-NSS_EXTERN CK_SESSION_HANDLE
-nssCKFWInstance_FindSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession
-);
-
-/*
- * nssCKFWInstance_CreateObjectHandle
- *
- */
-NSS_EXTERN CK_OBJECT_HANDLE
-nssCKFWInstance_CreateObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
-
-/*
- * nssCKFWInstance_FindObjectHandle
- *
- */
-NSS_EXTERN CK_OBJECT_HANDLE
-nssCKFWInstance_FindObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *fwObject
-);
-
-/*
- * nssCKFWInstance_ResolveObjectHandle
- *
- */
-NSS_EXTERN NSSCKFWObject *
-nssCKFWInstance_ResolveObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject
-);
-
-/*
- * nssCKFWInstance_ReassignObjectHandle
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWInstance_ReassignObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject,
- NSSCKFWObject *fwObject
-);
-
-/*
- * nssCKFWInstance_DestroyObjectHandle
- *
- */
-NSS_EXTERN void
-nssCKFWInstance_DestroyObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject
-);
-
-/*
- * nssCKFWInstance_FindObjectHandle
- *
- */
-NSS_IMPLEMENT CK_OBJECT_HANDLE
-nssCKFWInstance_FindObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *fwObject
-);
-
-/*
- * nssCKFWInstance_GetNSlots
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWInstance_GetNSlots
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
-
-/*
- * nssCKFWInstance_GetCryptokiVersion
- *
- */
-NSS_EXTERN CK_VERSION
-nssCKFWInstance_GetCryptokiVersion
-(
- NSSCKFWInstance *fwInstance
-);
-
-/*
- * nssCKFWInstance_GetManufacturerID
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWInstance_GetManufacturerID
-(
- NSSCKFWInstance *fwInstance,
- CK_CHAR manufacturerID[32]
-);
-
-/*
- * nssCKFWInstance_GetFlags
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWInstance_GetFlags
-(
- NSSCKFWInstance *fwInstance
-);
-
-/*
- * nssCKFWInstance_GetLibraryDescription
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWInstance_GetLibraryDescription
-(
- NSSCKFWInstance *fwInstance,
- CK_CHAR libraryDescription[32]
-);
-
-/*
- * nssCKFWInstance_GetLibraryVersion
- *
- */
-NSS_EXTERN CK_VERSION
-nssCKFWInstance_GetLibraryVersion
-(
- NSSCKFWInstance *fwInstance
-);
-
-/*
- * nssCKFWInstance_GetModuleHandlesSessionObjects
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWInstance_GetModuleHandlesSessionObjects
-(
- NSSCKFWInstance *fwInstance
-);
-
-/*
- * nssCKFWInstance_GetSlots
- *
- */
-NSS_EXTERN NSSCKFWSlot **
-nssCKFWInstance_GetSlots
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
-
-/*
- * nssCKFWInstance_WaitForSlotEvent
- *
- */
-NSS_EXTERN NSSCKFWSlot *
-nssCKFWInstance_WaitForSlotEvent
-(
- NSSCKFWInstance *fwInstance,
- CK_BBOOL block,
- CK_RV *pError
-);
-
-/*
- * nssCKFWInstance_verifyPointer
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWInstance_verifyPointer
-(
- const NSSCKFWInstance *fwInstance
-);
-
-
-/*
- * NSSCKFWSlot
- *
- * -- create/destroy --
- * nssCKFWSlot_Create
- * nssCKFWSlot_Destroy
- *
- * -- implement public accessors --
- * nssCKFWSlot_GetMDSlot
- * nssCKFWSlot_GetFWInstance
- * nssCKFWSlot_GetMDInstance
- *
- * -- private accessors --
- * nssCKFWSlot_GetSlotID
- *
- * -- module fronts --
- * nssCKFWSlot_GetSlotDescription
- * nssCKFWSlot_GetManufacturerID
- * nssCKFWSlot_GetTokenPresent
- * nssCKFWSlot_GetRemovableDevice
- * nssCKFWSlot_GetHardwareSlot
- * nssCKFWSlot_GetHardwareVersion
- * nssCKFWSlot_GetFirmwareVersion
- * nssCKFWSlot_GetToken
- */
-
-/*
- * nssCKFWSlot_Create
- *
- */
-NSS_EXTERN NSSCKFWSlot *
-nssCKFWSlot_Create
-(
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *mdSlot,
- CK_SLOT_ID slotID,
- CK_RV *pError
-);
-
-/*
- * nssCKFWSlot_Destroy
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSlot_Destroy
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * nssCKFWSlot_GetMDSlot
- *
- */
-NSS_EXTERN NSSCKMDSlot *
-nssCKFWSlot_GetMDSlot
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * nssCKFWSlot_GetFWInstance
- *
- */
-
-NSS_EXTERN NSSCKFWInstance *
-nssCKFWSlot_GetFWInstance
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * nssCKFWSlot_GetMDInstance
- *
- */
-
-NSS_EXTERN NSSCKMDInstance *
-nssCKFWSlot_GetMDInstance
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * nssCKFWSlot_GetSlotID
- *
- */
-NSS_EXTERN CK_SLOT_ID
-nssCKFWSlot_GetSlotID
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * nssCKFWSlot_GetSlotDescription
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSlot_GetSlotDescription
-(
- NSSCKFWSlot *fwSlot,
- CK_CHAR slotDescription[64]
-);
-
-/*
- * nssCKFWSlot_GetManufacturerID
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSlot_GetManufacturerID
-(
- NSSCKFWSlot *fwSlot,
- CK_CHAR manufacturerID[32]
-);
-
-/*
- * nssCKFWSlot_GetTokenPresent
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetTokenPresent
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * nssCKFWSlot_GetRemovableDevice
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetRemovableDevice
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * nssCKFWSlot_GetHardwareSlot
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetHardwareSlot
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * nssCKFWSlot_GetHardwareVersion
- *
- */
-NSS_EXTERN CK_VERSION
-nssCKFWSlot_GetHardwareVersion
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * nssCKFWSlot_GetFirmwareVersion
- *
- */
-NSS_EXTERN CK_VERSION
-nssCKFWSlot_GetFirmwareVersion
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * nssCKFWSlot_GetToken
- *
- */
-NSS_EXTERN NSSCKFWToken *
-nssCKFWSlot_GetToken
-(
- NSSCKFWSlot *fwSlot,
- CK_RV *pError
-);
-
-/*
- * nssCKFWSlot_ClearToken
- *
- */
-NSS_EXTERN void
-nssCKFWSlot_ClearToken
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * NSSCKFWToken
- *
- * -- create/destroy --
- * nssCKFWToken_Create
- * nssCKFWToken_Destroy
- *
- * -- implement public accessors --
- * nssCKFWToken_GetMDToken
- * nssCKFWToken_GetFWSlot
- * nssCKFWToken_GetMDSlot
- * nssCKFWToken_GetSessionState
- *
- * -- private accessors --
- * nssCKFWToken_SetSessionState
- * nssCKFWToken_RemoveSession
- * nssCKFWToken_CloseAllSessions
- * nssCKFWToken_GetSessionCount
- * nssCKFWToken_GetRwSessionCount
- * nssCKFWToken_GetRoSessionCount
- * nssCKFWToken_GetSessionObjectHash
- * nssCKFWToken_GetMDObjectHash
- * nssCKFWToken_GetObjectHandleHash
- *
- * -- module fronts --
- * nssCKFWToken_InitToken
- * nssCKFWToken_GetLabel
- * nssCKFWToken_GetManufacturerID
- * nssCKFWToken_GetModel
- * nssCKFWToken_GetSerialNumber
- * nssCKFWToken_GetHasRNG
- * nssCKFWToken_GetIsWriteProtected
- * nssCKFWToken_GetLoginRequired
- * nssCKFWToken_GetUserPinInitialized
- * nssCKFWToken_GetRestoreKeyNotNeeded
- * nssCKFWToken_GetHasClockOnToken
- * nssCKFWToken_GetHasProtectedAuthenticationPath
- * nssCKFWToken_GetSupportsDualCryptoOperations
- * nssCKFWToken_GetMaxSessionCount
- * nssCKFWToken_GetMaxRwSessionCount
- * nssCKFWToken_GetMaxPinLen
- * nssCKFWToken_GetMinPinLen
- * nssCKFWToken_GetTotalPublicMemory
- * nssCKFWToken_GetFreePublicMemory
- * nssCKFWToken_GetTotalPrivateMemory
- * nssCKFWToken_GetFreePrivateMemory
- * nssCKFWToken_GetHardwareVersion
- * nssCKFWToken_GetFirmwareVersion
- * nssCKFWToken_GetUTCTime
- * nssCKFWToken_OpenSession
- * nssCKFWToken_GetMechanismCount
- * nssCKFWToken_GetMechanismTypes
- * nssCKFWToken_GetMechanism
- */
-
-/*
- * nssCKFWToken_Create
- *
- */
-NSS_EXTERN NSSCKFWToken *
-nssCKFWToken_Create
-(
- NSSCKFWSlot *fwSlot,
- NSSCKMDToken *mdToken,
- CK_RV *pError
-);
-
-/*
- * nssCKFWToken_Destroy
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWToken_Destroy
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetMDToken
- *
- */
-NSS_EXTERN NSSCKMDToken *
-nssCKFWToken_GetMDToken
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetArena
- *
- */
-NSS_EXTERN NSSArena *
-nssCKFWToken_GetArena
-(
- NSSCKFWToken *fwToken,
- CK_RV *pError
-);
-
-/*
- * nssCKFWToken_GetFWSlot
- *
- */
-NSS_EXTERN NSSCKFWSlot *
-nssCKFWToken_GetFWSlot
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetMDSlot
- *
- */
-NSS_EXTERN NSSCKMDSlot *
-nssCKFWToken_GetMDSlot
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetSessionState
- *
- */
-NSS_EXTERN CK_STATE
-nssCKFWToken_GetSessionState
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_InitToken
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWToken_InitToken
-(
- NSSCKFWToken *fwToken,
- NSSItem *pin,
- NSSUTF8 *label
-);
-
-/*
- * nssCKFWToken_GetLabel
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWToken_GetLabel
-(
- NSSCKFWToken *fwToken,
- CK_CHAR label[32]
-);
-
-/*
- * nssCKFWToken_GetManufacturerID
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWToken_GetManufacturerID
-(
- NSSCKFWToken *fwToken,
- CK_CHAR manufacturerID[32]
-);
-
-/*
- * nssCKFWToken_GetModel
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWToken_GetModel
-(
- NSSCKFWToken *fwToken,
- CK_CHAR model[16]
-);
-
-/*
- * nssCKFWToken_GetSerialNumber
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWToken_GetSerialNumber
-(
- NSSCKFWToken *fwToken,
- CK_CHAR serialNumber[16]
-);
-
-/*
- * nssCKFWToken_GetHasRNG
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasRNG
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetIsWriteProtected
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetIsWriteProtected
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetLoginRequired
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetLoginRequired
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetUserPinInitialized
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetUserPinInitialized
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetRestoreKeyNotNeeded
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetRestoreKeyNotNeeded
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetHasClockOnToken
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasClockOnToken
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetHasProtectedAuthenticationPath
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasProtectedAuthenticationPath
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetSupportsDualCryptoOperations
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetSupportsDualCryptoOperations
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetMaxSessionCount
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxSessionCount
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetMaxRwSessionCount
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxRwSessionCount
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetMaxPinLen
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxPinLen
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetMinPinLen
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMinPinLen
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetTotalPublicMemory
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetTotalPublicMemory
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetFreePublicMemory
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetFreePublicMemory
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetTotalPrivateMemory
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetTotalPrivateMemory
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetFreePrivateMemory
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetFreePrivateMemory
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetHardwareVersion
- *
- */
-NSS_EXTERN CK_VERSION
-nssCKFWToken_GetHardwareVersion
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetFirmwareVersion
- *
- */
-NSS_EXTERN CK_VERSION
-nssCKFWToken_GetFirmwareVersion
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetUTCTime
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWToken_GetUTCTime
-(
- NSSCKFWToken *fwToken,
- CK_CHAR utcTime[16]
-);
-
-/*
- * nssCKFWToken_OpenSession
- *
- */
-NSS_EXTERN NSSCKFWSession *
-nssCKFWToken_OpenSession
-(
- NSSCKFWToken *fwToken,
- CK_BBOOL rw,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_RV *pError
-);
-
-/*
- * nssCKFWToken_GetMechanismCount
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMechanismCount
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetMechanismTypes
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWToken_GetMechanismTypes
-(
- NSSCKFWToken *fwToken,
- CK_MECHANISM_TYPE types[]
-);
-
-/*
- * nssCKFWToken_GetMechanism
- *
- */
-NSS_EXTERN NSSCKFWMechanism *
-nssCKFWToken_GetMechanism
-(
- NSSCKFWToken *fwToken,
- CK_MECHANISM_TYPE which,
- CK_RV *pError
-);
-
-/*
- * nssCKFWToken_SetSessionState
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWToken_SetSessionState
-(
- NSSCKFWToken *fwToken,
- CK_STATE newState
-);
-
-/*
- * nssCKFWToken_RemoveSession
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWToken_RemoveSession
-(
- NSSCKFWToken *fwToken,
- NSSCKFWSession *fwSession
-);
-
-/*
- * nssCKFWToken_CloseAllSessions
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWToken_CloseAllSessions
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetSessionCount
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetSessionCount
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetRwSessionCount
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetRwSessionCount
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetRoSessionCount
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWToken_GetRoSessionCount
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetSessionObjectHash
- *
- */
-NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetSessionObjectHash
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetMDObjectHash
- *
- */
-NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetMDObjectHash
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * nssCKFWToken_GetObjectHandleHash
- *
- */
-NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetObjectHandleHash
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * NSSCKFWMechanism
- *
- * -- create/destroy --
- * nssCKFWMechanism_Create
- * nssCKFWMechanism_Destroy
- *
- * -- implement public accessors --
- * nssCKFWMechanism_GetMDMechanism
- * nssCKFWMechanism_GetParameter
- *
- * -- private accessors --
- *
- * -- module fronts --
- * nssCKFWMechanism_GetMinKeySize
- * nssCKFWMechanism_GetMaxKeySize
- * nssCKFWMechanism_GetInHardware
- */
-
-/*
- * nssCKFWMechanism_Create
- *
- */
-NSS_EXTERN NSSCKFWMechanism *
-nssCKFWMechanism_Create
-(
- void /* XXX fgmr */
-);
-
-/*
- * nssCKFWMechanism_Destroy
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWMechanism_Destroy
-(
- NSSCKFWMechanism *fwMechanism
-);
-
-/*
- * nssCKFWMechanism_GetMDMechanism
- *
- */
-
-NSS_EXTERN NSSCKMDMechanism *
-nssCKFWMechanism_GetMDMechanism
-(
- NSSCKFWMechanism *fwMechanism
-);
-
-/*
- * nssCKFWMechanism_GetParameter
- *
- * XXX fgmr-- or as an additional parameter to the crypto ops?
- */
-NSS_EXTERN NSSItem *
-nssCKFWMechanism_GetParameter
-(
- NSSCKFWMechanism *fwMechanism
-);
-
-/*
- * nssCKFWMechanism_GetMinKeySize
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWMechanism_GetMinKeySize
-(
- NSSCKFWMechanism *fwMechanism
-);
-
-/*
- * nssCKFWMechanism_GetMaxKeySize
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWMechanism_GetMaxKeySize
-(
- NSSCKFWMechanism *fwMechanism
-);
-
-/*
- * nssCKFWMechanism_GetInHardware
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetInHardware
-(
- NSSCKFWMechanism *fwMechanism
-);
-
-/*
- * NSSCKFWSession
- *
- * -- create/destroy --
- * nssCKFWSession_Create
- * nssCKFWSession_Destroy
- *
- * -- implement public accessors --
- * nssCKFWSession_GetMDSession
- * nssCKFWSession_GetArena
- * nssCKFWSession_CallNotification
- * nssCKFWSession_IsRWSession
- * nssCKFWSession_IsSO
- *
- * -- private accessors --
- * nssCKFWSession_GetFWSlot
- * nssCKFWSession_GetSessionState
- * nssCKFWSession_SetFWFindObjects
- * nssCKFWSession_GetFWFindObjects
- * nssCKFWSession_SetMDSession
- * nssCKFWSession_SetHandle
- * nssCKFWSession_GetHandle
- * nssCKFWSession_RegisterSessionObject
- * nssCKFWSession_DeregisterSessionObject
- *
- * -- module fronts --
- * nssCKFWSession_GetDeviceError
- * nssCKFWSession_Login
- * nssCKFWSession_Logout
- * nssCKFWSession_InitPIN
- * nssCKFWSession_SetPIN
- * nssCKFWSession_GetOperationStateLen
- * nssCKFWSession_GetOperationState
- * nssCKFWSession_SetOperationState
- * nssCKFWSession_CreateObject
- * nssCKFWSession_CopyObject
- * nssCKFWSession_FindObjectsInit
- * nssCKFWSession_SeedRandom
- * nssCKFWSession_GetRandom
- */
-
-/*
- * nssCKFWSession_Create
- *
- */
-NSS_EXTERN NSSCKFWSession *
-nssCKFWSession_Create
-(
- NSSCKFWToken *fwToken,
- CK_BBOOL rw,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_RV *pError
-);
-
-/*
- * nssCKFWSession_Destroy
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_Destroy
-(
- NSSCKFWSession *fwSession,
- CK_BBOOL removeFromTokenHash
-);
-
-/*
- * nssCKFWSession_GetMDSession
- *
- */
-NSS_EXTERN NSSCKMDSession *
-nssCKFWSession_GetMDSession
-(
- NSSCKFWSession *fwSession
-);
-
-/*
- * nssCKFWSession_GetArena
- *
- */
-NSS_EXTERN NSSArena *
-nssCKFWSession_GetArena
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
-
-/*
- * nssCKFWSession_CallNotification
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_CallNotification
-(
- NSSCKFWSession *fwSession,
- CK_NOTIFICATION event
-);
-
-/*
- * nssCKFWSession_IsRWSession
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWSession_IsRWSession
-(
- NSSCKFWSession *fwSession
-);
-
-/*
- * nssCKFWSession_IsSO
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWSession_IsSO
-(
- NSSCKFWSession *fwSession
-);
-
-/*
- * nssCKFWSession_GetFWSlot
- *
- */
-NSS_EXTERN NSSCKFWSlot *
-nssCKFWSession_GetFWSlot
-(
- NSSCKFWSession *fwSession
-);
-
-/*
- * nssCFKWSession_GetSessionState
- *
- */
-NSS_EXTERN CK_STATE
-nssCKFWSession_GetSessionState
-(
- NSSCKFWSession *fwSession
-);
-
-/*
- * nssCKFWSession_SetFWFindObjects
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_SetFWFindObjects
-(
- NSSCKFWSession *fwSession,
- NSSCKFWFindObjects *fwFindObjects
-);
-
-/*
- * nssCKFWSession_GetFWFindObjects
- *
- */
-NSS_EXTERN NSSCKFWFindObjects *
-nssCKFWSession_GetFWFindObjects
-(
- NSSCKFWSession *fwSesssion,
- CK_RV *pError
-);
-
-/*
- * nssCKFWSession_SetMDSession
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_SetMDSession
-(
- NSSCKFWSession *fwSession,
- NSSCKMDSession *mdSession
-);
-
-/*
- * nssCKFWSession_SetHandle
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_SetHandle
-(
- NSSCKFWSession *fwSession,
- CK_SESSION_HANDLE hSession
-);
-
-/*
- * nssCKFWSession_GetHandle
- *
- */
-NSS_EXTERN CK_SESSION_HANDLE
-nssCKFWSession_GetHandle
-(
- NSSCKFWSession *fwSession
-);
-
-/*
- * nssCKFWSession_RegisterSessionObject
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_RegisterSessionObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-);
-
-/*
- * nssCKFWSession_DeregisterSessionObject
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_DeregisterSessionObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-);
-
-/*
- * nssCKFWSession_GetDeviceError
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWSession_GetDeviceError
-(
- NSSCKFWSession *fwSession
-);
-
-/*
- * nssCKFWSession_Login
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_Login
-(
- NSSCKFWSession *fwSession,
- CK_USER_TYPE userType,
- NSSItem *pin
-);
-
-/*
- * nssCKFWSession_Logout
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_Logout
-(
- NSSCKFWSession *fwSession
-);
-
-/*
- * nssCKFWSession_InitPIN
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_InitPIN
-(
- NSSCKFWSession *fwSession,
- NSSItem *pin
-);
-
-/*
- * nssCKFWSession_SetPIN
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_SetPIN
-(
- NSSCKFWSession *fwSession,
- NSSItem *newPin,
- NSSItem *oldPin
-);
-
-/*
- * nssCKFWSession_GetOperationStateLen
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWSession_GetOperationStateLen
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
-
-/*
- * nssCKFWSession_GetOperationState
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_GetOperationState
-(
- NSSCKFWSession *fwSession,
- NSSItem *buffer
-);
-
-/*
- * nssCKFWSession_SetOperationState
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_SetOperationState
-(
- NSSCKFWSession *fwSession,
- NSSItem *state,
- NSSCKFWObject *encryptionKey,
- NSSCKFWObject *authenticationKey
-);
-
-/*
- * nssCKFWSession_CreateObject
- *
- */
-NSS_EXTERN NSSCKFWObject *
-nssCKFWSession_CreateObject
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
-
-/*
- * nssCKFWSession_CopyObject
- *
- */
-NSS_EXTERN NSSCKFWObject *
-nssCKFWSession_CopyObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *object,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
-
-/*
- * nssCKFWSession_FindObjectsInit
- *
- */
-NSS_EXTERN NSSCKFWFindObjects *
-nssCKFWSession_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
-
-/*
- * nssCKFWSession_SeedRandom
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_SeedRandom
-(
- NSSCKFWSession *fwSession,
- NSSItem *seed
-);
-
-/*
- * nssCKFWSession_GetRandom
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWSession_GetRandom
-(
- NSSCKFWSession *fwSession,
- NSSItem *buffer
-);
-
-/*
- * NSSCKFWObject
- *
- * -- create/destroy --
- * nssCKFWObject_Create
- * nssCKFWObject_Finalize
- * nssCKFWObject_Destroy
- *
- * -- implement public accessors --
- * nssCKFWObject_GetMDObject
- * nssCKFWObject_GetArena
- *
- * -- private accessors --
- * nssCKFWObject_SetHandle
- * nssCKFWObject_GetHandle
- *
- * -- module fronts --
- * nssCKFWObject_IsTokenObject
- * nssCKFWObject_GetAttributeCount
- * nssCKFWObject_GetAttributeTypes
- * nssCKFWObject_GetAttributeSize
- * nssCKFWObject_GetAttribute
- * nssCKFWObject_SetAttribute
- * nssCKFWObject_GetObjectSize
- */
-
-/*
- * nssCKFWObject_Create
- *
- */
-NSS_EXTERN NSSCKFWObject *
-nssCKFWObject_Create
-(
- NSSArena *arena,
- NSSCKMDObject *mdObject,
- NSSCKFWSession *fwSession,
- NSSCKFWToken *fwToken,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
-
-/*
- * nssCKFWObject_Finalize
- *
- */
-NSS_EXTERN void
-nssCKFWObject_Finalize
-(
- NSSCKFWObject *fwObject
-);
-
-/*
- * nssCKFWObject_Destroy
- *
- */
-NSS_EXTERN void
-nssCKFWObject_Destroy
-(
- NSSCKFWObject *fwObject
-);
-
-/*
- * nssCKFWObject_GetMDObject
- *
- */
-NSS_EXTERN NSSCKMDObject *
-nssCKFWObject_GetMDObject
-(
- NSSCKFWObject *fwObject
-);
-
-/*
- * nssCKFWObject_GetArena
- *
- */
-NSS_EXTERN NSSArena *
-nssCKFWObject_GetArena
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
-
-/*
- * nssCKFWObject_SetHandle
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWObject_SetHandle
-(
- NSSCKFWObject *fwObject,
- CK_OBJECT_HANDLE hObject
-);
-
-/*
- * nssCKFWObject_GetHandle
- *
- */
-NSS_IMPLEMENT CK_OBJECT_HANDLE
-nssCKFWObject_GetHandle
-(
- NSSCKFWObject *fwObject
-);
-
-/*
- * nssCKFWObject_IsTokenObject
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWObject_IsTokenObject
-(
- NSSCKFWObject *fwObject
-);
-
-/*
- * nssCKFWObject_GetAttributeCount
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWObject_GetAttributeCount
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
-
-/*
- * nssCKFWObject_GetAttributeTypes
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWObject_GetAttributeTypes
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-);
-
-/*
- * nssCKFWObject_GetAttributeSize
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWObject_GetAttributeSize
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-);
-
-/*
- * nssCKFWObject_GetAttribute
- *
- * Usual NSS allocation rules:
- * If itemOpt is not NULL, it will be returned; otherwise an NSSItem
- * will be allocated. If itemOpt is not NULL but itemOpt->data is,
- * the buffer will be allocated; otherwise, the buffer will be used.
- * Any allocations will come from the optional arena, if one is
- * specified.
- */
-NSS_EXTERN NSSItem *
-nssCKFWObject_GetAttribute
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *itemOpt,
- NSSArena *arenaOpt,
- CK_RV *pError
-);
-
-/*
- * nssCKFWObject_SetAttribute
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWObject_SetAttribute
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
-);
-
-/*
- * nssCKFWObject_GetObjectSize
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWObject_GetObjectSize
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
-
-/*
- * NSSCKFWFindObjects
- *
- * -- create/destroy --
- * nssCKFWFindObjects_Create
- * nssCKFWFindObjects_Destroy
- *
- * -- implement public accessors --
- * nssCKFWFindObjects_GetMDFindObjects
- *
- * -- private accessors --
- *
- * -- module fronts --
- * nssCKFWFindObjects_Next
- */
-
-/*
- * nssCKFWFindObjects_Create
- *
- */
-NSS_EXTERN NSSCKFWFindObjects *
-nssCKFWFindObjects_Create
-(
- NSSCKFWSession *fwSession,
- NSSCKFWToken *fwToken,
- NSSCKFWInstance *fwInstance,
- NSSCKMDFindObjects *mdFindObjects1,
- NSSCKMDFindObjects *mdFindObjects2,
- CK_RV *pError
-);
-
-/*
- * nssCKFWFindObjects_Destroy
- *
- */
-NSS_EXTERN void
-nssCKFWFindObjects_Destroy
-(
- NSSCKFWFindObjects *fwFindObjects
-);
-
-/*
- * nssCKFWFindObjects_GetMDFindObjects
- *
- */
-NSS_EXTERN NSSCKMDFindObjects *
-nssCKFWFindObjects_GetMDFindObjects
-(
- NSSCKFWFindObjects *fwFindObjects
-);
-
-/*
- * nssCKFWFindObjects_Next
- *
- */
-NSS_EXTERN NSSCKFWObject *
-nssCKFWFindObjects_Next
-(
- NSSCKFWFindObjects *fwFindObjects,
- NSSArena *arenaOpt,
- CK_RV *pError
-);
-
-/*
- * NSSCKFWMutex
- *
- * nssCKFWMutex_Create
- * nssCKFWMutex_Destroy
- * nssCKFWMutex_Lock
- * nssCKFWMutex_Unlock
- *
- */
-
-/*
- * nssCKFWMutex_Create
- *
- */
-NSS_EXTERN NSSCKFWMutex *
-nssCKFWMutex_Create
-(
- CK_C_INITIALIZE_ARGS_PTR pInitArgs,
- NSSArena *arena,
- CK_RV *pError
-);
-
-/*
- * nssCKFWMutex_Destroy
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWMutex_Destroy
-(
- NSSCKFWMutex *mutex
-);
-
-/*
- * nssCKFWMutex_Lock
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWMutex_Lock
-(
- NSSCKFWMutex *mutex
-);
-
-/*
- * nssCKFWMutex_Unlock
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWMutex_Unlock
-(
- NSSCKFWMutex *mutex
-);
-
-#endif /* CKFW_H */
diff --git a/security/nss/lib/ckfw/ckfwm.h b/security/nss/lib/ckfw/ckfwm.h
deleted file mode 100644
index 82fd74830..000000000
--- a/security/nss/lib/ckfw/ckfwm.h
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef CKFWM_H
-#define CKFWM_H
-
-#ifdef DEBUG
-static const char CKFWM_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * ckfwm.h
- *
- * This file prototypes the module-private calls of the NSS Cryptoki Framework.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-#ifndef NSSCKFWT_H
-#include "nssckfwt.h"
-#endif /* NSSCKFWT_H */
-
-/*
- * nssCKFWHash
- *
- * nssCKFWHash_Create
- * nssCKFWHash_Destroy
- * nssCKFWHash_Add
- * nssCKFWHash_Remove
- * nssCKFWHash_Count
- * nssCKFWHash_Exists
- * nssCKFWHash_Lookup
- * nssCKFWHash_Iterate
- */
-
-/*
- * nssCKFWHash_Create
- *
- */
-NSS_EXTERN nssCKFWHash *
-nssCKFWHash_Create
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-);
-
-/*
- * nssCKFWHash_Destroy
- *
- */
-NSS_EXTERN void
-nssCKFWHash_Destroy
-(
- nssCKFWHash *hash
-);
-
-/*
- * nssCKFWHash_Add
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWHash_Add
-(
- nssCKFWHash *hash,
- const void *key,
- const void *value
-);
-
-/*
- * nssCKFWHash_Remove
- *
- */
-NSS_EXTERN void
-nssCKFWHash_Remove
-(
- nssCKFWHash *hash,
- const void *it
-);
-
-/*
- * nssCKFWHash_Count
- *
- */
-NSS_EXTERN CK_ULONG
-nssCKFWHash_Count
-(
- nssCKFWHash *hash
-);
-
-/*
- * nssCKFWHash_Exists
- *
- */
-NSS_EXTERN CK_BBOOL
-nssCKFWHash_Exists
-(
- nssCKFWHash *hash,
- const void *it
-);
-
-/*
- * nssCKFWHash_Lookup
- *
- */
-NSS_EXTERN void *
-nssCKFWHash_Lookup
-(
- nssCKFWHash *hash,
- const void *it
-);
-
-/*
- * nssCKFWHash_Iterate
- *
- */
-NSS_EXTERN void
-nssCKFWHash_Iterate
-(
- nssCKFWHash *hash,
- nssCKFWHashIterator fcn,
- void *closure
-);
-
-#endif /* CKFWM_H */
diff --git a/security/nss/lib/ckfw/ckfwtm.h b/security/nss/lib/ckfw/ckfwtm.h
deleted file mode 100644
index 0f631f02d..000000000
--- a/security/nss/lib/ckfw/ckfwtm.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef CKFWTM_H
-#define CKFWTM_H
-
-#ifdef DEBUG
-static const char CKFWTM_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * ckfwtm.h
- *
- * This file declares the module-private types of the NSS Cryptoki Framework.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-struct nssCKFWHashStr;
-typedef struct nssCKFWHashStr nssCKFWHash;
-
-typedef void (PR_CALLBACK *nssCKFWHashIterator)(const void *key, void *value, void *closure);
-
-#endif /* CKFWTM_H */
diff --git a/security/nss/lib/ckfw/ckmd.h b/security/nss/lib/ckfw/ckmd.h
deleted file mode 100644
index 5b7f394f5..000000000
--- a/security/nss/lib/ckfw/ckmd.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef CKMD_H
-#define CKMD_H
-
-#ifdef DEBUG
-static const char CKMD_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * ckmd.h
- *
- */
-
-NSS_EXTERN NSSCKMDObject *
-nssCKMDSessionObject_Create
-(
- NSSCKFWToken *fwToken,
- NSSArena *arena,
- CK_ATTRIBUTE_PTR attributes,
- CK_ULONG ulCount,
- CK_RV *pError
-);
-
-NSS_EXTERN NSSCKMDFindObjects *
-nssCKMDFindSessionObjects_Create
-(
- NSSCKFWToken *fwToken,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_RV *pError
-);
-
-#endif /* CKMD_H */
diff --git a/security/nss/lib/ckfw/ckt.h b/security/nss/lib/ckfw/ckt.h
deleted file mode 100644
index 9b9a471ca..000000000
--- a/security/nss/lib/ckfw/ckt.h
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef CKT_H
-#define CKT_H
-
-#ifdef DEBUG
-static const char CKT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * ckt.h
- *
- * This file contains the NSS-specific type definitions for Cryptoki
- * (PKCS#11).
- */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-/*
- * NSSCK_VENDOR_NETSCAPE
- *
- * Cryptoki reserves the high half of all the number spaces for
- * vendor-defined use. I'd like to keep all of our Netscape-
- * specific values together, but not in the oh-so-obvious
- * 0x80000001, 0x80000002, etc. area. So I've picked an offset,
- * and constructed values for the beginnings of our spaces.
- *
- * Note that some "historical" Netscape values don't fall within
- * this range.
- */
-#define NSSCK_VENDOR_NETSCAPE 0x4E534350 /* NSCP */
-
-/*
- * Netscape-defined object classes
- *
- */
-#define CKO_NETSCAPE (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKO_NETSCAPE_CRL (CKO_NETSCAPE + 1)
-#define CKO_NETSCAPE_SMIME (CKO_NETSCAPE + 2)
-#define CKO_NETSCAPE_TRUST (CKO_NETSCAPE + 3)
-
-/*
- * Netscape-defined key types
- *
- */
-#define CKK_NETSCAPE (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKK_NETSCAPE_PKCS8 (CKK_NETSCAPE + 1)
-/*
- * Netscape-defined certificate types
- *
- */
-#define CKC_NETSCAPE (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-/*
- * Netscape-defined object attributes
- *
- */
-#define CKA_NETSCAPE (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKA_NETSCAPE_URL (CKA_NETSCAPE + 1)
-#define CKA_NETSCAPE_EMAIL (CKA_NETSCAPE + 2)
-#define CKA_NETSCAPE_SMIME_INFO (CKA_NETSCAPE + 3)
-#define CKA_NETSCAPE_SMIME_TIMESTAMP (CKA_NETSCAPE + 4)
-#define CKA_NETSCAPE_PKCS8_SALT (CKA_NETSCAPE + 5)
-#define CKA_NETSCAPE_PASSWORD_CHECK (CKA_NETSCAPE + 6)
-#define CKA_NETSCAPE_EXPIRES (CKA_NETSCAPE + 7)
-
-/*
- * Trust attributes:
- *
- * If trust goes standard, these probably will too. So I'll
- * put them all in one place.
- */
-
-#define CKA_TRUST (CKA_NETSCAPE + 0x2000)
-
-/* "Usage" key information */
-#define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1)
-#define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2)
-#define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3)
-#define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4)
-#define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5)
-#define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6)
-#define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7)
-
-/* "Purpose" trust information */
-#define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8)
-#define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9)
-#define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10)
-#define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11)
-#define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12)
-#define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13)
-#define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14)
-#define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15)
-
-/* Netscape trust stuff */
-/* XXX fgmr new ones here-- step-up, etc. */
-
-/* HISTORICAL: define used to pass in the database key for DSA private keys */
-#define CKA_NETSCAPE_DB 0xD5A0DB00L
-#define CKA_NETSCAPE_TRUST 0x80000001L
-
-/*
- * Netscape-defined crypto mechanisms
- *
- */
-#define CKM_NETSCAPE (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-/*
- * HISTORICAL:
- * Do not attempt to use these. They are only used by NETSCAPE's internal
- * PKCS #11 interface. Most of these are place holders for other mechanism
- * and will change in the future.
- */
-#define CKM_NETSCAPE_PBE_KEY_GEN 0x80000001L
-#define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002L
-#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003L
-#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004L
-#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005L
-#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006L
-#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007L
-#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008L
-#define CKM_TLS_MASTER_KEY_DERIVE 0x80000371L
-#define CKM_TLS_KEY_AND_MAC_DERIVE 0x80000372L
-
-/*
- * Netscape-defined return values
- *
- */
-#define CKR_NETSCAPE (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-/*
- * Trust info
- *
- * This isn't part of the Cryptoki standard (yet), so I'm putting
- * all the definitions here. Some of this would move to nssckt.h
- * if trust info were made part of the standard. In view of this
- * possibility, I'm putting my (Netscape) values in the netscape
- * vendor space, like everything else.
- */
-
-typedef CK_ULONG CK_TRUST;
-
-/* The following trust types are defined: */
-#define CKT_VENDOR_DEFINED 0x80000000
-
-#define CKT_NETSCAPE (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-/* If trust goes standard, these'll probably drop out of vendor space. */
-#define CKT_NETSCAPE_TRUSTED (CKT_NETSCAPE + 1)
-#define CKT_NETSCAPE_TRUSTED_DELEGATOR (CKT_NETSCAPE + 2)
-#define CKT_NETSCAPE_UNTRUSTED (CKT_NETSCAPE + 3)
-
-/*
- * These may well remain Netscape-specific; I'm only using them
- * to cache resolution data.
- */
-#define CKT_NETSCAPE_VALID (CKT_NETSCAPE + 4)
-#define CKT_NETSCAPE_VALID_DELEGATOR (CKT_NETSCAPE + 5)
-
-
-#endif /* CKT_H */
diff --git a/security/nss/lib/ckfw/config.mk b/security/nss/lib/ckfw/config.mk
deleted file mode 100644
index 80b3135f4..000000000
--- a/security/nss/lib/ckfw/config.mk
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-ifdef BUILD_IDG
-DEFINES += -DNSSDEBUG
-endif
diff --git a/security/nss/lib/ckfw/dbm/Makefile b/security/nss/lib/ckfw/dbm/Makefile
deleted file mode 100644
index 03e1fb4c6..000000000
--- a/security/nss/lib/ckfw/dbm/Makefile
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-include manifest.mn
-include config.mk
-include $(CORE_DEPTH)/coreconf/config.mk
-include $(CORE_DEPTH)/coreconf/rules.mk
diff --git a/security/nss/lib/ckfw/dbm/anchor.c b/security/nss/lib/ckfw/dbm/anchor.c
deleted file mode 100644
index 588fd00e0..000000000
--- a/security/nss/lib/ckfw/dbm/anchor.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * dbm/anchor.c
- *
- * This file "anchors" the actual cryptoki entry points in this module's
- * shared library, which is required for dynamic loading. See the
- * comments in nssck.api for more information.
- */
-
-#include "ckdbm.h"
-
-#define MODULE_NAME dbm
-#define INSTANCE_NAME (NSSCKMDInstance *)&nss_dbm_mdInstance
-#include "nssck.api"
diff --git a/security/nss/lib/ckfw/dbm/ckdbm.h b/security/nss/lib/ckfw/dbm/ckdbm.h
deleted file mode 100644
index 7bab87ec7..000000000
--- a/security/nss/lib/ckfw/dbm/ckdbm.h
+++ /dev/null
@@ -1,281 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CKDBM_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef CKDBM_H
-#define CKDBM_H
-
-#include "nssckmdt.h"
-#include "nssckfw.h"
-
-/*
- * I'm including this for access to the arena functions.
- * Looks like we should publish that API.
- */
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-/*
- * This is where the Netscape extensions live, at least for now.
- */
-#ifndef CKT_H
-#include "ckt.h"
-#endif /* CKT_H */
-
-#include "mcom_db.h"
-
-NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance;
-
-typedef struct nss_dbm_db_struct nss_dbm_db_t;
-struct nss_dbm_db_struct {
- DB *db;
- NSSCKFWMutex *crustylock;
-};
-
-typedef struct nss_dbm_dbt_struct nss_dbm_dbt_t;
-struct nss_dbm_dbt_struct {
- DBT dbt;
- nss_dbm_db_t *my_db;
-};
-
-typedef struct nss_dbm_instance_struct nss_dbm_instance_t;
-struct nss_dbm_instance_struct {
- NSSArena *arena;
- CK_ULONG nSlots;
- char **filenames;
- int *flags; /* e.g. O_RDONLY, O_RDWR */
-};
-
-typedef struct nss_dbm_slot_struct nss_dbm_slot_t;
-struct nss_dbm_slot_struct {
- nss_dbm_instance_t *instance;
- char *filename;
- int flags;
- nss_dbm_db_t *token_db;
-};
-
-typedef struct nss_dbm_token_struct nss_dbm_token_t;
-struct nss_dbm_token_struct {
- NSSArena *arena;
- nss_dbm_slot_t *slot;
- nss_dbm_db_t *session_db;
- NSSUTF8 *label;
-};
-
-struct nss_dbm_dbt_node {
- struct nss_dbm_dbt_node *next;
- nss_dbm_dbt_t *dbt;
-};
-
-typedef struct nss_dbm_session_struct nss_dbm_session_t;
-struct nss_dbm_session_struct {
- NSSArena *arena;
- nss_dbm_token_t *token;
- CK_ULONG deviceError;
- struct nss_dbm_dbt_node *session_objects;
- NSSCKFWMutex *list_lock;
-};
-
-typedef struct nss_dbm_object_struct nss_dbm_object_t;
-struct nss_dbm_object_struct {
- NSSArena *arena; /* token or session */
- nss_dbm_dbt_t *handle;
-};
-
-typedef struct nss_dbm_find_struct nss_dbm_find_t;
-struct nss_dbm_find_struct {
- NSSArena *arena;
- struct nss_dbm_dbt_node *found;
- NSSCKFWMutex *list_lock;
-};
-
-NSS_EXTERN NSSCKMDSlot *
-nss_dbm_mdSlot_factory
-(
- nss_dbm_instance_t *instance,
- char *filename,
- int flags,
- CK_RV *pError
-);
-
-NSS_EXTERN NSSCKMDToken *
-nss_dbm_mdToken_factory
-(
- nss_dbm_slot_t *slot,
- CK_RV *pError
-);
-
-NSS_EXTERN NSSCKMDSession *
-nss_dbm_mdSession_factory
-(
- nss_dbm_token_t *token,
- NSSCKFWSession *fwSession,
- NSSCKFWInstance *fwInstance,
- CK_BBOOL rw,
- CK_RV *pError
-);
-
-NSS_EXTERN NSSCKMDObject *
-nss_dbm_mdObject_factory
-(
- nss_dbm_object_t *object,
- CK_RV *pError
-);
-
-NSS_EXTERN NSSCKMDFindObjects *
-nss_dbm_mdFindObjects_factory
-(
- nss_dbm_find_t *find,
- CK_RV *pError
-);
-
-NSS_EXTERN nss_dbm_db_t *
-nss_dbm_db_open
-(
- NSSArena *arena,
- NSSCKFWInstance *fwInstance,
- char *filename,
- int flags,
- CK_RV *pError
-);
-
-NSS_EXTERN void
-nss_dbm_db_close
-(
- nss_dbm_db_t *db
-);
-
-NSS_EXTERN CK_VERSION
-nss_dbm_db_get_format_version
-(
- nss_dbm_db_t *db
-);
-
-NSS_EXTERN CK_RV
-nss_dbm_db_set_label
-(
- nss_dbm_db_t *db,
- NSSUTF8 *label
-);
-
-NSS_EXTERN NSSUTF8 *
-nss_dbm_db_get_label
-(
- nss_dbm_db_t *db,
- NSSArena *arena,
- CK_RV *pError
-);
-
-NSS_EXTERN CK_RV
-nss_dbm_db_delete_object
-(
- nss_dbm_dbt_t *dbt
-);
-
-NSS_EXTERN nss_dbm_dbt_t *
-nss_dbm_db_create_object
-(
- NSSArena *arena,
- nss_dbm_db_t *db,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError,
- CK_ULONG *pdbrv
-);
-
-NSS_EXTERN CK_RV
-nss_dbm_db_find_objects
-(
- nss_dbm_find_t *find,
- nss_dbm_db_t *db,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_ULONG *pdbrv
-);
-
-NSS_EXTERN CK_BBOOL
-nss_dbm_db_object_still_exists
-(
- nss_dbm_dbt_t *dbt
-);
-
-NSS_EXTERN CK_ULONG
-nss_dbm_db_get_object_attribute_count
-(
- nss_dbm_dbt_t *dbt,
- CK_RV *pError,
- CK_ULONG *pdbrv
-);
-
-NSS_EXTERN CK_RV
-nss_dbm_db_get_object_attribute_types
-(
- nss_dbm_dbt_t *dbt,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount,
- CK_ULONG *pdbrv
-);
-
-NSS_EXTERN CK_ULONG
-nss_dbm_db_get_object_attribute_size
-(
- nss_dbm_dbt_t *dbt,
- CK_ATTRIBUTE_TYPE type,
- CK_RV *pError,
- CK_ULONG *pdbrv
-);
-
-NSS_EXTERN NSSItem *
-nss_dbm_db_get_object_attribute
-(
- nss_dbm_dbt_t *dbt,
- NSSArena *arena,
- CK_ATTRIBUTE_TYPE type,
- CK_RV *pError,
- CK_ULONG *pdbrv
-);
-
-NSS_EXTERN CK_RV
-nss_dbm_db_set_object_attribute
-(
- nss_dbm_dbt_t *dbt,
- CK_ATTRIBUTE_TYPE type,
- NSSItem *value,
- CK_ULONG *pdbrv
-);
-
-#endif /* CKDBM_H */
diff --git a/security/nss/lib/ckfw/dbm/config.mk b/security/nss/lib/ckfw/dbm/config.mk
deleted file mode 100644
index 80b3135f4..000000000
--- a/security/nss/lib/ckfw/dbm/config.mk
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-ifdef BUILD_IDG
-DEFINES += -DNSSDEBUG
-endif
diff --git a/security/nss/lib/ckfw/dbm/db.c b/security/nss/lib/ckfw/dbm/db.c
deleted file mode 100644
index 307c7f21d..000000000
--- a/security/nss/lib/ckfw/dbm/db.c
+++ /dev/null
@@ -1,1065 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "ckdbm.h"
-
-#define PREFIX_METADATA "0000"
-#define PREFIX_OBJECT "0001"
-#define PREFIX_INDEX "0002"
-
-static CK_VERSION nss_dbm_db_format_version = { 1, 0 };
-struct handle {
- char prefix[4];
- CK_ULONG id;
-};
-
-NSS_IMPLEMENT nss_dbm_db_t *
-nss_dbm_db_open
-(
- NSSArena *arena,
- NSSCKFWInstance *fwInstance,
- char *filename,
- int flags,
- CK_RV *pError
-)
-{
- nss_dbm_db_t *rv;
- CK_VERSION db_version;
-
- rv = nss_ZNEW(arena, nss_dbm_db_t);
- if( (nss_dbm_db_t *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (nss_dbm_db_t *)NULL;
- }
-
- rv->db = dbopen(filename, flags, 0600, DB_HASH, (const void *)NULL);
- if( (DB *)NULL == rv->db ) {
- *pError = CKR_TOKEN_NOT_PRESENT;
- return (nss_dbm_db_t *)NULL;
- }
-
- rv->crustylock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError);
- if( (NSSCKFWMutex *)NULL == rv->crustylock ) {
- return (nss_dbm_db_t *)NULL;
- }
-
- db_version = nss_dbm_db_get_format_version(rv);
- if( db_version.major != nss_dbm_db_format_version.major ) {
- nss_dbm_db_close(rv);
- *pError = CKR_TOKEN_NOT_RECOGNIZED;
- return (nss_dbm_db_t *)NULL;
- }
-
- return rv;
-}
-
-NSS_IMPLEMENT void
-nss_dbm_db_close
-(
- nss_dbm_db_t *db
-)
-{
- if( (NSSCKFWMutex *)NULL != db->crustylock ) {
- (void)NSSCKFWMutex_Destroy(db->crustylock);
- }
-
- if( (DB *)NULL != db->db ) {
- (void)db->db->close(db->db);
- }
-
- nss_ZFreeIf(db);
-}
-
-NSS_IMPLEMENT CK_VERSION
-nss_dbm_db_get_format_version
-(
- nss_dbm_db_t *db
-)
-{
- CK_VERSION rv;
- DBT k, v;
- int dbrv;
- char buffer[64];
-
- rv.major = rv.minor = 0;
-
- k.data = PREFIX_METADATA "FormatVersion";
- k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL);
- (void)memset(&v, 0, sizeof(v));
-
- /* Locked region */
- {
- if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) {
- return rv;
- }
-
- dbrv = db->db->get(db->db, &k, &v, 0);
- if( dbrv == 0 ) {
- CK_ULONG major = 0, minor = 0;
- (void)PR_sscanf(v.data, "%ld.%ld", &major, &minor);
- rv.major = major;
- rv.minor = minor;
- } else if( dbrv > 0 ) {
- (void)PR_snprintf(buffer, sizeof(buffer), "%ld.%ld", nss_dbm_db_format_version.major,
- nss_dbm_db_format_version.minor);
- v.data = buffer;
- v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL);
- dbrv = db->db->put(db->db, &k, &v, 0);
- (void)db->db->sync(db->db, 0);
- rv = nss_dbm_db_format_version;
- } else {
- /* No error return.. */
- ;
- }
-
- (void)NSSCKFWMutex_Unlock(db->crustylock);
- }
-
- return rv;
-}
-
-NSS_IMPLEMENT CK_RV
-nss_dbm_db_set_label
-(
- nss_dbm_db_t *db,
- NSSUTF8 *label
-)
-{
- CK_RV rv;
- DBT k, v;
- int dbrv;
-
- k.data = PREFIX_METADATA "Label";
- k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL);
- v.data = label;
- v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL);
-
- /* Locked region */
- {
- if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) {
- return rv;
- }
-
- dbrv = db->db->put(db->db, &k, &v, 0);
- if( 0 != dbrv ) {
- rv = CKR_DEVICE_ERROR;
- }
-
- dbrv = db->db->sync(db->db, 0);
- if( 0 != dbrv ) {
- rv = CKR_DEVICE_ERROR;
- }
-
- (void)NSSCKFWMutex_Unlock(db->crustylock);
- }
-
- return rv;
-}
-
-NSS_IMPLEMENT NSSUTF8 *
-nss_dbm_db_get_label
-(
- nss_dbm_db_t *db,
- NSSArena *arena,
- CK_RV *pError
-)
-{
- NSSUTF8 *rv = (NSSUTF8 *)NULL;
- DBT k, v;
- int dbrv;
-
- k.data = PREFIX_METADATA "Label";
- k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL);
-
- /* Locked region */
- {
- if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) {
- return rv;
- }
-
- dbrv = db->db->get(db->db, &k, &v, 0);
- if( 0 == dbrv ) {
- rv = nssUTF8_Duplicate((NSSUTF8 *)v.data, arena);
- if( (NSSUTF8 *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- }
- } else if( dbrv > 0 ) {
- /* Just return null */
- ;
- } else {
- *pError = CKR_DEVICE_ERROR;
- ;
- }
-
-
- (void)NSSCKFWMutex_Unlock(db->crustylock);
- }
-
- return rv;
-}
-
-NSS_IMPLEMENT CK_RV
-nss_dbm_db_delete_object
-(
- nss_dbm_dbt_t *dbt
-)
-{
- CK_RV rv;
- int dbrv;
-
- /* Locked region */
- {
- rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
- if( CKR_OK != rv ) {
- return rv;
- }
-
- dbrv = dbt->my_db->db->del(dbt->my_db->db, &dbt->dbt, 0);
- if( 0 != dbrv ) {
- rv = CKR_DEVICE_ERROR;
- goto done;
- }
-
- dbrv = dbt->my_db->db->sync(dbt->my_db->db, 0);
- if( 0 != dbrv ) {
- rv = CKR_DEVICE_ERROR;
- goto done;
- }
-
- done:
- (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
- }
-
- return rv;
-}
-
-static CK_ULONG
-nss_dbm_db_new_handle
-(
- nss_dbm_db_t *db,
- DBT *dbt, /* pre-allocated */
- CK_RV *pError
-)
-{
- CK_ULONG rv;
- DBT k, v;
- CK_ULONG align = 0, id, myid;
- struct handle *hp;
-
- if( sizeof(struct handle) != dbt->size ) {
- return EINVAL;
- }
-
- /* Locked region */
- {
- *pError = NSSCKFWMutex_Lock(db->crustylock);
- if( CKR_OK != *pError ) {
- return EINVAL;
- }
-
- k.data = PREFIX_METADATA "LastID";
- k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL);
- (void)memset(&v, 0, sizeof(v));
-
- rv = db->db->get(db->db, &k, &v, 0);
- if( 0 == rv ) {
- (void)memcpy(&align, v.data, sizeof(CK_ULONG));
- id = ntohl(align);
- } else if( rv > 0 ) {
- id = 0;
- } else {
- goto done;
- }
-
- myid = id;
- id++;
- align = htonl(id);
- v.data = &align;
- v.size = sizeof(CK_ULONG);
-
- rv = db->db->put(db->db, &k, &v, 0);
- if( 0 != rv ) {
- goto done;
- }
-
- rv = db->db->sync(db->db, 0);
- if( 0 != rv ) {
- goto done;
- }
-
- done:
- (void)NSSCKFWMutex_Unlock(db->crustylock);
- }
-
- if( 0 != rv ) {
- return rv;
- }
-
- hp = (struct handle *)dbt->data;
- (void)memcpy(&hp->prefix[0], PREFIX_OBJECT, 4);
- hp->id = myid;
-
- return 0;
-}
-
-/*
- * This attribute-type-dependent swapping should probably
- * be in the Framework, because it'll be a concern of just
- * about every Module. Of course any Framework implementation
- * will have to be augmentable or overridable by a Module.
- */
-
-enum swap_type { type_byte, type_short, type_long, type_opaque };
-
-static enum swap_type
-nss_dbm_db_swap_type
-(
- CK_ATTRIBUTE_TYPE type
-)
-{
- switch( type ) {
- case CKA_CLASS: return type_long;
- case CKA_TOKEN: return type_byte;
- case CKA_PRIVATE: return type_byte;
- case CKA_LABEL: return type_opaque;
- case CKA_APPLICATION: return type_opaque;
- case CKA_VALUE: return type_opaque;
- case CKA_CERTIFICATE_TYPE: return type_long;
- case CKA_ISSUER: return type_opaque;
- case CKA_SERIAL_NUMBER: return type_opaque;
- case CKA_KEY_TYPE: return type_long;
- case CKA_SUBJECT: return type_opaque;
- case CKA_ID: return type_opaque;
- case CKA_SENSITIVE: return type_byte;
- case CKA_ENCRYPT: return type_byte;
- case CKA_DECRYPT: return type_byte;
- case CKA_WRAP: return type_byte;
- case CKA_UNWRAP: return type_byte;
- case CKA_SIGN: return type_byte;
- case CKA_SIGN_RECOVER: return type_byte;
- case CKA_VERIFY: return type_byte;
- case CKA_VERIFY_RECOVER: return type_byte;
- case CKA_DERIVE: return type_byte;
- case CKA_START_DATE: return type_opaque;
- case CKA_END_DATE: return type_opaque;
- case CKA_MODULUS: return type_opaque;
- case CKA_MODULUS_BITS: return type_long;
- case CKA_PUBLIC_EXPONENT: return type_opaque;
- case CKA_PRIVATE_EXPONENT: return type_opaque;
- case CKA_PRIME_1: return type_opaque;
- case CKA_PRIME_2: return type_opaque;
- case CKA_EXPONENT_1: return type_opaque;
- case CKA_EXPONENT_2: return type_opaque;
- case CKA_COEFFICIENT: return type_opaque;
- case CKA_PRIME: return type_opaque;
- case CKA_SUBPRIME: return type_opaque;
- case CKA_BASE: return type_opaque;
- case CKA_VALUE_BITS: return type_long;
- case CKA_VALUE_LEN: return type_long;
- case CKA_EXTRACTABLE: return type_byte;
- case CKA_LOCAL: return type_byte;
- case CKA_NEVER_EXTRACTABLE: return type_byte;
- case CKA_ALWAYS_SENSITIVE: return type_byte;
- case CKA_MODIFIABLE: return type_byte;
- case CKA_NETSCAPE_URL: return type_opaque;
- case CKA_NETSCAPE_EMAIL: return type_opaque;
- case CKA_NETSCAPE_SMIME_INFO: return type_opaque;
- case CKA_NETSCAPE_SMIME_TIMESTAMP: return type_opaque;
- case CKA_NETSCAPE_PKCS8_SALT: return type_opaque;
- case CKA_NETSCAPE_PASSWORD_CHECK: return type_opaque;
- case CKA_NETSCAPE_EXPIRES: return type_opaque;
- case CKA_TRUST_DIGITAL_SIGNATURE: return type_long;
- case CKA_TRUST_NON_REPUDIATION: return type_long;
- case CKA_TRUST_KEY_ENCIPHERMENT: return type_long;
- case CKA_TRUST_DATA_ENCIPHERMENT: return type_long;
- case CKA_TRUST_KEY_AGREEMENT: return type_long;
- case CKA_TRUST_KEY_CERT_SIGN: return type_long;
- case CKA_TRUST_CRL_SIGN: return type_long;
- case CKA_TRUST_SERVER_AUTH: return type_long;
- case CKA_TRUST_CLIENT_AUTH: return type_long;
- case CKA_TRUST_CODE_SIGNING: return type_long;
- case CKA_TRUST_EMAIL_PROTECTION: return type_long;
- case CKA_TRUST_IPSEC_END_SYSTEM: return type_long;
- case CKA_TRUST_IPSEC_TUNNEL: return type_long;
- case CKA_TRUST_IPSEC_USER: return type_long;
- case CKA_TRUST_TIME_STAMPING: return type_long;
- case CKA_NETSCAPE_DB: return type_opaque;
- case CKA_NETSCAPE_TRUST: return type_opaque;
- default: return type_opaque;
- }
-}
-
-static void
-nss_dbm_db_swap_copy
-(
- CK_ATTRIBUTE_TYPE type,
- void *dest,
- void *src,
- CK_ULONG len
-)
-{
- switch( nss_dbm_db_swap_type(type) ) {
- case type_byte:
- case type_opaque:
- (void)memcpy(dest, src, len);
- break;
- case type_short:
- {
- CK_USHORT s, d;
- (void)memcpy(&s, src, sizeof(CK_USHORT));
- d = htons(s);
- (void)memcpy(dest, &d, sizeof(CK_USHORT));
- break;
- }
- case type_long:
- {
- CK_ULONG s, d;
- (void)memcpy(&s, src, sizeof(CK_ULONG));
- d = htonl(s);
- (void)memcpy(dest, &d, sizeof(CK_ULONG));
- break;
- }
- }
-}
-
-static CK_RV
-nss_dbm_db_wrap_object
-(
- NSSArena *arena,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- DBT *object
-)
-{
- CK_ULONG object_size;
- CK_ULONG i;
- CK_ULONG *pulData;
- char *pcData;
- CK_ULONG offset;
-
- object_size = (1 + ulAttributeCount*3) * sizeof(CK_ULONG);
- offset = object_size;
- for( i = 0; i < ulAttributeCount; i++ ) {
- object_size += pTemplate[i].ulValueLen;
- }
-
- object->size = object_size;
- object->data = nss_ZAlloc(arena, object_size);
- if( (void *)NULL == object->data ) {
- return CKR_HOST_MEMORY;
- }
-
- pulData = (CK_ULONG *)object->data;
- pcData = (char *)object->data;
-
- pulData[0] = htonl(ulAttributeCount);
- for( i = 0; i < ulAttributeCount; i++ ) {
- CK_ULONG len = pTemplate[i].ulValueLen;
- pulData[1 + i*3] = htonl(pTemplate[i].type);
- pulData[2 + i*3] = htonl(len);
- pulData[3 + i*3] = htonl(offset);
- nss_dbm_db_swap_copy(pTemplate[i].type, &pcData[offset], pTemplate[i].pValue, len);
- offset += len;
- }
-
- return CKR_OK;
-}
-
-static CK_RV
-nss_dbm_db_unwrap_object
-(
- NSSArena *arena,
- DBT *object,
- CK_ATTRIBUTE_PTR *ppTemplate,
- CK_ULONG *pulAttributeCount
-)
-{
- CK_ULONG *pulData;
- char *pcData;
- CK_ULONG n, i;
- CK_ATTRIBUTE_PTR pTemplate;
-
- pulData = (CK_ULONG *)object->data;
- pcData = (char *)object->data;
-
- n = ntohl(pulData[0]);
- *pulAttributeCount = n;
- pTemplate = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, n);
- if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) {
- return CKR_HOST_MEMORY;
- }
-
- for( i = 0; i < n; i++ ) {
- CK_ULONG len;
- CK_ULONG offset;
- void *p;
-
- pTemplate[i].type = ntohl(pulData[1 + i*3]);
- len = ntohl(pulData[2 + i*3]);
- offset = ntohl(pulData[3 + i*3]);
-
- p = nss_ZAlloc(arena, len);
- if( (void *)NULL == p ) {
- return CKR_HOST_MEMORY;
- }
-
- nss_dbm_db_swap_copy(pTemplate[i].type, p, &pcData[offset], len);
- pTemplate[i].ulValueLen = len;
- pTemplate[i].pValue = p;
- }
-
- *ppTemplate = pTemplate;
- return CKR_OK;
-}
-
-
-NSS_IMPLEMENT nss_dbm_dbt_t *
-nss_dbm_db_create_object
-(
- NSSArena *arena,
- nss_dbm_db_t *db,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError,
- CK_ULONG *pdbrv
-)
-{
- NSSArena *tmparena = (NSSArena *)NULL;
- nss_dbm_dbt_t *rv = (nss_dbm_dbt_t *)NULL;
- DBT object;
-
- rv = nss_ZNEW(arena, nss_dbm_dbt_t);
- if( (nss_dbm_dbt_t *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (nss_dbm_dbt_t *)NULL;
- }
-
- rv->my_db = db;
- rv->dbt.size = sizeof(struct handle);
- rv->dbt.data = nss_ZAlloc(arena, rv->dbt.size);
- if( (void *)NULL == rv->dbt.data ) {
- *pError = CKR_HOST_MEMORY;
- return (nss_dbm_dbt_t *)NULL;
- }
-
- *pdbrv = nss_dbm_db_new_handle(db, &rv->dbt, pError);
- if( 0 != *pdbrv ) {
- return (nss_dbm_dbt_t *)NULL;
- }
-
- tmparena = NSSArena_Create();
- if( (NSSArena *)NULL == tmparena ) {
- *pError = CKR_HOST_MEMORY;
- return (nss_dbm_dbt_t *)NULL;
- }
-
- *pError = nss_dbm_db_wrap_object(tmparena, pTemplate, ulAttributeCount, &object);
- if( CKR_OK != *pError ) {
- return (nss_dbm_dbt_t *)NULL;
- }
-
- /* Locked region */
- {
- *pError = NSSCKFWMutex_Lock(db->crustylock);
- if( CKR_OK != *pError ) {
- goto loser;
- }
-
- *pdbrv = db->db->put(db->db, &rv->dbt, &object, 0);
- if( 0 != *pdbrv ) {
- *pError = CKR_DEVICE_ERROR;
- }
-
- (void)db->db->sync(db->db, 0);
-
- (void)NSSCKFWMutex_Unlock(db->crustylock);
- }
-
- loser:
- if( (NSSArena *)NULL != tmparena ) {
- (void)NSSArena_Destroy(tmparena);
- }
-
- return rv;
-}
-
-
-NSS_IMPLEMENT CK_RV
-nss_dbm_db_find_objects
-(
- nss_dbm_find_t *find,
- nss_dbm_db_t *db,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_ULONG *pdbrv
-)
-{
- CK_RV rv = CKR_OK;
-
- if( (nss_dbm_db_t *)NULL != db ) {
- DBT k, v;
-
- rv = NSSCKFWMutex_Lock(db->crustylock);
- if( CKR_OK != rv ) {
- return rv;
- }
-
- *pdbrv = db->db->seq(db->db, &k, &v, R_FIRST);
- while( 0 == *pdbrv ) {
- CK_ULONG i, j;
- NSSArena *tmparena = (NSSArena *)NULL;
- CK_ULONG ulac;
- CK_ATTRIBUTE_PTR pt;
-
- if( (k.size < 4) || (0 != memcmp(k.data, PREFIX_OBJECT, 4)) ) {
- goto nomatch;
- }
-
- tmparena = NSSArena_Create();
-
- rv = nss_dbm_db_unwrap_object(tmparena, &v, &pt, &ulac);
- if( CKR_OK != rv ) {
- goto loser;
- }
-
- for( i = 0; i < ulAttributeCount; i++ ) {
- for( j = 0; j < ulac; j++ ) {
- if( pTemplate[i].type == pt[j].type ) {
- if( pTemplate[i].ulValueLen != pt[j].ulValueLen ) {
- goto nomatch;
- }
- if( 0 != memcmp(pTemplate[i].pValue, pt[j].pValue, pt[j].ulValueLen) ) {
- goto nomatch;
- }
- break;
- }
- }
- if( j == ulac ) {
- goto nomatch;
- }
- }
-
- /* entire template matches */
- {
- struct nss_dbm_dbt_node *node;
-
- node = nss_ZNEW(find->arena, struct nss_dbm_dbt_node);
- if( (struct nss_dbm_dbt_node *)NULL == node ) {
- rv = CKR_HOST_MEMORY;
- goto loser;
- }
-
- node->dbt = nss_ZNEW(find->arena, nss_dbm_dbt_t);
- if( (nss_dbm_dbt_t *)NULL == node->dbt ) {
- rv = CKR_HOST_MEMORY;
- goto loser;
- }
-
- node->dbt->dbt.size = k.size;
- node->dbt->dbt.data = nss_ZAlloc(find->arena, k.size);
- if( (void *)NULL == node->dbt->dbt.data ) {
- rv = CKR_HOST_MEMORY;
- goto loser;
- }
-
- (void)memcpy(node->dbt->dbt.data, k.data, k.size);
-
- node->dbt->my_db = db;
-
- node->next = find->found;
- find->found = node;
- }
-
- nomatch:
- if( (NSSArena *)NULL != tmparena ) {
- (void)NSSArena_Destroy(tmparena);
- }
- *pdbrv = db->db->seq(db->db, &k, &v, R_NEXT);
- }
-
- if( *pdbrv < 0 ) {
- rv = CKR_DEVICE_ERROR;
- goto loser;
- }
-
- rv = CKR_OK;
-
- loser:
- (void)NSSCKFWMutex_Unlock(db->crustylock);
- }
-
- return rv;
-}
-
-NSS_IMPLEMENT CK_BBOOL
-nss_dbm_db_object_still_exists
-(
- nss_dbm_dbt_t *dbt
-)
-{
- CK_BBOOL rv;
- CK_RV ckrv;
- int dbrv;
- DBT object;
-
- ckrv = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
- if( CKR_OK != ckrv ) {
- return CK_FALSE;
- }
-
- dbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
- if( 0 == dbrv ) {
- rv = CK_TRUE;
- } else {
- rv = CK_FALSE;
- }
-
- (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
-
- return rv;
-}
-
-NSS_IMPLEMENT CK_ULONG
-nss_dbm_db_get_object_attribute_count
-(
- nss_dbm_dbt_t *dbt,
- CK_RV *pError,
- CK_ULONG *pdbrv
-)
-{
- CK_ULONG rv = 0;
- DBT object;
- CK_ULONG *pulData;
-
- /* Locked region */
- {
- *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
- if( CKR_OK != *pError ) {
- return rv;
- }
-
- *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
- if( 0 == *pdbrv ) {
- ;
- } else if( *pdbrv > 0 ) {
- *pError = CKR_OBJECT_HANDLE_INVALID;
- goto done;
- } else {
- *pError = CKR_DEVICE_ERROR;
- goto done;
- }
-
- pulData = (CK_ULONG *)object.data;
- rv = ntohl(pulData[0]);
-
- done:
- (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
- }
-
- return rv;
-}
-
-NSS_IMPLEMENT CK_RV
-nss_dbm_db_get_object_attribute_types
-(
- nss_dbm_dbt_t *dbt,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount,
- CK_ULONG *pdbrv
-)
-{
- CK_RV rv = CKR_OK;
- DBT object;
- CK_ULONG *pulData;
- CK_ULONG n, i;
-
- /* Locked region */
- {
- rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
- if( CKR_OK != rv ) {
- return rv;
- }
-
- *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
- if( 0 == *pdbrv ) {
- ;
- } else if( *pdbrv > 0 ) {
- rv = CKR_OBJECT_HANDLE_INVALID;
- goto done;
- } else {
- rv = CKR_DEVICE_ERROR;
- goto done;
- }
-
- pulData = (CK_ULONG *)object.data;
- n = ntohl(pulData[0]);
-
- if( ulCount < n ) {
- rv = CKR_BUFFER_TOO_SMALL;
- goto done;
- }
-
- for( i = 0; i < n; i++ ) {
- typeArray[i] = ntohl(pulData[1 + i*3]);
- }
-
- done:
- (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
- }
-
- return rv;
-}
-
-NSS_IMPLEMENT CK_ULONG
-nss_dbm_db_get_object_attribute_size
-(
- nss_dbm_dbt_t *dbt,
- CK_ATTRIBUTE_TYPE type,
- CK_RV *pError,
- CK_ULONG *pdbrv
-)
-{
- CK_ULONG rv = 0;
- DBT object;
- CK_ULONG *pulData;
- CK_ULONG n, i;
-
- /* Locked region */
- {
- *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
- if( CKR_OK != *pError ) {
- return rv;
- }
-
- *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
- if( 0 == *pdbrv ) {
- ;
- } else if( *pdbrv > 0 ) {
- *pError = CKR_OBJECT_HANDLE_INVALID;
- goto done;
- } else {
- *pError = CKR_DEVICE_ERROR;
- goto done;
- }
-
- pulData = (CK_ULONG *)object.data;
- n = ntohl(pulData[0]);
-
- for( i = 0; i < n; i++ ) {
- if( type == ntohl(pulData[1 + i*3]) ) {
- rv = ntohl(pulData[2 + i*3]);
- }
- }
-
- if( i == n ) {
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- goto done;
- }
-
- done:
- (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
- }
-
- return rv;
-}
-
-NSS_IMPLEMENT NSSItem *
-nss_dbm_db_get_object_attribute
-(
- nss_dbm_dbt_t *dbt,
- NSSArena *arena,
- CK_ATTRIBUTE_TYPE type,
- CK_RV *pError,
- CK_ULONG *pdbrv
-)
-{
- NSSItem *rv = (NSSItem *)NULL;
- DBT object;
- CK_ULONG i;
- NSSArena *tmp = NSSArena_Create();
- CK_ATTRIBUTE_PTR pTemplate;
- CK_ULONG ulAttributeCount;
-
- /* Locked region */
- {
- *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
- if( CKR_OK != *pError ) {
- goto loser;
- }
-
- *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
- if( 0 == *pdbrv ) {
- ;
- } else if( *pdbrv > 0 ) {
- *pError = CKR_OBJECT_HANDLE_INVALID;
- goto done;
- } else {
- *pError = CKR_DEVICE_ERROR;
- goto done;
- }
-
- *pError = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount);
- if( CKR_OK != *pError ) {
- goto done;
- }
-
- for( i = 0; i < ulAttributeCount; i++ ) {
- if( type == pTemplate[i].type ) {
- rv = nss_ZNEW(arena, NSSItem);
- if( (NSSItem *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- goto done;
- }
- rv->size = pTemplate[i].ulValueLen;
- rv->data = nss_ZAlloc(arena, rv->size);
- if( (void *)NULL == rv->data ) {
- *pError = CKR_HOST_MEMORY;
- goto done;
- }
- (void)memcpy(rv->data, pTemplate[i].pValue, rv->size);
- break;
- }
- }
- if( ulAttributeCount == i ) {
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- goto done;
- }
-
- done:
- (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
- }
-
- loser:
- if( (NSSArena *)NULL != tmp ) {
- NSSArena_Destroy(tmp);
- }
-
- return rv;
-}
-
-NSS_IMPLEMENT CK_RV
-nss_dbm_db_set_object_attribute
-(
- nss_dbm_dbt_t *dbt,
- CK_ATTRIBUTE_TYPE type,
- NSSItem *value,
- CK_ULONG *pdbrv
-)
-{
- CK_RV rv = CKR_OK;
- DBT object;
- CK_ULONG i;
- NSSArena *tmp = NSSArena_Create();
- CK_ATTRIBUTE_PTR pTemplate;
- CK_ULONG ulAttributeCount;
-
- /* Locked region */
- {
- rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
- if( CKR_OK != rv ) {
- goto loser;
- }
-
- *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
- if( 0 == *pdbrv ) {
- ;
- } else if( *pdbrv > 0 ) {
- rv = CKR_OBJECT_HANDLE_INVALID;
- goto done;
- } else {
- rv = CKR_DEVICE_ERROR;
- goto done;
- }
-
- rv = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount);
- if( CKR_OK != rv ) {
- goto done;
- }
-
- for( i = 0; i < ulAttributeCount; i++ ) {
- if( type == pTemplate[i].type ) {
- /* Replacing an existing attribute */
- pTemplate[i].ulValueLen = value->size;
- pTemplate[i].pValue = value->data;
- break;
- }
- }
-
- if( i == ulAttributeCount ) {
- /* Adding a new attribute */
- CK_ATTRIBUTE_PTR npt = nss_ZNEWARRAY(tmp, CK_ATTRIBUTE, ulAttributeCount+1);
- if( (CK_ATTRIBUTE_PTR)NULL == npt ) {
- rv = CKR_DEVICE_ERROR;
- goto done;
- }
-
- for( i = 0; i < ulAttributeCount; i++ ) {
- npt[i] = pTemplate[i];
- }
-
- npt[ulAttributeCount].type = type;
- npt[ulAttributeCount].ulValueLen = value->size;
- npt[ulAttributeCount].pValue = value->data;
-
- pTemplate = npt;
- ulAttributeCount++;
- }
-
- rv = nss_dbm_db_wrap_object(tmp, pTemplate, ulAttributeCount, &object);
- if( CKR_OK != rv ) {
- goto done;
- }
-
- *pdbrv = dbt->my_db->db->put(dbt->my_db->db, &dbt->dbt, &object, 0);
- if( 0 != *pdbrv ) {
- rv = CKR_DEVICE_ERROR;
- goto done;
- }
-
- (void)dbt->my_db->db->sync(dbt->my_db->db, 0);
-
- done:
- (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
- }
-
- loser:
- if( (NSSArena *)NULL != tmp ) {
- NSSArena_Destroy(tmp);
- }
-
- return rv;
-}
diff --git a/security/nss/lib/ckfw/dbm/find.c b/security/nss/lib/ckfw/dbm/find.c
deleted file mode 100644
index 81fe5d8fb..000000000
--- a/security/nss/lib/ckfw/dbm/find.c
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "ckdbm.h"
-
-static void
-nss_dbm_mdFindObjects_Final
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc;
-
- /* Locks might have system resources associated */
- (void)NSSCKFWMutex_Destroy(find->list_lock);
- (void)NSSArena_Destroy(find->arena);
-}
-
-
-static NSSCKMDObject *
-nss_dbm_mdFindObjects_Next
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
-{
- nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc;
- struct nss_dbm_dbt_node *node;
- nss_dbm_object_t *object;
- NSSCKMDObject *rv;
-
- while(1) {
- /* Lock */
- {
- *pError = NSSCKFWMutex_Lock(find->list_lock);
- if( CKR_OK != *pError ) {
- return (NSSCKMDObject *)NULL;
- }
-
- node = find->found;
- if( (struct nss_dbm_dbt_node *)NULL != node ) {
- find->found = node->next;
- }
-
- *pError = NSSCKFWMutex_Unlock(find->list_lock);
- if( CKR_OK != *pError ) {
- /* screwed now */
- return (NSSCKMDObject *)NULL;
- }
- }
-
- if( (struct nss_dbm_dbt_node *)NULL == node ) {
- break;
- }
-
- if( nss_dbm_db_object_still_exists(node->dbt) ) {
- break;
- }
- }
-
- if( (struct nss_dbm_dbt_node *)NULL == node ) {
- *pError = CKR_OK;
- return (NSSCKMDObject *)NULL;
- }
-
- object = nss_ZNEW(arena, nss_dbm_object_t);
- if( (nss_dbm_object_t *)NULL == object ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDObject *)NULL;
- }
-
- object->arena = arena;
- object->handle = nss_ZNEW(arena, nss_dbm_dbt_t);
- if( (nss_dbm_dbt_t *)NULL == object->handle ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDObject *)NULL;
- }
-
- object->handle->my_db = node->dbt->my_db;
- object->handle->dbt.size = node->dbt->dbt.size;
- object->handle->dbt.data = nss_ZAlloc(arena, node->dbt->dbt.size);
- if( (void *)NULL == object->handle->dbt.data ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDObject *)NULL;
- }
-
- (void)memcpy(object->handle->dbt.data, node->dbt->dbt.data, node->dbt->dbt.size);
-
- rv = nss_dbm_mdObject_factory(object, pError);
- if( (NSSCKMDObject *)NULL == rv ) {
- return (NSSCKMDObject *)NULL;
- }
-
- return rv;
-}
-
-NSS_IMPLEMENT NSSCKMDFindObjects *
-nss_dbm_mdFindObjects_factory
-(
- nss_dbm_find_t *find,
- CK_RV *pError
-)
-{
- NSSCKMDFindObjects *rv;
-
- rv = nss_ZNEW(find->arena, NSSCKMDFindObjects);
- if( (NSSCKMDFindObjects *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDFindObjects *)NULL;
- }
-
- rv->etc = (void *)find;
- rv->Final = nss_dbm_mdFindObjects_Final;
- rv->Next = nss_dbm_mdFindObjects_Next;
-
- return rv;
-}
diff --git a/security/nss/lib/ckfw/dbm/instance.c b/security/nss/lib/ckfw/dbm/instance.c
deleted file mode 100644
index 70681803f..000000000
--- a/security/nss/lib/ckfw/dbm/instance.c
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "ckdbm.h"
-
-static CK_RV
-nss_dbm_mdInstance_Initialize
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSUTF8 *configurationData
-)
-{
- CK_RV rv = CKR_OK;
- NSSArena *arena;
- nss_dbm_instance_t *instance;
-
- arena = NSSCKFWInstance_GetArena(fwInstance, &rv);
- if( ((NSSArena *)NULL == arena) && (CKR_OK != rv) ) {
- return rv;
- }
-
- instance = nss_ZNEW(arena, nss_dbm_instance_t);
- if( (nss_dbm_instance_t *)NULL == instance ) {
- return CKR_HOST_MEMORY;
- }
-
- instance->arena = arena;
-
- /*
- * This should parse the configuration data for information on
- * number and locations of databases, modes (e.g. readonly), etc.
- * But for now, we'll have one slot with a creatable read-write
- * database called "cert8.db."
- */
-
- instance->nSlots = 1;
- instance->filenames = nss_ZNEWARRAY(arena, char *, instance->nSlots);
- if( (char **)NULL == instance->filenames ) {
- return CKR_HOST_MEMORY;
- }
-
- instance->flags = nss_ZNEWARRAY(arena, int, instance->nSlots);
- if( (int *)NULL == instance->flags ) {
- return CKR_HOST_MEMORY;
- }
-
- instance->filenames[0] = "cert8.db";
- instance->flags[0] = O_RDWR|O_CREAT;
-
- mdInstance->etc = (void *)instance;
- return CKR_OK;
-}
-
-/* nss_dbm_mdInstance_Finalize is not required */
-
-static CK_ULONG
-nss_dbm_mdInstance_GetNSlots
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc;
- return instance->nSlots;
-}
-
-static CK_VERSION
-nss_dbm_mdInstance_GetCryptokiVersion
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- static CK_VERSION rv = { 2, 1 };
- return rv;
-}
-
-static NSSUTF8 *
-nss_dbm_mdInstance_GetManufacturerID
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return "Netscape Communications Corp.";
-}
-
-static NSSUTF8 *
-nss_dbm_mdInstance_GetLibraryDescription
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return "Berkeley Database Module";
-}
-
-static CK_VERSION
-nss_dbm_mdInstance_GetLibraryVersion
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- static CK_VERSION rv = { 1, 0 }; /* My own version number */
- return rv;
-}
-
-static CK_BBOOL
-nss_dbm_mdInstance_ModuleHandlesSessionObjects
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- return CK_TRUE;
-}
-
-static CK_RV
-nss_dbm_mdInstance_GetSlots
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *slots[]
-)
-{
- nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc;
- CK_ULONG i;
- CK_RV rv = CKR_OK;
-
- for( i = 0; i < instance->nSlots; i++ ) {
- slots[i] = nss_dbm_mdSlot_factory(instance, instance->filenames[i],
- instance->flags[i], &rv);
- if( (NSSCKMDSlot *)NULL == slots[i] ) {
- return rv;
- }
- }
-
- return rv;
-}
-
-/* nss_dbm_mdInstance_WaitForSlotEvent is not relevant */
-
-NSS_IMPLEMENT_DATA NSSCKMDInstance
-nss_dbm_mdInstance = {
- NULL, /* etc; filled in later */
- nss_dbm_mdInstance_Initialize,
- NULL, /* nss_dbm_mdInstance_Finalize */
- nss_dbm_mdInstance_GetNSlots,
- nss_dbm_mdInstance_GetCryptokiVersion,
- nss_dbm_mdInstance_GetManufacturerID,
- nss_dbm_mdInstance_GetLibraryDescription,
- nss_dbm_mdInstance_GetLibraryVersion,
- nss_dbm_mdInstance_ModuleHandlesSessionObjects,
- nss_dbm_mdInstance_GetSlots,
- NULL, /* nss_dbm_mdInstance_WaitForSlotEvent */
- NULL /* terminator */
-};
diff --git a/security/nss/lib/ckfw/dbm/manifest.mn b/security/nss/lib/ckfw/dbm/manifest.mn
deleted file mode 100644
index 193e46bef..000000000
--- a/security/nss/lib/ckfw/dbm/manifest.mn
+++ /dev/null
@@ -1,54 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-CORE_DEPTH = ../../../..
-
-MODULE = security
-
-CSRCS = \
- anchor.c \
- instance.c \
- slot.c \
- token.c \
- session.c \
- object.c \
- find.c \
- db.c \
- $(NULL)
-
-REQUIRES = security dbm nspr
-
-LIBRARY_NAME = nssckdbm
-
-EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -ldbm -lnspr4 -lplc4 -lplds4
diff --git a/security/nss/lib/ckfw/dbm/object.c b/security/nss/lib/ckfw/dbm/object.c
deleted file mode 100644
index 2bd7578fd..000000000
--- a/security/nss/lib/ckfw/dbm/object.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "ckdbm.h"
-
-static void
-nss_dbm_mdObject_Finalize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- ;
-}
-
-static CK_RV
-nss_dbm_mdObject_Destroy
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
- return nss_dbm_db_delete_object(object->handle);
-}
-
-static CK_ULONG
-nss_dbm_mdObject_GetAttributeCount
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
- nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
- return nss_dbm_db_get_object_attribute_count(object->handle, pError,
- &session->deviceError);
-}
-
-static CK_RV
-nss_dbm_mdObject_GetAttributeTypes
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-)
-{
- nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
- nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
- return nss_dbm_db_get_object_attribute_types(object->handle, typeArray,
- ulCount, &session->deviceError);
-}
-
-static CK_ULONG
-nss_dbm_mdObject_GetAttributeSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
-{
- nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
- nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
- return nss_dbm_db_get_object_attribute_size(object->handle, attribute, pError,
- &session->deviceError);
-}
-
-static NSSItem *
-nss_dbm_mdObject_GetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
-{
- nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
- nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
- return nss_dbm_db_get_object_attribute(object->handle, object->arena, attribute,
- pError, &session->deviceError);
-}
-
-static CK_RV
-nss_dbm_mdObject_SetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
-)
-{
- nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
- nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
- return nss_dbm_db_set_object_attribute(object->handle, attribute, value,
- &session->deviceError);
-}
-
-NSS_IMPLEMENT NSSCKMDObject *
-nss_dbm_mdObject_factory
-(
- nss_dbm_object_t *object,
- CK_RV *pError
-)
-{
- NSSCKMDObject *rv;
-
- rv = nss_ZNEW(object->arena, NSSCKMDObject);
- if( (NSSCKMDObject *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDObject *)NULL;
- }
-
- rv->etc = (void *)object;
- rv->Finalize = nss_dbm_mdObject_Finalize;
- rv->Destroy = nss_dbm_mdObject_Destroy;
- /* IsTokenObject can be deferred */
- rv->GetAttributeCount = nss_dbm_mdObject_GetAttributeCount;
- rv->GetAttributeTypes = nss_dbm_mdObject_GetAttributeTypes;
- rv->GetAttributeSize = nss_dbm_mdObject_GetAttributeSize;
- rv->GetAttribute = nss_dbm_mdObject_GetAttribute;
- rv->SetAttribute = nss_dbm_mdObject_SetAttribute;
- /* GetObjectSize can be deferred */
-
- return rv;
-}
diff --git a/security/nss/lib/ckfw/dbm/session.c b/security/nss/lib/ckfw/dbm/session.c
deleted file mode 100644
index c0969d948..000000000
--- a/security/nss/lib/ckfw/dbm/session.c
+++ /dev/null
@@ -1,298 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "ckdbm.h"
-
-static void
-nss_dbm_mdSession_Close
-(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
-
- struct nss_dbm_dbt_node *w;
-
- /* Lock */
- {
- if( CKR_OK != NSSCKFWMutex_Lock(session->list_lock) ) {
- return;
- }
-
- w = session->session_objects;
- session->session_objects = (struct nss_dbm_dbt_node *)NULL; /* sanity */
-
- (void)NSSCKFWMutex_Unlock(session->list_lock);
- }
-
- for( ; (struct nss_dbm_dbt_node *)NULL != w; w = w->next ) {
- (void)nss_dbm_db_delete_object(w->dbt);
- }
-}
-
-static CK_ULONG
-nss_dbm_mdSession_GetDeviceError
-(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
- return session->deviceError;
-}
-
-/* Login isn't needed */
-/* Logout isn't needed */
-/* InitPIN is irrelevant */
-/* SetPIN is irrelevant */
-/* GetOperationStateLen is irrelevant */
-/* GetOperationState is irrelevant */
-/* SetOperationState is irrelevant */
-
-static NSSCKMDObject *
-nss_dbm_mdSession_CreateObject
-(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *handyArenaPointer,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
-{
- nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
- nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
- CK_ULONG i;
- CK_BBOOL isToken = CK_FALSE; /* defaults to false */
- NSSCKMDObject *rv;
- struct nss_dbm_dbt_node *node = (struct nss_dbm_dbt_node *)NULL;
- nss_dbm_object_t *object;
- nss_dbm_db_t *which_db;
-
- /* This framework should really pass this to me */
- for( i = 0; i < ulAttributeCount; i++ ) {
- if( CKA_TOKEN == pTemplate[i].type ) {
- isToken = *(CK_BBOOL *)pTemplate[i].pValue;
- break;
- }
- }
-
- object = nss_ZNEW(handyArenaPointer, nss_dbm_object_t);
- if( (nss_dbm_object_t *)NULL == object ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDObject *)NULL;
- }
-
- object->arena = handyArenaPointer;
- which_db = isToken ? token->slot->token_db : token->session_db;
-
- /* Do this before the actual database call; it's easier to recover from */
- rv = nss_dbm_mdObject_factory(object, pError);
- if( (NSSCKMDObject *)NULL == rv ) {
- return (NSSCKMDObject *)NULL;
- }
-
- if( CK_FALSE == isToken ) {
- node = nss_ZNEW(session->arena, struct nss_dbm_dbt_node);
- if( (struct nss_dbm_dbt_node *)NULL == node ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDObject *)NULL;
- }
- }
-
- object->handle = nss_dbm_db_create_object(handyArenaPointer, which_db,
- pTemplate, ulAttributeCount,
- pError, &session->deviceError);
- if( (nss_dbm_dbt_t *)NULL == object->handle ) {
- return (NSSCKMDObject *)NULL;
- }
-
- if( CK_FALSE == isToken ) {
- node->dbt = object->handle;
- /* Lock */
- {
- *pError = NSSCKFWMutex_Lock(session->list_lock);
- if( CKR_OK != *pError ) {
- (void)nss_dbm_db_delete_object(object->handle);
- return (NSSCKMDObject *)NULL;
- }
-
- node->next = session->session_objects;
- session->session_objects = node;
-
- *pError = NSSCKFWMutex_Unlock(session->list_lock);
- }
- }
-
- return rv;
-}
-
-/* CopyObject isn't needed; the framework will use CreateObject */
-
-static NSSCKMDFindObjects *
-nss_dbm_mdSession_FindObjectsInit
-(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
-{
- nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
- nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
- NSSArena *arena;
- nss_dbm_find_t *find;
- NSSCKMDFindObjects *rv;
-
- arena = NSSArena_Create();
- if( (NSSArena *)NULL == arena ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- find = nss_ZNEW(arena, nss_dbm_find_t);
- if( (nss_dbm_find_t *)NULL == find ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- find->arena = arena;
- find->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError);
- if( (NSSCKFWMutex *)NULL == find->list_lock ) {
- goto loser;
- }
-
- *pError = nss_dbm_db_find_objects(find, token->slot->token_db, pTemplate,
- ulAttributeCount, &session->deviceError);
- if( CKR_OK != *pError ) {
- goto loser;
- }
-
- *pError = nss_dbm_db_find_objects(find, token->session_db, pTemplate,
- ulAttributeCount, &session->deviceError);
- if( CKR_OK != *pError ) {
- goto loser;
- }
-
- rv = nss_dbm_mdFindObjects_factory(find, pError);
- if( (NSSCKMDFindObjects *)NULL == rv ) {
- goto loser;
- }
-
- return rv;
-
- loser:
- if( (NSSArena *)NULL != arena ) {
- (void)NSSArena_Destroy(arena);
- }
-
- return (NSSCKMDFindObjects *)NULL;
-}
-
-/* SeedRandom is irrelevant */
-/* GetRandom is irrelevant */
-
-NSS_IMPLEMENT NSSCKMDSession *
-nss_dbm_mdSession_factory
-(
- nss_dbm_token_t *token,
- NSSCKFWSession *fwSession,
- NSSCKFWInstance *fwInstance,
- CK_BBOOL rw,
- CK_RV *pError
-)
-{
- NSSArena *arena;
- nss_dbm_session_t *session;
- NSSCKMDSession *rv;
-
- arena = NSSCKFWSession_GetArena(fwSession, pError);
-
- session = nss_ZNEW(arena, nss_dbm_session_t);
- if( (nss_dbm_session_t *)NULL == session ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDSession *)NULL;
- }
-
- rv = nss_ZNEW(arena, NSSCKMDSession);
- if( (NSSCKMDSession *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDSession *)NULL;
- }
-
- session->arena = arena;
- session->token = token;
- session->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError);
- if( (NSSCKFWMutex *)NULL == session->list_lock ) {
- return (NSSCKMDSession *)NULL;
- }
-
- rv->etc = (void *)session;
- rv->Close = nss_dbm_mdSession_Close;
- rv->GetDeviceError = nss_dbm_mdSession_GetDeviceError;
- /* Login isn't needed */
- /* Logout isn't needed */
- /* InitPIN is irrelevant */
- /* SetPIN is irrelevant */
- /* GetOperationStateLen is irrelevant */
- /* GetOperationState is irrelevant */
- /* SetOperationState is irrelevant */
- rv->CreateObject = nss_dbm_mdSession_CreateObject;
- /* CopyObject isn't needed; the framework will use CreateObject */
- rv->FindObjectsInit = nss_dbm_mdSession_FindObjectsInit;
- rv->null = NULL;
-
- return rv;
-}
diff --git a/security/nss/lib/ckfw/dbm/slot.c b/security/nss/lib/ckfw/dbm/slot.c
deleted file mode 100644
index 40898897a..000000000
--- a/security/nss/lib/ckfw/dbm/slot.c
+++ /dev/null
@@ -1,214 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "ckdbm.h"
-
-static CK_RV
-nss_dbm_mdSlot_Initialize
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc;
- nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc;
- CK_RV rv = CKR_OK;
-
- slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, slot->filename,
- slot->flags, &rv);
- if( (nss_dbm_db_t *)NULL == slot->token_db ) {
- if( CKR_TOKEN_NOT_PRESENT == rv ) {
- /* This is not an error-- just means "the token isn't there" */
- rv = CKR_OK;
- }
- }
-
- return rv;
-}
-
-static void
-nss_dbm_mdSlot_Destroy
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc;
-
- if( (nss_dbm_db_t *)NULL != slot->token_db ) {
- nss_dbm_db_close(slot->token_db);
- slot->token_db = (nss_dbm_db_t *)NULL;
- }
-}
-
-static NSSUTF8 *
-nss_dbm_mdSlot_GetSlotDescription
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return "Database";
-}
-
-static NSSUTF8 *
-nss_dbm_mdSlot_GetManufacturerID
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return "Berkeley";
-}
-
-static CK_BBOOL
-nss_dbm_mdSlot_GetTokenPresent
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc;
-
- if( (nss_dbm_db_t *)NULL == slot->token_db ) {
- return CK_FALSE;
- } else {
- return CK_TRUE;
- }
-}
-
-static CK_BBOOL
-nss_dbm_mdSlot_GetRemovableDevice
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- /*
- * Well, this supports "tokens" (databases) that aren't there, so in
- * that sense they're removable. It'd be nice to handle databases
- * that suddenly disappear (NFS-mounted home directories and network
- * errors, for instance) but that's a harder problem. We'll say
- * we support removable devices, badly.
- */
-
- return CK_TRUE;
-}
-
-/* nss_dbm_mdSlot_GetHardwareSlot defaults to CK_FALSE */
-/*
- * nss_dbm_mdSlot_GetHardwareVersion
- * nss_dbm_mdSlot_GetFirmwareVersion
- *
- * These are kinda fuzzy concepts here. I suppose we could return the
- * Berkeley DB version for one of them, if we had an actual number we
- * were confident in. But mcom's "dbm" has been hacked enough that I
- * don't really know from what "real" version it stems..
- */
-
-static NSSCKMDToken *
-nss_dbm_mdSlot_GetToken
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc;
- return nss_dbm_mdToken_factory(slot, pError);
-}
-
-NSS_IMPLEMENT NSSCKMDSlot *
-nss_dbm_mdSlot_factory
-(
- nss_dbm_instance_t *instance,
- char *filename,
- int flags,
- CK_RV *pError
-)
-{
- nss_dbm_slot_t *slot;
- NSSCKMDSlot *rv;
-
- slot = nss_ZNEW(instance->arena, nss_dbm_slot_t);
- if( (nss_dbm_slot_t *)NULL == slot ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDSlot *)NULL;
- }
-
- slot->instance = instance;
- slot->filename = filename;
- slot->flags = flags;
- slot->token_db = (nss_dbm_db_t *)NULL;
-
- rv = nss_ZNEW(instance->arena, NSSCKMDSlot);
- if( (NSSCKMDSlot *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDSlot *)NULL;
- }
-
- rv->etc = (void *)slot;
- rv->Initialize = nss_dbm_mdSlot_Initialize;
- rv->Destroy = nss_dbm_mdSlot_Destroy;
- rv->GetSlotDescription = nss_dbm_mdSlot_GetSlotDescription;
- rv->GetManufacturerID = nss_dbm_mdSlot_GetManufacturerID;
- rv->GetTokenPresent = nss_dbm_mdSlot_GetTokenPresent;
- rv->GetRemovableDevice = nss_dbm_mdSlot_GetRemovableDevice;
- /* GetHardwareSlot */
- /* GetHardwareVersion */
- /* GetFirmwareVersion */
- rv->GetToken = nss_dbm_mdSlot_GetToken;
- rv->null = (void *)NULL;
-
- return rv;
-}
diff --git a/security/nss/lib/ckfw/dbm/token.c b/security/nss/lib/ckfw/dbm/token.c
deleted file mode 100644
index 7c7fbf9e5..000000000
--- a/security/nss/lib/ckfw/dbm/token.c
+++ /dev/null
@@ -1,315 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "ckdbm.h"
-
-static CK_RV
-nss_dbm_mdToken_Setup
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
- CK_RV rv = CKR_OK;
-
- token->arena = NSSCKFWToken_GetArena(fwToken, &rv);
- token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL,
- O_RDWR|O_CREAT, &rv);
- if( (nss_dbm_db_t *)NULL == token->session_db ) {
- return rv;
- }
-
- /* Add a label record if there isn't one? */
-
- return CKR_OK;
-}
-
-static void
-nss_dbm_mdToken_Invalidate
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
-
- if( (nss_dbm_db_t *)NULL != token->session_db ) {
- nss_dbm_db_close(token->session_db);
- token->session_db = (nss_dbm_db_t *)NULL;
- }
-}
-
-static CK_RV
-nss_dbm_mdToken_InitToken
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *pin,
- NSSUTF8 *label
-)
-{
- nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
- nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc;
- CK_RV rv;
-
- /* Wipe the session object data */
-
- if( (nss_dbm_db_t *)NULL != token->session_db ) {
- nss_dbm_db_close(token->session_db);
- }
-
- token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL,
- O_RDWR|O_CREAT, &rv);
- if( (nss_dbm_db_t *)NULL == token->session_db ) {
- return rv;
- }
-
- /* Wipe the token object data */
-
- if( token->slot->flags & O_RDWR ) {
- if( (nss_dbm_db_t *)NULL != token->slot->token_db ) {
- nss_dbm_db_close(token->slot->token_db);
- }
-
- token->slot->token_db = nss_dbm_db_open(instance->arena, fwInstance,
- token->slot->filename,
- token->slot->flags | O_CREAT | O_TRUNC,
- &rv);
- if( (nss_dbm_db_t *)NULL == token->slot->token_db ) {
- return rv;
- }
-
- /* PIN is irrelevant */
-
- rv = nss_dbm_db_set_label(token->slot->token_db, label);
- if( CKR_OK != rv ) {
- return rv;
- }
- }
-
- return CKR_OK;
-}
-
-static NSSUTF8 *
-nss_dbm_mdToken_GetLabel
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
-
- if( (NSSUTF8 *)NULL == token->label ) {
- token->label = nss_dbm_db_get_label(token->slot->token_db, token->arena, pError);
- }
-
- /* If no label has been set, return *something* */
- if( (NSSUTF8 *)NULL == token->label ) {
- return token->slot->filename;
- }
-
- return token->label;
-}
-
-static NSSUTF8 *
-nss_dbm_mdToken_GetManufacturerID
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return "mozilla.org NSS";
-}
-
-static NSSUTF8 *
-nss_dbm_mdToken_GetModel
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- return "dbm";
-}
-
-/* GetSerialNumber is irrelevant */
-/* GetHasRNG defaults to CK_FALSE */
-
-static CK_BBOOL
-nss_dbm_mdToken_GetIsWriteProtected
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
-
- if( token->slot->flags & O_RDWR ) {
- return CK_FALSE;
- } else {
- return CK_TRUE;
- }
-}
-
-/* GetLoginRequired defaults to CK_FALSE */
-/* GetUserPinInitialized defaults to CK_FALSE */
-/* GetRestoreKeyNotNeeded is irrelevant */
-/* GetHasClockOnToken defaults to CK_FALSE */
-/* GetHasProtectedAuthenticationPath defaults to CK_FALSE */
-/* GetSupportsDualCryptoOperations is irrelevant */
-
-static CK_ULONG
-nss_dbm_mdToken_effectively_infinite
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- return CK_EFFECTIVELY_INFINITE;
-}
-
-static CK_VERSION
-nss_dbm_mdToken_GetHardwareVersion
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
- return nss_dbm_db_get_format_version(token->slot->token_db);
-}
-
-/* GetFirmwareVersion is irrelevant */
-/* GetUTCTime is irrelevant */
-
-static NSSCKMDSession *
-nss_dbm_mdToken_OpenSession
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_BBOOL rw,
- CK_RV *pError
-)
-{
- nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
- return nss_dbm_mdSession_factory(token, fwSession, fwInstance, rw, pError);
-}
-
-/* GetMechanismCount defaults to zero */
-/* GetMechanismTypes is irrelevant */
-/* GetMechanism is irrelevant */
-
-NSS_IMPLEMENT NSSCKMDToken *
-nss_dbm_mdToken_factory
-(
- nss_dbm_slot_t *slot,
- CK_RV *pError
-)
-{
- nss_dbm_token_t *token;
- NSSCKMDToken *rv;
-
- token = nss_ZNEW(slot->instance->arena, nss_dbm_token_t);
- if( (nss_dbm_token_t *)NULL == token ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDToken *)NULL;
- }
-
- rv = nss_ZNEW(slot->instance->arena, NSSCKMDToken);
- if( (NSSCKMDToken *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDToken *)NULL;
- }
-
- token->slot = slot;
-
- rv->etc = (void *)token;
- rv->Setup = nss_dbm_mdToken_Setup;
- rv->Invalidate = nss_dbm_mdToken_Invalidate;
- rv->InitToken = nss_dbm_mdToken_InitToken;
- rv->GetLabel = nss_dbm_mdToken_GetLabel;
- rv->GetManufacturerID = nss_dbm_mdToken_GetManufacturerID;
- rv->GetModel = nss_dbm_mdToken_GetModel;
- /* GetSerialNumber is irrelevant */
- /* GetHasRNG defaults to CK_FALSE */
- rv->GetIsWriteProtected = nss_dbm_mdToken_GetIsWriteProtected;
- /* GetLoginRequired defaults to CK_FALSE */
- /* GetUserPinInitialized defaults to CK_FALSE */
- /* GetRestoreKeyNotNeeded is irrelevant */
- /* GetHasClockOnToken defaults to CK_FALSE */
- /* GetHasProtectedAuthenticationPath defaults to CK_FALSE */
- /* GetSupportsDualCryptoOperations is irrelevant */
- rv->GetMaxSessionCount = nss_dbm_mdToken_effectively_infinite;
- rv->GetMaxRwSessionCount = nss_dbm_mdToken_effectively_infinite;
- /* GetMaxPinLen is irrelevant */
- /* GetMinPinLen is irrelevant */
- /* GetTotalPublicMemory defaults to CK_UNAVAILABLE_INFORMATION */
- /* GetFreePublicMemory defaults to CK_UNAVAILABLE_INFORMATION */
- /* GetTotalPrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */
- /* GetFreePrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */
- rv->GetHardwareVersion = nss_dbm_mdToken_GetHardwareVersion;
- /* GetFirmwareVersion is irrelevant */
- /* GetUTCTime is irrelevant */
- rv->OpenSession = nss_dbm_mdToken_OpenSession;
- rv->null = NULL;
-
- return rv;
-}
diff --git a/security/nss/lib/ckfw/find.c b/security/nss/lib/ckfw/find.c
deleted file mode 100644
index 434e0a162..000000000
--- a/security/nss/lib/ckfw/find.c
+++ /dev/null
@@ -1,408 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * find.c
- *
- * This file implements the nssCKFWFindObjects type and methods.
- */
-
-#ifndef CK_H
-#include "ck.h"
-#endif /* CK_H */
-
-/*
- * NSSCKFWFindObjects
- *
- * -- create/destroy --
- * nssCKFWFindObjects_Create
- * nssCKFWFindObjects_Destroy
- *
- * -- public accessors --
- * NSSCKFWFindObjects_GetMDFindObjects
- *
- * -- implement public accessors --
- * nssCKFWFindObjects_GetMDFindObjects
- *
- * -- private accessors --
- *
- * -- module fronts --
- * nssCKFWFindObjects_Next
- */
-
-struct NSSCKFWFindObjectsStr {
- NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */
- NSSCKMDFindObjects *mdfo1;
- NSSCKMDFindObjects *mdfo2;
- NSSCKFWSession *fwSession;
- NSSCKMDSession *mdSession;
- NSSCKFWToken *fwToken;
- NSSCKMDToken *mdToken;
- NSSCKFWInstance *fwInstance;
- NSSCKMDInstance *mdInstance;
-
- NSSCKMDFindObjects *mdFindObjects; /* varies */
-};
-
-#ifdef DEBUG
-/*
- * But first, the pointer-tracking stuff.
- *
- * NOTE: the pointer-tracking support in NSS/base currently relies
- * upon NSPR's CallOnce support. That, however, relies upon NSPR's
- * locking, which is tied into the runtime. We need a pointer-tracker
- * implementation that uses the locks supplied through C_Initialize.
- * That support, however, can be filled in later. So for now, I'll
- * just do these routines as no-ops.
- */
-
-static CK_RV
-findObjects_add_pointer
-(
- const NSSCKFWFindObjects *fwFindObjects
-)
-{
- return CKR_OK;
-}
-
-static CK_RV
-findObjects_remove_pointer
-(
- const NSSCKFWFindObjects *fwFindObjects
-)
-{
- return CKR_OK;
-}
-
-NSS_IMPLEMENT CK_RV
-nssCKFWFindObjects_verifyPointer
-(
- const NSSCKFWFindObjects *fwFindObjects
-)
-{
- return CKR_OK;
-}
-
-#endif /* DEBUG */
-
-/*
- * nssCKFWFindObjects_Create
- *
- */
-NSS_EXTERN NSSCKFWFindObjects *
-nssCKFWFindObjects_Create
-(
- NSSCKFWSession *fwSession,
- NSSCKFWToken *fwToken,
- NSSCKFWInstance *fwInstance,
- NSSCKMDFindObjects *mdFindObjects1,
- NSSCKMDFindObjects *mdFindObjects2,
- CK_RV *pError
-)
-{
- NSSCKFWFindObjects *fwFindObjects;
- NSSArena *arena;
- NSSCKMDSession *mdSession;
- NSSCKMDToken *mdToken;
- NSSCKMDInstance *mdInstance;
-
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdToken = nssCKFWToken_GetMDToken(fwToken);
- mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
-
- arena = nssCKFWSession_GetArena(fwSession, pError);
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
-
- fwFindObjects = nss_ZNEW(arena, NSSCKFWFindObjects);
- if( (NSSCKFWFindObjects *)NULL == fwFindObjects ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- fwFindObjects->mdfo1 = mdFindObjects1;
- fwFindObjects->mdfo2 = mdFindObjects2;
- fwFindObjects->fwSession = fwSession;
- fwFindObjects->mdSession = mdSession;
- fwFindObjects->fwToken = fwToken;
- fwFindObjects->mdToken = mdToken;
- fwFindObjects->fwInstance = fwInstance;
- fwFindObjects->mdInstance = mdInstance;
-
- fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
- if( (NSSCKFWMutex *)NULL == fwFindObjects->mutex ) {
- goto loser;
- }
-
-#ifdef DEBUG
- *pError = findObjects_add_pointer(fwFindObjects);
- if( CKR_OK != *pError ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return fwFindObjects;
-
- loser:
- nss_ZFreeIf(fwFindObjects);
-
- if( (NSSCKMDFindObjects *)NULL != mdFindObjects1 ) {
- if( (void *)NULL != (void *)mdFindObjects1->Final ) {
- fwFindObjects->mdFindObjects = mdFindObjects1;
- mdFindObjects1->Final(mdFindObjects1, fwFindObjects, mdSession,
- fwSession, mdToken, fwToken, mdInstance, fwInstance);
- }
- }
-
- if( (NSSCKMDFindObjects *)NULL != mdFindObjects2 ) {
- if( (void *)NULL != (void *)mdFindObjects2->Final ) {
- fwFindObjects->mdFindObjects = mdFindObjects2;
- mdFindObjects2->Final(mdFindObjects2, fwFindObjects, mdSession,
- fwSession, mdToken, fwToken, mdInstance, fwInstance);
- }
- }
-
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
-
- return (NSSCKFWFindObjects *)NULL;
-}
-
-
-/*
- * nssCKFWFindObjects_Destroy
- *
- */
-NSS_EXTERN void
-nssCKFWFindObjects_Destroy
-(
- NSSCKFWFindObjects *fwFindObjects
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) {
- return;
- }
-#endif /* NSSDEBUG */
-
- (void)nssCKFWMutex_Destroy(fwFindObjects->mutex);
-
- if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo1 ) {
- if( (void *)NULL != (void *)fwFindObjects->mdfo1->Final ) {
- fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
- fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects,
- fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance);
- }
- }
-
- if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo2 ) {
- if( (void *)NULL != (void *)fwFindObjects->mdfo2->Final ) {
- fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
- fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects,
- fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance);
- }
- }
-
- nss_ZFreeIf(fwFindObjects);
-
-#ifdef DEBUG
- (void)findObjects_remove_pointer(fwFindObjects);
-#endif /* DEBUG */
-
- return;
-}
-
-/*
- * nssCKFWFindObjects_GetMDFindObjects
- *
- */
-NSS_EXTERN NSSCKMDFindObjects *
-nssCKFWFindObjects_GetMDFindObjects
-(
- NSSCKFWFindObjects *fwFindObjects
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) {
- return (NSSCKMDFindObjects *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwFindObjects->mdFindObjects;
-}
-
-/*
- * nssCKFWFindObjects_Next
- *
- */
-NSS_EXTERN NSSCKFWObject *
-nssCKFWFindObjects_Next
-(
- NSSCKFWFindObjects *fwFindObjects,
- NSSArena *arenaOpt,
- CK_RV *pError
-)
-{
- NSSCKMDObject *mdObject;
- NSSCKFWObject *fwObject = (NSSCKFWObject *)NULL;
- NSSArena *objArena;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWObject *)NULL;
- }
-
- *pError = nssCKFWFindObjects_verifyPointer(fwFindObjects);
- if( CKR_OK != *pError ) {
- return (NSSCKFWObject *)NULL;
- }
-#endif /* NSSDEBUG */
-
- *pError = nssCKFWMutex_Lock(fwFindObjects->mutex);
- if( CKR_OK != *pError ) {
- return (NSSCKFWObject *)NULL;
- }
-
- if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo1 ) {
- if( (void *)NULL != (void *)fwFindObjects->mdfo1->Next ) {
- fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
- mdObject = fwFindObjects->mdfo1->Next(fwFindObjects->mdfo1,
- fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance,
- arenaOpt, pError);
- if( (NSSCKMDObject *)NULL == mdObject ) {
- if( CKR_OK != *pError ) {
- goto done;
- }
-
- /* All done. */
- fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects,
- fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance);
- fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL;
- } else {
- goto wrap;
- }
- }
- }
-
- if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo2 ) {
- if( (void *)NULL != (void *)fwFindObjects->mdfo2->Next ) {
- fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
- mdObject = fwFindObjects->mdfo2->Next(fwFindObjects->mdfo2,
- fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance,
- arenaOpt, pError);
- if( (NSSCKMDObject *)NULL == mdObject ) {
- if( CKR_OK != *pError ) {
- goto done;
- }
-
- /* All done. */
- fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects,
- fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance);
- fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL;
- } else {
- goto wrap;
- }
- }
- }
-
- /* No more objects */
- *pError = CKR_OK;
- goto done;
-
- wrap:
- /*
- * This is less than ideal-- we should determine if it's a token
- * object or a session object, and use the appropriate arena.
- * But that duplicates logic in nssCKFWObject_IsTokenObject.
- * Worry about that later. For now, be conservative, and use
- * the token arena.
- */
- objArena = nssCKFWToken_GetArena(fwFindObjects->fwToken, pError);
- if( (NSSArena *)NULL == objArena ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_HOST_MEMORY;
- }
- goto done;
- }
-
- fwObject = nssCKFWObject_Create(objArena, mdObject,
- fwFindObjects->fwSession, fwFindObjects->fwToken,
- fwFindObjects->fwInstance, pError);
- if( (NSSCKFWObject *)NULL == fwObject ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- }
-
- done:
- (void)nssCKFWMutex_Unlock(fwFindObjects->mutex);
- return fwObject;
-}
-
-/*
- * NSSCKFWFindObjects_GetMDFindObjects
- *
- */
-
-NSS_EXTERN NSSCKMDFindObjects *
-NSSCKFWFindObjects_GetMDFindObjects
-(
- NSSCKFWFindObjects *fwFindObjects
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) {
- return (NSSCKMDFindObjects *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWFindObjects_GetMDFindObjects(fwFindObjects);
-}
diff --git a/security/nss/lib/ckfw/hash.c b/security/nss/lib/ckfw/hash.c
deleted file mode 100644
index f9790493b..000000000
--- a/security/nss/lib/ckfw/hash.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * hash.c
- *
- * This is merely a couple wrappers around NSPR's PLHashTable, using
- * the identity hash and arena-aware allocators. The reason I did
- * this is that hash tables are used in a few places throughout the
- * NSS Cryptoki Framework in a fairly stereotyped way, and this allows
- * me to pull the commonalities into one place. Should we ever want
- * to change the implementation, it's all right here.
- */
-
-#ifndef CK_T
-#include "ck.h"
-#endif /* CK_T */
-
-/*
- * nssCKFWHash
- *
- * nssCKFWHash_Create
- * nssCKFWHash_Destroy
- * nssCKFWHash_Add
- * nssCKFWHash_Remove
- * nssCKFWHash_Count
- * nssCKFWHash_Exists
- * nssCKFWHash_Lookup
- * nssCKFWHash_Iterate
- */
-
-struct nssCKFWHashStr {
- NSSCKFWMutex *mutex;
-
- /*
- * The invariant that mutex protects is:
- * The count accurately reflects the hashtable state.
- */
-
- PLHashTable *plHashTable;
- CK_ULONG count;
-};
-
-static PLHashNumber
-nss_ckfw_identity_hash
-(
- const void *key
-)
-{
- PRUint32 i = (PRUint32)key;
- PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32));
- return (PLHashNumber)i;
-}
-
-/*
- * nssCKFWHash_Create
- *
- */
-NSS_IMPLEMENT nssCKFWHash *
-nssCKFWHash_Create
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
-{
- nssCKFWHash *rv;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (nssCKFWHash *)NULL;
- }
-
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (nssCKFWHash *)NULL;
- }
-#endif /* NSSDEBUG */
-
- rv = nss_ZNEW(arena, nssCKFWHash);
- if( (nssCKFWHash *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (nssCKFWHash *)NULL;
- }
-
- rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
- if( (NSSCKFWMutex *)NULL == rv->mutex ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (nssCKFWHash *)NULL;
- }
-
- rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash,
- PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena);
- if( (PLHashTable *)NULL == rv->plHashTable ) {
- (void)nssCKFWMutex_Destroy(rv->mutex);
- (void)nss_ZFreeIf(rv);
- *pError = CKR_HOST_MEMORY;
- return (nssCKFWHash *)NULL;
- }
-
- rv->count = 0;
-
- return rv;
-}
-
-/*
- * nssCKFWHash_Destroy
- *
- */
-NSS_IMPLEMENT void
-nssCKFWHash_Destroy
-(
- nssCKFWHash *hash
-)
-{
- (void)nssCKFWMutex_Destroy(hash->mutex);
- PL_HashTableDestroy(hash->plHashTable);
- (void)nss_ZFreeIf(hash);
-}
-
-/*
- * nssCKFWHash_Add
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWHash_Add
-(
- nssCKFWHash *hash,
- const void *key,
- const void *value
-)
-{
- CK_RV error = CKR_OK;
- PLHashEntry *he;
-
- error = nssCKFWMutex_Lock(hash->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
- if( (PLHashEntry *)NULL == he ) {
- error = CKR_HOST_MEMORY;
- } else {
- hash->count++;
- }
-
- (void)nssCKFWMutex_Unlock(hash->mutex);
-
- return error;
-}
-
-/*
- * nssCKFWHash_Remove
- *
- */
-NSS_IMPLEMENT void
-nssCKFWHash_Remove
-(
- nssCKFWHash *hash,
- const void *it
-)
-{
- PRBool found;
-
- if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) {
- return;
- }
-
- found = PL_HashTableRemove(hash->plHashTable, it);
- if( found ) {
- hash->count--;
- }
-
- (void)nssCKFWMutex_Unlock(hash->mutex);
- return;
-}
-
-/*
- * nssCKFWHash_Count
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWHash_Count
-(
- nssCKFWHash *hash
-)
-{
- CK_ULONG count;
-
- if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) {
- return (CK_ULONG)0;
- }
-
- count = hash->count;
-
- (void)nssCKFWMutex_Unlock(hash->mutex);
-
- return count;
-}
-
-/*
- * nssCKFWHash_Exists
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWHash_Exists
-(
- nssCKFWHash *hash,
- const void *it
-)
-{
- void *value;
-
- if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) {
- return CK_FALSE;
- }
-
- value = PL_HashTableLookup(hash->plHashTable, it);
-
- (void)nssCKFWMutex_Unlock(hash->mutex);
-
- if( (void *)NULL == value ) {
- return CK_FALSE;
- } else {
- return CK_TRUE;
- }
-}
-
-/*
- * nssCKFWHash_Lookup
- *
- */
-NSS_IMPLEMENT void *
-nssCKFWHash_Lookup
-(
- nssCKFWHash *hash,
- const void *it
-)
-{
- void *rv;
-
- if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) {
- return (void *)NULL;
- }
-
- rv = PL_HashTableLookup(hash->plHashTable, it);
-
- (void)nssCKFWMutex_Unlock(hash->mutex);
-
- return rv;
-}
-
-struct arg_str {
- nssCKFWHashIterator fcn;
- void *closure;
-};
-
-static PRIntn
-nss_ckfwhash_enumerator
-(
- PLHashEntry *he,
- PRIntn index,
- void *arg
-)
-{
- struct arg_str *as = (struct arg_str *)arg;
- as->fcn(he->key, he->value, as->closure);
- return HT_ENUMERATE_NEXT;
-}
-
-/*
- * nssCKFWHash_Iterate
- *
- * NOTE that the iteration function will be called with the hashtable locked.
- */
-NSS_IMPLEMENT void
-nssCKFWHash_Iterate
-(
- nssCKFWHash *hash,
- nssCKFWHashIterator fcn,
- void *closure
-)
-{
- struct arg_str as;
- as.fcn = fcn;
- as.closure = closure;
-
- if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) {
- return;
- }
-
- PL_HashTableEnumerateEntries(hash->plHashTable, nss_ckfwhash_enumerator, &as);
-
- (void)nssCKFWMutex_Unlock(hash->mutex);
-
- return;
-}
diff --git a/security/nss/lib/ckfw/instance.c b/security/nss/lib/ckfw/instance.c
deleted file mode 100644
index a10b52cba..000000000
--- a/security/nss/lib/ckfw/instance.c
+++ /dev/null
@@ -1,1310 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * instance.c
- *
- * This file implements the NSSCKFWInstance type and methods.
- */
-
-#ifndef CK_T
-#include "ck.h"
-#endif /* CK_T */
-
-/*
- * NSSCKFWInstance
- *
- * -- create/destroy --
- * nssCKFWInstance_Create
- * nssCKFWInstance_Destroy
- *
- * -- public accessors --
- * NSSCKFWInstance_GetMDInstance
- * NSSCKFWInstance_GetArena
- * NSSCKFWInstance_MayCreatePthreads
- * NSSCKFWInstance_CreateMutex
- * NSSCKFWInstance_GetConfigurationData
- *
- * -- implement public accessors --
- * nssCKFWInstance_GetMDInstance
- * nssCKFWInstance_GetArena
- * nssCKFWInstance_MayCreatePthreads
- * nssCKFWInstance_CreateMutex
- * nssCKFWInstance_GetConfigurationData
- *
- * -- private accessors --
- * nssCKFWInstance_CreateSessionHandle
- * nssCKFWInstance_ResolveSessionHandle
- * nssCKFWInstance_DestroySessionHandle
- * nssCKFWInstance_FindSessionHandle
- * nssCKFWInstance_CreateObjectHandle
- * nssCKFWInstance_ResolveObjectHandle
- * nssCKFWInstance_DestroyObjectHandle
- *
- * -- module fronts --
- * nssCKFWInstance_GetNSlots
- * nssCKFWInstance_GetCryptokiVersion
- * nssCKFWInstance_GetManufacturerID
- * nssCKFWInstance_GetFlags
- * nssCKFWInstance_GetLibraryDescription
- * nssCKFWInstance_GetLibraryVersion
- * nssCKFWInstance_GetModuleHandlesSessionObjects
- * nssCKFWInstance_GetSlots
- * nssCKFWInstance_WaitForSlotEvent
- *
- * -- debugging versions only --
- * nssCKFWInstance_verifyPointer
- */
-
-struct NSSCKFWInstanceStr {
- NSSCKFWMutex *mutex;
- NSSArena *arena;
- NSSCKMDInstance *mdInstance;
- CK_C_INITIALIZE_ARGS_PTR pInitArgs;
- CK_BBOOL mayCreatePthreads;
- NSSUTF8 *configurationData;
- CK_ULONG nSlots;
- NSSCKFWSlot **fwSlotList;
- NSSCKMDSlot **mdSlotList;
- CK_BBOOL moduleHandlesSessionObjects;
-
- /*
- * Everything above is set at creation time, and then not modified.
- * The invariants the mutex protects are:
- *
- * 1) Each of the cached descriptions (versions, etc.) are in an
- * internally consistant state.
- *
- * 2) The session handle hashes and count are consistant
- *
- * 3) The object handle hashes and count are consistant.
- *
- * I could use multiple locks, but let's wait to see if that's
- * really necessary.
- *
- * Note that the calls accessing the cached descriptions will
- * call the NSSCKMDInstance methods with the mutex locked. Those
- * methods may then call the public NSSCKFWInstance routines.
- * Those public routines only access the constant data above, so
- * there's no problem. But be careful if you add to this object;
- * mutexes are in general not reentrant, so don't create deadlock
- * situations.
- */
-
- CK_VERSION cryptokiVersion;
- NSSUTF8 *manufacturerID;
- NSSUTF8 *libraryDescription;
- CK_VERSION libraryVersion;
-
- CK_ULONG lastSessionHandle;
- nssCKFWHash *sessionHandleHash;
-
- CK_ULONG lastObjectHandle;
- nssCKFWHash *objectHandleHash;
-};
-
-#ifdef DEBUG
-/*
- * But first, the pointer-tracking stuff.
- *
- * NOTE: the pointer-tracking support in NSS/base currently relies
- * upon NSPR's CallOnce support. That, however, relies upon NSPR's
- * locking, which is tied into the runtime. We need a pointer-tracker
- * implementation that uses the locks supplied through C_Initialize.
- * That support, however, can be filled in later. So for now, I'll
- * just do this routines as no-ops.
- */
-
-static CK_RV
-instance_add_pointer
-(
- const NSSCKFWInstance *fwInstance
-)
-{
- return CKR_OK;
-}
-
-static CK_RV
-instance_remove_pointer
-(
- const NSSCKFWInstance *fwInstance
-)
-{
- return CKR_OK;
-}
-
-NSS_IMPLEMENT CK_RV
-nssCKFWInstance_verifyPointer
-(
- const NSSCKFWInstance *fwInstance
-)
-{
- return CKR_OK;
-}
-
-#endif /* DEBUG */
-
-/*
- * nssCKFWInstance_Create
- *
- */
-NSS_IMPLEMENT NSSCKFWInstance *
-nssCKFWInstance_Create
-(
- CK_C_INITIALIZE_ARGS_PTR pInitArgs,
- NSSCKMDInstance *mdInstance,
- CK_RV *pError
-)
-{
- NSSCKFWInstance *fwInstance;
- NSSArena *arena = (NSSArena *)NULL;
- CK_ULONG i;
- CK_BBOOL called_Initialize = CK_FALSE;
-
-#ifdef NSSDEBUG
- if( (CK_RV)NULL == pError ) {
- return (NSSCKFWInstance *)NULL;
- }
-
- if( (NSSCKMDInstance *)NULL == mdInstance ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWInstance *)NULL;
- }
-#endif /* NSSDEBUG */
-
- arena = NSSArena_Create();
- if( (NSSArena *)NULL == arena ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWInstance *)NULL;
- }
-
- fwInstance = nss_ZNEW(arena, NSSCKFWInstance);
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- goto nomem;
- }
-
- fwInstance->arena = arena;
- fwInstance->mdInstance = mdInstance;
- fwInstance->pInitArgs = pInitArgs;
-
- if( (CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs ) {
- if( pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS ) {
- fwInstance->mayCreatePthreads = CK_FALSE;
- } else {
- fwInstance->mayCreatePthreads = CK_TRUE;
- }
- fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved);
- } else {
- fwInstance->mayCreatePthreads = CK_TRUE;
- }
-
- fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, arena, pError);
- if( (NSSCKFWMutex *)NULL == fwInstance->mutex ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- goto loser;
- }
-
- if( (void *)NULL != (void *)mdInstance->Initialize ) {
- *pError = mdInstance->Initialize(mdInstance, fwInstance, fwInstance->configurationData);
- if( CKR_OK != *pError ) {
- goto loser;
- }
-
- called_Initialize = CK_TRUE;
- }
-
- if( (void *)NULL != (void *)mdInstance->ModuleHandlesSessionObjects ) {
- fwInstance->moduleHandlesSessionObjects =
- mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance);
- } else {
- fwInstance->moduleHandlesSessionObjects = CK_FALSE;
- }
-
- if( (void *)NULL == (void *)mdInstance->GetNSlots ) {
- /* That routine is required */
- *pError = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- fwInstance->nSlots = mdInstance->GetNSlots(mdInstance, fwInstance, pError);
- if( (CK_ULONG)0 == fwInstance->nSlots ) {
- if( CKR_OK == *pError ) {
- /* Zero is not a legitimate answer */
- *pError = CKR_GENERAL_ERROR;
- }
- goto loser;
- }
-
- fwInstance->fwSlotList = nss_ZNEWARRAY(arena, NSSCKFWSlot *, fwInstance->nSlots);
- if( (NSSCKFWSlot **)NULL == fwInstance->fwSlotList ) {
- goto nomem;
- }
-
- fwInstance->mdSlotList = nss_ZNEWARRAY(arena, NSSCKMDSlot *, fwInstance->nSlots);
- if( (NSSCKMDSlot **)NULL == fwInstance->mdSlotList ) {
- goto nomem;
- }
-
- fwInstance->sessionHandleHash = nssCKFWHash_Create(fwInstance,
- fwInstance->arena, pError);
- if( (nssCKFWHash *)NULL == fwInstance->sessionHandleHash ) {
- goto loser;
- }
-
- fwInstance->objectHandleHash = nssCKFWHash_Create(fwInstance,
- fwInstance->arena, pError);
- if( (nssCKFWHash *)NULL == fwInstance->objectHandleHash ) {
- goto loser;
- }
-
- if( (void *)NULL == (void *)mdInstance->GetSlots ) {
- /* That routine is required */
- *pError = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- *pError = mdInstance->GetSlots(mdInstance, fwInstance, fwInstance->mdSlotList);
- if( CKR_OK != *pError ) {
- goto loser;
- }
-
- for( i = 0; i < fwInstance->nSlots; i++ ) {
- NSSCKMDSlot *mdSlot = fwInstance->mdSlotList[i];
-
- if( (NSSCKMDSlot *)NULL == mdSlot ) {
- *pError = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- fwInstance->fwSlotList[i] = nssCKFWSlot_Create(fwInstance, mdSlot, i, pError);
- if( CKR_OK != *pError ) {
- CK_ULONG j;
-
- for( j = 0; j < i; j++ ) {
- (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[j]);
- }
-
- for( j = i; j < fwInstance->nSlots; j++ ) {
- NSSCKMDSlot *mds = fwInstance->mdSlotList[j];
- if( (void *)NULL != (void *)mds->Destroy ) {
- mds->Destroy(mds, (NSSCKFWSlot *)NULL, mdInstance, fwInstance);
- }
- }
-
- goto loser;
- }
- }
-
-#ifdef DEBUG
- *pError = instance_add_pointer(fwInstance);
- if( CKR_OK != *pError ) {
- for( i = 0; i < fwInstance->nSlots; i++ ) {
- (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]);
- }
-
- goto loser;
- }
-#endif /* DEBUG */
-
- *pError = CKR_OK;
- return fwInstance;
-
- nomem:
- *pError = CKR_HOST_MEMORY;
- /*FALLTHROUGH*/
- loser:
-
- if( CK_TRUE == called_Initialize ) {
- if( (void *)NULL != (void *)mdInstance->Finalize ) {
- mdInstance->Finalize(mdInstance, fwInstance);
- }
- }
-
- (void)NSSArena_Destroy(arena);
- return (NSSCKFWInstance *)NULL;
-}
-
-/*
- * nssCKFWInstance_Destroy
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWInstance_Destroy
-(
- NSSCKFWInstance *fwInstance
-)
-{
-#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
-#endif /* NSSDEBUG */
- CK_ULONG i;
-
-#ifdef NSSDEBUG
- error = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- nssCKFWMutex_Destroy(fwInstance->mutex);
-
- for( i = 0; i < fwInstance->nSlots; i++ ) {
- (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]);
- }
-
- if( (void *)NULL != (void *)fwInstance->mdInstance->Finalize ) {
- fwInstance->mdInstance->Finalize(fwInstance->mdInstance, fwInstance);
- }
-
-#ifdef DEBUG
- (void)instance_remove_pointer(fwInstance);
-#endif /* DEBUG */
-
- (void)NSSArena_Destroy(fwInstance->arena);
- return CKR_OK;
-}
-
-/*
- * nssCKFWInstance_GetMDInstance
- *
- */
-NSS_IMPLEMENT NSSCKMDInstance *
-nssCKFWInstance_GetMDInstance
-(
- NSSCKFWInstance *fwInstance
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSCKMDInstance *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwInstance->mdInstance;
-}
-
-/*
- * nssCKFWInstance_GetArena
- *
- */
-NSS_IMPLEMENT NSSArena *
-nssCKFWInstance_GetArena
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSArena *)NULL;
- }
-
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
-#endif /* NSSDEBUG */
-
- *pError = CKR_OK;
- return fwInstance->arena;
-}
-
-/*
- * nssCKFWInstance_MayCreatePthreads
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWInstance_MayCreatePthreads
-(
- NSSCKFWInstance *fwInstance
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- return fwInstance->mayCreatePthreads;
-}
-
-/*
- * nssCKFWInstance_CreateMutex
- *
- */
-NSS_IMPLEMENT NSSCKFWMutex *
-nssCKFWInstance_CreateMutex
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
-{
- NSSCKFWMutex *mutex;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWMutex *)NULL;
- }
-
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSCKFWMutex *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arena ) {
- arena = fwInstance->arena;
- }
-
- mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, arena, pError);
- if( (NSSCKFWMutex *)NULL == mutex ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
-
- return (NSSCKFWMutex *)NULL;
- }
-
- return mutex;
-}
-
-/*
- * nssCKFWInstance_GetConfigurationData
- *
- */
-NSS_IMPLEMENT NSSUTF8 *
-nssCKFWInstance_GetConfigurationData
-(
- NSSCKFWInstance *fwInstance
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSUTF8 *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwInstance->configurationData;
-}
-
-/*
- * nssCKFWInstance_CreateSessionHandle
- *
- */
-NSS_IMPLEMENT CK_SESSION_HANDLE
-nssCKFWInstance_CreateSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
-{
- CK_SESSION_HANDLE hSession;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (CK_SESSION_HANDLE)0;
- }
-
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (CK_SESSION_HANDLE)0;
- }
-#endif /* NSSDEBUG */
-
- *pError = nssCKFWMutex_Lock(fwInstance->mutex);
- if( CKR_OK != *pError ) {
- return (CK_SESSION_HANDLE)0;
- }
-
- hSession = ++(fwInstance->lastSessionHandle);
-
- /* Alan would say I should unlock for this call. */
-
- *pError = nssCKFWSession_SetHandle(fwSession, hSession);
- if( CKR_OK != *pError ) {
- goto done;
- }
-
- *pError = nssCKFWHash_Add(fwInstance->sessionHandleHash,
- (const void *)hSession, (const void *)fwSession);
- if( CKR_OK != *pError ) {
- hSession = (CK_SESSION_HANDLE)0;
- goto done;
- }
-
- done:
- nssCKFWMutex_Unlock(fwInstance->mutex);
- return hSession;
-}
-
-/*
- * nssCKFWInstance_ResolveSessionHandle
- *
- */
-NSS_IMPLEMENT NSSCKFWSession *
-nssCKFWInstance_ResolveSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- NSSCKFWSession *fwSession;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSCKFWSession *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
- return (NSSCKFWSession *)NULL;
- }
-
- fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
- fwInstance->sessionHandleHash, (const void *)hSession);
-
- /* Assert(hSession == nssCKFWSession_GetHandle(fwSession)) */
-
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
-
- return fwSession;
-}
-
-/*
- * nssCKFWInstance_DestroySessionHandle
- *
- */
-NSS_IMPLEMENT void
-nssCKFWInstance_DestroySessionHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- NSSCKFWSession *fwSession;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
- return;
- }
-
- fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
- fwInstance->sessionHandleHash, (const void *)hSession);
-
- nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession);
- nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0);
-
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
-
- return;
-}
-
-/*
- * nssCKFWInstance_FindSessionHandle
- *
- */
-NSS_IMPLEMENT CK_SESSION_HANDLE
-nssCKFWInstance_FindSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (CK_SESSION_HANDLE)0;
- }
-
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return (CK_SESSION_HANDLE)0;
- }
-#endif /* NSSDEBUG */
-
- return nssCKFWSession_GetHandle(fwSession);
- /* look it up and assert? */
-}
-
-/*
- * nssCKFWInstance_CreateObjectHandle
- *
- */
-NSS_IMPLEMENT CK_OBJECT_HANDLE
-nssCKFWInstance_CreateObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
-{
- CK_OBJECT_HANDLE hObject;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (CK_OBJECT_HANDLE)0;
- }
-
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (CK_OBJECT_HANDLE)0;
- }
-#endif /* NSSDEBUG */
-
- *pError = nssCKFWMutex_Lock(fwInstance->mutex);
- if( CKR_OK != *pError ) {
- return (CK_OBJECT_HANDLE)0;
- }
-
- hObject = ++(fwInstance->lastObjectHandle);
-
- *pError = nssCKFWObject_SetHandle(fwObject, hObject);
- if( CKR_OK != *pError ) {
- hObject = (CK_OBJECT_HANDLE)0;
- goto done;
- }
-
- *pError = nssCKFWHash_Add(fwInstance->objectHandleHash,
- (const void *)hObject, (const void *)fwObject);
- if( CKR_OK != *pError ) {
- hObject = (CK_OBJECT_HANDLE)0;
- goto done;
- }
-
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return hObject;
-}
-
-/*
- * nssCKFWInstance_ResolveObjectHandle
- *
- */
-NSS_IMPLEMENT NSSCKFWObject *
-nssCKFWInstance_ResolveObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject
-)
-{
- NSSCKFWObject *fwObject;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSCKFWObject *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
- return (NSSCKFWObject *)NULL;
- }
-
- fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
- fwInstance->objectHandleHash, (const void *)hObject);
-
- /* Assert(hObject == nssCKFWObject_GetHandle(fwObject)) */
-
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return fwObject;
-}
-
-/*
- * nssCKFWInstance_ReassignObjectHandle
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWInstance_ReassignObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject,
- NSSCKFWObject *fwObject
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWObject *oldObject;
-
-#ifdef NSSDEBUG
- error = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwInstance->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- oldObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
- fwInstance->objectHandleHash, (const void *)hObject);
- /* Assert(hObject == nssCKFWObject_GetHandle(oldObject) */
- (void)nssCKFWObject_SetHandle(oldObject, (CK_SESSION_HANDLE)0);
- nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject);
-
- error = nssCKFWObject_SetHandle(fwObject, hObject);
- if( CKR_OK != error ) {
- goto done;
- }
- error = nssCKFWHash_Add(fwInstance->objectHandleHash,
- (const void *)hObject, (const void *)fwObject);
-
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return error;
-}
-
-/*
- * nssCKFWInstance_DestroyObjectHandle
- *
- */
-NSS_IMPLEMENT void
-nssCKFWInstance_DestroyObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject
-)
-{
- NSSCKFWObject *fwObject;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
- return;
- }
-
- fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
- fwInstance->objectHandleHash, (const void *)hObject);
- /* Assert(hObject = nssCKFWObject_GetHandle(fwObject)) */
- nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject);
- (void)nssCKFWObject_SetHandle(fwObject, (CK_SESSION_HANDLE)0);
-
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return;
-}
-
-/*
- * nssCKFWInstance_FindObjectHandle
- *
- */
-NSS_IMPLEMENT CK_OBJECT_HANDLE
-nssCKFWInstance_FindObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *fwObject
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (CK_OBJECT_HANDLE)0;
- }
-
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return (CK_OBJECT_HANDLE)0;
- }
-#endif /* NSSDEBUG */
-
- return nssCKFWObject_GetHandle(fwObject);
-}
-
-/*
- * nssCKFWInstance_GetNSlots
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWInstance_GetNSlots
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (CK_ULONG)0;
- }
-
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
-#endif /* NSSDEBUG */
-
- *pError = CKR_OK;
- return fwInstance->nSlots;
-}
-
-/*
- * nssCKFWInstance_GetCryptokiVersion
- *
- */
-NSS_IMPLEMENT CK_VERSION
-nssCKFWInstance_GetCryptokiVersion
-(
- NSSCKFWInstance *fwInstance
-)
-{
- CK_VERSION rv;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-
- if( (0 != fwInstance->cryptokiVersion.major) ||
- (0 != fwInstance->cryptokiVersion.minor) ) {
- rv = fwInstance->cryptokiVersion;
- goto done;
- }
-
- if( (void *)NULL != (void *)fwInstance->mdInstance->GetCryptokiVersion ) {
- fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion(
- fwInstance->mdInstance, fwInstance);
- } else {
- fwInstance->cryptokiVersion.major = 2;
- fwInstance->cryptokiVersion.minor = 1;
- }
-
- rv = fwInstance->cryptokiVersion;
-
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return rv;
-}
-
-/*
- * nssCKFWInstance_GetManufacturerID
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWInstance_GetManufacturerID
-(
- NSSCKFWInstance *fwInstance,
- CK_CHAR manufacturerID[32]
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == manufacturerID ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- error = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwInstance->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSUTF8 *)NULL == fwInstance->manufacturerID ) {
- if( (void *)NULL != (void *)fwInstance->mdInstance->GetManufacturerID ) {
- fwInstance->manufacturerID = fwInstance->mdInstance->GetManufacturerID(
- fwInstance->mdInstance, fwInstance, &error);
- if( ((NSSUTF8 *)NULL == fwInstance->manufacturerID) && (CKR_OK != error) ) {
- goto done;
- }
- } else {
- fwInstance->manufacturerID = "";
- }
- }
-
- (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->manufacturerID, manufacturerID, 32, ' ');
- error = CKR_OK;
-
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return error;
-}
-
-/*
- * nssCKFWInstance_GetFlags
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWInstance_GetFlags
-(
- NSSCKFWInstance *fwInstance
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (CK_ULONG)0;
- }
-#endif /* NSSDEBUG */
-
- /* No "instance flags" are yet defined by Cryptoki. */
- return (CK_ULONG)0;
-}
-
-/*
- * nssCKFWInstance_GetLibraryDescription
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWInstance_GetLibraryDescription
-(
- NSSCKFWInstance *fwInstance,
- CK_CHAR libraryDescription[32]
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == libraryDescription ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- error = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwInstance->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSUTF8 *)NULL == fwInstance->libraryDescription ) {
- if( (void *)NULL != (void *)fwInstance->mdInstance->GetLibraryDescription ) {
- fwInstance->libraryDescription = fwInstance->mdInstance->GetLibraryDescription(
- fwInstance->mdInstance, fwInstance, &error);
- if( ((NSSUTF8 *)NULL == fwInstance->libraryDescription) && (CKR_OK != error) ) {
- goto done;
- }
- } else {
- fwInstance->libraryDescription = "";
- }
- }
-
- (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->libraryDescription, libraryDescription, 32, ' ');
- error = CKR_OK;
-
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return error;
-}
-
-/*
- * nssCKFWInstance_GetLibraryVersion
- *
- */
-NSS_IMPLEMENT CK_VERSION
-nssCKFWInstance_GetLibraryVersion
-(
- NSSCKFWInstance *fwInstance
-)
-{
- CK_VERSION rv;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-
- if( (0 != fwInstance->libraryVersion.major) ||
- (0 != fwInstance->libraryVersion.minor) ) {
- rv = fwInstance->libraryVersion;
- goto done;
- }
-
- if( (void *)NULL != (void *)fwInstance->mdInstance->GetLibraryVersion ) {
- fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion(
- fwInstance->mdInstance, fwInstance);
- } else {
- fwInstance->libraryVersion.major = 0;
- fwInstance->libraryVersion.minor = 1;
- }
-
- rv = fwInstance->libraryVersion;
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return rv;
-}
-
-/*
- * nssCKFWInstance_GetModuleHandlesSessionObjects
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWInstance_GetModuleHandlesSessionObjects
-(
- NSSCKFWInstance *fwInstance
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- return fwInstance->moduleHandlesSessionObjects;
-}
-
-/*
- * nssCKFWInstance_GetSlots
- *
- */
-NSS_IMPLEMENT NSSCKFWSlot **
-nssCKFWInstance_GetSlots
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWSlot **)NULL;
- }
-
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSlot **)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwInstance->fwSlotList;
-}
-
-/*
- * nssCKFWInstance_WaitForSlotEvent
- *
- */
-NSS_IMPLEMENT NSSCKFWSlot *
-nssCKFWInstance_WaitForSlotEvent
-(
- NSSCKFWInstance *fwInstance,
- CK_BBOOL block,
- CK_RV *pError
-)
-{
- NSSCKFWSlot *fwSlot = (NSSCKFWSlot *)NULL;
- NSSCKMDSlot *mdSlot;
- CK_ULONG i, n;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWSlot *)NULL;
- }
-
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSlot *)NULL;
- }
-
- switch( block ) {
- case CK_TRUE:
- case CK_FALSE:
- break;
- default:
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWSlot *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwInstance->mdInstance->WaitForSlotEvent ) {
- *pError = CKR_NO_EVENT;
- return (NSSCKFWSlot *)NULL;
- }
-
- mdSlot = fwInstance->mdInstance->WaitForSlotEvent(
- fwInstance->mdInstance,
- fwInstance,
- block,
- pError
- );
-
- if( (NSSCKMDSlot *)NULL == mdSlot ) {
- return (NSSCKFWSlot *)NULL;
- }
-
- n = nssCKFWInstance_GetNSlots(fwInstance, pError);
- if( ((CK_ULONG)0 == n) && (CKR_OK != *pError) ) {
- return (NSSCKFWSlot *)NULL;
- }
-
- for( i = 0; i < n; i++ ) {
- if( fwInstance->mdSlotList[i] == mdSlot ) {
- fwSlot = fwInstance->fwSlotList[i];
- break;
- }
- }
-
- if( (NSSCKFWSlot *)NULL == fwSlot ) {
- /* Internal error */
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWSlot *)NULL;
- }
-
- return fwSlot;
-}
-
-/*
- * NSSCKFWInstance_GetMDInstance
- *
- */
-NSS_IMPLEMENT NSSCKMDInstance *
-NSSCKFWInstance_GetMDInstance
-(
- NSSCKFWInstance *fwInstance
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSCKMDInstance *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWInstance_GetMDInstance(fwInstance);
-}
-
-/*
- * NSSCKFWInstance_GetArena
- *
- */
-NSS_IMPLEMENT NSSArena *
-NSSCKFWInstance_GetArena
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
-#ifdef DEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSArena *)NULL;
- }
-
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWInstance_GetArena(fwInstance, pError);
-}
-
-/*
- * NSSCKFWInstance_MayCreatePthreads
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-NSSCKFWInstance_MayCreatePthreads
-(
- NSSCKFWInstance *fwInstance
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return CK_FALSE;
- }
-#endif /* DEBUG */
-
- return nssCKFWInstance_MayCreatePthreads(fwInstance);
-}
-
-/*
- * NSSCKFWInstance_CreateMutex
- *
- */
-NSS_IMPLEMENT NSSCKFWMutex *
-NSSCKFWInstance_CreateMutex
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
-{
-#ifdef DEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWMutex *)NULL;
- }
-
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSCKFWMutex *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
-}
-
-/*
- * NSSCKFWInstance_GetConfigurationData
- *
- */
-NSS_IMPLEMENT NSSUTF8 *
-NSSCKFWInstance_GetConfigurationData
-(
- NSSCKFWInstance *fwInstance
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSUTF8 *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWInstance_GetConfigurationData(fwInstance);
-}
diff --git a/security/nss/lib/ckfw/manifest.mn b/security/nss/lib/ckfw/manifest.mn
deleted file mode 100644
index 799fca1ae..000000000
--- a/security/nss/lib/ckfw/manifest.mn
+++ /dev/null
@@ -1,77 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-CORE_DEPTH = ../../..
-
-PRIVATE_EXPORTS = \
- ck.h \
- ckfw.h \
- ckfwm.h \
- ckfwtm.h \
- ckmd.h \
- ckt.h \
- $(NULL)
-
-EXPORTS = \
- nssck.api \
- nssckepv.h \
- nssckft.h \
- nssckfw.h \
- nssckfwc.h \
- nssckfwt.h \
- nssckg.h \
- nssckmdt.h \
- nssckp.h \
- nssckt.h \
- nsscku.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- find.c \
- hash.c \
- instance.c \
- mutex.c \
- object.c \
- session.c \
- sessobj.c \
- slot.c \
- token.c \
- wrap.c \
- $(NULL)
-
-REQUIRES = security nspr
-
-LIBRARY_NAME = nssckfw
diff --git a/security/nss/lib/ckfw/mutex.c b/security/nss/lib/ckfw/mutex.c
deleted file mode 100644
index e4c363f31..000000000
--- a/security/nss/lib/ckfw/mutex.c
+++ /dev/null
@@ -1,346 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * mutex.c
- *
- * This file implements a mutual-exclusion locking facility for Modules
- * using the NSS Cryptoki Framework.
- */
-
-#ifndef CK_T
-#include "ck.h"
-#endif /* CK_T */
-
-/*
- * NSSCKFWMutex
- *
- * NSSCKFWMutex_Destroy
- * NSSCKFWMutex_Lock
- * NSSCKFWMutex_Unlock
- *
- * nssCKFWMutex_Create
- * nssCKFWMutex_Destroy
- * nssCKFWMutex_Lock
- * nssCKFWMutex_Unlock
- *
- * -- debugging versions only --
- * nssCKFWMutex_verifyPointer
- *
- */
-
-struct NSSCKFWMutexStr {
- CK_VOID_PTR etc;
-
- CK_DESTROYMUTEX Destroy;
- CK_LOCKMUTEX Lock;
- CK_UNLOCKMUTEX Unlock;
-};
-
-#ifdef DEBUG
-/*
- * But first, the pointer-tracking stuff.
- *
- * NOTE: the pointer-tracking support in NSS/base currently relies
- * upon NSPR's CallOnce support. That, however, relies upon NSPR's
- * locking, which is tied into the runtime. We need a pointer-tracker
- * implementation that uses the locks supplied through C_Initialize.
- * That support, however, can be filled in later. So for now, I'll
- * just do this routines as no-ops.
- */
-
-static CK_RV
-mutex_add_pointer
-(
- const NSSCKFWMutex *fwMutex
-)
-{
- return CKR_OK;
-}
-
-static CK_RV
-mutex_remove_pointer
-(
- const NSSCKFWMutex *fwMutex
-)
-{
- return CKR_OK;
-}
-
-NSS_IMPLEMENT CK_RV
-nssCKFWMutex_verifyPointer
-(
- const NSSCKFWMutex *fwMutex
-)
-{
- return CKR_OK;
-}
-
-#endif /* DEBUG */
-
-static CK_RV
-mutex_noop
-(
- CK_VOID_PTR pMutex
-)
-{
- return CKR_OK;
-}
-
-/*
- * nssCKFWMutex_Create
- *
- */
-NSS_EXTERN NSSCKFWMutex *
-nssCKFWMutex_Create
-(
- CK_C_INITIALIZE_ARGS_PTR pInitArgs,
- NSSArena *arena,
- CK_RV *pError
-)
-{
- NSSCKFWMutex *mutex;
- CK_ULONG count = (CK_ULONG)0;
- CK_BBOOL os_ok = CK_FALSE;
- CK_VOID_PTR pMutex = (CK_VOID_PTR)NULL;
-
- if( (CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs ) {
- if( (CK_CREATEMUTEX )NULL != pInitArgs->CreateMutex ) count++;
- if( (CK_DESTROYMUTEX)NULL != pInitArgs->DestroyMutex ) count++;
- if( (CK_LOCKMUTEX )NULL != pInitArgs->LockMutex ) count++;
- if( (CK_UNLOCKMUTEX )NULL != pInitArgs->UnlockMutex ) count++;
- os_ok = (pInitArgs->flags & CKF_OS_LOCKING_OK) ? CK_TRUE : CK_FALSE;
-
- if( (0 != count) && (4 != count) ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWMutex *)NULL;
- }
- }
-
- if( (0 == count) && (CK_TRUE == os_ok) ) {
- /*
- * This is case #2 in the description of C_Initialize:
- * The library will be called in a multithreaded way, but
- * no routines were specified: os locking calls should be
- * used. Unfortunately, this can be hard.. like, I think
- * I may have to dynamically look up the entry points in
- * the instance of NSPR already going in the application.
- *
- * I know that *we* always specify routines, so this only
- * comes up if someone is using NSS to create their own
- * PCKS#11 modules for other products. Oh, heck, I'll
- * worry about this then.
- */
- *pError = CKR_CANT_LOCK;
- return (NSSCKFWMutex *)NULL;
- }
-
- mutex = nss_ZNEW(arena, NSSCKFWMutex);
- if( (NSSCKFWMutex *)NULL == mutex ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWMutex *)NULL;
- }
-
- if( 0 == count ) {
- /*
- * With the above test out of the way, we know this is case
- * #1 in the description of C_Initialize: this library will
- * not be called in a multithreaded way. I'll just return
- * an object with noop calls.
- */
-
- mutex->Destroy = (CK_DESTROYMUTEX)mutex_noop;
- mutex->Lock = (CK_LOCKMUTEX )mutex_noop;
- mutex->Unlock = (CK_UNLOCKMUTEX )mutex_noop;
- } else {
- /*
- * We know that we're in either case #3 or #4 in the description
- * of C_Initialize. Case #3 says we should use the specified
- * functions, case #4 cays we can use either the specified ones
- * or the OS ones. I'll use the specified ones.
- */
-
- mutex->Destroy = pInitArgs->DestroyMutex;
- mutex->Lock = pInitArgs->LockMutex;
- mutex->Unlock = pInitArgs->UnlockMutex;
-
- *pError = pInitArgs->CreateMutex(&mutex->etc);
- if( CKR_OK != *pError ) {
- (void)nss_ZFreeIf(mutex);
- return (NSSCKFWMutex *)NULL;
- }
- }
-
-#ifdef DEBUG
- *pError = mutex_add_pointer(mutex);
- if( CKR_OK != *pError ) {
- (void)nss_ZFreeIf(mutex);
- return (NSSCKFWMutex *)NULL;
- }
-#endif /* DEBUG */
-
- return mutex;
-}
-
-/*
- * nssCKFWMutex_Destroy
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWMutex_Destroy
-(
- NSSCKFWMutex *mutex
-)
-{
- CK_RV rv = CKR_OK;
-
-#ifdef NSSDEBUG
- rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
-#endif /* NSSDEBUG */
-
- rv = mutex->Destroy(mutex->etc);
-
-#ifdef DEBUG
- (void)mutex_remove_pointer(mutex);
-#endif /* DEBUG */
-
- (void)nss_ZFreeIf(mutex);
- return rv;
-}
-
-/*
- * nssCKFWMutex_Lock
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWMutex_Lock
-(
- NSSCKFWMutex *mutex
-)
-{
-#ifdef NSSDEBUG
- CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
-#endif /* NSSDEBUG */
-
- return mutex->Lock(mutex->etc);
-}
-
-/*
- * nssCKFWMutex_Unlock
- *
- */
-NSS_EXTERN CK_RV
-nssCKFWMutex_Unlock
-(
- NSSCKFWMutex *mutex
-)
-{
-#ifdef NSSDEBUG
- CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
-#endif /* NSSDEBUG */
-
- return mutex->Unlock(mutex->etc);
-}
-
-/*
- * NSSCKFWMutex_Destroy
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWMutex_Destroy
-(
- NSSCKFWMutex *mutex
-)
-{
-#ifdef DEBUG
- CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
-#endif /* DEBUG */
-
- return nssCKFWMutex_Destroy(mutex);
-}
-
-/*
- * NSSCKFWMutex_Lock
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWMutex_Lock
-(
- NSSCKFWMutex *mutex
-)
-{
-#ifdef DEBUG
- CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
-#endif /* DEBUG */
-
- return nssCKFWMutex_Lock(mutex);
-}
-
-/*
- * NSSCKFWMutex_Unlock
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWMutex_Unlock
-(
- NSSCKFWMutex *mutex
-)
-{
-#ifdef DEBUG
- CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
-#endif /* DEBUG */
-
- return nssCKFWMutex_Unlock(mutex);
-}
diff --git a/security/nss/lib/ckfw/nssckfw.h b/security/nss/lib/ckfw/nssckfw.h
deleted file mode 100644
index ce16f2b7b..000000000
--- a/security/nss/lib/ckfw/nssckfw.h
+++ /dev/null
@@ -1,499 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSCKFW_H
-#define NSSCKFW_H
-
-#ifdef DEBUG
-static const char NSSCKFW_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nssckfw.h
- *
- * This file prototypes the publicly available calls of the
- * NSS Cryptoki Framework.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-#ifndef NSSCKFWT_H
-#include "nssckfwt.h"
-#endif /* NSSCKFWT_H */
-
-/*
- * NSSCKFWInstance
- *
- * NSSCKFWInstance_GetMDInstance
- * NSSCKFWInstance_GetArena
- * NSSCKFWInstance_MayCreatePthreads
- * NSSCKFWInstance_CreateMutex
- * NSSCKFWInstance_GetConfigurationData
- */
-
-/*
- * NSSCKFWInstance_GetMDInstance
- *
- */
-
-NSS_EXTERN NSSCKMDInstance *
-NSSCKFWInstance_GetMDInstance
-(
- NSSCKFWInstance *fwInstance
-);
-
-/*
- * NSSCKFWInstance_GetArena
- *
- */
-
-NSS_EXTERN NSSArena *
-NSSCKFWInstance_GetArena
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
-
-/*
- * NSSCKFWInstance_MayCreatePthreads
- *
- */
-
-NSS_EXTERN CK_BBOOL
-NSSCKFWInstance_MayCreatePthreads
-(
- NSSCKFWInstance *fwInstance
-);
-
-/*
- * NSSCKFWInstance_CreateMutex
- *
- */
-
-NSS_EXTERN NSSCKFWMutex *
-NSSCKFWInstance_CreateMutex
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-);
-
-/*
- * NSSCKFWInstance_GetConfigurationData
- *
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSCKFWInstance_GetConfigurationData
-(
- NSSCKFWInstance *fwInstance
-);
-
-/*
- * NSSCKFWSlot
- *
- * NSSCKFWSlot_GetMDSlot
- * NSSCKFWSlot_GetFWInstance
- * NSSCKFWSlot_GetMDInstance
- *
- */
-
-/*
- * NSSCKFWSlot_GetMDSlot
- *
- */
-
-NSS_EXTERN NSSCKMDSlot *
-NSSCKFWSlot_GetMDSlot
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * NSSCKFWSlot_GetFWInstance
- *
- */
-
-NSS_EXTERN NSSCKFWInstance *
-NSSCKFWSlot_GetFWInstance
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * NSSCKFWSlot_GetMDInstance
- *
- */
-
-NSS_EXTERN NSSCKMDInstance *
-NSSCKFWSlot_GetMDInstance
-(
- NSSCKFWSlot *fwSlot
-);
-
-/*
- * NSSCKFWToken
- *
- * NSSCKFWToken_GetMDToken
- * NSSCKFWToken_GetFWSlot
- * NSSCKFWToken_GetMDSlot
- * NSSCKFWToken_GetSessionState
- *
- */
-
-/*
- * NSSCKFWToken_GetMDToken
- *
- */
-
-NSS_EXTERN NSSCKMDToken *
-NSSCKFWToken_GetMDToken
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * NSSCKFWToken_GetArena
- *
- */
-
-NSS_EXTERN NSSArena *
-NSSCKFWToken_GetArena
-(
- NSSCKFWToken *fwToken,
- CK_RV *pError
-);
-
-/*
- * NSSCKFWToken_GetFWSlot
- *
- */
-
-NSS_EXTERN NSSCKFWSlot *
-NSSCKFWToken_GetFWSlot
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * NSSCKFWToken_GetMDSlot
- *
- */
-
-NSS_EXTERN NSSCKMDSlot *
-NSSCKFWToken_GetMDSlot
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * NSSCKFWToken_GetSessionState
- *
- */
-
-NSS_EXTERN CK_STATE
-NSSCKFWSession_GetSessionState
-(
- NSSCKFWToken *fwToken
-);
-
-/*
- * NSSCKFWMechanism
- *
- * NSSKCFWMechanism_GetMDMechanism
- * NSSCKFWMechanism_GetParameter
- *
- */
-
-/*
- * NSSKCFWMechanism_GetMDMechanism
- *
- */
-
-NSS_EXTERN NSSCKMDMechanism *
-NSSCKFWMechanism_GetMDMechanism
-(
- NSSCKFWMechanism *fwMechanism
-);
-
-/*
- * NSSCKFWMechanism_GetParameter
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCKFWMechanism_GetParameter
-(
- NSSCKFWMechanism *fwMechanism
-);
-
-/*
- * NSSCKFWSession
- *
- * NSSCKFWSession_GetMDSession
- * NSSCKFWSession_GetArena
- * NSSCKFWSession_CallNotification
- * NSSCKFWSession_IsRWSession
- * NSSCKFWSession_IsSO
- *
- */
-
-/*
- * NSSCKFWSession_GetMDSession
- *
- */
-
-NSS_EXTERN NSSCKMDSession *
-NSSCKFWSession_GetMDSession
-(
- NSSCKFWSession *fwSession
-);
-
-/*
- * NSSCKFWSession_GetArena
- *
- */
-
-NSS_EXTERN NSSArena *
-NSSCKFWSession_GetArena
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
-
-/*
- * NSSCKFWSession_CallNotification
- *
- */
-
-NSS_EXTERN CK_RV
-NSSCKFWSession_CallNotification
-(
- NSSCKFWSession *fwSession,
- CK_NOTIFICATION event
-);
-
-/*
- * NSSCKFWSession_IsRWSession
- *
- */
-
-NSS_EXTERN CK_BBOOL
-NSSCKFWSession_IsRWSession
-(
- NSSCKFWSession *fwSession
-);
-
-/*
- * NSSCKFWSession_IsSO
- *
- */
-
-NSS_EXTERN CK_BBOOL
-NSSCKFWSession_IsSO
-(
- NSSCKFWSession *fwSession
-);
-
-/*
- * NSSCKFWObject
- *
- * NSSCKFWObject_GetMDObject
- * NSSCKFWObject_GetArena
- * NSSCKFWObject_IsTokenObject
- * NSSCKFWObject_GetAttributeCount
- * NSSCKFWObject_GetAttributeTypes
- * NSSCKFWObject_GetAttributeSize
- * NSSCKFWObject_GetAttribute
- * NSSCKFWObject_GetObjectSize
- */
-
-/*
- * NSSCKFWObject_GetMDObject
- *
- */
-NSS_EXTERN NSSCKMDObject *
-NSSCKFWObject_GetMDObject
-(
- NSSCKFWObject *fwObject
-);
-
-/*
- * NSSCKFWObject_GetArena
- *
- */
-NSS_EXTERN NSSArena *
-NSSCKFWObject_GetArena
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
-
-/*
- * NSSCKFWObject_IsTokenObject
- *
- */
-NSS_EXTERN CK_BBOOL
-NSSCKFWObject_IsTokenObject
-(
- NSSCKFWObject *fwObject
-);
-
-/*
- * NSSCKFWObject_GetAttributeCount
- *
- */
-NSS_EXTERN CK_ULONG
-NSSCKFWObject_GetAttributeCount
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
-
-/*
- * NSSCKFWObject_GetAttributeTypes
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWObject_GetAttributeTypes
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-);
-
-/*
- * NSSCKFWObject_GetAttributeSize
- *
- */
-NSS_EXTERN CK_ULONG
-NSSCKFWObject_GetAttributeSize
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-);
-
-/*
- * NSSCKFWObject_GetAttribute
- *
- */
-NSS_EXTERN NSSItem *
-NSSCKFWObject_GetAttribute
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *itemOpt,
- NSSArena *arenaOpt,
- CK_RV *pError
-);
-
-/*
- * NSSCKFWObject_GetObjectSize
- *
- */
-NSS_EXTERN CK_ULONG
-NSSCKFWObject_GetObjectSize
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
-
-/*
- * NSSCKFWFindObjects
- *
- * NSSCKFWFindObjects_GetMDFindObjects
- *
- */
-
-/*
- * NSSCKFWFindObjects_GetMDFindObjects
- *
- */
-
-NSS_EXTERN NSSCKMDFindObjects *
-NSSCKFWFindObjects_GetMDFindObjects
-(
- NSSCKFWFindObjects *
-);
-
-/*
- * NSSCKFWMutex
- *
- * NSSCKFWMutex_Destroy
- * NSSCKFWMutex_Lock
- * NSSCKFWMutex_Unlock
- *
- */
-
-/*
- * NSSCKFWMutex_Destroy
- *
- */
-
-NSS_EXTERN CK_RV
-NSSCKFWMutex_Destroy
-(
- NSSCKFWMutex *mutex
-);
-
-/*
- * NSSCKFWMutex_Lock
- *
- */
-
-NSS_EXTERN CK_RV
-NSSCKFWMutex_Lock
-(
- NSSCKFWMutex *mutex
-);
-
-/*
- * NSSCKFWMutex_Unlock
- *
- */
-
-NSS_EXTERN CK_RV
-NSSCKFWMutex_Unlock
-(
- NSSCKFWMutex *mutex
-);
-
-#endif /* NSSCKFW_H */
-
diff --git a/security/nss/lib/ckfw/nssckfwc.h b/security/nss/lib/ckfw/nssckfwc.h
deleted file mode 100644
index 02b15ec35..000000000
--- a/security/nss/lib/ckfw/nssckfwc.h
+++ /dev/null
@@ -1,1046 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSCKFWC_H
-#define NSSCKFWC_H
-
-#ifdef DEBUG
-static const char NSSCKFWC_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nssckfwc.h
- *
- * This file prototypes all of the NSS Cryptoki Framework "wrapper"
- * which implement the PKCS#11 API. Technically, these are public
- * routines (with capital "NSS" prefixes), since they are called
- * from (generated) code within a Module using the Framework.
- * However, they should not be called except from those generated
- * calls. Hence, the prototypes have been split out into this file.
- */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-#ifndef NSSCKFWT_H
-#include "nssckfwt.h"
-#endif /* NSSCKFWT_H */
-
-#ifndef NSSCKMDT_H
-#include "nssckmdt.h"
-#endif /* NSSCKMDT_H */
-
-/*
- * NSSCKFWC_Initialize
- * NSSCKFWC_Finalize
- * NSSCKFWC_GetInfo
- * -- NSSCKFWC_GetFunctionList -- see the API insert file
- * NSSCKFWC_GetSlotList
- * NSSCKFWC_GetSlotInfo
- * NSSCKFWC_GetTokenInfo
- * NSSCKFWC_WaitForSlotEvent
- * NSSCKFWC_GetMechanismList
- * NSSCKFWC_GetMechanismInfo
- * NSSCKFWC_InitToken
- * NSSCKFWC_InitPIN
- * NSSCKFWC_SetPIN
- * NSSCKFWC_OpenSession
- * NSSCKFWC_CloseSession
- * NSSCKFWC_CloseAllSessions
- * NSSCKFWC_GetSessionInfo
- * NSSCKFWC_GetOperationState
- * NSSCKFWC_SetOperationState
- * NSSCKFWC_Login
- * NSSCKFWC_Logout
- * NSSCKFWC_CreateObject
- * NSSCKFWC_CopyObject
- * NSSCKFWC_DestroyObject
- * NSSCKFWC_GetObjectSize
- * NSSCKFWC_GetAttributeValue
- * NSSCKFWC_SetAttributeValue
- * NSSCKFWC_FindObjectsInit
- * NSSCKFWC_FindObjects
- * NSSCKFWC_FindObjectsFinal
- * NSSCKFWC_EncryptInit
- * NSSCKFWC_Encrypt
- * NSSCKFWC_EncryptUpdate
- * NSSCKFWC_EncryptFinal
- * NSSCKFWC_DecryptInit
- * NSSCKFWC_Decrypt
- * NSSCKFWC_DecryptUpdate
- * NSSCKFWC_DecryptFinal
- * NSSCKFWC_DigestInit
- * NSSCKFWC_Digest
- * NSSCKFWC_DigestUpdate
- * NSSCKFWC_DigestKey
- * NSSCKFWC_DigestFinal
- * NSSCKFWC_SignInit
- * NSSCKFWC_Sign
- * NSSCKFWC_SignUpdate
- * NSSCKFWC_SignFinal
- * NSSCKFWC_SignRecoverInit
- * NSSCKFWC_SignRecover
- * NSSCKFWC_VerifyInit
- * NSSCKFWC_Verify
- * NSSCKFWC_VerifyUpdate
- * NSSCKFWC_VerifyFinal
- * NSSCKFWC_VerifyRecoverInit
- * NSSCKFWC_VerifyRecover
- * NSSCKFWC_DigestEncryptUpdate
- * NSSCKFWC_DecryptDigestUpdate
- * NSSCKFWC_SignEncryptUpdate
- * NSSCKFWC_DecryptVerifyUpdate
- * NSSCKFWC_GenerateKey
- * NSSCKFWC_GenerateKeyPair
- * NSSCKFWC_WrapKey
- * NSSCKFWC_UnwrapKey
- * NSSCKFWC_DeriveKey
- * NSSCKFWC_SeedRandom
- * NSSCKFWC_GenerateRandom
- * NSSCKFWC_GetFunctionStatus
- * NSSCKFWC_CancelFunction
- */
-
-/*
- * NSSCKFWC_Initialize
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_Initialize
-(
- NSSCKFWInstance **pFwInstance,
- NSSCKMDInstance *mdInstance,
- CK_VOID_PTR pInitArgs
-);
-
-/*
- * NSSCKFWC_Finalize
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_Finalize
-(
- NSSCKFWInstance **pFwInstance
-);
-
-/*
- * NSSCKFWC_GetInfo
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GetInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_INFO_PTR pInfo
-);
-
-/*
- * C_GetFunctionList is implemented entirely in the Module's file which
- * includes the Framework API insert file. It requires no "actual"
- * NSSCKFW routine.
- */
-
-/*
- * NSSCKFWC_GetSlotList
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GetSlotList
-(
- NSSCKFWInstance *fwInstance,
- CK_BBOOL tokenPresent,
- CK_SLOT_ID_PTR pSlotList,
- CK_ULONG_PTR pulCount
-);
-
-/*
- * NSSCKFWC_GetSlotInfo
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GetSlotInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_SLOT_INFO_PTR pInfo
-);
-
-/*
- * NSSCKFWC_GetTokenInfo
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GetTokenInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_TOKEN_INFO_PTR pInfo
-);
-
-/*
- * NSSCKFWC_WaitForSlotEvent
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_WaitForSlotEvent
-(
- NSSCKFWInstance *fwInstance,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR pSlot,
- CK_VOID_PTR pReserved
-);
-
-/*
- * NSSCKFWC_GetMechanismList
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GetMechanismList
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE_PTR pMechanismList,
- CK_ULONG_PTR pulCount
-);
-
-/*
- * NSSCKFWC_GetMechanismInfo
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GetMechanismInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR pInfo
-);
-
-/*
- * NSSCKFWC_InitToken
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_InitToken
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen,
- CK_CHAR_PTR pLabel
-);
-
-/*
- * NSSCKFWC_InitPIN
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_InitPIN
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen
-);
-
-/*
- * NSSCKFWC_SetPIN
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_SetPIN
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pOldPin,
- CK_ULONG ulOldLen,
- CK_CHAR_PTR pNewPin,
- CK_ULONG ulNewLen
-);
-
-/*
- * NSSCKFWC_OpenSession
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_OpenSession
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_FLAGS flags,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_SESSION_HANDLE_PTR phSession
-);
-
-/*
- * NSSCKFWC_CloseSession
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_CloseSession
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
-
-/*
- * NSSCKFWC_CloseAllSessions
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_CloseAllSessions
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID
-);
-
-/*
- * NSSCKFWC_GetSessionInfo
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GetSessionInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_SESSION_INFO_PTR pInfo
-);
-
-/*
- * NSSCKFWC_GetOperationState
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GetOperationState
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG_PTR pulOperationStateLen
-);
-
-/*
- * NSSCKFWC_SetOperationState
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_SetOperationState
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG ulOperationStateLen,
- CK_OBJECT_HANDLE hEncryptionKey,
- CK_OBJECT_HANDLE hAuthenticationKey
-);
-
-/*
- * NSSCKFWC_Login
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_Login
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_USER_TYPE userType,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen
-);
-
-/*
- * NSSCKFWC_Logout
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_Logout
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
-
-/*
- * NSSCKFWC_CreateObject
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_CreateObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phObject
-);
-
-/*
- * NSSCKFWC_CopyObject
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_CopyObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phNewObject
-);
-
-/*
- * NSSCKFWC_DestroyObject
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DestroyObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject
-);
-
-/*
- * NSSCKFWC_GetObjectSize
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GetObjectSize
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ULONG_PTR pulSize
-);
-
-/*
- * NSSCKFWC_GetAttributeValue
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GetAttributeValue
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-);
-
-/*
- * NSSCKFWC_SetAttributeValue
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_SetAttributeValue
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-);
-
-/*
- * NSSCKFWC_FindObjectsInit
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_FindObjectsInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-);
-
-/*
- * NSSCKFWC_FindObjects
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_FindObjects
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE_PTR phObject,
- CK_ULONG ulMaxObjectCount,
- CK_ULONG_PTR pulObjectCount
-);
-
-/*
- * NSSCKFWC_FindObjectsFinal
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_FindObjectsFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
-
-/*
- * NSSCKFWC_EncryptInit
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_EncryptInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
-
-/*
- * NSSCKFWC_Encrypt
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_Encrypt
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG_PTR pulEncryptedDataLen
-);
-
-/*
- * NSSCKFWC_EncryptUpdate
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_EncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-);
-
-/*
- * NSSCKFWC_EncryptFinal
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_EncryptFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastEncryptedPart,
- CK_ULONG_PTR pulLastEncryptedPartLen
-);
-
-/*
- * NSSCKFWC_DecryptInit
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DecryptInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
-
-/*
- * NSSCKFWC_Decrypt
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_Decrypt
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG ulEncryptedDataLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen
-);
-
-/*
- * NSSCKFWC_DecryptUpdate
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DecryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-);
-
-/*
- * NSSCKFWC_DecryptFinal
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DecryptFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastPart,
- CK_ULONG_PTR pulLastPartLen
-);
-
-/*
- * NSSCKFWC_DigestInit
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DigestInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism
-);
-
-/*
- * NSSCKFWC_Digest
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_Digest
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen
-);
-
-/*
- * NSSCKFWC_DigestUpdate
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DigestUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen
-);
-
-/*
- * NSSCKFWC_DigestKey
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DigestKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hKey
-);
-
-/*
- * NSSCKFWC_DigestFinal
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DigestFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen
-);
-
-/*
- * NSSCKFWC_SignInit
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_SignInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
-
-/*
- * NSSCKFWC_Sign
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_Sign
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-);
-
-/*
- * NSSCKFWC_SignUpdate
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_SignUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen
-);
-
-/*
- * NSSCKFWC_SignFinal
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_SignFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-);
-
-/*
- * NSSCKFWC_SignRecoverInit
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_SignRecoverInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
-
-/*
- * NSSCKFWC_SignRecover
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_SignRecover
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-);
-
-/*
- * NSSCKFWC_VerifyInit
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_VerifyInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
-
-/*
- * NSSCKFWC_Verify
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_Verify
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen
-);
-
-/*
- * NSSCKFWC_VerifyUpdate
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_VerifyUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen
-);
-
-/*
- * NSSCKFWC_VerifyFinal
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_VerifyFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen
-);
-
-/*
- * NSSCKFWC_VerifyRecoverInit
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_VerifyRecoverInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
-
-/*
- * NSSCKFWC_VerifyRecover
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_VerifyRecover
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen
-);
-
-/*
- * NSSCKFWC_DigestEncryptUpdate
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DigestEncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-);
-
-/*
- * NSSCKFWC_DecryptDigestUpdate
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DecryptDigestUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-);
-
-/*
- * NSSCKFWC_SignEncryptUpdate
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_SignEncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-);
-
-/*
- * NSSCKFWC_DecryptVerifyUpdate
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DecryptVerifyUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-);
-
-/*
- * NSSCKFWC_GenerateKey
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GenerateKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phKey
-);
-
-/*
- * NSSCKFWC_GenerateKeyPair
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GenerateKeyPair
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount,
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount,
- CK_OBJECT_HANDLE_PTR phPublicKey,
- CK_OBJECT_HANDLE_PTR phPrivateKey
-);
-
-/*
- * NSSCKFWC_WrapKey
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_WrapKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hWrappingKey,
- CK_OBJECT_HANDLE hKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG_PTR pulWrappedKeyLen
-);
-
-/*
- * NSSCKFWC_UnwrapKey
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_UnwrapKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hUnwrappingKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG ulWrappedKeyLen,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey
-);
-
-/*
- * NSSCKFWC_DeriveKey
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_DeriveKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hBaseKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey
-);
-
-/*
- * NSSCKFWC_SeedRandom
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_SeedRandom
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSeed,
- CK_ULONG ulSeedLen
-);
-
-/*
- * NSSCKFWC_GenerateRandom
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GenerateRandom
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pRandomData,
- CK_ULONG ulRandomLen
-);
-
-/*
- * NSSCKFWC_GetFunctionStatus
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_GetFunctionStatus
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
-
-/*
- * NSSCKFWC_CancelFunction
- *
- */
-NSS_EXTERN CK_RV
-NSSCKFWC_CancelFunction
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
-
-#endif /* NSSCKFWC_H */
diff --git a/security/nss/lib/ckfw/nssckfwt.h b/security/nss/lib/ckfw/nssckfwt.h
deleted file mode 100644
index 13be0f325..000000000
--- a/security/nss/lib/ckfw/nssckfwt.h
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSCKFWT_H
-#define NSSCKFWT_H
-
-#ifdef DEBUG
-static const char NSSCKFWT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nssckfwt.h
- *
- * This file declares the public types used by the NSS Cryptoki Framework.
- */
-
-/*
- * NSSCKFWInstance
- *
- */
-
-struct NSSCKFWInstanceStr;
-typedef struct NSSCKFWInstanceStr NSSCKFWInstance;
-
-/*
- * NSSCKFWSlot
- *
- */
-
-struct NSSCKFWSlotStr;
-typedef struct NSSCKFWSlotStr NSSCKFWSlot;
-
-/*
- * NSSCKFWToken
- *
- */
-
-struct NSSCKFWTokenStr;
-typedef struct NSSCKFWTokenStr NSSCKFWToken;
-
-/*
- * NSSCKFWMechanism
- *
- */
-
-struct NSSCKFWMechanismStr;
-typedef struct NSSCKFWMechanismStr NSSCKFWMechanism;
-
-/*
- * NSSCKFWSession
- *
- */
-
-struct NSSCKFWSessionStr;
-typedef struct NSSCKFWSessionStr NSSCKFWSession;
-
-/*
- * NSSCKFWObject
- *
- */
-
-struct NSSCKFWObjectStr;
-typedef struct NSSCKFWObjectStr NSSCKFWObject;
-
-/*
- * NSSCKFWFindObjects
- *
- */
-
-struct NSSCKFWFindObjectsStr;
-typedef struct NSSCKFWFindObjectsStr NSSCKFWFindObjects;
-
-/*
- * NSSCKFWMutex
- *
- */
-
-struct NSSCKFWMutexStr;
-typedef struct NSSCKFWMutexStr NSSCKFWMutex;
-
-#endif /* NSSCKFWT_H */
diff --git a/security/nss/lib/ckfw/nssckmdt.h b/security/nss/lib/ckfw/nssckmdt.h
deleted file mode 100644
index d45a089d2..000000000
--- a/security/nss/lib/ckfw/nssckmdt.h
+++ /dev/null
@@ -1,2014 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSCKMDT_H
-#define NSSCKMDT_H
-
-#ifdef DEBUG
-static const char NSSCKMDT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nssckmdt.h
- *
- * This file specifies the basic types that must be implemented by
- * any Module using the NSS Cryptoki Framework.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-#ifndef NSSCKT_H
-#include "nssckt.h"
-#endif /* NSSCKT_H */
-
-#ifndef NSSCKFWT_H
-#include "nssckfwt.h"
-#endif /* NSSCKFWT_H */
-
-typedef struct NSSCKMDInstanceStr NSSCKMDInstance;
-typedef struct NSSCKMDSlotStr NSSCKMDSlot;
-typedef struct NSSCKMDTokenStr NSSCKMDToken;
-typedef struct NSSCKMDSessionStr NSSCKMDSession;
-typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects;
-typedef struct NSSCKMDMechanismStr NSSCKMDMechanism;
-typedef struct NSSCKMDObjectStr NSSCKMDObject;
-
-/*
- * NSSCKMDInstance
- *
- * This is the basic handle for an instance of a PKCS#11 Module.
- * It is returned by the Module's CreateInstance routine, and
- * may be obtained from the corresponding NSSCKFWInstance object.
- * It contains a pointer for use by the Module, to store any
- * instance-related data, and it contains the EPV for a set of
- * routines which the Module may implement for use by the Framework.
- * Some of these routines are optional; others are mandatory.
- */
-
-struct NSSCKMDInstanceStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
-
- /*
- * This routine is called by the Framework to initialize
- * the Module. This routine is optional; if unimplemented,
- * it won't be called. If this routine returns an error,
- * then the initialization will fail.
- */
- CK_RV (PR_CALLBACK *Initialize)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSUTF8 *configurationData
- );
-
- /*
- * This routine is called when the Framework is finalizing
- * the PKCS#11 Module. It is the last thing called before
- * the NSSCKFWInstance's NSSArena is destroyed. This routine
- * is optional; if unimplemented, it merely won't be called.
- */
- void (PR_CALLBACK *Finalize)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine gets the number of slots. This value must
- * never change, once the instance is initialized. This
- * routine must be implemented. It may return zero on error.
- */
- CK_ULONG (PR_CALLBACK *GetNSlots)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine returns the version of the Cryptoki standard
- * to which this Module conforms. This routine is optional;
- * if unimplemented, the Framework uses the version to which
- * ~it~ was implemented.
- */
- CK_VERSION (PR_CALLBACK *GetCryptokiVersion)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing the manufacturer ID for this Module. Only
- * the characters completely encoded in the first thirty-
- * two bytes are significant. This routine is optional.
- * The string returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing a description of this Module library. Only
- * the characters completely encoded in the first thirty-
- * two bytes are significant. This routine is optional.
- * The string returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine returns the version of this Module library.
- * This routine is optional; if unimplemented, the Framework
- * will assume a Module library version of 0.1.
- */
- CK_VERSION (PR_CALLBACK *GetLibraryVersion)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns CK_TRUE if the Module wishes to
- * handle session objects. This routine is optional.
- * If this routine is NULL, or if it exists but returns
- * CK_FALSE, the Framework will assume responsibility
- * for managing session objects.
- */
- CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine stuffs pointers to NSSCKMDSlot objects into
- * the specified array; one for each slot supported by this
- * instance. The Framework will determine the size needed
- * for the array by calling GetNSlots. This routine is
- * required.
- */
- CK_RV (PR_CALLBACK *GetSlots)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *slots[]
- );
-
- /*
- * This call returns a pointer to the slot in which an event
- * has occurred. If the block argument is CK_TRUE, the call
- * should block until a slot event occurs; if CK_FALSE, it
- * should check to see if an event has occurred, occurred,
- * but return NULL (and set *pError to CK_NO_EVENT) if one
- * hasn't. This routine is optional; if unimplemented, the
- * Framework will assume that no event has happened. This
- * routine may return NULL upon error.
- */
- NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_BBOOL block,
- CK_RV *pError
- );
-
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
-};
-
-
-/*
- * NSSCKMDSlot
- *
- * This is the basic handle for a PKCS#11 Module Slot. It is
- * created by the NSSCKMDInstance->GetSlots call, and may be
- * obtained from the Framework's corresponding NSSCKFWSlot
- * object. It contains a pointer for use by the Module, to
- * store any slot-related data, and it contains the EPV for
- * a set of routines which the Module may implement for use
- * by the Framework. Some of these routines are optional.
- */
-
-struct NSSCKMDSlotStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
-
- /*
- * This routine is called during the Framework initialization
- * step, after the Framework Instance has obtained the list
- * of slots (by calling NSSCKMDInstance->GetSlots). Any slot-
- * specific initialization can be done here. This routine is
- * optional; if unimplemented, it won't be called. Note that
- * if this routine returns an error, the entire Framework
- * initialization for this Module will fail.
- */
- CK_RV (PR_CALLBACK *Initialize)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine is called when the Framework is finalizing
- * the PKCS#11 Module. This call (for each of the slots)
- * is the last thing called before NSSCKMDInstance->Finalize.
- * This routine is optional; if unimplemented, it merely
- * won't be called. Note: In the rare circumstance that
- * the Framework initialization cannot complete (due to,
- * for example, memory limitations), this can be called with
- * a NULL value for fwSlot.
- */
- void (PR_CALLBACK *Destroy)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing a description of this slot. Only the characters
- * completely encoded in the first sixty-four bytes are
- * significant. This routine is optional. The string
- * returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing a description of the manufacturer of this slot.
- * Only the characters completely encoded in the first thirty-
- * two bytes are significant. This routine is optional.
- * The string returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine returns CK_TRUE if a token is present in this
- * slot. This routine is optional; if unimplemented, CK_TRUE
- * is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetTokenPresent)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns CK_TRUE if the slot supports removable
- * tokens. This routine is optional; if unimplemented, CK_FALSE
- * is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetRemovableDevice)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns CK_TRUE if this slot is a hardware
- * device, or CK_FALSE if this slot is a software device. This
- * routine is optional; if unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetHardwareSlot)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the version of this slot's hardware.
- * This routine is optional; if unimplemented, the Framework
- * will assume a hardware version of 0.1.
- */
- CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the version of this slot's firmware.
- * This routine is optional; if unimplemented, the Framework
- * will assume a hardware version of 0.1.
- */
- CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine should return a pointer to an NSSCKMDToken
- * object corresponding to the token in the specified slot.
- * The NSSCKFWToken object passed in has an NSSArena
- * available which is dedicated for this token. This routine
- * must be implemented. This routine may return NULL upon
- * error.
- */
- NSSCKMDToken *(PR_CALLBACK *GetToken)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
-};
-
-/*
- * NSSCKMDToken
- *
- * This is the basic handle for a PKCS#11 Token. It is created by
- * the NSSCKMDSlot->GetToken call, and may be obtained from the
- * Framework's corresponding NSSCKFWToken object. It contains a
- * pointer for use by the Module, to store any token-related
- * data, and it contains the EPV for a set of routines which the
- * Module may implement for use by the Framework. Some of these
- * routines are optional.
- */
-
-struct NSSCKMDTokenStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
-
- /*
- * This routine is used to prepare a Module token object for
- * use. It is called after the NSSCKMDToken object is obtained
- * from NSSCKMDSlot->GetToken. It is named "Setup" here because
- * Cryptoki already defines "InitToken" to do the process of
- * wiping out any existing state on a token and preparing it for
- * a new use. This routine is optional; if unimplemented, it
- * merely won't be called.
- */
- CK_RV (PR_CALLBACK *Setup)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine is called by the Framework whenever it notices
- * that the token object is invalid. (Typically this is when a
- * routine indicates an error such as CKR_DEVICE_REMOVED). This
- * call is the last thing called before the NSSArena in the
- * corresponding NSSCKFWToken is destroyed. This routine is
- * optional; if unimplemented, it merely won't be called.
- */
- void (PR_CALLBACK *Invalidate)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine initialises the token in the specified slot.
- * This routine is optional; if unimplemented, the Framework
- * will fail this operation with an error of CKR_DEVICE_ERROR.
- */
-
- CK_RV (PR_CALLBACK *InitToken)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *pin,
- NSSUTF8 *label
- );
-
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing this token's label. Only the characters
- * completely encoded in the first thirty-two bytes are
- * significant. This routine is optional. The string
- * returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetLabel)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing this token's manufacturer ID. Only the characters
- * completely encoded in the first thirty-two bytes are
- * significant. This routine is optional. The string
- * returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing this token's model name. Only the characters
- * completely encoded in the first thirty-two bytes are
- * significant. This routine is optional. The string
- * returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetModel)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing this token's serial number. Only the characters
- * completely encoded in the first thirty-two bytes are
- * significant. This routine is optional. The string
- * returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine returns CK_TRUE if the token has its own
- * random number generator. This routine is optional; if
- * unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetHasRNG)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns CK_TRUE if this token is write-protected.
- * This routine is optional; if unimplemented, CK_FALSE is
- * assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns CK_TRUE if this token requires a login.
- * This routine is optional; if unimplemented, CK_FALSE is
- * assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetLoginRequired)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns CK_TRUE if the normal user's PIN on this
- * token has been initialised. This routine is optional; if
- * unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns CK_TRUE if a successful save of a
- * session's cryptographic operations state ~always~ contains
- * all keys needed to restore the state of the session. This
- * routine is optional; if unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns CK_TRUE if the token has its own
- * hardware clock. This routine is optional; if unimplemented,
- * CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns CK_TRUE if the token has a protected
- * authentication path. This routine is optional; if
- * unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns CK_TRUE if the token supports dual
- * cryptographic operations within a single session. This
- * routine is optional; if unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * XXX fgmr-- should we have a call to return all the flags
- * at once, for folks who already know about Cryptoki?
- */
-
- /*
- * This routine returns the maximum number of sessions that
- * may be opened on this token. This routine is optional;
- * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
- * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
- */
- CK_ULONG (PR_CALLBACK *GetMaxSessionCount)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the maximum number of read/write
- * sesisons that may be opened on this token. This routine
- * is optional; if unimplemented, the special value
- * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or
- * CK_EFFECTIVELY_INFINITE?
- */
- CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the maximum PIN code length that is
- * supported on this token. This routine is optional;
- * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
- * is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetMaxPinLen)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the minimum PIN code length that is
- * supported on this token. This routine is optional; if
- * unimplemented, the special value CK_UNAVAILABLE_INFORMATION
- * is assumed. XXX fgmr-- or 0?
- */
- CK_ULONG (PR_CALLBACK *GetMinPinLen)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the total amount of memory on the token
- * in which public objects may be stored. This routine is
- * optional; if unimplemented, the special value
- * CK_UNAVAILABLE_INFORMATION is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the amount of unused memory on the
- * token in which public objects may be stored. This routine
- * is optional; if unimplemented, the special value
- * CK_UNAVAILABLE_INFORMATION is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetFreePublicMemory)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the total amount of memory on the token
- * in which private objects may be stored. This routine is
- * optional; if unimplemented, the special value
- * CK_UNAVAILABLE_INFORMATION is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the amount of unused memory on the
- * token in which private objects may be stored. This routine
- * is optional; if unimplemented, the special value
- * CK_UNAVAILABLE_INFORMATION is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the version number of this token's
- * hardware. This routine is optional; if unimplemented,
- * the value 0.1 is assumed.
- */
- CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the version number of this token's
- * firmware. This routine is optional; if unimplemented,
- * the value 0.1 is assumed.
- */
- CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine stuffs the current UTC time, as obtained from
- * the token, into the sixteen-byte buffer in the form
- * YYYYMMDDhhmmss00. This routine need only be implemented
- * by token which indicate that they have a real-time clock.
- * XXX fgmr-- think about time formats.
- */
- CK_RV (PR_CALLBACK *GetUTCTime)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_CHAR utcTime[16]
- );
-
- /*
- * This routine creates a session on the token, and returns
- * the corresponding NSSCKMDSession object. The value of
- * rw will be CK_TRUE if the session is to be a read/write
- * session, or CK_FALSE otherwise. An NSSArena dedicated to
- * the new session is available from the specified NSSCKFWSession.
- * This routine may return NULL upon error.
- */
- NSSCKMDSession *(PR_CALLBACK *OpenSession)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_BBOOL rw,
- CK_RV *pError
- );
-
- /*
- * This routine returns the number of PKCS#11 Mechanisms
- * supported by this token. This routine is optional; if
- * unimplemented, zero is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetMechanismCount)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine stuffs into the specified array the types
- * of the mechanisms supported by this token. The Framework
- * determines the size of the array by calling GetMechanismCount.
- */
- CK_RV (PR_CALLBACK *GetMechanismTypes)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_MECHANISM_TYPE types[]
- );
-
- /*
- * This routine returns a pointer to a Module mechanism
- * object corresponding to a specified type. This routine
- * need only exist for tokens implementing at least one
- * mechanism.
- */
- NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_TYPE which
- );
-
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
-};
-
-/*
- * NSSCKMDSession
- *
- * This is the basic handle for a session on a PKCS#11 Token. It
- * is created by NSSCKMDToken->OpenSession, and may be obtained
- * from the Framework's corresponding NSSCKFWSession object. It
- * contains a pointer for use by the Module, to store any session-
- * realted data, and it contains the EPV for a set of routines
- * which the Module may implement for use by the Framework. Some
- * of these routines are optional.
- */
-
-struct NSSCKMDSessionStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
-
- /*
- * This routine is called by the Framework when a session is
- * closed. This call is the last thing called before the
- * NSSArena in the correspoinding NSSCKFWSession is destroyed.
- * This routine is optional; if unimplemented, it merely won't
- * be called.
- */
- void (PR_CALLBACK *Close)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine is used to get any device-specific error.
- * This routine is optional.
- */
- CK_ULONG (PR_CALLBACK *GetDeviceError)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine is used to log in a user to the token. This
- * routine is optional, since the Framework's NSSCKFWSession
- * object keeps track of the login state.
- */
- CK_RV (PR_CALLBACK *Login)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_USER_TYPE userType,
- NSSItem *pin,
- CK_STATE oldState,
- CK_STATE newState
- );
-
- /*
- * This routine is used to log out a user from the token. This
- * routine is optional, since the Framework's NSSCKFWSession
- * object keeps track of the login state.
- */
- CK_RV (PR_CALLBACK *Logout)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_STATE oldState,
- CK_STATE newState
- );
-
- /*
- * This routine is used to initialize the normal user's PIN or
- * password. This will only be called in the "read/write
- * security officer functions" state. If this token has a
- * protected authentication path, then the pin argument will
- * be NULL. This routine is optional; if unimplemented, the
- * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
- */
- CK_RV (PR_CALLBACK *InitPIN)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *pin
- );
-
- /*
- * This routine is used to modify a user's PIN or password. This
- * routine will only be called in the "read/write security officer
- * functions" or "read/write user functions" state. If this token
- * has a protected authentication path, then the pin arguments
- * will be NULL. This routine is optional; if unimplemented, the
- * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
- */
- CK_RV (PR_CALLBACK *SetPIN)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *oldPin,
- NSSItem *newPin
- );
-
- /*
- * This routine is used to find out how much space would be required
- * to save the current operational state. This routine is optional;
- * if unimplemented, the Framework will reject any attempts to save
- * the operational state with the error CKR_STATE_UNSAVEABLE. This
- * routine may return zero on error.
- */
- CK_ULONG (PR_CALLBACK *GetOperationStateLen)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine is used to store the current operational state. This
- * routine is only required if GetOperationStateLen is implemented
- * and can return a nonzero value. The buffer in the specified item
- * will be pre-allocated, and the length will specify the amount of
- * space available (which may be more than GetOperationStateLen
- * asked for, but which will not be smaller).
- */
- CK_RV (PR_CALLBACK *GetOperationState)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *buffer
- );
-
- /*
- * This routine is used to restore an operational state previously
- * obtained with GetOperationState. The Framework will take pains
- * to be sure that the state is (or was at one point) valid; if the
- * Module notices that the state is invalid, it should return an
- * error, but it is not required to be paranoid about the issue.
- * [XXX fgmr-- should (can?) the framework verify the keys match up?]
- * This routine is required only if GetOperationState is implemented.
- */
- CK_RV (PR_CALLBACK *SetOperationState)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *state,
- NSSCKMDObject *mdEncryptionKey,
- NSSCKFWObject *fwEncryptionKey,
- NSSCKMDObject *mdAuthenticationKey,
- NSSCKFWObject *fwAuthenticationKey
- );
-
- /*
- * This routine is used to create an object. The specified template
- * will only specify a session object if the Module has indicated
- * that it wishes to handle its own session objects. This routine
- * is optional; if unimplemented, the Framework will reject the
- * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for
- * token objects should come from the NSSArena available from the
- * NSSCKFWToken object; space for session objects (if supported)
- * should come from the NSSArena available from the NSSCKFWSession
- * object. The appropriate NSSArena pointer will, as a convenience,
- * be passed as the handyArenaPointer argument. This routine may
- * return NULL upon error.
- */
- NSSCKMDObject *(PR_CALLBACK *CreateObject)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *handyArenaPointer,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
-
- /*
- * This routine is used to make a copy of an object. It is entirely
- * optional; if unimplemented, the Framework will try to use
- * CreateObject instead. If the Module has indicated that it does
- * not wish to handle session objects, then this routine will only
- * be called to copy a token object to another token object.
- * Otherwise, either the original object or the new may be of
- * either the token or session variety. As with CreateObject, the
- * handyArenaPointer will point to the appropriate arena for the
- * new object. This routine may return NULL upon error.
- */
- NSSCKMDObject *(PR_CALLBACK *CopyObject)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdOldObject,
- NSSCKFWObject *fwOldObject,
- NSSArena *handyArenaPointer,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
-
- /*
- * This routine is used to begin an object search. This routine may
- * be unimplemented only if the Module does not handle session
- * objects, and if none of its tokens have token objects. The
- * NSSCKFWFindObjects pointer has an NSSArena that may be used for
- * storage for the life of this "find" operation. This routine may
- * return NULL upon error. If the Module can determine immediately
- * that the search will not find any matching objects, it may return
- * NULL, and specify CKR_OK as the error.
- */
- NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
-
- /*
- * This routine seeds the random-number generator. It is
- * optional, even if GetRandom is implemented. If unimplemented,
- * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
- */
- CK_RV (PR_CALLBACK *SeedRandom)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *seed
- );
-
- /*
- * This routine gets random data. It is optional. If unimplemented,
- * the Framework will issue the error CKR_RANDOM_NO_RNG.
- */
- CK_RV (PR_CALLBACK *GetRandom)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *buffer
- );
-
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
-};
-
-/*
- * NSSCKMDFindObjects
- *
- * This is the basic handle for an object search. It is
- * created by NSSCKMDSession->FindObjectsInit, and may be
- * obtained from the Framework's corresponding object.
- * It contains a pointer for use by the Module, to store
- * any search-related data, and it contains the EPV for a
- * set of routines which the Module may implement for use
- * by the Framework. Some of these routines are optional.
- */
-
-struct NSSCKMDFindObjectsStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
-
- /*
- * This routine is called by the Framework to finish a
- * search operation. Note that the Framework may finish
- * a search before it has completed. This routine is
- * optional; if unimplemented, it merely won't be called.
- */
- void (PR_CALLBACK *Final)(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine is used to obtain another pointer to an
- * object matching the search criteria. This routine is
- * required. If no (more) objects match the search, it
- * should return NULL and set the error to CKR_OK.
- */
- NSSCKMDObject *(PR_CALLBACK *Next)(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
- );
-
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
-};
-
-/*
- * NSSCKMDMechanism
- *
- */
-
-struct NSSCKMDMechanismStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
-
- /*
- * This routine returns the minimum key size allowed for
- * this mechanism. This routine is optional; if unimplemented,
- * zero will be assumed. This routine may return zero on
- * error; if the error is CKR_OK, zero will be accepted as
- * a valid response.
- */
- CK_ULONG (PR_CALLBACK *GetMinKeySize)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine returns the maximum key size allowed for
- * this mechanism. This routine is optional; if unimplemented,
- * zero will be assumed. This routine may return zero on
- * error; if the error is CKR_OK, zero will be accepted as
- * a valid response.
- */
- CK_ULONG (PR_CALLBACK *GetMaxKeySize)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine is called to determine if the mechanism is
- * implemented in hardware or software. It returns CK_TRUE
- * if it is done in hardware.
- */
- CK_BBOOL (PR_CALLBACK *GetInHardware)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * The crypto routines themselves. Most crypto operations may
- * be performed in two ways, streaming and single-part. The
- * streaming operations involve the use of (typically) three
- * calls-- an Init method to set up the operation, an Update
- * method to feed data to the operation, and a Final method to
- * obtain the final result. Single-part operations involve
- * one method, to perform the crypto operation all at once.
- * The NSS Cryptoki Framework can implement the single-part
- * operations in terms of the streaming operations on behalf
- * of the Module. There are a few variances.
- *
- * For simplicity, the routines are listed in summary here:
- *
- * EncryptInit, EncryptUpdate, EncryptFinal; Encrypt
- * DecryptInit, DecryptUpdate, DecryptFinal; Decrypt
- * DigestInit, DigestUpdate, DigestKey, DigestFinal; Digest
- * SignInit, SignUpdate, SignFinal; Sign
- * SignRecoverInit; SignRecover
- * VerifyInit, VerifyUpdate, VerifyFinal; Verify
- * VerifyRecoverInit; VerifyRecover
- *
- * Also, there are some combined-operation calls:
- *
- * DigestEncryptUpdate
- * DecryptDigestUpdate
- * SignEncryptUpdate
- * DecryptVerifyUpdate
- *
- * The key-management routines are
- *
- * GenerateKey
- * GenerateKeyPair
- * WrapKey
- * UnwrapKey
- * DeriveKey
- *
- * All of these routines based directly on the Cryptoki API;
- * see PKCS#11 for further information.
- */
-
- /*
- */
- CK_RV (PR_CALLBACK *EncryptInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *EncryptUpdate)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *EncryptFinal)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *Encrypt)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *DecryptInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *DecryptUpdate)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *DecryptFinal)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *Decrypt)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *DigestInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *DigestUpdate)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *data
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *DigestKey)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *DigestFinal)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *Digest)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *SignInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *SignUpdate)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *SignFinal)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *Sign)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *VerifyInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *key
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *VerifyUpdate)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *data
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *VerifyFinish)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *Verify)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *key,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *SignRecover)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *VerifyRecover)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *DigestEncryptUpdate)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *DecryptDigestUpdate)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *SignEncryptUpdate)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- */
- CK_RV (PR_CALLBACK *DecryptVerifyUpdate)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *data,
- NSSItem *buffer
- );
-
- /*
- * Key management operations.
- */
-
- /*
- * This routine generates a key. This routine may return NULL
- * upon error.
- */
- NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
-
- /*
- * This routine generates a key pair.
- */
- CK_RV (PR_CALLBACK *GenerateKeyPair)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount,
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount,
- NSSCKMDObject **pPublicKey,
- NSSCKMDObject **pPrivateKey
- );
-
- /*
- * This routine wraps a key.
- */
- CK_RV (PR_CALLBACK *WrapKey)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdWrappingKey,
- NSSCKFWObject *fwWrappingKey,
- NSSCKMDObject *mdWrappedKey,
- NSSCKFWObject *fwWrappedKey,
- NSSItem *buffer
- );
-
- /*
- * This routine unwraps a key. This routine may return NULL
- * upon error.
- */
- NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdWrappingKey,
- NSSCKFWObject *fwWrappingKey,
- NSSItem *wrappedKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
-
- /*
- * This routine derives a key. This routine may return NULL
- * upon error.
- */
- NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdBaseKey,
- NSSCKFWObject *fwBaseKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
-
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
-};
-
-/*
- * NSSCKMDObject
- *
- * This is the basic handle for any object used by a PKCS#11 Module.
- * Modules must implement it if they support their own objects, and
- * the Framework supports it for Modules that do not handle session
- * objects. This type contains a pointer for use by the implementor,
- * to store any object-specific data, and it contains an EPV for a
- * set of routines used to access the object.
- */
-
-struct NSSCKMDObjectStr {
- /*
- * The implementation my use this pointer for its own purposes.
- */
- void *etc;
-
- /*
- * This routine is called by the Framework when it is letting
- * go of an object handle. It can be used by the Module to
- * free any resources tied up by an object "in use." It is
- * optional.
- */
- void (PR_CALLBACK *Finalize)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine is used to completely destroy an object.
- * It is optional. The parameter fwObject might be NULL
- * if the framework runs out of memory at the wrong moment.
- */
- CK_RV (PR_CALLBACK *Destroy)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This helper routine is used by the Framework, and is especially
- * useful when it is managing session objects on behalf of the
- * Module. This routine is optional; if unimplemented, the
- * Framework will actually look up the CKA_TOKEN attribute. In the
- * event of an error, just make something up-- the Framework will
- * find out soon enough anyway.
- */
- CK_BBOOL (PR_CALLBACK *IsTokenObject)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
-
- /*
- * This routine returns the number of attributes of which this
- * object consists. It is mandatory. It can return zero on
- * error.
- */
- CK_ULONG (PR_CALLBACK *GetAttributeCount)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This routine stuffs the attribute types into the provided array.
- * The array size (as obtained from GetAttributeCount) is passed in
- * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
- * (either too big or too small).
- */
- CK_RV (PR_CALLBACK *GetAttributeTypes)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
- );
-
- /*
- * This routine returns the size (in bytes) of the specified
- * attribute. It can return zero on error.
- */
- CK_ULONG (PR_CALLBACK *GetAttributeSize)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
- );
-
- /*
- * This routine returns the specified attribute. It can return
- * NULL upon error. The pointer in the item will not be freed;
- * any host memory required should come from the object's arena
- * (which is likely the Framework's token or session arena).
- * It may return NULL on error.
- */
- NSSItem *(PR_CALLBACK *GetAttribute)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
- );
-
- /*
- * This routine changes the specified attribute. If unimplemented,
- * the object will be considered read-only.
- */
- CK_RV (PR_CALLBACK *SetAttribute)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
- );
-
- /*
- * This routine returns the storage requirements of this object,
- * in bytes. Cryptoki doesn't strictly define the definition,
- * but it should relate to the values returned by the "Get Memory"
- * routines of the NSSCKMDToken. This routine is optional; if
- * unimplemented, the Framework will consider this information
- * sensitive. This routine may return zero on error. If the
- * specified error is CKR_OK, zero will be accepted as a valid
- * response.
- */
- CK_ULONG (PR_CALLBACK *GetObjectSize)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
-
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
-};
-
-
-#endif /* NSSCKMDT_H */
diff --git a/security/nss/lib/ckfw/nssckp.h b/security/nss/lib/ckfw/nssckp.h
deleted file mode 100644
index 502e18408..000000000
--- a/security/nss/lib/ckfw/nssckp.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * This file is in part derived from a file "pkcs11t.h" made available
- * by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11t.h
- */
-
-#ifndef NSSCKP_H
-#define NSSCKP_H
-
-#ifdef DEBUG
-static const char NSSCKP_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#endif /* NSSCKP_H */
-
-/*
- * These platform-dependent packing rules are required by all PKCS#11
- * modules, to be binary compatible. These rules have been placed in
- * separate header files (nssckp.h to enable the packing, nsscku.h to
- * disable) for consistancy. These files can be included many times,
- * so the bodies should *NOT* be in the multiple-inclusion-preventing
- * #ifndef/#endif area above.
- */
-
-/*
- * WIN32 is defined (when appropriate) in NSPR's prcpucfg.h.
- */
-
-#ifdef WIN32
-#pragma warning(disable:4103)
-#pragma pack(push, cryptoki, 1)
-#endif /* WIN32 */
-
-/* End of nssckp.h */
diff --git a/security/nss/lib/ckfw/nssckt.h b/security/nss/lib/ckfw/nssckt.h
deleted file mode 100644
index f2bf36f1d..000000000
--- a/security/nss/lib/ckfw/nssckt.h
+++ /dev/null
@@ -1,1123 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * This file is in part derived from a file "pkcs11t.h" made available
- * by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11t.h
- *
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security Inc Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- *
- */
-
-#ifndef NSSCKT_H
-#define NSSCKT_H
-
-#ifdef DEBUG
-static const char NSSCKT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "nspr.h"
-
-/*
- * nssckt.h
- *
- * This file contains the type definitions for Cryptoki (PKCS#11).
- * These definitions are taken from the RSA Standard.
- *
- * NOTE: Unlike most things in NSS, there are public types and
- * preprocessor definitions which do *NOT* begin with NSS-- rather,
- * they begin with CK, as per the standard.
- */
-
-#ifndef CK_FALSE
-#define CK_FALSE 0
-#endif
-
-#ifndef CK_TRUE
-#define CK_TRUE (!CK_FALSE)
-#endif
-
-#define CK_PTR *
-#define CK_NULL_PTR 0
-#define CK_CALLBACK_FUNCTION(rv,func) rv (PR_CALLBACK * func)
-#define CK_DECLARE_FUNCTION(rv,func) NSS_EXTERN rv func
-#define CK_DECLARE_FUNCTION_POINTER(rv,func) rv (PR_CALLBACK * func)
-
-/* an unsigned 8-bit value */
-typedef unsigned char CK_BYTE;
-
-/* an unsigned 8-bit character */
-typedef CK_BYTE CK_CHAR;
-
-/* a BYTE-sized Boolean flag */
-typedef CK_BYTE CK_BBOOL;
-
-/* an unsigned value, at least 16 bits long */
-typedef unsigned short int CK_USHORT;
-
-/* a signed value, the same size as a CK_USHORT */
-typedef short int CK_SHORT;
-
-/* an unsigned value, at least 32 bits long */
-typedef unsigned long int CK_ULONG;
-
-/* a signed value, the same size as a CK_ULONG */
-/* CK_LONG is new for v2.0 */
-typedef long int CK_LONG;
-
-/* at least 32 bits; each bit is a Boolean flag */
-typedef CK_ULONG CK_FLAGS;
-
-
-/* some special values for certain CK_ULONG variables */
-#define CK_UNAVAILABLE_INFORMATION (~0UL)
-#define CK_EFFECTIVELY_INFINITE 0
-
-
-typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-typedef CK_CHAR CK_PTR CK_CHAR_PTR;
-typedef CK_ULONG CK_PTR CK_ULONG_PTR;
-typedef void CK_PTR CK_VOID_PTR;
-
-/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
-typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
-
-
-/* The following value is always invalid if used as a session */
-/* handle or object handle */
-#define CK_INVALID_HANDLE 0
-
-#define CK_ENTRY
-
-/* pack */
-#include "nssckp.h"
-
-typedef struct CK_VERSION {
- CK_BYTE major; /* integer portion of version number */
- CK_BYTE minor; /* 1/100ths portion of version number */
-} CK_VERSION;
-
-typedef CK_VERSION CK_PTR CK_VERSION_PTR;
-
-
-typedef struct CK_INFO {
- CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
- CK_CHAR manufacturerID[32]; /* blank padded */
- CK_FLAGS flags; /* must be zero */
-
- /* libraryDescription and libraryVersion are new for v2.0 */
- CK_CHAR libraryDescription[32]; /* blank padded */
- CK_VERSION libraryVersion; /* version of library */
-} CK_INFO;
-
-typedef CK_INFO CK_PTR CK_INFO_PTR;
-
-
-/* CK_NOTIFICATION enumerates the types of notifications that
- * Cryptoki provides to an application */
-/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
- * for v2.0 */
-typedef CK_ULONG CK_NOTIFICATION;
-#define CKN_SURRENDER 0
-
-
-typedef CK_ULONG CK_SLOT_ID;
-
-typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
-
-
-/* CK_SLOT_INFO provides information about a slot */
-typedef struct CK_SLOT_INFO {
- CK_CHAR slotDescription[64]; /* blank padded */
- CK_CHAR manufacturerID[32]; /* blank padded */
- CK_FLAGS flags;
-
- /* hardwareVersion and firmwareVersion are new for v2.0 */
- CK_VERSION hardwareVersion; /* version of hardware */
- CK_VERSION firmwareVersion; /* version of firmware */
-} CK_SLOT_INFO;
-
-/* flags: bit flags that provide capabilities of the slot
- * Bit Flag Mask Meaning
- */
-#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
-#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
-#define CKF_HW_SLOT 0x00000004 /* hardware slot */
-
-typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
-
-
-/* CK_TOKEN_INFO provides information about a token */
-typedef struct CK_TOKEN_INFO {
- CK_CHAR label[32]; /* blank padded */
- CK_CHAR manufacturerID[32]; /* blank padded */
- CK_CHAR model[16]; /* blank padded */
- CK_CHAR serialNumber[16]; /* blank padded */
- CK_FLAGS flags; /* see below */
-
- /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
- * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
- * changed from CK_USHORT to CK_ULONG for v2.0 */
- CK_ULONG ulMaxSessionCount; /* max open sessions */
- CK_ULONG ulSessionCount; /* sess. now open */
- CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
- CK_ULONG ulRwSessionCount; /* R/W sess. now open */
- CK_ULONG ulMaxPinLen; /* in bytes */
- CK_ULONG ulMinPinLen; /* in bytes */
- CK_ULONG ulTotalPublicMemory; /* in bytes */
- CK_ULONG ulFreePublicMemory; /* in bytes */
- CK_ULONG ulTotalPrivateMemory; /* in bytes */
- CK_ULONG ulFreePrivateMemory; /* in bytes */
-
- /* hardwareVersion, firmwareVersion, and time are new for
- * v2.0 */
- CK_VERSION hardwareVersion; /* version of hardware */
- CK_VERSION firmwareVersion; /* version of firmware */
- CK_CHAR utcTime[16]; /* time */
-} CK_TOKEN_INFO;
-
-/* The flags parameter is defined as follows:
- * Bit Flag Mask Meaning
- */
-#define CKF_RNG 0x00000001 /* has random #
- * generator */
-#define CKF_WRITE_PROTECTED 0x00000002 /* token is
- * write-
- * protected */
-#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
- * login */
-#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
- * PIN is set */
-
-/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
- * that means that *every* time the state of cryptographic
- * operations of a session is successfully saved, all keys
- * needed to continue those operations are stored in the state */
-#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
-
-/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
- * that the token has some sort of clock. The time on that
- * clock is returned in the token info structure */
-#define CKF_CLOCK_ON_TOKEN 0x00000040
-
-/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
- * set, that means that there is some way for the user to login
- * without sending a PIN through the Cryptoki library itself */
-#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
-
-/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
- * that means that a single session with the token can perform
- * dual simultaneous cryptographic operations (digest and
- * encrypt; decrypt and digest; sign and encrypt; and decrypt
- * and sign) */
-#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
-
-typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
-
-
-/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
- * identifies a session */
-typedef CK_ULONG CK_SESSION_HANDLE;
-
-typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
-
-
-/* CK_USER_TYPE enumerates the types of Cryptoki users */
-/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
- * v2.0 */
-typedef CK_ULONG CK_USER_TYPE;
-/* Security Officer */
-#define CKU_SO 0
-/* Normal user */
-#define CKU_USER 1
-
-
-/* CK_STATE enumerates the session states */
-/* CK_STATE has been changed from an enum to a CK_ULONG for
- * v2.0 */
-typedef CK_ULONG CK_STATE;
-#define CKS_RO_PUBLIC_SESSION 0
-#define CKS_RO_USER_FUNCTIONS 1
-#define CKS_RW_PUBLIC_SESSION 2
-#define CKS_RW_USER_FUNCTIONS 3
-#define CKS_RW_SO_FUNCTIONS 4
-
-
-/* CK_SESSION_INFO provides information about a session */
-typedef struct CK_SESSION_INFO {
- CK_SLOT_ID slotID;
- CK_STATE state;
- CK_FLAGS flags; /* see below */
-
- /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
- CK_ULONG ulDeviceError; /* device-dependent error code */
-} CK_SESSION_INFO;
-
-/* The flags are defined in the following table:
- * Bit Flag Mask Meaning
- */
-#define CKF_RW_SESSION 0x00000002 /* session is r/w */
-#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
-
-typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
-
-
-/* CK_OBJECT_HANDLE is a token-specific identifier for an
- * object */
-typedef CK_ULONG CK_OBJECT_HANDLE;
-
-typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
-
-
-/* CK_OBJECT_CLASS is a value that identifies the classes (or
- * types) of objects that Cryptoki recognizes. It is defined
- * as follows: */
-/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
-typedef CK_ULONG CK_OBJECT_CLASS;
-
-/* The following classes of objects are defined: */
-#define CKO_DATA 0x00000000
-#define CKO_CERTIFICATE 0x00000001
-#define CKO_PUBLIC_KEY 0x00000002
-#define CKO_PRIVATE_KEY 0x00000003
-#define CKO_SECRET_KEY 0x00000004
-#define CKO_VENDOR_DEFINED 0x80000000
-
-typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-
-
-/* CK_KEY_TYPE is a value that identifies a key type */
-/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-typedef CK_ULONG CK_KEY_TYPE;
-
-/* the following key types are defined: */
-#define CKK_RSA 0x00000000
-#define CKK_DSA 0x00000001
-#define CKK_DH 0x00000002
-
-/* CKK_ECDSA and CKK_KEA are new for v2.0 */
-
-/* Cryptoki V2.01 probably won't actually have ECDSA in it */
-#define CKK_ECDSA 0x00000003
-
-#define CKK_KEA 0x00000005
-
-#define CKK_GENERIC_SECRET 0x00000010
-#define CKK_RC2 0x00000011
-#define CKK_RC4 0x00000012
-#define CKK_DES 0x00000013
-#define CKK_DES2 0x00000014
-#define CKK_DES3 0x00000015
-
-/* all these key types are new for v2.0 */
-#define CKK_CAST 0x00000016
-#define CKK_CAST3 0x00000017
-#define CKK_CAST5 0x00000018
-#define CKK_CAST128 0x00000018 /* CAST128=CAST5 */
-#define CKK_RC5 0x00000019
-#define CKK_IDEA 0x0000001A
-#define CKK_SKIPJACK 0x0000001B
-#define CKK_BATON 0x0000001C
-#define CKK_JUNIPER 0x0000001D
-#define CKK_CDMF 0x0000001E
-
-#define CKK_VENDOR_DEFINED 0x80000000
-
-
-/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
- * type */
-/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
- * for v2.0 */
-typedef CK_ULONG CK_CERTIFICATE_TYPE;
-
-/* The following certificate types are defined: */
-#define CKC_X_509 0x00000000
-#define CKC_VENDOR_DEFINED 0x80000000
-
-/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
- * type */
-/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
-typedef CK_ULONG CK_ATTRIBUTE_TYPE;
-
-typedef CK_ATTRIBUTE_TYPE CK_PTR CK_ATTRIBUTE_TYPE_PTR;
-
-/* The following attribute types are defined: */
-#define CKA_CLASS 0x00000000
-#define CKA_TOKEN 0x00000001
-#define CKA_PRIVATE 0x00000002
-#define CKA_LABEL 0x00000003
-#define CKA_APPLICATION 0x00000010
-#define CKA_VALUE 0x00000011
-#define CKA_CERTIFICATE_TYPE 0x00000080
-#define CKA_ISSUER 0x00000081
-#define CKA_SERIAL_NUMBER 0x00000082
-#define CKA_KEY_TYPE 0x00000100
-#define CKA_SUBJECT 0x00000101
-#define CKA_ID 0x00000102
-#define CKA_SENSITIVE 0x00000103
-#define CKA_ENCRYPT 0x00000104
-#define CKA_DECRYPT 0x00000105
-#define CKA_WRAP 0x00000106
-#define CKA_UNWRAP 0x00000107
-#define CKA_SIGN 0x00000108
-#define CKA_SIGN_RECOVER 0x00000109
-#define CKA_VERIFY 0x0000010A
-#define CKA_VERIFY_RECOVER 0x0000010B
-#define CKA_DERIVE 0x0000010C
-#define CKA_START_DATE 0x00000110
-#define CKA_END_DATE 0x00000111
-#define CKA_MODULUS 0x00000120
-#define CKA_MODULUS_BITS 0x00000121
-#define CKA_PUBLIC_EXPONENT 0x00000122
-#define CKA_PRIVATE_EXPONENT 0x00000123
-#define CKA_PRIME_1 0x00000124
-#define CKA_PRIME_2 0x00000125
-#define CKA_EXPONENT_1 0x00000126
-#define CKA_EXPONENT_2 0x00000127
-#define CKA_COEFFICIENT 0x00000128
-#define CKA_PRIME 0x00000130
-#define CKA_SUBPRIME 0x00000131
-#define CKA_BASE 0x00000132
-#define CKA_VALUE_BITS 0x00000160
-#define CKA_VALUE_LEN 0x00000161
-
-/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
- * CKA_ALWAYS_SENSITIVE, and CKA_MODIFIABLE are new for v2.0 */
-#define CKA_EXTRACTABLE 0x00000162
-#define CKA_LOCAL 0x00000163
-#define CKA_NEVER_EXTRACTABLE 0x00000164
-#define CKA_ALWAYS_SENSITIVE 0x00000165
-#define CKA_MODIFIABLE 0x00000170
-
-#define CKA_VENDOR_DEFINED 0x80000000
-
-
-/* CK_ATTRIBUTE is a structure that includes the type, length
- * and value of an attribute */
-typedef struct CK_ATTRIBUTE {
- CK_ATTRIBUTE_TYPE type;
- CK_VOID_PTR pValue;
-
- /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
- CK_ULONG ulValueLen; /* in bytes */
-} CK_ATTRIBUTE;
-
-typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
-
-
-/* CK_DATE is a structure that defines a date */
-typedef struct CK_DATE{
- CK_CHAR year[4]; /* the year ("1900" - "9999") */
- CK_CHAR month[2]; /* the month ("01" - "12") */
- CK_CHAR day[2]; /* the day ("01" - "31") */
-} CK_DATE;
-
-
-/* CK_MECHANISM_TYPE is a value that identifies a mechanism
- * type */
-/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
-typedef CK_ULONG CK_MECHANISM_TYPE;
-
-/* the following mechanism types are defined: */
-#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
-#define CKM_RSA_PKCS 0x00000001
-#define CKM_RSA_9796 0x00000002
-#define CKM_RSA_X_509 0x00000003
-
-/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
- * are new for v2.0. They are mechanisms which hash and sign */
-#define CKM_MD2_RSA_PKCS 0x00000004
-#define CKM_MD5_RSA_PKCS 0x00000005
-#define CKM_SHA1_RSA_PKCS 0x00000006
-
-#define CKM_DSA_KEY_PAIR_GEN 0x00000010
-#define CKM_DSA 0x00000011
-#define CKM_DSA_SHA1 0x00000012
-#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
-#define CKM_DH_PKCS_DERIVE 0x00000021
-#define CKM_RC2_KEY_GEN 0x00000100
-#define CKM_RC2_ECB 0x00000101
-#define CKM_RC2_CBC 0x00000102
-#define CKM_RC2_MAC 0x00000103
-
-/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
-#define CKM_RC2_MAC_GENERAL 0x00000104
-#define CKM_RC2_CBC_PAD 0x00000105
-
-#define CKM_RC4_KEY_GEN 0x00000110
-#define CKM_RC4 0x00000111
-#define CKM_DES_KEY_GEN 0x00000120
-#define CKM_DES_ECB 0x00000121
-#define CKM_DES_CBC 0x00000122
-#define CKM_DES_MAC 0x00000123
-
-/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
-#define CKM_DES_MAC_GENERAL 0x00000124
-#define CKM_DES_CBC_PAD 0x00000125
-
-#define CKM_DES2_KEY_GEN 0x00000130
-#define CKM_DES3_KEY_GEN 0x00000131
-#define CKM_DES3_ECB 0x00000132
-#define CKM_DES3_CBC 0x00000133
-#define CKM_DES3_MAC 0x00000134
-
-/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
- * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
- * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
-#define CKM_DES3_MAC_GENERAL 0x00000135
-#define CKM_DES3_CBC_PAD 0x00000136
-#define CKM_CDMF_KEY_GEN 0x00000140
-#define CKM_CDMF_ECB 0x00000141
-#define CKM_CDMF_CBC 0x00000142
-#define CKM_CDMF_MAC 0x00000143
-#define CKM_CDMF_MAC_GENERAL 0x00000144
-#define CKM_CDMF_CBC_PAD 0x00000145
-
-#define CKM_MD2 0x00000200
-
-/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
-#define CKM_MD2_HMAC 0x00000201
-#define CKM_MD2_HMAC_GENERAL 0x00000202
-
-#define CKM_MD5 0x00000210
-
-/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
-#define CKM_MD5_HMAC 0x00000211
-#define CKM_MD5_HMAC_GENERAL 0x00000212
-
-#define CKM_SHA_1 0x00000220
-
-/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
-#define CKM_SHA_1_HMAC 0x00000221
-#define CKM_SHA_1_HMAC_GENERAL 0x00000222
-
-/* All of the following mechanisms are new for v2.0 */
-/* Note that CAST128 and CAST5 are the same algorithm */
-#define CKM_CAST_KEY_GEN 0x00000300
-#define CKM_CAST_ECB 0x00000301
-#define CKM_CAST_CBC 0x00000302
-#define CKM_CAST_MAC 0x00000303
-#define CKM_CAST_MAC_GENERAL 0x00000304
-#define CKM_CAST_CBC_PAD 0x00000305
-#define CKM_CAST3_KEY_GEN 0x00000310
-#define CKM_CAST3_ECB 0x00000311
-#define CKM_CAST3_CBC 0x00000312
-#define CKM_CAST3_MAC 0x00000313
-#define CKM_CAST3_MAC_GENERAL 0x00000314
-#define CKM_CAST3_CBC_PAD 0x00000315
-#define CKM_CAST5_KEY_GEN 0x00000320
-#define CKM_CAST128_KEY_GEN 0x00000320
-#define CKM_CAST5_ECB 0x00000321
-#define CKM_CAST128_ECB 0x00000321
-#define CKM_CAST5_CBC 0x00000322
-#define CKM_CAST128_CBC 0x00000322
-#define CKM_CAST5_MAC 0x00000323
-#define CKM_CAST128_MAC 0x00000323
-#define CKM_CAST5_MAC_GENERAL 0x00000324
-#define CKM_CAST128_MAC_GENERAL 0x00000324
-#define CKM_CAST5_CBC_PAD 0x00000325
-#define CKM_CAST128_CBC_PAD 0x00000325
-#define CKM_RC5_KEY_GEN 0x00000330
-#define CKM_RC5_ECB 0x00000331
-#define CKM_RC5_CBC 0x00000332
-#define CKM_RC5_MAC 0x00000333
-#define CKM_RC5_MAC_GENERAL 0x00000334
-#define CKM_RC5_CBC_PAD 0x00000335
-#define CKM_IDEA_KEY_GEN 0x00000340
-#define CKM_IDEA_ECB 0x00000341
-#define CKM_IDEA_CBC 0x00000342
-#define CKM_IDEA_MAC 0x00000343
-#define CKM_IDEA_MAC_GENERAL 0x00000344
-#define CKM_IDEA_CBC_PAD 0x00000345
-#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
-#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
-#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
-#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
-#define CKM_XOR_BASE_AND_DATA 0x00000364
-#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
-#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
-#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
-#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
-#define CKM_SSL3_MD5_MAC 0x00000380
-#define CKM_SSL3_SHA1_MAC 0x00000381
-#define CKM_MD5_KEY_DERIVATION 0x00000390
-#define CKM_MD2_KEY_DERIVATION 0x00000391
-#define CKM_SHA1_KEY_DERIVATION 0x00000392
-#define CKM_PBE_MD2_DES_CBC 0x000003A0
-#define CKM_PBE_MD5_DES_CBC 0x000003A1
-#define CKM_PBE_MD5_CAST_CBC 0x000003A2
-#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
-#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
-#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
-#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
-#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
-#define CKM_PBE_SHA1_RC4_128 0x000003A6
-#define CKM_PBE_SHA1_RC4_40 0x000003A7
-#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
-#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
-#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
-#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
-#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
-#define CKM_KEY_WRAP_LYNKS 0x00000400
-#define CKM_KEY_WRAP_SET_OAEP 0x00000401
-
-/* Fortezza mechanisms */
-#define CKM_SKIPJACK_KEY_GEN 0x00001000
-#define CKM_SKIPJACK_ECB64 0x00001001
-#define CKM_SKIPJACK_CBC64 0x00001002
-#define CKM_SKIPJACK_OFB64 0x00001003
-#define CKM_SKIPJACK_CFB64 0x00001004
-#define CKM_SKIPJACK_CFB32 0x00001005
-#define CKM_SKIPJACK_CFB16 0x00001006
-#define CKM_SKIPJACK_CFB8 0x00001007
-#define CKM_SKIPJACK_WRAP 0x00001008
-#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
-#define CKM_SKIPJACK_RELAYX 0x0000100a
-#define CKM_KEA_KEY_PAIR_GEN 0x00001010
-#define CKM_KEA_KEY_DERIVE 0x00001011
-#define CKM_FORTEZZA_TIMESTAMP 0x00001020
-#define CKM_BATON_KEY_GEN 0x00001030
-#define CKM_BATON_ECB128 0x00001031
-#define CKM_BATON_ECB96 0x00001032
-#define CKM_BATON_CBC128 0x00001033
-#define CKM_BATON_COUNTER 0x00001034
-#define CKM_BATON_SHUFFLE 0x00001035
-#define CKM_BATON_WRAP 0x00001036
-
-/* Cryptoki V2.01 probably won't actually have ECDSA in it */
-#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
-#define CKM_ECDSA 0x00001041
-#define CKM_ECDSA_SHA1 0x00001042
-
-#define CKM_JUNIPER_KEY_GEN 0x00001060
-#define CKM_JUNIPER_ECB128 0x00001061
-#define CKM_JUNIPER_CBC128 0x00001062
-#define CKM_JUNIPER_COUNTER 0x00001063
-#define CKM_JUNIPER_SHUFFLE 0x00001064
-#define CKM_JUNIPER_WRAP 0x00001065
-#define CKM_FASTHASH 0x00001070
-
-#define CKM_VENDOR_DEFINED 0x80000000
-
-typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
-
-
-/* CK_MECHANISM is a structure that specifies a particular
- * mechanism */
-typedef struct CK_MECHANISM {
- CK_MECHANISM_TYPE mechanism;
- CK_VOID_PTR pParameter;
-
- /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
- CK_ULONG ulParameterLen; /* in bytes */
-} CK_MECHANISM;
-
-typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
-
-
-/* CK_MECHANISM_INFO provides information about a particular
- * mechanism */
-typedef struct CK_MECHANISM_INFO {
- CK_ULONG ulMinKeySize;
- CK_ULONG ulMaxKeySize;
- CK_FLAGS flags;
-} CK_MECHANISM_INFO;
-
-/* The flags are defined as follows:
- * Bit Flag Mask Meaning */
-#define CKF_HW 0x00000001 /* performed by HW */
-
-/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
- * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
- * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
- * and CKF_DERIVE are new for v2.0. They specify whether or not
- * a mechanism can be used for a particular task */
-#define CKF_ENCRYPT 0x00000100
-#define CKF_DECRYPT 0x00000200
-#define CKF_DIGEST 0x00000400
-#define CKF_SIGN 0x00000800
-#define CKF_SIGN_RECOVER 0x00001000
-#define CKF_VERIFY 0x00002000
-#define CKF_VERIFY_RECOVER 0x00004000
-#define CKF_GENERATE 0x00008000
-#define CKF_GENERATE_KEY_PAIR 0x00010000
-#define CKF_WRAP 0x00020000
-#define CKF_UNWRAP 0x00040000
-#define CKF_DERIVE 0x00080000
-
-#define CKF_EXTENSION 0x80000000 /* FALSE for 2.01 */
-
-typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
-
-
-/* CK_RV is a value that identifies the return value of a
- * Cryptoki function */
-/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
-typedef CK_ULONG CK_RV;
-
-#define CKR_OK 0x00000000
-#define CKR_CANCEL 0x00000001
-#define CKR_HOST_MEMORY 0x00000002
-#define CKR_SLOT_ID_INVALID 0x00000003
-
-/* CKR_FLAGS_INVALID was removed for v2.0 */
-
-/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
-#define CKR_GENERAL_ERROR 0x00000005
-#define CKR_FUNCTION_FAILED 0x00000006
-
-/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
- * and CKR_CANT_LOCK are new for v2.01 */
-#define CKR_ARGUMENTS_BAD 0x00000007
-#define CKR_NO_EVENT 0x00000008
-#define CKR_NEED_TO_CREATE_THREADS 0x00000009
-#define CKR_CANT_LOCK 0x0000000A
-
-#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
-#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
-#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
-#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
-#define CKR_DATA_INVALID 0x00000020
-#define CKR_DATA_LEN_RANGE 0x00000021
-#define CKR_DEVICE_ERROR 0x00000030
-#define CKR_DEVICE_MEMORY 0x00000031
-#define CKR_DEVICE_REMOVED 0x00000032
-#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
-#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
-#define CKR_FUNCTION_CANCELED 0x00000050
-#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
-
-/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
-#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
-
-#define CKR_KEY_HANDLE_INVALID 0x00000060
-
-/* CKR_KEY_SENSITIVE was removed for v2.0 */
-
-#define CKR_KEY_SIZE_RANGE 0x00000062
-#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
-
-/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
- * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
- * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
- * v2.0 */
-#define CKR_KEY_NOT_NEEDED 0x00000064
-#define CKR_KEY_CHANGED 0x00000065
-#define CKR_KEY_NEEDED 0x00000066
-#define CKR_KEY_INDIGESTIBLE 0x00000067
-#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
-#define CKR_KEY_NOT_WRAPPABLE 0x00000069
-#define CKR_KEY_UNEXTRACTABLE 0x0000006A
-
-#define CKR_MECHANISM_INVALID 0x00000070
-#define CKR_MECHANISM_PARAM_INVALID 0x00000071
-
-/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
- * were removed for v2.0 */
-#define CKR_OBJECT_HANDLE_INVALID 0x00000082
-#define CKR_OPERATION_ACTIVE 0x00000090
-#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
-#define CKR_PIN_INCORRECT 0x000000A0
-#define CKR_PIN_INVALID 0x000000A1
-#define CKR_PIN_LEN_RANGE 0x000000A2
-
-/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
-#define CKR_PIN_EXPIRED 0x000000A3
-#define CKR_PIN_LOCKED 0x000000A4
-
-#define CKR_SESSION_CLOSED 0x000000B0
-#define CKR_SESSION_COUNT 0x000000B1
-#define CKR_SESSION_HANDLE_INVALID 0x000000B3
-#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
-#define CKR_SESSION_READ_ONLY 0x000000B5
-#define CKR_SESSION_EXISTS 0x000000B6
-
-/* CKR_SESSION_READ_ONLY_EXISTS and
- * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
-#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
-#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
-
-#define CKR_SIGNATURE_INVALID 0x000000C0
-#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
-#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
-#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
-#define CKR_TOKEN_NOT_PRESENT 0x000000E0
-#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
-#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
-#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
-#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
-#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
-#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
-#define CKR_USER_NOT_LOGGED_IN 0x00000101
-#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
-#define CKR_USER_TYPE_INVALID 0x00000103
-
-/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
- * are new to v2.01 */
-#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
-#define CKR_USER_TOO_MANY_TYPES 0x00000105
-
-#define CKR_WRAPPED_KEY_INVALID 0x00000110
-#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
-#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
-#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
-#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
-#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
-
-/* These are new to v2.0 */
-#define CKR_RANDOM_NO_RNG 0x00000121
-#define CKR_BUFFER_TOO_SMALL 0x00000150
-#define CKR_SAVED_STATE_INVALID 0x00000160
-#define CKR_INFORMATION_SENSITIVE 0x00000170
-#define CKR_STATE_UNSAVEABLE 0x00000180
-
-/* These are new to v2.01 */
-#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
-#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
-#define CKR_MUTEX_BAD 0x000001A0
-#define CKR_MUTEX_NOT_LOCKED 0x000001A1
-
-#define CKR_VENDOR_DEFINED 0x80000000
-
-
-/* CK_NOTIFY is an application callback that processes events */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_NOTIFICATION event,
- CK_VOID_PTR pApplication /* passed to C_OpenSession */
-);
-
-
-/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
- * version and pointers of appropriate types to all the
- * Cryptoki functions */
-/* CK_FUNCTION_LIST is new for v2.0 */
-typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
-
-typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
-
-typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
-
-
-/* CK_CREATEMUTEX is an application callback for creating a
- * mutex object */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
- CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
-);
-
-
-/* CK_DESTROYMUTEX is an application callback for destroying a
- * mutex object */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
- CK_VOID_PTR pMutex /* pointer to mutex */
-);
-
-
-/* CK_LOCKMUTEX is an application callback for locking a mutex */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
- CK_VOID_PTR pMutex /* pointer to mutex */
-);
-
-
-/* CK_UNLOCKMUTEX is an application callback for unlocking a
- * mutex */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
- CK_VOID_PTR pMutex /* pointer to mutex */
-);
-
-
-/* CK_C_INITIALIZE_ARGS provides the optional arguments to
- * C_Initialize */
-typedef struct CK_C_INITIALIZE_ARGS {
- CK_CREATEMUTEX CreateMutex;
- CK_DESTROYMUTEX DestroyMutex;
- CK_LOCKMUTEX LockMutex;
- CK_UNLOCKMUTEX UnlockMutex;
- CK_FLAGS flags;
-#ifdef FGMR
- CK_BYTE_PTR pConfig;
- CK_ULONG ulConfigLen;
-#endif /* FGMR */
- CK_VOID_PTR pReserved;
-} CK_C_INITIALIZE_ARGS;
-
-/* flags: bit flags that provide capabilities of the slot
- * Bit Flag Mask Meaning
- */
-#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
-#define CKF_OS_LOCKING_OK 0x00000002
-
-typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
-
-
-/* additional flags for parameters to functions */
-
-/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
-#define CKF_DONT_BLOCK 1
-
-
-/* CK_KEA_DERIVE_PARAMS provides the parameters to the
- * CKM_KEA_DERIVE mechanism */
-/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
-typedef struct CK_KEA_DERIVE_PARAMS {
- CK_BBOOL isSender;
- CK_ULONG ulRandomLen;
- CK_BYTE_PTR pRandomA;
- CK_BYTE_PTR pRandomB;
- CK_ULONG ulPublicDataLen;
- CK_BYTE_PTR pPublicData;
-} CK_KEA_DERIVE_PARAMS;
-
-typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
-
-
-/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
- * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
- * holds the effective keysize */
-typedef CK_ULONG CK_RC2_PARAMS;
-
-typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
-
-
-/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
- * mechanism */
-typedef struct CK_RC2_CBC_PARAMS {
- /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
- CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-
- CK_BYTE iv[8]; /* IV for CBC mode */
-} CK_RC2_CBC_PARAMS;
-
-typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
-
-
-/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
- * CKM_RC2_MAC_GENERAL mechanism */
-/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
-typedef struct CK_RC2_MAC_GENERAL_PARAMS {
- CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
- CK_ULONG ulMacLength; /* Length of MAC in bytes */
-} CK_RC2_MAC_GENERAL_PARAMS;
-
-typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
- CK_RC2_MAC_GENERAL_PARAMS_PTR;
-
-
-/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
- * CKM_RC5_MAC mechanisms */
-/* CK_RC5_PARAMS is new for v2.0 */
-typedef struct CK_RC5_PARAMS {
- CK_ULONG ulWordsize; /* wordsize in bits */
- CK_ULONG ulRounds; /* number of rounds */
-} CK_RC5_PARAMS;
-
-typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
-
-
-/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
- * mechanism */
-/* CK_RC5_CBC_PARAMS is new for v2.0 */
-typedef struct CK_RC5_CBC_PARAMS {
- CK_ULONG ulWordsize; /* wordsize in bits */
- CK_ULONG ulRounds; /* number of rounds */
- CK_BYTE_PTR pIv; /* pointer to IV */
- CK_ULONG ulIvLen; /* length of IV in bytes */
-} CK_RC5_CBC_PARAMS;
-
-typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
-
-
-/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
- * CKM_RC5_MAC_GENERAL mechanism */
-/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
-typedef struct CK_RC5_MAC_GENERAL_PARAMS {
- CK_ULONG ulWordsize; /* wordsize in bits */
- CK_ULONG ulRounds; /* number of rounds */
- CK_ULONG ulMacLength; /* Length of MAC in bytes */
-} CK_RC5_MAC_GENERAL_PARAMS;
-
-typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
- CK_RC5_MAC_GENERAL_PARAMS_PTR;
-
-
-/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
- * ciphers' MAC_GENERAL mechanisms. Its value is the length of
- * the MAC */
-/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
-typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
-
-typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
-
-
-/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
- * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
-/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
-typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
- CK_ULONG ulPasswordLen;
- CK_BYTE_PTR pPassword;
- CK_ULONG ulPublicDataLen;
- CK_BYTE_PTR pPublicData;
- CK_ULONG ulPAndGLen;
- CK_ULONG ulQLen;
- CK_ULONG ulRandomLen;
- CK_BYTE_PTR pRandomA;
- CK_BYTE_PTR pPrimeP;
- CK_BYTE_PTR pBaseG;
- CK_BYTE_PTR pSubprimeQ;
-} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
-
-typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
- CK_SKIPJACK_PRIVATE_WRAP_PTR;
-
-
-/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
- * CKM_SKIPJACK_RELAYX mechanism */
-/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
-typedef struct CK_SKIPJACK_RELAYX_PARAMS {
- CK_ULONG ulOldWrappedXLen;
- CK_BYTE_PTR pOldWrappedX;
- CK_ULONG ulOldPasswordLen;
- CK_BYTE_PTR pOldPassword;
- CK_ULONG ulOldPublicDataLen;
- CK_BYTE_PTR pOldPublicData;
- CK_ULONG ulOldRandomLen;
- CK_BYTE_PTR pOldRandomA;
- CK_ULONG ulNewPasswordLen;
- CK_BYTE_PTR pNewPassword;
- CK_ULONG ulNewPublicDataLen;
- CK_BYTE_PTR pNewPublicData;
- CK_ULONG ulNewRandomLen;
- CK_BYTE_PTR pNewRandomA;
-} CK_SKIPJACK_RELAYX_PARAMS;
-
-typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
- CK_SKIPJACK_RELAYX_PARAMS_PTR;
-
-
-typedef struct CK_PBE_PARAMS {
- CK_CHAR_PTR pInitVector;
- CK_CHAR_PTR pPassword;
- CK_ULONG ulPasswordLen;
- CK_CHAR_PTR pSalt;
- CK_ULONG ulSaltLen;
- CK_ULONG ulIteration;
-} CK_PBE_PARAMS;
-
-typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
-
-
-/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
- * CKM_KEY_WRAP_SET_OAEP mechanism */
-/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
-typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
- CK_BYTE bBC; /* block contents byte */
- CK_BYTE_PTR pX; /* extra data */
- CK_ULONG ulXLen; /* length of extra data in bytes */
-} CK_KEY_WRAP_SET_OAEP_PARAMS;
-
-typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
- CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
-
-
-typedef struct CK_SSL3_RANDOM_DATA {
- CK_BYTE_PTR pClientRandom;
- CK_ULONG ulClientRandomLen;
- CK_BYTE_PTR pServerRandom;
- CK_ULONG ulServerRandomLen;
-} CK_SSL3_RANDOM_DATA;
-
-
-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
- CK_SSL3_RANDOM_DATA RandomInfo;
- CK_VERSION_PTR pVersion;
-} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-
-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
- CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
-
-
-typedef struct CK_SSL3_KEY_MAT_OUT {
- CK_OBJECT_HANDLE hClientMacSecret;
- CK_OBJECT_HANDLE hServerMacSecret;
- CK_OBJECT_HANDLE hClientKey;
- CK_OBJECT_HANDLE hServerKey;
- CK_BYTE_PTR pIVClient;
- CK_BYTE_PTR pIVServer;
-} CK_SSL3_KEY_MAT_OUT;
-
-typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
-
-
-typedef struct CK_SSL3_KEY_MAT_PARAMS {
- CK_ULONG ulMacSizeInBits;
- CK_ULONG ulKeySizeInBits;
- CK_ULONG ulIVSizeInBits;
- CK_BBOOL bIsExport;
- CK_SSL3_RANDOM_DATA RandomInfo;
- CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-} CK_SSL3_KEY_MAT_PARAMS;
-
-typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
-
-
-typedef struct CK_KEY_DERIVATION_STRING_DATA {
- CK_BYTE_PTR pData;
- CK_ULONG ulLen;
-} CK_KEY_DERIVATION_STRING_DATA;
-
-typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
- CK_KEY_DERIVATION_STRING_DATA_PTR;
-
-
-/* The CK_EXTRACT_PARAMS is used for the
- * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
- * of the base key should be used as the first bit of the
- * derived key */
-/* CK_EXTRACT_PARAMS is new for v2.0 */
-typedef CK_ULONG CK_EXTRACT_PARAMS;
-
-typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-
-/* undo packing */
-#include "nsscku.h"
-
-#endif /* NSSCKT_H */
diff --git a/security/nss/lib/ckfw/nsscku.h b/security/nss/lib/ckfw/nsscku.h
deleted file mode 100644
index 46f4d1f59..000000000
--- a/security/nss/lib/ckfw/nsscku.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * This file is in part derived from a file "pkcs11t.h" made available
- * by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11t.h
- *
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security Inc. Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-
-#ifndef NSSCKU_H
-#define NSSCKU_H
-
-#ifdef DEBUG
-static const char NSSCKU_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#endif /* NSSCKU_H */
-
-/*
- * These platform-dependent packing rules are required by all PKCS#11
- * modules, to be binary compatible. These rules have been placed in
- * separate header files (nssckp.h to enable the packing, nsscku.h to
- * disable) for consistancy. These files can be included many times,
- * so the bodies should *NOT* be in the multiple-inclusion-preventing
- * #ifndef/#endif area above.
- */
-
-/*
- * WIN32 is defined (when appropriate) in NSPR's prcpucfg.h.
- */
-
-#ifdef WIN32
-#pragma warning(disable:4103)
-#pragma pack(pop, cryptoki)
-#endif /* WIN32 */
-
-/* End of nsscku.h */
diff --git a/security/nss/lib/ckfw/object.c b/security/nss/lib/ckfw/object.c
deleted file mode 100644
index ec8dfd6d5..000000000
--- a/security/nss/lib/ckfw/object.c
+++ /dev/null
@@ -1,1044 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * object.c
- *
- * This file implements the NSSCKFWObject type and methods.
- */
-
-#ifndef CK_T
-#include "ck.h"
-#endif /* CK_T */
-
-/*
- * NSSCKFWObject
- *
- * -- create/destroy --
- * nssCKFWObject_Create
- * nssCKFWObject_Finalize
- * nssCKFWObject_Destroy
- *
- * -- public accessors --
- * NSSCKFWObject_GetMDObject
- * NSSCKFWObject_GetArena
- * NSSCKFWObject_IsTokenObject
- * NSSCKFWObject_GetAttributeCount
- * NSSCKFWObject_GetAttributeTypes
- * NSSCKFWObject_GetAttributeSize
- * NSSCKFWObject_GetAttribute
- * NSSCKFWObject_SetAttribute
- * NSSCKFWObject_GetObjectSize
- *
- * -- implement public accessors --
- * nssCKFWObject_GetMDObject
- * nssCKFWObject_GetArena
- *
- * -- private accessors --
- * nssCKFWObject_SetHandle
- * nssCKFWObject_GetHandle
- *
- * -- module fronts --
- * nssCKFWObject_IsTokenObject
- * nssCKFWObject_GetAttributeCount
- * nssCKFWObject_GetAttributeTypes
- * nssCKFWObject_GetAttributeSize
- * nssCKFWObject_GetAttribute
- * nssCKFWObject_SetAttribute
- * nssCKFWObject_GetObjectSize
- */
-
-struct NSSCKFWObjectStr {
- NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */
- NSSArena *arena;
- NSSCKMDObject *mdObject;
- NSSCKMDSession *mdSession;
- NSSCKFWSession *fwSession;
- NSSCKMDToken *mdToken;
- NSSCKFWToken *fwToken;
- NSSCKMDInstance *mdInstance;
- NSSCKFWInstance *fwInstance;
- CK_OBJECT_HANDLE hObject;
-};
-
-#ifdef DEBUG
-/*
- * But first, the pointer-tracking stuff.
- *
- * NOTE: the pointer-tracking support in NSS/base currently relies
- * upon NSPR's CallOnce support. That, however, relies upon NSPR's
- * locking, which is tied into the runtime. We need a pointer-tracker
- * implementation that uses the locks supplied through C_Initialize.
- * That support, however, can be filled in later. So for now, I'll
- * just do this routines as no-ops.
- */
-
-static CK_RV
-object_add_pointer
-(
- const NSSCKFWObject *fwObject
-)
-{
- return CKR_OK;
-}
-
-static CK_RV
-object_remove_pointer
-(
- const NSSCKFWObject *fwObject
-)
-{
- return CKR_OK;
-}
-
-NSS_IMPLEMENT CK_RV
-nssCKFWObject_verifyPointer
-(
- const NSSCKFWObject *fwObject
-)
-{
- return CKR_OK;
-}
-
-#endif /* DEBUG */
-
-
-/*
- * nssCKFWObject_Create
- *
- */
-NSS_IMPLEMENT NSSCKFWObject *
-nssCKFWObject_Create
-(
- NSSArena *arena,
- NSSCKMDObject *mdObject,
- NSSCKFWSession *fwSession,
- NSSCKFWToken *fwToken,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- NSSCKFWObject *fwObject;
- nssCKFWHash *mdObjectHash;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWObject *)NULL;
- }
-
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWObject *)NULL;
- }
-#endif /* NSSDEBUG */
-
- mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken);
- if( (nssCKFWHash *)NULL == mdObjectHash ) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWObject *)NULL;
- }
-
- if( nssCKFWHash_Exists(mdObjectHash, mdObject) ) {
- fwObject = nssCKFWHash_Lookup(mdObjectHash, mdObject);
- return fwObject;
- }
-
- fwObject = nss_ZNEW(arena, NSSCKFWObject);
- if( (NSSCKFWObject *)NULL == fwObject ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWObject *)NULL;
- }
-
- fwObject->arena = arena;
- fwObject->mdObject = mdObject;
- fwObject->fwSession = fwSession;
-
- if( (NSSCKFWSession *)NULL != fwSession ) {
- fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession);
- }
-
- fwObject->fwToken = fwToken;
-
- if( (NSSCKFWToken *)NULL != fwToken ) {
- fwObject->mdToken = nssCKFWToken_GetMDToken(fwToken);
- }
-
- fwObject->fwInstance = fwInstance;
- fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
- fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
- if( (NSSCKFWMutex *)NULL == fwObject->mutex ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWObject *)NULL;
- }
-
- *pError = nssCKFWHash_Add(mdObjectHash, mdObject, fwObject);
- if( CKR_OK != *pError ) {
- nss_ZFreeIf(fwObject);
- return (NSSCKFWObject *)NULL;
- }
-
-#ifdef DEBUG
- *pError = object_add_pointer(fwObject);
- if( CKR_OK != *pError ) {
- nssCKFWHash_Remove(mdObjectHash, mdObject);
- nss_ZFreeIf(fwObject);
- return (NSSCKFWObject *)NULL;
- }
-#endif /* DEBUG */
-
- *pError = CKR_OK;
- return fwObject;
-}
-
-/*
- * nssCKFWObject_Finalize
- *
- */
-NSS_IMPLEMENT void
-nssCKFWObject_Finalize
-(
- NSSCKFWObject *fwObject
-)
-{
- nssCKFWHash *mdObjectHash;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return;
- }
-#endif /* NSSDEBUG */
-
- (void)nssCKFWMutex_Destroy(fwObject->mutex);
-
- if( (void *)NULL != (void *)fwObject->mdObject->Finalize ) {
- fwObject->mdObject->Finalize(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
- }
-
- mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
- if( (nssCKFWHash *)NULL != mdObjectHash ) {
- nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
- }
-
- nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
- nss_ZFreeIf(fwObject);
-
-#ifdef DEBUG
- (void)object_remove_pointer(fwObject);
-#endif /* DEBUG */
-
- return;
-}
-
-/*
- * nssCKFWObject_Destroy
- *
- */
-NSS_IMPLEMENT void
-nssCKFWObject_Destroy
-(
- NSSCKFWObject *fwObject
-)
-{
- nssCKFWHash *mdObjectHash;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return;
- }
-#endif /* NSSDEBUG */
-
- (void)nssCKFWMutex_Destroy(fwObject->mutex);
-
- if( (void *)NULL != (void *)fwObject->mdObject->Destroy ) {
- fwObject->mdObject->Destroy(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
- }
-
- mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
- if( (nssCKFWHash *)NULL != mdObjectHash ) {
- nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
- }
-
- nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
- nss_ZFreeIf(fwObject);
-
-#ifdef DEBUG
- (void)object_remove_pointer(fwObject);
-#endif /* DEBUG */
-
- return;
-}
-
-/*
- * nssCKFWObject_GetMDObject
- *
- */
-NSS_IMPLEMENT NSSCKMDObject *
-nssCKFWObject_GetMDObject
-(
- NSSCKFWObject *fwObject
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return (NSSCKMDObject *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwObject->mdObject;
-}
-
-/*
- * nssCKFWObject_GetArena
- *
- */
-NSS_IMPLEMENT NSSArena *
-nssCKFWObject_GetArena
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
-{
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSArena *)NULL;
- }
-
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwObject->arena;
-}
-
-/*
- * nssCKFWObject_SetHandle
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWObject_SetHandle
-(
- NSSCKFWObject *fwObject,
- CK_OBJECT_HANDLE hObject
-)
-{
-#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
-#endif /* NSSDEBUG */
-
-#ifdef NSSDEBUG
- error = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- if( (CK_OBJECT_HANDLE)0 != fwObject->hObject ) {
- return CKR_GENERAL_ERROR;
- }
-
- fwObject->hObject = hObject;
-
- return CKR_OK;
-}
-
-/*
- * nssCKFWObject_GetHandle
- *
- */
-NSS_IMPLEMENT CK_OBJECT_HANDLE
-nssCKFWObject_GetHandle
-(
- NSSCKFWObject *fwObject
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return (CK_OBJECT_HANDLE)0;
- }
-#endif /* NSSDEBUG */
-
- return fwObject->hObject;
-}
-
-/*
- * nssCKFWObject_IsTokenObject
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWObject_IsTokenObject
-(
- NSSCKFWObject *fwObject
-)
-{
- CK_BBOOL b = CK_FALSE;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwObject->mutex) ) {
- return CK_FALSE;
- }
-
- if( (void *)NULL == (void *)fwObject->mdObject->IsTokenObject ) {
- NSSItem item;
- NSSItem *pItem;
- CK_RV rv = CKR_OK;
-
- item.data = (void *)&b;
- item.size = sizeof(b);
-
- pItem = nssCKFWObject_GetAttribute(fwObject, CKA_TOKEN, &item,
- (NSSArena *)NULL, &rv);
- if( (NSSItem *)NULL == pItem ) {
- /* Error of some type */
- b = CK_FALSE;
- goto done;
- }
-
- goto done;
- }
-
- b = fwObject->mdObject->IsTokenObject(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
-
- done:
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
- return b;
-}
-
-/*
- * nssCKFWObject_GetAttributeCount
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWObject_GetAttributeCount
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
-{
- CK_ULONG rv;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (CK_ULONG)0;
- }
-
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwObject->mdObject->GetAttributeCount ) {
- *pError = CKR_GENERAL_ERROR;
- return (CK_ULONG)0;
- }
-
- *pError = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
-
- rv = fwObject->mdObject->GetAttributeCount(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- pError);
-
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
- return rv;
-}
-
-/*
- * nssCKFWObject_GetAttributeTypes
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWObject_GetAttributeTypes
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- error = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray ) {
- return CKR_ARGUMENTS_BAD;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwObject->mdObject->GetAttributeTypes ) {
- return CKR_GENERAL_ERROR;
- }
-
- error = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- error = fwObject->mdObject->GetAttributeTypes(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- typeArray, ulCount);
-
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
- return error;
-}
-
-/*
- * nssCKFWObject_GetAttributeSize
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWObject_GetAttributeSize
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
-{
- CK_ULONG rv;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (CK_ULONG)0;
- }
-
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwObject->mdObject->GetAttributeSize ) {
- *pError = CKR_GENERAL_ERROR;
- return (CK_ULONG )0;
- }
-
- *pError = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
-
- rv = fwObject->mdObject->GetAttributeSize(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- attribute, pError);
-
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
- return rv;
-}
-
-/*
- * nssCKFWObject_GetAttribute
- *
- * Usual NSS allocation rules:
- * If itemOpt is not NULL, it will be returned; otherwise an NSSItem
- * will be allocated. If itemOpt is not NULL but itemOpt->data is,
- * the buffer will be allocated; otherwise, the buffer will be used.
- * Any allocations will come from the optional arena, if one is
- * specified.
- */
-NSS_IMPLEMENT NSSItem *
-nssCKFWObject_GetAttribute
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *itemOpt,
- NSSArena *arenaOpt,
- CK_RV *pError
-)
-{
- NSSItem *rv = (NSSItem *)NULL;
- NSSItem *mdItem;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSItem *)NULL;
- }
-
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (NSSItem *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwObject->mdObject->GetAttributeSize ) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSItem *)NULL;
- }
-
- *pError = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != *pError ) {
- return (NSSItem *)NULL;
- }
-
- mdItem = fwObject->mdObject->GetAttribute(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- attribute, pError);
-
- if( (NSSItem *)NULL == mdItem ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
-
- goto done;
- }
-
- if( (NSSItem *)NULL == itemOpt ) {
- rv = nss_ZNEW(arenaOpt, NSSItem);
- if( (NSSItem *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- goto done;
- }
- } else {
- rv = itemOpt;
- }
-
- if( (void *)NULL == rv->data ) {
- rv->size = mdItem->size;
- rv->data = nss_ZAlloc(arenaOpt, rv->size);
- if( (void *)NULL == rv->data ) {
- *pError = CKR_HOST_MEMORY;
- if( (NSSItem *)NULL == itemOpt ) {
- nss_ZFreeIf(rv);
- }
- rv = (NSSItem *)NULL;
- goto done;
- }
- } else {
- if( rv->size >= mdItem->size ) {
- rv->size = mdItem->size;
- } else {
- *pError = CKR_BUFFER_TOO_SMALL;
- /* Should we set rv->size to mdItem->size? */
- /* rv can't have been allocated */
- rv = (NSSItem *)NULL;
- goto done;
- }
- }
-
- (void)nsslibc_memcpy(rv->data, mdItem->data, rv->size);
-
- done:
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
- return rv;
-}
-
-/*
- * nssCKFWObject_SetAttribute
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWObject_SetAttribute
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- error = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- if( CKA_TOKEN == attribute ) {
- /*
- * We're changing from a session object to a token object or
- * vice-versa.
- */
-
- CK_ATTRIBUTE a;
- NSSCKFWObject *newFwObject;
- NSSCKFWObject swab;
-
- a.type = CKA_TOKEN;
- a.pValue = value->data;
- a.ulValueLen = value->size;
-
- newFwObject = nssCKFWSession_CopyObject(fwObject->fwSession, fwObject,
- &a, 1, &error);
- if( (NSSCKFWObject *)NULL == newFwObject ) {
- if( CKR_OK == error ) {
- error = CKR_GENERAL_ERROR;
- }
- return error;
- }
-
- /*
- * Actually, I bet the locking is worse than this.. this part of
- * the code could probably use some scrutiny and reworking.
- */
- error = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != error ) {
- nssCKFWObject_Destroy(newFwObject);
- return error;
- }
-
- error = nssCKFWMutex_Lock(newFwObject->mutex);
- if( CKR_OK != error ) {
- nssCKFWMutex_Unlock(fwObject->mutex);
- nssCKFWObject_Destroy(newFwObject);
- return error;
- }
-
- /*
- * Now, we have our new object, but it has a new fwObject pointer,
- * while we have to keep the existing one. So quick swap the contents.
- */
- swab = *fwObject;
- *fwObject = *newFwObject;
- *newFwObject = swab;
-
- /* But keep the mutexes the same */
- swab.mutex = fwObject->mutex;
- fwObject->mutex = newFwObject->mutex;
- newFwObject->mutex = swab.mutex;
-
- (void)nssCKFWMutex_Unlock(newFwObject->mutex);
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
-
- /*
- * Either remove or add this to the list of session objects
- */
-
- if( CK_FALSE == *(CK_BBOOL *)value->data ) {
- /*
- * New one is a session object, except since we "stole" the fwObject, it's
- * not in the list. Add it.
- */
- nssCKFWSession_RegisterSessionObject(fwObject->fwSession, fwObject);
- } else {
- /*
- * New one is a token object, except since we "stole" the fwObject, it's
- * in the list. Remove it.
- */
- nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
- }
-
- /*
- * Now delete the old object. Remember the names have changed.
- */
- nssCKFWObject_Destroy(newFwObject);
-
- return CKR_OK;
- } else {
- /*
- * An "ordinary" change.
- */
- if( (void *)NULL == (void *)fwObject->mdObject->SetAttribute ) {
- /* We could fake it with copying, like above.. later */
- return CKR_ATTRIBUTE_READ_ONLY;
- }
-
- error = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- error = fwObject->mdObject->SetAttribute(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- attribute, value);
-
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
-
- return error;
- }
-}
-
-/*
- * nssCKFWObject_GetObjectSize
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWObject_GetObjectSize
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
-{
- CK_ULONG rv;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (CK_ULONG)0;
- }
-
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwObject->mdObject->GetObjectSize ) {
- *pError = CKR_INFORMATION_SENSITIVE;
- return (CK_ULONG)0;
- }
-
- *pError = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
-
- rv = fwObject->mdObject->GetObjectSize(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- pError);
-
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
- return rv;
-}
-
-/*
- * NSSCKFWObject_GetMDObject
- *
- */
-NSS_IMPLEMENT NSSCKMDObject *
-NSSCKFWObject_GetMDObject
-(
- NSSCKFWObject *fwObject
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return (NSSCKMDObject *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWObject_GetMDObject(fwObject);
-}
-
-/*
- * NSSCKFWObject_GetArena
- *
- */
-NSS_IMPLEMENT NSSArena *
-NSSCKFWObject_GetArena
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
-{
-#ifdef DEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSArena *)NULL;
- }
-
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWObject_GetArena(fwObject, pError);
-}
-
-/*
- * NSSCKFWObject_IsTokenObject
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-NSSCKFWObject_IsTokenObject
-(
- NSSCKFWObject *fwObject
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return CK_FALSE;
- }
-#endif /* DEBUG */
-
- return nssCKFWObject_IsTokenObject(fwObject);
-}
-
-/*
- * NSSCKFWObject_GetAttributeCount
- *
- */
-NSS_IMPLEMENT CK_ULONG
-NSSCKFWObject_GetAttributeCount
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
-{
-#ifdef DEBUG
- if( (CK_RV *)NULL == pError ) {
- return (CK_ULONG)0;
- }
-
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
-#endif /* DEBUG */
-
- return nssCKFWObject_GetAttributeCount(fwObject, pError);
-}
-
-/*
- * NSSCKFWObject_GetAttributeTypes
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWObject_GetAttributeTypes
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef DEBUG
- error = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray ) {
- return CKR_ARGUMENTS_BAD;
- }
-#endif /* DEBUG */
-
- return nssCKFWObject_GetAttributeTypes(fwObject, typeArray, ulCount);
-}
-
-/*
- * NSSCKFWObject_GetAttributeSize
- *
- */
-NSS_IMPLEMENT CK_ULONG
-NSSCKFWObject_GetAttributeSize
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
-{
-#ifdef DEBUG
- if( (CK_RV *)NULL == pError ) {
- return (CK_ULONG)0;
- }
-
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
-#endif /* DEBUG */
-
- return nssCKFWObject_GetAttributeSize(fwObject, attribute, pError);
-}
-
-/*
- * NSSCKFWObject_GetAttribute
- *
- */
-NSS_IMPLEMENT NSSItem *
-NSSCKFWObject_GetAttribute
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *itemOpt,
- NSSArena *arenaOpt,
- CK_RV *pError
-)
-{
-#ifdef DEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSItem *)NULL;
- }
-
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (NSSItem *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWObject_GetAttribute(fwObject, attribute, itemOpt, arenaOpt, pError);
-}
-
-/*
- * NSSCKFWObject_GetObjectSize
- *
- */
-NSS_IMPLEMENT CK_ULONG
-NSSCKFWObject_GetObjectSize
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
-{
-#ifdef DEBUG
- if( (CK_RV *)NULL == pError ) {
- return (CK_ULONG)0;
- }
-
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
-#endif /* DEBUG */
-
- return nssCKFWObject_GetObjectSize(fwObject, pError);
-}
diff --git a/security/nss/lib/ckfw/session.c b/security/nss/lib/ckfw/session.c
deleted file mode 100644
index e12c74b8b..000000000
--- a/security/nss/lib/ckfw/session.c
+++ /dev/null
@@ -1,1962 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * session.c
- *
- * This file implements the NSSCKFWSession type and methods.
- */
-
-#ifndef CK_T
-#include "ck.h"
-#endif /* CK_T */
-
-/*
- * NSSCKFWSession
- *
- * -- create/destroy --
- * nssCKFWSession_Create
- * nssCKFWSession_Destroy
- *
- * -- public accessors --
- * NSSCKFWSession_GetMDSession
- * NSSCKFWSession_GetArena
- * NSSCKFWSession_CallNotification
- * NSSCKFWSession_IsRWSession
- * NSSCKFWSession_IsSO
- *
- * -- implement public accessors --
- * nssCKFWSession_GetMDSession
- * nssCKFWSession_GetArena
- * nssCKFWSession_CallNotification
- * nssCKFWSession_IsRWSession
- * nssCKFWSession_IsSO
- *
- * -- private accessors --
- * nssCKFWSession_GetSlot
- * nssCKFWSession_GetSessionState
- * nssCKFWSession_SetFWFindObjects
- * nssCKFWSession_GetFWFindObjects
- * nssCKFWSession_SetMDSession
- * nssCKFWSession_SetHandle
- * nssCKFWSession_GetHandle
- * nssCKFWSession_RegisterSessionObject
- * nssCKFWSession_DeegisterSessionObject
- *
- * -- module fronts --
- * nssCKFWSession_GetDeviceError
- * nssCKFWSession_Login
- * nssCKFWSession_Logout
- * nssCKFWSession_InitPIN
- * nssCKFWSession_SetPIN
- * nssCKFWSession_GetOperationStateLen
- * nssCKFWSession_GetOperationState
- * nssCKFWSession_SetOperationState
- * nssCKFWSession_CreateObject
- * nssCKFWSession_CopyObject
- * nssCKFWSession_FindObjectsInit
- * nssCKFWSession_SeedRandom
- * nssCKFWSession_GetRandom
- */
-
-struct NSSCKFWSessionStr {
- NSSArena *arena;
- NSSCKMDSession *mdSession;
- NSSCKFWToken *fwToken;
- NSSCKMDToken *mdToken;
- NSSCKFWInstance *fwInstance;
- NSSCKMDInstance *mdInstance;
- CK_VOID_PTR pApplication;
- CK_NOTIFY Notify;
-
- /*
- * Everything above is set at creation time, and then not modified.
- * The items below are atomic. No locking required. If we fear
- * about pointer-copies being nonatomic, we'll lock fwFindObjects.
- */
-
- CK_BBOOL rw;
- NSSCKFWFindObjects *fwFindObjects;
- nssCKFWHash *sessionObjectHash;
- CK_SESSION_HANDLE hSession;
-};
-
-#ifdef DEBUG
-/*
- * But first, the pointer-tracking stuff.
- *
- * NOTE: the pointer-tracking support in NSS/base currently relies
- * upon NSPR's CallOnce support. That, however, relies upon NSPR's
- * locking, which is tied into the runtime. We need a pointer-tracker
- * implementation that uses the locks supplied through C_Initialize.
- * That support, however, can be filled in later. So for now, I'll
- * just do this routines as no-ops.
- */
-
-static CK_RV
-session_add_pointer
-(
- const NSSCKFWSession *fwSession
-)
-{
- return CKR_OK;
-}
-
-static CK_RV
-session_remove_pointer
-(
- const NSSCKFWSession *fwSession
-)
-{
- return CKR_OK;
-}
-
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_verifyPointer
-(
- const NSSCKFWSession *fwSession
-)
-{
- return CKR_OK;
-}
-
-#endif /* DEBUG */
-
-/*
- * nssCKFWSession_Create
- *
- */
-NSS_IMPLEMENT NSSCKFWSession *
-nssCKFWSession_Create
-(
- NSSCKFWToken *fwToken,
- CK_BBOOL rw,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_RV *pError
-)
-{
- NSSArena *arena = (NSSArena *)NULL;
- NSSCKFWSession *fwSession;
- NSSCKFWSlot *fwSlot;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWSession *)NULL;
- }
-
- *pError = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSession *)NULL;
- }
-#endif /* NSSDEBUG */
-
- arena = NSSArena_Create();
- if( (NSSArena *)NULL == arena ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWSession *)NULL;
- }
-
- fwSession = nss_ZNEW(arena, NSSCKFWSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- fwSession->arena = arena;
- fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */
- fwSession->fwToken = fwToken;
- fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken);
-
- fwSlot = nssCKFWToken_GetFWSlot(fwToken);
- fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
- fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);
-
- fwSession->rw = rw;
- fwSession->pApplication = pApplication;
- fwSession->Notify = Notify;
-
- fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL;
-
- fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError);
- if( (nssCKFWHash *)NULL == fwSession->sessionObjectHash ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- goto loser;
- }
-
-#ifdef DEBUG
- *pError = session_add_pointer(fwSession);
- if( CKR_OK != *pError ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return fwSession;
-
- loser:
- if( (NSSArena *)NULL != arena ) {
- if( (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) {
- (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash);
- }
- NSSArena_Destroy(arena);
- }
-
- return (NSSCKFWSession *)NULL;
-}
-
-static void
-nss_ckfw_session_object_destroy_iterator
-(
- const void *key,
- void *value,
- void *closure
-)
-{
- NSSCKFWObject *fwObject = (NSSCKFWObject *)value;
- nssCKFWObject_Finalize(fwObject);
-}
-
-/*
- * nssCKFWSession_Destroy
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_Destroy
-(
- NSSCKFWSession *fwSession,
- CK_BBOOL removeFromTokenHash
-)
-{
- CK_RV error = CKR_OK;
- nssCKFWHash *sessionObjectHash;
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- if( removeFromTokenHash ) {
- error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession);
- }
-
- /*
- * Invalidate session objects
- */
-
- sessionObjectHash = fwSession->sessionObjectHash;
- fwSession->sessionObjectHash = (nssCKFWHash *)NULL;
-
- nssCKFWHash_Iterate(sessionObjectHash,
- nss_ckfw_session_object_destroy_iterator,
- (void *)NULL);
-
-#ifdef DEBUG
- (void)session_remove_pointer(fwSession);
-#endif /* DEBUG */
- (void)nssCKFWHash_Destroy(sessionObjectHash);
- NSSArena_Destroy(fwSession->arena);
-
- return error;
-}
-
-/*
- * nssCKFWSession_GetMDSession
- *
- */
-NSS_IMPLEMENT NSSCKMDSession *
-nssCKFWSession_GetMDSession
-(
- NSSCKFWSession *fwSession
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return (NSSCKMDSession *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwSession->mdSession;
-}
-
-/*
- * nssCKFWSession_GetArena
- *
- */
-NSS_IMPLEMENT NSSArena *
-nssCKFWSession_GetArena
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
-{
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSArena *)NULL;
- }
-
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwSession->arena;
-}
-
-/*
- * nssCKFWSession_CallNotification
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_CallNotification
-(
- NSSCKFWSession *fwSession,
- CK_NOTIFICATION event
-)
-{
- CK_RV error = CKR_OK;
- CK_SESSION_HANDLE handle;
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- if( (CK_NOTIFY)NULL == fwSession->Notify ) {
- return CKR_OK;
- }
-
- handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession);
- if( (CK_SESSION_HANDLE)0 == handle ) {
- return CKR_GENERAL_ERROR;
- }
-
- error = fwSession->Notify(handle, event, fwSession->pApplication);
-
- return error;
-}
-
-/*
- * nssCKFWSession_IsRWSession
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWSession_IsRWSession
-(
- NSSCKFWSession *fwSession
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- return fwSession->rw;
-}
-
-/*
- * nssCKFWSession_IsSO
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWSession_IsSO
-(
- NSSCKFWSession *fwSession
-)
-{
- CK_STATE state;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- state = nssCKFWToken_GetSessionState(fwSession->fwToken);
- switch( state ) {
- case CKS_RO_PUBLIC_SESSION:
- case CKS_RO_USER_FUNCTIONS:
- case CKS_RW_PUBLIC_SESSION:
- case CKS_RW_USER_FUNCTIONS:
- return CK_FALSE;
- case CKS_RW_SO_FUNCTIONS:
- return CK_TRUE;
- default:
- return CK_FALSE;
- }
-}
-
-/*
- * nssCKFWSession_GetFWSlot
- *
- */
-NSS_IMPLEMENT NSSCKFWSlot *
-nssCKFWSession_GetFWSlot
-(
- NSSCKFWSession *fwSession
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return (NSSCKFWSlot *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return nssCKFWToken_GetFWSlot(fwSession->fwToken);
-}
-
-/*
- * nssCFKWSession_GetSessionState
- *
- */
-NSS_IMPLEMENT CK_STATE
-nssCKFWSession_GetSessionState
-(
- NSSCKFWSession *fwSession
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CKS_RO_PUBLIC_SESSION; /* whatever */
- }
-#endif /* NSSDEBUG */
-
- return nssCKFWToken_GetSessionState(fwSession->fwToken);
-}
-
-/*
- * nssCKFWSession_SetFWFindObjects
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_SetFWFindObjects
-(
- NSSCKFWSession *fwSession,
- NSSCKFWFindObjects *fwFindObjects
-)
-{
-#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
-#endif /* NSSDEBUG */
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- /* fwFindObjects may be null */
-#endif /* NSSDEBUG */
-
- if( ((NSSCKFWFindObjects *)NULL != fwSession->fwFindObjects) &&
- ((NSSCKFWFindObjects *)NULL != fwFindObjects) ) {
- return CKR_OPERATION_ACTIVE;
- }
-
- fwSession->fwFindObjects = fwFindObjects;
-
- return CKR_OK;
-}
-
-/*
- * nssCKFWSession_GetFWFindObjects
- *
- */
-NSS_IMPLEMENT NSSCKFWFindObjects *
-nssCKFWSession_GetFWFindObjects
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
-{
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWFindObjects *)NULL;
- }
-
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (NSSCKFWFindObjects *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSCKFWFindObjects *)NULL == fwSession->fwFindObjects ) {
- *pError = CKR_OPERATION_NOT_INITIALIZED;
- return (NSSCKFWFindObjects *)NULL;
- }
-
- return fwSession->fwFindObjects;
-}
-
-/*
- * nssCKFWSession_SetMDSession
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_SetMDSession
-(
- NSSCKFWSession *fwSession,
- NSSCKMDSession *mdSession
-)
-{
-#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
-#endif /* NSSDEBUG */
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSCKMDSession *)NULL == mdSession ) {
- return CKR_ARGUMENTS_BAD;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSCKMDSession *)NULL != fwSession->mdSession ) {
- return CKR_GENERAL_ERROR;
- }
-
- fwSession->mdSession = mdSession;
-
- return CKR_OK;
-}
-
-/*
- * nssCKFWSession_SetHandle
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_SetHandle
-(
- NSSCKFWSession *fwSession,
- CK_SESSION_HANDLE hSession
-)
-{
-#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
-#endif /* NSSDEBUG */
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- if( (CK_SESSION_HANDLE)0 != fwSession->hSession ) {
- return CKR_GENERAL_ERROR;
- }
-
- fwSession->hSession = hSession;
-
- return CKR_OK;
-}
-
-/*
- * nssCKFWSession_GetHandle
- *
- */
-NSS_IMPLEMENT CK_SESSION_HANDLE
-nssCKFWSession_GetHandle
-(
- NSSCKFWSession *fwSession
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return (NSSCKMDSession *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwSession->hSession;
-}
-
-/*
- * nssCKFWSession_RegisterSessionObject
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_RegisterSessionObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-)
-{
- CK_RV rv = CKR_OK;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CKR_GENERAL_ERROR;
- }
-#endif /* NSSDEBUG */
-
- if( (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) {
- rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
- }
-
- return rv;
-}
-
-/*
- * nssCKFWSession_DeregisterSessionObject
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_DeregisterSessionObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CKR_GENERAL_ERROR;
- }
-#endif /* NSSDEBUG */
-
- if( (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) {
- nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject);
- }
-
- return CKR_OK;
-}
-
-/*
- * nssCKFWSession_GetDeviceError
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWSession_GetDeviceError
-(
- NSSCKFWSession *fwSession
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return (CK_ULONG)0;
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- return (CK_ULONG)0;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwSession->mdSession->GetDeviceError ) {
- return (CK_ULONG)0;
- }
-
- return fwSession->mdSession->GetDeviceError(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance);
-}
-
-/*
- * nssCKFWSession_Login
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_Login
-(
- NSSCKFWSession *fwSession,
- CK_USER_TYPE userType,
- NSSItem *pin
-)
-{
- CK_RV error = CKR_OK;
- CK_STATE oldState;
- CK_STATE newState;
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- switch( userType ) {
- case CKU_SO:
- case CKU_USER:
- break;
- default:
- return CKR_USER_TYPE_INVALID;
- }
-
- if( (NSSItem *)NULL == pin ) {
- if( CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken) ) {
- return CKR_ARGUMENTS_BAD;
- }
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- return CKR_GENERAL_ERROR;
- }
-#endif /* NSSDEBUG */
-
- oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
-
- /*
- * It's not clear what happens when you're already logged in.
- * I'll just fail; but if we decide to change, the logic is
- * all right here.
- */
-
- if( CKU_SO == userType ) {
- switch( oldState ) {
- case CKS_RO_PUBLIC_SESSION:
- /*
- * There's no such thing as a read-only security officer
- * session, so fail. The error should be CKR_SESSION_READ_ONLY,
- * except that C_Login isn't defined to return that. So we'll
- * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented.
- */
- return CKR_SESSION_READ_ONLY_EXISTS;
- case CKS_RO_USER_FUNCTIONS:
- return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
- case CKS_RW_PUBLIC_SESSION:
- newState = CKS_RW_SO_FUNCTIONS;
- break;
- case CKS_RW_USER_FUNCTIONS:
- return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
- case CKS_RW_SO_FUNCTIONS:
- return CKR_USER_ALREADY_LOGGED_IN;
- default:
- return CKR_GENERAL_ERROR;
- }
- } else /* CKU_USER == userType */ {
- switch( oldState ) {
- case CKS_RO_PUBLIC_SESSION:
- newState = CKS_RO_USER_FUNCTIONS;
- break;
- case CKS_RO_USER_FUNCTIONS:
- return CKR_USER_ALREADY_LOGGED_IN;
- case CKS_RW_PUBLIC_SESSION:
- newState = CKS_RW_USER_FUNCTIONS;
- break;
- case CKS_RW_USER_FUNCTIONS:
- return CKR_USER_ALREADY_LOGGED_IN;
- case CKS_RW_SO_FUNCTIONS:
- return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
- default:
- return CKR_GENERAL_ERROR;
- }
- }
-
- /*
- * So now we're in one of three cases:
- *
- * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS;
- * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS;
- * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS;
- */
-
- if( (void *)NULL == (void *)fwSession->mdSession->Login ) {
- /*
- * The Module doesn't want to be informed (or check the pin)
- * it'll just rely on the Framework as needed.
- */
- ;
- } else {
- error = fwSession->mdSession->Login(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, userType, pin, oldState, newState);
- if( CKR_OK != error ) {
- return error;
- }
- }
-
- (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
- return CKR_OK;
-}
-
-/*
- * nssCKFWSession_Logout
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_Logout
-(
- NSSCKFWSession *fwSession
-)
-{
- CK_RV error = CKR_OK;
- CK_STATE oldState;
- CK_STATE newState;
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- return CKR_GENERAL_ERROR;
- }
-#endif /* NSSDEBUG */
-
- oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
-
- switch( oldState ) {
- case CKS_RO_PUBLIC_SESSION:
- return CKR_USER_NOT_LOGGED_IN;
- case CKS_RO_USER_FUNCTIONS:
- newState = CKS_RO_PUBLIC_SESSION;
- break;
- case CKS_RW_PUBLIC_SESSION:
- return CKR_USER_NOT_LOGGED_IN;
- case CKS_RW_USER_FUNCTIONS:
- newState = CKS_RW_PUBLIC_SESSION;
- break;
- case CKS_RW_SO_FUNCTIONS:
- newState = CKS_RW_PUBLIC_SESSION;
- break;
- default:
- return CKR_GENERAL_ERROR;
- }
-
- /*
- * So now we're in one of three cases:
- *
- * Old == CKS_RW_SO_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
- * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
- * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION;
- */
-
- if( (void *)NULL == (void *)fwSession->mdSession->Logout ) {
- /*
- * The Module doesn't want to be informed. Okay.
- */
- ;
- } else {
- error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, oldState, newState);
- if( CKR_OK != error ) {
- /*
- * Now what?! A failure really should end up with the Framework
- * considering it logged out, right?
- */
- ;
- }
- }
-
- (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
- return error;
-}
-
-/*
- * nssCKFWSession_InitPIN
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_InitPIN
-(
- NSSCKFWSession *fwSession,
- NSSItem *pin
-)
-{
- CK_RV error = CKR_OK;
- CK_STATE state;
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- return CKR_GENERAL_ERROR;
- }
-#endif /* NSSDEBUG */
-
- state = nssCKFWToken_GetSessionState(fwSession->fwToken);
- if( CKS_RW_SO_FUNCTIONS != state ) {
- return CKR_USER_NOT_LOGGED_IN;
- }
-
- if( (NSSItem *)NULL == pin ) {
- CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
- if( CK_TRUE != has ) {
- return CKR_ARGUMENTS_BAD;
- }
- }
-
- if( (void *)NULL == (void *)fwSession->mdSession->InitPIN ) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
-
- error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, pin);
-
- return error;
-}
-
-/*
- * nssCKFWSession_SetPIN
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_SetPIN
-(
- NSSCKFWSession *fwSession,
- NSSItem *newPin,
- NSSItem *oldPin
-)
-{
- CK_RV error = CKR_OK;
- CK_STATE state;
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- return CKR_GENERAL_ERROR;
- }
-#endif /* NSSDEBUG */
-
- state = nssCKFWToken_GetSessionState(fwSession->fwToken);
- if( (CKS_RW_SO_FUNCTIONS != state) &&
- (CKS_RW_USER_FUNCTIONS != state) ) {
- return CKR_USER_NOT_LOGGED_IN;
- }
-
- if( (NSSItem *)NULL == newPin ) {
- CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
- if( CK_TRUE != has ) {
- return CKR_ARGUMENTS_BAD;
- }
- }
-
- if( (NSSItem *)NULL == oldPin ) {
- CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
- if( CK_TRUE != has ) {
- return CKR_ARGUMENTS_BAD;
- }
- }
-
- if( (void *)NULL == (void *)fwSession->mdSession->SetPIN ) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
-
- error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, newPin, oldPin);
-
- return error;
-}
-
-/*
- * nssCKFWSession_GetOperationStateLen
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWSession_GetOperationStateLen
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
-{
- CK_ULONG mdAmt;
- CK_ULONG fwAmt;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (CK_ULONG)0;
- }
-
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- *pError = CKR_GENERAL_ERROR;
- return (CK_ULONG)0;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwSession->mdSession->GetOperationStateLen ) {
- *pError = CKR_STATE_UNSAVEABLE;
- }
-
- /*
- * We could check that the session is actually in some state..
- */
-
- mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, pError);
-
- if( ((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError) ) {
- return (CK_ULONG)0;
- }
-
- /*
- * Add a bit of sanity-checking
- */
- fwAmt = mdAmt + 2*sizeof(CK_ULONG);
-
- return fwAmt;
-}
-
-/*
- * nssCKFWSession_GetOperationState
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_GetOperationState
-(
- NSSCKFWSession *fwSession,
- NSSItem *buffer
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG fwAmt;
- CK_ULONG *ulBuffer;
- NSSItem i2;
- CK_ULONG n, i;
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSItem *)NULL == buffer ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if( (void *)NULL == buffer->data ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- return CKR_GENERAL_ERROR;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwSession->mdSession->GetOperationState ) {
- return CKR_STATE_UNSAVEABLE;
- }
-
- /*
- * Sanity-check the caller's buffer.
- */
-
- error = CKR_OK;
- fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error);
- if( ((CK_ULONG)0 == fwAmt) && (CKR_OK != error) ) {
- return error;
- }
-
- if( buffer->size < fwAmt ) {
- return CKR_BUFFER_TOO_SMALL;
- }
-
- ulBuffer = (CK_ULONG *)buffer->data;
-
- i2.size = buffer->size - 2*sizeof(CK_ULONG);
- i2.data = (void *)&ulBuffer[2];
-
- error = fwSession->mdSession->GetOperationState(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance, &i2);
-
- if( CKR_OK != error ) {
- return error;
- }
-
- /*
- * Add a little integrety/identity check.
- * NOTE: right now, it's pretty stupid.
- * A CRC or something would be better.
- */
-
- ulBuffer[0] = 0x434b4657; /* CKFW */
- ulBuffer[1] = 0;
- n = i2.size/sizeof(CK_ULONG);
- for( i = 0; i < n; i++ ) {
- ulBuffer[1] ^= ulBuffer[2+i];
- }
-
- return CKR_OK;
-}
-
-/*
- * nssCKFWSession_SetOperationState
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_SetOperationState
-(
- NSSCKFWSession *fwSession,
- NSSItem *state,
- NSSCKFWObject *encryptionKey,
- NSSCKFWObject *authenticationKey
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG *ulBuffer;
- CK_ULONG n, i;
- CK_ULONG x;
- NSSItem s;
- NSSCKMDObject *mdek;
- NSSCKMDObject *mdak;
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSItem *)NULL == state ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if( (void *)NULL == state->data ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if( (NSSCKFWObject *)NULL != encryptionKey ) {
- error = nssCKFWObject_verifyPointer(encryptionKey);
- if( CKR_OK != error ) {
- return error;
- }
- }
-
- if( (NSSCKFWObject *)NULL != authenticationKey ) {
- error = nssCKFWObject_verifyPointer(authenticationKey);
- if( CKR_OK != error ) {
- return error;
- }
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- return CKR_GENERAL_ERROR;
- }
-#endif /* NSSDEBUG */
-
- ulBuffer = (CK_ULONG *)state->data;
- if( 0x43b4657 != ulBuffer[0] ) {
- return CKR_SAVED_STATE_INVALID;
- }
- n = (state->size / sizeof(CK_ULONG)) - 2;
- x = (CK_ULONG)0;
- for( i = 0; i < n; i++ ) {
- x ^= ulBuffer[2+i];
- }
-
- if( x != ulBuffer[1] ) {
- return CKR_SAVED_STATE_INVALID;
- }
-
- if( (void *)NULL == (void *)fwSession->mdSession->SetOperationState ) {
- return CKR_GENERAL_ERROR;
- }
-
- s.size = state->size - 2*sizeof(CK_ULONG);
- s.data = (void *)&ulBuffer[2];
-
- if( (NSSCKFWObject *)NULL != encryptionKey ) {
- mdek = nssCKFWObject_GetMDObject(encryptionKey);
- } else {
- mdek = (NSSCKMDObject *)NULL;
- }
-
- if( (NSSCKFWObject *)NULL != authenticationKey ) {
- mdak = nssCKFWObject_GetMDObject(authenticationKey);
- } else {
- mdak = (NSSCKMDObject *)NULL;
- }
-
- error = fwSession->mdSession->SetOperationState(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey);
-
- if( CKR_OK != error ) {
- return error;
- }
-
- /*
- * Here'd we restore any session data
- */
-
- return CKR_OK;
-}
-
-static CK_BBOOL
-nss_attributes_form_token_object
-(
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount
-)
-{
- CK_ULONG i;
- CK_BBOOL rv;
-
- for( i = 0; i < ulAttributeCount; i++ ) {
- if( CKA_TOKEN == pTemplate[i].type ) {
- /* If we sanity-check, we can remove this sizeof check */
- if( sizeof(CK_BBOOL) == pTemplate[i].ulValueLen ) {
- (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL));
- return rv;
- } else {
- return CK_FALSE;
- }
- }
- }
-
- return CK_FALSE;
-}
-
-/*
- * nssCKFWSession_CreateObject
- *
- */
-NSS_IMPLEMENT NSSCKFWObject *
-nssCKFWSession_CreateObject
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
-{
- NSSArena *arena;
- NSSCKMDObject *mdObject;
- NSSCKFWObject *fwObject;
- CK_BBOOL isTokenObject;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWObject *)NULL;
- }
-
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != pError ) {
- return (NSSCKFWObject *)NULL;
- }
-
- if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWObject *)NULL;
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWObject *)NULL;
- }
-#endif /* NSSDEBUG */
-
- /*
- * Here would be an excellent place to sanity-check the object.
- */
-
- isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount);
- if( CK_TRUE == isTokenObject ) {
- /* === TOKEN OBJECT === */
-
- if( (void *)NULL == (void *)fwSession->mdSession->CreateObject ) {
- *pError = CKR_TOKEN_WRITE_PROTECTED;
- return (NSSCKFWObject *)NULL;
- }
-
- arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
- if( (NSSArena *)NULL == arena ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWObject *)NULL;
- }
-
- goto callmdcreateobject;
- } else {
- /* === SESSION OBJECT === */
-
- arena = nssCKFWSession_GetArena(fwSession, pError);
- if( (NSSArena *)NULL == arena ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWObject *)NULL;
- }
-
- if( CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
- fwSession->fwInstance) ) {
- /* --- module handles the session object -- */
-
- if( (void *)NULL == (void *)fwSession->mdSession->CreateObject ) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWObject *)NULL;
- }
-
- goto callmdcreateobject;
- } else {
- /* --- framework handles the session object -- */
- mdObject = nssCKMDSessionObject_Create(fwSession->fwToken,
- arena, pTemplate, ulAttributeCount, pError);
- goto gotmdobject;
- }
- }
-
- callmdcreateobject:
- mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate,
- ulAttributeCount, pError);
-
- gotmdobject:
- if( (NSSCKMDObject *)NULL == mdObject ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWObject *)NULL;
- }
-
- fwObject = nssCKFWObject_Create(arena, mdObject, fwSession,
- fwSession->fwToken, fwSession->fwInstance, pError);
- if( (NSSCKFWObject *)NULL == fwObject ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
-
- if( (void *)NULL != (void *)mdObject->Destroy ) {
- (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL,
- fwSession->mdSession, fwSession, fwSession->mdToken,
- fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance);
- }
-
- return (NSSCKFWObject *)NULL;
- }
-
- if( CK_FALSE == isTokenObject ) {
- if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject) ) {
- *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
- if( CKR_OK != *pError ) {
- nssCKFWObject_Finalize(fwObject);
- return (NSSCKFWObject *)NULL;
- }
- }
- }
-
- return fwObject;
-}
-
-/*
- * nssCKFWSession_CopyObject
- *
- */
-NSS_IMPLEMENT NSSCKFWObject *
-nssCKFWSession_CopyObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
-{
- CK_BBOOL oldIsToken;
- CK_BBOOL newIsToken;
- CK_ULONG i;
- NSSCKFWObject *rv;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWObject *)NULL;
- }
-
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (NSSCKFWObject *)NULL;
- }
-
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (NSSCKFWObject *)NULL;
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWObject *)NULL;
- }
-#endif /* NSSDEBUG */
-
- /*
- * Sanity-check object
- */
-
- oldIsToken = nssCKFWObject_IsTokenObject(fwObject);
-
- newIsToken = oldIsToken;
- for( i = 0; i < ulAttributeCount; i++ ) {
- if( CKA_TOKEN == pTemplate[i].type ) {
- /* Since we sanity-checked the object, we know this is the right size. */
- (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
- break;
- }
- }
-
- /*
- * If the Module handles its session objects, or if both the new
- * and old object are token objects, use CopyObject if it exists.
- */
-
- if( ((void *)NULL != (void *)fwSession->mdSession->CopyObject) &&
- (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) ||
- (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
- fwSession->fwInstance))) ) {
- /* use copy object */
- NSSArena *arena;
- NSSCKMDObject *mdOldObject;
- NSSCKMDObject *mdObject;
-
- mdOldObject = nssCKFWObject_GetMDObject(fwObject);
-
- if( CK_TRUE == newIsToken ) {
- arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
- } else {
- arena = nssCKFWSession_GetArena(fwSession, pError);
- }
- if( (NSSArena *)NULL == arena ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWObject *)NULL;
- }
-
- mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance, mdOldObject,
- fwObject, arena, pTemplate, ulAttributeCount, pError);
- if( (NSSCKMDObject *)NULL == mdObject ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWObject *)NULL;
- }
-
- rv = nssCKFWObject_Create(arena, mdObject, fwSession,
- fwSession->fwToken, fwSession->fwInstance, pError);
- if( (NSSCKFWObject *)NULL == fwObject ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
-
- if( (void *)NULL != (void *)mdObject->Destroy ) {
- (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL,
- fwSession->mdSession, fwSession, fwSession->mdToken,
- fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance);
- }
-
- return (NSSCKFWObject *)NULL;
- }
-
- if( CK_FALSE == newIsToken ) {
- if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv) ) {
- *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv);
- if( CKR_OK != *pError ) {
- nssCKFWObject_Finalize(rv);
- return (NSSCKFWObject *)NULL;
- }
- }
- }
-
- return rv;
- } else {
- /* use create object */
- NSSArena *tmpArena;
- CK_ATTRIBUTE_PTR newTemplate;
- CK_ULONG i, j, n, newLength, k;
- CK_ATTRIBUTE_TYPE_PTR oldTypes;
- NSSCKFWObject *rv;
-
- tmpArena = NSSArena_Create();
- if( (NSSArena *)NULL == tmpArena ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWObject *)NULL;
- }
-
- n = nssCKFWObject_GetAttributeCount(fwObject, pError);
- if( (0 == n) && (CKR_OK != *pError) ) {
- return (NSSCKFWObject *)NULL;
- }
-
- oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n);
- if( (CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes ) {
- NSSArena_Destroy(tmpArena);
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWObject *)NULL;
- }
-
- *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n);
- if( CKR_OK != *pError ) {
- NSSArena_Destroy(tmpArena);
- return (NSSCKFWObject *)NULL;
- }
-
- newLength = n;
- for( i = 0; i < ulAttributeCount; i++ ) {
- for( j = 0; j < n; j++ ) {
- if( oldTypes[j] == pTemplate[i].type ) {
- if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) {
- /* Removing the attribute */
- newLength--;
- }
- break;
- }
- }
- if( j == n ) {
- /* Not found */
- newLength++;
- }
- }
-
- newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength);
- if( (CK_ATTRIBUTE_PTR)NULL == newTemplate ) {
- NSSArena_Destroy(tmpArena);
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWObject *)NULL;
- }
-
- k = 0;
- for( j = 0; j < n; j++ ) {
- for( i = 0; i < ulAttributeCount; i++ ) {
- if( oldTypes[j] == pTemplate[i].type ) {
- if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) {
- /* This attribute is being deleted */
- ;
- } else {
- /* This attribute is being replaced */
- newTemplate[k].type = pTemplate[i].type;
- newTemplate[k].pValue = pTemplate[i].pValue;
- newTemplate[k].ulValueLen = pTemplate[i].ulValueLen;
- k++;
- }
- break;
- }
- }
- if( i == ulAttributeCount ) {
- /* This attribute is being copied over from the old object */
- NSSItem item, *it;
- item.size = 0;
- item.data = (void *)NULL;
- it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j],
- &item, tmpArena, pError);
- if( (NSSItem *)NULL == it ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- NSSArena_Destroy(tmpArena);
- return (NSSCKFWObject *)NULL;
- }
- newTemplate[k].type = oldTypes[j];
- newTemplate[k].pValue = it->data;
- newTemplate[k].ulValueLen = it->size;
- k++;
- }
- }
- /* assert that k == newLength */
-
- rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError);
- if( (NSSCKFWObject *)NULL == rv ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- NSSArena_Destroy(tmpArena);
- return (NSSCKFWObject *)NULL;
- }
-
- NSSArena_Destroy(tmpArena);
- return rv;
- }
-}
-
-/*
- * nssCKFWSession_FindObjectsInit
- *
- */
-NSS_IMPLEMENT NSSCKFWFindObjects *
-nssCKFWSession_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
-{
- NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL;
- NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWFindObjects *)NULL;
- }
-
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (NSSCKFWFindObjects *)NULL;
- }
-
- if( ((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0) ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWFindObjects *)NULL;
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWFindObjects *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
- fwSession->fwInstance) ) {
- CK_ULONG i;
-
- /*
- * Does the search criteria restrict us to token or session
- * objects?
- */
-
- for( i = 0; i < ulAttributeCount; i++ ) {
- if( CKA_TOKEN == pTemplate[i].type ) {
- /* Yes, it does. */
- CK_BBOOL isToken;
- if( sizeof(CK_BBOOL) != pTemplate[i].ulValueLen ) {
- *pError = CKR_ATTRIBUTE_VALUE_INVALID;
- return (NSSCKFWFindObjects *)NULL;
- }
- (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
-
- if( CK_TRUE == isToken ) {
- /* Pass it on to the module's search routine */
- if( (void *)NULL == (void *)fwSession->mdSession->FindObjectsInit ) {
- goto wrap;
- }
-
- mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance,
- pTemplate, ulAttributeCount, pError);
- } else {
- /* Do the search ourselves */
- mdfo1 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
- pTemplate, ulAttributeCount, pError);
- }
-
- if( (NSSCKMDFindObjects *)NULL == mdfo1 ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWFindObjects *)NULL;
- }
-
- goto wrap;
- }
- }
-
- if( i == ulAttributeCount ) {
- /* No, it doesn't. Do a hybrid search. */
- mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance,
- pTemplate, ulAttributeCount, pError);
-
- if( (NSSCKMDFindObjects *)NULL == mdfo1 ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWFindObjects *)NULL;
- }
-
- mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
- pTemplate, ulAttributeCount, pError);
- if( (NSSCKMDFindObjects *)NULL == mdfo2 ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- if( (void *)NULL != (void *)mdfo1->Final ) {
- mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance);
- }
- return (NSSCKFWFindObjects *)NULL;
- }
-
- goto wrap;
- }
- /*NOTREACHED*/
- } else {
- /* Module handles all its own objects. Pass on to module's search */
- mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance,
- pTemplate, ulAttributeCount, pError);
-
- if( (NSSCKMDFindObjects *)NULL == mdfo1 ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWFindObjects *)NULL;
- }
-
- goto wrap;
- }
-
- wrap:
- return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken,
- fwSession->fwInstance, mdfo1, mdfo2, pError);
-}
-
-/*
- * nssCKFWSession_SeedRandom
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_SeedRandom
-(
- NSSCKFWSession *fwSession,
- NSSItem *seed
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSItem *)NULL == seed ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if( (void *)NULL == seed->data ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if( 0 == seed->size ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- return CKR_GENERAL_ERROR;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwSession->mdSession->SeedRandom ) {
- return CKR_RANDOM_SEED_NOT_SUPPORTED;
- }
-
- error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, seed);
-
- return error;
-}
-
-/*
- * nssCKFWSession_GetRandom
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_GetRandom
-(
- NSSCKFWSession *fwSession,
- NSSItem *buffer
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSItem *)NULL == buffer ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if( (void *)NULL == buffer->data ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
- return CKR_GENERAL_ERROR;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwSession->mdSession->GetRandom ) {
- if( CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken) ) {
- return CKR_GENERAL_ERROR;
- } else {
- return CKR_RANDOM_NO_RNG;
- }
- }
-
- if( 0 == buffer->size ) {
- return CKR_OK;
- }
-
- error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, buffer);
-
- return error;
-}
-
-/*
- * NSSCKFWSession_GetMDSession
- *
- */
-
-NSS_IMPLEMENT NSSCKMDSession *
-NSSCKFWSession_GetMDSession
-(
- NSSCKFWSession *fwSession
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return (NSSCKMDSession *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWSession_GetMDSession(fwSession);
-}
-
-/*
- * NSSCKFWSession_GetArena
- *
- */
-
-NSS_IMPLEMENT NSSArena *
-NSSCKFWSession_GetArena
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
-{
-#ifdef DEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSArena *)NULL;
- }
-
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWSession_GetArena(fwSession, pError);
-}
-
-/*
- * NSSCKFWSession_CallNotification
- *
- */
-
-NSS_IMPLEMENT CK_RV
-NSSCKFWSession_CallNotification
-(
- NSSCKFWSession *fwSession,
- CK_NOTIFICATION event
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef DEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* DEBUG */
-
- return nssCKFWSession_CallNotification(fwSession, event);
-}
-
-/*
- * NSSCKFWSession_IsRWSession
- *
- */
-
-NSS_IMPLEMENT CK_BBOOL
-NSSCKFWSession_IsRWSession
-(
- NSSCKFWSession *fwSession
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CK_FALSE;
- }
-#endif /* DEBUG */
-
- return nssCKFWSession_IsRWSession(fwSession);
-}
-
-/*
- * NSSCKFWSession_IsSO
- *
- */
-
-NSS_IMPLEMENT CK_BBOOL
-NSSCKFWSession_IsSO
-(
- NSSCKFWSession *fwSession
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CK_FALSE;
- }
-#endif /* DEBUG */
-
- return nssCKFWSession_IsSO(fwSession);
-}
diff --git a/security/nss/lib/ckfw/sessobj.c b/security/nss/lib/ckfw/sessobj.c
deleted file mode 100644
index 28555f408..000000000
--- a/security/nss/lib/ckfw/sessobj.c
+++ /dev/null
@@ -1,1090 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * sessobj.c
- *
- * This file contains an NSSCKMDObject implementation for session
- * objects. The framework uses this implementation to manage
- * session objects when a Module doesn't wish to be bothered.
- */
-
-#ifndef CK_T
-#include "ck.h"
-#endif /* CK_T */
-
-/*
- * nssCKMDSessionObject
- *
- * -- create --
- * nssCKMDSessionObject_Create
- *
- * -- EPV calls --
- * nss_ckmdSessionObject_Finalize
- * nss_ckmdSessionObject_IsTokenObject
- * nss_ckmdSessionObject_GetAttributeCount
- * nss_ckmdSessionObject_GetAttributeTypes
- * nss_ckmdSessionObject_GetAttributeSize
- * nss_ckmdSessionObject_GetAttribute
- * nss_ckmdSessionObject_SetAttribute
- * nss_ckmdSessionObject_GetObjectSize
- */
-
-struct nssCKMDSessionObjectStr {
- CK_ULONG n;
- NSSArena *arena;
- NSSItem *attributes;
- CK_ATTRIBUTE_TYPE_PTR types;
- nssCKFWHash *hash;
-};
-typedef struct nssCKMDSessionObjectStr nssCKMDSessionObject;
-
-#ifdef DEBUG
-/*
- * But first, the pointer-tracking stuff.
- *
- * NOTE: the pointer-tracking support in NSS/base currently relies
- * upon NSPR's CallOnce support. That, however, relies upon NSPR's
- * locking, which is tied into the runtime. We need a pointer-tracker
- * implementation that uses the locks supplied through C_Initialize.
- * That support, however, can be filled in later. So for now, I'll
- * just do this routines as no-ops.
- */
-
-static CK_RV
-nss_ckmdSessionObject_add_pointer
-(
- const NSSCKMDObject *mdObject
-)
-{
- return CKR_OK;
-}
-
-static CK_RV
-nss_ckmdSessionObject_remove_pointer
-(
- const NSSCKMDObject *mdObject
-)
-{
- return CKR_OK;
-}
-
-static CK_RV
-nss_ckmdSessionObject_verifyPointer
-(
- const NSSCKMDObject *mdObject
-)
-{
- return CKR_OK;
-}
-
-#endif /* DEBUG */
-
-/*
- * We must forward-declare these routines
- */
-static void
-nss_ckmdSessionObject_Finalize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-);
-
-static CK_RV
-nss_ckmdSessionObject_Destroy
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-);
-
-static CK_BBOOL
-nss_ckmdSessionObject_IsTokenObject
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-);
-
-static CK_ULONG
-nss_ckmdSessionObject_GetAttributeCount
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
-
-static CK_RV
-nss_ckmdSessionObject_GetAttributeTypes
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-);
-
-static CK_ULONG
-nss_ckmdSessionObject_GetAttributeSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-);
-
-static NSSItem *
-nss_ckmdSessionObject_GetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-);
-
-static CK_RV
-nss_ckmdSessionObject_SetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
-);
-
-static CK_ULONG
-nss_ckmdSessionObject_GetObjectSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
-
-/*
- * nssCKMDSessionObject_Create
- *
- */
-NSS_IMPLEMENT NSSCKMDObject *
-nssCKMDSessionObject_Create
-(
- NSSCKFWToken *fwToken,
- NSSArena *arena,
- CK_ATTRIBUTE_PTR attributes,
- CK_ULONG ulCount,
- CK_RV *pError
-)
-{
- NSSCKMDObject *mdObject = (NSSCKMDObject *)NULL;
- nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)NULL;
- CK_ULONG i;
- nssCKFWHash *hash;
-
- mdso = nss_ZNEW(arena, nssCKMDSessionObject);
- if( (nssCKMDSessionObject *)NULL == mdso ) {
- goto loser;
- }
-
- mdso->arena = arena;
- mdso->n = ulCount;
- mdso->attributes = nss_ZNEWARRAY(arena, NSSItem, ulCount);
- if( (NSSItem *)NULL == mdso->attributes ) {
- goto loser;
- }
-
- mdso->types = nss_ZNEWARRAY(arena, CK_ATTRIBUTE_TYPE, ulCount);
-
- for( i = 0; i < ulCount; i++ ) {
- mdso->types[i] = attributes[i].type;
- mdso->attributes[i].size = attributes[i].ulValueLen;
- mdso->attributes[i].data = nss_ZAlloc(arena, attributes[i].ulValueLen);
- if( (void *)NULL == mdso->attributes[i].data ) {
- goto loser;
- }
- (void)nsslibc_memcpy(mdso->attributes[i].data, attributes[i].pValue,
- attributes[i].ulValueLen);
- }
-
- mdObject = nss_ZNEW(arena, NSSCKMDObject);
- if( (NSSCKMDObject *)NULL == mdObject ) {
- goto loser;
- }
-
- mdObject->etc = (void *)mdso;
- mdObject->Finalize = nss_ckmdSessionObject_Finalize;
- mdObject->Destroy = nss_ckmdSessionObject_Destroy;
- mdObject->IsTokenObject = nss_ckmdSessionObject_IsTokenObject;
- mdObject->GetAttributeCount = nss_ckmdSessionObject_GetAttributeCount;
- mdObject->GetAttributeTypes = nss_ckmdSessionObject_GetAttributeTypes;
- mdObject->GetAttributeSize = nss_ckmdSessionObject_GetAttributeSize;
- mdObject->GetAttribute = nss_ckmdSessionObject_GetAttribute;
- mdObject->SetAttribute = nss_ckmdSessionObject_SetAttribute;
- mdObject->GetObjectSize = nss_ckmdSessionObject_GetObjectSize;
-
- hash = nssCKFWToken_GetSessionObjectHash(fwToken);
- if( (nssCKFWHash *)NULL == hash ) {
- *pError = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- mdso->hash = hash;
-
- *pError = nssCKFWHash_Add(hash, mdObject, mdObject);
- if( CKR_OK != *pError ) {
- goto loser;
- }
-
-#ifdef DEBUG
- if( CKR_OK != nss_ckmdSessionObject_add_pointer(mdObject) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- *pError = CKR_OK;
- return mdObject;
-
- loser:
- if( (nssCKMDSessionObject *)NULL != mdso ) {
- if( (NSSItem *)NULL != mdso->attributes ) {
- for( i = 0; i < ulCount; i++ ) {
- nss_ZFreeIf(mdso->attributes[i].data);
- }
-
- nss_ZFreeIf(mdso->attributes);
- }
-
- nss_ZFreeIf(mdso->types);
- nss_ZFreeIf(mdso);
- }
-
- nss_ZFreeIf(mdObject);
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDObject *)NULL;
-}
-
-/*
- * nss_ckmdSessionObject_Finalize
- *
- */
-static void
-nss_ckmdSessionObject_Finalize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- /* This shouldn't ever be called */
- return;
-}
-
-/*
- * nss_ckmdSessionObject_Destroy
- *
- */
-
-static CK_RV
-nss_ckmdSessionObject_Destroy
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
-#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
-#endif /* NSSDEBUG */
- nssCKMDSessionObject *mdso;
- CK_ULONG i;
-
-#ifdef NSSDEBUG
- error = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- mdso = (nssCKMDSessionObject *)mdObject->etc;
-
- nssCKFWHash_Remove(mdso->hash, mdObject);
-
- for( i = 0; i < mdso->n; i++ ) {
- nss_ZFreeIf(mdso->attributes[i].data);
- }
- nss_ZFreeIf(mdso->attributes);
- nss_ZFreeIf(mdso->types);
- nss_ZFreeIf(mdso);
- nss_ZFreeIf(mdObject);
-
-#ifdef DEBUG
- (void)nss_ckmdSessionObject_remove_pointer(mdObject);
-#endif /* DEBUG */
-
- return CKR_OK;
-}
-
-/*
- * nss_ckmdSessionObject_IsTokenObject
- *
- */
-
-static CK_BBOOL
-nss_ckmdSessionObject_IsTokenObject
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nss_ckmdSessionObject_verifyPointer(mdObject) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- /*
- * This implementation is only ever used for session objects.
- */
- return CK_FALSE;
-}
-
-/*
- * nss_ckmdSessionObject_GetAttributeCount
- *
- */
-static CK_ULONG
-nss_ckmdSessionObject_GetAttributeCount
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- nssCKMDSessionObject *obj;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return 0;
- }
-
- *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != *pError ) {
- return 0;
- }
-
- /* We could even check all the other arguments, for sanity. */
-#endif /* NSSDEBUG */
-
- obj = (nssCKMDSessionObject *)mdObject->etc;
-
- return obj->n;
-}
-
-/*
- * nss_ckmdSessionObject_GetAttributeTypes
- *
- */
-static CK_RV
-nss_ckmdSessionObject_GetAttributeTypes
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-)
-{
-#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
-#endif /* NSSDEBUG */
- nssCKMDSessionObject *obj;
-
-#ifdef NSSDEBUG
- error = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != error ) {
- return error;
- }
-
- /* We could even check all the other arguments, for sanity. */
-#endif /* NSSDEBUG */
-
- obj = (nssCKMDSessionObject *)mdObject->etc;
-
- if( ulCount < obj->n ) {
- return CKR_BUFFER_TOO_SMALL;
- }
-
- (void)nsslibc_memcpy(typeArray, obj->types,
- sizeof(CK_ATTRIBUTE_TYPE) * obj->n);
-
- return CKR_OK;
-}
-
-/*
- * nss_ckmdSessionObject_GetAttributeSize
- *
- */
-static CK_ULONG
-nss_ckmdSessionObject_GetAttributeSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
-{
- nssCKMDSessionObject *obj;
- CK_ULONG i;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return 0;
- }
-
- *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != *pError ) {
- return 0;
- }
-
- /* We could even check all the other arguments, for sanity. */
-#endif /* NSSDEBUG */
-
- obj = (nssCKMDSessionObject *)mdObject->etc;
-
- for( i = 0; i < obj->n; i++ ) {
- if( attribute == obj->types[i] ) {
- return (CK_ULONG)(obj->attributes[i].size);
- }
- }
-
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- return 0;
-}
-
-/*
- * nss_ckmdSessionObject_GetAttribute
- *
- */
-static NSSItem *
-nss_ckmdSessionObject_GetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
-{
- nssCKMDSessionObject *obj;
- CK_ULONG i;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return 0;
- }
-
- *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != *pError ) {
- return 0;
- }
-
- /* We could even check all the other arguments, for sanity. */
-#endif /* NSSDEBUG */
-
- obj = (nssCKMDSessionObject *)mdObject->etc;
-
- for( i = 0; i < obj->n; i++ ) {
- if( attribute == obj->types[i] ) {
- return &obj->attributes[i];
- }
- }
-
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- return 0;
-}
-
-/*
- * nss_ckmdSessionObject_SetAttribute
- *
- */
-
-/*
- * Okay, so this implementation sucks. It doesn't support removing
- * an attribute (if value == NULL), and could be more graceful about
- * memory. It should allow "blank" slots in the arrays, with some
- * invalid attribute type, and then it could support removal much
- * more easily. Do this later.
- */
-static CK_RV
-nss_ckmdSessionObject_SetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
-)
-{
- nssCKMDSessionObject *obj;
- CK_ULONG i;
- NSSItem n;
- NSSItem *ra;
- CK_ATTRIBUTE_TYPE_PTR rt;
-#ifdef NSSDEBUG
- CK_RV error;
-#endif /* NSSDEBUG */
-
-#ifdef NSSDEBUG
- error = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != error ) {
- return 0;
- }
-
- /* We could even check all the other arguments, for sanity. */
-#endif /* NSSDEBUG */
-
- obj = (nssCKMDSessionObject *)mdObject->etc;
-
- n.size = value->size;
- n.data = nss_ZAlloc(obj->arena, n.size);
- if( (void *)NULL == n.data ) {
- return CKR_HOST_MEMORY;
- }
- (void)nsslibc_memcpy(n.data, value->data, n.size);
-
- for( i = 0; i < obj->n; i++ ) {
- if( attribute == obj->types[i] ) {
- nss_ZFreeIf(obj->attributes[i].data);
- obj->attributes[i] = n;
- return CKR_OK;
- }
- }
-
- /*
- * It's new.
- */
-
- ra = (NSSItem *)nss_ZRealloc(obj->attributes, sizeof(NSSItem) * (obj->n + 1));
- if( (NSSItem *)NULL == ra ) {
- nss_ZFreeIf(n.data);
- return CKR_HOST_MEMORY;
- }
-
- rt = (CK_ATTRIBUTE_TYPE_PTR)nss_ZRealloc(obj->types, (obj->n + 1));
- if( (CK_ATTRIBUTE_TYPE_PTR)NULL == rt ) {
- nss_ZFreeIf(n.data);
- obj->attributes = (NSSItem *)nss_ZRealloc(ra, sizeof(NSSItem) * obj->n);
- if( (NSSItem *)NULL == obj->attributes ) {
- return CKR_GENERAL_ERROR;
- }
- return CKR_HOST_MEMORY;
- }
-
- obj->attributes = ra;
- obj->types = rt;
- obj->attributes[obj->n] = n;
- obj->types[obj->n] = attribute;
- obj->n++;
-
- return CKR_OK;
-}
-
-/*
- * nss_ckmdSessionObject_GetObjectSize
- *
- */
-static CK_ULONG
-nss_ckmdSessionObject_GetObjectSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
-{
- nssCKMDSessionObject *obj;
- CK_ULONG i;
- CK_ULONG rv = (CK_ULONG)0;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return 0;
- }
-
- *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != *pError ) {
- return 0;
- }
-
- /* We could even check all the other arguments, for sanity. */
-#endif /* NSSDEBUG */
-
- obj = (nssCKMDSessionObject *)mdObject->etc;
-
- for( i = 0; i < obj->n; i++ ) {
- rv += obj->attributes[i].size;
- }
-
- rv += sizeof(NSSItem) * obj->n;
- rv += sizeof(CK_ATTRIBUTE_TYPE) * obj->n;
- rv += sizeof(nssCKMDSessionObject);
-
- return rv;
-}
-
-/*
- * nssCKMDFindSessionObjects
- *
- * -- create --
- * nssCKMDFindSessionObjects_Create
- *
- * -- EPV calls --
- * nss_ckmdFindSessionObjects_Final
- * nss_ckmdFindSessionObjects_Next
- */
-
-struct nodeStr {
- struct nodeStr *next;
- NSSCKMDObject *mdObject;
-};
-
-struct nssCKMDFindSessionObjectsStr {
- NSSArena *arena;
- CK_RV error;
- CK_ATTRIBUTE_PTR pTemplate;
- CK_ULONG ulCount;
- struct nodeStr *list;
- nssCKFWHash *hash;
-
-};
-typedef struct nssCKMDFindSessionObjectsStr nssCKMDFindSessionObjects;
-
-#ifdef DEBUG
-/*
- * But first, the pointer-tracking stuff.
- *
- * NOTE: the pointer-tracking support in NSS/base currently relies
- * upon NSPR's CallOnce support. That, however, relies upon NSPR's
- * locking, which is tied into the runtime. We need a pointer-tracker
- * implementation that uses the locks supplied through C_Initialize.
- * That support, however, can be filled in later. So for now, I'll
- * just do this routines as no-ops.
- */
-
-static CK_RV
-nss_ckmdFindSessionObjects_add_pointer
-(
- const NSSCKMDFindObjects *mdFindObjects
-)
-{
- return CKR_OK;
-}
-
-static CK_RV
-nss_ckmdFindSessionObjects_remove_pointer
-(
- const NSSCKMDFindObjects *mdFindObjects
-)
-{
- return CKR_OK;
-}
-
-static CK_RV
-nss_ckmdFindSessionObjects_verifyPointer
-(
- const NSSCKMDFindObjects *mdFindObjects
-)
-{
- return CKR_OK;
-}
-
-#endif /* DEBUG */
-
-/*
- * We must forward-declare these routines.
- */
-static void
-nss_ckmdFindSessionObjects_Final
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-);
-
-static NSSCKMDObject *
-nss_ckmdFindSessionObjects_Next
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-);
-
-static CK_BBOOL
-items_match
-(
- NSSItem *a,
- CK_VOID_PTR pValue,
- CK_ULONG ulValueLen
-)
-{
- if( a->size != ulValueLen ) {
- return CK_FALSE;
- }
-
- if( PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL) ) {
- return CK_TRUE;
- } else {
- return CK_FALSE;
- }
-}
-
-/*
- * Our hashtable iterator
- */
-static void
-findfcn
-(
- const void *key,
- void *value,
- void *closure
-)
-{
- NSSCKMDObject *mdObject = (NSSCKMDObject *)value;
- nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)mdObject->etc;
- nssCKMDFindSessionObjects *mdfso = (nssCKMDFindSessionObjects *)closure;
- CK_ULONG i, j;
- struct nodeStr *node;
-
- if( CKR_OK != mdfso->error ) {
- return;
- }
-
- for( i = 0; i < mdfso->ulCount; i++ ) {
- CK_ATTRIBUTE_PTR p = &mdfso->pTemplate[i];
-
- for( j = 0; j < mdso->n; j++ ) {
- if( mdso->types[j] == p->type ) {
- if( !items_match(&mdso->attributes[j], p->pValue, p->ulValueLen) ) {
- return;
- } else {
- break;
- }
- }
- }
-
- if( j == mdso->n ) {
- /* Attribute not found */
- return;
- }
- }
-
- /* Matches */
- node = nss_ZNEW(mdfso->arena, struct nodeStr);
- if( (struct nodeStr *)NULL == node ) {
- mdfso->error = CKR_HOST_MEMORY;
- return;
- }
-
- node->mdObject = mdObject;
- node->next = mdfso->list;
- mdfso->list = node;
-
- return;
-}
-
-/*
- * nssCKMDFindSessionObjects_Create
- *
- */
-NSS_IMPLEMENT NSSCKMDFindObjects *
-nssCKMDFindSessionObjects_Create
-(
- NSSCKFWToken *fwToken,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_RV *pError
-)
-{
- NSSArena *arena;
- nssCKMDFindSessionObjects *mdfso;
- nssCKFWHash *hash;
- NSSCKMDFindObjects *rv;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKMDFindObjects *)NULL;
- }
-
- *pError = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != *pError ) {
- return (NSSCKMDFindObjects *)NULL;
- }
-
- if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKMDFindObjects *)NULL;
- }
-#endif /* NSSDEBUG */
-
- hash = nssCKFWToken_GetSessionObjectHash(fwToken);
- if( (nssCKFWHash *)NULL == hash ) {
- *pError= CKR_GENERAL_ERROR;
- return (NSSCKMDFindObjects *)NULL;
- }
-
- arena = NSSArena_Create();
- if( (NSSArena *)NULL == arena ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDFindObjects *)NULL;
- }
-
- mdfso = nss_ZNEW(arena, nssCKMDFindSessionObjects);
- if( (nssCKMDFindSessionObjects *)NULL == mdfso ) {
- NSSArena_Destroy(arena);
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDFindObjects *)NULL;
- }
-
- rv = nss_ZNEW(arena, NSSCKMDFindObjects);
-
- mdfso->error = CKR_OK;
- mdfso->pTemplate = pTemplate;
- mdfso->ulCount = ulCount;
- mdfso->hash = hash;
-
- nssCKFWHash_Iterate(hash, findfcn, mdfso);
-
- if( CKR_OK != mdfso->error ) {
- NSSArena_Destroy(arena);
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDFindObjects *)NULL;
- }
-
- rv->etc = (void *)mdfso;
- rv->Final = nss_ckmdFindSessionObjects_Final;
- rv->Next = nss_ckmdFindSessionObjects_Next;
-
-#ifdef DEBUG
- if( *pError != nss_ckmdFindSessionObjects_add_pointer(rv) ) {
- NSSArena_Destroy(arena);
- return (NSSCKMDFindObjects *)NULL;
- }
-#endif /* DEBUG */
-
- return rv;
-}
-
-static void
-nss_ckmdFindSessionObjects_Final
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
-{
- nssCKMDFindSessionObjects *mdfso;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects) ) {
- return;
- }
-#endif /* NSSDEBUG */
-
- mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc;
- NSSArena_Destroy(mdfso->arena);
-
-#ifdef DEBUG
- (void)nss_ckmdFindSessionObjects_remove_pointer(mdFindObjects);
-#endif /* DEBUG */
-
- return;
-}
-
-static NSSCKMDObject *
-nss_ckmdFindSessionObjects_Next
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
-{
- nssCKMDFindSessionObjects *mdfso;
- NSSCKMDObject *rv = (NSSCKMDObject *)NULL;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects) ) {
- return (NSSCKMDObject *)NULL;
- }
-#endif /* NSSDEBUG */
-
- mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc;
-
- while( (NSSCKMDObject *)NULL == rv ) {
- if( (struct nodeStr *)NULL == mdfso->list ) {
- *pError = CKR_OK;
- return (NSSCKMDObject *)NULL;
- }
-
- if( nssCKFWHash_Exists(mdfso->hash, mdfso->list->mdObject) ) {
- rv = mdfso->list->mdObject;
- }
-
- mdfso->list = mdfso->list->next;
- }
-
- return rv;
-}
diff --git a/security/nss/lib/ckfw/slot.c b/security/nss/lib/ckfw/slot.c
deleted file mode 100644
index 6530f04d3..000000000
--- a/security/nss/lib/ckfw/slot.c
+++ /dev/null
@@ -1,753 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * slot.c
- *
- * This file implements the NSSCKFWSlot type and methods.
- */
-
-#ifndef CK_T
-#include "ck.h"
-#endif /* CK_T */
-
-/*
- * NSSCKFWSlot
- *
- * -- create/destroy --
- * nssCKFWSlot_Create
- * nssCKFWSlot_Destroy
- *
- * -- public accessors --
- * NSSCKFWSlot_GetMDSlot
- * NSSCKFWSlot_GetFWInstance
- * NSSCKFWSlot_GetMDInstance
- *
- * -- implement public accessors --
- * nssCKFWSlot_GetMDSlot
- * nssCKFWSlot_GetFWInstance
- * nssCKFWSlot_GetMDInstance
- *
- * -- private accessors --
- * nssCKFWSlot_GetSlotID
- * nssCKFWSlot_ClearToken
- *
- * -- module fronts --
- * nssCKFWSlot_GetSlotDescription
- * nssCKFWSlot_GetManufacturerID
- * nssCKFWSlot_GetTokenPresent
- * nssCKFWSlot_GetRemovableDevice
- * nssCKFWSlot_GetHardwareSlot
- * nssCKFWSlot_GetHardwareVersion
- * nssCKFWSlot_GetFirmwareVersion
- * nssCKFWSlot_InitToken
- * nssCKFWSlot_GetToken
- */
-
-struct NSSCKFWSlotStr {
- NSSCKFWMutex *mutex;
- NSSCKMDSlot *mdSlot;
- NSSCKFWInstance *fwInstance;
- NSSCKMDInstance *mdInstance;
- CK_SLOT_ID slotID;
-
- /*
- * Everything above is set at creation time, and then not modified.
- * The invariants the mutex protects are:
- *
- * 1) Each of the cached descriptions (versions, etc.) are in an
- * internally consistant state.
- *
- * 2) The fwToken points to the token currently in the slot, and
- * it is in a consistant state.
- *
- * Note that the calls accessing the cached descriptions will
- * call the NSSCKMDSlot methods with the mutex locked. Those
- * methods may then call the public NSSCKFWSlot routines. Those
- * public routines only access the constant data above, so there's
- * no problem. But be careful if you add to this object; mutexes
- * are in general not reentrant, so don't create deadlock situations.
- */
-
- NSSUTF8 *slotDescription;
- NSSUTF8 *manufacturerID;
- CK_VERSION hardwareVersion;
- CK_VERSION firmwareVersion;
- NSSCKFWToken *fwToken;
-};
-
-#ifdef DEBUG
-/*
- * But first, the pointer-tracking stuff.
- *
- * NOTE: the pointer-tracking support in NSS/base currently relies
- * upon NSPR's CallOnce support. That, however, relies upon NSPR's
- * locking, which is tied into the runtime. We need a pointer-tracker
- * implementation that uses the locks supplied through C_Initialize.
- * That support, however, can be filled in later. So for now, I'll
- * just do this routines as no-ops.
- */
-
-static CK_RV
-slot_add_pointer
-(
- const NSSCKFWSlot *fwSlot
-)
-{
- return CKR_OK;
-}
-
-static CK_RV
-slot_remove_pointer
-(
- const NSSCKFWSlot *fwSlot
-)
-{
- return CKR_OK;
-}
-
-NSS_IMPLEMENT CK_RV
-nssCKFWSlot_verifyPointer
-(
- const NSSCKFWSlot *fwSlot
-)
-{
- return CKR_OK;
-}
-
-#endif /* DEBUG */
-
-/*
- * nssCKFWSlot_Create
- *
- */
-NSS_IMPLEMENT NSSCKFWSlot *
-nssCKFWSlot_Create
-(
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *mdSlot,
- CK_SLOT_ID slotID,
- CK_RV *pError
-)
-{
- NSSCKFWSlot *fwSlot;
- NSSCKMDInstance *mdInstance;
- NSSArena *arena;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWSlot *)NULL;
- }
-
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSlot *)NULL;
- }
-#endif /* NSSDEBUG */
-
- mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
- if( (NSSCKMDInstance *)NULL == mdInstance ) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWSlot *)NULL;
- }
-
- arena = nssCKFWInstance_GetArena(fwInstance, pError);
- if( (NSSArena *)NULL == arena ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- }
-
- fwSlot = nss_ZNEW(arena, NSSCKFWSlot);
- if( (NSSCKFWSlot *)NULL == fwSlot ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWSlot *)NULL;
- }
-
- fwSlot->mdSlot = mdSlot;
- fwSlot->fwInstance = fwInstance;
- fwSlot->mdInstance = mdInstance;
- fwSlot->slotID = slotID;
-
- fwSlot->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
- if( (NSSCKFWMutex *)NULL == fwSlot->mutex ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- (void)nss_ZFreeIf(fwSlot);
- return (NSSCKFWSlot *)NULL;
- }
-
- if( (void *)NULL != (void *)mdSlot->Initialize ) {
- *pError = CKR_OK;
- *pError = mdSlot->Initialize(mdSlot, fwSlot, mdInstance, fwInstance);
- if( CKR_OK != *pError ) {
- (void)nssCKFWMutex_Destroy(fwSlot->mutex);
- (void)nss_ZFreeIf(fwSlot);
- return (NSSCKFWSlot *)NULL;
- }
- }
-
-#ifdef DEBUG
- *pError = slot_add_pointer(fwSlot);
- if( CKR_OK != *pError ) {
- if( (void *)NULL != (void *)mdSlot->Destroy ) {
- mdSlot->Destroy(mdSlot, fwSlot, mdInstance, fwInstance);
- }
-
- (void)nssCKFWMutex_Destroy(fwSlot->mutex);
- (void)nss_ZFreeIf(fwSlot);
- return (NSSCKFWSlot *)NULL;
- }
-#endif /* DEBUG */
-
- return fwSlot;
-}
-
-/*
- * nssCKFWSlot_Destroy
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSlot_Destroy
-(
- NSSCKFWSlot *fwSlot
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- error = nssCKFWSlot_verifyPointer(fwSlot);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- (void)nssCKFWMutex_Destroy(fwSlot->mutex);
-
- if( (void *)NULL != (void *)fwSlot->mdSlot->Destroy ) {
- fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot,
- fwSlot->mdInstance, fwSlot->fwInstance);
- }
-
-#ifdef DEBUG
- error = slot_remove_pointer(fwSlot);
-#endif /* DEBUG */
- (void)nss_ZFreeIf(fwSlot);
- return error;
-}
-
-/*
- * nssCKFWSlot_GetMDSlot
- *
- */
-NSS_IMPLEMENT NSSCKMDSlot *
-nssCKFWSlot_GetMDSlot
-(
- NSSCKFWSlot *fwSlot
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKMDSlot *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwSlot->mdSlot;
-}
-
-/*
- * nssCKFWSlot_GetFWInstance
- *
- */
-
-NSS_IMPLEMENT NSSCKFWInstance *
-nssCKFWSlot_GetFWInstance
-(
- NSSCKFWSlot *fwSlot
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKFWInstance *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwSlot->fwInstance;
-}
-
-/*
- * nssCKFWSlot_GetMDInstance
- *
- */
-
-NSS_IMPLEMENT NSSCKMDInstance *
-nssCKFWSlot_GetMDInstance
-(
- NSSCKFWSlot *fwSlot
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKMDInstance *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwSlot->mdInstance;
-}
-
-/*
- * nssCKFWSlot_GetSlotID
- *
- */
-NSS_IMPLEMENT CK_SLOT_ID
-nssCKFWSlot_GetSlotID
-(
- NSSCKFWSlot *fwSlot
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (CK_SLOT_ID)0;
- }
-#endif /* NSSDEBUG */
-
- return fwSlot->slotID;
-}
-
-/*
- * nssCKFWSlot_GetSlotDescription
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSlot_GetSlotDescription
-(
- NSSCKFWSlot *fwSlot,
- CK_CHAR slotDescription[64]
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == slotDescription ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- error = nssCKFWSlot_verifyPointer(fwSlot);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwSlot->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSUTF8 *)NULL == fwSlot->slotDescription ) {
- if( (void *)NULL != (void *)fwSlot->mdSlot->GetSlotDescription ) {
- fwSlot->slotDescription = fwSlot->mdSlot->GetSlotDescription(
- fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
- fwSlot->fwInstance, &error);
- if( ((NSSUTF8 *)NULL == fwSlot->slotDescription) && (CKR_OK != error) ) {
- goto done;
- }
- } else {
- fwSlot->slotDescription = "";
- }
- }
-
- (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->slotDescription, slotDescription, 64, ' ');
- error = CKR_OK;
-
- done:
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return error;
-}
-
-/*
- * nssCKFWSlot_GetManufacturerID
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWSlot_GetManufacturerID
-(
- NSSCKFWSlot *fwSlot,
- CK_CHAR manufacturerID[32]
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == manufacturerID ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- error = nssCKFWSlot_verifyPointer(fwSlot);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwSlot->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSUTF8 *)NULL == fwSlot->manufacturerID ) {
- if( (void *)NULL != (void *)fwSlot->mdSlot->GetManufacturerID ) {
- fwSlot->manufacturerID = fwSlot->mdSlot->GetManufacturerID(
- fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
- fwSlot->fwInstance, &error);
- if( ((NSSUTF8 *)NULL == fwSlot->manufacturerID) && (CKR_OK != error) ) {
- goto done;
- }
- } else {
- fwSlot->manufacturerID = "";
- }
- }
-
- (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->manufacturerID, manufacturerID, 32, ' ');
- error = CKR_OK;
-
- done:
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return error;
-}
-
-/*
- * nssCKFWSlot_GetTokenPresent
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWSlot_GetTokenPresent
-(
- NSSCKFWSlot *fwSlot
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwSlot->mdSlot->GetTokenPresent ) {
- return CK_TRUE;
- }
-
- return fwSlot->mdSlot->GetTokenPresent(fwSlot->mdSlot, fwSlot,
- fwSlot->mdInstance, fwSlot->fwInstance);
-}
-
-/*
- * nssCKFWSlot_GetRemovableDevice
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWSlot_GetRemovableDevice
-(
- NSSCKFWSlot *fwSlot
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwSlot->mdSlot->GetRemovableDevice ) {
- return CK_FALSE;
- }
-
- return fwSlot->mdSlot->GetRemovableDevice(fwSlot->mdSlot, fwSlot,
- fwSlot->mdInstance, fwSlot->fwInstance);
-}
-
-/*
- * nssCKFWSlot_GetHardwareSlot
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWSlot_GetHardwareSlot
-(
- NSSCKFWSlot *fwSlot
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwSlot->mdSlot->GetHardwareSlot ) {
- return CK_FALSE;
- }
-
- return fwSlot->mdSlot->GetHardwareSlot(fwSlot->mdSlot, fwSlot,
- fwSlot->mdInstance, fwSlot->fwInstance);
-}
-
-/*
- * nssCKFWSlot_GetHardwareVersion
- *
- */
-NSS_IMPLEMENT CK_VERSION
-nssCKFWSlot_GetHardwareVersion
-(
- NSSCKFWSlot *fwSlot
-)
-{
- CK_VERSION rv;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-
- if( (0 != fwSlot->hardwareVersion.major) ||
- (0 != fwSlot->hardwareVersion.minor) ) {
- rv = fwSlot->hardwareVersion;
- goto done;
- }
-
- if( (void *)NULL != (void *)fwSlot->mdSlot->GetHardwareVersion ) {
- fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion(
- fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
- } else {
- fwSlot->hardwareVersion.major = 0;
- fwSlot->hardwareVersion.minor = 1;
- }
-
- rv = fwSlot->hardwareVersion;
- done:
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return rv;
-}
-
-/*
- * nssCKFWSlot_GetFirmwareVersion
- *
- */
-NSS_IMPLEMENT CK_VERSION
-nssCKFWSlot_GetFirmwareVersion
-(
- NSSCKFWSlot *fwSlot
-)
-{
- CK_VERSION rv;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-
- if( (0 != fwSlot->firmwareVersion.major) ||
- (0 != fwSlot->firmwareVersion.minor) ) {
- rv = fwSlot->firmwareVersion;
- goto done;
- }
-
- if( (void *)NULL != (void *)fwSlot->mdSlot->GetFirmwareVersion ) {
- fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion(
- fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
- } else {
- fwSlot->firmwareVersion.major = 0;
- fwSlot->firmwareVersion.minor = 1;
- }
-
- rv = fwSlot->firmwareVersion;
- done:
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return rv;
-}
-
-/*
- * nssCKFWSlot_GetToken
- *
- */
-NSS_IMPLEMENT NSSCKFWToken *
-nssCKFWSlot_GetToken
-(
- NSSCKFWSlot *fwSlot,
- CK_RV *pError
-)
-{
- NSSCKMDToken *mdToken;
- NSSCKFWToken *fwToken;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWToken *)NULL;
- }
-
- *pError = nssCKFWSlot_verifyPointer(fwSlot);
- if( CKR_OK != *pError ) {
- return (NSSCKFWToken *)NULL;
- }
-#endif /* NSSDEBUG */
-
- *pError = nssCKFWMutex_Lock(fwSlot->mutex);
- if( CKR_OK != *pError ) {
- return (NSSCKFWToken *)NULL;
- }
-
- if( (NSSCKFWToken *)NULL == fwSlot->fwToken ) {
- if( (void *)NULL == (void *)fwSlot->mdSlot->GetToken ) {
- *pError = CKR_GENERAL_ERROR;
- fwToken = (NSSCKFWToken *)NULL;
- goto done;
- }
-
- mdToken = fwSlot->mdSlot->GetToken(fwSlot->mdSlot, fwSlot,
- fwSlot->mdInstance, fwSlot->fwInstance, pError);
- if( (NSSCKMDToken *)NULL == mdToken ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWToken *)NULL;
- }
-
- fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError);
- fwSlot->fwToken = fwToken;
- } else {
- fwToken = fwSlot->fwToken;
- }
-
- done:
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return fwToken;
-}
-
-/*
- * nssCKFWSlot_ClearToken
- *
- */
-NSS_IMPLEMENT void
-nssCKFWSlot_ClearToken
-(
- NSSCKFWSlot *fwSlot
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) {
- /* Now what? */
- return;
- }
-
- fwSlot->fwToken = (NSSCKFWToken *)NULL;
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return;
-}
-
-/*
- * NSSCKFWSlot_GetMDSlot
- *
- */
-
-NSS_IMPLEMENT NSSCKMDSlot *
-NSSCKFWSlot_GetMDSlot
-(
- NSSCKFWSlot *fwSlot
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKMDSlot *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWSlot_GetMDSlot(fwSlot);
-}
-
-/*
- * NSSCKFWSlot_GetFWInstance
- *
- */
-
-NSS_IMPLEMENT NSSCKFWInstance *
-NSSCKFWSlot_GetFWInstance
-(
- NSSCKFWSlot *fwSlot
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKFWInstance *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWSlot_GetFWInstance(fwSlot);
-}
-
-/*
- * NSSCKFWSlot_GetMDInstance
- *
- */
-
-NSS_IMPLEMENT NSSCKMDInstance *
-NSSCKFWSlot_GetMDInstance
-(
- NSSCKFWSlot *fwSlot
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKMDInstance *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWSlot_GetMDInstance(fwSlot);
-}
diff --git a/security/nss/lib/ckfw/token.c b/security/nss/lib/ckfw/token.c
deleted file mode 100644
index a5e30898c..000000000
--- a/security/nss/lib/ckfw/token.c
+++ /dev/null
@@ -1,1864 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * token.c
- *
- * This file implements the NSSCKFWToken type and methods.
- */
-
-#ifndef CK_T
-#include "ck.h"
-#endif /* CK_T */
-
-/*
- * NSSCKFWToken
- *
- * -- create/destroy --
- * nssCKFWToken_Create
- * nssCKFWToken_Destroy
- *
- * -- public accessors --
- * NSSCKFWToken_GetMDToken
- * NSSCKFWToken_GetFWSlot
- * NSSCKFWToken_GetMDSlot
- * NSSCKFWToken_GetSessionState
- *
- * -- implement public accessors --
- * nssCKFWToken_GetMDToken
- * nssCKFWToken_GetFWSlot
- * nssCKFWToken_GetMDSlot
- * nssCKFWToken_GetSessionState
- * nssCKFWToken_SetSessionState
- *
- * -- private accessors --
- * nssCKFWToken_SetSessionState
- * nssCKFWToken_RemoveSession
- * nssCKFWToken_CloseAllSessions
- * nssCKFWToken_GetSessionCount
- * nssCKFWToken_GetRwSessionCount
- * nssCKFWToken_GetRoSessionCount
- * nssCKFWToken_GetSessionObjectHash
- * nssCKFWToken_GetMDObjectHash
- * nssCKFWToken_GetObjectHandleHash
- *
- * -- module fronts --
- * nssCKFWToken_InitToken
- * nssCKFWToken_GetLabel
- * nssCKFWToken_GetManufacturerID
- * nssCKFWToken_GetModel
- * nssCKFWToken_GetSerialNumber
- * nssCKFWToken_GetHasRNG
- * nssCKFWToken_GetIsWriteProtected
- * nssCKFWToken_GetLoginRequired
- * nssCKFWToken_GetUserPinInitialized
- * nssCKFWToken_GetRestoreKeyNotNeeded
- * nssCKFWToken_GetHasClockOnToken
- * nssCKFWToken_GetHasProtectedAuthenticationPath
- * nssCKFWToken_GetSupportsDualCryptoOperations
- * nssCKFWToken_GetMaxSessionCount
- * nssCKFWToken_GetMaxRwSessionCount
- * nssCKFWToken_GetMaxPinLen
- * nssCKFWToken_GetMinPinLen
- * nssCKFWToken_GetTotalPublicMemory
- * nssCKFWToken_GetFreePublicMemory
- * nssCKFWToken_GetTotalPrivateMemory
- * nssCKFWToken_GetFreePrivateMemory
- * nssCKFWToken_GetHardwareVersion
- * nssCKFWToken_GetFirmwareVersion
- * nssCKFWToken_GetUTCTime
- * nssCKFWToken_OpenSession
- * nssCKFWToken_GetMechanismCount
- * nssCKFWToken_GetMechanismTypes
- * nssCKFWToken_GetMechanism
- */
-
-struct NSSCKFWTokenStr {
- NSSCKFWMutex *mutex;
- NSSArena *arena;
- NSSCKMDToken *mdToken;
- NSSCKFWSlot *fwSlot;
- NSSCKMDSlot *mdSlot;
- NSSCKFWInstance *fwInstance;
- NSSCKMDInstance *mdInstance;
-
- /*
- * Everything above is set at creation time, and then not modified.
- * The invariants the mutex protects are:
- *
- * 1) Each of the cached descriptions (versions, etc.) are in an
- * internally consistant state.
- *
- * 2) The session counts and hashes are consistant.
- *
- * 3) The object hashes are consistant.
- *
- * Note that the calls accessing the cached descriptions will call
- * the NSSCKMDToken methods with the mutex locked. Those methods
- * may then call the public NSSCKFWToken routines. Those public
- * routines only access the constant data above and the atomic
- * CK_STATE session state variable below, so there's no problem.
- * But be careful if you add to this object; mutexes are in
- * general not reentrant, so don't create deadlock situations.
- */
-
- NSSUTF8 *label;
- NSSUTF8 *manufacturerID;
- NSSUTF8 *model;
- NSSUTF8 *serialNumber;
- CK_VERSION hardwareVersion;
- CK_VERSION firmwareVersion;
-
- CK_ULONG sessionCount;
- CK_ULONG rwSessionCount;
- nssCKFWHash *sessions;
- nssCKFWHash *sessionObjectHash;
- nssCKFWHash *mdObjectHash;
-
- CK_STATE state;
-};
-
-#ifdef DEBUG
-/*
- * But first, the pointer-tracking stuff.
- *
- * NOTE: the pointer-tracking support in NSS/base currently relies
- * upon NSPR's CallOnce support. That, however, relies upon NSPR's
- * locking, which is tied into the runtime. We need a pointer-tracker
- * implementation that uses the locks supplied through C_Initialize.
- * That support, however, can be filled in later. So for now, I'll
- * just do this routines as no-ops.
- */
-
-static CK_RV
-token_add_pointer
-(
- const NSSCKFWToken *fwToken
-)
-{
- return CKR_OK;
-}
-
-static CK_RV
-token_remove_pointer
-(
- const NSSCKFWToken *fwToken
-)
-{
- return CKR_OK;
-}
-
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_verifyPointer
-(
- const NSSCKFWToken *fwToken
-)
-{
- return CKR_OK;
-}
-
-#endif /* DEBUG */
-
-/*
- * nssCKFWToken_Create
- *
- */
-NSS_IMPLEMENT NSSCKFWToken *
-nssCKFWToken_Create
-(
- NSSCKFWSlot *fwSlot,
- NSSCKMDToken *mdToken,
- CK_RV *pError
-)
-{
- NSSArena *arena = (NSSArena *)NULL;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- CK_BBOOL called_setup = CK_FALSE;
-
- /*
- * We have already verified the arguments in nssCKFWSlot_GetToken.
- */
-
- arena = NSSArena_Create();
- if( (NSSArena *)NULL == arena ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- fwToken = nss_ZNEW(arena, NSSCKFWToken);
- if( (NSSCKFWToken *)NULL == fwToken ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- fwToken->arena = arena;
- fwToken->mdToken = mdToken;
- fwToken->fwSlot = fwSlot;
- fwToken->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
- fwToken->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);
- fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
- fwToken->sessionCount = 0;
- fwToken->rwSessionCount = 0;
-
- fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError);
- if( (NSSCKFWMutex *)NULL == fwToken->mutex ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- goto loser;
- }
-
- fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError);
- if( (nssCKFWHash *)NULL == fwToken->sessions ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
- fwToken->fwInstance) ) {
- fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
- arena, pError);
- if( (nssCKFWHash *)NULL == fwToken->sessionObjectHash ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- goto loser;
- }
- }
-
- fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
- arena, pError);
- if( (nssCKFWHash *)NULL == fwToken->mdObjectHash ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- goto loser;
- }
-
- fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
- arena, pError);
- if( (nssCKFWHash *)NULL == fwToken->mdObjectHash ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- goto loser;
- }
-
- /* More here */
-
- if( (void *)NULL != (void *)mdToken->Setup ) {
- *pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
- if( CKR_OK != *pError ) {
- goto loser;
- }
- }
-
- called_setup = CK_TRUE;
-
-#ifdef DEBUG
- *pError = token_add_pointer(fwToken);
- if( CKR_OK != *pError ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- *pError = CKR_OK;
- return fwToken;
-
- loser:
-
- if( CK_TRUE == called_setup ) {
- if( (void *)NULL != (void *)mdToken->Invalidate ) {
- mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
- }
- }
-
- if( (NSSArena *)NULL != arena ) {
- (void)NSSArena_Destroy(arena);
- }
-
- return (NSSCKFWToken *)NULL;
-}
-
-/*
- * nssCKFWToken_Destroy
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_Destroy
-(
- NSSCKFWToken *fwToken
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- (void)nssCKFWMutex_Destroy(fwToken->mutex);
-
- if( (void *)NULL != (void *)fwToken->mdToken->Invalidate ) {
- fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
- }
-
- nssCKFWSlot_ClearToken(fwToken->fwSlot);
-
-#ifdef DEBUG
- error = token_remove_pointer(fwToken);
-#endif /* DEBUG */
-
- (void)NSSArena_Destroy(fwToken->arena);
- return error;
-}
-
-/*
- * nssCKFWToken_GetMDToken
- *
- */
-NSS_IMPLEMENT NSSCKMDToken *
-nssCKFWToken_GetMDToken
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKMDToken *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwToken->mdToken;
-}
-
-/*
- * nssCKFWToken_GetArena
- *
- */
-NSS_IMPLEMENT NSSArena *
-nssCKFWToken_GetArena
-(
- NSSCKFWToken *fwToken,
- CK_RV *pError
-)
-{
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSArena *)NULL;
- }
-
- *pError = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwToken->arena;
-}
-
-/*
- * nssCKFWToken_GetFWSlot
- *
- */
-NSS_IMPLEMENT NSSCKFWSlot *
-nssCKFWToken_GetFWSlot
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKFWSlot *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwToken->fwSlot;
-}
-
-/*
- * nssCKFWToken_GetMDSlot
- *
- */
-NSS_IMPLEMENT NSSCKMDSlot *
-nssCKFWToken_GetMDSlot
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKMDSlot *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwToken->mdSlot;
-}
-
-/*
- * nssCKFWToken_GetSessionState
- *
- */
-NSS_IMPLEMENT CK_STATE
-nssCKFWToken_GetSessionState
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CKS_RO_PUBLIC_SESSION; /* whatever */
- }
-#endif /* NSSDEBUG */
-
- /*
- * BTW, do not lock the token in this method.
- */
-
- /*
- * Theoretically, there is no state if there aren't any
- * sessions open. But then we'd need to worry about
- * reporting an error, etc. What the heck-- let's just
- * revert to CKR_RO_PUBLIC_SESSION as the "default."
- */
-
- return fwToken->state;
-}
-
-/*
- * nssCKFWToken_InitToken
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_InitToken
-(
- NSSCKFWToken *fwToken,
- NSSItem *pin,
- NSSUTF8 *label
-)
-{
- CK_RV error;
-
-#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return CKR_ARGUMENTS_BAD;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( fwToken->sessionCount > 0 ) {
- error = CKR_SESSION_EXISTS;
- goto done;
- }
-
- if( (void *)NULL == (void *)fwToken->mdToken->InitToken ) {
- error = CKR_DEVICE_ERROR;
- goto done;
- }
-
- if( (NSSItem *)NULL == pin ) {
- if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) {
- ; /* okay */
- } else {
- error = CKR_PIN_INCORRECT;
- goto done;
- }
- }
-
- if( (NSSUTF8 *)NULL == label ) {
- label = "";
- }
-
- error = fwToken->mdToken->InitToken(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, pin, label);
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
-}
-
-/*
- * nssCKFWToken_GetLabel
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetLabel
-(
- NSSCKFWToken *fwToken,
- CK_CHAR label[32]
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == label ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSUTF8 *)NULL == fwToken->label ) {
- if( (void *)NULL != (void *)fwToken->mdToken->GetLabel ) {
- fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, &error);
- if( ((NSSUTF8 *)NULL == fwToken->label) && (CKR_OK != error) ) {
- goto done;
- }
- } else {
- fwToken->label = "";
- }
- }
-
- (void)nssUTF8_CopyIntoFixedBuffer(fwToken->label, label, 32, ' ');
- error = CKR_OK;
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
-}
-
-/*
- * nssCKFWToken_GetManufacturerID
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetManufacturerID
-(
- NSSCKFWToken *fwToken,
- CK_CHAR manufacturerID[32]
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == manufacturerID ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSUTF8 *)NULL == fwToken->manufacturerID ) {
- if( (void *)NULL != (void *)fwToken->mdToken->GetManufacturerID ) {
- fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken,
- fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
- if( ((NSSUTF8 *)NULL == fwToken->manufacturerID) && (CKR_OK != error) ) {
- goto done;
- }
- } else {
- fwToken->manufacturerID = "";
- }
- }
-
- (void)nssUTF8_CopyIntoFixedBuffer(fwToken->manufacturerID, manufacturerID, 32, ' ');
- error = CKR_OK;
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
-}
-
-/*
- * nssCKFWToken_GetModel
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetModel
-(
- NSSCKFWToken *fwToken,
- CK_CHAR model[16]
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == model ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSUTF8 *)NULL == fwToken->model ) {
- if( (void *)NULL != (void *)fwToken->mdToken->GetModel ) {
- fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, &error);
- if( ((NSSUTF8 *)NULL == fwToken->model) && (CKR_OK != error) ) {
- goto done;
- }
- } else {
- fwToken->model = "";
- }
- }
-
- (void)nssUTF8_CopyIntoFixedBuffer(fwToken->model, model, 16, ' ');
- error = CKR_OK;
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
-}
-
-/*
- * nssCKFWToken_GetSerialNumber
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetSerialNumber
-(
- NSSCKFWToken *fwToken,
- CK_CHAR serialNumber[16]
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == serialNumber ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (NSSUTF8 *)NULL == fwToken->serialNumber ) {
- if( (void *)NULL != (void *)fwToken->mdToken->GetSerialNumber ) {
- fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken,
- fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
- if( ((NSSUTF8 *)NULL == fwToken->serialNumber) && (CKR_OK != error) ) {
- goto done;
- }
- } else {
- fwToken->serialNumber = "";
- }
- }
-
- (void)nssUTF8_CopyIntoFixedBuffer(fwToken->serialNumber, serialNumber, 16, ' ');
- error = CKR_OK;
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
-}
-
-
-/*
- * nssCKFWToken_GetHasRNG
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetHasRNG
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetHasRNG ) {
- return CK_FALSE;
- }
-
- return fwToken->mdToken->GetHasRNG(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetIsWriteProtected
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetIsWriteProtected
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetIsWriteProtected ) {
- return CK_FALSE;
- }
-
- return fwToken->mdToken->GetIsWriteProtected(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetLoginRequired
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetLoginRequired
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetLoginRequired ) {
- return CK_FALSE;
- }
-
- return fwToken->mdToken->GetLoginRequired(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetUserPinInitialized
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetUserPinInitialized
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetUserPinInitialized ) {
- return CK_FALSE;
- }
-
- return fwToken->mdToken->GetUserPinInitialized(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetRestoreKeyNotNeeded
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetRestoreKeyNotNeeded
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetRestoreKeyNotNeeded ) {
- return CK_FALSE;
- }
-
- return fwToken->mdToken->GetRestoreKeyNotNeeded(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetHasClockOnToken
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetHasClockOnToken
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetHasClockOnToken ) {
- return CK_FALSE;
- }
-
- return fwToken->mdToken->GetHasClockOnToken(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetHasProtectedAuthenticationPath
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetHasProtectedAuthenticationPath
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetHasProtectedAuthenticationPath ) {
- return CK_FALSE;
- }
-
- return fwToken->mdToken->GetHasProtectedAuthenticationPath(fwToken->mdToken,
- fwToken, fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetSupportsDualCryptoOperations
- *
- */
-NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetSupportsDualCryptoOperations
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetSupportsDualCryptoOperations ) {
- return CK_FALSE;
- }
-
- return fwToken->mdToken->GetSupportsDualCryptoOperations(fwToken->mdToken,
- fwToken, fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetMaxSessionCount
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetMaxSessionCount
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetMaxSessionCount ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-
- return fwToken->mdToken->GetMaxSessionCount(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetMaxRwSessionCount
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetMaxRwSessionCount
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetMaxRwSessionCount ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-
- return fwToken->mdToken->GetMaxRwSessionCount(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetMaxPinLen
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetMaxPinLen
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetMaxPinLen ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-
- return fwToken->mdToken->GetMaxPinLen(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetMinPinLen
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetMinPinLen
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetMinPinLen ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-
- return fwToken->mdToken->GetMinPinLen(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetTotalPublicMemory
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetTotalPublicMemory
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetTotalPublicMemory ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-
- return fwToken->mdToken->GetTotalPublicMemory(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetFreePublicMemory
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetFreePublicMemory
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetFreePublicMemory ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-
- return fwToken->mdToken->GetFreePublicMemory(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetTotalPrivateMemory
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetTotalPrivateMemory
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetTotalPrivateMemory ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-
- return fwToken->mdToken->GetTotalPrivateMemory(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetFreePrivateMemory
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetFreePrivateMemory
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetFreePrivateMemory ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
-
- return fwToken->mdToken->GetFreePrivateMemory(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetHardwareVersion
- *
- */
-NSS_IMPLEMENT CK_VERSION
-nssCKFWToken_GetHardwareVersion
-(
- NSSCKFWToken *fwToken
-)
-{
- CK_VERSION rv;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-
- if( (0 != fwToken->hardwareVersion.major) ||
- (0 != fwToken->hardwareVersion.minor) ) {
- rv = fwToken->hardwareVersion;
- goto done;
- }
-
- if( (void *)NULL != (void *)fwToken->mdToken->GetHardwareVersion ) {
- fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion(
- fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
- } else {
- fwToken->hardwareVersion.major = 0;
- fwToken->hardwareVersion.minor = 1;
- }
-
- rv = fwToken->hardwareVersion;
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return rv;
-}
-
-/*
- * nssCKFWToken_GetFirmwareVersion
- *
- */
-NSS_IMPLEMENT CK_VERSION
-nssCKFWToken_GetFirmwareVersion
-(
- NSSCKFWToken *fwToken
-)
-{
- CK_VERSION rv;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
-
- if( (0 != fwToken->firmwareVersion.major) ||
- (0 != fwToken->firmwareVersion.minor) ) {
- rv = fwToken->firmwareVersion;
- goto done;
- }
-
- if( (void *)NULL != (void *)fwToken->mdToken->GetFirmwareVersion ) {
- fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion(
- fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
- } else {
- fwToken->firmwareVersion.major = 0;
- fwToken->firmwareVersion.minor = 1;
- }
-
- rv = fwToken->firmwareVersion;
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return rv;
-}
-
-/*
- * nssCKFWToken_GetUTCTime
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetUTCTime
-(
- NSSCKFWToken *fwToken,
- CK_CHAR utcTime[16]
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( (CK_CHAR_PTR)NULL == utcTime ) {
- return CKR_ARGUMENTS_BAD;
- }
-#endif /* DEBUG */
-
- if( CK_TRUE != nssCKFWToken_GetHasClockOnToken(fwToken) ) {
- /* return CKR_DEVICE_ERROR; */
- (void)nssUTF8_CopyIntoFixedBuffer((NSSUTF8 *)NULL, utcTime, 16, ' ');
- return CKR_OK;
- }
-
- if( (void *)NULL == (void *)fwToken->mdToken->GetUTCTime ) {
- /* It said it had one! */
- return CKR_GENERAL_ERROR;
- }
-
- error = fwToken->mdToken->GetUTCTime(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, utcTime);
- if( CKR_OK != error ) {
- return error;
- }
-
- /* Sanity-check the data */
- {
- /* Format is YYYYMMDDhhmmss00 */
- int i;
- int Y, M, D, h, m, s, z;
- static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
-
- for( i = 0; i < 16; i++ ) {
- if( (utcTime[i] < '0') || (utcTime[i] > '9') ) {
- goto badtime;
- }
- }
-
- Y = ((utcTime[ 0] - '0') * 1000) + ((utcTime[1] - '0') * 100) +
- ((utcTime[ 2] - '0') * 10) + (utcTime[ 3] - '0');
- M = ((utcTime[ 4] - '0') * 10) + (utcTime[ 5] - '0');
- D = ((utcTime[ 6] - '0') * 10) + (utcTime[ 7] - '0');
- h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0');
- m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0');
- s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0');
- z = ((utcTime[14] - '0') * 10) + (utcTime[15] - '0');
-
- if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */
- if( (M < 1) || (M > 12) ) goto badtime;
- if( (D < 1) || (D > 31) ) goto badtime;
-
- if( D > dims[M-1] ) goto badtime; /* per-month check */
- if( (2 == M) && (((Y%4)||!(Y%100))&&(Y%400)) && (D > 28) ) goto badtime; /* leap years */
-
- if( (h < 0) || (h > 23) ) goto badtime;
- if( (m < 0) || (m > 60) ) goto badtime;
- if( (s < 0) || (s > 61) ) goto badtime;
-
- /* 60m and 60 or 61s is only allowed for leap seconds. */
- if( (60 == m) || (s >= 60) ) {
- if( (23 != h) || (60 != m) || (s < 60) ) goto badtime;
- /* leap seconds can only happen on June 30 or Dec 31.. I think */
- /* if( ((6 != M) || (30 != D)) && ((12 != M) || (31 != D)) ) goto badtime; */
- }
- }
-
- return CKR_OK;
-
- badtime:
- return CKR_GENERAL_ERROR;
-}
-
-/*
- * nssCKFWToken_OpenSession
- *
- */
-NSS_IMPLEMENT NSSCKFWSession *
-nssCKFWToken_OpenSession
-(
- NSSCKFWToken *fwToken,
- CK_BBOOL rw,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_RV *pError
-)
-{
- NSSCKFWSession *fwSession = (NSSCKFWSession *)NULL;
- NSSCKMDSession *mdSession;
-
-#ifdef NSSDEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSCKFWSession *)NULL;
- }
-
- *pError = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSession *)NULL;
- }
-
- switch( rw ) {
- case CK_TRUE:
- case CK_FALSE:
- break;
- default:
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWSession *)NULL;
- }
-#endif /* NSSDEBUG */
-
- *pError = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSession *)NULL;
- }
-
- if( CK_TRUE == rw ) {
- /* Read-write session desired */
- if( CK_TRUE != nssCKFWToken_GetIsWriteProtected(fwToken) ) {
- *pError = CKR_TOKEN_WRITE_PROTECTED;
- goto done;
- }
- } else {
- /* Read-only session desired */
- if( CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken) ) {
- *pError = CKR_SESSION_READ_WRITE_SO_EXISTS;
- goto done;
- }
- }
-
- /* We could compare sesion counts to any limits we know of, I guess.. */
-
- if( (void *)NULL == (void *)fwToken->mdToken->OpenSession ) {
- /*
- * I'm not sure that the Module actually needs to implement
- * mdSessions -- the Framework can keep track of everything
- * needed, really. But I'll sort out that detail later..
- */
- *pError = CKR_GENERAL_ERROR;
- goto done;
- }
-
- fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- goto done;
- }
-
- mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, fwSession,
- rw, pError);
- if( (NSSCKMDSession *)NULL == mdSession ) {
- (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- goto done;
- }
-
- *pError = nssCKFWSession_SetMDSession(fwSession, mdSession);
- if( CKR_OK != *pError ) {
- if( (void *)NULL != (void *)mdSession->Close ) {
- mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
- }
- (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
- goto done;
- }
-
- *pError = nssCKFWHash_Add(fwToken->sessions, fwSession, fwSession);
- if( CKR_OK != *pError ) {
- (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
- fwSession = (NSSCKFWSession *)NULL;
- goto done;
- }
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return fwSession;
-}
-
-/*
- * nssCKFWToken_GetMechanismCount
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetMechanismCount
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return 0;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == fwToken->mdToken->GetMechanismCount ) {
- return 0;
- }
-
- return fwToken->mdToken->GetMechanismCount(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
-}
-
-/*
- * nssCKFWToken_GetMechanismTypes
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetMechanismTypes
-(
- NSSCKFWToken *fwToken,
- CK_MECHANISM_TYPE types[]
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if( (CK_MECHANISM_TYPE *)NULL == types ) {
- return CKR_ARGUMENTS_BAD;
- }
-#endif /* NSSDEBUG */
-
- if( (void *)NULL == fwToken->mdToken->GetMechanismTypes ) {
- /*
- * This should only be called with a sufficiently-large
- * "types" array, which can only be done if GetMechanismCount
- * is implemented. If that's implemented (and returns nonzero),
- * then this should be too. So return an error.
- */
- return CKR_GENERAL_ERROR;
- }
-
- return fwToken->mdToken->GetMechanismTypes(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, types);
-}
-
-
-/*
- * nssCKFWToken_GetMechanism
- *
- */
-NSS_IMPLEMENT NSSCKFWMechanism *
-nssCKFWToken_GetMechanism
-(
- NSSCKFWToken *fwToken,
- CK_MECHANISM_TYPE which,
- CK_RV *pError
-)
-{
- /* XXX fgmr */
- return (NSSCKFWMechanism *)NULL;
-}
-
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_SetSessionState
-(
- NSSCKFWToken *fwToken,
- CK_STATE newState
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
-
- switch( newState ) {
- case CKS_RO_PUBLIC_SESSION:
- case CKS_RO_USER_FUNCTIONS:
- case CKS_RW_PUBLIC_SESSION:
- case CKS_RW_USER_FUNCTIONS:
- case CKS_RW_SO_FUNCTIONS:
- break;
- default:
- return CKR_ARGUMENTS_BAD;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- fwToken->state = newState;
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return CKR_OK;
-}
-
-/*
- * nssCKFWToken_RemoveSession
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_RemoveSession
-(
- NSSCKFWToken *fwToken,
- NSSCKFWSession *fwSession
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
-
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( CK_TRUE != nssCKFWHash_Exists(fwToken->sessions, fwSession) ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto done;
- }
-
- nssCKFWHash_Remove(fwToken->sessions, fwSession);
- fwToken->sessionCount--;
-
- if( nssCKFWSession_IsRWSession(fwSession) ) {
- fwToken->rwSessionCount--;
- }
-
- if( 0 == fwToken->sessionCount ) {
- fwToken->rwSessionCount = 0; /* sanity */
- fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
- }
-
- error = CKR_OK;
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
-}
-
-static void
-nss_ckfwtoken_session_iterator
-(
- const void *key,
- void *value,
- void *closure
-)
-{
- /*
- * Remember that the fwToken->mutex is locked
- */
- NSSCKFWSession *fwSession = (NSSCKFWSession *)value;
- (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
- return;
-}
-
-/*
- * nssCKFWToken_CloseAllSessions
- *
- */
-NSS_IMPLEMENT CK_RV
-nssCKFWToken_CloseAllSessions
-(
- NSSCKFWToken *fwToken
-)
-{
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
-#endif /* NSSDEBUG */
-
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, (void *)NULL);
-
- nssCKFWHash_Destroy(fwToken->sessions);
-
- fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error);
- if( (nssCKFWHash *)NULL == fwToken->sessions ) {
- if( CKR_OK == error ) {
- error = CKR_GENERAL_ERROR;
- }
- goto done;
- }
-
- fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
- fwToken->sessionCount = 0;
- fwToken->rwSessionCount = 0;
-
- error = CKR_OK;
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
-}
-
-/*
- * nssCKFWToken_GetSessionCount
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetSessionCount
-(
- NSSCKFWToken *fwToken
-)
-{
- CK_ULONG rv;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (CK_ULONG)0;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
- return (CK_ULONG)0;
- }
-
- rv = fwToken->sessionCount;
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return rv;
-}
-
-/*
- * nssCKFWToken_GetRwSessionCount
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetRwSessionCount
-(
- NSSCKFWToken *fwToken
-)
-{
- CK_ULONG rv;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (CK_ULONG)0;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
- return (CK_ULONG)0;
- }
-
- rv = fwToken->rwSessionCount;
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return rv;
-}
-
-/*
- * nssCKFWToken_GetRoSessionCount
- *
- */
-NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetRoSessionCount
-(
- NSSCKFWToken *fwToken
-)
-{
- CK_ULONG rv;
-
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (CK_ULONG)0;
- }
-#endif /* NSSDEBUG */
-
- if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
- return (CK_ULONG)0;
- }
-
- rv = fwToken->sessionCount - fwToken->rwSessionCount;
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return rv;
-}
-
-/*
- * nssCKFWToken_GetSessionObjectHash
- *
- */
-NSS_IMPLEMENT nssCKFWHash *
-nssCKFWToken_GetSessionObjectHash
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (nssCKFWHash *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwToken->sessionObjectHash;
-}
-
-/*
- * nssCKFWToken_GetMDObjectHash
- *
- */
-NSS_IMPLEMENT nssCKFWHash *
-nssCKFWToken_GetMDObjectHash
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (nssCKFWHash *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwToken->mdObjectHash;
-}
-
-/*
- * nssCKFWToken_GetObjectHandleHash
- *
- */
-NSS_IMPLEMENT nssCKFWHash *
-nssCKFWToken_GetObjectHandleHash
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (nssCKFWHash *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return fwToken->mdObjectHash;
-}
-
-/*
- * NSSCKFWToken_GetMDToken
- *
- */
-
-NSS_IMPLEMENT NSSCKMDToken *
-NSSCKFWToken_GetMDToken
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKMDToken *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWToken_GetMDToken(fwToken);
-}
-
-/*
- * NSSCKFWToken_GetArena
- *
- */
-
-NSS_IMPLEMENT NSSArena *
-NSSCKFWToken_GetArena
-(
- NSSCKFWToken *fwToken,
- CK_RV *pError
-)
-{
-#ifdef DEBUG
- if( (CK_RV *)NULL == pError ) {
- return (NSSArena *)NULL;
- }
-
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSArena *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWToken_GetArena(fwToken, pError);
-}
-
-/*
- * NSSCKFWToken_GetFWSlot
- *
- */
-
-NSS_IMPLEMENT NSSCKFWSlot *
-NSSCKFWToken_GetFWSlot
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKFWSlot *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWToken_GetFWSlot(fwToken);
-}
-
-/*
- * NSSCKFWToken_GetMDSlot
- *
- */
-
-NSS_IMPLEMENT NSSCKMDSlot *
-NSSCKFWToken_GetMDSlot
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKMDSlot *)NULL;
- }
-#endif /* DEBUG */
-
- return nssCKFWToken_GetMDSlot(fwToken);
-}
-
-/*
- * NSSCKFWToken_GetSessionState
- *
- */
-
-NSS_IMPLEMENT CK_STATE
-NSSCKFWSession_GetSessionState
-(
- NSSCKFWToken *fwToken
-)
-{
-#ifdef DEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CKS_RO_PUBLIC_SESSION;
- }
-#endif /* DEBUG */
-
- return nssCKFWToken_GetSessionState(fwToken);
-}
diff --git a/security/nss/lib/ckfw/wrap.c b/security/nss/lib/ckfw/wrap.c
deleted file mode 100644
index b15a70811..000000000
--- a/security/nss/lib/ckfw/wrap.c
+++ /dev/null
@@ -1,3414 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * wrap.c
- *
- * This file contains the routines that actually implement the cryptoki
- * API, using the internal APIs of the NSS Cryptoki Framework. There is
- * one routine here for every cryptoki routine. For linking reasons
- * the actual entry points passed back with C_GetFunctionList have to
- * exist in one of the Module's source files; however, those are merely
- * simple wrappers that call these routines. The intelligence of the
- * implementations is here.
- */
-
-#ifndef CK_T
-#include "ck.h"
-#endif /* CK_T */
-
-/*
- * NSSCKFWC_Initialize
- * NSSCKFWC_Finalize
- * NSSCKFWC_GetInfo
- * -- NSSCKFWC_GetFunctionList -- see the API insert file
- * NSSCKFWC_GetSlotList
- * NSSCKFWC_GetSlotInfo
- * NSSCKFWC_GetTokenInfo
- * NSSCKFWC_WaitForSlotEvent
- * NSSCKFWC_GetMechanismList
- * NSSCKFWC_GetMechanismInfo
- * NSSCKFWC_InitToken
- * NSSCKFWC_InitPIN
- * NSSCKFWC_SetPIN
- * NSSCKFWC_OpenSession
- * NSSCKFWC_CloseSession
- * NSSCKFWC_CloseAllSessions
- * NSSCKFWC_GetSessionInfo
- * NSSCKFWC_GetOperationState
- * NSSCKFWC_SetOperationState
- * NSSCKFWC_Login
- * NSSCKFWC_Logout
- * NSSCKFWC_CreateObject
- * NSSCKFWC_CopyObject
- * NSSCKFWC_DestroyObject
- * NSSCKFWC_GetObjectSize
- * NSSCKFWC_GetAttributeValue
- * NSSCKFWC_SetAttributeValue
- * NSSCKFWC_FindObjectsInit
- * NSSCKFWC_FindObjects
- * NSSCKFWC_FindObjectsFinal
- * NSSCKFWC_EncryptInit
- * NSSCKFWC_Encrypt
- * NSSCKFWC_EncryptUpdate
- * NSSCKFWC_EncryptFinal
- * NSSCKFWC_DecryptInit
- * NSSCKFWC_Decrypt
- * NSSCKFWC_DecryptUpdate
- * NSSCKFWC_DecryptFinal
- * NSSCKFWC_DigestInit
- * NSSCKFWC_Digest
- * NSSCKFWC_DigestUpdate
- * NSSCKFWC_DigestKey
- * NSSCKFWC_DigestFinal
- * NSSCKFWC_SignInit
- * NSSCKFWC_Sign
- * NSSCKFWC_SignUpdate
- * NSSCKFWC_SignFinal
- * NSSCKFWC_SignRecoverInit
- * NSSCKFWC_SignRecover
- * NSSCKFWC_VerifyInit
- * NSSCKFWC_Verify
- * NSSCKFWC_VerifyUpdate
- * NSSCKFWC_VerifyFinal
- * NSSCKFWC_VerifyRecoverInit
- * NSSCKFWC_VerifyRecover
- * NSSCKFWC_DigestEncryptUpdate
- * NSSCKFWC_DecryptDigestUpdate
- * NSSCKFWC_SignEncryptUpdate
- * NSSCKFWC_DecryptVerifyUpdate
- * NSSCKFWC_GenerateKey
- * NSSCKFWC_GenerateKeyPair
- * NSSCKFWC_WrapKey
- * NSSCKFWC_UnwrapKey
- * NSSCKFWC_DeriveKey
- * NSSCKFWC_SeedRandom
- * NSSCKFWC_GenerateRandom
- * NSSCKFWC_GetFunctionStatus
- * NSSCKFWC_CancelFunction
- */
-
-/*
- * NSSCKFWC_Initialize
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Initialize
-(
- NSSCKFWInstance **pFwInstance,
- NSSCKMDInstance *mdInstance,
- CK_VOID_PTR pInitArgs
-)
-{
- CK_RV error = CKR_OK;
-
- if( (NSSCKFWInstance **)NULL == pFwInstance ) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- if( (NSSCKFWInstance *)NULL != *pFwInstance ) {
- error = CKR_CRYPTOKI_ALREADY_INITIALIZED;
- goto loser;
- }
-
- if( (NSSCKMDInstance *)NULL == mdInstance ) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- *pFwInstance = nssCKFWInstance_Create(pInitArgs, mdInstance, &error);
- if( (NSSCKFWInstance *)NULL == *pFwInstance ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CANT_LOCK:
- case CKR_CRYPTOKI_ALREADY_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_NEED_TO_CREATE_THREADS:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_Finalize
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Finalize
-(
- NSSCKFWInstance **pFwInstance
-)
-{
- CK_RV error = CKR_OK;
-
- if( (NSSCKFWInstance **)NULL == pFwInstance ) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- if( (NSSCKFWInstance *)NULL == *pFwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- error = nssCKFWInstance_Destroy(*pFwInstance);
-
- /* In any case */
- *pFwInstance = (NSSCKFWInstance *)NULL;
-
- loser:
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OK:
- break;
- default:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetInfo
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_INFO_PTR pInfo
-)
-{
- CK_RV error = CKR_OK;
-
- if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here means a caller error
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO));
-
- pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance);
-
- error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- pInfo->flags = nssCKFWInstance_GetFlags(fwInstance);
-
- error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance);
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- break;
- default:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * C_GetFunctionList is implemented entirely in the Module's file which
- * includes the Framework API insert file. It requires no "actual"
- * NSSCKFW routine.
- */
-
-/*
- * NSSCKFWC_GetSlotList
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetSlotList
-(
- NSSCKFWInstance *fwInstance,
- CK_BBOOL tokenPresent,
- CK_SLOT_ID_PTR pSlotList,
- CK_ULONG_PTR pulCount
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- switch( tokenPresent ) {
- case CK_TRUE:
- case CK_FALSE:
- break;
- default:
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) {
- *pulCount = nSlots;
- return CKR_OK;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID));
-
- if( *pulCount < nSlots ) {
- *pulCount = nSlots;
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- } else {
- CK_ULONG i;
- *pulCount = nSlots;
-
- /*
- * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we
- * just index one when we need it.
- */
-
- for( i = 0; i < nSlots; i++ ) {
- pSlotList[i] = i+1;
- }
-
- return CKR_OK;
- }
-
- loser:
- switch( error ) {
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetSlotInfo
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetSlotInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_SLOT_INFO_PTR pInfo
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO));
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- if( nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- pInfo->flags |= CKF_TOKEN_PRESENT;
- }
-
- if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) {
- pInfo->flags |= CKF_REMOVABLE_DEVICE;
- }
-
- if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) {
- pInfo->flags |= CKF_HW_SLOT;
- }
-
- pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot);
- pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot);
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetTokenInfo
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetTokenInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_TOKEN_INFO_PTR pInfo
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO));
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if( (NSSCKFWToken *)NULL == fwToken ) {
- goto loser;
- }
-
- error = nssCKFWToken_GetLabel(fwToken, pInfo->label);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- error = nssCKFWToken_GetModel(fwToken, pInfo->model);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- if( nssCKFWToken_GetHasRNG(fwToken) ) {
- pInfo->flags |= CKF_RNG;
- }
-
- if( nssCKFWToken_GetIsWriteProtected(fwToken) ) {
- pInfo->flags |= CKF_WRITE_PROTECTED;
- }
-
- if( nssCKFWToken_GetLoginRequired(fwToken) ) {
- pInfo->flags |= CKF_LOGIN_REQUIRED;
- }
-
- if( nssCKFWToken_GetUserPinInitialized(fwToken) ) {
- pInfo->flags |= CKF_USER_PIN_INITIALIZED;
- }
-
- if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) {
- pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED;
- }
-
- if( nssCKFWToken_GetHasClockOnToken(fwToken) ) {
- pInfo->flags |= CKF_CLOCK_ON_TOKEN;
- }
-
- if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) {
- pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
- }
-
- if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) {
- pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS;
- }
-
- pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken);
- pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken);
- pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken);
- pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken);
- pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken);
- pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken);
- pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken);
- pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken);
- pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken);
- pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken);
- pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken);
- pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken);
-
- error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- (void)nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_WaitForSlotEvent
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_WaitForSlotEvent
-(
- NSSCKFWInstance *fwInstance,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR pSlot,
- CK_VOID_PTR pReserved
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- CK_BBOOL block;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- CK_ULONG i;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- if( flags & ~CKF_DONT_BLOCK ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE;
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error);
- if( (NSSCKFWSlot *)NULL == fwSlot ) {
- goto loser;
- }
-
- for( i = 0; i < nSlots; i++ ) {
- if( fwSlot == slots[i] ) {
- *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1);
- }
-
- return CKR_OK;
- }
-
- error = CKR_GENERAL_ERROR; /* returned something not in the slot list */
-
- loser:
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_NO_EVENT:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetMechanismList
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetMechanismList
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE_PTR pMechanismList,
- CK_ULONG_PTR pulCount
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- CK_ULONG count;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if( (NSSCKFWToken *)NULL == fwToken ) {
- goto loser;
- }
-
- count = nssCKFWToken_GetMechanismCount(fwToken);
-
- if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) {
- *pulCount = count;
- return CKR_OK;
- }
-
- if( *pulCount < count ) {
- *pulCount = count;
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE));
-
- *pulCount = count;
-
- if( 0 != count ) {
- error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList);
- } else {
- error = CKR_OK;
- }
-
- if( CKR_OK == error ) {
- return CKR_OK;
- }
-
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- (void)nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetMechanismInfo
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetMechanismInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR pInfo
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- NSSCKFWMechanism *fwMechanism;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO));
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if( (NSSCKFWToken *)NULL == fwToken ) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error);
- if( (NSSCKFWMechanism *)NULL == fwMechanism ) {
- goto loser;
- }
-
- pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism);
- pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism);
-
- if( nssCKFWMechanism_GetInHardware(fwMechanism) ) {
- pInfo->flags |= CKF_HW;
- }
-
- /* More here... */
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- (void)nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_MECHANISM_INVALID:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_InitToken
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_InitToken
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen,
- CK_CHAR_PTR pLabel
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- NSSItem pin;
- NSSUTF8 *label;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if( (NSSCKFWToken *)NULL == fwToken ) {
- goto loser;
- }
-
- pin.size = (PRUint32)ulPinLen;
- pin.data = (void *)pPin;
- label = (NSSUTF8 *)pLabel; /* identity conversion */
-
- error = nssCKFWToken_InitToken(fwToken, &pin, label);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- (void)nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_INCORRECT:
- case CKR_PIN_LOCKED:
- case CKR_SESSION_EXISTS:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_InitPIN
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_InitPIN
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem pin, *arg;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
- arg = (NSSItem *)NULL;
- } else {
- arg = &pin;
- pin.size = (PRUint32)ulPinLen;
- pin.data = (void *)pPin;
- }
-
- error = nssCKFWSession_InitPIN(fwSession, arg);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_INVALID:
- case CKR_PIN_LEN_RANGE:
- case CKR_SESSION_READ_ONLY:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_SetPIN
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SetPIN
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pOldPin,
- CK_ULONG ulOldLen,
- CK_CHAR_PTR pNewPin,
- CK_ULONG ulNewLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem oldPin, newPin, *oldArg, *newArg;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) {
- oldArg = (NSSItem *)NULL;
- } else {
- oldArg = &oldPin;
- oldPin.size = (PRUint32)ulOldLen;
- oldPin.data = (void *)pOldPin;
- }
-
- if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) {
- newArg = (NSSItem *)NULL;
- } else {
- newArg = &newPin;
- newPin.size = (PRUint32)ulNewLen;
- newPin.data = (void *)pNewPin;
- }
-
- error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_INCORRECT:
- case CKR_PIN_INVALID:
- case CKR_PIN_LEN_RANGE:
- case CKR_PIN_LOCKED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_OpenSession
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_OpenSession
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_FLAGS flags,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_SESSION_HANDLE_PTR phSession
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- NSSCKFWSession *fwSession;
- CK_BBOOL rw;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- if( flags & CKF_RW_SESSION ) {
- rw = CK_TRUE;
- } else {
- rw = CK_FALSE;
- }
-
- if( flags & CKF_SERIAL_SESSION ) {
- ;
- } else {
- error = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
- goto loser;
- }
-
- if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- *phSession = (CK_SESSION_HANDLE)0;
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if( (NSSCKFWToken *)NULL == fwToken ) {
- goto loser;
- }
-
- fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication,
- Notify, &error);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- goto loser;
- }
-
- *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance,
- fwSession, &error);
- if( (CK_SESSION_HANDLE)0 == *phSession ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_COUNT:
- case CKR_SESSION_EXISTS:
- case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
- case CKR_SESSION_READ_WRITE_SO_EXISTS:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_PRESENT:
- case CKR_TOKEN_NOT_RECOGNIZED:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_CloseSession
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_CloseSession
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- nssCKFWInstance_DestroySessionHandle(fwInstance, hSession);
- error = nssCKFWSession_Destroy(fwSession, CK_TRUE);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_CloseAllSessions
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_CloseAllSessions
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if( (NSSCKFWToken *)NULL == fwToken ) {
- goto loser;
- }
-
- error = nssCKFWToken_CloseAllSessions(fwToken);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_PRESENT:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetSessionInfo
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetSessionInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_SESSION_INFO_PTR pInfo
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWSlot *fwSlot;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO));
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if( (NSSCKFWSlot *)NULL == fwSlot ) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot);
- pInfo->state = nssCKFWSession_GetSessionState(fwSession);
-
- if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) {
- pInfo->flags |= CKF_RW_SESSION;
- }
-
- pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */
-
- pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession);
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetOperationState
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetOperationState
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG_PTR pulOperationStateLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- CK_ULONG len;
- NSSItem buf;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- len = nssCKFWSession_GetOperationStateLen(fwSession, &error);
- if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) {
- goto loser;
- }
-
- if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
- *pulOperationStateLen = len;
- return CKR_OK;
- }
-
- if( *pulOperationStateLen < len ) {
- *pulOperationStateLen = len;
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- }
-
- buf.size = (PRUint32)*pulOperationStateLen;
- buf.data = (void *)pOperationState;
- *pulOperationStateLen = len;
- error = nssCKFWSession_GetOperationState(fwSession, &buf);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_STATE_UNSAVEABLE:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_SetOperationState
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SetOperationState
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG ulOperationStateLen,
- CK_OBJECT_HANDLE hEncryptionKey,
- CK_OBJECT_HANDLE hAuthenticationKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *eKey;
- NSSCKFWObject *aKey;
- NSSItem state;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * We could loop through the buffer, to catch any purify errors
- * in a place with a "user error" note.
- */
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) {
- eKey = (NSSCKFWObject *)NULL;
- } else {
- eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey);
- if( (NSSCKFWObject *)NULL == eKey ) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
- }
-
- if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) {
- aKey = (NSSCKFWObject *)NULL;
- } else {
- aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey);
- if( (NSSCKFWObject *)NULL == aKey ) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
- }
-
- error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_CHANGED:
- case CKR_KEY_NEEDED:
- case CKR_KEY_NOT_NEEDED:
- case CKR_SAVED_STATE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_Login
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Login
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_USER_TYPE userType,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem pin, *arg;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
- arg = (NSSItem *)NULL;
- } else {
- arg = &pin;
- pin.size = (PRUint32)ulPinLen;
- pin.data = (void *)pPin;
- }
-
- error = nssCKFWSession_Login(fwSession, userType, arg);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_EXPIRED:
- case CKR_PIN_INCORRECT:
- case CKR_PIN_LOCKED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY_EXISTS:
- case CKR_USER_ALREADY_LOGGED_IN:
- case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
- case CKR_USER_PIN_NOT_INITIALIZED:
- case CKR_USER_TOO_MANY_TYPES:
- case CKR_USER_TYPE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_Logout
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Logout
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_Logout(fwSession);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_CreateObject
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_CreateObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phObject
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- *phObject = (CK_OBJECT_HANDLE)0;
-
- fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate,
- ulCount, &error);
- if( (NSSCKFWObject *)NULL == fwObject ) {
- goto loser;
- }
-
- *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
- if( (CK_OBJECT_HANDLE)0 == *phObject ) {
- nssCKFWObject_Destroy(fwObject);
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCOMPLETE:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_CopyObject
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_CopyObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phNewObject
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWObject *fwNewObject;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- *phNewObject = (CK_OBJECT_HANDLE)0;
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if( (NSSCKFWObject *)NULL == fwObject ) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject,
- pTemplate, ulCount, &error);
- if( (NSSCKFWObject *)NULL == fwNewObject ) {
- goto loser;
- }
-
- *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance,
- fwNewObject, &error);
- if( (CK_OBJECT_HANDLE)0 == *phNewObject ) {
- nssCKFWObject_Destroy(fwNewObject);
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_DestroyObject
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DestroyObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if( (NSSCKFWObject *)NULL == fwObject ) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- nssCKFWObject_Destroy(fwObject);
- nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject);
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetObjectSize
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetObjectSize
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ULONG_PTR pulSize
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if( (NSSCKFWObject *)NULL == fwObject ) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- *pulSize = (CK_ULONG)0;
-
- *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error);
- if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_INFORMATION_SENSITIVE:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetAttributeValue
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetAttributeValue
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- CK_BBOOL sensitive = CK_FALSE;
- CK_BBOOL invalid = CK_FALSE;
- CK_BBOOL tooSmall = CK_FALSE;
- CK_ULONG i;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if( (NSSCKFWObject *)NULL == fwObject ) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- for( i = 0; i < ulCount; i++ ) {
- CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject,
- pTemplate[i].type, &error);
- if( (CK_ULONG)0 == size ) {
- switch( error ) {
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_INFORMATION_SENSITIVE:
- sensitive = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- case CKR_ATTRIBUTE_TYPE_INVALID:
- invalid = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- case CKR_OK:
- break;
- default:
- goto loser;
- }
- }
-
- if( (CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue ) {
- pTemplate[i].ulValueLen = size;
- } else {
- NSSItem it, *p;
-
- if( pTemplate[i].ulValueLen < size ) {
- tooSmall = CK_TRUE;
- continue;
- }
-
- it.size = (PRUint32)pTemplate[i].ulValueLen;
- it.data = (void *)pTemplate[i].pValue;
- p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it,
- (NSSArena *)NULL, &error);
- if( (NSSItem *)NULL == p ) {
- switch( error ) {
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_INFORMATION_SENSITIVE:
- sensitive = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- case CKR_ATTRIBUTE_TYPE_INVALID:
- invalid = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- default:
- goto loser;
- }
- }
-
- pTemplate[i].ulValueLen = size;
- }
- }
-
- if( sensitive ) {
- error = CKR_ATTRIBUTE_SENSITIVE;
- goto loser;
- } else if( invalid ) {
- error = CKR_ATTRIBUTE_TYPE_INVALID;
- goto loser;
- } else if( tooSmall ) {
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_SetAttributeValue
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SetAttributeValue
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWObject *newFwObject;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if( (NSSCKFWObject *)NULL == fwObject ) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- newFwObject = nssCKFWSession_CopyObject(fwSession, fwObject, pTemplate,
- ulCount, &error);
- if( (NSSCKFWObject *)NULL == newFwObject ) {
- goto loser;
- }
-
- error = nssCKFWInstance_ReassignObjectHandle(fwInstance, hObject, newFwObject);
- nssCKFWObject_Destroy(fwObject);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_FindObjectsInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_FindObjectsInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWFindObjects *fwFindObjects;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0) ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
- if( (NSSCKFWFindObjects *)NULL != fwFindObjects ) {
- error = CKR_OPERATION_ACTIVE;
- goto loser;
- }
-
- if( CKR_OPERATION_NOT_INITIALIZED != error ) {
- goto loser;
- }
-
- fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession,
- pTemplate, ulCount, &error);
- if( (NSSCKFWFindObjects *)NULL == fwFindObjects ) {
- goto loser;
- }
-
- error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects);
-
- if( CKR_OK != error ) {
- nssCKFWFindObjects_Destroy(fwFindObjects);
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_ACTIVE:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_FindObjects
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_FindObjects
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE_PTR phObject,
- CK_ULONG ulMaxObjectCount,
- CK_ULONG_PTR pulObjectCount
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWFindObjects *fwFindObjects;
- CK_ULONG i;
- NSSArena *arena;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- arena = nssCKFWSession_GetArena(fwSession, &error);
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
-
- if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount);
- *pulObjectCount = (CK_ULONG)0;
-
- fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
- if( (NSSCKFWFindObjects *)NULL == fwFindObjects ) {
- goto loser;
- }
-
- for( i = 0; i < ulMaxObjectCount; i++ ) {
- NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects,
- arena, &error);
- if( (NSSCKFWObject *)NULL == fwObject ) {
- break;
- }
-
- phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject);
- if( (CK_OBJECT_HANDLE)0 == phObject[i] ) {
- phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
- }
- if( (CK_OBJECT_HANDLE)0 == phObject[i] ) {
- /* This isn't right either, is it? */
- nssCKFWObject_Destroy(fwObject);
- goto loser;
- }
- }
-
- *pulObjectCount = i;
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_FindObjectsFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_FindObjectsFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWFindObjects *fwFindObjects;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
- if( (NSSCKFWFindObjects *)NULL == fwFindObjects ) {
- error = CKR_OPERATION_NOT_INITIALIZED;
- goto loser;
- }
-
- nssCKFWFindObjects_Destroy(fwFindObjects);
- error = nssCKFWSession_SetFWFindObjects(fwSession, (NSSCKFWFindObjects *)NULL);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_EncryptInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_EncryptInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_Encrypt
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Encrypt
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG_PTR pulEncryptedDataLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_EncryptUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_EncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_EncryptFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_EncryptFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastEncryptedPart,
- CK_ULONG_PTR pulLastEncryptedPartLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_DecryptInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DecryptInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_Decrypt
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Decrypt
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG ulEncryptedDataLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_DecryptUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DecryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_DecryptFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DecryptFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastPart,
- CK_ULONG_PTR pulLastPartLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_DigestInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DigestInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_Digest
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Digest
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_DigestUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DigestUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_DigestKey
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DigestKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hKey
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_DigestFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DigestFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_SignInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_Sign
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Sign
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_SignUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_SignFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_SignRecoverInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignRecoverInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_SignRecover
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignRecover
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_VerifyInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_VerifyInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_Verify
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Verify
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_VerifyUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_VerifyUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_VerifyFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_VerifyFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_VerifyRecoverInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_VerifyRecoverInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_VerifyRecover
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_VerifyRecover
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_DigestEncryptUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DigestEncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_DecryptDigestUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DecryptDigestUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_SignEncryptUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignEncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_DecryptVerifyUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DecryptVerifyUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_GenerateKey
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GenerateKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phKey
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_GenerateKeyPair
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GenerateKeyPair
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount,
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount,
- CK_OBJECT_HANDLE_PTR phPublicKey,
- CK_OBJECT_HANDLE_PTR phPrivateKey
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_WrapKey
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_WrapKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hWrappingKey,
- CK_OBJECT_HANDLE hKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG_PTR pulWrappedKeyLen
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_UnwrapKey
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_UnwrapKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hUnwrappingKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG ulWrappedKeyLen,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_DeriveKey
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DeriveKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hBaseKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey
-)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-/*
- * NSSCKFWC_SeedRandom
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SeedRandom
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSeed,
- CK_ULONG ulSeedLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem seed;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_BYTE_PTR)CK_NULL_PTR == pSeed ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /* We could read through the buffer in a Purify trap */
-
- seed.size = (PRUint32)ulSeedLen;
- seed.data = (void *)pSeed;
-
- error = nssCKFWSession_SeedRandom(fwSession, &seed);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_ACTIVE:
- case CKR_RANDOM_SEED_NOT_SUPPORTED:
- case CKR_RANDOM_NO_RNG:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GenerateRandom
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GenerateRandom
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pRandomData,
- CK_ULONG ulRandomLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem buffer;
-
- if( (NSSCKFWInstance *)NULL == fwInstance ) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if( (NSSCKFWSession *)NULL == fwSession ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_BYTE_PTR)CK_NULL_PTR == pRandomData ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pRandomData, 0, ulRandomLen);
-
- buffer.size = (PRUint32)ulRandomLen;
- buffer.data = (void *)pRandomData;
-
- error = nssCKFWSession_GetRandom(fwSession, &buffer);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_ACTIVE:
- case CKR_RANDOM_NO_RNG:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetFunctionStatus
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetFunctionStatus
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-/*
- * NSSCKFWC_CancelFunction
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_CancelFunction
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- return CKR_FUNCTION_NOT_PARALLEL;
-}
diff --git a/security/nss/lib/crmf/Makefile b/security/nss/lib/crmf/Makefile
deleted file mode 100644
index a376529c7..000000000
--- a/security/nss/lib/crmf/Makefile
+++ /dev/null
@@ -1,77 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-export:: private_export
diff --git a/security/nss/lib/crmf/asn1cmn.c b/security/nss/lib/crmf/asn1cmn.c
deleted file mode 100644
index 8dae9749c..000000000
--- a/security/nss/lib/crmf/asn1cmn.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "cmmf.h"
-#include "cmmfi.h"
-
-static const SEC_ASN1Template CMMFCertResponseTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse)},
- { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId)},
- { SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status),
- CMMFPKIStatusInfoTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER,
- offsetof(CMMFCertResponse, certifiedKeyPair),
- CMMFCertifiedKeyPairTemplate},
- { 0 }
-};
-
-static const SEC_ASN1Template CMMFCertOrEncCertTemplate[] = {
- { SEC_ASN1_ANY, offsetof(CMMFCertOrEncCert, derValue), NULL,
- sizeof(CMMFCertOrEncCert)},
- { 0 }
-};
-
-const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair)},
- { SEC_ASN1_INLINE, offsetof(CMMFCertifiedKeyPair, certOrEncCert),
- CMMFCertOrEncCertTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0,
- offsetof(CMMFCertifiedKeyPair, privateKey),
- CRMFEncryptedValueTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof (CMMFCertifiedKeyPair, derPublicationInfo),
- SEC_AnyTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CMMFPKIStatusInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo)},
- { SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status)},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING,
- offsetof(CMMFPKIStatusInfo, statusString)},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING,
- offsetof(CMMFPKIStatusInfo, failInfo)},
- { 0 }
-};
-
-const SEC_ASN1Template CMMFSequenceOfCertsTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_SignedCertificateTemplate}
-};
-
-const SEC_ASN1Template CMMFRandTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand)},
- { SEC_ASN1_INTEGER, offsetof(CMMFRand, integer)},
- { SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash)},
- { 0 }
-};
-
-const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFPOPODecKeyRespContent, responses),
- SEC_IntegerTemplate, sizeof(CMMFPOPODecKeyRespContent)},
- { 0 }
-};
-
-const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 1,
- 0,
- CRMFEncryptedValueTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 0,
- 0,
- SEC_SignedCertificateTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CMMFCertRepContentTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent)},
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
- SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CMMFCertRepContent, caPubs),
- CMMFSequenceOfCertsTemplate },
- { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFCertRepContent, response),
- CMMFCertResponseTemplate},
- { 0 }
-};
-
-static const SEC_ASN1Template CMMFChallengeTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge)},
- { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL, offsetof(CMMFChallenge, owf),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, witness) },
- { SEC_ASN1_ANY, offsetof(CMMFChallenge, senderDER) },
- { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, key) },
- { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, challenge) },
- { 0 }
-};
-
-const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF,offsetof(CMMFPOPODecKeyChallContent, challenges),
- CMMFChallengeTemplate, sizeof(CMMFPOPODecKeyChallContent) },
- { 0 }
-};
-
-SECStatus
-cmmf_decode_process_cert_response(PRArenaPool *poolp,
- CERTCertDBHandle *db,
- CMMFCertResponse *inCertResp)
-{
- SECStatus rv = SECSuccess;
-
- if (inCertResp->certifiedKeyPair != NULL) {
- rv = cmmf_decode_process_certified_key_pair(poolp,
- db,
- inCertResp->certifiedKeyPair);
- }
- return rv;
-}
-
-static CERTCertificate*
-cmmf_DecodeDERCertificate(CERTCertDBHandle *db, SECItem *derCert)
-{
- CERTCertificate *newCert;
-
- newCert = CERT_DecodeDERCertificate(derCert, PR_TRUE, NULL);
- if (newCert != NULL && newCert->dbhandle == NULL) {
- newCert->dbhandle = db;
- }
- return newCert;
-}
-
-static CMMFCertOrEncCertChoice
-cmmf_get_certorenccertchoice_from_der(SECItem *der)
-{
- CMMFCertOrEncCertChoice retChoice;
-
- switch(der->data[0] & 0x0f) {
- case 0:
- retChoice = cmmfCertificate;
- break;
- case 1:
- retChoice = cmmfEncryptedCert;
- break;
- default:
- retChoice = cmmfNoCertOrEncCert;
- break;
- }
- return retChoice;
-}
-
-static SECStatus
-cmmf_decode_process_certorenccert(PRArenaPool *poolp,
- CERTCertDBHandle *db,
- CMMFCertOrEncCert *inCertOrEncCert)
-{
- SECStatus rv = SECSuccess;
-
- inCertOrEncCert->choice =
- cmmf_get_certorenccertchoice_from_der(&inCertOrEncCert->derValue);
-
- switch (inCertOrEncCert->choice) {
- case cmmfCertificate:
- {
- /* The DER has implicit tagging, so we gotta switch it to
- * un-tagged in order for the ASN1 parser to understand it.
- * Saving the bits that were changed.
- */
- inCertOrEncCert->derValue.data[0] = 0x30;
- inCertOrEncCert->cert.certificate =
- cmmf_DecodeDERCertificate(db, &inCertOrEncCert->derValue);
- if (inCertOrEncCert->cert.certificate == NULL) {
- rv = SECFailure;
- }
-
- }
- break;
- case cmmfEncryptedCert:
- inCertOrEncCert->cert.encryptedCert =
- PORT_ArenaZNew(poolp, CRMFEncryptedValue);
- if (inCertOrEncCert->cert.encryptedCert == NULL) {
- rv = SECFailure;
- break;
- }
- rv = SEC_ASN1Decode(poolp, inCertOrEncCert->cert.encryptedCert,
- CMMFCertOrEncCertEncryptedCertTemplate,
- (const char*)inCertOrEncCert->derValue.data,
- inCertOrEncCert->derValue.len);
- break;
- default:
- rv = SECFailure;
- }
- return rv;
-}
-
-SECStatus
-cmmf_decode_process_certified_key_pair(PRArenaPool *poolp,
- CERTCertDBHandle *db,
- CMMFCertifiedKeyPair *inCertKeyPair)
-{
- return cmmf_decode_process_certorenccert (poolp,
- db,
- &inCertKeyPair->certOrEncCert);
-}
-
-
diff --git a/security/nss/lib/crmf/challcli.c b/security/nss/lib/crmf/challcli.c
deleted file mode 100644
index 08702eb2e..000000000
--- a/security/nss/lib/crmf/challcli.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "cmmf.h"
-#include "cmmfi.h"
-#include "secitem.h"
-#include "pk11func.h"
-
-CMMFPOPODecKeyChallContent*
-CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len)
-{
- PRArenaPool *poolp;
- CMMFPOPODecKeyChallContent *challContent;
- SECStatus rv;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- return NULL;
- }
- challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent);
- if (challContent == NULL) {
- goto loser;
- }
- challContent->poolp = poolp;
- rv = SEC_ASN1Decode(poolp, challContent,
- CMMFPOPODecKeyChallContentTemplate, buf, len);
- if (rv != SECSuccess) {
- goto loser;
- }
- if (challContent->challenges) {
- while (challContent->challenges[challContent->numChallenges] != NULL) {
- challContent->numChallenges++;
- }
- challContent->numAllocated = challContent->numChallenges;
- }
- return challContent;
- loser:
- if (poolp != NULL) {
- PORT_FreeArena(poolp, PR_FALSE);
- }
- return NULL;
-}
-
-int
-CMMF_POPODecKeyChallContentGetNumChallenges
- (CMMFPOPODecKeyChallContent *inKeyChallCont)
-{
- PORT_Assert(inKeyChallCont != NULL);
- if (inKeyChallCont == NULL) {
- return 0;
- }
- return inKeyChallCont->numChallenges;
-}
-
-SECItem*
-CMMF_POPODecKeyChallContentGetPublicValue
- (CMMFPOPODecKeyChallContent *inKeyChallCont,
- int inIndex)
-{
- PORT_Assert(inKeyChallCont != NULL);
- if (inKeyChallCont == NULL || (inIndex > inKeyChallCont->numChallenges-1)||
- inIndex < 0) {
- return NULL;
- }
- return SECITEM_DupItem(&inKeyChallCont->challenges[inIndex]->key);
-}
-
-static SECAlgorithmID*
-cmmf_get_owf(CMMFPOPODecKeyChallContent *inChalCont,
- int inIndex)
-{
- int i;
-
- for (i=inIndex; i >= 0; i--) {
- if (inChalCont->challenges[i]->owf != NULL) {
- return inChalCont->challenges[i]->owf;
- }
- }
- return NULL;
-}
-
-SECStatus
-CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
- int inIndex,
- SECKEYPrivateKey *inPrivKey)
-{
- CMMFChallenge *challenge;
- SECItem *decryptedRand=NULL;
- SECStatus rv = SECFailure;
- PK11SlotInfo *slot;
- PK11SymKey *symKey = NULL;
- CMMFRand randStr;
- SECAlgorithmID *owf;
- unsigned char hash[SHA1_LENGTH]; /*SHA1 is the longest, so we'll use
- *it's length.
- */
- SECItem hashItem;
- SECOidTag tag;
-
- PORT_Assert(inChalCont != NULL && inPrivKey != NULL);
- if (inChalCont == NULL || inIndex <0 || inIndex > inChalCont->numChallenges
- || inPrivKey == NULL){
- return SECFailure;
- }
- challenge = inChalCont->challenges[inIndex];
- decryptedRand = PORT_ZNew(SECItem);
- if (decryptedRand == NULL) {
- goto loser;
- }
- decryptedRand->data =
- PORT_NewArray(unsigned char, challenge->challenge.len);
- if (decryptedRand->data == NULL) {
- goto loser;
- }
- slot = inPrivKey->pkcs11Slot;
- symKey = PK11_PubUnwrapSymKey(inPrivKey, &challenge->challenge,
- CKM_RSA_PKCS, CKA_VALUE, 0);
- if (symKey == NULL) {
- rv = SECFailure;
- goto loser;
- }
- rv = PK11_ExtractKeyValue(symKey);
- if (rv != SECSuccess) {
- goto loser;
- }
- decryptedRand = PK11_GetKeyData(symKey);
- rv = SEC_ASN1DecodeItem(NULL, &randStr, CMMFRandTemplate,
- decryptedRand);
- /* The decryptedRand returned points to a member within the symKey structure,
- * so we don't want to free it. Let the symKey destruction function deal with
- * freeing that memory.
- */
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SECFailure; /* Just so that when we do go to loser,
- * I won't have to set it again.
- */
- owf = cmmf_get_owf(inChalCont, inIndex);
- if (owf == NULL) {
- /* No hashing algorithm came with the challenges. Can't verify */
- goto loser;
- }
- /* Verify the hashes in the challenge */
- tag = SECOID_FindOIDTag(&owf->algorithm);
- switch (tag) {
- case SEC_OID_MD2:
- hashItem.len = MD2_LENGTH;
- break;
- case SEC_OID_MD5:
- hashItem.len = MD5_LENGTH;
- break;
- case SEC_OID_SHA1:
- hashItem.len = SHA1_LENGTH;
- break;
- default:
- goto loser;
- }
- rv = PK11_HashBuf(tag, hash, randStr.integer.data, randStr.integer.len);
- if (rv != SECSuccess) {
- goto loser;
- }
- hashItem.data = hash;
- if (SECITEM_CompareItem(&hashItem, &challenge->witness) != SECEqual) {
- /* The hash for the data we decrypted doesn't match the hash provided
- * in the challenge. Bail out.
- */
- rv = SECFailure;
- goto loser;
- }
- rv = PK11_HashBuf(tag, hash, challenge->senderDER.data,
- challenge->senderDER.len);
- if (rv != SECSuccess) {
- goto loser;
- }
- if (SECITEM_CompareItem(&hashItem, &randStr.senderHash) != SECEqual) {
- /* The hash for the data we decrypted doesn't match the hash provided
- * in the challenge. Bail out.
- */
- rv = SECFailure;
- goto loser;
- }
- /* All of the hashes have verified, so we can now store the integer away.*/
- rv = SECITEM_CopyItem(inChalCont->poolp, &challenge->randomNumber,
- &randStr.integer);
- loser:
- if (symKey != NULL) {
- PK11_FreeSymKey(symKey);
- }
- return rv;
-}
-
-SECStatus
-CMMF_POPODecKeyChallContentGetRandomNumber
- (CMMFPOPODecKeyChallContent *inKeyChallCont,
- int inIndex,
- long *inDest)
-{
- CMMFChallenge *challenge;
-
- PORT_Assert(inKeyChallCont != NULL);
- if (inKeyChallCont == NULL || inIndex > 0 || inIndex >=
- inKeyChallCont->numChallenges) {
- return SECFailure;
- }
- challenge = inKeyChallCont->challenges[inIndex];
- if (challenge->randomNumber.data == NULL) {
- /* There is no random number here, nothing to see. */
- return SECFailure;
- }
- *inDest = DER_GetInteger(&challenge->randomNumber);
- return (*inDest == -1) ? SECFailure : SECSuccess;
-}
-
-SECStatus
-CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand,
- int inNumRand,
- CRMFEncoderOutputCallback inCallback,
- void *inArg)
-{
- PRArenaPool *poolp;
- CMMFPOPODecKeyRespContent *response;
- SECItem *currItem;
- SECStatus rv=SECFailure;
- int i;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- return SECFailure;
- }
- response = PORT_ArenaZNew(poolp, CMMFPOPODecKeyRespContent);
- if (response == NULL) {
- goto loser;
- }
- response->responses = PORT_ArenaZNewArray(poolp, SECItem*, inNumRand+1);
- if (response->responses == NULL) {
- goto loser;
- }
- for (i=0; i<inNumRand; i++) {
- currItem = response->responses[i] = PORT_ArenaZNew(poolp,SECItem);
- if (currItem == NULL) {
- goto loser;
- }
- SEC_ASN1EncodeInteger(poolp, currItem,inDecodedRand[i]);
- }
- rv = cmmf_user_encode(response, inCallback, inArg,
- CMMFPOPODecKeyRespContentTemplate);
- loser:
- if (poolp != NULL) {
- PORT_FreeArena(poolp, PR_FALSE);
- }
- return rv;
-}
diff --git a/security/nss/lib/crmf/cmmf.h b/security/nss/lib/crmf/cmmf.h
deleted file mode 100644
index a10220429..000000000
--- a/security/nss/lib/crmf/cmmf.h
+++ /dev/null
@@ -1,1119 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _CMMF_H_
-#define _CMMF_H_
-/*
- * These are the functions exported by the security library for
- * implementing Certificate Management Message Formats (CMMF).
- *
- * This API is designed against July 1998 CMMF draft. Please read this
- * draft before trying to use this API in an application that use CMMF.
- */
-#include "seccomon.h"
-#include "cmmft.h"
-#include "crmf.h"
-
-SEC_BEGIN_PROTOS
-
-/******************* Creation Functions *************************/
-
-/*
- * FUNCTION: CMMF_CreateCertRepContent
- * INPUTS:
- * NONE
- * NOTES:
- * This function will create an empty CMMFCertRepContent Structure.
- * The client of the library must set the CMMFCertResponses.
- * Call CMMF_CertRepContentSetCertResponse to accomplish this task.
- * If the client of the library also wants to include the chain of
- * CA certs required to make the certificates in CMMFCertResponse valid,
- * then the user must also set the caPubs field of CMMFCertRepContent.
- * Call CMMF_CertRepContentSetCAPubs to accomplish this. After setting
- * the desired fields, the user can then call CMMF_EncodeCertRepContent
- * to DER-encode the CertRepContent.
- * RETURN:
- * A pointer to the CMMFCertRepContent. A NULL return value indicates
- * an error in allocating memory or failure to initialize the structure.
- */
-extern CMMFCertRepContent* CMMF_CreateCertRepContent(void);
-
-/*
- * FUNCTION: CMMF_CreateCertRepContentFromDER
- * INPUTS
- * db
- * The certificate database where the certificates will be placed.
- * The certificates will be placed in the temporary database associated
- * with the handle.
- * buf
- * A buffer to the DER-encoded CMMFCertRepContent
- * len
- * The length in bytes of the buffer 'buf'
- * NOTES:
- * This function passes the buffer to the ASN1 decoder and creates a
- * CMMFCertRepContent structure. The user must call
- * CMMF_DestroyCertRepContent after the return value is no longer needed.
- *
- * RETURN:
- * A pointer to the CMMFCertRepContent structure. A NULL return
- * value indicates the library was unable to parse the DER.
- */
-extern CMMFCertRepContent*
- CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db,
- const char *buf,
- long len);
-
-/*
- * FUNCTION: CMMF_CreateCertResponse
- * INPUTS:
- * inCertReqId
- * The Certificate Request Id this response is for.
- * NOTES:
- * This creates a CMMFCertResponse. This response should correspond
- * to a request that was received via CRMF. From the CRMF message you
- * can get the Request Id to pass in as inCertReqId, in essence binding
- * a CMRFCertRequest message to the CMMFCertResponse created by this
- * function. If no requuest id is associated with the response to create
- * then the user should pass in -1 for 'inCertReqId'.
- *
- * RETURN:
- * A pointer to the new CMMFCertResponse corresponding to the request id
- * passed in. A NULL return value indicates an error while trying to
- * create the CMMFCertResponse.
- */
-extern CMMFCertResponse* CMMF_CreateCertResponse(long inCertReqId);
-
-/*
- * FUNCTION: CMMF_CreateKeyRecRepContent
- * INPUTS:
- * NONE
- * NOTES:
- * This function creates a new empty CMMFKeyRecRepContent structure.
- * At the very minimum, the user must call
- * CMMF_KeyRecRepContentSetPKIStatusInfoStatus field to have an
- * encodable structure. Depending on what the response is, the user may
- * have to set other fields as well to properly build up the structure so
- * that it can be encoded. Refer to the CMMF draft for how to properly
- * set up a CMMFKeyRecRepContent. This is the structure that an RA returns
- * to an end entity when doing key recovery.
-
- * The user must call CMMF_DestroyKeyRecRepContent when the return value
- * is no longer needed.
- * RETURN:
- * A pointer to the empty CMMFKeyRecRepContent. A return value of NULL
- * indicates an error in allocating memory or initializing the structure.
- */
-extern CMMFKeyRecRepContent *CMMF_CreateKeyRecRepContent(void);
-
-/*
- * FUNCTION: CMMF_CreateKeyRecRepContentFromDER
- * INPUTS:
- * db
- * The handle for the certificate database where the decoded
- * certificates will be placed. The decoded certificates will
- * be placed in the temporary database associated with the
- * handle.
- * buf
- * A buffer contatining the DER-encoded CMMFKeyRecRepContent
- * len
- * The length in bytes of the buffer 'buf'
- * NOTES
- * This function passes the buffer to the ASN1 decoder and creates a
- * CMMFKeyRecRepContent structure.
- *
- * RETURN:
- * A pointer to the CMMFKeyRecRepContent structure. A NULL return
- * value indicates the library was unable to parse the DER.
- */
-extern CMMFKeyRecRepContent*
- CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db,
- const char *buf,
- long len);
-
-/*
- * FUNCTION: CMMF_CreatePOPODecKeyChallContent
- * INPUTS:
- * NONE
- * NOTES:
- * This function creates an empty CMMFPOPODecKeyChallContent. The user
- * must add the challenges individually specifying the random number to
- * be used and the public key to be used when creating each individual
- * challenge. User can accomplish this by calling the function
- * CMMF_POPODecKeyChallContentSetNextChallenge.
- * RETURN:
- * A pointer to a CMMFPOPODecKeyChallContent structure. Ther user can
- * then call CMMF_EncodePOPODecKeyChallContent passing in the return
- * value from this function after setting all of the challenges. A
- * return value of NULL indicates an error while creating the
- * CMMFPOPODecKeyChallContent structure.
- */
-extern CMMFPOPODecKeyChallContent*
- CMMF_CreatePOPODecKeyChallContent(void);
-
-/*
- * FUNCTION: CMMF_CreatePOPODecKeyChallContentFromDER
- * INPUTS
- * buf
- * A buffer containing the DER-encoded CMMFPOPODecKeyChallContent
- * len
- * The length in bytes of the buffer 'buf'
- * NOTES:
- * This function passes the buffer to the ASN1 decoder and creates a
- * CMMFPOPODecKeyChallContent structure.
- *
- * RETURN:
- * A pointer to the CMMFPOPODecKeyChallContent structure. A NULL return
- * value indicates the library was unable to parse the DER.
- */
-extern CMMFPOPODecKeyChallContent*
- CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len);
-
-/*
- * FUNCTION: CMMF_CreatePOPODecKeyRespContentFromDER
- * INPUTS:
- * buf
- * A buffer contatining the DER-encoded CMMFPOPODecKeyRespContent
- * len
- * The length in bytes of the buffer 'buf'
- * NOTES
- * This function passes the buffer to the ASN1 decoder and creates a
- * CMMFPOPODecKeyRespContent structure.
- *
- * RETURN:
- * A pointer to the CMMFPOPODecKeyRespContent structure. A NULL return
- * value indicates the library was unable to parse the DER.
- */
-extern CMMFPOPODecKeyRespContent*
- CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len);
-
-/************************** Set Functions *************************/
-
-/*
- * FUNCTION: CMMF_CertRepContentSetCertResponses
- * INPUTS:
- * inCertRepContent
- * The CMMFCertRepContent to operate on.
- * inCertResponses
- * An array of pointers to CMMFCertResponse structures to
- * add to the CMMFCertRepContent structure.
- * inNumResponses
- * The length of the array 'inCertResponses'
- * NOTES:
- * This function will add the CMMFCertResponse structure to the
- * CMMFCertRepContent passed in. The CMMFCertResponse field of
- * CMMFCertRepContent is required, so the client must call this function
- * before calling CMMF_EncodeCertRepContent. If the user calls
- * CMMF_EncodeCertRepContent before calling this function,
- * CMMF_EncodeCertRepContent will fail.
- *
- * RETURN:
- * SECSuccess if adding the CMMFCertResponses to the CMMFCertRepContent
- * structure was successful. Any other return value indicates an error
- * while trying to add the CMMFCertResponses.
- */
-extern SECStatus
- CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent,
- CMMFCertResponse **inCertResponses,
- int inNumResponses);
-
-/*
- * FUNCTION: CMMF_CertRepContentSetCAPubs
- * INPUTS:
- * inCertRepContent
- * The CMMFCertRepContent to operate on.
- * inCAPubs
- * The certificate list which makes up the chain of CA certificates
- * required to make the issued cert valid.
- * NOTES:
- * This function will set the the certificates in the CA chain as part
- * of the CMMFCertRepContent. This field is an optional member of the
- * CMMFCertRepContent structure, so the client is not required to call
- * this function before calling CMMF_EncodeCertRepContent.
- *
- * RETURN:
- * SECSuccess if adding the 'inCAPubs' to the CERTRepContent was successful.
- * Any other return value indicates an error while adding 'inCAPubs' to the
- * CMMFCertRepContent structure.
- *
- */
-extern SECStatus
- CMMF_CertRepContentSetCAPubs (CMMFCertRepContent *inCertRepContent,
- CERTCertList *inCAPubs);
-
-/*
- * FUNCTION: CMMF_CertResponseSetPKIStatusInfoStatus
- * INPUTS:
- * inCertResp
- * The CMMFCertResponse to operate on.
- * inPKIStatus
- * The value to set for the PKIStatusInfo.status field.
- * NOTES:
- * This function will set the CertResponse.status.status field of
- * the CMMFCertResponse structure. (View the definition of CertResponse
- * in the CMMF draft to see exactly which value this talks about.) This
- * field is a required member of the structure, so the user must call this
- * function in order to have a CMMFCertResponse that can be encoded.
- *
- * RETURN:
- * SECSuccess if setting the field with the passed in value was successful.
- * Any other return value indicates an error while trying to set the field.
- */
-extern SECStatus
- CMMF_CertResponseSetPKIStatusInfoStatus (CMMFCertResponse *inCertResp,
- CMMFPKIStatus inPKIStatus);
-
-/*
- * FUNCTION: CMMF_CertResponseSetCertificate
- * INPUTS:
- * inCertResp
- * The CMMFCertResponse to operate on.
- * inCertificate
- * The certificate to add to the
- * CertResponse.CertifiedKeyPair.certOrEncCert.certificate field.
- * NOTES:
- * This function will take the certificate and make it a member of the
- * CMMFCertResponse. The certificate should be the actual certificate
- * being issued via the response.
- *
- * RETURN:
- * SECSuccess if adding the certificate to the response was successful.
- * Any other return value indicates an error in adding the certificate to
- * the CertResponse.
- */
-extern SECStatus
- CMMF_CertResponseSetCertificate (CMMFCertResponse *inCertResp,
- CERTCertificate *inCertificate);
-
-/*
- * FUNCTION: CMMF_KeyRecRepContentSetPKIStatusInfoStatus
- * INPUTS:
- * inKeyRecRep
- * The CMMFKeyRecRepContent to operate on.
- * inPKIStatus
- * The value to set the PKIStatusInfo.status field to.
- * NOTES:
- * This function sets the only required field for the KeyRecRepContent.
- * In most cases, the user will set this field and other fields of the
- * structure to properly create the CMMFKeyRecRepContent structure.
- * Refer to the CMMF draft to see which fields need to be set in order
- * to create the desired CMMFKeyRecRepContent.
- *
- * RETURN:
- * SECSuccess if setting the PKIStatusInfo.status field was successful.
- * Any other return value indicates an error in setting the field.
- */
-extern SECStatus
-CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep,
- CMMFPKIStatus inPKIStatus);
-
-/*
- * FUNCTION: CMMF_KeyRecRepContentSetNewSignCert
- * INPUTS:
- * inKeyRecRep
- * The CMMFKeyRecRepContent to operate on.
- * inNewSignCert
- * The new signing cert to add to the CMMFKeyRecRepContent structure.
- * NOTES:
- * This function sets the new signeing cert in the CMMFKeyRecRepContent
- * structure.
- *
- * RETURN:
- * SECSuccess if setting the new signing cert was successful. Any other
- * return value indicates an error occurred while trying to add the
- * new signing certificate.
- */
-extern SECStatus
- CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertificate *inNewSignCert);
-
-/*
- * FUNCTION: CMMF_KeyRecRepContentSetCACerts
- * INPUTS:
- * inKeyRecRep
- * The CMMFKeyRecRepContent to operate on.
- * inCACerts
- * The list of CA certificates required to construct a valid
- * certificate chain with the certificates that will be returned
- * to the end user via this KeyRecRepContent.
- * NOTES:
- * This function sets the caCerts that are required to form a chain with the
- * end entity certificates that are being re-issued in this
- * CMMFKeyRecRepContent structure.
- *
- * RETURN:
- * SECSuccess if adding the caCerts was successful. Any other return value
- * indicates an error while tring to add the caCerts.
- */
-extern SECStatus
- CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertList *inCACerts);
-
-/*
- * FUNCTION: CMMF_KeyRecRepContentSetCertifiedKeyPair
- * INPUTS:
- * inKeyRecRep
- * The CMMFKeyRecRepContent to operate on.
- * inCert
- * The certificate to add to the CMMFKeyRecRepContent structure.
- * inPrivKey
- * The private key associated with the certificate above passed in.
- * inPubKey
- * The public key to use for wrapping the private key.
- * NOTES:
- * This function adds another certificate-key pair to the
- * CMMFKeyRecRepcontent structure. There may be more than one
- * certificate-key pair in the structure, so the user must call this
- * function multiple times to add more than one cert-key pair.
- *
- * RETURN:
- * SECSuccess if adding the certified key pair was successful. Any other
- * return value indicates an error in adding certified key pair to
- * CMMFKeyRecRepContent structure.
- */
-extern SECStatus
- CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertificate *inCert,
- SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey);
-
-/*
- * FUNCTION: CMMF_POPODecKeyChallContentSetNextChallenge
- * INPUTS:
- * inDecKeyChall
- * The CMMFPOPODecKeyChallContent to operate on.
- * inRandom
- * The random number to use when generating the challenge,
- * inSender
- * The GeneralName representation of the sender of the challenge.
- * inPubKey
- * The public key to use when encrypting the challenge.
- * passwdArg
- * This value will be passed to the function used for getting a
- * password. The password for getting a password should be registered
- * by calling PK11_SetPasswordFunc before this function is called.
- * If no password callback is registered and the library needs to
- * authenticate to the slot for any reason, this function will fail.
- * NOTES:
- * This function adds a challenge to the end of the list of challenges
- * contained by 'inDecKeyChall'. Refer to the CMMF draft on how the
- * the random number passed in and the sender's GeneralName are used
- * to generate the challenge and witness fields of the challenge. This
- * library will use SHA1 as the one-way function for generating the
- * witess field of the challenge.
- *
- * RETURN:
- * SECSuccess if generating the challenge and adding to the end of list
- * of challenges was successful. Any other return value indicates an error
- * while trying to generate the challenge.
- */
-extern SECStatus
-CMMF_POPODecKeyChallContentSetNextChallenge
- (CMMFPOPODecKeyChallContent *inDecKeyChall,
- long inRandom,
- CERTGeneralName *inSender,
- SECKEYPublicKey *inPubKey,
- void *passwdArg);
-
-
-/************************** Encoding Functions *************************/
-
-/*
- * FUNCTION: CMMF_EncodeCertRepContent
- * INPUTS:
- * inCertRepContent
- * The CMMFCertRepContent to DER-encode.
- * inCallback
- * A callback function that the ASN1 encoder will call whenever it
- * wants to write out DER-encoded bytes. Look at the defintion of
- * CRMFEncoderOutputCallback in crmft.h for a description of the
- * parameters to the function.
- * inArg
- * An opaque pointer to a user-supplied argument that will be passed
- * to the callback funtion whenever the function is called.
- * NOTES:
- * The CMMF library will use the same DER-encoding scheme as the CRMF
- * library. In other words, when reading CRMF comments that pertain to
- * encoding, those comments apply to the CMMF libray as well.
- * The callback function will be called multiple times, each time supplying
- * the next chunk of DER-encoded bytes. The user must concatenate the
- * output of each successive call to the callback in order to get the
- * entire DER-encoded CMMFCertRepContent structure.
- *
- * RETURN:
- * SECSuccess if encoding the CMMFCertRepContent was successful. Any
- * other return value indicates an error while decoding the structure.
- */
-extern SECStatus
- CMMF_EncodeCertRepContent (CMMFCertRepContent *inCertRepContent,
- CRMFEncoderOutputCallback inCallback,
- void *inArg);
-
-/*
- * FUNCTION: CMMF_EncodeKeyRecRepContent
- * INPUTS:
- * inKeyRecRep
- * The CMMFKeyRepContent to DER-encode.
- * inCallback
- * A callback function that the ASN1 encoder will call whenever it
- * wants to write out DER-encoded bytes. Look at the defintion of
- * CRMFEncoderOutputCallback in crmft.h for a description of the
- * parameters to the function.
- * inArg
- * An opaque pointer to a user-supplied argument that will be passed
- * to the callback funtion whenever the function is called.
- * NOTES:
- * The CMMF library will use the same DER-encoding scheme as the CRMF
- * library. In other words, when reading CRMF comments that pertain to
- * encoding, those comments apply to the CMMF libray as well.
- * The callback function will be called multiple times, each time supplying
- * the next chunk of DER-encoded bytes. The user must concatenate the
- * output of each successive call to the callback in order to get the
- * entire DER-encoded CMMFCertRepContent structure.
- *
- * RETURN:
- * SECSuccess if encoding the CMMFKeyRecRepContent was successful. Any
- * other return value indicates an error while decoding the structure.
- */
-extern SECStatus
- CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep,
- CRMFEncoderOutputCallback inCallback,
- void *inArg);
-
-/*
- * FUNCTION: CMMF_EncodePOPODecKeyChallContent
- * INPUTS:
- * inDecKeyChall
- * The CMMFDecKeyChallContent to operate on.
- * inCallback
- * A callback function that the ASN1 encoder will call whenever it
- * wants to write out DER-encoded bytes. Look at the defintion of
- * CRMFEncoderOutputCallback in crmft.h for a description of the
- * parameters to the function.
- * inArg
- * An opaque pointer to a user-supplied argument that will be passed
- * to the callback function whenever the function is called.
- * NOTES:
- * The CMMF library will use the same DER-encoding scheme as the CRMF
- * library. In other words, when reading CRMF comments that pertain to
- * encoding, those comments apply to the CMMF libray as well.
- * The callback function will be called multiple times, each time supplying
- * the next chunk of DER-encoded bytes. The user must concatenate the
- * output of each successive call to the callback in order to get the
- * entire DER-encoded CMMFCertRepContent structure.
- * The DER will be an encoding of the type POPODecKeyChallContents, which
- * is just a sequence of challenges.
- *
- * RETURN:
- * SECSuccess if encoding was successful. Any other return value indicates
- * an error in trying to encode the Challenges.
- */
-extern SECStatus
-CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall,
- CRMFEncoderOutputCallback inCallback,
- void *inArg);
-
-/*
- * FUNCTION: CMMF_EncodePOPODecKeyRespContent
- * INPUTS:
- * inDecodedRand
- * An array of integers to encode as the responses to
- * CMMFPOPODecKeyChallContent. The integers must be in the same order
- * as the challenges extracted from CMMFPOPODecKeyChallContent.
- * inNumRand
- * The number of random integers contained in the array 'inDecodedRand'
- * inCallback
- * A callback function that the ASN1 encoder will call whenever it
- * wants to write out DER-encoded bytes. Look at the defintion of
- * CRMFEncoderOutputCallback in crmft.h for a description of the
- * parameters to the function.
- * inArg
- * An opaque pointer to a user-supplied argument that will be passed
- * to the callback funtion whenever the function is called.
- * NOTES:
- * The CMMF library will use the same DER-encoding scheme as the CRMF
- * library. In other words, when reading CRMF comments that pertain to
- * encoding, those comments apply to the CMMF libray as well.
- * The callback function will be called multiple times, each time supplying
- * the next chunk of DER-encoded bytes. The user must concatenate the
- * output of each successive call to the callback in order to get the
- * entire DER-encoded POPODecKeyRespContent.
- *
- * RETURN:
- * SECSuccess if encoding was successful. Any other return value indicates
- * an error in trying to encode the Challenges.
- */
-extern SECStatus
- CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand,
- int inNumRand,
- CRMFEncoderOutputCallback inCallback,
- void *inArg);
-
-/*************** Accessor function ***********************************/
-
-/*
- * FUNCTION: CMMF_CertRepContentGetCAPubs
- * INPUTS:
- * inCertRepContent
- * The CMMFCertRepContent to extract the caPubs from.
- * NOTES:
- * This function will return a copy of the list of certificates that
- * make up the chain of CA's required to make the cert issued valid.
- * The user must call CERT_DestroyCertList on the return value when
- * done using the return value.
- *
- * Only call this function on a CertRepContent that has been decoded.
- * The client must call CERT_DestroyCertList when the certificate list
- * is no longer needed.
- *
- * The certs in the list will not be in the temporary database. In order
- * to make these certificates a part of the permanent CA internal database,
- * the user must collect the der for all of these certs and call
- * CERT_ImportCAChain. Afterwards the certs will be part of the permanent
- * database.
- *
- * RETURN:
- * A pointer to the CERTCertList representing the CA chain associated
- * with the issued cert. A NULL return value indicates that no CA Pubs
- * were available in the CMMFCertRepContent structure.
- */
-extern CERTCertList*
- CMMF_CertRepContentGetCAPubs (CMMFCertRepContent *inCertRepContent);
-
-
-/*
- * FUNCTION: CMMF_CertRepContentGetNumResponses
- * INPUTS:
- * inCertRepContent
- * The CMMFCertRepContent to operate on.
- * NOTES:
- * This function will return the number of CertResponses that are contained
- * by the CMMFCertRepContent passed in.
- *
- * RETURN:
- * The number of CMMFCertResponses contained in the structure passed in.
- */
-extern int
- CMMF_CertRepContentGetNumResponses (CMMFCertRepContent *inCertRepContent);
-
-/*
- * FUNCTION: CMMF_CertRepContentGetResponseAtIndex
- * INPUTS:
- * inCertRepContent
- * The CMMFCertRepContent to operate on.
- * inIndex
- * The index of the CMMFCertResponse the user wants a copy of.
- * NOTES:
- * This funciton creates a copy of the CMMFCertResponse at the index
- * corresponding to the parameter 'inIndex'. Indexing is done like a
- * traditional C array, ie the valid indexes are (0...numResponses-1).
- * The user must call CMMF_DestroyCertResponse after the return value is
- * no longer needed.
- *
- * RETURN:
- * A pointer to the CMMFCertResponse at the index corresponding to
- * 'inIndex'. A return value of NULL indicates an error in copying
- * the CMMFCertResponse.
- */
-extern CMMFCertResponse*
-CMMF_CertRepContentGetResponseAtIndex (CMMFCertRepContent *inCertRepContent,
- int inIndex);
-
-/*
- * FUNCTION: CMMF_CertResponseGetCertReqId
- * INPUTS:
- * inCertResp
- * The CMMFCertResponse to operate on.
- * NOTES:
- * This function returns the CertResponse.certReqId from the
- * CMMFCertResponse structure passed in. If the return value is -1, that
- * means there is no associated certificate request with the CertResponse.
- * RETURN:
- * A long representing the id of the certificate request this
- * CMMFCertResponse corresponds to. A return value of -1 indicates an
- * error in extracting the value of the integer.
- */
-extern long CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp);
-
-/*
- * FUNCTION: CMMF_CertResponseGetPKIStatusInfoStatus
- * INPUTS:
- * inCertResp
- * The CMMFCertResponse to operate on.
- * NOTES:
- * This function returns the CertResponse.status.status field of the
- * CMMFCertResponse structure.
- *
- * RETURN:
- * The enumerated value corresponding to the PKIStatus defined in the CMMF
- * draft. See the CMMF draft for the definition of PKIStatus. See crmft.h
- * for the definition of CMMFPKIStatus.
- */
-extern CMMFPKIStatus
- CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp);
-
-/*
- * FUNCTION: CMMF_CertResponseGetCertificate
- * INPUTS:
- * inCertResp
- * The Certificate Response to operate on.
- * inCertdb
- * This is the certificate database where the function will place the
- * newly issued certificate.
- * NOTES:
- * This function retrieves the CertResponse.certifiedKeyPair.certificate
- * from the CMMFCertResponse. The user will get a copy of that certificate
- * so the user must call CERT_DestroyCertificate when the return value is
- * no longer needed. The certificate returned will be in the temporary
- * certificate database.
- *
- * RETURN:
- * A pointer to a copy of the certificate contained within the
- * CMMFCertResponse. A return value of NULL indicates an error while trying
- * to make a copy of the certificate.
- */
-extern CERTCertificate*
- CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp,
- CERTCertDBHandle *inCertdb);
-
-/*
- * FUNCTION: CMMF_KeyRecRepContentGetPKIStatusInfoStatus
- * INPUTS:
- * inKeyRecRep
- * The CMMFKeyRecRepContent structure to operate on.
- * NOTES:
- * This function retrieves the KeyRecRepContent.status.status field of
- * the CMMFKeyRecRepContent structure.
- * RETURN:
- * The CMMFPKIStatus corresponding to the value held in the
- * CMMFKeyRecRepContent structure.
- */
-extern CMMFPKIStatus
-CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep);
-
-/*
- * FUNCTION: CMMF_KeyRecRepContentGetNewSignCert
- * INPUTS:
- * inKeyRecRep
- * The CMMFKeyRecRepContent to operate on.
- * NOTES:
- * This function retrieves the KeyRecRepContent.newSignCert field of the
- * CMMFKeyRecRepContent structure. The user must call
- * CERT_DestroyCertificate when the return value is no longer needed. The
- * returned certificate will be in the temporary database. The user
- * must then place the certificate permanently in whatever token the
- * user determines is the proper destination. A return value of NULL
- * indicates the newSigCert field was not present.
- */
-extern CERTCertificate*
- CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep);
-
-/*
- * FUNCTION: CMMF_KeyRecRepContentGetCACerts
- * INPUTS:
- * inKeyRecRep
- * The CMMFKeyRecRepContent to operate on.
- * NOTES:
- * This function returns a CERTCertList which contains all of the
- * certficates that are in the sequence KeyRecRepContent.caCerts
- * User must call CERT_DestroyCertList when the return value is no longer
- * needed. All of these certificates will be placed in the tempoaray
- * database.
- *
- * RETURN:
- * A pointer to the list of caCerts contained in the CMMFKeyRecRepContent
- * structure. A return value of NULL indicates the library was not able to
- * make a copy of the certifcates. This may be because there are no caCerts
- * included in the CMMFKeyRecRepContent strucure or an internal error. Call
- * CMMF_KeyRecRepContentHasCACerts to find out if there are any caCerts
- * included in 'inKeyRecRep'.
- */
-extern CERTCertList*
- CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep);
-
-/*
- * FUNCTION: CMMF_KeyRecRepContentGetNumKeyPairs
- * INPUTS:
- * inKeyRecRep
- * The CMMFKeyRecRepContent to operate on.
- * RETURN:
- * This function returns the number of CMMFCertifiedKeyPair structures that
- * that are stored in the KeyRecRepContent structure.
- */
-extern int
- CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep);
-
-/*
- * FUNCTION: CMMF_KeyRecRepContentGetCertKeyAtIndex
- * INPUTS:
- * inKeyRecRepContent
- * The CMMFKeyRecRepContent to operate on.
- * inIndex
- * The index of the desired CMMFCertifiedKeyPair
- * NOTES:
- * This function retrieves the CMMFCertifiedKeyPair structure at the index
- * 'inIndex'. Valid indexes are 0...(numKeyPairs-1) The user must call
- * CMMF_DestroyCertifiedKeyPair when the return value is no longer needed.
- *
- * RETURN:
- * A pointer to the Certified Key Pair at the desired index. A return value
- * of NULL indicates an error in extracting the Certified Key Pair at the
- * desired index.
- */
-extern CMMFCertifiedKeyPair*
- CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep,
- int inIndex);
-
-/*
- * FUNCTION: CMMF_CertifiedKeyPairGetCertificate
- * INPUTS:
- * inCertKeyPair
- * The CMMFCertifiedKeyPair to operate on.
- * inCertdb
- * The database handle for the database you want this certificate
- * to wind up in.
- * NOTES:
- * This function retrieves the certificate at
- * CertifiedKeyPair.certOrEncCert.certificate
- * The user must call CERT_DestroyCertificate when the return value is no
- * longer needed. The user must import this certificate as a token object
- * onto PKCS#11 slot in order to make it a permanent object. The returned
- * certificate will be in the temporary database.
- *
- * RETURN:
- * A pointer to the certificate contained within the certified key pair.
- * A return value of NULL indicates an error in creating the copy of the
- * certificate.
- */
-extern CERTCertificate*
- CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair,
- CERTCertDBHandle *inCertdb);
-
-/*
- * FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges
- * INPUTS:
- * inKeyChallCont
- * The CMMFPOPODecKeyChallContent to operate on.
- * RETURN:
- * This function returns the number of CMMFChallenges are contained in
- * the CMMFPOPODecKeyChallContent structure.
- */
-extern int CMMF_POPODecKeyChallContentGetNumChallenges
- (CMMFPOPODecKeyChallContent *inKeyChallCont);
-
-/*
- * FUNCTION: CMMF_POPODecKeyChallContentGetPublicValue
- * ---------------------------------------------------
- * INPUTS:
- * inKeyChallCont
- * The CMMFPOPODecKeyChallContent to operate on.
- * inIndex
- * The index of the Challenge within inKeyChallCont to operate on.
- * Indexes start from 0, ie the Nth Challenge corresponds to index
- * N-1.
- * NOTES:
- * This function retrieves the public value stored away in the Challenge at
- * index inIndex of inKeyChallCont.
- * RETURN:
- * A pointer to a SECItem containing the public value. User must call
- * SECITEM_FreeItem on the return value when the value is no longer necessary.
- * A return value of NULL indicates an error while retrieving the public value.
- */
-extern SECItem* CMMF_POPODecKeyChallContentGetPublicValue
- (CMMFPOPODecKeyChallContent *inKeyChallCont,
- int inIndex);
-
-
-/*
- * FUNCTION: CMMF_POPODecKeyChallContentGetRandomNumber
- * INPUTS:
- * inChallContent
- * The CMMFPOPODecKeyChallContent to operate on.
- * inIndex
- * The index of the challenge to look at. Valid indexes are 0 through
- * (CMMF_POPODecKeyChallContentGetNumChallenges(inChallContent) - 1).
- * inDest
- * A pointer to a user supplied buffer where the library
- * can place a copy of the random integer contatained in the
- * challenge.
- * NOTES:
- * This function returns the value held in the decrypted Rand structure
- * corresponding to the random integer. The user must call
- * CMMF_POPODecKeyChallContentDecryptChallenge before calling this function. Call
- * CMMF_ChallengeIsDecrypted to find out if the challenge has been
- * decrypted.
- *
- * RETURN:
- * SECSuccess indicates the witness field has been previously decrypted
- * and the value for the random integer was successfully placed at *inDest.
- * Any other return value indicates an error and that the value at *inDest
- * is not a valid value.
- */
-extern SECStatus CMMF_POPODecKeyChallContentGetRandomNumber
- (CMMFPOPODecKeyChallContent *inKeyChallCont,
- int inIndex,
- long *inDest);
-
-/*
- * FUNCTION: CMMF_POPODecKeyRespContentGetNumResponses
- * INPUTS:
- * inRespCont
- * The POPODecKeyRespContent to operate on.
- * RETURN:
- * This function returns the number of responses contained in inRespContent.
- */
-extern int
- CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont);
-
-/*
- * FUNCTION: CMMF_POPODecKeyRespContentGetResponse
- * INPUTS:
- * inRespCont
- * The POPODecKeyRespContent to operate on.
- * inIndex
- * The index of the response to retrieve.
- * The Nth response is at index N-1, ie the 1st response is at index 0,
- * the 2nd response is at index 1, and so on.
- * inDest
- * A pointer to a pre-allocated buffer where the library can put the
- * value of the response located at inIndex.
- * NOTES:
- * The function returns the response contained at index inIndex.
- * CMMFPOPODecKeyRespContent is a structure that the server will generally
- * get in response to a CMMFPOPODecKeyChallContent. The server will expect
- * to see the responses in the same order as it constructed them in
- * the CMMFPOPODecKeyChallContent structure.
- * RETURN:
- * SECSuccess if getting the response at the desired index was successful. Any
- * other return value indicates an errror.
- */
-extern SECStatus
- CMMF_POPODecKeyRespContentGetResponse (CMMFPOPODecKeyRespContent *inRespCont,
- int inIndex,
- long *inDest);
-
-/************************* Destructor Functions ******************************/
-
-/*
- * FUNCTION: CMMF_DestroyCertResponse
- * INPUTS:
- * inCertResp
- * The CMMFCertResponse to destroy.
- * NOTES:
- * This function frees all the memory associated with the CMMFCertResponse
- * passed in.
- * RETURN:
- * SECSuccess if freeing the memory was successful. Any other return value
- * indicates an error while freeing the memory.
- */
-extern SECStatus CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp);
-
-/*
- * FUNCTION: CMMF_DestroyCertRepContent
- * INPUTS:
- * inCertRepContent
- * The CMMFCertRepContent to destroy
- * NOTES:
- * This function frees the memory associated with the CMMFCertRepContent
- * passed in.
- * RETURN:
- * SECSuccess if freeing all the memory associated with the
- * CMMFCertRepContent passed in is successful. Any other return value
- * indicates an error while freeing the memory.
- */
-extern SECStatus
- CMMF_DestroyCertRepContent (CMMFCertRepContent *inCertRepContent);
-
-/*
- * FUNCTION: CMMF_DestroyKeyRecRepContent
- * INPUTS:
- * inKeyRecRep
- * The CMMFKeyRecRepContent to destroy.
- * NOTES:
- * This function destroys all the memory associated with the
- * CMMFKeyRecRepContent passed in.
- *
- * RETURN:
- * SECSuccess if freeing all the memory is successful. Any other return
- * value indicates an error in freeing the memory.
- */
-extern SECStatus
- CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep);
-
-/*
- * FUNCTION: CMMF_DestroyCertifiedKeyPair
- * INPUTS:
- * inCertKeyPair
- * The CMMFCertifiedKeyPair to operate on.
- * NOTES:
- * This function frees up all the memory associated with 'inCertKeyPair'
- *
- * RETURN:
- * SECSuccess if freeing all the memory associated with 'inCertKeyPair'
- * is successful. Any other return value indicates an error while trying
- * to free the memory.
- */
-extern SECStatus
- CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair);
-
-/*
- * FUNCTION: CMMF_DestroyPOPODecKeyRespContent
- * INPUTS:
- * inDecKeyResp
- * The CMMFPOPODecKeyRespContent structure to free.
- * NOTES:
- * This function frees up all the memory associate with the
- * CMMFPOPODecKeyRespContent.
- *
- * RETURN:
- * SECSuccess if freeing up all the memory associated with the
- * CMMFPOPODecKeyRespContent structure is successful. Any other
- * return value indicates an error while freeing the memory.
- */
-extern SECStatus
- CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp);
-
-
-/************************** Miscellaneous Functions *************************/
-
-/*
- * FUNCTION: CMMF_CertifiedKeyPairUnwrapPrivKey
- * INPUTS:
- * inCertKeyPair
- * The CMMFCertifiedKeyPair to operate on.
- * inPrivKey
- * The private key to use to un-wrap the private key
- * inNickName
- * This is the nickname that will be associated with the private key
- * to be unwrapped.
- * inSlot
- * The PKCS11 slot where the unwrapped private key should end up.
- * inCertdb
- * The Certificate database with which the new key will be associated.
- * destPrivKey
- * A pointer to memory where the library can place a pointer to the
- * private key after importing the key onto the specified slot.
- * wincx
- * An opaque pointer that the library will use in a callback function
- * to get the password if necessary.
- *
- * NOTES:
- * This function uses the private key passed in to unwrap the private key
- * contained within the CMMFCertifiedKeyPair structure. After this
- * function successfully returns, the private key has been unwrapped and
- * placed in the specified slot.
- *
- * RETURN:
- * SECSuccess if unwrapping the private key was successful. Any other
- * return value indicates an error while trying to un-wrap the private key.
- */
-extern SECStatus
- CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair,
- SECKEYPrivateKey *inPrivKey,
- SECItem *inNickName,
- PK11SlotInfo *inSlot,
- CERTCertDBHandle *inCertdb,
- SECKEYPrivateKey **destPrivKey,
- void *wincx);
-
-/*
- * FUNCTION: CMMF_KeyRecRepContentHasCACerts
- * INPUTS:
- * inKeyRecRecp
- * The CMMFKeyRecRepContent to operate on.
- * RETURN:
- * This function returns PR_TRUE if there are one or more certificates in
- * the sequence KeyRecRepContent.caCerts within the CMMFKeyRecRepContent
- * structure. The function will return PR_FALSE if there are 0 certificate
- * in the above mentioned sequence.
- */
-extern PRBool
- CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep);
-
-/*
- * FUNCTION: CMMF_POPODecKeyChallContDecryptChallenge
- * INPUTS:
- * inChalCont
- * The CMMFPOPODecKeyChallContent to operate on.
- * inIndex
- * The index of the Challenge to operate on. The 1st Challenge is
- * at index 0, the second at index 1 and so forth.
- * inPrivKey
- * The private key to use to decrypt the witness field.
- * NOTES:
- * This function uses the private key to decrypt the challenge field
- * contained in the appropriate challenge. Make sure the private key matches
- * the public key that was used to encrypt the witness. Use
- * CMMF_POPODecKeyChallContentGetPublicValue to get the public value of
- * the key used to encrypt the witness and then use that to determine the
- * appropriate private key. This can be done by calling PK11_MakeIDFromPubKey
- * and then passing that return value to PK11_FindKeyByKeyID. The creator of
- * the challenge will most likely be an RA that has the public key
- * from a Cert request. So the private key should be the private key
- * associated with public key in that request. This function will also
- * verify the witness field of the challenge. This function also verifies
- * that the sender and witness hashes match within the challenge.
- *
- * RETURN:
- * SECSuccess if decrypting the witness field was successful. This does
- * not indicate that the decrypted data is valid, since the private key
- * passed in may not be the actual key needed to properly decrypt the
- * witness field. Meaning that there is a decrypted structure now, but
- * may be garbage because the private key was incorrect.
- * Any other return value indicates the function could not complete the
- * decryption process.
- */
-extern SECStatus
- CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
- int inIndex,
- SECKEYPrivateKey *inPrivKey);
-
-/*
- * FUNCTION: CMMF_DestroyPOPODecKeyChallContent
- * INPUTS:
- * inDecKeyCont
- * The CMMFPOPODecKeyChallContent to free
- * NOTES:
- * This function frees up all the memory associated with the
- * CMMFPOPODecKeyChallContent
- * RETURN:
- * SECSuccess if freeing up all the memory associatd with the
- * CMMFPOPODecKeyChallContent is successful. Any other return value
- * indicates an error while freeing the memory.
- *
- */
-extern SECStatus
- CMMF_DestroyPOPODecKeyChallContent (CMMFPOPODecKeyChallContent *inDecKeyCont);
-
-SEC_END_PROTOS
-#endif /* _CMMF_H_ */
diff --git a/security/nss/lib/crmf/cmmfasn1.c b/security/nss/lib/crmf/cmmfasn1.c
deleted file mode 100644
index 6f0363571..000000000
--- a/security/nss/lib/crmf/cmmfasn1.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "cmmf.h"
-#include "cmmfi.h"
-#include "secasn1.h"
-#include "secitem.h"
-
-static const SEC_ASN1Template CMMFSequenceOfCertifiedKeyPairsTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, CMMFCertifiedKeyPairTemplate}
-};
-
-static const SEC_ASN1Template CMMFKeyRecRepContentTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFKeyRecRepContent)},
- { SEC_ASN1_INLINE, offsetof(CMMFKeyRecRepContent, status),
- CMMFPKIStatusInfoTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0,
- offsetof(CMMFKeyRecRepContent, newSigCert),
- SEC_SignedCertificateTemplate},
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CMMFKeyRecRepContent, caCerts),
- CMMFSequenceOfCertsTemplate},
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 2,
- offsetof(CMMFKeyRecRepContent, keyPairHist),
- CMMFSequenceOfCertifiedKeyPairsTemplate},
- { 0 }
-};
-
-SECStatus
-CMMF_EncodeCertRepContent (CMMFCertRepContent *inCertRepContent,
- CRMFEncoderOutputCallback inCallback,
- void *inArg)
-{
- return cmmf_user_encode(inCertRepContent, inCallback, inArg,
- CMMFCertRepContentTemplate);
-}
-
-SECStatus
-CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall,
- CRMFEncoderOutputCallback inCallback,
- void *inArg)
-{
- return cmmf_user_encode(inDecKeyChall, inCallback, inArg,
- CMMFPOPODecKeyChallContentTemplate);
-}
-
-CMMFPOPODecKeyRespContent*
-CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len)
-{
- PRArenaPool *poolp;
- CMMFPOPODecKeyRespContent *decKeyResp;
- SECStatus rv;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- return NULL;
- }
- decKeyResp = PORT_ArenaZNew(poolp, CMMFPOPODecKeyRespContent);
- if (decKeyResp == NULL) {
- goto loser;
- }
- decKeyResp->poolp = poolp;
- rv = SEC_ASN1Decode(poolp, decKeyResp, CMMFPOPODecKeyRespContentTemplate,
- buf, len);
- if (rv != SECSuccess) {
- goto loser;
- }
- return decKeyResp;
-
- loser:
- if (poolp != NULL) {
- PORT_FreeArena(poolp, PR_FALSE);
- }
- return NULL;
-}
-
-SECStatus
-CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep,
- CRMFEncoderOutputCallback inCallback,
- void *inArg)
-{
- return cmmf_user_encode(inKeyRecRep, inCallback, inArg,
- CMMFKeyRecRepContentTemplate);
-}
-
-CMMFKeyRecRepContent*
-CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf,
- long len)
-{
- PRArenaPool *poolp;
- CMMFKeyRecRepContent *keyRecContent;
- SECStatus rv;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- return NULL;
- }
- keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent);
- if (keyRecContent == NULL) {
- goto loser;
- }
- keyRecContent->poolp = poolp;
- rv = SEC_ASN1Decode(poolp, keyRecContent, CMMFKeyRecRepContentTemplate,
- buf, len);
- if (rv != SECSuccess) {
- goto loser;
- }
- if (keyRecContent->keyPairHist != NULL) {
- while(keyRecContent->keyPairHist[keyRecContent->numKeyPairs] != NULL) {
- rv = cmmf_decode_process_certified_key_pair(poolp, db,
- keyRecContent->keyPairHist[keyRecContent->numKeyPairs]);
- if (rv != SECSuccess) {
- goto loser;
- }
- keyRecContent->numKeyPairs++;
- }
- keyRecContent->allocKeyPairs = keyRecContent->numKeyPairs;
- }
- keyRecContent->isDecoded = PR_TRUE;
- return keyRecContent;
- loser:
- if (poolp != NULL) {
- PORT_FreeArena(poolp, PR_FALSE);
- }
- return NULL;
-}
-
diff --git a/security/nss/lib/crmf/cmmfchal.c b/security/nss/lib/crmf/cmmfchal.c
deleted file mode 100644
index 2e0beadd4..000000000
--- a/security/nss/lib/crmf/cmmfchal.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "cmmf.h"
-#include "cmmfi.h"
-#include "sechash.h"
-#include "genname.h"
-#include "pk11func.h"
-#include "cert.h"
-#include "secitem.h"
-#include "secmod.h"
-#include "secmodi.h"
-#include "keyhi.h"
-
-static SECStatus
-cmmf_create_witness_and_challenge(PRArenaPool *poolp,
- CMMFChallenge *challenge,
- long inRandom,
- SECItem *senderDER,
- SECKEYPublicKey *inPubKey,
- void *passwdArg)
-{
- SECItem *encodedRandNum;
- SECItem encodedRandStr = {siBuffer, NULL, 0};
- SECItem encryptBlock = {siBuffer, NULL, 0};
- SECItem *dummy;
- unsigned char *randHash, *senderHash, *encChal=NULL;
- unsigned modulusLen = 0;
- SECStatus rv = SECFailure;
- CMMFRand randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}};
- PK11SlotInfo *slot;
- PK11SymKey *symKey = NULL;
- CK_OBJECT_HANDLE id;
- CERTSubjectPublicKeyInfo *spki = NULL;
-
-
- encodedRandNum = SEC_ASN1EncodeInteger(poolp, &challenge->randomNumber,
- inRandom);
- encodedRandNum = &challenge->randomNumber;
- randHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
- senderHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
- if (randHash == NULL) {
- goto loser;
- }
- rv = PK11_HashBuf(SEC_OID_SHA1, randHash, encodedRandNum->data,
- (uint32)encodedRandNum->len);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = PK11_HashBuf(SEC_OID_SHA1, senderHash, senderDER->data,
- (uint32)senderDER->len);
- if (rv != SECSuccess) {
- goto loser;
- }
- challenge->witness.data = randHash;
- challenge->witness.len = SHA1_LENGTH;
-
- randStr.integer = *encodedRandNum;
- randStr.senderHash.data = senderHash;
- randStr.senderHash.len = SHA1_LENGTH;
- dummy = SEC_ASN1EncodeItem(NULL, &encodedRandStr, &randStr,
- CMMFRandTemplate);
- if (dummy != &encodedRandStr) {
- rv = SECFailure;
- goto loser;
- }
- /* XXXX Now I have to encrypt encodedRandStr and stash it away. */
- modulusLen = SECKEY_PublicKeyStrength(inPubKey);
- encChal = PORT_ArenaNewArray(poolp, unsigned char, modulusLen);
- if (encChal == NULL) {
- rv = SECFailure;
- goto loser;
- }
- slot =PK11_GetBestSlot(CKM_RSA_PKCS, passwdArg);
- if (slot == NULL) {
- rv = SECFailure;
- goto loser;
- }
- id = PK11_ImportPublicKey(slot, inPubKey, PR_FALSE);
- /* In order to properly encrypt the data, we import as a symmetric
- * key, and then wrap that key. That in essence encrypts the data.
- * This is the method recommended in the PK11 world in order
- * to prevent threading issues as well as breaking any other semantics
- * the PK11 libraries depend on.
- */
- symKey = PK11_ImportSymKey(slot, CKM_RSA_PKCS, PK11_OriginGenerated,
- CKA_VALUE, &encodedRandStr, passwdArg);
- if (symKey == NULL) {
- rv = SECFailure;
- goto loser;
- }
- challenge->challenge.data = encChal;
- challenge->challenge.len = modulusLen;
- rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, inPubKey, symKey,
- &challenge->challenge);
- PK11_FreeSlot(slot);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SECITEM_CopyItem(poolp, &challenge->senderDER, senderDER);
- crmf_get_public_value(inPubKey, &challenge->key);
- /* Fall through */
- loser:
- if (spki != NULL) {
- SECKEY_DestroySubjectPublicKeyInfo(spki);
- }
- if (encodedRandStr.data != NULL) {
- PORT_Free(encodedRandStr.data);
- }
- if (encodedRandNum != NULL) {
- SECITEM_FreeItem(encodedRandNum, PR_TRUE);
- }
- if (symKey != NULL) {
- PK11_FreeSymKey(symKey);
- }
- return rv;
-}
-
-static SECStatus
-cmmf_create_first_challenge(CMMFPOPODecKeyChallContent *challContent,
- long inRandom,
- SECItem *senderDER,
- SECKEYPublicKey *inPubKey,
- void *passwdArg)
-{
- SECOidData *oidData;
- CMMFChallenge *challenge;
- SECAlgorithmID *algId;
- PRArenaPool *poolp;
- SECStatus rv;
-
- oidData = SECOID_FindOIDByTag(SEC_OID_SHA1);
- if (oidData == NULL) {
- return SECFailure;
- }
- poolp = challContent->poolp;
- challenge = PORT_ArenaZNew(poolp, CMMFChallenge);
- if (challenge == NULL) {
- return SECFailure;
- }
- algId = challenge->owf = PORT_ArenaZNew(poolp, SECAlgorithmID);
- if (algId == NULL) {
- return SECFailure;
- }
- rv = SECITEM_CopyItem(poolp, &algId->algorithm, &oidData->oid);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- rv = cmmf_create_witness_and_challenge(poolp, challenge, inRandom,
- senderDER, inPubKey, passwdArg);
- challContent->challenges[0] = (rv == SECSuccess) ? challenge : NULL;
- challContent->numChallenges++;
- return rv ;
-}
-
-CMMFPOPODecKeyChallContent*
-CMMF_CreatePOPODecKeyChallContent (void)
-{
- PRArenaPool *poolp;
- CMMFPOPODecKeyChallContent *challContent;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- return NULL;
- }
- challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent);
- if (challContent == NULL) {
- PORT_FreeArena(poolp, PR_FALSE);
- return NULL;
- }
- challContent->poolp = poolp;
- return challContent;
-}
-
-SECStatus
-CMMF_POPODecKeyChallContentSetNextChallenge
- (CMMFPOPODecKeyChallContent *inDecKeyChall,
- long inRandom,
- CERTGeneralName *inSender,
- SECKEYPublicKey *inPubKey,
- void *passwdArg)
-{
- CMMFChallenge *curChallenge;
- PRArenaPool *genNamePool = NULL, *poolp;
- SECStatus rv;
- SECItem *genNameDER;
- void *mark;
- SECItem senderDER = {siBuffer, NULL, 0};
-
- PORT_Assert (inDecKeyChall != NULL &&
- inSender != NULL &&
- inPubKey != NULL);
-
- if (inDecKeyChall == NULL ||
- inSender == NULL || inPubKey == NULL) {
- return SECFailure;
- }
- poolp = inDecKeyChall->poolp;
- mark = PORT_ArenaMark(poolp);
-
- genNamePool = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- genNameDER = cert_EncodeGeneralName(inSender, NULL, genNamePool);
- if (genNameDER == NULL) {
- rv = SECFailure;
- goto loser;
- }
- if (inDecKeyChall->challenges == NULL) {
- inDecKeyChall->challenges =
- PORT_ArenaZNewArray(poolp, CMMFChallenge*,(CMMF_MAX_CHALLENGES+1));
- inDecKeyChall->numAllocated = CMMF_MAX_CHALLENGES;
- }
-
- if (inDecKeyChall->numChallenges >= inDecKeyChall->numAllocated) {
- rv = SECFailure;
- goto loser;
- }
-
- if (inDecKeyChall->numChallenges == 0) {
- rv = cmmf_create_first_challenge(inDecKeyChall, inRandom,
- genNameDER, inPubKey, passwdArg);
- } else {
- curChallenge = PORT_ArenaZNew(poolp, CMMFChallenge);
- if (curChallenge == NULL) {
- rv = SECFailure;
- goto loser;
- }
- rv = cmmf_create_witness_and_challenge(poolp, curChallenge, inRandom,
- genNameDER, inPubKey,
- passwdArg);
- if (rv == SECSuccess) {
- inDecKeyChall->challenges[inDecKeyChall->numChallenges] =
- curChallenge;
- inDecKeyChall->numChallenges++;
- }
- }
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- PORT_FreeArena(genNamePool, PR_FALSE);
- return SECSuccess;
-
- loser:
- PORT_ArenaRelease(poolp, mark);
- if (genNamePool != NULL) {
- PORT_FreeArena(genNamePool, PR_FALSE);
- }
- PORT_Assert(rv != SECSuccess);
- return rv;
-}
-
-SECStatus
-CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp)
-{
- PORT_Assert(inDecKeyResp != NULL);
- if (inDecKeyResp != NULL && inDecKeyResp->poolp != NULL) {
- PORT_FreeArena(inDecKeyResp->poolp, PR_FALSE);
- }
- return SECSuccess;
-}
-
-int
-CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont)
-{
- int numResponses = 0;
-
- PORT_Assert(inRespCont != NULL);
- if (inRespCont == NULL) {
- return 0;
- }
-
- while (inRespCont->responses[numResponses] != NULL) {
- numResponses ++;
- }
- return numResponses;
-}
-
-SECStatus
-CMMF_POPODecKeyRespContentGetResponse (CMMFPOPODecKeyRespContent *inRespCont,
- int inIndex,
- long *inDest)
-{
- PORT_Assert(inRespCont != NULL);
-
- if (inRespCont == NULL || inIndex < 0 ||
- inIndex >= CMMF_POPODecKeyRespContentGetNumResponses(inRespCont)) {
- return SECFailure;
- }
- *inDest = DER_GetInteger(inRespCont->responses[inIndex]);
- return (*inDest == -1) ? SECFailure : SECSuccess;
-}
diff --git a/security/nss/lib/crmf/cmmfi.h b/security/nss/lib/crmf/cmmfi.h
deleted file mode 100644
index 0a476badd..000000000
--- a/security/nss/lib/crmf/cmmfi.h
+++ /dev/null
@@ -1,127 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * These are the definitions needed by the library internally to implement
- * CMMF. Most of these will be helper utilities for manipulating internal
- * data strucures.
- */
-#ifndef _CMMFI_H_
-#define _CMMFI_H_
-#include "cmmfit.h"
-#include "crmfi.h"
-
-#define CMMF_MAX_CHALLENGES 10
-#define CMMF_MAX_KEY_PAIRS 50
-
-/*
- * Some templates that the code will need to implement CMMF.
- */
-extern const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[];
-extern const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[];
-extern const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[];
-extern const SEC_ASN1Template CMMFRandTemplate[];
-extern const SEC_ASN1Template CMMFSequenceOfCertsTemplate[];
-extern const SEC_ASN1Template CMMFPKIStatusInfoTemplate[];
-extern const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[];
-
-
-/*
- * Some utility functions that are shared by multiple files in this
- * implementation.
- */
-
-extern SECStatus cmmf_CopyCertResponse (PRArenaPool *poolp,
- CMMFCertResponse *dest,
- CMMFCertResponse *src);
-
-extern SECStatus cmmf_CopyPKIStatusInfo (PRArenaPool *poolp,
- CMMFPKIStatusInfo *dest,
- CMMFPKIStatusInfo *src);
-
-extern SECStatus cmmf_CopyCertifiedKeyPair(PRArenaPool *poolp,
- CMMFCertifiedKeyPair *dest,
- CMMFCertifiedKeyPair *src);
-
-extern SECStatus cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info,
- PRBool freeit);
-
-extern SECStatus cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert,
- PRBool freeit);
-
-extern SECStatus cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo,
- PRArenaPool *poolp,
- CMMFPKIStatus inStatus);
-
-extern SECStatus cmmf_ExtractCertsFromList(CERTCertList *inCertList,
- PRArenaPool *poolp,
- CERTCertificate ***certArray);
-
-extern SECStatus
- cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
- PRArenaPool *poolp,
- CERTCertificate *inCert);
-
-extern CMMFPKIStatus
- cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus);
-
-extern CERTCertList*
- cmmf_MakeCertList(CERTCertificate **inCerts);
-
-extern CERTCertificate*
-cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert,
- CERTCertDBHandle *certdb);
-
-extern SECStatus
-cmmf_decode_process_cert_response(PRArenaPool *poolp,
- CERTCertDBHandle *db,
- CMMFCertResponse *inCertResp);
-
-extern SECStatus
-cmmf_decode_process_certified_key_pair(PRArenaPool *poolp,
- CERTCertDBHandle *db,
- CMMFCertifiedKeyPair *inCertKeyPair);
-
-extern SECStatus
-cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg,
- const SEC_ASN1Template *inTemplate);
-
-extern SECStatus
-cmmf_copy_secitem (PRArenaPool *poolp, SECItem *dest, SECItem *src);
-#endif /*_CMMFI_H_*/
-
-
-
-
-
diff --git a/security/nss/lib/crmf/cmmfit.h b/security/nss/lib/crmf/cmmfit.h
deleted file mode 100644
index e6ef02f96..000000000
--- a/security/nss/lib/crmf/cmmfit.h
+++ /dev/null
@@ -1,145 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _CMMFIT_H_
-#define _CMMFIT_H_
-
-/*
- * All fields marked by a PKIStausInfo in comments is an integer
- * with the following possible values.
- *
- * Integer Value Meaning
- * ------------- -------
- * 0 granted- got exactly what you asked for.
- *
- * 1 grantedWithMods-got something like what you asked
- * for;requester is responsible for ascertainging the
- * differences.
- *
- * 2 rejection-you don't get what you asked for; more
- * information elsewhere in the message
- *
- * 3 waiting-the request body part has not yet been
- * processed, expect to hear more later.
- *
- * 4 revocationWarning-this message contains a warning
- * that a revocation is imminent.
- *
- * 5 revocationNotification-notification that a
- * revocation has occurred.
- *
- * 6 keyUpdateWarning-update already done for the
- * oldCertId specified in FullCertTemplate.
- */
-
-struct CMMFPKIStatusInfoStr {
- SECItem status;
- SECItem statusString;
- SECItem failInfo;
-};
-
-struct CMMFCertOrEncCertStr {
- union {
- CERTCertificate *certificate;
- CRMFEncryptedValue *encryptedCert;
- } cert;
- CMMFCertOrEncCertChoice choice;
- SECItem derValue;
-};
-
-struct CMMFCertifiedKeyPairStr {
- CMMFCertOrEncCert certOrEncCert;
- CRMFEncryptedValue *privateKey;
- SECItem derPublicationInfo; /* We aren't creating
- * PKIPublicationInfo's, so
- * we'll store away the der
- * here if we decode one that
- * does have pubInfo.
- */
- SECItem unwrappedPrivKey;
-};
-
-struct CMMFCertResponseStr {
- SECItem certReqId;
- CMMFPKIStatusInfo status; /*PKIStatusInfo*/
- CMMFCertifiedKeyPair *certifiedKeyPair;
-};
-
-struct CMMFCertRepContentStr {
- CERTCertificate **caPubs;
- CMMFCertResponse **response;
- PRArenaPool *poolp;
- PRBool isDecoded;
-};
-
-struct CMMFChallengeStr {
- SECAlgorithmID *owf;
- SECItem witness;
- SECItem senderDER;
- SECItem key;
- SECItem challenge;
- SECItem randomNumber;
-};
-
-struct CMMFRandStr {
- SECItem integer;
- SECItem senderHash;
- CERTGeneralName *sender;
-};
-
-struct CMMFPOPODecKeyChallContentStr {
- CMMFChallenge **challenges;
- PRArenaPool *poolp;
- int numChallenges;
- int numAllocated;
-};
-
-struct CMMFPOPODecKeyRespContentStr {
- SECItem **responses;
- PRArenaPool *poolp;
-};
-
-struct CMMFKeyRecRepContentStr {
- CMMFPKIStatusInfo status; /* PKIStatusInfo */
- CERTCertificate *newSigCert;
- CERTCertificate **caCerts;
- CMMFCertifiedKeyPair **keyPairHist;
- PRArenaPool *poolp;
- int numKeyPairs;
- int allocKeyPairs;
- PRBool isDecoded;
-};
-
-#endif /* _CMMFIT_H_ */
-
diff --git a/security/nss/lib/crmf/cmmfrec.c b/security/nss/lib/crmf/cmmfrec.c
deleted file mode 100644
index ce0126b91..000000000
--- a/security/nss/lib/crmf/cmmfrec.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * This file will implement the functions related to key recovery in
- * CMMF
- */
-
-#include "cmmf.h"
-#include "cmmfi.h"
-#include "secitem.h"
-#include "keyhi.h"
-
-CMMFKeyRecRepContent*
-CMMF_CreateKeyRecRepContent(void)
-{
- PRArenaPool *poolp;
- CMMFKeyRecRepContent *keyRecContent;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- return NULL;
- }
- keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent);
- if (keyRecContent == NULL) {
- PORT_FreeArena(poolp, PR_FALSE);
- return NULL;
- }
- keyRecContent->poolp = poolp;
- return keyRecContent;
-}
-
-SECStatus
-CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep)
-{
- PORT_Assert(inKeyRecRep != NULL);
- if (inKeyRecRep != NULL && inKeyRecRep->poolp != NULL) {
- if (!inKeyRecRep->isDecoded) {
- int i;
-
- CERT_DestroyCertificate(inKeyRecRep->newSigCert);
- if (inKeyRecRep->caCerts != NULL) {
- for (i=0; inKeyRecRep->caCerts[i] != NULL; i++) {
- CERT_DestroyCertificate(inKeyRecRep->caCerts[i]);
- }
- }
- if (inKeyRecRep->keyPairHist != NULL) {
- for (i=0; inKeyRecRep->keyPairHist[i] != NULL; i++) {
- if (inKeyRecRep->keyPairHist[i]->certOrEncCert.choice ==
- cmmfCertificate) {
- CERT_DestroyCertificate(inKeyRecRep->keyPairHist[i]->
- certOrEncCert.cert.certificate);
- }
- }
- }
- }
- PORT_FreeArena(inKeyRecRep->poolp, PR_TRUE);
- }
- return SECSuccess;
-}
-
-SECStatus
-CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep,
- CMMFPKIStatus inPKIStatus)
-{
- PORT_Assert(inKeyRecRep != NULL && inPKIStatus >= cmmfGranted &&
- inPKIStatus < cmmfNumPKIStatus);
- if (inKeyRecRep == NULL) {
- return SECFailure;
- }
-
- return cmmf_PKIStatusInfoSetStatus(&inKeyRecRep->status,
- inKeyRecRep->poolp,
- inPKIStatus);
-}
-
-SECStatus
-CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertificate *inNewSignCert)
-{
- PORT_Assert (inKeyRecRep != NULL && inNewSignCert != NULL);
- if (inKeyRecRep == NULL || inNewSignCert == NULL) {
- return SECFailure;
- }
- inKeyRecRep->newSigCert = CERT_DupCertificate(inNewSignCert);
- return (inKeyRecRep->newSigCert == NULL) ? SECFailure : SECSuccess;
-}
-
-SECStatus
-CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertList *inCACerts)
-{
- SECStatus rv;
- void *mark;
-
- PORT_Assert (inKeyRecRep != NULL && inCACerts != NULL);
- if (inKeyRecRep == NULL || inCACerts == NULL) {
- return SECFailure;
- }
- mark = PORT_ArenaMark(inKeyRecRep->poolp);
- rv = cmmf_ExtractCertsFromList(inCACerts, inKeyRecRep->poolp,
- &inKeyRecRep->caCerts);
- if (rv != SECSuccess) {
- PORT_ArenaRelease(inKeyRecRep->poolp, mark);
- } else {
- PORT_ArenaUnmark(inKeyRecRep->poolp, mark);
- }
- return rv;
-}
-
-SECStatus
-CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertificate *inCert,
- SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey)
-{
- CMMFCertifiedKeyPair *keyPair;
- CRMFEncryptedValue *dummy;
- PRArenaPool *poolp;
- void *mark;
- SECStatus rv;
-
- PORT_Assert (inKeyRecRep != NULL &&
- inCert != NULL &&
- inPrivKey != NULL &&
- inPubKey != NULL);
- if (inKeyRecRep == NULL ||
- inCert == NULL ||
- inPrivKey == NULL ||
- inPubKey == NULL) {
- return SECFailure;
- }
- poolp = inKeyRecRep->poolp;
- mark = PORT_ArenaMark(poolp);
- if (inKeyRecRep->keyPairHist == NULL) {
- inKeyRecRep->keyPairHist = PORT_ArenaNewArray(poolp,
- CMMFCertifiedKeyPair*,
- (CMMF_MAX_KEY_PAIRS+1));
- if (inKeyRecRep->keyPairHist == NULL) {
- goto loser;
- }
- inKeyRecRep->allocKeyPairs = CMMF_MAX_KEY_PAIRS;
- inKeyRecRep->numKeyPairs = 0;
- }
-
- if (inKeyRecRep->allocKeyPairs == inKeyRecRep->numKeyPairs) {
- goto loser;
- }
-
- keyPair = PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair);
- if (keyPair == NULL) {
- goto loser;
- }
- rv = cmmf_CertOrEncCertSetCertificate(&keyPair->certOrEncCert,
- poolp, inCert);
- if (rv != SECSuccess) {
- goto loser;
- }
- keyPair->privateKey = PORT_ArenaZNew(poolp, CRMFEncryptedValue);
- if (keyPair->privateKey == NULL) {
- goto loser;
- }
- dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, inPubKey,
- keyPair->privateKey);
- PORT_Assert(dummy = keyPair->privateKey);
- if (dummy != keyPair->privateKey) {
- crmf_destroy_encrypted_value(dummy, PR_TRUE);
- goto loser;
- }
- inKeyRecRep->keyPairHist[inKeyRecRep->numKeyPairs] = keyPair;
- inKeyRecRep->numKeyPairs++;
- inKeyRecRep->keyPairHist[inKeyRecRep->numKeyPairs] = NULL;
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
- loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
-}
-
-CMMFPKIStatus
-CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep)
-{
- PORT_Assert(inKeyRecRep != NULL);
- if (inKeyRecRep == NULL) {
- return cmmfNoPKIStatus;
- }
- return cmmf_PKIStatusInfoGetStatus(&inKeyRecRep->status);
-}
-
-CERTCertificate*
-CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep)
-{
- PORT_Assert(inKeyRecRep != NULL);
- if (inKeyRecRep == NULL ||
- inKeyRecRep->newSigCert == NULL) {
- return NULL;
- }
- return CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- &inKeyRecRep->newSigCert->signatureWrap.data,
- NULL, PR_FALSE, PR_TRUE);
-}
-
-CERTCertList*
-CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep)
-{
- PORT_Assert(inKeyRecRep != NULL);
- if (inKeyRecRep == NULL || inKeyRecRep->caCerts == NULL) {
- return NULL;
- }
- return cmmf_MakeCertList(inKeyRecRep->caCerts);
-}
-
-int
-CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep)
-{
- PORT_Assert(inKeyRecRep != NULL);
- return (inKeyRecRep == NULL) ? 0 : inKeyRecRep->numKeyPairs;
-}
-
-PRBool
-cmmf_KeyRecRepContentIsValidIndex(CMMFKeyRecRepContent *inKeyRecRep,
- int inIndex)
-{
- int numKeyPairs = CMMF_KeyRecRepContentGetNumKeyPairs(inKeyRecRep);
-
- return (PRBool)(inIndex >= 0 && inIndex < numKeyPairs);
-}
-
-CMMFCertifiedKeyPair*
-CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep,
- int inIndex)
-{
- CMMFCertifiedKeyPair *newKeyPair;
- SECStatus rv;
-
- PORT_Assert(inKeyRecRep != NULL &&
- cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex));
- if (inKeyRecRep == NULL ||
- !cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex)) {
- return NULL;
- }
- newKeyPair = PORT_ZNew(CMMFCertifiedKeyPair);
- if (newKeyPair == NULL) {
- return NULL;
- }
- rv = cmmf_CopyCertifiedKeyPair(NULL, newKeyPair,
- inKeyRecRep->keyPairHist[inIndex]);
- if (rv != SECSuccess) {
- CMMF_DestroyCertifiedKeyPair(newKeyPair);
- newKeyPair = NULL;
- }
- return newKeyPair;
-}
-
-SECStatus
-CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair,
- SECKEYPrivateKey *inPrivKey,
- SECItem *inNickName,
- PK11SlotInfo *inSlot,
- CERTCertDBHandle *inCertdb,
- SECKEYPrivateKey **destPrivKey,
- void *wincx)
-{
- CERTCertificate *cert;
- SECItem keyUsageValue = {siBuffer, NULL, 0};
- unsigned char keyUsage = 0x0;
- SECKEYPublicKey *pubKey;
- SECStatus rv;
-
- PORT_Assert(inKeyPair != NULL &&
- inPrivKey != NULL && inCertdb != NULL);
- if (inKeyPair == NULL ||
- inPrivKey == NULL ||
- inKeyPair->privateKey == NULL ||
- inCertdb == NULL) {
- return SECFailure;
- }
-
- cert = CMMF_CertifiedKeyPairGetCertificate(inKeyPair, inCertdb);
- CERT_FindKeyUsageExtension(cert, &keyUsageValue);
- if (keyUsageValue.data != NULL) {
- keyUsage = keyUsageValue.data[3];
- PORT_Free(keyUsageValue.data);
- }
- pubKey = CERT_ExtractPublicKey(cert);
- rv = crmf_encrypted_value_unwrap_priv_key(NULL, inKeyPair->privateKey,
- inPrivKey, pubKey,
- inNickName, inSlot, keyUsage,
- destPrivKey, wincx);
- SECKEY_DestroyPublicKey(pubKey);
- CERT_DestroyCertificate(cert);
- return rv;
-}
-
-
-PRBool
-CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep)
-{
- PORT_Assert(inKeyRecRep != NULL);
- if (inKeyRecRep == NULL) {
- return PR_FALSE;
- }
- return (PRBool)(inKeyRecRep->caCerts != NULL &&
- inKeyRecRep->caCerts[0] != NULL);
-}
diff --git a/security/nss/lib/crmf/cmmfresp.c b/security/nss/lib/crmf/cmmfresp.c
deleted file mode 100644
index 3aae6368d..000000000
--- a/security/nss/lib/crmf/cmmfresp.c
+++ /dev/null
@@ -1,312 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * This file will contain all routines dealing with creating a
- * CMMFCertRepContent structure through Create/Set functions.
- */
-
-#include "cmmf.h"
-#include "cmmfi.h"
-#include "crmf.h"
-#include "crmfi.h"
-#include "secitem.h"
-#include "secder.h"
-
-CMMFCertRepContent*
-CMMF_CreateCertRepContent(void)
-{
- CMMFCertRepContent *retCertRep;
- PRArenaPool *poolp;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- goto loser;
- }
- retCertRep = PORT_ArenaZNew(poolp, CMMFCertRepContent);
- if (retCertRep == NULL) {
- goto loser;
- }
- retCertRep->poolp = poolp;
- return retCertRep;
- loser:
- if (poolp != NULL) {
- PORT_FreeArena(poolp, PR_FALSE);
- }
- return NULL;
-}
-
-SECStatus
-cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
- PRArenaPool *poolp,
- CERTCertificate *inCert)
-{
- SECItem *derDest = NULL;
- SECStatus rv;
-
- if (inCert->derCert.data == NULL) {
- derDest = SEC_ASN1EncodeItem(NULL, NULL, inCert,
- CMMFCertOrEncCertCertificateTemplate);
- if (derDest == NULL) {
- goto loser;
- }
- } else {
- derDest = SECITEM_DupItem(&inCert->derCert);
- if (derDest == NULL) {
- goto loser;
- }
- }
- PORT_Assert(certOrEncCert->cert.certificate == NULL);
- certOrEncCert->cert.certificate = CERT_DupCertificate(inCert);
- certOrEncCert->choice = cmmfCertificate;
- if (poolp != NULL) {
- rv = SECITEM_CopyItem(poolp, &certOrEncCert->derValue, derDest);
- if (rv != SECSuccess) {
- goto loser;
- }
- } else {
- certOrEncCert->derValue = *derDest;
- }
- PORT_Free(derDest);
- return SECSuccess;
- loser:
- if (derDest != NULL) {
- SECITEM_FreeItem(derDest, PR_TRUE);
- }
- return rv;
-}
-
-SECStatus
-cmmf_ExtractCertsFromList(CERTCertList *inCertList,
- PRArenaPool *poolp,
- CERTCertificate ***certArray)
-{
- CERTCertificate **arrayLocalCopy;
- CERTCertListNode *node;
- int numNodes = 0, i;
-
- for (node = CERT_LIST_HEAD(inCertList); !CERT_LIST_END(node, inCertList);
- node = CERT_LIST_NEXT(node)) {
- numNodes++;
- }
-
- arrayLocalCopy = *certArray = (poolp == NULL) ?
- PORT_NewArray(CERTCertificate*, (numNodes+1)) :
- PORT_ArenaNewArray(poolp, CERTCertificate*, (numNodes+1));
- if (arrayLocalCopy == NULL) {
- return SECFailure;
- }
- for (node = CERT_LIST_HEAD(inCertList), i=0;
- !CERT_LIST_END(node, inCertList);
- node = CERT_LIST_NEXT(node), i++) {
- arrayLocalCopy[i] = CERT_DupCertificate(node->cert);
- if (arrayLocalCopy[i] == NULL) {
- int j;
-
- for (j=0; j<i; j++) {
- CERT_DestroyCertificate(arrayLocalCopy[j]);
- }
- if (poolp == NULL) {
- PORT_Free(arrayLocalCopy);
- }
- *certArray = NULL;
- return SECFailure;
- }
- }
- arrayLocalCopy[numNodes] = NULL;
- return SECSuccess;
-}
-
-SECStatus
-CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent,
- CMMFCertResponse **inCertResponses,
- int inNumResponses)
-{
- PRArenaPool *poolp;
- CMMFCertResponse **respArr, *newResp;
- void *mark;
- SECStatus rv;
- int i;
-
- PORT_Assert (inCertRepContent != NULL &&
- inCertResponses != NULL &&
- inNumResponses > 0);
- if (inCertRepContent == NULL ||
- inCertResponses == NULL ||
- inCertRepContent->response != NULL) {
- return SECFailure;
- }
- poolp = inCertRepContent->poolp;
- mark = PORT_ArenaMark(poolp);
- respArr = inCertRepContent->response =
- PORT_ArenaZNewArray(poolp, CMMFCertResponse*, (inNumResponses+1));
- if (respArr == NULL) {
- goto loser;
- }
- for (i=0; i<inNumResponses; i++) {
- newResp = PORT_ArenaZNew(poolp, CMMFCertResponse);
- if (newResp == NULL) {
- goto loser;
- }
- rv = cmmf_CopyCertResponse(poolp, newResp, inCertResponses[i]);
- if (rv != SECSuccess) {
- goto loser;
- }
- respArr[i] = newResp;
- }
- respArr[inNumResponses] = NULL;
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
- loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
-}
-
-CMMFCertResponse*
-CMMF_CreateCertResponse(long inCertReqId)
-{
- SECItem *dummy;
- CMMFCertResponse *newResp;
-
- newResp = PORT_ZNew(CMMFCertResponse);
- if (newResp == NULL) {
- goto loser;
- }
- dummy = SEC_ASN1EncodeInteger(NULL, &newResp->certReqId, inCertReqId);
- if (dummy != &newResp->certReqId) {
- goto loser;
- }
- return newResp;
-
- loser:
- if (newResp != NULL) {
- CMMF_DestroyCertResponse(newResp);
- }
- return NULL;
-}
-
-SECStatus
-CMMF_CertResponseSetPKIStatusInfoStatus(CMMFCertResponse *inCertResp,
- CMMFPKIStatus inPKIStatus)
-{
- PORT_Assert (inCertResp != NULL && inPKIStatus >= cmmfGranted
- && inPKIStatus < cmmfNumPKIStatus);
-
- if (inCertResp == NULL) {
- return SECFailure;
- }
- return cmmf_PKIStatusInfoSetStatus(&inCertResp->status, NULL,
- inPKIStatus);
-}
-
-SECStatus
-CMMF_CertResponseSetCertificate (CMMFCertResponse *inCertResp,
- CERTCertificate *inCertificate)
-{
- CMMFCertifiedKeyPair *keyPair = NULL;
- SECStatus rv = SECFailure;
-
- PORT_Assert(inCertResp != NULL && inCertificate != NULL);
- if (inCertResp == NULL || inCertificate == NULL) {
- return SECFailure;
- }
- if (inCertResp->certifiedKeyPair == NULL) {
- keyPair = inCertResp->certifiedKeyPair =
- PORT_ZNew(CMMFCertifiedKeyPair);
- } else {
- keyPair = inCertResp->certifiedKeyPair;
- }
- if (keyPair == NULL) {
- goto loser;
- }
- rv = cmmf_CertOrEncCertSetCertificate(&keyPair->certOrEncCert, NULL,
- inCertificate);
- if (rv != SECSuccess) {
- goto loser;
- }
- return SECSuccess;
- loser:
- if (keyPair) {
- if (keyPair->certOrEncCert.derValue.data) {
- PORT_Free(keyPair->certOrEncCert.derValue.data);
- }
- PORT_Free(keyPair);
- }
- return rv;
-}
-
-
-SECStatus
-CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent,
- CERTCertList *inCAPubs)
-{
- PRArenaPool *poolp;
- void *mark;
- SECStatus rv;
-
- PORT_Assert(inCertRepContent != NULL &&
- inCAPubs != NULL &&
- inCertRepContent->caPubs == NULL);
-
- if (inCertRepContent == NULL ||
- inCAPubs == NULL || inCertRepContent == NULL) {
- return SECFailure;
- }
-
- poolp = inCertRepContent->poolp;
- mark = PORT_ArenaMark(poolp);
-
- rv = cmmf_ExtractCertsFromList(inCAPubs, poolp,
- &inCertRepContent->caPubs);
-
- if (rv != SECSuccess) {
- PORT_ArenaRelease(poolp, mark);
- } else {
- PORT_ArenaUnmark(poolp, mark);
- }
- return rv;
-}
-
-CERTCertificate*
-CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair,
- CERTCertDBHandle *inCertdb)
-{
- PORT_Assert(inCertKeyPair != NULL);
- if (inCertKeyPair == NULL) {
- return NULL;
- }
- return cmmf_CertOrEncCertGetCertificate(&inCertKeyPair->certOrEncCert,
- inCertdb);
-}
diff --git a/security/nss/lib/crmf/cmmft.h b/security/nss/lib/crmf/cmmft.h
deleted file mode 100644
index 3db678714..000000000
--- a/security/nss/lib/crmf/cmmft.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _CMMFT_H_
-#define _CMMFT_H_
-
-#include "secasn1.h"
-
-/*
- * These are the enumerations used to distinguish between the different
- * choices available for the CMMFCertOrEncCert structure.
- */
-typedef enum {
- cmmfNoCertOrEncCert,
- cmmfCertificate,
- cmmfEncryptedCert
-} CMMFCertOrEncCertChoice;
-
-/*
- * This is the enumeration and the corresponding values used to
- * represent the CMMF type PKIStatus
- */
-typedef enum {
- cmmfGranted,
- cmmfGrantedWithMods,
- cmmfRejection,
- cmmfWaiting,
- cmmfRevocationWarning,
- cmmfRevocationNotification,
- cmmfKeyUpdateWarning,
- cmmfNumPKIStatus,
- cmmfNoPKIStatus
-} CMMFPKIStatus;
-
-/*
- * These enumerations are used to represent the corresponding values
- * in PKIFailureInfo defined in CMMF.
- */
-typedef enum {
- cmmfBadAlg,
- cmmfBadMessageCheck,
- cmmfBadRequest,
- cmmfBadTime,
- cmmfBadCertId,
- cmmfBadDataFormat,
- cmmfWrongAuthority,
- cmmfIncorrectData,
- cmmfMissingTimeStamp,
- cmmfNoFailureInfo
-} CMMFPKIFailureInfo;
-
-typedef struct CMMFPKIStatusInfoStr CMMFPKIStatusInfo;
-typedef struct CMMFCertOrEncCertStr CMMFCertOrEncCert;
-typedef struct CMMFCertifiedKeyPairStr CMMFCertifiedKeyPair;
-typedef struct CMMFCertResponseStr CMMFCertResponse;
-typedef struct CMMFCertResponseSeqStr CMMFCertResponseSeq;
-typedef struct CMMFPOPODecKeyChallContentStr CMMFPOPODecKeyChallContent;
-typedef struct CMMFChallengeStr CMMFChallenge;
-typedef struct CMMFRandStr CMMFRand;
-typedef struct CMMFPOPODecKeyRespContentStr CMMFPOPODecKeyRespContent;
-typedef struct CMMFKeyRecRepContentStr CMMFKeyRecRepContent;
-typedef struct CMMFCertRepContentStr CMMFCertRepContent;
-
-/* Export this so people can call SEC_ASN1EncodeItem instead of having to
- * write callbacks that are passed in to the high level encode function
- * for CMMFCertRepContent.
- */
-extern const SEC_ASN1Template CMMFCertRepContentTemplate[];
-extern const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[];
-
-#endif /*_CMMFT_H_*/
diff --git a/security/nss/lib/crmf/config.mk b/security/nss/lib/crmf/config.mk
deleted file mode 100644
index 1684cf3fa..000000000
--- a/security/nss/lib/crmf/config.mk
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/crmf/crmf.h b/security/nss/lib/crmf/crmf.h
deleted file mode 100644
index cf7b91095..000000000
--- a/security/nss/lib/crmf/crmf.h
+++ /dev/null
@@ -1,1779 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#ifndef _CRMF_H_
-#define _CRMF_H_
-
-#include "seccomon.h"
-#include "cert.h"
-#include "crmft.h"
-#include "secoid.h"
-#include "secpkcs7.h"
-
-SEC_BEGIN_PROTOS
-
-/*
- * FUNCTION: CRMF_EncodeCertReqMsg
- * INPUTS:
- * inCertReqMsg
- * The Certificate Request Message to be encoded.
- * fn
- * A Callback function that the ASN1 encoder calls whenever
- * the encoder wants to write out some DER encoded bytes.
- * arg
- * An opaque pointer that gets passed to the function fn
- * OUTPUT:
- * The function fn will be called multiple times. Look at the
- * comments in crmft.h where the CRMFEncoderOutputCallback type is
- * defined for information on proper behavior of the function fn.
- * RETURN:
- * SECSuccess if encoding was successful. Any other return value
- * indicates an error occurred during encoding.
- */
-extern SECStatus
- CRMF_EncodeCertReqMsg (CRMFCertReqMsg *inCertReqMsg,
- CRMFEncoderOutputCallback fn,
- void *arg);
-
-/*
- * FUNCTION: CRMF_EncoderCertRequest
- * INPUTS:
- * inCertReq
- * The Certificate Request to be encoded.
- * fn
- * A Callback function that the ASN1 encoder calls whenever
- * the encoder wants to write out some DER encoded bytes.
- * arg
- * An opaque pointer that gets passed to the function fn.
- * OUTPUT:
- * The function fn will be called, probably multiple times whenever
- * the ASN1 encoder wants to write out DER-encoded bytes. Look at the
- * comments in crmft.h where the CRMFEncoderOuputCallback type is
- * defined for information on proper behavior of the funciton fn.
- * RETURN:
- * SECSuccess if encoding was successful. Any other return value
- * indicates an error occured during encoding.
- */
-extern SECStatus CRMF_EncodeCertRequest (CRMFCertRequest *inCertReq,
- CRMFEncoderOutputCallback fn,
- void *arg);
-/*
- * FUNCTION: CRMF_EncodeCertReqMessages
- * INPUTS:
- * inCertReqMsgs
- * An array of pointers to the Certificate Request Messages
- * to encode. The user must place a NULL pointer in the index
- * after the last message to be encoded. When the library runs
- * into the NULL pointer, the library assumes there are no more
- * messages to encode.
- * fn
- * A Callback function that the ASN1 encoder calls whenever
- * the encoder wants to write out some DER encoded byts.
- * arg
- * An opaque pointer that gets passed to the function fn.
- *
- * NOTES:
- * The parameter inCertReqMsgs needs to be an array with a NULL pointer
- * to signal the end of messages. An array in the form of
- * {m1, m2, m3, NULL, m4, ...} will only encode the messages m1, m2, and
- * m3. All messages from m4 on will not be looked at by the library.
- *
- * OUTPUT:
- * The function fn will be called, probably multiple times. Look at the
- * comments in crmft.h where the CRMFEncoderOuputCallback type is
- * defined for information on proper behavior of the funciton fn.
- *
- * RETURN:
- * SECSuccess if encoding the Certificate Request Messages was successful.
- * Any other return value indicates an error occurred while encoding the
- * certificate request messages.
- */
-extern SECStatus
- CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs,
- CRMFEncoderOutputCallback fn,
- void *arg);
-
-
-/*
- * FUNCTION: CRMF_CreateCertReqMsg
- * INPUTS:
- * NONE
- * OUTPUT:
- * An empty CRMF Certificate Request Message.
- * Before encoding this message, the user must set
- * the ProofOfPossession field and the certificate
- * request which are necessary for the full message.
- * After the user no longer needs this CertReqMsg,
- * the user must call CRMF_DestroyCertReqMsg to free
- * all memory associated with the Certificate Request
- * Message.
- * RETURN:
- * A pointer to a Certificate Request Message. The user
- * must pass the return value of this function to
- * CRMF_DestroyCertReqMsg after the Certificate Request
- * Message is no longer necessary.
- */
-extern CRMFCertReqMsg* CRMF_CreateCertReqMsg(void);
-
-/*
- * FUNCTION: CRMF_DestroyCertReqMsg
- * INPUTS:
- * inCertReqMsg
- * The Certificate Request Message to destroy.
- * NOTES:
- * This function frees all the memory used for the Certificate
- * Request Message and all the memory used in making copies of
- * fields of elelments of the message, eg. the Proof Of Possession
- * filed and the Cetificate Request.
- * RETURN:
- * SECSuccess if destruction was successful. Any other return value
- * indicates an error while trying to free the memory associated
- * with inCertReqMsg.
- *
- */
-extern SECStatus CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg);
-
-/*
- * FUNCTION: CRMF_CertReqMsgSetCertRequest
- * INPUTS:
- * inCertReqMsg
- * The Certificate Request Message that the function will set
- * the certificate request for.
- * inCertReq
- * The Certificate Request that will be added to the Certificate
- * Request Message.
- * NOTES:
- * This function will make a copy of the Certificate Request passed in
- * and store it as part of the Certificate Request Message. Therefore,
- * the user must not call this function until the Certificate Request
- * has been fully built and is ready to be encoded.
- * RETURN:
- * SECSuccess
- * If copying the Certificate as a member of the Certificate
- * request message was successful.
- * Any other return value indicates a failure to copy the Certificate
- * Request and make it a part of the Certificate Request Message.
- */
-extern SECStatus CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg,
- CRMFCertRequest *inCertReq);
-
-/*
- * FUNCTION: CRMF_CreateCertRequest
- * INPUTS:
- * inRequestID
- * The ID that will be associated with this certificate request.
- * OUTPUTS:
- * A certificate request which only has the requestID set.
- * NOTES:
- * The user must call the function CRMF_DestroyCertRequest when
- * the returned value is no longer needed. This is usually the
- * case after fully constructing the Certificate Request and then
- * calling the function CRMF_CertReqMsgSetCertRequest.
- * RETURN:
- * A pointer to the new Certificate Request. A NULL return value
- * indicates an error in creating the Certificate Request.
- */
-extern CRMFCertRequest *CRMF_CreateCertRequest (long inRequestID);
-
-/*
- * FUNCTION: CRMF_DestroyCertRequest
- * INPUTS:
- * inCertReq
- * The Certificate Request that will be destroyed.
- * RETURN:
- * SECSuccess
- * If freeing the memory associated with the certificate request
- * was successful.
- * Any other return value indicates an error while trying to free the
- * memory.
- */
-extern SECStatus CRMF_DestroyCertRequest (CRMFCertRequest *inCertReq);
-
-/*
- * FUNCTION: CRMF_CreateCertExtension
- * INPUTS:
- * id
- * The SECOidTag to associate with this CertExtension. This must
- * correspond to a valid Certificate Extension, if not the function
- * will fail.
- * isCritical
- * A boolean value stating if the extension value is crtical. PR_TRUE
- * means the value is crtical. PR_FALSE indicates the value is not
- * critical.
- * data
- * This is the data associated with the extension. The user of the
- * library is responsible for making sure the value passed in is a
- * valid interpretation of the certificate extension.
- * NOTES:
- * Use this function to create CRMFCertExtension Structures which will
- * then be passed to CRMF_AddFieldToCertTemplate as part of the
- * CRMFCertCreationInfo.extensions The user must call
- * CRMF_DestroyCertExtension after the extension has been added to a certifcate
- * and the extension is no longer needed.
- *
- * RETURN:
- * A pointer to a newly created CertExtension. A return value of NULL
- * indicates the id passed in was an invalid certificate extension.
- */
-extern CRMFCertExtension *CRMF_CreateCertExtension(SECOidTag id,
- PRBool isCritical,
- SECItem *data);
-
-/*
- * FUNCTION: CMRF_DestroyCertExtension
- * INPUTS:
- * inExtension
- * The Cert Extension to destroy
- * NOTES:
- * Destroy a structure allocated by CRMF_CreateCertExtension.
- *
- * RETURN:
- * SECSuccess if freeing the memory associated with the certificate extension
- * was successful. Any other error indicates an error while freeing the
- * memory.
- */
-extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension);
-
-/*
- * FUNCTION: CRMF_CertRequestSetTemplateField
- * INPUTS:
- * inCertReq
- * The Certificate Request to operate on.
- * inTemplateField
- * An enumeration that indicates which field of the Certificate
- * template to add.
- * data
- * A generic pointer that will be type cast according to the
- * table under NOTES and used as the key for adding to the
- * certificate template;
- * NOTES:
- *
- * Below is a table that tells what type to pass in as data
- * depending on the template field one wants to set.
- *
- * Look in crmft.h for the definition of CRMFCertTemplateField.
- *
- * In all cases, the library makes copies of the data passed in.
- *
- * CRMFCertTemplateField Type of data What data means
- * --------------------- ------------ ---------------
- * crmfVersion long * The version of
- * the certificate
- * to be created.
- *
- * crmfSerialNumber long * The serial number
- * for the cert to be
- * created.
- *
- * crmfSigningAlg SECAlgorithm * The ASN.1 object ID for
- * the algorithm used in encoding
- * the certificate.
- *
- * crmfIssuer CERTName * Certificate Library
- * representation of the ASN1 type
- * Name from X.509
- *
- * crmfValidity CRMFValidityCreationInfo * At least one of the two
- * fields in the structure must
- * be present. A NULL pointer
- * in the structure indicates
- * that member should not be
- * added.
- *
- * crmfSubject CERTName * Certificate Library
- * representation of the ASN1 type
- * Name from X.509
- *
- * crmfPublicKey CERTSubjectPublicKeyInfo * The public key info for the
- * certificate being requested.
- *
- * crmfIssuerUID SECItem * A bit string representation
- * of the issuer UID. NOTE: The
- * length is the number of bits
- * and not the number of bytes.
- *
- * crmfSubjectUID SECItem* A bit string representation
- * of the subject UID. NOTE: The
- * length is the number of bits
- * and not the number of bytes.
- *
- * crmfExtension CRMFCertExtCreationInfo * A pointer to the structure
- * populated with an array of
- * of certificate extensions
- * and an integer that tells
- * how many elements are in the
- * array. Look in crmft.h for
- * the definition of
- * CRMFCertExtCreationInfo
- * RETURN:
- * SECSuccess if adding the desired field to the template was successful.
- * Any other return value indicates failure when trying to add the field
- * to the template.
- *
- */
-extern SECStatus
- CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inTemplateField,
- void *data);
-
-/*
- * FUNCTION: CRMF_CertRequestIsFieldPresent
- * INPUTS:
- * inCertReq
- * The certificate request to operate on.
- * inTemplateField
- * The enumeration for the template field the user wants to query
- * about.
- * NOTES:
- * This function checks to see if the the field associated with inTemplateField
- * enumeration is already present in the certificate request passed in.
- *
- * RETURN:
- * The function returns PR_TRUE if the field associated with inTemplateField
- * is already present in the certificate request. If the field is not present
- * the function returns PR_FALSE.
- */
-extern PRBool
- CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inTemplateField);
-
-/*
- * FUNCTION: CRMF_CertRequestIsControlPresent
- * INPUTS:
- * inCertReq
- * The certificate request to operate on.
- * inControlType
- * The type of control to look for.
- * NOTES:
- * This function looks at the control present in the certificate request
- * and returns PR_TRUE iff a control of type inControlType already exists.
- * The CRMF draft does not explicitly state that two controls of the same
- * type can not exist within the same request. So the library will not
- * cause an error if you try to add a control and one of the same type
- * already exists. It is up to the application to ensure that multiple
- * controls of the same type do not exist, if that is the desired behavior
- * by the application.
- *
- * RETURN:
- * The function returns PR_TRUE if a control of type inControlType already
- * exists in the certificate request. If a control of type inControlType
- * does not exist, the function will return PR_FALSE.
- */
-extern PRBool
- CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq,
- CRMFControlType inControlType);
-
-
-/*
- * FUNCTION: CRMF_CertRequestSetRegTokenControl
- * INPUTS:
- * inCertReq
- * The Certificate Request to operate on.
- * value
- * The UTF8 value which will be the Registration Token Control
- * for this Certificate Request.
- * NOTES:
- * The library does no verification that the value passed in is
- * a valid UTF8 value. The caller must make sure of this in order
- * to get an encoding that is valid. The library will ultimately
- * encode this value as it was passed in.
- * RETURN:
- * SECSucces on successful addition of the Registration Token Control.
- * Any other return value indicates an unsuccessful attempt to add the
- * control.
- *
- */
-extern SECStatus CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq,
- SECItem *value);
-
-/*
- * FUNCTION: CRMF_CertRequestSetAuthenticatorControl
- * INPUTS:
- * inCertReq
- * The Certificate Request to operate on.
- * value
- * The UTF8 value that will become the Authenticator Control
- * for the passed in Certificate Request.
- * NOTES:
- * The library does no verification that the value passed in is
- * a valid UTF8 value. The caller must make sure of this in order
- * to get an encoding that is valid. The library will ultimately
- * encode this value as it was passed in.
- * RETURN:
- * SECSucces on successful addition of the Authenticator Control.
- * Any other return value indicates an unsuccessful attempt to add the
- * control.
- */
-extern SECStatus
- CRMF_CertRequestSetAuthenticatorControl (CRMFCertRequest *inCertReq,
- SECItem *value);
-
-/*
- * FUNCTION: CRMF_CreateEncryptedKeyWithencryptedValue
- * INPUTS:
- * inPrivKey
- * This is the private key associated with a certificate that is
- * being requested. This structure will eventually wind up as
- * a part of the PKIArchiveOptions Control.
- * inCACert
- * This is the certificate for the CA that will be receiving the
- * certificate request for the private key passed in.
- * OUTPUT:
- * A CRMFEncryptedKey that can ultimately be used as part of the
- * PKIArchiveOptions Control.
- *
- * RETURN:
- * A pointer to a CRMFEncyptedKey. A NULL return value indicates an erro
- * during the creation of the encrypted key.
- */
-extern CRMFEncryptedKey*
- CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey,
- CERTCertificate *inCACert);
-
-/*
- * FUNCTION: CRMF_DestroyEncryptedKey
- * INPUTS:
- * inEncrKey
- * The CRMFEncryptedKey to be destroyed.
- * NOTES:
- * Frees all memory associated with the CRMFEncryptedKey passed in.
- * RETURN:
- * SECSuccess if freeing the memory was successful. Any other return
- * value indicates an error while freeig the memroy.
- */
-extern SECStatus CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey);
-
-/*
- * FUNCTION: CRMF_CreatePKIArchiveOptions
- * INPUTS:
- * inType
- * An enumeration value indicating which option for
- * PKIArchiveOptions to use.
- * data
- * A pointer that will be type-cast and de-referenced according
- * to the table under NOTES.
- * NOTES:
- * A table listing what should be passed in as data
- * ------------------------------------------------
- *
- * inType data
- * ------ ----
- * crmfEncryptedPrivateKey CRMFEncryptedKey*
- * crmfKeyGenParameters SECItem*(This needs to be an octet string)
- * crmfArchiveRemGenPrivKey PRBool*
- *
- * RETURN:
- * A pointer the a CRMFPKIArchiveOptions that can be added to a Certificate
- * Request. A NULL pointer indicates an error occurred while creating
- * the CRMFPKIArchiveOptions Structure.
- */
-extern CRMFPKIArchiveOptions*
- CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType,
- void *data);
-/*
- * FUNCTION: CRMF_DestroyPKIArchiveOptions
- * INPUTS:
- * inArchOpt
- * A pointer to the CRMFPKIArchiveOptions structure to free.
- * NOTES:
- * Will free all memory associated with 'inArchOpt'.
- * RETURN:
- * SECSuccess if successful in freeing the memory used by 'inArchOpt'
- * Any other return value indicates an error while freeing the memory.
- */
-extern SECStatus
- CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOpt);
-
-/*
- * FUNCTION: CRMF_CertRequestSetPKIArchiveOptions
- * INPUTS:
- * inCertReq
- * The Certificate Request to add the the options to.
- * inOptions
- * The Archive Options to add to the Certificate Request.
- * NOTES:
- * Adds the PKIArchiveOption to the Certificate Request. This is what
- * enables Key Escrow to take place through CRMF. The library makes
- * its own copy of the information.
- * RETURN:
- * SECSuccess if successful in adding the ArchiveOptions to the Certificate
- * request. Any other return value indicates an error when trying to add
- * the Archive Options to the Certificate Request.
- */
-extern SECStatus
- CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq,
- CRMFPKIArchiveOptions *inOptions);
-
-/*
- * FUNCTION: CRMF_CertReqMsgGetPOPType
- * INPUTS:
- * inCertReqMsg
- * The Certificate Request Message to operate on.
- * NOTES:
- * Returns an enumeration value indicating the method of Proof
- * of Possession that was used for the passed in Certificate Request
- * Message.
- * RETURN:
- * An enumeration indicating what method for Proof Of Possession is
- * being used in this Certificate Request Message. Look in the file
- * crmft.h for the definition of CRMFPOPChoice for the possible return
- * values.
- */
-extern CRMFPOPChoice CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg);
-
-/*
- * FUNCTION: CRMF_CertReqMsgSetRAVerifiedPOP
- * INPUT:
- * InCertReqMsg
- * The Certificate Request Message to operate on.
- * NOTES:
- * This function will set the method of Proof Of Possession to
- * crmfRAVerified which means the RA has already verified the
- * requester does possess the private key.
- * RETURN:
- * SECSuccess if adding RAVerified to the message is successful.
- * Any other message indicates an error while trying to add RAVerified
- * as the Proof of Possession.
- */
-extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg);
-
-/*
- * FUNCTION: CRMF_CertReqMsgSetSignaturePOP
- * INPUT:
- * inCertReqMsg
- * The Certificate Request Message to add the SignaturePOP to.
- * inPrivKey
- * The Private Key which corresponds to the the Certificate Request
- * Message.
- * inPubKey
- * The Public Key which corresponds to the Private Key passed in.
- * inCertForInput
- * A Certificate that in the future may be used to create
- * POPOSigningKeyInput.
- * fn
- * A callback for retrieving a password which may be used in the
- * future to generate POPOSigningKeyInput.
- * arg
- * An opaque pointer that would be passed to fn whenever it is
- * called.
- * NOTES:
- * Adds Proof Of Possession to the CertRequest using the signature field
- * of the ProofOfPossession field. NOTE: In order to use this option,
- * the certificate template must contain the publicKey at the very minimum.
- *
- * If you don't want the function to generate POPOSigningKeyInput, then
- * make sure the cert template already contains the subject and public key
- * values. Currently creating POPOSigningKeyInput is not supported, so
- * a Message passed to this function must have the publicKey and the subject
- * as part of the template
- *
- * This will take care of creating the entire POPOSigningKey structure
- * that will become part of the message.
- *
- * inPrivKey is the key to be used in the signing operation when creating
- * POPOSigningKey structure. This should be the key corresponding to
- * the certificate being requested.
- *
- * inCertForInput will be used if POPOSigningKeyInput needs to be generated.
- * It will be used in generating the authInfo.sender field. If the parameter
- * is not passed in then authInfo.publicKeyMAC will be generated instead.
- * If passed in, this certificate needs to be a valid certificate.
- *
- * The last 3 arguments are for future compatibility in case we ever want to
- * support generating POPOSigningKeyInput. Pass in NULL for all 3 if you
- * definitely don't want the funciton to even try to generate
- * POPOSigningKeyInput. If you try to use POPOSigningKeyInput, the function
- * will fail.
- *
- * RETURN:
- * SECSuccess if adding the Signature Proof Of Possession worked.
- * Any other return value indicates an error in trying to add
- * the Signature Proof Of Possession.
- */
-extern SECStatus
- CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
- SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey,
- CERTCertificate *inCertForInput,
- CRMFMACPasswordCallback fn,
- void *arg);
-
-/*
- * FUNCTION: CRMF_CertReqMsgSetKeyEnciphermentPOP
- * INPUTS:
- * inCertReqMsg
- * The Certificate Request Message to operate on.
- * inKeyChoice
- * An enumeration indicating which POPOPrivKey Choice to use
- * in constructing the KeyEnciphermentPOP.
- * subseqMess
- * This parameter must be provided iff inKeyChoice is
- * crmfSubsequentMessage. This details how the RA is to respond
- * in order to perform Proof Of Possession. Look in crmft.h under
- * the definition of CRMFSubseqMessOptions for possible values.
- * encPrivKey
- * This parameter only needs to be provided if inKeyChoice is
- * crmfThisMessage. The item should contain the encrypted private
- * key.
- *
- * NOTES:
- * Adds Proof Of Possession using the keyEncipherment field of
- * ProofOfPossession.
- *
- * The funciton looks at the the inKeyChoice parameter and interprets it in
- * in the following manner.
- *
- * If a parameter is not mentioned under interpretation, the funciton will not
- * look at its value when implementing that case.
- *
- * inKeyChoice Interpretation
- * ----------- --------------
- * crmfThisMessage This options requires that the encrypted private key
- * be included in the thisMessage field of POPOPrivKey.
- * We don't support this yet, so any clients who want
- * to use this feature have to implement a wrapping
- * function and agree with the server on how to properly
- * wrap the key. That encrypted key must be passed in
- * as the encPrivKey parameter.
- *
- * crmfSubequentMessage Must pass in a value for subseqMess. The value must
- * be either CRMFEncrCert or CRMFChallengeResp. The
- * parameter encPrivKey will not be looked at in this
- * case.
- *
- * crmfDHMAC This is not a valid option for this function. Passing
- * in this value will result in the function returning
- * SECFailure.
- * RETURN:
- * SECSuccess if adding KeyEnciphermentPOP was successful. Any other return
- * value indicates an error in adding KeyEnciphermentPOP.
- */
-extern SECStatus
- CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey);
-
-/*
- * FUNCTION: CRMF_CertReqMsgSetKeyAgreementPOP
- * INPUTS:
- * inCertReqMsg
- * The Certificate Request Message to operate on.
- * inKeyChoice
- * An enumeration indicating which POPOPrivKey Choice to use
- * in constructing the KeyAgreementPOP.
- * subseqMess
- * This parameter must be provided iff inKeyChoice is
- * crmfSubsequentMessage. This details how the RA is to respond
- * in order to perform Proof Of Possession. Look in crmft.h under
- * the definition of CRMFSubseqMessOptions for possible values.
- * encPrivKey
- * This parameter only needs to be provided if inKeyChoice is
- * crmfThisMessage. The item should contain the encrypted private
- * key.
- * Adds Proof Of Possession using the keyAgreement field of
- * ProofOfPossession.
- *
- * The funciton looks at the the inKeyChoice parameter and interprets it in
- * in the following manner.
- *
- * If a parameter is not mentioned under interpretation, the funciton will not
- * look at its value when implementing that case.
- *
- * inKeyChoice Interpretation
- * ----------- --------------
- * crmfThisMessage This options requires that the encrypted private key
- * be included in the thisMessage field of POPOPrivKey.
- * We don't support this yet, so any clients who want
- * to use this feature have to implement a wrapping
- * function and agree with the server on how to properly
- * wrap the key. That encrypted key must be passed in
- * as the encPrivKey parameter.
- *
- * crmfSubequentMessage Must pass in a value for subseqMess. The value must
- * be either crmfEncrCert or crmfChallengeResp. The
- * parameter encPrivKey will not be looked at in this
- * case.
- *
- * crmfDHMAC This option is not supported.
- */
-extern SECStatus
- CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey);
-
-/*
- * FUNCTION: CRMF_CreateCertReqMsgFromDER
- * INPUTS:
- * buf
- * A buffer to the DER-encoded Certificate Request Message.
- * len
- * The length in bytes of the buffer 'buf'
- * NOTES:
- * This function passes the buffer to the ASN1 decoder and creates a
- * CRMFCertReqMsg structure. Do not try adding any fields to a message
- * returned from this function. Specifically adding more Controls or
- * Extensions may cause your program to crash.
- *
- * RETURN:
- * A pointer to the Certificate Request Message structure. A NULL return
- * value indicates the library was unable to parse the DER.
- */
-extern CRMFCertReqMsg* CRMF_CreateCertReqMsgFromDER(const char *buf, long len);
-
-/*
- * FUNCTION: CRMF_CreateCertReqMessagesFromDER
- * INPUTS:
- * buf
- * A buffer to the DER-encoded Certificate Request Messages.
- * len
- * The length in bytes of buf
- * NOTES:
- * This function passes the buffer to the ASN1 decoder and creates a
- * CRMFCertReqMessages structure. Do not try adding any fields to a message
- * derived from this function. Specifically adding more Controls or
- * Extensions may cause your program to crash.
- * The user must call CRMF_DestroyCertReqMessages after the return value is
- * no longer needed, ie when all individual messages have been extracted.
- *
- * RETURN:
- * A pointer to the Certificate Request Messages structure. A NULL return
- * value indicates the library was unable to parse the DER.
- */
-extern CRMFCertReqMessages*
- CRMF_CreateCertReqMessagesFromDER(const char *buf, long len);
-
-/*
- * FUNCTION: CRMF_DestroyCertReqMessages
- * INPUTS
- * inCertReqMsgs
- * The Messages to destroy.
- * RETURN:
- * SECSuccess if freeing the memory was done successfully. Any other
- * return value indicates an error in freeing up memory.
- */
-extern SECStatus
- CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs);
-
-/*
- * FUNCTION: CRMF_CertReqMessagesGetNumMessages
- * INPUTS:
- * inCertReqMsgs
- * The Request Messages to operate on.
- * RETURN:
- * The number of messages contained in the in the Request Messages
- * strucure.
- */
-extern int
- CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs);
-
-/*
- * FUNCTION: CRMF_CertReqMessagesGetCertReqMsgAtIndex
- * INPUTS:
- * inReqMsgs
- * The Certificate Request Messages to operate on.
- * index
- * The index of the single message the user wants a copy of.
- * NOTES:
- * This function returns a copy of the request messages stored at the
- * index corresponding to the parameter 'index'. Indexing of the messages
- * is done in the same manner as a C array. Meaning the valid index are
- * 0...numMessages-1. User must call CRMF_DestroyCertReqMsg when done using
- * the return value of this function.
- *
- * RETURN:
- * SECSuccess if copying the message at the requested index was successful.
- * Any other return value indicates an invalid index or error while copying
- * the single request message.
- */
-extern CRMFCertReqMsg*
- CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
- int index);
-
-
-/*
- * FUNCTION: CRMF_CertReqMsgGetID
- * INPUTS:
- * inCertReqMsg
- * The Certificate Request Message to get the ID from.
- * destID
- * A pointer to where the library can place the ID of the Message.
- * RETURN:
- * SECSuccess if the function was able to retrieve the ID and place it
- * at *destID. Any other return value indicates an error meaning the value
- * in *destId is un-reliable and should not be used by the caller of this
- * function.
- *
- */
-extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg,
- long *destID);
-
-/*
- * FUNCTION: CRMF_DoesRequestHaveField
- * INPUTS:
- * inCertReq
- * The Certificate Request to operate on.
- * inField
- * An enumeration indicating which filed of the certificate template
- * to look for.
- * NOTES:
- * All the fields in a certificate template are optional. This function
- * checks to see if the requested field is present. Look in crmft.h at the
- * definition of CRMFCertTemplateField for possible values for possible
- * querying.
- *
- * RETURN:
- * PR_TRUE iff the field corresponding to 'inField' has been specified as part
- * of 'inCertReq'
- * PR_FALSE iff the field corresponding to 'inField' has not been speicified
- * as part of 'inCertReq'
- *
- */
-extern PRBool CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inField);
-
-/*
- * FUNCTION: CRMF_CertReqMsgGetCertRequest
- * INPUTS:
- * inCertReqMsg
- * The Certificate Request Message to operate on.
- * NOTES:
- * This function returns a copy of the Certificate Request to the user.
- * The user can keep adding to this request and then making it a part
- * of another message. After the user no longer wants to use the
- * returned request, the user must call CRMF_DestroyCertRequest and
- * pass it the request returned by this function.
- * RETURN:
- * A pointer to a copy of the certificate request contained by the message.
- * A NULL return value indicates an error occurred while copying the
- * certificate request.
- */
-extern CRMFCertRequest *
- CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg);
-
-/*
- * FUNCTION: CRMF_CertRequestGetCertTemplateVersion
- * INPUTS:
- * inCertReq
- * The Certificate Request to operate on.
- * version
- * A pointer to where the library can store the version contatined
- * in the certificate template within the certifcate request.
- * RETURN:
- * SECSuccess if the Certificate template contains the version field. In
- * this case, *version will hold the value of the certificate template
- * version.
- * SECFailure indicates that version field was not present as part of
- * of the certificate template.
- */
-extern SECStatus
- CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
- long *version);
-
-/*
- * FUNCTION: CRMF_CertRequestGetCertTemplateSerialNumber
- * INPUTS:
- * inCertReq
- * The certificate request to operate on.
- * serialNumber
- * A pointer where the library can put the serial number contained
- * in the certificate request's certificate template.
- * RETURN:
- * If a serial number exists in the CertTemplate of the request, the function
- * returns SECSuccess and the value at *serialNumber contains the serial
- * number.
- * If no serial number is present, then the function returns SECFailure and
- * the value at *serialNumber is un-changed.
- */
-extern SECStatus
- CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
- long *serialNumber);
-
-/*
- * FUNCTION: CRMF_CertRequestGetCertTemplateSigningAlg
- * INPUT:
- * inCertReq
- * The Certificate Request to operate on.
- * destAlg
- * A Pointer to where the library can place a copy of the signing alg
- * used in the cert request's cert template.
- * RETURN:
- * If the signingAlg is present in the CertRequest's CertTemplate, then
- * the function returns SECSuccess and places a copy of sigingAlg in
- * *destAlg.
- * If no signingAlg is present, then the function returns SECFailure and
- * the value at *destAlg is un-changed
- */
-extern SECStatus
- CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
- SECAlgorithmID *destAlg);
-/*
- * FUNCTION: CRMF_CertRequestGetCertTemplateIssuer
- * INPUTS:
- * inCertReq
- * The Certificate Request to operate on.
- * destIssuer
- * A pointer to where the library can place a copy of the cert
- * request's cert template issuer field.
- * RETURN:
- * If the issuer is present in the cert request cert template, the function
- * returns SECSuccess and places a copy of the issuer in *destIssuer.
- * If there is no issuer present, the funciton returns SECFailure and the
- * value at *destIssuer is unchanged.
- */
-extern SECStatus
- CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
- CERTName *destIssuer);
-
-/*
- * FUNCTION: CRMF_CertRequestGetCertTemplateValidity
- * INPUTS:
- * inCertReq
- * The Certificate Request to operate on.
- * destValdity
- * A pointer to where the library can place a copy of the validity
- * info in the cert request cert template.
- * NOTES:
- * Pass the pointer to
- * RETURN:
- * If there is an OptionalValidity field, the function will return SECSuccess
- * and place the appropriate values in *destValidity->notBefore and
- * *destValidity->notAfter. (Each field is optional, but at least one will
- * be present if the function returns SECSuccess)
- *
- * If there is no OptionalValidity field, the function will return SECFailure
- * and the values at *destValidity will be un-changed.
- */
-extern SECStatus
- CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
- CRMFGetValidity *destValidity);
-/*
- * FUNCTION: CRMF_DestroyGetValidity
- * INPUTS:
- * inValidity
- * A pointer to the memroy to be freed.
- * NOTES:
- * The function will free the memory allocated by the function
- * CRMF_CertRequestGetCertTemplateValidity. That means only memory pointed
- * to within the CRMFGetValidity structure. Since
- * CRMF_CertRequestGetCertTemplateValidity does not allocate memory for the
- * structure passed into it, it will not free it. Meaning this function will
- * free the memory at inValidity->notBefore and inValidity->notAfter, but not
- * the memory directly at inValdity.
- *
- * RETURN:
- * SECSuccess if freeing the memory was successful. Any other return value
- * indicates an error while freeing the memory.
- */
-extern SECStatus
- CRMF_DestroyGetValidity(CRMFGetValidity *inValidity);
-
-/*
- * FUNCTION: CRMF_CertRequestGetCertTemplateSubject
- * INPUTS:
- * inCertReq
- * The Certificate Request to operate on.
- * destSubject
- * A pointer to where the library can place a copy of the subject
- * contained in the request's cert template.
- * RETURN:
- * If there is a subject in the CertTemplate, then the function returns
- * SECSuccess and a copy of the subject is placed in *destSubject.
- *
- * If there is no subject, the function returns SECFailure and the values at
- * *destSubject is unchanged.
- */
-extern SECStatus
- CRMF_CertRequestGetCertTemplateSubject (CRMFCertRequest *inCertReq,
- CERTName *destSubject);
-
-/*
- * FUNCTION: CRMF_CertRequestGetCertTemplatePublicKey
- * INPUTS:
- * inCertReq
- * The Cert request to operate on.
- * destPublicKey
- * A pointer to where the library can place a copy of the request's
- * cert template public key.
- * RETURN:
- * If there is a publicKey parameter in the CertRequest, the function returns
- * SECSuccess, and places a copy of the publicKey in *destPublicKey.
- *
- * If there is no publicKey, the function returns SECFailure and the value
- * at *destPublicKey is un-changed.
- */
-extern SECStatus
- CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
- CERTSubjectPublicKeyInfo *destPublicKey);
-
-/*
- * FUNCTION: CRMF_CertRequestGetCertTemplateIssuerUID
- * INPUTS:
- * inCertReq
- * The Cert request to operate on.
- * destIssuerUID
- * A pointer to where the library can store a copy of the request's
- * cert template destIssuerUID.
- *
- * NOTES:
- * destIssuerUID is a bit string and will be returned in a SECItem as
- * a bit string. Meaning the len field contains the number of valid bits as
- * opposed to the number of bytes allocated.
- *
- * RETURN:
- * If the CertTemplate has an issuerUID, the function returns SECSuccess and
- * places a copy of the issuerUID in *destIssuerUID.
- *
- * If there is no issuerUID, the function returns SECFailure and the value
- * *destIssuerUID is unchanged.
- */
-extern SECStatus
- CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
- SECItem *destIssuerUID);
-
-/*
- * FUNCTION: CRMF_CertRequestGetCertTemplateSubjectUID
- * inCertReq
- * The Cert request to operate on.
- * destSubjectUID
- * A pointer to where the library can store a copy of the request's
- * cert template destIssuerUID.
- *
- * NOTES:
- * destSubjectUID is a bit string and will be returned in a SECItem as
- * a bit string. Meaning the len field contains the number of valid bits as
- * opposed to the number of bytes allocated.
- *
- * RETURN:
- * If the CertTemplate has an issuerUID, the function returns SECSuccess and
- * places a copy of the issuerUID in *destIssuerUID.
- *
- * If there is no issuerUID, the function returns SECSuccess and the value
- * *destIssuerUID is unchanged.
- */
-extern SECStatus CRMF_GetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
- SECItem *destSubjectUID);
-
-/*
- * FUNCTION: CRMF_CertRequestGetNumberOfExtensions
- * INPUTS:
- * inCertReq
- * The cert request to operate on.
- * RETURN:
- * Returns the number of extensions contained by the Cert Request.
- */
-extern int CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq);
-
-/*
- * FUNCTION: CRMF_CertRequestGetExtensionAtIndex
- * INPUTS:
- * inCertReq
- * The Certificate request to operate on.
- * index
- * The index of the extension array whihc the user wants to access.
- * NOTES:
- * This function retrieves the extension at the index corresponding to the
- * parameter "index" indicates. Indexing is done like a C array.
- * (0 ... numElements-1)
- *
- * Call CRMF_DestroyCertExtension when done using the return value.
- *
- * RETURN:
- * A pointer to a copy of the extension at the desired index. A NULL
- * return value indicates an invalid index or an error while copying
- * the extension.
- */
-extern CRMFCertExtension *
- CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
- int index);
-/*
- * FUNCTION: CRMF_CertExtensionGetOidTag
- * INPUTS:
- * inExtension
-
- * The extension to operate on.
- * RETURN:
- * Returns the SECOidTag associated with the cert extension passed in.
- */
-extern SECOidTag CRMF_CertExtensionGetOidTag(CRMFCertExtension *inExtension);
-
-/*
- * FUNCTION: CRMF_CertExtensionGetIsCritical
- * INPUT:
- * inExt
- * The cert extension to operate on.
- *
- * RETURN:
- * PR_TRUE if the extension is critical.
- * PR_FALSE if the extension is not critical.
- */
-extern PRBool CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt);
-
-/*
- * FUNCTION: CRMF_CertExtensionGetValue
- * INPUT:
- * inExtension
- * The extension to operate on.
- * NOTES:
- * Caller is responsible for freeing the memory associated with the return
- * value. Call SECITEM_FreeItem(retVal, PR_TRUE) when done using the return
- * value.
- *
- * RETURN:
- * A pointer to an item containig the value for the certificate extension.
- * A NULL return value indicates an error in copying the information.
- */
-extern SECItem* CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension);
-
-/*
- * FUNCTION: CRMF_CertReqMsgGetPOPOSigningKey
- * INPUTS:
- * inCertReqMsg
- * The certificate request message to operate on.
- * destKey
- * A pointer to where the library can place a pointer to
- * a copy of the Proof Of Possession Signing Key used
- * by the message.
- *
- * RETURN:
- * Get the POPOSigningKey associated with this CRMFCertReqMsg.
- * If the CertReqMsg does not have a pop, the function returns
- * SECFailure and the value at *destKey is un-changed..
- *
- * If the CertReqMsg does have a pop, then the CertReqMsg's
- * POPOSigningKey will be placed at *destKey.
- */
-extern SECStatus
- CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOSigningKey **destKey);
-
-/*
- * FUNCTION: CRMF_DestroyPOPOSigningKey
- * INPUTS:
- * inKey
- * The signing key to free.
- *
- * RETURN:
- * SECSuccess if freeing the memory was successful. Any other return value
- * indicates an error while freeing memory.
- */
-extern SECStatus CRMF_DestroyPOPOSigningKey (CRMFPOPOSigningKey *inKey);
-
-/*
- * FUNCTION: CRMF_POPOSigningKeyGetAlgID
- * INPUTS:
- * inSignKey
- * The Signing Key to operate on.
- * RETURN:
- * Return the algorithmID used by the CRMFPOPOSigningKey. User must
- * call SECOID_DestroyAlgorithmID(destID, PR_TRUE) when done using the
- * return value.
- */
-extern SECAlgorithmID*
- CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey);
-
-/*
- * FUNCTION: CRMF_POPOSigningKeyGetSignature
- * INPUTS:
- * inSignKey
- * The Signing Key to operate on.
- *
- * RETURN:
- * Get the actual signature stored away in the CRMFPOPOSigningKey. SECItem
- * returned is a BIT STRING, so the len field is the number of bits as opposed
- * to the total number of bytes allocatd. User must call
- * SECITEM_FreeItem(retVal,PR_TRUE) when done using the return value.
- */
-extern SECItem* CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey);
-
-/*
- * FUNCTION: CRMF_POPOSigningKeyGetInput
- * INPUTS:
- * inSignKey
- * The Signing Key to operate on.
- * NOTES:
- * This function will return the der encoded input that was read in while
- * decoding. The API does not support this option when creating, so you
- * cannot add this field.
- *
- * RETURN:
- * Get the poposkInput that is part of the of the POPOSigningKey. If the
- * optional field is not part of the POPOSigningKey, the function returns
- * NULL.
- *
- * If the optional field is part of the POPOSingingKey, the function will
- * return a copy of the der encoded poposkInput.
- */
-extern SECItem* CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey);
-
-/*
- * FUNCTION: CRMF_CertReqMsgGetPOPKeyEncipherment
- * INPUTS:
- * inCertReqMsg
- * The certificate request message to operate on.
- * destKey
- * A pointer to where the library can place a pointer to a
- * copy of the POPOPrivKey representing Key Encipherment
- * Proof of Possession.
- *NOTES:
- * This function gets the POPOPrivKey associated with this CRMFCertReqMsg
- * for Key Encipherment.
- *
- * RETURN:
- * If the CertReqMsg did not use Key Encipherment for Proof Of Possession, the
- * function returns SECFailure and the value at *destKey is un-changed.
- *
- * If the CertReqMsg did use Key Encipherment for ProofOfPossession, the
- * function returns SECSuccess and places the POPOPrivKey representing the
- * Key Encipherment Proof Of Possessin at *destKey.
- */
-extern SECStatus
- CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey **destKey);
-
-/*
- * FUNCTION: CRMF_CertReqMsgGetPOPKeyAgreement
- * INPUTS:
- * inCertReqMsg
- * The certificate request message to operate on.
- * destKey
- * A pointer to where the library can place a pointer to a
- * copy of the POPOPrivKey representing Key Agreement
- * Proof of Possession.
- * NOTES:
- * This function gets the POPOPrivKey associated with this CRMFCertReqMsg for
- * Key Agreement.
- *
- * RETURN:
- * If the CertReqMsg used Key Agreement for Proof Of Possession, the
- * function returns SECSuccess and the POPOPrivKey for Key Agreement
- * is placed at *destKey.
- *
- * If the CertReqMsg did not use Key Agreement for Proof Of Possession, the
- * function return SECFailure and the value at *destKey is unchanged.
- */
-extern SECStatus
- CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey **destKey);
-
-/*
- * FUNCTION: CRMF_DestroyPOPOPrivKey
- * INPUTS:
- * inPrivKey
- * The POPOPrivKey to destroy.
- * NOTES:
- * Destroy a structure allocated by CRMF_GetPOPKeyEncipherment or
- * CRMF_GetPOPKeyAgreement.
- *
- * RETURN:
- * SECSuccess on successful destruction of the POPOPrivKey.
- * Any other return value indicates an error in freeing the
- * memory.
- */
-extern SECStatus CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey);
-
-/*
- * FUNCTION: CRMF_POPOPrivKeyGetChoice
- * INPUT:
- * inKey
- * The POPOPrivKey to operate on.
- * RETURN:
- * Returns which choice was used in constructing the POPPOPrivKey. Look at
- * the definition of CRMFPOPOPrivKeyChoice in crmft.h for the possible return
- * values.
- */
-extern CRMFPOPOPrivKeyChoice CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inKey);
-
-/*
- * FUNCTION: CRMF_POPOPrivKeyGetThisMessage
- * INPUTS:
- * inKey
- * The POPOPrivKey to operate on.
- * destString
- * A pointer to where the library can place a copy of the This Message
- * field stored in the POPOPrivKey
- *
- * RETURN:
- * Returns the field thisMessage from the POPOPrivKey.
- * If the POPOPrivKey did not use the field thisMessage, the function
- * returns SECFailure and the value at *destString is unchanged.
- *
- * If the POPOPrivKey did use the field thisMessage, the function returns
- * SECSuccess and the BIT STRING representing thisMessage is placed
- * at *destString. BIT STRING representation means the len field is the
- * number of valid bits as opposed to the total number of bytes.
- */
-extern SECStatus CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
- SECItem *destString);
-
-/*
- * FUNCTION: CRMF_POPOPrivKeyGetSubseqMess
- * INPUTS:
- * inKey
- * The POPOPrivKey to operate on.
- * destOpt
- * A pointer to where the library can place the value of the
- * Subsequent Message option used by POPOPrivKey.
- *
- * RETURN:
- * Retrieves the field subsequentMessage from the POPOPrivKey.
- * If the POPOPrivKey used the subsequentMessage option, the function
- * returns SECSuccess and places the appropriate enumerated value at
- * *destMessageOption.
- *
- * If the POPOPrivKey did not use the subsequenMessage option, the function
- * returns SECFailure and the value at *destOpt is un-changed.
- */
-extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey,
- CRMFSubseqMessOptions *destOpt);
-
-/*
- * FUNCTION: CRMF_POPOPrivKeyGetDHMAC
- * INPUTS:
- * inKey
- * The POPOPrivKey to operate on.
- * destMAC
- * A pointer to where the library can place a copy of the dhMAC
- * field of the POPOPrivKey.
- *
- * NOTES:
- * Returns the field dhMAC from the POPOPrivKey. The populated SECItem
- * is in BIT STRING format.
- *
- * RETURN:
- * If the POPOPrivKey used the dhMAC option, the function returns SECSuccess
- * and the BIT STRING for dhMAC will be placed at *destMAC. The len field in
- * destMAC (ie destMAC->len) will be the valid number of bits as opposed to
- * the number of allocated bytes.
- *
- * If the POPOPrivKey did not use the dhMAC option, the function returns
- * SECFailure and the value at *destMAC is unchanged.
- *
- */
-extern SECStatus CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey,
- SECItem *destMAC);
-
-/*
- * FUNCTION: CRMF_CertRequestGetNumControls
- * INPUTS:
- * inCertReq
- * The Certificate Request to operate on.
- * RETURN:
- * Returns the number of Controls registered with this CertRequest.
- */
-extern int CRMF_CertRequestGetNumControls (CRMFCertRequest *inCertReq);
-
-/*
- * FUNCTION: CRMF_CertRequestGetControlAtIndex
- * INPUTS:
- * inCertReq
- * The certificate request to operate on.
- * index
- * The index of the control the user wants a copy of.
- * NOTES:
- * Function retrieves the Control at located at index. The Controls
- * are numbered like a traditional C array (0 ... numElements-1)
- *
- * RETURN:
- * Returns a copy of the control at the index specified. This is a copy
- * so the user must call CRMF_DestroyControl after the return value is no
- * longer needed. A return value of NULL indicates an error while copying
- * the control or that the index was invalid.
- */
-extern CRMFControl*
- CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq,
- int index);
-
-/*
- * FUNCTION: CRMF_DestroyControl
- * INPUTS:
- * inControl
- * The Control to destroy.
- * NOTES:
- * Destroy a CRMFControl allocated by CRMF_GetControlAtIndex.
- *
- * RETURN:
- * SECSuccess if freeing the memory was successful. Any other return
- * value indicates an error while freeing the memory.
- */
-extern SECStatus CRMF_DestroyControl(CRMFControl *inControl);
-
-/*
- * FUNCTION: CRMF_ControlGetControlType
- * INPUTS:
- * inControl
- * The control to operate on.
- * NOTES:
- * The function returns an enumertion which indicates the type of control
- * 'inControl'.
- *
- * RETURN:
- * Look in crmft.h at the definition of the enumerated type CRMFControlType
- * for the possible return values.
- */
-extern CRMFControlType CRMF_ControlGetControlType(CRMFControl *inControl);
-
-/*
- * FUNCTION: CRMF_ControlGetRegTokenControlValue
- * INPUTS:
- * inControl
- * The Control to operate on.
- * NOTES:
- * The user must call SECITEM_FreeItem passing in the return value
- * after the returnvalue is no longer needed.
-
- * RETURN:
- * Return the value for a Registration Token Control.
- * The SECItem returned should be in UTF8 format. A NULL
- * return value indicates there was no Registration Control associated
- * with the Control.
- * (This library will not verify format. It assumes the client properly
- * formatted the strings when adding it or the message decoded was properly
- * formatted. The library will just give back the bytes it was given.)
- */
-extern SECItem* CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl);
-
-/*
- * FUNCTION: CRMF_ControlGetAuthenticatorControlValue
- * INPUTS:
- * inControl
- * The Control to operate on.
- * NOTES:
- * The user must call SECITEM_FreeItem passing in the return value
- * after the returnvalue is no longer needed.
- *
- * RETURN:
- * Return the value for the Authenticator Control.
- * The SECItem returned should be in UTF8 format. A NULL
- * return value indicates there was no Authenticator Control associated
- * with the CRMFControl..
- * (This library will not verify format. It assumes the client properly
- * formatted the strings when adding it or the message decoded was properly
- * formatted. The library will just give back the bytes it was given.)
- */
-extern SECItem* CRMF_ControlGetAuthicatorControlValue(CRMFControl *inControl);
-
-/*
- * FUNCTION: CRMF_ControlGetPKIArchiveOptions
- * INPUTS:inControl
- * The Control tooperate on.
- * NOTES:
- * This function returns a copy of the PKIArchiveOptions. The user must call
- * the function CRMF_DestroyPKIArchiveOptions when the return value is no
- * longer needed.
- *
- * RETURN:
- * Get the PKIArchiveOptions associated with the Control. A return
- * value of NULL indicates the Control was not a PKIArchiveOptions
- * Control.
- */
-extern CRMFPKIArchiveOptions*
- CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl);
-
-/*
- * FUNCTION: CMRF_DestroyPKIArchiveOptions
- * INPUTS:
- * inOptions
- * The ArchiveOptions to destroy.
- * NOTE:
- * Destroy the CRMFPKIArchiveOptions structure.
- *
- * RETURN:
- * SECSuccess if successful in freeing all the memory associated with
- * the PKIArchiveOptions. Any other return value indicates an error while
- * freeing the PKIArchiveOptions.
- */
-extern SECStatus
- CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inOptions);
-
-/*
- * FUNCTION: CRMF_PKIArchiveOptionsGetOptionType
- * INPUTS:
- * inOptions
- * The PKIArchiveOptions to operate on.
- * RETURN:
- * Returns the choice used for the PKIArchiveOptions. Look at the definition
- * of CRMFPKIArchiveOptionsType in crmft.h for possible return values.
- */
-extern CRMFPKIArchiveOptionsType
- CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions);
-
-/*
- * FUNCTION: CRMF_PKIArchiveOptionsGetEncryptedPrivKey
- * INPUTS:
- * inOpts
- * The PKIArchiveOptions to operate on.
- *
- * NOTES:
- * The user must call CRMF_DestroyEncryptedKey when done using this return
- * value.
- *
- * RETURN:
- * Get the encryptedPrivKey field of the PKIArchiveOptions structure.
- * A return value of NULL indicates that encryptedPrivKey was not used as
- * the choice for this PKIArchiveOptions.
- */
-extern CRMFEncryptedKey*
- CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts);
-
-/*
- * FUNCTION: CRMF_EncryptedKeyGetChoice
- * INPUTS:
- * inEncrKey
- * The EncryptedKey to operate on.
- *
- * NOTES:
- * Get the choice used for representing the EncryptedKey.
- *
- * RETURN:
- * Returns the Choice used in representing the EncryptedKey. Look in
- * crmft.h at the definition of CRMFEncryptedKeyChoice for possible return
- * values.
- */
-extern CRMFEncryptedKeyChoice
- CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey);
-
-
-/*
- * FUNCTION: CRMF_EncryptedKeyGetEncryptedValue
- * INPUTS:
- * inKey
- * The EncryptedKey to operate on.
- *
- * NOTES:
- * The user must call CRMF_DestroyEncryptedValue passing in
- * CRMF_GetEncryptedValue's return value.
- *
- * RETURN:
- * A pointer to a copy of the EncryptedValue contained as a member of
- * the EncryptedKey.
- */
-extern CRMFEncryptedValue*
- CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inKey);
-
-/*
- * FUNCTION: CRMF_DestroyEncryptedValue
- * INPUTS:
- * inEncrValue
- * The EncryptedValue to destroy.
- *
- * NOTES:
- * Free up all memory associated with 'inEncrValue'.
- *
- * RETURN:
- * SECSuccess if freeing up the memory associated with the EncryptedValue
- * is successful. Any other return value indicates an error while freeing the
- * memory.
- */
-extern SECStatus CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue);
-
-/*
- * FUNCTION: CRMF_EncryptedValueGetEncValue
- * INPUTS:
- * inEncValue
- * The EncryptedValue to operate on.
- * NOTES:
- * Function retrieves the encValue from an EncryptedValue structure.
- *
- * RETURN:
- * A poiner to a SECItem containing the encValue of the EncryptedValue
- * structure. The return value is in BIT STRING format, meaning the
- * len field of the return structure represents the number of valid bits
- * as opposed to the allocated number of bytes.
- * ANULL return value indicates an error in copying the encValue field.
- */
-extern SECItem* CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncValue);
-
-/*
- * FUNCTION: CRMF_EncryptedValueGetIntendedAlg
- * INPUTS
- * inEncValue
- * The EncryptedValue to operate on.
- * NOTES:
- * Retrieve the IntendedAlg field from the EncryptedValue structure.
- * Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using
- * the return value. When present, this alogorithm is the alogrithm for
- * which the private key will be used.
- *
- * RETURN:
- * A Copy of the intendedAlg field. A NULL return value indicates the
- * optional field was not present in the structure.
- */
-extern SECAlgorithmID*
- CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue);
-
-
-/*
- * FUNCTION: CRMF_EncryptedValueGetSymmAlg
- * INPUTS
- * inEncValue
- * The EncryptedValue to operate on.
- * NOTES:
- * Retrieve the symmAlg field from the EncryptedValue structure.
- * Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using
- * the return value. When present, this is algorithm used to
- * encrypt the encValue of the EncryptedValue.
- *
- * RETURN:
- * A Copy of the symmAlg field. A NULL return value indicates the
- * optional field was not present in the structure.
- */
-extern SECAlgorithmID*
- CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue);
-
-
-/*
- * FUNCTION: CRMF_EncryptedValueGetKeyAlg
- * INPUTS
- * inEncValue
- * The EncryptedValue to operate on.
- * NOTES:
- * Retrieve the keyAlg field from the EncryptedValue structure.
- * Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using
- * the return value. When present, this is the algorithm used to encrypt
- * the symmetric key in the encSymmKey field of the EncryptedValue structure.
- *
- * RETURN:
- * A Copy of the keyAlg field. A NULL return value indicates the
- * optional field was not present in the structure.
- */
-extern SECAlgorithmID*
- CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue);
-
-/*
- * FUNCTION: CRMF_EncryptedValueGetValueHint
- * INPUTS:
- * inEncValue
- * The EncryptedValue to operate on.
- *
- * NOTES:
- * Return a copy of the der-encoded value hint.
- * User must call SECITEM_FreeItem(retVal, PR_TRUE) when done using the
- * return value. When, present, this is a value that the client which
- * originally issued a certificate request can use to reproduce any data
- * it wants. The RA does not know how to interpret this data.
- *
- * RETURN:
- * A copy of the valueHint field of the EncryptedValue. A NULL return
- * value indicates the optional valueHint field is not present in the
- * EncryptedValue.
- */
-extern SECItem*
- CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue);
-
-/*
- * FUNCTION: CRMF_EncrypteValueGetEncSymmKey
- * INPUTS:
- * inEncValue
- * The EncryptedValue to operate on.
- *
- * NOTES:
- * Return a copy of the encSymmKey field. This field is the encrypted
- * symmetric key that the client uses in doing Public Key wrap of a private
- * key. When present, this is the symmetric key that was used to wrap the
- * private key. (The encrypted private key will be stored in encValue
- * of the same EncryptedValue structure.) The user must call
- * SECITEM_FreeItem(retVal, PR_TRUE) when the return value is no longer
- * needed.
- *
- * RETURN:
- * A copy of the optional encSymmKey field of the EncryptedValue structure.
- * The return value will be in BIT STRING format, meaning the len field will
- * be the number of valid bits as opposed to the number of bytes. A return
- * value of NULL means the optional encSymmKey field was not present in
- * the EncryptedValue structure.
- */
-extern SECItem*
- CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue);
-
-/*
- * FUNCTION: CRMF_PKIArchiveOptionsGetKeyGenParameters
- * INPUTS:
- * inOptions
- * The PKiArchiveOptions to operate on.
- *
- * NOTES:
- * User must call SECITEM_FreeItem(retVal, PR_TRUE) after the return
- * value is no longer needed.
- *
- * RETURN:
- * Get the keyGenParameters field of the PKIArchiveOptions.
- * A NULL return value indicates that keyGenParameters was not
- * used as the choice for this PKIArchiveOptions.
- *
- * The SECItem returned is in BIT STRING format (ie, the len field indicates
- * number of valid bits as opposed to allocated number of bytes.)
- */
-extern SECItem*
- CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions);
-
-/*
- * FUNCTION: CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey
- * INPUTS:
- * inOpt
- * The PKIArchiveOptions to operate on.
- * destVal
- * A pointer to where the library can place the value for
- * arciveRemGenPrivKey
- * RETURN:
- * If the PKIArchiveOptions used the archiveRemGenPrivKey field, the
- * function returns SECSuccess and fills the value at *destValue with either
- * PR_TRUE or PR_FALSE, depending on what the PKIArchiveOptions has as a
- * value.
- *
- * If the PKIArchiveOptions does not use the archiveRemGenPrivKey field, the
- * function returns SECFailure and the value at *destValue is unchanged.
- */
-extern SECStatus
- CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
- PRBool *destVal);
-
-/* Helper functions that can be used by other libraries. */
-/*
- * A quick helper funciton to get the best wrap mechanism.
- */
-extern CK_MECHANISM_TYPE CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot);
-
-/*
- * A helper function to get a randomly generated IV from a mechanism
- * type.
- */
-extern SECItem* CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType);
-
-SEC_END_PROTOS
-#endif /*_CRMF_H_*/
-
-
diff --git a/security/nss/lib/crmf/crmfcont.c b/security/nss/lib/crmf/crmfcont.c
deleted file mode 100644
index b6e197522..000000000
--- a/security/nss/lib/crmf/crmfcont.c
+++ /dev/null
@@ -1,1164 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "crmf.h"
-#include "crmfi.h"
-#include "pk11func.h"
-#include "keyhi.h"
-#include "secoid.h"
-
-static SECStatus
-crmf_modify_control_array (CRMFCertRequest *inCertReq, int count)
-{
- if (count > 0) {
- void *dummy = PORT_Realloc(inCertReq->controls,
- sizeof(CRMFControl*)*(count+2));
- if (dummy == NULL) {
- return SECFailure;
- }
- inCertReq->controls = dummy;
- } else {
- inCertReq->controls = PORT_ZNewArray(CRMFControl*, 2);
- }
- return (inCertReq->controls == NULL) ? SECFailure : SECSuccess ;
-}
-
-static SECStatus
-crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag,
- CRMFControl **destControl)
-{
- SECOidData *oidData;
- SECStatus rv;
- PRArenaPool *poolp;
- int numControls = 0;
- CRMFControl *newControl;
- CRMFControl **controls;
- void *mark;
-
- poolp = inCertReq->poolp;
- if (poolp == NULL) {
- return SECFailure;
- }
- mark = PORT_ArenaMark(poolp);
- if (inCertReq->controls != NULL) {
- while (inCertReq->controls[numControls] != NULL)
- numControls++;
- }
- rv = crmf_modify_control_array(inCertReq, numControls);
- if (rv != SECSuccess) {
- goto loser;
- }
- controls = inCertReq->controls;
- oidData = SECOID_FindOIDByTag(inTag);
- newControl = *destControl = PORT_ArenaZNew(poolp,CRMFControl);
- if (newControl == NULL) {
- goto loser;
- }
- rv = SECITEM_CopyItem(poolp, &newControl->derTag, &oidData->oid);
- if (rv != SECSuccess) {
- goto loser;
- }
- newControl->tag = inTag;
- controls[numControls] = newControl;
- controls[numControls+1] = NULL;
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
- loser:
- PORT_ArenaRelease(poolp, mark);
- *destControl = NULL;
- return SECFailure;
-
-}
-
-SECStatus
-crmf_add_secitem_control(CRMFCertRequest *inCertReq, SECItem *value,
- SECOidTag inTag)
-{
- SECStatus rv;
- CRMFControl *newControl;
- void *mark;
-
- rv = crmf_add_new_control(inCertReq, inTag, &newControl);
- if (rv != SECSuccess) {
- return rv;
- }
- mark = PORT_ArenaMark(inCertReq->poolp);
- rv = SECITEM_CopyItem(inCertReq->poolp, &newControl->derValue, value);
- if (rv != SECSuccess) {
- PORT_ArenaRelease(inCertReq->poolp, mark);
- return rv;
- }
- PORT_ArenaUnmark(inCertReq->poolp, mark);
- return SECSuccess;
-}
-
-SECStatus
-CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq, SECItem *value)
-{
- return crmf_add_secitem_control(inCertReq, value,
- SEC_OID_PKIX_REGCTRL_REGTOKEN);
-}
-
-SECStatus
-CRMF_CertRequestSetAuthenticatorControl (CRMFCertRequest *inCertReq,
- SECItem *value)
-{
- return crmf_add_secitem_control(inCertReq, value,
- SEC_OID_PKIX_REGCTRL_AUTHENTICATOR);
-}
-
-SECStatus
-crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, PRBool freeit)
-{
- if (inEncrValue != NULL) {
- if (inEncrValue->intendedAlg) {
- SECOID_DestroyAlgorithmID(inEncrValue->intendedAlg, PR_TRUE);
- }
- if (inEncrValue->symmAlg) {
- SECOID_DestroyAlgorithmID(inEncrValue->symmAlg, PR_TRUE);
- }
- if (inEncrValue->encSymmKey.data) {
- PORT_Free(inEncrValue->encSymmKey.data);
- }
- if (inEncrValue->keyAlg) {
- SECOID_DestroyAlgorithmID(inEncrValue->keyAlg, PR_TRUE);
- }
- if (inEncrValue->valueHint.data) {
- PORT_Free(inEncrValue->valueHint.data);
- }
- if (inEncrValue->encValue.data) {
- PORT_Free(inEncrValue->encValue.data);
- }
- if (freeit) {
- PORT_Free(inEncrValue);
- }
- }
- return SECSuccess;
-}
-
-SECStatus
-CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue)
-{
- return crmf_destroy_encrypted_value(inEncrValue, PR_TRUE);
-}
-
-SECStatus
-crmf_copy_encryptedvalue_secalg(PRArenaPool *poolp,
- SECAlgorithmID *srcAlgId,
- SECAlgorithmID **destAlgId)
-{
- SECAlgorithmID *newAlgId;
-
- *destAlgId = newAlgId = (poolp != NULL) ?
- PORT_ArenaZNew(poolp, SECAlgorithmID) :
- PORT_ZNew(SECAlgorithmID);
- if (newAlgId == NULL) {
- return SECFailure;
- }
-
- return SECOID_CopyAlgorithmID(poolp, newAlgId, srcAlgId);
-}
-
-SECStatus
-crmf_copy_encryptedvalue(PRArenaPool *poolp,
- CRMFEncryptedValue *srcValue,
- CRMFEncryptedValue *destValue)
-{
- SECStatus rv;
-
- if (srcValue->intendedAlg != NULL) {
- rv = crmf_copy_encryptedvalue_secalg(poolp,
- srcValue->intendedAlg,
- &destValue->intendedAlg);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcValue->symmAlg != NULL) {
- rv = crmf_copy_encryptedvalue_secalg(poolp,
- srcValue->symmAlg,
- &destValue->symmAlg);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcValue->encSymmKey.data != NULL) {
- rv = crmf_make_bitstring_copy(poolp,
- &destValue->encSymmKey,
- &srcValue->encSymmKey);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcValue->keyAlg != NULL) {
- rv = crmf_copy_encryptedvalue_secalg(poolp,
- srcValue->keyAlg,
- &destValue->keyAlg);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcValue->valueHint.data != NULL) {
- rv = SECITEM_CopyItem(poolp,
- &destValue->valueHint,
- &srcValue->valueHint);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcValue->encValue.data != NULL) {
- rv = crmf_make_bitstring_copy(poolp,
- &destValue->encValue,
- &srcValue->encValue);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- return SECSuccess;
- loser:
- if (poolp == NULL && destValue != NULL) {
- crmf_destroy_encrypted_value(destValue, PR_TRUE);
- }
- return SECFailure;
-}
-
-SECStatus
-crmf_copy_encryptedkey(PRArenaPool *poolp,
- CRMFEncryptedKey *srcEncrKey,
- CRMFEncryptedKey *destEncrKey)
-{
- SECStatus rv;
- void *mark;
-
- if (poolp != NULL) {
- mark = PORT_ArenaMark(poolp);
- }
-
- switch (srcEncrKey->encKeyChoice) {
- case crmfEncryptedValueChoice:
- rv = crmf_copy_encryptedvalue(poolp,
- &srcEncrKey->value.encryptedValue,
- &destEncrKey->value.encryptedValue);
- break;
- case crmfEnvelopedDataChoice:
- destEncrKey->value.envelopedData =
- SEC_PKCS7CopyContentInfo(srcEncrKey->value.envelopedData);
- rv = (destEncrKey->value.envelopedData != NULL) ? SECSuccess:
- SECFailure;
- break;
- default:
- rv = SECFailure;
- }
- if (rv != SECSuccess) {
- goto loser;
- }
- destEncrKey->encKeyChoice = srcEncrKey->encKeyChoice;
- if (poolp != NULL) {
- PORT_ArenaUnmark(poolp, mark);
- }
- return SECSuccess;
-
- loser:
- if (poolp != NULL) {
- PORT_ArenaRelease(poolp, mark);
- }
- return SECFailure;
-}
-
-CRMFPKIArchiveOptions*
-crmf_create_encr_pivkey_option(CRMFEncryptedKey *inEncryptedKey)
-{
- CRMFPKIArchiveOptions *newArchOpt;
- SECStatus rv;
-
- newArchOpt = PORT_ZNew(CRMFPKIArchiveOptions);
- if (newArchOpt == NULL) {
- goto loser;
- }
-
- rv = crmf_copy_encryptedkey(NULL, inEncryptedKey,
- &newArchOpt->option.encryptedKey);
-
- if (rv != SECSuccess) {
- goto loser;
- }
- newArchOpt->archOption = crmfEncryptedPrivateKey;
- return newArchOpt;
- loser:
- if (newArchOpt != NULL) {
- CRMF_DestroyPKIArchiveOptions(newArchOpt);
- }
- return NULL;
-}
-
-static CRMFPKIArchiveOptions*
-crmf_create_keygen_param_option(SECItem *inKeyGenParams)
-{
- CRMFPKIArchiveOptions *newArchOptions;
- SECStatus rv;
-
- newArchOptions = PORT_ZNew(CRMFPKIArchiveOptions);
- if (newArchOptions == NULL) {
- goto loser;
- }
- newArchOptions->archOption = crmfKeyGenParameters;
- rv = SECITEM_CopyItem(NULL, &newArchOptions->option.keyGenParameters,
- inKeyGenParams);
- if (rv != SECSuccess) {
- goto loser;
- }
- return newArchOptions;
- loser:
- if (newArchOptions != NULL) {
- CRMF_DestroyPKIArchiveOptions(newArchOptions);
- }
- return NULL;
-}
-
-static CRMFPKIArchiveOptions*
-crmf_create_arch_rem_gen_privkey(PRBool archiveRemGenPrivKey)
-{
- unsigned char value;
- SECItem *dummy;
- CRMFPKIArchiveOptions *newArchOptions;
-
- value = (archiveRemGenPrivKey) ? hexTrue : hexFalse;
- newArchOptions = PORT_ZNew(CRMFPKIArchiveOptions);
- if (newArchOptions == NULL) {
- goto loser;
- }
- dummy = SEC_ASN1EncodeItem(NULL,
- &newArchOptions->option.archiveRemGenPrivKey,
- &value, SEC_BooleanTemplate);
- PORT_Assert (dummy == &newArchOptions->option.archiveRemGenPrivKey);
- if (dummy != &newArchOptions->option.archiveRemGenPrivKey) {
- SECITEM_FreeItem (dummy, PR_TRUE);
- goto loser;
- }
- newArchOptions->archOption = crmfArchiveRemGenPrivKey;
- return newArchOptions;
- loser:
- if (newArchOptions != NULL) {
- CRMF_DestroyPKIArchiveOptions(newArchOptions);
- }
- return NULL;
-}
-
-CRMFPKIArchiveOptions*
-CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType, void *data)
-{
- CRMFPKIArchiveOptions* retOptions;
-
- PORT_Assert(data != NULL);
- if (data == NULL) {
- return NULL;
- }
- switch(inType) {
- case crmfEncryptedPrivateKey:
- retOptions = crmf_create_encr_pivkey_option((CRMFEncryptedKey*)data);
- break;
- case crmfKeyGenParameters:
- retOptions = crmf_create_keygen_param_option((SECItem*)data);
- break;
- case crmfArchiveRemGenPrivKey:
- retOptions = crmf_create_arch_rem_gen_privkey(*(PRBool*)data);
- break;
- default:
- retOptions = NULL;
- }
- return retOptions;
-}
-
-static SECStatus
-crmf_destroy_encrypted_key(CRMFEncryptedKey *inEncrKey, PRBool freeit)
-{
- PORT_Assert(inEncrKey != NULL);
- if (inEncrKey != NULL) {
- switch (inEncrKey->encKeyChoice){
- case crmfEncryptedValueChoice:
- crmf_destroy_encrypted_value(&inEncrKey->value.encryptedValue,
- PR_FALSE);
- break;
- case crmfEnvelopedDataChoice:
- SEC_PKCS7DestroyContentInfo(inEncrKey->value.envelopedData);
- break;
- default:
- break;
- }
- if (freeit) {
- PORT_Free(inEncrKey);
- }
- }
- return SECSuccess;
-}
-
-SECStatus
-crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
- PRBool freeit)
-{
- PORT_Assert(inArchOptions != NULL);
- if (inArchOptions != NULL) {
- switch (inArchOptions->archOption) {
- case crmfEncryptedPrivateKey:
- crmf_destroy_encrypted_key(&inArchOptions->option.encryptedKey,
- PR_FALSE);
- break;
- case crmfKeyGenParameters:
- case crmfArchiveRemGenPrivKey:
- /* This is a union, so having a pointer to one is like
- * having a pointer to both.
- */
- SECITEM_FreeItem(&inArchOptions->option.keyGenParameters,
- PR_FALSE);
- break;
- case crmfNoArchiveOptions:
- break;
- }
- if (freeit) {
- PORT_Free(inArchOptions);
- }
- }
- return SECSuccess;
-}
-
-SECStatus
-CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOptions)
-{
- return crmf_destroy_pkiarchiveoptions(inArchOptions, PR_TRUE);
-}
-
-static CK_MECHANISM_TYPE
-crmf_get_non_pad_mechanism(CK_MECHANISM_TYPE type)
-{
- switch (type) {
- case CKM_DES3_CBC_PAD:
- return CKM_DES3_CBC;
- case CKM_CAST5_CBC_PAD:
- return CKM_CAST5_CBC;
- case CKM_DES_CBC_PAD:
- return CKM_DES_CBC;
- case CKM_IDEA_CBC_PAD:
- return CKM_IDEA_CBC;
- case CKM_CAST3_CBC_PAD:
- return CKM_CAST3_CBC;
- case CKM_CAST_CBC_PAD:
- return CKM_CAST_CBC;
- case CKM_RC5_CBC_PAD:
- return CKM_RC5_CBC;
- case CKM_RC2_CBC_PAD:
- return CKM_RC2_CBC;
- case CKM_CDMF_CBC_PAD:
- return CKM_CDMF_CBC;
- }
- return type;
-}
-
-static CK_MECHANISM_TYPE
-crmf_get_pad_mech_from_tag(SECOidTag oidTag)
-{
- CK_MECHANISM_TYPE mechType;
- SECOidData *oidData;
-
- oidData = SECOID_FindOIDByTag(oidTag);
- mechType = (CK_MECHANISM_TYPE)oidData->mechanism;
- return PK11_GetPadMechanism(mechType);
-}
-
-static CK_MECHANISM_TYPE
-crmf_get_best_privkey_wrap_mechanism(PK11SlotInfo *slot)
-{
- CK_MECHANISM_TYPE privKeyPadMechs[] = { CKM_DES3_CBC_PAD,
- CKM_CAST5_CBC_PAD,
- CKM_DES_CBC_PAD,
- CKM_IDEA_CBC_PAD,
- CKM_CAST3_CBC_PAD,
- CKM_CAST_CBC_PAD,
- CKM_RC5_CBC_PAD,
- CKM_RC2_CBC_PAD,
- CKM_CDMF_CBC_PAD };
- int mechCount = sizeof(privKeyPadMechs)/sizeof(privKeyPadMechs[0]);
- int i;
-
- for (i=0; i < mechCount; i++) {
- if (PK11_DoesMechanism(slot, privKeyPadMechs[i])) {
- return privKeyPadMechs[i];
- }
- }
- return CKM_INVALID_MECHANISM;
-}
-
-CK_MECHANISM_TYPE
-CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot)
-{
- return crmf_get_best_privkey_wrap_mechanism(slot);
-}
-
-static SECItem*
-crmf_get_iv(CK_MECHANISM_TYPE mechType)
-{
- int iv_size = PK11_GetIVLength(mechType);
- SECItem *iv;
- SECStatus rv;
-
- iv = PORT_ZNew(SECItem);
- if (iv == NULL) {
- return NULL;
- }
- if (iv_size == 0) {
- iv->data = NULL;
- iv->len = 0;
- return iv;
- }
- iv->data = PORT_NewArray(unsigned char, iv_size);
- if (iv->data == NULL) {
- iv->len = 0;
- return iv;
- }
- iv->len = iv_size;
- rv = PK11_GenerateRandom(iv->data, iv->len);
- if (rv != SECSuccess) {
- PORT_Free(iv->data);
- iv->data = NULL;
- iv->len = 0;
- }
- return iv;
-}
-
-SECItem*
-CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType)
-{
- return crmf_get_iv(mechType);
-}
-
-CK_MECHANISM_TYPE
-crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey)
-{
- CERTSubjectPublicKeyInfo *spki = NULL;
- SECOidTag tag;
-
-
- spki = SECKEY_CreateSubjectPublicKeyInfo(inPubKey);
- if (spki == NULL) {
- return CKM_INVALID_MECHANISM;
- }
- tag = SECOID_FindOIDTag(&spki->algorithm.algorithm);
- SECKEY_DestroySubjectPublicKeyInfo(spki);
- spki = NULL;
- return PK11_AlgtagToMechanism(tag);
-}
-
-SECItem*
-crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest)
-{
- SECItem *pubValue;
-
- if (dest != NULL) {
- pubValue = dest;
- } else {
- pubValue = PORT_ZNew(SECItem);
- }
- switch(pubKey->keyType) {
- case dsaKey:
- SECITEM_CopyItem(NULL, pubValue, &pubKey->u.dsa.publicValue);
- break;
- case rsaKey:
- SECITEM_CopyItem(NULL, pubValue, &pubKey->u.rsa.modulus);
- break;
- case dhKey:
- SECITEM_CopyItem(NULL, pubValue, &pubKey->u.dh.publicValue);
- break;
- default:
- if (dest == NULL) {
- PORT_Free(pubValue);
- }
- pubValue = NULL;
- break;
- }
- return pubValue;
-}
-
-static SECItem*
-crmf_decode_params(SECItem *inParams)
-{
- SECItem *params;
- SECStatus rv;
-
- params = PORT_ZNew(SECItem);
- rv = SEC_ASN1DecodeItem(NULL, params, SEC_OctetStringTemplate,
- inParams);
- if (rv != SECSuccess) {
- SECITEM_FreeItem(params, PR_TRUE);
- return NULL;
- }
- return params;
-}
-
-int
-crmf_get_key_size_from_mech(CK_MECHANISM_TYPE mechType)
-{
- CK_MECHANISM_TYPE keyGen = PK11_GetKeyGen(mechType);
-
- switch (keyGen) {
- case CKM_CDMF_KEY_GEN:
- case CKM_DES_KEY_GEN:
- return 8;
- case CKM_DES2_KEY_GEN:
- return 16;
- case CKM_DES3_KEY_GEN:
- return 24;
- }
- return 0;
-}
-
-SECStatus
-crmf_encrypted_value_unwrap_priv_key(PRArenaPool *poolp,
- CRMFEncryptedValue *encValue,
- SECKEYPrivateKey *privKey,
- SECKEYPublicKey *newPubKey,
- SECItem *nickname,
- PK11SlotInfo *slot,
- unsigned char keyUsage,
- SECKEYPrivateKey **unWrappedKey,
- void *wincx)
-{
- PK11SymKey *wrappingKey = NULL;
- CK_MECHANISM_TYPE wrapMechType;
- SECOidTag oidTag;
- SECItem *params = NULL, *publicValue = NULL;
- int keySize, origLen;
- CK_KEY_TYPE keyType;
- CK_ATTRIBUTE_TYPE *usage;
- CK_ATTRIBUTE_TYPE rsaUsage[] = {
- CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER };
- CK_ATTRIBUTE_TYPE dsaUsage[] = { CKA_SIGN };
- CK_ATTRIBUTE_TYPE dhUsage[] = { CKA_DERIVE };
- int usageCount;
-
- oidTag = SECOID_GetAlgorithmTag(encValue->symmAlg);
- wrapMechType = crmf_get_pad_mech_from_tag(oidTag);
- keySize = crmf_get_key_size_from_mech(wrapMechType);
- wrappingKey = PK11_PubUnwrapSymKey(privKey, &encValue->encSymmKey,
- wrapMechType, CKA_UNWRAP, keySize);
- if (wrappingKey == NULL) {
- goto loser;
- }/* Make the length a byte length instead of bit length*/
- params = (encValue->symmAlg != NULL) ?
- crmf_decode_params(&encValue->symmAlg->parameters) : NULL;
- origLen = encValue->encValue.len;
- encValue->encValue.len = CRMF_BITS_TO_BYTES(origLen);
- publicValue = crmf_get_public_value(newPubKey, NULL);
- switch(newPubKey->keyType) {
- default:
- case rsaKey:
- keyType = CKK_RSA;
- switch (keyUsage & (KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE)) {
- case KU_KEY_ENCIPHERMENT:
- usage = rsaUsage;
- usageCount = 2;
- break;
- case KU_DIGITAL_SIGNATURE:
- usage = &rsaUsage[2];
- usageCount = 2;
- break;
- case KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE:
- case 0: /* default to everything */
- usage = rsaUsage;
- usageCount = 4;
- break;
- }
- break;
- case dhKey:
- keyType = CKK_DH;
- usage = dhUsage;
- usageCount = sizeof(dhUsage)/sizeof(dhUsage[0]);
- break;
- case dsaKey:
- keyType = CKK_DSA;
- usage = dsaUsage;
- usageCount = sizeof(dsaUsage)/sizeof(dsaUsage[0]);
- break;
- }
- *unWrappedKey = PK11_UnwrapPrivKey(slot, wrappingKey, wrapMechType, params,
- &encValue->encValue, nickname,
- publicValue, PR_TRUE,PR_TRUE,
- keyType, usage, usageCount, wincx);
- encValue->encValue.len = origLen;
- if (*unWrappedKey == NULL) {
- goto loser;
- }
- SECITEM_FreeItem (publicValue, PR_TRUE);
- if (params!= NULL) {
- SECITEM_FreeItem(params, PR_TRUE);
- }
- PK11_FreeSymKey(wrappingKey);
- return SECSuccess;
- loser:
- *unWrappedKey = NULL;
- return SECFailure;
-}
-
-CRMFEncryptedValue *
-crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inCAKey,
- CRMFEncryptedValue *destValue)
-{
- SECItem wrappedPrivKey, wrappedSymKey;
- SECItem encodedParam, *dummy;
- SECStatus rv;
- CK_MECHANISM_TYPE pubMechType, symKeyType;
- unsigned char *wrappedSymKeyBits;
- unsigned char *wrappedPrivKeyBits;
- SECItem *iv = NULL;
- SECOidTag tag;
- PK11SymKey *symKey;
- PK11SlotInfo *slot;
- SECAlgorithmID *symmAlg;
- CRMFEncryptedValue *myEncrValue = NULL;
-
- encodedParam.data = NULL;
- wrappedSymKeyBits = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN);
- wrappedPrivKeyBits = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN);
- if (wrappedSymKeyBits == NULL || wrappedPrivKeyBits == NULL) {
- goto loser;
- }
- if (destValue == NULL) {
- myEncrValue = destValue = PORT_ZNew(CRMFEncryptedValue);
- if (destValue == NULL) {
- goto loser;
- }
- }
-
- pubMechType = crmf_get_mechanism_from_public_key(inCAKey);
- if (pubMechType == CKM_INVALID_MECHANISM) {
- /* XXX I should probably do something here for non-RSA
- * keys that are in certs. (ie DSA)
- */
- goto loser;
- }
- slot = inPrivKey->pkcs11Slot;
- PORT_Assert(slot != NULL);
- symKeyType = crmf_get_best_privkey_wrap_mechanism(slot);
- symKey = PK11_KeyGen(slot, symKeyType, NULL, 0, NULL);
- if (symKey == NULL) {
- goto loser;
- }
-
- wrappedSymKey.data = wrappedSymKeyBits;
- wrappedSymKey.len = MAX_WRAPPED_KEY_LEN;
- rv = PK11_PubWrapSymKey(pubMechType, inCAKey, symKey, &wrappedSymKey);
- if (rv != SECSuccess) {
- goto loser;
- }
- /* Make the length of the result a Bit String length. */
- wrappedSymKey.len <<= 3;
-
- wrappedPrivKey.data = wrappedPrivKeyBits;
- wrappedPrivKey.len = MAX_WRAPPED_KEY_LEN;
- iv = crmf_get_iv(symKeyType);
- rv = PK11_WrapPrivKey(slot, symKey, inPrivKey, symKeyType, iv,
- &wrappedPrivKey, NULL);
- PK11_FreeSymKey(symKey);
- if (rv != SECSuccess) {
- goto loser;
- }
- /* Make the length of the result a Bit String length. */
- wrappedPrivKey.len <<= 3;
- rv = crmf_make_bitstring_copy(NULL,
- &destValue->encValue,
- &wrappedPrivKey);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- rv = crmf_make_bitstring_copy(NULL,
- &destValue->encSymmKey,
- &wrappedSymKey);
- if (rv != SECSuccess) {
- goto loser;
- }
- destValue->symmAlg = symmAlg = PORT_ZNew(SECAlgorithmID);
- if (symmAlg == NULL) {
- goto loser;
- }
-
- dummy = SEC_ASN1EncodeItem(NULL, &encodedParam, iv,
- SEC_OctetStringTemplate);
- if (dummy != &encodedParam) {
- SECITEM_FreeItem(dummy, PR_TRUE);
- goto loser;
- }
-
- symKeyType = crmf_get_non_pad_mechanism(symKeyType);
- tag = PK11_MechanismToAlgtag(symKeyType);
- rv = SECOID_SetAlgorithmID(NULL, symmAlg, tag, &encodedParam);
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_Free(encodedParam.data);
- PORT_Free(wrappedPrivKeyBits);
- PORT_Free(wrappedSymKeyBits);
- if (iv->data != NULL) {
- PORT_Free(iv->data);
- }
- PORT_Free(iv);
- return destValue;
- loser:
- if (iv != NULL) {
- if (iv->data) {
- PORT_Free(iv->data);
- }
- PORT_Free(iv);
- }
- if (myEncrValue != NULL) {
- crmf_destroy_encrypted_value(myEncrValue, PR_TRUE);
- }
- if (wrappedSymKeyBits != NULL) {
- PORT_Free(wrappedSymKeyBits);
- }
- if (wrappedPrivKeyBits != NULL) {
- PORT_Free(wrappedPrivKeyBits);
- }
- if (encodedParam.data != NULL) {
- PORT_Free(encodedParam.data);
- }
- return NULL;
-}
-
-CRMFEncryptedKey*
-CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey,
- CERTCertificate *inCACert)
-{
- SECKEYPublicKey *caPubKey = NULL;
- CRMFEncryptedKey *encKey = NULL;
- CRMFEncryptedValue *dummy;
-
- PORT_Assert(inPrivKey != NULL && inCACert != NULL);
- if (inPrivKey == NULL || inCACert == NULL) {
- return NULL;
- }
-
- caPubKey = CERT_ExtractPublicKey(inCACert);
- if (caPubKey == NULL) {
- goto loser;
- }
-
- encKey = PORT_ZNew(CRMFEncryptedKey);
- if (encKey == NULL) {
- goto loser;
- }
- dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey,
- caPubKey,
- &encKey->value.encryptedValue);
- PORT_Assert(dummy == &encKey->value.encryptedValue);
- /* We won't add the der value here, but rather when it
- * becomes part of a certificate request.
- */
- SECKEY_DestroyPublicKey(caPubKey);
- encKey->encKeyChoice = crmfEncryptedValueChoice;
- return encKey;
- loser:
- if (encKey != NULL) {
- CRMF_DestroyEncryptedKey(encKey);
- }
- if (caPubKey != NULL) {
- SECKEY_DestroyPublicKey(caPubKey);
- }
- return NULL;
-}
-
-SECStatus
-CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey)
-{
- return crmf_destroy_encrypted_key(inEncrKey, PR_TRUE);
-}
-
-SECStatus
-crmf_copy_pkiarchiveoptions(PRArenaPool *poolp,
- CRMFPKIArchiveOptions *destOpt,
- CRMFPKIArchiveOptions *srcOpt)
-{
- SECStatus rv;
- destOpt->archOption = srcOpt->archOption;
- switch (srcOpt->archOption) {
- case crmfEncryptedPrivateKey:
- rv = crmf_copy_encryptedkey(poolp,
- &srcOpt->option.encryptedKey,
- &destOpt->option.encryptedKey);
- break;
- case crmfKeyGenParameters:
- case crmfArchiveRemGenPrivKey:
- /* We've got a union, so having a pointer to one is just
- * like having a pointer to the other one.
- */
- rv = SECITEM_CopyItem(poolp,
- &destOpt->option.keyGenParameters,
- &srcOpt->option.keyGenParameters);
- break;
- default:
- rv = SECFailure;
- }
- return rv;
-}
-
-static SECStatus
-crmf_check_and_adjust_archoption(CRMFControl *inControl)
-{
- CRMFPKIArchiveOptions *options;
-
- options = &inControl->value.archiveOptions;
- if (options->archOption == crmfNoArchiveOptions) {
- /* It hasn't been set, so figure it out from the
- * der.
- */
- switch (inControl->derValue.data[0] & 0x0f) {
- case 0:
- options->archOption = crmfEncryptedPrivateKey;
- break;
- case 1:
- options->archOption = crmfKeyGenParameters;
- break;
- case 2:
- options->archOption = crmfArchiveRemGenPrivKey;
- break;
- default:
- /* We've got bad DER. Return an error. */
- return SECFailure;
- }
- }
- return SECSuccess;
-}
-
-static const SEC_ASN1Template *
-crmf_get_pkiarchive_subtemplate(CRMFControl *inControl)
-{
- const SEC_ASN1Template *retTemplate;
- SECStatus rv;
- /*
- * We could be in the process of decoding, in which case the
- * archOption field will not be set. Let's check it and set
- * it accordingly.
- */
-
- rv = crmf_check_and_adjust_archoption(inControl);
- if (rv != SECSuccess) {
- return NULL;
- }
-
- switch (inControl->value.archiveOptions.archOption) {
- case crmfEncryptedPrivateKey:
- retTemplate = CRMFEncryptedKeyWithEncryptedValueTemplate;
- inControl->value.archiveOptions.option.encryptedKey.encKeyChoice =
- crmfEncryptedValueChoice;
- break;
- default:
- retTemplate = NULL;
- }
- return retTemplate;
-}
-
-const SEC_ASN1Template*
-crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl)
-{
- const SEC_ASN1Template *retTemplate;
-
- switch (inControl->tag) {
- case SEC_OID_PKIX_REGCTRL_REGTOKEN:
- case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
- retTemplate = SEC_UTF8StringTemplate;
- break;
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- retTemplate = crmf_get_pkiarchive_subtemplate(inControl);
- break;
- case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
- case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
- case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
- /* We don't support these controls, so we fail for now.*/
- retTemplate = NULL;
- break;
- default:
- retTemplate = NULL;
- }
- return retTemplate;
-}
-
-static SECStatus
-crmf_encode_pkiarchiveoptions(PRArenaPool *poolp, CRMFControl *inControl)
-{
- const SEC_ASN1Template *asn1Template;
- SECStatus rv;
-
- asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl);
- /* We've got a union, so passing a pointer to one element of the
- * union, is the same as passing a pointer to any of the other
- * members of the union.
- */
- SEC_ASN1EncodeItem(poolp, &inControl->derValue,
- &inControl->value.archiveOptions, asn1Template);
-
- if (inControl->derValue.data == NULL) {
- goto loser;
- }
- return SECSuccess;
- loser:
- return SECFailure;
-}
-
-SECStatus
-CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq,
- CRMFPKIArchiveOptions *inOptions)
-{
- CRMFControl *newControl;
- PRArenaPool *poolp;
- SECStatus rv;
- void *mark;
-
- PORT_Assert(inCertReq != NULL && inOptions != NULL);
- if (inCertReq == NULL || inOptions == NULL) {
- return SECFailure;
- }
- poolp = inCertReq->poolp;
- mark = PORT_ArenaMark(poolp);
- rv = crmf_add_new_control(inCertReq,
- SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
- &newControl);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- rv = crmf_copy_pkiarchiveoptions(poolp,
- &newControl->value.archiveOptions,
- inOptions);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- rv = crmf_encode_pkiarchiveoptions(poolp, newControl);
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
-}
-
-SECStatus
-crmf_destroy_control(CRMFControl *inControl, PRBool freeit)
-{
- PORT_Assert(inControl != NULL);
- if (inControl != NULL) {
- SECITEM_FreeItem(&inControl->derTag, PR_FALSE);
- SECITEM_FreeItem(&inControl->derValue, PR_FALSE);
- /* None of the other tags require special processing at
- * the moment when freeing because they are not supported,
- * but if/when they are, add the necessary routines here.
- * If all controls are supported, then every member of the
- * union inControl->value will have a case that deals with
- * it in the following switch statement.
- */
- switch (inControl->tag) {
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- crmf_destroy_pkiarchiveoptions(&inControl->value.archiveOptions,
- PR_FALSE);
- break;
- default:
- /* Put this here to get rid of all those annoying warnings.*/
- break;
- }
- if (freeit) {
- PORT_Free(inControl);
- }
- }
- return SECSuccess;
-}
-
-SECStatus
-CRMF_DestroyControl(CRMFControl *inControl)
-{
- return crmf_destroy_control(inControl, PR_TRUE);
-}
-
-static SECOidTag
-crmf_controltype_to_tag(CRMFControlType inControlType)
-{
- SECOidTag retVal;
-
- switch(inControlType) {
- case crmfRegTokenControl:
- retVal = SEC_OID_PKIX_REGCTRL_REGTOKEN;
- break;
- case crmfAuthenticatorControl:
- retVal = SEC_OID_PKIX_REGCTRL_AUTHENTICATOR;
- break;
- case crmfPKIPublicationInfoControl:
- retVal = SEC_OID_PKIX_REGCTRL_PKIPUBINFO;
- break;
- case crmfPKIArchiveOptionsControl:
- retVal = SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS;
- break;
- case crmfOldCertIDControl:
- retVal = SEC_OID_PKIX_REGCTRL_OLD_CERT_ID;
- break;
- case crmfProtocolEncrKeyControl:
- retVal = SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY;
- break;
- default:
- retVal = SEC_OID_UNKNOWN;
- break;
- }
- return retVal;
-}
-
-PRBool
-CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq,
- CRMFControlType inControlType)
-{
- SECOidTag controlTag;
- int i;
-
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL || inCertReq->controls == NULL) {
- return PR_FALSE;
- }
- controlTag = crmf_controltype_to_tag(inControlType);
- for (i=0; inCertReq->controls[i] != NULL; i++) {
- if (inCertReq->controls[i]->tag == controlTag) {
- return PR_TRUE;
- }
- }
- return PR_FALSE;
-}
-
diff --git a/security/nss/lib/crmf/crmfdec.c b/security/nss/lib/crmf/crmfdec.c
deleted file mode 100644
index cce945e6d..000000000
--- a/security/nss/lib/crmf/crmfdec.c
+++ /dev/null
@@ -1,380 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#include "crmf.h"
-#include "crmfi.h"
-#include "secitem.h"
-
-static CRMFPOPChoice
-crmf_get_popchoice_from_der(SECItem *derPOP)
-{
- CRMFPOPChoice retChoice;
-
- switch (derPOP->data[0] & 0x0f) {
- case 0:
- retChoice = crmfRAVerified;
- break;
- case 1:
- retChoice = crmfSignature;
- break;
- case 2:
- retChoice = crmfKeyEncipherment;
- break;
- case 3:
- retChoice = crmfKeyAgreement;
- break;
- default:
- retChoice = crmfNoPOPChoice;
- break;
- }
- return retChoice;
-}
-
-static SECStatus
-crmf_decode_process_raverified(CRMFCertReqMsg *inCertReqMsg)
-{
- CRMFProofOfPossession *pop;
- /* Just set up the structure so that the message structure
- * looks like one that was created using the API
- */
- pop = inCertReqMsg->pop;
- pop->popChoice.raVerified.data = NULL;
- pop->popChoice.raVerified.len = 0;
- return SECSuccess;
-}
-
-static SECStatus
-crmf_decode_process_signature(CRMFCertReqMsg *inCertReqMsg)
-{
- return SEC_ASN1Decode(inCertReqMsg->poolp,
- &inCertReqMsg->pop->popChoice.signature,
- CRMFPOPOSigningKeyTemplate,
- (const char*)inCertReqMsg->derPOP.data,
- inCertReqMsg->derPOP.len);
-}
-
-static CRMFPOPOPrivKeyChoice
-crmf_get_messagechoice_from_der(SECItem *derPOP)
-{
- CRMFPOPOPrivKeyChoice retChoice;
-
- switch (derPOP->data[2] & 0x0f) {
- case 0:
- retChoice = crmfThisMessage;
- break;
- case 1:
- retChoice = crmfSubsequentMessage;
- break;
- case 2:
- retChoice = crmfDHMAC;
- break;
- default:
- retChoice = crmfNoMessage;
- }
- return retChoice;
-}
-
-static SECStatus
-crmf_decode_process_popoprivkey(CRMFCertReqMsg *inCertReqMsg)
-{
- /* We've got a union, so a pointer to one POPOPrivKey
- * struct is the same as having a pointer to the other
- * one.
- */
- CRMFPOPOPrivKey *popoPrivKey =
- &inCertReqMsg->pop->popChoice.keyEncipherment;
- SECItem *derPOP, privKeyDer;
- SECStatus rv;
-
- derPOP = &inCertReqMsg->derPOP;
- popoPrivKey->messageChoice = crmf_get_messagechoice_from_der(derPOP);
- if (popoPrivKey->messageChoice == crmfNoMessage) {
- return SECFailure;
- }
- /* If we ever encounter BER encodings of this, we'll get in trouble*/
- switch (popoPrivKey->messageChoice) {
- case crmfThisMessage:
- case crmfDHMAC:
- privKeyDer.data = &derPOP->data[5];
- privKeyDer.len = derPOP->len - 5;
- break;
- case crmfSubsequentMessage:
- privKeyDer.data = &derPOP->data[4];
- privKeyDer.len = derPOP->len - 4;
- break;
- default:
- rv = SECFailure;
- }
-
- rv = SECITEM_CopyItem(inCertReqMsg->poolp,
- &popoPrivKey->message.subsequentMessage,
- &privKeyDer);
-
- if (rv != SECSuccess) {
- return rv;
- }
-
- if (popoPrivKey->messageChoice == crmfThisMessage ||
- popoPrivKey->messageChoice == crmfDHMAC) {
-
- popoPrivKey->message.thisMessage.len =
- CRMF_BYTES_TO_BITS(privKeyDer.len) - (int)derPOP->data[4];
-
- }
- return SECSuccess;
-}
-
-static SECStatus
-crmf_decode_process_keyagreement(CRMFCertReqMsg *inCertReqMsg)
-{
- return crmf_decode_process_popoprivkey(inCertReqMsg);
-}
-
-static SECStatus
-crmf_decode_process_keyencipherment(CRMFCertReqMsg *inCertReqMsg)
-{
- SECStatus rv;
-
- rv = crmf_decode_process_popoprivkey(inCertReqMsg);
- if (rv != SECSuccess) {
- return rv;
- }
- if (inCertReqMsg->pop->popChoice.keyEncipherment.messageChoice ==
- crmfDHMAC) {
- /* Key Encipherment can not use the dhMAC option for
- * POPOPrivKey.
- */
- return SECFailure;
- }
- return SECSuccess;
-}
-
-static SECStatus
-crmf_decode_process_pop(CRMFCertReqMsg *inCertReqMsg)
-{
- SECItem *derPOP;
- PRArenaPool *poolp;
- CRMFProofOfPossession *pop;
- void *mark;
- SECStatus rv;
-
- derPOP = &inCertReqMsg->derPOP;
- poolp = inCertReqMsg->poolp;
- if (derPOP->data == NULL) {
- /* There is no Proof of Possession field in this message. */
- return SECSuccess;
- }
- mark = PORT_ArenaMark(poolp);
- pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (pop == NULL) {
- goto loser;
- }
- pop->popUsed = crmf_get_popchoice_from_der(derPOP);
- if (pop->popUsed == crmfNoPOPChoice) {
- /* A bad encoding of CRMF. Not a valid tag was given to the
- * Proof Of Possession field.
- */
- goto loser;
- }
- inCertReqMsg->pop = pop;
- switch (pop->popUsed) {
- case crmfRAVerified:
- rv = crmf_decode_process_raverified(inCertReqMsg);
- break;
- case crmfSignature:
- rv = crmf_decode_process_signature(inCertReqMsg);
- break;
- case crmfKeyEncipherment:
- rv = crmf_decode_process_keyencipherment(inCertReqMsg);
- break;
- case crmfKeyAgreement:
- rv = crmf_decode_process_keyagreement(inCertReqMsg);
- break;
- default:
- rv = SECFailure;
- }
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
- loser:
- PORT_ArenaRelease(poolp, mark);
- inCertReqMsg->pop = NULL;
- return SECFailure;
-
-}
-
-static SECStatus
-crmf_decode_process_single_control(PRArenaPool *poolp,
- CRMFControl *inControl)
-{
- const SEC_ASN1Template *asn1Template = NULL;
-
- inControl->tag = SECOID_FindOIDTag(&inControl->derTag);
- asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl);
-
- PORT_Assert (asn1Template != NULL);
- /* We've got a union, so passing a pointer to one element of the
- * union is the same as passing a pointer to any of the other
- * members of the union.
- */
- return SEC_ASN1Decode(poolp, &inControl->value.archiveOptions,
- asn1Template, (const char*)inControl->derValue.data,
- inControl->derValue.len);
-}
-
-static SECStatus
-crmf_decode_process_controls(CRMFCertReqMsg *inCertReqMsg)
-{
- int i, numControls;
- SECStatus rv;
- PRArenaPool *poolp;
- CRMFControl **controls;
-
- numControls = CRMF_CertRequestGetNumControls(inCertReqMsg->certReq);
- controls = inCertReqMsg->certReq->controls;
- poolp = inCertReqMsg->poolp;
- for (i=0; i < numControls; i++) {
- rv = crmf_decode_process_single_control(poolp, controls[i]);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- }
- return SECSuccess;
-}
-
-static SECStatus
-crmf_decode_process_single_reqmsg(CRMFCertReqMsg *inCertReqMsg)
-{
- SECStatus rv;
-
- rv = crmf_decode_process_pop(inCertReqMsg);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- rv = crmf_decode_process_controls(inCertReqMsg);
- if (rv != SECSuccess) {
- goto loser;
- }
- inCertReqMsg->certReq->certTemplate.numExtensions =
- CRMF_CertRequestGetNumberOfExtensions(inCertReqMsg->certReq);
- inCertReqMsg->isDecoded = PR_TRUE;
- rv = SECSuccess;
- loser:
- return rv;
-}
-
-CRMFCertReqMsg*
-CRMF_CreateCertReqMsgFromDER (const char * buf, long len)
-{
- PRArenaPool *poolp;
- CRMFCertReqMsg *certReqMsg;
- SECStatus rv;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- goto loser;
- }
- certReqMsg = PORT_ArenaZNew (poolp, CRMFCertReqMsg);
- if (certReqMsg == NULL) {
- goto loser;
- }
- certReqMsg->poolp = poolp;
- rv = SEC_ASN1Decode(poolp, certReqMsg, CRMFCertReqMsgTemplate, buf, len);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- rv = crmf_decode_process_single_reqmsg(certReqMsg);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- return certReqMsg;
- loser:
- if (poolp != NULL) {
- PORT_FreeArena(poolp, PR_FALSE);
- }
- return NULL;
-}
-
-CRMFCertReqMessages*
-CRMF_CreateCertReqMessagesFromDER(const char *buf, long len)
-{
- long arenaSize;
- int i;
- SECStatus rv;
- PRArenaPool *poolp;
- CRMFCertReqMessages *certReqMsgs;
-
- PORT_Assert (buf != NULL);
- /* Wanna make sure the arena is big enough to store all of the requests
- * coming in. We'll guestimate according to the length of the buffer.
- */
- arenaSize = len * 1.5;
- poolp = PORT_NewArena(arenaSize);
- if (poolp == NULL) {
- return NULL;
- }
- certReqMsgs = PORT_ArenaZNew(poolp, CRMFCertReqMessages);
- if (certReqMsgs == NULL) {
- goto loser;
- }
- certReqMsgs->poolp = poolp;
- rv = SEC_ASN1Decode(poolp, certReqMsgs, CRMFCertReqMessagesTemplate,
- buf, len);
- if (rv != SECSuccess) {
- goto loser;
- }
- for (i=0; certReqMsgs->messages[i] != NULL; i++) {
- /* The sub-routines expect the individual messages to have
- * an arena. We'll give them one temporarily.
- */
- certReqMsgs->messages[i]->poolp = poolp;
- rv = crmf_decode_process_single_reqmsg(certReqMsgs->messages[i]);
- if (rv != SECSuccess) {
- goto loser;
- }
- certReqMsgs->messages[i]->poolp = NULL;
- }
- return certReqMsgs;
-
- loser:
- PORT_FreeArena(poolp, PR_FALSE);
- return NULL;
-}
diff --git a/security/nss/lib/crmf/crmfenc.c b/security/nss/lib/crmf/crmfenc.c
deleted file mode 100644
index f96041c96..000000000
--- a/security/nss/lib/crmf/crmfenc.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*- */
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#include "crmf.h"
-#include "crmfi.h"
-
-SECStatus
-CRMF_EncodeCertReqMsg(CRMFCertReqMsg *inCertReqMsg,
- CRMFEncoderOutputCallback fn,
- void *arg)
-{
- struct crmfEncoderOutput output;
-
- output.fn = fn;
- output.outputArg = arg;
- return SEC_ASN1Encode(inCertReqMsg,CRMFCertReqMsgTemplate,
- crmf_encoder_out, &output);
-
-}
-
-
-SECStatus
-CRMF_EncodeCertRequest(CRMFCertRequest *inCertReq,
- CRMFEncoderOutputCallback fn,
- void *arg)
-{
- struct crmfEncoderOutput output;
-
- output.fn = fn;
- output.outputArg = arg;
- return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
- crmf_encoder_out, &output);
-}
-
-SECStatus
-CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs,
- CRMFEncoderOutputCallback fn,
- void *arg)
-{
- struct crmfEncoderOutput output;
- CRMFCertReqMessages msgs;
-
- output.fn = fn;
- output.outputArg = arg;
- msgs.messages = inCertReqMsgs;
- return SEC_ASN1Encode(&msgs, CRMFCertReqMessagesTemplate,
- crmf_encoder_out, &output);
-}
-
-
-
-
diff --git a/security/nss/lib/crmf/crmffut.h b/security/nss/lib/crmf/crmffut.h
deleted file mode 100644
index e4244f3e6..000000000
--- a/security/nss/lib/crmf/crmffut.h
+++ /dev/null
@@ -1,390 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * These functions to be implemented in the future if the features
- * which these functions would implement wind up being needed.
- */
-
-/*
- * Use this functionto create the CRMFSinglePubInfo* variables that will
- * populate the inPubInfoArray paramter for the funciton
- * CRMF_CreatePKIPublicationInfo.
- *
- * "inPubMethod" specifies which publication method will be used
- * "pubLocation" is a representation of the location where
- */
-extern CRMFSinglePubInfo*
- CRMF_CreateSinglePubInfo(CRMFPublicationMethod inPubMethod,
- CRMFGeneralName *pubLocation);
-
-/*
- * Create a PKIPublicationInfo that can later be passed to the function
- * CRMFAddPubInfoControl.
- */
-extern CRMFPKIPublicationInfo *
- CRMF_CreatePKIPublicationInfo(CRMFPublicationAction inAction,
- CRMFSinglePubInfo **inPubInfoArray,
- int numPubInfo);
-
-/*
- * Only call this function on a CRMFPublicationInfo that was created by
- * CRMF_CreatePKIPublicationInfo that was passed in NULL for arena.
- */
-
-extern SECStatus
- CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo);
-
-extern SECStatus CRMF_AddPubInfoControl(CRMFCertRequest *inCertReq,
- CRMFPKIPublicationInfo *inPubInfo);
-
-/*
- * This is to create a Cert ID Control which can later be added to
- * a certificate request.
- */
-extern CRMFCertID* CRMF_CreateCertID(CRMFGeneralName *issuer,
- long serialNumber);
-
-extern SECStatus CRMF_DestroyCertID(CRMFCertID* certID);
-
-extern SECStatus CRMF_AddCertIDControl(CRMFCertRequest *inCertReq,
- CRMFCertID *certID);
-
-extern SECStatus
- CRMF_AddProtocolEncryptioKeyControl(CRMFCertRequest *inCertReq,
- CERTSubjectPublicKeyInfo *spki);
-
-/*
- * Add the ASCII Pairs Registration Info to the Certificate Request.
- * The SECItem must be an OCTET string representation.
- */
-extern SECStatus
- CRMF_AddUTF8PairsRegInfo(CRMFCertRequest *inCertReq,
- SECItem *asciiPairs);
-
-/*
- * This takes a CertRequest and adds it to another CertRequest.
- */
-extern SECStatus
- CRMF_AddCertReqToRegInfo(CRMFCertRequest *certReqToAddTo,
- CRMFCertRequest *certReqBeingAdded);
-
-/*
- * Returns which option was used for the authInfo field of POPOSigningKeyInput
- */
-extern CRMFPOPOSkiInputAuthChoice
- CRMF_GetSignKeyInputAuthChoice(CRMFPOPOSigningKeyInput *inKeyInput);
-
-/*
- * Gets the PKMACValue associated with the POPOSigningKeyInput.
- * If the POPOSigningKeyInput did not use authInfo.publicKeyMAC
- * the function returns SECFailure and the value at *destValue is unchanged.
- *
- * If the POPOSigningKeyInput did use authInfo.publicKeyMAC, the function
- * returns SECSuccess and places the PKMACValue at *destValue.
- */
-extern SECStatus
- CRMF_GetSignKeyInputPKMACValue(CRMFPOPOSigningKeyInput *inKeyInput,
- CRMFPKMACValue **destValue);
-/*
- * Gets the SubjectPublicKeyInfo from the POPOSigningKeyInput
- */
-extern CERTSubjectPublicKeyInfo *
- CRMF_GetSignKeyInputPublicKey(CRMFPOPOSigningKeyInput *inKeyInput);
-
-
-/*
- * Return the value for the PKIPublicationInfo Control.
- * A return value of NULL indicates that the Control was
- * not a PKIPublicationInfo Control. Call
- * CRMF_DestroyPKIPublicationInfo on the return value when done
- * using the pointer.
- */
-extern CRMFPKIPublicationInfo* CRMF_GetPKIPubInfo(CRMFControl *inControl);
-
-/*
- * Free up a CRMFPKIPublicationInfo structure.
- */
-extern SECStatus
- CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo);
-
-/*
- * Get the choice used for action in this PKIPublicationInfo.
- */
-extern CRMFPublicationAction
- CRMF_GetPublicationAction(CRMFPKIPublicationInfo *inPubInfo);
-
-/*
- * Get the number of pubInfos are stored in the PKIPubicationInfo.
- */
-extern int CRMF_GetNumPubInfos(CRMFPKIPublicationInfo *inPubInfo);
-
-/*
- * Get the pubInfo at index for the given PKIPubicationInfo.
- * Indexing is done like a traditional C Array. (0 .. numElements-1)
- */
-extern CRMFSinglePubInfo*
- CRMF_GetPubInfoAtIndex(CRMFPKIPublicationInfo *inPubInfo,
- int index);
-
-/*
- * Destroy the CRMFSinglePubInfo.
- */
-extern SECStatus CRMF_DestroySinglePubInfo(CRMFSinglePubInfo *inPubInfo);
-
-/*
- * Get the pubMethod used by the SinglePubInfo.
- */
-extern CRMFPublicationMethod
- CRMF_GetPublicationMethod(CRMFSinglePubInfo *inPubInfo);
-
-/*
- * Get the pubLocation associated with the SinglePubInfo.
- * A NULL return value indicates there was no pubLocation associated
- * with the SinglePuInfo.
- */
-extern CRMFGeneralName* CRMF_GetPubLocation(CRMFSinglePubInfo *inPubInfo);
-
-/*
- * Get the authInfo.sender field out of the POPOSigningKeyInput.
- * If the POPOSigningKeyInput did not use the authInfo the function
- * returns SECFailure and the value at *destName is unchanged.
- *
- * If the POPOSigningKeyInput did use authInfo.sender, the function returns
- * SECSuccess and puts the authInfo.sender at *destName/
- */
-extern SECStatus CRMF_GetSignKeyInputSender(CRMFPOPOSigningKeyInput *keyInput,
- CRMFGeneralName **destName);
-
-/**************** CMMF Functions that need to be added. **********************/
-
-/*
- * FUNCTION: CMMF_POPODecKeyChallContentSetNextChallenge
- * INPUTS:
- * inDecKeyChall
- * The CMMFPOPODecKeyChallContent to operate on.
- * inRandom
- * The random number to use when generating the challenge,
- * inSender
- * The GeneralName representation of the sender of the challenge.
- * inPubKey
- * The public key to use when encrypting the challenge.
- * NOTES:
- * This function adds a challenge to the end of the list of challenges
- * contained by 'inDecKeyChall'. Refer to the CMMF draft on how the
- * the random number passed in and the sender's GeneralName are used
- * to generate the challenge and witness fields of the challenge. This
- * library will use SHA1 as the one-way function for generating the
- * witess field of the challenge.
- *
- * RETURN:
- * SECSuccess if generating the challenge and adding to the end of list
- * of challenges was successful. Any other return value indicates an error
- * while trying to generate the challenge.
- */
-extern SECStatus
-CMMF_POPODecKeyChallContentSetNextChallenge
- (CMMFPOPODecKeyChallContent *inDecKeyChall,
- long inRandom,
- CERTGeneralName *inSender,
- SECKEYPublicKey *inPubKey);
-
-/*
- * FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges
- * INPUTS:
- * inKeyChallCont
- * The CMMFPOPODecKeyChallContent to operate on.
- * RETURN:
- * This function returns the number of CMMFChallenges are contained in
- * the CMMFPOPODecKeyChallContent structure.
- */
-extern int CMMF_POPODecKeyChallContentGetNumChallenges
- (CMMFPOPODecKeyChallContent *inKeyChallCont);
-
-/*
- * FUNCTION: CMMF_ChallengeGetRandomNumber
- * INPUTS:
- * inChallenge
- * The CMMFChallenge to operate on.
- * inDest
- * A pointer to a user supplied buffer where the library
- * can place a copy of the random integer contatained in the
- * challenge.
- * NOTES:
- * This function returns the value held in the decrypted Rand structure
- * corresponding to the random integer. The user must call
- * CMMF_ChallengeDecryptWitness before calling this function. Call
- * CMMF_ChallengeIsDecrypted to find out if the challenge has been
- * decrypted.
- *
- * RETURN:
- * SECSuccess indicates the witness field has been previously decrypted
- * and the value for the random integer was successfully placed at *inDest.
- * Any other return value indicates an error and that the value at *inDest
- * is not a valid value.
- */
-extern SECStatus CMMF_ChallengeGetRandomNumber(CMMFChallenge *inChallenge,
- long *inDest);
-
-/*
- * FUNCTION: CMMF_ChallengeGetSender
- * INPUTS:
- * inChallenge
- * the CMMFChallenge to operate on.
- * NOTES:
- * This function returns the value held in the decrypted Rand structure
- * corresponding to the sender. The user must call
- * CMMF_ChallengeDecryptWitness before calling this function. Call
- * CMMF_ChallengeIsDecrypted to find out if the witness field has been
- * decrypted. The user must call CERT_DestroyGeneralName after the return
- * value is no longer needed.
- *
- * RETURN:
- * A pointer to a copy of the sender CERTGeneralName. A return value of
- * NULL indicates an error in trying to copy the information or that the
- * witness field has not been decrypted.
- */
-extern CERTGeneralName* CMMF_ChallengeGetSender(CMMFChallenge *inChallenge);
-
-/*
- * FUNCTION: CMMF_ChallengeGetAlgId
- * INPUTS:
- * inChallenge
- * The CMMFChallenge to operate on.
- * inDestAlgId
- * A pointer to memory where a pointer to a copy of the algorithm
- * id can be placed.
- * NOTES:
- * This function retrieves the one way function algorithm identifier
- * contained within the CMMFChallenge if the optional field is present.
- *
- * RETURN:
- * SECSucces indicates the function was able to place a pointer to a copy of
- * the alogrithm id at *inAlgId. If the value at *inDestAlgId is NULL,
- * that means there was no algorithm identifier present in the
- * CMMFChallenge. Any other return value indicates the function was not
- * able to make a copy of the algorithm identifier. In this case the value
- * at *inDestAlgId is not valid.
- */
-extern SECStatus CMMF_ChallengeGetAlgId(CMMFChallenge *inChallenge,
- SECAlgorithmID *inAlgId);
-
-/*
- * FUNCTION: CMMF_DestroyChallenge
- * INPUTS:
- * inChallenge
- * The CMMFChallenge to free up.
- * NOTES:
- * This function frees up all the memory associated with the CMMFChallenge
- * passed in.
- * RETURN:
- * SECSuccess if freeing all the memory associated with the CMMFChallenge
- * passed in is successful. Any other return value indicates an error
- * while freeing the memory.
- */
-extern SECStatus CMMF_DestroyChallenge (CMMFChallenge *inChallenge);
-
-/*
- * FUNCTION: CMMF_DestroyPOPODecKeyRespContent
- * INPUTS:
- * inDecKeyResp
- * The CMMFPOPODecKeyRespContent structure to free.
- * NOTES:
- * This function frees up all the memory associate with the
- * CMMFPOPODecKeyRespContent.
- *
- * RETURN:
- * SECSuccess if freeint up all the memory associated with the
- * CMMFPOPODecKeyRespContent structure is successful. Any other
- * return value indicates an error while freeing the memory.
- */
-extern SECStatus
- CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp);
-
-/*
- * FUNCTION: CMMF_ChallengeDecryptWitness
- * INPUTS:
- * inChallenge
- * The CMMFChallenge to operate on.
- * inPrivKey
- * The private key to use to decrypt the witness field.
- * NOTES:
- * This function uses the private key to decrypt the challenge field
- * contained in the CMMFChallenge. Make sure the private key matches the
- * public key that was used to encrypt the witness. The creator of
- * the challenge will most likely be an RA that has the public key
- * from a Cert request. So the private key should be the private key
- * associated with public key in that request. This function will also
- * verify the witness field of the challenge.
- *
- * RETURN:
- * SECSuccess if decrypting the witness field was successful. This does
- * not indicate that the decrypted data is valid, since the private key
- * passed in may not be the actual key needed to properly decrypt the
- * witness field. Meaning that there is a decrypted structure now, but
- * may be garbage because the private key was incorrect.
- * Any other return value indicates the function could not complete the
- * decryption process.
- */
-extern SECStatus CMMF_ChallengeDecryptWitness(CMMFChallenge *inChallenge,
- SECKEYPrivateKey *inPrivKey);
-
-/*
- * FUNCTION: CMMF_ChallengeIsDecrypted
- * INPUTS:
- * inChallenge
- * The CMMFChallenge to operate on.
- * RETURN:
- * This is a predicate function that returns PR_TRUE if the decryption
- * process has already been performed. The function return PR_FALSE if
- * the decryption process has not been performed yet.
- */
-extern PRBool CMMF_ChallengeIsDecrypted(CMMFChallenge *inChallenge);
-
-/*
- * FUNCTION: CMMF_DestroyPOPODecKeyChallContent
- * INPUTS:
- * inDecKeyCont
- * The CMMFPOPODecKeyChallContent to free
- * NOTES:
- * This function frees up all the memory associated with the
- * CMMFPOPODecKeyChallContent
- * RETURN:
- * SECSuccess if freeing up all the memory associatd with the
- * CMMFPOPODecKeyChallContent is successful. Any other return value
- * indicates an error while freeing the memory.
- *
- */
-extern SECStatus
- CMMF_DestroyPOPODecKeyChallContent (CMMFPOPODecKeyChallContent *inDecKeyCont);
-
diff --git a/security/nss/lib/crmf/crmfget.c b/security/nss/lib/crmf/crmfget.c
deleted file mode 100644
index 11f27a72d..000000000
--- a/security/nss/lib/crmf/crmfget.c
+++ /dev/null
@@ -1,478 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "crmf.h"
-#include "crmfi.h"
-#include "keyhi.h"
-#include "secder.h"
-
-
-CRMFPOPChoice
-CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg)
-{
- PORT_Assert(inCertReqMsg != NULL);
- if (inCertReqMsg != NULL && inCertReqMsg->pop != NULL) {
- return inCertReqMsg->pop->popUsed;
- }
- return crmfNoPOPChoice;
-}
-
-static SECStatus
-crmf_destroy_validity(CRMFOptionalValidity *inValidity, PRBool freeit)
-{
- if (inValidity != NULL){
- if (inValidity->notBefore.data != NULL) {
- PORT_Free(inValidity->notBefore.data);
- }
- if (inValidity->notAfter.data != NULL) {
- PORT_Free(inValidity->notAfter.data);
- }
- if (freeit) {
- PORT_Free(inValidity);
- }
- }
- return SECSuccess;
-}
-
-static SECStatus
-crmf_copy_cert_request_validity(PRArenaPool *poolp,
- CRMFOptionalValidity **destValidity,
- CRMFOptionalValidity *srcValidity)
-{
- CRMFOptionalValidity *myValidity = NULL;
- SECStatus rv;
-
- *destValidity = myValidity = (poolp == NULL) ?
- PORT_ZNew(CRMFOptionalValidity) :
- PORT_ArenaZNew(poolp, CRMFOptionalValidity);
- if (myValidity == NULL) {
- goto loser;
- }
- if (srcValidity->notBefore.data != NULL) {
- rv = SECITEM_CopyItem(poolp, &myValidity->notBefore,
- &srcValidity->notBefore);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcValidity->notAfter.data != NULL) {
- rv = SECITEM_CopyItem(poolp, &myValidity->notAfter,
- &srcValidity->notAfter);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- return SECSuccess;
- loser:
- if (myValidity != NULL && poolp == NULL) {
- crmf_destroy_validity(myValidity, PR_TRUE);
- }
- return SECFailure;
-}
-
-static SECStatus
-crmf_copy_extensions(PRArenaPool *poolp,
- CRMFCertTemplate *destTemplate,
- CRMFCertExtension **srcExt)
-{
- int numExt = 0, i;
- CRMFCertExtension **myExtArray = NULL;
-
- while (srcExt[numExt] != NULL) {
- numExt++;
- }
- if (numExt == 0) {
- /*No extensions to copy.*/
- destTemplate->extensions = NULL;
- destTemplate->numExtensions = 0;
- return SECSuccess;
- }
- destTemplate->extensions = myExtArray =
- PORT_NewArray(CRMFCertExtension*, numExt+1);
- if (myExtArray == NULL) {
- goto loser;
- }
-
- for (i=0; i<numExt; i++) {
- myExtArray[i] = crmf_copy_cert_extension(poolp, srcExt[i]);
- if (myExtArray[i] == NULL) {
- goto loser;
- }
- }
- destTemplate->numExtensions = numExt;
- myExtArray[numExt] = NULL;
- return SECSuccess;
- loser:
- if (myExtArray != NULL) {
- if (poolp == NULL) {
- for (i=0; myExtArray[i] != NULL; i++) {
- CRMF_DestroyCertExtension(myExtArray[i]);
- }
- }
- PORT_Free(myExtArray);
- }
- destTemplate->extensions = NULL;
- destTemplate->numExtensions = 0;
- return SECFailure;
-}
-
-static SECStatus
-crmf_copy_cert_request_template(PRArenaPool *poolp,
- CRMFCertTemplate *destTemplate,
- CRMFCertTemplate *srcTemplate)
-{
- SECStatus rv;
-
- if (srcTemplate->version.data != NULL) {
- rv = SECITEM_CopyItem(poolp, &destTemplate->version,
- &srcTemplate->version);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcTemplate->serialNumber.data != NULL) {
- rv = SECITEM_CopyItem(poolp, &destTemplate->serialNumber,
- &srcTemplate->serialNumber);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcTemplate->signingAlg != NULL) {
- rv = crmf_template_copy_secalg(poolp, &destTemplate->signingAlg,
- srcTemplate->signingAlg);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcTemplate->issuer != NULL) {
- rv = crmf_copy_cert_name(poolp, &destTemplate->issuer,
- srcTemplate->issuer);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcTemplate->validity != NULL) {
- rv = crmf_copy_cert_request_validity(poolp, &destTemplate->validity,
- srcTemplate->validity);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcTemplate->subject != NULL) {
- rv = crmf_copy_cert_name(poolp, &destTemplate->subject,
- srcTemplate->subject);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcTemplate->publicKey != NULL) {
- rv = crmf_template_add_public_key(poolp, &destTemplate->publicKey,
- srcTemplate->publicKey);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcTemplate->issuerUID.data != NULL) {
- rv = crmf_make_bitstring_copy(poolp, &destTemplate->issuerUID,
- &srcTemplate->issuerUID);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcTemplate->subjectUID.data != NULL) {
- rv = crmf_make_bitstring_copy(poolp, &destTemplate->subjectUID,
- &srcTemplate->subjectUID);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (srcTemplate->extensions != NULL) {
- rv = crmf_copy_extensions(poolp, destTemplate,
- srcTemplate->extensions);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- return SECSuccess;
- loser:
- return SECFailure;
-}
-
-static CRMFControl*
-crmf_copy_control(PRArenaPool *poolp, CRMFControl *srcControl)
-{
- CRMFControl *newControl;
- SECStatus rv;
-
- newControl = (poolp == NULL) ? PORT_ZNew(CRMFControl) :
- PORT_ArenaZNew(poolp, CRMFControl);
- if (newControl == NULL) {
- goto loser;
- }
- newControl->tag = srcControl->tag;
- rv = SECITEM_CopyItem(poolp, &newControl->derTag, &srcControl->derTag);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SECITEM_CopyItem(poolp, &newControl->derValue, &srcControl->derValue);
- if (rv != SECSuccess) {
- goto loser;
- }
- /* We only handle PKIArchiveOptions Control right now. But if in
- * the future, more controls that are part of the union are added,
- * then they need to be handled here as well.
- */
- switch (newControl->tag) {
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- rv = crmf_copy_pkiarchiveoptions(poolp,
- &newControl->value.archiveOptions,
- &srcControl->value.archiveOptions);
- break;
- default:
- rv = SECSuccess;
- }
- if (rv != SECSuccess) {
- goto loser;
- }
- return newControl;
-
- loser:
- if (poolp == NULL && newControl != NULL) {
- CRMF_DestroyControl(newControl);
- }
- return NULL;
-}
-
-static SECStatus
-crmf_copy_cert_request_controls(PRArenaPool *poolp,
- CRMFCertRequest *destReq,
- CRMFCertRequest *srcReq)
-{
- int numControls, i;
- CRMFControl **myControls = NULL;
-
- numControls = CRMF_CertRequestGetNumControls(srcReq);
- if (numControls == 0) {
- /* No Controls To Copy*/
- return SECSuccess;
- }
- myControls = destReq->controls = PORT_NewArray(CRMFControl*,
- numControls+1);
- if (myControls == NULL) {
- goto loser;
- }
- for (i=0; i<numControls; i++) {
- myControls[i] = crmf_copy_control(poolp, srcReq->controls[i]);
- if (myControls[i] == NULL) {
- goto loser;
- }
- }
- myControls[numControls] = NULL;
- return SECSuccess;
- loser:
- if (myControls != NULL) {
- if (poolp == NULL) {
- for (i=0; myControls[i] != NULL; i++) {
- CRMF_DestroyControl(myControls[i]);
- }
- }
- PORT_Free(myControls);
- }
- return SECFailure;
-}
-
-
-CRMFCertRequest*
-crmf_copy_cert_request(PRArenaPool *poolp, CRMFCertRequest *srcReq)
-{
- CRMFCertRequest *newReq = NULL;
- SECStatus rv;
-
- if (srcReq == NULL) {
- return NULL;
- }
- newReq = (poolp == NULL) ? PORT_ZNew(CRMFCertRequest) :
- PORT_ArenaZNew(poolp, CRMFCertRequest);
- if (newReq == NULL) {
- goto loser;
- }
- rv = SECITEM_CopyItem(poolp, &newReq->certReqId, &srcReq->certReqId);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = crmf_copy_cert_request_template(poolp, &newReq->certTemplate,
- &srcReq->certTemplate);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = crmf_copy_cert_request_controls(poolp, newReq, srcReq);
- if (rv != SECSuccess) {
- goto loser;
- }
- return newReq;
- loser:
- if (newReq != NULL && poolp == NULL) {
- CRMF_DestroyCertRequest(newReq);
- }
- return NULL;
-}
-
-SECStatus
-CRMF_DestroyGetValidity(CRMFGetValidity *inValidity)
-{
- PORT_Assert(inValidity != NULL);
- if (inValidity != NULL) {
- if (inValidity->notAfter) {
- PORT_Free(inValidity->notAfter);
- inValidity->notAfter = NULL;
- }
- if (inValidity->notBefore) {
- PORT_Free(inValidity->notBefore);
- inValidity->notBefore = NULL;
- }
- }
- return SECSuccess;
-}
-
-SECStatus
-crmf_make_bitstring_copy(PRArenaPool *arena, SECItem *dest, SECItem *src)
-{
- int origLenBits;
- int bytesToCopy;
- SECStatus rv;
-
- origLenBits = src->len;
- bytesToCopy = CRMF_BITS_TO_BYTES(origLenBits);
- src->len = bytesToCopy;
- rv = SECITEM_CopyItem(arena, dest, src);
- src->len = origLenBits;
- if (rv != SECSuccess) {
- return rv;
- }
- dest->len = origLenBits;
- return SECSuccess;
-}
-
-int
-CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq)
-{
- CRMFCertTemplate *certTemplate;
- int count = 0;
-
- certTemplate = &inCertReq->certTemplate;
- if (certTemplate->extensions) {
- while (certTemplate->extensions[count] != NULL)
- count++;
- }
- return count;
-}
-
-SECOidTag
-CRMF_CertExtensionGetOidTag(CRMFCertExtension *inExtension)
-{
- PORT_Assert(inExtension != NULL);
- if (inExtension == NULL) {
- return SEC_OID_UNKNOWN;
- }
- return SECOID_FindOIDTag(&inExtension->id);
-}
-
-PRBool
-CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt)
-{
- PORT_Assert(inExt != NULL);
- if (inExt == NULL) {
- return PR_FALSE;
- }
- return inExt->critical.data != NULL;
-}
-
-SECItem*
-CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension)
-{
- PORT_Assert(inExtension != NULL);
- if (inExtension == NULL) {
- return NULL;
- }
-
- return SECITEM_DupItem(&inExtension->value);
-}
-
-
-SECStatus
-CRMF_DestroyPOPOSigningKey(CRMFPOPOSigningKey *inKey)
-{
- PORT_Assert(inKey != NULL);
- if (inKey != NULL) {
- if (inKey->derInput.data != NULL) {
- SECITEM_FreeItem(&inKey->derInput, PR_FALSE);
- }
- if (inKey->algorithmIdentifier != NULL) {
- SECOID_DestroyAlgorithmID(inKey->algorithmIdentifier, PR_TRUE);
- }
- if (inKey->signature.data != NULL) {
- SECITEM_FreeItem(&inKey->signature, PR_FALSE);
- }
- PORT_Free(inKey);
- }
- return SECSuccess;
-}
-
-SECStatus
-CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey)
-{
- PORT_Assert(inPrivKey != NULL);
- if (inPrivKey != NULL) {
- SECITEM_FreeItem(&inPrivKey->message.thisMessage, PR_FALSE);
- PORT_Free(inPrivKey);
- }
- return SECSuccess;
-}
-
-int
-CRMF_CertRequestGetNumControls(CRMFCertRequest *inCertReq)
-{
- int count = 0;
-
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- return 0;
- }
- if (inCertReq->controls) {
- while (inCertReq->controls[count] != NULL)
- count++;
- }
- return count;
-}
-
diff --git a/security/nss/lib/crmf/crmfi.h b/security/nss/lib/crmf/crmfi.h
deleted file mode 100644
index 2a950452d..000000000
--- a/security/nss/lib/crmf/crmfi.h
+++ /dev/null
@@ -1,186 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#ifndef _CRMFI_H_
-#define _CRMFI_H_
-/* This file will contain all declarations common to both
- * encoding and decoding of CRMF Cert Requests. This header
- * file should only be included internally by CRMF implementation
- * files.
- */
-#include "secasn1.h"
-#include "crmfit.h"
-
-#define CRMF_DEFAULT_ARENA_SIZE 1024
-#define MAX_WRAPPED_KEY_LEN 2048
-
-
-#define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8)
-#define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)
-
-struct crmfEncoderArg {
- SECItem *buffer;
- long allocatedLen;
-};
-
-struct crmfEncoderOutput {
- CRMFEncoderOutputCallback fn;
- void *outputArg;
-};
-
-/*
- * This funciton is used by the API for encoding functions that are
- * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode*
- * functions.
- */
-extern void
- crmf_encoder_out(void *arg, const char *buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind);
-
-/*
- * This function is used when we want to encode something locally within
- * the library, ie the CertRequest so that we can produce its signature.
- */
-extern SECStatus
- crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
- SECItem *derDest);
-
-/*
- * This is the callback function we feed to the ASN1 encoder when doing
- * internal DER-encodings. ie, encoding the cert request so we can
- * produce a signature.
- */
-extern void
-crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind);
-
-/* The ASN1 templates that need to be seen by internal files
- * in order to implement CRMF.
- */
-extern const SEC_ASN1Template CRMFCertReqMsgTemplate[];
-extern const SEC_ASN1Template CRMFRAVerifiedTemplate[];
-extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[];
-extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[];
-extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[];
-extern const SEC_ASN1Template CRMFThisMessageTemplate[];
-extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[];
-extern const SEC_ASN1Template CRMFDHMACTemplate[];
-extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[];
-extern const SEC_ASN1Template CRMFEncryptedValueTemplate[];
-
-/*
- * Use these two values for encoding Boolean values.
- */
-extern const unsigned char hexTrue;
-extern const unsigned char hexFalse;
-/*
- * Prototypes for helper routines used internally by multiple files.
- */
-extern SECStatus crmf_encode_integer(PRArenaPool *poolp, SECItem *dest,
- long value);
-extern SECStatus crmf_make_bitstring_copy(PRArenaPool *arena, SECItem *dest,
- SECItem *src);
-
-extern SECStatus crmf_copy_pkiarchiveoptions(PRArenaPool *poolp,
- CRMFPKIArchiveOptions *destOpt,
- CRMFPKIArchiveOptions *srcOpt);
-extern SECStatus
- crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
- PRBool freeit);
-extern const SEC_ASN1Template*
- crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);
-
-extern SECStatus crmf_copy_encryptedkey(PRArenaPool *poolp,
- CRMFEncryptedKey *srcEncrKey,
- CRMFEncryptedKey *destEncrKey);
-extern SECStatus
-crmf_copy_encryptedvalue(PRArenaPool *poolp,
- CRMFEncryptedValue *srcValue,
- CRMFEncryptedValue *destValue);
-
-extern SECStatus
-crmf_copy_encryptedvalue_secalg(PRArenaPool *poolp,
- SECAlgorithmID *srcAlgId,
- SECAlgorithmID **destAlgId);
-
-extern SECStatus crmf_template_copy_secalg(PRArenaPool *poolp,
- SECAlgorithmID **dest,
- SECAlgorithmID *src);
-
-extern SECStatus crmf_copy_cert_name(PRArenaPool *poolp, CERTName **dest,
- CERTName *src);
-
-extern SECStatus crmf_template_add_public_key(PRArenaPool *poolp,
- CERTSubjectPublicKeyInfo **dest,
- CERTSubjectPublicKeyInfo *pubKey);
-
-extern CRMFCertExtension* crmf_create_cert_extension(PRArenaPool *poolp,
- SECOidTag tag,
- PRBool isCritical,
- SECItem *data);
-extern CRMFCertRequest*
-crmf_copy_cert_request(PRArenaPool *poolp, CRMFCertRequest *srcReq);
-
-extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue,
- PRBool freeit);
-
-extern CRMFEncryptedValue *
-crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey,
- CRMFEncryptedValue *destValue);
-
-extern CK_MECHANISM_TYPE
- crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);
-
-extern SECStatus
-crmf_encrypted_value_unwrap_priv_key(PRArenaPool *poolp,
- CRMFEncryptedValue *encValue,
- SECKEYPrivateKey *privKey,
- SECKEYPublicKey *newPubKey,
- SECItem *nickname,
- PK11SlotInfo *slot,
- unsigned char keyUsage,
- SECKEYPrivateKey **unWrappedKey,
- void *wincx);
-
-extern SECItem*
-crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest);
-
-extern CRMFCertExtension*
-crmf_copy_cert_extension(PRArenaPool *poolp, CRMFCertExtension *inExtension);
-
-extern SECStatus
-crmf_create_prtime(SECItem *src, PRTime **dest);
-#endif /*_CRMFI_H_*/
diff --git a/security/nss/lib/crmf/crmfit.h b/security/nss/lib/crmf/crmfit.h
deleted file mode 100644
index 4cc95319a..000000000
--- a/security/nss/lib/crmf/crmfit.h
+++ /dev/null
@@ -1,216 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#ifndef _CRMFIT_H_
-#define _CRMFIT_H_
-
-struct CRMFCertReqMessagesStr {
- CRMFCertReqMsg **messages;
- PRArenaPool *poolp;
-};
-
-struct CRMFCertExtensionStr {
- SECItem id;
- SECItem critical;
- SECItem value;
-};
-
-
-struct CRMFOptionalValidityStr {
- SECItem notBefore;
- SECItem notAfter;
-};
-
-struct CRMFCertTemplateStr {
- SECItem version;
- SECItem serialNumber;
- SECAlgorithmID *signingAlg;
- CERTName *issuer;
- CRMFOptionalValidity *validity;
- CERTName *subject;
- CERTSubjectPublicKeyInfo *publicKey;
- SECItem issuerUID;
- SECItem subjectUID;
- CRMFCertExtension **extensions;
- int numExtensions;
-};
-
-struct CRMFCertIDStr {
- SECItem issuer; /* General Name */
- SECItem serialNumber; /*INTEGER*/
-};
-
-struct CRMFEncryptedValueStr {
- SECAlgorithmID *intendedAlg;
- SECAlgorithmID *symmAlg;
- SECItem encSymmKey; /*BIT STRING */
- SECAlgorithmID *keyAlg;
- SECItem valueHint; /*OCTET STRING */
- SECItem encValue; /*BIT STRING */
-};
-
-/*
- * The field derValue will contain the actual der
- * to include in the encoding or that was read in
- * from a der blob.
- */
-struct CRMFEncryptedKeyStr {
- union {
- SEC_PKCS7ContentInfo *envelopedData;
- CRMFEncryptedValue encryptedValue;
- } value;
- CRMFEncryptedKeyChoice encKeyChoice;
- SECItem derValue;
-};
-
-/* ASN1 must only have one of the following 3 options. */
-struct CRMFPKIArchiveOptionsStr {
- union {
- CRMFEncryptedKey encryptedKey;
- SECItem keyGenParameters;
- SECItem archiveRemGenPrivKey; /* BOOLEAN */
- } option;
- CRMFPKIArchiveOptionsType archOption;
-};
-
-struct CRMFPKIPublicationInfoStr {
- SECItem action; /* Possible values */
- /* dontPublish (0), pleasePublish (1) */
- CRMFSinglePubInfo **pubInfos;
-};
-
-struct CRMFControlStr {
- SECOidTag tag;
- SECItem derTag;
- SECItem derValue;
- /* These will be C structures used to represent the various
- * options. Values that can't be stored as der right away.
- * After creating these structures, we'll place their der
- * encoding in derValue so the encoder knows how to get to
- * it.
- */
- union {
- CRMFCertID oldCertId;
- CRMFPKIArchiveOptions archiveOptions;
- CRMFPKIPublicationInfo pubInfo;
- CRMFProtocolEncrKey protEncrKey;
- } value;
-};
-
-struct CRMFCertRequestStr {
- SECItem certReqId;
- CRMFCertTemplate certTemplate;
- CRMFControl **controls;
- /* The following members are used by the internal implementation, but
- * are not part of the encoding.
- */
- PRArenaPool *poolp;
- long requestID; /* This is the value that will be encoded into
- * the certReqId field.
- */
-};
-
-struct CRMFAttributeStr {
- SECItem derTag;
- SECItem derValue;
-};
-
-struct CRMFCertReqMsgStr {
- CRMFCertRequest *certReq;
- CRMFProofOfPossession *pop;
- CRMFAttribute **regInfo;
- SECItem derPOP;
- /* This arena will be used for allocating memory when decoding.
- */
- PRArenaPool *poolp;
- PRBool isDecoded;
-};
-
-struct CRMFPOPOSigningKeyInputStr {
- /* ASN1 must have only one of the next 2 options */
- union {
- SECItem sender; /*General Name*/
- CRMFPKMACValue *publicKeyMAC;
- }authInfo;
- CERTSubjectPublicKeyInfo publicKey;
-};
-
-struct CRMFPOPOSigningKeyStr {
- SECItem derInput; /*If in the future we support
- *POPOSigningKeyInput, this will
- *a C structure representation
- *instead.
- */
- SECAlgorithmID *algorithmIdentifier;
- SECItem signature; /* This is a BIT STRING. Remember */
-}; /* that when interpreting. */
-
-/* ASN1 must only choose one of these members */
-struct CRMFPOPOPrivKeyStr {
- union {
- SECItem thisMessage; /* BIT STRING */
- SECItem subsequentMessage; /*INTEGER*/
- SECItem dhMAC; /*BIT STRING*/
- } message;
- CRMFPOPOPrivKeyChoice messageChoice;
-};
-
-/* ASN1 must only have one of these options. */
-struct CRMFProofOfPossessionStr {
- union {
- SECItem raVerified;
- CRMFPOPOSigningKey signature;
- CRMFPOPOPrivKey keyEncipherment;
- CRMFPOPOPrivKey keyAgreement;
- } popChoice;
- CRMFPOPChoice popUsed; /*Not part of encoding*/
-};
-
-struct CRMFPKMACValueStr {
- SECAlgorithmID algID;
- SECItem value; /*BIT STRING*/
-};
-
-struct CRMFSinglePubInfoStr {
- SECItem pubMethod; /* Possible Values:
- * dontCare (0)
- * x500 (1)
- * web (2)
- * ldap (3)
- */
- CERTGeneralName *pubLocation; /* General Name */
-};
-
-#endif /* _CRMFIT_H_ */
diff --git a/security/nss/lib/crmf/crmfpop.c b/security/nss/lib/crmf/crmfpop.c
deleted file mode 100644
index d6ec26827..000000000
--- a/security/nss/lib/crmf/crmfpop.c
+++ /dev/null
@@ -1,604 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#include "crmf.h"
-#include "crmfi.h"
-#include "secasn1.h"
-#include "keyhi.h"
-#include "cryptohi.h"
-
-#define CRMF_DEFAULT_ALLOC_SIZE 1024
-
-SECStatus
-crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
- SECItem *derDest)
-{
- derDest->data = PORT_ZNewArray(unsigned char, CRMF_DEFAULT_ALLOC_SIZE);
- if (derDest->data == NULL) {
- return SECFailure;
- }
- derDest->len = 0;
- encoderArg->allocatedLen = CRMF_DEFAULT_ALLOC_SIZE;
- encoderArg->buffer = derDest;
- return SECSuccess;
-
-}
-
-/* Caller should release or unmark the pool, instead of doing it here.
-** But there are NO callers of this function at present...
-*/
-SECStatus
-CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
-{
- SECItem *dummy;
- CRMFProofOfPossession *pop;
- PRArenaPool *poolp;
- void *mark;
-
- PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
- poolp = inCertReqMsg->poolp;
- mark = PORT_ArenaMark(poolp);
- if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
- return SECFailure;
- }
- pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (pop == NULL) {
- goto loser;
- }
- pop->popUsed = crmfRAVerified;
- pop->popChoice.raVerified.data = NULL;
- pop->popChoice.raVerified.len = 0;
- inCertReqMsg->pop = pop;
- dummy = SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP),
- &(pop->popChoice.raVerified),
- CRMFRAVerifiedTemplate);
- return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
-}
-
-SECOidTag
-crmf_map_keytag_to_signtag(SECOidTag inTag)
-{
- switch (inTag) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_DSS:
- return SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- default:
- /* Put this in here to kill warnings. */
- break;
- }
- return inTag;
-}
-
-SECOidTag
-crmf_get_key_sign_tag(SECKEYPublicKey *inPubKey)
-{
- CERTSubjectPublicKeyInfo *spki;
- SECOidTag tag;
-
- spki = SECKEY_CreateSubjectPublicKeyInfo(inPubKey);
- if (spki == NULL) {
- return SEC_OID_UNKNOWN;
- }
- tag = SECOID_GetAlgorithmTag(&spki->algorithm);
- SECKEY_DestroySubjectPublicKeyInfo(spki);
- return crmf_map_keytag_to_signtag(tag);
-}
-
-SECAlgorithmID*
-crmf_create_poposignkey_algid(PRArenaPool *poolp,
- SECKEYPublicKey *inPubKey)
-{
- SECAlgorithmID *algID;
- SECOidTag tag;
- SECStatus rv;
- void *mark;
-
- mark = PORT_ArenaMark(poolp);
- algID = PORT_ArenaZNew(poolp, SECAlgorithmID);
- if (algID == NULL) {
- goto loser;
- }
- tag = crmf_get_key_sign_tag(inPubKey);
- if (tag == SEC_OID_UNKNOWN) {
- goto loser;
- }
- rv = SECOID_SetAlgorithmID(poolp, algID, tag, NULL);
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- return algID;
- loser:
- PORT_ArenaRelease(poolp, mark);
- return NULL;
-}
-
-static CRMFPOPOSigningKeyInput*
-crmf_create_poposigningkeyinput(PRArenaPool *poolp, CERTCertificate *inCert,
- CRMFMACPasswordCallback fn, void *arg)
-{
- /* PSM isn't going to do this, so we'll fail here for now.*/
- return NULL;
-}
-
-void
-crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
-{
- struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg*)arg;
- unsigned char *cursor;
-
- if (encoderArg->buffer->len + len > encoderArg->allocatedLen) {
- int newSize = encoderArg->buffer->len+CRMF_DEFAULT_ALLOC_SIZE;
- void *dummy = PORT_Realloc(encoderArg->buffer->data, newSize);
- if (dummy == NULL) {
- /* I really want to return an error code here */
- PORT_Assert(0);
- return;
- }
- encoderArg->buffer->data = dummy;
- encoderArg->allocatedLen = newSize;
- }
- cursor = &(encoderArg->buffer->data[encoderArg->buffer->len]);
- PORT_Memcpy (cursor, buf, len);
- encoderArg->buffer->len += len;
-}
-
-static SECStatus
-crmf_encode_certreq(CRMFCertRequest *inCertReq, SECItem *derDest)
-{
- struct crmfEncoderArg encoderArg;
- SECStatus rv;
-
- rv = crmf_init_encoder_callback_arg (&encoderArg, derDest);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
- crmf_generic_encoder_callback, &encoderArg);
-}
-
-static SECStatus
-crmf_sign_certreq(PRArenaPool *poolp,
- CRMFPOPOSigningKey *crmfSignKey,
- CRMFCertRequest *certReq,
- SECKEYPrivateKey *inKey,
- SECAlgorithmID *inAlgId)
-{
- SECItem derCertReq;
- SECItem certReqSig;
- SECStatus rv = SECSuccess;
-
- rv = crmf_encode_certreq(certReq, &derCertReq);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SEC_SignData(&certReqSig, derCertReq.data, derCertReq.len,
- inKey,SECOID_GetAlgorithmTag(inAlgId));
- if (rv != SECSuccess) {
- goto loser;
- }
-
- /* Now make it a part of the POPOSigningKey */
- rv = SECITEM_CopyItem(poolp, &(crmfSignKey->signature), &certReqSig);
- /* Convert this length to number of bits */
- crmfSignKey->signature.len <<= 3;
-
- loser:
- if (derCertReq.data != NULL) {
- PORT_Free(derCertReq.data);
- }
- if (certReqSig.data != NULL) {
- PORT_Free(certReqSig.data);
- }
- return rv;
-}
-
-static SECStatus
-crmf_create_poposignkey(PRArenaPool *poolp,
- CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOSigningKeyInput *signKeyInput,
- SECKEYPrivateKey *inPrivKey,
- SECAlgorithmID *inAlgID,
- CRMFPOPOSigningKey *signKey)
-{
- CRMFCertRequest *certReq;
- void *mark;
- PRBool useSignKeyInput;
- SECStatus rv;
-
- PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL);
- mark = PORT_ArenaMark(poolp);
- if (signKey == NULL) {
- goto loser;
- }
- certReq = inCertReqMsg->certReq;
- useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq,crmfSubject) &&
- CRMF_DoesRequestHaveField(certReq,crmfPublicKey));
-
- if (useSignKeyInput) {
- goto loser;
- } else {
- rv = crmf_sign_certreq(poolp, signKey, certReq,inPrivKey, inAlgID);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- PORT_ArenaUnmark(poolp,mark);
- return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp,mark);
- return SECFailure;
-}
-
-SECStatus
-CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
- SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey,
- CERTCertificate *inCertForInput,
- CRMFMACPasswordCallback fn,
- void *arg)
-{
- SECAlgorithmID *algID;
- PRArenaPool *poolp;
- SECItem derDest = {siBuffer, NULL, 0};
- void *mark;
- SECStatus rv;
- CRMFPOPOSigningKeyInput *signKeyInput = NULL;
- CRMFCertRequest *certReq;
- CRMFProofOfPossession *pop;
- struct crmfEncoderArg encoderArg;
-
- PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL &&
- inCertReqMsg->pop == NULL);
- certReq = inCertReqMsg->certReq;
- if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice ||
- !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) {
- return SECFailure;
- }
- poolp = inCertReqMsg->poolp;
- mark = PORT_ArenaMark(poolp);
- algID = crmf_create_poposignkey_algid(poolp, inPubKey);
-
- if(!CRMF_DoesRequestHaveField(certReq,crmfSubject)) {
- signKeyInput = crmf_create_poposigningkeyinput(poolp, inCertForInput,
- fn, arg);
- if (signKeyInput == NULL) {
- goto loser;
- }
- }
-
- pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (pop == NULL) {
- goto loser;
- }
-
- rv = crmf_create_poposignkey(poolp, inCertReqMsg,
- signKeyInput, inPrivKey, algID,
- &(pop->popChoice.signature));
- if (rv != SECSuccess) {
- goto loser;
- }
-
- pop->popUsed = crmfSignature;
- pop->popChoice.signature.algorithmIdentifier = algID;
- inCertReqMsg->pop = pop;
-
- rv = crmf_init_encoder_callback_arg (&encoderArg, &derDest);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SEC_ASN1Encode(&pop->popChoice.signature,
- CRMFPOPOSigningKeyTemplate,
- crmf_generic_encoder_callback, &encoderArg);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SECITEM_CopyItem(poolp, &(inCertReqMsg->derPOP), &derDest);
- PORT_Free (derDest.data);
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp,mark);
- return SECSuccess;
-
- loser:
- PORT_ArenaRelease(poolp,mark);
- if (derDest.data != NULL) {
- PORT_Free(derDest.data);
- }
- return SECFailure;
-}
-
-static const SEC_ASN1Template*
-crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey)
-{
- const SEC_ASN1Template *retTemplate = NULL;
-
- switch (inPrivKey->messageChoice) {
- case crmfThisMessage:
- retTemplate = CRMFThisMessageTemplate;
- break;
- case crmfSubsequentMessage:
- retTemplate = CRMFSubsequentMessageTemplate;
- break;
- case crmfDHMAC:
- retTemplate = CRMFDHMACTemplate;
- break;
- default:
- retTemplate = NULL;
- }
- return retTemplate;
-}
-
-static SECStatus
-crmf_encode_popoprivkey(PRArenaPool *poolp,
- CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey *popoPrivKey,
- const SEC_ASN1Template *privKeyTemplate)
-{
- struct crmfEncoderArg encoderArg;
- SECItem derDest;
- SECStatus rv;
- void *mark;
- const SEC_ASN1Template *subDerTemplate;
-
- mark = PORT_ArenaMark(poolp);
- rv = crmf_init_encoder_callback_arg(&encoderArg, &derDest);
- if (rv != SECSuccess) {
- goto loser;
- }
- subDerTemplate = crmf_get_popoprivkey_subtemplate(popoPrivKey);
- /* We've got a union, so a pointer to one item is a pointer to
- * all the items in the union.
- */
- rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage,
- subDerTemplate,
- crmf_generic_encoder_callback, &encoderArg);
- if (rv != SECSuccess) {
- goto loser;
- }
- if (encoderArg.allocatedLen > derDest.len+2) {
- void *dummy = PORT_Realloc(derDest.data, derDest.len+2);
- if (dummy == NULL) {
- goto loser;
- }
- derDest.data = dummy;
- }
- PORT_Memmove(&derDest.data[2], &derDest.data[0], derDest.len);
- /* I couldn't figure out how to get the ASN1 encoder to implicitly
- * tag an implicitly tagged der blob. So I'm putting in the outter-
- * most tag myself. -javi
- */
- derDest.data[0] = (unsigned char)privKeyTemplate->kind;
- derDest.data[1] = (unsigned char)derDest.len;
- derDest.len += 2;
- rv = SECITEM_CopyItem(poolp, &inCertReqMsg->derPOP, &derDest);
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_Free(derDest.data);
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp, mark);
- if (derDest.data) {
- PORT_Free(derDest.data);
- }
- return SECFailure;
-}
-
-static const SEC_ASN1Template*
-crmf_get_template_for_privkey(CRMFPOPChoice inChoice)
-{
- switch (inChoice) {
- case crmfKeyAgreement:
- return CRMFPOPOKeyAgreementTemplate;
- case crmfKeyEncipherment:
- return CRMFPOPOKeyEnciphermentTemplate;
- default:
- break;
- }
- return NULL;
-}
-
-static SECStatus
-crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
- CRMFPOPChoice inChoice)
-{
- PRArenaPool *poolp;
- void *mark;
- CRMFPOPOPrivKey *popoPrivKey;
- CRMFProofOfPossession *pop;
- SECStatus rv;
-
- PORT_Assert(inCertReqMsg != NULL && encPrivKey != NULL);
- poolp = inCertReqMsg->poolp;
- mark = PORT_ArenaMark(poolp);
- pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (pop == NULL) {
- goto loser;
- }
- pop->popUsed = inChoice;
- /* popChoice is a union, so getting a pointer to one
- * field gives me a pointer to the other fields as
- * well. This in essence points to both
- * pop->popChoice.keyEncipherment and
- * pop->popChoice.keyAgreement
- */
- popoPrivKey = &pop->popChoice.keyEncipherment;
-
- rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.thisMessage),
- encPrivKey);
- if (rv != SECSuccess) {
- goto loser;
- }
- popoPrivKey->message.thisMessage.len <<= 3;
- popoPrivKey->messageChoice = crmfThisMessage;
- inCertReqMsg->pop = pop;
- rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
- crmf_get_template_for_privkey(inChoice));
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
- loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
-}
-
-static SECStatus
-crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
- CRMFSubseqMessOptions subsequentMessage,
- CRMFPOPChoice inChoice)
-{
- void *mark;
- PRArenaPool *poolp;
- CRMFProofOfPossession *pop;
- CRMFPOPOPrivKey *popoPrivKey;
- SECStatus rv;
- const SEC_ASN1Template *privKeyTemplate;
-
- if (subsequentMessage == crmfNoSubseqMess) {
- return SECFailure;
- }
- poolp = inCertReqMsg->poolp;
- mark = PORT_ArenaMark(poolp);
- pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (pop == NULL) {
- goto loser;
- }
-
- pop->popUsed = inChoice;
- /*
- * We have a union, so a pointer to one member of the union
- * is also a member to another member of that same union.
- */
- popoPrivKey = &pop->popChoice.keyEncipherment;
-
- switch (subsequentMessage) {
- case crmfEncrCert:
- rv = crmf_encode_integer(poolp,
- &(popoPrivKey->message.subsequentMessage),
- 0);
- break;
- case crmfChallengeResp:
- rv = crmf_encode_integer(poolp,
- &(popoPrivKey->message.subsequentMessage),
- 1);
- break;
- default:
- goto loser;
- }
- if (rv != SECSuccess) {
- goto loser;
- }
- popoPrivKey->messageChoice = crmfSubsequentMessage;
- privKeyTemplate = crmf_get_template_for_privkey(inChoice);
- inCertReqMsg->pop = pop;
- rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
- privKeyTemplate);
-
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
-}
-
-SECStatus
-CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey)
-{
- SECStatus rv;
-
- PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
- if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
- return SECFailure;
- }
- switch (inKeyChoice) {
- case crmfThisMessage:
- rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
- crmfKeyEncipherment);
- break;
- case crmfSubsequentMessage:
- rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
- crmfKeyEncipherment);
- break;
- case crmfDHMAC:
- default:
- rv = SECFailure;
- }
- return rv;
-}
-
-SECStatus
-CRMF_CertReqMsgSetKeyAgreementPOP (CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey)
-{
- SECStatus rv;
-
- PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
- switch (inKeyChoice) {
- case crmfThisMessage:
- rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
- crmfKeyAgreement);
- break;
- case crmfSubsequentMessage:
- rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
- crmfKeyAgreement);
- case crmfDHMAC:
- /* This case should be added in the future. */
- default:
- rv = SECFailure;
- }
- return rv;
-}
-
diff --git a/security/nss/lib/crmf/crmfreq.c b/security/nss/lib/crmf/crmfreq.c
deleted file mode 100644
index 071d1bd26..000000000
--- a/security/nss/lib/crmf/crmfreq.c
+++ /dev/null
@@ -1,697 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "crmf.h"
-#include "crmfi.h"
-#include "keyhi.h"
-#include "secder.h"
-
-/*
- * Macro that returns PR_TRUE if the pointer is not NULL.
- * If the pointer is NULL, then the macro will return PR_FALSE.
- */
-#define IS_NOT_NULL(ptr) ((ptr) == NULL) ? PR_FALSE : PR_TRUE
-
-const unsigned char hexTrue = 0xff;
-const unsigned char hexFalse = 0x00;
-
-
-SECStatus
-crmf_encode_integer(PRArenaPool *poolp, SECItem *dest, long value)
-{
- SECItem *dummy;
-
- dummy = SEC_ASN1EncodeInteger(poolp, dest, value);
- PORT_Assert (dummy == dest);
- if (dummy == NULL) {
- return SECFailure;
- }
- return SECSuccess;
-}
-
-static SECStatus
-crmf_copy_secitem (PRArenaPool *poolp, SECItem *dest, SECItem *src)
-{
- return SECITEM_CopyItem (poolp, dest, src);
-}
-
-PRBool
-CRMF_DoesRequestHaveField (CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inField)
-{
-
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- return PR_FALSE;
- }
- switch (inField) {
- case crmfVersion:
- return inCertReq->certTemplate.version.data != NULL;
- case crmfSerialNumber:
- return inCertReq->certTemplate.serialNumber.data != NULL;
- case crmfSigningAlg:
- return inCertReq->certTemplate.signingAlg != NULL;
- case crmfIssuer:
- return inCertReq->certTemplate.issuer != NULL;
- case crmfValidity:
- return inCertReq->certTemplate.validity != NULL;
- case crmfSubject:
- return inCertReq->certTemplate.subject != NULL;
- case crmfPublicKey:
- return inCertReq->certTemplate.publicKey != NULL;
- case crmfIssuerUID:
- return inCertReq->certTemplate.issuerUID.data != NULL;
- case crmfSubjectUID:
- return inCertReq->certTemplate.subjectUID.data != NULL;
- case crmfExtension:
- return CRMF_CertRequestGetNumberOfExtensions(inCertReq) != 0;
- }
- return PR_FALSE;
-}
-
-CRMFCertRequest *
-CRMF_CreateCertRequest (long inRequestID) {
- PRArenaPool *poolp;
- CRMFCertRequest *certReq;
- SECStatus rv;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- goto loser;
- }
-
- certReq=PORT_ArenaZNew(poolp,CRMFCertRequest);
- if (certReq == NULL) {
- goto loser;
- }
-
- certReq->poolp = poolp;
- certReq->requestID = inRequestID;
-
- rv = crmf_encode_integer(poolp, &(certReq->certReqId), inRequestID);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- return certReq;
- loser:
- if (poolp) {
- PORT_FreeArena(poolp, PR_FALSE);
- }
- return NULL;
-}
-
-SECStatus
-CRMF_DestroyCertRequest(CRMFCertRequest *inCertReq)
-{
- PORT_Assert(inCertReq != NULL);
- if (inCertReq != NULL) {
- if (inCertReq->certTemplate.extensions) {
- PORT_Free(inCertReq->certTemplate.extensions);
- }
- if (inCertReq->controls) {
- /* Right now we don't support EnveloppedData option,
- * so we won't go through and delete each occurrence of
- * an EnveloppedData in the control.
- */
- PORT_Free(inCertReq->controls);
- }
- if (inCertReq->poolp) {
- PORT_FreeArena(inCertReq->poolp, PR_TRUE);
- }
- }
- return SECSuccess;
-}
-
-static SECStatus
-crmf_template_add_version(PRArenaPool *poolp, SECItem *dest, long version)
-{
- return (crmf_encode_integer(poolp, dest, version));
-}
-
-static SECStatus
-crmf_template_add_serialnumber(PRArenaPool *poolp, SECItem *dest, long serial)
-{
- return (crmf_encode_integer(poolp, dest, serial));
-}
-
-SECStatus
-crmf_template_copy_secalg (PRArenaPool *poolp, SECAlgorithmID **dest,
- SECAlgorithmID* src)
-{
- SECStatus rv;
- void *mark;
- SECAlgorithmID *mySecAlg;
-
- if (poolp != NULL) {
- mark = PORT_ArenaMark(poolp);
- }
- *dest = mySecAlg = PORT_ArenaZNew(poolp, SECAlgorithmID);
- if (mySecAlg == NULL) {
- goto loser;
- }
- rv = SECOID_CopyAlgorithmID(poolp, mySecAlg, src);
- if (rv != SECSuccess) {
- goto loser;
- }
- if (poolp != NULL) {
- PORT_ArenaUnmark(poolp, mark);
- }
- return SECSuccess;
-
- loser:
- *dest = NULL;
- if (poolp != NULL) {
- PORT_ArenaRelease(poolp, mark);
- }
- return SECFailure;
-}
-
-SECStatus
-crmf_copy_cert_name(PRArenaPool *poolp, CERTName **dest,
- CERTName *src)
-{
- CERTName *newName;
- SECStatus rv;
- void *mark;
-
- mark = PORT_ArenaMark(poolp);
- *dest = newName = PORT_ArenaZNew(poolp, CERTName);
- if (newName == NULL) {
- goto loser;
- }
-
- rv = CERT_CopyName(poolp, newName, src);
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp, mark);
- *dest = NULL;
- return SECFailure;
-}
-
-static SECStatus
-crmf_template_add_issuer (PRArenaPool *poolp, CERTName **dest,
- CERTName* issuerName)
-{
- return crmf_copy_cert_name(poolp, dest, issuerName);
-}
-
-
-static SECStatus
-crmf_encode_utctime(PRArenaPool *poolp, SECItem *destTime, PRTime time)
-{
- SECItem tmpItem;
- SECStatus rv;
-
-
- rv = DER_TimeToUTCTime (&tmpItem, time);
- if (rv != SECSuccess) {
- return rv;
- }
- rv = SECITEM_CopyItem(poolp, destTime, &tmpItem);
- PORT_Free(tmpItem.data);
- return rv;
-}
-
-static SECStatus
-crmf_template_add_validity (PRArenaPool *poolp, CRMFOptionalValidity **dest,
- CRMFValidityCreationInfo *info)
-{
- SECStatus rv;
- void *mark;
- CRMFOptionalValidity *myValidity;
-
- /*First off, let's make sure at least one of the two fields is present*/
- if (!info || (!info->notBefore && !info->notAfter)) {
- return SECFailure;
- }
- mark = PORT_ArenaMark (poolp);
- *dest = myValidity = PORT_ArenaZNew(poolp, CRMFOptionalValidity);
- if (myValidity == NULL) {
- goto loser;
- }
-
- if (info->notBefore) {
- rv = crmf_encode_utctime (poolp, &myValidity->notBefore,
- *info->notBefore);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- if (info->notAfter) {
- rv = crmf_encode_utctime (poolp, &myValidity->notAfter,
- *info->notAfter);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp, mark);
- *dest = NULL;
- return SECFailure;
-}
-
-static SECStatus
-crmf_template_add_subject (PRArenaPool *poolp, CERTName **dest,
- CERTName *subject)
-{
- return crmf_copy_cert_name(poolp, dest, subject);
-}
-
-SECStatus
-crmf_template_add_public_key(PRArenaPool *poolp,
- CERTSubjectPublicKeyInfo **dest,
- CERTSubjectPublicKeyInfo *pubKey)
-{
- CERTSubjectPublicKeyInfo *spki;
- SECStatus rv;
-
- *dest = spki = (poolp == NULL) ?
- PORT_ZNew(CERTSubjectPublicKeyInfo) :
- PORT_ArenaZNew (poolp, CERTSubjectPublicKeyInfo);
- if (spki == NULL) {
- goto loser;
- }
- rv = SECKEY_CopySubjectPublicKeyInfo (poolp, spki, pubKey);
- if (rv != SECSuccess) {
- goto loser;
- }
- return SECSuccess;
- loser:
- if (poolp == NULL && spki != NULL) {
- SECKEY_DestroySubjectPublicKeyInfo(spki);
- }
- *dest = NULL;
- return SECFailure;
-}
-
-static SECStatus
-crmf_copy_bitstring (PRArenaPool *poolp, SECItem *dest, SECItem *src)
-{
- SECStatus rv;
- int origLenBits, numBytesToCopy;
-
- origLenBits = src->len;
- numBytesToCopy = CRMF_BITS_TO_BYTES(origLenBits);
- rv = crmf_copy_secitem(poolp, dest, src);
- src->len = origLenBits;
- dest->len = origLenBits;
- return rv;
-}
-
-static SECStatus
-crmf_template_add_issuer_uid(PRArenaPool *poolp, SECItem *dest,
- SECItem *issuerUID)
-{
- return crmf_copy_bitstring (poolp, dest, issuerUID);
-}
-
-static SECStatus
-crmf_template_add_subject_uid(PRArenaPool *poolp, SECItem *dest,
- SECItem *subjectUID)
-{
- return crmf_copy_bitstring (poolp, dest, subjectUID);
-}
-
-static void
-crmf_zeroize_new_extensions (CRMFCertExtension **extensions,
- int numToZeroize)
-{
- PORT_Memset((void*)extensions, 0, sizeof(CERTCertExtension*)*numToZeroize);
-}
-
-/*
- * The strategy for adding templates will differ from all the other
- * attributes in the template. First, we want to allow the client
- * of this API to set extensions more than just once. So we will
- * need the ability grow the array of extensions. Since arenas don't
- * give us the realloc function, we'll use the generic PORT_* functions
- * to allocate the array of pointers *ONLY*. Then we will allocate each
- * individual extension from the arena that comes along with the certReq
- * structure that owns this template.
- */
-static SECStatus
-crmf_template_add_extensions(PRArenaPool *poolp, CRMFCertTemplate *inTemplate,
- CRMFCertExtCreationInfo *extensions)
-{
- void *mark;
- int newSize, oldSize, i;
- SECStatus rv;
- CRMFCertExtension **extArray;
- CRMFCertExtension *newExt, *currExt;
-
- mark = PORT_ArenaMark(poolp);
- if (inTemplate->extensions == NULL) {
- newSize = extensions->numExtensions;
- extArray = PORT_ZNewArray(CRMFCertExtension*,newSize+1);
- } else {
- newSize = inTemplate->numExtensions + extensions->numExtensions;
- extArray = PORT_Realloc(inTemplate->extensions,
- sizeof(CRMFCertExtension*)*(newSize+1));
- }
- if (extArray == NULL) {
- goto loser;
- }
- oldSize = inTemplate->numExtensions;
- inTemplate->extensions = extArray;
- inTemplate->numExtensions = newSize;
- for (i=oldSize; i < newSize; i++) {
- newExt = PORT_ArenaZNew(poolp, CRMFCertExtension);
- if (newExt == NULL) {
- goto loser2;
- }
- currExt = extensions->extensions[i-oldSize];
- rv = crmf_copy_secitem(poolp, &(newExt->id), &(currExt->id));
- if (rv != SECSuccess) {
- goto loser2;
- }
- rv = crmf_copy_secitem(poolp, &(newExt->critical),
- &(currExt->critical));
- if (rv != SECSuccess) {
- goto loser2;
- }
- rv = crmf_copy_secitem(poolp, &(newExt->value), &(currExt->value));
- if (rv != SECSuccess) {
- goto loser2;
- }
- extArray[i] = newExt;
- }
- extArray[newSize] = NULL;
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
- loser2:
- crmf_zeroize_new_extensions (&(inTemplate->extensions[oldSize]),
- extensions->numExtensions);
- inTemplate->numExtensions = oldSize;
- loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
-}
-
-SECStatus
-CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inTemplateField,
- void *data)
-{
- CRMFCertTemplate *certTemplate;
- PRArenaPool *poolp;
- SECStatus rv = SECFailure;
- void *mark;
-
-
- if (inCertReq == NULL) {
- return SECFailure;
- }
-
- certTemplate = &(inCertReq->certTemplate);
-
- poolp = inCertReq->poolp;
- mark = PORT_ArenaMark(poolp);
- switch (inTemplateField) {
- case crmfVersion:
- rv = crmf_template_add_version(poolp,&(certTemplate->version),
- *(long*)data);
- break;
- case crmfSerialNumber:
- rv = crmf_template_add_serialnumber(poolp,
- &(certTemplate->serialNumber),
- *(long*)data);
- break;
- case crmfSigningAlg:
- rv = crmf_template_copy_secalg (poolp, &(certTemplate->signingAlg),
- (SECAlgorithmID*)data);
- break;
- case crmfIssuer:
- rv = crmf_template_add_issuer (poolp, &(certTemplate->issuer),
- (CERTName*)data);
- break;
- case crmfValidity:
- rv = crmf_template_add_validity (poolp, &(certTemplate->validity),
- (CRMFValidityCreationInfo*)data);
- break;
- case crmfSubject:
- rv = crmf_template_add_subject (poolp, &(certTemplate->subject),
- (CERTName*)data);
- break;
- case crmfPublicKey:
- rv = crmf_template_add_public_key(poolp, &(certTemplate->publicKey),
- (CERTSubjectPublicKeyInfo*)data);
- break;
- case crmfIssuerUID:
- rv = crmf_template_add_issuer_uid(poolp, &(certTemplate->issuerUID),
- (SECItem*)data);
- break;
- case crmfSubjectUID:
- rv = crmf_template_add_subject_uid(poolp, &(certTemplate->subjectUID),
- (SECItem*)data);
- break;
- case crmfExtension:
- rv = crmf_template_add_extensions(poolp, certTemplate,
- (CRMFCertExtCreationInfo*)data);
- break;
- }
- if (rv != SECSuccess) {
- PORT_ArenaRelease(poolp, mark);
- } else {
- PORT_ArenaUnmark(poolp, mark);
- }
- return rv;
-}
-
-SECStatus
-CRMF_CertReqMsgSetCertRequest (CRMFCertReqMsg *inCertReqMsg,
- CRMFCertRequest *inCertReq)
-{
- PORT_Assert (inCertReqMsg != NULL && inCertReq != NULL);
- if (inCertReqMsg == NULL || inCertReq == NULL) {
- return SECFailure;
- }
- inCertReqMsg->certReq = crmf_copy_cert_request(inCertReqMsg->poolp,
- inCertReq);
- return (inCertReqMsg->certReq == NULL) ? SECFailure : SECSuccess;
-}
-
-CRMFCertReqMsg*
-CRMF_CreateCertReqMsg(void)
-{
- PRArenaPool *poolp;
- CRMFCertReqMsg *reqMsg;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- goto loser;
- }
- reqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
- if (reqMsg == NULL) {
- goto loser;
- }
- reqMsg->poolp = poolp;
- return reqMsg;
-
- loser:
- if (poolp) {
- PORT_FreeArena(poolp, PR_FALSE);
- }
- return NULL;
-}
-
-SECStatus
-CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg)
-{
- PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->poolp != NULL);
- if (!inCertReqMsg->isDecoded) {
- if (inCertReqMsg->certReq->certTemplate.extensions != NULL) {
- PORT_Free(inCertReqMsg->certReq->certTemplate.extensions);
- }
- if (inCertReqMsg->certReq->controls != NULL) {
- PORT_Free(inCertReqMsg->certReq->controls);
- }
- }
- PORT_FreeArena(inCertReqMsg->poolp, PR_TRUE);
- return SECSuccess;
-}
-
-CRMFCertExtension*
-crmf_create_cert_extension(PRArenaPool *poolp,
- SECOidTag id,
- PRBool isCritical,
- SECItem *data)
-{
- CRMFCertExtension *newExt;
- SECOidData *oidData;
- SECStatus rv;
-
- newExt = (poolp == NULL) ? PORT_ZNew(CRMFCertExtension) :
- PORT_ArenaZNew(poolp, CRMFCertExtension);
- if (newExt == NULL) {
- goto loser;
- }
- oidData = SECOID_FindOIDByTag(id);
- if (oidData == NULL ||
- oidData->supportedExtension != SUPPORTED_CERT_EXTENSION) {
- goto loser;
- }
-
- rv = SECITEM_CopyItem(poolp, &(newExt->id), &(oidData->oid));
- if (rv != SECSuccess) {
- goto loser;
- }
-
- rv = SECITEM_CopyItem(poolp, &(newExt->value), data);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- if (isCritical) {
- newExt->critical.data = (poolp == NULL) ?
- PORT_New(unsigned char) :
- PORT_ArenaNew(poolp, unsigned char);
- if (newExt->critical.data == NULL) {
- goto loser;
- }
- newExt->critical.data[0] = hexTrue;
- newExt->critical.len = 1;
- }
- return newExt;
- loser:
- if (newExt != NULL && poolp == NULL) {
- CRMF_DestroyCertExtension(newExt);
- }
- return NULL;
-}
-
-CRMFCertExtension *
-CRMF_CreateCertExtension(SECOidTag id,
- PRBool isCritical,
- SECItem *data)
-{
- return crmf_create_cert_extension(NULL, id, isCritical, data);
-}
-
-SECStatus
-crmf_destroy_cert_extension(CRMFCertExtension *inExtension, PRBool freeit)
-{
- if (inExtension != NULL) {
- SECITEM_FreeItem (&(inExtension->id), PR_FALSE);
- SECITEM_FreeItem (&(inExtension->value), PR_FALSE);
- SECITEM_FreeItem (&(inExtension->critical), PR_FALSE);
- if (freeit) {
- PORT_Free(inExtension);
- }
- }
- return SECSuccess;
-}
-
-SECStatus
-CRMF_DestroyCertExtension(CRMFCertExtension *inExtension)
-{
- return crmf_destroy_cert_extension(inExtension, PR_TRUE);
-}
-
-SECStatus
-CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs)
-{
- PORT_Assert (inCertReqMsgs != NULL);
- if (inCertReqMsgs != NULL) {
- PORT_FreeArena(inCertReqMsgs->poolp, PR_TRUE);
- }
- return SECSuccess;
-}
-
-static PRBool
-crmf_item_has_data(SECItem *item)
-{
- if (item != NULL && item->data != NULL) {
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-PRBool
-CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inTemplateField)
-{
- PRBool retVal;
- CRMFCertTemplate *certTemplate;
-
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- /* This is probably some kind of error, but this is
- * the safest return value for this function.
- */
- return PR_FALSE;
- }
- certTemplate = &inCertReq->certTemplate;
- switch (inTemplateField) {
- case crmfVersion:
- retVal = crmf_item_has_data(&certTemplate->version);
- break;
- case crmfSerialNumber:
- retVal = crmf_item_has_data(&certTemplate->serialNumber);
- break;
- case crmfSigningAlg:
- retVal = IS_NOT_NULL(certTemplate->signingAlg);
- break;
- case crmfIssuer:
- retVal = IS_NOT_NULL(certTemplate->issuer);
- break;
- case crmfValidity:
- retVal = IS_NOT_NULL(certTemplate->validity);
- break;
- case crmfSubject:
- retVal = IS_NOT_NULL(certTemplate->subject);
- break;
- case crmfPublicKey:
- retVal = IS_NOT_NULL(certTemplate->publicKey);
- break;
- case crmfIssuerUID:
- retVal = crmf_item_has_data(&certTemplate->issuerUID);
- break;
- case crmfSubjectUID:
- retVal = crmf_item_has_data(&certTemplate->subjectUID);
- break;
- case crmfExtension:
- retVal = IS_NOT_NULL(certTemplate->extensions);
- break;
- default:
- retVal = PR_FALSE;
- }
- return retVal;
-}
diff --git a/security/nss/lib/crmf/crmft.h b/security/nss/lib/crmf/crmft.h
deleted file mode 100644
index 574c7212e..000000000
--- a/security/nss/lib/crmf/crmft.h
+++ /dev/null
@@ -1,217 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-/* Header file with all of the structures and types that will be exported
- * by the security library for implementation of CRMF.
- */
-
-#ifndef _CRMFT_H_
-#define _CRMFT_H_
-
-/* Use these enumerated values for adding fields to the certificate request */
-typedef enum {
- crmfVersion,
- crmfSerialNumber,
- crmfSigningAlg,
- crmfIssuer,
- crmfValidity,
- crmfSubject,
- crmfPublicKey,
- crmfIssuerUID,
- crmfSubjectUID,
- crmfExtension
-} CRMFCertTemplateField;
-
-/*
- * An enumeration for the different types of controls.
- */
-typedef enum {
- crmfNoControl,
- crmfRegTokenControl,
- crmfAuthenticatorControl,
- crmfPKIPublicationInfoControl,
- crmfPKIArchiveOptionsControl,
- crmfOldCertIDControl,
- crmfProtocolEncrKeyControl
-} CRMFControlType;
-
-/*
- * The possible values that are passed into CRMF_CreatePKIPublicationInfo
- */
-typedef enum{
- crmfDontPublish,
- crmfPleasePublish
-} CRMFPublicationAction;
-
-/*
- * An enumeration for the possible for pubMethod which is a part of
- * the SinglePubInfo ASN1 type.
- */
-typedef enum {
- crmfDontCare,
- crmfX500,
- crmfWeb,
- crmfLdap
-} CRMFPublicationMethod;
-
-/*
- * An enumeration for the different options for PKIArchiveOptions type.
- */
-typedef enum {
- crmfNoArchiveOptions,
- crmfEncryptedPrivateKey,
- crmfKeyGenParameters,
- crmfArchiveRemGenPrivKey
-} CRMFPKIArchiveOptionsType;
-
-/*
- * An enumeration for the different options for ProofOfPossession
- */
-typedef enum {
- crmfNoPOPChoice,
- crmfRAVerified,
- crmfSignature,
- crmfKeyEncipherment,
- crmfKeyAgreement
-} CRMFPOPChoice;
-
-/*
- * An enumertion type for options for the authInfo field of the
- * CRMFPOPOSigningKeyInput structure.
- */
-typedef enum {
- crmfSender,
- crmfPublicKeyMAC
-} CRMFPOPOSkiInputAuthChoice;
-
-/*
- * An enumeration for the SubsequentMessage Options.
- */
-typedef enum {
- crmfNoSubseqMess,
- crmfEncrCert,
- crmfChallengeResp
-} CRMFSubseqMessOptions;
-
-/*
- * An enumeration for the choice used by POPOPrivKey.
- */
-typedef enum {
- crmfNoMessage,
- crmfThisMessage,
- crmfSubsequentMessage,
- crmfDHMAC
-} CRMFPOPOPrivKeyChoice;
-
-/*
- * An enumeration for the choices for the EncryptedKey type.
- */
-typedef enum {
- crmfNoEncryptedKeyChoice,
- crmfEncryptedValueChoice,
- crmfEnvelopedDataChoice
-} CRMFEncryptedKeyChoice;
-
-/*
- * TYPE: CRMFEncoderOutputCallback
- * This function type defines a prototype for a function that the CRMF
- * library expects when encoding is performed.
- *
- * ARGUMENTS:
- * arg
- * This will be a pointer the user passed into an encoding function.
- * The user of the library is free to use this pointer in any way.
- * The most common use is to keep around a buffer for writing out
- * the DER encoded bytes.
- * buf
- * The DER encoded bytes that should be written out.
- * len
- * The number of DER encoded bytes to write out.
- *
- */
-typedef void (*CRMFEncoderOutputCallback) (void *arg,
- const char *buf,
- unsigned long len);
-
-/*
- * Type for the function that gets a password. Just in case we ever
- * need to support publicKeyMAC for POPOSigningKeyInput
- */
-typedef SECItem* (*CRMFMACPasswordCallback) (void *arg);
-
-typedef struct CRMFOptionalValidityStr CRMFOptionalValidity;
-typedef struct CRMFValidityCreationInfoStr CRMFGetValidity;
-typedef struct CRMFCertTemplateStr CRMFCertTemplate;
-typedef struct CRMFCertRequestStr CRMFCertRequest;
-typedef struct CRMFCertReqMsgStr CRMFCertReqMsg;
-typedef struct CRMFCertReqMessagesStr CRMFCertReqMessages;
-typedef struct CRMFProofOfPossessionStr CRMFProofOfPossession;
-typedef struct CRMFPOPOSigningKeyStr CRMFPOPOSigningKey;
-typedef struct CRMFPOPOSigningKeyInputStr CRMFPOPOSigningKeyInput;
-typedef struct CRMFPOPOPrivKeyStr CRMFPOPOPrivKey;
-typedef struct CRMFPKIPublicationInfoStr CRMFPKIPublicationInfo;
-typedef struct CRMFSinglePubInfoStr CRMFSinglePubInfo;
-typedef struct CRMFPKIArchiveOptionsStr CRMFPKIArchiveOptions;
-typedef struct CRMFEncryptedKeyStr CRMFEncryptedKey;
-typedef struct CRMFEncryptedValueStr CRMFEncryptedValue;
-typedef struct CRMFCertIDStr CRMFCertID;
-typedef struct CRMFCertIDStr CRMFOldCertID;
-typedef CERTSubjectPublicKeyInfo CRMFProtocolEncrKey;
-typedef struct CRMFValidityCreationInfoStr CRMFValidityCreationInfo;
-typedef struct CRMFCertExtCreationInfoStr CRMFCertExtCreationInfo;
-typedef struct CRMFPKMACValueStr CRMFPKMACValue;
-typedef struct CRMFAttributeStr CRMFAttribute;
-typedef struct CRMFControlStr CRMFControl;
-typedef CERTGeneralName CRMFGeneralName;
-typedef struct CRMFCertExtensionStr CRMFCertExtension;
-
-struct CRMFValidityCreationInfoStr {
- PRTime *notBefore;
- PRTime *notAfter;
-};
-
-struct CRMFCertExtCreationInfoStr {
- CRMFCertExtension **extensions;
- int numExtensions;
-};
-
-/*
- * Some ASN1 Templates that may be needed.
- */
-extern const SEC_ASN1Template CRMFCertReqMessagesTemplate[];
-extern const SEC_ASN1Template CRMFCertRequestTemplate[];
-
-
-#endif /*_CRMFT_H_*/
diff --git a/security/nss/lib/crmf/crmftmpl.c b/security/nss/lib/crmf/crmftmpl.c
deleted file mode 100644
index da660cd6e..000000000
--- a/security/nss/lib/crmf/crmftmpl.c
+++ /dev/null
@@ -1,270 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*- */
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "crmf.h"
-#include "crmfi.h"
-#include "secoid.h"
-#include "secasn1.h"
-
-
-/*
- * It's all implicit tagging.
- */
-
-const SEC_ASN1Template CRMFControlTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFControl)},
- { SEC_ASN1_OBJECT_ID, offsetof(CRMFControl, derTag)},
- { SEC_ASN1_ANY, offsetof(CRMFControl, derValue) },
- { 0 }
-};
-
-static const SEC_ASN1Template CRMFCertExtensionTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CRMFCertExtension) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CRMFCertExtension,id) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,
- offsetof(CRMFCertExtension,critical) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(CRMFCertExtension,value) },
- { 0, }
-};
-
-static const SEC_ASN1Template CRMFSequenceOfCertExtensionTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, CRMFCertExtensionTemplate }
-};
-
-static const SEC_ASN1Template CRMFOptionalValidityTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFOptionalValidity) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 0,
- offsetof (CRMFOptionalValidity, notBefore),
- SEC_UTCTimeTemplate},
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 1,
- offsetof (CRMFOptionalValidity, notAfter),
- SEC_UTCTimeTemplate},
- { 0 }
-};
-
-static const SEC_ASN1Template crmfPointerToNameTemplate[] = {
- { SEC_ASN1_POINTER, 0, CERT_NameTemplate},
- { 0 }
-};
-
-static const SEC_ASN1Template CRMFCertTemplateTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CRMFCertTemplate, version), SEC_IntegerTemplate },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 1 ,
- offsetof (CRMFCertTemplate, serialNumber), SEC_IntegerTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 2,
- offsetof (CRMFCertTemplate, signingAlg), SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 3,
- offsetof (CRMFCertTemplate, issuer), crmfPointerToNameTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 4,
- offsetof (CRMFCertTemplate, validity),
- CRMFOptionalValidityTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 5,
- offsetof (CRMFCertTemplate, subject), crmfPointerToNameTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 6,
- offsetof (CRMFCertTemplate, publicKey),
- CERT_SubjectPublicKeyInfoTemplate },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 7,
- offsetof (CRMFCertTemplate, issuerUID), SEC_BitStringTemplate },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 8,
- offsetof (CRMFCertTemplate, subjectUID), SEC_BitStringTemplate },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
- SEC_ASN1_CONTEXT_SPECIFIC | 9,
- offsetof (CRMFCertTemplate, extensions),
- CRMFSequenceOfCertExtensionTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template CRMFAttributeTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFAttribute)},
- { SEC_ASN1_OBJECT_ID, offsetof(CRMFAttribute, derTag)},
- { SEC_ASN1_ANY, offsetof(CRMFAttribute, derValue) },
- { 0 }
-};
-
-const SEC_ASN1Template CRMFCertRequestTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFCertRequest) },
- { SEC_ASN1_INTEGER, offsetof(CRMFCertRequest, certReqId)},
- { SEC_ASN1_INLINE, offsetof(CRMFCertRequest, certTemplate),
- CRMFCertTemplateTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
- offsetof(CRMFCertRequest,controls),
- CRMFControlTemplate}, /* SEQUENCE SIZE (1...MAX)*/
- { 0 }
-};
-
-const SEC_ASN1Template CRMFCertReqMsgTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertReqMsg) },
- { SEC_ASN1_POINTER, offsetof(CRMFCertReqMsg, certReq),
- CRMFCertRequestTemplate },
- { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
- offsetof(CRMFCertReqMsg, derPOP) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
- offsetof(CRMFCertReqMsg, regInfo),
- CRMFAttributeTemplate}, /* SEQUENCE SIZE (1...MAX)*/
- { 0 }
-};
-
-const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, offsetof(CRMFCertReqMessages, messages),
- CRMFCertReqMsgTemplate, sizeof (CRMFCertReqMessages)}
-};
-
-static const SEC_ASN1Template CRMFPOPOSigningKeyInputTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL,sizeof(CRMFPOPOSigningKeyInput) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CRMFPOPOSigningKeyInput, authInfo.sender) },
- { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL | 1,
- offsetof (CRMFPOPOSigningKeyInput, authInfo.publicKeyMAC) },
- { SEC_ASN1_INLINE, offsetof(CRMFPOPOSigningKeyInput, publicKey),
- CERT_SubjectPublicKeyInfoTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template CRMFRAVerifiedTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 0,
- 0,
- SEC_NullTemplate },
- { 0 }
-};
-
-
-/* This template will need to add POPOSigningKeyInput eventually, maybe*/
-static const SEC_ASN1Template crmfPOPOSigningKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPOPOSigningKey) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CRMFPOPOSigningKey, derInput), SEC_AnyTemplate},
- { SEC_ASN1_POINTER, offsetof(CRMFPOPOSigningKey, algorithmIdentifier),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_BIT_STRING, offsetof(CRMFPOPOSigningKey, signature),
- SEC_BitStringTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 1,
- 0,
- crmfPOPOSigningKeyTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CRMFThisMessageTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 0,
- 0,
- SEC_BitStringTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CRMFSubsequentMessageTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 1,
- 0,
- SEC_IntegerTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CRMFDHMACTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 0,
- 0,
- SEC_BitStringTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[] = {
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 2,
- 0,
- SEC_AnyTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[] = {
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 3,
- 0,
- SEC_AnyTemplate},
- { 0 }
-};
-
-const SEC_ASN1Template CRMFEncryptedValueTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFEncryptedValue)},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0,
- offsetof(CRMFEncryptedValue, intendedAlg),
- SECOID_AlgorithmIDTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 1,
- offsetof (CRMFEncryptedValue, symmAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 2,
- offsetof(CRMFEncryptedValue, encSymmKey), SEC_BitStringTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 3,
- offsetof(CRMFEncryptedValue, keyAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 4,
- offsetof(CRMFEncryptedValue, valueHint),
- SEC_OctetStringTemplate},
- { SEC_ASN1_BIT_STRING, offsetof(CRMFEncryptedValue, encValue) },
- { 0 }
-};
-
-const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate [] = {
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
- 0,
- CRMFEncryptedValueTemplate},
- { 0 }
-};
-
-static const SEC_ASN1Template CRMFSinglePubInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFSinglePubInfo)},
- { SEC_ASN1_INTEGER, offsetof(CRMFSinglePubInfo, pubMethod) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC,
- offsetof(CRMFSinglePubInfo, pubLocation) },
- { 0 }
-};
-
-static const SEC_ASN1Template CRMFPublicationInfoTemplate[] ={
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPKIPublicationInfo) },
- { SEC_ASN1_INTEGER, offsetof(CRMFPKIPublicationInfo, action) },
- { SEC_ASN1_POINTER, offsetof(CRMFPKIPublicationInfo, pubInfos),
- CRMFSinglePubInfoTemplate},
- { 0 }
-};
diff --git a/security/nss/lib/crmf/encutil.c b/security/nss/lib/crmf/encutil.c
deleted file mode 100644
index 7862e1482..000000000
--- a/security/nss/lib/crmf/encutil.c
+++ /dev/null
@@ -1,63 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*- */
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secasn1.h"
-#include "crmf.h"
-#include "crmfi.h"
-
-void
-crmf_encoder_out(void *arg, const char *buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
-{
- struct crmfEncoderOutput *output;
-
- output = (struct crmfEncoderOutput*) arg;
- output->fn (output->outputArg, buf, len);
-}
-
-SECStatus
-cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg,
- const SEC_ASN1Template *inTemplate)
-{
- struct crmfEncoderOutput output;
-
- PORT_Assert(src != NULL);
- if (src == NULL) {
- return SECFailure;
- }
- output.fn = inCallback;
- output.outputArg = inArg;
- return SEC_ASN1Encode(src, inTemplate, crmf_encoder_out, &output);
-}
-
diff --git a/security/nss/lib/crmf/manifest.mn b/security/nss/lib/crmf/manifest.mn
deleted file mode 100644
index 67e145d09..000000000
--- a/security/nss/lib/crmf/manifest.mn
+++ /dev/null
@@ -1,73 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-EXPORTS = \
- crmf.h \
- crmft.h \
- cmmf.h \
- cmmft.h \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- crmfi.h \
- crmfit.h \
- cmmfi.h \
- cmmfit.h \
- $(NULL)
-
-CSRCS = crmfenc.c \
- crmftmpl.c \
- crmfreq.c \
- crmfpop.c \
- crmfdec.c \
- crmfget.c \
- crmfcont.c \
- cmmfasn1.c \
- cmmfresp.c \
- cmmfrec.c \
- cmmfchal.c \
- servget.c \
- encutil.c \
- respcli.c \
- respcmn.c \
- challcli.c \
- asn1cmn.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = crmf
diff --git a/security/nss/lib/crmf/respcli.c b/security/nss/lib/crmf/respcli.c
deleted file mode 100644
index 9dac74a5e..000000000
--- a/security/nss/lib/crmf/respcli.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-/*
- * This file will contain all routines needed by a client that has
- * to parse a CMMFCertRepContent structure and retirieve the appropriate
- * data.
- */
-
-#include "cmmf.h"
-#include "cmmfi.h"
-#include "crmf.h"
-#include "crmfi.h"
-#include "secitem.h"
-#include "secder.h"
-#include "secasn1.h"
-
-CMMFCertRepContent*
-CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, const char *buf,
- long len)
-{
- PRArenaPool *poolp;
- CMMFCertRepContent *certRepContent;
- SECStatus rv;
- int i;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- return NULL;
- }
- certRepContent = PORT_ArenaZNew(poolp, CMMFCertRepContent);
- if (certRepContent == NULL) {
- goto loser;
- }
- certRepContent->poolp = poolp;
- rv = SEC_ASN1Decode(poolp, certRepContent, CMMFCertRepContentTemplate,
- buf, len);
- if (rv != SECSuccess) {
- goto loser;
- }
- if (certRepContent->response != NULL) {
- for (i=0; certRepContent->response[i] != NULL; i++) {
- rv = cmmf_decode_process_cert_response(poolp, db,
- certRepContent->response[i]);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- }
- certRepContent->isDecoded = PR_TRUE;
- return certRepContent;
- loser:
- PORT_FreeArena(poolp, PR_FALSE);
- return NULL;
-}
-
-long
-CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp)
-{
- PORT_Assert(inCertResp != NULL);
- if (inCertResp == NULL) {
- return -1;
- }
- return DER_GetInteger(&inCertResp->certReqId);
-}
-
-PRBool
-cmmf_CertRepContentIsIndexValid(CMMFCertRepContent *inCertRepContent,
- int inIndex)
-{
- int numResponses;
-
- PORT_Assert(inCertRepContent != NULL);
- numResponses = CMMF_CertRepContentGetNumResponses(inCertRepContent);
- return (PRBool)(inIndex >= 0 && inIndex < numResponses);
-}
-
-CMMFCertResponse*
-CMMF_CertRepContentGetResponseAtIndex(CMMFCertRepContent *inCertRepContent,
- int inIndex)
-{
- CMMFCertResponse *certResponse;
- SECStatus rv;
-
- PORT_Assert(inCertRepContent != NULL &&
- cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex));
- if (inCertRepContent == NULL ||
- !cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex)) {
- return NULL;
- }
- certResponse = PORT_ZNew(CMMFCertResponse);
- rv = cmmf_CopyCertResponse(NULL, certResponse,
- inCertRepContent->response[inIndex]);
- if (rv != SECSuccess) {
- CMMF_DestroyCertResponse(certResponse);
- certResponse = NULL;
- }
- return certResponse;
-}
-
-CMMFPKIStatus
-CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp)
-{
- PORT_Assert(inCertResp != NULL);
- if (inCertResp == NULL) {
- return cmmfNoPKIStatus;
- }
- return cmmf_PKIStatusInfoGetStatus(&inCertResp->status);
-}
-
-CERTCertificate*
-CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp,
- CERTCertDBHandle *inCertdb)
-{
- PORT_Assert(inCertResp != NULL);
- if (inCertResp == NULL || inCertResp->certifiedKeyPair == NULL) {
- return NULL;
- }
-
- return cmmf_CertOrEncCertGetCertificate
- (&inCertResp->certifiedKeyPair->certOrEncCert,
- inCertdb);
-
-}
-
-CERTCertList*
-CMMF_CertRepContentGetCAPubs (CMMFCertRepContent *inCertRepContent)
-{
- PORT_Assert (inCertRepContent != NULL);
- if (inCertRepContent == NULL || inCertRepContent->caPubs == NULL) {
- return NULL;
- }
- return cmmf_MakeCertList(inCertRepContent->caPubs);
-}
-
diff --git a/security/nss/lib/crmf/respcmn.c b/security/nss/lib/crmf/respcmn.c
deleted file mode 100644
index f40e5b334..000000000
--- a/security/nss/lib/crmf/respcmn.c
+++ /dev/null
@@ -1,414 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#include "cmmf.h"
-#include "cmmfi.h"
-#include "secitem.h"
-
-SECStatus
-cmmf_DestroyPKIStatusInfo (CMMFPKIStatusInfo *info, PRBool freeit)
-{
- if (info->status.data != NULL) {
- PORT_Free(info->status.data);
- }
- if (info->statusString.data != NULL) {
- PORT_Free(info->statusString.data);
- }
- if (info->failInfo.data != NULL) {
- PORT_Free(info->failInfo.data);
- }
- if (freeit) {
- PORT_Free(info);
- }
- return SECSuccess;
-}
-
-SECStatus
-CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp)
-{
- PORT_Assert(inCertResp != NULL);
- if (inCertResp != NULL) {
- if (inCertResp->certReqId.data != NULL) {
- PORT_Free(inCertResp->certReqId.data);
- }
- cmmf_DestroyPKIStatusInfo(&inCertResp->status, PR_FALSE);
- if (inCertResp->certifiedKeyPair != NULL) {
- CMMF_DestroyCertifiedKeyPair(inCertResp->certifiedKeyPair);
- }
- PORT_Free(inCertResp);
- }
- return SECSuccess;
-}
-
-SECStatus
-CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent)
-{
- CMMFCertifiedKeyPair *certKeyPair;
- int i;
-
- PORT_Assert(inCertRepContent != NULL);
- if (inCertRepContent != NULL && inCertRepContent->poolp != NULL) {
- if (!inCertRepContent->isDecoded) {
- if (inCertRepContent->response != NULL) {
- for (i=0; inCertRepContent->response[i] != NULL; i++) {
- certKeyPair = inCertRepContent->response[i]->certifiedKeyPair;
- if (certKeyPair != NULL &&
- certKeyPair->certOrEncCert.choice == cmmfCertificate &&
- certKeyPair->certOrEncCert.cert.certificate != NULL) {
- CERT_DestroyCertificate
- (certKeyPair->certOrEncCert.cert.certificate);
- }
- }
- }
- if (inCertRepContent->caPubs != NULL) {
- for (i=0; inCertRepContent->caPubs[i] != NULL; i++) {
- CERT_DestroyCertificate(inCertRepContent->caPubs[i]);
- }
- }
- }
- PORT_FreeArena(inCertRepContent->poolp, PR_TRUE);
- }
- return SECSuccess;
-}
-
-SECStatus
-CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont)
-{
- PORT_Assert(inDecKeyCont != NULL);
- if (inDecKeyCont != NULL && inDecKeyCont->poolp) {
- PORT_FreeArena(inDecKeyCont->poolp, PR_FALSE);
- }
- return SECSuccess;
-}
-
-SECStatus
-crmf_create_prtime(SECItem *src, PRTime **dest)
-{
- *dest = PORT_ZNew(PRTime);
- return DER_UTCTimeToTime(*dest, src);
-}
-
-CRMFCertExtension*
-crmf_copy_cert_extension(PRArenaPool *poolp, CRMFCertExtension *inExtension)
-{
- PRBool isCritical;
- SECOidTag id;
- SECItem *data;
- CRMFCertExtension *newExt;
-
- PORT_Assert(inExtension != NULL);
- if (inExtension == NULL) {
- return NULL;
- }
- id = CRMF_CertExtensionGetOidTag(inExtension);
- isCritical = CRMF_CertExtensionGetIsCritical(inExtension);
- data = CRMF_CertExtensionGetValue(inExtension);
- newExt = crmf_create_cert_extension(poolp, id,
- isCritical,
- data);
- SECITEM_FreeItem(data, PR_TRUE);
- return newExt;
-}
-
-static SECItem*
-cmmf_encode_certificate(CERTCertificate *inCert)
-{
- return SEC_ASN1EncodeItem(NULL, NULL, inCert,
- SEC_SignedCertificateTemplate);
-}
-
-CERTCertList*
-cmmf_MakeCertList(CERTCertificate **inCerts)
-{
- CERTCertList *certList;
- CERTCertificate *currCert;
- SECItem *derCert, *freeCert = NULL;
- SECStatus rv;
- int i;
-
- certList = CERT_NewCertList();
- if (certList == NULL) {
- return NULL;
- }
- for (i=0; inCerts[i] != NULL; i++) {
- derCert = &inCerts[i]->derCert;
- if (derCert->data == NULL) {
- derCert = freeCert = cmmf_encode_certificate(inCerts[i]);
- }
- currCert=CERT_DecodeDERCertificate(derCert, PR_TRUE, NULL);
- if (freeCert != NULL) {
- SECITEM_FreeItem(freeCert, PR_TRUE);
- freeCert = NULL;
- }
- if (currCert == NULL) {
- goto loser;
- }
- rv = CERT_AddCertToListTail(certList, currCert);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- return certList;
- loser:
- CERT_DestroyCertList(certList);
- return NULL;
-}
-
-CMMFPKIStatus
-cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus)
-{
- long derVal;
-
- derVal = DER_GetInteger(&inStatus->status);
- if (derVal == -1 || derVal < cmmfGranted || derVal >= cmmfNumPKIStatus) {
- return cmmfNoPKIStatus;
- }
- return (CMMFPKIStatus)derVal;
-}
-
-int
-CMMF_CertRepContentGetNumResponses(CMMFCertRepContent *inCertRepContent)
-{
- int numResponses = 0;
- PORT_Assert (inCertRepContent != NULL);
- if (inCertRepContent != NULL && inCertRepContent->response != NULL) {
- while (inCertRepContent->response[numResponses] != NULL) {
- numResponses++;
- }
- }
- return numResponses;
-}
-
-
-SECStatus
-cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, PRBool freeit)
-{
- switch (certOrEncCert->choice) {
- case cmmfCertificate:
- CERT_DestroyCertificate(certOrEncCert->cert.certificate);
- break;
- case cmmfEncryptedCert:
- crmf_destroy_encrypted_value(certOrEncCert->cert.encryptedCert,
- PR_TRUE);
- break;
- default:
- break;
- }
- if (freeit) {
- PORT_Free(certOrEncCert);
- }
- return SECSuccess;
-}
-
-SECStatus
-cmmf_copy_secitem (PRArenaPool *poolp, SECItem *dest, SECItem *src)
-{
- SECStatus rv;
-
- if (src->data != NULL) {
- rv = SECITEM_CopyItem(poolp, dest, src);
- } else {
- dest->data = NULL;
- dest->len = 0;
- rv = SECSuccess;
- }
- return rv;
-}
-
-SECStatus
-CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair)
-{
- PORT_Assert(inCertKeyPair != NULL);
- if (inCertKeyPair != NULL) {
- cmmf_DestroyCertOrEncCert(&inCertKeyPair->certOrEncCert, PR_FALSE);
- }
- if (inCertKeyPair->privateKey) {
- crmf_destroy_encrypted_value(inCertKeyPair->privateKey, PR_TRUE);
- }
- if (inCertKeyPair->derPublicationInfo.data) {
- PORT_Free(inCertKeyPair->derPublicationInfo.data);
- }
- PORT_Free(inCertKeyPair);
- return SECSuccess;
-}
-
-SECStatus
-cmmf_CopyCertResponse(PRArenaPool *poolp,
- CMMFCertResponse *dest,
- CMMFCertResponse *src)
-{
- SECStatus rv;
-
- if (src->certReqId.data != NULL) {
- rv = SECITEM_CopyItem(poolp, &dest->certReqId, &src->certReqId);
- if (rv != SECSuccess) {
- return rv;
- }
- }
- rv = cmmf_CopyPKIStatusInfo(poolp, &dest->status, &src->status);
- if (rv != SECSuccess) {
- return rv;
- }
- if (src->certifiedKeyPair != NULL) {
- dest->certifiedKeyPair = (poolp == NULL) ?
- PORT_ZNew(CMMFCertifiedKeyPair) :
- PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair);
- if (dest->certifiedKeyPair == NULL) {
- return SECFailure;
- }
- rv = cmmf_CopyCertifiedKeyPair(poolp, dest->certifiedKeyPair,
- src->certifiedKeyPair);
- if (rv != SECSuccess) {
- return rv;
- }
- }
- return SECSuccess;
-}
-
-static SECStatus
-cmmf_CopyCertOrEncCert(PRArenaPool *poolp, CMMFCertOrEncCert *dest,
- CMMFCertOrEncCert *src)
-{
- SECStatus rv = SECSuccess;
- CRMFEncryptedValue *encVal;
-
- dest->choice = src->choice;
- rv = cmmf_copy_secitem(poolp, &dest->derValue, &src->derValue);
- switch (src->choice) {
- case cmmfCertificate:
- dest->cert.certificate = CERT_DupCertificate(src->cert.certificate);
- break;
- case cmmfEncryptedCert:
- dest->cert.encryptedCert = encVal = (poolp == NULL) ?
- PORT_ZNew(CRMFEncryptedValue) :
- PORT_ArenaZNew(poolp, CRMFEncryptedValue);
- if (encVal == NULL) {
- return SECFailure;
- }
- rv = crmf_copy_encryptedvalue(poolp, src->cert.encryptedCert, encVal);
- if (rv != SECSuccess) {
- return rv;
- }
- break;
- default:
- rv = SECFailure;
- }
- return rv;
-}
-
-SECStatus
-cmmf_CopyCertifiedKeyPair(PRArenaPool *poolp, CMMFCertifiedKeyPair *dest,
- CMMFCertifiedKeyPair *src)
-{
- SECStatus rv;
-
- rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert,
- &src->certOrEncCert);
- if (rv != SECSuccess) {
- return rv;
- }
-
- if (src->privateKey != NULL) {
- CRMFEncryptedValue *encVal;
-
- encVal = dest->privateKey = (poolp == NULL) ?
- PORT_ZNew(CRMFEncryptedValue) :
- PORT_ArenaZNew(poolp, CRMFEncryptedValue);
- if (encVal == NULL) {
- return SECFailure;
- }
- rv = crmf_copy_encryptedvalue(poolp, src->privateKey,
- dest->privateKey);
- if (rv != SECSuccess) {
- return rv;
- }
- }
- rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo,
- &src->derPublicationInfo);
- return rv;
-}
-
-SECStatus
-cmmf_CopyPKIStatusInfo(PRArenaPool *poolp, CMMFPKIStatusInfo *dest,
- CMMFPKIStatusInfo *src)
-{
- SECStatus rv;
-
- rv = cmmf_copy_secitem (poolp, &dest->status, &src->status);
- if (rv != SECSuccess) {
- return rv;
- }
- rv = cmmf_copy_secitem (poolp, &dest->statusString, &src->statusString);
- if (rv != SECSuccess) {
- return rv;
- }
- rv = cmmf_copy_secitem (poolp, &dest->failInfo, &src->failInfo);
- return rv;
-}
-
-CERTCertificate*
-cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert,
- CERTCertDBHandle *certdb)
-{
- if (certOrEncCert->choice != cmmfCertificate ||
- certOrEncCert->cert.certificate == NULL) {
- return NULL;
- }
- return CERT_NewTempCertificate(certdb,
- &certOrEncCert->cert.certificate->derCert,
- NULL, PR_FALSE, PR_TRUE);
-}
-
-SECStatus
-cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo,
- PRArenaPool *poolp,
- CMMFPKIStatus inStatus)
-{
- SECItem *dummy;
-
- if (inStatus <cmmfGranted || inStatus >= cmmfNumPKIStatus) {
- return SECFailure;
- }
-
- dummy = SEC_ASN1EncodeInteger(poolp, &statusInfo->status, inStatus);
- PORT_Assert(dummy == &statusInfo->status);
- if (dummy != &statusInfo->status) {
- SECITEM_FreeItem(dummy, PR_TRUE);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-
diff --git a/security/nss/lib/crmf/servget.c b/security/nss/lib/crmf/servget.c
deleted file mode 100644
index b80454494..000000000
--- a/security/nss/lib/crmf/servget.c
+++ /dev/null
@@ -1,1007 +0,0 @@
-/* -*- Mode: C; tab-width: 8 -*-*/
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#include "cmmf.h"
-#include "cmmfi.h"
-#include "secitem.h"
-#include "keyhi.h"
-
-CRMFEncryptedKeyChoice
-CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey)
-{
- PORT_Assert(inEncrKey != NULL);
- if (inEncrKey == NULL) {
- return crmfNoEncryptedKeyChoice;
- }
- return inEncrKey->encKeyChoice;
-}
-
-CRMFEncryptedValue*
-CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inEncrKey)
-{
- CRMFEncryptedValue *newEncrValue = NULL;
- SECStatus rv;
-
- PORT_Assert(inEncrKey != NULL);
- if (inEncrKey == NULL ||
- CRMF_EncryptedKeyGetChoice(inEncrKey) != crmfEncryptedValueChoice) {
- goto loser;
- }
- newEncrValue = PORT_ZNew(CRMFEncryptedValue);
- if (newEncrValue == NULL) {
- goto loser;
- }
- rv = crmf_copy_encryptedvalue(NULL, &inEncrKey->value.encryptedValue,
- newEncrValue);
- if (rv != SECSuccess) {
- goto loser;
- }
- return newEncrValue;
- loser:
- if (newEncrValue != NULL) {
- CRMF_DestroyEncryptedValue(newEncrValue);
- }
- return NULL;
-}
-
-static SECItem*
-crmf_get_encvalue_bitstring(SECItem *srcItem)
-{
- SECItem *newItem = NULL;
- SECStatus rv;
-
- if (srcItem->data == NULL) {
- return NULL;
- }
- newItem = PORT_ZNew(SECItem);
- if (newItem == NULL) {
- goto loser;
- }
- rv = crmf_make_bitstring_copy(NULL, newItem, srcItem);
- if (rv != SECSuccess) {
- goto loser;
- }
- return newItem;
- loser:
- if (newItem != NULL) {
- SECITEM_FreeItem(newItem, PR_TRUE);
- }
- return NULL;
-}
-
-SECItem*
-CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue)
-{
- if (inEncValue == NULL) {
- return NULL;
- }
- return crmf_get_encvalue_bitstring(&inEncValue->encSymmKey);
-}
-
-SECItem*
-CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncrValue)
-{
- if (inEncrValue == NULL || inEncrValue->encValue.data == NULL) {
- return NULL;
- }
- return crmf_get_encvalue_bitstring(&inEncrValue->encValue);
-}
-
-static SECAlgorithmID*
-crmf_get_encvalue_algid(SECAlgorithmID *srcAlg)
-{
- SECStatus rv;
- SECAlgorithmID *newAlgID;
-
- if (srcAlg == NULL) {
- return NULL;
- }
- rv = crmf_copy_encryptedvalue_secalg(NULL, srcAlg, &newAlgID);
- if (rv != SECSuccess) {
- return NULL;
- }
- return newAlgID;
-}
-
-SECAlgorithmID*
-CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue)
-{
- if (inEncValue == NULL) {
- return NULL;
- }
- return crmf_get_encvalue_algid(inEncValue->intendedAlg);
-}
-
-SECAlgorithmID*
-CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue)
-{
- if (inEncValue == NULL) {
- return NULL;
- }
- return crmf_get_encvalue_algid(inEncValue->keyAlg);
-}
-
-SECAlgorithmID*
-CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue)
-{
- if (inEncValue == NULL) {
- return NULL;
- }
- return crmf_get_encvalue_algid(inEncValue->symmAlg);
-}
-
-SECItem*
-CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue)
-{
- if (inEncValue == NULL || inEncValue->valueHint.data == NULL) {
- return NULL;
- }
- return SECITEM_DupItem(&inEncValue->valueHint);
-}
-
-SECStatus
-CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
- PRBool *destVal)
-{
- if (inOpt == NULL || destVal == NULL ||
- CRMF_PKIArchiveOptionsGetOptionType(inOpt) != crmfArchiveRemGenPrivKey){
- return SECFailure;
- }
- *destVal = (inOpt->option.archiveRemGenPrivKey.data[0] == hexFalse)
- ? PR_FALSE:
- PR_TRUE;
- return SECSuccess;
-}
-
-CRMFEncryptedKey*
-CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts)
-{
- CRMFEncryptedKey *newEncrKey = NULL;
- SECStatus rv;
-
- PORT_Assert(inOpts != NULL);
- if (inOpts == NULL ||
- CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey){
- return NULL;
- }
- newEncrKey = PORT_ZNew(CRMFEncryptedKey);
- if (newEncrKey == NULL) {
- goto loser;
- }
- rv = crmf_copy_encryptedkey(NULL, &inOpts->option.encryptedKey,
- newEncrKey);
- if (rv != SECSuccess) {
- goto loser;
- }
- return newEncrKey;
- loser:
- if (newEncrKey != NULL) {
- CRMF_DestroyEncryptedKey(newEncrKey);
- }
- return NULL;
-}
-
-SECItem*
-CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions)
-{
- if (inOptions == NULL ||
- CRMF_PKIArchiveOptionsGetOptionType(inOptions) != crmfKeyGenParameters ||
- inOptions->option.keyGenParameters.data == NULL) {
- return NULL;
- }
- return SECITEM_DupItem(&inOptions->option.keyGenParameters);
-}
-
-CRMFPKIArchiveOptionsType
-CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions)
-{
- PORT_Assert (inOptions != NULL);
- if (inOptions == NULL) {
- return crmfNoArchiveOptions;
- }
- return inOptions->archOption;
-}
-
-static SECStatus
-crmf_extract_long_from_item(SECItem *intItem, long *destLong)
-{
- *destLong = DER_GetInteger(intItem);
- return (*destLong == -1) ? SECFailure : SECSuccess;
-}
-
-SECStatus
-CRMF_POPOPrivGetKeySubseqMess(CRMFPOPOPrivKey *inKey,
- CRMFSubseqMessOptions *destOpt)
-{
- long value;
- SECStatus rv;
-
- PORT_Assert(inKey != NULL);
- if (inKey == NULL ||
- inKey->messageChoice != crmfSubsequentMessage) {
- return SECFailure;
- }
- rv = crmf_extract_long_from_item(&inKey->message.subsequentMessage,&value);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- switch (value) {
- case 0:
- *destOpt = crmfEncrCert;
- break;
- case 1:
- *destOpt = crmfChallengeResp;
- break;
- default:
- rv = SECFailure;
- }
- if (rv != SECSuccess) {
- return rv;
- }
- return SECSuccess;
-}
-
-CRMFPOPOPrivKeyChoice
-CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inPrivKey)
-{
- PORT_Assert(inPrivKey != NULL);
- if (inPrivKey != NULL) {
- return inPrivKey->messageChoice;
- }
- return crmfNoMessage;
-}
-
-SECStatus
-CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey, SECItem *destMAC)
-{
- PORT_Assert(inKey != NULL);
- if (inKey == NULL || inKey->message.dhMAC.data == NULL) {
- return SECFailure;
- }
- return crmf_make_bitstring_copy(NULL, destMAC, &inKey->message.dhMAC);
-}
-
-SECStatus
-CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
- SECItem *destString)
-{
- PORT_Assert(inKey != NULL);
- if (inKey == NULL ||
- inKey->messageChoice != crmfThisMessage) {
- return SECFailure;
- }
-
- return crmf_make_bitstring_copy(NULL, destString,
- &inKey->message.thisMessage);
-}
-
-SECAlgorithmID*
-CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey)
-{
- SECAlgorithmID *newAlgId = NULL;
- SECStatus rv;
-
- PORT_Assert(inSignKey != NULL);
- if (inSignKey == NULL) {
- return NULL;
- }
- newAlgId = PORT_ZNew(SECAlgorithmID);
- if (newAlgId == NULL) {
- goto loser;
- }
- rv = SECOID_CopyAlgorithmID(NULL, newAlgId,
- inSignKey->algorithmIdentifier);
- if (rv != SECSuccess) {
- goto loser;
- }
- return newAlgId;
-
- loser:
- if (newAlgId != NULL) {
- SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
- }
- return NULL;
-}
-
-SECItem*
-CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey)
-{
- PORT_Assert(inSignKey != NULL);
- if (inSignKey == NULL || inSignKey->derInput.data == NULL) {
- return NULL;
- }
- return SECITEM_DupItem(&inSignKey->derInput);
-}
-
-SECItem*
-CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey)
-{
- SECItem *newSig = NULL;
- SECStatus rv;
-
- PORT_Assert(inSignKey != NULL);
- if (inSignKey == NULL) {
- return NULL;
- }
- newSig = PORT_ZNew(SECItem);
- if (newSig == NULL) {
- goto loser;
- }
- rv = crmf_make_bitstring_copy(NULL, newSig, &inSignKey->signature);
- if (rv != SECSuccess) {
- goto loser;
- }
- return newSig;
- loser:
- if (newSig != NULL) {
- SECITEM_FreeItem(newSig, PR_TRUE);
- }
- return NULL;
-}
-
-static SECStatus
-crmf_copy_poposigningkey(PRArenaPool *poolp,
- CRMFPOPOSigningKey *inPopoSignKey,
- CRMFPOPOSigningKey *destPopoSignKey)
-{
- SECStatus rv;
-
- /* We don't support use of the POPOSigningKeyInput, so we'll only
- * store away the DER encoding.
- */
- if (inPopoSignKey->derInput.data != NULL) {
- rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
- &inPopoSignKey->derInput);
- }
- destPopoSignKey->algorithmIdentifier = (poolp == NULL) ?
- PORT_ZNew(SECAlgorithmID) :
- PORT_ArenaZNew(poolp, SECAlgorithmID);
-
- if (destPopoSignKey->algorithmIdentifier == NULL) {
- goto loser;
- }
- rv = SECOID_CopyAlgorithmID(poolp, destPopoSignKey->algorithmIdentifier,
- inPopoSignKey->algorithmIdentifier);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature,
- &inPopoSignKey->signature);
- if (rv != SECSuccess) {
- goto loser;
- }
- return SECSuccess;
- loser:
- if (destPopoSignKey && poolp == NULL) {
- CRMF_DestroyPOPOSigningKey(destPopoSignKey);
- }
- return SECFailure;
-}
-
-static SECStatus
-crmf_copy_popoprivkey(PRArenaPool *poolp,
- CRMFPOPOPrivKey *srcPrivKey,
- CRMFPOPOPrivKey *destPrivKey)
-{
- SECStatus rv;
-
- destPrivKey->messageChoice = srcPrivKey->messageChoice;
- switch (destPrivKey->messageChoice) {
- case crmfThisMessage:
- case crmfDHMAC:
- /* I've got a union, so taking the address of one, will also give
- * me a pointer to the other (eg, message.dhMAC)
- */
- rv = crmf_make_bitstring_copy(poolp, &destPrivKey->message.thisMessage,
- &srcPrivKey->message.thisMessage);
- break;
- case crmfSubsequentMessage:
- rv = SECITEM_CopyItem(poolp, &destPrivKey->message.subsequentMessage,
- &srcPrivKey->message.subsequentMessage);
- break;
- default:
- rv = SECFailure;
- }
-
- if (rv != SECSuccess) {
- if (destPrivKey && poolp == NULL) {
- CRMF_DestroyPOPOPrivKey(destPrivKey);
- }
- return SECFailure;
- }
- return SECSuccess;
-}
-
-static CRMFProofOfPossession*
-crmf_copy_pop(PRArenaPool *poolp, CRMFProofOfPossession *srcPOP)
-{
- CRMFProofOfPossession *newPOP;
- SECStatus rv;
-
- /*
- * Proof Of Possession structures are always part of the Request
- * message, so there will always be an arena for allocating memory.
- */
- if (poolp == NULL) {
- return NULL;
- }
- newPOP = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (newPOP == NULL) {
- return NULL;
- }
- switch (srcPOP->popUsed) {
- case crmfRAVerified:
- newPOP->popChoice.raVerified.data = NULL;
- newPOP->popChoice.raVerified.len = 0;
- break;
- case crmfSignature:
- rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature,
- &newPOP->popChoice.signature);
- if (rv != SECSuccess) {
- goto loser;
- }
- break;
- case crmfKeyEncipherment:
- case crmfKeyAgreement:
- /* We've got a union, so a pointer to one, is a pointer to the
- * other one.
- */
- rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment,
- &newPOP->popChoice.keyEncipherment);
- if (rv != SECSuccess) {
- goto loser;
- }
- break;
- default:
- goto loser;
- }
- newPOP->popUsed = srcPOP->popUsed;
- return newPOP;
-
- loser:
- return NULL;
-}
-
-static CRMFCertReqMsg*
-crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg)
-{
- CRMFCertReqMsg *newReqMsg;
- PRArenaPool *poolp;
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- return NULL;
- }
- newReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
- newReqMsg->poolp = poolp;
- if (newReqMsg == NULL) {
- goto loser;
- }
- newReqMsg->certReq = crmf_copy_cert_request(poolp, srcReqMsg->certReq);
- if (newReqMsg->certReq == NULL) {
- goto loser;
- }
- newReqMsg->pop = crmf_copy_pop(poolp, srcReqMsg->pop);
- if (newReqMsg->pop == NULL) {
- goto loser;
- }
- /* None of my set/get routines operate on the regInfo field, so
- * for now, that won't get copied over.
- */
- return newReqMsg;
-
- loser:
- if (newReqMsg != NULL) {
- CRMF_DestroyCertReqMsg(newReqMsg);
- }
- return NULL;
-}
-
-CRMFCertReqMsg*
-CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
- int index)
-{
- int numMsgs;
-
- PORT_Assert(inReqMsgs != NULL && index >= 0);
- if (inReqMsgs == NULL) {
- return NULL;
- }
- numMsgs = CRMF_CertReqMessagesGetNumMessages(inReqMsgs);
- if (index < 0 || index >= numMsgs) {
- return NULL;
- }
- return crmf_copy_cert_req_msg(inReqMsgs->messages[index]);
-}
-
-int
-CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs)
-{
- int numMessages = 0;
-
- PORT_Assert(inCertReqMsgs != NULL);
- if (inCertReqMsgs == NULL) {
- return 0;
- }
- while (inCertReqMsgs->messages[numMessages] != NULL) {
- numMessages++;
- }
- return numMessages;
-}
-
-CRMFCertRequest*
-CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg)
-{
- PRArenaPool *poolp = NULL;
- CRMFCertRequest *newCertReq = NULL;
-
- PORT_Assert(inCertReqMsg != NULL);
-
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- if (poolp == NULL) {
- goto loser;
- }
- newCertReq = crmf_copy_cert_request(poolp, inCertReqMsg->certReq);
- if (newCertReq == NULL) {
- goto loser;
- }
- newCertReq->poolp = poolp;
- return newCertReq;
- loser:
- if (poolp != NULL) {
- PORT_FreeArena(poolp, PR_FALSE);
- }
- return NULL;
-}
-
-SECStatus
-CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, long *destID)
-{
- PORT_Assert(inCertReqMsg != NULL && destID != NULL);
- if (inCertReqMsg == NULL || inCertReqMsg->certReq == NULL) {
- return SECFailure;
- }
- return crmf_extract_long_from_item(&inCertReqMsg->certReq->certReqId,
- destID);
-}
-
-SECStatus
-CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey **destKey)
-{
- PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
- if (inCertReqMsg == NULL || destKey == NULL ||
- CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyAgreement) {
- return SECFailure;
- }
- *destKey = PORT_ZNew(CRMFPOPOPrivKey);
- if (*destKey == NULL) {
- return SECFailure;
- }
- return crmf_copy_popoprivkey(NULL,
- &inCertReqMsg->pop->popChoice.keyAgreement,
- *destKey);
-}
-
-SECStatus
-CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey **destKey)
-{
- PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
- if (inCertReqMsg == NULL || destKey == NULL ||
- CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) {
- return SECFailure;
- }
- *destKey = PORT_ZNew(CRMFPOPOPrivKey);
- if (destKey == NULL) {
- return SECFailure;
- }
- return crmf_copy_popoprivkey(NULL,
- &inCertReqMsg->pop->popChoice.keyEncipherment,
- *destKey);
-}
-
-SECStatus
-CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOSigningKey **destKey)
-{
- CRMFProofOfPossession *pop;
- PORT_Assert(inCertReqMsg != NULL);
- if (inCertReqMsg == NULL) {
- return SECFailure;
- }
- pop = inCertReqMsg->pop;;
- if (pop->popUsed != crmfSignature) {
- return SECFailure;
- }
- *destKey = PORT_ZNew(CRMFPOPOSigningKey);
- if (*destKey == NULL) {
- return SECFailure;
- }
- return crmf_copy_poposigningkey(NULL,&pop->popChoice.signature, *destKey);
-}
-
-static SECStatus
-crmf_copy_name(CERTName *destName, CERTName *srcName)
-{
- PRArenaPool *poolp = NULL;
- SECStatus rv;
-
- if (destName->arena != NULL) {
- poolp = destName->arena;
- } else {
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- }
- if (poolp == NULL) {
- return SECFailure;
- }
- /* Need to do this so that CERT_CopyName doesn't free out
- * the arena from underneath us.
- */
- destName->arena = NULL;
- rv = CERT_CopyName(poolp, destName, srcName);
- destName->arena = poolp;
- return rv;
-}
-
-SECStatus
-CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
- CERTName *destIssuer)
-{
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- return SECFailure;
- }
- if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuer)) {
- return crmf_copy_name(destIssuer,
- inCertReq->certTemplate.issuer);
- }
- return SECFailure;
-}
-
-SECStatus
-CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
- SECItem *destIssuerUID)
-{
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- return SECFailure;
- }
- if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuerUID)) {
- return crmf_make_bitstring_copy(NULL, destIssuerUID,
- &inCertReq->certTemplate.issuerUID);
- }
- return SECFailure;
-}
-
-SECStatus
-CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
- CERTSubjectPublicKeyInfo *destPublicKey)
-{
- PORT_Assert (inCertReq != NULL);
- if (inCertReq == NULL) {
- return SECFailure;
- }
- if (CRMF_DoesRequestHaveField(inCertReq, crmfPublicKey)) {
- return SECKEY_CopySubjectPublicKeyInfo(NULL, destPublicKey,
- inCertReq->certTemplate.publicKey);
- }
- return SECFailure;
-}
-
-SECStatus
-CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
- long *serialNumber)
-{
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- return SECFailure;
- }
- if (CRMF_DoesRequestHaveField(inCertReq, crmfSerialNumber)) {
- return
- crmf_extract_long_from_item(&inCertReq->certTemplate.serialNumber,
- serialNumber);
- }
- return SECFailure;
-}
-
-SECStatus
-CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
- SECAlgorithmID *destAlg)
-{
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- return SECFailure;
- }
- if (CRMF_DoesRequestHaveField(inCertReq, crmfSigningAlg)) {
- return SECOID_CopyAlgorithmID(NULL, destAlg,
- inCertReq->certTemplate.signingAlg);
- }
- return SECFailure;
-}
-
-SECStatus
-CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq,
- CERTName *destSubject)
-{
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- return SECFailure;
- }
- if (CRMF_DoesRequestHaveField(inCertReq, crmfSubject)) {
- return crmf_copy_name(destSubject, inCertReq->certTemplate.subject);
- }
- return SECFailure;
-}
-
-SECStatus
-CRMF_CertRequestGetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
- SECItem *destSubjectUID)
-{
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- return SECFailure;
- }
- if (CRMF_DoesRequestHaveField(inCertReq, crmfSubjectUID)) {
- return crmf_make_bitstring_copy(NULL, destSubjectUID,
- &inCertReq->certTemplate.subjectUID);
- }
- return SECFailure;
-}
-
-SECStatus
-CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
- long *version)
-{
- PORT_Assert (inCertReq != NULL);
- if (inCertReq == NULL) {
- return SECFailure;
- }
- if (CRMF_DoesRequestHaveField(inCertReq, crmfVersion)) {
- return crmf_extract_long_from_item(&inCertReq->certTemplate.version,
- version);
- }
- return SECFailure;
-}
-
-static SECStatus
-crmf_copy_validity(CRMFGetValidity *destValidity,
- CRMFOptionalValidity *src)
-{
- SECStatus rv;
-
- destValidity->notBefore = destValidity->notAfter = NULL;
- if (src->notBefore.data != NULL) {
- rv = crmf_create_prtime(&src->notBefore,
- &destValidity->notBefore);
- if (rv != SECSuccess) {
- return rv;
- }
- }
- if (src->notAfter.data != NULL) {
- rv = crmf_create_prtime(&src->notAfter,
- &destValidity->notAfter);
- if (rv != SECSuccess) {
- return rv;
- }
- }
- return SECSuccess;
-}
-
-SECStatus
-CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
- CRMFGetValidity *destValidity)
-{
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- return SECFailure;
- }
- if (CRMF_DoesRequestHaveField(inCertReq, crmfValidity)) {
- return crmf_copy_validity(destValidity,
- inCertReq->certTemplate.validity);
- }
- return SECFailure;
-}
-
-CRMFControl*
-CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, int index)
-{
- CRMFControl *newControl, *srcControl;
- int numControls;
- SECStatus rv;
-
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- return NULL;
- }
- numControls = CRMF_CertRequestGetNumControls(inCertReq);
- if (index >= numControls || index < 0) {
- return NULL;
- }
- newControl = PORT_ZNew(CRMFControl);
- if (newControl == NULL) {
- return NULL;
- }
- srcControl = inCertReq->controls[index];
- newControl->tag = srcControl->tag;
- rv = SECITEM_CopyItem (NULL, &newControl->derTag, &srcControl->derTag);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- rv = SECITEM_CopyItem(NULL, &newControl->derValue,
- &srcControl->derValue);
- if (rv != SECSuccess) {
- goto loser;
- }
- /* Copy over the PKIArchiveOptions stuff */
- switch (srcControl->tag) {
- case SEC_OID_PKIX_REGCTRL_REGTOKEN:
- case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
- /* No further processing necessary for these types. */
- rv = SECSuccess;
- break;
- case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
- case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
- case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
- /* These aren't supported yet, so no post-processing will
- * be done at this time. But we don't want to fail in case
- * we read in DER that has one of these options.
- */
- rv = SECSuccess;
- break;
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- rv = crmf_copy_pkiarchiveoptions(NULL,
- &newControl->value.archiveOptions,
- &srcControl->value.archiveOptions);
- break;
- default:
- rv = SECFailure;
- }
- if (rv != SECSuccess) {
- goto loser;
- }
- return newControl;
- loser:
- if (newControl != NULL) {
- CRMF_DestroyControl(newControl);
- }
- return NULL;
-}
-
-static SECItem*
-crmf_copy_control_value(CRMFControl *inControl)
-{
- return SECITEM_DupItem(&inControl->derValue);
-}
-
-SECItem*
-CRMF_ControlGetAuthenticatorControlValue(CRMFControl *inControl)
-{
- PORT_Assert (inControl!= NULL);
- if (inControl == NULL ||
- CRMF_ControlGetControlType(inControl) != crmfAuthenticatorControl) {
- return NULL;
- }
- return crmf_copy_control_value(inControl);
-}
-
-CRMFControlType
-CRMF_ControlGetControlType(CRMFControl *inControl)
-{
- CRMFControlType retType;
-
- PORT_Assert(inControl != NULL);
- switch (inControl->tag) {
- case SEC_OID_PKIX_REGCTRL_REGTOKEN:
- retType = crmfRegTokenControl;
- break;
- case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
- retType = crmfAuthenticatorControl;
- break;
- case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
- retType = crmfPKIPublicationInfoControl;
- break;
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- retType = crmfPKIArchiveOptionsControl;
- break;
- case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
- retType = crmfOldCertIDControl;
- break;
- case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
- retType = crmfProtocolEncrKeyControl;
- break;
- default:
- retType = crmfNoControl;
- }
- return retType;
-}
-
-CRMFPKIArchiveOptions*
-CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl)
-{
- CRMFPKIArchiveOptions *newOpt = NULL;
- SECStatus rv;
-
- PORT_Assert(inControl != NULL);
- if (inControl == NULL ||
- CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl){
- goto loser;
- }
- newOpt = PORT_ZNew(CRMFPKIArchiveOptions);
- if (newOpt == NULL) {
- goto loser;
- }
- rv = crmf_copy_pkiarchiveoptions(NULL, newOpt,
- &inControl->value.archiveOptions);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- loser:
- if (newOpt != NULL) {
- CRMF_DestroyPKIArchiveOptions(newOpt);
- }
- return NULL;
-}
-
-SECItem*
-CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl)
-{
- PORT_Assert(inControl != NULL);
- if (inControl == NULL ||
- CRMF_ControlGetControlType(inControl) != crmfRegTokenControl) {
- return NULL;
- }
- return crmf_copy_control_value(inControl);;
-}
-
-CRMFCertExtension*
-CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
- int index)
-{
- int numExtensions;
-
- PORT_Assert(inCertReq != NULL);
- numExtensions = CRMF_CertRequestGetNumberOfExtensions(inCertReq);
- if (index >= numExtensions || index < 0) {
- return NULL;
- }
- return
- crmf_copy_cert_extension(NULL,
- inCertReq->certTemplate.extensions[index]);
-}
-
diff --git a/security/nss/lib/cryptohi/Makefile b/security/nss/lib/cryptohi/Makefile
deleted file mode 100644
index ced902117..000000000
--- a/security/nss/lib/cryptohi/Makefile
+++ /dev/null
@@ -1,77 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
--include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-export:: private_export
-
diff --git a/security/nss/lib/cryptohi/config.mk b/security/nss/lib/cryptohi/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/cryptohi/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/cryptohi/cryptohi.h b/security/nss/lib/cryptohi/cryptohi.h
deleted file mode 100644
index 07d8057c7..000000000
--- a/security/nss/lib/cryptohi/cryptohi.h
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * crypto.h - public data structures and prototypes for the crypto library
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef _CRYPTOHI_H_
-#define _CRYPTOHI_H_
-
-#include "blapi.h"
-
-#include "mcom_db.h"
-
-#include "seccomon.h"
-#include "secrngt.h"
-#include "secoidt.h"
-#include "secdert.h"
-#include "cryptoht.h"
-#include "keyt.h"
-#include "certt.h"
-
-
-SEC_BEGIN_PROTOS
-
-
-/****************************************/
-/*
-** DER encode/decode DSA signatures
-*/
-
-/* ANSI X9.57 defines DSA signatures as DER encoded data. Our DSA code (and
- * most of the rest of the world) just generates 40 bytes of raw data. These
- * functions convert between formats.
- */
-extern SECStatus DSAU_EncodeDerSig(SECItem *dest, SECItem *src);
-extern SECItem *DSAU_DecodeDerSig(SECItem *item);
-
-
-
-/****************************************/
-/*
-** Signature creation operations
-*/
-
-/*
-** Create a new signature context used for signing a data stream.
-** "alg" the signature algorithm to use (e.g. SEC_OID_RSA_WITH_MD5)
-** "privKey" the private key to use
-*/
-extern SGNContext *SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *privKey);
-
-/*
-** Destroy a signature-context object
-** "key" the object
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void SGN_DestroyContext(SGNContext *cx, PRBool freeit);
-
-/*
-** Reset the signing context "cx" to its initial state, preparing it for
-** another stream of data.
-*/
-extern SECStatus SGN_Begin(SGNContext *cx);
-
-/*
-** Update the signing context with more data to sign.
-** "cx" the context
-** "input" the input data to sign
-** "inputLen" the length of the input data
-*/
-extern SECStatus SGN_Update(SGNContext *cx, unsigned char *input,
- unsigned int inputLen);
-
-/*
-** Finish the signature process. Use either k0 or k1 to sign the data
-** stream that was input using SGN_Update. The resulting signature is
-** formatted using PKCS#1 and then encrypted using RSA private or public
-** encryption.
-** "cx" the context
-** "result" the final signature data (memory is allocated)
-*/
-extern SECStatus SGN_End(SGNContext *cx, SECItem *result);
-
-/*
-** Sign a single block of data using private key encryption and given
-** signature/hash algorithm.
-** "result" the final signature data (memory is allocated)
-** "buf" the input data to sign
-** "len" the amount of data to sign
-** "pk" the private key to encrypt with
-** "algid" the signature/hash algorithm to sign with
-** (must be compatible with the key type).
-*/
-extern SECStatus SEC_SignData(SECItem *result, unsigned char *buf, int len,
- SECKEYPrivateKey *pk, SECOidTag algid);
-
-/*
-** Sign a pre-digested block of data using private key encryption, encoding
-** The given signature/hash algorithm.
-** "result" the final signature data (memory is allocated)
-** "digest" the digest to sign
-** "pk" the private key to encrypt with
-** "algtag" The algorithm tag to encode (need for RSA only)
-*/
-extern SECStatus SGN_Digest(SECKEYPrivateKey *privKey,
- SECOidTag algtag, SECItem *result, SECItem *digest);
-
-/*
-** DER sign a single block of data using private key encryption and the
-** MD5 hashing algorithm. This routine first computes a digital signature
-** using SEC_SignData, then wraps it with an CERTSignedData and then der
-** encodes the result.
-** "arena" is the memory arena to use to allocate data from
-** "result" the final der encoded data (memory is allocated)
-** "buf" the input data to sign
-** "len" the amount of data to sign
-** "pk" the private key to encrypt with
-*/
-extern SECStatus SEC_DerSignData(PRArenaPool *arena, SECItem *result,
- unsigned char *buf, int len,
- SECKEYPrivateKey *pk, SECOidTag algid);
-
-/*
-** Destroy a signed-data object.
-** "sd" the object
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void SEC_DestroySignedData(CERTSignedData *sd, PRBool freeit);
-
-/****************************************/
-/*
-** Signature verification operations
-*/
-
-/*
-** Create a signature verification context.
-** "key" the public key to verify with
-** "sig" the encrypted signature data
-** "algid" specifies the signing algorithm to use. This must match
-** the key type.
-** "wincx" void pointer to the window context
-*/
-extern VFYContext *VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig,
- SECOidTag algid, void *wincx);
-
-/*
-** Destroy a verification-context object.
-** "cx" the context to destroy
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void VFY_DestroyContext(VFYContext *cx, PRBool freeit);
-
-extern SECStatus VFY_Begin(VFYContext *cx);
-
-/*
-** Update a verification context with more input data. The input data
-** is fed to a secure hash function (depending on what was in the
-** encrypted signature data).
-** "cx" the context
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus VFY_Update(VFYContext *cx, unsigned char *input,
- unsigned int inputLen);
-
-/*
-** Finish the verification process. The return value is a status which
-** indicates success or failure. On success, the SECSuccess value is
-** returned. Otherwise, SECFailure is returned and the error code found
-** using PORT_GetError() indicates what failure occurred.
-** "cx" the context
-*/
-extern SECStatus VFY_End(VFYContext *cx);
-
-/*
-** Verify the signature on a block of data for which we already have
-** the digest. The signature data is an RSA private key encrypted
-** block of data formatted according to PKCS#1.
-** "dig" the digest
-** "key" the public key to check the signature with
-** "sig" the encrypted signature data
-** "algid" specifies the signing algorithm to use. This must match
-** the key type.
-**/
-extern SECStatus VFY_VerifyDigest(SECItem *dig, SECKEYPublicKey *key,
- SECItem *sig, SECOidTag algid, void *wincx);
-
-/*
-** Verify the signature on a block of data. The signature data is an RSA
-** private key encrypted block of data formatted according to PKCS#1.
-** "buf" the input data
-** "len" the length of the input data
-** "key" the public key to check the signature with
-** "sig" the encrypted signature data
-** "algid" specifies the signing algorithm to use. This must match
-** the key type.
-*/
-extern SECStatus VFY_VerifyData(unsigned char *buf, int len,
- SECKEYPublicKey *key, SECItem *sig,
- SECOidTag algid, void *wincx);
-
-
-SEC_END_PROTOS
-
-#endif /* _CRYPTOHI_H_ */
diff --git a/security/nss/lib/cryptohi/cryptoht.h b/security/nss/lib/cryptohi/cryptoht.h
deleted file mode 100644
index 3116db279..000000000
--- a/security/nss/lib/cryptohi/cryptoht.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * cryptoht.h - public data structures for the crypto library
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef _CRYPTOHT_H_
-#define _CRYPTOHT_H_
-
-typedef struct SGNContextStr SGNContext;
-typedef struct VFYContextStr VFYContext;
-
-
-#endif /* _CRYPTOHT_H_ */
diff --git a/security/nss/lib/cryptohi/dsautil.c b/security/nss/lib/cryptohi/dsautil.c
deleted file mode 100644
index ed6f9cec8..000000000
--- a/security/nss/lib/cryptohi/dsautil.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "secasn1.h"
-#include "secitem.h"
-#include "prerr.h"
-
-#ifndef DSA_SUBPRIME_LEN
-#define DSA_SUBPRIME_LEN 20 /* bytes */
-#endif
-
-typedef struct {
- SECItem r;
- SECItem s;
-} DSA_ASN1Signature;
-
-const SEC_ASN1Template DSA_SignatureTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(DSA_ASN1Signature) },
- { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature,r) },
- { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature,s) },
- { 0, }
-};
-
-/* Input is variable length multi-byte integer, MSB first (big endian).
-** Most signficant bit of first byte is NOT treated as a sign bit.
-** May be one or more leading bytes of zeros.
-** Output is variable length multi-byte integer, MSB first (big endian).
-** Most significant bit of first byte will be zero (positive sign bit)
-** No more than one leading zero byte.
-** Caller supplies dest buffer, and assures that it is long enough,
-** e.g. at least one byte longer that src's buffer.
-*/
-void
-DSAU_ConvertUnsignedToSigned(SECItem *dest, SECItem *src)
-{
- unsigned char *pSrc = src->data;
- unsigned char *pDst = dest->data;
- unsigned int cntSrc = src->len;
- unsigned int cntDst = dest->len;
- unsigned char c;
-
- /* skip any leading zeros. */
- while (cntSrc && !(c = *pSrc)) {
- pSrc++;
- cntSrc--;
- }
- if (!cntSrc) {
- *pDst = 0;
- dest->len = 1;
- return;
- }
-
- if (c & 0x80)
- *pDst++ = 0;
-
- PORT_Memcpy(pDst, pSrc, cntSrc);
- dest->len = (pDst - dest->data) + cntSrc;
-}
-
-/*
-** src is a buffer holding a signed variable length integer.
-** dest is a buffer which will be filled with an unsigned integer,
-** MSB first (big endian) with leading zeros, so that the last byte
-** of src will be the LSB of the integer. The result will be exactly
-** the length specified by the caller in dest->len.
-** src can be shorter than dest. src can be longer than dst, but only
-** if the extra leading bytes are zeros.
-*/
-SECStatus
-DSAU_ConvertSignedToFixedUnsigned(SECItem *dest, SECItem *src)
-{
- unsigned char *pSrc = src->data;
- unsigned char *pDst = dest->data;
- unsigned int cntSrc = src->len;
- unsigned int cntDst = dest->len;
- int zCount = cntDst - cntSrc;
-
- if (zCount > 0) {
- PORT_Memset(pDst, 0, zCount);
- PORT_Memcpy(pDst + zCount, pSrc, cntSrc);
- return SECSuccess;
- }
- if (zCount <= 0) {
- /* Source is longer than destination. Check for leading zeros. */
- while (zCount++ < 0) {
- if (*pSrc++ != 0)
- goto loser;
- }
- }
- PORT_Memcpy(pDst, pSrc, cntDst);
- return SECSuccess;
-
-loser:
- PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
- return SECFailure;
-}
-
-/* src is a "raw" DSA signature, 20 bytes of r followed by 20 bytes of s.
-** dest is the signature DER encoded. ?
-*/
-SECStatus
-DSAU_EncodeDerSig(SECItem *dest, SECItem *src)
-{
- SECItem * item;
- SECItem srcItem;
- DSA_ASN1Signature sig;
- unsigned char signedR[DSA_SUBPRIME_LEN + 1];
- unsigned char signedS[DSA_SUBPRIME_LEN + 1];
-
- PORT_Memset(&sig, 0, sizeof(sig));
-
- PORT_Assert(src->len == 2 * DSA_SUBPRIME_LEN);
- if (src->len != 2 * DSA_SUBPRIME_LEN) {
- PORT_SetError( PR_INVALID_ARGUMENT_ERROR );
- return SECFailure;
- }
-
- /* Must convert r and s from "unsigned" integers to "signed" integers.
- ** If the high order bit of the first byte (MSB) is 1, then must
- ** prepend with leading zero.
- ** Must remove all but one leading zero byte from numbers.
- */
- sig.r.data = signedR;
- sig.r.len = sizeof signedR;
- sig.s.data = signedS;
- sig.s.len = sizeof signedR;
-
- srcItem.data = src->data;
- srcItem.len = DSA_SUBPRIME_LEN;
-
- DSAU_ConvertUnsignedToSigned(&sig.r, &srcItem);
- srcItem.data += DSA_SUBPRIME_LEN;
- DSAU_ConvertUnsignedToSigned(&sig.s, &srcItem);
-
- item = SEC_ASN1EncodeItem(NULL, dest, &sig, DSA_SignatureTemplate);
- if (item == NULL)
- return SECFailure;
-
- /* XXX leak item? */
- return SECSuccess;
-}
-
-/* src is a DER-encoded DSA signature.
-** Returns a newly-allocated SECItem structure, pointing at a newly allocated
-** buffer containing the "raw" DSA signature, which is 20 bytes of r,
-** followed by 20 bytes of s.
-*/
-SECItem *
-DSAU_DecodeDerSig(SECItem *item)
-{
- SECItem * result = NULL;
- SECStatus status;
- DSA_ASN1Signature sig;
- SECItem dst;
-
- PORT_Memset(&sig, 0, sizeof(sig));
-
- result = PORT_ZNew(SECItem);
- if (result == NULL)
- goto loser;
-
- result->len = 2 * DSA_SUBPRIME_LEN;
- result->data = (unsigned char*)PORT_Alloc(2 * DSA_SUBPRIME_LEN);
- if (result->data == NULL)
- goto loser;
-
- status = SEC_ASN1DecodeItem(NULL, &sig, DSA_SignatureTemplate, item);
- if (status != SECSuccess)
- goto loser;
-
- /* Convert sig.r and sig.s from variable length signed integers to
- ** fixed length unsigned integers.
- */
- dst.data = result->data;
- dst.len = DSA_SUBPRIME_LEN;
- status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.r);
- if (status != SECSuccess)
- goto loser;
-
- dst.data += DSA_SUBPRIME_LEN;
- status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.s);
- if (status != SECSuccess)
- goto loser;
-
-done:
- if (sig.r.data != NULL)
- PORT_Free(sig.r.data);
- if (sig.s.data != NULL)
- PORT_Free(sig.s.data);
-
- return result;
-
-loser:
- if (result != NULL) {
- SECITEM_FreeItem(result, PR_TRUE);
- result = NULL;
- }
- goto done;
-}
diff --git a/security/nss/lib/cryptohi/hasht.h b/security/nss/lib/cryptohi/hasht.h
deleted file mode 100644
index 697520015..000000000
--- a/security/nss/lib/cryptohi/hasht.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * hasht.h - public data structures for the hashing library
- *
- * $Id$
- */
-
-#ifndef _HASHT_H_
-#define _HASHT_H_
-
-/* Opaque objects */
-typedef struct SECHashObjectStr SECHashObject;
-typedef struct HASHContextStr HASHContext;
-
-/*
- * The hash functions the security library supports
- * NOTE the order must match the definition of SECHashObjects[]!
- */
-typedef enum {
- HASH_AlgNULL,
- HASH_AlgMD2,
- HASH_AlgMD5,
- HASH_AlgSHA1,
- HASH_AlgTOTAL
-} HASH_HashType;
-
-/*
- * Number of bytes each hash algorithm produces
- */
-#define MD2_LENGTH 16
-#define MD5_LENGTH 16
-#define SHA1_LENGTH 20
-
-/*
- * Structure to hold hash computation info and routines
- */
-struct SECHashObjectStr {
- unsigned int length;
- void * (*create)(void);
- void * (*clone)(void *);
- void (*destroy)(void *, PRBool);
- void (*begin)(void *);
- void (*update)(void *, const unsigned char *, unsigned int);
- void (*end)(void *, unsigned char *, unsigned int *, unsigned int);
-};
-
-struct HASHContextStr {
- struct SECHashObjectStr *hashobj;
- void *hash_context;
-};
-
-extern SECHashObject SECHashObjects[];
-
-/*only those functions below the PKCS #11 line should use SECRawHashObjects*/
-extern SECHashObject SECRawHashObjects[];
-
-#endif /* _HASHT_H_ */
diff --git a/security/nss/lib/cryptohi/key.h b/security/nss/lib/cryptohi/key.h
deleted file mode 100644
index 7e68cdb58..000000000
--- a/security/nss/lib/cryptohi/key.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * key.h - public data structures and prototypes for the private key library
- *
- * $Id$
- */
-
-#ifndef _KEY_H_
-#define _KEY_H_
-
-#include "keyhi.h"
-#include "keylow.h"
-
-#endif /* _KEY_H_ */
diff --git a/security/nss/lib/cryptohi/keyhi.h b/security/nss/lib/cryptohi/keyhi.h
deleted file mode 100644
index 6c1a70546..000000000
--- a/security/nss/lib/cryptohi/keyhi.h
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * key.h - public data structures and prototypes for the private key library
- *
- * $Id$
- */
-
-#ifndef _KEYHI_H_
-#define _KEYHI_H_
-
-#include "plarena.h"
-
-#include "seccomon.h"
-#include "secoidt.h"
-#include "secdert.h"
-#include "keythi.h"
-#include "certt.h"
-#include "secpkcs5.h"
-
-SEC_BEGIN_PROTOS
-
-
-/*
-** Destroy a subject-public-key-info object.
-*/
-extern void SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki);
-
-/*
-** Copy subject-public-key-info "src" to "dst". "dst" is filled in
-** appropriately (memory is allocated for each of the sub objects).
-*/
-extern SECStatus SECKEY_CopySubjectPublicKeyInfo(PRArenaPool *arena,
- CERTSubjectPublicKeyInfo *dst,
- CERTSubjectPublicKeyInfo *src);
-
-/*
-** Update the PQG parameters for a cert's public key.
-** Only done for DSA and Fortezza certs
-*/
-extern SECStatus
-SECKEY_UpdateCertPQG(CERTCertificate * subjectCert);
-
-
-/* Compare the KEA parameters of two public keys.
- * Only used by fortezza. */
-
-extern SECStatus
-SECKEY_KEAParamCompare(CERTCertificate *cert1,CERTCertificate *cert2);
-
-/*
-** Return the strength of the public key
-*/
-extern unsigned SECKEY_PublicKeyStrength(SECKEYPublicKey *pubk);
-
-
-/*
-** Make a copy of the private key "privKey"
-*/
-extern SECKEYPrivateKey *SECKEY_CopyPrivateKey(SECKEYPrivateKey *privKey);
-
-/*
-** Make a copy of the public key "pubKey"
-*/
-extern SECKEYPublicKey *SECKEY_CopyPublicKey(SECKEYPublicKey *pubKey);
-
-/*
-** Convert a private key "privateKey" into a public key
-*/
-extern SECKEYPublicKey *SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privateKey);
-
-/*
- * create a new RSA key pair. The public Key is returned...
- */
-SECKEYPrivateKey *SECKEY_CreateRSAPrivateKey(int keySizeInBits,
- SECKEYPublicKey **pubk, void *cx);
-/*
-** Create a subject-public-key-info based on a public key.
-*/
-extern CERTSubjectPublicKeyInfo *
-SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *k);
-
-/*
-** Decode a DER encoded public key into an SECKEYPublicKey structure.
-*/
-extern SECKEYPublicKey *SECKEY_DecodeDERPublicKey(SECItem *pubkder);
-
-/*
-** Convert a base64 ascii encoded DER public key to our internal format.
-*/
-extern SECKEYPublicKey *SECKEY_ConvertAndDecodePublicKey(char *pubkstr);
-
-/*
-** Convert a base64 ascii encoded DER public key and challenge to spki,
-** and verify the signature and challenge data are correct
-*/
-extern CERTSubjectPublicKeyInfo *
-SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
- void *cx);
-
-/*
-** Decode a DER encoded subject public key info into a
-** CERTSubjectPublicKeyInfo structure.
-*/
-extern CERTSubjectPublicKeyInfo *
-SECKEY_DecodeDERSubjectPublicKeyInfo(SECItem *spkider);
-
-/*
-** Convert a base64 ascii encoded DER subject public key info to our
-** internal format.
-*/
-extern CERTSubjectPublicKeyInfo *
-SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(char *spkistr);
-
-/*
-** Destroy a private key object.
-** "key" the object
-*/
-extern void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key);
-
-/*
-** Destroy a public key object.
-** "key" the object
-*/
-extern void SECKEY_DestroyPublicKey(SECKEYPublicKey *key);
-
-/* Destroy and zero out a private key info structure. for now this
- * function zero's out memory allocated in an arena for the key
- * since PORT_FreeArena does not currently do this.
- *
- * NOTE -- If a private key info is allocated in an arena, one should
- * not call this function with freeit = PR_FALSE. The function should
- * destroy the arena.
- */
-extern void
-SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, PRBool freeit);
-
-/* Destroy and zero out an encrypted private key info.
- *
- * NOTE -- If a encrypted private key info is allocated in an arena, one should
- * not call this function with freeit = PR_FALSE. The function should
- * destroy the arena.
- */
-extern void
-SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
- PRBool freeit);
-
-/* Copy private key info structure.
- * poolp is the arena into which the contents of from is to be copied.
- * NULL is a valid entry.
- * to is the destination private key info
- * from is the source private key info
- * if either from or to is NULL or an error occurs, SECFailure is
- * returned. otherwise, SECSuccess is returned.
- */
-extern SECStatus
-SECKEY_CopyPrivateKeyInfo(PRArenaPool *poolp,
- SECKEYPrivateKeyInfo *to,
- SECKEYPrivateKeyInfo *from);
-
-/* Copy encrypted private key info structure.
- * poolp is the arena into which the contents of from is to be copied.
- * NULL is a valid entry.
- * to is the destination encrypted private key info
- * from is the source encrypted private key info
- * if either from or to is NULL or an error occurs, SECFailure is
- * returned. otherwise, SECSuccess is returned.
- */
-extern SECStatus
-SECKEY_CopyEncryptedPrivateKeyInfo(PRArenaPool *poolp,
- SECKEYEncryptedPrivateKeyInfo *to,
- SECKEYEncryptedPrivateKeyInfo *from);
-/*
- * Accessor functions for key type of public and private keys.
- */
-KeyType SECKEY_GetPrivateKeyType(SECKEYPrivateKey *privKey);
-KeyType SECKEY_GetPublicKeyType(SECKEYPublicKey *pubKey);
-
-
-SEC_END_PROTOS
-
-#endif /* _KEYHI_H_ */
diff --git a/security/nss/lib/cryptohi/keyt.h b/security/nss/lib/cryptohi/keyt.h
deleted file mode 100644
index f102c8a26..000000000
--- a/security/nss/lib/cryptohi/keyt.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * keyt.h - public data structures for the private key library
- *
- * $Id$
- */
-
-#ifndef _KEYT_H_
-#define _KEYT_H_
-
-#include "keytlow.h"
-#include "keytboth.h"
-#include "keythi.h"
-#include "keydbt.h"
-
-#endif /* _KEYT_H_ */
diff --git a/security/nss/lib/cryptohi/keythi.h b/security/nss/lib/cryptohi/keythi.h
deleted file mode 100644
index ba1aec401..000000000
--- a/security/nss/lib/cryptohi/keythi.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifndef _KEYTHI_H_
-#define _KEYTHI_H_ 1
-
-#include "keytlow.h"
-#include "keytboth.h"
-#include "plarena.h"
-#include "pkcs11t.h"
-#include "secmodt.h"
-
-/*
-** A Generic public key object.
-*/
-struct SECKEYPublicKeyStr {
- PLArenaPool *arena;
- KeyType keyType;
- PK11SlotInfo *pkcs11Slot;
- CK_OBJECT_HANDLE pkcs11ID;
- union {
- RSAPublicKey rsa;
- DSAPublicKey dsa;
- DHPublicKey dh;
- KEAPublicKey kea;
- FortezzaPublicKey fortezza;
- } u;
-};
-typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
-
-/*
-** A generic key structure
-*/
-struct SECKEYPrivateKeyStr {
- PLArenaPool *arena;
- KeyType keyType;
- PK11SlotInfo *pkcs11Slot; /* pkcs11 slot this key lives in */
- CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */
- PRBool pkcs11IsTemp; /* temp pkcs11 object, delete it when done */
- void *wincx; /* context for errors and pw prompts */
-};
-typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
-
-/* Despite the name, this struct isn't used by any pkcs5 code.
-** It's used by pkcs7 and pkcs12 code.
-*/
-typedef struct {
- SECItem *pwitem;
- PK11SymKey *key;
- PK11SlotInfo *slot;
- void *wincx;
-} SEC_PKCS5KeyAndPassword;
-
-#endif /* _KEYTHI_H_ */
diff --git a/security/nss/lib/cryptohi/manifest.mn b/security/nss/lib/cryptohi/manifest.mn
deleted file mode 100644
index a4a76a7df..000000000
--- a/security/nss/lib/cryptohi/manifest.mn
+++ /dev/null
@@ -1,64 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-REQUIRES = dbm
-
-LIBRARY_NAME = cryptohi
-
-EXPORTS = \
- cryptohi.h \
- cryptoht.h \
- hasht.h \
- key.h \
- keyhi.h \
- keyt.h \
- keythi.h \
- sechash.h \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- $(NULL)
-
-LIBSRCS = \
- sechash.c \
- seckey.c \
- secsign.c \
- secvfy.c \
- dsautil.c \
- $(NULL)
-
-CSRCS = $(LIBSRCS)
-
diff --git a/security/nss/lib/cryptohi/sechash.c b/security/nss/lib/cryptohi/sechash.c
deleted file mode 100644
index 94000f543..000000000
--- a/security/nss/lib/cryptohi/sechash.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "sechash.h"
-#include "secoidt.h"
-#include "blapi.h"
-#include "pk11func.h" /* for the PK11_ calls below. */
-
-static void *
-null_hash_new_context(void)
-{
- return NULL;
-}
-
-static void *
-null_hash_clone_context(void *v)
-{
- PORT_Assert(v == NULL);
- return NULL;
-}
-
-static void
-null_hash_begin(void *v)
-{
-}
-
-static void
-null_hash_update(void *v, const unsigned char *input, unsigned int length)
-{
-}
-
-static void
-null_hash_end(void *v, unsigned char *output, unsigned int *outLen,
- unsigned int maxOut)
-{
- *outLen = 0;
-}
-
-static void
-null_hash_destroy_context(void *v, PRBool b)
-{
- PORT_Assert(v == NULL);
-}
-
-
-static void *
-md2_NewContext(void) {
- return (void *) PK11_CreateDigestContext(SEC_OID_MD2);
-}
-
-static void *
-md5_NewContext(void) {
- return (void *) PK11_CreateDigestContext(SEC_OID_MD5);
-}
-
-static void *
-sha1_NewContext(void) {
- return (void *) PK11_CreateDigestContext(SEC_OID_SHA1);
-}
-
-SECHashObject SECHashObjects[] = {
- { 0,
- (void * (*)(void)) null_hash_new_context,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) null_hash_destroy_context,
- (void (*)(void *)) null_hash_begin,
- (void (*)(void *, const unsigned char *, unsigned int)) null_hash_update,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) null_hash_end
- },
- { MD2_LENGTH,
- (void * (*)(void)) md2_NewContext,
- (void * (*)(void *)) PK11_CloneContext,
- (void (*)(void *, PRBool)) PK11_DestroyContext,
- (void (*)(void *)) PK11_DigestBegin,
- (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
- PK11_DigestFinal
- },
- { MD5_LENGTH,
- (void * (*)(void)) md5_NewContext,
- (void * (*)(void *)) PK11_CloneContext,
- (void (*)(void *, PRBool)) PK11_DestroyContext,
- (void (*)(void *)) PK11_DigestBegin,
- (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
- PK11_DigestFinal
- },
- { SHA1_LENGTH,
- (void * (*)(void)) sha1_NewContext,
- (void * (*)(void *)) PK11_CloneContext,
- (void (*)(void *, PRBool)) PK11_DestroyContext,
- (void (*)(void *)) PK11_DigestBegin,
- (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
- PK11_DigestFinal
- },
-};
-
-unsigned int
-HASH_ResultLen(HASH_HashType type)
-{
- if ( ( type < HASH_AlgNULL ) || ( type >= HASH_AlgTOTAL ) ) {
- return(0);
- }
-
- return(SECHashObjects[type].length);
-}
-
-unsigned int
-HASH_ResultLenContext(HASHContext *context)
-{
- return(context->hashobj->length);
-}
-
-
-
-SECStatus
-HASH_HashBuf(HASH_HashType type,
- unsigned char *dest,
- unsigned char *src,
- uint32 src_len)
-{
- HASHContext *cx;
- unsigned int part;
-
- if ( ( type < HASH_AlgNULL ) || ( type >= HASH_AlgTOTAL ) ) {
- return(SECFailure);
- }
-
- cx = HASH_Create(type);
- if ( cx == NULL ) {
- return(SECFailure);
- }
- HASH_Begin(cx);
- HASH_Update(cx, src, src_len);
- HASH_End(cx, dest, &part, HASH_ResultLenContext(cx));
- HASH_Destroy(cx);
-
- return(SECSuccess);
-}
-
-HASHContext *
-HASH_Create(HASH_HashType type)
-{
- void *hash_context = NULL;
- HASHContext *ret = NULL;
-
- if ( ( type < HASH_AlgNULL ) || ( type >= HASH_AlgTOTAL ) ) {
- return(NULL);
- }
-
- hash_context = (* SECHashObjects[type].create)();
- if ( hash_context == NULL ) {
- goto loser;
- }
-
- ret = (HASHContext *)PORT_Alloc(sizeof(HASHContext));
- if ( ret == NULL ) {
- goto loser;
- }
-
- ret->hash_context = hash_context;
- ret->hashobj = &SECHashObjects[type];
-
- return(ret);
-
-loser:
- if ( hash_context != NULL ) {
- (* SECHashObjects[type].destroy)(hash_context, PR_TRUE);
- }
-
- return(NULL);
-}
-
-
-HASHContext *
-HASH_Clone(HASHContext *context)
-{
- void *hash_context = NULL;
- HASHContext *ret = NULL;
-
- hash_context = (* context->hashobj->clone)(context->hash_context);
- if ( hash_context == NULL ) {
- goto loser;
- }
-
- ret = (HASHContext *)PORT_Alloc(sizeof(HASHContext));
- if ( ret == NULL ) {
- goto loser;
- }
-
- ret->hash_context = hash_context;
- ret->hashobj = context->hashobj;
-
- return(ret);
-
-loser:
- if ( hash_context != NULL ) {
- (* context->hashobj->destroy)(hash_context, PR_TRUE);
- }
-
- return(NULL);
-
-}
-
-void
-HASH_Destroy(HASHContext *context)
-{
- (* context->hashobj->destroy)(context->hash_context, PR_TRUE);
- PORT_Free(context);
- return;
-}
-
-
-void
-HASH_Begin(HASHContext *context)
-{
- (* context->hashobj->begin)(context->hash_context);
- return;
-}
-
-
-void
-HASH_Update(HASHContext *context,
- const unsigned char *src,
- unsigned int len)
-{
- (* context->hashobj->update)(context->hash_context, src, len);
- return;
-}
-
-void
-HASH_End(HASHContext *context,
- unsigned char *result,
- unsigned int *result_len,
- unsigned int max_result_len)
-{
- (* context->hashobj->end)(context->hash_context, result, result_len,
- max_result_len);
- return;
-}
-
-
-
diff --git a/security/nss/lib/cryptohi/sechash.h b/security/nss/lib/cryptohi/sechash.h
deleted file mode 100644
index 6a4fb3e40..000000000
--- a/security/nss/lib/cryptohi/sechash.h
+++ /dev/null
@@ -1,77 +0,0 @@
-#ifndef _HASH_H_
-#define _HASH_H_
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * hash.h - public data structures and prototypes for the hashing library
- *
- * $Id$
- */
-
-#include "seccomon.h"
-#include "hasht.h"
-
-SEC_BEGIN_PROTOS
-
-/*
-** Generic hash api.
-*/
-
-extern unsigned int HASH_ResultLen(HASH_HashType type);
-
-extern unsigned int HASH_ResultLenContext(HASHContext *context);
-
-extern SECStatus HASH_HashBuf(HASH_HashType type,
- unsigned char *dest,
- unsigned char *src,
- uint32 src_len);
-
-extern HASHContext * HASH_Create(HASH_HashType type);
-
-extern HASHContext * HASH_Clone(HASHContext *context);
-
-extern void HASH_Destroy(HASHContext *context);
-
-extern void HASH_Begin(HASHContext *context);
-
-extern void HASH_Update(HASHContext *context,
- const unsigned char *src,
- unsigned int len);
-
-extern void HASH_End(HASHContext *context,
- unsigned char *result,
- unsigned int *result_len,
- unsigned int max_result_len);
-
-SEC_END_PROTOS
-
-#endif /* _HASH_H_ */
diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c
deleted file mode 100644
index 8262ad159..000000000
--- a/security/nss/lib/cryptohi/seckey.c
+++ /dev/null
@@ -1,1651 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "cryptohi.h"
-#include "keyhi.h"
-#include "secrng.h"
-#include "secoid.h"
-#include "secitem.h"
-#include "secder.h"
-#include "base64.h"
-#include "secasn1.h"
-#include "cert.h"
-#include "pk11func.h"
-#include "secerr.h"
-#include "secdig.h"
-#include "prtime.h"
-
-const SEC_ASN1Template CERT_SubjectPublicKeyInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTSubjectPublicKeyInfo) },
- { SEC_ASN1_INLINE,
- offsetof(CERTSubjectPublicKeyInfo,algorithm),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_BIT_STRING,
- offsetof(CERTSubjectPublicKeyInfo,subjectPublicKey), },
- { 0, }
-};
-
-const SEC_ASN1Template CERT_PublicKeyAndChallengeTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPublicKeyAndChallenge) },
- { SEC_ASN1_ANY, offsetof(CERTPublicKeyAndChallenge,spki) },
- { SEC_ASN1_IA5_STRING, offsetof(CERTPublicKeyAndChallenge,challenge) },
- { 0 }
-};
-
-const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPublicKey) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.rsa.modulus), },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.rsa.publicExponent), },
- { 0, }
-};
-
-const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dsa.publicValue), },
- { 0, }
-};
-
-const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
- { SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
- { SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
- { SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
- { 0, }
-};
-
-const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.publicValue), },
- { 0, }
-};
-
-const SEC_ASN1Template SECKEY_DHParamKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPublicKey) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.prime), },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.base), },
- /* XXX chrisk: this needs to be expanded for decoding of j and validationParms (RFC2459 7.3.2) */
- { SEC_ASN1_SKIP_REST },
- { 0, }
-};
-
-const SEC_ASN1Template SECKEY_FortezzaParameterTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
- { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,prime), },
- { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,subPrime), },
- { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,base), },
- { 0 },
-};
-
-const SEC_ASN1Template SECKEY_FortezzaDiffParameterTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(DiffPQGParams) },
- { SEC_ASN1_INLINE, offsetof(DiffPQGParams,DiffKEAParams),
- SECKEY_FortezzaParameterTemplate},
- { SEC_ASN1_INLINE, offsetof(DiffPQGParams,DiffDSAParams),
- SECKEY_FortezzaParameterTemplate},
- { 0 },
-};
-
-const SEC_ASN1Template SECKEY_FortezzaPreParamTemplate[] = {
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 1, offsetof(PQGDualParams,CommParams),
- SECKEY_FortezzaParameterTemplate},
- { 0, }
-};
-
-const SEC_ASN1Template SECKEY_FortezzaAltPreParamTemplate[] = {
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(PQGDualParams,DiffParams),
- SECKEY_FortezzaDiffParameterTemplate},
- { 0, }
-};
-
-const SEC_ASN1Template SECKEY_KEAPublicKeyTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.kea.publicValue), },
- { 0, }
-};
-
-const SEC_ASN1Template SECKEY_KEAParamsTemplate[] = {
- { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPublicKey,u.kea.params.hash), },
- { 0, }
-};
-
-
-/*
- * NOTE: This only generates RSA Private Key's. If you need more,
- * We need to pass in some more params...
- */
-SECKEYPrivateKey *
-SECKEY_CreateRSAPrivateKey(int keySizeInBits,SECKEYPublicKey **pubk, void *cx)
-{
- SECKEYPrivateKey *privk;
- PK11SlotInfo *slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN,cx);
- PK11RSAGenParams param;
-
- param.keySizeInBits = keySizeInBits;
- param.pe = 65537L;
-
- privk = PK11_GenerateKeyPair(slot,CKM_RSA_PKCS_KEY_PAIR_GEN,&param,pubk,
- PR_FALSE, PR_TRUE, cx);
- PK11_FreeSlot(slot);
- return(privk);
-}
-
-void
-SECKEY_DestroyPrivateKey(SECKEYPrivateKey *privk)
-{
- if (privk) {
- if (privk->pkcs11Slot) {
- if (privk->pkcs11IsTemp) {
- PK11_DestroyObject(privk->pkcs11Slot,privk->pkcs11ID);
- }
- PK11_FreeSlot(privk->pkcs11Slot);
-
- }
- if (privk->arena) {
- PORT_FreeArena(privk->arena, PR_TRUE);
- }
- }
-}
-
-void
-SECKEY_DestroyPublicKey(SECKEYPublicKey *pubk)
-{
- if (pubk) {
- if (pubk->pkcs11Slot) {
- PK11_DestroyObject(pubk->pkcs11Slot,pubk->pkcs11ID);
- PK11_FreeSlot(pubk->pkcs11Slot);
- }
- if (pubk->arena) {
- PORT_FreeArena(pubk->arena, PR_FALSE);
- }
- }
-}
-
-SECStatus
-SECKEY_CopySubjectPublicKeyInfo(PRArenaPool *arena,
- CERTSubjectPublicKeyInfo *to,
- CERTSubjectPublicKeyInfo *from)
-{
- SECStatus rv;
-
- rv = SECOID_CopyAlgorithmID(arena, &to->algorithm, &from->algorithm);
- if (rv == SECSuccess)
- rv = SECITEM_CopyItem(arena, &to->subjectPublicKey, &from->subjectPublicKey);
-
- return rv;
-}
-
-SECStatus
-SECKEY_KEASetParams(KEAParams * params, SECKEYPublicKey * pubKey) {
-
- if (pubKey->keyType == fortezzaKey) {
- /* the key is a fortezza V1 public key */
-
- /* obtain hash of pubkey->u.fortezza.params.prime.data +
- pubkey->u.fortezza.params.subPrime.data +
- pubkey->u.fortezza.params.base.data */
-
- /* store hash in params->hash */
-
- } else if (pubKey->keyType == keaKey) {
-
- /* the key is a new fortezza KEA public key. */
- SECITEM_CopyItem(pubKey->arena, &params->hash,
- &pubKey->u.kea.params.hash );
-
- } else {
-
- /* the key has no KEA parameters */
- return SECFailure;
- }
-
-}
-
-
-SECStatus
-SECKEY_KEAParamCompare(CERTCertificate *cert1,CERTCertificate *cert2)
-{
-
- SECStatus rv;
- SECOidData *oid=NULL;
- CERTSubjectPublicKeyInfo * subjectSpki=NULL;
- CERTSubjectPublicKeyInfo * issuerSpki=NULL;
- CERTCertificate *issuerCert = NULL;
-
- SECKEYPublicKey *pubKey1 = 0;
- SECKEYPublicKey *pubKey2 = 0;
-
- KEAParams params1;
- KEAParams params2;
-
-
- rv = SECFailure;
-
- /* get cert1's public key */
- pubKey1 = CERT_ExtractPublicKey(cert1);
- if ( !pubKey1 ) {
- return(SECFailure);
- }
-
-
- /* get cert2's public key */
- pubKey2 = CERT_ExtractPublicKey(cert2);
- if ( !pubKey2 ) {
- return(SECFailure);
- }
-
- /* handle the case when both public keys are new
- * fortezza KEA public keys. */
-
- if ((pubKey1->keyType == keaKey) &&
- (pubKey2->keyType == keaKey) ) {
-
- rv = (SECStatus)SECITEM_CompareItem(&pubKey1->u.kea.params.hash,
- &pubKey2->u.kea.params.hash);
- goto done;
- }
-
- /* handle the case when both public keys are old fortezza
- * public keys. */
-
- if ((pubKey1->keyType == fortezzaKey) &&
- (pubKey2->keyType == fortezzaKey) ) {
-
- rv = (SECStatus)SECITEM_CompareItem(&pubKey1->u.fortezza.keaParams.prime,
- &pubKey2->u.fortezza.keaParams.prime);
-
- if (rv == SECEqual) {
- rv = (SECStatus)SECITEM_CompareItem(&pubKey1->u.fortezza.keaParams.subPrime,
- &pubKey2->u.fortezza.keaParams.subPrime);
- }
-
- if (rv == SECEqual) {
- rv = (SECStatus)SECITEM_CompareItem(&pubKey1->u.fortezza.keaParams.base,
- &pubKey2->u.fortezza.keaParams.base);
- }
-
- goto done;
- }
-
-
- /* handle the case when the public keys are a mixture of
- * old and new. */
-
- rv = SECKEY_KEASetParams(&params1, pubKey1);
- if (rv != SECSuccess) return rv;
-
- rv = SECKEY_KEASetParams(&params2, pubKey2);
- if (rv != SECSuccess) return rv;
-
- rv = (SECStatus)SECITEM_CompareItem(&params1.hash, &params2.hash);
-
-done:
- SECKEY_DestroyPublicKey(pubKey1);
- SECKEY_DestroyPublicKey(pubKey2);
-
- return rv; /* returns SECEqual if parameters are equal */
-
-}
-
-
-/* Procedure to update the pqg parameters for a cert's public key.
- * pqg parameters only need to be updated for DSA and fortezza certificates.
- * The procedure uses calls to itself recursively to update a certificate
- * issuer's pqg parameters. Some important rules are:
- * - Do nothing if the cert already has PQG parameters.
- * - If the cert does not have PQG parameters, obtain them from the issuer.
- * - A valid cert chain cannot have a DSA or Fortezza cert without
- * pqg parameters that has a parent that is not a DSA or Fortezza cert.
- * - pqg paramters are stored in two different formats: the standard
- * DER encoded format and the fortezza-only wrapped format. The params
- * should be copied from issuer to subject cert without modifying the
- * formats. The public key extraction code will deal with the different
- * formats at the time of extraction. */
-
-SECStatus
-seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count)
-{
- SECStatus rv, rvCompare;
- SECOidData *oid=NULL;
- int tag;
- CERTSubjectPublicKeyInfo * subjectSpki=NULL;
- CERTSubjectPublicKeyInfo * issuerSpki=NULL;
- CERTCertificate *issuerCert = NULL;
-
- rv = SECSuccess;
-
- /* increment cert chain length counter*/
- count++;
-
- /* check if cert chain length exceeds the maximum length*/
- if (count > CERT_MAX_CERT_CHAIN) {
- return SECFailure;
- }
-
- oid = SECOID_FindOID(&subjectCert->subjectPublicKeyInfo.algorithm.algorithm);
- if (oid != NULL) {
- tag = oid->offset;
-
- /* Check if cert has a DSA or Fortezza public key. If not, return
- * success since no PQG params need to be updated. */
-
- if ( (tag != SEC_OID_MISSI_KEA_DSS_OLD) &&
- (tag != SEC_OID_MISSI_DSS_OLD) &&
- (tag != SEC_OID_MISSI_KEA_DSS) &&
- (tag != SEC_OID_MISSI_DSS) &&
- (tag != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
- (tag != SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
- (tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) ) {
-
- return SECSuccess;
- }
- } else {
- return SECFailure; /* return failure if oid is NULL */
- }
-
- /* if cert has PQG parameters, return success */
-
- subjectSpki=&subjectCert->subjectPublicKeyInfo;
-
- if (subjectSpki->algorithm.parameters.len != 0) {
- return SECSuccess;
- }
-
- /* check if the cert is self-signed */
- rvCompare = (SECStatus)SECITEM_CompareItem(&subjectCert->derSubject,
- &subjectCert->derIssuer);
- if (rvCompare == SECEqual) {
- /* fail since cert is self-signed and has no pqg params. */
- return SECFailure;
- }
-
- /* get issuer cert */
- issuerCert = CERT_FindCertIssuer(subjectCert, PR_Now(), certUsageAnyCA);
- if ( ! issuerCert ) {
- return SECFailure;
- }
-
- /* if parent is not DSA or fortezza, return failure since
- we don't allow this case. */
-
- oid = SECOID_FindOID(&issuerCert->subjectPublicKeyInfo.algorithm.algorithm);
- if (oid != NULL) {
- tag = oid->offset;
-
- /* Check if issuer cert has a DSA or Fortezza public key. If not,
- * return failure. */
-
- if ( (tag != SEC_OID_MISSI_KEA_DSS_OLD) &&
- (tag != SEC_OID_MISSI_DSS_OLD) &&
- (tag != SEC_OID_MISSI_KEA_DSS) &&
- (tag != SEC_OID_MISSI_DSS) &&
- (tag != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
- (tag != SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
- (tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) ) {
-
- return SECFailure;
- }
- } else {
- return SECFailure; /* return failure if oid is NULL */
- }
-
-
- /* at this point the subject cert has no pqg parameters and the
- * issuer cert has a DSA or fortezza public key. Update the issuer's
- * pqg parameters with a recursive call to this same function. */
-
- rv = seckey_UpdateCertPQGChain(issuerCert, count);
- if (rv != SECSuccess) return rv;
-
- /* ensure issuer has pqg parameters */
-
- issuerSpki=&issuerCert->subjectPublicKeyInfo;
- if (issuerSpki->algorithm.parameters.len == 0) {
- rv = SECFailure;
- }
-
- /* if update was successful and pqg params present, then copy the
- * parameters to the subject cert's key. */
-
- if (rv == SECSuccess) {
- rv = SECITEM_CopyItem(subjectCert->arena,
- &subjectSpki->algorithm.parameters,
- &issuerSpki->algorithm.parameters);
- }
-
- return rv;
-
-}
-
-
-SECStatus
-SECKEY_UpdateCertPQG(CERTCertificate * subjectCert)
-{
- return(seckey_UpdateCertPQGChain(subjectCert,0));
-}
-
-
-/* Decode the PQG parameters. The params could be stored in two
- * possible formats, the old fortezza-only wrapped format or
- * the standard DER encoded format. Store the decoded parameters in an
- * old fortezza cert data structure */
-
-SECStatus
-SECKEY_FortezzaDecodePQGtoOld(PRArenaPool *arena, SECKEYPublicKey *pubk,
- SECItem *params) {
- SECStatus rv;
- PQGDualParams dual_params;
-
- if (params == NULL) return SECFailure;
-
- if (params->data == NULL) return SECFailure;
-
- /* Check if params use the standard format.
- * The value 0xa1 will appear in the first byte of the parameter data
- * if the PQG parameters are not using the standard format. This
- * code should be changed to use a better method to detect non-standard
- * parameters. */
-
- if ((params->data[0] != 0xa1) &&
- (params->data[0] != 0xa0)) {
-
- /* PQG params are in the standard format */
-
- /* Store DSA PQG parameters */
- rv = SEC_ASN1DecodeItem(arena, &pubk->u.fortezza.params,
- SECKEY_PQGParamsTemplate,
- params);
-
- if (rv == SECSuccess) {
-
- /* Copy the DSA PQG parameters to the KEA PQG parameters. */
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.prime,
- &pubk->u.fortezza.params.prime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.subPrime,
- &pubk->u.fortezza.params.subPrime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.base,
- &pubk->u.fortezza.params.base);
- if (rv != SECSuccess) return rv;
- }
-
- } else {
-
- dual_params.CommParams.prime.len = 0;
- dual_params.CommParams.subPrime.len = 0;
- dual_params.CommParams.base.len = 0;
- dual_params.DiffParams.DiffDSAParams.prime.len = 0;
- dual_params.DiffParams.DiffDSAParams.subPrime.len = 0;
- dual_params.DiffParams.DiffDSAParams.base.len = 0;
-
- /* else the old fortezza-only wrapped format is used. */
-
- if (params->data[0] == 0xa1) {
- rv = SEC_ASN1DecodeItem(arena, &dual_params,
- SECKEY_FortezzaPreParamTemplate, params);
- } else {
- rv = SEC_ASN1DecodeItem(arena, &dual_params,
- SECKEY_FortezzaAltPreParamTemplate, params);
- }
-
- if (rv < 0) return rv;
-
- if ( (dual_params.CommParams.prime.len > 0) &&
- (dual_params.CommParams.subPrime.len > 0) &&
- (dual_params.CommParams.base.len > 0) ) {
- /* copy in common params */
-
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.prime,
- &dual_params.CommParams.prime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.subPrime,
- &dual_params.CommParams.subPrime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.base,
- &dual_params.CommParams.base);
-
- /* Copy the DSA PQG parameters to the KEA PQG parameters. */
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.prime,
- &pubk->u.fortezza.params.prime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.subPrime,
- &pubk->u.fortezza.params.subPrime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.base,
- &pubk->u.fortezza.params.base);
- if (rv != SECSuccess) return rv;
-
- } else {
-
- /* else copy in different params */
-
- /* copy DSA PQG parameters */
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.prime,
- &dual_params.DiffParams.DiffDSAParams.prime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.subPrime,
- &dual_params.DiffParams.DiffDSAParams.subPrime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.params.base,
- &dual_params.DiffParams.DiffDSAParams.base);
-
- /* copy KEA PQG parameters */
-
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.prime,
- &dual_params.DiffParams.DiffKEAParams.prime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.subPrime,
- &dual_params.DiffParams.DiffKEAParams.subPrime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.keaParams.base,
- &dual_params.DiffParams.DiffKEAParams.base);
- }
-
- }
- return rv;
-}
-
-
-/* Decode the DSA PQG parameters. The params could be stored in two
- * possible formats, the old fortezza-only wrapped format or
- * the normal standard format. Store the decoded parameters in
- * a V3 certificate data structure. */
-
-SECStatus
-SECKEY_DSADecodePQG(PRArenaPool *arena, SECKEYPublicKey *pubk, SECItem *params) {
- SECStatus rv;
- PQGDualParams dual_params;
-
- if (params == NULL) return SECFailure;
-
- if (params->data == NULL) return SECFailure;
-
- /* Check if params use the standard format.
- * The value 0xa1 will appear in the first byte of the parameter data
- * if the PQG parameters are not using the standard format. This
- * code should be changed to use a better method to detect non-standard
- * parameters. */
-
- if ((params->data[0] != 0xa1) &&
- (params->data[0] != 0xa0)) {
-
- /* PQG params are in the standard format */
- rv = SEC_ASN1DecodeItem(arena, &pubk->u.dsa.params,
- SECKEY_PQGParamsTemplate,
- params);
- } else {
-
- dual_params.CommParams.prime.len = 0;
- dual_params.CommParams.subPrime.len = 0;
- dual_params.CommParams.base.len = 0;
- dual_params.DiffParams.DiffDSAParams.prime.len = 0;
- dual_params.DiffParams.DiffDSAParams.subPrime.len = 0;
- dual_params.DiffParams.DiffDSAParams.base.len = 0;
-
- /* else the old fortezza-only wrapped format is used. */
- if (params->data[0] == 0xa1) {
- rv = SEC_ASN1DecodeItem(arena, &dual_params,
- SECKEY_FortezzaPreParamTemplate, params);
- } else {
- rv = SEC_ASN1DecodeItem(arena, &dual_params,
- SECKEY_FortezzaAltPreParamTemplate, params);
- }
-
- if (rv < 0) return rv;
-
- if ( (dual_params.CommParams.prime.len > 0) &&
- (dual_params.CommParams.subPrime.len > 0) &&
- (dual_params.CommParams.base.len > 0) ) {
- /* copy in common params */
-
- rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
- &dual_params.CommParams.prime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
- &dual_params.CommParams.subPrime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
- &dual_params.CommParams.base);
-
- } else {
-
- /* else copy in different params */
-
- /* copy DSA PQG parameters */
- rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
- &dual_params.DiffParams.DiffDSAParams.prime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
- &dual_params.DiffParams.DiffDSAParams.subPrime);
- if (rv != SECSuccess) return rv;
- rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
- &dual_params.DiffParams.DiffDSAParams.base);
-
- }
- }
- return rv;
-}
-
-
-
-/* Decodes the DER encoded fortezza public key and stores the results in a
- * structure of type SECKEYPublicKey. */
-
-SECStatus
-SECKEY_FortezzaDecodeCertKey(PRArenaPool *arena, SECKEYPublicKey *pubk,
- SECItem *rawkey, SECItem *params) {
-
- unsigned char *rawptr = rawkey->data;
- unsigned char *end = rawkey->data + rawkey->len;
- unsigned char *clearptr;
-
- /* first march down and decode the raw key data */
-
- /* version */
- pubk->u.fortezza.KEAversion = *rawptr++;
- if (*rawptr++ != 0x01) {
- return SECFailure;
- }
-
- /* KMID */
- PORT_Memcpy(pubk->u.fortezza.KMID,rawptr,
- sizeof(pubk->u.fortezza.KMID));
- rawptr += sizeof(pubk->u.fortezza.KMID);
-
- /* clearance (the string up to the first byte with the hi-bit on */
- clearptr = rawptr;
- while ((rawptr < end) && (*rawptr++ & 0x80));
-
- if (rawptr >= end) { return SECFailure; }
- pubk->u.fortezza.clearance.len = rawptr - clearptr;
- pubk->u.fortezza.clearance.data =
- (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.clearance.len);
- if (pubk->u.fortezza.clearance.data == NULL) {
- return SECFailure;
- }
- PORT_Memcpy(pubk->u.fortezza.clearance.data,clearptr,
- pubk->u.fortezza.clearance.len);
-
- /* KEAPrivilege (the string up to the first byte with the hi-bit on */
- clearptr = rawptr;
- while ((rawptr < end) && (*rawptr++ & 0x80));
- if (rawptr >= end) { return SECFailure; }
- pubk->u.fortezza.KEApriviledge.len = rawptr - clearptr;
- pubk->u.fortezza.KEApriviledge.data =
- (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.KEApriviledge.len);
- if (pubk->u.fortezza.KEApriviledge.data == NULL) {
- return SECFailure;
- }
- PORT_Memcpy(pubk->u.fortezza.KEApriviledge.data,clearptr,
- pubk->u.fortezza.KEApriviledge.len);
-
-
- /* now copy the key. The next to bytes are the key length, and the
- * key follows */
- pubk->u.fortezza.KEAKey.len = (*rawptr << 8) | rawptr[1];
-
- rawptr += 2;
- if (rawptr+pubk->u.fortezza.KEAKey.len > end) { return SECFailure; }
- pubk->u.fortezza.KEAKey.data =
- (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.KEAKey.len);
- if (pubk->u.fortezza.KEAKey.data == NULL) {
- return SECFailure;
- }
- PORT_Memcpy(pubk->u.fortezza.KEAKey.data,rawptr,
- pubk->u.fortezza.KEAKey.len);
- rawptr += pubk->u.fortezza.KEAKey.len;
-
- /* shared key */
- if (rawptr >= end) {
- pubk->u.fortezza.DSSKey.len = pubk->u.fortezza.KEAKey.len;
- /* this depends on the fact that we are going to get freed with an
- * ArenaFree call. We cannot free DSSKey and KEAKey separately */
- pubk->u.fortezza.DSSKey.data=
- pubk->u.fortezza.KEAKey.data;
- pubk->u.fortezza.DSSpriviledge.len =
- pubk->u.fortezza.KEApriviledge.len;
- pubk->u.fortezza.DSSpriviledge.data =
- pubk->u.fortezza.DSSpriviledge.data;
- goto done;
- }
-
-
- /* DSS Version is next */
- pubk->u.fortezza.DSSversion = *rawptr++;
-
- if (*rawptr++ != 2) {
- return SECFailure;
- }
-
- /* DSSPrivilege (the string up to the first byte with the hi-bit on */
- clearptr = rawptr;
- while ((rawptr < end) && (*rawptr++ & 0x80));
- if (rawptr >= end) { return SECFailure; }
- pubk->u.fortezza.DSSpriviledge.len = rawptr - clearptr;
- pubk->u.fortezza.DSSpriviledge.data =
- (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.DSSpriviledge.len);
- if (pubk->u.fortezza.DSSpriviledge.data == NULL) {
- return SECFailure;
- }
- PORT_Memcpy(pubk->u.fortezza.DSSpriviledge.data,clearptr,
- pubk->u.fortezza.DSSpriviledge.len);
-
- /* finally copy the DSS key. The next to bytes are the key length,
- * and the key follows */
- pubk->u.fortezza.DSSKey.len = (*rawptr << 8) | rawptr[1];
-
- rawptr += 2;
- if (rawptr+pubk->u.fortezza.DSSKey.len > end){ return SECFailure; }
- pubk->u.fortezza.DSSKey.data =
- (unsigned char*)PORT_ArenaZAlloc(arena,pubk->u.fortezza.DSSKey.len);
- if (pubk->u.fortezza.DSSKey.data == NULL) {
- return SECFailure;
- }
- PORT_Memcpy(pubk->u.fortezza.DSSKey.data,rawptr,
- pubk->u.fortezza.DSSKey.len);
-
- /* ok, now we decode the parameters */
-done:
-
- return SECKEY_FortezzaDecodePQGtoOld(arena, pubk, params);
-}
-
-
-/* Function used to determine what kind of cert we are dealing with. */
-KeyType
-CERT_GetCertKeyType (CERTSubjectPublicKeyInfo *spki) {
- int tag;
- KeyType keyType;
-
- tag = SECOID_GetAlgorithmTag(&spki->algorithm);
- switch (tag) {
- case SEC_OID_X500_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- keyType = rsaKey;
- break;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- keyType = dsaKey;
- break;
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_DSS_OLD:
- case SEC_OID_MISSI_DSS:
- keyType = fortezzaKey;
- break;
- case SEC_OID_MISSI_KEA:
- case SEC_OID_MISSI_ALT_KEA:
- keyType = keaKey;
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY:
- keyType = dhKey;
- default:
- keyType = nullKey;
- }
- return keyType;
-}
-
-static SECKEYPublicKey *
-seckey_ExtractPublicKey(CERTSubjectPublicKeyInfo *spki)
-{
- SECKEYPublicKey *pubk;
- SECItem os;
- SECStatus rv;
- PRArenaPool *arena;
- SECOidTag tag;
-
- arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL)
- return NULL;
-
- pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
- if (pubk == NULL) {
- PORT_FreeArena (arena, PR_FALSE);
- return NULL;
- }
-
- pubk->arena = arena;
- pubk->pkcs11Slot = 0;
- pubk->pkcs11ID = CK_INVALID_KEY;
-
-
- /* Convert bit string length from bits to bytes */
- os = spki->subjectPublicKey;
- DER_ConvertBitString (&os);
-
- tag = SECOID_GetAlgorithmTag(&spki->algorithm);
- switch ( tag ) {
- case SEC_OID_X500_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- pubk->keyType = rsaKey;
- rv = SEC_ASN1DecodeItem(arena, pubk, SECKEY_RSAPublicKeyTemplate, &os);
- if (rv == SECSuccess)
- return pubk;
- break;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- pubk->keyType = dsaKey;
- rv = SEC_ASN1DecodeItem(arena, pubk, SECKEY_DSAPublicKeyTemplate, &os);
- if (rv != SECSuccess) break;
-
- rv = SECKEY_DSADecodePQG(arena, pubk,
- &spki->algorithm.parameters);
-
- if (rv == SECSuccess) return pubk;
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY:
- pubk->keyType = dhKey;
- rv = SEC_ASN1DecodeItem(arena, pubk, SECKEY_DHPublicKeyTemplate, &os);
- if (rv != SECSuccess) break;
-
- rv = SEC_ASN1DecodeItem(arena, pubk, SECKEY_DHParamKeyTemplate,
- &spki->algorithm.parameters);
-
- if (rv == SECSuccess) return pubk;
- break;
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_DSS_OLD:
- case SEC_OID_MISSI_DSS:
- pubk->keyType = fortezzaKey;
- rv = SECKEY_FortezzaDecodeCertKey(arena, pubk, &os,
- &spki->algorithm.parameters);
- if (rv == SECSuccess)
- return pubk;
- break;
-
- case SEC_OID_MISSI_KEA:
- pubk->keyType = keaKey;
-
- rv = SEC_ASN1DecodeItem(arena, pubk,
- SECKEY_KEAPublicKeyTemplate, &os);
- if (rv != SECSuccess) break;
-
-
- rv = SEC_ASN1DecodeItem(arena, pubk, SECKEY_KEAParamsTemplate,
- &spki->algorithm.parameters);
-
- if (rv == SECSuccess)
- return pubk;
-
- break;
-
- case SEC_OID_MISSI_ALT_KEA:
- pubk->keyType = keaKey;
-
- rv = SECITEM_CopyItem(arena,&pubk->u.kea.publicValue,&os);
- if (rv != SECSuccess) break;
-
- rv = SEC_ASN1DecodeItem(arena, pubk, SECKEY_KEAParamsTemplate,
- &spki->algorithm.parameters);
-
- if (rv == SECSuccess)
- return pubk;
-
- break;
-
-
- default:
- rv = SECFailure;
- break;
- }
-
- SECKEY_DestroyPublicKey (pubk);
- return NULL;
-}
-
-SECKEYPublicKey *
-CERT_ExtractPublicKey(CERTCertificate *cert)
-{
- SECStatus rv;
-
- rv = SECKEY_UpdateCertPQG(cert);
- if (rv != SECSuccess) return NULL;
-
- return seckey_ExtractPublicKey(&cert->subjectPublicKeyInfo);
-}
-
-/*
- * Get the public key for the fortezza KMID. NOTE this requires the
- * PQG paramters to be set. We probably should have a fortezza call that
- * just extracts the kmid for us directly so this function can work
- * without having the whole cert chain
- */
-SECKEYPublicKey *
-CERT_KMIDPublicKey(CERTCertificate *cert)
-{
- return seckey_ExtractPublicKey(&cert->subjectPublicKeyInfo);
-}
-
-/* returns key strength in bytes (not bits) */
-unsigned
-SECKEY_PublicKeyStrength(SECKEYPublicKey *pubk)
-{
- unsigned char b0;
-
- /* interpret modulus length as key strength... in
- * fortezza that's the public key length */
-
- switch (pubk->keyType) {
- case rsaKey:
- b0 = pubk->u.rsa.modulus.data[0];
- return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
- case dsaKey:
- b0 = pubk->u.dsa.publicValue.data[0];
- return b0 ? pubk->u.dsa.publicValue.len :
- pubk->u.dsa.publicValue.len - 1;
- case dhKey:
- b0 = pubk->u.dh.publicValue.data[0];
- return b0 ? pubk->u.dh.publicValue.len :
- pubk->u.dh.publicValue.len - 1;
- case fortezzaKey:
- return PR_MAX(pubk->u.fortezza.KEAKey.len, pubk->u.fortezza.DSSKey.len);
- default:
- break;
- }
- return 0;
-}
-
-SECKEYPrivateKey *
-SECKEY_CopyPrivateKey(SECKEYPrivateKey *privk)
-{
- SECKEYPrivateKey *copyk;
- PRArenaPool *arena;
-
- if (privk == NULL) {
- return NULL;
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- copyk = (SECKEYPrivateKey *) PORT_ArenaZAlloc (arena, sizeof (SECKEYPrivateKey));
- if (copyk) {
- copyk->arena = arena;
- copyk->keyType = privk->keyType;
-
- /* copy the PKCS #11 parameters */
- copyk->pkcs11Slot = PK11_ReferenceSlot(privk->pkcs11Slot);
- /* if the key we're referencing was a temparary key we have just
- * created, that we want to go away when we're through, we need
- * to make a copy of it */
- if (privk->pkcs11IsTemp) {
- copyk->pkcs11ID =
- PK11_CopyKey(privk->pkcs11Slot,privk->pkcs11ID);
- if (copyk->pkcs11ID == CK_INVALID_KEY) goto fail;
- } else {
- copyk->pkcs11ID = privk->pkcs11ID;
- }
- copyk->pkcs11IsTemp = privk->pkcs11IsTemp;
- copyk->wincx = privk->wincx;
- return copyk;
- } else {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- }
-
-fail:
- PORT_FreeArena (arena, PR_FALSE);
- return NULL;
-}
-
-SECKEYPublicKey *
-SECKEY_CopyPublicKey(SECKEYPublicKey *pubk)
-{
- SECKEYPublicKey *copyk;
- PRArenaPool *arena;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- copyk = (SECKEYPublicKey *) PORT_ArenaZAlloc (arena, sizeof (SECKEYPublicKey));
- if (copyk != NULL) {
- SECStatus rv = SECSuccess;
-
- copyk->arena = arena;
- copyk->keyType = pubk->keyType;
- copyk->pkcs11Slot = NULL; /* go get own reference */
- copyk->pkcs11ID = CK_INVALID_KEY;
- switch (pubk->keyType) {
- case rsaKey:
- rv = SECITEM_CopyItem(arena, &copyk->u.rsa.modulus,
- &pubk->u.rsa.modulus);
- if (rv == SECSuccess) {
- rv = SECITEM_CopyItem (arena, &copyk->u.rsa.publicExponent,
- &pubk->u.rsa.publicExponent);
- if (rv == SECSuccess)
- return copyk;
- }
- break;
- case dsaKey:
- rv = SECITEM_CopyItem(arena, &copyk->u.dsa.publicValue,
- &pubk->u.dsa.publicValue);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.prime,
- &pubk->u.dsa.params.prime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.subPrime,
- &pubk->u.dsa.params.subPrime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.base,
- &pubk->u.dsa.params.base);
- break;
- case keaKey:
- rv = SECITEM_CopyItem(arena, &copyk->u.kea.publicValue,
- &pubk->u.kea.publicValue);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.kea.params.hash,
- &pubk->u.kea.params.hash);
- break;
- case fortezzaKey:
- copyk->u.fortezza.KEAversion = pubk->u.fortezza.KEAversion;
- copyk->u.fortezza.DSSversion = pubk->u.fortezza.DSSversion;
- PORT_Memcpy(copyk->u.fortezza.KMID, pubk->u.fortezza.KMID,
- sizeof(pubk->u.fortezza.KMID));
- rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.clearance,
- &pubk->u.fortezza.clearance);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.KEApriviledge,
- &pubk->u.fortezza.KEApriviledge);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.DSSpriviledge,
- &pubk->u.fortezza.DSSpriviledge);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.KEAKey,
- &pubk->u.fortezza.KEAKey);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.DSSKey,
- &pubk->u.fortezza.DSSKey);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.params.prime,
- &pubk->u.fortezza.params.prime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.params.subPrime,
- &pubk->u.fortezza.params.subPrime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.params.base,
- &pubk->u.fortezza.params.base);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.keaParams.prime,
- &pubk->u.fortezza.keaParams.prime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.keaParams.subPrime,
- &pubk->u.fortezza.keaParams.subPrime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.fortezza.keaParams.base,
- &pubk->u.fortezza.keaParams.base);
- break;
- case dhKey:
- rv = SECITEM_CopyItem(arena,&copyk->u.dh.prime,&pubk->u.dh.prime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena,&copyk->u.dh.base,&pubk->u.dh.base);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &copyk->u.dh.publicValue,
- &pubk->u.dh.publicValue);
- break;
- case nullKey:
- return copyk;
- default:
- rv = SECFailure;
- break;
- }
- if (rv == SECSuccess)
- return copyk;
-
- SECKEY_DestroyPublicKey (copyk);
- } else {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- }
-
- PORT_FreeArena (arena, PR_FALSE);
- return NULL;
-}
-
-
-SECKEYPublicKey *
-SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
-{
- SECKEYPublicKey *pubk;
- PRArenaPool *arena;
- CERTCertificate *cert;
- SECStatus rv;
-
- /*
- * First try to look up the cert.
- */
- cert = PK11_GetCertFromPrivateKey(privk);
- if (cert) {
- pubk = CERT_ExtractPublicKey(cert);
- CERT_DestroyCertificate(cert);
- return pubk;
- }
-
- /* couldn't find the cert, build pub key by hand */
- arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
- }
- pubk = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena,
- sizeof (SECKEYPublicKey));
- if (pubk == NULL) {
- PORT_FreeArena(arena,PR_FALSE);
- return NULL;
- }
- pubk->keyType = privk->keyType;
- pubk->pkcs11Slot = NULL;
- pubk->pkcs11ID = CK_INVALID_KEY;
- pubk->arena = arena;
-
- /*
- * fortezza is at the head of this switch, since we don't want to
- * allocate an arena... CERT_ExtractPublicKey will to that for us.
- */
- switch(privk->keyType) {
- case fortezzaKey:
- case nullKey:
- case dhKey:
- case dsaKey:
- /* Nothing to query, if the cert isn't there, we're done -- no way
- * to get the public key */
- break;
- case rsaKey:
- rv = PK11_ReadAttribute(privk->pkcs11Slot,privk->pkcs11ID,
- CKA_MODULUS,arena,&pubk->u.rsa.modulus);
- if (rv != SECSuccess) break;
- rv = PK11_ReadAttribute(privk->pkcs11Slot,privk->pkcs11ID,
- CKA_PUBLIC_EXPONENT,arena,&pubk->u.rsa.publicExponent);
- if (rv != SECSuccess) break;
- return pubk;
- break;
- default:
- break;
- }
-
- PORT_FreeArena (arena, PR_FALSE);
- return NULL;
-}
-
-CERTSubjectPublicKeyInfo *
-SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *pubk)
-{
- CERTSubjectPublicKeyInfo *spki;
- PRArenaPool *arena;
- SECItem params = { siBuffer, NULL, 0 };
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- spki = (CERTSubjectPublicKeyInfo *) PORT_ArenaZAlloc(arena, sizeof (*spki));
- if (spki != NULL) {
- SECStatus rv;
- SECItem *rv_item;
-
- spki->arena = arena;
- switch(pubk->keyType) {
- case rsaKey:
- rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
- SEC_OID_PKCS1_RSA_ENCRYPTION, 0);
- if (rv == SECSuccess) {
- /*
- * DER encode the public key into the subjectPublicKeyInfo.
- */
- rv_item = SEC_ASN1EncodeItem(arena, &spki->subjectPublicKey,
- pubk, SECKEY_RSAPublicKeyTemplate);
- if (rv_item != NULL) {
- /*
- * The stored value is supposed to be a BIT_STRING,
- * so convert the length.
- */
- spki->subjectPublicKey.len <<= 3;
- /*
- * We got a good one; return it.
- */
- return spki;
- }
- }
- break;
- case dsaKey:
- /* DER encode the params. */
- rv_item = SEC_ASN1EncodeItem(arena, &params, &pubk->u.dsa.params,
- SECKEY_PQGParamsTemplate);
- if (rv_item != NULL) {
- rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
- SEC_OID_ANSIX9_DSA_SIGNATURE,
- &params);
- if (rv == SECSuccess) {
- /*
- * DER encode the public key into the subjectPublicKeyInfo.
- */
- rv_item = SEC_ASN1EncodeItem(arena, &spki->subjectPublicKey,
- pubk,
- SECKEY_DSAPublicKeyTemplate);
- if (rv_item != NULL) {
- /*
- * The stored value is supposed to be a BIT_STRING,
- * so convert the length.
- */
- spki->subjectPublicKey.len <<= 3;
- /*
- * We got a good one; return it.
- */
- return spki;
- }
- }
- }
- SECITEM_FreeItem(&params, PR_FALSE);
- break;
- case keaKey:
- case dhKey: /* later... */
-
- break;
- case fortezzaKey:
-#ifdef notdef
- /* encode the DSS parameters (PQG) */
- rv = FortezzaBuildParams(&params,pubk);
- if (rv != SECSuccess) break;
-
- /* set the algorithm */
- rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
- SEC_OID_MISSI_KEA_DSS, &params);
- PORT_Free(params.data);
- if (rv == SECSuccess) {
- /*
- * Encode the public key into the subjectPublicKeyInfo.
- * Fortezza key material is not standard DER
- */
- rv = FortezzaEncodeCertKey(arena,&spki->subjectPublicKey,pubk);
- if (rv == SECSuccess) {
- /*
- * The stored value is supposed to be a BIT_STRING,
- * so convert the length.
- */
- spki->subjectPublicKey.len <<= 3;
-
- /*
- * We got a good one; return it.
- */
- return spki;
- }
- }
-#endif
- break;
- default:
- break;
- }
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
-
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
-}
-
-void
-SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki)
-{
- if (spki && spki->arena) {
- PORT_FreeArena(spki->arena, PR_FALSE);
- }
-}
-
-/*
- * this only works for RSA keys... need to do something
- * similiar to CERT_ExtractPublicKey for other key times.
- */
-SECKEYPublicKey *
-SECKEY_DecodeDERPublicKey(SECItem *pubkder)
-{
- PRArenaPool *arena;
- SECKEYPublicKey *pubk;
- SECStatus rv;
-
- arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc (arena, sizeof (SECKEYPublicKey));
- if (pubk != NULL) {
- pubk->arena = arena;
- pubk->pkcs11Slot = NULL;
- pubk->pkcs11ID = 0;
- rv = SEC_ASN1DecodeItem(arena, pubk, SECKEY_RSAPublicKeyTemplate,
- pubkder);
- if (rv == SECSuccess)
- return pubk;
- SECKEY_DestroyPublicKey (pubk);
- } else {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- }
-
- PORT_FreeArena (arena, PR_FALSE);
- return NULL;
-}
-
-/*
- * Decode a base64 ascii encoded DER encoded public key.
- */
-SECKEYPublicKey *
-SECKEY_ConvertAndDecodePublicKey(char *pubkstr)
-{
- SECKEYPublicKey *pubk;
- SECStatus rv;
- SECItem der;
-
- rv = ATOB_ConvertAsciiToItem (&der, pubkstr);
- if (rv != SECSuccess)
- return NULL;
-
- pubk = SECKEY_DecodeDERPublicKey (&der);
-
- PORT_Free (der.data);
- return pubk;
-}
-
-CERTSubjectPublicKeyInfo *
-SECKEY_DecodeDERSubjectPublicKeyInfo(SECItem *spkider)
-{
- PRArenaPool *arena;
- CERTSubjectPublicKeyInfo *spki;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- spki = (CERTSubjectPublicKeyInfo *)
- PORT_ArenaZAlloc(arena, sizeof (CERTSubjectPublicKeyInfo));
- if (spki != NULL) {
- spki->arena = arena;
- rv = SEC_ASN1DecodeItem(arena,spki,
- CERT_SubjectPublicKeyInfoTemplate,spkider);
- if (rv == SECSuccess)
- return spki;
- SECKEY_DestroySubjectPublicKeyInfo(spki);
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
-
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
-}
-
-/*
- * Decode a base64 ascii encoded DER encoded subject public key info.
- */
-CERTSubjectPublicKeyInfo *
-SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(char *spkistr)
-{
- CERTSubjectPublicKeyInfo *spki;
- SECStatus rv;
- SECItem der;
-
- rv = ATOB_ConvertAsciiToItem(&der, spkistr);
- if (rv != SECSuccess)
- return NULL;
-
- spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&der);
-
- PORT_Free(der.data);
- return spki;
-}
-
-/*
- * Decode a base64 ascii encoded DER encoded public key and challenge
- * Verify digital signature and make sure challenge matches
- */
-CERTSubjectPublicKeyInfo *
-SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
- void *wincx)
-{
- CERTSubjectPublicKeyInfo *spki = NULL;
- CERTPublicKeyAndChallenge pkac;
- SECStatus rv;
- SECItem signedItem;
- PRArenaPool *arena = NULL;
- CERTSignedData sd;
- SECItem sig;
- SECKEYPublicKey *pubKey = NULL;
- int len;
-
- signedItem.data = NULL;
-
- /* convert the base64 encoded data to binary */
- rv = ATOB_ConvertAsciiToItem(&signedItem, pkacstr);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- /* create an arena */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- goto loser;
- }
-
- /* decode the outer wrapping of signed data */
- PORT_Memset(&sd, 0, sizeof(CERTSignedData));
- rv = SEC_ASN1DecodeItem(arena, &sd, CERT_SignedDataTemplate, &signedItem );
- if ( rv ) {
- goto loser;
- }
-
- /* decode the public key and challenge wrapper */
- PORT_Memset(&pkac, 0, sizeof(CERTPublicKeyAndChallenge));
- rv = SEC_ASN1DecodeItem(arena, &pkac, CERT_PublicKeyAndChallengeTemplate,
- &sd.data);
- if ( rv ) {
- goto loser;
- }
-
- /* decode the subject public key info */
- spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&pkac.spki);
- if ( spki == NULL ) {
- goto loser;
- }
-
- /* get the public key */
- pubKey = seckey_ExtractPublicKey(spki);
- if ( pubKey == NULL ) {
- goto loser;
- }
-
- /* check the signature */
- sig = sd.signature;
- DER_ConvertBitString(&sig);
- rv = VFY_VerifyData(sd.data.data, sd.data.len, pubKey, &sig,
- SECOID_GetAlgorithmTag(&(sd.signatureAlgorithm)), wincx);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* check the challenge */
- if ( challenge ) {
- len = PORT_Strlen(challenge);
- /* length is right */
- if ( len != pkac.challenge.len ) {
- goto loser;
- }
- /* actual data is right */
- if ( PORT_Memcmp(challenge, pkac.challenge.data, len) != 0 ) {
- goto loser;
- }
- }
- goto done;
-
-loser:
- /* make sure that we return null if we got an error */
- if ( spki ) {
- SECKEY_DestroySubjectPublicKeyInfo(spki);
- }
- spki = NULL;
-
-done:
- if ( signedItem.data ) {
- PORT_Free(signedItem.data);
- }
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- if ( pubKey ) {
- SECKEY_DestroyPublicKey(pubKey);
- }
-
- return spki;
-}
-
-void
-SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk,
- PRBool freeit)
-{
- PRArenaPool *poolp;
-
- if(pvk != NULL) {
- if(pvk->arena) {
- poolp = pvk->arena;
- /* zero structure since PORT_FreeArena does not support
- * this yet.
- */
- PORT_Memset(pvk->privateKey.data, 0, pvk->privateKey.len);
- PORT_Memset((char *)pvk, 0, sizeof(*pvk));
- if(freeit == PR_TRUE) {
- PORT_FreeArena(poolp, PR_TRUE);
- } else {
- pvk->arena = poolp;
- }
- } else {
- SECITEM_ZfreeItem(&pvk->version, PR_FALSE);
- SECITEM_ZfreeItem(&pvk->privateKey, PR_FALSE);
- SECOID_DestroyAlgorithmID(&pvk->algorithm, PR_FALSE);
- PORT_Memset((char *)pvk, 0, sizeof(pvk));
- if(freeit == PR_TRUE) {
- PORT_Free(pvk);
- }
- }
- }
-}
-
-void
-SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
- PRBool freeit)
-{
- PRArenaPool *poolp;
-
- if(epki != NULL) {
- if(epki->arena) {
- poolp = epki->arena;
- /* zero structure since PORT_FreeArena does not support
- * this yet.
- */
- PORT_Memset(epki->encryptedData.data, 0, epki->encryptedData.len);
- PORT_Memset((char *)epki, 0, sizeof(*epki));
- if(freeit == PR_TRUE) {
- PORT_FreeArena(poolp, PR_TRUE);
- } else {
- epki->arena = poolp;
- }
- } else {
- SECITEM_ZfreeItem(&epki->encryptedData, PR_FALSE);
- SECOID_DestroyAlgorithmID(&epki->algorithm, PR_FALSE);
- PORT_Memset((char *)epki, 0, sizeof(epki));
- if(freeit == PR_TRUE) {
- PORT_Free(epki);
- }
- }
- }
-}
-
-SECStatus
-SECKEY_CopyPrivateKeyInfo(PRArenaPool *poolp,
- SECKEYPrivateKeyInfo *to,
- SECKEYPrivateKeyInfo *from)
-{
- SECStatus rv = SECFailure;
-
- if((to == NULL) || (from == NULL)) {
- return SECFailure;
- }
-
- rv = SECOID_CopyAlgorithmID(poolp, &to->algorithm, &from->algorithm);
- if(rv != SECSuccess) {
- return SECFailure;
- }
- rv = SECITEM_CopyItem(poolp, &to->privateKey, &from->privateKey);
- if(rv != SECSuccess) {
- return SECFailure;
- }
- rv = SECITEM_CopyItem(poolp, &to->version, &from->version);
-
- return rv;
-}
-
-SECStatus
-SECKEY_CopyEncryptedPrivateKeyInfo(PRArenaPool *poolp,
- SECKEYEncryptedPrivateKeyInfo *to,
- SECKEYEncryptedPrivateKeyInfo *from)
-{
- SECStatus rv = SECFailure;
-
- if((to == NULL) || (from == NULL)) {
- return SECFailure;
- }
-
- rv = SECOID_CopyAlgorithmID(poolp, &to->algorithm, &from->algorithm);
- if(rv != SECSuccess) {
- return SECFailure;
- }
- rv = SECITEM_CopyItem(poolp, &to->encryptedData, &from->encryptedData);
-
- return rv;
-}
-
-KeyType
-SECKEY_GetPrivateKeyType(SECKEYPrivateKey *privKey)
-{
- return privKey->keyType;
-}
-
-KeyType
-SECKEY_GetPublicKeyType(SECKEYPublicKey *pubKey)
-{
- return pubKey->keyType;
-}
diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c
deleted file mode 100644
index 35af3f701..000000000
--- a/security/nss/lib/cryptohi/secsign.c
+++ /dev/null
@@ -1,497 +0,0 @@
-/*
- * Signature stuff.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include <stdio.h>
-#include "cryptohi.h"
-#include "sechash.h"
-#include "secder.h"
-#include "keyhi.h"
-#include "secoid.h"
-#include "secdig.h"
-#include "pk11func.h"
-#include "secerr.h"
-
-struct SGNContextStr {
- SECOidTag signalg;
- SECOidTag hashalg;
- void *hashcx;
- SECHashObject *hashobj;
- SECKEYPrivateKey *key;
-};
-
-SGNContext *
-SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
-{
- SGNContext *cx;
- SECOidTag hashalg, signalg;
- KeyType keyType;
-
- /* OK, map a PKCS #7 hash and encrypt algorithm into
- * a standard hashing algorithm. Why did we pass in the whole
- * PKCS #7 algTag if we were just going to change here you might
- * ask. Well the answer is for some cards we may have to do the
- * hashing on card. It may not support CKM_RSA_PKCS sign algorithm,
- * it may just support CKM_RSA_PKCS_WITH_SHA1 and/or CKM_RSA_PKCS_WITH_MD5.
- */
- switch (alg) {
- /* We probably shouldn't be generating MD2 signatures either */
- case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
- hashalg = SEC_OID_MD2;
- signalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
- keyType = rsaKey;
- break;
- case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
- hashalg = SEC_OID_MD5;
- signalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
- keyType = rsaKey;
- break;
- case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
- case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
- hashalg = SEC_OID_SHA1;
- signalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
- keyType = rsaKey;
- break;
- /* what about normal DSA? */
- case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- hashalg = SEC_OID_SHA1;
- signalg = SEC_OID_ANSIX9_DSA_SIGNATURE;
- keyType = dsaKey;
- break;
- case SEC_OID_MISSI_DSS:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_DSS_OLD:
- hashalg = SEC_OID_SHA1;
- signalg = SEC_OID_MISSI_DSS; /* XXX Is there a better algid? */
- keyType = fortezzaKey;
- break;
- /* we don't implement MD4 hashes.
- * we *CERTAINLY* don't want to sign one! */
- case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return 0;
- }
-
- /* verify our key type */
- if (key->keyType != keyType &&
- !((key->keyType == dsaKey) && (keyType == fortezzaKey)) &&
- !((key->keyType == fortezzaKey) && (keyType == dsaKey)) ) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return 0;
- }
-
- cx = (SGNContext*) PORT_ZAlloc(sizeof(SGNContext));
- if (cx) {
- cx->hashalg = hashalg;
- cx->signalg = signalg;
- cx->key = key;
- }
- return cx;
-}
-
-void
-SGN_DestroyContext(SGNContext *cx, PRBool freeit)
-{
- if (cx) {
- if (cx->hashcx != NULL) {
- (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
- cx->hashcx = NULL;
- }
- if (freeit) {
- PORT_ZFree(cx, sizeof(SGNContext));
- }
- }
-}
-
-SECStatus
-SGN_Begin(SGNContext *cx)
-{
- if (cx->hashcx != NULL) {
- (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
- cx->hashcx = NULL;
- }
-
- switch (cx->hashalg) {
- case SEC_OID_MD2:
- cx->hashobj = &SECHashObjects[HASH_AlgMD2];
- break;
- case SEC_OID_MD5:
- cx->hashobj = &SECHashObjects[HASH_AlgMD5];
- break;
- case SEC_OID_SHA1:
- cx->hashobj = &SECHashObjects[HASH_AlgSHA1];
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
-
- cx->hashcx = (*cx->hashobj->create)();
- if (cx->hashcx == NULL)
- return SECFailure;
-
- (*cx->hashobj->begin)(cx->hashcx);
- return SECSuccess;
-}
-
-SECStatus
-SGN_Update(SGNContext *cx, unsigned char *input, unsigned inputLen)
-{
- if (cx->hashcx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- (*cx->hashobj->update)(cx->hashcx, input, inputLen);
- return SECSuccess;
-}
-
-SECStatus
-SGN_End(SGNContext *cx, SECItem *result)
-{
- unsigned char digest[32];
- unsigned part1, signatureLen;
- SECStatus rv;
- SECItem digder, sigitem;
- PRArenaPool *arena = 0;
- SECKEYPrivateKey *privKey = cx->key;
- SGNDigestInfo *di = 0;
-
-
- result->data = 0;
- digder.data = 0;
-
- /* Finish up digest function */
- if (cx->hashcx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- (*cx->hashobj->end)(cx->hashcx, digest, &part1, sizeof(digest));
-
-
- if (privKey->keyType == rsaKey) {
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Construct digest info */
- di = SGN_CreateDigestInfo(cx->hashalg, digest, part1);
- if (!di) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Der encode the digest as a DigestInfo */
- rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate, di);
- if (rv != SECSuccess) {
- goto loser;
- }
- } else {
- digder.data = digest;
- digder.len = part1;
- }
-
- /*
- ** Encrypt signature after constructing appropriate PKCS#1 signature
- ** block
- */
- signatureLen = PK11_SignatureLen(privKey);
- sigitem.len = signatureLen;
- sigitem.data = (unsigned char*) PORT_Alloc(signatureLen);
-
- if (sigitem.data == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- rv = PK11_Sign(privKey, &sigitem, &digder);
- if (rv != SECSuccess) {
- PORT_Free(sigitem.data);
- sigitem.data = NULL;
- }
-
- if (cx->signalg == SEC_OID_ANSIX9_DSA_SIGNATURE) {
- rv = DSAU_EncodeDerSig(result, &sigitem);
- PORT_Free(sigitem.data);
- if (rv != SECSuccess)
- goto loser;
- } else {
- result->len = sigitem.len;
- result->data = sigitem.data;
- }
-
- loser:
- SGN_DestroyDigestInfo(di);
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return rv;
-}
-
-/************************************************************************/
-
-/*
-** Sign a block of data returning in result a bunch of bytes that are the
-** signature. Returns zero on success, an error code on failure.
-*/
-SECStatus
-SEC_SignData(SECItem *res, unsigned char *buf, int len,
- SECKEYPrivateKey *pk, SECOidTag algid)
-{
- SECStatus rv;
- SGNContext *sgn;
-
-
- sgn = SGN_NewContext(algid, pk);
-
- if (sgn == NULL)
- return SECFailure;
-
- rv = SGN_Begin(sgn);
- if (rv != SECSuccess)
- goto loser;
-
- rv = SGN_Update(sgn, buf, len);
- if (rv != SECSuccess)
- goto loser;
-
- rv = SGN_End(sgn, res);
-
- loser:
- SGN_DestroyContext(sgn, PR_TRUE);
- return rv;
-}
-
-/*
-** Sign the input file's contents returning in result a bunch of bytes
-** that are the signature. Returns zero on success, an error code on
-** failure.
-*/
-SECStatus
-SEC_SignFile(SECItem *result, FILE *input,
- SECKEYPrivateKey *pk, SECOidTag algid)
-{
- unsigned char buf[1024];
- SECStatus rv;
- int nb;
- SGNContext *sgn;
-
- sgn = SGN_NewContext(algid, pk);
- if (sgn == NULL)
- return SECFailure;
- rv = SGN_Begin(sgn);
- if (rv != SECSuccess)
- goto loser;
-
- /*
- ** Now feed the contents of the input file into the digest
- ** algorithm, one chunk at a time, until we have exhausted the
- ** input
- */
- for (;;) {
- if (feof(input)) break;
- nb = fread(buf, 1, sizeof(buf), input);
- if (nb == 0) {
- if (ferror(input)) {
- PORT_SetError(SEC_ERROR_IO);
- rv = SECFailure;
- goto loser;
- }
- break;
- }
- rv = SGN_Update(sgn, buf, nb);
- if (rv != SECSuccess)
- goto loser;
- }
-
- /* Sign the digest */
- rv = SGN_End(sgn, result);
- /* FALL THROUGH */
-
- loser:
- SGN_DestroyContext(sgn, PR_TRUE);
- return rv;
-}
-
-/************************************************************************/
-
-DERTemplate CERTSignedDataTemplate[] =
-{
- { DER_SEQUENCE,
- 0, NULL, sizeof(CERTSignedData) },
- { DER_ANY,
- offsetof(CERTSignedData,data), },
- { DER_INLINE,
- offsetof(CERTSignedData,signatureAlgorithm),
- SECAlgorithmIDTemplate, },
- { DER_BIT_STRING,
- offsetof(CERTSignedData,signature), },
- { 0, }
-};
-
-const SEC_ASN1Template CERT_SignedDataTemplate[] =
-{
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTSignedData) },
- { SEC_ASN1_ANY,
- offsetof(CERTSignedData,data), },
- { SEC_ASN1_INLINE,
- offsetof(CERTSignedData,signatureAlgorithm),
- SECOID_AlgorithmIDTemplate, },
- { SEC_ASN1_BIT_STRING,
- offsetof(CERTSignedData,signature), },
- { 0, }
-};
-
-SECStatus
-SEC_DerSignData(PRArenaPool *arena, SECItem *result,
- unsigned char *buf, int len, SECKEYPrivateKey *pk, SECOidTag algID)
-{
- SECItem it;
- CERTSignedData sd;
- SECStatus rv;
-
- it.data = 0;
-
- /* XXX We should probably have some asserts here to make sure the key type
- * and algID match
- */
-
- if (algID == SEC_OID_UNKNOWN) {
- switch(pk->keyType) {
- case rsaKey:
- algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
- break;
- case dsaKey:
- algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- break;
- default:
- return SECFailure;
- break;
- }
- }
-
- /* Sign input buffer */
- rv = SEC_SignData(&it, buf, len, pk, algID);
- if (rv) goto loser;
-
- /* Fill out SignedData object */
- PORT_Memset(&sd, 0, sizeof(sd));
- sd.data.data = buf;
- sd.data.len = len;
- sd.signature.data = it.data;
- sd.signature.len = it.len << 3; /* convert to bit string */
- rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, 0);
- if (rv) goto loser;
-
- /* DER encode the signed data object */
- rv = DER_Encode(arena, result, CERTSignedDataTemplate, &sd);
- /* FALL THROUGH */
-
- loser:
- PORT_Free(it.data);
- return rv;
-}
-
-SECStatus
-SGN_Digest(SECKEYPrivateKey *privKey,
- SECOidTag algtag, SECItem *result, SECItem *digest)
-{
- unsigned modulusLen;
- SECStatus rv;
- SECItem digder;
- PRArenaPool *arena = 0;
- SGNDigestInfo *di = 0;
-
-
- result->data = 0;
-
- if (privKey->keyType == rsaKey) {
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Construct digest info */
- di = SGN_CreateDigestInfo(algtag, digest->data, digest->len);
- if (!di) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Der encode the digest as a DigestInfo */
- rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate, di);
- if (rv != SECSuccess) {
- goto loser;
- }
- } else {
- digder.data = digest->data;
- digder.len = digest->len;
- }
-
- /*
- ** Encrypt signature after constructing appropriate PKCS#1 signature
- ** block
- */
- modulusLen = PK11_SignatureLen(privKey);
- result->len = modulusLen;
- result->data = (unsigned char*) PORT_Alloc(modulusLen);
-
- if (result->data == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- rv = PK11_Sign(privKey, result, &digder);
- if (rv != SECSuccess) {
- PORT_Free(result->data);
- result->data = NULL;
- }
-
- loser:
- SGN_DestroyDigestInfo(di);
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return rv;
-}
diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c
deleted file mode 100644
index 6c2443e30..000000000
--- a/security/nss/lib/cryptohi/secvfy.c
+++ /dev/null
@@ -1,391 +0,0 @@
-/*
- * Verification stuff.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include <stdio.h>
-#include "cryptohi.h"
-#include "sechash.h"
-#include "keyhi.h"
-#include "secasn1.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "secdig.h"
-#include "secerr.h"
-
-/*
-** Decrypt signature block using public key (in place)
-** XXX this is assuming that the signature algorithm has WITH_RSA_ENCRYPTION
-*/
-static SECStatus
-DecryptSigBlock(int *tagp, unsigned char *digest, SECKEYPublicKey *key,
- SECItem *sig, char *wincx)
-{
- SGNDigestInfo *di = NULL;
- unsigned char *dsig = NULL;
- unsigned char *buf = NULL;
- SECStatus rv;
- SECOidTag tag;
- SECItem it;
-
- if (key == NULL) goto loser;
-
- it.len = SECKEY_PublicKeyStrength(key);
- if (!it.len) goto loser;
- it.data = buf = (unsigned char *)PORT_Alloc(it.len);
- if (!buf) goto loser;
-
- /* Decrypt signature block */
- dsig = (unsigned char*) PORT_Alloc(sig->len);
- if (dsig == NULL) goto loser;
-
- /* decrypt the block */
- rv = PK11_VerifyRecover(key, sig, &it, wincx);
- if (rv != SECSuccess) goto loser;
-
- di = SGN_DecodeDigestInfo(&it);
- if (di == NULL) goto sigloser;
-
- /*
- ** Finally we have the digest info; now we can extract the algorithm
- ** ID and the signature block
- */
- tag = SECOID_GetAlgorithmTag(&di->digestAlgorithm);
- /* XXX Check that tag is an appropriate algorithm? */
- if (di->digest.len > 32) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- goto loser;
- }
- PORT_Memcpy(digest, di->digest.data, di->digest.len);
- *tagp = tag;
- goto done;
-
- sigloser:
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
-
- loser:
- rv = SECFailure;
-
- done:
- if (di != NULL) SGN_DestroyDigestInfo(di);
- if (dsig != NULL) PORT_Free(dsig);
- if (buf != NULL) PORT_Free(buf);
-
- return rv;
-}
-
-typedef enum { VFY_RSA, VFY_DSA} VerifyType;
-
-struct VFYContextStr {
- int alg;
- VerifyType type;
- SECKEYPublicKey *key;
- /* digest holds the full dsa signature... 40 bytes */
- unsigned char digest[DSA_SIGNATURE_LEN];
- void * wincx;
- void *hashcx;
- SECHashObject *hashobj;
-};
-
-VFYContext *
-VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig, SECOidTag algid,
- void *wincx)
-{
- VFYContext *cx;
- SECStatus rv;
- SECItem *dsasig = NULL;
-
- cx = (VFYContext*) PORT_ZAlloc(sizeof(VFYContext));
- if (cx) {
- cx->wincx = cx;
- switch (key->keyType) {
- case rsaKey:
- cx->type = VFY_RSA;
- cx->key = NULL; /* extra safety precautions */
- rv = DecryptSigBlock(&cx->alg, &cx->digest[0], key, sig, (char*)wincx);
- break;
- case fortezzaKey:
- case dsaKey:
- cx->type = VFY_DSA;
- cx->alg = SEC_OID_SHA1;
- cx->key = SECKEY_CopyPublicKey(key);
- /* if this is a DER encoded signature, decode it first */
- if ((algid == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) ||
- (algid == SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) ||
- (algid == SEC_OID_ANSIX9_DSA_SIGNATURE)) {
- dsasig = DSAU_DecodeDerSig(sig);
- if ((dsasig == NULL) || (dsasig->len != DSA_SIGNATURE_LEN)) {
- goto loser;
- }
- PORT_Memcpy(&cx->digest[0], dsasig->data, dsasig->len);
- } else {
- if (sig->len != DSA_SIGNATURE_LEN) {
- goto loser;
- }
- PORT_Memcpy(&cx->digest[0], sig->data, sig->len);
- }
- rv = SECSuccess;
- break;
- default:
- rv = SECFailure;
- break;
- }
- if (rv) goto loser;
- switch (cx->alg) {
- case SEC_OID_MD2:
- case SEC_OID_MD5:
- case SEC_OID_SHA1:
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- goto loser;
- }
- }
- return cx;
-
- loser:
- if (dsasig != NULL)
- SECITEM_FreeItem(dsasig, PR_TRUE);
- VFY_DestroyContext(cx, PR_TRUE);
- return 0;
-}
-
-void
-VFY_DestroyContext(VFYContext *cx, PRBool freeit)
-{
- if (cx) {
- if (cx->hashcx != NULL) {
- (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
- cx->hashcx = NULL;
- }
- if (cx->key) {
- SECKEY_DestroyPublicKey(cx->key);
- }
- if (freeit) {
- PORT_ZFree(cx, sizeof(VFYContext));
- }
- }
-}
-
-SECStatus
-VFY_Begin(VFYContext *cx)
-{
- if (cx->hashcx != NULL) {
- (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
- cx->hashcx = NULL;
- }
-
- switch (cx->alg) {
- case SEC_OID_MD2:
- cx->hashobj = &SECHashObjects[HASH_AlgMD2];
- break;
- case SEC_OID_MD5:
- cx->hashobj = &SECHashObjects[HASH_AlgMD5];
- break;
- case SEC_OID_SHA1:
- cx->hashobj = &SECHashObjects[HASH_AlgSHA1];
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
-
- cx->hashcx = (*cx->hashobj->create)();
- if (cx->hashcx == NULL)
- return SECFailure;
-
- (*cx->hashobj->begin)(cx->hashcx);
- return SECSuccess;
-}
-
-SECStatus
-VFY_Update(VFYContext *cx, unsigned char *input, unsigned inputLen)
-{
- if (cx->hashcx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- (*cx->hashobj->update)(cx->hashcx, input, inputLen);
- return SECSuccess;
-}
-
-SECStatus
-VFY_End(VFYContext *cx)
-{
- unsigned char final[32];
- unsigned part;
- SECItem hash,sig;
-
- if (cx->hashcx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- (*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final));
- switch (cx->type) {
- case VFY_DSA:
- sig.data = cx->digest;
- sig.len = DSA_SIGNATURE_LEN; /* magic size of dsa signature */
- hash.data = final;
- hash.len = part;
- if (PK11_Verify(cx->key,&sig,&hash,cx->wincx) != SECSuccess) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- return SECFailure;
- }
- break;
- case VFY_RSA:
- if (PORT_Memcmp(final, cx->digest, part)) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- return SECFailure;
- }
- break;
- default:
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- return SECFailure; /* shouldn't happen */
- }
- return SECSuccess;
-}
-
-/************************************************************************/
-/*
- * Verify that a previously-computed digest matches a signature.
- * XXX This should take a parameter that specifies the digest algorithm,
- * and we should compare that the algorithm found in the DigestInfo
- * matches it!
- */
-SECStatus
-VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig,
- SECOidTag algid, void *wincx)
-{
- SECStatus rv;
- VFYContext *cx;
- SECItem dsasig;
-
- rv = SECFailure;
-
- cx = VFY_CreateContext(key, sig, algid, wincx);
- if (cx != NULL) {
- switch (key->keyType) {
- case rsaKey:
- if (PORT_Memcmp(digest->data, cx->digest, digest->len)) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- } else {
- rv = SECSuccess;
- }
- break;
- case fortezzaKey:
- case dsaKey:
- dsasig.data = &cx->digest[0];
- dsasig.len = DSA_SIGNATURE_LEN; /* magic size of dsa signature */
- if (PK11_Verify(cx->key, &dsasig, digest, cx->wincx) != SECSuccess) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- } else {
- rv = SECSuccess;
- }
- break;
- default:
- break;
- }
- VFY_DestroyContext(cx, PR_TRUE);
- }
- return rv;
-}
-
-SECStatus
-VFY_VerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
- SECItem *sig, SECOidTag algid, void *wincx)
-{
- SECStatus rv;
- VFYContext *cx;
-
- cx = VFY_CreateContext(key, sig, algid, wincx);
- if (cx == NULL)
- return SECFailure;
-
- rv = VFY_Begin(cx);
- if (rv == SECSuccess) {
- rv = VFY_Update(cx, buf, len);
- if (rv == SECSuccess)
- rv = VFY_End(cx);
- }
-
- VFY_DestroyContext(cx, PR_TRUE);
- return rv;
-}
-
-SECStatus
-SEC_VerifyFile(FILE *input, SECKEYPublicKey *key, SECItem *sig,
- SECOidTag algid, void *wincx)
-{
- unsigned char buf[1024];
- SECStatus rv;
- int nb;
- VFYContext *cx;
-
- cx = VFY_CreateContext(key, sig, algid, wincx);
- if (cx == NULL)
- rv = SECFailure;
-
- rv = VFY_Begin(cx);
- if (rv == SECSuccess) {
- /*
- * Now feed the contents of the input file into the digest algorithm,
- * one chunk at a time, until we have exhausted the input.
- */
- for (;;) {
- if (feof(input))
- break;
- nb = fread(buf, 1, sizeof(buf), input);
- if (nb == 0) {
- if (ferror(input)) {
- PORT_SetError(SEC_ERROR_IO);
- VFY_DestroyContext(cx, PR_TRUE);
- return SECFailure;
- }
- break;
- }
- rv = VFY_Update(cx, buf, nb);
- if (rv != SECSuccess)
- goto loser;
- }
- }
-
- /* Verify the digest */
- rv = VFY_End(cx);
- /* FALL THROUGH */
-
- loser:
- VFY_DestroyContext(cx, PR_TRUE);
- return rv;
-}
diff --git a/security/nss/lib/fortcrypt/Makefile b/security/nss/lib/fortcrypt/Makefile
deleted file mode 100644
index 09b98c761..000000000
--- a/security/nss/lib/fortcrypt/Makefile
+++ /dev/null
@@ -1,164 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-include manifest.mn
-include $(CORE_DEPTH)/coreconf/config.mk
-
-CILIB = $(OBJDIR)/cilib.$(LIB_SUFFIX)
-ORIG_CILIB = libci/$(OS_CONFIG).$(LIB_SUFFIX)
-
-ifeq ($(OS_ARCH), WINNT)
-ORIG_CILIB = libci/tssp32.lib
-endif
-
-ifeq ($(OS_TARGET), WIN16)
-ORIG_CILIB = libci/tssp.lib
-endif
-
-ifeq ($(OS_TARGET), WIN95)
-ORIG_CILIB = libci/tssp32.lib
-endif
-
-ifeq ($(OS_ARCH), WINNT)
-STUBDLL = $(OBJDIR)/stub.$(DLL_SUFFIX)
-endif
-
-STUBLIB = $(OBJDIR)/stub.$(LIB_SUFFIX)
-
-ifeq ($(OS_TARGET), WIN16)
-W16LIBS += $(CILIB)
-else
-EXTRA_LIBS += $(CILIB)
-endif
-
-INST_JS = inst.js
-LIBCI_JAR = $(OBJDIR)/libfort.jar
-LIBCI_JAR_SRC = $(INST_JS) $(SHARED_LIBRARY)
-
-ifneq ($(OS_TARGET), WIN16)
-TARGETS : $(LIBCI_JAR)
-endif
-
-ifeq ($(OS_TARGET), WIN16)
-# note that rules.mk is not included below for WIN16
-all:
- @echo Skipping fortcrypt directory for 16-bit windows builds
-
-all_platforms alltags clean clobber clobber_all realclean: all
-
-boot export install libs program release: all
-
-endif
-
-$(SHARED_LIBRARY): $(CILIB) $(DIRS)
-
-$(CILIB):
- @$(MAKE_OBJDIR)
- @if test -f $(ORIG_CILIB); then \
- echo "Copying $(ORIG_CILIB) to $@"; \
- cp $(ORIG_CILIB) $@; \
- else \
- echo "Making empty stub $@"; \
- $(MAKE) $(STUBLIB); \
- fi
- @$(RANLIB) $@
-
-$(STUBLIB): $(OBJDIR)/maci$(OBJ_SUFFIX)
- @$(MAKE_OBJDIR)
-ifeq ($(OS_ARCH), WINNT)
- $(MAKE) $(STUBDLL)
-else
- $(AR) $<
-endif
- cp $@ $(CILIB)
-
-ifeq ($(OS_ARCH), WINNT)
-$(STUBDLL): $(OBJDIR)/maci.o
- $(LINK_DLL) -MAP $(DLLBASE) $(OBJDIR)/maci.o $(OS_LIBS)
-
-$(OBJDIR)/maci.o: maci.c
- $(CC) -Fo$@ -c $(CFLAGS) $<
-endif
-
-#
-# The following rules packages the shared library into a JAR,
-# ready to be signed
-#
-$(OBJDIR)/replace: replace.c
- $(CC) -o $@ $<
-
-# ZIP options:
-# -5 means medium compression
-# -q means quiet
-# -j means do not store tree structure, all files go into one dir
-#
-$(LIBCI_JAR): $(DIRS) $(LIBCI_JAR_SRC)
- @echo +++ building $@ from $(LIBCI_JAR_SRC)
- @rm -f $@
- zip -5qj $@ $(LIBCI_JAR_SRC)
-
-force:
- (cd swfort ; gmake)
-
-
-MD_FILES += $(LIBCI_JAR)
-
-# coreconf doesn't build the AIX shared library for FORTEZZA,
-# so I'm going to override their shared library command and build the shared
-# library the way config used to.
-#
-ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.1)
-DSO_LDOPTS = -bM:SRE -bh:4 -bnoentry
-EXTRA_DSO_LDOPTS = -lc
-MKSHLIB = svld $(DSO_LDOPTS)
-
-$(SHARED_LIBRARY): $(OBJS)
- @$(MAKE_OBJDIR)
- rm -f $@
- $(MKSHLIB) -o $@ $(OBJS) $(EXTRA_LIBS) $(EXTRA_DSO_LDOPTS)
- chmod +x $@
-endif
-
-ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.2)
-LD += -G
-endif
-
-
-ifneq ($(OS_TARGET), WIN16)
-include $(CORE_DEPTH)/coreconf/rules.mk
-endif
-
-export:: private_export
-
-
diff --git a/security/nss/lib/fortcrypt/config.mk b/security/nss/lib/fortcrypt/config.mk
deleted file mode 100644
index 1e8237ff2..000000000
--- a/security/nss/lib/fortcrypt/config.mk
+++ /dev/null
@@ -1,52 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-ifeq ($(OS_TARGET), WIN16)
-TARGETS = all
-else
-TARGETS = $(SHARED_LIBRARY)
-endif
-LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
-
-ifeq ($(OS_TARGET), WIN16)
-dummy:
- @echo $(TARGETS)
-endif
diff --git a/security/nss/lib/fortcrypt/cryptint.h b/security/nss/lib/fortcrypt/cryptint.h
deleted file mode 100644
index c4de00ff2..000000000
--- a/security/nss/lib/fortcrypt/cryptint.h
+++ /dev/null
@@ -1,703 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/* @(#)cryptint.h 1.26\t10 Nov 1995 */
-/*****************************************************************************
- Definitive Fortezza header file.
- Application Level Interface to Fortezza CI Library.
-
- Version for CI Library 1.52
- November 8, 1995
-
-
- NOTICE: Fortezza Export Policy
-
- The Fortezza Cryptologic Interface (CI) Library (both source and
- object) and Fortezza CI Library based applications are defense
- articles, as defined in the International Traffic In Arms
- Regulations (ITAR), and are subject to export controls under the
- ITAR and the Arms Export Control Act. Any export to any country
- of (a) the Fortezza CI Library, related documentation, and
- technical data, or (b) your cryptographic application, process,
- or service that is the direct product of, or contains the
- Fortezza CI Library must comply with the requirements of the ITAR.
- If you or your customer intends to engage in such export, contact
- the United States Department of State, Office of Defense Trade
- Controls for specific guidance.
-
-
- ****************************************************************************/
-#ifndef __CRYPTINT_H
-#define __CRYPTINT_H
-
-#if __cplusplus__ || __cplusplus
-extern "C"
-{
-#endif /* C++ */
-
-#ifndef PROTO_LIST
-#ifdef _K_AND_R_
-#define PROTO_LIST(list) ()
-#else
-#define PROTO_LIST(list) list
-#endif /*_K_AND_R_ */
-#endif /* PROTO_LIST */
-
-
-#ifndef RETURN_TYPE
-#if defined( _WIN32 ) || defined( __WIN32__ )
-#define RETURN_TYPE __declspec(dllimport) int
-#elif defined( _WINDOWS ) || defined( _Windows )
-#define RETURN_TYPE extern int _far _pascal
-#else
-#define RETURN_TYPE extern int
-#endif /* Windows */
-#endif /* RETURN_TYPE */
-
-/* MS Visual C++ defines _MSDOS and _WINDOWS */
-/* Borland C/C++ defines __MSDOS__ and _Windows */
-#if defined( _WIN32 ) || defined ( __WIN32__ )
-#define CI_FAR
-#elif defined( _WINDOWS ) || defined( _Windows )
-#define CI_FAR _far
-#else
-#define CI_FAR
-#endif /* MS DOS or Windows */
-
-
-/*****************************************************************************
- Constants
- ****************************************************************************/
-#define CI_LIB_VERSION_VAL 0x0152 /* Version 1.52 */
-
-#define CI_CERT_SIZE 2048
-#define CI_CERT_FLAGS_SIZE 16
-#define CI_CERT_NAME_SIZE 32
-#define CI_CHALLENGE_SIZE 20
-
-#define CI_G_SIZE 128
-
-#define CI_HASHVALUE_SIZE 20
-
-#define CI_IV_SIZE 24
-
-#define CI_KEY_SIZE 12
-#define CI_KS_SIZE 10
-
-#define CI_NAME_SIZE 32
-
-#define CI_PASSWORD_SIZE 24
-#define CI_PIN_SIZE 12
-#define CI_P_SIZE 128
-
-#define CI_Q_SIZE 20
-
-#define CI_R_SIZE 40
-#define CI_RANDOM_NO_SIZE 20
-#define CI_RANDOM_SEED_SIZE 8
-#define CI_RA_SIZE 128
-#define CI_RB_SIZE 128
-#define CI_REG_FLAGS_SIZE 4
-
-#define CI_S_SIZE 40
-#define CI_SAVE_DATA_SIZE 28
-#define CI_SERIAL_NUMBER_SIZE 8
-#define CI_SIGNATURE_SIZE 40
-#define CI_STATUS_FLAGS_SIZE 4
-
-#define CI_TIME_SIZE 16
-#define CI_TIMESTAMP_SIZE 16
-
-#define CI_WRAPPED_X_SIZE 24
-
-#define CI_Y_SIZE 128
-
-#define CI_X_SIZE 20
-
-
-/* Miscellaneous */
-#define CI_NULL_FLAG 0
-#define CI_POWER_DOWN_FLAG 2
-#define CI_NO_LOG_OFF_FLAG 4
-#define CI_INITIATOR_FLAG 0
-#define CI_RECIPIENT_FLAG 1
-
-#define CI_BLOCK_LOCK_FLAG 1
-#define CI_SSO_LOGGED_ON 0x40
-#define CI_USER_LOGGED_ON 0x00
-#define CI_FAST_MODE 0x10
-#define CI_SLOW_MODE 0x00
-#define CI_WORST_CASE_MODE 0x40
-#define CI_TYPICAL_CASE_MODE 0x00
-
-/* Card Public Key Algorithms Types */
-#define CI_DSA_TYPE 0xA
-#define CI_KEA_TYPE 0x5
-#define CI_DSA_KEA_TYPE 0xF
-
-/* Fortezza Pin Types */
-#define CI_SSO_PIN 0x25
-#define CI_USER_PIN 0x2A
-
-/* Crypto Types */
-#define CI_ENCRYPT_TYPE 0
-#define CI_DECRYPT_TYPE 1
-#define CI_HASH_TYPE 2
-
-/* Save and Restore Types */
-#define CI_ENCRYPT_INT_TYPE 0x00 /* Internal Encryption */
-#define CI_ENCRYPT_EXT_TYPE 0x10 /* External Encryption */
-#define CI_DECRYPT_INT_TYPE 0x01 /* Internal Decryption */
-#define CI_DECRYPT_EXT_TYPE 0x11 /* External Decryption */
-#define CI_HASH_INT_TYPE 0x02 /* Internal Hash */
-#define CI_HASH_EXT_TYPE 0x12 /* External Hash */
-#define CI_TYPE_EXT_FLAG 0x10 /* Used to differentiate */
-
-/* Configuration types */
-#define CI_SET_SPEED_TYPE 1
-#define CI_SET_TIMING_TYPE 2
-
-/* Lock States */
-#define CI_SOCKET_UNLOCKED 0
-#define CI_HOLD_LOCK 1
-#define CI_SOCKET_LOCKED 2
-
-/* Fortezza Crypto Types Modes */
-#define CI_ECB64_MODE 0
-#define CI_CBC64_MODE 1
-#define CI_OFB64_MODE 2
-#define CI_CFB64_MODE 3
-#define CI_CFB32_MODE 4
-#define CI_CFB16_MODE 5
-#define CI_CFB8_MODE 6
-
-/* Card States */
-#define CI_POWER_UP 0
-#define CI_UNINITIALIZED 1
-#define CI_INITIALIZED 2
-#define CI_SSO_INITIALIZED 3
-#define CI_LAW_INITIALIZED 4
-#define CI_USER_INITIALIZED 5
-#define CI_STANDBY 6
-#define CI_READY 7
-#define CI_ZEROIZE 8
-#define CI_INTERNAL_FAILURE (-1)
-
-/* Flags for Firmware Update. */
-#define CI_NOT_LAST_BLOCK_FLAG 0x00000000UL
-#define CI_LAST_BLOCK_FLAG 0x80000000UL
-#define CI_DESTRUCTIVE_FLAG 0x000000FFUL
-#define CI_NONDESTRUCTIVE_FLAG 0x0000FF00UL
-
-
-/****************************************************************************
- Fortezza Library Return Codes
- ***************************************************************************/
-
-/* Card Responses */
-#define CI_OK 0
-#define CI_FAIL 1
-#define CI_CHECKWORD_FAIL 2
-#define CI_INV_TYPE 3
-#define CI_INV_MODE 4
-#define CI_INV_KEY_INDEX 5
-#define CI_INV_CERT_INDEX 6
-#define CI_INV_SIZE 7
-#define CI_INV_HEADER 8
-#define CI_INV_STATE 9
-#define CI_EXEC_FAIL 10
-#define CI_NO_KEY 11
-#define CI_NO_IV 12
-#define CI_NO_X 13
-
-#define CI_NO_SAVE 15
-#define CI_REG_IN_USE 16
-#define CI_INV_COMMAND 17
-#define CI_INV_POINTER 18
-#define CI_BAD_CLOCK 19
-#define CI_NO_DSA_PARMS 20
-
-/* Library Errors */
-#define CI_ERROR (-1)
-#define CI_LIB_NOT_INIT (-2)
-#define CI_CARD_NOT_READY (-3)
-#define CI_CARD_IN_USE (-4)
-#define CI_TIME_OUT (-5)
-#define CI_OUT_OF_MEMORY (-6)
-#define CI_NULL_PTR (-7)
-#define CI_BAD_SIZE (-8)
-#define CI_NO_DECRYPT (-9)
-#define CI_NO_ENCRYPT (-10)
-#define CI_NO_EXECUTE (-11)
-#define CI_BAD_PARAMETER (-12)
-#define CI_OUT_OF_RESOURCES (-13)
-
-#define CI_NO_CARD (-20)
-#define CI_NO_DRIVER (-21)
-#define CI_NO_CRDSRV (-22)
-#define CI_NO_SCTSRV (-23)
-
-#define CI_BAD_CARD (-30)
-#define CI_BAD_IOCTL (-31)
-#define CI_BAD_READ (-32)
-#define CI_BAD_SEEK (-33)
-#define CI_BAD_WRITE (-34)
-#define CI_BAD_FLUSH (-35)
-#define CI_BAD_IOSEEK (-36)
-#define CI_BAD_ADDR (-37)
-
-#define CI_INV_SOCKET_INDEX (-40)
-#define CI_SOCKET_IN_USE (-41)
-#define CI_NO_SOCKET (-42)
-#define CI_SOCKET_NOT_OPENED (-43)
-#define CI_BAD_TUPLES (-44)
-#define CI_NOT_A_CRYPTO_CARD (-45)
-
-#define CI_INVALID_FUNCTION (-50)
-#define CI_LIB_ALRDY_INIT (-51)
-#define CI_SRVR_ERROR (-52)
-
-
-/*****************************************************************************
- Data Structures
- ****************************************************************************/
-
-typedef unsigned char CI_CERTIFICATE[CI_CERT_SIZE];
-
-typedef unsigned char CI_CERT_FLAGS[CI_CERT_FLAGS_SIZE];
-
-typedef unsigned char CI_CERT_STR[CI_CERT_NAME_SIZE+4];
-
-typedef unsigned char CI_FAR *CI_DATA;
-
-typedef unsigned char CI_G[CI_G_SIZE];
-
-typedef unsigned char CI_HASHVALUE[CI_HASHVALUE_SIZE];
-
-typedef unsigned char CI_IV[CI_IV_SIZE];
-
-typedef unsigned char CI_KEY[CI_KEY_SIZE];
-
-typedef unsigned char CI_KS[CI_KS_SIZE];
-
-typedef unsigned char CI_P[CI_P_SIZE];
-
-typedef unsigned char CI_PASSWORD[CI_PASSWORD_SIZE + 4];
-
-typedef unsigned char CI_PIN[CI_PIN_SIZE + 4];
-
-typedef unsigned char CI_Q[CI_Q_SIZE];
-
-typedef unsigned char CI_RA[CI_RA_SIZE];
-
-typedef unsigned char CI_RB[CI_RB_SIZE];
-
-typedef unsigned char CI_RANDOM[CI_RANDOM_NO_SIZE];
-
-typedef unsigned char CI_RANDSEED[CI_RANDOM_SEED_SIZE];
-
-typedef unsigned char CI_REG_FLAGS[CI_REG_FLAGS_SIZE];
-
-typedef unsigned char CI_SIGNATURE[CI_SIGNATURE_SIZE];
-
-typedef unsigned char CI_SAVE_DATA[CI_SAVE_DATA_SIZE];
-
-typedef unsigned char CI_SERIAL_NUMBER[CI_SERIAL_NUMBER_SIZE];
-
-typedef unsigned int CI_STATE, CI_FAR *CI_STATE_PTR;
-
-typedef unsigned char CI_TIME[CI_TIME_SIZE];
-
-typedef unsigned char CI_TIMESTAMP[CI_TIMESTAMP_SIZE];
-
-typedef unsigned char CI_WRAPPED_X[CI_WRAPPED_X_SIZE];
-
-typedef unsigned char CI_Y[CI_Y_SIZE];
-
-typedef unsigned char CI_X[CI_X_SIZE];
-
-typedef struct {
- int LibraryVersion; /* CI Library version */
- int ManufacturerVersion; /* Card's hardware version */
- char ManufacturerName[CI_NAME_SIZE+4]; /* Card manufacturer's name*/
- char ProductName[CI_NAME_SIZE+4]; /* Card's product name */
- char ProcessorType[CI_NAME_SIZE+4]; /* Card's processor type */
- unsigned long UserRAMSize; /* Amount of User RAM in bytes */
- unsigned long LargestBlockSize; /* Largest block of data to pass in */
- int KeyRegisterCount; /* Number of key registers */
- int CertificateCount; /* Maximum number of personalities (# certs-1) */
- int CryptoCardFlag; /* A flag that if non-zero indicates that there is
- a Crypto-Card in the socket. If this value is
- zero then there is NOT a Crypto-Card in the
- sockets. */
- int ICDVersion; /* The ICD compliance level */
- int ManufacturerSWVer; /* The Manufacturer's Software Version */
- int DriverVersion; /* Driver Version */
-} CI_CONFIG, CI_FAR *CI_CONFIG_PTR;
-
-typedef struct {
- int CertificateIndex; /* Index from 1 to CertificateCount */
- CI_CERT_STR CertLabel; /* The certificate label */
-} CI_PERSON, CI_FAR *CI_PERSON_PTR;
-
-typedef struct {
- int CurrentSocket; /* The currently selected socket */
- int LockState; /* Lock status of the current socket */
- CI_SERIAL_NUMBER SerialNumber; /* Serial number of the Crypto Engine chip */
- CI_STATE CurrentState; /* State of The Card */
- int DecryptionMode; /* Decryption mode of The Card */
- int EncryptionMode; /* Encryption mode of The Card */
- int CurrentPersonality; /* Index of the current personality */
- int KeyRegisterCount; /* No. of Key Register on The Card */
- CI_REG_FLAGS KeyRegisterFlags; /* Bit Masks indicating Key Register use */
- int CertificateCount; /* No. of Certificates on The Card */
- CI_CERT_FLAGS CertificateFlags; /* Bit Mask indicating certificate use */
- unsigned char Flags[CI_STATUS_FLAGS_SIZE];
- /* Flag[0] : bit 6 for Condition mode */
- /* bit 4 for Clock mode */
-} CI_STATUS, CI_FAR *CI_STATUS_PTR;
-
-
-/*****************************************************************************
- Function Call Prototypes
- ****************************************************************************/
-
-RETURN_TYPE
-CI_ChangePIN PROTO_LIST( (
- int PINType,
- CI_PIN CI_FAR pOldPIN,
- CI_PIN CI_FAR pNewPIN ) );
-
-RETURN_TYPE
-CI_CheckPIN PROTO_LIST( (
- int PINType,
- CI_PIN CI_FAR pPIN ) );
-
-RETURN_TYPE
-CI_Close PROTO_LIST( (
- unsigned int Flags,
- int SocketIndex ) );
-
-RETURN_TYPE
-CI_Decrypt PROTO_LIST( (
- unsigned int CipherSize,
- CI_DATA pCipher,
- CI_DATA pPlain ) );
-
-RETURN_TYPE
-CI_DeleteCertificate PROTO_LIST( (
- int CertificateIndex ) );
-
-RETURN_TYPE
-CI_DeleteKey PROTO_LIST( (
- int RegisterIndex ) );
-
-RETURN_TYPE
-CI_Encrypt PROTO_LIST( (
- unsigned int PlainSize,
- CI_DATA pPlain,
- CI_DATA pCipher ) );
-
-RETURN_TYPE
-CI_ExtractX PROTO_LIST( (
- int CertificateIndex,
- int AlgorithmType,
- CI_PASSWORD CI_FAR pPassword,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_WRAPPED_X CI_FAR pX,
- CI_RA CI_FAR pRa,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) );
-
-RETURN_TYPE
-CI_FirmwareUpdate PROTO_LIST( (
- unsigned long Flags,
- long Cksum,
- unsigned int CksumLength,
- unsigned int DataSize,
- CI_DATA pData ) );
-
-RETURN_TYPE
-CI_GenerateIV PROTO_LIST( (
- CI_IV CI_FAR pIV ) );
-
-RETURN_TYPE
-CI_GenerateMEK PROTO_LIST( (
- int RegisterIndex,
- int Reserved ) );
-
-RETURN_TYPE
-CI_GenerateRa PROTO_LIST( (
- CI_RA CI_FAR pRa ) );
-
-RETURN_TYPE
-CI_GenerateRandom PROTO_LIST( (
- CI_RANDOM CI_FAR pRandom ) );
-
-RETURN_TYPE
-CI_GenerateTEK PROTO_LIST( (
- int Flags,
- int RegisterIndex,
- CI_RA CI_FAR pRa,
- CI_RB CI_FAR pRb,
- unsigned int YSize,
- CI_Y CI_FAR pY ) );
-
-RETURN_TYPE
-CI_GenerateX PROTO_LIST( (
- int CertificateIndex,
- int AlgorithmType,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG,
- unsigned int YSize,
- CI_Y CI_FAR pY ) );
-
-RETURN_TYPE
-CI_GetCertificate PROTO_LIST( (
- int CertificateIndex,
- CI_CERTIFICATE CI_FAR pCertificate ) );
-
-RETURN_TYPE
-CI_GetConfiguration PROTO_LIST( (
- CI_CONFIG_PTR pConfiguration ) );
-
-RETURN_TYPE
-CI_GetHash PROTO_LIST( (
- unsigned int DataSize,
- CI_DATA pData,
- CI_HASHVALUE CI_FAR pHashValue ) );
-
-RETURN_TYPE
-CI_GetPersonalityList PROTO_LIST( (
- int EntryCount,
- CI_PERSON CI_FAR pPersonalityList[] ) );
-
-RETURN_TYPE
-CI_GetState PROTO_LIST( (
- CI_STATE_PTR pState ) );
-
-RETURN_TYPE
-CI_GetStatus PROTO_LIST( (
- CI_STATUS_PTR pStatus ) );
-
-RETURN_TYPE
-CI_GetTime PROTO_LIST( (
- CI_TIME CI_FAR pTime ) );
-
-RETURN_TYPE
-CI_Hash PROTO_LIST( (
- unsigned int DataSize,
- CI_DATA pData ) );
-
-RETURN_TYPE
-CI_Initialize PROTO_LIST( (
- int CI_FAR *SocketCount ) );
-
-RETURN_TYPE
-CI_InitializeHash PROTO_LIST( (
- void ) );
-
-RETURN_TYPE
-CI_InstallX PROTO_LIST( (
- int CertificateIndex,
- int AlgorithmType,
- CI_PASSWORD CI_FAR pPassword,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_WRAPPED_X CI_FAR pWrappedX,
- CI_RA CI_FAR pRa,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) );
-
-RETURN_TYPE
-CI_LoadCertificate PROTO_LIST( (
- int CertificateIndex,
- CI_CERT_STR CI_FAR pCertLabel,
- CI_CERTIFICATE CI_FAR pCertificate,
- long Reserved ) );
-
-RETURN_TYPE
-CI_LoadDSAParameters PROTO_LIST( (
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) );
-
-RETURN_TYPE
-CI_LoadInitValues PROTO_LIST( (
- CI_RANDSEED CI_FAR pRandSeed,
- CI_KS CI_FAR pKs ) );
-
-RETURN_TYPE
-CI_LoadIV PROTO_LIST( (
- CI_IV CI_FAR pIV ) );
-
-RETURN_TYPE
-CI_LoadX PROTO_LIST( (
- int CertificateIndex,
- int AlgorithmType,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG,
- CI_X CI_FAR pX,
- unsigned int YSize,
- CI_Y CI_FAR pY ) );
-
-RETURN_TYPE
-CI_Lock PROTO_LIST( (
- int Flags ) );
-
-RETURN_TYPE
-CI_Open PROTO_LIST( (
- unsigned int Flags,
- int SocketIndex ) );
-
-RETURN_TYPE
-CI_RelayX PROTO_LIST( (
- CI_PASSWORD CI_FAR pOldPassword,
- unsigned int OldYSize,
- CI_Y CI_FAR pOldY,
- CI_RA CI_FAR pOldRa,
- CI_WRAPPED_X CI_FAR pOldWrappedX,
- CI_PASSWORD CI_FAR pNewPassword,
- unsigned int NewYSize,
- CI_Y CI_FAR pNewY,
- CI_RA CI_FAR pNewRa,
- CI_WRAPPED_X CI_FAR pNewWrappedX ) );
-
-RETURN_TYPE
-CI_Reset PROTO_LIST( (
- void ) );
-
-RETURN_TYPE
-CI_Restore PROTO_LIST( (
- int CryptoType,
- CI_SAVE_DATA CI_FAR pData ) );
-
-RETURN_TYPE
-CI_Save PROTO_LIST( (
- int CryptoType,
- CI_SAVE_DATA CI_FAR pData ) );
-
-RETURN_TYPE
-CI_Select PROTO_LIST( (
- int SocketIndex ) );
-
-RETURN_TYPE
-CI_SetConfiguration PROTO_LIST( (
- int Type,
- unsigned int DataSize,
- CI_DATA pData ) );
-
-RETURN_TYPE
-CI_SetKey PROTO_LIST( (
- int RegisterIndex ) );
-
-RETURN_TYPE
-CI_SetMode PROTO_LIST( (
- int CryptoType,
- int CryptoMode ) );
-
-RETURN_TYPE
-CI_SetPersonality PROTO_LIST( (
- int CertificateIndex ) );
-
-RETURN_TYPE
-CI_SetTime PROTO_LIST( (
- CI_TIME CI_FAR pTime ) );
-
-RETURN_TYPE
-CI_Sign PROTO_LIST( (
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature ) );
-
-RETURN_TYPE
-CI_Terminate PROTO_LIST( (
- void ) );
-
-RETURN_TYPE
-CI_TimeStamp PROTO_LIST( (
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature,
- CI_TIMESTAMP CI_FAR pTimeStamp ) );
-
-RETURN_TYPE
-CI_Unlock PROTO_LIST( (
- void ) );
-
-RETURN_TYPE
-CI_UnwrapKey PROTO_LIST( (
- int UnwrapIndex,
- int KeyIndex,
- CI_KEY CI_FAR pKey ) );
-
-RETURN_TYPE
-CI_VerifySignature PROTO_LIST( (
- CI_HASHVALUE CI_FAR pHashValue,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_SIGNATURE CI_FAR pSignature ) );
-
-RETURN_TYPE
-CI_VerifyTimeStamp PROTO_LIST( (
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature,
- CI_TIMESTAMP CI_FAR pTimeStamp ) );
-
-RETURN_TYPE
-CI_WrapKey PROTO_LIST( (
- int WrapIndex,
- int KeyIndex,
- CI_KEY CI_FAR pKey ) );
-
-RETURN_TYPE
-CI_Zeroize PROTO_LIST( (
- void ) );
-
-#if __cplusplus__ || __cplusplus
-}
-#endif /* C++ */
-
-#endif /* CRYPTINT_H */
diff --git a/security/nss/lib/fortcrypt/fmutex.c b/security/nss/lib/fortcrypt/fmutex.c
deleted file mode 100644
index ad98c04b6..000000000
--- a/security/nss/lib/fortcrypt/fmutex.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "fmutex.h"
-#include "fpkmem.h"
-#include <stdio.h>
-
-typedef struct PKMutexFunctions {
- CK_CREATEMUTEX CreateMutex;
- CK_DESTROYMUTEX DestroyMutex;
- CK_LOCKMUTEX LockMutex;
- CK_UNLOCKMUTEX UnlockMutex;
- int useMutex;
-} PKMutexFunctions;
-
-static PKMutexFunctions gMutex = {NULL, NULL, NULL, NULL, 0};
-static int gInit = 0;
-
-#define FMUTEX_CHECKS() \
- if (gInit == 0) { \
- return CKR_GENERAL_ERROR; \
- } \
- if (!gMutex.useMutex) { \
- return CKR_GENERAL_ERROR; \
- }
-
-CK_RV FMUTEX_Init(CK_C_INITIALIZE_ARGS_PTR pArgs) {
- if (gInit != 0) {
- return CKR_GENERAL_ERROR;
- }
-
- if (pArgs && pArgs->CreateMutex && pArgs->DestroyMutex &&
- pArgs->LockMutex && pArgs->UnlockMutex) {
-
- gMutex.CreateMutex = pArgs->CreateMutex;
- gMutex.DestroyMutex = pArgs->DestroyMutex;
- gMutex.LockMutex = pArgs->LockMutex;
- gMutex.UnlockMutex = pArgs->UnlockMutex;
- gMutex.useMutex = 1;
- gInit = 1;
- } else {
- gInit = 0;
- return CKR_GENERAL_ERROR;
- }
-
- return CKR_OK;
-}
-
-
-CK_RV FMUTEX_Create(CK_VOID_PTR_PTR pMutex) {
- CK_RV rv;
- FMUTEX_CHECKS()
-
- rv = gMutex.CreateMutex(pMutex);
- return rv;
-}
-
-CK_RV FMUTEX_Destroy(CK_VOID_PTR pMutex) {
- CK_RV rv;
- FMUTEX_CHECKS()
-
- rv = gMutex.DestroyMutex(pMutex);
- return rv;
-}
-
-CK_RV FMUTEX_Lock(CK_VOID_PTR pMutex) {
- CK_RV rv;
- FMUTEX_CHECKS()
-
- rv = gMutex.LockMutex(pMutex);
- return rv;
-}
-
-CK_RV FMUTEX_Unlock(CK_VOID_PTR pMutex) {
- CK_RV rv;
- FMUTEX_CHECKS()
-
- rv = gMutex.UnlockMutex(pMutex);
- return rv;
-}
-
-int FMUTEX_MutexEnabled (void) {
- return gMutex.useMutex;
-}
diff --git a/security/nss/lib/fortcrypt/fmutex.h b/security/nss/lib/fortcrypt/fmutex.h
deleted file mode 100644
index 589eea786..000000000
--- a/security/nss/lib/fortcrypt/fmutex.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifndef _FMUTEX_H_
-#define _FMUTEX_H_ 1
-
-#include "fpkcs11t.h"
-
-/*
- * All of these functions will return CK_RV values.
- */
-extern CK_RV FMUTEX_Init(CK_C_INITIALIZE_ARGS_PTR pArgs);
-
-
-extern CK_RV FMUTEX_Create(CK_VOID_PTR_PTR pMutex);
-
-extern CK_RV FMUTEX_Destroy(CK_VOID_PTR pMutex);
-
-extern CK_RV FMUTEX_Lock(CK_VOID_PTR pMutex);
-
-extern CK_RV FMUTEX_Unlock(CK_VOID_PTR pMutex);
-
-/* Returns 0 if mutexes have not been enabled.
- * Returns 1 if mutexes have been enabled.
- */
-extern int FMUTEX_MutexEnabled(void);
-
-#endif /*_FMUTEX_H_*/
diff --git a/security/nss/lib/fortcrypt/forsock.c b/security/nss/lib/fortcrypt/forsock.c
deleted file mode 100644
index 39a4f0420..000000000
--- a/security/nss/lib/fortcrypt/forsock.c
+++ /dev/null
@@ -1,815 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "fortsock.h"
-#include "fpkmem.h"
-#include "fmutex.h"
-#include <string.h>
-#include <stdlib.h>
-
-#define DEF_ENCRYPT_SIZE 0x8000
-
-static unsigned char Fortezza_mail_Rb[128] = {
-0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,1,
-};
-
-int InitSocket (FortezzaSocket *inSocket, int inSlotID) {
- int ci_rv;
- CK_RV mrv;
-
- if (inSocket == NULL)
- return SOCKET_FAILURE;
-
- inSocket->isLoggedIn = PR_FALSE;
- inSocket->personalitiesLoaded = PR_FALSE;
- inSocket->isOpen = PR_FALSE;
- inSocket->personalityList = NULL;
- inSocket->keyRegisters = NULL;
- inSocket->keys = NULL;
- inSocket->numPersonalities = 0;
- inSocket->numKeyRegisters = 0;
- inSocket->hitCount = 0;
-
- inSocket->slotID = inSlotID;
- ci_rv = MACI_GetSessionID(&(inSocket->maciSession));
- if (ci_rv != CI_OK)
- return SOCKET_FAILURE;
-
- ci_rv = MACI_Open (inSocket->maciSession, 0, inSlotID);
- if (ci_rv == CI_OK) {
- inSocket->isOpen = PR_TRUE;
- } else {
- MACI_Close (inSocket->maciSession, CI_NULL_FLAG, inSlotID);
- }
-
- if (FMUTEX_MutexEnabled()) {
- mrv = FMUTEX_Create(&inSocket->registersLock);
- if (mrv != CKR_OK) {
- inSocket->registersLock = NULL;
- }
- } else {
- inSocket->registersLock = NULL;
- }
-
- return SOCKET_SUCCESS;
-}
-
-int FreeSocket (FortezzaSocket *inSocket) {
- if (inSocket->registersLock) {
- FMUTEX_Destroy(inSocket->registersLock);
- }
- MACI_Close(inSocket->maciSession, CI_NULL_FLAG, inSocket->slotID);
- return SOCKET_SUCCESS;
-}
-
-int LoginToSocket (FortezzaSocket *inSocket, int inUserType, CI_PIN inPin) {
- int ci_rv, i;
- CI_STATUS ciStatus;
- CI_CONFIG ciConfig;
- FortezzaKey **oldRegisters, **newRegisters;
- int oldCount;
- HSESSION hs;
-
- if (inSocket == NULL || inSocket->isLoggedIn)
- return SOCKET_FAILURE;
-
- hs = inSocket->maciSession;
- ci_rv = MACI_Select (hs, inSocket->slotID);
- if (ci_rv != CI_OK)
- return ci_rv;
-
- ci_rv = MACI_CheckPIN(hs, inUserType, inPin);
-
- if (ci_rv != CI_OK) {
- return ci_rv;
- }
-
- ci_rv = MACI_GetStatus(hs, &ciStatus);
-
- if (ci_rv != CI_OK) {
- if (ci_rv == CI_FAIL) {
- ci_rv = CI_EXEC_FAIL;
- }
- return ci_rv;
- }
-
- ci_rv = MACI_GetConfiguration(hs, &ciConfig);
- if (ci_rv != CI_OK) {
- return ci_rv;
- }
-
- inSocket->isLoggedIn = PR_TRUE;
- inSocket->hasLoggedIn = PR_TRUE;
- PORT_Memcpy (inSocket->openCardSerial, ciStatus.SerialNumber,
- sizeof (CI_SERIAL_NUMBER));
- inSocket->openCardState = ciStatus.CurrentState;
- inSocket->numPersonalities = ciStatus.CertificateCount;
- inSocket->numKeyRegisters = ciConfig.KeyRegisterCount;
- newRegisters =
- (FortezzaKey**)PORT_Alloc (sizeof(FortezzaKey)*ciConfig.KeyRegisterCount);
-
- FMUTEX_Lock(inSocket->registersLock);
- oldRegisters = inSocket->keyRegisters;
- oldCount = inSocket->numKeyRegisters;
- inSocket->keyRegisters = newRegisters;
- if (oldRegisters) {
- for (i=0; i<oldCount; i++) {
- if (oldRegisters[i]) {
- oldRegisters[i]->keyRegister = KeyNotLoaded;
- }
- oldRegisters[i] = NULL;
- }
- PORT_Free(oldRegisters);
- }
-
- if (inSocket->keyRegisters == NULL) {
- FMUTEX_Unlock(inSocket->registersLock);
- return SOCKET_FAILURE;
- }
-
- for (i=0; i<ciConfig.KeyRegisterCount; i++) {
- inSocket->keyRegisters[i] = NULL;
- }
- FMUTEX_Unlock(inSocket->registersLock);
-
- return SOCKET_SUCCESS;
-}
-
-int LogoutFromSocket (FortezzaSocket *inSocket) {
- if (inSocket == NULL)
- return SOCKET_FAILURE;
-
- inSocket->isLoggedIn = PR_FALSE;
- inSocket->hasLoggedIn = PR_FALSE;
- if (UnloadPersonalityList(inSocket) != SOCKET_SUCCESS)
- return SOCKET_FAILURE;
-
-
- return SOCKET_SUCCESS;
-}
-
-
-int FetchPersonalityList(FortezzaSocket *inSocket) {
- int rv;
-
- if (inSocket == NULL || inSocket->numPersonalities == 0) {
- return SOCKET_FAILURE;
- }
-
- rv = MACI_Select (inSocket->maciSession, inSocket->slotID);
-
- inSocket->personalityList =
- (CI_PERSON*)PORT_Alloc (sizeof(CI_PERSON)*inSocket->numPersonalities);
-
- if (inSocket->personalityList == NULL) {
- return SOCKET_FAILURE;
- }
-
- rv = MACI_GetPersonalityList(inSocket->maciSession,
- inSocket->numPersonalities,
- inSocket->personalityList);
-
- if (rv != CI_OK) {
- return SOCKET_FAILURE;
- }
-
- inSocket->personalitiesLoaded = PR_TRUE;
- return SOCKET_SUCCESS;
-}
-
-int UnloadPersonalityList(FortezzaSocket *inSocket) {
- if (inSocket == NULL)
- return SOCKET_FAILURE;
-
- inSocket->personalitiesLoaded = PR_FALSE;
- if (inSocket->personalityList) {
- PORT_Free(inSocket->personalityList);
- }
- inSocket->numPersonalities = 0;
- inSocket->personalityList = NULL;
-
- return SOCKET_SUCCESS;
-}
-
-PRBool SocketIsLoggedIn(CI_STATE status) {
-
- return (PRBool)((status == CI_READY) || (status == CI_STANDBY));
-}
-
-PRBool SocketStateUnchanged(FortezzaSocket* inSocket) {
- CI_STATUS ciStatus;
- int ciRV;
-
- ciRV = MACI_Select (inSocket->maciSession, inSocket->slotID);
- if (ciRV != CI_OK)
- return PR_FALSE;
-
- if (inSocket->hasLoggedIn && !inSocket->isLoggedIn)
- return PR_FALSE; /* User Logged out from the socket */
-
- /*
- * Some vendor cards are slow. so if we think we are logged in,
- * and the card still thinks we're logged in, we must have the same
- * card.
- */
- if (inSocket->isLoggedIn) {
- CI_STATE state;
- ciRV = MACI_GetState(inSocket->maciSession, &state);
- if (ciRV != CI_OK) return PR_FALSE;
-
- return SocketIsLoggedIn(state);
- }
-
- ciRV = MACI_GetStatus(inSocket->maciSession, &ciStatus);
- if(ciRV != CI_OK) {
- return PR_FALSE;
- }
- if (inSocket->isLoggedIn) {
- if (PORT_Memcmp(ciStatus.SerialNumber, inSocket->openCardSerial,
- sizeof (CI_SERIAL_NUMBER)) != 0)
- return PR_FALSE; /* Serial Number of card in slot has changed */
- /* Probably means there is a new card */
- }
-
- if (inSocket->isLoggedIn && !SocketIsLoggedIn(ciStatus.CurrentState))
- return PR_FALSE; /* State of card changed. */
- /* Probably re-inserted same card */
-
- return PR_TRUE; /* No change in the state of the socket */
-}
-
-/*
- * can we regenerate this key on the fly?
- */
-static PRBool
-FortezzaIsRegenerating(FortezzaKey *key) {
- /* TEK's are the only type of key that can't be regenerated */
- if (key->keyType != TEK) return PR_TRUE;
- /* Client TEK's can never be regenerated */
- if (key->keyData.tek.flags == CI_INITIATOR_FLAG) return PR_FALSE;
- /* Only Server TEK's that use the Mail protocol can be regenerated */
- return ((PRBool)(memcmp(key->keyData.tek.Rb,Fortezza_mail_Rb,
- sizeof(key->keyData.tek.Rb)) == 0));
-}
-
-int GetBestKeyRegister(FortezzaSocket *inSocket) {
- int i, candidate = -1, candidate2 = 1;
- CK_ULONG minHitCount = 0xffffffff;
- CK_ULONG minRegHitCount = 0xffffffff;
- FortezzaKey **registers;
-
- registers = inSocket->keyRegisters;
- for (i=1; i< inSocket->numKeyRegisters; i++) {
- if (registers[i] == NULL)
- return i;
- }
-
- for (i=1; i < inSocket->numKeyRegisters; i++) {
- if (registers[i]->hitCount < minHitCount) {
- minHitCount = registers[i]->hitCount;
- candidate2 = i;
- }
-
- if (FortezzaIsRegenerating(registers[i]) &&
- (registers[i]->hitCount < minRegHitCount)) {
- minRegHitCount = registers[i]->hitCount;
- candidate = i;
- }
- }
-
- if (candidate == -1)
- candidate = candidate2;
-
- return candidate;
-}
-
-int SetFortezzaKeyHandle (FortezzaKey *inKey, CK_OBJECT_HANDLE inHandle) {
- inKey->keyHandle = inHandle;
- return SOCKET_SUCCESS;
-}
-
-void
-RemoveKey (FortezzaKey *inKey) {
- if (inKey != NULL && inKey->keySocket->keyRegisters != NULL) {
- if (inKey->keyRegister != KeyNotLoaded) {
- FortezzaKey **registers = inKey->keySocket->keyRegisters;
- registers[inKey->keyRegister] = NULL;
- MACI_DeleteKey(inKey->keySocket->maciSession, inKey->keyRegister);
- }
-
- PORT_Free(inKey);
- }
-}
-
-FortezzaKey *NewFortezzaKey(FortezzaSocket *inSocket,
- FortezzaKeyType inKeyType,
- CreateTEKInfo *TEKinfo,
- int inKeyRegister) {
- FortezzaKey *newKey, *oldKey;
- FortezzaKey **registers;
- HSESSION hs = inSocket->maciSession;
- int ciRV;
-
- newKey = (FortezzaKey*)PORT_Alloc (sizeof(FortezzaKey));
- if (newKey == NULL) {
- return NULL;
- }
-
- newKey->keyHandle = 0;
- newKey->keyRegister = KeyNotLoaded;
- newKey->keyType = inKeyType;
- newKey->keySocket = inSocket;
- newKey->hitCount = 0;
- newKey->id = TEKinfo ? TEKinfo->personality : 0;
-
- if (inKeyType != Ks && inSocket->keyRegisters) {
- registers = inSocket->keyRegisters;
- oldKey = registers[inKeyRegister];
- if (oldKey != NULL) {
- oldKey->keyRegister = KeyNotLoaded;
- }
-
- registers[inKeyRegister] = newKey;
- newKey->hitCount = inSocket->hitCount++;
-
- MACI_DeleteKey (hs, inKeyRegister);
- }
- newKey->keyRegister = inKeyRegister;
-
- MACI_Lock(hs, CI_BLOCK_LOCK_FLAG);
- switch (inKeyType) {
- case MEK:
- ciRV = MACI_GenerateMEK (hs, inKeyRegister, 0);
- if (ciRV != CI_OK) {
- RemoveKey(newKey);
- MACI_Unlock(hs);
- return NULL;
- }
- MACI_WrapKey(hs, 0, inKeyRegister, newKey->keyData.mek);
- break;
- case TEK:
- PORT_Memcpy (newKey->keyData.tek.Rb, TEKinfo->Rb, TEKinfo->randomLen);
- PORT_Memcpy (newKey->keyData.tek.Ra, TEKinfo->Ra, TEKinfo->randomLen);
- PORT_Memcpy (newKey->keyData.tek.pY, TEKinfo->pY, TEKinfo->YSize);
- newKey->keyData.tek.ySize = TEKinfo->YSize;
- newKey->keyData.tek.randomLen = TEKinfo->randomLen;
- newKey->keyData.tek.registerIndex = TEKinfo->personality;
- newKey->keyData.tek.flags = TEKinfo->flag;
-
- ciRV = MACI_SetPersonality(hs,TEKinfo->personality);
- if (ciRV != CI_OK) {
- RemoveKey(newKey);
- MACI_Unlock(hs);
- return NULL;
- }
- ciRV = MACI_GenerateTEK(hs, TEKinfo->flag, inKeyRegister,
- newKey->keyData.tek.Ra, TEKinfo->Rb,
- TEKinfo->YSize, TEKinfo->pY);
- if (ciRV != CI_OK) {
- RemoveKey(newKey);
- MACI_Unlock(hs);
- return NULL;
- }
-
-
- break;
- case Ks:
- break;
- default:
- RemoveKey(newKey);
- MACI_Unlock(hs);
- return NULL;
- }
- MACI_Unlock(hs);
- return newKey;
-}
-
-FortezzaKey *NewUnwrappedKey(int inKeyRegister, int id,
- FortezzaSocket *inSocket) {
- FortezzaKey *newKey;
-
- newKey = (FortezzaKey*)PORT_Alloc (sizeof(FortezzaKey));
- if (newKey == NULL) {
- return NULL;
- }
-
- newKey->keyRegister = inKeyRegister;
- newKey->keyType = UNWRAP;
- newKey->keySocket = inSocket;
- newKey->id = id;
- newKey->hitCount = inSocket->hitCount++;
- MACI_WrapKey(inSocket->maciSession,0 , inKeyRegister, newKey->keyData.mek);
- inSocket->keyRegisters[inKeyRegister] = newKey;
-
- return newKey;
-}
-
-int LoadKeyIntoRegister (FortezzaKey *inKey) {
- int registerIndex = GetBestKeyRegister(inKey->keySocket);
- FortezzaSocket *socket = inKey->keySocket;
- FortezzaKey **registers = socket->keyRegisters;
- HSESSION hs = socket->maciSession;
- FortezzaTEK *tek = &inKey->keyData.tek;
- FortezzaKey *oldKey;
- int rv = CI_FAIL;
-
- if (inKey->keyRegister != KeyNotLoaded) {
- return inKey->keyRegister;
- }
-
- oldKey = registers[registerIndex];
-
- MACI_Select(hs, socket->slotID);
- if (oldKey) {
- oldKey->keyRegister = KeyNotLoaded;
- }
- MACI_DeleteKey (hs, registerIndex);
-
- switch (inKey->keyType) {
- case TEK:
- if (!FortezzaIsRegenerating(inKey)) {
- return KeyNotLoaded;
- }
- if (MACI_SetPersonality(hs, tek->registerIndex) == CI_OK) {
- rv = MACI_GenerateTEK (hs, tek->flags, registerIndex,
- tek->Ra, tek->Rb, tek->ySize,
- tek->pY);
- }
- if (rv != CI_OK)
- return KeyNotLoaded;
- break;
- case MEK:
- case UNWRAP:
- rv = MACI_UnwrapKey (hs, 0, registerIndex, inKey->keyData.mek);
- if (rv != CI_OK)
- return KeyNotLoaded;
- break;
- default:
- return KeyNotLoaded;
- }
- inKey->keyRegister = registerIndex;
- registers[registerIndex] = inKey;
-
- return registerIndex;
-}
-
-int InitCryptoOperation (FortezzaContext *inContext,
- CryptoType inCryptoOperation) {
- inContext->cryptoOperation = inCryptoOperation;
- return SOCKET_SUCCESS;
-}
-
-int EndCryptoOperation (FortezzaContext *inContext,
- CryptoType inCryptoOperation) {
- if (inCryptoOperation != inContext->cryptoOperation) {
- return SOCKET_FAILURE;
- }
- inContext->cryptoOperation = None;
- return SOCKET_SUCCESS;
-}
-
-CryptoType GetCryptoOperation (FortezzaContext *inContext) {
- return inContext->cryptoOperation;
-}
-
-void InitContext(FortezzaContext *inContext, FortezzaSocket *inSocket,
- CK_OBJECT_HANDLE hKey) {
- inContext->fortezzaKey = NULL;
- inContext->fortezzaSocket = inSocket;
- inContext->session = NULL;
- inContext->mechanism = NO_MECHANISM;
- inContext->userRamSize = 0;
- inContext->cryptoOperation = None;
- inContext->hKey = hKey;
-}
-
-extern PRBool fort11_FortezzaIsUserCert(unsigned char *label);
-
-static int
-GetValidPersonality (FortezzaSocket *inSocket) {
- int index;
- int i;
- PRBool unLoadList = PR_FALSE;
- int numPersonalities;
-
- if (!inSocket->personalitiesLoaded) {
- numPersonalities = inSocket->numPersonalities;
- FetchPersonalityList (inSocket);
- unLoadList = PR_TRUE;
- }
-
- for (i=0; i<inSocket->numPersonalities; i++) {
- if (fort11_FortezzaIsUserCert(inSocket->personalityList[i].CertLabel)) {
- index = inSocket->personalityList[i].CertificateIndex;
- break;
- }
- }
-
- if (unLoadList) {
- UnloadPersonalityList(inSocket);
- /* UnloadPersonality sets numPersonalities to zero,
- * so we set it back to what it was when this function
- * was called.
- */
- inSocket->numPersonalities = numPersonalities;
- }
- return index;
-}
-
-int RestoreState (FortezzaContext *inContext, CryptoType inType) {
- FortezzaKey *key = inContext->fortezzaKey;
- FortezzaSocket *socket = inContext->fortezzaSocket;
- HSESSION hs = socket->maciSession;
- CI_IV bogus_iv;
- int rv, cryptoType;
- int personality = inContext->fortezzaKey->id;
-
- if (key == NULL)
- return SOCKET_FAILURE;
-
- if (personality == 0) {
- personality = GetValidPersonality (socket);
- }
- rv = MACI_SetPersonality(hs, personality);
- if (rv != CI_OK) {
- return SOCKET_FAILURE;
- }
- /*
- * The cards need to have some state bits set because
- * save and restore don't necessarily save all the state.
- * Instead of fixing the cards, they decided to change the
- * protocol :(.
- */
- switch (inType) {
- case Encrypt:
- rv = MACI_SetKey(hs, key->keyRegister);
- if (rv != CI_OK)
- break;
- rv = MACI_GenerateIV (hs, bogus_iv);
- cryptoType = CI_ENCRYPT_EXT_TYPE;
- break;
- case Decrypt:
- rv = MACI_SetKey(hs, key->keyRegister);
- rv = MACI_LoadIV (hs, inContext->cardIV);
- cryptoType = CI_DECRYPT_EXT_TYPE;
- break;
- default:
- rv = CI_INV_POINTER;
- break;
- }
-
- if (rv != CI_OK) {
- return SOCKET_FAILURE;
- }
-
- rv = MACI_Restore(hs, cryptoType, inContext->cardState);
- if (rv != CI_OK) {
- return SOCKET_FAILURE;
- }
-
- return SOCKET_SUCCESS;
-}
-
-int SaveState (FortezzaContext *inContext, CI_IV inIV,
- PK11Session *inSession, FortezzaKey *inKey,
- int inCryptoType, CK_MECHANISM_TYPE inMechanism){
- int ciRV;
- FortezzaSocket *socket = inContext->fortezzaSocket;
- HSESSION hs = socket->maciSession;
- CI_CONFIG ciConfig;
-
- ciRV = MACI_Select (hs, socket->slotID);
- if (ciRV != CI_OK) {
- return SOCKET_FAILURE;
- }
- inContext->session = inSession;
- inContext->fortezzaKey = inKey;
- inContext->mechanism = inMechanism;
- PORT_Memcpy (inContext->cardIV, inIV, sizeof (CI_IV));
- ciRV = MACI_Save(hs, inCryptoType, inContext->cardState);
- if (ciRV != CI_OK) {
- return SOCKET_FAILURE;
- }
- ciRV = MACI_GetConfiguration (hs, &ciConfig);
- if (ciRV == CI_OK) {
- inContext->userRamSize = ciConfig.LargestBlockSize;
- }
-
- if (inContext->userRamSize == 0) inContext->userRamSize = 0x4000;
-
- return SOCKET_SUCCESS;
-}
-
-int SocketSaveState (FortezzaContext *inContext, int inCryptoType) {
- int ciRV;
-
- ciRV = MACI_Save (inContext->fortezzaSocket->maciSession, inCryptoType,
- inContext->cardState);
- if (ciRV != CI_OK) {
- return SOCKET_FAILURE;
- }
- return SOCKET_SUCCESS;
-}
-
-int DecryptData (FortezzaContext *inContext,
- CK_BYTE_PTR inData,
- CK_ULONG inDataLen,
- CK_BYTE_PTR inDest,
- CK_ULONG inDestLen) {
- FortezzaSocket *socket = inContext->fortezzaSocket;
- FortezzaKey *key = inContext->fortezzaKey;
- HSESSION hs = socket->maciSession;
- CK_ULONG defaultEncryptSize;
- CK_ULONG left = inDataLen;
- CK_BYTE_PTR loopin, loopout;
- int rv = CI_OK;
-
- MACI_Select (hs, socket->slotID);
-
- defaultEncryptSize = (inContext->userRamSize > DEF_ENCRYPT_SIZE)
- ? DEF_ENCRYPT_SIZE : inContext->userRamSize;
-
- if (key->keyRegister == KeyNotLoaded) {
- rv = LoadKeyIntoRegister(key);
- if (rv == KeyNotLoaded) {
- return SOCKET_FAILURE;
- }
- }
-
- key->hitCount = socket->hitCount++;
- loopin = inData;
- loopout = inDest;
- left = inDataLen;
- rv = CI_OK;
-
- MACI_Lock(hs, CI_BLOCK_LOCK_FLAG);
- RestoreState (inContext, Decrypt);
-
- while ((left > 0) && (rv == CI_OK)) {
- CK_ULONG current = (left > defaultEncryptSize)
- ? defaultEncryptSize : left;
- rv = MACI_Decrypt(hs, current, loopin, loopout);
- loopin += current;
- loopout += current;
- left -= current;
- }
-
- MACI_Unlock(hs);
-
- if (rv != CI_OK) {
- return SOCKET_FAILURE;
- }
-
-
- rv = SocketSaveState (inContext, CI_DECRYPT_EXT_TYPE);
- if (rv != SOCKET_SUCCESS) {
- return rv;
- }
-
-
- return SOCKET_SUCCESS;
-}
-
-int EncryptData (FortezzaContext *inContext,
- CK_BYTE_PTR inData,
- CK_ULONG inDataLen,
- CK_BYTE_PTR inDest,
- CK_ULONG inDestLen) {
- FortezzaSocket *socket = inContext->fortezzaSocket;
- FortezzaKey *key = inContext->fortezzaKey;
- HSESSION hs = socket->maciSession;
- CK_ULONG defaultEncryptSize;
- CK_ULONG left = inDataLen;
- CK_BYTE_PTR loopin, loopout;
- int rv = CI_OK;
-
- MACI_Select (hs, socket->slotID);
-
- defaultEncryptSize = (inContext->userRamSize > DEF_ENCRYPT_SIZE)
- ? DEF_ENCRYPT_SIZE : inContext->userRamSize;
- if (key->keyRegister == KeyNotLoaded) {
- rv = LoadKeyIntoRegister(key);
- if (rv == KeyNotLoaded) {
- return rv;
- }
- }
-
- key->hitCount = socket->hitCount++;
- loopin = inData;
- loopout = inDest;
-
- RestoreState (inContext,Encrypt);
-
- rv = CI_OK;
- while ((left > 0) && (rv == CI_OK)) {
- CK_ULONG current = (left > defaultEncryptSize) ? defaultEncryptSize :
- left;
- rv = MACI_Encrypt(hs, current, loopin, loopout);
- loopin += current;
- loopout += current;
- left -= current;
- }
-
- if (rv != CI_OK) {
- return SOCKET_FAILURE;
- }
-
- rv = SocketSaveState (inContext, CI_ENCRYPT_EXT_TYPE);
- if (rv != SOCKET_SUCCESS) {
- return rv;
- }
-
- return SOCKET_SUCCESS;
-}
-
-int WrapKey (FortezzaKey *wrappingKey, FortezzaKey *srcKey,
- CK_BYTE_PTR pDest, CK_ULONG ulDestLen) {
- int ciRV;
- HSESSION hs = wrappingKey->keySocket->maciSession;
-
- if (wrappingKey->keyRegister == KeyNotLoaded) {
- if (LoadKeyIntoRegister(wrappingKey) == KeyNotLoaded) {
- return SOCKET_FAILURE;
- }
- }
-
- if (srcKey->id == 0) srcKey->id = wrappingKey->id;
-
- ciRV = MACI_WrapKey (hs, wrappingKey->keyRegister,
- srcKey->keyRegister, pDest);
- if (ciRV != CI_OK) {
- return SOCKET_FAILURE;
- }
-
- return SOCKET_SUCCESS;
-}
-
-int UnwrapKey (CK_BYTE_PTR inWrappedKey, FortezzaKey *inUnwrapKey) {
- int newIndex;
- int ciRV;
- FortezzaSocket *socket = inUnwrapKey->keySocket;
- HSESSION hs = socket->maciSession;
- FortezzaKey *oldKey;
-
- if (inUnwrapKey->keyRegister == KeyNotLoaded) {
- if (LoadKeyIntoRegister(inUnwrapKey) == KeyNotLoaded) {
- return KeyNotLoaded;
- }
- }
-
- ciRV = MACI_Select(hs, socket->slotID);
- if (ciRV != CI_OK) {
- return KeyNotLoaded;
- }
-
- newIndex = GetBestKeyRegister(inUnwrapKey->keySocket);
- oldKey = socket->keyRegisters[newIndex];
-
- MACI_Select(hs, socket->slotID);
- if (oldKey) {
- oldKey->keyRegister = KeyNotLoaded;
- socket->keyRegisters[newIndex] = NULL;
- }
- MACI_DeleteKey (hs, newIndex);
- ciRV = MACI_UnwrapKey(hs,inUnwrapKey->keyRegister, newIndex, inWrappedKey);
- if (ciRV != CI_OK) {
- inUnwrapKey->keyRegister = KeyNotLoaded;
- socket->keyRegisters[newIndex] = NULL;
- return KeyNotLoaded;
- }
-
- return newIndex;
-}
-
diff --git a/security/nss/lib/fortcrypt/fortinst.htm b/security/nss/lib/fortcrypt/fortinst.htm
deleted file mode 100644
index 649012c82..000000000
--- a/security/nss/lib/fortcrypt/fortinst.htm
+++ /dev/null
@@ -1,161 +0,0 @@
-<HTML>
-<TITLE>Generic PKCS #11 Installer</TITLE>
-<--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
--->
-
-<SCRIPT>
-// Crypto Mechanism Flags
-PKCS11_MECH_RSA_FLAG = 0x1<<0;
-PKCS11_MECH_DSA_FLAG = 0x1<<1;
-PKCS11_MECH_RC2_FLAG = 0x1<<2;
-PKCS11_MECH_RC4_FLAG = 0x1<<3;
-PKCS11_MECH_DES_FLAG = 0x1<<4;
-PKCS11_MECH_DH_FLAG = 0x1<<5; //Diffie-Hellman
-PKCS11_MECH_SKIPJACK_FLAG = 0x1<<6; //SKIPJACK algorithm as in Fortezza cards
-PKCS11_MECH_RC5_FLAG = 0x1<<7;
-PKCS11_MECH_SHA1_FLAG = 0x1<<8;
-PKCS11_MECH_MD5_FLAG = 0x1<<9;
-PKCS11_MECH_MD2_FLAG = 0x1<<10;
-PKCS11_MECH_RANDOM_FLAG = 0x1<<27; //Random number generator
-PKCS11_PUB_READABLE_CERT_FLAG = 0x1<<28; //Stored certs can be read off the token w/o logging in
-PKCS11_DISABLE_FLAG = 0x1<<30; //tell Navigator to disable this slot by default
-
-// Important:
-// 0x1<<11, 0x1<<12, ... , 0x1<<26, 0x1<<29, and 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should always be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which mechanisms should be turned on by
-pkcs11MechanismFlags = 0;
-
-
-// Ciphers that support SSL or S/MIME
-PKCS11_CIPHER_FORTEZZA_FLAG = 0x1<<0;
-
-// Important:
-// 0x1<<1, 0x1<<2, ... , 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should ALWAYS be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which SSL ciphers are supported
-pkcs11CipherFlags = PKCS11_CIPHER_FORTEZZA_FLAG;
-
-
-// Return values of pkcs11.addmodule() & pkcs11.delmodule()
-// success codes
-JS_OK_ADD_MODULE = 3 // Successfully added a module
-JS_OK_DEL_EXTERNAL_MODULE = 2 // Successfully deleted ext. module
-JS_OK_DEL_INTERNAL_MODULE = 1 // Successfully deleted int. module
-
-// failure codes
-JS_ERR_OTHER = -1 // Other errors than the followings
-JS_ERR_USER_CANCEL_ACTION = -2 // User abort an action
-JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3 // Calling a method w/ incorrect # of arguments
-JS_ERR_DEL_MODULE = -4 // Error deleting a module
-JS_ERR_ADD_MODULE = -5 // Error adding a module
-JS_ERR_BAD_MODULE_NAME = -6 // The module name is invalid
-JS_ERR_BAD_DLL_NAME = -7 // The DLL name is bad
-JS_ERR_BAD_MECHANISM_FLAGS = -8 // The mechanism flags are invalid
-JS_ERR_BAD_CIPHER_ENABLE_FLAGS = -9 // The SSL, S/MIME cipher flags are invalid
-
-var new_window;
-var has_new_window = 0;
-
-function HandleCipher(checkBox) {
- if (checkBox.checked) {
- pkcs11MechanismFlags |= checkBox.value;
- } else {
- pkcs11MechanismFlags &= ~checkBox.value;
- }
-}
-
-function HandleSSL(checkBox) {
- if (checkBox.checked) {
- pkcs11CipherFlags |= checkBox.value;
- } else {
- pkcs11CipherFlags &= ~checkBox.value;
- }
-}
-
-function colonize(string) {
- len = string.length;
- end = len -1;
-
- if (len == 0) return string;
-
-
- for (i=0; i < len; i++) {
- if (string.charAt(i) == "/") {
- if (i == 0) {
- new_string = ":" + string.substring(1,len);
- } else if (i == end) {
- new_string = string.substring(0,i)+':';
- } else {
- new_string = string.substring(0,i)+':'+
- string.substring(i+1,len);
- }
- string = new_string;
- }
- }
-
- if (string.charAt(0) == ":") string = string.substring(1,len);
- return string;
-}
-
-function DoInstall(name,module) {
- if ((navigator.platform == "MacPPC")
- || (navigator.platform == "Mac68K")) {
- module = colonize(module);
- }
- result = pkcs11.addmodule(name, module,
- pkcs11MechanismFlags, pkcs11CipherFlags);
- if ( result < 0) {
- window.alert("New module setup failed. Error code: " + result);
- }
- if (has_new_window) new_window.close();
-}
-
-default_name = "Netscape FORTEZZA Module"
-
-default_module = "D:/dogbert/ns/dist/WIN32_D.OBJ/bin/fort32.dll"
-document.writeln("<FORM name=instform target=_self> <H2>FORTEZZA PKCS #11 Installer version 1.5</H2>");
-document.writeln(" Module name: <Input Type=Text Name=modName value=\""+default_name+"\" size=50 required><br>");
-document.writeln(" Module Library: <Input Type=FILE required Name=module><br>");
-document.writeln("<i>Note: If you use the browse button, be sure to change the filter to show all the files (*), not just the HTML files (*.html).</i><p>");
-document.writeln("<hr>");
-document.write("<Input type=submit Name=Install Value=Install onclick=DoInstall(");
-document.writeln( "document.instform.modName.value,document.instform.module.value) >");
-document.writeln("</FORM>");
-</SCRIPT>
diff --git a/security/nss/lib/fortcrypt/fortpk11.c b/security/nss/lib/fortcrypt/fortpk11.c
deleted file mode 100644
index 076db666e..000000000
--- a/security/nss/lib/fortcrypt/fortpk11.c
+++ /dev/null
@@ -1,4544 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * This file implements PKCS 11 for FORTEZZA using MACI
- * drivers. Except for the Mac. They only have CI libraries, so
- * that's what we use there.
- *
- * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
- *
- * This implementations queries the MACI to figure out how
- * many slots exist on a given system. There is an artificial boundary
- * of 32 slots, because allocating slots dynamically caused memory
- * problems in the client when first this module was first developed.
- * Some how the heap was being corrupted and we couldn't find out where.
- * Subsequent attempts to allocate dynamic memory caused no problem.
- *
- * In this implementation, session objects are only visible to the session
- * that created or generated them.
- */
-
-#include "fpkmem.h"
-#include "seccomon.h"
-#include "fpkcs11.h"
-#include "fpkcs11i.h"
-#include "cryptint.h"
-#include "pk11func.h"
-#include "fortsock.h"
-#include "fmutex.h"
-#ifdef notdef
-#include <ctype.h>
-#include <stdio.h>
-#endif
-#ifdef XP_MAC
-#ifndef __POWERPC__
-#include <A4Stuff.h>
-#endif
-/* This is not a 4.0 project, so I can't depend on
- * 4.0 defines, so instead I depend on CodeWarrior
- * defines. I define XP_MAC in fpkmem.h
- */
-#if __POWERPC__
-#elif __CFM68K__
-#else
-/* These include are taken fromn npmac.cpp which are used
- * by the plugin group to properly set-up a plug-in for
- * dynamic loading on 68K.
- */
-
-#include <Quickdraw.h>
-
-/*
-** The Mixed Mode procInfos defined in npupp.h assume Think C-
-** style calling conventions. These conventions are used by
-** Metrowerks with the exception of pointer return types, which
-** in Metrowerks 68K are returned in A0, instead of the standard
-** D0. Thus, since NPN_MemAlloc and NPN_UserAgent return pointers,
-** Mixed Mode will return the values to a 68K plugin in D0, but
-** a 68K plugin compiled by Metrowerks will expect the result in
-** A0. The following pragma forces Metrowerks to use D0 instead.
-*/
-#ifdef __MWERKS__
-#ifndef powerc
-#pragma pointers_in_D0
-#endif
-#endif
-
-#ifdef __MWERKS__
-#ifndef powerc
-#pragma pointers_in_A0
-#endif
-#endif
-
-/* The following fix for static initializers fixes a previous
-** incompatibility with some parts of PowerPlant.
-*/
-#ifdef __MWERKS__
-#ifdef __cplusplus
- extern "C" {
-#endif
-#ifndef powerc
- extern void __InitCode__(void);
-#else
- extern void __sinit(void);
-#endif
- extern void __destroy_global_chain(void);
-#ifdef __cplusplus
- }
-#endif /* __cplusplus */
-#endif /* __MWERKS__ */
-
-#endif
-#endif
-
-
-typedef struct {
- unsigned char *data;
- int len;
-} CertItem;
-
-
-/*
- * ******************** Static data *******************************
- */
-
-/* The next three strings must be exactly 32 characters long */
-static char *manufacturerID = "Netscape Communications Corp ";
-static char *libraryDescription = "Communicator Fortezza Crypto Svc";
-
-typedef enum {DSA_KEY, KEA_KEY, V1_KEY, INVALID_KEY } PrivKeyType;
-
-static PK11Slot fort11_slot[NUM_SLOTS];
-static FortezzaSocket fortezzaSockets[NUM_SLOTS];
-static PRBool init = PR_FALSE;
-static CK_ULONG kNumSockets = 0;
-
-#define __PASTE(x,y) x##y
-
-
-#undef CK_FUNC
-#undef CK_EXTERN
-#undef CK_NEED_ARG_LIST
-#undef _CK_RV
-
-#define fort11_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
-#define fort11_SlotFromSession pk11_SlotFromSession
-#define fort11_isToken pk11_isToken
-
-static CK_FUNCTION_LIST fort11_funcList = {
- { 2, 1 },
-
-#undef CK_FUNC
-#undef CK_EXTERN
-#undef CK_NEED_ARG_LIST
-#undef _CK_RV
-
-#define CK_EXTERN
-#define CK_FUNC(name) name,
-#define _CK_RV
-
-#include "fpkcs11f.h"
-
-};
-
-#undef CK_FUNC
-#undef CK_EXTERN
-#undef _CK_RV
-
-
-#undef __PASTE
-#undef pk11_SlotFromSessionHandle
-#undef pk11_SlotFromID
-
-#define MAJOR_VERSION_MASK 0xFF00
-#define MINOR_VERSION_MASK 0x00FF
-
-/* Mechanisms */
-struct mechanismList {
- CK_MECHANISM_TYPE type;
- CK_MECHANISM_INFO domestic;
- PRBool privkey;
-};
-
-static struct mechanismList mechanisms[] = {
- {CKM_DSA, {512,1024,CKF_SIGN}, PR_TRUE},
- {CKM_SKIPJACK_KEY_GEN, {92, 92, CKF_GENERATE}, PR_TRUE},
- {CKM_SKIPJACK_CBC64, {92, 92, CKF_ENCRYPT | CKF_DECRYPT}, PR_TRUE},
- {CKM_SKIPJACK_WRAP, {92, 92, CKF_WRAP}, PR_TRUE},
- {CKM_KEA_KEY_DERIVE, {128, 128, CKF_DERIVE}, PR_TRUE},
-};
-static CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]);
-
-/*************Static function prototypes********************************/
-static PRBool fort11_isTrue(PK11Object *object,CK_ATTRIBUTE_TYPE type);
-static void fort11_FreeAttribute(PK11Attribute *attribute);
-static void fort11_DestroyAttribute(PK11Attribute *attribute);
-static PK11Object* fort11_NewObject(PK11Slot *slot);
-static PK11FreeStatus fort11_FreeObject(PK11Object *object);
-static CK_RV fort11_AddAttributeType(PK11Object *object,
- CK_ATTRIBUTE_TYPE type,
- void *valPtr,
- CK_ULONG length);
-static void fort11_AddSlotObject(PK11Slot *slot, PK11Object *object);
-static PK11Attribute* fort11_FindAttribute(PK11Object *object,
- CK_ATTRIBUTE_TYPE type);
-static PK11Attribute* fort11_NewAttribute(CK_ATTRIBUTE_TYPE type,
- CK_VOID_PTR value, CK_ULONG len);
-static void fort11_DeleteAttributeType(PK11Object *object,
- CK_ATTRIBUTE_TYPE type);
-static void fort11_AddAttribute(PK11Object *object,
- PK11Attribute *attribute);
-static void fort11_AddObject(PK11Session *session,
- PK11Object *object);
-static PK11Object * fort11_ObjectFromHandle(CK_OBJECT_HANDLE handle,
- PK11Session *session);
-static void fort11_DeleteObject(PK11Session *session,PK11Object *object);
-static CK_RV fort11_DestroyObject(PK11Object *object);
-void fort11_FreeSession(PK11Session *session);
-
-#define FIRST_SLOT_SESS_ID 0x00000100L
-#define ADD_NEXT_SESS_ID 0x00000100L
-#define SLOT_MASK 0x000000FFL
-
-#define FAILED CKR_FUNCTION_FAILED
-
-static void
-fort11_FreeFortezzaKey (void *inFortezzaKey) {
- RemoveKey ((FortezzaKey*) inFortezzaKey);
-}
-
-static void
-fort11_DestroySlotObjects (PK11Slot *slot, PK11Session *session) {
- PK11Object *currObject, *nextObject, *oldObject;
- int i;
-
- for (i=0; i<HASH_SIZE; i++) {
- currObject = slot->tokObjects[i];
- slot->tokObjects[i] = NULL;
- do {
- FMUTEX_Lock(slot->sessionLock);
-
- if (currObject) {
- nextObject = currObject->next;
- FMUTEX_Lock(currObject->refLock);
- currObject->refCount++;
- FMUTEX_Unlock(currObject->refLock);
- fort11_DeleteObject(session, currObject);
- }
- FMUTEX_Unlock(slot->sessionLock);
- if (currObject) {
- oldObject = currObject;
- currObject = nextObject;
- fort11_FreeObject(oldObject);
- }
- } while (currObject != NULL);
- }
-}
-
-static void
-fort11_TokenRemoved(PK11Slot *slot, PK11Session *session) {
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
-
- LogoutFromSocket (socket);
- slot->isLoggedIn = PR_FALSE;
- if (session && session->notify) {
- /*If no session pointer exists, lots of leaked memory*/
- session->notify (session->handle, CKN_SURRENDER,
- session->appData);
- fort11_FreeSession(session); /* Release the reference held
- * by the slot with the session
- */
- }
-
- fort11_DestroySlotObjects(slot, session);
- fort11_FreeSession(session); /* Release the reference held
- * by the slot with the session
- */
-
- /* All keys will have been freed at this point so we can
- * NULL out this pointer
- */
- socket->keys = NULL;
-
-}
-
-PRBool
-fort11_FortezzaIsUserCert(unsigned char * label) {
-
- if ( (!PORT_Memcmp(label, "KEAK", 4)) || /* v3 user certs */
- (!PORT_Memcmp(label, "DSA1", 4)) ||
- (!PORT_Memcmp(label, "DSAI", 4)) ||
- (!PORT_Memcmp(label, "DSAO", 4)) ||
- (!PORT_Memcmp(label, "INKS", 4)) || /* v1 user certs */
- (!PORT_Memcmp(label, "INKX", 4)) ||
- (!PORT_Memcmp(label, "ONKS", 4)) ||
- (!PORT_Memcmp(label, "ONKX", 4)) ||
- (!PORT_Memcmp(label, "3IXS", 4)) || /* old v3 user certs */
- (!PORT_Memcmp(label, "3OXS", 4)) ||
- (!PORT_Memcmp(label, "3IKX", 4)) ) {
-
- return PR_TRUE;
-
- } else { return PR_FALSE; }
-
-}
-
-static PRBool
-fort11_FortezzaIsACert(unsigned char * label) {
- if (label == NULL) return PR_FALSE;
-
- if ( (!PORT_Memcmp(label, "DSA1", 4)) || /* v3 certs */
- (!PORT_Memcmp(label, "DSAI", 4)) ||
- (!PORT_Memcmp(label, "DSAO", 4)) ||
- (!PORT_Memcmp(label, "DSAX", 4)) ||
- (!PORT_Memcmp(label, "KEAK", 4)) ||
- (!PORT_Memcmp(label, "KEAX", 4)) ||
- (!PORT_Memcmp(label, "CAX1", 4)) ||
- (!PORT_Memcmp(label, "PCA1", 4)) ||
- (!PORT_Memcmp(label, "PAA1", 4)) ||
- (!PORT_Memcmp(label, "ICA1", 4)) ||
-
- (!PORT_Memcmp(label, "3IXS", 4)) || /* old v3 certs */
- (!PORT_Memcmp(label, "3OXS", 4)) ||
- (!PORT_Memcmp(label, "3CAX", 4)) ||
- (!PORT_Memcmp(label, "3IKX", 4)) ||
- (!PORT_Memcmp(label, "3PCA", 4)) ||
- (!PORT_Memcmp(label, "3PAA", 4)) ||
- (!PORT_Memcmp(label, "3ICA", 4)) ||
-
- (!PORT_Memcmp(label, "INKS", 4)) || /* v1 certs */
- (!PORT_Memcmp(label, "INKX", 4)) ||
- (!PORT_Memcmp(label, "ONKS", 4)) ||
- (!PORT_Memcmp(label, "ONKX", 4)) ||
- (!PORT_Memcmp(label, "RRXX", 4)) ||
- (!PORT_Memcmp(label, "RTXX", 4)) ||
- (!PORT_Memcmp(label, "LAXX", 4)) ) {
-
- return PR_TRUE;
-
- }
-
- return PR_FALSE;
-}
-
-static
-int fort11_cert_length(unsigned char *buf, int length) {
- unsigned char tag;
- int used_length= 0;
- int data_length;
-
- tag = buf[used_length++];
-
- /* blow out when we come to the end */
- if (tag == 0) {
- return 0;
- }
-
- data_length = buf[used_length++];
-
- if (data_length&0x80) {
- int len_count = data_length & 0x7f;
-
- data_length = 0;
-
- while (len_count-- > 0) {
- data_length = (data_length << 8) | buf[used_length++];
- }
- }
-
- if (data_length > (length-used_length) ) {
- return length;
- }
-
- return (data_length + used_length);
-}
-
-unsigned char *fort11_data_start(unsigned char *buf, int length,
- int *data_length, PRBool includeTag) {
- unsigned char tag;
- int used_length= 0;
-
- tag = buf[used_length++];
-
- /* blow out when we come to the end */
- if (tag == 0) {
- return NULL;
- }
-
- *data_length = buf[used_length++];
-
- if (*data_length&0x80) {
- int len_count = *data_length & 0x7f;
-
- *data_length = 0;
-
- while (len_count-- > 0) {
- *data_length = (*data_length << 8) | buf[used_length++];
- }
- }
-
- if (*data_length > (length-used_length) ) {
- *data_length = length-used_length;
- return NULL;
- }
- if (includeTag) *data_length += used_length;
-
- return (buf + (includeTag ? 0 : used_length));
-}
-
-int
-fort11_GetCertFields(unsigned char *cert,int cert_length,CertItem *issuer,
- CertItem *serial,CertItem *subject)
-{
- unsigned char *buf;
- int buf_length;
- unsigned char *date;
- int datelen;
-
- /* get past the signature wrap */
- buf = fort11_data_start(cert,cert_length,&buf_length,PR_FALSE);
- if (buf == NULL) return FAILED;
- /* get into the raw cert data */
- buf = fort11_data_start(buf,buf_length,&buf_length,PR_FALSE);
- if (buf == NULL) return FAILED;
- /* skip past any optional version number */
- if ((buf[0] & 0xa0) == 0xa0) {
- date = fort11_data_start(buf,buf_length,&datelen,PR_FALSE);
- if (date == NULL) return FAILED;
- buf_length -= (date-buf) + datelen;
- buf = date + datelen;
- }
- /* serial number */
- serial->data = fort11_data_start(buf,buf_length,&serial->len,PR_FALSE);
- if (serial->data == NULL) return FAILED;
- buf_length -= (serial->data-buf) + serial->len;
- buf = serial->data + serial->len;
- /* skip the OID */
- date = fort11_data_start(buf,buf_length,&datelen,PR_FALSE);
- if (date == NULL) return FAILED;
- buf_length -= (date-buf) + datelen;
- buf = date + datelen;
- /* issuer */
- issuer->data = fort11_data_start(buf,buf_length,&issuer->len,PR_TRUE);
- if (issuer->data == NULL) return FAILED;
- buf_length -= (issuer->data-buf) + issuer->len;
- buf = issuer->data + issuer->len;
- /* skip the date */
- date = fort11_data_start(buf,buf_length,&datelen,PR_FALSE);
- if (date == NULL) return FAILED;
- buf_length -= (date-buf) + datelen;
- buf = date + datelen;
- /*subject */
- subject->data=fort11_data_start(buf,buf_length,&subject->len,PR_TRUE);
- if (subject->data == NULL) return FAILED;
- buf_length -= (subject->data-buf) + subject->len;
- buf = subject->data +subject->len;
- /*subject */
- return CKR_OK;
-}
-
-/* quick tohex function to get rid of scanf */
-static
-int fort11_tohex(char *s) {
- int val = 0;
-
- for(;*s;s++) {
- if ((*s >= '0') && (*s <= '9')) {
- val = (val << 4) + (*s - '0');
- continue;
- } else if ((*s >= 'a') && (*s <= 'f')) {
- val = (val << 4) + (*s - 'a') + 10;
- continue;
- } else if ((*s >= 'A') && (*s <= 'F')) {
- val = (val << 4) + (*s - 'A') + 10;
- continue;
- }
- break;
- }
- return val;
-}
-
-/* only should be called for V3 KEA cert labels. */
-
-static int
-fort11_GetSibling(CI_CERT_STR label) {
-
- int value = 0;
- char s[3];
-
- label +=4;
-
- strcpy(s,"00");
- memcpy(s, label, 2);
- value = fort11_tohex(s);
-
- /* sibling of 255 means no sibling */
- if (value == 255) {
- value = -1;
- }
-
- return value;
-}
-
-
-static PrivKeyType
-fort11_GetKeyType(CI_CERT_STR label) {
- if (label == NULL) return INVALID_KEY;
-
- if ( (!PORT_Memcmp(label, "DSA1", 4)) || /* v3 certs */
- (!PORT_Memcmp(label, "DSAI", 4)) ||
- (!PORT_Memcmp(label, "DSAO", 4)) ||
- (!PORT_Memcmp(label, "3IXS", 4)) || /* old v3 certs */
- (!PORT_Memcmp(label, "3OXS", 4)) ) {
-
- return DSA_KEY;
- }
-
-
- if ( (!PORT_Memcmp(label, "KEAK", 4)) ||
- (!PORT_Memcmp(label, "3IKX", 4)) ) {
- return KEA_KEY;
- }
-
- if ( (!PORT_Memcmp(label, "INKS", 4)) || /* V1 Certs*/
- (!PORT_Memcmp(label, "INKX", 4)) ||
- (!PORT_Memcmp(label, "ONKS", 4)) ||
- (!PORT_Memcmp(label, "ONKX", 4)) ||
- (!PORT_Memcmp(label, "RRXX", 4)) ||
- (!PORT_Memcmp(label, "RTXX", 4)) ||
- (!PORT_Memcmp(label, "LAXX", 4)) ) {
-
- return V1_KEY;
- }
-
- return INVALID_KEY;
-}
-
-static CK_RV
-fort11_ConvertToDSAKey(PK11Object *privateKey, PK11Slot *slot) {
- CK_KEY_TYPE key_type = CKK_DSA;
- CK_BBOOL cktrue = TRUE;
- CK_BBOOL ckfalse = FALSE;
- CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY;
- CK_CHAR label[] = "A DSA Private Key";
-
-
- /* Fill in the common Default values */
- if (fort11_AddAttributeType(privateKey,CKA_START_DATE, NULL, 0) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey,CKA_END_DATE, NULL, 0) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey,CKA_SUBJECT, NULL, 0) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_CLASS, &privClass,
- sizeof (CK_OBJECT_CLASS)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_KEY_TYPE, &key_type,
- sizeof(CK_KEY_TYPE)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType (privateKey, CKA_TOKEN, &cktrue,
- sizeof (CK_BBOOL)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType (privateKey, CKA_LABEL, label,
- PORT_Strlen((char*)label)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_SENSITIVE, &cktrue,
- sizeof (CK_BBOOL)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_SIGN, &cktrue,
- sizeof (CK_BBOOL)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- if (fort11_AddAttributeType(privateKey, CKA_DERIVE, &cktrue,
- sizeof(cktrue)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_LOCAL, &ckfalse,
- sizeof(ckfalse)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_DECRYPT, &ckfalse,
- sizeof(ckfalse)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_SIGN_RECOVER, &ckfalse,
- sizeof(ckfalse)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_UNWRAP, &ckfalse,
- sizeof(ckfalse)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_EXTRACTABLE, &ckfalse,
- sizeof(ckfalse)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_ALWAYS_SENSITIVE, &cktrue,
- sizeof(cktrue)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_NEVER_EXTRACTABLE, &cktrue,
- sizeof(ckfalse)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_PRIME, NULL, 0) != CKR_OK){
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_SUBPRIME, NULL, 0) != CKR_OK){
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_BASE, NULL, 0) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_VALUE, NULL, 0) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_PRIVATE, &cktrue,
- sizeof(cktrue)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_MODIFIABLE,&ckfalse,
- sizeof(ckfalse)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- FMUTEX_Lock(slot->objectLock);
- privateKey->handle = slot->tokenIDCount++;
- privateKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
- FMUTEX_Unlock(slot->objectLock);
- privateKey->objclass = privClass;
- privateKey->slot = slot;
- privateKey->inDB = PR_TRUE;
-
-
- return CKR_OK;
-}
-
-static int
-fort11_LoadRootPAAKey(PK11Slot *slot, PK11Session *session) {
- CK_OBJECT_CLASS theClass = CKO_SECRET_KEY;
- int id = 0;
- CK_BBOOL True = TRUE;
- CK_BBOOL False = FALSE;
- CK_CHAR label[] = "Trusted Root PAA Key";
- PK11Object *rootKey;
- FortezzaKey *newKey;
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
-
- /*Don't know the key type. Does is matter?*/
-
- rootKey = fort11_NewObject(slot);
-
- if (rootKey == NULL) {
- return CKR_HOST_MEMORY;
- }
-
- if (fort11_AddAttributeType(rootKey, CKA_CLASS, &theClass,
- sizeof(theClass)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- if (fort11_AddAttributeType(rootKey, CKA_TOKEN, &True,
- sizeof(True)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- if (fort11_AddAttributeType(rootKey, CKA_LABEL, label,
- sizeof(label)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- if (fort11_AddAttributeType(rootKey, CKA_PRIVATE, &True,
- sizeof (True)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- if (fort11_AddAttributeType(rootKey,CKA_MODIFIABLE, &False,
- sizeof(False)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- if (fort11_AddAttributeType(rootKey, CKA_ID, &id,
- sizeof(int)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- if (fort11_AddAttributeType(rootKey, CKA_DERIVE, &True,
- sizeof(True)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- if (fort11_AddAttributeType(rootKey, CKA_SENSITIVE, &True,
- sizeof(True)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- FMUTEX_Lock(slot->objectLock);
- rootKey->handle = slot->tokenIDCount++;
- rootKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
- FMUTEX_Unlock(slot->objectLock);
-
- rootKey->objclass = theClass;
- rootKey->slot = slot;
- rootKey->inDB = PR_TRUE;
-
- newKey = NewFortezzaKey(socket, Ks, NULL, 0);
- if (newKey == NULL) {
- fort11_FreeObject(rootKey);
- return CKR_HOST_MEMORY;
- }
-
- rootKey->objectInfo = (void*)newKey;
- rootKey->infoFree = fort11_FreeFortezzaKey;
- fort11_AddObject(session, rootKey);
-
- return CKR_OK;
-}
-
-static CK_RV
-fort11_ConvertToKEAKey (PK11Object *privateKey, PK11Slot *slot) {
- CK_OBJECT_CLASS theClass = CKO_PRIVATE_KEY;
- CK_KEY_TYPE keyType = CKK_KEA;
- CK_CHAR label[] = "A KEA private key Object";
- CK_BBOOL True = TRUE;
- CK_BBOOL False = FALSE;
-
- if (fort11_AddAttributeType(privateKey, CKA_CLASS, &theClass,
- sizeof (CK_OBJECT_CLASS)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_KEY_TYPE, &keyType,
- sizeof (CK_KEY_TYPE)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_TOKEN, &True,
- sizeof(CK_BBOOL)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType (privateKey, CKA_LABEL, label,
- PORT_Strlen((char*)label)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType (privateKey, CKA_SENSITIVE,
- &True, sizeof(CK_BBOOL)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType (privateKey, CKA_DERIVE,
- &True, sizeof(CK_BBOOL)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_PRIVATE, &True,
- sizeof(True)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_START_DATE, NULL, 0) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_END_DATE, NULL, 0) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- if (fort11_AddAttributeType(privateKey, CKA_LOCAL, &False,
- sizeof(False)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- FMUTEX_Lock(slot->objectLock);
- privateKey->handle = slot->tokenIDCount++;
- privateKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
- FMUTEX_Unlock(slot->objectLock);
- privateKey->objclass = theClass;
- privateKey->slot = slot;
- privateKey->inDB = PR_TRUE;
-
- return CKR_OK;
-}
-
-static CK_RV
-fort11_ConvertToV1Key (PK11Object* privateKey, PK11Slot *slot) {
- CK_RV rv;
- CK_BBOOL True = TRUE;
-
- rv = fort11_ConvertToDSAKey(privateKey, slot);
- if (rv != CKR_OK) {
- return rv;
- }
-
- if (fort11_AddAttributeType(privateKey, CKA_DERIVE, &True,
- sizeof (CK_BBOOL)) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- return CKR_OK;
-}
-
-static CK_RV
-fort11_NewPrivateKey(PK11Object *privKeyObject, PK11Slot *slot,CI_PERSON currPerson) {
- PrivKeyType keyType = fort11_GetKeyType(currPerson.CertLabel);
- CK_RV rv;
-
- switch (keyType) {
- case DSA_KEY:
- rv = fort11_ConvertToDSAKey(privKeyObject, slot);
- break;
- case KEA_KEY:
- rv = fort11_ConvertToKEAKey(privKeyObject, slot);
- break;
- case V1_KEY:
- rv = fort11_ConvertToV1Key(privKeyObject, slot);
- break;
- default:
- rv = CKR_GENERAL_ERROR;
- break;
- }
- return rv;
-}
-
-
-PRBool
-fort11_LoadCertObjectForSearch(CI_PERSON currPerson, PK11Slot *slot,
- PK11Session *session, CI_PERSON *pers_array) {
- PK11Object *certObject, *privKeyObject;
- PK11Attribute *attribute, *newAttribute;
- int ci_rv;
- CI_CERTIFICATE cert;
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_CERTIFICATE_TYPE certType = CKC_X_509;
- CK_BBOOL cktrue = TRUE;
- CK_BBOOL ckfalse = FALSE;
- CertItem issuer, serial, subject;
- int certSize;
- char nickname[50];
- char *cursor;
- PrivKeyType priv_key;
- int sibling;
-
-
- certObject = fort11_NewObject(slot);
- if (certObject == NULL)
- return PR_FALSE;
-
- ci_rv = MACI_GetCertificate (fortezzaSockets[slot->slotID-1].maciSession,
- currPerson.CertificateIndex, cert);
- if (ci_rv != CI_OK){
- fort11_FreeObject(certObject);
- return PR_FALSE;
- }
-
- ci_rv = fort11_GetCertFields(cert,CI_CERT_SIZE,&issuer,&serial,&subject);
-
- if (ci_rv != CKR_OK) {
- fort11_FreeObject(certObject);
- return PR_FALSE;
- }
-
- if (fort11_AddAttributeType(certObject, CKA_CLASS, &certClass,
- sizeof (CK_OBJECT_CLASS)) != CKR_OK) {
- fort11_FreeObject (certObject);
- return PR_FALSE;
- }
- if (fort11_AddAttributeType(certObject, CKA_TOKEN, &cktrue,
- sizeof (CK_BBOOL)) != CKR_OK) {
- fort11_FreeObject(certObject);
- return PR_FALSE;
- }
- if (fort11_AddAttributeType(certObject, CKA_PRIVATE, &ckfalse,
- sizeof (CK_BBOOL)) != CKR_OK) {
- fort11_FreeObject(certObject);
- return PR_FALSE;
- }
-
-
- /* check if the label represents a KEA key. if so, the
- nickname should be made the same as the corresponding DSA
- sibling cert. */
-
- priv_key = fort11_GetKeyType(currPerson.CertLabel);
-
- if (priv_key == KEA_KEY) {
- sibling = fort11_GetSibling(currPerson.CertLabel);
-
- /* check for failure of fort11_GetSibling. also check that
- the sibling is not zero. */
-
- if (sibling > 0) {
- /* assign the KEA cert label to be the same as the
- sibling DSA label */
-
- sprintf (nickname, "%s", &pers_array[sibling-1].CertLabel[8] );
- } else {
- sprintf (nickname, "%s", &currPerson.CertLabel[8]);
- }
- } else {
- sprintf (nickname, "%s", &currPerson.CertLabel[8]);
- }
-
- cursor = nickname+PORT_Strlen(nickname)-1;
- while ((*cursor) == ' ') {
- cursor--;
- }
- cursor[1] = '\0';
- if (fort11_AddAttributeType(certObject, CKA_LABEL, nickname,
- PORT_Strlen(nickname)) != CKR_OK) {
- fort11_FreeObject(certObject);
- return PR_FALSE;
- }
-
-
-
- if (fort11_AddAttributeType(certObject, CKA_CERTIFICATE_TYPE, &certType,
- sizeof(CK_CERTIFICATE_TYPE)) != CKR_OK) {
- fort11_FreeObject(certObject);
- return PR_FALSE;
- }
- certSize = fort11_cert_length(cert,CI_CERT_SIZE);
- if (fort11_AddAttributeType (certObject, CKA_VALUE, cert, certSize)
- != CI_OK) {
- fort11_FreeObject(certObject);
- return PR_FALSE;
- }
- if (fort11_AddAttributeType(certObject, CKA_ISSUER, issuer.data,
- issuer.len) != CKR_OK) {
- fort11_FreeObject (certObject);
- return PR_FALSE;
- }
- if (fort11_AddAttributeType(certObject, CKA_SUBJECT, subject.data,
- subject.len) != CKR_OK) {
- fort11_FreeObject (certObject);
- return PR_FALSE;
- }
- if (fort11_AddAttributeType(certObject, CKA_SERIAL_NUMBER,
- serial.data, serial.len) != CKR_OK) {
- fort11_FreeObject(certObject);
- return PR_FALSE;
- }
- /*Change this to a byte array later*/
- if (fort11_AddAttributeType(certObject, CKA_ID,
- &currPerson.CertificateIndex,
- sizeof(int)) != CKR_OK) {
- fort11_FreeObject(certObject);
- return PR_FALSE;
- }
- certObject->objectInfo = NULL;
- certObject->infoFree = NULL;
-
- certObject->objclass = certClass;
- certObject->slot = slot;
- certObject->inDB = PR_TRUE;
-
- FMUTEX_Lock(slot->objectLock);
-
- certObject->handle = slot->tokenIDCount++;
- certObject->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_CERT);
-
- FMUTEX_Unlock(slot->objectLock);
-
- if (fort11_FortezzaIsUserCert (currPerson.CertLabel)) {
- privKeyObject = fort11_NewObject(slot);
- if (fort11_NewPrivateKey(privKeyObject, slot, currPerson) != CKR_OK) {
- fort11_FreeObject(privKeyObject);
- fort11_FreeObject(certObject);
- return PR_FALSE;
- }
- if(fort11_AddAttributeType(privKeyObject,CKA_ID,
- &currPerson.CertificateIndex,
- sizeof(int)) != CKR_OK) {
- fort11_FreeObject(privKeyObject);
- fort11_FreeObject(certObject);
- return PR_FALSE;
- }
- attribute = fort11_FindAttribute(certObject,CKA_SUBJECT);
- newAttribute=
- fort11_NewAttribute(pk11_attr_expand(&attribute->attrib));
- fort11_FreeAttribute(attribute);
- if (newAttribute != NULL) {
- fort11_DeleteAttributeType(privKeyObject,
- CKA_SUBJECT);
- fort11_AddAttribute(privKeyObject,
- newAttribute);
- }
- fort11_AddObject (session, privKeyObject);
- }
-
-
- fort11_AddObject (session, certObject);
-
-
- return PR_TRUE;
-}
-
-#define TRUSTED_PAA "00000000Trusted Root PAA"
-
-static int
-fort11_BuildCertObjects(FortezzaSocket *currSocket, PK11Slot *slot,
- PK11Session *session) {
-
- int i;
- CI_PERSON rootPAA;
-
- PORT_Memcpy (rootPAA.CertLabel, TRUSTED_PAA, 1+PORT_Strlen (TRUSTED_PAA));
- rootPAA.CertificateIndex = 0;
-
- if (!fort11_LoadCertObjectForSearch(rootPAA, slot, session,
- currSocket->personalityList)) {
- return CKR_GENERAL_ERROR;
- }
-
- if (fort11_LoadRootPAAKey(slot, session) != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
-
- for (i=0 ; i < currSocket->numPersonalities; i++) {
- if (fort11_FortezzaIsACert (currSocket->personalityList[i].CertLabel)){
- if (!fort11_LoadCertObjectForSearch(currSocket->personalityList[i],
- slot, session,
- currSocket->personalityList)){
- return CKR_GENERAL_ERROR;
- }
- }
- }
-
- return CKR_OK;
-}
-
-PK11Slot*
-fort11_SlotFromSessionHandle(CK_SESSION_HANDLE inHandle) {
- CK_SESSION_HANDLE whichSlot = inHandle & SLOT_MASK;
-
- if (whichSlot >= kNumSockets) return NULL_PTR;
-
- return &fort11_slot[whichSlot];
-}
-
-PK11Slot*
-fort11_SlotFromID (CK_SLOT_ID inSlotID) {
- if (inSlotID == 0 || inSlotID > kNumSockets)
- return NULL;
-
- return &fort11_slot[inSlotID-1];
-}
-
-CK_ULONG fort11_firstSessionID (int inSlotNum) {
- return (CK_ULONG)(inSlotNum);
-}
-
-/*
- * Utility to convert passed in PIN to a CI_PIN
- */
-void fort11_convertToCIPin (CI_PIN ciPin,CK_CHAR_PTR pPin, CK_ULONG ulLen) {
- unsigned long i;
-
- for (i=0; i<ulLen; i++) {
- ciPin[i] = pPin[i];
- }
- ciPin[ulLen] = '\0';
-}
-
-
-/*
- * return true if object has attribute
- */
-static PRBool
-fort11_hasAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type) {
- PK11Attribute *attribute;
-
- FMUTEX_Lock(object->attributeLock);
- pk11queue_find(attribute,type,object->head,HASH_SIZE);
- FMUTEX_Unlock(object->attributeLock);
-
- return (PRBool)(attribute != NULL);
-}
-
-/*
- * create a new attribute with type, value, and length. Space is allocated
- * to hold value.
- */
-static PK11Attribute *
-fort11_NewAttribute(CK_ATTRIBUTE_TYPE type, CK_VOID_PTR value, CK_ULONG len) {
- PK11Attribute *attribute;
- CK_RV mrv;
-
- attribute = (PK11Attribute*)PORT_Alloc(sizeof(PK11Attribute));
- if (attribute == NULL) return NULL;
-
- attribute->attrib.type = type;
- if (value) {
- attribute->attrib.pValue = (CK_VOID_PTR)PORT_Alloc(len);
- if (attribute->attrib.pValue == NULL) {
- PORT_Free(attribute);
- return NULL;
- }
- PORT_Memcpy(attribute->attrib.pValue,value,len);
- attribute->attrib.ulValueLen = len;
- } else {
- attribute->attrib.pValue = NULL;
- attribute->attrib.ulValueLen = 0;
- }
- attribute->handle = type;
- attribute->next = attribute->prev = NULL;
- attribute->refCount = 1;
- if (FMUTEX_MutexEnabled()) {
- mrv = FMUTEX_Create (&attribute->refLock);
- if (mrv != CKR_OK) {
- if (attribute->attrib.pValue) PORT_Free(attribute->attrib.pValue);
- PORT_Free(attribute);
- return NULL;
- }
- } else {
- attribute->refLock = NULL;
- }
-
- return attribute;
-}
-
-/*
- * add an attribute to an object
- */
-static
-void fort11_AddAttribute(PK11Object *object,PK11Attribute *attribute) {
- FMUTEX_Lock (object->attributeLock);
- pk11queue_add(attribute,attribute->handle,object->head,HASH_SIZE);
- FMUTEX_Unlock(object->attributeLock);
-}
-
-static CK_RV
-fort11_AddAttributeType(PK11Object *object,CK_ATTRIBUTE_TYPE type,void *valPtr,
- CK_ULONG length) {
- PK11Attribute *attribute;
- attribute = fort11_NewAttribute(type,valPtr,length);
- if (attribute == NULL) { return CKR_HOST_MEMORY; }
- fort11_AddAttribute(object,attribute);
- return CKR_OK;
-}
-
-
-
-/* Make sure a given attribute exists. If it doesn't, initialize it to
- * value and len
- */
-static CK_RV
-fort11_forceAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type,void *value,
- unsigned int len) {
- if ( !fort11_hasAttribute(object, type)) {
- return fort11_AddAttributeType(object,type,value,len);
- }
- return CKR_OK;
-}
-
-/*
- * look up and attribute structure from a type and Object structure.
- * The returned attribute is referenced and needs to be freed when
- * it is no longer needed.
- */
-static PK11Attribute *
-fort11_FindAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type) {
- PK11Attribute *attribute;
-
- FMUTEX_Lock(object->attributeLock);
- pk11queue_find(attribute,type,object->head,HASH_SIZE);
- if (attribute) {
- /* atomic increment would be nice here */
- FMUTEX_Lock(attribute->refLock);
- attribute->refCount++;
- FMUTEX_Unlock(attribute->refLock);
- }
- FMUTEX_Unlock(object->attributeLock);
-
- return(attribute);
-}
-
-/*
- * this is only valid for CK_BBOOL type attributes. Return the state
- * of that attribute.
- */
-static PRBool
-fort11_isTrue(PK11Object *object,CK_ATTRIBUTE_TYPE type) {
- PK11Attribute *attribute;
- PRBool tok = PR_FALSE;
-
- attribute=fort11_FindAttribute(object,type);
- if (attribute == NULL) { return PR_FALSE; }
- tok = (PRBool)(*(CK_BBOOL *)attribute->attrib.pValue);
- fort11_FreeAttribute(attribute);
-
- return tok;
-}
-
-/*
- * add an object to a slot and session queue
- */
-static
-void fort11_AddSlotObject(PK11Slot *slot, PK11Object *object) {
- FMUTEX_Lock(slot->objectLock);
- pk11queue_add(object,object->handle,slot->tokObjects,HASH_SIZE);
- FMUTEX_Unlock(slot->objectLock);
-}
-
-static
-void fort11_AddObject(PK11Session *session, PK11Object *object) {
- PK11Slot *slot = fort11_SlotFromSession(session);
-
- if (!fort11_isToken(object->handle)) {
- FMUTEX_Lock(session->objectLock);
- pk11queue_add(&object->sessionList,0,session->objects,0);
- FMUTEX_Unlock(session->objectLock);
- }
- fort11_AddSlotObject(slot,object);
-}
-
-/*
- * free all the data associated with an object. Object reference count must
- * be 'zero'.
- */
-static CK_RV
-fort11_DestroyObject(PK11Object *object) {
- int i;
- CK_RV crv = CKR_OK;
-/* PORT_Assert(object->refCount == 0);*/
-
- if (object->label) PORT_Free(object->label);
-
- /* clean out the attributes */
- /* since no one is referencing us, it's safe to walk the chain
- * without a lock */
- for (i=0; i < HASH_SIZE; i++) {
- PK11Attribute *ap,*next;
- for (ap = object->head[i]; ap != NULL; ap = next) {
- next = ap->next;
- /* paranoia */
- ap->next = ap->prev = NULL;
- fort11_FreeAttribute(ap);
- }
- object->head[i] = NULL;
- }
- FMUTEX_Destroy(object->attributeLock);
- FMUTEX_Destroy(object->refLock);
- if (object->objectInfo) {
- (*object->infoFree)(object->objectInfo);
- }
- PORT_Free(object);
- return crv;
-}
-
-
-/*
- * release a reference to an attribute structure
- */
-static void
-fort11_FreeAttribute(PK11Attribute *attribute) {
- PRBool destroy = PR_FALSE;
-
- FMUTEX_Lock(attribute->refLock);
- if (attribute->refCount == 1) destroy = PR_TRUE;
- attribute->refCount--;
- FMUTEX_Unlock(attribute->refLock);
-
- if (destroy) fort11_DestroyAttribute(attribute);
-}
-
-
-/*
- * release a reference to an object handle
- */
-static PK11FreeStatus
-fort11_FreeObject(PK11Object *object) {
- PRBool destroy = PR_FALSE;
- CK_RV crv;
-
- FMUTEX_Lock(object->refLock);
- if (object->refCount == 1) destroy = PR_TRUE;
- object->refCount--;
- FMUTEX_Unlock(object->refLock);
-
- if (destroy) {
- crv = fort11_DestroyObject(object);
- if (crv != CKR_OK) {
- return PK11_DestroyFailure;
- }
- return PK11_Destroyed;
- }
- return PK11_Busy;
-}
-
-static void
-fort11_update_state(PK11Slot *slot,PK11Session *session) {
- if (slot->isLoggedIn) {
- if (slot->ssoLoggedIn) {
- session->info.state = CKS_RW_SO_FUNCTIONS;
- } else if (session->info.flags & CKF_RW_SESSION) {
- session->info.state = CKS_RW_USER_FUNCTIONS;
- } else {
- session->info.state = CKS_RO_USER_FUNCTIONS;
- }
- } else {
- if (session->info.flags & CKF_RW_SESSION) {
- session->info.state = CKS_RW_PUBLIC_SESSION;
- } else {
- session->info.state = CKS_RO_PUBLIC_SESSION;
- }
- }
-}
-
-/* update the state of all the sessions on a slot */
-static void
-fort11_update_all_states(PK11Slot *slot) {
- int i;
- PK11Session *session;
-
- for (i=0; i < SESSION_HASH_SIZE; i++) {
- FMUTEX_Lock(slot->sessionLock);
- for (session = slot->head[i]; session; session = session->next) {
- fort11_update_state(slot,session);
- }
- FMUTEX_Unlock(slot->sessionLock);
- }
-}
-
-
-/*
- * Create a new object
- */
-static PK11Object *
-fort11_NewObject(PK11Slot *slot) {
- PK11Object *object;
- CK_RV mrv;
- int i;
-
- object = (PK11Object*)PORT_Alloc(sizeof(PK11Object));
- if (object == NULL) return NULL;
-
- object->handle = 0;
- object->next = object->prev = NULL;
- object->sessionList.next = NULL;
- object->sessionList.prev = NULL;
- object->sessionList.parent = object;
- object->inDB = PR_FALSE;
- object->label = NULL;
- object->refCount = 1;
- object->session = NULL;
- object->slot = slot;
- object->objclass = 0xffff;
- if (FMUTEX_MutexEnabled()) {
- mrv = FMUTEX_Create(&object->refLock);
- if (mrv != CKR_OK) {
- PORT_Free(object);
- return NULL;
- }
- mrv = FMUTEX_Create(&object->attributeLock);
- if (mrv != CKR_OK) {
- FMUTEX_Destroy(object->refLock);
- PORT_Free(object);
- return NULL;
- }
- } else {
- object->attributeLock = NULL;
- object->refLock = NULL;
- }
- for (i=0; i < HASH_SIZE; i++) {
- object->head[i] = NULL;
- }
- object->objectInfo = NULL;
- object->infoFree = NULL;
- return object;
-}
-
-/*
- * look up and object structure from a handle. OBJECT_Handles only make
- * sense in terms of a given session. make a reference to that object
- * structure returned.
- */
-static PK11Object * fort11_ObjectFromHandle(CK_OBJECT_HANDLE handle,
- PK11Session *session) {
- PK11Object **head;
- void *lock;
- PK11Slot *slot = fort11_SlotFromSession(session);
- PK11Object *object;
-
- /*
- * Token objects are stored in the slot. Session objects are stored
- * with the session.
- */
- head = slot->tokObjects;
- lock = slot->objectLock;
-
- FMUTEX_Lock(lock);
- pk11queue_find(object,handle,head,HASH_SIZE);
- if (object) {
- FMUTEX_Lock(object->refLock);
- object->refCount++;
- FMUTEX_Unlock(object->refLock);
- }
- FMUTEX_Unlock(lock);
-
- return(object);
-}
-
-/*
- * add an object to a slot andsession queue
- */
-static
-void fort11_DeleteObject(PK11Session *session, PK11Object *object) {
- PK11Slot *slot;
-
- if (session == NULL)
- return;
- slot = fort11_SlotFromSession(session);
- if (!fort11_isToken(object->handle)) {
- FMUTEX_Lock(session->objectLock);
- pk11queue_delete(&object->sessionList,0,session->objects,0);
- FMUTEX_Unlock(session->objectLock);
- }
- FMUTEX_Lock(slot->objectLock);
- pk11queue_delete(object,object->handle,slot->tokObjects,HASH_SIZE);
- FMUTEX_Unlock(slot->objectLock);
- fort11_FreeObject(object);
-}
-
-
-
-/*
- * ******************** Search Utilities *******************************
- */
-
-/* add an object to a search list */
-CK_RV
-fort11_AddToList(PK11ObjectListElement **list,PK11Object *object) {
- PK11ObjectListElement *newelem =
- (PK11ObjectListElement *)PORT_Alloc(sizeof(PK11ObjectListElement));
-
- if (newelem == NULL) return CKR_HOST_MEMORY;
-
- newelem->next = *list;
- newelem->object = object;
- FMUTEX_Lock(object->refLock);
- object->refCount++;
- FMUTEX_Unlock(object->refLock);
-
- *list = newelem;
- return CKR_OK;
-}
-
-
-/*
- * free a single list element. Return the Next object in the list.
- */
-PK11ObjectListElement *
-fort11_FreeObjectListElement(PK11ObjectListElement *objectList) {
- PK11ObjectListElement *ol = objectList->next;
-
- fort11_FreeObject(objectList->object);
- PORT_Free(objectList);
- return ol;
-}
-
-/* free an entire object list */
-void
-fort11_FreeObjectList(PK11ObjectListElement *objectList) {
- PK11ObjectListElement *ol;
-
- for (ol= objectList; ol != NULL; ol = fort11_FreeObjectListElement(ol)) {}
-}
-
-/*
- * free a search structure
- */
-void
-fort11_FreeSearch(PK11SearchResults *search) {
- if (search->handles) {
- PORT_Free(search->handles);
- }
- PORT_Free(search);
-}
-
-
-/*
- * Free up all the memory associated with an attribute. Reference count
- * must be zero to call this.
- */
-static void
-fort11_DestroyAttribute(PK11Attribute *attribute) {
- /*PORT_Assert(attribute->refCount == 0);*/
- FMUTEX_Destroy(attribute->refLock);
- if (attribute->attrib.pValue) {
- /* clear out the data in the attribute value... it may have been
- * sensitive data */
- PORT_Memset(attribute->attrib.pValue,0,attribute->attrib.ulValueLen);
- PORT_Free(attribute->attrib.pValue);
- }
- PORT_Free(attribute);
-}
-
-/*
- * delete an attribute from an object
- */
-static void
-fort11_DeleteAttribute(PK11Object *object, PK11Attribute *attribute) {
- FMUTEX_Lock(object->attributeLock);
- if (attribute->next || attribute->prev) {
- pk11queue_delete(attribute,attribute->handle,
- object->head,HASH_SIZE);
- }
- FMUTEX_Unlock(object->attributeLock);
- fort11_FreeAttribute(attribute);
-}
-
-/*
- * decode when a particular attribute may be modified
- * PK11_NEVER: This attribute must be set at object creation time and
- * can never be modified.
- * PK11_ONCOPY: This attribute may be modified only when you copy the
- * object.
- * PK11_SENSITIVE: The CKA_SENSITIVE attribute can only be changed from
- * FALSE to TRUE.
- * PK11_ALWAYS: This attribute can always be modified.
- * Some attributes vary their modification type based on the class of the
- * object.
- */
-PK11ModifyType
-fort11_modifyType(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) {
- /* if we don't know about it, user user defined, always allow modify */
- PK11ModifyType mtype = PK11_ALWAYS;
-
- switch(type) {
- /* NEVER */
- case CKA_CLASS:
- case CKA_CERTIFICATE_TYPE:
- case CKA_KEY_TYPE:
- case CKA_MODULUS:
- case CKA_MODULUS_BITS:
- case CKA_PUBLIC_EXPONENT:
- case CKA_PRIVATE_EXPONENT:
- case CKA_PRIME:
- case CKA_SUBPRIME:
- case CKA_BASE:
- case CKA_PRIME_1:
- case CKA_PRIME_2:
- case CKA_EXPONENT_1:
- case CKA_EXPONENT_2:
- case CKA_COEFFICIENT:
- case CKA_VALUE_LEN:
- mtype = PK11_NEVER;
- break;
-
- /* ONCOPY */
- case CKA_TOKEN:
- case CKA_PRIVATE:
- mtype = PK11_ONCOPY;
- break;
-
- /* SENSITIVE */
- case CKA_SENSITIVE:
- mtype = PK11_SENSITIVE;
- break;
-
- /* ALWAYS */
- case CKA_LABEL:
- case CKA_APPLICATION:
- case CKA_ID:
- case CKA_SERIAL_NUMBER:
- case CKA_START_DATE:
- case CKA_END_DATE:
- case CKA_DERIVE:
- case CKA_ENCRYPT:
- case CKA_DECRYPT:
- case CKA_SIGN:
- case CKA_VERIFY:
- case CKA_SIGN_RECOVER:
- case CKA_VERIFY_RECOVER:
- case CKA_WRAP:
- case CKA_UNWRAP:
- mtype = PK11_ALWAYS;
- break;
-
- /* DEPENDS ON CLASS */
- case CKA_VALUE:
- mtype = (inClass == CKO_DATA) ? PK11_ALWAYS : PK11_NEVER;
- break;
-
- case CKA_SUBJECT:
- mtype = (inClass == CKO_CERTIFICATE) ? PK11_NEVER : PK11_ALWAYS;
- break;
- default:
- break;
- }
- return mtype;
-}
-
-/* decode if a particular attribute is sensitive (cannot be read
- * back to the user of if the object is set to SENSITIVE) */
-PRBool
-fort11_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass) {
- switch(type) {
- /* ALWAYS */
- case CKA_PRIVATE_EXPONENT:
- case CKA_PRIME_1:
- case CKA_PRIME_2:
- case CKA_EXPONENT_1:
- case CKA_EXPONENT_2:
- case CKA_COEFFICIENT:
- return PR_TRUE;
-
- /* DEPENDS ON CLASS */
- case CKA_VALUE:
- /* PRIVATE and SECRET KEYS have SENSITIVE values */
- return (PRBool)((inClass == CKO_PRIVATE_KEY) ||
- (inClass == CKO_SECRET_KEY));
-
- default:
- break;
- }
- return PR_FALSE;
-}
-
-static void
-fort11_DeleteAttributeType(PK11Object *object,CK_ATTRIBUTE_TYPE type) {
- PK11Attribute *attribute;
- attribute = fort11_FindAttribute(object, type);
- if (attribute == NULL) return ;
- fort11_DeleteAttribute(object,attribute);
-}
-
-
-/*
- * create a new nession. NOTE: The session handle is not set, and the
- * session is not added to the slot's session queue.
- */
-static PK11Session *
-fort11_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
- CK_VOID_PTR pApplication,
- CK_FLAGS flags) {
- PK11Session *session;
- PK11Slot *slot = &fort11_slot[slotID-1];
- CK_RV mrv;
-
- if (slot == NULL) return NULL;
-
- session = (PK11Session*)PORT_Alloc(sizeof(PK11Session));
- if (session == NULL) return NULL;
-
- session->next = session->prev = NULL;
- session->refCount = 1;
- session->context = NULL;
- session->search = NULL;
- session->objectIDCount = 1;
- session->fortezzaContext.fortezzaKey = NULL;
- session->fortezzaContext.fortezzaSocket = NULL;
-
- if (FMUTEX_MutexEnabled()) {
- mrv = FMUTEX_Create(&session->refLock);
- if (mrv != CKR_OK) {
- PORT_Free(session);
- return NULL;
- }
- mrv = FMUTEX_Create(&session->objectLock);
- if (mrv != CKR_OK) {
- FMUTEX_Destroy(session->refLock);
- PORT_Free(session);
- return NULL;
- }
- } else {
- session->refLock = NULL;
- session->objectLock = NULL;
- }
-
- session->objects[0] = NULL;
-
- session->slot = slot;
- session->notify = notify;
- session->appData = pApplication;
- session->info.flags = flags;
- session->info.slotID = slotID;
- fort11_update_state(slot,session);
- return session;
-}
-
-
-/*
- * look up a session structure from a session handle
- * generate a reference to it.
- */
-PK11Session *
-fort11_SessionFromHandle(CK_SESSION_HANDLE handle, PRBool isCloseSession) {
- PK11Slot *slot = fort11_SlotFromSessionHandle(handle);
- PK11Session *session;
-
- if (!isCloseSession &&
- !SocketStateUnchanged(&fortezzaSockets[slot->slotID-1]))
- return NULL;
-
- FMUTEX_Lock(slot->sessionLock);
- pk11queue_find(session,handle,slot->head,SESSION_HASH_SIZE);
- if (session) session->refCount++;
- FMUTEX_Unlock(slot->sessionLock);
-
- return (session);
-}
-
-/* free all the data associated with a session. */
-static void
-fort11_DestroySession(PK11Session *session)
-{
- PK11ObjectList *op,*next;
-/* PORT_Assert(session->refCount == 0);*/
-
- /* clean out the attributes */
- FMUTEX_Lock(session->objectLock);
- for (op = session->objects[0]; op != NULL; op = next) {
- next = op->next;
- /* paranoia */
- op->next = op->prev = NULL;
- fort11_DeleteObject(session,op->parent);
- }
- FMUTEX_Unlock(session->objectLock);
-
- FMUTEX_Destroy(session->objectLock);
- FMUTEX_Destroy(session->refLock);
-
- if (session->search) {
- fort11_FreeSearch(session->search);
- }
-
- pk11queue_delete(session, session->handle, session->slot->head,
- SESSION_HASH_SIZE);
-
- PORT_Free(session);
-}
-
-
-/*
- * release a reference to a session handle
- */
-void
-fort11_FreeSession(PK11Session *session) {
- PRBool destroy = PR_FALSE;
- PK11Slot *slot = NULL;
-
- if (!session) return; /*Quick fix to elminate crash*/
- /*Fix in later version */
-
- if (FMUTEX_MutexEnabled()) {
- slot = fort11_SlotFromSession(session);
- FMUTEX_Lock(slot->sessionLock);
- }
- if (session->refCount == 1) destroy = PR_TRUE;
- session->refCount--;
- if (FMUTEX_MutexEnabled()) {
- FMUTEX_Unlock(slot->sessionLock);
- }
-
- if (destroy) {
- fort11_DestroySession(session);
- }
-}
-
-
-/* return true if the object matches the template */
-PRBool
-fort11_objectMatch(PK11Object *object,CK_ATTRIBUTE_PTR theTemplate,int count) {
- int i;
-
- for (i=0; i < count; i++) {
- PK11Attribute *attribute =
- fort11_FindAttribute(object,theTemplate[i].type);
- if (attribute == NULL) {
- return PR_FALSE;
- }
- if (attribute->attrib.ulValueLen == theTemplate[i].ulValueLen) {
- if (PORT_Memcmp(attribute->attrib.pValue,theTemplate[i].pValue,
- theTemplate[i].ulValueLen) == 0) {
- fort11_FreeAttribute(attribute);
- continue;
- }
- }
- fort11_FreeAttribute(attribute);
- return PR_FALSE;
- }
- return PR_TRUE;
-}
-
-/* search through all the objects in the queue and return the template matches
- * in the object list.
- */
-CK_RV
-fort11_searchObjectList(PK11ObjectListElement **objectList,PK11Object **head,
- void *lock, CK_ATTRIBUTE_PTR theTemplate, int count) {
- int i;
- PK11Object *object;
- CK_RV rv;
-
- for(i=0; i < HASH_SIZE; i++) {
- /* We need to hold the lock to copy a consistant version of
- * the linked list. */
- FMUTEX_Lock(lock);
- for (object = head[i]; object != NULL; object= object->next) {
- if (fort11_objectMatch(object,theTemplate,count)) {
- rv = fort11_AddToList(objectList,object);
- if (rv != CKR_OK) {
- return rv;
- }
- }
- }
- FMUTEX_Unlock(lock);
- }
- return CKR_OK;
-}
-
-static PRBool
-fort11_NotAllFuncsNULL (CK_C_INITIALIZE_ARGS_PTR pArgs) {
- return (PRBool)(pArgs && pArgs->CreateMutex && pArgs->DestroyMutex &&
- pArgs->LockMutex && pArgs->UnlockMutex);
-}
-
-static PRBool
-fort11_InArgCheck(CK_C_INITIALIZE_ARGS_PTR pArgs) {
- PRBool rv;
- /* The only check for now, is to make sure that all of the
- * function pointers are either all NULL or all Non-NULL.
- * We also need to make sure the pReserved field in pArgs is
- * set to NULL.
- */
- if (pArgs == NULL) {
- return PR_TRUE; /* If the argument is NULL, no
- * inconsistencies can exist.
- */
- }
-
- if (pArgs->pReserved != NULL) {
- return PR_FALSE;
- }
-
- if (pArgs->CreateMutex != NULL) {
- rv = (PRBool) (pArgs->DestroyMutex != NULL &&
- pArgs->LockMutex != NULL &&
- pArgs->UnlockMutex != NULL);
- } else { /*pArgs->CreateMutex == NULL*/
- rv = (PRBool) (pArgs->DestroyMutex == NULL &&
- pArgs->LockMutex == NULL &&
- pArgs->UnlockMutex == NULL);
- }
- return rv;
-}
-
-
-
-/**********************************************************************
- *
- * Start of PKCS 11 functions
- *
- **********************************************************************/
-
-
-/**********************************************************************
- *
- * In order to get this to work on 68K, we have to do some special tricks,
- * First trick is that we need to make the module a Code Resource, and
- * all Code Resources on 68K have to have a main function. So we
- * define main to be a wrapper for C_GetFunctionList which will be the
- * first funnction called by any software that uses the PKCS11 module.
- *
- * The second trick is that whenever you access a global variable from
- * the Code Resource, it does funny things to the stack on 68K, so we
- * need to call some macros that handle the stack for us. First thing
- * you do is call EnterCodeResource() first thing in a function that
- * accesses a global, right before you leave that function, you call
- * ExitCodeResource. This will take care of stack management.
- *
- * Third trick is to call __InitCode__() when we first enter the module
- * so that all of the global variables get initialized properly.
- *
- **********************************************************************/
-
-#if defined(XP_MAC) && !defined(__POWERPC__)
-
-#define FORT11_RETURN(exp) {ExitCodeResource(); return (exp);}
-#define FORT11_ENTER() EnterCodeResource();
-
-#else /*XP_MAC*/
-
-#define FORT11_RETURN(exp) return (exp);
-#define FORT11_ENTER()
-
-#endif /*XP_MAC*/
-
-#define CARD_OK(rv) if ((rv) != CI_OK) FORT11_RETURN (CKR_DEVICE_ERROR);
-#define SLOT_OK(slot) if ((slot) > kNumSockets) FORT11_RETURN (CKR_SLOT_ID_INVALID);
-
-#ifdef XP_MAC
-/* This is not a 4.0 project, so I can't depend on
- * 4.0 defines, so instead I depend on CodeWarrior
- * defines.
- */
-#if __POWERPC__
-#elif __CFM68K__
-#else
-/* To get this to work on 68K, we need to have
- * the symbol main. So we just make it a wrapper for C_GetFunctionList.
- */
-PR_PUBLIC_API(CK_RV) main(CK_FUNCTION_LIST_PTR *pFunctionList) {
- FORT11_ENTER()
- CK_RV rv;
-
- __InitCode__();
-
- rv = C_GetFunctionList(pFunctionList);
- FORT11_RETURN (rv);
-}
-#endif
-
-#endif /*XP_MAC*/
-
-/* Return the function list */
-PR_PUBLIC_API(CK_RV) C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) {
- /* No need to do a FORT11_RETURN as this function will never be directly
- * called in the case where we need to do stack management.
- * The main function will call this after taking care of stack stuff.
- */
- *pFunctionList = &fort11_funcList;
- return CKR_OK;
-}
-
-
-/* C_Initialize initializes the Cryptoki library. */
-PR_PUBLIC_API(CK_RV) C_Initialize(CK_VOID_PTR pReserved) {
- FORT11_ENTER()
- int i,j, tempNumSockets;
- int rv = 1;
- CK_C_INITIALIZE_ARGS_PTR pArgs = (CK_C_INITIALIZE_ARGS_PTR)pReserved;
- CK_RV mrv;
-
- /* intialize all the slots */
- if (!init) {
- init = PR_TRUE;
-
- /* need to initialize locks before MACI_Initialize is called in
- * software fortezza. */
- if (pArgs) {
- if (!fort11_InArgCheck(pArgs)) {
- FORT11_RETURN (CKR_ARGUMENTS_BAD);
- }
- if (pArgs->flags & CKF_OS_LOCKING_OK){
- if (!fort11_NotAllFuncsNULL(pArgs)) {
- FORT11_RETURN (CKR_CANT_LOCK);
- }
- }
- if (fort11_NotAllFuncsNULL(pArgs)) {
- mrv = FMUTEX_Init(pArgs);
- if (mrv != CKR_OK) {
- return CKR_GENERAL_ERROR;
- }
- }
- }
- rv = MACI_Initialize (&tempNumSockets);
- kNumSockets = (CK_ULONG)tempNumSockets;
-
- CARD_OK (rv);
- for (i=0; i < (int) kNumSockets; i++) {
- if (FMUTEX_MutexEnabled()) {
- mrv = FMUTEX_Create(&fort11_slot[i].sessionLock);
- if (mrv != CKR_OK) {
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
- mrv = FMUTEX_Create(&fort11_slot[i].objectLock);
- if (mrv != CKR_OK) {
- FMUTEX_Destroy(fort11_slot[i].sessionLock);
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
- } else {
- fort11_slot[i].sessionLock = NULL;
- fort11_slot[i].objectLock = NULL;
- }
- for(j=0; j < SESSION_HASH_SIZE; j++) {
- fort11_slot[i].head[j] = NULL;
- }
- for(j=0; j < HASH_SIZE; j++) {
- fort11_slot[i].tokObjects[j] = NULL;
- }
- fort11_slot[i].password = NULL;
- fort11_slot[i].hasTokens = PR_FALSE;
- fort11_slot[i].sessionIDCount = fort11_firstSessionID (i);
- fort11_slot[i].sessionCount = 0;
- fort11_slot[i].rwSessionCount = 0;
- fort11_slot[i].tokenIDCount = 1;
- fort11_slot[i].needLogin = PR_TRUE;
- fort11_slot[i].isLoggedIn = PR_FALSE;
- fort11_slot[i].ssoLoggedIn = PR_FALSE;
- fort11_slot[i].DB_loaded = PR_FALSE;
- fort11_slot[i].slotID= i+1;
- InitSocket(&fortezzaSockets[i], i+1);
- }
- }
- FORT11_RETURN (CKR_OK);
-}
-
-/*C_Finalize indicates that an application is done with the Cryptoki library.*/
-PR_PUBLIC_API(CK_RV) C_Finalize (CK_VOID_PTR pReserved) {
- FORT11_ENTER()
- int i;
-
- for (i=0; i< (int) kNumSockets; i++) {
- FreeSocket(&fortezzaSockets[i]);
- }
- MACI_Terminate(fortezzaSockets[0].maciSession);
- init = PR_FALSE;
- FORT11_RETURN (CKR_OK);
-}
-
-
-
-
-/* C_GetInfo returns general information about Cryptoki. */
-PR_PUBLIC_API(CK_RV) C_GetInfo(CK_INFO_PTR pInfo) {
- FORT11_ENTER()
- pInfo->cryptokiVersion = fort11_funcList.version;
- PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
- pInfo->libraryVersion.major = 1;
- pInfo->libraryVersion.minor = 7;
- PORT_Memcpy(pInfo->libraryDescription,libraryDescription,32);
- pInfo->flags = 0;
- FORT11_RETURN (CKR_OK);
-}
-
-/* C_GetSlotList obtains a list of slots in the system. */
-PR_PUBLIC_API(CK_RV) C_GetSlotList(CK_BBOOL tokenPresent,
- CK_SLOT_ID_PTR pSlotList,
- CK_ULONG_PTR pulCount) {
- FORT11_ENTER()
- int i;
-
- if (pSlotList != NULL) {
- if (*pulCount >= kNumSockets) {
- for (i=0; i < (int) kNumSockets; i++) {
- pSlotList[i] = i+1;
- }
- } else {
- FORT11_RETURN (CKR_BUFFER_TOO_SMALL);
- }
- } else {
- *pulCount = kNumSockets;
- }
- FORT11_RETURN (CKR_OK);
-}
-
-/* C_GetSlotInfo obtains information about a particular slot in the system. */
-PR_PUBLIC_API(CK_RV) C_GetSlotInfo(CK_SLOT_ID slotID,
- CK_SLOT_INFO_PTR pInfo) {
- FORT11_ENTER()
- int rv;
- CI_CONFIG ciConfig;
- CI_STATE ciState;
- HSESSION maciSession;
- char slotDescription[65];
- FortezzaSocket *socket;
-
-
- SLOT_OK(slotID);
-
- socket = &fortezzaSockets[slotID-1];
- if (!socket->isOpen) {
- InitSocket(socket, slotID);
- }
- maciSession = socket->maciSession;
-
- rv = MACI_Select(maciSession, slotID);
-
- CARD_OK (rv)
-
- rv = MACI_GetConfiguration (maciSession, &ciConfig);
-
-
- pInfo->firmwareVersion.major = 0;
- pInfo->firmwareVersion.minor = 0;
-#ifdef SWFORT
- PORT_Memcpy (pInfo->manufacturerID,"Netscape Communications Corp ",32);
- PORT_Memcpy (slotDescription,"Netscape Software Slot # ",32);
-#define _local_BASE 24
-#else
- PORT_Memcpy (pInfo->manufacturerID,"LITRONIC ",32);
- PORT_Memcpy (slotDescription,"Litronic MACI Slot # ",32);
-#define _local_BASE 20
-#endif
- slotDescription[_local_BASE] = (char )((slotID < 10) ? slotID :
- slotID/10) + '0';
- if (slotID >= 10) slotDescription[_local_BASE+1] =
- (char)(slotID % 10) + '0';
- PORT_Memcpy (&slotDescription[32]," ",32);
- PORT_Memcpy (pInfo->slotDescription, slotDescription , 64);
- if (rv == CI_OK) {
- pInfo->hardwareVersion.major =
- (ciConfig.ManufacturerVersion & MAJOR_VERSION_MASK) >> 8;
- pInfo->hardwareVersion.minor =
- ciConfig.ManufacturerVersion & MINOR_VERSION_MASK;
- pInfo->flags = CKF_TOKEN_PRESENT;
- } else {
- pInfo->hardwareVersion.major = 0;
- pInfo->hardwareVersion.minor = 0;
- pInfo->flags = 0;
- }
-#ifdef SWFORT
- /* do we need to make it a removable device as well?? */
- pInfo->flags |= CKF_REMOVABLE_DEVICE;
-#else
- pInfo->flags |= (CKF_REMOVABLE_DEVICE | CKF_HW_SLOT);
-#endif
-
- rv = MACI_GetState(maciSession, &ciState);
-
- if (rv == CI_OK) {
- switch (ciState) {
- case CI_ZEROIZE:
- case CI_INTERNAL_FAILURE:
- pInfo->flags &= (~CKF_TOKEN_PRESENT);
- default:
- break;
- }
- } else {
- pInfo->flags &= (~CKF_TOKEN_PRESENT);
- }
-
- FORT11_RETURN (CKR_OK);
-}
-
-#define CKF_THREAD_SAFE 0x8000
-
-/* C_GetTokenInfo obtains information about a particular token
- in the system. */
-PR_PUBLIC_API(CK_RV) C_GetTokenInfo(CK_SLOT_ID slotID,
- CK_TOKEN_INFO_PTR pInfo) {
- FORT11_ENTER()
- CI_STATUS cardStatus;
- CI_CONFIG ciConfig;
- PK11Slot *slot;
- int rv, i;
- char tmp[33];
- FortezzaSocket *socket;
-
- SLOT_OK (slotID);
-
- slot = &fort11_slot[slotID-1];
-
- socket = &fortezzaSockets[slotID-1];
- if (!socket->isOpen) {
- InitSocket(socket, slotID);
- }
-
- rv = MACI_Select (socket->maciSession, slotID);
- rv = MACI_GetStatus (socket->maciSession, &cardStatus);
- if (rv != CI_OK) {
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
-#ifdef SWFORT
- sprintf (tmp, "Software FORTEZZA Slot #%d", slotID);
-#else
- sprintf (tmp, "FORTEZZA Slot #%d", slotID);
-#endif
-
- PORT_Memcpy (pInfo->label, tmp, PORT_Strlen(tmp)+1);
-
- for (i=0; i<8; i++) {
- int serNum;
-
- serNum = (int)cardStatus.SerialNumber[i];
- sprintf ((char*)&pInfo->serialNumber[2*i], "%.2x", serNum);
- }
-
- rv = MACI_GetTime (fortezzaSockets[slotID-1].maciSession, pInfo->utcTime);
- if (rv == CI_OK) {
- pInfo->flags = CKF_CLOCK_ON_TOKEN;
- } else {
- switch (rv) {
- case CI_LIB_NOT_INIT:
- case CI_INV_POINTER:
- case CI_NO_CARD:
- case CI_NO_SOCKET:
- FORT11_RETURN (CKR_DEVICE_ERROR);
- default:
- pInfo->flags = 0;
- break;
- }
- }
-
- rv = MACI_GetConfiguration (fortezzaSockets[slotID-1].maciSession,
- &ciConfig);
-
- if (rv == CI_OK) {
- PORT_Memcpy(pInfo->manufacturerID,ciConfig.ManufacturerName,
- PORT_Strlen(ciConfig.ManufacturerName));
- for (i=PORT_Strlen(ciConfig.ManufacturerName); i<32; i++) {
- pInfo->manufacturerID[i] = ' ';
- }
- PORT_Memcpy(pInfo->model,ciConfig.ProcessorType,16);
- }
- pInfo->ulMaxPinLen = CI_PIN_SIZE;
- pInfo->ulMinPinLen = 0;
- pInfo->ulTotalPublicMemory = 0;
- pInfo->ulFreePublicMemory = 0;
- pInfo->flags |= CKF_RNG | CKF_LOGIN_REQUIRED| CKF_USER_PIN_INITIALIZED |
- CKF_THREAD_SAFE | CKF_WRITE_PROTECTED;
-
- pInfo->ulMaxSessionCount = 0;
- pInfo->ulSessionCount = slot->sessionCount;
- pInfo->ulMaxRwSessionCount = 0;
- pInfo->ulRwSessionCount = slot->rwSessionCount;
-
- if (rv == CI_OK) {
- pInfo->firmwareVersion.major =
- (ciConfig.ManufacturerSWVer & MAJOR_VERSION_MASK) >> 8;
- pInfo->firmwareVersion.minor =
- ciConfig.ManufacturerSWVer & MINOR_VERSION_MASK;
- pInfo->hardwareVersion.major =
- (ciConfig.ManufacturerVersion & MAJOR_VERSION_MASK) >> 8;
- pInfo->hardwareVersion.minor =
- ciConfig.ManufacturerVersion & MINOR_VERSION_MASK;
- }
- FORT11_RETURN (CKR_OK);
-}
-
-
-
-/* C_GetMechanismList obtains a list of mechanism types supported by a
- token. */
-PR_PUBLIC_API(CK_RV) C_GetMechanismList(CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE_PTR pMechanismList,
- CK_ULONG_PTR pulCount) {
- FORT11_ENTER()
- CK_RV rv = CKR_OK;
- int i;
-
- SLOT_OK (slotID);
-
- if (pMechanismList == NULL) {
- *pulCount = mechanismCount;
- } else {
- if (*pulCount >= mechanismCount) {
- *pulCount = mechanismCount;
- for (i=0; i< (int)mechanismCount; i++) {
- pMechanismList[i] = mechanisms[i].type;
- }
- } else {
- rv = CKR_BUFFER_TOO_SMALL;
- }
- }
- FORT11_RETURN (rv);
-}
-
-
-/* C_GetMechanismInfo obtains information about a particular mechanism
- * possibly supported by a token. */
-PR_PUBLIC_API(CK_RV) C_GetMechanismInfo(CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR pInfo) {
- int i;
- FORT11_ENTER()
- SLOT_OK (slotID);
-
- for (i=0; i< (int)mechanismCount; i++) {
- if (type == mechanisms[i].type) {
- PORT_Memcpy (pInfo, &mechanisms[i].domestic, sizeof (CK_MECHANISM_INFO));
- FORT11_RETURN (CKR_OK);
- }
- }
- FORT11_RETURN (CKR_MECHANISM_INVALID);
-}
-
-
-/* C_InitToken initializes a token. */
-PR_PUBLIC_API(CK_RV) C_InitToken(CK_SLOT_ID slotID,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen,
- CK_CHAR_PTR pLabel) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_InitPIN initializes the normal user's PIN. */
-PR_PUBLIC_API(CK_RV) C_InitPIN(CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_SetPIN modifies the PIN of user that is currently logged in. */
-/* NOTE: This is only valid for the PRIVATE_KEY_SLOT */
-PR_PUBLIC_API(CK_RV) C_SetPIN(CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pOldPin,
- CK_ULONG ulOldLen,
- CK_CHAR_PTR pNewPin,
- CK_ULONG ulNewLen) {
- FORT11_ENTER()
-#ifndef SWFORT
- CI_PIN ciOldPin, ciNewPin;
-#endif
- PK11Session *session;
- PK11Slot *slot;
- int rv;
-
- session = fort11_SessionFromHandle (hSession, PR_FALSE);
-
- slot = fort11_SlotFromSession (session);
- SLOT_OK(slot->slotID)
-
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- rv = MACI_Select (fortezzaSockets[slot->slotID-1].maciSession, slot->slotID);
- CARD_OK (rv)
-
- if (slot->needLogin && session->info.state != CKS_RW_USER_FUNCTIONS) {
- fort11_FreeSession (session);
- FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
- }
-
- fort11_FreeSession (session);
-
- if (ulNewLen > CI_PIN_SIZE || ulOldLen > CI_PIN_SIZE)
- FORT11_RETURN (CKR_PIN_LEN_RANGE);
-
-#ifndef SWFORT
- fort11_convertToCIPin (ciOldPin,pOldPin, ulOldLen);
- fort11_convertToCIPin (ciNewPin,pNewPin, ulNewLen);
-
- rv = MACI_ChangePIN (fortezzaSockets[slot->slotID-1].maciSession,
- CI_USER_PIN, ciOldPin, ciNewPin);
-#else
- rv = MACI_ChangePIN (fortezzaSockets[slot->slotID-1].maciSession,
- CI_USER_PIN, pOldPin, pNewPin);
-#endif
-
- if (rv != CI_OK) {
- switch (rv) {
- case CI_FAIL:
- FORT11_RETURN (CKR_PIN_INCORRECT);
- default:
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
- }
- FORT11_RETURN (CKR_OK);
-}
-
-/* C_OpenSession opens a session between an application and a token. */
-PR_PUBLIC_API(CK_RV) C_OpenSession(CK_SLOT_ID slotID,
- CK_FLAGS flags,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_SESSION_HANDLE_PTR phSession) {
- FORT11_ENTER()
- PK11Slot *slot;
- CK_SESSION_HANDLE sessionID;
- PK11Session *session;
- FortezzaSocket *socket;
-
- SLOT_OK (slotID)
- slot = &fort11_slot[slotID-1];
- socket = &fortezzaSockets[slotID-1];
-
- if (!socket->isOpen) {
- if (InitSocket(socket, slotID) != SOCKET_SUCCESS) {
- FORT11_RETURN (CKR_TOKEN_NOT_PRESENT);
- }
- }
-
- session = fort11_NewSession (slotID, Notify, pApplication,
- flags | CKF_SERIAL_SESSION);
-
- if (session == NULL) FORT11_RETURN (CKR_HOST_MEMORY);
-
- FMUTEX_Lock(slot->sessionLock);
-
- slot->sessionIDCount += ADD_NEXT_SESS_ID;
- sessionID = slot->sessionIDCount;
- fort11_update_state (slot, session);
- pk11queue_add (session, sessionID, slot->head, SESSION_HASH_SIZE);
- slot->sessionCount++;
- if (session->info.flags & CKF_RW_SESSION) {
- slot->rwSessionCount++;
- }
- session->handle = sessionID;
- session->info.ulDeviceError = 0;
-
- FMUTEX_Unlock(slot->sessionLock);
-
- *phSession = sessionID;
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_CloseSession closes a session between an application and a token. */
-PR_PUBLIC_API(CK_RV) C_CloseSession(CK_SESSION_HANDLE hSession) {
- FORT11_ENTER()
- PK11Slot *slot;
- PK11Session *session;
-
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- slot = fort11_SlotFromSessionHandle (hSession);
-
- if (session == NULL) {
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- FMUTEX_Lock(slot->sessionLock);
- if (session->next || session->prev) {
- session->refCount--;
- if (session->info.flags & CKF_RW_SESSION) {
- slot->rwSessionCount--;
- }
- if (slot->sessionCount == 0) {
- slot->isLoggedIn = PR_FALSE;
- slot->password = NULL;
- }
- }
-
- FMUTEX_Unlock(slot->sessionLock);
-
- fort11_FreeSession (session);
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_CloseAllSessions closes all sessions with a token. */
-PR_PUBLIC_API(CK_RV) C_CloseAllSessions (CK_SLOT_ID slotID) {
- FORT11_ENTER()
- PK11Slot *slot;
- PK11Session *session;
- int i;
-
-
- slot = fort11_SlotFromID(slotID);
- if (slot == NULL) FORT11_RETURN (CKR_SLOT_ID_INVALID);
-
- /* first log out the card */
- FMUTEX_Lock(slot->sessionLock);
- slot->isLoggedIn = PR_FALSE;
- slot->password = NULL;
- FMUTEX_Unlock(slot->sessionLock);
-
- /* now close all the current sessions */
- /* NOTE: If you try to open new sessions before C_CloseAllSessions
- * completes, some of those new sessions may or may not be closed by
- * C_CloseAllSessions... but any session running when this code starts
- * will guarrenteed be close, and no session will be partially closed */
- for (i=0; i < SESSION_HASH_SIZE; i++) {
- do {
- FMUTEX_Lock(slot->sessionLock);
- session = slot->head[i];
- /* hand deque */
- /* this duplicates much of C_close session functionality, but because
- * we know that we are freeing all the sessions, we and do some
- * more efficient processing */
- if (session) {
- slot->head[i] = session->next;
- if (session->next) session->next->prev = NULL;
- session->next = session->prev = NULL;
- slot->sessionCount--;
- if (session->info.flags & CKF_RW_SESSION) {
- slot->rwSessionCount--;
- }
- }
- FMUTEX_Unlock(slot->sessionLock);
- if (session) fort11_FreeSession(session);
- } while (session != NULL);
- }
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_GetSessionInfo obtains information about the session. */
-PR_PUBLIC_API(CK_RV) C_GetSessionInfo(CK_SESSION_HANDLE hSession,
- CK_SESSION_INFO_PTR pInfo) {
- FORT11_ENTER()
- PK11Session *session;
- PK11Slot *slot;
- CI_STATE cardState;
- FortezzaSocket *socket;
- int ciRV;
-
- session = fort11_SessionFromHandle (hSession, PR_FALSE);
- slot = fort11_SlotFromSessionHandle(hSession);
- socket = &fortezzaSockets[slot->slotID-1];
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
- PORT_Memcpy (pInfo, &session->info, sizeof (CK_SESSION_INFO));
- fort11_FreeSession(session);
-
- ciRV = MACI_Select(socket->maciSession, slot->slotID);
- CARD_OK(ciRV)
-
- ciRV = MACI_GetState(socket->maciSession, &cardState);
- CARD_OK(ciRV)
-
- if (socket->isLoggedIn) {
- switch (cardState) {
- case CI_POWER_UP:
- case CI_UNINITIALIZED:
- case CI_INITIALIZED:
- case CI_SSO_INITIALIZED:
- case CI_LAW_INITIALIZED:
- case CI_USER_INITIALIZED:
- pInfo->state = CKS_RO_PUBLIC_SESSION;
- break;
- case CI_STANDBY:
- case CI_READY:
- pInfo->state = CKS_RO_USER_FUNCTIONS;
- break;
- default:
- pInfo->state = CKS_RO_PUBLIC_SESSION;
- break;
- }
- } else {
- pInfo->state = CKS_RO_PUBLIC_SESSION;
- }
-
- FORT11_RETURN (CKR_OK);
-}
-
-/* C_Login logs a user into a token. */
-PR_PUBLIC_API(CK_RV) C_Login(CK_SESSION_HANDLE hSession,
- CK_USER_TYPE userType,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen) {
- FORT11_ENTER()
- PK11Slot *slot;
- PK11Session *session;
-#ifndef SWFORT
- CI_PIN ciPin;
-#endif
- int rv, ciUserType;
-
- slot = fort11_SlotFromSessionHandle (hSession);
- session = fort11_SessionFromHandle(hSession, PR_FALSE);
-
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- fort11_FreeSession(session);
-
- if (slot->isLoggedIn) FORT11_RETURN (CKR_USER_ALREADY_LOGGED_IN);
- slot->ssoLoggedIn = PR_FALSE;
-
-#ifndef SWFORT
- if (ulPinLen > CI_PIN_SIZE) FORT11_RETURN (CKR_PIN_LEN_RANGE);
-
- fort11_convertToCIPin (ciPin, pPin, ulPinLen);
-#endif
- switch (userType) {
- case CKU_SO:
- ciUserType = CI_SSO_PIN;
- break;
- case CKU_USER:
- ciUserType = CI_USER_PIN;
- break;
- default:
- FORT11_RETURN (CKR_USER_TYPE_INVALID);
- }
-
-#ifndef SWFORT
- rv = LoginToSocket(&fortezzaSockets[slot->slotID-1], ciUserType, ciPin);
-#else
- rv = LoginToSocket(&fortezzaSockets[slot->slotID-1], ciUserType, pPin);
-#endif
-
- switch (rv) {
- case SOCKET_SUCCESS:
- break;
- case CI_FAIL:
- FORT11_RETURN (CKR_PIN_INCORRECT);
- default:
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- FMUTEX_Lock(slot->sessionLock);
- slot->isLoggedIn = PR_TRUE;
- if (userType == CKU_SO) {
- slot->ssoLoggedIn = PR_TRUE;
- }
- FMUTEX_Unlock(slot->sessionLock);
-
- fort11_update_all_states(slot);
- FORT11_RETURN (CKR_OK);
-}
-
-/* C_Logout logs a user out from a token. */
-PR_PUBLIC_API(CK_RV) C_Logout(CK_SESSION_HANDLE hSession) {
- FORT11_ENTER()
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
-
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- if (!slot->isLoggedIn)
- FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
-
- FMUTEX_Lock(slot->sessionLock);
-
- slot->isLoggedIn = PR_FALSE;
- slot->ssoLoggedIn = PR_FALSE;
- slot->password = NULL;
- LogoutFromSocket (&fortezzaSockets[slot->slotID-1]);
-
- FMUTEX_Unlock(slot->sessionLock);
-
- fort11_update_all_states(slot);
- FORT11_RETURN (CKR_OK);
-}
-
-/* C_CreateObject creates a new object. */
-PR_PUBLIC_API(CK_RV) C_CreateObject(CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phObject) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_CopyObject copies an object, creating a new object for the copy. */
-PR_PUBLIC_API(CK_RV) C_CopyObject(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phNewObject) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_DestroyObject destroys an object. */
-PR_PUBLIC_API(CK_RV) C_DestroyObject(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject) {
- FORT11_ENTER()
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- PK11Session *session;
- PK11Object *object;
- PK11FreeStatus status;
-
- /*
- * This whole block just makes sure we really can destroy the
- * requested object.
- */
- session = fort11_SessionFromHandle(hSession, PR_FALSE);
- if (session == NULL) {
- session = fort11_SessionFromHandle(hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- object = fort11_ObjectFromHandle(hObject,session);
- if (object == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OBJECT_HANDLE_INVALID);
- }
-
- /* don't destroy a private object if we aren't logged in */
- if ((!slot->isLoggedIn) && (slot->needLogin) &&
- (fort11_isTrue(object,CKA_PRIVATE))) {
- fort11_FreeSession(session);
- fort11_FreeObject(object);
- FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
- }
-
- /* don't destroy a token object if we aren't in a rw session */
-
- if (((session->info.flags & CKF_RW_SESSION) == 0) &&
- (fort11_isTrue(object,CKA_TOKEN))) {
- fort11_FreeSession(session);
- fort11_FreeObject(object);
- FORT11_RETURN (CKR_SESSION_READ_ONLY);
- }
-
- /* ACTUALLY WE NEED TO DEAL WITH TOKEN OBJECTS AS WELL */
- FMUTEX_Lock(session->objectLock);
- fort11_DeleteObject(session,object);
- FMUTEX_Unlock(session->objectLock);
-
- fort11_FreeSession(session);
-
- /*
- * get some indication if the object is destroyed. Note: this is not
- * 100%. Someone may have an object reference outstanding (though that
- * should not be the case by here. Also now that the object is "half"
- * destroyed. Our internal representation is destroyed, but it is still
- * in the data base.
- */
- status = fort11_FreeObject(object);
-
- FORT11_RETURN ((status != PK11_DestroyFailure) ? CKR_OK : CKR_DEVICE_ERROR);
-}
-
-
-/* C_GetObjectSize gets the size of an object in bytes. */
-PR_PUBLIC_API(CK_RV) C_GetObjectSize(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ULONG_PTR pulSize) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- *pulSize = 0;
- return CKR_OK;
-}
-
-
-/* C_GetAttributeValue obtains the value of one or more object attributes. */
-PR_PUBLIC_API(CK_RV) C_GetAttributeValue(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount) {
- FORT11_ENTER()
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- PK11Session *session;
- PK11Object *object;
- PK11Attribute *attribute;
- PRBool sensitive;
- int i;
-
- /*
- * make sure we're allowed
- */
- session = fort11_SessionFromHandle(hSession, PR_FALSE);
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- object = fort11_ObjectFromHandle(hObject,session);
- fort11_FreeSession(session);
- if (object == NULL) {
- FORT11_RETURN (CKR_OBJECT_HANDLE_INVALID);
- }
-
- /* don't read a private object if we aren't logged in */
- if ((!slot->isLoggedIn) && (slot->needLogin) &&
- (fort11_isTrue(object,CKA_PRIVATE))) {
- fort11_FreeObject(object);
- FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
- }
-
- sensitive = fort11_isTrue(object,CKA_SENSITIVE);
- for (i=0; i < (int)ulCount; i++) {
- /* Make sure that this attribute is retrievable */
- if (sensitive && fort11_isSensitive(pTemplate[i].type,object->objclass)) {
- fort11_FreeObject(object);
- FORT11_RETURN (CKR_ATTRIBUTE_SENSITIVE);
- }
- attribute = fort11_FindAttribute(object,pTemplate[i].type);
- if (attribute == NULL) {
- fort11_FreeObject(object);
- FORT11_RETURN (CKR_ATTRIBUTE_TYPE_INVALID);
- }
- if (pTemplate[i].pValue != NULL) {
- PORT_Memcpy(pTemplate[i].pValue,attribute->attrib.pValue,
- attribute->attrib.ulValueLen);
- }
- pTemplate[i].ulValueLen = attribute->attrib.ulValueLen;
- fort11_FreeAttribute(attribute);
- }
-
- fort11_FreeObject(object);
- FORT11_RETURN (CKR_OK);
-}
-
-/* C_SetAttributeValue modifies the value of one or more object attributes */
-PR_PUBLIC_API(CK_RV) C_SetAttributeValue (CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-/* C_FindObjectsInit initializes a search for token and session objects
- * that match a template. */
-PR_PUBLIC_API(CK_RV) C_FindObjectsInit(CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount) {
- FORT11_ENTER()
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- PK11Session *session;
- PK11ObjectListElement *objectList = NULL;
- PK11ObjectListElement *olp;
- PK11SearchResults *search, *freeSearch;
- FortezzaSocket *currSocket;
- int rv, count, i;
-
- if (slot == NULL) {
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
-
- if ((!slot->isLoggedIn) && (slot->needLogin))
- FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
-
- session = fort11_SessionFromHandle(hSession, PR_FALSE);
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
- currSocket = &fortezzaSockets[slot->slotID-1];
- if (currSocket->personalityList == NULL) {
- rv = FetchPersonalityList(currSocket);
- if (rv != SOCKET_SUCCESS) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- rv = fort11_BuildCertObjects(currSocket, slot, session);
-
- if (rv != CKR_OK) {
- fort11_FreeSession(session);
- FORT11_RETURN (rv);
- }
-
-
- }
- rv = fort11_searchObjectList(&objectList, slot->tokObjects,
- slot->objectLock, pTemplate, ulCount);
- if (rv != CKR_OK) {
- fort11_FreeObjectList(objectList);
- fort11_FreeSession(session);
- FORT11_RETURN (rv);
- }
-
- /*copy list to session*/
-
- count = 0;
- for(olp = objectList; olp != NULL; olp = olp->next) {
- count++;
- }
-
- search = (PK11SearchResults *)PORT_Alloc(sizeof(PK11SearchResults));
- if (search != NULL) {
- search->handles = (CK_OBJECT_HANDLE *)
- PORT_Alloc(sizeof(CK_OBJECT_HANDLE) * count);
- if (search->handles != NULL) {
- for (i=0; i < count; i++) {
- search->handles[i] = objectList->object->handle;
- objectList = fort11_FreeObjectListElement(objectList);
- }
- } else {
- PORT_Free(search);
- search = NULL;
- }
- }
- if (search == NULL) {
- fort11_FreeObjectList(objectList);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OK);
- }
-
- /* store the search info */
- search->index = 0;
- search->size = count;
- if ((freeSearch = session->search) != NULL) {
- session->search = NULL;
- fort11_FreeSearch(freeSearch);
- }
- session->search = search;
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_FindObjects continues a search for token and session objects
- * that match a template, obtaining additional object handles. */
-PR_PUBLIC_API(CK_RV) C_FindObjects(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE_PTR phObject,
- CK_ULONG ulMaxObjectCount,
- CK_ULONG_PTR pulObjectCount) {
- FORT11_ENTER()
- PK11Session *session;
- PK11SearchResults *search;
- PK11Slot *slot;
- int transfer;
- unsigned long left;
-
- *pulObjectCount = 0;
- session = fort11_SessionFromHandle(hSession,PR_FALSE);
- slot = fort11_SlotFromSessionHandle(hSession);
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
- if (session->search == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OK);
- }
- search = session->search;
- left = session->search->size - session->search->index;
- transfer = (ulMaxObjectCount > left) ? left : ulMaxObjectCount;
- PORT_Memcpy(phObject,&search->handles[search->index],
- transfer*sizeof(CK_OBJECT_HANDLE_PTR));
- search->index += transfer;
- if (search->index == search->size) {
- session->search = NULL;
- fort11_FreeSearch(search);
- }
- fort11_FreeSession(session);
- *pulObjectCount = transfer;
- FORT11_RETURN (CKR_OK);
-}
-
-/* C_FindObjectsFinal finishes a search for token and session objects. */
-PR_PUBLIC_API(CK_RV) C_FindObjectsFinal(CK_SESSION_HANDLE hSession) {
- FORT11_ENTER()
- PK11Session *session;
- PK11SearchResults *search;
- PK11Slot *slot;
-
- session = fort11_SessionFromHandle(hSession, PR_FALSE);
- slot = fort11_SlotFromSessionHandle(hSession);
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
- search = session->search;
- session->search = NULL;
- if (search == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OK);
- }
- fort11_FreeSearch(search);
-
- /* UnloadPersonalityList(&fortezzaSockets[session->slot->slotID-1]); */
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_EncryptInit initializes an encryption operation. */
-PR_PUBLIC_API(CK_RV) C_EncryptInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- PK11Object *keyObject;
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- FortezzaContext *context;
- HSESSION hs = socket->maciSession;
- FortezzaKey *fortezzaKey;
- CI_IV fortezzaIV;
- int ciRV, registerIndex;
-
-
- if (pMechanism->mechanism != CKM_SKIPJACK_CBC64) {
- if (session) {
- fort11_FreeSession(session);
- }
- FORT11_RETURN (CKR_MECHANISM_INVALID);
- }
-
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- keyObject = fort11_ObjectFromHandle (hKey, session);
-
- if (keyObject == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
- }
-
- ciRV = MACI_Select (hs, slot->slotID);
- if (ciRV != CI_OK) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- ciRV = MACI_SetMode(hs, CI_ENCRYPT_TYPE, CI_CBC64_MODE);
- if (ciRV != CI_OK) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- /*Load the correct key into a key register*/
- fortezzaKey = (FortezzaKey*)keyObject->objectInfo;
- fort11_FreeObject (keyObject);
- if (fortezzaKey == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- if (fortezzaKey->keyRegister == KeyNotLoaded) {
- registerIndex = LoadKeyIntoRegister (fortezzaKey);
- } else {
- registerIndex = fortezzaKey->keyRegister;
- }
-
- if (registerIndex == KeyNotLoaded) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- ciRV = MACI_SetKey (hs,registerIndex);
- if (ciRV != CI_OK) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- ciRV = MACI_GenerateIV(hs, fortezzaIV);
- if (ciRV != CI_OK) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
- context = &session->fortezzaContext;
- InitContext(context, socket, hKey);
- ciRV = SaveState(context, fortezzaIV, session, fortezzaKey,
- CI_ENCRYPT_EXT_TYPE, pMechanism->mechanism);
- if (ciRV != SOCKET_SUCCESS) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- if (pMechanism->pParameter != NULL &&
- pMechanism->ulParameterLen >= sizeof(CI_IV)) {
- PORT_Memcpy (pMechanism->pParameter, fortezzaIV, sizeof(CI_IV));
- }
-
- InitCryptoOperation(context, Encrypt);
- fort11_FreeSession(session);
-
- FORT11_RETURN (CKR_OK);
-}
-
-/* C_Encrypt encrypts single-part data. */
-PR_PUBLIC_API(CK_RV) C_Encrypt (CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG_PTR pulEncryptedDataLen) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle (hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- FortezzaContext *context;
- HSESSION hs;
- CK_RV rv;
-
-
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession , PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- context = &session->fortezzaContext;
- if (GetCryptoOperation(context) != Encrypt) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OPERATION_NOT_INITIALIZED);
- }
-
- *pulEncryptedDataLen = ulDataLen;
- if (pEncryptedData == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OK);
- }
-
- hs = socket->maciSession;
- FMUTEX_Lock(socket->registersLock);
- MACI_Lock(hs, CI_BLOCK_LOCK_FLAG);
- rv = EncryptData (context, pData, ulDataLen,
- pEncryptedData, *pulEncryptedDataLen);
- MACI_Unlock(hs);
- FMUTEX_Unlock(socket->registersLock);
-
- if (rv != SOCKET_SUCCESS) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- EndCryptoOperation(context, Encrypt);
- fort11_FreeSession(session);
-
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_EncryptUpdate continues a multiple-part encryption operation. */
-PR_PUBLIC_API(CK_RV) C_EncryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession,PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- FortezzaContext *context;
- int rv;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle(hSession, PR_TRUE);
- fort11_TokenRemoved (slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- context = &session->fortezzaContext;
-
- if (GetCryptoOperation(context) != Encrypt) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OPERATION_NOT_INITIALIZED);
- }
-
- if (pEncryptedPart == NULL) {
- *pulEncryptedPartLen = ulPartLen;
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OK);
- }
-
- if (*pulEncryptedPartLen < ulPartLen) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_BUFFER_TOO_SMALL);
- }
-
- *pulEncryptedPartLen = ulPartLen;
-
- FMUTEX_Lock(socket->registersLock);
- MACI_Lock(socket->maciSession, CI_BLOCK_LOCK_FLAG);
- rv = EncryptData(context,pPart, ulPartLen, pEncryptedPart,
- *pulEncryptedPartLen);
- MACI_Unlock(socket->maciSession);
- FMUTEX_Unlock(socket->registersLock);
-
- fort11_FreeSession(session);
- if (rv != SOCKET_SUCCESS) {
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_EncryptFinal finishes a multiple-part encryption operation. */
-PR_PUBLIC_API(CK_RV) C_EncryptFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastEncryptedPart,
- CK_ULONG_PTR pulLastEncryptedPartLen){
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaContext *context;
- int rv;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle(hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- context = &session->fortezzaContext;
-
- rv = EndCryptoOperation(context, Encrypt);
- fort11_FreeSession(session);
-
- FORT11_RETURN (CKR_OK);
-}
-/* C_DecryptInit initializes a decryption operation. */
-PR_PUBLIC_API(CK_RV) C_DecryptInit( CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- PK11Object *keyObject;
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- FortezzaContext *context;
- HSESSION hs = socket->maciSession;
- FortezzaKey *fortezzaKey;
- CI_IV fortezzaIV;
- int ciRV, registerIndex;
-
- if (pMechanism->mechanism != CKM_SKIPJACK_CBC64) {
- if (session) fort11_FreeSession(session);
- FORT11_RETURN (CKR_MECHANISM_INVALID);
- }
-
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- keyObject = fort11_ObjectFromHandle (hKey, session);
-
- if (keyObject == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
- }
-
- fortezzaKey = (FortezzaKey*)keyObject->objectInfo;
- fort11_FreeObject(keyObject);
-
- if (fortezzaKey == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- ciRV = MACI_Select (hs, slot->slotID);
- if (ciRV != CI_OK) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- ciRV = MACI_SetMode(hs, CI_DECRYPT_TYPE, CI_CBC64_MODE);
- if (ciRV != CI_OK) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- FMUTEX_Lock(socket->registersLock);
- if (fortezzaKey->keyRegister == KeyNotLoaded) {
- registerIndex = LoadKeyIntoRegister(fortezzaKey);
- } else {
- registerIndex = fortezzaKey->keyRegister;
- }
-
- if (registerIndex == KeyNotLoaded) {
- FMUTEX_Unlock(socket->registersLock);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- if (pMechanism->pParameter == NULL ||
- pMechanism->ulParameterLen < sizeof (CI_IV)) {
- FORT11_RETURN (CKR_MECHANISM_PARAM_INVALID);
- }
-
- PORT_Memcpy (fortezzaIV, pMechanism->pParameter, sizeof(CI_IV));
-
- ciRV = MACI_SetKey (hs, registerIndex);
- if (ciRV != CI_OK) {
- FMUTEX_Unlock(socket->registersLock);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- ciRV = MACI_LoadIV (hs, fortezzaIV);
- if (ciRV != CI_OK) {
- FMUTEX_Unlock(socket->registersLock);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- context = &session->fortezzaContext;
- InitContext(context, socket, hKey);
- ciRV = SaveState (context, fortezzaIV, session, fortezzaKey,
- CI_DECRYPT_EXT_TYPE, pMechanism->mechanism);
-
- FMUTEX_Unlock(socket->registersLock);
-
- if (ciRV != SOCKET_SUCCESS) {
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- InitCryptoOperation (context, Decrypt);
- fort11_FreeSession (session);
-
- FORT11_RETURN (CKR_OK);
-}
-
-/* C_Decrypt decrypts encrypted data in a single part. */
-PR_PUBLIC_API(CK_RV) C_Decrypt(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG ulEncryptedDataLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle (hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- FortezzaContext *context;
- HSESSION hs;
- CK_RV rv;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle(hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- context = &session->fortezzaContext;
-
- if (GetCryptoOperation(context) != Decrypt) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OPERATION_NOT_INITIALIZED);
- }
-
- *pulDataLen = ulEncryptedDataLen;
- if (pData == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OK);
- }
-
- hs = socket->maciSession;
- FMUTEX_Lock(socket->registersLock);
- MACI_Lock(hs, CI_NULL_FLAG);
- rv = DecryptData (context, pEncryptedData, ulEncryptedDataLen,
- pData, *pulDataLen);
- MACI_Unlock(hs);
- FMUTEX_Unlock(socket->registersLock);
- if (rv != SOCKET_SUCCESS) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- EndCryptoOperation (context, Decrypt);
- fort11_FreeSession(session);
-
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_DecryptUpdate continues a multiple-part decryption operation. */
-PR_PUBLIC_API(CK_RV) C_DecryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession,PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- FortezzaContext *context;
- HSESSION hs;
- int rv;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle(hSession, PR_TRUE);
- fort11_TokenRemoved (slot, session);
- fort11_FreeSession (session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- context = &session->fortezzaContext;
- hs = socket->maciSession;
-
- if (GetCryptoOperation(context) != Decrypt) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OPERATION_NOT_INITIALIZED);
- }
-
- if (pPart == NULL) {
- *pulPartLen = ulEncryptedPartLen;
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OK);
- }
-
- *pulPartLen = ulEncryptedPartLen;
-
- FMUTEX_Lock(socket->registersLock);
- MACI_Lock (hs, CI_NULL_FLAG);
- rv = DecryptData (context, pEncryptedPart, ulEncryptedPartLen, pPart,
- *pulPartLen);
- MACI_Unlock(hs);
- FMUTEX_Unlock(socket->registersLock);
-
- fort11_FreeSession(session);
-
- if (rv != SOCKET_SUCCESS) {
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_DecryptFinal finishes a multiple-part decryption operation. */
-PR_PUBLIC_API(CK_RV) C_DecryptFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastPart,
- CK_ULONG_PTR pulLastPartLen) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaContext *context;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved (slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- context = &session->fortezzaContext;
- EndCryptoOperation (context, Decrypt);
-
- fort11_FreeSession(session);
-
- FORT11_RETURN (CKR_OK);
-}
-
-
-/*
- ************** Crypto Functions: Digest (HASH) ************************
- */
-
-/* C_DigestInit initializes a message-digesting operation. */
-PR_PUBLIC_API(CK_RV) C_DigestInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_Digest digests data in a single part. */
-PR_PUBLIC_API(CK_RV) C_Digest(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_DigestUpdate continues a multiple-part message-digesting operation. */
-PR_PUBLIC_API(CK_RV) C_DigestUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_DigestFinal finishes a multiple-part message-digesting operation. */
-PR_PUBLIC_API(CK_RV) C_DigestFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/*
- ************** Crypto Functions: Sign ************************
- */
-
-/* C_SignInit initializes a signature (private key encryption) operation,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-PR_PUBLIC_API(CK_RV) C_SignInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle (hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- PK11Object *keyObject;
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- FortezzaContext *context;
- PK11Attribute *idAttribute;
- int personalityIndex;
- HSESSION hs = socket->maciSession;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle(hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- if (pMechanism->mechanism != CKM_DSA) {
- FORT11_RETURN (CKR_MECHANISM_INVALID);
- }
-
- keyObject = fort11_ObjectFromHandle (hKey, session);
-
- if (keyObject == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
- }
-
- context = &session->fortezzaContext;
- InitContext(context, socket, hKey);
- InitCryptoOperation (context, Sign);
- fort11_FreeSession(session);
-
- idAttribute = fort11_FindAttribute(keyObject, CKA_ID);
- fort11_FreeObject(keyObject);
-
- if (idAttribute == NULL) {
- FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
- }
-
- personalityIndex = *(int*)(idAttribute->attrib.pValue);
- fort11_FreeAttribute(idAttribute);
-
- MACI_Select (hs, slot->slotID);
- if (MACI_SetPersonality (hs,personalityIndex) != CI_OK) {
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_Sign signs (encrypts with private key) data in a single part,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-PR_PUBLIC_API(CK_RV) C_Sign(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen) {
-
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaContext *context;
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- HSESSION hs = socket->maciSession;
- PK11Object *keyObject;
- PK11Attribute *idAttribute;
- int ciRV, personalityIndex;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle(hSession, PR_TRUE);
- fort11_TokenRemoved (slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
-
- context = &session->fortezzaContext;
- if (GetCryptoOperation(context) != Sign) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OPERATION_NOT_INITIALIZED);
- }
-
- if (pSignature == NULL) {
- *pulSignatureLen = 40;
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OK);
- }
-
- if (ulDataLen > 20) {
- FORT11_RETURN (CKR_DATA_LEN_RANGE);
- }
-
- if (*pulSignatureLen < 40) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_BUFFER_TOO_SMALL);
- }
- *pulSignatureLen = 40;
-
- keyObject = fort11_ObjectFromHandle(context->hKey, session);
- if (keyObject == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN(CKR_GENERAL_ERROR);
- }
-
- idAttribute = fort11_FindAttribute(keyObject, CKA_ID);
- fort11_FreeObject(keyObject);
-
- personalityIndex = *(int*)(idAttribute->attrib.pValue);
- fort11_FreeAttribute(idAttribute);
-
- MACI_Select(hs, slot->slotID);
-
- MACI_Lock(hs, CI_BLOCK_LOCK_FLAG);
- ciRV = MACI_SetPersonality(hs, personalityIndex);
- if (ciRV != CI_OK) {
- MACI_Unlock(hs);
- fort11_FreeSession(session);
- FORT11_RETURN(CKR_DEVICE_ERROR);
- }
-
- ciRV = MACI_Sign (hs, pData, pSignature);
- if (ciRV != CI_OK) {
- MACI_Unlock(hs);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- MACI_Unlock(hs);
- EndCryptoOperation (context, Sign);
- fort11_FreeSession(session);
-
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-PR_PUBLIC_API(CK_RV) C_SignUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_SignFinal finishes a multiple-part signature operation,
- * FORT11_RETURNing the signature. */
-PR_PUBLIC_API(CK_RV) C_SignFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-/*
- ************** Crypto Functions: Sign Recover ************************
- */
-/* C_SignRecoverInit initializes a signature operation,
- * where the (digest) data can be recovered from the signature.
- * E.g. encryption with the user's private key */
-PR_PUBLIC_API(CK_RV) C_SignRecoverInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_SignRecover signs data in a single operation
- * where the (digest) data can be recovered from the signature.
- * E.g. encryption with the user's private key */
-PR_PUBLIC_API(CK_RV) C_SignRecover(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-/*
- ************** Crypto Functions: verify ************************
- */
-
-/* C_VerifyInit initializes a verification operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature (e.g. DSA) */
-PR_PUBLIC_API(CK_RV) C_VerifyInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_Verify verifies a signature in a single-part operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-PR_PUBLIC_API(CK_RV) C_Verify(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_VerifyUpdate continues a multiple-part verification operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-PR_PUBLIC_API(CK_RV) C_VerifyUpdate( CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen) {
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_VerifyFinal finishes a multiple-part verification operation,
- * checking the signature. */
-PR_PUBLIC_API(CK_RV) C_VerifyFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-/*
- ************** Crypto Functions: Verify Recover ************************
- */
-
-/* C_VerifyRecoverInit initializes a signature verification operation,
- * where the data is recovered from the signature.
- * E.g. Decryption with the user's public key */
-PR_PUBLIC_API(CK_RV) C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey) {
- /* For functions that don't access globals, we don't have to worry about the
- * stack.
- */
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_VerifyRecover verifies a signature in a single-part operation,
- * where the data is recovered from the signature.
- * E.g. Decryption with the user's public key */
-PR_PUBLIC_API(CK_RV) C_VerifyRecover(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen) {
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-/*
- **************************** Key Functions: ************************
- */
-
-#define MAX_KEY_LEN 256
-/* C_GenerateKey generates a secret key, creating a new key object. */
-PR_PUBLIC_API(CK_RV) C_GenerateKey(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phKey) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- PK11Object *key;
- FortezzaKey *newKey;
- int i, keyRegister;
- CK_ULONG key_length = 0;
- CK_RV crv = CKR_OK;
- CK_OBJECT_CLASS secretKey = CKO_SECRET_KEY;
- CK_BBOOL False = FALSE;
- CK_BBOOL cktrue = TRUE;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved (slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
- if (pMechanism->mechanism != CKM_SKIPJACK_KEY_GEN) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_MECHANISM_INVALID);
- }
-
- key = fort11_NewObject(slot);
-
- if (key == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_HOST_MEMORY);
- }
-
- for (i=0; i < (int) ulCount; i++) {
- if (pTemplate[i].type == CKA_VALUE_LEN) {
- key_length = *(CK_ULONG *)pTemplate[i].pValue;
- continue;
- }
- crv = fort11_AddAttributeType (key, pk11_attr_expand (&pTemplate[i]));
- if (crv != CKR_OK)
- break;
- }
-
- if (crv != CKR_OK) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (crv);
- }
-
- /* make sure we don't have any class, key_type, or value fields */
- fort11_DeleteAttributeType(key,CKA_CLASS);
- fort11_DeleteAttributeType(key,CKA_KEY_TYPE);
- fort11_DeleteAttributeType(key,CKA_VALUE);
-
- if (MAX_KEY_LEN < key_length) {
- crv = CKR_TEMPLATE_INCONSISTENT;
- }
-
- if (crv != CKR_OK) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (crv);
- }
-
- if (fort11_AddAttributeType(key, CKA_CLASS,&secretKey,
- sizeof(CK_OBJECT_CLASS)) != CKR_OK) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- if (fort11_AddAttributeType(key, CKA_TOKEN, &False,
- sizeof(CK_BBOOL)) != CKR_OK) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- if (fort11_isTrue(key,CKA_SENSITIVE)) {
- fort11_forceAttribute(key,CKA_ALWAYS_SENSITIVE,&cktrue,
- sizeof(CK_BBOOL));
- }
- if (!fort11_isTrue(key,CKA_EXTRACTABLE)) {
- fort11_forceAttribute(key,CKA_NEVER_EXTRACTABLE,&cktrue,
- sizeof(CK_BBOOL));
- }
-
- FMUTEX_Lock(socket->registersLock);
-
- keyRegister = GetBestKeyRegister(socket);
- newKey = NewFortezzaKey(socket, MEK, NULL, keyRegister);
-
- FMUTEX_Unlock(socket->registersLock);
-
- if (newKey == NULL) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_HOST_MEMORY);
- }
-
- key->objectInfo = (void*)newKey;
- key->infoFree = fort11_FreeFortezzaKey;
-
- FMUTEX_Lock(slot->objectLock);
- key->handle = slot->tokenIDCount++;
- key->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
- FMUTEX_Unlock(slot->objectLock);
-
- key->objclass = secretKey;
- key->slot = slot;
- key->inDB = PR_TRUE;
-
- fort11_AddObject(session, key);
- fort11_FreeSession(session);
- SetFortezzaKeyHandle(newKey, key->handle);
- *phKey = key->handle;
-
- FORT11_RETURN (CKR_OK);
-
-}
-
-
-/* C_GenerateKeyPair generates a public-key/private-key pair,
- * creating new key objects. */
-PR_PUBLIC_API(CK_RV) C_GenerateKeyPair
- (CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount,
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount,
- CK_OBJECT_HANDLE_PTR phPrivateKey,
- CK_OBJECT_HANDLE_PTR phPublicKey) {
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-/* C_WrapKey wraps (i.e., encrypts) a key. */
-PR_PUBLIC_API(CK_RV) C_WrapKey(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hWrappingKey,
- CK_OBJECT_HANDLE hKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG_PTR pulWrappedKeyLen) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle (hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- PK11Object *wrapKey;
- PK11Object *srcKey;
- FortezzaKey *wrapFortKey;
- FortezzaKey *srcFortKey;
- int rv;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- if (!socket->isLoggedIn) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
- }
-
- if (pMechanism->mechanism != CKM_SKIPJACK_WRAP) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_MECHANISM_INVALID);
- }
-
- wrapKey = fort11_ObjectFromHandle (hWrappingKey, session);
- if ((wrapKey == NULL) || (wrapKey->objectInfo == NULL)) {
- if (wrapKey)
- fort11_FreeObject(wrapKey);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
- }
-
- srcKey = fort11_ObjectFromHandle (hKey, session);
- fort11_FreeSession(session);
- if ((srcKey == NULL) || (srcKey->objectInfo == NULL)) {
- FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
- }
-
- wrapFortKey = (FortezzaKey*)wrapKey->objectInfo;
- fort11_FreeObject(wrapKey);
-
- srcFortKey = (FortezzaKey*)srcKey->objectInfo;
- fort11_FreeObject(srcKey);
-
- FMUTEX_Lock(socket->registersLock);
- if (wrapFortKey->keyRegister == KeyNotLoaded) {
- if (LoadKeyIntoRegister(wrapFortKey) == KeyNotLoaded) {
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
- }
-
- if (srcFortKey->keyRegister == KeyNotLoaded) {
- if (LoadKeyIntoRegister(srcFortKey) == KeyNotLoaded) {
- FMUTEX_Unlock(socket->registersLock);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
- }
-
- MACI_Lock(socket->maciSession, CI_BLOCK_LOCK_FLAG);
- rv = WrapKey (wrapFortKey, srcFortKey, pWrappedKey, *pulWrappedKeyLen);
- MACI_Unlock(socket->maciSession);
- FMUTEX_Unlock(socket->registersLock);
-
- if (rv != SOCKET_SUCCESS) {
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */
-PR_PUBLIC_API(CK_RV) C_UnwrapKey(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hUnwrappingKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG ulWrappedKeyLen,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- PK11Object *wrapKey;
- PK11Object *newKey;
- FortezzaKey *fortKey;
- FortezzaKey *unwrapFort;
- CK_ULONG key_length;
- int i, newKeyRegister;
- CK_RV crv = CKR_OK;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle(hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- if (pMechanism->mechanism != CKM_SKIPJACK_WRAP){
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_MECHANISM_INVALID);
- }
-
- if (!socket->isLoggedIn) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
- }
-
- wrapKey = fort11_ObjectFromHandle(hUnwrappingKey, session);
- if (wrapKey == NULL || wrapKey->objectInfo == NULL) {
- if (wrapKey)
- fort11_FreeObject(wrapKey);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_UNWRAPPING_KEY_HANDLE_INVALID);
- }
-
- fortKey = (FortezzaKey*)wrapKey->objectInfo;
- fort11_FreeObject(wrapKey);
-
- newKey = fort11_NewObject(slot);
- if (newKey == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_HOST_MEMORY);
- }
-
- for (i=0; i< (int)ulAttributeCount; i++) {
- if (pTemplate[i].type == CKA_VALUE_LEN) {
- key_length = *(CK_ULONG*)pTemplate[i].pValue;
- continue;
- }
- crv=fort11_AddAttributeType(newKey,fort11_attr_expand(&pTemplate[i]));
- if (crv != CKR_OK) {
- break;
- }
- }
-
- if (crv != CKR_OK) {
- fort11_FreeSession(session);
- fort11_FreeObject(newKey);
- FORT11_RETURN (crv);
- }
-
- /* make sure we don't have any class, key_type, or value fields */
- if (!fort11_hasAttribute(newKey,CKA_CLASS)) {
- fort11_FreeObject(newKey);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_TEMPLATE_INCOMPLETE);
- }
- if (!fort11_hasAttribute(newKey,CKA_KEY_TYPE)) {
- fort11_FreeObject(newKey);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_TEMPLATE_INCOMPLETE);
- }
-
- FMUTEX_Lock(socket->registersLock);
- newKeyRegister = UnwrapKey (pWrappedKey, fortKey);
- if (newKeyRegister == KeyNotLoaded) {
- /*Couldn't Unwrap the key*/
- fort11_FreeObject(newKey);
- fort11_FreeSession(session);
- FMUTEX_Unlock(socket->registersLock);
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- unwrapFort = NewUnwrappedKey(newKeyRegister, fortKey->id, socket);
- FMUTEX_Unlock(socket->registersLock);
-
- if (unwrapFort == NULL) {
- fort11_FreeObject(newKey);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_HOST_MEMORY);
- }
- newKey->objectInfo = unwrapFort;
- newKey->infoFree = fort11_FreeFortezzaKey;
-
- FMUTEX_Lock(slot->objectLock);
- newKey->handle = slot->tokenIDCount++;
- newKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
- FMUTEX_Unlock(slot->objectLock);
- newKey->objclass = CKO_SECRET_KEY;
- newKey->slot = slot;
- newKey->inDB = PR_TRUE;
-
- fort11_AddObject (session, newKey);
- fort11_FreeSession(session);
-
- SetFortezzaKeyHandle(unwrapFort, newKey->handle);
- *phKey = newKey->handle;
-
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_DeriveKey derives a key from a base key, creating a new key object. */
-PR_PUBLIC_API(CK_RV) C_DeriveKey( CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hBaseKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
- PK11Object *key, *sourceKey;
- CK_ULONG i;
- CK_ULONG key_length = 0;
- CK_RV crv = 0;
- CK_KEY_TYPE keyType = CKK_SKIPJACK;
- CK_OBJECT_CLASS classType = CKO_SECRET_KEY;
- CK_BBOOL ckTrue = TRUE;
- CK_BBOOL ckFalse = FALSE;
- int ciRV;
- int personality;
- PK11Attribute *att;
-
- CK_KEA_DERIVE_PARAMS_PTR params;
- FortezzaKey *derivedKey;
- CreateTEKInfo tekInfo;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle(hSession, PR_TRUE);
- fort11_TokenRemoved (slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- if (pMechanism->mechanism != CKM_KEA_KEY_DERIVE) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_MECHANISM_INVALID);
- }
-
- key = fort11_NewObject (slot);
-
- if (key == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_HOST_MEMORY);
- }
-
- for (i = 0; i < ulAttributeCount; i++) {
- crv = fort11_AddAttributeType (key, fort11_attr_expand(&pTemplate[i]));
- if (crv != CKR_OK) {
- break;
- }
- if (pTemplate[i].type == CKA_KEY_TYPE) {
- keyType = *(CK_KEY_TYPE*)pTemplate[i].pValue;
- } else if (pTemplate[i].type == CKA_VALUE_LEN) {
- key_length = *(CK_ULONG*)pTemplate[i].pValue;
- }
- }
-
- if (crv != CKR_OK) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (crv);
- }
-
- if (key_length == 0) {
- key_length = 12;
- }
-
- classType = CKO_SECRET_KEY;
- crv = fort11_forceAttribute (key, CKA_CLASS, &classType,
- sizeof(classType));
- if (crv != CKR_OK) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (crv);
- }
- crv = fort11_forceAttribute (key, CKA_SENSITIVE, &ckTrue,
- sizeof(CK_BBOOL));
- if (crv != CKR_OK) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (crv);
- }
- crv = fort11_forceAttribute (key, CKA_EXTRACTABLE, &ckFalse,
- sizeof(CK_BBOOL));
- if (crv != CKR_OK) {
- fort11_FreeSession(session);
- fort11_FreeObject(key);
- FORT11_RETURN (crv);
- }
-
- sourceKey = fort11_ObjectFromHandle (hBaseKey, session);
-
- if (sourceKey == NULL) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
- }
-
- att = fort11_FindAttribute(sourceKey,CKA_ID);
- fort11_FreeObject(sourceKey);
- if (att == NULL) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_KEY_TYPE_INCONSISTENT);
- }
- personality = *(int *) att->attrib.pValue;
- fort11_FreeAttribute(att);
-
- params = (CK_KEA_DERIVE_PARAMS_PTR)pMechanism->pParameter;
-
- if (params == NULL) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_MECHANISM_PARAM_INVALID);
- }
-
- ciRV = MACI_SetPersonality(socket->maciSession,personality);
- if (ciRV != CI_OK) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
- /*
- * If we're sending, generate our own RA.
- */
- if (params->isSender) {
- ciRV = MACI_GenerateRa(socket->maciSession,params->pRandomA);
- if (ciRV != CI_OK) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
- }
- PORT_Memcpy (tekInfo.Ra, params->pRandomA, params->ulRandomLen);
- PORT_Memcpy (tekInfo.Rb, params->pRandomB, params->ulRandomLen);
- tekInfo.randomLen = params->ulRandomLen;
- tekInfo.personality = personality;
- tekInfo.flag = (params->isSender) ? CI_INITIATOR_FLAG : CI_RECIPIENT_FLAG;
-
- PORT_Memcpy (tekInfo.pY, params->pPublicData, params->ulPublicDataLen);
- tekInfo.YSize = params->ulPublicDataLen;
-
- FMUTEX_Lock(socket->registersLock);
- derivedKey = NewFortezzaKey(socket, TEK, &tekInfo,
- GetBestKeyRegister(socket));
- FMUTEX_Unlock(socket->registersLock);
-
- if (derivedKey == NULL) {
- fort11_FreeObject(key);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_GENERAL_ERROR);
- }
-
- key->objectInfo = derivedKey;
- key->infoFree = fort11_FreeFortezzaKey;
-
- FMUTEX_Lock(slot->objectLock);
- key->handle = slot->tokenIDCount++;
- key->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
- FMUTEX_Unlock(slot->objectLock);
- key->objclass = classType;
- key->slot = slot;
- key->inDB = PR_TRUE;
-
- fort11_AddObject (session, key);
- fort11_FreeSession(session);
-
- SetFortezzaKeyHandle(derivedKey, key->handle);
- *phKey = key->handle;
-
- FORT11_RETURN (CKR_OK);
-}
-
-/*
- **************************** Random Functions: ************************
- */
-
-/* C_SeedRandom mixes additional seed material into the token's random number
- * generator. */
-PR_PUBLIC_API(CK_RV) C_SeedRandom(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSeed,
- CK_ULONG ulSeedLen) {
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_GenerateRandom generates random data. */
-PR_PUBLIC_API(CK_RV) C_GenerateRandom(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pRandomData,
- CK_ULONG ulRandomLen) {
- FORT11_ENTER()
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- PK11Session *session = fort11_SessionFromHandle(hSession,PR_FALSE);
- CI_RANDOM randomNum;
- CK_ULONG randomSize = sizeof (CI_RANDOM);
- int ciRV;
- CK_ULONG bytesCopied = 0, bytesToCopy;
- CK_ULONG bufferSize = 0, bytesRemaining;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle (hSession, PR_TRUE);
- fort11_TokenRemoved(slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- fort11_FreeSession(session);
- ciRV = MACI_Select(fortezzaSockets[slot->slotID-1].maciSession,
- slot->slotID);
- if (ciRV != CI_OK) {
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- while (bytesCopied < ulRandomLen) {
- bytesRemaining = ulRandomLen - bytesCopied;
- if (bufferSize < bytesRemaining) {
- ciRV =
- MACI_GenerateRandom(fortezzaSockets[slot->slotID-1].maciSession,
- randomNum);
- if (ciRV != CI_OK)
- FORT11_RETURN (CKR_DEVICE_ERROR);
- bufferSize = randomSize;
- }
- bytesToCopy = (bytesRemaining > randomSize) ? randomSize :
- bytesRemaining;
-
- PORT_Memcpy (&pRandomData[bytesCopied],
- &randomNum[randomSize-bufferSize], bytesToCopy);
-
- bytesCopied += bytesToCopy;
- bufferSize -= bytesToCopy;
- }
-
- FORT11_RETURN (CKR_OK);
-}
-
-
-/* C_GetFunctionStatus obtains an updated status of a function running
- * in parallel with an application. */
-PR_PUBLIC_API(CK_RV) C_GetFunctionStatus(CK_SESSION_HANDLE hSession) {
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_CancelFunction cancels a function running in parallel */
-PR_PUBLIC_API(CK_RV) C_CancelFunction(CK_SESSION_HANDLE hSession) {
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-/* C_GetOperationState saves the state of the cryptographic
- *operation in a session. */
-PR_PUBLIC_API(CK_RV) C_GetOperationState(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG_PTR pulOperationStateLen) {
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaContext *context;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle(hSession, PR_TRUE);
- fort11_TokenRemoved (slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- if (pOperationState == NULL) {
- *pulOperationStateLen = sizeof (FortezzaContext);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_OK);
- }
-
- if (*pulOperationStateLen < sizeof (FortezzaContext)) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_BUFFER_TOO_SMALL);
- }
-
- context = &session->fortezzaContext;
- fort11_FreeSession(session);
- PORT_Memcpy (pOperationState, context, sizeof(FortezzaContext));
- ((FortezzaContext *)pOperationState)->session = NULL;
- ((FortezzaContext *)pOperationState)->fortezzaKey = NULL;
- *pulOperationStateLen = sizeof(FortezzaContext);
- FORT11_RETURN (CKR_OK);
-}
-
-
-
-/* C_SetOperationState restores the state of the cryptographic operation in a session. */
-PR_PUBLIC_API(CK_RV) C_SetOperationState(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG ulOperationStateLen,
- CK_OBJECT_HANDLE hEncryptionKey,
- CK_OBJECT_HANDLE hAuthenticationKey){
- FORT11_ENTER()
- PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
- PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
- FortezzaContext *context;
- FortezzaContext passedInCxt;
- PK11Object *keyObject;
- FortezzaKey *fortKey;
-
- if (session == NULL) {
- session = fort11_SessionFromHandle(hSession, PR_TRUE);
- fort11_TokenRemoved (slot, session);
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
- }
-
- if (ulOperationStateLen != sizeof(FortezzaContext)) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SAVED_STATE_INVALID);
- }
-
- PORT_Memcpy(&passedInCxt, pOperationState, sizeof(FortezzaContext));
- if (passedInCxt.fortezzaSocket->slotID != slot->slotID) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SAVED_STATE_INVALID);
- }
- passedInCxt.session = NULL;
- passedInCxt.fortezzaKey = NULL;
-
- if (hEncryptionKey != 0) {
- keyObject = fort11_ObjectFromHandle(hEncryptionKey, session);
- if (keyObject == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
- }
- fortKey = (FortezzaKey*)keyObject->objectInfo;
- fort11_FreeObject(keyObject);
- if (fortKey == NULL) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_SAVED_STATE_INVALID);
- }
- if (fortKey->keyRegister == KeyNotLoaded) {
- if (LoadKeyIntoRegister (fortKey) == KeyNotLoaded) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
- }
- passedInCxt.fortezzaKey = fortKey;
-
- }
- if (hAuthenticationKey != 0) {
- fort11_FreeSession(session);
- FORT11_RETURN (CKR_DEVICE_ERROR);
- }
-
- passedInCxt.session = session;
- context = &session->fortezzaContext;
- fort11_FreeSession (session);
- PORT_Memcpy (context, &passedInCxt, sizeof(passedInCxt));
-
- FORT11_RETURN (CKR_OK);
-}
-
-/* Dual-function cryptographic operations */
-
-/* C_DigestEncryptUpdate continues a multiple-part digesting and
- encryption operation. */
-PR_PUBLIC_API(CK_RV) C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen){
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_DecryptDigestUpdate continues a multiple-part decryption and digesting
- operation. */
-PR_PUBLIC_API(CK_RV) C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen){
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_SignEncryptUpdate continues a multiple-part signing and encryption
- operation. */
-PR_PUBLIC_API(CK_RV) C_SignEncryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen){
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_DecryptVerifyUpdate continues a multiple-part decryption and verify
- operation. */
-PR_PUBLIC_API(CK_RV) C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG ulEncryptedDataLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen){
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-/* C_DigestKey continues a multi-part message-digesting operation,
- * by digesting the value of a secret key as part of the data already digested.
- */
-PR_PUBLIC_API(CK_RV) C_DigestKey(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hKey) {
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-PR_PUBLIC_API(CK_RV) C_WaitForSlotEvent(CK_FLAGS flags,
- CK_SLOT_ID_PTR pSlot,
- CK_VOID_PTR pRserved) {
- return CKR_FUNCTION_FAILED;
-}
-
diff --git a/security/nss/lib/fortcrypt/fortsock.h b/security/nss/lib/fortcrypt/fortsock.h
deleted file mode 100644
index f74fc80b8..000000000
--- a/security/nss/lib/fortcrypt/fortsock.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifndef FORSOCK_H_
-#define FORSOCK_H_
-
-#include "seccomon.h"
-#include "fpkcs11.h"
-#include "fpkcs11i.h"
-#include "fpkstrs.h"
-
-
-#ifndef prtypes_h___
-typedef enum { PR_FALSE, PR_TRUE }PRBool;
-#endif
-
-
-#define SOCKET_SUCCESS 0
-#define SOCKET_FAILURE 1
-
-#define KeyNotLoaded -1
-#define NoCryptoType -1
-#define NoCryptoMode -1
-#define NO_MECHANISM 0xFFFFFFFFL
-
-
-/*Get the Fortezza context in here*/
-
-int InitSocket (FortezzaSocket *inSocket, int inSlotID);
-int FreeSocket (FortezzaSocket *inSocket);
-
-int FetchPersonalityList (FortezzaSocket *inSocket);
-int UnloadPersonalityList(FortezzaSocket *inSocket);
-
-int LoginToSocket (FortezzaSocket *inSocket, int inUserType, CI_PIN inPin);
-
-int LogoutFromSocket (FortezzaSocket *inSocket);
-
-PRBool SocketStateUnchanged(FortezzaSocket* inSocket);
-
-int GetBestKeyRegister(FortezzaSocket *inSocket);
-
-FortezzaKey *NewFortezzaKey(FortezzaSocket *inSocket,
- FortezzaKeyType inKeyType,
- CreateTEKInfo *TEKinfo,
- int inKeyRegister);
-FortezzaKey *NewUnwrappedKey(int inKeyRegister, int i,
- FortezzaSocket *inSocket);
-
-int LoadKeyIntoRegister (FortezzaKey *inKey);
-int SetFortezzaKeyHandle (FortezzaKey *inKey, CK_OBJECT_HANDLE inHandle);
-void RemoveKey (FortezzaKey *inKey);
-
-void InitContext(FortezzaContext *inContext, FortezzaSocket *inSocket,
- CK_OBJECT_HANDLE hKey);
-int InitCryptoOperation (FortezzaContext *inContext,
- CryptoType inCryptoOperation);
-int EndCryptoOperation (FortezzaContext *inContext,
- CryptoType inCryptoOperation);
-CryptoType GetCryptoOperation (FortezzaContext *inContext);
-int EncryptData (FortezzaContext *inContext, CK_BYTE_PTR inData,
- CK_ULONG inDataLen, CK_BYTE_PTR inDest,
- CK_ULONG inDestLen);
-int DecryptData (FortezzaContext *inContext, CK_BYTE_PTR inData,
- CK_ULONG inDataLen, CK_BYTE_PTR inDest,
- CK_ULONG inDestLen);
-
-int SaveState (FortezzaContext *inContext, CI_IV inIV,
- PK11Session *inSession, FortezzaKey *inKey,
- int inCryptoType, CK_MECHANISM_TYPE inMechanism);
-
-int WrapKey (FortezzaKey *wrappingKey, FortezzaKey *srcKey,
- CK_BYTE_PTR pDest, CK_ULONG ulDestLen);
-int UnwrapKey (CK_BYTE_PTR inWrappedKey, FortezzaKey *inKey);
-
-#endif /*SOCKET_H_*/
diff --git a/security/nss/lib/fortcrypt/fpkcs11.h b/security/nss/lib/fortcrypt/fpkcs11.h
deleted file mode 100644
index 09f3dfe29..000000000
--- a/security/nss/lib/fortcrypt/fpkcs11.h
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/* Define API */
-#ifndef _FPKCS11_H_
-#define _FPKCS11_H_ 1
-
-#include "seccomon.h"
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-
-#ifndef TRUE
-#define TRUE (!FALSE)
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* All the various pkcs11 types and #define'd values are in the file */
-/* pkcs11t.h. CK_PTR should be defined there, too; it's the recipe for */
-/* making pointers. */
-#include "fpkcs11t.h"
-
-#define __PASTE(x,y) x##y
-
-/* ================================================================= */
-/* Define the "extern" form of all the entry points */
-
-#define CK_EXTERN extern
-#define CK_FUNC(name) CK_ENTRY name
-#define CK_NEED_ARG_LIST 1
-#define _CK_RV PR_PUBLIC_API(CK_RV)
-
-/* pkcs11f.h has all the information about the PKCS #11 functions. */
-#include "fpkcs11f.h"
-
-#undef CK_FUNC
-#undef CK_EXTERN
-#undef CK_NEED_ARG_LIST
-#undef _CK_RV
-
-/* ================================================================= */
-/* Define the typedef form of all the entry points. */
-/* That is, for each Cryptoki function C_XXX, define a type CK_C_XXX */
-/* which is a pointer to that kind of function. */
-
-#define CK_EXTERN typedef
-#define CK_FUNC(name) CK_ENTRY (CK_PTR __PASTE(CK_,name))
-#define CK_NEED_ARG_LIST 1
-#define _CK_RV CK_RV
-
-#include "fpkcs11f.h"
-
-#undef CK_FUNC
-#undef CK_EXTERN
-#undef CK_NEED_ARG_LIST
-#undef _CK_RV
-
-/* =================================================================
- * Define structed vector of entry points.
- * The CK_FUNCTION_LIST contains a CK_VERSION indicating the PKCS #11
- * version, and then a whole slew of function pointers to the routines
- * in the library. This type was declared, but not defined, in
- * pkcs11t.h. */
-
-
-/* These data types are platform/implementation dependent. */
-#if defined(XP_WIN)
-#if defined(_WIN32)
-#define CK_ENTRY
-#define CK_PTR * /* definition for Win32 */
-#define NULL_PTR 0 /* NULL pointer */
-#pragma pack(push, cryptoki, 1)
-#else /* win16 */
-#if defined(__WATCOMC__)
-#define CK_ENTRY
-#define CK_PTR * /* definition for Win16 */
-#define NULL_PTR 0 /* NULL pointer */
-#pragma pack(push, 1)
-#else /* not Watcom 16-bit */
-#define CK_ENTRY
-#define CK_PTR * /* definition for Win16 */
-#define NULL_PTR 0 /* NULL pointer */
-#pragma pack(1)
-#endif
-#endif
-#else /* not windows */
-#define CK_ENTRY
-#define CK_PTR * /* definition for UNIX */
-#define NULL_PTR 0 /* NULL pointer */
-#endif
-
-
-#define CK_EXTERN
-#define CK_FUNC(name) __PASTE(CK_,name) name;
-#define _CK_RV
-
-struct CK_FUNCTION_LIST {
-
- CK_VERSION version; /* PKCS #11 version */
-
-/* Pile all the function pointers into it. */
-#include "fpkcs11f.h"
-
-};
-
-#undef CK_FUNC
-#undef CK_EXTERN
-#undef _CK_RV
-
-
-#if defined(XP_WIN)
-#if defined(_WIN32)
-#pragma pack(pop, cryptoki)
-#else /* win16 */
-#if defined(__WATCOMC__)
-#pragma pack(pop)
-#else /* not Watcom 16-bit */
-#pragma pack()
-#endif
-#endif
-#endif
-
-
-#undef __PASTE
-/* ================================================================= */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/security/nss/lib/fortcrypt/fpkcs11f.h b/security/nss/lib/fortcrypt/fpkcs11f.h
deleted file mode 100644
index 6fa7e755d..000000000
--- a/security/nss/lib/fortcrypt/fpkcs11f.h
+++ /dev/null
@@ -1,953 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/* This function contains pretty much everything about all */
-/* the PKCS #11 function prototypes. */
-
-/* General-purpose */
-
-/* C_Initialize initializes the PKCS #11 library. */
-CK_EXTERN _CK_RV CK_FUNC(C_Initialize)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
-);
-#endif
-
-
-/* C_Finalize indicates that an application is done with the PKCS #11
- * library. */
-CK_EXTERN _CK_RV CK_FUNC(C_Finalize)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
-);
-#endif
-
-
-/* C_GetInfo returns general information about PKCS #11. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetInfo)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_INFO_PTR pInfo /* location that receives the information */
-);
-#endif
-
-
-/* C_GetFunctionList returns the function list. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetFunctionList)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives ptr to function
-list */
-);
-#endif
-
-
-
-/* Slot and token management */
-
-/* C_GetSlotList obtains a list of slots in the system. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetSlotList)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_BBOOL tokenPresent, /* only slots with token present */
- CK_SLOT_ID_PTR pSlotList, /* receives the array of slot IDs */
- CK_ULONG_PTR pulCount /* receives the number of slots */
-);
-#endif
-
-
-/* C_GetSlotInfo obtains information about a particular slot in the
-system. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetSlotInfo)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* the ID of the slot */
- CK_SLOT_INFO_PTR pInfo /* receives the slot information */
-);
-#endif
-
-
-/* C_GetTokenInfo obtains information about a particular token in the
- * system. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetTokenInfo)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* ID of the token's slot */
- CK_TOKEN_INFO_PTR pInfo /* receives the token information */
-);
-#endif
-
-
-/* C_GetMechanismList obtains a list of mechanism types supported by
- * a token. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetMechanismList)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* ID of the token's slot */
- CK_MECHANISM_TYPE_PTR pMechanismList, /* receives mech. types array
-*/
- CK_ULONG_PTR pulCount /* receives number of mechs. */
-);
-#endif
-
-
-/* C_GetMechanismInfo obtains information about a particular mechanism
- * possibly supported by a token. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetMechanismInfo)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* ID of the token's slot */
- CK_MECHANISM_TYPE type, /* type of mechanism */
- CK_MECHANISM_INFO_PTR pInfo /* receives mechanism information */
-);
-#endif
-
-
-/* C_InitToken initializes a token. */
-CK_EXTERN _CK_RV CK_FUNC(C_InitToken)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* ID of the token's slot */
- CK_CHAR_PTR pPin, /* the SO's initial PIN */
- CK_ULONG ulPinLen, /* length in bytes of the PIN */
- CK_CHAR_PTR pLabel /* 32-byte token label (blank padded) */
-);
-#endif
-
-
-/* C_InitPIN initializes the normal user's PIN. */
-CK_EXTERN _CK_RV CK_FUNC(C_InitPIN)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_CHAR_PTR pPin, /* the normal user's PIN */
- CK_ULONG ulPinLen /* length in bytes of the PIN */
-);
-#endif
-
-
-/* C_SetPIN modifies the PIN of user that is currently logged in. */
-CK_EXTERN _CK_RV CK_FUNC(C_SetPIN)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_CHAR_PTR pOldPin, /* the old PIN */
- CK_ULONG ulOldLen, /* length of the old PIN */
- CK_CHAR_PTR pNewPin, /* the new PIN */
- CK_ULONG ulNewLen /* length of the new PIN */
-);
-#endif
-
-
-
-/* Session management */
-
-/* C_OpenSession opens a session between an application and a token. */
-CK_EXTERN _CK_RV CK_FUNC(C_OpenSession)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* the slot's ID */
- CK_FLAGS flags, /* defined in CK_SESSION_INFO */
- CK_VOID_PTR pApplication, /* pointer passed to callback */
- CK_NOTIFY Notify, /* notification callback function
-*/
- CK_SESSION_HANDLE_PTR phSession /* receives new session handle */
-);
-#endif
-
-
-/* C_CloseSession closes a session between an application and a token.
-*/
-CK_EXTERN _CK_RV CK_FUNC(C_CloseSession)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession /* the session's handle */
-);
-#endif
-
-
-/* C_CloseAllSessions closes all sessions with a token. */
-CK_EXTERN _CK_RV CK_FUNC(C_CloseAllSessions)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID /* the token's slot */
-);
-#endif
-
-
-/* C_GetSessionInfo obtains information about the session. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetSessionInfo)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_SESSION_INFO_PTR pInfo /* receives session information */
-);
-#endif
-
-
-/* C_GetOperationState obtains the state of the cryptographic operation
- * in a session. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pOperationState, /* location receiving state */
- CK_ULONG_PTR pulOperationStateLen /* location receiving state
-length */
-);
-#endif
-
-
-/* C_SetOperationState restores the state of the cryptographic operation
- * in a session. */
-CK_EXTERN _CK_RV CK_FUNC(C_SetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pOperationState, /* the location holding the
-state */
- CK_ULONG ulOperationStateLen, /* location holding state
-length */
- CK_OBJECT_HANDLE hEncryptionKey, /* handle of en/decryption key
-*/
- CK_OBJECT_HANDLE hAuthenticationKey /* handle of sign/verify key */
-);
-#endif
-
-
-/* C_Login logs a user into a token. */
-CK_EXTERN _CK_RV CK_FUNC(C_Login)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_USER_TYPE userType, /* the user type */
- CK_CHAR_PTR pPin, /* the user's PIN */
- CK_ULONG ulPinLen /* the length of the PIN */
-);
-#endif
-
-
-/* C_Logout logs a user out from a token. */
-CK_EXTERN _CK_RV CK_FUNC(C_Logout)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession /* the session's handle */
-);
-#endif
-
-
-
-/* Object management */
-
-/* C_CreateObject creates a new object. */
-CK_EXTERN _CK_RV CK_FUNC(C_CreateObject)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
- CK_ULONG ulCount, /* attributes in template */
- CK_OBJECT_HANDLE_PTR phObject /* receives new object's handle. */
-);
-#endif
-
-
-/* C_CopyObject copies an object, creating a new object for the copy. */
-CK_EXTERN _CK_RV CK_FUNC(C_CopyObject)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hObject, /* the object's handle */
- CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
- CK_ULONG ulCount, /* attributes in template */
- CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
-);
-#endif
-
-
-/* C_DestroyObject destroys an object. */
-CK_EXTERN _CK_RV CK_FUNC(C_DestroyObject)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hObject /* the object's handle */
-);
-#endif
-
-
-/* C_GetObjectSize gets the size of an object in bytes. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetObjectSize)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hObject, /* the object's handle */
- CK_ULONG_PTR pulSize /* receives size of object */
-);
-#endif
-
-
-/* C_GetAttributeValue obtains the value of one or more object
-attributes. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hObject, /* the object's handle */
- CK_ATTRIBUTE_PTR pTemplate, /* specifies attributes, gets values */
- CK_ULONG ulCount /* attributes in template */
-);
-#endif
-
-
-/* C_SetAttributeValue modifies the value of one or more object
-attributes */
-CK_EXTERN _CK_RV CK_FUNC(C_SetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hObject, /* the object's handle */
- CK_ATTRIBUTE_PTR pTemplate, /* specifies attributes and values */
- CK_ULONG ulCount /* attributes in template */
-);
-#endif
-
-
-/* C_FindObjectsInit initializes a search for token and session objects
- * that match a template. */
-CK_EXTERN _CK_RV CK_FUNC(C_FindObjectsInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
- CK_ULONG ulCount /* attributes in search template */
-);
-#endif
-
-
-/* C_FindObjects continues a search for token and session objects
- * that match a template, obtaining additional object handles. */
-CK_EXTERN _CK_RV CK_FUNC(C_FindObjects)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE_PTR phObject, /* receives object handle array
-*/
- CK_ULONG ulMaxObjectCount, /* max handles to be returned
-*/
- CK_ULONG_PTR pulObjectCount /* actual number returned */
-);
-#endif
-
-
-/* C_FindObjectsFinal finishes a search for token and session objects.
-*/
-CK_EXTERN _CK_RV CK_FUNC(C_FindObjectsFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession /* the session's handle */
-);
-#endif
-
-
-
-/* Encryption and decryption */
-
-/* C_EncryptInit initializes an encryption operation. */
-CK_EXTERN _CK_RV CK_FUNC(C_EncryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
- CK_OBJECT_HANDLE hKey /* handle of encryption key */
-);
-#endif
-
-
-/* C_Encrypt encrypts single-part data. */
-CK_EXTERN _CK_RV CK_FUNC(C_Encrypt)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pData, /* the plaintext data */
- CK_ULONG ulDataLen, /* bytes of plaintext data */
- CK_BYTE_PTR pEncryptedData, /* receives encrypted data */
- CK_ULONG_PTR pulEncryptedDataLen /* receives encrypted byte
-count */
-);
-#endif
-
-
-/* C_EncryptUpdate continues a multiple-part encryption operation. */
-CK_EXTERN _CK_RV CK_FUNC(C_EncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pPart, /* the plaintext data */
- CK_ULONG ulPartLen, /* bytes of plaintext data */
- CK_BYTE_PTR pEncryptedPart, /* receives encrypted data */
- CK_ULONG_PTR pulEncryptedPartLen /* receives encrypted byte count
-*/
-);
-#endif
-
-
-/* C_EncryptFinal finishes a multiple-part encryption operation. */
-CK_EXTERN _CK_RV CK_FUNC(C_EncryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pLastEncryptedPart, /* receives encrypted last
-part */
- CK_ULONG_PTR pulLastEncryptedPartLen /* receives byte count */
-);
-#endif
-
-
-/* C_DecryptInit initializes a decryption operation. */
-CK_EXTERN _CK_RV CK_FUNC(C_DecryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
- CK_OBJECT_HANDLE hKey /* handle of the decryption key */
-);
-#endif
-
-
-/* C_Decrypt decrypts encrypted data in a single part. */
-CK_EXTERN _CK_RV CK_FUNC(C_Decrypt)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pEncryptedData, /* input encrypted data */
- CK_ULONG ulEncryptedDataLen, /* count of bytes of input */
- CK_BYTE_PTR pData, /* receives decrypted output */
- CK_ULONG_PTR pulDataLen /* receives decrypted byte count
-*/
-);
-#endif
-
-
-/* C_DecryptUpdate continues a multiple-part decryption operation. */
-CK_EXTERN _CK_RV CK_FUNC(C_DecryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pEncryptedPart, /* input encrypted data */
- CK_ULONG ulEncryptedPartLen, /* count of bytes of input */
- CK_BYTE_PTR pPart, /* receives decrypted output */
- CK_ULONG_PTR pulPartLen /* receives decrypted byte
-count */
-);
-#endif
-
-
-/* C_DecryptFinal finishes a multiple-part decryption operation. */
-CK_EXTERN _CK_RV CK_FUNC(C_DecryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pLastPart, /* receives decrypted output */
- CK_ULONG_PTR pulLastPartLen /* receives decrypted byte count */
-);
-#endif
-
-
-
-/* Message digesting */
-
-/* C_DigestInit initializes a message-digesting operation. */
-CK_EXTERN _CK_RV CK_FUNC(C_DigestInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
-);
-#endif
-
-
-/* C_Digest digests data in a single part. */
-CK_EXTERN _CK_RV CK_FUNC(C_Digest)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pData, /* data to be digested */
- CK_ULONG ulDataLen, /* bytes of data to be digested */
- CK_BYTE_PTR pDigest, /* receives the message digest */
- CK_ULONG_PTR pulDigestLen /* receives byte length of digest */
-);
-#endif
-
-
-/* C_DigestUpdate continues a multiple-part message-digesting operation.
-*/
-CK_EXTERN _CK_RV CK_FUNC(C_DigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pPart, /* data to be digested */
- CK_ULONG ulPartLen /* bytes of data to be digested */
-);
-#endif
-
-
-/* C_DigestKey continues a multi-part message-digesting operation, by
- * digesting the value of a secret key as part of the data already
-digested.
- */
-CK_EXTERN _CK_RV CK_FUNC(C_DigestKey)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hKey /* handle of secret key to digest */
-);
-#endif
-
-
-/* C_DigestFinal finishes a multiple-part message-digesting operation.
-*/
-CK_EXTERN _CK_RV CK_FUNC(C_DigestFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pDigest, /* receives the message digest */
- CK_ULONG_PTR pulDigestLen /* receives byte count of digest */
-);
-#endif
-
-
-
-/* Signing and MACing */
-
-/* C_SignInit initializes a signature (private key encryption)
-operation,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-CK_EXTERN _CK_RV CK_FUNC(C_SignInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
- CK_OBJECT_HANDLE hKey /* handle of the signature key */
-);
-#endif
-
-
-/* C_Sign signs (encrypts with private key) data in a single part,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-CK_EXTERN _CK_RV CK_FUNC(C_Sign)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pData, /* the data (digest) to be signed
-*/
- CK_ULONG ulDataLen, /* count of bytes to be signed */
- CK_BYTE_PTR pSignature, /* receives the signature */
- CK_ULONG_PTR pulSignatureLen /* receives byte count of signature
-*/
-);
-#endif
-
-
-/* C_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-CK_EXTERN _CK_RV CK_FUNC(C_SignUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pPart, /* the data (digest) to be signed */
- CK_ULONG ulPartLen /* count of bytes to be signed */
-);
-#endif
-
-
-/* C_SignFinal finishes a multiple-part signature operation,
- * returning the signature. */
-CK_EXTERN _CK_RV CK_FUNC(C_SignFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pSignature, /* receives the signature */
- CK_ULONG_PTR pulSignatureLen /* receives byte count of signature
-*/
-);
-#endif
-
-
-/* C_SignRecoverInit initializes a signature operation,
- * where the (digest) data can be recovered from the signature.
- * E.g. encryption with the user's private key */
-CK_EXTERN _CK_RV CK_FUNC(C_SignRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
- CK_OBJECT_HANDLE hKey /* handle of the signature key */
-);
-#endif
-
-
-/* C_SignRecover signs data in a single operation
- * where the (digest) data can be recovered from the signature.
- * E.g. encryption with the user's private key */
-CK_EXTERN _CK_RV CK_FUNC(C_SignRecover)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pData, /* the data (digest) to be signed
-*/
- CK_ULONG ulDataLen, /* count of bytes to be signed */
- CK_BYTE_PTR pSignature, /* receives the signature */
- CK_ULONG_PTR pulSignatureLen /* receives byte count of signature
-*/
-);
-#endif
-
-
-
-/* Verifying signatures and MACs */
-
-/* C_VerifyInit initializes a verification operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature (e.g. DSA) */
-CK_EXTERN _CK_RV CK_FUNC(C_VerifyInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
- CK_OBJECT_HANDLE hKey /* handle of the verification key */
-);
-#endif
-
-
-/* C_Verify verifies a signature in a single-part operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-CK_EXTERN _CK_RV CK_FUNC(C_Verify)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pData, /* plaintext data (digest) to
-compare */
- CK_ULONG ulDataLen, /* length of data (digest) in bytes
-*/
- CK_BYTE_PTR pSignature, /* the signature to be verified */
- CK_ULONG ulSignatureLen /* count of bytes of signature */
-);
-#endif
-
-
-/* C_VerifyUpdate continues a multiple-part verification operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-CK_EXTERN _CK_RV CK_FUNC(C_VerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pPart, /* plaintext data (digest) to compare */
- CK_ULONG ulPartLen /* length of data (digest) in bytes */
-);
-#endif
-
-
-/* C_VerifyFinal finishes a multiple-part verification operation,
- * checking the signature. */
-CK_EXTERN _CK_RV CK_FUNC(C_VerifyFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pSignature, /* the signature to be verified */
- CK_ULONG ulSignatureLen /* count of bytes of signature */
-);
-#endif
-
-
-/* C_VerifyRecoverInit initializes a signature verification operation,
- * where the data is recovered from the signature.
- * E.g. Decryption with the user's public key */
-CK_EXTERN _CK_RV CK_FUNC(C_VerifyRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
- CK_OBJECT_HANDLE hKey /* handle of the verification key */
-);
-#endif
-
-
-/* C_VerifyRecover verifies a signature in a single-part operation,
- * where the data is recovered from the signature.
- * E.g. Decryption with the user's public key */
-CK_EXTERN _CK_RV CK_FUNC(C_VerifyRecover)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pSignature, /* the signature to be verified */
- CK_ULONG ulSignatureLen, /* count of bytes of signature */
- CK_BYTE_PTR pData, /* receives decrypted data (digest)
-*/
- CK_ULONG_PTR pulDataLen /* receives byte count of data */
-);
-#endif
-
-
-
-/* Dual-function cryptographic operations */
-
-/* C_DigestEncryptUpdate continues a multiple-part digesting and
-encryption operation. */
-CK_EXTERN _CK_RV CK_FUNC(C_DigestEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pPart, /* the plaintext data */
- CK_ULONG ulPartLen, /* bytes of plaintext data */
- CK_BYTE_PTR pEncryptedPart, /* receives encrypted data */
- CK_ULONG_PTR pulEncryptedPartLen /* receives encrypted byte
-count */
-);
-#endif
-
-
-/* C_DecryptDigestUpdate continues a multiple-part decryption and
- * digesting operation. */
-CK_EXTERN _CK_RV CK_FUNC(C_DecryptDigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pEncryptedPart, /* input encrypted data */
- CK_ULONG ulEncryptedPartLen, /* count of bytes of input */
- CK_BYTE_PTR pPart, /* receives decrypted output */
- CK_ULONG_PTR pulPartLen /* receives decrypted byte
-count */
-);
-#endif
-
-
-/* C_SignEncryptUpdate continues a multiple-part signing and
- * encryption operation. */
-CK_EXTERN _CK_RV CK_FUNC(C_SignEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pPart, /* the plaintext data */
- CK_ULONG ulPartLen, /* bytes of plaintext data */
- CK_BYTE_PTR pEncryptedPart, /* receives encrypted data */
- CK_ULONG_PTR pulEncryptedPartLen /* receives encrypted byte
-count */
-);
-#endif
-
-
-/* C_DecryptVerifyUpdate continues a multiple-part decryption and
- * verify operation. */
-CK_EXTERN _CK_RV CK_FUNC(C_DecryptVerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pEncryptedPart, /* input encrypted data */
- CK_ULONG ulEncryptedPartLen, /* count of byes of input */
- CK_BYTE_PTR pPart, /* receives decrypted output */
- CK_ULONG_PTR pulPartLen /* receives decrypted byte
-count */
-);
-#endif
-
-
-
-/* Key management */
-
-/* C_GenerateKey generates a secret key, creating a new key object. */
-CK_EXTERN _CK_RV CK_FUNC(C_GenerateKey)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the key generation mechanism */
- CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */
- CK_ULONG ulCount, /* number of attributes in template
-*/
- CK_OBJECT_HANDLE_PTR phKey /* receives handle of new key */
-);
-#endif
-
-
-/* C_GenerateKeyPair generates a public-key/private-key pair,
- * creating new key objects. */
-CK_EXTERN _CK_RV CK_FUNC(C_GenerateKeyPair)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's
-handle */
- CK_MECHANISM_PTR pMechanism, /* the key gen.
-mech. */
- CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* pub. attr.
-template */
- CK_ULONG ulPublicKeyAttributeCount, /* # of pub. attrs.
-*/
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* priv. attr.
-template */
- CK_ULONG ulPrivateKeyAttributeCount, /* # of priv. attrs.
-*/
- CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key
-handle */
- CK_OBJECT_HANDLE_PTR phPrivateKey /* gets priv. key
-handle */
-);
-#endif
-
-
-/* C_WrapKey wraps (i.e., encrypts) a key. */
-CK_EXTERN _CK_RV CK_FUNC(C_WrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
- CK_OBJECT_HANDLE hWrappingKey, /* handle of the wrapping key */
- CK_OBJECT_HANDLE hKey, /* handle of the key to be wrapped
-*/
- CK_BYTE_PTR pWrappedKey, /* receives the wrapped key */
- CK_ULONG_PTR pulWrappedKeyLen /* receives byte size of wrapped
-key */
-);
-#endif
-
-
-/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key
-object. */
-CK_EXTERN _CK_RV CK_FUNC(C_UnwrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the unwrapping mechanism */
- CK_OBJECT_HANDLE hUnwrappingKey, /* handle of the unwrapping
-key */
- CK_BYTE_PTR pWrappedKey, /* the wrapped key */
- CK_ULONG ulWrappedKeyLen, /* bytes length of wrapped key
-*/
- CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */
- CK_ULONG ulAttributeCount, /* # of attributes in template
-*/
- CK_OBJECT_HANDLE_PTR phKey /* gets handle of recovered
-key */
-);
-#endif
-
-
-/* C_DeriveKey derives a key from a base key, creating a new key object.
-*/
-CK_EXTERN _CK_RV CK_FUNC(C_DeriveKey)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the key derivation
-mechanism */
- CK_OBJECT_HANDLE hBaseKey, /* handle of the base key */
- CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */
- CK_ULONG ulAttributeCount, /* # of attributes in template
-*/
- CK_OBJECT_HANDLE_PTR phKey /* gets handle of derived key
-*/
-);
-#endif
-
-
-
-/* Random number generation */
-
-/* C_SeedRandom mixes additional seed material into the token's random
-number
- * generator. */
-CK_EXTERN _CK_RV CK_FUNC(C_SeedRandom)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pSeed, /* the seed material */
- CK_ULONG ulSeedLen /* count of bytes of seed material */
-);
-#endif
-
-
-/* C_GenerateRandom generates random data. */
-CK_EXTERN _CK_RV CK_FUNC(C_GenerateRandom)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR RandomData, /* receives the random data */
- CK_ULONG ulRandomLen /* number of bytes to be generated */
-);
-#endif
-
-
-
-/* Parallel function management */
-
-/* C_GetFunctionStatus obtains an updated status of a function running
- * in parallel with an application. */
-CK_EXTERN _CK_RV CK_FUNC(C_GetFunctionStatus)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession /* the session's handle */
-);
-#endif
-
-
-/* C_CancelFunction cancels a function running in parallel. */
-CK_EXTERN _CK_RV CK_FUNC(C_CancelFunction)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession /* the session's handle */
-);
-#endif
-
-
-
-/* Functions added in for PKCS #11 Version 2.01 or later */
-
-/* C_WaitForSlotEvent waits for a slot event (token insertion,
- * removal, etc.) to occur. */
-CK_EXTERN _CK_RV CK_FUNC(C_WaitForSlotEvent)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_FLAGS flags, /* blocking/nonblocking flag */
- CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
- CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
-);
-#endif
diff --git a/security/nss/lib/fortcrypt/fpkcs11i.h b/security/nss/lib/fortcrypt/fpkcs11i.h
deleted file mode 100644
index 9359bb8d6..000000000
--- a/security/nss/lib/fortcrypt/fpkcs11i.h
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Internal data structures used by pkcs11.c
- */
-#ifndef _FPKCS11I_H_
-#define _FPKCS11I_H_ 1
-
-#include "fpkstrs.h"
-#ifdef SWFORT
-#ifndef RETURN_TYPE
-#define RETURN_TYPE int
-#endif
-#endif
-#include "genci.h"
-
-typedef struct PK11AttributeStr PK11Attribute;
-typedef struct PK11ObjectListStr PK11ObjectList;
-typedef struct PK11ObjectListElementStr PK11ObjectListElement;
-typedef struct PK11ObjectStr PK11Object;
-typedef struct PK11SessionStr PK11Session;
-typedef struct PK11SlotStr PK11Slot;
-typedef struct PK11SessionContextStr PK11SessionContext;
-typedef struct PK11SearchResultsStr PK11SearchResults;
-
-typedef void (*PK11Destroy)(void *, PRBool);
-typedef SECStatus (*PK11Cipher)(void *,void *,unsigned int *,unsigned int,
- void *, unsigned int);
-typedef SECStatus (*PK11Verify)(void *,void *,unsigned int,void *,unsigned int);
-typedef void (*PK11Hash)(void *,void *,unsigned int);
-typedef void (*PK11End)(void *,void *,unsigned int *,unsigned int);
-typedef void (*PK11Free)(void *);
-
-#define HASH_SIZE 32
-#define SESSION_HASH_SIZE 64
-
-/* Value to tell if an attribute is modifiable or not.
- * NEVER: attribute is only set on creation.
- * ONCOPY: attribute is set on creation and can only be changed on copy.
- * SENSITIVE: attribute can only be changed to TRUE.
- * ALWAYS: attribute can always be changed.
- */
-typedef enum {
- PK11_NEVER = 0,
- PK11_ONCOPY = 1,
- PK11_SENSITIVE = 2,
- PK11_ALWAYS = 3
-} PK11ModifyType;
-
-/*
- * Free Status Enum... tell us more information when we think we're
- * deleting an object.
- */
-typedef enum {
- PK11_DestroyFailure,
- PK11_Destroyed,
- PK11_Busy
-} PK11FreeStatus;
-
-/*
- * attribute values of an object.
- */
-struct PK11AttributeStr {
- PK11Attribute *next;
- PK11Attribute *prev;
- int refCount;
- void *refLock;
- /*must be called handle to make pk11queue_find work */
- CK_ATTRIBUTE_TYPE handle;
- CK_ATTRIBUTE attrib;
-};
-
-struct PK11ObjectListStr {
- PK11ObjectList *next;
- PK11ObjectList *prev;
- PK11Object *parent;
-};
-
-/*
- * PKCS 11 crypto object structure
- */
-struct PK11ObjectStr {
- PK11Object *next;
- PK11Object *prev;
- PK11ObjectList sessionList;
- CK_OBJECT_HANDLE handle;
- int refCount;
- void *refLock;
- void *attributeLock;
- PK11Session *session;
- PK11Slot *slot;
- CK_OBJECT_CLASS objclass;
- void *objectInfo;
- PK11Free infoFree;
- char *label;
- PRBool inDB;
- PK11Attribute *head[HASH_SIZE];
-};
-
-/*
- * struct to deal with a temparary list of objects
- */
-struct PK11ObjectListElementStr {
- PK11ObjectListElement *next;
- PK11Object *object;
-};
-
-/*
- * Area to hold Search results
- */
-struct PK11SearchResultsStr {
- CK_OBJECT_HANDLE *handles;
- int size;
- int index;
-};
-
-
-/*
- * the universal crypto/hash/sign/verify context structure
- */
-typedef enum {
- PK11_ENCRYPT,
- PK11_DECRYPT,
- PK11_HASH,
- PK11_SIGN,
- PK11_SIGN_RECOVER,
- PK11_VERIFY,
- PK11_VERIFY_RECOVER
-} PK11ContextType;
-
-
-struct PK11SessionContextStr {
- PK11ContextType type;
- PRBool multi; /* is multipart */
- void *cipherInfo;
- unsigned int cipherInfoLen;
- CK_MECHANISM_TYPE currentMech;
- PK11Cipher update;
- PK11Hash hashUpdate;
- PK11End end;
- PK11Destroy destroy;
- PK11Verify verify;
- unsigned int maxLen;
-};
-
-/*
- * Sessions (have objects)
- */
-struct PK11SessionStr {
- PK11Session *next;
- PK11Session *prev;
- CK_SESSION_HANDLE handle;
- int refCount;
- void *refLock;
- void *objectLock;
- int objectIDCount;
- CK_SESSION_INFO info;
- CK_NOTIFY notify;
- CK_VOID_PTR appData;
- PK11Slot *slot;
- PK11SearchResults *search;
- PK11SessionContext *context;
- PK11ObjectList *objects[1];
- FortezzaContext fortezzaContext;
-};
-
-/*
- * slots (have sessions and objects)
- */
-struct PK11SlotStr {
- CK_SLOT_ID slotID;
- void *sessionLock;
- void *objectLock;
- SECItem *password;
- PRBool hasTokens;
- PRBool isLoggedIn;
- PRBool ssoLoggedIn;
- PRBool needLogin;
- PRBool DB_loaded;
- int sessionIDCount;
- int sessionCount;
- int rwSessionCount;
- int tokenIDCount;
- PK11Object *tokObjects[HASH_SIZE];
- PK11Session *head[SESSION_HASH_SIZE];
-};
-
-/*
- * session handle modifiers
- */
-#define PK11_PRIVATE_KEY_FLAG 0x80000000L
-
-/*
- * object handle modifiers
- */
-#define PK11_TOKEN_MASK 0x80000000L
-#define PK11_TOKEN_MAGIC 0x80000000L
-#define PK11_TOKEN_TYPE_MASK 0x70000000L
-#define PK11_TOKEN_TYPE_CERT 0x00000000L
-#define PK11_TOKEN_TYPE_PRIV 0x10000000L
-
-/* how big a password/pin we can deal with */
-#define PK11_MAX_PIN 255
-
-/* slot helper macros */
-#define pk11_SlotFromSessionHandle(handle) (((handle) & PK11_PRIVATE_KEY_FLAG)\
- ? &pk11_slot[1] : &pk11_slot[0])
-#define PK11_TOSLOT1(handle) handle &= ~PK11_PRIVATE_KEY_FLAG
-#define PK11_TOSLOT2(handle) handle |= PK11_PRIVATE_KEY_FLAG
-#define pk11_SlotFromSession(sp) ((sp)->slot)
-#define pk11_SlotFromID(id) ((id) == NETSCAPE_SLOT_ID ? \
- &pk11_slot[0] : (((id) == PRIVATE_KEY_SLOT_ID) ? &pk11_slot[1] : NULL))
-#define pk11_isToken(id) (((id) & PK11_TOKEN_MASK) == PK11_TOKEN_MAGIC)
-
-/* queueing helper macros */
-#define pk11_hash(value,size) ((value) & (size-1))/*size must be a power of 2*/
-#define pk11queue_add(element,id,head,hash_size) \
- { int tmp = pk11_hash(id,hash_size); \
- (element)->next = (head)[tmp]; \
- (element)->prev = NULL; \
- if ((head)[tmp]) (head)[tmp]->prev = (element); \
- (head)[tmp] = (element); }
-#define pk11queue_find(element,id,head,hash_size) \
- for( (element) = (head)[pk11_hash(id,hash_size)]; (element) != NULL; \
- (element) = (element)->next) { \
- if ((element)->handle == (id)) { break; } }
-#define pk11queue_delete(element,id,head,hash_size) \
- if ((element)->next) (element)->next->prev = (element)->prev; \
- if ((element)->prev) (element)->prev->next = (element)->next; \
- else (head)[pk11_hash(id,hash_size)] = ((element)->next); \
- (element)->next = NULL; \
- (element)->prev = NULL; \
-
-/* expand an attribute & secitem structures out */
-#define pk11_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
-#define pk11_item_expand(ip) (ip)->data,(ip)->len
-
-#endif
-
diff --git a/security/nss/lib/fortcrypt/fpkcs11t.h b/security/nss/lib/fortcrypt/fpkcs11t.h
deleted file mode 100644
index f3c6b0470..000000000
--- a/security/nss/lib/fortcrypt/fpkcs11t.h
+++ /dev/null
@@ -1,1098 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-#ifndef _PKCS11T_H_
-#define _PKCS11T_H_ 1
-
-/* an unsigned 8-bit value */
-typedef unsigned char CK_BYTE;
-
-/* an unsigned 8-bit character */
-typedef CK_BYTE CK_CHAR;
-
-/* a BYTE-sized Boolean flag */
-typedef CK_BYTE CK_BBOOL;
-
-/* an unsigned value, at least 32 bits long */
-typedef unsigned long int CK_ULONG;
-
-/* a signed value, the same size as a CK_ULONG */
-/* CK_LONG is new for v2.0 */
-typedef long int CK_LONG;
-
-/* at least 32 bits, each bit is a Boolean flag */
-typedef CK_ULONG CK_FLAGS;
-
-/* some special values for certain CK_ULONG variables */
-#define CK_UNAVAILABLE_INFORMATION (~0UL)
-#define CK_EFFECTIVELY_INFINITE 0
-
-/* these data types are platform/implementation dependent. */
-#if defined(XP_WIN)
-#if defined(_WIN32)
-#define CK_ENTRY
-#define CK_PTR * /* definition for Win32 */
-#define NULL_PTR 0 /* NULL pointer */
-#pragma pack(push, cryptoki, 1)
-#else /* win16 */
-#if defined(__WATCOMC__)
-#define CK_ENTRY
-#define CK_PTR * /* definition for Win16 */
-#define NULL_PTR 0 /* NULL pointer */
-#pragma pack(push, 1)
-#else /* not Watcom 16-bit */
-#define CK_ENTRY
-#define CK_PTR * /* definition for Win16 */
-#define NULL_PTR 0 /* NULL pointer */
-#pragma pack(1)
-#endif
-#endif
-#else /* not windows */
-#define CK_ENTRY
-#define CK_PTR * /* definition for UNIX */
-#define NULL_PTR 0 /* NULL pointer */
-#endif
-
-
-typedef CK_BYTE CK_PTR CK_BYTE_PTR; /* Pointer to a CK_BYTE */
-typedef CK_CHAR CK_PTR CK_CHAR_PTR; /* Pointer to a CK_CHAR */
-typedef CK_ULONG CK_PTR CK_ULONG_PTR; /* Pointer to a CK_ULONG */
-typedef void CK_PTR CK_VOID_PTR; /* Pointer to a void */
-typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; /* Pointer to a CK_VOID_PTR */
-
-/* The following value is always invalid if used as a session */
-/* handle or object handle */
-#define CK_INVALID_HANDLE 0
-
-typedef struct CK_VERSION {
- CK_BYTE major; /* integer portion of the version number */
- CK_BYTE minor; /* hundredths portion of the version number */
-} CK_VERSION;
-
-typedef CK_VERSION CK_PTR CK_VERSION_PTR; /* points to a CK_VERSION */
-
-
-typedef struct CK_INFO {
- CK_VERSION cryptokiVersion; /* PKCS #11 interface version number */
- CK_CHAR manufacturerID[32]; /* blank padded */
- CK_FLAGS flags; /* must be zero */
-
- /* libraryDescription and libraryVersion are new for v2.0 */
- CK_CHAR libraryDescription[32]; /* blank padded */
- CK_VERSION libraryVersion; /* version of library */
-} CK_INFO;
-
-typedef CK_INFO CK_PTR CK_INFO_PTR; /* points to a CK_INFO structure */
-
-
-/* CK_NOTIFICATION enumerates the types of notifications
- * that PKCS #11 provides to an application. */
-/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG for v2.0 */
-typedef CK_ULONG CK_NOTIFICATION;
-#define CKN_SURRENDER 0
-
-
-typedef CK_ULONG CK_SLOT_ID;
-
-/* CK_SLOT_ID_PTR points to a CK_SLOT_ID. */
-typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
-
-
-/* CK_SLOT_INFO provides information about a slot. */
-typedef struct CK_SLOT_INFO {
- CK_CHAR slotDescription[64]; /* blank padded */
- CK_CHAR manufacturerID[32]; /* blank padded */
- CK_FLAGS flags;
-
- /* hardwareVersion and firmwareVersion are new for v2.0 */
- CK_VERSION hardwareVersion; /* version of hardware */
- CK_VERSION firmwareVersion; /* version of firmware */
-} CK_SLOT_INFO;
-
-/* flags: bits flags that provide capabilities of the slot.
- * Bit Flag Mask Meaning
- */
-#define CKF_TOKEN_PRESENT 0x00000001 /* a token is present in the slot */
-#define CKF_REMOVABLE_DEVICE 0x00000002 /* reader supports removable devices*/
-#define CKF_HW_SLOT 0x00000004 /* a hardware slot, not a "soft token"*/
-
-/* CK_SLOT_INFO_PTR points to a CK_SLOT_INFO. */
-typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
-
-
-/* CK_TOKEN_INFO provides information about a token. */
-typedef struct CK_TOKEN_INFO {
- CK_CHAR label[32]; /* blank padded */
- CK_CHAR manufacturerID[32]; /* blank padded */
- CK_CHAR model[16]; /* blank padded */
- CK_CHAR serialNumber[16]; /* blank padded */
- CK_FLAGS flags; /* see below */
-
- /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
- * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
- * changed from CK_USHORT to CK_ULONG for v2.0 */
- CK_ULONG ulMaxSessionCount; /* max open sessions */
- CK_ULONG ulSessionCount; /* sessions currently open */
- CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
- CK_ULONG ulRwSessionCount; /* R/W sessions currently open */
- CK_ULONG ulMaxPinLen; /* in bytes */
- CK_ULONG ulMinPinLen; /* in bytes */
- CK_ULONG ulTotalPublicMemory; /* in bytes */
- CK_ULONG ulFreePublicMemory; /* in bytes */
- CK_ULONG ulTotalPrivateMemory; /* in bytes */
- CK_ULONG ulFreePrivateMemory; /* in bytes */
-
- /* hardwareVersion, firmwareVersion, and time are new for v2.0 */
- CK_VERSION hardwareVersion; /* version of hardware */
- CK_VERSION firmwareVersion; /* version of firmware */
- CK_CHAR utcTime[16]; /* time */
-} CK_TOKEN_INFO;
-
-/* The flags parameter is defined as follows:
- * Table 7-2, Token Information Flags
- * Bit Flag Mask Meaning
- */
-#define CKF_RNG 0x00000001 /* has random number generator */
-#define CKF_WRITE_PROTECTED 0x00000002 /* token is write-protected */
-#define CKF_LOGIN_REQUIRED 0x00000004 /* a user must be logged in */
-#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's PIN is initialized */
-
-
-/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, then that means */
-/* that *every* time the state of cryptographic operations of a session is */
-/* successfully saved, all keys needed to continue those operations are */
-/* stored in the state. */
-#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020 /* key always saved in saved sessions */
-
-/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, then that means that */
-/* the token has some sort of clock. The time on that clock is returned in */
-/* the token info structure. */
-#define CKF_CLOCK_ON_TOKEN 0x00000040 /* token has a clock */
-
-/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is true, that means */
-/* that there is some way for the user to login without sending a PIN through */
-/* the PKCS #11 library itself. */
-#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100 /* token has protected path */
-/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, that
- * means that a single session with the token can perform dual
- * simultaneous cryptographic operations (digest and encrypt;
- * decrypt and digest; sign and encrypt; and decrypt and sign) */
-#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200 /* dual crypto operations */
-
-/* CK_TOKEN_INFO_PTR points to a CK_TOKEN_INFO. */
-typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
-
-
-/* CK_SESSION_HANDLE is a PKCS #11-assigned value that identifies a session. */
-typedef CK_ULONG CK_SESSION_HANDLE;
-
-/* CK_SESSION_HANDLE_PTR points to a CK_SESSION_HANDLE. */
-typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
-
-
-/* CK_USER_TYPE enumerates the types of PKCS #11 users */
-/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for v2.0 */
-typedef CK_ULONG CK_USER_TYPE;
-/* Security Officer */
-#define CKU_SO 0
-/* Normal user */
-#define CKU_USER 1
-
-
-/* CK_STATE enumerates the session states */
-/* CK_STATE has been changed from an enum to a CK_ULONG for v2.0 */
-typedef CK_ULONG CK_STATE;
-#define CKS_RO_PUBLIC_SESSION 0
-#define CKS_RO_USER_FUNCTIONS 1
-#define CKS_RW_PUBLIC_SESSION 2
-#define CKS_RW_SO_FUNCTIONS 3
-#define CKS_RW_USER_FUNCTIONS 4
-
-
-/* CK_SESSION_INFO provides information about a session. */
-typedef struct CK_SESSION_INFO {
- CK_SLOT_ID slotID;
- CK_STATE state;
- CK_FLAGS flags; /* see below */
-
- /* ulDeviceError was changed from CK_USHORT to CK_ULONG for v2.0 */
- CK_ULONG ulDeviceError; /* device-dependent error code */
-} CK_SESSION_INFO;
-
-/* The flags are defined in the following table. */
-/* Table 7-3, Session Information Flags */
-/* Bit Flag Mask Meaning
- */
-#define CKF_RW_SESSION 0x00000002 /* session is read/write; not R/O */
-#define CKF_SERIAL_SESSION 0x00000004 /* session doesn't support parallel */
-
-/* CK_SESSION_INFO_PTR points to a CK_SESSION_INFO. */
-typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
-
-
-/* CK_OBJECT_HANDLE is a token-specific identifier for an object. */
-typedef CK_ULONG CK_OBJECT_HANDLE;
-
-/* CK_OBJECT_HANDLE_PTR points to a CK_OBJECT_HANDLE. */
-typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
-
-
-/* CK_OBJECT_CLASS is a value that identifies the classes (or types)
- * of objects that PKCS #11 recognizes. It is defined as follows: */
-/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for v2.0 */
-typedef CK_ULONG CK_OBJECT_CLASS;
-
-/* The following classes of objects are defined: */
-#define CKO_DATA 0x00000000
-#define CKO_CERTIFICATE 0x00000001
-#define CKO_PUBLIC_KEY 0x00000002
-#define CKO_PRIVATE_KEY 0x00000003
-#define CKO_SECRET_KEY 0x00000004
-#define CKO_VENDOR_DEFINED 0x80000000L
-
-/* CK_OBJECT_CLASS_PTR points to a CK_OBJECT_CLASS structure. */
-typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-
-
-/* CK_KEY_TYPE is a value that identifies a key type. */
-/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-typedef CK_ULONG CK_KEY_TYPE;
-
-/* the following key types are defined: */
-#define CKK_RSA 0x00000000
-#define CKK_DSA 0x00000001
-#define CKK_DH 0x00000002
-
-/* CKK_ECDSA, and CKK_KEA are new for v2.0 */
-#define CKK_ECDSA 0x00000003
-#define CKK_KEA 0x00000005
-
-#define CKK_GENERIC_SECRET 0x00000010
-#define CKK_RC2 0x00000011
-#define CKK_RC4 0x00000012
-#define CKK_DES 0x00000013
-#define CKK_DES2 0x00000014
-#define CKK_DES3 0x00000015
-
-/* all these key types are new for v2.0 */
-#define CKK_CAST 0x00000016
-#define CKK_CAST3 0x00000017
-#define CKK_CAST5 0x00000018
-#define CKK_RC5 0x00000019
-#define CKK_IDEA 0x0000001A
-#define CKK_SKIPJACK 0x0000001B
-#define CKK_BATON 0x0000001C
-#define CKK_JUNIPER 0x0000001D
-#define CKK_CDMF 0x0000001E
-
-#define CKK_VENDOR_DEFINED 0x80000000L
-
-/* CK_CERTIFICATE_TYPE is a value that identifies a certificate type. */
-/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-typedef CK_ULONG CK_CERTIFICATE_TYPE;
-
-/* The following certificate types are defined: */
-#define CKC_X_509 0x00000000
-#define CKC_VENDOR_DEFINED 0x80000000L
-
-
-/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute type. */
-/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-typedef CK_ULONG CK_ATTRIBUTE_TYPE;
-
-/* The following attribute types are defined: */
-#define CKA_CLASS 0x00000000
-#define CKA_TOKEN 0x00000001
-#define CKA_PRIVATE 0x00000002
-#define CKA_LABEL 0x00000003
-#define CKA_APPLICATION 0x00000010
-#define CKA_VALUE 0x00000011
-#define CKA_CERTIFICATE_TYPE 0x00000080
-#define CKA_ISSUER 0x00000081
-#define CKA_SERIAL_NUMBER 0x00000082
-#define CKA_KEY_TYPE 0x00000100
-#define CKA_SUBJECT 0x00000101
-#define CKA_ID 0x00000102
-#define CKA_SENSITIVE 0x00000103
-#define CKA_ENCRYPT 0x00000104
-#define CKA_DECRYPT 0x00000105
-#define CKA_WRAP 0x00000106
-#define CKA_UNWRAP 0x00000107
-#define CKA_SIGN 0x00000108
-#define CKA_SIGN_RECOVER 0x00000109
-#define CKA_VERIFY 0x0000010A
-#define CKA_VERIFY_RECOVER 0x0000010B
-#define CKA_DERIVE 0x0000010C
-#define CKA_START_DATE 0x00000110
-#define CKA_END_DATE 0x00000111
-#define CKA_MODULUS 0x00000120
-#define CKA_MODULUS_BITS 0x00000121
-#define CKA_PUBLIC_EXPONENT 0x00000122
-#define CKA_PRIVATE_EXPONENT 0x00000123
-#define CKA_PRIME_1 0x00000124
-#define CKA_PRIME_2 0x00000125
-#define CKA_EXPONENT_1 0x00000126
-#define CKA_EXPONENT_2 0x00000127
-#define CKA_COEFFICIENT 0x00000128
-#define CKA_PRIME 0x00000130
-#define CKA_SUBPRIME 0x00000131
-#define CKA_BASE 0x00000132
-#define CKA_VALUE_BITS 0x00000160
-#define CKA_VALUE_LEN 0x00000161
-
-/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, CKA_ALWAYS_SENSITIVE, */
-/* and CKA_MODIFIABLE are new for v2.0 */
-#define CKA_EXTRACTABLE 0x00000162
-#define CKA_LOCAL 0x00000163
-#define CKA_NEVER_EXTRACTABLE 0x00000164
-#define CKA_ALWAYS_SENSITIVE 0x00000165
-#define CKA_MODIFIABLE 0x00000170
-
-#define CKA_VENDOR_DEFINED 0x80000000L
-
-/* CK_ATTRIBUTE is a structure that includes the type, length and value
- * of an attribute. */
-typedef struct CK_ATTRIBUTE {
- CK_ATTRIBUTE_TYPE type;
- CK_VOID_PTR pValue;
-
- /* ulValueLen was changed from CK_USHORT to CK_ULONG for v2.0 */
- CK_ULONG ulValueLen; /* in bytes */
-} CK_ATTRIBUTE;
-
-/* CK_ATTRIBUTE_PTR points to a CK_ATTRIBUTE. */
-typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
-
-
-/* CK_DATE is a structure that defines a date. */
-typedef struct CK_DATE{
- CK_CHAR year[4]; /* the year ("1900" - "9999") */
- CK_CHAR month[2]; /* the month ("01" - "12") */
- CK_CHAR day[2]; /* the day ("01" - "31") */
-} CK_DATE;
-
-
-/* CK_MECHANISM_TYPE is a value that identifies a mechanism type. */
-/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-typedef CK_ULONG CK_MECHANISM_TYPE;
-
-/* the following mechanism types are defined: */
-#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
-#define CKM_RSA_PKCS 0x00000001
-#define CKM_RSA_9796 0x00000002
-#define CKM_RSA_X_509 0x00000003
-
-/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS are */
-/* new for v2.0. They are mechanisms which hash and sign */
-#define CKM_MD2_RSA_PKCS 0x00000004
-#define CKM_MD5_RSA_PKCS 0x00000005
-#define CKM_SHA1_RSA_PKCS 0x00000006
-
-#define CKM_DSA_KEY_PAIR_GEN 0x00000010
-#define CKM_DSA 0x00000011
-#define CKM_DSA_SHA1 0x00000012
-#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
-#define CKM_DH_PKCS_DERIVE 0x00000021
-#define CKM_RC2_KEY_GEN 0x00000100
-#define CKM_RC2_ECB 0x00000101
-#define CKM_RC2_CBC 0x00000102
-#define CKM_RC2_MAC 0x00000103
-
-/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new to v2.0 */
-#define CKM_RC2_MAC_GENERAL 0x00000104
-#define CKM_RC2_CBC_PAD 0x00000105
-
-#define CKM_RC4_KEY_GEN 0x00000110
-#define CKM_RC4 0x00000111
-#define CKM_DES_KEY_GEN 0x00000120
-#define CKM_DES_ECB 0x00000121
-#define CKM_DES_CBC 0x00000122
-#define CKM_DES_MAC 0x00000123
-
-/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new to v2.0 */
-#define CKM_DES_MAC_GENERAL 0x00000124
-#define CKM_DES_CBC_PAD 0x00000125
-
-#define CKM_DES2_KEY_GEN 0x00000130
-#define CKM_DES3_KEY_GEN 0x00000131
-#define CKM_DES3_ECB 0x00000132
-#define CKM_DES3_CBC 0x00000133
-#define CKM_DES3_MAC 0x00000134
-
-/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, */
-/* CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, CKM_CDMF_MAC_GENERAL, */
-/* and CKM_CDMF_CBC_PAD are new to v2.0 */
-#define CKM_DES3_MAC_GENERAL 0x00000135
-#define CKM_DES3_CBC_PAD 0x00000136
-#define CKM_CDMF_KEY_GEN 0x00000140
-#define CKM_CDMF_ECB 0x00000141
-#define CKM_CDMF_CBC 0x00000142
-#define CKM_CDMF_MAC 0x00000143
-#define CKM_CDMF_MAC_GENERAL 0x00000144
-#define CKM_CDMF_CBC_PAD 0x00000145
-
-#define CKM_MD2 0x00000200
-
-/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new to v2.0 */
-#define CKM_MD2_HMAC 0x00000201
-#define CKM_MD2_HMAC_GENERAL 0x00000202
-
-#define CKM_MD5 0x00000210
-
-/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new to v2.0 */
-#define CKM_MD5_HMAC 0x00000211
-#define CKM_MD5_HMAC_GENERAL 0x00000212
-
-#define CKM_SHA_1 0x00000220
-
-/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new to v2.0 */
-#define CKM_SHA_1_HMAC 0x00000221
-#define CKM_SHA_1_HMAC_GENERAL 0x00000222
-
-/* All the following mechanisms are new to v2.0 */
-#define CKM_CAST_KEY_GEN 0x00000300
-#define CKM_CAST_ECB 0x00000301
-#define CKM_CAST_CBC 0x00000302
-#define CKM_CAST_MAC 0x00000303
-#define CKM_CAST_MAC_GENERAL 0x00000304
-#define CKM_CAST_CBC_PAD 0x00000305
-#define CKM_CAST3_KEY_GEN 0x00000310
-#define CKM_CAST3_ECB 0x00000311
-#define CKM_CAST3_CBC 0x00000312
-#define CKM_CAST3_MAC 0x00000313
-#define CKM_CAST3_MAC_GENERAL 0x00000314
-#define CKM_CAST3_CBC_PAD 0x00000315
-#define CKM_CAST5_KEY_GEN 0x00000320
-#define CKM_CAST5_ECB 0x00000321
-#define CKM_CAST5_CBC 0x00000322
-#define CKM_CAST5_MAC 0x00000323
-#define CKM_CAST5_MAC_GENERAL 0x00000324
-#define CKM_CAST5_CBC_PAD 0x00000325
-#define CKM_RC5_KEY_GEN 0x00000330
-#define CKM_RC5_ECB 0x00000331
-#define CKM_RC5_CBC 0x00000332
-#define CKM_RC5_MAC 0x00000333
-#define CKM_RC5_MAC_GENERAL 0x00000334
-#define CKM_RC5_CBC_PAD 0x00000335
-#define CKM_IDEA_KEY_GEN 0x00000340
-#define CKM_IDEA_ECB 0x00000341
-#define CKM_IDEA_CBC 0x00000342
-#define CKM_IDEA_MAC 0x00000343
-#define CKM_IDEA_MAC_GENERAL 0x00000344
-#define CKM_IDEA_CBC_PAD 0x00000345
-#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
-#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
-#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
-#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
-#define CKM_XOR_BASE_AND_DATA 0x00000364
-#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
-#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
-#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
-#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
-#define CKM_SSL3_MD5_MAC 0x00000380
-#define CKM_SSL3_SHA1_MAC 0x00000381
-#define CKM_MD5_KEY_DERIVATION 0x00000390
-#define CKM_MD2_KEY_DERIVATION 0x00000391
-#define CKM_SHA1_KEY_DERIVATION 0x00000392
-#define CKM_PBE_MD2_DES_CBC 0x000003A0
-#define CKM_PBE_MD5_DES_CBC 0x000003A1
-#define CKM_PBE_MD5_CAST_CBC 0x000003A2
-#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
-#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
-#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
-#define CKM_PBE_SHA1_RC4_128 0x000003A6
-#define CKM_PBE_SHA1_RC4_40 0x000003A7
-#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
-#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
-#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
-#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
-#define CKM_KEY_WRAP_LYNKS 0x00000400
-#define CKM_KEY_WRAP_SET_OAEP 0x00000401
-
-/* Fortezza mechanisms */
-#define CKM_SKIPJACK_KEY_GEN 0x00001000
-#define CKM_SKIPJACK_ECB64 0x00001001
-#define CKM_SKIPJACK_CBC64 0x00001002
-#define CKM_SKIPJACK_OFB64 0x00001003
-#define CKM_SKIPJACK_CFB64 0x00001004
-#define CKM_SKIPJACK_CFB32 0x00001005
-#define CKM_SKIPJACK_CFB16 0x00001006
-#define CKM_SKIPJACK_CFB8 0x00001007
-#define CKM_SKIPJACK_WRAP 0x00001008
-#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
-#define CKM_SKIPJACK_RELAYX 0x0000100a
-#define CKM_KEA_KEY_PAIR_GEN 0x00001010
-#define CKM_KEA_KEY_DERIVE 0x00001011
-#define CKM_FORTEZZA_TIMESTAMP 0x00001020
-#define CKM_BATON_KEY_GEN 0x00001030
-#define CKM_BATON_ECB128 0x00001031
-#define CKM_BATON_ECB96 0x00001032
-#define CKM_BATON_CBC128 0x00001033
-#define CKM_BATON_COUNTER 0x00001034
-#define CKM_BATON_SHUFFLE 0x00001035
-#define CKM_BATON_WRAP 0x00001036
-#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
-#define CKM_ECDSA 0x00001041
-#define CKM_ECDSA_SHA1 0x00001042
-#define CKM_JUNIPER_KEY_GEN 0x00001060
-#define CKM_JUNIPER_ECB128 0x00001061
-#define CKM_JUNIPER_CBC128 0x00001062
-#define CKM_JUNIPER_COUNTER 0x00001063
-#define CKM_JUNIPER_SHUFFLE 0x00001064
-#define CKM_JUNIPER_WRAP 0x00001065
-#define CKM_FASTHASH 0x00001070
-
-#define CKM_VENDOR_DEFINED 0x80000000L
-
-
-/* CK_MECHANISM_TYPE_PTR points to a CK_MECHANISM_TYPE structure. */
-typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
-
-
-/* CK_MECHANISM is a structure that specifies a particular mechanism. */
-typedef struct CK_MECHANISM {
- CK_MECHANISM_TYPE mechanism;
- CK_VOID_PTR pParameter;
-
- /* ulParameterLen was changed from CK_USHORT to CK_ULONG for v2.0 */
- CK_ULONG ulParameterLen; /* in bytes */
-} CK_MECHANISM;
-
-/* CK_MECHANISM_PTR points to a CK_MECHANISM structure. */
-typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
-
-
-/* CK_MECHANISM_INFO provides information about a particular mechanism. */
-typedef struct CK_MECHANISM_INFO {
- CK_ULONG ulMinKeySize;
- CK_ULONG ulMaxKeySize;
- CK_FLAGS flags;
-} CK_MECHANISM_INFO;
-
-/* The flags are defined as follows.
- * Table 7-4, Mechanism Information FLags
- * Bit Flag Mask Meaning */
-#define CKF_HW 0x00000001 /* performed by HW device; not SW */
-
-/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, CKG_SIGN_RECOVER, */
-/* CKF_VERIFY, CKF_VERIFY_RECOVER, CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, */
-/* CKF_UNWRAP, and CKF_DERIVE are new for v2.0 */
-#define CKF_ENCRYPT 0x00000100 /* can be used with C_EncryptInit */
-#define CKF_DECRYPT 0x00000200 /* can be used with C_DecryptInit */
-#define CKF_DIGEST 0x00000400 /* can be used with C_DigestInit */
-#define CKF_SIGN 0x00000800 /* can be used with C_SignInit */
-#define CKF_SIGN_RECOVER 0x00001000 /* can use with C_SignRecoverInit */
-#define CKF_VERIFY 0x00002000 /* can be used with C_VerifyInit */
-#define CKF_VERIFY_RECOVER 0x00004000 /* can use w/ C_VerifyRecoverInit */
-#define CKF_GENERATE 0x00008000L /* can be used with C_GenerateKey */
-#define CKF_GENERATE_KEY_PAIR 0x00010000L /* can use with C_GenerateKeyPair */
-#define CKF_WRAP 0x00020000L /* can be used with C_WrapKey */
-#define CKF_UNWRAP 0x00040000L /* can be used with C_UnwrapKey */
-#define CKF_DERIVE 0x00080000L /* can be used with C_DeriveKey */
-
-#define CKF_EXTENSION 0x80000000L /* Must be FALSE for this version */
-
-/* CK_MECHANISM_INFO_PTR points to a CK_MECHANISM_INFO structure. */
-typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
-
-
-/* CK_RV is a value that identifies the return value of a PKCS #11 function. */
-/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
-typedef CK_ULONG CK_RV;
-
-#define CKR_OK 0x00000000
-#define CKR_CANCEL 0x00000001
-#define CKR_HOST_MEMORY 0x00000002
-#define CKR_SLOT_ID_INVALID 0x00000003
-
-/* CKR_FLAGS_INVALID was removed for v2.0 */
-
-/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
-#define CKR_GENERAL_ERROR 0x00000005
-#define CKR_FUNCTION_FAILED 0x00000006
-
-/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
- * and CKR_CANT_LOCK are new for v2.01 */
-#define CKR_ARGUMENTS_BAD 0x00000007
-#define CKR_NO_EVENT 0x00000008
-#define CKR_NEED_TO_CREATE_THREADS 0x00000009
-#define CKR_CANT_LOCK 0x0000000A
-
-#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
-#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
-#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
-#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
-#define CKR_DATA_INVALID 0x00000020
-#define CKR_DATA_LEN_RANGE 0x00000021
-#define CKR_DEVICE_ERROR 0x00000030
-#define CKR_DEVICE_MEMORY 0x00000031
-#define CKR_DEVICE_REMOVED 0x00000032
-#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
-#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
-#define CKR_FUNCTION_CANCELED 0x00000050
-#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
-
-/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
-#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
-
-#define CKR_KEY_HANDLE_INVALID 0x00000060
-
-/* CKR_KEY_SENSITIVE was removed for v2.0 */
-
-#define CKR_KEY_SIZE_RANGE 0x00000062
-#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
-
-/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
- * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
- * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are
- * new for v2.0 */
-#define CKR_KEY_NOT_NEEDED 0x00000064
-#define CKR_KEY_CHANGED 0x00000065
-#define CKR_KEY_NEEDED 0x00000066
-#define CKR_KEY_INDIGESTIBLE 0x00000067
-#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
-#define CKR_KEY_NOT_WRAPPABLE 0x00000069
-#define CKR_KEY_UNEXTRACTABLE 0x0000006A
-
-#define CKR_MECHANISM_INVALID 0x00000070
-#define CKR_MECHANISM_PARAM_INVALID 0x00000071
-
-/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
- * were removed for v2.0 */
-#define CKR_OBJECT_HANDLE_INVALID 0x00000082
-#define CKR_OPERATION_ACTIVE 0x00000090
-#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
-#define CKR_PIN_INCORRECT 0x000000A0
-#define CKR_PIN_INVALID 0x000000A1
-#define CKR_PIN_LEN_RANGE 0x000000A2
-
-/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
-#define CKR_PIN_EXPIRED 0x000000A3
-#define CKR_PIN_LOCKED 0x000000A4
-
-#define CKR_SESSION_CLOSED 0x000000B0
-#define CKR_SESSION_COUNT 0x000000B1
-#define CKR_SESSION_HANDLE_INVALID 0x000000B3
-#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
-#define CKR_SESSION_READ_ONLY 0x000000B5
-#define CKR_SESSION_EXISTS 0x000000B6
-
-/* CKR_SESSION_READ_ONLY_EXISTS and CKR_SESSION_READ_WRITE_SO_EXISTS
- * are new for v2.0 */
-#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
-#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
-
-#define CKR_SIGNATURE_INVALID 0x000000C0
-#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
-#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
-#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
-#define CKR_TOKEN_NOT_PRESENT 0x000000E0
-#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
-#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
-#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
-#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
-#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
-#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
-#define CKR_USER_NOT_LOGGED_IN 0x00000101
-#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
-#define CKR_USER_TYPE_INVALID 0x00000103
-
-/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
- * are new to v2.01 */
-#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
-#define CKR_USER_TOO_MANY_TYPES 0x00000105
-
-#define CKR_WRAPPED_KEY_INVALID 0x00000110
-#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
-#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
-#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
-#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
-#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
-
-/* These are new to v2.0 */
-#define CKR_RANDOM_NO_RNG 0x00000121
-#define CKR_INSERTION_CALLBACK_SET 0x00000140
-#define CKR_INSERTION_CALLBACK_NOT_SUPPORTED 0x00000141
-#define CKR_BUFFER_TOO_SMALL 0x00000150
-#define CKR_SAVED_STATE_INVALID 0x00000160
-#define CKR_INFORMATION_SENSITIVE 0x00000170
-#define CKR_STATE_UNSAVEABLE 0x00000180
-
-/* These are new to v2.01 */
-#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
-#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
-#define CKR_MUTEX_BAD 0x000001A0
-#define CKR_MUTEX_NOT_LOCKED 0x000001A1
-
-#define CKR_VENDOR_DEFINED 0x80000000L
-
-
-/* CK_NOTIFY is an application callback that processes events. */
-typedef CK_RV (CK_ENTRY CK_PTR CK_NOTIFY)(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_NOTIFICATION event,
- CK_VOID_PTR pApplication /* same as passed to C_OpenSession. */
-);
-
-/* CK_FUNCTION_LIST is going to be a structure holding a PKCS #11 spec */
-/* version and pointers of appropriate types to all the PKCS #11 functions. */
-/* CK_FUNCTION_LIST is new for v2.0 */
-typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
-
-typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
-
-typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
-
-/* CK_CREATEMUTEX is an application callback for creating a mutex */
-typedef CK_RV CK_ENTRY (CK_PTR CK_CREATEMUTEX)(
- CK_VOID_PTR_PTR ppMutex /* location to receive pointer to mutex */
-);
-
-
-/* CK_DESTROYMUTEX is an application callback for destroying a mutex */
-typedef CK_RV CK_ENTRY (CK_PTR CK_DESTROYMUTEX)(
- CK_VOID_PTR pMutex /* pointer to mutex */
-);
-
-
-/* CK_LOCKMUTEX is an application callback for locking a mutex */
-typedef CK_RV CK_ENTRY (CK_PTR CK_LOCKMUTEX)(
- CK_VOID_PTR pMutex /* pointer to mutex */
-);
-
-
-/* CK_UNLOCKMUTEX is an application callback for unlocking a mutex */
-typedef CK_RV CK_ENTRY (CK_PTR CK_UNLOCKMUTEX)(
- CK_VOID_PTR pMutex /* pointer to mutex */
-);
-
-
-/* CK_C_INITIALIZE_ARGS provides the optional arguments to C_Initialize
-*/
-typedef struct CK_C_INITIALIZE_ARGS {
- CK_CREATEMUTEX CreateMutex;
- CK_DESTROYMUTEX DestroyMutex;
- CK_LOCKMUTEX LockMutex;
- CK_UNLOCKMUTEX UnlockMutex;
- CK_FLAGS flags;
- CK_VOID_PTR pReserved;
-} CK_C_INITIALIZE_ARGS;
-
-/* flags: bit flags that provide capabilities of the slot
- * Bit Flag Mask Meaning
- */
-#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001 /* library may not
- * spawn its own
- * threads */
-#define CKF_OS_LOCKING_OK 0x00000002 /* library can use
- * native operating
- * system thread
- * synchronization */
-
-/* CK_C_INITIALIZE_ARGS_PTR is a pointer to a CK_C_INITIALIZE_ARGS */
-typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
-
-
-/* additional flags for parameters to functions */
-
-/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
-#define CKF_DONT_BLOCK 1
-
-/* CK_KEA_DERIVE_PARAMS provides the parameters to the CKM_KEA_DERIVE
- * mechanism. */
-/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
-typedef struct CK_KEA_DERIVE_PARAMS {
- CK_BBOOL isSender;
- CK_ULONG ulRandomLen;
- CK_BYTE_PTR pRandomA;
- CK_BYTE_PTR pRandomB;
- CK_ULONG ulPublicDataLen;
- CK_BYTE_PTR pPublicData;
-} CK_KEA_DERIVE_PARAMS;
-
-/* CK_KEA_DERIVE_PARAMS_PTR points to a CK_KEA_DERIVE_PARAMS. */
-typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
-
-
-/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and CKM_RC2_MAC */
-/* mechanisms. An instance of CK_RC2_PARAMS just holds the effective keysize. */
-typedef CK_ULONG CK_RC2_PARAMS;
-
-
-/* CK_RC2_PARAMS_PTR points to a CK_RC2_PARAMS. */
-typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
-
-
-/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC mechanism. */
-typedef struct CK_RC2_CBC_PARAMS {
- /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for v2.0 */
- CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-
- CK_BYTE iv[8]; /* IV for CBC mode */
-} CK_RC2_CBC_PARAMS;
-
-/* CK_RC2_CBC_PARAMS_PTR points to a CK_RC2_CBC_PARAMS. */
-typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
-
-/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the */
-/* CKM_RC2_MAC_GENERAL mechanism. */
-/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
-typedef struct CK_RC2_MAC_GENERAL_PARAMS {
- CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
- CK_ULONG ulMacLength; /* Length of MAC in bytes */
-} CK_RC2_MAC_GENERAL_PARAMS;
-
-typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR CK_RC2_MAC_GENERAL_PARAMS_PTR;
-
-
-/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and CKM_RC5_MAC */
-/* mechanisms. */
-/* CK_RC5_PARAMS is new for v2.0 */
-typedef struct CK_RC5_PARAMS {
- CK_ULONG ulWordsize; /* wordsize in bits */
- CK_ULONG ulRounds; /* number of rounds */
-} CK_RC5_PARAMS;
-
-/* CK_RC5_PARAMS_PTR points to a CK_RC5_PARAMS. */
-typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
-
-
-/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC mechanism. */
-/* CK_RC5_CBC_PARAMS is new for v2.0 */
-typedef struct CK_RC5_CBC_PARAMS {
- CK_ULONG ulWordsize; /* wordsize in bits */
- CK_ULONG ulRounds; /* number of rounds */
- CK_BYTE_PTR pIv; /* pointer to IV */
- CK_ULONG ulIvLen; /* length of IV in bytes */
-} CK_RC5_CBC_PARAMS;
-
-/* CK_RC5_CBC_PARAMS_PTR points to a CK_RC5_CBC_PARAMS. */
-typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
-
-
-/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the */
-/* CKM_RC5_MAC_GENERAL mechanism. */
-/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
-typedef struct CK_RC5_MAC_GENERAL_PARAMS {
- CK_ULONG ulWordsize; /* wordsize in bits */
- CK_ULONG ulRounds; /* number of rounds */
- CK_ULONG ulMacLength; /* Length of MAC in bytes */
-} CK_RC5_MAC_GENERAL_PARAMS;
-
-typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR CK_RC5_MAC_GENERAL_PARAMS_PTR;
-
-
-/* CK_MAC_GENERAL_PARAMS provides the parameters to most block ciphers' */
-/* MAC_GENERAL mechanisms. Its value is the length of the MAC. */
-/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
-typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
-
-typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
-
-
-/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
- * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
-/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
-typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
- CK_ULONG ulPasswordLen;
- CK_BYTE_PTR pPassword;
- CK_ULONG ulPublicDataLen;
- CK_BYTE_PTR pPublicData;
- CK_ULONG ulPAndGLen;
- CK_ULONG ulQLen;
- CK_ULONG ulRandomLen;
- CK_BYTE_PTR pRandomA;
- CK_BYTE_PTR pPrimeP;
- CK_BYTE_PTR pBaseG;
- CK_BYTE_PTR pSubprimeQ;
-} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
-
-/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR points to a
- * CK_SKIPJACK_PRIVATE_WRAP_PARAMS */
-typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
- CK_SKIPJACK_PRIVATE_WRAP_PTR;
-
-
-/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
- * CKM_SKIPJACK_RELAYX mechanism */
-/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
-typedef struct CK_SKIPJACK_RELAYX_PARAMS {
- CK_ULONG ulOldWrappedXLen;
- CK_BYTE_PTR pOldWrappedX;
- CK_ULONG ulOldPasswordLen;
- CK_BYTE_PTR pOldPassword;
- CK_ULONG ulOldPublicDataLen;
- CK_BYTE_PTR pOldPublicData;
- CK_ULONG ulOldRandomLen;
- CK_BYTE_PTR pOldRandomA;
- CK_ULONG ulNewPasswordLen;
- CK_BYTE_PTR pNewPassword;
- CK_ULONG ulNewPublicDataLen;
- CK_BYTE_PTR pNewPublicData;
- CK_ULONG ulNewRandomLen;
- CK_BYTE_PTR pNewRandomA;
-} CK_SKIPJACK_RELAYX_PARAMS;
-
-/* CK_SKIPJACK_RELAYX_PARAMS_PTR points to a CK_SKIPJACK_RELAYX_PARAMS
-*/
-typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR CK_SKIPJACK_RELAYX_PARAMS_PTR;
-
-typedef struct CK_PBE_PARAMS {
- CK_CHAR_PTR pInitVector;
- CK_CHAR_PTR pPassword;
- CK_ULONG ulPasswordLen;
- CK_CHAR_PTR pSalt;
- CK_ULONG ulSaltLen;
- CK_ULONG ulIteration;
-} CK_PBE_PARAMS;
-
-typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
-
-
-/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the */
-/* CKM_KEY_WRAP_SET_OAEP mechanism. */
-/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
-typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
- CK_BYTE bBC; /* block contents byte */
- CK_BYTE_PTR pX; /* extra data */
- CK_ULONG ulXLen; /* length of extra data in bytes */
-} CK_KEY_WRAP_SET_OAEP_PARAMS;
-
-/* CK_KEY_WRAP_SET_OAEP_PARAMS_PTR points to a CK_KEY_WRAP_SET_OAEP_PARAMS. */
-typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
-
-/* CK_BATON_PARAMS provides the parameters to the CKM_BATON_ECB128, */
-/* CKM_BATON_ECB96, CKM_BATON_CBC128, CKM_BATON_COUNTER, and */
-/* CKM_BATON_SHUFFLE mechanisms. */
-/* CK_BATON_PARAMS is new for v2.0 */
-typedef struct CK_BATON_PARAMS {
- CK_BYTE iv[24];
-} CK_BATON_PARAMS;
-
-/* CK_BATON_PARAMS_PTR points to a CK_BATON_PARAMS. */
-typedef CK_BATON_PARAMS CK_PTR CK_BATON_PARAMS_PTR;
-
-
-typedef struct CK_SSL3_RANDOM_DATA {
- CK_BYTE_PTR pClientRandom;
- CK_ULONG ulClientRandomLen;
- CK_BYTE_PTR pServerRandom;
- CK_ULONG ulServerRandomLen;
-} CK_SSL3_RANDOM_DATA;
-
-
-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
- CK_SSL3_RANDOM_DATA RandomInfo;
- CK_VERSION_PTR pVersion;
-} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-
-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
- CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
-
-
-typedef struct CK_SSL3_KEY_MAT_OUT {
- CK_OBJECT_HANDLE hClientMacSecret;
- CK_OBJECT_HANDLE hServerMacSecret;
- CK_OBJECT_HANDLE hClientKey;
- CK_OBJECT_HANDLE hServerKey;
- CK_BYTE_PTR pIVClient;
- CK_BYTE_PTR pIVServer;
-} CK_SSL3_KEY_MAT_OUT;
-
-typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
-
-
-typedef struct CK_SSL3_KEY_MAT_PARAMS {
- CK_ULONG ulMacSizeInBits;
- CK_ULONG ulKeySizeInBits;
- CK_ULONG ulIVSizeInBits;
- CK_BBOOL bIsExport;
- CK_SSL3_RANDOM_DATA RandomInfo;
- CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-} CK_SSL3_KEY_MAT_PARAMS;
-
-typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
-
-/* The CK_DERIVATION_STRING_DATA is used for bunches of Deriviation
- * Mechanisms. */
-typedef struct CK_KEY_DERIVATION_STRING_DATA {
- CK_BYTE_PTR pData;
- CK_ULONG ulLen;
-} CK_KEY_DERIVATION_STRING_DATA;
-typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR CK_KEY_DERIVATION_STRING_DATA_PTR;
-
-/* The CK_EXTRACT_PARAMS is used for the CKM_EXTRACT_KEY_FROM_KEY mechanism. */
-/* CK_EXTRACT_PARAMS is new for v2.0 */
-typedef CK_ULONG CK_EXTRACT_PARAMS;
-
-/* CK_EXTRACT_PARAMS_PTR points to a CK_EXTRACT_PARAMS. */
-typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-
-
-/* Do not attempt to use these. They are only used by NETSCAPE's internal
- * PKCS #11 interface. Most of these are place holders for other mechanism
- * and will change in the future.
- */
-#define CKM_NETSCAPE_PBE_KEY_GEN 0x80000001L
-#define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002L
-#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003L
-#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004L
-#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005L
-#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006L
-#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007L
-#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008L
-#define CKM_TLS_MASTER_KEY_DERIVE 0x80000371L
-#define CKM_TLS_KEY_AND_MAC_DERIVE 0x80000372L
-
-/* define used to pass in the database key for DSA private keys */
-#define CKA_NETSCAPE_DB 0xD5A0DB00L
-#define CKA_NETSCAPE_TRUST 0x80000001L
-
-#if defined(XP_WIN)
-#if defined(_WIN32)
-#pragma pack(pop, cryptoki)
-#else /* win16 */
-#if defined(__WATCOMC__)
-#pragma pack(pop)
-#else /* not Watcom 16-bit */
-#pragma pack()
-#endif
-#endif
-#endif
-
-#endif
diff --git a/security/nss/lib/fortcrypt/fpkmem.h b/security/nss/lib/fortcrypt/fpkmem.h
deleted file mode 100644
index f0530dbcb..000000000
--- a/security/nss/lib/fortcrypt/fpkmem.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifndef _FPKMEM_H_
-#define _FPKMEM_H_
-
-#define PORT_Free free
-#define PORT_Alloc malloc
-
-#define PORT_Memcmp memcmp
-#define PORT_Memcpy memcpy
-
-#define NUM_SLOTS 32
-
-#if !defined (XP_UNIX) && !defined (_WINDOWS)
-#define XP_MAC 1 /*Make sure we get this define in for Mac builds*/
-#endif
-
-#endif /*_FPKMEM_H_*/
diff --git a/security/nss/lib/fortcrypt/fpkstrs.h b/security/nss/lib/fortcrypt/fpkstrs.h
deleted file mode 100644
index 144ea1ee7..000000000
--- a/security/nss/lib/fortcrypt/fpkstrs.h
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifndef _context_h_
-#define _context_h_
-
-#ifdef SWFORT
-#ifndef RETURN_TYPE
-#define RETURN_TYPE int
-#endif
-#endif
-#include "cryptint.h"
-#include "genci.h"
-#include "maci.h"
-
-typedef enum {NOKEY, TEK, MEK, UNWRAP, Ks} FortezzaKeyType;
-typedef enum {Encrypt, Decrypt, Sign, None} CryptoType;
-
-typedef struct FortezzaKeyStr *FortezzaKeyPtr;
-typedef struct FortezzaSocketStr *FortezzaSocketPtr;
-typedef struct FortezzaKeyStr FortezzaKey;
-typedef unsigned char FortezzaMEK[12];
-
-
-typedef struct CreateTEKInfoStr {
- CI_RA Ra;
- CI_RB Rb;
- unsigned long randomLen;
- int personality;
- int flag; /*Either CI_INITIATOR_FLAG or CI_RECIPIENT_FLAG*/
- CI_Y pY;
- unsigned int YSize;
-} CreateTEKInfo;
-
-typedef struct FortezzaTEKStr {
- CI_RA Ra; /*All the parameters necessary to create a TEK */
- CI_RB Rb;
- unsigned long randomLen;
- CI_Y pY;
- int flags;
- int registerIndex;
- unsigned int ySize;
-} FortezzaTEK;
-
-struct FortezzaKeyStr {
- FortezzaKeyPtr next, prev;
- CK_OBJECT_HANDLE keyHandle;
- int keyRegister;
- FortezzaKeyType keyType;
- FortezzaSocketPtr keySocket;
- unsigned long id;
- unsigned long hitCount;
- union {
- FortezzaTEK tek;
- FortezzaMEK mek;
- } keyData;
-};
-
-typedef struct FortezzaSocketStr {
- PRBool isOpen;
- PRBool isLoggedIn;
- PRBool hasLoggedIn;
- PRBool personalitiesLoaded;
- unsigned long slotID;
- unsigned long hitCount;
- HSESSION maciSession;
- CI_SERIAL_NUMBER openCardSerial;
- CI_STATE openCardState;
- CI_PERSON *personalityList;
- int numPersonalities;
- int numKeyRegisters;
- FortezzaKey **keyRegisters; /*Array of pointers to keys in registers*/
- FortezzaKey *keys; /*Linked list of all the keys*/
- void *registersLock;
-} FortezzaSocket;
-
-typedef struct PK11SessionStr *PK11SessionPtr;
-
-typedef struct FortezzaConstextStr {
- FortezzaKey *fortezzaKey;
- FortezzaSocket *fortezzaSocket;
- PK11SessionPtr session;
- CryptoType cryptoOperation;
- CK_MECHANISM_TYPE mechanism;
- CI_SAVE_DATA cardState;
- CI_IV cardIV;
- unsigned long userRamSize;
- CK_OBJECT_HANDLE hKey;
-} FortezzaContext;
-
-
-
-#endif /*_context_h_*/
diff --git a/security/nss/lib/fortcrypt/genci.h b/security/nss/lib/fortcrypt/genci.h
deleted file mode 100644
index 7868e1853..000000000
--- a/security/nss/lib/fortcrypt/genci.h
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * the following header file switches between MACI and CI based on
- * compile options. That lest the rest of the source code operate
- * without change, even if it only suports CI_ calls, not MACI_ calls
- */
-#ifndef _GENCI_H_
-#define _GENCI_H_ 1
-#include "seccomon.h"
-
-#if defined (XP_UNIX) || defined (XP_WIN32)
-
-/*
- * On unix, NT, and Windows '95 we use full maci
- */
-#include "maci.h"
-
-#define MACI_SEL(x)
-
-/*
- * for sec-for.c
- */
-#define CI_Initialize MACI_Initialize
-#define CI_Terminate() { HSESSION hs;\
- MACI_GetSessionID(&hs);\
- MACI_Terminate(hs); }
-
-#else
-
-/*
- * On Mac we use the original CI_LIB
- */
-#include "cryptint.h"
-
-/*
- * MACI specific values not defined for CI lib
- */
-#define MACI_SESSION_EXCEEDED (-53)
-
-#ifndef HSESSION_DEFINE
-typedef unsigned int HSESSION;
-#define HSESSION_DEFINE
-#endif
-
-/*
- * Map MACI_ calls to CI_ calls. NOTE: this assumes the proper CI_Select
- * calls are issued in the CI_ case
- */
-#define MACI_ChangePIN(s,pin,old,new) CI_ChangePIN(pin,old,new)
-#define MACI_CheckPIN(s,type,pin) CI_CheckPIN(type,pin)
-#define MACI_Close(s,flag,socket) CI_Close(flag,socket)
-#define MACI_Decrypt(s,size,in,out) CI_Decrypt(size,in,out)
-#define MACI_DeleteCertificate(s,cert) CI_DeleteCertificate(cert)
-#define MACI_DeleteKey(s,index) CI_DeleteKey(index)
-#define MACI_Encrypt(s,size,in,out) CI_Encrypt(size,in,out)
-#define MACI_ExtractX(s,cert,type,pass,ySize,y,x,Ra,pgSize,qSize,p,q,g) \
- CI_ExtractX(cert,type,pass,ySize,y,x,Ra,pgSize,qSize,p,q,g)
-#define MACI_FirmwareUpdate(s,flags,Cksum,len,size,data) \
- CI_FirmwareUpdate(flags,Cksum,len,size,data)
-#define MACI_GenerateIV(s,iv) CI_GenerateIV(iv)
-#define MACI_GenerateMEK(s,index,res) CI_GenerateMEK(index,res)
-#define MACI_GenerateRa(s,Ra) CI_GenerateRa(Ra)
-#define MACI_GenerateRandom(s,ran) CI_GenerateRandom(ran)
-#define MACI_GenerateTEK(s,flag,index,Ra,Rb,size,Y) \
- CI_GenerateTEK(flag,index,Ra,Rb,size,Y)
-#define MACI_GenerateX(s,cert,type,pgSize,qSize,p,q,g,ySize,y) \
- CI_GenerateX(cert,type,pgSize,qSize,p,q,g,ySize,y)
-#define MACI_GetCertificate(s,cert,val) CI_GetCertificate(cert,val)
-#define MACI_GetConfiguration(s,config) CI_GetConfiguration(config)
-#define MACI_GetHash(s,size,data,val) CI_GetHash(size,data,val)
-#define MACI_GetPersonalityList(s,cnt,list) CI_GetPersonalityList(cnt,list)
-#define MACI_GetSessionID(s) CI_OK
-#define MACI_GetState(s,state) CI_GetState(state)
-#define MACI_GetStatus(s,status) CI_GetStatus(status)
-#define MACI_GetTime(s,time) CI_GetTime(time)
-#define MACI_Hash(s,size,data) CI_Hash(size,data)
-#define MACI_Initialize(count) CI_Initialize(count)
-#define MACI_InitializeHash(s) CI_InitializeHash()
-#define MACI_InstallX(s,cert,type,pass,ySize,y,x,Ra,pgSize,qSize,p,q,g) \
- CI_InstallX(cert,type,pass,ySize,y,x,Ra,pgSize,qSize,p,q,g)
-#define MACI_LoadCertificate(s,cert,label,data,res) \
- CI_LoadCertificate(cert,label,data,res)
-#define MACI_LoadDSAParameters(s,pgSize,qSize,p,q,g) \
- CI_LoadDSAParameters(pgSize,qSize,p,q,g)
-#define MACI_LoadInitValues(s,seed,Ks) CI_LoadInitValues(seed,Ks)
-#define MACI_LoadIV(s,iv) CI_LoadIV(iv)
-#define MACI_LoadX(s,cert,type,pgSize,qSize,p,q,g,x,ySize,y) \
- CI_LoadX(cert,type,pgSize,qSize,p,q,g,x,ySize,y)
-#define MACI_Lock(s,flags) CI_Lock(flags)
-#define MACI_Open(s,flags,index) CI_Open(flags,index)
-#define MACI_RelayX(s,oPass,oSize,oY,oRa,oX,nPass,nSize,nY,nRa,nX) \
- CI_RelayX(oPass,oSize,oY,oRa,oX,nPass,nSize,nY,nRa,nX)
-#define MACI_Reset(s) CI_Reset()
-#define MACI_Restore(s,type,data) CI_Restore(type,data)
-#define MACI_Save(s,type,data) CI_Save(type,data)
-#define MACI_Select(s,socket) CI_Select(socket)
-#define MACI_SetConfiguration(s,typ,sz,d) CI_SetConfiguration(typ,sz,d)
-#define MACI_SetKey(s,key) CI_SetKey(key)
-#define MACI_SetMode(s,type,mode) CI_SetMode(type,mode)
-#define MACI_SetPersonality(s,index) CI_SetPersonality(index)
-#define MACI_SetTime(s,time) CI_SetTime(time)
-#define MACI_Sign(s,hash,sig) CI_Sign(hash,sig)
-#define MACI_Terminate(s) CI_Terminate()
-#define MACI_TimeStamp(s,val,sig,time) CI_TimeStamp(val,sig,time)
-#define MACI_Unlock(s) CI_Unlock()
-#define MACI_UnwrapKey(s,targ,wrap,key) CI_UnwrapKey(targ,wrap,key)
-#define MACI_VerifySignature(s,h,siz,y,sig) CI_VerifySignature(h,siz,y,sig)
-#define MACI_VerifyTimeStamp(s,hash,sig,tim) CI_VerityTimeStap(hash,sig,tim)
-#define MACI_WrapKey(s,src,wrap,key) CI_WrapKey(src,wrap,key)
-#define MACI_Zeroize(s) CI_Zeroize()
-
-#define MACI_SEL(x) CI_Select(x)
-#endif /* ! XP_UNIX */
-#endif /* _GENCI_H_ */
diff --git a/security/nss/lib/fortcrypt/globinst.htm b/security/nss/lib/fortcrypt/globinst.htm
deleted file mode 100644
index cd0a194d4..000000000
--- a/security/nss/lib/fortcrypt/globinst.htm
+++ /dev/null
@@ -1,139 +0,0 @@
-<HTML>
-<--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
--->
-<SCRIPT>
-
-
-// ---------------------- Configuration variables ----------------
-var pkcs11jar="fortpk11.jar";
-//var pkcs11base="file://d|/dogbert/ns/dist/";
-pkcs11base="";
-
-var comm_platforms = pk_init_array (
- "Win32", "Win16", "Mac68k", "MacPPC",
- "AIX4.1", "HP-UXA.09", "HP-UXB.10",
- "SunOS4.1.3_U1", "SunOS5.4", "SunOS5.5.1" );
-var directories = pk_init_array (
- "win32", "win16", "none", "macppc",
- "aix", "hpux", "hpux",
- "sunos", "sol24",
- "sol251" );
-
-function mapPlatform(InPlat)
-{
- for (i=0; i < comm_platforms.length; i++) {
- if (InPlat == comm_platforms[i]) {
- return directories[i];
- }
- }
- return InPlat;
-}
-
-
-function pk_init_array()
-{
- var numArgs = pk_init_array.arguments.length;
- var a = new Array(numArgs);
-
- for (var i = 0; i < numArgs; i++) {
- a[i] = pk_init_array.arguments[i];
- }
- return a;
-}
-
-function getPlatform() {
- return navigator.platform;
-// var string = navigator.appVersion;
-// start = string.indexOf("(",0);
-// if (start == -1) {
-// return "unknown";
-// }
-// end = string.indexOf(";",start);
-// if (end == -1) {
-// end = string.indexOf(")",start);
-// }
-// if (end == -1) {
-// end = string.length;
-// }
-// platform = string.substring(start+1,end);
-// return platform;
-}
-
-function getURLPath() {
- var string = window.location.href;
- end = string.lastIndexOf("/");
- if (end == -1) {
- end = string.length-1;
- }
- return string.substring(0,end+1);
-}
-
-
-
-plat=getPlatform();
-platDir = mapPlatform(plat);
-if (pkcs11base == "") pkcs11base=getURLPath();
-
-if (plat == "MacPPC") {
- pkcs11jar= "macinst.htm"
-}
-
-function DoInstall(url) {
- window.location.href = url;
-}
-
-function DoCancel() {
- // set window.location.href to your home page if you wish
- //alert('Cancel Installation?');
- history.back();
-}
-
-// ------ Change the following for your own Message --------
-document.write("<CENTER><H1>Netscape Fortezza PKCS #11 Module Installer</H1>");
-document.write("</CENTER>");
-document.write("<Table><TR><TD>");
-document.write("<DD><p><IMG SRC=about:logo WIDTH=90 Height=77 NAME=LITRONIC></TD>");
-document.write("<TD VAlign=Center><i> Netscape Fortezza PKCS #11 Modules require Litronic's MACI drivers to be installed on your platform.");
-document.write(" If you haven't already installed theLitronic MACI drivers, please to do so now.</I>");
-document.write("</TD></TR></Table>");
-// ----- end of generic message section --------
-document.write("<p>Netscape has detected you are installing on <b>"+plat+"</b>.<br>");
-document.write("Installing: <b>"+pkcs11base+platDir+"/"+pkcs11jar+"</b><br>");
-document.write("<FORM>");
-document.write("<CENTER><Table><TR><TD><Input Type=Button name=install value='Install Now' onclick=DoInstall("+ "\"" +pkcs11base+platDir+"/"+pkcs11jar+"\""+")>");
-document.write("</TD><TD><Input type=Button name=cancel value=Cancel Onclick=DoCancel()>");
-document.write("</TD></TR></Table></CENTER>");
-document.write("</FORM>");
-document.close();
-</SCRIPT>
-</HTML>
diff --git a/security/nss/lib/fortcrypt/handinst.htm b/security/nss/lib/fortcrypt/handinst.htm
deleted file mode 100644
index f816432e1..000000000
--- a/security/nss/lib/fortcrypt/handinst.htm
+++ /dev/null
@@ -1,180 +0,0 @@
-<HTML>
-<TITLE>Generic PKCS #11 Installer</TITLE>
-<--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
--->
-<SCRIPT>
-// Crypto Mechanism Flags
-PKCS11_MECH_RSA_FLAG = 0x1<<0;
-PKCS11_MECH_DSA_FLAG = 0x1<<1;
-PKCS11_MECH_RC2_FLAG = 0x1<<2;
-PKCS11_MECH_RC4_FLAG = 0x1<<3;
-PKCS11_MECH_DES_FLAG = 0x1<<4;
-PKCS11_MECH_DH_FLAG = 0x1<<5; //Diffie-Hellman
-PKCS11_MECH_SKIPJACK_FLAG = 0x1<<6; //SKIPJACK algorithm as in Fortezza cards
-PKCS11_MECH_RC5_FLAG = 0x1<<7;
-PKCS11_MECH_SHA1_FLAG = 0x1<<8;
-PKCS11_MECH_MD5_FLAG = 0x1<<9;
-PKCS11_MECH_MD2_FLAG = 0x1<<10;
-PKCS11_MECH_RANDOM_FLAG = 0x1<<27; //Random number generator
-PKCS11_PUB_READABLE_CERT_FLAG = 0x1<<28; //Stored certs can be read off the token w/o logging in
-PKCS11_DISABLE_FLAG = 0x1<<30; //tell Navigator to disable this slot by default
-
-// Important:
-// 0x1<<11, 0x1<<12, ... , 0x1<<26, 0x1<<29, and 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should always be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which mechanisms should be turned on by
-pkcs11MechanismFlags = PKCS11_MECH_RANDOM_FLAG;
-
-
-// Ciphers that support SSL or S/MIME
-PKCS11_CIPHER_FORTEZZA_FLAG = 0x1<<0;
-
-// Important:
-// 0x1<<1, 0x1<<2, ... , 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should ALWAYS be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which SSL ciphers are supported
-pkcs11CipherFlags = PKCS11_CIPHER_FORTEZZA_FLAG;
-
-
-// Return values of pkcs11.addmodule() & pkcs11.delmodule()
-// success codes
-JS_OK_ADD_MODULE = 3 // Successfully added a module
-JS_OK_DEL_EXTERNAL_MODULE = 2 // Successfully deleted ext. module
-JS_OK_DEL_INTERNAL_MODULE = 1 // Successfully deleted int. module
-
-// failure codes
-JS_ERR_OTHER = -1 // Other errors than the followings
-JS_ERR_USER_CANCEL_ACTION = -2 // User abort an action
-JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3 // Calling a method w/ incorrect # of arguments
-JS_ERR_DEL_MODULE = -4 // Error deleting a module
-JS_ERR_ADD_MODULE = -5 // Error adding a module
-JS_ERR_BAD_MODULE_NAME = -6 // The module name is invalid
-JS_ERR_BAD_DLL_NAME = -7 // The DLL name is bad
-JS_ERR_BAD_MECHANISM_FLAGS = -8 // The mechanism flags are invalid
-JS_ERR_BAD_CIPHER_ENABLE_FLAGS = -9 // The SSL, S/MIME cipher flags are invalid
-
-var new_window;
-var has_new_window = 0;
-
-function HandleCipher(checkBox) {
- if (checkBox.checked) {
- pkcs11MechanismFlags |= checkBox.value;
- } else {
- pkcs11MechanismFlags &= ~checkBox.value;
- }
-}
-
-function HandleSSL(checkBox) {
- if (checkBox.checked) {
- pkcs11CipherFlags |= checkBox.value;
- } else {
- pkcs11CipherFlags &= ~checkBox.value;
- }
-}
-
-function colonize(string) {
- len = string.length;
- end = len -1;
-
- if (len == 0) return string;
-
-
- for (i=0; i < len; i++) {
- if (string.charAt(i) == "/") {
- if (i == 0) {
- new_string = ":" + string.substring(1,len);
- } else if (i == end) {
- new_string = string.substring(0,i)+':';
- } else {
- new_string = string.substring(0,i)+':'+
- string.substring(i+1,len);
- }
- string = new_string;
- }
- }
-
- if (string.charAt(0) == ":") string = string.substring(1,len);
- return string;
-}
-
-function DoInstall(name,module) {
- if ((navigator.platform == "MacPPC")
- || (navigator.platform == "Mac68K")) {
- module = colonize(module);
- }
- result = pkcs11.addmodule(name, module,
- pkcs11MechanismFlags, pkcs11CipherFlags);
- if ( result < 0) {
- window.alert("New module setup failed. Error code: " + result);
- }
- if (has_new_window) new_window.close();
-}
-
-default_name = "Netscape FORTEZZA Module"
-
-default_module = "D:/dogbert/ns/dist/WIN32_D.OBJ/bin/fort32.dll"
-document.writeln("<FORM name=instform target=_self> <H2>PKCS #11 Installer</H2>");
-document.writeln(" Module name: <Input Type=Text Name=modName value=\""+default_name+"\" size=50 required><br>");
-document.writeln(" Module Library: <Input Type=FILE required Name=module><p>");
-document.writeln("<hr><TABLE><TR><TD>");
-document.writeln("<Input type=Checkbox name=RSA value="+PKCS11_MECH_RSA_FLAG+" onclick=HandleCipher(document.instform.RSA)> RSA<br>");
-document.writeln("<Input type=Checkbox name=DSA value="+PKCS11_MECH_DSA_FLAG+" onclick=HandleCipher(document.instform.DSA)> DSA<br>");
-document.writeln("<Input type=Checkbox name=RC2 value="+PKCS11_MECH_RC2_FLAG+" onclick=HandleCipher(document.instform.RC2)> RC2<br>");
-document.writeln("<Input type=Checkbox name=RC4 value="+PKCS11_MECH_RC4_FLAG+" onclick=HandleCipher(document.instform.RC4)> RC4<br>");
-document.writeln("</TD><TD>");
-document.writeln("<Input type=Checkbox name=DES value="+PKCS11_MECH_DES_FLAG+" onclick=HandleCipher(document.instform.DES)> DES<br>");
-document.writeln("<Input type=Checkbox name=DH value="+PKCS11_MECH_DH_FLAG+" onclick=HandleCipher(document.instform.DH)> DH<br>");
-document.writeln("<Input type=Checkbox name=SKIPJACK value="+PKCS11_MECH_SKIPJACK_FLAG+" onclick=HandleCipher(document.instform.SKIPJACK)> SKIPJACK<br>");
-document.writeln("<Input type=Checkbox name=RC5 value="+PKCS11_MECH_RC5_FLAG+" onclick=HandleCipher(document.instform.RC5)> RC5<br>");
-document.writeln("</TD><TD>");
-document.writeln("<Input type=Checkbox name=SHA1 value="+PKCS11_MECH_SHA1_FLAG+" onclick=HandleCipher(document.instform.SHA1)> SHA1<br>");
-document.writeln("<Input type=Checkbox name=MD5 value="+PKCS11_MECH_MD5_FLAG+" onclick=HandleCipher(document.instform.MD5)> MD5<br>");
-document.writeln("<Input type=Checkbox name=MD2 value="+PKCS11_MECH_MD2_FLAG+" onclick=HandleCipher(document.instform.MD2)> MD2<br>");
-document.writeln("</TD><TD>");
-document.writeln("<Input type=Checkbox name=Random value="+PKCS11_MECH_RANDOM_FLAG+" CHECKED onclick=HandleCipher(document.instform.Random)> Random Number Generation<br>");
-document.writeln("<Input type=Checkbox name=readCert value="+PKCS11_PUB_READABLE_CERT_FLAG+" onclick=HandleCipher(document.instform.ReadCert)> Public Readable Certificates<br>");
-document.writeln("<Input type=Checkbox name=Disable value="+PKCS11_DISABLE_FLAG+" onclick=HandleCipher(document.instform.Disable)> Disable<br>");
-document.writeln("</TD></TR></TABLE>");
-document.writeln("<hr>");
-document.writeln("<Input type=Checkbox name=fortssl value="+ PKCS11_CIPHER_FORTEZZA_FLAG +" checked onclick=HandleSSL(document.instform.fortssl)> Enable FORTEZZA menus<br>");
-document.writeln("<hr>");
-document.write("<Input type=submit Name=Install Value=Install onclick=DoInstall(");
-document.writeln( "document.instform.modName.value,document.instform.module.value) >");
-document.writeln("</FORM>");
-</SCRIPT>
diff --git a/security/nss/lib/fortcrypt/homeinst.htm b/security/nss/lib/fortcrypt/homeinst.htm
deleted file mode 100644
index a0583fbc7..000000000
--- a/security/nss/lib/fortcrypt/homeinst.htm
+++ /dev/null
@@ -1,211 +0,0 @@
-<HTML>
-<--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
--->
-<SCRIPT>
-
-
-// ---------------------- Configuration variables ----------------
-var pkcs11jar="bin/fortWIN32.jar";
-var pkcs11base="ftp://sweetlou/products/client/dogbert/new";
-//pkcs11base="";
-win_file = "libfort.jar"
-unix = "libfort-v404b9."
-mac_file = "macinst.htm"
-
-
-var winDates = pk_init_array (
- "oct_02a_404", "oct_01a_404" );
-
-var unixDates = pk_init_array (
- "current", "Oct_02", "Oct_O1");
-
-
-var comm_platforms = pk_init_array (
- "Win32", "Win16", "Mac68k", "MacPPC",
- "AIX4.1", "HP-UXA.09", "HP-UXB.10",
- "SunOS4.1.3_U1", "SunOS5.4", "SunOS5.5.1",
- "BSD_3861.1","BSD_3862.1", "FreeBSD2", "IRIX5.3", "IRIX6.2",
- "LinuxELF1.2","LinusELF2.0","NCR4.0","NEC4.2","OSF1V3","SCOOS5.0",
- "SINIX-N5.42","SunOS5.4_i86pc","UNIXWARE2.1",
- "OS23.0","OS24.0");
-var isSupport = pk_init_array ( 1, 1, 0, 1,
- 1, 1, 1,
- 1, 1, 1, 1,
- 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0,
- 0, 0, 0,
- 0, 0 );
-var directories = pk_init_array (
- "32bit/fortezza", "16bit/fortezza", "", "404-fortezza-items",
- "aix4", "hpux", "hpux10",
- "sunos4", "sol24", "sol251",
- // not really supported
- "bsdi", "bsdi2", "freebsd", "irix53", "irix62",
- "linux12","linux20","ncr","nec","osf132","sco",
- "sinix","solx86","unixware",
- "" ,"" );
-var files = pk_init_array (
- win_file, win_file, mac_file, mac_file,
- unix+"rs6000-ibm-aix4.jar",unix+"hppa1.1-hp-hpux9.jar",
- unix+"hppa1.1-hp-hpux10.jar",
- unix+"sparc-sun-sunos4.1.3_U1.jar",unix+"sparc-sun-solaris2.4.jar",
- unix+"sparc-sun-solaris2.5.1.jar",
- unix+"x86-bsdi-bsd.jar",unix+"x86-bsdi-bsd2.jar",
- unix+"x86-unknown-freebsd.jar",
- unix+"mips-sgi-irix5.3.jar",unix+"mips-sgi-irix6.2.jar",
- unix+"x86-unknown-linix1.2.jar",unix+"x86-unknown-linix2.0.jar",
- unix+"x86-ncr-sysv5.jar",unix+"mips-nec-uxv4.2.jar",
- unix+"alpha-dec-osf3.2.jar",unix+"x86-sco-opensv5.0.2",
- unix+"mips-sni-reliantunix.jar",unix+"x86-sun-solaris2.4.jar",
- unix+"x86-sco-unixware2.1.jar",
- win_file, win_file );
-
-function isSupported(InPlat)
-{
- for (i=0; i < comm_platforms.length; i++) {
- if (InPlat == comm_platforms[i]) {
- return isSupport[i];
- }
- }
- return 0;
-}
-
-function mapPlatform(InPlat)
-{
- for (i=0; i < comm_platforms.length; i++) {
- if (InPlat == comm_platforms[i]) {
- return directories[i];
- }
- }
- return InPlat;
-}
-
-function mapFile(InPlat)
-{
- for (i=0; i < comm_platforms.length; i++) {
- if (InPlat == comm_platforms[i]) {
- return files[i];
- }
- }
- return unix+"unknown-unknown-unknown.jar";
-}
-
-function mapDate(platform) {
- if ((platform == "MacPPC") || (platform == "Mac68K")) {
- return "";
- } else if ((platform == "Win32") || (platform == "Win16")) {
- return "/oct_2a_404";
- } else if ((platform == "OS23.0") || (platform == "OS24.0")) {
- return "";
- }
- return "/current/signed";
-}
-function mapBaseDir(platform) {
- if ((platform == "MacPPC") || (platform == "Mac68K")) {
- return "mac";
- } else if ((platform == "Win32") || (platform == "Win16")) {
- return "windows"
- } else if ((platform == "OS23.0") || (platform == "OS24.0")) {
- return "os2";
- }
- return "unix/Fortezza";
-}
-
-function pk_init_array()
-{
- var numArgs = pk_init_array.arguments.length;
- var a = new Array(numArgs);
-
- for (var i = 0; i < numArgs; i++) {
- a[i] = pk_init_array.arguments[i];
- }
- return a;
-}
-
-function getPlatform() {
- return navigator.platform;
-}
-
-function getURLPath() {
- var string = window.location.href;
- end = string.lastIndexOf("/");
- if (end == -1) {
- end = string.length-1;
- }
- return string.substring(0,end+1);
-}
-
-
-
-plat=getPlatform();
-platDir = mapPlatform(plat);
-platFile = mapFile(plat);
-platBase = mapBaseDir(plat);
-platDate = mapDate(plat);
-if (pkcs11base == "") pkcs11base=getURLPath();
-pkcs11loc=pkcs11base+"/"+platBase+"/"+platDir + platDate + "/" + platFile;
-
-
-
-function DoInstall(url) {
- window.location.href = url;
-}
-
-function DoCancel() {
- // set window.location.href to your home page if you wish
- //alert('Cancel Installation?');
- history.back();
-}
-
-// ------ Change the following for your own Message --------
-document.write("<CENTER><H1>Netscape Fortezza PKCS #11 Module Installer</H1>");
-document.write("</CENTER>");
-document.write("<Table><TR><TD>");
-document.write("<DD><p><IMG SRC=litronic.gif WIDTH=110 Height=63 NAME=LITRONIC></TD>");
-document.write("<TD VAlign=Center><i> Netscape Fortezza PKCS #11 Modules require Litronic's MACI drivers to be installed on your platform.");
-document.write(" If you haven't already installed theLitronic MACI drivers, please to do so now.</I>");
-document.write("</TD></TR></Table>");
-// ----- end of generic message section --------
-document.write("<p>Netscape has detected you are installing on <b>"+plat+"</b>.<br>");
-if (!isSupported(plat)) {
- document.write("<b>This platform is currently not suppported for FORTEZZA</b><br>");
-}
-document.write("Installing: <b>"+pkcs11loc+"</b><br>");
-document.write("<FORM>");
-document.write("<CENTER><Table><TR><TD><Input Type=Button name=install value='Install Now' onclick=DoInstall("+ "\"" +pkcs11loc+"\""+")>");
-document.write("</TD><TD><Input type=Button name=cancel value=Cancel Onclick=DoCancel()>");
-document.write("</TD></TR></Table></CENTER>");
-document.write("</FORM>");
-document.close();
-</SCRIPT>
-</HTML>
diff --git a/security/nss/lib/fortcrypt/inst.js b/security/nss/lib/fortcrypt/inst.js
deleted file mode 100644
index 2c2b1ab64..000000000
--- a/security/nss/lib/fortcrypt/inst.js
+++ /dev/null
@@ -1,268 +0,0 @@
-//
-// The contents of this file are subject to the Mozilla Public
-// License Version 1.1 (the "License"); you may not use this file
-// except in compliance with the License. You may obtain a copy of
-// the License at http://www.mozilla.org/MPL/
-//
-// Software distributed under the License is distributed on an "AS
-// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-// implied. See the License for the specific language governing
-// rights and limitations under the License.
-//
-// The Original Code is the Netscape security libraries.
-//
-// The Initial Developer of the Original Code is Netscape
-// Communications Corporation. Portions created by Netscape are
-// Copyright (C) 1994-2000 Netscape Communications Corporation. All
-// Rights Reserved.
-//
-// Contributor(s):
-//
-// Alternatively, the contents of this file may be used under the
-// terms of the GNU General Public License Version 2 or later (the
-// "GPL"), in which case the provisions of the GPL are applicable
-// instead of those above. If you wish to allow use of your
-// version of this file only under the terms of the GPL and not to
-// allow others to use your version of this file under the MPL,
-// indicate your decision by deleting the provisions above and
-// replace them with the notice and other provisions required by
-// the GPL. If you do not delete the provisions above, a recipient
-// may use your version of this file under either the MPL or the
-// GPL.
-//
-////////////////////////////////////////////////////////////////////////////////////////
-// Crypto Mechanism Flags
-PKCS11_MECH_RSA_FLAG = 0x1<<0;
-PKCS11_MECH_DSA_FLAG = 0x1<<1;
-PKCS11_MECH_RC2_FLAG = 0x1<<2;
-PKCS11_MECH_RC4_FLAG = 0x1<<3;
-PKCS11_MECH_DES_FLAG = 0x1<<4;
-PKCS11_MECH_DH_FLAG = 0x1<<5; //Diffie-Hellman
-PKCS11_MECH_SKIPJACK_FLAG = 0x1<<6; //SKIPJACK algorithm as in Fortezza cards
-PKCS11_MECH_RC5_FLAG = 0x1<<7;
-PKCS11_MECH_SHA1_FLAG = 0x1<<8;
-PKCS11_MECH_MD5_FLAG = 0x1<<9;
-PKCS11_MECH_MD2_FLAG = 0x1<<10;
-PKCS11_MECH_RANDOM_FLAG = 0x1<<27; //Random number generator
-PKCS11_PUB_READABLE_CERT_FLAG = 0x1<<28; //Stored certs can be read off the token w/o logging in
-PKCS11_DISABLE_FLAG = 0x1<<30; //tell Navigator to disable this slot by default
-
-// Important:
-// 0x1<<11, 0x1<<12, ... , 0x1<<26, 0x1<<29, and 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should always be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which mechanisms should be turned on by
-var pkcs11MechanismFlags = PKCS11_MECH_RANDOM_FLAG;
-
-////////////////////////////////////////////////////////////////////////////////////////
-// Ciphers that support SSL or S/MIME
-PKCS11_CIPHER_FORTEZZA_FLAG = 0x1<<0;
-
-// Important:
-// 0x1<<1, 0x1<<2, ... , 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should ALWAYS be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which SSL ciphers are supported
-var pkcs11CipherFlags = PKCS11_CIPHER_FORTEZZA_FLAG;
-
-////////////////////////////////////////////////////////////////////////////////////////
-// Return values of pkcs11.addmodule() & pkcs11.delmodule()
-// success codes
-JS_OK_ADD_MODULE = 3; // Successfully added a module
-JS_OK_DEL_EXTERNAL_MODULE = 2; // Successfully deleted ext. module
-JS_OK_DEL_INTERNAL_MODULE = 1; // Successfully deleted int. module
-
-// failure codes
-JS_ERR_OTHER = -1; // Other errors than the followings
-JS_ERR_USER_CANCEL_ACTION = -2; // User abort an action
-JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3; // Calling a method w/ incorrect # of arguments
-JS_ERR_DEL_MODULE = -4; // Error deleting a module
-JS_ERR_ADD_MODULE = -5; // Error adding a module
-JS_ERR_BAD_MODULE_NAME = -6; // The module name is invalid
-JS_ERR_BAD_DLL_NAME = -7; // The DLL name is bad
-JS_ERR_BAD_MECHANISM_FLAGS = -8; // The mechanism flags are invalid
-JS_ERR_BAD_CIPHER_ENABLE_FLAGS = -9; // The SSL, S/MIME cipher flags are invalid
-JS_ERR_ADD_MODULE_DULICATE =-10; // Module with the same name already installed
-
-////////////////////////////////////////////////////////////////////////////////////////
-// Find out which library is to be installed depending on the platform
-
-// pathname seperator is platform specific
-var sep = "/";
-var vendor = "netscape";
-var moduleName = "not_supported";
-var plat = navigator.platform;
-
-var dir = "pkcs11/" + vendor + "/" + plat + "/";
-if (plat == "Win16") {
- dir = "pkcs11/";
-}
-
-bAbort = false;
-if (plat == "Win32") {
- moduleName = "fort32.dll";
- sep = "\\";
-} else if (plat == "Win16") {
- moduleName = "FORT16.DLL";
- sep = "\\";
-} else if (plat == "MacPPC") {
- moduleName = "FortPK11Lib";
- sep = ":";
-} else if (plat == "AIX4.1") {
- moduleName = "libfort_shr.a";
-} else if (plat == "SunOS4.1.3_U1") {
- moduleName = "libfort.so.1.0";
-} else if ((plat == "SunOS5.4") || (plat == "SunOS5.5.1")){
- moduleName = "libfort.so";
-} else if ((plat == "HP-UXA.09") || (plat == "HP-UXB.10")){
- moduleName = "libfort.sl";
-} else if (plat == "IRIX6.2"){
- // The module only works on 6.3, but Communicator returns 6.2 even when
- // running 6.3. So in order to prevent the user from thinking
- // the module actually works on 6.2, we will force the name to
- // say 6.3 instead of 6.2. In the even the user tries to install
- // on 6.2, the user will see 6.3 instead. If they don't get it that
- // it's not going to work at this point in time, then the entire install
- // process wil just fail miserably, and that is OK.
- plat = "IRIX6.3";
- moduleName = "libfort.so";
-} else {
- window.alert("Sorry, platform "+plat+" is not supported.");
- bAbort = true;
-}
-
-////////////////////////////////////////////////////////////////////////////////////////
-// Installation Begins...
-if (!bAbort) {
-if (confirm("This script will install a security module. \nIt may over-write older files having the same name. \nDo you want to continue?")) {
- // Step 1. Create a version object and a software update object
- vi = new netscape.softupdate.VersionInfo(1, 6, 0, 0);
- su = new netscape.softupdate.SoftwareUpdate(this, "Fortezza Card PKCS#11 Module");
- // "Fortezza ... Module" is the logical name of the bundle
-
- ////////////////////////////////////////
- // Step 2. Start the install process
- bAbort = false;
- err = su.StartInstall("NSfortezza", // NSfortezza is the component folder (logical)
- vi,
- netscape.softupdate.SoftwareUpdate.FULL_INSTALL);
-
- bAbort = (err!=0);
-
- if (err == 0) {
- ////////////////////////////////////////
- // Step 3. Find out the physical location of the Program dir
- Folder = su.GetFolder("Program");
-
- ////////////////////////////////////////
- // Step 4. Install the files. Unpack them and list where they go
-
- err = su.AddSubcomponent("FortezzaLibrary_"+plat, //component name (logical)
- vi, // version info
- moduleName, // source file in JAR (physical)
- Folder, // target folder (physical)
- dir + moduleName, // target path & filename (physical)
- true); // forces update
- if (err != 0) {
- if (err == -200) {
- errmsg = "Bad Package Name.";
- } else if (err == -201) {
- errmsg = "Unexpected error.";
- } else if (err == -203) {
- errmsg = "Installation script was signed by more than one certificate.";
- } else if (err == -204) {
- errmsg = "Installation script was not signed."
- } else if (err == -205) {
- errmsg = "The file to be installed is not signed."
- } else if (err == -206) {
- errmsg = "The file to be installed is not present, or it was signed with a different certificate than the one used to sign the install script.";
- } else if (err == -207) {
- errmsg = "JAR archive has not been opened."
- } else if (err == -208) {
- errmsg = "Bad arguments to AddSubcomponent( )."
- } else if (err == -209) {
- errmsg = "Illegal relative path( )."
- } else if (err == -210) {
- errmsg = "User cancelled installation."
- } else if (err == -211) {
- errmsg = "A problem occurred with the StartInstall( )."
- } else {
- errmsg = "Unknown error";
- }
- window.alert("Error adding sub-component: "+"("+err+")"+errmsg);
- //window.alert("Aborting, Folder="+Folder+" module="+dir+moduleName);
- bAbort = true;
- }
- }
-
- ////////////////////////////////////////
- // Step 5. Unless there was a problem, move files to final location
- // and update the Client Version Registry
- if (bAbort) {
- su.AbortInstall();
- } else {
- err = su.FinalizeInstall();
-
- if (err != 0) {
-
- if (err == -900) {
- errmsg = "Restart the computer, and install again.";
- } else if (err == -201) {
- errmsg = "Unexpected error.";
- } else if (err == -202) {
- errmsg = "Access denied. Make sure you have the permissions to write to the disk.";
- } else if (err == -203) {
- errmsg = "Installation script was signed by more than one certificate.";
- } else if (err == -204) {
- errmsg = "Installation script was not signed."
- } else if (err == -205) {
- errmsg = "The file to be installed is not signed."
- } else if (err == -206) {
- errmsg = "The file to be installed is not present, or it was signed with a different certificate than the one used to sign the install script."
- } else if (err == -207) {
- errmsg = "JAR archive has not been opened."
- } else if (err == -208) {
- errmsg = "Bad arguments to AddSubcomponent( )."
- } else if (err == -209) {
- errmsg = "Illegal relative path( )."
- } else if (err == -210) {
- errmsg = "User cancelled installation."
- } else if (err == -211) {
- errmsg = "A problem occurred with the StartInstall( )."
- } else {
- errmsg = "\nIf you have FORTEZZA module already installed, try deleting it first.";
- }
- window.alert("Error Finalizing Install: "+"("+err+")"+errmsg);
- //window.alert("Aborting, Folder="+Folder+" module="+dir+moduleName);
-
- } else {
-
- // Platform specific full path
- if (plat=="Win16") {
- fullpath = Folder + "pkcs11" + sep + moduleName;
- } else {
- fullpath = Folder + "pkcs11" + sep + vendor + sep + plat + sep + moduleName;
- }
-
- ////////////////////////////////////////
- // Step 6: Call pkcs11.addmodule() to register the newly downloaded module
- moduleCommonName = "Netscape FORTEZZA Module " + plat;
- result = pkcs11.addmodule(moduleCommonName,
- fullpath,
- pkcs11MechanismFlags,
- pkcs11CipherFlags);
- if (result == -10) {
- window.alert("New module was copied to destination, \nbut setup failed because a module "
- +"with the same name has been installed. \nTry deleting the module "
- + moduleCommonName +" first.")
- } else if (result < 0) {
- window.alert("New module was copied to destination, but setup failed. Error code: " + result);
- }
- }
- }
-}
-}
diff --git a/security/nss/lib/fortcrypt/inst_PPC.js b/security/nss/lib/fortcrypt/inst_PPC.js
deleted file mode 100644
index 490910fff..000000000
--- a/security/nss/lib/fortcrypt/inst_PPC.js
+++ /dev/null
@@ -1,134 +0,0 @@
-//
-// The contents of this file are subject to the Mozilla Public
-// License Version 1.1 (the "License"); you may not use this file
-// except in compliance with the License. You may obtain a copy of
-// the License at http://www.mozilla.org/MPL/
-//
-// Software distributed under the License is distributed on an "AS
-// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-// implied. See the License for the specific language governing
-// rights and limitations under the License.
-//
-// The Original Code is the Netscape security libraries.
-//
-// The Initial Developer of the Original Code is Netscape
-// Communications Corporation. Portions created by Netscape are
-// Copyright (C) 1994-2000 Netscape Communications Corporation. All
-// Rights Reserved.
-//
-// Contributor(s):
-//
-// Alternatively, the contents of this file may be used under the
-// terms of the GNU General Public License Version 2 or later (the
-// "GPL"), in which case the provisions of the GPL are applicable
-// instead of those above. If you wish to allow use of your
-// version of this file only under the terms of the GPL and not to
-// allow others to use your version of this file under the MPL,
-// indicate your decision by deleting the provisions above and
-// replace them with the notice and other provisions required by
-// the GPL. If you do not delete the provisions above, a recipient
-// may use your version of this file under either the MPL or the
-// GPL.
-//
-// Crypto Mechanism Flags
-PKCS11_MECH_RSA_FLAG = 0x1<<0;
-PKCS11_MECH_DSA_FLAG = 0x1<<1;
-PKCS11_MECH_RC2_FLAG = 0x1<<2;
-PKCS11_MECH_RC4_FLAG = 0x1<<3;
-PKCS11_MECH_DES_FLAG = 0x1<<4;
-PKCS11_MECH_DH_FLAG = 0x1<<5; //Diffie-Hellman
-PKCS11_MECH_SKIPJACK_FLAG = 0x1<<6; //SKIPJACK algorithm as in Fortezza cards
-PKCS11_MECH_RC5_FLAG = 0x1<<7;
-PKCS11_MECH_SHA1_FLAG = 0x1<<8;
-PKCS11_MECH_MD5_FLAG = 0x1<<9;
-PKCS11_MECH_MD2_FLAG = 0x1<<10;
-PKCS11_MECH_RANDOM_FLAG = 0x1<<27; //Random number generator
-PKCS11_PUB_READABLE_CERT_FLAG = 0x1<<28; //Stored certs can be read off the token w/o logging in
-PKCS11_DISABLE_FLAG = 0x1<<30; //tell Navigator to disable this slot by default
-
-// Important:
-// 0x1<<11, 0x1<<12, ... , 0x1<<26, 0x1<<29, and 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should always be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which mechanisms should be turned on by
-pkcs11MechanismFlags = PKCS11_MECH_RANDOM_FLAG;
-
-
-// Ciphers that support SSL or S/MIME
-PKCS11_CIPHER_FORTEZZA_FLAG = 0x1<<0;
-
-// Important:
-// 0x1<<1, 0x1<<2, ... , 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should ALWAYS be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which SSL ciphers are supported
-pkcs11CipherFlags = PKCS11_CIPHER_FORTEZZA_FLAG;
-
-
-// Return values of pkcs11.addmodule() & pkcs11.delmodule()
-// success codes
-JS_OK_ADD_MODULE = 3 // Successfully added a module
-JS_OK_DEL_EXTERNAL_MODULE = 2 // Successfully deleted ext. module
-JS_OK_DEL_INTERNAL_MODULE = 1 // Successfully deleted int. module
-
-// failure codes
-JS_ERR_OTHER = -1 // Other errors than the followings
-JS_ERR_USER_CANCEL_ACTION = -2 // User abort an action
-JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3 // Calling a method w/ incorrect # of arguments
-JS_ERR_DEL_MODULE = -4 // Error deleting a module
-JS_ERR_ADD_MODULE = -5 // Error adding a module
-JS_ERR_BAD_MODULE_NAME = -6 // The module name is invalid
-JS_ERR_BAD_DLL_NAME = -7 // The DLL name is bad
-JS_ERR_BAD_MECHANISM_FLAGS = -8 // The mechanism flags are invalid
-JS_ERR_BAD_CIPHER_ENABLE_FLAGS = -9 // The SSL, S/MIME cipher flags are invalid
-
-
-if (confirm("This script will install and configure a security module, do you want to continue?")) {
- // Step 1. Create a version object and a software update object
- vi = new netscape.softupdate.VersionInfo(1, 6, 0, 0);
- su = new netscape.softupdate.SoftwareUpdate(this, "Fortezza Card PKCS#11 Module");
- // "Fortezza ... Module" is the logical name of the bundle
-
- // Step 2. Start the install process
- bAbort = false;
- err = su.StartInstall("NSfortezza", vi, netscape.softupdate.SoftwareUpdate.FULL_INSTALL);
- // nsfortezza is the component folder (logical)
- bAbort = bAbort || (err !=0);
-
- if (err == 0) {
-
- // Step 3. Find out the physical location of the Program dir
- Folder = su.GetFolder("Program");
-
- // Step 4. Install the files. Unpack them and list where they go
- err = su.AddSubcomponent("FortezzaCardDLL", //component name (logical)
- vi, // version info
- "FortPK11Lib", // source file in JAR (physical)
- Folder, // target folder (physical)
- "FortPK11Lib", // target path & filename (physical)
- this.force); // forces update
- bAbort = bAbort || (err !=0);
- }
-
- // Step 5. Unless there was a problem, move files to final location
- // and update the Client Version Registry
- if (bAbort) {
- window.alert("Installation Aborted");
- su.AbortInstall();
- } else {
- err = su.FinalizeInstall();
- window.alert("Files have been installed.\nContinue to setup the newly isntalled module...");
- // Add Module
- compFolder = su.GetComponentFolder("NSfortezza/FortezzaCardDLL") + "/FortPK11Lib";
- result = pkcs11.addmodule("Netscape FORTEZZA Module", compFolder, pkcs11MechanismFlags, pkcs11CipherFlags);
- if ( result < 0) {
- window.alert("New module setup failed. Error code: " + result);
- } else {
- window.alert("New module setup completed.");
- }
- }
-}
diff --git a/security/nss/lib/fortcrypt/install.js b/security/nss/lib/fortcrypt/install.js
deleted file mode 100644
index e823e213b..000000000
--- a/security/nss/lib/fortcrypt/install.js
+++ /dev/null
@@ -1,134 +0,0 @@
-//
-// The contents of this file are subject to the Mozilla Public
-// License Version 1.1 (the "License"); you may not use this file
-// except in compliance with the License. You may obtain a copy of
-// the License at http://www.mozilla.org/MPL/
-//
-// Software distributed under the License is distributed on an "AS
-// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-// implied. See the License for the specific language governing
-// rights and limitations under the License.
-//
-// The Original Code is the Netscape security libraries.
-//
-// The Initial Developer of the Original Code is Netscape
-// Communications Corporation. Portions created by Netscape are
-// Copyright (C) 1994-2000 Netscape Communications Corporation. All
-// Rights Reserved.
-//
-// Contributor(s):
-//
-// Alternatively, the contents of this file may be used under the
-// terms of the GNU General Public License Version 2 or later (the
-// "GPL"), in which case the provisions of the GPL are applicable
-// instead of those above. If you wish to allow use of your
-// version of this file only under the terms of the GPL and not to
-// allow others to use your version of this file under the MPL,
-// indicate your decision by deleting the provisions above and
-// replace them with the notice and other provisions required by
-// the GPL. If you do not delete the provisions above, a recipient
-// may use your version of this file under either the MPL or the
-// GPL.
-//
-// Crypto Mechanism Flags
-PKCS11_MECH_RSA_FLAG = 0x1<<0;
-PKCS11_MECH_DSA_FLAG = 0x1<<1;
-PKCS11_MECH_RC2_FLAG = 0x1<<2;
-PKCS11_MECH_RC4_FLAG = 0x1<<3;
-PKCS11_MECH_DES_FLAG = 0x1<<4;
-PKCS11_MECH_DH_FLAG = 0x1<<5; //Diffie-Hellman
-PKCS11_MECH_SKIPJACK_FLAG = 0x1<<6; //SKIPJACK algorithm as in Fortezza cards
-PKCS11_MECH_RC5_FLAG = 0x1<<7;
-PKCS11_MECH_SHA1_FLAG = 0x1<<8;
-PKCS11_MECH_MD5_FLAG = 0x1<<9;
-PKCS11_MECH_MD2_FLAG = 0x1<<10;
-PKCS11_MECH_RANDOM_FLAG = 0x1<<27; //Random number generator
-PKCS11_PUB_READABLE_CERT_FLAG = 0x1<<28; //Stored certs can be read off the token w/o logging in
-PKCS11_DISABLE_FLAG = 0x1<<30; //tell Navigator to disable this slot by default
-
-// Important:
-// 0x1<<11, 0x1<<12, ... , 0x1<<26, 0x1<<29, and 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should always be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which mechanisms should be turned on by
-pkcs11MechanismFlags = PKCS11_MECH_RANDOM_FLAG;
-
-
-// Ciphers that support SSL or S/MIME
-PKCS11_CIPHER_FORTEZZA_FLAG = 0x1<<0;
-
-// Important:
-// 0x1<<1, 0x1<<2, ... , 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should ALWAYS be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which SSL ciphers are supported
-pkcs11CipherFlags = PKCS11_CIPHER_FORTEZZA_FLAG;
-
-
-// Return values of pkcs11.addmodule() & pkcs11.delmodule()
-// success codes
-JS_OK_ADD_MODULE = 3 // Successfully added a module
-JS_OK_DEL_EXTERNAL_MODULE = 2 // Successfully deleted ext. module
-JS_OK_DEL_INTERNAL_MODULE = 1 // Successfully deleted int. module
-
-// failure codes
-JS_ERR_OTHER = -1 // Other errors than the followings
-JS_ERR_USER_CANCEL_ACTION = -2 // User abort an action
-JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3 // Calling a method w/ incorrect # of arguments
-JS_ERR_DEL_MODULE = -4 // Error deleting a module
-JS_ERR_ADD_MODULE = -5 // Error adding a module
-JS_ERR_BAD_MODULE_NAME = -6 // The module name is invalid
-JS_ERR_BAD_DLL_NAME = -7 // The DLL name is bad
-JS_ERR_BAD_MECHANISM_FLAGS = -8 // The mechanism flags are invalid
-JS_ERR_BAD_CIPHER_ENABLE_FLAGS = -9 // The SSL, S/MIME cipher flags are invalid
-
-
-if (confirm("This script will install and configure a security module, do you want to continue?")) {
- // Step 1. Create a version object and a software update object
- vi = new netscape.softupdate.VersionInfo(1, 6, 0, 0);
- su = new netscape.softupdate.SoftwareUpdate(this, "Fortezza Card PKCS#11 Module");
- // "Fortezza ... Module" is the logical name of the bundle
-
- // Step 2. Start the install process
- bAbort = false;
- err = su.StartInstall("NSfortezza", vi, netscape.softupdate.SoftwareUpdate.FULL_INSTALL);
- // nsfortezza is the component folder (logical)
- bAbort = bAbort || (err !=0);
-
- if (err == 0) {
-
- // Step 3. Find out the physical location of the Program dir
- Folder = su.GetFolder("Program");
-
- // Step 4. Install the files. Unpack them and list where they go
- err = su.AddSubcomponent("FortezzaCardDLL", //component name (logical)
- vi, // version info
- "DUMMY_DLL", // source file in JAR (physical)
- Folder, // target folder (physical)
- "DUMMY_DLL", // target path & filename (physical)
- this.force); // forces update
- bAbort = bAbort || (err !=0);
- }
-
- // Step 5. Unless there was a problem, move files to final location
- // and update the Client Version Registry
- if (bAbort) {
- window.alert("Installation Aborted");
- su.AbortInstall();
- } else {
- err = su.FinalizeInstall();
- window.alert("Files have been installed.\nContinue to setup the newly isntalled module...");
- // Add Module
- compFolder = su.GetComponentFolder("NSfortezza/FortezzaCardDLL") + "/DUMMY_DLL";
- result = pkcs11.addmodule("Netscape FORTEZZA Module", compFolder, pkcs11MechanismFlags, pkcs11CipherFlags);
- if ( result < 0) {
- window.alert("New module setup failed. Error code: " + result);
- } else {
- window.alert("New module setup completed.");
- }
- }
-}
diff --git a/security/nss/lib/fortcrypt/maci.c b/security/nss/lib/fortcrypt/maci.c
deleted file mode 100644
index a0120b771..000000000
--- a/security/nss/lib/fortcrypt/maci.c
+++ /dev/null
@@ -1,901 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "seccomon.h"
-
-#if defined( _WIN32 ) || defined( __WIN32__ )
-#define RETURN_TYPE extern _declspec( dllexport ) int _cdecl
-#endif /* Windows */
-#include "maci.h"
-
-
-RETURN_TYPE
-MACI_ChangePIN PROTO_LIST( (
- HSESSION hSession,
- int PINType,
- CI_PIN CI_FAR pOldPIN,
- CI_PIN CI_FAR pNewPIN ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_CheckPIN PROTO_LIST( (
- HSESSION hSession,
- int PINType,
- CI_PIN CI_FAR pPIN ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Close PROTO_LIST( (
- HSESSION hSession,
- unsigned int Flags,
- int SocketIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Decrypt PROTO_LIST( (
- HSESSION hSession,
- unsigned int CipherSize,
- CI_DATA pCipher,
- CI_DATA pPlain ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_DeleteCertificate PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_DeleteKey PROTO_LIST( (
- HSESSION hSession,
- int RegisterIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Encrypt PROTO_LIST( (
- HSESSION hSession,
- unsigned int PlainSize,
- CI_DATA pPlain,
- CI_DATA pCipher ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_ExtractX PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- int AlgorithmType,
- CI_PASSWORD CI_FAR pPassword,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_WRAPPED_X CI_FAR pX,
- CI_RA CI_FAR pRa,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_FirmwareUpdate PROTO_LIST( (
- HSESSION hSession,
- unsigned long Flags,
- long Cksum,
- unsigned int CksumLength,
- unsigned int DataSize,
- CI_DATA pData ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GenerateIV PROTO_LIST( (
- HSESSION hSession,
- CI_IV CI_FAR pIV ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GenerateMEK PROTO_LIST( (
- HSESSION hSession,
- int RegisterIndex,
- int Reserved ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GenerateRa PROTO_LIST( (
- HSESSION hSession,
- CI_RA CI_FAR pRa ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GenerateRandom PROTO_LIST( (
- HSESSION hSession,
- CI_RANDOM CI_FAR pRandom ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GenerateTEK PROTO_LIST( (
- HSESSION hSession,
- int Flags,
- int RegisterIndex,
- CI_RA CI_FAR pRa,
- CI_RB CI_FAR pRb,
- unsigned int YSize,
- CI_Y CI_FAR pY ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GenerateX PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- int AlgorithmType,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG,
- unsigned int YSize,
- CI_Y CI_FAR pY ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GetCertificate PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- CI_CERTIFICATE CI_FAR pCertificate ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GetConfiguration PROTO_LIST( (
- HSESSION hSession,
- CI_CONFIG_PTR pConfiguration ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GetHash PROTO_LIST( (
- HSESSION hSession,
- unsigned int DataSize,
- CI_DATA pData,
- CI_HASHVALUE CI_FAR pHashValue ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GetPersonalityList PROTO_LIST( (
- HSESSION hSession,
- int EntryCount,
- CI_PERSON CI_FAR pPersonalityList[] ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GetSessionID PROTO_LIST( (
- HSESSION *hSession ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GetState PROTO_LIST( (
- HSESSION hSession,
- CI_STATE_PTR pState ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GetStatus PROTO_LIST( (
- HSESSION hSession,
- CI_STATUS_PTR pStatus ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_GetTime PROTO_LIST( (
- HSESSION hSession,
- CI_TIME CI_FAR pTime ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Hash PROTO_LIST( (
- HSESSION hSession,
- unsigned int DataSize,
- CI_DATA pData ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Initialize PROTO_LIST( (
- int CI_FAR *SocketCount ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_InitializeHash PROTO_LIST( (
- HSESSION hSession ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_InstallX PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- int AlgorithmType,
- CI_PASSWORD CI_FAR pPassword,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_WRAPPED_X CI_FAR pWrappedX,
- CI_RA CI_FAR pRa,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_LoadCertificate PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- CI_CERT_STR CI_FAR pCertLabel,
- CI_CERTIFICATE CI_FAR pCertificate,
- long Reserved ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_LoadDSAParameters PROTO_LIST( (
- HSESSION hSession,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_LoadInitValues PROTO_LIST( (
- HSESSION hSession,
- CI_RANDSEED CI_FAR pRandSeed,
- CI_KS CI_FAR pKs ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_LoadIV PROTO_LIST( (
- HSESSION hSession,
- CI_IV CI_FAR pIV ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_LoadX PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- int AlgorithmType,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG,
- CI_X CI_FAR pX,
- unsigned int YSize,
- CI_Y CI_FAR pY ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Lock PROTO_LIST( (
- HSESSION hSession,
- int Flags ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Open PROTO_LIST( (
- HSESSION hSession,
- unsigned int Flags,
- int SocketIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_RelayX PROTO_LIST( (
- HSESSION hSession,
- CI_PASSWORD CI_FAR pOldPassword,
- unsigned int OldYSize,
- CI_Y CI_FAR pOldY,
- CI_RA CI_FAR pOldRa,
- CI_WRAPPED_X CI_FAR pOldWrappedX,
- CI_PASSWORD CI_FAR pNewPassword,
- unsigned int NewYSize,
- CI_Y CI_FAR pNewY,
- CI_RA CI_FAR pNewRa,
- CI_WRAPPED_X CI_FAR pNewWrappedX ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Reset PROTO_LIST( (
- HSESSION hSession ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Restore PROTO_LIST( (
- HSESSION hSession,
- int CryptoType,
- CI_SAVE_DATA CI_FAR pData ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Save PROTO_LIST( (
- HSESSION hSession,
- int CryptoType,
- CI_SAVE_DATA CI_FAR pData ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Select PROTO_LIST( (
- HSESSION hSession,
- int SocketIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_SetConfiguration PROTO_LIST( (
- HSESSION hSession,
- int Type,
- unsigned int DataSize,
- CI_DATA pData ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_SetKey PROTO_LIST( (
- HSESSION hSession,
- int RegisterIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_SetMode PROTO_LIST( (
- HSESSION hSession,
- int CryptoType,
- int CryptoMode ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_SetPersonality PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_SetTime PROTO_LIST( (
- HSESSION hSession,
- CI_TIME CI_FAR pTime ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Sign PROTO_LIST( (
- HSESSION hSession,
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Terminate PROTO_LIST( (
- HSESSION hSession ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_TimeStamp PROTO_LIST( (
- HSESSION hSession,
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature,
- CI_TIMESTAMP CI_FAR pTimeStamp ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Unlock PROTO_LIST( (
- HSESSION hSession) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_UnwrapKey PROTO_LIST( (
- HSESSION hSession,
- int UnwrapIndex,
- int KeyIndex,
- CI_KEY CI_FAR pKey ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_VerifySignature PROTO_LIST( (
- HSESSION hSession,
- CI_HASHVALUE CI_FAR pHashValue,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_SIGNATURE CI_FAR pSignature ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_VerifyTimeStamp PROTO_LIST( (
- HSESSION hSession,
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature,
- CI_TIMESTAMP CI_FAR pTimeStamp ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_WrapKey PROTO_LIST( (
- HSESSION hSession,
- int WrapIndex,
- int KeyIndex,
- CI_KEY CI_FAR pKey ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-MACI_Zeroize PROTO_LIST( (
- HSESSION hSession ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_ChangePIN PROTO_LIST( (
- int PINType,
- CI_PIN CI_FAR pOldPIN,
- CI_PIN CI_FAR pNewPIN ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_CheckPIN PROTO_LIST( (
- int PINType,
- CI_PIN CI_FAR pPIN ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Close PROTO_LIST( (
- unsigned int Flags,
- int SocketIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Decrypt PROTO_LIST( (
- unsigned int CipherSize,
- CI_DATA pCipher,
- CI_DATA pPlain ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_DeleteCertificate PROTO_LIST( (
- int CertificateIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_DeleteKey PROTO_LIST( (
- int RegisterIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Encrypt PROTO_LIST( (
- unsigned int PlainSize,
- CI_DATA pPlain,
- CI_DATA pCipher ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_ExtractX PROTO_LIST( (
- int CertificateIndex,
- int AlgorithmType,
- CI_PASSWORD CI_FAR pPassword,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_WRAPPED_X CI_FAR pX,
- CI_RA CI_FAR pRa,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_FirmwareUpdate PROTO_LIST( (
- unsigned long Flags,
- long Cksum,
- unsigned int CksumLength,
- unsigned int DataSize,
- CI_DATA pData ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GenerateIV PROTO_LIST( (
- CI_IV CI_FAR pIV ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GenerateMEK PROTO_LIST( (
- int RegisterIndex,
- int Reserved ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GenerateRa PROTO_LIST( (
- CI_RA CI_FAR pRa ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GenerateRandom PROTO_LIST( (
- CI_RANDOM CI_FAR pRandom ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GenerateTEK PROTO_LIST( (
- int Flags,
- int RegisterIndex,
- CI_RA CI_FAR pRa,
- CI_RB CI_FAR pRb,
- unsigned int YSize,
- CI_Y CI_FAR pY ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GenerateX PROTO_LIST( (
- int CertificateIndex,
- int AlgorithmType,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG,
- unsigned int YSize,
- CI_Y CI_FAR pY ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GetCertificate PROTO_LIST( (
- int CertificateIndex,
- CI_CERTIFICATE CI_FAR pCertificate ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GetConfiguration PROTO_LIST( (
- CI_CONFIG_PTR pConfiguration ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GetHash PROTO_LIST( (
- unsigned int DataSize,
- CI_DATA pData,
- CI_HASHVALUE CI_FAR pHashValue ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GetPersonalityList PROTO_LIST( (
- int EntryCount,
- CI_PERSON CI_FAR pPersonalityList[] ) ) {
- return CI_ERROR;
-}
-
-
-RETURN_TYPE
-CI_GetState PROTO_LIST( (
- CI_STATE_PTR pState ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GetStatus PROTO_LIST( (
- CI_STATUS_PTR pStatus ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_GetTime PROTO_LIST( (
- CI_TIME CI_FAR pTime ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Hash PROTO_LIST( (
- unsigned int DataSize,
- CI_DATA pData ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Initialize PROTO_LIST( (
- int CI_FAR *SocketCount ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_InitializeHash PROTO_LIST( () ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_InstallX PROTO_LIST( (
- int CertificateIndex,
- int AlgorithmType,
- CI_PASSWORD CI_FAR pPassword,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_WRAPPED_X CI_FAR pWrappedX,
- CI_RA CI_FAR pRa,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_LoadCertificate PROTO_LIST( (
- int CertificateIndex,
- CI_CERT_STR CI_FAR pCertLabel,
- CI_CERTIFICATE CI_FAR pCertificate,
- long Reserved ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_LoadDSAParameters PROTO_LIST( (
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_LoadInitValues PROTO_LIST( (
- CI_RANDSEED CI_FAR pRandSeed,
- CI_KS CI_FAR pKs ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_LoadIV PROTO_LIST( (
- CI_IV CI_FAR pIV ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_LoadX PROTO_LIST( (
- int CertificateIndex,
- int AlgorithmType,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG,
- CI_X CI_FAR pX,
- unsigned int YSize,
- CI_Y CI_FAR pY ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Lock PROTO_LIST( (
- int Flags ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Open PROTO_LIST( (
- unsigned int Flags,
- int SocketIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_RelayX PROTO_LIST( (
- CI_PASSWORD CI_FAR pOldPassword,
- unsigned int OldYSize,
- CI_Y CI_FAR pOldY,
- CI_RA CI_FAR pOldRa,
- CI_WRAPPED_X CI_FAR pOldWrappedX,
- CI_PASSWORD CI_FAR pNewPassword,
- unsigned int NewYSize,
- CI_Y CI_FAR pNewY,
- CI_RA CI_FAR pNewRa,
- CI_WRAPPED_X CI_FAR pNewWrappedX ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Reset PROTO_LIST( ( ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Restore PROTO_LIST( (
- int CryptoType,
- CI_SAVE_DATA CI_FAR pData ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Save PROTO_LIST( (
- int CryptoType,
- CI_SAVE_DATA CI_FAR pData ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Select PROTO_LIST( (
- int SocketIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_SetConfiguration PROTO_LIST( (
- int Type,
- unsigned int DataSize,
- CI_DATA pData ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_SetKey PROTO_LIST( (
- int RegisterIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_SetMode PROTO_LIST( (
- int CryptoType,
- int CryptoMode ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_SetPersonality PROTO_LIST( (
- int CertificateIndex ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_SetTime PROTO_LIST( (
- CI_TIME CI_FAR pTime ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Sign PROTO_LIST( (
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Terminate PROTO_LIST( ( ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_TimeStamp PROTO_LIST( (
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature,
- CI_TIMESTAMP CI_FAR pTimeStamp ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_Unlock PROTO_LIST( () ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_UnwrapKey PROTO_LIST( (
- int UnwrapIndex,
- int KeyIndex,
- CI_KEY CI_FAR pKey ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_VerifySignature PROTO_LIST( (
- CI_HASHVALUE CI_FAR pHashValue,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_SIGNATURE CI_FAR pSignature ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_VerifyTimeStamp PROTO_LIST( (
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature,
- CI_TIMESTAMP CI_FAR pTimeStamp ) ) {
- return CI_ERROR;
-}
-
-RETURN_TYPE
-CI_WrapKey PROTO_LIST( (
- int WrapIndex,
- int KeyIndex,
- CI_KEY CI_FAR pKey ) ) {
- return CI_ERROR;
-}
-
diff --git a/security/nss/lib/fortcrypt/maci.h b/security/nss/lib/fortcrypt/maci.h
deleted file mode 100644
index eb38ff81c..000000000
--- a/security/nss/lib/fortcrypt/maci.h
+++ /dev/null
@@ -1,776 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/* @(#)maci.h 1.27\t05 Jan 1996 */
-/*****************************************************************************
- Definitive Fortezza header file.
- Application Level Interface to Fortezza MACI Library.
-
- Version for CI Library 1.52
- January 5, 1996
-
-
- NOTICE: Fortezza Export Policy
-
- The Fortezza Cryptologic Interface (CI) Library (both source and
- object) and Fortezza CI Library based applications are defense
- articles, as defined in the International Traffic In Arms
- Regulations (ITAR), and are subject to export controls under the
- ITAR and the Arms Export Control Act. Any export to any country
- of (a) the Fortezza CI Library, related documentation, and
- technical data, or (b) your cryptographic application, process,
- or service that is the direct product of, or contains the
- Fortezza CI Library must comply with the requirements of the ITAR.
- If you or your customer intends to engage in such export, contact
- the United States Department of State, Office of Defense Trade
- Controls for specific guidance.
-
-
- ****************************************************************************/
-#ifndef __MACI_H
-#define __MACI_H
-
-#if __cplusplus__ || __cplusplus
-extern "C"
-{
-#endif /* C++ */
-
-
-#ifndef __CRYPTINT_H
-
-#ifndef PROTO_LIST
-#ifdef _K_AND_R_
-#define PROTO_LIST(list) ()
-#else
-#define PROTO_LIST(list) list
-#endif /*_K_AND_R_ */
-#endif /* PROTO_LIST */
-
-
-#ifndef RETURN_TYPE
-#if defined( _WIN32 ) || defined( __WIN32__ )
-#define RETURN_TYPE extern _declspec( dllimport ) int _cdecl
-#elif defined( _WINDOWS ) || defined( _Windows )
-#define RETURN_TYPE extern int _far _pascal
-#else
-#define RETURN_TYPE extern int
-#endif /* Windows */
-#endif /* RETURN_TYPE */
-
-/* MS Visual C++ defines _MSDOS and _WINDOWS */
-/* Borland C/C++ defines __MSDOS__ and _Windows */
-#if (defined( _WINDOWS ) || defined( _Windows )) && \
- !(defined( _WIN32 ) || defined( __WIN32__ ))
-#define CI_FAR _far
-#else
-#define CI_FAR
-#endif /* MS DOS or Windows */
-
-
-/*****************************************************************************
- Constants
- ****************************************************************************/
-#define CI_LIB_VERSION_VAL 0x0152 /* Version 1.52 */
-
-#define CI_CERT_SIZE 2048
-#define CI_CERT_FLAGS_SIZE 16
-#define CI_CERT_NAME_SIZE 32
-#define CI_CHALLENGE_SIZE 20
-
-#define CI_G_SIZE 128
-
-#define CI_HASHVALUE_SIZE 20
-
-#define CI_IV_SIZE 24
-
-#define CI_KEY_SIZE 12
-#define CI_KS_SIZE 10
-
-#define CI_NAME_SIZE 32
-
-#define CI_PASSWORD_SIZE 24
-#define CI_PIN_SIZE 12
-#define CI_P_SIZE 128
-
-#define CI_Q_SIZE 20
-
-#define CI_R_SIZE 40
-#define CI_RANDOM_NO_SIZE 20
-#define CI_RANDOM_SEED_SIZE 8
-#define CI_RA_SIZE 128
-#define CI_RB_SIZE 128
-#define CI_REG_FLAGS_SIZE 4
-
-#define CI_S_SIZE 40
-#define CI_SAVE_DATA_SIZE 28
-#define CI_SERIAL_NUMBER_SIZE 8
-#define CI_SIGNATURE_SIZE 40
-#define CI_STATUS_FLAGS_SIZE 4
-
-#define CI_TIME_SIZE 16
-#define CI_TIMESTAMP_SIZE 16
-
-#define CI_WRAPPED_X_SIZE 24
-
-#define CI_Y_SIZE 128
-
-#define CI_X_SIZE 20
-
-
-/* Miscellaneous */
-#define CI_NULL_FLAG 0
-#define CI_POWER_DOWN_FLAG 2
-#define CI_NO_LOG_OFF_FLAG 4
-#define CI_INITIATOR_FLAG 0
-#define CI_RECIPIENT_FLAG 1
-
-#define CI_BLOCK_LOCK_FLAG 1
-#define CI_SSO_LOGGED_ON 0x40
-#define CI_USER_LOGGED_ON 0x00
-#define CI_FAST_MODE 0x10
-#define CI_SLOW_MODE 0x00
-#define CI_WORST_CASE_MODE 0x40
-#define CI_TYPICAL_CASE_MODE 0x00
-
-/* Card Public Key Algorithms Types */
-#define CI_DSA_TYPE 0xA
-#define CI_KEA_TYPE 0x5
-#define CI_DSA_KEA_TYPE 0xF
-
-/* Fortezza Pin Types */
-#define CI_SSO_PIN 0x25
-#define CI_USER_PIN 0x2A
-
-/* Crypto Types */
-#define CI_ENCRYPT_TYPE 0
-#define CI_DECRYPT_TYPE 1
-#define CI_HASH_TYPE 2
-
-/* Save and Restore Types */
-#define CI_ENCRYPT_INT_TYPE 0x00 /* Internal Encryption */
-#define CI_ENCRYPT_EXT_TYPE 0x10 /* External Encryption */
-#define CI_DECRYPT_INT_TYPE 0x01 /* Internal Decryption */
-#define CI_DECRYPT_EXT_TYPE 0x11 /* External Decryption */
-#define CI_HASH_INT_TYPE 0x02 /* Internal Hash */
-#define CI_HASH_EXT_TYPE 0x12 /* External Hash */
-#define CI_TYPE_EXT_FLAG 0x10 /* Used to differentiate */
-
-/* Configuration types */
-#define CI_SET_SPEED_TYPE 1
-#define CI_SET_TIMING_TYPE 2
-
-/* Lock States */
-#define CI_SOCKET_UNLOCKED 0
-#define CI_HOLD_LOCK 1
-#define CI_SOCKET_LOCKED 2
-
-/* Fortezza Crypto Types Modes */
-#define CI_ECB64_MODE 0
-#define CI_CBC64_MODE 1
-#define CI_OFB64_MODE 2
-#define CI_CFB64_MODE 3
-#define CI_CFB32_MODE 4
-#define CI_CFB16_MODE 5
-#define CI_CFB8_MODE 6
-
-/* Card States */
-#define CI_POWER_UP 0
-#define CI_UNINITIALIZED 1
-#define CI_INITIALIZED 2
-#define CI_SSO_INITIALIZED 3
-#define CI_LAW_INITIALIZED 4
-#define CI_USER_INITIALIZED 5
-#define CI_STANDBY 6
-#define CI_READY 7
-#define CI_ZEROIZE 8
-#define CI_INTERNAL_FAILURE (-1)
-
-/* Flags for Firmware Update. */
-#if !defined( _K_AND_R_ )
-
-#define CI_NOT_LAST_BLOCK_FLAG 0x00000000UL
-#define CI_LAST_BLOCK_FLAG 0x80000000UL
-#define CI_DESTRUCTIVE_FLAG 0x000000FFUL
-#define CI_NONDESTRUCTIVE_FLAG 0x0000FF00UL
-
-#else
-
-#define CI_NOT_LAST_BLOCK_FLAG 0x00000000L
-#define CI_LAST_BLOCK_FLAG 0x80000000L
-#define CI_DESTRUCTIVE_FLAG 0x000000FFL
-#define CI_NONDESTRUCTIVE_FLAG 0x0000FF00L
-
-#endif /* _K_AND_R_ */
-
-/****************************************************************************
- Fortezza Library Return Codes
- ***************************************************************************/
-
-/* Card Responses */
-#define CI_OK 0
-#define CI_FAIL 1
-#define CI_CHECKWORD_FAIL 2
-#define CI_INV_TYPE 3
-#define CI_INV_MODE 4
-#define CI_INV_KEY_INDEX 5
-#define CI_INV_CERT_INDEX 6
-#define CI_INV_SIZE 7
-#define CI_INV_HEADER 8
-#define CI_INV_STATE 9
-#define CI_EXEC_FAIL 10
-#define CI_NO_KEY 11
-#define CI_NO_IV 12
-#define CI_NO_X 13
-
-#define CI_NO_SAVE 15
-#define CI_REG_IN_USE 16
-#define CI_INV_COMMAND 17
-#define CI_INV_POINTER 18
-#define CI_BAD_CLOCK 19
-#define CI_NO_DSA_PARMS 20
-
-/* Library Errors */
-#define CI_ERROR (-1)
-#define CI_LIB_NOT_INIT (-2)
-#define CI_CARD_NOT_READY (-3)
-#define CI_CARD_IN_USE (-4)
-#define CI_TIME_OUT (-5)
-#define CI_OUT_OF_MEMORY (-6)
-#define CI_NULL_PTR (-7)
-#define CI_BAD_SIZE (-8)
-#define CI_NO_DECRYPT (-9)
-#define CI_NO_ENCRYPT (-10)
-#define CI_NO_EXECUTE (-11)
-#define CI_BAD_PARAMETER (-12)
-#define CI_OUT_OF_RESOURCES (-13)
-
-#define CI_NO_CARD (-20)
-#define CI_NO_DRIVER (-21)
-#define CI_NO_CRDSRV (-22)
-#define CI_NO_SCTSRV (-23)
-
-#define CI_BAD_CARD (-30)
-#define CI_BAD_IOCTL (-31)
-#define CI_BAD_READ (-32)
-#define CI_BAD_SEEK (-33)
-#define CI_BAD_WRITE (-34)
-#define CI_BAD_FLUSH (-35)
-#define CI_BAD_IOSEEK (-36)
-#define CI_BAD_ADDR (-37)
-
-#define CI_INV_SOCKET_INDEX (-40)
-#define CI_SOCKET_IN_USE (-41)
-#define CI_NO_SOCKET (-42)
-#define CI_SOCKET_NOT_OPENED (-43)
-#define CI_BAD_TUPLES (-44)
-#define CI_NOT_A_CRYPTO_CARD (-45)
-
-#define CI_INVALID_FUNCTION (-50)
-#define CI_LIB_ALRDY_INIT (-51)
-#define CI_SRVR_ERROR (-52)
-#define MACI_SESSION_EXCEEDED (-53)
-
-
-/*****************************************************************************
- Data Structures
- ****************************************************************************/
-
-
-typedef unsigned char CI_CERTIFICATE[CI_CERT_SIZE];
-
-typedef unsigned char CI_CERT_FLAGS[CI_CERT_FLAGS_SIZE];
-
-typedef unsigned char CI_CERT_STR[CI_CERT_NAME_SIZE+4];
-
-typedef unsigned char CI_FAR *CI_DATA;
-
-typedef unsigned char CI_G[CI_G_SIZE];
-
-typedef unsigned char CI_HASHVALUE[CI_HASHVALUE_SIZE];
-
-typedef unsigned char CI_IV[CI_IV_SIZE];
-
-typedef unsigned char CI_KEY[CI_KEY_SIZE];
-
-typedef unsigned char CI_KS[CI_KS_SIZE];
-
-typedef unsigned char CI_P[CI_P_SIZE];
-
-typedef unsigned char CI_PASSWORD[CI_PASSWORD_SIZE + 4];
-
-typedef unsigned char CI_PIN[CI_PIN_SIZE + 4];
-
-typedef unsigned char CI_Q[CI_Q_SIZE];
-
-typedef unsigned char CI_RA[CI_RA_SIZE];
-
-typedef unsigned char CI_RB[CI_RB_SIZE];
-
-typedef unsigned char CI_RANDOM[CI_RANDOM_NO_SIZE];
-
-typedef unsigned char CI_RANDSEED[CI_RANDOM_SEED_SIZE];
-
-typedef unsigned char CI_REG_FLAGS[CI_REG_FLAGS_SIZE];
-
-typedef unsigned char CI_SIGNATURE[CI_SIGNATURE_SIZE];
-
-typedef unsigned char CI_SAVE_DATA[CI_SAVE_DATA_SIZE];
-
-typedef unsigned char CI_SERIAL_NUMBER[CI_SERIAL_NUMBER_SIZE];
-
-typedef unsigned int CI_STATE, CI_FAR *CI_STATE_PTR;
-
-typedef unsigned char CI_TIME[CI_TIME_SIZE];
-
-typedef unsigned char CI_TIMESTAMP[CI_TIMESTAMP_SIZE];
-
-typedef unsigned char CI_WRAPPED_X[CI_WRAPPED_X_SIZE];
-
-typedef unsigned char CI_Y[CI_Y_SIZE];
-
-typedef unsigned char CI_X[CI_X_SIZE];
-
-typedef struct {
- int LibraryVersion; /* CI Library version */
- int ManufacturerVersion; /* Card's hardware version */
- char ManufacturerName[CI_NAME_SIZE+4]; /* Card manufacturer's name*/
- char ProductName[CI_NAME_SIZE+4]; /* Card's product name */
- char ProcessorType[CI_NAME_SIZE+4]; /* Card's processor type */
- unsigned long UserRAMSize; /* Amount of User RAM in bytes */
- unsigned long LargestBlockSize; /* Largest block of data to pass in */
- int KeyRegisterCount; /* Number of key registers */
- int CertificateCount; /* Maximum number of personalities (# certs-1) */
- int CryptoCardFlag; /* A flag that if non-zero indicates that there is
- a Crypto-Card in the socket. If this value is
- zero then there is NOT a Crypto-Card in the
- sockets. */
- int ICDVersion; /* The ICD compliance level */
- int ManufacturerSWVer; /* The Manufacturer's Software Version */
- int DriverVersion; /* Driver Version */
-} CI_CONFIG, CI_FAR *CI_CONFIG_PTR;
-
-typedef struct {
- int CertificateIndex; /* Index from 1 to CertificateCount */
- CI_CERT_STR CertLabel; /* The certificate label */
-} CI_PERSON, CI_FAR *CI_PERSON_PTR;
-
-typedef struct {
- int CurrentSocket; /* The currently selected socket */
- int LockState; /* Lock status of the current socket */
- CI_SERIAL_NUMBER SerialNumber; /* Serial number of the Crypto Engine chip */
- CI_STATE CurrentState; /* State of The Card */
- int DecryptionMode; /* Decryption mode of The Card */
- int EncryptionMode; /* Encryption mode of The Card */
- int CurrentPersonality; /* Index of the current personality */
- int KeyRegisterCount; /* No. of Key Register on The Card */
- CI_REG_FLAGS KeyRegisterFlags; /* Bit Masks indicating Key Register use */
- int CertificateCount; /* No. of Certificates on The Card */
- CI_CERT_FLAGS CertificateFlags; /* Bit Mask indicating certificate use */
- unsigned char Flags[CI_STATUS_FLAGS_SIZE];
- /* Flag[0] : bit 6 for Condition mode */
- /* bit 4 for Clock mode */
-} CI_STATUS, CI_FAR *CI_STATUS_PTR;
-
-#endif
-
-/* Session constants */
-#ifndef HSESSION_DEFINE
-typedef unsigned int HSESSION;
-#define HSESSION_DEFINE
-#endif
-#define MAXSESSION 100
-
-/*****************************************************************************
- Function Call Prototypes
- ****************************************************************************/
-
-RETURN_TYPE
-MACI_ChangePIN PROTO_LIST( (
- HSESSION hSession,
- int PINType,
- CI_PIN CI_FAR pOldPIN,
- CI_PIN CI_FAR pNewPIN ) );
-
-RETURN_TYPE
-MACI_CheckPIN PROTO_LIST( (
- HSESSION hSession,
- int PINType,
- CI_PIN CI_FAR pPIN ) );
-
-RETURN_TYPE
-MACI_Close PROTO_LIST( (
- HSESSION hSession,
- unsigned int Flags,
- int SocketIndex ) );
-
-RETURN_TYPE
-MACI_Decrypt PROTO_LIST( (
- HSESSION hSession,
- unsigned int CipherSize,
- CI_DATA pCipher,
- CI_DATA pPlain ) );
-
-RETURN_TYPE
-MACI_DeleteCertificate PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex ) );
-
-RETURN_TYPE
-MACI_DeleteKey PROTO_LIST( (
- HSESSION hSession,
- int RegisterIndex ) );
-
-RETURN_TYPE
-MACI_Encrypt PROTO_LIST( (
- HSESSION hSession,
- unsigned int PlainSize,
- CI_DATA pPlain,
- CI_DATA pCipher ) );
-
-RETURN_TYPE
-MACI_ExtractX PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- int AlgorithmType,
- CI_PASSWORD CI_FAR pPassword,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_WRAPPED_X CI_FAR pX,
- CI_RA CI_FAR pRa,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) );
-
-RETURN_TYPE
-MACI_FirmwareUpdate PROTO_LIST( (
- HSESSION hSession,
- unsigned long Flags,
- long Cksum,
- unsigned int CksumLength,
- unsigned int DataSize,
- CI_DATA pData ) );
-
-RETURN_TYPE
-MACI_GenerateIV PROTO_LIST( (
- HSESSION hSession,
- CI_IV CI_FAR pIV ) );
-
-RETURN_TYPE
-MACI_GenerateMEK PROTO_LIST( (
- HSESSION hSession,
- int RegisterIndex,
- int Reserved ) );
-
-RETURN_TYPE
-MACI_GenerateRa PROTO_LIST( (
- HSESSION hSession,
- CI_RA CI_FAR pRa ) );
-
-RETURN_TYPE
-MACI_GenerateRandom PROTO_LIST( (
- HSESSION hSession,
- CI_RANDOM CI_FAR pRandom ) );
-
-RETURN_TYPE
-MACI_GenerateTEK PROTO_LIST( (
- HSESSION hSession,
- int Flags,
- int RegisterIndex,
- CI_RA CI_FAR pRa,
- CI_RB CI_FAR pRb,
- unsigned int YSize,
- CI_Y CI_FAR pY ) );
-
-RETURN_TYPE
-MACI_GenerateX PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- int AlgorithmType,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG,
- unsigned int YSize,
- CI_Y CI_FAR pY ) );
-
-RETURN_TYPE
-MACI_GetCertificate PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- CI_CERTIFICATE CI_FAR pCertificate ) );
-
-RETURN_TYPE
-MACI_GetConfiguration PROTO_LIST( (
- HSESSION hSession,
- CI_CONFIG_PTR pConfiguration ) );
-
-RETURN_TYPE
-MACI_GetHash PROTO_LIST( (
- HSESSION hSession,
- unsigned int DataSize,
- CI_DATA pData,
- CI_HASHVALUE CI_FAR pHashValue ) );
-
-RETURN_TYPE
-MACI_GetPersonalityList PROTO_LIST( (
- HSESSION hSession,
- int EntryCount,
- CI_PERSON CI_FAR pPersonalityList[] ) );
-
-RETURN_TYPE
-MACI_GetSessionID PROTO_LIST( (
- HSESSION *hSession ) );
-
-RETURN_TYPE
-MACI_GetState PROTO_LIST( (
- HSESSION hSession,
- CI_STATE_PTR pState ) );
-
-RETURN_TYPE
-MACI_GetStatus PROTO_LIST( (
- HSESSION hSession,
- CI_STATUS_PTR pStatus ) );
-
-RETURN_TYPE
-MACI_GetTime PROTO_LIST( (
- HSESSION hSession,
- CI_TIME CI_FAR pTime ) );
-
-RETURN_TYPE
-MACI_Hash PROTO_LIST( (
- HSESSION hSession,
- unsigned int DataSize,
- CI_DATA pData ) );
-
-RETURN_TYPE
-MACI_Initialize PROTO_LIST( (
- int CI_FAR *SocketCount ) );
-
-RETURN_TYPE
-MACI_InitializeHash PROTO_LIST( (
- HSESSION hSession ) );
-
-RETURN_TYPE
-MACI_InstallX PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- int AlgorithmType,
- CI_PASSWORD CI_FAR pPassword,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_WRAPPED_X CI_FAR pWrappedX,
- CI_RA CI_FAR pRa,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) );
-
-RETURN_TYPE
-MACI_LoadCertificate PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- CI_CERT_STR CI_FAR pCertLabel,
- CI_CERTIFICATE CI_FAR pCertificate,
- long Reserved ) );
-
-RETURN_TYPE
-MACI_LoadDSAParameters PROTO_LIST( (
- HSESSION hSession,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG ) );
-
-RETURN_TYPE
-MACI_LoadInitValues PROTO_LIST( (
- HSESSION hSession,
- CI_RANDSEED CI_FAR pRandSeed,
- CI_KS CI_FAR pKs ) );
-
-RETURN_TYPE
-MACI_LoadIV PROTO_LIST( (
- HSESSION hSession,
- CI_IV CI_FAR pIV ) );
-
-RETURN_TYPE
-MACI_LoadX PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex,
- int AlgorithmType,
- unsigned int PandGSize,
- unsigned int QSize,
- CI_P CI_FAR pP,
- CI_Q CI_FAR pQ,
- CI_G CI_FAR pG,
- CI_X CI_FAR pX,
- unsigned int YSize,
- CI_Y CI_FAR pY ) );
-
-RETURN_TYPE
-MACI_Lock PROTO_LIST( (
- HSESSION hSession,
- int Flags ) );
-
-RETURN_TYPE
-MACI_Open PROTO_LIST( (
- HSESSION hSession,
- unsigned int Flags,
- int SocketIndex ) );
-
-RETURN_TYPE
-MACI_RelayX PROTO_LIST( (
- HSESSION hSession,
- CI_PASSWORD CI_FAR pOldPassword,
- unsigned int OldYSize,
- CI_Y CI_FAR pOldY,
- CI_RA CI_FAR pOldRa,
- CI_WRAPPED_X CI_FAR pOldWrappedX,
- CI_PASSWORD CI_FAR pNewPassword,
- unsigned int NewYSize,
- CI_Y CI_FAR pNewY,
- CI_RA CI_FAR pNewRa,
- CI_WRAPPED_X CI_FAR pNewWrappedX ) );
-
-RETURN_TYPE
-MACI_Reset PROTO_LIST( (
- HSESSION hSession ) );
-
-RETURN_TYPE
-MACI_Restore PROTO_LIST( (
- HSESSION hSession,
- int CryptoType,
- CI_SAVE_DATA CI_FAR pData ) );
-
-RETURN_TYPE
-MACI_Save PROTO_LIST( (
- HSESSION hSession,
- int CryptoType,
- CI_SAVE_DATA CI_FAR pData ) );
-
-RETURN_TYPE
-MACI_Select PROTO_LIST( (
- HSESSION hSession,
- int SocketIndex ) );
-
-RETURN_TYPE
-MACI_SetConfiguration PROTO_LIST( (
- HSESSION hSession,
- int Type,
- unsigned int DataSize,
- CI_DATA pData ) );
-
-RETURN_TYPE
-MACI_SetKey PROTO_LIST( (
- HSESSION hSession,
- int RegisterIndex ) );
-
-RETURN_TYPE
-MACI_SetMode PROTO_LIST( (
- HSESSION hSession,
- int CryptoType,
- int CryptoMode ) );
-
-RETURN_TYPE
-MACI_SetPersonality PROTO_LIST( (
- HSESSION hSession,
- int CertificateIndex ) );
-
-RETURN_TYPE
-MACI_SetTime PROTO_LIST( (
- HSESSION hSession,
- CI_TIME CI_FAR pTime ) );
-
-RETURN_TYPE
-MACI_Sign PROTO_LIST( (
- HSESSION hSession,
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature ) );
-
-RETURN_TYPE
-MACI_Terminate PROTO_LIST( (
- HSESSION hSession ) );
-
-RETURN_TYPE
-MACI_TimeStamp PROTO_LIST( (
- HSESSION hSession,
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature,
- CI_TIMESTAMP CI_FAR pTimeStamp ) );
-
-RETURN_TYPE
-MACI_Unlock PROTO_LIST( (
- HSESSION hSession) );
-
-RETURN_TYPE
-MACI_UnwrapKey PROTO_LIST( (
- HSESSION hSession,
- int UnwrapIndex,
- int KeyIndex,
- CI_KEY CI_FAR pKey ) );
-
-RETURN_TYPE
-MACI_VerifySignature PROTO_LIST( (
- HSESSION hSession,
- CI_HASHVALUE CI_FAR pHashValue,
- unsigned int YSize,
- CI_Y CI_FAR pY,
- CI_SIGNATURE CI_FAR pSignature ) );
-
-RETURN_TYPE
-MACI_VerifyTimeStamp PROTO_LIST( (
- HSESSION hSession,
- CI_HASHVALUE CI_FAR pHashValue,
- CI_SIGNATURE CI_FAR pSignature,
- CI_TIMESTAMP CI_FAR pTimeStamp ) );
-
-RETURN_TYPE
-MACI_WrapKey PROTO_LIST( (
- HSESSION hSession,
- int WrapIndex,
- int KeyIndex,
- CI_KEY CI_FAR pKey ) );
-
-RETURN_TYPE
-MACI_Zeroize PROTO_LIST( (
- HSESSION hSession ) );
-
-#if __cplusplus__ || __cplusplus
-}
-#endif /* C++ */
-
-#endif /* CRYPTINT_H */
-
diff --git a/security/nss/lib/fortcrypt/macinst.htm b/security/nss/lib/fortcrypt/macinst.htm
deleted file mode 100644
index cf3988157..000000000
--- a/security/nss/lib/fortcrypt/macinst.htm
+++ /dev/null
@@ -1,148 +0,0 @@
-<HTML>
-<--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
--->
-<TITLE>MAC Installer</TITLE>
-
-<SCRIPT>
-// Crypto Mechanism Flags
-PKCS11_MECH_RSA_FLAG = 0x1<<0;
-PKCS11_MECH_DSA_FLAG = 0x1<<1;
-PKCS11_MECH_RC2_FLAG = 0x1<<2;
-PKCS11_MECH_RC4_FLAG = 0x1<<3;
-PKCS11_MECH_DES_FLAG = 0x1<<4;
-PKCS11_MECH_DH_FLAG = 0x1<<5; //Diffie-Hellman
-PKCS11_MECH_SKIPJACK_FLAG = 0x1<<6; //SKIPJACK algorithm as in Fortezza cards
-PKCS11_MECH_RC5_FLAG = 0x1<<7;
-PKCS11_MECH_SHA1_FLAG = 0x1<<8;
-PKCS11_MECH_MD5_FLAG = 0x1<<9;
-PKCS11_MECH_MD2_FLAG = 0x1<<10;
-PKCS11_MECH_RANDOM_FLAG = 0x1<<27; //Random number generator
-PKCS11_PUB_READABLE_CERT_FLAG = 0x1<<28; //Stored certs can be read off the token w/o logging in
-PKCS11_DISABLE_FLAG = 0x1<<30; //tell Navigator to disable this slot by default
-
-// Important:
-// 0x1<<11, 0x1<<12, ... , 0x1<<26, 0x1<<29, and 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should always be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which mechanisms should be turned on by
-pkcs11MechanismFlags = PKCS11_MECH_RANDOM_FLAG;
-
-
-// Ciphers that support SSL or S/MIME
-PKCS11_CIPHER_FORTEZZA_FLAG = 0x1<<0;
-
-// Important:
-// 0x1<<1, 0x1<<2, ... , 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should ALWAYS be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which SSL ciphers are supported
-pkcs11CipherFlags = PKCS11_CIPHER_FORTEZZA_FLAG;
-
-
-// Return values of pkcs11.addmodule() & pkcs11.delmodule()
-// success codes
-JS_OK_ADD_MODULE = 3 // Successfully added a module
-JS_OK_DEL_EXTERNAL_MODULE = 2 // Successfully deleted ext. module
-JS_OK_DEL_INTERNAL_MODULE = 1 // Successfully deleted int. module
-
-// failure codes
-JS_ERR_OTHER = -1 // Other errors than the followings
-JS_ERR_USER_CANCEL_ACTION = -2 // User abort an action
-JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3 // Calling a method w/ incorrect # of arguments
-JS_ERR_DEL_MODULE = -4 // Error deleting a module
-JS_ERR_ADD_MODULE = -5 // Error adding a module
-JS_ERR_BAD_MODULE_NAME = -6 // The module name is invalid
-JS_ERR_BAD_DLL_NAME = -7 // The DLL name is bad
-JS_ERR_BAD_MECHANISM_FLAGS = -8 // The mechanism flags are invalid
-JS_ERR_BAD_CIPHER_ENABLE_FLAGS = -9 // The SSL, S/MIME cipher flags are invalid
-
-var new_window;
-var has_new_window = 0;
-
-function colonize(string) {
- len = string.length;
- end = len -1;
-
- if (len == 0) return string;
-
-
- for (i=0; i < len; i++) {
- if (string.charAt(i) == "/") {
- if (i == 0) {
- new_string = ":" + string.substring(1,len);
- } else if (i == end) {
- new_string = string.substring(0,i)+':';
- } else {
- new_string = string.substring(0,i)+':'+
- string.substring(i+1,len);
- }
- string = new_string;
- }
- }
-
- if (string.charAt(0) == ":") string = string.substring(1,len);
- return string;
-}
-
-function DoInstall(module) {
- module = colonize(module);
- result = pkcs11.addmodule("Netscape FORTEZZA Module", module, pkcs11MechanismFlags, pkcs11CipherFlags);
- if ( result < 0) {
- window.alert("New module setup failed. Error code: " + result);
- }
- if (has_new_window) new_window.close();
-}
-
-function DoUnpack(name) {
- new_window = open(name,"unpacking","toolbar=no,location=no,status=yes,scrollbar=no,width=50,height=50");
- has_new_window = 1;
-}
-
-filename=navigator.platform+".hqx"
-
-default_module = "D:/dogbert/ns/dist/WIN32_D.OBJ/bin/fort32.dll"
-document.writeln("<FORM name=instform target=_self> <H2>Mac Fortezza Installer</H2>");
-document.writeln("<I>You must first unpack the <b>"+filename+"</b> file.");
-document.writeln(" Do that by clicking on button below.</i><p>");
-document.writeln("<Input type=button value=Unpack name=unpack onclick=DoUnpack(\""+filename+"\"); ><p>");
-document.writeln("<I>Then move <b>FortPK11Lib</b> to an appropriate directory ");
-document.writeln(" enter that directory below, then click the Install button.</i><p>");
-document.writeln(" Module Name: <Input Type=FILE Name=module><p>");
-document.write("<Input type=submit Name=Install Value=Install onclick=DoInstall(");
-document.writeln( "document.instform.module.value) >");
-document.writeln("</FORM>");
-</SCRIPT>
diff --git a/security/nss/lib/fortcrypt/manifest.mn b/security/nss/lib/fortcrypt/manifest.mn
deleted file mode 100644
index 6dc9019c4..000000000
--- a/security/nss/lib/fortcrypt/manifest.mn
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-MODULE = security
-LIBRARY_NAME = fort
-#LIBRARY_VERSION = 32
-
-DIRS = swfort
-
-CSRCS = forsock.c \
- fortpk11.c \
- fmutex.c \
- $(NULL)
-
-EXPORTS =
-PRIVATE_EXPORTS = maci.h cryptint.h
-
-REQUIRES = security dbm
-
diff --git a/security/nss/lib/fortcrypt/replace.c b/security/nss/lib/fortcrypt/replace.c
deleted file mode 100644
index b4c5edd18..000000000
--- a/security/nss/lib/fortcrypt/replace.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-# include <stdio.h>
-# include <string.h>
-
-int main(int argc, char* argv[]) {
- FILE *templ;
- FILE *target;
- unsigned char buffer[81];
- unsigned char *find, *replace;
- int matchcount = 0;
- int ch;
- int len;
-
- buffer[0] = '\0';
-
- if (argc != 5) {
- fprintf(stderr, "usuage: replace template.js searchstring replacestring target.js \n");
- return 1;
- }
-
- templ = fopen(argv[1], "r");
- if (!templ) {
- fprintf(stderr, "Cannot open template script %s\n", argv[1]);
- return 2;
- }
-
- find = (unsigned char*) argv[2];
- replace = (unsigned char*) argv[3];
-
- target = fopen(argv[4], "w");
- if (!target) {
- fclose(templ);
- fprintf(stderr, "Cannot write to target script %s\n", argv[4]);
- return 3;
- }
-
- for (len = 0; find[len]!='\0'; len++);
-
- if (len > 80) {
- fprintf(stderr, "length of searchstring exceeds 80 chars");
- return 4;
- }
-
- /* get a char from templ */
- while ((int)(ch=fgetc(templ)) != EOF) {
- if ((unsigned char)ch == find[matchcount]) {
- /* if it matches find[matchcount],
- * then store one more char in buffer,
- * increase match count, and checks if
- * the whole word has been found */
- buffer[matchcount] = (unsigned char) ch;
- buffer[++matchcount] = '\0';
-
- if (matchcount == len) {
- matchcount = 0;
- fprintf(target, "%s", replace);
- }
- } else {
- /* reset matchcount, flush buffer */
- if (matchcount > 0) {
- fprintf(target, "%s", buffer);
- matchcount = 0;
- }
- fputc(ch, target);
- }
- }
- fclose(templ);
- fclose(target);
- return 0;
-}
diff --git a/security/nss/lib/fortcrypt/secmodjar.html b/security/nss/lib/fortcrypt/secmodjar.html
deleted file mode 100644
index f093a5965..000000000
--- a/security/nss/lib/fortcrypt/secmodjar.html
+++ /dev/null
@@ -1,441 +0,0 @@
-<HTML>
-<--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
--->
-<HEAD>
- <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
- <META NAME="Author" CONTENT="Hoi-Sheung Wilson So">
- <META NAME="GENERATOR" CONTENT="Mozilla/4.02 [en] (WinNT; I) [Netscape]">
- <TITLE>How to Package Your Security Module for use with SmartUpdate</TITLE>
-</HEAD>
-<BODY>
-<FONT SIZE=+2>Using
-JAR Installation Manager Technology to Install Your PKCS11 Security Module</FONT>
-
-<P>Table of contents
-<BR><A HREF="#intro">I. Introduction</A>
-<BR><A HREF="#procedure">II. How to Create a Security Module JAR</A>
-<BR><A HREF="#samplescript">III. Sample Installer Script</A>
-<BR><A HREF="#reference">IV. Programmers' Reference</A>
-<BR><A HREF="#copyright">VI. Copyright Notice</A>
-<BR><A NAME="intro"></A><FONT SIZE=+1>I. Introduction</FONT>
-<BR>This docuemnt describes how to prepare your security module so that
-users can download it from the Internet, verify its integrity, and install
-by only pointing and clicking mouses.&nbsp; The packaged module is a signed
-JAR archive. This JAR archive contains a dynamically-linked library which
-implements the Security Module and a pice of installer script (.js) that
-registers and configures the newly installed module.&nbsp; SmartUpdate
-allows users to download JAR archinve that has been signed digitally by
-the software vendor.&nbsp; SmartUpdate then decompresses the JAR file,
-verify the signature and validity of the files packaged into the archive.&nbsp;
-If the signature is valid, SmartUpdate will run the installer script found
-in the archive.&nbsp; The installer script will instruct SmartUpdate to
-move the downloaded security module library to a specified location.&nbsp;
-Next, the script will register the module with Navigator, and configure
-it.
-
-<P>This document does not describe how SmartUpdate works.&nbsp; For more
-information about SmartUpdate, check out <A HREF="http://developer.netscape.com/library/documentation/communicator/jarman/index.htm">JAR
-Installation Manager</A>.
-
-<P><A NAME="procedure"></A><FONT SIZE=+1>II. How to Create a Security Module
-JAR</FONT>
-<OL>
-<LI>
-Obtain a copy of PKCS#11: Cryptographic Token Interface Standard Version
-2.00, published by <A HREF="http://www.rsa.com">RSA Laboratories</A>, Redwood
-City, California.</LI>
-
-<LI>
-Implement a PKCS#11 library according to PKCS#11 standards.</LI>
-
-<LI>
-Write a installer script that will register the module with Navigator.</LI>
-
-<LI>
-Use either JAR Packager or command line tool to package the library and
-the script in a signed JAR archive.</LI>
-
-<LI>
-Publish the JAR file on the web, and notify users to install/upgrade their
-library.</LI>
-</OL>
-<A NAME="samplescript"></A><FONT SIZE=+1>III. Sample Installer Script</FONT>
-
-<P>Functions of the following installer script:
-<BR>1. Start SmartUpdate and declares the version and the name of the module
-to be installed.
-<BR>2. Extract a library called DUMMY_DLL from the JAR archive and install
-it under the Netscape Program folder.
-<BR>3. Register the installed module by calling pkcs11.addmodule( ) method
-with information about the capabilities of the module.
-<BR>4. Check to see if pkcs11.addmodule( ) has been successful, and display
-appropriate messages.
-
-<P><TT>// Crypto Mechanism Flags</TT>
-<BR><TT>PKCS11_MECH_RSA_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;0;</TT>
-<BR><TT>PKCS11_MECH_DSA_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;1;</TT>
-<BR><TT>PKCS11_MECH_RC2_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;2;</TT>
-<BR><TT>PKCS11_MECH_RC4_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;3;</TT>
-<BR><TT>PKCS11_MECH_DES_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;4;</TT>
-<BR><TT>PKCS11_MECH_DH_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;5; //Diffie-Hellman</TT>
-<BR><TT>PKCS11_MECH_SKIPJACK_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&nbsp;
-0x1&lt;&lt;6; //SKIPJACK algorithm as in Fortezza cards</TT>
-<BR><TT>PKCS11_MECH_RC5_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;7;</TT>
-<BR><TT>PKCS11_MECH_SHA1_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;8;</TT>
-<BR><TT>PKCS11_MECH_MD5_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;9;</TT>
-<BR><TT>PKCS11_MECH_MD2_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;10;</TT>
-<BR><TT>PKCS11_MECH_RANDOM_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;27; //Random number generator</TT>
-<BR><TT>PKCS11_PUB_READABLE_CERT_FLAG&nbsp; =&nbsp; 0x1&lt;&lt;28; //Stored
-certs can be read off the token w/o logging in</TT>
-<BR><TT>PKCS11_DISABLE_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;30; //tell Navigator to disable this slot by default</TT>
-
-<P><TT>// Important:</TT>
-<BR><TT>// 0x1&lt;&lt;11, 0x1&lt;&lt;12, ... , 0x1&lt;&lt;26, and 0x1&lt;&lt;31
-are reserved</TT>
-<BR><TT>// for internal use in Navigator.</TT>
-<BR><TT>// Therefore, these bits should always be set to 0; otherwise,</TT>
-<BR><TT>// Navigator might exhibit unpredictable behavior.</TT>
-
-<P><TT>// These flags indicate which mechanisms should be turned on by</TT>
-<BR><TT>pkcs11MechanismFlags = PKCS11_MECH_DSA_FLAG | PKCS11_MECH_SKIPJACK_FLAG
-| PKCS11_MECH_RANDOM_FLAG;</TT>
-<BR><TT>&nbsp;</TT>
-
-<P><TT>// Ciphers that support SSL or S/MIME</TT>
-<BR><TT>PKCS11_CIPHER_FORTEZZA_FLAG&nbsp;&nbsp;&nbsp; = 0x1&lt;&lt;0;</TT>
-
-<P><TT>// Important:</TT>
-<BR><TT>// 0x1&lt;&lt;11, 0x1&lt;&lt;12, ... , 0x1&lt;&lt;26, 0x1&lt;&lt;29,
-and 0x1&lt;&lt;31 are reserved</TT>
-<BR><TT>// for internal use in Navigator.</TT>
-<BR><TT>// Therefore, these bits should ALWAYS be set to 0; otherwise,</TT>
-<BR><TT>// Navigator might exhibit unpredictable behavior.</TT>
-
-<P><TT>// These flags indicate which SSL ciphers are supported</TT>
-<BR><TT>pkcs11CipherFlags = PKCS11_CIPHER_FORTEZZA_FLAG;</TT>
-<BR><TT>&nbsp;</TT>
-
-<P><TT>// Return values of pkcs11.addmodule() &amp; pkcs11.delmodule()</TT>
-<BR><TT>// success codes</TT>
-<BR><TT>JS_OK_ADD_MODULE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= 3 // Successfully added a module</TT>
-<BR><TT>JS_OK_DEL_EXTERNAL_MODULE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= 2 // Successfully deleted ext. module</TT>
-<BR><TT>JS_OK_DEL_INTERNAL_MODULE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= 1 // Successfully deleted int. module</TT>
-
-<P><TT>// failure codes</TT>
-<BR><TT>JS_ERR_OTHER&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -1 // Other errors than the followings</TT>
-<BR><TT>JS_ERR_USER_CANCEL_ACTION&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -2 // User abort an action</TT>
-<BR><TT>JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3 // Calling a method w/ incorrect
-# of arguments</TT>
-<BR><TT>JS_ERR_DEL_MODULE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -4 // Error deleting a module</TT>
-<BR><TT>JS_ERR_ADD_MODULE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -5 // Error adding a module</TT>
-<BR><TT>JS_ERR_BAD_MODULE_NAME&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -6 // The module name is invalid</TT>
-<BR><TT>JS_ERR_BAD_DLL_NAME&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -7 // The DLL name is bad</TT>
-<BR><TT>JS_ERR_BAD_MECHANISM_FLAGS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -8 // The mechanism flags are invalid</TT>
-<BR><TT>JS_ERR_BAD_CIPHER_ENABLE_FLAGS&nbsp;&nbsp; = -9 // The SSL, S/MIME
-cipher flags are invalid</TT>
-<BR>&nbsp;
-
-<P><TT>if (confirm("This script will install and configure a security module,
-do you want to continue?")) {</TT>
-<BR><TT>&nbsp;// Step 1. Create a version object and a software update
-object</TT>
-<BR><TT>&nbsp;vi = new netscape.softupdate.VersionInfo(1, 6, 0, 0);</TT>
-<BR><TT>&nbsp;su = new netscape.softupdate.SoftwareUpdate(this, "Fortezza
-Card PKCS#11 Module");</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-// "Fortezza ... Module" is the logical name of the bundle</TT>
-
-<P><TT>&nbsp;// Step 2. Start the install process</TT>
-<BR><TT>&nbsp;bAbort = false;</TT>
-<BR><TT>&nbsp;err = su.StartInstall("litronic", vi, netscape.softupdate.SoftwareUpdate.FULL_INSTALL);</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-// litronic is the component folder (logical)</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bAbort = bAbort || (err
-!=0);</TT>
-
-<P><TT>&nbsp;if (err == 0) {</TT>
-
-<P><TT>&nbsp;&nbsp;&nbsp; // Step 3. Find out the physical location of
-the Program dir</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp; Folder = su.GetFolder("Program");</TT>
-
-<P><TT>&nbsp;&nbsp;&nbsp; // Step 4. Install the files. Unpack them and
-list where they go</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp; err = su.AddSubcomponent("FortezzaCardDLL",
-//component name (logical)</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-vi, // version info</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-"DUMMY_DLL", // source file in JAR (physical)</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-Folder, // target folder (physical)</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-"DUMMY_DLL", // target path &amp; filename (physical)</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-this.force); // forces update</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp; bAbort = bAbort || (err !=0);</TT>
-<BR><TT>&nbsp;}</TT>
-
-<P><TT>&nbsp;// Step 5. Unless there was a problem, move files to final
-location</TT>
-<BR><TT>&nbsp;// and update the Client Version Registry</TT>
-<BR><TT>&nbsp;if (bAbort) {</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp; window.alert("Installation Aborted");</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp; su.AbortInstall();</TT>
-<BR><TT>&nbsp;} else {</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp; err = su.FinalizeInstall();</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp; window.alert("Files have been installed.\nContinue
-to setup the newly isntalled module...");</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp; // Add Module</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp; compFolder = su.GetComponentFolder("litronic/FortezzaCardDLL")
-+ "/DUMMY_DLL";</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp; result = pkcs11.addmodule("Fortezza", compFolder,
-pkcs11MechanismFlags, pkcs11CipherFlags);</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if
-( result &lt; 0) {</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-window.alert("New module setup failed.&nbsp; Error code: " + result);</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
-else {</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-window.alert("New module setup completed.");</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</TT>
-<BR><TT>&nbsp;}</TT>
-<BR><TT>}</TT>
-
-<P><A NAME="reference"></A><FONT SIZE=+1>IV. Appendix A: Programmers' Refernce</FONT>
-<UL>
-<LI>
-<A HREF="#delmodule">pkcs11.addmodule( )</A></LI>
-
-<LI>
-<A HREF="#delmodule">pkcs11.delmodule( )</A></LI>
-</UL>
-
-<HR ALIGN=LEFT WIDTH="70%">
-<BR><A NAME="addmodule"></A>Name
-<BR><TT>addmodule</TT>
-<BR>Adds a PKCS#11 security module to the security module database, and
-notifies Communicator which cryptographic mechanisms should be turned on
-by default, and which SSL or S/MIME ciphers are supported.&nbsp; For security
-reasons, it will pop up a dialog box to ask the user to confirm this action.&nbsp;
-It might pop up other dialog boxes if necessary.
-
-<P>Method of
-<BR><TT>pkcs11</TT>
-
-<P>Syntax
-<BR><TT>int pkcs11.addmodule( string ModuleName,</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-string LibraryFullPath,</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-int CryptoMechanismFlags,</TT>
-<BR><TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-int CipherFlags);</TT>
-<BR>&nbsp;
-<BR>Parameters
-<TABLE BORDER WIDTH="90%" >
-<TR>
-<TD><TT>ModuleName</TT></TD>
-
-<TD>Name of the module</TD>
-</TR>
-
-<TR>
-<TD><TT>LibraryFullPath</TT></TD>
-
-<TD>The filename of the library prepended with its full path</TD>
-</TR>
-
-<TR>
-<TD><TT>CryptoMechanismFlags</TT></TD>
-
-<TD>A bit vector indicating all cryptographic mechanisms should be turned
-on by default&nbsp; (See below)</TD>
-</TR>
-
-<TR>
-<TD><TT>CipherFlags</TT></TD>
-
-<TD>A bit vector indicating all SSL or S/MIME cipher functions supported
-by the module (Seel below)</TD>
-</TR>
-</TABLE>
-Cryptographic Mechanism Flags
-<BR><TT>PKCS11_MECH_RSA_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;0;</TT>
-<BR><TT>PKCS11_MECH_DSA_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;1;</TT>
-<BR><TT>PKCS11_MECH_RC2_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;2;</TT>
-<BR><TT>PKCS11_MECH_RC4_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;3;</TT>
-<BR><TT>PKCS11_MECH_DES_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;4;</TT>
-<BR><TT>PKCS11_MECH_DH_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;5; //Diffie-Hellman</TT>
-<BR><TT>PKCS11_MECH_SKIPJACK_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&nbsp;
-0x1&lt;&lt;6; //SKIPJACK algorithm as in Fortezza cards</TT>
-<BR><TT>PKCS11_MECH_RC5_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;7;</TT>
-<BR><TT>PKCS11_MECH_SHA1_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;8;</TT>
-<BR><TT>PKCS11_MECH_MD5_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;9;</TT>
-<BR><TT>PKCS11_MECH_MD2_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;10;</TT>
-<BR><TT>PKCS11_MECH_RANDOM_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;27; //Random number generator</TT>
-<BR><TT>PKCS11_PUB_READABLE_CERT_FLAG&nbsp; =&nbsp; 0x1&lt;&lt;28; //Stored
-certs can be read off the token w/o logging in</TT>
-<BR><TT>PKCS11_DISABLE_FLAG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-=&nbsp; 0x1&lt;&lt;30; //tell Navigator to disable this slot by default</TT>
-
-<P>Supported SSL or S/MIME Ciphers
-<BR><TT>PKCS11_CIPHER_FORTEZZA_FLAG&nbsp;&nbsp;&nbsp; = 0x1&lt;&lt;0;</TT>
-
-<P>Important for CryptoMechanismFlags:
-<BR><TT>0x1&lt;&lt;11</TT>, <TT>0x1&lt;&lt;12</TT>, ... , <TT>0x1&lt;&lt;26</TT>,
-<TT>0x1&lt;&lt;29, </TT>and <TT>0x1&lt;&lt;31</TT> are reserved for internal
-use in Navigator.
-<BR>Therefore, these bits should always be set to 0; otherwise, Navigator
-might exhibit unpredictable behavior.
-
-<P>Important for CipherFlags:
-<BR><TT>0x1&lt;&lt;1</TT>, <TT>0x1&lt;&lt;2</TT>, ... , <TT>0x1&lt;&lt;31</TT>
-are reserved for internal use in Navigator.
-<BR>Therefore, these bits should ALWAYS be set to 0; otherwise, Navigator
-might exhibit unpredictable behavior.
-
-<P>Example of CryptoMechanismFlags and CipherFlags:
-<BR><TT>pkcs11MechanismFlags = PKCS11_MECH_DSA_FLAG | PKCS11_MECH_SKIPJACK_FLAG
-| PKCS11_MECH_RANDOM_FLAG;</TT>
-<BR><TT>pkcs11CipherFlags = PKCS11_CIPHER_FORTEZZA_FLAG;</TT>
-<BR><TT>&nbsp;</TT>
-<BR>Return Values:
-<BR><TT>// Return values of pkcs11.addmod()</TT>
-<BR><TT>// success codes</TT>
-<BR><TT>JS_OK_ADD_MODULE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= 3 // Successfully added a module</TT>
-
-<P><TT>// failure codes</TT>
-<BR><TT>JS_ERR_OTHER&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -1 // Other errors than the followings</TT>
-<BR><TT>JS_ERR_USER_CANCEL_ACTION&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -2 // User abort an action</TT>
-<BR><TT>JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3 // Calling a method w/ incorrect
-# of arguments</TT>
-<BR><TT>JS_ERR_ADD_MODULE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -5 // Error adding a module</TT>
-<BR><TT>JS_ERR_BAD_MODULE_NAME&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -6 // The module name is invalid</TT>
-<BR><TT>JS_ERR_BAD_DLL_NAME&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -7 // The DLL name is bad</TT>
-<BR><TT>JS_ERR_BAD_MECHANISM_FLAGS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -8 // The mechanism flags are invalid</TT>
-<BR><TT>JS_ERR_BAD_CIPHER_ENABLE_FLAGS&nbsp;&nbsp; = -9 // The SSL, S/MIME
-cipher flags are invalid</TT>
-<BR>&nbsp;
-<HR ALIGN=LEFT WIDTH="70%">
-<BR><A NAME="delmodule"></A>Name
-<BR><TT>delmodule</TT>
-<BR>Deletes a PKCS#11 security module from the module database, but does
-not physically remove the file.&nbsp; For security reasons, it will pop
-up a dialog box to ask the user to confirm this action.&nbsp; It might
-pop up other dialog boxes if necessary.
-
-<P>Method of
-<BR><TT>pkcs11</TT>
-
-<P>Syntax
-<BR><TT>int pkcs11.delmodule( string ModuleName);</TT>
-<BR>&nbsp;
-<BR>Parameters
-<TABLE BORDER WIDTH="90%" >
-<TR>
-<TD><TT>ModuleName</TT></TD>
-
-<TD>Name of the module</TD>
-</TR>
-</TABLE>
-<TT>&nbsp;</TT>
-<BR>Return Values:
-<BR><TT>// Return values of pkcs11.addmod() &amp; pkcs11.delmod()</TT>
-<BR><TT>// success codes</TT>
-<BR><TT>JS_OK_DEL_EXTERNAL_MODULE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= 2 // Successfully deleted ext. module</TT>
-<BR><TT>JS_OK_DEL_INTERNAL_MODULE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= 1 // Successfully deleted int. module</TT>
-
-<P><TT>// failure codes</TT>
-<BR><TT>JS_ERR_OTHER&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -1 // Other errors than the followings</TT>
-<BR><TT>JS_ERR_USER_CANCEL_ACTION&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -2 // User abort an action</TT>
-<BR><TT>JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3 // Calling a method w/ incorrect
-# of arguments</TT>
-<BR><TT>JS_ERR_DEL_MODULE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -4 // Error deleting a module</TT>
-<BR><TT>JS_ERR_BAD_MODULE_NAME&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-= -6 // The module name is invalid</TT>
-
-<P><A NAME="copyright"></A><FONT SIZE=+1>VI. Copyright Notice</FONT>
-<BR>&nbsp;
-
-<P><FONT SIZE=+4>XXX Don't know what to put here!!!</FONT>
-
-<P>Last modified 9/26/97
-</BODY>
-</HTML>
diff --git a/security/nss/lib/fortcrypt/swfort/.cvsignore b/security/nss/lib/fortcrypt/swfort/.cvsignore
deleted file mode 100644
index 46d9697ae..000000000
--- a/security/nss/lib/fortcrypt/swfort/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
-nslib.c
diff --git a/security/nss/lib/fortcrypt/swfort/Makefile b/security/nss/lib/fortcrypt/swfort/Makefile
deleted file mode 100644
index 80b91c768..000000000
--- a/security/nss/lib/fortcrypt/swfort/Makefile
+++ /dev/null
@@ -1,82 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-nslib.c:: swflib.c nsmap.h
- rm -f nslib.c
- cat nsmap.h swflib.c > nslib.c
-
-export:: private_export
-
-
diff --git a/security/nss/lib/fortcrypt/swfort/config.mk b/security/nss/lib/fortcrypt/swfort/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/fortcrypt/swfort/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/fortcrypt/swfort/manifest.mn b/security/nss/lib/fortcrypt/swfort/manifest.mn
deleted file mode 100644
index 5445af13b..000000000
--- a/security/nss/lib/fortcrypt/swfort/manifest.mn
+++ /dev/null
@@ -1,56 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../../..
-
-MODULE = security
-LIBRARY_NAME = swfci
-#LIBRARY_VERSION = 12
-
-CSRCS = swfalg.c \
- swfparse.c \
- swflib.c \
- nslib.c \
- swfutl.c \
- $(NULL)
-
-DIRS = pkcs11
-
-
-EXPORTS = swfort.h swfortt.h
-PRIVATE_EXPORTS = swforti.h swfortti.h
-
-REQUIRES = security dbm nspr
-
-GARBAGE = nslib.c
-
-
diff --git a/security/nss/lib/fortcrypt/swfort/nsmap.h b/security/nss/lib/fortcrypt/swfort/nsmap.h
deleted file mode 100644
index b5e1c2cda..000000000
--- a/security/nss/lib/fortcrypt/swfort/nsmap.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#define MACI_ChangePIN NSCI_ChangePIN
-#define MACI_CheckPIN NSCI_CheckPIN
-#define MACI_Close NSCI_Close
-#define MACI_Decrypt NSCI_Decrypt
-#define MACI_DeleteCertificate NSCI_DeleteCertificate
-#define MACI_DeleteKey NSCI_DeleteKey
-#define MACI_Encrypt NSCI_Encrypt
-#define MACI_ExtractX NSCI_ExtractX
-#define MACI_FirmwareUpdate NSCI_FirmwareUpdate
-#define MACI_GenerateIV NSCI_GenerateIV
-#define MACI_GenerateMEK NSCI_GenerateMEK
-#define MACI_GenerateRa NSCI_GenerateRa
-#define MACI_GenerateRandom NSCI_GenerateRandom
-#define MACI_GenerateTEK NSCI_GenerateTEK
-#define MACI_GenerateX NSCI_GenerateX
-#define MACI_GetCertificate NSCI_GetCertificate
-#define MACI_GetConfiguration NSCI_GetConfiguration
-#define MACI_GetHash NSCI_GetHash
-#define MACI_GetPersonalityList NSCI_GetPersonalityList
-#define MACI_GetSessionID NSCI_GetSessionID
-#define MACI_GetState NSCI_GetState
-#define MACI_GetStatus NSCI_GetStatus
-#define MACI_GetTime NSCI_GetTime
-#define MACI_Hash NSCI_Hash
-#define MACI_Initialize NSCI_Initialize
-#define MACI_InitializeHash NSCI_InitializeHash
-#define MACI_InstallX NSCI_InstallX
-#define MACI_LoadCertificate NSCI_LoadCertificate
-#define MACI_LoadDSAParameters NSCI_LoadDSAParameters
-#define MACI_LoadInitValues NSCI_LoadInitValues
-#define MACI_LoadIV NSCI_LoadIV
-#define MACI_LoadX NSCI_LoadX
-#define MACI_Lock NSCI_Lock
-#define MACI_Open NSCI_Open
-#define MACI_RelayX NSCI_RelayX
-#define MACI_Reset NSCI_Reset
-#define MACI_Restore NSCI_Restore
-#define MACI_Save NSCI_Save
-#define MACI_Select NSCI_Select
-#define MACI_SetConfiguration NSCI_SetConfiguration
-#define MACI_SetKey NSCI_SetKey
-#define MACI_SetMode NSCI_SetMode
-#define MACI_SetPersonality NSCI_SetPersonality
-#define MACI_SetTime NSCI_SetTime
-#define MACI_Sign NSCI_Sign
-#define MACI_Terminate NSCI_Terminate
-#define MACI_TimeStamp NSCI_TimeStamp
-#define MACI_Unlock NSCI_Unlock
-#define MACI_UnwrapKey NSCI_UnwrapKey
-#define MACI_VerifySignature NSCI_VerifySignature
-#define MACI_VerifyTimeStamp NSCI_VerityTimeStap
-#define MACI_WrapKey NSCI_WrapKey
-#define MACI_Zeroize NSCI_Zeroize
-
diff --git a/security/nss/lib/fortcrypt/swfort/pkcs11/.cvsignore b/security/nss/lib/fortcrypt/swfort/pkcs11/.cvsignore
deleted file mode 100644
index 6532d294d..000000000
--- a/security/nss/lib/fortcrypt/swfort/pkcs11/.cvsignore
+++ /dev/null
@@ -1,15 +0,0 @@
-forsock.c
-cryptint.h
-fmutex.h
-fortsock.h
-fpkcs11.h
-fpkcs11f.h
-fpkcs11i.h
-fpkcs11t.h
-fpkmem.h
-fpkstrs.h
-genci.h
-maci.h
-fortpk11.c
-fmutex.c
-
diff --git a/security/nss/lib/fortcrypt/swfort/pkcs11/Makefile b/security/nss/lib/fortcrypt/swfort/pkcs11/Makefile
deleted file mode 100644
index 9595d91fe..000000000
--- a/security/nss/lib/fortcrypt/swfort/pkcs11/Makefile
+++ /dev/null
@@ -1,183 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-include manifest.mn
-include $(CORE_DEPTH)/coreconf/config.mk
-
-
-#SWCILIB = ../$(OBJDIR)/$(LIB_PREFIX)swfci.$(LIB_SUFFIX)
-# can't do this in manifest.mn because OS_ARCH isn't defined there.
-ifeq ($(OS_ARCH), WINNT)
-
-CRYPTO_LIBS = $(DIST)/lib/freebl.lib
-
-ifdef MOZILLA_SECURITY_BUILD
-CRYPTO_LIBS += $(DIST)/lib/crypto.lib
-endif
-ifdef MOZILLA_BSAFE_BUILD
-CRYPTO_LIBS += $(DIST)/lib/bsafe41.lib
-endif
-
-# $(DIST)/lib/dbm.lib
-# $(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.lib
-EXTRA_LIBS = \
- $(DIST)/lib/swfci.lib \
- $(DIST)/lib/softoken.lib \
- $(CRYPTO_LIBS) \
- $(DIST)/lib/secutil.lib \
- $(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4_s.lib \
- $(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4_s.lib \
- wsock32.lib \
- winmm.lib \
- $(NULL)
-
-else
-
-# $(DIST)/lib/libdbm.a
-# $(DIST)/lib/libnspr3.a
-# OSF 1 linker is very agressive. It includes the entire archive,
-# not just the .o's that we need from that archive.
-#
-ifneq ($(OS_ARCH), OSF1)
-
-CRYPTO_LIBS = $(DIST)/lib/libfreebl.a
-
-ifdef MOZILLA_SECURITY_BUILD
-CRYPTO_LIBS += $(DIST)/lib/libcrypto.a
-endif
-ifdef MOZILLA_BSAFE_BUILD
-CRYPTO_LIBS += $(DIST)/lib/libbsafe.a
-endif
-
-EXTRA_LIBS += \
- $(DIST)/lib/libswfci.a \
- $(DIST)/lib/libsoftoken.a \
- $(CRYPTO_LIBS) \
- $(DIST)/lib/libsecutil.a \
- $(DIST)/lib/libplc4.a \
- $(DIST)/lib/libplds4.a \
- $(NULL)
-
-endif
-endif
-
-#ifeq ($(OS_TARGET), WIN16)
-#W16LIBS += $(SWCILIB)
-#else
-#OBJS += $(SWCILIB)
-#endif
-
-INST_JS = inst.js
-LIBCI_JAR = $(OBJDIR)/lib$(LIBRARY_NAME).jar
-LIBCI_JAR_SRC = $(INST_JS) pk11inst $(SHARED_LIBRARY)
-
-ifneq ($(OS_TARGET), WIN16)
-TARGETS : $(LIBCI_JAR)
-endif
-
-ifeq ($(OS_TARGET), WIN16)
-# note that rules.mk is not included below for WIN16
-all:
- @echo Skipping fortcrypt directory for 16-bit windows builds
-
-all_platforms alltags clean clobber clobber_all realclean: all
-
-boot export install libs program release: all
-
-endif
-
-#$(SHARED_LIBRARY): $(SWCILIB)
-
-forsock.c: ../../forsock.c $(CP_INCLUDES)
- cp ../../forsock.c $(CP_INCLUDES) .
-
-fortpk11.c: ../../fortpk11.c
- cp ../../fortpk11.c .
-
-fmutex.c: ../../fmutex.c
- cp ../../fmutex.c .
-
-
-#
-# The following rules packages the shared library into a JAR,
-# ready to be signed
-#
-$(OBJDIR)/replace: replace.c
- $(CC) -o $@ $<
-
-# ZIP options:
-# -5 means medium compression
-# -q means quiet
-# -j means do not store tree structure, all files go into one dir
-#
-$(LIBCI_JAR): $(LIBCI_JAR_SRC)
- @echo +++ building $@ from $(LIBCI_JAR_SRC)
- @rm -f $@
- zip -5qj $@ $(LIBCI_JAR_SRC)
-
-$(LIBSWCI_JAR): $(LIBSWCI_JAR_SRC)
- @echo +++ building $@ from $(LIBSWCI_JAR_SRC)
- @rm -f $@
- zip -5qj $@ $(LIBSWCI_JAR_SRC)
-
-
-MD_FILES += $(LIBCI_JAR) $(LIBSWCI_JAR)
-
-# coreconf doesn't build the AIX shared library for FORTEZZA,
-# so I'm going to override their shared library command and build the shared
-# library the way config used to.
-#
-
-
-ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.1)
-DSO_LDOPTS = -bM:SRE -bh:4 -bnoentry
-EXTRA_DSO_LDOPTS = -lc
-MKSHLIB = xlC $(DSO_LDOPTS)
-
-$(SHARED_LIBRARY): $(OBJS)
- @$(MAKE_OBJDIR)
- rm -f $@
- $(MKSHLIB) -o $@ $(OBJS) $(EXTRA_LIBS) $(EXTRA_DSO_LDOPTS)
- chmod +x $@
-
-endif
-
-ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.2)
-LD += -G
-endif
-
-ifneq ($(OS_TARGET), WIN16)
-include $(CORE_DEPTH)/coreconf/rules.mk
-endif
-
diff --git a/security/nss/lib/fortcrypt/swfort/pkcs11/config.mk b/security/nss/lib/fortcrypt/swfort/pkcs11/config.mk
deleted file mode 100644
index 9b1a488d2..000000000
--- a/security/nss/lib/fortcrypt/swfort/pkcs11/config.mk
+++ /dev/null
@@ -1,52 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-ifeq ($(OS_TARGET), WIN16)
-TARGETS = all
-else
-TARGETS = $(SHARED_LIBRARY) $(SHARED_SW_LIBRARY) $(LIBCI_JAR) $(LIBCI_SW_JAR)
-endif
-LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
-
-ifeq ($(OS_TARGET), WIN16)
-dummy:
- @echo $(TARGETS)
-endif
diff --git a/security/nss/lib/fortcrypt/swfort/pkcs11/inst.js b/security/nss/lib/fortcrypt/swfort/pkcs11/inst.js
deleted file mode 100644
index 2f7574717..000000000
--- a/security/nss/lib/fortcrypt/swfort/pkcs11/inst.js
+++ /dev/null
@@ -1,189 +0,0 @@
-//
-// The contents of this file are subject to the Mozilla Public
-// License Version 1.1 (the "License"); you may not use this file
-// except in compliance with the License. You may obtain a copy of
-// the License at http://www.mozilla.org/MPL/
-//
-// Software distributed under the License is distributed on an "AS
-// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-// implied. See the License for the specific language governing
-// rights and limitations under the License.
-//
-// The Original Code is the Netscape security libraries.
-//
-// The Initial Developer of the Original Code is Netscape
-// Communications Corporation. Portions created by Netscape are
-// Copyright (C) 1994-2000 Netscape Communications Corporation. All
-// Rights Reserved.
-//
-// Contributor(s):
-//
-// Alternatively, the contents of this file may be used under the
-// terms of the GNU General Public License Version 2 or later (the
-// "GPL"), in which case the provisions of the GPL are applicable
-// instead of those above. If you wish to allow use of your
-// version of this file only under the terms of the GPL and not to
-// allow others to use your version of this file under the MPL,
-// indicate your decision by deleting the provisions above and
-// replace them with the notice and other provisions required by
-// the GPL. If you do not delete the provisions above, a recipient
-// may use your version of this file under either the MPL or the
-// GPL.
-//
-////////////////////////////////////////////////////////////////////////////////////////
-// Crypto Mechanism Flags
-PKCS11_MECH_RSA_FLAG = 0x1<<0;
-PKCS11_MECH_DSA_FLAG = 0x1<<1;
-PKCS11_MECH_RC2_FLAG = 0x1<<2;
-PKCS11_MECH_RC4_FLAG = 0x1<<3;
-PKCS11_MECH_DES_FLAG = 0x1<<4;
-PKCS11_MECH_DH_FLAG = 0x1<<5; //Diffie-Hellman
-PKCS11_MECH_SKIPJACK_FLAG = 0x1<<6; //SKIPJACK algorithm as in Fortezza cards
-PKCS11_MECH_RC5_FLAG = 0x1<<7;
-PKCS11_MECH_SHA1_FLAG = 0x1<<8;
-PKCS11_MECH_MD5_FLAG = 0x1<<9;
-PKCS11_MECH_MD2_FLAG = 0x1<<10;
-PKCS11_MECH_RANDOM_FLAG = 0x1<<27; //Random number generator
-PKCS11_PUB_READABLE_CERT_FLAG = 0x1<<28; //Stored certs can be read off the token w/o logging in
-PKCS11_DISABLE_FLAG = 0x1<<30; //tell Navigator to disable this slot by default
-
-// Important:
-// 0x1<<11, 0x1<<12, ... , 0x1<<26, 0x1<<29, and 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should always be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which mechanisms should be turned on by
-var pkcs11MechanismFlags = 0;
-
-////////////////////////////////////////////////////////////////////////////////////////
-// Ciphers that support SSL or S/MIME
-PKCS11_CIPHER_FORTEZZA_FLAG = 0x1<<0;
-
-// Important:
-// 0x1<<1, 0x1<<2, ... , 0x1<<31 are reserved
-// for internal use in Navigator.
-// Therefore, these bits should ALWAYS be set to 0; otherwise,
-// Navigator might exhibit unpredictable behavior.
-
-// These flags indicate which SSL ciphers are supported
-var pkcs11CipherFlags = PKCS11_CIPHER_FORTEZZA_FLAG;
-
-////////////////////////////////////////////////////////////////////////////////////////
-// Return values of pkcs11.addmodule() & pkcs11.delmodule()
-// success codes
-JS_OK_ADD_MODULE = 3; // Successfully added a module
-JS_OK_DEL_EXTERNAL_MODULE = 2; // Successfully deleted ext. module
-JS_OK_DEL_INTERNAL_MODULE = 1; // Successfully deleted int. module
-
-// failure codes
-JS_ERR_OTHER = -1; // Other errors than the followings
-JS_ERR_USER_CANCEL_ACTION = -2; // User abort an action
-JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3; // Calling a method w/ incorrect # of arguments
-JS_ERR_DEL_MODULE = -4; // Error deleting a module
-JS_ERR_ADD_MODULE = -5; // Error adding a module
-JS_ERR_BAD_MODULE_NAME = -6; // The module name is invalid
-JS_ERR_BAD_DLL_NAME = -7; // The DLL name is bad
-JS_ERR_BAD_MECHANISM_FLAGS = -8; // The mechanism flags are invalid
-JS_ERR_BAD_CIPHER_ENABLE_FLAGS = -9; // The SSL, S/MIME cipher flags are invalid
-
-
-////////////////////////////////////////////////////////////////////////////////////////
-// Find out which library is to be installed depending on the platform
-
-// pathname seperator is platform specific
-var sep = "/";
-var vendor = "netscape";
-var moduleName = "not_supported";
-
-// platform-independent relative path
-var dir = "pkcs11/" + vendor + "/";
-
-var plat = navigator.platform;
-
-bAbort = false;
-progName = "instinit";
-if (plat == "Win32") {
- moduleName = "swft32.dll";
- // progName = "instinit.exe";
- sep = "\\";
-} else if (plat == "AIX4.1") {
- moduleName = "libswft.so";
-} else if (plat == "SunOS4.1.3_U1") {
- moduleName = "libswft.so.1.0";
-} else if ((plat == "SunOS5.4") || (plat == "SunOS5.5.1")){
- moduleName = "libswft.so";
-} else if ((plat == "HP-UXA.09") || (plat == "HP-UXB.10")){
- moduleName = "libswft.sl";
-} else {
- window.alert("Sorry, platform "+plat+" is not supported.");
- bAbort = true;
-}
-
-////////////////////////////////////////////////////////////////////////////////////////
-// Installation Begins...
-if (!bAbort) {
-if (confirm("This script will install and configure a security module, do you want to continue?")) {
- // Step 1. Create a version object and a software update object
- vi = new netscape.softupdate.VersionInfo(1, 5, 0, 0);
- su = new netscape.softupdate.SoftwareUpdate(this, "Fortezza Card PKCS#11 Module");
- // "Fortezza ... Module" is the logical name of the bundle
-
- ////////////////////////////////////////
- // Step 2. Start the install process
- bAbort = false;
- err = su.StartInstall("NSfortezza", // NSfortezza is the component folder (logical)
- vi,
- netscape.softupdate.SoftwareUpdate.FULL_INSTALL);
-
- bAbort = bAbort || (err !=0);
-
- if (err == 0) {
- ////////////////////////////////////////
- // Step 3. Find out the physical location of the Program dir
- Folder = su.GetFolder("Program");
-
- ////////////////////////////////////////
- // Step 4. Install the files. Unpack them and list where they go
- err = su.AddSubcomponent("FortezzaLibrary", //component name (logical)
- vi, // version info
- moduleName, // source file in JAR (physical)
- Folder, // target folder (physical)
- dir + moduleName, // target path & filename (physical)
- this.force); // forces update
- bAbort = bAbort || (err !=0);
- if (err != 0) window.alert("Add sub err= "+ err);
- }
-
- if (err == 0) {
- /// Try installing the init program
- err = su.AddSubcomponent("FortezzaInitProg", vi, progName, Folder, progName, this.force);
- // don't fail because it didn't install, may just not be part of the package
-}
-
- ////////////////////////////////////////
- // Step 5. Unless there was a problem, move files to final location
- // and update the Client Version Registry
- if (bAbort) {
- window.alert("Aborting, Folder="+Folder+" module="+dir+moduleName);
- su.AbortInstall();
- } else {
- err = su.FinalizeInstall();
- // Platform specific full path
- fullpath = Folder + "pkcs11" + sep + vendor + sep + moduleName;
-
- ////////////////////////////////////////
- // Step 6: Call pkcs11.addmodule() to register the newly downloaded module
- result = pkcs11.addmodule("Netscape Software FORTEZZA Module",
- fullpath,
- pkcs11MechanismFlags,
- pkcs11CipherFlags);
-
- if ( result < 0) {
- window.alert("New module setup failed. Error code: " + result);
- } else {
- window.alert("New module setup completed.");
- }
- }
-}
-}
diff --git a/security/nss/lib/fortcrypt/swfort/pkcs11/manifest.mn b/security/nss/lib/fortcrypt/swfort/pkcs11/manifest.mn
deleted file mode 100644
index eca9b5ab3..000000000
--- a/security/nss/lib/fortcrypt/swfort/pkcs11/manifest.mn
+++ /dev/null
@@ -1,73 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../../../..
-
-MODULE = security
-LIBRARY_NAME = swft
-#LIBRARY_VERSION = 32
-
-COPIED_CSRCS = forsock.c \
- fortpk11.c \
- fmutex.c \
- $(NULL)
-
-CSRCS = \
- $(COPIED_CSRCS) \
- stub.c \
- $(NULL)
-
-EXPORTS =
-
-REQUIRES = security dbm
-
-CP_INCLUDES = \
- ../../cryptint.h \
- ../../fmutex.h \
- ../../fortsock.h \
- ../../fpkcs11.h \
- ../../fpkcs11f.h \
- ../../fpkcs11i.h \
- ../../fpkcs11t.h \
- ../../fpkmem.h \
- ../../fpkstrs.h \
- ../../genci.h \
- ../../maci.h \
- $(NULL)
-
-CFLAGS += -DSWFORT
-
-GARBAGE = $(COPIED_CSRCS) cryptint.h fmutex.h fortsock.h fpkcs11.h \
- fpkcs11f.h fpkcs11i.h fpkcs11t.h fpkmem.h fpkstrs.h genci.h maci.h
-
-
diff --git a/security/nss/lib/fortcrypt/swfort/pkcs11/pk11inst b/security/nss/lib/fortcrypt/swfort/pkcs11/pk11inst
deleted file mode 100755
index 31d73eb4a..000000000
--- a/security/nss/lib/fortcrypt/swfort/pkcs11/pk11inst
+++ /dev/null
@@ -1,49 +0,0 @@
-ForwardCompatible { HPUX:10:hppa1.1 Solaris:5.5.1:sparc AIX:4.1:rs6000 }
- Platforms {
- WINNT::x86 {
- ModuleName { "Netscape Software FORTEZZA Module" }
- ModuleFile { %root%/pkcs11/netscape/swft32.dll }
- DefaultMechanismFlags{0x0000}
- DefaultCipherFlags{0x0001}
- Files {
- swft32.dll {
- RelativePath { %root%/pkcs11/netscape/swft32.dll }
- }
- }
- WIN95::x86 {
- EquivalentPlatform {WINNT::x86}
- }
- Solaris:5.5.1:sparc {
- ModuleName { "Netscape Software FORTEZZA Module" }
- ModuleFile { %root%/pkcs11/netscape/libswft.so }
- DefaultMechanismFlags{0x0000}
- DefaultCipherFlags{0x0001}
- Files {
- libswft.so {
- RelativePath { %root%/pkcs11/netscape/libswft.so }
- }
- }
- }
- AIX:4.1:rs6000 {
- ModuleName { "Netscape Software FORTEZZA Module" }
- ModuleFile { %root%/pkcs11/netscape/libswft.so }
- DefaultMechanismFlags{0x0000}
- DefaultCipherFlags{0x0001}
- Files {
- libswft.so {
- RelativePath { %root%/pkcs11/netscape/libswft.so }
- }
- }
- }
- HPUX:10:hppa1.1 {
- ModuleName { "Netscape Software FORTEZZA Module" }
- ModuleFile { %root%/pkcs11/netscape/libswft.sl }
- DefaultMechanismFlags{0x0000}
- DefaultCipherFlags{0x0001}
- Files {
- libswft.so {
- RelativePath { %root%/pkcs11/netscape/libswft.sl }
- }
- }
- }
- }
diff --git a/security/nss/lib/fortcrypt/swfort/pkcs11/stub.c b/security/nss/lib/fortcrypt/swfort/pkcs11/stub.c
deleted file mode 100644
index 917eff386..000000000
--- a/security/nss/lib/fortcrypt/swfort/pkcs11/stub.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * secport.c - portability interfaces for security libraries
- *
- * This file abstracts out libc functionality that libsec depends on
- *
- * NOTE - These are not public interfaces. These stubs are to allow the
- * SW FORTEZZA to link with some low level security functions without dragging
- * in NSPR.
- *
- * $Id$
- */
-
-#include "seccomon.h"
-#include "prmem.h"
-#include "prerror.h"
-#include "plarena.h"
-#include "secerr.h"
-#include "prmon.h"
-#include "prbit.h"
-
-unsigned long port_allocFailures;
-
-/* locations for registering Unicode conversion functions.
- * Is this the appropriate location? or should they be
- * moved to client/server specific locations?
- */
-PORTCharConversionFunc ucs4Utf8ConvertFunc;
-PORTCharConversionFunc ucs2Utf8ConvertFunc;
-PORTCharConversionWSwapFunc ucs2AsciiConvertFunc;
-
-void *
-PORT_Alloc(size_t bytes)
-{
- void *rv;
-
- /* Always allocate a non-zero amount of bytes */
- rv = (void *)malloc(bytes ? bytes : 1);
- if (!rv) {
- ++port_allocFailures;
- }
- return rv;
-}
-
-void *
-PORT_Realloc(void *oldptr, size_t bytes)
-{
- void *rv;
-
- rv = (void *)realloc(oldptr, bytes);
- if (!rv) {
- ++port_allocFailures;
- }
- return rv;
-}
-
-void *
-PORT_ZAlloc(size_t bytes)
-{
- void *rv;
-
- /* Always allocate a non-zero amount of bytes */
- rv = (void *)calloc(1, bytes ? bytes : 1);
- if (!rv) {
- ++port_allocFailures;
- }
- return rv;
-}
-
-void
-PORT_Free(void *ptr)
-{
- if (ptr) {
- free(ptr);
- }
-}
-
-void
-PORT_ZFree(void *ptr, size_t len)
-{
- if (ptr) {
- memset(ptr, 0, len);
- free(ptr);
- }
-}
-
-void
-PORT_SetError(int value)
-{
- return;
-}
-
-int
-PORT_GetError(void)
-{
- return(1);
-}
-
-/********************* Arena code follows *****************************/
-
-
-PLArenaPool *
-PORT_NewArena(unsigned long chunksize)
-{
- PLArenaPool *arena;
-
- arena = (PLArenaPool*)PORT_ZAlloc(sizeof(PLArenaPool));
- if ( arena != NULL ) {
- PR_InitArenaPool(arena, "security", chunksize, sizeof(double));
- }
- return(arena);
-}
-
-void *
-PORT_ArenaAlloc(PLArenaPool *arena, size_t size)
-{
- void *p;
-
- PL_ARENA_ALLOCATE(p, arena, size);
- if (p == NULL) {
- ++port_allocFailures;
- }
-
- return(p);
-}
-
-void *
-PORT_ArenaZAlloc(PLArenaPool *arena, size_t size)
-{
- void *p;
-
- PL_ARENA_ALLOCATE(p, arena, size);
- if (p == NULL) {
- ++port_allocFailures;
- } else {
- PORT_Memset(p, 0, size);
- }
-
- return(p);
-}
-
-/* need to zeroize!! */
-void
-PORT_FreeArena(PLArenaPool *arena, PRBool zero)
-{
- PR_FinishArenaPool(arena);
- PORT_Free(arena);
-}
-
-void *
-PORT_ArenaGrow(PLArenaPool *arena, void *ptr, size_t oldsize, size_t newsize)
-{
- PORT_Assert(newsize >= oldsize);
-
- PL_ARENA_GROW(ptr, arena, oldsize, ( newsize - oldsize ) );
-
- return(ptr);
-}
-
-void *
-PORT_ArenaMark(PLArenaPool *arena)
-{
- void * result;
-
- result = PL_ARENA_MARK(arena);
- return result;
-}
-
-void
-PORT_ArenaRelease(PLArenaPool *arena, void *mark)
-{
- PL_ARENA_RELEASE(arena, mark);
-}
-
-void
-PORT_ArenaUnmark(PLArenaPool *arena, void *mark)
-{
- /* do nothing */
-}
-
-char *
-PORT_ArenaStrdup(PLArenaPool *arena,char *str) {
- int len = PORT_Strlen(str)+1;
- char *newstr;
-
- newstr = (char*)PORT_ArenaAlloc(arena,len);
- if (newstr) {
- PORT_Memcpy(newstr,str,len);
- }
- return newstr;
-}
-
-PR_IMPLEMENT(void)
-PR_Assert(const char *expr, const char *file, int line) {
- return;
-}
-
-PR_IMPLEMENT(void *)
-PR_Alloc(PRUint32 bytes) { return malloc(bytes); }
-
-PR_IMPLEMENT(void *)
-PR_Malloc(PRUint32 bytes) { return malloc(bytes); }
-
-PR_IMPLEMENT(void *)
-PR_Calloc(PRUint32 blocks, PRUint32 bytes) { return calloc(blocks,bytes); }
-
-PR_IMPLEMENT(void)
-PR_Free(void *ptr) { free(ptr); }
-
-
-/* Old template; want to expunge it eventually. */
-#include "secasn1.h"
-#include "secoid.h"
-
-const SEC_ASN1Template SECOID_AlgorithmIDTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECAlgorithmID) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(SECAlgorithmID,algorithm), },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
- offsetof(SECAlgorithmID,parameters), },
- { 0, }
-};
-
-/* now make the RNG happy */ /* This is not atomic! */
-PR_IMPLEMENT(PRInt32) PR_AtomicIncrement(PRInt32 *val) { return ++(*val); }
-/* This is not atomic! */
-PR_IMPLEMENT(PRInt32) PR_AtomicDecrement(PRInt32 *val) { return --(*val); }
-
-PR_IMPLEMENT(PRStatus) PR_Sleep(PRIntervalTime ticks) { return PR_SUCCESS; }
-
-#include "prlock.h"
-#include "fmutex.h"
-PR_IMPLEMENT(PRLock *)
-PR_NewLock(void) {
- PRLock *lock = NULL;
-
- FMUTEX_Create(&lock);
-
- /* if we don't have a lock, FMUTEX can deal with things */
- if (lock == NULL) lock=(PRLock *) 1;
- return lock;
-}
-
-PR_IMPLEMENT(void)
-PR_DestroyLock(PRLock *lock) {
- FMUTEX_Destroy(lock);
-}
-
-PR_IMPLEMENT(void)
-PR_Lock(PRLock *lock) {
- FMUTEX_Lock(lock);
-}
-
-PR_IMPLEMENT(PRStatus)
-PR_Unlock(PRLock *lock) {
- FMUTEX_Unlock(lock);
- return PR_SUCCESS;
-}
-
-/* this implementation is here to satisfy the PRMonitor use in plarena.c.
-** It appears that it doesn't need re-entrant locks. It could have used
-** PRLock instead of PRMonitor. So, this implementation just uses
-** PRLock for a PRMonitor.
-*/
-PR_IMPLEMENT(PRMonitor*)
-PR_NewMonitor(void)
-{
- return (PRMonitor *) PR_NewLock();
-}
-
-
-PR_IMPLEMENT(void)
-PR_EnterMonitor(PRMonitor *mon)
-{
- PR_Lock( (PRLock *)mon );
-}
-
-PR_IMPLEMENT(PRStatus)
-PR_ExitMonitor(PRMonitor *mon)
-{
- return PR_Unlock( (PRLock *)mon );
-}
-
-#include "prinit.h"
-
-/* This is NOT threadsafe. It is merely a pseudo-functional stub.
-*/
-PR_IMPLEMENT(PRStatus) PR_CallOnce(
- PRCallOnceType *once,
- PRCallOnceFN func)
-{
- /* This is not really atomic! */
- if (1 == PR_AtomicIncrement(&once->initialized)) {
- once->status = (*func)();
- } else {
- /* Should wait to be sure that func has finished before returning. */
- }
- return once->status;
-}
-
-
-/*
-** Compute the log of the least power of 2 greater than or equal to n
-*/
-PRIntn PR_CeilingLog2(PRUint32 i) {
- PRIntn log2;
- PR_CEILING_LOG2(log2,i);
- return log2;
-}
-
-/********************** end of arena functions ***********************/
-
diff --git a/security/nss/lib/fortcrypt/swfort/swfalg.c b/security/nss/lib/fortcrypt/swfort/swfalg.c
deleted file mode 100644
index 6f8ab9f6c..000000000
--- a/security/nss/lib/fortcrypt/swfort/swfalg.c
+++ /dev/null
@@ -1,506 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Software implementation of FORTEZZA skipjack primatives
- */
-#include "maci.h"
-#include "seccomon.h"
-#include "swforti.h"
-
-/*
- * Xor the IV into the plaintext buffer either just before encryption, or
- * just after decryption.
- */
-static void
-fort_XorIV(unsigned char *obuffer, unsigned char *buffer, unsigned char *iv) {
- int i;
-#ifdef USE_INT32
- if ((buffer & 0x3) == 0) && ((iv & 0x3) == 0)) {
- int32 *ibuffer = (int32 *)buffer;
- int32 *iobuffer = (int32 *)obuffer;
- int32 *iiv = (int32 *)iv;
-
- iobuffer[0] = ibuffer[0] ^ iiv[0];
- iobuffer[1] = ibuffer[1] ^ iiv[1];
- return;
- }
-#endif
-
- for (i=0; i < SKIPJACK_BLOCK_SIZE; i++) {
- obuffer[i] = buffer[i] ^ iv[i];
- }
-}
-
-
-/* the F-table for Skipjack */
-unsigned char F[256] = {
- 0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4,
- 0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9,
- 0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e,
- 0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28,
- 0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68,
- 0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53,
- 0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19,
- 0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2,
- 0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b,
- 0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8,
- 0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0,
- 0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90,
- 0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69,
- 0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76,
- 0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20,
- 0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d,
- 0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43,
- 0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18,
- 0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa,
- 0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4,
- 0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87,
- 0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40,
- 0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b,
- 0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5,
- 0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0,
- 0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2,
- 0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1,
- 0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8,
- 0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5,
- 0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac,
- 0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3,
- 0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46
-};
-
-typedef unsigned char fort_keysched[32*4];
-
-/* do the key schedule work once for efficency */
-static void
-fort_skipKeySchedule(FORTSkipjackKeyPtr key,fort_keysched keysched)
-{
- unsigned char *keyptr = key;
- unsigned char *first = keyptr +sizeof(FORTSkipjackKey)-1;
- int i;
-
- keyptr = first;
-
- for (i=0; i < (32*4); i++) {
- keysched[i] = *keyptr--;
- if (keyptr < key) keyptr = first;
- }
- return;
-}
-
-static void
-fort_clearShedule(fort_keysched keysched)
-{
- PORT_Memset(keysched, 0, sizeof(keysched));
-}
-
-
-static unsigned int
-G(fort_keysched cv, int k, unsigned int wordIn)
-{
- unsigned char g1, g2, g3, g4, g5, g6;
-
- g1 = (unsigned char) (wordIn >> 8) & 0xff;
- g2 = (unsigned char) wordIn & 0xff;
-
- g3 = F[g2^cv[4*k]]^g1;
- g4 = F[g3^cv[4*k+1]]^g2;
- g5 = F[g4^cv[4*k+2]]^g3;
- g6 = F[g5^cv[4*k+3]]^g4;
-
- return ((g5<<8)+g6);
-}
-
-static unsigned int
-G1(fort_keysched cv, int k, unsigned int wordIn)
-{
- unsigned char g1, g2, g3, g4, g5, g6;
-
- g5 = (unsigned char) (wordIn >> 8) & 0xff;
- g6 = (unsigned char) wordIn & 0xff;
-
- g4 = F[g5^cv[4*k+3]]^g6;
- g3 = F[g4^cv[4*k+2]]^g5;
- g2 = F[g3^cv[4*k+1]]^g4;
- g1 = F[g2^cv[4*k]]^g3;
-
- return ((g1<<8)+g2);
-}
-
-static void
-ruleA(fort_keysched cv,int round,unsigned int *w)
-{
- unsigned int w4;
- int i;
-
- for(i=0; i<8; i++) {
- int k = round*16+i;
- int counter = k+1;
-
- w4 = w[4];
- w[4] = w[3];
- w[3] = w[2];
- w[2] = G(cv,k,w[1]);
- w[1] = G(cv,k,w[1]) ^ w4 ^ counter;
- }
- return;
-}
-
-static void
-ruleB(fort_keysched cv,int round,unsigned int *w)
-{
- unsigned int w4;
- int i;
-
- for(i=0; i<8; i++) {
- int k = round*16+i+8;
- int counter = k+1;
-
- w4 = w[4];
- w[4] = w[3];
- w[3] = w[1] ^ w[2] ^ counter;
- w[2] = G(cv,k,w[1]);
- w[1] = w4;
- }
- return;
-}
-
-static void
-ruleA1(fort_keysched cv,int round,unsigned int *w)
-{
- unsigned int w4;
- int i;
-
- for(i=7; i>=0; i--) {
- int k = round*16+i;
- int counter = k+1;
-
- w4 = w[4];
- w[4] = w[1] ^ w[2] ^ counter;
- w[1] = G1(cv,k,w[2]);
- w[2] = w[3];
- w[3] = w4;
- }
- return;
-}
-
-static void
-ruleB1(fort_keysched cv,int round,unsigned int *w)
-{
- unsigned int w4;
- int i;
-
- for(i=7; i>=0; i--) {
- int k = round*16+i+8;
- int counter = k+1;
-
- w4 = w[4];
- w[4] = w[1];
- w[1] = G1(cv,k,w[2]);
- w[2] = G1(cv,k,w[2]) ^ w[3] ^ counter;
- w[3] = w4;
- }
- return;
-}
-
-
-static void
-fort_doskipD(fort_keysched cv,unsigned char *cipherIn,
- unsigned char *plainOut) {
- unsigned int w[5]; /* ignore w[0] so the code matches the doc */
-
- /* initial byte swap */
- w[1]=(cipherIn[7]<<8)+cipherIn[6];
- w[2]=(cipherIn[5]<<8)+cipherIn[4];
- w[3]=(cipherIn[3]<<8)+cipherIn[2];
- w[4]=(cipherIn[1]<<8)+cipherIn[0];
-
- ruleB1(cv,1,w);
- ruleA1(cv,1,w);
- ruleB1(cv,0,w);
- ruleA1(cv,0,w);
-
- /* final byte swap */
- plainOut[0] = w[4] & 0xff;
- plainOut[1] = (w[4] >> 8) & 0xff;
- plainOut[2] = w[3] & 0xff;
- plainOut[3] = (w[3] >> 8) & 0xff;
- plainOut[4] = w[2] & 0xff;
- plainOut[5] = (w[2] >> 8) & 0xff;
- plainOut[6] = w[1] & 0xff;
- plainOut[7] = (w[1] >> 8) & 0xff;
- return;
-}
-
-static void
-fort_doskipE(fort_keysched cv,unsigned char *cipherIn,
- unsigned char *plainOut) {
- unsigned int w[5]; /* ignore w[0] so the code matches the doc */
-
- /* initial byte swap */
- w[1]=(cipherIn[7]<<8)+cipherIn[6];
- w[2]=(cipherIn[5]<<8)+cipherIn[4];
- w[3]=(cipherIn[3]<<8)+cipherIn[2];
- w[4]=(cipherIn[1]<<8)+cipherIn[0];
-
- ruleA(cv,0,w);
- ruleB(cv,0,w);
- ruleA(cv,1,w);
- ruleB(cv,1,w);
-
- /* final byte swap */
- plainOut[0] = w[4] & 0xff;
- plainOut[1] = (w[4] >> 8) & 0xff;
- plainOut[2] = w[3] & 0xff;
- plainOut[3] = (w[3] >> 8) & 0xff;
- plainOut[4] = w[2] & 0xff;
- plainOut[5] = (w[2] >> 8) & 0xff;
- plainOut[6] = w[1] & 0xff;
- plainOut[7] = (w[1] >> 8) & 0xff;
- return;
-}
-
-/* Checksums are calculated by encrypted a fixed string with the key, then
- * taking 16 bytes of the result from the block */
-static int
-fort_CalcKeyChecksum(FORTSkipjackKeyPtr key, unsigned char *sum) {
- unsigned char ckdata[8] = {
- 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55 };
- unsigned char ckres[8];
- fort_keysched keysched;
-
-
- fort_skipKeySchedule(key,keysched);
-
- fort_doskipE(keysched,ckdata,ckres);
- fort_clearShedule(keysched);
- PORT_Memcpy(sum,&ckres[1],2);
- return CI_OK;
-}
-
-/* These function actually implements skipjack CBC Decrypt */
-int
-fort_skipjackDecrypt(FORTSkipjackKeyPtr key, unsigned char *iv,
- unsigned long size, unsigned char *cipherIn,
- unsigned char *plainOut) {
- unsigned char ivdata1[SKIPJACK_BLOCK_SIZE];
- unsigned char ivdata2[SKIPJACK_BLOCK_SIZE];
- unsigned char *lastiv, *nextiv, *tmpiv;
- fort_keysched keysched;
-
- /* do the key schedule work once for efficency */
- fort_skipKeySchedule(key,keysched);
-
- /* As we decrypt, we need to save the last block so that we can
- * Xor it out of decrypted text to get the real plain text. We actually
- * have to save it because cipherIn and plainOut may point to the same
- * buffer. */
- lastiv =ivdata1;
- nextiv = ivdata2;
- PORT_Memcpy(lastiv,iv,SKIPJACK_BLOCK_SIZE);
- while (size >= SKIPJACK_BLOCK_SIZE) {
- /* save the IV for the next block */
- PORT_Memcpy(nextiv,cipherIn,SKIPJACK_BLOCK_SIZE);
- fort_doskipD(keysched,cipherIn,plainOut);
- /* xor out the last IV */
- fort_XorIV(plainOut,plainOut,lastiv);
-
- /* swap the IV buffers */
- tmpiv = lastiv;
- lastiv = nextiv;
- nextiv =tmpiv;
-
- /* increment the loop pointers... be sure to get the input, output,
- * and size (decrement) each fortdoskipD operates on an entire block*/
- cipherIn += SKIPJACK_BLOCK_SIZE;
- plainOut += SKIPJACK_BLOCK_SIZE;
- size -= SKIPJACK_BLOCK_SIZE;
- }
- fort_clearShedule(keysched); /* don't leave the key lying around the stack*/
- if (size != 0) return CI_INV_SIZE;
- return CI_OK;
-}
-
-/* These function actually implements skipjack CBC Encrypt */
-int
-fort_skipjackEncrypt(FORTSkipjackKeyPtr key, unsigned char *iv,
- unsigned long size, unsigned char *plainIn,
- unsigned char *cipherOut) {
- unsigned char *tmpiv;
- fort_keysched keysched;
- unsigned char plain[SKIPJACK_BLOCK_SIZE];
-
- fort_skipKeySchedule(key,keysched);
- tmpiv = iv;
- while (size >= SKIPJACK_BLOCK_SIZE) {
- /* We Xor into a temp buffer because we don't want to modify plainIn,
- * doing so may make the caller very unhappy:). */
- fort_XorIV(plain,plainIn,tmpiv);
- fort_doskipE(keysched,plain,cipherOut);
- tmpiv = cipherOut;
- cipherOut += SKIPJACK_BLOCK_SIZE;
- plainIn += SKIPJACK_BLOCK_SIZE;
- size -= SKIPJACK_BLOCK_SIZE;
- }
- fort_clearShedule(keysched); /* don't leave the key lying around the stack*/
- if (size != 0) return CI_INV_SIZE;
- return CI_OK;
-}
-
-
-
-/*
- * unwrap is used for key generation and mixing
- */
-int
-fort_skipjackUnwrap(FORTSkipjackKeyPtr key,unsigned long len,
- unsigned char *cipherIn, unsigned char *plainOut) {
- unsigned char low[10];
- fort_keysched keysched;
- int i,ret;
-
- /* unwrap can only unwrap 80 bit symetric keys and 160 private keys
- * sometimes these values have checksums. When they do, we should verify
- * those checksums. */
- switch (len) {
- case 20: /* private key */
- case 24: /* private key with checksum */
- ret = fort_skipjackUnwrap(key,len/2,cipherIn,plainOut);
- if (ret != CI_OK) return ret;
- ret = fort_skipjackUnwrap(key,len/2,&cipherIn[len/2],low);
-
- /* unmunge the low word */
- for (i=0; i < 10; i++) {
- low[i] = low[i] ^ plainOut[i];
- }
-
- /* the unwrap will fail above because the checkword is on
- * low, not low ^ high.
- */
- if (ret == CI_CHECKWORD_FAIL) {
- unsigned char checksum[2];
-
- ret = fort_CalcKeyChecksum(low,checksum);
- if (ret != CI_OK) return ret;
- if (PORT_Memcmp(checksum,&cipherIn[len-2],2) != 0) {
- return CI_CHECKWORD_FAIL;
- }
- }
- if (ret != CI_OK) return ret;
-
- /* re-order the low word */
- PORT_Memcpy(&plainOut[10],&low[8],2);
- PORT_Memcpy(&plainOut[12],&low[0],8);
- return CI_OK;
- case 10: /* 80 bit skipjack key */
- case 12: /* 80 bit skipjack key with checksum */
- fort_skipKeySchedule(key,keysched);
- fort_doskipD(keysched,cipherIn,plainOut);
- plainOut[8] = cipherIn[8] ^ plainOut[0];
- plainOut[9] = cipherIn[9] ^ plainOut[1];
- fort_doskipD(keysched,plainOut,plainOut);
- fort_clearShedule(keysched);
- /* if we have a checkum, verify it */
- if (len == 12) {
- unsigned char checksum[2];
-
- ret = fort_CalcKeyChecksum(plainOut,checksum);
- if (ret != CI_OK) return ret;
- if (PORT_Memcmp(checksum,&cipherIn[10],2) != 0) {
- return CI_CHECKWORD_FAIL;
- }
- }
- return CI_OK;
- default:
- break;
- }
- return CI_INV_SIZE;
-}
-
-/*
- * unwrap is used for key generation and mixing
- */
-int
-fort_skipjackWrap(FORTSkipjackKeyPtr key,unsigned long len,
- unsigned char *plainIn, unsigned char *cipherOut) {
- unsigned char low[10];
- unsigned char checksum[2];
- fort_keysched keysched;
- int i,ret;
-
-
- /* NOTE: length refers to the target in the case of wrap */
- /* Wrap can only Wrap 80 bit symetric keys and 160 private keys
- * sometimes these values have checksums. When they do, we should verify
- * those checksums. */
- switch (len) {
- case 20: /* private key */
- case 24: /* private key with checksum */
- /* re-order the low word */
- PORT_Memcpy(&low[8],&plainIn[10],2);
- PORT_Memcpy(&low[0],&plainIn[12],8);
- if (len == 24) {
- ret = fort_CalcKeyChecksum(low,checksum);
- if (ret != CI_OK) return ret;
- }
- /* munge the low word */
- for (i=0; i < 10; i++) {
- low[i] = low[i] ^ plainIn[i];
- }
- ret = fort_skipjackWrap(key,len/2,plainIn,cipherOut);
- ret = fort_skipjackWrap(key,len/2,low,&cipherOut[len/2]);
- if (len == 24) {
- PORT_Memcpy(&cipherOut[len - 2], checksum, sizeof(checksum));
- }
-
- return CI_OK;
- case 10: /* 80 bit skipjack key */
- case 12: /* 80 bit skipjack key with checksum */
-
- fort_skipKeySchedule(key,keysched);
- fort_doskipE(keysched,plainIn,cipherOut);
- cipherOut[8] = plainIn[8] ^ cipherOut[0];
- cipherOut[9] = plainIn[9] ^ cipherOut[1];
- fort_doskipE(keysched,cipherOut,cipherOut);
- fort_clearShedule(keysched);
- /* if we need a checkum, get it */
- if (len == 12) {
- ret = fort_CalcKeyChecksum(plainIn,&cipherOut[10]);
- if (ret != CI_OK) return ret;
- }
- return CI_OK;
- default:
- break;
- }
- return CI_INV_SIZE;
-}
-
diff --git a/security/nss/lib/fortcrypt/swfort/swflib.c b/security/nss/lib/fortcrypt/swfort/swflib.c
deleted file mode 100644
index cc4647006..000000000
--- a/security/nss/lib/fortcrypt/swfort/swflib.c
+++ /dev/null
@@ -1,1028 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * implement the MACI calls as Software Fortezza Calls.
- * only do the ones Nescape Needs. This provides a single software slot,
- * with 100 key registers, and 50 backup Ra private registers. Since we only
- * create one session per slot, this implementation only uses one session.
- * One future enhancement may be to try to improve on this for better threading
- * support.
- */
-
-#include "prtypes.h"
-#include "prio.h"
-
-#include "swforti.h"
-#include "keytlow.h"
-/* #include "dh.h" */
-#include "blapi.h"
-#include "maci.h"
-/* #include "dsa.h" */
-/* #include "hasht.h" */
-#include "secitem.h"
-#include "secrng.h"
-#include "keylow.h"
-#include "secder.h"
-
-#ifdef XP_UNIX
-#include <unistd.h>
-#endif
-
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-
-/* currently we only support one software token. In the future we can use the
- * session to determin which of many possible tokens we are talking about.
- * all the calls which need tokens take a pointer to the software token as a
- * target.
- */
-static FORTSWToken *swtoken = NULL;
-
-#define SOCKET_ID 1
-
-
-/* can't change the pin on SW fortezza for now */
-int
-MACI_ChangePIN(HSESSION session, int PINType, CI_PIN CI_FAR pOldPIN,
- CI_PIN CI_FAR pNewPin)
-{
- return CI_INV_STATE;
-}
-
-
-/*
- * Check pin checks the pin, then logs the user in or out depending on if
- * the pin succedes. The General implementation would support both SSO and
- * User mode our's only needs User mode. Pins are checked by whether or not
- * they can produce our valid Ks for this 'card'.
- */
-int
-MACI_CheckPIN(HSESSION session, int PINType, CI_PIN CI_FAR pin)
-{
- FORTSkipjackKeyPtr Ks;
- FORTSWFile *config_file = NULL;
- FORTSkipjackKey seed;
- unsigned char pinArea[13];
- unsigned char *padPin = NULL;
-
- /* This SW module can only log in as USER */
- if (PINType != CI_USER_PIN) return CI_INV_TYPE;
-
- if (swtoken == NULL) return CI_NO_CARD;
- /* we can't check a pin if we haven't been initialized yet */
- if (swtoken->config_file == NULL) return CI_NO_CARD;
- config_file = swtoken->config_file;
-
- /* Make sure the pin value meets minimum lengths */
- if (PORT_Strlen((char *)pin) < 12) {
- PORT_Memset(pinArea, ' ', sizeof(pinArea));
- PORT_Memcpy(pinArea,pin,PORT_Strlen((char *)pin));
- pinArea[12] = 0;
- padPin = pinArea;
- }
-
- /* get the Ks by unwrapping it from the memphrase with the pbe generated
- * from the pin */
- Ks = fort_CalculateKMemPhrase(config_file,
- &config_file->fortezzaPhrase, (char *)pin, NULL);
-
- if (Ks == 0) {
- Ks = fort_CalculateKMemPhrase(config_file,
- &config_file->fortezzaPhrase, (char *)padPin, NULL);
- if (Ks == 0) {
- PORT_Memset(pinArea, 0, sizeof(pinArea));
- fort_Logout(swtoken);
- return CI_FAIL;
- }
- }
-
- /* use Ks and hash to verify that pin is correct */
- if (! fort_CheckMemPhrase(config_file, &config_file->fortezzaPhrase,
- (char *)pin, Ks) ) {
- if ((padPin == NULL) ||
- ! fort_CheckMemPhrase(config_file, &config_file->fortezzaPhrase,
- (char *)padPin, Ks) ) {
- PORT_Memset(pinArea, 0, sizeof(pinArea));
- fort_Logout(swtoken);
- return CI_FAIL;
- }
- }
-
- PORT_Memset(pinArea, 0, sizeof(pinArea));
-
-
- /* OK, add the random Seed value into the random number generator */
- fort_skipjackUnwrap(Ks,config_file->wrappedRandomSeed.len,
- config_file->wrappedRandomSeed.data,seed);
- RNG_RandomUpdate(seed,sizeof(seed));
-
- /* it is, go ahead and log in */
- swtoken->login = PR_TRUE;
- /* Ks is always stored in keyReg[0] when we log in */
- PORT_Memcpy(swtoken->keyReg[0].data, Ks, sizeof (FORTSkipjackKey));
- swtoken->keyReg[0].present = PR_TRUE;
- PORT_Memset(Ks, 0, sizeof(FORTSkipjackKey));
- PORT_Free(Ks);
-
-
- return CI_OK;
-}
-
-/*
- * close an open socket. Power_Down flag is set when we want to reset the
- * cards complete state.
- */
-int
-MACI_Close(HSESSION session, unsigned int flags, int socket)
-{
- if (socket != SOCKET_ID) return CI_BAD_CARD;
- if (swtoken == NULL) return CI_BAD_CARD;
-
- if (flags == CI_POWER_DOWN_FLAG) {
- fort_Logout(swtoken);
- }
- return CI_OK;
-}
-
-/*
- * Decrypt keeps track of it's own IV.
- */
-int
-MACI_Decrypt(HSESSION session, unsigned int size, CI_DATA cipherIn,
- CI_DATA plainOut)
-{
- int ret;
- unsigned char IV[SKIPJACK_BLOCK_SIZE];
-
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- if ((ret = fort_KeyOK(swtoken,swtoken->key,PR_TRUE)) != CI_OK) return ret;
-
- /*fort_AddNoise();*/
-
- /* save the IV, before we potentially trash the new one when we decrypt.
- * (it's permissible to decrypt into the cipher text buffer by passing the
- * same buffers for both cipherIn and plainOut.
- */
- PORT_Memcpy(IV,swtoken->IV, sizeof(IV));
- fort_UpdateIV(cipherIn,size,swtoken->IV);
- return fort_skipjackDecrypt(swtoken->keyReg[swtoken->key].data,
- IV,size,cipherIn,plainOut);
-}
-
-/*
- * Clear a key from one of the key registers (indicated by index).
- * return an error if no key exists.
- */
-int
-MACI_DeleteKey(HSESSION session, int index)
-{
- int ret;
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
-
- /* can't delete Ks */
- if (index == 0) return CI_INV_KEY_INDEX;
-
- if ((ret = fort_KeyOK(swtoken,index,PR_TRUE)) != CI_OK) return ret;
- fort_ClearKey(&swtoken->keyReg[index]);
- return CI_OK;
-}
-
-
-/*
- * encrypt some blocks of data and update the IV.
- */
-int
-MACI_Encrypt(HSESSION session, unsigned int size, CI_DATA plainIn,
- CI_DATA cipherOut)
-{
- int ret;
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- if ((ret = fort_KeyOK(swtoken,swtoken->key,PR_TRUE)) != CI_OK) return ret;
-
- /*fort_AddNoise();*/
-
- ret = fort_skipjackEncrypt(swtoken->keyReg[swtoken->key].data,
- swtoken->IV,size,plainIn,cipherOut);
- fort_UpdateIV(cipherOut,size,swtoken->IV);
-
- return ret;
-
-}
-
-/*
- * create a new IV and encode it.
- */
-
-static char *leafbits="THIS IS NOT LEAF";
-
-int
-MACI_GenerateIV(HSESSION Session, CI_IV CI_FAR pIV)
-{
- int ret;
-
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- if ((ret = fort_KeyOK(swtoken,swtoken->key,PR_TRUE)) != CI_OK) return ret;
-
- ret = fort_GenerateRandom(swtoken->IV,SKIPJACK_BLOCK_SIZE);
- if (ret != CI_OK) return ret;
-
- PORT_Memcpy(pIV,leafbits,SKIPJACK_LEAF_SIZE);
- PORT_Memcpy(&pIV[SKIPJACK_LEAF_SIZE],swtoken->IV,SKIPJACK_BLOCK_SIZE);
-
- return CI_OK;
-}
-
-
-/*
- * create a new Key
- */
-int
-MACI_GenerateMEK(HSESSION session, int index, int reserved)
-{
- int ret;
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- if ((ret = fort_KeyOK(swtoken,index,PR_FALSE)) != CI_OK) return ret;
-
- ret = fort_GenerateRandom(swtoken->keyReg[index].data,
- sizeof (swtoken->keyReg[index].data));
- if (ret == CI_OK) swtoken->keyReg[index].present = PR_TRUE;
-
- return ret;
-}
-
-/*
- * build a new Ra/ra pair for a KEA exchange.
- */
-int
-MACI_GenerateRa(HSESSION session, CI_RA CI_FAR pRa)
-{
- int ret;
- int counter;
- int RaLen,raLen;
- DSAPrivateKey *privKey = NULL;
- PQGParams params;
- SECStatus rv;
- int crv = CI_EXEC_FAIL;
- fortSlotEntry *certEntry = NULL;
- unsigned char *unsignedRa = NULL;
- unsigned char *unsignedra = NULL;
- fortKeyInformation *key_info = NULL;
-
-
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- /* make sure the personality is set */
- if (swtoken->certIndex == 0) return CI_INV_STATE;
-
- /* pick next Ra circular buffer */
- counter = swtoken->nextRa;
- swtoken->nextRa++;
- if (swtoken->nextRa >= MAX_RA_SLOTS) swtoken->nextRa = 0;
-
- /* now get the params for diffie -helman key gen */
- certEntry = fort_GetCertEntry(swtoken->config_file,swtoken->certIndex);
- if (certEntry == NULL) return CI_INV_CERT_INDEX;
- if (certEntry->exchangeKeyInformation) {
- key_info = certEntry->exchangeKeyInformation;
- } else {
- key_info = certEntry->signatureKeyInformation;
- }
- if (key_info == NULL) return CI_NO_X;
-
- /* Generate Diffie Helman key Pair -- but we use DSA key gen to do it */
- rv = SECITEM_CopyItem(NULL,&params.prime,&key_info->p);
- if (rv != SECSuccess) return CI_EXEC_FAIL;
- rv = SECITEM_CopyItem(NULL,&params.subPrime,&key_info->q);
- if (rv != SECSuccess) return CI_EXEC_FAIL;
- rv = SECITEM_CopyItem(NULL,&params.base,&key_info->g);
- if (rv != SECSuccess) return CI_EXEC_FAIL;
-
- /* KEA uses DSA like key generation with short DSA keys that have to
- * maintain a relationship to q */
- rv = DSA_NewKey(&params, &privKey);
- SECITEM_FreeItem(&params.prime,PR_FALSE);
- SECITEM_FreeItem(&params.subPrime,PR_FALSE);
- SECITEM_FreeItem(&params.base,PR_FALSE);
- if (rv != SECSuccess) return CI_EXEC_FAIL;
-
- /* save private key, public key, and param in Ra Circular buffer */
- unsignedRa = privKey->publicValue.data;
- RaLen = privKey->publicValue.len;
- while ((unsignedRa[0] == 0) && (RaLen > CI_RA_SIZE)) {
- unsignedRa++;
- RaLen--;
- }
- if (RaLen > CI_RA_SIZE) goto loser;
-
- unsignedra = privKey->privateValue.data;
- raLen = privKey->privateValue.len;
- while ((unsignedra[0] == 0) && (raLen > sizeof(fortRaPrivate))) {
- unsignedra++;
- raLen--;
- }
-
- if (raLen > sizeof(fortRaPrivate)) goto loser;
-
- PORT_Memset(swtoken->RaValues[counter].private, 0, sizeof(fortRaPrivate));
- PORT_Memcpy(
- &swtoken->RaValues[counter].private[sizeof(fortRaPrivate) - raLen],
- unsignedra, raLen);
- PORT_Memset(pRa, 0, CI_RA_SIZE);
- PORT_Memcpy(&pRa[CI_RA_SIZE-RaLen], unsignedRa, RaLen);
- PORT_Memcpy(swtoken->RaValues[counter].public, pRa, CI_RA_SIZE);
- crv = CI_OK;
-
-loser:
- PORT_FreeArena(privKey->params.arena, PR_TRUE);
-
- return crv;
-}
-
-
-/*
- * return some random data.
- */
-int
-MACI_GenerateRandom(HSESSION session, CI_RANDOM CI_FAR random)
-{
- int ret;
- if ((ret = fort_CardExists(swtoken,PR_FALSE)) != CI_OK) return ret;
- return fort_GenerateRandom(random,sizeof (CI_RANDOM));
-}
-
-
-static CI_RA Remail = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1
-};
-
-/*
- * build a new Token exchange key using KEA.
- */
-int
-MACI_GenerateTEK(HSESSION hSession, int flags, int target,
- CI_RA CI_FAR Ra, CI_RA CI_FAR Rb, unsigned int YSize, CI_Y CI_FAR pY )
-{
- SECKEYLowPrivateKey *key = NULL;
- fortSlotEntry * certEntry;
- unsigned char * w = NULL;
- SECItem *q;
- SECStatus rv;
- int ret,i;
- PRBool email = PR_TRUE;
- SECItem R; /* public */
- SECItem Y; /* public */
- SECItem r; /* private */
- SECItem x; /* private */
- SECItem wItem; /* derived secret */
- fortRaPrivatePtr ra;
- FORTSkipjackKey cover_key;
-
- unsigned char pad[10] = { 0x72, 0xf1, 0xa8, 0x7e, 0x92,
- 0x82, 0x41, 0x98, 0xab, 0x0b };
-
- /* verify that everything is ok with the token, keys and certs */
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- /* make sure the personality is set */
- if (swtoken->certIndex == 0) return CI_INV_STATE;
- if ((ret = fort_KeyOK(swtoken,target,PR_FALSE)) != CI_OK) return ret;
-
- /* get the cert from the entry, then look up the key from that cert */
- certEntry = fort_GetCertEntry(swtoken->config_file,swtoken->certIndex);
- if (certEntry == NULL) return CI_INV_CERT_INDEX;
- key = fort_GetPrivKey(swtoken,dhKey,certEntry);
- if (key == NULL) return CI_NO_X;
-
- if (certEntry->exchangeKeyInformation) {
- q = &certEntry->exchangeKeyInformation->q;
- } else {
- q = &certEntry->signatureKeyInformation->q;
- }
-
- email = (PORT_Memcmp(Rb,Remail,sizeof(Rb)) == 0) ? PR_TRUE: PR_FALSE;
-
-
- /* load the common elements */
- Y.data = pY;
- Y.len = YSize;
- x.data = key->u.dh.privateValue.data;
- x.len = key->u.dh.privateValue.len;
-
- /* now initialize the rest of the values */
- if (flags == CI_INITIATOR_FLAG) {
- if (email) {
- R.data = Y.data;
- R.len = Y.len;
- } else {
- R.data = Rb;
- R.len = sizeof(CI_RA);
- }
- ra = fort_LookupPrivR(swtoken,Ra);
- if (ra == NULL) {
- ret = CI_EXEC_FAIL;
- goto loser;
- }
- r.data = ra;
- r.len = sizeof(fortRaPrivate);
- } else {
- R.data = Ra;
- R.len = sizeof(CI_RA);
- if (email) {
- r.data = x.data;
- r.len = x.len;
- } else {
- ra = fort_LookupPrivR(swtoken,Rb);
- if (ra == NULL) {
- ret = CI_EXEC_FAIL;
- goto loser;
- }
- r.data = ra;
- r.len = sizeof(fortRaPrivate);
- }
- }
-
-
- if (!KEA_Verify(&Y,&key->u.dh.prime,q)) {
- ret = CI_EXEC_FAIL;
- goto loser;
- }
- if (!KEA_Verify(&R,&key->u.dh.prime,q)) {
- ret = CI_EXEC_FAIL;
- goto loser;
- }
-
- /* calculate the base key */
- rv = KEA_Derive(&key->u.dh.prime, &Y, &R, &r, &x, &wItem);
- if (rv != SECSuccess) {
- ret = CI_EXEC_FAIL;
- goto loser;
- }
-
- w = wItem.data;
- /* use the skipjack wrapping function to 'mix' the key up */
- for (i=0; i < sizeof(FORTSkipjackKey); i++)
- cover_key[i] = pad[i] ^ w[i];
-
- ret = fort_skipjackWrap(cover_key,sizeof(FORTSkipjackKey),
- &w[sizeof(FORTSkipjackKey)],swtoken->keyReg[target].data);
- if (ret != CI_OK) goto loser;
-
- swtoken->keyReg[target].present = PR_TRUE;
-
- ret = CI_OK;
-loser:
- if (w) PORT_Free(w);
- if (key) SECKEY_LowDestroyPrivateKey(key);
-
- return ret;
-}
-
-
-/*
- * return the bytes of a certificate.
- */
-int
-MACI_GetCertificate(HSESSION hSession, int certIndex,
- CI_CERTIFICATE CI_FAR cert)
-{
- int len;
- int ret;
- fortSlotEntry *certEntry = NULL;
-
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
-
- certEntry = fort_GetCertEntry(swtoken->config_file,certIndex);
- if (certEntry == NULL) return CI_INV_CERT_INDEX;
-
- len = certEntry->certificateData.dataEncryptedWithKs.len;
- PORT_Memset(cert,0,sizeof(CI_CERTIFICATE));
- PORT_Memcpy(cert, certEntry->certificateData.dataEncryptedWithKs.data,len);
-
- /* Ks is always stored in keyReg[0] when we log in */
- return fort_skipjackDecrypt(swtoken->keyReg[0].data,
- &certEntry->certificateData.dataIV.data[SKIPJACK_LEAF_SIZE],
- len,cert,cert);
-}
-
-
-/*
- * return out sofware configuration bytes. Those field not used by the PKCS #11
- * module may not be filled in exactly.
- */
-#define NETSCAPE "Netscape Communications Corp "
-#define PRODUCT "Netscape Software FORTEZZA Lib "
-#define SOFTWARE "Software FORTEZZA Implementation"
-
-int
-MACI_GetConfiguration(HSESSION hSession, CI_CONFIG_PTR config)
-{
- config->LibraryVersion = 0x0100;
- config->ManufacturerVersion = 0x0100;
- PORT_Memcpy(config->ManufacturerName,NETSCAPE,sizeof(NETSCAPE));
- PORT_Memcpy(config->ProductName,PRODUCT,sizeof(PRODUCT));
- PORT_Memcpy(config->ProcessorType,SOFTWARE,sizeof(SOFTWARE));
- config->UserRAMSize = 0;
- config->LargestBlockSize = 0x10000;
- config->KeyRegisterCount = KEY_REGISTERS;
- config->CertificateCount =
- swtoken ? fort_GetCertCount(swtoken->config_file): 0;
- config->CryptoCardFlag = 0;
- config->ICDVersion = 0;
- config->ManufacturerSWVer = 0x0100;
- config->DriverVersion = 0x0100;
- return CI_OK;
-}
-
-/*
- * return a list of all the personalities (up to the value 'EntryCount')
- */
-int
-MACI_GetPersonalityList(HSESSION hSession, int EntryCount,
- CI_PERSON CI_FAR personList[])
-{
- int count;
- int i,ret;
- FORTSWFile *config_file = NULL;
- unsigned char tmp[32];
-
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- config_file = swtoken->config_file;
-
- /* search for the index */
- count= fort_GetCertCount(config_file);
-
- /* don't return more than the user asked for */
- if (count > EntryCount) count = EntryCount;
- for (i=0; i < count ;i ++) {
- int len, dataLen;
- personList[i].CertificateIndex =
- config_file->slotEntries[i]->certIndex;
- len = config_file->slotEntries[i]->certificateLabel.
- dataEncryptedWithKs.len;
- if (len > sizeof(tmp)) len = sizeof(tmp);
- PORT_Memset(personList[i].CertLabel, ' ',
- sizeof(personList[i].CertLabel));
- PORT_Memcpy(tmp,
- config_file->slotEntries[i]->
- certificateLabel.dataEncryptedWithKs.data,
- len);
- /* Ks is always stored in keyReg[0] when we log in */
- ret = fort_skipjackDecrypt(swtoken->keyReg[0].data,
- &config_file->slotEntries[i]->
- certificateLabel.dataIV.data[SKIPJACK_LEAF_SIZE],len,
- tmp,tmp);
- if (ret != CI_OK) return ret;
- dataLen = DER_GetInteger(&config_file->slotEntries[i]->
- certificateLabel.length);
- if (dataLen > sizeof(tmp)) dataLen = sizeof(tmp);
- PORT_Memcpy(personList[i].CertLabel, tmp, dataLen);
- personList[i].CertLabel[32] = 0;
- personList[i].CertLabel[33] = 0;
- personList[i].CertLabel[34] = 0;
- personList[i].CertLabel[35] = 0;
- }
- return CI_OK;
-}
-
-
-/*
- * get a new session ID. This function is only to make the interface happy,
- * the PKCS #11 module only uses one session per token.
- */
-int
-MACI_GetSessionID(HSESSION *session)
-{
- *session = 1;
- return CI_OK;
-}
-
-/*
- * return the current card state.
- */
-int
-MACI_GetState(HSESSION hSession, CI_STATE_PTR state)
-{
- int ret;
- if ((ret = fort_CardExists(swtoken,PR_FALSE)) != CI_OK) return ret;
- *state = fort_GetState(swtoken);
- return CI_OK;
-}
-
-/*
- * return the status. NOTE that KeyRegisterFlags and CertificateFlags are never
- * really used by the PKCS #11 module, so they are not implemented.
- */
-int
-MACI_GetStatus(HSESSION hSession, CI_STATUS_PTR status)
-{
- int ret;
- FORTSWFile *config_file = NULL;
-
- if ((ret = fort_CardExists(swtoken,PR_FALSE)) != CI_OK) return ret;
- config_file = swtoken->config_file;
- status->CurrentSocket = 1;
- status->LockState = swtoken->lock;
- PORT_Memcpy(status->SerialNumber,
- config_file->serialID.data, config_file->serialID.len);
- status->CurrentState = fort_GetState(swtoken);
- status->DecryptionMode = CI_CBC64_MODE;
- status->EncryptionMode = CI_CBC64_MODE;
- status->CurrentPersonality = swtoken->certIndex;
- status->KeyRegisterCount = KEY_REGISTERS;
- /* our code doesn't use KeyRegisters, which is good, because there's not
- * enough of them .... */
- PORT_Memset(status->KeyRegisterFlags,0,sizeof(status->KeyRegisterFlags));
- status->CertificateCount = fort_GetCertCount(config_file);
- PORT_Memset(status->CertificateFlags,0,sizeof(status->CertificateFlags));
- PORT_Memset(status->Flags,0,sizeof(status->Flags));
-
- return CI_OK;
-}
-
-/*
- * add the time call because the PKCS #11 module calls it, but always pretend
- * the clock is bad, so it never uses the returned time.
- */
-int
-MACI_GetTime(HSESSION hSession, CI_TIME CI_FAR time)
-{
- return CI_BAD_CLOCK;
-}
-
-
-/* This function is copied from NSPR so that the PKCS #11 module can be
- * independent of NSPR */
-PRInt32 local_getFileInfo(const char *fn, PRFileInfo *info);
-
-/*
- * initialize the SW module, and return the number of slots we support (1).
- */
-int
-MACI_Initialize(int CI_FAR *count)
-{
- char *filename = NULL;
- SECItem file;
- FORTSignedSWFile *decode_file = NULL;
- PRFileInfo info;
- /*PRFileDesc *fd = NULL;*/
- int fd = -1;
- PRStatus err;
- int ret = CI_OK;
- int fcount;
-
- file.data = NULL;
- file.len = 0;
-
- *count = 1;
-
- /* allocate swtoken structure */
- swtoken = PORT_ZNew(FORTSWToken);
- if (swtoken == NULL) return CI_OUT_OF_MEMORY;
-
- filename = (char *)fort_LookupFORTEZZAInitFile();
- if (filename == NULL) {
- ret = CI_BAD_READ;
- goto failed;
- }
-
- fd = open(filename,O_RDONLY|O_BINARY,0);
- if (fd < 0) {
- ret = CI_BAD_READ;
- goto failed;
- }
-
- err = local_getFileInfo(filename,&info);
- if ((err != 0) || (info.size == 0)) {
- ret = CI_BAD_READ;
- goto failed;
- }
-
- file.data = PORT_ZAlloc(info.size);
- if (file.data == NULL) {
- ret = CI_OUT_OF_MEMORY;
- goto failed;
- }
-
- fcount = read(fd,file.data,info.size);
- close(fd); fd = -1;
- if (fcount != (int)info.size) {
- ret = CI_BAD_READ;
- goto failed;
- }
-
- file.len = fcount;
-
- decode_file = FORT_GetSWFile(&file);
- if (decode_file == NULL) {
- ret = CI_BAD_READ;
- goto failed;
- }
- swtoken->config_file = &decode_file->file;
-
- RNG_SystemInfoForRNG();
- RNG_FileForRNG(filename);
-
-
-failed:
- if (filename) PORT_Free(filename);
- if (fd != -1) close(fd);
- if (file.data) PORT_Free(file.data);
- if (ret != CI_OK) {
- if (decode_file) FORT_DestroySignedSWFile(decode_file);
- if (swtoken) PORT_Free(swtoken);
- swtoken = NULL;
- }
-
- return CI_OK;
-}
-
-/*
- * load an IV from an external source. We technically should check it with the
- * key we received.
- */
-int
-MACI_LoadIV(HSESSION session, CI_IV CI_FAR iv)
-{
- int ret;
-
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- PORT_Memcpy(swtoken->IV,&iv[SKIPJACK_LEAF_SIZE],SKIPJACK_BLOCK_SIZE);
- return CI_OK;
-}
-
-/* implement token lock (should call PR_Monitor here) */
-int
-MACI_Lock(HSESSION session, int flags)
-{
- int ret;
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- swtoken->lock = 1;
-
- return CI_OK;
-}
-
-/* open a token. For software there isn't much to do that hasn't already been
- * done by initialize. */
-int
-MACI_Open(HSESSION session, unsigned int flags, int socket)
-{
- if (socket != SOCKET_ID) return CI_NO_CARD;
- if (swtoken == NULL) return CI_NO_CARD;
- return CI_OK;
-}
-
-/*
- * Reset logs out the token...
- */
-int
-MACI_Reset(HSESSION session)
-{
- if (swtoken) fort_Logout(swtoken);
- return CI_OK;
-}
-
-/*
- * restore and encrypt/decrypt state. NOTE: there is no error checking in this
- * or the save function.
- */
-int
-MACI_Restore(HSESSION session, int type, CI_SAVE_DATA CI_FAR data)
-{
- int ret;
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- PORT_Memcpy(swtoken->IV,data, sizeof (swtoken->IV));
- return CI_OK;
-}
-
-/*
- * save and encrypt/decrypt state. NOTE: there is no error checking in this
- * or the restore function.
- */
-int
-MACI_Save(HSESSION session, int type,CI_SAVE_DATA CI_FAR data)
-{
- int ret;
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- PORT_Memcpy(data,swtoken->IV, sizeof (swtoken->IV));
- return CI_OK;
-}
-
-/*
- * picks a token to operate against. In our case there can be only one.
- */
-int
-MACI_Select(HSESSION session, int socket)
-{
- if (socket == SOCKET_ID) return CKR_OK;
- return CI_NO_CARD;
-}
-
-/*
- * set a register as the key to use for encrypt/decrypt operations.
- */
-int
-MACI_SetKey(HSESSION session, int index)
-{
- int ret;
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- if ((ret = fort_KeyOK(swtoken,index,PR_TRUE)) != CI_OK) return ret;
-
- swtoken->key = index;
- return CI_OK;
-}
-
-/*
- * only CBC64 is supported. Keep setmode for compatibility */
-int
-MACI_SetMode(HSESSION session, int type, int mode)
-{
- if (mode != CI_CBC64_MODE) return CI_INV_MODE;
- return CI_OK;
-}
-
-/* set the personality to use for sign/verify */
-int
-MACI_SetPersonality(HSESSION session, int cert)
-{
- int ret;
- fortSlotEntry *certEntry = NULL;
-
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
-
- certEntry = fort_GetCertEntry(swtoken->config_file,cert);
- if ((certEntry == NULL) ||
- ((certEntry->exchangeKeyInformation == NULL) &&
- (certEntry->signatureKeyInformation == NULL)) )
- return CI_INV_CERT_INDEX;
- swtoken->certIndex = cert;
- return CI_OK;
-}
-
-
-/* DSA sign some data */
-int
-MACI_Sign(HSESSION session, CI_HASHVALUE CI_FAR hash, CI_SIGNATURE CI_FAR sig)
-{
- SECKEYLowPrivateKey *key = NULL;
- fortSlotEntry * certEntry = NULL;
- int ret = CI_OK;
- SECStatus rv;
- SECItem signItem;
- SECItem hashItem;
- unsigned char random[DSA_SUBPRIME_LEN];
-
- /* standard checks */
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- /* make sure the personality is set */
- if (swtoken->certIndex == 0) return CI_INV_STATE;
-
- /* get the current personality */
- certEntry = fort_GetCertEntry(swtoken->config_file,swtoken->certIndex);
- if (certEntry == NULL) return CI_INV_CERT_INDEX;
-
- /* extract the private key from the personality */
- ret = CI_OK;
- key = fort_GetPrivKey(swtoken,dsaKey,certEntry);
- if (key == NULL) {
- ret = CI_NO_X;
- goto loser;
- }
-
- /* create a random value for the signature */
- ret = fort_GenerateRandom(random, sizeof(random));
- if (ret != CI_OK) goto loser;
-
- /* Sign with that private key */
- signItem.data = sig;
- signItem.len = DSA_SIGNATURE_LEN;
-
- hashItem.data = hash;
- hashItem.len = SHA1_LENGTH;
-
- rv = DSA_SignDigestWithSeed(&key->u.dsa, &signItem, &hashItem, random);
- if (rv != SECSuccess) {
- ret = CI_EXEC_FAIL;
- }
-
- /* clean up */
-loser:
- if (key != NULL) SECKEY_LowDestroyPrivateKey(key);
-
- return ret;
-}
-
-/*
- * clean up after ourselves.
- */
-int
-MACI_Terminate(HSESSION session)
-{
- if (swtoken == NULL) return CI_OUT_OF_MEMORY;
-
- /* clear all the keys */
- fort_Logout(swtoken);
-
- FORT_DestroySWFile(swtoken->config_file);
- PORT_Free(swtoken);
- swtoken = NULL;
- return CI_OK;
-}
-
-
-
-/* implement token unlock (should call PR_Monitor here) */
-int
-MACI_Unlock(HSESSION session)
-{
- int ret;
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- swtoken->lock = 0;
- return CI_OK;
-}
-
-/*
- * unwrap a key into our software token. NOTE: this function does not
- * verify that the wrapping key is Ks or a TEK. This is because our higher
- * level software doesn't try to wrap MEKs with MEKs. If this API was exposed
- * generically, then we would have to worry about things like this.
- */
-int
-MACI_UnwrapKey(HSESSION session, int wrapKey, int target,
- CI_KEY CI_FAR keyData)
-{
- int ret = CI_OK;
-
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- if ((ret = fort_KeyOK(swtoken,target,PR_FALSE)) != CI_OK) return ret;
- if ((ret = fort_KeyOK(swtoken,wrapKey,PR_TRUE)) != CI_OK) return ret;
- ret = fort_skipjackUnwrap(swtoken->keyReg[wrapKey].data,
- sizeof(CI_KEY), keyData, swtoken->keyReg[target].data);
- if (ret != CI_OK) goto loser;
-
- swtoken->keyReg[target].present = PR_TRUE;
-
-loser:
- return ret;
-}
-
-/*
- * Wrap a key out of our software token. NOTE: this function does not
- * verify that the wrapping key is Ks or a TEK, or that the source key is
- * a MEK. This is because our higher level software doesn't try to wrap MEKs
- * with MEKs, or wrap out TEKS and Ks. If this API was exposed
- * generically, then we would have to worry about things like this.
- */
-int
-MACI_WrapKey(HSESSION session, int wrapKey, int source, CI_KEY CI_FAR keyData)
-{
- int ret;
-
- if ((ret = fort_CardExists(swtoken,PR_TRUE)) != CI_OK) return ret;
- if ((ret = fort_KeyOK(swtoken,source,PR_TRUE)) != CI_OK) return ret;
- if ((ret = fort_KeyOK(swtoken,wrapKey,PR_TRUE)) != CI_OK) return ret;
- ret = fort_skipjackWrap(swtoken->keyReg[wrapKey].data,
- sizeof(CI_KEY), swtoken->keyReg[source].data,keyData);
-
- return ret;
-}
-
diff --git a/security/nss/lib/fortcrypt/swfort/swfort.h b/security/nss/lib/fortcrypt/swfort/swfort.h
deleted file mode 100644
index d0cefb098..000000000
--- a/security/nss/lib/fortcrypt/swfort/swfort.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Software implementation of FORTEZZA skipjack primatives
- */
-#ifndef _SWFORT_H_
-#define _SWFORT_H_
-
-#include "seccomon.h"
-#include "swfortt.h"
-/*#include "genci.h"*/
-
-
-SEC_BEGIN_PROTOS
-
-FORTSignedSWFile *
-FORT_GetSWFile(SECItem *initBits);
-
-SECStatus
-FORT_CheckInitPhrase(FORTSignedSWFile *sw_init_file, char *initMemPhrase);
-
-SECStatus
-FORT_CheckUserPhrase(FORTSignedSWFile *sw_init_file, char *userMemPhrase);
-
-void
-FORT_DestroySWFile(FORTSWFile *file);
-
-void
-FORT_DestroySignedSWFile(FORTSignedSWFile *swfile);
-
-SECItem *
-FORT_GetDERCert(FORTSignedSWFile *swfile, int index);
-
-SECItem *
-FORT_PutSWFile(FORTSignedSWFile *sw_init_file);
-
-
-SEC_END_PROTOS
-
-#endif
diff --git a/security/nss/lib/fortcrypt/swfort/swforti.h b/security/nss/lib/fortcrypt/swfort/swforti.h
deleted file mode 100644
index c2156e2fc..000000000
--- a/security/nss/lib/fortcrypt/swfort/swforti.h
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Software implementation of FORTEZZA Skipjack primatives and helper functions.
- */
-#ifndef _SWFORTI_H_
-#define _SWFORTI_H_
-
-#ifndef RETURN_TYPE
-#define RETURN_TYPE int
-#endif
-
-#include "seccomon.h"
-#include "swfort.h"
-#include "swfortti.h"
-#include "maci.h"
-
-
-SEC_BEGIN_PROTOS
-/*
- * Check to see if the index is ok, and that key is appropriately present or
- * absent.
- */
-int fort_KeyOK(FORTSWToken *token, int index, PRBool isPresent);
-
-/*
- * clear out a key register
- */
-void fort_ClearKey(FORTKeySlot *key);
-
-/*
- * clear out an Ra register
- */
-void fort_ClearRaSlot(FORTRaRegisters *ra);
-
-/*
- * provide a helper function to do all the loggin out functions.
- * NOTE: Logging in only happens in MACI_CheckPIN
- */
-void fort_Logout(FORTSWToken *token);
-
-/*
- * update the new IV value based on the current cipherText (should be the last
- * block of the cipher text).
- */
-int fort_UpdateIV(unsigned char *cipherText, unsigned int size,unsigned char *IV);
-
-
-/*
- * verify that we have a card initialized, and if necessary, logged in.
- */
-int fort_CardExists(FORTSWToken *token,PRBool needLogin);
-
-/*
- * walk down the cert slot entries, counting them.
- * return that count.
- */
-int fort_GetCertCount(FORTSWFile *file);
-
-/*
- * copy an unsigned SECItem to a signed SecItem. (if the high bit is on,
- * pad with a leading 0.
- */
-SECStatus fort_CopyUnsigned(PRArenaPool *arena, SECItem *to, const SECItem *from);
-
-/*
- * NOTE: these keys do not have the public values, and cannot be used to
- * extract the public key from the private key. Since we never do this in
- * this code, and this function is private, we're reasonably safe (as long as
- * any of your callees do not try to extract the public value as well).
- * Also -- the token must be logged in before this function is called.
- */
-SECKEYLowPrivateKey * fort_GetPrivKey(FORTSWToken *token,KeyType keyType,fortSlotEntry *certEntry);
-
-/*
- * find a particulare certificate entry from the config
- * file.
- */
-fortSlotEntry * fort_GetCertEntry(FORTSWFile *file,int index);
-
-/*
- * use the token to termine it's CI_State.
- */
-CI_STATE fort_GetState(FORTSWToken *token);
-
-/*
- * find the private ra value for a given public Ra value.
- */
-fortRaPrivatePtr fort_LookupPrivR(FORTSWToken *token,CI_RA Ra);
-
-/*
- * go add more noise to the random number generator
- */
-void fort_AddNoise(void);
-
-/*
- * Get a random number
- */
-int fort_GenerateRandom(unsigned char *buf, int bytes);
-
-
-/*
- * We're deep in the bottom of MACI and PKCS #11... We need to
- * find our fortezza key file. This function lets us search manual paths to
- * find our key file.
- */
-char *fort_FindFileInPath(char *path, char *fn);
-
-
-char *fort_LookupFORTEZZAInitFile(void);
-
-
-FORTSkipjackKeyPtr fort_CalculateKMemPhrase(FORTSWFile *file,
- fortProtectedPhrase * prot_phrase, char *phrase, FORTSkipjackKeyPtr wrapKey);
-
-
-PRBool fort_CheckMemPhrase(FORTSWFile *file,
- fortProtectedPhrase * prot_phrase, char *phrase, FORTSkipjackKeyPtr wrapKey);
-
-
-/* These function actually implements skipjack CBC64 Decrypt */
-int fort_skipjackDecrypt(FORTSkipjackKeyPtr key, unsigned char *iv,
- unsigned long size, unsigned char *cipherIn,
- unsigned char *plainOut);
-
-/* These function actually implements skipjack CBC64 Encrypt */
-int fort_skipjackEncrypt(FORTSkipjackKeyPtr key, unsigned char *iv,
- unsigned long size, unsigned char *plainIn,
- unsigned char *cipherOut);
-
-/*
- * unwrap is used for key generation and mixing
- */
-int fort_skipjackUnwrap(FORTSkipjackKeyPtr key,unsigned long len,
- unsigned char *cipherIn, unsigned char *plainOut);
-
-/*
- * unwrap is used for key generation and mixing
- */
-int
-fort_skipjackWrap(FORTSkipjackKeyPtr key,unsigned long len,
- unsigned char *plainIn, unsigned char *cipherOut);
-
-SEC_END_PROTOS
-
-#endif
diff --git a/security/nss/lib/fortcrypt/swfort/swfortt.h b/security/nss/lib/fortcrypt/swfort/swfortt.h
deleted file mode 100644
index a5ee7b2b5..000000000
--- a/security/nss/lib/fortcrypt/swfort/swfortt.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * All the data structures for Software fortezza are internal only.
- * The external API for Software fortezza is MACI (which is only used by
- * the PKCS #11 module.
- */
-
-#ifndef _SWFORTT_H_
-#define _SWFORTT_H_
-
-/* structure typedefs */
-typedef struct FORTKeySlotStr FORTKeySlot;
-typedef struct FORTRaRegistersStr FORTRaRegisters;
-typedef struct FORTSWTokenStr FORTSWToken;
-
-/* Der parsing typedefs */
-typedef struct fortKeyInformationStr fortKeyInformation;
-typedef struct fortProtectedDataStr fortProtectedData;
-typedef struct fortSlotEntryStr fortSlotEntry;
-typedef struct fortProtectedPhraseStr fortProtectedPhrase;
-typedef struct FORTSWFileStr FORTSWFile;
-typedef struct FORTSignedSWFileStr FORTSignedSWFile;
-
-
-#endif
diff --git a/security/nss/lib/fortcrypt/swfort/swfortti.h b/security/nss/lib/fortcrypt/swfort/swfortti.h
deleted file mode 100644
index 2e6df4250..000000000
--- a/security/nss/lib/fortcrypt/swfort/swfortti.h
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * All the data structures for Software fortezza are internal only.
- * The external API for Software fortezza is MACI (which is only used by
- * the PKCS #11 module.
- */
-
-#ifndef _SWFORTTI_H_
-#define _SWFORTTI_H_
-
-#include "maci.h"
-#include "seccomon.h"
-#include "mcom_db.h" /* really should be included by certt.h */
-#include "certt.h"
-#include "keyt.h"
-#include "swfortt.h"
-
-/* the following parameters are tunable. The bigger the key registers are,
- * the less likely the PKCS #11 module will thrash. */
-#define KEY_REGISTERS 100
-#define MAX_RA_SLOTS 20
-
-/* SKIPJACK algorithm constants */
-#define SKIPJACK_KEY_SIZE 10
-#define SKIPJACK_BLOCK_SIZE 8
-#define SKIPJACK_LEAF_SIZE 16
-
-/* private typedefs */
-typedef unsigned char FORTSkipjackKey[SKIPJACK_KEY_SIZE];
-typedef unsigned char *FORTSkipjackKeyPtr;
-typedef unsigned char fortRaPrivate[20];
-typedef unsigned char *fortRaPrivatePtr;
-
-/* save a public/private key pair */
-struct FORTRaRegistersStr {
- CI_RA public;
- fortRaPrivate private;
-};
-
-/* FORTEZZA Key Register */
-struct FORTKeySlotStr {
- FORTSkipjackKey data;
- PRBool present;
-};
-
-/* structure to hole private key information */
-struct fortKeyInformationStr {
- SECItem keyFlags;
- SECItem privateKeyWrappedWithKs;
- SECItem derPublicKey;
- SECItem p;
- SECItem g;
- SECItem q;
-};
-
-/* struture to hole Ks wrapped data */
-struct fortProtectedDataStr {
- SECItem length;
- SECItem dataIV;
- SECItem dataEncryptedWithKs;
-};
-
-/* This structure represents a fortezza personality */
-struct fortSlotEntryStr {
- SECItem trusted;
- SECItem certificateIndex;
- int certIndex;
- fortProtectedData certificateLabel;
- fortProtectedData certificateData;
- fortKeyInformation *exchangeKeyInformation;
- fortKeyInformation *signatureKeyInformation;
-};
-
-/* this structure represents a K value wrapped by a protected pin */
-struct fortProtectedPhraseStr {
- SECItem kValueIV;
- SECItem wrappedKValue;
- SECItem memPhraseIV;
- SECItem hashedEncryptedMemPhrase;
-};
-
-
-/* This structure represents all the relevant data stored in a der encoded
- * fortezza slot file. */
-struct FORTSWFileStr {
- PRArenaPool *arena;
- SECItem version;
- SECItem derIssuer;
- SECItem serialID;
- fortProtectedPhrase initMemPhrase;
-#define fortezzaPhrase initMemPhrase
- fortProtectedPhrase ssoMemPhrase;
- fortProtectedPhrase userMemPhrase;
- fortProtectedPhrase ssoPinPhrase;
- fortProtectedPhrase userPinPhrase;
- SECItem wrappedRandomSeed;
- fortSlotEntry **slotEntries;
-};
-
-/* This data structed represents a signed data structure */
-struct FORTSignedSWFileStr {
- FORTSWFile file;
- CERTSignedData signatureWrap;
- FORTSkipjackKeyPtr Kinit;
- FORTSkipjackKeyPtr Ks;
-};
-
-
-/* collect all the data that makes up a token */
-struct FORTSWTokenStr {
- PRBool login; /* has this token been logged in? */
- int lock; /* the current lock state */
- int certIndex; /* index of the current personality */
- int key; /* currently selected key */
- int nextRa; /* where the next Ra/ra pair will go */
- FORTSWFile *config_file; /* parsed Fortezza Config file */
- unsigned char IV[SKIPJACK_BLOCK_SIZE];
- FORTKeySlot keyReg[KEY_REGISTERS]; /* sw fortezza key slots */
- FORTRaRegisters RaValues[MAX_RA_SLOTS]; /* Ra/ra values */
-};
-
-#endif
diff --git a/security/nss/lib/fortcrypt/swfort/swfparse.c b/security/nss/lib/fortcrypt/swfort/swfparse.c
deleted file mode 100644
index e7ad6ffb6..000000000
--- a/security/nss/lib/fortcrypt/swfort/swfparse.c
+++ /dev/null
@@ -1,538 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * The following program decodes the FORTEZZA Init File, and stores the result
- * into the fortezza directory.
- */
-#include "secasn1.h"
-#include "swforti.h"
-#include "blapi.h"
-#include "secoid.h"
-#include "secitem.h"
-#include "secder.h"
-
-
-/*
- * templates for parsing the FORTEZZA Init File. These were taken from DER
- * definitions on SWF Initialization File Format Version 1.0 pp1-3.
- */
-
-/* Key info structure... There are up to two of these per slot entry */
-static const SEC_ASN1Template fortKeyInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(fortKeyInformation) },
- { SEC_ASN1_INTEGER,
- offsetof(fortKeyInformation,keyFlags) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(fortKeyInformation,privateKeyWrappedWithKs) },
- { SEC_ASN1_ANY ,
- offsetof(fortKeyInformation, derPublicKey) },
- { SEC_ASN1_OCTET_STRING, offsetof(fortKeyInformation,p) },
- { SEC_ASN1_OCTET_STRING, offsetof(fortKeyInformation,g) },
- { SEC_ASN1_OCTET_STRING, offsetof(fortKeyInformation,q) },
- { 0 }
-};
-
-/* This is data that has been wrapped by Ks */
-static const SEC_ASN1Template fortProtDataTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(fortProtectedData) },
- { SEC_ASN1_INTEGER,
- offsetof(fortProtectedData,length) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(fortProtectedData,dataIV) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(fortProtectedData,dataEncryptedWithKs) },
- { 0 }
-};
-
-/* DER to describe each Certificate Slot ... there are an arbitrary number */
-static const SEC_ASN1Template fortSlotEntryTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(fortSlotEntry) },
- { SEC_ASN1_BOOLEAN,
- offsetof(fortSlotEntry,trusted) },
- { SEC_ASN1_INTEGER,
- offsetof(fortSlotEntry,certificateIndex) },
- { SEC_ASN1_INLINE,
- offsetof(fortSlotEntry,certificateLabel), fortProtDataTemplate },
- { SEC_ASN1_INLINE,
- offsetof(fortSlotEntry,certificateData), fortProtDataTemplate },
- { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_CONSTRUCTED | 0,
- offsetof(fortSlotEntry, exchangeKeyInformation),
- fortKeyInfoTemplate },
- { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_CONSTRUCTED | 1,
- offsetof(fortSlotEntry, signatureKeyInformation),
- fortKeyInfoTemplate },
- { 0 }
-};
-
-/* This data is used to check MemPhrases, and to generate Ks
- * each file has two mem phrases, one for SSO, one for User */
-static const SEC_ASN1Template fortProtectedMemPhrase[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(fortProtectedPhrase) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(fortProtectedPhrase,kValueIV) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(fortProtectedPhrase,wrappedKValue) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(fortProtectedPhrase,memPhraseIV) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(fortProtectedPhrase,hashedEncryptedMemPhrase) },
- { 0 }
-};
-
-/* This data is used to check the Mem Init Phrases, and to generate Kinit
- * each file has one mem init phrase, which is used only in transport of
- * this file */
-static const SEC_ASN1Template fortMemInitPhrase[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(fortProtectedPhrase) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(fortProtectedPhrase,wrappedKValue) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(fortProtectedPhrase,memPhraseIV) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(fortProtectedPhrase,hashedEncryptedMemPhrase) },
- { 0 }
-};
-
-static const SEC_ASN1Template fortSlotEntriesTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, fortSlotEntryTemplate }
-};
-
-/* This is the complete file with all it's data, but has not been signed
- * yet. */
-static const SEC_ASN1Template fortSwFortezzaInitFileToSign[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(FORTSWFile) },
- { SEC_ASN1_INTEGER,
- offsetof(FORTSWFile,version) },
- { SEC_ASN1_ANY,
- offsetof(FORTSWFile,derIssuer) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(FORTSWFile,serialID) },
- { SEC_ASN1_INLINE,
- offsetof(FORTSWFile,initMemPhrase), fortMemInitPhrase },
- { SEC_ASN1_INLINE,
- offsetof(FORTSWFile,ssoMemPhrase), fortProtectedMemPhrase },
- { SEC_ASN1_INLINE,
- offsetof(FORTSWFile,userMemPhrase), fortProtectedMemPhrase },
- { SEC_ASN1_INLINE,
- offsetof(FORTSWFile,ssoPinPhrase), fortProtectedMemPhrase },
- { SEC_ASN1_INLINE,
- offsetof(FORTSWFile,userPinPhrase), fortProtectedMemPhrase },
- { SEC_ASN1_OCTET_STRING,
- offsetof(FORTSWFile,wrappedRandomSeed) },
- { SEC_ASN1_SEQUENCE_OF, offsetof(FORTSWFile,slotEntries),
- fortSlotEntryTemplate },
- /* optional extentions to ignore here... */
- { 0 }
-};
-
-/* The complete, signed init file */
-static const SEC_ASN1Template fortSwFortezzaInitFile[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(FORTSignedSWFile) },
- { SEC_ASN1_SAVE,
- offsetof(FORTSignedSWFile,signatureWrap.data) },
- { SEC_ASN1_INLINE,
- offsetof(FORTSignedSWFile,file),
- fortSwFortezzaInitFileToSign },
- { SEC_ASN1_INLINE,
- offsetof(FORTSignedSWFile,signatureWrap.signatureAlgorithm),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_BIT_STRING,
- offsetof(FORTSignedSWFile,signatureWrap.signature) },
- { 0 }
-};
-
-FORTSkipjackKeyPtr
-fort_CalculateKMemPhrase(FORTSWFile *file,
- fortProtectedPhrase * prot_phrase, char *phrase, FORTSkipjackKeyPtr wrapKey)
-{
- unsigned char *data = NULL;
- unsigned char hashout[SHA1_LENGTH];
- int data_len = prot_phrase->wrappedKValue.len;
- int ret;
- unsigned int len;
- unsigned int version;
- unsigned char enc_version[2];
- FORTSkipjackKeyPtr Kout = NULL;
- FORTSkipjackKey Kfek;
- SHA1Context *sha;
-
- data = (unsigned char *) PORT_ZAlloc(data_len);
- if (data == NULL) goto fail;
-
- PORT_Memcpy(data,prot_phrase->wrappedKValue.data,data_len);
-
- /* if it's a real protected mem phrase, it's been wrapped by kinit, which
- * was passed to us. */
- if (wrapKey) {
- fort_skipjackDecrypt(wrapKey,
- &prot_phrase->kValueIV.data[SKIPJACK_LEAF_SIZE],data_len,
- data,data);
- data_len = sizeof(CI_KEY);
- }
-
- /* now calculate the PBE key for fortezza */
- sha = SHA1_NewContext();
- if (sha == NULL) goto fail;
- SHA1_Begin(sha);
- version = DER_GetUInteger(&file->version);
- enc_version[0] = (version >> 8) & 0xff;
- enc_version[1] = version & 0xff;
- SHA1_Update(sha,enc_version,sizeof(enc_version));
- SHA1_Update(sha,file->derIssuer.data, file->derIssuer.len);
- SHA1_Update(sha,file->serialID.data, file->serialID.len);
- SHA1_Update(sha,(unsigned char *)phrase,strlen(phrase));
- SHA1_End(sha,hashout,&len,SHA1_LENGTH);
- SHA1_DestroyContext(sha, PR_TRUE);
- PORT_Memcpy(Kfek,hashout,sizeof(FORTSkipjackKey));
-
- /* now use that key to unwrap */
- Kout = (FORTSkipjackKeyPtr) PORT_Alloc(sizeof(FORTSkipjackKey));
- ret = fort_skipjackUnwrap(Kfek,data_len,data,Kout);
- if (ret != CI_OK) {
- PORT_Free(Kout);
- Kout = NULL;
- }
-
-fail:
- PORT_Memset(&Kfek, 0, sizeof(FORTSkipjackKey));
- if (data) PORT_ZFree(data,data_len);
- return Kout;
-}
-
-
-PRBool
-fort_CheckMemPhrase(FORTSWFile *file,
- fortProtectedPhrase * prot_phrase, char *phrase, FORTSkipjackKeyPtr wrapKey)
-{
- unsigned char *data = NULL;
- unsigned char hashout[SHA1_LENGTH];
- int data_len = prot_phrase->hashedEncryptedMemPhrase.len;
- unsigned int len;
- SHA1Context *sha;
- PRBool pinOK = PR_FALSE;
- unsigned char cw[4];
- int i;
-
-
- /* first, decrypt the hashed/Encrypted Memphrase */
- data = (unsigned char *) PORT_ZAlloc(data_len);
- if (data == NULL) goto failed;
-
- PORT_Memcpy(data,prot_phrase->hashedEncryptedMemPhrase.data,data_len);
- fort_skipjackDecrypt(wrapKey,
- &prot_phrase->memPhraseIV.data[SKIPJACK_LEAF_SIZE],data_len,
- data,data);
-
- /* now build the hash for comparisons */
- sha = SHA1_NewContext();
- if (sha == NULL) goto failed;
- SHA1_Begin(sha);
- SHA1_Update(sha,(unsigned char *)phrase,strlen(phrase));
- SHA1_End(sha,hashout,&len,SHA1_LENGTH);
- SHA1_DestroyContext(sha, PR_TRUE);
-
- /* hashes don't match... must not be the right pass mem */
- if (PORT_Memcmp(data,hashout,len) != 0) goto failed;
-
- /* now calcuate the checkword and compare it */
- cw[0] = cw[1] = cw[2] = cw[3] = 0;
- for (i=0; i <5 ; i++) {
- cw[0] = cw[0] ^ hashout[i*4];
- cw[1] = cw[1] ^ hashout[i*4+1];
- cw[2] = cw[2] ^ hashout[i*4+2];
- cw[3] = cw[3] ^ hashout[i*4+3];
- }
-
- /* checkword doesn't match, must not be the right pass mem */
- if (PORT_Memcmp(data+len,cw,4) != 0) goto failed;
-
- /* pased all our test, its OK */
- pinOK = PR_TRUE;
-
-failed:
- PORT_Free(data);
-
- return pinOK;
-}
-
-/*
- * walk through the list of memphrases. This function allows us to use a
- * for loop to walk down them.
- */
-fortProtectedPhrase *
-fort_getNextPhrase( FORTSWFile *file, fortProtectedPhrase *last)
-{
- if (last == &file->userMemPhrase) {
- return &file->userPinPhrase;
- }
- /* we can add more test here if we want to support SSO mode someday. */
-
- return NULL;
-}
-
-/*
- * decode the DER file data into our nice data structures, including turning
- * cert indexes into integers.
- */
-FORTSignedSWFile *
-FORT_GetSWFile(SECItem *initBits)
-{
- FORTSignedSWFile *sw_init_file;
- PRArenaPool *arena = NULL;
- SECStatus rv;
- int i, count;
-
- /* get the local arena... be sure to free this at the end */
-
- /* get the local arena... be sure to free this at the end */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) goto fail;
-
- sw_init_file = (FORTSignedSWFile *)
- PORT_ArenaZAlloc(arena,sizeof(FORTSignedSWFile));
- if (sw_init_file == NULL) goto fail;
-
- /* ANS1 decode the complete init file */
- rv = SEC_ASN1DecodeItem(arena,sw_init_file,fortSwFortezzaInitFile,initBits);
- if (rv != SECSuccess) {
- goto fail;
- }
-
- /* count the certs */
- count = 0;
- while (sw_init_file->file.slotEntries[count]) count++;
-
- for (i=0; i < count; i++) {
- /* update the cert Index Pointers */
- sw_init_file->file.slotEntries[i]->certIndex =
- DER_GetInteger(&sw_init_file->
- file.slotEntries[i]->certificateIndex );
- }
-
- /* now start checking the mem phrases and pins, as well as calculating the
- * file's 'K' values. First we start with K(init). */
- sw_init_file->file.arena = arena;
-
- return sw_init_file;
- /* OK now that we've read in the init file, and now have Kinit, Ks, and the
- * appropriate Pin Phrase, we need to build our database file. */
-
-fail:
- if (arena) PORT_FreeArena(arena,PR_TRUE);
- return NULL;
-}
-
-/*
- * Check the init memphrases and the user mem phrases. Remove all the init
- * memphrase wrappings. Save the Kinit and Ks values for use.
- */
-SECStatus
-FORT_CheckInitPhrase(FORTSignedSWFile *sw_init_file, char *initMemPhrase)
-{
- SECStatus rv = SECFailure;
-
- sw_init_file->Kinit = fort_CalculateKMemPhrase(&sw_init_file->file,
- &sw_init_file->file.initMemPhrase, initMemPhrase, NULL);
- if (sw_init_file->Kinit == NULL) goto fail;
-
- /* now check the init Mem phrase */
- if (!fort_CheckMemPhrase(&sw_init_file->file,
- &sw_init_file->file.initMemPhrase,
- initMemPhrase, sw_init_file->Kinit)) {
- goto fail;
- }
- rv = SECSuccess;
-
-fail:
- return rv;
-}
-
- /* now check user user mem phrase and calculate Ks */
-SECStatus
-FORT_CheckUserPhrase(FORTSignedSWFile *sw_init_file, char *userMemPhrase)
-{
- SECStatus rv = SECFailure;
- char tmp_data[13];
- char *padMemPhrase = NULL;
- fortProtectedPhrase *phrase_store;
-
- if (strlen(userMemPhrase) < 12) {
- PORT_Memset(tmp_data, ' ', sizeof(tmp_data));
- PORT_Memcpy(tmp_data,userMemPhrase,strlen(userMemPhrase));
- tmp_data[12] = 0;
- padMemPhrase = tmp_data;
- }
-
- for (phrase_store = &sw_init_file->file.userMemPhrase; phrase_store;
- phrase_store = fort_getNextPhrase(&sw_init_file->file,phrase_store)) {
- sw_init_file->Ks = fort_CalculateKMemPhrase(&sw_init_file->file,
- phrase_store, userMemPhrase, sw_init_file->Kinit);
-
- if ((sw_init_file->Ks == NULL) && (padMemPhrase != NULL)) {
- sw_init_file->Ks = fort_CalculateKMemPhrase(&sw_init_file->file,
- phrase_store, padMemPhrase, sw_init_file->Kinit);
- userMemPhrase = padMemPhrase;
- }
- if (sw_init_file->Ks == NULL) {
- continue;
- }
-
- /* now check the User Mem phrase */
- if (fort_CheckMemPhrase(&sw_init_file->file, phrase_store,
- userMemPhrase, sw_init_file->Ks)) {
- break;
- }
- PORT_Free(sw_init_file->Ks);
- sw_init_file->Ks = NULL;
- }
-
-
- if (phrase_store == NULL) goto fail;
-
- /* strip the Kinit wrapping */
- fort_skipjackDecrypt(sw_init_file->Kinit,
- &phrase_store->kValueIV.data[SKIPJACK_LEAF_SIZE],
- phrase_store->wrappedKValue.len, phrase_store->wrappedKValue.data,
- phrase_store->wrappedKValue.data);
- phrase_store->wrappedKValue.len = 12;
-
- PORT_Memset(phrase_store->kValueIV.data,0,phrase_store->kValueIV.len);
-
- sw_init_file->file.initMemPhrase = *phrase_store;
- sw_init_file->file.ssoMemPhrase = *phrase_store;
- sw_init_file->file.ssoPinPhrase = *phrase_store;
- sw_init_file->file.userMemPhrase = *phrase_store;
- sw_init_file->file.userPinPhrase = *phrase_store;
-
-
- rv = SECSuccess;
-
-fail:
- /* don't keep the pin around */
- PORT_Memset(tmp_data, 0, sizeof(tmp_data));
- return rv;
-}
-
-void
-FORT_DestroySWFile(FORTSWFile *file)
-{
- PORT_FreeArena(file->arena,PR_FALSE);
-}
-
-void
-FORT_DestroySignedSWFile(FORTSignedSWFile *swfile)
-{
- FORT_DestroySWFile(&swfile->file);
-}
-
-
-SECItem *
-FORT_GetDERCert(FORTSignedSWFile *swfile,int index)
-{
- SECItem *newItem = NULL;
- unsigned char *cert = NULL;
- int len,ret;
- fortSlotEntry *certEntry = NULL;
-
-
- newItem = PORT_ZNew(SECItem);
- if (newItem == NULL) return NULL;
-
- certEntry = fort_GetCertEntry(&swfile->file,index);
- if (certEntry == NULL) {
- PORT_Free(newItem);
- return NULL;
- }
-
- newItem->len = len = certEntry->certificateData.dataEncryptedWithKs.len;
- newItem->data = cert = PORT_ZAlloc(len);
- if (cert == NULL) {
- PORT_Free(newItem);
- return NULL;
- }
- newItem->len = DER_GetUInteger(&certEntry->certificateData.length);
-
-
- PORT_Memcpy(cert, certEntry->certificateData.dataEncryptedWithKs.data,len);
-
- /* Ks is always stored in keyReg[0] when we log in */
- ret = fort_skipjackDecrypt(swfile->Ks,
- &certEntry->certificateData.dataIV.data[SKIPJACK_LEAF_SIZE],
- len,cert,cert);
- if (ret != CI_OK) {
- SECITEM_FreeItem(newItem,PR_TRUE);
- return NULL;
- }
- return newItem;
-}
-
-/*
- * decode the DER file data into our nice data structures, including turning
- * cert indexes into integers.
- */
-SECItem *
-FORT_PutSWFile(FORTSignedSWFile *sw_init_file)
-{
- SECItem *outBits, *tmpBits;
- PRArenaPool *arena = NULL;
-
-
- /* get the local arena... be sure to free this at the end */
- /* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); */
- /* if (arena == NULL) goto fail; */
-
- /*outBits = (SECItem *) PORT_ArenaZAlloc(arena,sizeof(SECItem)); */
- outBits = PORT_ZNew(SECItem);
- if (outBits == NULL) goto fail;
-
- /* ANS1 encode the complete init file */
- tmpBits = SEC_ASN1EncodeItem(NULL,outBits,sw_init_file,fortSwFortezzaInitFile);
- if (tmpBits == NULL) {
- goto fail;
- }
-
- return outBits;
-
-fail:
- if (outBits) SECITEM_FreeItem(outBits,PR_TRUE);
- return NULL;
-}
diff --git a/security/nss/lib/fortcrypt/swfort/swfutl.c b/security/nss/lib/fortcrypt/swfort/swfutl.c
deleted file mode 100644
index 740444c3a..000000000
--- a/security/nss/lib/fortcrypt/swfort/swfutl.c
+++ /dev/null
@@ -1,728 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * This File includes utility functions used by cilib. and swfparse.c
- */
-
-#include "prtypes.h"
-#include "prsystem.h"
-#include "prio.h"
-
-#include "swforti.h"
-#include "keyt.h"
-/* #include "dh.h" */
-#include "maci.h"
-#include "secport.h"
-#include "secrng.h"
-
-#ifdef XP_WIN
-#include <windows.h>
-#include <winsock.h>
-#include <direct.h>
-#endif
-
-/* no platform seem to agree on where this function is defined */
-static char *local_index(char *source, char target) {
- while ((*source != target) && (*source != 0)) {
- *source++;
- }
- return (*source != 0) ? source : NULL;
-}
-
-/*
- * Check to see if the index is ok, and that key is appropriately present or
- * absent.
- */
-int
-fort_KeyOK(FORTSWToken *token, int index, PRBool isPresent)
-{
- if (index < 0) return CI_INV_KEY_INDEX;
- if (index >= KEY_REGISTERS) return CI_INV_KEY_INDEX;
-
- return (token->keyReg[index].present == isPresent) ? CI_OK :
- (isPresent ? CI_NO_KEY : CI_REG_IN_USE);
-}
-
-/*
- * clear out a key register
- */
-void
-fort_ClearKey(FORTKeySlot *key)
-{
- key->present = PR_FALSE;
- PORT_Memset(key->data, 0, sizeof (key->data));
- return;
-}
-
-/*
- * clear out an Ra register
- */
-void
-fort_ClearRaSlot(FORTRaRegisters *ra)
-{
- PORT_Memset(ra->public, 0, sizeof(ra->public));
- PORT_Memset(ra->private, 0, sizeof(ra->private));
- return;
-}
-
-/*
- * provide a helper function to do all the loggin out functions.
- * NOTE: Logining in only happens in MACI_CheckPIN
- */
-void
-fort_Logout(FORTSWToken *token)
-{
- int i;
-
- /* ditch all the stored keys */
- for (i=0; i < KEY_REGISTERS; i++) {
- fort_ClearKey(&token->keyReg[i]);
- }
- for (i=0; i < MAX_RA_SLOTS; i++) {
- fort_ClearRaSlot(&token->RaValues[i]);
- }
-
- /* mark as logged out */
- token->login = PR_FALSE;
- token->certIndex = 0;
- token->key = 0;
- return;
-}
-
-/*
- * update the new IV value based on the current cipherText (should be the last
- * block of the cipher text).
- */
-int
-fort_UpdateIV(unsigned char *cipherText, unsigned int size,unsigned char *IV)
-{
- if (size == 0) return CI_INV_SIZE;
- if ((size & (SKIPJACK_BLOCK_SIZE-1)) != 0) return CI_INV_SIZE;
- size -= SKIPJACK_BLOCK_SIZE;
- PORT_Memcpy(IV,&cipherText[size],SKIPJACK_BLOCK_SIZE);
- return CI_OK;
-}
-
-
-/*
- * verify that we have a card initialized, and if necessary, logged in.
- */
-int
-fort_CardExists(FORTSWToken *token,PRBool needLogin)
-{
- if (token == NULL ) return CI_LIB_NOT_INIT;
- if (token->config_file == NULL) return CI_NO_CARD;
- if (needLogin && !token->login) return CI_INV_STATE;
- return CI_OK;
-}
-
-/*
- * walk down the cert slot entries, counting them.
- * return that count.
- */
-int
-fort_GetCertCount(FORTSWFile *file)
-{
- int i;
-
- if (file->slotEntries == NULL) return 0;
-
- for (i=0; file->slotEntries[i]; i++)
- /* no body */ ;
-
- return i;
-}
-
-/*
- * copy an unsigned SECItem to a signed SecItem. (if the high bit is on,
- * pad with a leading 0.
- */
-SECStatus
-fort_CopyUnsigned(PRArenaPool *arena, SECItem *to, const SECItem *from)
-{
- int offset = 0;
-
- if (from->data && from->len) {
- if (from->data[0] & 0x80) offset = 1;
- if ( arena ) {
- to->data = (unsigned char*) PORT_ArenaZAlloc(arena,
- from->len+offset);
- } else {
- to->data = (unsigned char*) PORT_ZAlloc(from->len+offset);
- }
-
- if (!to->data) {
- return SECFailure;
- }
- PORT_Memcpy(to->data+offset, from->data, from->len);
- to->len = from->len+offset;
- } else {
- to->data = 0;
- to->len = 0;
- }
- return SECSuccess;
-}
-
-/*
- * NOTE: these keys do not have the public values, and cannot be used to
- * extract the public key from the private key. Since we never do this in
- * this code, and this function is static, we're reasonably safe (as long as
- * any of your callees do not try to extract the public value as well).
- * Also -- the token must be logged in before this function is called.
- */
-SECKEYLowPrivateKey *
-fort_GetPrivKey(FORTSWToken *token,KeyType keyType,fortSlotEntry *certEntry)
-{
- SECKEYLowPrivateKey *returnKey = NULL;
- SECStatus rv = SECFailure;
- PRArenaPool *poolp;
- fortKeyInformation *keyInfo;
- unsigned char *keyData;
- int len, ret;
-
-
- /* select the right keyinfo */
- switch (keyType) {
- case dsaKey:
- keyInfo = certEntry->signatureKeyInformation;
- if (keyInfo == NULL) keyInfo = certEntry->exchangeKeyInformation;
- break;
- case dhKey:
- keyInfo = certEntry->exchangeKeyInformation;
- if (keyInfo == NULL) keyInfo = certEntry->signatureKeyInformation;
- break;
- }
-
- /* if we don't have any key information, blow out of here */
- if (keyInfo == NULL) return NULL;
-
- poolp = PORT_NewArena(2048);
- if(!poolp) {
- return NULL;
- }
-
- returnKey = (SECKEYLowPrivateKey*)PORT_ArenaZAlloc(poolp, sizeof(SECKEYLowPrivateKey));
- if(!returnKey) {
- rv = SECFailure;
- goto loser;
- }
-
- returnKey->keyType = keyType;
- returnKey->arena = poolp;
-
- /*
- * decrypt the private key
- */
- len = keyInfo->privateKeyWrappedWithKs.len;
- keyData = PORT_ArenaZAlloc(poolp,len);
- if (keyData == NULL) {
- rv = SECFailure;
- goto loser;
- }
- /* keys must be 160 bits (20 bytes) if that's not the case the Unwrap will
- * fail.. */
- ret = fort_skipjackUnwrap(token->keyReg[0].data, len,
- keyInfo->privateKeyWrappedWithKs.data, keyData);
- if (ret != CI_OK) {
- rv = SECFailure;
- goto loser;
- }
-
- switch(keyType) {
- case dsaKey:
- returnKey->u.dsa.privateValue.data = keyData;
- returnKey->u.dsa.privateValue.len = 20;
- returnKey->u.dsa.params.arena = poolp;
- rv = fort_CopyUnsigned(poolp, &(returnKey->u.dsa.params.prime),
- &(keyInfo->p));
- if(rv != SECSuccess) break;
- rv = fort_CopyUnsigned(poolp, &(returnKey->u.dsa.params.subPrime),
- &(keyInfo->q));
- if(rv != SECSuccess) break;
- rv = fort_CopyUnsigned(poolp, &(returnKey->u.dsa.params.base),
- &(keyInfo->g));
- if(rv != SECSuccess) break;
- break;
- case dhKey:
- returnKey->u.dh.arena = poolp;
- returnKey->u.dh.privateValue.data = keyData;
- returnKey->u.dh.privateValue.len = 20;
- rv = fort_CopyUnsigned(poolp, &(returnKey->u.dh.prime),
- &(keyInfo->p));
- if(rv != SECSuccess) break;
- rv = fort_CopyUnsigned(poolp, &(returnKey->u.dh.base),
- &(keyInfo->g));
- if(rv != SECSuccess) break;
- rv = SECSuccess;
- break;
- default:
- rv = SECFailure;
- }
-
-loser:
-
- if(rv != SECSuccess) {
- PORT_FreeArena(poolp, PR_TRUE);
- returnKey = NULL;
- }
-
- return returnKey;
-}
-
-
-
-/*
- * find a particulare certificate entry from the config
- * file.
- */
-fortSlotEntry *
-fort_GetCertEntry(FORTSWFile *file,int index)
-{
- /* search for the index */
- int i,count= fort_GetCertCount(file);
-
- /* make sure the given index exists & has key material */
- for (i=0; i < count ;i ++) {
- if (file->slotEntries[i]->certIndex == index) {
- return file->slotEntries[i];
- }
- }
- return NULL;
-}
-
-/*
- * use the token to determine it's CI_State.
- */
-CI_STATE
-fort_GetState(FORTSWToken *token)
-{
- /* no file? then the token has not been initialized */
- if (!token->config_file) {
- return CI_UNINITIALIZED;
- }
- /* we're initialized, are we logged in (CI_USER_INITIALIZED is not logged
- * in) */
- if (!token->login) {
- return CI_USER_INITIALIZED;
- }
- /* We're logged in, do we have a personality set */
- if (token->certIndex) {
- return CI_READY;
- }
- /* We're logged in, with no personality set */
- return CI_STANDBY;
-}
-
-/*
- * find the private ra value for a given public Ra value.
- */
-fortRaPrivatePtr
-fort_LookupPrivR(FORTSWToken *token,CI_RA Ra)
-{
- int i;
-
- /* probably a more efficient way of doing this would be to search first
- * several entries before nextRa (or search backwards from next Ra)
- */
- for (i=0; i < MAX_RA_SLOTS; i++) {
- if (PORT_Memcmp(token->RaValues[i].public,Ra,CI_RA_SIZE) == 0) {
- return token->RaValues[i].private;
- }
- }
- return NULL;
-}
-
-/*
- * go add more noise to the random number generator
- */
-void
-fort_AddNoise(void)
-{
- unsigned char seed[20];
-
- /* note: GetNoise doesn't always get 20 bytes, but adding more
- * random data from the stack doesn't subtract entropy from the
- * Random number generator, so just send it all.
- */
- RNG_GetNoise(seed,sizeof(seed));
- RNG_RandomUpdate(seed,sizeof(seed));
-}
-
-/*
- * Get a random number
- */
-int
-fort_GenerateRandom(unsigned char *buf, int bytes)
-{
- SECStatus rv;
-
- fort_AddNoise();
- rv = RNG_GenerateGlobalRandomBytes(buf,bytes);
- if (rv != SECSuccess) return CI_EXEC_FAIL;
- return CI_OK;
-}
-
-/*
- * NOTE: that MAC is missing below.
- */
-#ifdef XP_UNIX
-#define NS_PATH_SEP ':'
-#define NS_DIR_SEP '/'
-#define NS_DEFAULT_PATH ".:/bin/netscape:/etc/netscape/:/etc"
-PRInt32
-local_getFileInfo(const char *fn, PRFileInfo *info)
-{
- PRInt32 rv;
- struct stat sb;
-
- rv = stat(fn, &sb);
- if (rv < 0)
- return -1;
- else if (NULL != info)
- {
- if (S_IFREG & sb.st_mode)
- info->type = PR_FILE_FILE;
- else if (S_IFDIR & sb.st_mode)
- info->type = PR_FILE_DIRECTORY;
- else
- info->type = PR_FILE_OTHER;
-
-#if defined(OSF1)
- if (0x7fffffffLL < sb.st_size)
- {
- return -1;
- }
-#endif /* defined(OSF1) */
- info->size = sb.st_size;
-
- }
- return rv;
-}
-#endif
-#ifdef XP_WIN
-#define NS_PATH_SEP ';'
-#define NS_DIR_SEP '\\'
-#define NS_DEFAULT_PATH ".;c:\\program files\\netscape\\communicator\\program\\pkcs11\\netscape;c:\\netscape\\communicator\\program\\pkcs11\\netscape;c:\\windows\\system"
-
-
-/*
- * Since we're a pkcs #11 module, we may get
- * loaded into lots of different binaries, each with different or no versions
- * of NSPR running... so we copy the one function we need.
- */
-
-#define _PR_IS_SLASH(ch) ((ch) == '/' || (ch) == '\\')
-
-/*
- * IsRootDirectory --
- *
- * Return PR_TRUE if the pathname 'fn' is a valid root directory,
- * else return PR_FALSE. The char buffer pointed to by 'fn' must
- * be writable. During the execution of this function, the contents
- * of the buffer pointed to by 'fn' may be modified, but on return
- * the original contents will be restored. 'buflen' is the size of
- * the buffer pointed to by 'fn'.
- *
- * Root directories come in three formats:
- * 1. / or \, meaning the root directory of the current drive.
- * 2. C:/ or C:\, where C is a drive letter.
- * 3. \\<server name>\<share point name>\ or
- * \\<server name>\<share point name>, meaning the root directory
- * of a UNC (Universal Naming Convention) name.
- */
-
-static PRBool
-IsRootDirectory(char *fn, size_t buflen)
-{
- char *p;
- PRBool slashAdded = PR_FALSE;
- PRBool rv = PR_FALSE;
-
- if (_PR_IS_SLASH(fn[0]) && fn[1] == '\0') {
- return PR_TRUE;
- }
-
- if (isalpha(fn[0]) && fn[1] == ':' && _PR_IS_SLASH(fn[2])
- && fn[3] == '\0') {
- rv = GetDriveType(fn) > 1 ? PR_TRUE : PR_FALSE;
- return rv;
- }
-
- /* The UNC root directory */
-
- if (_PR_IS_SLASH(fn[0]) && _PR_IS_SLASH(fn[1])) {
- /* The 'server' part should have at least one character. */
- p = &fn[2];
- if (*p == '\0' || _PR_IS_SLASH(*p)) {
- return PR_FALSE;
- }
-
- /* look for the next slash */
- do {
- p++;
- } while (*p != '\0' && !_PR_IS_SLASH(*p));
- if (*p == '\0') {
- return PR_FALSE;
- }
-
- /* The 'share' part should have at least one character. */
- p++;
- if (*p == '\0' || _PR_IS_SLASH(*p)) {
- return PR_FALSE;
- }
-
- /* look for the final slash */
- do {
- p++;
- } while (*p != '\0' && !_PR_IS_SLASH(*p));
- if (_PR_IS_SLASH(*p) && p[1] != '\0') {
- return PR_FALSE;
- }
- if (*p == '\0') {
- /*
- * GetDriveType() doesn't work correctly if the
- * path is of the form \\server\share, so we add
- * a final slash temporarily.
- */
- if ((p + 1) < (fn + buflen)) {
- *p++ = '\\';
- *p = '\0';
- slashAdded = PR_TRUE;
- } else {
- return PR_FALSE; /* name too long */
- }
- }
- rv = GetDriveType(fn) > 1 ? PR_TRUE : PR_FALSE;
- /* restore the 'fn' buffer */
- if (slashAdded) {
- *--p = '\0';
- }
- }
- return rv;
-}
-
-PRInt32
-local_getFileInfo(const char *fn, PRFileInfo *info)
-{
- HANDLE hFindFile;
- WIN32_FIND_DATA findFileData;
- char pathbuf[MAX_PATH + 1];
-
- if (NULL == fn || '\0' == *fn) {
- return -1;
- }
-
- /*
- * FindFirstFile() expands wildcard characters. So
- * we make sure the pathname contains no wildcard.
- */
- if (NULL != strpbrk(fn, "?*")) {
- return -1;
- }
-
- hFindFile = FindFirstFile(fn, &findFileData);
- if (INVALID_HANDLE_VALUE == hFindFile) {
- DWORD len;
- char *filePart;
-
- /*
- * FindFirstFile() does not work correctly on root directories.
- * It also doesn't work correctly on a pathname that ends in a
- * slash. So we first check to see if the pathname specifies a
- * root directory. If not, and if the pathname ends in a slash,
- * we remove the final slash and try again.
- */
-
- /*
- * If the pathname does not contain ., \, and /, it cannot be
- * a root directory or a pathname that ends in a slash.
- */
- if (NULL == strpbrk(fn, ".\\/")) {
- return -1;
- }
- len = GetFullPathName(fn, sizeof(pathbuf), pathbuf,
- &filePart);
- if (len > sizeof(pathbuf)) {
- return -1;
- }
- if (IsRootDirectory(pathbuf, sizeof(pathbuf))) {
- info->type = PR_FILE_DIRECTORY;
- info->size = 0;
- /*
- * These timestamps don't make sense for root directories.
- */
- info->modifyTime = 0;
- info->creationTime = 0;
- return 0;
- }
- if (!((pathbuf[len - 1] == '/') || (pathbuf[len-1] == '\\'))) {
- return -1;
- } else {
- pathbuf[len - 1] = '\0';
- hFindFile = FindFirstFile(pathbuf, &findFileData);
- if (INVALID_HANDLE_VALUE == hFindFile) {
- return -1;
- }
- }
- }
-
- FindClose(hFindFile);
-
- if (findFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
- info->type = PR_FILE_DIRECTORY;
- } else {
- info->type = PR_FILE_FILE;
- }
-
- info->size = findFileData.nFileSizeLow;
-
- return 0;
-}
-
-#endif
-#ifdef XP_MAC
-#error Need to write fort_FindFileInPath for Mac
-#define NS_PATH_SEP ','
-#define NS_DIR_SEP ':'
-#define NS_DEFAULT_PATH ",System Folder,System Folder:Netscape f:pkcs11:netscape"
-#endif
-
-#define NETSCAPE_INIT_FILE "nsswft.swf"
-
-/*
- * OK, We're deep in the bottom of MACI and PKCS #11... We need to
- * find our fortezza key file. We have no clue of where the our binary lives
- * or where our key file lives. This function lets us search manual paths
- * to find our key file.
- */
-char *fort_FindFileInPath(char *path, char *fn)
-{
- char *next;
- char *holdData;
- char *ret = NULL;
- int len = 0;
- int fn_len = PORT_Strlen(fn)+1; /* include the NULL */
- PRFileInfo info;
- char dirSep = NS_DIR_SEP;
-
- holdData = PORT_Alloc(strlen(path)+1+fn_len);
-
- while ((next = local_index(path,NS_PATH_SEP)) != NULL) {
- len = next - path;
-
- PORT_Memcpy(holdData,path,len);
- if ((len != 0) && (holdData[len-1] != dirSep)) {
- PORT_Memcpy(&holdData[len],&dirSep,1);
- len++;
- }
- PORT_Memcpy(&holdData[len],fn,fn_len);
-
- if ((local_getFileInfo(holdData,&info) == 0) &&
- (info.type == PR_FILE_FILE) && (info.size != 0)) {
- ret = PORT_Strdup(holdData);
- PORT_Free(holdData);
- return ret;
- }
- path = next+1;
- }
-
- len = strlen(path);
- PORT_Memcpy(holdData,path,len);
- if ((len != 0) && (holdData[len-1] != dirSep)) {
- PORT_Memcpy(&holdData[len],&dirSep,1);
- len++;
- }
- PORT_Memcpy(&holdData[len],fn,fn_len);
-
- if ((local_getFileInfo(holdData,&info) == 0) &&
- (info.type == PR_FILE_FILE) && (info.size != 0)) {
- ret = PORT_Strdup(holdData);
- }
- PORT_Free(holdData);
- return ret;
-}
-
-static char *path_table[] = {
- "PATH","LD_LIBRARY_PATH","LIBPATH"
-};
-
-static int path_table_size = sizeof(path_table)/sizeof(path_table[0]);
-
-char *fort_LookupFORTEZZAInitFile(void)
-{
- char *fname = NULL;
- char *home = NULL;
-#ifdef XP_UNIX
- char unix_home[512];
-#endif
- int i;
-
- /* first try to get it from the environment */
- fname = getenv("SW_FORTEZZA_FILE");
- if (fname != NULL) {
- return PORT_Strdup(fname);
- }
-
-#ifdef XP_UNIX
- home = getenv("HOME");
- if (home) {
- strncpy(unix_home,home, sizeof(unix_home)-sizeof("/.netscape"));
- strcat(unix_home,"/.netscape");
- fname = fort_FindFileInPath(unix_home,NETSCAPE_INIT_FILE);
- if (fname) return fname;
- }
-#endif
-#ifdef XP_WIN
- home = getenv("windir");
- if (home) {
- fname = fort_FindFileInPath(home,NETSCAPE_INIT_FILE);
- if (fname) return fname;
- }
-#endif
-
- fname = fort_FindFileInPath(NS_DEFAULT_PATH,NETSCAPE_INIT_FILE);
- if (fname) return fname;
-
- /* now search the system paths */
- for (i=0; i < path_table_size; i++) {
- char *path = getenv(path_table[i]);
-
- if (path != NULL) {
- fname = fort_FindFileInPath(path,NETSCAPE_INIT_FILE);
- if (fname) return fname;
- }
- }
-
-
- return NULL;
-}
diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile
deleted file mode 100644
index 712a0516a..000000000
--- a/security/nss/lib/freebl/Makefile
+++ /dev/null
@@ -1,87 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
--include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
-ifdef MOZILLA_BSAFE_BUILD
-ifeq ($(OS_ARCH),WINNT)
-libbsafe=bsafe41.lib
-else
-libbsafe=libbsafe.a
-endif
-
-private_export::
- $(NSINSTALL) -m 777 $(libbsafe) $(DIST)/lib; \
-
-endif
diff --git a/security/nss/lib/freebl/alg2268.c b/security/nss/lib/freebl/alg2268.c
deleted file mode 100644
index c053bce08..000000000
--- a/security/nss/lib/freebl/alg2268.c
+++ /dev/null
@@ -1,491 +0,0 @@
-/*
- * alg2268.c - implementation of the algorithm in RFC 2268
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-
-#include "blapi.h"
-#include "secerr.h"
-#ifdef XP_UNIX_XXX
-#include <stddef.h> /* for ptrdiff_t */
-#endif
-
-/*
-** RC2 symmetric block cypher
-*/
-
-typedef SECStatus (rc2Func)(RC2Context *cx, unsigned char *output,
- unsigned char *input, unsigned int inputLen);
-
-/* forward declarations */
-static rc2Func rc2_EncryptECB;
-static rc2Func rc2_DecryptECB;
-static rc2Func rc2_EncryptCBC;
-static rc2Func rc2_DecryptCBC;
-
-typedef union {
- PRUint32 l[2];
- PRUint16 s[4];
- PRUint8 b[8];
-} RC2Block;
-
-struct RC2ContextStr {
- union {
- PRUint8 Kb[128];
- PRUint16 Kw[64];
- } u;
- RC2Block iv;
- rc2Func *enc;
- rc2Func *dec;
-};
-
-#define B u.Kb
-#define K u.Kw
-#define BYTESWAP(x) ((x) << 8 | (x) >> 8)
-#define SWAPK(i) cx->K[i] = (tmpS = cx->K[i], BYTESWAP(tmpS))
-#define RC2_BLOCK_SIZE 8
-
-#define LOAD_HARD(R) \
- R[0] = (PRUint16)input[1] << 8 | input[0]; \
- R[1] = (PRUint16)input[3] << 8 | input[2]; \
- R[2] = (PRUint16)input[5] << 8 | input[4]; \
- R[3] = (PRUint16)input[7] << 8 | input[6];
-#define LOAD_EASY(R) \
- R[0] = ((PRUint16 *)input)[0]; \
- R[1] = ((PRUint16 *)input)[1]; \
- R[2] = ((PRUint16 *)input)[2]; \
- R[3] = ((PRUint16 *)input)[3];
-#define STORE_HARD(R) \
- output[0] = (PRUint8)(R[0]); output[1] = (PRUint8)(R[0] >> 8); \
- output[2] = (PRUint8)(R[1]); output[3] = (PRUint8)(R[1] >> 8); \
- output[4] = (PRUint8)(R[2]); output[5] = (PRUint8)(R[2] >> 8); \
- output[6] = (PRUint8)(R[3]); output[7] = (PRUint8)(R[3] >> 8);
-#define STORE_EASY(R) \
- ((PRUint16 *)output)[0] = R[0]; \
- ((PRUint16 *)output)[1] = R[1]; \
- ((PRUint16 *)output)[2] = R[2]; \
- ((PRUint16 *)output)[3] = R[3];
-
-#if defined (_X86_)
-#define LOAD(R) LOAD_EASY(R)
-#define STORE(R) STORE_EASY(R)
-#elif !defined(IS_LITTLE_ENDIAN)
-#define LOAD(R) LOAD_HARD(R)
-#define STORE(R) STORE_HARD(R)
-#else
-#define LOAD(R) if ((ptrdiff_t)input & 1) { LOAD_HARD(R) } else { LOAD_EASY(R) }
-#define STORE(R) if ((ptrdiff_t)input & 1) { STORE_HARD(R) } else { STORE_EASY(R) }
-#endif
-
-static const PRUint8 S[256] = {
-0331,0170,0371,0304,0031,0335,0265,0355,0050,0351,0375,0171,0112,0240,0330,0235,
-0306,0176,0067,0203,0053,0166,0123,0216,0142,0114,0144,0210,0104,0213,0373,0242,
-0027,0232,0131,0365,0207,0263,0117,0023,0141,0105,0155,0215,0011,0201,0175,0062,
-0275,0217,0100,0353,0206,0267,0173,0013,0360,0225,0041,0042,0134,0153,0116,0202,
-0124,0326,0145,0223,0316,0140,0262,0034,0163,0126,0300,0024,0247,0214,0361,0334,
-0022,0165,0312,0037,0073,0276,0344,0321,0102,0075,0324,0060,0243,0074,0266,0046,
-0157,0277,0016,0332,0106,0151,0007,0127,0047,0362,0035,0233,0274,0224,0103,0003,
-0370,0021,0307,0366,0220,0357,0076,0347,0006,0303,0325,0057,0310,0146,0036,0327,
-0010,0350,0352,0336,0200,0122,0356,0367,0204,0252,0162,0254,0065,0115,0152,0052,
-0226,0032,0322,0161,0132,0025,0111,0164,0113,0237,0320,0136,0004,0030,0244,0354,
-0302,0340,0101,0156,0017,0121,0313,0314,0044,0221,0257,0120,0241,0364,0160,0071,
-0231,0174,0072,0205,0043,0270,0264,0172,0374,0002,0066,0133,0045,0125,0227,0061,
-0055,0135,0372,0230,0343,0212,0222,0256,0005,0337,0051,0020,0147,0154,0272,0311,
-0323,0000,0346,0317,0341,0236,0250,0054,0143,0026,0001,0077,0130,0342,0211,0251,
-0015,0070,0064,0033,0253,0063,0377,0260,0273,0110,0014,0137,0271,0261,0315,0056,
-0305,0363,0333,0107,0345,0245,0234,0167,0012,0246,0040,0150,0376,0177,0301,0255
-};
-
-/*
-** Create a new RC2 context suitable for RC2 encryption/decryption.
-** "key" raw key data
-** "len" the number of bytes of key data
-** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
-** "mode" one of NSS_RC2 or NSS_RC2_CBC
-** "effectiveKeyLen" in bytes, not bits.
-**
-** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
-** chaining" mode.
-*/
-RC2Context *
-RC2_CreateContext(unsigned char *key, unsigned int len,
- unsigned char *input, int mode, unsigned efLen8)
-{
- RC2Context *cx;
- PRUint8 *L,*L2;
- int i;
- PRUint16 tmpS;
- PRUint8 tmpB;
-
- if (!key || len == 0 || len > (sizeof cx->B) || efLen8 > (sizeof cx->B)) {
- return NULL;
- }
- if (mode == NSS_RC2) {
- /* groovy */
- } else if (mode == NSS_RC2_CBC) {
- if (!input) {
- return NULL; /* not groovy */
- }
- } else {
- return NULL;
- }
-
- cx = PORT_ZNew(RC2Context);
- if (!cx)
- return cx;
-
- if (mode == NSS_RC2_CBC) {
- cx->enc = & rc2_EncryptCBC;
- cx->dec = & rc2_DecryptCBC;
- LOAD(cx->iv.s);
- } else {
- cx->enc = & rc2_EncryptECB;
- cx->dec = & rc2_DecryptECB;
- }
-
- /* Step 0. Copy key into table. */
- memcpy(cx->B, key, len);
-
- /* Step 1. Compute all values to the right of the key. */
- L2 = cx->B;
- L = L2 + len;
- tmpB = L[-1];
- for (i = (sizeof cx->B) - len; i > 0; --i) {
- *L++ = tmpB = S[ (PRUint8)(tmpB + *L2++) ];
- }
-
- /* step 2. Adjust left most byte of effective key. */
- i = (sizeof cx->B) - efLen8;
- L = cx->B + i;
- *L = tmpB = S[*L]; /* mask is always 0xff */
-
- /* step 3. Recompute all values to the left of effective key. */
- L2 = --L + efLen8;
- while(L >= cx->B) {
- *L-- = tmpB = S[ tmpB ^ *L2-- ];
- }
-
-#if !defined(IS_LITTLE_ENDIAN)
- for (i = 63; i >= 0; --i) {
- SWAPK(i); /* candidate for unrolling */
- }
-#endif
- return cx;
-}
-
-/*
-** Destroy an RC2 encryption/decryption context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-void
-RC2_DestroyContext(RC2Context *cx, PRBool freeit)
-{
- if (cx) {
- memset(cx, 0, sizeof *cx);
- if (freeit) {
- PORT_Free(cx);
- }
- }
-}
-
-#define ROL(x,k) (x << k | x >> (16-k))
-#define MIX(j) \
- R0 = R0 + cx->K[ 4*j+0] + (R3 & R2) + (~R3 & R1); R0 = ROL(R0,1);\
- R1 = R1 + cx->K[ 4*j+1] + (R0 & R3) + (~R0 & R2); R1 = ROL(R1,2);\
- R2 = R2 + cx->K[ 4*j+2] + (R1 & R0) + (~R1 & R3); R2 = ROL(R2,3);\
- R3 = R3 + cx->K[ 4*j+3] + (R2 & R1) + (~R2 & R0); R3 = ROL(R3,5)
-#define MASH \
- R0 = R0 + cx->K[R3 & 63];\
- R1 = R1 + cx->K[R0 & 63];\
- R2 = R2 + cx->K[R1 & 63];\
- R3 = R3 + cx->K[R2 & 63]
-
-/* Encrypt one block */
-static void
-rc2_Encrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
-{
- register PRUint16 R0, R1, R2, R3;
-
- /* step 1. Initialize input. */
- R0 = input->s[0];
- R1 = input->s[1];
- R2 = input->s[2];
- R3 = input->s[3];
-
- /* step 2. Expand Key (already done, in context) */
- /* step 3. j = 0 */
- /* step 4. Perform 5 mixing rounds. */
-
- MIX(0);
- MIX(1);
- MIX(2);
- MIX(3);
- MIX(4);
-
- /* step 5. Perform 1 mashing round. */
- MASH;
-
- /* step 6. Perform 6 mixing rounds. */
-
- MIX(5);
- MIX(6);
- MIX(7);
- MIX(8);
- MIX(9);
- MIX(10);
-
- /* step 7. Perform 1 mashing round. */
- MASH;
-
- /* step 8. Perform 5 mixing rounds. */
-
- MIX(11);
- MIX(12);
- MIX(13);
- MIX(14);
- MIX(15);
-
- /* output results */
- output->s[0] = R0;
- output->s[1] = R1;
- output->s[2] = R2;
- output->s[3] = R3;
-}
-
-#define ROR(x,k) (x >> k | x << (16-k))
-#define R_MIX(j) \
- R3 = ROR(R3,5); R3 = R3 - cx->K[ 4*j+3] - (R2 & R1) - (~R2 & R0); \
- R2 = ROR(R2,3); R2 = R2 - cx->K[ 4*j+2] - (R1 & R0) - (~R1 & R3); \
- R1 = ROR(R1,2); R1 = R1 - cx->K[ 4*j+1] - (R0 & R3) - (~R0 & R2); \
- R0 = ROR(R0,1); R0 = R0 - cx->K[ 4*j+0] - (R3 & R2) - (~R3 & R1)
-#define R_MASH \
- R3 = R3 - cx->K[R2 & 63];\
- R2 = R2 - cx->K[R1 & 63];\
- R1 = R1 - cx->K[R0 & 63];\
- R0 = R0 - cx->K[R3 & 63]
-
-/* Encrypt one block */
-static void
-rc2_Decrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
-{
- register PRUint16 R0, R1, R2, R3;
-
- /* step 1. Initialize input. */
- R0 = input->s[0];
- R1 = input->s[1];
- R2 = input->s[2];
- R3 = input->s[3];
-
- /* step 2. Expand Key (already done, in context) */
- /* step 3. j = 63 */
- /* step 4. Perform 5 r_mixing rounds. */
- R_MIX(15);
- R_MIX(14);
- R_MIX(13);
- R_MIX(12);
- R_MIX(11);
-
- /* step 5. Perform 1 r_mashing round. */
- R_MASH;
-
- /* step 6. Perform 6 r_mixing rounds. */
- R_MIX(10);
- R_MIX(9);
- R_MIX(8);
- R_MIX(7);
- R_MIX(6);
- R_MIX(5);
-
- /* step 7. Perform 1 r_mashing round. */
- R_MASH;
-
- /* step 8. Perform 5 r_mixing rounds. */
- R_MIX(4);
- R_MIX(3);
- R_MIX(2);
- R_MIX(1);
- R_MIX(0);
-
- /* output results */
- output->s[0] = R0;
- output->s[1] = R1;
- output->s[2] = R2;
- output->s[3] = R3;
-}
-
-static SECStatus
-rc2_EncryptECB(RC2Context *cx, unsigned char *output,
- unsigned char *input, unsigned int inputLen)
-{
- RC2Block iBlock;
-
- while (inputLen > 0) {
- LOAD(iBlock.s)
- rc2_Encrypt1Block(cx, &iBlock, &iBlock);
- STORE(iBlock.s)
- output += RC2_BLOCK_SIZE;
- input += RC2_BLOCK_SIZE;
- inputLen -= RC2_BLOCK_SIZE;
- }
- return SECSuccess;
-}
-
-static SECStatus
-rc2_DecryptECB(RC2Context *cx, unsigned char *output,
- unsigned char *input, unsigned int inputLen)
-{
- RC2Block iBlock;
-
- while (inputLen > 0) {
- LOAD(iBlock.s)
- rc2_Decrypt1Block(cx, &iBlock, &iBlock);
- STORE(iBlock.s)
- output += RC2_BLOCK_SIZE;
- input += RC2_BLOCK_SIZE;
- inputLen -= RC2_BLOCK_SIZE;
- }
- return SECSuccess;
-}
-
-static SECStatus
-rc2_EncryptCBC(RC2Context *cx, unsigned char *output,
- unsigned char *input, unsigned int inputLen)
-{
- RC2Block iBlock;
-
- while (inputLen > 0) {
-
- LOAD(iBlock.s)
- iBlock.l[0] ^= cx->iv.l[0];
- iBlock.l[1] ^= cx->iv.l[1];
- rc2_Encrypt1Block(cx, &iBlock, &iBlock);
- cx->iv = iBlock;
- STORE(iBlock.s)
- output += RC2_BLOCK_SIZE;
- input += RC2_BLOCK_SIZE;
- inputLen -= RC2_BLOCK_SIZE;
- }
- return SECSuccess;
-}
-
-static SECStatus
-rc2_DecryptCBC(RC2Context *cx, unsigned char *output,
- unsigned char *input, unsigned int inputLen)
-{
- RC2Block iBlock;
- RC2Block oBlock;
-
- while (inputLen > 0) {
- LOAD(iBlock.s)
- rc2_Decrypt1Block(cx, &oBlock, &iBlock);
- oBlock.l[0] ^= cx->iv.l[0];
- oBlock.l[1] ^= cx->iv.l[1];
- cx->iv = iBlock;
- STORE(oBlock.s)
- output += RC2_BLOCK_SIZE;
- input += RC2_BLOCK_SIZE;
- inputLen -= RC2_BLOCK_SIZE;
- }
- return SECSuccess;
-}
-
-
-/*
-** Perform RC2 encryption.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen)
-{
- SECStatus rv = SECSuccess;
- if (inputLen) {
- if (inputLen % RC2_BLOCK_SIZE) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
- }
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- rv = (*cx->enc)(cx, output, input, inputLen);
- }
- if (rv == SECSuccess) {
- *outputLen = inputLen;
- }
- return rv;
-}
-
-/*
-** Perform RC2 decryption.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen)
-{
- SECStatus rv = SECSuccess;
- if (inputLen) {
- if (inputLen % RC2_BLOCK_SIZE) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
- }
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- rv = (*cx->dec)(cx, output, input, inputLen);
- }
- if (rv == SECSuccess) {
- *outputLen = inputLen;
- }
- return rv;
-}
-
diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h
deleted file mode 100644
index 83bec367c..000000000
--- a/security/nss/lib/freebl/blapi.h
+++ /dev/null
@@ -1,735 +0,0 @@
-/*
- * crypto.h - public data structures and prototypes for the crypto library
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef _BLAPI_H_
-#define _BLAPI_H_
-
-#include "blapit.h"
-
-
-SEC_BEGIN_PROTOS
-
-/*
-** RSA encryption/decryption. When encrypting/decrypting the output
-** buffer must be at least the size of the public key modulus.
-*/
-
-/*
-** Generate and return a new RSA public and private key.
-** Both keys are encoded in a single RSAPrivateKey structure.
-** "cx" is the random number generator context
-** "keySizeInBits" is the size of the key to be generated, in bits.
-** 512, 1024, etc.
-** "publicExponent" when not NULL is a pointer to some data that
-** represents the public exponent to use. The data is a byte
-** encoded integer, in "big endian" order.
-*/
-extern RSAPrivateKey *RSA_NewKey(int keySizeInBits,
- SECItem * publicExponent);
-
-/*
-** Perform a raw public-key operation
-** Length of input and output buffers are equal to key's modulus len.
-*/
-extern SECStatus RSA_PublicKeyOp(RSAPublicKey * key,
- unsigned char * output,
- unsigned char * input);
-
-/*
-** Perform a raw private-key operation
-** Length of input and output buffers are equal to key's modulus len.
-*/
-extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey * key,
- unsigned char * output,
- unsigned char * input);
-
-
-
-/********************************************************************
-** DSA signing algorithm
-*/
-
-/*
-** Generate and return a new DSA public and private key pair,
-** both of which are encoded into a single DSAPrivateKey struct.
-** "params" is a pointer to the PQG parameters for the domain
-** Uses a random seed.
-*/
-extern SECStatus DSA_NewKey(PQGParams * params,
- DSAPrivateKey ** privKey);
-
-/* signature is caller-supplied buffer of at least 20 bytes.
-** On input, signature->len == size of buffer to hold signature.
-** digest->len == size of digest.
-** On output, signature->len == size of signature in buffer.
-** Uses a random seed.
-*/
-extern SECStatus DSA_SignDigest(DSAPrivateKey * key,
- SECItem * signature,
- SECItem * digest);
-
-/* signature is caller-supplied buffer of at least 20 bytes.
-** On input, signature->len == size of buffer to hold signature.
-** digest->len == size of digest.
-*/
-extern SECStatus DSA_VerifyDigest(DSAPublicKey * key,
- SECItem * signature,
- SECItem * digest);
-
-/* For FIPS compliance testing. Seed must be exactly 20 bytes long */
-extern SECStatus DSA_NewKeyFromSeed(PQGParams *params, unsigned char * seed,
- DSAPrivateKey **privKey);
-
-/* For FIPS compliance testing. Seed must be exactly 20 bytes. */
-extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey * key,
- SECItem * signature,
- SECItem * digest,
- unsigned char * seed);
-
-/******************************************************
-** Diffie Helman key exchange algorithm
-*/
-
-/* Generates parameters for Diffie-Helman key generation.
-** primeLen is the length in bytes of prime P to be generated.
-*/
-extern SECStatus DH_GenParam(int primeLen, DHParams ** params);
-
-/* Generates a public and private key, both of which are encoded in a single
-** DHPrivateKey struct. Params is input, privKey are output.
-** This is Phase 1 of Diffie Hellman.
-*/
-extern SECStatus DH_NewKey(DHParams * params,
- DHPrivateKey ** privKey);
-
-/*
-** DH_Derive does the Diffie-Hellman phase 2 calculation, using the
-** other party's publicValue, and the prime and our privateValue.
-** maxOutBytes is the requested length of the generated secret in bytes.
-** A zero value means produce a value of any length up to the size of
-** the prime. If successful, derivedSecret->data is set
-** to the address of the newly allocated buffer containing the derived
-** secret, and derivedSecret->len is the size of the secret produced.
-** The size of the secret produced will never be larger than the length
-** of the prime, and it may be smaller than maxOutBytes.
-** It is the caller's responsibility to free the allocated buffer
-** containing the derived secret.
-*/
-extern SECStatus DH_Derive(SECItem * publicValue,
- SECItem * prime,
- SECItem * privateValue,
- SECItem * derivedSecret,
- unsigned int maxOutBytes);
-
-/*
-** KEA_CalcKey returns octet string with the private key for a dual
-** Diffie-Helman key generation as specified for government key exchange.
-*/
-extern SECStatus KEA_Derive(SECItem *prime,
- SECItem *public1,
- SECItem *public2,
- SECItem *private1,
- SECItem *private2,
- SECItem *derivedSecret);
-
-/*
- * verify that a KEA or DSA public key is a valid key for this prime and
- * subprime domain.
- */
-extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime);
-
-
-/******************************************/
-/*
-** RC4 symmetric stream cypher
-*/
-
-/*
-** Create a new RC4 context suitable for RC4 encryption/decryption.
-** "key" raw key data
-** "len" the number of bytes of key data
-*/
-extern RC4Context *RC4_CreateContext(unsigned char *key, int len);
-
-/*
-** Destroy an RC4 encryption/decryption context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit);
-
-/*
-** Perform RC4 encryption.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
-
-/*
-** Perform RC4 decryption.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
-
-/******************************************/
-/*
-** RC2 symmetric block cypher
-*/
-
-/*
-** Create a new RC2 context suitable for RC2 encryption/decryption.
-** "key" raw key data
-** "len" the number of bytes of key data
-** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
-** "mode" one of NSS_RC2 or NSS_RC2_CBC
-** "effectiveKeyLen" is the effective key length (as specified in
-** RFC 2268) in bytes (not bits).
-**
-** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
-** chaining" mode.
-*/
-extern RC2Context *RC2_CreateContext(unsigned char *key, unsigned int len,
- unsigned char *iv, int mode, unsigned effectiveKeyLen);
-
-/*
-** Destroy an RC2 encryption/decryption context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit);
-
-/*
-** Perform RC2 encryption.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen);
-
-/*
-** Perform RC2 decryption.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen);
-
-/******************************************/
-/*
-** RC5 symmetric block cypher -- 64-bit block size
-*/
-
-/*
-** Create a new RC5 context suitable for RC5 encryption/decryption.
-** "key" raw key data
-** "len" the number of bytes of key data
-** "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC)
-** "mode" one of NSS_RC5 or NSS_RC5_CBC
-**
-** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block
-** chaining" mode.
-*/
-extern RC5Context *RC5_CreateContext(SECItem *key, unsigned int rounds,
- unsigned int wordSize, unsigned char *iv, int mode);
-
-/*
-** Destroy an RC5 encryption/decryption context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit);
-
-/*
-** Perform RC5 encryption.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen);
-
-/*
-** Perform RC5 decryption.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-
-extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen);
-
-
-
-/******************************************/
-/*
-** DES symmetric block cypher
-*/
-
-/*
-** Create a new DES context suitable for DES encryption/decryption.
-** "key" raw key data
-** "len" the number of bytes of key data
-** "iv" is the CBC initialization vector (if mode is SEC_DES_CBC or
-** mode is DES_EDE3_CBC)
-** "mode" one of SEC_DES, SEC_DES_CBC, SEC_DES_EDE3 or SEC_DES_EDE3_CBC
-** "encrypt" is PR_TRUE if the context will be used for encryption
-**
-** When mode is set to SEC_DES_CBC or SEC_DES_EDE3_CBC then the DES
-** cipher is run in "cipher block chaining" mode.
-*/
-extern DESContext *DES_CreateContext(unsigned char *key, unsigned char *iv,
- int mode, PRBool encrypt);
-
-/*
-** Destroy an DES encryption/decryption context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void DES_DestroyContext(DESContext *cx, PRBool freeit);
-
-/*
-** Perform DES encryption.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-**
-** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
-*/
-extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen);
-
-/*
-** Perform DES decryption.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-**
-** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
-*/
-extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen);
-
-
-
-
-/******************************************/
-/*
-** MD5 secure hash function
-*/
-
-/*
-** Hash a null terminated string "src" into "dest" using MD5
-*/
-extern SECStatus MD5_Hash(unsigned char *dest, const char *src);
-
-/*
-** Hash a non-null terminated string "src" into "dest" using MD5
-*/
-extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src,
- uint32 src_length);
-
-/*
-** Create a new MD5 context
-*/
-extern MD5Context *MD5_NewContext(void);
-
-
-/*
-** Destroy an MD5 secure hash context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit);
-
-/*
-** Reset an MD5 context, preparing it for a fresh round of hashing
-*/
-extern void MD5_Begin(MD5Context *cx);
-
-/*
-** Update the MD5 hash function with more data.
-** "cx" the context
-** "input" the data to hash
-** "inputLen" the amount of data to hash
-*/
-extern void MD5_Update(MD5Context *cx,
- const unsigned char *input, unsigned int inputLen);
-
-/*
-** Finish the MD5 hash function. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 16 bytes of digest data are stored
-** "digestLen" where the digest length (16) is stored
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
-*/
-extern void MD5_End(MD5Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
-/*
- * Return the the size of a buffer needed to flatten the MD5 Context into
- * "cx" the context
- * returns size;
- */
-extern unsigned int MD5_FlattenSize(MD5Context *cx);
-
-/*
- * Flatten the MD5 Context into a buffer:
- * "cx" the context
- * "space" the buffer to flatten to
- * returns status;
- */
-extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space);
-
-/*
- * Resurrect a flattened context into a MD5 Context
- * "space" the buffer of the flattend buffer
- * "arg" ptr to void used by cryptographic resurrect
- * returns resurected context;
- */
-extern MD5Context * MD5_Resurrect(unsigned char *space, void *arg);
-
-/*
-** trace the intermediate state info of the MD5 hash.
-*/
-extern void MD5_TraceState(MD5Context *cx);
-
-
-/******************************************/
-/*
-** MD2 secure hash function
-*/
-
-/*
-** Hash a null terminated string "src" into "dest" using MD2
-*/
-extern SECStatus MD2_Hash(unsigned char *dest, const char *src);
-
-/*
-** Create a new MD2 context
-*/
-extern MD2Context *MD2_NewContext(void);
-
-
-/*
-** Destroy an MD2 secure hash context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit);
-
-/*
-** Reset an MD2 context, preparing it for a fresh round of hashing
-*/
-extern void MD2_Begin(MD2Context *cx);
-
-/*
-** Update the MD2 hash function with more data.
-** "cx" the context
-** "input" the data to hash
-** "inputLen" the amount of data to hash
-*/
-extern void MD2_Update(MD2Context *cx,
- const unsigned char *input, unsigned int inputLen);
-
-/*
-** Finish the MD2 hash function. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 16 bytes of digest data are stored
-** "digestLen" where the digest length (16) is stored
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
-*/
-extern void MD2_End(MD2Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
-
-/*
- * Return the the size of a buffer needed to flatten the MD2 Context into
- * "cx" the context
- * returns size;
- */
-extern unsigned int MD2_FlattenSize(MD2Context *cx);
-
-/*
- * Flatten the MD2 Context into a buffer:
- * "cx" the context
- * "space" the buffer to flatten to
- * returns status;
- */
-extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space);
-
-/*
- * Resurrect a flattened context into a MD2 Context
- * "space" the buffer of the flattend buffer
- * "arg" ptr to void used by cryptographic resurrect
- * returns resurected context;
- */
-extern MD2Context * MD2_Resurrect(unsigned char *space, void *arg);
-
-/******************************************/
-/*
-** SHA-1 secure hash function
-*/
-
-/*
-** Hash a null terminated string "src" into "dest" using SHA-1
-*/
-extern SECStatus SHA1_Hash(unsigned char *dest, const char *src);
-
-/*
-** Hash a non-null terminated string "src" into "dest" using SHA-1
-*/
-extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src,
- uint32 src_length);
-
-/*
-** Create a new SHA-1 context
-*/
-extern SHA1Context *SHA1_NewContext(void);
-
-
-/*
-** Destroy a SHA-1 secure hash context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit);
-
-/*
-** Reset a SHA-1 context, preparing it for a fresh round of hashing
-*/
-extern void SHA1_Begin(SHA1Context *cx);
-
-/*
-** Update the SHA-1 hash function with more data.
-** "cx" the context
-** "input" the data to hash
-** "inputLen" the amount of data to hash
-*/
-extern void SHA1_Update(SHA1Context *cx, const unsigned char *input,
- unsigned int inputLen);
-
-/*
-** Finish the SHA-1 hash function. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 16 bytes of digest data are stored
-** "digestLen" where the digest length (20) is stored
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
-*/
-extern void SHA1_End(SHA1Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
-
-/*
-** trace the intermediate state info of the SHA1 hash.
-*/
-extern void SHA1_TraceState(MD5Context *cx);
-
-/*
- * Return the the size of a buffer needed to flatten the SHA-1 Context into
- * "cx" the context
- * returns size;
- */
-extern unsigned int SHA1_FlattenSize(SHA1Context *cx);
-
-/*
- * Flatten the SHA-1 Context into a buffer:
- * "cx" the context
- * "space" the buffer to flatten to
- * returns status;
- */
-extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space);
-
-/*
- * Resurrect a flattened context into a SHA-1 Context
- * "space" the buffer of the flattend buffer
- * "arg" ptr to void used by cryptographic resurrect
- * returns resurected context;
- */
-extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg);
-
-
-/******************************************/
-/*
-** Pseudo Random Number Generation. FIPS compliance desirable.
-*/
-
-/*
-** Reset the random number generator to its initial state. The seed data
-** is not reset. This causes the random number generator to output the
-** exact same sequence of random numbers as it originally output.
-** "cx" the context
-*/
-extern SECStatus RNG_RNGInit(void);
-
-/*
-** Update the global random number generator with more seeding
-** material
-*/
-extern SECStatus RNG_RandomUpdate(void *data, size_t bytes);
-
-/*
-** Generate some random bytes, using the global random number generator
-** object.
-*/
-extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len);
-
-
-extern void RNG_RNGShutdown(void);
-
-
-/* Generate PQGParams and PQGVerify structs.
- * Length of seed and length of h both equal length of P.
- * All lengths are specified by "j", according to the table above.
- */
-extern SECStatus
-PQG_ParamGen(unsigned int j, /* input : determines length of P. */
- PQGParams **pParams, /* output: P Q and G returned here */
- PQGVerify **pVfy); /* output: counter and seed. */
-
-/* Generate PQGParams and PQGVerify structs.
- * Length of P specified by j. Length of h will match length of P.
- * Length of SEED in bytes specified in seedBytes.
- * seedBbytes must be in the range [20..255] or an error will result.
- */
-extern SECStatus
-PQG_ParamGenSeedLen(
- unsigned int j, /* input : determines length of P. */
- unsigned int seedBytes, /* input : length of seed in bytes.*/
- PQGParams **pParams, /* output: P Q and G returned here */
- PQGVerify **pVfy); /* output: counter and seed. */
-
-
-/* Test PQGParams for validity as DSS PQG values.
- * If vfy is non-NULL, test PQGParams to make sure they were generated
- * using the specified seed, counter, and h values.
- *
- * Return value indicates whether Verification operation ran succesfully
- * to completion, but does not indicate if PQGParams are valid or not.
- * If return value is SECSuccess, then *pResult has these meanings:
- * SECSuccess: PQGParams are valid.
- * SECFailure: PQGParams are invalid.
- *
- * Verify the following 12 facts about PQG counter SEED g and h
- * 1. Q is 160 bits long.
- * 2. P is one of the 9 valid lengths.
- * 3. G < P
- * 4. P % Q == 1
- * 5. Q is prime
- * 6. P is prime
- * Steps 7-12 are done only if the optional PQGVerify is supplied.
- * 7. counter < 4096
- * 8. g >= 160 and g < 2048 (g is length of seed in bits)
- * 9. Q generated from SEED matches Q in PQGParams.
- * 10. P generated from (L, counter, g, SEED, Q) matches P in PQGParams.
- * 11. 1 < h < P-1
- * 12. G generated from h matches G in PQGParams.
- */
-
-extern SECStatus PQG_VerifyParams(const PQGParams *params,
- const PQGVerify *vfy, SECStatus *result);
-
-
-/**************************************************************************
- * Free the PQGParams struct and the things it points to. *
- **************************************************************************/
-extern void PQG_DestroyParams(PQGParams *params);
-
-/**************************************************************************
- * Free the PQGVerify struct and the things it points to. *
- **************************************************************************/
-extern void PQG_DestroyVerify(PQGVerify *vfy);
-
-
-
-SEC_END_PROTOS
-
-#endif /* _BLAPI_H_ */
diff --git a/security/nss/lib/freebl/blapi_bsf.c b/security/nss/lib/freebl/blapi_bsf.c
deleted file mode 100644
index 9796acc33..000000000
--- a/security/nss/lib/freebl/blapi_bsf.c
+++ /dev/null
@@ -1,2086 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*****************************************************************************
-**
-** Implementation of BLAPI using RSA BSAFE Crypto-C 4.1
-**
-******************************************************************************/
-
-/*
-** Notes:
-**
-** 1. SHA1, MD2, and MD5 are not implemented here. This is because
-** BSAFE Crypto-C 4.1 does not provide a mechanism for saving and
-** restoring intermediate hash values. BLAPI uses the functions
-** <hash>_Flatten and <hash>_Resurrect to accomplish this, so the
-** hashes are implemented elsewhere.
-**
-** 2. The DSA and PQG functions which use seeds are not consistent across
-** implementations. In this BSAFE-dependent implementation of BLAPI,
-** the seed is understood to be an initial value sent to a random number
-** generator used during the key/param generation. In the implementation
-** used by Netscape-branded products, the seed is understood to be actual
-** bytes used for the creation of a key or parameters. This means that
-** while the BSAFE-dependent implementation may be self-consistent (using
-** the same seed will produce the same key/parameters), it is not
-** consistent with the Netscape-branded implementation.
-** Also, according to the BSAFE Crypto-C 4.0 Library Reference Manual, the
-** SHA1 Random Number Generator is implemented according to the X9.62
-** Draft Standard. Random number generation in the Netscape-branded
-** implementation of BLAPI is compliant with FIPS-186, thus random
-** numbers generated using the same seed will differ across
-** implementations.
-**
-** 3. PQG_VerifyParams is not implemented here. BSAFE Crypto-C 4.1
-** allows access to the seed and counter values used in generating
-** p and q, but does not provide a mechanism for verifying that
-** p, q, and g were generated from that seed and counter. At this
-** time, this implementation will set a PR_NOT_IMPLEMENTED_ERROR
-** in a call to PQG_VerifyParams.
-**
-*/
-
-#include "prerr.h"
-#include "secerr.h"
-
-/* BSAFE headers */
-#include "aglobal.h"
-#include "bsafe.h"
-
-/* BLAPI definition */
-#include "blapi.h"
-
-/* default block sizes for algorithms */
-#define DES_BLOCK_SIZE 8
-#define RC2_BLOCK_SIZE 8
-#define RC5_BLOCK_SIZE 8
-
-#define MAX_RC5_KEY_BYTES 255
-#define MAX_RC5_ROUNDS 255
-#define RC5_VERSION_NUMBER 0x10
-#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
-
-#define SECITEMFROMITEM(arena, to, from) \
- tmp.data = from.data; tmp.len = from.len; to.type = siBuffer; \
- if (SECITEM_CopyItem(arena, &to, &tmp) != SECSuccess) goto loser;
-
-#define ITEMFROMSECITEM(to, from) \
- to.data = from.data; to.len = from.len;
-
-static const B_ALGORITHM_METHOD *rand_chooser[] = {
- &AM_SHA_RANDOM,
- (B_ALGORITHM_METHOD *)NULL_PTR
-};
-
-static B_ALGORITHM_OBJ
-generateRandomAlgorithm(int numBytes, unsigned char *seedData)
-{
- SECItem seed = { siBuffer, 0, 0 };
- B_ALGORITHM_OBJ randomAlgorithm = NULL_PTR;
- int status;
-
- /* Allocate space for random seed. */
- if (seedData) {
- seed.len = numBytes;
- seed.data = seedData;
- } else {
- if (SECITEM_AllocItem(NULL, &seed, numBytes) == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
- if ((status = RNG_GenerateGlobalRandomBytes(seed.data, seed.len))
- != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
- }
-
- /* Generate the random seed. */
- if ((status = B_CreateAlgorithmObject(&randomAlgorithm)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_SetAlgorithmInfo(randomAlgorithm, AI_SHA1Random,
- NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = B_RandomInit(randomAlgorithm, rand_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = B_RandomUpdate(randomAlgorithm, seed.data, seed.len,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- goto loser;
- }
-
- if (seedData == NULL)
- SECITEM_FreeItem(&seed, PR_FALSE);
-
- return randomAlgorithm;
-
-loser:
- if (randomAlgorithm != NULL_PTR)
- B_DestroyAlgorithmObject(&randomAlgorithm);
- if (seedData == NULL)
- SECITEM_FreeItem(&seed, PR_FALSE);
- return NULL_PTR;
-}
-
-/*****************************************************************************
-** BLAPI implementation of DES
-******************************************************************************/
-
-struct DESContextStr {
- B_ALGORITHM_OBJ algobj;
- B_ALGORITHM_METHOD *alg_chooser[3];
- B_KEY_OBJ keyobj;
-};
-
-DESContext *
-DES_CreateContext(unsigned char *key, unsigned char *iv,
- int mode, PRBool encrypt)
-{
- /* BLAPI */
- DESContext *cx;
- /* BSAFE */
- B_BLK_CIPHER_W_FEEDBACK_PARAMS fbParams;
- ITEM ivItem;
- unsigned int blockLength = DES_BLOCK_SIZE;
- int status;
-
- cx = (DESContext *)PORT_ZAlloc(sizeof(DESContext));
- if (cx == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return NULL;
- }
-
- /* Create an encryption object. */
- cx->algobj = (B_ALGORITHM_OBJ)NULL_PTR;
- if ((status = B_CreateAlgorithmObject(&cx->algobj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- /* Set the IV. */
- ivItem.data = iv;
- ivItem.len = DES_BLOCK_SIZE;
-
- /* Create the key. */
- cx->keyobj = (B_KEY_OBJ)NULL_PTR;
- if ((status = B_CreateKeyObject(&cx->keyobj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- /* Set fields common to all DES modes. */
- fbParams.encryptionParams = NULL_PTR;
- fbParams.paddingMethodName = (unsigned char *)"nopad";
- fbParams.paddingParams = NULL_PTR;
-
- /* Set mode-specific fields. */
- switch (mode) {
- case NSS_DES:
- fbParams.encryptionMethodName = (unsigned char *)"des";
- fbParams.feedbackMethodName = (unsigned char *)"ecb";
- fbParams.feedbackParams = (POINTER)&blockLength;
- if ((status = B_SetKeyInfo(cx->keyobj, KI_DES8Strong, (POINTER)key))
- != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
- if (encrypt) {
- cx->alg_chooser[0] = &AM_DES_ENCRYPT;
- cx->alg_chooser[1] = &AM_ECB_ENCRYPT;
- } else {
- cx->alg_chooser[0] = &AM_DES_DECRYPT;
- cx->alg_chooser[1] = &AM_ECB_DECRYPT;
- }
- cx->alg_chooser[2] = (B_ALGORITHM_METHOD *)NULL_PTR;
- break;
-
- case NSS_DES_CBC:
- fbParams.encryptionMethodName = (unsigned char *)"des";
- fbParams.feedbackMethodName = (unsigned char *)"cbc";
- fbParams.feedbackParams = (POINTER)&ivItem;
- if ((status = B_SetKeyInfo(cx->keyobj, KI_DES8Strong, (POINTER)key))
- != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
- if (encrypt) {
- cx->alg_chooser[0] = &AM_DES_ENCRYPT;
- cx->alg_chooser[1] = &AM_CBC_ENCRYPT;
- } else {
- cx->alg_chooser[0] = &AM_DES_DECRYPT;
- cx->alg_chooser[1] = &AM_CBC_DECRYPT;
- }
- cx->alg_chooser[2] = (B_ALGORITHM_METHOD *)NULL_PTR;
- break;
-
- case NSS_DES_EDE3:
- fbParams.encryptionMethodName = (unsigned char *)"des_ede";
- fbParams.feedbackMethodName = (unsigned char *)"ecb";
- fbParams.feedbackParams = (POINTER)&blockLength;
- if ((status = B_SetKeyInfo(cx->keyobj, KI_DES24Strong, (POINTER)key))
- != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
- if (encrypt) {
- cx->alg_chooser[0] = &AM_DES_EDE_ENCRYPT;
- cx->alg_chooser[1] = &AM_ECB_ENCRYPT;
- } else {
- cx->alg_chooser[0] = &AM_DES_EDE_DECRYPT;
- cx->alg_chooser[1] = &AM_ECB_DECRYPT;
- }
- cx->alg_chooser[2] = (B_ALGORITHM_METHOD *)NULL_PTR;
- break;
-
- case NSS_DES_EDE3_CBC:
- fbParams.encryptionMethodName = (unsigned char *)"des_ede";
- fbParams.feedbackMethodName = (unsigned char *)"cbc";
- fbParams.feedbackParams = (POINTER)&ivItem;
- if ((status = B_SetKeyInfo(cx->keyobj, KI_DES24Strong, (POINTER)key))
- != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
- if (encrypt) {
- cx->alg_chooser[0] = &AM_DES_EDE_ENCRYPT;
- cx->alg_chooser[1] = &AM_CBC_ENCRYPT;
- } else {
- cx->alg_chooser[0] = &AM_DES_EDE_DECRYPT;
- cx->alg_chooser[1] = &AM_CBC_DECRYPT;
- }
- cx->alg_chooser[2] = (B_ALGORITHM_METHOD *)NULL_PTR;
- break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_SetAlgorithmInfo(cx->algobj, AI_FeedbackCipher,
- (POINTER)&fbParams)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- return cx;
-
-loser:
- DES_DestroyContext(cx, PR_TRUE);
- return NULL;
-}
-
-void
-DES_DestroyContext(DESContext *cx, PRBool freeit)
-{
- if (freeit) {
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return;
- }
- if (cx->keyobj != NULL_PTR)
- B_DestroyKeyObject(&cx->keyobj);
- if (cx->algobj != NULL_PTR)
- B_DestroyAlgorithmObject(&cx->algobj);
- PORT_ZFree(cx, sizeof(DESContext));
- }
-}
-
-SECStatus
-DES_Encrypt(DESContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen)
-{
- unsigned int outputLenUpdate, outputLenFinal;
- int status;
-
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert((inputLen & (DES_BLOCK_SIZE -1 )) == 0);
- if (inputLen & (DES_BLOCK_SIZE -1 )) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert(maxOutputLen >= inputLen); /* check for enough room */
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if ((status = B_EncryptInit(cx->algobj, cx->keyobj, cx->alg_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if ((status = B_EncryptUpdate(cx->algobj,
- output,
- &outputLenUpdate,
- maxOutputLen,
- input,
- inputLen,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- if ((status = B_EncryptFinal(cx->algobj,
- output + outputLenUpdate,
- &outputLenFinal,
- maxOutputLen - outputLenUpdate,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- *outputLen = outputLenUpdate + outputLenFinal;
- return SECSuccess;
-}
-
-SECStatus
-DES_Decrypt(DESContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen)
-{
- unsigned int outputLenUpdate, outputLenFinal;
- int status;
- ptrdiff_t inpptr;
- unsigned char *inp = NULL;
- PRBool cpybuffer = PR_FALSE;
-
- /* The BSAFE Crypto-C 4.1 library with which we tested on a Sun
- * UltraSparc crashed when the input to an DES CBC decryption operation
- * was not 4-byte aligned.
- * So, we work around this problem by aligning unaligned input in a
- * temporary buffer.
- */
- inpptr = (ptrdiff_t)input;
- if (inpptr & 0x03) {
- inp = PORT_ZAlloc(inputLen);
- if (inp == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return SECFailure;
- }
- PORT_Memcpy(inp, input, inputLen);
- cpybuffer = PR_TRUE;
- } else {
- inp = input;
- }
-
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert((inputLen & (DES_BLOCK_SIZE - 1)) == 0);
- if (inputLen & (DES_BLOCK_SIZE - 1)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert(maxOutputLen >= inputLen); /* check for enough room */
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if ((status = B_DecryptInit(cx->algobj, cx->keyobj, cx->alg_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if ((status = B_DecryptUpdate(cx->algobj,
- output,
- &outputLenUpdate,
- maxOutputLen,
- input,
- inputLen,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- if ((status = B_DecryptFinal(cx->algobj,
- output + outputLenUpdate,
- &outputLenFinal,
- maxOutputLen - outputLenUpdate,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- *outputLen = outputLenUpdate + outputLenFinal;
- return SECSuccess;
-}
-
-/*****************************************************************************
-** BLAPI implementation of RC2
-******************************************************************************/
-
-struct RC2ContextStr
-{
- B_ALGORITHM_OBJ algobj;
- B_ALGORITHM_METHOD *alg_chooser[6];
- B_KEY_OBJ keyobj;
-};
-
-RC2Context *
-RC2_CreateContext(unsigned char *key, unsigned int len,
- unsigned char *iv, int mode, unsigned effectiveKeyLen)
-{
- /* BLAPI */
- RC2Context *cx;
- /* BSAFE */
- B_BLK_CIPHER_W_FEEDBACK_PARAMS fbParams;
- A_RC2_PARAMS rc2Params;
- ITEM ivItem;
- ITEM keyItem;
- unsigned int blockLength = RC2_BLOCK_SIZE;
- int status;
-
- if (mode == NSS_RC2_CBC && iv == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
- }
-
- cx = (RC2Context *)PORT_ZAlloc(sizeof(RC2Context));
- if (cx == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return NULL;
- }
- cx->algobj = (B_ALGORITHM_OBJ)NULL_PTR;
- if ((status = B_CreateAlgorithmObject(&cx->algobj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- cx->keyobj = (B_KEY_OBJ)NULL_PTR;
- if ((status = B_CreateKeyObject(&cx->keyobj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- rc2Params.effectiveKeyBits = effectiveKeyLen * BITS_PER_BYTE;
- ivItem.data = iv;
- ivItem.len = RC2_BLOCK_SIZE;
-
- fbParams.encryptionMethodName = (unsigned char *)"rc2";
- fbParams.encryptionParams = (POINTER)&rc2Params;
- fbParams.paddingMethodName = (unsigned char *)"nopad";
- fbParams.paddingParams = NULL_PTR;
- cx->alg_chooser[0] = &AM_RC2_ENCRYPT;
- cx->alg_chooser[1] = &AM_RC2_DECRYPT;
- cx->alg_chooser[4] = &AM_SHA_RANDOM;
- cx->alg_chooser[5] = (B_ALGORITHM_METHOD *)NULL;
-
- switch (mode) {
- case NSS_RC2:
- fbParams.feedbackMethodName = (unsigned char *)"ecb";
- fbParams.feedbackParams = (POINTER)&blockLength;
- cx->alg_chooser[2] = &AM_ECB_ENCRYPT;
- cx->alg_chooser[3] = &AM_ECB_DECRYPT;
- break;
- case NSS_RC2_CBC:
- fbParams.feedbackMethodName = (unsigned char *)"cbc";
- fbParams.feedbackParams = (POINTER)&ivItem;
- cx->alg_chooser[2] = &AM_CBC_ENCRYPT;
- cx->alg_chooser[3] = &AM_CBC_DECRYPT;
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_SetAlgorithmInfo(cx->algobj, AI_FeedbackCipher,
- (POINTER)&fbParams)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- keyItem.len = len;
- keyItem.data = key;
- if ((status = B_SetKeyInfo(cx->keyobj, KI_Item, (POINTER)&keyItem)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- return cx;
-
-loser:
- RC2_DestroyContext(cx, PR_TRUE);
- return NULL;
-}
-
-void
-RC2_DestroyContext(RC2Context *cx, PRBool freeit)
-{
- if (freeit) {
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return;
- }
- if (cx->keyobj != NULL_PTR)
- B_DestroyKeyObject(&cx->keyobj);
- if (cx->algobj != NULL_PTR)
- B_DestroyAlgorithmObject(&cx->algobj);
- PORT_ZFree(cx, sizeof(RC2Context));
- }
-}
-
-SECStatus
-RC2_Encrypt(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen)
-{
- int status;
- unsigned int outputLenUpdate, outputLenFinal;
-
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert((inputLen & (RC2_BLOCK_SIZE - 1)) == 0);
- if (inputLen & (RC2_BLOCK_SIZE - 1)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert(maxOutputLen >= inputLen); /* check for enough room */
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if ((status = B_EncryptInit(cx->algobj, cx->keyobj, cx->alg_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if ((status = B_EncryptUpdate(cx->algobj,
- output,
- &outputLenUpdate,
- maxOutputLen,
- input,
- inputLen,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- if ((status = B_EncryptFinal(cx->algobj,
- output + outputLenUpdate,
- &outputLenFinal,
- maxOutputLen - outputLenUpdate,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- *outputLen = outputLenUpdate + outputLenFinal;
- return SECSuccess;
-}
-
-SECStatus
-RC2_Decrypt(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen)
-{
- int status;
- unsigned int outputLenUpdate, outputLenFinal;
- ptrdiff_t inpptr;
- unsigned char *inp = NULL;
- PRBool cpybuffer = PR_FALSE;
-
- /* The BSAFE Crypto-C 4.1 library with which we tested on a Sun
- * UltraSparc crashed when the input to an RC2 CBC decryption operation
- * was not 4-byte aligned.
- * So, we work around this problem by aligning unaligned input in a
- * temporary buffer.
- */
- inpptr = (ptrdiff_t)input;
- if (inpptr & 0x03) {
- inp = PORT_ZAlloc(inputLen);
- if (inp == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return SECFailure;
- }
- PORT_Memcpy(inp, input, inputLen);
- cpybuffer = PR_TRUE;
- } else {
- inp = input;
- }
-
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
- PORT_Assert((inputLen & (RC2_BLOCK_SIZE - 1)) == 0);
- if (inputLen & (RC2_BLOCK_SIZE - 1)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
- PORT_Assert(maxOutputLen >= inputLen); /* check for enough room */
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_DecryptInit(cx->algobj, cx->keyobj, cx->alg_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
- if ((status = B_DecryptUpdate(cx->algobj,
- output,
- &outputLenUpdate,
- maxOutputLen,
- inp,
- inputLen,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- goto loser;
- }
- if ((status = B_DecryptFinal(cx->algobj,
- output + outputLenUpdate,
- &outputLenFinal,
- maxOutputLen - outputLenUpdate,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- goto loser;
- }
- *outputLen = outputLenUpdate + outputLenFinal;
-
- if (cpybuffer)
- PORT_ZFree(inp, inputLen);
- return SECSuccess;
-
-loser:
- if (cpybuffer)
- PORT_ZFree(inp, inputLen);
- return SECFailure;
-}
-
-/*****************************************************************************
-** BLAPI implementation of RC4
-******************************************************************************/
-
-struct RC4ContextStr
-{
- B_ALGORITHM_OBJ algobj;
- B_ALGORITHM_METHOD *alg_chooser[3];
- B_KEY_OBJ keyobj;
-};
-
-RC4Context *
-RC4_CreateContext(unsigned char *key, int len)
-{
- /* BLAPI */
- RC4Context *cx;
- /* BSAFE */
- ITEM keyItem;
- int status;
-
- cx = (RC4Context *)PORT_ZAlloc(sizeof(RC4Context));
- if (cx == NULL) {
- /* set out of memory error */
- return NULL;
- }
-
- cx->algobj = (B_ALGORITHM_OBJ)NULL_PTR;
- if ((status = B_CreateAlgorithmObject(&cx->algobj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- cx->keyobj = (B_KEY_OBJ)NULL_PTR;
- if ((status = B_CreateKeyObject(&cx->keyobj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_SetAlgorithmInfo(cx->algobj, AI_RC4, NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- cx->alg_chooser[0] = &AM_RC4_ENCRYPT;
- cx->alg_chooser[1] = &AM_RC4_DECRYPT;
- cx->alg_chooser[2] = (B_ALGORITHM_METHOD *)NULL;
-
- keyItem.len = len;
- keyItem.data = key;
- if ((status = B_SetKeyInfo(cx->keyobj, KI_Item, (POINTER)&keyItem)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- return cx;
-
-loser:
- RC4_DestroyContext(cx, PR_TRUE);
- return NULL;
-}
-
-void
-RC4_DestroyContext(RC4Context *cx, PRBool freeit)
-{
- if (freeit) {
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return;
- }
- if (cx->keyobj != NULL_PTR)
- B_DestroyKeyObject(&cx->keyobj);
- if (cx->algobj != NULL_PTR)
- B_DestroyAlgorithmObject(&cx->algobj);
- PORT_ZFree(cx, sizeof(RC4Context));
- }
-}
-
-SECStatus
-RC4_Encrypt(RC4Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
-{
- int status;
- unsigned int outputLenUpdate, outputLenFinal;
-
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert(maxOutputLen >= inputLen); /* check for enough room */
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if ((status = B_EncryptInit(cx->algobj, cx->keyobj, cx->alg_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if ((status = B_EncryptUpdate(cx->algobj,
- output,
- &outputLenUpdate,
- maxOutputLen,
- input,
- inputLen,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- if ((status = B_EncryptFinal(cx->algobj,
- output + outputLenUpdate,
- &outputLenFinal,
- maxOutputLen - outputLenUpdate,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- *outputLen = outputLenUpdate + outputLenFinal;
- return SECSuccess;
-}
-
-SECStatus
-RC4_Decrypt(RC4Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
-{
- int status;
- unsigned int outputLenUpdate, outputLenFinal;
-
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert(maxOutputLen >= inputLen); /* check for enough room */
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if ((status = B_DecryptInit(cx->algobj, cx->keyobj, cx->alg_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if ((status = B_DecryptUpdate(cx->algobj,
- output,
- &outputLenUpdate,
- maxOutputLen,
- input,
- inputLen,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- if ((status = B_DecryptFinal(cx->algobj,
- output + outputLenUpdate,
- &outputLenFinal,
- maxOutputLen - outputLenUpdate,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- *outputLen = outputLenUpdate + outputLenFinal;
- return SECSuccess;
-}
-
-
-/*****************************************************************************
-** BLAPI implementation of RC5
-******************************************************************************/
-
-struct RC5ContextStr
-{
- B_ALGORITHM_OBJ algobj;
- B_ALGORITHM_METHOD *alg_chooser[6];
- B_KEY_OBJ keyobj;
- unsigned int blocksize;
-};
-
-RC5Context *
-RC5_CreateContext(SECItem *key, unsigned int rounds,
- unsigned int wordSize, unsigned char *iv, int mode)
-{
- /* BLAPI */
- RC5Context *cx;
- /* BSAFE */
- B_BLK_CIPHER_W_FEEDBACK_PARAMS fbParams;
- A_RC5_PARAMS rc5Params;
- ITEM keyItem;
- ITEM ivItem;
- unsigned int blocksize;
- int status;
-
- if (rounds > MAX_RC5_ROUNDS) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
- }
- if (key->len > MAX_RC5_KEY_BYTES) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
- }
- if (mode == NSS_RC5_CBC && (iv == NULL)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
- }
-
- cx = (RC5Context *)PORT_ZAlloc(sizeof(RC5Context));
- if (cx == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return NULL;
- }
- cx->algobj = (B_ALGORITHM_OBJ)NULL_PTR;
- if ((status = B_CreateAlgorithmObject(&cx->algobj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- cx->keyobj = (B_KEY_OBJ)NULL_PTR;
- if ((status = B_CreateKeyObject(&cx->keyobj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- rc5Params.version = RC5_VERSION_NUMBER;
- rc5Params.rounds = rounds;
- rc5Params.wordSizeInBits = wordSize * BITS_PER_BYTE;
- if (rc5Params.wordSizeInBits == 64) {
- fbParams.encryptionMethodName = (unsigned char *)"rc5_64";
- cx->alg_chooser[0] = &AM_RC5_64ENCRYPT;
- cx->alg_chooser[1] = &AM_RC5_64DECRYPT;
- } else {
- fbParams.encryptionMethodName = (unsigned char *)"rc5";
- cx->alg_chooser[0] = &AM_RC5_ENCRYPT;
- cx->alg_chooser[1] = &AM_RC5_DECRYPT;
- }
- fbParams.encryptionParams = (POINTER)&rc5Params;
- fbParams.paddingMethodName = (unsigned char *)"nopad";
- fbParams.paddingParams = NULL_PTR;
- cx->alg_chooser[4] = &AM_SHA_RANDOM;
- cx->alg_chooser[5] = (B_ALGORITHM_METHOD *)NULL;
- switch (mode) {
- case NSS_RC5:
- blocksize = 2 * wordSize;
- cx->blocksize = blocksize;
- fbParams.feedbackMethodName = (unsigned char *)"ecb";
- fbParams.feedbackParams = (POINTER)&blocksize;
- cx->alg_chooser[2] = &AM_ECB_ENCRYPT;
- cx->alg_chooser[3] = &AM_ECB_DECRYPT;
- break;
- case NSS_RC5_CBC:
- ivItem.len = 2 * wordSize;
- ivItem.data = iv;
- cx->blocksize = RC5_BLOCK_SIZE;
- fbParams.feedbackMethodName = (unsigned char *)"cbc";
- fbParams.feedbackParams = (POINTER)&ivItem;
- cx->alg_chooser[2] = &AM_CBC_ENCRYPT;
- cx->alg_chooser[3] = &AM_CBC_DECRYPT;
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
- if ((status = B_SetAlgorithmInfo(cx->algobj, AI_FeedbackCipher,
- (POINTER)&fbParams)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- keyItem.len = key->len;
- keyItem.data = key->data;
- if ((status = B_SetKeyInfo(cx->keyobj, KI_Item, (POINTER)&keyItem)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- return cx;
-
-loser:
- RC5_DestroyContext(cx, PR_TRUE);
- return NULL;
-}
-
-void RC5_DestroyContext(RC5Context *cx, PRBool freeit)
-{
- if (freeit) {
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return;
- }
- if (cx->keyobj != NULL_PTR)
- B_DestroyKeyObject(&cx->keyobj);
- if (cx->algobj != NULL_PTR)
- B_DestroyAlgorithmObject(&cx->algobj);
- PORT_ZFree(cx, sizeof(RC5Context));
- }
-}
-
-SECStatus
-RC5_Encrypt(RC5Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen)
-{
- int status;
- unsigned int outputLenUpdate, outputLenFinal;
-
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert((inputLen & (RC5_BLOCK_SIZE - 1)) == 0);
- if (inputLen & (RC5_BLOCK_SIZE - 1)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert(maxOutputLen >= inputLen); /* check for enough room */
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if ((status = B_EncryptInit(cx->algobj, cx->keyobj, cx->alg_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if ((status = B_EncryptUpdate(cx->algobj,
- output,
- &outputLenUpdate,
- maxOutputLen,
- input,
- inputLen,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- if ((status = B_EncryptFinal(cx->algobj,
- output + outputLenUpdate,
- &outputLenFinal,
- maxOutputLen - outputLenUpdate,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- *outputLen = outputLenUpdate + outputLenFinal;
- return SECSuccess;
-}
-
-SECStatus
-RC5_Decrypt(RC5Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen)
-{
- int status;
- unsigned int outputLenUpdate, outputLenFinal;
- ptrdiff_t inpptr;
- unsigned char *inp = NULL;
- PRBool cpybuffer = PR_FALSE;
-
- /* The BSAFE Crypto-C 4.1 library with which we tested on a Sun
- * UltraSparc crashed when the input to an RC5 CBC decryption operation
- * was not 4-byte aligned.
- * So, we work around this problem by aligning unaligned input in a
- * temporary buffer.
- */
- inpptr = (ptrdiff_t)input;
- if (inpptr & 0x03) {
- inp = PORT_ZAlloc(inputLen);
- if (inp == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return SECFailure;
- }
- PORT_Memcpy(inp, input, inputLen);
- cpybuffer = PR_TRUE;
- } else {
- inp = input;
- }
-
- PORT_Assert(cx != NULL);
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert((inputLen & (cx->blocksize - 1)) == 0);
- if (inputLen & (cx->blocksize - 1)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- PORT_Assert(maxOutputLen >= inputLen); /* check for enough room */
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if ((status = B_DecryptInit(cx->algobj, cx->keyobj, cx->alg_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if ((status = B_DecryptUpdate(cx->algobj,
- output,
- &outputLenUpdate,
- maxOutputLen,
- input,
- inputLen,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- if ((status = B_DecryptFinal(cx->algobj,
- output + outputLenUpdate,
- &outputLenFinal,
- maxOutputLen - outputLenUpdate,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- *outputLen = outputLenUpdate + outputLenFinal;
- return SECSuccess;
-}
-
-/*****************************************************************************
-** BLAPI implementation of RSA
-******************************************************************************/
-
-static const SECItem defaultPublicExponent =
-{
- siBuffer,
- (unsigned char *)"\001\000\001",
- 3
-};
-
-static const B_ALGORITHM_METHOD *rsa_alg_chooser[] = {
- &AM_SHA_RANDOM,
- &AM_RSA_KEY_GEN,
- &AM_RSA_ENCRYPT,
- &AM_RSA_DECRYPT,
- &AM_RSA_CRT_ENCRYPT,
- &AM_RSA_CRT_DECRYPT,
- (B_ALGORITHM_METHOD *)NULL_PTR
-};
-
-static SECStatus
-rsaZFreePrivateKeyInfo(A_PKCS_RSA_PRIVATE_KEY *privateKeyInfo)
-{
- PORT_ZFree(privateKeyInfo->modulus.data, privateKeyInfo->modulus.len);
- PORT_ZFree(privateKeyInfo->publicExponent.data,
- privateKeyInfo->publicExponent.len);
- PORT_ZFree(privateKeyInfo->privateExponent.data,
- privateKeyInfo->privateExponent.len);
- PORT_ZFree(privateKeyInfo->prime[0].data, privateKeyInfo->prime[0].len);
- PORT_ZFree(privateKeyInfo->prime[1].data, privateKeyInfo->prime[1].len);
- PORT_ZFree(privateKeyInfo->primeExponent[0].data,
- privateKeyInfo->primeExponent[0].len);
- PORT_ZFree(privateKeyInfo->primeExponent[1].data,
- privateKeyInfo->primeExponent[1].len);
- PORT_ZFree(privateKeyInfo->coefficient.data,
- privateKeyInfo->coefficient.len);
- return SECSuccess;
-}
-
-static SECStatus
-rsaConvertKeyInfoToBLKey(A_PKCS_RSA_PRIVATE_KEY *keyInfo, RSAPrivateKey *key)
-{
- PRArenaPool *arena = key->arena;
- SECItem tmp;
-
- SECITEMFROMITEM(arena, key->modulus, keyInfo->modulus);
- SECITEMFROMITEM(arena, key->publicExponent, keyInfo->publicExponent);
- SECITEMFROMITEM(arena, key->privateExponent, keyInfo->privateExponent);
- SECITEMFROMITEM(arena, key->prime1, keyInfo->prime[0]);
- SECITEMFROMITEM(arena, key->prime2, keyInfo->prime[1]);
- SECITEMFROMITEM(arena, key->exponent1, keyInfo->primeExponent[0]);
- SECITEMFROMITEM(arena, key->exponent2, keyInfo->primeExponent[1]);
- SECITEMFROMITEM(arena, key->coefficient, keyInfo->coefficient);
- /* Version field is to be handled at a higher level. */
- key->version.data = NULL;
- key->version.len = 0;
- return SECSuccess;
-
-loser:
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return SECFailure;
-}
-
-static SECStatus
-rsaConvertBLKeyToKeyInfo(RSAPrivateKey *key, A_PKCS_RSA_PRIVATE_KEY *keyInfo)
-{
- ITEMFROMSECITEM(keyInfo->modulus, key->modulus);
- ITEMFROMSECITEM(keyInfo->publicExponent, key->publicExponent);
- ITEMFROMSECITEM(keyInfo->privateExponent, key->privateExponent);
- ITEMFROMSECITEM(keyInfo->prime[0], key->prime1);
- ITEMFROMSECITEM(keyInfo->prime[1], key->prime2);
- ITEMFROMSECITEM(keyInfo->primeExponent[0], key->exponent1);
- ITEMFROMSECITEM(keyInfo->primeExponent[1], key->exponent2);
- ITEMFROMSECITEM(keyInfo->coefficient, key->coefficient);
- return SECSuccess;
-}
-
-RSAPrivateKey *
-RSA_NewKey(int keySizeInBits,
- SECItem * publicExponent)
-{
- /* BLAPI */
- RSAPrivateKey *privateKey;
- /* BSAFE */
- A_RSA_KEY_GEN_PARAMS keygenParams;
- A_PKCS_RSA_PRIVATE_KEY *privateKeyInfo = (A_PKCS_RSA_PRIVATE_KEY *)NULL_PTR;
- B_ALGORITHM_OBJ keypairGenerator = (B_ALGORITHM_OBJ)NULL_PTR;
- B_ALGORITHM_OBJ randomAlgorithm = NULL;
- B_KEY_OBJ publicKeyObj = (B_KEY_OBJ)NULL_PTR;
- B_KEY_OBJ privateKeyObj = (B_KEY_OBJ)NULL_PTR;
- PRArenaPool *arena;
- int status;
-
- /* Allocate space for key structure. */
- arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
- privateKey = (RSAPrivateKey *)PORT_ArenaZAlloc(arena,
- sizeof(RSAPrivateKey));
- if (privateKey == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
- privateKey->arena = arena;
-
- randomAlgorithm = generateRandomAlgorithm(keySizeInBits / BITS_PER_BYTE, 0);
- if (randomAlgorithm == NULL_PTR) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_CreateAlgorithmObject(&keypairGenerator)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_CreateKeyObject(&publicKeyObj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_CreateKeyObject(&privateKeyObj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if (publicExponent == NULL) publicExponent = &defaultPublicExponent;
- keygenParams.modulusBits = keySizeInBits;
- keygenParams.publicExponent.data = publicExponent->data;
- keygenParams.publicExponent.len = publicExponent->len;
-
- if ((status = B_SetAlgorithmInfo(keypairGenerator, AI_RSAKeyGen,
- (POINTER)&keygenParams)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_GenerateInit(keypairGenerator, rsa_alg_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = B_GenerateKeypair(keypairGenerator, publicKeyObj,
- privateKeyObj, randomAlgorithm,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_GetKeyInfo((POINTER *)&privateKeyInfo, privateKeyObj,
- KI_PKCS_RSAPrivate)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- /* Convert the BSAFE key info to an RSAPrivateKey. */
- if ((status = rsaConvertKeyInfoToBLKey(privateKeyInfo, privateKey)) != 0) {
- goto loser;
- }
-
- B_DestroyAlgorithmObject(&publicKeyObj);
- B_DestroyKeyObject(&publicKeyObj);
- B_DestroyKeyObject(&privateKeyObj);
- rsaZFreePrivateKeyInfo(privateKeyInfo);
- B_DestroyAlgorithmObject(&randomAlgorithm);
- return privateKey;
-
-loser:
- if (keypairGenerator != NULL_PTR)
- B_DestroyAlgorithmObject(&keypairGenerator);
- if (publicKeyObj != NULL_PTR)
- B_DestroyKeyObject(&publicKeyObj);
- if (privateKeyObj != NULL_PTR)
- B_DestroyKeyObject(&privateKeyObj);
- if (privateKeyInfo != (A_PKCS_RSA_PRIVATE_KEY *)NULL_PTR)
- rsaZFreePrivateKeyInfo(privateKeyInfo);
- if (randomAlgorithm != NULL_PTR)
- B_DestroyAlgorithmObject(&randomAlgorithm);
- PORT_FreeArena(arena, PR_TRUE);
- return NULL;
-}
-
-static unsigned int
-rsa_modulusLen(SECItem *modulus)
-{
- unsigned char byteZero = modulus->data[0];
- unsigned int modLen = modulus->len - !byteZero;
- return modLen;
-}
-
-SECStatus
-RSA_PublicKeyOp(RSAPublicKey * key,
- unsigned char * output,
- unsigned char * input)
-{
- B_ALGORITHM_OBJ rsaPubKeyAlg = (B_ALGORITHM_OBJ)NULL_PTR;
- B_KEY_OBJ publicKeyObj = (B_KEY_OBJ)NULL_PTR;
- A_RSA_KEY pubKeyInfo;
- unsigned int outputLenUpdate;
- unsigned int modulusLen;
- int status;
-
- PORT_Assert(key != NULL);
- if (key == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if ((status = B_CreateAlgorithmObject(&rsaPubKeyAlg)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_CreateKeyObject(&publicKeyObj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_SetAlgorithmInfo(rsaPubKeyAlg, AI_RSAPublic,
- NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- modulusLen = rsa_modulusLen(&key->modulus);
- pubKeyInfo.modulus.len = key->modulus.len;
- pubKeyInfo.modulus.data = key->modulus.data;
- pubKeyInfo.exponent.len = key->publicExponent.len;
- pubKeyInfo.exponent.data = key->publicExponent.data;
-
- if ((status = B_SetKeyInfo(publicKeyObj, KI_RSAPublic,
- (POINTER)&pubKeyInfo)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_EncryptInit(rsaPubKeyAlg, publicKeyObj, rsa_alg_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
- if ((status = B_EncryptUpdate(rsaPubKeyAlg,
- output,
- &outputLenUpdate,
- modulusLen,
- input,
- modulusLen,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- goto loser;
- }
- if ((status = B_EncryptFinal(rsaPubKeyAlg,
- output + outputLenUpdate,
- &outputLenUpdate,
- modulusLen - outputLenUpdate,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- goto loser;
- }
-
- B_DestroyAlgorithmObject(&rsaPubKeyAlg);
- B_DestroyAlgorithmObject(&publicKeyObj);
- /* Don't delete pubKeyInfo data -- it was a shallow copy. */
- return SECSuccess;
-
-loser:
- if (rsaPubKeyAlg != NULL_PTR)
- B_DestroyAlgorithmObject(&rsaPubKeyAlg);
- if (publicKeyObj != NULL_PTR)
- B_DestroyAlgorithmObject(&publicKeyObj);
- return SECFailure;
-}
-
-SECStatus
-RSA_PrivateKeyOp(RSAPrivateKey * key,
- unsigned char * output,
- unsigned char * input)
-{
- A_PKCS_RSA_PRIVATE_KEY privKeyInfo;
- B_ALGORITHM_OBJ rsaPrivKeyAlg = (B_ALGORITHM_OBJ)NULL_PTR;
- B_KEY_OBJ privateKeyObj = (B_KEY_OBJ)NULL_PTR;
- unsigned int outputLenUpdate;
- unsigned int modulusLen;
- int status;
-
- if ((status = B_CreateAlgorithmObject(&rsaPrivKeyAlg)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_CreateKeyObject(&privateKeyObj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_SetAlgorithmInfo(rsaPrivKeyAlg, AI_RSAPrivate,
- NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = rsaConvertBLKeyToKeyInfo(key, &privKeyInfo)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_SetKeyInfo(privateKeyObj, KI_PKCS_RSAPrivate,
- (POINTER)&privKeyInfo)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- modulusLen = rsa_modulusLen(&key->modulus);
-
- if ((status = B_DecryptInit(rsaPrivKeyAlg, privateKeyObj, rsa_alg_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
- if ((status = B_DecryptUpdate(rsaPrivKeyAlg,
- output,
- &outputLenUpdate,
- modulusLen,
- input,
- modulusLen,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- goto loser;
- }
- if ((status = B_DecryptFinal(rsaPrivKeyAlg,
- output + outputLenUpdate,
- &outputLenUpdate,
- modulusLen - outputLenUpdate,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- goto loser;
- }
-
- B_DestroyAlgorithmObject(&rsaPrivKeyAlg);
- B_DestroyAlgorithmObject(&privateKeyObj);
- /* Don't delete privKeyInfo data -- it was a shallow copy. */
- return SECSuccess;
-
-loser:
- if (rsaPrivKeyAlg != NULL_PTR)
- B_DestroyAlgorithmObject(&rsaPrivKeyAlg);
- if (privateKeyObj != NULL_PTR)
- B_DestroyAlgorithmObject(&privateKeyObj);
- return SECFailure;
-}
-
-/*****************************************************************************
-** BLAPI implementation of DSA
-******************************************************************************/
-
-static const B_ALGORITHM_METHOD *dsa_pk_gen_chooser[] = {
- &AM_SHA_RANDOM,
- &AM_DSA_PARAM_GEN,
- &AM_DSA_KEY_GEN,
- (B_ALGORITHM_METHOD *)NULL_PTR
-};
-
-static SECStatus
-dsaConvertKeyInfoToBLKey(A_DSA_PRIVATE_KEY *privateKeyInfo,
- A_DSA_PUBLIC_KEY *publicKeyInfo,
- DSAPrivateKey *privateKey)
-{
- PRArenaPool *arena;
- SECItem tmp;
-
- arena = privateKey->params.arena;
- SECITEMFROMITEM(arena, privateKey->params.prime,
- privateKeyInfo->params.prime);
- SECITEMFROMITEM(arena, privateKey->params.subPrime,
- privateKeyInfo->params.subPrime);
- SECITEMFROMITEM(arena, privateKey->params.base,
- privateKeyInfo->params.base);
- SECITEMFROMITEM(arena, privateKey->privateValue,
- privateKeyInfo->x);
- SECITEMFROMITEM(arena, privateKey->publicValue,
- publicKeyInfo->y);
-
- return SECSuccess;
-
-loser:
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return SECFailure;
-}
-
-static SECStatus
-dsaConvertBLKeyToPrKeyInfo(DSAPrivateKey *privateKey,
- A_DSA_PRIVATE_KEY *privateKeyInfo)
-{
- ITEMFROMSECITEM(privateKeyInfo->params.prime, privateKey->params.prime)
- ITEMFROMSECITEM(privateKeyInfo->params.subPrime,
- privateKey->params.subPrime);
- ITEMFROMSECITEM(privateKeyInfo->params.base, privateKey->params.base);
- ITEMFROMSECITEM(privateKeyInfo->x, privateKey->privateValue);
- return SECSuccess;
-}
-
-static SECStatus
-dsaConvertBLKeyToPubKeyInfo(DSAPublicKey *publicKey,
- A_DSA_PUBLIC_KEY *publicKeyInfo)
-{
- ITEMFROMSECITEM(publicKeyInfo->params.prime, publicKey->params.prime)
- ITEMFROMSECITEM(publicKeyInfo->params.subPrime,
- publicKey->params.subPrime);
- ITEMFROMSECITEM(publicKeyInfo->params.base, publicKey->params.base);
- ITEMFROMSECITEM(publicKeyInfo->y, publicKey->publicValue);
- return SECSuccess;
-}
-
-static SECStatus
-dsaZFreeKeyInfoParams(A_DSA_PARAMS *params)
-{
- PORT_ZFree(params->prime.data,
- params->prime.len);
- PORT_ZFree(params->subPrime.data,
- params->subPrime.len);
- PORT_ZFree(params->base.data,
- params->base.len);
- return SECSuccess;
-}
-
-static SECStatus
-dsaZFreePrivateKeyInfo(A_DSA_PRIVATE_KEY *privateKeyInfo)
-{
- dsaZFreeKeyInfoParams(&privateKeyInfo->params);
- PORT_ZFree(privateKeyInfo->x.data,
- privateKeyInfo->x.len);
- return SECSuccess;
-}
-
-static SECStatus
-dsaZFreePublicKeyInfo(A_DSA_PUBLIC_KEY *publicKeyInfo)
-{
- dsaZFreeKeyInfoParams(&publicKeyInfo->params);
- PORT_ZFree(publicKeyInfo->y.data,
- publicKeyInfo->y.len);
- return SECSuccess;
-}
-
-SECStatus
-DSA_NewKey(PQGParams * params,
- DSAPrivateKey ** privKey)
-{
- return DSA_NewKeyFromSeed(params, NULL, privKey);
-}
-
-SECStatus
-DSA_SignDigest(DSAPrivateKey * key,
- SECItem * signature,
- SECItem * digest)
-{
- return DSA_SignDigestWithSeed(key, signature, digest, NULL);
-}
-
-SECStatus
-DSA_VerifyDigest(DSAPublicKey * key,
- SECItem * signature,
- SECItem * digest)
-{
- B_ALGORITHM_OBJ dsaVerifier = (B_ALGORITHM_OBJ)NULL_PTR;
- B_KEY_OBJ publicKeyObj = (B_KEY_OBJ)NULL_PTR;
- A_DSA_PUBLIC_KEY publicKeyInfo;
- const B_ALGORITHM_METHOD *dsa_verify_chooser[] = {
- &AM_DSA_VERIFY,
- (B_ALGORITHM_METHOD *)NULL_PTR
- };
- int status;
-
- if ((status = B_CreateAlgorithmObject(&dsaVerifier)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_CreateKeyObject(&publicKeyObj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = dsaConvertBLKeyToPubKeyInfo(key, &publicKeyInfo)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_SetKeyInfo(publicKeyObj, KI_DSAPublic,
- (POINTER)&publicKeyInfo)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_SetAlgorithmInfo(dsaVerifier, AI_DSA, NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = B_VerifyInit(dsaVerifier, publicKeyObj, dsa_verify_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = B_VerifyUpdate(dsaVerifier, digest->data, digest->len,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- goto loser;
- }
-
- if ((status = B_VerifyFinal(dsaVerifier, signature->data, signature->len,
- (B_ALGORITHM_OBJ)NULL_PTR,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- if (status == BE_SIGNATURE) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- } else {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- goto loser;
- }
- }
-
- B_DestroyAlgorithmObject(&dsaVerifier);
- B_DestroyKeyObject(&publicKeyObj);
- /* publicKeyInfo data is shallow copy */
- return (status == BE_SIGNATURE) ? SECFailure : SECSuccess;
-
-loser:
- if (dsaVerifier != NULL_PTR)
- B_DestroyAlgorithmObject(&dsaVerifier);
- if (publicKeyObj != NULL_PTR)
- B_DestroyKeyObject(&publicKeyObj);
- return SECFailure;
-}
-
-SECStatus
-DSA_NewKeyFromSeed(PQGParams *params, unsigned char * seed,
- DSAPrivateKey **privKey)
-{
- PRArenaPool *arena;
- DSAPrivateKey *privateKey;
- /* BSAFE */
- B_ALGORITHM_OBJ dsaKeyGenObj = (B_ALGORITHM_OBJ)NULL_PTR;
- B_ALGORITHM_OBJ randomAlgorithm = NULL_PTR;
- A_DSA_PRIVATE_KEY *privateKeyInfo = (A_DSA_PRIVATE_KEY *)NULL_PTR;
- A_DSA_PUBLIC_KEY *publicKeyInfo = (A_DSA_PUBLIC_KEY *)NULL_PTR;
- A_DSA_PARAMS dsaParamInfo;
- B_KEY_OBJ publicKeyObj = (B_KEY_OBJ)NULL_PTR;
- B_KEY_OBJ privateKeyObj = (B_KEY_OBJ)NULL_PTR;
- int status;
-
- /* Allocate space for key structure. */
- arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
- privateKey = (DSAPrivateKey *)
- PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey));
- if (privateKey == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
- privateKey->params.arena = arena;
-
- if ((status = B_CreateAlgorithmObject(&dsaKeyGenObj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_CreateKeyObject(&publicKeyObj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_CreateKeyObject(&privateKeyObj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- randomAlgorithm = generateRandomAlgorithm(DSA_SUBPRIME_LEN, seed);
- if (randomAlgorithm == NULL_PTR) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- ITEMFROMSECITEM(dsaParamInfo.prime, params->prime);
- ITEMFROMSECITEM(dsaParamInfo.subPrime, params->subPrime);
- ITEMFROMSECITEM(dsaParamInfo.base, params->base);
-
- if ((status = B_SetAlgorithmInfo(dsaKeyGenObj, AI_DSAKeyGen,
- (POINTER)&dsaParamInfo)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_GenerateInit(dsaKeyGenObj, dsa_pk_gen_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = B_GenerateKeypair(dsaKeyGenObj, publicKeyObj, privateKeyObj,
- randomAlgorithm,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = B_GetKeyInfo((POINTER *)&privateKeyInfo, privateKeyObj,
- KI_DSAPrivate)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = B_GetKeyInfo((POINTER *)&publicKeyInfo, publicKeyObj,
- KI_DSAPublic)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = dsaConvertKeyInfoToBLKey(privateKeyInfo, publicKeyInfo,
- privateKey)) != 0) {
- goto loser;
- }
-
- B_DestroyAlgorithmObject(&dsaKeyGenObj);
- B_DestroyAlgorithmObject(&randomAlgorithm);
- B_DestroyKeyObject(&publicKeyObj);
- B_DestroyKeyObject(&privateKeyObj);
- dsaZFreePrivateKeyInfo(privateKeyInfo);
- dsaZFreePublicKeyInfo(publicKeyInfo);
- /* dsaParamInfo contains only public info, no need to ZFree */
-
- *privKey = privateKey;
- return SECSuccess;
-
-loser:
- if (dsaKeyGenObj != NULL_PTR)
- B_DestroyAlgorithmObject(&dsaKeyGenObj);
- if (randomAlgorithm != NULL_PTR)
- B_DestroyAlgorithmObject(&randomAlgorithm);
- if (privateKeyObj != NULL_PTR)
- B_DestroyKeyObject(&privateKeyObj);
- if (publicKeyObj != NULL_PTR)
- B_DestroyKeyObject(&publicKeyObj);
- if (privateKeyInfo != (A_DSA_PRIVATE_KEY *)NULL_PTR)
- dsaZFreePrivateKeyInfo(privateKeyInfo);
- if (publicKeyInfo != (A_DSA_PUBLIC_KEY *)NULL_PTR)
- dsaZFreePublicKeyInfo(publicKeyInfo);
- if (arena != NULL)
- PORT_FreeArena(arena, PR_TRUE);
- *privKey = NULL;
- return SECFailure;
-}
-
-SECStatus
-DSA_SignDigestWithSeed(DSAPrivateKey * key,
- SECItem * signature,
- SECItem * digest,
- unsigned char * seed)
-{
- B_ALGORITHM_OBJ dsaSigner = (B_ALGORITHM_OBJ)NULL_PTR;
- B_ALGORITHM_OBJ randomAlgorithm = NULL_PTR;
- B_KEY_OBJ privateKeyObj = (B_KEY_OBJ)NULL_PTR;
- A_DSA_PRIVATE_KEY privateKeyInfo;
- const B_ALGORITHM_METHOD *dsa_sign_chooser[] = {
- &AM_DSA_SIGN,
- (B_ALGORITHM_METHOD *)NULL_PTR
- };
- int status;
- unsigned int siglen;
-
- randomAlgorithm = generateRandomAlgorithm(DSA_SUBPRIME_LEN, seed);
-
- if ((status = B_CreateAlgorithmObject(&dsaSigner)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_CreateKeyObject(&privateKeyObj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = dsaConvertBLKeyToPrKeyInfo(key, &privateKeyInfo)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_SetKeyInfo(privateKeyObj, KI_DSAPrivate,
- (POINTER)&privateKeyInfo)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_SetAlgorithmInfo(dsaSigner, AI_DSA, NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_SignInit(dsaSigner, privateKeyObj, dsa_sign_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_SignUpdate(dsaSigner, digest->data, digest->len,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_SignFinal(dsaSigner, signature->data, &siglen,
- signature->len, randomAlgorithm,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- SECITEM_ReallocItem(NULL, signature, signature->len, siglen);
- signature->len = siglen; /* shouldn't realloc do this? */
-
- B_DestroyAlgorithmObject(&dsaSigner);
- B_DestroyKeyObject(&privateKeyObj);
- B_DestroyAlgorithmObject(&randomAlgorithm);
- /* privateKeyInfo is shallow copy */
- return SECSuccess;
-
-loser:
- if (dsaSigner != NULL_PTR)
- B_DestroyAlgorithmObject(&dsaSigner);
- if (privateKeyObj != NULL_PTR)
- B_DestroyKeyObject(&privateKeyObj);
- if (randomAlgorithm != NULL_PTR)
- B_DestroyAlgorithmObject(&randomAlgorithm);
- return SECFailure;
-}
-
-SECStatus
-PQG_ParamGen(unsigned int j, /* input : determines length of P. */
- PQGParams **pParams, /* output: P Q and G returned here */
- PQGVerify **pVfy) /* output: counter and seed. */
-{
- return PQG_ParamGenSeedLen(j, DSA_SUBPRIME_LEN, pParams, pVfy);
-}
-
-SECStatus
-PQG_ParamGenSeedLen(
- unsigned int j, /* input : determines length of P. */
- unsigned int seedBytes, /* input : length of seed in bytes.*/
- PQGParams **pParams, /* output: P Q and G returned here */
- PQGVerify **pVfy) /* output: counter and seed. */
-{
- B_DSA_PARAM_GEN_PARAMS dsaParams;
- B_ALGORITHM_OBJ dsaKeyGenObj = (B_ALGORITHM_OBJ)NULL_PTR;
- B_ALGORITHM_OBJ dsaParamGenerator = (B_ALGORITHM_OBJ)NULL_PTR;
- B_ALGORITHM_OBJ randomAlgorithm = NULL_PTR;
- A_DSA_PARAMS *dsaParamInfo;
- SECItem tmp;
- PQGParams *params;
- PRArenaPool *arena;
- int status;
-
- if (!pParams || j > 8) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- /* Allocate space for key structure. */
- arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
- params = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
- if (params == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
- params->arena = arena;
-
- if ((status = B_CreateAlgorithmObject(&dsaParamGenerator)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- if ((status = B_CreateAlgorithmObject(&dsaKeyGenObj)) != 0) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- goto loser;
- }
-
- randomAlgorithm = generateRandomAlgorithm(seedBytes, NULL);
-
- dsaParams.primeBits = 512 + (j * 64);
- if ((status = B_SetAlgorithmInfo(dsaParamGenerator, AI_DSAParamGen,
- (POINTER)&dsaParams)) != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
-
- if ((status = B_GenerateInit(dsaParamGenerator, dsa_pk_gen_chooser,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = B_GenerateParameters(dsaParamGenerator, dsaKeyGenObj,
- randomAlgorithm,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- if ((status = B_GetAlgorithmInfo((POINTER *)&dsaParamInfo, dsaKeyGenObj,
- AI_DSAKeyGen)) != 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- SECITEMFROMITEM(arena, params->prime, dsaParamInfo->prime);
- SECITEMFROMITEM(arena, params->subPrime, dsaParamInfo->subPrime);
- SECITEMFROMITEM(arena, params->base, dsaParamInfo->base);
-
- B_DestroyAlgorithmObject(&dsaKeyGenObj);
- B_DestroyAlgorithmObject(&dsaParamGenerator);
- B_DestroyAlgorithmObject(&randomAlgorithm);
- dsaZFreeKeyInfoParams(dsaParamInfo);
-
- *pParams = params;
- return SECSuccess;
-
-loser:
- if (dsaParamGenerator != NULL_PTR)
- B_DestroyAlgorithmObject(&dsaParamGenerator);
- if (dsaKeyGenObj != NULL_PTR)
- B_DestroyAlgorithmObject(&dsaKeyGenObj);
- if (randomAlgorithm != NULL_PTR)
- B_DestroyAlgorithmObject(&randomAlgorithm);
- if (dsaParamInfo != NULL)
- dsaZFreeKeyInfoParams(dsaParamInfo);
- if (arena != NULL)
- PORT_FreeArena(arena, PR_TRUE);
- *pParams = NULL;
- return SECFailure;
-}
-
-SECStatus
-PQG_VerifyParams(const PQGParams *params,
- const PQGVerify *vfy, SECStatus *result)
-{
- /* BSAFE does not provide access to h.
- * Verification is thus skipped.
- */
- PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
- return SECFailure;
-}
-
-/* Destroy functions are implemented in util/pqgutil.c */
-
-/*****************************************************************************
-** BLAPI implementation of RNG
-******************************************************************************/
-
-static SECItem globalseed;
-static B_ALGORITHM_OBJ globalrng = NULL_PTR;
-
-SECStatus
-RNG_RNGInit(void)
-{
- int status;
- PRInt32 nBytes;
- if (globalrng == NULL) {
- globalseed.len = 20;
- globalseed.data = (unsigned char *)PORT_Alloc(globalseed.len);
- } else {
- B_DestroyAlgorithmObject(&globalrng);
- }
- nBytes = RNG_GetNoise(globalseed.data, globalseed.len);
- globalrng = generateRandomAlgorithm(globalseed.len, globalseed.data);
- if (globalrng == NULL_PTR) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-SECStatus
-RNG_RandomUpdate(void *data, size_t bytes)
-{
- int status;
- if (data == NULL || bytes <= 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if (globalrng == NULL_PTR) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
- if ((status = B_RandomUpdate(globalrng, data, bytes,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-SECStatus
-RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
-{
- int status;
- if (dest == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if (globalrng == NULL_PTR) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
- if ((status = B_GenerateRandomBytes(globalrng, dest, len,
- (A_SURRENDER_CTX *)NULL_PTR)) != 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-void
-RNG_RNGShutdown(void)
-{
- if (globalrng == NULL_PTR)
- /* no-op */
- return;
- B_DestroyAlgorithmObject(&globalrng);
- SECITEM_ZfreeItem(&globalseed, PR_FALSE);
- globalrng = NULL_PTR;
-}
diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h
deleted file mode 100644
index 3a496d2ad..000000000
--- a/security/nss/lib/freebl/blapit.h
+++ /dev/null
@@ -1,219 +0,0 @@
-/*
- * blapit.h - public data structures for the crypto library
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef _BLAPIT_H_
-#define _BLAPIT_H_
-
-#include "seccomon.h"
-#include "plarena.h"
-
-/* RC2 operation modes */
-#define NSS_RC2 0
-#define NSS_RC2_CBC 1
-
-/* RC5 operation modes */
-#define NSS_RC5 0
-#define NSS_RC5_CBC 1
-
-/* DES operation modes */
-#define NSS_DES 0
-#define NSS_DES_CBC 1
-#define NSS_DES_EDE3 2
-#define NSS_DES_EDE3_CBC 3
-
-#define DES_KEY_LENGTH 8 /* Bytes */
-
-#define DSA_SIGNATURE_LEN 40 /* Bytes */
-#define DSA_SUBPRIME_LEN 20 /* Bytes */
-
-/*
- * Number of bytes each hash algorithm produces
- */
-#define MD2_LENGTH 16 /* Bytes */
-#define MD5_LENGTH 16 /* Bytes */
-#define SHA1_LENGTH 20 /* Bytes */
-
-/*
- * The FIPS 186 algorithm for generating primes P and Q allows only 9
- * distinct values for the length of P, and only one value for the
- * length of Q.
- * The algorithm uses a variable j to indicate which of the 9 lengths
- * of P is to be used.
- * The following table relates j to the lengths of P and Q in bits.
- *
- * j bits in P bits in Q
- * _ _________ _________
- * 0 512 160
- * 1 576 160
- * 2 640 160
- * 3 704 160
- * 4 768 160
- * 5 832 160
- * 6 896 160
- * 7 960 160
- * 8 1024 160
- *
- * The FIPS-186 compliant PQG generator takes j as an input parameter.
- */
-
-
-/*
- * function takes desired number of bits in P,
- * returns index (0..8) or -1 if number of bits is invalid.
- */
-#define PQG_PBITS_TO_INDEX(bits) ((((bits)-512) % 64) ? -1 : ((bits)-512)/64)
-
-/*
- * function takes index (0-8)
- * returns number of bits in P for that index, or -1 if index is invalid.
- */
-#define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j)))
-
-
-/***************************************************************************
-** Opaque objects
-*/
-
-struct DESContextStr ;
-struct RC2ContextStr ;
-struct RC4ContextStr ;
-struct RC5ContextStr ;
-struct MD2ContextStr ;
-struct MD5ContextStr ;
-struct SHA1ContextStr ;
-
-typedef struct DESContextStr DESContext;
-typedef struct RC2ContextStr RC2Context;
-typedef struct RC4ContextStr RC4Context;
-typedef struct RC5ContextStr RC5Context;
-typedef struct MD2ContextStr MD2Context;
-typedef struct MD5ContextStr MD5Context;
-typedef struct SHA1ContextStr SHA1Context;
-
-/***************************************************************************
-** RSA Public and Private Key structures
-*/
-
-/* member names from PKCS#1, section 7.1 */
-struct RSAPublicKeyStr {
- PRArenaPool * arena;
- SECItem modulus;
- SECItem publicExponent;
-};
-typedef struct RSAPublicKeyStr RSAPublicKey;
-
-/* member names from PKCS#1, section 7.2 */
-struct RSAPrivateKeyStr {
- PRArenaPool * arena;
- SECItem version;
- SECItem modulus;
- SECItem publicExponent;
- SECItem privateExponent;
- SECItem prime1;
- SECItem prime2;
- SECItem exponent1;
- SECItem exponent2;
- SECItem coefficient;
-};
-typedef struct RSAPrivateKeyStr RSAPrivateKey;
-
-
-/***************************************************************************
-** DSA Public and Private Key and related structures
-*/
-
-struct PQGParamsStr {
- PRArenaPool *arena;
- SECItem prime; /* p */
- SECItem subPrime; /* q */
- SECItem base; /* g */
- /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
-};
-typedef struct PQGParamsStr PQGParams;
-
-struct PQGVerifyStr {
- PRArenaPool * arena; /* includes this struct, seed, & h. */
- unsigned int counter;
- SECItem seed;
- SECItem h;
-};
-typedef struct PQGVerifyStr PQGVerify;
-
-struct DSAPublicKeyStr {
- PQGParams params;
- SECItem publicValue;
-};
-typedef struct DSAPublicKeyStr DSAPublicKey;
-
-struct DSAPrivateKeyStr {
- PQGParams params;
- SECItem publicValue;
- SECItem privateValue;
-};
-typedef struct DSAPrivateKeyStr DSAPrivateKey;
-
-/***************************************************************************
-** Diffie-Hellman Public and Private Key and related structures
-** Structure member names suggested by PKCS#3.
-*/
-
-struct DHParamsStr {
- PRArenaPool * arena;
- SECItem prime; /* p */
- SECItem base; /* g */
-};
-typedef struct DHParamsStr DHParams;
-
-struct DHPublicKeyStr {
- PRArenaPool * arena;
- SECItem prime;
- SECItem base;
- SECItem publicValue;
-};
-typedef struct DHPublicKeyStr DHPublicKey;
-
-struct DHPrivateKeyStr {
- PRArenaPool * arena;
- SECItem prime;
- SECItem base;
- SECItem publicValue;
- SECItem privateValue;
-};
-typedef struct DHPrivateKeyStr DHPrivateKey;
-
-
-#endif /* _BLAPIT_H_ */
diff --git a/security/nss/lib/freebl/config.mk b/security/nss/lib/freebl/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/freebl/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/freebl/dh.c b/security/nss/lib/freebl/dh.c
deleted file mode 100644
index f366363bf..000000000
--- a/security/nss/lib/freebl/dh.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "prerr.h"
-#include "secerr.h"
-
-#include "blapi.h"
-
-SECStatus
-DH_GenParam(int primeLen, DHParams ** params)
-{
- PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
- return SECFailure;
-}
-
-SECStatus
-DH_NewKey(DHParams * params,
- DHPrivateKey ** privKey)
-{
- PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
- return SECFailure;
-}
-
-SECStatus
-DH_Derive(SECItem * publicValue,
- SECItem * prime,
- SECItem * privateValue,
- SECItem * derivedSecret,
- unsigned int maxOutBytes)
-{
- PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
- return SECFailure;
-}
-
-SECStatus
-KEA_Derive(SECItem *prime,
- SECItem *public1,
- SECItem *public2,
- SECItem *private1,
- SECItem *private2,
- SECItem *derivedSecret)
-{
- PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
- return SECFailure;
-}
-
-PRBool
-KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
-{
- PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
- return PR_FALSE;
-}
diff --git a/security/nss/lib/freebl/fblstdlib.c b/security/nss/lib/freebl/fblstdlib.c
deleted file mode 100755
index 7aeb8efef..000000000
--- a/security/nss/lib/freebl/fblstdlib.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <plstr.h>
-#include "aglobal.h"
-#include "bsafe.h"
-#include "secport.h"
-
-void CALL_CONV T_memset (p, c, count)
-POINTER p;
-int c;
-unsigned int count;
-{
- if (count >= 0)
- memset(p, c, count);
-}
-
-void CALL_CONV T_memcpy (d, s, count)
-POINTER d, s;
-unsigned int count;
-{
- if (count >= 0)
- memcpy(d, s, count);
-}
-
-void CALL_CONV T_memmove (d, s, count)
-POINTER d, s;
-unsigned int count;
-{
- if (count >= 0)
- PORT_Memmove(d, s, count);
-}
-
-int CALL_CONV T_memcmp (s1, s2, count)
-POINTER s1, s2;
-unsigned int count;
-{
- if (count == 0)
- return (0);
- else
- return(memcmp(s1, s2, count));
-}
-
-POINTER CALL_CONV T_malloc (size)
-unsigned int size;
-{
- return((POINTER)PORT_Alloc(size == 0 ? 1 : size));
-}
-
-POINTER CALL_CONV T_realloc (p, size)
-POINTER p;
-unsigned int size;
-{
- POINTER result;
-
- if (p == NULL_PTR)
- return (T_malloc(size));
-
- if ((result = (POINTER)PORT_Realloc(p, size == 0 ? 1 : size)) == NULL_PTR)
- PORT_Free(p);
- return (result);
-}
-
-void CALL_CONV T_free (p)
-POINTER p;
-{
- if (p != NULL_PTR)
- PORT_Free(p);
-}
-
-unsigned int CALL_CONV T_strlen(p)
-char *p;
-{
- return PL_strlen(p);
-}
-
-void CALL_CONV T_strcpy(dest, src)
-char *dest;
-char *src;
-{
- PL_strcpy(dest, src);
-}
-
-int CALL_CONV T_strcmp (a, b)
-char *a, *b;
-{
- return (PL_strcmp (a, b));
-}
diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn
deleted file mode 100644
index 4b42913bf..000000000
--- a/security/nss/lib/freebl/manifest.mn
+++ /dev/null
@@ -1,66 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-LIBRARY_NAME = freebl
-
-REQUIRES =
-
-EXPORTS = \
- blapi.h \
- blapit.h \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- $(NULL)
-
-ifdef MOZILLA_BSAFE_BUILD
-CSRCS = \
- fblstdlib.c \
- sha_fast.c \
- md2.c \
- md5.c \
- dh.c \
- blapi_bsf.c \
- $(NULL)
-else
-CSRCS = \
- sha_fast.c \
- md2.c \
- md5.c \
- alg2268.c \
- $(NULL)
-endif
-
diff --git a/security/nss/lib/freebl/md2.c b/security/nss/lib/freebl/md2.c
deleted file mode 100644
index 3f7427c14..000000000
--- a/security/nss/lib/freebl/md2.c
+++ /dev/null
@@ -1,288 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "prerr.h"
-#include "secerr.h"
-
-#include "prtypes.h"
-
-#include "blapi.h"
-
-#define MD2_DIGEST_LEN 16
-#define MD2_BUFSIZE 16
-#define MD2_X_SIZE 48 /* The X array, [CV | INPUT | TMP VARS] */
-#define MD2_CV 0 /* index into X for chaining variables */
-#define MD2_INPUT 16 /* index into X for input */
-#define MD2_TMPVARS 32 /* index into X for temporary variables */
-#define MD2_CHECKSUM_SIZE 16
-
-struct MD2ContextStr {
- unsigned char checksum[MD2_BUFSIZE];
- unsigned char X[MD2_X_SIZE];
- PRUint8 unusedBuffer;
-};
-
-static const PRUint8 MD2S[256] = {
- 0051, 0056, 0103, 0311, 0242, 0330, 0174, 0001,
- 0075, 0066, 0124, 0241, 0354, 0360, 0006, 0023,
- 0142, 0247, 0005, 0363, 0300, 0307, 0163, 0214,
- 0230, 0223, 0053, 0331, 0274, 0114, 0202, 0312,
- 0036, 0233, 0127, 0074, 0375, 0324, 0340, 0026,
- 0147, 0102, 0157, 0030, 0212, 0027, 0345, 0022,
- 0276, 0116, 0304, 0326, 0332, 0236, 0336, 0111,
- 0240, 0373, 0365, 0216, 0273, 0057, 0356, 0172,
- 0251, 0150, 0171, 0221, 0025, 0262, 0007, 0077,
- 0224, 0302, 0020, 0211, 0013, 0042, 0137, 0041,
- 0200, 0177, 0135, 0232, 0132, 0220, 0062, 0047,
- 0065, 0076, 0314, 0347, 0277, 0367, 0227, 0003,
- 0377, 0031, 0060, 0263, 0110, 0245, 0265, 0321,
- 0327, 0136, 0222, 0052, 0254, 0126, 0252, 0306,
- 0117, 0270, 0070, 0322, 0226, 0244, 0175, 0266,
- 0166, 0374, 0153, 0342, 0234, 0164, 0004, 0361,
- 0105, 0235, 0160, 0131, 0144, 0161, 0207, 0040,
- 0206, 0133, 0317, 0145, 0346, 0055, 0250, 0002,
- 0033, 0140, 0045, 0255, 0256, 0260, 0271, 0366,
- 0034, 0106, 0141, 0151, 0064, 0100, 0176, 0017,
- 0125, 0107, 0243, 0043, 0335, 0121, 0257, 0072,
- 0303, 0134, 0371, 0316, 0272, 0305, 0352, 0046,
- 0054, 0123, 0015, 0156, 0205, 0050, 0204, 0011,
- 0323, 0337, 0315, 0364, 0101, 0201, 0115, 0122,
- 0152, 0334, 0067, 0310, 0154, 0301, 0253, 0372,
- 0044, 0341, 0173, 0010, 0014, 0275, 0261, 0112,
- 0170, 0210, 0225, 0213, 0343, 0143, 0350, 0155,
- 0351, 0313, 0325, 0376, 0073, 0000, 0035, 0071,
- 0362, 0357, 0267, 0016, 0146, 0130, 0320, 0344,
- 0246, 0167, 0162, 0370, 0353, 0165, 0113, 0012,
- 0061, 0104, 0120, 0264, 0217, 0355, 0037, 0032,
- 0333, 0231, 0215, 0063, 0237, 0021, 0203, 0024
-};
-
-SECStatus
-MD2_Hash(unsigned char *dest, const char *src)
-{
- unsigned int len;
- MD2Context *cx = MD2_NewContext();
- if (!cx) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return SECFailure;
- }
- MD2_Begin(cx);
- MD2_Update(cx, (unsigned char *)src, PL_strlen(src));
- MD2_End(cx, dest, &len, MD2_DIGEST_LEN);
- MD2_DestroyContext(cx, PR_TRUE);
- return SECSuccess;
-}
-
-MD2Context *
-MD2_NewContext(void)
-{
- MD2Context *cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context));
- if (cx == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return NULL;
- }
- return cx;
-}
-
-void
-MD2_DestroyContext(MD2Context *cx, PRBool freeit)
-{
- if (freeit)
- PORT_ZFree(cx, sizeof(*cx));
-}
-
-void
-MD2_Begin(MD2Context *cx)
-{
- memset(cx, 0, sizeof(*cx));
- cx->unusedBuffer = MD2_BUFSIZE;
-}
-
-static void
-md2_compress(MD2Context *cx)
-{
- int j;
- unsigned char P;
- P = cx->checksum[MD2_CHECKSUM_SIZE-1];
- /* Compute the running checksum, and set the tmp variables to be
- * CV[i] XOR input[i]
- */
-#define CKSUMFN(n) \
- P = cx->checksum[n] ^ MD2S[cx->X[MD2_INPUT+n] ^ P]; \
- cx->checksum[n] = P; \
- cx->X[MD2_TMPVARS+n] = cx->X[n] ^ cx->X[MD2_INPUT+n];
- CKSUMFN(0);
- CKSUMFN(1);
- CKSUMFN(2);
- CKSUMFN(3);
- CKSUMFN(4);
- CKSUMFN(5);
- CKSUMFN(6);
- CKSUMFN(7);
- CKSUMFN(8);
- CKSUMFN(9);
- CKSUMFN(10);
- CKSUMFN(11);
- CKSUMFN(12);
- CKSUMFN(13);
- CKSUMFN(14);
- CKSUMFN(15);
- /* The compression function. */
-#define COMPRESS(n) \
- P = cx->X[n] ^ MD2S[P]; \
- cx->X[n] = P;
- P = 0x00;
- for (j=0; j<18; j++) {
- COMPRESS(0);
- COMPRESS(1);
- COMPRESS(2);
- COMPRESS(3);
- COMPRESS(4);
- COMPRESS(5);
- COMPRESS(6);
- COMPRESS(7);
- COMPRESS(8);
- COMPRESS(9);
- COMPRESS(10);
- COMPRESS(11);
- COMPRESS(12);
- COMPRESS(13);
- COMPRESS(14);
- COMPRESS(15);
- COMPRESS(16);
- COMPRESS(17);
- COMPRESS(18);
- COMPRESS(19);
- COMPRESS(20);
- COMPRESS(21);
- COMPRESS(22);
- COMPRESS(23);
- COMPRESS(24);
- COMPRESS(25);
- COMPRESS(26);
- COMPRESS(27);
- COMPRESS(28);
- COMPRESS(29);
- COMPRESS(30);
- COMPRESS(31);
- COMPRESS(32);
- COMPRESS(33);
- COMPRESS(34);
- COMPRESS(35);
- COMPRESS(36);
- COMPRESS(37);
- COMPRESS(38);
- COMPRESS(39);
- COMPRESS(40);
- COMPRESS(41);
- COMPRESS(42);
- COMPRESS(43);
- COMPRESS(44);
- COMPRESS(45);
- COMPRESS(46);
- COMPRESS(47);
- P = (P + j) % 256;
- }
- cx->unusedBuffer = MD2_BUFSIZE;
-}
-
-void
-MD2_Update(MD2Context *cx, const unsigned char *input, unsigned int inputLen)
-{
- PRUint32 bytesToConsume;
-
- /* Fill the remaining input buffer. */
- if (cx->unusedBuffer != MD2_BUFSIZE) {
- bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer);
- memcpy(&cx->X[MD2_INPUT + (MD2_BUFSIZE - cx->unusedBuffer)],
- input, bytesToConsume);
- if (cx->unusedBuffer + bytesToConsume >= MD2_BUFSIZE)
- md2_compress(cx);
- inputLen -= bytesToConsume;
- input += bytesToConsume;
- }
-
- /* Iterate over 16-byte chunks of the input. */
- while (inputLen >= MD2_BUFSIZE) {
- memcpy(&cx->X[MD2_INPUT], input, MD2_BUFSIZE);
- md2_compress(cx);
- inputLen -= MD2_BUFSIZE;
- input += MD2_BUFSIZE;
- }
-
- /* Copy any input that remains into the buffer. */
- if (inputLen)
- memcpy(&cx->X[MD2_INPUT], input, inputLen);
- cx->unusedBuffer = MD2_BUFSIZE - inputLen;
-}
-
-void
-MD2_End(MD2Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
-{
- PRUint8 padStart;
- if (maxDigestLen < MD2_BUFSIZE) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return;
- }
- padStart = MD2_BUFSIZE - cx->unusedBuffer;
- memset(&cx->X[MD2_INPUT + padStart], cx->unusedBuffer,
- cx->unusedBuffer);
- md2_compress(cx);
- memcpy(&cx->X[MD2_INPUT], cx->checksum, MD2_BUFSIZE);
- md2_compress(cx);
- *digestLen = MD2_DIGEST_LEN;
- memcpy(digest, &cx->X[MD2_CV], MD2_DIGEST_LEN);
-}
-
-unsigned int
-MD2_FlattenSize(MD2Context *cx)
-{
- return sizeof(*cx);
-}
-
-SECStatus
-MD2_Flatten(MD2Context *cx, unsigned char *space)
-{
- memcpy(space, cx, sizeof(*cx));
- return SECSuccess;
-}
-
-MD2Context *
-MD2_Resurrect(unsigned char *space, void *arg)
-{
- MD2Context *cx = MD2_NewContext();
- if (cx)
- memcpy(cx, space, sizeof(*cx));
- return cx;
-}
diff --git a/security/nss/lib/freebl/md5.c b/security/nss/lib/freebl/md5.c
deleted file mode 100644
index b0c0ed6a0..000000000
--- a/security/nss/lib/freebl/md5.c
+++ /dev/null
@@ -1,529 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "prerr.h"
-#include "secerr.h"
-
-#include "prtypes.h"
-#include "prlong.h"
-
-#include "blapi.h"
-
-#define MD5_HASH_LEN 16
-#define MD5_BUFFER_SIZE 64
-#define MD5_END_BUFFER (MD5_BUFFER_SIZE - 8)
-
-#define CV0_1 0x67452301
-#define CV0_2 0xefcdab89
-#define CV0_3 0x98badcfe
-#define CV0_4 0x10325476
-
-#define T1_0 0xd76aa478
-#define T1_1 0xe8c7b756
-#define T1_2 0x242070db
-#define T1_3 0xc1bdceee
-#define T1_4 0xf57c0faf
-#define T1_5 0x4787c62a
-#define T1_6 0xa8304613
-#define T1_7 0xfd469501
-#define T1_8 0x698098d8
-#define T1_9 0x8b44f7af
-#define T1_10 0xffff5bb1
-#define T1_11 0x895cd7be
-#define T1_12 0x6b901122
-#define T1_13 0xfd987193
-#define T1_14 0xa679438e
-#define T1_15 0x49b40821
-
-#define T2_0 0xf61e2562
-#define T2_1 0xc040b340
-#define T2_2 0x265e5a51
-#define T2_3 0xe9b6c7aa
-#define T2_4 0xd62f105d
-#define T2_5 0x02441453
-#define T2_6 0xd8a1e681
-#define T2_7 0xe7d3fbc8
-#define T2_8 0x21e1cde6
-#define T2_9 0xc33707d6
-#define T2_10 0xf4d50d87
-#define T2_11 0x455a14ed
-#define T2_12 0xa9e3e905
-#define T2_13 0xfcefa3f8
-#define T2_14 0x676f02d9
-#define T2_15 0x8d2a4c8a
-
-#define T3_0 0xfffa3942
-#define T3_1 0x8771f681
-#define T3_2 0x6d9d6122
-#define T3_3 0xfde5380c
-#define T3_4 0xa4beea44
-#define T3_5 0x4bdecfa9
-#define T3_6 0xf6bb4b60
-#define T3_7 0xbebfbc70
-#define T3_8 0x289b7ec6
-#define T3_9 0xeaa127fa
-#define T3_10 0xd4ef3085
-#define T3_11 0x04881d05
-#define T3_12 0xd9d4d039
-#define T3_13 0xe6db99e5
-#define T3_14 0x1fa27cf8
-#define T3_15 0xc4ac5665
-
-#define T4_0 0xf4292244
-#define T4_1 0x432aff97
-#define T4_2 0xab9423a7
-#define T4_3 0xfc93a039
-#define T4_4 0x655b59c3
-#define T4_5 0x8f0ccc92
-#define T4_6 0xffeff47d
-#define T4_7 0x85845dd1
-#define T4_8 0x6fa87e4f
-#define T4_9 0xfe2ce6e0
-#define T4_10 0xa3014314
-#define T4_11 0x4e0811a1
-#define T4_12 0xf7537e82
-#define T4_13 0xbd3af235
-#define T4_14 0x2ad7d2bb
-#define T4_15 0xeb86d391
-
-#define R1B0 0
-#define R1B1 1
-#define R1B2 2
-#define R1B3 3
-#define R1B4 4
-#define R1B5 5
-#define R1B6 6
-#define R1B7 7
-#define R1B8 8
-#define R1B9 9
-#define R1B10 10
-#define R1B11 11
-#define R1B12 12
-#define R1B13 13
-#define R1B14 14
-#define R1B15 15
-
-#define R2B0 1
-#define R2B1 6
-#define R2B2 11
-#define R2B3 0
-#define R2B4 5
-#define R2B5 10
-#define R2B6 15
-#define R2B7 4
-#define R2B8 9
-#define R2B9 14
-#define R2B10 3
-#define R2B11 8
-#define R2B12 13
-#define R2B13 2
-#define R2B14 7
-#define R2B15 12
-
-#define R3B0 5
-#define R3B1 8
-#define R3B2 11
-#define R3B3 14
-#define R3B4 1
-#define R3B5 4
-#define R3B6 7
-#define R3B7 10
-#define R3B8 13
-#define R3B9 0
-#define R3B10 3
-#define R3B11 6
-#define R3B12 9
-#define R3B13 12
-#define R3B14 15
-#define R3B15 2
-
-#define R4B0 0
-#define R4B1 7
-#define R4B2 14
-#define R4B3 5
-#define R4B4 12
-#define R4B5 3
-#define R4B6 10
-#define R4B7 1
-#define R4B8 8
-#define R4B9 15
-#define R4B10 6
-#define R4B11 13
-#define R4B12 4
-#define R4B13 11
-#define R4B14 2
-#define R4B15 9
-
-#define S1_0 7
-#define S1_1 12
-#define S1_2 17
-#define S1_3 22
-
-#define S2_0 5
-#define S2_1 9
-#define S2_2 14
-#define S2_3 20
-
-#define S3_0 4
-#define S3_1 11
-#define S3_2 16
-#define S3_3 23
-
-#define S4_0 6
-#define S4_1 10
-#define S4_2 15
-#define S4_3 21
-
-struct MD5ContextStr {
- PRUint32 lsbInput;
- PRUint32 msbInput;
- PRUint32 cv[4];
- union {
- PRUint8 b[64];
- PRUint32 w[16];
- } u;
-};
-
-#define inBuf u.b
-
-SECStatus
-MD5_Hash(unsigned char *dest, const char *src)
-{
- return MD5_HashBuf(dest, (unsigned char *)src, PL_strlen(src));
-}
-
-SECStatus
-MD5_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
-{
- unsigned int len;
- MD5Context *cx = MD5_NewContext();
- if (cx == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return SECFailure;
- }
- MD5_Begin(cx);
- MD5_Update(cx, src, src_length);
- MD5_End(cx, dest, &len, MD5_HASH_LEN);
- MD5_DestroyContext(cx, PR_TRUE);
- return SECSuccess;
-}
-
-MD5Context *
-MD5_NewContext(void)
-{
- MD5Context *cx = (MD5Context *)PORT_ZAlloc(sizeof(MD5Context));
- if (cx == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return NULL;
- }
- return cx;
-}
-
-void
-MD5_DestroyContext(MD5Context *cx, PRBool freeit)
-{
- if (freeit) {
- PORT_ZFree(cx, sizeof(MD5Context));
- }
-}
-
-void
-MD5_Begin(MD5Context *cx)
-{
- cx->lsbInput = 0;
- cx->msbInput = 0;
- memset(cx->inBuf, 0, sizeof(cx->inBuf));
- cx->cv[0] = CV0_1;
- cx->cv[1] = CV0_2;
- cx->cv[2] = CV0_3;
- cx->cv[3] = CV0_4;
-}
-
-#define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s))
-
-#define MASK 0x00ff00ff
-#ifdef IS_LITTLE_ENDIAN
-#define lendian(i32) \
- (i32)
-#else
-#define lendian(i32) \
- (tmp = i32 >> 16 | i32 << 16, (tmp & MASK) << 8 | tmp >> 8 & MASK)
-#endif
-
-#if defined(SOLARIS) || defined(HPUX)
-#define addto64(sumhigh, sumlow, addend) \
- sumlow += addend; sumhigh += (sumlow < addend);
-#else
-#define addto64(sumhigh, sumlow, addend) \
- sumlow += addend; if (sumlow < addend) ++sumhigh;
-#endif
-
-#define F(X, Y, Z) \
- ((X & Y) | ((~X) & Z))
-
-#define G(X, Y, Z) \
- ((X & Z) | (Y & (~Z)))
-
-#define H(X, Y, Z) \
- (X ^ Y ^ Z)
-
-#define I(X, Y, Z) \
- (Y ^ (X | (~Z)))
-
-#define FF(a, b, c, d, bufint, s, ti) \
- a = b + cls(a + F(b, c, d) + bufint + ti, s)
-
-#define GG(a, b, c, d, bufint, s, ti) \
- a = b + cls(a + G(b, c, d) + bufint + ti, s)
-
-#define HH(a, b, c, d, bufint, s, ti) \
- a = b + cls(a + H(b, c, d) + bufint + ti, s)
-
-#define II(a, b, c, d, bufint, s, ti) \
- a = b + cls(a + I(b, c, d) + bufint + ti, s)
-
-static void
-md5_compress(MD5Context *cx)
-{
- PRUint32 a, b, c, d;
- PRUint32 tmp;
- a = cx->cv[0];
- b = cx->cv[1];
- c = cx->cv[2];
- d = cx->cv[3];
-#ifndef IS_LITTLE_ENDIAN
- cx->u.w[0] = lendian(cx->u.w[0]);
- cx->u.w[1] = lendian(cx->u.w[1]);
- cx->u.w[2] = lendian(cx->u.w[2]);
- cx->u.w[3] = lendian(cx->u.w[3]);
- cx->u.w[4] = lendian(cx->u.w[4]);
- cx->u.w[5] = lendian(cx->u.w[5]);
- cx->u.w[6] = lendian(cx->u.w[6]);
- cx->u.w[7] = lendian(cx->u.w[7]);
- cx->u.w[8] = lendian(cx->u.w[8]);
- cx->u.w[9] = lendian(cx->u.w[9]);
- cx->u.w[10] = lendian(cx->u.w[10]);
- cx->u.w[11] = lendian(cx->u.w[11]);
- cx->u.w[12] = lendian(cx->u.w[12]);
- cx->u.w[13] = lendian(cx->u.w[13]);
- cx->u.w[14] = lendian(cx->u.w[14]);
- cx->u.w[15] = lendian(cx->u.w[15]);
-#endif
- FF(a, b, c, d, cx->u.w[R1B0 ], S1_0, T1_0);
- FF(d, a, b, c, cx->u.w[R1B1 ], S1_1, T1_1);
- FF(c, d, a, b, cx->u.w[R1B2 ], S1_2, T1_2);
- FF(b, c, d, a, cx->u.w[R1B3 ], S1_3, T1_3);
- FF(a, b, c, d, cx->u.w[R1B4 ], S1_0, T1_4);
- FF(d, a, b, c, cx->u.w[R1B5 ], S1_1, T1_5);
- FF(c, d, a, b, cx->u.w[R1B6 ], S1_2, T1_6);
- FF(b, c, d, a, cx->u.w[R1B7 ], S1_3, T1_7);
- FF(a, b, c, d, cx->u.w[R1B8 ], S1_0, T1_8);
- FF(d, a, b, c, cx->u.w[R1B9 ], S1_1, T1_9);
- FF(c, d, a, b, cx->u.w[R1B10], S1_2, T1_10);
- FF(b, c, d, a, cx->u.w[R1B11], S1_3, T1_11);
- FF(a, b, c, d, cx->u.w[R1B12], S1_0, T1_12);
- FF(d, a, b, c, cx->u.w[R1B13], S1_1, T1_13);
- FF(c, d, a, b, cx->u.w[R1B14], S1_2, T1_14);
- FF(b, c, d, a, cx->u.w[R1B15], S1_3, T1_15);
- GG(a, b, c, d, cx->u.w[R2B0 ], S2_0, T2_0);
- GG(d, a, b, c, cx->u.w[R2B1 ], S2_1, T2_1);
- GG(c, d, a, b, cx->u.w[R2B2 ], S2_2, T2_2);
- GG(b, c, d, a, cx->u.w[R2B3 ], S2_3, T2_3);
- GG(a, b, c, d, cx->u.w[R2B4 ], S2_0, T2_4);
- GG(d, a, b, c, cx->u.w[R2B5 ], S2_1, T2_5);
- GG(c, d, a, b, cx->u.w[R2B6 ], S2_2, T2_6);
- GG(b, c, d, a, cx->u.w[R2B7 ], S2_3, T2_7);
- GG(a, b, c, d, cx->u.w[R2B8 ], S2_0, T2_8);
- GG(d, a, b, c, cx->u.w[R2B9 ], S2_1, T2_9);
- GG(c, d, a, b, cx->u.w[R2B10], S2_2, T2_10);
- GG(b, c, d, a, cx->u.w[R2B11], S2_3, T2_11);
- GG(a, b, c, d, cx->u.w[R2B12], S2_0, T2_12);
- GG(d, a, b, c, cx->u.w[R2B13], S2_1, T2_13);
- GG(c, d, a, b, cx->u.w[R2B14], S2_2, T2_14);
- GG(b, c, d, a, cx->u.w[R2B15], S2_3, T2_15);
- HH(a, b, c, d, cx->u.w[R3B0 ], S3_0, T3_0);
- HH(d, a, b, c, cx->u.w[R3B1 ], S3_1, T3_1);
- HH(c, d, a, b, cx->u.w[R3B2 ], S3_2, T3_2);
- HH(b, c, d, a, cx->u.w[R3B3 ], S3_3, T3_3);
- HH(a, b, c, d, cx->u.w[R3B4 ], S3_0, T3_4);
- HH(d, a, b, c, cx->u.w[R3B5 ], S3_1, T3_5);
- HH(c, d, a, b, cx->u.w[R3B6 ], S3_2, T3_6);
- HH(b, c, d, a, cx->u.w[R3B7 ], S3_3, T3_7);
- HH(a, b, c, d, cx->u.w[R3B8 ], S3_0, T3_8);
- HH(d, a, b, c, cx->u.w[R3B9 ], S3_1, T3_9);
- HH(c, d, a, b, cx->u.w[R3B10], S3_2, T3_10);
- HH(b, c, d, a, cx->u.w[R3B11], S3_3, T3_11);
- HH(a, b, c, d, cx->u.w[R3B12], S3_0, T3_12);
- HH(d, a, b, c, cx->u.w[R3B13], S3_1, T3_13);
- HH(c, d, a, b, cx->u.w[R3B14], S3_2, T3_14);
- HH(b, c, d, a, cx->u.w[R3B15], S3_3, T3_15);
- II(a, b, c, d, cx->u.w[R4B0 ], S4_0, T4_0);
- II(d, a, b, c, cx->u.w[R4B1 ], S4_1, T4_1);
- II(c, d, a, b, cx->u.w[R4B2 ], S4_2, T4_2);
- II(b, c, d, a, cx->u.w[R4B3 ], S4_3, T4_3);
- II(a, b, c, d, cx->u.w[R4B4 ], S4_0, T4_4);
- II(d, a, b, c, cx->u.w[R4B5 ], S4_1, T4_5);
- II(c, d, a, b, cx->u.w[R4B6 ], S4_2, T4_6);
- II(b, c, d, a, cx->u.w[R4B7 ], S4_3, T4_7);
- II(a, b, c, d, cx->u.w[R4B8 ], S4_0, T4_8);
- II(d, a, b, c, cx->u.w[R4B9 ], S4_1, T4_9);
- II(c, d, a, b, cx->u.w[R4B10], S4_2, T4_10);
- II(b, c, d, a, cx->u.w[R4B11], S4_3, T4_11);
- II(a, b, c, d, cx->u.w[R4B12], S4_0, T4_12);
- II(d, a, b, c, cx->u.w[R4B13], S4_1, T4_13);
- II(c, d, a, b, cx->u.w[R4B14], S4_2, T4_14);
- II(b, c, d, a, cx->u.w[R4B15], S4_3, T4_15);
- cx->cv[0] += a;
- cx->cv[1] += b;
- cx->cv[2] += c;
- cx->cv[3] += d;
-}
-
-void
-MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
-{
- PRUint32 bytesToConsume;
- PRUint32 inBufIndex = cx->lsbInput & 63;
-
- /* Add the number of input bytes to the 64-bit input counter. */
- addto64(cx->msbInput, cx->lsbInput, inputLen);
- if (inBufIndex) {
- /* There is already data in the buffer. Fill with input. */
- bytesToConsume = PR_MIN(inputLen, MD5_BUFFER_SIZE - inBufIndex);
- memcpy(&cx->inBuf[inBufIndex], input, bytesToConsume);
- if (inBufIndex + bytesToConsume >= MD5_BUFFER_SIZE)
- /* The buffer is filled. Run the compression function. */
- md5_compress(cx);
- /* Remaining input. */
- inputLen -= bytesToConsume;
- input += bytesToConsume;
- }
-
- /* Iterate over 64-byte chunks of the message. */
- while (inputLen >= MD5_BUFFER_SIZE) {
- memcpy(cx->inBuf, input, MD5_BUFFER_SIZE);
- md5_compress(cx);
- inputLen -= MD5_BUFFER_SIZE;
- input += MD5_BUFFER_SIZE;
- }
-
- /* Tail of message (message bytes mod 64). */
- if (inputLen)
- memcpy(cx->inBuf, input, inputLen);
-}
-
-static const unsigned char padbytes[] = {
- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
-void
-MD5_End(MD5Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
-{
- PRUint32 tmp;
- PRUint32 lowInput, highInput;
- PRUint32 inBufIndex = cx->lsbInput & 63;
-
- if (maxDigestLen < MD5_HASH_LEN) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return;
- }
-
- /* Copy out the length of bits input before padding. */
- lowInput = cx->lsbInput;
- highInput = (cx->msbInput << 3) | (lowInput >> 29);
- lowInput <<= 3;
-
- if (inBufIndex < MD5_END_BUFFER) {
- MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
- } else {
- MD5_Update(cx, padbytes,
- MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
- }
-
- /* Store the number of bytes input (before padding) in final 64 bits. */
- cx->u.w[14] = lendian(lowInput);
- cx->u.w[15] = lendian(highInput);
-
- /* Final call to compress. */
- md5_compress(cx);
-
- /* Copy the resulting values out of the chain variables into return buf. */
- *digestLen = MD5_HASH_LEN;
-#ifndef IS_LITTLE_ENDIAN
- cx->cv[0] = lendian(cx->cv[0]);
- cx->cv[1] = lendian(cx->cv[1]);
- cx->cv[2] = lendian(cx->cv[2]);
- cx->cv[3] = lendian(cx->cv[3]);
-#endif
- memcpy(digest, cx->cv, MD5_HASH_LEN);
-}
-
-unsigned int
-MD5_FlattenSize(MD5Context *cx)
-{
- return sizeof(*cx);
-}
-
-SECStatus
-MD5_Flatten(MD5Context *cx, unsigned char *space)
-{
- memcpy(space, cx, sizeof(*cx));
- return SECSuccess;
-}
-
-MD5Context *
-MD5_Resurrect(unsigned char *space, void *arg)
-{
- MD5Context *cx = MD5_NewContext();
- if (cx)
- memcpy(cx, space, sizeof(*cx));
- return cx;
-}
-
-void
-MD5_TraceState(MD5Context *cx)
-{
- PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-}
diff --git a/security/nss/lib/freebl/sha.c b/security/nss/lib/freebl/sha.c
deleted file mode 100644
index c8480c72c..000000000
--- a/security/nss/lib/freebl/sha.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is SHA 180-1 Reference Implementation (Compact version)
- *
- * The Initial Developer of the Original Code is Paul Kocher of
- * Cryptography Research. Portions created by Paul Kocher are
- * Copyright (C) 1995-9 by Cryptography Research, Inc. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Paul Kocher
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "sha.h"
-
-static void shaHashBlock(SHA_CTX *ctx);
-
-void shaInit(SHA_CTX *ctx) {
- int i;
-
- ctx->lenW = 0;
- ctx->sizeHi = ctx->sizeLo = 0;
-
- /* Initialize H with the magic constants (see FIPS180 for constants)
- */
- ctx->H[0] = 0x67452301L;
- ctx->H[1] = 0xefcdab89L;
- ctx->H[2] = 0x98badcfeL;
- ctx->H[3] = 0x10325476L;
- ctx->H[4] = 0xc3d2e1f0L;
-
- for (i = 0; i < 80; i++)
- ctx->W[i] = 0;
-}
-
-
-void shaUpdate(SHA_CTX *ctx, unsigned char *dataIn, int len) {
- int i;
-
- /* Read the data into W and process blocks as they get full
- */
- for (i = 0; i < len; i++) {
- ctx->W[ctx->lenW / 4] <<= 8;
- ctx->W[ctx->lenW / 4] |= (unsigned long)dataIn[i];
- if ((++ctx->lenW) % 64 == 0) {
- shaHashBlock(ctx);
- ctx->lenW = 0;
- }
- ctx->sizeLo += 8;
- ctx->sizeHi += (ctx->sizeLo < 8);
- }
-}
-
-
-void shaFinal(SHA_CTX *ctx, unsigned char hashout[20]) {
- unsigned char pad0x80 = 0x80;
- unsigned char pad0x00 = 0x00;
- unsigned char padlen[8];
- int i;
-
- /* Pad with a binary 1 (e.g. 0x80), then zeroes, then length
- */
- padlen[0] = (unsigned char)((ctx->sizeHi >> 24) & 255);
- padlen[1] = (unsigned char)((ctx->sizeHi >> 16) & 255);
- padlen[2] = (unsigned char)((ctx->sizeHi >> 8) & 255);
- padlen[3] = (unsigned char)((ctx->sizeHi >> 0) & 255);
- padlen[4] = (unsigned char)((ctx->sizeLo >> 24) & 255);
- padlen[5] = (unsigned char)((ctx->sizeLo >> 16) & 255);
- padlen[6] = (unsigned char)((ctx->sizeLo >> 8) & 255);
- padlen[7] = (unsigned char)((ctx->sizeLo >> 0) & 255);
- shaUpdate(ctx, &pad0x80, 1);
- while (ctx->lenW != 56)
- shaUpdate(ctx, &pad0x00, 1);
- shaUpdate(ctx, padlen, 8);
-
- /* Output hash
- */
- for (i = 0; i < 20; i++) {
- hashout[i] = (unsigned char)(ctx->H[i / 4] >> 24);
- ctx->H[i / 4] <<= 8;
- }
-
- /*
- * Re-initialize the context (also zeroizes contents)
- */
- shaInit(ctx);
-}
-
-
-void shaBlock(unsigned char *dataIn, int len, unsigned char hashout[20]) {
- SHA_CTX ctx;
-
- shaInit(&ctx);
- shaUpdate(&ctx, dataIn, len);
- shaFinal(&ctx, hashout);
-}
-
-
-#define SHA_ROTL(X,n) (((X) << (n)) | ((X) >> (32-(n))))
-
-static void shaHashBlock(SHA_CTX *ctx) {
- int t;
- unsigned long A,B,C,D,E,TEMP;
-
- for (t = 16; t <= 79; t++)
- ctx->W[t] =
- SHA_ROTL(ctx->W[t-3] ^ ctx->W[t-8] ^ ctx->W[t-14] ^ ctx->W[t-16], 1);
-
- A = ctx->H[0];
- B = ctx->H[1];
- C = ctx->H[2];
- D = ctx->H[3];
- E = ctx->H[4];
-
- for (t = 0; t <= 19; t++) {
- TEMP = SHA_ROTL(A,5) + (((C^D)&B)^D) + E + ctx->W[t] + 0x5a827999L;
- E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP;
- }
- for (t = 20; t <= 39; t++) {
- TEMP = SHA_ROTL(A,5) + (B^C^D) + E + ctx->W[t] + 0x6ed9eba1L;
- E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP;
- }
- for (t = 40; t <= 59; t++) {
- TEMP = SHA_ROTL(A,5) + ((B&C)|(D&(B|C))) + E + ctx->W[t] + 0x8f1bbcdcL;
- E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP;
- }
- for (t = 60; t <= 79; t++) {
- TEMP = SHA_ROTL(A,5) + (B^C^D) + E + ctx->W[t] + 0xca62c1d6L;
- E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP;
- }
-
- ctx->H[0] += A;
- ctx->H[1] += B;
- ctx->H[2] += C;
- ctx->H[3] += D;
- ctx->H[4] += E;
-}
-
diff --git a/security/nss/lib/freebl/sha.h b/security/nss/lib/freebl/sha.h
deleted file mode 100644
index 0522a00b2..000000000
--- a/security/nss/lib/freebl/sha.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is SHA 180-1 Header File
- *
- * The Initial Developer of the Original Code is Paul Kocher of
- * Cryptography Research. Portions created by Paul Kocher are
- * Copyright (C) 1995-9 by Cryptography Research, Inc. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Paul Kocher
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-typedef struct {
- unsigned long H[5];
- unsigned long W[80];
- int lenW;
- unsigned long sizeHi,sizeLo;
-} SHA_CTX;
-
-
-void shaInit(SHA_CTX *ctx);
-void shaUpdate(SHA_CTX *ctx, unsigned char *dataIn, int len);
-void shaFinal(SHA_CTX *ctx, unsigned char hashout[20]);
-void shaBlock(unsigned char *dataIn, int len, unsigned char hashout[20]);
-
diff --git a/security/nss/lib/freebl/sha_fast.c b/security/nss/lib/freebl/sha_fast.c
deleted file mode 100644
index 58e32b4d8..000000000
--- a/security/nss/lib/freebl/sha_fast.c
+++ /dev/null
@@ -1,433 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is SHA 180-1 Reference Implementation (Optimized)
- *
- * The Initial Developer of the Original Code is Paul Kocher of
- * Cryptography Research. Portions created by Paul Kocher are
- * Copyright (C) 1995-9 by Cryptography Research, Inc. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Paul Kocher
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include <memory.h>
-#include "blapi.h"
-
-#ifdef TRACING_SSL
-#include "ssl.h"
-#include "ssltrace.h"
-#endif
-
-struct SHA1ContextStr {
- union {
- PRUint32 w[80]; /* input buffer, plus 64 words */
- PRUint8 b[320];
- } u;
- PRUint32 H[5]; /* 5 state variables */
- PRUint32 sizeHi,sizeLo; /* 64-bit count of hashed bytes. */
-};
-#define W u.w
-#define B u.b
-
-static void shaCompress(SHA1Context *ctx);
-
-#define SHA_MASK 0x00FF00FF
-#if defined(IS_LITTLE_ENDIAN)
-#define SHA_HTONL(x) (A = (x), A = A << 16 | A >> 16, \
- (A & SHA_MASK) << 8 | (A >> 8) & SHA_MASK)
-#else
-#define SHA_HTONL(x) (x)
-#endif
-#define SHA_BYTESWAP(x) x = SHA_HTONL(x)
-
-#define SHA_ROTL(X,n) (((X) << (n)) | ((X) >> (32-(n))))
-#define SHA_F1(X,Y,Z) ((((Y)^(Z))&(X))^(Z))
-#define SHA_F2(X,Y,Z) ((X)^(Y)^(Z))
-#define SHA_F3(X,Y,Z) (((X)&(Y))|((Z)&((X)|(Y))))
-#define SHA_F4(X,Y,Z) ((X)^(Y)^(Z))
-#define SHA_MIX(t) ctx->W[t] = \
- (A = ctx->W[t-3] ^ ctx->W[t-8] ^ ctx->W[t-14] ^ ctx->W[t-16], SHA_ROTL(A, 1))
-
-/*
- * SHA: Zeroize and initialize context
- */
-void
-SHA1_Begin(SHA1Context *ctx)
-{
- memset(ctx, 0, sizeof(SHA1Context));
-
- /*
- * Initialize H with constants from FIPS180-1.
- */
- ctx->H[0] = 0x67452301L;
- ctx->H[1] = 0xefcdab89L;
- ctx->H[2] = 0x98badcfeL;
- ctx->H[3] = 0x10325476L;
- ctx->H[4] = 0xc3d2e1f0L;
-
-}
-
-
-/*
- * SHA: Add data to context.
- */
-void
-SHA1_Update(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len)
-{
- register unsigned int lenB = ctx->sizeLo & 63;
- register unsigned int togo;
-
- if (!len)
- return;
-
- /* accumulate the byte count. */
- ctx->sizeLo += len;
- ctx->sizeHi += (ctx->sizeLo < len);
-
- /*
- * Read the data into W and process blocks as they get full
- */
- if (lenB > 0) {
- togo = 64 - lenB;
- if (len < togo)
- togo = len;
- memcpy(ctx->B + lenB, dataIn, togo);
- len -= togo;
- dataIn += togo;
- lenB = (lenB + togo) & 63;
- if (!lenB) {
- shaCompress(ctx);
- }
- }
- while (len >= 64) {
- memcpy(ctx->B, dataIn, 64);
- dataIn += 64;
- len -= 64;
- shaCompress(ctx);
- }
- if (len) {
- memcpy(ctx->B, dataIn, len);
- }
-}
-
-
-/*
- * SHA: Generate hash value from context
- */
-void
-SHA1_End(SHA1Context *ctx, unsigned char *hashout,
- unsigned int *pDigestLen, unsigned int maxDigestLen)
-{
- register PRUint32 sizeHi, sizeLo, lenB;
- static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
-#define A lenB
-
- PORT_Assert (maxDigestLen >= SHA1_LENGTH);
-
- /*
- * Pad with a binary 1 (e.g. 0x80), then zeroes, then length in bits
- */
- sizeHi = ctx->sizeHi;
- sizeLo = ctx->sizeLo;
- lenB = sizeLo & 63;
- SHA1_Update(ctx, bulk_pad, (((55+64) - lenB) & 63) + 1);
- PORT_Assert((ctx->sizeLo & 63) == 56);
-
- /* Convert size{Hi,Lo} from bytes to bits. */
- sizeHi = (sizeHi << 3) | (sizeLo >> 29);
- sizeLo <<= 3;
-
- ctx->W[14] = SHA_HTONL(sizeHi);
- ctx->W[15] = SHA_HTONL(sizeLo);
- shaCompress(ctx);
-
- /*
- * Output hash
- */
-#if defined(IS_LITTLE_ENDIAN)
- SHA_BYTESWAP(ctx->H[0]);
- SHA_BYTESWAP(ctx->H[1]);
- SHA_BYTESWAP(ctx->H[2]);
- SHA_BYTESWAP(ctx->H[3]);
- SHA_BYTESWAP(ctx->H[4]);
-#endif
- memcpy(hashout, ctx->H, SHA1_LENGTH);
- *pDigestLen = SHA1_LENGTH;
-
- /*
- * Re-initialize the context (also zeroizes contents)
- */
- SHA1_Begin(ctx);
-}
-
-#undef A
-#undef B
-/*
- * SHA: Compression function, unrolled.
- */
-static void
-shaCompress(SHA1Context *ctx)
-{
- register PRUint32 A, B, C, D, E;
-
-#if defined(IS_LITTLE_ENDIAN)
- SHA_BYTESWAP(ctx->W[0]);
- SHA_BYTESWAP(ctx->W[1]);
- SHA_BYTESWAP(ctx->W[2]);
- SHA_BYTESWAP(ctx->W[3]);
- SHA_BYTESWAP(ctx->W[4]);
- SHA_BYTESWAP(ctx->W[5]);
- SHA_BYTESWAP(ctx->W[6]);
- SHA_BYTESWAP(ctx->W[7]);
- SHA_BYTESWAP(ctx->W[8]);
- SHA_BYTESWAP(ctx->W[9]);
- SHA_BYTESWAP(ctx->W[10]);
- SHA_BYTESWAP(ctx->W[11]);
- SHA_BYTESWAP(ctx->W[12]);
- SHA_BYTESWAP(ctx->W[13]);
- SHA_BYTESWAP(ctx->W[14]);
- SHA_BYTESWAP(ctx->W[15]);
-#endif
-
- /*
- * This can be moved into the main code block below, but doing
- * so can cause some compilers to run out of registers and resort
- * to storing intermediates in RAM.
- */
-
- SHA_MIX(16); SHA_MIX(17); SHA_MIX(18); SHA_MIX(19);
- SHA_MIX(20); SHA_MIX(21); SHA_MIX(22); SHA_MIX(23); SHA_MIX(24);
- SHA_MIX(25); SHA_MIX(26); SHA_MIX(27); SHA_MIX(28); SHA_MIX(29);
- SHA_MIX(30); SHA_MIX(31); SHA_MIX(32); SHA_MIX(33); SHA_MIX(34);
- SHA_MIX(35); SHA_MIX(36); SHA_MIX(37); SHA_MIX(38); SHA_MIX(39);
- SHA_MIX(40); SHA_MIX(41); SHA_MIX(42); SHA_MIX(43); SHA_MIX(44);
- SHA_MIX(45); SHA_MIX(46); SHA_MIX(47); SHA_MIX(48); SHA_MIX(49);
- SHA_MIX(50); SHA_MIX(51); SHA_MIX(52); SHA_MIX(53); SHA_MIX(54);
- SHA_MIX(55); SHA_MIX(56); SHA_MIX(57); SHA_MIX(58); SHA_MIX(59);
- SHA_MIX(60); SHA_MIX(61); SHA_MIX(62); SHA_MIX(63); SHA_MIX(64);
- SHA_MIX(65); SHA_MIX(66); SHA_MIX(67); SHA_MIX(68); SHA_MIX(69);
- SHA_MIX(70); SHA_MIX(71); SHA_MIX(72); SHA_MIX(73); SHA_MIX(74);
- SHA_MIX(75); SHA_MIX(76); SHA_MIX(77); SHA_MIX(78); SHA_MIX(79);
-
- A = ctx->H[0];
- B = ctx->H[1];
- C = ctx->H[2];
- D = ctx->H[3];
- E = ctx->H[4];
-
- E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[ 0]+0x5a827999L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[ 1]+0x5a827999L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[ 2]+0x5a827999L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[ 3]+0x5a827999L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[ 4]+0x5a827999L; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[ 5]+0x5a827999L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[ 6]+0x5a827999L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[ 7]+0x5a827999L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[ 8]+0x5a827999L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[ 9]+0x5a827999L; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[10]+0x5a827999L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[11]+0x5a827999L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[12]+0x5a827999L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[13]+0x5a827999L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[14]+0x5a827999L; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[15]+0x5a827999L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[16]+0x5a827999L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[17]+0x5a827999L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[18]+0x5a827999L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[19]+0x5a827999L; C=SHA_ROTL(C,30);
-
- E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[20]+0x6ed9eba1L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[21]+0x6ed9eba1L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[22]+0x6ed9eba1L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[23]+0x6ed9eba1L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[24]+0x6ed9eba1L; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[25]+0x6ed9eba1L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[26]+0x6ed9eba1L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[27]+0x6ed9eba1L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[28]+0x6ed9eba1L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[29]+0x6ed9eba1L; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[30]+0x6ed9eba1L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[31]+0x6ed9eba1L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[32]+0x6ed9eba1L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[33]+0x6ed9eba1L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[34]+0x6ed9eba1L; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[35]+0x6ed9eba1L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[36]+0x6ed9eba1L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[37]+0x6ed9eba1L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[38]+0x6ed9eba1L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[39]+0x6ed9eba1L; C=SHA_ROTL(C,30);
-
- E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[40]+0x8f1bbcdcL; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[41]+0x8f1bbcdcL; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[42]+0x8f1bbcdcL; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[43]+0x8f1bbcdcL; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[44]+0x8f1bbcdcL; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[45]+0x8f1bbcdcL; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[46]+0x8f1bbcdcL; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[47]+0x8f1bbcdcL; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[48]+0x8f1bbcdcL; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[49]+0x8f1bbcdcL; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[50]+0x8f1bbcdcL; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[51]+0x8f1bbcdcL; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[52]+0x8f1bbcdcL; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[53]+0x8f1bbcdcL; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[54]+0x8f1bbcdcL; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[55]+0x8f1bbcdcL; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[56]+0x8f1bbcdcL; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[57]+0x8f1bbcdcL; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[58]+0x8f1bbcdcL; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[59]+0x8f1bbcdcL; C=SHA_ROTL(C,30);
-
- E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[60]+0xca62c1d6L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[61]+0xca62c1d6L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[62]+0xca62c1d6L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[63]+0xca62c1d6L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[64]+0xca62c1d6L; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[65]+0xca62c1d6L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[66]+0xca62c1d6L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[67]+0xca62c1d6L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[68]+0xca62c1d6L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[69]+0xca62c1d6L; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[70]+0xca62c1d6L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[71]+0xca62c1d6L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[72]+0xca62c1d6L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[73]+0xca62c1d6L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[74]+0xca62c1d6L; C=SHA_ROTL(C,30);
- E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[75]+0xca62c1d6L; B=SHA_ROTL(B,30);
- D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[76]+0xca62c1d6L; A=SHA_ROTL(A,30);
- C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[77]+0xca62c1d6L; E=SHA_ROTL(E,30);
- B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[78]+0xca62c1d6L; D=SHA_ROTL(D,30);
- A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[79]+0xca62c1d6L; C=SHA_ROTL(C,30);
-
- ctx->H[0] += A;
- ctx->H[1] += B;
- ctx->H[2] += C;
- ctx->H[3] += D;
- ctx->H[4] += E;
-}
-
-/*************************************************************************
-** Code below this line added to make SHA code support BLAPI interface
-*/
-
-SHA1Context *
-SHA1_NewContext(void)
-{
- SHA1Context *cx;
-
- cx = PORT_ZNew(SHA1Context);
- return cx;
-}
-
-void
-SHA1_DestroyContext(SHA1Context *cx, PRBool freeit)
-{
- if (freeit) {
- PORT_ZFree(cx, sizeof(SHA1Context));
- }
-}
-
-SECStatus
-SHA1_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
-{
- SHA1Context ctx;
- unsigned int outLen;
-
- SHA1_Begin(&ctx);
- SHA1_Update(&ctx, src, src_length);
- SHA1_End(&ctx, dest, &outLen, SHA1_LENGTH);
-
- return SECSuccess;
-}
-
-/* Hash a null-terminated character string. */
-SECStatus
-SHA1_Hash(unsigned char *dest, const char *src)
-{
- return SHA1_HashBuf(dest, (const unsigned char *)src, PORT_Strlen (src));
-}
-
-/*
- * need to support save/restore state in pkcs11. Stores all the info necessary
- * for a structure into just a stream of bytes.
- */
-unsigned int
-SHA1_FlattenSize(SHA1Context *cx)
-{
- return sizeof(SHA1Context);
-}
-
-SECStatus
-SHA1_Flatten(SHA1Context *cx,unsigned char *space)
-{
- PORT_Memcpy(space,cx, sizeof(SHA1Context));
- return SECSuccess;
-}
-
-SHA1Context *
-SHA1_Resurrect(unsigned char *space,void *arg)
-{
- SHA1Context *cx = SHA1_NewContext();
- if (cx == NULL) return NULL;
-
- PORT_Memcpy(cx,space, sizeof(SHA1Context));
- return cx;
-}
-
-#ifdef TRACING_SSL
-void
-SHA1_TraceState(SHA1Context *ctx)
-{
- uint32 W;
- int i;
- int len;
- int fixWord = -1;
- int remainder; /* bytes in last word */
- unsigned char buf[64 * 4];
-
- SSL_TRC(99, ("%d: SSL: SHA1 state: %08x %08x %08x %08x %08x", SSL_GETPID(),
- ctx->H[0], ctx->H[1], ctx->H[2], ctx->H[3], ctx->H[4]));
-
- len = (int)(ctx->sizeLo & 63);
- remainder = len % 4;
- if (remainder)
- fixWord = len - remainder;
- for (i = 0; i < len; i++) {
- if (0 == (i % 4)) {
- W = ctx->W[i / 4];
- if (i == fixWord) {
- W <<= 8 * (4 - remainder);
- }
- }
- buf[i] = (unsigned char)(W >> 24);
- W <<= 8;
- }
-
- PRINT_BUF(99, (0, "SHA1_TraceState: buffered input", buf, len));
-
-}
-#endif
diff --git a/security/nss/lib/jar/Makefile b/security/nss/lib/jar/Makefile
deleted file mode 100644
index 063e5daf7..000000000
--- a/security/nss/lib/jar/Makefile
+++ /dev/null
@@ -1,39 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-include manifest.mn
-include $(CORE_DEPTH)/coreconf/config.mk
-include config.mk
-include $(CORE_DEPTH)/coreconf/rules.mk
-
diff --git a/security/nss/lib/jar/config.mk b/security/nss/lib/jar/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/jar/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/jar/jar-ds.c b/security/nss/lib/jar/jar-ds.c
deleted file mode 100644
index f5a40cad5..000000000
--- a/security/nss/lib/jar/jar-ds.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "jar.h"
-
-/* These are old DS_* routines renamed to ZZ_* */
-
-ZZList *ZZ_NewList()
- {
- ZZList *list;
-
- list = (ZZList *) PORT_ZAlloc (sizeof (ZZList));
-
- if (list)
- ZZ_InitList (list);
-
- return list;
- }
-
-ZZLink *ZZ_NewLink (JAR_Item *thing)
- {
- ZZLink *link;
-
- link = (ZZLink *) PORT_ZAlloc (sizeof (ZZLink));
-
- if (link)
- link->thing = thing;
-
- return link;
- }
-
-void ZZ_DestroyLink (ZZLink *link)
- {
- PORT_Free (link);
- }
-
-void ZZ_DestroyList (ZZList *list)
- {
- PORT_Free (list);
- }
diff --git a/security/nss/lib/jar/jar-ds.h b/security/nss/lib/jar/jar-ds.h
deleted file mode 100644
index 36716d97c..000000000
--- a/security/nss/lib/jar/jar-ds.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef __JAR_DS_h_
-#define __JAR_DS_h_
-
-/* Typedefs */
-typedef struct ZZLinkStr ZZLink;
-typedef struct ZZListStr ZZList;
-
-/*
-** Circular linked list. Each link contains a pointer to the object that
-** is actually in the list.
-*/
-struct ZZLinkStr
-{
- ZZLink *next;
- ZZLink *prev;
- JAR_Item *thing;
-};
-
-struct ZZListStr
-{
- ZZLink link;
-};
-
-#define ZZ_InitList(lst) \
-{ \
- (lst)->link.next = &(lst)->link; \
- (lst)->link.prev = &(lst)->link; \
- (lst)->link.thing = 0; \
-}
-
-#define ZZ_ListEmpty(lst) \
- ((lst)->link.next == &(lst)->link)
-
-#define ZZ_ListHead(lst) \
- ((lst)->link.next)
-
-#define ZZ_ListTail(lst) \
- ((lst)->link.prev)
-
-#define ZZ_ListIterDone(lst,lnk) \
- ((lnk) == &(lst)->link)
-
-#define ZZ_AppendLink(lst,lnk) \
-{ \
- (lnk)->next = &(lst)->link; \
- (lnk)->prev = (lst)->link.prev; \
- (lst)->link.prev->next = (lnk); \
- (lst)->link.prev = (lnk); \
-}
-
-#define ZZ_InsertLink(lst,lnk) \
-{ \
- (lnk)->next = (lst)->link.next; \
- (lnk)->prev = &(lst)->link; \
- (lst)->link.next->prev = (lnk); \
- (lst)->link.next = (lnk); \
-}
-
-#define ZZ_RemoveLink(lnk) \
-{ \
- (lnk)->next->prev = (lnk)->prev; \
- (lnk)->prev->next = (lnk)->next; \
- (lnk)->next = 0; \
- (lnk)->prev = 0; \
-}
-
-extern ZZLink *ZZ_NewLink (JAR_Item *thing);
-extern void ZZ_DestroyLink (ZZLink *link);
-extern ZZList *ZZ_NewList (void);
-extern void ZZ_DestroyList (ZZList *list);
-
-
-#endif /* __JAR_DS_h_ */
diff --git a/security/nss/lib/jar/jar.c b/security/nss/lib/jar/jar.c
deleted file mode 100644
index 99ba4ca0b..000000000
--- a/security/nss/lib/jar/jar.c
+++ /dev/null
@@ -1,833 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * JAR.C
- *
- * Jarnature.
- * Routines common to signing and validating.
- *
- */
-
-#include "jar.h"
-#include "jarint.h"
-
-static void jar_destroy_list (ZZList *list);
-
-static int jar_find_first_cert
- (JAR_Signer *signer, int type, JAR_Item **it);
-
-/*
- * J A R _ n e w
- *
- * Create a new instantiation of a manifest representation.
- * Use this as a token to any calls to this API.
- *
- */
-
-JAR *JAR_new (void)
- {
- JAR *jar;
-
- if ((jar = (JAR*)PORT_ZAlloc (sizeof (JAR))) == NULL)
- goto loser;
-
- if ((jar->manifest = ZZ_NewList()) == NULL)
- goto loser;
-
- if ((jar->hashes = ZZ_NewList()) == NULL)
- goto loser;
-
- if ((jar->phy = ZZ_NewList()) == NULL)
- goto loser;
-
- if ((jar->metainfo = ZZ_NewList()) == NULL)
- goto loser;
-
- if ((jar->signers = ZZ_NewList()) == NULL)
- goto loser;
-
- return jar;
-
-loser:
-
- if (jar)
- {
- if (jar->manifest)
- ZZ_DestroyList (jar->manifest);
-
- if (jar->hashes)
- ZZ_DestroyList (jar->hashes);
-
- if (jar->phy)
- ZZ_DestroyList (jar->phy);
-
- if (jar->metainfo)
- ZZ_DestroyList (jar->metainfo);
-
- if (jar->signers)
- ZZ_DestroyList (jar->signers);
-
- PORT_Free (jar);
- }
-
- return NULL;
- }
-
-/*
- * J A R _ d e s t r o y
- *
- * Godzilla.
- *
- */
-
-void PR_CALLBACK JAR_destroy (JAR *jar)
- {
- JAR *z;
-
- PORT_Assert( jar != NULL );
-
- if (jar == NULL)
- return;
-
- if (jar->fp) JAR_FCLOSE ((PRFileDesc*)jar->fp);
-
- if (jar->url) PORT_Free (jar->url);
- if (jar->filename) PORT_Free (jar->filename);
-
- /* Free the linked list elements */
-
- jar_destroy_list (jar->manifest);
- ZZ_DestroyList (jar->manifest);
-
- jar_destroy_list (jar->hashes);
- ZZ_DestroyList (jar->hashes);
-
- jar_destroy_list (jar->phy);
- ZZ_DestroyList (jar->phy);
-
- jar_destroy_list (jar->metainfo);
- ZZ_DestroyList (jar->metainfo);
-
- jar_destroy_list (jar->signers);
- ZZ_DestroyList (jar->signers);
-
- PORT_Free (jar);
- }
-
-static void jar_destroy_list (ZZList *list)
- {
- ZZLink *link, *oldlink;
-
- JAR_Item *it;
-
- JAR_Physical *phy;
- JAR_Digest *dig;
- JAR_Cert *fing;
- JAR_Metainfo *met;
- JAR_Signer *signer;
-
- if (list && !ZZ_ListEmpty (list))
- {
- link = ZZ_ListHead (list);
-
- while (!ZZ_ListIterDone (list, link))
- {
- it = link->thing;
- if (!it) goto next;
-
- if (it->pathname) PORT_Free (it->pathname);
-
- switch (it->type)
- {
- case jarTypeMeta:
-
- met = (JAR_Metainfo *) it->data;
- if (met)
- {
- if (met->header) PORT_Free (met->header);
- if (met->info) PORT_Free (met->info);
- PORT_Free (met);
- }
- break;
-
- case jarTypePhy:
-
- phy = (JAR_Physical *) it->data;
- if (phy)
- PORT_Free (phy);
- break;
-
- case jarTypeSign:
-
- fing = (JAR_Cert *) it->data;
- if (fing)
- {
- if (fing->cert)
- CERT_DestroyCertificate (fing->cert);
- if (fing->key)
- PORT_Free (fing->key);
- PORT_Free (fing);
- }
- break;
-
- case jarTypeSect:
- case jarTypeMF:
- case jarTypeSF:
-
- dig = (JAR_Digest *) it->data;
- if (dig)
- {
- PORT_Free (dig);
- }
- break;
-
- case jarTypeOwner:
-
- signer = (JAR_Signer *) it->data;
-
- if (signer)
- JAR_destroy_signer (signer);
-
- break;
-
- default:
-
- /* PORT_Assert( 1 != 2 ); */
- break;
- }
-
- PORT_Free (it);
-
- next:
-
- oldlink = link;
- link = link->next;
-
- ZZ_DestroyLink (oldlink);
- }
- }
- }
-
-/*
- * J A R _ g e t _ m e t a i n f o
- *
- * Retrieve meta information from the manifest file.
- * It doesn't matter whether it's from .MF or .SF, does it?
- *
- */
-
-int JAR_get_metainfo
- (JAR *jar, char *name, char *header, void **info, unsigned long *length)
- {
- JAR_Item *it;
-
- ZZLink *link;
- ZZList *list;
-
- JAR_Metainfo *met;
-
- PORT_Assert( jar != NULL && header != NULL );
-
- if (jar == NULL || header == NULL)
- return JAR_ERR_PNF;
-
- list = jar->metainfo;
-
- if (ZZ_ListEmpty (list))
- return JAR_ERR_PNF;
-
- for (link = ZZ_ListHead (list);
- !ZZ_ListIterDone (list, link);
- link = link->next)
- {
- it = link->thing;
- if (it->type == jarTypeMeta)
- {
- if ((name && !it->pathname) || (!name && it->pathname))
- continue;
-
- if (name && it->pathname && strcmp (it->pathname, name))
- continue;
-
- met = (JAR_Metainfo *) it->data;
-
- if (!PORT_Strcasecmp (met->header, header))
- {
- *info = PORT_Strdup (met->info);
- *length = PORT_Strlen (met->info);
- return 0;
- }
- }
- }
-
- return JAR_ERR_PNF;
- }
-
-/*
- * J A R _ f i n d
- *
- * Establish the search pattern for use
- * by JAR_find_next, to traverse the filenames
- * or certificates in the JAR structure.
- *
- * See jar.h for a description on how to use.
- *
- */
-
-JAR_Context *JAR_find (JAR *jar, char *pattern, jarType type)
- {
- JAR_Context *ctx;
-
- PORT_Assert( jar != NULL );
-
- if (!jar)
- return NULL;
-
- ctx = (JAR_Context *) PORT_ZAlloc (sizeof (JAR_Context));
-
- if (ctx == NULL)
- return NULL;
-
- ctx->jar = jar;
-
- if (pattern)
- {
- if ((ctx->pattern = PORT_Strdup (pattern)) == NULL)
- {
- PORT_Free (ctx);
- return NULL;
- }
- }
-
- ctx->finding = type;
-
- switch (type)
- {
- case jarTypeMF: ctx->next = ZZ_ListHead (jar->hashes);
- break;
-
- case jarTypeSF:
- case jarTypeSign: ctx->next = NULL;
- ctx->nextsign = ZZ_ListHead (jar->signers);
- break;
-
- case jarTypeSect: ctx->next = ZZ_ListHead (jar->manifest);
- break;
-
- case jarTypePhy: ctx->next = ZZ_ListHead (jar->phy);
- break;
-
- case jarTypeOwner: if (jar->signers)
- ctx->next = ZZ_ListHead (jar->signers);
- else
- ctx->next = NULL;
- break;
-
- case jarTypeMeta: ctx->next = ZZ_ListHead (jar->metainfo);
- break;
-
- default: PORT_Assert( 1 != 2);
- break;
- }
-
- return ctx;
- }
-
-/*
- * J A R _ f i n d _ e n d
- *
- * Destroy the find iterator context.
- *
- */
-
-void JAR_find_end (JAR_Context *ctx)
- {
- PORT_Assert( ctx != NULL );
-
- if (ctx)
- {
- if (ctx->pattern)
- PORT_Free (ctx->pattern);
- PORT_Free (ctx);
- }
- }
-
-/*
- * J A R _ f i n d _ n e x t
- *
- * Return the next item of the given type
- * from one of the JAR linked lists.
- *
- */
-
-int JAR_find_next (JAR_Context *ctx, JAR_Item **it)
- {
- JAR *jar;
- ZZList *list;
-
- int finding;
-
- JAR_Signer *signer = NULL;
-
- PORT_Assert( ctx != NULL );
- PORT_Assert( ctx->jar != NULL );
-
- jar = ctx->jar;
-
- /* Internally, convert jarTypeSign to jarTypeSF, and return
- the actual attached certificate later */
-
- finding = (ctx->finding == jarTypeSign) ? jarTypeSF : ctx->finding;
-
- if (ctx->nextsign)
- {
- if (ZZ_ListIterDone (jar->signers, ctx->nextsign))
- {
- *it = NULL;
- return -1;
- }
- PORT_Assert (ctx->nextsign->thing != NULL);
- signer = (JAR_Signer*)ctx->nextsign->thing->data;
- }
-
-
- /* Find out which linked list to traverse. Then if
- necessary, advance to the next linked list. */
-
- while (1)
- {
- switch (finding)
- {
- case jarTypeSign: /* not any more */
- PORT_Assert( finding != jarTypeSign );
- list = signer->certs;
- break;
-
- case jarTypeSect: list = jar->manifest;
- break;
-
- case jarTypePhy: list = jar->phy;
- break;
-
- case jarTypeSF: /* signer, not jar */
- PORT_Assert( signer != NULL );
- list = signer->sf;
- break;
-
- case jarTypeMF: list = jar->hashes;
- break;
-
- case jarTypeOwner: list = jar->signers;
- break;
-
- case jarTypeMeta: list = jar->metainfo;
- break;
-
- default: PORT_Assert( 1 != 2 );
- break;
- }
-
- if (list == NULL)
- {
- *it = NULL;
- return -1;
- }
-
- /* When looping over lists of lists, advance
- to the next signer. This is done when multiple
- signers are possible. */
-
- if (ZZ_ListIterDone (list, ctx->next))
- {
- if (ctx->nextsign && jar->signers)
- {
- ctx->nextsign = ctx->nextsign->next;
- if (!ZZ_ListIterDone (jar->signers, ctx->nextsign))
- {
- PORT_Assert (ctx->nextsign->thing != NULL);
-
- signer = (JAR_Signer*)ctx->nextsign->thing->data;
- PORT_Assert( signer != NULL );
-
- ctx->next = NULL;
- continue;
- }
- }
- *it = NULL;
- return -1;
- }
-
- /* if the signer changed, still need to fill
- in the "next" link */
-
- if (ctx->nextsign && ctx->next == NULL)
- {
- switch (finding)
- {
- case jarTypeSF:
-
- ctx->next = ZZ_ListHead (signer->sf);
- break;
-
- case jarTypeSign:
-
- ctx->next = ZZ_ListHead (signer->certs);
- break;
- }
- }
-
- PORT_Assert( ctx->next != NULL );
-
-
- while (!ZZ_ListIterDone (list, ctx->next))
- {
- *it = ctx->next->thing;
- ctx->next = ctx->next->next;
-
- if (!it || !*it || (*it)->type != finding)
- continue;
-
- if (ctx->pattern && *ctx->pattern)
- {
- if (PORT_Strcmp ((*it)->pathname, ctx->pattern))
- continue;
- }
-
- /* We have a valid match. If this is a jarTypeSign
- return the certificate instead.. */
-
- if (ctx->finding == jarTypeSign)
- {
- JAR_Item *itt;
-
- /* just the first one for now */
- if (jar_find_first_cert (signer, jarTypeSign, &itt) >= 0)
- {
- *it = itt;
- return 0;
- }
-
- continue;
- }
-
- return 0;
- }
-
- } /* end while */
- }
-
-static int jar_find_first_cert
- (JAR_Signer *signer, int type, JAR_Item **it)
- {
- ZZLink *link;
- ZZList *list;
-
- int status = JAR_ERR_PNF;
-
- list = signer->certs;
-
- *it = NULL;
-
- if (ZZ_ListEmpty (list))
- {
- /* empty list */
- return JAR_ERR_PNF;
- }
-
- for (link = ZZ_ListHead (list);
- !ZZ_ListIterDone (list, link);
- link = link->next)
- {
- if (link->thing->type == type)
- {
- *it = link->thing;
- status = 0;
- break;
- }
- }
-
- return status;
- }
-
-JAR_Signer *JAR_new_signer (void)
- {
- JAR_Signer *signer;
-
- signer = (JAR_Signer *) PORT_ZAlloc (sizeof (JAR_Signer));
-
- if (signer == NULL)
- goto loser;
-
-
- /* certs */
- signer->certs = ZZ_NewList();
-
- if (signer->certs == NULL)
- goto loser;
-
-
- /* sf */
- signer->sf = ZZ_NewList();
-
- if (signer->sf == NULL)
- goto loser;
-
-
- return signer;
-
-
-loser:
-
- if (signer)
- {
- if (signer->certs)
- ZZ_DestroyList (signer->certs);
-
- if (signer->sf)
- ZZ_DestroyList (signer->sf);
-
- PORT_Free (signer);
- }
-
- return NULL;
- }
-
-void JAR_destroy_signer (JAR_Signer *signer)
- {
- if (signer)
- {
- if (signer->owner) PORT_Free (signer->owner);
- if (signer->digest) PORT_Free (signer->digest);
-
- jar_destroy_list (signer->sf);
- ZZ_DestroyList (signer->sf);
-
- jar_destroy_list (signer->certs);
- ZZ_DestroyList (signer->certs);
-
- PORT_Free (signer);
- }
- }
-
-JAR_Signer *jar_get_signer (JAR *jar, char *basename)
- {
- JAR_Item *it;
- JAR_Context *ctx;
-
- JAR_Signer *candidate;
- JAR_Signer *signer = NULL;
-
- ctx = JAR_find (jar, NULL, jarTypeOwner);
-
- if (ctx == NULL)
- return NULL;
-
- while (JAR_find_next (ctx, &it) >= 0)
- {
- candidate = (JAR_Signer *) it->data;
- if (*basename == '*' || !PORT_Strcmp (candidate->owner, basename))
- {
- signer = candidate;
- break;
- }
- }
-
- JAR_find_end (ctx);
-
- return signer;
- }
-
-/*
- * J A R _ g e t _ f i l e n a m e
- *
- * Returns the filename associated with
- * a JAR structure.
- *
- */
-
-char *JAR_get_filename (JAR *jar)
- {
- return jar->filename;
- }
-
-/*
- * J A R _ g e t _ u r l
- *
- * Returns the URL associated with
- * a JAR structure. Nobody really uses this now.
- *
- */
-
-char *JAR_get_url (JAR *jar)
- {
- return jar->url;
- }
-
-/*
- * J A R _ s e t _ c a l l b a c k
- *
- * Register some manner of callback function for this jar.
- *
- */
-
-int JAR_set_callback (int type, JAR *jar,
- int (*fn) (int status, JAR *jar,
- const char *metafile, char *pathname, char *errortext))
- {
- if (type == JAR_CB_SIGNAL)
- {
- jar->signal = fn;
- return 0;
- }
- else
- return -1;
- }
-
-/*
- * Callbacks
- *
- */
-
-/* To return an error string */
-char *(*jar_fn_GetString) (int) = NULL;
-
-/* To return an MWContext for Java */
-void *(*jar_fn_FindSomeContext) (void) = NULL;
-
-/* To fabricate an MWContext for FE_GetPassword */
-void *(*jar_fn_GetInitContext) (void) = NULL;
-
-void
-JAR_init_callbacks
- (
- char *(*string_cb)(int),
- void *(*find_cx)(void),
- void *(*init_cx)(void)
- )
- {
- jar_fn_GetString = string_cb;
- jar_fn_FindSomeContext = find_cx;
- jar_fn_GetInitContext = init_cx;
- }
-
-/*
- * J A R _ g e t _ e r r o r
- *
- * This is provided to map internal JAR errors to strings for
- * the Java console. Also, a DLL may call this function if it does
- * not have access to the XP_GetString function.
- *
- * These strings aren't UI, since they are Java console only.
- *
- */
-
-char *JAR_get_error (int status)
- {
- char *errstring = NULL;
-
- switch (status)
- {
- case JAR_ERR_GENERAL:
- errstring = "General JAR file error";
- break;
-
- case JAR_ERR_FNF:
- errstring = "JAR file not found";
- break;
-
- case JAR_ERR_CORRUPT:
- errstring = "Corrupt JAR file";
- break;
-
- case JAR_ERR_MEMORY:
- errstring = "Out of memory";
- break;
-
- case JAR_ERR_DISK:
- errstring = "Disk error (perhaps out of space)";
- break;
-
- case JAR_ERR_ORDER:
- errstring = "Inconsistent files in META-INF directory";
- break;
-
- case JAR_ERR_SIG:
- errstring = "Invalid digital signature file";
- break;
-
- case JAR_ERR_METADATA:
- errstring = "JAR metadata failed verification";
- break;
-
- case JAR_ERR_ENTRY:
- errstring = "No Manifest entry for this JAR entry";
- break;
-
- case JAR_ERR_HASH:
- errstring = "Invalid Hash of this JAR entry";
- break;
-
- case JAR_ERR_PK7:
- errstring = "Strange PKCS7 or RSA failure";
- break;
-
- case JAR_ERR_PNF:
- errstring = "Path not found inside JAR file";
- break;
-
- default:
- if (jar_fn_GetString)
- {
- errstring = jar_fn_GetString (status);
- }
- else
- {
- /* this is not a normal situation, and would only be
- called in cases of improper initialization */
-
- char *err;
-
- err = (char*)PORT_Alloc (40);
- if (err)
- PR_snprintf (err, 39, "Error %d\n", status);
- else
- err = "Error! Bad! Out of memory!";
-
- return err;
- }
- break;
- }
-
- return errstring;
- }
diff --git a/security/nss/lib/jar/jar.h b/security/nss/lib/jar/jar.h
deleted file mode 100644
index 1b21e6292..000000000
--- a/security/nss/lib/jar/jar.h
+++ /dev/null
@@ -1,477 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef __JAR_h_
-#define __JAR_h_
-
-/*
- * In general, any functions that return pointers
- * have memory owned by the caller.
- *
- */
-
-/* security includes */
-#include "cert.h"
-
-/* nspr 2.0 includes */
-#include "prio.h"
-
-#ifndef ZHUGEP
-#ifdef XP_WIN16
-#define ZHUGEP __huge
-#else
-#define ZHUGEP
-#endif
-#endif
-
-#include "stdio.h"
-
-/* various types */
-
-typedef enum
- {
- jarTypeMF = 2,
- jarTypeSF = 3,
- jarTypeMeta = 6,
- jarTypePhy = 7,
- jarTypeSign = 10,
- jarTypeSect = 11,
- jarTypeOwner = 13
- }
-jarType;
-
-/* void data in ZZList's contain JAR_Item type */
-
-typedef struct JAR_Item_
- {
- char *pathname; /* relative. inside zip file */
- jarType type; /* various types */
- size_t size; /* size of data below */
- void *data; /* totally opaque */
- }
-JAR_Item;
-
-
-/* hashes */
-
-typedef enum
- {
- jarHashNone = 0,
- jarHashBad = 1,
- jarHashPresent = 2
- }
-jarHash;
-
-typedef struct JAR_Digest_
- {
- jarHash md5_status;
- unsigned char md5 [MD5_LENGTH];
- jarHash sha1_status;
- unsigned char sha1 [SHA1_LENGTH];
- }
-JAR_Digest;
-
-
-/* physical archive formats */
-
-typedef enum
- {
- jarArchGuess = 0,
- jarArchNone = 1,
- jarArchZip = 2,
- jarArchTar = 3
- }
-jarArch;
-
-
-#include "jar-ds.h"
-
-/* jar object */
-
-typedef struct JAR_
- {
- jarArch format; /* physical archive format */
- char *url; /* Where it came from */
- char *filename; /* Disk location */
- FILE *fp; /* For multiple extractions */ /* JAR_FILE */
-
- /* various linked lists */
-
- ZZList *manifest; /* Digests of MF sections */
- ZZList *hashes; /* Digests of actual signed files */
- ZZList *phy; /* Physical layout of JAR file */
- ZZList *metainfo; /* Global metainfo */
-
- JAR_Digest *globalmeta; /* digest of .MF global portion */
-
- /* Below will change to a linked list to support multiple sigs */
-
- int pkcs7; /* Enforced opaqueness */
- int valid; /* PKCS7 signature validated */
-
- ZZList *signers; /* the above, per signer */
-
- /* Window context, very necessary for PKCS11 now */
-
- void *mw; /* MWContext window context */
-
- /* Signal callback function */
-
- int (*signal) (int status, struct JAR_ *jar,
- const char *metafile, char *pathname, char *errorstring);
- }
-JAR;
-
-
-/*
- * Iterator
- *
- * Context for iterative operations. Certain operations
- * require iterating multiple linked lists because of
- * multiple signers. "nextsign" is used for this purpose.
- *
- */
-
-typedef struct JAR_Context_
- {
- JAR *jar; /* Jar we are searching */
- char *pattern; /* Regular expression */
- jarType finding; /* Type of item to find */
- ZZLink *next; /* Next item in find */
- ZZLink *nextsign; /* Next signer, sometimes */
- }
-JAR_Context;
-
-typedef struct JAR_Signer_
- {
- int pkcs7; /* Enforced opaqueness */
- int valid; /* PKCS7 signature validated */
- char *owner; /* name of .RSA file */
- JAR_Digest *digest; /* of .SF file */
- ZZList *sf; /* Linked list of .SF file contents */
- ZZList *certs; /* Signing information */
- }
-JAR_Signer;
-
-
-/* Meta informaton, or "policy", from the manifest file.
- Right now just one tuple per JAR_Item. */
-
-typedef struct JAR_Metainfo_
- {
- char *header;
- char *info;
- }
-JAR_Metainfo;
-
-/* This should not be global */
-
-typedef struct JAR_Physical_
- {
- unsigned char compression;
- unsigned long offset;
- unsigned long length;
- unsigned long uncompressed_length;
-#ifdef XP_UNIX
- uint16 mode;
-#endif
- }
-JAR_Physical;
-
-typedef struct JAR_Cert_
- {
- size_t length;
- void *key;
- CERTCertificate *cert;
- }
-JAR_Cert;
-
-
-/* certificate stuff */
-
-typedef enum
- {
- jarCertCompany = 1,
- jarCertCA = 2,
- jarCertSerial = 3,
- jarCertExpires = 4,
- jarCertNickname = 5,
- jarCertFinger = 6,
- jarCertJavaHack = 100
- }
-jarCert;
-
-/* callback types */
-
-#define JAR_CB_SIGNAL 1
-
-
-/*
- * This is the base for the JAR error codes. It will
- * change when these are incorporated into allxpstr.c,
- * but right now they won't let me put them there.
- *
- */
-
-#ifndef SEC_ERR_BASE
-#define SEC_ERR_BASE (-0x2000)
-#endif
-
-#define JAR_BASE SEC_ERR_BASE + 300
-
-/* Jar specific error definitions */
-
-#define JAR_ERR_GENERAL (JAR_BASE + 1)
-#define JAR_ERR_FNF (JAR_BASE + 2)
-#define JAR_ERR_CORRUPT (JAR_BASE + 3)
-#define JAR_ERR_MEMORY (JAR_BASE + 4)
-#define JAR_ERR_DISK (JAR_BASE + 5)
-#define JAR_ERR_ORDER (JAR_BASE + 6)
-#define JAR_ERR_SIG (JAR_BASE + 7)
-#define JAR_ERR_METADATA (JAR_BASE + 8)
-#define JAR_ERR_ENTRY (JAR_BASE + 9)
-#define JAR_ERR_HASH (JAR_BASE + 10)
-#define JAR_ERR_PK7 (JAR_BASE + 11)
-#define JAR_ERR_PNF (JAR_BASE + 12)
-
-
-/*
- * Birth and death
- *
- */
-
-extern JAR *JAR_new (void);
-
-extern void PR_CALLBACK JAR_destroy (JAR *jar);
-
-extern char *JAR_get_error (int status);
-
-extern int JAR_set_callback (int type, JAR *jar,
- int (*fn) (int status, JAR *jar,
- const char *metafile, char *pathname, char *errortext));
-
-extern void JAR_init_callbacks
- ( char *(*string_cb)(int), void *(*find_cx)(void), void *(*init_cx)(void) );
-
-/*
- * JAR_set_context
- *
- * PKCS11 may require a password to be entered by the user
- * before any crypto routines may be called. This will require
- * a window context if used from inside Mozilla.
- *
- * Call this routine with your context before calling
- * verifying or signing. If you have no context, call with NULL
- * and one will be chosen for you.
- *
- */
-
-int JAR_set_context (JAR *jar, void /*MWContext*/ *mw);
-
-/*
- * Iterative operations
- *
- * JAR_find sets up for repeated calls with JAR_find_next.
- * I never liked findfirst and findnext, this is nicer.
- *
- * Pattern contains a relative pathname to match inside the
- * archive. It is currently assumed to be "*".
- *
- * To use:
- *
- * JAR_Item *item;
- * JAR_find (jar, "*.class", jarTypeMF);
- * while (JAR_find_next (jar, &item) >= 0)
- * { do stuff }
- *
- */
-
-
-/* Replacement functions with an external context */
-
-extern JAR_Context *JAR_find (JAR *jar, char *pattern, jarType type);
-
-extern int JAR_find_next (JAR_Context *ctx, JAR_Item **it);
-
-extern void JAR_find_end (JAR_Context *ctx);
-
-
-/*
- * Function to parse manifest file:
- *
- * Many signatures may be attached to a single filename located
- * inside the zip file. We only support one.
- *
- * Several manifests may be included in the zip file.
- *
- * You must pass the MANIFEST.MF file before any .SF files.
- *
- * Right now this returns a big ole list, privately in the jar structure.
- * If you need to traverse it, use JAR_find if possible.
- *
- * The path is needed to determine what type of binary signature is
- * being passed, though it is technically not needed for manifest files.
- *
- * When parsing an ASCII file, null terminate the ASCII raw_manifest
- * prior to sending it, and indicate a length of 0. For binary digital
- * signatures only, indicate the true length of the signature.
- * (This is legacy behavior.)
- *
- * You may free the manifest after parsing it.
- *
- */
-
-extern int JAR_parse_manifest
- (JAR *jar, char ZHUGEP *raw_manifest,
- long length, const char *path, const char *url);
-
-/*
- * Verify data (nonstreaming). The signature is actually
- * checked by JAR_parse_manifest or JAR_pass_archive.
- *
- */
-
-extern JAR_Digest * PR_CALLBACK JAR_calculate_digest
- (void ZHUGEP *data, long length);
-
-extern int PR_CALLBACK JAR_verify_digest
- (JAR *jar, const char *name, JAR_Digest *dig);
-
-extern int JAR_digest_file (char *filename, JAR_Digest *dig);
-
-/*
- * Get attribute from certificate:
- *
- * Returns any special signed attribute associated with this cert
- * or signature (passed in "data"). Attributes jarCert*. Most of the time
- * this will return a zero terminated string.
- *
- */
-
-extern int PR_CALLBACK JAR_cert_attribute
- (JAR *jar, jarCert attrib, long keylen, void *key,
- void **result, unsigned long *length);
-
-/*
- * Meta information
- *
- * Currently, since this call does not support passing of an owner
- * (certificate, or physical name of the .sf file), it is restricted to
- * returning information located in the manifest.mf file.
- *
- * Meta information is a name/value pair inside the archive file. Here,
- * the name is passed in *header and value returned in **info.
- *
- * Pass a NULL as the name to retrieve metainfo from the global section.
- *
- * Data is returned in **info, of size *length. The return value
- * will indicate if no data was found.
- *
- */
-
-extern int JAR_get_metainfo
- (JAR *jar, char *name, char *header, void **info, unsigned long *length);
-
-extern char *JAR_get_filename (JAR *jar);
-
-extern char *JAR_get_url (JAR *jar);
-
-/*
- * Return an HTML mockup of a certificate or signature.
- *
- * Returns a zero terminated ascii string
- * in raw HTML format.
- *
- */
-
-extern char *JAR_cert_html
- (JAR *jar, int style, long keylen, void *key, int *result);
-
-/* save the certificate with this fingerprint in persistent
- storage, somewhere, for retrieval in a future session when there
- is no corresponding JAR structure. */
-
-extern int PR_CALLBACK JAR_stash_cert
- (JAR *jar, long keylen, void *key);
-
-/* retrieve a certificate presumably stashed with the above
- function, but may be any certificate. Type is &CERTCertificate */
-
-void *JAR_fetch_cert (long length, void *key);
-
-/*
- * New functions to handle archives alone
- * (call JAR_new beforehand)
- *
- * JAR_pass_archive acts much like parse_manifest. Certificates
- * are returned in the JAR structure but as opaque data. When calling
- * JAR_verified_extract you still need to decide which of these
- * certificates to honor.
- *
- * Code to examine a JAR structure is in jarbert.c. You can obtain both
- * a list of filenames and certificates from traversing the linked list.
- *
- */
-
-extern int JAR_pass_archive
- (JAR *jar, jarArch format, char *filename, const char *url);
-
-/*
- * Same thing, but don't check signatures
- */
-extern int JAR_pass_archive_unverified
- (JAR *jar, jarArch format, char *filename, const char *url);
-
-/*
- * Extracts a relative pathname from the archive and places it
- * in the filename specified.
- *
- * Call JAR_set_nailed if you want to keep the file descriptors
- * open between multiple calls to JAR_verify_extract.
- *
- */
-
-extern int JAR_verified_extract
- (JAR *jar, char *path, char *outpath);
-
-/*
- * JAR_extract does no crypto checking. This can be used if you
- * need to extract a manifest file or signature, etc.
- *
- */
-
-extern int JAR_extract
- (JAR *jar, char *path, char *outpath);
-
-
-#endif /* __JAR_h_ */
diff --git a/security/nss/lib/jar/jarevil.c b/security/nss/lib/jar/jarevil.c
deleted file mode 100644
index feecd43b0..000000000
--- a/security/nss/lib/jar/jarevil.c
+++ /dev/null
@@ -1,571 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * JAREVIL
- *
- * Wrappers to callback in the mozilla thread
- *
- * Certificate code is unsafe when called outside the
- * mozilla thread. These functions push an event on the
- * queue to cause the cert function to run in that thread.
- *
- */
-
-#include "jar.h"
-#include "jarint.h"
-
-#include "jarevil.h"
-
-/* from libevent.h */
-#ifdef MOZILLA_CLIENT
-typedef void (*ETVoidPtrFunc) (void * data);
-extern void ET_moz_CallFunction (ETVoidPtrFunc fn, void *data);
-
-extern void *mozilla_event_queue;
-#endif
-
-
-/* Special macros facilitate running on Win 16 */
-#if defined(XP_PC) && !defined(_WIN32) /* then we are win 16 */
-
- /*
- * Allocate the data passed to the callback functions from the heap...
- *
- * This inter-thread structure cannot reside on a thread stack since the
- * thread's stack is swapped away with the thread under Win16...
- */
-
- #define ALLOC_OR_DEFINE(type, pointer_var_name, out_of_memory_return_value) \
- type * pointer_var_name = PORT_ZAlloc (sizeof(type)); \
- do { \
- if (!pointer_var_name) \
- return (out_of_memory_return_value); \
- } while (0) /* and now a semicolon can follow :-) */
-
- #define FREE_IF_ALLOC_IS_USED(pointer_var_name) PORT_Free(pointer_var_name)
-
-#else /* not win 16... so we can alloc via auto variables */
-
- #define ALLOC_OR_DEFINE(type, pointer_var_name, out_of_memory_return_value) \
- type actual_structure_allocated_in_macro; \
- type * pointer_var_name = &actual_structure_allocated_in_macro; \
- PORT_Memset (pointer_var_name, 0, sizeof (*pointer_var_name)); \
- ((void) 0) /* and now a semicolon can follow */
-
- #define FREE_IF_ALLOC_IS_USED(pointer_var_name) ((void) 0)
-
-#endif /* not Win 16 */
-
-/* --- --- --- --- --- --- --- --- --- --- --- --- --- */
-
-/*
- * JAR_MOZ_encode
- *
- * Call SEC_PKCS7Encode inside
- * the mozilla thread
- *
- */
-
-struct EVIL_encode
- {
- int error;
- SECStatus status;
- SEC_PKCS7ContentInfo *cinfo;
- SEC_PKCS7EncoderOutputCallback outputfn;
- void *outputarg;
- PK11SymKey *bulkkey;
- SECKEYGetPasswordKey pwfn;
- void *pwfnarg;
- };
-
-
-/* This is called inside the mozilla thread */
-
-PR_STATIC_CALLBACK(void) jar_moz_encode_fn (void *data)
- {
- SECStatus status;
- struct EVIL_encode *encode_data = (struct EVIL_encode *)data;
-
- PORT_SetError (encode_data->error);
-
- status = SEC_PKCS7Encode (encode_data->cinfo, encode_data->outputfn,
- encode_data->outputarg, encode_data->bulkkey,
- encode_data->pwfn, encode_data->pwfnarg);
-
- encode_data->status = status;
- encode_data->error = PORT_GetError();
- }
-
-
-/* Wrapper for the ET_MOZ call */
-
-SECStatus jar_moz_encode
- (
- SEC_PKCS7ContentInfo *cinfo,
- SEC_PKCS7EncoderOutputCallback outputfn,
- void *outputarg,
- PK11SymKey *bulkkey,
- SECKEYGetPasswordKey pwfn,
- void *pwfnarg
- )
- {
- SECStatus ret;
- ALLOC_OR_DEFINE(struct EVIL_encode, encode_data, SECFailure);
-
- encode_data->error = PORT_GetError();
- encode_data->cinfo = cinfo;
- encode_data->outputfn = outputfn;
- encode_data->outputarg = outputarg;
- encode_data->bulkkey = bulkkey;
- encode_data->pwfn = pwfn;
- encode_data->pwfnarg = pwfnarg;
-
- /* Synchronously invoke the callback function on the mozilla thread. */
-#ifdef MOZILLA_CLIENT
- if (mozilla_event_queue)
- ET_moz_CallFunction (jar_moz_encode_fn, encode_data);
- else
- jar_moz_encode_fn (encode_data);
-#else
- jar_moz_encode_fn (encode_data);
-#endif
-
- PORT_SetError (encode_data->error);
- ret = encode_data->status;
-
- /* Free the data passed to the callback function... */
- FREE_IF_ALLOC_IS_USED(encode_data);
- return ret;
- }
-
-/* --- --- --- --- --- --- --- --- --- --- --- --- --- */
-
-/*
- * JAR_MOZ_verify
- *
- * Call SEC_PKCS7VerifyDetachedSignature inside
- * the mozilla thread
- *
- */
-
-struct EVIL_verify
- {
- int error;
- SECStatus status;
- SEC_PKCS7ContentInfo *cinfo;
- SECCertUsage certusage;
- SECItem *detached_digest;
- HASH_HashType digest_type;
- PRBool keepcerts;
- };
-
-/* This is called inside the mozilla thread */
-
-PR_STATIC_CALLBACK(void) jar_moz_verify_fn (void *data)
- {
- PRBool result;
- struct EVIL_verify *verify_data = (struct EVIL_verify *)data;
-
- PORT_SetError (verify_data->error);
-
- result = SEC_PKCS7VerifyDetachedSignature
- (verify_data->cinfo, verify_data->certusage, verify_data->detached_digest,
- verify_data->digest_type, verify_data->keepcerts);
-
-
- verify_data->status = result==PR_TRUE ? SECSuccess : SECFailure;
- verify_data->error = PORT_GetError();
- }
-
-
-/* Wrapper for the ET_MOZ call */
-
-SECStatus jar_moz_verify
- (
- SEC_PKCS7ContentInfo *cinfo,
- SECCertUsage certusage,
- SECItem *detached_digest,
- HASH_HashType digest_type,
- PRBool keepcerts
- )
- {
- SECStatus ret;
- ALLOC_OR_DEFINE(struct EVIL_verify, verify_data, SECFailure);
-
- verify_data->error = PORT_GetError();
- verify_data->cinfo = cinfo;
- verify_data->certusage = certusage;
- verify_data->detached_digest = detached_digest;
- verify_data->digest_type = digest_type;
- verify_data->keepcerts = keepcerts;
-
- /* Synchronously invoke the callback function on the mozilla thread. */
-#ifdef MOZILLA_CLIENT
- if (mozilla_event_queue)
- ET_moz_CallFunction (jar_moz_verify_fn, verify_data);
- else
- jar_moz_verify_fn (verify_data);
-#else
- jar_moz_verify_fn (verify_data);
-#endif
-
- PORT_SetError (verify_data->error);
- ret = verify_data->status;
-
- /* Free the data passed to the callback function... */
- FREE_IF_ALLOC_IS_USED(verify_data);
- return ret;
- }
-
-/* --- --- --- --- --- --- --- --- --- --- --- --- --- */
-
-/*
- * JAR_MOZ_nickname
- *
- * Call CERT_FindCertByNickname inside
- * the mozilla thread
- *
- */
-
-struct EVIL_nickname
- {
- int error;
- CERTCertDBHandle *certdb;
- char *nickname;
- CERTCertificate *cert;
- };
-
-
-/* This is called inside the mozilla thread */
-
-PR_STATIC_CALLBACK(void) jar_moz_nickname_fn (void *data)
- {
- CERTCertificate *cert;
- struct EVIL_nickname *nickname_data = (struct EVIL_nickname *)data;
-
- PORT_SetError (nickname_data->error);
-
- cert = CERT_FindCertByNickname (nickname_data->certdb, nickname_data->nickname);
-
- nickname_data->cert = cert;
- nickname_data->error = PORT_GetError();
- }
-
-
-/* Wrapper for the ET_MOZ call */
-
-CERTCertificate *jar_moz_nickname (CERTCertDBHandle *certdb, char *nickname)
- {
- CERTCertificate *cert;
- ALLOC_OR_DEFINE(struct EVIL_nickname, nickname_data, NULL );
-
- nickname_data->error = PORT_GetError();
- nickname_data->certdb = certdb;
- nickname_data->nickname = nickname;
-
- /* Synchronously invoke the callback function on the mozilla thread. */
-#ifdef MOZILLA_CLIENT
- if (mozilla_event_queue)
- ET_moz_CallFunction (jar_moz_nickname_fn, nickname_data);
- else
- jar_moz_nickname_fn (nickname_data);
-#else
- jar_moz_nickname_fn (nickname_data);
-#endif
-
- PORT_SetError (nickname_data->error);
- cert = nickname_data->cert;
-
- /* Free the data passed to the callback function... */
- FREE_IF_ALLOC_IS_USED(nickname_data);
- return cert;
- }
-
-/* --- --- --- --- --- --- --- --- --- --- --- --- --- */
-
-/*
- * JAR_MOZ_perm
- *
- * Call CERT_AddTempCertToPerm inside
- * the mozilla thread
- *
- */
-
-struct EVIL_perm
- {
- int error;
- SECStatus status;
- CERTCertificate *cert;
- char *nickname;
- CERTCertTrust *trust;
- };
-
-
-/* This is called inside the mozilla thread */
-
-PR_STATIC_CALLBACK(void) jar_moz_perm_fn (void *data)
- {
- SECStatus status;
- struct EVIL_perm *perm_data = (struct EVIL_perm *)data;
-
- PORT_SetError (perm_data->error);
-
- status = CERT_AddTempCertToPerm (perm_data->cert, perm_data->nickname, perm_data->trust);
-
- perm_data->status = status;
- perm_data->error = PORT_GetError();
- }
-
-
-/* Wrapper for the ET_MOZ call */
-
-SECStatus jar_moz_perm
- (CERTCertificate *cert, char *nickname, CERTCertTrust *trust)
- {
- SECStatus ret;
- ALLOC_OR_DEFINE(struct EVIL_perm, perm_data, SECFailure);
-
- perm_data->error = PORT_GetError();
- perm_data->cert = cert;
- perm_data->nickname = nickname;
- perm_data->trust = trust;
-
- /* Synchronously invoke the callback function on the mozilla thread. */
-#ifdef MOZILLA_CLIENT
- if (mozilla_event_queue)
- ET_moz_CallFunction (jar_moz_perm_fn, perm_data);
- else
- jar_moz_perm_fn (perm_data);
-#else
- jar_moz_perm_fn (perm_data);
-#endif
-
- PORT_SetError (perm_data->error);
- ret = perm_data->status;
-
- /* Free the data passed to the callback function... */
- FREE_IF_ALLOC_IS_USED(perm_data);
- return ret;
- }
-
-/* --- --- --- --- --- --- --- --- --- --- --- --- --- */
-
-/*
- * JAR_MOZ_certkey
- *
- * Call CERT_FindCertByKey inside
- * the mozilla thread
- *
- */
-
-struct EVIL_certkey
- {
- int error;
- CERTCertificate *cert;
- CERTCertDBHandle *certdb;
- SECItem *seckey;
- };
-
-
-/* This is called inside the mozilla thread */
-
-PR_STATIC_CALLBACK(void) jar_moz_certkey_fn (void *data)
- {
- CERTCertificate *cert;
- struct EVIL_certkey *certkey_data = (struct EVIL_certkey *)data;
-
- PORT_SetError (certkey_data->error);
-
- cert = CERT_FindCertByKey (certkey_data->certdb, certkey_data->seckey);
-
- certkey_data->cert = cert;
- certkey_data->error = PORT_GetError();
- }
-
-
-/* Wrapper for the ET_MOZ call */
-
-CERTCertificate *jar_moz_certkey (CERTCertDBHandle *certdb, SECItem *seckey)
- {
- CERTCertificate *cert;
- ALLOC_OR_DEFINE(struct EVIL_certkey, certkey_data, NULL);
-
- certkey_data->error = PORT_GetError();
- certkey_data->certdb = certdb;
- certkey_data->seckey = seckey;
-
- /* Synchronously invoke the callback function on the mozilla thread. */
-#ifdef MOZILLA_CLIENT
- if (mozilla_event_queue)
- ET_moz_CallFunction (jar_moz_certkey_fn, certkey_data);
- else
- jar_moz_certkey_fn (certkey_data);
-#else
- jar_moz_certkey_fn (certkey_data);
-#endif
-
- PORT_SetError (certkey_data->error);
- cert = certkey_data->cert;
-
- /* Free the data passed to the callback function... */
- FREE_IF_ALLOC_IS_USED(certkey_data);
- return cert;
- }
-
-/* --- --- --- --- --- --- --- --- --- --- --- --- --- */
-
-/*
- * JAR_MOZ_issuer
- *
- * Call CERT_FindCertIssuer inside
- * the mozilla thread
- *
- */
-
-struct EVIL_issuer
- {
- int error;
- CERTCertificate *cert;
- CERTCertificate *issuer;
- };
-
-
-/* This is called inside the mozilla thread */
-
-PR_STATIC_CALLBACK(void) jar_moz_issuer_fn (void *data)
- {
- CERTCertificate *issuer;
- struct EVIL_issuer *issuer_data = (struct EVIL_issuer *)data;
-
- PORT_SetError (issuer_data->error);
-
- issuer = CERT_FindCertIssuer (issuer_data->cert, PR_Now(),
- certUsageObjectSigner);
-
- issuer_data->issuer = issuer;
- issuer_data->error = PORT_GetError();
- }
-
-
-/* Wrapper for the ET_MOZ call */
-
-CERTCertificate *jar_moz_issuer (CERTCertificate *cert)
- {
- CERTCertificate *issuer_cert;
- ALLOC_OR_DEFINE(struct EVIL_issuer, issuer_data, NULL);
-
- issuer_data->error = PORT_GetError();
- issuer_data->cert = cert;
-
- /* Synchronously invoke the callback function on the mozilla thread. */
-#ifdef MOZILLA_CLIENT
- if (mozilla_event_queue)
- ET_moz_CallFunction (jar_moz_issuer_fn, issuer_data);
- else
- jar_moz_issuer_fn (issuer_data);
-#else
- jar_moz_issuer_fn (issuer_data);
-#endif
-
- PORT_SetError (issuer_data->error);
- issuer_cert = issuer_data->issuer;
-
- /* Free the data passed to the callback function... */
- FREE_IF_ALLOC_IS_USED(issuer_data);
- return issuer_cert;
- }
-
-/* --- --- --- --- --- --- --- --- --- --- --- --- --- */
-
-/*
- * JAR_MOZ_dup
- *
- * Call CERT_DupCertificate inside
- * the mozilla thread
- *
- */
-
-struct EVIL_dup
- {
- int error;
- CERTCertificate *cert;
- CERTCertificate *return_cert;
- };
-
-
-/* This is called inside the mozilla thread */
-
-PR_STATIC_CALLBACK(void) jar_moz_dup_fn (void *data)
- {
- CERTCertificate *return_cert;
- struct EVIL_dup *dup_data = (struct EVIL_dup *)data;
-
- PORT_SetError (dup_data->error);
-
- return_cert = CERT_DupCertificate (dup_data->cert);
-
- dup_data->return_cert = return_cert;
- dup_data->error = PORT_GetError();
- }
-
-
-/* Wrapper for the ET_MOZ call */
-
-CERTCertificate *jar_moz_dup (CERTCertificate *cert)
- {
- CERTCertificate *dup_cert;
- ALLOC_OR_DEFINE(struct EVIL_dup, dup_data, NULL);
-
- dup_data->error = PORT_GetError();
- dup_data->cert = cert;
-
- /* Synchronously invoke the callback function on the mozilla thread. */
-#ifdef MOZILLA_CLIENT
- if (mozilla_event_queue)
- ET_moz_CallFunction (jar_moz_dup_fn, dup_data);
- else
- jar_moz_dup_fn (dup_data);
-#else
- jar_moz_dup_fn (dup_data);
-#endif
-
- PORT_SetError (dup_data->error);
- dup_cert = dup_data->return_cert;
-
- /* Free the data passed to the callback function... */
- FREE_IF_ALLOC_IS_USED(dup_data);
- return dup_cert;
- }
-
-/* --- --- --- --- --- --- --- --- --- --- --- --- --- */
diff --git a/security/nss/lib/jar/jarevil.h b/security/nss/lib/jar/jarevil.h
deleted file mode 100644
index a7c835e6c..000000000
--- a/security/nss/lib/jar/jarevil.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * jarevil.h
- *
- * dot H file for calls to mozilla thread
- * from within jarver.c
- *
- */
-
-#include "certt.h"
-#include "secpkcs7.h"
-
-extern SECStatus jar_moz_encode
- (
- SEC_PKCS7ContentInfo *cinfo,
- SEC_PKCS7EncoderOutputCallback outputfn,
- void *outputarg,
- PK11SymKey *bulkkey,
- SECKEYGetPasswordKey pwfn,
- void *pwfnarg
- );
-
-extern SECStatus jar_moz_verify
- (
- SEC_PKCS7ContentInfo *cinfo,
- SECCertUsage certusage,
- SECItem *detached_digest,
- HASH_HashType digest_type,
- PRBool keepcerts
- );
-
-extern CERTCertificate *jar_moz_nickname
- (CERTCertDBHandle *certdb, char *nickname);
-
-extern SECStatus jar_moz_perm
- (CERTCertificate *cert, char *nickname, CERTCertTrust *trust);
-
-extern CERTCertificate *jar_moz_certkey
- (CERTCertDBHandle *certdb, SECItem *seckey);
-
-extern CERTCertificate *jar_moz_issuer (CERTCertificate *cert);
-
-extern CERTCertificate *jar_moz_dup (CERTCertificate *cert);
-
diff --git a/security/nss/lib/jar/jarfile.c b/security/nss/lib/jar/jarfile.c
deleted file mode 100644
index 5f5b0e67f..000000000
--- a/security/nss/lib/jar/jarfile.c
+++ /dev/null
@@ -1,1149 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * JARFILE
- *
- * Parsing of a Jar file
- */
-
-#define JAR_SIZE 256
-
-#include "jar.h"
-
-#include "jarint.h"
-#include "jarfile.h"
-
-/* commercial compression */
-#include "jzlib.h"
-
-#ifdef XP_UNIX
-#include "sys/stat.h"
-#endif
-
-
-/* extracting */
-
-static int jar_guess_jar (char *filename, JAR_FILE fp);
-
-static int jar_inflate_memory
- (unsigned int method, long *length, long expected_out_len, char ZHUGEP **data);
-
-static int jar_physical_extraction
- (JAR_FILE fp, char *outpath, long offset, long length);
-
-static int jar_physical_inflate
- (JAR_FILE fp, char *outpath, long offset,
- long length, unsigned int method);
-
-static int jar_verify_extract
- (JAR *jar, char *path, char *physical_path);
-
-static JAR_Physical *jar_get_physical (JAR *jar, char *pathname);
-
-static int jar_extract_manifests (JAR *jar, jarArch format, JAR_FILE fp);
-
-static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext);
-
-
-/* indexing */
-
-static int jar_gen_index (JAR *jar, jarArch format, JAR_FILE fp);
-
-static int jar_listtar (JAR *jar, JAR_FILE fp);
-
-static int jar_listzip (JAR *jar, JAR_FILE fp);
-
-
-/* conversions */
-
-static int dosdate (char *date, char *s);
-
-static int dostime (char *time, char *s);
-
-static unsigned int xtoint (unsigned char *ii);
-
-static unsigned long xtolong (unsigned char *ll);
-
-static long atoo (char *s);
-
-/*
- * J A R _ p a s s _ a r c h i v e
- *
- * For use by naive clients. Slam an entire archive file
- * into this function. We extract manifests, parse, index
- * the archive file, and do whatever nastiness.
- *
- */
-
-int JAR_pass_archive
- (JAR *jar, jarArch format, char *filename, const char *url)
- {
- JAR_FILE fp;
- int status = 0;
-
- if (filename == NULL)
- return JAR_ERR_GENERAL;
-
- if ((fp = JAR_FOPEN (filename, "rb")) != NULL)
- {
- if (format == jarArchGuess)
- format = (jarArch)jar_guess_jar (filename, fp);
-
- jar->format = format;
- jar->url = url ? PORT_Strdup (url) : NULL;
- jar->filename = PORT_Strdup (filename);
-
- status = jar_gen_index (jar, format, fp);
-
- if (status == 0)
- status = jar_extract_manifests (jar, format, fp);
-
- JAR_FCLOSE (fp);
-
- if (status < 0)
- return status;
-
- /* people were expecting it this way */
- return jar->valid;
- }
- else
- {
- /* file not found */
- return JAR_ERR_FNF;
- }
- }
-
-/*
- * J A R _ p a s s _ a r c h i v e _ u n v e r i f i e d
- *
- * Same as JAR_pass_archive, but doesn't parse signatures.
- *
- */
-int JAR_pass_archive_unverified
- (JAR *jar, jarArch format, char *filename, const char *url)
-{
- JAR_FILE fp;
- int status = 0;
-
- if (filename == NULL) {
- return JAR_ERR_GENERAL;
- }
-
- if ((fp = JAR_FOPEN (filename, "rb")) != NULL) {
- if (format == jarArchGuess) {
- format = (jarArch)jar_guess_jar (filename, fp);
- }
-
- jar->format = format;
- jar->url = url ? PORT_Strdup (url) : NULL;
- jar->filename = PORT_Strdup (filename);
-
- status = jar_gen_index (jar, format, fp);
-
- if (status == 0) {
- status = jar_extract_mf(jar, format, fp, "mf");
- }
-
- JAR_FCLOSE (fp);
-
- if (status < 0) {
- return status;
- }
-
- /* people were expecting it this way */
- return jar->valid;
- } else {
- /* file not found */
- return JAR_ERR_FNF;
- }
-}
-
-/*
- * J A R _ v e r i f i e d _ e x t r a c t
- *
- * Optimization: keep a file descriptor open
- * inside the JAR structure, so we don't have to
- * open the file 25 times to run java.
- *
- */
-
-int JAR_verified_extract
- (JAR *jar, char *path, char *outpath)
- {
- int status;
-
- status = JAR_extract (jar, path, outpath);
-
- if (status >= 0)
- return jar_verify_extract (jar, path, outpath);
- else
- return status;
- }
-
-int JAR_extract
- (JAR *jar, char *path, char *outpath)
- {
- int result;
-
- JAR_FILE fp;
- JAR_Physical *phy;
-
- if (jar->fp == NULL && jar->filename)
- {
- jar->fp = (FILE*)JAR_FOPEN (jar->filename, "rb");
- }
-
- if (jar->fp == NULL)
- {
- /* file not found */
- return JAR_ERR_FNF;
- }
-
- phy = jar_get_physical (jar, path);
-
- if (phy)
- {
- if (phy->compression != 0 && phy->compression != 8)
- {
- /* unsupported compression method */
- result = JAR_ERR_CORRUPT;
- }
-
- if (phy->compression == 0)
- {
- result = jar_physical_extraction
- ((PRFileDesc*)jar->fp, outpath, phy->offset, phy->length);
- }
- else
- {
- result = jar_physical_inflate
- ((PRFileDesc*)jar->fp, outpath, phy->offset, phy->length,
- (unsigned int) phy->compression);
- }
-
-#ifdef XP_UNIX
- if (phy->mode)
- chmod (outpath, 0400 | (mode_t) phy->mode);
-#endif
- }
- else
- {
- /* pathname not found in archive */
- result = JAR_ERR_PNF;
- }
-
- return result;
- }
-
-/*
- * p h y s i c a l _ e x t r a c t i o n
- *
- * This needs to be done in chunks of say 32k, instead of
- * in one bulk calloc. (Necessary under Win16 platform.)
- * This is done for uncompressed entries only.
- *
- */
-
-#define CHUNK 32768
-
-static int jar_physical_extraction
- (JAR_FILE fp, char *outpath, long offset, long length)
- {
- JAR_FILE out;
-
- char *buffer;
- long at, chunk;
-
- int status = 0;
-
- buffer = (char *) PORT_ZAlloc (CHUNK);
-
- if (buffer == NULL)
- return JAR_ERR_MEMORY;
-
- if ((out = JAR_FOPEN (outpath, "wb")) != NULL)
- {
- at = 0;
-
- JAR_FSEEK (fp, offset, (PRSeekWhence)0);
-
- while (at < length)
- {
- chunk = (at + CHUNK <= length) ? CHUNK : length - at;
-
- if (JAR_FREAD (fp, buffer, chunk) != chunk)
- {
- status = JAR_ERR_DISK;
- break;
- }
-
- at += chunk;
-
- if (JAR_FWRITE (out, buffer, chunk) < chunk)
- {
- /* most likely a disk full error */
- status = JAR_ERR_DISK;
- break;
- }
- }
- JAR_FCLOSE (out);
- }
- else
- {
- /* error opening output file */
- status = JAR_ERR_DISK;
- }
-
- PORT_Free (buffer);
- return status;
- }
-
-/*
- * j a r _ p h y s i c a l _ i n f l a t e
- *
- * Inflate a range of bytes in a file, writing the inflated
- * result to "outpath". Chunk based.
- *
- */
-
-/* input and output chunks differ, assume 4x compression */
-
-#define ICHUNK 8192
-#define OCHUNK 32768
-
-static int jar_physical_inflate
- (JAR_FILE fp, char *outpath, long offset,
- long length, unsigned int method)
- {
- z_stream zs;
-
- JAR_FILE out;
-
- long at, chunk;
- char *inbuf, *outbuf;
-
- int status = 0;
-
- unsigned long prev_total, ochunk, tin;
-
- if ((inbuf = (char *) PORT_ZAlloc (ICHUNK)) == NULL)
- return JAR_ERR_MEMORY;
-
- if ((outbuf = (char *) PORT_ZAlloc (OCHUNK)) == NULL)
- {
- PORT_Free (inbuf);
- return JAR_ERR_MEMORY;
- }
-
- PORT_Memset (&zs, 0, sizeof (zs));
- status = inflateInit2 (&zs, -MAX_WBITS);
-
- if (status != Z_OK)
- return JAR_ERR_GENERAL;
-
- if ((out = JAR_FOPEN (outpath, "wb")) != NULL)
- {
- at = 0;
-
- JAR_FSEEK (fp, offset, (PRSeekWhence)0);
-
- while (at < length)
- {
- chunk = (at + ICHUNK <= length) ? ICHUNK : length - at;
-
- if (JAR_FREAD (fp, inbuf, chunk) != chunk)
- {
- /* incomplete read */
- return JAR_ERR_CORRUPT;
- }
-
- at += chunk;
-
- zs.next_in = (Bytef *) inbuf;
- zs.avail_in = chunk;
- zs.avail_out = OCHUNK;
-
- tin = zs.total_in;
-
- while ((zs.total_in - tin < chunk) || (zs.avail_out == 0))
- {
- prev_total = zs.total_out;
-
- zs.next_out = (Bytef *) outbuf;
- zs.avail_out = OCHUNK;
-
- status = inflate (&zs, Z_NO_FLUSH);
-
- if (status != Z_OK && status != Z_STREAM_END)
- {
- /* error during decompression */
- return JAR_ERR_CORRUPT;
- }
-
- ochunk = zs.total_out - prev_total;
-
- if (JAR_FWRITE (out, outbuf, ochunk) < ochunk)
- {
- /* most likely a disk full error */
- status = JAR_ERR_DISK;
- break;
- }
-
- if (status == Z_STREAM_END)
- break;
- }
- }
-
- JAR_FCLOSE (out);
- status = inflateEnd (&zs);
- }
- else
- {
- /* error opening output file */
- status = JAR_ERR_DISK;
- }
-
- PORT_Free (inbuf);
- PORT_Free (outbuf);
-
- return status;
- }
-
-/*
- * j a r _ i n f l a t e _ m e m o r y
- *
- * Call zlib to inflate the given memory chunk. It is re-XP_ALLOC'd,
- * and thus appears to operate inplace to the caller.
- *
- */
-
-static int jar_inflate_memory
- (unsigned int method, long *length, long expected_out_len, char ZHUGEP **data)
- {
- int status;
- z_stream zs;
-
- long insz, outsz;
-
- char *inbuf, *outbuf;
-
- inbuf = *data;
- insz = *length;
-
- outsz = expected_out_len;
- outbuf = (char*)PORT_ZAlloc (outsz);
-
- if (outbuf == NULL)
- return JAR_ERR_MEMORY;
-
- PORT_Memset (&zs, 0, sizeof (zs));
-
- status = inflateInit2 (&zs, -MAX_WBITS);
-
- if (status < 0)
- {
- /* error initializing zlib stream */
- return JAR_ERR_GENERAL;
- }
-
- zs.next_in = (Bytef *) inbuf;
- zs.next_out = (Bytef *) outbuf;
-
- zs.avail_in = insz;
- zs.avail_out = outsz;
-
- status = inflate (&zs, Z_FINISH);
-
- if (status != Z_OK && status != Z_STREAM_END)
- {
- /* error during deflation */
- return JAR_ERR_GENERAL;
- }
-
- status = inflateEnd (&zs);
-
- if (status != Z_OK)
- {
- /* error during deflation */
- return JAR_ERR_GENERAL;
- }
-
- PORT_Free (*data);
-
- *data = outbuf;
- *length = zs.total_out;
-
- return 0;
- }
-
-/*
- * v e r i f y _ e x t r a c t
- *
- * Validate signature on the freshly extracted file.
- *
- */
-
-static int jar_verify_extract (JAR *jar, char *path, char *physical_path)
- {
- int status;
- JAR_Digest dig;
-
- PORT_Memset (&dig, 0, sizeof (JAR_Digest));
- status = JAR_digest_file (physical_path, &dig);
-
- if (!status)
- status = JAR_verify_digest (jar, path, &dig);
-
- return status;
- }
-
-/*
- * g e t _ p h y s i c a l
- *
- * Let's get physical.
- * Obtains the offset and length of this file in the jar file.
- *
- */
-
-static JAR_Physical *jar_get_physical (JAR *jar, char *pathname)
- {
- JAR_Item *it;
-
- JAR_Physical *phy;
-
- ZZLink *link;
- ZZList *list;
-
- list = jar->phy;
-
- if (ZZ_ListEmpty (list))
- return NULL;
-
- for (link = ZZ_ListHead (list);
- !ZZ_ListIterDone (list, link);
- link = link->next)
- {
- it = link->thing;
- if (it->type == jarTypePhy
- && it->pathname && !PORT_Strcmp (it->pathname, pathname))
- {
- phy = (JAR_Physical *) it->data;
- return phy;
- }
- }
-
- return NULL;
- }
-
-/*
- * j a r _ e x t r a c t _ m a n i f e s t s
- *
- * Extract the manifest files and parse them,
- * from an open archive file whose contents are known.
- *
- */
-
-static int jar_extract_manifests (JAR *jar, jarArch format, JAR_FILE fp)
- {
- int status;
-
- if (format != jarArchZip && format != jarArchTar)
- return JAR_ERR_CORRUPT;
-
- if ((status = jar_extract_mf (jar, format, fp, "mf")) < 0)
- return status;
-
- if ((status = jar_extract_mf (jar, format, fp, "sf")) < 0)
- return status;
-
- if ((status = jar_extract_mf (jar, format, fp, "rsa")) < 0)
- return status;
-
- if ((status = jar_extract_mf (jar, format, fp, "dsa")) < 0)
- return status;
-
- return 0;
- }
-
-/*
- * j a r _ e x t r a c t _ m f
- *
- * Extracts manifest files based on an extension, which
- * should be .MF, .SF, .RSA, etc. Order of the files is now no
- * longer important when zipping jar files.
- *
- */
-
-static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext)
- {
- JAR_Item *it;
-
- JAR_Physical *phy;
-
- ZZLink *link;
- ZZList *list;
-
- char *fn, *e;
- char ZHUGEP *manifest;
-
- long length;
- int status, ret = 0, num;
-
- list = jar->phy;
-
- if (ZZ_ListEmpty (list))
- return JAR_ERR_PNF;
-
- for (link = ZZ_ListHead (list);
- !ZZ_ListIterDone (list, link);
- link = link->next)
- {
- it = link->thing;
- if (it->type == jarTypePhy
- && !PORT_Strncmp (it->pathname, "META-INF", 8))
- {
- phy = (JAR_Physical *) it->data;
-
- if (PORT_Strlen (it->pathname) < 8)
- continue;
-
- fn = it->pathname + 8;
- if (*fn == '/' || *fn == '\\') fn++;
-
- if (*fn == 0)
- {
- /* just a directory entry */
- continue;
- }
-
- /* skip to extension */
- for (e = fn; *e && *e != '.'; e++)
- /* yip */ ;
-
- /* and skip dot */
- if (*e == '.') e++;
-
- if (PORT_Strcasecmp (ext, e))
- {
- /* not the right extension */
- continue;
- }
-
- if (phy->length == 0)
- {
- /* manifest files cannot be zero length! */
- return JAR_ERR_CORRUPT;
- }
-
- /* Read in the manifest and parse it */
- /* FIX? Does this break on win16 for very very large manifest files? */
-
-#ifdef XP_WIN16
- PORT_Assert( phy->length+1 < 0xFFFF );
-#endif
-
- manifest = (char ZHUGEP *) PORT_ZAlloc (phy->length + 1);
- if (manifest)
- {
- JAR_FSEEK (fp, phy->offset, (PRSeekWhence)0);
- num = JAR_FREAD (fp, manifest, phy->length);
-
- if (num != phy->length)
- {
- /* corrupt archive file */
- return JAR_ERR_CORRUPT;
- }
-
- if (phy->compression == 8)
- {
- length = phy->length;
-
- status = jar_inflate_memory ((unsigned int) phy->compression, &length, phy->uncompressed_length, &manifest);
-
- if (status < 0)
- return status;
- }
- else if (phy->compression)
- {
- /* unsupported compression method */
- return JAR_ERR_CORRUPT;
- }
- else
- length = phy->length;
-
- status = JAR_parse_manifest
- (jar, manifest, length, it->pathname, "url");
-
- PORT_Free (manifest);
-
- if (status < 0 && ret == 0) ret = status;
- }
- else
- return JAR_ERR_MEMORY;
- }
- else if (it->type == jarTypePhy)
- {
- /* ordinary file */
- }
- }
-
- return ret;
- }
-
-/*
- * j a r _ g e n _ i n d e x
- *
- * Generate an index for the various types of
- * known archive files. Right now .ZIP and .TAR
- *
- */
-
-static int jar_gen_index (JAR *jar, jarArch format, JAR_FILE fp)
- {
- int result = JAR_ERR_CORRUPT;
- JAR_FSEEK (fp, 0, (PRSeekWhence)0);
-
- switch (format)
- {
- case jarArchZip:
- result = jar_listzip (jar, fp);
- break;
-
- case jarArchTar:
- result = jar_listtar (jar, fp);
- break;
- }
-
- JAR_FSEEK (fp, 0, (PRSeekWhence)0);
- return result;
- }
-
-
-/*
- * j a r _ l i s t z i p
- *
- * List the physical contents of a Phil Katz
- * style .ZIP file into the JAR linked list.
- *
- */
-
-static int jar_listzip (JAR *jar, JAR_FILE fp)
- {
- int err = 0;
-
- long pos = 0L;
- char filename [JAR_SIZE];
-
- char date [9], time [9];
- char sig [4];
-
- unsigned int compression;
- unsigned int filename_len, extra_len;
-
- struct ZipLocal *Local;
- struct ZipCentral *Central;
- struct ZipEnd *End;
-
- /* phy things */
-
- ZZLink *ent;
- JAR_Item *it;
- JAR_Physical *phy;
-
- Local = (struct ZipLocal *) PORT_ZAlloc (30);
- Central = (struct ZipCentral *) PORT_ZAlloc (46);
- End = (struct ZipEnd *) PORT_ZAlloc (22);
-
- if (!Local || !Central || !End)
- {
- /* out of memory */
- err = JAR_ERR_MEMORY;
- goto loser;
- }
-
- while (1)
- {
- JAR_FSEEK (fp, pos, (PRSeekWhence)0);
-
- if (JAR_FREAD (fp, (char *) sig, 4) != 4)
- {
- /* zip file ends prematurely */
- err = JAR_ERR_CORRUPT;
- goto loser;
- }
-
- JAR_FSEEK (fp, pos, (PRSeekWhence)0);
-
- if (xtolong ((unsigned char *)sig) == LSIG)
- {
- JAR_FREAD (fp, (char *) Local, 30);
-
- filename_len = xtoint ((unsigned char *) Local->filename_len);
- extra_len = xtoint ((unsigned char *) Local->extrafield_len);
-
- if (filename_len >= JAR_SIZE)
- {
- /* corrupt zip file */
- err = JAR_ERR_CORRUPT;
- goto loser;
- }
-
- if (JAR_FREAD (fp, filename, filename_len) != filename_len)
- {
- /* truncated archive file */
- err = JAR_ERR_CORRUPT;
- goto loser;
- }
-
- filename [filename_len] = 0;
-
- /* Add this to our jar chain */
-
- phy = (JAR_Physical *) PORT_ZAlloc (sizeof (JAR_Physical));
-
- if (phy == NULL)
- {
- err = JAR_ERR_MEMORY;
- goto loser;
- }
-
- /* We will index any file that comes our way, but when it comes
- to actually extraction, compression must be 0 or 8 */
-
- compression = xtoint ((unsigned char *) Local->method);
- phy->compression = compression >= 0 &&
- compression <= 255 ? compression : 222;
-
- phy->offset = pos + 30 + filename_len + extra_len;
- phy->length = xtolong ((unsigned char *) Local->size);
- phy->uncompressed_length = xtolong((unsigned char *) Local->orglen);
-
- dosdate (date, Local->date);
- dostime (time, Local->time);
-
- it = (JAR_Item*)PORT_ZAlloc (sizeof (JAR_Item));
- if (it == NULL)
- {
- err = JAR_ERR_MEMORY;
- goto loser;
- }
-
- it->pathname = PORT_Strdup (filename);
-
- it->type = jarTypePhy;
-
- it->data = (unsigned char *) phy;
- it->size = sizeof (JAR_Physical);
-
- ent = ZZ_NewLink (it);
-
- if (ent == NULL)
- {
- err = JAR_ERR_MEMORY;
- goto loser;
- }
-
- ZZ_AppendLink (jar->phy, ent);
-
- pos = phy->offset + phy->length;
- }
- else if (xtolong ( (unsigned char *)sig) == CSIG)
- {
- if (JAR_FREAD (fp, (char *) Central, 46) != 46)
- {
- /* apparently truncated archive */
- err = JAR_ERR_CORRUPT;
- goto loser;
- }
-
-#ifdef XP_UNIX
- /* with unix we need to locate any bits from
- the protection mask in the external attributes. */
- {
- unsigned int attr;
-
- /* determined empirically */
- attr = Central->external_attributes [2];
-
- if (attr)
- {
- /* we have to read the filename, again */
-
- filename_len = xtoint ((unsigned char *) Central->filename_len);
-
- if (filename_len >= JAR_SIZE)
- {
- /* corrupt in central directory */
- err = JAR_ERR_CORRUPT;
- goto loser;
- }
-
- if (JAR_FREAD (fp, filename, filename_len) != filename_len)
- {
- /* truncated in central directory */
- err = JAR_ERR_CORRUPT;
- goto loser;
- }
-
- filename [filename_len] = 0;
-
- /* look up this name again */
- phy = jar_get_physical (jar, filename);
-
- if (phy)
- {
- /* always allow access by self */
- phy->mode = 0400 | attr;
- }
- }
- }
-#endif
-
- pos += 46 + xtoint ( (unsigned char *)Central->filename_len)
- + xtoint ( (unsigned char *)Central->commentfield_len)
- + xtoint ( (unsigned char *)Central->extrafield_len);
- }
- else if (xtolong ( (unsigned char *)sig) == ESIG)
- {
- if (JAR_FREAD (fp, (char *) End, 22) != 22)
- {
- err = JAR_ERR_CORRUPT;
- goto loser;
- }
- else
- break;
- }
- else
- {
- /* garbage in archive */
- err = JAR_ERR_CORRUPT;
- goto loser;
- }
- }
-
-loser:
-
- if (Local) PORT_Free (Local);
- if (Central) PORT_Free (Central);
- if (End) PORT_Free (End);
-
- return err;
- }
-
-/*
- * j a r _ l i s t t a r
- *
- * List the physical contents of a Unix
- * .tar file into the JAR linked list.
- *
- */
-
-static int jar_listtar (JAR *jar, JAR_FILE fp)
- {
- long pos = 0L;
-
- long sz, mode;
- time_t when;
- union TarEntry tarball;
-
- char *s;
-
- /* phy things */
-
- ZZLink *ent;
- JAR_Item *it;
- JAR_Physical *phy;
-
- while (1)
- {
- JAR_FSEEK (fp, pos, (PRSeekWhence)0);
-
- if (JAR_FREAD (fp, (char *) &tarball, 512) < 512)
- break;
-
- if (!*tarball.val.filename)
- break;
-
- when = atoo (tarball.val.time);
- sz = atoo (tarball.val.size);
- mode = atoo (tarball.val.mode);
-
-
- /* Tag the end of filename */
-
- s = tarball.val.filename;
- while (*s && *s != ' ') s++;
- *s = 0;
-
-
- /* Add to our linked list */
-
- phy = (JAR_Physical *) PORT_ZAlloc (sizeof (JAR_Physical));
-
- if (phy == NULL)
- return JAR_ERR_MEMORY;
-
- phy->compression = 0;
- phy->offset = pos + 512;
- phy->length = sz;
-
- ADDITEM (jar->phy, jarTypePhy,
- tarball.val.filename, phy, sizeof (JAR_Physical));
-
-
- /* Advance to next file entry */
-
- sz += 511;
- sz = (sz / 512) * 512;
-
- pos += sz + 512;
- }
-
- return 0;
- }
-
-/*
- * d o s d a t e
- *
- * Not used right now, but keep it in here because
- * it will be needed.
- *
- */
-
-static int dosdate (char *date, char *s)
- {
- int num = xtoint ( (unsigned char *)s);
-
- PR_snprintf (date, 9, "%02d-%02d-%02d",
- ((num >> 5) & 0x0F), (num & 0x1F), ((num >> 9) + 80));
-
- return 0;
- }
-
-/*
- * d o s t i m e
- *
- * Not used right now, but keep it in here because
- * it will be needed.
- *
- */
-
-static int dostime (char *time, char *s)
- {
- int num = xtoint ( (unsigned char *)s);
-
- PR_snprintf (time, 6, "%02d:%02d",
- ((num >> 11) & 0x1F), ((num >> 5) & 0x3F));
-
- return 0;
- }
-
-/*
- * x t o i n t
- *
- * Converts a two byte ugly endianed integer
- * to our platform's integer.
- *
- */
-
-static unsigned int xtoint (unsigned char *ii)
- {
- return (int) (ii [0]) | ((int) ii [1] << 8);
- }
-
-/*
- * x t o l o n g
- *
- * Converts a four byte ugly endianed integer
- * to our platform's integer.
- *
- */
-
-static unsigned long xtolong (unsigned char *ll)
- {
- unsigned long ret;
-
- ret = (
- (((unsigned long) ll [0]) << 0) |
- (((unsigned long) ll [1]) << 8) |
- (((unsigned long) ll [2]) << 16) |
- (((unsigned long) ll [3]) << 24)
- );
-
- return ret;
- }
-
-/*
- * a t o o
- *
- * Ascii octal to decimal.
- * Used for integer encoding inside tar files.
- *
- */
-
-static long atoo (char *s)
- {
- long num = 0L;
-
- while (*s == ' ') s++;
-
- while (*s >= '0' && *s <= '7')
- {
- num <<= 3;
- num += *s++ - '0';
- }
-
- return num;
- }
-
-/*
- * g u e s s _ j a r
- *
- * Try to guess what kind of JAR file this is.
- * Maybe tar, maybe zip. Look in the file for magic
- * or at its filename.
- *
- */
-
-static int jar_guess_jar (char *filename, JAR_FILE fp)
- {
- char *ext;
-
- ext = filename + PORT_Strlen (filename) - 4;
-
- if (!PORT_Strcmp (ext, ".tar"))
- return jarArchTar;
-
- return jarArchZip;
- }
diff --git a/security/nss/lib/jar/jarfile.h b/security/nss/lib/jar/jarfile.h
deleted file mode 100644
index d28b090fa..000000000
--- a/security/nss/lib/jar/jarfile.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * JARFILE.H
- *
- * Certain constants and structures for the archive format.
- *
- */
-
-/* ZIP */
-
-struct ZipLocal
- {
- char signature [4];
- char word [2];
- char bitflag [2];
- char method [2];
- char time [2];
- char date [2];
- char crc32 [4];
- char size [4];
- char orglen [4];
- char filename_len [2];
- char extrafield_len [2];
- };
-
-struct ZipCentral
- {
- char signature [4];
- char version_made_by [2];
- char version [2];
- char bitflag [2];
- char method [2];
- char time [2];
- char date [2];
- char crc32 [4];
- char size [4];
- char orglen [4];
- char filename_len [2];
- char extrafield_len [2];
- char commentfield_len [2];
- char diskstart_number [2];
- char internal_attributes [2];
- char external_attributes [4];
- char localhdr_offset [4];
- };
-
-struct ZipEnd
- {
- char signature [4];
- char disk_nr [2];
- char start_central_dir [2];
- char total_entries_disk [2];
- char total_entries_archive [2];
- char central_dir_size [4];
- char offset_central_dir [4];
- char commentfield_len [2];
- };
-
-#define LSIG 0x04034B50l
-#define CSIG 0x02014B50l
-#define ESIG 0x06054B50l
-
-/* TAR */
-
-union TarEntry
- {
- struct header
- {
- char filename [100];
- char mode [8];
- char uid [8];
- char gid [8];
- char size [12];
- char time [12];
- char checksum [8];
- char linkflag;
- char linkname [100];
- }
- val;
-
- char buffer [512];
- };
diff --git a/security/nss/lib/jar/jarint.c b/security/nss/lib/jar/jarint.c
deleted file mode 100644
index 4c8da5986..000000000
--- a/security/nss/lib/jar/jarint.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Internal libjar routines.
- */
-
-#include "jar.h"
-#include "jarint.h"
-
-/*-----------------------------------------------------------------------
- * JAR_FOPEN_to_PR_Open
- * Translate JAR_FOPEN arguments to PR_Open arguments
- */
-PRFileDesc*
-JAR_FOPEN_to_PR_Open(const char* name, const char *mode)
-{
-
- PRIntn prflags=0, prmode=0;
-
- /* Get read/write flags */
- if(strchr(mode, 'r') && !strchr(mode, '+')) {
- prflags |= PR_RDONLY;
- } else if( (strchr(mode, 'w') || strchr(mode, 'a')) &&
- !strchr(mode,'+') ) {
- prflags |= PR_WRONLY;
- } else {
- prflags |= PR_RDWR;
- }
-
- /* Create a new file? */
- if(strchr(mode, 'w') || strchr(mode, 'a')) {
- prflags |= PR_CREATE_FILE;
- }
-
- /* Append? */
- if(strchr(mode, 'a')) {
- prflags |= PR_APPEND;
- }
-
- /* Truncate? */
- if(strchr(mode, 'w')) {
- prflags |= PR_TRUNCATE;
- }
-
- /* We can't do umask because it isn't XP. Choose some default
- mode for created files */
- prmode = 0755;
-
- return PR_Open(name, prflags, prmode);
-}
diff --git a/security/nss/lib/jar/jarint.h b/security/nss/lib/jar/jarint.h
deleted file mode 100644
index 7c437103c..000000000
--- a/security/nss/lib/jar/jarint.h
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/* JAR internal routines */
-
-#include "nspr.h"
-
-/* definitely required */
-#include "certdb.h"
-#include "key.h"
-#include "base64.h"
-
-extern CERTCertDBHandle *JAR_open_database (void);
-
-extern int JAR_close_database (CERTCertDBHandle *certdb);
-
-extern int jar_close_key_database (SECKEYKeyDBHandle *keydb);
-
-extern SECKEYKeyDBHandle *jar_open_key_database (void);
-
-extern JAR_Signer *JAR_new_signer (void);
-
-extern void JAR_destroy_signer (JAR_Signer *signer);
-
-extern JAR_Signer *jar_get_signer (JAR *jar, char *basename);
-
-extern int jar_append (ZZList *list, int type,
- char *pathname, void *data, size_t size);
-
-/* Translate fopen mode arg to PR_Open flags and mode */
-PRFileDesc*
-JAR_FOPEN_to_PR_Open(const char *name, const char *mode);
-
-
-#define ADDITEM(list,type,pathname,data,size) \
- { int err; err = jar_append (list, type, pathname, data, size); \
- if (err < 0) return err; }
-
-/* Here is some ugliness in the event it is necessary to link
- with NSPR 1.0 libraries, which do not include an FSEEK. It is
- difficult to fudge an FSEEK into 1.0 so we use stdio. */
-
-/* stdio */
-#if 0
-#define JAR_FILE FILE *
-#define JAR_FOPEN(fn,mode) fopen(fn,mode)
-#define JAR_FCLOSE fclose
-#define JAR_FSEEK fseek
-#define JAR_FREAD(fp,buf,siz) fread(buf,1,siz,fp)
-#define JAR_FWRITE(fp,buf,siz) fwrite(buf,1,siz,fp)
-#endif
-
-#if 0
-/* nspr 1.0 suite */
-#define JAR_FILE PRFileHandle
-#define JAR_FOPEN(fn,mode) PR_OpenFile(fn,0,mode)
-#define JAR_FCLOSE PR_CLOSE
-#define JAR_FSEEK (no-equivalent)
-#define JAR_FREAD PR_READ
-#define JAR_FWRITE PR_WRITE
-#endif
-
-/* nspr 2.0 suite */
-#define JAR_FILE PRFileDesc *
-/* #define JAR_FOPEN(fn,mode) PR_Open(fn,0,0) */
-#define JAR_FOPEN(fn,mode) JAR_FOPEN_to_PR_Open(fn,mode)
-#define JAR_FCLOSE PR_Close
-#define JAR_FSEEK PR_Seek
-#define JAR_FREAD PR_Read
-#define JAR_FWRITE PR_Write
-
-#if 0
-/* nav XP suite, note argument order */
-#define JAR_FILE XP_File
-#define JAR_FOPEN(fn,mode) XP_FileOpen(fn,xpURL,mode)
-#define JAR_FCLOSE XP_FileClose
-#define JAR_FSEEK XP_FileSeek
-#define JAR_FREAD(fp,buf,siz) XP_FileRead(buf,siz,fp)
-#define JAR_FWRITE(fp,buf,siz) XP_FileWrite(buf,siz,fp)
-#endif
-
-int jar_create_pk7
- (CERTCertDBHandle *certdb, SECKEYKeyDBHandle *keydb,
- CERTCertificate *cert, char *password, JAR_FILE infp,
- JAR_FILE outfp);
-
diff --git a/security/nss/lib/jar/jarjart.c b/security/nss/lib/jar/jarjart.c
deleted file mode 100644
index e188da89b..000000000
--- a/security/nss/lib/jar/jarjart.c
+++ /dev/null
@@ -1,354 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * JARJART
- *
- * JAR functions used by Jartool
- */
-
-/* This allows manifest files above 64k to be
- processed on non-win16 platforms */
-
-#include "jar.h"
-#include "jarint.h"
-#include "jarjart.h"
-#include "blapi.h" /* JAR is supposed to be above the line!! */
-#include "pk11func.h" /* PK11 wrapper funcs are all above the line. */
-
-/* from certdb.h */
-#define CERTDB_USER (1<<6)
-
-#if 0
-/* from certdb.h */
-typedef SECStatus (* PermCertCallback)(CERTCertificate *cert, SECItem *k, void *pdata);
-/* from certdb.h */
-SECStatus SEC_TraversePermCerts
- (CERTCertDBHandle *handle, PermCertCallback certfunc, void *udata);
-#endif
-
-/*
- * S O B _ l i s t _ c e r t s
- *
- * Return a list of newline separated certificate nicknames
- * (this function used by the Jartool)
- *
- */
-
-static SECStatus jar_list_cert_callback
- (CERTCertificate *cert, SECItem *k, void *data)
- {
- char *name;
- char **ugly_list;
-
- int trusted;
-
- ugly_list = (char **) data;
-
- if (cert && cert->dbEntry)
- {
- /* name = cert->dbEntry->nickname; */
- name = cert->nickname;
-
- trusted = cert->trust->objectSigningFlags & CERTDB_USER;
-
- /* Add this name or email to list */
-
- if (name && trusted)
- {
- *ugly_list = (char*)PORT_Realloc
- (*ugly_list, PORT_Strlen (*ugly_list) + PORT_Strlen (name) + 2);
-
- if (*ugly_list)
- {
- if (**ugly_list)
- PORT_Strcat (*ugly_list, "\n");
-
- PORT_Strcat (*ugly_list, name);
- }
- }
- }
-
- return (SECSuccess);
- }
-
-/*
- * S O B _ J A R _ l i s t _ c e r t s
- *
- * Return a linfeed separated ascii list of certificate
- * nicknames for the Jartool.
- *
- */
-
-char *JAR_JAR_list_certs (void)
- {
- SECStatus status;
- CERTCertDBHandle *certdb;
-
- char *ugly_list;
-
- certdb = JAR_open_database();
-
- /* a little something */
- ugly_list = (char*)PORT_ZAlloc (16);
-
- if (ugly_list)
- {
- *ugly_list = 0;
-
- status = SEC_TraversePermCerts
- (certdb, jar_list_cert_callback, (void *) &ugly_list);
- }
-
- JAR_close_database (certdb);
-
- return status ? NULL : ugly_list;
- }
-
-int JAR_JAR_validate_archive (char *filename)
- {
- JAR *jar;
- int status = -1;
-
- jar = JAR_new();
-
- if (jar)
- {
- status = JAR_pass_archive (jar, jarArchGuess, filename, "");
-
- if (status == 0)
- status = jar->valid;
-
- JAR_destroy (jar);
- }
-
- return status;
- }
-
-char *JAR_JAR_get_error (int status)
- {
- return JAR_get_error (status);
- }
-
-/*
- * S O B _ J A R _ h a s h
- *
- * Hash algorithm interface for use by the Jartool. Since we really
- * don't know the private sizes of the context, and Java does need to
- * know this number, allocate 512 bytes for it.
- *
- * In april 1997 hashes in this file were changed to call PKCS11,
- * as FIPS requires that when a smartcard has failed validation,
- * hashes are not to be performed. But because of the difficulty of
- * preserving pointer context between calls to the JAR_JAR hashing
- * functions, the hash routines are called directly, though after
- * checking to see if hashing is allowed.
- *
- */
-
-void *JAR_JAR_new_hash (int alg)
- {
- void *context;
-
- MD5Context *md5;
- SHA1Context *sha1;
-
- /* this is a hack because this whole PORT_ZAlloc stuff looks scary */
-
- if (!PK11_HashOK (alg == 1 ? SEC_OID_MD5 : SEC_OID_SHA1))
- return NULL;
-
- context = PORT_ZAlloc (512);
-
- if (context)
- {
- switch (alg)
- {
- case 1: /* MD5 */
- md5 = (MD5Context *) context;
- MD5_Begin (md5);
- break;
-
- case 2: /* SHA1 */
- sha1 = (SHA1Context *) context;
- SHA1_Begin (sha1);
- break;
- }
- }
-
- return context;
- }
-
-void *JAR_JAR_hash (int alg, void *cookie, int length, void *data)
- {
- MD5Context *md5;
- SHA1Context *sha1;
-
- /* this is a hack because this whole PORT_ZAlloc stuff looks scary */
-
- if (!PK11_HashOK (alg == 1 ? SEC_OID_MD5 : SEC_OID_SHA1))
- return NULL;
-
- if (length > 0)
- {
- switch (alg)
- {
- case 1: /* MD5 */
- md5 = (MD5Context *) cookie;
- MD5_Update (md5, (unsigned char*)data, length);
- break;
-
- case 2: /* SHA1 */
- sha1 = (SHA1Context *) cookie;
- SHA1_Update (sha1, (unsigned char*)data, length);
- break;
- }
- }
-
- return cookie;
- }
-
-void *JAR_JAR_end_hash (int alg, void *cookie)
- {
- int length;
- unsigned char *data;
- char *ascii;
-
- MD5Context *md5;
- SHA1Context *sha1;
-
- unsigned int md5_length;
- unsigned char md5_digest [MD5_LENGTH];
-
- unsigned int sha1_length;
- unsigned char sha1_digest [SHA1_LENGTH];
-
- /* this is a hack because this whole PORT_ZAlloc stuff looks scary */
-
- if (!PK11_HashOK (alg == 1 ? SEC_OID_MD5 : SEC_OID_SHA1))
- return NULL;
-
- switch (alg)
- {
- case 1: /* MD5 */
-
- md5 = (MD5Context *) cookie;
-
- MD5_End (md5, md5_digest, &md5_length, MD5_LENGTH);
- /* MD5_DestroyContext (md5, PR_TRUE); */
-
- data = md5_digest;
- length = md5_length;
-
- break;
-
- case 2: /* SHA1 */
-
- sha1 = (SHA1Context *) cookie;
-
- SHA1_End (sha1, sha1_digest, &sha1_length, SHA1_LENGTH);
- /* SHA1_DestroyContext (sha1, PR_TRUE); */
-
- data = sha1_digest;
- length = sha1_length;
-
- break;
-
- default: return NULL;
- }
-
- /* Instead of destroy context, since we created it */
- /* PORT_Free (cookie); */
-
- ascii = BTOA_DataToAscii(data, length);
-
- return ascii ? PORT_Strdup (ascii) : NULL;
- }
-
-/*
- * S O B _ J A R _ s i g n _ a r c h i v e
- *
- * A simple API to sign a JAR archive.
- *
- */
-
-int JAR_JAR_sign_archive
- (char *nickname, char *password, char *sf, char *outsig)
- {
- char *out_fn;
-
- int status = JAR_ERR_GENERAL;
- JAR_FILE sf_fp;
- JAR_FILE out_fp;
-
- CERTCertDBHandle *certdb;
- SECKEYKeyDBHandle *keydb;
-
- CERTCertificate *cert;
-
- /* open cert and key databases */
-
- certdb = JAR_open_database();
- if (certdb == NULL)
- return JAR_ERR_GENERAL;
-
- keydb = jar_open_key_database();
- if (keydb == NULL)
- return JAR_ERR_GENERAL;
-
- out_fn = PORT_Strdup (sf);
-
- if (out_fn == NULL || PORT_Strlen (sf) < 5)
- return JAR_ERR_GENERAL;
-
- sf_fp = JAR_FOPEN (sf, "rb");
- out_fp = JAR_FOPEN (outsig, "wb");
-
- cert = CERT_FindCertByNickname (certdb, nickname);
-
- if (cert && sf_fp && out_fp)
- {
- status = jar_create_pk7 (certdb, keydb, cert, password, sf_fp, out_fp);
- }
-
- /* remove password from prying eyes */
- PORT_Memset (password, 0, PORT_Strlen (password));
-
- JAR_FCLOSE (sf_fp);
- JAR_FCLOSE (out_fp);
-
- JAR_close_database (certdb);
- jar_close_key_database (keydb);
-
- return status;
- }
diff --git a/security/nss/lib/jar/jarjart.h b/security/nss/lib/jar/jarjart.h
deleted file mode 100644
index bb4596e90..000000000
--- a/security/nss/lib/jar/jarjart.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * jarjart.h
- *
- * Functions for the Jartool, which is written in Java and
- * requires wrappers located elsewhere in the client.
- *
- * Do not call these unless you are the Jartool, no matter
- * how convenient they may appear.
- *
- */
-
-#ifndef _JARJART_H_
-#define _JARJART_H_
-
-/* return a list of certificate nicknames, separated by \n's */
-extern char *JAR_JAR_list_certs (void);
-
-/* validate archive, simple api */
-extern int JAR_JAR_validate_archive (char *filename);
-
-/* begin hash */
-extern void *JAR_JAR_new_hash (int alg);
-
-/* hash a streaming pile */
-extern void *JAR_JAR_hash (int alg, void *cookie, int length, void *data);
-
-/* end hash */
-extern void *JAR_JAR_end_hash (int alg, void *cookie);
-
-/* sign the archive (given an .SF file) with the given cert.
- The password argument is a relic, PKCS11 now handles that. */
-
-extern int JAR_JAR_sign_archive
- (char *nickname, char *password, char *sf, char *outsig);
-
-/* convert status to text */
-extern char *JAR_JAR_get_error (int status);
-
-#endif
diff --git a/security/nss/lib/jar/jarnav.c b/security/nss/lib/jar/jarnav.c
deleted file mode 100644
index 2100948ab..000000000
--- a/security/nss/lib/jar/jarnav.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * JARNAV.C
- *
- * JAR stuff needed for client only.
- *
- */
-
-#include "jar.h"
-#include "jarint.h"
-
-/* from proto.h */
-#ifdef MOZILLA_CLIENT
-extern MWContext *XP_FindSomeContext(void);
-#endif
-
-/* sigh */
-extern MWContext *FE_GetInitContext(void);
-
-/* To return an MWContext for Java */
-static MWContext *(*jar_fn_FindSomeContext) (void) = NULL;
-
-/* To fabricate an MWContext for FE_GetPassword */
-static MWContext *(*jar_fn_GetInitContext) (void) = NULL;
-
-/*
- * J A R _ i n i t
- *
- * Initialize the JAR functions.
- *
- */
-
-void JAR_init (void)
- {
-#ifdef MOZILLA_CLIENT
- JAR_init_callbacks (XP_GetString, XP_FindSomeContext, FE_GetInitContext);
-#else
- JAR_init_callbacks (XP_GetString, NULL, NULL);
-#endif
- }
-
-/*
- * J A R _ s e t _ c o n t e x t
- *
- * Set the jar window context for use by PKCS11, since
- * it may be needed to prompt the user for a password.
- *
- */
-
-int JAR_set_context (JAR *jar, MWContext *mw)
- {
- if (mw)
- {
- jar->mw = mw;
- }
- else
- {
- /* jar->mw = XP_FindSomeContext(); */
- jar->mw = NULL;
-
- /*
- * We can't find a context because we're in startup state and none
- * exist yet. go get an FE_InitContext that only works at initialization
- * time.
- */
-
- /* Turn on the mac when we get the FE_ function */
- if (jar->mw == NULL)
- {
- jar->mw = jar_fn_GetInitContext();
- }
- }
-
- return 0;
- }
diff --git a/security/nss/lib/jar/jarsign.c b/security/nss/lib/jar/jarsign.c
deleted file mode 100644
index 3518bfa26..000000000
--- a/security/nss/lib/jar/jarsign.c
+++ /dev/null
@@ -1,376 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * JARSIGN
- *
- * Routines used in signing archives.
- */
-
-#define USE_MOZ_THREAD
-
-#include "jar.h"
-#include "jarint.h"
-
-#ifdef USE_MOZ_THREAD
-#include "jarevil.h"
-#endif
-
-#include "pk11func.h"
-
-/* from libevent.h */
-typedef void (*ETVoidPtrFunc) (void * data);
-
-#ifdef MOZILLA_CLIENT
-
-extern void ET_moz_CallFunction (ETVoidPtrFunc fn, void *data);
-
-/* from proto.h */
-/* extern MWContext *XP_FindSomeContext(void); */
-extern void *XP_FindSomeContext(void);
-
-#endif
-
-/* key database wrapper */
-
-/* static SECKEYKeyDBHandle *jar_open_key_database (void); */
-
-/* CHUNQ is our bite size */
-
-#define CHUNQ 64000
-#define FILECHUNQ 32768
-
-/*
- * J A R _ c a l c u l a t e _ d i g e s t
- *
- * Quick calculation of a digest for
- * the specified block of memory. Will calculate
- * for all supported algorithms, now MD5.
- *
- * This version supports huge pointers for WIN16.
- *
- */
-
-JAR_Digest * PR_CALLBACK JAR_calculate_digest (void ZHUGEP *data, long length)
- {
- long chunq;
- JAR_Digest *dig;
-
- unsigned int md5_length, sha1_length;
-
- PK11Context *md5 = 0;
- PK11Context *sha1 = 0;
-
- dig = (JAR_Digest *) PORT_ZAlloc (sizeof (JAR_Digest));
-
- if (dig == NULL)
- {
- /* out of memory allocating digest */
- return NULL;
- }
-
-#if defined(XP_WIN16)
- PORT_Assert ( !IsBadHugeReadPtr(data, length) );
-#endif
-
- md5 = PK11_CreateDigestContext (SEC_OID_MD5);
- sha1 = PK11_CreateDigestContext (SEC_OID_SHA1);
-
- if (length >= 0)
- {
- PK11_DigestBegin (md5);
- PK11_DigestBegin (sha1);
-
- do {
- chunq = length;
-
-#ifdef XP_WIN16
- if (length > CHUNQ) chunq = CHUNQ;
-
- /*
- * If the block of data crosses one or more segment
- * boundaries then only pass the chunk of data in the
- * first segment.
- *
- * This allows the data to be treated as FAR by the
- * PK11_DigestOp(...) routine.
- *
- */
-
- if (OFFSETOF(data) + chunq >= 0x10000)
- chunq = 0x10000 - OFFSETOF(data);
-#endif
-
- PK11_DigestOp (md5, (unsigned char*)data, chunq);
- PK11_DigestOp (sha1, (unsigned char*)data, chunq);
-
- length -= chunq;
- data = ((char ZHUGEP *) data + chunq);
- }
- while (length > 0);
-
- PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH);
- PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
-
- PK11_DestroyContext (md5, PR_TRUE);
- PK11_DestroyContext (sha1, PR_TRUE);
- }
-
- return dig;
- }
-
-/*
- * J A R _ d i g e s t _ f i l e
- *
- * Calculates the MD5 and SHA1 digests for a file
- * present on disk, and returns these in JAR_Digest struct.
- *
- */
-
-int JAR_digest_file (char *filename, JAR_Digest *dig)
- {
- JAR_FILE fp;
-
- int num;
- unsigned char *buf;
-
- PK11Context *md5 = 0;
- PK11Context *sha1 = 0;
-
- unsigned int md5_length, sha1_length;
-
- buf = (unsigned char *) PORT_ZAlloc (FILECHUNQ);
- if (buf == NULL)
- {
- /* out of memory */
- return JAR_ERR_MEMORY;
- }
-
- if ((fp = JAR_FOPEN (filename, "rb")) == 0)
- {
- /* perror (filename); FIX XXX XXX XXX XXX XXX XXX */
- PORT_Free (buf);
- return JAR_ERR_FNF;
- }
-
- md5 = PK11_CreateDigestContext (SEC_OID_MD5);
- sha1 = PK11_CreateDigestContext (SEC_OID_SHA1);
-
- if (md5 == NULL || sha1 == NULL)
- {
- /* can't generate digest contexts */
- PORT_Free (buf);
- JAR_FCLOSE (fp);
- return JAR_ERR_GENERAL;
- }
-
- PK11_DigestBegin (md5);
- PK11_DigestBegin (sha1);
-
- while (1)
- {
- if ((num = JAR_FREAD (fp, buf, FILECHUNQ)) == 0)
- break;
-
- PK11_DigestOp (md5, buf, num);
- PK11_DigestOp (sha1, buf, num);
- }
-
- PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH);
- PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
-
- PK11_DestroyContext (md5, PR_TRUE);
- PK11_DestroyContext (sha1, PR_TRUE);
-
- PORT_Free (buf);
- JAR_FCLOSE (fp);
-
- return 0;
- }
-
-/*
- * J A R _ o p e n _ k e y _ d a t a b a s e
- *
- */
-
-SECKEYKeyDBHandle *jar_open_key_database (void)
- {
- SECKEYKeyDBHandle *keydb;
-
- keydb = SECKEY_GetDefaultKeyDB();
-
- if (keydb == NULL)
- { /* open by file if this fails, if jartool is to call this */ ; }
-
- return keydb;
- }
-
-int jar_close_key_database (SECKEYKeyDBHandle *keydb)
- {
- /* We never do close it */
- return 0;
- }
-
-
-/*
- * j a r _ c r e a t e _ p k 7
- *
- */
-
-static void jar_pk7_out (void *arg, const char *buf, unsigned long len)
- {
- JAR_FWRITE ((JAR_FILE) arg, buf, len);
- }
-
-int jar_create_pk7
- (CERTCertDBHandle *certdb, SECKEYKeyDBHandle *keydb,
- CERTCertificate *cert, char *password, JAR_FILE infp, JAR_FILE outfp)
- {
- int nb;
- unsigned char buffer [4096], digestdata[32];
- SECHashObject *hashObj;
- void *hashcx;
- unsigned int len;
-
- int status = 0;
- char *errstring;
-
- SECItem digest;
- SEC_PKCS7ContentInfo *cinfo;
- SECStatus rv;
-
- void /*MWContext*/ *mw;
-
- if (outfp == NULL || infp == NULL || cert == NULL)
- return JAR_ERR_GENERAL;
-
- /* we sign with SHA */
- hashObj = &SECHashObjects [HASH_AlgSHA1];
-
- hashcx = (* hashObj->create)();
- if (hashcx == NULL)
- return JAR_ERR_GENERAL;
-
- (* hashObj->begin)(hashcx);
-
- while (1)
- {
- /* nspr2.0 doesn't support feof
- if (feof (infp)) break; */
-
- nb = JAR_FREAD (infp, buffer, sizeof (buffer));
- if (nb == 0)
- {
-#if 0
- if (ferror(infp))
- {
- /* PORT_SetError(SEC_ERROR_IO); */ /* FIX */
- (* hashObj->destroy) (hashcx, PR_TRUE);
- return JAR_ERR_GENERAL;
- }
-#endif
- /* eof */
- break;
- }
- (* hashObj->update) (hashcx, buffer, nb);
- }
-
- (* hashObj->end) (hashcx, digestdata, &len, 32);
- (* hashObj->destroy) (hashcx, PR_TRUE);
-
- digest.data = digestdata;
- digest.len = len;
-
- /* signtool must use any old context it can find since it's
- calling from inside javaland. */
-
-#ifdef MOZILLA_CLIENT
- mw = XP_FindSomeContext();
-#else
- mw = NULL;
-#endif
-
- PORT_SetError (0);
-
- cinfo = SEC_PKCS7CreateSignedData
- (cert, certUsageObjectSigner, NULL,
- SEC_OID_SHA1, &digest, NULL, (void *) mw);
-
- if (cinfo == NULL)
- return JAR_ERR_PK7;
-
- rv = SEC_PKCS7IncludeCertChain (cinfo, NULL);
- if (rv != SECSuccess)
- {
- status = PORT_GetError();
- SEC_PKCS7DestroyContentInfo (cinfo);
- return status;
- }
-
- /* Having this here forces signtool to always include
- signing time. */
-
- rv = SEC_PKCS7AddSigningTime (cinfo);
- if (rv != SECSuccess)
- {
- /* don't check error */
- }
-
- PORT_SetError (0);
-
-#ifdef USE_MOZ_THREAD
- /* if calling from mozilla */
- rv = jar_moz_encode
- (cinfo, jar_pk7_out, outfp,
- NULL, /* pwfn */ NULL, /* pwarg */ (void *) mw);
-#else
- /* if calling from mozilla thread*/
- rv = SEC_PKCS7Encode
- (cinfo, jar_pk7_out, outfp,
- NULL, /* pwfn */ NULL, /* pwarg */ (void *) mw):
-#endif
-
- if (rv != SECSuccess)
- status = PORT_GetError();
-
- SEC_PKCS7DestroyContentInfo (cinfo);
-
- if (rv != SECSuccess)
- {
- errstring = JAR_get_error (status);
- /*XP_TRACE (("Jar signing failed (reason %d = %s)", status, errstring));*/
- return status < 0 ? status : JAR_ERR_GENERAL;
- }
-
- return 0;
- }
diff --git a/security/nss/lib/jar/jarver.c b/security/nss/lib/jar/jarver.c
deleted file mode 100644
index 2f4f589fe..000000000
--- a/security/nss/lib/jar/jarver.c
+++ /dev/null
@@ -1,2029 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * JARVER
- *
- * Jarnature Parsing & Verification
- */
-
-#define USE_MOZ_THREAD
-
-#include "jar.h"
-#include "jarint.h"
-
-#ifdef USE_MOZ_THREAD
-#include "jarevil.h"
-#endif
-#include "cdbhdl.h"
-
-/* to use huge pointers in win16 */
-
-#if !defined(XP_WIN16)
-#define xp_HUGE_MEMCPY PORT_Memcpy
-#define xp_HUGE_STRCPY PORT_Strcpy
-#define xp_HUGE_STRLEN PORT_Strlen
-#define xp_HUGE_STRNCASECMP PORT_Strncasecmp
-#else
-#define xp_HUGE_MEMCPY hmemcpy
-int xp_HUGE_STRNCASECMP (char ZHUGEP *buf, char *key, int len);
-size_t xp_HUGE_STRLEN (char ZHUGEP *s);
-char *xp_HUGE_STRCPY (char *to, char ZHUGEP *from);
-#endif
-
-/* from certdb.h */
-#define CERTDB_USER (1<<6)
-
-#if 0
-/* from certdb.h */
-extern PRBool SEC_CertNicknameConflict
- (char *nickname, CERTCertDBHandle *handle);
-/* from certdb.h */
-extern SECStatus SEC_AddTempNickname
- (CERTCertDBHandle *handle, char *nickname, SECItem *certKey);
-/* from certdb.h */
-typedef SECStatus (* PermCertCallback)(CERTCertificate *cert, SECItem *k, void *pdata);
-#endif
-
-/* from certdb.h */
-SECStatus SEC_TraversePermCerts
- (CERTCertDBHandle *handle, PermCertCallback certfunc, void *udata);
-
-
-#define SZ 512
-
-static int jar_validate_pkcs7
- (JAR *jar, JAR_Signer *signer, char *data, long length);
-
-static int jar_decode (JAR *jar, char *data, long length);
-
-static void jar_catch_bytes
- (void *arg, const char *buf, unsigned long len);
-
-static int jar_gather_signers
- (JAR *jar, JAR_Signer *signer, SEC_PKCS7ContentInfo *cinfo);
-
-static char ZHUGEP *jar_eat_line
- (int lines, int eating, char ZHUGEP *data, long *len);
-
-static JAR_Digest *jar_digest_section
- (char ZHUGEP *manifest, long length);
-
-static JAR_Digest *jar_get_mf_digest (JAR *jar, char *path);
-
-static int jar_parse_digital_signature
- (char *raw_manifest, JAR_Signer *signer, long length, JAR *jar);
-
-static int jar_add_cert
- (JAR *jar, JAR_Signer *signer, int type, CERTCertificate *cert);
-
-static CERTCertificate *jar_get_certificate
- (JAR *jar, long keylen, void *key, int *result);
-
-static char *jar_cert_element (char *name, char *tag, int occ);
-
-static char *jar_choose_nickname (CERTCertificate *cert);
-
-static char *jar_basename (const char *path);
-
-static int jar_signal
- (int status, JAR *jar, const char *metafile, char *pathname);
-
-static int jar_insanity_check (char ZHUGEP *data, long length);
-
-int jar_parse_mf
- (JAR *jar, char ZHUGEP *raw_manifest,
- long length, const char *path, const char *url);
-
-int jar_parse_sf
- (JAR *jar, char ZHUGEP *raw_manifest,
- long length, const char *path, const char *url);
-
-int jar_parse_sig
- (JAR *jar, const char *path, char ZHUGEP *raw_manifest, long length);
-
-int jar_parse_any
- (JAR *jar, int type, JAR_Signer *signer, char ZHUGEP *raw_manifest,
- long length, const char *path, const char *url);
-
-static int jar_internal_digest
- (JAR *jar, const char *path, char *x_name, JAR_Digest *dig);
-
-/*
- * J A R _ p a r s e _ m a n i f e s t
- *
- * Pass manifest files to this function. They are
- * decoded and placed into internal representations.
- *
- * Accepts both signature and manifest files. Use
- * the same "jar" for both.
- *
- */
-
-int JAR_parse_manifest
- (JAR *jar, char ZHUGEP *raw_manifest,
- long length, const char *path, const char *url)
- {
-
-#if defined(XP_WIN16)
- PORT_Assert( !IsBadHugeReadPtr(raw_manifest, length) );
-#endif
-
- /* fill in the path, if supplied. This is a the location
- of the jar file on disk, if known */
-
- if (jar->filename == NULL && path)
- {
- jar->filename = PORT_Strdup (path);
- if (jar->filename == NULL)
- return JAR_ERR_MEMORY;
- }
-
- /* fill in the URL, if supplied. This is the place
- from which the jar file was retrieved. */
-
- if (jar->url == NULL && url)
- {
- jar->url = PORT_Strdup (url);
- if (jar->url == NULL)
- return JAR_ERR_MEMORY;
- }
-
- /* Determine what kind of file this is from the META-INF
- directory. It could be MF, SF, or a binary RSA/DSA file */
-
- if (!xp_HUGE_STRNCASECMP (raw_manifest, "Manifest-Version:", 17))
- {
- return jar_parse_mf (jar, raw_manifest, length, path, url);
- }
- else if (!xp_HUGE_STRNCASECMP (raw_manifest, "Signature-Version:", 18))
- {
- return jar_parse_sf (jar, raw_manifest, length, path, url);
- }
- else
- {
- /* This is probably a binary signature */
- return jar_parse_sig (jar, path, raw_manifest, length);
- }
- }
-
-/*
- * j a r _ p a r s e _ s i g
- *
- * Pass some manner of RSA or DSA digital signature
- * on, after checking to see if it comes at an appropriate state.
- *
- */
-
-int jar_parse_sig
- (JAR *jar, const char *path, char ZHUGEP *raw_manifest, long length)
- {
- JAR_Signer *signer;
- int status = JAR_ERR_ORDER;
-
- if (length <= 128)
- {
- /* signature is way too small */
- return JAR_ERR_SIG;
- }
-
- /* make sure that MF and SF have already been processed */
-
- if (jar->globalmeta == NULL)
- return JAR_ERR_ORDER;
-
-#if 0
- /* XXX Turn this on to disable multiple signers */
- if (jar->digest == NULL)
- return JAR_ERR_ORDER;
-#endif
-
- /* Determine whether or not this RSA file has
- has an associated SF file */
-
- if (path)
- {
- char *owner;
- owner = jar_basename (path);
-
- if (owner == NULL)
- return JAR_ERR_MEMORY;
-
- signer = jar_get_signer (jar, owner);
-
- PORT_Free (owner);
- }
- else
- signer = jar_get_signer (jar, "*");
-
- if (signer == NULL)
- return JAR_ERR_ORDER;
-
-
- /* Do not pass a huge pointer to this function,
- since the underlying security code is unaware. We will
- never pass >64k through here. */
-
- if (length > 64000)
- {
- /* this digital signature is way too big */
- return JAR_ERR_SIG;
- }
-
-#ifdef XP_WIN16
- /*
- * For Win16, copy the portion of the raw_buffer containing the digital
- * signature into another buffer... This insures that the data will
- * NOT cross a segment boundary. Therefore,
- * jar_parse_digital_signature(...) does NOT need to deal with HUGE
- * pointers...
- */
-
- {
- unsigned char *manifest_copy;
-
- manifest_copy = (unsigned char *) PORT_ZAlloc (length);
- if (manifest_copy)
- {
- xp_HUGE_MEMCPY (manifest_copy, raw_manifest, length);
-
- status = jar_parse_digital_signature
- (manifest_copy, signer, length, jar);
-
- PORT_Free (manifest_copy);
- }
- else
- {
- /* out of memory */
- return JAR_ERR_MEMORY;
- }
- }
-#else
- /* don't expense unneeded calloc overhead on non-win16 */
- status = jar_parse_digital_signature
- (raw_manifest, signer, length, jar);
-#endif
-
- return status;
- }
-
-/*
- * j a r _ p a r s e _ m f
- *
- * Parse the META-INF/manifest.mf file, whose
- * information applies to all signers.
- *
- */
-
-int jar_parse_mf
- (JAR *jar, char ZHUGEP *raw_manifest,
- long length, const char *path, const char *url)
- {
- if (jar->globalmeta)
- {
- /* refuse a second manifest file, if passed for some reason */
- return JAR_ERR_ORDER;
- }
-
-
- /* remember a digest for the global section */
-
- jar->globalmeta = jar_digest_section (raw_manifest, length);
-
- if (jar->globalmeta == NULL)
- return JAR_ERR_MEMORY;
-
-
- return jar_parse_any
- (jar, jarTypeMF, NULL, raw_manifest, length, path, url);
- }
-
-/*
- * j a r _ p a r s e _ s f
- *
- * Parse META-INF/xxx.sf, a digitally signed file
- * pointing to a subset of MF sections.
- *
- */
-
-int jar_parse_sf
- (JAR *jar, char ZHUGEP *raw_manifest,
- long length, const char *path, const char *url)
- {
- JAR_Signer *signer = NULL;
- int status = JAR_ERR_MEMORY;
-
- if (jar->globalmeta == NULL)
- {
- /* It is a requirement that the MF file be passed before the SF file */
- return JAR_ERR_ORDER;
- }
-
- signer = JAR_new_signer();
-
- if (signer == NULL)
- goto loser;
-
- if (path)
- {
- signer->owner = jar_basename (path);
- if (signer->owner == NULL)
- goto loser;
- }
-
-
- /* check for priors. When someone doctors a jar file
- to contain identical path entries, prevent the second
- one from affecting JAR functions */
-
- if (jar_get_signer (jar, signer->owner))
- {
- /* someone is trying to spoof us */
- status = JAR_ERR_ORDER;
- goto loser;
- }
-
-
- /* remember its digest */
-
- signer->digest = JAR_calculate_digest (raw_manifest, length);
-
- if (signer->digest == NULL)
- goto loser;
-
- /* Add this signer to the jar */
-
- ADDITEM (jar->signers, jarTypeOwner,
- signer->owner, signer, sizeof (JAR_Signer));
-
-
- return jar_parse_any
- (jar, jarTypeSF, signer, raw_manifest, length, path, url);
-
-loser:
-
- if (signer)
- JAR_destroy_signer (signer);
-
- return status;
- }
-
-/*
- * j a r _ p a r s e _ a n y
- *
- * Parse a MF or SF manifest file.
- *
- */
-
-int jar_parse_any
- (JAR *jar, int type, JAR_Signer *signer, char ZHUGEP *raw_manifest,
- long length, const char *path, const char *url)
- {
- int status;
-
- long raw_len;
-
- JAR_Digest *dig, *mfdig = NULL;
-
- char line [SZ];
- char x_name [SZ], x_md5 [SZ], x_sha [SZ];
-
- char *x_info;
-
- char *sf_md5 = NULL, *sf_sha1 = NULL;
-
- *x_name = 0;
- *x_md5 = 0;
- *x_sha = 0;
-
- PORT_Assert( length > 0 );
- raw_len = length;
-
-#ifdef DEBUG
- if ((status = jar_insanity_check (raw_manifest, raw_len)) < 0)
- return status;
-#endif
-
-
- /* null terminate the first line */
- raw_manifest = jar_eat_line (0, PR_TRUE, raw_manifest, &raw_len);
-
-
- /* skip over the preliminary section */
- /* This is one section at the top of the file with global metainfo */
-
- while (raw_len)
- {
- JAR_Metainfo *met;
-
- raw_manifest = jar_eat_line (1, PR_TRUE, raw_manifest, &raw_len);
- if (!*raw_manifest) break;
-
- met = (JAR_Metainfo*)PORT_ZAlloc (sizeof (JAR_Metainfo));
- if (met == NULL)
- return JAR_ERR_MEMORY;
-
- /* Parse out the header & info */
-
- if (xp_HUGE_STRLEN (raw_manifest) >= SZ)
- {
- /* almost certainly nonsense */
- continue;
- }
-
- xp_HUGE_STRCPY (line, raw_manifest);
- x_info = line;
-
- while (*x_info && *x_info != ' ' && *x_info != '\t' && *x_info != ':')
- x_info++;
-
- if (*x_info) *x_info++ = 0;
-
- while (*x_info == ' ' || *x_info == '\t')
- x_info++;
-
- /* metainfo (name, value) pair is now (line, x_info) */
-
- met->header = PORT_Strdup (line);
- met->info = PORT_Strdup (x_info);
-
- if (type == jarTypeMF)
- {
- ADDITEM (jar->metainfo, jarTypeMeta,
- /* pathname */ NULL, met, sizeof (JAR_Metainfo));
- }
-
- /* For SF files, this metadata may be the digests
- of the MF file, still in the "met" structure. */
-
- if (type == jarTypeSF)
- {
- if (!PORT_Strcasecmp (line, "MD5-Digest"))
- sf_md5 = (char *) met->info;
-
- if (!PORT_Strcasecmp (line, "SHA1-Digest") || !PORT_Strcasecmp (line, "SHA-Digest"))
- sf_sha1 = (char *) met->info;
- }
- }
-
- if (type == jarTypeSF && jar->globalmeta)
- {
- /* this is a SF file which may contain a digest of the manifest.mf's
- global metainfo. */
-
- int match = 0;
- JAR_Digest *glob = jar->globalmeta;
-
- if (sf_md5)
- {
- unsigned int md5_length;
- unsigned char *md5_digest;
-
- md5_digest = ATOB_AsciiToData (sf_md5, &md5_length);
- PORT_Assert( md5_length == MD5_LENGTH );
-
- if (md5_length != MD5_LENGTH)
- return JAR_ERR_CORRUPT;
-
- match = PORT_Memcmp (md5_digest, glob->md5, MD5_LENGTH);
- }
-
- if (sf_sha1 && match == 0)
- {
- unsigned int sha1_length;
- unsigned char *sha1_digest;
-
- sha1_digest = ATOB_AsciiToData (sf_sha1, &sha1_length);
- PORT_Assert( sha1_length == SHA1_LENGTH );
-
- if (sha1_length != SHA1_LENGTH)
- return JAR_ERR_CORRUPT;
-
- match = PORT_Memcmp (sha1_digest, glob->sha1, SHA1_LENGTH);
- }
-
- if (match != 0)
- {
- /* global digest doesn't match, SF file therefore invalid */
- jar->valid = JAR_ERR_METADATA;
- return JAR_ERR_METADATA;
- }
- }
-
- /* done with top section of global data */
-
-
- while (raw_len)
- {
- *x_md5 = 0;
- *x_sha = 0;
- *x_name = 0;
-
-
- /* If this is a manifest file, attempt to get a digest of the following section,
- without damaging it. This digest will be saved later. */
-
- if (type == jarTypeMF)
- {
- char ZHUGEP *sec;
- long sec_len = raw_len;
-
- if (!*raw_manifest || *raw_manifest == '\n')
- {
- /* skip the blank line */
- sec = jar_eat_line (1, PR_FALSE, raw_manifest, &sec_len);
- }
- else
- sec = raw_manifest;
-
- if (!xp_HUGE_STRNCASECMP (sec, "Name:", 5))
- {
- if (type == jarTypeMF)
- mfdig = jar_digest_section (sec, sec_len);
- else
- mfdig = NULL;
- }
- }
-
-
- while (raw_len)
- {
- raw_manifest = jar_eat_line (1, PR_TRUE, raw_manifest, &raw_len);
- if (!*raw_manifest) break; /* blank line, done with this entry */
-
- if (xp_HUGE_STRLEN (raw_manifest) >= SZ)
- {
- /* almost certainly nonsense */
- continue;
- }
-
-
- /* Parse out the name/value pair */
-
- xp_HUGE_STRCPY (line, raw_manifest);
- x_info = line;
-
- while (*x_info && *x_info != ' ' && *x_info != '\t' && *x_info != ':')
- x_info++;
-
- if (*x_info) *x_info++ = 0;
-
- while (*x_info == ' ' || *x_info == '\t')
- x_info++;
-
-
- if (!PORT_Strcasecmp (line, "Name"))
- PORT_Strcpy (x_name, x_info);
-
- else if (!PORT_Strcasecmp (line, "MD5-Digest"))
- PORT_Strcpy (x_md5, x_info);
-
- else if (!PORT_Strcasecmp (line, "SHA1-Digest")
- || !PORT_Strcasecmp (line, "SHA-Digest"))
- {
- PORT_Strcpy (x_sha, x_info);
- }
-
- /* Algorithm list is meta info we don't care about; keeping it out
- of metadata saves significant space for large jar files */
-
- else if (!PORT_Strcasecmp (line, "Digest-Algorithms")
- || !PORT_Strcasecmp (line, "Hash-Algorithms"))
- {
- continue;
- }
-
- /* Meta info is only collected for the manifest.mf file,
- since the JAR_get_metainfo call does not support identity */
-
- else if (type == jarTypeMF)
- {
- JAR_Metainfo *met;
-
- /* this is meta-data */
-
- met = (JAR_Metainfo*)PORT_ZAlloc (sizeof (JAR_Metainfo));
-
- if (met == NULL)
- return JAR_ERR_MEMORY;
-
- /* metainfo (name, value) pair is now (line, x_info) */
-
- if ((met->header = PORT_Strdup (line)) == NULL)
- return JAR_ERR_MEMORY;
-
- if ((met->info = PORT_Strdup (x_info)) == NULL)
- return JAR_ERR_MEMORY;
-
- ADDITEM (jar->metainfo, jarTypeMeta,
- x_name, met, sizeof (JAR_Metainfo));
- }
- }
-
- if(!x_name || !*x_name) {
- /* Whatever that was, it wasn't an entry, because we didn't get a name.
- * We don't really have anything, so don't record this. */
- continue;
- }
-
- dig = (JAR_Digest*)PORT_ZAlloc (sizeof (JAR_Digest));
- if (dig == NULL)
- return JAR_ERR_MEMORY;
-
- if (*x_md5 )
- {
- unsigned int binary_length;
- unsigned char *binary_digest;
-
- binary_digest = ATOB_AsciiToData (x_md5, &binary_length);
- PORT_Assert( binary_length == MD5_LENGTH );
-
- if (binary_length != MD5_LENGTH)
- return JAR_ERR_CORRUPT;
-
- memcpy (dig->md5, binary_digest, MD5_LENGTH);
- dig->md5_status = jarHashPresent;
- }
-
- if (*x_sha )
- {
- unsigned int binary_length;
- unsigned char *binary_digest;
-
- binary_digest = ATOB_AsciiToData (x_sha, &binary_length);
- PORT_Assert( binary_length == SHA1_LENGTH );
-
- if (binary_length != SHA1_LENGTH)
- return JAR_ERR_CORRUPT;
-
- memcpy (dig->sha1, binary_digest, SHA1_LENGTH);
- dig->sha1_status = jarHashPresent;
- }
-
- PORT_Assert( type == jarTypeMF || type == jarTypeSF );
-
-
- if (type == jarTypeMF)
- {
- ADDITEM (jar->hashes, jarTypeMF, x_name, dig, sizeof (JAR_Digest));
- }
- else if (type == jarTypeSF)
- {
- ADDITEM (signer->sf, jarTypeSF, x_name, dig, sizeof (JAR_Digest));
- }
- else
- return JAR_ERR_ORDER;
-
- /* we're placing these calculated digests of manifest.mf
- sections in a list where they can subsequently be forgotten */
-
- if (type == jarTypeMF && mfdig)
- {
- ADDITEM (jar->manifest, jarTypeSect,
- x_name, mfdig, sizeof (JAR_Digest));
-
- mfdig = NULL;
- }
-
-
- /* Retrieve our saved SHA1 digest from saved copy and check digests.
- This is just comparing the digest of the MF section as indicated in
- the SF file with the one we remembered from parsing the MF file */
-
- if (type == jarTypeSF)
- {
- if ((status = jar_internal_digest (jar, path, x_name, dig)) < 0)
- return status;
- }
- }
-
- return 0;
- }
-
-static int jar_internal_digest
- (JAR *jar, const char *path, char *x_name, JAR_Digest *dig)
- {
- int cv;
- int status;
-
- JAR_Digest *savdig;
-
- savdig = jar_get_mf_digest (jar, x_name);
-
- if (savdig == NULL)
- {
- /* no .mf digest for this pathname */
- status = jar_signal (JAR_ERR_ENTRY, jar, path, x_name);
- if (status < 0)
- return 0; /* was continue; */
- else
- return status;
- }
-
- /* check for md5 consistency */
- if (dig->md5_status)
- {
- cv = PORT_Memcmp (savdig->md5, dig->md5, MD5_LENGTH);
- /* md5 hash of .mf file is not what expected */
- if (cv)
- {
- status = jar_signal (JAR_ERR_HASH, jar, path, x_name);
-
- /* bad hash, man */
-
- dig->md5_status = jarHashBad;
- savdig->md5_status = jarHashBad;
-
- if (status < 0)
- return 0; /* was continue; */
- else
- return status;
- }
- }
-
- /* check for sha1 consistency */
- if (dig->sha1_status)
- {
- cv = PORT_Memcmp (savdig->sha1, dig->sha1, SHA1_LENGTH);
- /* sha1 hash of .mf file is not what expected */
- if (cv)
- {
- status = jar_signal (JAR_ERR_HASH, jar, path, x_name);
-
- /* bad hash, man */
-
- dig->sha1_status = jarHashBad;
- savdig->sha1_status = jarHashBad;
-
- if (status < 0)
- return 0; /* was continue; */
- else
- return status;
- }
- }
- return 0;
- }
-
-#ifdef DEBUG
-/*
- * j a r _ i n s a n i t y _ c h e c k
- *
- * Check for illegal characters (or possibly so)
- * in the manifest files, to detect potential memory
- * corruption by our neighbors. Debug only, since
- * not I18N safe.
- *
- */
-
-static int jar_insanity_check (char ZHUGEP *data, long length)
- {
- int c;
- long off;
-
- for (off = 0; off < length; off++)
- {
- c = data [off];
-
- if (c == '\n' || c == '\r' || (c >= ' ' && c <= 128))
- continue;
-
- return JAR_ERR_CORRUPT;
- }
-
- return 0;
- }
-#endif
-
-/*
- * j a r _ p a r s e _ d i g i t a l _ s i g n a t u r e
- *
- * Parse an RSA or DSA (or perhaps other) digital signature.
- * Right now everything is PKCS7.
- *
- */
-
-static int jar_parse_digital_signature
- (char *raw_manifest, JAR_Signer *signer, long length, JAR *jar)
- {
-#if defined(XP_WIN16)
- PORT_Assert( LOWORD(raw_manifest) + length < 0xFFFF );
-#endif
- return jar_validate_pkcs7 (jar, signer, raw_manifest, length);
- }
-
-/*
- * j a r _ a d d _ c e r t
- *
- * Add information for the given certificate
- * (or whatever) to the JAR linked list. A pointer
- * is passed for some relevant reference, say
- * for example the original certificate.
- *
- */
-
-static int jar_add_cert
- (JAR *jar, JAR_Signer *signer, int type, CERTCertificate *cert)
- {
- JAR_Cert *fing;
-
- if (cert == NULL)
- return JAR_ERR_ORDER;
-
- fing = (JAR_Cert*)PORT_ZAlloc (sizeof (JAR_Cert));
-
- if (fing == NULL)
- goto loser;
-
-#ifdef USE_MOZ_THREAD
- fing->cert = jar_moz_dup (cert);
-#else
- fing->cert = CERT_DupCertificate (cert);
-#endif
-
- /* get the certkey */
-
- fing->length = cert->certKey.len;
-
- fing->key = (char *) PORT_ZAlloc (fing->length);
-
- if (fing->key == NULL)
- goto loser;
-
- PORT_Memcpy (fing->key, cert->certKey.data, fing->length);
-
- ADDITEM (signer->certs, type,
- /* pathname */ NULL, fing, sizeof (JAR_Cert));
-
- return 0;
-
-loser:
-
- if (fing)
- {
- if (fing->cert)
- CERT_DestroyCertificate (fing->cert);
-
- PORT_Free (fing);
- }
-
- return JAR_ERR_MEMORY;
- }
-
-/*
- * e a t _ l i n e
- *
- * Consume an ascii line from the top of a file kept
- * in memory. This destroys the file in place. This function
- * handles PC, Mac, and Unix style text files.
- *
- */
-
-static char ZHUGEP *jar_eat_line
- (int lines, int eating, char ZHUGEP *data, long *len)
- {
- char ZHUGEP *ret;
-
- ret = data;
- if (!*len) return ret;
-
- /* Eat the requisite number of lines, if any;
- prior to terminating the current line with a 0. */
-
- for (/* yip */ ; lines; lines--)
- {
- while (*data && *data != '\n')
- data++;
-
- /* After the CR, ok to eat one LF */
-
- if (*data == '\n')
- data++;
-
- /* If there are zeros, we put them there */
-
- while (*data == 0 && data - ret < *len)
- data++;
- }
-
- *len -= data - ret;
- ret = data;
-
- if (eating)
- {
- /* Terminate this line with a 0 */
-
- while (*data && *data != '\n' && *data != '\r')
- data++;
-
- /* In any case we are allowed to eat CR */
-
- if (*data == '\r')
- *data++ = 0;
-
- /* After the CR, ok to eat one LF */
-
- if (*data == '\n')
- *data++ = 0;
- }
-
- return ret;
- }
-
-/*
- * j a r _ d i g e s t _ s e c t i o n
- *
- * Return the digests of the next section of the manifest file.
- * Does not damage the manifest file, unlike parse_manifest.
- *
- */
-
-static JAR_Digest *jar_digest_section
- (char ZHUGEP *manifest, long length)
- {
- long global_len;
- char ZHUGEP *global_end;
-
- global_end = manifest;
- global_len = length;
-
- while (global_len)
- {
- global_end = jar_eat_line (1, PR_FALSE, global_end, &global_len);
- if (*global_end == 0 || *global_end == '\n')
- break;
- }
-
- return JAR_calculate_digest (manifest, global_end - manifest);
- }
-
-/*
- * J A R _ v e r i f y _ d i g e s t
- *
- * Verifies that a precalculated digest matches the
- * expected value in the manifest.
- *
- */
-
-int PR_CALLBACK JAR_verify_digest
- (JAR *jar, const char *name, JAR_Digest *dig)
- {
- JAR_Item *it;
-
- JAR_Digest *shindig;
-
- ZZLink *link;
- ZZList *list;
-
- int result1, result2;
-
- list = jar->hashes;
-
- result1 = result2 = 0;
-
- if (jar->valid < 0)
- {
- /* signature not valid */
- return JAR_ERR_SIG;
- }
-
- if (ZZ_ListEmpty (list))
- {
- /* empty list */
- return JAR_ERR_PNF;
- }
-
- for (link = ZZ_ListHead (list);
- !ZZ_ListIterDone (list, link);
- link = link->next)
- {
- it = link->thing;
- if (it->type == jarTypeMF
- && it->pathname && !PORT_Strcmp (it->pathname, name))
- {
- shindig = (JAR_Digest *) it->data;
-
- if (shindig->md5_status)
- {
- if (shindig->md5_status == jarHashBad)
- return JAR_ERR_HASH;
- else
- result1 = memcmp (dig->md5, shindig->md5, MD5_LENGTH);
- }
-
- if (shindig->sha1_status)
- {
- if (shindig->sha1_status == jarHashBad)
- return JAR_ERR_HASH;
- else
- result2 = memcmp (dig->sha1, shindig->sha1, SHA1_LENGTH);
- }
-
- return (result1 == 0 && result2 == 0) ? 0 : JAR_ERR_HASH;
- }
- }
-
- return JAR_ERR_PNF;
- }
-
-/*
- * J A R _ c e r t _ a t t r i b u t e
- *
- * Return the named certificate attribute from the
- * certificate specified by the given key.
- *
- */
-
-int PR_CALLBACK JAR_cert_attribute
- (JAR *jar, jarCert attrib, long keylen, void *key,
- void **result, unsigned long *length)
- {
- int status = 0;
- char *ret = NULL;
-
- CERTCertificate *cert;
-
- CERTCertDBHandle *certdb;
-
- JAR_Digest *dig;
- SECItem hexme;
-
- *length = 0;
-
- if (attrib == 0 || key == 0)
- return JAR_ERR_GENERAL;
-
- if (attrib == jarCertJavaHack)
- {
- cert = (CERTCertificate *) NULL;
- certdb = JAR_open_database();
-
- if (certdb)
- {
-#ifdef USE_MOZ_THREAD
- cert = jar_moz_nickname (certdb, (char*)key);
-#else
- cert = CERT_FindCertByNickname (certdb, key);
-#endif
-
- if (cert)
- {
- *length = cert->certKey.len;
-
- *result = (void *) PORT_ZAlloc (*length);
-
- if (*result)
- PORT_Memcpy (*result, cert->certKey.data, *length);
- else
- return JAR_ERR_MEMORY;
- }
- JAR_close_database (certdb);
- }
-
- return cert ? 0 : JAR_ERR_GENERAL;
- }
-
- if (jar && jar->pkcs7 == 0)
- return JAR_ERR_GENERAL;
-
- cert = jar_get_certificate (jar, keylen, key, &status);
-
- if (cert == NULL || status < 0)
- return JAR_ERR_GENERAL;
-
-#define SEP " <br> "
-#define SEPLEN (PORT_Strlen(SEP))
-
- switch (attrib)
- {
- case jarCertCompany:
-
- ret = cert->subjectName;
-
- /* This is pretty ugly looking but only used
- here for this one purpose. */
-
- if (ret)
- {
- int retlen = 0;
-
- char *cer_ou1, *cer_ou2, *cer_ou3;
- char *cer_cn, *cer_e, *cer_o, *cer_l;
-
- cer_cn = CERT_GetCommonName (&cert->subject);
- cer_e = CERT_GetCertEmailAddress (&cert->subject);
- cer_ou3 = jar_cert_element (ret, "OU=", 3);
- cer_ou2 = jar_cert_element (ret, "OU=", 2);
- cer_ou1 = jar_cert_element (ret, "OU=", 1);
- cer_o = CERT_GetOrgName (&cert->subject);
- cer_l = CERT_GetCountryName (&cert->subject);
-
- if (cer_cn) retlen += SEPLEN + PORT_Strlen (cer_cn);
- if (cer_e) retlen += SEPLEN + PORT_Strlen (cer_e);
- if (cer_ou1) retlen += SEPLEN + PORT_Strlen (cer_ou1);
- if (cer_ou2) retlen += SEPLEN + PORT_Strlen (cer_ou2);
- if (cer_ou3) retlen += SEPLEN + PORT_Strlen (cer_ou3);
- if (cer_o) retlen += SEPLEN + PORT_Strlen (cer_o);
- if (cer_l) retlen += SEPLEN + PORT_Strlen (cer_l);
-
- ret = (char *) PORT_ZAlloc (1 + retlen);
-
- if (cer_cn) { PORT_Strcpy (ret, cer_cn); PORT_Strcat (ret, SEP); }
- if (cer_e) { PORT_Strcat (ret, cer_e); PORT_Strcat (ret, SEP); }
- if (cer_ou1) { PORT_Strcat (ret, cer_ou1); PORT_Strcat (ret, SEP); }
- if (cer_ou2) { PORT_Strcat (ret, cer_ou2); PORT_Strcat (ret, SEP); }
- if (cer_ou3) { PORT_Strcat (ret, cer_ou3); PORT_Strcat (ret, SEP); }
- if (cer_o) { PORT_Strcat (ret, cer_o); PORT_Strcat (ret, SEP); }
- if (cer_l) PORT_Strcat (ret, cer_l);
-
- /* return here to avoid unsightly memory leak */
-
- *result = ret;
- *length = PORT_Strlen (ret);
-
- return 0;
- }
- break;
-
- case jarCertCA:
-
- ret = cert->issuerName;
-
- if (ret)
- {
- int retlen = 0;
-
- char *cer_ou1, *cer_ou2, *cer_ou3;
- char *cer_cn, *cer_e, *cer_o, *cer_l;
-
- /* This is pretty ugly looking but only used
- here for this one purpose. */
-
- cer_cn = CERT_GetCommonName (&cert->issuer);
- cer_e = CERT_GetCertEmailAddress (&cert->issuer);
- cer_ou3 = jar_cert_element (ret, "OU=", 3);
- cer_ou2 = jar_cert_element (ret, "OU=", 2);
- cer_ou1 = jar_cert_element (ret, "OU=", 1);
- cer_o = CERT_GetOrgName (&cert->issuer);
- cer_l = CERT_GetCountryName (&cert->issuer);
-
- if (cer_cn) retlen += SEPLEN + PORT_Strlen (cer_cn);
- if (cer_e) retlen += SEPLEN + PORT_Strlen (cer_e);
- if (cer_ou1) retlen += SEPLEN + PORT_Strlen (cer_ou1);
- if (cer_ou2) retlen += SEPLEN + PORT_Strlen (cer_ou2);
- if (cer_ou3) retlen += SEPLEN + PORT_Strlen (cer_ou3);
- if (cer_o) retlen += SEPLEN + PORT_Strlen (cer_o);
- if (cer_l) retlen += SEPLEN + PORT_Strlen (cer_l);
-
- ret = (char *) PORT_ZAlloc (1 + retlen);
-
- if (cer_cn) { PORT_Strcpy (ret, cer_cn); PORT_Strcat (ret, SEP); }
- if (cer_e) { PORT_Strcat (ret, cer_e); PORT_Strcat (ret, SEP); }
- if (cer_ou1) { PORT_Strcat (ret, cer_ou1); PORT_Strcat (ret, SEP); }
- if (cer_ou2) { PORT_Strcat (ret, cer_ou2); PORT_Strcat (ret, SEP); }
- if (cer_ou3) { PORT_Strcat (ret, cer_ou3); PORT_Strcat (ret, SEP); }
- if (cer_o) { PORT_Strcat (ret, cer_o); PORT_Strcat (ret, SEP); }
- if (cer_l) PORT_Strcat (ret, cer_l);
-
- /* return here to avoid unsightly memory leak */
-
- *result = ret;
- *length = PORT_Strlen (ret);
-
- return 0;
- }
-
- break;
-
- case jarCertSerial:
-
- ret = CERT_Hexify (&cert->serialNumber, 1);
- break;
-
- case jarCertExpires:
-
- ret = DER_UTCDayToAscii (&cert->validity.notAfter);
- break;
-
- case jarCertNickname:
-
- ret = jar_choose_nickname (cert);
- break;
-
- case jarCertFinger:
-
- dig = JAR_calculate_digest
- ((char *) cert->derCert.data, cert->derCert.len);
-
- if (dig)
- {
- hexme.len = sizeof (dig->md5);
- hexme.data = dig->md5;
- ret = CERT_Hexify (&hexme, 1);
- }
- break;
-
- default:
-
- return JAR_ERR_GENERAL;
- }
-
- *result = ret ? PORT_Strdup (ret) : NULL;
- *length = ret ? PORT_Strlen (ret) : 0;
-
- return 0;
- }
-
-/*
- * j a r _ c e r t _ e l e m e n t
- *
- * Retrieve an element from an x400ish ascii
- * designator, in a hackish sort of way. The right
- * thing would probably be to sort AVATags.
- *
- */
-
-static char *jar_cert_element (char *name, char *tag, int occ)
- {
- if (name && tag)
- {
- char *s;
- int found = 0;
-
- while (occ--)
- {
- if (PORT_Strstr (name, tag))
- {
- name = PORT_Strstr (name, tag) + PORT_Strlen (tag);
- found = 1;
- }
- else
- {
- name = PORT_Strstr (name, "=");
- if (name == NULL) return NULL;
- found = 0;
- }
- }
-
- if (!found) return NULL;
-
- /* must mangle only the copy */
- name = PORT_Strdup (name);
-
- /* advance to next equal */
- for (s = name; *s && *s != '='; s++)
- /* yip */ ;
-
- /* back up to previous comma */
- while (s > name && *s != ',') s--;
-
- /* zap the whitespace and return */
- *s = 0;
- }
-
- return name;
- }
-
-/*
- * j a r _ c h o o s e _ n i c k n a m e
- *
- * Attempt to determine a suitable nickname for
- * a certificate with a computer-generated "tmpcertxxx"
- * nickname. It needs to be something a user can
- * understand, so try a few things.
- *
- */
-
-static char *jar_choose_nickname (CERTCertificate *cert)
- {
- char *cert_cn;
- char *cert_o;
- char *cert_cn_o;
-
- int cn_o_length;
-
- /* is the existing name ok */
-
- if (cert->nickname && PORT_Strncmp (cert->nickname, "tmpcert", 7))
- return PORT_Strdup (cert->nickname);
-
- /* we have an ugly name here people */
-
- /* Try the CN */
- cert_cn = CERT_GetCommonName (&cert->subject);
-
- if (cert_cn)
- {
- /* check for duplicate nickname */
-
-#ifdef USE_MOZ_THREAD
- if (jar_moz_nickname (CERT_GetDefaultCertDB(), cert_cn) == NULL)
-#else
- if (CERT_FindCertByNickname (CERT_GetDefaultCertDB(), cert_cn) == NULL)
-#endif
- return cert_cn;
-
- /* Try the CN plus O */
- cert_o = CERT_GetOrgName (&cert->subject);
-
- cn_o_length = PORT_Strlen (cert_cn) + 3 + PORT_Strlen (cert_o) + 20;
- cert_cn_o = (char*)PORT_ZAlloc (cn_o_length);
-
- PR_snprintf (cert_cn_o, cn_o_length,
- "%s's %s Certificate", cert_cn, cert_o);
-
-#ifdef USE_MOZ_THREAD
- if (jar_moz_nickname (CERT_GetDefaultCertDB(), cert_cn_o) == NULL)
-#else
- if (CERT_FindCertByNickname (CERT_GetDefaultCertDB(), cert_cn_o) == NULL)
-#endif
- return cert_cn;
- }
-
- /* If all that failed, use the ugly nickname */
- return cert->nickname ? PORT_Strdup (cert->nickname) : NULL;
- }
-
-/*
- * J A R _ c e r t _ h t m l
- *
- * Return an HTML representation of the certificate
- * designated by the given fingerprint, in specified style.
- *
- * JAR is optional, but supply it if you can in order
- * to optimize.
- *
- */
-
-char *JAR_cert_html
- (JAR *jar, int style, long keylen, void *key, int *result)
- {
- char *html;
- CERTCertificate *cert;
-
- *result = -1;
-
- if (style != 0)
- return NULL;
-
- cert = jar_get_certificate (jar, keylen, key, result);
-
- if (cert == NULL || *result < 0)
- return NULL;
-
- *result = 0;
-
- html = CERT_HTMLCertInfo (cert, /* show images */ PR_TRUE,
- /*show issuer*/PR_TRUE);
-
- if (html == NULL)
- *result = -1;
-
- return html;
- }
-
-/*
- * J A R _ s t a s h _ c e r t
- *
- * Stash the certificate pointed to by this
- * fingerprint, in persistent storage somewhere.
- *
- */
-
-extern int PR_CALLBACK JAR_stash_cert
- (JAR *jar, long keylen, void *key)
- {
- int result = 0;
-
- char *nickname;
- CERTCertTrust trust;
-
- CERTCertDBHandle *certdb;
- CERTCertificate *cert, *newcert;
-
- cert = jar_get_certificate (jar, keylen, key, &result);
-
- if (result < 0)
- return result;
-
- if (cert == NULL)
- return JAR_ERR_GENERAL;
-
- if ((certdb = JAR_open_database()) == NULL)
- return JAR_ERR_GENERAL;
-
- /* Attempt to give a name to the newish certificate */
- nickname = jar_choose_nickname (cert);
-
-#ifdef USE_MOZ_THREAD
- newcert = jar_moz_nickname (certdb, nickname);
-#else
- newcert = CERT_FindCertByNickname (certdb, nickname);
-#endif
-
- if (newcert && newcert->isperm)
- {
- /* already in permanant database */
- return 0;
- }
-
- if (newcert) cert = newcert;
-
- /* FIX, since FindCert returns a bogus dbhandle
- set it ourselves */
-
- cert->dbhandle = certdb;
-
-#if 0
- nickname = cert->subjectName;
- if (nickname)
- {
- /* Not checking for a conflict here. But this should
- be a new cert or it would have been found earlier. */
-
- nickname = jar_cert_element (nickname, "CN=", 1);
-
- if (SEC_CertNicknameConflict (nickname, cert->dbhandle))
- {
- /* conflict */
- nickname = PORT_Realloc (&nickname, PORT_Strlen (nickname) + 3);
-
- /* Beyond one copy, there are probably serious problems
- so we will stop at two rather than counting.. */
-
- PORT_Strcat (nickname, " #2");
- }
- }
-#endif
-
- if (nickname != NULL)
- {
- PORT_Memset ((void *) &trust, 0, sizeof(trust));
-
-#ifdef USE_MOZ_THREAD
- if (jar_moz_perm (cert, nickname, &trust) != SECSuccess)
-#else
- if (CERT_AddTempCertToPerm (cert, nickname, &trust) != SECSuccess)
-#endif
- {
- /* XXX might want to call PORT_GetError here */
- result = JAR_ERR_GENERAL;
- }
- }
-
- JAR_close_database (certdb);
-
- return result;
- }
-
-/*
- * J A R _ f e t c h _ c e r t
- *
- * Given an opaque identifier of a certificate,
- * return the full certificate.
- *
- * The new function, which retrieves by key.
- *
- */
-
-void *JAR_fetch_cert (long length, void *key)
- {
- SECItem seckey;
- CERTCertificate *cert = NULL;
-
- CERTCertDBHandle *certdb;
-
- certdb = JAR_open_database();
-
- if (certdb)
- {
- seckey.len = length;
- seckey.data = (unsigned char*)key;
-
-#ifdef USE_MOZ_THREAD
- cert = jar_moz_certkey (certdb, &seckey);
-#else
- cert = CERT_FindCertByKey (certdb, &seckey);
-#endif
-
- JAR_close_database (certdb);
- }
-
- return (void *) cert;
- }
-
-/*
- * j a r _ g e t _ m f _ d i g e s t
- *
- * Retrieve a corresponding saved digest over a section
- * of the main manifest file.
- *
- */
-
-static JAR_Digest *jar_get_mf_digest (JAR *jar, char *pathname)
- {
- JAR_Item *it;
-
- JAR_Digest *dig;
-
- ZZLink *link;
- ZZList *list;
-
- list = jar->manifest;
-
- if (ZZ_ListEmpty (list))
- return NULL;
-
- for (link = ZZ_ListHead (list);
- !ZZ_ListIterDone (list, link);
- link = link->next)
- {
- it = link->thing;
- if (it->type == jarTypeSect
- && it->pathname && !PORT_Strcmp (it->pathname, pathname))
- {
- dig = (JAR_Digest *) it->data;
- return dig;
- }
- }
-
- return NULL;
- }
-
-/*
- * j a r _ b a s e n a m e
- *
- * Return the basename -- leading components of path stripped off,
- * extension ripped off -- of a path.
- *
- */
-
-static char *jar_basename (const char *path)
- {
- char *pith, *e, *basename, *ext;
-
- if (path == NULL)
- return PORT_Strdup ("");
-
- pith = PORT_Strdup (path);
-
- basename = pith;
-
- while (1)
- {
- for (e = basename; *e && *e != '/' && *e != '\\'; e++)
- /* yip */ ;
- if (*e)
- basename = ++e;
- else
- break;
- }
-
- if ((ext = PORT_Strrchr (basename, '.')) != NULL)
- *ext = 0;
-
- /* We already have the space allocated */
- PORT_Strcpy (pith, basename);
-
- return pith;
- }
-
-/*
- * + + + + + + + + + + + + + + +
- *
- * CRYPTO ROUTINES FOR JAR
- *
- * The following functions are the cryptographic
- * interface to PKCS7 for Jarnatures.
- *
- * + + + + + + + + + + + + + + +
- *
- */
-
-/*
- * j a r _ c a t c h _ b y t e s
- *
- * In the event signatures contain enveloped data, it will show up here.
- * But note that the lib/pkcs7 routines aren't ready for it.
- *
- */
-
-static void jar_catch_bytes
- (void *arg, const char *buf, unsigned long len)
- {
- /* Actually this should never be called, since there is
- presumably no data in the signature itself. */
- }
-
-/*
- * j a r _ v a l i d a t e _ p k c s 7
- *
- * Validate (and decode, if necessary) a binary pkcs7
- * signature in DER format.
- *
- */
-
-static int jar_validate_pkcs7
- (JAR *jar, JAR_Signer *signer, char *data, long length)
- {
- SECItem detdig;
-
- SEC_PKCS7ContentInfo *cinfo;
- SEC_PKCS7DecoderContext *dcx;
-
- int status = 0;
- char *errstring = NULL;
-
- PORT_Assert( jar != NULL && signer != NULL );
-
- if (jar == NULL || signer == NULL)
- return JAR_ERR_ORDER;
-
- signer->valid = JAR_ERR_SIG;
-
- /* We need a context if we can get one */
-
-#ifdef MOZILLA_CLIENT
- if (jar->mw == NULL) {
- JAR_set_context (jar, NULL);
- }
-#endif
-
-
- dcx = SEC_PKCS7DecoderStart
- (jar_catch_bytes, NULL /*cb_arg*/, NULL /*getpassword*/, jar->mw,
- NULL, NULL, NULL);
-
- if (dcx != NULL)
- {
- SEC_PKCS7DecoderUpdate (dcx, data, length);
- cinfo = SEC_PKCS7DecoderFinish (dcx);
- }
-
- if (cinfo == NULL)
- {
- /* strange pkcs7 failure */
- return JAR_ERR_PK7;
- }
-
- if (SEC_PKCS7ContentIsEncrypted (cinfo))
- {
- /* content was encrypted, fail */
- return JAR_ERR_PK7;
- }
-
- if (SEC_PKCS7ContentIsSigned (cinfo) == PR_FALSE)
- {
- /* content was not signed, fail */
- return JAR_ERR_PK7;
- }
-
- PORT_SetError (0);
-
- /* use SHA1 only */
-
- detdig.len = SHA1_LENGTH;
- detdig.data = signer->digest->sha1;
-
-#ifdef USE_MOZ_THREAD
- if (jar_moz_verify
- (cinfo, certUsageObjectSigner, &detdig, HASH_AlgSHA1, PR_FALSE)==
- SECSuccess)
-#else
- if (SEC_PKCS7VerifyDetachedSignature
- (cinfo, certUsageObjectSigner, &detdig, HASH_AlgSHA1, PR_FALSE)==
- PR_TRUE)
-#endif
- {
- /* signature is valid */
- signer->valid = 0;
- jar_gather_signers (jar, signer, cinfo);
- }
- else
- {
- status = PORT_GetError();
-
- PORT_Assert( status < 0 );
- if (status >= 0) status = JAR_ERR_SIG;
-
- jar->valid = status;
- signer->valid = status;
-
- errstring = JAR_get_error (status);
- /*XP_TRACE(("JAR signature invalid (reason %d = %s)", status, errstring));*/
- }
-
- jar->pkcs7 = PR_TRUE;
- signer->pkcs7 = PR_TRUE;
-
- SEC_PKCS7DestroyContentInfo (cinfo);
-
- return status;
- }
-
-/*
- * j a r _ g a t h e r _ s i g n e r s
- *
- * Add the single signer of this signature to the
- * certificate linked list.
- *
- */
-
-static int jar_gather_signers
- (JAR *jar, JAR_Signer *signer, SEC_PKCS7ContentInfo *cinfo)
- {
- int result;
-
- CERTCertificate *cert;
- CERTCertDBHandle *certdb;
-
- SEC_PKCS7SignedData *sdp;
- SEC_PKCS7SignerInfo **pksigners, *pksigner;
-
- sdp = cinfo->content.signedData;
-
- if (sdp == NULL)
- return JAR_ERR_PK7;
-
- pksigners = sdp->signerInfos;
-
- /* permit exactly one signer */
-
- if (pksigners == NULL || pksigners [0] == NULL || pksigners [1] != NULL)
- return JAR_ERR_PK7;
-
- pksigner = *pksigners;
- cert = pksigner->cert;
-
- if (cert == NULL)
- return JAR_ERR_PK7;
-
- certdb = JAR_open_database();
-
- if (certdb == NULL)
- return JAR_ERR_GENERAL;
-
- result = jar_add_cert (jar, signer, jarTypeSign, cert);
-
- JAR_close_database (certdb);
-
- return result;
- }
-
-/*
- * j a r _ o p e n _ d a t a b a s e
- *
- * Open the certificate database,
- * for use by JAR functions.
- *
- */
-
-CERTCertDBHandle *JAR_open_database (void)
- {
- int keepcerts = 0;
- CERTCertDBHandle *certdb;
-
- /* local_certdb will only be used if calling from a command line tool */
- static CERTCertDBHandle local_certdb;
-
- certdb = CERT_GetDefaultCertDB();
-
- if (certdb == NULL)
- {
- if (CERT_OpenCertDBFilename (&local_certdb, NULL, (PRBool)!keepcerts) !=
- SECSuccess)
- {
- return NULL;
- }
- certdb = &local_certdb;
- }
-
- return certdb;
- }
-
-/*
- * j a r _ c l o s e _ d a t a b a s e
- *
- * Close the certificate database.
- * For use by JAR functions.
- *
- */
-
-int JAR_close_database (CERTCertDBHandle *certdb)
- {
- CERTCertDBHandle *defaultdb;
-
- /* This really just retrieves the handle, nothing more */
- defaultdb = CERT_GetDefaultCertDB();
-
- /* If there is no default db, it means we opened
- the permanent database for some reason */
-
- if (defaultdb == NULL && certdb != NULL)
- CERT_ClosePermCertDB (certdb);
-
- return 0;
- }
-
-/*
- * j a r _ g e t _ c e r t i f i c a t e
- *
- * Return the certificate referenced
- * by a given fingerprint, or NULL if not found.
- * Error code is returned in result.
- *
- */
-
-static CERTCertificate *jar_get_certificate
- (JAR *jar, long keylen, void *key, int *result)
- {
- int found = 0;
-
- JAR_Item *it;
- JAR_Cert *fing;
-
- JAR_Context *ctx;
-
- if (jar == NULL)
- {
- void *cert;
- cert = JAR_fetch_cert (keylen, key);
- *result = (cert == NULL) ? JAR_ERR_GENERAL : 0;
- return (CERTCertificate *) cert;
- }
-
- ctx = JAR_find (jar, NULL, jarTypeSign);
-
- while (JAR_find_next (ctx, &it) >= 0)
- {
- fing = (JAR_Cert *) it->data;
-
- if (keylen != fing->length)
- continue;
-
- PORT_Assert( keylen < 0xFFFF );
- if (!PORT_Memcmp (fing->key, key, keylen))
- {
- found = 1;
- break;
- }
- }
-
- JAR_find_end (ctx);
-
- if (found == 0)
- {
- *result = JAR_ERR_GENERAL;
- return NULL;
- }
-
- *result = 0;
- return fing->cert;
- }
-
-/*
- * j a r _ s i g n a l
- *
- * Nonfatal errors come here to callback Java.
- *
- */
-
-static int jar_signal
- (int status, JAR *jar, const char *metafile, char *pathname)
- {
- char *errstring;
-
- errstring = JAR_get_error (status);
-
- if (jar->signal)
- {
- (*jar->signal) (status, jar, metafile, pathname, errstring);
- return 0;
- }
-
- return status;
- }
-
-/*
- * j a r _ a p p e n d
- *
- * Tack on an element to one of a JAR's linked
- * lists, with rudimentary error handling.
- *
- */
-
-int jar_append (ZZList *list, int type,
- char *pathname, void *data, size_t size)
- {
- JAR_Item *it;
- ZZLink *entity;
-
- it = (JAR_Item*)PORT_ZAlloc (sizeof (JAR_Item));
-
- if (it == NULL)
- goto loser;
-
- if (pathname)
- {
- it->pathname = PORT_Strdup (pathname);
- if (it->pathname == NULL)
- goto loser;
- }
-
- it->type = (jarType)type;
- it->data = (unsigned char *) data;
- it->size = size;
-
- entity = ZZ_NewLink (it);
-
- if (entity)
- {
- ZZ_AppendLink (list, entity);
- return 0;
- }
-
-loser:
-
- if (it)
- {
- if (it->pathname) PORT_Free (it->pathname);
- PORT_Free (it);
- }
-
- return JAR_ERR_MEMORY;
- }
-
-/*
- * W I N 1 6 s t u f f
- *
- * These functions possibly belong in xp_mem.c, they operate
- * on huge string pointers for win16.
- *
- */
-
-#if defined(XP_WIN16)
-int xp_HUGE_STRNCASECMP (char ZHUGEP *buf, char *key, int len)
- {
- while (len--)
- {
- char c1, c2;
-
- c1 = *buf++;
- c2 = *key++;
-
- if (c1 >= 'a' && c1 <= 'z') c1 -= ('a' - 'A');
- if (c2 >= 'a' && c2 <= 'z') c2 -= ('a' - 'A');
-
- if (c1 != c2)
- return (c1 < c2) ? -1 : 1;
- }
- return 0;
- }
-
-size_t xp_HUGE_STRLEN (char ZHUGEP *s)
- {
- size_t len = 0L;
- while (*s++) len++;
- return len;
- }
-
-char *xp_HUGE_STRCPY (char *to, char ZHUGEP *from)
- {
- char *ret = to;
-
- while (*from)
- *to++ = *from++;
- *to = 0;
-
- return ret;
- }
-#endif
diff --git a/security/nss/lib/jar/jzconf.h b/security/nss/lib/jar/jzconf.h
deleted file mode 100644
index 278aaa5d5..000000000
--- a/security/nss/lib/jar/jzconf.h
+++ /dev/null
@@ -1,190 +0,0 @@
-/* zconf.h -- configuration of the zlib compression library
- * Copyright (C) 1995-1996 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-/* This file was modified since it was taken from the zlib distribution */
-/* $Id$ */
-
-#ifndef _ZCONF_H
-#define _ZCONF_H
-
-/*
- * If you *really* need a unique prefix for all types and library functions,
- * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
- */
-#ifdef Z_PREFIX
-# define deflateInit_ z_deflateInit_
-# define deflate z_deflate
-# define deflateEnd z_deflateEnd
-# define inflateInit_ z_inflateInit_
-# define inflate z_inflate
-# define inflateEnd z_inflateEnd
-# define deflateInit2_ z_deflateInit2_
-# define deflateSetDictionary z_deflateSetDictionary
-# define deflateCopy z_deflateCopy
-# define deflateReset z_deflateReset
-# define deflateParams z_deflateParams
-# define inflateInit2_ z_inflateInit2_
-# define inflateSetDictionary z_inflateSetDictionary
-# define inflateSync z_inflateSync
-# define inflateReset z_inflateReset
-# define compress z_compress
-# define uncompress z_uncompress
-# define adler32 z_adler32
-# define crc32 z_crc32
-# define get_crc_table z_get_crc_table
-
-# define Byte z_Byte
-# define uInt z_uInt
-# define uLong z_uLong
-# define Bytef z_Bytef
-# define charf z_charf
-# define intf z_intf
-# define uIntf z_uIntf
-# define uLongf z_uLongf
-# define voidpf z_voidpf
-# define voidp z_voidp
-#endif
-
-#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
-# define WIN32
-#endif
-#if defined(__GNUC__) || defined(WIN32) || defined(__386__) || defined(i386)
-# ifndef __32BIT__
-# define __32BIT__
-# endif
-#endif
-#if defined(__MSDOS__) && !defined(MSDOS)
-# define MSDOS
-#endif
-
-/*
- * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
- * than 64k bytes at a time (needed on systems with 16-bit int).
- */
-#if defined(MSDOS) && !defined(__32BIT__)
-# define MAXSEG_64K
-#endif
-#ifdef MSDOS
-# define UNALIGNED_OK
-#endif
-
-#if (defined(MSDOS) || defined(_WINDOWS) || defined(WIN32) || defined(XP_OS2)) && !defined(STDC)
-# define STDC
-#endif
-#if (defined(__STDC__) || defined(__cplusplus)) && !defined(STDC)
-# define STDC
-#endif
-
-#ifndef STDC
-# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
-# define const
-# endif
-#endif
-
-/* Some Mac compilers merge all .h files incorrectly: */
-#if defined(__MWERKS__) || defined(applec) ||defined(THINK_C) ||defined(__SC__)
-# define NO_DUMMY_DECL
-#endif
-
-/* Maximum value for memLevel in deflateInit2 */
-#ifndef MAX_MEM_LEVEL
-# ifdef MAXSEG_64K
-# define MAX_MEM_LEVEL 8
-# else
-# define MAX_MEM_LEVEL 9
-# endif
-#endif
-
-/* Maximum value for windowBits in deflateInit2 and inflateInit2 */
-#ifndef MAX_WBITS
-# define MAX_WBITS 15 /* 32K LZ77 window */
-#endif
-
-/* The memory requirements for deflate are (in bytes):
- 1 << (windowBits+2) + 1 << (memLevel+9)
- that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values)
- plus a few kilobytes for small objects. For example, if you want to reduce
- the default memory requirements from 256K to 128K, compile with
- make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
- Of course this will generally degrade compression (there's no free lunch).
-
- The memory requirements for inflate are (in bytes) 1 << windowBits
- that is, 32K for windowBits=15 (default value) plus a few kilobytes
- for small objects.
-*/
-
- /* Type declarations */
-
-#ifndef OF /* function prototypes */
-# ifdef STDC
-# define OF(args) args
-# else
-# define OF(args) ()
-# endif
-#endif
-
-/* The following definitions for FAR are needed only for MSDOS mixed
- * model programming (small or medium model with some far allocations).
- * This was tested only with MSC; for other MSDOS compilers you may have
- * to define NO_MEMCPY in zutil.h. If you don't need the mixed model,
- * just define FAR to be empty.
- */
-#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(__32BIT__)
- /* MSC small or medium model */
-# define SMALL_MEDIUM
-# ifdef _MSC_VER
-# define FAR __far
-# else
-# define FAR far
-# endif
-#endif
-#if defined(__BORLANDC__) && (defined(__SMALL__) || defined(__MEDIUM__))
-# ifndef __32BIT__
-# define SMALL_MEDIUM
-# define FAR __far
-# endif
-#endif
-#ifndef FAR
-# define FAR
-#endif
-
-typedef unsigned char Byte; /* 8 bits */
-typedef unsigned int uInt; /* 16 bits or more */
-typedef unsigned long uLong; /* 32 bits or more */
-
-#if defined(__BORLANDC__) && defined(SMALL_MEDIUM)
- /* Borland C/C++ ignores FAR inside typedef */
-# define Bytef Byte FAR
-#else
- typedef Byte FAR Bytef;
-#endif
-typedef char FAR charf;
-typedef int FAR intf;
-typedef uInt FAR uIntf;
-typedef uLong FAR uLongf;
-
-#ifdef STDC
- typedef void FAR *voidpf;
- typedef void *voidp;
-#else
- typedef Byte FAR *voidpf;
- typedef Byte *voidp;
-#endif
-
-#ifdef MOZILLA_CLIENT
-#include "prtypes.h"
-#else
-/* Compile with -DZLIB_DLL for Windows DLL support */
-#if (defined(_WINDOWS) || defined(WINDOWS)) && defined(ZLIB_DLL)
-# include <windows.h>
-# define EXPORT WINAPI
-#else
-# define EXPORT
-#endif
-
-#define PR_PUBLIC_API(type) type
-
-#endif /* MOZILLA_CLIENT */
-
-#endif /* _ZCONF_H */
diff --git a/security/nss/lib/jar/jzlib.h b/security/nss/lib/jar/jzlib.h
deleted file mode 100644
index dd5b4d8e9..000000000
--- a/security/nss/lib/jar/jzlib.h
+++ /dev/null
@@ -1,896 +0,0 @@
-/* zlib.h -- interface of the 'zlib' general purpose compression library
- version 1.0.4, Jul 24th, 1996.
-
- Copyright (C) 1995-1996 Jean-loup Gailly and Mark Adler
-
- This software is provided 'as-is', without any express or implied
- warranty. In no event will the authors be held liable for any damages
- arising from the use of this software.
-
- Permission is granted to anyone to use this software for any purpose,
- including commercial applications, and to alter it and redistribute it
- freely, subject to the following restrictions:
-
- 1. The origin of this software must not be misrepresented; you must not
- claim that you wrote the original software. If you use this software
- in a product, an acknowledgment in the product documentation would be
- appreciated but is not required.
- 2. Altered source versions must be plainly marked as such, and must not be
- misrepresented as being the original software.
- 3. This notice may not be removed or altered from any source distribution.
-
- Jean-loup Gailly Mark Adler
- gzip@prep.ai.mit.edu madler@alumni.caltech.edu
-
-
- The data format used by the zlib library is described by RFCs (Request for
- Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt
- (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format).
-*/
-/* This file was modified since it was taken from the zlib distribution */
-
-#ifndef _ZLIB_H
-#define _ZLIB_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef MOZILLA_CLIENT
-#include "jzconf.h"
-#else
-#include "zconf.h"
-#endif
-
-#define ZLIB_VERSION "1.0.4"
-
-/*
- The 'zlib' compression library provides in-memory compression and
- decompression functions, including integrity checks of the uncompressed
- data. This version of the library supports only one compression method
- (deflation) but other algorithms may be added later and will have the same
- stream interface.
-
- For compression the application must provide the output buffer and
- may optionally provide the input buffer for optimization. For decompression,
- the application must provide the input buffer and may optionally provide
- the output buffer for optimization.
-
- Compression can be done in a single step if the buffers are large
- enough (for example if an input file is mmap'ed), or can be done by
- repeated calls of the compression function. In the latter case, the
- application must provide more input and/or consume the output
- (providing more output space) before each call.
-
- The library does not install any signal handler. It is recommended to
- add at least a handler for SIGSEGV when decompressing; the library checks
- the consistency of the input data whenever possible but may go nuts
- for some forms of corrupted input.
-*/
-
-typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size));
-typedef void (*free_func) OF((voidpf opaque, voidpf address));
-
-struct internal_state;
-
-typedef struct z_stream_s {
- Bytef *next_in; /* next input byte */
- uInt avail_in; /* number of bytes available at next_in */
- uLong total_in; /* total nb of input bytes read so far */
-
- Bytef *next_out; /* next output byte should be put there */
- uInt avail_out; /* remaining free space at next_out */
- uLong total_out; /* total nb of bytes output so far */
-
- char *msg; /* last error message, NULL if no error */
- struct internal_state FAR *state; /* not visible by applications */
-
- alloc_func zalloc; /* used to allocate the internal state */
- free_func zfree; /* used to free the internal state */
- voidpf opaque; /* private data object passed to zalloc and zfree */
-
- int data_type; /* best guess about the data type: ascii or binary */
- uLong adler; /* adler32 value of the uncompressed data */
- uLong reserved; /* reserved for future use */
-} z_stream;
-
-typedef z_stream FAR *z_streamp;
-
-/*
- The application must update next_in and avail_in when avail_in has
- dropped to zero. It must update next_out and avail_out when avail_out
- has dropped to zero. The application must initialize zalloc, zfree and
- opaque before calling the init function. All other fields are set by the
- compression library and must not be updated by the application.
-
- The opaque value provided by the application will be passed as the first
- parameter for calls of zalloc and zfree. This can be useful for custom
- memory management. The compression library attaches no meaning to the
- opaque value.
-
- zalloc must return Z_NULL if there is not enough memory for the object.
- On 16-bit systems, the functions zalloc and zfree must be able to allocate
- exactly 65536 bytes, but will not be required to allocate more than this
- if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS,
- pointers returned by zalloc for objects of exactly 65536 bytes *must*
- have their offset normalized to zero. The default allocation function
- provided by this library ensures this (see zutil.c). To reduce memory
- requirements and avoid any allocation of 64K objects, at the expense of
- compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h).
-
- The fields total_in and total_out can be used for statistics or
- progress reports. After compression, total_in holds the total size of
- the uncompressed data and may be saved for use in the decompressor
- (particularly if the decompressor wants to decompress everything in
- a single step).
-*/
-
- /* constants */
-
-#define Z_NO_FLUSH 0
-#define Z_PARTIAL_FLUSH 1
-#define Z_SYNC_FLUSH 2
-#define Z_FULL_FLUSH 3
-#define Z_FINISH 4
-/* Allowed flush values; see deflate() below for details */
-
-#define Z_OK 0
-#define Z_STREAM_END 1
-#define Z_NEED_DICT 2
-#define Z_ERRNO (-1)
-#define Z_STREAM_ERROR (-2)
-#define Z_DATA_ERROR (-3)
-#define Z_MEM_ERROR (-4)
-#define Z_BUF_ERROR (-5)
-#define Z_VERSION_ERROR (-6)
-/* Return codes for the compression/decompression functions. Negative
- * values are errors, positive values are used for special but normal events.
- */
-
-#define Z_NO_COMPRESSION 0
-#define Z_BEST_SPEED 1
-#define Z_BEST_COMPRESSION 9
-#define Z_DEFAULT_COMPRESSION (-1)
-/* compression levels */
-
-#define Z_FILTERED 1
-#define Z_HUFFMAN_ONLY 2
-#define Z_DEFAULT_STRATEGY 0
-/* compression strategy; see deflateInit2() below for details */
-
-#define Z_BINARY 0
-#define Z_ASCII 1
-#define Z_UNKNOWN 2
-/* Possible values of the data_type field */
-
-#define Z_DEFLATED 8
-/* The deflate compression method (the only one supported in this version) */
-
-#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */
-
-#define zlib_version zlibVersion()
-/* for compatibility with versions < 1.0.2 */
-
- /* basic functions */
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern const char *) zlibVersion (void);
-#else
-extern const char * EXPORT zlibVersion OF((void));
-#endif
-/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
- If the first character differs, the library code actually used is
- not compatible with the zlib.h header file used by the application.
- This check is automatically made by deflateInit and inflateInit.
- */
-
-/*
-extern int EXPORT deflateInit OF((z_streamp strm, int level));
-
- Initializes the internal stream state for compression. The fields
- zalloc, zfree and opaque must be initialized before by the caller.
- If zalloc and zfree are set to Z_NULL, deflateInit updates them to
- use default allocation functions.
-
- The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
- 1 gives best speed, 9 gives best compression, 0 gives no compression at
- all (the input data is simply copied a block at a time).
- Z_DEFAULT_COMPRESSION requests a default compromise between speed and
- compression (currently equivalent to level 6).
-
- deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_STREAM_ERROR if level is not a valid compression level,
- Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible
- with the version assumed by the caller (ZLIB_VERSION).
- msg is set to null if there is no error message. deflateInit does not
- perform any compression: this will be done by deflate().
-*/
-
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflate (z_streamp strm, int flush);
-#else
-extern int EXPORT deflate OF((z_streamp strm, int flush));
-#endif
-/*
- Performs one or both of the following actions:
-
- - Compress more input starting at next_in and update next_in and avail_in
- accordingly. If not all input can be processed (because there is not
- enough room in the output buffer), next_in and avail_in are updated and
- processing will resume at this point for the next call of deflate().
-
- - Provide more output starting at next_out and update next_out and avail_out
- accordingly. This action is forced if the parameter flush is non zero.
- Forcing flush frequently degrades the compression ratio, so this parameter
- should be set only when necessary (in interactive applications).
- Some output may be provided even if flush is not set.
-
- Before the call of deflate(), the application should ensure that at least
- one of the actions is possible, by providing more input and/or consuming
- more output, and updating avail_in or avail_out accordingly; avail_out
- should never be zero before the call. The application can consume the
- compressed output when it wants, for example when the output buffer is full
- (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK
- and with zero avail_out, it must be called again after making room in the
- output buffer because there might be more output pending.
-
- If the parameter flush is set to Z_PARTIAL_FLUSH, the current compression
- block is terminated and flushed to the output buffer so that the
- decompressor can get all input data available so far. For method 9, a future
- variant on method 8, the current block will be flushed but not terminated.
- Z_SYNC_FLUSH has the same effect as partial flush except that the compressed
- output is byte aligned (the compressor can clear its internal bit buffer)
- and the current block is always terminated; this can be useful if the
- compressor has to be restarted from scratch after an interruption (in which
- case the internal state of the compressor may be lost).
- If flush is set to Z_FULL_FLUSH, the compression block is terminated, a
- special marker is output and the compression dictionary is discarded; this
- is useful to allow the decompressor to synchronize if one compressed block
- has been damaged (see inflateSync below). Flushing degrades compression and
- so should be used only when necessary. Using Z_FULL_FLUSH too often can
- seriously degrade the compression. If deflate returns with avail_out == 0,
- this function must be called again with the same value of the flush
- parameter and more output space (updated avail_out), until the flush is
- complete (deflate returns with non-zero avail_out).
-
- If the parameter flush is set to Z_FINISH, pending input is processed,
- pending output is flushed and deflate returns with Z_STREAM_END if there
- was enough output space; if deflate returns with Z_OK, this function must be
- called again with Z_FINISH and more output space (updated avail_out) but no
- more input data, until it returns with Z_STREAM_END or an error. After
- deflate has returned Z_STREAM_END, the only possible operations on the
- stream are deflateReset or deflateEnd.
-
- Z_FINISH can be used immediately after deflateInit if all the compression
- is to be done in a single step. In this case, avail_out must be at least
- 0.1% larger than avail_in plus 12 bytes. If deflate does not return
- Z_STREAM_END, then it must be called again as described above.
-
- deflate() may update data_type if it can make a good guess about
- the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered
- binary. This field is only for information purposes and does not affect
- the compression algorithm in any manner.
-
- deflate() returns Z_OK if some progress has been made (more input
- processed or more output produced), Z_STREAM_END if all input has been
- consumed and all output has been produced (only when flush is set to
- Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
- if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible.
-*/
-
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateEnd (z_streamp strm);
-#else
-extern int EXPORT deflateEnd OF((z_streamp strm));
-#endif
-/*
- All dynamically allocated data structures for this stream are freed.
- This function discards any unprocessed input and does not flush any
- pending output.
-
- deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
- stream state was inconsistent, Z_DATA_ERROR if the stream was freed
- prematurely (some input or output was discarded). In the error case,
- msg may be set but then points to a static string (which must not be
- deallocated).
-*/
-
-
-/*
-extern int EXPORT inflateInit OF((z_streamp strm));
-
- Initializes the internal stream state for decompression. The fields
- zalloc, zfree and opaque must be initialized before by the caller. If
- zalloc and zfree are set to Z_NULL, inflateInit updates them to use default
- allocation functions.
-
- inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_VERSION_ERROR if the zlib library version is incompatible
- with the version assumed by the caller. msg is set to null if there is no
- error message. inflateInit does not perform any decompression: this will be
- done by inflate().
-*/
-
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) inflate (z_streamp strm, int flush);
-#else
-extern int EXPORT inflate OF((z_streamp strm, int flush));
-#endif
-/*
- Performs one or both of the following actions:
-
- - Decompress more input starting at next_in and update next_in and avail_in
- accordingly. If not all input can be processed (because there is not
- enough room in the output buffer), next_in is updated and processing
- will resume at this point for the next call of inflate().
-
- - Provide more output starting at next_out and update next_out and avail_out
- accordingly. inflate() provides as much output as possible, until there
- is no more input data or no more space in the output buffer (see below
- about the flush parameter).
-
- Before the call of inflate(), the application should ensure that at least
- one of the actions is possible, by providing more input and/or consuming
- more output, and updating the next_* and avail_* values accordingly.
- The application can consume the uncompressed output when it wants, for
- example when the output buffer is full (avail_out == 0), or after each
- call of inflate(). If inflate returns Z_OK and with zero avail_out, it
- must be called again after making room in the output buffer because there
- might be more output pending.
-
- If the parameter flush is set to Z_PARTIAL_FLUSH, inflate flushes as much
- output as possible to the output buffer. The flushing behavior of inflate is
- not specified for values of the flush parameter other than Z_PARTIAL_FLUSH
- and Z_FINISH, but the current implementation actually flushes as much output
- as possible anyway.
-
- inflate() should normally be called until it returns Z_STREAM_END or an
- error. However if all decompression is to be performed in a single step
- (a single call of inflate), the parameter flush should be set to
- Z_FINISH. In this case all pending input is processed and all pending
- output is flushed; avail_out must be large enough to hold all the
- uncompressed data. (The size of the uncompressed data may have been saved
- by the compressor for this purpose.) The next operation on this stream must
- be inflateEnd to deallocate the decompression state. The use of Z_FINISH
- is never required, but can be used to inform inflate that a faster routine
- may be used for the single inflate() call.
-
- inflate() returns Z_OK if some progress has been made (more input
- processed or more output produced), Z_STREAM_END if the end of the
- compressed data has been reached and all uncompressed output has been
- produced, Z_NEED_DICT if a preset dictionary is needed at this point (see
- inflateSetDictionary below), Z_DATA_ERROR if the input data was corrupted,
- Z_STREAM_ERROR if the stream structure was inconsistent (for example if
- next_in or next_out was NULL), Z_MEM_ERROR if there was not enough memory,
- Z_BUF_ERROR if no progress is possible or if there was not enough room in
- the output buffer when Z_FINISH is used. In the Z_DATA_ERROR case, the
- application may then call inflateSync to look for a good compression block.
- In the Z_NEED_DICT case, strm->adler is set to the Adler32 value of the
- dictionary chosen by the compressor.
-*/
-
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) inflateEnd (z_streamp strm);
-#else
-extern int EXPORT inflateEnd OF((z_streamp strm));
-#endif
-/*
- All dynamically allocated data structures for this stream are freed.
- This function discards any unprocessed input and does not flush any
- pending output.
-
- inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state
- was inconsistent. In the error case, msg may be set but then points to a
- static string (which must not be deallocated).
-*/
-
- /* Advanced functions */
-
-/*
- The following functions are needed only in some special applications.
-*/
-
-/*
-extern int EXPORT deflateInit2 OF((z_streamp strm,
- int level,
- int method,
- int windowBits,
- int memLevel,
- int strategy));
-
- This is another version of deflateInit with more compression options. The
- fields next_in, zalloc, zfree and opaque must be initialized before by
- the caller.
-
- The method parameter is the compression method. It must be Z_DEFLATED in
- this version of the library. (Method 9 will allow a 64K history buffer and
- partial block flushes.)
-
- The windowBits parameter is the base two logarithm of the window size
- (the size of the history buffer). It should be in the range 8..15 for this
- version of the library (the value 16 will be allowed for method 9). Larger
- values of this parameter result in better compression at the expense of
- memory usage. The default value is 15 if deflateInit is used instead.
-
- The memLevel parameter specifies how much memory should be allocated
- for the internal compression state. memLevel=1 uses minimum memory but
- is slow and reduces compression ratio; memLevel=9 uses maximum memory
- for optimal speed. The default value is 8. See zconf.h for total memory
- usage as a function of windowBits and memLevel.
-
- The strategy parameter is used to tune the compression algorithm. Use the
- value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a
- filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman encoding only (no
- string match). Filtered data consists mostly of small values with a
- somewhat random distribution. In this case, the compression algorithm is
- tuned to compress them better. The effect of Z_FILTERED is to force more
- Huffman coding and less string matching; it is somewhat intermediate
- between Z_DEFAULT and Z_HUFFMAN_ONLY. The strategy parameter only affects
- the compression ratio but not the correctness of the compressed output even
- if it is not set appropriately.
-
- If next_in is not null, the library will use this buffer to hold also
- some history information; the buffer must either hold the entire input
- data, or have at least 1<<(windowBits+1) bytes and be writable. If next_in
- is null, the library will allocate its own history buffer (and leave next_in
- null). next_out need not be provided here but must be provided by the
- application for the next call of deflate().
-
- If the history buffer is provided by the application, next_in must
- must never be changed by the application since the compressor maintains
- information inside this buffer from call to call; the application
- must provide more input only by increasing avail_in. next_in is always
- reset by the library in this case.
-
- deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was
- not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as
- an invalid method). msg is set to null if there is no error message.
- deflateInit2 does not perform any compression: this will be done by
- deflate().
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateSetDictionary (z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength);
-#else
-extern int EXPORT deflateSetDictionary OF((z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength));
-#endif
-/*
- Initializes the compression dictionary (history buffer) from the given
- byte sequence without producing any compressed output. This function must
- be called immediately after deflateInit or deflateInit2, before any call
- of deflate. The compressor and decompressor must use exactly the same
- dictionary (see inflateSetDictionary).
- The dictionary should consist of strings (byte sequences) that are likely
- to be encountered later in the data to be compressed, with the most commonly
- used strings preferably put towards the end of the dictionary. Using a
- dictionary is most useful when the data to be compressed is short and
- can be predicted with good accuracy; the data can then be compressed better
- than with the default empty dictionary. In this version of the library,
- only the last 32K bytes of the dictionary are used.
- Upon return of this function, strm->adler is set to the Adler32 value
- of the dictionary; the decompressor may later use this value to determine
- which dictionary has been used by the compressor. (The Adler32 value
- applies to the whole dictionary even if only a subset of the dictionary is
- actually used by the compressor.)
-
- deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a
- parameter is invalid (such as NULL dictionary) or the stream state
- is inconsistent (for example if deflate has already been called for this
- stream). deflateSetDictionary does not perform any compression: this will
- be done by deflate().
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateCopy (z_streamp dest, z_streamp source);
-#else
-extern int EXPORT deflateCopy OF((z_streamp dest, z_streamp source));
-#endif
-/*
- Sets the destination stream as a complete copy of the source stream. If
- the source stream is using an application-supplied history buffer, a new
- buffer is allocated for the destination stream. The compressed output
- buffer is always application-supplied. It's the responsibility of the
- application to provide the correct values of next_out and avail_out for the
- next call of deflate.
-
- This function can be useful when several compression strategies will be
- tried, for example when there are several ways of pre-processing the input
- data with a filter. The streams that will be discarded should then be freed
- by calling deflateEnd. Note that deflateCopy duplicates the internal
- compression state which can be quite large, so this strategy is slow and
- can consume lots of memory.
-
- deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
- (such as zalloc being NULL). msg is left unchanged in both source and
- destination.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateReset (z_streamp strm);
-#else
-extern int EXPORT deflateReset OF((z_streamp strm));
-#endif
-/*
- This function is equivalent to deflateEnd followed by deflateInit,
- but does not free and reallocate all the internal compression state.
- The stream will keep the same compression level and any other attributes
- that may have been set by deflateInit2.
-
- deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
- stream state was inconsistent (such as zalloc or state being NULL).
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateParams (z_streamp strm, int level, int strategy);
-#else
-extern int EXPORT deflateParams OF((z_streamp strm, int level, int strategy));
-#endif
-/*
- Dynamically update the compression level and compression strategy.
- This can be used to switch between compression and straight copy of
- the input data, or to switch to a different kind of input data requiring
- a different strategy. If the compression level is changed, the input
- available so far is compressed with the old level (and may be flushed);
- the new level will take effect only at the next call of deflate().
-
- Before the call of deflateParams, the stream state must be set as for
- a call of deflate(), since the currently available input may have to
- be compressed and flushed. In particular, strm->avail_out must be non-zero.
-
- deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source
- stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR
- if strm->avail_out was zero.
-*/
-
-/*
-extern int EXPORT inflateInit2 OF((z_streamp strm,
- int windowBits));
-
- This is another version of inflateInit with more compression options. The
- fields next_out, zalloc, zfree and opaque must be initialized before by
- the caller.
-
- The windowBits parameter is the base two logarithm of the maximum window
- size (the size of the history buffer). It should be in the range 8..15 for
- this version of the library (the value 16 will be allowed soon). The
- default value is 15 if inflateInit is used instead. If a compressed stream
- with a larger window size is given as input, inflate() will return with
- the error code Z_DATA_ERROR instead of trying to allocate a larger window.
-
- If next_out is not null, the library will use this buffer for the history
- buffer; the buffer must either be large enough to hold the entire output
- data, or have at least 1<<windowBits bytes. If next_out is null, the
- library will allocate its own buffer (and leave next_out null). next_in
- need not be provided here but must be provided by the application for the
- next call of inflate().
-
- If the history buffer is provided by the application, next_out must
- never be changed by the application since the decompressor maintains
- history information inside this buffer from call to call; the application
- can only reset next_out to the beginning of the history buffer when
- avail_out is zero and all output has been consumed.
-
- inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was
- not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as
- windowBits < 8). msg is set to null if there is no error message.
- inflateInit2 does not perform any decompression: this will be done by
- inflate().
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) inflateSetDictionary (z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength);
-#else
-extern int EXPORT inflateSetDictionary OF((z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength));
-#endif
-/*
- Initializes the decompression dictionary (history buffer) from the given
- uncompressed byte sequence. This function must be called immediately after
- a call of inflate if this call returned Z_NEED_DICT. The dictionary chosen
- by the compressor can be determined from the Adler32 value returned by this
- call of inflate. The compressor and decompressor must use exactly the same
- dictionary (see deflateSetDictionary).
-
- inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a
- parameter is invalid (such as NULL dictionary) or the stream state is
- inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the
- expected one (incorrect Adler32 value). inflateSetDictionary does not
- perform any decompression: this will be done by subsequent calls of
- inflate().
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) inflateSync (z_streamp strm);
-#else
-extern int EXPORT inflateSync OF((z_streamp strm));
-#endif
-/*
- Skips invalid compressed data until the special marker (see deflate()
- above) can be found, or until all available input is skipped. No output
- is provided.
-
- inflateSync returns Z_OK if the special marker has been found, Z_BUF_ERROR
- if no more input was provided, Z_DATA_ERROR if no marker has been found,
- or Z_STREAM_ERROR if the stream structure was inconsistent. In the success
- case, the application may save the current current value of total_in which
- indicates where valid compressed data was found. In the error case, the
- application may repeatedly call inflateSync, providing more input each time,
- until success or end of the input data.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) inflateReset (z_streamp strm);
-#else
-extern int EXPORT inflateReset OF((z_streamp strm));
-#endif
-/*
- This function is equivalent to inflateEnd followed by inflateInit,
- but does not free and reallocate all the internal decompression state.
- The stream will keep attributes that may have been set by inflateInit2.
-
- inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
- stream state was inconsistent (such as zalloc or state being NULL).
-*/
-
-
- /* utility functions */
-
-/*
- The following utility functions are implemented on top of the
- basic stream-oriented functions. To simplify the interface, some
- default options are assumed (compression level, window size,
- standard memory allocation functions). The source code of these
- utility functions can easily be modified if you need special options.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) compress (Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen);
-#else
-extern int EXPORT compress OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen));
-#endif
-/*
- Compresses the source buffer into the destination buffer. sourceLen is
- the byte length of the source buffer. Upon entry, destLen is the total
- size of the destination buffer, which must be at least 0.1% larger than
- sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the
- compressed buffer.
- This function can be used to compress a whole file at once if the
- input file is mmap'ed.
- compress returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_BUF_ERROR if there was not enough room in the output
- buffer.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) uncompress (Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen);
-#else
-extern int EXPORT uncompress OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen));
-#endif
-/*
- Decompresses the source buffer into the destination buffer. sourceLen is
- the byte length of the source buffer. Upon entry, destLen is the total
- size of the destination buffer, which must be large enough to hold the
- entire uncompressed data. (The size of the uncompressed data must have
- been saved previously by the compressor and transmitted to the decompressor
- by some mechanism outside the scope of this compression library.)
- Upon exit, destLen is the actual size of the compressed buffer.
- This function can be used to decompress a whole file at once if the
- input file is mmap'ed.
-
- uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_BUF_ERROR if there was not enough room in the output
- buffer, or Z_DATA_ERROR if the input data was corrupted.
-*/
-
-
-typedef voidp gzFile;
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern gzFile) gzopen (const char *path, const char *mode);
-#else
-extern gzFile EXPORT gzopen OF((const char *path, const char *mode));
-#endif
-/*
- Opens a gzip (.gz) file for reading or writing. The mode parameter
- is as in fopen ("rb" or "wb") but can also include a compression level
- ("wb9"). gzopen can be used to read a file which is not in gzip format;
- in this case gzread will directly read from the file without decompression.
- gzopen returns NULL if the file could not be opened or if there was
- insufficient memory to allocate the (de)compression state; errno
- can be checked to distinguish the two cases (if errno is zero, the
- zlib error is Z_MEM_ERROR).
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern gzFile) gzdopen (int fd, const char *mode);
-#else
-extern gzFile EXPORT gzdopen OF((int fd, const char *mode));
-#endif
-/*
- gzdopen() associates a gzFile with the file descriptor fd. File
- descriptors are obtained from calls like open, dup, creat, pipe or
- fileno (in the file has been previously opened with fopen).
- The mode parameter is as in gzopen.
- The next call of gzclose on the returned gzFile will also close the
- file descriptor fd, just like fclose(fdopen(fd), mode) closes the file
- descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode).
- gzdopen returns NULL if there was insufficient memory to allocate
- the (de)compression state.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzread (gzFile file, voidp buf, unsigned len);
-#else
-extern int EXPORT gzread OF((gzFile file, voidp buf, unsigned len));
-#endif
-/*
- Reads the given number of uncompressed bytes from the compressed file.
- If the input file was not in gzip format, gzread copies the given number
- of bytes into the buffer.
- gzread returns the number of uncompressed bytes actually read (0 for
- end of file, -1 for error). */
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzwrite (gzFile file, const voidp buf, unsigned len);
-#else
-extern int EXPORT gzwrite OF((gzFile file, const voidp buf, unsigned len));
-#endif
-/*
- Writes the given number of uncompressed bytes into the compressed file.
- gzwrite returns the number of uncompressed bytes actually written
- (0 in case of error).
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzflush (gzFile file, int flush);
-#else
-extern int EXPORT gzflush OF((gzFile file, int flush));
-#endif
-/*
- Flushes all pending output into the compressed file. The parameter
- flush is as in the deflate() function. The return value is the zlib
- error number (see function gzerror below). gzflush returns Z_OK if
- the flush parameter is Z_FINISH and all output could be flushed.
- gzflush should be called only when strictly necessary because it can
- degrade compression.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) gzclose (gzFile file);
-#else
-extern int EXPORT gzclose OF((gzFile file));
-#endif
-/*
- Flushes all pending output if necessary, closes the compressed file
- and deallocates all the (de)compression state. The return value is the zlib
- error number (see function gzerror below).
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern const char *) gzerror (gzFile file, int *errnum);
-#else
-extern const char * EXPORT gzerror OF((gzFile file, int *errnum));
-#endif
-/*
- Returns the error message for the last error which occurred on the
- given compressed file. errnum is set to zlib error number. If an
- error occurred in the file system and not in the compression library,
- errnum is set to Z_ERRNO and the application may consult errno
- to get the exact error code.
-*/
-
- /* checksum functions */
-
-/*
- These functions are not related to compression but are exported
- anyway because they might be useful in applications using the
- compression library.
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern uLong) adler32 (uLong adler, const Bytef *buf, uInt len);
-#else
-extern uLong EXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
-#endif
-
-/*
- Update a running Adler-32 checksum with the bytes buf[0..len-1] and
- return the updated checksum. If buf is NULL, this function returns
- the required initial value for the checksum.
- An Adler-32 checksum is almost as reliable as a CRC32 but can be computed
- much faster. Usage example:
-
- uLong adler = adler32(0L, Z_NULL, 0);
-
- while (read_buffer(buffer, length) != EOF) {
- adler = adler32(adler, buffer, length);
- }
- if (adler != original_adler) error();
-*/
-
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern uLong) crc32 (uLong crc, const Bytef *buf, uInt len);
-#else
-extern uLong EXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
-#endif
-/*
- Update a running crc with the bytes buf[0..len-1] and return the updated
- crc. If buf is NULL, this function returns the required initial value
- for the crc. Pre- and post-conditioning (one's complement) is performed
- within this function so it shouldn't be done by the application.
- Usage example:
-
- uLong crc = crc32(0L, Z_NULL, 0);
-
- while (read_buffer(buffer, length) != EOF) {
- crc = crc32(crc, buffer, length);
- }
- if (crc != original_crc) error();
-*/
-
-
- /* various hacks, don't look :) */
-
-/* deflateInit and inflateInit are macros to allow checking the zlib version
- * and the compiler's view of z_stream:
- */
-#ifdef MOZILLA_CLIENT
-PR_PUBLIC_API(extern int) deflateInit_ (z_streamp strm, int level, const char *version,
- int stream_size);
-PR_PUBLIC_API(extern int) inflateInit_ (z_streamp strm, const char *version,
- int stream_size);
-PR_PUBLIC_API(extern int) deflateInit2_ (z_streamp strm, int level, int method,
- int windowBits, int memLevel, int strategy,
- const char *version, int stream_size);
-PR_PUBLIC_API(extern int) inflateInit2_ (z_streamp strm, int windowBits,
- const char *version, int stream_size);
-#else
-extern int EXPORT deflateInit_ OF((z_streamp strm, int level, const char *version,
- int stream_size));
-extern int EXPORT inflateInit_ OF((z_streamp strm, const char *version,
- int stream_size));
-extern int EXPORT deflateInit2_ OF((z_streamp strm, int level, int method,
- int windowBits, int memLevel, int strategy,
- const char *version, int stream_size));
-extern int EXPORT inflateInit2_ OF((z_streamp strm, int windowBits,
- const char *version, int stream_size));
-#endif /* MOZILLA_CLIENT */
-
-
-#define deflateInit(strm, level) \
- deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream))
-#define inflateInit(strm) \
- inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream))
-#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
- deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
- (strategy), ZLIB_VERSION, sizeof(z_stream))
-#define inflateInit2(strm, windowBits) \
- inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream))
-
-#if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL)
- struct internal_state {int dummy;}; /* hack for buggy compilers */
-#endif
-
-uLongf *get_crc_table OF((void)); /* can be used by asm versions of crc32() */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _ZLIB_H */
diff --git a/security/nss/lib/jar/manifest.mn b/security/nss/lib/jar/manifest.mn
deleted file mode 100644
index 9a47b1558..000000000
--- a/security/nss/lib/jar/manifest.mn
+++ /dev/null
@@ -1,53 +0,0 @@
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-
-MODULE = security
-
-LIBRARY_NAME = jar
-
-CORE_DEPTH = ../../..
-
-CSRCS = \
- jarver.c \
- jarsign.c \
- jar.c \
- jar-ds.c \
- jarfile.c \
- jarevil.c \
- jarjart.c \
- jarint.c \
- $(NULL)
-
-REQUIRES = security dbm
-
-EXPORTS = jar.h jar-ds.h jarfile.h
-
-DEFINES = -DMOZILLA_CLIENT=1
diff --git a/security/nss/lib/macbuild/NSS/NSS/NSS.mcp b/security/nss/lib/macbuild/NSS/NSS/NSS.mcp
deleted file mode 100644
index 99a1dd3de..000000000
--- a/security/nss/lib/macbuild/NSS/NSS/NSS.mcp
+++ /dev/null
Binary files differ
diff --git a/security/nss/lib/macbuild/SecurityLib.mcp b/security/nss/lib/macbuild/SecurityLib.mcp
deleted file mode 100644
index 3efcf8c2d..000000000
--- a/security/nss/lib/macbuild/SecurityLib.mcp
+++ /dev/null
Binary files differ
diff --git a/security/nss/lib/manifest.mn b/security/nss/lib/manifest.mn
deleted file mode 100644
index 1c699b99c..000000000
--- a/security/nss/lib/manifest.mn
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../..
-DEPTH = ../..
-
-DIRS = pkcs7 ssl nss crmf jar \
- certhigh pk11wrap cryptohi \
- softoken certdb crypto \
- util freebl pkcs12 fortcrypt \
- smime
-#
-# these dirs are not built at the moment
-#
-#NOBUILD_DIRS = jar
diff --git a/security/nss/lib/nss/Makefile b/security/nss/lib/nss/Makefile
deleted file mode 100644
index 1a5c66ef4..000000000
--- a/security/nss/lib/nss/Makefile
+++ /dev/null
@@ -1,78 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/arch.mk
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-include config.mk
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
diff --git a/security/nss/lib/nss/config.mk b/security/nss/lib/nss/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/nss/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/nss/manifest.mn b/security/nss/lib/nss/manifest.mn
deleted file mode 100644
index 344a64b23..000000000
--- a/security/nss/lib/nss/manifest.mn
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-EXPORTS = \
- nss.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- nssinit.c \
- $(NULL)
-
-REQUIRES = security dbm
-
-LIBRARY_NAME = nss
diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
deleted file mode 100644
index 157f110e0..000000000
--- a/security/nss/lib/nss/nss.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * NSS utility functions
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef __nss_h_
-#define __nss_h_
-
-#include "seccomon.h"
-
-SEC_BEGIN_PROTOS
-/*
- * Open the Cert, Key, and Security Module databases.
- * Initialize the Random Number Generator.
- * Does not initialize the cipher policies or enables.
- * Default policy settings disallow all ciphers.
- */
-extern SECStatus NSS_Init(const char *configdir);
-
-/*
- * Close the Cert, Key databases.
- */
-extern void NSS_Shutdown(void);
-
-SEC_END_PROTOS
-
-#endif /* __nss_h_ */
diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c
deleted file mode 100644
index 92d009fc9..000000000
--- a/security/nss/lib/nss/nssinit.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/*
- * NSS utility functions
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- # $Id$
- */
-
-#include "seccomon.h"
-#include "prprf.h"
-#include "prmem.h"
-#include "cert.h"
-#include "key.h"
-#include "ssl.h"
-#include "sslproto.h"
-#include "secmod.h"
-#include "nss.h"
-#include "secrng.h"
-#include "cdbhdl.h" /* ??? */
-
-
-
-static char *
-nss_certdb_name_cb(void *arg, int dbVersion)
-{
- const char *configdir = (const char *)arg;
- const char *dbver;
-
- switch (dbVersion) {
- case 7:
- dbver = "7";
- break;
- case 6:
- dbver = "6";
- break;
- case 5:
- dbver = "5";
- break;
- case 4:
- default:
- dbver = "";
- break;
- }
-
- return PR_smprintf("%s/cert%s.db", configdir, dbver);
-}
-
-char *
-nss_keydb_name_cb(void *arg, int dbVersion)
-{
- const char *configdir = (const char *)arg;
- const char *dbver;
-
- switch (dbVersion) {
- case 3:
- dbver = "3";
- break;
- case 2:
- default:
- dbver = "";
- break;
- }
-
- return PR_smprintf("%s/key%s.db", configdir, dbver);
-}
-
-SECStatus
-nss_OpenCertDB(const char * configdir)
-{
- CERTCertDBHandle *certdb;
- SECStatus status;
-
- certdb = CERT_GetDefaultCertDB();
- if (certdb)
- return SECSuccess; /* idempotency */
-
- certdb = (CERTCertDBHandle*)PORT_ZAlloc(sizeof(CERTCertDBHandle));
- if (certdb == NULL)
- goto loser;
-
- status = CERT_OpenCertDB(certdb, PR_TRUE, nss_certdb_name_cb, (void *)configdir);
- if (status == SECSuccess)
- CERT_SetDefaultCertDB(certdb);
- else {
- PR_Free(certdb);
-loser:
- status = SECFailure;
- }
- return status;
-}
-
-SECStatus
-nss_OpenKeyDB(const char * configdir)
-{
- SECKEYKeyDBHandle *keydb;
-
- keydb = SECKEY_GetDefaultKeyDB();
- if (keydb)
- return SECSuccess;
- keydb = SECKEY_OpenKeyDB(PR_TRUE, nss_keydb_name_cb, (void *)configdir);
- if (keydb == NULL)
- return SECFailure;
- SECKEY_SetDefaultKeyDB(keydb);
- return SECSuccess;
-}
-
-SECStatus
-nss_OpenSecModDB(const char * configdir)
-{
- static char *secmodname;
-
- /* XXX
- * For idempotency, this should check to see if the secmodDB is alredy open
- * but no function exists to make that determination.
- */
- if (secmodname)
- return SECSuccess;
- secmodname = PR_smprintf("%s/secmod.db", configdir);
- if (secmodname == NULL)
- return SECFailure;
- SECMOD_init(secmodname);
- return SECSuccess;
-}
-
-SECStatus
-NSS_Init(const char *configdir)
-{
- SECStatus status;
- SECStatus rv = SECFailure;
-
- RNG_RNGInit(); /* initialize random number generator */
- RNG_SystemInfoForRNG();
-
- status = nss_OpenCertDB(configdir);
- if (status != SECSuccess)
- goto loser;
-
- status = nss_OpenKeyDB(configdir);
- if (status != SECSuccess)
- goto loser;
-
- status = nss_OpenSecModDB(configdir);
- if (status != SECSuccess)
- goto loser;
-
- rv = SECSuccess;
-
-loser:
- if (rv != SECSuccess)
- NSS_Shutdown();
- return rv;
-}
-
-void
-NSS_Shutdown(void)
-{
- CERTCertDBHandle *certHandle;
- SECKEYKeyDBHandle *keyHandle;
-
- certHandle = CERT_GetDefaultCertDB();
- if (certHandle)
- CERT_ClosePermCertDB(certHandle);
-
- keyHandle = SECKEY_GetDefaultKeyDB();
- if (keyHandle)
- SECKEY_CloseKeyDB(keyHandle);
-
- /* XXX
- * This should also close the secmod DB,
- * but there's no secmod function to close the DB.
- */
-}
diff --git a/security/nss/lib/pk11wrap/Makefile b/security/nss/lib/pk11wrap/Makefile
deleted file mode 100644
index 774e68762..000000000
--- a/security/nss/lib/pk11wrap/Makefile
+++ /dev/null
@@ -1,77 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
--include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
-
diff --git a/security/nss/lib/pk11wrap/config.mk b/security/nss/lib/pk11wrap/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/pk11wrap/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/pk11wrap/manifest.mn b/security/nss/lib/pk11wrap/manifest.mn
deleted file mode 100644
index 0eddc6696..000000000
--- a/security/nss/lib/pk11wrap/manifest.mn
+++ /dev/null
@@ -1,64 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-EXPORTS = \
- secmod.h \
- secmodt.h \
- pk11func.h \
- pk11sdr.h \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- secmodi.h \
- secmodti.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- pk11cert.c \
- pk11err.c \
- pk11load.c \
- pk11slot.c \
- pk11db.c \
- pk11list.c \
- pk11skey.c \
- pk11kea.c \
- pk11util.c \
- pk11sdr.c \
- $(NULL)
-
-REQUIRES = security dbm
-
-LIBRARY_NAME = pk11wrap
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
deleted file mode 100644
index 5304b1248..000000000
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ /dev/null
@@ -1,2413 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * This file implements the Symkey wrapper and the PKCS context
- * Interfaces.
- */
-#include "seccomon.h"
-#include "secmod.h"
-#include "prlock.h"
-#include "secmodi.h"
-#include "pkcs11.h"
-#include "pk11func.h"
-#include "cert.h"
-#include "secitem.h"
-#include "key.h"
-#include "hasht.h"
-#include "secoid.h"
-#include "pkcs7t.h"
-#include "cmsreclist.h"
-
-#include "certdb.h"
-#include "secerr.h"
-#include "sslerr.h"
-
-#define PK11_SEARCH_CHUNKSIZE 10
-
-CK_OBJECT_HANDLE
-pk11_FindPubKeyByAnyCert(CERTCertificate *cert, PK11SlotInfo **slot, void *wincx);
-
-/*
- * build a cert nickname based on the token name and the label of the
- * certificate If the label in NULL, build a label based on the ID.
- */
-static int toHex(int x) { return (x < 10) ? (x+'0') : (x+'a'-10); }
-#define MAX_CERT_ID 4
-#define DEFAULT_STRING "Cert ID "
-static char *
-pk11_buildNickname(PK11SlotInfo *slot,CK_ATTRIBUTE *cert_label,
- CK_ATTRIBUTE *key_label, CK_ATTRIBUTE *cert_id)
-{
- int prefixLen = PORT_Strlen(slot->token_name);
- int suffixLen = 0;
- char *suffix = NULL;
- char buildNew[sizeof(DEFAULT_STRING)+MAX_CERT_ID*2];
- char *next,*nickname;
-
- if (slot->isInternal) {
- return NULL;
- }
-
- if ((cert_label) && (cert_label->pValue)) {
- suffixLen = cert_label->ulValueLen;
- suffix = (char*)cert_label->pValue;
- } else if (key_label && (key_label->pValue)) {
- suffixLen = key_label->ulValueLen;
- suffix = (char*)key_label->pValue;
- } else if ((cert_id) && cert_id->pValue) {
- int i,first = cert_id->ulValueLen - MAX_CERT_ID;
- int offset = sizeof(DEFAULT_STRING);
- char *idValue = (char *)cert_id->pValue;
-
- PORT_Memcpy(buildNew,DEFAULT_STRING,sizeof(DEFAULT_STRING)-1);
- next = buildNew + offset;
- if (first < 0) first = 0;
- for (i=first; i < (int) cert_id->ulValueLen; i++) {
- *next++ = toHex((idValue[i] >> 4) & 0xf);
- *next++ = toHex(idValue[i] & 0xf);
- }
- *next++ = 0;
- suffix = buildNew;
- suffixLen = PORT_Strlen(buildNew);
- } else {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return NULL;
- }
-
- next = nickname = (char *)PORT_Alloc(prefixLen+1+suffixLen+1);
- if (nickname == NULL) return NULL;
-
- PORT_Memcpy(next,slot->token_name,prefixLen);
- next += prefixLen;
- *next++ = ':';
- PORT_Memcpy(next,suffix,suffixLen);
- next += suffixLen;
- *next++ = 0;
- return nickname;
-}
-
-/*
- * return the object handle that matches the template
- */
-CK_OBJECT_HANDLE
-pk11_FindObjectByTemplate(PK11SlotInfo *slot,CK_ATTRIBUTE *theTemplate,int tsize)
-{
- CK_OBJECT_HANDLE object;
- CK_RV crv;
- CK_ULONG objectCount;
-
- /*
- * issue the find
- */
- PK11_EnterSlotMonitor(slot);
- crv=PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, theTemplate, tsize);
- if (crv != CKR_OK) {
- PK11_ExitSlotMonitor(slot);
- PORT_SetError( PK11_MapError(crv) );
- return CK_INVALID_KEY;
- }
-
- crv=PK11_GETTAB(slot)->C_FindObjects(slot->session,&object,1,&objectCount);
- PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
- PK11_ExitSlotMonitor(slot);
- if ((crv != CKR_OK) || (objectCount < 1)) {
- /* shouldn't use SSL_ERROR... here */
- PORT_SetError( crv != CKR_OK ? PK11_MapError(crv) :
- SSL_ERROR_NO_CERTIFICATE);
- return CK_INVALID_KEY;
- }
-
- /* blow up if the PKCS #11 module returns us and invalid object handle */
- PORT_Assert(object != CK_INVALID_KEY);
- return object;
-}
-
-/*
- * return all the object handles that matches the template
- */
-CK_OBJECT_HANDLE *
-pk11_FindObjectsByTemplate(PK11SlotInfo *slot,
- CK_ATTRIBUTE *findTemplate,int findCount,int *object_count) {
- CK_OBJECT_HANDLE *objID = NULL;
- CK_ULONG returned_count = 0;
- CK_RV crv;
-
-
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, findTemplate,
- findCount);
- if (crv != CKR_OK) {
- PK11_ExitSlotMonitor(slot);
- PORT_SetError( PK11_MapError(crv) );
- *object_count = -1;
- return NULL;
- }
-
-
- /*
- * collect all the Matching Objects
- */
- do {
- CK_OBJECT_HANDLE *oldObjID = objID;
-
- if (objID == NULL) {
- objID = (CK_OBJECT_HANDLE *) PORT_Alloc(sizeof(CK_OBJECT_HANDLE)*
- (*object_count+ PK11_SEARCH_CHUNKSIZE));
- } else {
- objID = (CK_OBJECT_HANDLE *) PORT_Realloc(objID,
- sizeof(CK_OBJECT_HANDLE)*(*object_count+PK11_SEARCH_CHUNKSIZE));
- }
-
- if (objID == NULL) {
- if (oldObjID) PORT_Free(oldObjID);
- break;
- }
- crv = PK11_GETTAB(slot)->C_FindObjects(slot->session,
- &objID[*object_count],PK11_SEARCH_CHUNKSIZE,&returned_count);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- PORT_Free(objID);
- objID = NULL;
- break;
- }
- *object_count += returned_count;
- } while (returned_count == PK11_SEARCH_CHUNKSIZE);
-
- PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
- PK11_ExitSlotMonitor(slot);
-
- if (objID && (*object_count == 0)) {
- PORT_Free(objID);
- return NULL;
- }
- if (objID == NULL) *object_count = -1;
- return objID;
-}
-/*
- * given a PKCS #11 object, match it's peer based on the KeyID. searchID
- * is typically a privateKey or a certificate while the peer is the opposite
- */
-CK_OBJECT_HANDLE
-PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID,
- CK_OBJECT_CLASS matchclass)
-{
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_ID, NULL, 0 },
- { CKA_CLASS, NULL, 0 }
- };
- /* if you change the array, change the variable below as well */
- CK_ATTRIBUTE *keyclass = &theTemplate[1];
- int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
- /* if you change the array, change the variable below as well */
- CK_OBJECT_HANDLE peerID;
- CK_OBJECT_HANDLE parent;
- PRArenaPool *arena;
- CK_RV crv;
-
- /* now we need to create space for the public key */
- arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) return CK_INVALID_KEY;
-
- crv = PK11_GetAttributes(arena,slot,searchID,theTemplate,tsize);
- if (crv != CKR_OK) {
- PORT_FreeArena(arena,PR_FALSE);
- PORT_SetError( PK11_MapError(crv) );
- return CK_INVALID_KEY;
- }
-
- /*
- * issue the find
- */
- parent = *(CK_OBJECT_CLASS *)(keyclass->pValue);
- *(CK_OBJECT_CLASS *)(keyclass->pValue) = matchclass;
-
- peerID = pk11_FindObjectByTemplate(slot,theTemplate,tsize);
- PORT_FreeArena(arena,PR_FALSE);
-
- return peerID;
-}
-
-PRBool
-PK11_IsUserCert(PK11SlotInfo *slot, CERTCertificate *cert,
- CK_OBJECT_HANDLE certID)
-{
- CK_OBJECT_CLASS theClass;
-
- if (slot == NULL) return PR_FALSE;
- if (cert == NULL) return PR_FALSE;
-
- theClass = CKO_PRIVATE_KEY;
- if (!PK11_IsLoggedIn(slot,NULL) && PK11_NeedLogin(slot)) {
- theClass = CKO_PUBLIC_KEY;
- }
- if (PK11_MatchItem(slot, certID , theClass) != CK_INVALID_KEY) {
- return PR_TRUE;
- }
-
- if (theClass == CKO_PUBLIC_KEY) {
- SECKEYPublicKey *pubKey= CERT_ExtractPublicKey(cert);
- CK_ATTRIBUTE theTemplate;
-
- if (pubKey == NULL) {
- return PR_FALSE;
- }
-
- PK11_SETATTRS(&theTemplate,0,NULL,0);
- switch (pubKey->keyType) {
- case rsaKey:
- PK11_SETATTRS(&theTemplate,CKA_MODULUS, pubKey->u.rsa.modulus.data,
- pubKey->u.rsa.modulus.len);
- break;
- case dsaKey:
- PK11_SETATTRS(&theTemplate,CKA_VALUE, pubKey->u.dsa.publicValue.data,
- pubKey->u.dsa.publicValue.len);
- case dhKey:
- PK11_SETATTRS(&theTemplate,CKA_VALUE, pubKey->u.dh.publicValue.data,
- pubKey->u.dh.publicValue.len);
- break;
- }
-
- if (theTemplate.ulValueLen == 0) {
- SECKEY_DestroyPublicKey(pubKey);
- return PR_FALSE;
- }
- pk11_SignedToUnsigned(&theTemplate);
- if (pk11_FindObjectByTemplate(slot,&theTemplate,1) != CK_INVALID_KEY) {
- SECKEY_DestroyPublicKey(pubKey);
- return PR_TRUE;
- }
- SECKEY_DestroyPublicKey(pubKey);
- }
- return PR_FALSE;
-}
-
-/*
- * Check out if a cert has ID of zero. This is a magic ID that tells
- * NSS that this cert may be an automagically trusted cert.
- * The Cert has to be self signed as well. That check is done elsewhere.
- *
- */
-PRBool
-pk11_isID0(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID)
-{
- CK_ATTRIBUTE keyID = {CKA_ID, NULL, 0};
- PRBool isZero = PR_FALSE;
- int i;
- CK_RV crv;
-
-
- crv = PK11_GetAttributes(NULL,slot,certID,&keyID,1);
- if (crv != CKR_OK) {
- return isZero;
- }
-
- if (keyID.ulValueLen != 0) {
- char *value = (char *)keyID.pValue;
- isZero = PR_TRUE; /* ID exists, may be zero */
- for (i=0; i < (int) keyID.ulValueLen; i++) {
- if (value[i] != 0) {
- isZero = PR_FALSE; /* nope */
- break;
- }
- }
- }
- PORT_Free(keyID.pValue);
- return isZero;
-
-}
-
-CERTCertificate
-*pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID,
- CK_ATTRIBUTE *privateLabel, char **nickptr)
-{
- CK_ATTRIBUTE certTemp[] = {
- { CKA_ID, NULL, 0 },
- { CKA_VALUE, NULL, 0 },
- { CKA_LABEL, NULL, 0 }
- };
- CK_ATTRIBUTE *id = &certTemp[0];
- CK_ATTRIBUTE *certDER = &certTemp[1];
- CK_ATTRIBUTE *label = &certTemp[2];
- SECItem derCert;
- int csize = sizeof(certTemp)/sizeof(certTemp[0]);
- PRArenaPool *arena;
- char *nickname;
- CERTCertificate *cert;
- CK_RV crv;
-
- arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) return NULL;
- /*
- * grab the der encoding
- */
- crv = PK11_GetAttributes(arena,slot,certID,certTemp,csize);
- if (crv != CKR_OK) {
- PORT_FreeArena(arena,PR_FALSE);
- PORT_SetError( PK11_MapError(crv) );
- return NULL;
- }
-
- /*
- * build a certificate out of it
- */
- derCert.data = (unsigned char*)certDER->pValue;
- derCert.len = certDER->ulValueLen;
-
- /* figure out the nickname.... */
- nickname = pk11_buildNickname(slot,label,privateLabel,id);
- cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert, nickname,
- PR_FALSE, PR_TRUE);
- if (nickptr) {
- *nickptr = nickname;
- } else {
- if (nickname) PORT_Free(nickname);
- }
- PORT_FreeArena(arena,PR_FALSE);
- return cert;
-}
-
-/*
- * Build an CERTCertificate structure from a PKCS#11 object ID.... certID
- * Must be a CertObject. This code does not explicitly checks that.
- */
-CERTCertificate *
-PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID,
- CK_ATTRIBUTE *privateLabel)
-{
- char * nickname = NULL;
- CERTCertificate *cert = NULL;
- CERTCertTrust *trust;
- PRBool isFortezzaRootCA = PR_FALSE;
- PRBool swapNickname = PR_FALSE;
-
- cert = pk11_fastCert(slot,certID,privateLabel, &nickname);
- if (cert == NULL) goto loser;
-
- if (nickname) {
- if (cert->nickname != NULL) {
- cert->dbnickname = cert->nickname;
- }
- cert->nickname = PORT_ArenaStrdup(cert->arena,nickname);
- PORT_Free(nickname);
- nickname = NULL;
- swapNickname = PR_TRUE;
- }
-
- /* remember where this cert came from.... If we have just looked
- * it up from the database and it already has a slot, don't add a new
- * one. */
- if (cert->slot == NULL) {
- cert->slot = PK11_ReferenceSlot(slot);
- cert->pkcs11ID = certID;
- cert->ownSlot = PR_TRUE;
- }
-
- if (cert->trust == NULL) {
- unsigned int type;
-
- trust =
- (CERTCertTrust*)PORT_ArenaAlloc(cert->arena, sizeof(CERTCertTrust));
- if (trust == NULL) goto loser;
-
- PORT_Memset(trust,0, sizeof(CERTCertTrust));
- cert->trust = trust;
- /* build some cert trust flags */
- if (CERT_IsCACert(cert, &type)) {
- unsigned int trustflags = CERTDB_VALID_CA;
-
- /* Allow PKCS #11 modules to give us trusted CA's. We only accept
- * valid CA's which are self-signed here. They must have an object
- * ID of '0'. */
- if (pk11_isID0(slot,certID) &&
- SECITEM_CompareItem(&cert->derSubject,&cert->derIssuer)
- == SECEqual) {
- trustflags |= CERTDB_TRUSTED_CA;
- /* is the slot a fortezza card? allow the user or
- * admin to turn on objectSigning, but don't turn
- * full trust on explicitly */
- if (PK11_DoesMechanism(slot,CKM_KEA_KEY_DERIVE)) {
- trust->objectSigningFlags |= CERTDB_VALID_CA;
- isFortezzaRootCA = PR_TRUE;
- }
- }
- if ((type & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) {
- trust->sslFlags |= trustflags;
- }
- if ((type & NS_CERT_TYPE_EMAIL_CA) == NS_CERT_TYPE_EMAIL_CA) {
- trust->emailFlags |= trustflags;
- }
- if ((type & NS_CERT_TYPE_OBJECT_SIGNING_CA)
- == NS_CERT_TYPE_OBJECT_SIGNING_CA) {
- trust->objectSigningFlags |= trustflags;
- }
- }
- } else {
- trust = cert->trust;
- }
-
- if (PK11_IsUserCert(slot,cert,certID)) {
- trust->sslFlags |= CERTDB_USER;
- trust->emailFlags |= CERTDB_USER;
- /* trust->objectSigningFlags |= CERTDB_USER; */
- }
-
-
- /* if fortezza, write the root cert to the DB */
- if ((isFortezzaRootCA) && (!cert->isperm)) {
- char *name = NULL;
- if (swapNickname) {
- nickname = cert->nickname;
- cert->nickname = cert->dbnickname;
- }
- if (cert->nickname) {
- name = PORT_Strdup(cert->nickname);
- }
- if (name == NULL) name = CERT_MakeCANickname(cert);
- CERT_AddTempCertToPerm(cert,name,cert->trust);
- if (name) PORT_Free(name);
- if (swapNickname) {
- if (cert->nickname != NULL) {
- cert->dbnickname = cert->nickname;
- }
- cert->nickname = PORT_ArenaStrdup(cert->arena,nickname);
- }
-
- }
-
- return cert;
-
-loser:
- if (nickname) PORT_Free(nickname);
- if (cert) CERT_DestroyCertificate(cert);
- return NULL;
-}
-
-
-/*
- * Build get a certificate from a private key
- */
-CERTCertificate *
-PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey)
-{
- PK11SlotInfo *slot = privKey->pkcs11Slot;
- CK_OBJECT_HANDLE certID =
- PK11_MatchItem(slot,privKey->pkcs11ID,CKO_CERTIFICATE);
- SECStatus rv;
- CERTCertificate *cert;
-
- if (certID == CK_INVALID_KEY) {
- /* couldn't find it on the card, look in our data base */
- SECItem derSubject;
-
- rv = PK11_ReadAttribute(slot, privKey->pkcs11ID, CKA_SUBJECT, NULL,
- &derSubject);
- if (rv != SECSuccess) {
- PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
- return NULL;
- }
-
- cert = CERT_FindCertByName(CERT_GetDefaultCertDB(),&derSubject);
- PORT_Free(derSubject.data);
- return cert;
- }
- cert = PK11_MakeCertFromHandle(slot,certID,NULL);
- return (cert);
-
-}
-
-/*
- * destroy a private key if there are no matching certs.
- * this function also frees the privKey structure.
- */
-SECStatus
-PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey)
-{
- CERTCertificate *cert=PK11_GetCertFromPrivateKey(privKey);
-
- /* found a cert matching the private key?. */
- if (cert != NULL) {
- /* yes, don't delete the key */
- CERT_DestroyCertificate(cert);
- SECKEY_DestroyPrivateKey(privKey);
- return SECWouldBlock;
- }
- /* now, then it's safe for the key to go away */
- PK11_DestroyTokenObject(privKey->pkcs11Slot,privKey->pkcs11ID);
- SECKEY_DestroyPrivateKey(privKey);
- return SECSuccess;
-}
-
-
-/*
- * delete a cert and it's private key (if no other certs are pointing to the
- * private key.
- */
-SECStatus
-PK11_DeleteTokenCertAndKey(CERTCertificate *cert,void *wincx)
-{
- SECKEYPrivateKey *privKey = PK11_FindKeyByAnyCert(cert,wincx);
- CK_OBJECT_HANDLE pubKey;
- PK11SlotInfo *slot = NULL;
-
- pubKey = pk11_FindPubKeyByAnyCert(cert, &slot, wincx);
- if (privKey) {
- PK11_DestroyTokenObject(cert->slot,cert->pkcs11ID);
- PK11_DeleteTokenPrivateKey(privKey);
- }
- if ((pubKey != CK_INVALID_KEY) && (slot != NULL)) {
- PK11_DestroyTokenObject(slot,pubKey);
- PK11_FreeSlot(slot);
- }
- return SECSuccess;
-}
-
-/*
- * count the number of objects that match the template.
- */
-int
-PK11_NumberObjectsFor(PK11SlotInfo *slot, CK_ATTRIBUTE *findTemplate,
- int templateCount)
-{
- CK_OBJECT_HANDLE objID[PK11_SEARCH_CHUNKSIZE];
- int object_count = 0;
- CK_ULONG returned_count = 0;
- CK_RV crv;
-
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session,
- findTemplate, templateCount);
- if (crv != CKR_OK) {
- PK11_ExitSlotMonitor(slot);
- PORT_SetError( PK11_MapError(crv) );
- return 0;
- }
-
- /*
- * collect all the Matching Objects
- */
- do {
- crv = PK11_GETTAB(slot)->C_FindObjects(slot->session,
- objID,PK11_SEARCH_CHUNKSIZE,&returned_count);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- break;
- }
- object_count += returned_count;
- } while (returned_count == PK11_SEARCH_CHUNKSIZE);
-
- PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
- PK11_ExitSlotMonitor(slot);
- return object_count;
-}
-
-/*
- * cert callback structure
- */
-typedef struct pk11DoCertCallbackStr {
- SECStatus(* callback)(PK11SlotInfo *slot, CERTCertificate*, void *);
- SECStatus(* noslotcallback)(CERTCertificate*, void *);
- void *callbackArg;
-} pk11DoCertCallback;
-
-/*
- * callback to map object handles to certificate structures.
- */
-SECStatus
-pk11_DoCerts(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, void *arg)
-{
- CERTCertificate *cert;
- pk11DoCertCallback *certcb = (pk11DoCertCallback *) arg;
-
- cert = PK11_MakeCertFromHandle(slot, certID, NULL);
-
- if (cert == NULL) {
- return SECFailure;
- }
-
- if (certcb ) {
- if (certcb->callback) {
- (*certcb->callback)(slot, cert, certcb->callbackArg);
- }
- if (certcb->noslotcallback) {
- (*certcb->noslotcallback)(cert, certcb->callbackArg);
- }
- }
-
- CERT_DestroyCertificate(cert);
-
- return SECSuccess;
-}
-
-
-/*
- * key call back structure.
- */
-typedef struct pk11KeyCallbackStr {
- SECStatus (* callback)(SECKEYPrivateKey *,void *);
- void *callbackArg;
- void *wincx;
-} pk11KeyCallback;
-
-/*
- * callback to map Object Handles to Private Keys;
- */
-SECStatus
-pk11_DoKeys(PK11SlotInfo *slot, CK_OBJECT_HANDLE keyHandle, void *arg)
-{
- SECStatus rv = SECSuccess;
- SECKEYPrivateKey *privKey;
- pk11KeyCallback *keycb = (pk11KeyCallback *) arg;
-
- privKey = PK11_MakePrivKey(slot,nullKey,PR_TRUE,keyHandle,keycb->wincx);
-
- if (privKey == NULL) {
- return SECFailure;
- }
-
- if (keycb && (keycb->callback)) {
- rv = (*keycb->callback)(privKey,keycb->callbackArg);
- }
-
- SECKEY_DestroyPrivateKey(privKey);
- return rv;
-}
-
-
-/* Traverse slots callback */
-typedef struct pk11TraverseSlotStr {
- SECStatus (*callback)(PK11SlotInfo *,CK_OBJECT_HANDLE, void *);
- void *callbackArg;
- CK_ATTRIBUTE *findTemplate;
- int templateCount;
-} pk11TraverseSlotCert;
-
-/*
- * Extract all the certs on a card from a slot.
- */
-SECStatus
-PK11_TraverseSlot(PK11SlotInfo *slot, void *arg)
-{
- int i;
- CK_OBJECT_HANDLE *objID = NULL;
- int object_count = 0;
- CK_ULONG returned_count = 0;
- pk11TraverseSlotCert *slotcb = (pk11TraverseSlotCert *) arg;
-
- objID = pk11_FindObjectsByTemplate(slot,slotcb->findTemplate,
- slotcb->templateCount,&object_count);
-
- /*Actually this isn't a failure... there just were no objs to be found*/
- if (object_count == 0) {
- return SECSuccess;
- }
-
- if (objID == NULL) {
- return SECFailure;
- }
-
- for (i=0; i < object_count; i++) {
- (*slotcb->callback)(slot,objID[i],slotcb->callbackArg);
- }
- PORT_Free(objID);
- return SECSuccess;
-}
-
-typedef struct pk11CertCallbackStr {
- SECStatus(* callback)(CERTCertificate*,SECItem *,void *);
- void *callbackArg;
-} pk11CertCallback;
-
-static SECStatus
-pk11_SaveCert(PK11SlotInfo *slot, CERTCertificate *cert, void *arg)
-{
- pk11CertCallback *certcb = (pk11CertCallback *)arg;
- SECStatus rv = SECSuccess;
-
- if (slot->cert_count == slot->array_size) return CKR_OK;
-
- slot->cert_array[slot->cert_count] = CERT_DupCertificate(cert);
- if (slot->cert_array[slot->cert_count] == NULL) {
- return SECFailure;
- }
- /* now the slot has a hold of the cert, free the slot's element in the
- * cert.. */
- if (cert->ownSlot && (slot == cert->slot)) {
- PK11_FreeSlot(cert->slot);
- cert->ownSlot = PR_FALSE;
- }
- slot->cert_count++;
-
- if (certcb->callback) {
- rv = (*certcb->callback)(cert, NULL, certcb->callbackArg);
- }
- return rv;
-}
-
-
-/* free the slots */
-void
-PK11_FreeSlotCerts(PK11SlotInfo *slot)
-{
- int i;
-
- if (slot->cert_array) {
- for (i=0; i < slot->cert_count; i++) {
- /* if we point the cert on our array, the cert doesn't have a
- * reference to use (otherwise you would never be able to free
- * a slot :) */
- if ((slot->cert_array[i]->slot == slot) &&
- (!slot->cert_array[i]->ownSlot)) {
- slot->cert_array[i]->slot = NULL;
- }
- CERT_DestroyCertificate(slot->cert_array[i]);
- }
- PORT_Free(slot->cert_array);
- slot->cert_array = NULL;
- slot->cert_count = 0;
- }
- return;
-}
-
-/*
- * Update PQG parameters for all the certs on a slot.
- */
-static SECStatus
-pk11_UpdateSlotPQG(PK11SlotInfo *slot)
-{
- int i, tag;
- CERTCertificate * cert;
- SECOidData *oid;
- SECStatus rv1 = SECSuccess;
- SECStatus rv2 = SECSuccess;
-
- if (slot->cert_array) {
- for (i=0; i < slot->cert_count; i++) {
-
- cert = slot->cert_array[i];
-
- oid = SECOID_FindOID(&cert->subjectPublicKeyInfo.algorithm.algorithm);
-
- if (oid != NULL) {
- tag = oid->offset;
-
- /* Check if cert has a DSA or Fortezza public key */
- if ( (tag == SEC_OID_MISSI_KEA_DSS_OLD) ||
- (tag == SEC_OID_MISSI_DSS_OLD) ||
- (tag == SEC_OID_MISSI_KEA_DSS) ||
- (tag == SEC_OID_MISSI_DSS) ||
- (tag == SEC_OID_ANSIX9_DSA_SIGNATURE) ||
- (tag == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) ||
- (tag == SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) ) {
-
- /* update PQG parameters */
-
- rv1 = SECKEY_UpdateCertPQG(cert);
- if (rv1 == SECFailure) {
- rv2 = rv1;
- }
- }
- } /* end of if oid != NULL */
- } /* end of for loop */
- }
- return rv2;
-}
-
-
-/*
- * Extract all the certs on a card from a slot.
- */
-static SECStatus
-pk11_ExtractCertsFromSlot(PK11SlotInfo *slot, void *arg)
-{
- pk11TraverseSlotCert *slotcb = (pk11TraverseSlotCert *) arg;
- int object_count;
- SECStatus rv;
-
- rv = SECSuccess;
-
- PK11_FreeSlotCerts(slot);
-
- object_count = PK11_NumberObjectsFor(slot,slotcb->findTemplate,
- slotcb->templateCount);
-
- /*Actually this isn't a failure... there just were no certs to be found*/
- if (object_count == 0) {
- return SECSuccess;
- }
-
- slot->cert_array = (CERTCertificate **)
- PORT_Alloc(sizeof(CERTCertificate *)*object_count);
- if (slot->cert_array == NULL) {
- return SECFailure;
- }
- slot->cert_count = 0;
- slot->array_size = object_count;
- PK11_TraverseSlot(slot,arg);
-
- /* Update the PQG parameters for the extracted certs. */
- rv = pk11_UpdateSlotPQG(slot);
-
- return rv;
-}
-
-/*
- * read all the certs from a slot
- */
-SECStatus
-PK11_ReadSlotCerts(PK11SlotInfo *slot)
-{
-
- /* build slot list */
- pk11CertCallback caller;
- pk11DoCertCallback saver;
- pk11TraverseSlotCert creater;
- CK_ATTRIBUTE theTemplate;
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
-
- PK11_SETATTRS(&theTemplate, CKA_CLASS, &certClass, sizeof(certClass));
-
- caller.callback = NULL;
- caller.callbackArg = NULL;
- saver.callback = pk11_SaveCert;
- saver.noslotcallback = NULL;
- saver.callbackArg = (void *) & caller;
- creater.callback = pk11_DoCerts;
- creater.callbackArg = (void *) & saver;
- creater.findTemplate = &theTemplate;
- creater.templateCount = 1;
-
- return pk11_ExtractCertsFromSlot(slot, &creater);
-}
-
-/*
- * Extract all the certs on a card from a slot.
- */
-static SECStatus
-pk11_TraverseAllSlots(PRBool loadCerts,
- SECStatus (*callback)(PK11SlotInfo *,void *),void *arg,void *wincx) {
-
- PK11SlotList *list;
- PK11SlotListElement *le;
- SECStatus rv;
-
- /* get them all! */
- list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,loadCerts,wincx);
- if (list == NULL) return SECFailure;
-
- /* look at each slot and authenticate as necessary */
- for (le = list->head ; le; le = le->next) {
- /* don't nab internal slots */
- if ((!loadCerts) && le->slot->isInternal == PR_TRUE) {
- continue;
- }
- if (loadCerts || !PK11_IsFriendly(le->slot)) {
- rv = PK11_Authenticate(le->slot, loadCerts, wincx);
- if (rv != SECSuccess) continue;
- }
- (*callback)(le->slot,arg);
- }
-
- PK11_FreeSlotList(list);
-
- return SECSuccess;
-}
-
-/*
- * Extract all the certs on a card from a slot.
- */
-SECStatus
-PK11_TraverseSlotCerts(SECStatus(* callback)(CERTCertificate*,SECItem *,void *),
- void *arg, void *wincx) {
- pk11CertCallback caller;
- pk11DoCertCallback saver;
- pk11TraverseSlotCert creater;
- CK_ATTRIBUTE theTemplate;
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
-
- PK11_SETATTRS(&theTemplate, CKA_CLASS, &certClass, sizeof(certClass));
-
- caller.callback = callback;
- caller.callbackArg = arg;
- saver.callback = pk11_SaveCert;
- saver.noslotcallback = NULL;
- saver.callbackArg = (void *) & caller;
- creater.callback = pk11_DoCerts;
- creater.callbackArg = (void *) & saver;
- creater.findTemplate = &theTemplate;
- creater.templateCount = 1;
-
- return pk11_TraverseAllSlots(PR_FALSE, pk11_ExtractCertsFromSlot,
- &creater, wincx);
-}
-
-CK_OBJECT_HANDLE *
-PK11_FindObjectsFromNickname(char *nickname,PK11SlotInfo **slotptr,
- CK_OBJECT_CLASS objclass, int *returnCount, void *wincx) {
- char *tokenName;
- char *delimit;
- PK11SlotInfo *slot;
- CK_OBJECT_HANDLE *objID;
- CK_ATTRIBUTE findTemplate[] = {
- { CKA_LABEL, NULL, 0},
- { CKA_CLASS, NULL, 0},
- };
- int findCount = sizeof(findTemplate)/sizeof(findTemplate[0]);
- SECStatus rv;
- PK11_SETATTRS(&findTemplate[1], CKA_CLASS, &objclass, sizeof(objclass));
-
- *slotptr = slot = NULL;
- *returnCount = 0;
- /* first find the slot associated with this nickname */
- if ((delimit = PORT_Strchr(nickname,':')) != NULL) {
- int len = delimit - nickname;
- tokenName = (char*)PORT_Alloc(len+1);
- PORT_Memcpy(tokenName,nickname,len);
- tokenName[len] = 0;
-
- slot = *slotptr = PK11_FindSlotByName(tokenName);
- PORT_Free(tokenName);
- /* if we couldn't find a slot, assume the nickname is an internal cert
- * with no proceding slot name */
- if (slot == NULL) {
- slot = *slotptr = PK11_GetInternalKeySlot();
- } else {
- nickname = delimit+1;
- }
- } else {
- *slotptr = slot = PK11_GetInternalKeySlot();
- }
- if (slot == NULL) {
- return CK_INVALID_KEY;
- }
-
- if (!PK11_IsFriendly(slot)) {
- rv = PK11_Authenticate(slot, PR_TRUE, wincx);
- if (rv != SECSuccess) {
- PK11_FreeSlot(slot);
- *slotptr = NULL;
- return CK_INVALID_KEY;
- }
- }
-
- findTemplate[0].pValue = nickname;
- findTemplate[0].ulValueLen = PORT_Strlen(nickname);
- objID = pk11_FindObjectsByTemplate(slot,findTemplate,findCount,returnCount);
- if (objID == NULL) {
- /* PKCS #11 isn't clear on whether or not the NULL is
- * stored in the template.... try the find again with the
- * full null terminated string. */
- findTemplate[0].ulValueLen += 1;
- objID = pk11_FindObjectsByTemplate(slot,findTemplate,findCount,
- returnCount);
- if (objID == NULL) {
- /* Well that's the best we can do. It's just not here */
- /* what about faked nicknames? */
- PK11_FreeSlot(slot);
- *slotptr = NULL;
- *returnCount = 0;
- }
- }
-
- return objID;
-}
-
-
-CERTCertificate *
-PK11_FindCertFromNickname(char *nickname, void *wincx) {
- PK11SlotInfo *slot;
- int count=0;
- CK_OBJECT_HANDLE *certID = PK11_FindObjectsFromNickname(nickname,&slot,
- CKO_CERTIFICATE, &count, wincx);
- CERTCertificate *cert;
-
- if (certID == CK_INVALID_KEY) return NULL;
- cert = PK11_MakeCertFromHandle(slot,certID[0],NULL);
- PK11_FreeSlot(slot);
- PORT_Free(certID);
- return cert;
-}
-
-CERTCertList *
-PK11_FindCertsFromNickname(char *nickname, void *wincx) {
- PK11SlotInfo *slot;
- int i,count = 0;
- CK_OBJECT_HANDLE *certID = PK11_FindObjectsFromNickname(nickname,&slot,
- CKO_CERTIFICATE, &count, wincx);
- CERTCertList *certList = NULL;
-
- if (certID == NULL) return NULL;
-
- certList= CERT_NewCertList();
-
- for (i=0; i < count; i++) {
- CERTCertificate *cert = PK11_MakeCertFromHandle(slot,certID[i],NULL);
-
- if (cert) CERT_AddCertToListTail(certList,cert);
- }
-
- if (CERT_LIST_HEAD(certList) == NULL) {
- CERT_DestroyCertList(certList);
- certList = NULL;
- }
- PK11_FreeSlot(slot);
- PORT_Free(certID);
- return certList;
-}
-
-/*
- * extract a key ID for a certificate...
- * NOTE: We call this function from PKCS11.c If we ever use
- * pkcs11 to extract the public key (we currently do not), this will break.
- */
-SECItem *
-PK11_GetPubIndexKeyID(CERTCertificate *cert) {
- SECKEYPublicKey *pubk;
- SECItem *newItem = NULL;
-
- pubk = CERT_ExtractPublicKey(cert);
- if (pubk == NULL) return NULL;
-
- switch (pubk->keyType) {
- case rsaKey:
- newItem = SECITEM_DupItem(&pubk->u.rsa.modulus);
- break;
- case dsaKey:
- newItem = SECITEM_DupItem(&pubk->u.dsa.publicValue);
- break;
- case dhKey:
- newItem = SECITEM_DupItem(&pubk->u.dh.publicValue);
- case fortezzaKey:
- default:
- newItem = NULL; /* Fortezza Fix later... */
- }
- SECKEY_DestroyPublicKey(pubk);
- /* make hash of it */
- return newItem;
-}
-
-/*
- * generate a CKA_ID from a certificate.
- */
-SECItem *
-pk11_mkcertKeyID(CERTCertificate *cert) {
- SECItem *pubKeyData = PK11_GetPubIndexKeyID(cert) ;
- SECItem *certCKA_ID;
-
- if (pubKeyData == NULL) return NULL;
-
- certCKA_ID = PK11_MakeIDFromPubKey(pubKeyData);
- SECITEM_FreeItem(pubKeyData,PR_TRUE);
- return certCKA_ID;
-}
-
-
-/*
- * Generate a CKA_ID from the relevant public key data. The CKA_ID is generated
- * from the pubKeyData by SHA1_Hashing it to produce a smaller CKA_ID (to make
- * smart cards happy.
- */
-SECItem *
-PK11_MakeIDFromPubKey(SECItem *pubKeyData) {
- PK11Context *context;
- SECItem *certCKA_ID;
- SECStatus rv;
-
- context = PK11_CreateDigestContext(SEC_OID_SHA1);
- if (context == NULL) {
- return NULL;
- }
-
- rv = PK11_DigestBegin(context);
- if (rv == SECSuccess) {
- rv = PK11_DigestOp(context,pubKeyData->data,pubKeyData->len);
- }
- if (rv != SECSuccess) {
- PK11_DestroyContext(context,PR_TRUE);
- return NULL;
- }
-
- certCKA_ID = (SECItem *)PORT_Alloc(sizeof(SECItem));
- if (certCKA_ID == NULL) {
- PK11_DestroyContext(context,PR_TRUE);
- return NULL;
- }
-
- certCKA_ID->len = SHA1_LENGTH;
- certCKA_ID->data = (unsigned char*)PORT_Alloc(certCKA_ID->len);
- if (certCKA_ID->data == NULL) {
- PORT_Free(certCKA_ID);
- PK11_DestroyContext(context,PR_TRUE);
- return NULL;
- }
-
- rv = PK11_DigestFinal(context,certCKA_ID->data,&certCKA_ID->len,
- SHA1_LENGTH);
- PK11_DestroyContext(context,PR_TRUE);
- if (rv != SECSuccess) {
- SECITEM_FreeItem(certCKA_ID,PR_TRUE);
- return NULL;
- }
-
- return certCKA_ID;
-}
-
-/*
- * Write the cert into the token.
- */
-SECStatus
-PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
- CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust) {
- int len = 0;
- SECItem *keyID = pk11_mkcertKeyID(cert);
- CK_ATTRIBUTE keyAttrs[] = {
- { CKA_LABEL, NULL, 0},
- { CKA_SUBJECT, NULL, 0},
- };
- CK_OBJECT_CLASS certc = CKO_CERTIFICATE;
- CK_CERTIFICATE_TYPE certType = CKC_X_509;
- CK_OBJECT_HANDLE certID;
- CK_SESSION_HANDLE rwsession;
- CK_BBOOL cktrue = CK_TRUE;
- SECStatus rv = SECFailure;
- CK_ATTRIBUTE certAttrs[] = {
- { CKA_ID, NULL, 0 },
- { CKA_LABEL, NULL, 0},
- { CKA_CLASS, NULL, 0},
- { CKA_TOKEN, NULL, 0},
- { CKA_CERTIFICATE_TYPE, NULL, 0},
- { CKA_SUBJECT, NULL, 0},
- { CKA_ISSUER, NULL, 0},
- { CKA_SERIAL_NUMBER, NULL, 0},
- { CKA_VALUE, NULL, 0},
- { CKA_NETSCAPE_TRUST, NULL, 0},
- };
- int certCount = sizeof(certAttrs)/sizeof(certAttrs[0]), keyCount = 2;
- CK_ATTRIBUTE *attrs;
- CK_RV crv;
- SECCertUsage *certUsage = NULL;
-
- if (keyID == NULL) {
- PORT_SetError(SEC_ERROR_ADDING_CERT);
- return rv;
- }
-
- len = ((nickname) ? PORT_Strlen(nickname) : 0);
-
- attrs = certAttrs;
- PK11_SETATTRS(attrs,CKA_ID, keyID->data, keyID->len); attrs++;
- if(nickname) {
- PK11_SETATTRS(attrs,CKA_LABEL, nickname, len ); attrs++;
- }
- PK11_SETATTRS(attrs,CKA_CLASS, &certc, sizeof(certc) ); attrs++;
- PK11_SETATTRS(attrs,CKA_TOKEN, &cktrue, sizeof(cktrue) ); attrs++;
- PK11_SETATTRS(attrs,CKA_CERTIFICATE_TYPE, &certType,
- sizeof(certType)); attrs++;
- PK11_SETATTRS(attrs,CKA_SUBJECT, cert->derSubject.data,
- cert->derSubject.len ); attrs++;
- PK11_SETATTRS(attrs,CKA_ISSUER, cert->derIssuer.data,
- cert->derIssuer.len ); attrs++;
- PK11_SETATTRS(attrs,CKA_SERIAL_NUMBER, cert->serialNumber.data,
- cert->serialNumber.len); attrs++;
- PK11_SETATTRS(attrs,CKA_VALUE, cert->derCert.data, cert->derCert.len);
- if(includeTrust && PK11_IsInternal(slot)) {
- attrs++;
- certUsage = (SECCertUsage*)PORT_Alloc(sizeof(SECCertUsage));
- if(!certUsage) {
- SECITEM_FreeItem(keyID,PR_TRUE);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return rv;
- }
- *certUsage = certUsageUserCertImport;
- PK11_SETATTRS(attrs,CKA_NETSCAPE_TRUST, certUsage, sizeof(SECCertUsage));
- } else {
- certCount--;
- }
-
- attrs = keyAttrs;
- if(nickname) {
- PK11_SETATTRS(attrs,CKA_LABEL, nickname, len ); attrs++;
- }
- PK11_SETATTRS(attrs,CKA_SUBJECT, cert->derSubject.data,
- cert->derSubject.len );
-
- if(!nickname) {
- certCount--;
- keyCount--;
- }
-
- rwsession = PK11_GetRWSession(slot);
- crv = PK11_GETTAB(slot)->C_SetAttributeValue(rwsession,key,keyAttrs,
- keyCount);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- goto done;
- }
-
- crv = PK11_GETTAB(slot)->
- C_CreateObject(rwsession,certAttrs,certCount,&certID);
- if (crv == CKR_OK) {
- rv = SECSuccess;
- } else {
- PORT_SetError( PK11_MapError(crv) );
- }
-
-done:
- SECITEM_FreeItem(keyID,PR_TRUE);
- PK11_RestoreROSession(slot,rwsession);
- if(certUsage) {
- PORT_Free(certUsage);
- }
- return rv;
-
-}
-
-/*
- * get a certificate handle, look at the cached handle first..
- */
-CK_OBJECT_HANDLE
-pk11_getcerthandle(PK11SlotInfo *slot, CERTCertificate *cert,
- CK_ATTRIBUTE *theTemplate,int tsize)
-{
- CK_OBJECT_HANDLE certh;
-
- if (cert->slot == slot) {
- certh = cert->pkcs11ID;
- if (certh == CK_INVALID_KEY) {
- certh = pk11_FindObjectByTemplate(slot,theTemplate,tsize);
- cert->pkcs11ID = certh;
- }
- } else {
- certh = pk11_FindObjectByTemplate(slot,theTemplate,tsize);
- }
- return certh;
-}
-
-/*
- * return the private key From a given Cert
- */
-SECKEYPrivateKey *
-PK11_FindPrivateKeyFromCert(PK11SlotInfo *slot, CERTCertificate *cert,
- void *wincx) {
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_VALUE, NULL, 0 },
- { CKA_CLASS, NULL, 0 }
- };
- /* if you change the array, change the variable below as well */
- int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
- CK_OBJECT_HANDLE certh;
- CK_OBJECT_HANDLE keyh;
- CK_ATTRIBUTE *attrs = theTemplate;
- SECStatus rv;
-
- PK11_SETATTRS(attrs, CKA_VALUE, cert->derCert.data,
- cert->derCert.len); attrs++;
- PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass));
-
- /*
- * issue the find
- */
- rv = PK11_Authenticate(slot, PR_TRUE, wincx);
- if (rv != SECSuccess) {
- return NULL;
- }
-
- certh = pk11_getcerthandle(slot,cert,theTemplate,tsize);
- if (certh == CK_INVALID_KEY) {
- return NULL;
- }
- keyh = PK11_MatchItem(slot,certh,CKO_PRIVATE_KEY);
- if (keyh == CK_INVALID_KEY) { return NULL; }
- return PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyh, wincx);
-}
-
-
-/*
- * return the private key with the given ID
- */
-static CK_OBJECT_HANDLE
-pk11_FindPrivateKeyFromCertID(PK11SlotInfo *slot, SECItem *keyID) {
- CK_OBJECT_CLASS privKey = CKO_PRIVATE_KEY;
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_ID, NULL, 0 },
- { CKA_CLASS, NULL, 0 },
- };
- /* if you change the array, change the variable below as well */
- int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
- CK_ATTRIBUTE *attrs = theTemplate;
-
- PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len ); attrs++;
- PK11_SETATTRS(attrs, CKA_CLASS, &privKey, sizeof(privKey));
-
- return pk11_FindObjectByTemplate(slot,theTemplate,tsize);
-}
-
-/*
- * import a cert for a private key we have already generated. Set the label
- * on both to be the nickname. This is for the Key Gen, orphaned key case.
- */
-PK11SlotInfo *
-PK11_KeyForCertExists(CERTCertificate *cert, CK_OBJECT_HANDLE *keyPtr,
- void *wincx) {
- PK11SlotList *list;
- PK11SlotListElement *le;
- SECItem *keyID;
- CK_OBJECT_HANDLE key;
- PK11SlotInfo *slot = NULL;
- SECStatus rv;
-
- keyID = pk11_mkcertKeyID(cert);
- /* get them all! */
- list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_TRUE,wincx);
- if ((keyID == NULL) || (list == NULL)) {
- if (keyID) SECITEM_FreeItem(keyID,PR_TRUE);
- if (list) PK11_FreeSlotList(list);
- return NULL;
- }
-
- /* Look for the slot that holds the Key */
- for (le = list->head ; le; le = le->next) {
- rv = PK11_Authenticate(le->slot, PR_TRUE, wincx);
- if (rv != SECSuccess) continue;
-
- key = pk11_FindPrivateKeyFromCertID(le->slot,keyID);
- if (key != CK_INVALID_KEY) {
- slot = PK11_ReferenceSlot(le->slot);
- if (keyPtr) *keyPtr = key;
- break;
- }
- }
-
- SECITEM_FreeItem(keyID,PR_TRUE);
- PK11_FreeSlotList(list);
- return slot;
-
-}
-
-PK11SlotInfo *
-PK11_ImportCertForKey(CERTCertificate *cert, char *nickname,void *wincx) {
- PK11SlotInfo *slot = NULL;
- CK_OBJECT_HANDLE key;
-
- slot = PK11_KeyForCertExists(cert,&key,wincx);
-
- if (slot) {
- if (PK11_ImportCert(slot,cert,key,nickname,PR_FALSE) != SECSuccess) {
- PK11_FreeSlot(slot);
- slot = NULL;
- }
- } else {
- PORT_SetError(SEC_ERROR_ADDING_CERT);
- }
-
- return slot;
-}
-
-static CK_OBJECT_HANDLE
-pk11_FindCertObjectByTemplate(PK11SlotInfo **slotPtr,
- CK_ATTRIBUTE *searchTemplate, int count, void *wincx) {
- PK11SlotList *list;
- PK11SlotListElement *le;
- CK_OBJECT_HANDLE certHandle = CK_INVALID_KEY;
- PK11SlotInfo *slot = NULL;
- SECStatus rv;
-
- *slotPtr = NULL;
-
- /* get them all! */
- list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_TRUE,wincx);
- if (list == NULL) {
- if (list) PK11_FreeSlotList(list);
- return CK_INVALID_KEY;
- }
-
-
- /* Look for the slot that holds the Key */
- for (le = list->head ; le; le = le->next) {
- if (!PK11_IsFriendly(le->slot)) {
- rv = PK11_Authenticate(le->slot, PR_TRUE, wincx);
- if (rv != SECSuccess) continue;
- }
-
- certHandle = pk11_FindObjectByTemplate(le->slot,searchTemplate,count);
- if (certHandle != CK_INVALID_KEY) {
- slot = PK11_ReferenceSlot(le->slot);
- break;
- }
- }
-
- PK11_FreeSlotList(list);
-
- if (slot == NULL) {
- return CK_INVALID_KEY;
- }
- *slotPtr = slot;
- return certHandle;
-}
-
-
-/*
- * We're looking for a cert which we have the private key for that's on the
- * list of recipients. This searches one slot.
- * this is the new version for NSS SMIME code
- * this stuff should REALLY be in the SMIME code, but some things in here are not public
- * (they should be!)
- */
-static CK_OBJECT_HANDLE
-pk11_FindCertObjectByRecipientNew(PK11SlotInfo *slot, NSSCMSRecipient **recipientlist, int *rlIndex)
-{
- CK_OBJECT_HANDLE certHandle;
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_OBJECT_CLASS peerClass ;
- CK_ATTRIBUTE searchTemplate[] = {
- { CKA_CLASS, NULL, 0 },
- { CKA_ISSUER, NULL, 0 },
- { CKA_SERIAL_NUMBER, NULL, 0}
- };
- int count = sizeof(searchTemplate)/sizeof(CK_ATTRIBUTE);
- NSSCMSRecipient *ri = NULL;
- CK_ATTRIBUTE *attrs;
- int i;
-
- peerClass = CKO_PRIVATE_KEY;
- if (!PK11_IsLoggedIn(slot,NULL) && PK11_NeedLogin(slot)) {
- peerClass = CKO_PUBLIC_KEY;
- }
-
- for (i=0; (ri = recipientlist[i]) != NULL; i++) {
- /* XXXXX fixme - not yet implemented! */
- if (ri->kind == RLSubjKeyID)
- continue;
-
- attrs = searchTemplate;
-
- PK11_SETATTRS(attrs, CKA_CLASS, &certClass,sizeof(certClass)); attrs++;
- PK11_SETATTRS(attrs, CKA_ISSUER, ri->id.issuerAndSN->derIssuer.data,
- ri->id.issuerAndSN->derIssuer.len); attrs++;
- PK11_SETATTRS(attrs, CKA_SERIAL_NUMBER,
- ri->id.issuerAndSN->serialNumber.data,ri->id.issuerAndSN->serialNumber.len);
-
- certHandle = pk11_FindObjectByTemplate(slot,searchTemplate,count);
- if (certHandle != CK_INVALID_KEY) {
- CERTCertificate *cert = pk11_fastCert(slot,certHandle,NULL,NULL);
- if (PK11_IsUserCert(slot,cert,certHandle)) {
- /* we've found a cert handle, now let's see if there is a key
- * associated with it... */
- ri->slot = PK11_ReferenceSlot(slot);
- *rlIndex = i;
-
- CERT_DestroyCertificate(cert);
- return certHandle;
- }
- CERT_DestroyCertificate(cert);
- }
- }
- *rlIndex = -1;
- return CK_INVALID_KEY;
-}
-
-/*
- * This function is the same as above, but it searches all the slots.
- * this is the new version for NSS SMIME code
- * this stuff should REALLY be in the SMIME code, but some things in here are not public
- * (they should be!)
- */
-static CK_OBJECT_HANDLE
-pk11_AllFindCertObjectByRecipientNew(NSSCMSRecipient **recipientlist, void *wincx, int *rlIndex)
-{
- PK11SlotList *list;
- PK11SlotListElement *le;
- CK_OBJECT_HANDLE certHandle = CK_INVALID_KEY;
- PK11SlotInfo *slot = NULL;
- SECStatus rv;
-
- /* get them all! */
- list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_TRUE,wincx);
- if (list == NULL) {
- if (list) PK11_FreeSlotList(list);
- return CK_INVALID_KEY;
- }
-
- /* Look for the slot that holds the Key */
- for (le = list->head ; le; le = le->next) {
- if ( !PK11_IsFriendly(le->slot)) {
- rv = PK11_Authenticate(le->slot, PR_TRUE, wincx);
- if (rv != SECSuccess) continue;
- }
-
- certHandle = pk11_FindCertObjectByRecipientNew(le->slot, recipientlist, rlIndex);
- if (certHandle != CK_INVALID_KEY)
- break;
- }
-
- PK11_FreeSlotList(list);
-
- return (le == NULL) ? CK_INVALID_KEY : certHandle;
-}
-
-/*
- * We're looking for a cert which we have the private key for that's on the
- * list of recipients. This searches one slot.
- */
-static CK_OBJECT_HANDLE
-pk11_FindCertObjectByRecipient(PK11SlotInfo *slot,
- SEC_PKCS7RecipientInfo **recipientArray,SEC_PKCS7RecipientInfo **rip)
-{
- CK_OBJECT_HANDLE certHandle;
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_OBJECT_CLASS peerClass ;
- CK_ATTRIBUTE searchTemplate[] = {
- { CKA_CLASS, NULL, 0 },
- { CKA_ISSUER, NULL, 0 },
- { CKA_SERIAL_NUMBER, NULL, 0}
- };
- int count = sizeof(searchTemplate)/sizeof(CK_ATTRIBUTE);
- SEC_PKCS7RecipientInfo *ri = NULL;
- CK_ATTRIBUTE *attrs;
- int i;
-
-
- peerClass = CKO_PRIVATE_KEY;
- if (!PK11_IsLoggedIn(slot,NULL) && PK11_NeedLogin(slot)) {
- peerClass = CKO_PUBLIC_KEY;
- }
-
- for (i=0; (ri = recipientArray[i]) != NULL; i++) {
- attrs = searchTemplate;
-
- PK11_SETATTRS(attrs, CKA_CLASS, &certClass,sizeof(certClass)); attrs++;
- PK11_SETATTRS(attrs, CKA_ISSUER, ri->issuerAndSN->derIssuer.data,
- ri->issuerAndSN->derIssuer.len); attrs++;
- PK11_SETATTRS(attrs, CKA_SERIAL_NUMBER,
- ri->issuerAndSN->serialNumber.data,ri->issuerAndSN->serialNumber.len);
-
- certHandle = pk11_FindObjectByTemplate(slot,searchTemplate,count);
- if (certHandle != CK_INVALID_KEY) {
- CERTCertificate *cert = pk11_fastCert(slot,certHandle,NULL,NULL);
- if (PK11_IsUserCert(slot,cert,certHandle)) {
- /* we've found a cert handle, now let's see if there is a key
- * associated with it... */
- *rip = ri;
-
- CERT_DestroyCertificate(cert);
- return certHandle;
- }
- CERT_DestroyCertificate(cert);
- }
- }
- *rip = NULL;
- return CK_INVALID_KEY;
-}
-
-/*
- * This function is the same as above, but it searches all the slots.
- */
-static CK_OBJECT_HANDLE
-pk11_AllFindCertObjectByRecipient(PK11SlotInfo **slotPtr,
- SEC_PKCS7RecipientInfo **recipientArray,SEC_PKCS7RecipientInfo **rip,
- void *wincx) {
- PK11SlotList *list;
- PK11SlotListElement *le;
- CK_OBJECT_HANDLE certHandle = CK_INVALID_KEY;
- PK11SlotInfo *slot = NULL;
- SECStatus rv;
-
- *slotPtr = NULL;
-
- /* get them all! */
- list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_TRUE,wincx);
- if (list == NULL) {
- if (list) PK11_FreeSlotList(list);
- return CK_INVALID_KEY;
- }
-
- *rip = NULL;
-
- /* Look for the slot that holds the Key */
- for (le = list->head ; le; le = le->next) {
- if ( !PK11_IsFriendly(le->slot)) {
- rv = PK11_Authenticate(le->slot, PR_TRUE, wincx);
- if (rv != SECSuccess) continue;
- }
-
- certHandle = pk11_FindCertObjectByRecipient(le->slot,
- recipientArray,rip);
- if (certHandle != CK_INVALID_KEY) {
- slot = PK11_ReferenceSlot(le->slot);
- break;
- }
- }
-
- PK11_FreeSlotList(list);
-
- if (slot == NULL) {
- return CK_INVALID_KEY;
- }
- *slotPtr = slot;
- return certHandle;
-}
-
-/*
- * We need to invert the search logic for PKCS 7 because if we search for
- * each cert on the list over all the slots, we wind up with lots of spurious
- * password prompts. This way we get only one password prompt per slot, at
- * the max, and most of the time we can find the cert, and only prompt for
- * the key...
- */
-CERTCertificate *
-PK11_FindCertAndKeyByRecipientList(PK11SlotInfo **slotPtr,
- SEC_PKCS7RecipientInfo **array, SEC_PKCS7RecipientInfo **rip,
- SECKEYPrivateKey**privKey, void *wincx)
-{
- CK_OBJECT_HANDLE certHandle = CK_INVALID_KEY;
- CK_OBJECT_HANDLE keyHandle = CK_INVALID_KEY;
- PK11SlotInfo *slot = NULL;
- CERTCertificate *cert = NULL;
- SECStatus rv;
-
- *privKey = NULL;
- certHandle = pk11_AllFindCertObjectByRecipient(slotPtr,array,rip,wincx);
- if (certHandle == CK_INVALID_KEY) {
- return NULL;
- }
-
- rv = PK11_Authenticate(*slotPtr,PR_TRUE,wincx);
- if (rv != SECSuccess) {
- PK11_FreeSlot(*slotPtr);
- *slotPtr = NULL;
- return NULL;
- }
-
- keyHandle = PK11_MatchItem(*slotPtr,certHandle,CKO_PRIVATE_KEY);
- if (keyHandle == CK_INVALID_KEY) {
- PK11_FreeSlot(*slotPtr);
- *slotPtr = NULL;
- return NULL;
- }
-
- *privKey = PK11_MakePrivKey(*slotPtr, nullKey, PR_TRUE, keyHandle, wincx);
- if (*privKey == NULL) {
- PK11_FreeSlot(*slotPtr);
- *slotPtr = NULL;
- return NULL;
- }
- cert = PK11_MakeCertFromHandle(*slotPtr,certHandle,NULL);
- if (cert == NULL) {
- PK11_FreeSlot(*slotPtr);
- SECKEY_DestroyPrivateKey(*privKey);
- *slotPtr = NULL;
- *privKey = NULL;
- return NULL;
- }
- return cert;
-}
-
-/*
- * This is the new version of the above function for NSS SMIME code
- * this stuff should REALLY be in the SMIME code, but some things in here are not public
- * (they should be!)
- */
-int
-PK11_FindCertAndKeyByRecipientListNew(NSSCMSRecipient **recipientlist, void *wincx)
-{
- CK_OBJECT_HANDLE certHandle = CK_INVALID_KEY;
- CK_OBJECT_HANDLE keyHandle = CK_INVALID_KEY;
- SECStatus rv;
- NSSCMSRecipient *rl;
- int rlIndex;
-
- certHandle = pk11_AllFindCertObjectByRecipientNew(recipientlist, wincx, &rlIndex);
- if (certHandle == CK_INVALID_KEY) {
- return NULL;
- }
-
- rl = recipientlist[rlIndex];
-
- /* at this point, rl->slot is set */
-
- /* authenticate to the token */
- if (PK11_Authenticate(rl->slot, PR_TRUE, wincx) != SECSuccess) {
- PK11_FreeSlot(rl->slot);
- rl->slot = NULL;
- return -1;
- }
-
- /* try to get a private key handle for the cert we found */
- keyHandle = PK11_MatchItem(rl->slot, certHandle, CKO_PRIVATE_KEY);
- if (keyHandle == CK_INVALID_KEY) {
- PK11_FreeSlot(rl->slot);
- rl->slot = NULL;
- return -1;
- }
-
- /* make a private key out of the handle */
- rl->privkey = PK11_MakePrivKey(rl->slot, nullKey, PR_TRUE, keyHandle, wincx);
- if (rl->privkey == NULL) {
- PK11_FreeSlot(rl->slot);
- rl->slot = NULL;
- return -1;
- }
- /* make a cert from the cert handle */
- rl->cert = PK11_MakeCertFromHandle(rl->slot, certHandle, NULL);
- if (rl->cert == NULL) {
- PK11_FreeSlot(rl->slot);
- SECKEY_DestroyPrivateKey(rl->privkey);
- rl->slot = NULL;
- rl->privkey = NULL;
- return NULL;
- }
- return rlIndex;
-}
-
-CERTCertificate *
-PK11_FindCertByIssuerAndSN(PK11SlotInfo **slotPtr, CERTIssuerAndSN *issuerSN,
- void *wincx)
-{
- CK_OBJECT_HANDLE certHandle;
- CERTCertificate *cert = NULL;
- CK_ATTRIBUTE searchTemplate[] = {
- { CKA_ISSUER, NULL, 0 },
- { CKA_SERIAL_NUMBER, NULL, 0}
- };
- int count = sizeof(searchTemplate)/sizeof(CK_ATTRIBUTE);
- CK_ATTRIBUTE *attrs = searchTemplate;
-
- PK11_SETATTRS(attrs, CKA_ISSUER, issuerSN->derIssuer.data,
- issuerSN->derIssuer.len); attrs++;
- PK11_SETATTRS(attrs, CKA_SERIAL_NUMBER, issuerSN->serialNumber.data,
- issuerSN->serialNumber.len);
-
- certHandle = pk11_FindCertObjectByTemplate
- (slotPtr,searchTemplate,count,wincx);
- if (certHandle == CK_INVALID_KEY) {
- return NULL;
- }
- cert = PK11_MakeCertFromHandle(*slotPtr,certHandle,NULL);
- if (cert == NULL) {
- PK11_FreeSlot(*slotPtr);
- return NULL;
- }
- return cert;
-}
-
-CK_OBJECT_HANDLE
-PK11_FindObjectForCert(CERTCertificate *cert, void *wincx, PK11SlotInfo **pSlot)
-{
- CK_OBJECT_HANDLE certHandle;
- CK_ATTRIBUTE searchTemplate = { CKA_VALUE, NULL, 0 };
-
- PK11_SETATTRS(&searchTemplate, CKA_VALUE, cert->derCert.data,
- cert->derCert.len);
-
- if (cert->slot) {
- certHandle = pk11_getcerthandle(cert->slot,cert,&searchTemplate,1);
- if (certHandle != CK_INVALID_KEY) {
- *pSlot = PK11_ReferenceSlot(cert->slot);
- return certHandle;
- }
- }
-
- certHandle = pk11_FindCertObjectByTemplate(pSlot,&searchTemplate,1,wincx);
- if (certHandle != CK_INVALID_KEY) {
- if (cert->slot == NULL) {
- cert->slot = PK11_ReferenceSlot(*pSlot);
- cert->pkcs11ID = certHandle;
- cert->ownSlot = PR_FALSE;
- }
- }
-
- return(certHandle);
-}
-
-SECKEYPrivateKey *
-PK11_FindKeyByAnyCert(CERTCertificate *cert, void *wincx)
-{
- CK_OBJECT_HANDLE certHandle;
- CK_OBJECT_HANDLE keyHandle;
- PK11SlotInfo *slot = NULL;
- SECKEYPrivateKey *privKey;
- SECStatus rv;
-
- certHandle = PK11_FindObjectForCert(cert, wincx, &slot);
- if (certHandle == CK_INVALID_KEY) {
- return NULL;
- }
- rv = PK11_Authenticate(slot, PR_TRUE, wincx);
- if (rv != SECSuccess) {
- PK11_FreeSlot(slot);
- return NULL;
- }
- keyHandle = PK11_MatchItem(slot,certHandle,CKO_PRIVATE_KEY);
- if (keyHandle == CK_INVALID_KEY) {
- PK11_FreeSlot(slot);
- return NULL;
- }
- privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx);
- PK11_FreeSlot(slot);
- return privKey;
-}
-
-CK_OBJECT_HANDLE
-pk11_FindPubKeyByAnyCert(CERTCertificate *cert, PK11SlotInfo **slot, void *wincx)
-{
- CK_OBJECT_HANDLE certHandle;
- CK_OBJECT_HANDLE keyHandle;
-
- certHandle = PK11_FindObjectForCert(cert, wincx, slot);
- if (certHandle == CK_INVALID_KEY) {
- return CK_INVALID_KEY;
- }
- keyHandle = PK11_MatchItem(*slot,certHandle,CKO_PUBLIC_KEY);
- if (keyHandle == CK_INVALID_KEY) {
- PK11_FreeSlot(*slot);
- return CK_INVALID_KEY;
- }
- return keyHandle;
-}
-
-SECKEYPrivateKey *
-PK11_FindKeyByKeyID(PK11SlotInfo *slot, SECItem *keyID, void *wincx)
-{
- CK_OBJECT_HANDLE keyHandle;
- SECKEYPrivateKey *privKey;
-
- keyHandle = pk11_FindPrivateKeyFromCertID(slot, keyID);
- if (keyHandle == CK_INVALID_KEY) {
- return NULL;
- }
- privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx);
- return privKey;
-}
-
-/*
- * find the number of certs in the slot with the same subject name
- */
-int
-PK11_NumberCertsForCertSubject(CERTCertificate *cert)
-{
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_CLASS, NULL, 0 },
- { CKA_SUBJECT, NULL, 0 },
- };
- CK_ATTRIBUTE *attr = theTemplate;
- int templateSize = sizeof(theTemplate)/sizeof(theTemplate[0]);
-
- PK11_SETATTRS(attr,CKA_CLASS, &certClass, sizeof(certClass)); attr++;
- PK11_SETATTRS(attr,CKA_SUBJECT,cert->derSubject.data,cert->derSubject.len);
-
- if ((cert->slot == NULL) || (cert->slot->isInternal)) {
- return 0;
- }
-
- return PK11_NumberObjectsFor(cert->slot,theTemplate,templateSize);
-}
-
-/*
- * Walk all the certs with the same subject
- */
-SECStatus
-PK11_TraverseCertsForSubject(CERTCertificate *cert,
- SECStatus(* callback)(CERTCertificate*, void *), void *arg)
-{
- if(!cert) {
- return SECFailure;
- }
-
- return PK11_TraverseCertsForSubjectInSlot(cert, cert->slot, callback, arg);
-}
-
-SECStatus
-PK11_TraverseCertsForSubjectInSlot(CERTCertificate *cert, PK11SlotInfo *slot,
- SECStatus(* callback)(CERTCertificate*, void *), void *arg)
-{
- pk11DoCertCallback caller;
- pk11TraverseSlotCert callarg;
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_CLASS, NULL, 0 },
- { CKA_SUBJECT, NULL, 0 },
- };
- CK_ATTRIBUTE *attr = theTemplate;
- int templateSize = sizeof(theTemplate)/sizeof(theTemplate[0]);
-
- PK11_SETATTRS(attr,CKA_CLASS, &certClass, sizeof(certClass)); attr++;
- PK11_SETATTRS(attr,CKA_SUBJECT,cert->derSubject.data,cert->derSubject.len);
-
- if ((slot == NULL) || (slot->isInternal)) {
- return SECSuccess;
- }
- caller.noslotcallback = callback;
- caller.callback = NULL;
- caller.callbackArg = arg;
- callarg.callback = pk11_DoCerts;
- callarg.callbackArg = (void *) & caller;
- callarg.findTemplate = theTemplate;
- callarg.templateCount = templateSize;
-
- return PK11_TraverseSlot(slot, &callarg);
-}
-
-SECStatus
-PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot,
- SECStatus(* callback)(CERTCertificate*, void *), void *arg)
-{
- pk11DoCertCallback caller;
- pk11TraverseSlotCert callarg;
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_CLASS, NULL, 0 },
- { CKA_LABEL, NULL, 0 },
- };
- CK_ATTRIBUTE *attr = theTemplate;
- int templateSize = sizeof(theTemplate)/sizeof(theTemplate[0]);
-
- if(!nickname) {
- return SECSuccess;
- }
-
- PK11_SETATTRS(attr,CKA_CLASS, &certClass, sizeof(certClass)); attr++;
- PK11_SETATTRS(attr,CKA_LABEL,nickname->data,nickname->len);
-
- if ((slot == NULL) || (slot->isInternal)) {
- return SECSuccess;
- }
-
- caller.noslotcallback = callback;
- caller.callback = NULL;
- caller.callbackArg = arg;
- callarg.callback = pk11_DoCerts;
- callarg.callbackArg = (void *) & caller;
- callarg.findTemplate = theTemplate;
- callarg.templateCount = templateSize;
-
- return PK11_TraverseSlot(slot, &callarg);
-}
-
-SECStatus
-PK11_TraverseCertsInSlot(PK11SlotInfo *slot,
- SECStatus(* callback)(CERTCertificate*, void *), void *arg)
-{
- pk11DoCertCallback caller;
- pk11TraverseSlotCert callarg;
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_CLASS, NULL, 0 },
- };
- CK_ATTRIBUTE *attr = theTemplate;
- int templateSize = sizeof(theTemplate)/sizeof(theTemplate[0]);
-
- PK11_SETATTRS(attr,CKA_CLASS, &certClass, sizeof(certClass)); attr++;
-
- if (slot == NULL) {
- return SECSuccess;
- }
-
- caller.noslotcallback = callback;
- caller.callback = NULL;
- caller.callbackArg = arg;
- callarg.callback = pk11_DoCerts;
- callarg.callbackArg = (void *) & caller;
- callarg.findTemplate = theTemplate;
- callarg.templateCount = templateSize;
-
- return PK11_TraverseSlot(slot, &callarg);
-}
-
-/*
- * return the certificate associated with a derCert
- */
-CERTCertificate *
-PK11_FindCertFromDERCert(PK11SlotInfo *slot, CERTCertificate *cert,
- void *wincx)
-{
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_VALUE, NULL, 0 },
- { CKA_CLASS, NULL, 0 }
- };
- /* if you change the array, change the variable below as well */
- int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
- CK_OBJECT_HANDLE certh;
- CK_ATTRIBUTE *attrs = theTemplate;
- SECStatus rv;
-
- PK11_SETATTRS(attrs, CKA_VALUE, cert->derCert.data,
- cert->derCert.len); attrs++;
- PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass));
-
- /*
- * issue the find
- */
- if ( !PK11_IsFriendly(slot)) {
- rv = PK11_Authenticate(slot, PR_TRUE, wincx);
- if (rv != SECSuccess) return NULL;
- }
-
- certh = pk11_getcerthandle(slot,cert,theTemplate,tsize);
- if (certh == CK_INVALID_KEY) {
- return NULL;
- }
- return PK11_MakeCertFromHandle(slot, certh, NULL);
-}
-
-/*
- * return the certificate associated with a derCert
- */
-CERTCertificate *
-PK11_FindCertFromDERSubjectAndNickname(PK11SlotInfo *slot,
- CERTCertificate *cert,
- char *nickname, void *wincx)
-{
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_SUBJECT, NULL, 0 },
- { CKA_LABEL, NULL, 0 },
- { CKA_CLASS, NULL, 0 }
- };
- /* if you change the array, change the variable below as well */
- int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
- CK_OBJECT_HANDLE certh;
- CK_ATTRIBUTE *attrs = theTemplate;
- SECStatus rv;
-
- PK11_SETATTRS(attrs, CKA_SUBJECT, cert->derSubject.data,
- cert->derSubject.len); attrs++;
- PK11_SETATTRS(attrs, CKA_LABEL, nickname, PORT_Strlen(nickname));
- PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass));
-
- /*
- * issue the find
- */
- if ( !PK11_IsFriendly(slot)) {
- rv = PK11_Authenticate(slot, PR_TRUE, wincx);
- if (rv != SECSuccess) return NULL;
- }
-
- certh = pk11_getcerthandle(slot,cert,theTemplate,tsize);
- if (certh == CK_INVALID_KEY) {
- return NULL;
- }
-
- return PK11_MakeCertFromHandle(slot, certh, NULL);
-}
-
-/*
- * import a cert for a private key we have already generated. Set the label
- * on both to be the nickname.
- */
-static CK_OBJECT_HANDLE
-pk11_findKeyObjectByDERCert(PK11SlotInfo *slot, CERTCertificate *cert,
- void *wincx)
-{
- SECItem *keyID;
- CK_OBJECT_HANDLE key;
- SECStatus rv;
-
- if((slot == NULL) || (cert == NULL)) {
- return CK_INVALID_KEY;
- }
-
- keyID = pk11_mkcertKeyID(cert);
- if(keyID == NULL) {
- return CK_INVALID_KEY;
- }
-
- key = CK_INVALID_KEY;
-
- rv = PK11_Authenticate(slot, PR_TRUE, wincx);
- if (rv != SECSuccess) goto loser;
-
- key = pk11_FindPrivateKeyFromCertID(slot, keyID);
-
-loser:
- SECITEM_ZfreeItem(keyID, PR_TRUE);
- return key;
-}
-
-SECKEYPrivateKey *
-PK11_FindKeyByDERCert(PK11SlotInfo *slot, CERTCertificate *cert,
- void *wincx)
-{
- CK_OBJECT_HANDLE keyHandle;
-
- if((slot == NULL) || (cert == NULL)) {
- return NULL;
- }
-
- keyHandle = pk11_findKeyObjectByDERCert(slot, cert, wincx);
- if (keyHandle == CK_INVALID_KEY) {
- return NULL;
- }
-
- return PK11_MakePrivKey(slot,nullKey,PR_TRUE,keyHandle,wincx);
-}
-
-SECStatus
-PK11_ImportCertForKeyToSlot(PK11SlotInfo *slot, CERTCertificate *cert,
- char *nickname,
- PRBool addCertUsage,void *wincx)
-{
- CK_OBJECT_HANDLE keyHandle;
-
- if((slot == NULL) || (cert == NULL) || (nickname == NULL)) {
- return SECFailure;
- }
-
- keyHandle = pk11_findKeyObjectByDERCert(slot, cert, wincx);
- if (keyHandle == CK_INVALID_KEY) {
- return SECFailure;
- }
-
- return PK11_ImportCert(slot, cert, keyHandle, nickname, addCertUsage);
-}
-
-
-/* remove when the real version comes out */
-#define SEC_OID_MISSI_KEA 300 /* until we have v3 stuff merged */
-PRBool
-KEAPQGCompare(CERTCertificate *server,CERTCertificate *cert) {
-
- if ( SECKEY_KEAParamCompare(server,cert) == SECEqual ) {
- return PR_TRUE;
- } else {
- return PR_FALSE;
- }
-}
-
-PRBool
-PK11_FortezzaHasKEA(CERTCertificate *cert) {
- /* look at the subject and see if it is a KEA for MISSI key */
- SECOidData *oid;
-
- if ((cert->trust == NULL) ||
- ((cert->trust->sslFlags & CERTDB_USER) != CERTDB_USER)) {
- return PR_FALSE;
- }
-
- oid = SECOID_FindOID(&cert->subjectPublicKeyInfo.algorithm.algorithm);
-
-
- return (PRBool)((oid->offset == SEC_OID_MISSI_KEA_DSS_OLD) ||
- (oid->offset == SEC_OID_MISSI_KEA_DSS) ||
- (oid->offset == SEC_OID_MISSI_KEA)) ;
-}
-
-/*
- * Find a kea cert on this slot that matches the domain of it's peer
- */
-static CERTCertificate
-*pk11_GetKEAMate(PK11SlotInfo *slot,CERTCertificate *peer)
-{
- int i;
- CERTCertificate *returnedCert = NULL;
-
- for (i=0; i < slot->cert_count; i++) {
- CERTCertificate *cert = slot->cert_array[i];
-
- if (PK11_FortezzaHasKEA(cert) && KEAPQGCompare(peer,cert)) {
- returnedCert = CERT_DupCertificate(cert);
- break;
- }
- }
- return returnedCert;
-}
-
-/*
- * The following is a FORTEZZA only Certificate request. We call this when we
- * are doing a non-client auth SSL connection. We are only interested in the
- * fortezza slots, and we are only interested in certs that share the same root
- * key as the server.
- */
-CERTCertificate *
-PK11_FindBestKEAMatch(CERTCertificate *server, void *wincx)
-{
- PK11SlotList *keaList = PK11_GetAllTokens(CKM_KEA_KEY_DERIVE,
- PR_FALSE,PR_TRUE,wincx);
- PK11SlotListElement *le;
- CERTCertificate *returnedCert = NULL;
- SECStatus rv;
-
- /* loop through all the fortezza tokens */
- for (le = keaList->head; le; le = le->next) {
- rv = PK11_Authenticate(le->slot, PR_TRUE, wincx);
- if (rv != SECSuccess) continue;
- if (le->slot->session == CK_INVALID_SESSION) {
- continue;
- }
- returnedCert = pk11_GetKEAMate(le->slot,server);
- if (returnedCert) break;
- }
- PK11_FreeSlotList(keaList);
-
- return returnedCert;
-}
-
-/*
- * find a matched pair of kea certs to key exchange parameters from one
- * fortezza card to another as necessary.
- */
-SECStatus
-PK11_GetKEAMatchedCerts(PK11SlotInfo *slot1, PK11SlotInfo *slot2,
- CERTCertificate **cert1, CERTCertificate **cert2)
-{
- PK11SlotList *keaList = PK11_GetAllTokens(CKM_KEA_KEY_DERIVE,
- PR_FALSE,PR_TRUE,NULL);
- CERTCertificate *returnedCert = NULL;
- int i;
-
- for (i=0; i < slot1->cert_count; i++) {
- CERTCertificate *cert = slot1->cert_array[i];
-
- if (PK11_FortezzaHasKEA(cert)) {
- returnedCert = pk11_GetKEAMate(slot2,cert);
- if (returnedCert != NULL) {
- *cert2 = returnedCert;
- *cert1 = CERT_DupCertificate(cert);
- return SECSuccess;
- }
- }
- }
- return SECFailure;
-}
-
-SECOidTag
-PK11_FortezzaMapSig(SECOidTag algTag)
-{
- switch (algTag) {
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_DSS:
- case SEC_OID_MISSI_DSS_OLD:
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- return SEC_OID_ANSIX9_DSA_SIGNATURE;
- default:
- break;
- }
- return algTag;
-}
-
-/*
- * return the private key From a given Cert
- */
-CK_OBJECT_HANDLE
-PK11_FindCertInSlot(PK11SlotInfo *slot, CERTCertificate *cert, void *wincx)
-{
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_VALUE, NULL, 0 },
- { CKA_CLASS, NULL, 0 }
- };
- /* if you change the array, change the variable below as well */
- int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
- CK_ATTRIBUTE *attrs = theTemplate;
- SECStatus rv;
-
- PK11_SETATTRS(attrs, CKA_VALUE, cert->derCert.data,
- cert->derCert.len); attrs++;
- PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass));
-
- /*
- * issue the find
- */
- rv = PK11_Authenticate(slot, PR_TRUE, wincx);
- if (rv != SECSuccess) {
- return CK_INVALID_KEY;
- }
-
- return pk11_getcerthandle(slot,cert,theTemplate,tsize);
-}
-
-SECItem *
-PK11_GetKeyIDFromCert(CERTCertificate *cert, void *wincx)
-{
- CK_OBJECT_HANDLE handle;
- PK11SlotInfo *slot = NULL;
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_ID, NULL, 0 },
- };
- int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
- SECItem *item = NULL;
- CK_RV crv;
-
- handle = PK11_FindObjectForCert(cert,wincx,&slot);
- if (handle == CK_INVALID_KEY) {
- goto loser;
- }
-
-
- crv = PK11_GetAttributes(NULL,slot,handle,theTemplate,tsize);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- goto loser;
- }
-
- item = PORT_ZNew(SECItem);
- if (item) {
- item->data = theTemplate[0].pValue;
- item->len = theTemplate[0].ulValueLen;
- }
-
-
-loser:
- PK11_FreeSlot(slot);
- return item;
-}
-
-SECItem *
-PK11_GetKeyIDFromPrivateKey(SECKEYPrivateKey *key, void *wincx)
-{
- CK_ATTRIBUTE theTemplate[] = {
- { CKA_ID, NULL, 0 },
- };
- int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
- SECItem *item = NULL;
- CK_RV crv;
-
- crv = PK11_GetAttributes(NULL,key->pkcs11Slot,key->pkcs11ID,
- theTemplate,tsize);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- goto loser;
- }
-
- item = PORT_ZNew(SECItem);
- if (item) {
- item->data = theTemplate[0].pValue;
- item->len = theTemplate[0].ulValueLen;
- }
-
-
-loser:
- return item;
-}
diff --git a/security/nss/lib/pk11wrap/pk11db.c b/security/nss/lib/pk11wrap/pk11db.c
deleted file mode 100644
index 1e073075e..000000000
--- a/security/nss/lib/pk11wrap/pk11db.c
+++ /dev/null
@@ -1,645 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * The following code handles the storage of PKCS 11 modules used by the
- * NSS. This file is written to abstract away how the modules are
- * stored so we can deside that later.
- */
-#include "seccomon.h"
-#include "secmod.h"
-#include "prlock.h"
-#include "pkcs11.h"
-#include "secmodi.h"
-#include "pk11func.h"
-#include "mcom_db.h"
-
-/* create a new module */
-SECMODModule *SECMOD_NewModule(void) {
- SECMODModule *newMod;
- PRArenaPool *arena;
-
-
- /* create an arena in which dllName and commonName can be
- * allocated.
- */
- arena = PORT_NewArena(512);
- if (arena == NULL) {
- return NULL;
- }
-
- newMod = (SECMODModule *)PORT_ArenaAlloc(arena,sizeof (SECMODModule));
- if (newMod == NULL) {
- PORT_FreeArena(arena,PR_FALSE);
- return NULL;
- }
-
- /*
- * initialize of the fields of the module
- */
- newMod->arena = arena;
- newMod->internal = PR_FALSE;
- newMod->loaded = PR_FALSE;
- newMod->isFIPS = PR_FALSE;
- newMod->dllName = NULL;
- newMod->commonName = NULL;
- newMod->library = NULL;
- newMod->functionList = NULL;
- newMod->slotCount = 0;
- newMod->slots = NULL;
- newMod->slotInfo = NULL;
- newMod->slotInfoCount = 0;
- newMod->refCount = 1;
- newMod->ssl[0] = 0;
- newMod->ssl[1] = 0;
-#ifdef PKCS11_USE_THREADS
- newMod->refLock = (void *)PR_NewLock();
- if (newMod->refLock == NULL) {
- PORT_FreeArena(arena,PR_FALSE);
- return NULL;
- }
-#else
- newMod->refLock = NULL;
-#endif
- return newMod;
-
-}
-
-/* create a new ModuleListElement */
-SECMODModuleList *SECMOD_NewModuleListElement(void) {
- SECMODModuleList *newModList;
-
- newModList= (SECMODModuleList *) PORT_Alloc(sizeof(SECMODModuleList));
- if (newModList) {
- newModList->next = NULL;
- newModList->module = NULL;
- }
- return newModList;
-}
-
-static unsigned long internalFlags = SECMOD_RSA_FLAG|SECMOD_DSA_FLAG|
- SECMOD_RC2_FLAG| SECMOD_RC4_FLAG|SECMOD_DES_FLAG|SECMOD_RANDOM_FLAG|
- SECMOD_SHA1_FLAG|SECMOD_MD5_FLAG|SECMOD_MD2_FLAG|SECMOD_SSL_FLAG|
- SECMOD_TLS_FLAG;
-
-/* create a Internal module */
-SECMODModule *SECMOD_NewInternal(void) {
- SECMODModule *intern;
- static PK11PreSlotInfo internSlotInfo =
- { 1, SECMOD_RSA_FLAG|SECMOD_DSA_FLAG|SECMOD_RC2_FLAG|
- SECMOD_RC4_FLAG|SECMOD_DES_FLAG|SECMOD_RANDOM_FLAG|
- SECMOD_SHA1_FLAG|SECMOD_MD5_FLAG|SECMOD_MD2_FLAG|
- SECMOD_SSL_FLAG|SECMOD_TLS_FLAG, -1, 30 };
-
- intern = SECMOD_NewModule();
- if (intern == NULL) {
- return NULL;
- }
-
- /*
- * make this module an internal module
- */
- intern->commonName = "Netscape Internal PKCS #11 Module";
- intern->internal = PR_TRUE;
- intern->slotInfoCount = 1;
- intern->slotInfo = &internSlotInfo;
-
- return (intern);
-}
-
-/* create a FIPS Internal module */
-SECMODModule *SECMOD_GetFIPSInternal(void) {
- SECMODModule *intern;
-
- intern = SECMOD_NewInternal();
- if (intern == NULL) {
- return NULL;
- }
-
- /*
- * make this module a FIPS internal module
- */
- intern->slotInfo[0].slotID = 3; /* FIPS slot */
- intern->commonName = "Netscape Internal FIPS PKCS #11 Module";
- intern->isFIPS = PR_TRUE;
-
- return (intern);
-}
-
-SECMODModule *SECMOD_DupModule(SECMODModule *old) {
- SECMODModule *newMod;
-
- newMod = SECMOD_NewModule();
- if (newMod == NULL) {
- return NULL;
- }
-
- /*
- * initialize of the fields of the module
- */
- newMod->dllName = PORT_ArenaStrdup(newMod->arena,old->dllName);
- newMod->commonName = PORT_ArenaStrdup(newMod->arena,old->commonName);;
-
- return newMod;
-
-}
-
-/*
- * make a new reference to a module so It doesn't go away on us
- */
-SECMODModule *
-SECMOD_ReferenceModule(SECMODModule *module) {
- PK11_USE_THREADS(PR_Lock((PRLock *)module->refLock);)
- PORT_Assert(module->refCount > 0);
-
- module->refCount++;
- PK11_USE_THREADS(PR_Unlock((PRLock*)module->refLock);)
- return module;
-}
-
-
-/* destroy an existing module */
-void
-SECMOD_DestroyModule(SECMODModule *module) {
- PRBool willfree = PR_FALSE;
- int slotCount;
- int i;
-
- PK11_USE_THREADS(PR_Lock((PRLock *)module->refLock);)
- if (module->refCount-- == 1) {
- willfree = PR_TRUE;
- }
- PORT_Assert(willfree || (module->refCount > 0));
- PK11_USE_THREADS(PR_Unlock((PRLock *)module->refLock);)
-
- if (!willfree) {
- return;
- }
-
- /* slots can't really disappear until our module starts freeing them,
- * so this check is safe */
- slotCount = module->slotCount;
- if (slotCount == 0) {
- SECMOD_SlotDestroyModule(module,PR_FALSE);
- return;
- }
-
- /* now free all out slots, when they are done, they will cause the
- * module to disappear altogether */
- for (i=0 ; i < slotCount; i++) {
- if (!module->slots[i]->disabled) {
- PK11_ClearSlotList(module->slots[i]);
- }
- PK11_FreeSlot(module->slots[i]);
- }
- /* WARNING: once the last slot has been freed is it possible (even likely)
- * that module is no more... touching it now is a good way to go south */
-}
-
-
-/* we can only get here if we've destroyed the module, or some one has
- * erroneously freed a slot that wasn't referenced. */
-void
-SECMOD_SlotDestroyModule(SECMODModule *module, PRBool fromSlot) {
- PRBool willfree = PR_FALSE;
- if (fromSlot) {
- PORT_Assert(module->refCount == 0);
- PK11_USE_THREADS(PR_Lock((PRLock *)module->refLock);)
- if (module->slotCount-- == 1) {
- willfree = PR_TRUE;
- }
- PORT_Assert(willfree || (module->slotCount > 0));
- PK11_USE_THREADS(PR_Unlock((PRLock *)module->refLock);)
- if (!willfree) return;
- }
- if (module->loaded) {
- SECMOD_UnloadModule(module);
- }
- PK11_USE_THREADS(PR_DestroyLock((PRLock *)module->refLock);)
- PORT_FreeArena(module->arena,PR_FALSE);
-}
-
-/* destroy a list element
- * this destroys a single element, and returns the next element
- * on the chain. It makes it easy to implement for loops to delete
- * the chain. It also make deleting a single element easy */
-SECMODModuleList *
-SECMOD_DestroyModuleListElement(SECMODModuleList *element) {
- SECMODModuleList *next = element->next;
-
- if (element->module) {
- SECMOD_DestroyModule(element->module);
- element->module = NULL;
- }
- PORT_Free(element);
- return next;
-}
-
-
-/*
- * Destroy an entire module list
- */
-void
-SECMOD_DestroyModuleList(SECMODModuleList *list) {
- SECMODModuleList *lp;
-
- for ( lp = list; lp != NULL; lp = SECMOD_DestroyModuleListElement(lp)) ;
-}
-
-
-/* Construct a database key for a given module */
-static SECStatus secmod_MakeKey(DBT *key, SECMODModule * module) {
- int len = 0;
-
- len = PORT_Strlen(module->commonName);
- key->data = module->commonName;
- key->size = len;
- return SECSuccess;
-}
-
-/* free out constructed database key */
-static void secmod_FreeKey(DBT *key) {
- key->data = NULL;
- key->size = 0;
-}
-
-typedef struct secmodDataStr secmodData;
-typedef struct secmodSlotDataStr secmodSlotData;
-struct secmodDataStr {
- unsigned char major;
- unsigned char minor;
- unsigned char nameStart[2];
- unsigned char slotOffset[2];
- unsigned char internal;
- unsigned char fips;
- unsigned char ssl[8];
- unsigned char names[4]; /* enough space for the length fields */
-};
-
-struct secmodSlotDataStr {
- unsigned char slotID[4];
- unsigned char defaultFlags[4];
- unsigned char timeout[4];
- unsigned char askpw;
- unsigned char reserved[19]; /* this makes it a round 32 bytes */
-};
-
-#define SECMOD_DB_VERSION_MAJOR 0
-#define SECMOD_DB_VERSION_MINOR 4
-#define SECMOD_DB_NOUI_VERSION_MAJOR 0
-#define SECMOD_DB_NOUI_VERSION_MINOR 3
-
-#define SECMOD_PUTSHORT(dest,src) \
- (dest)[1] = (unsigned char) ((src)&0xff); \
- (dest)[0] = (unsigned char) (((src) >> 8) & 0xff);
-#define SECMOD_PUTLONG(dest,src) \
- (dest)[3] = (unsigned char) ((src)&0xff); \
- (dest)[2] = (unsigned char) (((src) >> 8) & 0xff); \
- (dest)[1] = (unsigned char) (((src) >> 16) & 0xff); \
- (dest)[0] = (unsigned char) (((src) >> 24) & 0xff);
-#define SECMOD_GETSHORT(src) \
- ((unsigned short) (((src)[0] << 8) | (src)[1]))
-#define SECMOD_GETLONG(src) \
- ((unsigned long) (( (unsigned long) (src)[0] << 24) | \
- ( (unsigned long) (src)[1] << 16) | \
- ( (unsigned long) (src)[2] << 8) | \
- (unsigned long) (src)[3]))
-/*
- * build a data base entry from a module
- */
-static SECStatus secmod_EncodeData(DBT *data, SECMODModule * module) {
- secmodData *encoded;
- secmodSlotData *slot;
- unsigned char *dataPtr;
- unsigned short len, len2 = 0,count = 0;
- unsigned short offset;
- int dataLen, i, si;
-
- len = PORT_Strlen(module->commonName);
- if (module->dllName) {
- len2 = PORT_Strlen(module->dllName);
- }
- if (module->slotCount != 0) {
- for (i=0; i < module->slotCount; i++) {
- if (module->slots[i]->defaultFlags != 0) {
- count++;
- }
- }
- } else {
- count = module->slotInfoCount;
- }
- dataLen = sizeof(secmodData) + len + len2 + 2 +
- count*sizeof(secmodSlotData);
-
- data->data = (unsigned char *)
- PORT_Alloc(dataLen);
- encoded = (secmodData *)data->data;
- dataPtr = (unsigned char *) data->data;
- data->size = dataLen;
-
- if (encoded == NULL) return SECFailure;
-
- encoded->major = SECMOD_DB_VERSION_MAJOR;
- encoded->minor = SECMOD_DB_VERSION_MINOR;
- encoded->internal = (unsigned char) (module->internal ? 1 : 0);
- encoded->fips = (unsigned char) (module->isFIPS ? 1 : 0);
- SECMOD_PUTLONG(encoded->ssl,module->ssl[0]);
- SECMOD_PUTLONG(&encoded->ssl[4],module->ssl[1]);
-
- offset = (unsigned long) &(((secmodData *)0)->names[0]);
- SECMOD_PUTSHORT(encoded->nameStart,offset);
- offset = offset +len + len2 + 4;
- SECMOD_PUTSHORT(encoded->slotOffset,offset);
-
-
- SECMOD_PUTSHORT(&dataPtr[offset],count);
- slot = (secmodSlotData *)(dataPtr+offset+2);
-
- SECMOD_PUTSHORT(encoded->names,len);
- PORT_Memcpy(&encoded->names[2],module->commonName,len);
-
-
- SECMOD_PUTSHORT(&encoded->names[len+2],len2);
- if (len2) PORT_Memcpy(&encoded->names[len+4],module->dllName,len2);
-
- if (module->slotCount) {
- for (i=0,si=0; i < module->slotCount; i++) {
- if (module->slots[i]->defaultFlags) {
- SECMOD_PUTLONG(slot[si].slotID, module->slots[i]->slotID);
- SECMOD_PUTLONG(slot[si].defaultFlags,
- module->slots[i]->defaultFlags);
- SECMOD_PUTLONG(slot[si].timeout,module->slots[i]->timeout);
- slot[si].askpw = module->slots[i]->askpw;
- PORT_Memset(slot[si].reserved, 0, sizeof(slot[si].reserved));
- si++;
- }
- }
- } else {
- for (i=0; i < module->slotInfoCount; i++) {
- SECMOD_PUTLONG(slot[i].slotID, module->slotInfo[i].slotID);
- SECMOD_PUTLONG(slot[i].defaultFlags,
- module->slotInfo[i].defaultFlags);
- SECMOD_PUTLONG(slot[i].timeout,module->slotInfo[i].timeout);
- slot[i].askpw = module->slotInfo[i].askpw;
- PORT_Memset(slot[i].reserved, 0, sizeof(slot[i].reserved));
- }
- }
-
- return SECSuccess;
-
-}
-
-static void secmod_FreeData(DBT *data) {
- if (data->data) {
- PORT_Free(data->data);
- }
-}
-
-
-/*
- * build a module from the data base entry.
- */
-static SECMODModule *secmod_DecodeData(DBT *data) {
- SECMODModule * module;
- secmodData *encoded;
- secmodSlotData *slots;
- unsigned char *names;
- unsigned short len,len1;
- unsigned long slotCount;
- unsigned short offset;
- PRBool isOldVersion = PR_FALSE;
- int i;
-
- encoded = (secmodData *)data->data;
- names = (unsigned char *)data->data;
- offset = SECMOD_GETSHORT(encoded->slotOffset);
- slots = (secmodSlotData *) (names + offset + 2);
- slotCount = SECMOD_GETSHORT(names + offset);
- names += SECMOD_GETSHORT(encoded->nameStart);
-
- module = SECMOD_NewModule();
- if (module == NULL) return NULL;
-
- module->internal = (encoded->internal != 0) ? PR_TRUE: PR_FALSE;
- module->isFIPS = (encoded->fips != 0) ? PR_TRUE: PR_FALSE;
- len = SECMOD_GETSHORT(names);
-
- if (module->internal && (encoded->major == SECMOD_DB_NOUI_VERSION_MAJOR) &&
- (encoded->minor <= SECMOD_DB_NOUI_VERSION_MINOR)) {
- isOldVersion = PR_TRUE;
- }
-
- /* decode the common name */
- module->commonName = (char*)PORT_ArenaAlloc(module->arena,len+1);
- if (module->commonName == NULL) {
- SECMOD_DestroyModule(module);
- return NULL;
- }
- PORT_Memcpy(module->commonName,&names[2],len);
- module->commonName[len] = 0;
-
- /* decode the DLL name */
- len1 = (names[len+2] << 8) | names[len+3];
- if (len1) {
- module->dllName = (char*)PORT_ArenaAlloc(module->arena,len1 + 1);
- if (module->dllName == NULL) {
- SECMOD_DestroyModule(module);
- return NULL;
- }
- PORT_Memcpy(module->dllName,&names[len+4],len1);
- module->dllName[len1] = 0;
- }
-
- module->slotInfoCount = slotCount;
- module->slotInfo = (PK11PreSlotInfo *) PORT_ArenaAlloc(module->arena,
- slotCount * sizeof(PK11PreSlotInfo));
- for (i=0; i < (int) slotCount; i++) {
- module->slotInfo[i].slotID = SECMOD_GETLONG(slots[i].slotID);
- module->slotInfo[i].defaultFlags =
- SECMOD_GETLONG(slots[i].defaultFlags);
- if (isOldVersion && module->internal &&
- (module->slotInfo[i].slotID != 2)) {
- module->slotInfo[i].defaultFlags |= internalFlags;
- }
- module->slotInfo[i].timeout = SECMOD_GETLONG(slots[i].timeout);
- module->slotInfo[i].askpw = slots[i].askpw;
- if (module->slotInfo[i].askpw == 0xff) {
- module->slotInfo[i].askpw = -1;
- }
- }
-
- /* decode SSL cipher enable flags */
- module->ssl[0] = SECMOD_GETLONG(encoded->ssl);
- module->ssl[1] = SECMOD_GETLONG(&encoded->ssl[4]);
-
- return (module);
-}
-
-/*
- * open the PKCS #11 data base.
- */
-static char *pkcs11dbName = NULL;
-void SECMOD_InitDB(char *dbname) {
- pkcs11dbName = PORT_Strdup(dbname);
-}
-
-
-static DB *secmod_OpenDB(PRBool readOnly) {
- DB *pkcs11db = NULL;
- char *dbname;
-
- if (pkcs11dbName == NULL) return NULL;
- dbname = pkcs11dbName;
-
- /* I'm sure we should do more checks here sometime... */
- pkcs11db = dbopen(dbname, readOnly ? O_RDONLY : O_RDWR, 0600, DB_HASH, 0);
-
- /* didn't exist? create it */
- if (pkcs11db == NULL) {
- if (readOnly) return NULL;
-
- pkcs11db = dbopen( dbname,
- O_RDWR | O_CREAT | O_TRUNC, 0600, DB_HASH, 0 );
- if (pkcs11db) (* pkcs11db->sync)(pkcs11db, 0);
- }
- return pkcs11db;
-}
-
-static void secmod_CloseDB(DB *pkcs11db) {
- (*pkcs11db->close)(pkcs11db);
-}
-
-/*
- * Read all the existing modules in
- */
-SECMODModuleList *
-SECMOD_ReadPermDB(void) {
- DBT key,data;
- int ret;
- DB *pkcs11db = NULL;
- SECMODModuleList *newmod = NULL,*mod = NULL;
-
- pkcs11db = secmod_OpenDB(PR_TRUE);
- if (pkcs11db == NULL) {
- return NULL;
- }
-
- /* read and parse the file or data base */
- ret = (*pkcs11db->seq)(pkcs11db, &key, &data, R_FIRST);
- if (ret) goto done;
-
- do {
- /* allocate space for modules */
- newmod = SECMOD_NewModuleListElement();
- if (newmod == NULL) break;
- newmod->module = secmod_DecodeData(&data);
- if (newmod->module == NULL) {
- SECMOD_DestroyModuleListElement(newmod);
- break;
- }
- newmod->next = mod;
- mod = newmod;
- } while ( (*pkcs11db->seq)(pkcs11db, &key, &data, R_NEXT) == 0);
-
-done:
- secmod_CloseDB(pkcs11db);
- return mod;
-}
-
-/*
- * Delete a module from the Data Base
- */
-SECStatus
-SECMOD_DeletePermDB(SECMODModule * module) {
- DBT key;
- SECStatus rv = SECFailure;
- DB *pkcs11db = NULL;
- int ret;
-
- /* make sure we have a db handle */
- pkcs11db = secmod_OpenDB(PR_FALSE);
- if (pkcs11db == NULL) {
- return SECFailure;
- }
-
- rv = secmod_MakeKey(&key,module);
- if (rv != SECSuccess) goto done;
- rv = SECFailure;
- ret = (*pkcs11db->del)(pkcs11db, &key, 0);
- secmod_FreeKey(&key);
- if (ret != 0) goto done;
-
-
- ret = (*pkcs11db->sync)(pkcs11db, 0);
- if (ret == 0) rv = SECSuccess;
-
-done:
- secmod_CloseDB(pkcs11db);
- return rv;
-}
-
-/*
- * Add a module to the Data base
- */
-SECStatus
-SECMOD_AddPermDB(SECMODModule *module) {
- DBT key,data;
- SECStatus rv = SECFailure;
- DB *pkcs11db = NULL;
- int ret;
-
- /* make sure we have a db handle */
- pkcs11db = secmod_OpenDB(PR_FALSE);
- if (pkcs11db == NULL) {
- return SECFailure;
- }
-
- rv = secmod_MakeKey(&key,module);
- if (rv != SECSuccess) goto done;
- rv = secmod_EncodeData(&data,module);
- if (rv != SECSuccess) {
- secmod_FreeKey(&key);
- goto done;
- }
- rv = SECFailure;
- ret = (*pkcs11db->put)(pkcs11db, &key, &data, 0);
- secmod_FreeKey(&key);
- secmod_FreeData(&data);
- if (ret != 0) goto done;
-
- ret = (*pkcs11db->sync)(pkcs11db, 0);
- if (ret == 0) rv = SECSuccess;
-
-done:
- secmod_CloseDB(pkcs11db);
- return rv;
-}
diff --git a/security/nss/lib/pk11wrap/pk11err.c b/security/nss/lib/pk11wrap/pk11err.c
deleted file mode 100644
index b6846af84..000000000
--- a/security/nss/lib/pk11wrap/pk11err.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * this file maps PKCS11 Errors into SECErrors
- * This is an information reducing process, since most errors are reflected
- * back to the user (the user doesn't care about invalid flags, or active
- * operations). If any of these errors need more detail in the upper layers
- * which call PK11 library functions, we can add more SEC_ERROR_XXX functions
- * and change there mappings here.
- */
-#include "pkcs11t.h"
-#include "pk11func.h"
-#include "secerr.h"
-
-#ifdef PK11_ERROR_USE_ARRAY
-
-/*
- * build a static array of entries...
- */
-static struct {
- CK_RV pk11_error;
- int sec_error;
-} pk11_error_map = {
-#define MAPERROR(x,y) {x, y},
-
-#else
-
-/* the default is to use a big switch statement */
-int
-PK11_MapError(CK_RV rv) {
-
- switch (rv) {
-#define MAPERROR(x,y) case x: return y;
-
-#endif
-
-/* the guts mapping */
- MAPERROR(CKR_OK, 0)
- MAPERROR(CKR_CANCEL, SEC_ERROR_IO)
- MAPERROR(CKR_HOST_MEMORY, SEC_ERROR_NO_MEMORY)
- MAPERROR(CKR_SLOT_ID_INVALID, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_ATTRIBUTE_READ_ONLY, SEC_ERROR_READ_ONLY)
- MAPERROR(CKR_ATTRIBUTE_SENSITIVE, SEC_ERROR_IO) /* XX SENSITIVE */
- MAPERROR(CKR_ATTRIBUTE_TYPE_INVALID, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_ATTRIBUTE_VALUE_INVALID, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_DATA_INVALID, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_DEVICE_ERROR, SEC_ERROR_IO)
- MAPERROR(CKR_DEVICE_MEMORY, SEC_ERROR_NO_MEMORY)
- MAPERROR(CKR_DEVICE_REMOVED, SEC_ERROR_NO_TOKEN)
- MAPERROR(CKR_ENCRYPTED_DATA_INVALID, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_ENCRYPTED_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_FUNCTION_CANCELED, SEC_ERROR_LIBRARY_FAILURE)
- MAPERROR(CKR_FUNCTION_NOT_PARALLEL, SEC_ERROR_LIBRARY_FAILURE)
- MAPERROR(CKR_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
- MAPERROR(CKR_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
- MAPERROR(CKR_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
- MAPERROR(CKR_MECHANISM_INVALID, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_MECHANISM_PARAM_INVALID, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_OBJECT_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_OPERATION_ACTIVE, SEC_ERROR_LIBRARY_FAILURE)
- MAPERROR(CKR_OPERATION_NOT_INITIALIZED,SEC_ERROR_LIBRARY_FAILURE )
- MAPERROR(CKR_PIN_INCORRECT, SEC_ERROR_BAD_PASSWORD)
- MAPERROR(CKR_PIN_INVALID, SEC_ERROR_BAD_PASSWORD)
- MAPERROR(CKR_PIN_LEN_RANGE, SEC_ERROR_BAD_PASSWORD)
- MAPERROR(CKR_SESSION_CLOSED, SEC_ERROR_LIBRARY_FAILURE)
- MAPERROR(CKR_SESSION_COUNT, SEC_ERROR_NO_MEMORY) /* XXXX? */
- MAPERROR(CKR_SESSION_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_SESSION_PARALLEL_NOT_SUPPORTED, SEC_ERROR_LIBRARY_FAILURE)
- MAPERROR(CKR_SESSION_READ_ONLY, SEC_ERROR_LIBRARY_FAILURE)
- MAPERROR(CKR_SIGNATURE_INVALID, SEC_ERROR_BAD_SIGNATURE)
- MAPERROR(CKR_SIGNATURE_LEN_RANGE, SEC_ERROR_BAD_SIGNATURE)
- MAPERROR(CKR_TEMPLATE_INCOMPLETE, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_TEMPLATE_INCONSISTENT, SEC_ERROR_BAD_DATA)
- MAPERROR(CKR_TOKEN_NOT_PRESENT, SEC_ERROR_NO_TOKEN)
- MAPERROR(CKR_TOKEN_NOT_RECOGNIZED, SEC_ERROR_IO)
- MAPERROR(CKR_TOKEN_WRITE_PROTECTED, SEC_ERROR_READ_ONLY)
- MAPERROR(CKR_UNWRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
- MAPERROR(CKR_UNWRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
- MAPERROR(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
- MAPERROR(CKR_USER_ALREADY_LOGGED_IN, 0)
- MAPERROR(CKR_USER_NOT_LOGGED_IN, SEC_ERROR_LIBRARY_FAILURE) /* XXXX */
- MAPERROR(CKR_USER_PIN_NOT_INITIALIZED, SEC_ERROR_NO_TOKEN)
- MAPERROR(CKR_USER_TYPE_INVALID, SEC_ERROR_LIBRARY_FAILURE)
- MAPERROR(CKR_WRAPPED_KEY_INVALID, SEC_ERROR_INVALID_KEY)
- MAPERROR(CKR_WRAPPED_KEY_LEN_RANGE, SEC_ERROR_INVALID_KEY)
- MAPERROR(CKR_WRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
- MAPERROR(CKR_WRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
- MAPERROR(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
- MAPERROR(CKR_VENDOR_DEFINED, SEC_ERROR_LIBRARY_FAILURE)
-
-
-#ifdef PK11_ERROR_USE_ARRAY
-
-int
-PK11_MapError(CK_RV rv) {
- int size = sizeof(pk11_error_map)/sizeof(pk11_error_map[0]);
-
- for (i=0; i < size; i++) {
- if (pk11_error_map[i].pk11_error == rv) {
- return pk11_error_map[i].sec_error;
- }
- }
- return SEC_ERROR_IO;
- }
-
-
-#else
-
- default:
- break;
- }
- return SEC_ERROR_IO;
-}
-
-
-#endif
diff --git a/security/nss/lib/pk11wrap/pk11func.h b/security/nss/lib/pk11wrap/pk11func.h
deleted file mode 100644
index 47d06d0f5..000000000
--- a/security/nss/lib/pk11wrap/pk11func.h
+++ /dev/null
@@ -1,449 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * PKCS #11 Wrapper functions which handles authenticating to the card's
- * choosing the best cards, etc.
- */
-#ifndef _PK11FUNC_H_
-#define _PK11FUNC_H_
-#include "plarena.h"
-#include "mcom_db.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "secdert.h"
-#include "keyt.h"
-#include "certt.h"
-#include "pkcs11t.h"
-#include "secmodt.h"
-#include "seccomon.h"
-#include "pkcs7t.h"
-#include "cmsreclist.h"
-
-SEC_BEGIN_PROTOS
-
-/************************************************************
- * Generic Slot Lists Management
- ************************************************************/
-PK11SlotList * PK11_NewSlotList(void);
-void PK11_FreeSlotList(PK11SlotList *list);
-SECStatus PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot);
-SECStatus PK11_DeleteSlotFromList(PK11SlotList *list,PK11SlotListElement *le);
-PK11SlotListElement * PK11_GetFirstSafe(PK11SlotList *list);
-PK11SlotListElement *PK11_GetNextSafe(PK11SlotList *list,
- PK11SlotListElement *le, PRBool restart);
-PK11SlotListElement *PK11_FindSlotElement(PK11SlotList *list,
- PK11SlotInfo *slot);
-
-/************************************************************
- * Generic Slot Management
- ************************************************************/
-PK11SlotInfo *PK11_ReferenceSlot(PK11SlotInfo *slot);
-PK11SlotInfo *PK11_FindSlotByID(SECMODModuleID modID,CK_SLOT_ID slotID);
-void PK11_FreeSlot(PK11SlotInfo *slot);
-SECStatus PK11_DestroyObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object);
-SECStatus PK11_DestroyTokenObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object);
-CK_OBJECT_HANDLE PK11_CopyKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE srcObject);
-SECStatus PK11_ReadAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
- CK_ATTRIBUTE_TYPE type, PRArenaPool *arena, SECItem *result);
-CK_ULONG PK11_ReadULongAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
- CK_ATTRIBUTE_TYPE type);
-PK11SlotInfo *PK11_GetInternalKeySlot(void);
-PK11SlotInfo *PK11_GetInternalSlot(void);
-char * PK11_MakeString(PRArenaPool *arena,char *space,char *staticSring,
- int stringLen);
-int PK11_MapError(CK_RV error);
-CK_SESSION_HANDLE PK11_GetRWSession(PK11SlotInfo *slot);
-void PK11_RestoreROSession(PK11SlotInfo *slot,CK_SESSION_HANDLE rwsession);
-PRBool PK11_RWSessionHasLock(PK11SlotInfo *slot,
- CK_SESSION_HANDLE session_handle);
-PK11SlotInfo *PK11_NewSlotInfo(void);
-SECStatus PK11_Logout(PK11SlotInfo *slot);
-void PK11_LogoutAll(void);
-void PK11_EnterSlotMonitor(PK11SlotInfo *);
-void PK11_ExitSlotMonitor(PK11SlotInfo *);
-void PK11_CleanKeyList(PK11SlotInfo *slot);
-
-
-
-/************************************************************
- * Slot Password Management
- ************************************************************/
-void PK11_SetSlotPWValues(PK11SlotInfo *slot,int askpw, int timeout);
-void PK11_GetSlotPWValues(PK11SlotInfo *slot,int *askpw, int *timeout);
-SECStatus PK11_CheckSSOPassword(PK11SlotInfo *slot, char *ssopw);
-SECStatus PK11_CheckUserPassword(PK11SlotInfo *slot,char *pw);
-SECStatus PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx);
-PRBool PK11_IsLoggedIn(PK11SlotInfo *slot, void *wincx);
-SECStatus PK11_VerifyPW(PK11SlotInfo *slot,char *pw);
-SECStatus PK11_InitPin(PK11SlotInfo *slot,char *ssopw, char *pk11_userpwd);
-SECStatus PK11_ChangePW(PK11SlotInfo *slot,char *oldpw, char *newpw);
-void PK11_HandlePasswordCheck(PK11SlotInfo *slot,void *wincx);
-void PK11_SetPasswordFunc(PK11PasswordFunc func);
-void PK11_SetVerifyPasswordFunc(PK11VerifyPasswordFunc func);
-void PK11_SetIsLoggedInFunc(PK11IsLoggedInFunc func);
-int PK11_GetMinimumPwdLength(PK11SlotInfo *slot);
-SECStatus PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd);
-
-/************************************************************
- * Manage the built-In Slot Lists
- ************************************************************/
-SECStatus PK11_InitSlotLists(void);
-PK11SlotList *PK11_GetSlotList(CK_MECHANISM_TYPE type);
-void PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count);
-void PK11_ClearSlotList(PK11SlotInfo *slot);
-
-
-/******************************************************************
- * Slot initialization
- ******************************************************************/
-PRBool PK11_VerifyMechanism(PK11SlotInfo *slot,PK11SlotInfo *intern,
- CK_MECHANISM_TYPE mech, SECItem *data, SECItem *iv);
-PRBool PK11_VerifySlotMechanisms(PK11SlotInfo *slot);
-SECStatus pk11_CheckVerifyTest(PK11SlotInfo *slot);
-SECStatus PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts);
-SECStatus PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx);
-void PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot);
-
-
-/******************************************************************
- * Slot info functions
- ******************************************************************/
-PK11SlotInfo *PK11_FindSlotByName(char *name);
-PK11SlotInfo *PK11_FindSlotBySerial(char *serial);
-PRBool PK11_IsReadOnly(PK11SlotInfo *slot);
-PRBool PK11_IsInternal(PK11SlotInfo *slot);
-char * PK11_GetTokenName(PK11SlotInfo *slot);
-char * PK11_GetSlotName(PK11SlotInfo *slot);
-PRBool PK11_NeedLogin(PK11SlotInfo *slot);
-PRBool PK11_IsFriendly(PK11SlotInfo *slot);
-PRBool PK11_IsHW(PK11SlotInfo *slot);
-PRBool PK11_NeedUserInit(PK11SlotInfo *slot);
-int PK11_GetSlotSeries(PK11SlotInfo *slot);
-int PK11_GetCurrentWrapIndex(PK11SlotInfo *slot);
-unsigned long PK11_GetDefaultFlags(PK11SlotInfo *slot);
-CK_SLOT_ID PK11_GetSlotID(PK11SlotInfo *slot);
-SECMODModuleID PK11_GetModuleID(PK11SlotInfo *slot);
-SECStatus PK11_GetSlotInfo(PK11SlotInfo *slot, CK_SLOT_INFO *info);
-SECStatus PK11_GetTokenInfo(PK11SlotInfo *slot, CK_TOKEN_INFO *info);
-PRBool PK11_IsDisabled(PK11SlotInfo *slot);
-PK11DisableReasons PK11_GetDisabledReason(PK11SlotInfo *slot);
-/* Prevents the slot from being used, and set disable reason to user-disable */
-/* NOTE: Mechanisms that were ON continue to stay ON */
-/* Therefore, when the slot is enabled, it will remember */
-/* what mechanisms needs to be turned on */
-PRBool PK11_UserDisableSlot(PK11SlotInfo *slot);
-/* Allow all mechanisms that are ON before UserDisableSlot() */
-/* was called to be available again */
-PRBool PK11_UserEnableSlot(PK11SlotInfo *slot);
-
-PRBool PK11_NeedPWInit(void);
-PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
-PRBool PK11_TokenExists(CK_MECHANISM_TYPE);
-SECStatus PK11_GetModInfo(SECMODModule *mod, CK_INFO *info);
-PRBool PK11_IsFIPS(void);
-SECMODModule *PK11_GetModule(PK11SlotInfo *slot);
-
-/*********************************************************************
- * Slot mapping utility functions.
- *********************************************************************/
-PRBool PK11_IsPresent(PK11SlotInfo *slot);
-PRBool PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
-PK11SlotList * PK11_GetAllTokens(CK_MECHANISM_TYPE type,PRBool needRW,
- PRBool loadCerts, void *wincx);
-PK11SlotList * PK11_GetPrivateKeyTokens(CK_MECHANISM_TYPE type,
- PRBool needRW,void *wincx);
-PK11SlotInfo *PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type, int count,
- void *wincx);
-PK11SlotInfo *PK11_GetBestSlot(CK_MECHANISM_TYPE type, void *wincx);
-CK_MECHANISM_TYPE PK11_GetBestWrapMechanism(PK11SlotInfo *slot);
-int PK11_GetBestKeyLength(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
-
-/*********************************************************************
- * Mechanism Mapping functions
- *********************************************************************/
-void PK11_AddMechanismEntry(CK_MECHANISM_TYPE type, CK_KEY_TYPE key,
- CK_MECHANISM_TYPE keygen, int ivLen, int blocksize);
-CK_MECHANISM_TYPE PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len);
-CK_MECHANISM_TYPE PK11_GetKeyGen(CK_MECHANISM_TYPE type);
-int PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params);
-int PK11_GetIVLength(CK_MECHANISM_TYPE type);
-SECItem *PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv);
-unsigned char *PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len);
-SECItem * PK11_BlockData(SECItem *data,unsigned long size);
-
-/* PKCS #11 to DER mapping functions */
-SECItem *PK11_ParamFromAlgid(SECAlgorithmID *algid);
-SECItem *PK11_GenerateNewParam(CK_MECHANISM_TYPE, PK11SymKey *);
-CK_MECHANISM_TYPE PK11_AlgtagToMechanism(SECOidTag algTag);
-SECOidTag PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type);
-SECOidTag PK11_FortezzaMapSig(SECOidTag algTag);
-SECStatus PK11_ParamToAlgid(SECOidTag algtag, SECItem *param,
- PRArenaPool *arena, SECAlgorithmID *algid);
-SECStatus PK11_SeedRandom(PK11SlotInfo *,unsigned char *data,int len);
-SECStatus PK11_RandomUpdate(void *data, size_t bytes);
-SECStatus PK11_GenerateRandom(unsigned char *data,int len);
-CK_RV PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,
- CK_MECHANISM_PTR pCryptoMechanism,
- SECItem *pbe_pwd, PRBool bad3DES);
-CK_MECHANISM_TYPE PK11_GetPadMechanism(CK_MECHANISM_TYPE);
-
-/**********************************************************************
- * Symetric, Public, and Private Keys
- **********************************************************************/
-PK11SymKey *PK11_CreateSymKey(PK11SlotInfo *slot,
- CK_MECHANISM_TYPE type, void *wincx);
-void PK11_FreeSymKey(PK11SymKey *key);
-PK11SymKey *PK11_ReferenceSymKey(PK11SymKey *symKey);
-PK11SymKey *PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
- PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key,void *wincx);
-PK11SymKey *PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent,
- PK11Origin origin, CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID,
- PRBool owner, void *wincx);
-PK11SymKey *PK11_GetWrapKey(PK11SlotInfo *slot, int wrap,
- CK_MECHANISM_TYPE type,int series, void *wincx);
-void PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey);
-CK_MECHANISM_TYPE PK11_GetMechanism(PK11SymKey *symKey);
-CK_OBJECT_HANDLE PK11_ImportPublicKey(PK11SlotInfo *slot,
- SECKEYPublicKey *pubKey, PRBool isToken);
-PK11SymKey *PK11_KeyGen(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
- SECItem *param, int keySize,void *wincx);
-
-/* Key Generation specialized for SDR (fixed DES3 key) */
-PK11SymKey *PK11_GenDES3TokenKey(PK11SlotInfo *slot, SECItem *keyid, void *cx);
-
-SECStatus PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
- PK11SymKey *symKey, SECItem *wrappedKey);
-SECStatus PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *params,
- PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey);
-PK11SymKey *PK11_Derive(PK11SymKey *baseKey, CK_MECHANISM_TYPE mechanism,
- SECItem *param, CK_MECHANISM_TYPE target,
- CK_ATTRIBUTE_TYPE operation, int keySize);
-PK11SymKey *PK11_DeriveWithFlags( PK11SymKey *baseKey,
- CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target,
- CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags);
-PK11SymKey *PK11_PubDerive( SECKEYPrivateKey *privKey,
- SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB,
- CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
- CK_ATTRIBUTE_TYPE operation, int keySize,void *wincx) ;
-PK11SymKey *PK11_UnwrapSymKey(PK11SymKey *key,
- CK_MECHANISM_TYPE wraptype, SECItem *param, SECItem *wrapppedKey,
- CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
-PK11SymKey *PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey,
- CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey,
- CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize,
- CK_FLAGS flags);
-PK11SymKey *PK11_PubUnwrapSymKey(SECKEYPrivateKey *key, SECItem *wrapppedKey,
- CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
-PK11SymKey *PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
- SECItem *keyID, void *wincx);
-SECStatus PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey);
-SECStatus PK11_DeleteTokenCertAndKey(CERTCertificate *cert,void *wincx);
-
-/* size to hold key in bytes */
-unsigned int PK11_GetKeyLength(PK11SymKey *key);
-/* size of actual secret parts of key in bits */
-/* algid is because RC4 strength is determined by the effective bits as well
- * as the key bits */
-unsigned int PK11_GetKeyStrength(PK11SymKey *key,SECAlgorithmID *algid);
-SECStatus PK11_ExtractKeyValue(PK11SymKey *symKey);
-SECItem * PK11_GetKeyData(PK11SymKey *symKey);
-PK11SlotInfo * PK11_GetSlotFromKey(PK11SymKey *symKey);
-void *PK11_GetWindow(PK11SymKey *symKey);
-SECKEYPrivateKey *PK11_GenerateKeyPair(PK11SlotInfo *slot,
- CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
- PRBool isPerm, PRBool isSensitive, void *wincx);
-SECKEYPrivateKey *PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType,
- PRBool isTemp, CK_OBJECT_HANDLE privID, void *wincx);
-SECKEYPrivateKey * PK11_FindPrivateKeyFromCert(PK11SlotInfo *slot,
- CERTCertificate *cert, void *wincx);
-SECKEYPrivateKey * PK11_FindKeyByAnyCert(CERTCertificate *cert, void *wincx);
-SECKEYPrivateKey * PK11_FindKeyByKeyID(PK11SlotInfo *slot, SECItem *keyID,
- void *wincx);
-CK_OBJECT_HANDLE PK11_FindObjectForCert(CERTCertificate *cert,
- void *wincx, PK11SlotInfo **pSlot);
-int PK11_GetPrivateModulusLen(SECKEYPrivateKey *key);
-SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data,
- unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen);
-/* The encrypt version of the above function */
-SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc,
- unsigned char *data, unsigned dataLen, void *wincx);
-SECStatus PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot,
- SECKEYPrivateKeyInfo *pki, SECItem *nickname,
- SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
- unsigned int usage, void *wincx);
-SECStatus PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot,
- SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
- SECItem *nickname, SECItem *publicValue, PRBool isPerm,
- PRBool isPrivate, KeyType type,
- unsigned int usage, void *wincx);
-SECKEYPrivateKeyInfo *PK11_ExportPrivateKeyInfo(
- CERTCertificate *cert, void *wincx);
-SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivateKeyInfo(
- PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem,
- CERTCertificate *cert, int iteration, void *wincx);
-SECKEYPrivateKey *PK11_FindKeyByDERCert(PK11SlotInfo *slot,
- CERTCertificate *cert, void *wincx);
-SECKEYPublicKey *PK11_MakeKEAPubKey(unsigned char *data, int length);
-SECStatus PK11_DigestKey(PK11Context *context, PK11SymKey *key);
-PRBool PK11_VerifyKeyOK(PK11SymKey *key);
-SECKEYPrivateKey *PK11_UnwrapPrivKey(PK11SlotInfo *slot,
- PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
- SECItem *param, SECItem *wrappedKey, SECItem *label,
- SECItem *publicValue, PRBool token, PRBool sensitive,
- CK_KEY_TYPE keyType, CK_ATTRIBUTE_TYPE *usage, int usageCount,
- void *wincx);
-SECStatus PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey,
- SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType,
- SECItem *param, SECItem *wrappedKey, void *wincx);
-PK11SymKey * pk11_CopyToSlot(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
- CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey);
-SECItem *PK11_GetKeyIDFromCert(CERTCertificate *cert, void *wincx);
-SECItem * PK11_GetKeyIDFromPrivateKey(SECKEYPrivateKey *key, void *wincx);
-
-/**********************************************************************
- * Certs
- **********************************************************************/
-SECItem *PK11_MakeIDFromPubKey(SECItem *pubKeyData);
-CERTCertificate *PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey);
-SECStatus PK11_TraverseSlotCerts(
- SECStatus(* callback)(CERTCertificate*,SECItem *,void *),
- void *arg, void *wincx);
-CERTCertificate * PK11_FindCertFromNickname(char *nickname, void *wincx);
-CERTCertList * PK11_FindCertsFromNickname(char *nickname, void *wincx);
-SECKEYPrivateKey * PK11_FindPrivateKeyFromNickname(char *nickname, void *wincx);
-PK11SlotInfo *PK11_ImportCertForKey(CERTCertificate *cert, char *nickname,
- void *wincx);
-CK_OBJECT_HANDLE * PK11_FindObjectsFromNickname(char *nickname,
- PK11SlotInfo **slotptr, CK_OBJECT_CLASS objclass, int *returnCount,
- void *wincx);
-PK11SlotInfo *PK11_KeyForCertExists(CERTCertificate *cert,
- CK_OBJECT_HANDLE *keyPtr, void *wincx);
-CK_OBJECT_HANDLE PK11_MatchItem(PK11SlotInfo *slot,CK_OBJECT_HANDLE peer,
- CK_OBJECT_CLASS o_class);
-CERTCertificate * PK11_FindCertByIssuerAndSN(PK11SlotInfo **slot,
- CERTIssuerAndSN *sn, void *wincx);
-CERTCertificate * PK11_FindCertAndKeyByRecipientList(PK11SlotInfo **slot,
- SEC_PKCS7RecipientInfo **array, SEC_PKCS7RecipientInfo **rip,
- SECKEYPrivateKey**privKey, void *wincx);
-int PK11_FindCertAndKeyByRecipientListNew(NSSCMSRecipient **recipientlist,
- void *wincx);
-CK_BBOOL PK11_HasAttributeSet( PK11SlotInfo *slot,
- CK_OBJECT_HANDLE id,
- CK_ATTRIBUTE_TYPE type );
-CK_RV PK11_GetAttributes(PRArenaPool *arena,PK11SlotInfo *slot,
- CK_OBJECT_HANDLE obj,CK_ATTRIBUTE *attr, int count);
-int PK11_NumberCertsForCertSubject(CERTCertificate *cert);
-SECStatus PK11_TraverseCertsForSubject(CERTCertificate *cert,
- SECStatus(*callback)(CERTCertificate *, void *), void *arg);
-SECStatus PK11_TraverseCertsForSubjectInSlot(CERTCertificate *cert,
- PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *),
- void *arg);
-CERTCertificate *PK11_FindCertFromDERCert(PK11SlotInfo *slot,
- CERTCertificate *cert, void *wincx);
-CERTCertificate *PK11_FindCertFromDERSubjectAndNickname(
- PK11SlotInfo *slot,
- CERTCertificate *cert, char *nickname,
- void *wincx);
-SECStatus PK11_ImportCertForKeyToSlot(PK11SlotInfo *slot, CERTCertificate *cert,
- char *nickname, PRBool addUsage,
- void *wincx);
-CERTCertificate *PK11_FindBestKEAMatch(CERTCertificate *serverCert,void *wincx);
-SECStatus PK11_GetKEAMatchedCerts(PK11SlotInfo *slot1,
- PK11SlotInfo *slot2, CERTCertificate **cert1, CERTCertificate **cert2);
-PRBool PK11_FortezzaHasKEA(CERTCertificate *cert);
-CK_OBJECT_HANDLE PK11_FindCertInSlot(PK11SlotInfo *slot, CERTCertificate *cert,
- void *wincx);
-SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname,
- PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *),
- void *arg);
-SECStatus PK11_TraverseCertsInSlot(PK11SlotInfo *slot,
- SECStatus(* callback)(CERTCertificate*, void *), void *arg);
-
-
-/**********************************************************************
- * Sign/Verify
- **********************************************************************/
-int PK11_SignatureLen(SECKEYPrivateKey *key);
-PK11SlotInfo * PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key);
-SECStatus PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash);
-SECStatus PK11_VerifyRecover(SECKEYPublicKey *key, SECItem *sig,
- SECItem *dsig, void * wincx);
-SECStatus PK11_Verify(SECKEYPublicKey *key, SECItem *sig,
- SECItem *hash, void *wincx);
-
-
-
-/**********************************************************************
- * Crypto Contexts
- **********************************************************************/
-void PK11_DestroyContext(PK11Context *context, PRBool freeit);
-PK11Context * PK11_CreateContextByRawKey(PK11SlotInfo *slot,
- CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation,
- SECItem *key, SECItem *param, void *wincx);
-PK11Context *PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type,
- CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey, SECItem *param);
-PK11Context *PK11_CreateDigestContext(SECOidTag hashAlg);
-PK11Context *PK11_CloneContext(PK11Context *old);
-SECStatus PK11_DigestBegin(PK11Context *cx);
-SECStatus PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in,
- int32 len);
-SECStatus PK11_DigestOp(PK11Context *context, const unsigned char *in,
- unsigned len);
-SECStatus PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen,
- int maxout, unsigned char *in, int inlen);
-SECStatus PK11_Finalize(PK11Context *context);
-SECStatus PK11_DigestFinal(PK11Context *context, unsigned char *data,
- unsigned int *outLen, unsigned int length);
-PRBool PK11_HashOK(SECOidTag hashAlg);
-SECStatus PK11_SaveContext(PK11Context *cx,unsigned char *save,
- int *len, int saveLength);
-SECStatus PK11_RestoreContext(PK11Context *cx,unsigned char *save,int len);
-SECStatus PK11_GenerateFortezzaIV(PK11SymKey *symKey,unsigned char *iv,int len);
-SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
-void PK11_FreeSlotCerts(PK11SlotInfo *slot);
-void PK11_SetFortezzaHack(PK11SymKey *symKey) ;
-
-
-/**********************************************************************
- * PBE functions
- **********************************************************************/
-SECAlgorithmID *
-PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt);
-PK11SymKey *
-PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem,
- PRBool faulty3DES, void *wincx);
-SECItem *
-PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem);
-
-SEC_END_PROTOS
-
-#endif
diff --git a/security/nss/lib/pk11wrap/pk11kea.c b/security/nss/lib/pk11wrap/pk11kea.c
deleted file mode 100644
index ef9fe2aef..000000000
--- a/security/nss/lib/pk11wrap/pk11kea.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * This file implements the Symkey wrapper and the PKCS context
- * Interfaces.
- */
-
-#include "seccomon.h"
-#include "secmod.h"
-#include "prlock.h"
-#include "secmodi.h"
-#include "pkcs11.h"
-#include "pk11func.h"
-#include "secitem.h"
-#include "key.h"
-#include "secasn1.h"
-#include "sechash.h"
-#include "cert.h"
-#include "secerr.h"
-
-/*
- * find an RSA public key on a card
- */
-static CK_OBJECT_HANDLE
-pk11_FindRSAPubKey(PK11SlotInfo *slot)
-{
- CK_KEY_TYPE key_type = CKK_RSA;
- CK_OBJECT_CLASS class_type = CKO_PUBLIC_KEY;
- CK_ATTRIBUTE theTemplate[2];
- int template_count = sizeof(theTemplate)/sizeof(theTemplate[0]);
- CK_ATTRIBUTE *attrs = theTemplate;
-
- PK11_SETATTRS(attrs,CKA_CLASS,&class_type,sizeof(class_type)); attrs++;
- PK11_SETATTRS(attrs,CKA_KEY_TYPE,&key_type,sizeof(key_type)); attrs++;
- template_count = attrs - theTemplate;
- PR_ASSERT(template_count <= sizeof(theTemplate)/sizeof(CK_ATTRIBUTE));
-
- return pk11_FindObjectByTemplate(slot,theTemplate,template_count);
-}
-
-SECKEYPublicKey *PK11_ExtractPublicKey(PK11SlotInfo *slot, KeyType keyType,
- CK_OBJECT_HANDLE id);
-
-PK11SymKey *
-pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
- CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey)
-{
- PK11SymKey *newSymKey = NULL;
- SECStatus rv;
- /* performance improvement can go here --- use a generated key to as a
- * per startup wrapping key. If it exists, use it, otherwise do a full
- * key exchange. */
-
- /* find a common Key Exchange algorithm */
- /* RSA */
- if (PK11_DoesMechanism(symKey->slot, CKM_RSA_PKCS) &&
- PK11_DoesMechanism(slot,CKM_RSA_PKCS)) {
- CK_OBJECT_HANDLE pubKeyHandle = CK_INVALID_KEY;
- CK_OBJECT_HANDLE privKeyHandle = CK_INVALID_KEY;
- SECKEYPublicKey *pubKey = NULL;
- SECKEYPrivateKey *privKey = NULL;
- SECItem wrapData;
-
- wrapData.data = NULL;
-
- /* find RSA Public Key on target */
- pubKeyHandle = pk11_FindRSAPubKey(slot);
- if (pubKeyHandle != CK_INVALID_KEY) {
- privKeyHandle = PK11_MatchItem(slot,pubKeyHandle,CKO_PRIVATE_KEY);
- }
-
- /* if no key exits, generate a key pair */
- if (privKeyHandle == CK_INVALID_KEY) {
- unsigned int keyLength = PK11_GetKeyLength(symKey);
- PK11RSAGenParams rsaParams;
-
- rsaParams.keySizeInBits =
- ((keyLength == 0) || (keyLength > 16)) ? 512 : 256;
- rsaParams.pe = 0x10001;
- privKey = PK11_GenerateKeyPair(slot,CKM_RSA_PKCS_KEY_PAIR_GEN,
- &rsaParams, &pubKey,PR_FALSE,PR_TRUE,symKey->cx);
- } else {
- /* if key's exist, build SECKEY data structures for them */
- privKey = PK11_MakePrivKey(slot,nullKey, PR_TRUE, privKeyHandle,
- symKey->cx);
- if (privKey != NULL) {
- pubKey = PK11_ExtractPublicKey(slot, rsaKey, pubKeyHandle);
- if (pubKey && pubKey->pkcs11Slot) {
- PK11_FreeSlot(pubKey->pkcs11Slot);
- pubKey->pkcs11Slot = NULL;
- pubKey->pkcs11ID = CK_INVALID_KEY;
- }
- }
- }
- if (privKey == NULL) goto rsa_failed;
- if (pubKey == NULL) goto rsa_failed;
-
- wrapData.len = SECKEY_PublicKeyStrength(pubKey);
- if (!wrapData.len) goto rsa_failed;
- wrapData.data = PORT_Alloc(wrapData.len);
- if (wrapData.data == NULL) goto rsa_failed;
-
- /* now wrap the keys in and out */
- rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, pubKey, symKey, &wrapData);
- if (rv == SECSuccess) {
- newSymKey = PK11_PubUnwrapSymKey(privKey,&wrapData,type,operation,
- symKey->size);
- }
-rsa_failed:
- if (wrapData.data != NULL) PORT_Free(wrapData.data);
- if (privKey != NULL) SECKEY_DestroyPrivateKey(privKey);
- if (pubKey != NULL) SECKEY_DestroyPublicKey(pubKey);
-
- return newSymKey;
- }
- /* KEA */
- if (PK11_DoesMechanism(symKey->slot, CKM_KEA_KEY_DERIVE) &&
- PK11_DoesMechanism(slot,CKM_KEA_KEY_DERIVE)) {
- CERTCertificate *certSource = NULL;
- CERTCertificate *certTarget = NULL;
- SECKEYPublicKey *pubKeySource = NULL;
- SECKEYPublicKey *pubKeyTarget = NULL;
- SECKEYPrivateKey *privKeySource = NULL;
- SECKEYPrivateKey *privKeyTarget = NULL;
- PK11SymKey *tekSource = NULL;
- PK11SymKey *tekTarget = NULL;
- SECItem Ra,wrap;
-
- /* can only exchange skipjack keys */
- if (type != CKM_SKIPJACK_CBC64) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- goto kea_failed;
- }
-
- /* find a pair of certs we can use */
- rv = PK11_GetKEAMatchedCerts(symKey->slot,slot,&certSource,&certTarget);
- if (rv != SECSuccess) goto kea_failed;
-
- /* get all the key pairs */
- pubKeyTarget = CERT_ExtractPublicKey(certSource);
- pubKeySource = CERT_ExtractPublicKey(certTarget);
- privKeySource =
- PK11_FindKeyByDERCert(symKey->slot,certSource,symKey->cx);
- privKeyTarget =
- PK11_FindKeyByDERCert(slot,certTarget,symKey->cx);
-
- if ((pubKeySource == NULL) || (pubKeyTarget == NULL) ||
- (privKeySource == NULL) || (privKeyTarget == NULL)) goto kea_failed;
-
- /* generate the wrapping TEK's */
- Ra.data = (unsigned char*)PORT_Alloc(128 /* FORTEZZA RA MAGIC */);
- Ra.len = 128;
- if (Ra.data == NULL) goto kea_failed;
-
- tekSource = PK11_PubDerive(privKeySource,pubKeyTarget,PR_TRUE,&Ra,NULL,
- CKM_SKIPJACK_WRAP, CKM_KEA_KEY_DERIVE,CKA_WRAP,0,symKey->cx);
- tekTarget = PK11_PubDerive(privKeyTarget,pubKeySource,PR_FALSE,&Ra,NULL,
- CKM_SKIPJACK_WRAP, CKM_KEA_KEY_DERIVE,CKA_WRAP,0,symKey->cx);
- PORT_Free(Ra.data);
-
- if ((tekSource == NULL) || (tekTarget == NULL)) { goto kea_failed; }
-
- /* wrap the key out of Source into target */
- wrap.data = (unsigned char*)PORT_Alloc(12); /* MAGIC SKIPJACK LEN */
- wrap.len = 12;
-
- /* paranoia to prevent infinite recursion on bugs */
- PORT_Assert(tekSource->slot == symKey->slot);
- if (tekSource->slot != symKey->slot) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- goto kea_failed;
- }
-
- rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP,NULL,tekSource,symKey,&wrap);
- if (rv == SECSuccess) {
- newSymKey = PK11_UnwrapSymKey(tekTarget, CKM_SKIPJACK_WRAP, NULL,
- &wrap, type, operation, symKey->size);
- }
- PORT_Free(wrap.data);
-kea_failed:
- if (certSource == NULL) CERT_DestroyCertificate(certSource);
- if (certTarget == NULL) CERT_DestroyCertificate(certTarget);
- if (pubKeySource == NULL) SECKEY_DestroyPublicKey(pubKeySource);
- if (pubKeyTarget == NULL) SECKEY_DestroyPublicKey(pubKeyTarget);
- if (privKeySource == NULL) SECKEY_DestroyPrivateKey(privKeySource);
- if (privKeyTarget == NULL) SECKEY_DestroyPrivateKey(privKeyTarget);
- if (tekSource == NULL) PK11_FreeSymKey(tekSource);
- if (tekTarget == NULL) PK11_FreeSymKey(tekTarget);
- return newSymKey;
- }
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return NULL;
-}
-
diff --git a/security/nss/lib/pk11wrap/pk11list.c b/security/nss/lib/pk11wrap/pk11list.c
deleted file mode 100644
index 35a68d8a2..000000000
--- a/security/nss/lib/pk11wrap/pk11list.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Locking and queue management primatives
- *
- */
-
-#include "seccomon.h"
-#include "prlock.h"
-#include "prmon.h"
-#include "secmod.h"
-#include "secmodi.h"
-#include "prlong.h"
-
-#define ISREADING 1
-#define ISWRITING 2
-#define WANTWRITE 4
-#define ISLOCKED 3
-
-/*
- * create a new lock for a Module List
- */
-SECMODListLock *SECMOD_NewListLock() {
- SECMODListLock *modLock;
-
- modLock = (SECMODListLock*)PORT_Alloc(sizeof(SECMODListLock));
-#ifdef PKCS11_USE_THREADS
- modLock->mutex = NULL;
- modLock->monitor = PR_NewMonitor();
-#else
- modLock->mutex = NULL;
- modLock->monitor = NULL;
-#endif
- modLock->state = 0;
- modLock->count = 0;
- return modLock;
-}
-
-/*
- * destroy the lock
- */
-void SECMOD_DestroyListLock(SECMODListLock *lock) {
- PK11_USE_THREADS(PR_DestroyMonitor(lock->monitor);)
- PORT_Free(lock);
-}
-
-
-/*
- * Lock the List for Read: NOTE: this assumes the reading isn't so common
- * the writing will be starved.
- */
-void SECMOD_GetReadLock(SECMODListLock *modLock) {
-#ifdef PKCS11_USE_THREADS
- PR_EnterMonitor(modLock->monitor);
- while (modLock->state & ISWRITING) {
- PR_Wait(modLock->monitor,PR_INTERVAL_NO_TIMEOUT); /* wait until woken up */
- }
- modLock->state |= ISREADING;
- modLock->count++;
- PR_ExitMonitor(modLock->monitor);
-#endif
-}
-
-/*
- * Release the Read lock
- */
-void SECMOD_ReleaseReadLock(SECMODListLock *modLock) {
-#ifdef PKCS11_USE_THREADS
- PR_EnterMonitor(modLock->monitor);
- modLock->count--;
- if (modLock->count == 0) {
- modLock->state &= ~ISREADING;
- if (modLock->state & WANTWRITE) {
- PR_Notify(modLock->monitor); /* only one writer at a time */
- }
- }
- PR_ExitMonitor(modLock->monitor);
-#endif
-}
-
-
-/*
- * lock the list for Write
- */
-void SECMOD_GetWriteLock(SECMODListLock *modLock) {
-#ifdef PKCS11_USE_THREADS
- PR_EnterMonitor(modLock->monitor);
- while (modLock->state & ISLOCKED) {
- modLock->state |= WANTWRITE;
- PR_Wait(modLock->monitor,PR_INTERVAL_NO_TIMEOUT); /* wait until woken up */
- }
- modLock->state = ISWRITING;
- PR_ExitMonitor(modLock->monitor);
-#endif
-}
-
-
-/*
- * Release the Write Lock: NOTE, this code is pretty inefficient if you have
- * lots of write collisions.
- */
-void SECMOD_ReleaseWriteLock(SECMODListLock *modLock) {
-#ifdef PKCS11_USE_THREADS
- PR_EnterMonitor(modLock->monitor);
- modLock->state = 0;
- PR_NotifyAll(modLock->monitor); /* enable all the readers */
- PR_ExitMonitor(modLock->monitor);
-#endif
-}
-
-
-/*
- * must Hold the Write lock
- */
-void
-SECMOD_RemoveList(SECMODModuleList **parent, SECMODModuleList *child) {
- *parent = child->next;
- child->next = NULL;
-}
-
-/*
- * if lock is not specified, it must already be held
- */
-void
-SECMOD_AddList(SECMODModuleList *parent, SECMODModuleList *child,
- SECMODListLock *lock) {
- if (lock) { SECMOD_GetWriteLock(lock); }
-
- child->next = parent->next;
- parent->next = child;
-
- if (lock) { SECMOD_ReleaseWriteLock(lock); }
-}
-
-
diff --git a/security/nss/lib/pk11wrap/pk11load.c b/security/nss/lib/pk11wrap/pk11load.c
deleted file mode 100644
index 65d898e6e..000000000
--- a/security/nss/lib/pk11wrap/pk11load.c
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * The following handles the loading, unloading and management of
- * various PCKS #11 modules
- */
-#include "seccomon.h"
-#include "pkcs11.h"
-#include "secmod.h"
-#include "prlink.h"
-#include "pk11func.h"
-#include "secmodi.h"
-#include "prlock.h"
-
-extern void FC_GetFunctionList(void);
-extern void NSC_GetFunctionList(void);
-
-
-/* build the PKCS #11 2.01 lock files */
-CK_RV PR_CALLBACK secmodCreateMutext(CK_VOID_PTR_PTR pmutex) {
- *pmutex = (CK_VOID_PTR) PR_NewLock();
- if ( *pmutex ) return CKR_OK;
- return CKR_HOST_MEMORY;
-}
-
-CK_RV PR_CALLBACK secmodDestroyMutext(CK_VOID_PTR mutext) {
- PR_DestroyLock((PRLock *)mutext);
- return CKR_OK;
-}
-
-CK_RV PR_CALLBACK secmodLockMutext(CK_VOID_PTR mutext) {
- PR_Lock((PRLock *)mutext);
- return CKR_OK;
-}
-
-CK_RV PR_CALLBACK secmodUnlockMutext(CK_VOID_PTR mutext) {
- PR_Unlock((PRLock *)mutext);
- return CKR_OK;
-}
-
-static SECMODModuleID nextModuleID = 1;
-static CK_C_INITIALIZE_ARGS secmodLockFunctions = {
- secmodCreateMutext, secmodDestroyMutext, secmodLockMutext,
- secmodUnlockMutext, CKF_LIBRARY_CANT_CREATE_OS_THREADS|
- CKF_OS_LOCKING_OK
- ,NULL
-};
-
-/*
- * load a new module into our address space and initialize it.
- */
-SECStatus
-SECMOD_LoadModule(SECMODModule *mod) {
- PRLibrary *library = NULL;
- CK_C_GetFunctionList entry;
- char * full_name;
- CK_INFO info;
- CK_ULONG slotCount = 0;
-
-
- if (mod->loaded) return SECSuccess;
-
- /* intenal modules get loaded from their internal list */
- if (mod->internal) {
- /* internal, statically get the C_GetFunctionList function */
- if (mod->isFIPS) {
- entry = (CK_C_GetFunctionList) FC_GetFunctionList;
- } else {
- entry = (CK_C_GetFunctionList) NSC_GetFunctionList;
- }
- } else {
- /* Not internal, load the DLL and look up C_GetFunctionList */
- if (mod->dllName == NULL) {
- return SECFailure;
- }
-
-#ifdef notdef
- /* look up the library name */
- full_name = PR_GetLibraryName(PR_GetLibraryPath(),mod->dllName);
- if (full_name == NULL) {
- return SECFailure;
- }
-#else
- full_name = PORT_Strdup(mod->dllName);
-#endif
-
- /* load the library. If this succeeds, then we have to remember to
- * unload the library if anything goes wrong from here on out...
- */
- library = PR_LoadLibrary(full_name);
- mod->library = (void *)library;
- PORT_Free(full_name);
- if (library == NULL) {
- return SECFailure;
- }
-
- /*
- * now we need to get the entry point to find the function pointers
- */
- entry = (CK_C_GetFunctionList)
- PR_FindSymbol(library, "C_GetFunctionList");
- if (entry == NULL) {
- PR_UnloadLibrary(library);
- return SECFailure;
- }
- }
-
- /*
- * We need to get the function list
- */
- if ((*entry)((CK_FUNCTION_LIST_PTR *)&mod->functionList) != CKR_OK)
- goto fail;
-
- mod->isThreadSafe = PR_TRUE;
- /* Now we initialize the module */
- if (PK11_GETTAB(mod)->C_Initialize(&secmodLockFunctions) != CKR_OK) {
- mod->isThreadSafe = PR_FALSE;
- if (PK11_GETTAB(mod)->C_Initialize(NULL) != CKR_OK) goto fail;
- }
-
- /* check the version number */
- if (PK11_GETTAB(mod)->C_GetInfo(&info) != CKR_OK) goto fail2;
- if (info.cryptokiVersion.major != 2) goto fail2;
- /* all 2.0 are a priori *not* thread safe */
- if (info.cryptokiVersion.minor < 1) mod->isThreadSafe = PR_FALSE;
-
-
- /* If we don't have a common name, get it from the PKCS 11 module */
- if ((mod->commonName == NULL) || (mod->commonName[0] == 0)) {
- mod->commonName = PK11_MakeString(mod->arena,NULL,
- (char *)info.libraryDescription, sizeof(info.libraryDescription));
- if (mod->commonName == NULL) goto fail2;
- }
-
-
- /* initialize the Slots */
- if (PK11_GETTAB(mod)->C_GetSlotList(CK_FALSE, NULL, &slotCount) == CKR_OK) {
- CK_SLOT_ID *slotIDs;
- int i;
- CK_RV rv;
-
- mod->slots = (PK11SlotInfo **)PORT_ArenaAlloc(mod->arena,
- sizeof(PK11SlotInfo *) * slotCount);
- if (mod->slots == NULL) goto fail2;
-
- slotIDs = (CK_SLOT_ID *) PORT_Alloc(sizeof(CK_SLOT_ID)*slotCount);
- if (slotIDs == NULL) {
- goto fail2;
- }
- rv = PK11_GETTAB(mod)->C_GetSlotList(CK_FALSE, slotIDs, &slotCount);
- if (rv != CKR_OK) {
- PORT_Free(slotIDs);
- goto fail2;
- }
-
- /* Initialize each slot */
- for (i=0; i < (int)slotCount; i++) {
- mod->slots[i] = PK11_NewSlotInfo();
- PK11_InitSlot(mod,slotIDs[i],mod->slots[i]);
- /* look down the slot info table */
- PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount);
- }
- mod->slotCount = slotCount;
- mod->slotInfoCount = 0;
- PORT_Free(slotIDs);
- }
-
-
-
-
- mod->loaded = PR_TRUE;
- mod->moduleID = nextModuleID++;
- return SECSuccess;
-fail2:
- PK11_GETTAB(mod)->C_Finalize(NULL);
-fail:
- mod->functionList = NULL;
- if (library) PR_UnloadLibrary(library);
- return SECFailure;
-}
-
-SECStatus
-SECMOD_UnloadModule(SECMODModule *mod) {
- PRLibrary *library;
-
- if (!mod->loaded) {
- return SECFailure;
- }
-
- PK11_GETTAB(mod)->C_Finalize(NULL);
- mod->moduleID = 0;
- mod->loaded = PR_FALSE;
-
- /* do we want the semantics to allow unloading the internal library?
- * if not, we should change this to SECFailure and move it above the
- * mod->loaded = PR_FALSE; */
- if (mod->internal) {
- return SECSuccess;
- }
-
- library = (PRLibrary *)mod->library;
- /* paranoia */
- if (library == NULL) {
- return SECFailure;
- }
-
- PR_UnloadLibrary(library);
- return SECSuccess;
-}
diff --git a/security/nss/lib/pk11wrap/pk11sdr.c b/security/nss/lib/pk11wrap/pk11sdr.c
deleted file mode 100644
index c72914543..000000000
--- a/security/nss/lib/pk11wrap/pk11sdr.c
+++ /dev/null
@@ -1,288 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- * thayes@netscape.com
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * PKCS #11 Wrapper functions which handles authenticating to the card's
- * choosing the best cards, etc.
- */
-
-#include "seccomon.h"
-#include "secoid.h"
-#include "secasn1.h"
-#include "pkcs11.h"
-#include "pk11func.h"
-#include "pk11sdr.h"
-
-/*
- * Data structure and template for encoding the result of an SDR operation
- * This is temporary. It should include the algorithm ID of the encryption mechanism
- */
-struct SDRResult
-{
- SECItem keyid;
- SECAlgorithmID alg;
- SECItem data;
-};
-typedef struct SDRResult SDRResult;
-
-static SEC_ASN1Template template[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (SDRResult) },
- { SEC_ASN1_OCTET_STRING, offsetof(SDRResult, keyid) },
- { SEC_ASN1_INLINE, offsetof(SDRResult, alg), SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING, offsetof(SDRResult, data) },
- { 0 }
-};
-
-static unsigned char keyID[] = {
- 0xF8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
-};
-
-static SECItem keyIDItem = {
- 0,
- keyID,
- sizeof keyID
-};
-
-/* local utility function for padding an incoming data block
- * to the mechanism block size.
- */
-static SECStatus
-padBlock(SECItem *data, int blockSize, SECItem *result)
-{
- SECStatus rv = SECSuccess;
- int padLength;
- unsigned int i;
-
- result->data = 0;
- result->len = 0;
-
- /* This algorithm always adds to the block (to indicate the number
- * of pad bytes). So allocate a block large enough.
- */
- padLength = blockSize - (data->len % blockSize);
- result->len = data->len + padLength;
- result->data = (unsigned char *)PORT_Alloc(result->len);
-
- /* Copy the data */
- PORT_Memcpy(result->data, data->data, data->len);
-
- /* Add the pad values */
- for(i = data->len; i < result->len; i++)
- result->data[i] = (unsigned char)padLength;
-
- return rv;
-}
-
-static SECStatus
-unpadBlock(SECItem *data, int blockSize, SECItem *result)
-{
- SECStatus rv = SECSuccess;
- int padLength;
-
- result->data = 0;
- result->len = 0;
-
- /* Remove the padding from the end if the input data */
- if (data->len == 0 || data->len % blockSize != 0) { rv = SECFailure; goto loser; }
-
- padLength = data->data[data->len-1];
- if (padLength > blockSize) { rv = SECFailure; goto loser; }
-
- result->len = data->len - padLength;
- result->data = (unsigned char *)PORT_Alloc(result->len);
- if (!result->data) { rv = SECFailure; goto loser; }
-
- PORT_Memcpy(result->data, data->data, result->len);
-
-loser:
- return rv;
-}
-
-/*
- * PK11SDR_Encrypt
- * Encrypt a block of data using the symmetric key identified. The result
- * is an ASN.1 (DER) encoded block of keyid, params and data.
- */
-SECStatus
-PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx)
-{
- SECStatus rv = SECSuccess;
- PK11SlotInfo *slot = 0;
- PK11SymKey *key = 0;
- SECItem *params = 0;
- PK11Context *ctx = 0;
- CK_MECHANISM_TYPE type;
- SDRResult sdrResult;
- SECItem paddedData;
- SECItem *pKeyID;
- PLArenaPool *arena = 0;
-
- /* Initialize */
- paddedData.len = 0;
- paddedData.data = 0;
-
- arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (!arena) { rv = SECFailure; goto loser; }
-
- /* 1. Locate the requested keyid, or the default key (which has a keyid)
- * 2. Create an encryption context
- * 3. Encrypt
- * 4. Encode the results (using ASN.1)
- */
-
- slot = PK11_GetInternalKeySlot();
- if (!slot) { rv = SECFailure; goto loser; }
-
- /* Use triple-DES */
- type = CKM_DES3_CBC;
-
- /* Find the key to use */
- pKeyID = keyid;
- if (pKeyID->len == 0) {
- pKeyID = &keyIDItem; /* Use default value */
-
- /* Try to find the key */
- key = PK11_FindFixedKey(slot, type, pKeyID, cx);
-
- /* If the default key doesn't exist yet, try to create it */
- if (!key) key = PK11_GenDES3TokenKey(slot, pKeyID, cx);
- } else {
- key = PK11_FindFixedKey(slot, type, pKeyID, cx);
- }
-
- if (!key) { rv = SECFailure; goto loser; }
-
- params = PK11_GenerateNewParam(type, key);
- if (!params) { rv = SECFailure; goto loser; }
-
- ctx = PK11_CreateContextBySymKey(type, CKA_ENCRYPT, key, params);
- if (!ctx) { rv = SECFailure; goto loser; }
-
- rv = padBlock(data, PK11_GetBlockSize(type, 0), &paddedData);
- if (rv != SECSuccess) goto loser;
-
- sdrResult.data.len = paddedData.len;
- sdrResult.data.data = (unsigned char *)PORT_ArenaAlloc(arena, sdrResult.data.len);
-
- rv = PK11_CipherOp(ctx, sdrResult.data.data, &sdrResult.data.len, sdrResult.data.len,
- paddedData.data, paddedData.len);
- if (rv != SECSuccess) goto loser;
-
- PK11_Finalize(ctx);
-
- sdrResult.keyid = *pKeyID;
-
- rv = PK11_ParamToAlgid(SEC_OID_DES_EDE3_CBC, params, arena, &sdrResult.alg);
- if (rv != SECSuccess) goto loser;
-
- if (!SEC_ASN1EncodeItem(0, result, &sdrResult, template)) { rv = SECFailure; goto loser; }
-
-loser:
- SECITEM_ZfreeItem(&paddedData, PR_FALSE);
- if (arena) PORT_FreeArena(arena, PR_TRUE);
- if (ctx) PK11_DestroyContext(ctx, PR_TRUE);
- if (params) SECITEM_ZfreeItem(params, PR_TRUE);
- if (key) PK11_FreeSymKey(key);
- if (slot) PK11_FreeSlot(slot);
-
- return rv;
-}
-
-/*
- * PK11SDR_Decrypt
- * Decrypt a block of data produced by PK11SDR_Encrypt. The key used is identified
- * by the keyid field within the input.
- */
-SECStatus
-PK11SDR_Decrypt(SECItem *data, SECItem *result, void *cx)
-{
- SECStatus rv = SECSuccess;
- PK11SlotInfo *slot = 0;
- PK11SymKey *key = 0;
- PK11Context *ctx = 0;
- CK_MECHANISM_TYPE type;
- SDRResult sdrResult;
- SECItem *params = 0;
- SECItem paddedResult;
- PLArenaPool *arena = 0;
-
- paddedResult.len = 0;
- paddedResult.data = 0;
-
- arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (!arena) { rv = SECFailure; goto loser; }
-
- /* Decode the incoming data */
- memset(&sdrResult, 0, sizeof sdrResult);
- rv = SEC_ASN1DecodeItem(arena, &sdrResult, template, data);
- if (rv != SECSuccess) goto loser; /* Invalid format */
-
- /* Find the slot and key for the given keyid */
- slot = PK11_GetInternalKeySlot();
- if (!slot) { rv = SECFailure; goto loser; }
-
- /* Use triple-DES (Should look up the algorithm) */
- type = CKM_DES3_CBC;
- key = PK11_FindFixedKey(slot, type, &sdrResult.keyid, cx);
- if (!key) { rv = SECFailure; goto loser; }
-
- /* Get the parameter values from the data */
- params = PK11_ParamFromAlgid(&sdrResult.alg);
- if (!params) { rv = SECFailure; goto loser; }
-
- ctx = PK11_CreateContextBySymKey(type, CKA_DECRYPT, key, params);
- if (!ctx) { rv = SECFailure; goto loser; }
-
- paddedResult.len = sdrResult.data.len;
- paddedResult.data = PORT_ArenaAlloc(arena, result->len);
-
- rv = PK11_CipherOp(ctx, paddedResult.data, &paddedResult.len, paddedResult.len,
- sdrResult.data.data, sdrResult.data.len);
- if (rv != SECSuccess) goto loser;
-
- PK11_Finalize(ctx);
-
- /* Remove the padding */
- rv = unpadBlock(&paddedResult, PK11_GetBlockSize(type, 0), result);
- if (rv) goto loser;
-
-loser:
- /* SECITEM_ZfreeItem(&paddedResult, PR_FALSE); */
- if (arena) PORT_FreeArena(arena, PR_TRUE);
- if (ctx) PK11_DestroyContext(ctx, PR_TRUE);
- if (key) PK11_FreeSymKey(key);
- if (params) SECITEM_ZfreeItem(params, PR_TRUE);
- if (slot) PK11_FreeSlot(slot);
-
- return rv;
-}
diff --git a/security/nss/lib/pk11wrap/pk11sdr.h b/security/nss/lib/pk11wrap/pk11sdr.h
deleted file mode 100644
index 652098cad..000000000
--- a/security/nss/lib/pk11wrap/pk11sdr.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * PKCS #11 Wrapper functions which handles authenticating to the card's
- * choosing the best cards, etc.
- */
-
-#ifndef _PK11SDR_H_
-#define _PK11SDR_H_
-
-#include "seccomon.h"
-
-SEC_BEGIN_PROTOS
-
-/*
- * PK11SDR_Encrypt - encrypt data using the specified key id or SDR default
- *
- */
-SECStatus
-PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx);
-
-/*
- * PK11SDR_Decrypt - decrypt data previously encrypted with PK11SDR_Encrypt
- */
-SECStatus
-PK11SDR_Decrypt(SECItem *data, SECItem *result, void *cx);
-
-SEC_END_PROTOS
-
-#endif
diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c
deleted file mode 100644
index 4d65b15a8..000000000
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ /dev/null
@@ -1,4854 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * This file implements the Symkey wrapper and the PKCS context
- * Interfaces.
- */
-
-#include "seccomon.h"
-#include "secmod.h"
-#include "prlock.h"
-#include "secmodi.h"
-#include "pkcs11.h"
-#include "pk11func.h"
-#include "secitem.h"
-#include "key.h"
-#include "secoid.h"
-#include "secasn1.h"
-#include "sechash.h"
-#include "cert.h"
-#include "secerr.h"
-
-#define PAIRWISE_SECITEM_TYPE siBuffer
-#define PAIRWISE_DIGEST_LENGTH SHA1_LENGTH /* 160-bits */
-#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
-
-/* forward static declarations. */
-static PK11SymKey *pk11_DeriveWithTemplate(PK11SymKey *baseKey,
- CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target,
- CK_ATTRIBUTE_TYPE operation, int keySize, CK_ATTRIBUTE *userAttr,
- unsigned int numAttrs);
-
-
-/*
- * strip leading zero's from key material
- */
-void
-pk11_SignedToUnsigned(CK_ATTRIBUTE *attrib) {
- char *ptr = (char *)attrib->pValue;
- unsigned long len = attrib->ulValueLen;
-
- while (len && (*ptr == 0)) {
- len--;
- ptr++;
- }
- attrib->pValue = ptr;
- attrib->ulValueLen = len;
-}
-
-/*
- * get a new session on a slot. If we run out of session, use the slot's
- * 'exclusive' session. In this case owner becomes false.
- */
-static CK_SESSION_HANDLE
-pk11_GetNewSession(PK11SlotInfo *slot,PRBool *owner)
-{
- CK_SESSION_HANDLE session;
- *owner = PR_TRUE;
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- if ( PK11_GETTAB(slot)->C_OpenSession(slot->slotID,CKF_SERIAL_SESSION,
- slot,pk11_notify,&session) != CKR_OK) {
- *owner = PR_FALSE;
- session = slot->session;
- }
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
-
- return session;
-}
-
-static void
-pk11_CloseSession(PK11SlotInfo *slot,CK_SESSION_HANDLE session,PRBool owner)
-{
- if (!owner) return;
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- (void) PK11_GETTAB(slot)->C_CloseSession(session);
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
-}
-
-
-SECStatus
-PK11_CreateNewObject(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
- CK_ATTRIBUTE *theTemplate, int count,
- PRBool token, CK_OBJECT_HANDLE *objectID)
-{
- CK_SESSION_HANDLE rwsession;
- CK_RV crv;
- SECStatus rv = SECSuccess;
-
- rwsession = session;
- if (rwsession == CK_INVALID_SESSION) {
- if (token) {
- rwsession = PK11_GetRWSession(slot);
- } else {
- rwsession = slot->session;
- PK11_EnterSlotMonitor(slot);
- }
- }
- crv = PK11_GETTAB(slot)->C_CreateObject(rwsession, theTemplate,
- count,objectID);
- if(crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- rv = SECFailure;
- }
-
- if (session == CK_INVALID_SESSION) {
- if (token) {
- PK11_RestoreROSession(slot, rwsession);
- } else {
- PK11_ExitSlotMonitor(slot);
- }
- }
-
- return rv;
-}
-
-static void
-pk11_EnterKeyMonitor(PK11SymKey *symKey) {
- if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe))
- PK11_EnterSlotMonitor(symKey->slot);
-}
-
-static void
-pk11_ExitKeyMonitor(PK11SymKey *symKey) {
- if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe))
- PK11_ExitSlotMonitor(symKey->slot);
-}
-
-
-static PK11SymKey *pk11SymKeyHead = NULL;
-static PK11SymKey *
-pk11_getKeyFromList(PK11SlotInfo *slot) {
- PK11SymKey *symKey;
-
-
- PK11_USE_THREADS(PR_Lock(slot->freeListLock);)
- if (slot->freeSymKeysHead) {
- symKey = slot->freeSymKeysHead;
- slot->freeSymKeysHead = symKey->next;
- slot->keyCount--;
- }
- PK11_USE_THREADS(PR_Unlock(slot->freeListLock);)
- if (symKey) {
- symKey->next = NULL;
- return symKey;
- }
-
- symKey = (PK11SymKey *)PORT_ZAlloc(sizeof(PK11SymKey));
- if (symKey == NULL) {
- return NULL;
- }
- symKey->refLock = PR_NewLock();
- if (symKey->refLock == NULL) {
- PORT_Free(symKey);
- return NULL;
- }
- symKey->session = pk11_GetNewSession(slot,&symKey->sessionOwner);
- symKey->next = NULL;
- return symKey;
-}
-
-void
-PK11_CleanKeyList(PK11SlotInfo *slot)
-{
- PK11SymKey *symKey = NULL;
-
- while (slot->freeSymKeysHead) {
- symKey = slot->freeSymKeysHead;
- slot->freeSymKeysHead = symKey->next;
- pk11_CloseSession(symKey->slot, symKey->session,symKey->sessionOwner);
- PK11_USE_THREADS(PR_DestroyLock(symKey->refLock);)
- PORT_Free(symKey);
- };
- return;
-}
-
-/*
- * create a symetric key:
- * Slot is the slot to create the key in.
- * type is the mechainism type
- */
-PK11SymKey *
-PK11_CreateSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, void *wincx)
-{
-
- PK11SymKey *symKey = pk11_getKeyFromList(slot);
-
-
- if (symKey == NULL) {
- return NULL;
- }
-
- symKey->type = type;
- symKey->data.data = NULL;
- symKey->data.len = 0;
- symKey->owner = PR_TRUE;
- symKey->objectID = CK_INVALID_KEY;
- symKey->slot = slot;
- symKey->series = slot->series;
- symKey->cx = wincx;
- symKey->size = 0;
- symKey->refCount = 1;
- symKey->origin = PK11_OriginNULL;
- symKey->origin = PK11_OriginNULL;
- PK11_ReferenceSlot(slot);
- return symKey;
-}
-
-/*
- * destroy a symetric key
- */
-void
-PK11_FreeSymKey(PK11SymKey *symKey)
-{
- PRBool destroy = PR_FALSE;
- PK11SlotInfo *slot;
- PRBool freeit = PR_TRUE;
-
- PK11_USE_THREADS(PR_Lock(symKey->refLock);)
- if (symKey->refCount-- == 1) {
- destroy= PR_TRUE;
- }
- PK11_USE_THREADS(PR_Unlock(symKey->refLock);)
- if (destroy) {
- if ((symKey->owner) && symKey->objectID != CK_INVALID_KEY) {
- pk11_EnterKeyMonitor(symKey);
- (void) PK11_GETTAB(symKey->slot)->
- C_DestroyObject(symKey->session, symKey->objectID);
- pk11_ExitKeyMonitor(symKey);
- }
- if (symKey->data.data) {
- PORT_Memset(symKey->data.data, 0, symKey->data.len);
- PORT_Free(symKey->data.data);
- }
- slot = symKey->slot;
- PK11_USE_THREADS(PR_Lock(slot->freeListLock);)
- if (slot->keyCount < slot->maxKeyCount) {
- symKey->next = slot->freeSymKeysHead;
- slot->freeSymKeysHead = symKey;
- slot->keyCount++;
- symKey->slot = NULL;
- freeit = PR_FALSE;
- }
- PK11_USE_THREADS(PR_Unlock(slot->freeListLock);)
- if (freeit) {
- pk11_CloseSession(symKey->slot, symKey->session,
- symKey->sessionOwner);
- PK11_USE_THREADS(PR_DestroyLock(symKey->refLock);)
- PORT_Free(symKey);
- }
- PK11_FreeSlot(slot);
- }
-}
-
-PK11SymKey *
-PK11_ReferenceSymKey(PK11SymKey *symKey)
-{
- PK11_USE_THREADS(PR_Lock(symKey->refLock);)
- symKey->refCount++;
- PK11_USE_THREADS(PR_Unlock(symKey->refLock);)
- return symKey;
-}
-
-/*
- * turn key handle into an appropriate key object
- */
-PK11SymKey *
-PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent, PK11Origin origin,
- CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID, PRBool owner, void *wincx)
-{
- PK11SymKey *symKey;
-
- if (keyID == CK_INVALID_KEY) {
- return NULL;
- }
-
- symKey = PK11_CreateSymKey(slot,type,wincx);
- if (symKey == NULL) {
- return NULL;
- }
-
- symKey->objectID = keyID;
- symKey->origin = origin;
- symKey->owner = owner;
-
- /* adopt the parent's session */
- /* This is only used by SSL. What we really want here is a session
- * structure with a ref count so the session goes away only after all the
- * keys do. */
- if (owner && parent) {
- pk11_CloseSession(symKey->slot, symKey->session,symKey->sessionOwner);
- symKey->sessionOwner = parent->sessionOwner;
- symKey->session = parent->session;
- parent->sessionOwner = PR_FALSE;
- }
-
- return symKey;
-}
-
-/*
- * turn key handle into an appropriate key object
- */
-PK11SymKey *
-PK11_GetWrapKey(PK11SlotInfo *slot, int wrap, CK_MECHANISM_TYPE type,
- int series, void *wincx)
-{
- PK11SymKey *symKey = NULL;
-
- if (slot->series != series) return NULL;
- if (slot->refKeys[wrap] == CK_INVALID_KEY) return NULL;
- if (type == CKM_INVALID_MECHANISM) type = slot->wrapMechanism;
-
- symKey = PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive,
- slot->wrapMechanism, slot->refKeys[wrap], PR_FALSE, wincx);
- return symKey;
-}
-
-void
-PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey)
-{
- /* save the handle and mechanism for the wrapping key */
- /* mark the key and session as not owned by us to they don't get freed
- * when the key goes way... that lets us reuse the key later */
- slot->refKeys[wrap] = wrapKey->objectID;
- wrapKey->owner = PR_FALSE;
- wrapKey->sessionOwner = PR_FALSE;
- slot->wrapMechanism = wrapKey->type;
-}
-
-CK_MECHANISM_TYPE
-PK11_GetMechanism(PK11SymKey *symKey)
-{
- return symKey->type;
-}
-
-/*
- * figure out if a key is still valid or if it is stale.
- */
-PRBool
-PK11_VerifyKeyOK(PK11SymKey *key) {
- if (!PK11_IsPresent(key->slot)) {
- return PR_FALSE;
- }
- return (PRBool)(key->series == key->slot->series);
-}
-
-static PK11SymKey *
-pk11_ImportSymKeyWithTempl(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
- PK11Origin origin, CK_ATTRIBUTE *keyTemplate,
- unsigned int templateCount, SECItem *key, void *wincx)
-{
- PK11SymKey * symKey;
- CK_RV crv;
-
- symKey = PK11_CreateSymKey(slot,type,wincx);
- if (symKey == NULL) {
- return NULL;
- }
-
- symKey->size = key->len;
-
- if (SECITEM_CopyItem(NULL,&symKey->data,key) != SECSuccess) {
- PK11_FreeSymKey(symKey);
- return NULL;
- }
-
- symKey->origin = origin;
-
- /* import the keys */
- crv = PK11_CreateNewObject(slot, symKey->session, keyTemplate,
- templateCount, PR_FALSE, &symKey->objectID);
- if ( crv != CKR_OK) {
- PK11_FreeSymKey(symKey);
- PORT_SetError( PK11_MapError(crv));
- return NULL;
- }
-
- return symKey;
-}
-
-/*
- * turn key bits into an appropriate key object
- */
-PK11SymKey *
-PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
- PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key,void *wincx)
-{
- PK11SymKey * symKey;
- unsigned int templateCount = 0;
- CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
- CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
- CK_BBOOL cktrue = CK_TRUE; /* sigh */
- CK_ATTRIBUTE keyTemplate[5];
- CK_ATTRIBUTE * attrs = keyTemplate;
-
- PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass) ); attrs++;
- PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType) ); attrs++;
- PK11_SETATTRS(attrs, operation, &cktrue, 1); attrs++;
- PK11_SETATTRS(attrs, CKA_VALUE, key->data, key->len); attrs++;
- templateCount = attrs - keyTemplate;
- PR_ASSERT(templateCount <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE));
-
- keyType = PK11_GetKeyType(type,key->len);
- symKey = pk11_ImportSymKeyWithTempl(slot, type, origin, keyTemplate,
- templateCount, key, wincx);
- return symKey;
-}
-
-/*
- * import a public key into the desired slot
- */
-CK_OBJECT_HANDLE
-PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey,
- PRBool isToken)
-{
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
- CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
- CK_OBJECT_HANDLE objectID;
- CK_ATTRIBUTE theTemplate[10];
- CK_ATTRIBUTE *signedattr = NULL;
- CK_ATTRIBUTE *attrs = theTemplate;
- int signedcount = 0;
- int templateCount = 0;
- CK_RV crv;
-
- /* if we already have an object in the desired slot, use it */
- if (!isToken && pubKey->pkcs11Slot == slot) {
- return pubKey->pkcs11ID;
- }
-
- /* free the existing key */
- if (pubKey->pkcs11Slot != NULL) {
- PK11SlotInfo *oSlot = pubKey->pkcs11Slot;
- PK11_EnterSlotMonitor(oSlot);
- (void) PK11_GETTAB(oSlot)->C_DestroyObject(oSlot->session,
- pubKey->pkcs11ID);
- PK11_ExitSlotMonitor(oSlot);
- PK11_FreeSlot(oSlot);
- pubKey->pkcs11Slot = NULL;
- }
- PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass) ); attrs++;
- PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType) ); attrs++;
- PK11_SETATTRS(attrs, CKA_TOKEN, isToken ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL) ); attrs++;
-
- /* now import the key */
- {
- switch (pubKey->keyType) {
- case rsaKey:
- keyType = CKK_RSA;
- PK11_SETATTRS(attrs, CKA_WRAP, &cktrue, sizeof(CK_BBOOL) ); attrs++;
- PK11_SETATTRS(attrs, CKA_ENCRYPT, &cktrue,
- sizeof(CK_BBOOL) ); attrs++;
- PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); attrs++;
- signedattr = attrs;
- PK11_SETATTRS(attrs, CKA_MODULUS, pubKey->u.rsa.modulus.data,
- pubKey->u.rsa.modulus.len); attrs++;
- PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT,
- pubKey->u.rsa.publicExponent.data,
- pubKey->u.rsa.publicExponent.len); attrs++;
- break;
- case dsaKey:
- keyType = CKK_DSA;
- PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));attrs++;
- signedattr = attrs;
- PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dsa.params.prime.data,
- pubKey->u.dsa.params.prime.len); attrs++;
- PK11_SETATTRS(attrs,CKA_SUBPRIME,pubKey->u.dsa.params.subPrime.data,
- pubKey->u.dsa.params.subPrime.len); attrs++;
- PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dsa.params.base.data,
- pubKey->u.dsa.params.base.len); attrs++;
- PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dsa.publicValue.data,
- pubKey->u.dsa.publicValue.len); attrs++;
- break;
- case fortezzaKey:
- keyType = CKK_DSA;
- PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));attrs++;
- signedattr = attrs;
- PK11_SETATTRS(attrs, CKA_PRIME,pubKey->u.fortezza.params.prime.data,
- pubKey->u.fortezza.params.prime.len); attrs++;
- PK11_SETATTRS(attrs,CKA_SUBPRIME,
- pubKey->u.fortezza.params.subPrime.data,
- pubKey->u.fortezza.params.subPrime.len);attrs++;
- PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.fortezza.params.base.data,
- pubKey->u.fortezza.params.base.len); attrs++;
- PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.fortezza.DSSKey.data,
- pubKey->u.fortezza.DSSKey.len); attrs++;
- break;
- case dhKey:
- keyType = CKK_DH;
- PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));attrs++;
- signedattr = attrs;
- PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dh.prime.data,
- pubKey->u.dh.prime.len); attrs++;
- PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dh.base.data,
- pubKey->u.dh.base.len); attrs++;
- PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dh.publicValue.data,
- pubKey->u.dh.publicValue.len); attrs++;
- break;
- /* what about fortezza??? */
- default:
- PORT_SetError( SEC_ERROR_BAD_KEY );
- return CK_INVALID_KEY;
- }
-
- templateCount = attrs - theTemplate;
- signedcount = attrs - signedattr;
- PORT_Assert(templateCount <= (sizeof(theTemplate)/sizeof(CK_ATTRIBUTE)));
- for (attrs=signedattr; signedcount; attrs++, signedcount--) {
- pk11_SignedToUnsigned(attrs);
- }
- crv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, theTemplate,
- templateCount, isToken, &objectID);
- if ( crv != CKR_OK) {
- PORT_SetError (PK11_MapError(crv));
- return CK_INVALID_KEY;
- }
- }
-
- pubKey->pkcs11ID = objectID;
- pubKey->pkcs11Slot = PK11_ReferenceSlot(slot);
-
- return objectID;
-}
-
-
-/*
- * return the slot associated with a symetric key
- */
-PK11SlotInfo *
-PK11_GetSlotFromKey(PK11SymKey *symKey)
-{
- return PK11_ReferenceSlot(symKey->slot);
-}
-
-PK11SymKey *
-PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *keyID,
- void *wincx)
-{
- CK_ATTRIBUTE findTemp[4];
- CK_ATTRIBUTE *attrs;
- CK_BBOOL ckTrue = CK_TRUE;
- CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY;
- int tsize = 0;
- CK_OBJECT_HANDLE key_id;
-
- attrs = findTemp;
- PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); attrs++;
- PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); attrs++;
- if (keyID) {
- PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len); attrs++;
- }
- tsize = attrs - findTemp;
- PORT_Assert(tsize <= sizeof(findTemp)/sizeof(CK_ATTRIBUTE));
-
- key_id = pk11_FindObjectByTemplate(slot,findTemp,tsize);
- if (key_id == CK_INVALID_KEY) {
- return NULL;
- }
- return PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive, type, key_id,
- PR_FALSE, wincx);
-}
-
-void *
-PK11_GetWindow(PK11SymKey *key)
-{
- return key->cx;
-}
-
-
-/*
- * extract a symetric key value. NOTE: if the key is sensitive, we will
- * not be able to do this operation. This function is used to move
- * keys from one token to another */
-SECStatus
-PK11_ExtractKeyValue(PK11SymKey *symKey)
-{
-
- if (symKey->data.data != NULL) return SECSuccess;
-
- if (symKey->slot == NULL) {
- PORT_SetError( SEC_ERROR_INVALID_KEY );
- return SECFailure;
- }
-
- return PK11_ReadAttribute(symKey->slot,symKey->objectID,CKA_VALUE,NULL,
- &symKey->data);
-}
-
-SECItem *
-PK11_GetKeyData(PK11SymKey *symKey)
-{
- return &symKey->data;
-}
-
-/*
- * take an attribute and copy it into a secitem, converting unsigned to signed.
- */
-static CK_RV
-pk11_Attr2SecItem(PRArenaPool *arena, CK_ATTRIBUTE *attr, SECItem *item) {
- unsigned char *dataPtr;
-
- item->len = attr->ulValueLen;
- dataPtr = (unsigned char*) PORT_ArenaAlloc(arena, item->len+1);
- if ( dataPtr == NULL) {
- return CKR_HOST_MEMORY;
- }
- *dataPtr = 0;
- item->data = dataPtr+1;
- PORT_Memcpy(item->data,attr->pValue,item->len);
- if (item->data[0] & 0x80) {
- item->data = item->data-1;
- item->len++;
- }
- return CKR_OK;
-}
-/*
- * extract a public key from a slot and id
- */
-SECKEYPublicKey *
-PK11_ExtractPublicKey(PK11SlotInfo *slot,KeyType keyType,CK_OBJECT_HANDLE id)
-{
- CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
- PRArenaPool *arena;
- PRArenaPool *tmp_arena;
- SECKEYPublicKey *pubKey;
- int templateCount = 0;
- CK_KEY_TYPE pk11KeyType;
- CK_RV crv;
- CK_ATTRIBUTE template[8];
- CK_ATTRIBUTE *attrs= template;
- CK_ATTRIBUTE *modulus,*exponent,*base,*prime,*subprime,*value;
-
- /* if we didn't know the key type, get it */
- if (keyType== nullKey) {
-
- pk11KeyType = PK11_ReadULongAttribute(slot,id,CKA_KEY_TYPE);
- if (pk11KeyType == CK_UNAVAILABLE_INFORMATION) {
- PORT_SetError( PK11_MapError(crv) );
- return NULL;
- }
- switch (pk11KeyType) {
- case CKK_RSA:
- keyType = rsaKey;
- break;
- case CKK_DSA:
- keyType = dsaKey;
- break;
- case CKK_DH:
- keyType = dhKey;
- break;
- default:
- PORT_SetError( SEC_ERROR_BAD_KEY );
- return NULL;
- }
- }
-
-
- /* now we need to create space for the public key */
- arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) return NULL;
- tmp_arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
- if (tmp_arena == NULL) {
- PORT_FreeArena (arena, PR_FALSE);
- return NULL;
- }
-
-
- pubKey = (SECKEYPublicKey *)
- PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
- if (pubKey == NULL) {
- PORT_FreeArena (arena, PR_FALSE);
- PORT_FreeArena (tmp_arena, PR_FALSE);
- return NULL;
- }
-
- pubKey->arena = arena;
- pubKey->keyType = keyType;
- pubKey->pkcs11Slot = PK11_ReferenceSlot(slot);
- pubKey->pkcs11ID = id;
- PK11_SETATTRS(attrs, CKA_CLASS, &keyClass,
- sizeof(keyClass)); attrs++;
- PK11_SETATTRS(attrs, CKA_KEY_TYPE, &pk11KeyType,
- sizeof(pk11KeyType) ); attrs++;
- switch (pubKey->keyType) {
- case rsaKey:
- modulus = attrs;
- PK11_SETATTRS(attrs, CKA_MODULUS, NULL, 0); attrs++;
- exponent = attrs;
- PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, NULL, 0); attrs++;
-
- templateCount = attrs - template;
- PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE));
- crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount);
- if (crv != CKR_OK) break;
-
- if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_RSA)) {
- crv = CKR_OBJECT_HANDLE_INVALID;
- break;
- }
- crv = pk11_Attr2SecItem(arena,modulus,&pubKey->u.rsa.modulus);
- if (crv != CKR_OK) break;
- crv = pk11_Attr2SecItem(arena,exponent,&pubKey->u.rsa.publicExponent);
- if (crv != CKR_OK) break;
- break;
- case dsaKey:
- prime = attrs;
- PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); attrs++;
- subprime = attrs;
- PK11_SETATTRS(attrs, CKA_SUBPRIME, NULL, 0); attrs++;
- base = attrs;
- PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); attrs++;
- value = attrs;
- PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); attrs++;
- templateCount = attrs - template;
- PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE));
- crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount);
- if (crv != CKR_OK) break;
-
- if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DSA)) {
- crv = CKR_OBJECT_HANDLE_INVALID;
- break;
- }
- crv = pk11_Attr2SecItem(arena,prime,&pubKey->u.dsa.params.prime);
- if (crv != CKR_OK) break;
- crv = pk11_Attr2SecItem(arena,subprime,&pubKey->u.dsa.params.subPrime);
- if (crv != CKR_OK) break;
- crv = pk11_Attr2SecItem(arena,base,&pubKey->u.dsa.params.base);
- if (crv != CKR_OK) break;
- crv = pk11_Attr2SecItem(arena,value,&pubKey->u.dsa.publicValue);
- if (crv != CKR_OK) break;
- break;
- case dhKey:
- prime = attrs;
- PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); attrs++;
- base = attrs;
- PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); attrs++;
- value =attrs;
- PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); attrs++;
- templateCount = attrs - template;
- PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE));
- crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount);
- if (crv != CKR_OK) break;
-
- if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DSA)) {
- crv = CKR_OBJECT_HANDLE_INVALID;
- break;
- }
- crv = pk11_Attr2SecItem(arena,prime,&pubKey->u.dh.prime);
- if (crv != CKR_OK) break;
- crv = pk11_Attr2SecItem(arena,base,&pubKey->u.dh.base);
- if (crv != CKR_OK) break;
- crv = pk11_Attr2SecItem(arena,value,&pubKey->u.dh.publicValue);
- if (crv != CKR_OK) break;
- break;
- case fortezzaKey:
- case nullKey:
- default:
- crv = CKR_OBJECT_HANDLE_INVALID;
- break;
- }
-
- PORT_FreeArena(tmp_arena,PR_FALSE);
-
- if (crv != CKR_OK) {
- PORT_FreeArena(arena,PR_FALSE);
- PK11_FreeSlot(slot);
- PORT_SetError( PK11_MapError(crv) );
- return NULL;
- }
-
- return pubKey;
-}
-
-/*
- * Build a Private Key structure from raw PKCS #11 information.
- */
-SECKEYPrivateKey *
-PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType,
- PRBool isTemp, CK_OBJECT_HANDLE privID, void *wincx)
-{
- PRArenaPool *arena;
- SECKEYPrivateKey *privKey;
-
- /* don't know? look it up */
- if (keyType == nullKey) {
- CK_KEY_TYPE pk11Type = CKK_RSA;
-
- pk11Type = PK11_ReadULongAttribute(slot,privID,CKA_KEY_TYPE);
- isTemp = (PRBool)!PK11_HasAttributeSet(slot,privID,CKA_TOKEN);
- switch (pk11Type) {
- case CKK_RSA: keyType = rsaKey; break;
- case CKK_DSA: keyType = dsaKey; break;
- case CKK_DH: keyType = dhKey; break;
- case CKK_KEA: keyType = fortezzaKey; break;
- default:
- break;
- }
- }
-
- /* now we need to create space for the private key */
- arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) return NULL;
-
- privKey = (SECKEYPrivateKey *)
- PORT_ArenaZAlloc(arena, sizeof(SECKEYPrivateKey));
- if (privKey == NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
- }
-
- privKey->arena = arena;
- privKey->keyType = keyType;
- privKey->pkcs11Slot = PK11_ReferenceSlot(slot);
- privKey->pkcs11ID = privID;
- privKey->pkcs11IsTemp = isTemp;
- privKey->wincx = wincx;
-
- return privKey;
-}
-
-/* return the keylength if possible. '0' if not */
-unsigned int
-PK11_GetKeyLength(PK11SymKey *key)
-{
- if (key->size != 0) return key->size ;
- if (key->data.data == NULL) {
- PK11_ExtractKeyValue(key);
- }
- /* key is probably secret. Look up it's type and length */
- /* this is new PKCS #11 version 2.0 functionality. */
- if (key->size == 0) {
- CK_ULONG keyLength;
-
- keyLength = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_VALUE_LEN);
- /* doesn't have a length field, check the known PKCS #11 key types,
- * which don't have this field */
- if (keyLength == CK_UNAVAILABLE_INFORMATION) {
- CK_KEY_TYPE keyType;
- keyType = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_KEY_TYPE);
- switch (keyType) {
- case CKK_DES: key->size = 8; break;
- case CKK_DES2: key->size = 16; break;
- case CKK_DES3: key->size = 24; break;
- case CKK_SKIPJACK: key->size = 10; break;
- case CKK_BATON: key->size = 20; break;
- case CKK_JUNIPER: key->size = 20; break;
- case CKK_GENERIC_SECRET:
- if (key->type == CKM_SSL3_PRE_MASTER_KEY_GEN) {
- key->size=48;
- }
- break;
- default: break;
- }
- } else {
- key->size = (unsigned int)keyLength;
- }
- }
-
- return key->size;
-}
-
-/* return the strength of a key. This is different from length in that
- * 1) it returns the size in bits, and 2) it returns only the secret portions
- * of the key minus any checksums or parity.
- */
-unsigned int
-PK11_GetKeyStrength(PK11SymKey *key, SECAlgorithmID *algid)
-{
- int size=0;
- CK_MECHANISM_TYPE mechanism= CKM_INVALID_MECHANISM; /* RC2 only */
- SECItem *param = NULL; /* RC2 only */
- CK_RC2_CBC_PARAMS *rc2_params = NULL; /* RC2 ONLY */
- unsigned int effectiveBits = 0; /* RC2 ONLY */
-
- switch (PK11_GetKeyType(key->type,0)) {
- case CKK_CDMF:
- return 40;
- case CKK_DES:
- return 56;
- case CKK_DES3:
- case CKK_DES2:
- size = PK11_GetKeyLength(key);
- if (size == 16) {
- /* double des */
- return 112; /* 16*7 */
- }
- return 168;
- /*
- * RC2 has is different than other ciphers in that it allows the user
- * to deprecating keysize while still requiring all the bits for the
- * original key. The info
- * on what the effective key strength is in the parameter for the key.
- * In S/MIME this parameter is stored in the DER encoded algid. In Our
- * other uses of RC2, effectiveBits == keyBits, so this code functions
- * correctly without an algid.
- */
- case CKK_RC2:
- /* if no algid was provided, fall through to default */
- if (!algid) {
- break;
- }
- /* verify that the algid is for RC2 */
- mechanism = PK11_AlgtagToMechanism(SECOID_GetAlgorithmTag(algid));
- if ((mechanism != CKM_RC2_CBC) && (mechanism != CKM_RC2_ECB)) {
- break;
- }
-
- /* now get effective bits from the algorithm ID. */
- param = PK11_ParamFromAlgid(algid);
- /* if we couldn't get memory just use key length */
- if (param == NULL) {
- break;
- }
-
- rc2_params = (CK_RC2_CBC_PARAMS *) param->data;
- /* paranoia... shouldn't happen */
- PORT_Assert(param->data != NULL);
- if (param->data == NULL) {
- SECITEM_FreeItem(param,PR_TRUE);
- break;
- }
- effectiveBits = (unsigned int)rc2_params->ulEffectiveBits;
- SECITEM_FreeItem(param,PR_TRUE);
- param = NULL; rc2_params=NULL; /* paranoia */
-
- /* we have effective bits, is and allocated memory is free, now
- * we need to return the smaller of effective bits and keysize */
- size = PK11_GetKeyLength(key);
- if ((unsigned int)size*8 > effectiveBits) {
- return effectiveBits;
- }
-
- return size*8; /* the actual key is smaller, the strength can't be
- * greater than the actual key size */
-
- default:
- break;
- }
- return PK11_GetKeyLength(key) * 8;
-}
-
-/* Make a Key type to an appropriate signing/verification mechanism */
-static CK_MECHANISM_TYPE
-pk11_mapSignKeyType(KeyType keyType)
-{
- switch (keyType) {
- case rsaKey:
- return CKM_RSA_PKCS;
- case fortezzaKey:
- case dsaKey:
- return CKM_DSA;
- case dhKey:
- default:
- break;
- }
- return CKM_INVALID_MECHANISM;
-}
-
-static CK_MECHANISM_TYPE
-pk11_mapWrapKeyType(KeyType keyType)
-{
- switch (keyType) {
- case rsaKey:
- return CKM_RSA_PKCS;
- /* Add fortezza?? */
- default:
- break;
- }
- return CKM_INVALID_MECHANISM;
-}
-
-/*
- * Some non-compliant PKCS #11 vendors do not give us the modulus, so actually
- * set up a signature to get the signaure length.
- */
-static int
-pk11_backupGetSignLength(SECKEYPrivateKey *key)
-{
- PK11SlotInfo *slot = key->pkcs11Slot;
- CK_MECHANISM mech = {0, NULL, 0 };
- PRBool owner = PR_TRUE;
- CK_SESSION_HANDLE session;
- CK_ULONG len;
- CK_RV crv;
- unsigned char h_data[20] = { 0 };
- unsigned char buf[20]; /* obviously to small */
- CK_ULONG smallLen = sizeof(buf);
-
- mech.mechanism = pk11_mapSignKeyType(key->keyType);
-
- session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_SignInit(session,&mech,key->pkcs11ID);
- if (crv != CKR_OK) {
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- PORT_SetError( PK11_MapError(crv) );
- return -1;
- }
- len = 0;
- crv = PK11_GETTAB(slot)->C_Sign(session,h_data,sizeof(h_data),
- NULL, &len);
- /* now call C_Sign with too small a buffer to clear the session state */
- (void) PK11_GETTAB(slot)->
- C_Sign(session,h_data,sizeof(h_data),buf,&smallLen);
-
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return -1;
- }
- return len;
-}
-/*
- * get the length of a signature object based on the key
- */
-int
-PK11_SignatureLen(SECKEYPrivateKey *key)
-{
- PK11SlotInfo *slot = key->pkcs11Slot;
- int val;
-
- switch (key->keyType) {
- case rsaKey:
- val = PK11_GetPrivateModulusLen(key);
- if (val == -1) {
- break; /* failed */
- }
- return (unsigned long) val;
-
- case fortezzaKey:
- case dsaKey:
- return 40;
-
- default:
- break;
- }
- PORT_SetError( SEC_ERROR_INVALID_KEY );
- return 0;
-}
-
-PK11SlotInfo *
-PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key)
-{
- PK11SlotInfo *slot = key->pkcs11Slot;
- slot = PK11_ReferenceSlot(slot);
- return slot;
-}
-
-/*
- * Get the modulus length for raw parsing
- */
-int
-PK11_GetPrivateModulusLen(SECKEYPrivateKey *key)
-{
- CK_ATTRIBUTE theTemplate = { CKA_MODULUS, NULL, 0 };
- PK11SlotInfo *slot = key->pkcs11Slot;
- CK_RV crv;
- int length;
-
- switch (key->keyType) {
- case rsaKey:
- crv = PK11_GetAttributes(NULL, slot, key->pkcs11ID, &theTemplate, 1);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return -1;
- }
- length = theTemplate.ulValueLen;
- if ( *(unsigned char *)theTemplate.pValue == 0) {
- length--;
- }
- if (theTemplate.pValue != NULL)
- PORT_Free(theTemplate.pValue);
- return (int) length;
-
- case fortezzaKey:
- case dsaKey:
- case dhKey:
- default:
- break;
- }
- if (theTemplate.pValue != NULL)
- PORT_Free(theTemplate.pValue);
- PORT_SetError( SEC_ERROR_INVALID_KEY );
- return -1;
-}
-
-/*
- * copy a key (or any other object) on a token
- */
-CK_OBJECT_HANDLE
-PK11_CopyKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE srcObject)
-{
- CK_OBJECT_HANDLE destObject;
- CK_RV crv;
-
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_CopyObject(slot->session,srcObject,NULL,0,
- &destObject);
- PK11_ExitSlotMonitor(slot);
- if (crv == CKR_OK) return destObject;
- PORT_SetError( PK11_MapError(crv) );
- return CK_INVALID_KEY;
-}
-
-
-PK11SymKey *
-pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
- CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey);
-
-/*
- * The next two utilities are to deal with the fact that a given operation
- * may be a multi-slot affair. This creates a new key object that is copied
- * into the new slot.
- */
-PK11SymKey *
-pk11_CopyToSlot(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
- CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey)
-{
- SECStatus rv;
- PK11SymKey *newKey = NULL;
-
- /* Extract the raw key data if possible */
- if (symKey->data.data == NULL) {
- rv = PK11_ExtractKeyValue(symKey);
- /* KEY is sensitive, we're try key exchanging it. */
- if (rv != SECSuccess) {
- return pk11_KeyExchange(slot, type, operation, symKey);
- }
- }
- newKey = PK11_ImportSymKey(slot, type, symKey->origin, operation,
- &symKey->data, symKey->cx);
- if (newKey == NULL) newKey = pk11_KeyExchange(slot,type,operation,symKey);
- return newKey;
-}
-
-/*
- * Make sure the slot we are in the correct slot for the operation
- */
-static PK11SymKey *
-pk11_ForceSlot(PK11SymKey *symKey,CK_MECHANISM_TYPE type,
- CK_ATTRIBUTE_TYPE operation)
-{
- PK11SlotInfo *slot = symKey->slot;
- PK11SymKey *newKey = NULL;
-
- if ((slot== NULL) || !PK11_DoesMechanism(slot,type)) {
- slot = PK11_GetBestSlot(type,symKey->cx);
- if (slot == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return NULL;
- }
- newKey = pk11_CopyToSlot(slot, type, operation, symKey);
- PK11_FreeSlot(slot);
- }
- return newKey;
-}
-
-/*
- * Use the token to Generate a key. keySize must be 'zero' for fixed key
- * length algorithms. NOTE: this means we can never generate a DES2 key
- * from this interface!
- */
-PK11SymKey *
-PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
- int keySize, SECItem *keyid, PRBool isToken, void *wincx)
-{
- PK11SymKey *symKey;
- CK_ATTRIBUTE genTemplate[4];
- CK_ATTRIBUTE *attrs = genTemplate;
- int count = sizeof(genTemplate)/sizeof(genTemplate[0]);
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_RV crv;
- PRBool weird = PR_FALSE; /* hack for fortezza */
- CK_BBOOL ckfalse = CK_FALSE;
- CK_BBOOL cktrue = CK_TRUE;
-
- if ((keySize == -1) && (type == CKM_SKIPJACK_CBC64)) {
- weird = PR_TRUE;
- keySize = 0;
- }
-
- /* TNH: Isn't this redundant, since "handleKey" will set defaults? */
- PK11_SETATTRS(attrs, (!weird)
- ? CKA_ENCRYPT : CKA_DECRYPT, &cktrue, sizeof(CK_BBOOL)); attrs++;
-
- if (keySize != 0) {
- CK_ULONG key_size = keySize; /* Convert to PK11 type */
-
- PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size));
- attrs++;
- }
-
- /* Include key id value if provided */
- if (keyid) {
- PK11_SETATTRS(attrs, CKA_ID, keyid->data, keyid->len); attrs++;
- }
-
- if (isToken) {
- PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); attrs++;
- }
-
- count = attrs - genTemplate;
- PR_ASSERT(count <= sizeof(genTemplate)/sizeof(CK_ATTRIBUTE));
-
- /* find a slot to generate the key into */
- /* Only do slot management if this is not a token key */
- if (!isToken && (slot == NULL || !PK11_DoesMechanism(slot,type))) {
- PK11SlotInfo *bestSlot;
-
- bestSlot = PK11_GetBestSlot(type,wincx); /* TNH: references the slot? */
- if (bestSlot == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return NULL;
- }
-
- symKey = PK11_CreateSymKey(bestSlot,type,wincx);
-
- PK11_FreeSlot(bestSlot);
- } else {
- symKey = PK11_CreateSymKey(slot, type, wincx);
- }
- if (symKey == NULL) return NULL;
-
- symKey->size = keySize;
- symKey->origin = (!weird) ? PK11_OriginGenerated : PK11_OriginFortezzaHack;
-
- /* Initialize the Key Gen Mechanism */
- mechanism.mechanism = PK11_GetKeyGen(type);
- if (mechanism.mechanism == CKM_FAKE_RANDOM) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return NULL;
- }
-
- /* Set the parameters for the key gen if provided */
- mechanism.pParameter = NULL;
- mechanism.ulParameterLen = 0;
- if (param) {
- mechanism.pParameter = param->data;
- mechanism.ulParameterLen = param->len;
- }
-
- /* Get session and perform locking */
- if (isToken) {
- session = PK11_GetRWSession(symKey->slot); /* Should always be original slot */
- } else {
- session = symKey->session;
- pk11_EnterKeyMonitor(symKey);
- }
-
- crv = PK11_GETTAB(symKey->slot)->C_GenerateKey(session,
- &mechanism, genTemplate, count, &symKey->objectID);
-
- /* Release lock and session */
- if (isToken) {
- PK11_RestoreROSession(symKey->slot, session);
- } else {
- pk11_ExitKeyMonitor(symKey);
- }
-
- if (crv != CKR_OK) {
- PK11_FreeSymKey(symKey);
- PORT_SetError( PK11_MapError(crv) );
- return NULL;
- }
-
- return symKey;
-}
-
-PK11SymKey *
-PK11_KeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
- int keySize, void *wincx)
-{
- return PK11_TokenKeyGen(slot, type, param, keySize, 0, PR_FALSE, wincx);
-}
-
-/* --- */
-PK11SymKey *
-PK11_GenDES3TokenKey(PK11SlotInfo *slot, SECItem *keyid, void *cx)
-{
- return PK11_TokenKeyGen(slot, CKM_DES3_CBC, 0, 0, keyid, PR_TRUE, cx);
-}
-
-/*
- * PKCS #11 pairwise consistency check utilized to validate key pair.
- */
-static SECStatus
-pk11_PairwiseConsistencyCheck(SECKEYPublicKey *pubKey,
- SECKEYPrivateKey *privKey, CK_MECHANISM *mech, void* wincx )
-{
- /* Variables used for Encrypt/Decrypt functions. */
- unsigned char *known_message = (unsigned char *)"Known Crypto Message";
- CK_BBOOL isEncryptable = CK_FALSE;
- CK_BBOOL canSignVerify = CK_FALSE;
- CK_BBOOL isDerivable = CK_FALSE;
- unsigned char plaintext[PAIRWISE_MESSAGE_LENGTH];
- CK_ULONG bytes_decrypted;
- PK11SlotInfo *slot;
- CK_OBJECT_HANDLE id;
- unsigned char *ciphertext;
- unsigned char *text_compared;
- CK_ULONG max_bytes_encrypted;
- CK_ULONG bytes_encrypted;
- CK_ULONG bytes_compared;
- CK_RV crv;
-
- /* Variables used for Signature/Verification functions. */
- unsigned char *known_digest = (unsigned char *)"Mozilla Rules World!";
- SECItem signature;
- SECItem digest; /* always uses SHA-1 digest */
- int signature_length;
- SECStatus rv;
-
- /**************************************************/
- /* Pairwise Consistency Check of Encrypt/Decrypt. */
- /**************************************************/
-
- isEncryptable = PK11_HasAttributeSet( privKey->pkcs11Slot,
- privKey->pkcs11ID, CKA_DECRYPT );
-
- /* If the encryption attribute is set; attempt to encrypt */
- /* with the public key and decrypt with the private key. */
- if( isEncryptable ) {
- /* Find a module to encrypt against */
- slot = PK11_GetBestSlot(pk11_mapWrapKeyType(privKey->keyType),wincx);
- if (slot == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return SECFailure;
- }
-
- id = PK11_ImportPublicKey(slot,pubKey,PR_FALSE);
- if (id == CK_INVALID_KEY) {
- PK11_FreeSlot(slot);
- return SECFailure;
- }
-
- /* Compute max bytes encrypted from modulus length of private key. */
- max_bytes_encrypted = PK11_GetPrivateModulusLen( privKey );
-
-
- /* Prepare for encryption using the public key. */
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB( slot )->C_EncryptInit( slot->session,
- mech, id );
- if( crv != CKR_OK ) {
- PK11_ExitSlotMonitor(slot);
- PORT_SetError( PK11_MapError( crv ) );
- PK11_FreeSlot(slot);
- return SECFailure;
- }
-
- /* Allocate space for ciphertext. */
- ciphertext = (unsigned char *) PORT_Alloc( max_bytes_encrypted );
- if( ciphertext == NULL ) {
- PK11_ExitSlotMonitor(slot);
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- PK11_FreeSlot(slot);
- return SECFailure;
- }
-
- /* Initialize bytes encrypted to max bytes encrypted. */
- bytes_encrypted = max_bytes_encrypted;
-
- /* Encrypt using the public key. */
- crv = PK11_GETTAB( slot )->C_Encrypt( slot->session,
- known_message,
- PAIRWISE_MESSAGE_LENGTH,
- ciphertext,
- &bytes_encrypted );
- PK11_ExitSlotMonitor(slot);
- PK11_FreeSlot(slot);
- if( crv != CKR_OK ) {
- PORT_SetError( PK11_MapError( crv ) );
- PORT_Free( ciphertext );
- return SECFailure;
- }
-
- /* Always use the smaller of these two values . . . */
- bytes_compared = ( bytes_encrypted > PAIRWISE_MESSAGE_LENGTH )
- ? PAIRWISE_MESSAGE_LENGTH
- : bytes_encrypted;
-
- /* If there was a failure, the plaintext */
- /* goes at the end, therefore . . . */
- text_compared = ( bytes_encrypted > PAIRWISE_MESSAGE_LENGTH )
- ? (ciphertext + bytes_encrypted -
- PAIRWISE_MESSAGE_LENGTH )
- : ciphertext;
-
- /* Check to ensure that ciphertext does */
- /* NOT EQUAL known input message text */
- /* per FIPS PUB 140-1 directive. */
- if( ( bytes_encrypted != max_bytes_encrypted ) ||
- ( PORT_Memcmp( text_compared, known_message,
- bytes_compared ) == 0 ) ) {
- /* Set error to Invalid PRIVATE Key. */
- PORT_SetError( SEC_ERROR_INVALID_KEY );
- PORT_Free( ciphertext );
- return SECFailure;
- }
-
- slot = privKey->pkcs11Slot;
- /* Prepare for decryption using the private key. */
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB( slot )->C_DecryptInit( slot->session,
- mech,
- privKey->pkcs11ID );
- if( crv != CKR_OK ) {
- PK11_ExitSlotMonitor(slot);
- PORT_SetError( PK11_MapError(crv) );
- PORT_Free( ciphertext );
- PK11_FreeSlot(slot);
- return SECFailure;
- }
-
- /* Initialize bytes decrypted to be the */
- /* expected PAIRWISE_MESSAGE_LENGTH. */
- bytes_decrypted = PAIRWISE_MESSAGE_LENGTH;
-
- /* Decrypt using the private key. */
- /* NOTE: No need to reset the */
- /* value of bytes_encrypted. */
- crv = PK11_GETTAB( slot )->C_Decrypt( slot->session,
- ciphertext,
- bytes_encrypted,
- plaintext,
- &bytes_decrypted );
- PK11_ExitSlotMonitor(slot);
-
- /* Finished with ciphertext; free it. */
- PORT_Free( ciphertext );
-
- if( crv != CKR_OK ) {
- PORT_SetError( PK11_MapError(crv) );
- PK11_FreeSlot(slot);
- return SECFailure;
- }
-
- /* Check to ensure that the output plaintext */
- /* does EQUAL known input message text. */
- if( ( bytes_decrypted != PAIRWISE_MESSAGE_LENGTH ) ||
- ( PORT_Memcmp( plaintext, known_message,
- PAIRWISE_MESSAGE_LENGTH ) != 0 ) ) {
- /* Set error to Bad PUBLIC Key. */
- PORT_SetError( SEC_ERROR_BAD_KEY );
- PK11_FreeSlot(slot);
- return SECFailure;
- }
- }
-
- /**********************************************/
- /* Pairwise Consistency Check of Sign/Verify. */
- /**********************************************/
-
- canSignVerify = PK11_HasAttributeSet ( privKey->pkcs11Slot,
- privKey->pkcs11ID, CKA_VERIFY);
-
- if (canSignVerify)
- {
- /* Initialize signature and digest data. */
- signature.data = NULL;
- digest.data = NULL;
-
- /* Determine length of signature. */
- signature_length = PK11_SignatureLen( privKey );
- if( signature_length == 0 )
- goto failure;
-
- /* Allocate space for signature data. */
- signature.data = (unsigned char *) PORT_Alloc( signature_length );
- if( signature.data == NULL ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- goto failure;
- }
-
- /* Allocate space for known digest data. */
- digest.data = (unsigned char *) PORT_Alloc( PAIRWISE_DIGEST_LENGTH );
- if( digest.data == NULL ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- goto failure;
- }
-
- /* "Fill" signature type and length. */
- signature.type = PAIRWISE_SECITEM_TYPE;
- signature.len = signature_length;
-
- /* "Fill" digest with known SHA-1 digest parameters. */
- digest.type = PAIRWISE_SECITEM_TYPE;
- PORT_Memcpy( digest.data, known_digest, PAIRWISE_DIGEST_LENGTH );
- digest.len = PAIRWISE_DIGEST_LENGTH;
-
- /* Sign the known hash using the private key. */
- rv = PK11_Sign( privKey, &signature, &digest );
- if( rv != SECSuccess )
- goto failure;
-
- /* Verify the known hash using the public key. */
- rv = PK11_Verify( pubKey, &signature, &digest, wincx );
- if( rv != SECSuccess )
- goto failure;
-
- /* Free signature and digest data. */
- PORT_Free( signature.data );
- PORT_Free( digest.data );
- }
-
-
-
- /**********************************************/
- /* Pairwise Consistency Check for Derivation */
- /**********************************************/
-
- isDerivable = PK11_HasAttributeSet ( privKey->pkcs11Slot,
- privKey->pkcs11ID, CKA_DERIVE);
-
- if (isDerivable)
- {
- /*
- * We are not doing consistency check for Diffie-Hellman Key -
- * otherwise it would be here
- */
-
- }
-
- return SECSuccess;
-
-failure:
- if( signature.data != NULL )
- PORT_Free( signature.data );
- if( digest.data != NULL )
- PORT_Free( digest.data );
-
- return SECFailure;
-}
-
-
-
-/*
- * take a private key in one pkcs11 module and load it into another:
- * NOTE: the source private key is a rare animal... it can't be sensitive.
- * This is used to do a key gen using one pkcs11 module and storing the
- * result into another.
- */
-SECKEYPrivateKey *
-pk11_loadPrivKey(PK11SlotInfo *slot,SECKEYPrivateKey *privKey,
- SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive)
-{
- CK_ATTRIBUTE privTemplate[] = {
- /* class must be first */
- { CKA_CLASS, NULL, 0 },
- { CKA_KEY_TYPE, NULL, 0 },
- /* these three must be next */
- { CKA_TOKEN, NULL, 0 },
- { CKA_PRIVATE, NULL, 0 },
- { CKA_SENSITIVE, NULL, 0 },
- { CKA_ID, NULL, 0 },
-#ifdef notdef
- { CKA_LABEL, NULL, 0 },
- { CKA_SUBJECT, NULL, 0 },
-#endif
- /* RSA */
- { CKA_MODULUS, NULL, 0 },
- { CKA_PRIVATE_EXPONENT, NULL, 0 },
- { CKA_PUBLIC_EXPONENT, NULL, 0 },
- { CKA_PRIME_1, NULL, 0 },
- { CKA_PRIME_2, NULL, 0 },
- { CKA_EXPONENT_1, NULL, 0 },
- { CKA_EXPONENT_2, NULL, 0 },
- { CKA_COEFFICIENT, NULL, 0 },
- };
- CK_ATTRIBUTE *attrs = NULL, *ap;
- int templateSize = sizeof(privTemplate)/sizeof(privTemplate[0]);
- PRArenaPool *arena;
- CK_OBJECT_HANDLE objectID;
- int i, count = 0;
- int extra_count = 0;
- CK_RV crv;
- SECStatus rv;
-
- for (i=0; i < templateSize; i++) {
- if (privTemplate[i].type == CKA_MODULUS) {
- attrs= &privTemplate[i];
- count = i;
- break;
- }
- }
- PORT_Assert(attrs != NULL);
- if (attrs == NULL) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return NULL;
- }
-
- ap = attrs;
-
- switch (privKey->keyType) {
- case rsaKey:
- count = templateSize;
- extra_count = templateSize - (attrs - privTemplate);
- break;
- case dsaKey:
- ap->type = CKA_PRIME; ap++; count++; extra_count++;
- ap->type = CKA_SUBPRIME; ap++; count++; extra_count++;
- ap->type = CKA_BASE; ap++; count++; extra_count++;
- ap->type = CKA_VALUE; ap++; count++; extra_count++;
- break;
- case dhKey:
- ap->type = CKA_PRIME; ap++; count++; extra_count++;
- ap->type = CKA_BASE; ap++; count++; extra_count++;
- ap->type = CKA_VALUE; ap++; count++; extra_count++;
- break;
- default:
- count = 0;
- extra_count = 0;
- break;
- }
-
- if (count == 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return NULL;
- }
-
- arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) return NULL;
- /*
- * read out the old attributes.
- */
- crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID,
- privTemplate,count);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- PORT_FreeArena(arena, PR_TRUE);
- return NULL;
- }
-
- /* Reset sensitive, token, and private */
- *(CK_BBOOL *)(privTemplate[2].pValue) = token ? CK_TRUE : CK_FALSE;
- *(CK_BBOOL *)(privTemplate[3].pValue) = token ? CK_TRUE : CK_FALSE;
- *(CK_BBOOL *)(privTemplate[4].pValue) = sensitive ? CK_TRUE : CK_FALSE;
-
- /* Not everyone can handle zero padded key values, give
- * them the raw data as unsigned */
- for (ap=attrs; extra_count; ap++, extra_count--) {
- pk11_SignedToUnsigned(ap);
- }
-
- /* now Store the puppies */
- rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, privTemplate,
- count, token, &objectID);
- PORT_FreeArena(arena, PR_TRUE);
- if (rv != SECSuccess) {
- return NULL;
- }
-
- /* try loading the public key as a token object */
- if (pubKey) {
- PK11_ImportPublicKey(slot, pubKey, PR_TRUE);
- if (pubKey->pkcs11Slot) {
- PK11_FreeSlot(pubKey->pkcs11Slot);
- pubKey->pkcs11Slot = NULL;
- pubKey->pkcs11ID = CK_INVALID_KEY;
- }
- }
-
- /* build new key structure */
- return PK11_MakePrivKey(slot, privKey->keyType, (PRBool)!token,
- objectID, privKey->wincx);
-}
-
-
-/*
- * Use the token to Generate a key. keySize must be 'zero' for fixed key
- * length algorithms. NOTE: this means we can never generate a DES2 key
- * from this interface!
- */
-SECKEYPrivateKey *
-PK11_GenerateKeyPair(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
- void *param, SECKEYPublicKey **pubKey, PRBool token,
- PRBool sensitive, void *wincx)
-{
- /* we have to use these native types because when we call PKCS 11 modules
- * we have to make sure that we are using the correct sizes for all the
- * parameters. */
- CK_BBOOL ckfalse = CK_FALSE;
- CK_BBOOL cktrue = CK_TRUE;
- CK_ULONG modulusBits;
- CK_BYTE publicExponent[4];
- CK_ATTRIBUTE privTemplate[] = {
- { CKA_SENSITIVE, NULL, 0},
- { CKA_TOKEN, NULL, 0},
- { CKA_PRIVATE, NULL, 0},
- { CKA_DERIVE, NULL, 0},
- { CKA_UNWRAP, NULL, 0},
- { CKA_SIGN, NULL, 0},
- { CKA_DECRYPT, NULL, 0},
- };
- CK_ATTRIBUTE rsaPubTemplate[] = {
- { CKA_MODULUS_BITS, NULL, 0},
- { CKA_PUBLIC_EXPONENT, NULL, 0},
- { CKA_TOKEN, NULL, 0},
- { CKA_DERIVE, NULL, 0},
- { CKA_WRAP, NULL, 0},
- { CKA_VERIFY, NULL, 0},
- { CKA_VERIFY_RECOVER, NULL, 0},
- { CKA_ENCRYPT, NULL, 0},
- };
- CK_ATTRIBUTE dsaPubTemplate[] = {
- { CKA_PRIME, NULL, 0 },
- { CKA_SUBPRIME, NULL, 0 },
- { CKA_BASE, NULL, 0 },
- { CKA_TOKEN, NULL, 0},
- { CKA_DERIVE, NULL, 0},
- { CKA_WRAP, NULL, 0},
- { CKA_VERIFY, NULL, 0},
- { CKA_VERIFY_RECOVER, NULL, 0},
- { CKA_ENCRYPT, NULL, 0},
- };
- CK_ATTRIBUTE dhPubTemplate[] = {
- { CKA_PRIME, NULL, 0 },
- { CKA_BASE, NULL, 0 },
- { CKA_TOKEN, NULL, 0},
- { CKA_DERIVE, NULL, 0},
- { CKA_WRAP, NULL, 0},
- { CKA_VERIFY, NULL, 0},
- { CKA_VERIFY_RECOVER, NULL, 0},
- { CKA_ENCRYPT, NULL, 0},
- };
-
- int dsaPubCount = sizeof(dsaPubTemplate)/sizeof(dsaPubTemplate[0]);
- /*CK_ULONG key_size = 0;*/
- CK_ATTRIBUTE *pubTemplate;
- int privCount = sizeof(privTemplate)/sizeof(privTemplate[0]);
- int rsaPubCount = sizeof(rsaPubTemplate)/sizeof(rsaPubTemplate[0]);
- int dhPubCount = sizeof(dhPubTemplate)/sizeof(dhPubTemplate[0]);
- int pubCount = 0;
- PK11RSAGenParams *rsaParams;
- PQGParams *dsaParams;
- DHParams * dhParams;
- CK_MECHANISM mechanism;
- CK_MECHANISM test_mech;
- CK_SESSION_HANDLE session_handle;
- CK_RV crv;
- CK_OBJECT_HANDLE privID,pubID;
- SECKEYPrivateKey *privKey;
- KeyType keyType;
- PRBool restore;
- int peCount,i;
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *privattrs;
- SECItem *pubKeyIndex;
- CK_ATTRIBUTE setTemplate;
- SECStatus rv;
- CK_MECHANISM_INFO mechanism_info;
- CK_OBJECT_CLASS keyClass;
- SECItem *cka_id;
- PRBool haslock = PR_FALSE;
- PRBool pubIsToken = PR_FALSE;
-
- PORT_Assert(slot != NULL);
- if (slot == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE);
- return NULL;
- }
-
- /* if our slot really doesn't do this mechanism, Generate the key
- * in our internal token and write it out */
- if (!PK11_DoesMechanism(slot,type)) {
- PK11SlotInfo *int_slot = PK11_GetInternalSlot();
-
- /* don't loop forever looking for a slot */
- if (slot == int_slot) {
- PK11_FreeSlot(int_slot);
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return NULL;
- }
-
- /* if there isn't a suitable slot, then we can't do the keygen */
- if (int_slot == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return NULL;
- }
-
- /* generate the temporary key to load */
- privKey = PK11_GenerateKeyPair(int_slot,type, param, pubKey, PR_FALSE,
- PR_FALSE, wincx);
- PK11_FreeSlot(int_slot);
-
- /* if successful, load the temp key into the new token */
- if (privKey != NULL) {
- SECKEYPrivateKey *newPrivKey = pk11_loadPrivKey(slot,privKey,
- *pubKey,token,sensitive);
- SECKEY_DestroyPrivateKey(privKey);
- if (newPrivKey == NULL) {
- SECKEY_DestroyPublicKey(*pubKey);
- *pubKey = NULL;
- }
- return newPrivKey;
- }
- return NULL;
- }
-
-
- mechanism.mechanism = type;
- mechanism.pParameter = NULL;
- mechanism.ulParameterLen = 0;
- test_mech.pParameter = NULL;
- test_mech.ulParameterLen = 0;
-
- /* set up the private key template */
- privattrs = privTemplate;
- PK11_SETATTRS(privattrs, CKA_SENSITIVE, sensitive ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); privattrs++;
- PK11_SETATTRS(privattrs, CKA_TOKEN, token ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); privattrs++;
- PK11_SETATTRS(privattrs, CKA_PRIVATE, sensitive ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); privattrs++;
-
- /* set up the mechanism specific info */
- switch (type) {
- case CKM_RSA_PKCS_KEY_PAIR_GEN:
- rsaParams = (PK11RSAGenParams *)param;
- modulusBits = rsaParams->keySizeInBits;
- peCount = 0;
-
- /* convert pe to a PKCS #11 string */
- for (i=0; i < 4; i++) {
- if (peCount || (rsaParams->pe &
- ((unsigned long)0xff000000L >> (i*8)))) {
- publicExponent[peCount] =
- (CK_BYTE)((rsaParams->pe >> (3-i)*8) & 0xff);
- peCount++;
- }
- }
- PORT_Assert(peCount != 0);
- attrs = rsaPubTemplate;
- PK11_SETATTRS(attrs, CKA_MODULUS_BITS,
- &modulusBits, sizeof(modulusBits)); attrs++;
- PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT,
- publicExponent, peCount);attrs++;
- pubTemplate = rsaPubTemplate;
- pubCount = rsaPubCount;
- keyType = rsaKey;
- test_mech.mechanism = CKM_RSA_PKCS;
- break;
- case CKM_DSA_KEY_PAIR_GEN:
- dsaParams = (PQGParams *)param;
- attrs = dsaPubTemplate;
- PK11_SETATTRS(attrs, CKA_PRIME, dsaParams->prime.data,
- dsaParams->prime.len); attrs++;
- PK11_SETATTRS(attrs, CKA_SUBPRIME, dsaParams->subPrime.data,
- dsaParams->subPrime.len); attrs++;
- PK11_SETATTRS(attrs, CKA_BASE, dsaParams->base.data,
- dsaParams->base.len); attrs++;
- pubTemplate = dsaPubTemplate;
- pubCount = dsaPubCount;
- keyType = dsaKey;
- test_mech.mechanism = CKM_DSA;
- break;
- case CKM_DH_PKCS_KEY_PAIR_GEN:
- dhParams = (DHParams *)param;
- attrs = dhPubTemplate;
- PK11_SETATTRS(attrs, CKA_PRIME, dhParams->prime.data,
- dhParams->prime.len); attrs++;
- PK11_SETATTRS(attrs, CKA_BASE, dhParams->base.data,
- dhParams->base.len); attrs++;
- pubTemplate = dhPubTemplate;
- pubCount = dhPubCount;
- keyType = dhKey;
- test_mech.mechanism = CKM_DH_PKCS_DERIVE;
- break;
- default:
- PORT_SetError( SEC_ERROR_BAD_KEY );
- return NULL;
- }
-
- /* now query the slot to find out how "good" a key we can generate */
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
- test_mech.mechanism,&mechanism_info);
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- if ((crv != CKR_OK) || (mechanism_info.flags == 0)) {
- /* must be old module... guess what it should be... */
- switch (test_mech.mechanism) {
- case CKM_RSA_PKCS:
- mechanism_info.flags = (CKF_SIGN | CKF_DECRYPT |
- CKF_WRAP | CKF_VERIFY_RECOVER | CKF_ENCRYPT | CKF_WRAP);;
- break;
- case CKM_DSA:
- mechanism_info.flags = CKF_SIGN | CKF_VERIFY;
- break;
- case CKM_DH_PKCS_DERIVE:
- mechanism_info.flags = CKF_DERIVE;
- break;
- default:
- break;
- }
- }
- /* set the public key objects */
- PK11_SETATTRS(attrs, CKA_TOKEN, token ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); attrs++;
- PK11_SETATTRS(attrs, CKA_DERIVE,
- mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); attrs++;
- PK11_SETATTRS(attrs, CKA_WRAP,
- mechanism_info.flags & CKF_WRAP ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); attrs++;
- PK11_SETATTRS(attrs, CKA_VERIFY,
- mechanism_info.flags & CKF_VERIFY ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); attrs++;
- PK11_SETATTRS(attrs, CKA_VERIFY_RECOVER,
- mechanism_info.flags & CKF_VERIFY_RECOVER ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); attrs++;
- PK11_SETATTRS(attrs, CKA_ENCRYPT,
- mechanism_info.flags & CKF_ENCRYPT? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); attrs++;
- PK11_SETATTRS(privattrs, CKA_DERIVE,
- mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); privattrs++;
- PK11_SETATTRS(privattrs, CKA_UNWRAP,
- mechanism_info.flags & CKF_UNWRAP ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); privattrs++;
- PK11_SETATTRS(privattrs, CKA_SIGN,
- mechanism_info.flags & CKF_SIGN ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); privattrs++;
- PK11_SETATTRS(privattrs, CKA_DECRYPT,
- mechanism_info.flags & CKF_DECRYPT ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL)); privattrs++;
-
- if (token) {
- session_handle = PK11_GetRWSession(slot);
- haslock = PK11_RWSessionHasLock(slot,session_handle);
- restore = PR_TRUE;
- } else {
- PK11_EnterSlotMonitor(slot); /* gross!! */
- session_handle = slot->session;
- restore = PR_FALSE;
- haslock = PR_TRUE;
- }
-
- crv = PK11_GETTAB(slot)->C_GenerateKeyPair(session_handle, &mechanism,
- pubTemplate,pubCount,privTemplate,privCount,&pubID,&privID);
-
-
- if (crv != CKR_OK) {
- if (restore) {
- PK11_RestoreROSession(slot,session_handle);
- } else PK11_ExitSlotMonitor(slot);
- PORT_SetError( PK11_MapError(crv) );
- return NULL;
- }
- /* This locking code is dangerous and needs to be more thought
- * out... the real problem is that we're holding the mutex open this long
- */
- if (haslock) { PK11_ExitSlotMonitor(slot); }
-
- /* swap around the ID's for older PKCS #11 modules */
- keyClass = PK11_ReadULongAttribute(slot,pubID,CKA_CLASS);
- if (keyClass != CKO_PUBLIC_KEY) {
- CK_OBJECT_HANDLE tmp = pubID;
- pubID = privID;
- privID = tmp;
- }
-
- *pubKey = PK11_ExtractPublicKey(slot, keyType, pubID);
- if (*pubKey == NULL) {
- if (restore) {
- /* we may have to restore the mutex so it get's exited properly
- * in RestoreROSession */
- if (haslock) PK11_EnterSlotMonitor(slot);
- PK11_RestoreROSession(slot,session_handle);
- }
- PK11_DestroyObject(slot,pubID);
- PK11_DestroyObject(slot,privID);
- return NULL;
- }
-
- /* set the ID to the public key so we can find it again */
- pubKeyIndex = NULL;
- switch (type) {
- case CKM_RSA_PKCS_KEY_PAIR_GEN:
- pubKeyIndex = &(*pubKey)->u.rsa.modulus;
- break;
- case CKM_DSA_KEY_PAIR_GEN:
- pubKeyIndex = &(*pubKey)->u.dsa.publicValue;
- break;
- case CKM_DH_PKCS_KEY_PAIR_GEN:
- pubKeyIndex = &(*pubKey)->u.dh.publicValue;
- break;
- }
- PORT_Assert(pubKeyIndex != NULL);
-
- cka_id = PK11_MakeIDFromPubKey(pubKeyIndex);
- pubIsToken = (PRBool)PK11_HasAttributeSet(slot,pubID, CKA_TOKEN);
-
- PK11_SETATTRS(&setTemplate, CKA_ID, cka_id->data, cka_id->len);
-
- if (haslock) { PK11_EnterSlotMonitor(slot); }
- crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, privID,
- &setTemplate, 1);
-
- if (crv == CKR_OK && pubIsToken) {
- crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, pubID,
- &setTemplate, 1);
- }
-
-
- if (restore) {
- PK11_RestoreROSession(slot,session_handle);
- } else {
- PK11_ExitSlotMonitor(slot);
- }
- SECITEM_FreeItem(cka_id,PR_TRUE);
-
-
- if (crv != CKR_OK) {
- PK11_DestroyObject(slot,pubID);
- PK11_DestroyObject(slot,privID);
- PORT_SetError( PK11_MapError(crv) );
- *pubKey = NULL;
- return NULL;
- }
-
- privKey = PK11_MakePrivKey(slot,keyType,(PRBool)!token,privID,wincx);
- if (privKey == NULL) {
- SECKEY_DestroyPublicKey(*pubKey);
- PK11_DestroyObject(slot,privID);
- *pubKey = NULL;
- return NULL; /* due to pairwise consistency check */
- }
-
- /* Perform PKCS #11 pairwise consistency check. */
- rv = pk11_PairwiseConsistencyCheck( *pubKey, privKey, &test_mech, wincx );
- if( rv != SECSuccess ) {
- SECKEY_DestroyPublicKey( *pubKey );
- SECKEY_DestroyPrivateKey( privKey );
- *pubKey = NULL;
- privKey = NULL;
- return NULL;
- }
-
- return privKey;
-}
-
-/*
- * This function does a straight public key wrap (which only RSA can do).
- * Use PK11_PubGenKey and PK11_WrapSymKey to implement the FORTEZZA and
- * Diffie-Hellman Ciphers. */
-SECStatus
-PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
- PK11SymKey *symKey, SECItem *wrappedKey)
-{
- PK11SlotInfo *slot;
- CK_ULONG len = wrappedKey->len;
- PK11SymKey *newKey = NULL;
- CK_OBJECT_HANDLE id;
- CK_MECHANISM mechanism;
- PRBool owner = PR_TRUE;
- CK_SESSION_HANDLE session;
- CK_RV crv;
-
- /* if this slot doesn't support the mechanism, go to a slot that does */
- newKey = pk11_ForceSlot(symKey,type,CKA_ENCRYPT);
- if (newKey != NULL) {
- symKey = newKey;
- }
-
- if ((symKey == NULL) || (symKey->slot == NULL)) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return SECFailure;
- }
-
- slot = symKey->slot;
- mechanism.mechanism = pk11_mapWrapKeyType(pubKey->keyType);
- mechanism.pParameter = NULL;
- mechanism.ulParameterLen = 0;
-
- id = PK11_ImportPublicKey(slot,pubKey,PR_FALSE);
-
- session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_WrapKey(session,&mechanism,
- id,symKey->objectID,wrappedKey->data,&len);
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- if (newKey) {
- PK11_FreeSymKey(newKey);
- }
-
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- wrappedKey->len = len;
- return SECSuccess;
-}
-
-/*
- * this little function uses the Encrypt function to wrap a key, just in
- * case we have problems with the wrap implementation for a token.
- */
-static SECStatus
-pk11_HandWrap(PK11SymKey *wrappingKey, SECItem *param, CK_MECHANISM_TYPE type,
- SECItem *inKey, SECItem *outKey)
-{
- PK11SlotInfo *slot;
- CK_ULONG len;
- SECItem *data;
- CK_MECHANISM mech;
- PRBool owner = PR_TRUE;
- CK_SESSION_HANDLE session;
- CK_RV crv;
-
- slot = wrappingKey->slot;
- /* use NULL IV's for wrapping */
- mech.mechanism = type;
- if (param) {
- mech.pParameter = param->data;
- mech.ulParameterLen = param->len;
- } else {
- mech.pParameter = NULL;
- mech.ulParameterLen = 0;
- }
- session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_EncryptInit(session,&mech,
- wrappingKey->objectID);
- if (crv != CKR_OK) {
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
-
- /* keys are almost always aligned, but if we get this far,
- * we've gone above and beyond anyway... */
- data = PK11_BlockData(inKey,PK11_GetBlockSize(type,param));
- if (data == NULL) {
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- len = outKey->len;
- crv = PK11_GETTAB(slot)->C_Encrypt(session,data->data,data->len,
- outKey->data, &len);
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- SECITEM_FreeItem(data,PR_TRUE);
- outKey->len = len;
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * This function does a symetric based wrap.
- */
-SECStatus
-PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *param,
- PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey)
-{
- PK11SlotInfo *slot;
- CK_ULONG len = wrappedKey->len;
- PK11SymKey *newKey = NULL;
- SECItem *param_save = NULL;
- CK_MECHANISM mechanism;
- PRBool owner = PR_TRUE;
- CK_SESSION_HANDLE session;
- CK_RV crv;
- SECStatus rv;
-
- /* if this slot doesn't support the mechanism, go to a slot that does */
- /* Force symKey and wrappingKey into the same slot */
- if ((wrappingKey->slot == NULL) || (symKey->slot != wrappingKey->slot)) {
- /* first try copying the wrapping Key to the symKey slot */
- if (symKey->slot && PK11_DoesMechanism(symKey->slot,type)) {
- newKey = pk11_CopyToSlot(symKey->slot,type,CKA_WRAP,wrappingKey);
- }
- /* Nope, try it the other way */
- if (newKey == NULL) {
- if (wrappingKey->slot) {
- newKey = pk11_CopyToSlot(wrappingKey->slot,
- symKey->type, CKA_ENCRYPT, symKey);
- }
- /* just not playing... one last thing, can we get symKey's data?
- * If it's possible, we it should already be in the
- * symKey->data.data pointer because pk11_CopyToSlot would have
- * tried to put it there. */
- if (newKey == NULL) {
- /* Can't get symKey's data: Game Over */
- if (symKey->data.data == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return SECFailure;
- }
- if (param == NULL) {
- param_save = param = PK11_ParamFromIV(type,NULL);
- }
- rv = pk11_HandWrap(wrappingKey, param, type,
- &symKey->data,wrappedKey);
- if (param_save) SECITEM_FreeItem(param_save,PR_TRUE);
- return rv;
- }
- /* we successfully moved the sym Key */
- symKey = newKey;
- } else {
- /* we successfully moved the wrapping Key */
- wrappingKey = newKey;
- }
- }
-
- /* at this point both keys are in the same token */
- slot = wrappingKey->slot;
- mechanism.mechanism = type;
- /* use NULL IV's for wrapping */
- if (param == NULL) {
- param_save = param = PK11_ParamFromIV(type,NULL);
- }
- if (param) {
- mechanism.pParameter = param->data;
- mechanism.ulParameterLen = param->len;
- } else {
- mechanism.pParameter = NULL;
- mechanism.ulParameterLen = 0;
- }
-
- len = wrappedKey->len;
-
- session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_WrapKey(session, &mechanism,
- wrappingKey->objectID, symKey->objectID,
- wrappedKey->data, &len);
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- rv = SECSuccess;
- if (crv != CKR_OK) {
- /* can't wrap it? try hand wrapping it... */
- do {
- if (symKey->data.data == NULL) {
- rv = PK11_ExtractKeyValue(symKey);
- if (rv != SECSuccess) break;
- }
- rv = pk11_HandWrap(wrappingKey, param, type, &symKey->data,
- wrappedKey);
- } while (PR_FALSE);
- } else {
- wrappedKey->len = len;
- }
- if (newKey) PK11_FreeSymKey(newKey);
- if (param_save) SECITEM_FreeItem(param_save,PR_TRUE);
- return rv;
-}
-
-/*
- * This Generates a new key based on a symetricKey
- */
-PK11SymKey *
-PK11_Derive( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, SECItem *param,
- CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
- int keySize)
-{
- return pk11_DeriveWithTemplate(baseKey, derive, param, target, operation,
- keySize, NULL, 0);
-}
-
-#define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */
-
-/* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */
-#define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL
-
-static unsigned int
-pk11_FlagsToAttributes(CK_FLAGS flags, CK_ATTRIBUTE *attrs, CK_BBOOL *ckTrue)
-{
-
- const static CK_ATTRIBUTE_TYPE attrTypes[12] = {
- CKA_ENCRYPT, CKA_DECRYPT, 0 /* DIGEST */, CKA_SIGN,
- CKA_SIGN_RECOVER, CKA_VERIFY, CKA_VERIFY_RECOVER, 0 /* GEN */,
- 0 /* GEN PAIR */, CKA_WRAP, CKA_UNWRAP, CKA_DERIVE
- };
-
- const CK_ATTRIBUTE_TYPE *pType = attrTypes;
- CK_ATTRIBUTE *attr = attrs;
- CK_FLAGS test = CKF_ENCRYPT;
-
-
- PR_ASSERT(!(flags & ~CKF_KEY_OPERATION_FLAGS));
- flags &= CKF_KEY_OPERATION_FLAGS;
-
- for (; flags && test <= CKF_DERIVE; test <<= 1, ++pType) {
- if (test & flags) {
- flags ^= test;
- PK11_SETATTRS(attr, *pType, ckTrue, sizeof *ckTrue);
- ++attr;
- }
- }
- return (attr - attrs);
-}
-
-PK11SymKey *
-PK11_DeriveWithFlags( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
- SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
- int keySize, CK_FLAGS flags)
-{
- CK_BBOOL ckTrue = CK_TRUE;
- CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS];
- unsigned int templateCount;
-
- templateCount = pk11_FlagsToAttributes(flags, keyTemplate, &ckTrue);
- return pk11_DeriveWithTemplate(baseKey, derive, param, target, operation,
- keySize, keyTemplate, templateCount);
-}
-
-static PRBool
-pk11_FindAttrInTemplate(CK_ATTRIBUTE * attr,
- unsigned int numAttrs,
- CK_ATTRIBUTE_TYPE target)
-{
- for (; numAttrs > 0; ++attr, --numAttrs) {
- if (attr->type == target)
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-static PK11SymKey *
-pk11_DeriveWithTemplate( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
- SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
- int keySize, CK_ATTRIBUTE *userAttr, unsigned int numAttrs)
-{
- PK11SlotInfo * slot = baseKey->slot;
- PK11SymKey * symKey;
- PK11SymKey * newBaseKey = NULL;
- CK_BBOOL cktrue = CK_TRUE;
- CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
- CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
- CK_ULONG valueLen = 0;
- CK_MECHANISM mechanism;
- CK_RV crv;
- CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS];
- CK_ATTRIBUTE * attrs = keyTemplate;
- unsigned int templateCount;
-
- if (numAttrs > MAX_TEMPL_ATTRS) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
- }
- /* first copy caller attributes in. */
- for (templateCount = 0; templateCount < numAttrs; ++templateCount) {
- *attrs++ = *userAttr++;
- }
-
- /* We only add the following attributes to the template if the caller
- ** didn't already supply them.
- */
- if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS)) {
- PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof keyClass);
- attrs++;
- }
- if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE)) {
- keyType = PK11_GetKeyType(target, keySize);
- PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof keyType );
- attrs++;
- }
- if (keySize > 0 &&
- !pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN)) {
- valueLen = (CK_ULONG)keySize;
- PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen);
- attrs++;
- }
- if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) {
- PK11_SETATTRS(attrs, operation, &cktrue, sizeof cktrue); attrs++;
- }
-
- templateCount = attrs - keyTemplate;
- PR_ASSERT(templateCount <= MAX_TEMPL_ATTRS);
-
- /* move the key to a slot that can do the function */
- if (!PK11_DoesMechanism(slot,derive)) {
- /* get a new base key & slot */
- PK11SlotInfo *newSlot = PK11_GetBestSlot(derive, baseKey->cx);
-
- if (newSlot == NULL) return NULL;
-
- newBaseKey = pk11_CopyToSlot (newSlot, derive, CKA_DERIVE,
- baseKey);
- PK11_FreeSlot(newSlot);
- if (newBaseKey == NULL) return NULL;
- baseKey = newBaseKey;
- slot = baseKey->slot;
- }
-
-
- /* get our key Structure */
- symKey = PK11_CreateSymKey(slot,target,baseKey->cx);
- if (symKey == NULL) {
- return NULL;
- }
-
- symKey->size = keySize;
-
- mechanism.mechanism = derive;
- if (param) {
- mechanism.pParameter = param->data;
- mechanism.ulParameterLen = param->len;
- } else {
- mechanism.pParameter = NULL;
- mechanism.ulParameterLen = 0;
- }
- symKey->origin=PK11_OriginDerive;
-
- pk11_EnterKeyMonitor(symKey);
- crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism,
- baseKey->objectID, keyTemplate, templateCount, &symKey->objectID);
- pk11_ExitKeyMonitor(symKey);
-
- if (newBaseKey) PK11_FreeSymKey(newBaseKey);
- if (crv != CKR_OK) {
- PK11_FreeSymKey(symKey);
- return NULL;
- }
- return symKey;
-}
-
-/* build a public KEA key from the public value */
-SECKEYPublicKey *
-PK11_MakeKEAPubKey(unsigned char *keyData,int length)
-{
- SECKEYPublicKey *pubk;
- SECItem pkData;
- SECStatus rv;
- PRArenaPool *arena;
-
- pkData.data = keyData;
- pkData.len = length;
-
- arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL)
- return NULL;
-
- pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
- if (pubk == NULL) {
- PORT_FreeArena (arena, PR_FALSE);
- return NULL;
- }
-
- pubk->arena = arena;
- pubk->pkcs11Slot = 0;
- pubk->pkcs11ID = CK_INVALID_KEY;
- pubk->keyType = fortezzaKey;
- rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.KEAKey, &pkData);
- if (rv != SECSuccess) {
- PORT_FreeArena (arena, PR_FALSE);
- return NULL;
- }
- return pubk;
-}
-
-
-/*
- * This Generates a wrapping key based on a privateKey, publicKey, and two
- * random numbers. For Mail usage RandomB should be NULL. In the Sender's
- * case RandomA is generate, outherwize it is passed.
- */
-static unsigned char *rb_email = NULL;
-
-PK11SymKey *
-PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
- PRBool isSender, SECItem *randomA, SECItem *randomB,
- CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
- CK_ATTRIBUTE_TYPE operation, int keySize,void *wincx)
-{
- PK11SlotInfo *slot = privKey->pkcs11Slot;
- CK_MECHANISM mechanism;
- PK11SymKey *symKey;
- CK_RV crv;
-
-
- if (rb_email == NULL) {
- rb_email = PORT_ZAlloc(128);
- if (rb_email == NULL) {
- return NULL;
- }
- rb_email[127] = 1;
- }
-
- /* get our key Structure */
- symKey = PK11_CreateSymKey(slot,target,wincx);
- if (symKey == NULL) {
- return NULL;
- }
-
- symKey->origin = PK11_OriginDerive;
-
- switch (privKey->keyType) {
- case rsaKey:
- case nullKey:
- PORT_SetError(SEC_ERROR_BAD_KEY);
- break;
- /* case keaKey: */
- case dsaKey:
- case fortezzaKey:
- {
- CK_KEA_DERIVE_PARAMS param;
- param.isSender = (CK_BBOOL) isSender;
- param.ulRandomLen = randomA->len;
- param.pRandomA = randomA->data;
- param.pRandomB = rb_email;
- if (randomB)
- param.pRandomB = randomB->data;
- if (pubKey->keyType == fortezzaKey) {
- param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len;
- param.pPublicData = pubKey->u.fortezza.KEAKey.data;
- } else {
- /* assert type == keaKey */
- /* XXX change to match key key types */
- param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len;
- param.pPublicData = pubKey->u.fortezza.KEAKey.data;
- }
-
- mechanism.mechanism = derive;
- mechanism.pParameter = &param;
- mechanism.ulParameterLen = sizeof(param);
-
- /* get a new symKey structure */
- pk11_EnterKeyMonitor(symKey);
- crv=PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism,
- privKey->pkcs11ID, NULL, 0, &symKey->objectID);
- pk11_ExitKeyMonitor(symKey);
- if (crv == CKR_OK) return symKey;
- PORT_SetError( PK11_MapError(crv) );
- }
- break;
- case dhKey:
- {
- CK_BBOOL cktrue = CK_TRUE;
- CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
- CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
- CK_ULONG key_size = 0;
- CK_ATTRIBUTE keyTemplate[4];
- int templateCount;
- CK_ATTRIBUTE *attrs = keyTemplate;
-
- if (pubKey->keyType != dhKey) {
- PORT_SetError(SEC_ERROR_BAD_KEY);
- break;
- }
-
- PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
- attrs++;
- PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
- attrs++;
- PK11_SETATTRS(attrs, operation, &cktrue, 1); attrs++;
- PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size));
- attrs++;
- templateCount = attrs - keyTemplate;
- PR_ASSERT(templateCount <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE));
-
- keyType = PK11_GetKeyType(target,keySize);
- key_size = keySize;
- symKey->size = keySize;
- if (key_size == 0) templateCount--;
-
- mechanism.mechanism = derive;
-
- /* we can undefine these when we define diffie-helman keys */
- mechanism.pParameter = pubKey->u.dh.publicValue.data;
- mechanism.ulParameterLen = pubKey->u.dh.publicValue.len;
-
- pk11_EnterKeyMonitor(symKey);
- crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism,
- privKey->pkcs11ID, keyTemplate, templateCount, &symKey->objectID);
- pk11_ExitKeyMonitor(symKey);
- if (crv == CKR_OK) return symKey;
- PORT_SetError( PK11_MapError(crv) );
- }
- break;
- }
-
- PK11_FreeSymKey(symKey);
- return NULL;
-}
-
-/*
- * this little function uses the Decrypt function to unwrap a key, just in
- * case we are having problem with unwrap. NOTE: The key size may
- * not be preserved properly for some algorithms!
- */
-static PK11SymKey *
-pk11_HandUnwrap(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey,
- CK_MECHANISM *mech, SECItem *inKey, CK_MECHANISM_TYPE target,
- CK_ATTRIBUTE *keyTemplate, unsigned int templateCount,
- int key_size, void * wincx)
-{
- CK_ULONG len;
- SECItem outKey;
- PK11SymKey *symKey;
- CK_RV crv;
- PRBool owner = PR_TRUE;
- PRBool bool = PR_TRUE;
- CK_SESSION_HANDLE session;
-
- /* keys are almost always aligned, but if we get this far,
- * we've gone above and beyond anyway... */
- outKey.data = (unsigned char*)PORT_Alloc(inKey->len);
- if (outKey.data == NULL) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return NULL;
- }
- len = inKey->len;
-
- /* use NULL IV's for wrapping */
- session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_DecryptInit(session,mech,wrappingKey);
- if (crv != CKR_OK) {
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- PORT_Free(outKey.data);
- PORT_SetError( PK11_MapError(crv) );
- return NULL;
- }
- crv = PK11_GETTAB(slot)->C_Decrypt(session,inKey->data,inKey->len,
- outKey.data, &len);
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- if (crv != CKR_OK) {
- PORT_Free(outKey.data);
- PORT_SetError( PK11_MapError(crv) );
- return NULL;
- }
-
- outKey.len = (key_size == 0) ? len : key_size;
-
- if (PK11_DoesMechanism(slot,target)) {
- symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap,
- keyTemplate, templateCount,
- &outKey, wincx);
- } else {
- slot = PK11_GetBestSlot(target,wincx);
- if (slot == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- PORT_Free(outKey.data);
- return NULL;
- }
- symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap,
- keyTemplate, templateCount,
- &outKey, wincx);
- PK11_FreeSlot(slot);
- }
- PORT_Free(outKey.data);
- return symKey;
-}
-
-/*
- * The wrap/unwrap function is pretty much the same for private and
- * public keys. It's just getting the Object ID and slot right. This is
- * the combined unwrap function.
- */
-static PK11SymKey *
-pk11_AnyUnwrapKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey,
- CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey,
- CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize,
- void *wincx, CK_ATTRIBUTE *userAttr, unsigned int numAttrs)
-{
- PK11SymKey * symKey;
- SECItem * param_free = NULL;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_BBOOL cktrue = CK_TRUE;
- CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
- CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
- CK_ULONG valueLen = 0;
- CK_MECHANISM mechanism;
- CK_RV crv;
- CK_MECHANISM_INFO mechanism_info;
- CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS];
- CK_ATTRIBUTE * attrs = keyTemplate;
- unsigned int templateCount;
-
- if (numAttrs > MAX_TEMPL_ATTRS) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
- }
- /* first copy caller attributes in. */
- for (templateCount = 0; templateCount < numAttrs; ++templateCount) {
- *attrs++ = *userAttr++;
- }
-
- /* We only add the following attributes to the template if the caller
- ** didn't already supply them.
- */
- if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS)) {
- PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof keyClass);
- attrs++;
- }
- if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE)) {
- keyType = PK11_GetKeyType(target, keySize);
- PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof keyType );
- attrs++;
- }
- if (keySize > 0 &&
- !pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN)) {
- valueLen = (CK_ULONG)keySize;
- PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen);
- attrs++;
- }
- if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) {
- PK11_SETATTRS(attrs, operation, &cktrue, 1); attrs++;
- }
-
- templateCount = attrs - keyTemplate;
- PR_ASSERT(templateCount <= sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE));
-
-
- /* find out if we can do wrap directly. Because the RSA case if *very*
- * common, cache the results for it. */
- if ((wrapType == CKM_RSA_PKCS) && (slot->hasRSAInfo)) {
- mechanism_info.flags = slot->RSAInfoFlags;
- } else {
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,wrapType,
- &mechanism_info);
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- mechanism_info.flags = 0;
- }
- if (wrapType == CKM_RSA_PKCS) {
- slot->RSAInfoFlags = mechanism_info.flags;
- slot->hasRSAInfo = PR_TRUE;
- }
- }
-
- /* initialize the mechanism structure */
- mechanism.mechanism = wrapType;
- /* use NULL IV's for wrapping */
- if (param == NULL) param = param_free = PK11_ParamFromIV(wrapType,NULL);
- if (param) {
- mechanism.pParameter = param->data;
- mechanism.ulParameterLen = param->len;
- } else {
- mechanism.pParameter = NULL;
- mechanism.ulParameterLen = 0;
- }
-
- if ((mechanism_info.flags & CKF_DECRYPT)
- && !PK11_DoesMechanism(slot,target)) {
- symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey,
- target, keyTemplate, templateCount, keySize,
- wincx);
- if (symKey) {
- if (param_free) SECITEM_FreeItem(param_free,PR_TRUE);
- return symKey;
- }
- /* fall through, maybe they incorrectly set CKF_DECRYPT */
- }
-
- /* get our key Structure */
- symKey = PK11_CreateSymKey(slot,target,wincx);
- if (symKey == NULL) {
- if (param_free) SECITEM_FreeItem(param_free,PR_TRUE);
- return NULL;
- }
-
- symKey->size = keySize;
- symKey->origin = PK11_OriginUnwrap;
-
- pk11_EnterKeyMonitor(symKey);
- crv = PK11_GETTAB(slot)->C_UnwrapKey(symKey->session,&mechanism,wrappingKey,
- wrappedKey->data, wrappedKey->len, keyTemplate, templateCount,
- &symKey->objectID);
- pk11_ExitKeyMonitor(symKey);
- if (param_free) SECITEM_FreeItem(param_free,PR_TRUE);
- if (crv != CKR_OK) {
- /* try hand Unwrapping */
- PK11_FreeSymKey(symKey);
- symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey,
- target, keyTemplate, templateCount, keySize,
- wincx);
- }
-
- return symKey;
-}
-
-/* use a symetric key to unwrap another symetric key */
-PK11SymKey *
-PK11_UnwrapSymKey( PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
- SECItem *param, SECItem *wrappedKey,
- CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
- int keySize)
-{
- return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
- wrapType, param, wrappedKey, target, operation, keySize,
- wrappingKey->cx, NULL, 0);
-}
-
-/* use a symetric key to unwrap another symetric key */
-PK11SymKey *
-PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
- SECItem *param, SECItem *wrappedKey,
- CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
- int keySize, CK_FLAGS flags)
-{
- CK_BBOOL ckTrue = CK_TRUE;
- CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS];
- unsigned int templateCount;
-
- templateCount = pk11_FlagsToAttributes(flags, keyTemplate, &ckTrue);
- return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
- wrapType, param, wrappedKey, target, operation, keySize,
- wrappingKey->cx, keyTemplate, templateCount);
-}
-
-
-/* unwrap a symetric key with a private key. */
-PK11SymKey *
-PK11_PubUnwrapSymKey(SECKEYPrivateKey *wrappingKey, SECItem *wrappedKey,
- CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize)
-{
- CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
-
- PK11_HandlePasswordCheck(wrappingKey->pkcs11Slot,wrappingKey->wincx);
-
- return pk11_AnyUnwrapKey(wrappingKey->pkcs11Slot, wrappingKey->pkcs11ID,
- wrapType, NULL, wrappedKey, target, operation, keySize,
- wrappingKey->wincx, NULL, 0);
-}
-
-/*
- * Recover the Signed data. We need this because our old verify can't
- * figure out which hash algorithm to use until we decryptted this.
- */
-SECStatus
-PK11_VerifyRecover(SECKEYPublicKey *key,
- SECItem *sig, SECItem *dsig, void *wincx)
-{
- PK11SlotInfo *slot = key->pkcs11Slot;
- CK_OBJECT_HANDLE id = key->pkcs11ID;
- CK_MECHANISM mech = {0, NULL, 0 };
- PRBool owner = PR_TRUE;
- CK_SESSION_HANDLE session;
- CK_ULONG len;
- CK_RV crv;
-
- mech.mechanism = pk11_mapSignKeyType(key->keyType);
-
- if (slot == NULL) {
- slot = PK11_GetBestSlot(mech.mechanism,wincx);
- if (slot == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return SECFailure;
- }
- id = PK11_ImportPublicKey(slot,key,PR_FALSE);
- }
-
- session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_VerifyRecoverInit(session,&mech,id);
- if (crv != CKR_OK) {
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- len = dsig->len;
- crv = PK11_GETTAB(slot)->C_VerifyRecover(session,sig->data,
- sig->len, dsig->data, &len);
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- dsig->len = len;
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * verify a signature from its hash.
- */
-SECStatus
-PK11_Verify(SECKEYPublicKey *key, SECItem *sig, SECItem *hash, void *wincx)
-{
- PK11SlotInfo *slot = key->pkcs11Slot;
- PK11SlotInfo *tmpslot = key->pkcs11Slot;
- CK_OBJECT_HANDLE id = key->pkcs11ID;
- CK_MECHANISM mech = {0, NULL, 0 };
- PRBool owner = PR_TRUE;
- CK_SESSION_HANDLE session;
- CK_RV crv;
-
- mech.mechanism = pk11_mapSignKeyType(key->keyType);
-
- if (slot == NULL) {
- if (mech.mechanism == CKM_DSA) {
- slot = PK11_GetInternalSlot(); /* use internal slot for
- DSA verify */
- } else {
- slot = PK11_GetBestSlot(mech.mechanism,wincx);
- };
-
- if (slot == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return SECFailure;
- }
- id = PK11_ImportPublicKey(slot,key,PR_FALSE);
-
- }
-
- session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_VerifyInit(session,&mech,id);
- if (crv != CKR_OK) {
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- crv = PK11_GETTAB(slot)->C_Verify(session,hash->data,
- hash->len, sig->data, sig->len);
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * sign a hash. The algorithm is determined by the key.
- */
-SECStatus
-PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash)
-{
- PK11SlotInfo *slot = key->pkcs11Slot;
- CK_MECHANISM mech = {0, NULL, 0 };
- PRBool owner = PR_TRUE;
- CK_SESSION_HANDLE session;
- CK_ULONG len;
- CK_RV crv;
-
- mech.mechanism = pk11_mapSignKeyType(key->keyType);
-
- PK11_HandlePasswordCheck(slot, key->wincx);
-
- session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_SignInit(session,&mech,key->pkcs11ID);
- if (crv != CKR_OK) {
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- len = sig->len;
- crv = PK11_GETTAB(slot)->C_Sign(session,hash->data,
- hash->len, sig->data, &len);
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- sig->len = len;
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * Now SSL 2.0 uses raw RSA stuff. These next to functions *must* use
- * RSA keys, or they'll fail. We do the checks up front. If anyone comes
- * up with a meaning for rawdecrypt for any other public key operation,
- * then we need to move this check into some of PK11_PubDecrypt callers,
- * (namely SSL 2.0).
- */
-SECStatus
-PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data,
- unsigned *outLen, unsigned int maxLen, unsigned char *enc,
- unsigned encLen)
-{
- PK11SlotInfo *slot = key->pkcs11Slot;
- CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 };
- CK_ULONG out = maxLen;
- PRBool owner = PR_TRUE;
- CK_SESSION_HANDLE session;
- CK_RV crv;
-
- if (key->keyType != rsaKey) {
- PORT_SetError( SEC_ERROR_INVALID_KEY );
- return SECFailure;
- }
-
- /* Why do we do a PK11_handle check here? for simple
- * decryption? .. because the user may have asked for 'ask always'
- * and this is a private key operation. In practice, thought, it's mute
- * since only servers wind up using this function */
- PK11_HandlePasswordCheck(slot, key->wincx);
- session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_DecryptInit(session,&mech,key->pkcs11ID);
- if (crv != CKR_OK) {
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- crv = PK11_GETTAB(slot)->C_Decrypt(session,enc, encLen,
- data, &out);
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- *outLen = out;
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/* The encrypt version of the above function */
-SECStatus
-PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc,
- unsigned char *data, unsigned dataLen, void *wincx)
-{
- PK11SlotInfo *slot;
- CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 };
- CK_OBJECT_HANDLE id;
- CK_ULONG out = dataLen;
- PRBool owner = PR_TRUE;
- CK_SESSION_HANDLE session;
- CK_RV crv;
-
- if (key->keyType != rsaKey) {
- PORT_SetError( SEC_ERROR_BAD_KEY );
- return SECFailure;
- }
-
- slot = PK11_GetBestSlot(mech.mechanism, wincx);
- if (slot == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return SECFailure;
- }
-
- id = PK11_ImportPublicKey(slot,key,PR_FALSE);
-
- session = pk11_GetNewSession(slot,&owner);
- if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_EncryptInit(session,&mech,id);
- if (crv != CKR_OK) {
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- crv = PK11_GETTAB(slot)->C_Encrypt(session,data,dataLen,enc,&out);
- if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
- pk11_CloseSession(slot,session,owner);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- return SECSuccess;
-}
-
-
-/**********************************************************************
- *
- * Now Deal with Crypto Contexts
- *
- **********************************************************************/
-
-/*
- * the monitors...
- */
-void
-PK11_EnterContextMonitor(PK11Context *cx) {
- /* if we own the session and our slot is ThreadSafe, only monitor
- * the Context */
- if ((cx->ownSession) && (cx->slot->isThreadSafe)) {
- /* Should this use monitors instead? */
- PR_Lock(cx->sessionLock);
- } else {
- PK11_EnterSlotMonitor(cx->slot);
- }
-}
-
-void
-PK11_ExitContextMonitor(PK11Context *cx) {
- /* if we own the session and our slot is ThreadSafe, only monitor
- * the Context */
- if ((cx->ownSession) && (cx->slot->isThreadSafe)) {
- /* Should this use monitors instead? */
- PR_Unlock(cx->sessionLock);
- } else {
- PK11_ExitSlotMonitor(cx->slot);
- }
-}
-
-/*
- * Free up a Cipher Context
- */
-void
-PK11_DestroyContext(PK11Context *context, PRBool freeit)
-{
- pk11_CloseSession(context->slot,context->session,context->ownSession);
- /* initialize the critical fields of the context */
- if (context->savedData != NULL ) PORT_Free(context->savedData);
- if (context->key) PK11_FreeSymKey(context->key);
- if (context->param) SECITEM_FreeItem(context->param, PR_TRUE);
- if (context->sessionLock) PR_DestroyLock(context->sessionLock);
- PK11_FreeSlot(context->slot);
- if (freeit) PORT_Free(context);
-}
-
-/*
- * save the current context. Allocate Space if necessary.
- */
-static void *
-pk11_saveContextHelper(PK11Context *context, void *space,
- unsigned long *savedLength, PRBool staticBuffer, PRBool recurse)
-{
- CK_ULONG length;
- CK_RV crv;
-
- if (staticBuffer) PORT_Assert(space != NULL);
-
- if (space == NULL) {
- crv =PK11_GETTAB(context->slot)->C_GetOperationState(context->session,
- NULL,&length);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return NULL;
- }
- space = PORT_Alloc(length);
- if (space == NULL) return NULL;
- *savedLength = length;
- }
- crv = PK11_GETTAB(context->slot)->C_GetOperationState(context->session,
- (CK_BYTE_PTR)space,savedLength);
- if (!staticBuffer && !recurse && (crv == CKR_BUFFER_TOO_SMALL)) {
- if (!staticBuffer) PORT_Free(space);
- return pk11_saveContextHelper(context, NULL,
- savedLength, PR_FALSE, PR_TRUE);
- }
- if (crv != CKR_OK) {
- if (!staticBuffer) PORT_Free(space);
- PORT_SetError( PK11_MapError(crv) );
- return NULL;
- }
- return space;
-}
-
-void *
-pk11_saveContext(PK11Context *context, void *space, unsigned long *savedLength)
-{
- return pk11_saveContextHelper(context, space,
- savedLength, PR_FALSE, PR_FALSE);
-}
-
-/*
- * restore the current context
- */
-SECStatus
-pk11_restoreContext(PK11Context *context,void *space, unsigned long savedLength)
-{
- CK_RV crv;
- CK_OBJECT_HANDLE objectID = (context->key) ? context->key->objectID:
- CK_INVALID_KEY;
-
- PORT_Assert(space != NULL);
- if (space == NULL) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- crv = PK11_GETTAB(context->slot)->C_SetOperationState(context->session,
- (CK_BYTE_PTR)space, savedLength, objectID, 0);
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv));
- return SECFailure;
- }
- return SECSuccess;
-}
-
-SECStatus pk11_Finalize(PK11Context *context);
-
-/*
- * Context initialization. Used by all flavors of CreateContext
- */
-static SECStatus
-pk11_context_init(PK11Context *context, CK_MECHANISM *mech_info)
-{
- CK_RV crv;
- PK11SymKey *symKey = context->key;
- SECStatus rv = SECSuccess;
-
- switch (context->operation) {
- case CKA_ENCRYPT:
- crv=PK11_GETTAB(context->slot)->C_EncryptInit(context->session,
- mech_info, symKey->objectID);
- break;
- case CKA_DECRYPT:
- if (context->fortezzaHack) {
- CK_ULONG count = 0;;
- /* generate the IV for fortezza */
- crv=PK11_GETTAB(context->slot)->C_EncryptInit(context->session,
- mech_info, symKey->objectID);
- if (crv != CKR_OK) break;
- PK11_GETTAB(context->slot)->C_EncryptFinal(context->session,
- NULL, &count);
- }
- crv=PK11_GETTAB(context->slot)->C_DecryptInit(context->session,
- mech_info, symKey->objectID);
- break;
- case CKA_SIGN:
- crv=PK11_GETTAB(context->slot)->C_SignInit(context->session,
- mech_info, symKey->objectID);
- break;
- case CKA_VERIFY:
- crv=PK11_GETTAB(context->slot)->C_SignInit(context->session,
- mech_info, symKey->objectID);
- break;
- case CKA_DIGEST:
- crv=PK11_GETTAB(context->slot)->C_DigestInit(context->session,
- mech_info);
- break;
- default:
- crv = CKR_OPERATION_NOT_INITIALIZED;
- break;
- }
-
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
-
- /*
- * handle session starvation case.. use our last session to multiplex
- */
- if (!context->ownSession) {
- context->savedData = pk11_saveContext(context,context->savedData,
- &context->savedLength);
- if (context->savedData == NULL) rv = SECFailure;
- /* clear out out session for others to use */
- pk11_Finalize(context);
- }
- return rv;
-}
-
-
-/*
- * Common Helper Function do come up with a new context.
- */
-static PK11Context *pk11_CreateNewContextInSlot(CK_MECHANISM_TYPE type,
- PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey,
- SECItem *param)
-{
- CK_MECHANISM mech_info;
- PK11Context *context;
- SECStatus rv;
-
- context = (PK11Context *) PORT_Alloc(sizeof(PK11Context));
- if (context == NULL) {
- return NULL;
- }
-
- /* now deal with the fortezza hack... the fortezza hack is an attempt
- * to get around the issue of the card not allowing you to do a FORTEZZA
- * LoadIV/Encrypt, which was added because such a combination could be
- * use to circumvent the key escrow system. Unfortunately SSL needs to
- * do this kind of operation, so in SSL we do a loadIV (to verify it),
- * Then GenerateIV, and through away the first 8 bytes on either side
- * of the connection.*/
- context->fortezzaHack = PR_FALSE;
- if (type == CKM_SKIPJACK_CBC64) {
- if (symKey->origin == PK11_OriginFortezzaHack) {
- context->fortezzaHack = PR_TRUE;
- }
- }
-
- /* initialize the critical fields of the context */
- context->operation = operation;
- context->key = symKey ? PK11_ReferenceSymKey(symKey) : NULL;
- context->slot = PK11_ReferenceSlot(slot);
- context->session = pk11_GetNewSession(slot,&context->ownSession);
- context->cx = symKey ? symKey->cx : NULL;
- /* get our session */
- context->savedData = NULL;
-
- /* save the parameters so that some digesting stuff can do multiple
- * begins on a single context */
- context->type = type;
- context->param = SECITEM_DupItem(param);
- context->init = PR_FALSE;
- context->sessionLock = PR_NewLock();
- if ((context->param == NULL) || (context->sessionLock == NULL)) {
- PK11_DestroyContext(context,PR_TRUE);
- return NULL;
- }
-
- mech_info.mechanism = type;
- mech_info.pParameter = param->data;
- mech_info.ulParameterLen = param->len;
- PK11_EnterContextMonitor(context);
- rv = pk11_context_init(context,&mech_info);
- PK11_ExitContextMonitor(context);
-
- if (rv != SECSuccess) {
- PK11_DestroyContext(context,PR_TRUE);
- return NULL;
- }
- context->init = PR_TRUE;
- return context;
-}
-
-
-/*
- * put together the various PK11_Create_Context calls used by different
- * parts of libsec.
- */
-PK11Context *
-PK11_CreateContextByRawKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
- PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key,
- SECItem *param, void *wincx)
-{
- PK11SymKey *symKey;
- PK11Context *context;
-
- /* first get a slot */
- if (slot == NULL) {
- slot = PK11_GetBestSlot(type,wincx);
- if (slot == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return NULL;
- }
- } else {
- PK11_ReferenceSlot(slot);
- }
-
- /* now import the key */
- symKey = PK11_ImportSymKey(slot, type, origin, operation, key, wincx);
- if (symKey == NULL) return NULL;
-
- context = PK11_CreateContextBySymKey(type, operation, symKey, param);
-
- PK11_FreeSymKey(symKey);
- PK11_FreeSlot(slot);
-
- return context;
-}
-
-
-/*
- * Create a context from a key. We really should make sure we aren't using
- * the same key in multiple session!
- */
-PK11Context *
-PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type,CK_ATTRIBUTE_TYPE operation,
- PK11SymKey *symKey, SECItem *param)
-{
- PK11SymKey *newKey;
- PK11Context *context;
-
- /* if this slot doesn't support the mechanism, go to a slot that does */
- newKey = pk11_ForceSlot(symKey,type,operation);
- if (newKey == NULL) {
- PK11_ReferenceSymKey(symKey);
- } else {
- symKey = newKey;
- }
-
-
- /* Context Adopts the symKey.... */
- context = pk11_CreateNewContextInSlot(type, symKey->slot, operation, symKey,
- param);
- PK11_FreeSymKey(symKey);
- return context;
-}
-
-/*
- * Digest contexts don't need keys, but the do need to find a slot.
- * Macing should use PK11_CreateContextBySymKey.
- */
-PK11Context *
-PK11_CreateDigestContext(SECOidTag hashAlg)
-{
- /* digesting has to work without authentication to the slot */
- CK_MECHANISM_TYPE type;
- PK11SlotInfo *slot;
- PK11Context *context;
- SECItem param;
-
- type = PK11_AlgtagToMechanism(hashAlg);
- slot = PK11_GetBestSlot(type, NULL);
- if (slot == NULL) {
- PORT_SetError( SEC_ERROR_NO_MODULE );
- return NULL;
- }
-
- /* maybe should really be PK11_GenerateNewParam?? */
- param.data = NULL;
- param.len = 0;
-
- context = pk11_CreateNewContextInSlot(type, slot, CKA_DIGEST, NULL, &param);
- PK11_FreeSlot(slot);
- return context;
-}
-
-/*
- * create a new context which is the clone of the state of old context.
- */
-PK11Context * PK11_CloneContext(PK11Context *old)
-{
- PK11Context *newcx;
- PRBool needFree = PR_FALSE;
- SECStatus rv = SECSuccess;
- void *data;
- unsigned long len;
-
- newcx = pk11_CreateNewContextInSlot(old->type, old->slot, old->operation,
- old->key, old->param);
- if (newcx == NULL) return NULL;
-
- /* now clone the save state. First we need to find the save state
- * of the old session. If the old context owns it's session,
- * the state needs to be saved, otherwise the state is in saveData. */
- if (old->ownSession) {
- PK11_EnterContextMonitor(old);
- data=pk11_saveContext(old,NULL,&len);
- PK11_ExitContextMonitor(old);
- needFree = PR_TRUE;
- } else {
- data = old->savedData;
- len = old->savedLength;
- }
-
- if (data == NULL) {
- PK11_DestroyContext(newcx,PR_TRUE);
- return NULL;
- }
-
- /* now copy that state into our new context. Again we have different
- * work if the new context owns it's own session. If it does, we
- * restore the state gathered above. If it doesn't, we copy the
- * saveData pointer... */
- if (newcx->ownSession) {
- PK11_EnterContextMonitor(newcx);
- rv = pk11_restoreContext(newcx,data,len);
- PK11_ExitContextMonitor(newcx);
- } else {
- PORT_Assert(newcx->savedData != NULL);
- if ((newcx->savedData == NULL) || (newcx->savedLength < len)) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- rv = SECFailure;
- } else {
- PORT_Memcpy(newcx->savedData,data,len);
- newcx->savedLength = len;
- }
- }
-
- if (needFree) PORT_Free(data);
-
- if (rv != SECSuccess) {
- PK11_DestroyContext(newcx,PR_TRUE);
- return NULL;
- }
- return newcx;
-}
-
-/*
- * save the current context state into a variable. Required to make FORTEZZA
- * work.
- */
-SECStatus
-PK11_SaveContext(PK11Context *cx,unsigned char *save,int *len, int saveLength)
-{
- unsigned char * data = NULL;
- CK_ULONG length = saveLength;
-
- if (cx->ownSession) {
- PK11_EnterContextMonitor(cx);
- data = (unsigned char*)pk11_saveContextHelper(cx,save,&length,
- PR_FALSE,PR_FALSE);
- PK11_ExitContextMonitor(cx);
- if (data) *len = length;
- } else if (saveLength >= cx->savedLength) {
- data = (unsigned char*)cx->savedData;
- if (cx->savedData) {
- PORT_Memcpy(save,cx->savedData,cx->savedLength);
- }
- *len = cx->savedLength;
- }
- return (data != NULL) ? SECSuccess : SECFailure;
-}
-
-/*
- * restore the context state into a new running context. Also required for
- * FORTEZZA .
- */
-SECStatus
-PK11_RestoreContext(PK11Context *cx,unsigned char *save,int len)
-{
- SECStatus rv = SECSuccess;
- if (cx->ownSession) {
- PK11_EnterContextMonitor(cx);
- pk11_Finalize(cx);
- rv = pk11_restoreContext(cx,save,len);
- PK11_ExitContextMonitor(cx);
- } else {
- PORT_Assert(cx->savedData != NULL);
- if ((cx->savedData == NULL) || (cx->savedLength < (unsigned) len)) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- rv = SECFailure;
- } else {
- PORT_Memcpy(cx->savedData,save,len);
- cx->savedLength = len;
- }
- }
- return rv;
-}
-
-/*
- * This is to get FIPS compliance until we can convert
- * libjar to use PK11_ hashing functions. It returns PR_FALSE
- * if we can't get a PK11 Context.
- */
-PRBool
-PK11_HashOK(SECOidTag algID) {
- PK11Context *cx;
-
- cx = PK11_CreateDigestContext(algID);
- if (cx == NULL) return PR_FALSE;
- PK11_DestroyContext(cx, PR_TRUE);
- return PR_TRUE;
-}
-
-
-
-/*
- * start a new digesting or Mac'ing operation on this context
- */
-SECStatus PK11_DigestBegin(PK11Context *cx)
-{
- CK_MECHANISM mech_info;
- SECStatus rv;
-
- if (cx->init == PR_TRUE) {
- return SECSuccess;
- }
-
- /*
- * make sure the old context is clear first
- */
- PK11_EnterContextMonitor(cx);
- pk11_Finalize(cx);
-
- mech_info.mechanism = cx->type;
- mech_info.pParameter = cx->param->data;
- mech_info.ulParameterLen = cx->param->len;
- rv = pk11_context_init(cx,&mech_info);
- PK11_ExitContextMonitor(cx);
-
- if (rv != SECSuccess) {
- return SECFailure;
- }
- cx->init = PR_TRUE;
- return SECSuccess;
-}
-
-SECStatus
-PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in,
- int32 len) {
- PK11Context *context;
- unsigned int max_length;
- unsigned int out_length;
- SECStatus rv;
-
- context = PK11_CreateDigestContext(hashAlg);
- if (context == NULL) return SECFailure;
-
- rv = PK11_DigestBegin(context);
- if (rv != SECSuccess) {
- PK11_DestroyContext(context, PR_TRUE);
- return rv;
- }
-
- rv = PK11_DigestOp(context, in, len);
- if (rv != SECSuccess) {
- PK11_DestroyContext(context, PR_TRUE);
- return rv;
- }
-
- /* we need the output length ... maybe this should be table driven...*/
- switch (hashAlg) {
- case SEC_OID_SHA1: max_length = SHA1_LENGTH; break;
- case SEC_OID_MD2: max_length = MD2_LENGTH; break;
- case SEC_OID_MD5: max_length = MD5_LENGTH; break;
- default: max_length = 16; break;
- }
-
- rv = PK11_DigestFinal(context,out,&out_length,max_length);
- PK11_DestroyContext(context, PR_TRUE);
- return rv;
-}
-
-
-/*
- * execute a bulk encryption operation
- */
-SECStatus
-PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen,
- int maxout, unsigned char *in, int inlen)
-{
- CK_RV crv = CKR_OK;
- CK_ULONG length = maxout;
- CK_ULONG offset =0;
- PK11SymKey *symKey = context->key;
- SECStatus rv = SECSuccess;
- unsigned char *saveOut = out;
- unsigned char *allocOut = NULL;
-
- /* if we ran out of session, we need to restore our previously stored
- * state.
- */
- PK11_EnterContextMonitor(context);
- if (!context->ownSession) {
- rv = pk11_restoreContext(context,context->savedData,
- context->savedLength);
- if (rv != SECSuccess) {
- PK11_ExitContextMonitor(context);
- return rv;
- }
- }
-
- /*
- * The fortezza hack is to send 8 extra bytes on the first encrypted and
- * loose them on the first decrypt.
- */
- if (context->fortezzaHack) {
- unsigned char random[8];
- if (context->operation == CKA_ENCRYPT) {
- PK11_ExitContextMonitor(context);
- rv = PK11_GenerateRandom(random,sizeof(random));
- PK11_EnterContextMonitor(context);
-
- /* since we are offseting the output, we can't encrypt back into
- * the same buffer... allocate a temporary buffer just for this
- * call. */
- allocOut = out = (unsigned char*)PORT_Alloc(maxout);
- if (out == NULL) {
- PK11_ExitContextMonitor(context);
- return SECFailure;
- }
- crv = PK11_GETTAB(context->slot)->C_EncryptUpdate(context->session,
- random,sizeof(random),out,&length);
-
- out += length;
- maxout -= length;
- offset = length;
- } else if (context->operation == CKA_DECRYPT) {
- length = sizeof(random);
- crv = PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session,
- in,sizeof(random),random,&length);
- inlen -= length;
- in += length;
- context->fortezzaHack = PR_FALSE;
- }
- }
-
- switch (context->operation) {
- case CKA_ENCRYPT:
- length = maxout;
- crv=PK11_GETTAB(context->slot)->C_EncryptUpdate(context->session,
- in, inlen, out, &length);
- length += offset;
- break;
- case CKA_DECRYPT:
- length = maxout;
- crv=PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session,
- in, inlen, out, &length);
- break;
- default:
- crv = CKR_OPERATION_NOT_INITIALIZED;
- break;
- }
-
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- *outlen = 0;
- rv = SECFailure;
- } else {
- *outlen = length;
- }
-
- if (context->fortezzaHack) {
- if (context->operation == CKA_ENCRYPT) {
- PORT_Assert(allocOut);
- PORT_Memcpy(saveOut, allocOut, length);
- PORT_Free(allocOut);
- }
- context->fortezzaHack = PR_FALSE;
- }
-
- /*
- * handle session starvation case.. use our last session to multiplex
- */
- if (!context->ownSession) {
- context->savedData = pk11_saveContext(context,context->savedData,
- &context->savedLength);
- if (context->savedData == NULL) rv = SECFailure;
-
- /* clear out out session for others to use */
- pk11_Finalize(context);
- }
- PK11_ExitContextMonitor(context);
- return rv;
-}
-
-/*
- * execute a digest/signature operation
- */
-SECStatus
-PK11_DigestOp(PK11Context *context, const unsigned char * in, unsigned inLen)
-{
- CK_RV crv = CKR_OK;
- SECStatus rv = SECSuccess;
-
- /* if we ran out of session, we need to restore our previously stored
- * state.
- */
- context->init = PR_FALSE;
- PK11_EnterContextMonitor(context);
- if (!context->ownSession) {
- rv = pk11_restoreContext(context,context->savedData,
- context->savedLength);
- if (rv != SECSuccess) {
- PK11_ExitContextMonitor(context);
- return rv;
- }
- }
-
- switch (context->operation) {
- /* also for MAC'ing */
- case CKA_SIGN:
- crv=PK11_GETTAB(context->slot)->C_SignUpdate(context->session,
- (unsigned char *)in,
- inLen);
- break;
- case CKA_VERIFY:
- crv=PK11_GETTAB(context->slot)->C_VerifyUpdate(context->session,
- (unsigned char *)in,
- inLen);
- break;
- case CKA_DIGEST:
- crv=PK11_GETTAB(context->slot)->C_DigestUpdate(context->session,
- (unsigned char *)in,
- inLen);
- break;
- default:
- crv = CKR_OPERATION_NOT_INITIALIZED;
- break;
- }
-
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- rv = SECFailure;
- }
-
- /*
- * handle session starvation case.. use our last session to multiplex
- */
- if (!context->ownSession) {
- context->savedData = pk11_saveContext(context,context->savedData,
- &context->savedLength);
- if (context->savedData == NULL) rv = SECFailure;
-
- /* clear out out session for others to use */
- pk11_Finalize(context);
- }
- PK11_ExitContextMonitor(context);
- return rv;
-}
-
-/*
- * Digest a key if possible./
- */
-SECStatus
-PK11_DigestKey(PK11Context *context, PK11SymKey *key)
-{
- CK_RV crv = CKR_OK;
- SECStatus rv = SECSuccess;
- PK11SymKey *newKey = NULL;
-
- /* if we ran out of session, we need to restore our previously stored
- * state.
- */
- if (context->slot != key->slot) {
- newKey = pk11_CopyToSlot(context->slot,CKM_SSL3_SHA1_MAC,CKA_SIGN,key);
- } else {
- newKey = PK11_ReferenceSymKey(key);
- }
-
- context->init = PR_FALSE;
- PK11_EnterContextMonitor(context);
- if (!context->ownSession) {
- rv = pk11_restoreContext(context,context->savedData,
- context->savedLength);
- if (rv != SECSuccess) {
- PK11_ExitContextMonitor(context);
- PK11_FreeSymKey(newKey);
- return rv;
- }
- }
-
-
- if (newKey == NULL) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- if (key->data.data) {
- crv=PK11_GETTAB(context->slot)->C_DigestUpdate(context->session,
- key->data.data,key->data.len);
- }
- } else {
- crv=PK11_GETTAB(context->slot)->C_DigestKey(context->session,
- newKey->objectID);
- }
-
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- rv = SECFailure;
- }
-
- /*
- * handle session starvation case.. use our last session to multiplex
- */
- if (!context->ownSession) {
- context->savedData = pk11_saveContext(context,context->savedData,
- &context->savedLength);
- if (context->savedData == NULL) rv = SECFailure;
-
- /* clear out out session for others to use */
- pk11_Finalize(context);
- }
- PK11_ExitContextMonitor(context);
- if (newKey) PK11_FreeSymKey(newKey);
- return rv;
-}
-
-/*
- * externally callable version of the lowercase pk11_finalize().
- */
-SECStatus
-PK11_Finalize(PK11Context *context) {
- SECStatus rv;
-
- PK11_EnterContextMonitor(context);
- rv = pk11_Finalize(context);
- PK11_ExitContextMonitor(context);
- return rv;
-}
-
-/*
- * clean up a cipher operation, so the session can be used by
- * someone new.
- */
-SECStatus
-pk11_Finalize(PK11Context *context)
-{
- CK_ULONG count = 0;
- CK_RV crv;
-
- if (!context->ownSession) {
- return SECSuccess;
- }
-
- switch (context->operation) {
- case CKA_ENCRYPT:
- crv=PK11_GETTAB(context->slot)->C_EncryptFinal(context->session,
- NULL,&count);
- break;
- case CKA_DECRYPT:
- crv = PK11_GETTAB(context->slot)->C_DecryptFinal(context->session,
- NULL,&count);
- break;
- case CKA_SIGN:
- crv=PK11_GETTAB(context->slot)->C_SignFinal(context->session,
- NULL,&count);
- break;
- case CKA_VERIFY:
- crv=PK11_GETTAB(context->slot)->C_VerifyFinal(context->session,
- NULL,count);
- break;
- case CKA_DIGEST:
- crv=PK11_GETTAB(context->slot)->C_DigestFinal(context->session,
- NULL,&count);
- break;
- default:
- crv = CKR_OPERATION_NOT_INITIALIZED;
- break;
- }
-
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * Return the final digested or signed data...
- * this routine can either take pre initialized data, or allocate data
- * either out of an arena or out of the standard heap.
- */
-SECStatus
-PK11_DigestFinal(PK11Context *context,unsigned char *data,
- unsigned int *outLen, unsigned int length)
-{
- CK_ULONG len;
- CK_RV crv;
- SECStatus rv;
-
-
- /* if we ran out of session, we need to restore our previously stored
- * state.
- */
- PK11_EnterContextMonitor(context);
- if (!context->ownSession) {
- rv = pk11_restoreContext(context,context->savedData,
- context->savedLength);
- if (rv != SECSuccess) {
- PK11_ExitContextMonitor(context);
- return rv;
- }
- }
-
- len = length;
- switch (context->operation) {
- case CKA_SIGN:
- crv=PK11_GETTAB(context->slot)->C_SignFinal(context->session,
- data,&len);
- break;
- case CKA_VERIFY:
- crv=PK11_GETTAB(context->slot)->C_VerifyFinal(context->session,
- data,len);
- break;
- case CKA_DIGEST:
- crv=PK11_GETTAB(context->slot)->C_DigestFinal(context->session,
- data,&len);
- break;
- case CKA_ENCRYPT:
- crv=PK11_GETTAB(context->slot)->C_EncryptFinal(context->session,
- data, &len);
- break;
- case CKA_DECRYPT:
- crv = PK11_GETTAB(context->slot)->C_DecryptFinal(context->session,
- data, &len);
- break;
- default:
- crv = CKR_OPERATION_NOT_INITIALIZED;
- break;
- }
- PK11_ExitContextMonitor(context);
-
- *outLen = (unsigned int) len;
- context->init = PR_FALSE; /* allow Begin to start up again */
-
-
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/****************************************************************************
- *
- * Now Do The PBE Functions Here...
- *
- ****************************************************************************/
-
-SECAlgorithmID *
-PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt)
-{
- SECAlgorithmID *algid;
-
- algid = SEC_PKCS5CreateAlgorithmID(algorithm, salt, iteration);
- return algid;
-}
-
-PK11SymKey *
-PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem,
- PRBool faulty3DES, void *wincx)
-{
- /* pbe stuff */
- CK_PBE_PARAMS *pbe_params;
- CK_MECHANISM_TYPE type;
- SECItem *mech;
- PK11SymKey *symKey;
-
- mech = PK11_ParamFromAlgid(algid);
- type = PK11_AlgtagToMechanism(SECOID_FindOIDTag(&algid->algorithm));
- if(faulty3DES && (type == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC)) {
- type = CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC;
- }
- if(mech == NULL) {
- return NULL;
- }
-
- pbe_params = (CK_PBE_PARAMS *)mech->data;
- pbe_params->pPassword = (CK_CHAR_PTR)PORT_ZAlloc(pwitem->len);
- if(pbe_params->pPassword != NULL) {
- PORT_Memcpy(pbe_params->pPassword, pwitem->data, pwitem->len);
- pbe_params->ulPasswordLen = pwitem->len;
- } else {
- SECITEM_ZfreeItem(mech, PR_TRUE);
- return NULL;
- }
-
- symKey = PK11_KeyGen(slot, type, mech, 0, wincx);
-
- PORT_ZFree(pbe_params->pPassword, pwitem->len);
- SECITEM_ZfreeItem(mech, PR_TRUE);
- return symKey;
-}
-
-
-SECStatus
-PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot,
- SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
- SECItem *nickname, SECItem *publicValue, PRBool isPerm,
- PRBool isPrivate, KeyType keyType, unsigned int keyUsage,
- void *wincx)
-{
- CK_MECHANISM_TYPE mechanism;
- SECItem *pbe_param, crypto_param;
- PK11SymKey *key = NULL;
- SECStatus rv = SECSuccess;
- CK_MECHANISM cryptoMech, pbeMech;
- CK_RV crv;
- SECKEYPrivateKey *privKey = NULL;
- PRBool faulty3DES = PR_FALSE;
- int usageCount;
- CK_KEY_TYPE key_type;
- CK_ATTRIBUTE_TYPE *usage;
- CK_ATTRIBUTE_TYPE rsaUsage[] = {
- CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER };
- CK_ATTRIBUTE_TYPE dsaUsage[] = { CKA_SIGN };
- CK_ATTRIBUTE_TYPE dhUsage[] = { CKA_DERIVE };
-
- if((epki == NULL) || (pwitem == NULL))
- return SECFailure;
-
- crypto_param.data = NULL;
-
- mechanism = PK11_AlgtagToMechanism(SECOID_FindOIDTag(
- &epki->algorithm.algorithm));
-
- switch (keyType) {
- default:
- case rsaKey:
- key_type = CKK_RSA;
- switch (keyUsage & (KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE)) {
- case KU_KEY_ENCIPHERMENT:
- usage = rsaUsage;
- usageCount = 2;
- break;
- case KU_DIGITAL_SIGNATURE:
- usage = &rsaUsage[2];
- usageCount = 2;
- break;
- case KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE:
- case 0: /* default to everything */
- usage = rsaUsage;
- usageCount = 4;
- break;
- }
- break;
- case dhKey:
- key_type = CKK_DH;
- usage = dhUsage;
- usageCount = sizeof(dhUsage)/sizeof(dhUsage[0]);
- break;
- case dsaKey:
- key_type = CKK_DSA;
- usage = dsaUsage;
- usageCount = sizeof(dsaUsage)/sizeof(dsaUsage[0]);
- break;
- }
-
-try_faulty_3des:
- pbe_param = PK11_ParamFromAlgid(&epki->algorithm);
-
- key = PK11_PBEKeyGen(slot, &epki->algorithm, pwitem, faulty3DES, wincx);
- if((key == NULL) || (pbe_param == NULL)) {
- rv = SECFailure;
- goto done;
- }
-
- pbeMech.mechanism = mechanism;
- pbeMech.pParameter = pbe_param->data;
- pbeMech.ulParameterLen = pbe_param->len;
-
- crv = PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech,
- pwitem, faulty3DES);
- if(crv != CKR_OK) {
- rv = SECFailure;
- goto done;
- }
-
- cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMech.mechanism);
- crypto_param.data = (unsigned char*)cryptoMech.pParameter;
- crypto_param.len = cryptoMech.ulParameterLen;
-
- privKey = PK11_UnwrapPrivKey(slot, key, cryptoMech.mechanism,
- &crypto_param, &epki->encryptedData,
- nickname, publicValue, isPerm, isPrivate,
- key_type, usage, usageCount, wincx);
- if(privKey) {
- SECKEY_DestroyPrivateKey(privKey);
- privKey = NULL;
- rv = SECSuccess;
- goto done;
- }
-
- /* if we are unable to import the key and the mechanism is
- * CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, then it is possible that
- * the encrypted blob was created with a buggy key generation method
- * which is described in the PKCS 12 implementation notes. So we
- * need to try importing via that method.
- */
- if((mechanism == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC) && (!faulty3DES)) {
- /* clean up after ourselves before redoing the key generation. */
-
- PK11_FreeSymKey(key);
- key = NULL;
-
- if(pbe_param) {
- SECITEM_ZfreeItem(pbe_param, PR_TRUE);
- pbe_param = NULL;
- }
-
- if(crypto_param.data) {
- SECITEM_ZfreeItem(&crypto_param, PR_FALSE);
- crypto_param.data = NULL;
- cryptoMech.pParameter = NULL;
- crypto_param.len = cryptoMech.ulParameterLen = 0;
- }
-
- faulty3DES = PR_TRUE;
- goto try_faulty_3des;
- }
-
- /* key import really did fail */
- rv = SECFailure;
-
-done:
- if(pbe_param != NULL) {
- SECITEM_ZfreeItem(pbe_param, PR_TRUE);
- pbe_param = NULL;
- }
-
- if(crypto_param.data != NULL) {
- SECITEM_ZfreeItem(&crypto_param, PR_FALSE);
- }
-
- if(key != NULL) {
- PK11_FreeSymKey(key);
- }
-
- return rv;
-}
-
-/*
- * import a private key info into the desired slot
- */
-SECStatus
-PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki,
- SECItem *nickname, SECItem *publicValue, PRBool isPerm,
- PRBool isPrivate, unsigned int keyUsage, void *wincx)
-{
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
- CK_KEY_TYPE keyType = CKK_RSA;
- CK_OBJECT_HANDLE objectID;
- CK_ATTRIBUTE theTemplate[20];
- int templateCount = 0;
- SECStatus rv = SECFailure;
- SECKEYLowPrivateKey *lpk = NULL;
- const SEC_ASN1Template *keyTemplate, *paramTemplate;
- void *paramDest = NULL;
- PRArenaPool *arena;
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *signedattr = NULL;
- int signedcount = 0;
- CK_ATTRIBUTE *ap;
- SECItem *ck_id = NULL;
-
- arena = PORT_NewArena(2048);
- if(!arena) {
- return SECFailure;
- }
-
- /* need to change this to use RSA/DSA keys */
- lpk = (SECKEYLowPrivateKey *)PORT_ArenaZAlloc(arena,
- sizeof(SECKEYLowPrivateKey));
- if(lpk == NULL) {
- goto loser;
- }
- lpk->arena = arena;
-
- attrs = theTemplate;
- switch(SECOID_GetAlgorithmTag(&pki->algorithm)) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- keyTemplate = SECKEY_RSAPrivateKeyTemplate;
- paramTemplate = NULL;
- paramDest = NULL;
- lpk->keyType = rsaKey;
- keyType = CKK_RSA;
- break;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- if(!publicValue) {
- goto loser;
- }
- keyTemplate = SECKEY_DSAPrivateKeyExportTemplate;
- paramTemplate = SECKEY_PQGParamsTemplate;
- paramDest = &(lpk->u.dsa.params);
- lpk->keyType = dsaKey;
- keyType = CKK_DSA;
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY:
- if(!publicValue) {
- goto loser;
- }
- keyTemplate = SECKEY_DHPrivateKeyExportTemplate;
- paramTemplate = NULL;
- paramDest = NULL;
- lpk->keyType = dhKey;
- keyType = CKK_DH;
- break;
-
- default:
- keyTemplate = NULL;
- paramTemplate = NULL;
- paramDest = NULL;
- break;
- }
-
- if(!keyTemplate) {
- goto loser;
- }
-
- /* decode the private key and any algorithm parameters */
- rv = SEC_ASN1DecodeItem(arena, lpk, keyTemplate, &pki->privateKey);
- if(rv != SECSuccess) {
- goto loser;
- }
- if(paramDest && paramTemplate) {
- rv = SEC_ASN1DecodeItem(arena, paramDest, paramTemplate,
- &(pki->algorithm.parameters));
- if(rv != SECSuccess) {
- goto loser;
- }
- }
-
- PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass) ); attrs++;
- PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType) ); attrs++;
- PK11_SETATTRS(attrs, CKA_TOKEN, isPerm ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL) ); attrs++;
- PK11_SETATTRS(attrs, CKA_SENSITIVE, isPrivate ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL) ); attrs++;
- PK11_SETATTRS(attrs, CKA_PRIVATE, isPrivate ? &cktrue : &ckfalse,
- sizeof(CK_BBOOL) ); attrs++;
-
- switch (lpk->keyType) {
- case rsaKey:
- PK11_SETATTRS(attrs, CKA_UNWRAP, (keyUsage & KU_KEY_ENCIPHERMENT) ?
- &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++;
- PK11_SETATTRS(attrs, CKA_DECRYPT, (keyUsage & KU_DATA_ENCIPHERMENT) ?
- &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++;
- PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ?
- &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++;
- PK11_SETATTRS(attrs, CKA_SIGN_RECOVER,
- (keyUsage & KU_DIGITAL_SIGNATURE) ?
- &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++;
- ck_id = PK11_MakeIDFromPubKey(&lpk->u.rsa.modulus);
- if (ck_id == NULL) {
- goto loser;
- }
- PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++;
- if (nickname) {
- PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len); attrs++;
- }
- signedattr = attrs;
- PK11_SETATTRS(attrs, CKA_MODULUS, lpk->u.rsa.modulus.data,
- lpk->u.rsa.modulus.len); attrs++;
- PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT,
- lpk->u.rsa.publicExponent.data,
- lpk->u.rsa.publicExponent.len); attrs++;
- PK11_SETATTRS(attrs, CKA_PRIVATE_EXPONENT,
- lpk->u.rsa.privateExponent.data,
- lpk->u.rsa.privateExponent.len); attrs++;
- PK11_SETATTRS(attrs, CKA_PRIME_1,
- lpk->u.rsa.prime1.data,
- lpk->u.rsa.prime1.len); attrs++;
- PK11_SETATTRS(attrs, CKA_PRIME_2,
- lpk->u.rsa.prime2.data,
- lpk->u.rsa.prime2.len); attrs++;
- PK11_SETATTRS(attrs, CKA_EXPONENT_1,
- lpk->u.rsa.exponent1.data,
- lpk->u.rsa.exponent1.len); attrs++;
- PK11_SETATTRS(attrs, CKA_EXPONENT_2,
- lpk->u.rsa.exponent2.data,
- lpk->u.rsa.exponent2.len); attrs++;
- PK11_SETATTRS(attrs, CKA_COEFFICIENT,
- lpk->u.rsa.coefficient.data,
- lpk->u.rsa.coefficient.len); attrs++;
- break;
- case dsaKey:
- /* To make our intenal PKCS #11 module work correctly with
- * our database, we need to pass in the public key value for
- * this dsa key. We have a netscape only CKA_ value to do this.
- * Only send it to internal slots */
- if (PK11_IsInternal(slot)) {
- PK11_SETATTRS(attrs, CKA_NETSCAPE_DB,
- publicValue->data, publicValue->len); attrs++;
- }
- PK11_SETATTRS(attrs, CKA_SIGN, &cktrue, sizeof(CK_BBOOL)); attrs++;
- PK11_SETATTRS(attrs, CKA_SIGN_RECOVER, &cktrue, sizeof(CK_BBOOL)); attrs++;
- if(nickname) {
- PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len);
- attrs++;
- }
- ck_id = PK11_MakeIDFromPubKey(publicValue);
- if (ck_id == NULL) {
- goto loser;
- }
- PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++;
- signedattr = attrs;
- PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dsa.params.prime.data,
- lpk->u.dsa.params.prime.len); attrs++;
- PK11_SETATTRS(attrs,CKA_SUBPRIME,lpk->u.dsa.params.subPrime.data,
- lpk->u.dsa.params.subPrime.len); attrs++;
- PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dsa.params.base.data,
- lpk->u.dsa.params.base.len); attrs++;
- PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dsa.privateValue.data,
- lpk->u.dsa.privateValue.len); attrs++;
- break;
- case dhKey:
- /* To make our intenal PKCS #11 module work correctly with
- * our database, we need to pass in the public key value for
- * this dh key. We have a netscape only CKA_ value to do this.
- * Only send it to internal slots */
- if (PK11_IsInternal(slot)) {
- PK11_SETATTRS(attrs, CKA_NETSCAPE_DB,
- publicValue->data, publicValue->len); attrs++;
- }
- PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL)); attrs++;
- if(nickname) {
- PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len);
- attrs++;
- }
- ck_id = PK11_MakeIDFromPubKey(publicValue);
- if (ck_id == NULL) {
- goto loser;
- }
- PK11_SETATTRS(attrs, CKA_ID, ck_id->data,ck_id->len); attrs++;
- signedattr = attrs;
- PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dh.prime.data,
- lpk->u.dh.prime.len); attrs++;
- PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dh.base.data,
- lpk->u.dh.base.len); attrs++;
- PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dh.privateValue.data,
- lpk->u.dh.privateValue.len); attrs++;
- break;
- /* what about fortezza??? */
- default:
- PORT_SetError(SEC_ERROR_BAD_KEY);
- goto loser;
- }
- templateCount = attrs - theTemplate;
- PR_ASSERT(templateCount <= sizeof(theTemplate)/sizeof(CK_ATTRIBUTE));
- signedcount = attrs - signedattr;
-
- for (ap=signedattr; signedcount; ap++, signedcount--) {
- pk11_SignedToUnsigned(ap);
- }
-
- rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION,
- theTemplate, templateCount, isPerm, &objectID);
-
- if (ck_id) {
- SECITEM_ZfreeItem(ck_id, PR_TRUE);
- }
-
-loser:
- if (lpk!= NULL) {
- SECKEY_LowDestroyPrivateKey(lpk);
- }
-
- return rv;
-}
-
-SECKEYPrivateKeyInfo *
-PK11_ExportPrivateKeyInfo(CERTCertificate *cert, void *wincx)
-{
- return NULL;
-}
-
-static int
-pk11_private_key_encrypt_buffer_length(SECKEYPrivateKey *key)
-
-{
- CK_ATTRIBUTE rsaTemplate = { CKA_MODULUS, NULL, 0 };
- CK_ATTRIBUTE dsaTemplate = { CKA_PRIME, NULL, 0 };
- CK_ATTRIBUTE_PTR pTemplate;
- CK_RV crv;
- int length;
-
- if(!key) {
- return -1;
- }
-
- switch (key->keyType) {
- case rsaKey:
- pTemplate = &rsaTemplate;
- break;
- case dsaKey:
- case dhKey:
- pTemplate = &dsaTemplate;
- break;
- case fortezzaKey:
- default:
- pTemplate = NULL;
- }
-
- if(!pTemplate) {
- return -1;
- }
-
- crv = PK11_GetAttributes(NULL, key->pkcs11Slot, key->pkcs11ID,
- pTemplate, 1);
- if(crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return -1;
- }
-
- length = pTemplate->ulValueLen;
- length *= 10;
-
- if(pTemplate->pValue != NULL) {
- PORT_Free(pTemplate->pValue);
- }
-
- return length;
-}
-
-SECKEYEncryptedPrivateKeyInfo *
-PK11_ExportEncryptedPrivateKeyInfo(PK11SlotInfo *slot, SECOidTag algTag,
- SECItem *pwitem, CERTCertificate *cert, int iteration, void *wincx)
-{
- SECKEYEncryptedPrivateKeyInfo *epki = NULL;
- SECKEYPrivateKey *pk;
- PRArenaPool *arena = NULL;
- SECAlgorithmID *algid;
- CK_MECHANISM_TYPE mechanism;
- SECItem *pbe_param = NULL, crypto_param;
- PK11SymKey *key = NULL;
- SECStatus rv = SECSuccess;
- CK_MECHANISM pbeMech, cryptoMech;
- CK_RV crv;
- SECItem encryptedKey = {siBuffer,NULL,0};
- int encryptBufLen;
-
- if(!pwitem)
- return NULL;
-
- crypto_param.data = NULL;
-
- arena = PORT_NewArena(2048);
- epki = (SECKEYEncryptedPrivateKeyInfo *)PORT_ArenaZAlloc(arena,
- sizeof(SECKEYEncryptedPrivateKeyInfo));
- if(epki == NULL) {
- rv = SECFailure;
- goto loser;
- }
- epki->arena = arena;
- algid = SEC_PKCS5CreateAlgorithmID(algTag, NULL, iteration);
- if(algid == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- mechanism = PK11_AlgtagToMechanism(SECOID_FindOIDTag(&algid->algorithm));
- pbe_param = PK11_ParamFromAlgid(algid);
- pbeMech.mechanism = mechanism;
- pbeMech.pParameter = pbe_param->data;
- pbeMech.ulParameterLen = pbe_param->len;
- key = PK11_PBEKeyGen(slot, algid, pwitem, PR_FALSE, wincx);
-
- if((key == NULL) || (pbe_param == NULL)) {
- rv = SECFailure;
- goto loser;
- }
-
- crv = PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech,
- pwitem, PR_FALSE);
- if(crv != CKR_OK) {
- rv = SECFailure;
- goto loser;
- }
- cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMech.mechanism);
- crypto_param.data = (unsigned char *)cryptoMech.pParameter;
- crypto_param.len = cryptoMech.ulParameterLen;
-
- pk = PK11_FindKeyByAnyCert(cert, wincx);
- if(pk == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- encryptBufLen = pk11_private_key_encrypt_buffer_length(pk);
- if(encryptBufLen == -1) {
- rv = SECFailure;
- goto loser;
- }
- encryptedKey.len = (unsigned int)encryptBufLen;
- encryptedKey.data = (unsigned char *)PORT_ZAlloc(encryptedKey.len);
- if(!encryptedKey.data) {
- rv = SECFailure;
- goto loser;
- }
-
- /* we are extracting an encrypted privateKey structure.
- * which needs to be freed along with the buffer into which it is
- * returned. eventually, we should retrieve an encrypted key using
- * pkcs8/pkcs5.
- */
- PK11_EnterSlotMonitor(pk->pkcs11Slot);
- crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session,
- &cryptoMech, key->objectID, pk->pkcs11ID, encryptedKey.data,
- (CK_ULONG_PTR)(&encryptedKey.len));
- PK11_ExitSlotMonitor(pk->pkcs11Slot);
- if(crv != CKR_OK) {
- rv = SECFailure;
- goto loser;
- }
-
- if(!encryptedKey.len) {
- rv = SECFailure;
- goto loser;
- }
-
- rv = SECITEM_CopyItem(arena, &epki->encryptedData, &encryptedKey);
- if(rv != SECSuccess) {
- goto loser;
- }
-
- rv = SECOID_CopyAlgorithmID(arena, &epki->algorithm, algid);
-
-loser:
- if(pbe_param != NULL) {
- SECITEM_ZfreeItem(pbe_param, PR_TRUE);
- pbe_param = NULL;
- }
-
- if(crypto_param.data != NULL) {
- SECITEM_ZfreeItem(&crypto_param, PR_FALSE);
- crypto_param.data = NULL;
- }
-
- if(key != NULL) {
- PK11_FreeSymKey(key);
- }
-
- if(rv == SECFailure) {
- if(arena != NULL) {
- PORT_FreeArena(arena, PR_TRUE);
- }
- epki = NULL;
- }
-
- return epki;
-}
-
-
-/*
- * This is required to allow FORTEZZA_NULL and FORTEZZA_RC4
- * working. This function simply gets a valid IV for the keys.
- */
-SECStatus
-PK11_GenerateFortezzaIV(PK11SymKey *symKey,unsigned char *iv,int len)
-{
- CK_MECHANISM mech_info;
- CK_ULONG count = 0;
- CK_RV crv;
- SECStatus rv = SECFailure;
-
- mech_info.mechanism = CKM_SKIPJACK_CBC64;
- mech_info.pParameter = iv;
- mech_info.ulParameterLen = len;
-
- /* generate the IV for fortezza */
- PK11_EnterSlotMonitor(symKey->slot);
- crv=PK11_GETTAB(symKey->slot)->C_EncryptInit(symKey->slot->session,
- &mech_info, symKey->objectID);
- if (crv == CKR_OK) {
- PK11_GETTAB(symKey->slot)->C_EncryptFinal(symKey->slot->session,
- NULL, &count);
- rv = SECSuccess;
- }
- PK11_ExitSlotMonitor(symKey->slot);
- return rv;
-}
-
-SECKEYPrivateKey *
-PK11_UnwrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey,
- CK_MECHANISM_TYPE wrapType, SECItem *param,
- SECItem *wrappedKey, SECItem *label,
- SECItem *idValue, PRBool perm, PRBool sensitive,
- CK_KEY_TYPE keyType, CK_ATTRIBUTE_TYPE *usage, int usageCount,
- void *wincx)
-{
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
- CK_ATTRIBUTE keyTemplate[15] ;
- int templateCount = 0;
- CK_OBJECT_HANDLE privKeyID;
- CK_MECHANISM mechanism;
- CK_ATTRIBUTE *attrs = keyTemplate;
- SECItem *param_free = NULL, *ck_id;
- CK_RV crv;
- CK_SESSION_HANDLE rwsession;
- PK11SymKey *newKey = NULL;
- int i;
-
- if(!slot || !wrappedKey || !idValue) {
- /* SET AN ERROR!!! */
- return NULL;
- }
-
- ck_id = PK11_MakeIDFromPubKey(idValue);
- if(!ck_id) {
- return NULL;
- }
-
- PK11_SETATTRS(attrs, CKA_TOKEN, perm ? &cktrue : &ckfalse,
- sizeof(cktrue)); attrs++;
- PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass)); attrs++;
- PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType)); attrs++;
- PK11_SETATTRS(attrs, CKA_PRIVATE, sensitive ? &cktrue : &ckfalse,
- sizeof(cktrue)); attrs++;
- PK11_SETATTRS(attrs, CKA_SENSITIVE, sensitive ? &cktrue : &ckfalse,
- sizeof(cktrue)); attrs++;
- PK11_SETATTRS(attrs, CKA_LABEL, label->data, label->len); attrs++;
- PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len); attrs++;
- for (i=0; i < usageCount; i++) {
- PK11_SETATTRS(attrs, usage[i], &cktrue, sizeof(cktrue)); attrs++;
- }
-
- if (PK11_IsInternal(slot)) {
- PK11_SETATTRS(attrs, CKA_NETSCAPE_DB, idValue->data,
- idValue->len); attrs++;
- }
-
- templateCount = attrs - keyTemplate;
- PR_ASSERT(templateCount <= (sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)) );
-
- mechanism.mechanism = wrapType;
- if(!param) param = param_free= PK11_ParamFromIV(wrapType, NULL);
- if(param) {
- mechanism.pParameter = param->data;
- mechanism.ulParameterLen = param->len;
- } else {
- mechanism.pParameter = NULL;
- mechanism.ulParameterLen = 0;
- }
-
- if (wrappingKey->slot != slot) {
- newKey = pk11_CopyToSlot(slot,wrapType,CKA_WRAP,wrappingKey);
- } else {
- newKey = PK11_ReferenceSymKey(wrappingKey);
- }
-
- if (newKey) {
- if (perm) {
- rwsession = PK11_GetRWSession(slot);
- } else {
- rwsession = slot->session;
- }
- crv = PK11_GETTAB(slot)->C_UnwrapKey(rwsession, &mechanism,
- newKey->objectID,
- wrappedKey->data,
- wrappedKey->len, keyTemplate,
- templateCount, &privKeyID);
-
- if (perm) PK11_RestoreROSession(slot, rwsession);
- PK11_FreeSymKey(newKey);
- } else {
- crv = CKR_FUNCTION_NOT_SUPPORTED;
- }
-
- if(ck_id) {
- SECITEM_FreeItem(ck_id, PR_TRUE);
- ck_id = NULL;
- }
-
- if (crv != CKR_OK) {
- /* we couldn't unwrap the key, use the internal module to do the
- * unwrap, then load the new key into the token */
- PK11SlotInfo *int_slot = PK11_GetInternalSlot();
-
- if (int_slot && (slot != int_slot)) {
- SECKEYPrivateKey *privKey = PK11_UnwrapPrivKey(int_slot,
- wrappingKey, wrapType, param, wrappedKey, label,
- idValue, PR_FALSE, PR_FALSE,
- keyType, usage, usageCount, wincx);
- if (privKey) {
- SECKEYPrivateKey *newPrivKey = pk11_loadPrivKey(slot,privKey,
- NULL,perm,sensitive);
- SECKEY_DestroyPrivateKey(privKey);
- PK11_FreeSlot(int_slot);
- return newPrivKey;
- }
- }
- if (int_slot) PK11_FreeSlot(int_slot);
- PORT_SetError( PK11_MapError(crv) );
- return NULL;
- }
- return PK11_MakePrivKey(slot, nullKey, PR_FALSE, privKeyID, wincx);
-}
-
-#define ALLOC_BLOCK 10
-
-/*
- * Now we're going to wrap a SECKEYPrivateKey with a PK11SymKey
- * The strategy is to get both keys to reside in the same slot,
- * one that can perform the desired crypto mechanism and then
- * call C_WrapKey after all the setup has taken place.
- */
-SECStatus
-PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey,
- SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType,
- SECItem *param, SECItem *wrappedKey, void *wincx)
-{
- PK11SlotInfo *privSlot = privKey->pkcs11Slot; /* The slot where
- * the private key
- * we are going to
- * wrap lives.
- */
- PK11SymKey *newSymKey = NULL;
- SECKEYPrivateKey *newPrivKey = NULL;
- SECItem *param_free = NULL;
- CK_ULONG len = wrappedKey->len;
- CK_MECHANISM mech;
- CK_RV crv;
-
- if (!privSlot || !PK11_DoesMechanism(privSlot, wrapType)) {
- /* Figure out a slot that does the mechanism and try to import
- * the private key onto that slot.
- */
- PK11SlotInfo *int_slot = PK11_GetInternalSlot();
-
- privSlot = int_slot; /* The private key has a new home */
- newPrivKey = pk11_loadPrivKey(privSlot,privKey,NULL,PR_FALSE,PR_FALSE);
- if (newPrivKey == NULL) {
- PK11_FreeSlot (int_slot);
- return SECFailure;
- }
- privKey = newPrivKey;
- }
-
- if (privSlot != wrappingKey->slot) {
- newSymKey = pk11_CopyToSlot (privSlot, wrapType, CKA_WRAP,
- wrappingKey);
- wrappingKey = newSymKey;
- }
-
- if (wrappingKey == NULL) {
- if (newPrivKey) {
- SECKEY_DestroyPrivateKey(newPrivKey);
- }
- return SECFailure;
- }
- mech.mechanism = wrapType;
- if (!param) {
- param = param_free = PK11_ParamFromIV(wrapType, NULL);
- }
- if (param) {
- mech.pParameter = param->data;
- mech.ulParameterLen = param->len;
- } else {
- mech.pParameter = NULL;
- mech.ulParameterLen = 0;
- }
-
- PK11_EnterSlotMonitor(privSlot);
- crv = PK11_GETTAB(privSlot)->C_WrapKey(privSlot->session, &mech,
- wrappingKey->objectID,
- privKey->pkcs11ID,
- wrappedKey->data, &len);
- PK11_ExitSlotMonitor(privSlot);
-
- if (newSymKey) {
- PK11_FreeSymKey(newSymKey);
- }
- if (newPrivKey) {
- SECKEY_DestroyPrivateKey(newPrivKey);
- }
-
- if (crv != CKR_OK) {
- PORT_SetError( PK11_MapError(crv) );
- return SECFailure;
- }
-
- wrappedKey->len = len;
- return SECSuccess;
-}
-
-void
-PK11_SetFortezzaHack(PK11SymKey *symKey) {
- symKey->origin = PK11_OriginFortezzaHack;
-}
-
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
deleted file mode 100644
index 6c7cb4296..000000000
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ /dev/null
@@ -1,4312 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Deal with PKCS #11 Slots.
- */
-#include "seccomon.h"
-#include "secmod.h"
-#include "prlock.h"
-#include "secmodi.h"
-#include "pkcs11t.h"
-#include "pk11func.h"
-#include "cert.h"
-#include "key.h"
-#include "secitem.h"
-#include "secder.h"
-#include "secasn1.h"
-#include "secoid.h"
-#include "prtime.h"
-#include "prlong.h"
-#include "secerr.h"
-
-/*************************************************************
- * local static and global data
- *************************************************************/
-
-/*
- * This array helps parsing between names, mechanisms, and flags.
- * to make the config files understand more entries, add them
- * to this table. (NOTE: we need function to export this table and it's size)
- */
-PK11DefaultArrayEntry PK11_DefaultArray[] = {
- { "RSA", SECMOD_RSA_FLAG, CKM_RSA_PKCS },
- { "DSA", SECMOD_DSA_FLAG, CKM_DSA },
- { "DH", SECMOD_DH_FLAG, CKM_DH_PKCS_DERIVE },
- { "RC2", SECMOD_RC2_FLAG, CKM_RC2_CBC },
- { "RC4", SECMOD_RC4_FLAG, CKM_RC4 },
- { "DES", SECMOD_DES_FLAG, CKM_DES_CBC },
- { "RC5", SECMOD_RC5_FLAG, CKM_RC5_CBC },
- { "SHA-1", SECMOD_SHA1_FLAG, CKM_SHA_1 },
- { "MD5", SECMOD_MD5_FLAG, CKM_MD5 },
- { "MD2", SECMOD_MD2_FLAG, CKM_MD2 },
- { "SSL", SECMOD_SSL_FLAG, CKM_SSL3_PRE_MASTER_KEY_GEN },
- { "TLS", SECMOD_TLS_FLAG, CKM_TLS_MASTER_KEY_DERIVE },
- { "SKIPJACK", SECMOD_FORTEZZA_FLAG, CKM_SKIPJACK_CBC64 },
- { "Publicly-readable certs", SECMOD_FRIENDLY_FLAG, CKM_INVALID_MECHANISM },
- { "Random Num Generator", SECMOD_RANDOM_FLAG, CKM_FAKE_RANDOM },
-};
-int num_pk11_default_mechanisms = sizeof(PK11_DefaultArray) / sizeof(PK11_DefaultArray[0]);
-
-/*
- * These slotlists are lists of modules which provide default support for
- * a given algorithm or mechanism.
- */
-static PK11SlotList pk11_desSlotList,
- pk11_rc4SlotList,
- pk11_rc2SlotList,
- pk11_rc5SlotList,
- pk11_sha1SlotList,
- pk11_md5SlotList,
- pk11_md2SlotList,
- pk11_rsaSlotList,
- pk11_dsaSlotList,
- pk11_dhSlotList,
- pk11_ideaSlotList,
- pk11_sslSlotList,
- pk11_tlsSlotList,
- pk11_randomSlotList;
-
-/*
- * Tables used for Extended mechanism mapping (currently not used)
- */
-typedef struct {
- CK_MECHANISM_TYPE keyGen;
- CK_KEY_TYPE keyType;
- CK_MECHANISM_TYPE type;
- int blockSize;
- int iv;
-} pk11MechanismData;
-
-static pk11MechanismData pk11_default =
- { CKM_GENERIC_SECRET_KEY_GEN, CKK_GENERIC_SECRET, CKM_FAKE_RANDOM, 8, 8 };
-static pk11MechanismData *pk11_MechanismTable = NULL;
-static int pk11_MechTableSize = 0;
-static int pk11_MechEntrySize = 0;
-
-/*
- * list of mechanisms we're willing to wrap secret keys with.
- * This list is ordered by preference.
- */
-CK_MECHANISM_TYPE wrapMechanismList[] = {
- CKM_DES3_ECB,
- CKM_CAST5_ECB,
- CKM_DES_ECB,
- CKM_KEY_WRAP_LYNKS,
- CKM_IDEA_ECB,
- CKM_CAST3_ECB,
- CKM_CAST_ECB,
- CKM_RC5_ECB,
- CKM_RC2_ECB,
- CKM_CDMF_ECB,
- CKM_SKIPJACK_WRAP,
-};
-
-int wrapMechanismCount = sizeof(wrapMechanismList)/sizeof(wrapMechanismList[0]);
-
-/*
- * This structure keeps track of status that spans all the Slots.
- * NOTE: This is a global data structure. It semantics expect thread crosstalk
- * be very careful when you see it used.
- * It's major purpose in life is to allow the user to log in one PER
- * Tranaction, even if a transaction spans threads. The problem is the user
- * may have to enter a password one just to be able to look at the
- * personalities/certificates (s)he can use. Then if Auth every is one, they
- * may have to enter the password again to use the card. See PK11_StartTransac
- * and PK11_EndTransaction.
- */
-static struct PK11GlobalStruct {
- int transaction;
- PRBool inTransaction;
- char *(*getPass)(PK11SlotInfo *,PRBool,void *);
- PRBool (*verifyPass)(PK11SlotInfo *,void *);
- PRBool (*isLoggedIn)(PK11SlotInfo *,void *);
-} PK11_Global = { 1, PR_FALSE, NULL, NULL, NULL };
-
-/************************************************************
- * Generic Slot List and Slot List element manipulations
- ************************************************************/
-
-/*
- * allocate a new list
- */
-PK11SlotList *
-PK11_NewSlotList(void)
-{
- PK11SlotList *list;
-
- list = (PK11SlotList *)PORT_Alloc(sizeof(PK11SlotList));
- if (list == NULL) return NULL;
- list->head = NULL;
- list->tail = NULL;
-#ifdef PKCS11_USE_THREADS
- list->lock = PR_NewLock();
- if (list->lock == NULL) {
- PORT_Free(list);
- return NULL;
- }
-#else
- list->lock = NULL;
-#endif
-
- return list;
-}
-
-/*
- * free a list element when all the references go away.
- */
-static void
-pk11_FreeListElement(PK11SlotList *list, PK11SlotListElement *le)
-{
- PRBool freeit = PR_FALSE;
-
- PK11_USE_THREADS(PR_Lock((PRLock *)(list->lock));)
- if (le->refCount-- == 1) {
- freeit = PR_TRUE;
- }
- PK11_USE_THREADS(PR_Unlock((PRLock *)(list->lock));)
- if (freeit) {
- PK11_FreeSlot(le->slot);
- PORT_Free(le);
- }
-}
-
-/*
- * if we are freeing the list, we must be the only ones with a pointer
- * to the list.
- */
-void
-PK11_FreeSlotList(PK11SlotList *list)
-{
- PK11SlotListElement *le, *next ;
- if (list == NULL) return;
-
- for (le = list->head ; le; le = next) {
- next = le->next;
- pk11_FreeListElement(list,le);
- }
- PK11_USE_THREADS(PR_DestroyLock((PRLock *)(list->lock));)
- PORT_Free(list);
-}
-
-/*
- * add a slot to a list
- */
-SECStatus
-PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot)
-{
- PK11SlotListElement *le;
-
- le = (PK11SlotListElement *) PORT_Alloc(sizeof(PK11SlotListElement));
- if (le == NULL) return SECFailure;
-
- le->slot = PK11_ReferenceSlot(slot);
- le->prev = NULL;
- le->refCount = 1;
- PK11_USE_THREADS(PR_Lock((PRLock *)(list->lock));)
- if (list->head) list->head->prev = le; else list->tail = le;
- le->next = list->head;
- list->head = le;
- PK11_USE_THREADS(PR_Unlock((PRLock *)(list->lock));)
-
- return SECSuccess;
-}
-
-/*
- * remove a slot entry from the list
- */
-SECStatus
-PK11_DeleteSlotFromList(PK11SlotList *list,PK11SlotListElement *le)
-{
- PK11_USE_THREADS(PR_Lock((PRLock *)(list->lock));)
- if (le->prev) le->prev->next = le->next; else list->head = le->next;
- if (le->next) le->next->prev = le->prev; else list->tail = le->prev;
- le->next = le->prev = NULL;
- PK11_USE_THREADS(PR_Unlock((PRLock *)(list->lock));)
- pk11_FreeListElement(list,le);
- return SECSuccess;
-}
-
-/*
- * Move a list to the end of the target list. NOTE: There is no locking
- * here... This assumes BOTH lists are private copy lists.
- */
-SECStatus
-PK11_MoveListToList(PK11SlotList *target,PK11SlotList *src)
-{
- if (src->head == NULL) return SECSuccess;
-
- if (target->tail == NULL) {
- target->head = src->head;
- } else {
- target->tail->next = src->head;
- }
- src->head->prev = target->tail;
- target->tail = src->tail;
- src->head = src->tail = NULL;
- return SECSuccess;
-}
-
-/*
- * get an element from the list with a reference. You must own the list.
- */
-PK11SlotListElement *
-PK11_GetFirstRef(PK11SlotList *list)
-{
- PK11SlotListElement *le;
-
- le = list->head;
- if (le != NULL) (le)->refCount++;
- return le;
-}
-
-/*
- * get the next element from the list with a reference. You must own the list.
- */
-PK11SlotListElement *
-PK11_GetNextRef(PK11SlotList *list, PK11SlotListElement *le, PRBool restart)
-{
- PK11SlotListElement *new_le;
- new_le = le->next;
- if (new_le) new_le->refCount++;
- pk11_FreeListElement(list,le);
- return new_le;
-}
-
-/*
- * get an element safely from the list. This just makes sure that if
- * this element is not deleted while we deal with it.
- */
-PK11SlotListElement *
-PK11_GetFirstSafe(PK11SlotList *list)
-{
- PK11SlotListElement *le;
-
- PK11_USE_THREADS(PR_Lock((PRLock *)(list->lock));)
- le = list->head;
- if (le != NULL) (le)->refCount++;
- PK11_USE_THREADS(PR_Unlock((PRLock *)(list->lock));)
- return le;
-}
-
-/*
- * NOTE: if this element gets deleted, we can no longer safely traverse using
- * it's pointers. We can either terminate the loop, or restart from the
- * beginning. This is controlled by the restart option.
- */
-PK11SlotListElement *
-PK11_GetNextSafe(PK11SlotList *list, PK11SlotListElement *le, PRBool restart)
-{
- PK11SlotListElement *new_le;
- PK11_USE_THREADS(PR_Lock((PRLock *)(list->lock));)
- new_le = le->next;
- if (le->next == NULL) {
- /* if the prev and next fields are NULL then either this element
- * has been removed and we need to walk the list again (if restart
- * is true) or this was the only element on the list */
- if ((le->prev == NULL) && restart && (list->head != le)) {
- new_le = list->head;
- }
- }
- if (new_le) new_le->refCount++;
- PK11_USE_THREADS(PR_Unlock((PRLock *)(list->lock));)
- pk11_FreeListElement(list,le);
- return new_le;
-}
-
-
-/*
- * Find the element that holds this slot
- */
-PK11SlotListElement *
-PK11_FindSlotElement(PK11SlotList *list,PK11SlotInfo *slot)
-{
- PK11SlotListElement *le;
-
- for (le = PK11_GetFirstSafe(list); le;
- le = PK11_GetNextSafe(list,le,PR_TRUE)) {
- if (le->slot == slot) return le;
- }
- return NULL;
-}
-
-/************************************************************
- * Generic Slot Utilities
- ************************************************************/
-/*
- * Create a new slot structure
- */
-PK11SlotInfo *
-PK11_NewSlotInfo(void)
-{
- PK11SlotInfo *slot;
-
- slot = (PK11SlotInfo *)PORT_Alloc(sizeof(PK11SlotInfo));
- if (slot == NULL) return slot;
-
-#ifdef PKCS11_USE_THREADS
- slot->refLock = PR_NewLock();
- if (slot->refLock == NULL) {
- PORT_Free(slot);
- return slot;
- }
- slot->sessionLock = PR_NewLock();
- if (slot->sessionLock == NULL) {
- PR_DestroyLock(slot->refLock);
- PORT_Free(slot);
- return slot;
- }
- slot->freeListLock = PR_NewLock();
- if (slot->freeListLock == NULL) {
- PR_DestroyLock(slot->sessionLock);
- PR_DestroyLock(slot->refLock);
- PORT_Free(slot);
- return slot;
- }
-#else
- slot->sessionLock = NULL;
- slot->refLock = NULL;
- slot->freeListLock = NULL;
-#endif
- slot->freeSymKeysHead = NULL;
- slot->keyCount = 0;
- slot->maxKeyCount = 0;
- slot->functionList = NULL;
- slot->needTest = PR_TRUE;
- slot->isPerm = PR_FALSE;
- slot->isHW = PR_FALSE;
- slot->isInternal = PR_FALSE;
- slot->isThreadSafe = PR_FALSE;
- slot->disabled = PR_FALSE;
- slot->series = 0;
- slot->wrapKey = 0;
- slot->wrapMechanism = CKM_INVALID_MECHANISM;
- slot->refKeys[0] = CK_INVALID_KEY;
- slot->reason = PK11_DIS_NONE;
- slot->readOnly = PR_TRUE;
- slot->needLogin = PR_FALSE;
- slot->hasRandom = PR_FALSE;
- slot->defRWSession = PR_FALSE;
- slot->flags = 0;
- slot->session = CK_INVALID_SESSION;
- slot->slotID = 0;
- slot->defaultFlags = 0;
- slot->refCount = 1;
- slot->askpw = 0;
- slot->timeout = 0;
- slot->mechanismList = NULL;
- slot->mechanismCount = 0;
- slot->cert_array = NULL;
- slot->cert_count = 0;
- slot->slot_name[0] = 0;
- slot->token_name[0] = 0;
- PORT_Memset(slot->serial,' ',sizeof(slot->serial));
- slot->module = NULL;
- slot->authTransact = 0;
- slot->authTime = LL_ZERO;
- slot->minPassword = 0;
- slot->maxPassword = 0;
- return slot;
-}
-
-/* create a new reference to a slot so it doesn't go away */
-PK11SlotInfo *
-PK11_ReferenceSlot(PK11SlotInfo *slot)
-{
- PK11_USE_THREADS(PR_Lock(slot->refLock);)
- slot->refCount++;
- PK11_USE_THREADS(PR_Unlock(slot->refLock);)
- return slot;
-}
-
-/* Destroy all info on a slot we have built up */
-void
-PK11_DestroySlot(PK11SlotInfo *slot)
-{
- /* first free up all the sessions on this slot */
- if (slot->functionList) {
- PK11_GETTAB(slot)->C_CloseAllSessions(slot->slotID);
- }
-
- /* now free up all the certificates we grabbed on this slot */
- PK11_FreeSlotCerts(slot);
-
- /* free up the cached keys and sessions */
- PK11_CleanKeyList(slot);
-
- /* finally Tell our parent module that we've gone away so it can unload */
- if (slot->module) {
- SECMOD_SlotDestroyModule(slot->module,PR_TRUE);
- }
-#ifdef PKCS11_USE_THREADS
- if (slot->refLock) {
- PR_DestroyLock(slot->refLock);
- slot->refLock = NULL;
- }
- if (slot->sessionLock) {
- PR_DestroyLock(slot->sessionLock);
- slot->sessionLock = NULL;
- }
- if (slot->freeListLock) {
- PR_DestroyLock(slot->freeListLock);
- slot->freeListLock = NULL;
- }
-#endif
-
- /* ok, well not quit finally... now we free the memory */
- PORT_Free(slot);
-}
-
-
-/* We're all done with the slot, free it */
-void
-PK11_FreeSlot(PK11SlotInfo *slot)
-{
- PRBool freeit = PR_FALSE;
-
- PK11_USE_THREADS(PR_Lock(slot->refLock);)
- if (slot->refCount-- == 1) freeit = PR_TRUE;
- PK11_USE_THREADS(PR_Unlock(slot->refLock);)
-
- if (freeit) PK11_DestroySlot(slot);
-}
-
-void
-PK11_EnterSlotMonitor(PK11SlotInfo *slot) {
- PR_Lock(slot->sessionLock);
-}
-
-void
-PK11_ExitSlotMonitor(PK11SlotInfo *slot) {
- PR_Unlock(slot->sessionLock);
-}
-
-/***********************************************************
- * Functions to find specific slots.
- ***********************************************************/
-PK11SlotInfo *
-PK11_FindSlotByName(char *name)
-{
- SECMODModuleList *mlp;
- SECMODModuleList *modules = SECMOD_GetDefaultModuleList();
- SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
- int i;
- PK11SlotInfo *slot = NULL;
-
- if ((name == NULL) || (*name == 0)) {
- return PK11_GetInternalKeySlot();
- }
-
- /* work through all the slots */
- SECMOD_GetReadLock(moduleLock);
- for(mlp = modules; mlp != NULL; mlp = mlp->next) {
- for (i=0; i < mlp->module->slotCount; i++) {
- PK11SlotInfo *tmpSlot = mlp->module->slots[i];
- if (PK11_IsPresent(tmpSlot)) {
- if (PORT_Strcmp(tmpSlot->token_name,name) == 0) {
- slot = PK11_ReferenceSlot(tmpSlot);
- break;
- }
- }
- }
- if (slot != NULL) break;
- }
- SECMOD_ReleaseReadLock(moduleLock);
-
- if (slot == NULL) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- }
-
- return slot;
-}
-
-
-PK11SlotInfo *
-PK11_FindSlotBySerial(char *serial)
-{
- SECMODModuleList *mlp;
- SECMODModuleList *modules = SECMOD_GetDefaultModuleList();
- SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
- int i;
- PK11SlotInfo *slot = NULL;
-
- /* work through all the slots */
- SECMOD_GetReadLock(moduleLock);
- for(mlp = modules; mlp != NULL; mlp = mlp->next) {
- for (i=0; i < mlp->module->slotCount; i++) {
- PK11SlotInfo *tmpSlot = mlp->module->slots[i];
- if (PK11_IsPresent(tmpSlot)) {
- if (PORT_Memcmp(tmpSlot->serial,serial,
- sizeof(tmpSlot->serial)) == 0) {
- slot = PK11_ReferenceSlot(tmpSlot);
- break;
- }
- }
- }
- if (slot != NULL) break;
- }
- SECMOD_ReleaseReadLock(moduleLock);
-
- if (slot == NULL) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- }
-
- return slot;
-}
-
-
-
-
-/***********************************************************
- * Password Utilities
- ***********************************************************/
-/*
- * Check the user's password. Log into the card if it's correct.
- * succeed if the user is already logged in.
- */
-SECStatus
-pk11_CheckPassword(PK11SlotInfo *slot,char *pw)
-{
- int len = PORT_Strlen(pw);
- CK_RV crv;
- SECStatus rv;
- int64 currtime = PR_Now();
-
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_Login(slot->session,CKU_USER,
- (unsigned char *)pw,len);
- PK11_ExitSlotMonitor(slot);
- switch (crv) {
- /* if we're already logged in, we're good to go */
- case CKR_OK:
- slot->authTransact = PK11_Global.transaction;
- case CKR_USER_ALREADY_LOGGED_IN:
- slot->authTime = currtime;
- rv = SECSuccess;
- break;
- case CKR_PIN_INCORRECT:
- PORT_SetError(SEC_ERROR_BAD_PASSWORD);
- rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
- break;
- default:
- PORT_SetError(PK11_MapError(crv));
- rv = SECFailure; /* some failure we can't fix by retrying */
- }
- return rv;
-}
-
-/*
- * Check the user's password. Logout before hand to make sure that
- * we are really checking the password.
- */
-SECStatus
-PK11_CheckUserPassword(PK11SlotInfo *slot,char *pw)
-{
- int len = PORT_Strlen(pw);
- CK_RV crv;
- SECStatus rv;
- int64 currtime = PR_Now();
-
- /* force a logout */
- PK11_EnterSlotMonitor(slot);
- PK11_GETTAB(slot)->C_Logout(slot->session);
-
- crv = PK11_GETTAB(slot)->C_Login(slot->session,CKU_USER,
- (unsigned char *)pw,len);
- PK11_ExitSlotMonitor(slot);
- switch (crv) {
- /* if we're already logged in, we're good to go */
- case CKR_OK:
- slot->authTransact = PK11_Global.transaction;
- slot->authTime = currtime;
- rv = SECSuccess;
- break;
- case CKR_PIN_INCORRECT:
- PORT_SetError(SEC_ERROR_BAD_PASSWORD);
- rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
- break;
- default:
- PORT_SetError(PK11_MapError(crv));
- rv = SECFailure; /* some failure we can't fix by retrying */
- }
- return rv;
-}
-
-SECStatus
-PK11_Logout(PK11SlotInfo *slot)
-{
- CK_RV crv;
-
- /* force a logout */
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_Logout(slot->session);
- PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * transaction stuff is for when we test for the need to do every
- * time auth to see if we already did it for this slot/transaction
- */
-void PK11_StartAuthTransaction(void)
-{
-PK11_Global.transaction++;
-PK11_Global.inTransaction = PR_TRUE;
-}
-
-void PK11_EndAuthTransaction(void)
-{
-PK11_Global.transaction++;
-PK11_Global.inTransaction = PR_FALSE;
-}
-
-/*
- * before we do a private key op, we check to see if we
- * need to reauthenticate.
- */
-void
-PK11_HandlePasswordCheck(PK11SlotInfo *slot,void *wincx)
-{
- int askpw = slot->askpw;
- PRBool NeedAuth = PR_FALSE;
-
- if (!slot->needLogin) return;
-
- if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) {
- PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
-
- if (def_slot) {
- askpw = def_slot->askpw;
- PK11_FreeSlot(def_slot);
- }
- }
-
- /* timeouts are handled by isLoggedIn */
- if (!PK11_IsLoggedIn(slot,wincx)) {
- NeedAuth = PR_TRUE;
- } else if (slot->askpw == -1) {
- if (!PK11_Global.inTransaction ||
- (PK11_Global.transaction != slot->authTransact)) {
- PK11_EnterSlotMonitor(slot);
- PK11_GETTAB(slot)->C_Logout(slot->session);
- PK11_ExitSlotMonitor(slot);
- NeedAuth = PR_TRUE;
- }
- }
- if (NeedAuth) PK11_DoPassword(slot,PR_TRUE,wincx);
-}
-
-void
-PK11_SlotDBUpdate(PK11SlotInfo *slot)
-{
- SECMOD_AddPermDB(slot->module);
-}
-
-/*
- * set new askpw and timeout values
- */
-void
-PK11_SetSlotPWValues(PK11SlotInfo *slot,int askpw, int timeout)
-{
- slot->askpw = askpw;
- slot->timeout = timeout;
- slot->defaultFlags |= PK11_OWN_PW_DEFAULTS;
- PK11_SlotDBUpdate(slot);
-}
-
-/*
- * Get the askpw and timeout values for this slot
- */
-void
-PK11_GetSlotPWValues(PK11SlotInfo *slot,int *askpw, int *timeout)
-{
- *askpw = slot->askpw;
- *timeout = slot->timeout;
-
- if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) {
- PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
-
- if (def_slot) {
- *askpw = def_slot->askpw;
- *timeout = def_slot->timeout;
- PK11_FreeSlot(def_slot);
- }
- }
-}
-
-/*
- * make sure a slot is authenticated...
- */
-SECStatus
-PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) {
- if (slot->needLogin && !PK11_IsLoggedIn(slot,wincx)) {
- return PK11_DoPassword(slot,loadCerts,wincx);
- }
- return SECSuccess;
-}
-
-/*
- * notification stub. If we ever get interested in any events that
- * the pkcs11 functions may pass back to use, we can catch them here...
- * currently pdata is a slotinfo structure.
- */
-CK_RV pk11_notify(CK_SESSION_HANDLE session, CK_NOTIFICATION event,
- CK_VOID_PTR pdata)
-{
- return CKR_OK;
-}
-
-
-/*
- * grab a new RW session
- * !!! has a side effect of grabbing the Monitor if either the slot's default
- * session is RW or the slot is not thread safe. Monitor is release in function
- * below
- */
-CK_SESSION_HANDLE PK11_GetRWSession(PK11SlotInfo *slot)
-{
- CK_SESSION_HANDLE rwsession;
- CK_RV crv;
-
- if (!slot->isThreadSafe || slot->defRWSession) PK11_EnterSlotMonitor(slot);
- if (slot->defRWSession) return slot->session;
-
- crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
- CKF_RW_SESSION|CKF_SERIAL_SESSION,
- slot, pk11_notify,&rwsession);
- if (crv == CKR_SESSION_COUNT) {
- PK11_GETTAB(slot)->C_CloseSession(slot->session);
- slot->session = CK_INVALID_SESSION;
- crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
- CKF_RW_SESSION|CKF_SERIAL_SESSION,
- slot,pk11_notify,&rwsession);
- }
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- if (slot->session == CK_INVALID_SESSION) {
- PK11_GETTAB(slot)->C_OpenSession(slot->slotID,CKF_SERIAL_SESSION,
- slot,pk11_notify,&slot->session);
- }
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- return CK_INVALID_SESSION;
- }
-
- return rwsession;
-}
-
-PRBool
-PK11_RWSessionHasLock(PK11SlotInfo *slot,CK_SESSION_HANDLE session_handle) {
- return (PRBool)(!slot->isThreadSafe || slot->defRWSession);
-}
-
-/*
- * close the rwsession and restore our readonly session
- * !!! has a side effect of releasing the Monitor if either the slot's default
- * session is RW or the slot is not thread safe.
- */
-void
-PK11_RestoreROSession(PK11SlotInfo *slot,CK_SESSION_HANDLE rwsession)
-{
- if (slot->defRWSession) {
- PK11_ExitSlotMonitor(slot);
- return;
- }
- PK11_GETTAB(slot)->C_CloseSession(rwsession);
- if (slot->session == CK_INVALID_SESSION) {
- PK11_GETTAB(slot)->C_OpenSession(slot->slotID,CKF_SERIAL_SESSION,
- slot,pk11_notify,&slot->session);
- }
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
-}
-
-/*
- * NOTE: this assumes that we are logged out of the card before hand
- */
-SECStatus
-PK11_CheckSSOPassword(PK11SlotInfo *slot, char *ssopw)
-{
- CK_SESSION_HANDLE rwsession;
- CK_RV crv;
- SECStatus rv = SECFailure;
- int len = PORT_Strlen(ssopw);
-
- /* get a rwsession */
- rwsession = PK11_GetRWSession(slot);
- if (rwsession == CK_INVALID_SESSION) return rv;
-
- /* check the password */
- crv = PK11_GETTAB(slot)->C_Login(rwsession,CKU_SO,
- (unsigned char *)ssopw,len);
- switch (crv) {
- /* if we're already logged in, we're good to go */
- case CKR_OK:
- rv = SECSuccess;
- break;
- case CKR_PIN_INCORRECT:
- PORT_SetError(SEC_ERROR_BAD_PASSWORD);
- rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
- break;
- default:
- PORT_SetError(PK11_MapError(crv));
- rv = SECFailure; /* some failure we can't fix by retrying */
- }
- PK11_GETTAB(slot)->C_Logout(rwsession);
- /* release rwsession */
- PK11_RestoreROSession(slot,rwsession);
- return rv;
-}
-
-/*
- * make sure the password conforms to your token's requirements.
- */
-SECStatus
-PK11_VerifyPW(PK11SlotInfo *slot,char *pw)
-{
- int len = PORT_Strlen(pw);
-
- if ((slot->minPassword > len) || (slot->maxPassword < len)) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * initialize a user PIN Value
- */
-SECStatus
-PK11_InitPin(PK11SlotInfo *slot,char *ssopw, char *userpw)
-{
- CK_SESSION_HANDLE rwsession = CK_INVALID_SESSION;
- CK_RV crv;
- SECStatus rv = SECFailure;
- int len;
- int ssolen;
-
- if (userpw == NULL) userpw = "";
- if (ssopw == NULL) ssopw = "";
-
- len = PORT_Strlen(userpw);
- ssolen = PORT_Strlen(ssopw);
-
- /* get a rwsession */
- rwsession = PK11_GetRWSession(slot);
- if (rwsession == CK_INVALID_SESSION) goto done;
-
- /* check the password */
- crv = PK11_GETTAB(slot)->C_Login(rwsession,CKU_SO,
- (unsigned char *)ssopw,ssolen);
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- goto done;
- }
-
- crv = PK11_GETTAB(slot)->C_InitPIN(rwsession,(unsigned char *)userpw,len);
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- } else {
- rv = SECSuccess;
- }
-
-done:
- PK11_GETTAB(slot)->C_Logout(rwsession);
- PK11_RestoreROSession(slot,rwsession);
- if (rv == SECSuccess) {
- /* update our view of the world */
- PK11_InitToken(slot,PR_TRUE);
- PK11_EnterSlotMonitor(slot);
- PK11_GETTAB(slot)->C_Login(slot->session,CKU_USER,
- (unsigned char *)userpw,len);
- PK11_ExitSlotMonitor(slot);
- }
- return rv;
-}
-
-/*
- * Change an existing user password
- */
-SECStatus
-PK11_ChangePW(PK11SlotInfo *slot,char *oldpw, char *newpw)
-{
- CK_RV crv;
- SECStatus rv = SECFailure;
- int newLen;
- int oldLen;
- CK_SESSION_HANDLE rwsession;
-
- if (newpw == NULL) newpw = "";
- if (oldpw == NULL) oldpw = "";
- newLen = PORT_Strlen(newpw);
- oldLen = PORT_Strlen(oldpw);
-
- /* get a rwsession */
- rwsession = PK11_GetRWSession(slot);
-
- crv = PK11_GETTAB(slot)->C_SetPIN(rwsession,
- (unsigned char *)oldpw,oldLen,(unsigned char *)newpw,newLen);
- if (crv == CKR_OK) {
- rv = SECSuccess;
- } else {
- PORT_SetError(PK11_MapError(crv));
- }
-
- PK11_RestoreROSession(slot,rwsession);
-
- /* update our view of the world */
- PK11_InitToken(slot,PR_TRUE);
- return rv;
-}
-
-static char *
-pk11_GetPassword(PK11SlotInfo *slot, PRBool retry, void * wincx)
-{
- if (PK11_Global.getPass == NULL) return NULL;
- return (*PK11_Global.getPass)(slot, retry, wincx);
-}
-
-void
-PK11_SetPasswordFunc(PK11PasswordFunc func)
-{
- PK11_Global.getPass = func;
-}
-
-void
-PK11_SetVerifyPasswordFunc(PK11VerifyPasswordFunc func)
-{
- PK11_Global.verifyPass = func;
-}
-
-void
-PK11_SetIsLoggedInFunc(PK11IsLoggedInFunc func)
-{
- PK11_Global.isLoggedIn = func;
-}
-
-
-/*
- * authenticate to a slot. This loops until we can't recover, the user
- * gives up, or we succeed. If we're already logged in and this function
- * is called we will still prompt for a password, but we will probably
- * succeed no matter what the password was (depending on the implementation
- * of the PKCS 11 module.
- */
-SECStatus
-PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx)
-{
- SECStatus rv = SECFailure;
- char * password;
- PRBool attempt = PR_FALSE;
-
- if (PK11_NeedUserInit(slot)) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
-
-
- /*
- * Central server type applications which control access to multiple
- * slave applications to single crypto devices need to virtuallize the
- * login state. This is done by a callback out of PK11_IsLoggedIn and
- * here. If we are actually logged in, then we got here because the
- * higher level code told us that the particular client application may
- * still need to be logged in. If that is the case, we simply tell the
- * server code that it should now verify the clients password and tell us
- * the results.
- */
- if (PK11_IsLoggedIn(slot,NULL) &&
- (PK11_Global.verifyPass != NULL)) {
- if (!PK11_Global.verifyPass(slot,wincx)) {
- PORT_SetError(SEC_ERROR_BAD_PASSWORD);
- return SECFailure;
- }
- return SECSuccess;
- }
-
- /* get the password. This can drop out of the while loop
- * for the following reasons:
- * (1) the user refused to enter a password.
- * (return error to caller)
- * (2) the token user password is disabled [usually due to
- * too many failed authentication attempts].
- * (return error to caller)
- * (3) the password was successful.
- */
- while ((password = pk11_GetPassword(slot, attempt, wincx)) != NULL) {
- attempt = PR_TRUE;
- rv = pk11_CheckPassword(slot,password);
- PORT_Memset(password, 0, PORT_Strlen(password));
- PORT_Free(password);
- if (rv != SECWouldBlock) break;
- }
- if (rv == SECSuccess) {
- if ((loadCerts) && (!slot->isInternal) && (slot->cert_count == 0)) {
- PK11_ReadSlotCerts(slot);
- }
- rv = pk11_CheckVerifyTest(slot);
- } else if (!attempt) PORT_SetError(SEC_ERROR_BAD_PASSWORD);
- return rv;
-}
-
-void PK11_LogoutAll(void)
-{
- SECMODListLock *lock = SECMOD_GetDefaultModuleListLock();
- SECMODModuleList *modList = SECMOD_GetDefaultModuleList();
- SECMODModuleList *mlp = NULL;
- int i;
-
- SECMOD_GetReadLock(lock);
- /* find the number of entries */
- for (mlp = modList; mlp != NULL; mlp = mlp->next) {
- for (i=0; i < mlp->module->slotCount; i++) {
- PK11_Logout(mlp->module->slots[i]);
- }
- }
-
- SECMOD_ReleaseReadLock(lock);
-}
-
-int
-PK11_GetMinimumPwdLength(PK11SlotInfo *slot)
-{
- return ((int)slot->minPassword);
-}
-
-/************************************************************
- * Manage the built-In Slot Lists
- ************************************************************/
-
-/* Init the static built int slot list (should actually integrate
- * with PK11_NewSlotList */
-static void
-pk11_initSlotList(PK11SlotList *list)
-{
-#ifdef PKCS11_USE_THREADS
- list->lock = PR_NewLock();
-#else
- list->lock = NULL;
-#endif
- list->head = NULL;
-}
-
-/* initialize the system slotlists */
-SECStatus
-PK11_InitSlotLists(void)
-{
- pk11_initSlotList(&pk11_desSlotList);
- pk11_initSlotList(&pk11_rc4SlotList);
- pk11_initSlotList(&pk11_rc2SlotList);
- pk11_initSlotList(&pk11_rc5SlotList);
- pk11_initSlotList(&pk11_md5SlotList);
- pk11_initSlotList(&pk11_md2SlotList);
- pk11_initSlotList(&pk11_sha1SlotList);
- pk11_initSlotList(&pk11_rsaSlotList);
- pk11_initSlotList(&pk11_dsaSlotList);
- pk11_initSlotList(&pk11_dhSlotList);
- pk11_initSlotList(&pk11_ideaSlotList);
- pk11_initSlotList(&pk11_sslSlotList);
- pk11_initSlotList(&pk11_tlsSlotList);
- pk11_initSlotList(&pk11_randomSlotList);
- return SECSuccess;
-}
-
-/* return a system slot list based on mechanism */
-PK11SlotList *
-PK11_GetSlotList(CK_MECHANISM_TYPE type)
-{
- switch (type) {
- case CKM_DES_CBC:
- case CKM_DES_ECB:
- case CKM_DES3_ECB:
- case CKM_DES3_CBC:
- return &pk11_desSlotList;
- case CKM_RC4:
- return &pk11_rc4SlotList;
- case CKM_RC5_CBC:
- return &pk11_rc5SlotList;
- case CKM_SHA_1:
- return &pk11_sha1SlotList;
- case CKM_MD5:
- return &pk11_md5SlotList;
- case CKM_MD2:
- return &pk11_md2SlotList;
- case CKM_RC2_ECB:
- case CKM_RC2_CBC:
- return &pk11_rc2SlotList;
- case CKM_RSA_PKCS:
- case CKM_RSA_PKCS_KEY_PAIR_GEN:
- case CKM_RSA_X_509:
- return &pk11_rsaSlotList;
- case CKM_DSA:
- return &pk11_dsaSlotList;
- case CKM_DH_PKCS_KEY_PAIR_GEN:
- case CKM_DH_PKCS_DERIVE:
- return &pk11_dhSlotList;
- case CKM_SSL3_PRE_MASTER_KEY_GEN:
- case CKM_SSL3_MASTER_KEY_DERIVE:
- case CKM_SSL3_SHA1_MAC:
- case CKM_SSL3_MD5_MAC:
- return &pk11_sslSlotList;
- case CKM_TLS_MASTER_KEY_DERIVE:
- case CKM_TLS_KEY_AND_MAC_DERIVE:
- return &pk11_tlsSlotList;
- case CKM_IDEA_CBC:
- case CKM_IDEA_ECB:
- return &pk11_ideaSlotList;
- case CKM_FAKE_RANDOM:
- return &pk11_randomSlotList;
- }
- return NULL;
-}
-
-/*
- * load the static SlotInfo structures used to select a PKCS11 slot.
- * preSlotInfo has a list of all the default flags for the slots on this
- * module.
- */
-void
-PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count)
-{
- int i;
-
- for (i=0; i < count; i++) {
- if (psi[i].slotID == slot->slotID)
- break;
- }
-
- if (i == count) return;
-
- slot->defaultFlags = psi[i].defaultFlags;
- slot->askpw = psi[i].askpw;
- slot->timeout = psi[i].timeout;
-
- /* if the slot is already disabled, don't load them into the
- * default slot lists. We get here so we can save the default
- * list value. */
- if (slot->disabled) return;
-
- /* if the user has disabled us, don't load us in */
- if (slot->defaultFlags & PK11_DISABLE_FLAG) {
- slot->disabled = PR_TRUE;
- slot->reason = PK11_DIS_USER_SELECTED;
- /* free up sessions and things?? */
- return;
- }
-
- for (i=0; i < sizeof(PK11_DefaultArray)/sizeof(PK11_DefaultArray[0]);
- i++) {
- if (slot->defaultFlags & PK11_DefaultArray[i].flag) {
- CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;
- PK11SlotList *slotList = PK11_GetSlotList(mechanism);
-
- if (slotList) PK11_AddSlotToList(slotList,slot);
- }
- }
-
- return;
-}
-
-
-/*
- * update a slot to its new attribute according to the slot list
- * returns: SECSuccess if nothing to do or add/delete is successful
- */
-SECStatus
-PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry,
- PRBool add)
- /* add: PR_TRUE if want to turn on */
-{
- SECStatus result = SECSuccess;
- PK11SlotList *slotList = PK11_GetSlotList(entry->mechanism);
-
- if (add) { /* trying to turn on a mechanism */
-
- /* turn on the default flag in the slot */
- slot->defaultFlags |= entry->flag;
-
- /* add this slot to the list */
- if (slotList!=NULL)
- result = PK11_AddSlotToList(slotList, slot);
-
- } else { /* trying to turn off */
-
- /* turn OFF the flag in the slot */
- slot->defaultFlags &= ~entry->flag;
-
- if (slotList) {
- /* find the element in the list & delete it */
- PK11SlotListElement *le = PK11_FindSlotElement(slotList, slot);
-
- /* remove the slot from the list */
- if (le)
- result = PK11_DeleteSlotFromList(slotList, le);
- }
- }
- return result;
-}
-
-/*
- * clear a slot off of all of it's default list
- */
-void
-PK11_ClearSlotList(PK11SlotInfo *slot)
-{
- int i;
-
- if (slot->disabled) return;
- if (slot->defaultFlags == 0) return;
-
- for (i=0; i < sizeof(PK11_DefaultArray)/sizeof(PK11_DefaultArray[0]);
- i++) {
- if (slot->defaultFlags & PK11_DefaultArray[i].flag) {
- CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;
- PK11SlotList *slotList = PK11_GetSlotList(mechanism);
- PK11SlotListElement *le = NULL;
-
- if (slotList) le = PK11_FindSlotElement(slotList,slot);
-
- if (le) {
- PK11_DeleteSlotFromList(slotList,le);
- pk11_FreeListElement(slotList,le);
- }
- }
- }
-}
-
-
-/******************************************************************
- * Slot initialization
- ******************************************************************/
-/*
- * turn a PKCS11 Static Label into a string
- */
-char *
-PK11_MakeString(PRArenaPool *arena,char *space,
- char *staticString,int stringLen)
-{
- int i;
- char *newString;
- for(i=(stringLen-1); i >= 0; i--) {
- if (staticString[i] != ' ') break;
- }
- /* move i to point to the last space */
- i++;
- if (arena) {
- newString = (char*)PORT_ArenaAlloc(arena,i+1 /* space for NULL */);
- } else if (space) {
- newString = space;
- } else {
- newString = (char*)PORT_Alloc(i+1 /* space for NULL */);
- }
- if (newString == NULL) return NULL;
-
- if (i) PORT_Memcpy(newString,staticString, i);
- newString[i] = 0;
-
- return newString;
-}
-
-/*
- * verify that slot implements Mechanism mech properly by checking against
- * our internal implementation
- */
-PRBool
-PK11_VerifyMechanism(PK11SlotInfo *slot,PK11SlotInfo *intern,
- CK_MECHANISM_TYPE mech, SECItem *data, SECItem *iv)
-{
- PK11Context *test = NULL, *reference = NULL;
- PK11SymKey *symKey = NULL, *testKey = NULL;
- SECItem *param = NULL;
- unsigned char encTest[8];
- unsigned char encRef[8];
- int outLenTest,outLenRef;
- int key_size = 0;
- SECStatus rv;
-
- if ((mech == CKM_RC2_CBC) || (mech == CKM_RC2_ECB) || (mech == CKM_RC4)) {
- key_size = 16;
- }
-
- /* initialize the mechanism parameter */
- param = PK11_ParamFromIV(mech,iv);
- if (param == NULL) goto loser;
-
- /* load the keys and contexts */
- symKey = PK11_KeyGen(intern,mech,NULL, key_size, NULL);
- if (symKey == NULL) goto loser;
-
- reference = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, symKey, param);
- if (reference == NULL) goto loser;
-
- testKey = pk11_CopyToSlot(slot, mech, CKA_ENCRYPT, symKey);
- if (testKey == NULL) goto loser;
-
- test = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, testKey, param);
- if (test == NULL) goto loser;
- SECITEM_FreeItem(param,PR_TRUE); param = NULL;
-
- /* encrypt the test data */
- rv = PK11_CipherOp(test,encTest,&outLenTest,sizeof(encTest),
- data->data,data->len);
- if (rv != SECSuccess) goto loser;
- rv = PK11_CipherOp(reference,encRef,&outLenRef,sizeof(encRef),
- data->data,data->len);
- if (rv != SECSuccess) goto loser;
-
- PK11_DestroyContext(reference,PR_TRUE); reference = NULL;
- PK11_DestroyContext(test,PR_TRUE); test = NULL;
-
- if (outLenTest != outLenRef) goto loser;
- if (PORT_Memcmp(encTest, encRef, outLenTest) != 0) goto loser;
-
- return PR_TRUE;
-
-loser:
- if (test) PK11_DestroyContext(test,PR_TRUE);
- if (symKey) PK11_FreeSymKey(symKey);
- if (testKey) PK11_FreeSymKey(testKey);
- if (reference) PK11_DestroyContext(reference,PR_TRUE);
- if (param) SECITEM_FreeItem(param,PR_TRUE);
-
- return PR_FALSE;
-}
-
-/*
- * this code verifies that the advertised mechanisms are what they
- * seem to be.
- */
-#define MAX_MECH_LIST_SIZE 30 /* we only know of about 30 odd mechanisms */
-PRBool
-PK11_VerifySlotMechanisms(PK11SlotInfo *slot)
-{
- CK_MECHANISM_TYPE mechListArray[MAX_MECH_LIST_SIZE];
- CK_MECHANISM_TYPE *mechList = mechListArray;
- static SECItem data;
- static SECItem iv;
- static SECItem key;
- static unsigned char dataV[8];
- static unsigned char ivV[8];
- static unsigned char keyV[8];
- static PRBool generated = PR_FALSE;
- CK_ULONG count;
- int i;
- CK_RV crv;
-
- PRBool alloced = PR_FALSE;
- PK11SlotInfo *intern = PK11_GetInternalSlot();
-
- /* if we couldn't initialize an internal module,
- * we can't check external ones */
- if (intern == NULL) return PR_FALSE;
-
- /* first get the count of mechanisms */
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID,NULL,&count);
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- PK11_FreeSlot(intern);
- return PR_FALSE;
- }
-
-
- /* don't blow up just because the card supports more mechanisms than
- * we know about, just alloc space for them */
- if (count > MAX_MECH_LIST_SIZE) {
- mechList = (CK_MECHANISM_TYPE *)
- PORT_Alloc(count *sizeof(CK_MECHANISM_TYPE));
- alloced = PR_TRUE;
- if (mechList == NULL) return PR_FALSE;
- }
- /* get the list */
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- crv =PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID, mechList, &count);
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- if (alloced) PORT_Free(mechList);
- PK11_FreeSlot(intern);
- return PR_FALSE;
- }
-
- if (!generated) {
- data.data = dataV;
- data.len = sizeof(dataV);
- iv.data = ivV;
- iv.len = sizeof(ivV);
- /* ok, this is a cheat, we know our internal random number generater
- * is thread safe */
- PK11_GETTAB(intern)->C_GenerateRandom(intern->session,
- data.data, data.len);
- PK11_GETTAB(intern)->C_GenerateRandom(intern->session,
- iv.data, iv.len);
- }
- for (i=0; i < (int) count; i++) {
- switch (mechList[i]) {
- case CKM_DES_CBC:
- case CKM_DES_ECB:
- case CKM_RC4:
- case CKM_RC2_CBC:
- case CKM_RC2_ECB:
- if (!PK11_VerifyMechanism(slot,intern,mechList[i],&data,&iv)){
- if (alloced) PORT_Free(mechList);
- PK11_FreeSlot(intern);
- return PR_FALSE;
- }
- }
- }
- if (alloced) PORT_Free(mechList);
- PK11_FreeSlot(intern);
- return PR_TRUE;
-}
-
-/*
- * See if we need to run the verify test, do so if necessary. If we fail,
- * disable the slot.
- */
-SECStatus
-pk11_CheckVerifyTest(PK11SlotInfo *slot)
-{
- PK11_EnterSlotMonitor(slot);
- if (slot->needTest) {
- slot->needTest = PR_FALSE;
- PK11_ExitSlotMonitor(slot);
- if (!PK11_VerifySlotMechanisms(slot)) {
- (void)PK11_GETTAB(slot)->C_CloseSession(slot->session);
- slot->session = CK_INVALID_SESSION;
- PK11_ClearSlotList(slot);
- slot->disabled = PR_TRUE;
- slot->reason = PK11_DIS_TOKEN_VERIFY_FAILED;
- slot->needTest = PR_TRUE;
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
- } else {
- PK11_ExitSlotMonitor(slot);
- }
- return SECSuccess;
-}
-
-/*
- * Reads in the slots mechanism list for later use
- */
-SECStatus
-PK11_ReadMechanismList(PK11SlotInfo *slot)
-{
- CK_ULONG count;
- CK_RV crv;
-
- if (slot->mechanismList) {
- PORT_Free(slot->mechanismList);
- slot->mechanismList = NULL;
- }
- slot->mechanismCount = 0;
-
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID,NULL,&count);
- if (crv != CKR_OK) {
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- PORT_SetError(PK11_MapError(crv));
- return SECFailure;
- }
-
- slot->mechanismList = (CK_MECHANISM_TYPE *)
- PORT_Alloc(count *sizeof(CK_MECHANISM_TYPE));
- if (slot->mechanismList == NULL) {
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- return SECFailure;
- }
- crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID,
- slot->mechanismList, &count);
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- PORT_Free(slot->mechanismList);
- slot->mechanismList = NULL;
- PORT_SetError(PK11_MapError(crv));
- return SECSuccess;
- }
- slot->mechanismCount = count;
- return SECSuccess;
-}
-
-/*
- * initialize a new token
- * unlike initialize slot, this can be called multiple times in the lifetime
- * of NSS. It reads the information associated with a card or token,
- * that is not going to change unless the card or token changes.
- */
-SECStatus
-PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
-{
- CK_TOKEN_INFO tokenInfo;
- CK_RV crv;
- char *tmp;
- SECStatus rv;
-
- /* set the slot flags to the current token values */
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,&tokenInfo);
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- return SECFailure;
- }
-
- /* set the slot flags to the current token values */
- slot->series++; /* allow other objects to detect that the
- * slot is different */
- slot->flags = tokenInfo.flags;
- slot->needLogin = ((tokenInfo.flags & CKF_LOGIN_REQUIRED) ?
- PR_TRUE : PR_FALSE);
- slot->readOnly = ((tokenInfo.flags & CKF_WRITE_PROTECTED) ?
- PR_TRUE : PR_FALSE);
- slot->hasRandom = ((tokenInfo.flags & CKF_RNG) ? PR_TRUE : PR_FALSE);
- tmp = PK11_MakeString(NULL,slot->token_name,
- (char *)tokenInfo.label, sizeof(tokenInfo.label));
- slot->minPassword = tokenInfo.ulMinPinLen;
- slot->maxPassword = tokenInfo.ulMaxPinLen;
- PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial));
-
- slot->defRWSession = (PRBool)((!slot->readOnly) &&
- (tokenInfo.ulMaxSessionCount == 1));
- rv = PK11_ReadMechanismList(slot);
- if (rv != SECSuccess) return rv;
-
- slot->hasRSAInfo = PR_FALSE;
- slot->RSAInfoFlags = 0;
-
- /* initialize the maxKeyCount value */
- if (tokenInfo.ulMaxSessionCount == 0) {
- slot->maxKeyCount = 300; /* should be #define or a config param */
- } else if (tokenInfo.ulMaxSessionCount < 20) {
- /* don't have enough sessions to keep that many keys around */
- slot->maxKeyCount = 0;
- } else {
- slot->maxKeyCount = tokenInfo.ulMaxSessionCount/2;
- }
-
- /* Make sure our session handle is valid */
- if (slot->session == CK_INVALID_SESSION) {
- /* we know we don't have a valid session, go get one */
- CK_SESSION_HANDLE session;
-
- /* session should be Readonly, serial */
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
- (slot->defRWSession ? CKF_RW_SESSION : 0) | CKF_SERIAL_SESSION,
- slot,pk11_notify,&session);
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- return SECFailure;
- }
- slot->session = session;
- } else {
- /* The session we have may be defunct (the token associated with it)
- * has been removed */
- CK_SESSION_INFO sessionInfo;
-
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session,&sessionInfo);
- if (crv == CKR_DEVICE_ERROR) {
- PK11_GETTAB(slot)->C_CloseSession(slot->session);
- crv = CKR_SESSION_CLOSED;
- }
- if ((crv==CKR_SESSION_CLOSED) || (crv==CKR_SESSION_HANDLE_INVALID)) {
- crv =PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
- (slot->defRWSession ? CKF_RW_SESSION : 0) | CKF_SERIAL_SESSION,
- slot,pk11_notify,&slot->session);
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- slot->session = CK_INVALID_SESSION;
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- return SECFailure;
- }
- }
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- }
-
- /*if we have cached slotcerts, free them they are almost certainly stale*/
- PK11_FreeSlotCerts(slot);
-
- if (loadCerts && (!slot->isInternal) &&
- ((!slot->needLogin) || (slot->defaultFlags & SECMOD_FRIENDLY_FLAG))) {
- PK11_ReadSlotCerts(slot);
- }
-
- if (!(slot->needLogin)) {
- return pk11_CheckVerifyTest(slot);
- }
-
-
- if (!(slot->isInternal) && (slot->hasRandom)) {
- /* if this slot has a random number generater, use it to add entropy
- * to the internal slot. */
- PK11SlotInfo *int_slot = PK11_GetInternalSlot();
-
- if (int_slot) {
- unsigned char random_bytes[32];
-
- /* if this slot can issue random numbers, get some entropy from
- * that random number generater and give it to our internal token.
- */
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GenerateRandom
- (slot->session,random_bytes, sizeof(random_bytes));
- PK11_ExitSlotMonitor(slot);
- if (crv == CKR_OK) {
- PK11_EnterSlotMonitor(int_slot);
- PK11_GETTAB(int_slot)->C_SeedRandom(int_slot->session,
- random_bytes, sizeof(random_bytes));
- PK11_ExitSlotMonitor(int_slot);
- }
-
- /* Now return the favor and send entropy to the token's random
- * number generater */
- PK11_EnterSlotMonitor(int_slot);
- crv = PK11_GETTAB(int_slot)->C_GenerateRandom(int_slot->session,
- random_bytes, sizeof(random_bytes));
- PK11_ExitSlotMonitor(int_slot);
- if (crv == CKR_OK) {
- PK11_EnterSlotMonitor(slot);
- PK11_GETTAB(slot)->C_SeedRandom(slot->session,
- random_bytes, sizeof(random_bytes));
- PK11_ExitSlotMonitor(slot);
- }
- }
- }
-
- return SECSuccess;
-}
-
-/*
- * Initialize the slot :
- * This initialization code is called on each slot a module supports when
- * it is loaded. It does the bringup initialization. The difference between
- * this and InitToken is Init slot does those one time initialization stuff,
- * usually associated with the reader, while InitToken may get called multiple
- * times as tokens are removed and re-inserted.
- */
-void
-PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot)
-{
- SECStatus rv;
- char *tmp;
- CK_SLOT_INFO slotInfo;
-
- slot->functionList = mod->functionList;
- slot->isInternal = mod->internal;
- slot->slotID = slotID;
- slot->isThreadSafe = mod->isThreadSafe;
- slot->hasRSAInfo = PR_FALSE;
-
- if (PK11_GETTAB(slot)->C_GetSlotInfo(slotID,&slotInfo) != CKR_OK) {
- slot->disabled = PR_TRUE;
- slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
- return;
- }
-
- /* test to make sure claimed mechanism work */
- slot->needTest = mod->internal ? PR_FALSE : PR_TRUE;
- slot->module = mod; /* NOTE: we don't make a reference here because
- * modules have references to their slots. This
- * works because modules keep implicit references
- * from their slots, and won't unload and disappear
- * until all their slots have been freed */
- tmp = PK11_MakeString(NULL,slot->slot_name,
- (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription));
- slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT);
- if ((slotInfo.flags & CKF_REMOVABLE_DEVICE) == 0) {
- slot->isPerm = PR_TRUE;
- /* permanment slots must have the token present always */
- if ((slotInfo.flags & CKF_TOKEN_PRESENT) == 0) {
- slot->disabled = PR_TRUE;
- slot->reason = PK11_DIS_TOKEN_NOT_PRESENT;
- return; /* nothing else to do */
- }
- }
- /* if the token is present, initialize it */
- if ((slotInfo.flags & CKF_TOKEN_PRESENT) != 0) {
- rv = PK11_InitToken(slot,PR_TRUE);
- /* the only hard failures are on permanent devices, or function
- * verify failures... function verify failures are already handled
- * by tokenInit */
- if ((rv != SECSuccess) && (slot->isPerm) && (!slot->disabled)) {
- slot->disabled = PR_TRUE;
- slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
- }
- }
-}
-
-
-
-/*********************************************************************
- * Slot mapping utility functions.
- *********************************************************************/
-
-/*
- * determine if the token is present. If the token is present, make sure
- * we have a valid session handle. Also set the value of needLogin
- * appropriately.
- */
-static PRBool
-pk11_IsPresentCertLoad(PK11SlotInfo *slot, PRBool loadCerts)
-{
- CK_SLOT_INFO slotInfo;
- CK_SESSION_INFO sessionInfo;
- CK_RV crv;
-
- /* disabled slots are never present */
- if (slot->disabled) {
- return PR_FALSE;
- }
-
- /* permanent slots are always present */
- if (slot->isPerm && (slot->session != CK_INVALID_SESSION)) {
- return PR_TRUE;
- }
-
- /* removable slots have a flag that says they are present */
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- if (PK11_GETTAB(slot)->C_GetSlotInfo(slot->slotID,&slotInfo) != CKR_OK) {
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- return PR_FALSE;
- }
- if ((slotInfo.flags & CKF_TOKEN_PRESENT) == 0) {
- /* if the slot is no longer present, close the session */
- if (slot->session != CK_INVALID_SESSION) {
- PK11_GETTAB(slot)->C_CloseSession(slot->session);
- slot->session = CK_INVALID_SESSION;
- /* force certs to be freed */
- PK11_FreeSlotCerts(slot);
- }
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- return PR_FALSE;
- }
-
- /* use the session Info to determine if the card has been removed and then
- * re-inserted */
- if (slot->session != CK_INVALID_SESSION) {
- crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session, &sessionInfo);
- if (crv != CKR_OK) {
- PK11_GETTAB(slot)->C_CloseSession(slot->session);
- slot->session = CK_INVALID_SESSION;
- PK11_FreeSlotCerts(slot);
- }
- }
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
-
- /* card has not been removed, current token info is correct */
- if (slot->session != CK_INVALID_SESSION) return PR_TRUE;
-
- /* initialize the token info state */
- if (PK11_InitToken(slot,loadCerts) != SECSuccess) {
- return PR_FALSE;
- }
-
- return PR_TRUE;
-}
-
-/*
- * old version of the routine
- */
-PRBool
-PK11_IsPresent(PK11SlotInfo *slot) {
- return pk11_IsPresentCertLoad(slot,PR_TRUE);
-}
-
-/* is the slot disabled? */
-PRBool
-PK11_IsDisabled(PK11SlotInfo *slot)
-{
- return slot->disabled;
-}
-
-/* and why? */
-PK11DisableReasons
-PK11_GetDisabledReason(PK11SlotInfo *slot)
-{
- return slot->reason;
-}
-
-/* returns PR_TRUE if successfully disable the slot */
-/* returns PR_FALSE otherwise */
-PRBool PK11_UserDisableSlot(PK11SlotInfo *slot) {
-
- slot->defaultFlags |= PK11_DISABLE_FLAG;
- slot->disabled = PR_TRUE;
- slot->reason = PK11_DIS_USER_SELECTED;
-
- return PR_TRUE;
-}
-
-PRBool PK11_UserEnableSlot(PK11SlotInfo *slot) {
-
- slot->defaultFlags &= ~PK11_DISABLE_FLAG;
- slot->disabled = PR_FALSE;
- slot->reason = PK11_DIS_NONE;
- return PR_TRUE;
-}
-
-/* Get the module this slot is attatched to */
-SECMODModule *
-PK11_GetModule(PK11SlotInfo *slot)
-{
- return slot->module;
-}
-
-/* returnt the default flags of a slot */
-unsigned long
-PK11_GetDefaultFlags(PK11SlotInfo *slot)
-{
- return slot->defaultFlags;
-}
-
-/*
- * we can initialize the password if 1) The toke is not inited
- * (need login == true and see need UserInit) or 2) the token has
- * a NULL password. (slot->needLogin = false & need user Init = false).
- */
-PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot)
-{
- if (slot->needLogin && PK11_NeedUserInit(slot)) {
- return PR_TRUE;
- }
- if (!slot->needLogin && !PK11_NeedUserInit(slot)) {
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-PRBool PK11_NeedPWInit()
-{
- PK11SlotInfo *slot = PK11_GetInternalKeySlot();
- PRBool ret = PK11_NeedPWInitForSlot(slot);
-
- PK11_FreeSlot(slot);
- return ret;
-}
-
-/*
- * The following wrapper functions allow us to export an opaque slot
- * function to the rest of libsec and the world... */
-PRBool
-PK11_IsReadOnly(PK11SlotInfo *slot)
-{
- return slot->readOnly;
-}
-
-PRBool
-PK11_IsHW(PK11SlotInfo *slot)
-{
- return slot->isHW;
-}
-
-PRBool
-PK11_IsInternal(PK11SlotInfo *slot)
-{
- return slot->isInternal;
-}
-
-PRBool
-PK11_NeedLogin(PK11SlotInfo *slot)
-{
- return slot->needLogin;
-}
-
-PRBool
-PK11_IsFriendly(PK11SlotInfo *slot)
-{
- /* internal slot always has public readable certs */
- return (PRBool)(slot->isInternal ||
- ((slot->defaultFlags & SECMOD_FRIENDLY_FLAG) ==
- SECMOD_FRIENDLY_FLAG));
-}
-
-char *
-PK11_GetTokenName(PK11SlotInfo *slot)
-{
- return slot->token_name;
-}
-
-char *
-PK11_GetSlotName(PK11SlotInfo *slot)
-{
- return slot->slot_name;
-}
-
-int
-PK11_GetSlotSeries(PK11SlotInfo *slot)
-{
- return slot->series;
-}
-
-int
-PK11_GetCurrentWrapIndex(PK11SlotInfo *slot)
-{
- return slot->wrapKey;
-}
-
-CK_SLOT_ID
-PK11_GetSlotID(PK11SlotInfo *slot)
-{
- return slot->slotID;
-}
-
-SECMODModuleID
-PK11_GetModuleID(PK11SlotInfo *slot)
-{
- return slot->module->moduleID;
-}
-
-
-/* return the slot info structure */
-SECStatus
-PK11_GetSlotInfo(PK11SlotInfo *slot, CK_SLOT_INFO *info)
-{
- CK_RV crv;
-
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetSlotInfo(slot->slotID,info);
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/* return the token info structure */
-SECStatus
-PK11_GetTokenInfo(PK11SlotInfo *slot, CK_TOKEN_INFO *info)
-{
- CK_RV crv;
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,info);
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/* Find out if we need to initialize the user's pin */
-PRBool
-PK11_NeedUserInit(PK11SlotInfo *slot)
-{
- return (PRBool)((slot->flags & CKF_USER_PIN_INITIALIZED) == 0);
-}
-
-/* get the internal key slot. FIPS has only one slot for both key slots and
- * default slots */
-PK11SlotInfo *
-PK11_GetInternalKeySlot(void)
-{
- SECMODModule *mod = SECMOD_GetInternalModule();
- return PK11_ReferenceSlot(mod->isFIPS ? mod->slots[0] : mod->slots[1]);
-}
-
-/* get the internal default slot */
-PK11SlotInfo *
-PK11_GetInternalSlot(void)
-{
- return PK11_ReferenceSlot(SECMOD_GetInternalModule()->slots[0]);
-}
-
-/*
- * Determine if the token is logged in. We have to actually query the token,
- * because it's state can change without intervention from us.
- */
-PRBool
-PK11_IsLoggedIn(PK11SlotInfo *slot,void *wincx)
-{
- CK_SESSION_INFO sessionInfo;
- int askpw = slot->askpw;
- int timeout = slot->timeout;
- CK_RV crv;
-
- /* If we don't have our own password default values, use the system
- * ones */
- if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) {
- PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
-
- if (def_slot) {
- askpw = def_slot->askpw;
- timeout = def_slot->timeout;
- PK11_FreeSlot(def_slot);
- }
- }
-
- if ((wincx != NULL) && (PK11_Global.isLoggedIn != NULL) &&
- (*PK11_Global.isLoggedIn)(slot, wincx) == PR_FALSE) { return PR_FALSE; }
-
-
- /* forget the password if we've been inactive too long */
- if (askpw == 1) {
- int64 currtime = PR_Now();
- int64 result;
- int64 mult;
-
- LL_I2L(result, timeout);
- LL_I2L(mult, 60*1000*1000);
- LL_MUL(result,result,mult);
- LL_ADD(result, result, slot->authTime);
- if (LL_CMP(result, <, currtime) ) {
- PK11_EnterSlotMonitor(slot);
- PK11_GETTAB(slot)->C_Logout(slot->session);
- PK11_ExitSlotMonitor(slot);
- } else {
- slot->authTime = currtime;
- }
- }
-
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session,&sessionInfo);
- PK11_ExitSlotMonitor(slot);
- /* if we can't get session info, something is really wrong */
- if (crv != CKR_OK) {
- slot->session = CK_INVALID_SESSION;
- return PR_FALSE;
- }
-
- switch (sessionInfo.state) {
- case CKS_RW_PUBLIC_SESSION:
- case CKS_RO_PUBLIC_SESSION:
- default:
- break; /* fail */
- case CKS_RW_USER_FUNCTIONS:
- case CKS_RW_SO_FUNCTIONS:
- case CKS_RO_USER_FUNCTIONS:
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-
-/*
- * check if a given slot supports the requested mechanism
- */
-PRBool
-PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type)
-{
- int i;
-
- /* CKM_FAKE_RANDOM is not a real PKCS mechanism. It's a marker to
- * tell us we're looking form someone that has implemented get
- * random bits */
- if (type == CKM_FAKE_RANDOM) {
- return slot->hasRandom;
- }
-
- for (i=0; i < (int) slot->mechanismCount; i++) {
- if (slot->mechanismList[i] == type) return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-/*
- * Return true if a token that can do the desired mechanism exists.
- * This allows us to have hardware tokens that can do function XYZ magically
- * allow SSL Ciphers to appear if they are plugged in.
- */
-PRBool
-PK11_TokenExists(CK_MECHANISM_TYPE type)
-{
- SECMODModuleList *mlp;
- SECMODModuleList *modules = SECMOD_GetDefaultModuleList();
- SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
- PK11SlotInfo *slot;
- PRBool found = PR_FALSE;
- int i;
-
- /* we only need to know if there is a token that does this mechanism.
- * check the internal module first because it's fast, and supports
- * almost everything. */
- slot = PK11_GetInternalSlot();
- if (slot) {
- found = PK11_DoesMechanism(slot,type);
- PK11_FreeSlot(slot);
- }
- if (found) return PR_TRUE; /* bypass getting module locks */
-
- SECMOD_GetReadLock(moduleLock);
- for(mlp = modules; mlp != NULL && (!found); mlp = mlp->next) {
- for (i=0; i < mlp->module->slotCount; i++) {
- slot = mlp->module->slots[i];
- if (PK11_IsPresent(slot)) {
- if (PK11_DoesMechanism(slot,type)) {
- found = PR_TRUE;
- break;
- }
- }
- }
- }
- SECMOD_ReleaseReadLock(moduleLock);
- return found;
-}
-
-/*
- * get all the currently available tokens in a list.
- * that can perform the given mechanism. If mechanism is CKM_INVALID_MECHANISM,
- * get all the tokens. Make sure tokens that need authentication are put at
- * the end of this list.
- */
-PK11SlotList *
-PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts,
- void *wincx)
-{
- PK11SlotList * list = PK11_NewSlotList();
- PK11SlotList * loginList = PK11_NewSlotList();
- PK11SlotList * friendlyList = PK11_NewSlotList();
- SECMODModuleList * mlp;
- SECMODModuleList * modules = SECMOD_GetDefaultModuleList();
- SECMODListLock * moduleLock = SECMOD_GetDefaultModuleListLock();
- int i;
-#if defined( XP_WIN32 )
- int j = 0;
- PRInt32 waste[16];
-#endif
-
- if ((list == NULL) || (loginList == NULL) || (friendlyList == NULL)) {
- if (list) PK11_FreeSlotList(list);
- if (loginList) PK11_FreeSlotList(loginList);
- if (friendlyList) PK11_FreeSlotList(friendlyList);
- return NULL;
- }
-
- SECMOD_GetReadLock(moduleLock);
- for(mlp = modules; mlp != NULL; mlp = mlp->next) {
-
-#if defined( XP_WIN32 )
- /* This is works around some horrible cache/page thrashing problems
- ** on Win32. Without this, this loop can take up to 6 seconds at
- ** 100% CPU on a Pentium-Pro 200. The thing this changes is to
- ** increase the size of the stack frame and modify it.
- ** Moving the loop code itself seems to have no effect.
- ** Dunno why this combination makes a difference, but it does.
- */
- waste[ j & 0xf] = j++;
-#endif
-
- for (i = 0; i < mlp->module->slotCount; i++) {
- PK11SlotInfo *slot = mlp->module->slots[i];
-
- if (pk11_IsPresentCertLoad(slot, loadCerts)) {
- if (needRW && slot->readOnly) continue;
- if ((type == CKM_INVALID_MECHANISM)
- || PK11_DoesMechanism(slot, type)) {
- if (slot->needLogin && !PK11_IsLoggedIn(slot, wincx)) {
- if (PK11_IsFriendly(slot)) {
- PK11_AddSlotToList(friendlyList, slot);
- } else {
- PK11_AddSlotToList(loginList, slot);
- }
- } else {
- PK11_AddSlotToList(list, slot);
- }
- }
- }
- }
- }
- SECMOD_ReleaseReadLock(moduleLock);
-
- PK11_MoveListToList(list,friendlyList);
- PK11_FreeSlotList(friendlyList);
- PK11_MoveListToList(list,loginList);
- PK11_FreeSlotList(loginList);
-
- return list;
-}
-
-/*
- * NOTE: This routine is working from a private List generated by
- * PK11_GetAllTokens. That is why it does not need to lock.
- */
-PK11SlotList *
-PK11_GetPrivateKeyTokens(CK_MECHANISM_TYPE type,PRBool needRW,void *wincx)
-{
- PK11SlotList *list = PK11_GetAllTokens(type,needRW,PR_TRUE,wincx);
- PK11SlotListElement *le, *next ;
- SECStatus rv;
-
- if (list == NULL) return list;
-
- for (le = list->head ; le; le = next) {
- next = le->next; /* save the pointer here in case we have to
- * free the element later */
- rv = PK11_Authenticate(le->slot,PR_TRUE,wincx);
- if (rv != SECSuccess) {
- PK11_DeleteSlotFromList(list,le);
- continue;
- }
- }
- return list;
-}
-
-
-/*
- * find the best slot which supports the given
- * Mechanism. In normal cases this should grab the first slot on the list
- * with no fuss.
- */
-PK11SlotInfo *
-PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type, int mech_count, void *wincx)
-{
- PK11SlotList *list = NULL;
- PK11SlotListElement *le ;
- PK11SlotInfo *slot = NULL;
- PRBool freeit = PR_FALSE;
- PRBool listNeedLogin = PR_FALSE;
- int i;
- SECStatus rv;
-
- list = PK11_GetSlotList(type[0]);
-
- if ((list == NULL) || (list->head == NULL)) {
- /* We need to look up all the tokens for the mechanism */
- list = PK11_GetAllTokens(type[0],PR_FALSE,PR_TRUE,wincx);
- freeit = PR_TRUE;
- }
-
- /* no one can do it! */
- if (list == NULL) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- return NULL;
- }
-
- PORT_SetError(0);
-
-
- listNeedLogin = PR_FALSE;
- for (i=0; i < mech_count; i++) {
- if ((type[i] != CKM_FAKE_RANDOM) && (type[i] != CKM_SHA_1) &&
- (type[i] != CKM_MD5) && (type[i] != CKM_MD2)) {
- listNeedLogin = PR_TRUE;
- break;
- }
- }
-
- for (le = PK11_GetFirstSafe(list); le;
- le = PK11_GetNextSafe(list,le,PR_TRUE)) {
- if (PK11_IsPresent(le->slot)) {
- PRBool doExit = PR_FALSE;
- for (i=0; i < mech_count; i++) {
- if (!PK11_DoesMechanism(le->slot,type[i])) {
- doExit = PR_TRUE;
- break;
- }
- }
- if (doExit) continue;
-
- if (listNeedLogin && le->slot->needLogin) {
- rv = PK11_Authenticate(le->slot,PR_TRUE,wincx);
- if (rv != SECSuccess) continue;
- }
- slot = le->slot;
- PK11_ReferenceSlot(slot);
- pk11_FreeListElement(list,le);
- if (freeit) { PK11_FreeSlotList(list); }
- return slot;
- }
- }
- if (freeit) { PK11_FreeSlotList(list); }
- if (PORT_GetError() == 0) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- }
- return NULL;
-}
-
-/* original get best slot now calls the multiple version with only one type */
-PK11SlotInfo *
-PK11_GetBestSlot(CK_MECHANISM_TYPE type, void *wincx)
-{
- return PK11_GetBestSlotMultiple(&type, 1, wincx);
-}
-
-/*
- * find the best key wrap mechanism for this slot.
- */
-CK_MECHANISM_TYPE
-PK11_GetBestWrapMechanism(PK11SlotInfo *slot)
-{
- int i;
- for (i=0; i < wrapMechanismCount; i++) {
- if (PK11_DoesMechanism(slot,wrapMechanismList[i])) {
- return wrapMechanismList[i];
- }
- }
- return CKM_INVALID_MECHANISM;
-}
-
-int
-PK11_GetBestKeyLength(PK11SlotInfo *slot,CK_MECHANISM_TYPE mechanism)
-{
- CK_MECHANISM_INFO mechanism_info;
- CK_RV crv;
-
- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
- mechanism,&mechanism_info);
- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) return 0;
-
- if (mechanism_info.ulMinKeySize == mechanism_info.ulMaxKeySize)
- return 0;
- return mechanism_info.ulMaxKeySize;
-}
-
-
-/*********************************************************************
- * Mechanism Mapping functions
- *********************************************************************/
-
-/*
- * lookup an entry in the mechanism table. If none found, return the
- * default structure.
- */
-static pk11MechanismData *
-pk11_lookup(CK_MECHANISM_TYPE type)
-{
- int i;
- for (i=0; i < pk11_MechEntrySize; i++) {
- if (pk11_MechanismTable[i].type == type) {
- return (&pk11_MechanismTable[i]);
- }
- }
- return &pk11_default;
-}
-
-/*
- * NOTE: This is not thread safe. Called at init time, and when loading
- * a new Entry. It is reasonably safe as long as it is not re-entered
- * (readers will always see a consistant table)
- *
- * This routine is called to add entries to the mechanism table, once there,
- * they can not be removed.
- */
-void
-PK11_AddMechanismEntry(CK_MECHANISM_TYPE type, CK_KEY_TYPE key,
- CK_MECHANISM_TYPE keyGen, int ivLen, int blockSize)
-{
- int tableSize = pk11_MechTableSize;
- int size = pk11_MechEntrySize;
- int entry = size++;
- pk11MechanismData *old = pk11_MechanismTable;
- pk11MechanismData *newt = pk11_MechanismTable;
-
-
- if (size > tableSize) {
- int oldTableSize = tableSize;
- tableSize += 10;
- newt = (pk11MechanismData *)
- PORT_Alloc(tableSize*sizeof(pk11MechanismData));
- if (newt == NULL) return;
-
- if (old) PORT_Memcpy(newt,old,oldTableSize*sizeof(pk11MechanismData));
- } else old = NULL;
-
- newt[entry].type = type;
- newt[entry].keyType = key;
- newt[entry].keyGen = keyGen;
- newt[entry].iv = ivLen;
- newt[entry].blockSize = blockSize;
-
- pk11_MechanismTable = newt;
- pk11_MechTableSize = tableSize;
- pk11_MechEntrySize = size;
- if (old) PORT_Free(old);
-}
-
-/*
- * Get the key type needed for the given mechanism
- */
-CK_MECHANISM_TYPE
-PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len)
-{
- switch (type) {
- case CKM_DES_ECB:
- case CKM_DES_CBC:
- case CKM_DES_MAC:
- case CKM_DES_MAC_GENERAL:
- case CKM_DES_CBC_PAD:
- case CKM_DES_KEY_GEN:
- case CKM_KEY_WRAP_LYNKS:
- case CKM_PBE_MD2_DES_CBC:
- case CKM_PBE_MD5_DES_CBC:
- return CKK_DES;
- case CKM_DES3_ECB:
- case CKM_DES3_CBC:
- case CKM_DES3_MAC:
- case CKM_DES3_MAC_GENERAL:
- case CKM_DES3_CBC_PAD:
- return (len == 128) ? CKK_DES2 : CKK_DES3;
- case CKM_DES2_KEY_GEN:
- case CKM_PBE_SHA1_DES2_EDE_CBC:
- return CKK_DES2;
- case CKM_PBE_SHA1_DES3_EDE_CBC:
- case CKM_DES3_KEY_GEN:
- return CKK_DES3;
- case CKM_CDMF_ECB:
- case CKM_CDMF_CBC:
- case CKM_CDMF_MAC:
- case CKM_CDMF_MAC_GENERAL:
- case CKM_CDMF_CBC_PAD:
- case CKM_CDMF_KEY_GEN:
- return CKK_CDMF;
- case CKM_RC2_ECB:
- case CKM_RC2_CBC:
- case CKM_RC2_MAC:
- case CKM_RC2_MAC_GENERAL:
- case CKM_RC2_CBC_PAD:
- case CKM_RC2_KEY_GEN:
- case CKM_PBE_SHA1_RC2_128_CBC:
- case CKM_PBE_SHA1_RC2_40_CBC:
- return CKK_RC2;
- case CKM_RC4:
- case CKM_RC4_KEY_GEN:
- return CKK_RC4;
- case CKM_RC5_ECB:
- case CKM_RC5_CBC:
- case CKM_RC5_MAC:
- case CKM_RC5_MAC_GENERAL:
- case CKM_RC5_CBC_PAD:
- case CKM_RC5_KEY_GEN:
- return CKK_RC5;
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- case CKM_SKIPJACK_KEY_GEN:
- case CKM_SKIPJACK_WRAP:
- case CKM_SKIPJACK_PRIVATE_WRAP:
- return CKK_SKIPJACK;
- case CKM_BATON_ECB128:
- case CKM_BATON_ECB96:
- case CKM_BATON_CBC128:
- case CKM_BATON_COUNTER:
- case CKM_BATON_SHUFFLE:
- case CKM_BATON_WRAP:
- case CKM_BATON_KEY_GEN:
- return CKK_BATON;
- case CKM_JUNIPER_ECB128:
- case CKM_JUNIPER_CBC128:
- case CKM_JUNIPER_COUNTER:
- case CKM_JUNIPER_SHUFFLE:
- case CKM_JUNIPER_WRAP:
- case CKM_JUNIPER_KEY_GEN:
- return CKK_JUNIPER;
- case CKM_IDEA_CBC:
- case CKM_IDEA_ECB:
- case CKM_IDEA_MAC:
- case CKM_IDEA_MAC_GENERAL:
- case CKM_IDEA_CBC_PAD:
- case CKM_IDEA_KEY_GEN:
- return CKK_IDEA;
- case CKM_CAST_ECB:
- case CKM_CAST_CBC:
- case CKM_CAST_MAC:
- case CKM_CAST_MAC_GENERAL:
- case CKM_CAST_CBC_PAD:
- case CKM_CAST_KEY_GEN:
- case CKM_PBE_MD5_CAST_CBC:
- return CKK_CAST;
- case CKM_CAST3_ECB:
- case CKM_CAST3_CBC:
- case CKM_CAST3_MAC:
- case CKM_CAST3_MAC_GENERAL:
- case CKM_CAST3_CBC_PAD:
- case CKM_CAST3_KEY_GEN:
- case CKM_PBE_MD5_CAST3_CBC:
- return CKK_CAST3;
- case CKM_CAST5_ECB:
- case CKM_CAST5_CBC:
- case CKM_CAST5_MAC:
- case CKM_CAST5_MAC_GENERAL:
- case CKM_CAST5_CBC_PAD:
- case CKM_CAST5_KEY_GEN:
- case CKM_PBE_MD5_CAST5_CBC:
- return CKK_CAST5;
- case CKM_RSA_PKCS:
- case CKM_RSA_9796:
- case CKM_RSA_X_509:
- case CKM_MD2_RSA_PKCS:
- case CKM_MD5_RSA_PKCS:
- case CKM_SHA1_RSA_PKCS:
- case CKM_KEY_WRAP_SET_OAEP:
- case CKM_RSA_PKCS_KEY_PAIR_GEN:
- return CKK_RSA;
- case CKM_DSA:
- case CKM_DSA_SHA1:
- case CKM_DSA_KEY_PAIR_GEN:
- return CKK_DSA;
- case CKM_DH_PKCS_DERIVE:
- case CKM_DH_PKCS_KEY_PAIR_GEN:
- return CKK_DH;
- case CKM_KEA_KEY_DERIVE:
- case CKM_KEA_KEY_PAIR_GEN:
- return CKK_KEA;
- case CKM_ECDSA_KEY_PAIR_GEN:
- case CKM_ECDSA:
- case CKM_ECDSA_SHA1:
- return CKK_ECDSA;
- case CKM_SSL3_PRE_MASTER_KEY_GEN:
- case CKM_GENERIC_SECRET_KEY_GEN:
- case CKM_SSL3_MASTER_KEY_DERIVE:
- case CKM_SSL3_KEY_AND_MAC_DERIVE:
- case CKM_SSL3_SHA1_MAC:
- case CKM_SSL3_MD5_MAC:
- case CKM_TLS_MASTER_KEY_DERIVE:
- case CKM_TLS_KEY_AND_MAC_DERIVE:
- case CKM_SHA_1_HMAC:
- case CKM_SHA_1_HMAC_GENERAL:
- case CKM_MD2_HMAC:
- case CKM_MD2_HMAC_GENERAL:
- case CKM_MD5_HMAC:
- case CKM_MD5_HMAC_GENERAL:
- case CKM_TLS_PRF_GENERAL:
- return CKK_GENERIC_SECRET;
- default:
- return pk11_lookup(type)->keyType;
- }
-}
-
-/*
- * Get the Key Gen Mechanism needed for the given
- * crypto mechanism
- */
-CK_MECHANISM_TYPE
-PK11_GetKeyGen(CK_MECHANISM_TYPE type)
-{
- switch (type) {
- case CKM_DES_ECB:
- case CKM_DES_CBC:
- case CKM_DES_MAC:
- case CKM_DES_MAC_GENERAL:
- case CKM_KEY_WRAP_LYNKS:
- case CKM_DES_CBC_PAD:
- return CKM_DES_KEY_GEN;
- case CKM_DES3_ECB:
- case CKM_DES3_CBC:
- case CKM_DES3_MAC:
- case CKM_DES3_MAC_GENERAL:
- case CKM_DES3_CBC_PAD:
- return CKM_DES3_KEY_GEN;
- case CKM_CDMF_ECB:
- case CKM_CDMF_CBC:
- case CKM_CDMF_MAC:
- case CKM_CDMF_MAC_GENERAL:
- case CKM_CDMF_CBC_PAD:
- return CKM_CDMF_KEY_GEN;
- case CKM_RC2_ECB:
- case CKM_RC2_CBC:
- case CKM_RC2_MAC:
- case CKM_RC2_MAC_GENERAL:
- case CKM_RC2_CBC_PAD:
- return CKM_RC2_KEY_GEN;
- case CKM_RC4:
- return CKM_RC4_KEY_GEN;
- case CKM_RC5_ECB:
- case CKM_RC5_CBC:
- case CKM_RC5_MAC:
- case CKM_RC5_MAC_GENERAL:
- case CKM_RC5_CBC_PAD:
- return CKM_RC5_KEY_GEN;
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- case CKM_SKIPJACK_WRAP:
- return CKM_SKIPJACK_KEY_GEN;
- case CKM_BATON_ECB128:
- case CKM_BATON_ECB96:
- case CKM_BATON_CBC128:
- case CKM_BATON_COUNTER:
- case CKM_BATON_SHUFFLE:
- case CKM_BATON_WRAP:
- return CKM_BATON_KEY_GEN;
- case CKM_JUNIPER_ECB128:
- case CKM_JUNIPER_CBC128:
- case CKM_JUNIPER_COUNTER:
- case CKM_JUNIPER_SHUFFLE:
- case CKM_JUNIPER_WRAP:
- return CKM_JUNIPER_KEY_GEN;
- case CKM_IDEA_CBC:
- case CKM_IDEA_ECB:
- case CKM_IDEA_MAC:
- case CKM_IDEA_MAC_GENERAL:
- case CKM_IDEA_CBC_PAD:
- return CKM_IDEA_KEY_GEN;
- case CKM_CAST_ECB:
- case CKM_CAST_CBC:
- case CKM_CAST_MAC:
- case CKM_CAST_MAC_GENERAL:
- case CKM_CAST_CBC_PAD:
- return CKM_CAST_KEY_GEN;
- case CKM_CAST3_ECB:
- case CKM_CAST3_CBC:
- case CKM_CAST3_MAC:
- case CKM_CAST3_MAC_GENERAL:
- case CKM_CAST3_CBC_PAD:
- return CKM_CAST3_KEY_GEN;
- case CKM_CAST5_ECB:
- case CKM_CAST5_CBC:
- case CKM_CAST5_MAC:
- case CKM_CAST5_MAC_GENERAL:
- case CKM_CAST5_CBC_PAD:
- return CKM_CAST5_KEY_GEN;
- case CKM_RSA_PKCS:
- case CKM_RSA_9796:
- case CKM_RSA_X_509:
- case CKM_MD2_RSA_PKCS:
- case CKM_MD5_RSA_PKCS:
- case CKM_SHA1_RSA_PKCS:
- case CKM_KEY_WRAP_SET_OAEP:
- return CKM_RSA_PKCS_KEY_PAIR_GEN;
- case CKM_DSA:
- case CKM_DSA_SHA1:
- return CKM_DSA_KEY_PAIR_GEN;
- case CKM_DH_PKCS_DERIVE:
- return CKM_DH_PKCS_KEY_PAIR_GEN;
- case CKM_KEA_KEY_DERIVE:
- return CKM_KEA_KEY_PAIR_GEN;
- case CKM_ECDSA:
- return CKM_ECDSA_KEY_PAIR_GEN;
- case CKM_SSL3_PRE_MASTER_KEY_GEN:
- case CKM_SSL3_MASTER_KEY_DERIVE:
- case CKM_SSL3_KEY_AND_MAC_DERIVE:
- case CKM_SSL3_SHA1_MAC:
- case CKM_SSL3_MD5_MAC:
- case CKM_TLS_MASTER_KEY_DERIVE:
- case CKM_TLS_KEY_AND_MAC_DERIVE:
- return CKM_SSL3_PRE_MASTER_KEY_GEN;
- case CKM_SHA_1_HMAC:
- case CKM_SHA_1_HMAC_GENERAL:
- case CKM_MD2_HMAC:
- case CKM_MD2_HMAC_GENERAL:
- case CKM_MD5_HMAC:
- case CKM_MD5_HMAC_GENERAL:
- case CKM_TLS_PRF_GENERAL:
- return CKM_GENERIC_SECRET_KEY_GEN;
- case CKM_PBE_MD2_DES_CBC:
- case CKM_PBE_MD5_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
- case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
- case CKM_PBE_SHA1_RC2_40_CBC:
- case CKM_PBE_SHA1_RC2_128_CBC:
- case CKM_PBE_SHA1_RC4_40:
- case CKM_PBE_SHA1_RC4_128:
- case CKM_PBE_SHA1_DES3_EDE_CBC:
- case CKM_PBE_SHA1_DES2_EDE_CBC:
- return type;
- default:
- return pk11_lookup(type)->keyGen;
- }
-}
-
-/*
- * get the mechanism block size
- */
-int
-PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params)
-{
- CK_RC5_PARAMS *rc5_params;
- CK_RC5_CBC_PARAMS *rc5_cbc_params;
- switch (type) {
- case CKM_RC5_ECB:
- if ((params) && (params->data)) {
- rc5_params = (CK_RC5_PARAMS *) params->data;
- return (rc5_params->ulWordsize)*2;
- }
- return 8;
- case CKM_RC5_CBC:
- case CKM_RC5_CBC_PAD:
- if ((params) && (params->data)) {
- rc5_cbc_params = (CK_RC5_CBC_PARAMS *) params->data;
- return (rc5_cbc_params->ulWordsize)*2;
- }
- return 8;
- case CKM_DES_ECB:
- case CKM_DES3_ECB:
- case CKM_RC2_ECB:
- case CKM_IDEA_ECB:
- case CKM_CAST_ECB:
- case CKM_CAST3_ECB:
- case CKM_CAST5_ECB:
- case CKM_RC2_CBC:
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_DES_CBC:
- case CKM_DES3_CBC:
- case CKM_IDEA_CBC:
- case CKM_CAST_CBC:
- case CKM_CAST3_CBC:
- case CKM_CAST5_CBC:
- case CKM_DES_CBC_PAD:
- case CKM_DES3_CBC_PAD:
- case CKM_RC2_CBC_PAD:
- case CKM_IDEA_CBC_PAD:
- case CKM_CAST_CBC_PAD:
- case CKM_CAST3_CBC_PAD:
- case CKM_CAST5_CBC_PAD:
- case CKM_PBE_MD2_DES_CBC:
- case CKM_PBE_MD5_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
- case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
- case CKM_PBE_SHA1_RC2_40_CBC:
- case CKM_PBE_SHA1_RC2_128_CBC:
- case CKM_PBE_SHA1_DES3_EDE_CBC:
- case CKM_PBE_SHA1_DES2_EDE_CBC:
- return 8;
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- return 4;
- case CKM_BATON_ECB128:
- case CKM_BATON_CBC128:
- case CKM_BATON_COUNTER:
- case CKM_BATON_SHUFFLE:
- case CKM_JUNIPER_ECB128:
- case CKM_JUNIPER_CBC128:
- case CKM_JUNIPER_COUNTER:
- case CKM_JUNIPER_SHUFFLE:
- return 16;
- case CKM_BATON_ECB96:
- return 12;
- case CKM_RC4:
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
- case CKM_PBE_SHA1_RC4_40:
- case CKM_PBE_SHA1_RC4_128:
- return 0;
- case CKM_RSA_PKCS:
- case CKM_RSA_9796:
- case CKM_RSA_X_509:
- /*actually it's the modulus length of the key!*/
- return -1; /* failure */
- default:
- return pk11_lookup(type)->blockSize;
- }
-}
-
-/*
- * get the iv length
- */
-int
-PK11_GetIVLength(CK_MECHANISM_TYPE type)
-{
- switch (type) {
- case CKM_DES_ECB:
- case CKM_DES3_ECB:
- case CKM_RC2_ECB:
- case CKM_IDEA_ECB:
- case CKM_SKIPJACK_WRAP:
- case CKM_BATON_WRAP:
- case CKM_RC5_ECB:
- case CKM_CAST_ECB:
- case CKM_CAST3_ECB:
- case CKM_CAST5_ECB:
- return 0;
- case CKM_RC2_CBC:
- case CKM_DES_CBC:
- case CKM_DES3_CBC:
- case CKM_IDEA_CBC:
- case CKM_PBE_MD2_DES_CBC:
- case CKM_PBE_MD5_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
- case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
- case CKM_PBE_SHA1_RC2_40_CBC:
- case CKM_PBE_SHA1_RC2_128_CBC:
- case CKM_PBE_SHA1_DES3_EDE_CBC:
- case CKM_PBE_SHA1_DES2_EDE_CBC:
- case CKM_RC5_CBC:
- case CKM_CAST_CBC:
- case CKM_CAST3_CBC:
- case CKM_CAST5_CBC:
- case CKM_RC2_CBC_PAD:
- case CKM_DES_CBC_PAD:
- case CKM_DES3_CBC_PAD:
- case CKM_IDEA_CBC_PAD:
- case CKM_RC5_CBC_PAD:
- case CKM_CAST_CBC_PAD:
- case CKM_CAST3_CBC_PAD:
- case CKM_CAST5_CBC_PAD:
- return 8;
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- case CKM_BATON_ECB128:
- case CKM_BATON_ECB96:
- case CKM_BATON_CBC128:
- case CKM_BATON_COUNTER:
- case CKM_BATON_SHUFFLE:
- case CKM_JUNIPER_ECB128:
- case CKM_JUNIPER_CBC128:
- case CKM_JUNIPER_COUNTER:
- case CKM_JUNIPER_SHUFFLE:
- return 24;
- case CKM_RC4:
- case CKM_RSA_PKCS:
- case CKM_RSA_9796:
- case CKM_RSA_X_509:
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
- case CKM_PBE_SHA1_RC4_40:
- case CKM_PBE_SHA1_RC4_128:
- return 0;
- default:
- return pk11_lookup(type)->iv;
- }
-}
-
-
-/* These next two utilities are here to help facilitate future
- * Dynamic Encrypt/Decrypt symetric key mechanisms, and to allow functions
- * like SSL and S-MIME to automatically add them.
- */
-SECItem *
-PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv)
-{
- CK_RC2_CBC_PARAMS *rc2_params = NULL;
- CK_RC2_PARAMS *rc2_ecb_params = NULL;
- CK_RC5_PARAMS *rc5_params = NULL;
- CK_RC5_CBC_PARAMS *rc5_cbc_params = NULL;
- SECItem *param;
-
- param = (SECItem *)PORT_Alloc(sizeof(SECItem));
- if (param == NULL) return NULL;
- param->data = NULL;
- param->len = 0;
- switch (type) {
- case CKM_DES_ECB:
- case CKM_DES3_ECB:
- case CKM_RSA_PKCS:
- case CKM_RSA_X_509:
- case CKM_RSA_9796:
- case CKM_IDEA_ECB:
- case CKM_CDMF_ECB:
- case CKM_CAST_ECB:
- case CKM_CAST3_ECB:
- case CKM_CAST5_ECB:
- case CKM_RC4:
- break;
- case CKM_RC2_ECB:
- rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS));
- if (rc2_ecb_params == NULL) break;
- /* Maybe we should pass the key size in too to get this value? */
- *rc2_ecb_params = 128;
- param->data = (unsigned char *) rc2_ecb_params;
- param->len = sizeof(CK_RC2_PARAMS);
- break;
- case CKM_RC2_CBC:
- case CKM_RC2_CBC_PAD:
- rc2_params = (CK_RC2_CBC_PARAMS *)PORT_Alloc(sizeof(CK_RC2_CBC_PARAMS));
- if (rc2_params == NULL) break;
- /* Maybe we should pass the key size in too to get this value? */
- rc2_params->ulEffectiveBits = 128;
- if (iv && iv->data)
- PORT_Memcpy(rc2_params->iv,iv->data,sizeof(rc2_params->iv));
- param->data = (unsigned char *) rc2_params;
- param->len = sizeof(CK_RC2_CBC_PARAMS);
- break;
- case CKM_RC5_CBC:
- case CKM_RC5_CBC_PAD:
- rc5_cbc_params = (CK_RC5_CBC_PARAMS *)
- PORT_Alloc(sizeof(CK_RC5_CBC_PARAMS) + ((iv) ? iv->len : 0));
- if (rc5_cbc_params == NULL) break;
- if (iv && iv->data) {
- rc5_cbc_params->pIv = ((CK_BYTE_PTR) rc5_cbc_params)
- + sizeof(CK_RC5_CBC_PARAMS);
- PORT_Memcpy(rc5_cbc_params->pIv,iv->data,iv->len);
- rc5_cbc_params->ulIvLen = iv->len;
- rc5_cbc_params->ulWordsize = iv->len/2;
- } else {
- rc5_cbc_params->ulWordsize = 4;
- rc5_cbc_params->pIv = NULL;
- rc5_cbc_params->ulIvLen = iv->len;
- }
- rc5_cbc_params->ulRounds = 16;
- param->data = (unsigned char *) rc5_cbc_params;
- param->len = sizeof(CK_RC5_CBC_PARAMS);
- break;
- case CKM_RC5_ECB:
- rc5_params = (CK_RC5_PARAMS *)PORT_Alloc(sizeof(CK_RC5_PARAMS));
- if (rc5_params == NULL) break;
- if (iv && iv->data && iv->len) {
- rc5_params->ulWordsize = iv->len/2;
- } else {
- rc5_params->ulWordsize = 4;
- }
- rc5_params->ulRounds = 16;
- param->data = (unsigned char *) rc5_params;
- param->len = sizeof(CK_RC5_PARAMS);
- break;
- case CKM_DES_CBC:
- case CKM_DES3_CBC:
- case CKM_IDEA_CBC:
- case CKM_CDMF_CBC:
- case CKM_CAST_CBC:
- case CKM_CAST3_CBC:
- case CKM_CAST5_CBC:
- case CKM_DES_CBC_PAD:
- case CKM_DES3_CBC_PAD:
- case CKM_IDEA_CBC_PAD:
- case CKM_CDMF_CBC_PAD:
- case CKM_CAST_CBC_PAD:
- case CKM_CAST3_CBC_PAD:
- case CKM_CAST5_CBC_PAD:
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- case CKM_BATON_ECB128:
- case CKM_BATON_ECB96:
- case CKM_BATON_CBC128:
- case CKM_BATON_COUNTER:
- case CKM_BATON_SHUFFLE:
- case CKM_JUNIPER_ECB128:
- case CKM_JUNIPER_CBC128:
- case CKM_JUNIPER_COUNTER:
- case CKM_JUNIPER_SHUFFLE:
- if ((iv == NULL) || (iv->data == NULL)) break;
- param->data = (unsigned char*)PORT_Alloc(iv->len);
- if (param->data != NULL) {
- PORT_Memcpy(param->data,iv->data,iv->len);
- param->len = iv->len;
- }
- break;
- /* unknown mechanism, pass IV in if it's there */
- default:
- if (pk11_lookup(type)->iv == 0) {
- break;
- }
- if ((iv == NULL) || (iv->data == NULL)) {
- break;
- }
- param->data = (unsigned char*)PORT_Alloc(iv->len);
- if (param->data != NULL) {
- PORT_Memcpy(param->data,iv->data,iv->len);
- param->len = iv->len;
- }
- break;
- }
- return param;
-}
-
-unsigned char *
-PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len)
-{
- CK_RC2_CBC_PARAMS *rc2_params;
- CK_RC5_CBC_PARAMS *rc5_cbc_params;
-
- *len = 0;
- switch (type) {
- case CKM_DES_ECB:
- case CKM_DES3_ECB:
- case CKM_RSA_PKCS:
- case CKM_RSA_X_509:
- case CKM_RSA_9796:
- case CKM_IDEA_ECB:
- case CKM_CDMF_ECB:
- case CKM_CAST_ECB:
- case CKM_CAST3_ECB:
- case CKM_CAST5_ECB:
- case CKM_RC4:
- return NULL;
- case CKM_RC2_ECB:
- return NULL;
- case CKM_RC2_CBC:
- case CKM_RC2_CBC_PAD:
- rc2_params = (CK_RC2_CBC_PARAMS *)param->data;
- *len = sizeof(rc2_params->iv);
- return &rc2_params->iv[0];
- case CKM_RC5_CBC:
- case CKM_RC5_CBC_PAD:
- rc5_cbc_params = (CK_RC5_CBC_PARAMS *) param->data;
- *len = rc5_cbc_params->ulIvLen;
- return rc5_cbc_params->pIv;
- case CKM_DES_CBC:
- case CKM_DES3_CBC:
- case CKM_IDEA_CBC:
- case CKM_CDMF_CBC:
- case CKM_CAST_CBC:
- case CKM_CAST3_CBC:
- case CKM_CAST5_CBC:
- case CKM_DES_CBC_PAD:
- case CKM_DES3_CBC_PAD:
- case CKM_IDEA_CBC_PAD:
- case CKM_CDMF_CBC_PAD:
- case CKM_CAST_CBC_PAD:
- case CKM_CAST3_CBC_PAD:
- case CKM_CAST5_CBC_PAD:
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- case CKM_BATON_ECB128:
- case CKM_BATON_ECB96:
- case CKM_BATON_CBC128:
- case CKM_BATON_COUNTER:
- case CKM_BATON_SHUFFLE:
- case CKM_JUNIPER_ECB128:
- case CKM_JUNIPER_CBC128:
- case CKM_JUNIPER_COUNTER:
- case CKM_JUNIPER_SHUFFLE:
- break;
- /* unknown mechanism, pass IV in if it's there */
- default:
- break;
- }
- if (param->data) {
- *len = param->len;
- }
- return param->data;
-}
-
-typedef struct sec_rc5cbcParameterStr {
- SECItem version;
- SECItem rounds;
- SECItem blockSizeInBits;
- SECItem iv;
-} sec_rc5cbcParameter;
-
-static const SEC_ASN1Template sec_rc5ecb_parameter_template[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(sec_rc5cbcParameter) },
- { SEC_ASN1_INTEGER,
- offsetof(sec_rc5cbcParameter,version) },
- { SEC_ASN1_INTEGER,
- offsetof(sec_rc5cbcParameter,rounds) },
- { SEC_ASN1_INTEGER,
- offsetof(sec_rc5cbcParameter,blockSizeInBits) },
- { 0 }
-};
-
-static const SEC_ASN1Template sec_rc5cbc_parameter_template[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(sec_rc5cbcParameter) },
- { SEC_ASN1_INTEGER,
- offsetof(sec_rc5cbcParameter,version) },
- { SEC_ASN1_INTEGER,
- offsetof(sec_rc5cbcParameter,rounds) },
- { SEC_ASN1_INTEGER,
- offsetof(sec_rc5cbcParameter,blockSizeInBits) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(sec_rc5cbcParameter,iv) },
- { 0 }
-};
-
-typedef struct sec_rc2cbcParameterStr {
- SECItem rc2ParameterVersion;
- SECItem iv;
-} sec_rc2cbcParameter;
-
-static const SEC_ASN1Template sec_rc2cbc_parameter_template[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(sec_rc2cbcParameter) },
- { SEC_ASN1_INTEGER,
- offsetof(sec_rc2cbcParameter,rc2ParameterVersion) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(sec_rc2cbcParameter,iv) },
- { 0 }
-};
-
-static const SEC_ASN1Template sec_rc2ecb_parameter_template[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(sec_rc2cbcParameter) },
- { SEC_ASN1_INTEGER,
- offsetof(sec_rc2cbcParameter,rc2ParameterVersion) },
- { 0 }
-};
-
-/* S/MIME picked id values to represent differnt keysizes */
-/* I do have a formula, but it ain't pretty, and it only works because you
- * can always match three points to a parabola:) */
-static unsigned char rc2_map(SECItem *version)
-{
- long x;
-
- x = DER_GetInteger(version);
-
- switch (x) {
- case 58: return 128;
- case 120: return 64;
- case 160: return 40;
- }
- return 128;
-}
-
-static unsigned long rc2_unmap(unsigned long x)
-{
- switch (x) {
- case 128: return 58;
- case 64: return 120;
- case 40: return 160;
- }
- return 58;
-}
-
-
-/*
- * Helper function to decode a PKCS5 DER encode paramter block into a PKCS #11
- * PBE_Parameter structure.
- */
-SECStatus
-pk11_pbe_decode(SECAlgorithmID *algid, SECItem *mech)
-{
- CK_PBE_PARAMS *pbe_params = NULL;
- SEC_PKCS5PBEParameter *p5_param;
- SECItem *p5_misc = NULL;
- int paramSize = 0;
-
- p5_param = SEC_PKCS5GetPBEParameter(algid);
- if(p5_param == NULL) {
- return SECFailure;
- }
-
-
- p5_misc = &p5_param->salt;
- paramSize = sizeof(CK_PBE_PARAMS);
-
- pbe_params = (CK_PBE_PARAMS *)PORT_ZAlloc(paramSize);
- if (pbe_params == NULL) {
- SEC_PKCS5DestroyPBEParameter(p5_param);
- return SECFailure;
- }
-
- /* get salt */
- pbe_params->pSalt = (CK_CHAR_PTR)PORT_ZAlloc(p5_misc->len);
- if (pbe_params->pSalt == CK_NULL_PTR) {
- goto loser;
- }
- PORT_Memcpy(pbe_params->pSalt, p5_misc->data, p5_misc->len);
- pbe_params->ulSaltLen = (CK_ULONG) p5_misc->len;
-
- /* get iteration count */
- p5_misc = &p5_param->iteration;
- pbe_params->ulIteration = (CK_ULONG) DER_GetInteger(p5_misc);
-
- /* copy into the mechanism sec item */
- mech->data = (unsigned char *)pbe_params;
- mech->len = paramSize;
- SEC_PKCS5DestroyPBEParameter(p5_param);
- return SECSuccess;
-
-loser:
- if (pbe_params->pSalt != CK_NULL_PTR) {
- PORT_Free(pbe_params->pSalt);
- }
- PORT_Free(pbe_params);
- SEC_PKCS5DestroyPBEParameter(p5_param);
- return SECFailure;
-}
-
-/* Generate a mechaism param from a type, and iv. */
-SECItem *
-PK11_ParamFromAlgid(SECAlgorithmID *algid) {
- CK_RC2_CBC_PARAMS *rc2_params = NULL;
- CK_RC2_PARAMS *rc2_ecb_params = NULL;
- CK_RC5_CBC_PARAMS *rc5_params_cbc;
- CK_RC5_PARAMS *rc5_params_ecb;
- SECItem iv;
- sec_rc2cbcParameter rc2;
- sec_rc5cbcParameter rc5;
- SECItem *mech;
- CK_MECHANISM_TYPE type;
- SECOidTag algtag;
- SECStatus rv;
-
- algtag = SECOID_GetAlgorithmTag(algid);
- type = PK11_AlgtagToMechanism(algtag);
-
- mech = (SECItem *) PORT_Alloc(sizeof(SECItem));
- if (mech == NULL) return NULL;
-
-
- /* handle the complicated cases */
- switch (type) {
- case CKM_RC2_ECB:
- rv = SEC_ASN1DecodeItem(NULL, &rc2 ,sec_rc2ecb_parameter_template,
- &(algid->parameters));
- if (rv != SECSuccess) {
- PORT_Free(mech);
- return NULL;
- }
- rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS));
- if (rc2_ecb_params == NULL) {
- PORT_Free(rc2.rc2ParameterVersion.data);
- PORT_Free(mech);
- return NULL;
- }
- *rc2_ecb_params = rc2_map(&rc2.rc2ParameterVersion);
- PORT_Free(rc2.rc2ParameterVersion.data);
- mech->data = (unsigned char *) rc2_ecb_params;
- mech->len = sizeof(CK_RC2_PARAMS);
- return mech;
- case CKM_RC2_CBC:
- case CKM_RC2_CBC_PAD:
- rv = SEC_ASN1DecodeItem(NULL, &rc2 ,sec_rc2cbc_parameter_template,
- &(algid->parameters));
- if (rv != SECSuccess) {
- PORT_Free(mech);
- return NULL;
- }
- rc2_params = (CK_RC2_CBC_PARAMS *)PORT_Alloc(sizeof(CK_RC2_CBC_PARAMS));
- if (rc2_params == NULL) {
- PORT_Free(rc2.iv.data);
- PORT_Free(rc2.rc2ParameterVersion.data);
- PORT_Free(mech);
- return NULL;
- }
- rc2_params->ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion);
- PORT_Free(rc2.rc2ParameterVersion.data);
- PORT_Memcpy(rc2_params->iv,rc2.iv.data,sizeof(rc2_params->iv));
- PORT_Free(rc2.iv.data);
- mech->data = (unsigned char *) rc2_params;
- mech->len = sizeof(CK_RC2_CBC_PARAMS);
- return mech;
- case CKM_RC5_ECB:
- rv = SEC_ASN1DecodeItem(NULL, &rc5 ,sec_rc5ecb_parameter_template,
- &(algid->parameters));
- if (rv != SECSuccess) {
- PORT_Free(mech);
- return NULL;
- }
- rc5_params_ecb=(CK_RC5_PARAMS *)PORT_Alloc(sizeof(CK_RC5_PARAMS));
- PORT_Free(rc5.version.data);
- if (rc5_params_ecb == NULL) {
- PORT_Free(rc5.rounds.data);
- PORT_Free(rc5.blockSizeInBits.data);
- PORT_Free(mech);
- return NULL;
- }
- rc5_params_ecb->ulRounds = DER_GetInteger(&rc5.rounds);
- rc5_params_ecb->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8;
- PORT_Free(rc5.rounds.data);
- PORT_Free(rc5.blockSizeInBits.data);
- mech->data = (unsigned char *) rc5_params_ecb;
- mech->len = sizeof(CK_RC5_PARAMS);
- return mech;
- case CKM_RC5_CBC:
- case CKM_RC5_CBC_PAD:
- rv = SEC_ASN1DecodeItem(NULL, &rc5 ,sec_rc5cbc_parameter_template,
- &(algid->parameters));
- if (rv != SECSuccess) {
- PORT_Free(mech);
- return NULL;
- }
- rc5_params_cbc = (CK_RC5_CBC_PARAMS *)
- PORT_Alloc(sizeof(CK_RC5_CBC_PARAMS) + rc5.iv.len);
- PORT_Free(rc5.version.data);
- if (rc2_params == NULL) {
- PORT_Free(rc5.iv.data);
- PORT_Free(rc5.rounds.data);
- PORT_Free(rc5.blockSizeInBits.data);
- PORT_Free(mech);
- return NULL;
- }
- rc5_params_cbc->ulRounds = DER_GetInteger(&rc5.rounds);
- rc5_params_cbc->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8;
- PORT_Free(rc5.rounds.data);
- PORT_Free(rc5.blockSizeInBits.data);
- rc5_params_cbc->pIv = ((CK_BYTE_PTR)rc5_params_cbc)
- + sizeof(CK_RC5_CBC_PARAMS);
- PORT_Memcpy(rc5_params_cbc->pIv,rc5.iv.data,rc5.iv.len);
- rc5_params_cbc->ulIvLen = rc5.iv.len;
- PORT_Free(rc5.iv.data);
- mech->data = (unsigned char *) rc5_params_cbc;
- mech->len = sizeof(CK_RC5_CBC_PARAMS);
- return mech;
- case CKM_PBE_MD2_DES_CBC:
- case CKM_PBE_MD5_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
- case CKM_PBE_SHA1_DES2_EDE_CBC:
- case CKM_PBE_SHA1_DES3_EDE_CBC:
- case CKM_PBE_SHA1_RC2_40_CBC:
- case CKM_PBE_SHA1_RC2_128_CBC:
- case CKM_PBE_SHA1_RC4_40:
- case CKM_PBE_SHA1_RC4_128:
- rv = pk11_pbe_decode(algid,mech);
- if (rv != SECSuccess) {
- PORT_Free(mech);
- return NULL;
- }
- return mech;
- default:
- /* must be a simple case */
- break;
- }
-
- /* simple cases are simpley Octect encoded IV's */
- rv = SEC_ASN1DecodeItem(NULL, &iv, SEC_OctetStringTemplate,
- &(algid->parameters));
- if (rv != SECSuccess) {
- iv.data = NULL;
- iv.len = 0;
- }
-
- rv = SECSuccess;
- switch (type) {
- case CKM_RC4:
- case CKM_DES_ECB:
- case CKM_DES3_ECB:
- case CKM_IDEA_ECB:
- case CKM_CDMF_ECB:
- case CKM_CAST_ECB:
- case CKM_CAST3_ECB:
- case CKM_CAST5_ECB:
- mech->data = NULL;
- mech->len = 0;
- break;
- default:
- if (pk11_lookup(type)->iv == 0) {
- mech->data = NULL;
- mech->len = 0;
- break;
- }
- case CKM_DES_CBC:
- case CKM_DES3_CBC:
- case CKM_IDEA_CBC:
- case CKM_CDMF_CBC:
- case CKM_CAST_CBC:
- case CKM_CAST3_CBC:
- case CKM_CAST5_CBC:
- case CKM_DES_CBC_PAD:
- case CKM_DES3_CBC_PAD:
- case CKM_IDEA_CBC_PAD:
- case CKM_CDMF_CBC_PAD:
- case CKM_CAST_CBC_PAD:
- case CKM_CAST3_CBC_PAD:
- case CKM_CAST5_CBC_PAD:
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- case CKM_BATON_ECB128:
- case CKM_BATON_ECB96:
- case CKM_BATON_CBC128:
- case CKM_BATON_COUNTER:
- case CKM_BATON_SHUFFLE:
- case CKM_JUNIPER_ECB128:
- case CKM_JUNIPER_CBC128:
- case CKM_JUNIPER_COUNTER:
- case CKM_JUNIPER_SHUFFLE:
- if (iv.data == NULL) {
- rv = SECFailure;
- break;
- }
- mech->data = (unsigned char*)PORT_Alloc(iv.len);
- if (mech->data == NULL) {
- rv = SECFailure;
- break;
- }
- PORT_Memcpy(mech->data,iv.data,iv.len);
- mech->len = iv.len;
- break;
- }
- if (iv.data) PORT_Free(iv.data);
- if (rv != SECSuccess) {
- SECITEM_FreeItem(mech,PR_TRUE);
- return NULL;
- }
- return mech;
-}
-
-SECStatus
-PK11_SeedRandom(PK11SlotInfo *slot, unsigned char *data, int len) {
- CK_RV crv;
-
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_SeedRandom(slot->session,data, (CK_ULONG)len);
- PK11_ExitSlotMonitor(slot);
- return (crv != CKR_OK) ? SECFailure : SECSuccess;
-}
-
-/* Attempts to update the Best Slot for "FAKE RANDOM" generation.
-** If that's not the internal slot, then it also attempts to update the
-** internal slot.
-** The return value indicates if the INTERNAL slot was updated OK.
-*/
-SECStatus
-PK11_RandomUpdate(void *data, size_t bytes)
-{
- PK11SlotInfo *slot;
- PRBool bestIsInternal;
- SECStatus status;
-
- slot = PK11_GetBestSlot(CKM_FAKE_RANDOM, NULL);
- if (slot == NULL) {
- slot = PK11_GetInternalSlot();
- if (!slot)
- return SECFailure;
- }
-
- bestIsInternal = PK11_IsInternal(slot);
- status = PK11_SeedRandom(slot, data, bytes);
- PK11_FreeSlot(slot);
-
- if (!bestIsInternal) {
- /* do internal slot, too. */
- slot = PK11_GetInternalSlot(); /* can't fail */
- status = PK11_SeedRandom(slot, data, bytes);
- PK11_FreeSlot(slot);
- }
- return status;
-}
-
-
-SECStatus
-PK11_GenerateRandom(unsigned char *data,int len) {
- PK11SlotInfo *slot;
- CK_RV crv;
-
- slot = PK11_GetBestSlot(CKM_FAKE_RANDOM,NULL);
- if (slot == NULL) return SECFailure;
-
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GenerateRandom(slot->session,data,
- (CK_ULONG)len);
- PK11_ExitSlotMonitor(slot);
- PK11_FreeSlot(slot);
- return (crv != CKR_OK) ? SECFailure : SECSuccess;
-}
-
-/*
- * Generate an IV for the given mechanism
- */
-static SECStatus
-pk11_GenIV(CK_MECHANISM_TYPE type, SECItem *iv) {
- int iv_size = PK11_GetIVLength(type);
- SECStatus rv;
-
- iv->len = iv_size;
- if (iv_size == 0) {
- iv->data = NULL;
- return SECSuccess;
- }
-
- iv->data = (unsigned char *) PORT_Alloc(iv_size);
- if (iv->data == NULL) {
- iv->len = 0;
- return SECFailure;
- }
-
- rv = PK11_GenerateRandom(iv->data,iv->len);
- if (rv != SECSuccess) {
- PORT_Free(iv->data);
- iv->data = NULL; iv->len = 0;
- return SECFailure;
- }
- return SECSuccess;
-}
-
-
-/*
- * create a new paramter block from the passed in MECHANISM and the
- * key. Use Netscape's S/MIME Rules for the New param block.
- */
-SECItem *
-PK11_GenerateNewParam(CK_MECHANISM_TYPE type, PK11SymKey *key) {
- CK_RC2_CBC_PARAMS *rc2_params;
- CK_RC2_PARAMS *rc2_ecb_params;
- SECItem *mech;
- SECItem iv;
- SECStatus rv;
-
-
- mech = (SECItem *) PORT_Alloc(sizeof(SECItem));
- if (mech == NULL) return NULL;
-
- rv = SECSuccess;
- switch (type) {
- case CKM_RC4:
- case CKM_DES_ECB:
- case CKM_DES3_ECB:
- case CKM_IDEA_ECB:
- case CKM_CDMF_ECB:
- case CKM_CAST_ECB:
- case CKM_CAST3_ECB:
- case CKM_CAST5_ECB:
- mech->data = NULL;
- mech->len = 0;
- break;
- case CKM_RC2_ECB:
- rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS));
- if (rc2_ecb_params == NULL) {
- rv = SECFailure;
- break;
- }
- /* NOTE PK11_GetKeyLength can return -1 if the key isn't and RC2, RC5,
- * or RC4 key. Of course that wouldn't happen here doing RC2:).*/
- *rc2_ecb_params = PK11_GetKeyLength(key)*8;
- mech->data = (unsigned char *) rc2_ecb_params;
- mech->len = sizeof(CK_RC2_PARAMS);
- break;
- case CKM_RC2_CBC:
- case CKM_RC2_CBC_PAD:
- rv = pk11_GenIV(type,&iv);
- if (rv != SECSuccess) {
- break;
- }
- rc2_params = (CK_RC2_CBC_PARAMS *)PORT_Alloc(sizeof(CK_RC2_CBC_PARAMS));
- if (rc2_params == NULL) {
- PORT_Free(iv.data);
- rv = SECFailure;
- break;
- }
- /* NOTE PK11_GetKeyLength can return -1 if the key isn't and RC2, RC5,
- * or RC4 key. Of course that wouldn't happen here doing RC2:).*/
- rc2_params->ulEffectiveBits = PK11_GetKeyLength(key)*8;
- if (iv.data)
- PORT_Memcpy(rc2_params->iv,iv.data,sizeof(rc2_params->iv));
- mech->data = (unsigned char *) rc2_params;
- mech->len = sizeof(CK_RC2_CBC_PARAMS);
- PORT_Free(iv.data);
- break;
- case CKM_RC5_ECB:
- PORT_Free(mech);
- return PK11_ParamFromIV(type,NULL);
- case CKM_RC5_CBC:
- case CKM_RC5_CBC_PAD:
- rv = pk11_GenIV(type,&iv);
- if (rv != SECSuccess) {
- break;
- }
- PORT_Free(mech);
- return PK11_ParamFromIV(type,&iv);
- default:
- if (pk11_lookup(type)->iv == 0) {
- mech->data = NULL;
- mech->len = 0;
- break;
- }
- case CKM_DES_CBC:
- case CKM_DES3_CBC:
- case CKM_IDEA_CBC:
- case CKM_CDMF_CBC:
- case CKM_CAST_CBC:
- case CKM_CAST3_CBC:
- case CKM_CAST5_CBC:
- case CKM_DES_CBC_PAD:
- case CKM_DES3_CBC_PAD:
- case CKM_IDEA_CBC_PAD:
- case CKM_CDMF_CBC_PAD:
- case CKM_CAST_CBC_PAD:
- case CKM_CAST3_CBC_PAD:
- case CKM_CAST5_CBC_PAD:
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- case CKM_BATON_ECB128:
- case CKM_BATON_ECB96:
- case CKM_BATON_CBC128:
- case CKM_BATON_COUNTER:
- case CKM_BATON_SHUFFLE:
- case CKM_JUNIPER_ECB128:
- case CKM_JUNIPER_CBC128:
- case CKM_JUNIPER_COUNTER:
- case CKM_JUNIPER_SHUFFLE:
- rv = pk11_GenIV(type,&iv);
- if (rv != SECSuccess) {
- break;
- }
- mech->data = (unsigned char*)PORT_Alloc(iv.len);
- if (mech->data == NULL) {
- PORT_Free(iv.data);
- rv = SECFailure;
- break;
- }
- PORT_Memcpy(mech->data,iv.data,iv.len);
- mech->len = iv.len;
- PORT_Free(iv.data);
- break;
- }
- if (rv != SECSuccess) {
- SECITEM_FreeItem(mech,PR_TRUE);
- return NULL;
- }
- return mech;
-
-}
-
-#define RC5_V10 0x10
-
-/* turn a PKCS #11 parameter into a DER Encoded Algorithm ID */
-SECStatus
-PK11_ParamToAlgid(SECOidTag algTag, SECItem *param,
- PRArenaPool *arena, SECAlgorithmID *algid) {
- CK_RC2_CBC_PARAMS *rc2_params;
- sec_rc2cbcParameter rc2;
- CK_RC5_CBC_PARAMS *rc5_params;
- sec_rc5cbcParameter rc5;
- CK_MECHANISM_TYPE type = PK11_AlgtagToMechanism(algTag);
- SECItem *newParams = NULL;
- SECStatus rv = SECFailure;
- unsigned long rc2version;
-
- rv = SECSuccess;
- switch (type) {
- case CKM_RC4:
- case CKM_DES_ECB:
- case CKM_DES3_ECB:
- case CKM_IDEA_ECB:
- case CKM_CDMF_ECB:
- case CKM_CAST_ECB:
- case CKM_CAST3_ECB:
- case CKM_CAST5_ECB:
- newParams = NULL;
- rv = SECSuccess;
- break;
- case CKM_RC2_ECB:
- break;
- case CKM_RC2_CBC:
- case CKM_RC2_CBC_PAD:
- rc2_params = (CK_RC2_CBC_PARAMS *)param->data;
- rc2version = rc2_unmap(rc2_params->ulEffectiveBits);
- if (SEC_ASN1EncodeUnsignedInteger (NULL, &(rc2.rc2ParameterVersion),
- rc2version) == NULL)
- break;
- rc2.iv.data = rc2_params->iv;
- rc2.iv.len = sizeof(rc2_params->iv);
- newParams = SEC_ASN1EncodeItem (NULL, NULL, &rc2,
- sec_rc2cbc_parameter_template);
- PORT_Free(rc2.rc2ParameterVersion.data);
- if (newParams == NULL)
- break;
- rv = SECSuccess;
- break;
-
- case CKM_RC5_ECB: /* well not really... */
- break;
- case CKM_RC5_CBC:
- case CKM_RC5_CBC_PAD:
- rc5_params = (CK_RC5_CBC_PARAMS *)param->data;
- if (SEC_ASN1EncodeUnsignedInteger (NULL, &rc5.version, RC5_V10) == NULL)
- break;
- if (SEC_ASN1EncodeUnsignedInteger (NULL, &rc5.blockSizeInBits,
- rc5_params->ulWordsize*8) == NULL) {
- PORT_Free(rc5.version.data);
- break;
- }
- if (SEC_ASN1EncodeUnsignedInteger (NULL, &rc5.rounds,
- rc5_params->ulWordsize*8) == NULL) {
- PORT_Free(rc5.blockSizeInBits.data);
- PORT_Free(rc5.version.data);
- break;
- }
- rc5.iv.data = rc5_params->pIv;
- rc5.iv.len = rc5_params->ulIvLen;
- newParams = SEC_ASN1EncodeItem (NULL, NULL, &rc5,
- sec_rc5cbc_parameter_template);
- PORT_Free(rc5.version.data);
- PORT_Free(rc5.blockSizeInBits.data);
- PORT_Free(rc5.rounds.data);
- if (newParams == NULL)
- break;
- rv = SECSuccess;
- break;
- case CKM_PBE_MD2_DES_CBC:
- case CKM_PBE_MD5_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
- case CKM_PBE_SHA1_DES3_EDE_CBC:
- case CKM_PBE_SHA1_DES2_EDE_CBC:
- case CKM_PBE_SHA1_RC2_40_CBC:
- case CKM_PBE_SHA1_RC2_128_CBC:
- case CKM_PBE_SHA1_RC4_40:
- case CKM_PBE_SHA1_RC4_128:
- return PBE_PK11ParamToAlgid(algTag, param, arena, algid);
- default:
- if (pk11_lookup(type)->iv == 0) {
- rv = SECSuccess;
- newParams = NULL;
- break;
- }
- case CKM_DES_CBC:
- case CKM_DES3_CBC:
- case CKM_IDEA_CBC:
- case CKM_CDMF_CBC:
- case CKM_CAST_CBC:
- case CKM_CAST3_CBC:
- case CKM_CAST5_CBC:
- case CKM_DES_CBC_PAD:
- case CKM_DES3_CBC_PAD:
- case CKM_IDEA_CBC_PAD:
- case CKM_CDMF_CBC_PAD:
- case CKM_CAST_CBC_PAD:
- case CKM_CAST3_CBC_PAD:
- case CKM_CAST5_CBC_PAD:
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- case CKM_BATON_ECB128:
- case CKM_BATON_ECB96:
- case CKM_BATON_CBC128:
- case CKM_BATON_COUNTER:
- case CKM_BATON_SHUFFLE:
- case CKM_JUNIPER_ECB128:
- case CKM_JUNIPER_CBC128:
- case CKM_JUNIPER_COUNTER:
- case CKM_JUNIPER_SHUFFLE:
- newParams = SEC_ASN1EncodeItem(NULL,NULL,param,
- SEC_OctetStringTemplate);
- rv = SECSuccess;
- break;
- }
-
- if (rv != SECSuccess) {
- if (newParams) SECITEM_FreeItem(newParams,PR_TRUE);
- return rv;
- }
-
- rv = SECOID_SetAlgorithmID(arena, algid, algTag, newParams);
- SECITEM_FreeItem(newParams,PR_TRUE);
- return rv;
-}
-
-/* turn an OID algorithm tag into a PKCS #11 mechanism. This allows us to
- * map OID's directly into the PKCS #11 mechanism we want to call. We find
- * this mapping in our standard OID table */
-CK_MECHANISM_TYPE
-PK11_AlgtagToMechanism(SECOidTag algTag) {
- SECOidData *oid = SECOID_FindOIDByTag(algTag);
-
- if (oid) return (CK_MECHANISM_TYPE) oid->mechanism;
- return CKM_INVALID_MECHANISM;
-}
-
-/* turn a mechanism into an oid. */
-SECOidTag
-PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type) {
- SECOidData *oid = SECOID_FindOIDByMechanism((unsigned long)type);
-
- if (oid) return oid->offset;
- return SEC_OID_UNKNOWN;
-}
-
-/* Determine appropriate blocking mechanism, used when wrapping private keys
- * which require PKCS padding. If the mechanism does not map to a padding
- * mechanism, we simply return the mechanism.
- */
-CK_MECHANISM_TYPE
-PK11_GetPadMechanism(CK_MECHANISM_TYPE type) {
- switch(type) {
- case CKM_DES_CBC:
- return CKM_DES_CBC_PAD;
- case CKM_DES3_CBC:
- return CKM_DES3_CBC_PAD;
- case CKM_RC2_CBC:
- return CKM_RC2_CBC_PAD;
- case CKM_CDMF_CBC:
- return CKM_CDMF_CBC_PAD;
- case CKM_CAST_CBC:
- return CKM_CAST_CBC_PAD;
- case CKM_CAST3_CBC:
- return CKM_CAST3_CBC_PAD;
- case CKM_CAST5_CBC:
- return CKM_CAST5_CBC_PAD;
- case CKM_RC5_CBC:
- return CKM_RC5_CBC_PAD;
- case CKM_IDEA_CBC:
- return CKM_IDEA_CBC_PAD;
- default:
- break;
- }
-
- return type;
-}
-
-/*
- * Build a block big enough to hold the data
- */
-SECItem *
-PK11_BlockData(SECItem *data,unsigned long size) {
- SECItem *newData;
-
- newData = (SECItem *)PORT_Alloc(sizeof(SECItem));
- if (newData == NULL) return NULL;
-
- newData->len = (data->len + (size-1))/size;
- newData->len *= size;
-
- newData->data = (unsigned char *) PORT_ZAlloc(newData->len);
- if (newData->data == NULL) {
- PORT_Free(newData);
- return NULL;
- }
- PORT_Memset(newData->data,newData->len-data->len,newData->len);
- PORT_Memcpy(newData->data,data->data,data->len);
- return newData;
-}
-
-
-SECStatus
-PK11_DestroyObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object) {
- CK_RV crv;
-
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_DestroyObject(slot->session,object);
- PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- return SECFailure;
- }
- return SECSuccess;
-}
-
-SECStatus
-PK11_DestroyTokenObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object) {
- CK_RV crv;
- SECStatus rv = SECSuccess;
- CK_SESSION_HANDLE rwsession;
-
-
- rwsession = PK11_GetRWSession(slot);
-
- crv = PK11_GETTAB(slot)->C_DestroyObject(rwsession,object);
- if (crv != CKR_OK) {
- rv = SECFailure;
- PORT_SetError(PK11_MapError(crv));
- }
- PK11_RestoreROSession(slot,rwsession);
- return rv;
-}
-
-/*
- * Read in a single attribute into a SECItem. Allocate space for it with
- * PORT_Alloc unless an arena is supplied. In the latter case use the arena
- * to allocate the space.
- */
-SECStatus
-PK11_ReadAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
- CK_ATTRIBUTE_TYPE type, PRArenaPool *arena, SECItem *result) {
- CK_ATTRIBUTE attr = { 0, NULL, 0 };
- CK_RV crv;
-
- attr.type = type;
-
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,id,&attr,1);
- if (crv != CKR_OK) {
- PK11_ExitSlotMonitor(slot);
- PORT_SetError(PK11_MapError(crv));
- return SECFailure;
- }
- if (arena) {
- attr.pValue = PORT_ArenaAlloc(arena,attr.ulValueLen);
- } else {
- attr.pValue = PORT_Alloc(attr.ulValueLen);
- }
- if (attr.pValue == NULL) return SECFailure;
- crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,id,&attr,1);
- PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- if (!arena) PORT_Free(attr.pValue);
- return SECFailure;
- }
-
- result->data = (unsigned char*)attr.pValue;
- result->len = attr.ulValueLen;
-
- return SECSuccess;
-}
-
-/*
- * Read in a single attribute into As a Ulong.
- */
-CK_ULONG
-PK11_ReadULongAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
- CK_ATTRIBUTE_TYPE type) {
- CK_ATTRIBUTE attr;
- CK_ULONG value = CK_UNAVAILABLE_INFORMATION;
- CK_RV crv;
-
- PK11_SETATTRS(&attr,type,&value,sizeof(value));
-
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,id,&attr,1);
- PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- }
- return value;
-}
-
-/*
- * check to see if a bool has been set.
- */
-CK_BBOOL
-PK11_HasAttributeSet( PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
- CK_ATTRIBUTE_TYPE type )
-{
- CK_BBOOL ckvalue = CK_FALSE;
- CK_ATTRIBUTE theTemplate;
- CK_RV crv;
-
- /* Prepare to retrieve the attribute. */
- PK11_SETATTRS( &theTemplate, type, &ckvalue, sizeof( CK_BBOOL ) );
-
- /* Retrieve attribute value. */
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB( slot )->C_GetAttributeValue( slot->session, id,
- &theTemplate, 1 );
- PK11_ExitSlotMonitor(slot);
- if( crv != CKR_OK ) {
- PORT_SetError( PK11_MapError( crv ) );
- return CK_FALSE;
- }
-
- return ckvalue;
-}
-
-/*
- * returns a full list of attributes. Allocate space for them. If an arena is
- * provided, allocate space out of the arena.
- */
-CK_RV
-PK11_GetAttributes(PRArenaPool *arena,PK11SlotInfo *slot,
- CK_OBJECT_HANDLE obj,CK_ATTRIBUTE *attr, int count)
-{
- int i;
- /* make pedantic happy... note that it's only used arena != NULL */
- void *mark = NULL;
- CK_RV crv;
-
- /*
- * first get all the lengths of the parameters.
- */
- PK11_EnterSlotMonitor(slot);
- crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,obj,attr,count);
- if (crv != CKR_OK) {
- PK11_ExitSlotMonitor(slot);
- return crv;
- }
-
- if (arena) {
- mark = PORT_ArenaMark(arena);
- if (mark == NULL) return CKR_HOST_MEMORY;
- }
-
- /*
- * now allocate space to store the results.
- */
- for (i=0; i < count; i++) {
- if (arena) {
- attr[i].pValue = PORT_ArenaAlloc(arena,attr[i].ulValueLen);
- if (attr[i].pValue == NULL) {
- /* arena failures, just release the mark */
- PORT_ArenaRelease(arena,mark);
- PK11_ExitSlotMonitor(slot);
- return CKR_HOST_MEMORY;
- }
- } else {
- attr[i].pValue = PORT_Alloc(attr[i].ulValueLen);
- if (attr[i].pValue == NULL) {
- /* Separate malloc failures, loop to release what we have
- * so far */
- int j;
- for (j= 0; j < i; j++) {
- PORT_Free(attr[j].pValue);
- /* don't give the caller pointers to freed memory */
- attr[j].pValue = NULL;
- }
- PK11_ExitSlotMonitor(slot);
- return CKR_HOST_MEMORY;
- }
- }
- }
-
- /*
- * finally get the results.
- */
- crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,obj,attr,count);
- PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- if (arena) {
- PORT_ArenaRelease(arena,mark);
- } else {
- for (i= 0; i < count; i++) {
- PORT_Free(attr[i].pValue);
- /* don't give the caller pointers to freed memory */
- attr[i].pValue = NULL;
- }
- }
- } else if (arena && mark) {
- PORT_ArenaUnmark(arena,mark);
- }
- return crv;
-}
-
-/*
- * Reset the token to it's initial state. For the internal module, this will
- * Purge your keydb, and reset your cert db certs to USER_INIT.
- */
-SECStatus
-PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd)
-{
- unsigned char tokenName[32];
- int tokenNameLen;
- CK_RV crv;
-
- /* reconstruct the token name */
- tokenNameLen = PORT_Strlen(slot->token_name);
- if (tokenNameLen > sizeof(tokenName)) {
- tokenNameLen = sizeof(tokenName);
- }
-
- PORT_Memcpy(tokenName,slot->token_name,tokenNameLen);
- if (tokenNameLen < sizeof(tokenName)) {
- PORT_Memset(&tokenName[tokenNameLen],' ',
- sizeof(tokenName)-tokenNameLen);
- }
-
- /* initialize the token */
- PK11_EnterSlotMonitor(slot);
-
- /* first shutdown the token. Existing sessions will get closed here */
- PK11_GETTAB(slot)->C_CloseAllSessions(slot->slotID);
- slot->session = CK_INVALID_SESSION;
- PK11_FreeSlotCerts(slot);
-
- /* now re-init the token */
- crv = PK11_GETTAB(slot)->C_InitToken(slot->slotID,
- (unsigned char *)sso_pwd, sso_pwd ? PORT_Strlen(sso_pwd): 0, tokenName);
-
- /* finally bring the token back up */
- PK11_InitToken(slot,PR_TRUE);
- PK11_ExitSlotMonitor(slot);
- if (crv != CKR_OK) {
- PORT_SetError(PK11_MapError(crv));
- return SECFailure;
- }
- return SECSuccess;
-}
-
-
-
-
-static SECOidTag
-pk11_MapPBEMechanismTypeToAlgtag(CK_MECHANISM_TYPE mech)
-{
- switch(mech) {
- case CKM_PBE_MD2_DES_CBC:
- return SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC;
- case CKM_PBE_MD5_DES_CBC:
- return SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC;
- case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
- return SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC;
- case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
- return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC;
- case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
- return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC;
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
- return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4;
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
- return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4;
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
- return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
- return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC;
- case CKM_PBE_SHA1_RC2_128_CBC:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC;
- case CKM_PBE_SHA1_RC2_40_CBC:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
- case CKM_PBE_SHA1_RC4_40:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4;
- case CKM_PBE_SHA1_RC4_128:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4;
- case CKM_PBE_SHA1_DES3_EDE_CBC:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
- case CKM_PBE_SHA1_DES2_EDE_CBC:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC;
- default:
- break;
- }
- return SEC_OID_UNKNOWN;
-}
-
-CK_RV
-PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,
- CK_MECHANISM_PTR pCryptoMechanism,
- SECItem *pbe_pwd, PRBool faulty3DES)
-{
- int iv_len = 0;
- CK_PBE_PARAMS_PTR pPBEparams;
- CK_RC2_CBC_PARAMS_PTR rc2_params;
- CK_ULONG rc2_key_len;
- SECStatus rv = SECFailure;
- SECAlgorithmID temp_algid;
- SECItem param, *iv;
-
- if((pPBEMechanism == CK_NULL_PTR) || (pCryptoMechanism == CK_NULL_PTR)) {
- return CKR_HOST_MEMORY;
- }
-
- pPBEparams = (CK_PBE_PARAMS_PTR)pPBEMechanism->pParameter;
- iv_len = PK11_GetIVLength(pPBEMechanism->mechanism);
-
- if(pPBEparams->pInitVector == CK_NULL_PTR) {
- pPBEparams->pInitVector = (CK_CHAR_PTR)PORT_ZAlloc(iv_len);
- if(pPBEparams->pInitVector == NULL) {
- return CKR_HOST_MEMORY;
- }
- param.data = (unsigned char*)pPBEMechanism->pParameter;
- param.len = pPBEMechanism->ulParameterLen;
- rv = PK11_ParamToAlgid(pk11_MapPBEMechanismTypeToAlgtag(
- pPBEMechanism->mechanism),
- &param, NULL, &temp_algid);
- if(rv != SECSuccess) {
- SECOID_DestroyAlgorithmID(&temp_algid, PR_FALSE);
- return CKR_HOST_MEMORY;
- } else {
- iv = SEC_PKCS5GetIV(&temp_algid, pbe_pwd, faulty3DES);
- if((iv == NULL) && (iv_len != 0)) {
- SECOID_DestroyAlgorithmID(&temp_algid, PR_FALSE);
- return CKR_HOST_MEMORY;
- }
- SECOID_DestroyAlgorithmID(&temp_algid, PR_FALSE);
- if(iv != NULL) {
- PORT_Memcpy((char *)pPBEparams->pInitVector,
- (char *)iv->data,
- iv->len);
- SECITEM_ZfreeItem(iv, PR_TRUE);
- }
- }
- }
-
- switch(pPBEMechanism->mechanism) {
- case CKM_PBE_MD2_DES_CBC:
- case CKM_PBE_MD5_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
- pCryptoMechanism->mechanism = CKM_DES_CBC;
- goto have_crypto_mechanism;
- case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
- case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
- case CKM_PBE_SHA1_DES3_EDE_CBC:
- case CKM_PBE_SHA1_DES2_EDE_CBC:
- pCryptoMechanism->mechanism = CKM_DES3_CBC;
-have_crypto_mechanism:
- pCryptoMechanism->pParameter = PORT_Alloc(iv_len);
- pCryptoMechanism->ulParameterLen = (CK_ULONG)iv_len;
- if(pCryptoMechanism->pParameter == NULL) {
- return CKR_HOST_MEMORY;
- }
- PORT_Memcpy((unsigned char *)(pCryptoMechanism->pParameter),
- (unsigned char *)(pPBEparams->pInitVector),
- iv_len);
- break;
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
- case CKM_PBE_SHA1_RC4_40:
- case CKM_PBE_SHA1_RC4_128:
- pCryptoMechanism->mechanism = CKM_RC4;
- pCryptoMechanism->ulParameterLen = 0;
- pCryptoMechanism->pParameter = CK_NULL_PTR;
- break;
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
- case CKM_PBE_SHA1_RC2_40_CBC:
- rc2_key_len = 40;
- goto have_key_len;
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
- rc2_key_len = 128;
-have_key_len:
- pCryptoMechanism->mechanism = CKM_RC2_CBC;
- pCryptoMechanism->ulParameterLen = (CK_ULONG)sizeof(CK_RC2_CBC_PARAMS);
- pCryptoMechanism->pParameter =
- (CK_RC2_CBC_PARAMS_PTR)PORT_ZAlloc(sizeof(CK_RC2_CBC_PARAMS));
- if(pCryptoMechanism->pParameter == NULL) {
- return CKR_HOST_MEMORY;
- }
- rc2_params = (CK_RC2_CBC_PARAMS_PTR)pCryptoMechanism->pParameter;
- PORT_Memcpy((unsigned char *)rc2_params->iv,
- (unsigned char *)pPBEparams->pInitVector,
- iv_len);
- rc2_params->ulEffectiveBits = rc2_key_len;
- break;
- default:
- return CKR_MECHANISM_INVALID;
- }
-
- return CKR_OK;
-}
diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c
deleted file mode 100644
index 709bf32c8..000000000
--- a/security/nss/lib/pk11wrap/pk11util.c
+++ /dev/null
@@ -1,518 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Initialize the PCKS 11 subsystem
- */
-#include "seccomon.h"
-#include "secmod.h"
-#include "prlock.h"
-#include "secmodi.h"
-#include "pk11func.h"
-
-/* these are for displaying error messages */
-
-static SECMODModuleList *modules = NULL;
-static SECMODModule *internalModule = NULL;
-static SECMODListLock *moduleLock = NULL;
-
-extern SECStatus
-PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry,
- PRBool add);
-
-
-extern int XP_SEC_MODULE_NO_LIB;
-
-extern PK11DefaultArrayEntry PK11_DefaultArray[];
-extern int num_pk11_default_mechanisms;
-
-void SECMOD_init(char *dbname) {
- SECMODModuleList *thisModule;
- int found=0;
- SECStatus rv = SECFailure;
-
-
- /* don't initialize twice */
- if (modules) return;
-
- PK11_InitSlotLists();
-
- SECMOD_InitDB(dbname);
-
- /*
- * read in the current modules from the database
- */
- modules = SECMOD_ReadPermDB();
-
- /* make sure that the internal module is loaded */
- for (thisModule = modules; thisModule ; thisModule = thisModule->next) {
- if (thisModule->module->internal) {
- found++;
- internalModule = SECMOD_ReferenceModule(thisModule->module);
- break;
- }
- }
-
- if (!found) {
- thisModule = modules;
- modules = SECMOD_NewModuleListElement();
- modules->module = SECMOD_NewInternal();
- PORT_Assert(modules->module != NULL);
- modules->next = thisModule;
- SECMOD_AddPermDB(modules->module);
- internalModule = SECMOD_ReferenceModule(modules->module);
- }
-
- /* load it first... we need it to verify the external modules
- * which we are loading.... */
- rv = SECMOD_LoadModule(internalModule);
- if( rv != SECSuccess )
- internalModule = NULL;
-
- /* Load each new module */
- for (thisModule = modules; thisModule ; thisModule = thisModule->next) {
- if( !( thisModule->module->internal ) )
- SECMOD_LoadModule(thisModule->module);
- }
-
- moduleLock = SECMOD_NewListLock();
-}
-
-/*
- * retrieve the internal module
- */
-SECMODModule *
-SECMOD_GetInternalModule(void) {
- return internalModule;
-}
-
-/* called from security/cmd/swfort/instinit, which doesn't need a full
- * security LIBRARY (it used the swfortezza code, but it does have to verify
- * cert chains against it's own list of certs. We need to initialize the
- * security code without any database.
- */
-void
-secmod_GetInternalModule( SECMODModule *mod) {
- internalModule = SECMOD_ReferenceModule(mod);
-}
-
-/*
- * get the list of PKCS11 modules that are available.
- */
-SECMODModuleList *SECMOD_GetDefaultModuleList() { return modules; }
-SECMODListLock *SECMOD_GetDefaultModuleListLock() { return moduleLock; }
-
-
-
-/*
- * find a module by name, and add a reference to it.
- * return that module.
- */
-SECMODModule *SECMOD_FindModule(char *name) {
- SECMODModuleList *mlp;
- SECMODModule *module = NULL;
-
- SECMOD_GetReadLock(moduleLock);
- for(mlp = modules; mlp != NULL; mlp = mlp->next) {
- if (PORT_Strcmp(name,mlp->module->commonName) == 0) {
- module = mlp->module;
- SECMOD_ReferenceModule(module);
- break;
- }
- }
- SECMOD_ReleaseReadLock(moduleLock);
-
- return module;
-}
-
-/*
- * find a module by ID, and add a reference to it.
- * return that module.
- */
-SECMODModule *SECMOD_FindModuleByID(SECMODModuleID id) {
- SECMODModuleList *mlp;
- SECMODModule *module = NULL;
-
- SECMOD_GetReadLock(moduleLock);
- for(mlp = modules; mlp != NULL; mlp = mlp->next) {
- if (id == mlp->module->moduleID) {
- module = mlp->module;
- SECMOD_ReferenceModule(module);
- break;
- }
- }
- SECMOD_ReleaseReadLock(moduleLock);
-
- return module;
-}
-
-/*
- * lookup the Slot module based on it's module ID and slot ID.
- */
-PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID moduleID,CK_SLOT_ID slotID) {
- int i;
- SECMODModule *module;
-
- module = SECMOD_FindModuleByID(moduleID);
- if (module == NULL) return NULL;
-
- for (i=0; i < module->slotCount; i++) {
- PK11SlotInfo *slot = module->slots[i];
-
- if (slot->slotID == slotID) {
- SECMOD_DestroyModule(module);
- return PK11_ReferenceSlot(slot);
- }
- }
- SECMOD_DestroyModule(module);
- return NULL;
-}
-
-
-/*
- * find a module by name and delete it of the module list
- */
-SECStatus
-SECMOD_DeleteModule(char *name, int *type) {
- SECMODModuleList *mlp;
- SECMODModuleList **mlpp;
- SECStatus rv = SECFailure;
-
-
- *type = SECMOD_EXTERNAL;
-
- SECMOD_GetWriteLock(moduleLock);
- for(mlpp = &modules,mlp = modules;
- mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
- if (PORT_Strcmp(name,mlp->module->commonName) == 0) {
- /* don't delete the internal module */
- if (!mlp->module->internal) {
- SECMOD_RemoveList(mlpp,mlp);
- /* delete it after we release the lock */
- rv = SECSuccess;
- } else if (mlp->module->isFIPS) {
- *type = SECMOD_FIPS;
- } else {
- *type = SECMOD_INTERNAL;
- }
- break;
- }
- }
- SECMOD_ReleaseWriteLock(moduleLock);
-
-
- if (rv == SECSuccess) {
- SECMOD_DeletePermDB(mlp->module);
- SECMOD_DestroyModuleListElement(mlp);
- }
- return rv;
-}
-
-/*
- * find a module by name and delete it of the module list
- */
-SECStatus
-SECMOD_DeleteInternalModule(char *name) {
- SECMODModuleList *mlp;
- SECMODModuleList **mlpp;
- SECStatus rv = SECFailure;
-
- SECMOD_GetWriteLock(moduleLock);
- for(mlpp = &modules,mlp = modules;
- mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
- if (PORT_Strcmp(name,mlp->module->commonName) == 0) {
- /* don't delete the internal module */
- if (mlp->module->internal) {
- rv = SECSuccess;
- SECMOD_RemoveList(mlpp,mlp);
- }
- break;
- }
- }
- SECMOD_ReleaseWriteLock(moduleLock);
-
- if (rv == SECSuccess) {
- SECMODModule *newModule,*oldModule;
-
- if (mlp->module->isFIPS) {
- newModule = SECMOD_NewInternal();
- } else {
- newModule = SECMOD_GetFIPSInternal();
- }
- if (newModule == NULL) {
- SECMODModuleList *last,*mlp2;
- /* we're in pretty deep trouble if this happens...Security
- * not going to work well... try to put the old module back on
- * the list */
- SECMOD_GetWriteLock(moduleLock);
- for(mlp2 = modules; mlp2 != NULL; mlp2 = mlp->next) {
- last = mlp2;
- }
-
- if (last == NULL) {
- modules = mlp;
- } else {
- SECMOD_AddList(last,mlp,NULL);
- }
- SECMOD_ReleaseWriteLock(moduleLock);
- return SECFailure;
- }
- oldModule = internalModule;
- internalModule = SECMOD_ReferenceModule(newModule);
- SECMOD_AddModule(internalModule);
- SECMOD_DestroyModule(oldModule);
- SECMOD_DeletePermDB(mlp->module);
- SECMOD_DestroyModuleListElement(mlp);
- }
- return rv;
-}
-
-SECStatus
-SECMOD_AddModule(SECMODModule *newModule) {
- SECStatus rv;
- SECMODModuleList *mlp, *newListElement, *last = NULL;
-
- /* Test if a module w/ the same name already exists */
- /* and return SECWouldBlock if so. */
- /* We should probably add a new return value such as */
- /* SECDublicateModule, but to minimize ripples, I'll */
- /* give SECWouldBlock a new meaning */
- if (SECMOD_FindModule(newModule->commonName)) {
- return SECWouldBlock;
- /* module already exists. */
- }
-
- rv = SECMOD_LoadModule(newModule);
- if (rv != SECSuccess) {
- return rv;
- }
-
- newListElement = SECMOD_NewModuleListElement();
- if (newListElement == NULL) {
- return SECFailure;
- }
-
- SECMOD_AddPermDB(newModule);
-
- newListElement->module = newModule;
-
- SECMOD_GetWriteLock(moduleLock);
- /* Added it to the end (This is very inefficient, but Adding a module
- * on the fly should happen maybe 2-3 times through the life this program
- * on a given computer, and this list should be *SHORT*. */
- for(mlp = modules; mlp != NULL; mlp = mlp->next) {
- last = mlp;
- }
-
- if (last == NULL) {
- modules = newListElement;
- } else {
- SECMOD_AddList(last,newListElement,NULL);
- }
- SECMOD_ReleaseWriteLock(moduleLock);
- return SECSuccess;
-}
-
-PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,char *name) {
- int i;
- char *string;
-
- for (i=0; i < module->slotCount; i++) {
- PK11SlotInfo *slot = module->slots[i];
-
- if (PK11_IsPresent(slot)) {
- string = PK11_GetTokenName(slot);
- } else {
- string = PK11_GetSlotName(slot);
- }
- if (PORT_Strcmp(name,string) == 0) {
- return PK11_ReferenceSlot(slot);
- }
- }
- return NULL;
-}
-
-SECStatus
-PK11_GetModInfo(SECMODModule *mod,CK_INFO *info) {
- CK_RV crv;
-
- if (mod->functionList == NULL) return SECFailure;
- crv = PK11_GETTAB(mod)->C_GetInfo(info);
- return (crv == CKR_OK) ? SECSuccess : SECFailure;
-}
-
-/* Determine if we have the FIP's module loaded as the default
- * module to trigger other bogus FIPS requirements in PKCS #12 and
- * SSL
- */
-PRBool
-PK11_IsFIPS(void)
-{
- SECMODModule *mod = SECMOD_GetInternalModule();
-
- if (mod && mod->internal) {
- return mod->isFIPS;
- }
-
- return PR_FALSE;
-}
-
-/* combines NewModule() & AddModule */
-/* give a string for the module name & the full-path for the dll, */
-/* installs the PKCS11 module & update registry */
-SECStatus SECMOD_AddNewModule(char* moduleName, char* dllPath,
- unsigned long defaultMechanismFlags,
- unsigned long cipherEnableFlags) {
- SECMODModule *module;
- SECStatus result;
- int s,i;
- PK11SlotInfo* slot;
-
- module = SECMOD_NewModule();
-
- if (moduleName) {
- module->commonName=PORT_ArenaStrdup(module->arena,moduleName);
- } else {
- module->commonName=NULL;
- }
-
- if (dllPath) {
- module->dllName=PORT_ArenaStrdup(module->arena,dllPath);
- } else {
- module->dllName=NULL;
- }
-
- if (module->dllName != NULL) {
- if (module->dllName[0] != 0) {
- SECStatus rv = SECMOD_AddModule(module);
- if (rv != SECSuccess) {
- /* SECFailure: failed to add module, corrupt or missing module etc. */
- /* SECBlock: a module with the same name already exists */
- return rv;
- } else { /* successfully added module */
- /* turn on SSL cipher enable flags */
- module->ssl[0] = cipherEnableFlags;
-
- /* check each slot to turn on appropriate mechanisms */
- for (s = 0; s < module->slotCount; s++) {
- slot = (module->slots)[s];
- /* for each possible mechanism */
- for (i=0; i < num_pk11_default_mechanisms; i++) {
- /* we are told to turn it on by default ? */
- if (PK11_DefaultArray[i].flag & defaultMechanismFlags) {
- /* it ignores if slot attribute update failes */
- result = PK11_UpdateSlotAttribute(slot, &(PK11_DefaultArray[i]), PR_TRUE);
- } else { /* turn this mechanism of the slot off by default */
- result = PK11_UpdateSlotAttribute(slot, &(PK11_DefaultArray[i]), PR_FALSE);
- }
- } /* for each mechanism */
- /* disable each slot if the defaultFlags say so */
- if (defaultMechanismFlags & PK11_DISABLE_FLAG) {
- PK11_UserDisableSlot(slot);
- }
- } /* for each slot of this module */
-
- /* delete and re-add module in order to save changes to the module */
- result = SECMOD_DeletePermDB(module);
-
- if (result == SECSuccess) {
- result = SECMOD_AddPermDB(module);
- if (result == SECSuccess) {
- return SECSuccess;
- }
- }
-
- }
- }
- }
- SECMOD_DestroyModule(module);
- return SECFailure;
-}
-
-/* Public & Internal(Security Library) representation of
- * encryption mechanism flags conversion */
-
-/* Currently, the only difference is that internal representation
- * puts RANDOM_FLAG at bit 31 (Most-significant bit), but
- * public representation puts this bit at bit 28
- */
-unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags) {
- unsigned long internalFlags = publicFlags;
-
- if (publicFlags & PUBLIC_MECH_RANDOM_FLAG) {
- internalFlags &= ~PUBLIC_MECH_RANDOM_FLAG;
- internalFlags |= SECMOD_RANDOM_FLAG;
- }
- return internalFlags;
-}
-
-unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags) {
- unsigned long publicFlags = internalFlags;
-
- if (internalFlags & SECMOD_RANDOM_FLAG) {
- publicFlags &= ~SECMOD_RANDOM_FLAG;
- publicFlags |= PUBLIC_MECH_RANDOM_FLAG;
- }
- return publicFlags;
-}
-
-
-/* Public & Internal(Security Library) representation of */
-/* cipher flags conversion */
-/* Note: currently they are just stubs */
-unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags) {
- return publicFlags;
-}
-
-unsigned long SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags) {
- return internalFlags;
-}
-
-/* Funtion reports true if module of modType is installed/configured */
-PRBool
-SECMOD_IsModulePresent( unsigned long int pubCipherEnableFlags )
-{
- PRBool result = PR_FALSE;
- SECMODModuleList *mods = SECMOD_GetDefaultModuleList();
- SECMODListLock *modsLock = SECMOD_GetDefaultModuleListLock();
- SECMOD_GetReadLock(moduleLock);
-
-
- for ( ; mods != NULL; mods = mods->next) {
- if (mods->module->ssl[0] & SECMOD_PubCipherFlagstoInternal(pubCipherEnableFlags)) {
- result = PR_TRUE;
- }
- }
-
- SECMOD_ReleaseReadLock(moduleLock);
- return result;
-}
diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h
deleted file mode 100644
index f93279536..000000000
--- a/security/nss/lib/pk11wrap/secmod.h
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * Definition of Security Module Data Structure. There is a separate data
- * structure for each loaded PKCS #11 module.
- */
-#ifndef _SECMOD_H_
-#define _SEDMOD_H_
-#include "seccomon.h"
-#include "secmodt.h"
-
-#define PKCS11_USE_THREADS
-
-/* These mechanisms flags are visible to all other libraries. */
-/* They must be converted to internal SECMOD_*_FLAG */
-/* if used inside the functions of the security library */
-#define PUBLIC_MECH_RSA_FLAG 0x00000001ul
-#define PUBLIC_MECH_DSA_FLAG 0x00000002ul
-#define PUBLIC_MECH_RC2_FLAG 0x00000004ul
-#define PUBLIC_MECH_RC4_FLAG 0x00000008ul
-#define PUBLIC_MECH_DES_FLAG 0x00000010ul
-#define PUBLIC_MECH_DH_FLAG 0x00000020ul
-#define PUBLIC_MECH_FORTEZZA_FLAG 0x00000040ul
-#define PUBLIC_MECH_RC5_FLAG 0x00000080ul
-#define PUBLIC_MECH_SHA1_FLAG 0x00000100ul
-#define PUBLIC_MECH_MD5_FLAG 0x00000200ul
-#define PUBLIC_MECH_MD2_FLAG 0x00000400ul
-#define PUBLIC_MECH_SSL_FLAG 0x00000800ul
-#define PUBLIC_MECH_TLS_FLAG 0x00001000ul
-
-#define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul
-#define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul
-#define PUBLIC_OWN_PW_DEFAULTS 0X20000000ul
-#define PUBLIC_DISABLE_FLAG 0x40000000ul
-
-/* warning: reserved means reserved */
-#define PUBLIC_MECH_RESERVED_FLAGS 0x87FFE000ul
-
-/* These cipher flags are visible to all other libraries, */
-/* But they must be converted before used in functions */
-/* withing the security module */
-#define PUBLIC_CIPHER_FORTEZZA_FLAG 0x00000001ul
-
-/* warning: reserved means reserved */
-#define PUBLIC_CIPHER_RESERVED_FLAGS 0xFFFFFFFEul
-
-SEC_BEGIN_PROTOS
-
-/* protoypes */
-extern void SECMOD_init(char *dbname);
-extern SECMODModuleList *SECMOD_GetDefaultModuleList(void);
-extern SECMODListLock *SECMOD_GetDefaultModuleListLock(void);
-
-/* lock management */
-extern SECMODListLock *SECMOD_NewListLock(void);
-extern void SECMOD_DestroyListLock(SECMODListLock *);
-extern void SECMOD_GetReadLock(SECMODListLock *);
-extern void SECMOD_ReleaseReadLock(SECMODListLock *);
-extern void SECMOD_GetWriteLock(SECMODListLock *);
-extern void SECMOD_ReleaseWriteLock(SECMODListLock *);
-
-/* list managment */
-extern void SECMOD_RemoveList(SECMODModuleList **,SECMODModuleList *);
-extern void SECMOD_AddList(SECMODModuleList *,SECMODModuleList *,SECMODListLock *);
-
-/* Operate on modules by name */
-extern SECMODModule *SECMOD_FindModule(char *name);
-extern SECMODModule *SECMOD_FindModuleByID(SECMODModuleID);
-extern SECStatus SECMOD_DeleteModule(char *name, int *type);
-extern SECStatus SECMOD_DeleteInternalModule(char *name);
-extern SECStatus SECMOD_AddNewModule(char* moduleName, char* dllPath,
- unsigned long defaultMechanismFlags,
- unsigned long cipherEnableFlags);
-/* database/memory management */
-extern SECMODModule *SECMOD_NewModule(void);
-extern SECMODModuleList *SECMOD_NewModuleListElement(void);
-extern SECMODModule *SECMOD_GetInternalModule(void);
-extern SECMODModule *SECMOD_GetFIPSInternal(void);
-extern SECMODModule *SECMOD_ReferenceModule(SECMODModule *module);
-extern void SECMOD_DestroyModule(SECMODModule *module);
-extern SECMODModuleList *SECMOD_DestroyModuleListElement(SECMODModuleList *);
-extern void SECMOD_DestroyModuleList(SECMODModuleList *);
-extern SECMODModule *SECMOD_DupModule(SECMODModule *old);
-extern SECStatus SECMOD_AddModule(SECMODModule *newModule);
-extern PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,char *name);
-extern PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID module,
- unsigned long slotID);
-SECStatus SECMOD_DeletePermDB(SECMODModule *);
-SECStatus SECMOD_AddPermDB(SECMODModule *);
-
-/* Funtion reports true if at least one of the modules */
-/* of modType has been installed */
-PRBool SECMOD_IsModulePresent( unsigned long int pubCipherEnableFlags );
-
-/* Functions used to convert between internal & public representation
- * of Mechanism Flags and Cipher Enable Flags */
-extern unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags);
-extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags);
-
-extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags);
-extern unsigned long SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags);
-
-SEC_END_PROTOS
-
-#endif
diff --git a/security/nss/lib/pk11wrap/secmodi.h b/security/nss/lib/pk11wrap/secmodi.h
deleted file mode 100644
index e2ea081d2..000000000
--- a/security/nss/lib/pk11wrap/secmodi.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Internal header file included only by files in pkcs11 dir, or in
- * pkcs11 specific client and server files.
- */
-#ifndef _SECMODI_H_
-#define _SECMODI_H_ 1
-#include "pkcs11.h"
-#include "prlock.h"
-#include "mcom_db.h"
-#include "secoidt.h"
-#include "secdert.h"
-#include "certt.h"
-#include "secmodti.h"
-
-#ifdef PKCS11_USE_THREADS
-#define PK11_USE_THREADS(x) x
-#else
-#define PK11_USE_THREADS(x)
-#endif
-
-SEC_BEGIN_PROTOS
-
-/* proto-types */
-SECMODModule * SECMOD_NewModule(void); /* create a new module */
-SECMODModule * SECMOD_NewInternal(void); /* create an internal module */
-
-/* Data base functions */
-void SECMOD_InitDB(char *);
-SECMODModuleList * SECMOD_ReadPermDB(void);
-
-/*void SECMOD_ReferenceModule(SECMODModule *); */
-
-/* Library functions */
-SECStatus SECMOD_LoadModule(SECMODModule *);
-SECStatus SECMOD_UnloadModule(SECMODModule *);
-
-void SECMOD_SlotDestroyModule(SECMODModule *module, PRBool fromSlot);
-CK_RV pk11_notify(CK_SESSION_HANDLE session, CK_NOTIFICATION event,
- CK_VOID_PTR pdata);
-void pk11_SignedToUnsigned(CK_ATTRIBUTE *attrib);
-CK_OBJECT_HANDLE pk11_FindObjectByTemplate(PK11SlotInfo *slot,
- CK_ATTRIBUTE *inTemplate,int tsize);
-SEC_END_PROTOS
-
-#define PK11_GETTAB(x) ((CK_FUNCTION_LIST_PTR)((x)->functionList))
-#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
- (x)->pValue=(v); (x)->ulValueLen = (l);
-#endif
-
diff --git a/security/nss/lib/pk11wrap/secmodt.h b/security/nss/lib/pk11wrap/secmodt.h
deleted file mode 100644
index fde43bbb0..000000000
--- a/security/nss/lib/pk11wrap/secmodt.h
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * Definition of Security Module Data Structure. There is a separate data
- * structure for each loaded PKCS #11 module.
- */
-#ifndef _SECMODT_H_
-#define _SECMODT_H_ 1
-
-/* PKCS11 needs to be included */
-typedef struct SECMODModuleStr SECMODModule;
-typedef struct SECMODModuleListStr SECMODModuleList;
-typedef struct SECMODListLockStr SECMODListLock; /* defined in secmodi.h */
-typedef struct PK11SlotInfoStr PK11SlotInfo; /* defined in secmodti.h */
-typedef struct PK11PreSlotInfoStr PK11PreSlotInfo; /* defined in secmodti.h */
-typedef struct PK11SymKeyStr PK11SymKey; /* defined in secmodti.h */
-typedef struct PK11ContextStr PK11Context; /* defined in secmodti.h */
-typedef struct PK11SlotListStr PK11SlotList;
-typedef struct PK11SlotListElementStr PK11SlotListElement;
-typedef struct PK11RSAGenParamsStr PK11RSAGenParams;
-typedef unsigned long SECMODModuleID;
-typedef struct PK11DefaultArrayEntryStr PK11DefaultArrayEntry;
-
-struct SECMODModuleStr {
- PRArenaPool *arena;
- PRBool internal; /* true of internally linked modules, false
- * for the loaded modules */
- PRBool loaded; /* Set to true if module has been loaded */
- PRBool isFIPS; /* Set to true if module is finst internal */
- char *dllName; /* name of the shared library which implements
- * this module */
- char *commonName; /* name of the module to display to the user */
- void *library; /* pointer to the library. opaque. used only by
- * pk11load.c */
- void *functionList; /* The PKCS #11 function table */
- void *refLock; /* only used pk11db.c */
- int refCount; /* Module reference count */
- PK11SlotInfo **slots; /* array of slot points attatched to this mod*/
- int slotCount; /* count of slot in above array */
- PK11PreSlotInfo *slotInfo; /* special info about slots default settings */
- int slotInfoCount; /* count */
- SECMODModuleID moduleID; /* ID so we can find this module again */
- PRBool isThreadSafe;
- unsigned long ssl[2]; /* SSL cipher enable flags */
-};
-
-struct SECMODModuleListStr {
- SECMODModuleList *next;
- SECMODModule *module;
-};
-
-struct PK11SlotListStr {
- PK11SlotListElement *head;
- PK11SlotListElement *tail;
- void *lock;
-};
-
-struct PK11SlotListElementStr {
- PK11SlotListElement *next;
- PK11SlotListElement *prev;
- PK11SlotInfo *slot;
- int refCount;
-};
-
-struct PK11RSAGenParamsStr {
- int keySizeInBits;
- unsigned long pe;
-};
-
-/*
- * Entry into the Array which lists all the legal bits for the default flags
- * in the slot, their definition, and the PKCS #11 mechanism the represent
- * Always Statically allocated.
- */
-struct PK11DefaultArrayEntryStr {
- char *name;
- unsigned long flag;
- unsigned long mechanism; /* this is a long so we don't include the
- * whole pkcs 11 world to use this header */
-};
-
-
-#define SECMOD_RSA_FLAG 0x00000001L
-#define SECMOD_DSA_FLAG 0x00000002L
-#define SECMOD_RC2_FLAG 0x00000004L
-#define SECMOD_RC4_FLAG 0x00000008L
-#define SECMOD_DES_FLAG 0x00000010L
-#define SECMOD_DH_FLAG 0x00000020L
-#define SECMOD_FORTEZZA_FLAG 0x00000040L
-#define SECMOD_RC5_FLAG 0x00000080L
-#define SECMOD_SHA1_FLAG 0x00000100L
-#define SECMOD_MD5_FLAG 0x00000200L
-#define SECMOD_MD2_FLAG 0x00000400L
-#define SECMOD_SSL_FLAG 0x00000800L
-#define SECMOD_TLS_FLAG 0x00001000L
-/* reserved bit for future, do not use */
-#define SECMOD_RESERVED_FLAG 0X08000000L
-#define SECMOD_FRIENDLY_FLAG 0x10000000L
-#define SECMOD_RANDOM_FLAG 0x80000000L
-
-/* need to make SECMOD and PK11 prefixes consistant. */
-#define PK11_OWN_PW_DEFAULTS 0x20000000L
-#define PK11_DISABLE_FLAG 0x40000000L
-
-/* FAKE PKCS #11 defines */
-#define CKM_FAKE_RANDOM 0x80000efeL
-#define CKM_INVALID_MECHANISM 0xffffffffL
-#define CKA_DIGEST 0x81000000L
-#define CK_INVALID_KEY 0
-#define CK_INVALID_SESSION 0
-
-/* Cryptographic module types */
-#define SECMOD_EXTERNAL 0 /* external module */
-#define SECMOD_INTERNAL 1 /* internal default module */
-#define SECMOD_FIPS 2 /* internal fips module */
-
-/*
- * What is the origin of a given Key. Normally this doesn't matter, but
- * the fortezza code needs to know if it needs to invoke the SSL3 fortezza
- * hack.
- */
-typedef enum {
- PK11_OriginNULL, /* There is not key, it's a null SymKey */
- PK11_OriginDerive, /* Key was derived from some other key */
- PK11_OriginGenerated, /* Key was generated (also PBE keys) */
- PK11_OriginFortezzaHack,/* Key was marked for fortezza hack */
- PK11_OriginUnwrap /* Key was unwrapped or decrypted */
-} PK11Origin;
-
-/* PKCS #11 disable reasons */
-typedef enum {
- PK11_DIS_NONE = 0,
- PK11_DIS_USER_SELECTED,
- PK11_DIS_COULD_NOT_INIT_TOKEN,
- PK11_DIS_TOKEN_VERIFY_FAILED,
- PK11_DIS_TOKEN_NOT_PRESENT
-} PK11DisableReasons;
-
-/* function pointer type for password callback function.
- * This type is passed in to PK11_SetPasswordFunc()
- */
-typedef char *(*PK11PasswordFunc)(PK11SlotInfo *slot, PRBool retry, void *arg);
-typedef PRBool (*PK11VerifyPasswordFunc)(PK11SlotInfo *slot, void *arg);
-typedef PRBool (*PK11IsLoggedInFunc)(PK11SlotInfo *slot, void *arg);
-
-#endif /*_SECMODT_H_ */
diff --git a/security/nss/lib/pk11wrap/secmodti.h b/security/nss/lib/pk11wrap/secmodti.h
deleted file mode 100644
index d97059a9b..000000000
--- a/security/nss/lib/pk11wrap/secmodti.h
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Internal header file included only by files in pkcs11 dir, or in
- * pkcs11 specific client and server files.
- */
-
-#include "prmon.h"
-#include "prtypes.h"
-
-/* internal data structures */
-
-/* structure to allow us to implement the read/write locks for our
- * module lists */
-struct SECMODListLockStr {
- PRLock *mutex; /*general mutex to protect this data structure*/
- PRMonitor *monitor; /* monitor to allow us to signal */
- int state; /* read/write/waiting state */
- int count; /* how many waiters on this lock */
-};
-
-/* represent a pkcs#11 slot reference counted. */
-struct PK11SlotInfoStr {
- /* the PKCS11 function list for this slot */
- void *functionList;
- SECMODModule *module; /* our parent module */
- /* Boolean to indicate the current state of this slot */
- PRBool needTest; /* Has this slot been tested for Export complience */
- PRBool isPerm; /* is this slot a permanment device */
- PRBool isHW; /* is this slot a hardware device */
- PRBool isInternal; /* is this slot one of our internal PKCS #11 devices */
- PRBool disabled; /* is this slot disabled... */
- PK11DisableReasons reason; /* Why this slot is disabled */
- PRBool readOnly; /* is the token in this slot read-only */
- PRBool needLogin; /* does the token of the type that needs
- * authentication (still true even if token is logged
- * in) */
- PRBool hasRandom; /* can this token generated random numbers */
- PRBool defRWSession; /* is the default session RW (we open our default
- * session rw if the token can only handle one session
- * at a time. */
- PRBool isThreadSafe; /* copied from the module */
- /* The actual flags (many of which are distilled into the above PRBools) */
- CK_FLAGS flags; /* flags from PKCS #11 token Info */
- /* a default session handle to do quick and dirty functions */
- CK_SESSION_HANDLE session;
- PRLock *sessionLock; /* lock for this session */
- /* our ID */
- CK_SLOT_ID slotID;
- /* persistant flags saved from startup to startup */
- unsigned long defaultFlags;
- /* keep track of who is using us so we don't accidently get freed while
- * still in use */
- int refCount;
- PRLock *refLock;
- PRLock *freeListLock;
- PK11SymKey *freeSymKeysHead;
- int keyCount;
- int maxKeyCount;
- /* Password control functions for this slot. many of these are only
- * active if the appropriate flag is on in defaultFlags */
- int askpw; /* what our password options are */
- int timeout; /* If we're ask_timeout, what is our timeout time is
- * seconds */
- int authTransact; /* allow multiple authentications off one password if
- * they are all part of the same transaction */
- int64 authTime; /* when were we last authenticated */
- int minPassword; /* smallest legal password */
- int maxPassword; /* largest legal password */
- uint16 series; /* break up the slot info into various groups of
- * inserted tokens so that keys and certs can be
- * invalidated */
- uint16 wrapKey; /* current wrapping key for SSL master secrets */
- CK_MECHANISM_TYPE wrapMechanism;
- /* current wrapping mechanism for current wrapKey */
- CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */
- CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this
- * token */
- int mechanismCount;
- /* cache the certificates stored on the token of this slot */
- CERTCertificate **cert_array;
- int array_size;
- int cert_count;
- char serial[16];
- /* since these are odd sizes, keep them last. They are odd sizes to
- * allow them to become null terminated strings */
- char slot_name[65];
- char token_name[33];
- PRBool hasRSAInfo;
- CK_FLAGS RSAInfoFlags;
-};
-
-/* hold slot default flags until we initialize a slot. This structure is only
- * useful between the time we define a module (either by hand or from the
- * database) and the time the module is loaded. Not reference counted */
-struct PK11PreSlotInfoStr {
- CK_SLOT_ID slotID; /* slot these flags are for */
- unsigned long defaultFlags; /* bit mask of default implementation this slot
- * provides */
- int askpw; /* slot specific password bits */
- long timeout; /* slot specific timeout value */
-};
-
-/* Symetric Key structure. Reference Counted */
-struct PK11SymKeyStr {
- CK_MECHANISM_TYPE type; /* type of operation this key was created for*/
- CK_OBJECT_HANDLE objectID; /* object id of this key in the slot */
- PK11SlotInfo *slot; /* Slot this key is loaded into */
- void *cx; /* window context in case we need to loggin */
- PK11SymKey *next;
- PRBool owner;
- SECItem data; /* raw key data if available */
- CK_SESSION_HANDLE session;
- PRBool sessionOwner;
- int refCount; /* number of references to this key */
- PRLock *refLock;
- int size; /* key size in bytes */
- PK11Origin origin; /* where this key came from
- (see def in secmodt.h) */
- uint16 series; /* break up the slot info into various groups of
- * inserted tokens so that keys and certs can be
- * invalidated */
-};
-
-
-/*
- * hold a hash, encryption or signing context for multi-part operations.
- * hold enough information so that multiple contexts can be interleaved
- * if necessary. ... Not RefCounted.
- */
-struct PK11ContextStr {
- CK_ATTRIBUTE_TYPE operation; /* type of operation this context is doing
- * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */
- PK11SymKey *key; /* symetric key used in this context */
- PK11SlotInfo *slot; /* slot this context is operationing on */
- CK_SESSION_HANDLE session; /* session this context is using */
- PRLock *sessionLock; /* lock before accessing a PKCS #11
- * session */
- PRBool ownSession;/* do we own the session? */
- void *cx; /* window context in case we need to loggin*/
- void *savedData;/* save data when we are multiplexing on a
- * single context */
- unsigned long savedLength; /* length of the saved context */
- SECItem *param; /* mechanism parameters used to build this
- context */
- PRBool init; /* has this contexted been initialized */
- CK_MECHANISM_TYPE type; /* what is the PKCS #11 this context is
- * representing (usually what algorithm is
- * being used (CKM_RSA_PKCS, CKM_DES,
- * CKM_SHA, etc.*/
- PRBool fortezzaHack; /*Fortezza SSL has some special
- * non-standard semantics*/
-};
-
diff --git a/security/nss/lib/pkcs12/Makefile b/security/nss/lib/pkcs12/Makefile
deleted file mode 100644
index 5742208b5..000000000
--- a/security/nss/lib/pkcs12/Makefile
+++ /dev/null
@@ -1,77 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
diff --git a/security/nss/lib/pkcs12/config.mk b/security/nss/lib/pkcs12/config.mk
deleted file mode 100644
index 1684cf3fa..000000000
--- a/security/nss/lib/pkcs12/config.mk
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/pkcs12/manifest.mn b/security/nss/lib/pkcs12/manifest.mn
deleted file mode 100644
index c8b4981d3..000000000
--- a/security/nss/lib/pkcs12/manifest.mn
+++ /dev/null
@@ -1,58 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-EXPORTS = \
- pkcs12t.h \
- pkcs12.h \
- p12plcy.h \
- p12.h \
- p12t.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- p12local.c \
- p12creat.c \
- p12dec.c \
- p12plcy.c \
- p12tmpl.c \
- p12e.c \
- p12d.c \
- $(NULL)
-
-REQUIRES = security dbm
-
-LIBRARY_NAME = pkcs12
diff --git a/security/nss/lib/pkcs12/p12.h b/security/nss/lib/pkcs12/p12.h
deleted file mode 100644
index eac067c93..000000000
--- a/security/nss/lib/pkcs12/p12.h
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#ifndef _P12_H_
-#define _P12_H_
-
-#include "secoid.h"
-#include "key.h"
-#include "secpkcs7.h"
-#include "p12t.h"
-
-typedef int (* PKCS12OpenFunction)(void *arg);
-typedef int (* PKCS12ReadFunction)(void *arg, unsigned char *buffer,
- unsigned int *lenRead, unsigned int maxLen);
-typedef int (* PKCS12WriteFunction)(void *arg, unsigned char *buffer,
- unsigned int *bufLen, unsigned int *lenWritten);
-typedef int (* PKCS12CloseFunction)(void *arg);
-typedef SECStatus (* PKCS12UnicodeConvertFunction)(PRArenaPool *arena,
- SECItem *dest, SECItem *src,
- PRBool toUnicode,
- PRBool swapBytes);
-typedef void (* SEC_PKCS12EncoderOutputCallback)(void *arg, const char *buf,
- unsigned long len);
-typedef void (* SEC_PKCS12DecoderOutputCallback)(void *arg, const char *buf,
- unsigned long len);
-typedef SECItem * (* SEC_PKCS12NicknameCollisionCallback)(SECItem *old_nickname,
- PRBool *cancel,
- void *arg);
-
-
-
-
-typedef SECStatus (*digestOpenFn)(void *arg, PRBool readData);
-typedef SECStatus (*digestCloseFn)(void *arg, PRBool removeFile);
-typedef int (*digestIOFn)(void *arg, unsigned char *buf,
- unsigned long len);
-
-typedef struct SEC_PKCS12ExportContextStr SEC_PKCS12ExportContext;
-typedef struct SEC_PKCS12SafeInfoStr SEC_PKCS12SafeInfo;
-typedef struct SEC_PKCS12DecoderContextStr SEC_PKCS12DecoderContext;
-
-struct sec_PKCS12PasswordModeInfo {
- SECItem *password;
- SECOidTag algorithm;
-};
-
-struct sec_PKCS12PublicKeyModeInfo {
- CERTCertificate *cert;
- CERTCertDBHandle *certDb;
- SECOidTag algorithm;
- int keySize;
-};
-
-SEC_PKCS12SafeInfo *
-SEC_PKCS12CreatePubKeyEncryptedSafe(SEC_PKCS12ExportContext *p12ctxt,
- CERTCertDBHandle *certDb,
- CERTCertificate *signer,
- CERTCertificate **recipients,
- SECOidTag algorithm, int keysize);
-
-extern SEC_PKCS12SafeInfo *
-SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt,
- SECItem *pwitem, SECOidTag privAlg);
-
-extern SEC_PKCS12SafeInfo *
-SEC_PKCS12CreateUnencryptedSafe(SEC_PKCS12ExportContext *p12ctxt);
-
-extern SECStatus
-SEC_PKCS12AddPasswordIntegrity(SEC_PKCS12ExportContext *p12ctxt,
- SECItem *pwitem, SECOidTag integAlg);
-extern SECStatus
-SEC_PKCS12AddPublicKeyIntegrity(SEC_PKCS12ExportContext *p12ctxt,
- CERTCertificate *cert, CERTCertDBHandle *certDb,
- SECOidTag algorithm, int keySize);
-
-extern SEC_PKCS12ExportContext *
-SEC_PKCS12CreateExportContext(SECKEYGetPasswordKey pwfn, void *pwfnarg,
- PK11SlotInfo *slot, void *wincx);
-
-extern SECStatus
-SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt,
- SEC_PKCS12SafeInfo *safe, void *nestedDest,
- CERTCertificate *cert, CERTCertDBHandle *certDb,
- SECItem *keyId, PRBool includeCertChain);
-
-extern SECStatus
-SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt,
- SEC_PKCS12SafeInfo *safe,
- void *nestedDest, CERTCertificate *cert,
- PRBool shroudKey, SECOidTag algorithm, SECItem *pwitem,
- SECItem *keyId, SECItem *nickName);
-
-extern SECStatus
-SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt,
- void *certSafe, void *certNestedDest,
- CERTCertificate *cert, CERTCertDBHandle *certDb,
- void *keySafe, void *keyNestedDest,
- PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm);
-
-extern SECStatus
-SEC_PKCS12AddDERCertAndEncryptedKey(SEC_PKCS12ExportContext *p12ctxt,
- void *certSafe, void *certNestedDest, SECItem *derCert,
- void *keySafe, void *keyNestedDest,
- SECKEYEncryptedPrivateKeyInfo *epki, char *nickname);
-
-extern void *
-SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt,
- void *baseSafe, void *nestedDest);
-
-extern SECStatus
-SEC_PKCS12Encode(SEC_PKCS12ExportContext *p12exp,
- SEC_PKCS12EncoderOutputCallback output, void *outputarg);
-
-extern void
-SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12exp);
-
-extern SEC_PKCS12DecoderContext *
-SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx,
- digestOpenFn dOpen, digestCloseFn dClose,
- digestIOFn dRead, digestIOFn dWrite, void *dArg);
-
-extern SECStatus
-SEC_PKCS12DecoderUpdate(SEC_PKCS12DecoderContext *p12dcx, unsigned char *data,
- unsigned long len);
-
-extern void
-SEC_PKCS12DecoderFinish(SEC_PKCS12DecoderContext *p12dcx);
-
-extern SECStatus
-SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx);
-
-extern SECStatus
-SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx,
- SEC_PKCS12NicknameCollisionCallback nicknameCb);
-
-extern SECStatus
-SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx);
-
-CERTCertList *
-SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx);
-
-#endif
diff --git a/security/nss/lib/pkcs12/p12creat.c b/security/nss/lib/pkcs12/p12creat.c
deleted file mode 100644
index 65678b299..000000000
--- a/security/nss/lib/pkcs12/p12creat.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "pkcs12.h"
-#include "secitem.h"
-#include "secport.h"
-#include "secder.h"
-#include "secoid.h"
-#include "p12local.h"
-#include "secerr.h"
-
-
-/* allocate space for a PFX structure and set up initial
- * arena pool. pfx structure is cleared and a pointer to
- * the new structure is returned.
- */
-SEC_PKCS12PFXItem *
-sec_pkcs12_new_pfx(void)
-{
- SEC_PKCS12PFXItem *pfx = NULL;
- PRArenaPool *poolp = NULL;
-
- poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); /* XXX Different size? */
- if(poolp == NULL)
- goto loser;
-
- pfx = (SEC_PKCS12PFXItem *)PORT_ArenaZAlloc(poolp,
- sizeof(SEC_PKCS12PFXItem));
- if(pfx == NULL)
- goto loser;
- pfx->poolp = poolp;
-
- return pfx;
-
-loser:
- PORT_FreeArena(poolp, PR_TRUE);
- return NULL;
-}
-
-/* allocate space for a PFX structure and set up initial
- * arena pool. pfx structure is cleared and a pointer to
- * the new structure is returned.
- */
-SEC_PKCS12AuthenticatedSafe *
-sec_pkcs12_new_asafe(PRArenaPool *poolp)
-{
- SEC_PKCS12AuthenticatedSafe *asafe = NULL;
- void *mark;
-
- mark = PORT_ArenaMark(poolp);
- asafe = (SEC_PKCS12AuthenticatedSafe *)PORT_ArenaZAlloc(poolp,
- sizeof(SEC_PKCS12AuthenticatedSafe));
- if(asafe == NULL)
- goto loser;
- asafe->poolp = poolp;
- PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS7ContentInfo));
-
- PORT_ArenaUnmark(poolp, mark);
- return asafe;
-
-loser:
- PORT_ArenaRelease(poolp, mark);
- return NULL;
-}
-
-/* create a safe contents structure with a list of
- * length 0 with the first element being NULL
- */
-SEC_PKCS12SafeContents *
-sec_pkcs12_create_safe_contents(PRArenaPool *poolp)
-{
- SEC_PKCS12SafeContents *safe;
- void *mark;
-
- if(poolp == NULL)
- return NULL;
-
- /* allocate structure */
- mark = PORT_ArenaMark(poolp);
- safe = (SEC_PKCS12SafeContents *)PORT_ArenaZAlloc(poolp,
- sizeof(SEC_PKCS12SafeContents));
- if(safe == NULL)
- {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_ArenaRelease(poolp, mark);
- return NULL;
- }
-
- /* init list */
- safe->contents = (SEC_PKCS12SafeBag**)PORT_ArenaZAlloc(poolp,
- sizeof(SEC_PKCS12SafeBag *));
- if(safe->contents == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_ArenaRelease(poolp, mark);
- return NULL;
- }
- safe->contents[0] = NULL;
- safe->poolp = poolp;
- safe->safe_size = 0;
- PORT_ArenaUnmark(poolp, mark);
- return safe;
-}
-
-/* create a new external bag which is appended onto the list
- * of bags in baggage. the bag is created in the same arena
- * as baggage
- */
-SEC_PKCS12BaggageItem *
-sec_pkcs12_create_external_bag(SEC_PKCS12Baggage *luggage)
-{
- void *dummy, *mark;
- SEC_PKCS12BaggageItem *bag;
-
- if(luggage == NULL) {
- return NULL;
- }
-
- mark = PORT_ArenaMark(luggage->poolp);
-
- /* allocate space for null terminated bag list */
- if(luggage->bags == NULL) {
- luggage->bags=(SEC_PKCS12BaggageItem**)PORT_ArenaZAlloc(luggage->poolp,
- sizeof(SEC_PKCS12BaggageItem *));
- if(luggage->bags == NULL) {
- goto loser;
- }
- luggage->luggage_size = 0;
- }
-
- /* grow the list */
- dummy = PORT_ArenaGrow(luggage->poolp, luggage->bags,
- sizeof(SEC_PKCS12BaggageItem *) * (luggage->luggage_size + 1),
- sizeof(SEC_PKCS12BaggageItem *) * (luggage->luggage_size + 2));
- if(dummy == NULL) {
- goto loser;
- }
- luggage->bags = (SEC_PKCS12BaggageItem**)dummy;
-
- luggage->bags[luggage->luggage_size] =
- (SEC_PKCS12BaggageItem *)PORT_ArenaZAlloc(luggage->poolp,
- sizeof(SEC_PKCS12BaggageItem));
- if(luggage->bags[luggage->luggage_size] == NULL) {
- goto loser;
- }
-
- /* create new bag and append it to the end */
- bag = luggage->bags[luggage->luggage_size];
- bag->espvks = (SEC_PKCS12ESPVKItem **)PORT_ArenaZAlloc(
- luggage->poolp,
- sizeof(SEC_PKCS12ESPVKItem *));
- bag->unencSecrets = (SEC_PKCS12SafeBag **)PORT_ArenaZAlloc(
- luggage->poolp,
- sizeof(SEC_PKCS12SafeBag *));
- if((bag->espvks == NULL) || (bag->unencSecrets == NULL)) {
- goto loser;
- }
-
- bag->poolp = luggage->poolp;
- luggage->luggage_size++;
- luggage->bags[luggage->luggage_size] = NULL;
- bag->espvks[0] = NULL;
- bag->unencSecrets[0] = NULL;
- bag->nEspvks = bag->nSecrets = 0;
-
- PORT_ArenaUnmark(luggage->poolp, mark);
- return bag;
-
-loser:
- PORT_ArenaRelease(luggage->poolp, mark);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
-}
-
-/* creates a baggage witha NULL terminated 0 length list */
-SEC_PKCS12Baggage *
-sec_pkcs12_create_baggage(PRArenaPool *poolp)
-{
- SEC_PKCS12Baggage *luggage;
- void *mark;
-
- if(poolp == NULL)
- return NULL;
-
- mark = PORT_ArenaMark(poolp);
-
- /* allocate bag */
- luggage = (SEC_PKCS12Baggage *)PORT_ArenaZAlloc(poolp,
- sizeof(SEC_PKCS12Baggage));
- if(luggage == NULL)
- {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_ArenaRelease(poolp, mark);
- return NULL;
- }
-
- /* init list */
- luggage->bags = (SEC_PKCS12BaggageItem **)PORT_ArenaZAlloc(poolp,
- sizeof(SEC_PKCS12BaggageItem *));
- if(luggage->bags == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_ArenaRelease(poolp, mark);
- return NULL;
- }
-
- luggage->bags[0] = NULL;
- luggage->luggage_size = 0;
- luggage->poolp = poolp;
-
- PORT_ArenaUnmark(poolp, mark);
- return luggage;
-}
-
-/* free pfx structure and associated items in the arena */
-void
-SEC_PKCS12DestroyPFX(SEC_PKCS12PFXItem *pfx)
-{
- if (pfx != NULL && pfx->poolp != NULL)
- {
- PORT_FreeArena(pfx->poolp, PR_TRUE);
- }
-}
diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c
deleted file mode 100644
index aea26a9e9..000000000
--- a/security/nss/lib/pkcs12/p12d.c
+++ /dev/null
@@ -1,3224 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#include "p12t.h"
-#include "p12.h"
-#include "plarena.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "seccomon.h"
-#include "secport.h"
-#include "cert.h"
-#include "secpkcs7.h"
-#include "secasn1.h"
-#include "secerr.h"
-#include "pk11func.h"
-#include "p12plcy.h"
-#include "p12local.h"
-#include "alghmac.h"
-#include "secder.h"
-#include "secport.h"
-
-#include "certdb.h"
-
-#include "prcpucfg.h"
-
-typedef struct sec_PKCS12SafeContentsContextStr sec_PKCS12SafeContentsContext;
-
-/* Opaque structure for decoding SafeContents. These are used
- * for each authenticated safe as well as any nested safe contents.
- */
-struct sec_PKCS12SafeContentsContextStr {
- /* the parent decoder context */
- SEC_PKCS12DecoderContext *p12dcx;
-
- /* memory arena to allocate space from */
- PRArenaPool *arena;
-
- /* decoder context and destination for decoding safe contents */
- SEC_ASN1DecoderContext *safeContentsDcx;
- sec_PKCS12SafeContents safeContents;
-
- /* information for decoding safe bags within the safe contents.
- * these variables are updated for each safe bag decoded.
- */
- SEC_ASN1DecoderContext *currentSafeBagDcx;
- sec_PKCS12SafeBag *currentSafeBag;
- PRBool skipCurrentSafeBag;
-
- /* if the safe contents is nested, the parent is pointed to here. */
- sec_PKCS12SafeContentsContext *nestedCtx;
-};
-
-/* opaque decoder context structure. information for decoding a pkcs 12
- * PDU are stored here as well as decoding pointers for intermediary
- * structures which are part of the PKCS 12 PDU. Upon a successful
- * decode, the safe bags containing certificates and keys encountered.
- */
-struct SEC_PKCS12DecoderContextStr {
- PRArenaPool *arena;
- PK11SlotInfo *slot;
- void *wincx;
- PRBool error;
- int errorValue;
-
- /* password */
- SECItem *pwitem;
-
- /* used for decoding the PFX structure */
- SEC_ASN1DecoderContext *pfxDcx;
- sec_PKCS12PFXItem pfx;
-
- /* safe bags found during decoding */
- sec_PKCS12SafeBag **safeBags;
- unsigned int safeBagCount;
-
- /* state variables for decoding authenticated safes. */
- SEC_PKCS7DecoderContext *currentASafeP7Dcx;
- SEC_PKCS5KeyAndPassword *currentASafeKeyPwd;
- SEC_ASN1DecoderContext *aSafeDcx;
- SEC_PKCS7DecoderContext *aSafeP7Dcx;
- sec_PKCS12AuthenticatedSafe authSafe;
- SEC_PKCS7ContentInfo *aSafeCinfo;
- sec_PKCS12SafeContents safeContents;
-
- /* safe contents info */
- unsigned int safeContentsCnt;
- sec_PKCS12SafeContentsContext **safeContentsList;
-
- /* HMAC info */
- sec_PKCS12MacData macData;
- SEC_ASN1DecoderContext *hmacDcx;
-
- /* routines for reading back the data to be hmac'd */
- digestOpenFn dOpen;
- digestCloseFn dClose;
- digestIOFn dRead, dWrite;
- void *dArg;
-
- /* helper functions */
- SECKEYGetPasswordKey pwfn;
- void *pwfnarg;
- PRBool swapUnicodeBytes;
-
- /* import information */
- PRBool bagsVerified;
-};
-
-
-/* make sure that the PFX version being decoded is a version
- * which we support.
- */
-static PRBool
-sec_pkcs12_proper_version(sec_PKCS12PFXItem *pfx)
-{
- /* if no version, assume it is not supported */
- if(pfx->version.len == 0) {
- return PR_FALSE;
- }
-
- if(DER_GetInteger(&pfx->version) > SEC_PKCS12_VERSION) {
- return PR_FALSE;
- }
-
- return PR_TRUE;
-}
-
-/* retrieve the key for decrypting the safe contents */
-static PK11SymKey *
-sec_pkcs12_decoder_get_decrypt_key(void *arg, SECAlgorithmID *algid)
-{
- SEC_PKCS5KeyAndPassword *keyPwd =
- (SEC_PKCS5KeyAndPassword *)arg;
-
- if(!keyPwd) {
- return NULL;
- }
-
- /* if no slot specified, use the internal key slot */
- if(!keyPwd->slot) {
- keyPwd->slot = PK11_GetInternalKeySlot();
- }
-
- /* retrieve the key */
- if(!keyPwd->key) {
- keyPwd->key = PK11_PBEKeyGen(keyPwd->slot, algid,
- keyPwd->pwitem, PR_FALSE, keyPwd->wincx);
- }
-
- return (PK11SymKey *)keyPwd;
-}
-
-/* XXX this needs to be modified to handle enveloped data. most
- * likely, it should mirror the routines for SMIME in that regard.
- */
-static PRBool
-sec_pkcs12_decoder_decryption_allowed(SECAlgorithmID *algid,
- PK11SymKey *bulkkey)
-{
- PRBool decryptionAllowed = SEC_PKCS12DecryptionAllowed(algid);
-
- if(!decryptionAllowed) {
- return PR_FALSE;
- }
-
- return PR_TRUE;
-}
-
-/* when we encounter a new safe bag during the decoding, we need
- * to allocate space for the bag to be decoded to and set the
- * state variables appropriately. all of the safe bags are allocated
- * in a buffer in the outer SEC_PKCS12DecoderContext, however,
- * a pointer to the safeBag is also used in the sec_PKCS12SafeContentsContext
- * for the current bag.
- */
-static SECStatus
-sec_pkcs12_decoder_init_new_safe_bag(sec_PKCS12SafeContentsContext
- *safeContentsCtx)
-{
- void *mark = NULL;
- SEC_PKCS12DecoderContext *p12dcx;
-
- /* make sure that the structures are defined, and there has
- * not been an error in the decoding
- */
- if(!safeContentsCtx || !safeContentsCtx->p12dcx
- || safeContentsCtx->p12dcx->error) {
- return SECFailure;
- }
-
- p12dcx = safeContentsCtx->p12dcx;
- mark = PORT_ArenaMark(p12dcx->arena);
-
- /* allocate a new safe bag, if bags already exist, grow the
- * list of bags, otherwise allocate a new list. the list is
- * NULL terminated.
- */
- if(p12dcx->safeBagCount) {
- p12dcx->safeBags =
- (sec_PKCS12SafeBag**)PORT_ArenaGrow(p12dcx->arena,p12dcx->safeBags,
- (p12dcx->safeBagCount + 1) * sizeof(sec_PKCS12SafeBag *),
- (p12dcx->safeBagCount + 2) * sizeof(sec_PKCS12SafeBag *));
- } else {
- p12dcx->safeBags = (sec_PKCS12SafeBag**)PORT_ArenaZAlloc(p12dcx->arena,
- 2 * sizeof(sec_PKCS12SafeBag *));
- }
- if(!p12dcx->safeBags) {
- p12dcx->errorValue = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- /* append the bag to the end of the list and update the reference
- * in the safeContentsCtx.
- */
- p12dcx->safeBags[p12dcx->safeBagCount] =
- (sec_PKCS12SafeBag*)PORT_ArenaZAlloc(p12dcx->arena,
- sizeof(sec_PKCS12SafeBag));
- safeContentsCtx->currentSafeBag = p12dcx->safeBags[p12dcx->safeBagCount];
- p12dcx->safeBags[++p12dcx->safeBagCount] = NULL;
- if(!safeContentsCtx->currentSafeBag) {
- p12dcx->errorValue = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- safeContentsCtx->currentSafeBag->slot = safeContentsCtx->p12dcx->slot;
- safeContentsCtx->currentSafeBag->pwitem = safeContentsCtx->p12dcx->pwitem;
- safeContentsCtx->currentSafeBag->swapUnicodeBytes =
- safeContentsCtx->p12dcx->swapUnicodeBytes;
- safeContentsCtx->currentSafeBag->arena = safeContentsCtx->p12dcx->arena;
-
- PORT_ArenaUnmark(p12dcx->arena, mark);
- return SECSuccess;
-
-loser:
-
- /* if an error occurred, release the memory and set the error flag
- * the only possible errors triggered by this function are memory
- * related.
- */
- if(mark) {
- PORT_ArenaRelease(p12dcx->arena, mark);
- }
-
- p12dcx->error = PR_TRUE;
- return SECFailure;
-}
-
-/* A wrapper for updating the ASN1 context in which a safeBag is
- * being decoded. This function is called as a callback from
- * secasn1d when decoding SafeContents structures.
- */
-static void
-sec_pkcs12_decoder_safe_bag_update(void *arg, const char *data,
- unsigned long len, int depth,
- SEC_ASN1EncodingPart data_kind)
-{
- sec_PKCS12SafeContentsContext *safeContentsCtx =
- (sec_PKCS12SafeContentsContext *)arg;
- SEC_PKCS12DecoderContext *p12dcx;
- SECStatus rv;
-
- /* make sure that we are not skipping the current safeBag,
- * and that there are no errors. If so, just return rather
- * than continuing to process.
- */
- if(!safeContentsCtx || !safeContentsCtx->p12dcx
- || safeContentsCtx->p12dcx->error
- || safeContentsCtx->skipCurrentSafeBag) {
- return;
- }
- p12dcx = safeContentsCtx->p12dcx;
-
- rv = SEC_ASN1DecoderUpdate(safeContentsCtx->currentSafeBagDcx, data, len);
- if(rv != SECSuccess) {
- p12dcx->errorValue = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- return;
-
-loser:
- /* set the error, and finish the decoder context. because there
- * is not a way of returning an error message, it may be worth
- * while to do a check higher up and finish any decoding contexts
- * that are still open.
- */
- p12dcx->error = PR_TRUE;
- SEC_ASN1DecoderFinish(safeContentsCtx->currentSafeBagDcx);
- safeContentsCtx->currentSafeBagDcx = NULL;
- return;
-}
-
-/* forward declarations of functions that are used when decoding
- * safeContents bags which are nested and when decoding the
- * authenticatedSafes.
- */
-static SECStatus
-sec_pkcs12_decoder_begin_nested_safe_contents(sec_PKCS12SafeContentsContext
- *safeContentsCtx);
-static SECStatus
-sec_pkcs12_decoder_finish_nested_safe_contents(sec_PKCS12SafeContentsContext
- *safeContentsCtx);
-static void
-sec_pkcs12_decoder_safe_bag_update(void *arg, const char *data,
- unsigned long len, int depth,
- SEC_ASN1EncodingPart data_kind);
-
-/* notify function for decoding safeBags. This function is
- * used to filter safeBag types which are not supported,
- * initiate the decoding of nested safe contents, and decode
- * safeBags in general. this function is set when the decoder
- * context for the safeBag is first created.
- */
-static void
-sec_pkcs12_decoder_safe_bag_notify(void *arg, PRBool before,
- void *dest, int real_depth)
-{
- sec_PKCS12SafeContentsContext *safeContentsCtx =
- (sec_PKCS12SafeContentsContext *)arg;
- SEC_PKCS12DecoderContext *p12dcx;
- sec_PKCS12SafeBag *bag;
- PRBool after;
-
- /* if an error is encountered, return */
- if(!safeContentsCtx || !safeContentsCtx->p12dcx ||
- safeContentsCtx->p12dcx->error) {
- return;
- }
- p12dcx = safeContentsCtx->p12dcx;
-
- /* to make things more readable */
- if(before)
- after = PR_FALSE;
- else
- after = PR_TRUE;
-
- /* have we determined the safeBagType yet? */
- bag = safeContentsCtx->currentSafeBag;
- if(bag->bagTypeTag == NULL) {
- if(after && (dest == &(bag->safeBagType))) {
- bag->bagTypeTag = SECOID_FindOID(&(bag->safeBagType));
- if(bag->bagTypeTag == NULL) {
- p12dcx->error = PR_TRUE;
- p12dcx->errorValue = SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE;
- }
- }
- return;
- }
-
- /* process the safeBag depending on it's type. those
- * which we do not support, are ignored. we start a decoding
- * context for a nested safeContents.
- */
- switch(bag->bagTypeTag->offset) {
- case SEC_OID_PKCS12_V1_KEY_BAG_ID:
- case SEC_OID_PKCS12_V1_CERT_BAG_ID:
- case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
- break;
- case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID:
- /* if we are just starting to decode the safeContents, initialize
- * a new safeContentsCtx to process it.
- */
- if(before && (dest == &(bag->safeBagContent))) {
- sec_pkcs12_decoder_begin_nested_safe_contents(safeContentsCtx);
- } else if(after && (dest == &(bag->safeBagContent))) {
- /* clean up the nested decoding */
- sec_pkcs12_decoder_finish_nested_safe_contents(safeContentsCtx);
- }
- break;
- case SEC_OID_PKCS12_V1_CRL_BAG_ID:
- case SEC_OID_PKCS12_V1_SECRET_BAG_ID:
- default:
- /* skip any safe bag types we don't understand or handle */
- safeContentsCtx->skipCurrentSafeBag = PR_TRUE;
- break;
- }
-
- return;
-}
-
-/* notify function for decoding safe contents. each entry in the
- * safe contents is a safeBag which needs to be allocated and
- * the decoding context initialized at the beginning and then
- * the context needs to be closed and finished at the end.
- *
- * this function is set when the safeContents decode context is
- * initialized.
- */
-static void
-sec_pkcs12_decoder_safe_contents_notify(void *arg, PRBool before,
- void *dest, int real_depth)
-{
- sec_PKCS12SafeContentsContext *safeContentsCtx =
- (sec_PKCS12SafeContentsContext*)arg;
- SEC_PKCS12DecoderContext *p12dcx;
- SECStatus rv;
-
- /* if there is an error we don't want to continue processing,
- * just return and keep going.
- */
- if(!safeContentsCtx || !safeContentsCtx->p12dcx
- || safeContentsCtx->p12dcx->error) {
- return;
- }
- p12dcx = safeContentsCtx->p12dcx;
-
- /* if we are done with the current safeBag, then we need to
- * finish the context and set the state variables appropriately.
- */
- if(!before) {
- SEC_ASN1DecoderClearFilterProc(safeContentsCtx->safeContentsDcx);
- SEC_ASN1DecoderFinish(safeContentsCtx->currentSafeBagDcx);
- safeContentsCtx->currentSafeBagDcx = NULL;
- safeContentsCtx->skipCurrentSafeBag = PR_FALSE;
- } else {
- /* we are starting a new safe bag. we need to allocate space
- * for the bag and initialize the decoding context.
- */
- rv = sec_pkcs12_decoder_init_new_safe_bag(safeContentsCtx);
- if(rv != SECSuccess) {
- goto loser;
- }
-
- /* set up the decoder context */
- safeContentsCtx->currentSafeBagDcx = SEC_ASN1DecoderStart(p12dcx->arena,
- safeContentsCtx->currentSafeBag,
- sec_PKCS12SafeBagTemplate);
- if(!safeContentsCtx->currentSafeBagDcx) {
- p12dcx->errorValue = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- /* set the notify and filter procs so that the safe bag
- * data gets sent to the proper location when decoding.
- */
- SEC_ASN1DecoderSetNotifyProc(safeContentsCtx->currentSafeBagDcx,
- sec_pkcs12_decoder_safe_bag_notify,
- safeContentsCtx);
- SEC_ASN1DecoderSetFilterProc(safeContentsCtx->safeContentsDcx,
- sec_pkcs12_decoder_safe_bag_update,
- safeContentsCtx, PR_TRUE);
- }
-
- return;
-
-loser:
- /* in the event of an error, we want to close the decoding
- * context and clear the filter and notify procedures.
- */
- p12dcx->error = PR_TRUE;
-
- if(safeContentsCtx->currentSafeBagDcx) {
- SEC_ASN1DecoderFinish(safeContentsCtx->currentSafeBagDcx);
- safeContentsCtx->currentSafeBagDcx = NULL;
- }
-
- SEC_ASN1DecoderClearNotifyProc(safeContentsCtx->safeContentsDcx);
- SEC_ASN1DecoderClearFilterProc(safeContentsCtx->safeContentsDcx);
-
- return;
-}
-
-/* initialize the safeContents for decoding. this routine
- * is used for authenticatedSafes as well as nested safeContents.
- */
-static sec_PKCS12SafeContentsContext *
-sec_pkcs12_decoder_safe_contents_init_decode(SEC_PKCS12DecoderContext *p12dcx,
- PRBool nestedSafe)
-{
- sec_PKCS12SafeContentsContext *safeContentsCtx = NULL;
- const SEC_ASN1Template *theTemplate;
-
- if(!p12dcx || p12dcx->error) {
- return NULL;
- }
-
- /* allocate a new safeContents list or grow the existing list and
- * append the new safeContents onto the end.
- */
- if(!p12dcx->safeContentsCnt) {
- p12dcx->safeContentsList =
- (sec_PKCS12SafeContentsContext**)PORT_ArenaZAlloc(p12dcx->arena,
- sizeof(sec_PKCS12SafeContentsContext *));
- } else {
- p12dcx->safeContentsList =
- (sec_PKCS12SafeContentsContext **) PORT_ArenaGrow(p12dcx->arena,
- p12dcx->safeContentsList,
- (p12dcx->safeContentsCnt *
- sizeof(sec_PKCS12SafeContentsContext *)),
- (1 + p12dcx->safeContentsCnt *
- sizeof(sec_PKCS12SafeContentsContext *)));
- }
- if(!p12dcx->safeContentsList) {
- p12dcx->errorValue = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- p12dcx->safeContentsList[p12dcx->safeContentsCnt] =
- (sec_PKCS12SafeContentsContext*)PORT_ArenaZAlloc(
- p12dcx->arena,
- sizeof(sec_PKCS12SafeContentsContext));
- p12dcx->safeContentsList[p12dcx->safeContentsCnt+1] = NULL;
- if(!p12dcx->safeContentsList[p12dcx->safeContentsCnt]) {
- p12dcx->errorValue = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- /* set up the state variables */
- safeContentsCtx = p12dcx->safeContentsList[p12dcx->safeContentsCnt];
- p12dcx->safeContentsCnt++;
- safeContentsCtx->p12dcx = p12dcx;
- safeContentsCtx->arena = p12dcx->arena;
-
- /* begin the decoding -- the template is based on whether we are
- * decoding a nested safeContents or not.
- */
- if(nestedSafe == PR_TRUE) {
- theTemplate = sec_PKCS12NestedSafeContentsDecodeTemplate;
- } else {
- theTemplate = sec_PKCS12SafeContentsDecodeTemplate;
- }
-
- /* start the decoder context */
- safeContentsCtx->safeContentsDcx = SEC_ASN1DecoderStart(p12dcx->arena,
- &safeContentsCtx->safeContents,
- theTemplate);
-
- if(!safeContentsCtx->safeContentsDcx) {
- p12dcx->errorValue = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- /* set the safeContents notify procedure to look for
- * and start the decode of safeBags.
- */
- SEC_ASN1DecoderSetNotifyProc(safeContentsCtx->safeContentsDcx,
- sec_pkcs12_decoder_safe_contents_notify,
- safeContentsCtx);
-
- return safeContentsCtx;
-
-loser:
- /* in the case of an error, we want to finish the decoder
- * context and set the error flag.
- */
- if(safeContentsCtx && safeContentsCtx->safeContentsDcx) {
- SEC_ASN1DecoderFinish(safeContentsCtx->safeContentsDcx);
- safeContentsCtx->safeContentsDcx = NULL;
- }
-
- p12dcx->error = PR_TRUE;
-
- return NULL;
-}
-
-/* wrapper for updating safeContents. this is set as the filter of
- * safeBag when there is a nested safeContents.
- */
-static void
-sec_pkcs12_decoder_nested_safe_contents_update(void *arg, const char *buf,
- unsigned long len, int depth,
- SEC_ASN1EncodingPart data_kind)
-{
- sec_PKCS12SafeContentsContext *safeContentsCtx =
- (sec_PKCS12SafeContentsContext *)arg;
- SEC_PKCS12DecoderContext *p12dcx;
- SECStatus rv;
-
- /* check for an error */
- if(!safeContentsCtx || !safeContentsCtx->p12dcx
- || safeContentsCtx->p12dcx->error) {
- return;
- }
-
- /* no need to update if no data sent in */
- if(!len || !buf) {
- return;
- }
-
- /* update the decoding context */
- p12dcx = safeContentsCtx->p12dcx;
- rv = SEC_ASN1DecoderUpdate(safeContentsCtx->safeContentsDcx, buf, len);
- if(rv != SECSuccess) {
- p12dcx->errorValue = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- return;
-
-loser:
- /* handle any errors. If a decoding context is open, close it. */
- p12dcx->error = PR_TRUE;
- if(safeContentsCtx->safeContentsDcx) {
- SEC_ASN1DecoderFinish(safeContentsCtx->safeContentsDcx);
- safeContentsCtx->safeContentsDcx = NULL;
- }
-}
-
-/* whenever a new safeContentsSafeBag is encountered, we need
- * to init a safeContentsContext.
- */
-static SECStatus
-sec_pkcs12_decoder_begin_nested_safe_contents(sec_PKCS12SafeContentsContext
- *safeContentsCtx)
-{
- /* check for an error */
- if(!safeContentsCtx || !safeContentsCtx->p12dcx ||
- safeContentsCtx->p12dcx->error) {
- return SECFailure;
- }
-
- safeContentsCtx->nestedCtx = sec_pkcs12_decoder_safe_contents_init_decode(
- safeContentsCtx->p12dcx,
- PR_TRUE);
- if(!safeContentsCtx->nestedCtx) {
- return SECFailure;
- }
-
- /* set up new filter proc */
- SEC_ASN1DecoderSetNotifyProc(safeContentsCtx->nestedCtx->safeContentsDcx,
- sec_pkcs12_decoder_safe_contents_notify,
- safeContentsCtx->nestedCtx);
- SEC_ASN1DecoderSetFilterProc(safeContentsCtx->currentSafeBagDcx,
- sec_pkcs12_decoder_nested_safe_contents_update,
- safeContentsCtx->nestedCtx, PR_TRUE);
-
- return SECSuccess;
-}
-
-/* when the safeContents is done decoding, we need to reset the
- * proper filter and notify procs and close the decoding context
- */
-static SECStatus
-sec_pkcs12_decoder_finish_nested_safe_contents(sec_PKCS12SafeContentsContext
- *safeContentsCtx)
-{
- /* check for error */
- if(!safeContentsCtx || !safeContentsCtx->p12dcx ||
- safeContentsCtx->p12dcx->error) {
- return SECFailure;
- }
-
- /* clean up */
- SEC_ASN1DecoderClearFilterProc(safeContentsCtx->currentSafeBagDcx);
- SEC_ASN1DecoderClearNotifyProc(safeContentsCtx->nestedCtx->safeContentsDcx);
- SEC_ASN1DecoderFinish(safeContentsCtx->nestedCtx->safeContentsDcx);
- safeContentsCtx->nestedCtx->safeContentsDcx = NULL;
- safeContentsCtx->nestedCtx = NULL;
-
- return SECSuccess;
-}
-
-/* wrapper for updating safeContents. This is used when decoding
- * the nested safeContents and any authenticatedSafes.
- */
-static void
-sec_pkcs12_decoder_safe_contents_callback(void *arg, const char *buf,
- unsigned long len)
-{
- SECStatus rv;
- sec_PKCS12SafeContentsContext *safeContentsCtx =
- (sec_PKCS12SafeContentsContext *)arg;
- SEC_PKCS12DecoderContext *p12dcx;
-
- /* check for error */
- if(!safeContentsCtx || !safeContentsCtx->p12dcx
- || safeContentsCtx->p12dcx->error) {
- return;
- }
- p12dcx = safeContentsCtx->p12dcx;
-
- /* update the decoder */
- rv = SEC_ASN1DecoderUpdate(safeContentsCtx->safeContentsDcx, buf, len);
- if(rv != SECSuccess) {
- p12dcx->errorValue = SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE;
- goto loser;
- }
-
- return;
-
-loser:
- /* set the error and finish the context */
- p12dcx->error = PR_TRUE;
- if(safeContentsCtx->safeContentsDcx) {
- SEC_ASN1DecoderFinish(safeContentsCtx->safeContentsDcx);
- safeContentsCtx->safeContentsDcx = NULL;
- }
-
- return;
-}
-
-/* this is a wrapper for the ASN1 decoder to call SEC_PKCS7DecoderUpdate
- */
-static void
-sec_pkcs12_decoder_wrap_p7_update(void *arg, const char *data,
- unsigned long len, int depth,
- SEC_ASN1EncodingPart data_kind)
-{
- SEC_PKCS7DecoderContext *p7dcx = (SEC_PKCS7DecoderContext *)arg;
-
- SEC_PKCS7DecoderUpdate(p7dcx, data, len);
-}
-
-/* notify function for decoding aSafes. at the beginning,
- * of an authenticatedSafe, we start a decode of a safeContents.
- * at the end, we clean up the safeContents decoder context and
- * reset state variables
- */
-static void
-sec_pkcs12_decoder_asafes_notify(void *arg, PRBool before, void *dest,
- int real_depth)
-{
- SEC_PKCS12DecoderContext *p12dcx;
- sec_PKCS12SafeContentsContext *safeContentsCtx;
-
- /* make sure no error occurred. */
- p12dcx = (SEC_PKCS12DecoderContext *)arg;
- if(!p12dcx || p12dcx->error) {
- return;
- }
-
- if(before) {
-
- /* init a new safeContentsContext */
- safeContentsCtx = sec_pkcs12_decoder_safe_contents_init_decode(p12dcx,
- PR_FALSE);
- if(!safeContentsCtx) {
- goto loser;
- }
-
- /* set up password and encryption key information */
- p12dcx->currentASafeKeyPwd =
- (SEC_PKCS5KeyAndPassword*)PORT_ArenaZAlloc(p12dcx->arena,
- sizeof(SEC_PKCS5KeyAndPassword));
- if(!p12dcx->currentASafeKeyPwd) {
- p12dcx->errorValue = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
- p12dcx->currentASafeKeyPwd->pwitem = p12dcx->pwitem;
- p12dcx->currentASafeKeyPwd->slot = p12dcx->slot;
- p12dcx->currentASafeKeyPwd->wincx = p12dcx->wincx;
-
- /* initiate the PKCS7ContentInfo decode */
- p12dcx->currentASafeP7Dcx = SEC_PKCS7DecoderStart(
- sec_pkcs12_decoder_safe_contents_callback,
- safeContentsCtx,
- p12dcx->pwfn, p12dcx->pwfnarg,
- sec_pkcs12_decoder_get_decrypt_key,
- p12dcx->currentASafeKeyPwd,
- sec_pkcs12_decoder_decryption_allowed);
- if(!p12dcx->currentASafeP7Dcx) {
- p12dcx->errorValue = PORT_GetError();
- goto loser;
- }
- SEC_ASN1DecoderSetFilterProc(p12dcx->aSafeDcx,
- sec_pkcs12_decoder_wrap_p7_update,
- p12dcx->currentASafeP7Dcx, PR_TRUE);
- }
-
- if(!before) {
- /* if one is being decoded, finish the decode */
- if(p12dcx->currentASafeP7Dcx != NULL) {
- if(!SEC_PKCS7DecoderFinish(p12dcx->currentASafeP7Dcx)) {
- p12dcx->currentASafeP7Dcx = NULL;
- p12dcx->errorValue = PORT_GetError();
- goto loser;
- }
- p12dcx->currentASafeP7Dcx = NULL;
- }
- p12dcx->currentASafeP7Dcx = NULL;
- if(p12dcx->currentASafeKeyPwd->key != NULL) {
- p12dcx->currentASafeKeyPwd->key = NULL;
- }
- }
-
-
- return;
-
-loser:
- /* set the error flag */
- p12dcx->error = PR_TRUE;
- return;
-}
-
-/* wrapper for updating asafes decoding context. this function
- * writes data being decoded to disk, so that a mac can be computed
- * later.
- */
-static void
-sec_pkcs12_decoder_asafes_callback(void *arg, const char *buf,
- unsigned long len)
-{
- SEC_PKCS12DecoderContext *p12dcx = (SEC_PKCS12DecoderContext *)arg;
- SECStatus rv;
-
- if(!p12dcx || p12dcx->error) {
- return;
- }
-
- /* update the context */
- rv = SEC_ASN1DecoderUpdate(p12dcx->aSafeDcx, buf, len);
- if(rv != SECSuccess) {
- p12dcx->error = (PRBool)SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- /* if we are writing to a file, write out the new information */
- if(p12dcx->dWrite) {
- unsigned long writeLen = (*p12dcx->dWrite)(p12dcx->dArg,
- (unsigned char *)buf, len);
- if(writeLen != len) {
- p12dcx->errorValue = PORT_GetError();
- goto loser;
- }
- }
-
- return;
-
-loser:
- /* set the error flag */
- p12dcx->error = PR_TRUE;
- SEC_ASN1DecoderFinish(p12dcx->aSafeDcx);
- p12dcx->aSafeDcx = NULL;
-
- return;
-}
-
-/* start the decode of an authenticatedSafe contentInfo.
- */
-static SECStatus
-sec_pkcs12_decode_start_asafes_cinfo(SEC_PKCS12DecoderContext *p12dcx)
-{
- if(!p12dcx || p12dcx->error) {
- return SECFailure;
- }
-
- /* start the decode context */
- p12dcx->aSafeDcx = SEC_ASN1DecoderStart(p12dcx->arena,
- &p12dcx->authSafe,
- sec_PKCS12AuthenticatedSafeTemplate);
- if(!p12dcx->aSafeDcx) {
- p12dcx->errorValue = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- /* set the notify function */
- SEC_ASN1DecoderSetNotifyProc(p12dcx->aSafeDcx,
- sec_pkcs12_decoder_asafes_notify, p12dcx);
-
- /* begin the authSafe decoder context */
- p12dcx->aSafeP7Dcx = SEC_PKCS7DecoderStart(
- sec_pkcs12_decoder_asafes_callback, p12dcx,
- p12dcx->pwfn, p12dcx->pwfnarg, NULL, NULL, NULL);
- if(!p12dcx->aSafeP7Dcx) {
- p12dcx->errorValue = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- /* open the temp file for writing, if the filter functions were set */
- if(p12dcx->dOpen && (*p12dcx->dOpen)(p12dcx->dArg, PR_FALSE)
- != SECSuccess) {
- p12dcx->errorValue = PORT_GetError();
- goto loser;
- }
-
- return SECSuccess;
-
-loser:
- p12dcx->error = PR_TRUE;
-
- if(p12dcx->aSafeDcx) {
- SEC_ASN1DecoderFinish(p12dcx->aSafeDcx);
- p12dcx->aSafeDcx = NULL;
- }
-
- if(p12dcx->aSafeP7Dcx) {
- SEC_PKCS7DecoderFinish(p12dcx->aSafeP7Dcx);
- p12dcx->aSafeP7Dcx = NULL;
- }
-
- return SECFailure;
-}
-
-/* wrapper for updating the safeContents. this function is used as
- * a filter for the pfx when decoding the authenticated safes
- */
-static void
-sec_pkcs12_decode_asafes_cinfo_update(void *arg, const char *buf,
- unsigned long len, int depth,
- SEC_ASN1EncodingPart data_kind)
-{
- SEC_PKCS12DecoderContext *p12dcx;
- SECStatus rv;
-
- p12dcx = (SEC_PKCS12DecoderContext*)arg;
- if(!p12dcx || p12dcx->error) {
- return;
- }
-
- /* update the safeContents decoder */
- rv = SEC_PKCS7DecoderUpdate(p12dcx->aSafeP7Dcx, buf, len);
- if(rv != SECSuccess) {
- p12dcx->errorValue = SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE;
- goto loser;
- }
-
- return;
-
-loser:
-
- /* did we find an error? if so, close the context and set the
- * error flag.
- */
- SEC_PKCS7DecoderFinish(p12dcx->aSafeP7Dcx);
- p12dcx->aSafeP7Dcx = NULL;
- p12dcx->error = PR_TRUE;
-}
-
-/* notify procedure used while decoding the pfx. When we encounter
- * the authSafes, we want to trigger the decoding of authSafes as well
- * as when we encounter the macData, trigger the decoding of it. we do
- * this because we we are streaming the decoder and not decoding in place.
- * the pfx which is the destination, only has the version decoded into it.
- */
-static void
-sec_pkcs12_decoder_pfx_notify_proc(void *arg, PRBool before, void *dest,
- int real_depth)
-{
- SECStatus rv;
- SEC_PKCS12DecoderContext *p12dcx = (SEC_PKCS12DecoderContext*)arg;
-
- /* if an error occurrs, clear the notifyProc and the filterProc
- * and continue.
- */
- if(p12dcx->error) {
- SEC_ASN1DecoderClearNotifyProc(p12dcx->pfxDcx);
- SEC_ASN1DecoderClearFilterProc(p12dcx->pfxDcx);
- return;
- }
-
- if(before && (dest == &p12dcx->pfx.encodedAuthSafe)) {
-
- /* we want to make sure this is a version we support */
- if(!sec_pkcs12_proper_version(&p12dcx->pfx)) {
- p12dcx->errorValue = SEC_ERROR_PKCS12_UNSUPPORTED_VERSION;
- goto loser;
- }
-
- /* start the decode of the aSafes cinfo... */
- rv = sec_pkcs12_decode_start_asafes_cinfo(p12dcx);
- if(rv != SECSuccess) {
- goto loser;
- }
-
- /* set the filter proc to update the authenticated safes. */
- SEC_ASN1DecoderSetFilterProc(p12dcx->pfxDcx,
- sec_pkcs12_decode_asafes_cinfo_update,
- p12dcx, PR_TRUE);
- }
-
- if(!before && (dest == &p12dcx->pfx.encodedAuthSafe)) {
-
- /* we are done decoding the authenticatedSafes, so we need to
- * finish the decoderContext and clear the filter proc
- * and close the hmac callback, if present
- */
- p12dcx->aSafeCinfo = SEC_PKCS7DecoderFinish(p12dcx->aSafeP7Dcx);
- p12dcx->aSafeP7Dcx = NULL;
- if(!p12dcx->aSafeCinfo) {
- p12dcx->errorValue = PORT_GetError();
- goto loser;
- }
- SEC_ASN1DecoderClearFilterProc(p12dcx->pfxDcx);
- if(p12dcx->dClose && ((*p12dcx->dClose)(p12dcx->dArg, PR_FALSE)
- != SECSuccess)) {
- p12dcx->errorValue = PORT_GetError();
- goto loser;
- }
-
- }
-
- return;
-
-loser:
- p12dcx->error = PR_TRUE;
-}
-
-/* SEC_PKCS12DecoderStart
- * Creates a decoder context for decoding a PKCS 12 PDU objct.
- * This function sets up the initial decoding context for the
- * PFX and sets the needed state variables.
- *
- * pwitem - the password for the hMac and any encoded safes.
- * this should be changed to take a callback which retrieves
- * the password. it may be possible for different safes to
- * have different passwords. also, the password is already
- * in unicode. it should probably be converted down below via
- * a unicode conversion callback.
- * slot - the slot to import the dataa into should multiple slots
- * be supported based on key type and cert type?
- * dOpen, dClose, dRead, dWrite - digest routines for writing data
- * to a file so it could be read back and the hmack recomputed
- * and verified. doesn't seem to be away for both encoding
- * and decoding to be single pass, thus the need for these
- * routines.
- * dArg - the argument for dOpen, etc.
- *
- * This function returns the decoder context, if it was successful.
- * Otherwise, null is returned.
- */
-SEC_PKCS12DecoderContext *
-SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx,
- digestOpenFn dOpen, digestCloseFn dClose,
- digestIOFn dRead, digestIOFn dWrite, void *dArg)
-{
- SEC_PKCS12DecoderContext *p12dcx;
- PRArenaPool *arena;
-
- arena = PORT_NewArena(2048); /* different size? */
- if(!arena) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- /* allocate the decoder context and set the state variables */
- p12dcx = (SEC_PKCS12DecoderContext*)PORT_ArenaZAlloc(arena, sizeof(SEC_PKCS12DecoderContext));
- if(!p12dcx) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- p12dcx->arena = arena;
- p12dcx->pwitem = pwitem;
- p12dcx->slot = (slot ? slot : PK11_GetInternalKeySlot());
- p12dcx->wincx = wincx;
-#ifdef IS_LITTLE_ENDIAN
- p12dcx->swapUnicodeBytes = PR_TRUE;
-#else
- p12dcx->swapUnicodeBytes = PR_FALSE;
-#endif
- p12dcx->errorValue = 0;
- p12dcx->error = PR_FALSE;
-
- /* a slot is *required */
- if(!slot) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* start the decoding of the PFX and set the notify proc
- * for the PFX item.
- */
- p12dcx->pfxDcx = SEC_ASN1DecoderStart(p12dcx->arena, &p12dcx->pfx,
- sec_PKCS12PFXItemTemplate);
- if(!p12dcx->pfxDcx) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- SEC_ASN1DecoderSetNotifyProc(p12dcx->pfxDcx,
- sec_pkcs12_decoder_pfx_notify_proc,
- p12dcx);
-
- /* set up digest functions */
- p12dcx->dOpen = dOpen;
- p12dcx->dWrite = dWrite;
- p12dcx->dClose = dClose;
- p12dcx->dRead = dRead;
- p12dcx->dArg = dArg;
-
- return p12dcx;
-
-loser:
- PORT_FreeArena(arena, PR_TRUE);
- return NULL;
-}
-
-/* SEC_PKCS12DecoderUpdate
- * Streaming update sending more data to the decoder. If
- * an error occurs, SECFailure is returned.
- *
- * p12dcx - the decoder context
- * data, len - the data buffer and length of data to send to
- * the update functions.
- */
-SECStatus
-SEC_PKCS12DecoderUpdate(SEC_PKCS12DecoderContext *p12dcx,
- unsigned char *data, unsigned long len)
-{
- SECStatus rv;
-
- if(!p12dcx || p12dcx->error) {
- return SECFailure;
- }
-
- /* update the PFX decoder context */
- rv = SEC_ASN1DecoderUpdate(p12dcx->pfxDcx, (const char *)data, len);
- if(rv != SECSuccess) {
- p12dcx->errorValue = SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE;
- goto loser;
- }
-
- return SECSuccess;
-
-loser:
-
- p12dcx->error = PR_TRUE;
- return SECFailure;
-}
-
-/* IN_BUF_LEN should be larger than SHA1_LENGTH */
-#define IN_BUF_LEN 80
-
-/* verify the hmac by reading the data from the temporary file
- * using the routines specified when the decodingContext was
- * created and return SECSuccess if the hmac matches.
- */
-static SECStatus
-sec_pkcs12_decoder_verify_mac(SEC_PKCS12DecoderContext *p12dcx)
-{
- SECStatus rv = SECFailure;
- PBEBitGenContext *pbeCtxt = NULL;
- SECItem *hmacKey = NULL, hmacRes;
- unsigned char buf[IN_BUF_LEN];
- void *hmacCx;
- unsigned int bufLen;
- int iteration;
-
- if(!p12dcx || p12dcx->error) {
- return SECFailure;
- }
-
- /* generate hmac key */
- if(p12dcx->macData.iter.data) {
- iteration = (int)DER_GetInteger(&p12dcx->macData.iter);
- } else {
- iteration = 1;
- }
- pbeCtxt = PBE_CreateContext(SECOID_GetAlgorithmTag(
- &p12dcx->macData.safeMac.digestAlgorithm),
- pbeBitGenIntegrityKey, p12dcx->pwitem,
- &p12dcx->macData.macSalt, 160, iteration);
- if(!pbeCtxt) {
- return SECFailure;
- }
- hmacKey = PBE_GenerateBits(pbeCtxt);
- PBE_DestroyContext(pbeCtxt);
- pbeCtxt = NULL;
- if(!hmacKey) {
- return SECFailure;
- }
-
- /* init hmac */
- hmacCx = HMAC_Create(SECOID_GetAlgorithmTag(
- &p12dcx->macData.safeMac.digestAlgorithm),
- hmacKey->data, hmacKey->len);
- SECITEM_ZfreeItem(hmacKey, PR_TRUE);
- hmacKey = NULL;
- if(!hmacCx) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- HMAC_Begin((HMACContext*)hmacCx);
-
- /* try to open the data for readback */
- if(p12dcx->dOpen && ((*p12dcx->dOpen)(p12dcx->dArg, PR_TRUE)
- != SECSuccess)) {
- goto loser;
- }
-
- /* read the data back IN_BUF_LEN bytes at a time and recompute
- * the hmac. if fewer bytes are read than are requested, it is
- * assumed that the end of file has been reached. if bytesRead
- * is returned as -1, then an error occured reading from the
- * file.
- */
- while(1) {
- int bytesRead = (*p12dcx->dRead)(p12dcx->dArg, buf, IN_BUF_LEN);
- if(bytesRead == -1) {
- goto loser;
- }
-
- HMAC_Update((HMACContext*)hmacCx, buf, bytesRead);
- if(bytesRead < IN_BUF_LEN) {
- break;
- }
- }
-
- /* finish the hmac context */
- HMAC_Finish((HMACContext*)hmacCx, buf, &bufLen, IN_BUF_LEN);
- HMAC_Destroy((HMACContext*)hmacCx);
- hmacCx = NULL;
-
- hmacRes.data = buf;
- hmacRes.len = bufLen;
-
- /* is the hmac computed the same as the hmac which was decoded? */
- rv = SECSuccess;
- if(SECITEM_CompareItem(&hmacRes, &p12dcx->macData.safeMac.digest)
- != SECEqual) {
- PORT_SetError(SEC_ERROR_PKCS12_INVALID_MAC);
- rv = SECFailure;
- }
-
-loser:
- /* close the file and remove it */
- if(p12dcx->dClose) {
- (*p12dcx->dClose)(p12dcx->dArg, PR_TRUE);
- }
-
- if(hmacCx) {
- HMAC_Destroy((HMACContext*)hmacCx);
- }
-
- if(hmacKey) {
- SECITEM_ZfreeItem(hmacKey, PR_TRUE);
- }
-
- return rv;
-}
-
-/* SEC_PKCS12DecoderVerify
- * Verify the macData or the signature of the decoded PKCS 12 PDU.
- * If the signature or the macData do not match, SECFailure is
- * returned.
- *
- * p12dcx - the decoder context
- */
-SECStatus
-SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx)
-{
- SECStatus rv = SECSuccess;
-
- /* make sure that no errors have occured... */
- if(!p12dcx || p12dcx->error) {
- return SECFailure;
- }
-
- /* check the signature or the mac depending on the type of
- * integrity used.
- */
- if(p12dcx->pfx.encodedMacData.len) {
- rv = SEC_ASN1DecodeItem(p12dcx->arena, &p12dcx->macData,
- sec_PKCS12MacDataTemplate,
- &p12dcx->pfx.encodedMacData);
- if(rv == SECSuccess) {
- return sec_pkcs12_decoder_verify_mac(p12dcx);
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- } else {
- if(SEC_PKCS7VerifySignature(p12dcx->aSafeCinfo, certUsageEmailSigner,
- PR_FALSE)) {
- return SECSuccess;
- } else {
- PORT_SetError(SEC_ERROR_PKCS12_INVALID_MAC);
- }
- }
-
- return SECFailure;
-}
-
-/* SEC_PKCS12DecoderFinish
- * Free any open ASN1 or PKCS7 decoder contexts and then
- * free the arena pool which everything should be allocated
- * from. This function should be called upon completion of
- * decoding and installing of a pfx pdu. This should be
- * called even if an error occurs.
- *
- * p12dcx - the decoder context
- */
-void
-SEC_PKCS12DecoderFinish(SEC_PKCS12DecoderContext *p12dcx)
-{
- void *freedCtxt = NULL;
-
- if(!p12dcx) {
- return;
- }
-
- if(p12dcx->pfxDcx) {
- SEC_ASN1DecoderFinish(p12dcx->pfxDcx);
- p12dcx->pfxDcx = NULL;
- }
-
- if(p12dcx->aSafeDcx) {
- SEC_ASN1DecoderFinish(p12dcx->aSafeDcx);
- p12dcx->aSafeDcx = NULL;
- }
-
- if(p12dcx->currentASafeP7Dcx) {
- SEC_PKCS7DecoderFinish(p12dcx->currentASafeP7Dcx);
- p12dcx->currentASafeP7Dcx = NULL;
- }
-
- if(p12dcx->aSafeP7Dcx) {
- SEC_PKCS7DecoderFinish(p12dcx->aSafeP7Dcx);
- }
-
- if(p12dcx->hmacDcx) {
- SEC_ASN1DecoderFinish(p12dcx->hmacDcx);
- p12dcx->hmacDcx = NULL;
- }
-
- if(p12dcx->arena) {
- PORT_FreeArena(p12dcx->arena, PR_TRUE);
- }
-}
-
-static SECStatus
-sec_pkcs12_decoder_set_attribute_value(sec_PKCS12SafeBag *bag,
- SECOidTag attributeType,
- SECItem *attrValue)
-{
- int i = 0;
- SECOidData *oid;
-
- if(!bag || !attrValue) {
- return SECFailure;
- }
-
- oid = SECOID_FindOIDByTag(attributeType);
- if(!oid) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- if(!bag->attribs) {
- bag->attribs = (sec_PKCS12Attribute**)PORT_ArenaZAlloc(bag->arena,
- sizeof(sec_PKCS12Attribute *) * 2);
- } else {
- while(bag->attribs[i]) i++;
- bag->attribs = (sec_PKCS12Attribute **)PORT_ArenaGrow(bag->arena,
- bag->attribs,
- (i + 1) * sizeof(sec_PKCS12Attribute *),
- (i + 2) * sizeof(sec_PKCS12Attribute *));
- }
-
- if(!bag->attribs) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- bag->attribs[i] = (sec_PKCS12Attribute*)PORT_ArenaZAlloc(bag->arena,
- sizeof(sec_PKCS12Attribute));
- if(!bag->attribs) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- bag->attribs[i]->attrValue = (SECItem**)PORT_ArenaZAlloc(bag->arena,
- sizeof(SECItem *) * 2);
- if(!bag->attribs[i]->attrValue) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- bag->attribs[i+1] = NULL;
- bag->attribs[i]->attrValue[0] = attrValue;
- bag->attribs[i]->attrValue[1] = NULL;
-
- if(SECITEM_CopyItem(bag->arena, &bag->attribs[i]->attrType, &oid->oid)
- != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-static SECItem *
-sec_pkcs12_get_attribute_value(sec_PKCS12SafeBag *bag,
- SECOidTag attributeType)
-{
- int i = 0;
-
- if(!bag->attribs) {
- return NULL;
- }
-
- while(bag->attribs[i] != NULL) {
- if(SECOID_FindOIDTag(&bag->attribs[i]->attrType)
- == attributeType) {
- return bag->attribs[i]->attrValue[0];
- }
- i++;
- }
-
- return NULL;
-}
-
-/* For now, this function will merely remove any ":"
- * in the nickname which the PK11 functions may have
- * placed there. This will keep dual certs from appearing
- * twice under "Your" certificates when imported onto smart
- * cards. Once with the name "Slot:Cert" and another with
- * the nickname "Slot:Slot:Cert"
- */
-static void
-sec_pkcs12_sanitize_nickname(PK11SlotInfo *slot, SECItem *nick)
-{
- char *nickname;
- char *delimit;
- int delimitlen;
-
- nickname = (char*)nick->data; /*Mac breaks without this type cast*/
- if ((delimit = PORT_Strchr(nickname, ':')) != NULL) {
- char *slotName;
- int slotNameLen;
-
- slotNameLen = delimit-nickname;
- slotName = PORT_NewArray(char, (slotNameLen+1));
- PORT_Assert(slotName);
- if (slotName == NULL) {
- /* What else can we do?*/
- return;
- }
- PORT_Memcpy(slotName, nickname, slotNameLen);
- slotName[slotNameLen] = '\0';
- if (PORT_Strcmp(PK11_GetTokenName(slot), slotName) == 0) {
- delimitlen = PORT_Strlen(delimit+1);
- PORT_Memmove(nickname, delimit+1, delimitlen+1);
- nick->len = delimitlen;
- }
- PORT_Free(slotName);
- }
-
-}
-
-static SECItem *
-sec_pkcs12_get_nickname(sec_PKCS12SafeBag *bag)
-{
- SECItem *src, *dest;
-
- if(!bag) {
- bag->problem = PR_TRUE;
- bag->error = SEC_ERROR_NO_MEMORY;
- return NULL;
- }
-
- src = sec_pkcs12_get_attribute_value(bag, SEC_OID_PKCS9_FRIENDLY_NAME);
- if(!src) {
- return NULL;
- }
-
- dest = (SECItem*)PORT_ZAlloc(sizeof(SECItem));
- if(!dest) {
- goto loser;
- }
- if(!sec_pkcs12_convert_item_to_unicode(NULL, dest, src, PR_FALSE,
- PR_FALSE, PR_FALSE)) {
- goto loser;
- }
-
- sec_pkcs12_sanitize_nickname(bag->slot, dest);
-
- return dest;
-
-loser:
- if(dest) {
- SECITEM_ZfreeItem(dest, PR_TRUE);
- }
-
- bag->problem = PR_TRUE;
- bag->error = PORT_GetError();
- return NULL;
-}
-
-static SECStatus
-sec_pkcs12_set_nickname(sec_PKCS12SafeBag *bag, SECItem *name)
-{
- int i = 0;
- sec_PKCS12Attribute *attr = NULL;
- SECOidData *oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_FRIENDLY_NAME);
-
- if(!bag || !bag->arena || !name) {
- return SECFailure;
- }
-
- if(!bag->attribs) {
- if(!oid) {
- goto loser;
- }
-
- bag->attribs = (sec_PKCS12Attribute**)PORT_ArenaZAlloc(bag->arena,
- sizeof(sec_PKCS12Attribute *)*2);
- if(!bag->attribs) {
- goto loser;
- }
- bag->attribs[0] = (sec_PKCS12Attribute*)PORT_ArenaZAlloc(bag->arena,
- sizeof(sec_PKCS12Attribute));
- if(!bag->attribs[0]) {
- goto loser;
- }
- bag->attribs[1] = NULL;
-
- attr = bag->attribs[0];
- if(SECITEM_CopyItem(bag->arena, &attr->attrType, &oid->oid)
- != SECSuccess) {
- goto loser;
- }
- } else {
- while(bag->attribs[i]) {
- if(SECOID_FindOIDTag(&bag->attribs[i]->attrType)
- == SEC_OID_PKCS9_FRIENDLY_NAME) {
- attr = bag->attribs[i];
- goto have_attrib;
-
- }
- i++;
- }
- if(!attr) {
- bag->attribs = (sec_PKCS12Attribute **)PORT_ArenaGrow(bag->arena,
- bag->attribs,
- (i+1) * sizeof(sec_PKCS12Attribute *),
- (i+2) * sizeof(sec_PKCS12Attribute *));
- if(!bag->attribs) {
- goto loser;
- }
- bag->attribs[i] =
- (sec_PKCS12Attribute *)PORT_ArenaZAlloc(bag->arena,
- sizeof(sec_PKCS12Attribute));
- if(!bag->attribs[i]) {
- goto loser;
- }
- bag->attribs[i+1] = NULL;
- attr = bag->attribs[i];
- if(SECITEM_CopyItem(bag->arena, &attr->attrType, &oid->oid)
- != SECSuccess) {
- goto loser;
- }
- }
- }
-have_attrib:
- PORT_Assert(attr);
- if(!attr->attrValue) {
- attr->attrValue = (SECItem **)PORT_ArenaZAlloc(bag->arena,
- sizeof(SECItem *) * 2);
- if(!attr->attrValue) {
- goto loser;
- }
- attr->attrValue[0] = (SECItem*)PORT_ArenaZAlloc(bag->arena,
- sizeof(SECItem));
- if(!attr->attrValue[0]) {
- goto loser;
- }
- attr->attrValue[1] = NULL;
- }
-
- name->len = PORT_Strlen((char *)name->data);
- if(!sec_pkcs12_convert_item_to_unicode(bag->arena, attr->attrValue[0],
- name, PR_FALSE, PR_FALSE, PR_TRUE)) {
- goto loser;
- }
-
- return SECSuccess;
-
-loser:
- bag->problem = PR_TRUE;
- bag->error = SEC_ERROR_NO_MEMORY;
- return SECFailure;
-}
-
-static SECStatus
-sec_pkcs12_get_key_info(sec_PKCS12SafeBag *key)
-{
- int i = 0;
- SECKEYPrivateKeyInfo *pki = NULL;
-
- if(!key) {
- return SECFailure;
- }
-
- /* if the bag does *not* contain an unencrypted PrivateKeyInfo
- * then we cannot convert the attributes. We are propagating
- * attributes within the PrivateKeyInfo to the SafeBag level.
- */
- if(SECOID_FindOIDTag(&(key->safeBagType)) !=
- SEC_OID_PKCS12_V1_KEY_BAG_ID) {
- return SECSuccess;
- }
-
- pki = key->safeBagContent.pkcs8KeyBag;
-
- if(!pki || !pki->attributes) {
- return SECSuccess;
- }
-
- while(pki->attributes[i]) {
- SECItem *attrValue = NULL;
-
- if(SECOID_FindOIDTag(&pki->attributes[i]->attrType) ==
- SEC_OID_PKCS9_LOCAL_KEY_ID) {
- attrValue = sec_pkcs12_get_attribute_value(key,
- SEC_OID_PKCS9_LOCAL_KEY_ID);
- if(!attrValue) {
- if(sec_pkcs12_decoder_set_attribute_value(key,
- SEC_OID_PKCS9_LOCAL_KEY_ID,
- pki->attributes[i]->attrValue[0])
- != SECSuccess) {
- key->problem = PR_TRUE;
- key->error = SEC_ERROR_NO_MEMORY;
- return SECFailure;
- }
- }
- }
-
- if(SECOID_FindOIDTag(&pki->attributes[i]->attrType) ==
- SEC_OID_PKCS9_FRIENDLY_NAME) {
- attrValue = sec_pkcs12_get_attribute_value(key,
- SEC_OID_PKCS9_FRIENDLY_NAME);
- if(!attrValue) {
- if(sec_pkcs12_decoder_set_attribute_value(key,
- SEC_OID_PKCS9_FRIENDLY_NAME,
- pki->attributes[i]->attrValue[0])
- != SECSuccess) {
- key->problem = PR_TRUE;
- key->error = SEC_ERROR_NO_MEMORY;
- return SECFailure;
- }
- }
- }
-
- i++;
- }
-
- return SECSuccess;
-}
-
-/* retrieve the nickname for the certificate bag. first look
- * in the cert bag, otherwise get it from the key.
- */
-static SECItem *
-sec_pkcs12_get_nickname_for_cert(sec_PKCS12SafeBag *cert,
- sec_PKCS12SafeBag *key,
- void *wincx)
-{
- SECItem *nickname;
-
- if(!cert) {
- return NULL;
- }
-
- nickname = sec_pkcs12_get_nickname(cert);
- if(nickname) {
- return nickname;
- }
-
- if(key) {
- nickname = sec_pkcs12_get_nickname(key);
-
- if(nickname && sec_pkcs12_set_nickname(cert, nickname)
- != SECSuccess) {
- cert->error = SEC_ERROR_NO_MEMORY;
- cert->problem = PR_TRUE;
- if(nickname) {
- SECITEM_ZfreeItem(nickname, PR_TRUE);
- }
- return NULL;
- }
- }
-
- return nickname;
-}
-
-/* set the nickname for the certificate */
-static SECStatus
-sec_pkcs12_set_nickname_for_cert(sec_PKCS12SafeBag *cert,
- sec_PKCS12SafeBag *key,
- SECItem *nickname,
- void *wincx)
-{
- if(!nickname || !cert) {
- return SECFailure;
- }
-
- if(sec_pkcs12_set_nickname(cert, nickname) != SECSuccess) {
- cert->error = SEC_ERROR_NO_MEMORY;
- cert->problem = PR_TRUE;
- return SECFailure;
- }
-
- if(key) {
- if(sec_pkcs12_set_nickname(key, nickname) != SECSuccess) {
- cert->error = SEC_ERROR_NO_MEMORY;
- cert->problem = PR_TRUE;
- return SECFailure;
- }
- }
-
- return SECSuccess;
-}
-
-/* retrieve the DER cert from the cert bag */
-static SECItem *
-sec_pkcs12_get_der_cert(sec_PKCS12SafeBag *cert)
-{
- if(!cert) {
- return NULL;
- }
-
- if(SECOID_FindOIDTag(&cert->safeBagType) != SEC_OID_PKCS12_V1_CERT_BAG_ID) {
- return NULL;
- }
-
- /* only support X509 certs not SDSI */
- if(SECOID_FindOIDTag(&cert->safeBagContent.certBag->bagID)
- != SEC_OID_PKCS9_X509_CERT) {
- return NULL;
- }
-
- return SECITEM_DupItem(&(cert->safeBagContent.certBag->value.x509Cert));
-}
-
-struct certNickInfo {
- PRArenaPool *arena;
- unsigned int nNicks;
- SECItem **nickList;
- unsigned int error;
-};
-
-/* callback for traversing certificates to gather the nicknames
- * used in a particular traversal. for instance, when using
- * CERT_TraversePermCertsForSubject, gather the nicknames and
- * store them in the certNickInfo for a particular DN.
- *
- * this handles the case where multiple nicknames are allowed
- * for the same dn, which is not currently allowed, but may be
- * in the future.
- */
-static SECStatus
-gatherNicknames(CERTCertificate *cert, void *arg)
-{
- struct certNickInfo *nickArg = (struct certNickInfo *)arg;
- SECItem tempNick;
- unsigned int i;
-
- if(!cert || !nickArg || nickArg->error) {
- return SECFailure;
- }
-
- if(!cert->nickname) {
- return SECSuccess;
- }
-
- tempNick.data = (unsigned char *)cert->nickname;
- tempNick.len = PORT_Strlen(cert->nickname) + 1;
-
- /* do we already have the nickname in the list? */
- if(nickArg->nNicks > 0) {
-
- /* nicknames have been encountered, but there is no list -- bad */
- if(!nickArg->nickList) {
- nickArg->error = SEC_ERROR_NO_MEMORY;
- return SECFailure;
- }
-
- for(i = 0; i < nickArg->nNicks; i++) {
- if(SECITEM_CompareItem(nickArg->nickList[i], &tempNick)
- == SECEqual) {
- return SECSuccess;
- }
- }
- }
-
- /* add the nickname to the list */
- if(nickArg->nNicks == 0) {
- nickArg->nickList = (SECItem **)PORT_ArenaZAlloc(nickArg->arena,
- 2 * sizeof(SECItem *));
- } else {
- nickArg->nickList = (SECItem **)PORT_ArenaGrow(nickArg->arena,
- nickArg->nickList,
- (nickArg->nNicks + 1) * sizeof(SECItem *),
- (nickArg->nNicks + 2) * sizeof(SECItem *));
- }
- if(!nickArg->nickList) {
- nickArg->error = SEC_ERROR_NO_MEMORY;
- return SECFailure;
- }
-
- nickArg->nickList[nickArg->nNicks] =
- (SECItem *)PORT_ArenaZAlloc(nickArg->arena, sizeof(SECItem));
- if(!nickArg->nickList[nickArg->nNicks]) {
- nickArg->error = SEC_ERROR_NO_MEMORY;
- return SECFailure;
- }
-
-
- if(SECITEM_CopyItem(nickArg->arena, nickArg->nickList[nickArg->nNicks],
- &tempNick) != SECSuccess) {
- nickArg->error = SEC_ERROR_NO_MEMORY;
- return SECFailure;
- }
-
- nickArg->nNicks++;
-
- return SECSuccess;
-}
-
-/* traverses the certs in the data base or in the token for the
- * DN to see if any certs currently have a nickname set.
- * If so, return it.
- */
-static SECItem *
-sec_pkcs12_get_existing_nick_for_dn(sec_PKCS12SafeBag *cert, void *wincx)
-{
- struct certNickInfo *nickArg = NULL;
- SECItem *derCert, *returnDn = NULL;
- PRArenaPool *arena = NULL;
- CERTCertificate *tempCert;
-
- if(!cert) {
- return NULL;
- }
-
- derCert = sec_pkcs12_get_der_cert(cert);
- if(!derCert) {
- return NULL;
- }
-
- tempCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), derCert, NULL,
- PR_FALSE, PR_TRUE);
- if(!tempCert) {
- returnDn = NULL;
- goto loser;
- }
-
- arena = PORT_NewArena(1024);
- if(!arena) {
- returnDn = NULL;
- goto loser;
- }
- nickArg = (struct certNickInfo *)PORT_ArenaZAlloc(arena,
- sizeof(struct certNickInfo));
- if(!nickArg) {
- returnDn = NULL;
- goto loser;
- }
- nickArg->error = 0;
- nickArg->nNicks = 0;
- nickArg->nickList = NULL;
- nickArg->arena = arena;
-
- /* if the token is local, first traverse the cert database
- * then traverse the token.
- */
- if(PK11_IsInternal(cert->slot)) {
- if(CERT_TraversePermCertsForSubject(CERT_GetDefaultCertDB(),
- &tempCert->derSubject, gatherNicknames,
- nickArg) != SECSuccess) {
- returnDn = NULL;
- goto loser;
- }
- }
-
- if(PK11_TraverseCertsForSubjectInSlot(tempCert, cert->slot, gatherNicknames,
- (void *)nickArg) != SECSuccess) {
- returnDn = NULL;
- goto loser;
- }
-
- if(nickArg->error) {
- /* XXX do we want to set the error? */
- returnDn = NULL;
- goto loser;
- }
-
- if(nickArg->nNicks == 0) {
- returnDn = NULL;
- goto loser;
- }
-
- /* set it to the first name, for now. handle multiple names? */
- returnDn = SECITEM_DupItem(nickArg->nickList[0]);
-
-loser:
- if(arena) {
- PORT_FreeArena(arena, PR_TRUE);
- }
-
- if(tempCert) {
- CERT_DestroyCertificate(tempCert);
- }
-
- if(derCert) {
- SECITEM_FreeItem(derCert, PR_TRUE);
- }
-
- return (returnDn);
-}
-
-/* counts certificates found for a given traversal function */
-static SECStatus
-countCertificate(CERTCertificate *cert, void *arg)
-{
- unsigned int *nCerts = (unsigned int *)arg;
-
- if(!cert || !arg) {
- return SECFailure;
- }
-
- (*nCerts)++;
- return SECSuccess;
-}
-
-static PRBool
-sec_pkcs12_certs_for_nickname_exist(SECItem *nickname, PK11SlotInfo *slot)
-{
- unsigned int nCerts = 0;
-
- if(!nickname || !slot) {
- return PR_TRUE;
- }
-
- /* we want to check the local database first if we are importing to it */
- if(PK11_IsInternal(slot)) {
- CERT_TraversePermCertsForNickname(CERT_GetDefaultCertDB(),
- (char *)nickname->data,
- countCertificate, (void *)&nCerts);
- }
-
- PK11_TraverseCertsForNicknameInSlot(nickname, slot, countCertificate,
- (void *)&nCerts);
- if(nCerts) return PR_TRUE;
-
- return PR_FALSE;
-}
-
-/* validate cert nickname such that there is a one-to-one relation
- * between nicknames and dn's. we want to enforce the case that the
- * nickname is non-NULL and that there is only one nickname per DN.
- *
- * if there is a problem with a nickname or the nickname is not present,
- * the user will be prompted for it.
- */
-static void
-sec_pkcs12_validate_cert_nickname(sec_PKCS12SafeBag *cert,
- sec_PKCS12SafeBag *key,
- SEC_PKCS12NicknameCollisionCallback nicknameCb,
- void *wincx)
-{
- SECItem *certNickname, *existingDNNick;
- PRBool setNickname = PR_FALSE, cancel = PR_FALSE;
- SECItem *newNickname = NULL;
-
- if(!cert || !cert->hasKey) {
- return;
- }
-
- if(!nicknameCb) {
- cert->problem = PR_TRUE;
- cert->error = SEC_ERROR_NO_MEMORY;
- return;
- }
-
- if(cert->hasKey && !key) {
- cert->problem = PR_TRUE;
- cert->error = SEC_ERROR_NO_MEMORY;
- return;
- }
-
- certNickname = sec_pkcs12_get_nickname_for_cert(cert, key, wincx);
- existingDNNick = sec_pkcs12_get_existing_nick_for_dn(cert, wincx);
-
- /* nickname is already used w/ this dn, so it is safe to return */
- if(certNickname && existingDNNick &&
- SECITEM_CompareItem(certNickname, existingDNNick) == SECEqual) {
- goto loser;
- }
-
- /* nickname not set in pkcs 12 bags, but a nick is already used for
- * this dn. set the nicks in the p12 bags and finish.
- */
- if(existingDNNick) {
- if(sec_pkcs12_set_nickname_for_cert(cert, key, existingDNNick, wincx)
- != SECSuccess) {
- cert->problem = PR_TRUE;
- cert->error = SEC_ERROR_NO_MEMORY;
- }
- goto loser;
- }
-
- /* at this point, we have a certificate for which the DN is not located
- * on the token. the nickname specified may or may not be NULL. if it
- * is not null, we need to make sure that there are no other certificates
- * with this nickname in the token for it to be valid. this imposes a
- * one to one relationship between DN and nickname.
- *
- * if the nickname is null, we need the user to enter a nickname for
- * the certificate.
- *
- * once we have a nickname, we make sure that the nickname is unique
- * for the DN. if it is not, the user is reprompted to enter a new
- * nickname.
- *
- * in order to exit this loop, the nickname entered is either unique
- * or the user hits cancel and the certificate is not imported.
- */
- setNickname = PR_FALSE;
- while(1) {
- if(certNickname && certNickname->data) {
- /* we will use the nickname so long as no other certs have the
- * same nickname. and the nickname is not NULL.
- */
- if(!sec_pkcs12_certs_for_nickname_exist(certNickname, cert->slot)) {
- if(setNickname) {
- if(sec_pkcs12_set_nickname_for_cert(cert, key, certNickname,
- wincx) != SECSuccess) {
- cert->problem = PR_TRUE;
- cert->error = SEC_ERROR_NO_MEMORY;
- }
- }
- goto loser;
- }
- }
-
- setNickname = PR_FALSE;
- newNickname = (*nicknameCb)(certNickname, &cancel, wincx);
- if(cancel) {
- cert->problem = PR_TRUE;
- cert->error = SEC_ERROR_USER_CANCELLED;
- goto loser;
- }
-
- if(!newNickname) {
- cert->problem = PR_TRUE;
- cert->error = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- /* at this point we have a new nickname, if we have an existing
- * certNickname, we need to free it and assign the new nickname
- * to it to avoid a memory leak. happy?
- */
- if(certNickname) {
- SECITEM_ZfreeItem(certNickname, PR_TRUE);
- certNickname = NULL;
- }
-
- certNickname = newNickname;
- setNickname = PR_TRUE;
- /* go back and recheck the new nickname */
- }
-
-loser:
- if(certNickname) {
- SECITEM_ZfreeItem(certNickname, PR_TRUE);
- }
-
- if(existingDNNick) {
- SECITEM_ZfreeItem(existingDNNick, PR_TRUE);
- }
-}
-
-static void
-sec_pkcs12_validate_cert(sec_PKCS12SafeBag *cert,
- sec_PKCS12SafeBag *key,
- SEC_PKCS12NicknameCollisionCallback nicknameCb,
- void *wincx)
-{
- CERTCertificate *leafCert, *testCert;
-
- if(!cert) {
- return;
- }
-
- cert->validated = PR_TRUE;
-
- if(!nicknameCb) {
- cert->problem = PR_TRUE;
- cert->error = SEC_ERROR_NO_MEMORY;
- cert->noInstall = PR_TRUE;
- return;
- }
-
- if(!cert->safeBagContent.certBag) {
- cert->noInstall = PR_TRUE;
- cert->problem = PR_TRUE;
- cert->error = SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE;
- return;
- }
-
- cert->noInstall = PR_FALSE;
- cert->removeExisting = PR_FALSE;
- cert->problem = PR_FALSE;
- cert->error = 0;
-
- leafCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- &cert->safeBagContent.certBag->value.x509Cert,
- NULL, PR_FALSE, PR_TRUE);
- if(!leafCert) {
- cert->noInstall = PR_TRUE;
- cert->problem = PR_TRUE;
- cert->error = SEC_ERROR_NO_MEMORY;
- return;
- }
-
- testCert = PK11_FindCertFromDERCert(cert->slot, leafCert, wincx);
- CERT_DestroyCertificate(leafCert);
- /* if we can't find the certificate through the PKCS11 interface,
- * we should check the cert database directly, if we are
- * importing to an internal slot.
- */
- if(!testCert && PK11_IsInternal(cert->slot)) {
- testCert = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(),
- &cert->safeBagContent.certBag->value.x509Cert);
- }
-
- if(testCert) {
- if(!testCert->nickname) {
- cert->removeExisting = PR_TRUE;
- } else {
- cert->noInstall = PR_TRUE;
- }
- CERT_DestroyCertificate(testCert);
- if(cert->noInstall && !cert->removeExisting) {
- return;
- }
- }
-
- sec_pkcs12_validate_cert_nickname(cert, key, nicknameCb, wincx);
-}
-
-static void
-sec_pkcs12_validate_key_by_cert(sec_PKCS12SafeBag *cert, sec_PKCS12SafeBag *key,
- void *wincx)
-{
- CERTCertificate *leafCert;
- SECKEYPrivateKey *privk;
-
- if(!key) {
- return;
- }
-
- key->validated = PR_TRUE;
-
- if(!cert) {
- key->problem = PR_TRUE;
- key->noInstall = PR_TRUE;
- key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
- return;
- }
-
- leafCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- &(cert->safeBagContent.certBag->value.x509Cert),
- NULL, PR_FALSE, PR_TRUE);
- if(!leafCert) {
- key->problem = PR_TRUE;
- key->noInstall = PR_TRUE;
- key->error = SEC_ERROR_NO_MEMORY;
- return;
- }
-
- privk = PK11_FindPrivateKeyFromCert(key->slot, leafCert, wincx);
- if(!privk) {
- privk = PK11_FindKeyByDERCert(key->slot, leafCert, wincx);
- }
-
- if(privk) {
- SECKEY_DestroyPrivateKey(privk);
- key->noInstall = PR_TRUE;
- }
-
- CERT_DestroyCertificate(leafCert);
-}
-
-static SECStatus
-sec_pkcs12_remove_existing_cert(sec_PKCS12SafeBag *cert,
- void *wincx)
-{
- SECItem *derCert = NULL;
- CERTCertificate *tempCert = NULL;
- CK_OBJECT_HANDLE certObj;
- PK11SlotInfo *slot = NULL;
- PRBool removed = PR_FALSE;
-
- if(!cert) {
- return SECFailure;
- }
-
- PORT_Assert(cert->removeExisting);
-
- cert->removeExisting = PR_FALSE;
- derCert = &cert->safeBagContent.certBag->value.x509Cert;
- tempCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), derCert,
- NULL, PR_FALSE, PR_TRUE);
- if(!tempCert) {
- return SECFailure;
- }
-
- certObj = PK11_FindCertInSlot(cert->slot, tempCert, wincx);
- CERT_DestroyCertificate(tempCert);
- tempCert = NULL;
-
- if(certObj != CK_INVALID_KEY) {
- PK11_DestroyObject(cert->slot, certObj);
- removed = PR_TRUE;
- } else if(PK11_IsInternal(cert->slot)) {
- tempCert = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), derCert);
- if(tempCert) {
- if(SEC_DeletePermCertificate(tempCert) == SECSuccess) {
- removed = PR_TRUE;
- }
- CERT_DestroyCertificate(tempCert);
- tempCert = NULL;
- }
- }
-
- if(!removed) {
- cert->problem = PR_TRUE;
- cert->error = SEC_ERROR_NO_MEMORY;
- cert->noInstall = PR_TRUE;
- }
-
- if(tempCert) {
- CERT_DestroyCertificate(tempCert);
- }
-
- return ((removed) ? SECSuccess : SECFailure);
-}
-
-static SECStatus
-sec_pkcs12_add_cert(sec_PKCS12SafeBag *cert, PRBool keyExists, void *wincx)
-{
- SECItem *derCert, *nickName;
- char *nickData = NULL;
- SECStatus rv;
-
- if(!cert) {
- return SECFailure;
- }
-
- if(cert->problem || cert->noInstall || cert->installed) {
- return SECSuccess;
- }
-
- derCert = &cert->safeBagContent.certBag->value.x509Cert;
- if(cert->removeExisting) {
- if(sec_pkcs12_remove_existing_cert(cert, wincx)
- != SECSuccess) {
- return SECFailure;
- }
- cert->removeExisting = PR_FALSE;
- }
-
- PORT_Assert(!cert->problem && !cert->removeExisting && !cert->noInstall);
-
- nickName = sec_pkcs12_get_nickname(cert);
- if(nickName) {
- nickData = (char *)nickName->data;
- }
-
- if(keyExists) {
- CERTCertificate *newCert;
-
- newCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- derCert, NULL, PR_FALSE, PR_TRUE);
- if(!newCert) {
- if(nickName) SECITEM_ZfreeItem(nickName, PR_TRUE);
- cert->error = SEC_ERROR_NO_MEMORY;
- cert->problem = PR_TRUE;
- return SECFailure;
- }
-
- rv = PK11_ImportCertForKeyToSlot(cert->slot, newCert, nickData,
- PR_TRUE, wincx);
- CERT_DestroyCertificate(newCert);
- } else {
- SECItem *certList[2];
- certList[0] = derCert;
- certList[1] = NULL;
- rv = CERT_ImportCerts(CERT_GetDefaultCertDB(), certUsageUserCertImport,
- 1, certList, NULL, PR_TRUE, PR_FALSE, nickData);
- }
-
- cert->installed = PR_TRUE;
- if(nickName) SECITEM_ZfreeItem(nickName, PR_TRUE);
- return rv;
-}
-
-static SECStatus
-sec_pkcs12_add_key(sec_PKCS12SafeBag *key, SECItem *publicValue,
- KeyType keyType, unsigned int keyUsage, void *wincx)
-{
- SECStatus rv;
- SECItem *nickName;
-
- if(!key) {
- return SECFailure;
- }
-
- if(key->removeExisting) {
- key->problem = PR_TRUE;
- key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
- return SECFailure;
- }
-
- if(key->problem || key->noInstall) {
- return SECSuccess;
- }
-
- nickName = sec_pkcs12_get_nickname(key);
-
- switch(SECOID_FindOIDTag(&key->safeBagType))
- {
- case SEC_OID_PKCS12_V1_KEY_BAG_ID:
- rv = PK11_ImportPrivateKeyInfo(key->slot,
- key->safeBagContent.pkcs8KeyBag,
- nickName, publicValue, PR_TRUE, PR_TRUE,
- keyUsage, wincx);
- break;
- case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
- rv = PK11_ImportEncryptedPrivateKeyInfo(key->slot,
- key->safeBagContent.pkcs8ShroudedKeyBag,
- key->pwitem, nickName, publicValue,
- PR_TRUE, PR_TRUE, keyType, keyUsage,
- wincx);
- break;
- default:
- key->error = SEC_ERROR_PKCS12_UNSUPPORTED_VERSION;
- key->problem = PR_TRUE;
- if(nickName) {
- SECITEM_ZfreeItem(nickName, PR_TRUE);
- }
- return SECFailure;
- }
-
- key->installed = PR_TRUE;
-
- if(nickName) {
- SECITEM_ZfreeItem(nickName, PR_TRUE);
- }
-
- if(rv != SECSuccess) {
- key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
- key->problem = PR_TRUE;
- } else {
- key->installed = PR_TRUE;
- }
-
- return rv;
-}
-
-static SECStatus
-sec_pkcs12_add_item_to_bag_list(sec_PKCS12SafeBag ***bagList,
- sec_PKCS12SafeBag *bag)
-{
- int i = 0;
-
- if(!bagList || !bag) {
- return SECFailure;
- }
-
- if(!(*bagList)) {
- (*bagList) = (sec_PKCS12SafeBag **)PORT_ArenaZAlloc(bag->arena,
- sizeof(sec_PKCS12SafeBag *) * 2);
- } else {
- while((*bagList)[i]) i++;
- (*bagList) = (sec_PKCS12SafeBag **)PORT_ArenaGrow(bag->arena, *bagList,
- sizeof(sec_PKCS12SafeBag *) * (i + 1),
- sizeof(sec_PKCS12SafeBag *) * (i + 2));
- }
-
- if(!(*bagList)) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- (*bagList)[i] = bag;
- (*bagList)[i+1] = NULL;
-
- return SECSuccess;
-}
-
-static sec_PKCS12SafeBag **
-sec_pkcs12_find_certs_for_key(sec_PKCS12SafeBag **safeBags, sec_PKCS12SafeBag *key )
-{
- sec_PKCS12SafeBag **certList = NULL;
- SECItem *keyId;
- int i;
-
- if(!safeBags || !safeBags[0]) {
- return NULL;
- }
-
- keyId = sec_pkcs12_get_attribute_value(key, SEC_OID_PKCS9_LOCAL_KEY_ID);
- if(!keyId) {
- return NULL;
- }
-
- i = 0;
- certList = NULL;
- while(safeBags[i]) {
- if(SECOID_FindOIDTag(&(safeBags[i]->safeBagType))
- == SEC_OID_PKCS12_V1_CERT_BAG_ID) {
- SECItem *certKeyId = sec_pkcs12_get_attribute_value(safeBags[i],
- SEC_OID_PKCS9_LOCAL_KEY_ID);
-
- if(certKeyId && (SECITEM_CompareItem(certKeyId, keyId)
- == SECEqual)) {
- if(sec_pkcs12_add_item_to_bag_list(&certList, safeBags[i])
- != SECSuccess) {
- return NULL;
- }
- }
- }
- i++;
- }
-
- return certList;
-}
-
-CERTCertList *
-SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx)
-{
- CERTCertList *certList = NULL;
- sec_PKCS12SafeBag **safeBags = p12dcx->safeBags;
- int i;
-
- if (!p12dcx || !p12dcx->safeBags || !p12dcx->safeBags[0]) {
- return NULL;
- }
-
- safeBags = p12dcx->safeBags;
- i = 0;
- certList = CERT_NewCertList();
-
- if (certList == NULL) {
- return NULL;
- }
-
- while(safeBags[i]) {
- if (SECOID_FindOIDTag(&(safeBags[i]->safeBagType))
- == SEC_OID_PKCS12_V1_CERT_BAG_ID) {
- SECItem *derCert = sec_pkcs12_get_der_cert(safeBags[i]) ;
- CERTCertificate *tempCert = NULL;
-
- if (derCert == NULL) continue;
- tempCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- derCert, NULL, PR_FALSE, PR_TRUE);
-
- if (tempCert) {
- CERT_AddCertToListTail(certList,tempCert);
- }
- SECITEM_FreeItem(derCert,PR_TRUE);
- }
- i++;
- }
-
- return certList;
-}
-static sec_PKCS12SafeBag **
-sec_pkcs12_get_key_bags(sec_PKCS12SafeBag **safeBags)
-{
- int i;
- sec_PKCS12SafeBag **keyList = NULL;
- SECOidTag bagType;
-
- if(!safeBags || !safeBags[0]) {
- return NULL;
- }
-
- i = 0;
- while(safeBags[i]) {
- bagType = SECOID_FindOIDTag(&(safeBags[i]->safeBagType));
- switch(bagType) {
- case SEC_OID_PKCS12_V1_KEY_BAG_ID:
- case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
- if(sec_pkcs12_add_item_to_bag_list(&keyList, safeBags[i])
- != SECSuccess) {
- return NULL;
- }
- break;
- default:
- break;
- }
- i++;
- }
-
- return keyList;
-}
-
-static SECStatus
-sec_pkcs12_validate_bags(sec_PKCS12SafeBag **safeBags,
- SEC_PKCS12NicknameCollisionCallback nicknameCb,
- void *wincx)
-{
- sec_PKCS12SafeBag **keyList;
- int i;
-
- if(!safeBags || !nicknameCb) {
- return SECFailure;
- }
-
- if(!safeBags[0]) {
- return SECSuccess;
- }
-
- keyList = sec_pkcs12_get_key_bags(safeBags);
- if(keyList) {
- i = 0;
-
- while(keyList[i]) {
- sec_PKCS12SafeBag **certList = sec_pkcs12_find_certs_for_key(
- safeBags, keyList[i]);
- if(certList) {
- int j = 0;
-
- if(SECOID_FindOIDTag(&(keyList[i]->safeBagType)) ==
- SEC_OID_PKCS12_V1_KEY_BAG_ID) {
- /* if it is an unencrypted private key then make sure
- * the attributes are propageted to the appropriate
- * level
- */
- if(sec_pkcs12_get_key_info(keyList[i]) != SECSuccess) {
- keyList[i]->problem = PR_TRUE;
- keyList[i]->error = SEC_ERROR_NO_MEMORY;
- return SECFailure;
- }
- }
-
- sec_pkcs12_validate_key_by_cert(certList[0], keyList[i], wincx);
- while(certList[j]) {
- certList[j]->hasKey = PR_TRUE;
- if(keyList[i]->problem) {
- certList[j]->problem = PR_TRUE;
- certList[j]->error = keyList[i]->error;
- } else {
- sec_pkcs12_validate_cert(certList[j], keyList[i],
- nicknameCb, wincx);
- if(certList[j]->problem) {
- keyList[i]->problem = certList[j]->problem;
- keyList[i]->error = certList[j]->error;
- }
- }
- j++;
- }
- }
-
- i++;
- }
- }
-
- i = 0;
- while(safeBags[i]) {
- if(!safeBags[i]->validated) {
- SECOidTag bagType = SECOID_FindOIDTag(&safeBags[i]->safeBagType);
-
- switch(bagType) {
- case SEC_OID_PKCS12_V1_CERT_BAG_ID:
- sec_pkcs12_validate_cert(safeBags[i], NULL, nicknameCb,
- wincx);
- break;
- case SEC_OID_PKCS12_V1_KEY_BAG_ID:
- case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
- safeBags[i]->noInstall = PR_TRUE;
- safeBags[i]->problem = PR_TRUE;
- safeBags[i]->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
- break;
- default:
- safeBags[i]->noInstall = PR_TRUE;
- }
- }
- i++;
- }
-
- return SECSuccess;
-}
-
-SECStatus
-SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx,
- SEC_PKCS12NicknameCollisionCallback nicknameCb)
-{
- SECStatus rv;
- int i, noInstallCnt, probCnt, bagCnt, errorVal = 0;
- if(!p12dcx || p12dcx->error) {
- return SECFailure;
- }
-
- rv = sec_pkcs12_validate_bags(p12dcx->safeBags, nicknameCb, p12dcx->wincx);
- if(rv == SECSuccess) {
- p12dcx->bagsVerified = PR_TRUE;
- }
-
- noInstallCnt = probCnt = bagCnt = 0;
- i = 0;
- while(p12dcx->safeBags[i]) {
- bagCnt++;
- if(p12dcx->safeBags[i]->noInstall) noInstallCnt++;
- if(p12dcx->safeBags[i]->problem) {
- probCnt++;
- errorVal = p12dcx->safeBags[i]->error;
- }
- i++;
- }
-
- if(bagCnt == noInstallCnt) {
- PORT_SetError(SEC_ERROR_PKCS12_DUPLICATE_DATA);
- return SECFailure;
- }
-
- if(probCnt) {
- PORT_SetError(errorVal);
- return SECFailure;
- }
-
- return rv;
-}
-
-static SECItem *
-sec_pkcs12_get_public_value_and_type(sec_PKCS12SafeBag *certBag,
- KeyType *type, unsigned int *usage)
-{
- SECKEYPublicKey *pubKey = NULL;
- CERTCertificate *cert = NULL;
- SECItem *pubValue;
-
- *type = nullKey;
- *usage = 0;
-
- if(!certBag) {
- return NULL;
- }
-
- cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- &certBag->safeBagContent.certBag->value.x509Cert,
- NULL, PR_FALSE, PR_FALSE);
- if(!cert) {
- return NULL;
- }
-
- *usage = cert->keyUsage;
- pubKey = CERT_ExtractPublicKey(cert);
- CERT_DestroyCertificate(cert);
- if(!pubKey) {
- return NULL;
- }
-
- *type = pubKey->keyType;
- switch(pubKey->keyType) {
- case dsaKey:
- pubValue = SECITEM_DupItem(&pubKey->u.dsa.publicValue);
- break;
- case dhKey:
- pubValue = SECITEM_DupItem(&pubKey->u.dh.publicValue);
- break;
- case rsaKey:
- pubValue = SECITEM_DupItem(&pubKey->u.rsa.modulus);
- break;
- default:
- pubValue = NULL;
- }
-
- SECKEY_DestroyPublicKey(pubKey);
-
- return pubValue;
-}
-
-static SECStatus
-sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags,
- void *wincx)
-{
- sec_PKCS12SafeBag **keyList, **certList;
- int i;
-
- if(!safeBags) {
- return SECFailure;
- }
-
- if(!safeBags[0]) {
- return SECSuccess;
- }
-
- keyList = sec_pkcs12_get_key_bags(safeBags);
- if(keyList) {
- i = 0;
-
- while(keyList[i]) {
- SECStatus rv;
- SECItem *publicValue = NULL;
- KeyType keyType;
- unsigned int keyUsage;
-
- if(keyList[i]->problem) {
- goto next_key_bag;
- }
-
- certList = sec_pkcs12_find_certs_for_key(safeBags,
- keyList[i]);
- if(certList) {
- publicValue = sec_pkcs12_get_public_value_and_type(certList[0],
- &keyType, &keyUsage);
- }
- rv = sec_pkcs12_add_key(keyList[i], publicValue, keyType, keyUsage,
- wincx);
- if(publicValue) {
- SECITEM_FreeItem(publicValue, PR_TRUE);
- }
- if(rv != SECSuccess) {
- PORT_SetError(keyList[i]->error);
- return SECFailure;
- }
-
- if(certList) {
- int j = 0;
-
- while(certList[j]) {
- SECStatus certRv;
-
- if(rv != SECSuccess) {
- certList[j]->problem = keyList[i]->problem;
- certList[j]->error = keyList[i]->error;
- certList[j]->noInstall = PR_TRUE;
- goto next_cert_bag;
- }
-
- certRv = sec_pkcs12_add_cert(certList[j],
- certList[j]->hasKey, wincx);
- if(certRv != SECSuccess) {
- keyList[i]->problem = certList[j]->problem;
- keyList[i]->error = certList[j]->error;
- PORT_SetError(certList[j]->error);
- return SECFailure;
- }
-next_cert_bag:
- j++;
- }
- }
-
-next_key_bag:
- i++;
- }
- }
-
- i = 0;
- while(safeBags[i]) {
- if(!safeBags[i]->installed) {
- SECStatus rv;
- SECOidTag bagType = SECOID_FindOIDTag(&(safeBags[i]->safeBagType));
-
- switch(bagType) {
- case SEC_OID_PKCS12_V1_CERT_BAG_ID:
- rv = sec_pkcs12_add_cert(safeBags[i], safeBags[i]->hasKey,
- wincx);
- if(rv != SECSuccess) {
- PORT_SetError(safeBags[i]->error);
- return SECFailure;
- }
- break;
- case SEC_OID_PKCS12_V1_KEY_BAG_ID:
- case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
- default:
- break;
- }
- }
- i++;
- }
-
- return SECSuccess;
-}
-
-SECStatus
-SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx)
-{
- if(!p12dcx || p12dcx->error) {
- return SECFailure;
- }
-
- if(!p12dcx->bagsVerified) {
- return SECFailure;
- }
-
- return sec_pkcs12_install_bags(p12dcx->safeBags, p12dcx->wincx);
-}
-
-static SECStatus
-sec_pkcs12_decoder_append_bag_to_context(SEC_PKCS12DecoderContext *p12dcx,
- sec_PKCS12SafeBag *bag)
-{
- if(!p12dcx || p12dcx->error) {
- return SECFailure;
- }
-
- if(!p12dcx->safeBagCount) {
- p12dcx->safeBags = (sec_PKCS12SafeBag **)PORT_ArenaZAlloc(p12dcx->arena,
- sizeof(sec_PKCS12SafeBag *) * 2);
- } else {
- p12dcx->safeBags =
- (sec_PKCS12SafeBag **)PORT_ArenaGrow(p12dcx->arena, p12dcx->safeBags,
- (p12dcx->safeBagCount + 1) * sizeof(sec_PKCS12SafeBag *),
- (p12dcx->safeBagCount + 2) * sizeof(sec_PKCS12SafeBag *));
- }
-
- if(!p12dcx->safeBags) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- p12dcx->safeBags[p12dcx->safeBagCount] = bag;
- p12dcx->safeBags[p12dcx->safeBagCount+1] = NULL;
- p12dcx->safeBagCount++;
-
- return SECSuccess;
-}
-
-static sec_PKCS12SafeBag *
-sec_pkcs12_decoder_convert_old_key(SEC_PKCS12DecoderContext *p12dcx,
- void *key, PRBool isEspvk)
-{
- sec_PKCS12SafeBag *keyBag;
- SECOidData *oid;
- SECOidTag keyTag;
- SECItem *keyID, *nickName, *newNickName;
-
- if(!p12dcx || p12dcx->error || !key) {
- return NULL;
- }
-
- newNickName =(SECItem *)PORT_ArenaZAlloc(p12dcx->arena, sizeof(SECItem));
- keyBag = (sec_PKCS12SafeBag *)PORT_ArenaZAlloc(p12dcx->arena,
- sizeof(sec_PKCS12SafeBag));
- if(!keyBag || !newNickName) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- keyBag->swapUnicodeBytes = p12dcx->swapUnicodeBytes;
- keyBag->slot = p12dcx->slot;
- keyBag->arena = p12dcx->arena;
- keyBag->pwitem = p12dcx->pwitem;
- keyBag->oldBagType = PR_TRUE;
-
- keyTag = (isEspvk) ? SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID :
- SEC_OID_PKCS12_V1_KEY_BAG_ID;
- oid = SECOID_FindOIDByTag(keyTag);
- if(!oid) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- if(SECITEM_CopyItem(p12dcx->arena, &keyBag->safeBagType, &oid->oid)
- != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- if(isEspvk) {
- SEC_PKCS12ESPVKItem *espvk = (SEC_PKCS12ESPVKItem *)key;
- keyBag->safeBagContent.pkcs8ShroudedKeyBag =
- espvk->espvkCipherText.pkcs8KeyShroud;
- nickName = &(espvk->espvkData.uniNickName);
- if(!espvk->espvkData.assocCerts || !espvk->espvkData.assocCerts[0]) {
- PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
- return NULL;
- }
- keyID = &espvk->espvkData.assocCerts[0]->digest;
- } else {
- SEC_PKCS12PrivateKey *pk = (SEC_PKCS12PrivateKey *)key;
- keyBag->safeBagContent.pkcs8KeyBag = &pk->pkcs8data;
- nickName= &(pk->pvkData.uniNickName);
- if(!pk->pvkData.assocCerts || !pk->pvkData.assocCerts[0]) {
- PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
- return NULL;
- }
- keyID = &pk->pvkData.assocCerts[0]->digest;
- }
-
- if(nickName->len) {
- if(nickName->len >= 2) {
- if(nickName->data[0] && nickName->data[1]) {
- if(!sec_pkcs12_convert_item_to_unicode(p12dcx->arena, newNickName,
- nickName, PR_FALSE, PR_FALSE, PR_TRUE)) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
- nickName = newNickName;
- } else if(nickName->data[0] && !nickName->data[1]) {
- unsigned int j = 0;
- unsigned char t;
- for(j = 0; j < nickName->len; j+=2) {
- t = nickName->data[j+1];
- nickName->data[j+1] = nickName->data[j];
- nickName->data[j] = t;
- }
- }
- } else {
- if(!sec_pkcs12_convert_item_to_unicode(p12dcx->arena, newNickName,
- nickName, PR_FALSE, PR_FALSE, PR_TRUE)) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
- nickName = newNickName;
- }
- }
-
- if(sec_pkcs12_decoder_set_attribute_value(keyBag,
- SEC_OID_PKCS9_FRIENDLY_NAME,
- nickName) != SECSuccess) {
- return NULL;
- }
-
- if(sec_pkcs12_decoder_set_attribute_value(keyBag,SEC_OID_PKCS9_LOCAL_KEY_ID,
- keyID) != SECSuccess) {
- return NULL;
- }
-
- return keyBag;
-}
-
-static sec_PKCS12SafeBag *
-sec_pkcs12_decoder_create_cert(SEC_PKCS12DecoderContext *p12dcx,
- SECItem *derCert)
-{
- sec_PKCS12SafeBag *certBag;
- SECOidData *oid;
- SGNDigestInfo *digest;
- SECItem *keyId;
- SECStatus rv;
-
- if(!p12dcx || p12dcx->error || !derCert) {
- return NULL;
- }
-
- keyId = (SECItem *)PORT_ArenaZAlloc(p12dcx->arena, sizeof(SECItem));
- if(!keyId) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- digest = sec_pkcs12_compute_thumbprint(derCert);
- if(!digest) {
- return NULL;
- }
-
- rv = SECITEM_CopyItem(p12dcx->arena, keyId, &digest->digest);
- SGN_DestroyDigestInfo(digest);
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- oid = SECOID_FindOIDByTag(SEC_OID_PKCS12_V1_CERT_BAG_ID);
- certBag = (sec_PKCS12SafeBag *)PORT_ArenaZAlloc(p12dcx->arena,
- sizeof(sec_PKCS12SafeBag));
- if(!certBag || !oid || (SECITEM_CopyItem(p12dcx->arena,
- &certBag->safeBagType, &oid->oid) != SECSuccess)) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- certBag->slot = p12dcx->slot;
- certBag->pwitem = p12dcx->pwitem;
- certBag->swapUnicodeBytes = p12dcx->swapUnicodeBytes;
- certBag->arena = p12dcx->arena;
-
- oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_X509_CERT);
- certBag->safeBagContent.certBag =
- (sec_PKCS12CertBag *)PORT_ArenaZAlloc(p12dcx->arena,
- sizeof(sec_PKCS12CertBag));
- if(!certBag->safeBagContent.certBag || !oid ||
- (SECITEM_CopyItem(p12dcx->arena,
- &certBag->safeBagContent.certBag->bagID,
- &oid->oid) != SECSuccess)) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- if(SECITEM_CopyItem(p12dcx->arena,
- &(certBag->safeBagContent.certBag->value.x509Cert),
- derCert) != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- if(sec_pkcs12_decoder_set_attribute_value(certBag, SEC_OID_PKCS9_LOCAL_KEY_ID,
- keyId) != SECSuccess) {
- return NULL;
- }
-
- return certBag;
-}
-
-static sec_PKCS12SafeBag **
-sec_pkcs12_decoder_convert_old_cert(SEC_PKCS12DecoderContext *p12dcx,
- SEC_PKCS12CertAndCRL *oldCert)
-{
- sec_PKCS12SafeBag **certList;
- SECItem **derCertList;
- int i, j;
-
- if(!p12dcx || p12dcx->error || !oldCert) {
- return NULL;
- }
-
- derCertList = SEC_PKCS7GetCertificateList(&oldCert->value.x509->certOrCRL);
- if(!derCertList) {
- return NULL;
- }
-
- i = 0;
- while(derCertList[i]) i++;
-
- certList = (sec_PKCS12SafeBag **)PORT_ArenaZAlloc(p12dcx->arena,
- (i + 1) * sizeof(sec_PKCS12SafeBag *));
- if(!certList) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- for(j = 0; j < i; j++) {
- certList[j] = sec_pkcs12_decoder_create_cert(p12dcx, derCertList[j]);
- if(!certList[j]) {
- return NULL;
- }
- }
-
- return certList;
-}
-
-static SECStatus
-sec_pkcs12_decoder_convert_old_key_and_certs(SEC_PKCS12DecoderContext *p12dcx,
- void *oldKey, PRBool isEspvk,
- SEC_PKCS12SafeContents *safe,
- SEC_PKCS12Baggage *baggage)
-{
- sec_PKCS12SafeBag *key, **certList;
- SEC_PKCS12CertAndCRL *oldCert;
- SEC_PKCS12PVKSupportingData *pvkData;
- int i;
- SECItem *keyName;
-
- if(!p12dcx || !oldKey) {
- return SECFailure;
- }
-
- if(isEspvk) {
- pvkData = &((SEC_PKCS12ESPVKItem *)(oldKey))->espvkData;
- } else {
- pvkData = &((SEC_PKCS12PrivateKey *)(oldKey))->pvkData;
- }
-
- if(!pvkData->assocCerts || !pvkData->assocCerts[0]) {
- PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
- return SECFailure;
- }
-
- oldCert = (SEC_PKCS12CertAndCRL *)sec_pkcs12_find_object(safe, baggage,
- SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID, NULL,
- pvkData->assocCerts[0]);
- if(!oldCert) {
- PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
- return SECFailure;
- }
-
- key = sec_pkcs12_decoder_convert_old_key(p12dcx,oldKey, isEspvk);
- certList = sec_pkcs12_decoder_convert_old_cert(p12dcx, oldCert);
- if(!key || !certList) {
- return SECFailure;
- }
-
- if(sec_pkcs12_decoder_append_bag_to_context(p12dcx, key) != SECSuccess) {
- return SECFailure;
- }
-
- keyName = sec_pkcs12_get_nickname(key);
- if(!keyName) {
- return SECFailure;
- }
-
- i = 0;
- while(certList[i]) {
- if(sec_pkcs12_decoder_append_bag_to_context(p12dcx, certList[i])
- != SECSuccess) {
- return SECFailure;
- }
- i++;
- }
-
- certList = sec_pkcs12_find_certs_for_key(p12dcx->safeBags, key);
- if(!certList) {
- return SECFailure;
- }
-
- i = 0;
- while(certList[i] != 0) {
- if(sec_pkcs12_set_nickname(certList[i], keyName) != SECSuccess) {
- return SECFailure;
- }
- i++;
- }
-
- return SECSuccess;
-}
-
-static SECStatus
-sec_pkcs12_decoder_convert_old_safe_to_bags(SEC_PKCS12DecoderContext *p12dcx,
- SEC_PKCS12SafeContents *safe,
- SEC_PKCS12Baggage *baggage)
-{
- SECStatus rv;
-
- if(!p12dcx || p12dcx->error) {
- return SECFailure;
- }
-
- if(safe && safe->contents) {
- int i = 0;
- while(safe->contents[i] != NULL) {
- if(SECOID_FindOIDTag(&safe->contents[i]->safeBagType)
- == SEC_OID_PKCS12_KEY_BAG_ID) {
- int j = 0;
- SEC_PKCS12PrivateKeyBag *privBag =
- safe->contents[i]->safeContent.keyBag;
-
- while(privBag->privateKeys[j] != NULL) {
- SEC_PKCS12PrivateKey *pk = privBag->privateKeys[j];
- rv = sec_pkcs12_decoder_convert_old_key_and_certs(p12dcx,pk,
- PR_FALSE, safe, baggage);
- if(rv != SECSuccess) {
- goto loser;
- }
- j++;
- }
- }
- i++;
- }
- }
-
- if(baggage && baggage->bags) {
- int i = 0;
- while(baggage->bags[i] != NULL) {
- SEC_PKCS12BaggageItem *bag = baggage->bags[i];
- int j = 0;
-
- if(!bag->espvks) {
- i++;
- continue;
- }
-
- while(bag->espvks[j] != NULL) {
- SEC_PKCS12ESPVKItem *espvk = bag->espvks[j];
- rv = sec_pkcs12_decoder_convert_old_key_and_certs(p12dcx, espvk,
- PR_TRUE, safe, baggage);
- if(rv != SECSuccess) {
- goto loser;
- }
- j++;
- }
- i++;
- }
- }
-
- return SECSuccess;
-
-loser:
- return SECFailure;
-}
-
-SEC_PKCS12DecoderContext *
-sec_PKCS12ConvertOldSafeToNew(PRArenaPool *arena, PK11SlotInfo *slot,
- PRBool swapUnicode, SECItem *pwitem,
- void *wincx, SEC_PKCS12SafeContents *safe,
- SEC_PKCS12Baggage *baggage)
-{
- SEC_PKCS12DecoderContext *p12dcx;
-
- if(!arena || !slot || !pwitem) {
- return NULL;
- }
-
- if(!safe && !baggage) {
- return NULL;
- }
-
- p12dcx = (SEC_PKCS12DecoderContext *)PORT_ArenaZAlloc(arena,
- sizeof(SEC_PKCS12DecoderContext));
- if(!p12dcx) {
- return NULL;
- }
-
- p12dcx->arena = arena;
- p12dcx->slot = slot;
- p12dcx->wincx = wincx;
- p12dcx->error = PR_FALSE;
- p12dcx->swapUnicodeBytes = swapUnicode;
- p12dcx->pwitem = pwitem;
-
- if(sec_pkcs12_decoder_convert_old_safe_to_bags(p12dcx, safe, baggage)
- != SECSuccess) {
- p12dcx->error = PR_TRUE;
- return NULL;
- }
-
- return p12dcx;
-}
diff --git a/security/nss/lib/pkcs12/p12dec.c b/security/nss/lib/pkcs12/p12dec.c
deleted file mode 100644
index 024a61dae..000000000
--- a/security/nss/lib/pkcs12/p12dec.c
+++ /dev/null
@@ -1,692 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "pkcs12.h"
-#include "plarena.h"
-#include "secpkcs7.h"
-#include "p12local.h"
-#include "secoid.h"
-#include "secitem.h"
-#include "secport.h"
-#include "secasn1.h"
-#include "secder.h"
-#include "secerr.h"
-#include "cert.h"
-#include "certdb.h"
-#include "p12plcy.h"
-#include "p12.h"
-
-/* PFX extraction and validation routines */
-
-/* decode the DER encoded PFX item. if unable to decode, check to see if it
- * is an older PFX item. If that fails, assume the file was not a valid
- * pfx file.
- * the returned pfx structure should be destroyed using SEC_PKCS12DestroyPFX
- */
-static SEC_PKCS12PFXItem *
-sec_pkcs12_decode_pfx(SECItem *der_pfx)
-{
- SEC_PKCS12PFXItem *pfx;
- SECStatus rv;
-
- if(der_pfx == NULL) {
- return NULL;
- }
-
- /* allocate the space for a new PFX item */
- pfx = sec_pkcs12_new_pfx();
- if(pfx == NULL) {
- return NULL;
- }
-
- rv = SEC_ASN1DecodeItem(pfx->poolp, pfx, SEC_PKCS12PFXItemTemplate,
- der_pfx);
-
- /* if a failure occurred, check for older version...
- * we also get rid of the old pfx structure, because we don't
- * know where it failed and what data in may contain
- */
- if(rv != SECSuccess) {
- SEC_PKCS12DestroyPFX(pfx);
- pfx = sec_pkcs12_new_pfx();
- if(pfx == NULL) {
- return NULL;
- }
- rv = SEC_ASN1DecodeItem(pfx->poolp, pfx, SEC_PKCS12PFXItemTemplate_OLD,
- der_pfx);
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_PKCS12_DECODING_PFX);
- PORT_FreeArena(pfx->poolp, PR_TRUE);
- return NULL;
- }
- pfx->old = PR_TRUE;
- SGN_CopyDigestInfo(pfx->poolp, &pfx->macData.safeMac, &pfx->old_safeMac);
- SECITEM_CopyItem(pfx->poolp, &pfx->macData.macSalt, &pfx->old_macSalt);
- } else {
- pfx->old = PR_FALSE;
- }
-
- /* convert bit string from bits to bytes */
- pfx->macData.macSalt.len /= 8;
-
- return pfx;
-}
-
-/* validate the integrity MAC used in the PFX. The MAC is generated
- * per the PKCS 12 document. If the MAC is incorrect, it is most likely
- * due to an invalid password.
- * pwitem is the integrity password
- * pfx is the decoded pfx item
- */
-static PRBool
-sec_pkcs12_check_pfx_mac(SEC_PKCS12PFXItem *pfx,
- SECItem *pwitem)
-{
- SECItem *key = NULL, *mac = NULL, *data = NULL;
- SECItem *vpwd = NULL;
- SECOidTag algorithm;
- PRBool ret = PR_FALSE;
-
- if(pfx == NULL) {
- return PR_FALSE;
- }
-
- algorithm = SECOID_GetAlgorithmTag(&pfx->macData.safeMac.digestAlgorithm);
- switch(algorithm) {
- /* only SHA1 hashing supported as a MACing algorithm */
- case SEC_OID_SHA1:
- if(pfx->old == PR_FALSE) {
- pfx->swapUnicode = PR_FALSE;
- }
-
-recheckUnicodePassword:
- vpwd = sec_pkcs12_create_virtual_password(pwitem,
- &pfx->macData.macSalt,
- pfx->swapUnicode);
- if(vpwd == NULL) {
- return PR_FALSE;
- }
-
- key = sec_pkcs12_generate_key_from_password(algorithm,
- &pfx->macData.macSalt,
- (pfx->old ? pwitem : vpwd));
- /* free vpwd only for newer PFX */
- if(vpwd) {
- SECITEM_ZfreeItem(vpwd, PR_TRUE);
- }
- if(key == NULL) {
- return PR_FALSE;
- }
-
- data = SEC_PKCS7GetContent(&pfx->authSafe);
- if(data == NULL) {
- break;
- }
-
- /* check MAC */
- mac = sec_pkcs12_generate_mac(key, data, pfx->old);
- ret = PR_TRUE;
- if(mac) {
- SECItem *safeMac = &pfx->macData.safeMac.digest;
- if(SECITEM_CompareItem(mac, safeMac) != SECEqual) {
-
- /* if we encounter an invalid mac, lets invert the
- * password in case of unicode changes
- */
- if(((!pfx->old) && pfx->swapUnicode) || (pfx->old)){
- PORT_SetError(SEC_ERROR_PKCS12_INVALID_MAC);
- ret = PR_FALSE;
- } else {
- SECITEM_ZfreeItem(mac, PR_TRUE);
- pfx->swapUnicode = PR_TRUE;
- goto recheckUnicodePassword;
- }
- }
- SECITEM_ZfreeItem(mac, PR_TRUE);
- } else {
- ret = PR_FALSE;
- }
- break;
- default:
- PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM);
- ret = PR_FALSE;
- break;
- }
-
- /* let success fall through */
- if(key != NULL)
- SECITEM_ZfreeItem(key, PR_TRUE);
-
- return ret;
-}
-
-/* check the validity of the pfx structure. we currently only support
- * password integrity mode, so we check the MAC.
- */
-static PRBool
-sec_pkcs12_validate_pfx(SEC_PKCS12PFXItem *pfx,
- SECItem *pwitem)
-{
- SECOidTag contentType;
-
- contentType = SEC_PKCS7ContentType(&pfx->authSafe);
- switch(contentType)
- {
- case SEC_OID_PKCS7_DATA:
- return sec_pkcs12_check_pfx_mac(pfx, pwitem);
- break;
- case SEC_OID_PKCS7_SIGNED_DATA:
- default:
- PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE);
- break;
- }
-
- return PR_FALSE;
-}
-
-/* decode and return the valid PFX. if the PFX item is not valid,
- * NULL is returned.
- */
-static SEC_PKCS12PFXItem *
-sec_pkcs12_get_pfx(SECItem *pfx_data,
- SECItem *pwitem)
-{
- SEC_PKCS12PFXItem *pfx;
- PRBool valid_pfx;
-
- if((pfx_data == NULL) || (pwitem == NULL)) {
- return NULL;
- }
-
- pfx = sec_pkcs12_decode_pfx(pfx_data);
- if(pfx == NULL) {
- return NULL;
- }
-
- valid_pfx = sec_pkcs12_validate_pfx(pfx, pwitem);
- if(valid_pfx != PR_TRUE) {
- SEC_PKCS12DestroyPFX(pfx);
- pfx = NULL;
- }
-
- return pfx;
-}
-
-/* authenticated safe decoding, validation, and access routines
- */
-
-/* convert dogbert beta 3 authenticated safe structure to a post
- * beta three structure, so that we don't have to change more routines.
- */
-static SECStatus
-sec_pkcs12_convert_old_auth_safe(SEC_PKCS12AuthenticatedSafe *asafe)
-{
- SEC_PKCS12Baggage *baggage;
- SEC_PKCS12BaggageItem *bag;
- SECStatus rv = SECSuccess;
-
- if(asafe->old_baggage.espvks == NULL) {
- /* XXX should the ASN1 engine produce a single NULL element list
- * rather than setting the pointer to NULL?
- * There is no need to return an error -- assume that the list
- * was empty.
- */
- return SECSuccess;
- }
-
- baggage = sec_pkcs12_create_baggage(asafe->poolp);
- if(!baggage) {
- return SECFailure;
- }
- bag = sec_pkcs12_create_external_bag(baggage);
- if(!bag) {
- return SECFailure;
- }
-
- PORT_Memcpy(&asafe->baggage, baggage, sizeof(SEC_PKCS12Baggage));
-
- /* if there are shrouded keys, append them to the bag */
- rv = SECSuccess;
- if(asafe->old_baggage.espvks[0] != NULL) {
- int nEspvk = 0;
- rv = SECSuccess;
- while((asafe->old_baggage.espvks[nEspvk] != NULL) &&
- (rv == SECSuccess)) {
- rv = sec_pkcs12_append_shrouded_key(bag,
- asafe->old_baggage.espvks[nEspvk]);
- nEspvk++;
- }
- }
-
- return rv;
-}
-
-/* decodes the authenticated safe item. a return of NULL indicates
- * an error. however, the error will have occured either in memory
- * allocation or in decoding the authenticated safe.
- *
- * if an old PFX item has been found, we want to convert the
- * old authenticated safe to the new one.
- */
-static SEC_PKCS12AuthenticatedSafe *
-sec_pkcs12_decode_authenticated_safe(SEC_PKCS12PFXItem *pfx)
-{
- SECItem *der_asafe = NULL;
- SEC_PKCS12AuthenticatedSafe *asafe = NULL;
- SECStatus rv;
-
- if(pfx == NULL) {
- return NULL;
- }
-
- der_asafe = SEC_PKCS7GetContent(&pfx->authSafe);
- if(der_asafe == NULL) {
- /* XXX set error ? */
- goto loser;
- }
-
- asafe = sec_pkcs12_new_asafe(pfx->poolp);
- if(asafe == NULL) {
- goto loser;
- }
-
- if(pfx->old == PR_FALSE) {
- rv = SEC_ASN1DecodeItem(pfx->poolp, asafe,
- SEC_PKCS12AuthenticatedSafeTemplate,
- der_asafe);
- asafe->old = PR_FALSE;
- asafe->swapUnicode = pfx->swapUnicode;
- } else {
- /* handle beta exported files */
- rv = SEC_ASN1DecodeItem(pfx->poolp, asafe,
- SEC_PKCS12AuthenticatedSafeTemplate_OLD,
- der_asafe);
- asafe->safe = &(asafe->old_safe);
- rv = sec_pkcs12_convert_old_auth_safe(asafe);
- asafe->old = PR_TRUE;
- }
-
- if(rv != SECSuccess) {
- goto loser;
- }
-
- asafe->poolp = pfx->poolp;
-
- return asafe;
-
-loser:
- return NULL;
-}
-
-/* validates the safe within the authenticated safe item.
- * in order to be valid:
- * 1. the privacy salt must be present
- * 2. the encryption algorithm must be supported (including
- * export policy)
- * PR_FALSE indicates an error, PR_TRUE indicates a valid safe
- */
-static PRBool
-sec_pkcs12_validate_encrypted_safe(SEC_PKCS12AuthenticatedSafe *asafe)
-{
- PRBool valid = PR_FALSE;
- SECAlgorithmID *algid;
-
- if(asafe == NULL) {
- return PR_FALSE;
- }
-
- /* if mode is password privacy, then privacySalt is assumed
- * to be non-zero.
- */
- if(asafe->privacySalt.len != 0) {
- valid = PR_TRUE;
- asafe->privacySalt.len /= 8;
- } else {
- PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
- return PR_FALSE;
- }
-
- /* until spec changes, content will have between 2 and 8 bytes depending
- * upon the algorithm used if certs are unencrypted...
- * also want to support case where content is empty -- which we produce
- */
- if(SEC_PKCS7IsContentEmpty(asafe->safe, 8) == PR_TRUE) {
- asafe->emptySafe = PR_TRUE;
- return PR_TRUE;
- }
-
- asafe->emptySafe = PR_FALSE;
-
- /* make sure that a pbe algorithm is being used */
- algid = SEC_PKCS7GetEncryptionAlgorithm(asafe->safe);
- if(algid != NULL) {
- if(SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
- valid = SEC_PKCS12DecryptionAllowed(algid);
-
- if(valid == PR_FALSE) {
- PORT_SetError(SEC_ERROR_BAD_EXPORT_ALGORITHM);
- }
- } else {
- PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM);
- valid = PR_FALSE;
- }
- } else {
- valid = PR_FALSE;
- PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM);
- }
-
- return valid;
-}
-
-/* validates authenticates safe:
- * 1. checks that the version is supported
- * 2. checks that only password privacy mode is used (currently)
- * 3. further, makes sure safe has appropriate policies per above function
- * PR_FALSE indicates failure.
- */
-static PRBool
-sec_pkcs12_validate_auth_safe(SEC_PKCS12AuthenticatedSafe *asafe)
-{
- PRBool valid = PR_TRUE;
- SECOidTag safe_type;
- int version;
-
- if(asafe == NULL) {
- return PR_FALSE;
- }
-
- /* check version, since it is default it may not be present.
- * therefore, assume ok
- */
- if((asafe->version.len > 0) && (asafe->old == PR_FALSE)) {
- version = DER_GetInteger(&asafe->version);
- if(version > SEC_PKCS12_PFX_VERSION) {
- PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION);
- return PR_FALSE;
- }
- }
-
- /* validate password mode is being used */
- safe_type = SEC_PKCS7ContentType(asafe->safe);
- switch(safe_type)
- {
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- valid = sec_pkcs12_validate_encrypted_safe(asafe);
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- default:
- PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE);
- valid = PR_FALSE;
- break;
- }
-
- return valid;
-}
-
-/* retrieves the authenticated safe item from the PFX item
- * before returning the authenticated safe, the validity of the
- * authenticated safe is checked and if valid, returned.
- * a return of NULL indicates that an error occured.
- */
-static SEC_PKCS12AuthenticatedSafe *
-sec_pkcs12_get_auth_safe(SEC_PKCS12PFXItem *pfx)
-{
- SEC_PKCS12AuthenticatedSafe *asafe;
- PRBool valid_safe;
-
- if(pfx == NULL) {
- return NULL;
- }
-
- asafe = sec_pkcs12_decode_authenticated_safe(pfx);
- if(asafe == NULL) {
- return NULL;
- }
-
- valid_safe = sec_pkcs12_validate_auth_safe(asafe);
- if(valid_safe != PR_TRUE) {
- asafe = NULL;
- } else if(asafe) {
- asafe->baggage.poolp = asafe->poolp;
- }
-
- return asafe;
-}
-
-/* decrypts the authenticated safe.
- * a return of anything but SECSuccess indicates an error. the
- * password is not known to be valid until the call to the
- * function sec_pkcs12_get_safe_contents. If decoding the safe
- * fails, it is assumed the password was incorrect and the error
- * is set then. any failure here is assumed to be due to
- * internal problems in SEC_PKCS7DecryptContents or below.
- */
-static SECStatus
-sec_pkcs12_decrypt_auth_safe(SEC_PKCS12AuthenticatedSafe *asafe,
- SECItem *pwitem,
- void *wincx)
-{
- SECStatus rv = SECFailure;
- SECItem *vpwd = NULL;
-
- if((asafe == NULL) || (pwitem == NULL)) {
- return SECFailure;
- }
-
- if(asafe->old == PR_FALSE) {
- vpwd = sec_pkcs12_create_virtual_password(pwitem, &asafe->privacySalt,
- asafe->swapUnicode);
- if(vpwd == NULL) {
- return SECFailure;
- }
- }
-
- rv = SEC_PKCS7DecryptContents(asafe->poolp, asafe->safe,
- (asafe->old ? pwitem : vpwd), wincx);
-
- if(asafe->old == PR_FALSE) {
- SECITEM_ZfreeItem(vpwd, PR_TRUE);
- }
-
- return rv;
-}
-
-/* extract the safe from the authenticated safe.
- * if we are unable to decode the safe, then it is likely that the
- * safe has not been decrypted or the password used to decrypt
- * the safe was invalid. we assume that the password was invalid and
- * set an error accordingly.
- * a return of NULL indicates that an error occurred.
- */
-static SEC_PKCS12SafeContents *
-sec_pkcs12_get_safe_contents(SEC_PKCS12AuthenticatedSafe *asafe)
-{
- SECItem *src = NULL;
- SEC_PKCS12SafeContents *safe = NULL;
- SECStatus rv = SECFailure;
-
- if(asafe == NULL) {
- return NULL;
- }
-
- safe = (SEC_PKCS12SafeContents *)PORT_ArenaZAlloc(asafe->poolp,
- sizeof(SEC_PKCS12SafeContents));
- if(safe == NULL) {
- return NULL;
- }
- safe->poolp = asafe->poolp;
- safe->old = asafe->old;
- safe->swapUnicode = asafe->swapUnicode;
-
- src = SEC_PKCS7GetContent(asafe->safe);
- if(src != NULL) {
- const SEC_ASN1Template *theTemplate;
- if(asafe->old != PR_TRUE) {
- theTemplate = SEC_PKCS12SafeContentsTemplate;
- } else {
- theTemplate = SEC_PKCS12SafeContentsTemplate_OLD;
- }
-
- rv = SEC_ASN1DecodeItem(asafe->poolp, safe, theTemplate, src);
-
- /* if we could not decode the item, password was probably invalid */
- if(rv != SECSuccess) {
- safe = NULL;
- PORT_SetError(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT);
- }
- } else {
- PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
- rv = SECFailure;
- }
-
- return safe;
-}
-
-/* import PFX item
- * der_pfx is the der encoded pfx structure
- * pbef and pbearg are the integrity/encryption password call back
- * ncCall is the nickname collision calllback
- * slot is the destination token
- * wincx window handler
- *
- * on error, error code set and SECFailure returned
- */
-SECStatus
-SEC_PKCS12PutPFX(SECItem *der_pfx, SECItem *pwitem,
- SEC_PKCS12NicknameCollisionCallback ncCall,
- PK11SlotInfo *slot,
- void *wincx)
-{
- SEC_PKCS12PFXItem *pfx;
- SEC_PKCS12AuthenticatedSafe *asafe;
- SEC_PKCS12SafeContents *safe_contents = NULL;
- SECStatus rv;
-
- if(!der_pfx || !pwitem || !slot) {
- return SECFailure;
- }
-
- /* decode and validate each section */
- rv = SECFailure;
-
- pfx = sec_pkcs12_get_pfx(der_pfx, pwitem);
- if(pfx != NULL) {
- asafe = sec_pkcs12_get_auth_safe(pfx);
- if(asafe != NULL) {
-
- /* decrypt safe -- only if not empty */
- if(asafe->emptySafe != PR_TRUE) {
- rv = sec_pkcs12_decrypt_auth_safe(asafe, pwitem, wincx);
- if(rv == SECSuccess) {
- safe_contents = sec_pkcs12_get_safe_contents(asafe);
- if(safe_contents == NULL) {
- rv = SECFailure;
- }
- }
- } else {
- safe_contents = sec_pkcs12_create_safe_contents(asafe->poolp);
- safe_contents->swapUnicode = pfx->swapUnicode;
- if(safe_contents == NULL) {
- rv = SECFailure;
- } else {
- rv = SECSuccess;
- }
- }
-
- /* get safe contents and begin import */
- if(rv == SECSuccess) {
- SEC_PKCS12DecoderContext *p12dcx;
-
- p12dcx = sec_PKCS12ConvertOldSafeToNew(pfx->poolp, slot,
- pfx->swapUnicode,
- pwitem, wincx, safe_contents,
- &asafe->baggage);
- if(!p12dcx) {
- rv = SECFailure;
- goto loser;
- }
-
- if(SEC_PKCS12DecoderValidateBags(p12dcx, ncCall)
- != SECSuccess) {
- rv = SECFailure;
- goto loser;
- }
-
- rv = SEC_PKCS12DecoderImportBags(p12dcx);
- }
-
- }
- }
-
-loser:
-
- if(pfx) {
- SEC_PKCS12DestroyPFX(pfx);
- }
-
- return rv;
-}
-
-PRBool
-SEC_PKCS12ValidData(char *buf, int bufLen, long int totalLength)
-{
- int lengthLength;
-
- PRBool valid = PR_FALSE;
-
- if(buf == NULL) {
- return PR_FALSE;
- }
-
- /* check for constructed sequence identifier tag */
- if(*buf == (SEC_ASN1_CONSTRUCTED | SEC_ASN1_SEQUENCE)) {
- totalLength--; /* header byte taken care of */
- buf++;
-
- lengthLength = (long int)SEC_ASN1LengthLength(totalLength - 1);
- if(totalLength > 0x7f) {
- lengthLength--;
- *buf &= 0x7f; /* remove bit 8 indicator */
- if((*buf - (char)lengthLength) == 0) {
- valid = PR_TRUE;
- }
- } else {
- lengthLength--;
- if((*buf - (char)lengthLength) == 0) {
- valid = PR_TRUE;
- }
- }
- }
-
- return valid;
-}
diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c
deleted file mode 100644
index 8cc683667..000000000
--- a/security/nss/lib/pkcs12/p12e.c
+++ /dev/null
@@ -1,2254 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "p12t.h"
-#include "p12.h"
-#include "plarena.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "seccomon.h"
-#include "secport.h"
-#include "cert.h"
-#include "secpkcs7.h"
-#include "secasn1.h"
-#include "secerr.h"
-#include "pk11func.h"
-#include "p12plcy.h"
-#include "p12local.h"
-#include "alghmac.h"
-#include "prcpucfg.h"
-
-/*********************************
- * Structures used in exporting the PKCS 12 blob
- *********************************/
-
-/* A SafeInfo is used for each ContentInfo which makes up the
- * sequence of safes in the AuthenticatedSafe portion of the
- * PFX structure.
- */
-struct SEC_PKCS12SafeInfoStr {
- PRArenaPool *arena;
-
- /* information for setting up password encryption */
- SECItem pwitem;
- SECOidTag algorithm;
- PK11SymKey *encryptionKey;
-
- /* how many items have been stored in this safe,
- * we will skip any safe which does not contain any
- * items
- */
- unsigned int itemCount;
-
- /* the content info for the safe */
- SEC_PKCS7ContentInfo *cinfo;
-
- sec_PKCS12SafeContents *safe;
-};
-
-/* An opaque structure which contains information needed for exporting
- * certificates and keys through PKCS 12.
- */
-struct SEC_PKCS12ExportContextStr {
- PRArenaPool *arena;
- PK11SlotInfo *slot;
- void *wincx;
-
- /* integrity information */
- PRBool integrityEnabled;
- PRBool pwdIntegrity;
- union {
- struct sec_PKCS12PasswordModeInfo pwdInfo;
- struct sec_PKCS12PublicKeyModeInfo pubkeyInfo;
- } integrityInfo;
-
- /* helper functions */
- /* retrieve the password call back */
- SECKEYGetPasswordKey pwfn;
- void *pwfnarg;
-
- /* safe contents bags */
- SEC_PKCS12SafeInfo **safeInfos;
- unsigned int safeInfoCount;
-
- /* the sequence of safes */
- sec_PKCS12AuthenticatedSafe authSafe;
-
- /* information needing deletion */
- CERTCertificate **certList;
-};
-
-/* structures for passing information to encoder callbacks when processing
- * data through the ASN1 engine.
- */
-struct sec_pkcs12_encoder_output {
- SEC_PKCS12EncoderOutputCallback outputfn;
- void *outputarg;
-};
-
-struct sec_pkcs12_hmac_and_output_info {
- void *arg;
- struct sec_pkcs12_encoder_output output;
-};
-
-/* An encoder context which is used for the actual encoding
- * portion of PKCS 12.
- */
-typedef struct sec_PKCS12EncoderContextStr {
- PRArenaPool *arena;
- SEC_PKCS12ExportContext *p12exp;
- PK11SymKey *encryptionKey;
-
- /* encoder information - this is set up based on whether
- * password based or public key pased privacy is being used
- */
- SEC_ASN1EncoderContext *ecx;
- union {
- struct sec_pkcs12_hmac_and_output_info hmacAndOutputInfo;
- struct sec_pkcs12_encoder_output encOutput;
- } output;
-
- /* structures for encoding of PFX and MAC */
- sec_PKCS12PFXItem pfx;
- sec_PKCS12MacData mac;
-
- /* authenticated safe encoding tracking information */
- SEC_PKCS7ContentInfo *aSafeCinfo;
- SEC_PKCS7EncoderContext *aSafeP7Ecx;
- SEC_ASN1EncoderContext *aSafeEcx;
- unsigned int currentSafe;
-
- /* hmac context */
- void *hmacCx;
-} sec_PKCS12EncoderContext;
-
-
-/*********************************
- * Export setup routines
- *********************************/
-
-/* SEC_PKCS12CreateExportContext
- * Creates an export context and sets the unicode and password retrieval
- * callbacks. This is the first call which must be made when exporting
- * a PKCS 12 blob.
- *
- * pwfn, pwfnarg - password retrieval callback and argument. these are
- * required for password-authentication mode.
- */
-SEC_PKCS12ExportContext *
-SEC_PKCS12CreateExportContext(SECKEYGetPasswordKey pwfn, void *pwfnarg,
- PK11SlotInfo *slot, void *wincx)
-{
- PRArenaPool *arena = NULL;
- SEC_PKCS12ExportContext *p12ctxt = NULL;
-
- /* allocate the arena and create the context */
- arena = PORT_NewArena(4096);
- if(!arena) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- p12ctxt = (SEC_PKCS12ExportContext *)PORT_ArenaZAlloc(arena,
- sizeof(SEC_PKCS12ExportContext));
- if(!p12ctxt) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* password callback for key retrieval */
- p12ctxt->pwfn = pwfn;
- p12ctxt->pwfnarg = pwfnarg;
-
- p12ctxt->integrityEnabled = PR_FALSE;
- p12ctxt->arena = arena;
- p12ctxt->wincx = wincx;
- p12ctxt->slot = (slot) ? slot : PK11_GetInternalSlot();
-
- return p12ctxt;
-
-loser:
- if(arena) {
- PORT_FreeArena(arena, PR_TRUE);
- }
-
- return NULL;
-}
-
-/*
- * Adding integrity mode
- */
-
-/* SEC_PKCS12AddPasswordIntegrity
- * Add password integrity to the exported data. If an integrity method
- * has already been set, then return an error.
- *
- * p12ctxt - the export context
- * pwitem - the password for integrity mode
- * integAlg - the integrity algorithm to use for authentication.
- */
-SECStatus
-SEC_PKCS12AddPasswordIntegrity(SEC_PKCS12ExportContext *p12ctxt,
- SECItem *pwitem, SECOidTag integAlg)
-{
- if(!p12ctxt || p12ctxt->integrityEnabled) {
- return SECFailure;
- }
-
- /* set up integrity information */
- p12ctxt->pwdIntegrity = PR_TRUE;
- p12ctxt->integrityInfo.pwdInfo.password =
- (SECItem*)PORT_ArenaZAlloc(p12ctxt->arena, sizeof(SECItem));
- if(!p12ctxt->integrityInfo.pwdInfo.password) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- if(SECITEM_CopyItem(p12ctxt->arena,
- p12ctxt->integrityInfo.pwdInfo.password, pwitem)
- != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- p12ctxt->integrityInfo.pwdInfo.algorithm = integAlg;
- p12ctxt->integrityEnabled = PR_TRUE;
-
- return SECSuccess;
-}
-
-/* SEC_PKCS12AddPublicKeyIntegrity
- * Add public key integrity to the exported data. If an integrity method
- * has already been set, then return an error. The certificate must be
- * allowed to be used as a signing cert.
- *
- * p12ctxt - the export context
- * cert - signer certificate
- * certDb - the certificate database
- * algorithm - signing algorithm
- * keySize - size of the signing key (?)
- */
-SECStatus
-SEC_PKCS12AddPublicKeyIntegrity(SEC_PKCS12ExportContext *p12ctxt,
- CERTCertificate *cert, CERTCertDBHandle *certDb,
- SECOidTag algorithm, int keySize)
-{
- if(!p12ctxt) {
- return SECFailure;
- }
-
- p12ctxt->integrityInfo.pubkeyInfo.cert = cert;
- p12ctxt->integrityInfo.pubkeyInfo.certDb = certDb;
- p12ctxt->integrityInfo.pubkeyInfo.algorithm = algorithm;
- p12ctxt->integrityInfo.pubkeyInfo.keySize = keySize;
- p12ctxt->integrityEnabled = PR_TRUE;
-
- return SECSuccess;
-}
-
-
-/*
- * Adding safes - encrypted (password/public key) or unencrypted
- * Each of the safe creation routines return an opaque pointer which
- * are later passed into the routines for exporting certificates and
- * keys.
- */
-
-/* append the newly created safeInfo to list of safeInfos in the export
- * context.
- */
-static SECStatus
-sec_pkcs12_append_safe_info(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *info)
-{
- void *mark = NULL, *dummy1 = NULL, *dummy2 = NULL;
-
- if(!p12ctxt || !info) {
- return SECFailure;
- }
-
- mark = PORT_ArenaMark(p12ctxt->arena);
-
- /* if no safeInfos have been set, create the list, otherwise expand it. */
- if(!p12ctxt->safeInfoCount) {
- p12ctxt->safeInfos = (SEC_PKCS12SafeInfo **)PORT_ArenaZAlloc(p12ctxt->arena,
- 2 * sizeof(SEC_PKCS12SafeInfo *));
- dummy1 = p12ctxt->safeInfos;
- p12ctxt->authSafe.encodedSafes = (SECItem **)PORT_ArenaZAlloc(p12ctxt->arena,
- 2 * sizeof(SECItem *));
- dummy2 = p12ctxt->authSafe.encodedSafes;
- } else {
- dummy1 = PORT_ArenaGrow(p12ctxt->arena, p12ctxt->safeInfos,
- (p12ctxt->safeInfoCount + 1) * sizeof(SEC_PKCS12SafeInfo *),
- (p12ctxt->safeInfoCount + 2) * sizeof(SEC_PKCS12SafeInfo *));
- p12ctxt->safeInfos = (SEC_PKCS12SafeInfo **)dummy1;
- dummy2 = PORT_ArenaGrow(p12ctxt->arena, p12ctxt->authSafe.encodedSafes,
- (p12ctxt->authSafe.safeCount + 1) * sizeof(SECItem *),
- (p12ctxt->authSafe.safeCount + 2) * sizeof(SECItem *));
- p12ctxt->authSafe.encodedSafes = (SECItem**)dummy2;
- }
- if(!dummy1 || !dummy2) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* append the new safeInfo and null terminate the list */
- p12ctxt->safeInfos[p12ctxt->safeInfoCount] = info;
- p12ctxt->safeInfos[++p12ctxt->safeInfoCount] = NULL;
- p12ctxt->authSafe.encodedSafes[p12ctxt->authSafe.safeCount] =
- (SECItem*)PORT_ArenaZAlloc(p12ctxt->arena, sizeof(SECItem));
- if(!p12ctxt->authSafe.encodedSafes[p12ctxt->authSafe.safeCount]) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- p12ctxt->authSafe.encodedSafes[++p12ctxt->authSafe.safeCount] = NULL;
-
- PORT_ArenaUnmark(p12ctxt->arena, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease(p12ctxt->arena, mark);
- return SECFailure;
-}
-
-/* SEC_PKCS12CreatePasswordPrivSafe
- * Create a password privacy safe to store exported information in.
- *
- * p12ctxt - export context
- * pwitem - password for encryption
- * privAlg - pbe algorithm through which encryption is done.
- */
-SEC_PKCS12SafeInfo *
-SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt,
- SECItem *pwitem, SECOidTag privAlg)
-{
- SEC_PKCS12SafeInfo *safeInfo = NULL;
- void *mark = NULL;
- PK11SlotInfo *slot;
- SECAlgorithmID *algId;
- SECItem uniPwitem = {siBuffer, NULL, 0};
-
- if(!p12ctxt) {
- return NULL;
- }
-
- /* allocate the safe info */
- mark = PORT_ArenaMark(p12ctxt->arena);
- safeInfo = (SEC_PKCS12SafeInfo *)PORT_ArenaZAlloc(p12ctxt->arena,
- sizeof(SEC_PKCS12SafeInfo));
- if(!safeInfo) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_ArenaRelease(p12ctxt->arena, mark);
- return NULL;
- }
-
- safeInfo->itemCount = 0;
-
- /* create the encrypted safe */
- safeInfo->cinfo = SEC_PKCS7CreateEncryptedData(privAlg, 0, p12ctxt->pwfn,
- p12ctxt->pwfnarg);
- if(!safeInfo->cinfo) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- safeInfo->arena = p12ctxt->arena;
-
- /* convert the password to unicode */
- if(!sec_pkcs12_convert_item_to_unicode(NULL, &uniPwitem, pwitem,
- PR_TRUE, PR_TRUE, PR_TRUE)) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- if(SECITEM_CopyItem(p12ctxt->arena, &safeInfo->pwitem, &uniPwitem) != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* generate the encryption key */
- slot = p12ctxt->slot;
- if(!slot) {
- slot = PK11_GetInternalKeySlot();
- if(!slot) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- }
-
- algId = SEC_PKCS7GetEncryptionAlgorithm(safeInfo->cinfo);
- safeInfo->encryptionKey = PK11_PBEKeyGen(slot, algId, &uniPwitem,
- PR_FALSE, p12ctxt->wincx);
- if(!safeInfo->encryptionKey) {
- goto loser;
- }
-
- safeInfo->arena = p12ctxt->arena;
- safeInfo->safe = NULL;
- if(sec_pkcs12_append_safe_info(p12ctxt, safeInfo) != SECSuccess) {
- goto loser;
- }
-
- if(uniPwitem.data) {
- SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
- }
- PORT_ArenaUnmark(p12ctxt->arena, mark);
- return safeInfo;
-
-loser:
- if(safeInfo->cinfo) {
- SEC_PKCS7DestroyContentInfo(safeInfo->cinfo);
- }
-
- if(uniPwitem.data) {
- SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
- }
-
- PORT_ArenaRelease(p12ctxt->arena, mark);
- return NULL;
-}
-
-/* SEC_PKCS12CreateUnencryptedSafe
- * Creates an unencrypted safe within the export context.
- *
- * p12ctxt - the export context
- */
-SEC_PKCS12SafeInfo *
-SEC_PKCS12CreateUnencryptedSafe(SEC_PKCS12ExportContext *p12ctxt)
-{
- SEC_PKCS12SafeInfo *safeInfo = NULL;
- void *mark = NULL;
-
- if(!p12ctxt) {
- return NULL;
- }
-
- /* create the safe info */
- mark = PORT_ArenaMark(p12ctxt->arena);
- safeInfo = (SEC_PKCS12SafeInfo *)PORT_ArenaZAlloc(p12ctxt->arena,
- sizeof(SEC_PKCS12SafeInfo));
- if(!safeInfo) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- safeInfo->itemCount = 0;
-
- /* create the safe content */
- safeInfo->cinfo = SEC_PKCS7CreateData();
- if(!safeInfo->cinfo) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- if(sec_pkcs12_append_safe_info(p12ctxt, safeInfo) != SECSuccess) {
- goto loser;
- }
-
- PORT_ArenaUnmark(p12ctxt->arena, mark);
- return safeInfo;
-
-loser:
- if(safeInfo->cinfo) {
- SEC_PKCS7DestroyContentInfo(safeInfo->cinfo);
- }
-
- PORT_ArenaRelease(p12ctxt->arena, mark);
- return NULL;
-}
-
-/* SEC_PKCS12CreatePubKeyEncryptedSafe
- * Creates a safe which is protected by public key encryption.
- *
- * p12ctxt - the export context
- * certDb - the certificate database
- * signer - the signer's certificate
- * recipients - the list of recipient certificates.
- * algorithm - the encryption algorithm to use
- * keysize - the algorithms key size (?)
- */
-SEC_PKCS12SafeInfo *
-SEC_PKCS12CreatePubKeyEncryptedSafe(SEC_PKCS12ExportContext *p12ctxt,
- CERTCertDBHandle *certDb,
- CERTCertificate *signer,
- CERTCertificate **recipients,
- SECOidTag algorithm, int keysize)
-{
- SEC_PKCS12SafeInfo *safeInfo = NULL;
- void *mark = NULL;
-
- if(!p12ctxt || !signer || !recipients || !(*recipients)) {
- return NULL;
- }
-
- /* allocate the safeInfo */
- mark = PORT_ArenaMark(p12ctxt->arena);
- safeInfo = (SEC_PKCS12SafeInfo *)PORT_ArenaZAlloc(p12ctxt->arena,
- sizeof(SEC_PKCS12SafeInfo));
- if(!safeInfo) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- safeInfo->itemCount = 0;
- safeInfo->arena = p12ctxt->arena;
-
- /* create the enveloped content info using certUsageEmailSigner currently.
- * XXX We need to eventually use something other than certUsageEmailSigner
- */
- safeInfo->cinfo = SEC_PKCS7CreateEnvelopedData(signer, certUsageEmailSigner,
- certDb, algorithm, keysize,
- p12ctxt->pwfn, p12ctxt->pwfnarg);
- if(!safeInfo->cinfo) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* add recipients */
- if(recipients) {
- unsigned int i = 0;
- while(recipients[i] != NULL) {
- SECStatus rv = SEC_PKCS7AddRecipient(safeInfo->cinfo, recipients[i],
- certUsageEmailRecipient, certDb);
- if(rv != SECSuccess) {
- goto loser;
- }
- i++;
- }
- }
-
- if(sec_pkcs12_append_safe_info(p12ctxt, safeInfo) != SECSuccess) {
- goto loser;
- }
-
- PORT_ArenaUnmark(p12ctxt->arena, mark);
- return safeInfo;
-
-loser:
- if(safeInfo->cinfo) {
- SEC_PKCS7DestroyContentInfo(safeInfo->cinfo);
- safeInfo->cinfo = NULL;
- }
-
- PORT_ArenaRelease(p12ctxt->arena, mark);
- return NULL;
-}
-
-/*********************************
- * Routines to handle the exporting of the keys and certificates
- *********************************/
-
-/* creates a safe contents which safeBags will be appended to */
-sec_PKCS12SafeContents *
-sec_PKCS12CreateSafeContents(PRArenaPool *arena)
-{
- sec_PKCS12SafeContents *safeContents;
-
- if(arena == NULL) {
- return NULL;
- }
-
- /* create the safe contents */
- safeContents = (sec_PKCS12SafeContents *)PORT_ArenaZAlloc(arena,
- sizeof(sec_PKCS12SafeContents));
- if(!safeContents) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* set up the internal contents info */
- safeContents->safeBags = NULL;
- safeContents->arena = arena;
- safeContents->bagCount = 0;
-
- return safeContents;
-
-loser:
- return NULL;
-}
-
-/* appends a safe bag to a safeContents using the specified arena.
- */
-SECStatus
-sec_pkcs12_append_bag_to_safe_contents(PRArenaPool *arena,
- sec_PKCS12SafeContents *safeContents,
- sec_PKCS12SafeBag *safeBag)
-{
- void *mark = NULL, *dummy = NULL;
-
- if(!arena || !safeBag || !safeContents) {
- return SECFailure;
- }
-
- mark = PORT_ArenaMark(arena);
- if(!mark) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- /* allocate space for the list, or reallocate to increase space */
- if(!safeContents->safeBags) {
- safeContents->safeBags = (sec_PKCS12SafeBag **)PORT_ArenaZAlloc(arena,
- (2 * sizeof(sec_PKCS12SafeBag *)));
- dummy = safeContents->safeBags;
- safeContents->bagCount = 0;
- } else {
- dummy = PORT_ArenaGrow(arena, safeContents->safeBags,
- (safeContents->bagCount + 1) * sizeof(sec_PKCS12SafeBag *),
- (safeContents->bagCount + 2) * sizeof(sec_PKCS12SafeBag *));
- safeContents->safeBags = (sec_PKCS12SafeBag **)dummy;
- }
-
- if(!dummy) {
- PORT_ArenaRelease(arena, mark);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- /* append the bag at the end and null terminate the list */
- safeContents->safeBags[safeContents->bagCount++] = safeBag;
- safeContents->safeBags[safeContents->bagCount] = NULL;
-
- PORT_ArenaUnmark(arena, mark);
-
- return SECSuccess;
-}
-
-/* appends a safeBag to a specific safeInfo.
- */
-SECStatus
-sec_pkcs12_append_bag(SEC_PKCS12ExportContext *p12ctxt,
- SEC_PKCS12SafeInfo *safeInfo, sec_PKCS12SafeBag *safeBag)
-{
- sec_PKCS12SafeContents *dest;
- SECStatus rv = SECFailure;
-
- if(!p12ctxt || !safeBag || !safeInfo) {
- return SECFailure;
- }
-
- if(!safeInfo->safe) {
- safeInfo->safe = sec_PKCS12CreateSafeContents(p12ctxt->arena);
- if(!safeInfo->safe) {
- return SECFailure;
- }
- }
-
- dest = safeInfo->safe;
- rv = sec_pkcs12_append_bag_to_safe_contents(p12ctxt->arena, dest, safeBag);
- if(rv == SECSuccess) {
- safeInfo->itemCount++;
- }
-
- return rv;
-}
-
-/* Creates a safeBag of the specified type, and if bagData is specified,
- * the contents are set. The contents could be set later by the calling
- * routine.
- */
-sec_PKCS12SafeBag *
-sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType,
- void *bagData)
-{
- sec_PKCS12SafeBag *safeBag;
- PRBool setName = PR_TRUE;
- void *mark = NULL;
- SECStatus rv = SECSuccess;
- SECOidData *oidData = NULL;
-
- if(!p12ctxt) {
- return NULL;
- }
-
- mark = PORT_ArenaMark(p12ctxt->arena);
- if(!mark) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- safeBag = (sec_PKCS12SafeBag *)PORT_ArenaZAlloc(p12ctxt->arena,
- sizeof(sec_PKCS12SafeBag));
- if(!safeBag) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- /* set the bags content based upon bag type */
- switch(bagType) {
- case SEC_OID_PKCS12_V1_KEY_BAG_ID:
- safeBag->safeBagContent.pkcs8KeyBag =
- (SECKEYPrivateKeyInfo *)bagData;
- break;
- case SEC_OID_PKCS12_V1_CERT_BAG_ID:
- safeBag->safeBagContent.certBag = (sec_PKCS12CertBag *)bagData;
- break;
- case SEC_OID_PKCS12_V1_CRL_BAG_ID:
- safeBag->safeBagContent.crlBag = (sec_PKCS12CRLBag *)bagData;
- break;
- case SEC_OID_PKCS12_V1_SECRET_BAG_ID:
- safeBag->safeBagContent.secretBag = (sec_PKCS12SecretBag *)bagData;
- break;
- case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
- safeBag->safeBagContent.pkcs8ShroudedKeyBag =
- (SECKEYEncryptedPrivateKeyInfo *)bagData;
- break;
- case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID:
- safeBag->safeBagContent.safeContents =
- (sec_PKCS12SafeContents *)bagData;
- setName = PR_FALSE;
- break;
- default:
- goto loser;
- }
-
- oidData = SECOID_FindOIDByTag(bagType);
- if(oidData) {
- rv = SECITEM_CopyItem(p12ctxt->arena, &safeBag->safeBagType, &oidData->oid);
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- } else {
- goto loser;
- }
-
- safeBag->arena = p12ctxt->arena;
- PORT_ArenaUnmark(p12ctxt->arena, mark);
-
- return safeBag;
-
-loser:
- if(mark) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- }
-
- return NULL;
-}
-
-/* Creates a new certificate bag and returns a pointer to it. If an error
- * occurs NULL is returned.
- */
-sec_PKCS12CertBag *
-sec_PKCS12NewCertBag(PRArenaPool *arena, SECOidTag certType)
-{
- sec_PKCS12CertBag *certBag = NULL;
- SECOidData *bagType = NULL;
- SECStatus rv;
- void *mark = NULL;
-
- if(!arena) {
- return NULL;
- }
-
- mark = PORT_ArenaMark(arena);
- certBag = (sec_PKCS12CertBag *)PORT_ArenaZAlloc(arena,
- sizeof(sec_PKCS12CertBag));
- if(!certBag) {
- PORT_ArenaRelease(arena, mark);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- bagType = SECOID_FindOIDByTag(certType);
- if(!bagType) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- rv = SECITEM_CopyItem(arena, &certBag->bagID, &bagType->oid);
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- PORT_ArenaUnmark(arena, mark);
- return certBag;
-
-loser:
- PORT_ArenaRelease(arena, mark);
- return NULL;
-}
-
-/* Creates a new CRL bag and returns a pointer to it. If an error
- * occurs NULL is returned.
- */
-sec_PKCS12CRLBag *
-sec_PKCS12NewCRLBag(PRArenaPool *arena, SECOidTag crlType)
-{
- sec_PKCS12CRLBag *crlBag = NULL;
- SECOidData *bagType = NULL;
- SECStatus rv;
- void *mark = NULL;
-
- if(!arena) {
- return NULL;
- }
-
- mark = PORT_ArenaMark(arena);
- crlBag = (sec_PKCS12CRLBag *)PORT_ArenaZAlloc(arena,
- sizeof(sec_PKCS12CRLBag));
- if(!crlBag) {
- PORT_ArenaRelease(arena, mark);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- bagType = SECOID_FindOIDByTag(crlType);
- if(!bagType) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- rv = SECITEM_CopyItem(arena, &crlBag->bagID, &bagType->oid);
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- PORT_ArenaUnmark(arena, mark);
- return crlBag;
-
-loser:
- PORT_ArenaRelease(arena, mark);
- return NULL;
-}
-
-/* sec_PKCS12AddAttributeToBag
- * adds an attribute to a safeBag. currently, the only attributes supported
- * are those which are specified within PKCS 12.
- *
- * p12ctxt - the export context
- * safeBag - the safeBag to which attributes are appended
- * attrType - the attribute type
- * attrData - the attribute data
- */
-SECStatus
-sec_PKCS12AddAttributeToBag(SEC_PKCS12ExportContext *p12ctxt,
- sec_PKCS12SafeBag *safeBag, SECOidTag attrType,
- SECItem *attrData)
-{
- sec_PKCS12Attribute *attribute;
- void *mark = NULL, *dummy = NULL;
- SECOidData *oiddata = NULL;
- SECItem unicodeName = { siBuffer, NULL, 0};
- void *src = NULL;
- unsigned int nItems = 0;
- SECStatus rv;
-
- if(!safeBag || !p12ctxt) {
- return SECFailure;
- }
-
- mark = PORT_ArenaMark(safeBag->arena);
-
- /* allocate the attribute */
- attribute = (sec_PKCS12Attribute *)PORT_ArenaZAlloc(safeBag->arena,
- sizeof(sec_PKCS12Attribute));
- if(!attribute) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* set up the attribute */
- oiddata = SECOID_FindOIDByTag(attrType);
- if(!oiddata) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- if(SECITEM_CopyItem(p12ctxt->arena, &attribute->attrType, &oiddata->oid) !=
- SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- nItems = 1;
- switch(attrType) {
- case SEC_OID_PKCS9_LOCAL_KEY_ID:
- {
- src = attrData;
- break;
- }
- case SEC_OID_PKCS9_FRIENDLY_NAME:
- {
- if(!sec_pkcs12_convert_item_to_unicode(p12ctxt->arena,
- &unicodeName, attrData, PR_FALSE,
- PR_FALSE, PR_TRUE)) {
- goto loser;
- }
- src = &unicodeName;
- break;
- }
- default:
- goto loser;
- }
-
- /* append the attribute to the attribute value list */
- attribute->attrValue = (SECItem **)PORT_ArenaZAlloc(p12ctxt->arena,
- ((nItems + 1) * sizeof(SECItem *)));
- if(!attribute->attrValue) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* XXX this will need to be changed if attributes requiring more than
- * one element are ever used.
- */
- attribute->attrValue[0] = (SECItem *)PORT_ArenaZAlloc(p12ctxt->arena,
- sizeof(SECItem));
- if(!attribute->attrValue[0]) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- attribute->attrValue[1] = NULL;
-
- rv = SECITEM_CopyItem(p12ctxt->arena, attribute->attrValue[0],
- (SECItem*)src);
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* append the attribute to the safeBag attributes */
- if(safeBag->nAttribs) {
- dummy = PORT_ArenaGrow(p12ctxt->arena, safeBag->attribs,
- ((safeBag->nAttribs + 1) * sizeof(sec_PKCS12Attribute *)),
- ((safeBag->nAttribs + 2) * sizeof(sec_PKCS12Attribute *)));
- safeBag->attribs = (sec_PKCS12Attribute **)dummy;
- } else {
- safeBag->attribs = (sec_PKCS12Attribute **)PORT_ArenaZAlloc(p12ctxt->arena,
- 2 * sizeof(sec_PKCS12Attribute *));
- dummy = safeBag->attribs;
- }
- if(!dummy) {
- goto loser;
- }
-
- safeBag->attribs[safeBag->nAttribs] = attribute;
- safeBag->attribs[++safeBag->nAttribs] = NULL;
-
- PORT_ArenaUnmark(p12ctxt->arena, mark);
- return SECSuccess;
-
-loser:
- if(mark) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- }
-
- return SECFailure;
-}
-
-/* SEC_PKCS12AddCert
- * Adds a certificate to the data being exported.
- *
- * p12ctxt - the export context
- * safe - the safeInfo to which the certificate is placed
- * nestedDest - if the cert is to be placed within a nested safeContents then,
- * this value is to be specified with the destination
- * cert - the cert to export
- * certDb - the certificate database handle
- * keyId - a unique identifier to associate a certificate/key pair
- * includeCertChain - PR_TRUE if the certificate chain is to be included.
- */
-SECStatus
-SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *safe,
- void *nestedDest, CERTCertificate *cert,
- CERTCertDBHandle *certDb, SECItem *keyId,
- PRBool includeCertChain)
-{
- sec_PKCS12CertBag *certBag;
- sec_PKCS12SafeBag *safeBag;
- void *mark;
- SECStatus rv;
- SECItem nick = {siBuffer, NULL,0};
-
- if(!p12ctxt || !cert) {
- return SECFailure;
- }
- mark = PORT_ArenaMark(p12ctxt->arena);
-
- /* allocate the cert bag */
- certBag = sec_PKCS12NewCertBag(p12ctxt->arena,
- SEC_OID_PKCS9_X509_CERT);
- if(!certBag) {
- goto loser;
- }
-
- if(SECITEM_CopyItem(p12ctxt->arena, &certBag->value.x509Cert,
- &cert->derCert) != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* if the cert chain is to be included, we should only be exporting
- * the cert from our internal database.
- */
- if(includeCertChain) {
- CERTCertificateList *certList = CERT_CertChainFromCert(cert,
- certUsageSSLClient,
- PR_TRUE);
- unsigned int count = 0;
- if(!certList) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* add cert chain */
- for(count = 0; count < (unsigned int)certList->len; count++) {
- if(SECITEM_CompareItem(&certList->certs[count], &cert->derCert)
- != SECEqual) {
- CERTCertificate *tempCert;
-
- /* decode the certificate */
- tempCert = CERT_NewTempCertificate(certDb,
- &certList->certs[count], NULL,
- PR_FALSE, PR_TRUE);
- if(!tempCert) {
- CERT_DestroyCertificateList(certList);
- goto loser;
- }
-
- /* add the certificate */
- if(SEC_PKCS12AddCert(p12ctxt, safe, nestedDest, tempCert, certDb,
- NULL, PR_FALSE) != SECSuccess) {
- CERT_DestroyCertificate(tempCert);
- CERT_DestroyCertificateList(certList);
- goto loser;
- }
- CERT_DestroyCertificate(tempCert);
- }
- }
- CERT_DestroyCertificateList(certList);
- }
-
- /* if the certificate has a nickname, we will set the friendly name
- * to that.
- */
- if(cert->nickname) {
- if (cert->slot && !PK11_IsInternal(cert->slot)) {
- /*
- * The cert is coming off of an external token,
- * let's strip the token name from the nickname
- * and only add what comes after the colon as the
- * nickname. -javi
- */
- char *delimit;
-
- delimit = PORT_Strchr(cert->nickname,':');
- if (delimit == NULL) {
- nick.data = (unsigned char *)cert->nickname;
- nick.len = PORT_Strlen(cert->nickname);
- } else {
- delimit++;
- nick.data = (unsigned char *)PORT_ArenaStrdup(p12ctxt->arena,
- delimit);
- nick.len = PORT_Strlen(delimit);
- }
- } else {
- nick.data = (unsigned char *)cert->nickname;
- nick.len = PORT_Strlen(cert->nickname);
- }
- }
-
- safeBag = sec_PKCS12CreateSafeBag(p12ctxt, SEC_OID_PKCS12_V1_CERT_BAG_ID,
- certBag);
- if(!safeBag) {
- goto loser;
- }
-
- /* add the friendly name and keyId attributes, if necessary */
- if(nick.data) {
- if(sec_PKCS12AddAttributeToBag(p12ctxt, safeBag,
- SEC_OID_PKCS9_FRIENDLY_NAME, &nick)
- != SECSuccess) {
- goto loser;
- }
- }
-
- if(keyId) {
- if(sec_PKCS12AddAttributeToBag(p12ctxt, safeBag, SEC_OID_PKCS9_LOCAL_KEY_ID,
- keyId) != SECSuccess) {
- goto loser;
- }
- }
-
- /* append the cert safeBag */
- if(nestedDest) {
- rv = sec_pkcs12_append_bag_to_safe_contents(p12ctxt->arena,
- (sec_PKCS12SafeContents*)nestedDest,
- safeBag);
- } else {
- rv = sec_pkcs12_append_bag(p12ctxt, safe, safeBag);
- }
-
- if(rv != SECSuccess) {
- goto loser;
- }
-
- PORT_ArenaUnmark(p12ctxt->arena, mark);
- return SECSuccess;
-
-loser:
- if(mark) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- }
-
- return SECFailure;
-}
-
-/* SEC_PKCS12AddEncryptedKey
- * Extracts the key associated with a particular certificate and exports
- * it.
- *
- * p12ctxt - the export context
- * safe - the safeInfo to place the key in
- * nestedDest - the nested safeContents to place a key
- * cert - the certificate which the key belongs to
- * shroudKey - encrypt the private key for export. This value should
- * always be true. lower level code will not allow the export
- * of unencrypted private keys.
- * algorithm - the algorithm with which to encrypt the private key
- * pwitem - the password to encrypted the private key with
- * keyId - the keyID attribute
- * nickName - the nickname attribute
- */
-static SECStatus
-SEC_PKCS12AddEncryptedKey(SEC_PKCS12ExportContext *p12ctxt,
- SECKEYEncryptedPrivateKeyInfo *epki, SEC_PKCS12SafeInfo *safe,
- void *nestedDest, SECItem *keyId, SECItem *nickName)
-{
- void *mark;
- void *keyItem;
- SECOidTag keyType;
- SECStatus rv = SECFailure;
- sec_PKCS12SafeBag *returnBag;
-
- if(!p12ctxt || !safe || !epki) {
- return SECFailure;
- }
-
- mark = PORT_ArenaMark(p12ctxt->arena);
-
- keyItem = PORT_ArenaZAlloc(p12ctxt->arena,
- sizeof(SECKEYEncryptedPrivateKeyInfo));
- if(!keyItem) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- rv = SECKEY_CopyEncryptedPrivateKeyInfo(p12ctxt->arena,
- (SECKEYEncryptedPrivateKeyInfo *)keyItem,
- epki);
- keyType = SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID;
-
- if(rv != SECSuccess) {
- goto loser;
- }
-
- /* create the safe bag and set any attributes */
- returnBag = sec_PKCS12CreateSafeBag(p12ctxt, keyType, keyItem);
- if(!returnBag) {
- rv = SECFailure;
- goto loser;
- }
-
- if(nickName) {
- if(sec_PKCS12AddAttributeToBag(p12ctxt, returnBag,
- SEC_OID_PKCS9_FRIENDLY_NAME, nickName)
- != SECSuccess) {
- goto loser;
- }
- }
-
- if(keyId) {
- if(sec_PKCS12AddAttributeToBag(p12ctxt, returnBag, SEC_OID_PKCS9_LOCAL_KEY_ID,
- keyId) != SECSuccess) {
- goto loser;
- }
- }
-
- if(nestedDest) {
- rv = sec_pkcs12_append_bag_to_safe_contents(p12ctxt->arena,
- (sec_PKCS12SafeContents*)nestedDest,
- returnBag);
- } else {
- rv = sec_pkcs12_append_bag(p12ctxt, safe, returnBag);
- }
-
-loser:
-
- if (rv != SECSuccess) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- } else {
- PORT_ArenaUnmark(p12ctxt->arena, mark);
- }
-
- return rv;
-}
-
-/* SEC_PKCS12AddKeyForCert
- * Extracts the key associated with a particular certificate and exports
- * it.
- *
- * p12ctxt - the export context
- * safe - the safeInfo to place the key in
- * nestedDest - the nested safeContents to place a key
- * cert - the certificate which the key belongs to
- * shroudKey - encrypt the private key for export. This value should
- * always be true. lower level code will not allow the export
- * of unencrypted private keys.
- * algorithm - the algorithm with which to encrypt the private key
- * pwitem - the password to encrypt the private key with
- * keyId - the keyID attribute
- * nickName - the nickname attribute
- */
-SECStatus
-SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *safe,
- void *nestedDest, CERTCertificate *cert,
- PRBool shroudKey, SECOidTag algorithm, SECItem *pwitem,
- SECItem *keyId, SECItem *nickName)
-{
- void *mark;
- void *keyItem;
- SECOidTag keyType;
- SECStatus rv = SECFailure;
- SECItem nickname = {siBuffer,NULL,0}, uniPwitem = {siBuffer, NULL, 0};
- sec_PKCS12SafeBag *returnBag;
-
- if(!p12ctxt || !cert || !safe) {
- return SECFailure;
- }
-
- mark = PORT_ArenaMark(p12ctxt->arena);
-
- /* retrieve the key based upon the type that it is and
- * specify the type of safeBag to store the key in
- */
- if(!shroudKey) {
-
- /* extract the key unencrypted. this will most likely go away */
- SECKEYPrivateKeyInfo *pki = PK11_ExportPrivateKeyInfo(cert,
- p12ctxt->wincx);
- if(!pki) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY);
- return SECFailure;
- }
- keyItem = PORT_ArenaZAlloc(p12ctxt->arena, sizeof(SECKEYPrivateKeyInfo));
- if(!keyItem) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- rv = SECKEY_CopyPrivateKeyInfo(p12ctxt->arena,
- (SECKEYPrivateKeyInfo *)keyItem, pki);
- keyType = SEC_OID_PKCS12_V1_KEY_BAG_ID;
- SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE);
- } else {
-
- /* extract the key encrypted */
- SECKEYEncryptedPrivateKeyInfo *epki = NULL;
- PK11SlotInfo *slot = p12ctxt->slot;
-
- if(!sec_pkcs12_convert_item_to_unicode(p12ctxt->arena, &uniPwitem,
- pwitem, PR_TRUE, PR_TRUE, PR_TRUE)) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* we want to make sure to take the key out of the key slot */
- if(PK11_IsInternal(p12ctxt->slot)) {
- slot = PK11_GetInternalKeySlot();
- }
-
- epki = PK11_ExportEncryptedPrivateKeyInfo(slot, algorithm,
- &uniPwitem, cert, 1,
- p12ctxt->wincx);
- if(PK11_IsInternal(p12ctxt->slot)) {
- PK11_FreeSlot(slot);
- }
-
- keyItem = PORT_ArenaZAlloc(p12ctxt->arena,
- sizeof(SECKEYEncryptedPrivateKeyInfo));
- if(!keyItem) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- if(!epki) {
- PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY);
- return SECFailure;
- }
- rv = SECKEY_CopyEncryptedPrivateKeyInfo(p12ctxt->arena,
- (SECKEYEncryptedPrivateKeyInfo *)keyItem,
- epki);
- keyType = SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID;
- SECKEY_DestroyEncryptedPrivateKeyInfo(epki, PR_TRUE);
- }
-
- if(rv != SECSuccess) {
- goto loser;
- }
-
- /* if no nickname specified, let's see if the certificate has a
- * nickname.
- */
- if(!nickName) {
- if(cert->nickname) {
- nickname.data = (unsigned char *)cert->nickname;
- nickname.len = PORT_Strlen(cert->nickname);
- nickName = &nickname;
- }
- }
-
- /* create the safe bag and set any attributes */
- returnBag = sec_PKCS12CreateSafeBag(p12ctxt, keyType, keyItem);
- if(!returnBag) {
- rv = SECFailure;
- goto loser;
- }
-
- if(nickName) {
- if(sec_PKCS12AddAttributeToBag(p12ctxt, returnBag,
- SEC_OID_PKCS9_FRIENDLY_NAME, nickName)
- != SECSuccess) {
- goto loser;
- }
- }
-
- if(keyId) {
- if(sec_PKCS12AddAttributeToBag(p12ctxt, returnBag, SEC_OID_PKCS9_LOCAL_KEY_ID,
- keyId) != SECSuccess) {
- goto loser;
- }
- }
-
- if(nestedDest) {
- rv = sec_pkcs12_append_bag_to_safe_contents(p12ctxt->arena,
- (sec_PKCS12SafeContents*)nestedDest,
- returnBag);
- } else {
- rv = sec_pkcs12_append_bag(p12ctxt, safe, returnBag);
- }
-
-loser:
-
- if (rv != SECSuccess) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- } else {
- PORT_ArenaUnmark(p12ctxt->arena, mark);
- }
-
- return rv;
-}
-
-/* SEC_PKCS12AddCertAndEncryptedKey
- * Add a certificate and key pair to be exported.
- *
- * p12ctxt - the export context
- * certSafe - the safeInfo where the cert is stored
- * certNestedDest - the nested safeContents to store the cert
- * keySafe - the safeInfo where the key is stored
- * keyNestedDest - the nested safeContents to store the key
- * shroudKey - extract the private key encrypted?
- * pwitem - the password with which the key is encrypted
- * algorithm - the algorithm with which the key is encrypted
- */
-SECStatus
-SEC_PKCS12AddDERCertAndEncryptedKey(SEC_PKCS12ExportContext *p12ctxt,
- void *certSafe, void *certNestedDest,
- SECItem *derCert, void *keySafe,
- void *keyNestedDest, SECKEYEncryptedPrivateKeyInfo *epki,
- char *nickname)
-{
- SECStatus rv = SECFailure;
- SGNDigestInfo *digest = NULL;
- void *mark = NULL;
- CERTCertificate *cert;
- SECItem nick = {siBuffer, NULL,0}, *nickPtr = NULL;
-
- if(!p12ctxt || !certSafe || !keySafe || !derCert) {
- return SECFailure;
- }
-
- mark = PORT_ArenaMark(p12ctxt->arena);
-
- cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), derCert,
- NULL, PR_FALSE, PR_TRUE);
- if(!cert) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- cert->nickname = nickname;
-
- /* generate the thumbprint of the cert to use as a keyId */
- digest = sec_pkcs12_compute_thumbprint(&cert->derCert);
- if(!digest) {
- CERT_DestroyCertificate(cert);
- return SECFailure;
- }
-
- /* add the certificate */
- rv = SEC_PKCS12AddCert(p12ctxt, (SEC_PKCS12SafeInfo*)certSafe,
- certNestedDest, cert, NULL,
- &digest->digest, PR_FALSE);
- if(rv != SECSuccess) {
- goto loser;
- }
-
- if(nickname) {
- nick.data = (unsigned char *)nickname;
- nick.len = PORT_Strlen(nickname);
- nickPtr = &nick;
- } else {
- nickPtr = NULL;
- }
-
- /* add the key */
- rv = SEC_PKCS12AddEncryptedKey(p12ctxt, epki, (SEC_PKCS12SafeInfo*)keySafe,
- keyNestedDest, &digest->digest, nickPtr );
- if(rv != SECSuccess) {
- goto loser;
- }
-
- SGN_DestroyDigestInfo(digest);
-
- PORT_ArenaUnmark(p12ctxt->arena, mark);
- return SECSuccess;
-
-loser:
- SGN_DestroyDigestInfo(digest);
- CERT_DestroyCertificate(cert);
- PORT_ArenaRelease(p12ctxt->arena, mark);
-
- return SECFailure;
-}
-
-/* SEC_PKCS12AddCertAndKey
- * Add a certificate and key pair to be exported.
- *
- * p12ctxt - the export context
- * certSafe - the safeInfo where the cert is stored
- * certNestedDest - the nested safeContents to store the cert
- * keySafe - the safeInfo where the key is stored
- * keyNestedDest - the nested safeContents to store the key
- * shroudKey - extract the private key encrypted?
- * pwitem - the password with which the key is encrypted
- * algorithm - the algorithm with which the key is encrypted
- */
-SECStatus
-SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt,
- void *certSafe, void *certNestedDest,
- CERTCertificate *cert, CERTCertDBHandle *certDb,
- void *keySafe, void *keyNestedDest,
- PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm)
-{
- SECStatus rv = SECFailure;
- SGNDigestInfo *digest = NULL;
- void *mark = NULL;
-
- if(!p12ctxt || !certSafe || !keySafe || !cert) {
- return SECFailure;
- }
-
- mark = PORT_ArenaMark(p12ctxt->arena);
-
- /* generate the thumbprint of the cert to use as a keyId */
- digest = sec_pkcs12_compute_thumbprint(&cert->derCert);
- if(!digest) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- return SECFailure;
- }
-
- /* add the certificate */
- rv = SEC_PKCS12AddCert(p12ctxt, (SEC_PKCS12SafeInfo*)certSafe,
- (SEC_PKCS12SafeInfo*)certNestedDest, cert, certDb,
- &digest->digest, PR_TRUE);
- if(rv != SECSuccess) {
- goto loser;
- }
-
- /* add the key */
- rv = SEC_PKCS12AddKeyForCert(p12ctxt, (SEC_PKCS12SafeInfo*)keySafe,
- keyNestedDest, cert,
- shroudKey, algorithm, pwitem,
- &digest->digest, NULL );
- if(rv != SECSuccess) {
- goto loser;
- }
-
- SGN_DestroyDigestInfo(digest);
-
- PORT_ArenaUnmark(p12ctxt->arena, mark);
- return SECSuccess;
-
-loser:
- SGN_DestroyDigestInfo(digest);
- PORT_ArenaRelease(p12ctxt->arena, mark);
-
- return SECFailure;
-}
-
-/* SEC_PKCS12CreateNestedSafeContents
- * Allows nesting of safe contents to be implemented. No limit imposed on
- * depth.
- *
- * p12ctxt - the export context
- * baseSafe - the base safeInfo
- * nestedDest - a parent safeContents (?)
- */
-void *
-SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt,
- void *baseSafe, void *nestedDest)
-{
- sec_PKCS12SafeContents *newSafe;
- sec_PKCS12SafeBag *safeContentsBag;
- void *mark;
- SECStatus rv;
-
- if(!p12ctxt || !baseSafe) {
- return NULL;
- }
-
- mark = PORT_ArenaMark(p12ctxt->arena);
-
- newSafe = sec_PKCS12CreateSafeContents(p12ctxt->arena);
- if(!newSafe) {
- PORT_ArenaRelease(p12ctxt->arena, mark);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- /* create the safeContents safeBag */
- safeContentsBag = sec_PKCS12CreateSafeBag(p12ctxt,
- SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
- newSafe);
- if(!safeContentsBag) {
- goto loser;
- }
-
- /* append the safeContents to the appropriate area */
- if(nestedDest) {
- rv = sec_pkcs12_append_bag_to_safe_contents(p12ctxt->arena,
- (sec_PKCS12SafeContents*)nestedDest,
- safeContentsBag);
- } else {
- rv = sec_pkcs12_append_bag(p12ctxt, (SEC_PKCS12SafeInfo*)baseSafe,
- safeContentsBag);
- }
- if(rv != SECSuccess) {
- goto loser;
- }
-
- PORT_ArenaUnmark(p12ctxt->arena, mark);
- return newSafe;
-
-loser:
- PORT_ArenaRelease(p12ctxt->arena, mark);
- return NULL;
-}
-
-/*********************************
- * Encoding routines
- *********************************/
-
-/* set up the encoder context based on information in the export context
- * and return the newly allocated enocoder context. A return of NULL
- * indicates an error occurred.
- */
-sec_PKCS12EncoderContext *
-sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp)
-{
- sec_PKCS12EncoderContext *p12enc = NULL;
- unsigned int i, nonEmptyCnt;
-
- if(!p12exp || !p12exp->safeInfos) {
- return NULL;
- }
-
- /* check for any empty safes and skip them */
- i = nonEmptyCnt = 0;
- while(p12exp->safeInfos[i]) {
- if(p12exp->safeInfos[i]->itemCount) {
- nonEmptyCnt++;
- }
- i++;
- }
- if(nonEmptyCnt == 0) {
- return NULL;
- }
- p12exp->authSafe.encodedSafes[nonEmptyCnt] = NULL;
-
- /* allocate the encoder context */
- p12enc = (sec_PKCS12EncoderContext*)PORT_ArenaZAlloc(p12exp->arena,
- sizeof(sec_PKCS12EncoderContext));
- if(!p12enc) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- p12enc->arena = p12exp->arena;
- p12enc->p12exp = p12exp;
-
- /* set up the PFX version and information */
- PORT_Memset(&p12enc->pfx, 0, sizeof(sec_PKCS12PFXItem));
- if(!SEC_ASN1EncodeInteger(p12exp->arena, &(p12enc->pfx.version),
- SEC_PKCS12_VERSION) ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* set up the authenticated safe content info based on the
- * type of integrity being used. this should be changed to
- * enforce integrity mode, but will not be implemented until
- * it is confirmed that integrity must be in place
- */
- if(p12exp->integrityEnabled && !p12exp->pwdIntegrity) {
- SECStatus rv;
-
- /* create public key integrity mode */
- p12enc->aSafeCinfo = SEC_PKCS7CreateSignedData(
- p12exp->integrityInfo.pubkeyInfo.cert,
- certUsageEmailSigner,
- p12exp->integrityInfo.pubkeyInfo.certDb,
- p12exp->integrityInfo.pubkeyInfo.algorithm,
- NULL,
- p12exp->pwfn,
- p12exp->pwfnarg);
- if(!p12enc->aSafeCinfo) {
- goto loser;
- }
- if(SEC_PKCS7IncludeCertChain(p12enc->aSafeCinfo,NULL) != SECSuccess) {
- SEC_PKCS7DestroyContentInfo(p12enc->aSafeCinfo);
- goto loser;
- }
- rv = SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo);
- PORT_Assert(rv == SECSuccess);
- } else {
- p12enc->aSafeCinfo = SEC_PKCS7CreateData();
-
- /* init password pased integrity mode */
- if(p12exp->integrityEnabled) {
- SECItem pwd = {siBuffer,NULL, 0}, *key;
- SECItem *salt = sec_pkcs12_generate_salt();
- PBEBitGenContext *pbeCtxt = NULL;
-
- /* zero out macData and set values */
- PORT_Memset(&p12enc->mac, 0, sizeof(sec_PKCS12MacData));
-
- if(!salt) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- if(SECITEM_CopyItem(p12exp->arena, &(p12enc->mac.macSalt), salt)
- != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- SECITEM_ZfreeItem(salt, PR_TRUE);
-
- /* generate HMAC key */
- if(!sec_pkcs12_convert_item_to_unicode(p12exp->arena, &pwd,
- p12exp->integrityInfo.pwdInfo.password, PR_TRUE,
- PR_TRUE, PR_TRUE)) {
- goto loser;
- }
- pbeCtxt = PBE_CreateContext(p12exp->integrityInfo.pwdInfo.algorithm,
- pbeBitGenIntegrityKey, &pwd,
- &(p12enc->mac.macSalt), 160, 1);
- if(!pbeCtxt) {
- goto loser;
- }
- key = PBE_GenerateBits(pbeCtxt);
- PBE_DestroyContext(pbeCtxt);
- if(!key) {
- goto loser;
- }
-
- /* initialize hmac */
- p12enc->hmacCx = HMAC_Create(
- p12exp->integrityInfo.pwdInfo.algorithm,
- key->data, key->len);
- SECITEM_ZfreeItem(key, PR_TRUE);
- if(!p12enc->hmacCx) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- HMAC_Begin((HMACContext*)p12enc->hmacCx);
- }
- }
-
- if(!p12enc->aSafeCinfo) {
- goto loser;
- }
-
- return p12enc;
-
-loser:
- if(p12enc) {
- if(p12enc->aSafeCinfo) {
- SEC_PKCS7DestroyContentInfo(p12enc->aSafeCinfo);
- }
-
- PORT_Free(p12enc);
- }
-
- return NULL;
-}
-
-/* callback wrapper to allow the ASN1 engine to call the PKCS 12
- * output routines.
- */
-static void
-sec_pkcs12_encoder_out(void *arg, const char *buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
-{
- struct sec_pkcs12_encoder_output *output;
-
- output = (struct sec_pkcs12_encoder_output*)arg;
- (* output->outputfn)(output->outputarg, buf, len);
-}
-
-/* callback wrapper to wrap SEC_PKCS7EncoderUpdate for ASN1 encoder
- */
-static void
-sec_pkcs12_wrap_pkcs7_encoder_update(void *arg, const char *buf,
- unsigned long len, int depth,
- SEC_ASN1EncodingPart data_kind)
-{
- SEC_PKCS7EncoderContext *ecx;
- if(!buf || !len) {
- return;
- }
-
- ecx = (SEC_PKCS7EncoderContext*)arg;
- SEC_PKCS7EncoderUpdate(ecx, buf, len);
-}
-
-/* callback wrapper to wrap SEC_ASN1EncoderUpdate for PKCS 7 encoding
- */
-static void
-sec_pkcs12_wrap_asn1_update_for_p7_update(void *arg, const char *buf,
- unsigned long len)
-{
- if(!buf && !len) return;
-
- SEC_ASN1EncoderUpdate((SEC_ASN1EncoderContext*)arg, buf, len);
-}
-
-/* callback wrapper which updates the HMAC and passes on bytes to the
- * appropriate output function.
- */
-static void
-sec_pkcs12_asafe_update_hmac_and_encode_bits(void *arg, const char *buf,
- unsigned long len, int depth,
- SEC_ASN1EncodingPart data_kind)
-{
- sec_PKCS12EncoderContext *p12ecx;
-
- p12ecx = (sec_PKCS12EncoderContext*)arg;
- HMAC_Update((HMACContext*)p12ecx->hmacCx, (unsigned char *)buf, len);
- sec_pkcs12_wrap_pkcs7_encoder_update(p12ecx->aSafeP7Ecx, buf, len,
- depth, data_kind);
-}
-
-/* this function encodes content infos which are part of the
- * sequence of content infos labeled AuthenticatedSafes
- */
-static SECStatus
-sec_pkcs12_encoder_asafe_process(sec_PKCS12EncoderContext *p12ecx)
-{
- SECStatus rv = SECSuccess;
- SEC_PKCS5KeyAndPassword keyPwd;
- SEC_PKCS7EncoderContext *p7ecx;
- SEC_PKCS7ContentInfo *cinfo;
- SEC_ASN1EncoderContext *ecx = NULL;
-
- void *arg = NULL;
-
- if(p12ecx->currentSafe < p12ecx->p12exp->authSafe.safeCount) {
- SEC_PKCS12SafeInfo *safeInfo;
- SECOidTag cinfoType;
-
- safeInfo = p12ecx->p12exp->safeInfos[p12ecx->currentSafe];
-
- /* skip empty safes */
- if(safeInfo->itemCount == 0) {
- return SECSuccess;
- }
-
- cinfo = safeInfo->cinfo;
- cinfoType = SEC_PKCS7ContentType(cinfo);
-
- /* determine the safe type and set the appropriate argument */
- switch(cinfoType) {
- case SEC_OID_PKCS7_DATA:
- arg = NULL;
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- keyPwd.pwitem = &safeInfo->pwitem;
- keyPwd.key = safeInfo->encryptionKey;
- arg = &keyPwd;
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- arg = NULL;
- break;
- default:
- return SECFailure;
-
- }
-
- /* start the PKCS7 encoder */
- p7ecx = SEC_PKCS7EncoderStart(cinfo,
- sec_pkcs12_wrap_asn1_update_for_p7_update,
- p12ecx->aSafeEcx, (PK11SymKey *)arg);
- if(!p7ecx) {
- goto loser;
- }
-
- /* encode safe contents */
- ecx = SEC_ASN1EncoderStart(safeInfo->safe, sec_PKCS12SafeContentsTemplate,
- sec_pkcs12_wrap_pkcs7_encoder_update, p7ecx);
- if(!ecx) {
- goto loser;
- }
- rv = SEC_ASN1EncoderUpdate(ecx, NULL, 0);
- SEC_ASN1EncoderFinish(ecx);
- ecx = NULL;
- if(rv != SECSuccess) {
- goto loser;
- }
-
-
- /* finish up safe content info */
- rv = SEC_PKCS7EncoderFinish(p7ecx, p12ecx->p12exp->pwfn,
- p12ecx->p12exp->pwfnarg);
- }
-
- return SECSuccess;
-
-loser:
- if(p7ecx) {
- SEC_PKCS7EncoderFinish(p7ecx, p12ecx->p12exp->pwfn,
- p12ecx->p12exp->pwfnarg);
- }
-
- if(ecx) {
- SEC_ASN1EncoderFinish(ecx);
- }
-
- return SECFailure;
-}
-
-/* finish the HMAC and encode the macData so that it can be
- * encoded.
- */
-static SECStatus
-sec_pkcs12_update_mac(sec_PKCS12EncoderContext *p12ecx)
-{
- SECItem hmac = { siBuffer, NULL, 0 };
- SECStatus rv;
- SGNDigestInfo *di = NULL;
- void *dummy;
-
- if(!p12ecx) {
- return SECFailure;
- }
-
- /* make sure we are using password integrity mode */
- if(!p12ecx->p12exp->integrityEnabled) {
- return SECSuccess;
- }
-
- if(!p12ecx->p12exp->pwdIntegrity) {
- return SECSuccess;
- }
-
- /* finish the hmac */
- hmac.data = (unsigned char *)PORT_ZAlloc(SHA1_LENGTH);
- if(!hmac.data) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- rv = HMAC_Finish((HMACContext*)p12ecx->hmacCx,
- hmac.data, &hmac.len, SHA1_LENGTH);
-
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* create the digest info */
- di = SGN_CreateDigestInfo(p12ecx->p12exp->integrityInfo.pwdInfo.algorithm,
- hmac.data, hmac.len);
- if(!di) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
- goto loser;
- }
-
- rv = SGN_CopyDigestInfo(p12ecx->arena, &p12ecx->mac.safeMac, di);
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* encode the mac data */
- dummy = SEC_ASN1EncodeItem(p12ecx->arena, &p12ecx->pfx.encodedMacData,
- &p12ecx->mac, sec_PKCS12MacDataTemplate);
- if(!dummy) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
- }
-
-loser:
- if(di) {
- SGN_DestroyDigestInfo(di);
- }
- if(hmac.data) {
- SECITEM_ZfreeItem(&hmac, PR_FALSE);
- }
- HMAC_Destroy((HMACContext*)p12ecx->hmacCx);
- p12ecx->hmacCx = NULL;
-
- return rv;
-}
-
-/* wraps the ASN1 encoder update for PKCS 7 encoder */
-static void
-sec_pkcs12_wrap_asn1_encoder_update(void *arg, const char *buf,
- unsigned long len)
-{
- SEC_ASN1EncoderContext *cx;
-
- cx = (SEC_ASN1EncoderContext*)arg;
- SEC_ASN1EncoderUpdate(cx, buf, len);
-}
-
-/* pfx notify function for ASN1 encoder. we want to stop encoding, once we reach
- * the authenticated safe. at that point, the encoder will be updated via streaming
- * as the authenticated safe is encoded.
- */
-static void
-sec_pkcs12_encoder_pfx_notify(void *arg, PRBool before, void *dest, int real_depth)
-{
- sec_PKCS12EncoderContext *p12ecx;
-
- if(!before) {
- return;
- }
-
- /* look for authenticated safe */
- p12ecx = (sec_PKCS12EncoderContext*)arg;
- if(dest != &p12ecx->pfx.encodedAuthSafe) {
- return;
- }
-
- SEC_ASN1EncoderSetTakeFromBuf(p12ecx->ecx);
- SEC_ASN1EncoderSetStreaming(p12ecx->ecx);
- SEC_ASN1EncoderClearNotifyProc(p12ecx->ecx);
-}
-
-/* SEC_PKCS12Encode
- * Encodes the PFX item and returns it to the output function, via
- * callback. the output function must be capable of multiple updates.
- *
- * p12exp - the export context
- * output - the output function callback, will be called more than once,
- * must be able to accept streaming data.
- * outputarg - argument for the output callback.
- */
-SECStatus
-SEC_PKCS12Encode(SEC_PKCS12ExportContext *p12exp,
- SEC_PKCS12EncoderOutputCallback output, void *outputarg)
-{
- sec_PKCS12EncoderContext *p12enc;
- struct sec_pkcs12_encoder_output outInfo;
- SECStatus rv;
-
- if(!p12exp || !output) {
- return SECFailure;
- }
-
- /* get the encoder context */
- p12enc = sec_pkcs12_encoder_start_context(p12exp);
- if(!p12enc) {
- return SECFailure;
- }
-
- outInfo.outputfn = output;
- outInfo.outputarg = outputarg;
-
- /* set up PFX encoder. Set it for streaming */
- p12enc->ecx = SEC_ASN1EncoderStart(&p12enc->pfx, sec_PKCS12PFXItemTemplate,
- sec_pkcs12_encoder_out,
- &outInfo);
- if(!p12enc->ecx) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
- goto loser;
- }
- SEC_ASN1EncoderSetStreaming(p12enc->ecx);
- SEC_ASN1EncoderSetNotifyProc(p12enc->ecx, sec_pkcs12_encoder_pfx_notify, p12enc);
- rv = SEC_ASN1EncoderUpdate(p12enc->ecx, NULL, 0);
- if(rv != SECSuccess) {
- rv = SECFailure;
- goto loser;
- }
-
- /* set up asafe cinfo - the output of the encoder feeds the PFX encoder */
- p12enc->aSafeP7Ecx = SEC_PKCS7EncoderStart(p12enc->aSafeCinfo,
- sec_pkcs12_wrap_asn1_encoder_update,
- p12enc->ecx, NULL);
- if(!p12enc->aSafeP7Ecx) {
- rv = SECFailure;
- goto loser;
- }
-
- /* encode asafe */
- if(p12enc->p12exp->integrityEnabled && p12enc->p12exp->pwdIntegrity) {
- p12enc->aSafeEcx = SEC_ASN1EncoderStart(&p12enc->p12exp->authSafe,
- sec_PKCS12AuthenticatedSafeTemplate,
- sec_pkcs12_asafe_update_hmac_and_encode_bits,
- p12enc);
- } else {
- p12enc->aSafeEcx = SEC_ASN1EncoderStart(&p12enc->p12exp->authSafe,
- sec_PKCS12AuthenticatedSafeTemplate,
- sec_pkcs12_wrap_pkcs7_encoder_update,
- p12enc->aSafeP7Ecx);
- }
- if(!p12enc->aSafeEcx) {
- rv = SECFailure;
- goto loser;
- }
- SEC_ASN1EncoderSetStreaming(p12enc->aSafeEcx);
- SEC_ASN1EncoderSetTakeFromBuf(p12enc->aSafeEcx);
-
- /* encode each of the safes */
- while(p12enc->currentSafe != p12enc->p12exp->safeInfoCount) {
- sec_pkcs12_encoder_asafe_process(p12enc);
- p12enc->currentSafe++;
- }
- SEC_ASN1EncoderClearTakeFromBuf(p12enc->aSafeEcx);
- SEC_ASN1EncoderClearStreaming(p12enc->aSafeEcx);
- SEC_ASN1EncoderUpdate(p12enc->aSafeEcx, NULL, 0);
- SEC_ASN1EncoderFinish(p12enc->aSafeEcx);
-
- /* finish the encoding of the authenticated safes */
- rv = SEC_PKCS7EncoderFinish(p12enc->aSafeP7Ecx, p12exp->pwfn,
- p12exp->pwfnarg);
- if(rv != SECSuccess) {
- goto loser;
- }
-
- SEC_ASN1EncoderClearTakeFromBuf(p12enc->ecx);
- SEC_ASN1EncoderClearStreaming(p12enc->ecx);
-
- /* update the mac, if necessary */
- rv = sec_pkcs12_update_mac(p12enc);
- if(rv != SECSuccess) {
- goto loser;
- }
-
- /* finish encoding the pfx */
- rv = SEC_ASN1EncoderUpdate(p12enc->ecx, NULL, 0);
-
- SEC_ASN1EncoderFinish(p12enc->ecx);
-
-loser:
- return rv;
-}
-
-void
-SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12ecx)
-{
- int i = 0;
-
- if(!p12ecx) {
- return;
- }
-
- if(p12ecx->safeInfos) {
- i = 0;
- while(p12ecx->safeInfos[i] != NULL) {
- if(p12ecx->safeInfos[i]->encryptionKey) {
- PK11_FreeSymKey(p12ecx->safeInfos[i]->encryptionKey);
- }
- if(p12ecx->safeInfos[i]->cinfo) {
- SEC_PKCS7DestroyContentInfo(p12ecx->safeInfos[i]->cinfo);
- }
- i++;
- }
- }
-
- PORT_FreeArena(p12ecx->arena, PR_TRUE);
-}
-
-
-/*********************************
- * All-in-one routines for exporting certificates
- *********************************/
-struct inPlaceEncodeInfo {
- PRBool error;
- SECItem outItem;
-};
-
-static void
-sec_pkcs12_in_place_encoder_output(void *arg, const char *buf, unsigned long len)
-{
- struct inPlaceEncodeInfo *outInfo = (struct inPlaceEncodeInfo*)arg;
-
- if(!outInfo || !len || outInfo->error) {
- return;
- }
-
- if(!outInfo->outItem.data) {
- outInfo->outItem.data = (unsigned char*)PORT_ZAlloc(len);
- outInfo->outItem.len = 0;
- } else {
- if(!PORT_Realloc(&(outInfo->outItem.data), (outInfo->outItem.len + len))) {
- SECITEM_ZfreeItem(&(outInfo->outItem), PR_FALSE);
- outInfo->outItem.data = NULL;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- outInfo->error = PR_TRUE;
- return;
- }
- }
-
- PORT_Memcpy(&(outInfo->outItem.data[outInfo->outItem.len]), buf, len);
- outInfo->outItem.len += len;
-
- return;
-}
-
-/*
- * SEC_PKCS12ExportCertifcateAndKeyUsingPassword
- * Exports a certificate/key pair using password-based encryption and
- * authentication.
- *
- * pwfn, pwfnarg - password function and argument for the key database
- * cert - the certificate to export
- * certDb - certificate database
- * pwitem - the password to use
- * shroudKey - encrypt the key externally,
- * keyShroudAlg - encryption algorithm for key
- * encryptionAlg - the algorithm with which data is encrypted
- * integrityAlg - the algorithm for integrity
- */
-SECItem *
-SEC_PKCS12ExportCertificateAndKeyUsingPassword(
- SECKEYGetPasswordKey pwfn, void *pwfnarg,
- CERTCertificate *cert, PK11SlotInfo *slot,
- CERTCertDBHandle *certDb, SECItem *pwitem,
- PRBool shroudKey, SECOidTag shroudAlg,
- PRBool encryptCert, SECOidTag certEncAlg,
- SECOidTag integrityAlg, void *wincx)
-{
- struct inPlaceEncodeInfo outInfo;
- SEC_PKCS12ExportContext *p12ecx = NULL;
- SEC_PKCS12SafeInfo *keySafe, *certSafe;
- SECItem *returnItem = NULL;
-
- if(!cert || !pwitem || !slot) {
- return NULL;
- }
-
- outInfo.error = PR_FALSE;
- outInfo.outItem.data = NULL;
- outInfo.outItem.len = 0;
-
- p12ecx = SEC_PKCS12CreateExportContext(pwfn, pwfnarg, slot, wincx);
- if(!p12ecx) {
- return NULL;
- }
-
- /* set up cert safe */
- if(encryptCert) {
- certSafe = SEC_PKCS12CreatePasswordPrivSafe(p12ecx, pwitem, certEncAlg);
- } else {
- certSafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx);
- }
- if(!certSafe) {
- goto loser;
- }
-
- /* set up key safe */
- if(shroudKey) {
- keySafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx);
- } else {
- keySafe = certSafe;
- }
- if(!keySafe) {
- goto loser;
- }
-
- /* add integrity mode */
- if(SEC_PKCS12AddPasswordIntegrity(p12ecx, pwitem, integrityAlg)
- != SECSuccess) {
- goto loser;
- }
-
- /* add cert and key pair */
- if(SEC_PKCS12AddCertAndKey(p12ecx, certSafe, NULL, cert, certDb,
- keySafe, NULL, shroudKey, pwitem, shroudAlg)
- != SECSuccess) {
- goto loser;
- }
-
- /* encode the puppy */
- if(SEC_PKCS12Encode(p12ecx, sec_pkcs12_in_place_encoder_output, &outInfo)
- != SECSuccess) {
- goto loser;
- }
- if(outInfo.error) {
- goto loser;
- }
-
- SEC_PKCS12DestroyExportContext(p12ecx);
-
- returnItem = SECITEM_DupItem(&outInfo.outItem);
- SECITEM_ZfreeItem(&outInfo.outItem, PR_FALSE);
-
- return returnItem;
-
-loser:
- if(outInfo.outItem.data) {
- SECITEM_ZfreeItem(&(outInfo.outItem), PR_TRUE);
- }
-
- if(p12ecx) {
- SEC_PKCS12DestroyExportContext(p12ecx);
- }
-
- return NULL;
-}
-
-
diff --git a/security/nss/lib/pkcs12/p12exp.c b/security/nss/lib/pkcs12/p12exp.c
deleted file mode 100644
index 242d98288..000000000
--- a/security/nss/lib/pkcs12/p12exp.c
+++ /dev/null
@@ -1,1407 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "plarena.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "seccomon.h"
-#include "secport.h"
-#include "cert.h"
-#include "pkcs12.h"
-#include "p12local.h"
-#include "secpkcs7.h"
-#include "secasn1.h"
-#include "secerr.h"
-#include "p12plcy.h"
-
-/* release the memory taken up by the list of nicknames */
-static void
-sec_pkcs12_destroy_nickname_list(SECItem **nicknames)
-{
- int i = 0;
-
- if(nicknames == NULL) {
- return;
- }
-
- while(nicknames[i] != NULL) {
- SECITEM_FreeItem(nicknames[i], PR_FALSE);
- i++;
- }
-
- PORT_Free(nicknames);
-}
-
-/* release the memory taken up by the list of certificates */
-static void
-sec_pkcs12_destroy_certificate_list(CERTCertificate **ref_certs)
-{
- int i = 0;
-
- if(ref_certs == NULL) {
- return;
- }
-
- while(ref_certs[i] != NULL) {
- CERT_DestroyCertificate(ref_certs[i]);
- i++;
- }
-}
-
-static void
-sec_pkcs12_destroy_cinfos_for_cert_bags(SEC_PKCS12CertAndCRLBag *certBag)
-{
- int j = 0;
- j = 0;
- while(certBag->certAndCRLs[j] != NULL) {
- SECOidTag certType = SECOID_FindOIDTag(&certBag->certAndCRLs[j]->BagID);
- if(certType == SEC_OID_PKCS12_X509_CERT_CRL_BAG) {
- SEC_PKCS12X509CertCRL *x509;
- x509 = certBag->certAndCRLs[j]->value.x509;
- SEC_PKCS7DestroyContentInfo(&x509->certOrCRL);
- }
- j++;
- }
-}
-
-/* destroy all content infos since they were not allocated in common
- * pool
- */
-static void
-sec_pkcs12_destroy_cert_content_infos(SEC_PKCS12SafeContents *safe,
- SEC_PKCS12Baggage *baggage)
-{
- int i, j;
-
- if((safe != NULL) && (safe->contents != NULL)) {
- i = 0;
- while(safe->contents[i] != NULL) {
- SECOidTag bagType = SECOID_FindOIDTag(&safe->contents[i]->safeBagType);
- if(bagType == SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID) {
- SEC_PKCS12CertAndCRLBag *certBag;
- certBag = safe->contents[i]->safeContent.certAndCRLBag;
- sec_pkcs12_destroy_cinfos_for_cert_bags(certBag);
- }
- i++;
- }
- }
-
- if((baggage != NULL) && (baggage->bags != NULL)) {
- i = 0;
- while(baggage->bags[i] != NULL) {
- if(baggage->bags[i]->unencSecrets != NULL) {
- j = 0;
- while(baggage->bags[i]->unencSecrets[j] != NULL) {
- SECOidTag bagType;
- bagType = SECOID_FindOIDTag(&baggage->bags[i]->unencSecrets[j]->safeBagType);
- if(bagType == SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID) {
- SEC_PKCS12CertAndCRLBag *certBag;
- certBag = baggage->bags[i]->unencSecrets[j]->safeContent.certAndCRLBag;
- sec_pkcs12_destroy_cinfos_for_cert_bags(certBag);
- }
- j++;
- }
- }
- i++;
- }
- }
-}
-
-/* convert the nickname list from a NULL termincated Char list
- * to a NULL terminated SECItem list
- */
-static SECItem **
-sec_pkcs12_convert_nickname_list(char **nicknames)
-{
- SECItem **nicks;
- int i, j;
- PRBool error = PR_FALSE;
-
- if(nicknames == NULL) {
- return NULL;
- }
-
- i = j = 0;
- while(nicknames[i] != NULL) {
- i++;
- }
-
- /* allocate the space and copy the data */
- nicks = (SECItem **)PORT_ZAlloc(sizeof(SECItem *) * (i + 1));
- if(nicks != NULL) {
- for(j = 0; ((j < i) && (error == PR_FALSE)); j++) {
- nicks[j] = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(nicks[j] != NULL) {
- nicks[j]->data =
- (unsigned char *)PORT_ZAlloc(PORT_Strlen(nicknames[j])+1);
- if(nicks[j]->data != NULL) {
- nicks[j]->len = PORT_Strlen(nicknames[j]);
- PORT_Memcpy(nicks[j]->data, nicknames[j], nicks[j]->len);
- nicks[j]->data[nicks[j]->len] = 0;
- } else {
- error = PR_TRUE;
- }
- } else {
- error = PR_TRUE;
- }
- }
- }
-
- if(error == PR_TRUE) {
- for(i = 0; i < j; i++) {
- SECITEM_FreeItem(nicks[i], PR_TRUE);
- }
- PORT_Free(nicks);
- nicks = NULL;
- }
-
- return nicks;
-}
-
-/* package the certificate add_cert into PKCS12 structures,
- * retrieve the certificate chain for the cert and return
- * the packaged contents.
- * poolp -- common memory pool;
- * add_cert -- certificate to package up
- * nickname for the certificate
- * a return of NULL indicates an error
- */
-static SEC_PKCS12CertAndCRL *
-sec_pkcs12_get_cert(PRArenaPool *poolp,
- CERTCertificate *add_cert,
- SECItem *nickname)
-{
- SEC_PKCS12CertAndCRL *cert;
- SEC_PKCS7ContentInfo *cinfo;
- SGNDigestInfo *t_di;
- void *mark;
- SECStatus rv;
-
- if((poolp == NULL) || (add_cert == NULL) || (nickname == NULL)) {
- return NULL;
- }
- mark = PORT_ArenaMark(poolp);
-
- cert = sec_pkcs12_new_cert_crl(poolp, SEC_OID_PKCS12_X509_CERT_CRL_BAG);
- if(cert != NULL) {
-
- /* copy the nickname */
- rv = SECITEM_CopyItem(poolp, &cert->nickname, nickname);
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- cert = NULL;
- } else {
-
- /* package the certificate and cert chain into a NULL signer
- * PKCS 7 SignedData content Info and prepare it for encoding
- * since we cannot use DER_ANY_TEMPLATE
- */
- cinfo = SEC_PKCS7CreateCertsOnly(add_cert, PR_TRUE, NULL);
- rv = SEC_PKCS7PrepareForEncode(cinfo, NULL, NULL, NULL);
-
- /* thumbprint the certificate */
- if((cinfo != NULL) && (rv == SECSuccess))
- {
- PORT_Memcpy(&cert->value.x509->certOrCRL, cinfo, sizeof(*cinfo));
- t_di = sec_pkcs12_compute_thumbprint(&add_cert->derCert);
- if(t_di != NULL)
- {
- /* test */
- rv = SGN_CopyDigestInfo(poolp, &cert->value.x509->thumbprint,
- t_di);
- if(rv != SECSuccess) {
- cert = NULL;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- SGN_DestroyDigestInfo(t_di);
- }
- else
- cert = NULL;
- }
- }
- }
-
- if (cert == NULL) {
- PORT_ArenaRelease(poolp, mark);
- } else {
- PORT_ArenaUnmark(poolp, mark);
- }
-
- return cert;
-}
-
-/* package the private key associated with the certificate and
- * return the appropriate PKCS 12 structure
- * poolp common memory pool
- * nickname key nickname
- * cert -- cert to look up
- * wincx -- window handle
- * an error is indicated by a return of NULL
- */
-static SEC_PKCS12PrivateKey *
-sec_pkcs12_get_private_key(PRArenaPool *poolp,
- SECItem *nickname,
- CERTCertificate *cert,
- void *wincx)
-{
- SECKEYPrivateKeyInfo *pki;
- SEC_PKCS12PrivateKey *pk;
- SECStatus rv;
- void *mark;
-
- if((poolp == NULL) || (nickname == NULL)) {
- return NULL;
- }
-
- mark = PORT_ArenaMark(poolp);
-
- /* retrieve key from the data base */
- pki = PK11_ExportPrivateKeyInfo(nickname, cert, wincx);
- if(pki == NULL) {
- PORT_ArenaRelease(poolp, mark);
- PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY);
- return NULL;
- }
-
- pk = (SEC_PKCS12PrivateKey *)PORT_ArenaZAlloc(poolp,
- sizeof(SEC_PKCS12PrivateKey));
- if(pk != NULL) {
- rv = sec_pkcs12_init_pvk_data(poolp, &pk->pvkData);
-
- if(rv == SECSuccess) {
- /* copy the key into poolp memory space */
- rv = SECKEY_CopyPrivateKeyInfo(poolp, &pk->pkcs8data, pki);
- if(rv == SECSuccess) {
- rv = SECITEM_CopyItem(poolp, &pk->pvkData.nickname, nickname);
- }
- }
-
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- pk = NULL;
- }
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
-
- /* destroy private key, zeroing out data */
- SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE);
- if (pk == NULL) {
- PORT_ArenaRelease(poolp, mark);
- } else {
- PORT_ArenaUnmark(poolp, mark);
- }
-
- return pk;
-}
-
-/* get a shrouded key item associated with a certificate
- * return the appropriate PKCS 12 structure
- * poolp common memory pool
- * nickname key nickname
- * cert -- cert to look up
- * wincx -- window handle
- * an error is indicated by a return of NULL
- */
-static SEC_PKCS12ESPVKItem *
-sec_pkcs12_get_shrouded_key(PRArenaPool *poolp,
- SECItem *nickname,
- CERTCertificate *cert,
- SECOidTag algorithm,
- SECItem *pwitem,
- PKCS12UnicodeConvertFunction unicodeFn,
- void *wincx)
-{
- SECKEYEncryptedPrivateKeyInfo *epki;
- SEC_PKCS12ESPVKItem *pk;
- void *mark;
- SECStatus rv;
- PK11SlotInfo *slot = NULL;
- PRBool swapUnicodeBytes = PR_FALSE;
-
-#ifdef IS_LITTLE_ENDIAN
- swapUnicodeBytes = PR_TRUE;
-#endif
-
- if((poolp == NULL) || (nickname == NULL))
- return NULL;
-
- mark = PORT_ArenaMark(poolp);
-
- /* use internal key slot */
- slot = PK11_GetInternalKeySlot();
-
- /* retrieve encrypted prviate key */
- epki = PK11_ExportEncryptedPrivateKeyInfo(slot, algorithm, pwitem,
- nickname, cert, 1, 0, NULL);
- PK11_FreeSlot(slot);
- if(epki == NULL) {
- PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY);
- PORT_ArenaRelease(poolp, mark);
- return NULL;
- }
-
- /* create a private key and store the data into the poolp memory space */
- pk = sec_pkcs12_create_espvk(poolp, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING);
- if(pk != NULL) {
- rv = sec_pkcs12_init_pvk_data(poolp, &pk->espvkData);
- rv = SECITEM_CopyItem(poolp, &pk->espvkData.nickname, nickname);
- pk->espvkCipherText.pkcs8KeyShroud =
- (SECKEYEncryptedPrivateKeyInfo *)PORT_ArenaZAlloc(poolp,
- sizeof(SECKEYEncryptedPrivateKeyInfo));
- if((pk->espvkCipherText.pkcs8KeyShroud != NULL) && (rv == SECSuccess)) {
- rv = SECKEY_CopyEncryptedPrivateKeyInfo(poolp,
- pk->espvkCipherText.pkcs8KeyShroud, epki);
- if(rv == SECSuccess) {
- rv = (*unicodeFn)(poolp, &pk->espvkData.uniNickName, nickname,
- PR_TRUE, swapUnicodeBytes);
- }
- }
-
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- pk = NULL;
- }
- }
-
- SECKEY_DestroyEncryptedPrivateKeyInfo(epki, PR_TRUE);
- if(pk == NULL) {
- PORT_ArenaRelease(poolp, mark);
- } else {
- PORT_ArenaUnmark(poolp, mark);
- }
-
- return pk;
-}
-
-/* add a thumbprint to a private key associated certs list
- * pvk is the area where the list is stored
- * thumb is the thumbprint to copy
- * a return of SECFailure indicates an error
- */
-static SECStatus
-sec_pkcs12_add_thumbprint(SEC_PKCS12PVKSupportingData *pvk,
- SGNDigestInfo *thumb)
-{
- SGNDigestInfo **thumb_list = NULL;
- int nthumbs, size;
- void *mark, *dummy;
- SECStatus rv = SECFailure;
-
- if((pvk == NULL) || (thumb == NULL)) {
- return SECFailure;
- }
-
- mark = PORT_ArenaMark(pvk->poolp);
-
- thumb_list = pvk->assocCerts;
- nthumbs = pvk->nThumbs;
-
- /* allocate list space needed -- either growing or allocating
- * list must be NULL terminated
- */
- size = sizeof(SGNDigestInfo *);
- dummy = PORT_ArenaGrow(pvk->poolp, thumb_list, (size * (nthumbs + 1)),
- (size * (nthumbs + 2)));
- thumb_list = dummy;
- if(dummy != NULL) {
- thumb_list[nthumbs] = (SGNDigestInfo *)PORT_ArenaZAlloc(pvk->poolp,
- sizeof(SGNDigestInfo));
- if(thumb_list[nthumbs] != NULL) {
- SGN_CopyDigestInfo(pvk->poolp, thumb_list[nthumbs], thumb);
- nthumbs += 1;
- thumb_list[nthumbs] = 0;
- } else {
- dummy = NULL;
- }
- }
-
- if(dummy == NULL) {
- PORT_ArenaRelease(pvk->poolp, mark);
- return SECFailure;
- }
-
- pvk->assocCerts = thumb_list;
- pvk->nThumbs = nthumbs;
-
- PORT_ArenaUnmark(pvk->poolp, mark);
- return SECSuccess;
-}
-
-/* search the list of shrouded keys in the baggage for the desired
- * name. return a pointer to the item. a return of NULL indicates
- * that no match was present or that an error occurred.
- */
-static SEC_PKCS12ESPVKItem *
-sec_pkcs12_get_espvk_by_name(SEC_PKCS12Baggage *luggage,
- SECItem *name)
-{
- PRBool found = PR_FALSE;
- SEC_PKCS12ESPVKItem *espvk = NULL;
- int i, j;
- SECComparison rv = SECEqual;
- SECItem *t_name;
- SEC_PKCS12BaggageItem *bag;
-
- if((luggage == NULL) || (name == NULL)) {
- return NULL;
- }
-
- i = 0;
- while((found == PR_FALSE) && (i < luggage->luggage_size)) {
- j = 0;
- bag = luggage->bags[i];
- while((found == PR_FALSE) && (j < bag->nEspvks)) {
- espvk = bag->espvks[j];
- if(espvk->poolp == NULL) {
- espvk->poolp = luggage->poolp;
- }
- t_name = SECITEM_DupItem(&espvk->espvkData.nickname);
- if(t_name != NULL) {
- rv = SECITEM_CompareItem(name, t_name);
- if(rv == SECEqual) {
- found = PR_TRUE;
- }
- SECITEM_FreeItem(t_name, PR_TRUE);
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
- j++;
- }
- i++;
- }
-
- if(found != PR_TRUE) {
- PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME);
- return NULL;
- }
-
- return espvk;
-}
-
-/* locates a certificate and copies the thumbprint to the
- * appropriate private key
- */
-static SECStatus
-sec_pkcs12_propagate_thumbprints(SECItem **nicknames,
- CERTCertificate **ref_certs,
- SEC_PKCS12SafeContents *safe,
- SEC_PKCS12Baggage *baggage)
-{
- SEC_PKCS12CertAndCRL *cert;
- SEC_PKCS12PrivateKey *key;
- SEC_PKCS12ESPVKItem *espvk;
- int i;
- PRBool error = PR_FALSE;
- SECStatus rv = SECFailure;
-
- if((nicknames == NULL) || (safe == NULL)) {
- return SECFailure;
- }
-
- i = 0;
- while((nicknames[i] != NULL) && (error == PR_FALSE)) {
- /* process all certs */
- cert = (SEC_PKCS12CertAndCRL *)sec_pkcs12_find_object(safe, baggage,
- SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
- nicknames[i], NULL);
- if(cert != NULL) {
- /* locate key and copy thumbprint */
- key = (SEC_PKCS12PrivateKey *)sec_pkcs12_find_object(safe, baggage,
- SEC_OID_PKCS12_KEY_BAG_ID,
- nicknames[i], NULL);
- if(key != NULL) {
- key->pvkData.poolp = key->poolp;
- rv = sec_pkcs12_add_thumbprint(&key->pvkData,
- &cert->value.x509->thumbprint);
- if(rv == SECFailure)
- error = PR_TRUE; /* XXX Set error? */
- }
-
- /* look in the baggage as well...*/
- if((baggage != NULL) && (error == PR_FALSE)) {
- espvk = sec_pkcs12_get_espvk_by_name(baggage, nicknames[i]);
- if(espvk != NULL) {
- espvk->espvkData.poolp = espvk->poolp;
- rv = sec_pkcs12_add_thumbprint(&espvk->espvkData,
- &cert->value.x509->thumbprint);
- if(rv == SECFailure)
- error = PR_TRUE; /* XXX Set error? */
- }
- }
- }
- i++;
- }
-
- if(error == PR_TRUE) {
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-/* append a safe bag to the end of the safe contents list */
-SECStatus
-sec_pkcs12_append_safe_bag(SEC_PKCS12SafeContents *safe,
- SEC_PKCS12SafeBag *bag)
-{
- int size;
- void *mark = NULL, *dummy = NULL;
-
- if((bag == NULL) || (safe == NULL))
- return SECFailure;
-
- mark = PORT_ArenaMark(safe->poolp);
-
- size = (safe->safe_size * sizeof(SEC_PKCS12SafeBag *));
-
- if(safe->safe_size > 0) {
- dummy = (SEC_PKCS12SafeBag **)PORT_ArenaGrow(safe->poolp,
- safe->contents,
- size,
- (size + sizeof(SEC_PKCS12SafeBag *)));
- safe->contents = dummy;
- } else {
- safe->contents = (SEC_PKCS12SafeBag **)PORT_ArenaZAlloc(safe->poolp,
- (2 * sizeof(SEC_PKCS12SafeBag *)));
- dummy = safe->contents;
- }
-
- if(dummy == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- safe->contents[safe->safe_size] = bag;
- safe->safe_size++;
- safe->contents[safe->safe_size] = NULL;
-
- PORT_ArenaUnmark(safe->poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease(safe->poolp, mark);
- return SECFailure;
-}
-
-/* append a certificate onto the end of a cert bag */
-static SECStatus
-sec_pkcs12_append_cert_to_bag(PRArenaPool *arena,
- SEC_PKCS12SafeBag *safebag,
- CERTCertificate *cert,
- SECItem *nickname)
-{
- int size;
- void *dummy = NULL, *mark = NULL;
- SEC_PKCS12CertAndCRL *p12cert;
- SEC_PKCS12CertAndCRLBag *bag;
-
- if((arena == NULL) || (safebag == NULL) ||
- (cert == NULL) || (nickname == NULL)) {
- return SECFailure;
- }
-
- bag = safebag->safeContent.certAndCRLBag;
- if(bag == NULL) {
- return SECFailure;
- }
-
- mark = PORT_ArenaMark(arena);
-
- p12cert = sec_pkcs12_get_cert(arena, cert, nickname);
- if(p12cert == NULL) {
- PORT_ArenaRelease(bag->poolp, mark);
- return SECFailure;
- }
-
- size = bag->bag_size * sizeof(SEC_PKCS12CertAndCRL *);
- if(bag->bag_size > 0) {
- dummy = (SEC_PKCS12CertAndCRL **)PORT_ArenaGrow(bag->poolp,
- bag->certAndCRLs, size, size + sizeof(SEC_PKCS12CertAndCRL *));
- bag->certAndCRLs = dummy;
- } else {
- bag->certAndCRLs = (SEC_PKCS12CertAndCRL **)PORT_ArenaZAlloc(bag->poolp,
- (2 * sizeof(SEC_PKCS12CertAndCRL *)));
- dummy = bag->certAndCRLs;
- }
-
- if(dummy == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- bag->certAndCRLs[bag->bag_size] = p12cert;
- bag->bag_size++;
- bag->certAndCRLs[bag->bag_size] = NULL;
-
- PORT_ArenaUnmark(bag->poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease(bag->poolp, mark);
- return SECFailure;
-}
-
-/* append a key onto the end of a list of keys in a key bag */
-SECStatus
-sec_pkcs12_append_key_to_bag(SEC_PKCS12SafeBag *safebag,
- SEC_PKCS12PrivateKey *pk)
-{
- void *mark, *dummy;
- SEC_PKCS12PrivateKeyBag *bag;
- int size;
-
- if((safebag == NULL) || (pk == NULL))
- return SECFailure;
-
- bag = safebag->safeContent.keyBag;
- if(bag == NULL) {
- return SECFailure;
- }
-
- mark = PORT_ArenaMark(bag->poolp);
-
- size = (bag->bag_size * sizeof(SEC_PKCS12PrivateKey *));
-
- if(bag->bag_size > 0) {
- dummy = (SEC_PKCS12PrivateKey **)PORT_ArenaGrow(bag->poolp,
- bag->privateKeys,
- size,
- size + sizeof(SEC_PKCS12PrivateKey *));
- bag->privateKeys = dummy;
- } else {
- bag->privateKeys = (SEC_PKCS12PrivateKey **)PORT_ArenaZAlloc(bag->poolp,
- (2 * sizeof(SEC_PKCS12PrivateKey *)));
- dummy = bag->privateKeys;
- }
-
- if(dummy == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- bag->privateKeys[bag->bag_size] = pk;
- bag->bag_size++;
- bag->privateKeys[bag->bag_size] = NULL;
-
- PORT_ArenaUnmark(bag->poolp, mark);
- return SECSuccess;
-
-loser:
- /* XXX Free memory? */
- PORT_ArenaRelease(bag->poolp, mark);
- return SECFailure;
-}
-
-/* append a safe bag to the baggage area */
-static SECStatus
-sec_pkcs12_append_unshrouded_bag(SEC_PKCS12BaggageItem *bag,
- SEC_PKCS12SafeBag *u_bag)
-{
- int size;
- void *mark = NULL, *dummy = NULL;
-
- if((bag == NULL) || (u_bag == NULL))
- return SECFailure;
-
- mark = PORT_ArenaMark(bag->poolp);
-
- /* dump things into the first bag */
- size = (bag->nSecrets + 1) * sizeof(SEC_PKCS12SafeBag *);
- dummy = PORT_ArenaGrow(bag->poolp,
- bag->unencSecrets, size,
- size + sizeof(SEC_PKCS12SafeBag *));
- bag->unencSecrets = dummy;
- if(dummy == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- bag->unencSecrets[bag->nSecrets] = u_bag;
- bag->nSecrets++;
- bag->unencSecrets[bag->nSecrets] = NULL;
-
- PORT_ArenaUnmark(bag->poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease(bag->poolp, mark);
- return SECFailure;
-}
-
-/* gather up all certificates and keys and package them up
- * in the safe, baggage, or both.
- * nicknames is the list of nicknames and corresponding certs in ref_certs
- * ref_certs a null terminated list of certificates
- * rSafe, rBaggage -- return areas for safe and baggage
- * shroud_keys -- store keys externally
- * pwitem -- password for computing integrity mac and encrypting contents
- * wincx -- window handle
- *
- * if a failure occurs, an error is set and SECFailure returned.
- */
-static SECStatus
-sec_pkcs12_package_certs_and_keys(SECItem **nicknames,
- CERTCertificate **ref_certs,
- PRBool unencryptedCerts,
- SEC_PKCS12SafeContents **rSafe,
- SEC_PKCS12Baggage **rBaggage,
- PRBool shroud_keys,
- SECOidTag shroud_alg,
- SECItem *pwitem,
- PKCS12UnicodeConvertFunction unicodeFn,
- void *wincx)
-{
- PRArenaPool *permArena;
- SEC_PKCS12SafeContents *safe = NULL;
- SEC_PKCS12Baggage *baggage = NULL;
-
- SECStatus rv = SECFailure;
- PRBool problem = PR_FALSE;
-
- SEC_PKCS12ESPVKItem *espvk = NULL;
- SEC_PKCS12PrivateKey *pk = NULL;
- CERTCertificate *add_cert = NULL;
- SEC_PKCS12SafeBag *certbag = NULL, *keybag = NULL;
- SEC_PKCS12BaggageItem *external_bag = NULL;
- int ncerts = 0, nkeys = 0;
- int i;
-
- if((nicknames == NULL) || (rSafe == NULL) || (rBaggage == NULL)) {
- return SECFailure;
- }
-
- *rBaggage = baggage;
- *rSafe = safe;
-
- permArena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if(permArena == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- /* allocate structures */
- safe = sec_pkcs12_create_safe_contents(permArena);
- if(safe == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
- goto loser;
- }
-
- certbag = sec_pkcs12_create_safe_bag(permArena,
- SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID);
- if(certbag == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- if(shroud_keys != PR_TRUE) {
- keybag = sec_pkcs12_create_safe_bag(permArena,
- SEC_OID_PKCS12_KEY_BAG_ID);
- if(keybag == NULL) {
- rv = SECFailure;
- goto loser;
- }
- }
-
- if((shroud_keys == PR_TRUE) || (unencryptedCerts == PR_TRUE)) {
- baggage = sec_pkcs12_create_baggage(permArena);
- if(baggage == NULL) {
- rv = SECFailure;
- goto loser;
- }
- external_bag = sec_pkcs12_create_external_bag(baggage);
- }
-
- /* package keys and certs */
- i = 0;
- while((nicknames[i] != NULL) && (problem == PR_FALSE)) {
- if(ref_certs[i] != NULL) {
- /* append cert to bag o certs */
- rv = sec_pkcs12_append_cert_to_bag(permArena, certbag,
- ref_certs[i],
- nicknames[i]);
- if(rv == SECFailure) {
- problem = PR_FALSE;
- } else {
- ncerts++;
- }
-
- if(rv == SECSuccess) {
- /* package up them keys */
- if(shroud_keys == PR_TRUE) {
- espvk = sec_pkcs12_get_shrouded_key(permArena,
- nicknames[i],
- ref_certs[i],
- shroud_alg,
- pwitem, unicodeFn,
- wincx);
- if(espvk != NULL) {
- rv = sec_pkcs12_append_shrouded_key(external_bag, espvk);
- SECITEM_CopyItem(permArena, &espvk->derCert,
- &ref_certs[i]->derCert);
- } else {
- rv = SECFailure;
- }
- } else {
- pk = sec_pkcs12_get_private_key(permArena, nicknames[i],
- ref_certs[i], wincx);
- if(pk != NULL) {
- rv = sec_pkcs12_append_key_to_bag(keybag, pk);
- SECITEM_CopyItem(permArena, &espvk->derCert,
- &ref_certs[i]->derCert);
- } else {
- rv = SECFailure;
- }
- }
-
- if(rv == SECFailure) {
- problem = PR_TRUE;
- } else {
- nkeys++;
- }
- }
- } else {
- /* handle only keys here ? */
- problem = PR_TRUE;
- }
- i++;
- }
-
- /* let success fall through */
-loser:
- if(problem == PR_FALSE) {
- /* if we have certs, we want to append the cert bag to the
- * appropriate area
- */
- if(ncerts > 0) {
- if(unencryptedCerts != PR_TRUE) {
- rv = sec_pkcs12_append_safe_bag(safe, certbag);
- } else {
- rv = sec_pkcs12_append_unshrouded_bag(external_bag, certbag);
- }
- } else {
- rv = SECSuccess;
- }
-
- /* append key bag, if they are stored in safe contents */
- if((rv == SECSuccess) && (shroud_keys == PR_FALSE) && (nkeys > 0)) {
- rv = sec_pkcs12_append_safe_bag(safe, keybag);
- }
- } else {
- rv = SECFailure;
- }
-
- /* if baggage not used, NULLify it */
- if((shroud_keys == PR_TRUE) || (unencryptedCerts == PR_TRUE)) {
- if(((unencryptedCerts == PR_TRUE) && (ncerts == 0)) &&
- ((shroud_keys == PR_TRUE) && (nkeys == 0)))
- baggage = NULL;
- } else {
- baggage = NULL;
- }
-
- if((problem == PR_TRUE) || (rv == SECFailure)) {
- PORT_FreeArena(permArena, PR_TRUE);
- rv = SECFailure;
- baggage = NULL;
- safe = NULL;
- }
-
- *rBaggage = baggage;
- *rSafe = safe;
-
- return rv;
-}
-
-/* DER encode the safe contents and return a SECItem. if an error
- * occurs, NULL is returned.
- */
-static SECItem *
-sec_pkcs12_encode_safe_contents(SEC_PKCS12SafeContents *safe)
-{
- SECItem *dsafe = NULL, *tsafe;
- void *dummy = NULL;
- PRArenaPool *arena;
-
- if(safe == NULL) {
- return NULL;
- }
-
-/* rv = sec_pkcs12_prepare_for_der_code_safe(safe, PR_TRUE);
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }*/
-
- arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if(arena == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- tsafe = (SECItem *)PORT_ArenaZAlloc(arena, sizeof(SECItem));
- if(tsafe != NULL) {
- dummy = SEC_ASN1EncodeItem(arena, tsafe, safe,
- SEC_PKCS12SafeContentsTemplate);
- if(dummy != NULL) {
- dsafe = SECITEM_DupItem(tsafe);
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
-
- PORT_FreeArena(arena, PR_TRUE);
-
- return dsafe;
-}
-
-/* prepare the authenicated safe for encoding and encode it.
- * baggage is copied to the appropriate area, safe is encoded and
- * encrypted. the version and transport mode are set on the asafe.
- * the whole ball of wax is then der encoded and packaged up into
- * data content info
- * safe -- container of certs and keys, is encrypted.
- * baggage -- container of certs and keys, keys assumed to be encrypted by
- * another method, certs are in the clear
- * algorithm -- algorithm by which to encrypt safe
- * pwitem -- password for encryption
- * wincx - window handle
- *
- * return of NULL is an error condition.
- */
-static SEC_PKCS7ContentInfo *
-sec_pkcs12_get_auth_safe(SEC_PKCS12SafeContents *safe,
- SEC_PKCS12Baggage *baggage,
- SECOidTag algorithm,
- SECItem *pwitem,
- PKCS12UnicodeConvertFunction unicodeFn,
- void *wincx)
-{
- SECItem *src = NULL, *dest = NULL, *psalt = NULL;
- PRArenaPool *poolp;
- SEC_PKCS12AuthenticatedSafe *asafe;
- SEC_PKCS7ContentInfo *safe_cinfo = NULL;
- SEC_PKCS7ContentInfo *asafe_cinfo = NULL;
- void *dummy;
- SECStatus rv = SECSuccess;
- PRBool swapUnicodeBytes = PR_FALSE;
-
-#ifdef IS_LITTLE_ENDIAN
- swapUnicodeBytes = PR_TRUE;
-#endif
-
- if(((safe != NULL) && (pwitem == NULL)) && (baggage == NULL))
- return NULL;
-
- poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if(poolp == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- /* prepare authenticated safe for encode */
- asafe = sec_pkcs12_new_asafe(poolp);
- if(asafe != NULL) {
-
- /* set version */
- dummy = SEC_ASN1EncodeInteger(asafe->poolp, &asafe->version,
- SEC_PKCS12_PFX_VERSION);
- if(dummy == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
- goto loser;
- }
-
- /* generate the privacy salt used to create virtual pwd */
- psalt = sec_pkcs12_generate_salt();
- if(psalt != NULL) {
- rv = SECITEM_CopyItem(asafe->poolp, &asafe->privacySalt,
- psalt);
- if(rv == SECSuccess) {
- asafe->privacySalt.len *= 8;
- }
- else {
- SECITEM_ZfreeItem(psalt, PR_TRUE);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- }
-
- if((psalt == NULL) || (rv == SECFailure)) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
- goto loser;
- }
-
- /* package up safe contents */
- if(safe != NULL)
- {
- safe_cinfo = SEC_PKCS7CreateEncryptedData(algorithm, NULL, wincx);
- if((safe_cinfo != NULL) && (safe->safe_size > 0)) {
- /* encode the safe and encrypt the contents of the
- * content info
- */
- src = sec_pkcs12_encode_safe_contents(safe);
-
- if(src != NULL) {
- rv = SEC_PKCS7SetContent(safe_cinfo, (char *)src->data, src->len);
- SECITEM_ZfreeItem(src, PR_TRUE);
- if(rv == SECSuccess) {
- SECItem *vpwd;
- vpwd = sec_pkcs12_create_virtual_password(pwitem, psalt,
- unicodeFn, swapUnicodeBytes);
- if(vpwd != NULL) {
- rv = SEC_PKCS7EncryptContents(NULL, safe_cinfo,
- vpwd, wincx);
- SECITEM_ZfreeItem(vpwd, PR_TRUE);
- } else {
- rv = SECFailure;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- } else {
- rv = SECFailure;
- }
- } else if(safe->safe_size > 0) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- } else {
- /* case where there is NULL content in the safe contents */
- rv = SEC_PKCS7SetContent(safe_cinfo, NULL, 0);
- if(rv != SECFailure) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- }
-
- if(rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo(safe_cinfo);
- safe_cinfo = NULL;
- goto loser;
- }
-
- asafe->safe = safe_cinfo;
- /*
- PORT_Memcpy(&asafe->safe, safe_cinfo, sizeof(*safe_cinfo));
- */
- }
-
- /* copy the baggage to the authenticated safe baggage if present */
- if(baggage != NULL) {
- PORT_Memcpy(&asafe->baggage, baggage, sizeof(*baggage));
- }
-
- /* encode authenticated safe and store it in a Data content info */
- dest = (SECItem *)PORT_ArenaZAlloc(poolp, sizeof(SECItem));
- if(dest != NULL) {
- dummy = SEC_ASN1EncodeItem(poolp, dest, asafe,
- SEC_PKCS12AuthenticatedSafeTemplate);
- if(dummy != NULL) {
- asafe_cinfo = SEC_PKCS7CreateData();
- if(asafe_cinfo != NULL) {
- rv = SEC_PKCS7SetContent(asafe_cinfo,
- (char *)dest->data,
- dest->len);
- if(rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- SEC_PKCS7DestroyContentInfo(asafe_cinfo);
- asafe_cinfo = NULL;
- }
- }
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
- }
- }
- }
-
-loser:
- PORT_FreeArena(poolp, PR_TRUE);
- if(safe_cinfo != NULL) {
- SEC_PKCS7DestroyContentInfo(safe_cinfo);
- }
- if(psalt != NULL) {
- SECITEM_ZfreeItem(psalt, PR_TRUE);
- }
-
- if(rv == SECFailure) {
- return NULL;
- }
-
- return asafe_cinfo;
-}
-
-/* generates the PFX and computes the mac on the authenticated safe
- * NULL implies an error
- */
-static SEC_PKCS12PFXItem *
-sec_pkcs12_get_pfx(SEC_PKCS7ContentInfo *cinfo,
- PRBool do_mac,
- SECItem *pwitem, PKCS12UnicodeConvertFunction unicodeFn)
-{
- SECItem *dest = NULL, *mac = NULL, *salt = NULL, *key = NULL;
- SEC_PKCS12PFXItem *pfx;
- SECStatus rv = SECFailure;
- SGNDigestInfo *di;
- SECItem *vpwd;
- PRBool swapUnicodeBytes = PR_FALSE;
-
-#ifdef IS_LITTLE_ENDIAN
- swapUnicodeBytes = PR_TRUE;
-#endif
-
- if((cinfo == NULL) || ((do_mac == PR_TRUE) && (pwitem == NULL))) {
- return NULL;
- }
-
- /* allocate new pfx structure */
- pfx = sec_pkcs12_new_pfx();
- if(pfx == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- PORT_Memcpy(&pfx->authSafe, cinfo, sizeof(*cinfo));
- if(do_mac == PR_TRUE) {
-
- /* salt for computing mac */
- salt = sec_pkcs12_generate_salt();
- if(salt != NULL) {
- rv = SECITEM_CopyItem(pfx->poolp, &pfx->macData.macSalt, salt);
- pfx->macData.macSalt.len *= 8;
-
- vpwd = sec_pkcs12_create_virtual_password(pwitem, salt,
- unicodeFn, swapUnicodeBytes);
- if(vpwd == NULL) {
- rv = SECFailure;
- key = NULL;
- } else {
- key = sec_pkcs12_generate_key_from_password(SEC_OID_SHA1,
- salt, vpwd);
- SECITEM_ZfreeItem(vpwd, PR_TRUE);
- }
-
- if((key != NULL) && (rv == SECSuccess)) {
- dest = SEC_PKCS7GetContent(cinfo);
- if(dest != NULL) {
-
- /* compute mac on data -- for password integrity mode */
- mac = sec_pkcs12_generate_mac(key, dest, PR_FALSE);
- if(mac != NULL) {
- di = SGN_CreateDigestInfo(SEC_OID_SHA1,
- mac->data, mac->len);
- if(di != NULL) {
- rv = SGN_CopyDigestInfo(pfx->poolp,
- &pfx->macData.safeMac, di);
- SGN_DestroyDigestInfo(di);
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- SECITEM_ZfreeItem(mac, PR_TRUE);
- }
- } else {
- rv = SECFailure;
- }
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
- }
-
- if(key != NULL) {
- SECITEM_ZfreeItem(key, PR_TRUE);
- }
- SECITEM_ZfreeItem(salt, PR_TRUE);
- }
- }
-
- if(rv == SECFailure) {
- SEC_PKCS12DestroyPFX(pfx);
- pfx = NULL;
- }
-
- return pfx;
-}
-
-/* der encode the pfx */
-static SECItem *
-sec_pkcs12_encode_pfx(SEC_PKCS12PFXItem *pfx)
-{
- SECItem *dest;
- void *dummy;
-
- if(pfx == NULL) {
- return NULL;
- }
-
- dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(dest == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- dummy = SEC_ASN1EncodeItem(NULL, dest, pfx, SEC_PKCS12PFXItemTemplate);
- if(dummy == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- SECITEM_ZfreeItem(dest, PR_TRUE);
- dest = NULL;
- }
-
- return dest;
-}
-
-SECItem *
-SEC_PKCS12GetPFX(char **nicknames,
- CERTCertificate **ref_certs,
- PRBool shroud_keys,
- SEC_PKCS5GetPBEPassword pbef,
- void *pbearg,
- PKCS12UnicodeConvertFunction unicodeFn,
- void *wincx)
-{
- SECItem **nicks = NULL;
- SEC_PKCS12PFXItem *pfx = NULL;
- SEC_PKCS12Baggage *baggage = NULL;
- SEC_PKCS12SafeContents *safe = NULL;
- SEC_PKCS7ContentInfo *cinfo = NULL;
- SECStatus rv = SECFailure;
- SECItem *dest = NULL, *pwitem = NULL;
- PRBool problem = PR_FALSE;
- PRBool unencryptedCerts;
- SECOidTag shroud_alg, safe_alg;
-
- /* how should we encrypt certs ? */
- unencryptedCerts = !SEC_PKCS12IsEncryptionAllowed();
- if(!unencryptedCerts) {
- safe_alg = SEC_PKCS12GetPreferredEncryptionAlgorithm();
- if(safe_alg == SEC_OID_UNKNOWN) {
- safe_alg = SEC_PKCS12GetStrongestAllowedAlgorithm();
- }
- if(safe_alg == SEC_OID_UNKNOWN) {
- unencryptedCerts = PR_TRUE;
- /* for export where no encryption is allowed, we still need
- * to encrypt the NULL contents per the spec. encrypted info
- * is known plaintext, so it shouldn't be a problem.
- */
- safe_alg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
- }
- } else {
- /* for export where no encryption is allowed, we still need
- * to encrypt the NULL contents per the spec. encrypted info
- * is known plaintext, so it shouldn't be a problem.
- */
- safe_alg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
- }
-
- /* keys are always stored with triple DES */
- shroud_alg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC;
-
- /* check for FIPS, if so, do not encrypt certs */
- if(PK11_IsFIPS() && !unencryptedCerts) {
- unencryptedCerts = PR_TRUE;
- }
-
- if((nicknames == NULL) || (pbef == NULL) || (ref_certs == NULL)) {
- problem = PR_TRUE;
- goto loser;
- }
-
-
- /* get password */
- pwitem = (*pbef)(pbearg);
- if(pwitem == NULL) {
- problem = PR_TRUE;
- goto loser;
- }
- nicks = sec_pkcs12_convert_nickname_list(nicknames);
-
- /* get safe and baggage */
- rv = sec_pkcs12_package_certs_and_keys(nicks, ref_certs, unencryptedCerts,
- &safe, &baggage, shroud_keys,
- shroud_alg, pwitem, unicodeFn, wincx);
- if(rv == SECFailure) {
- problem = PR_TRUE;
- }
-
- if((safe != NULL) && (problem == PR_FALSE)) {
- /* copy thumbprints */
- rv = sec_pkcs12_propagate_thumbprints(nicks, ref_certs, safe, baggage);
-
- /* package everything up into AuthenticatedSafe */
- cinfo = sec_pkcs12_get_auth_safe(safe, baggage,
- safe_alg, pwitem, unicodeFn, wincx);
-
- sec_pkcs12_destroy_cert_content_infos(safe, baggage);
-
- /* get the pfx and mac it */
- if(cinfo != NULL) {
- pfx = sec_pkcs12_get_pfx(cinfo, PR_TRUE, pwitem, unicodeFn);
- if(pfx != NULL) {
- dest = sec_pkcs12_encode_pfx(pfx);
- SEC_PKCS12DestroyPFX(pfx);
- }
- SEC_PKCS7DestroyContentInfo(cinfo);
- }
-
- if(safe != NULL) {
- PORT_FreeArena(safe->poolp, PR_TRUE);
- }
- } else {
- if(safe != NULL) {
- PORT_FreeArena(safe->poolp, PR_TRUE);
- }
- }
-
-loser:
- if(nicks != NULL) {
- sec_pkcs12_destroy_nickname_list(nicks);
- }
-
- if(ref_certs != NULL) {
- sec_pkcs12_destroy_certificate_list(ref_certs);
- }
-
- if(pwitem != NULL) {
- SECITEM_ZfreeItem(pwitem, PR_TRUE);
- }
-
- if(problem == PR_TRUE) {
- dest = NULL;
- }
-
- return dest;
-}
diff --git a/security/nss/lib/pkcs12/p12local.c b/security/nss/lib/pkcs12/p12local.c
deleted file mode 100644
index d6e02ad02..000000000
--- a/security/nss/lib/pkcs12/p12local.c
+++ /dev/null
@@ -1,1325 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "pkcs12.h"
-#include "secpkcs7.h"
-#include "secasn1.h"
-#include "seccomon.h"
-#include "secoid.h"
-#include "sechash.h"
-#include "secitem.h"
-#include "secerr.h"
-#include "pk11func.h"
-#include "p12local.h"
-#include "alghmac.h"
-#include "p12.h"
-
-#define SALT_LENGTH 16
-
-/* helper functions */
-/* returns proper bag type template based upon object type tag */
-const SEC_ASN1Template *
-sec_pkcs12_choose_bag_type_old(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- SEC_PKCS12SafeBag *safebag;
- SECOidData *oiddata;
-
- if (src_or_dest == NULL) {
- return NULL;
- }
-
- safebag = (SEC_PKCS12SafeBag*)src_or_dest;
-
- oiddata = safebag->safeBagTypeTag;
- if (oiddata == NULL) {
- oiddata = SECOID_FindOID(&safebag->safeBagType);
- safebag->safeBagTypeTag = oiddata;
- }
-
- switch (oiddata->offset) {
- default:
- theTemplate = SEC_PointerToAnyTemplate;
- break;
- case SEC_OID_PKCS12_KEY_BAG_ID:
- theTemplate = SEC_PointerToPKCS12KeyBagTemplate;
- break;
- case SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID:
- theTemplate = SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD;
- break;
- case SEC_OID_PKCS12_SECRET_BAG_ID:
- theTemplate = SEC_PointerToPKCS12SecretBagTemplate;
- break;
- }
- return theTemplate;
-}
-
-const SEC_ASN1Template *
-sec_pkcs12_choose_bag_type(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- SEC_PKCS12SafeBag *safebag;
- SECOidData *oiddata;
-
- if (src_or_dest == NULL) {
- return NULL;
- }
-
- safebag = (SEC_PKCS12SafeBag*)src_or_dest;
-
- oiddata = safebag->safeBagTypeTag;
- if (oiddata == NULL) {
- oiddata = SECOID_FindOID(&safebag->safeBagType);
- safebag->safeBagTypeTag = oiddata;
- }
-
- switch (oiddata->offset) {
- default:
- theTemplate = SEC_AnyTemplate;
- break;
- case SEC_OID_PKCS12_KEY_BAG_ID:
- theTemplate = SEC_PKCS12PrivateKeyBagTemplate;
- break;
- case SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID:
- theTemplate = SEC_PKCS12CertAndCRLBagTemplate;
- break;
- case SEC_OID_PKCS12_SECRET_BAG_ID:
- theTemplate = SEC_PKCS12SecretBagTemplate;
- break;
- }
- return theTemplate;
-}
-
-/* returns proper cert crl template based upon type tag */
-const SEC_ASN1Template *
-sec_pkcs12_choose_cert_crl_type_old(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- SEC_PKCS12CertAndCRL *certbag;
- SECOidData *oiddata;
-
- if (src_or_dest == NULL) {
- return NULL;
- }
-
- certbag = (SEC_PKCS12CertAndCRL*)src_or_dest;
- oiddata = certbag->BagTypeTag;
- if (oiddata == NULL) {
- oiddata = SECOID_FindOID(&certbag->BagID);
- certbag->BagTypeTag = oiddata;
- }
-
- switch (oiddata->offset) {
- default:
- theTemplate = SEC_PointerToAnyTemplate;
- break;
- case SEC_OID_PKCS12_X509_CERT_CRL_BAG:
- theTemplate = SEC_PointerToPKCS12X509CertCRLTemplate_OLD;
- break;
- case SEC_OID_PKCS12_SDSI_CERT_BAG:
- theTemplate = SEC_PointerToPKCS12SDSICertTemplate;
- break;
- }
- return theTemplate;
-}
-
-const SEC_ASN1Template *
-sec_pkcs12_choose_cert_crl_type(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- SEC_PKCS12CertAndCRL *certbag;
- SECOidData *oiddata;
-
- if (src_or_dest == NULL) {
- return NULL;
- }
-
- certbag = (SEC_PKCS12CertAndCRL*)src_or_dest;
- oiddata = certbag->BagTypeTag;
- if (oiddata == NULL) {
- oiddata = SECOID_FindOID(&certbag->BagID);
- certbag->BagTypeTag = oiddata;
- }
-
- switch (oiddata->offset) {
- default:
- theTemplate = SEC_PointerToAnyTemplate;
- break;
- case SEC_OID_PKCS12_X509_CERT_CRL_BAG:
- theTemplate = SEC_PointerToPKCS12X509CertCRLTemplate;
- break;
- case SEC_OID_PKCS12_SDSI_CERT_BAG:
- theTemplate = SEC_PointerToPKCS12SDSICertTemplate;
- break;
- }
- return theTemplate;
-}
-
-/* returns appropriate shroud template based on object type tag */
-const SEC_ASN1Template *
-sec_pkcs12_choose_shroud_type(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- SEC_PKCS12ESPVKItem *espvk;
- SECOidData *oiddata;
-
- if (src_or_dest == NULL) {
- return NULL;
- }
-
- espvk = (SEC_PKCS12ESPVKItem*)src_or_dest;
- oiddata = espvk->espvkTag;
- if (oiddata == NULL) {
- oiddata = SECOID_FindOID(&espvk->espvkOID);
- espvk->espvkTag = oiddata;
- }
-
- switch (oiddata->offset) {
- default:
- theTemplate = SEC_PointerToAnyTemplate;
- break;
- case SEC_OID_PKCS12_PKCS8_KEY_SHROUDING:
- theTemplate =
- SECKEY_PointerToEncryptedPrivateKeyInfoTemplate;
- break;
- }
- return theTemplate;
-}
-
-/* generate SALT placing it into the character array passed in.
- * it is assumed that salt_dest is an array of appropriate size
- * XXX We might want to generate our own random context
- */
-SECItem *
-sec_pkcs12_generate_salt(void)
-{
- SECItem *salt;
-
- salt = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(salt == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
- salt->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) *
- SALT_LENGTH);
- salt->len = SALT_LENGTH;
- if(salt->data == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- SECITEM_ZfreeItem(salt, PR_TRUE);
- return NULL;
- }
-
- PK11_GenerateRandom(salt->data, salt->len);
-
- return salt;
-}
-
-/* generate KEYS -- as per PKCS12 section 7.
- * only used for MAC
- */
-SECItem *
-sec_pkcs12_generate_key_from_password(SECOidTag algorithm,
- SECItem *salt,
- SECItem *password)
-{
- unsigned char *pre_hash=NULL;
- unsigned char *hash_dest=NULL;
- SECStatus res;
- PRArenaPool *poolp;
- SECItem *key = NULL;
- int key_len = 0;
-
- if((salt == NULL) || (password == NULL)) {
- return NULL;
- }
-
- poolp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if(poolp == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- pre_hash = (unsigned char *)PORT_ArenaZAlloc(poolp, sizeof(char) *
- (salt->len+password->len));
- if(pre_hash == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- hash_dest = (unsigned char *)PORT_ArenaZAlloc(poolp,
- sizeof(unsigned char) * SHA1_LENGTH);
- if(hash_dest == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- PORT_Memcpy(pre_hash, salt->data, salt->len);
- /* handle password of 0 length case */
- if(password->len > 0) {
- PORT_Memcpy(&(pre_hash[salt->len]), password->data, password->len);
- }
-
- res = PK11_HashBuf(SEC_OID_SHA1, hash_dest, pre_hash,
- (salt->len+password->len));
- if(res == SECFailure) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- switch(algorithm) {
- case SEC_OID_SHA1:
- if(key_len == 0)
- key_len = 16;
- key = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(key == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- key->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char)
- * key_len);
- if(key->data == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- key->len = key_len;
- PORT_Memcpy(key->data, &hash_dest[SHA1_LENGTH-key->len], key->len);
- break;
- default:
- goto loser;
- break;
- }
-
- PORT_FreeArena(poolp, PR_TRUE);
- return key;
-
-loser:
- PORT_FreeArena(poolp, PR_TRUE);
- if(key != NULL) {
- SECITEM_ZfreeItem(key, PR_TRUE);
- }
- return NULL;
-}
-
-/* MAC is generated per PKCS 12 section 6. It is expected that key, msg
- * and mac_dest are pre allocated, non-NULL arrays. msg_len is passed in
- * because it is not known how long the message actually is. String
- * manipulation routines will not necessarily work because msg may have
- * imbedded NULLs
- */
-static SECItem *
-sec_pkcs12_generate_old_mac(SECItem *key,
- SECItem *msg)
-{
- SECStatus res;
- PRArenaPool *temparena = NULL;
- unsigned char *hash_dest=NULL, *hash_src1=NULL, *hash_src2 = NULL;
- int i;
- SECItem *mac = NULL;
-
- if((key == NULL) || (msg == NULL))
- goto loser;
-
- /* allocate return item */
- mac = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(mac == NULL)
- return NULL;
- mac->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char)
- * SHA1_LENGTH);
- mac->len = SHA1_LENGTH;
- if(mac->data == NULL)
- goto loser;
-
- /* allocate temporary items */
- temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if(temparena == NULL)
- goto loser;
-
- hash_src1 = (unsigned char *)PORT_ArenaZAlloc(temparena,
- sizeof(unsigned char) * (16+msg->len));
- if(hash_src1 == NULL)
- goto loser;
-
- hash_src2 = (unsigned char *)PORT_ArenaZAlloc(temparena,
- sizeof(unsigned char) * (SHA1_LENGTH+16));
- if(hash_src2 == NULL)
- goto loser;
-
- hash_dest = (unsigned char *)PORT_ArenaZAlloc(temparena,
- sizeof(unsigned char) * SHA1_LENGTH);
- if(hash_dest == NULL)
- goto loser;
-
- /* perform mac'ing as per PKCS 12 */
-
- /* first round of hashing */
- for(i = 0; i < 16; i++)
- hash_src1[i] = key->data[i] ^ 0x36;
- PORT_Memcpy(&(hash_src1[16]), msg->data, msg->len);
- res = PK11_HashBuf(SEC_OID_SHA1, hash_dest, hash_src1, (16+msg->len));
- if(res == SECFailure)
- goto loser;
-
- /* second round of hashing */
- for(i = 0; i < 16; i++)
- hash_src2[i] = key->data[i] ^ 0x5c;
- PORT_Memcpy(&(hash_src2[16]), hash_dest, SHA1_LENGTH);
- res = PK11_HashBuf(SEC_OID_SHA1, mac->data, hash_src2, SHA1_LENGTH+16);
- if(res == SECFailure)
- goto loser;
-
- PORT_FreeArena(temparena, PR_TRUE);
- return mac;
-
-loser:
- if(temparena != NULL)
- PORT_FreeArena(temparena, PR_TRUE);
- if(mac != NULL)
- SECITEM_ZfreeItem(mac, PR_TRUE);
- return NULL;
-}
-
-/* MAC is generated per PKCS 12 section 6. It is expected that key, msg
- * and mac_dest are pre allocated, non-NULL arrays. msg_len is passed in
- * because it is not known how long the message actually is. String
- * manipulation routines will not necessarily work because msg may have
- * imbedded NULLs
- */
-SECItem *
-sec_pkcs12_generate_mac(SECItem *key,
- SECItem *msg,
- PRBool old_method)
-{
- SECStatus res = SECFailure;
- SECItem *mac = NULL;
- HMACContext *cx;
-
- if((key == NULL) || (msg == NULL)) {
- return NULL;
- }
-
- if(old_method == PR_TRUE) {
- return sec_pkcs12_generate_old_mac(key, msg);
- }
-
- /* allocate return item */
- mac = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(mac == NULL) {
- return NULL;
- }
- mac->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char)
- * SHA1_LENGTH);
- mac->len = SHA1_LENGTH;
- if(mac->data == NULL) {
- PORT_Free(mac);
- return NULL;
- }
-
- /* compute MAC using HMAC */
- cx = HMAC_Create(SEC_OID_SHA1, key->data, key->len);
- if(cx != NULL) {
- HMAC_Begin(cx);
- HMAC_Update(cx, msg->data, msg->len);
- res = HMAC_Finish(cx, mac->data, &mac->len, SHA1_LENGTH);
- HMAC_Destroy(cx);
- }
-
-
- if(res != SECSuccess) {
- SECITEM_ZfreeItem(mac, PR_TRUE);
- mac = NULL;
- }
-
- return mac;
-}
-
-/* compute the thumbprint of the DER cert and create a digest info
- * to store it in and return the digest info.
- * a return of NULL indicates an error.
- */
-SGNDigestInfo *
-sec_pkcs12_compute_thumbprint(SECItem *der_cert)
-{
- SGNDigestInfo *thumb = NULL;
- SECItem digest;
- PRArenaPool *temparena = NULL;
- SECStatus rv = SECFailure;
-
- if(der_cert == NULL)
- return NULL;
-
- temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if(temparena == NULL) {
- return NULL;
- }
-
- digest.data = (unsigned char *)PORT_ArenaZAlloc(temparena,
- sizeof(unsigned char) *
- SHA1_LENGTH);
- /* digest data and create digest info */
- if(digest.data != NULL) {
- digest.len = SHA1_LENGTH;
- rv = PK11_HashBuf(SEC_OID_SHA1, digest.data, der_cert->data,
- der_cert->len);
- if(rv == SECSuccess) {
- thumb = SGN_CreateDigestInfo(SEC_OID_SHA1,
- digest.data,
- digest.len);
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- } else {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
-
- PORT_FreeArena(temparena, PR_TRUE);
-
- return thumb;
-}
-
-/* create a virtual password per PKCS 12, the password is converted
- * to unicode, the salt is prepended to it, and then the whole thing
- * is returned */
-SECItem *
-sec_pkcs12_create_virtual_password(SECItem *password, SECItem *salt,
- PRBool swap)
-{
- SECItem uniPwd = {siBuffer, NULL,0}, *retPwd = NULL;
-
- if((password == NULL) || (salt == NULL)) {
- return NULL;
- }
-
- if(password->len == 0) {
- uniPwd.data = (unsigned char*)PORT_ZAlloc(2);
- uniPwd.len = 2;
- if(!uniPwd.data) {
- return NULL;
- }
- } else {
- uniPwd.data = (unsigned char*)PORT_ZAlloc(password->len * 3);
- uniPwd.len = password->len * 3;
- if(!PORT_UCS2_ASCIIConversion(PR_TRUE, password->data, password->len,
- uniPwd.data, uniPwd.len, &uniPwd.len, swap)) {
- SECITEM_ZfreeItem(&uniPwd, PR_FALSE);
- return NULL;
- }
- }
-
- retPwd = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(retPwd == NULL) {
- goto loser;
- }
-
- /* allocate space and copy proper data */
- retPwd->len = uniPwd.len + salt->len;
- retPwd->data = (unsigned char *)PORT_Alloc(retPwd->len);
- if(retPwd->data == NULL) {
- PORT_Free(retPwd);
- goto loser;
- }
-
- PORT_Memcpy(retPwd->data, salt->data, salt->len);
- PORT_Memcpy((retPwd->data + salt->len), uniPwd.data, uniPwd.len);
-
- SECITEM_ZfreeItem(&uniPwd, PR_FALSE);
-
- return retPwd;
-
-loser:
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- SECITEM_ZfreeItem(&uniPwd, PR_FALSE);
- return NULL;
-}
-
-/* appends a shrouded key to a key bag. this is used for exporting
- * to store externally wrapped keys. it is used when importing to convert
- * old items to new
- */
-SECStatus
-sec_pkcs12_append_shrouded_key(SEC_PKCS12BaggageItem *bag,
- SEC_PKCS12ESPVKItem *espvk)
-{
- int size;
- void *mark = NULL, *dummy = NULL;
-
- if((bag == NULL) || (espvk == NULL))
- return SECFailure;
-
- mark = PORT_ArenaMark(bag->poolp);
-
- /* grow the list */
- size = (bag->nEspvks + 1) * sizeof(SEC_PKCS12ESPVKItem *);
- dummy = (SEC_PKCS12ESPVKItem **)PORT_ArenaGrow(bag->poolp,
- bag->espvks, size,
- size + sizeof(SEC_PKCS12ESPVKItem *));
- bag->espvks = (SEC_PKCS12ESPVKItem**)dummy;
- if(dummy == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- bag->espvks[bag->nEspvks] = espvk;
- bag->nEspvks++;
- bag->espvks[bag->nEspvks] = NULL;
-
- PORT_ArenaUnmark(bag->poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease(bag->poolp, mark);
- return SECFailure;
-}
-
-/* search a certificate list for a nickname, a thumbprint, or both
- * within a certificate bag. if the certificate could not be
- * found or an error occurs, NULL is returned;
- */
-static SEC_PKCS12CertAndCRL *
-sec_pkcs12_find_cert_in_certbag(SEC_PKCS12CertAndCRLBag *certbag,
- SECItem *nickname, SGNDigestInfo *thumbprint)
-{
- PRBool search_both = PR_FALSE, search_nickname = PR_FALSE;
- int i, j;
-
- if((certbag == NULL) || ((nickname == NULL) && (thumbprint == NULL))) {
- return NULL;
- }
-
- if(thumbprint && nickname) {
- search_both = PR_TRUE;
- }
-
- if(nickname) {
- search_nickname = PR_TRUE;
- }
-
-search_again:
- i = 0;
- while(certbag->certAndCRLs[i] != NULL) {
- SEC_PKCS12CertAndCRL *cert = certbag->certAndCRLs[i];
-
- if(SECOID_FindOIDTag(&cert->BagID) == SEC_OID_PKCS12_X509_CERT_CRL_BAG) {
-
- /* check nicknames */
- if(search_nickname) {
- if(SECITEM_CompareItem(nickname, &cert->nickname) == SECEqual) {
- return cert;
- }
- } else {
- /* check thumbprints */
- SECItem **derCertList;
-
- /* get pointer to certificate list, does not need to
- * be freed since it is within the arena which will
- * be freed later.
- */
- derCertList = SEC_PKCS7GetCertificateList(&cert->value.x509->certOrCRL);
- j = 0;
- if(derCertList != NULL) {
- while(derCertList[j] != NULL) {
- SECComparison eq;
- SGNDigestInfo *di;
- di = sec_pkcs12_compute_thumbprint(derCertList[j]);
- if(di) {
- eq = SGN_CompareDigestInfo(thumbprint, di);
- SGN_DestroyDigestInfo(di);
- if(eq == SECEqual) {
- /* copy the derCert for later reference */
- cert->value.x509->derLeafCert = derCertList[j];
- return cert;
- }
- } else {
- /* an error occurred */
- return NULL;
- }
- j++;
- }
- }
- }
- }
-
- i++;
- }
-
- if(search_both) {
- search_both = PR_FALSE;
- search_nickname = PR_FALSE;
- goto search_again;
- }
-
- return NULL;
-}
-
-/* search a key list for a nickname, a thumbprint, or both
- * within a key bag. if the key could not be
- * found or an error occurs, NULL is returned;
- */
-static SEC_PKCS12PrivateKey *
-sec_pkcs12_find_key_in_keybag(SEC_PKCS12PrivateKeyBag *keybag,
- SECItem *nickname, SGNDigestInfo *thumbprint)
-{
- PRBool search_both = PR_FALSE, search_nickname = PR_FALSE;
- int i, j;
-
- if((keybag == NULL) || ((nickname == NULL) && (thumbprint == NULL))) {
- return NULL;
- }
-
- if(keybag->privateKeys == NULL) {
- return NULL;
- }
-
- if(thumbprint && nickname) {
- search_both = PR_TRUE;
- }
-
- if(nickname) {
- search_nickname = PR_TRUE;
- }
-
-search_again:
- i = 0;
- while(keybag->privateKeys[i] != NULL) {
- SEC_PKCS12PrivateKey *key = keybag->privateKeys[i];
-
- /* check nicknames */
- if(search_nickname) {
- if(SECITEM_CompareItem(nickname, &key->pvkData.nickname) == SECEqual) {
- return key;
- }
- } else {
- /* check digests */
- SGNDigestInfo **assocCerts = key->pvkData.assocCerts;
- if((assocCerts == NULL) || (assocCerts[0] == NULL)) {
- return NULL;
- }
-
- j = 0;
- while(assocCerts[j] != NULL) {
- SECComparison eq;
- eq = SGN_CompareDigestInfo(thumbprint, assocCerts[j]);
- if(eq == SECEqual) {
- return key;
- }
- j++;
- }
- }
- i++;
- }
-
- if(search_both) {
- search_both = PR_FALSE;
- search_nickname = PR_FALSE;
- goto search_again;
- }
-
- return NULL;
-}
-
-/* seach the safe first then try the baggage bag
- * safe and bag contain certs and keys to search
- * objType is the object type to look for
- * bagType is the type of bag that was found by sec_pkcs12_find_object
- * index is the entity in safe->safeContents or bag->unencSecrets which
- * is being searched
- * nickname and thumbprint are the search criteria
- *
- * a return of null indicates no match
- */
-static void *
-sec_pkcs12_try_find(SEC_PKCS12SafeContents *safe,
- SEC_PKCS12BaggageItem *bag,
- SECOidTag objType, SECOidTag bagType, int index,
- SECItem *nickname, SGNDigestInfo *thumbprint)
-{
- PRBool searchSafe;
- int i = index;
-
- if((safe == NULL) && (bag == NULL)) {
- return NULL;
- }
-
- searchSafe = (safe == NULL ? PR_FALSE : PR_TRUE);
- switch(objType) {
- case SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID:
- if(objType == bagType) {
- SEC_PKCS12CertAndCRLBag *certBag;
-
- if(searchSafe) {
- certBag = safe->contents[i]->safeContent.certAndCRLBag;
- } else {
- certBag = bag->unencSecrets[i]->safeContent.certAndCRLBag;
- }
- return sec_pkcs12_find_cert_in_certbag(certBag, nickname,
- thumbprint);
- }
- break;
- case SEC_OID_PKCS12_KEY_BAG_ID:
- if(objType == bagType) {
- SEC_PKCS12PrivateKeyBag *keyBag;
-
- if(searchSafe) {
- keyBag = safe->contents[i]->safeContent.keyBag;
- } else {
- keyBag = bag->unencSecrets[i]->safeContent.keyBag;
- }
- return sec_pkcs12_find_key_in_keybag(keyBag, nickname,
- thumbprint);
- }
- break;
- default:
- break;
- }
-
- return NULL;
-}
-
-/* searches both the baggage and the safe areas looking for
- * object of specified type matching either the nickname or the
- * thumbprint specified.
- *
- * safe and baggage store certs and keys
- * objType is the OID for the bag type to be searched:
- * SEC_OID_PKCS12_KEY_BAG_ID, or
- * SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID
- * nickname and thumbprint are the search criteria
- *
- * if no match found, NULL returned and error set
- */
-void *
-sec_pkcs12_find_object(SEC_PKCS12SafeContents *safe,
- SEC_PKCS12Baggage *baggage,
- SECOidTag objType,
- SECItem *nickname,
- SGNDigestInfo *thumbprint)
-{
- int i, j;
- void *retItem;
-
- if(((safe == NULL) && (thumbprint == NULL)) ||
- ((nickname == NULL) && (thumbprint == NULL))) {
- return NULL;
- }
-
- i = 0;
- if((safe != NULL) && (safe->contents != NULL)) {
- while(safe->contents[i] != NULL) {
- SECOidTag bagType = SECOID_FindOIDTag(&safe->contents[i]->safeBagType);
- retItem = sec_pkcs12_try_find(safe, NULL, objType, bagType, i,
- nickname, thumbprint);
- if(retItem != NULL) {
- return retItem;
- }
- i++;
- }
- }
-
- if((baggage != NULL) && (baggage->bags != NULL)) {
- i = 0;
- while(baggage->bags[i] != NULL) {
- SEC_PKCS12BaggageItem *xbag = baggage->bags[i];
- j = 0;
- if(xbag->unencSecrets != NULL) {
- while(xbag->unencSecrets[j] != NULL) {
- SECOidTag bagType;
- bagType = SECOID_FindOIDTag(&xbag->unencSecrets[j]->safeBagType);
- retItem = sec_pkcs12_try_find(NULL, xbag, objType, bagType,
- j, nickname, thumbprint);
- if(retItem != NULL) {
- return retItem;
- }
- j++;
- }
- }
- i++;
- }
- }
-
- PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME);
- return NULL;
-}
-
-/* this function converts a password to unicode and encures that the
- * required double 0 byte be placed at the end of the string
- */
-PRBool
-sec_pkcs12_convert_item_to_unicode(PRArenaPool *arena, SECItem *dest,
- SECItem *src, PRBool zeroTerm,
- PRBool asciiConvert, PRBool toUnicode)
-{
- PRBool success = PR_FALSE;
- if(!src || !dest) {
- return PR_FALSE;
- }
-
- dest->len = src->len * 3 + 2;
- if(arena) {
- dest->data = (unsigned char*)PORT_ArenaZAlloc(arena, dest->len);
- } else {
- dest->data = (unsigned char*)PORT_ZAlloc(dest->len);
- }
-
- if(!dest->data) {
- dest->len = 0;
- return PR_FALSE;
- }
-
- if(!asciiConvert) {
- success = PORT_UCS2_UTF8Conversion(toUnicode, src->data, src->len, dest->data,
- dest->len, &dest->len);
- } else {
-#ifndef IS_LITTLE_ENDIAN
- PRBool swapUnicode = PR_FALSE;
-#else
- PRBool swapUnicode = PR_TRUE;
-#endif
- success = PORT_UCS2_ASCIIConversion(toUnicode, src->data, src->len, dest->data,
- dest->len, &dest->len, swapUnicode);
- }
-
- if(!success) {
- if(!arena) {
- PORT_Free(dest->data);
- dest->data = NULL;
- dest->len = 0;
- }
- return PR_FALSE;
- }
-
- if((dest->data[dest->len-1] || dest->data[dest->len-2]) && zeroTerm) {
- if(dest->len + 2 > 3 * src->len) {
- if(arena) {
- dest->data = (unsigned char*)PORT_ArenaGrow(arena,
- dest->data, dest->len,
- dest->len + 2);
- } else {
- dest->data = (unsigned char*)PORT_Realloc(dest->data,
- dest->len + 2);
- }
-
- if(!dest->data) {
- return PR_FALSE;
- }
- }
- dest->len += 2;
- dest->data[dest->len-1] = dest->data[dest->len-2] = 0;
- }
-
- return PR_TRUE;
-}
-
-/* pkcs 12 templates */
-static SEC_ChooseASN1TemplateFunc sec_pkcs12_shroud_chooser =
- sec_pkcs12_choose_shroud_type;
-
-const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SafeBag) },
- { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12SafeBag, safeBagType) },
- { SEC_ASN1_ANY, offsetof(SEC_PKCS12SafeBag, derSafeContent) },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRL) },
- { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12CertAndCRL, BagID) },
- { SEC_ASN1_ANY, offsetof(SEC_PKCS12CertAndCRL, derValue) },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[] =
-{
- { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12CertAndCRLBag, certAndCRLs),
- SEC_PKCS12CodedCertBagTemplate },
-};
-
-const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12ESPVKItem) },
- { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12ESPVKItem, espvkOID) },
- { SEC_ASN1_INLINE, offsetof(SEC_PKCS12ESPVKItem, espvkData),
- SEC_PKCS12PVKSupportingDataTemplate_OLD },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_DYNAMIC | 0, offsetof(SEC_PKCS12ESPVKItem, espvkCipherText),
- &sec_pkcs12_shroud_chooser },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12ESPVKItem) },
- { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12ESPVKItem, espvkOID) },
- { SEC_ASN1_INLINE, offsetof(SEC_PKCS12ESPVKItem, espvkData),
- SEC_PKCS12PVKSupportingDataTemplate },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_DYNAMIC | 0, offsetof(SEC_PKCS12ESPVKItem, espvkCipherText),
- &sec_pkcs12_shroud_chooser },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12PVKAdditionalDataTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PVKAdditionalData) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(SEC_PKCS12PVKAdditionalData, pvkAdditionalType) },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS12PVKAdditionalData, pvkAdditionalContent) },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PVKSupportingData) },
- { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12PVKSupportingData, assocCerts),
- sgn_DigestInfoTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,
- offsetof(SEC_PKCS12PVKSupportingData, regenerable) },
- { SEC_ASN1_PRINTABLE_STRING,
- offsetof(SEC_PKCS12PVKSupportingData, nickname) },
- { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
- offsetof(SEC_PKCS12PVKSupportingData, pvkAdditionalDER) },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PVKSupportingData) },
- { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12PVKSupportingData, assocCerts),
- sgn_DigestInfoTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,
- offsetof(SEC_PKCS12PVKSupportingData, regenerable) },
- { SEC_ASN1_BMP_STRING,
- offsetof(SEC_PKCS12PVKSupportingData, uniNickName) },
- { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
- offsetof(SEC_PKCS12PVKSupportingData, pvkAdditionalDER) },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12BaggageItemTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12BaggageItem) },
- { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12BaggageItem, espvks),
- SEC_PKCS12ESPVKItemTemplate },
- { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12BaggageItem, unencSecrets),
- SEC_PKCS12SafeBagTemplate },
- /*{ SEC_ASN1_SET_OF, offsetof(SEC_PKCS12BaggageItem, unencSecrets),
- SEC_PKCS12CodedSafeBagTemplate }, */
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12BaggageTemplate[] =
-{
- { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12Baggage, bags),
- SEC_PKCS12BaggageItemTemplate },
-};
-
-const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[] =
-{
- { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12Baggage_OLD, espvks),
- SEC_PKCS12ESPVKItemTemplate_OLD },
-};
-
-static SEC_ChooseASN1TemplateFunc sec_pkcs12_bag_chooser =
- sec_pkcs12_choose_bag_type;
-
-static SEC_ChooseASN1TemplateFunc sec_pkcs12_bag_chooser_old =
- sec_pkcs12_choose_bag_type_old;
-
-const SEC_ASN1Template SEC_PKCS12SafeBagTemplate_OLD[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SafeBag) },
- { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12SafeBag, safeBagType) },
- { SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS12SafeBag, safeContent),
- &sec_pkcs12_bag_chooser_old },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SafeBag) },
- { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12SafeBag, safeBagType) },
- { SEC_ASN1_DYNAMIC | SEC_ASN1_POINTER,
- offsetof(SEC_PKCS12SafeBag, safeContent),
- &sec_pkcs12_bag_chooser },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BMP_STRING,
- offsetof(SEC_PKCS12SafeBag, uniSafeBagName) },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[] =
-{
- { SEC_ASN1_SET_OF,
- offsetof(SEC_PKCS12SafeContents, contents),
- SEC_PKCS12SafeBagTemplate_OLD }
-};
-
-const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[] =
-{
- { SEC_ASN1_SET_OF,
- offsetof(SEC_PKCS12SafeContents, contents),
- SEC_PKCS12SafeBagTemplate } /* here */
-};
-
-const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PrivateKey) },
- { SEC_ASN1_INLINE, offsetof(SEC_PKCS12PrivateKey, pvkData),
- SEC_PKCS12PVKSupportingDataTemplate },
- { SEC_ASN1_INLINE, offsetof(SEC_PKCS12PrivateKey, pkcs8data),
- SECKEY_PrivateKeyInfoTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PrivateKeyBag) },
- { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12PrivateKeyBag, privateKeys),
- SEC_PKCS12PrivateKeyTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12X509CertCRL) },
- { SEC_ASN1_INLINE, offsetof(SEC_PKCS12X509CertCRL, certOrCRL),
- sec_PKCS7ContentInfoTemplate },
- { SEC_ASN1_INLINE, offsetof(SEC_PKCS12X509CertCRL, thumbprint),
- sgn_DigestInfoTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12X509CertCRL) },
- { SEC_ASN1_INLINE, offsetof(SEC_PKCS12X509CertCRL, certOrCRL),
- sec_PKCS7ContentInfoTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12X509CertCRL) },
- { SEC_ASN1_IA5_STRING, offsetof(SEC_PKCS12SDSICert, value) },
- { 0 }
-};
-
-static SEC_ChooseASN1TemplateFunc sec_pkcs12_cert_crl_chooser_old =
- sec_pkcs12_choose_cert_crl_type_old;
-
-static SEC_ChooseASN1TemplateFunc sec_pkcs12_cert_crl_chooser =
- sec_pkcs12_choose_cert_crl_type;
-
-const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate_OLD[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRL) },
- { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12CertAndCRL, BagID) },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_EXPLICIT |
- SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED | 0,
- offsetof(SEC_PKCS12CertAndCRL, value),
- &sec_pkcs12_cert_crl_chooser_old },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRL) },
- { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12CertAndCRL, BagID) },
- { SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS12CertAndCRL, value),
- &sec_pkcs12_cert_crl_chooser },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[] =
-{
- { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12CertAndCRLBag, certAndCRLs),
- SEC_PKCS12CertAndCRLTemplate },
-};
-
-const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate_OLD[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRLBag) },
- { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12CertAndCRLBag, certAndCRLs),
- SEC_PKCS12CertAndCRLTemplate_OLD },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SecretAdditional) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(SEC_PKCS12SecretAdditional, secretAdditionalType) },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_EXPLICIT,
- offsetof(SEC_PKCS12SecretAdditional, secretAdditionalContent) },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12SecretTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12Secret) },
- { SEC_ASN1_BMP_STRING, offsetof(SEC_PKCS12Secret, uniSecretName) },
- { SEC_ASN1_ANY, offsetof(SEC_PKCS12Secret, value) },
- { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
- offsetof(SEC_PKCS12Secret, secretAdditional),
- SEC_PKCS12SecretAdditionalTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12Secret) },
- { SEC_ASN1_INLINE | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS12SecretItem, secret), SEC_PKCS12SecretTemplate },
- { SEC_ASN1_INLINE | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(SEC_PKCS12SecretItem, subFolder), SEC_PKCS12SafeBagTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[] =
-{
- { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12SecretBag, secrets),
- SEC_PKCS12SecretItemTemplate },
-};
-
-const SEC_ASN1Template SEC_PKCS12MacDataTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PFXItem) },
- { SEC_ASN1_INLINE, offsetof(SEC_PKCS12MacData, safeMac),
- sgn_DigestInfoTemplate },
- { SEC_ASN1_BIT_STRING, offsetof(SEC_PKCS12MacData, macSalt) },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PFXItem) },
- { SEC_ASN1_OPTIONAL |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS12PFXItem, macData), SEC_PKCS12MacDataTemplate },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(SEC_PKCS12PFXItem, authSafe),
- sec_PKCS7ContentInfoTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PFXItem) },
- { SEC_ASN1_OPTIONAL |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS12PFXItem, old_safeMac), sgn_DigestInfoTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING,
- offsetof(SEC_PKCS12PFXItem, old_macSalt) },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(SEC_PKCS12PFXItem, authSafe),
- sec_PKCS7ContentInfoTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12AuthenticatedSafe) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
- offsetof(SEC_PKCS12AuthenticatedSafe, version) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_OBJECT_ID,
- offsetof(SEC_PKCS12AuthenticatedSafe, transportMode) },
- { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL,
- offsetof(SEC_PKCS12AuthenticatedSafe, privacySalt) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_SET_OF,
- offsetof(SEC_PKCS12AuthenticatedSafe, baggage.bags),
- SEC_PKCS12BaggageItemTemplate },
- { SEC_ASN1_POINTER,
- offsetof(SEC_PKCS12AuthenticatedSafe, safe),
- sec_PKCS7ContentInfoTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12AuthenticatedSafe) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
- offsetof(SEC_PKCS12AuthenticatedSafe, version) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
- offsetof(SEC_PKCS12AuthenticatedSafe, transportMode) },
- { SEC_ASN1_BIT_STRING,
- offsetof(SEC_PKCS12AuthenticatedSafe, privacySalt) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS12AuthenticatedSafe, old_baggage),
- SEC_PKCS12BaggageTemplate_OLD },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(SEC_PKCS12AuthenticatedSafe, old_safe),
- sec_PKCS7ContentInfoTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[] =
-{
- { SEC_ASN1_POINTER, 0, SEC_PKCS12PrivateKeyBagTemplate }
-};
-
-const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[] =
-{
- { SEC_ASN1_POINTER, 0, SEC_PKCS12CertAndCRLBagTemplate_OLD }
-};
-
-const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[] =
-{
- { SEC_ASN1_POINTER, 0, SEC_PKCS12CertAndCRLBagTemplate }
-};
-
-const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[] =
-{
- { SEC_ASN1_POINTER, 0, SEC_PKCS12SecretBagTemplate }
-};
-
-const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[] =
-{
- { SEC_ASN1_POINTER, 0, SEC_PKCS12X509CertCRLTemplate_OLD }
-};
-
-const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[] =
-{
- { SEC_ASN1_POINTER, 0, SEC_PKCS12X509CertCRLTemplate }
-};
-
-const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[] =
-{
- { SEC_ASN1_POINTER, 0, SEC_PKCS12SDSICertTemplate }
-};
-
-
diff --git a/security/nss/lib/pkcs12/p12local.h b/security/nss/lib/pkcs12/p12local.h
deleted file mode 100644
index af56d9ceb..000000000
--- a/security/nss/lib/pkcs12/p12local.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#ifndef _P12LOCAL_H_
-#define _P12LOCAL_H_
-
-#include "plarena.h"
-#include "secoidt.h"
-#include "secasn1.h"
-#include "secder.h"
-#include "certt.h"
-#include "secpkcs7.h"
-#include "pkcs12.h"
-#include "p12.h"
-
-/* helper functions */
-extern const SEC_ASN1Template *
-sec_pkcs12_choose_bag_type(void *src_or_dest, PRBool encoding);
-extern const SEC_ASN1Template *
-sec_pkcs12_choose_cert_crl_type(void *src_or_dest, PRBool encoding);
-extern const SEC_ASN1Template *
-sec_pkcs12_choose_shroud_type(void *src_or_dest, PRBool encoding);
-extern SECItem *sec_pkcs12_generate_salt(void);
-extern SECItem *sec_pkcs12_generate_key_from_password(SECOidTag algorithm,
- SECItem *salt, SECItem *password);
-extern SECItem *sec_pkcs12_generate_mac(SECItem *key, SECItem *msg,
- PRBool old_method);
-extern SGNDigestInfo *sec_pkcs12_compute_thumbprint(SECItem *der_cert);
-extern SECItem *sec_pkcs12_create_virtual_password(SECItem *password,
- SECItem *salt, PRBool swapUnicodeBytes);
-extern SECStatus sec_pkcs12_append_shrouded_key(SEC_PKCS12BaggageItem *bag,
- SEC_PKCS12ESPVKItem *espvk);
-extern void *sec_pkcs12_find_object(SEC_PKCS12SafeContents *safe,
- SEC_PKCS12Baggage *baggage, SECOidTag objType,
- SECItem *nickname, SGNDigestInfo *thumbprint);
-extern PRBool sec_pkcs12_convert_item_to_unicode(PRArenaPool *arena, SECItem *dest,
- SECItem *src, PRBool zeroTerm,
- PRBool asciiConvert, PRBool toUnicode);
-
-/* create functions */
-extern SEC_PKCS12PFXItem *sec_pkcs12_new_pfx(void);
-extern SEC_PKCS12SafeContents *sec_pkcs12_create_safe_contents(
- PRArenaPool *poolp);
-extern SEC_PKCS12Baggage *sec_pkcs12_create_baggage(PRArenaPool *poolp);
-extern SEC_PKCS12BaggageItem *sec_pkcs12_create_external_bag(SEC_PKCS12Baggage *luggage);
-extern void SEC_PKCS12DestroyPFX(SEC_PKCS12PFXItem *pfx);
-extern SEC_PKCS12AuthenticatedSafe *sec_pkcs12_new_asafe(PRArenaPool *poolp);
-
-/* conversion from old to new */
-extern SEC_PKCS12DecoderContext *
-sec_PKCS12ConvertOldSafeToNew(PRArenaPool *arena, PK11SlotInfo *slot,
- PRBool swapUnicode, SECItem *pwitem,
- void *wincx, SEC_PKCS12SafeContents *safe,
- SEC_PKCS12Baggage *baggage);
-
-#endif
diff --git a/security/nss/lib/pkcs12/p12plcy.c b/security/nss/lib/pkcs12/p12plcy.c
deleted file mode 100644
index e9616ade0..000000000
--- a/security/nss/lib/pkcs12/p12plcy.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#include "p12plcy.h"
-#include "secoid.h"
-#include "secport.h"
-#include "secpkcs5.h" /* LOTS of PKCS5 calls below. XXX EVIL. */
-
-#define PKCS12_NULL 0x0000
-
-typedef struct pkcs12SuiteMapStr {
- SECOidTag algTag;
- unsigned int keyLengthBits; /* in bits */
- unsigned long suite;
- PRBool allowed;
- PRBool preferred;
-} pkcs12SuiteMap;
-
-static pkcs12SuiteMap pkcs12SuiteMaps[] = {
- { SEC_OID_RC4, 40, PKCS12_RC4_40, PR_FALSE, PR_FALSE},
- { SEC_OID_RC4, 128, PKCS12_RC4_128, PR_FALSE, PR_FALSE},
- { SEC_OID_RC2_CBC, 40, PKCS12_RC2_CBC_40, PR_FALSE, PR_TRUE},
- { SEC_OID_RC2_CBC, 128, PKCS12_RC2_CBC_128, PR_FALSE, PR_FALSE},
- { SEC_OID_DES_CBC, 64, PKCS12_DES_56, PR_FALSE, PR_FALSE},
- { SEC_OID_DES_EDE3_CBC, 192, PKCS12_DES_EDE3_168, PR_FALSE, PR_FALSE},
- { SEC_OID_UNKNOWN, 0, PKCS12_NULL, PR_FALSE, PR_FALSE},
- { SEC_OID_UNKNOWN, 0, 0L, PR_FALSE, PR_FALSE}
-};
-
-/* determine if algid is an algorithm which is allowed */
-PRBool
-SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid)
-{
- unsigned int keyLengthBits;
- SECOidTag algId;
- int i;
-
- algId = SEC_PKCS5GetCryptoAlgorithm(algid);
- if(algId == SEC_OID_UNKNOWN) {
- return PR_FALSE;
- }
-
- keyLengthBits = (unsigned int)(SEC_PKCS5GetKeyLength(algid) * 8);
-
- i = 0;
- while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
- if((pkcs12SuiteMaps[i].algTag == algId) &&
- (pkcs12SuiteMaps[i].keyLengthBits == keyLengthBits)) {
-
- return pkcs12SuiteMaps[i].allowed;
- }
- i++;
- }
-
- return PR_FALSE;
-}
-
-/* is any encryption allowed? */
-PRBool
-SEC_PKCS12IsEncryptionAllowed(void)
-{
- int i;
-
- i = 0;
- while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
- if(pkcs12SuiteMaps[i].allowed == PR_TRUE) {
- return PR_TRUE;
- }
- i++;
- }
-
- return PR_FALSE;
-}
-
-/* get the preferred algorithm.
- */
-SECOidTag
-SEC_PKCS12GetPreferredEncryptionAlgorithm(void)
-{
- int i;
-
- i = 0;
- while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
- if((pkcs12SuiteMaps[i].preferred == PR_TRUE) &&
- (pkcs12SuiteMaps[i].allowed == PR_TRUE)) {
- return SEC_PKCS5GetPBEAlgorithm(pkcs12SuiteMaps[i].algTag,
- pkcs12SuiteMaps[i].keyLengthBits);
- }
- i++;
- }
-
- return SEC_OID_UNKNOWN;
-}
-
-/* return the strongest algorithm allowed */
-SECOidTag
-SEC_PKCS12GetStrongestAllowedAlgorithm(void)
-{
- int i, keyLengthBits = 0;
- SECOidTag algorithm = SEC_OID_UNKNOWN;
-
- i = 0;
- while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
- if((pkcs12SuiteMaps[i].allowed == PR_TRUE) &&
- (pkcs12SuiteMaps[i].keyLengthBits > (unsigned int)keyLengthBits) &&
- (pkcs12SuiteMaps[i].algTag != SEC_OID_RC4)) {
- algorithm = pkcs12SuiteMaps[i].algTag;
- keyLengthBits = pkcs12SuiteMaps[i].keyLengthBits;
- }
- i++;
- }
-
- if(algorithm == SEC_OID_UNKNOWN) {
- return SEC_OID_UNKNOWN;
- }
-
- return SEC_PKCS5GetPBEAlgorithm(algorithm, keyLengthBits);
-}
-
-SECStatus
-SEC_PKCS12EnableCipher(long which, int on)
-{
- int i;
-
- i = 0;
- while(pkcs12SuiteMaps[i].suite != 0L) {
- if(pkcs12SuiteMaps[i].suite == (unsigned long)which) {
- if(on) {
- pkcs12SuiteMaps[i].allowed = PR_TRUE;
- } else {
- pkcs12SuiteMaps[i].allowed = PR_FALSE;
- }
- return SECSuccess;
- }
- i++;
- }
-
- return SECFailure;
-}
-
-SECStatus
-SEC_PKCS12SetPreferredCipher(long which, int on)
-{
- int i;
- PRBool turnedOff = PR_FALSE;
- PRBool turnedOn = PR_FALSE;
-
- i = 0;
- while(pkcs12SuiteMaps[i].suite != 0L) {
- if(pkcs12SuiteMaps[i].preferred == PR_TRUE) {
- pkcs12SuiteMaps[i].preferred = PR_FALSE;
- turnedOff = PR_TRUE;
- }
- if(pkcs12SuiteMaps[i].suite == (unsigned long)which) {
- pkcs12SuiteMaps[i].preferred = PR_TRUE;
- turnedOn = PR_TRUE;
- }
- i++;
- }
-
- if((turnedOn) && (turnedOff)) {
- return SECSuccess;
- }
-
- return SECFailure;
-}
-
diff --git a/security/nss/lib/pkcs12/p12plcy.h b/security/nss/lib/pkcs12/p12plcy.h
deleted file mode 100644
index 1a3a9ee2f..000000000
--- a/security/nss/lib/pkcs12/p12plcy.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifndef _P12PLCY_H_
-#define _P12PLCY_H_
-
-#include "secoid.h"
-#include "ciferfam.h"
-
-/* for the algid specified, can we decrypt it ? */
-extern PRBool SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid);
-
-/* is encryption allowed? */
-extern PRBool SEC_PKCS12IsEncryptionAllowed(void);
-
-/* get the preferred encryption algorithm */
-extern SECOidTag SEC_PKCS12GetPreferredEncryptionAlgorithm(void);
-
-/* get the stronget crypto allowed (based on order in the table */
-extern SECOidTag SEC_PKCS12GetStrongestAllowedAlgorithm(void);
-
-/* enable a cipher for encryption/decryption */
-extern SECStatus SEC_PKCS12EnableCipher(long which, int on);
-
-/* return the preferred cipher for encryption */
-extern SECStatus SEC_PKCS12SetPreferredCipher(long which, int on);
-
-#endif
diff --git a/security/nss/lib/pkcs12/p12t.h b/security/nss/lib/pkcs12/p12t.h
deleted file mode 100644
index 6b9d3da1b..000000000
--- a/security/nss/lib/pkcs12/p12t.h
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _P12T_H_
-#define _P12T_H_
-
-#include "secoid.h"
-#include "key.h"
-#include "pkcs11.h"
-#include "secpkcs7.h"
-#include "secdig.h" /* for SGNDigestInfo */
-
-#define SEC_PKCS12_VERSION 3
-
-/* structure declarations */
-typedef struct sec_PKCS12PFXItemStr sec_PKCS12PFXItem;
-typedef struct sec_PKCS12MacDataStr sec_PKCS12MacData;
-typedef struct sec_PKCS12AuthenticatedSafeStr sec_PKCS12AuthenticatedSafe;
-typedef struct sec_PKCS12SafeContentsStr sec_PKCS12SafeContents;
-typedef struct sec_PKCS12SafeBagStr sec_PKCS12SafeBag;
-typedef struct sec_PKCS12PKCS8ShroudedKeyBagStr sec_PKCS12PKCS8ShroudedKeyBag;
-typedef struct sec_PKCS12CertBagStr sec_PKCS12CertBag;
-typedef struct sec_PKCS12CRLBagStr sec_PKCS12CRLBag;
-typedef struct sec_PKCS12SecretBag sec_PKCS12SecretBag;
-typedef struct sec_PKCS12AttributeStr sec_PKCS12Attribute;
-
-struct sec_PKCS12CertBagStr {
- /* what type of cert is stored? */
- SECItem bagID;
-
- /* certificate information */
- union {
- SECItem x509Cert;
- SECItem SDSICert;
- } value;
-};
-
-struct sec_PKCS12CRLBagStr {
- /* what type of cert is stored? */
- SECItem bagID;
-
- /* certificate information */
- union {
- SECItem x509CRL;
- } value;
-};
-
-struct sec_PKCS12SecretBag {
- /* what type of secret? */
- SECItem secretType;
-
- /* secret information. ssshhhh be vewy vewy quiet. */
- SECItem secretContent;
-};
-
-struct sec_PKCS12AttributeStr {
- SECItem attrType;
- SECItem **attrValue;
-};
-
-struct sec_PKCS12SafeBagStr {
-
- /* What type of bag are we using? */
- SECItem safeBagType;
-
- /* Dependent upon the type of bag being used. */
- union {
- SECKEYPrivateKeyInfo *pkcs8KeyBag;
- SECKEYEncryptedPrivateKeyInfo *pkcs8ShroudedKeyBag;
- sec_PKCS12CertBag *certBag;
- sec_PKCS12CRLBag *crlBag;
- sec_PKCS12SecretBag *secretBag;
- sec_PKCS12SafeContents *safeContents;
- } safeBagContent;
-
- sec_PKCS12Attribute **attribs;
-
- /* used locally */
- SECOidData *bagTypeTag;
- PRArenaPool *arena;
- unsigned int nAttribs;
-
- /* used for validation/importing */
- PRBool problem, noInstall, validated, hasKey, removeExisting, installed;
- int error;
-
- PRBool swapUnicodeBytes;
- PK11SlotInfo *slot;
- SECItem *pwitem;
- PRBool oldBagType;
-};
-
-struct sec_PKCS12SafeContentsStr {
- sec_PKCS12SafeBag **safeBags;
- SECItem **encodedSafeBags;
-
- /* used locally */
- PRArenaPool *arena;
- unsigned int bagCount;
-};
-
-struct sec_PKCS12MacDataStr {
- SGNDigestInfo safeMac;
- SECItem macSalt;
- SECItem iter;
-};
-
-struct sec_PKCS12PFXItemStr {
-
- SECItem version;
-
- /* Content type will either be Data (password integrity mode)
- * or signedData (public-key integrity mode)
- */
- SEC_PKCS7ContentInfo *authSafe;
- SECItem encodedAuthSafe;
-
- /* Only present in password integrity mode */
- sec_PKCS12MacData macData;
- SECItem encodedMacData;
-};
-
-struct sec_PKCS12AuthenticatedSafeStr {
- /* Content type will either be encryptedData (password privacy mode)
- * or envelopedData (public-key privacy mode)
- */
- SEC_PKCS7ContentInfo **safes;
- SECItem **encodedSafes;
-
- /* used locally */
- unsigned int safeCount;
- SECItem dummySafe;
-};
-
-extern const SEC_ASN1Template sec_PKCS12PFXItemTemplate[];
-extern const SEC_ASN1Template sec_PKCS12MacDataTemplate[];
-extern const SEC_ASN1Template sec_PKCS12AuthenticatedSafeTemplate[];
-extern const SEC_ASN1Template sec_PKCS12SafeContentsTemplate[];
-extern const SEC_ASN1Template sec_PKCS12SafeContentsDecodeTemplate[];
-extern const SEC_ASN1Template sec_PKCS12NestedSafeContentsDecodeTemplate[];
-extern const SEC_ASN1Template sec_PKCS12CertBagTemplate[];
-extern const SEC_ASN1Template sec_PKCS12CRLBagTemplate[];
-extern const SEC_ASN1Template sec_PKCS12SecretBagTemplate[];
-extern const SEC_ASN1Template sec_PKCS12PointerToCertBagTemplate[];
-extern const SEC_ASN1Template sec_PKCS12PointerToCRLBagTemplate[];
-extern const SEC_ASN1Template sec_PKCS12PointerToSecretBagTemplate[];
-extern const SEC_ASN1Template sec_PKCS12PointerToSafeContentsTemplate[];
-extern const SEC_ASN1Template sec_PKCS12AttributeTemplate[];
-extern const SEC_ASN1Template sec_PKCS12PointerToContentInfoTemplate[];
-extern const SEC_ASN1Template sec_PKCS12SafeBagTemplate[];
-
-#endif
diff --git a/security/nss/lib/pkcs12/p12tmpl.c b/security/nss/lib/pkcs12/p12tmpl.c
deleted file mode 100644
index ebaed1183..000000000
--- a/security/nss/lib/pkcs12/p12tmpl.c
+++ /dev/null
@@ -1,315 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "plarena.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "seccomon.h"
-#include "secport.h"
-#include "cert.h"
-#include "secpkcs7.h"
-#include "secasn1.h"
-#include "p12t.h"
-
-static const SEC_ASN1Template *
-sec_pkcs12_choose_safe_bag_type(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- sec_PKCS12SafeBag *safeBag;
- SECOidData *oiddata;
-
- if (src_or_dest == NULL) {
- return NULL;
- }
-
- safeBag = (sec_PKCS12SafeBag*)src_or_dest;
-
- oiddata = SECOID_FindOID(&safeBag->safeBagType);
- if(oiddata == NULL) {
- return SEC_AnyTemplate;
- }
-
- switch (oiddata->offset) {
- default:
- theTemplate = SEC_AnyTemplate;
- break;
- case SEC_OID_PKCS12_V1_KEY_BAG_ID:
- theTemplate = SECKEY_PointerToPrivateKeyInfoTemplate;
- break;
- case SEC_OID_PKCS12_V1_CERT_BAG_ID:
- theTemplate = sec_PKCS12PointerToCertBagTemplate;
- break;
- case SEC_OID_PKCS12_V1_CRL_BAG_ID:
- theTemplate = sec_PKCS12PointerToCRLBagTemplate;
- break;
- case SEC_OID_PKCS12_V1_SECRET_BAG_ID:
- theTemplate = sec_PKCS12PointerToSecretBagTemplate;
- break;
- case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
- theTemplate = SECKEY_PointerToEncryptedPrivateKeyInfoTemplate;
- break;
- case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID:
- if(encoding) {
- theTemplate = sec_PKCS12PointerToSafeContentsTemplate;
- } else {
- theTemplate = SEC_PointerToAnyTemplate;
- }
- break;
- }
- return theTemplate;
-}
-
-static const SEC_ASN1Template *
-sec_pkcs12_choose_crl_bag_type(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- sec_PKCS12CRLBag *crlbag;
- SECOidData *oiddata;
-
- if (src_or_dest == NULL) {
- return NULL;
- }
-
- crlbag = (sec_PKCS12CRLBag*)src_or_dest;
-
- oiddata = SECOID_FindOID(&crlbag->bagID);
- if(oiddata == NULL) {
- return SEC_AnyTemplate;
- }
-
- switch (oiddata->offset) {
- default:
- theTemplate = SEC_AnyTemplate;
- break;
- case SEC_OID_PKCS9_X509_CRL:
- theTemplate = SEC_OctetStringTemplate;
- break;
- }
- return theTemplate;
-}
-
-static const SEC_ASN1Template *
-sec_pkcs12_choose_cert_bag_type(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- sec_PKCS12CertBag *certbag;
- SECOidData *oiddata;
-
- if (src_or_dest == NULL) {
- return NULL;
- }
-
- certbag = (sec_PKCS12CertBag*)src_or_dest;
-
- oiddata = SECOID_FindOID(&certbag->bagID);
- if(oiddata == NULL) {
- return SEC_AnyTemplate;
- }
-
- switch (oiddata->offset) {
- default:
- theTemplate = SEC_AnyTemplate;
- break;
- case SEC_OID_PKCS9_X509_CERT:
- theTemplate = SEC_OctetStringTemplate;
- break;
- case SEC_OID_PKCS9_SDSI_CERT:
- theTemplate = SEC_IA5StringTemplate;
- break;
- }
- return theTemplate;
-}
-
-static const SEC_ASN1Template *
-sec_pkcs12_choose_attr_type(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- sec_PKCS12Attribute *attr;
- SECOidData *oiddata;
-
- if (src_or_dest == NULL) {
- return NULL;
- }
-
- attr = (sec_PKCS12Attribute*)src_or_dest;
-
- oiddata = SECOID_FindOID(&attr->attrType);
- if(oiddata == NULL) {
- return SEC_AnyTemplate;
- }
-
- switch (oiddata->offset) {
- default:
- theTemplate = SEC_AnyTemplate;
- break;
- case SEC_OID_PKCS9_FRIENDLY_NAME:
- theTemplate = SEC_BMPStringTemplate;
- break;
- case SEC_OID_PKCS9_LOCAL_KEY_ID:
- theTemplate = SEC_OctetStringTemplate;
- break;
- case SEC_OID_PKCS12_KEY_USAGE:
- theTemplate = SEC_BitStringTemplate;
- break;
- }
-
- return theTemplate;
-}
-
-
-const SEC_ASN1Template sec_PKCS12PointerToContentInfoTemplate[] = {
- { SEC_ASN1_POINTER | SEC_ASN1_MAY_STREAM, 0, sec_PKCS7ContentInfoTemplate }
-};
-
-static SEC_ChooseASN1TemplateFunc sec_pkcs12_crl_bag_chooser =
- sec_pkcs12_choose_crl_bag_type;
-
-static SEC_ChooseASN1TemplateFunc sec_pkcs12_cert_bag_chooser =
- sec_pkcs12_choose_cert_bag_type;
-
-static SEC_ChooseASN1TemplateFunc sec_pkcs12_safe_bag_chooser =
- sec_pkcs12_choose_safe_bag_type;
-
-static SEC_ChooseASN1TemplateFunc sec_pkcs12_attr_chooser =
- sec_pkcs12_choose_attr_type;
-
-const SEC_ASN1Template sec_PKCS12PointerToCertBagTemplate[] = {
- { SEC_ASN1_POINTER, 0, sec_PKCS12CertBagTemplate }
-};
-
-const SEC_ASN1Template sec_PKCS12PointerToCRLBagTemplate[] = {
- { SEC_ASN1_POINTER, 0, sec_PKCS12CRLBagTemplate }
-};
-
-const SEC_ASN1Template sec_PKCS12PointerToSecretBagTemplate[] = {
- { SEC_ASN1_POINTER, 0, sec_PKCS12SecretBagTemplate }
-};
-
-const SEC_ASN1Template sec_PKCS12PointerToSafeContentsTemplate[] = {
- { SEC_ASN1_POINTER, 0, sec_PKCS12SafeContentsTemplate }
-};
-
-const SEC_ASN1Template sec_PKCS12PFXItemTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM, 0, NULL,
- sizeof(sec_PKCS12PFXItem) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
- offsetof(sec_PKCS12PFXItem, version) },
- { SEC_ASN1_ANY | SEC_ASN1_MAY_STREAM,
- offsetof(sec_PKCS12PFXItem, encodedAuthSafe) },
- { SEC_ASN1_ANY | SEC_ASN1_MAY_STREAM,
- offsetof(sec_PKCS12PFXItem, encodedMacData) },
- { 0 }
-};
-
-const SEC_ASN1Template sec_PKCS12MacDataTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(sec_PKCS12MacData) },
- { SEC_ASN1_INLINE, offsetof(sec_PKCS12MacData, safeMac),
- sgn_DigestInfoTemplate },
- { SEC_ASN1_OCTET_STRING, offsetof(sec_PKCS12MacData, macSalt) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER, offsetof(sec_PKCS12MacData, iter) },
- { 0 }
-};
-
-const SEC_ASN1Template sec_PKCS12AuthenticatedSafeTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM,
- offsetof(sec_PKCS12AuthenticatedSafe, encodedSafes), SEC_AnyTemplate }
-};
-
-const SEC_ASN1Template sec_PKCS12SafeBagTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM, 0, NULL,
- sizeof(sec_PKCS12SafeBag) },
- { SEC_ASN1_OBJECT_ID, offsetof(sec_PKCS12SafeBag, safeBagType) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_MAY_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(sec_PKCS12SafeBag, safeBagContent),
- &sec_pkcs12_safe_bag_chooser },
- { SEC_ASN1_SET_OF | SEC_ASN1_OPTIONAL, offsetof(sec_PKCS12SafeBag, attribs),
- sec_PKCS12AttributeTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template sec_PKCS12SafeContentsTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM,
- offsetof(sec_PKCS12SafeContents, safeBags),
- sec_PKCS12SafeBagTemplate }
-};
-
-const SEC_ASN1Template sec_PKCS12SequenceOfAnyTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM, 0,
- SEC_AnyTemplate }
-};
-
-const SEC_ASN1Template sec_PKCS12NestedSafeContentsDecodeTemplate[] = {
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
- offsetof(sec_PKCS12SafeContents, encodedSafeBags),
- sec_PKCS12SequenceOfAnyTemplate }
-};
-
-const SEC_ASN1Template sec_PKCS12SafeContentsDecodeTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM,
- offsetof(sec_PKCS12SafeContents, encodedSafeBags),
- SEC_AnyTemplate }
-};
-
-const SEC_ASN1Template sec_PKCS12CRLBagTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(sec_PKCS12CRLBag) },
- { SEC_ASN1_OBJECT_ID, offsetof(sec_PKCS12CRLBag, bagID) },
- { SEC_ASN1_DYNAMIC | SEC_ASN1_POINTER,
- offsetof(sec_PKCS12CRLBag, value), &sec_pkcs12_crl_bag_chooser },
- { 0 }
-};
-
-const SEC_ASN1Template sec_PKCS12CertBagTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(sec_PKCS12CertBag) },
- { SEC_ASN1_OBJECT_ID, offsetof(sec_PKCS12CertBag, bagID) },
- { SEC_ASN1_DYNAMIC | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(sec_PKCS12CertBag, value), &sec_pkcs12_cert_bag_chooser },
- { 0 }
-};
-
-const SEC_ASN1Template sec_PKCS12SecretBagTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(sec_PKCS12SecretBag) },
- { SEC_ASN1_OBJECT_ID, offsetof(sec_PKCS12SecretBag, secretType) },
- { SEC_ASN1_ANY, offsetof(sec_PKCS12SecretBag, secretContent) },
- { 0 }
-};
-
-const SEC_ASN1Template sec_PKCS12AttributeTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(sec_PKCS12Attribute) },
- { SEC_ASN1_OBJECT_ID, offsetof(sec_PKCS12Attribute, attrType) },
- { SEC_ASN1_SET_OF | SEC_ASN1_DYNAMIC,
- offsetof(sec_PKCS12Attribute, attrValue),
- &sec_pkcs12_attr_chooser },
- { 0 }
-};
diff --git a/security/nss/lib/pkcs12/pkcs12.h b/security/nss/lib/pkcs12/pkcs12.h
deleted file mode 100644
index dd9d99594..000000000
--- a/security/nss/lib/pkcs12/pkcs12.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-
-#ifndef _PKCS12_H_
-#define _PKCS12_H_
-
-#include "pkcs12t.h"
-#include "p12.h"
-
-typedef SECItem * (* SEC_PKCS12GetPassword)(void *arg);
-
-/* Decode functions */
-/* Import a PFX item.
- * der_pfx is the der-encoded pfx item to import.
- * pbef, and pbefarg are used to retrieve passwords for the HMAC,
- * and any passwords needed for passing to PKCS5 encryption
- * routines.
- * algorithm is the algorithm by which private keys are stored in
- * the key database. this could be a specific algorithm or could
- * be based on a global setting.
- * slot is the slot to where the certificates will be placed. if NULL,
- * the internal key slot is used.
- * If the process is successful, a SECSuccess is returned, otherwise
- * a failure occurred.
- */
-SECStatus
-SEC_PKCS12PutPFX(SECItem *der_pfx, SECItem *pwitem,
- SEC_PKCS12NicknameCollisionCallback ncCall,
- PK11SlotInfo *slot, void *wincx);
-
-/* check the first two bytes of a file to make sure that it matches
- * the desired header for a PKCS 12 file
- */
-PRBool SEC_PKCS12ValidData(char *buf, int bufLen, long int totalLength);
-
-#endif
diff --git a/security/nss/lib/pkcs12/pkcs12t.h b/security/nss/lib/pkcs12/pkcs12t.h
deleted file mode 100644
index 53c36c3f7..000000000
--- a/security/nss/lib/pkcs12/pkcs12t.h
+++ /dev/null
@@ -1,386 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _PKCS12T_H_
-#define _PKCS12T_H_
-
-#include "seccomon.h"
-#include "secoid.h"
-#include "cert.h"
-#include "key.h"
-#include "plarena.h"
-#include "secpkcs7.h"
-#include "secdig.h" /* for SGNDigestInfo */
-
-/* PKCS12 Structures */
-typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem;
-typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData;
-typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe;
-typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem;
-typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage;
-typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD;
-typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem;
-typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData;
-typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData;
-typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents;
-typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag;
-typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey;
-typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag;
-typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag;
-typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL;
-typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL;
-typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert;
-typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret;
-typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional;
-typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem;
-typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag;
-
-typedef SECItem *(* SEC_PKCS12PasswordFunc)(SECItem *args);
-
-/* PKCS12 types */
-
-/* stores shrouded keys */
-struct SEC_PKCS12BaggageStr
-{
- PRArenaPool *poolp;
- SEC_PKCS12BaggageItem **bags;
-
- int luggage_size; /* used locally */
-};
-
-/* additional data to be associated with keys. currently there
- * is nothing defined to be stored here. allows future expansion.
- */
-struct SEC_PKCS12PVKAdditionalDataStr
-{
- PRArenaPool *poolp;
- SECOidData *pvkAdditionalTypeTag; /* used locally */
- SECItem pvkAdditionalType;
- SECItem pvkAdditionalContent;
-};
-
-/* cert and other supporting data for private keys. used
- * for both shrouded and non-shrouded keys.
- */
-struct SEC_PKCS12PVKSupportingDataStr
-{
- PRArenaPool *poolp;
- SGNDigestInfo **assocCerts;
- SECItem regenerable;
- SECItem nickname;
- SEC_PKCS12PVKAdditionalData pvkAdditional;
- SECItem pvkAdditionalDER;
-
- SECItem uniNickName;
- /* used locally */
- int nThumbs;
-};
-
-/* shrouded key structure. supports only pkcs8 shrouding
- * currently.
- */
-struct SEC_PKCS12ESPVKItemStr
-{
- PRArenaPool *poolp; /* used locally */
- SECOidData *espvkTag; /* used locally */
- SECItem espvkOID;
- SEC_PKCS12PVKSupportingData espvkData;
- union
- {
- SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud;
- } espvkCipherText;
-
- PRBool duplicate; /* used locally */
- PRBool problem_cert; /* used locally */
- PRBool single_cert; /* used locally */
- int nCerts; /* used locally */
- SECItem derCert; /* used locally */
-};
-
-/* generic bag store for the safe. safeBagType identifies
- * the type of bag stored.
- */
-struct SEC_PKCS12SafeBagStr
-{
- PRArenaPool *poolp;
- SECOidData *safeBagTypeTag; /* used locally */
- SECItem safeBagType;
- union
- {
- SEC_PKCS12PrivateKeyBag *keyBag;
- SEC_PKCS12CertAndCRLBag *certAndCRLBag;
- SEC_PKCS12SecretBag *secretBag;
- } safeContent;
-
- SECItem derSafeContent;
- SECItem safeBagName;
-
- SECItem uniSafeBagName;
-};
-
-/* stores private keys and certificates in a list. each safebag
- * has an ID identifying the type of content stored.
- */
-struct SEC_PKCS12SafeContentsStr
-{
- PRArenaPool *poolp;
- SEC_PKCS12SafeBag **contents;
-
- /* used for tracking purposes */
- int safe_size;
- PRBool old;
- PRBool swapUnicode;
- PRBool possibleSwapUnicode;
-};
-
-/* private key structure which holds encrypted private key and
- * supporting data including nickname and certificate thumbprint.
- */
-struct SEC_PKCS12PrivateKeyStr
-{
- PRArenaPool *poolp;
- SEC_PKCS12PVKSupportingData pvkData;
- SECKEYPrivateKeyInfo pkcs8data; /* borrowed from PKCS 8 */
-
- PRBool duplicate; /* used locally */
- PRBool problem_cert;/* used locally */
- PRBool single_cert; /* used locally */
- int nCerts; /* used locally */
- SECItem derCert; /* used locally */
-};
-
-/* private key bag, holds a (null terminated) list of private key
- * structures.
- */
-struct SEC_PKCS12PrivateKeyBagStr
-{
- PRArenaPool *poolp;
- SEC_PKCS12PrivateKey **privateKeys;
-
- int bag_size; /* used locally */
-};
-
-/* container to hold certificates. currently supports x509
- * and sdsi certificates
- */
-struct SEC_PKCS12CertAndCRLStr
-{
- PRArenaPool *poolp;
- SECOidData *BagTypeTag; /* used locally */
- SECItem BagID;
- union
- {
- SEC_PKCS12X509CertCRL *x509;
- SEC_PKCS12SDSICert *sdsi;
- } value;
-
- SECItem derValue;
- SECItem nickname; /* used locally */
- PRBool duplicate; /* used locally */
-};
-
-/* x509 certificate structure. typically holds the der encoding
- * of the x509 certificate. thumbprint contains a digest of the
- * certificate
- */
-struct SEC_PKCS12X509CertCRLStr
-{
- PRArenaPool *poolp;
- SEC_PKCS7ContentInfo certOrCRL;
- SGNDigestInfo thumbprint;
-
- SECItem *derLeafCert; /* used locally */
-};
-
-/* sdsi certificate structure. typically holds the der encoding
- * of the sdsi certificate. thumbprint contains a digest of the
- * certificate
- */
-struct SEC_PKCS12SDSICertStr
-{
- PRArenaPool *poolp;
- SECItem value;
- SGNDigestInfo thumbprint;
-};
-
-/* contains a null terminated list of certs and crls */
-struct SEC_PKCS12CertAndCRLBagStr
-{
- PRArenaPool *poolp;
- SEC_PKCS12CertAndCRL **certAndCRLs;
-
- int bag_size; /* used locally */
-};
-
-/* additional secret information. currently no information
- * stored in this structure.
- */
-struct SEC_PKCS12SecretAdditionalStr
-{
- PRArenaPool *poolp;
- SECOidData *secretTypeTag; /* used locally */
- SECItem secretAdditionalType;
- SECItem secretAdditionalContent;
-};
-
-/* secrets container. this will be used to contain currently
- * unspecified secrets. (it's a secret)
- */
-struct SEC_PKCS12SecretStr
-{
- PRArenaPool *poolp;
- SECItem secretName;
- SECItem value;
- SEC_PKCS12SecretAdditional secretAdditional;
-
- SECItem uniSecretName;
-};
-
-struct SEC_PKCS12SecretItemStr
-{
- PRArenaPool *poolp;
- SEC_PKCS12Secret secret;
- SEC_PKCS12SafeBag subFolder;
-};
-
-/* a bag of secrets. holds a null terminated list of secrets.
- */
-struct SEC_PKCS12SecretBagStr
-{
- PRArenaPool *poolp;
- SEC_PKCS12SecretItem **secrets;
-
- int bag_size; /* used locally */
-};
-
-struct SEC_PKCS12MacDataStr
-{
- SGNDigestInfo safeMac;
- SECItem macSalt;
-};
-
-/* outer transfer unit */
-struct SEC_PKCS12PFXItemStr
-{
- PRArenaPool *poolp;
- SEC_PKCS12MacData macData;
- SEC_PKCS7ContentInfo authSafe;
-
- /* for compatibility with beta */
- PRBool old;
- SGNDigestInfo old_safeMac;
- SECItem old_macSalt;
-
- /* compatibility between platforms for unicode swapping */
- PRBool swapUnicode;
-};
-
-struct SEC_PKCS12BaggageItemStr {
- PRArenaPool *poolp;
- SEC_PKCS12ESPVKItem **espvks;
- SEC_PKCS12SafeBag **unencSecrets;
-
- int nEspvks;
- int nSecrets;
-};
-
-/* stores shrouded keys */
-struct SEC_PKCS12Baggage_OLDStr
-{
- PRArenaPool *poolp;
- SEC_PKCS12ESPVKItem **espvks;
-
- int luggage_size; /* used locally */
-};
-
-/* authenticated safe, stores certs, keys, and shrouded keys */
-struct SEC_PKCS12AuthenticatedSafeStr
-{
- PRArenaPool *poolp;
- SECItem version;
- SECOidData *transportTypeTag; /* local not part of encoding*/
- SECItem transportMode;
- SECItem privacySalt;
- SEC_PKCS12Baggage baggage;
- SEC_PKCS7ContentInfo *safe;
-
- /* used for beta compatibility */
- PRBool old;
- PRBool emptySafe;
- SEC_PKCS12Baggage_OLD old_baggage;
- SEC_PKCS7ContentInfo old_safe;
- PRBool swapUnicode;
-};
-#define SEC_PKCS12_PFX_VERSION 1 /* what we create */
-
-
-
-/* PKCS 12 Templates */
-extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[];
-extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[];
-extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[];
-extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[];
-extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[];
-extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[];
-extern const SEC_ASN1Template SGN_DigestInfoTemplate[];
-extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[];
-extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[];
-extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[];
-extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[];
-extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[];
-extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[];
-extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[];
-extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[];
-extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[];
-#endif
diff --git a/security/nss/lib/pkcs7/Makefile b/security/nss/lib/pkcs7/Makefile
deleted file mode 100644
index cb85677bc..000000000
--- a/security/nss/lib/pkcs7/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
diff --git a/security/nss/lib/pkcs7/config.mk b/security/nss/lib/pkcs7/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/pkcs7/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/pkcs7/manifest.mn b/security/nss/lib/pkcs7/manifest.mn
deleted file mode 100644
index b2b0e45d9..000000000
--- a/security/nss/lib/pkcs7/manifest.mn
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-EXPORTS = \
- secmime.h \
- secpkcs7.h \
- pkcs7t.h \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- p7local.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- p7common.c \
- p7create.c \
- p7decode.c \
- p7encode.c \
- p7local.c \
- secmime.c \
- $(NULL)
-
-REQUIRES = security dbm
-
-LIBRARY_NAME = pkcs7
diff --git a/security/nss/lib/pkcs7/p7common.c b/security/nss/lib/pkcs7/p7common.c
deleted file mode 100644
index e11a7f586..000000000
--- a/security/nss/lib/pkcs7/p7common.c
+++ /dev/null
@@ -1,738 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * PKCS7 implementation -- the exported parts that are used whether
- * creating or decoding.
- *
- * $Id$
- */
-
-#include "p7local.h"
-
-#include "cert.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "secpkcs5.h"
-#include "pk11func.h"
-
-/*
- * Find out (saving pointer to lookup result for future reference)
- * and return the inner content type.
- */
-SECOidTag
-SEC_PKCS7ContentType (SEC_PKCS7ContentInfo *cinfo)
-{
- if (cinfo->contentTypeTag == NULL)
- cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
-
- if (cinfo->contentTypeTag == NULL)
- return SEC_OID_UNKNOWN;
-
- return cinfo->contentTypeTag->offset;
-}
-
-
-/*
- * Destroy a PKCS7 contentInfo and all of its sub-pieces.
- */
-void
-SEC_PKCS7DestroyContentInfo(SEC_PKCS7ContentInfo *cinfo)
-{
- SECOidTag kind;
- CERTCertificate **certs;
- CERTCertificateList **certlists;
- SEC_PKCS7SignerInfo **signerinfos;
- SEC_PKCS7RecipientInfo **recipientinfos;
-
- PORT_Assert (cinfo->refCount > 0);
- if (cinfo->refCount <= 0)
- return;
-
- cinfo->refCount--;
- if (cinfo->refCount > 0)
- return;
-
- certs = NULL;
- certlists = NULL;
- recipientinfos = NULL;
- signerinfos = NULL;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- {
- SEC_PKCS7EnvelopedData *edp;
-
- edp = cinfo->content.envelopedData;
- if (edp != NULL) {
- recipientinfos = edp->recipientInfos;
- }
- }
- break;
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sdp;
-
- sdp = cinfo->content.signedData;
- if (sdp != NULL) {
- certs = sdp->certs;
- certlists = sdp->certLists;
- signerinfos = sdp->signerInfos;
- }
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- if (saedp != NULL) {
- certs = saedp->certs;
- certlists = saedp->certLists;
- recipientinfos = saedp->recipientInfos;
- signerinfos = saedp->signerInfos;
- if (saedp->sigKey != NULL)
- PK11_FreeSymKey (saedp->sigKey);
- }
- }
- break;
- default:
- /* XXX Anything else that needs to be "manually" freed/destroyed? */
- break;
- }
-
- if (certs != NULL) {
- CERTCertificate *cert;
-
- while ((cert = *certs++) != NULL) {
- CERT_DestroyCertificate (cert);
- }
- }
-
- if (certlists != NULL) {
- CERTCertificateList *certlist;
-
- while ((certlist = *certlists++) != NULL) {
- CERT_DestroyCertificateList (certlist);
- }
- }
-
- if (recipientinfos != NULL) {
- SEC_PKCS7RecipientInfo *ri;
-
- while ((ri = *recipientinfos++) != NULL) {
- if (ri->cert != NULL)
- CERT_DestroyCertificate (ri->cert);
- }
- }
-
- if (signerinfos != NULL) {
- SEC_PKCS7SignerInfo *si;
-
- while ((si = *signerinfos++) != NULL) {
- if (si->cert != NULL)
- CERT_DestroyCertificate (si->cert);
- if (si->certList != NULL)
- CERT_DestroyCertificateList (si->certList);
- }
- }
-
- if (cinfo->poolp != NULL) {
- PORT_FreeArena (cinfo->poolp, PR_FALSE); /* XXX clear it? */
- }
-}
-
-
-/*
- * Return a copy of the given contentInfo. The copy may be virtual
- * or may be real -- either way, the result needs to be passed to
- * SEC_PKCS7DestroyContentInfo later (as does the original).
- */
-SEC_PKCS7ContentInfo *
-SEC_PKCS7CopyContentInfo(SEC_PKCS7ContentInfo *cinfo)
-{
- if (cinfo == NULL)
- return NULL;
-
- PORT_Assert (cinfo->refCount > 0);
-
- if (cinfo->created) {
- /*
- * Want to do a real copy of these; otherwise subsequent
- * changes made to either copy are likely to be a surprise.
- * XXX I suspect that this will not actually be called for yet,
- * which is why the assert, so to notice if it is...
- */
- PORT_Assert (0);
- /*
- * XXX Create a new pool here, and copy everything from
- * within. For cert stuff, need to call the appropriate
- * copy functions, etc.
- */
- }
-
- cinfo->refCount++;
- return cinfo;
-}
-
-
-/*
- * Return a pointer to the actual content. In the case of those types
- * which are encrypted, this returns the *plain* content.
- * XXX Needs revisiting if/when we handle nested encrypted types.
- */
-SECItem *
-SEC_PKCS7GetContent(SEC_PKCS7ContentInfo *cinfo)
-{
- SECOidTag kind;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- case SEC_OID_PKCS7_DATA:
- return cinfo->content.data;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- {
- SEC_PKCS7DigestedData *digd;
-
- digd = cinfo->content.digestedData;
- if (digd == NULL)
- break;
- return SEC_PKCS7GetContent (&(digd->contentInfo));
- }
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- {
- SEC_PKCS7EncryptedData *encd;
-
- encd = cinfo->content.encryptedData;
- if (encd == NULL)
- break;
- return &(encd->encContentInfo.plainContent);
- }
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- {
- SEC_PKCS7EnvelopedData *envd;
-
- envd = cinfo->content.envelopedData;
- if (envd == NULL)
- break;
- return &(envd->encContentInfo.plainContent);
- }
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sigd;
-
- sigd = cinfo->content.signedData;
- if (sigd == NULL)
- break;
- return SEC_PKCS7GetContent (&(sigd->contentInfo));
- }
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saed;
-
- saed = cinfo->content.signedAndEnvelopedData;
- if (saed == NULL)
- break;
- return &(saed->encContentInfo.plainContent);
- }
- default:
- PORT_Assert(0);
- break;
- }
-
- return NULL;
-}
-
-
-/*
- * XXX Fix the placement and formatting of the
- * following routines (i.e. make them consistent with the rest of
- * the pkcs7 code -- I think some/many belong in other files and
- * they all need a formatting/style rehaul)
- */
-
-/* retrieve the algorithm identifier for encrypted data.
- * the identifier returned is a copy of the algorithm identifier
- * in the content info and needs to be freed after being used.
- *
- * cinfo is the content info for which to retrieve the
- * encryption algorithm.
- *
- * if the content info is not encrypted data or an error
- * occurs NULL is returned.
- */
-SECAlgorithmID *
-SEC_PKCS7GetEncryptionAlgorithm(SEC_PKCS7ContentInfo *cinfo)
-{
- SECAlgorithmID *alg = 0;
- switch (SEC_PKCS7ContentType(cinfo))
- {
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- alg = &cinfo->content.encryptedData->encContentInfo.contentEncAlg;
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- alg = &cinfo->content.envelopedData->encContentInfo.contentEncAlg;
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- alg = &cinfo->content.signedAndEnvelopedData
- ->encContentInfo.contentEncAlg;
- break;
- default:
- alg = 0;
- break;
- }
-
- return alg;
-}
-
-/* set the content of the content info. For data content infos,
- * the data is set. For encrytped content infos, the plainContent
- * is set, and is expected to be encrypted later.
- *
- * cinfo is the content info where the data will be set
- *
- * buf is a buffer of the data to set
- *
- * len is the length of the data being set.
- *
- * in the event of an error, SECFailure is returned. SECSuccess
- * indicates the content was successfully set.
- */
-SECStatus
-SEC_PKCS7SetContent(SEC_PKCS7ContentInfo *cinfo,
- const char *buf,
- unsigned long len)
-{
- SECOidTag cinfo_type;
- SECStatus rv;
- SECItem content;
- SECOidData *contentTypeTag = NULL;
-
- content.data = (unsigned char *)buf;
- content.len = len;
-
- cinfo_type = SEC_PKCS7ContentType(cinfo);
-
- /* set inner content */
- switch(cinfo_type)
- {
- case SEC_OID_PKCS7_SIGNED_DATA:
- if(content.len > 0) {
- /* we "leak" the old content here, but as it's all in the pool */
- /* it does not really matter */
-
- /* create content item if necessary */
- if (cinfo->content.signedData->contentInfo.content.data == NULL)
- cinfo->content.signedData->contentInfo.content.data = SECITEM_AllocItem(cinfo->poolp, NULL, 0);
- rv = SECITEM_CopyItem(cinfo->poolp,
- cinfo->content.signedData->contentInfo.content.data,
- &content);
- } else {
- cinfo->content.signedData->contentInfo.content.data->data = NULL;
- cinfo->content.signedData->contentInfo.content.data->len = 0;
- rv = SECSuccess;
- }
- if(rv == SECFailure)
- goto loser;
-
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- /* XXX this forces the inner content type to be "data" */
- /* do we really want to override without asking or reason? */
- contentTypeTag = SECOID_FindOIDByTag(SEC_OID_PKCS7_DATA);
- if(contentTypeTag == NULL)
- goto loser;
- rv = SECITEM_CopyItem(cinfo->poolp,
- &(cinfo->content.encryptedData->encContentInfo.contentType),
- &(contentTypeTag->oid));
- if(rv == SECFailure)
- goto loser;
- if(content.len > 0) {
- rv = SECITEM_CopyItem(cinfo->poolp,
- &(cinfo->content.encryptedData->encContentInfo.plainContent),
- &content);
- } else {
- cinfo->content.encryptedData->encContentInfo.plainContent.data = NULL;
- cinfo->content.encryptedData->encContentInfo.encContent.data = NULL;
- cinfo->content.encryptedData->encContentInfo.plainContent.len = 0;
- cinfo->content.encryptedData->encContentInfo.encContent.len = 0;
- rv = SECSuccess;
- }
- if(rv == SECFailure)
- goto loser;
- break;
- case SEC_OID_PKCS7_DATA:
- cinfo->content.data = (SECItem *)PORT_ArenaZAlloc(cinfo->poolp,
- sizeof(SECItem));
- if(cinfo->content.data == NULL)
- goto loser;
- if(content.len > 0) {
- rv = SECITEM_CopyItem(cinfo->poolp,
- cinfo->content.data, &content);
- } else {
- /* handle case with NULL content */
- rv = SECSuccess;
- }
- if(rv == SECFailure)
- goto loser;
- break;
- default:
- goto loser;
- }
-
- return SECSuccess;
-
-loser:
-
- return SECFailure;
-}
-
-/* the content of an encrypted data content info is encrypted.
- * it is assumed that for encrypted data, that the data has already
- * been set and is in the "plainContent" field of the content info.
- *
- * cinfo is the content info to encrypt
- *
- * key is the key with which to perform the encryption. if the
- * algorithm is a password based encryption algorithm, the
- * key is actually a password which will be processed per
- * PKCS #5.
- *
- * in the event of an error, SECFailure is returned. SECSuccess
- * indicates a success.
- */
-SECStatus
-SEC_PKCS7EncryptContents(PRArenaPool *poolp,
- SEC_PKCS7ContentInfo *cinfo,
- SECItem *key,
- void *wincx)
-{
- SECAlgorithmID *algid = NULL;
- SECItem * result = NULL;
- SECItem * src;
- SECItem * dest;
- SECItem * blocked_data = NULL;
- void * mark;
- void * cx;
- PK11SymKey * eKey = NULL;
- PK11SlotInfo * slot = NULL;
-
- CK_MECHANISM pbeMech;
- CK_MECHANISM cryptoMech;
- int bs;
- SECOidTag algtag;
- SECStatus rv = SECFailure;
- SECItem c_param;
-
- if((cinfo == NULL) || (key == NULL))
- return SECFailure;
-
- if(SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA)
- return SECFailure;
-
- algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo);
- if(algid == NULL)
- return SECFailure;
-
- if(poolp == NULL)
- poolp = cinfo->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- src = &cinfo->content.encryptedData->encContentInfo.plainContent;
- dest = &cinfo->content.encryptedData->encContentInfo.encContent;
- algtag = SECOID_GetAlgorithmTag(algid);
- c_param.data = NULL;
- dest->data = (unsigned char*)PORT_ArenaZAlloc(poolp, (src->len + 64));
- dest->len = (src->len + 64);
- if(dest->data == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- slot = PK11_GetInternalKeySlot();
- if(slot == NULL) {
- rv = SECFailure;
- goto loser;
- }
- eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx);
- if(eKey == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
- result = PK11_ParamFromAlgid(algid);
- pbeMech.pParameter = result->data;
- pbeMech.ulParameterLen = result->len;
- if(PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, key,
- PR_FALSE) != CKR_OK) {
- rv = SECFailure;
- goto loser;
- }
- c_param.data = (unsigned char *)cryptoMech.pParameter;
- c_param.len = cryptoMech.ulParameterLen;
-
- /* block according to PKCS 8 */
- bs = PK11_GetBlockSize(cryptoMech.mechanism, &c_param);
- rv = SECSuccess;
- if(bs) {
- char pad_char;
- pad_char = (char)(bs - (src->len % bs));
- if(src->len % bs) {
- rv = SECSuccess;
- blocked_data = PK11_BlockData(src, bs);
- if(blocked_data) {
- PORT_Memset((blocked_data->data + blocked_data->len - (int)pad_char),
- pad_char, (int)pad_char);
- } else {
- rv = SECFailure;
- goto loser;
- }
- } else {
- blocked_data = SECITEM_DupItem(src);
- if(blocked_data) {
- blocked_data->data = (unsigned char*)PORT_Realloc(
- blocked_data->data,
- blocked_data->len + bs);
- if(blocked_data->data) {
- blocked_data->len += bs;
- PORT_Memset((blocked_data->data + src->len), (char)bs, bs);
- } else {
- rv = SECFailure;
- goto loser;
- }
- } else {
- rv = SECFailure;
- goto loser;
- }
- }
- } else {
- blocked_data = SECITEM_DupItem(src);
- if(!blocked_data) {
- rv = SECFailure;
- goto loser;
- }
- }
-
- cx = PK11_CreateContextBySymKey(cryptoMech.mechanism, CKA_ENCRYPT,
- eKey, &c_param);
- if(cx == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- rv = PK11_CipherOp((PK11Context*)cx, dest->data, (int *)(&dest->len),
- (int)(src->len + 64), blocked_data->data,
- (int)blocked_data->len);
- PK11_DestroyContext((PK11Context*)cx, PR_TRUE);
-
-loser:
- /* let success fall through */
- if(blocked_data != NULL)
- SECITEM_ZfreeItem(blocked_data, PR_TRUE);
-
- if(result != NULL)
- SECITEM_ZfreeItem(result, PR_TRUE);
-
- if(rv == SECFailure)
- PORT_ArenaRelease(poolp, mark);
- else
- PORT_ArenaUnmark(poolp, mark);
-
- if(eKey != NULL)
- PK11_FreeSymKey(eKey);
-
- if(slot != NULL)
- PK11_FreeSlot(slot);
-
- if(c_param.data != NULL)
- SECITEM_ZfreeItem(&c_param, PR_FALSE);
-
- return rv;
-}
-
-/* the content of an encrypted data content info is decrypted.
- * it is assumed that for encrypted data, that the data has already
- * been set and is in the "encContent" field of the content info.
- *
- * cinfo is the content info to decrypt
- *
- * key is the key with which to perform the decryption. if the
- * algorithm is a password based encryption algorithm, the
- * key is actually a password which will be processed per
- * PKCS #5.
- *
- * in the event of an error, SECFailure is returned. SECSuccess
- * indicates a success.
- */
-SECStatus
-SEC_PKCS7DecryptContents(PRArenaPool *poolp,
- SEC_PKCS7ContentInfo *cinfo,
- SECItem *key,
- void *wincx)
-{
- SECAlgorithmID *algid = NULL;
- SECOidTag algtag;
- SECStatus rv = SECFailure;
- SECItem *result = NULL, *dest, *src;
- void *mark;
-
- PK11SymKey *eKey = NULL;
- PK11SlotInfo *slot = NULL;
- CK_MECHANISM pbeMech, cryptoMech;
- void *cx;
- SECItem c_param;
- int bs;
-
- if((cinfo == NULL) || (key == NULL))
- return SECFailure;
-
- if(SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA)
- return SECFailure;
-
- algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo);
- if(algid == NULL)
- return SECFailure;
-
- if(poolp == NULL)
- poolp = cinfo->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- src = &cinfo->content.encryptedData->encContentInfo.encContent;
- dest = &cinfo->content.encryptedData->encContentInfo.plainContent;
- algtag = SECOID_GetAlgorithmTag(algid);
- c_param.data = NULL;
- dest->data = (unsigned char*)PORT_ArenaZAlloc(poolp, (src->len + 64));
- dest->len = (src->len + 64);
- if(dest->data == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- slot = PK11_GetInternalKeySlot();
- if(slot == NULL) {
- rv = SECFailure;
- goto loser;
- }
- eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx);
- if(eKey == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
- result = PK11_ParamFromAlgid(algid);
- pbeMech.pParameter = result->data;
- pbeMech.ulParameterLen = result->len;
- if(PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, key,
- PR_FALSE) != CKR_OK) {
- rv = SECFailure;
- goto loser;
- }
- c_param.data = (unsigned char *)cryptoMech.pParameter;
- c_param.len = cryptoMech.ulParameterLen;
-
- cx = PK11_CreateContextBySymKey(cryptoMech.mechanism, CKA_DECRYPT,
- eKey, &c_param);
- if(cx == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- rv = PK11_CipherOp((PK11Context*)cx, dest->data, (int *)(&dest->len),
- (int)(src->len + 64), src->data, (int)src->len);
- PK11_DestroyContext((PK11Context *)cx, PR_TRUE);
-
- bs = PK11_GetBlockSize(cryptoMech.mechanism, &c_param);
- if(bs) {
- /* check for proper badding in block algorithms. this assumes
- * RC2 cbc or a DES cbc variant. and the padding is thus defined
- */
- if(((int)dest->data[dest->len-1] <= bs) &&
- ((int)dest->data[dest->len-1] > 0)) {
- dest->len -= (int)dest->data[dest->len-1];
- } else {
- rv = SECFailure;
- /* set an error ? */
- }
- }
-
-loser:
- /* let success fall through */
- if(result != NULL)
- SECITEM_ZfreeItem(result, PR_TRUE);
-
- if(rv == SECFailure)
- PORT_ArenaRelease(poolp, mark);
- else
- PORT_ArenaUnmark(poolp, mark);
-
- if(eKey != NULL)
- PK11_FreeSymKey(eKey);
-
- if(slot != NULL)
- PK11_FreeSlot(slot);
-
- if(c_param.data != NULL)
- SECITEM_ZfreeItem(&c_param, PR_FALSE);
-
- return rv;
-}
-
-SECItem **
-SEC_PKCS7GetCertificateList(SEC_PKCS7ContentInfo *cinfo)
-{
- switch(SEC_PKCS7ContentType(cinfo))
- {
- case SEC_OID_PKCS7_SIGNED_DATA:
- return cinfo->content.signedData->rawCerts;
- break;
- default:
- return NULL;
- break;
- }
-}
-
-
-int
-SEC_PKCS7GetKeyLength(SEC_PKCS7ContentInfo *cinfo)
-{
- if (cinfo->contentTypeTag->offset == SEC_OID_PKCS7_ENVELOPED_DATA)
- return cinfo->content.envelopedData->encContentInfo.keysize;
- else
- return 0;
-}
-
diff --git a/security/nss/lib/pkcs7/p7create.c b/security/nss/lib/pkcs7/p7create.c
deleted file mode 100644
index 665d8495c..000000000
--- a/security/nss/lib/pkcs7/p7create.c
+++ /dev/null
@@ -1,1320 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * PKCS7 creation.
- *
- * $Id$
- */
-
-#include "p7local.h"
-
-#include "cert.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "secpkcs5.h"
-#include "pk11func.h"
-#include "prtime.h"
-#include "secerr.h"
-
-static SECStatus
-sec_pkcs7_init_content_info (SEC_PKCS7ContentInfo *cinfo, PRArenaPool *poolp,
- SECOidTag kind, PRBool detached)
-{
- void *thing;
- int version;
- SECItem *versionp;
- SECStatus rv;
-
- PORT_Assert (cinfo != NULL && poolp != NULL);
- if (cinfo == NULL || poolp == NULL)
- return SECFailure;
-
- cinfo->contentTypeTag = SECOID_FindOIDByTag (kind);
- PORT_Assert (cinfo->contentTypeTag
- && cinfo->contentTypeTag->offset == kind);
-
- rv = SECITEM_CopyItem (poolp, &(cinfo->contentType),
- &(cinfo->contentTypeTag->oid));
- if (rv != SECSuccess)
- return rv;
-
- if (detached)
- return SECSuccess;
-
- switch (kind) {
- default:
- case SEC_OID_PKCS7_DATA:
- thing = PORT_ArenaZAlloc (poolp, sizeof(SECItem));
- cinfo->content.data = (SECItem*)thing;
- versionp = NULL;
- version = -1;
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7DigestedData));
- cinfo->content.digestedData = (SEC_PKCS7DigestedData*)thing;
- versionp = &(cinfo->content.digestedData->version);
- version = SEC_PKCS7_DIGESTED_DATA_VERSION;
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7EncryptedData));
- cinfo->content.encryptedData = (SEC_PKCS7EncryptedData*)thing;
- versionp = &(cinfo->content.encryptedData->version);
- version = SEC_PKCS7_ENCRYPTED_DATA_VERSION;
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7EnvelopedData));
- cinfo->content.envelopedData =
- (SEC_PKCS7EnvelopedData*)thing;
- versionp = &(cinfo->content.envelopedData->version);
- version = SEC_PKCS7_ENVELOPED_DATA_VERSION;
- break;
- case SEC_OID_PKCS7_SIGNED_DATA:
- thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7SignedData));
- cinfo->content.signedData =
- (SEC_PKCS7SignedData*)thing;
- versionp = &(cinfo->content.signedData->version);
- version = SEC_PKCS7_SIGNED_DATA_VERSION;
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- thing = PORT_ArenaZAlloc(poolp,sizeof(SEC_PKCS7SignedAndEnvelopedData));
- cinfo->content.signedAndEnvelopedData =
- (SEC_PKCS7SignedAndEnvelopedData*)thing;
- versionp = &(cinfo->content.signedAndEnvelopedData->version);
- version = SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION;
- break;
- }
-
- if (thing == NULL)
- return SECFailure;
-
- if (versionp != NULL) {
- SECItem *dummy;
-
- PORT_Assert (version >= 0);
- dummy = SEC_ASN1EncodeInteger (poolp, versionp, version);
- if (dummy == NULL)
- return SECFailure;
- PORT_Assert (dummy == versionp);
- }
-
- return SECSuccess;
-}
-
-
-static SEC_PKCS7ContentInfo *
-sec_pkcs7_create_content_info (SECOidTag kind, PRBool detached,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg)
-{
- SEC_PKCS7ContentInfo *cinfo;
- PRArenaPool *poolp;
- SECStatus rv;
-
- poolp = PORT_NewArena (1024); /* XXX what is right value? */
- if (poolp == NULL)
- return NULL;
-
- cinfo = (SEC_PKCS7ContentInfo*)PORT_ArenaZAlloc (poolp, sizeof(*cinfo));
- if (cinfo == NULL) {
- PORT_FreeArena (poolp, PR_FALSE);
- return NULL;
- }
-
- cinfo->poolp = poolp;
- cinfo->pwfn = pwfn;
- cinfo->pwfn_arg = pwfn_arg;
- cinfo->created = PR_TRUE;
- cinfo->refCount = 1;
-
- rv = sec_pkcs7_init_content_info (cinfo, poolp, kind, detached);
- if (rv != SECSuccess) {
- PORT_FreeArena (poolp, PR_FALSE);
- return NULL;
- }
-
- return cinfo;
-}
-
-
-/*
- * Add a signer to a PKCS7 thing, verifying the signature cert first.
- * Any error returns SECFailure.
- *
- * XXX Right now this only adds the *first* signer. It fails if you try
- * to add a second one -- this needs to be fixed.
- */
-static SECStatus
-sec_pkcs7_add_signer (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate * cert,
- SECCertUsage certusage,
- CERTCertDBHandle * certdb,
- SECOidTag digestalgtag,
- SECItem * digestdata)
-{
- SEC_PKCS7SignerInfo *signerinfo, **signerinfos, ***signerinfosp;
- SECAlgorithmID *digestalg, **digestalgs, ***digestalgsp;
- SECItem *digest, **digests, ***digestsp;
- SECItem * dummy;
- void * mark;
- SECStatus rv;
- SECOidTag kind;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sdp;
-
- sdp = cinfo->content.signedData;
- digestalgsp = &(sdp->digestAlgorithms);
- digestsp = &(sdp->digests);
- signerinfosp = &(sdp->signerInfos);
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- digestalgsp = &(saedp->digestAlgorithms);
- digestsp = &(saedp->digests);
- signerinfosp = &(saedp->signerInfos);
- }
- break;
- default:
- return SECFailure; /* XXX set an error? */
- }
-
- /*
- * XXX I think that CERT_VerifyCert should do this if *it* is passed
- * a NULL database.
- */
- if (certdb == NULL) {
- certdb = CERT_GetDefaultCertDB();
- if (certdb == NULL)
- return SECFailure; /* XXX set an error? */
- }
-
- if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage, PR_Now(),
- cinfo->pwfn_arg, NULL) != SECSuccess)
- {
- /* XXX Did CERT_VerifyCert set an error? */
- return SECFailure;
- }
-
- /*
- * XXX This is the check that we do not already have a signer.
- * This is not what we really want -- we want to allow this
- * and *add* the new signer.
- */
- PORT_Assert (*signerinfosp == NULL
- && *digestalgsp == NULL && *digestsp == NULL);
- if (*signerinfosp != NULL || *digestalgsp != NULL || *digestsp != NULL)
- return SECFailure;
-
- mark = PORT_ArenaMark (cinfo->poolp);
-
- signerinfo = (SEC_PKCS7SignerInfo*)PORT_ArenaZAlloc (cinfo->poolp,
- sizeof(SEC_PKCS7SignerInfo));
- if (signerinfo == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
-
- dummy = SEC_ASN1EncodeInteger (cinfo->poolp, &signerinfo->version,
- SEC_PKCS7_SIGNER_INFO_VERSION);
- if (dummy == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
- PORT_Assert (dummy == &signerinfo->version);
-
- signerinfo->cert = CERT_DupCertificate (cert);
- if (signerinfo->cert == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
-
- signerinfo->issuerAndSN = CERT_GetCertIssuerAndSN (cinfo->poolp, cert);
- if (signerinfo->issuerAndSN == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
-
- rv = SECOID_SetAlgorithmID (cinfo->poolp, &signerinfo->digestAlg,
- digestalgtag, NULL);
- if (rv != SECSuccess) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
-
- /*
- * Okay, now signerinfo is all set. We just need to put it and its
- * companions (another copy of the digest algorithm, and the digest
- * itself if given) into the main structure.
- *
- * XXX If we are handling more than one signer, the following code
- * needs to look through the digest algorithms already specified
- * and see if the same one is there already. If it is, it does not
- * need to be added again. Also, if it is there *and* the digest
- * is not null, then the digest given should match the digest already
- * specified -- if not, that is an error. Finally, the new signerinfo
- * should be *added* to the set already found.
- */
-
- signerinfos = (SEC_PKCS7SignerInfo**)PORT_ArenaAlloc (cinfo->poolp,
- 2 * sizeof(SEC_PKCS7SignerInfo *));
- if (signerinfos == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
- signerinfos[0] = signerinfo;
- signerinfos[1] = NULL;
-
- digestalg = PORT_ArenaZAlloc (cinfo->poolp, sizeof(SECAlgorithmID));
- digestalgs = PORT_ArenaAlloc (cinfo->poolp, 2 * sizeof(SECAlgorithmID *));
- if (digestalg == NULL || digestalgs == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
- rv = SECOID_SetAlgorithmID (cinfo->poolp, digestalg, digestalgtag, NULL);
- if (rv != SECSuccess) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
- digestalgs[0] = digestalg;
- digestalgs[1] = NULL;
-
- if (digestdata != NULL) {
- digest = (SECItem*)PORT_ArenaAlloc (cinfo->poolp, sizeof(SECItem));
- digests = (SECItem**)PORT_ArenaAlloc (cinfo->poolp,
- 2 * sizeof(SECItem *));
- if (digest == NULL || digests == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
- rv = SECITEM_CopyItem (cinfo->poolp, digest, digestdata);
- if (rv != SECSuccess) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
- digests[0] = digest;
- digests[1] = NULL;
- } else {
- digests = NULL;
- }
-
- *signerinfosp = signerinfos;
- *digestalgsp = digestalgs;
- *digestsp = digests;
-
- PORT_ArenaUnmark(cinfo->poolp, mark);
- return SECSuccess;
-}
-
-
-/*
- * Helper function for creating an empty signedData.
- */
-static SEC_PKCS7ContentInfo *
-sec_pkcs7_create_signed_data (SECKEYGetPasswordKey pwfn, void *pwfn_arg)
-{
- SEC_PKCS7ContentInfo *cinfo;
- SEC_PKCS7SignedData *sigd;
- SECStatus rv;
-
- cinfo = sec_pkcs7_create_content_info (SEC_OID_PKCS7_SIGNED_DATA, PR_FALSE,
- pwfn, pwfn_arg);
- if (cinfo == NULL)
- return NULL;
-
- sigd = cinfo->content.signedData;
- PORT_Assert (sigd != NULL);
-
- /*
- * XXX Might we want to allow content types other than data?
- * If so, via what interface?
- */
- rv = sec_pkcs7_init_content_info (&(sigd->contentInfo), cinfo->poolp,
- SEC_OID_PKCS7_DATA, PR_TRUE);
- if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
- }
-
- return cinfo;
-}
-
-
-/*
- * Start a PKCS7 signing context.
- *
- * "cert" is the cert that will be used to sign the data. It will be
- * checked for validity.
- *
- * "certusage" describes the signing usage (e.g. certUsageEmailSigner)
- * XXX Maybe SECCertUsage should be split so that our caller just says
- * "email" and *we* add the "signing" part -- otherwise our caller
- * could be lying about the usage; we do not want to allow encryption
- * certs for signing or vice versa.
- *
- * "certdb" is the cert database to use for verifying the cert.
- * It can be NULL if a default database is available (like in the client).
- *
- * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
- *
- * "digest" is the actual digest of the data. It must be provided in
- * the case of detached data or NULL if the content will be included.
- *
- * The return value can be passed to functions which add things to
- * it like attributes, then eventually to SEC_PKCS7Encode() or to
- * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
- * SEC_PKCS7DestroyContentInfo().
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateSignedData (CERTCertificate *cert,
- SECCertUsage certusage,
- CERTCertDBHandle *certdb,
- SECOidTag digestalg,
- SECItem *digest,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg)
-{
- SEC_PKCS7ContentInfo *cinfo;
- SECStatus rv;
-
- cinfo = sec_pkcs7_create_signed_data (pwfn, pwfn_arg);
- if (cinfo == NULL)
- return NULL;
-
- rv = sec_pkcs7_add_signer (cinfo, cert, certusage, certdb,
- digestalg, digest);
- if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
- }
-
- return cinfo;
-}
-
-
-static SEC_PKCS7Attribute *
-sec_pkcs7_create_attribute (PRArenaPool *poolp, SECOidTag oidtag,
- SECItem *value, PRBool encoded)
-{
- SEC_PKCS7Attribute *attr;
- SECItem **values;
- void *mark;
-
- PORT_Assert (poolp != NULL);
- mark = PORT_ArenaMark (poolp);
-
- attr = (SEC_PKCS7Attribute*)PORT_ArenaAlloc (poolp,
- sizeof(SEC_PKCS7Attribute));
- if (attr == NULL)
- goto loser;
-
- attr->typeTag = SECOID_FindOIDByTag (oidtag);
- if (attr->typeTag == NULL)
- goto loser;
-
- if (SECITEM_CopyItem (poolp, &(attr->type),
- &(attr->typeTag->oid)) != SECSuccess)
- goto loser;
-
- values = (SECItem**)PORT_ArenaAlloc (poolp, 2 * sizeof(SECItem *));
- if (values == NULL)
- goto loser;
-
- if (value != NULL) {
- SECItem *copy;
-
- copy = (SECItem*)PORT_ArenaAlloc (poolp, sizeof(SECItem));
- if (copy == NULL)
- goto loser;
-
- if (SECITEM_CopyItem (poolp, copy, value) != SECSuccess)
- goto loser;
-
- value = copy;
- }
-
- values[0] = value;
- values[1] = NULL;
- attr->values = values;
- attr->encoded = encoded;
-
- PORT_ArenaUnmark (poolp, mark);
- return attr;
-
-loser:
- PORT_Assert (mark != NULL);
- PORT_ArenaRelease (poolp, mark);
- return NULL;
-}
-
-
-static SECStatus
-sec_pkcs7_add_attribute (SEC_PKCS7ContentInfo *cinfo,
- SEC_PKCS7Attribute ***attrsp,
- SEC_PKCS7Attribute *attr)
-{
- SEC_PKCS7Attribute **attrs;
- SECItem *ct_value;
- void *mark;
-
- PORT_Assert (SEC_PKCS7ContentType (cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
- if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
- return SECFailure;
-
- attrs = *attrsp;
- if (attrs != NULL) {
- int count;
-
- /*
- * We already have some attributes, and just need to add this
- * new one.
- */
-
- /*
- * We should already have the *required* attributes, which were
- * created/added at the same time the first attribute was added.
- */
- PORT_Assert (sec_PKCS7FindAttribute (attrs,
- SEC_OID_PKCS9_CONTENT_TYPE,
- PR_FALSE) != NULL);
- PORT_Assert (sec_PKCS7FindAttribute (attrs,
- SEC_OID_PKCS9_MESSAGE_DIGEST,
- PR_FALSE) != NULL);
-
- for (count = 0; attrs[count] != NULL; count++)
- ;
- attrs = (SEC_PKCS7Attribute**)PORT_ArenaGrow (cinfo->poolp, attrs,
- (count + 1) * sizeof(SEC_PKCS7Attribute *),
- (count + 2) * sizeof(SEC_PKCS7Attribute *));
- if (attrs == NULL)
- return SECFailure;
-
- attrs[count] = attr;
- attrs[count+1] = NULL;
- *attrsp = attrs;
-
- return SECSuccess;
- }
-
- /*
- * This is the first time an attribute is going in.
- * We need to create and add the required attributes, and then
- * we will also add in the one our caller gave us.
- */
-
- /*
- * There are 2 required attributes, plus the one our caller wants
- * to add, plus we always end with a NULL one. Thus, four slots.
- */
- attrs = (SEC_PKCS7Attribute**)PORT_ArenaAlloc (cinfo->poolp,
- 4 * sizeof(SEC_PKCS7Attribute *));
- if (attrs == NULL)
- return SECFailure;
-
- mark = PORT_ArenaMark (cinfo->poolp);
-
- /*
- * First required attribute is the content type of the data
- * being signed.
- */
- ct_value = &(cinfo->content.signedData->contentInfo.contentType);
- attrs[0] = sec_pkcs7_create_attribute (cinfo->poolp,
- SEC_OID_PKCS9_CONTENT_TYPE,
- ct_value, PR_FALSE);
- /*
- * Second required attribute is the message digest of the data
- * being signed; we leave the value NULL for now (just create
- * the place for it to go), and the encoder will fill it in later.
- */
- attrs[1] = sec_pkcs7_create_attribute (cinfo->poolp,
- SEC_OID_PKCS9_MESSAGE_DIGEST,
- NULL, PR_FALSE);
- if (attrs[0] == NULL || attrs[1] == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
-
- attrs[2] = attr;
- attrs[3] = NULL;
- *attrsp = attrs;
-
- PORT_ArenaUnmark (cinfo->poolp, mark);
- return SECSuccess;
-}
-
-
-/*
- * Add the signing time to the authenticated (i.e. signed) attributes
- * of "cinfo". This is expected to be included in outgoing signed
- * messages for email (S/MIME) but is likely useful in other situations.
- *
- * This should only be added once; a second call will either do
- * nothing or replace an old signing time with a newer one.
- *
- * XXX This will probably just shove the current time into "cinfo"
- * but it will not actually get signed until the entire item is
- * processed for encoding. Is this (expected to be small) delay okay?
- *
- * "cinfo" should be of type signedData (the only kind of pkcs7 data
- * that is allowed authenticated attributes); SECFailure will be returned
- * if it is not.
- */
-SECStatus
-SEC_PKCS7AddSigningTime (SEC_PKCS7ContentInfo *cinfo)
-{
- SEC_PKCS7SignerInfo **signerinfos;
- SEC_PKCS7Attribute *attr;
- SECItem stime;
- SECStatus rv;
- int si;
-
- PORT_Assert (SEC_PKCS7ContentType (cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
- if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
- return SECFailure;
-
- signerinfos = cinfo->content.signedData->signerInfos;
-
- /* There has to be a signer, or it makes no sense. */
- if (signerinfos == NULL || signerinfos[0] == NULL)
- return SECFailure;
-
- rv = DER_TimeToUTCTime (&stime, PR_Now());
- if (rv != SECSuccess)
- return rv;
-
- attr = sec_pkcs7_create_attribute (cinfo->poolp,
- SEC_OID_PKCS9_SIGNING_TIME,
- &stime, PR_FALSE);
- SECITEM_FreeItem (&stime, PR_FALSE);
-
- if (attr == NULL)
- return SECFailure;
-
- rv = SECSuccess;
- for (si = 0; signerinfos[si] != NULL; si++) {
- SEC_PKCS7Attribute *oattr;
-
- oattr = sec_PKCS7FindAttribute (signerinfos[si]->authAttr,
- SEC_OID_PKCS9_SIGNING_TIME, PR_FALSE);
- PORT_Assert (oattr == NULL);
- if (oattr != NULL)
- continue; /* XXX or would it be better to replace it? */
-
- rv = sec_pkcs7_add_attribute (cinfo, &(signerinfos[si]->authAttr),
- attr);
- if (rv != SECSuccess)
- break; /* could try to continue, but may as well give up now */
- }
-
- return rv;
-}
-
-
-/*
- * Add the specified attribute to the authenticated (i.e. signed) attributes
- * of "cinfo" -- "oidtag" describes the attribute and "value" is the
- * value to be associated with it. NOTE! "value" must already be encoded;
- * no interpretation of "oidtag" is done. Also, it is assumed that this
- * signedData has only one signer -- if we ever need to add attributes
- * when there is more than one signature, we need a way to specify *which*
- * signature should get the attribute.
- *
- * XXX Technically, a signed attribute can have multiple values; if/when
- * we ever need to support an attribute which takes multiple values, we
- * either need to change this interface or create an AddSignedAttributeValue
- * which can be called subsequently, and would then append a value.
- *
- * "cinfo" should be of type signedData (the only kind of pkcs7 data
- * that is allowed authenticated attributes); SECFailure will be returned
- * if it is not.
- */
-SECStatus
-SEC_PKCS7AddSignedAttribute (SEC_PKCS7ContentInfo *cinfo,
- SECOidTag oidtag,
- SECItem *value)
-{
- SEC_PKCS7SignerInfo **signerinfos;
- SEC_PKCS7Attribute *attr;
-
- PORT_Assert (SEC_PKCS7ContentType (cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
- if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
- return SECFailure;
-
- signerinfos = cinfo->content.signedData->signerInfos;
-
- /*
- * No signature or more than one means no deal.
- */
- if (signerinfos == NULL || signerinfos[0] == NULL || signerinfos[1] != NULL)
- return SECFailure;
-
- attr = sec_pkcs7_create_attribute (cinfo->poolp, oidtag, value, PR_TRUE);
- if (attr == NULL)
- return SECFailure;
-
- return sec_pkcs7_add_attribute (cinfo, &(signerinfos[0]->authAttr), attr);
-}
-
-
-/*
- * Mark that the signer certificates and their issuing chain should
- * be included in the encoded data. This is expected to be used
- * in outgoing signed messages for email (S/MIME).
- *
- * "certdb" is the cert database to use for finding the chain.
- * It can be NULL, meaning use the default database.
- *
- * "cinfo" should be of type signedData or signedAndEnvelopedData;
- * SECFailure will be returned if it is not.
- */
-SECStatus
-SEC_PKCS7IncludeCertChain (SEC_PKCS7ContentInfo *cinfo,
- CERTCertDBHandle *certdb)
-{
- SECOidTag kind;
- SEC_PKCS7SignerInfo *signerinfo, **signerinfos;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- signerinfos = cinfo->content.signedData->signerInfos;
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- signerinfos = cinfo->content.signedAndEnvelopedData->signerInfos;
- break;
- default:
- return SECFailure; /* XXX set an error? */
- }
-
- if (signerinfos == NULL) /* no signer, no certs? */
- return SECFailure; /* XXX set an error? */
-
- if (certdb == NULL) {
- certdb = CERT_GetDefaultCertDB();
- if (certdb == NULL) {
- PORT_SetError (SEC_ERROR_BAD_DATABASE);
- return SECFailure;
- }
- }
-
- /* XXX Should it be an error if we find no signerinfo or no certs? */
- while ((signerinfo = *signerinfos++) != NULL) {
- if (signerinfo->cert != NULL)
- /* get the cert chain. don't send the root to avoid contamination
- * of old clients with a new root that they don't trust
- */
- signerinfo->certList = CERT_CertChainFromCert (signerinfo->cert,
- certUsageEmailSigner,
- PR_FALSE);
- }
-
- return SECSuccess;
-}
-
-
-/*
- * Helper function to add a certificate chain for inclusion in the
- * bag of certificates in a signedData.
- */
-static SECStatus
-sec_pkcs7_add_cert_chain (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert,
- CERTCertDBHandle *certdb)
-{
- SECOidTag kind;
- CERTCertificateList *certlist, **certlists, ***certlistsp;
- int count;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sdp;
-
- sdp = cinfo->content.signedData;
- certlistsp = &(sdp->certLists);
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- certlistsp = &(saedp->certLists);
- }
- break;
- default:
- return SECFailure; /* XXX set an error? */
- }
-
- if (certdb == NULL) {
- certdb = CERT_GetDefaultCertDB();
- if (certdb == NULL) {
- PORT_SetError (SEC_ERROR_BAD_DATABASE);
- return SECFailure;
- }
- }
-
- certlist = CERT_CertChainFromCert (cert, certUsageEmailSigner, PR_FALSE);
- if (certlist == NULL)
- return SECFailure;
-
- certlists = *certlistsp;
- if (certlists == NULL) {
- count = 0;
- certlists = (CERTCertificateList**)PORT_ArenaAlloc (cinfo->poolp,
- 2 * sizeof(CERTCertificateList *));
- } else {
- for (count = 0; certlists[count] != NULL; count++)
- ;
- PORT_Assert (count); /* should be at least one already */
- certlists = (CERTCertificateList**)PORT_ArenaGrow (cinfo->poolp,
- certlists,
- (count + 1) * sizeof(CERTCertificateList *),
- (count + 2) * sizeof(CERTCertificateList *));
- }
-
- if (certlists == NULL) {
- CERT_DestroyCertificateList (certlist);
- return SECFailure;
- }
-
- certlists[count] = certlist;
- certlists[count + 1] = NULL;
-
- *certlistsp = certlists;
-
- return SECSuccess;
-}
-
-
-/*
- * Helper function to add a certificate for inclusion in the bag of
- * certificates in a signedData.
- */
-static SECStatus
-sec_pkcs7_add_certificate (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert)
-{
- SECOidTag kind;
- CERTCertificate **certs, ***certsp;
- int count;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sdp;
-
- sdp = cinfo->content.signedData;
- certsp = &(sdp->certs);
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- certsp = &(saedp->certs);
- }
- break;
- default:
- return SECFailure; /* XXX set an error? */
- }
-
- cert = CERT_DupCertificate (cert);
- if (cert == NULL)
- return SECFailure;
-
- certs = *certsp;
- if (certs == NULL) {
- count = 0;
- certs = (CERTCertificate**)PORT_ArenaAlloc (cinfo->poolp,
- 2 * sizeof(CERTCertificate *));
- } else {
- for (count = 0; certs[count] != NULL; count++)
- ;
- PORT_Assert (count); /* should be at least one already */
- certs = (CERTCertificate**)PORT_ArenaGrow (cinfo->poolp, certs,
- (count + 1) * sizeof(CERTCertificate *),
- (count + 2) * sizeof(CERTCertificate *));
- }
-
- if (certs == NULL) {
- CERT_DestroyCertificate (cert);
- return SECFailure;
- }
-
- certs[count] = cert;
- certs[count + 1] = NULL;
-
- *certsp = certs;
-
- return SECSuccess;
-}
-
-
-/*
- * Create a PKCS7 certs-only container.
- *
- * "cert" is the (first) cert that will be included.
- *
- * "include_chain" specifies whether the entire chain for "cert" should
- * be included.
- *
- * "certdb" is the cert database to use for finding the chain.
- * It can be NULL in when "include_chain" is false, or when meaning
- * use the default database.
- *
- * More certs and chains can be added via AddCertificate and AddCertChain.
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateCertsOnly (CERTCertificate *cert,
- PRBool include_chain,
- CERTCertDBHandle *certdb)
-{
- SEC_PKCS7ContentInfo *cinfo;
- SECStatus rv;
-
- cinfo = sec_pkcs7_create_signed_data (NULL, NULL);
- if (cinfo == NULL)
- return NULL;
-
- if (include_chain)
- rv = sec_pkcs7_add_cert_chain (cinfo, cert, certdb);
- else
- rv = sec_pkcs7_add_certificate (cinfo, cert);
-
- if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
- }
-
- return cinfo;
-}
-
-
-/*
- * Add "cert" and its entire chain to the set of certs included in "cinfo".
- *
- * "certdb" is the cert database to use for finding the chain.
- * It can be NULL, meaning use the default database.
- *
- * "cinfo" should be of type signedData or signedAndEnvelopedData;
- * SECFailure will be returned if it is not.
- */
-SECStatus
-SEC_PKCS7AddCertChain (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert,
- CERTCertDBHandle *certdb)
-{
- SECOidTag kind;
-
- kind = SEC_PKCS7ContentType (cinfo);
- if (kind != SEC_OID_PKCS7_SIGNED_DATA
- && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA)
- return SECFailure; /* XXX set an error? */
-
- return sec_pkcs7_add_cert_chain (cinfo, cert, certdb);
-}
-
-
-/*
- * Add "cert" to the set of certs included in "cinfo".
- *
- * "cinfo" should be of type signedData or signedAndEnvelopedData;
- * SECFailure will be returned if it is not.
- */
-SECStatus
-SEC_PKCS7AddCertificate (SEC_PKCS7ContentInfo *cinfo, CERTCertificate *cert)
-{
- SECOidTag kind;
-
- kind = SEC_PKCS7ContentType (cinfo);
- if (kind != SEC_OID_PKCS7_SIGNED_DATA
- && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA)
- return SECFailure; /* XXX set an error? */
-
- return sec_pkcs7_add_certificate (cinfo, cert);
-}
-
-
-static SECStatus
-sec_pkcs7_init_encrypted_content_info (SEC_PKCS7EncryptedContentInfo *enccinfo,
- PRArenaPool *poolp,
- SECOidTag kind, PRBool detached,
- SECOidTag encalg, int keysize)
-{
- SECStatus rv;
-
- PORT_Assert (enccinfo != NULL && poolp != NULL);
- if (enccinfo == NULL || poolp == NULL)
- return SECFailure;
-
- /*
- * XXX Some day we may want to allow for other kinds. That needs
- * more work and modifications to the creation interface, etc.
- * For now, allow but notice callers who pass in other kinds.
- * They are responsible for creating the inner type and encoding,
- * if it is other than DATA.
- */
- PORT_Assert (kind == SEC_OID_PKCS7_DATA);
-
- enccinfo->contentTypeTag = SECOID_FindOIDByTag (kind);
- PORT_Assert (enccinfo->contentTypeTag
- && enccinfo->contentTypeTag->offset == kind);
-
- rv = SECITEM_CopyItem (poolp, &(enccinfo->contentType),
- &(enccinfo->contentTypeTag->oid));
- if (rv != SECSuccess)
- return rv;
-
- /* Save keysize and algorithm for later. */
- enccinfo->keysize = keysize;
- enccinfo->encalg = encalg;
-
- return SECSuccess;
-}
-
-
-/*
- * Add a recipient to a PKCS7 thing, verifying their cert first.
- * Any error returns SECFailure.
- */
-static SECStatus
-sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert,
- SECCertUsage certusage,
- CERTCertDBHandle *certdb)
-{
- SECOidTag kind;
- SEC_PKCS7RecipientInfo *recipientinfo, **recipientinfos, ***recipientinfosp;
- SECItem *dummy;
- void *mark;
- int count;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- {
- SEC_PKCS7EnvelopedData *edp;
-
- edp = cinfo->content.envelopedData;
- recipientinfosp = &(edp->recipientInfos);
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- recipientinfosp = &(saedp->recipientInfos);
- }
- break;
- default:
- return SECFailure; /* XXX set an error? */
- }
-
- /*
- * XXX I think that CERT_VerifyCert should do this if *it* is passed
- * a NULL database.
- */
- if (certdb == NULL) {
- certdb = CERT_GetDefaultCertDB();
- if (certdb == NULL)
- return SECFailure; /* XXX set an error? */
- }
-
- if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage, PR_Now(),
- cinfo->pwfn_arg, NULL) != SECSuccess)
- {
- /* XXX Did CERT_VerifyCert set an error? */
- return SECFailure;
- }
-
- mark = PORT_ArenaMark (cinfo->poolp);
-
- recipientinfo = (SEC_PKCS7RecipientInfo*)PORT_ArenaZAlloc (cinfo->poolp,
- sizeof(SEC_PKCS7RecipientInfo));
- if (recipientinfo == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
-
- dummy = SEC_ASN1EncodeInteger (cinfo->poolp, &recipientinfo->version,
- SEC_PKCS7_RECIPIENT_INFO_VERSION);
- if (dummy == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
- PORT_Assert (dummy == &recipientinfo->version);
-
- recipientinfo->cert = CERT_DupCertificate (cert);
- if (recipientinfo->cert == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
-
- recipientinfo->issuerAndSN = CERT_GetCertIssuerAndSN (cinfo->poolp, cert);
- if (recipientinfo->issuerAndSN == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
-
- /*
- * Okay, now recipientinfo is all set. We just need to put it into
- * the main structure.
- *
- * If this is the first recipient, allocate a new recipientinfos array;
- * otherwise, reallocate the array, making room for the new entry.
- */
- recipientinfos = *recipientinfosp;
- if (recipientinfos == NULL) {
- count = 0;
- recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaAlloc (
- cinfo->poolp,
- 2 * sizeof(SEC_PKCS7RecipientInfo *));
- } else {
- for (count = 0; recipientinfos[count] != NULL; count++)
- ;
- PORT_Assert (count); /* should be at least one already */
- recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaGrow (
- cinfo->poolp, recipientinfos,
- (count + 1) * sizeof(SEC_PKCS7RecipientInfo *),
- (count + 2) * sizeof(SEC_PKCS7RecipientInfo *));
- }
-
- if (recipientinfos == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
-
- recipientinfos[count] = recipientinfo;
- recipientinfos[count + 1] = NULL;
-
- *recipientinfosp = recipientinfos;
-
- PORT_ArenaUnmark (cinfo->poolp, mark);
- return SECSuccess;
-}
-
-
-/*
- * Start a PKCS7 enveloping context.
- *
- * "cert" is the cert for the recipient. It will be checked for validity.
- *
- * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
- * XXX Maybe SECCertUsage should be split so that our caller just says
- * "email" and *we* add the "recipient" part -- otherwise our caller
- * could be lying about the usage; we do not want to allow encryption
- * certs for signing or vice versa.
- *
- * "certdb" is the cert database to use for verifying the cert.
- * It can be NULL if a default database is available (like in the client).
- *
- * "encalg" specifies the bulk encryption algorithm to use (e.g. SEC_OID_RC2).
- *
- * "keysize" specifies the bulk encryption key size, in bits.
- *
- * The return value can be passed to functions which add things to
- * it like more recipients, then eventually to SEC_PKCS7Encode() or to
- * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
- * SEC_PKCS7DestroyContentInfo().
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-extern SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateEnvelopedData (CERTCertificate *cert,
- SECCertUsage certusage,
- CERTCertDBHandle *certdb,
- SECOidTag encalg,
- int keysize,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg)
-{
- SEC_PKCS7ContentInfo *cinfo;
- SEC_PKCS7EnvelopedData *envd;
- SECStatus rv;
-
- cinfo = sec_pkcs7_create_content_info (SEC_OID_PKCS7_ENVELOPED_DATA,
- PR_FALSE, pwfn, pwfn_arg);
- if (cinfo == NULL)
- return NULL;
-
- rv = sec_pkcs7_add_recipient (cinfo, cert, certusage, certdb);
- if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
- }
-
- envd = cinfo->content.envelopedData;
- PORT_Assert (envd != NULL);
-
- /*
- * XXX Might we want to allow content types other than data?
- * If so, via what interface?
- */
- rv = sec_pkcs7_init_encrypted_content_info (&(envd->encContentInfo),
- cinfo->poolp,
- SEC_OID_PKCS7_DATA, PR_FALSE,
- encalg, keysize);
- if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
- }
-
- /* XXX Anything more to do here? */
-
- return cinfo;
-}
-
-
-/*
- * Add another recipient to an encrypted message.
- *
- * "cinfo" should be of type envelopedData or signedAndEnvelopedData;
- * SECFailure will be returned if it is not.
- *
- * "cert" is the cert for the recipient. It will be checked for validity.
- *
- * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
- * XXX Maybe SECCertUsage should be split so that our caller just says
- * "email" and *we* add the "recipient" part -- otherwise our caller
- * could be lying about the usage; we do not want to allow encryption
- * certs for signing or vice versa.
- *
- * "certdb" is the cert database to use for verifying the cert.
- * It can be NULL if a default database is available (like in the client).
- */
-SECStatus
-SEC_PKCS7AddRecipient (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert,
- SECCertUsage certusage,
- CERTCertDBHandle *certdb)
-{
- return sec_pkcs7_add_recipient (cinfo, cert, certusage, certdb);
-}
-
-
-/*
- * Create an empty PKCS7 data content info.
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateData (void)
-{
- return sec_pkcs7_create_content_info (SEC_OID_PKCS7_DATA, PR_FALSE,
- NULL, NULL);
-}
-
-
-/*
- * Create an empty PKCS7 encrypted content info.
- *
- * "algorithm" specifies the bulk encryption algorithm to use.
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateEncryptedData (SECOidTag algorithm, int keysize,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg)
-{
- SEC_PKCS7ContentInfo *cinfo;
- SECAlgorithmID *algid;
- SEC_PKCS7EncryptedData *enc_data;
- SECStatus rv;
-
- cinfo = sec_pkcs7_create_content_info (SEC_OID_PKCS7_ENCRYPTED_DATA,
- PR_FALSE, pwfn, pwfn_arg);
- if (cinfo == NULL)
- return NULL;
-
- enc_data = cinfo->content.encryptedData;
- algid = &(enc_data->encContentInfo.contentEncAlg);
-
- switch (algorithm) {
- case SEC_OID_RC2_CBC:
- case SEC_OID_DES_EDE3_CBC:
- case SEC_OID_DES_CBC:
- rv = SECOID_SetAlgorithmID (cinfo->poolp, algid, algorithm, NULL);
- break;
- default:
- {
- /*
- * Assume password-based-encryption. At least, try that.
- */
- SECAlgorithmID *pbe_algid;
- pbe_algid = PK11_CreatePBEAlgorithmID (algorithm, 1, NULL);
- if (pbe_algid == NULL) {
- rv = SECFailure;
- } else {
- rv = SECOID_CopyAlgorithmID (cinfo->poolp, algid, pbe_algid);
- SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE);
- }
- }
- break;
- }
-
- if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
- }
-
- rv = sec_pkcs7_init_encrypted_content_info (&(enc_data->encContentInfo),
- cinfo->poolp,
- SEC_OID_PKCS7_DATA, PR_FALSE,
- algorithm, keysize);
- if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
- }
-
- return cinfo;
-}
-
diff --git a/security/nss/lib/pkcs7/p7decode.c b/security/nss/lib/pkcs7/p7decode.c
deleted file mode 100644
index 0eee743c2..000000000
--- a/security/nss/lib/pkcs7/p7decode.c
+++ /dev/null
@@ -1,2087 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * PKCS7 decoding, verification.
- *
- * $Id$
- */
-
-#include "p7local.h"
-
-#include "cert.h"
- /* XXX do not want to have to include */
-#include "certdb.h" /* certdb.h -- the trust stuff needed by */
- /* the add certificate code needs to get */
- /* rewritten/abstracted and then this */
- /* include should be removed! */
-#include "cdbhdl.h"
-#include "cryptohi.h"
-#include "key.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "prtime.h"
-#include "secerr.h"
-
-
-struct sec_pkcs7_decoder_worker {
- int depth;
- int digcnt;
- void **digcxs;
- SECHashObject **digobjs;
- sec_PKCS7CipherObject *decryptobj;
- PRBool saw_contents;
-};
-
-struct SEC_PKCS7DecoderContextStr {
- SEC_ASN1DecoderContext *dcx;
- SEC_PKCS7ContentInfo *cinfo;
- SEC_PKCS7DecoderContentCallback cb;
- void *cb_arg;
- SECKEYGetPasswordKey pwfn;
- void *pwfn_arg;
- struct sec_pkcs7_decoder_worker worker;
- PRArenaPool *tmp_poolp;
- int error;
- SEC_PKCS7GetDecryptKeyCallback dkcb;
- void *dkcb_arg;
- SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb;
-};
-
-/*
- * Handle one worker, decrypting and digesting the data as necessary.
- *
- * XXX If/when we support nested contents, this probably needs to be
- * revised somewhat to get passed the content-info (which unfortunately
- * can be two different types depending on whether it is encrypted or not)
- * corresponding to the given worker.
- */
-static void
-sec_pkcs7_decoder_work_data (SEC_PKCS7DecoderContext *p7dcx,
- struct sec_pkcs7_decoder_worker *worker,
- const unsigned char *data, unsigned long len,
- PRBool final)
-{
- unsigned char *buf = NULL;
- SECStatus rv;
- int i;
-
- /*
- * We should really have data to process, or we should be trying
- * to finish/flush the last block. (This is an overly paranoid
- * check since all callers are in this file and simple inspection
- * proves they do it right. But it could find a bug in future
- * modifications/development, that is why it is here.)
- */
- PORT_Assert ((data != NULL && len) || final);
-
- /*
- * Decrypt this chunk.
- *
- * XXX If we get an error, we do not want to do the digest or callback,
- * but we want to keep decoding. Or maybe we want to stop decoding
- * altogether if there is a callback, because obviously we are not
- * sending the data back and they want to know that.
- */
- if (worker->decryptobj != NULL) {
- /* XXX the following lengths should all be longs? */
- unsigned int inlen; /* length of data being decrypted */
- unsigned int outlen; /* length of decrypted data */
- unsigned int buflen; /* length available for decrypted data */
- SECItem *plain;
-
- inlen = len;
- buflen = sec_PKCS7DecryptLength (worker->decryptobj, inlen, final);
- if (buflen == 0) {
- if (inlen == 0) /* no input and no output */
- return;
- /*
- * No output is expected, but the input data may be buffered
- * so we still have to call Decrypt.
- */
- rv = sec_PKCS7Decrypt (worker->decryptobj, NULL, NULL, 0,
- data, inlen, final);
- if (rv != SECSuccess) {
- p7dcx->error = PORT_GetError();
- return; /* XXX indicate error? */
- }
- return;
- }
-
- if (p7dcx->cb != NULL) {
- buf = (unsigned char *) PORT_Alloc (buflen);
- plain = NULL;
- } else {
- unsigned long oldlen;
-
- /*
- * XXX This assumes one level of content only.
- * See comment above about nested content types.
- * XXX Also, it should work for signedAndEnvelopedData, too!
- */
- plain = &(p7dcx->cinfo->
- content.envelopedData->encContentInfo.plainContent);
-
- oldlen = plain->len;
- if (oldlen == 0) {
- buf = (unsigned char*)PORT_ArenaAlloc (p7dcx->cinfo->poolp,
- buflen);
- } else {
- buf = (unsigned char*)PORT_ArenaGrow (p7dcx->cinfo->poolp,
- plain->data,
- oldlen, oldlen + buflen);
- if (buf != NULL)
- buf += oldlen;
- }
- plain->data = buf;
- }
- if (buf == NULL) {
- p7dcx->error = SEC_ERROR_NO_MEMORY;
- return; /* XXX indicate error? */
- }
- rv = sec_PKCS7Decrypt (worker->decryptobj, buf, &outlen, buflen,
- data, inlen, final);
- if (rv != SECSuccess) {
- p7dcx->error = PORT_GetError();
- return; /* XXX indicate error? */
- }
- if (plain != NULL) {
- PORT_Assert (final || outlen == buflen);
- plain->len += outlen;
- }
- data = buf;
- len = outlen;
- }
-
- /*
- * Update the running digests.
- */
- if (len) {
- for (i = 0; i < worker->digcnt; i++) {
- (* worker->digobjs[i]->update) (worker->digcxs[i], data, len);
- }
- }
-
- /*
- * Pass back the contents bytes, and free the temporary buffer.
- */
- if (p7dcx->cb != NULL) {
- if (len)
- (* p7dcx->cb) (p7dcx->cb_arg, (const char *)data, len);
- if (worker->decryptobj != NULL) {
- PORT_Assert (buf != NULL);
- PORT_Free (buf);
- }
- }
-}
-
-static void
-sec_pkcs7_decoder_filter (void *arg, const char *data, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
-{
- SEC_PKCS7DecoderContext *p7dcx;
- struct sec_pkcs7_decoder_worker *worker;
-
- /*
- * Since we do not handle any nested contents, the only bytes we
- * are really interested in are the actual contents bytes (not
- * the identifier, length, or end-of-contents bytes). If we were
- * handling nested types we would probably need to do something
- * smarter based on depth and data_kind.
- */
- if (data_kind != SEC_ASN1_Contents)
- return;
-
- /*
- * The ASN.1 decoder should not even call us with a length of 0.
- * Just being paranoid.
- */
- PORT_Assert (len);
- if (len == 0)
- return;
-
- p7dcx = (SEC_PKCS7DecoderContext*)arg;
-
- /*
- * Handling nested contents would mean that there is a chain
- * of workers -- one per each level of content. The following
- * would start with the first worker and loop over them.
- */
- worker = &(p7dcx->worker);
-
- worker->saw_contents = PR_TRUE;
-
- sec_pkcs7_decoder_work_data (p7dcx, worker,
- (const unsigned char *) data, len, PR_FALSE);
-}
-
-
-/*
- * Create digest contexts for each algorithm in "digestalgs".
- * No algorithms is not an error, we just do not do anything.
- * An error (like trouble allocating memory), marks the error
- * in "p7dcx" and returns SECFailure, which means that our caller
- * should just give up altogether.
- */
-static SECStatus
-sec_pkcs7_decoder_start_digests (SEC_PKCS7DecoderContext *p7dcx, int depth,
- SECAlgorithmID **digestalgs)
-{
- SECAlgorithmID *algid;
- SECOidData *oiddata;
- SECHashObject *digobj;
- void *digcx;
- int i, digcnt;
-
- if (digestalgs == NULL)
- return SECSuccess;
-
- /*
- * Count the algorithms.
- */
- digcnt = 0;
- while (digestalgs[digcnt] != NULL)
- digcnt++;
-
- /*
- * No algorithms means no work to do.
- * This is not expected, so cause an assert.
- * But if it does happen, just act as if there were
- * no algorithms specified.
- */
- PORT_Assert (digcnt != 0);
- if (digcnt == 0)
- return SECSuccess;
-
- p7dcx->worker.digcxs = (void**)PORT_ArenaAlloc (p7dcx->tmp_poolp,
- digcnt * sizeof (void *));
- p7dcx->worker.digobjs = (SECHashObject**)PORT_ArenaAlloc (p7dcx->tmp_poolp,
- digcnt * sizeof (SECHashObject *));
- if (p7dcx->worker.digcxs == NULL || p7dcx->worker.digobjs == NULL) {
- p7dcx->error = SEC_ERROR_NO_MEMORY;
- return SECFailure;
- }
-
- p7dcx->worker.depth = depth;
- p7dcx->worker.digcnt = 0;
-
- /*
- * Create a digest context for each algorithm.
- */
- for (i = 0; i < digcnt; i++) {
- algid = digestalgs[i];
- oiddata = SECOID_FindOID(&(algid->algorithm));
- if (oiddata == NULL) {
- digobj = NULL;
- } else {
- switch (oiddata->offset) {
- case SEC_OID_MD2:
- digobj = &SECHashObjects[HASH_AlgMD2];
- break;
- case SEC_OID_MD5:
- digobj = &SECHashObjects[HASH_AlgMD5];
- break;
- case SEC_OID_SHA1:
- digobj = &SECHashObjects[HASH_AlgSHA1];
- break;
- default:
- digobj = NULL;
- break;
- }
- }
-
- /*
- * Skip any algorithm we do not even recognize; obviously,
- * this could be a problem, but if it is critical then the
- * result will just be that the signature does not verify.
- * We do not necessarily want to error out here, because
- * the particular algorithm may not actually be important,
- * but we cannot know that until later.
- */
- if (digobj == NULL) {
- p7dcx->worker.digcnt--;
- continue;
- }
-
- digcx = (* digobj->create)();
- if (digcx != NULL) {
- (* digobj->begin) (digcx);
- p7dcx->worker.digobjs[p7dcx->worker.digcnt] = digobj;
- p7dcx->worker.digcxs[p7dcx->worker.digcnt] = digcx;
- p7dcx->worker.digcnt++;
- }
- }
-
- if (p7dcx->worker.digcnt != 0)
- SEC_ASN1DecoderSetFilterProc (p7dcx->dcx,
- sec_pkcs7_decoder_filter,
- p7dcx,
- (PRBool)(p7dcx->cb != NULL));
- return SECSuccess;
-}
-
-
-/*
- * Close out all of the digest contexts, storing the results in "digestsp".
- */
-static SECStatus
-sec_pkcs7_decoder_finish_digests (SEC_PKCS7DecoderContext *p7dcx,
- PRArenaPool *poolp,
- SECItem ***digestsp)
-{
- struct sec_pkcs7_decoder_worker *worker;
- SECHashObject *digobj;
- void *digcx;
- SECItem **digests, *digest;
- int i;
- void *mark;
-
- /*
- * XXX Handling nested contents would mean that there is a chain
- * of workers -- one per each level of content. The following
- * would want to find the last worker in the chain.
- */
- worker = &(p7dcx->worker);
-
- /*
- * If no digests, then we have nothing to do.
- */
- if (worker->digcnt == 0)
- return SECSuccess;
-
- /*
- * No matter what happens after this, we want to stop filtering.
- * XXX If we handle nested contents, we only want to stop filtering
- * if we are finishing off the *last* worker.
- */
- SEC_ASN1DecoderClearFilterProc (p7dcx->dcx);
-
- /*
- * If we ended up with no contents, just destroy each
- * digest context -- they are meaningless and potentially
- * confusing, because their presence would imply some content
- * was digested.
- */
- if (! worker->saw_contents) {
- for (i = 0; i < worker->digcnt; i++) {
- digcx = worker->digcxs[i];
- digobj = worker->digobjs[i];
- (* digobj->destroy) (digcx, PR_TRUE);
- }
- return SECSuccess;
- }
-
- mark = PORT_ArenaMark (poolp);
-
- /*
- * Close out each digest context, saving digest away.
- */
- digests =
- (SECItem**)PORT_ArenaAlloc (poolp,(worker->digcnt+1)*sizeof(SECItem *));
- digest = (SECItem*)PORT_ArenaAlloc (poolp, worker->digcnt*sizeof(SECItem));
- if (digests == NULL || digest == NULL) {
- p7dcx->error = PORT_GetError();
- PORT_ArenaRelease (poolp, mark);
- return SECFailure;
- }
-
- for (i = 0; i < worker->digcnt; i++, digest++) {
- digcx = worker->digcxs[i];
- digobj = worker->digobjs[i];
-
- digest->data = (unsigned char*)PORT_ArenaAlloc (poolp, digobj->length);
- if (digest->data == NULL) {
- p7dcx->error = PORT_GetError();
- PORT_ArenaRelease (poolp, mark);
- return SECFailure;
- }
-
- digest->len = digobj->length;
- (* digobj->end) (digcx, digest->data, &(digest->len), digest->len);
- (* digobj->destroy) (digcx, PR_TRUE);
-
- digests[i] = digest;
- }
- digests[i] = NULL;
- *digestsp = digests;
-
- PORT_ArenaUnmark (poolp, mark);
- return SECSuccess;
-}
-
-/*
- * XXX Need comment explaining following helper function (which is used
- * by sec_pkcs7_decoder_start_decrypt).
- */
-extern const SEC_ASN1Template SEC_SMIMEKEAParamTemplateAllParams[];
-
-static PK11SymKey *
-sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx,
- SEC_PKCS7RecipientInfo **recipientinfos,
- SEC_PKCS7EncryptedContentInfo *enccinfo)
-{
- SEC_PKCS7RecipientInfo *ri;
- CERTCertificate *cert = NULL;
- SECKEYPrivateKey *privkey = NULL;
- PK11SymKey *bulkkey;
- SECOidTag keyalgtag, bulkalgtag, encalgtag;
- PK11SlotInfo *slot;
- int i, bulkLength = 0;
-
- if (recipientinfos == NULL || recipientinfos[0] == NULL) {
- p7dcx->error = SEC_ERROR_NOT_A_RECIPIENT;
- goto no_key_found;
- }
-
- cert = PK11_FindCertAndKeyByRecipientList(&slot,recipientinfos,&ri,
- &privkey, p7dcx->pwfn_arg);
- if (cert == NULL) {
- p7dcx->error = SEC_ERROR_NOT_A_RECIPIENT;
- goto no_key_found;
- }
-
- ri->cert = cert; /* so we can find it later */
- PORT_Assert(privkey != NULL);
-
- keyalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
- encalgtag = SECOID_GetAlgorithmTag (&(ri->keyEncAlg));
- if ((encalgtag != SEC_OID_NETSCAPE_SMIME_KEA) && (keyalgtag != encalgtag)) {
- p7dcx->error = SEC_ERROR_PKCS7_KEYALG_MISMATCH;
- goto no_key_found;
- }
- bulkalgtag = SECOID_GetAlgorithmTag (&(enccinfo->contentEncAlg));
-
- switch (encalgtag) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- bulkkey = PK11_PubUnwrapSymKey (privkey, &ri->encKey,
- PK11_AlgtagToMechanism (bulkalgtag),
- CKA_DECRYPT, 0);
- if (bulkkey == NULL) {
- p7dcx->error = PORT_GetError();
- PORT_SetError(0);
- goto no_key_found;
- }
- break;
- /* ### mwelch -- KEA */
- case SEC_OID_NETSCAPE_SMIME_KEA:
- {
- SECStatus err;
- CK_MECHANISM_TYPE bulkType;
- PK11SymKey *tek;
- SECKEYPublicKey *senderPubKey;
- SEC_PKCS7SMIMEKEAParameters keaParams;
-
- (void) memset(&keaParams, 0, sizeof(keaParams));
-
- /* Decode the KEA algorithm parameters. */
- err = SEC_ASN1DecodeItem(NULL,
- &keaParams,
- SEC_SMIMEKEAParamTemplateAllParams,
- &(ri->keyEncAlg.parameters));
- if (err != SECSuccess)
- {
- p7dcx->error = err;
- PORT_SetError(0);
- goto no_key_found;
- }
-
-
- /* We just got key data, no key structure. So, we
- create one. */
- senderPubKey =
- PK11_MakeKEAPubKey(keaParams.originatorKEAKey.data,
- keaParams.originatorKEAKey.len);
- if (senderPubKey == NULL)
- {
- p7dcx->error = PORT_GetError();
- PORT_SetError(0);
- goto no_key_found;
- }
-
- /* Generate the TEK (token exchange key) which we use
- to unwrap the bulk encryption key. */
- tek = PK11_PubDerive(privkey, senderPubKey,
- PR_FALSE,
- &keaParams.originatorRA,
- NULL,
- CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP,
- CKA_WRAP, 0, p7dcx->pwfn_arg);
- SECKEY_DestroyPublicKey(senderPubKey);
-
- if (tek == NULL)
- {
- p7dcx->error = PORT_GetError();
- PORT_SetError(0);
- goto no_key_found;
- }
-
- /* Now that we have the TEK, unwrap the bulk key
- with which to decrypt the message. We have to
- do one of two different things depending on
- whether Skipjack was used for bulk encryption
- of the message. */
- bulkType = PK11_AlgtagToMechanism (bulkalgtag);
- switch(bulkType)
- {
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- /* Skipjack is being used as the bulk encryption algorithm.*/
- /* Unwrap the bulk key. */
- bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP,
- NULL, &ri->encKey,
- CKM_SKIPJACK_CBC64,
- CKA_DECRYPT, 0);
- break;
- default:
- /* Skipjack was not used for bulk encryption of this
- message. Use Skipjack CBC64, with the nonSkipjackIV
- part of the KEA key parameters, to decrypt
- the bulk key. If we got a parameter indicating that the
- bulk key size is different than the encrypted key size,
- pass in the real key size. */
-
- /* Check for specified bulk key length (unspecified implies
- that the bulk key length is the same as encrypted length) */
- if (keaParams.bulkKeySize.len > 0)
- {
- p7dcx->error = SEC_ASN1DecodeItem(NULL, &bulkLength,
- SEC_IntegerTemplate,
- &keaParams.bulkKeySize);
- }
-
- if (p7dcx->error != SECSuccess)
- goto no_key_found;
-
- bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_CBC64,
- &keaParams.nonSkipjackIV,
- &ri->encKey,
- bulkType,
- CKA_DECRYPT, bulkLength);
- }
-
-
- if (bulkkey == NULL)
- {
- p7dcx->error = PORT_GetError();
- PORT_SetError(0);
- goto no_key_found;
- }
- break;
- }
- default:
- p7dcx->error = SEC_ERROR_UNSUPPORTED_KEYALG;
- goto no_key_found;
- }
-
- return bulkkey;
-
-no_key_found:
- if (privkey != NULL)
- SECKEY_DestroyPrivateKey (privkey);
-
- return NULL;
-}
-
-/*
- * XXX The following comment is old -- the function used to only handle
- * EnvelopedData or SignedAndEnvelopedData but now handles EncryptedData
- * as well (and it had all of the code of the helper function above
- * built into it), though the comment was left as is. Fix it...
- *
- * We are just about to decode the content of an EnvelopedData.
- * Set up a decryption context so we can decrypt as we go.
- * Presumably we are one of the recipients listed in "recipientinfos".
- * (XXX And if we are not, or if we have trouble, what should we do?
- * It would be nice to let the decoding still work. Maybe it should
- * be an error if there is a content callback, but not an error otherwise?)
- * The encryption key and related information can be found in "enccinfo".
- */
-static SECStatus
-sec_pkcs7_decoder_start_decrypt (SEC_PKCS7DecoderContext *p7dcx, int depth,
- SEC_PKCS7RecipientInfo **recipientinfos,
- SEC_PKCS7EncryptedContentInfo *enccinfo,
- PK11SymKey **copy_key_for_signature)
-{
- PK11SymKey *bulkkey = NULL;
- sec_PKCS7CipherObject *decryptobj;
-
- /*
- * If a callback is supplied to retrieve the encryption key,
- * for instance, for Encrypted Content infos, then retrieve
- * the bulkkey from the callback. Otherwise, assume that
- * we are processing Enveloped or SignedAndEnveloped data
- * content infos.
- *
- * XXX Put an assert here?
- */
- if (SEC_PKCS7ContentType(p7dcx->cinfo) == SEC_OID_PKCS7_ENCRYPTED_DATA) {
- if (p7dcx->dkcb != NULL) {
- bulkkey = (*p7dcx->dkcb)(p7dcx->dkcb_arg,
- &(enccinfo->contentEncAlg));
- }
- enccinfo->keysize = 0;
- } else {
- bulkkey = sec_pkcs7_decoder_get_recipient_key (p7dcx, recipientinfos,
- enccinfo);
- if (bulkkey == NULL) goto no_decryption;
- enccinfo->keysize = PK11_GetKeyStrength(bulkkey,
- &(enccinfo->contentEncAlg));
-
- }
-
- /*
- * XXX I think following should set error in p7dcx and clear set error
- * (as used to be done here, or as is done in get_receipient_key above.
- */
- if(bulkkey == NULL) {
- goto no_decryption;
- }
-
- /*
- * We want to make sure decryption is allowed. This is done via
- * a callback specified in SEC_PKCS7DecoderStart().
- */
- if (p7dcx->decrypt_allowed_cb) {
- if ((*p7dcx->decrypt_allowed_cb) (&(enccinfo->contentEncAlg),
- bulkkey) == PR_FALSE) {
- p7dcx->error = SEC_ERROR_DECRYPTION_DISALLOWED;
- goto no_decryption;
- }
- } else {
- p7dcx->error = SEC_ERROR_DECRYPTION_DISALLOWED;
- goto no_decryption;
- }
-
- /*
- * When decrypting a signedAndEnvelopedData, the signature also has
- * to be decrypted with the bulk encryption key; to avoid having to
- * get it all over again later (and do another potentially expensive
- * RSA operation), copy it for later signature verification to use.
- */
- if (copy_key_for_signature != NULL)
- *copy_key_for_signature = PK11_ReferenceSymKey (bulkkey);
-
- /*
- * Now we have the bulk encryption key (in bulkkey) and the
- * the algorithm (in enccinfo->contentEncAlg). Using those,
- * create a decryption context.
- */
- decryptobj = sec_PKCS7CreateDecryptObject (bulkkey,
- &(enccinfo->contentEncAlg));
-
- /*
- * For PKCS5 Encryption Algorithms, the bulkkey is actually a different
- * structure. Therefore, we need to set the bulkkey to the actual key
- * prior to freeing it.
- */
- if ( SEC_PKCS5IsAlgorithmPBEAlg(&(enccinfo->contentEncAlg)) && bulkkey ) {
- SEC_PKCS5KeyAndPassword *keyPwd = (SEC_PKCS5KeyAndPassword *)bulkkey;
- bulkkey = keyPwd->key;
- }
-
- /*
- * We are done with (this) bulkkey now.
- */
- PK11_FreeSymKey (bulkkey);
-
- if (decryptobj == NULL) {
- p7dcx->error = PORT_GetError();
- PORT_SetError(0);
- goto no_decryption;
- }
-
- SEC_ASN1DecoderSetFilterProc (p7dcx->dcx,
- sec_pkcs7_decoder_filter,
- p7dcx,
- (PRBool)(p7dcx->cb != NULL));
-
- p7dcx->worker.depth = depth;
- p7dcx->worker.decryptobj = decryptobj;
-
- return SECSuccess;
-
-no_decryption:
- /*
- * For some reason (error set already, if appropriate), we cannot
- * decrypt the content. I am not sure what exactly is the right
- * thing to do here; in some cases we want to just stop, and in
- * others we want to let the decoding finish even though we cannot
- * decrypt the content. My current thinking is that if the caller
- * set up a content callback, then they are really interested in
- * getting (decrypted) content, and if they cannot they will want
- * to know about it. However, if no callback was specified, then
- * maybe it is not important that the decryption failed.
- */
- if (p7dcx->cb != NULL)
- return SECFailure;
- else
- return SECSuccess; /* Let the decoding continue. */
-}
-
-
-static SECStatus
-sec_pkcs7_decoder_finish_decrypt (SEC_PKCS7DecoderContext *p7dcx,
- PRArenaPool *poolp,
- SEC_PKCS7EncryptedContentInfo *enccinfo)
-{
- struct sec_pkcs7_decoder_worker *worker;
-
- /*
- * XXX Handling nested contents would mean that there is a chain
- * of workers -- one per each level of content. The following
- * would want to find the last worker in the chain.
- */
- worker = &(p7dcx->worker);
-
- /*
- * If no decryption context, then we have nothing to do.
- */
- if (worker->decryptobj == NULL)
- return SECSuccess;
-
- /*
- * No matter what happens after this, we want to stop filtering.
- * XXX If we handle nested contents, we only want to stop filtering
- * if we are finishing off the *last* worker.
- */
- SEC_ASN1DecoderClearFilterProc (p7dcx->dcx);
-
- /*
- * Handle the last block.
- */
- sec_pkcs7_decoder_work_data (p7dcx, worker, NULL, 0, PR_TRUE);
-
- /*
- * All done, destroy it.
- */
- sec_PKCS7DestroyDecryptObject (worker->decryptobj);
-
- return SECSuccess;
-}
-
-
-static void
-sec_pkcs7_decoder_notify (void *arg, PRBool before, void *dest, int depth)
-{
- SEC_PKCS7DecoderContext *p7dcx;
- SEC_PKCS7ContentInfo *cinfo;
- SEC_PKCS7SignedData *sigd;
- SEC_PKCS7EnvelopedData *envd;
- SEC_PKCS7SignedAndEnvelopedData *saed;
- SEC_PKCS7EncryptedData *encd;
- SEC_PKCS7DigestedData *digd;
- PRBool after;
- SECStatus rv;
-
- /*
- * Just to make the code easier to read, create an "after" variable
- * that is equivalent to "not before".
- * (This used to be just the statement "after = !before", but that
- * causes a warning on the mac; to avoid that, we do it the long way.)
- */
- if (before)
- after = PR_FALSE;
- else
- after = PR_TRUE;
-
- p7dcx = (SEC_PKCS7DecoderContext*)arg;
- cinfo = p7dcx->cinfo;
-
- if (cinfo->contentTypeTag == NULL) {
- if (after && dest == &(cinfo->contentType))
- cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
- return;
- }
-
- switch (cinfo->contentTypeTag->offset) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- sigd = cinfo->content.signedData;
- if (sigd == NULL)
- break;
-
- if (sigd->contentInfo.contentTypeTag == NULL) {
- if (after && dest == &(sigd->contentInfo.contentType))
- sigd->contentInfo.contentTypeTag =
- SECOID_FindOID(&(sigd->contentInfo.contentType));
- break;
- }
-
- /*
- * We only set up a filtering digest if the content is
- * plain DATA; anything else needs more work because a
- * second pass is required to produce a DER encoding from
- * an input that can be BER encoded. (This is a requirement
- * of PKCS7 that is unfortunate, but there you have it.)
- *
- * XXX Also, since we stop here if this is not DATA, the
- * inner content is not getting processed at all. Someday
- * we may want to fix that.
- */
- if (sigd->contentInfo.contentTypeTag->offset != SEC_OID_PKCS7_DATA) {
- /* XXX Set an error in p7dcx->error */
- SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx);
- break;
- }
-
- /*
- * Just before the content, we want to set up a digest context
- * for each digest algorithm listed, and start a filter which
- * will run all of the contents bytes through that digest.
- */
- if (before && dest == &(sigd->contentInfo.content)) {
- rv = sec_pkcs7_decoder_start_digests (p7dcx, depth,
- sigd->digestAlgorithms);
- if (rv != SECSuccess)
- SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx);
-
- break;
- }
-
- /*
- * XXX To handle nested types, here is where we would want
- * to check for inner boundaries that need handling.
- */
-
- /*
- * Are we done?
- */
- if (after && dest == &(sigd->contentInfo.content)) {
- /*
- * Close out the digest contexts. We ignore any error
- * because we are stopping anyway; the error status left
- * behind in p7dcx will be seen by outer functions.
- */
- (void) sec_pkcs7_decoder_finish_digests (p7dcx, cinfo->poolp,
- &(sigd->digests));
-
- /*
- * XXX To handle nested contents, we would need to remove
- * the worker from the chain (and free it).
- */
-
- /*
- * Stop notify.
- */
- SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx);
- }
- break;
-
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- envd = cinfo->content.envelopedData;
- if (envd == NULL)
- break;
-
- if (envd->encContentInfo.contentTypeTag == NULL) {
- if (after && dest == &(envd->encContentInfo.contentType))
- envd->encContentInfo.contentTypeTag =
- SECOID_FindOID(&(envd->encContentInfo.contentType));
- break;
- }
-
- /*
- * Just before the content, we want to set up a decryption
- * context, and start a filter which will run all of the
- * contents bytes through it to determine the plain content.
- */
- if (before && dest == &(envd->encContentInfo.encContent)) {
- rv = sec_pkcs7_decoder_start_decrypt (p7dcx, depth,
- envd->recipientInfos,
- &(envd->encContentInfo),
- NULL);
- if (rv != SECSuccess)
- SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx);
-
- break;
- }
-
- /*
- * Are we done?
- */
- if (after && dest == &(envd->encContentInfo.encContent)) {
- /*
- * Close out the decryption context. We ignore any error
- * because we are stopping anyway; the error status left
- * behind in p7dcx will be seen by outer functions.
- */
- (void) sec_pkcs7_decoder_finish_decrypt (p7dcx, cinfo->poolp,
- &(envd->encContentInfo));
-
- /*
- * XXX To handle nested contents, we would need to remove
- * the worker from the chain (and free it).
- */
-
- /*
- * Stop notify.
- */
- SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx);
- }
- break;
-
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- saed = cinfo->content.signedAndEnvelopedData;
- if (saed == NULL)
- break;
-
- if (saed->encContentInfo.contentTypeTag == NULL) {
- if (after && dest == &(saed->encContentInfo.contentType))
- saed->encContentInfo.contentTypeTag =
- SECOID_FindOID(&(saed->encContentInfo.contentType));
- break;
- }
-
- /*
- * Just before the content, we want to set up a decryption
- * context *and* digest contexts, and start a filter which
- * will run all of the contents bytes through both.
- */
- if (before && dest == &(saed->encContentInfo.encContent)) {
- rv = sec_pkcs7_decoder_start_decrypt (p7dcx, depth,
- saed->recipientInfos,
- &(saed->encContentInfo),
- &(saed->sigKey));
- if (rv == SECSuccess)
- rv = sec_pkcs7_decoder_start_digests (p7dcx, depth,
- saed->digestAlgorithms);
- if (rv != SECSuccess)
- SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx);
-
- break;
- }
-
- /*
- * Are we done?
- */
- if (after && dest == &(saed->encContentInfo.encContent)) {
- /*
- * Close out the decryption and digests contexts.
- * We ignore any errors because we are stopping anyway;
- * the error status left behind in p7dcx will be seen by
- * outer functions.
- *
- * Note that the decrypt stuff must be called first;
- * it may have a last buffer to do which in turn has
- * to be added to the digest.
- */
- (void) sec_pkcs7_decoder_finish_decrypt (p7dcx, cinfo->poolp,
- &(saed->encContentInfo));
- (void) sec_pkcs7_decoder_finish_digests (p7dcx, cinfo->poolp,
- &(saed->digests));
-
- /*
- * XXX To handle nested contents, we would need to remove
- * the worker from the chain (and free it).
- */
-
- /*
- * Stop notify.
- */
- SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx);
- }
- break;
-
- case SEC_OID_PKCS7_DIGESTED_DATA:
- digd = cinfo->content.digestedData;
-
- /*
- * XXX Want to do the digest or not? Maybe future enhancement...
- */
- if (before && dest == &(digd->contentInfo.content.data)) {
- SEC_ASN1DecoderSetFilterProc (p7dcx->dcx, sec_pkcs7_decoder_filter,
- p7dcx,
- (PRBool)(p7dcx->cb != NULL));
- break;
- }
-
- /*
- * Are we done?
- */
- if (after && dest == &(digd->contentInfo.content.data)) {
- SEC_ASN1DecoderClearFilterProc (p7dcx->dcx);
- }
- break;
-
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- encd = cinfo->content.encryptedData;
-
- /*
- * XXX If the decryption key callback is set, we want to start
- * the decryption. If the callback is not set, we will treat the
- * content as plain data, since we do not have the key.
- *
- * Is this the proper thing to do?
- */
- if (before && dest == &(encd->encContentInfo.encContent)) {
- /*
- * Start the encryption process if the decryption key callback
- * is present. Otherwise, treat the content like plain data.
- */
- rv = SECSuccess;
- if (p7dcx->dkcb != NULL) {
- rv = sec_pkcs7_decoder_start_decrypt (p7dcx, depth, NULL,
- &(encd->encContentInfo),
- NULL);
- }
-
- if (rv != SECSuccess)
- SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx);
-
- break;
- }
-
- /*
- * Are we done?
- */
- if (after && dest == &(encd->encContentInfo.encContent)) {
- /*
- * Close out the decryption context. We ignore any error
- * because we are stopping anyway; the error status left
- * behind in p7dcx will be seen by outer functions.
- */
- (void) sec_pkcs7_decoder_finish_decrypt (p7dcx, cinfo->poolp,
- &(encd->encContentInfo));
-
- /*
- * Stop notify.
- */
- SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx);
- }
- break;
-
- case SEC_OID_PKCS7_DATA:
- /*
- * If a output callback has been specified, we want to set the filter
- * to call the callback. This is taken care of in
- * sec_pkcs7_decoder_start_decrypt() or
- * sec_pkcs7_decoder_start_digests() for the other content types.
- */
-
- if (before && dest == &(cinfo->content.data)) {
-
- /*
- * Set the filter proc up.
- */
- SEC_ASN1DecoderSetFilterProc (p7dcx->dcx,
- sec_pkcs7_decoder_filter,
- p7dcx,
- (PRBool)(p7dcx->cb != NULL));
- break;
- }
-
- if (after && dest == &(cinfo->content.data)) {
- /*
- * Time to clean up after ourself, stop the Notify and Filter
- * procedures.
- */
- SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx);
- SEC_ASN1DecoderClearFilterProc (p7dcx->dcx);
- }
- break;
-
- default:
- SEC_ASN1DecoderClearNotifyProc (p7dcx->dcx);
- break;
- }
-}
-
-
-SEC_PKCS7DecoderContext *
-SEC_PKCS7DecoderStart(SEC_PKCS7DecoderContentCallback cb, void *cb_arg,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg,
- SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
- void *decrypt_key_cb_arg,
- SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb)
-{
- SEC_PKCS7DecoderContext *p7dcx;
- SEC_ASN1DecoderContext *dcx;
- SEC_PKCS7ContentInfo *cinfo;
- PRArenaPool *poolp;
-
- poolp = PORT_NewArena (1024); /* XXX what is right value? */
- if (poolp == NULL)
- return NULL;
-
- cinfo = (SEC_PKCS7ContentInfo*)PORT_ArenaZAlloc (poolp, sizeof(*cinfo));
- if (cinfo == NULL) {
- PORT_FreeArena (poolp, PR_FALSE);
- return NULL;
- }
-
- cinfo->poolp = poolp;
- cinfo->pwfn = pwfn;
- cinfo->pwfn_arg = pwfn_arg;
- cinfo->created = PR_FALSE;
- cinfo->refCount = 1;
-
- p7dcx =
- (SEC_PKCS7DecoderContext*)PORT_ZAlloc (sizeof(SEC_PKCS7DecoderContext));
- if (p7dcx == NULL) {
- PORT_FreeArena (poolp, PR_FALSE);
- return NULL;
- }
-
- p7dcx->tmp_poolp = PORT_NewArena (1024); /* XXX what is right value? */
- if (p7dcx->tmp_poolp == NULL) {
- PORT_Free (p7dcx);
- PORT_FreeArena (poolp, PR_FALSE);
- return NULL;
- }
-
- dcx = SEC_ASN1DecoderStart (poolp, cinfo, sec_PKCS7ContentInfoTemplate);
- if (dcx == NULL) {
- PORT_FreeArena (p7dcx->tmp_poolp, PR_FALSE);
- PORT_Free (p7dcx);
- PORT_FreeArena (poolp, PR_FALSE);
- return NULL;
- }
-
- SEC_ASN1DecoderSetNotifyProc (dcx, sec_pkcs7_decoder_notify, p7dcx);
-
- p7dcx->dcx = dcx;
- p7dcx->cinfo = cinfo;
- p7dcx->cb = cb;
- p7dcx->cb_arg = cb_arg;
- p7dcx->pwfn = pwfn;
- p7dcx->pwfn_arg = pwfn_arg;
- p7dcx->dkcb = decrypt_key_cb;
- p7dcx->dkcb_arg = decrypt_key_cb_arg;
- p7dcx->decrypt_allowed_cb = decrypt_allowed_cb;
-
- return p7dcx;
-}
-
-
-/*
- * Do the next chunk of PKCS7 decoding. If there is a problem, set
- * an error and return a failure status. Note that in the case of
- * an error, this routine is still prepared to be called again and
- * again in case that is the easiest route for our caller to take.
- * We simply detect it and do not do anything except keep setting
- * that error in case our caller has not noticed it yet...
- */
-SECStatus
-SEC_PKCS7DecoderUpdate(SEC_PKCS7DecoderContext *p7dcx,
- const char *buf, unsigned long len)
-{
- if (p7dcx->cinfo != NULL && p7dcx->dcx != NULL) {
- PORT_Assert (p7dcx->error == 0);
- if (p7dcx->error == 0) {
- if (SEC_ASN1DecoderUpdate (p7dcx->dcx, buf, len) != SECSuccess) {
- p7dcx->error = PORT_GetError();
- PORT_Assert (p7dcx->error);
- if (p7dcx->error == 0)
- p7dcx->error = -1;
- }
- }
- }
-
- if (p7dcx->error) {
- if (p7dcx->dcx != NULL) {
- (void) SEC_ASN1DecoderFinish (p7dcx->dcx);
- p7dcx->dcx = NULL;
- }
- if (p7dcx->cinfo != NULL) {
- SEC_PKCS7DestroyContentInfo (p7dcx->cinfo);
- p7dcx->cinfo = NULL;
- }
- PORT_SetError (p7dcx->error);
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-
-SEC_PKCS7ContentInfo *
-SEC_PKCS7DecoderFinish(SEC_PKCS7DecoderContext *p7dcx)
-{
- SEC_PKCS7ContentInfo *cinfo;
-
- cinfo = p7dcx->cinfo;
- if (p7dcx->dcx != NULL) {
- if (SEC_ASN1DecoderFinish (p7dcx->dcx) != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- cinfo = NULL;
- }
- }
- PORT_FreeArena (p7dcx->tmp_poolp, PR_FALSE);
- PORT_Free (p7dcx);
- return cinfo;
-}
-
-
-SEC_PKCS7ContentInfo *
-SEC_PKCS7DecodeItem(SECItem *p7item,
- SEC_PKCS7DecoderContentCallback cb, void *cb_arg,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg,
- SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
- void *decrypt_key_cb_arg,
- SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb)
-{
- SEC_PKCS7DecoderContext *p7dcx;
-
- p7dcx = SEC_PKCS7DecoderStart(cb, cb_arg, pwfn, pwfn_arg, decrypt_key_cb,
- decrypt_key_cb_arg, decrypt_allowed_cb);
- (void) SEC_PKCS7DecoderUpdate(p7dcx, (char *) p7item->data, p7item->len);
- return SEC_PKCS7DecoderFinish(p7dcx);
-}
-
-
-/*
- * If the thing contains any certs or crls return true; false otherwise.
- */
-PRBool
-SEC_PKCS7ContainsCertsOrCrls(SEC_PKCS7ContentInfo *cinfo)
-{
- SECOidTag kind;
- SECItem **certs;
- CERTSignedCrl **crls;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- default:
- case SEC_OID_PKCS7_DATA:
- case SEC_OID_PKCS7_DIGESTED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- return PR_FALSE;
- case SEC_OID_PKCS7_SIGNED_DATA:
- certs = cinfo->content.signedData->rawCerts;
- crls = cinfo->content.signedData->crls;
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- certs = cinfo->content.signedAndEnvelopedData->rawCerts;
- crls = cinfo->content.signedAndEnvelopedData->crls;
- break;
- }
-
- /*
- * I know this could be collapsed, but I was in a mood to be explicit.
- */
- if (certs != NULL && certs[0] != NULL)
- return PR_TRUE;
- else if (crls != NULL && crls[0] != NULL)
- return PR_TRUE;
- else
- return PR_FALSE;
-}
-
-/* return the content length...could use GetContent, however we
- * need the encrypted content length
- */
-PRBool
-SEC_PKCS7IsContentEmpty(SEC_PKCS7ContentInfo *cinfo, unsigned int minLen)
-{
- SECItem *item = NULL;
-
- if(cinfo == NULL) {
- return PR_TRUE;
- }
-
- switch(SEC_PKCS7ContentType(cinfo))
- {
- case SEC_OID_PKCS7_DATA:
- item = cinfo->content.data;
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- item = &cinfo->content.encryptedData->encContentInfo.encContent;
- break;
- default:
- /* add other types */
- return PR_FALSE;
- }
-
- if(!item) {
- return PR_TRUE;
- } else if(item->len <= minLen) {
- return PR_TRUE;
- }
-
- return PR_FALSE;
-}
-
-
-PRBool
-SEC_PKCS7ContentIsEncrypted(SEC_PKCS7ContentInfo *cinfo)
-{
- SECOidTag kind;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- default:
- case SEC_OID_PKCS7_DATA:
- case SEC_OID_PKCS7_DIGESTED_DATA:
- case SEC_OID_PKCS7_SIGNED_DATA:
- return PR_FALSE;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- return PR_TRUE;
- }
-}
-
-
-/*
- * If the PKCS7 content has a signature (not just *could* have a signature)
- * return true; false otherwise. This can/should be called before calling
- * VerifySignature, which will always indicate failure if no signature is
- * present, but that does not mean there even was a signature!
- * Note that the content itself can be empty (detached content was sent
- * another way); it is the presence of the signature that matters.
- */
-PRBool
-SEC_PKCS7ContentIsSigned(SEC_PKCS7ContentInfo *cinfo)
-{
- SECOidTag kind;
- SEC_PKCS7SignerInfo **signerinfos;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- default:
- case SEC_OID_PKCS7_DATA:
- case SEC_OID_PKCS7_DIGESTED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- return PR_FALSE;
- case SEC_OID_PKCS7_SIGNED_DATA:
- signerinfos = cinfo->content.signedData->signerInfos;
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- signerinfos = cinfo->content.signedAndEnvelopedData->signerInfos;
- break;
- }
-
- /*
- * I know this could be collapsed; but I kind of think it will get
- * more complicated before I am finished, so...
- */
- if (signerinfos != NULL && signerinfos[0] != NULL)
- return PR_TRUE;
- else
- return PR_FALSE;
-}
-
-
-/*
- * SEC_PKCS7ContentVerifySignature
- * Look at a PKCS7 contentInfo and check if the signature is good.
- * The digest was either calculated earlier (and is stored in the
- * contentInfo itself) or is passed in via "detached_digest".
- *
- * The verification checks that the signing cert is valid and trusted
- * for the purpose specified by "certusage".
- *
- * In addition, if "keepcerts" is true, add any new certificates found
- * into our local database.
- *
- * XXX Each place which returns PR_FALSE should be sure to have a good
- * error set for inspection by the caller. Alternatively, we could create
- * an enumeration of success and each type of failure and return that
- * instead of a boolean. For now, the default in a bad situation is to
- * set the error to SEC_ERROR_PKCS7_BAD_SIGNATURE. But this should be
- * reviewed; better (more specific) errors should be possible (to distinguish
- * a signature failure from a badly-formed pkcs7 signedData, for example).
- * Some of the errors should probably just be SEC_ERROR_BAD_SIGNATURE,
- * but that has a less helpful error string associated with it right now;
- * if/when that changes, review and change these as needed.
- *
- * XXX This is broken wrt signedAndEnvelopedData. In that case, the
- * message digest is doubly encrypted -- first encrypted with the signer
- * private key but then again encrypted with the bulk encryption key used
- * to encrypt the content. So before we can pass the digest to VerifyDigest,
- * we need to decrypt it with the bulk encryption key. Also, in this case,
- * there should be NO authenticatedAttributes (signerinfo->authAttr should
- * be NULL).
- */
-static PRBool
-sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo,
- SECCertUsage certusage,
- SECItem *detached_digest,
- HASH_HashType digest_type,
- PRBool keepcerts)
-{
- SECAlgorithmID **digestalgs, *bulkid;
- SECItem *digest;
- SECItem **digests;
- SECItem **rawcerts;
- CERTSignedCrl **crls;
- SEC_PKCS7SignerInfo **signerinfos, *signerinfo;
- CERTCertificate *cert, **certs;
- PRBool goodsig;
- CERTCertDBHandle local_certdb, *certdb, *defaultdb;
- SECOidData *algiddata;
- int i, certcount;
- SECKEYPublicKey *publickey;
- SECItem *content_type;
- PK11SymKey *sigkey;
- SECItem *utc_stime;
- int64 stime;
- SECStatus rv;
-
- /*
- * Everything needed in order to "goto done" safely.
- */
- goodsig = PR_FALSE;
- certcount = 0;
- cert = NULL;
- certs = NULL;
- certdb = NULL;
- defaultdb = CERT_GetDefaultCertDB();
- publickey = NULL;
-
- if (! SEC_PKCS7ContentIsSigned(cinfo)) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
-
- PORT_Assert (cinfo->contentTypeTag != NULL);
-
- switch (cinfo->contentTypeTag->offset) {
- default:
- case SEC_OID_PKCS7_DATA:
- case SEC_OID_PKCS7_DIGESTED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- /* Could only get here if SEC_PKCS7ContentIsSigned is broken. */
- PORT_Assert (0);
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sdp;
-
- sdp = cinfo->content.signedData;
- digestalgs = sdp->digestAlgorithms;
- digests = sdp->digests;
- rawcerts = sdp->rawCerts;
- crls = sdp->crls;
- signerinfos = sdp->signerInfos;
- content_type = &(sdp->contentInfo.contentType);
- sigkey = NULL;
- bulkid = NULL;
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- digestalgs = saedp->digestAlgorithms;
- digests = saedp->digests;
- rawcerts = saedp->rawCerts;
- crls = saedp->crls;
- signerinfos = saedp->signerInfos;
- content_type = &(saedp->encContentInfo.contentType);
- sigkey = saedp->sigKey;
- bulkid = &(saedp->encContentInfo.contentEncAlg);
- }
- break;
- }
-
- if ((signerinfos == NULL) || (signerinfos[0] == NULL)) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
-
- /*
- * XXX Need to handle multiple signatures; checking them is easy,
- * but what should be the semantics here (like, return value)?
- */
- if (signerinfos[1] != NULL) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
-
- signerinfo = signerinfos[0];
-
- /*
- * XXX I would like to just pass the issuerAndSN, along with the rawcerts
- * and crls, to some function that did all of this certificate stuff
- * (open/close the database if necessary, verifying the certs, etc.)
- * and gave me back a cert pointer if all was good.
- */
- certdb = defaultdb;
- if (certdb == NULL) {
- if (CERT_OpenCertDBFilename (&local_certdb, NULL,
- (PRBool)!keepcerts) != SECSuccess)
- goto done;
- certdb = &local_certdb;
- }
-
- certcount = 0;
- if (rawcerts != NULL) {
- for (; rawcerts[certcount] != NULL; certcount++) {
- /* just counting */
- }
- }
-
- /*
- * Note that the result of this is that each cert in "certs"
- * needs to be destroyed.
- */
- rv = CERT_ImportCerts(certdb, certusage, certcount, rawcerts, &certs,
- keepcerts, PR_FALSE, NULL);
- if ( rv != SECSuccess ) {
- goto done;
- }
-
- /*
- * This cert will also need to be freed, but since we save it
- * in signerinfo for later, we do not want to destroy it when
- * we leave this function -- we let the clean-up of the entire
- * cinfo structure later do the destroy of this cert.
- */
- cert = CERT_FindCertByIssuerAndSN(certdb, signerinfo->issuerAndSN);
- if (cert == NULL) {
- goto done;
- }
-
- signerinfo->cert = cert;
-
- /*
- * Get and convert the signing time; if available, it will be used
- * both on the cert verification and for importing the sender
- * email profile.
- */
- utc_stime = SEC_PKCS7GetSigningTime (cinfo);
- if (utc_stime != NULL) {
- if (DER_UTCTimeToTime (&stime, utc_stime) != SECSuccess)
- utc_stime = NULL; /* conversion failed, so pretend none */
- }
-
- /*
- * XXX This uses the signing time, if available. Additionally, we
- * might want to, if there is no signing time, get the message time
- * from the mail header itself, and use that. That would require
- * a change to our interface though, and for S/MIME callers to pass
- * in a time (and for non-S/MIME callers to pass in nothing, or
- * maybe make them pass in the current time, always?).
- */
- if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage,
- utc_stime != NULL ? stime : PR_Now(),
- cinfo->pwfn_arg, NULL) != SECSuccess)
- {
- /*
- * XXX Give the user an option to check the signature anyway?
- * If we want to do this, need to give a way to leave and display
- * some dialog and get the answer and come back through (or do
- * the rest of what we do below elsewhere, maybe by putting it
- * in a function that we call below and could call from a dialog
- * finish handler).
- */
- goto savecert;
- }
-
- publickey = CERT_ExtractPublicKey (cert);
- if (publickey == NULL)
- goto done;
-
- /*
- * XXX No! If digests is empty, see if we can create it now by
- * digesting the contents. This is necessary if we want to allow
- * somebody to do a simple decode (without filtering, etc.) and
- * then later call us here to do the verification.
- * OR, we can just specify that the interface to this routine
- * *requires* that the digest(s) be done before calling and either
- * stashed in the struct itself or passed in explicitly (as would
- * be done for detached contents).
- */
- if ((digests == NULL || digests[0] == NULL)
- && (detached_digest == NULL || detached_digest->data == NULL))
- goto done;
-
- /*
- * Find and confirm digest algorithm.
- */
- algiddata = SECOID_FindOID (&(signerinfo->digestAlg.algorithm));
-
- if (detached_digest != NULL) {
- switch (digest_type) {
- default:
- case HASH_AlgNULL:
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- case HASH_AlgMD2:
- PORT_Assert (detached_digest->len == MD2_LENGTH);
- if (algiddata->offset != SEC_OID_MD2) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
- break;
- case HASH_AlgMD5:
- PORT_Assert (detached_digest->len == MD5_LENGTH);
- if (algiddata->offset != SEC_OID_MD5) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
- break;
- case HASH_AlgSHA1:
- PORT_Assert (detached_digest->len == SHA1_LENGTH);
- if (algiddata->offset != SEC_OID_SHA1) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
- break;
- }
- digest = detached_digest;
- } else {
- PORT_Assert (digestalgs != NULL && digestalgs[0] != NULL);
- if (digestalgs == NULL || digestalgs[0] == NULL) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
-
- /*
- * pick digest matching signerinfo->digestAlg from digests
- */
- if (algiddata == NULL) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
- for (i = 0; digestalgs[i] != NULL; i++) {
- if (SECOID_FindOID (&(digestalgs[i]->algorithm)) == algiddata)
- break;
- }
- if (digestalgs[i] == NULL) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
-
- digest = digests[i];
- }
-
- /*
- * XXX This may not be the right set of algorithms to check.
- * I'd prefer to trust that just calling VFY_Verify{Data,Digest}
- * would do the right thing (and set an error if it could not);
- * then additional algorithms could be handled by that code
- * and we would Just Work. So this check should just be removed,
- * but not until the VFY code is better at setting errors.
- */
- algiddata = SECOID_FindOID (&(signerinfo->digestEncAlg.algorithm));
- if (algiddata == NULL ||
- ((algiddata->offset != SEC_OID_PKCS1_RSA_ENCRYPTION) &&
- (algiddata->offset != SEC_OID_ANSIX9_DSA_SIGNATURE))) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
-
- if (signerinfo->authAttr != NULL) {
- SEC_PKCS7Attribute *attr;
- SECItem *value;
- SECItem encoded_attrs;
-
- /*
- * We have a sigkey only for signedAndEnvelopedData, which is
- * not supposed to have any authenticated attributes.
- */
- if (sigkey != NULL) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
-
- /*
- * PKCS #7 says that if there are any authenticated attributes,
- * then there must be one for content type which matches the
- * content type of the content being signed, and there must
- * be one for message digest which matches our message digest.
- * So check these things first.
- * XXX Might be nice to have a compare-attribute-value function
- * which could collapse the following nicely.
- */
- attr = sec_PKCS7FindAttribute (signerinfo->authAttr,
- SEC_OID_PKCS9_CONTENT_TYPE, PR_TRUE);
- value = sec_PKCS7AttributeValue (attr);
- if (value == NULL || value->len != content_type->len) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
- if (PORT_Memcmp (value->data, content_type->data, value->len) != 0) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
-
- attr = sec_PKCS7FindAttribute (signerinfo->authAttr,
- SEC_OID_PKCS9_MESSAGE_DIGEST, PR_TRUE);
- value = sec_PKCS7AttributeValue (attr);
- if (value == NULL || value->len != digest->len) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
- if (PORT_Memcmp (value->data, digest->data, value->len) != 0) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
-
- /*
- * Okay, we met the constraints of the basic attributes.
- * Now check the signature, which is based on a digest of
- * the DER-encoded authenticated attributes. So, first we
- * encode and then we digest/verify.
- */
- encoded_attrs.data = NULL;
- encoded_attrs.len = 0;
- if (sec_PKCS7EncodeAttributes (NULL, &encoded_attrs,
- &(signerinfo->authAttr)) == NULL)
- goto done;
-
- if (encoded_attrs.data == NULL || encoded_attrs.len == 0) {
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
-
- goodsig = (PRBool)(VFY_VerifyData (encoded_attrs.data,
- encoded_attrs.len,
- publickey, &(signerinfo->encDigest),
- SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg)),
- cinfo->pwfn_arg) == SECSuccess);
- PORT_Free (encoded_attrs.data);
- } else {
- SECItem *sig;
- SECItem holder;
- SECStatus rv;
-
- /*
- * No authenticated attributes.
- * The signature is based on the plain message digest.
- */
-
- sig = &(signerinfo->encDigest);
- if (sig->len == 0) { /* bad signature */
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- goto done;
- }
-
- if (sigkey != NULL) {
- sec_PKCS7CipherObject *decryptobj;
- unsigned int buflen;
-
- /*
- * For signedAndEnvelopedData, we first must decrypt the encrypted
- * digest with the bulk encryption key. The result is the normal
- * encrypted digest (aka the signature).
- */
- decryptobj = sec_PKCS7CreateDecryptObject (sigkey, bulkid);
- if (decryptobj == NULL)
- goto done;
-
- buflen = sec_PKCS7DecryptLength (decryptobj, sig->len, PR_TRUE);
- PORT_Assert (buflen);
- if (buflen == 0) { /* something is wrong */
- sec_PKCS7DestroyDecryptObject (decryptobj);
- goto done;
- }
-
- holder.data = (unsigned char*)PORT_Alloc (buflen);
- if (holder.data == NULL) {
- sec_PKCS7DestroyDecryptObject (decryptobj);
- goto done;
- }
-
- rv = sec_PKCS7Decrypt (decryptobj, holder.data, &holder.len, buflen,
- sig->data, sig->len, PR_TRUE);
- if (rv != SECSuccess) {
- sec_PKCS7DestroyDecryptObject (decryptobj);
- goto done;
- }
-
- sig = &holder;
- }
-
- goodsig = (PRBool)(VFY_VerifyDigest (digest, publickey, sig,
- SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg)),
- cinfo->pwfn_arg)
- == SECSuccess);
-
- if (sigkey != NULL) {
- PORT_Assert (sig == &holder);
- PORT_ZFree (holder.data, holder.len);
- }
- }
-
- if (! goodsig) {
- /*
- * XXX Change the generic error into our specific one, because
- * in that case we get a better explanation out of the Security
- * Advisor. This is really a bug in our error strings (the
- * "generic" error has a lousy/wrong message associated with it
- * which assumes the signature verification was done for the
- * purposes of checking the issuer signature on a certificate)
- * but this is at least an easy workaround and/or in the
- * Security Advisor, which specifically checks for the error
- * SEC_ERROR_PKCS7_BAD_SIGNATURE and gives more explanation
- * in that case but does not similarly check for
- * SEC_ERROR_BAD_SIGNATURE. It probably should, but then would
- * probably say the wrong thing in the case that it *was* the
- * certificate signature check that failed during the cert
- * verification done above. Our error handling is really a mess.
- */
- if (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE)
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- }
-
-savecert:
- /*
- * Only save the smime profile if we are checking an email message and
- * the cert has an email address in it.
- */
- if ( ( cert->emailAddr != NULL ) &&
- ( ( certusage == certUsageEmailSigner ) ||
- ( certusage == certUsageEmailRecipient ) ) ) {
- SECItem *profile = NULL;
- int save_error;
-
- /*
- * Remember the current error set because we do not care about
- * anything set by the functions we are about to call.
- */
- save_error = PORT_GetError();
-
- if (goodsig && (signerinfo->authAttr != NULL)) {
- /*
- * If the signature is good, then we can save the S/MIME profile,
- * if we have one.
- */
- SEC_PKCS7Attribute *attr;
-
- attr = sec_PKCS7FindAttribute (signerinfo->authAttr,
- SEC_OID_PKCS9_SMIME_CAPABILITIES,
- PR_TRUE);
- profile = sec_PKCS7AttributeValue (attr);
- }
-
- rv = CERT_SaveSMimeProfile (cert, profile, utc_stime);
-
- /*
- * Restore the saved error in case the calls above set a new
- * one that we do not actually care about.
- */
- PORT_SetError (save_error);
-
- /*
- * XXX Failure is not indicated anywhere -- the signature
- * verification itself is unaffected by whether or not the
- * profile was successfully saved.
- */
- }
-
-
-done:
-
- /*
- * See comment above about why we do not want to destroy cert
- * itself here.
- */
-
- if (certs != NULL)
- CERT_DestroyCertArray (certs, certcount);
-
- if (defaultdb == NULL && certdb != NULL)
- CERT_ClosePermCertDB (certdb);
-
- if (publickey != NULL)
- SECKEY_DestroyPublicKey (publickey);
-
- return goodsig;
-}
-
-/*
- * SEC_PKCS7VerifySignature
- * Look at a PKCS7 contentInfo and check if the signature is good.
- * The verification checks that the signing cert is valid and trusted
- * for the purpose specified by "certusage".
- *
- * In addition, if "keepcerts" is true, add any new certificates found
- * into our local database.
- */
-PRBool
-SEC_PKCS7VerifySignature(SEC_PKCS7ContentInfo *cinfo,
- SECCertUsage certusage,
- PRBool keepcerts)
-{
- return sec_pkcs7_verify_signature (cinfo, certusage,
- NULL, HASH_AlgNULL, keepcerts);
-}
-
-/*
- * SEC_PKCS7VerifyDetachedSignature
- * Look at a PKCS7 contentInfo and check if the signature matches
- * a passed-in digest (calculated, supposedly, from detached contents).
- * The verification checks that the signing cert is valid and trusted
- * for the purpose specified by "certusage".
- *
- * In addition, if "keepcerts" is true, add any new certificates found
- * into our local database.
- */
-PRBool
-SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
- SECCertUsage certusage,
- SECItem *detached_digest,
- HASH_HashType digest_type,
- PRBool keepcerts)
-{
- return sec_pkcs7_verify_signature (cinfo, certusage,
- detached_digest, digest_type,
- keepcerts);
-}
-
-
-/*
- * Return the asked-for portion of the name of the signer of a PKCS7
- * signed object.
- *
- * Returns a pointer to allocated memory, which must be freed.
- * A NULL return value is an error.
- */
-
-#define sec_common_name 1
-#define sec_email_address 2
-
-static char *
-sec_pkcs7_get_signer_cert_info(SEC_PKCS7ContentInfo *cinfo, int selector)
-{
- SECOidTag kind;
- SEC_PKCS7SignerInfo **signerinfos;
- CERTCertificate *signercert;
- char *container;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- default:
- case SEC_OID_PKCS7_DATA:
- case SEC_OID_PKCS7_DIGESTED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- PORT_Assert (0);
- return NULL;
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sdp;
-
- sdp = cinfo->content.signedData;
- signerinfos = sdp->signerInfos;
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- signerinfos = saedp->signerInfos;
- }
- break;
- }
-
- if (signerinfos == NULL || signerinfos[0] == NULL)
- return NULL;
-
- signercert = signerinfos[0]->cert;
-
- /*
- * No cert there; see if we can find one by calling verify ourselves.
- */
- if (signercert == NULL) {
- /*
- * The cert usage does not matter in this case, because we do not
- * actually care about the verification itself, but we have to pick
- * some valid usage to pass in.
- */
- (void) sec_pkcs7_verify_signature (cinfo, certUsageEmailSigner,
- NULL, HASH_AlgNULL, PR_FALSE);
- signercert = signerinfos[0]->cert;
- if (signercert == NULL)
- return NULL;
- }
-
- switch (selector) {
- case sec_common_name:
- container = CERT_GetCommonName (&signercert->subject);
- break;
- case sec_email_address:
- if(signercert->emailAddr) {
- container = PORT_Strdup(signercert->emailAddr);
- } else {
- container = NULL;
- }
- break;
- default:
- PORT_Assert (0);
- container = NULL;
- break;
- }
-
- return container;
-}
-
-char *
-SEC_PKCS7GetSignerCommonName(SEC_PKCS7ContentInfo *cinfo)
-{
- return sec_pkcs7_get_signer_cert_info(cinfo, sec_common_name);
-}
-
-char *
-SEC_PKCS7GetSignerEmailAddress(SEC_PKCS7ContentInfo *cinfo)
-{
- return sec_pkcs7_get_signer_cert_info(cinfo, sec_email_address);
-}
-
-
-/*
- * Return the signing time, in UTCTime format, of a PKCS7 contentInfo.
- */
-SECItem *
-SEC_PKCS7GetSigningTime(SEC_PKCS7ContentInfo *cinfo)
-{
- SEC_PKCS7SignerInfo **signerinfos;
- SEC_PKCS7Attribute *attr;
-
- if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
- return NULL;
-
- signerinfos = cinfo->content.signedData->signerInfos;
-
- /*
- * No signature, or more than one, means no deal.
- */
- if (signerinfos == NULL || signerinfos[0] == NULL || signerinfos[1] != NULL)
- return NULL;
-
- attr = sec_PKCS7FindAttribute (signerinfos[0]->authAttr,
- SEC_OID_PKCS9_SIGNING_TIME, PR_TRUE);
- return sec_PKCS7AttributeValue (attr);
-}
diff --git a/security/nss/lib/pkcs7/p7encode.c b/security/nss/lib/pkcs7/p7encode.c
deleted file mode 100644
index b45d2d916..000000000
--- a/security/nss/lib/pkcs7/p7encode.c
+++ /dev/null
@@ -1,1329 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * PKCS7 encoding.
- *
- * $Id$
- */
-
-#include "p7local.h"
-
-#include "cert.h"
-#include "cryptohi.h"
-#include "keyhi.h"
-#include "secasn1.h"
-#include "secoid.h"
-#include "secitem.h"
-#include "pk11func.h"
-#include "secerr.h"
-
-struct sec_pkcs7_encoder_output {
- SEC_PKCS7EncoderOutputCallback outputfn;
- void *outputarg;
-};
-
-struct SEC_PKCS7EncoderContextStr {
- SEC_ASN1EncoderContext *ecx;
- SEC_PKCS7ContentInfo *cinfo;
- struct sec_pkcs7_encoder_output output;
- sec_PKCS7CipherObject *encryptobj;
- SECHashObject *digestobj;
- void *digestcx;
-};
-
-
-/*
- * The little output function that the ASN.1 encoder calls to hand
- * us bytes which we in turn hand back to our caller (via the callback
- * they gave us).
- */
-static void
-sec_pkcs7_encoder_out(void *arg, const char *buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
-{
- struct sec_pkcs7_encoder_output *output;
-
- output = (struct sec_pkcs7_encoder_output*)arg;
- output->outputfn (output->outputarg, buf, len);
-}
-
-static sec_PKCS7CipherObject *
-sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo,
- PK11SymKey *orig_bulkkey)
-{
- SECOidTag kind;
- sec_PKCS7CipherObject *encryptobj;
- SEC_PKCS7RecipientInfo **recipientinfos, *ri;
- SEC_PKCS7EncryptedContentInfo *enccinfo;
- SEC_PKCS7SMIMEKEAParameters keaParams;
- SECKEYPublicKey *publickey = NULL;
- SECKEYPrivateKey *ourPrivKey = NULL;
- PK11SymKey *bulkkey;
- void *mark, *wincx;
- int i;
- PRArenaPool *arena = NULL;
- unsigned char zero = 0;
-
- /* Get the context in case we need it below. */
- wincx = cinfo->pwfn_arg;
-
- /* Clear keaParams, since cleanup code checks the lengths */
- (void) memset(&keaParams, 0, sizeof(keaParams));
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- default:
- case SEC_OID_PKCS7_DATA:
- case SEC_OID_PKCS7_DIGESTED_DATA:
- case SEC_OID_PKCS7_SIGNED_DATA:
- recipientinfos = NULL;
- enccinfo = NULL;
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- {
- SEC_PKCS7EncryptedData *encdp;
-
- /* To do EncryptedData we *must* be given a bulk key. */
- PORT_Assert (orig_bulkkey != NULL);
- if (orig_bulkkey == NULL) {
- /* XXX error? */
- return NULL;
- }
-
- encdp = cinfo->content.encryptedData;
- recipientinfos = NULL;
- enccinfo = &(encdp->encContentInfo);
- }
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- {
- SEC_PKCS7EnvelopedData *envdp;
-
- envdp = cinfo->content.envelopedData;
- recipientinfos = envdp->recipientInfos;
- enccinfo = &(envdp->encContentInfo);
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- recipientinfos = saedp->recipientInfos;
- enccinfo = &(saedp->encContentInfo);
- }
- break;
- }
-
- if (enccinfo == NULL)
- return NULL;
-
- bulkkey = orig_bulkkey;
- if (bulkkey == NULL) {
- CK_MECHANISM_TYPE type = PK11_AlgtagToMechanism(enccinfo->encalg);
- PK11SlotInfo *slot;
-
-
- slot = PK11_GetBestSlot(type,cinfo->pwfn_arg);
- if (slot == NULL) {
- return NULL;
- }
- bulkkey = PK11_KeyGen(slot,type,NULL, enccinfo->keysize/8,
- cinfo->pwfn_arg);
- PK11_FreeSlot(slot);
- if (bulkkey == NULL) {
- return NULL;
- }
- }
-
- encryptobj = NULL;
- mark = PORT_ArenaMark (cinfo->poolp);
-
- /*
- * Encrypt the bulk key with the public key of each recipient.
- */
- for (i = 0; recipientinfos && (ri = recipientinfos[i]) != NULL; i++) {
- CERTCertificate *cert;
- SECOidTag certalgtag, encalgtag;
- SECStatus rv;
- int data_len;
- SECItem *params = NULL;
-
- cert = ri->cert;
- PORT_Assert (cert != NULL);
- if (cert == NULL)
- continue;
-
- /*
- * XXX Want an interface that takes a cert and some data and
- * fills in an algorithmID and encrypts the data with the public
- * key from the cert. Or, give me two interfaces -- one which
- * gets the algorithm tag from a cert (I should not have to go
- * down into the subjectPublicKeyInfo myself) and another which
- * takes a public key and algorithm tag and data and encrypts
- * the data. Or something like that. The point is that all
- * of the following hardwired RSA and KEA stuff should be done
- * elsewhere.
- */
-
- certalgtag=SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
-
- switch (certalgtag) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- encalgtag = certalgtag;
- publickey = CERT_ExtractPublicKey (cert);
- if (publickey == NULL) goto loser;
-
- data_len = SECKEY_PublicKeyStrength(publickey);
- ri->encKey.data =
- (unsigned char*)PORT_ArenaAlloc(cinfo->poolp ,data_len);
- ri->encKey.len = data_len;
- if (ri->encKey.data == NULL) goto loser;
-
- rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(certalgtag),publickey,
- bulkkey,&ri->encKey);
-
- SECKEY_DestroyPublicKey(publickey);
- publickey = NULL;
- if (rv != SECSuccess) goto loser;
- params = NULL; /* paranoia */
- break;
- /* ### mwelch -- KEA */
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_KEA:
- {
-#define SMIME_FORTEZZA_RA_LENGTH 128
-#define SMIME_FORTEZZA_IV_LENGTH 24
-#define SMIME_FORTEZZA_MAX_KEY_SIZE 256
- SECStatus err;
- PK11SymKey *tek;
- CERTCertificate *ourCert;
- SECKEYPublicKey *ourPubKey;
- SECKEATemplateSelector whichKEA;
-
- /* We really want to show our KEA tag as the
- key exchange algorithm tag. */
- encalgtag = SEC_OID_NETSCAPE_SMIME_KEA;
-
- /* Get the public key of the recipient. */
- publickey = CERT_ExtractPublicKey(cert);
- if (publickey == NULL) goto loser;
-
- /* Find our own cert, and extract its keys. */
- ourCert = PK11_FindBestKEAMatch(cert,wincx);
- if (ourCert == NULL) goto loser;
-
- arena = PORT_NewArena(1024);
- if (arena == NULL) goto loser;
-
- ourPubKey = CERT_ExtractPublicKey(ourCert);
- if (ourPubKey == NULL)
- {
- CERT_DestroyCertificate(ourCert);
- goto loser;
- }
-
- /* While we're here, copy the public key into the outgoing
- * KEA parameters. */
- SECITEM_CopyItem(arena, &(keaParams.originatorKEAKey),
- &(ourPubKey->u.fortezza.KEAKey));
- SECKEY_DestroyPublicKey(ourPubKey);
- ourPubKey = NULL;
-
- /* Extract our private key in order to derive the
- * KEA key. */
- ourPrivKey = PK11_FindKeyByAnyCert(ourCert,wincx);
- CERT_DestroyCertificate(ourCert); /* we're done with this */
- if (!ourPrivKey) goto loser;
-
- /* Prepare raItem with 128 bytes (filled with zeros). */
- keaParams.originatorRA.data =
- (unsigned char*)PORT_ArenaAlloc(arena,SMIME_FORTEZZA_RA_LENGTH);
- keaParams.originatorRA.len = SMIME_FORTEZZA_RA_LENGTH;
-
-
- /* Generate the TEK (token exchange key) which we use
- * to wrap the bulk encryption key. (raItem) will be
- * filled with a random seed which we need to send to
- * the recipient. */
- tek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE,
- &keaParams.originatorRA, NULL,
- CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP,
- CKA_WRAP, 0, wincx);
-
- SECKEY_DestroyPublicKey(publickey);
- SECKEY_DestroyPrivateKey(ourPrivKey);
- publickey = NULL;
- ourPrivKey = NULL;
-
- if (!tek)
- goto loser;
-
- ri->encKey.data = (unsigned char*)PORT_ArenaAlloc(cinfo->poolp,
- SMIME_FORTEZZA_MAX_KEY_SIZE);
- ri->encKey.len = SMIME_FORTEZZA_MAX_KEY_SIZE;
-
- if (ri->encKey.data == NULL)
- {
- PK11_FreeSymKey(tek);
- goto loser;
- }
-
- /* Wrap the bulk key. What we do with the resulting data
- depends on whether we're using Skipjack to wrap the key. */
- switch(PK11_AlgtagToMechanism(enccinfo->encalg))
- {
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- /* do SKIPJACK, we use the wrap mechanism */
- err = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL,
- tek, bulkkey, &ri->encKey);
- whichKEA = SECKEAUsesSkipjack;
- break;
- default:
- /* Not SKIPJACK, we encrypt the raw key data */
- keaParams.nonSkipjackIV .data =
- (unsigned char*)PORT_ArenaAlloc(arena,
- SMIME_FORTEZZA_IV_LENGTH);
- keaParams.nonSkipjackIV.len = SMIME_FORTEZZA_IV_LENGTH;
- err = PK11_WrapSymKey(CKM_SKIPJACK_CBC64,
- &keaParams.nonSkipjackIV,
- tek, bulkkey, &ri->encKey);
- if (err != SECSuccess)
- goto loser;
-
- if (ri->encKey.len != PK11_GetKeyLength(bulkkey))
- {
- /* The size of the encrypted key is not the same as
- that of the original bulk key, presumably due to
- padding. Encode and store the real size of the
- bulk key. */
- if (SEC_ASN1EncodeInteger(arena,
- &keaParams.bulkKeySize,
- PK11_GetKeyLength(bulkkey))
- == NULL)
- err = (SECStatus)PORT_GetError();
- else
- /* use full template for encoding */
- whichKEA = SECKEAUsesNonSkipjackWithPaddedEncKey;
- }
- else
- /* enc key length == bulk key length */
- whichKEA = SECKEAUsesNonSkipjack;
- break;
- }
-
- PK11_FreeSymKey(tek);
- if (err != SECSuccess)
- goto loser;
-
- /* Encode the KEA parameters into the recipient info. */
- params = SEC_ASN1EncodeItem(arena,NULL, &keaParams,
- sec_pkcs7_get_kea_template(whichKEA));
- if (params == NULL) goto loser;
- break;
- }
- default:
- PORT_SetError (SEC_ERROR_INVALID_ALGORITHM);
- goto loser;
- }
-
- rv = SECOID_SetAlgorithmID(cinfo->poolp, &ri->keyEncAlg, encalgtag,
- params);
- if (rv != SECSuccess)
- goto loser;
- if (arena) PORT_FreeArena(arena,PR_FALSE);
- arena = NULL;
- }
-
- encryptobj = sec_PKCS7CreateEncryptObject (cinfo->poolp, bulkkey,
- enccinfo->encalg,
- &(enccinfo->contentEncAlg));
- if (encryptobj != NULL) {
- PORT_ArenaUnmark (cinfo->poolp, mark);
- mark = NULL; /* good one; do not want to release */
- }
- /* fallthru */
-
-loser:
- if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- if (publickey) {
- SECKEY_DestroyPublicKey(publickey);
- }
- if (ourPrivKey) {
- SECKEY_DestroyPrivateKey(ourPrivKey);
- }
- if (mark != NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- }
- if (orig_bulkkey == NULL) {
- if (bulkkey) PK11_FreeSymKey(bulkkey);
- }
-
- return encryptobj;
-}
-
-
-static void
-sec_pkcs7_encoder_notify (void *arg, PRBool before, void *dest, int depth)
-{
- SEC_PKCS7EncoderContext *p7ecx;
- SEC_PKCS7ContentInfo *cinfo;
- SECOidTag kind;
- PRBool before_content;
-
- /*
- * We want to notice just before the content field. After fields are
- * not interesting to us.
- */
- if (!before)
- return;
-
- p7ecx = (SEC_PKCS7EncoderContext*)arg;
- cinfo = p7ecx->cinfo;
-
- before_content = PR_FALSE;
-
- /*
- * Watch for the content field, at which point we want to instruct
- * the ASN.1 encoder to start taking bytes from the buffer.
- *
- * XXX The following assumes the inner content type is data;
- * if/when we want to handle fully nested types, this will have
- * to recurse until reaching the innermost data content.
- */
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- default:
- case SEC_OID_PKCS7_DATA:
- if (dest == &(cinfo->content.data))
- before_content = PR_TRUE;
- break;
-
- case SEC_OID_PKCS7_DIGESTED_DATA:
- {
- SEC_PKCS7DigestedData *digd;
-
- digd = cinfo->content.digestedData;
- if (digd == NULL)
- break;
-
- if (dest == &(digd->contentInfo.content))
- before_content = PR_TRUE;
- }
- break;
-
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- {
- SEC_PKCS7EncryptedData *encd;
-
- encd = cinfo->content.encryptedData;
- if (encd == NULL)
- break;
-
- if (dest == &(encd->encContentInfo.encContent))
- before_content = PR_TRUE;
- }
- break;
-
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- {
- SEC_PKCS7EnvelopedData *envd;
-
- envd = cinfo->content.envelopedData;
- if (envd == NULL)
- break;
-
- if (dest == &(envd->encContentInfo.encContent))
- before_content = PR_TRUE;
- }
- break;
-
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sigd;
-
- sigd = cinfo->content.signedData;
- if (sigd == NULL)
- break;
-
- if (dest == &(sigd->contentInfo.content))
- before_content = PR_TRUE;
- }
- break;
-
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saed;
-
- saed = cinfo->content.signedAndEnvelopedData;
- if (saed == NULL)
- break;
-
- if (dest == &(saed->encContentInfo.encContent))
- before_content = PR_TRUE;
- }
- break;
- }
-
- if (before_content) {
- /*
- * This will cause the next SEC_ASN1EncoderUpdate to take the
- * contents bytes from the passed-in buffer.
- */
- SEC_ASN1EncoderSetTakeFromBuf (p7ecx->ecx);
- /*
- * And that is all we needed this notify function for.
- */
- SEC_ASN1EncoderClearNotifyProc (p7ecx->ecx);
- }
-}
-
-
-static SEC_PKCS7EncoderContext *
-sec_pkcs7_encoder_start_contexts (SEC_PKCS7ContentInfo *cinfo,
- PK11SymKey *bulkkey)
-{
- SEC_PKCS7EncoderContext *p7ecx;
- SECOidTag kind;
- PRBool encrypt;
- SECItem **digests;
- SECAlgorithmID *digestalg, **digestalgs;
-
- p7ecx =
- (SEC_PKCS7EncoderContext*)PORT_ZAlloc (sizeof(SEC_PKCS7EncoderContext));
- if (p7ecx == NULL)
- return NULL;
-
- digests = NULL;
- digestalg = NULL;
- digestalgs = NULL;
- encrypt = PR_FALSE;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- default:
- case SEC_OID_PKCS7_DATA:
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- digestalg = &(cinfo->content.digestedData->digestAlg);
- break;
- case SEC_OID_PKCS7_SIGNED_DATA:
- digests = cinfo->content.signedData->digests;
- digestalgs = cinfo->content.signedData->digestAlgorithms;
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- encrypt = PR_TRUE;
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- digests = cinfo->content.signedAndEnvelopedData->digests;
- digestalgs = cinfo->content.signedAndEnvelopedData->digestAlgorithms;
- encrypt = PR_TRUE;
- break;
- }
-
- if (encrypt) {
- p7ecx->encryptobj = sec_pkcs7_encoder_start_encrypt (cinfo, bulkkey);
- if (p7ecx->encryptobj == NULL) {
- PORT_Free (p7ecx);
- return NULL;
- }
- }
-
- if (digestalgs != NULL) {
- if (digests != NULL) {
- /* digests already created (probably for detached data) */
- digestalg = NULL;
- } else {
- /*
- * XXX Some day we should handle multiple digests; for now,
- * assume only one will be done.
- */
- PORT_Assert (digestalgs[0] != NULL && digestalgs[1] == NULL);
- digestalg = digestalgs[0];
- }
- }
-
- if (digestalg != NULL) {
- SECOidData *oiddata;
-
- oiddata = SECOID_FindOID (&(digestalg->algorithm));
- if (oiddata != NULL) {
- switch (oiddata->offset) {
- case SEC_OID_MD2:
- p7ecx->digestobj = &SECHashObjects[HASH_AlgMD2];
- break;
- case SEC_OID_MD5:
- p7ecx->digestobj = &SECHashObjects[HASH_AlgMD5];
- break;
- case SEC_OID_SHA1:
- p7ecx->digestobj = &SECHashObjects[HASH_AlgSHA1];
- break;
- default:
- /* XXX right error? */
- PORT_SetError (SEC_ERROR_INVALID_ALGORITHM);
- break;
- }
- }
- if (p7ecx->digestobj != NULL) {
- p7ecx->digestcx = (* p7ecx->digestobj->create) ();
- if (p7ecx->digestcx == NULL)
- p7ecx->digestobj = NULL;
- else
- (* p7ecx->digestobj->begin) (p7ecx->digestcx);
- }
- if (p7ecx->digestobj == NULL) {
- if (p7ecx->encryptobj != NULL)
- sec_PKCS7DestroyEncryptObject (p7ecx->encryptobj);
- PORT_Free (p7ecx);
- return NULL;
- }
- }
-
- p7ecx->cinfo = cinfo;
- return p7ecx;
-}
-
-
-SEC_PKCS7EncoderContext *
-SEC_PKCS7EncoderStart (SEC_PKCS7ContentInfo *cinfo,
- SEC_PKCS7EncoderOutputCallback outputfn,
- void *outputarg,
- PK11SymKey *bulkkey)
-{
- SEC_PKCS7EncoderContext *p7ecx;
- SECStatus rv;
-
- p7ecx = sec_pkcs7_encoder_start_contexts (cinfo, bulkkey);
- if (p7ecx == NULL)
- return NULL;
-
- p7ecx->output.outputfn = outputfn;
- p7ecx->output.outputarg = outputarg;
-
- /*
- * Initialize the BER encoder.
- */
- p7ecx->ecx = SEC_ASN1EncoderStart (cinfo, sec_PKCS7ContentInfoTemplate,
- sec_pkcs7_encoder_out, &(p7ecx->output));
- if (p7ecx->ecx == NULL) {
- PORT_Free (p7ecx);
- return NULL;
- }
-
- /*
- * Indicate that we are streaming. We will be streaming until we
- * get past the contents bytes.
- */
- SEC_ASN1EncoderSetStreaming (p7ecx->ecx);
-
- /*
- * The notify function will watch for the contents field.
- */
- SEC_ASN1EncoderSetNotifyProc (p7ecx->ecx, sec_pkcs7_encoder_notify, p7ecx);
-
- /*
- * This will encode everything up to the content bytes. (The notify
- * function will then cause the encoding to stop there.) Then our
- * caller can start passing contents bytes to our Update, which we
- * will pass along.
- */
- rv = SEC_ASN1EncoderUpdate (p7ecx->ecx, NULL, 0);
- if (rv != SECSuccess) {
- PORT_Free (p7ecx);
- return NULL;
- }
-
- return p7ecx;
-}
-
-
-/*
- * XXX If/when we support nested contents, this needs to be revised.
- */
-static SECStatus
-sec_pkcs7_encoder_work_data (SEC_PKCS7EncoderContext *p7ecx, SECItem *dest,
- const unsigned char *data, unsigned long len,
- PRBool final)
-{
- unsigned char *buf = NULL;
- SECStatus rv;
-
-
- rv = SECSuccess; /* may as well be optimistic */
-
- /*
- * We should really have data to process, or we should be trying
- * to finish/flush the last block. (This is an overly paranoid
- * check since all callers are in this file and simple inspection
- * proves they do it right. But it could find a bug in future
- * modifications/development, that is why it is here.)
- */
- PORT_Assert ((data != NULL && len) || final);
-
- /*
- * Update the running digest.
- * XXX This needs modification if/when we handle multiple digests.
- */
- if (len && p7ecx->digestobj != NULL) {
- (* p7ecx->digestobj->update) (p7ecx->digestcx, data, len);
- }
-
- /*
- * Encrypt this chunk.
- */
- if (p7ecx->encryptobj != NULL) {
- /* XXX the following lengths should all be longs? */
- unsigned int inlen; /* length of data being encrypted */
- unsigned int outlen; /* length of encrypted data */
- unsigned int buflen; /* length available for encrypted data */
-
- inlen = len;
- buflen = sec_PKCS7EncryptLength (p7ecx->encryptobj, inlen, final);
- if (buflen == 0) {
- /*
- * No output is expected, but the input data may be buffered
- * so we still have to call Encrypt.
- */
- rv = sec_PKCS7Encrypt (p7ecx->encryptobj, NULL, NULL, 0,
- data, inlen, final);
- if (final) {
- len = 0;
- goto done;
- }
- return rv;
- }
-
- if (dest != NULL)
- buf = (unsigned char*)PORT_ArenaAlloc(p7ecx->cinfo->poolp, buflen);
- else
- buf = (unsigned char*)PORT_Alloc (buflen);
-
- if (buf == NULL) {
- rv = SECFailure;
- } else {
- rv = sec_PKCS7Encrypt (p7ecx->encryptobj, buf, &outlen, buflen,
- data, inlen, final);
- data = buf;
- len = outlen;
- }
- if (rv != SECSuccess) {
- if (final)
- goto done;
- return rv;
- }
- }
-
- if (p7ecx->ecx != NULL) {
- /*
- * Encode the contents bytes.
- */
- if(len) {
- rv = SEC_ASN1EncoderUpdate (p7ecx->ecx, (const char *)data, len);
- }
- }
-
-done:
- if (p7ecx->encryptobj != NULL) {
- if (final)
- sec_PKCS7DestroyEncryptObject (p7ecx->encryptobj);
- if (dest != NULL) {
- dest->data = buf;
- dest->len = len;
- } else if (buf != NULL) {
- PORT_Free (buf);
- }
- }
-
- if (final && p7ecx->digestobj != NULL) {
- SECItem *digest, **digests, ***digestsp;
- unsigned char *digdata;
- SECOidTag kind;
-
- kind = SEC_PKCS7ContentType (p7ecx->cinfo);
- switch (kind) {
- default:
- PORT_Assert (0);
- return SECFailure;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- digest = &(p7ecx->cinfo->content.digestedData->digest);
- digestsp = NULL;
- break;
- case SEC_OID_PKCS7_SIGNED_DATA:
- digest = NULL;
- digestsp = &(p7ecx->cinfo->content.signedData->digests);
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- digest = NULL;
- digestsp = &(p7ecx->cinfo->content.signedAndEnvelopedData->digests);
- break;
- }
-
- digdata = (unsigned char*)PORT_ArenaAlloc (p7ecx->cinfo->poolp,
- p7ecx->digestobj->length);
- if (digdata == NULL)
- return SECFailure;
-
- if (digestsp != NULL) {
- PORT_Assert (digest == NULL);
-
- digest = (SECItem*)PORT_ArenaAlloc (p7ecx->cinfo->poolp,
- sizeof(SECItem));
- digests = (SECItem**)PORT_ArenaAlloc (p7ecx->cinfo->poolp,
- 2 * sizeof(SECItem *));
- if (digests == NULL || digest == NULL)
- return SECFailure;
-
- digests[0] = digest;
- digests[1] = NULL;
-
- *digestsp = digests;
- }
-
- PORT_Assert (digest != NULL);
-
- digest->data = digdata;
- digest->len = p7ecx->digestobj->length;
-
- (* p7ecx->digestobj->end) (p7ecx->digestcx, digest->data,
- &(digest->len), digest->len);
- (* p7ecx->digestobj->destroy) (p7ecx->digestcx, PR_TRUE);
- }
-
- return rv;
-}
-
-
-SECStatus
-SEC_PKCS7EncoderUpdate (SEC_PKCS7EncoderContext *p7ecx,
- const char *data, unsigned long len)
-{
- /* XXX Error handling needs help. Return what? Do "Finish" on failure? */
- return sec_pkcs7_encoder_work_data (p7ecx, NULL,
- (const unsigned char *)data, len,
- PR_FALSE);
-}
-
-
-/*
- * XXX I would *really* like to not have to do this, but the current
- * signing interface gives me little choice.
- */
-static SECOidTag
-sec_pkcs7_pick_sign_alg (SECOidTag hashalg, SECOidTag encalg)
-{
- switch (encalg) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- switch (hashalg) {
- case SEC_OID_MD2:
- return SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;
- case SEC_OID_MD5:
- return SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
- case SEC_OID_SHA1:
- return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
- default:
- return SEC_OID_UNKNOWN;
- }
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_DSS:
- switch (hashalg) {
- case SEC_OID_SHA1:
- return SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- default:
- return SEC_OID_UNKNOWN;
- }
- default:
- break;
- }
-
- return encalg; /* maybe it is already the right algid */
-}
-
-
-static SECStatus
-sec_pkcs7_encoder_sig_and_certs (SEC_PKCS7ContentInfo *cinfo,
- SECKEYGetPasswordKey pwfn, void *pwfnarg)
-{
- SECOidTag kind;
- CERTCertificate **certs;
- CERTCertificateList **certlists;
- SECAlgorithmID **digestalgs;
- SECItem **digests;
- SEC_PKCS7SignerInfo *signerinfo, **signerinfos;
- SECItem **rawcerts, ***rawcertsp;
- PRArenaPool *poolp;
- int certcount;
- int ci, cli, rci, si;
-
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- default:
- case SEC_OID_PKCS7_DATA:
- case SEC_OID_PKCS7_DIGESTED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- certs = NULL;
- certlists = NULL;
- digestalgs = NULL;
- digests = NULL;
- signerinfos = NULL;
- rawcertsp = NULL;
- break;
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sdp;
-
- sdp = cinfo->content.signedData;
- certs = sdp->certs;
- certlists = sdp->certLists;
- digestalgs = sdp->digestAlgorithms;
- digests = sdp->digests;
- signerinfos = sdp->signerInfos;
- rawcertsp = &(sdp->rawCerts);
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- certs = saedp->certs;
- certlists = saedp->certLists;
- digestalgs = saedp->digestAlgorithms;
- digests = saedp->digests;
- signerinfos = saedp->signerInfos;
- rawcertsp = &(saedp->rawCerts);
- }
- break;
- }
-
- if (certs == NULL && certlists == NULL && signerinfos == NULL)
- return SECSuccess; /* nothing for us to do! */
-
- poolp = cinfo->poolp;
- certcount = 0;
-
- if (signerinfos != NULL) {
- SECOidTag digestalgtag;
- int di;
- SECStatus rv;
- CERTCertificate *cert;
- SECKEYPrivateKey *privkey;
- SECItem signature;
- SECOidTag signalgtag;
-
- PORT_Assert (digestalgs != NULL && digests != NULL);
-
- /*
- * If one fails, we bail right then. If we want to continue and
- * try to do subsequent signatures, this loop, and the departures
- * from it, will need to be reworked.
- */
- for (si = 0; signerinfos[si] != NULL; si++) {
-
- signerinfo = signerinfos[si];
-
- /* find right digest */
- digestalgtag = SECOID_GetAlgorithmTag (&(signerinfo->digestAlg));
- for (di = 0; digestalgs[di] != NULL; di++) {
- /* XXX Should I be comparing more than the tag? */
- if (digestalgtag == SECOID_GetAlgorithmTag (digestalgs[di]))
- break;
- }
- if (digestalgs[di] == NULL) {
- /* XXX oops; do what? set an error? */
- return SECFailure;
- }
- PORT_Assert (digests[di] != NULL);
-
- cert = signerinfo->cert;
- privkey = PK11_FindKeyByAnyCert (cert, pwfnarg);
- if (privkey == NULL)
- return SECFailure;
-
- /*
- * XXX I think there should be a cert-level interface for this,
- * so that I do not have to know about subjectPublicKeyInfo...
- */
- signalgtag = SECOID_GetAlgorithmTag (&(cert->subjectPublicKeyInfo.algorithm));
-
- /* Fortezza MISSI have weird signature formats. Map them
- * to standard DSA formats */
- signalgtag = PK11_FortezzaMapSig(signalgtag);
-
- if (signerinfo->authAttr != NULL) {
- SEC_PKCS7Attribute *attr;
- SECItem encoded_attrs;
- SECItem *dummy;
-
- /*
- * First, find and fill in the message digest attribute.
- */
- attr = sec_PKCS7FindAttribute (signerinfo->authAttr,
- SEC_OID_PKCS9_MESSAGE_DIGEST,
- PR_TRUE);
- PORT_Assert (attr != NULL);
- if (attr == NULL) {
- SECKEY_DestroyPrivateKey (privkey);
- return SECFailure;
- }
-
- /*
- * XXX The second half of the following assertion prevents
- * the encoder from being called twice on the same content.
- * Either just remove the second half the assertion, or
- * change the code to check if the value already there is
- * the same as digests[di], whichever seems more right.
- */
- PORT_Assert (attr->values != NULL && attr->values[0] == NULL);
- attr->values[0] = digests[di];
-
- /*
- * Before encoding, reorder the attributes so that when they
- * are encoded, they will be conforming DER, which is required
- * to have a specific order and that is what must be used for
- * the hash/signature. We do this here, rather than building
- * it into EncodeAttributes, because we do not want to do
- * such reordering on incoming messages (which also uses
- * EncodeAttributes) or our old signatures (and other "broken"
- * implementations) will not verify. So, we want to guarantee
- * that we send out good DER encodings of attributes, but not
- * to expect to receive them.
- */
- rv = sec_PKCS7ReorderAttributes (signerinfo->authAttr);
- if (rv != SECSuccess) {
- SECKEY_DestroyPrivateKey (privkey);
- return SECFailure;
- }
-
- encoded_attrs.data = NULL;
- encoded_attrs.len = 0;
- dummy = sec_PKCS7EncodeAttributes (NULL, &encoded_attrs,
- &(signerinfo->authAttr));
- if (dummy == NULL) {
- SECKEY_DestroyPrivateKey (privkey);
- return SECFailure;
- }
-
- rv = SEC_SignData (&signature,
- encoded_attrs.data, encoded_attrs.len,
- privkey,
- sec_pkcs7_pick_sign_alg (digestalgtag,
- signalgtag));
- SECITEM_FreeItem (&encoded_attrs, PR_FALSE);
- } else {
- rv = SGN_Digest (privkey, digestalgtag, &signature,
- digests[di]);
- }
-
- SECKEY_DestroyPrivateKey (privkey);
-
- if (rv != SECSuccess)
- return rv;
-
- rv = SECITEM_CopyItem (poolp, &(signerinfo->encDigest), &signature);
- if (rv != SECSuccess)
- return rv;
-
- SECITEM_FreeItem (&signature, PR_FALSE);
-
- rv = SECOID_SetAlgorithmID (poolp, &(signerinfo->digestEncAlg),
- signalgtag, NULL);
- if (rv != SECSuccess)
- return SECFailure;
-
- /*
- * Count the cert chain for this signer.
- */
- if (signerinfo->certList != NULL)
- certcount += signerinfo->certList->len;
- }
- }
-
- if (certs != NULL) {
- for (ci = 0; certs[ci] != NULL; ci++)
- certcount++;
- }
-
- if (certlists != NULL) {
- for (cli = 0; certlists[cli] != NULL; cli++)
- certcount += certlists[cli]->len;
- }
-
- if (certcount == 0)
- return SECSuccess; /* signing done; no certs */
-
- /*
- * Combine all of the certs and cert chains into rawcerts.
- * Note: certcount is an upper bound; we may not need that many slots
- * but we will allocate anyway to avoid having to do another pass.
- * (The temporary space saving is not worth it.)
- */
- rawcerts = (SECItem**)PORT_ArenaAlloc (poolp,
- (certcount + 1) * sizeof(SECItem *));
- if (rawcerts == NULL)
- return SECFailure;
-
- /*
- * XXX Want to check for duplicates and not add *any* cert that is
- * already in the set. This will be more important when we start
- * dealing with larger sets of certs, dual-key certs (signing and
- * encryption), etc. For the time being we can slide by...
- */
- rci = 0;
- if (signerinfos != NULL) {
- for (si = 0; signerinfos[si] != NULL; si++) {
- signerinfo = signerinfos[si];
- for (ci = 0; ci < signerinfo->certList->len; ci++)
- rawcerts[rci++] = &(signerinfo->certList->certs[ci]);
- }
-
- }
-
- if (certs != NULL) {
- for (ci = 0; certs[ci] != NULL; ci++)
- rawcerts[rci++] = &(certs[ci]->derCert);
- }
-
- if (certlists != NULL) {
- for (cli = 0; certlists[cli] != NULL; cli++) {
- for (ci = 0; ci < certlists[cli]->len; ci++)
- rawcerts[rci++] = &(certlists[cli]->certs[ci]);
- }
- }
-
- rawcerts[rci] = NULL;
- *rawcertsp = rawcerts;
-
- return SECSuccess;
-}
-
-
-SECStatus
-SEC_PKCS7EncoderFinish (SEC_PKCS7EncoderContext *p7ecx,
- SECKEYGetPasswordKey pwfn, void *pwfnarg)
-{
- SECStatus rv;
-
- /*
- * Flush out any remaining data.
- */
- rv = sec_pkcs7_encoder_work_data (p7ecx, NULL, NULL, 0, PR_TRUE);
-
- /*
- * Turn off streaming stuff.
- */
- SEC_ASN1EncoderClearTakeFromBuf (p7ecx->ecx);
- SEC_ASN1EncoderClearStreaming (p7ecx->ecx);
-
- if (rv != SECSuccess)
- goto loser;
-
- rv = sec_pkcs7_encoder_sig_and_certs (p7ecx->cinfo, pwfn, pwfnarg);
- if (rv != SECSuccess)
- goto loser;
-
- rv = SEC_ASN1EncoderUpdate (p7ecx->ecx, NULL, 0);
-
-loser:
- SEC_ASN1EncoderFinish (p7ecx->ecx);
- PORT_Free (p7ecx);
- return rv;
-}
-
-
-/*
- * After this routine is called, the entire PKCS7 contentInfo is ready
- * to be encoded. This is used internally, but can also be called from
- * elsewhere for those who want to be able to just have pointers to
- * the ASN1 template for pkcs7 contentInfo built into their own encodings.
- */
-SECStatus
-SEC_PKCS7PrepareForEncode (SEC_PKCS7ContentInfo *cinfo,
- PK11SymKey *bulkkey,
- SECKEYGetPasswordKey pwfn,
- void *pwfnarg)
-{
- SEC_PKCS7EncoderContext *p7ecx;
- SECItem *content, *enc_content;
- SECStatus rv;
-
- p7ecx = sec_pkcs7_encoder_start_contexts (cinfo, bulkkey);
- if (p7ecx == NULL)
- return SECFailure;
-
- content = SEC_PKCS7GetContent (cinfo);
-
- if (p7ecx->encryptobj != NULL) {
- SECOidTag kind;
- SEC_PKCS7EncryptedContentInfo *enccinfo;
-
- kind = SEC_PKCS7ContentType (p7ecx->cinfo);
- switch (kind) {
- default:
- PORT_Assert (0);
- rv = SECFailure;
- goto loser;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- enccinfo = &(p7ecx->cinfo->content.encryptedData->encContentInfo);
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- enccinfo = &(p7ecx->cinfo->content.envelopedData->encContentInfo);
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- enccinfo = &(p7ecx->cinfo->content.signedAndEnvelopedData->encContentInfo);
- break;
- }
- enc_content = &(enccinfo->encContent);
- } else {
- enc_content = NULL;
- }
-
- if (content != NULL && content->data != NULL && content->len) {
- rv = sec_pkcs7_encoder_work_data (p7ecx, enc_content,
- content->data, content->len, PR_TRUE);
- if (rv != SECSuccess)
- goto loser;
- }
-
- rv = sec_pkcs7_encoder_sig_and_certs (cinfo, pwfn, pwfnarg);
-
-loser:
- PORT_Free (p7ecx);
- return rv;
-}
-
-
-/*
- * Encode a PKCS7 object, in one shot. All necessary components
- * of the object must already be specified. Either the data has
- * already been included (via SetContent), or the data is detached,
- * or there is no data at all (certs-only).
- *
- * "cinfo" specifies the object to be encoded.
- *
- * "outputfn" is where the encoded bytes will be passed.
- *
- * "outputarg" is an opaque argument to the above callback.
- *
- * "bulkkey" specifies the bulk encryption key to use. This argument
- * can be NULL if no encryption is being done, or if the bulk key should
- * be generated internally (usually the case for EnvelopedData but never
- * for EncryptedData, which *must* provide a bulk encryption key).
- *
- * "pwfn" is a callback for getting the password which protects the
- * private key of the signer. This argument can be NULL if it is known
- * that no signing is going to be done.
- *
- * "pwfnarg" is an opaque argument to the above callback.
- */
-SECStatus
-SEC_PKCS7Encode (SEC_PKCS7ContentInfo *cinfo,
- SEC_PKCS7EncoderOutputCallback outputfn,
- void *outputarg,
- PK11SymKey *bulkkey,
- SECKEYGetPasswordKey pwfn,
- void *pwfnarg)
-{
- SECStatus rv;
-
- rv = SEC_PKCS7PrepareForEncode (cinfo, bulkkey, pwfn, pwfnarg);
- if (rv == SECSuccess) {
- struct sec_pkcs7_encoder_output outputcx;
-
- outputcx.outputfn = outputfn;
- outputcx.outputarg = outputarg;
-
- rv = SEC_ASN1Encode (cinfo, sec_PKCS7ContentInfoTemplate,
- sec_pkcs7_encoder_out, &outputcx);
- }
-
- return rv;
-}
-
-
-/*
- * Encode a PKCS7 object, in one shot. All necessary components
- * of the object must already be specified. Either the data has
- * already been included (via SetContent), or the data is detached,
- * or there is no data at all (certs-only). The output, rather than
- * being passed to an output function as is done above, is all put
- * into a SECItem.
- *
- * "pool" specifies a pool from which to allocate the result.
- * It can be NULL, in which case memory is allocated generically.
- *
- * "dest" specifies a SECItem in which to put the result data.
- * It can be NULL, in which case the entire item is allocated, too.
- *
- * "cinfo" specifies the object to be encoded.
- *
- * "bulkkey" specifies the bulk encryption key to use. This argument
- * can be NULL if no encryption is being done, or if the bulk key should
- * be generated internally (usually the case for EnvelopedData but never
- * for EncryptedData, which *must* provide a bulk encryption key).
- *
- * "pwfn" is a callback for getting the password which protects the
- * private key of the signer. This argument can be NULL if it is known
- * that no signing is going to be done.
- *
- * "pwfnarg" is an opaque argument to the above callback.
- */
-SECItem *
-SEC_PKCS7EncodeItem (PRArenaPool *pool,
- SECItem *dest,
- SEC_PKCS7ContentInfo *cinfo,
- PK11SymKey *bulkkey,
- SECKEYGetPasswordKey pwfn,
- void *pwfnarg)
-{
- SECStatus rv;
-
- rv = SEC_PKCS7PrepareForEncode (cinfo, bulkkey, pwfn, pwfnarg);
- if (rv != SECSuccess)
- return NULL;
-
- return SEC_ASN1EncodeItem (pool, dest, cinfo, sec_PKCS7ContentInfoTemplate);
-}
-
diff --git a/security/nss/lib/pkcs7/p7local.c b/security/nss/lib/pkcs7/p7local.c
deleted file mode 100644
index d3e58be50..000000000
--- a/security/nss/lib/pkcs7/p7local.c
+++ /dev/null
@@ -1,1431 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Support routines for PKCS7 implementation, none of which are exported.
- * This file should only contain things that are needed by both the
- * encoding/creation side *and* the decoding/decryption side. Anything
- * else should be static routines in the appropriate file.
- *
- * $Id$
- */
-
-#include "p7local.h"
-
-#include "cryptohi.h"
-#include "secasn1.h"
-#include "secoid.h"
-#include "secitem.h"
-#include "pk11func.h"
-#include "secpkcs5.h"
-#include "secerr.h"
-
-/*
- * -------------------------------------------------------------------
- * Cipher stuff.
- */
-
-typedef SECStatus (*sec_pkcs7_cipher_function) (void *,
- unsigned char *,
- unsigned *,
- unsigned int,
- const unsigned char *,
- unsigned int);
-typedef SECStatus (*sec_pkcs7_cipher_destroy) (void *, PRBool);
-
-#define BLOCK_SIZE 4096
-
-struct sec_pkcs7_cipher_object {
- void *cx;
- sec_pkcs7_cipher_function doit;
- sec_pkcs7_cipher_destroy destroy;
- PRBool encrypt;
- int block_size;
- int pad_size;
- int pending_count;
- unsigned char pending_buf[BLOCK_SIZE];
-};
-
-/*
- * Create a cipher object to do decryption, based on the given bulk
- * encryption key and algorithm identifier (which may include an iv).
- *
- * XXX This interface, or one similar, would be really nice available
- * in general... I tried to keep the pkcs7-specific stuff (mostly
- * having to do with padding) out of here.
- *
- * XXX Once both are working, it might be nice to combine this and the
- * function below (for starting up encryption) into one routine, and just
- * have two simple cover functions which call it.
- */
-sec_PKCS7CipherObject *
-sec_PKCS7CreateDecryptObject (PK11SymKey *key, SECAlgorithmID *algid)
-{
- sec_PKCS7CipherObject *result;
- SECOidTag algtag;
- void *ciphercx;
- CK_MECHANISM_TYPE mechanism;
- SECItem *param;
- PK11SlotInfo *slot;
-
- result = (struct sec_pkcs7_cipher_object*)
- PORT_ZAlloc (sizeof(struct sec_pkcs7_cipher_object));
- if (result == NULL)
- return NULL;
-
- ciphercx = NULL;
- algtag = SECOID_GetAlgorithmTag (algid);
-
- if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
- CK_MECHANISM pbeMech, cryptoMech;
- SECItem *pbeParams, *pwitem;
- SEC_PKCS5KeyAndPassword *keyPwd;
-
- keyPwd = (SEC_PKCS5KeyAndPassword *)key;
- key = keyPwd->key;
- pwitem = keyPwd->pwitem;
-
- pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
- pbeParams = PK11_ParamFromAlgid(algid);
- if (!pbeParams) {
- PORT_Free(result);
- return NULL;
- }
-
- pbeMech.pParameter = pbeParams->data;
- pbeMech.ulParameterLen = pbeParams->len;
- if (PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, pwitem,
- PR_FALSE) != CKR_OK) {
- PORT_Free(result);
- SECITEM_ZfreeItem(pbeParams, PR_TRUE);
- return NULL;
- }
- SECITEM_ZfreeItem(pbeParams, PR_TRUE);
-
- param = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(!param) {
- PORT_Free(result);
- return NULL;
- }
- param->data = (unsigned char *)cryptoMech.pParameter;
- param->len = cryptoMech.ulParameterLen;
- mechanism = cryptoMech.mechanism;
- } else {
- mechanism = PK11_AlgtagToMechanism(algtag);
- param = PK11_ParamFromAlgid(algid);
- if (param == NULL) {
- PORT_Free(result);
- return NULL;
- }
- }
-
- result->pad_size = PK11_GetBlockSize(mechanism,param);
- slot = PK11_GetSlotFromKey(key);
- result->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : result->pad_size;
- PK11_FreeSlot(slot);
- ciphercx = PK11_CreateContextBySymKey(mechanism, CKA_DECRYPT, key, param);
- SECITEM_FreeItem(param,PR_TRUE);
- if (ciphercx == NULL) {
- PORT_Free (result);
- return NULL;
- }
-
- result->cx = ciphercx;
- result->doit = (sec_pkcs7_cipher_function) PK11_CipherOp;
- result->destroy = (sec_pkcs7_cipher_destroy) PK11_DestroyContext;
- result->encrypt = PR_FALSE;
- result->pending_count = 0;
-
- return result;
-}
-
-/*
- * Create a cipher object to do encryption, based on the given bulk
- * encryption key and algorithm tag. Fill in the algorithm identifier
- * (which may include an iv) appropriately.
- *
- * XXX This interface, or one similar, would be really nice available
- * in general... I tried to keep the pkcs7-specific stuff (mostly
- * having to do with padding) out of here.
- *
- * XXX Once both are working, it might be nice to combine this and the
- * function above (for starting up decryption) into one routine, and just
- * have two simple cover functions which call it.
- */
-sec_PKCS7CipherObject *
-sec_PKCS7CreateEncryptObject (PRArenaPool *poolp, PK11SymKey *key,
- SECOidTag algtag, SECAlgorithmID *algid)
-{
- sec_PKCS7CipherObject *result;
- void *ciphercx;
- SECItem *param;
- SECStatus rv;
- CK_MECHANISM_TYPE mechanism;
- PRBool needToEncodeAlgid = PR_FALSE;
- PK11SlotInfo *slot;
-
- result = (struct sec_pkcs7_cipher_object*)
- PORT_ZAlloc (sizeof(struct sec_pkcs7_cipher_object));
- if (result == NULL)
- return NULL;
-
- ciphercx = NULL;
- if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
- CK_MECHANISM pbeMech, cryptoMech;
- SECItem *pbeParams;
- SEC_PKCS5KeyAndPassword *keyPwd;
-
- PORT_Memset(&pbeMech, 0, sizeof(CK_MECHANISM));
- PORT_Memset(&cryptoMech, 0, sizeof(CK_MECHANISM));
-
- pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
- pbeParams = PK11_ParamFromAlgid(algid);
- if(!pbeParams) {
- PORT_Free(result);
- return NULL;
- }
- keyPwd = (SEC_PKCS5KeyAndPassword *)key;
- key = keyPwd->key;
-
- pbeMech.pParameter = pbeParams->data;
- pbeMech.ulParameterLen = pbeParams->len;
- if(PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech,
- keyPwd->pwitem, PR_FALSE) != CKR_OK) {
- PORT_Free(result);
- SECITEM_ZfreeItem(pbeParams, PR_TRUE);
- return NULL;
- }
- SECITEM_ZfreeItem(pbeParams, PR_TRUE);
-
- param = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(!param) {
- PORT_Free(result);
- return NULL;
- }
- param->data = (unsigned char *)cryptoMech.pParameter;
- param->len = cryptoMech.ulParameterLen;
- mechanism = cryptoMech.mechanism;
- } else {
- mechanism = PK11_AlgtagToMechanism(algtag);
- param = PK11_GenerateNewParam(mechanism,key);
- if (param == NULL) {
- PORT_Free(result);
- return NULL;
- }
- needToEncodeAlgid = PR_TRUE;
- }
-
- result->pad_size = PK11_GetBlockSize(mechanism,param);
- slot = PK11_GetSlotFromKey(key);
- result->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : result->pad_size;
- PK11_FreeSlot(slot);
- ciphercx = PK11_CreateContextBySymKey(mechanism, CKA_ENCRYPT,
- key, param);
- if (ciphercx == NULL) {
- PORT_Free (result);
- SECITEM_FreeItem(param,PR_TRUE);
- return NULL;
- }
-
- /*
- * These are placed after the CreateContextBySymKey() because some
- * mechanisms have to generate their IVs from their card (i.e. FORTEZZA).
- * Don't move it from here.
- */
- if (needToEncodeAlgid) {
- rv = PK11_ParamToAlgid(algtag,param,poolp,algid);
- if(rv != SECSuccess) {
- return NULL;
- }
- }
- SECITEM_FreeItem(param,PR_TRUE);
-
- result->cx = ciphercx;
- result->doit = (sec_pkcs7_cipher_function) PK11_CipherOp;
- result->destroy = (sec_pkcs7_cipher_destroy) PK11_DestroyContext;
- result->encrypt = PR_TRUE;
- result->pending_count = 0;
-
- return result;
-}
-
-
-/*
- * Destroy the cipher object.
- */
-static void
-sec_pkcs7_destroy_cipher (sec_PKCS7CipherObject *obj)
-{
- (* obj->destroy) (obj->cx, PR_TRUE);
- PORT_Free (obj);
-}
-
-void
-sec_PKCS7DestroyDecryptObject (sec_PKCS7CipherObject *obj)
-{
- PORT_Assert (obj != NULL);
- if (obj == NULL)
- return;
- PORT_Assert (! obj->encrypt);
- sec_pkcs7_destroy_cipher (obj);
-}
-
-void
-sec_PKCS7DestroyEncryptObject (sec_PKCS7CipherObject *obj)
-{
- PORT_Assert (obj != NULL);
- if (obj == NULL)
- return;
- PORT_Assert (obj->encrypt);
- sec_pkcs7_destroy_cipher (obj);
-}
-
-
-/*
- * XXX I think all of the following lengths should be longs instead
- * of ints, but our current crypto interface uses ints, so I did too.
- */
-
-
-/*
- * What will be the output length of the next call to decrypt?
- * Result can be used to perform memory allocations. Note that the amount
- * is exactly accurate only when not doing a block cipher or when final
- * is false, otherwise it is an upper bound on the amount because until
- * we see the data we do not know how many padding bytes there are
- * (always between 1 and bsize).
- *
- * Note that this can return zero, which does not mean that the decrypt
- * operation can be skipped! (It simply means that there are not enough
- * bytes to make up an entire block; the bytes will be reserved until
- * there are enough to encrypt/decrypt at least one block.) However,
- * if zero is returned it *does* mean that no output buffer need be
- * passed in to the subsequent decrypt operation, as no output bytes
- * will be stored.
- */
-unsigned int
-sec_PKCS7DecryptLength (sec_PKCS7CipherObject *obj, unsigned int input_len,
- PRBool final)
-{
- int blocks, block_size;
-
- PORT_Assert (! obj->encrypt);
-
- block_size = obj->block_size;
-
- /*
- * If this is not a block cipher, then we always have the same
- * number of output bytes as we had input bytes.
- */
- if (block_size == 0)
- return input_len;
-
- /*
- * On the final call, we will always use up all of the pending
- * bytes plus all of the input bytes, *but*, there will be padding
- * at the end and we cannot predict how many bytes of padding we
- * will end up removing. The amount given here is actually known
- * to be at least 1 byte too long (because we know we will have
- * at least 1 byte of padding), but seemed clearer/better to me.
- */
- if (final)
- return obj->pending_count + input_len;
-
- /*
- * Okay, this amount is exactly what we will output on the
- * next cipher operation. We will always hang onto the last
- * 1 - block_size bytes for non-final operations. That is,
- * we will do as many complete blocks as we can *except* the
- * last block (complete or partial). (This is because until
- * we know we are at the end, we cannot know when to interpret
- * and removing the padding byte(s), which are guaranteed to
- * be there.)
- */
- blocks = (obj->pending_count + input_len - 1) / block_size;
- return blocks * block_size;
-}
-
-/*
- * What will be the output length of the next call to encrypt?
- * Result can be used to perform memory allocations.
- *
- * Note that this can return zero, which does not mean that the encrypt
- * operation can be skipped! (It simply means that there are not enough
- * bytes to make up an entire block; the bytes will be reserved until
- * there are enough to encrypt/decrypt at least one block.) However,
- * if zero is returned it *does* mean that no output buffer need be
- * passed in to the subsequent encrypt operation, as no output bytes
- * will be stored.
- */
-unsigned int
-sec_PKCS7EncryptLength (sec_PKCS7CipherObject *obj, unsigned int input_len,
- PRBool final)
-{
- int blocks, block_size;
- int pad_size;
-
- PORT_Assert (obj->encrypt);
-
- block_size = obj->block_size;
- pad_size = obj->pad_size;
-
- /*
- * If this is not a block cipher, then we always have the same
- * number of output bytes as we had input bytes.
- */
- if (block_size == 0)
- return input_len;
-
- /*
- * On the final call, we only send out what we need for
- * remaining bytes plus the padding. (There is always padding,
- * so even if we have an exact number of blocks as input, we
- * will add another full block that is just padding.)
- */
- if (final) {
- if (pad_size == 0) {
- return obj->pending_count + input_len;
- } else {
- blocks = (obj->pending_count + input_len) / pad_size;
- blocks++;
- return blocks*pad_size;
- }
- }
-
- /*
- * Now, count the number of complete blocks of data we have.
- */
- blocks = (obj->pending_count + input_len) / block_size;
-
-
- return blocks * block_size;
-}
-
-
-/*
- * Decrypt a given length of input buffer (starting at "input" and
- * containing "input_len" bytes), placing the decrypted bytes in
- * "output" and storing the output length in "*output_len_p".
- * "obj" is the return value from sec_PKCS7CreateDecryptObject.
- * When "final" is true, this is the last of the data to be decrypted.
- *
- * This is much more complicated than it sounds when the cipher is
- * a block-type, meaning that the decryption function will only
- * operate on whole blocks. But our caller is operating stream-wise,
- * and can pass in any number of bytes. So we need to keep track
- * of block boundaries. We save excess bytes between calls in "obj".
- * We also need to determine which bytes are padding, and remove
- * them from the output. We can only do this step when we know we
- * have the final block of data. PKCS #7 specifies that the padding
- * used for a block cipher is a string of bytes, each of whose value is
- * the same as the length of the padding, and that all data is padded.
- * (Even data that starts out with an exact multiple of blocks gets
- * added to it another block, all of which is padding.)
- */
-SECStatus
-sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj, unsigned char *output,
- unsigned int *output_len_p, unsigned int max_output_len,
- const unsigned char *input, unsigned int input_len,
- PRBool final)
-{
- int blocks, bsize, pcount, padsize;
- unsigned int max_needed, ifraglen, ofraglen, output_len;
- unsigned char *pbuf;
- SECStatus rv;
-
- PORT_Assert (! obj->encrypt);
-
- /*
- * Check that we have enough room for the output. Our caller should
- * already handle this; failure is really an internal error (i.e. bug).
- */
- max_needed = sec_PKCS7DecryptLength (obj, input_len, final);
- PORT_Assert (max_output_len >= max_needed);
- if (max_output_len < max_needed) {
- /* PORT_SetError (XXX); */
- return SECFailure;
- }
-
- /*
- * hardware encryption does not like small decryption sizes here, so we
- * allow both blocking and padding.
- */
- bsize = obj->block_size;
- padsize = obj->pad_size;
-
- /*
- * When no blocking or padding work to do, we can simply call the
- * cipher function and we are done.
- */
- if (bsize == 0) {
- return (* obj->doit) (obj->cx, output, output_len_p, max_output_len,
- input, input_len);
- }
-
- pcount = obj->pending_count;
- pbuf = obj->pending_buf;
-
- output_len = 0;
-
- if (pcount) {
- /*
- * Try to fill in an entire block, starting with the bytes
- * we already have saved away.
- */
- while (input_len && pcount < bsize) {
- pbuf[pcount++] = *input++;
- input_len--;
- }
- /*
- * If we have at most a whole block and this is not our last call,
- * then we are done for now. (We do not try to decrypt a lone
- * single block because we cannot interpret the padding bytes
- * until we know we are handling the very last block of all input.)
- */
- if (input_len == 0 && !final) {
- obj->pending_count = pcount;
- if (output_len_p)
- *output_len_p = 0;
- return SECSuccess;
- }
- /*
- * Given the logic above, we expect to have a full block by now.
- * If we do not, there is something wrong, either with our own
- * logic or with (length of) the data given to us.
- */
- PORT_Assert ((padsize == 0) || (pcount % padsize) == 0);
- if ((padsize != 0) && (pcount % padsize) != 0) {
- PORT_Assert (final);
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- /*
- * Decrypt the block.
- */
- rv = (* obj->doit) (obj->cx, output, &ofraglen, max_output_len,
- pbuf, pcount);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * For now anyway, all of our ciphers have the same number of
- * bytes of output as they do input. If this ever becomes untrue,
- * then sec_PKCS7DecryptLength needs to be made smarter!
- */
- PORT_Assert (ofraglen == pcount);
-
- /*
- * Account for the bytes now in output.
- */
- max_output_len -= ofraglen;
- output_len += ofraglen;
- output += ofraglen;
- }
-
- /*
- * If this is our last call, we expect to have an exact number of
- * blocks left to be decrypted; we will decrypt them all.
- *
- * If not our last call, we always save between 1 and bsize bytes
- * until next time. (We must do this because we cannot be sure
- * that none of the decrypted bytes are padding bytes until we
- * have at least another whole block of data. You cannot tell by
- * looking -- the data could be anything -- you can only tell by
- * context, knowing you are looking at the last block.) We could
- * decrypt a whole block now but it is easier if we just treat it
- * the same way we treat partial block bytes.
- */
- if (final) {
- if (padsize) {
- blocks = input_len / padsize;
- ifraglen = blocks * padsize;
- } else ifraglen = input_len;
- PORT_Assert (ifraglen == input_len);
-
- if (ifraglen != input_len) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- } else {
- blocks = (input_len - 1) / bsize;
- ifraglen = blocks * bsize;
- PORT_Assert (ifraglen < input_len);
-
- pcount = input_len - ifraglen;
- PORT_Memcpy (pbuf, input + ifraglen, pcount);
- obj->pending_count = pcount;
- }
-
- if (ifraglen) {
- rv = (* obj->doit) (obj->cx, output, &ofraglen, max_output_len,
- input, ifraglen);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * For now anyway, all of our ciphers have the same number of
- * bytes of output as they do input. If this ever becomes untrue,
- * then sec_PKCS7DecryptLength needs to be made smarter!
- */
- PORT_Assert (ifraglen == ofraglen);
- if (ifraglen != ofraglen) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
-
- output_len += ofraglen;
- } else {
- ofraglen = 0;
- }
-
- /*
- * If we just did our very last block, "remove" the padding by
- * adjusting the output length.
- */
- if (final && (padsize != 0)) {
- unsigned int padlen = *(output + ofraglen - 1);
- PORT_Assert (padlen > 0 && padlen <= padsize);
- if (padlen == 0 || padlen > padsize) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- output_len -= padlen;
- }
-
- PORT_Assert (output_len_p != NULL || output_len == 0);
- if (output_len_p != NULL)
- *output_len_p = output_len;
-
- return SECSuccess;
-}
-
-/*
- * Encrypt a given length of input buffer (starting at "input" and
- * containing "input_len" bytes), placing the encrypted bytes in
- * "output" and storing the output length in "*output_len_p".
- * "obj" is the return value from sec_PKCS7CreateEncryptObject.
- * When "final" is true, this is the last of the data to be encrypted.
- *
- * This is much more complicated than it sounds when the cipher is
- * a block-type, meaning that the encryption function will only
- * operate on whole blocks. But our caller is operating stream-wise,
- * and can pass in any number of bytes. So we need to keep track
- * of block boundaries. We save excess bytes between calls in "obj".
- * We also need to add padding bytes at the end. PKCS #7 specifies
- * that the padding used for a block cipher is a string of bytes,
- * each of whose value is the same as the length of the padding,
- * and that all data is padded. (Even data that starts out with
- * an exact multiple of blocks gets added to it another block,
- * all of which is padding.)
- *
- * XXX I would kind of like to combine this with the function above
- * which does decryption, since they have a lot in common. But the
- * tricky parts about padding and filling blocks would be much
- * harder to read that way, so I left them separate. At least for
- * now until it is clear that they are right.
- */
-SECStatus
-sec_PKCS7Encrypt (sec_PKCS7CipherObject *obj, unsigned char *output,
- unsigned int *output_len_p, unsigned int max_output_len,
- const unsigned char *input, unsigned int input_len,
- PRBool final)
-{
- int blocks, bsize, padlen, pcount, padsize;
- unsigned int max_needed, ifraglen, ofraglen, output_len;
- unsigned char *pbuf;
- SECStatus rv;
-
- PORT_Assert (obj->encrypt);
-
- /*
- * Check that we have enough room for the output. Our caller should
- * already handle this; failure is really an internal error (i.e. bug).
- */
- max_needed = sec_PKCS7EncryptLength (obj, input_len, final);
- PORT_Assert (max_output_len >= max_needed);
- if (max_output_len < max_needed) {
- /* PORT_SetError (XXX); */
- return SECFailure;
- }
-
- bsize = obj->block_size;
- padsize = obj->pad_size;
-
- /*
- * When no blocking and padding work to do, we can simply call the
- * cipher function and we are done.
- */
- if (bsize == 0) {
- return (* obj->doit) (obj->cx, output, output_len_p, max_output_len,
- input, input_len);
- }
-
- pcount = obj->pending_count;
- pbuf = obj->pending_buf;
-
- output_len = 0;
-
- if (pcount) {
- /*
- * Try to fill in an entire block, starting with the bytes
- * we already have saved away.
- */
- while (input_len && pcount < bsize) {
- pbuf[pcount++] = *input++;
- input_len--;
- }
- /*
- * If we do not have a full block and we know we will be
- * called again, then we are done for now.
- */
- if (pcount < bsize && !final) {
- obj->pending_count = pcount;
- if (output_len_p != NULL)
- *output_len_p = 0;
- return SECSuccess;
- }
- /*
- * If we have a whole block available, encrypt it.
- */
- if ((padsize == 0) || (pcount % padsize) == 0) {
- rv = (* obj->doit) (obj->cx, output, &ofraglen, max_output_len,
- pbuf, pcount);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * For now anyway, all of our ciphers have the same number of
- * bytes of output as they do input. If this ever becomes untrue,
- * then sec_PKCS7EncryptLength needs to be made smarter!
- */
- PORT_Assert (ofraglen == pcount);
-
- /*
- * Account for the bytes now in output.
- */
- max_output_len -= ofraglen;
- output_len += ofraglen;
- output += ofraglen;
-
- pcount = 0;
- }
- }
-
- if (input_len) {
- PORT_Assert (pcount == 0);
-
- blocks = input_len / bsize;
- ifraglen = blocks * bsize;
-
- if (ifraglen) {
- rv = (* obj->doit) (obj->cx, output, &ofraglen, max_output_len,
- input, ifraglen);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * For now anyway, all of our ciphers have the same number of
- * bytes of output as they do input. If this ever becomes untrue,
- * then sec_PKCS7EncryptLength needs to be made smarter!
- */
- PORT_Assert (ifraglen == ofraglen);
-
- max_output_len -= ofraglen;
- output_len += ofraglen;
- output += ofraglen;
- }
-
- pcount = input_len - ifraglen;
- PORT_Assert (pcount < bsize);
- if (pcount)
- PORT_Memcpy (pbuf, input + ifraglen, pcount);
- }
-
- if (final) {
- padlen = padsize - (pcount % padsize);
- PORT_Memset (pbuf + pcount, padlen, padlen);
- rv = (* obj->doit) (obj->cx, output, &ofraglen, max_output_len,
- pbuf, pcount+padlen);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * For now anyway, all of our ciphers have the same number of
- * bytes of output as they do input. If this ever becomes untrue,
- * then sec_PKCS7EncryptLength needs to be made smarter!
- */
- PORT_Assert (ofraglen == (pcount+padlen));
- output_len += ofraglen;
- } else {
- obj->pending_count = pcount;
- }
-
- PORT_Assert (output_len_p != NULL || output_len == 0);
- if (output_len_p != NULL)
- *output_len_p = output_len;
-
- return SECSuccess;
-}
-
-/*
- * End of cipher stuff.
- * -------------------------------------------------------------------
- */
-
-
-/*
- * -------------------------------------------------------------------
- * XXX The following Attribute stuff really belongs elsewhere.
- * The Attribute type is *not* part of pkcs7 but rather X.501.
- * But for now, since PKCS7 is the only customer of attributes,
- * we define them here. Once there is a use outside of PKCS7,
- * then change the attribute types and functions from internal
- * to external naming convention, and move them elsewhere!
- */
-
-/*
- * Look through a set of attributes and find one that matches the
- * specified object ID. If "only" is true, then make sure that
- * there is not more than one attribute of the same type. Otherwise,
- * just return the first one found. (XXX Does anybody really want
- * that first-found behavior? It was like that when I found it...)
- */
-SEC_PKCS7Attribute *
-sec_PKCS7FindAttribute (SEC_PKCS7Attribute **attrs, SECOidTag oidtag,
- PRBool only)
-{
- SECOidData *oid;
- SEC_PKCS7Attribute *attr1, *attr2;
-
- if (attrs == NULL)
- return NULL;
-
- oid = SECOID_FindOIDByTag(oidtag);
- if (oid == NULL)
- return NULL;
-
- while ((attr1 = *attrs++) != NULL) {
- if (attr1->type.len == oid->oid.len && PORT_Memcmp (attr1->type.data,
- oid->oid.data,
- oid->oid.len) == 0)
- break;
- }
-
- if (attr1 == NULL)
- return NULL;
-
- if (!only)
- return attr1;
-
- while ((attr2 = *attrs++) != NULL) {
- if (attr2->type.len == oid->oid.len && PORT_Memcmp (attr2->type.data,
- oid->oid.data,
- oid->oid.len) == 0)
- break;
- }
-
- if (attr2 != NULL)
- return NULL;
-
- return attr1;
-}
-
-
-/*
- * Return the single attribute value, doing some sanity checking first:
- * - Multiple values are *not* expected.
- * - Empty values are *not* expected.
- */
-SECItem *
-sec_PKCS7AttributeValue(SEC_PKCS7Attribute *attr)
-{
- SECItem *value;
-
- if (attr == NULL)
- return NULL;
-
- value = attr->values[0];
-
- if (value == NULL || value->data == NULL || value->len == 0)
- return NULL;
-
- if (attr->values[1] != NULL)
- return NULL;
-
- return value;
-}
-
-static const SEC_ASN1Template *
-sec_attr_choose_attr_value_template(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- SEC_PKCS7Attribute *attribute;
- SECOidData *oiddata;
- PRBool encoded;
-
- PORT_Assert (src_or_dest != NULL);
- if (src_or_dest == NULL)
- return NULL;
-
- attribute = (SEC_PKCS7Attribute*)src_or_dest;
-
- if (encoding && attribute->encoded)
- return SEC_AnyTemplate;
-
- oiddata = attribute->typeTag;
- if (oiddata == NULL) {
- oiddata = SECOID_FindOID(&attribute->type);
- attribute->typeTag = oiddata;
- }
-
- if (oiddata == NULL) {
- encoded = PR_TRUE;
- theTemplate = SEC_AnyTemplate;
- } else {
- switch (oiddata->offset) {
- default:
- encoded = PR_TRUE;
- theTemplate = SEC_AnyTemplate;
- break;
- case SEC_OID_PKCS9_EMAIL_ADDRESS:
- case SEC_OID_RFC1274_MAIL:
- case SEC_OID_PKCS9_UNSTRUCTURED_NAME:
- encoded = PR_FALSE;
- theTemplate = SEC_IA5StringTemplate;
- break;
- case SEC_OID_PKCS9_CONTENT_TYPE:
- encoded = PR_FALSE;
- theTemplate = SEC_ObjectIDTemplate;
- break;
- case SEC_OID_PKCS9_MESSAGE_DIGEST:
- encoded = PR_FALSE;
- theTemplate = SEC_OctetStringTemplate;
- break;
- case SEC_OID_PKCS9_SIGNING_TIME:
- encoded = PR_FALSE;
- theTemplate = SEC_UTCTimeTemplate;
- break;
- /* XXX Want other types here, too */
- }
- }
-
- if (encoding) {
- /*
- * If we are encoding and we think we have an already-encoded value,
- * then the code which initialized this attribute should have set
- * the "encoded" property to true (and we would have returned early,
- * up above). No devastating error, but that code should be fixed.
- * (It could indicate that the resulting encoded bytes are wrong.)
- */
- PORT_Assert (!encoded);
- } else {
- /*
- * We are decoding; record whether the resulting value is
- * still encoded or not.
- */
- attribute->encoded = encoded;
- }
- return theTemplate;
-}
-
-static SEC_ChooseASN1TemplateFunc sec_attr_chooser
- = sec_attr_choose_attr_value_template;
-
-static const SEC_ASN1Template sec_pkcs7_attribute_template[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SEC_PKCS7Attribute) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(SEC_PKCS7Attribute,type) },
- { SEC_ASN1_DYNAMIC | SEC_ASN1_SET_OF,
- offsetof(SEC_PKCS7Attribute,values),
- &sec_attr_chooser },
- { 0 }
-};
-
-static const SEC_ASN1Template sec_pkcs7_set_of_attribute_template[] = {
- { SEC_ASN1_SET_OF, 0, sec_pkcs7_attribute_template },
-};
-
-/*
- * If you are wondering why this routine does not reorder the attributes
- * first, and might be tempted to make it do so, see the comment by the
- * call to ReorderAttributes in p7encode.c. (Or, see who else calls this
- * and think long and hard about the implications of making it always
- * do the reordering.)
- */
-SECItem *
-sec_PKCS7EncodeAttributes (PRArenaPool *poolp, SECItem *dest, void *src)
-{
- return SEC_ASN1EncodeItem (poolp, dest, src,
- sec_pkcs7_set_of_attribute_template);
-}
-
-/*
- * Make sure that the order of the attributes guarantees valid DER
- * (which must be in lexigraphically ascending order for a SET OF);
- * if reordering is necessary it will be done in place (in attrs).
- */
-SECStatus
-sec_PKCS7ReorderAttributes (SEC_PKCS7Attribute **attrs)
-{
- PRArenaPool *poolp;
- int num_attrs, i, j, pass, besti;
- SECItem **enc_attrs;
- SEC_PKCS7Attribute **new_attrs;
-
- /*
- * I think we should not be called with NULL. But if we are,
- * call it a success anyway, because the order *is* okay.
- */
- PORT_Assert (attrs != NULL);
- if (attrs == NULL)
- return SECSuccess;
-
- /*
- * Count how many attributes we are dealing with here.
- */
- num_attrs = 0;
- while (attrs[num_attrs] != NULL)
- num_attrs++;
-
- /*
- * Again, I think we should have some attributes here.
- * But if we do not, or if there is only one, then call it
- * a success because it also already has a fine order.
- */
- PORT_Assert (num_attrs);
- if (num_attrs == 0 || num_attrs == 1)
- return SECSuccess;
-
- /*
- * Allocate an arena for us to work with, so it is easy to
- * clean up all of the memory (fairly small pieces, really).
- */
- poolp = PORT_NewArena (1024); /* XXX what is right value? */
- if (poolp == NULL)
- return SECFailure; /* no memory; nothing we can do... */
-
- /*
- * Allocate arrays to hold the individual encodings which we will use
- * for comparisons and the reordered attributes as they are sorted.
- */
- enc_attrs=(SECItem**)PORT_ArenaZAlloc(poolp, num_attrs*sizeof(SECItem *));
- new_attrs = (SEC_PKCS7Attribute**)PORT_ArenaZAlloc (poolp,
- num_attrs * sizeof(SEC_PKCS7Attribute *));
- if (enc_attrs == NULL || new_attrs == NULL) {
- PORT_FreeArena (poolp, PR_FALSE);
- return SECFailure;
- }
-
- /*
- * DER encode each individual attribute.
- */
- for (i = 0; i < num_attrs; i++) {
- enc_attrs[i] = SEC_ASN1EncodeItem (poolp, NULL, attrs[i],
- sec_pkcs7_attribute_template);
- if (enc_attrs[i] == NULL) {
- PORT_FreeArena (poolp, PR_FALSE);
- return SECFailure;
- }
- }
-
- /*
- * Now compare and sort them; this is not the most efficient sorting
- * method, but it is just fine for the problem at hand, because the
- * number of attributes is (always) going to be small.
- */
- for (pass = 0; pass < num_attrs; pass++) {
- /*
- * Find the first not-yet-accepted attribute. (Once one is
- * sorted into the other array, it is cleared from enc_attrs.)
- */
- for (i = 0; i < num_attrs; i++) {
- if (enc_attrs[i] != NULL)
- break;
- }
- PORT_Assert (i < num_attrs);
- besti = i;
-
- /*
- * Find the lowest (lexigraphically) encoding. One that is
- * shorter than all the rest is known to be "less" because each
- * attribute is of the same type (a SEQUENCE) and so thus the
- * first octet of each is the same, and the second octet is
- * the length (or the length of the length with the high bit
- * set, followed by the length, which also works out to always
- * order the shorter first). Two (or more) that have the
- * same length need to be compared byte by byte until a mismatch
- * is found.
- */
- for (i = besti + 1; i < num_attrs; i++) {
- if (enc_attrs[i] == NULL) /* slot already handled */
- continue;
-
- if (enc_attrs[i]->len != enc_attrs[besti]->len) {
- if (enc_attrs[i]->len < enc_attrs[besti]->len)
- besti = i;
- continue;
- }
-
- for (j = 0; j < enc_attrs[i]->len; j++) {
- if (enc_attrs[i]->data[j] < enc_attrs[besti]->data[j]) {
- besti = i;
- break;
- }
- }
-
- /*
- * For this not to be true, we would have to have encountered
- * two *identical* attributes, which I think we should not see.
- * So assert if it happens, but even if it does, let it go
- * through; the ordering of the two does not matter.
- */
- PORT_Assert (j < enc_attrs[i]->len);
- }
-
- /*
- * Now we have found the next-lowest one; copy it over and
- * remove it from enc_attrs.
- */
- new_attrs[pass] = attrs[besti];
- enc_attrs[besti] = NULL;
- }
-
- /*
- * Now new_attrs has the attributes in the order we want;
- * copy them back into the attrs array we started with.
- */
- for (i = 0; i < num_attrs; i++)
- attrs[i] = new_attrs[i];
-
- PORT_FreeArena (poolp, PR_FALSE);
- return SECSuccess;
-}
-
-/*
- * End of attribute stuff.
- * -------------------------------------------------------------------
- */
-
-
-/*
- * Templates and stuff. Keep these at the end of the file.
- */
-
-/* forward declaration */
-static const SEC_ASN1Template *
-sec_pkcs7_choose_content_template(void *src_or_dest, PRBool encoding);
-
-static SEC_ChooseASN1TemplateFunc sec_pkcs7_chooser
- = sec_pkcs7_choose_content_template;
-
-const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(SEC_PKCS7ContentInfo) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(SEC_PKCS7ContentInfo,contentType) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM
- | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS7ContentInfo,content),
- &sec_pkcs7_chooser },
- { 0 }
-};
-
-/* XXX These names should change from external to internal convention. */
-
-static const SEC_ASN1Template SEC_PKCS7SignerInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SEC_PKCS7SignerInfo) },
- { SEC_ASN1_INTEGER,
- offsetof(SEC_PKCS7SignerInfo,version) },
- { SEC_ASN1_POINTER,
- offsetof(SEC_PKCS7SignerInfo,issuerAndSN),
- CERT_IssuerAndSNTemplate },
- { SEC_ASN1_INLINE,
- offsetof(SEC_PKCS7SignerInfo,digestAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS7SignerInfo,authAttr),
- sec_pkcs7_set_of_attribute_template },
- { SEC_ASN1_INLINE,
- offsetof(SEC_PKCS7SignerInfo,digestEncAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(SEC_PKCS7SignerInfo,encDigest) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(SEC_PKCS7SignerInfo,unAuthAttr),
- sec_pkcs7_set_of_attribute_template },
- { 0 }
-};
-
-static const SEC_ASN1Template SEC_PKCS7SignedDataTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(SEC_PKCS7SignedData) },
- { SEC_ASN1_INTEGER,
- offsetof(SEC_PKCS7SignedData,version) },
- { SEC_ASN1_SET_OF,
- offsetof(SEC_PKCS7SignedData,digestAlgorithms),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_INLINE,
- offsetof(SEC_PKCS7SignedData,contentInfo),
- sec_PKCS7ContentInfoTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS7SignedData,rawCerts),
- SEC_SetOfAnyTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(SEC_PKCS7SignedData,crls),
- CERT_SetOfSignedCrlTemplate },
- { SEC_ASN1_SET_OF,
- offsetof(SEC_PKCS7SignedData,signerInfos),
- SEC_PKCS7SignerInfoTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template SEC_PointerToPKCS7SignedDataTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_PKCS7SignedDataTemplate }
-};
-
-static const SEC_ASN1Template SEC_PKCS7RecipientInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SEC_PKCS7RecipientInfo) },
- { SEC_ASN1_INTEGER,
- offsetof(SEC_PKCS7RecipientInfo,version) },
- { SEC_ASN1_POINTER,
- offsetof(SEC_PKCS7RecipientInfo,issuerAndSN),
- CERT_IssuerAndSNTemplate },
- { SEC_ASN1_INLINE,
- offsetof(SEC_PKCS7RecipientInfo,keyEncAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(SEC_PKCS7RecipientInfo,encKey) },
- { 0 }
-};
-
-static const SEC_ASN1Template SEC_PKCS7EncryptedContentInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(SEC_PKCS7EncryptedContentInfo) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(SEC_PKCS7EncryptedContentInfo,contentType) },
- { SEC_ASN1_INLINE,
- offsetof(SEC_PKCS7EncryptedContentInfo,contentEncAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_MAY_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS7EncryptedContentInfo,encContent),
- SEC_OctetStringTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template SEC_PKCS7EnvelopedDataTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(SEC_PKCS7EnvelopedData) },
- { SEC_ASN1_INTEGER,
- offsetof(SEC_PKCS7EnvelopedData,version) },
- { SEC_ASN1_SET_OF,
- offsetof(SEC_PKCS7EnvelopedData,recipientInfos),
- SEC_PKCS7RecipientInfoTemplate },
- { SEC_ASN1_INLINE,
- offsetof(SEC_PKCS7EnvelopedData,encContentInfo),
- SEC_PKCS7EncryptedContentInfoTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template SEC_PointerToPKCS7EnvelopedDataTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_PKCS7EnvelopedDataTemplate }
-};
-
-static const SEC_ASN1Template SEC_PKCS7SignedAndEnvelopedDataTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(SEC_PKCS7SignedAndEnvelopedData) },
- { SEC_ASN1_INTEGER,
- offsetof(SEC_PKCS7SignedAndEnvelopedData,version) },
- { SEC_ASN1_SET_OF,
- offsetof(SEC_PKCS7SignedAndEnvelopedData,recipientInfos),
- SEC_PKCS7RecipientInfoTemplate },
- { SEC_ASN1_SET_OF,
- offsetof(SEC_PKCS7SignedAndEnvelopedData,digestAlgorithms),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_INLINE,
- offsetof(SEC_PKCS7SignedAndEnvelopedData,encContentInfo),
- SEC_PKCS7EncryptedContentInfoTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SEC_PKCS7SignedAndEnvelopedData,rawCerts),
- SEC_SetOfAnyTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(SEC_PKCS7SignedAndEnvelopedData,crls),
- CERT_SetOfSignedCrlTemplate },
- { SEC_ASN1_SET_OF,
- offsetof(SEC_PKCS7SignedAndEnvelopedData,signerInfos),
- SEC_PKCS7SignerInfoTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template
-SEC_PointerToPKCS7SignedAndEnvelopedDataTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_PKCS7SignedAndEnvelopedDataTemplate }
-};
-
-static const SEC_ASN1Template SEC_PKCS7DigestedDataTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(SEC_PKCS7DigestedData) },
- { SEC_ASN1_INTEGER,
- offsetof(SEC_PKCS7DigestedData,version) },
- { SEC_ASN1_INLINE,
- offsetof(SEC_PKCS7DigestedData,digestAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_INLINE,
- offsetof(SEC_PKCS7DigestedData,contentInfo),
- sec_PKCS7ContentInfoTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(SEC_PKCS7DigestedData,digest) },
- { 0 }
-};
-
-static const SEC_ASN1Template SEC_PointerToPKCS7DigestedDataTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_PKCS7DigestedDataTemplate }
-};
-
-static const SEC_ASN1Template SEC_PKCS7EncryptedDataTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(SEC_PKCS7EncryptedData) },
- { SEC_ASN1_INTEGER,
- offsetof(SEC_PKCS7EncryptedData,version) },
- { SEC_ASN1_INLINE,
- offsetof(SEC_PKCS7EncryptedData,encContentInfo),
- SEC_PKCS7EncryptedContentInfoTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template SEC_PointerToPKCS7EncryptedDataTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_PKCS7EncryptedDataTemplate }
-};
-
-const SEC_ASN1Template SEC_SMIMEKEAParamTemplateSkipjack[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SEC_PKCS7SMIMEKEAParameters) },
- { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */,
- offsetof(SEC_PKCS7SMIMEKEAParameters,originatorKEAKey) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(SEC_PKCS7SMIMEKEAParameters,originatorRA) },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_SMIMEKEAParamTemplateNoSkipjack[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SEC_PKCS7SMIMEKEAParameters) },
- { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */,
- offsetof(SEC_PKCS7SMIMEKEAParameters,originatorKEAKey) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(SEC_PKCS7SMIMEKEAParameters,originatorRA) },
- { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL ,
- offsetof(SEC_PKCS7SMIMEKEAParameters,nonSkipjackIV) },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_SMIMEKEAParamTemplateAllParams[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SEC_PKCS7SMIMEKEAParameters) },
- { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */,
- offsetof(SEC_PKCS7SMIMEKEAParameters,originatorKEAKey) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(SEC_PKCS7SMIMEKEAParameters,originatorRA) },
- { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL ,
- offsetof(SEC_PKCS7SMIMEKEAParameters,nonSkipjackIV) },
- { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL ,
- offsetof(SEC_PKCS7SMIMEKEAParameters,bulkKeySize) },
- { 0 }
-};
-
-const SEC_ASN1Template*
-sec_pkcs7_get_kea_template(SECKEATemplateSelector whichTemplate)
-{
- const SEC_ASN1Template *returnVal = NULL;
-
- switch(whichTemplate)
- {
- case SECKEAUsesNonSkipjack:
- returnVal = SEC_SMIMEKEAParamTemplateNoSkipjack;
- break;
- case SECKEAUsesSkipjack:
- returnVal = SEC_SMIMEKEAParamTemplateSkipjack;
- break;
- case SECKEAUsesNonSkipjackWithPaddedEncKey:
- default:
- returnVal = SEC_SMIMEKEAParamTemplateAllParams;
- break;
- }
- return returnVal;
-}
-
-static const SEC_ASN1Template *
-sec_pkcs7_choose_content_template(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- SEC_PKCS7ContentInfo *cinfo;
- SECOidTag kind;
-
- PORT_Assert (src_or_dest != NULL);
- if (src_or_dest == NULL)
- return NULL;
-
- cinfo = (SEC_PKCS7ContentInfo*)src_or_dest;
- kind = SEC_PKCS7ContentType (cinfo);
- switch (kind) {
- default:
- theTemplate = SEC_PointerToAnyTemplate;
- break;
- case SEC_OID_PKCS7_DATA:
- theTemplate = SEC_PointerToOctetStringTemplate;
- break;
- case SEC_OID_PKCS7_SIGNED_DATA:
- theTemplate = SEC_PointerToPKCS7SignedDataTemplate;
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- theTemplate = SEC_PointerToPKCS7EnvelopedDataTemplate;
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- theTemplate = SEC_PointerToPKCS7SignedAndEnvelopedDataTemplate;
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- theTemplate = SEC_PointerToPKCS7DigestedDataTemplate;
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- theTemplate = SEC_PointerToPKCS7EncryptedDataTemplate;
- break;
- }
- return theTemplate;
-}
-
-/*
- * End of templates. Do not add stuff after this; put new code
- * up above the start of the template definitions.
- */
diff --git a/security/nss/lib/pkcs7/p7local.h b/security/nss/lib/pkcs7/p7local.h
deleted file mode 100644
index 80640c930..000000000
--- a/security/nss/lib/pkcs7/p7local.h
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Support routines for PKCS7 implementation, none of which are exported.
- * This file should only contain things that are needed by both the
- * encoding/creation side *and* the decoding/decryption side. Anything
- * else should just be static routines in the appropriate file.
- *
- * Do not export this file! If something in here is really needed outside
- * of pkcs7 code, first try to add a PKCS7 interface which will do it for
- * you. If that has a problem, then just move out what you need, changing
- * its name as appropriate!
- *
- * $Id$
- */
-
-#ifndef _P7LOCAL_H_
-#define _P7LOCAL_H_
-
-#include "secpkcs7.h"
-#include "secasn1t.h"
-
-extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[];
-
-/* opaque objects */
-typedef struct sec_pkcs7_cipher_object sec_PKCS7CipherObject;
-
-
-/************************************************************************/
-SEC_BEGIN_PROTOS
-
-/*
- * Look through a set of attributes and find one that matches the
- * specified object ID. If "only" is true, then make sure that
- * there is not more than one attribute of the same type. Otherwise,
- * just return the first one found. (XXX Does anybody really want
- * that first-found behavior? It was like that when I found it...)
- */
-extern SEC_PKCS7Attribute *sec_PKCS7FindAttribute (SEC_PKCS7Attribute **attrs,
- SECOidTag oidtag,
- PRBool only);
-/*
- * Return the single attribute value, doing some sanity checking first:
- * - Multiple values are *not* expected.
- * - Empty values are *not* expected.
- */
-extern SECItem *sec_PKCS7AttributeValue (SEC_PKCS7Attribute *attr);
-
-/*
- * Encode a set of attributes (found in "src").
- */
-extern SECItem *sec_PKCS7EncodeAttributes (PRArenaPool *poolp,
- SECItem *dest, void *src);
-
-/*
- * Make sure that the order of the attributes guarantees valid DER
- * (which must be in lexigraphically ascending order for a SET OF);
- * if reordering is necessary it will be done in place (in attrs).
- */
-extern SECStatus sec_PKCS7ReorderAttributes (SEC_PKCS7Attribute **attrs);
-
-
-/*
- * Create a context for decrypting, based on the given key and algorithm.
- */
-extern sec_PKCS7CipherObject *
-sec_PKCS7CreateDecryptObject (PK11SymKey *key, SECAlgorithmID *algid);
-
-/*
- * Create a context for encrypting, based on the given key and algorithm,
- * and fill in the algorithm id.
- */
-extern sec_PKCS7CipherObject *
-sec_PKCS7CreateEncryptObject (PRArenaPool *poolp, PK11SymKey *key,
- SECOidTag algtag, SECAlgorithmID *algid);
-
-/*
- * Destroy the given decryption or encryption object.
- */
-extern void sec_PKCS7DestroyDecryptObject (sec_PKCS7CipherObject *obj);
-extern void sec_PKCS7DestroyEncryptObject (sec_PKCS7CipherObject *obj);
-
-/*
- * What will be the output length of the next call to encrypt/decrypt?
- * Result can be used to perform memory allocations. Note that the amount
- * is exactly accurate only when not doing a block cipher or when final
- * is false, otherwise it is an upper bound on the amount because until
- * we see the data we do not know how many padding bytes there are
- * (always between 1 and the cipher block size).
- *
- * Note that this can return zero, which does not mean that the cipher
- * operation can be skipped! (It simply means that there are not enough
- * bytes to make up an entire block; the bytes will be reserved until
- * there are enough to encrypt/decrypt at least one block.) However,
- * if zero is returned it *does* mean that no output buffer need be
- * passed in to the subsequent cipher operation, as no output bytes
- * will be stored.
- */
-extern unsigned int sec_PKCS7DecryptLength (sec_PKCS7CipherObject *obj,
- unsigned int input_len,
- PRBool final);
-extern unsigned int sec_PKCS7EncryptLength (sec_PKCS7CipherObject *obj,
- unsigned int input_len,
- PRBool final);
-
-/*
- * Decrypt a given length of input buffer (starting at "input" and
- * containing "input_len" bytes), placing the decrypted bytes in
- * "output" and storing the output length in "*output_len_p".
- * "obj" is the return value from sec_PKCS7CreateDecryptObject.
- * When "final" is true, this is the last of the data to be decrypted.
- */
-extern SECStatus sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj,
- unsigned char *output,
- unsigned int *output_len_p,
- unsigned int max_output_len,
- const unsigned char *input,
- unsigned int input_len,
- PRBool final);
-
-/*
- * Encrypt a given length of input buffer (starting at "input" and
- * containing "input_len" bytes), placing the encrypted bytes in
- * "output" and storing the output length in "*output_len_p".
- * "obj" is the return value from sec_PKCS7CreateEncryptObject.
- * When "final" is true, this is the last of the data to be encrypted.
- */
-extern SECStatus sec_PKCS7Encrypt (sec_PKCS7CipherObject *obj,
- unsigned char *output,
- unsigned int *output_len_p,
- unsigned int max_output_len,
- const unsigned char *input,
- unsigned int input_len,
- PRBool final);
-
-/* return the correct kea template based on the template selector. skipjack
- * does not have the extra IV.
- */
-const SEC_ASN1Template *
-sec_pkcs7_get_kea_template(SECKEATemplateSelector whichTemplate);
-
-/************************************************************************/
-SEC_END_PROTOS
-
-#endif /* _P7LOCAL_H_ */
diff --git a/security/nss/lib/pkcs7/pkcs7t.h b/security/nss/lib/pkcs7/pkcs7t.h
deleted file mode 100644
index 73b23014d..000000000
--- a/security/nss/lib/pkcs7/pkcs7t.h
+++ /dev/null
@@ -1,292 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Header for pkcs7 types.
- *
- * $Id$
- */
-
-#ifndef _PKCS7T_H_
-#define _PKCS7T_H_
-
-#include "plarena.h"
-
-#include "seccomon.h"
-#include "secoidt.h"
-#include "certt.h"
-#include "secmodt.h"
-
-/* Opaque objects */
-typedef struct SEC_PKCS7DecoderContextStr SEC_PKCS7DecoderContext;
-typedef struct SEC_PKCS7EncoderContextStr SEC_PKCS7EncoderContext;
-
-/* Non-opaque objects. NOTE, though: I want them to be treated as
- * opaque as much as possible. If I could hide them completely,
- * I would. (I tried, but ran into trouble that was taking me too
- * much time to get out of.) I still intend to try to do so.
- * In fact, the only type that "outsiders" should even *name* is
- * SEC_PKCS7ContentInfo, and they should not reference its fields.
- */
-/* rjr: PKCS #11 cert handling (pk11cert.c) does use SEC_PKCS7RecipientInfo's.
- * This is because when we search the recipient list for the cert and key we
- * want, we need to invert the order of the loops we used to have. The old
- * loops were:
- *
- * For each recipient {
- * find_cert = PK11_Find_AllCert(recipient->issuerSN);
- * [which unrolls to... ]
- * For each slot {
- * Log into slot;
- * search slot for cert;
- * }
- * }
- *
- * the new loop searchs all the recipients at once on a slot. this allows
- * PKCS #11 to order slots in such a way that logout slots don't get checked
- * if we can find the cert on a logged in slot. This eliminates lots of
- * spurious password prompts when smart cards are installed... so why this
- * comment? If you make SEC_PKCS7RecipientInfo completely opaque, you need
- * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
- * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
- * function.
- */
-typedef struct SEC_PKCS7ContentInfoStr SEC_PKCS7ContentInfo;
-typedef struct SEC_PKCS7SignedDataStr SEC_PKCS7SignedData;
-typedef struct SEC_PKCS7EncryptedContentInfoStr SEC_PKCS7EncryptedContentInfo;
-typedef struct SEC_PKCS7EnvelopedDataStr SEC_PKCS7EnvelopedData;
-typedef struct SEC_PKCS7SignedAndEnvelopedDataStr
- SEC_PKCS7SignedAndEnvelopedData;
-typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo;
-typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo;
-typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData;
-typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData;
-typedef struct SEC_PKCS7SMIMEKEAParametersStr SEC_PKCS7SMIMEKEAParameters;
-/*
- * The following is not actually a PKCS7 type, but for now it is only
- * used by PKCS7, so we have adopted it. If someone else *ever* needs
- * it, its name should be changed and it should be moved out of here.
- * Do not dare to use it without doing so!
- */
-typedef struct SEC_PKCS7AttributeStr SEC_PKCS7Attribute;
-
-
-struct SEC_PKCS7ContentInfoStr {
- PRArenaPool *poolp; /* local; not part of encoding */
- PRBool created; /* local; not part of encoding */
- int refCount; /* local; not part of encoding */
- SECOidData *contentTypeTag; /* local; not part of encoding */
- SECKEYGetPasswordKey pwfn; /* local; not part of encoding */
- void *pwfn_arg; /* local; not part of encoding */
- SECItem contentType;
- union {
- SECItem *data;
- SEC_PKCS7DigestedData *digestedData;
- SEC_PKCS7EncryptedData *encryptedData;
- SEC_PKCS7EnvelopedData *envelopedData;
- SEC_PKCS7SignedData *signedData;
- SEC_PKCS7SignedAndEnvelopedData *signedAndEnvelopedData;
- } content;
-};
-
-struct SEC_PKCS7SignedDataStr {
- SECItem version;
- SECAlgorithmID **digestAlgorithms;
- SEC_PKCS7ContentInfo contentInfo;
- SECItem **rawCerts;
- CERTSignedCrl **crls;
- SEC_PKCS7SignerInfo **signerInfos;
- SECItem **digests; /* local; not part of encoding */
- CERTCertificate **certs; /* local; not part of encoding */
- CERTCertificateList **certLists; /* local; not part of encoding */
-};
-#define SEC_PKCS7_SIGNED_DATA_VERSION 1 /* what we *create* */
-
-struct SEC_PKCS7EncryptedContentInfoStr {
- SECOidData *contentTypeTag; /* local; not part of encoding */
- SECItem contentType;
- SECAlgorithmID contentEncAlg;
- SECItem encContent;
- SECItem plainContent; /* local; not part of encoding */
- /* bytes not encrypted, but encoded */
- int keysize; /* local; not part of encoding */
- /* size of bulk encryption key
- * (only used by creation code) */
- SECOidTag encalg; /* local; not part of encoding */
- /* oid tag of encryption algorithm
- * (only used by creation code) */
-};
-
-struct SEC_PKCS7EnvelopedDataStr {
- SECItem version;
- SEC_PKCS7RecipientInfo **recipientInfos;
- SEC_PKCS7EncryptedContentInfo encContentInfo;
-};
-#define SEC_PKCS7_ENVELOPED_DATA_VERSION 0 /* what we *create* */
-
-struct SEC_PKCS7SignedAndEnvelopedDataStr {
- SECItem version;
- SEC_PKCS7RecipientInfo **recipientInfos;
- SECAlgorithmID **digestAlgorithms;
- SEC_PKCS7EncryptedContentInfo encContentInfo;
- SECItem **rawCerts;
- CERTSignedCrl **crls;
- SEC_PKCS7SignerInfo **signerInfos;
- SECItem **digests; /* local; not part of encoding */
- CERTCertificate **certs; /* local; not part of encoding */
- CERTCertificateList **certLists; /* local; not part of encoding */
- PK11SymKey *sigKey; /* local; not part of encoding */
-};
-#define SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION 1 /* what we *create* */
-
-struct SEC_PKCS7SignerInfoStr {
- SECItem version;
- CERTIssuerAndSN *issuerAndSN;
- SECAlgorithmID digestAlg;
- SEC_PKCS7Attribute **authAttr;
- SECAlgorithmID digestEncAlg;
- SECItem encDigest;
- SEC_PKCS7Attribute **unAuthAttr;
- CERTCertificate *cert; /* local; not part of encoding */
- CERTCertificateList *certList; /* local; not part of encoding */
-};
-#define SEC_PKCS7_SIGNER_INFO_VERSION 1 /* what we *create* */
-
-struct SEC_PKCS7RecipientInfoStr {
- SECItem version;
- CERTIssuerAndSN *issuerAndSN;
- SECAlgorithmID keyEncAlg;
- SECItem encKey;
- CERTCertificate *cert; /* local; not part of encoding */
-};
-#define SEC_PKCS7_RECIPIENT_INFO_VERSION 0 /* what we *create* */
-
-struct SEC_PKCS7DigestedDataStr {
- SECItem version;
- SECAlgorithmID digestAlg;
- SEC_PKCS7ContentInfo contentInfo;
- SECItem digest;
-};
-#define SEC_PKCS7_DIGESTED_DATA_VERSION 0 /* what we *create* */
-
-struct SEC_PKCS7EncryptedDataStr {
- SECItem version;
- SEC_PKCS7EncryptedContentInfo encContentInfo;
-};
-#define SEC_PKCS7_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
-
-/*
- * See comment above about this type not really belonging to PKCS7.
- */
-struct SEC_PKCS7AttributeStr {
- /* The following fields make up an encoded Attribute: */
- SECItem type;
- SECItem **values; /* data may or may not be encoded */
- /* The following fields are not part of an encoded Attribute: */
- SECOidData *typeTag;
- PRBool encoded; /* when true, values are encoded */
-};
-
-/* An enumerated type used to select templates based on the encryption
- scenario and data specifics. */
-typedef enum
-{
- SECKEAUsesSkipjack,
- SECKEAUsesNonSkipjack,
- SECKEAUsesNonSkipjackWithPaddedEncKey
-} SECKEATemplateSelector;
-
-/* ### mwelch - S/MIME KEA parameters. These don't really fit here,
- but I cannot think of a more appropriate place at this time. */
-struct SEC_PKCS7SMIMEKEAParametersStr {
- SECItem originatorKEAKey; /* sender KEA key (encrypted?) */
- SECItem originatorRA; /* random number generated by sender */
- SECItem nonSkipjackIV; /* init'n vector for SkipjackCBC64
- decryption of KEA key if Skipjack
- is not the bulk algorithm used on
- the message */
- SECItem bulkKeySize; /* if Skipjack is not the bulk
- algorithm used on the message,
- and the size of the bulk encryption
- key is not the same as that of
- originatorKEAKey (due to padding
- perhaps), this field will contain
- the real size of the bulk encryption
- key. */
-};
-
-/*
- * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
- * If specified, this is where the content bytes (only) will be "sent"
- * as they are recovered during the decoding.
- *
- * XXX Should just combine this with SEC_PKCS7EncoderContentCallback type
- * and use a simpler, common name.
- */
-typedef void (* SEC_PKCS7DecoderContentCallback)(void *arg,
- const char *buf,
- unsigned long len);
-
-/*
- * Type of function passed to SEC_PKCS7Encode or SEC_PKCS7EncoderStart.
- * This is where the encoded bytes will be "sent".
- *
- * XXX Should just combine this with SEC_PKCS7DecoderContentCallback type
- * and use a simpler, common name.
- */
-typedef void (* SEC_PKCS7EncoderOutputCallback)(void *arg,
- const char *buf,
- unsigned long len);
-
-
-/*
- * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart
- * to retrieve the decryption key. This function is inteded to be
- * used for EncryptedData content info's which do not have a key available
- * in a certificate, etc.
- */
-typedef PK11SymKey * (* SEC_PKCS7GetDecryptKeyCallback)(void *arg,
- SECAlgorithmID *algid);
-
-/*
- * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
- * This function in intended to be used to verify that decrypting a
- * particular crypto algorithm is allowed. Content types which do not
- * require decryption will not need the callback. If the callback
- * is not specified for content types which require decryption, the
- * decryption will be disallowed.
- */
-typedef PRBool (* SEC_PKCS7DecryptionAllowedCallback)(SECAlgorithmID *algid,
- PK11SymKey *bulkkey);
-
-#endif /* _PKCS7T_H_ */
diff --git a/security/nss/lib/pkcs7/secmime.c b/security/nss/lib/pkcs7/secmime.c
deleted file mode 100644
index 017896bd7..000000000
--- a/security/nss/lib/pkcs7/secmime.c
+++ /dev/null
@@ -1,901 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Stuff specific to S/MIME policy and interoperability.
- * Depends on PKCS7, but there should be no dependency the other way around.
- *
- * $Id$
- */
-
-#include "secmime.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "ciferfam.h" /* for CIPHER_FAMILY symbols */
-#include "secasn1.h"
-#include "secitem.h"
-#include "cert.h"
-#include "key.h"
-#include "secerr.h"
-
-typedef struct smime_cipher_map_struct {
- unsigned long cipher;
- SECOidTag algtag;
- SECItem *parms;
-} smime_cipher_map;
-
-/*
- * These are macros because I think some subsequent parameters,
- * like those for RC5, will want to use them, too, separately.
- */
-#define SMIME_DER_INTVAL_16 SEC_ASN1_INTEGER, 0x01, 0x10
-#define SMIME_DER_INTVAL_40 SEC_ASN1_INTEGER, 0x01, 0x28
-#define SMIME_DER_INTVAL_64 SEC_ASN1_INTEGER, 0x01, 0x40
-#define SMIME_DER_INTVAL_128 SEC_ASN1_INTEGER, 0x02, 0x00, 0x80
-
-#ifdef SMIME_DOES_RC5 /* will be needed; quiet unused warning for now */
-static unsigned char smime_int16[] = { SMIME_DER_INTVAL_16 };
-#endif
-static unsigned char smime_int40[] = { SMIME_DER_INTVAL_40 };
-static unsigned char smime_int64[] = { SMIME_DER_INTVAL_64 };
-static unsigned char smime_int128[] = { SMIME_DER_INTVAL_128 };
-
-static SECItem smime_rc2p40 = { siBuffer, smime_int40, sizeof(smime_int40) };
-static SECItem smime_rc2p64 = { siBuffer, smime_int64, sizeof(smime_int64) };
-static SECItem smime_rc2p128 = { siBuffer, smime_int128, sizeof(smime_int128) };
-
-static smime_cipher_map smime_cipher_maps[] = {
- { SMIME_RC2_CBC_40, SEC_OID_RC2_CBC, &smime_rc2p40 },
- { SMIME_RC2_CBC_64, SEC_OID_RC2_CBC, &smime_rc2p64 },
- { SMIME_RC2_CBC_128, SEC_OID_RC2_CBC, &smime_rc2p128 },
-#ifdef SMIME_DOES_RC5
- { SMIME_RC5PAD_64_16_40, SEC_OID_RC5_CBC_PAD, &smime_rc5p40 },
- { SMIME_RC5PAD_64_16_64, SEC_OID_RC5_CBC_PAD, &smime_rc5p64 },
- { SMIME_RC5PAD_64_16_128, SEC_OID_RC5_CBC_PAD, &smime_rc5p128 },
-#endif
- { SMIME_DES_CBC_56, SEC_OID_DES_CBC, NULL },
- { SMIME_DES_EDE3_168, SEC_OID_DES_EDE3_CBC, NULL },
- { SMIME_FORTEZZA, SEC_OID_FORTEZZA_SKIPJACK, NULL}
-};
-
-/*
- * Note, the following value really just needs to be an upper bound
- * on the ciphers.
- */
-static const int smime_symmetric_count = sizeof(smime_cipher_maps)
- / sizeof(smime_cipher_map);
-
-static unsigned long *smime_prefs, *smime_newprefs;
-static int smime_current_pref_index = 0;
-static PRBool smime_prefs_complete = PR_FALSE;
-static PRBool smime_prefs_changed = PR_TRUE;
-
-static unsigned long smime_policy_bits = 0;
-
-
-static int
-smime_mapi_by_cipher (unsigned long cipher)
-{
- int i;
-
- for (i = 0; i < smime_symmetric_count; i++) {
- if (smime_cipher_maps[i].cipher == cipher)
- break;
- }
-
- if (i == smime_symmetric_count)
- return -1;
-
- return i;
-}
-
-
-/*
- * this function locally records the user's preference
- */
-SECStatus
-SECMIME_EnableCipher(long which, int on)
-{
- unsigned long mask;
-
- if (smime_newprefs == NULL || smime_prefs_complete) {
- /*
- * This is either the very first time, or we are starting over.
- */
- smime_newprefs = (unsigned long*)PORT_ZAlloc (smime_symmetric_count
- * sizeof(*smime_newprefs));
- if (smime_newprefs == NULL)
- return SECFailure;
- smime_current_pref_index = 0;
- smime_prefs_complete = PR_FALSE;
- }
-
- mask = which & CIPHER_FAMILYID_MASK;
- if (mask == CIPHER_FAMILYID_MASK) {
- /*
- * This call signifies that all preferences have been set.
- * Move "newprefs" over, after checking first whether or
- * not the new ones are different from the old ones.
- */
- if (smime_prefs != NULL) {
- if (PORT_Memcmp (smime_prefs, smime_newprefs,
- smime_symmetric_count * sizeof(*smime_prefs)) == 0)
- smime_prefs_changed = PR_FALSE;
- else
- smime_prefs_changed = PR_TRUE;
- PORT_Free (smime_prefs);
- }
-
- smime_prefs = smime_newprefs;
- smime_prefs_complete = PR_TRUE;
- return SECSuccess;
- }
-
- PORT_Assert (mask == CIPHER_FAMILYID_SMIME);
- if (mask != CIPHER_FAMILYID_SMIME) {
- /* XXX set an error! */
- return SECFailure;
- }
-
- if (on) {
- PORT_Assert (smime_current_pref_index < smime_symmetric_count);
- if (smime_current_pref_index >= smime_symmetric_count) {
- /* XXX set an error! */
- return SECFailure;
- }
-
- smime_newprefs[smime_current_pref_index++] = which;
- }
-
- return SECSuccess;
-}
-
-
-/*
- * this function locally records the export policy
- */
-SECStatus
-SECMIME_SetPolicy(long which, int on)
-{
- unsigned long mask;
-
- PORT_Assert ((which & CIPHER_FAMILYID_MASK) == CIPHER_FAMILYID_SMIME);
- if ((which & CIPHER_FAMILYID_MASK) != CIPHER_FAMILYID_SMIME) {
- /* XXX set an error! */
- return SECFailure;
- }
-
- which &= ~CIPHER_FAMILYID_MASK;
-
- PORT_Assert (which < 32); /* bits in the long */
- if (which >= 32) {
- /* XXX set an error! */
- return SECFailure;
- }
-
- mask = 1UL << which;
-
- if (on) {
- smime_policy_bits |= mask;
- } else {
- smime_policy_bits &= ~mask;
- }
-
- return SECSuccess;
-}
-
-
-/*
- * Based on the given algorithm (including its parameters, in some cases!)
- * and the given key (may or may not be inspected, depending on the
- * algorithm), find the appropriate policy algorithm specification
- * and return it. If no match can be made, -1 is returned.
- */
-static long
-smime_policy_algorithm (SECAlgorithmID *algid, PK11SymKey *key)
-{
- SECOidTag algtag;
-
- algtag = SECOID_GetAlgorithmTag (algid);
- switch (algtag) {
- case SEC_OID_RC2_CBC:
- {
- unsigned int keylen_bits;
-
- keylen_bits = PK11_GetKeyStrength (key, algid);
- switch (keylen_bits) {
- case 40:
- return SMIME_RC2_CBC_40;
- case 64:
- return SMIME_RC2_CBC_64;
- case 128:
- return SMIME_RC2_CBC_128;
- default:
- break;
- }
- }
- break;
- case SEC_OID_DES_CBC:
- return SMIME_DES_CBC_56;
- case SEC_OID_DES_EDE3_CBC:
- return SMIME_DES_EDE3_168;
- case SEC_OID_FORTEZZA_SKIPJACK:
- return SMIME_FORTEZZA;
-#ifdef SMIME_DOES_RC5
- case SEC_OID_RC5_CBC_PAD:
- PORT_Assert (0); /* XXX need to pull out parameters and match */
- break;
-#endif
- default:
- break;
- }
-
- return -1;
-}
-
-
-static PRBool
-smime_cipher_allowed (unsigned long which)
-{
- unsigned long mask;
-
- which &= ~CIPHER_FAMILYID_MASK;
- PORT_Assert (which < 32); /* bits per long (min) */
- if (which >= 32)
- return PR_FALSE;
-
- mask = 1UL << which;
- if ((mask & smime_policy_bits) == 0)
- return PR_FALSE;
-
- return PR_TRUE;
-}
-
-
-PRBool
-SECMIME_DecryptionAllowed(SECAlgorithmID *algid, PK11SymKey *key)
-{
- long which;
-
- which = smime_policy_algorithm (algid, key);
- if (which < 0)
- return PR_FALSE;
-
- return smime_cipher_allowed ((unsigned long)which);
-}
-
-
-/*
- * Does the current policy allow *any* S/MIME encryption (or decryption)?
- *
- * This tells whether or not *any* S/MIME encryption can be done,
- * according to policy. Callers may use this to do nicer user interface
- * (say, greying out a checkbox so a user does not even try to encrypt
- * a message when they are not allowed to) or for any reason they want
- * to check whether S/MIME encryption (or decryption, for that matter)
- * may be done.
- *
- * It takes no arguments. The return value is a simple boolean:
- * PR_TRUE means encryption (or decryption) is *possible*
- * (but may still fail due to other reasons, like because we cannot
- * find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
- * PR_FALSE means encryption (or decryption) is not permitted
- *
- * There are no errors from this routine.
- */
-PRBool
-SECMIME_EncryptionPossible (void)
-{
- if (smime_policy_bits != 0)
- return PR_TRUE;
-
- return PR_FALSE;
-}
-
-
-/*
- * XXX Would like the "parameters" field to be a SECItem *, but the
- * encoder is having trouble with optional pointers to an ANY. Maybe
- * once that is fixed, can change this back...
- */
-typedef struct smime_capability_struct {
- unsigned long cipher; /* local; not part of encoding */
- SECOidTag capIDTag; /* local; not part of encoding */
- SECItem capabilityID;
- SECItem parameters;
-} smime_capability;
-
-static const SEC_ASN1Template smime_capability_template[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(smime_capability) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(smime_capability,capabilityID), },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
- offsetof(smime_capability,parameters), },
- { 0, }
-};
-
-static const SEC_ASN1Template smime_capabilities_template[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, smime_capability_template }
-};
-
-
-
-static void
-smime_fill_capability (smime_capability *cap)
-{
- unsigned long cipher;
- SECOidTag algtag;
- int i;
-
- algtag = SECOID_FindOIDTag (&(cap->capabilityID));
-
- for (i = 0; i < smime_symmetric_count; i++) {
- if (smime_cipher_maps[i].algtag != algtag)
- continue;
- /*
- * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
- * 2 NULLs as equal and NULL and non-NULL as not equal), we could
- * use that here instead of all of the following comparison code.
- */
- if (cap->parameters.data != NULL) {
- if (smime_cipher_maps[i].parms == NULL)
- continue;
- if (cap->parameters.len != smime_cipher_maps[i].parms->len)
- continue;
- if (PORT_Memcmp (cap->parameters.data,
- smime_cipher_maps[i].parms->data,
- cap->parameters.len) == 0)
- break;
- } else if (smime_cipher_maps[i].parms == NULL) {
- break;
- }
- }
-
- if (i == smime_symmetric_count)
- cipher = 0;
- else
- cipher = smime_cipher_maps[i].cipher;
-
- cap->cipher = cipher;
- cap->capIDTag = algtag;
-}
-
-
-static long
-smime_choose_cipher (CERTCertificate *scert, CERTCertificate **rcerts)
-{
- PRArenaPool *poolp;
- long chosen_cipher;
- int *cipher_abilities;
- int *cipher_votes;
- int strong_mapi;
- int rcount, mapi, max, i;
- PRBool isFortezza = PK11_FortezzaHasKEA(scert);
-
- if (smime_policy_bits == 0) {
- PORT_SetError (SEC_ERROR_BAD_EXPORT_ALGORITHM);
- return -1;
- }
-
- chosen_cipher = SMIME_RC2_CBC_40; /* the default, LCD */
-
- poolp = PORT_NewArena (1024); /* XXX what is right value? */
- if (poolp == NULL)
- goto done;
-
- cipher_abilities = (int*)PORT_ArenaZAlloc (poolp,
- smime_symmetric_count * sizeof(int));
- if (cipher_abilities == NULL)
- goto done;
-
- cipher_votes = (int*)PORT_ArenaZAlloc (poolp,
- smime_symmetric_count * sizeof(int));
- if (cipher_votes == NULL)
- goto done;
-
- /*
- * XXX Should have a #define somewhere which specifies default
- * strong cipher. (Or better, a way to configure, which would
- * take Fortezza into account as well.)
- */
-
- /* If the user has the Fortezza preference turned on, make
- * that the strong cipher. Otherwise, use triple-DES. */
- strong_mapi = -1;
- if (isFortezza) {
- for(i=0;i < smime_current_pref_index && strong_mapi < 0;i++)
- {
- if (smime_prefs[i] == SMIME_FORTEZZA)
- strong_mapi = smime_mapi_by_cipher(SMIME_FORTEZZA);
- }
- }
-
- if (strong_mapi == -1)
- strong_mapi = smime_mapi_by_cipher (SMIME_DES_EDE3_168);
-
- PORT_Assert (strong_mapi >= 0);
-
- for (rcount = 0; rcerts[rcount] != NULL; rcount++) {
- SECItem *profile;
- smime_capability **caps;
- int capi, pref;
- SECStatus dstat;
-
- pref = smime_symmetric_count;
- profile = CERT_FindSMimeProfile (rcerts[rcount]);
- if (profile != NULL && profile->data != NULL && profile->len > 0) {
- caps = NULL;
- dstat = SEC_ASN1DecodeItem (poolp, &caps,
- smime_capabilities_template,
- profile);
- if (dstat == SECSuccess && caps != NULL) {
- for (capi = 0; caps[capi] != NULL; capi++) {
- smime_fill_capability (caps[capi]);
- mapi = smime_mapi_by_cipher (caps[capi]->cipher);
- if (mapi >= 0) {
- cipher_abilities[mapi]++;
- cipher_votes[mapi] += pref;
- --pref;
- }
- }
- }
- } else {
- SECKEYPublicKey *key;
- unsigned int pklen_bits;
-
- /*
- * XXX This is probably only good for RSA keys. What I would
- * really like is a function to just say; Is the public key in
- * this cert an export-length key? Then I would not have to
- * know things like the value 512, or the kind of key, or what
- * a subjectPublicKeyInfo is, etc.
- */
- key = CERT_ExtractPublicKey (rcerts[rcount]);
- if (key != NULL) {
- pklen_bits = SECKEY_PublicKeyStrength (key) * 8;
- SECKEY_DestroyPublicKey (key);
-
- if (pklen_bits > 512) {
- cipher_abilities[strong_mapi]++;
- cipher_votes[strong_mapi] += pref;
- }
- }
- }
- if (profile != NULL)
- SECITEM_FreeItem (profile, PR_TRUE);
- }
-
- max = 0;
- for (mapi = 0; mapi < smime_symmetric_count; mapi++) {
- if (cipher_abilities[mapi] != rcount)
- continue;
- if (! smime_cipher_allowed (smime_cipher_maps[mapi].cipher))
- continue;
- if (!isFortezza && (smime_cipher_maps[mapi].cipher == SMIME_FORTEZZA))
- continue;
- if (cipher_votes[mapi] > max) {
- chosen_cipher = smime_cipher_maps[mapi].cipher;
- max = cipher_votes[mapi];
- } /* XXX else if a tie, let scert break it? */
- }
-
-done:
- if (poolp != NULL)
- PORT_FreeArena (poolp, PR_FALSE);
-
- return chosen_cipher;
-}
-
-
-/*
- * XXX This is a hack for now to satisfy our current interface.
- * Eventually, with more parameters needing to be specified, just
- * looking up the keysize is not going to be sufficient.
- */
-static int
-smime_keysize_by_cipher (unsigned long which)
-{
- int keysize;
-
- switch (which) {
- case SMIME_RC2_CBC_40:
- keysize = 40;
- break;
- case SMIME_RC2_CBC_64:
- keysize = 64;
- break;
- case SMIME_RC2_CBC_128:
- keysize = 128;
- break;
-#ifdef SMIME_DOES_RC5
- case SMIME_RC5PAD_64_16_40:
- case SMIME_RC5PAD_64_16_64:
- case SMIME_RC5PAD_64_16_128:
- /* XXX See comment above; keysize is not enough... */
- PORT_Assert (0);
- PORT_SetError (SEC_ERROR_INVALID_ALGORITHM);
- keysize = -1;
- break;
-#endif
- case SMIME_DES_CBC_56:
- case SMIME_DES_EDE3_168:
- case SMIME_FORTEZZA:
- /*
- * These are special; since the key size is fixed, we actually
- * want to *avoid* specifying a key size.
- */
- keysize = 0;
- break;
- default:
- keysize = -1;
- break;
- }
-
- return keysize;
-}
-
-
-/*
- * Start an S/MIME encrypting context.
- *
- * "scert" is the cert for the sender. It will be checked for validity.
- * "rcerts" are the certs for the recipients. They will also be checked.
- *
- * "certdb" is the cert database to use for verifying the certs.
- * It can be NULL if a default database is available (like in the client).
- *
- * This function already does all of the stuff specific to S/MIME protocol
- * and local policy; the return value just needs to be passed to
- * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
- * and finally to SEC_PKCS7DestroyContentInfo().
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-SEC_PKCS7ContentInfo *
-SECMIME_CreateEncrypted(CERTCertificate *scert,
- CERTCertificate **rcerts,
- CERTCertDBHandle *certdb,
- SECKEYGetPasswordKey pwfn,
- void *pwfn_arg)
-{
- SEC_PKCS7ContentInfo *cinfo;
- long cipher;
- SECOidTag encalg;
- int keysize;
- int mapi, rci;
-
- cipher = smime_choose_cipher (scert, rcerts);
- if (cipher < 0)
- return NULL;
-
- mapi = smime_mapi_by_cipher (cipher);
- if (mapi < 0)
- return NULL;
-
- /*
- * XXX This is stretching it -- CreateEnvelopedData should probably
- * take a cipher itself of some sort, because we cannot know what the
- * future will bring in terms of parameters for each type of algorithm.
- * For example, just an algorithm and keysize is *not* sufficient to
- * fully specify the usage of RC5 (which also needs to know rounds and
- * block size). Work this out into a better API!
- */
- encalg = smime_cipher_maps[mapi].algtag;
- keysize = smime_keysize_by_cipher (cipher);
- if (keysize < 0)
- return NULL;
-
- cinfo = SEC_PKCS7CreateEnvelopedData (scert, certUsageEmailRecipient,
- certdb, encalg, keysize,
- pwfn, pwfn_arg);
- if (cinfo == NULL)
- return NULL;
-
- for (rci = 0; rcerts[rci] != NULL; rci++) {
- if (rcerts[rci] == scert)
- continue;
- if (SEC_PKCS7AddRecipient (cinfo, rcerts[rci], certUsageEmailRecipient,
- NULL) != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
- }
- }
-
- return cinfo;
-}
-
-
-static smime_capability **smime_capabilities;
-static SECItem *smime_encoded_caps;
-static PRBool lastUsedFortezza;
-
-
-static SECStatus
-smime_init_caps (PRBool isFortezza)
-{
- smime_capability *cap;
- smime_cipher_map *map;
- SECOidData *oiddata;
- SECStatus rv;
- int i, capIndex;
-
- if (smime_encoded_caps != NULL
- && (! smime_prefs_changed)
- && lastUsedFortezza == isFortezza)
- return SECSuccess;
-
- if (smime_encoded_caps != NULL) {
- SECITEM_FreeItem (smime_encoded_caps, PR_TRUE);
- smime_encoded_caps = NULL;
- }
-
- if (smime_capabilities == NULL) {
- smime_capabilities = (smime_capability**)PORT_ZAlloc (
- (smime_symmetric_count + 1)
- * sizeof(smime_capability *));
- if (smime_capabilities == NULL)
- return SECFailure;
- }
-
- rv = SECFailure;
-
- /*
- The process of creating the encoded PKCS7 cipher capability list
- involves two basic steps:
-
- (a) Convert our internal representation of cipher preferences
- (smime_prefs) into an array containing cipher OIDs and
- parameter data (smime_capabilities). This step is
- performed here.
-
- (b) Encode, using ASN.1, the cipher information in
- smime_capabilities, leaving the encoded result in
- smime_encoded_caps.
-
- (In the process of performing (a), Lisa put in some optimizations
- which allow us to avoid needlessly re-populating elements in
- smime_capabilities as we walk through smime_prefs.)
-
- We want to use separate loop variables for smime_prefs and
- smime_capabilities because in the case where the Skipjack cipher
- is turned on in the prefs, but where we don't want to include
- Skipjack in the encoded capabilities (presumably due to using a
- non-fortezza cert when sending a message), we want to avoid creating
- an empty element in smime_capabilities. This would otherwise cause
- the encoding step to produce an empty set, since Skipjack happens
- to be the first cipher in smime_prefs, if it is turned on.
- */
- for (i = 0, capIndex = 0; i < smime_current_pref_index; i++, capIndex++) {
- int mapi;
-
- /* Get the next cipher preference in smime_prefs. */
- mapi = smime_mapi_by_cipher (smime_prefs[i]);
- if (mapi < 0)
- break;
-
- /* Find the corresponding entry in the cipher map. */
- PORT_Assert (mapi < smime_symmetric_count);
- map = &(smime_cipher_maps[mapi]);
-
- /* If we're using a non-Fortezza cert, only advertise non-Fortezza
- capabilities. (We advertise all capabilities if we have a
- Fortezza cert.) */
- if ((!isFortezza) && (map->cipher == SMIME_FORTEZZA))
- {
- capIndex--; /* we want to visit the same caps index entry next time */
- continue;
- }
-
- /*
- * Convert the next preference found in smime_prefs into an
- * smime_capability.
- */
-
- cap = smime_capabilities[capIndex];
- if (cap == NULL) {
- cap = (smime_capability*)PORT_ZAlloc (sizeof(smime_capability));
- if (cap == NULL)
- break;
- smime_capabilities[capIndex] = cap;
- } else if (cap->cipher == smime_prefs[i]) {
- continue; /* no change to this one */
- }
-
- cap->capIDTag = map->algtag;
- oiddata = SECOID_FindOIDByTag (map->algtag);
- if (oiddata == NULL)
- break;
-
- if (cap->capabilityID.data != NULL) {
- SECITEM_FreeItem (&(cap->capabilityID), PR_FALSE);
- cap->capabilityID.data = NULL;
- cap->capabilityID.len = 0;
- }
-
- rv = SECITEM_CopyItem (NULL, &(cap->capabilityID), &(oiddata->oid));
- if (rv != SECSuccess)
- break;
-
- if (map->parms == NULL) {
- cap->parameters.data = NULL;
- cap->parameters.len = 0;
- } else {
- cap->parameters.data = map->parms->data;
- cap->parameters.len = map->parms->len;
- }
-
- cap->cipher = smime_prefs[i];
- }
-
- if (i != smime_current_pref_index)
- return rv;
-
- while (capIndex < smime_symmetric_count) {
- cap = smime_capabilities[capIndex];
- if (cap != NULL) {
- SECITEM_FreeItem (&(cap->capabilityID), PR_FALSE);
- PORT_Free (cap);
- }
- smime_capabilities[capIndex] = NULL;
- capIndex++;
- }
- smime_capabilities[capIndex] = NULL;
-
- smime_encoded_caps = SEC_ASN1EncodeItem (NULL, NULL, &smime_capabilities,
- smime_capabilities_template);
- if (smime_encoded_caps == NULL)
- return SECFailure;
-
- lastUsedFortezza = isFortezza;
-
- return SECSuccess;
-}
-
-
-static SECStatus
-smime_add_profile (CERTCertificate *cert, SEC_PKCS7ContentInfo *cinfo)
-{
- PRBool isFortezza = PR_FALSE;
-
- PORT_Assert (smime_prefs_complete);
- if (! smime_prefs_complete)
- return SECFailure;
-
- /* See if the sender's cert specifies Fortezza key exchange. */
- if (cert != NULL)
- isFortezza = PK11_FortezzaHasKEA(cert);
-
- /* For that matter, if capabilities haven't been initialized yet,
- do so now. */
- if (isFortezza != lastUsedFortezza || smime_encoded_caps == NULL || smime_prefs_changed) {
- SECStatus rv;
-
- rv = smime_init_caps(isFortezza);
- if (rv != SECSuccess)
- return rv;
-
- PORT_Assert (smime_encoded_caps != NULL);
- }
-
- return SEC_PKCS7AddSignedAttribute (cinfo, SEC_OID_PKCS9_SMIME_CAPABILITIES,
- smime_encoded_caps);
-}
-
-
-/*
- * Start an S/MIME signing context.
- *
- * "scert" is the cert that will be used to sign the data. It will be
- * checked for validity.
- *
- * "ecert" is the signer's encryption cert. If it is different from
- * scert, then it will be included in the signed message so that the
- * recipient can save it for future encryptions.
- *
- * "certdb" is the cert database to use for verifying the cert.
- * It can be NULL if a default database is available (like in the client).
- *
- * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
- * XXX There should be SECMIME functions for hashing, or the hashing should
- * be built into this interface, which we would like because we would
- * support more smartcards that way, and then this argument should go away.)
- *
- * "digest" is the actual digest of the data. It must be provided in
- * the case of detached data or NULL if the content will be included.
- *
- * This function already does all of the stuff specific to S/MIME protocol
- * and local policy; the return value just needs to be passed to
- * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
- * and finally to SEC_PKCS7DestroyContentInfo().
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-
-SEC_PKCS7ContentInfo *
-SECMIME_CreateSigned (CERTCertificate *scert,
- CERTCertificate *ecert,
- CERTCertDBHandle *certdb,
- SECOidTag digestalg,
- SECItem *digest,
- SECKEYGetPasswordKey pwfn,
- void *pwfn_arg)
-{
- SEC_PKCS7ContentInfo *cinfo;
- SECStatus rv;
-
- /* See note in header comment above about digestalg. */
- PORT_Assert (digestalg == SEC_OID_SHA1);
-
- cinfo = SEC_PKCS7CreateSignedData (scert, certUsageEmailSigner,
- certdb, digestalg, digest,
- pwfn, pwfn_arg);
- if (cinfo == NULL)
- return NULL;
-
- if (SEC_PKCS7IncludeCertChain (cinfo, NULL) != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
- }
-
- /* if the encryption cert and the signing cert differ, then include
- * the encryption cert too.
- */
- /* it is ok to compare the pointers since we ref count, and the same
- * cert will always have the same pointer
- */
- if ( ( ecert != NULL ) && ( ecert != scert ) ) {
- rv = SEC_PKCS7AddCertificate(cinfo, ecert);
- if ( rv != SECSuccess ) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
- }
- }
- /*
- * Add the signing time. But if it fails for some reason,
- * may as well not give up altogether -- just assert.
- */
- rv = SEC_PKCS7AddSigningTime (cinfo);
- PORT_Assert (rv == SECSuccess);
-
- /*
- * Add the email profile. Again, if it fails for some reason,
- * may as well not give up altogether -- just assert.
- */
- rv = smime_add_profile (ecert, cinfo);
- PORT_Assert (rv == SECSuccess);
-
- return cinfo;
-}
diff --git a/security/nss/lib/pkcs7/secmime.h b/security/nss/lib/pkcs7/secmime.h
deleted file mode 100644
index 6950e416f..000000000
--- a/security/nss/lib/pkcs7/secmime.h
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Header file for routines specific to S/MIME. Keep things that are pure
- * pkcs7 out of here; this is for S/MIME policy, S/MIME interoperability, etc.
- *
- * $Id$
- */
-
-#ifndef _SECMIME_H_
-#define _SECMIME_H_ 1
-
-#include "secpkcs7.h"
-
-
-/************************************************************************/
-SEC_BEGIN_PROTOS
-
-/*
- * Initialize the local recording of the user S/MIME cipher preferences.
- * This function is called once for each cipher, the order being
- * important (first call records greatest preference, and so on).
- * When finished, it is called with a "which" of CIPHER_FAMILID_MASK.
- * If the function is called again after that, it is assumed that
- * the preferences are being reset, and the old preferences are
- * discarded.
- *
- * XXX This is for a particular user, and right now the storage is
- * XXX local, static. The preference should be stored elsewhere to allow
- * XXX for multiple uses of one library? How does SSL handle this;
- * XXX it has something similar?
- *
- * - The "which" values are defined in ciferfam.h (the SMIME_* values,
- * for example SMIME_DES_CBC_56).
- * - If "on" is non-zero then the named cipher is enabled, otherwise
- * it is disabled. (It is not necessary to call the function for
- * ciphers that are disabled, however, as that is the default.)
- *
- * If the cipher preference is successfully recorded, SECSuccess
- * is returned. Otherwise SECFailure is returned. The only errors
- * are due to failure allocating memory or bad parameters/calls:
- * SEC_ERROR_XXX ("which" is not in the S/MIME cipher family)
- * SEC_ERROR_XXX (function is being called more times than there
- * are known/expected ciphers)
- */
-extern SECStatus SECMIME_EnableCipher(long which, int on);
-
-/*
- * Initialize the local recording of the S/MIME policy.
- * This function is called to enable/disable a particular cipher.
- * (S/MIME encryption or decryption using a particular cipher is only
- * allowed if that cipher is currently enabled.) At startup, all S/MIME
- * ciphers are disabled. From that point, this function can be called
- * to enable a cipher -- it is not necessary to call this to disable
- * a cipher unless that cipher was previously, explicitly enabled via
- * this function.
- *
- * XXX This is for a the current module, I think, so local, static storage
- * XXX is okay. Is that correct, or could multiple uses of the same
- * XXX library expect to operate under different policies?
- *
- * - The "which" values are defined in ciferfam.h (the SMIME_* values,
- * for example SMIME_DES_CBC_56).
- * - If "on" is non-zero then the named cipher is enabled, otherwise
- * it is disabled.
- *
- * If the cipher is successfully enabled/disabled, SECSuccess is
- * returned. Otherwise SECFailure is returned. The only errors
- * are due to bad parameters:
- * SEC_ERROR_XXX ("which" is not in the S/MIME cipher family)
- * SEC_ERROR_XXX ("which" exceeds expected maximum cipher; this is
- * really an internal error)
- */
-extern SECStatus SECMIME_SetPolicy(long which, int on);
-
-/*
- * Does the current policy allow S/MIME decryption of this particular
- * algorithm and keysize?
- */
-extern PRBool SECMIME_DecryptionAllowed(SECAlgorithmID *algid, PK11SymKey *key);
-
-/*
- * Does the current policy allow *any* S/MIME encryption (or decryption)?
- *
- * This tells whether or not *any* S/MIME encryption can be done,
- * according to policy. Callers may use this to do nicer user interface
- * (say, greying out a checkbox so a user does not even try to encrypt
- * a message when they are not allowed to) or for any reason they want
- * to check whether S/MIME encryption (or decryption, for that matter)
- * may be done.
- *
- * It takes no arguments. The return value is a simple boolean:
- * PR_TRUE means encryption (or decryption) is *possible*
- * (but may still fail due to other reasons, like because we cannot
- * find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
- * PR_FALSE means encryption (or decryption) is not permitted
- *
- * There are no errors from this routine.
- */
-extern PRBool SECMIME_EncryptionPossible(void);
-
-/*
- * Start an S/MIME encrypting context.
- *
- * "scert" is the cert for the sender. It will be checked for validity.
- * "rcerts" are the certs for the recipients. They will also be checked.
- *
- * "certdb" is the cert database to use for verifying the certs.
- * It can be NULL if a default database is available (like in the client).
- *
- * This function already does all of the stuff specific to S/MIME protocol
- * and local policy; the return value just needs to be passed to
- * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
- * and finally to SEC_PKCS7DestroyContentInfo().
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-extern SEC_PKCS7ContentInfo *SECMIME_CreateEncrypted(CERTCertificate *scert,
- CERTCertificate **rcerts,
- CERTCertDBHandle *certdb,
- SECKEYGetPasswordKey pwfn,
- void *pwfn_arg);
-
-/*
- * Start an S/MIME signing context.
- *
- * "scert" is the cert that will be used to sign the data. It will be
- * checked for validity.
- *
- * "certdb" is the cert database to use for verifying the cert.
- * It can be NULL if a default database is available (like in the client).
- *
- * "digestalg" names the digest algorithm. (It should be SEC_OID_SHA1;
- * XXX There should be SECMIME functions for hashing, or the hashing should
- * be built into this interface, which we would like because we would
- * support more smartcards that way, and then this argument should go away.)
- *
- * "digest" is the actual digest of the data. It must be provided in
- * the case of detached data or NULL if the content will be included.
- *
- * This function already does all of the stuff specific to S/MIME protocol
- * and local policy; the return value just needs to be passed to
- * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
- * and finally to SEC_PKCS7DestroyContentInfo().
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-extern SEC_PKCS7ContentInfo *SECMIME_CreateSigned(CERTCertificate *scert,
- CERTCertificate *ecert,
- CERTCertDBHandle *certdb,
- SECOidTag digestalg,
- SECItem *digest,
- SECKEYGetPasswordKey pwfn,
- void *pwfn_arg);
-
-/************************************************************************/
-SEC_END_PROTOS
-
-#endif /* _SECMIME_H_ */
diff --git a/security/nss/lib/pkcs7/secpkcs7.h b/security/nss/lib/pkcs7/secpkcs7.h
deleted file mode 100644
index 7a2b71b24..000000000
--- a/security/nss/lib/pkcs7/secpkcs7.h
+++ /dev/null
@@ -1,618 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Interface to the PKCS7 implementation.
- *
- * $Id$
- */
-
-#ifndef _SECPKCS7_H_
-#define _SECPKCS7_H_
-
-#include "seccomon.h"
-#include "mcom_db.h" /* needed by certt.h */
-
-#include "secoidt.h"
-#include "secder.h" /* needed by certt.h; XXX go away when possible */
-#include "certt.h"
-#include "keyt.h"
-#include "hasht.h"
-#include "pkcs7t.h"
-
-extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[];
-
-/************************************************************************/
-SEC_BEGIN_PROTOS
-
-/************************************************************************
- * Miscellaneous
- ************************************************************************/
-
-/*
- * Returns the content type of the given contentInfo.
- */
-extern SECOidTag SEC_PKCS7ContentType (SEC_PKCS7ContentInfo *cinfo);
-
-/*
- * Destroy a PKCS7 contentInfo and all of its sub-pieces.
- */
-extern void SEC_PKCS7DestroyContentInfo(SEC_PKCS7ContentInfo *contentInfo);
-
-/*
- * Copy a PKCS7 contentInfo. A Destroy is needed on *each* copy.
- */
-extern SEC_PKCS7ContentInfo *
-SEC_PKCS7CopyContentInfo(SEC_PKCS7ContentInfo *contentInfo);
-
-/*
- * Return a pointer to the actual content. In the case of those types
- * which are encrypted, this returns the *plain* content.
- */
-extern SECItem *SEC_PKCS7GetContent(SEC_PKCS7ContentInfo *cinfo);
-
-/************************************************************************
- * PKCS7 Decoding, Verification, etc..
- ************************************************************************/
-
-extern SEC_PKCS7DecoderContext *
-SEC_PKCS7DecoderStart(SEC_PKCS7DecoderContentCallback callback,
- void *callback_arg,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg,
- SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
- void *decrypt_key_cb_arg,
- SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb);
-
-extern SECStatus
-SEC_PKCS7DecoderUpdate(SEC_PKCS7DecoderContext *p7dcx,
- const char *buf, unsigned long len);
-
-extern SEC_PKCS7ContentInfo *
-SEC_PKCS7DecoderFinish(SEC_PKCS7DecoderContext *p7dcx);
-
-extern SEC_PKCS7ContentInfo *
-SEC_PKCS7DecodeItem(SECItem *p7item,
- SEC_PKCS7DecoderContentCallback cb, void *cb_arg,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg,
- SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
- void *decrypt_key_cb_arg,
- SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb);
-
-extern PRBool SEC_PKCS7ContainsCertsOrCrls(SEC_PKCS7ContentInfo *cinfo);
-
-/* checks to see if the contents of the content info is
- * empty. it so, PR_TRUE is returned. PR_FALSE, otherwise.
- *
- * minLen is used to specify a minimum size. if content size <= minLen,
- * content is assumed empty.
- */
-extern PRBool
-SEC_PKCS7IsContentEmpty(SEC_PKCS7ContentInfo *cinfo, unsigned int minLen);
-
-extern PRBool SEC_PKCS7ContentIsEncrypted(SEC_PKCS7ContentInfo *cinfo);
-
-/*
- * If the PKCS7 content has a signature (not just *could* have a signature)
- * return true; false otherwise. This can/should be called before calling
- * VerifySignature, which will always indicate failure if no signature is
- * present, but that does not mean there even was a signature!
- * Note that the content itself can be empty (detached content was sent
- * another way); it is the presence of the signature that matters.
- */
-extern PRBool SEC_PKCS7ContentIsSigned(SEC_PKCS7ContentInfo *cinfo);
-
-/*
- * SEC_PKCS7VerifySignature
- * Look at a PKCS7 contentInfo and check if the signature is good.
- * The verification checks that the signing cert is valid and trusted
- * for the purpose specified by "certusage".
- *
- * In addition, if "keepcerts" is true, add any new certificates found
- * into our local database.
- */
-extern PRBool SEC_PKCS7VerifySignature(SEC_PKCS7ContentInfo *cinfo,
- SECCertUsage certusage,
- PRBool keepcerts);
-
-/*
- * SEC_PKCS7VerifyDetachedSignature
- * Look at a PKCS7 contentInfo and check if the signature matches
- * a passed-in digest (calculated, supposedly, from detached contents).
- * The verification checks that the signing cert is valid and trusted
- * for the purpose specified by "certusage".
- *
- * In addition, if "keepcerts" is true, add any new certificates found
- * into our local database.
- */
-extern PRBool SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
- SECCertUsage certusage,
- SECItem *detached_digest,
- HASH_HashType digest_type,
- PRBool keepcerts);
-
-/*
- * SEC_PKCS7GetSignerCommonName, SEC_PKCS7GetSignerEmailAddress
- * The passed-in contentInfo is espected to be Signed, and these
- * functions return the specified portion of the full signer name.
- *
- * Returns a pointer to allocated memory, which must be freed.
- * A NULL return value is an error.
- */
-extern char *SEC_PKCS7GetSignerCommonName(SEC_PKCS7ContentInfo *cinfo);
-extern char *SEC_PKCS7GetSignerEmailAddress(SEC_PKCS7ContentInfo *cinfo);
-
-/*
- * Return the the signing time, in UTCTime format, of a PKCS7 contentInfo.
- */
-extern SECItem *SEC_PKCS7GetSigningTime(SEC_PKCS7ContentInfo *cinfo);
-
-
-/************************************************************************
- * PKCS7 Creation and Encoding.
- ************************************************************************/
-
-/*
- * Start a PKCS7 signing context.
- *
- * "cert" is the cert that will be used to sign the data. It will be
- * checked for validity.
- *
- * "certusage" describes the signing usage (e.g. certUsageEmailSigner)
- * XXX Maybe SECCertUsage should be split so that our caller just says
- * "email" and *we* add the "signing" part -- otherwise our caller
- * could be lying about the usage; we do not want to allow encryption
- * certs for signing or vice versa.
- *
- * "certdb" is the cert database to use for verifying the cert.
- * It can be NULL if a default database is available (like in the client).
- *
- * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
- *
- * "digest" is the actual digest of the data. It must be provided in
- * the case of detached data or NULL if the content will be included.
- *
- * The return value can be passed to functions which add things to
- * it like attributes, then eventually to SEC_PKCS7Encode() or to
- * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
- * SEC_PKCS7DestroyContentInfo().
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-extern SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateSignedData (CERTCertificate *cert,
- SECCertUsage certusage,
- CERTCertDBHandle *certdb,
- SECOidTag digestalg,
- SECItem *digest,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg);
-
-/*
- * Create a PKCS7 certs-only container.
- *
- * "cert" is the (first) cert that will be included.
- *
- * "include_chain" specifies whether the entire chain for "cert" should
- * be included.
- *
- * "certdb" is the cert database to use for finding the chain.
- * It can be NULL in when "include_chain" is false, or when meaning
- * use the default database.
- *
- * More certs and chains can be added via AddCertficate and AddCertChain.
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-extern SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateCertsOnly (CERTCertificate *cert,
- PRBool include_chain,
- CERTCertDBHandle *certdb);
-
-/*
- * Start a PKCS7 enveloping context.
- *
- * "cert" is the cert for the recipient. It will be checked for validity.
- *
- * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
- * XXX Maybe SECCertUsage should be split so that our caller just says
- * "email" and *we* add the "recipient" part -- otherwise our caller
- * could be lying about the usage; we do not want to allow encryption
- * certs for signing or vice versa.
- *
- * "certdb" is the cert database to use for verifying the cert.
- * It can be NULL if a default database is available (like in the client).
- *
- * "encalg" specifies the bulk encryption algorithm to use (e.g. SEC_OID_RC2).
- *
- * "keysize" specifies the bulk encryption key size, in bits.
- *
- * The return value can be passed to functions which add things to
- * it like more recipients, then eventually to SEC_PKCS7Encode() or to
- * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
- * SEC_PKCS7DestroyContentInfo().
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-extern SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateEnvelopedData (CERTCertificate *cert,
- SECCertUsage certusage,
- CERTCertDBHandle *certdb,
- SECOidTag encalg,
- int keysize,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg);
-
-/*
- * XXX There will be a similar routine for creating signedAndEnvelopedData.
- * But its parameters will be different and I have no plans to implement
- * it any time soon because we have no current need for it.
- */
-
-/*
- * Create an empty PKCS7 data content info.
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-extern SEC_PKCS7ContentInfo *SEC_PKCS7CreateData (void);
-
-/*
- * Create an empty PKCS7 encrypted content info.
- *
- * "algorithm" specifies the bulk encryption algorithm to use.
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-extern SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateEncryptedData (SECOidTag algorithm, int keysize,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg);
-
-/*
- * All of the following things return SECStatus to signal success or failure.
- * Failure should have a more specific error status available via
- * PORT_GetError()/XP_GetError().
- */
-
-/*
- * Add the specified attribute to the authenticated (i.e. signed) attributes
- * of "cinfo" -- "oidtag" describes the attribute and "value" is the
- * value to be associated with it. NOTE! "value" must already be encoded;
- * no interpretation of "oidtag" is done. Also, it is assumed that this
- * signedData has only one signer -- if we ever need to add attributes
- * when there is more than one signature, we need a way to specify *which*
- * signature should get the attribute.
- *
- * XXX Technically, a signed attribute can have multiple values; if/when
- * we ever need to support an attribute which takes multiple values, we
- * either need to change this interface or create an AddSignedAttributeValue
- * which can be called subsequently, and would then append a value.
- *
- * "cinfo" should be of type signedData (the only kind of pkcs7 data
- * that is allowed authenticated attributes); SECFailure will be returned
- * if it is not.
- */
-extern SECStatus SEC_PKCS7AddSignedAttribute (SEC_PKCS7ContentInfo *cinfo,
- SECOidTag oidtag,
- SECItem *value);
-
-/*
- * Add "cert" and its entire chain to the set of certs included in "cinfo".
- *
- * "certdb" is the cert database to use for finding the chain.
- * It can be NULL, meaning use the default database.
- *
- * "cinfo" should be of type signedData or signedAndEnvelopedData;
- * SECFailure will be returned if it is not.
- */
-extern SECStatus SEC_PKCS7AddCertChain (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert,
- CERTCertDBHandle *certdb);
-
-/*
- * Add "cert" to the set of certs included in "cinfo".
- *
- * "cinfo" should be of type signedData or signedAndEnvelopedData;
- * SECFailure will be returned if it is not.
- */
-extern SECStatus SEC_PKCS7AddCertificate (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert);
-
-/*
- * Add another recipient to an encrypted message.
- *
- * "cinfo" should be of type envelopedData or signedAndEnvelopedData;
- * SECFailure will be returned if it is not.
- *
- * "cert" is the cert for the recipient. It will be checked for validity.
- *
- * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
- * XXX Maybe SECCertUsage should be split so that our caller just says
- * "email" and *we* add the "recipient" part -- otherwise our caller
- * could be lying about the usage; we do not want to allow encryption
- * certs for signing or vice versa.
- *
- * "certdb" is the cert database to use for verifying the cert.
- * It can be NULL if a default database is available (like in the client).
- */
-extern SECStatus SEC_PKCS7AddRecipient (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert,
- SECCertUsage certusage,
- CERTCertDBHandle *certdb);
-
-/*
- * Add the signing time to the authenticated (i.e. signed) attributes
- * of "cinfo". This is expected to be included in outgoing signed
- * messages for email (S/MIME) but is likely useful in other situations.
- *
- * This should only be added once; a second call will either do
- * nothing or replace an old signing time with a newer one.
- *
- * XXX This will probably just shove the current time into "cinfo"
- * but it will not actually get signed until the entire item is
- * processed for encoding. Is this (expected to be small) delay okay?
- *
- * "cinfo" should be of type signedData (the only kind of pkcs7 data
- * that is allowed authenticated attributes); SECFailure will be returned
- * if it is not.
- */
-extern SECStatus SEC_PKCS7AddSigningTime (SEC_PKCS7ContentInfo *cinfo);
-
-/*
- * Add the signer's symmetric capabilities to the authenticated
- * (i.e. signed) attributes of "cinfo". This is expected to be
- * included in outgoing signed messages for email (S/MIME).
- *
- * This can only be added once; a second call will return SECFailure.
- *
- * "cinfo" should be of type signedData or signedAndEnvelopedData;
- * SECFailure will be returned if it is not.
- */
-extern SECStatus SEC_PKCS7AddSymmetricCapabilities(SEC_PKCS7ContentInfo *cinfo);
-
-/*
- * Mark that the signer's certificate and its issuing chain should
- * be included in the encoded data. This is expected to be used
- * in outgoing signed messages for email (S/MIME).
- *
- * "certdb" is the cert database to use for finding the chain.
- * It can be NULL, meaning use the default database.
- *
- * "cinfo" should be of type signedData or signedAndEnvelopedData;
- * SECFailure will be returned if it is not.
- */
-extern SECStatus SEC_PKCS7IncludeCertChain (SEC_PKCS7ContentInfo *cinfo,
- CERTCertDBHandle *certdb);
-
-
-/*
- * Set the content; it will be included and also hashed and/or encrypted
- * as appropriate. This is for in-memory content (expected to be "small")
- * that will be included in the PKCS7 object. All others should stream the
- * content through when encoding (see SEC_PKCS7Encoder{Start,Update,Finish}).
- *
- * "buf" points to data of length "len"; it will be copied.
- */
-extern SECStatus SEC_PKCS7SetContent (SEC_PKCS7ContentInfo *cinfo,
- const char *buf, unsigned long len);
-
-/*
- * Encode a PKCS7 object, in one shot. All necessary components
- * of the object must already be specified. Either the data has
- * already been included (via SetContent), or the data is detached,
- * or there is no data at all (certs-only).
- *
- * "cinfo" specifies the object to be encoded.
- *
- * "outputfn" is where the encoded bytes will be passed.
- *
- * "outputarg" is an opaque argument to the above callback.
- *
- * "bulkkey" specifies the bulk encryption key to use. This argument
- * can be NULL if no encryption is being done, or if the bulk key should
- * be generated internally (usually the case for EnvelopedData but never
- * for EncryptedData, which *must* provide a bulk encryption key).
- *
- * "pwfn" is a callback for getting the password which protects the
- * private key of the signer. This argument can be NULL if it is known
- * that no signing is going to be done.
- *
- * "pwfnarg" is an opaque argument to the above callback.
- */
-extern SECStatus SEC_PKCS7Encode (SEC_PKCS7ContentInfo *cinfo,
- SEC_PKCS7EncoderOutputCallback outputfn,
- void *outputarg,
- PK11SymKey *bulkkey,
- SECKEYGetPasswordKey pwfn,
- void *pwfnarg);
-
-/*
- * Encode a PKCS7 object, in one shot. All necessary components
- * of the object must already be specified. Either the data has
- * already been included (via SetContent), or the data is detached,
- * or there is no data at all (certs-only). The output, rather than
- * being passed to an output function as is done above, is all put
- * into a SECItem.
- *
- * "pool" specifies a pool from which to allocate the result.
- * It can be NULL, in which case memory is allocated generically.
- *
- * "dest" specifies a SECItem in which to put the result data.
- * It can be NULL, in which case the entire item is allocated, too.
- *
- * "cinfo" specifies the object to be encoded.
- *
- * "bulkkey" specifies the bulk encryption key to use. This argument
- * can be NULL if no encryption is being done, or if the bulk key should
- * be generated internally (usually the case for EnvelopedData but never
- * for EncryptedData, which *must* provide a bulk encryption key).
- *
- * "pwfn" is a callback for getting the password which protects the
- * private key of the signer. This argument can be NULL if it is known
- * that no signing is going to be done.
- *
- * "pwfnarg" is an opaque argument to the above callback.
- */
-extern SECItem *SEC_PKCS7EncodeItem (PRArenaPool *pool,
- SECItem *dest,
- SEC_PKCS7ContentInfo *cinfo,
- PK11SymKey *bulkkey,
- SECKEYGetPasswordKey pwfn,
- void *pwfnarg);
-
-/*
- * For those who want to simply point to the pkcs7 contentInfo ASN.1
- * template, and *not* call the encoding functions directly, the
- * following function can be used -- after it is called, the entire
- * PKCS7 contentInfo is ready to be encoded.
- */
-extern SECStatus SEC_PKCS7PrepareForEncode (SEC_PKCS7ContentInfo *cinfo,
- PK11SymKey *bulkkey,
- SECKEYGetPasswordKey pwfn,
- void *pwfnarg);
-
-/*
- * Start the process of encoding a PKCS7 object. The first part of
- * the encoded object will be passed to the output function right away;
- * after that it is expected that SEC_PKCS7EncoderUpdate will be called,
- * streaming in the actual content that is getting included as well as
- * signed or encrypted (or both).
- *
- * "cinfo" specifies the object to be encoded.
- *
- * "outputfn" is where the encoded bytes will be passed.
- *
- * "outputarg" is an opaque argument to the above callback.
- *
- * "bulkkey" specifies the bulk encryption key to use. This argument
- * can be NULL if no encryption is being done, or if the bulk key should
- * be generated internally (usually the case for EnvelopedData but never
- * for EncryptedData, which *must* provide a bulk encryption key).
- *
- * Returns an object to be passed to EncoderUpdate and EncoderFinish.
- */
-extern SEC_PKCS7EncoderContext *
-SEC_PKCS7EncoderStart (SEC_PKCS7ContentInfo *cinfo,
- SEC_PKCS7EncoderOutputCallback outputfn,
- void *outputarg,
- PK11SymKey *bulkkey);
-
-/*
- * Encode more contents, hashing and/or encrypting along the way.
- */
-extern SECStatus SEC_PKCS7EncoderUpdate (SEC_PKCS7EncoderContext *p7ecx,
- const char *buf,
- unsigned long len);
-
-/*
- * No more contents; finish the signature creation, if appropriate,
- * and then the encoding.
- *
- * "pwfn" is a callback for getting the password which protects the
- * signer's private key. This argument can be NULL if it is known
- * that no signing is going to be done.
- *
- * "pwfnarg" is an opaque argument to the above callback.
- */
-extern SECStatus SEC_PKCS7EncoderFinish (SEC_PKCS7EncoderContext *p7ecx,
- SECKEYGetPasswordKey pwfn,
- void *pwfnarg);
-
-/* retrieve the algorithm ID used to encrypt the content info
- * for encrypted and enveloped data. The SECAlgorithmID pointer
- * returned needs to be freed as it is a copy of the algorithm
- * id in the content info.
- */
-extern SECAlgorithmID *
-SEC_PKCS7GetEncryptionAlgorithm(SEC_PKCS7ContentInfo *cinfo);
-
-/* the content of an encrypted data content info is encrypted.
- * it is assumed that for encrypted data, that the data has already
- * been set and is in the "plainContent" field of the content info.
- *
- * cinfo is the content info to encrypt
- *
- * key is the key with which to perform the encryption. if the
- * algorithm is a password based encryption algorithm, the
- * key is actually a password which will be processed per
- * PKCS #5.
- *
- * in the event of an error, SECFailure is returned. SECSuccess
- * indicates a success.
- */
-extern SECStatus
-SEC_PKCS7EncryptContents(PRArenaPool *poolp,
- SEC_PKCS7ContentInfo *cinfo,
- SECItem *key,
- void *wincx);
-
-/* the content of an encrypted data content info is decrypted.
- * it is assumed that for encrypted data, that the data has already
- * been set and is in the "encContent" field of the content info.
- *
- * cinfo is the content info to decrypt
- *
- * key is the key with which to perform the decryption. if the
- * algorithm is a password based encryption algorithm, the
- * key is actually a password which will be processed per
- * PKCS #5.
- *
- * in the event of an error, SECFailure is returned. SECSuccess
- * indicates a success.
- */
-extern SECStatus
-SEC_PKCS7DecryptContents(PRArenaPool *poolp,
- SEC_PKCS7ContentInfo *cinfo,
- SECItem *key,
- void *wincx);
-
-/* retrieve the certificate list from the content info. the list
- * is a pointer to the list in the content info. this should not
- * be deleted or freed in any way short of calling
- * SEC_PKCS7DestroyContentInfo
- */
-extern SECItem **
-SEC_PKCS7GetCertificateList(SEC_PKCS7ContentInfo *cinfo);
-
-/* Returns the key length (in bits) of the algorithm used to encrypt
- this object. Returns 0 if it's not encrypted, or the key length is
- irrelevant. */
-extern int
-SEC_PKCS7GetKeyLength(SEC_PKCS7ContentInfo *cinfo);
-
-
-/************************************************************************/
-SEC_END_PROTOS
-
-#endif /* _SECPKCS7_H_ */
diff --git a/security/nss/lib/pki/nsspki.h b/security/nss/lib/pki/nsspki.h
deleted file mode 100644
index c8da14050..000000000
--- a/security/nss/lib/pki/nsspki.h
+++ /dev/null
@@ -1,3161 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSPKI_H
-#define NSSPKI_H
-
-#ifdef DEBUG
-static const char NSSPKI_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nsspki.h
- *
- * This file prototypes the methods of the top-level PKI objects.
- */
-
-#ifndef NSSPKIT_H
-#include "nsspkit.h"
-#endif /* NSSPKIT_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * A note about interfaces
- *
- * Although these APIs are specified in C, a language which does
- * not have fancy support for abstract interfaces, this library
- * was designed from an object-oriented perspective. It may be
- * useful to consider the standard interfaces which went into
- * the writing of these APIs.
- *
- * Basic operations on all objects:
- * Destroy -- free a pointer to an object
- * DeleteStoredObject -- delete an object permanently
- *
- * Public Key cryptographic operations:
- * Encrypt
- * Verify
- * VerifyRecover
- * Wrap
- * Derive
- *
- * Private Key cryptographic operations:
- * IsStillPresent
- * Decrypt
- * Sign
- * SignRecover
- * Unwrap
- * Derive
- *
- * Symmetric Key cryptographic operations:
- * IsStillPresent
- * Encrypt
- * Decrypt
- * Sign
- * SignRecover
- * Verify
- * VerifyRecover
- * Wrap
- * Unwrap
- * Derive
- *
- */
-
-/*
- * NSSCertificate
- *
- * These things can do crypto ops like public keys, except that the trust,
- * usage, and other constraints are checked. These objects are "high-level,"
- * so trust, usages, etc. are in the form we throw around (client auth,
- * email signing, etc.). Remember that theoretically another implementation
- * (think PGP) could be beneath this object.
- */
-
-/*
- * NSSCertificate_Destroy
- *
- * Free a pointer to a certificate object.
- */
-
-NSS_EXTERN PRStatus
-NSSCertificate_Destroy
-(
- NSSCertificate *c
-);
-
-/*
- * NSSCertificate_DeleteStoredObject
- *
- * Permanently remove this certificate from storage. If this is the
- * only (remaining) certificate corresponding to a private key,
- * public key, and/or other object; then that object (those objects)
- * are deleted too.
- */
-
-NSS_EXTERN PRStatus
-NSSCertificate_DeleteStoredObject
-(
- NSSCertificate *c,
- NSSCallback *uhh
-);
-
-/*
- * NSSCertificate_Validate
- *
- * Verify that this certificate is trusted, for the specified usage(s),
- * at the specified time, {word word} the specified policies.
- */
-
-NSS_EXTERN PRStatus
-NSSCertificate_Validate
-(
- NSSCertificate *c,
- NSSTime *timeOpt, /* NULL for "now" */
- NSSUsage *usage,
- NSSPolicies *policiesOpt /* NULL for none */
-);
-
-/*
- * NSSCertificate_ValidateCompletely
- *
- * Verify that this certificate is trusted. The difference between
- * this and the previous call is that NSSCertificate_Validate merely
- * returns success or failure with an appropriate error stack.
- * However, there may be (and often are) multiple problems with a
- * certificate. This routine returns an array of errors, specifying
- * every problem.
- */
-
-/*
- * Return value must be an array of objects, each of which has
- * an NSSError, and any corresponding certificate (in the chain)
- * and/or policy.
- */
-
-NSS_EXTERN void ** /* void *[] */
-NSSCertificate_ValidateCompletely
-(
- NSSCertificate *c,
- NSSTime *timeOpt, /* NULL for "now" */
- NSSUsage *usage,
- NSSPolicies *policiesOpt, /* NULL for none */
- void **rvOpt, /* NULL for allocate */
- PRUint32 rvLimit, /* zero for no limit */
- NSSArena *arenaOpt /* NULL for heap */
-);
-
-/*
- * NSSCertificate_ValidateAndDiscoverUsagesAndPolicies
- *
- * Returns PR_SUCCESS if the certificate is valid for at least something.
- */
-
-NSS_EXTERN PRStatus
-NSSCertificate_ValidateAndDiscoverUsagesAndPolicies
-(
- NSSCertificate *c,
- NSSTime **notBeforeOutOpt,
- NSSTime **notAfterOutOpt,
- void *allowedUsages,
- void *disallowedUsages,
- void *allowedPolicies,
- void *disallowedPolicies,
- /* more args.. work on this fgmr */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCertificate_Encode
- *
- */
-
-NSS_EXTERN NSSDER *
-NSSCertificate_Encode
-(
- NSSCertificate *c,
- NSSDER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCertificate_BuildChain
- *
- * This routine returns NSSCertificate *'s for each certificate
- * in the "chain" starting from the specified one up to and
- * including the root. The zeroth element in the array is the
- * specified ("leaf") certificate.
- */
-
-NSS_EXTERN NSSCertificate **
-NSSCertificate_BuildChain
-(
- NSSCertificate *c,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt,
- NSSCertificate **rvOpt,
- PRUint32 rvLimit, /* zero for no limit */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCertificate_GetTrustDomain
- *
- */
-
-NSS_EXTERN NSSTrustDomain *
-NSSCertificate_GetTrustDomain
-(
- NSSCertificate *c
-);
-
-/*
- * NSSCertificate_GetToken
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSToken *
-NSSCertificate_GetToken
-(
- NSSCertificate *c,
- PRStatus *statusOpt
-);
-
-/*
- * NSSCertificate_GetSlot
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSSlot *
-NSSCertificate_GetSlot
-(
- NSSCertificate *c,
- PRStatus *statusOpt
-);
-
-/*
- * NSSCertificate_GetModule
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSModule *
-NSSCertificate_GetModule
-(
- NSSCertificate *c,
- PRStatus *statusOpt
-);
-
-/*
- * NSSCertificate_Encrypt
- *
- * Encrypt a single chunk of data with the public key corresponding to
- * this certificate.
- */
-
-NSS_EXTERN NSSItem *
-NSSCertificate_Encrypt
-(
- NSSCertificate *c,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCertificate_Verify
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCertificate_Verify
-(
- NSSCertificate *c,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSItem *signature,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt,
- NSSCallback *uhh
-);
-
-/*
- * NSSCertificate_VerifyRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCertificate_VerifyRecover
-(
- NSSCertificate *c,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *signature,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCertificate_WrapSymmetricKey
- *
- * This method tries very hard to to succeed, even in situations
- * involving sensitive keys and multiple modules.
- * { relyea: want to add verbiage? }
- */
-
-NSS_EXTERN NSSItem *
-NSSCertificate_WrapSymmetricKey
-(
- NSSCertificate *c,
- NSSAlgorithmAndParameters *apOpt,
- NSSSymmetricKey *keyToWrap,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCertificate_CreateCryptoContext
- *
- * Create a crypto context, in this certificate's trust domain, with this
- * as the distinguished certificate.
- */
-
-NSS_EXTERN NSSCryptoContext *
-NSSCertificate_CreateCryptoContext
-(
- NSSCertificate *c,
- NSSAlgorithmAndParameters *apOpt,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt,
- NSSCallback *uhh
-);
-
-/*
- * NSSCertificate_GetPublicKey
- *
- * Returns the public key corresponding to this certificate.
- */
-
-NSS_EXTERN NSSPublicKey *
-NSSCertificate_GetPublicKey
-(
- NSSCertificate *c
-);
-
-/*
- * NSSCertificate_FindPrivateKey
- *
- * Finds and returns the private key corresponding to this certificate,
- * if it is available.
- *
- * { Should this hang off of NSSUserCertificate? }
- */
-
-NSS_EXTERN NSSPrivateKey *
-NSSCertificate_FindPrivateKey
-(
- NSSCertificate *c,
- NSSCallback *uhh
-);
-
-/*
- * NSSCertificate_IsPrivateKeyAvailable
- *
- * Returns success if the private key corresponding to this certificate
- * is available to be used.
- *
- * { Should *this* hang off of NSSUserCertificate?? }
- */
-
-NSS_EXTERN PRBool
-NSSCertificate_IsPrivateKeyAvailable
-(
- NSSCertificate *c,
- NSSCallback *uhh,
- PRStatus *statusOpt
-);
-
-/*
- * If we make NSSUserCertificate not a typedef of NSSCertificate,
- * then we'll need implementations of the following:
- *
- * NSSUserCertificate_Destroy
- * NSSUserCertificate_DeleteStoredObject
- * NSSUserCertificate_Validate
- * NSSUserCertificate_ValidateCompletely
- * NSSUserCertificate_ValidateAndDiscoverUsagesAndPolicies
- * NSSUserCertificate_Encode
- * NSSUserCertificate_BuildChain
- * NSSUserCertificate_GetTrustDomain
- * NSSUserCertificate_GetToken
- * NSSUserCertificate_GetSlot
- * NSSUserCertificate_GetModule
- * NSSUserCertificate_GetCryptoContext
- * NSSUserCertificate_GetPublicKey
- */
-
-/*
- * NSSUserCertificate_IsStillPresent
- *
- * Verify that if this certificate lives on a token, that the token
- * is still present and the certificate still exists. This is a
- * lightweight call which should be used whenever it should be
- * verified that the user hasn't perhaps popped out his or her
- * token and strolled away.
- */
-
-NSS_EXTERN PRBool
-NSSUserCertificate_IsStillPresent
-(
- NSSUserCertificate *uc,
- PRStatus *statusOpt
-);
-
-/*
- * NSSUserCertificate_Decrypt
- *
- * Decrypt a single chunk of data with the private key corresponding
- * to this certificate.
- */
-
-NSS_EXTERN NSSItem *
-NSSUserCertificate_Decrypt
-(
- NSSUserCertificate *uc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSUserCertificate_Sign
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSUserCertificate_Sign
-(
- NSSUserCertificate *uc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSUserCertificate_SignRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSUserCertificate_SignRecover
-(
- NSSUserCertificate *uc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSUserCertificate_UnwrapSymmetricKey
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSUserCertificate_UnwrapSymmetricKey
-(
- NSSUserCertificate *uc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *wrappedKey,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSUserCertificate_DeriveSymmetricKey
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSUserCertificate_DeriveSymmetricKey
-(
- NSSUserCertificate *uc, /* provides private key */
- NSSCertificate *c, /* provides public key */
- NSSAlgorithmAndParameters *apOpt,
- NSSOID *target,
- PRUint32 keySizeOpt, /* zero for best allowed */
- NSSOperations operations,
- NSSCallback *uhh
-);
-
-/* filter-certs function(s) */
-
-/**
- ** fgmr -- trust objects
- **/
-
-/*
- * NSSPrivateKey
- *
- */
-
-/*
- * NSSPrivateKey_Destroy
- *
- * Free a pointer to a private key object.
- */
-
-NSS_EXTERN PRStatus
-NSSPrivateKey_Destroy
-(
- NSSPrivateKey *vk
-);
-
-/*
- * NSSPrivateKey_DeleteStoredObject
- *
- * Permanently remove this object, and any related objects (such as the
- * certificates corresponding to this key).
- */
-
-NSS_EXTERN PRStatus
-NSSPrivateKey_DeleteStoredObject
-(
- NSSPrivateKey *vk,
- NSSCallback *uhh
-);
-
-/*
- * NSSPrivateKey_GetSignatureLength
- *
- */
-
-NSS_EXTERN PRUint32
-NSSPrivateKey_GetSignatureLength
-(
- NSSPrivateKey *vk
-);
-
-/*
- * NSSPrivateKey_GetPrivateModulusLength
- *
- */
-
-NSS_EXTERN PRUint32
-NSSPrivateKey_GetPrivateModulusLength
-(
- NSSPrivateKey *vk
-);
-
-/*
- * NSSPrivateKey_IsStillPresent
- *
- */
-
-NSS_EXTERN PRBool
-NSSPrivateKey_IsStillPresent
-(
- NSSPrivateKey *vk,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPrivateKey_Encode
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSPrivateKey_Encode
-(
- NSSPrivateKey *vk,
- NSSAlgorithmAndParameters *ap,
- NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */
- NSSCallback *uhhOpt,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPrivateKey_GetTrustDomain
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSTrustDomain *
-NSSPrivateKey_GetTrustDomain
-(
- NSSPrivateKey *vk,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPrivateKey_GetToken
- *
- */
-
-NSS_EXTERN NSSToken *
-NSSPrivateKey_GetToken
-(
- NSSPrivateKey *vk
-);
-
-/*
- * NSSPrivateKey_GetSlot
- *
- */
-
-NSS_EXTERN NSSSlot *
-NSSPrivateKey_GetSlot
-(
- NSSPrivateKey *vk
-);
-
-/*
- * NSSPrivateKey_GetModule
- *
- */
-
-NSS_EXTERN NSSModule *
-NSSPrivateKey_GetModule
-(
- NSSPrivateKey *vk
-);
-
-/*
- * NSSPrivateKey_Decrypt
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSPrivateKey_Decrypt
-(
- NSSPrivateKey *vk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *encryptedData,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPrivateKey_Sign
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSPrivateKey_Sign
-(
- NSSPrivateKey *vk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPrivateKey_SignRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSPrivateKey_SignRecover
-(
- NSSPrivateKey *vk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPrivateKey_UnwrapSymmetricKey
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSPrivateKey_UnwrapSymmetricKey
-(
- NSSPrivateKey *vk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *wrappedKey,
- NSSCallback *uhh
-);
-
-/*
- * NSSPrivateKey_DeriveSymmetricKey
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSPrivateKey_DeriveSymmetricKey
-(
- NSSPrivateKey *vk,
- NSSPublicKey *bk,
- NSSAlgorithmAndParameters *apOpt,
- NSSOID *target,
- PRUint32 keySizeOpt, /* zero for best allowed */
- NSSOperations operations,
- NSSCallback *uhh
-);
-
-/*
- * NSSPrivateKey_FindPublicKey
- *
- */
-
-NSS_EXTERN NSSPublicKey *
-NSSPrivateKey_FindPublicKey
-(
- NSSPrivateKey *vk
- /* { don't need the callback here, right? } */
-);
-
-/*
- * NSSPrivateKey_CreateCryptoContext
- *
- * Create a crypto context, in this key's trust domain,
- * with this as the distinguished private key.
- */
-
-NSS_EXTERN NSSCryptoContext *
-NSSPrivateKey_CreateCryptoContext
-(
- NSSPrivateKey *vk
- NSSAlgorithmAndParameters *apOpt,
- NSSCallback *uhh
-);
-
-/*
- * NSSPrivateKey_FindCertificates
- *
- * Note that there may be more than one certificate for this
- * private key. { FilterCertificates function to further
- * reduce the list. }
- */
-
-NSS_EXTERN NSSCertificate **
-NSSPrivateKey_FindCertificates
-(
- NSSPrivateKey *vk,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt, /* 0 for no max */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPrivateKey_FindBestCertificate
- *
- * The parameters for this function will depend on what the users
- * need. This is just a starting point.
- */
-
-NSS_EXTERN NSSCertificate *
-NSSPrivateKey_FindBestCertificate
-(
- NSSPrivateKey *vk,
- NSSTime *timeOpt,
- NSSUsage *usageOpt,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSPublicKey
- *
- * Once you generate, find, or derive one of these, you can use it
- * to perform (simple) cryptographic operations. Though there may
- * be certificates associated with these public keys, they are not
- * verified.
- */
-
-/*
- * NSSPublicKey_Destroy
- *
- * Free a pointer to a public key object.
- */
-
-NSS_EXTERN PRStatus
-NSSPublicKey_Destroy
-(
- NSSPublicKey *bk
-);
-
-/*
- * NSSPublicKey_DeleteStoredObject
- *
- * Permanently remove this object, and any related objects (such as the
- * corresponding private keys and certificates).
- */
-
-NSS_EXTERN PRStatus
-NSSPublicKey_DeleteStoredObject
-(
- NSSPublicKey *bk,
- NSSCallback *uhh
-);
-
-/*
- * NSSPublicKey_Encode
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSPublicKey_Encode
-(
- NSSPublicKey *bk,
- NSSAlgorithmAndParameters *ap,
- NSSCallback *uhhOpt,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPublicKey_GetTrustDomain
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSTrustDomain *
-NSSPublicKey_GetTrustDomain
-(
- NSSPublicKey *bk,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPublicKey_GetToken
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSToken *
-NSSPublicKey_GetToken
-(
- NSSPublicKey *bk,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPublicKey_GetSlot
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSSlot *
-NSSPublicKey_GetSlot
-(
- NSSPublicKey *bk,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPublicKey_GetModule
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSModule *
-NSSPublicKey_GetModule
-(
- NSSPublicKey *bk,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPublicKey_Encrypt
- *
- * Encrypt a single chunk of data with the public key corresponding to
- * this certificate.
- */
-
-NSS_EXTERN NSSItem *
-NSSPublicKey_Encrypt
-(
- NSSPublicKey *bk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPublicKey_Verify
- *
- */
-
-NSS_EXTERN PRStatus
-NSSPublicKey_Verify
-(
- NSSPublicKey *bk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSItem *signature,
- NSSCallback *uhh
-);
-
-/*
- * NSSPublicKey_VerifyRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSPublicKey_VerifyRecover
-(
- NSSPublicKey *bk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *signature,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPublicKey_WrapSymmetricKey
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSPublicKey_WrapSymmetricKey
-(
- NSSPublicKey *bk,
- NSSAlgorithmAndParameters *apOpt,
- NSSSymmetricKey *keyToWrap,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPublicKey_CreateCryptoContext
- *
- * Create a crypto context, in this key's trust domain, with this
- * as the distinguished public key.
- */
-
-NSS_EXTERN NSSCryptoContext *
-NSSPublicKey_CreateCryptoContext
-(
- NSSPublicKey *bk
- NSSAlgorithmAndParameters *apOpt,
- NSSCallback *uhh
-);
-
-/*
- * NSSPublicKey_FindCertificates
- *
- * Note that there may be more than one certificate for this
- * public key. The current implementation may not find every
- * last certificate available for this public key: that would
- * involve trolling e.g. huge ldap databases, which will be
- * grossly inefficient and not generally useful.
- * { FilterCertificates function to further reduce the list }
- */
-
-NSS_EXTERN NSSCertificate **
-NSSPublicKey_FindCertificates
-(
- NSSPublicKey *bk,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt, /* 0 for no max */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPrivateKey_FindBestCertificate
- *
- * The parameters for this function will depend on what the users
- * need. This is just a starting point.
- */
-
-NSS_EXTERN NSSCertificate *
-NSSPublicKey_FindBestCertificate
-(
- NSSPublicKey *bk,
- NSSTime *timeOpt,
- NSSUsage *usageOpt,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSPublicKey_FindPrivateKey
- *
- */
-
-NSS_EXTERN NSSPrivateKey *
-NSSPublicKey_FindPrivateKey
-(
- NSSPublicKey *bk,
- NSSCallback *uhh
-);
-
-/*
- * NSSSymmetricKey
- *
- */
-
-/*
- * NSSSymmetricKey_Destroy
- *
- * Free a pointer to a symmetric key object.
- */
-
-NSS_EXTERN PRStatus
-NSSSymmetricKey_Destroy
-(
- NSSSymmetricKey *mk
-);
-
-/*
- * NSSSymmetricKey_DeleteStoredObject
- *
- * Permanently remove this object.
- */
-
-NSS_EXTERN PRStatus
-NSSSymmetricKey_DeleteStoredObject
-(
- NSSSymmetricKey *mk,
- NSSCallback *uhh
-);
-
-/*
- * NSSSymmetricKey_GetKeyLength
- *
- */
-
-NSS_EXTERN PRUint32
-NSSSymmetricKey_GetKeyLength
-(
- NSSSymmetricKey *mk
-);
-
-/*
- * NSSSymmetricKey_GetKeyStrength
- *
- */
-
-NSS_EXTERN PRUint32
-NSSSymmetricKey_GetKeyStrength
-(
- NSSSymmetricKey *mk
-);
-
-/*
- * NSSSymmetricKey_IsStillPresent
- *
- */
-
-NSS_EXTERN PRStatus
-NSSSymmetricKey_IsStillPresent
-(
- NSSSymmetricKey *mk
-);
-
-/*
- * NSSSymmetricKey_GetTrustDomain
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSTrustDomain *
-NSSSymmetricKey_GetTrustDomain
-(
- NSSSymmetricKey *mk,
- PRStatus *statusOpt
-);
-
-/*
- * NSSSymmetricKey_GetToken
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSToken *
-NSSSymmetricKey_GetToken
-(
- NSSSymmetricKey *mk,
- PRStatus *statusOpt
-);
-
-/*
- * NSSSymmetricKey_GetSlot
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSSlot *
-NSSSymmetricKey_GetSlot
-(
- NSSSymmetricKey *mk,
- PRStatus *statusOpt
-);
-
-/*
- * NSSSymmetricKey_GetModule
- *
- * There doesn't have to be one.
- */
-
-NSS_EXTERN NSSModule *
-NSSSymmetricKey_GetModule
-(
- NSSSymmetricKey *mk,
- PRStatus *statusOpt
-);
-
-/*
- * NSSSymmetricKey_Encrypt
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSSymmetricKey_Encrypt
-(
- NSSSymmetricKey *mk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSSymmetricKey_Decrypt
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSSymmetricKey_Decrypt
-(
- NSSSymmetricKey *mk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *encryptedData,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSSymmetricKey_Sign
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSSymmetricKey_Sign
-(
- NSSSymmetricKey *mk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSSymmetricKey_SignRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSSymmetricKey_SignRecover
-(
- NSSSymmetricKey *mk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSSymmetricKey_Verify
- *
- */
-
-NSS_EXTERN PRStatus
-NSSSymmetricKey_Verify
-(
- NSSSymmetricKey *mk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSItem *signature,
- NSSCallback *uhh
-);
-
-/*
- * NSSSymmetricKey_VerifyRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSSymmetricKey_VerifyRecover
-(
- NSSSymmetricKey *mk,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *signature,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSSymmetricKey_WrapSymmetricKey
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSSymmetricKey_WrapSymmetricKey
-(
- NSSSymmetricKey *wrappingKey,
- NSSAlgorithmAndParameters *apOpt,
- NSSSymmetricKey *keyToWrap,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSSymmetricKey_WrapPrivateKey
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSSymmetricKey_WrapPrivateKey
-(
- NSSSymmetricKey *wrappingKey,
- NSSAlgorithmAndParameters *apOpt,
- NSSPrivateKey *keyToWrap,
- NSSCallback *uhh,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSSymmetricKey_UnwrapSymmetricKey
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSSymmetricKey_UnwrapSymmetricKey
-(
- NSSSymmetricKey *wrappingKey,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *wrappedKey,
- NSSOID *target,
- PRUint32 keySizeOpt,
- NSSOperations operations,
- NSSCallback *uhh
-);
-
-/*
- * NSSSymmetricKey_UnwrapPrivateKey
- *
- */
-
-NSS_EXTERN NSSPrivateKey *
-NSSSymmetricKey_UnwrapPrivateKey
-(
- NSSSymmetricKey *wrappingKey,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *wrappedKey,
- NSSUTF8 *labelOpt,
- NSSItem *keyIDOpt,
- PRBool persistant,
- PRBool sensitive,
- NSSToken *destinationOpt,
- NSSCallback *uhh
-);
-
-/*
- * NSSSymmetricKey_DeriveSymmetricKey
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSSymmetricKey_DeriveSymmetricKey
-(
- NSSSymmetricKey *originalKey,
- NSSAlgorithmAndParameters *apOpt,
- NSSOID *target,
- PRUint32 keySizeOpt,
- NSSOperations operations,
- NSSCallback *uhh
-);
-
-/*
- * NSSSymmetricKey_CreateCryptoContext
- *
- * Create a crypto context, in this key's trust domain,
- * with this as the distinguished symmetric key.
- */
-
-NSS_EXTERN NSSCryptoContext *
-NSSSymmetricKey_CreateCryptoContext
-(
- NSSSymmetricKey *mk,
- NSSAlgorithmAndParameters *apOpt,
- NSSCallback *uhh
-);
-
-/*
- * NSSTrustDomain
- *
- */
-
-/*
- * NSSTrustDomain_Create
- *
- * This creates a trust domain, optionally with an initial cryptoki
- * module. If the module name is not null, the module is loaded if
- * needed (using the uriOpt argument), and initialized with the
- * opaqueOpt argument. If mumble mumble priority settings, then
- * module-specification objects in the module can cause the loading
- * and initialization of further modules.
- *
- * The uriOpt is defined to take a URI. At present, we only
- * support file: URLs pointing to platform-native shared libraries.
- * However, by specifying this as a URI, this keeps open the
- * possibility of supporting other, possibly remote, resources.
- *
- * The "reserved" arguments is held for when we figure out the
- * module priority stuff.
- */
-
-NSS_EXTERN NSSTrustDomain *
-NSSTrustDomain_Create
-(
- NSSUTF8 *moduleOpt,
- NSSUTF8 *uriOpt,
- NSSUTF8 *opaqueOpt,
- void *reserved
-);
-
-/*
- * NSSTrustDomain_Destroy
- *
- */
-
-NSS_EXTERN PRStatus
-NSSTrustDomain_Destroy
-(
- NSSTrustDomain *td
-);
-
-/*
- * NSSTrustDomain_SetDefaultCallback
- *
- */
-
-NSS_EXTERN PRStatus
-NSSTrustDomain_SetDefaultCallback
-(
- NSSTrustDomain *td,
- NSSCallback *newCallback,
- NSSCallback **oldCallbackOpt
-);
-
-/*
- * NSSTrustDomain_GetDefaultCallback
- *
- */
-
-NSS_EXTERN NSSCallback *
-NSSTrustDomain_GetDefaultCallback
-(
- NSSTrustDomain *td,
- PRStatus *statusOpt
-);
-
-/*
- * Default policies?
- * Default usage?
- * Default time, for completeness?
- */
-
-/*
- * NSSTrustDomain_LoadModule
- *
- */
-
-NSS_EXTERN PRStatus
-NSSTrustDomain_LoadModule
-(
- NSSUTF8 *moduleOpt,
- NSSUTF8 *uriOpt,
- NSSUTF8 *opaqueOpt,
- void *reserved
-);
-
-/*
- * NSSTrustDomain_AddModule
- * NSSTrustDomain_AddSlot
- * NSSTrustDomain_UnloadModule
- * Managing modules, slots, tokens; priorities;
- * Traversing all of the above
- * this needs more work
- */
-
-/*
- * NSSTrustDomain_DisableToken
- *
- */
-
-NSS_EXTERN PRStatus
-NSSTrustDomain_DisableToken
-(
- NSSTrustDomain *td,
- NSSToken *token,
- NSSError why
-);
-
-/*
- * NSSTrustDomain_EnableToken
- *
- */
-
-NSS_EXTERN PRStatus
-NSSTrustDomain_EnableToken
-(
- NSSTrustDomain *td,
- NSSToken *token
-);
-
-/*
- * NSSTrustDomain_IsTokenEnabled
- *
- * If disabled, "why" is always on the error stack.
- * The optional argument is just for convenience.
- */
-
-NSS_EXTERN PRStatus
-NSSTrustDomain_IsTokenEnabled
-(
- NSSTrustDomain *td,
- NSSToken *token,
- NSSError *whyOpt
-);
-
-/*
- * NSSTrustDomain_FindSlotByName
- *
- */
-
-NSS_EXTERN NSSSlot *
-NSSTrustDomain_FindSlotByName
-(
- NSSTrustDomain *td,
- NSSUTF8 *slotName
-);
-
-/*
- * NSSTrustDomain_FindTokenByName
- *
- */
-
-NSS_EXTERN NSSToken *
-NSSTrustDomain_FindTokenByName
-(
- NSSTrustDomain *td,
- NSSUTF8 *tokenName
-);
-
-/*
- * NSSTrustDomain_FindTokenBySlotName
- *
- */
-
-NSS_EXTERN NSSToken *
-NSSTrustDomain_FindTokenBySlotName
-(
- NSSTrustDomain *td,
- NSSUTF8 *slotName
-);
-
-/*
- * NSSTrustDomain_FindBestTokenForAlgorithm
- *
- */
-
-NSS_EXTERN NSSToken *
-NSSTrustDomain_FindTokenForAlgorithm
-(
- NSSTrustDomain *td,
- NSSOID *algorithm
-);
-
-/*
- * NSSTrustDomain_FindBestTokenForAlgorithms
- *
- */
-
-NSS_EXTERN NSSToken *
-NSSTrustDomain_FindBestTokenForAlgorithms
-(
- NSSTrustDomain *td,
- NSSOID *algorithms[], /* may be null-terminated */
- PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
-);
-
-/*
- * NSSTrustDomain_Login
- *
- */
-
-NSS_EXTERN PRStatus
-NSSTrustDomain_Login
-(
- NSSTrustDomain *td,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSTrustDomain_Logout
- *
- */
-
-NSS_EXTERN PRStatus
-NSSTrustDomain_Logout
-(
- NSSTrustDomain *td
-);
-
-/* Importing things */
-
-/*
- * NSSTrustDomain_ImportCertificate
- *
- * The implementation will pull some data out of the certificate
- * (e.g. e-mail address) for use in pkcs#11 object attributes.
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_ImportCertificate
-(
- NSSTrustDomain *td,
- NSSCertificate *c
-);
-
-/*
- * NSSTrustDomain_ImportPKIXCertificate
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_ImportPKIXCertificate
-(
- NSSTrustDomain *td,
- /* declared as a struct until these "data types" are defined */
- struct NSSPKIXCertificateStr *pc
-);
-
-/*
- * NSSTrustDomain_ImportEncodedCertificate
- *
- * Imports any type of certificate we support.
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_ImportEncodedCertificate
-(
- NSSTrustDomain *td,
- NSSBER *ber
-);
-
-/*
- * NSSTrustDomain_ImportEncodedCertificateChain
- *
- * If you just want the leaf, pass in a maximum of one.
- */
-
-NSS_EXTERN NSSCertificate **
-NSSTrustDomain_ImportEncodedCertificateChain
-(
- NSSTrustDomain *td,
- NSSBER *ber,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt, /* 0 for no max */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSTrustDomain_ImportEncodedPrivateKey
- *
- */
-
-NSS_EXTERN NSSPrivateKey *
-NSSTrustDomain_ImportEncodedPrivateKey
-(
- NSSTrustDomain *td,
- NSSBER *ber,
- NSSItem *passwordOpt, /* NULL will cause a callback */
- NSSCallback *uhhOpt,
- NSSToken *destination
-);
-
-/*
- * NSSTrustDomain_ImportEncodedPublicKey
- *
- */
-
-NSS_EXTERN NSSPublicKey *
-NSSTrustDomain_ImportEncodedPublicKey
-(
- NSSTrustDomain *td,
- NSSBER *ber
-);
-
-/* Other importations: S/MIME capabilities */
-
-/*
- * NSSTrustDomain_FindBestCertificateByNickname
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_FindBestCertificateByNickname
-(
- NSSTrustDomain *td,
- NSSUTF8 *name,
- NSSTime *timeOpt, /* NULL for "now" */
- NSSUsage *usage,
- NSSPolicies *policiesOpt /* NULL for none */
-);
-
-/*
- * NSSTrustDomain_FindCertificatesByNickname
- *
- */
-
-NSS_EXTERN NSSCertificate **
-NSSTrustDomain_FindCertificatesByNickname
-(
- NSSTrustDomain *td,
- NSSUTF8 *name,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt, /* 0 for no max */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSTrustDomain_FindCertificateByIssuerAndSerialNumber
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_FindCertificateByIssuerAndSerialNumber
-(
- NSSTrustDomain *td,
- NSSDER *issuer,
- NSSDER *serialNumber
-);
-
-/*
- * NSSTrustDomain_FindCertificatesByIssuerAndSerialNumber
- *
- * Theoretically, this should never happen. However, some companies
- * we know have issued duplicate certificates with the same issuer
- * and serial number. Do we just ignore them? I'm thinking yes.
- */
-
-/*
- * NSSTrustDomain_FindBestCertificateBySubject
- *
- * This does not search through alternate names hidden in extensions.
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_FindBestCertificateBySubject
-(
- NSSTrustDomain *td,
- NSSUTF8 *subject,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSTrustDomain_FindCertificatesBySubject
- *
- * This does not search through alternate names hidden in extensions.
- */
-
-NSS_EXTERN NSSCertificate **
-NSSTrustDomain_FindCertificatesBySubject
-(
- NSSTrustDomain *td,
- NSSUTF8 *subject,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt, /* 0 for no max */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSTrustDomain_FindBestCertificateByNameComponents
- *
- * This call does try several tricks, including a pseudo pkcs#11
- * attribute for the ldap module to try as a query. Eventually
- * this call falls back to a traversal if that's what's required.
- * It will search through alternate names hidden in extensions.
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_FindBestCertificateByNameComponents
-(
- NSSTrustDomain *td,
- NSSUTF8 *nameComponents,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSTrustDomain_FindCertificatesByNameComponents
- *
- * This call, too, tries several tricks. It will stop on the first
- * attempt that generates results, so it won't e.g. traverse the
- * entire ldap database.
- */
-
-NSS_EXTERN NSSCertificate **
-NSSTrustDomain_FindCertificatesByNameComponents
-(
- NSSTrustDomain *td,
- NSSUTF8 *nameComponents,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt, /* 0 for no max */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSTrustDomain_FindCertificateByEncodedCertificate
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_FindCertificateByEncodedCertificate
-(
- NSSTrustDomain *td,
- NSSBER *encodedCertificate
-);
-
-/*
- * NSSTrustDomain_FindBestCertificateByEmail
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_FindCertificateByEmail
-(
- NSSTrustDomain *td,
- NSSASCII7 *email,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSTrustDomain_FindCertificatesByEmail
- *
- */
-
-NSS_EXTERN NSSCertificate **
-NSSTrustDomain_FindCertificateByEmail
-(
- NSSTrustDomain *td,
- NSSASCII7 *email,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt, /* 0 for no max */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSTrustDomain_FindCertificateByOCSPHash
- *
- * There can be only one.
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_FindCertificateByOCSPHash
-(
- NSSTrustDomain *td,
- NSSItem *hash
-);
-
-/*
- * NSSTrustDomain_TraverseCertificates
- *
- * This function descends from one in older versions of NSS which
- * traverses the certs in the permanent database. That function
- * was used to implement selection routines, but was directly
- * available too. Trust domains are going to contain a lot more
- * certs now (e.g., an ldap server), so we'd really like to
- * discourage traversal. Thus for now, this is commented out.
- * If it's needed, let's look at the situation more closely to
- * find out what the actual requirements are.
- *
- *
- * NSS_EXTERN PRStatus *
- * NSSTrustDomain_TraverseCertificates
- * (
- * NSSTrustDomain *td,
- * PRStatus (*callback)(NSSCertificate *c, void *arg),
- * void *arg
- * );
- */
-
-/*
- * NSSTrustDomain_FindBestUserCertificate
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_FindBestUserCertificate
-(
- NSSTrustDomain *td,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSTrustDomain_FindUserCertificates
- *
- */
-
-NSS_EXTERN NSSCertificate **
-NSSTrustDomain_FindUserCertificates
-(
- NSSTrustDomain *td,
- NSSTime *timeOpt,
- NSSUsage *usageOpt,
- NSSPolicies *policiesOpt,
- NSSCertificate **rvOpt,
- PRUint32 rvLimit, /* zero for no limit */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSTrustDomain_FindBestUserCertificateForSSLClientAuth
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_FindBestUserCertificateForSSLClientAuth
-(
- NSSTrustDomain *td,
- NSSUTF8 *sslHostOpt,
- NSSDER *rootCAsOpt[], /* null pointer for none */
- PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
- NSSAlgorithmAndParameters *apOpt,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSTrustDomain_FindUserCertificatesForSSLClientAuth
- *
- */
-
-NSS_EXTERN NSSCertificate **
-NSSTrustDomain_FindUserCertificatesForSSLClientAuth
-(
- NSSTrustDomain *td,
- NSSUTF8 *sslHostOpt,
- NSSDER *rootCAsOpt[], /* null pointer for none */
- PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
- NSSAlgorithmAndParameters *apOpt,
- NSSPolicies *policiesOpt,
- NSSCertificate **rvOpt,
- PRUint32 rvLimit, /* zero for no limit */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSTrustDomain_FindBestUserCertificateForEmailSigning
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSTrustDomain_FindBestUserCertificateForEmailSigning
-(
- NSSTrustDomain *td,
- NSSASCII7 *signerOpt,
- NSSASCII7 *recipientOpt,
- /* anything more here? */
- NSSAlgorithmAndParameters *apOpt,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSTrustDomain_FindUserCertificatesForEmailSigning
- *
- */
-
-NSS_EXTERN NSSCertificate **
-NSSTrustDomain_FindUserCertificatesForEmailSigning
-(
- NSSTrustDomain *td,
- NSSASCII7 *signerOpt,
- NSSASCII7 *recipientOpt,
- /* anything more here? */
- NSSAlgorithmAndParameters *apOpt,
- NSSPolicies *policiesOpt,
- NSSCertificate **rvOpt,
- PRUint32 rvLimit, /* zero for no limit */
- NSSArena *arenaOpt
-);
-
-/*
- * Here is where we'd add more Find[Best]UserCertificate[s]For<usage>
- * routines.
- */
-
-/* Private Keys */
-
-/*
- * NSSTrustDomain_GenerateKeyPair
- *
- * Creates persistant objects. If you want session objects, use
- * NSSCryptoContext_GenerateKeyPair. The destination token is where
- * the keys are stored. If that token can do the required math, then
- * that's where the keys are generated too. Otherwise, the keys are
- * generated elsewhere and moved to that token.
- */
-
-NSS_EXTERN PRStatus
-NSSTrustDomain_GenerateKeyPair
-(
- NSSTrustDomain *td,
- NSSAlgorithmAndParameters *ap,
- NSSPrivateKey **pvkOpt,
- NSSPublicKey **pbkOpt,
- PRBool privateKeyIsSensitive,
- NSSToken *destination,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSTrustDomain_TraversePrivateKeys
- *
- *
- * NSS_EXTERN PRStatus *
- * NSSTrustDomain_TraversePrivateKeys
- * (
- * NSSTrustDomain *td,
- * PRStatus (*callback)(NSSPrivateKey *vk, void *arg),
- * void *arg
- * );
- */
-
-/* Symmetric Keys */
-
-/*
- * NSSTrustDomain_GenerateSymmetricKey
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSTrustDomain_GenerateSymmetricKey
-(
- NSSTrustDomain *td,
- NSSAlgorithmAndParameters *ap,
- PRUint32 keysize,
- NSSToken *destination,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSTrustDomain_GenerateSymmetricKeyFromPassword
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSTrustDomain_GenerateSymmetricKeyFromPassword
-(
- NSSTrustDomain *td,
- NSSAlgorithmAndParameters *ap,
- NSSUTF8 *passwordOpt, /* if null, prompt */
- NSSToken *destinationOpt,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSTrustDomain_FindSymmetricKeyByAlgorithm
- *
- * Is this still needed?
- *
- * NSS_EXTERN NSSSymmetricKey *
- * NSSTrustDomain_FindSymmetricKeyByAlgorithm
- * (
- * NSSTrustDomain *td,
- * NSSOID *algorithm,
- * NSSCallback *uhhOpt
- * );
- */
-
-/*
- * NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID
-(
- NSSTrustDomain *td,
- NSSOID *algorithm,
- NSSItem *keyID,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSTrustDomain_TraverseSymmetricKeys
- *
- *
- * NSS_EXTERN PRStatus *
- * NSSTrustDomain_TraverseSymmetricKeys
- * (
- * NSSTrustDomain *td,
- * PRStatus (*callback)(NSSSymmetricKey *mk, void *arg),
- * void *arg
- * );
- */
-
-/*
- * NSSTrustDomain_CreateCryptoContext
- *
- * If a callback object is specified, it becomes the for the crypto
- * context; otherwise, this trust domain's default (if any) is
- * inherited.
- */
-
-NSS_EXTERN NSSCryptoContext *
-NSSTrustDomain_CreateCryptoContext
-(
- NSSTrustDomain *td,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSTrustDomain_CreateCryptoContextForAlgorithm
- *
- */
-
-NSS_EXTERN NSSCryptoContext *
-NSSTrustDomain_CreateCryptoContextForAlgorithm
-(
- NSSTrustDomain *td,
- NSSOID *algorithm
-);
-
-/*
- * NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters
- *
- */
-
-NSS_EXTERN NSSCryptoContext *
-NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters
-(
- NSSTrustDomain *td,
- NSSAlgorithmAndParameters *ap
-);
-
-/* find/traverse other objects, e.g. s/mime profiles */
-
-/*
- * NSSCryptoContext
- *
- * A crypto context is sort of a short-term snapshot of a trust domain,
- * used for the life of "one crypto operation." You can also think of
- * it as a "temporary database."
- *
- * Just about all of the things you can do with a trust domain -- importing
- * or creating certs, keys, etc. -- can be done with a crypto context.
- * The difference is that the objects will be temporary ("session") objects.
- *
- * Also, if the context was created for a key, cert, and/or algorithm; or
- * if such objects have been "associated" with the context, then the context
- * can do everything the keys can, like crypto operations.
- *
- * And finally, because it keeps the state of the crypto operations, it
- * can do streaming crypto ops.
- */
-
-/*
- * NSSTrustDomain_Destroy
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_Destroy
-(
- NSSCryptoContext *td
-);
-
-/* establishing a default callback */
-
-/*
- * NSSCryptoContext_SetDefaultCallback
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_SetDefaultCallback
-(
- NSSCryptoContext *td,
- NSSCallback *newCallback,
- NSSCallback **oldCallbackOpt
-);
-
-/*
- * NSSCryptoContext_GetDefaultCallback
- *
- */
-
-NSS_EXTERN NSSCallback *
-NSSCryptoContext_GetDefaultCallback
-(
- NSSCryptoContext *td,
- PRStatus *statusOpt
-);
-
-/*
- * NSSCryptoContext_GetTrustDomain
- *
- */
-
-NSS_EXTERN NSSTrustDomain *
-NSSCryptoContext_GetTrustDomain
-(
- NSSCryptoContext *td
-);
-
-/* AddModule, etc: should we allow "temporary" changes here? */
-/* DisableToken, etc: ditto */
-/* Ordering of tokens? */
-/* Finding slots+token etc. */
-/* login+logout */
-
-/* Importing things */
-
-/*
- * NSSCryptoContext_ImportCertificate
- *
- * If there's not a "distinguished certificate" for this context, this
- * sets the specified one to be it.
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_ImportCertificate
-(
- NSSCryptoContext *cc,
- NSSCertificate *c
-);
-
-/*
- * NSSCryptoContext_ImportPKIXCertificate
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_ImportPKIXCertificate
-(
- NSSCryptoContext *cc,
- struct NSSPKIXCertificateStr *pc
-);
-
-/*
- * NSSCryptoContext_ImportEncodedCertificate
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_ImportEncodedCertificate
-(
- NSSCryptoContext *cc,
- NSSBER *ber
-);
-
-/*
- * NSSCryptoContext_ImportEncodedPKIXCertificateChain
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_ImportEncodedPKIXCertificateChain
-(
- NSSCryptoContext *cc,
- NSSBER *ber
-);
-
-/* Other importations: S/MIME capabilities
- */
-
-/*
- * NSSCryptoContext_FindBestCertificateByNickname
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindBestCertificateByNickname
-(
- NSSCryptoContext *cc,
- NSSUTF8 *name,
- NSSTime *timeOpt, /* NULL for "now" */
- NSSUsage *usage,
- NSSPolicies *policiesOpt /* NULL for none */
-);
-
-/*
- * NSSCryptoContext_FindCertificatesByNickname
- *
- */
-
-NSS_EXTERN NSSCertificate **
-NSSCryptoContext_FindCertificatesByNickname
-(
- NSSCryptoContext *cc,
- NSSUTF8 *name,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt, /* 0 for no max */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_FindCertificateByIssuerAndSerialNumber
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindCertificateByIssuerAndSerialNumber
-(
- NSSCryptoContext *cc,
- NSSDER *issuer,
- NSSDER *serialNumber
-);
-
-/*
- * NSSCryptoContext_FindBestCertificateBySubject
- *
- * This does not search through alternate names hidden in extensions.
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindBestCertificateBySubject
-(
- NSSCryptoContext *cc,
- NSSUTF8 *subject,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSCryptoContext_FindCertificatesBySubject
- *
- * This does not search through alternate names hidden in extensions.
- */
-
-NSS_EXTERN NSSCertificate **
-NSSCryptoContext_FindCertificatesBySubject
-(
- NSSCryptoContext *cc,
- NSSUTF8 *subject,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt, /* 0 for no max */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_FindBestCertificateByNameComponents
- *
- * This call does try several tricks, including a pseudo pkcs#11
- * attribute for the ldap module to try as a query. Eventually
- * this call falls back to a traversal if that's what's required.
- * It will search through alternate names hidden in extensions.
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindBestCertificateByNameComponents
-(
- NSSCryptoContext *cc,
- NSSUTF8 *nameComponents,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSCryptoContext_FindCertificatesByNameComponents
- *
- * This call, too, tries several tricks. It will stop on the first
- * attempt that generates results, so it won't e.g. traverse the
- * entire ldap database.
- */
-
-NSS_EXTERN NSSCertificate **
-NSSCryptoContext_FindCertificatesByNameComponents
-(
- NSSCryptoContext *cc,
- NSSUTF8 *nameComponents,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt, /* 0 for no max */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_FindCertificateByEncodedCertificate
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindCertificateByEncodedCertificate
-(
- NSSCryptoContext *cc,
- NSSBER *encodedCertificate
-);
-
-/*
- * NSSCryptoContext_FindBestCertificateByEmail
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindBestCertificateByEmail
-(
- NSSCryptoContext *cc,
- NSSASCII7 *email
-);
-
-/*
- * NSSCryptoContext_FindCertificatesByEmail
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindCertificatesByEmail
-(
- NSSCryptoContext *cc,
- NSSASCII7 *email,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt, /* 0 for no max */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_FindCertificateByOCSPHash
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindCertificateByOCSPHash
-(
- NSSCryptoContext *cc,
- NSSITem *hash
-);
-
-/*
- * NSSCryptoContext_TraverseCertificates
- *
- *
- * NSS_EXTERN PRStatus *
- * NSSCryptoContext_TraverseCertificates
- * (
- * NSSCryptoContext *cc,
- * PRStatus (*callback)(NSSCertificate *c, void *arg),
- * void *arg
- * );
- */
-
-/*
- * NSSCryptoContext_FindBestUserCertificate
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindBestUserCertificate
-(
- NSSCryptoContext *cc,
- NSSTime *timeOpt,
- NSSUsage *usage,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSCryptoContext_FindUserCertificates
- *
- */
-
-NSS_EXTERN NSSCertificate **
-NSSCryptoContext_FindUserCertificates
-(
- NSSCryptoContext *cc,
- NSSTime *timeOpt,
- NSSUsage *usageOpt,
- NSSPolicies *policiesOpt,
- NSSCertificate **rvOpt,
- PRUint32 rvLimit, /* zero for no limit */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_FindBestUserCertificateForSSLClientAuth
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindBestUserCertificateForSSLClientAuth
-(
- NSSCryptoContext *cc,
- NSSUTF8 *sslHostOpt,
- NSSDER *rootCAsOpt[], /* null pointer for none */
- PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
- NSSAlgorithmAndParameters *apOpt,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSCryptoContext_FindUserCertificatesForSSLClientAuth
- *
- */
-
-NSS_EXTERN NSSCertificate **
-NSSCryptoContext_FindUserCertificatesForSSLClientAuth
-(
- NSSCryptoContext *cc,
- NSSUTF8 *sslHostOpt,
- NSSDER *rootCAsOpt[], /* null pointer for none */
- PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
- NSSAlgorithmAndParameters *apOpt,
- NSSPolicies *policiesOpt,
- NSSCertificate **rvOpt,
- PRUint32 rvLimit, /* zero for no limit */
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_FindBestUserCertificateForEmailSigning
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindBestUserCertificateForEmailSigning
-(
- NSSCryptoContext *cc,
- NSSASCII7 *signerOpt,
- NSSASCII7 *recipientOpt,
- /* anything more here? */
- NSSAlgorithmAndParameters *apOpt,
- NSSPolicies *policiesOpt
-);
-
-/*
- * NSSCryptoContext_FindUserCertificatesForEmailSigning
- *
- */
-
-NSS_EXTERN NSSCertificate *
-NSSCryptoContext_FindUserCertificatesForEmailSigning
-(
- NSSCryptoContext *cc,
- NSSASCII7 *signerOpt, /* fgmr or a more general name? */
- NSSASCII7 *recipientOpt,
- /* anything more here? */
- NSSAlgorithmAndParameters *apOpt,
- NSSPolicies *policiesOpt,
- NSSCertificate **rvOpt,
- PRUint32 rvLimit, /* zero for no limit */
- NSSArena *arenaOpt
-);
-
-/* Private Keys */
-
-/*
- * NSSCryptoContext_GenerateKeyPair
- *
- * Creates session objects. If you want persistant objects, use
- * NSSTrustDomain_GenerateKeyPair. The destination token is where
- * the keys are stored. If that token can do the required math, then
- * that's where the keys are generated too. Otherwise, the keys are
- * generated elsewhere and moved to that token.
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_GenerateKeyPair
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *ap,
- NSSPrivateKey **pvkOpt,
- NSSPublicKey **pbkOpt,
- PRBool privateKeyIsSensitive,
- NSSToken *destination,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_TraversePrivateKeys
- *
- *
- * NSS_EXTERN PRStatus *
- * NSSCryptoContext_TraversePrivateKeys
- * (
- * NSSCryptoContext *cc,
- * PRStatus (*callback)(NSSPrivateKey *vk, void *arg),
- * void *arg
- * );
- */
-
-/* Symmetric Keys */
-
-/*
- * NSSCryptoContext_GenerateSymmetricKey
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSCryptoContext_GenerateSymmetricKey
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *ap,
- PRUint32 keysize,
- NSSToken *destination,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_GenerateSymmetricKeyFromPassword
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSCryptoContext_GenerateSymmetricKeyFromPassword
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *ap,
- NSSUTF8 *passwordOpt, /* if null, prompt */
- NSSToken *destinationOpt,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_FindSymmetricKeyByAlgorithm
- *
- *
- * NSS_EXTERN NSSSymmetricKey *
- * NSSCryptoContext_FindSymmetricKeyByType
- * (
- * NSSCryptoContext *cc,
- * NSSOID *type,
- * NSSCallback *uhhOpt
- * );
- */
-
-/*
- * NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID
-(
- NSSCryptoContext *cc,
- NSSOID *algorithm,
- NSSItem *keyID,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_TraverseSymmetricKeys
- *
- *
- * NSS_EXTERN PRStatus *
- * NSSCryptoContext_TraverseSymmetricKeys
- * (
- * NSSCryptoContext *cc,
- * PRStatus (*callback)(NSSSymmetricKey *mk, void *arg),
- * void *arg
- * );
- */
-
-/* Crypto ops on distinguished keys */
-
-/*
- * NSSCryptoContext_Decrypt
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_Decrypt
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *encryptedData,
- NSSCallback *uhhOpt,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_BeginDecrypt
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_BeginDecrypt
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_ContinueDecrypt
- *
- */
-
-/*
- * NSSItem semantics:
- *
- * If rvOpt is NULL, a new NSSItem and buffer are allocated.
- * If rvOpt is not null, but the buffer pointer is null,
- * then rvOpt is returned but a new buffer is allocated.
- * In this case, if the length value is not zero, then
- * no more than that much space will be allocated.
- * If rvOpt is not null and the buffer pointer is not null,
- * then that buffer is re-used. No more than the buffer
- * length value will be used; if it's not enough, an
- * error is returned. If less is used, the number is
- * adjusted downwards.
- *
- * Note that although this is short of some ideal "Item"
- * definition, we can usually tell how big these buffers
- * have to be.
- *
- * Feedback is requested; and earlier is better than later.
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_ContinueDecrypt
-(
- NSSCryptoContext *cc,
- NSSItem *data,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_FinishDecrypt
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_FinishDecrypt
-(
- NSSCryptoContext *cc,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_Sign
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_Sign
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSCallback *uhhOpt,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_BeginSign
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_BeginSign
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_ContinueSign
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_BeginSign
-(
- NSSCryptoContext *cc,
- NSSItem *data
-);
-
-/*
- * NSSCryptoContext_FinishSign
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_FinishSign
-(
- NSSCryptoContext *cc,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_SignRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_SignRecover
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSCallback *uhhOpt,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_BeginSignRecover
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_BeginSignRecover
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_ContinueSignRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_ContinueSignRecover
-(
- NSSCryptoContext *cc,
- NSSItem *data,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_FinishSignRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_FinishSignRecover
-(
- NSSCryptoContext *cc,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_UnwrapSymmetricKey
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSCryptoContext_UnwrapSymmetricKey
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *wrappedKey,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_DeriveSymmetricKey
- *
- */
-
-NSS_EXTERN NSSSymmetricKey *
-NSSCryptoContext_DeriveSymmetricKey
-(
- NSSCryptoContext *cc,
- NSSPublicKey *bk,
- NSSAlgorithmAndParameters *apOpt,
- NSSOID *target,
- PRUint32 keySizeOpt, /* zero for best allowed */
- NSSOperations operations,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_Encrypt
- *
- * Encrypt a single chunk of data with the distinguished public key
- * of this crypto context.
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_Encrypt
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSCallback *uhhOpt,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_BeginEncrypt
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_BeginEncrypt
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_ContinueEncrypt
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_ContinueEncrypt
-(
- NSSCryptoContext *cc,
- NSSItem *data,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_FinishEncrypt
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_FinishEncrypt
-(
- NSSCryptoContext *cc,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_Verify
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_Verify
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSItem *signature,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_BeginVerify
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_BeginVerify
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *signature,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_ContinueVerify
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_ContinueVerify
-(
- NSSCryptoContext *cc,
- NSSItem *data
-);
-
-/*
- * NSSCryptoContext_FinishVerify
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_FinishVerify
-(
- NSSCryptoContext *cc
-);
-
-/*
- * NSSCryptoContext_VerifyRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_VerifyRecover
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *signature,
- NSSCallback *uhhOpt,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_BeginVerifyRecover
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_BeginVerifyRecover
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_ContinueVerifyRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_ContinueVerifyRecover
-(
- NSSCryptoContext *cc,
- NSSItem *data,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_FinishVerifyRecover
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_FinishVerifyRecover
-(
- NSSCryptoContext *cc,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_WrapSymmetricKey
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_WrapSymmetricKey
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSSymmetricKey *keyToWrap,
- NSSCallback *uhhOpt,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_Digest
- *
- * Digest a single chunk of data with the distinguished digest key
- * of this crypto context.
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_Digest
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *data,
- NSSCallback *uhhOpt,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSCryptoContext_BeginDigest
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_BeginDigest
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSCallback *uhhOpt
-);
-
-/*
- * NSSCryptoContext_ContinueDigest
- *
- */
-
-NSS_EXTERN PRStatus
-NSSCryptoContext_ContinueDigest
-(
- NSSCryptoContext *cc,
- NSSAlgorithmAndParameters *apOpt,
- NSSItem *item
-);
-
-/*
- * NSSCryptoContext_FinishDigest
- *
- */
-
-NSS_EXTERN NSSItem *
-NSSCryptoContext_FinishDigest
-(
- NSSCryptoContext *cc,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * tbd: Combination ops
- */
-
-/*
- * NSSCryptoContext_Clone
- *
- */
-
-NSS_EXTERN NSSCryptoContext *
-NSSCryptoContext_Clone
-(
- NSSCryptoContext *cc
-);
-
-/*
- * NSSCryptoContext_Save
- * NSSCryptoContext_Restore
- *
- * We need to be able to save and restore the state of contexts.
- * Perhaps a mark-and-release mechanism would be better?
- */
-
-/*
- * ..._SignTBSCertificate
- *
- * This requires feedback from the cert server team.
- */
-
-/*
- * PRBool NSSCertificate_GetIsTrustedFor{xxx}(NSSCertificate *c);
- * PRStatus NSSCertificate_SetIsTrustedFor{xxx}(NSSCertificate *c, PRBool trusted);
- *
- * These will be helper functions which get the trust object for a cert,
- * and then call the corresponding function(s) on it.
- *
- * PKIX trust objects will have methods to manipulate the low-level trust
- * bits (which are based on key usage and extended key usage), and also the
- * conceptual high-level usages (e.g. ssl client auth, email encryption, etc.)
- *
- * Other types of trust objects (if any) might have different low-level
- * representations, but hopefully high-level concepts would map.
- *
- * Only these high-level general routines would be promoted to the
- * general certificate level here. Hence the {xxx} above would be things
- * like "EmailSigning."
- *
- *
- * NSSPKIXTrust *NSSCertificate_GetPKIXTrustObject(NSSCertificate *c);
- * PRStatus NSSCertificate_SetPKIXTrustObject(NSSCertificate *c, NSPKIXTrust *t);
- *
- * I want to hold off on any general trust object until we've investigated
- * other models more thoroughly.
- */
-
-PR_END_EXTERN_C
-
-#endif /* NSSPKI_H */
diff --git a/security/nss/lib/pki/nsspkit.h b/security/nss/lib/pki/nsspkit.h
deleted file mode 100644
index e1b5888fa..000000000
--- a/security/nss/lib/pki/nsspkit.h
+++ /dev/null
@@ -1,261 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSPKIT_H
-#define NSSPKIT_H
-
-#ifdef DEBUG
-static const char NSSPKIT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nsspkit.h
- *
- * This file defines the types of the top-level PKI objects.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * NSSCertificate
- *
- * This is the public representation of a Certificate. The certificate
- * may be one found on a smartcard or other token, one decoded from data
- * received as part of a protocol, one constructed from constituent
- * parts, etc. Usually it is associated with ("in") a trust domain; as
- * it can be verified only within a trust domain. The underlying type
- * of certificate may be of any supported standard, e.g. PKIX, PGP, etc.
- *
- * People speak of "verifying (with) the server's, or correspondant's,
- * certificate"; for simple operations we support that simplification
- * by implementing public-key crypto operations as methods on this type.
- */
-
-struct NSSCertificateStr;
-typedef struct NSSCertificateStr NSSCertificate;
-
-/*
- * NSSUserCertificate
- *
- * A ``User'' certificate is one for which the private key is available.
- * People speak of "using my certificate to sign my email" and "using
- * my certificate to authenticate to (or login to) the server"; for
- * simple operations, we support that simplification by implementing
- * private-key crypto operations as methods on this type.
- *
- * The current design only weakly distinguishes between certificates
- * and user certificates: as far as the compiler goes they're
- * interchangable; debug libraries only have one common pointer-tracker;
- * etc. However, attempts to do private-key operations on a certificate
- * for which the private key is not available will fail.
- *
- * Open design question: should these types be more firmly separated?
- */
-
-typedef NSSCertificate NSSUserCertificate;
-
-/*
- * NSSPrivateKey
- *
- * This is the public representation of a Private Key. In general,
- * the actual value of the key is not available, but operations may
- * be performed with it.
- */
-
-struct NSSPrivateKeyStr;
-typedef struct NSSPrivateKeyStr NSSPrivateKey;
-
-/*
- * NSSPublicKey
- *
- */
-
-struct NSSPublicKeyStr;
-typedef struct NSSPublicKeyStr NSSPublicKey;
-
-/*
- * NSSSymmetricKey
- *
- */
-
-struct NSSSymmetricKeyStr;
-typedef struct NSSSymmetricKeyStr NSSSymmetricKey;
-
-/*
- * NSSTrustDomain
- *
- * A Trust Domain is the field in which certificates may be validated.
- * A trust domain will generally have one or more cryptographic modules
- * open; these modules perform the cryptographic operations, and
- * provide the basic "root" trust information from which the trust in
- * a specific certificate or key depends.
- *
- * A client program, or a simple server, would typically have one
- * trust domain. A server supporting multiple "virtual servers" might
- * have a separate trust domain for each virtual server. The separate
- * trust domains might share some modules (e.g., a hardware crypto
- * accelerator) but not others (e.g., the tokens storing the different
- * servers' private keys, or the databases with each server's trusted
- * root certificates).
- *
- * This object descends from the "permananet database" in the old code.
- */
-
-struct NSSTrustDomainStr;
-typedef struct NSSTrustDomainStr NSSTrustDomain;
-
-/*
- * NSSCryptoContext
- *
- * A Crypto Context is a short-term, "helper" object which is used
- * for the lifetime of one ongoing "crypto operation." Such an
- * operation may be the creation of a signed message, the use of an
- * TLS socket connection, etc. Each crypto context is "in" a
- * specific trust domain, and it may have associated with it a
- * distinguished certificate, public key, private key, and/or
- * symmetric key. It can also temporarily hold and use temporary
- * data (e.g. intermediate certificates) which is not stored
- * permanently in the trust domain.
- *
- * In OO terms, this interface inherits interfaces from the trust
- * domain, the certificates, and the keys. It also provides
- * streaming crypto operations.
- *
- * This object descends from the "temporary database" concept in the
- * old code, but it has changed a lot as a result of what we've
- * learned.
- */
-
-struct NSSCryptoContextStr;
-typedef struct NSSCryptoContextStr NSSCryptoContext;
-
-/*
- * fgmr others
- */
-
-/*
- * NSSTime
- *
- * Unfortunately, we need an "exceptional" value to indicate
- * an error upon return, or "no value" on input. Note that zero
- * is a perfectly valid value for both time_t and PRTime.
- *
- * If we were to create a "range" object, with two times for
- * Not Before and Not After, we would have an obvious place for
- * the somewhat arbitrary logic involved in comparing them.
- *
- * Failing that, let's have an NSSTime_CompareRanges function.
- */
-
-struct NSSTimeStr;
-typedef struct NSSTimeStr NSSTime;
-
-/*
- * NSSUsage
- *
- * This is trickier than originally planned; I'll write up a
- * doc on it.
- *
- * We'd still like nsspki.h to have a list of common usages,
- * e.g.:
- *
- * extern const NSSUsage *NSSUsage_ClientAuth;
- * extern const NSSUsage *NSSUsage_ServerAuth;
- * extern const NSSUsage *NSSUsage_SignEmail;
- * extern const NSSUsage *NSSUsage_EncryptEmail;
- * etc.
- */
-
-struct NSSUsageStr;
-typedef struct NSSUsageStr NSSUsage;
-
-/*
- * NSSPolicies
- *
- * Placeholder, for now.
- */
-
-struct NSSPoliciesStr;
-typedef struct NSSPoliciesStr NSSPolicies;
-
-/*
- * NSSAlgorithmAndParameters
- *
- * Algorithm is an OID
- * Parameters depend on the algorithm
- */
-
-struct NSSAlgorithmAndParametersStr;
-typedef struct NSSAlgorithmAndParametersStr NSSAlgorithmAndParameters;
-
-/*
- * NSSCallback
- *
- * At minimum, a "challenge" method and a closure argument.
- * Usually the challenge will just be prompting for a password.
- * How OO do we want to make it?
- */
-
-struct NSSCallbackStr;
-typedef struct NSSCallbackStr NSSCallback;
-
-/*
- * NSSModule and NSSSlot -- placeholders for the PKCS#11 types
- */
-
-struct NSSModuleStr;
-typedef struct NSSModuleStr NSSModule;
-
-struct NSSSlotStr;
-typedef struct NSSSlotStr NSSSlot;
-
-typedef PRUint32 NSSOperations;
-/* 1) Do we want these to be preprocessor definitions or constants? */
-/* 2) What is the correct and complete list? */
-
-#define NSSOperations_ENCRYPT 0x0001
-#define NSSOperations_DECRYPT 0x0002
-#define NSSOperations_WRAP 0x0004
-#define NSSOperations_UNWRAP 0x0008
-#define NSSOperations_SIGN 0x0010
-#define NSSOperations_SIGN_RECOVER 0x0020
-#define NSSOperations_VERIFY 0x0040
-#define NSSOperations_VERIFY_RECOVER 0x0080
-
-PR_END_EXTERN_C
-
-#endif /* NSSPKIT_H */
diff --git a/security/nss/lib/pki1/.cvsignore b/security/nss/lib/pki1/.cvsignore
deleted file mode 100644
index 12bfbfc7c..000000000
--- a/security/nss/lib/pki1/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-oiddata.c
-oiddata.h
-
diff --git a/security/nss/lib/pki1/Makefile b/security/nss/lib/pki1/Makefile
deleted file mode 100644
index 03e1fb4c6..000000000
--- a/security/nss/lib/pki1/Makefile
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-include manifest.mn
-include config.mk
-include $(CORE_DEPTH)/coreconf/config.mk
-include $(CORE_DEPTH)/coreconf/rules.mk
diff --git a/security/nss/lib/pki1/atav.c b/security/nss/lib/pki1/atav.c
deleted file mode 100644
index 299ddfc0d..000000000
--- a/security/nss/lib/pki1/atav.c
+++ /dev/null
@@ -1,1803 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * atav.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * AttributeTypeAndValue.
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * AttributeTypeAndValue
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * AttributeTypeAndValue ::= SEQUENCE {
- * type ATTRIBUTE.&id ({SupportedAttributes}),
- * value ATTRIBUTE.&Type ({SupportedAttributes}{@type})}
- *
- * -- ATTRIBUTE information object class specification
- * -- Note: This has been greatly simplified for PKIX !!
- *
- * ATTRIBUTE ::= CLASS {
- * &Type,
- * &id OBJECT IDENTIFIER UNIQUE }
- * WITH SYNTAX {
- * WITH SYNTAX &Type ID &id }
- *
- * What this means is that the "type" of the value is determined by
- * the value of the oid. If we hide the structure, our accessors
- * can (at least in debug builds) assert value semantics beyond what
- * the compiler can provide. Since these things are only used in
- * RelativeDistinguishedNames, and since RDNs always contain a SET
- * of these things, we don't lose anything by hiding the structure
- * (and its size).
- */
-
-struct NSSATAVStr {
- NSSBER ber;
- const NSSOID *oid;
- NSSUTF8 *value;
- nssStringType stringForm;
-};
-
-/*
- * NSSATAV
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSATAV_CreateFromBER -- constructor
- * NSSATAV_CreateFromUTF8 -- constructor
- * NSSATAV_Create -- constructor
- *
- * NSSATAV_Destroy
- * NSSATAV_GetDEREncoding
- * NSSATAV_GetUTF8Encoding
- * NSSATAV_GetType
- * NSSATAV_GetValue
- * NSSATAV_Compare
- * NSSATAV_Duplicate
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssATAV_CreateFromBER -- constructor
- * nssATAV_CreateFromUTF8 -- constructor
- * nssATAV_Create -- constructor
- *
- * nssATAV_Destroy
- * nssATAV_GetDEREncoding
- * nssATAV_GetUTF8Encoding
- * nssATAV_GetType
- * nssATAV_GetValue
- * nssATAV_Compare
- * nssATAV_Duplicate
- *
- * In debug builds, the following non-public call is also available:
- *
- * nssATAV_verifyPointer
- */
-
-/*
- * NSSATAV_CreateFromBER
- *
- * This routine creates an NSSATAV by decoding a BER- or DER-encoded
- * ATAV. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_IMPLEMENT NSSATAV *
-NSSATAV_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berATAV
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-
- /*
- * NSSBERs can be created by the user,
- * so no pointer-tracking can be checked.
- */
-
- if( (NSSBER *)NULL == berATAV ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSATAV *)NULL;
- }
-
- if( (void *)NULL == berATAV->data ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSATAV *)NULL;
- }
-#endif /* DEBUG */
-
- return nssATAV_CreateFromBER(arenaOpt, berATAV);
-}
-
-/*
- * NSSATAV_CreateFromUTF8
- *
- * This routine creates an NSSATAV by decoding a UTF8 string in the
- * "equals" format, e.g., "c=US." If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_IMPLEMENT NSSATAV *
-NSSATAV_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringATAV
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-
- /*
- * NSSUTF8s can be created by the user,
- * so no pointer-tracking can be checked.
- */
-
- if( (NSSUTF8 *)NULL == stringATAV ) {
- nss_SetError(NSS_ERROR_INVALID_UTF8);
- return (NSSATAV *)NULL;
- }
-#endif /* DEBUG */
-
- return nssATAV_CreateFromUTF8(arenaOpt, stringATAV);
-}
-
-/*
- * NSSATAV_Create
- *
- * This routine creates an NSSATAV from the specified NSSOID and the
- * specified data. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap.If the specified data length is zero,
- * the data is assumed to be terminated by first zero byte; this allows
- * UTF8 strings to be easily specified. This routine may return NULL
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_IMPLEMENT NSSATAV *
-NSSATAV_Create
-(
- NSSArena *arenaOpt,
- const NSSOID *oid,
- const void *data,
- PRUint32 length
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSATAV *)NULL;
- }
-
- if( (const void *)NULL == data ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSATAV *)NULL;
- }
-#endif /* DEBUG */
-
- return nssATAV_Create(arenaOpt, oid, data, length);
-}
-
-/*
- * NSSATAV_Destroy
- *
- * This routine will destroy an ATAV object. It should eventually be
- * called on all ATAVs created without an arena. While it is not
- * necessary to call it on ATAVs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-NSSATAV_Destroy
-(
- NSSATAV *atav
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssATAV_Destroy(atav);
-}
-
-/*
- * NSSATAV_GetDEREncoding
- *
- * This routine will DER-encode an ATAV object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSATAV
- */
-
-NSS_IMPLEMENT NSSDER *
-NSSATAV_GetDEREncoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSDER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssATAV_GetDEREncoding(atav, arenaOpt);
-}
-
-/*
- * NSSATAV_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the ATAV in "equals" notation (e.g., "o=Acme").
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the "equals" encoding of the
- * ATAV
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-NSSATAV_GetUTF8Encoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssATAV_GetUTF8Encoding(atav, arenaOpt);
-}
-
-/*
- * NSSATAV_GetType
- *
- * This routine returns the NSSOID corresponding to the attribute type
- * in the specified ATAV. This routine may return NSS_OID_UNKNOWN
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An element of enum NSSOIDenum upon success
- */
-
-NSS_IMPLEMENT const NSSOID *
-NSSATAV_GetType
-(
- NSSATAV *atav
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSOID *)NULL;
- }
-#endif /* DEBUG */
-
- return nssATAV_GetType(atav);
-}
-
-/*
- * NSSATAV_GetValue
- *
- * This routine returns a string containing the attribute value
- * in the specified ATAV. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSItem containing the attribute value.
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-NSSATAV_GetValue
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssATAV_GetValue(atav, arenaOpt);
-}
-
-/*
- * NSSATAV_Compare
- *
- * This routine compares two ATAVs for equality. For two ATAVs to be
- * equal, the attribute types must be the same, and the attribute
- * values must have equal length and contents. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_IMPLEMENT PRStatus
-NSSATAV_Compare
-(
- NSSATAV *atav1,
- NSSATAV *atav2,
- PRBool *equalp
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav1) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssATAV_verifyPointer(atav2) ) {
- return PR_FAILURE;
- }
-
- if( (PRBool *)NULL == equalp ) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssATAV_Compare(atav1, atav2, equalp);
-}
-
-/*
- * NSSATAV_Duplicate
- *
- * This routine duplicates the specified ATAV. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new ATAV
- */
-
-NSS_IMPLEMENT NSSATAV *
-NSSATAV_Duplicate
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSATAV *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssATAV_Duplicate(atav, arenaOpt);
-}
-
-/*
- * The pointer-tracking code
- */
-
-#ifdef DEBUG
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker atav_pointer_tracker;
-
-static PRStatus
-atav_add_pointer
-(
- const NSSATAV *atav
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&atav_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&atav_pointer_tracker, atav);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- return PR_SUCCESS;
-}
-
-static PRStatus
-atav_remove_pointer
-(
- const NSSATAV *atav
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&atav_pointer_tracker, atav);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
-}
-
-/*
- * nssATAV_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSATAV object,
- * this routine will return PR_SUCCESS. Otherwise, it will put an
- * error on the error stack and return PR_FAILRUE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_IMPLEMENT PRStatus
-nssATAV_verifyPointer
-(
- NSSATAV *atav
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&atav_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&atav_pointer_tracker, atav);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_ATAV);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-#endif /* DEBUG */
-
-typedef struct {
- NSSBER oid;
- NSSBER value;
-} atav_holder;
-
-static const nssASN1Template nss_atav_template[] = {
- { nssASN1_SEQUENCE, 0, NULL, sizeof(atav_holder) },
- { nssASN1_OBJECT_ID, nsslibc_offsetof(atav_holder, oid), NULL, 0 },
- { nssASN1_ANY, nsslibc_offsetof(atav_holder, value), NULL, 0 },
- { 0, 0, NULL, 0 }
-};
-
-/*
- * There are several common attributes, with well-known type aliases
- * and value semantics. This table lists the ones we recognize.
- */
-
-struct nss_attribute_data_str {
- const NSSOID **oid;
- nssStringType stringType;
- PRUint32 minStringLength;
- PRUint32 maxStringLength; /* zero for no limit */
-};
-
-static const struct nss_attribute_data_str nss_attribute_data[] = {
- { &NSS_OID_X520_NAME,
- nssStringType_DirectoryString, 1, 32768 },
- { &NSS_OID_X520_COMMON_NAME,
- nssStringType_DirectoryString, 1, 64 },
- { &NSS_OID_X520_SURNAME,
- nssStringType_DirectoryString, 1, 40 },
- { &NSS_OID_X520_GIVEN_NAME,
- nssStringType_DirectoryString, 1, 16 },
- { &NSS_OID_X520_INITIALS,
- nssStringType_DirectoryString, 1, 5 },
- { &NSS_OID_X520_GENERATION_QUALIFIER,
- nssStringType_DirectoryString, 1, 3 },
- { &NSS_OID_X520_DN_QUALIFIER,
- nssStringType_PrintableString, 1, 0 },
- { &NSS_OID_X520_COUNTRY_NAME,
- nssStringType_PrintableString, 2, 2 },
- { &NSS_OID_X520_LOCALITY_NAME,
- nssStringType_DirectoryString, 1, 128 },
- { &NSS_OID_X520_STATE_OR_PROVINCE_NAME,
- nssStringType_DirectoryString, 1, 128 },
- { &NSS_OID_X520_ORGANIZATION_NAME,
- nssStringType_DirectoryString, 1, 64 },
- { &NSS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- nssStringType_DirectoryString, 1,
- /*
- * Note, draft #11 defines both "32" and "64" for this maximum,
- * in two separate places. Until it's settled, "conservative
- * in what you send." We're always liberal in what we accept.
- */
- 32 },
- { &NSS_OID_X520_TITLE,
- nssStringType_DirectoryString, 1, 64 },
- { &NSS_OID_RFC1274_EMAIL,
- nssStringType_PHGString, 1, 128 }
-};
-
-PRUint32 nss_attribute_data_quantity =
- (sizeof(nss_attribute_data)/sizeof(nss_attribute_data[0]));
-
-static nssStringType
-nss_attr_underlying_string_form
-(
- nssStringType type,
- void *data
-)
-{
- if( nssStringType_DirectoryString == type ) {
- PRUint8 tag = *(PRUint8 *)data;
- switch( tag & nssASN1_TAGNUM_MASK ) {
- case 20:
- /*
- * XXX fgmr-- we have to accept Latin-1 for Teletex; (see
- * below) but is T61 a suitable value for "Latin-1"?
- */
- return nssStringType_TeletexString;
- case 19:
- return nssStringType_PrintableString;
- case 28:
- return nssStringType_UniversalString;
- case 30:
- return nssStringType_BMPString;
- case 12:
- return nssStringType_UTF8String;
- default:
- return nssStringType_Unknown;
- }
- }
-
- return type;
-}
-
-
-/*
- * This routine decodes the attribute value, in a type-specific way.
- *
- */
-
-static NSSUTF8 *
-nss_attr_to_utf8
-(
- NSSArena *arenaOpt,
- const NSSOID *oid,
- NSSItem *item,
- nssStringType *stringForm
-)
-{
- NSSUTF8 *rv = (NSSUTF8 *)NULL;
- PRUint32 i;
- const struct nss_attribute_data_str *which =
- (struct nss_attribute_data_str *)NULL;
- PRUint32 len = 0;
-
- for( i = 0; i < nss_attribute_data_quantity; i++ ) {
- if( *(nss_attribute_data[ i ].oid) == oid ) {
- which = &nss_attribute_data[i];
- break;
- }
- }
-
- if( (struct nss_attribute_data_str *)NULL == which ) {
- /* Unknown OID. Encode it as hex. */
- PRUint8 *c;
- PRUint8 *d = (PRUint8 *)item->data;
- PRUint32 amt = item->size;
-
- if( item->size >= 0x7FFFFFFF ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSUTF8 *)NULL;
- }
-
- len = 1 + (item->size * 2) + 1; /* '#' + hex + '\0' */
- rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len);
- if( (NSSUTF8 *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
-
- c = (PRUint8 *)rv;
- *c++ = '#'; /* XXX fgmr check this */
- while( amt > 0 ) {
- static char hex[16] = "0123456789ABCDEF";
- *c++ = hex[ ((*d) & 0xf0) >> 4 ];
- *c++ = hex[ ((*d) & 0x0f) ];
- }
-
- /* *c = '\0'; nss_ZAlloc, remember */
-
- *stringForm = nssStringType_Unknown; /* force exact comparison */
- } else {
- rv = nssUTF8_CreateFromBER(arenaOpt, which->stringType,
- (NSSBER *)item);
-
- if( (NSSUTF8 *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( PR_SUCCESS != nssUTF8_Length(rv, &len) ) {
- nss_ZFreeIf(rv);
- return (NSSUTF8 *)NULL;
- }
-
- *stringForm = nss_attr_underlying_string_form(which->stringType,
- item->data);
- }
-
- return rv;
-}
-
-/*
- * nssATAV_CreateFromBER
- *
- * This routine creates an NSSATAV by decoding a BER- or DER-encoded
- * ATAV. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_IMPLEMENT NSSATAV *
-nssATAV_CreateFromBER
-(
- NSSArena *arenaOpt,
- const NSSBER *berATAV
-)
-{
- atav_holder holder;
- PRStatus status;
- NSSATAV *rv;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-
- /*
- * NSSBERs can be created by the user,
- * so no pointer-tracking can be checked.
- */
-
- if( (NSSBER *)NULL == berATAV ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSATAV *)NULL;
- }
-
- if( (void *)NULL == berATAV->data ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSATAV *)NULL;
- }
-#endif /* NSSDEBUG */
-
- status = nssASN1_DecodeBER(arenaOpt, &holder,
- nss_atav_template, berATAV);
- if( PR_SUCCESS != status ) {
- return (NSSATAV *)NULL;
- }
-
- rv = nss_ZNEW(arenaOpt, NSSATAV);
- if( (NSSATAV *)NULL == rv ) {
- nss_ZFreeIf(holder.oid.data);
- nss_ZFreeIf(holder.value.data);
- return (NSSATAV *)NULL;
- }
-
- rv->oid = nssOID_CreateFromBER(&holder.oid);
- if( (NSSOID *)NULL == rv->oid ) {
- nss_ZFreeIf(rv);
- nss_ZFreeIf(holder.oid.data);
- nss_ZFreeIf(holder.value.data);
- return (NSSATAV *)NULL;
- }
-
- nss_ZFreeIf(holder.oid.data);
-
- rv->ber.data = nss_ZAlloc(arenaOpt, berATAV->size);
- if( (void *)NULL == rv->ber.data ) {
- nss_ZFreeIf(rv);
- nss_ZFreeIf(holder.value.data);
- return (NSSATAV *)NULL;
- }
-
- rv->ber.size = berATAV->size;
- (void)nsslibc_memcpy(rv->ber.data, berATAV->data, berATAV->size);
-
- rv->value = nss_attr_to_utf8(arenaOpt, rv->oid, &holder.value,
- &rv->stringForm);
- if( (NSSUTF8 *)NULL == rv->value ) {
- nss_ZFreeIf(rv->ber.data);
- nss_ZFreeIf(rv);
- nss_ZFreeIf(holder.value.data);
- return (NSSATAV *)NULL;
- }
-
- nss_ZFreeIf(holder.value.data);
-
-#ifdef DEBUG
- if( PR_SUCCESS != atav_add_pointer(rv) ) {
- nss_ZFreeIf(rv->ber.data);
- nss_ZFreeIf(rv->value);
- nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-#endif /* DEBUG */
-
- return rv;
-}
-
-static PRBool
-nss_atav_utf8_string_is_hex
-(
- const NSSUTF8 *s
-)
-{
- /* All hex digits are ASCII, so this works */
- PRUint8 *p = (PRUint8 *)s;
-
- for( ; (PRUint8)0 != *p; p++ ) {
- if( (('0' <= *p) && (*p <= '9')) ||
- (('A' <= *p) && (*p <= 'F')) ||
- (('a' <= *p) && (*p <= 'f')) ) {
- continue;
- } else {
- return PR_FALSE;
- }
- }
-
- return PR_TRUE;
-}
-
-static PRUint8
-nss_atav_fromhex
-(
- PRUint8 *d
-)
-{
- PRUint8 rv;
-
- if( d[0] <= '9' ) {
- rv = (d[0] - '0') * 16;
- } else if( d[0] >= 'a' ) {
- rv = (d[0] - 'a' + 10) * 16;
- } else {
- rv = (d[0] - 'A' + 10);
- }
-
- if( d[1] <= '9' ) {
- rv += (d[1] - '0');
- } else if( d[1] >= 'a' ) {
- rv += (d[1] - 'a' + 10);
- } else {
- rv += (d[1] - 'A' + 10);
- }
-
- return rv;
-}
-
-/*
- * nssATAV_CreateFromUTF8
- *
- * This routine creates an NSSATAV by decoding a UTF8 string in the
- * "equals" format, e.g., "c=US." If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-NSS_IMPLEMENT NSSATAV *
-nssATAV_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- const NSSUTF8 *stringATAV
-)
-{
- char *c;
- NSSUTF8 *type;
- NSSUTF8 *value;
- PRUint32 i;
- const NSSOID *oid = (NSSOID *)NULL;
- NSSATAV *rv;
- NSSItem xitem;
-
- xitem.data = (void *)NULL;
-
- for( c = (char *)stringATAV; '\0' != *c; c++ ) {
- if( '=' == *c ) {
-#ifdef PEDANTIC
- /*
- * Theoretically, one could have an '=' in an
- * attribute string alias. We don't, yet, though.
- */
- if( (char *)stringATAV == c ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSATAV *)NULL;
- } else {
- if( '\\' == c[-1] ) {
- continue;
- }
- }
-#endif /* PEDANTIC */
- break;
- }
- }
-
- if( '\0' == *c ) {
- nss_SetError(NSS_ERROR_INVALID_UTF8);
- return (NSSATAV *)NULL;
- } else {
- c++;
- value = (NSSUTF8 *)c;
- }
-
- i = ((NSSUTF8 *)c - stringATAV);
- type = (NSSUTF8 *)nss_ZAlloc((NSSArena *)NULL, i);
- if( (NSSUTF8 *)NULL == type ) {
- return (NSSATAV *)NULL;
- }
-
- (void)nsslibc_memcpy(type, stringATAV, i-1);
-
- c = (char *)stringATAV;
- if( (('0' <= *c) && (*c <= '9')) || ('#' == *c) ) {
- oid = nssOID_CreateFromUTF8(type);
- if( (NSSOID *)NULL == oid ) {
- nss_ZFreeIf(type);
- return (NSSATAV *)NULL;
- }
- } else {
- for( i = 0; i < nss_attribute_type_alias_count; i++ ) {
- const nssAttributeTypeAliasTable *e = &nss_attribute_type_aliases[i];
- PRBool match = PR_FALSE;
- if( PR_SUCCESS != nssUTF8_CaseIgnoreMatch(type, e->alias,
- &match) ) {
- nss_ZFreeIf(type);
- return (NSSATAV *)NULL;
- }
- if( PR_TRUE == match ) {
- oid = *(e->oid);
- break;
- }
- }
-
- if( (NSSOID *)NULL == oid ) {
- nss_ZFreeIf(type);
- nss_SetError(NSS_ERROR_UNKNOWN_ATTRIBUTE);
- return (NSSATAV *)NULL;
- }
- }
-
- nss_ZFreeIf(type);
- type = (NSSUTF8 *)NULL;
-
- rv = nss_ZNEW(arenaOpt, NSSATAV);
- if( (NSSATAV *)NULL == rv ) {
- return (NSSATAV *)NULL;
- }
-
- rv->oid = oid;
-
- if( '#' == *value ) { /* XXX fgmr.. was it '#'? or backslash? */
- PRUint32 size;
- PRUint32 len;
- PRUint8 *c;
- PRUint8 *d;
- /* It's in hex */
-
- value++;
- if( PR_TRUE != nss_atav_utf8_string_is_hex(value) ) {
- (void)nss_ZFreeIf(rv);
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSATAV *)NULL;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(value, &size) ) {
- /*
- * Only returns an error on bad pointer (nope) or string
- * too long. The defined limits for known attributes are
- * small enough to fit in PRUint32, and when undefined we
- * get to apply our own practical limits. Ergo, I say the
- * string is invalid.
- */
- (void)nss_ZFreeIf(rv);
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSATAV *)NULL;
- }
-
- if( ((size-1) & 1) ) {
- /* odd length */
- (void)nss_ZFreeIf(rv);
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSATAV *)NULL;
- }
-
- len = (size-1)/2;
-
- rv->value = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len+1);
- if( (NSSUTF8 *)NULL == rv->value ) {
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- xitem.size = len;
- xitem.data = (void *)rv->value;
-
- for( c = rv->value, d = value; len--; c++, d += 2 ) {
- *c = nss_atav_fromhex(d);
- }
-
- *c = 0;
- } else {
- PRUint32 i, len;
- PRUint8 *s;
-
- /*
- * XXX fgmr-- okay, this is a little wasteful, and should
- * probably be abstracted out a bit. Later.
- */
-
- rv->value = nssUTF8_Duplicate(value, arenaOpt);
- if( (NSSUTF8 *)NULL == rv->value ) {
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(rv->value, &len) ) {
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- s = (PRUint8 *)rv->value;
- for( i = 0; i < len; i++ ) {
- if( '\\' == s[i] ) {
- (void)nsslibc_memcpy(&s[i], &s[i+1], len-i-1);
- }
- }
- }
-
- /* Now just BER-encode the baby and we're through.. */
- {
- const struct nss_attribute_data_str *which =
- (struct nss_attribute_data_str *)NULL;
- PRUint32 i;
- NSSArena *a;
- NSSDER *oidder;
- NSSItem *vitem;
- atav_holder ah;
- NSSDER *status;
-
- for( i = 0; i < nss_attribute_data_quantity; i++ ) {
- if( *(nss_attribute_data[ i ].oid) == rv->oid ) {
- which = &nss_attribute_data[i];
- break;
- }
- }
-
- a = NSSArena_Create();
- if( (NSSArena *)NULL == a ) {
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- oidder = nssOID_GetDEREncoding(rv->oid, a);
- if( (NSSDER *)NULL == oidder ) {
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- if( (struct nss_attribute_data_str *)NULL == which ) {
- /*
- * We'll just have to take the user data as an octet stream.
- */
- if( (void *)NULL == xitem.data ) {
- /*
- * This means that an ATTR entry has been added to oids.txt,
- * but no corresponding entry has been added to the array
- * ns_attribute_data[] above.
- */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- vitem = nssASN1_EncodeDER(a, (NSSDER *)NULL, &xitem,
- nssASN1Template_OctetString);
- if( (NSSItem *)NULL == vitem ) {
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- rv->stringForm = nssStringType_Unknown;
- } else {
- PRUint32 length = 0;
-
- if( PR_SUCCESS != nssUTF8_Length(rv->value, &length) ) {
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- if( ((0 != which->minStringLength) &&
- (length < which->minStringLength)) ||
- ((0 != which->maxStringLength) &&
- (length > which->maxStringLength)) ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- vitem = nssUTF8_GetDEREncoding(a, which->stringType, rv->value);
- if( (NSSItem *)NULL == vitem ) {
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- if( nssStringType_DirectoryString == which->stringType ) {
- rv->stringForm = nssStringType_UTF8String;
- } else {
- rv->stringForm = which->stringType;
- }
- }
-
- ah.oid = *oidder;
- ah.value = *vitem;
-
- status = nssASN1_EncodeDER(arenaOpt, &rv->ber, &ah,
- nss_atav_template);
-
- if( (NSSDER *)NULL == status ) {
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- (void)NSSArena_Destroy(a);
- }
-
- return rv;
-}
-
-/*
- * nssATAV_Create
- *
- * This routine creates an NSSATAV from the specified NSSOID and the
- * specified data. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap.If the specified data length is zero,
- * the data is assumed to be terminated by first zero byte; this allows
- * UTF8 strings to be easily specified. This routine may return NULL
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_IMPLEMENT NSSATAV *
-nssATAV_Create
-(
- NSSArena *arenaOpt,
- const NSSOID *oid,
- const void *data,
- PRUint32 length
-)
-{
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSATAV *)NULL;
- }
-
- if( (const void *)NULL == data ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSATAV *)NULL;
- }
-#endif /* NSSDEBUG */
-
- /* XXX fgmr-- oops, forgot this one */
- return (NSSATAV *)NULL;
-}
-
-/*
- * nssATAV_Destroy
- *
- * This routine will destroy an ATAV object. It should eventually be
- * called on all ATAVs created without an arena. While it is not
- * necessary to call it on ATAVs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssATAV_Destroy
-(
- NSSATAV *atav
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- (void)nss_ZFreeIf(atav->ber.data);
- (void)nss_ZFreeIf(atav->value);
-
-#ifdef DEBUG
- if( PR_SUCCESS != atav_remove_pointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return PR_SUCCESS;
-}
-
-/*
- * nssATAV_GetDEREncoding
- *
- * This routine will DER-encode an ATAV object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSATAV
- */
-
-NSS_IMPLEMENT NSSDER *
-nssATAV_GetDEREncoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- NSSDER *rv;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSDER *)NULL;
- }
-#endif /* NSSDEBUG */
-
- rv = nss_ZNEW(arenaOpt, NSSDER);
- if( (NSSDER *)NULL == rv ) {
- return (NSSDER *)NULL;
- }
-
- rv->data = nss_ZAlloc(arenaOpt, atav->ber.size);
- if( (void *)NULL == rv->data ) {
- (void)nss_ZFreeIf(rv);
- return (NSSDER *)NULL;
- }
-
- rv->size = atav->ber.size;
- if( PR_SUCCESS != nsslibc_memcpy(rv->data, atav->ber.data,
- rv->size) ) {
- (void)nss_ZFreeIf(rv->data);
- (void)nss_ZFreeIf(rv);
- return (NSSDER *)NULL;
- }
-
- return rv;
-}
-
-/*
- * nssATAV_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the ATAV in "equals" notation (e.g., "o=Acme").
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the "equals" encoding of the
- * ATAV
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssATAV_GetUTF8Encoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- NSSUTF8 *rv;
- PRUint32 i;
- const NSSUTF8 *alias = (NSSUTF8 *)NULL;
- NSSUTF8 *oid;
- NSSUTF8 *value;
- PRUint32 oidlen;
- PRUint32 valuelen;
- PRUint32 totallen;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSUTF8 *)NULL;
- }
-#endif /* NSSDEBUG */
-
- for( i = 0; i < nss_attribute_type_alias_count; i++ ) {
- if( *(nss_attribute_type_aliases[i].oid) == atav->oid ) {
- alias = nss_attribute_type_aliases[i].alias;
- break;
- }
- }
-
- if( (NSSUTF8 *)NULL == alias ) {
- oid = nssOID_GetUTF8Encoding(atav->oid, (NSSArena *)NULL);
- if( (NSSUTF8 *)NULL == oid ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(oid, &oidlen) ) {
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
- } else {
- if( PR_SUCCESS != nssUTF8_Size(alias, &oidlen) ) {
- return (NSSUTF8 *)NULL;
- }
- oid = (NSSUTF8 *)NULL;
- }
-
- value = nssATAV_GetValue(atav, (NSSArena *)NULL);
- if( (NSSUTF8 *)NULL == value ) {
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(value, &valuelen) ) {
- (void)nss_ZFreeIf(value);
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
-
- totallen = oidlen + valuelen - 1 + 1;
- rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, totallen);
- if( (NSSUTF8 *)NULL == rv ) {
- (void)nss_ZFreeIf(value);
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSUTF8 *)NULL == alias ) {
- if( (void *)NULL == nsslibc_memcpy(rv, oid, oidlen-1) ) {
- (void)nss_ZFreeIf(rv);
- (void)nss_ZFreeIf(value);
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
- } else {
- if( (void *)NULL == nsslibc_memcpy(rv, alias, oidlen-1) ) {
- (void)nss_ZFreeIf(rv);
- (void)nss_ZFreeIf(value);
- return (NSSUTF8 *)NULL;
- }
- }
-
- rv[ oidlen-1 ] = '=';
-
- if( (void *)NULL == nsslibc_memcpy(&rv[oidlen], value, valuelen) ) {
- (void)nss_ZFreeIf(rv);
- (void)nss_ZFreeIf(value);
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
-
- return rv;
-}
-
-/*
- * nssATAV_GetType
- *
- * This routine returns the NSSOID corresponding to the attribute type
- * in the specified ATAV. This routine may return NSS_OID_UNKNOWN
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * A valid NSSOID pointer upon success
- */
-
-NSS_IMPLEMENT const NSSOID *
-nssATAV_GetType
-(
- NSSATAV *atav
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSOID *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return atav->oid;
-}
-
-/*
- * nssATAV_GetValue
- *
- * This routine returns a NSSUTF8 string containing the attribute value
- * in the specified ATAV. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error upon the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSItem containing the attribute value.
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssATAV_GetValue
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSUTF8 *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return nssUTF8_Duplicate(atav->value, arenaOpt);
-}
-
-/*
- * nssATAV_Compare
- *
- * This routine compares two ATAVs for equality. For two ATAVs to be
- * equal, the attribute types must be the same, and the attribute
- * values must have equal length and contents. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have set an
- * error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_IMPLEMENT PRStatus
-nssATAV_Compare
-(
- NSSATAV *atav1,
- NSSATAV *atav2,
- PRBool *equalp
-)
-{
- nssStringType comparison;
- PRUint32 len1;
- PRUint32 len2;
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav1) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssATAV_verifyPointer(atav2) ) {
- return PR_FAILURE;
- }
-
- if( (PRBool *)NULL == equalp ) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( atav1->oid != atav2->oid ) {
- *equalp = PR_FALSE;
- return PR_SUCCESS;
- }
-
- if( atav1->stringForm != atav2->stringForm ) {
- if( (nssStringType_PrintableString == atav1->stringForm) ||
- (nssStringType_PrintableString == atav2->stringForm) ) {
- comparison = nssStringType_PrintableString;
- } else if( (nssStringType_PHGString == atav1->stringForm) ||
- (nssStringType_PHGString == atav2->stringForm) ) {
- comparison = nssStringType_PHGString;
- } else {
- comparison = atav1->stringForm;
- }
- } else {
- comparison = atav1->stringForm;
- }
-
- switch( comparison ) {
- case nssStringType_DirectoryString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
- case nssStringType_TeletexString:
- break;
- case nssStringType_PrintableString:
- return nssUTF8_PrintableMatch(atav1->value, atav2->value,
- equalp);
- /* Case-insensitive, with whitespace reduction */
- break;
- case nssStringType_UniversalString:
- break;
- case nssStringType_BMPString:
- break;
- case nssStringType_UTF8String:
- break;
- case nssStringType_PHGString:
- /* Case-insensitive (XXX fgmr, actually see draft-11 pg. 21) */
- return nssUTF8_CaseIgnoreMatch(atav1->value, atav2->value,
- equalp);
- case nssStringType_Unknown:
- break;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(atav1->value, &len1) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(atav2->value, &len2) ) {
- return PR_FAILURE;
- }
-
- if( len1 != len2 ) {
- *equalp = PR_FALSE;
- return PR_SUCCESS;
- }
-
- return nsslibc_compare(atav1->value, atav2->value, len1, equalp);
-}
-
-
-/*
- * nssATAV_Duplicate
- *
- * This routine duplicates the specified ATAV. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new ATAV
- */
-
-NSS_IMPLEMENT NSSATAV *
-nssATAV_Duplicate
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- NSSATAV *rv;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSATAV *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- rv = nss_ZNEW(arenaOpt, NSSATAV);
- if( (NSSATAV *)NULL == rv ) {
- return (NSSATAV *)NULL;
- }
-
- rv->oid = atav->oid;
- rv->stringForm = atav->stringForm;
- rv->value = nssUTF8_Duplicate(atav->value, arenaOpt);
- if( (NSSUTF8 *)NULL == rv->value ) {
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- rv->ber.data = nss_ZAlloc(arenaOpt, atav->ber.size);
- if( (void *)NULL == rv->ber.data ) {
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- rv->ber.size = atav->ber.size;
- if( PR_SUCCESS != nsslibc_memcpy(rv->ber.data, atav->ber.data,
- atav->ber.size) ) {
- (void)nss_ZFreeIf(rv->ber.data);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- return rv;
-}
diff --git a/security/nss/lib/pki1/config.mk b/security/nss/lib/pki1/config.mk
deleted file mode 100644
index 80b3135f4..000000000
--- a/security/nss/lib/pki1/config.mk
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-ifdef BUILD_IDG
-DEFINES += -DNSSDEBUG
-endif
diff --git a/security/nss/lib/pki1/genname.c b/security/nss/lib/pki1/genname.c
deleted file mode 100644
index e7b12806a..000000000
--- a/security/nss/lib/pki1/genname.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * genname.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * GeneralName.
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * GeneralName
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * GeneralName ::= CHOICE {
- * otherName [0] INSTANCE OF OTHER-NAME,
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER }
- *
- * OTHER-NAME ::= TYPE-IDENTIFIER
- *
- * EDIPartyName ::= SEQUENCE {
- * nameAssigner [0] DirectoryString {ub-name} OPTIONAL,
- * partyName [1] DirectoryString {ub-name} }
- *
- */
-
-struct nssGeneralNameStr {
- NSSGeneralNameChoice choice;
- union {
- /* OTHER-NAME otherName */
- NSSUTF8 *rfc822Name;
- NSSUTF8 *dNSName;
- /* ORAddress x400Address */
- NSSName *directoryName;
- /* EDIPartyName ediPartyName */
- NSSUTF8 *uniformResourceIdentifier;
- NSSItem *iPAddress;
- NSSOID *registeredID;
- } u;
-};
diff --git a/security/nss/lib/pki1/gnseq.c b/security/nss/lib/pki1/gnseq.c
deleted file mode 100644
index e56ec93b9..000000000
--- a/security/nss/lib/pki1/gnseq.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * gnseq.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * GeneralNames (note the ending 's').
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * GeneralNames (or, as we call it, GeneralNameSeq)
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
- *
- * A GeneralNames is simply an (ordered) sequence of General Names.
- * The seqSize variable is "helper" kept for simplicity.
- */
-
-struct nssGeneralNameSeqStr {
- PRUint32 seqSize;
- NSSGeneralName **generalNames;
-};
diff --git a/security/nss/lib/pki1/manifest.mn b/security/nss/lib/pki1/manifest.mn
deleted file mode 100644
index 8e032d974..000000000
--- a/security/nss/lib/pki1/manifest.mn
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-CORE_DEPTH = ../../..
-
-PRIVATE_EXPORTS = \
- pki1.h \
- pki1t.h \
- $(NULL)
-
-EXPORTS = \
- oiddata.h \
- nsspki1.h \
- nsspki1t.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- atav.c \
- genname.c \
- gnseq.c \
- name.c \
- oid.c \
- oiddata.c \
- rdn.c \
- rdnseq.c \
- $(NULL)
-
-REQUIRES = security nspr
-
-LIBRARY_NAME = pki1
diff --git a/security/nss/lib/pki1/name.c b/security/nss/lib/pki1/name.c
deleted file mode 100644
index 558e1142f..000000000
--- a/security/nss/lib/pki1/name.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * name.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * Name.
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * Name
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * -- naming data types --
- *
- * Name ::= CHOICE { -- only one possibility for now --
- * rdnSequence RDNSequence }
- *
- * A name is basically a union of the possible names. At the moment,
- * there is only one type of name: an RDNSequence.
- */
-
-struct nssNameStr {
- PRUint32 tagPlaceHolder;
- union {
- NSSRDNSeq *rdnSequence;
- } n;
-};
-
diff --git a/security/nss/lib/pki1/nsspki1.h b/security/nss/lib/pki1/nsspki1.h
deleted file mode 100644
index 3498ab520..000000000
--- a/security/nss/lib/pki1/nsspki1.h
+++ /dev/null
@@ -1,2869 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSPKI1_H
-#define NSSPKI1_H
-
-#ifdef DEBUG
-static const char NSSPKI1_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nsspki1.h
- *
- * This file contains the prototypes of the public NSS routines
- * dealing with the PKIX part-1 definitions.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-#ifndef NSSPKI1T_H
-#include "nsspki1t.h"
-#endif /* NSSPKI1T_H */
-
-#ifndef OIDDATA_H
-#include "oiddata.h"
-#endif /* OIDDATA_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * NSSOID
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSOID_CreateFromBER -- constructor
- * NSSOID_CreateFromUTF8 -- constructor
- * (there is no explicit destructor)
- *
- * NSSOID_GetDEREncoding
- * NSSOID_GetUTF8Encoding
- */
-
-extern const NSSOID *NSS_OID_UNKNOWN;
-
-/*
- * NSSOID_CreateFromBER
- *
- * This routine creates an NSSOID by decoding a BER- or DER-encoded
- * OID. It may return NSS_OID_UNKNOWN upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-NSSOID_CreateFromBER
-(
- NSSBER *berOid
-);
-
-extern const NSSError NSS_ERROR_INVALID_BER;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSOID_CreateFromUTF8
- *
- * This routine creates an NSSOID by decoding a UTF8 string
- * representation of an OID in dotted-number format. The string may
- * optionally begin with an octothorpe. It may return NSS_OID_UNKNOWN
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-NSSOID_CreateFromUTF8
-(
- NSSUTF8 *stringOid
-);
-
-extern const NSSError NSS_ERROR_INVALID_STRING;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSOID_GetDEREncoding
- *
- * This routine returns the DER encoding of the specified NSSOID.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return return null upon error, in
- * which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSOID
- */
-
-NSS_EXTERN NSSDER *
-NSSOID_GetDEREncoding
-(
- const NSSOID *oid,
- NSSDER *rvOpt,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSOID_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing the dotted-number
- * encoding of the specified NSSOID. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return null upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the dotted-digit encoding of
- * this NSSOID
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSOID_GetUTF8Encoding
-(
- const NSSOID *oid,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSATAV_CreateFromBER -- constructor
- * NSSATAV_CreateFromUTF8 -- constructor
- * NSSATAV_Create -- constructor
- *
- * NSSATAV_Destroy
- * NSSATAV_GetDEREncoding
- * NSSATAV_GetUTF8Encoding
- * NSSATAV_GetType
- * NSSATAV_GetValue
- * NSSATAV_Compare
- * NSSATAV_Duplicate
- */
-
-/*
- * NSSATAV_CreateFromBER
- *
- * This routine creates an NSSATAV by decoding a BER- or DER-encoded
- * ATAV. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-NSSATAV_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *derATAV
-);
-
-extern const NSSError NSS_ERROR_INVALID_BER;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_CreateFromUTF8
- *
- * This routine creates an NSSATAV by decoding a UTF8 string in the
- * "equals" format, e.g., "c=US." If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-NSSATAV_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringATAV
-);
-
-extern const NSSError NSS_ERROR_UNKNOWN_ATTRIBUTE;
-extern const NSSError NSS_ERROR_INVALID_STRING;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_Create
- *
- * This routine creates an NSSATAV from the specified NSSOID and the
- * specified data. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap.If the specified data length is zero,
- * the data is assumed to be terminated by first zero byte; this allows
- * UTF8 strings to be easily specified. This routine may return NULL
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-NSSATAV_Create
-(
- NSSArena *arenaOpt,
- const NSSOID *oid,
- const void *data,
- PRUint32 length
-);
-
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_Destroy
- *
- * This routine will destroy an ATAV object. It should eventually be
- * called on all ATAVs created without an arena. While it is not
- * necessary to call it on ATAVs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSATAV_Destroy
-(
- NSSATAV *atav
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-
-/*
- * NSSATAV_GetDEREncoding
- *
- * This routine will DER-encode an ATAV object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSATAV
- */
-
-NSS_EXTERN NSSDER *
-NSSATAV_GetDEREncoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the ATAV in "equals" notation (e.g., "o=Acme").
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the "equals" encoding of the
- * ATAV
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSATAV_GetUTF8Encoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_GetType
- *
- * This routine returns the NSSOID corresponding to the attribute type
- * in the specified ATAV. This routine may return NSS_OID_UNKNOWN
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An element of enum NSSOIDenum upon success
- */
-
-NSS_EXTERN const NSSOID *
-NSSATAV_GetType
-(
- NSSATAV *atav
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-
-/*
- * NSSATAV_GetValue
- *
- * This routine returns an NSSItem containing the attribute value
- * in the specified ATAV. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSItem containing the attribute value.
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSATAV_GetValue
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_Compare
- *
- * This routine compares two ATAVs for equality. For two ATAVs to be
- * equal, the attribute types must be the same, and the attribute
- * values must have equal length and contents. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSATAV_Compare
-(
- NSSATAV *atav1,
- NSSATAV *atav2,
- PRBool *equalp
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
-
-/*
- * NSSATAV_Duplicate
- *
- * This routine duplicates the specified ATAV. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new ATAV
- */
-
-NSS_EXTERN NSSATAV *
-NSSATAV_Duplicate
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSRDN
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSRDN_CreateFromBER -- constructor
- * NSSRDN_CreateFromUTF8 -- constructor
- * NSSRDN_Create -- constructor
- * NSSRDN_CreateSimple -- constructor
- *
- * NSSRDN_Destroy
- * NSSRDN_GetDEREncoding
- * NSSRDN_GetUTF8Encoding
- * NSSRDN_AddATAV
- * NSSRDN_GetATAVCount
- * NSSRDN_GetATAV
- * NSSRDN_GetSimpleATAV
- * NSSRDN_Compare
- * NSSRDN_Duplicate
- */
-
-/*
- * NSSRDN_CreateFromBER
- *
- * This routine creates an NSSRDN by decoding a BER- or DER-encoded
- * RDN. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDN_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berRDN
-);
-
-/*
- * NSSRDN_CreateFromUTF8
- *
- * This routine creates an NSSRDN by decoding an UTF8 string
- * consisting of either a single ATAV in the "equals" format, e.g.,
- * "uid=smith," or one or more such ATAVs in parentheses, e.g.,
- * "(sn=Smith,ou=Sales)." If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDN_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringRDN
-);
-
-/*
- * NSSRDN_Create
- *
- * This routine creates an NSSRDN from one or more NSSATAVs. The
- * final argument to this routine must be NULL. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDN_Create
-(
- NSSArena *arenaOpt,
- NSSATAV *atav1,
- ...
-);
-
-/*
- * NSSRDN_CreateSimple
- *
- * This routine creates a simple NSSRDN from a single NSSATAV. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDN_CreateSimple
-(
- NSSArena *arenaOpt,
- NSSATAV *atav
-);
-
-/*
- * NSSRDN_Destroy
- *
- * This routine will destroy an RDN object. It should eventually be
- * called on all RDNs created without an arena. While it is not
- * necessary to call it on RDNs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * PR_FAILURE upon failure
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSRDN_Destroy
-(
- NSSRDN *rdn
-);
-
-/*
- * NSSRDN_GetDEREncoding
- *
- * This routine will DER-encode an RDN object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSRDN
- */
-
-NSS_EXTERN NSSDER *
-NSSRDN_GetDEREncoding
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDN_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the RDN. A simple (one-ATAV) RDN will be simply
- * the string representation of that ATAV; a non-simple RDN will be in
- * parenthesised form. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * null upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSRDN_GetUTF8Encoding
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDN_AddATAV
- *
- * This routine adds an ATAV to the set of ATAVs in the specified RDN.
- * Remember that RDNs consist of an unordered set of ATAVs. If the
- * RDN was created with a non-null arena argument, that same arena
- * will be used for any additional required memory. If the RDN was
- * created with a NULL arena argument, any additional memory will
- * be obtained from the heap. This routine returns a PRStatus value;
- * it will return PR_SUCCESS upon success, and upon failure it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSRDN_AddATAV
-(
- NSSRDN *rdn,
- NSSATAV *atav
-);
-
-/*
- * NSSRDN_GetATAVCount
- *
- * This routine returns the cardinality of the set of ATAVs within
- * the specified RDN. This routine may return 0 upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-NSSRDN_GetATAVCount
-(
- NSSRDN *rdn
-);
-
-/*
- * NSSRDN_GetATAV
- *
- * This routine returns a pointer to an ATAV that is a member of
- * the set of ATAVs within the specified RDN. While the set of
- * ATAVs within an RDN is unordered, this routine will return
- * distinct values for distinct values of 'i' as long as the RDN
- * is not changed in any way. The RDN may be changed by calling
- * NSSRDN_AddATAV. The value of the variable 'i' is on the range
- * [0,c) where c is the cardinality returned from NSSRDN_GetATAVCount.
- * The caller owns the ATAV the pointer to which is returned. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSATAV
- */
-
-NSS_EXTERN NSSATAV *
-NSSRDN_GetATAV
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * NSSRDN_GetSimpleATAV
- *
- * Most RDNs are actually very simple, with a single ATAV. This
- * routine will return the single ATAV from such an RDN. The caller
- * owns the ATAV the pointer to which is returned. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, including the case where
- * the set of ATAVs in the RDN is nonsingular. Upon error, this
- * routine will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_RDN_NOT_SIMPLE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSATAV
- */
-
-NSS_EXTERN NSSATAV *
-NSSRDN_GetSimpleATAV
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDN_Compare
- *
- * This routine compares two RDNs for equality. For two RDNs to be
- * equal, they must have the same number of ATAVs, and every ATAV in
- * one must be equal to an ATAV in the other. (Note that the sets
- * of ATAVs are unordered.) The result of the comparison will be
- * stored at the location pointed to by the "equalp" variable, which
- * must point to a valid PRBool. This routine may return PR_FAILURE
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSRDN_Compare
-(
- NSSRDN *rdn1,
- NSSRDN *rdn2,
- PRBool *equalp
-);
-
-/*
- * NSSRDN_Duplicate
- *
- * This routine duplicates the specified RDN. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new RDN
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDN_Duplicate
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDNSeq
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSRDNSeq_CreateFromBER -- constructor
- * NSSRDNSeq_CreateFromUTF8 -- constructor
- * NSSRDNSeq_Create -- constructor
- *
- * NSSRDNSeq_Destroy
- * NSSRDNSeq_GetDEREncoding
- * NSSRDNSeq_GetUTF8Encoding
- * NSSRDNSeq_AppendRDN
- * NSSRDNSeq_GetRDNCount
- * NSSRDNSeq_GetRDN
- * NSSRDNSeq_Compare
- * NSSRDNSeq_Duplicate
- */
-
-/*
- * NSSRDNSeq_CreateFromBER
- *
- * This routine creates an NSSRDNSeq by decoding a BER- or DER-encoded
- * sequence of RDNs. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-NSSRDNSeq_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berRDNSeq
-);
-
-/*
- * NSSRDNSeq_CreateFromUTF8
- *
- * This routine creates an NSSRDNSeq by decoding a UTF8 string
- * consisting of a comma-separated sequence of RDNs, such as
- * "(sn=Smith,ou=Sales),o=Acme,c=US." If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-NSSRDNSeq_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringRDNSeq
-);
-
-/*
- * NSSRDNSeq_Create
- *
- * This routine creates an NSSRDNSeq from one or more NSSRDNs. The
- * final argument to this routine must be NULL. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * NULL upon error
- * A pointero to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-NSSRDNSeq_Create
-(
- NSSArena *arenaOpt,
- NSSRDN *rdn1,
- ...
-);
-
-/*
- * NSSRDNSeq_Destroy
- *
- * This routine will destroy an RDNSeq object. It should eventually
- * be called on all RDNSeqs created without an arena. While it is not
- * necessary to call it on RDNSeqs created within an arena, it is not
- * an error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSRDNSeq_Destroy
-(
- NSSRDNSeq *rdnseq
-);
-
-/*
- * NSSRDNSeq_GetDEREncoding
- *
- * This routine will DER-encode an RDNSeq object. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSRDNSeq
- */
-
-NSS_EXTERN NSSDER *
-NSSRDNSeq_GetDEREncoding
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDNSeq_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the RDNSeq as a comma-separated sequence of RDNs.
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to the UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSRDNSeq_GetUTF8Encoding
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDNSeq_AppendRDN
- *
- * This routine appends an RDN to the end of the existing RDN
- * sequence. If the RDNSeq was created with a non-null arena
- * argument, that same arena will be used for any additional required
- * memory. If the RDNSeq was created with a NULL arena argument, any
- * additional memory will be obtained from the heap. This routine
- * returns a PRStatus value; it will return PR_SUCCESS upon success,
- * and upon failure it will create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSRDNSeq_AppendRDN
-(
- NSSRDNSeq *rdnseq,
- NSSRDN *rdn
-);
-
-/*
- * NSSRDNSeq_GetRDNCount
- *
- * This routine returns the cardinality of the sequence of RDNs within
- * the specified RDNSeq. This routine may return 0 upon error, in
- * which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- *
- * Return value:
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-NSSRDNSeq_GetRDNCount
-(
- NSSRDNSeq *rdnseq
-);
-
-/*
- * NSSRDNSeq_GetRDN
- *
- * This routine returns a pointer to the i'th RDN in the sequence of
- * RDNs that make up the specified RDNSeq. The sequence begins with
- * the top-level (e.g., "c=US") RDN. The value of the variable 'i'
- * is on the range [0,c) where c is the cardinality returned from
- * NSSRDNSeq_GetRDNCount. The caller owns the RDN the pointer to which
- * is returned. If the optional arena argument is non-null, the memory
- * used will be obtained from that areana; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack. Note that the
- * usual string representation of RDN Sequences is from last to first.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRDN
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDNSeq_GetRDN
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * NSSRDNSeq_Compare
- *
- * This routine compares two RDNSeqs for equality. For two RDNSeqs to
- * be equal, they must have the same number of RDNs, and each RDN in
- * one sequence must be equal to the corresponding RDN in the other
- * sequence. The result of the comparison will be stored at the
- * location pointed to by the "equalp" variable, which must point to a
- * valid PRBool. This routine may return PR_FAILURE upon error, in
- * which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSRDNSeq_Compare
-(
- NSSRDNSeq *rdnseq1,
- NSSRDNSeq *rdnseq2,
- PRBool *equalp
-);
-
-/*
- * NSSRDNSeq_Duplicate
- *
- * This routine duplicates the specified RDNSeq. If the optional arena
- * argument is non-null, the memory required will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new RDNSeq
- */
-
-NSS_EXTERN NSSRDNSeq *
-NSSRDNSeq_Duplicate
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSName_CreateFromBER -- constructor
- * NSSName_CreateFromUTF8 -- constructor
- * NSSName_Create -- constructor
- *
- * NSSName_Destroy
- * NSSName_GetDEREncoding
- * NSSName_GetUTF8Encoding
- * NSSName_GetChoice
- * NSSName_GetRDNSequence
- * NSSName_GetSpecifiedChoice
- * NSSName_Compare
- * NSSName_Duplicate
- *
- * NSSName_GetUID
- * NSSName_GetEmail
- * NSSName_GetCommonName
- * NSSName_GetOrganization
- * NSSName_GetOrganizationalUnits
- * NSSName_GetStateOrProvince
- * NSSName_GetLocality
- * NSSName_GetCountry
- * NSSName_GetAttribute
- */
-
-/*
- * NSSName_CreateFromBER
- *
- * This routine creates an NSSName by decoding a BER- or DER-encoded
- * (directory) Name. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have created an error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-NSSName_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berName
-);
-
-/*
- * NSSName_CreateFromUTF8
- *
- * This routine creates an NSSName by decoding a UTF8 string
- * consisting of the string representation of one of the choices of
- * (directory) names. Currently the only choice is an RDNSeq. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. The routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-NSSName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringName
-);
-
-/*
- * NSSName_Create
- *
- * This routine creates an NSSName with the specified choice of
- * underlying name types. The value of the choice variable must be
- * one of the values of the NSSNameChoice enumeration, and the type
- * of the arg variable must be as specified in the following table:
- *
- * Choice Type
- * ======================== ===========
- * NSSNameChoiceRdnSequence NSSRDNSeq *
- *
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-NSSName_Create
-(
- NSSArena *arenaOpt,
- NSSNameChoice choice,
- void *arg
-);
-
-/*
- * NSSName_Destroy
- *
- * This routine will destroy a Name object. It should eventually be
- * called on all Names created without an arena. While it is not
- * necessary to call it on Names created within an arena, it is not
- * an error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSName_Destroy
-(
- NSSName *name
-);
-
-/*
- * NSSName_GetDEREncoding
- *
- * This routine will DER-encode a name object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSName
- */
-
-NSS_EXTERN NSSDER *
-NSSName_GetDEREncoding
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the Name in the format specified by the
- * underlying name choice. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to the UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSName_GetUTF8Encoding
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetChoice
- *
- * This routine returns the type of the choice underlying the specified
- * name. The return value will be a member of the NSSNameChoice
- * enumeration. This routine may return NSSNameChoiceInvalid upon
- * error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- *
- * Return value:
- * NSSNameChoiceInvalid upon error
- * An other member of the NSSNameChoice enumeration upon success
- */
-
-NSS_EXTERN NSSNameChoice
-NSSName_GetChoice
-(
- NSSName *name
-);
-
-/*
- * NSSName_GetRDNSequence
- *
- * If the choice underlying the specified NSSName is that of an
- * RDNSequence, this routine will return a pointer to that RDN
- * sequence. Otherwise, this routine will place an error on the
- * error stack, and return NULL. If the optional arena argument is
- * non-null, the memory required will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. The
- * caller owns the returned pointer. This routine may return NULL
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRDNSeq
- */
-
-NSS_EXTERN NSSRDNSeq *
-NSSName_GetRDNSequence
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetSpecifiedChoice
- *
- * If the choice underlying the specified NSSName matches the specified
- * choice, a caller-owned pointer to that underlying object will be
- * returned. Otherwise, an error will be placed on the error stack and
- * NULL will be returned. If the optional arena argument is non-null,
- * the memory required will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer, which must be typecast
- */
-
-NSS_EXTERN void *
-NSSName_GetSpecifiedChoice
-(
- NSSName *name,
- NSSNameChoice choice,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_Compare
- *
- * This routine compares two Names for equality. For two Names to be
- * equal, they must have the same choice of underlying types, and the
- * underlying values must be equal. The result of the comparison will
- * be stored at the location pointed to by the "equalp" variable, which
- * must point to a valid PRBool. This routine may return PR_FAILURE
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSName_Compare
-(
- NSSName *name1,
- NSSName *name2,
- PRBool *equalp
-);
-
-/*
- * NSSName_Duplicate
- *
- * This routine duplicates the specified nssname. If the optional
- * arena argument is non-null, the memory required will be obtained
- * from that arena; otherwise, the memory will be obtained from the
- * heap. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new NSSName
- */
-
-NSS_EXTERN NSSName *
-NSSName_Duplicate
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetUID
- *
- * This routine will attempt to derive a user identifier from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing a UID attribute, the UID will be the value of
- * that attribute. Note that no UID attribute is defined in either
- * PKIX or PKCS#9; rather, this seems to derive from RFC 1274, which
- * defines the type as a caseIgnoreString. We'll return a Directory
- * String. If the optional arena argument is non-null, the memory
- * used will be obtained from that arena; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_UID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String.
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetUID
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetEmail
- *
- * This routine will attempt to derive an email address from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing either a PKIX email address or a PKCS#9 email
- * address, the result will be the value of that attribute. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_EMAIL
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5 String */
-NSSName_GetEmail
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetCommonName
- *
- * This routine will attempt to derive a common name from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished Names
- * containing a PKIX Common Name, the result will be that name. If
- * the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetCommonName
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetOrganization
- *
- * This routine will attempt to derive an organisation name from the
- * specified name, if the choices and content of the name permit.
- * If Name consists of a Sequence of Relative Distinguished names
- * containing a PKIX Organization, the result will be the value of
- * that attribute. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. This routine may return NULL upon
- * error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ORGANIZATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetOrganization
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetOrganizationalUnits
- *
- * This routine will attempt to derive a sequence of organisational
- * unit names from the specified name, if the choices and content of
- * the name permit. If the Name consists of a Sequence of Relative
- * Distinguished Names containing one or more organisational units,
- * the result will be the values of those attributes. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ORGANIZATIONAL_UNITS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a null-terminated array of UTF8 Strings
- */
-
-NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */
-NSSName_GetOrganizationalUnits
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetStateOrProvince
- *
- * This routine will attempt to derive a state or province name from
- * the specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished Names
- * containing a state or province, the result will be the value of
- * that attribute. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. This routine may return NULL upon
- * error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_STATE_OR_PROVINCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetStateOrProvince
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetLocality
- *
- * This routine will attempt to derive a locality name from the
- * specified name, if the choices and content of the name permit. If
- * the Name consists of a Sequence of Relative Distinguished names
- * containing a Locality, the result will be the value of that
- * attribute. If the optional arena argument is non-null, the memory
- * used will be obtained from that arena; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_LOCALITY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetLocality
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetCountry
- *
- * This routine will attempt to derive a country name from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing a Country, the result will be the value of
- * that attribute.. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_COUNTRY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */
-NSSName_GetCountry
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetAttribute
- *
- * If the specified name consists of a Sequence of Relative
- * Distinguished Names containing an attribute with the specified
- * type, and the actual value of that attribute may be expressed
- * with a Directory String, then the value of that attribute will
- * be returned as a Directory String. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ATTRIBUTE
- * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetAttribute
-(
- NSSName *name,
- NSSOID *attribute,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSGeneralName_CreateFromBER -- constructor
- * NSSGeneralName_CreateFromUTF8 -- constructor
- * NSSGeneralName_Create -- constructor
- *
- * NSSGeneralName_Destroy
- * NSSGeneralName_GetDEREncoding
- * NSSGeneralName_GetUTF8Encoding
- * NSSGeneralName_GetChoice
- * NSSGeneralName_GetOtherName
- * NSSGeneralName_GetRfc822Name
- * NSSGeneralName_GetDNSName
- * NSSGeneralName_GetX400Address
- * NSSGeneralName_GetDirectoryName
- * NSSGeneralName_GetEdiPartyName
- * NSSGeneralName_GetUniformResourceIdentifier
- * NSSGeneralName_GetIPAddress
- * NSSGeneralName_GetRegisteredID
- * NSSGeneralName_GetSpecifiedChoice
- * NSSGeneralName_Compare
- * NSSGeneralName_Duplicate
- *
- * NSSGeneralName_GetUID
- * NSSGeneralName_GetEmail
- * NSSGeneralName_GetCommonName
- * NSSGeneralName_GetOrganization
- * NSSGeneralName_GetOrganizationalUnits
- * NSSGeneralName_GetStateOrProvince
- * NSSGeneralName_GetLocality
- * NSSGeneralName_GetCountry
- * NSSGeneralName_GetAttribute
- */
-
-/*
- * NSSGeneralName_CreateFromBER
- *
- * This routine creates an NSSGeneralName by decoding a BER- or DER-
- * encoded general name. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-NSSGeneralName_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berGeneralName
-);
-
-/*
- * NSSGeneralName_CreateFromUTF8
- *
- * This routine creates an NSSGeneralName by decoding a UTF8 string
- * consisting of the string representation of one of the choices of
- * general names. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The routine may return NULL upon
- * error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-NSSGeneralName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringGeneralName
-);
-
-/*
- * NSSGeneralName_Create
- *
- * This routine creates an NSSGeneralName with the specified choice of
- * underlying name types. The value of the choice variable must be one
- * of the values of the NSSGeneralNameChoice enumeration, and the type
- * of the arg variable must be as specified in the following table:
- *
- * Choice Type
- * ============================================ =========
- * NSSGeneralNameChoiceOtherName
- * NSSGeneralNameChoiceRfc822Name
- * NSSGeneralNameChoiceDNSName
- * NSSGeneralNameChoiceX400Address
- * NSSGeneralNameChoiceDirectoryName NSSName *
- * NSSGeneralNameChoiceEdiPartyName
- * NSSGeneralNameChoiceUniformResourceIdentifier
- * NSSGeneralNameChoiceIPAddress
- * NSSGeneralNameChoiceRegisteredID
- *
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one fo the following values:
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-NSSGeneralName_Create
-(
- NSSGeneralNameChoice choice,
- void *arg
-);
-
-/*
- * NSSGeneralName_Destroy
- *
- * This routine will destroy a General Name object. It should
- * eventually be called on all General Names created without an arena.
- * While it is not necessary to call it on General Names created within
- * an arena, it is not an error to do so. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * usuccessful, it will create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * PR_FAILURE upon failure
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSGeneralName_Destroy
-(
- NSSGeneralName *generalName
-);
-
-/*
- * NSSGeneralName_GetDEREncoding
- *
- * This routine will DER-encode a name object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSGeneralName
- */
-
-NSS_EXTERN NSSDER *
-NSSGeneralName_GetDEREncoding
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the General Name in the format specified by the
- * underlying name choice. If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSGeneralName_GetUTF8Encoding
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetChoice
- *
- * This routine returns the type of choice underlying the specified
- * general name. The return value will be a member of the
- * NSSGeneralNameChoice enumeration. This routine may return
- * NSSGeneralNameChoiceInvalid upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * NSSGeneralNameChoiceInvalid upon error
- * An other member of the NSSGeneralNameChoice enumeration
- */
-
-NSS_EXTERN NSSGeneralNameChoice
-NSSGeneralName_GetChoice
-(
- NSSGeneralName *generalName
-);
-
-/*
- * NSSGeneralName_GetOtherName
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * Other Name, this routine will return a pointer to that Other name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSOtherName
- */
-
-NSS_EXTERN NSSOtherName *
-NSSGeneralName_GetOtherName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetRfc822Name
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * RFC 822 Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRFC822Name
- */
-
-NSS_EXTERN NSSRFC822Name *
-NSSGeneralName_GetRfc822Name
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetDNSName
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * DNS Name, this routine will return a pointer to that DNS name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSDNSName
- */
-
-NSS_EXTERN NSSDNSName *
-NSSGeneralName_GetDNSName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetX400Address
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * X.400 Address, this routine will return a pointer to that Address.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSX400Address
- */
-
-NSS_EXTERN NSSX400Address *
-NSSGeneralName_GetX400Address
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetDirectoryName
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * (directory) Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSName
- */
-
-NSS_EXTERN NSSName *
-NSSGeneralName_GetName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetEdiPartyName
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * EDI Party Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSEdiPartyName
- */
-
-NSS_EXTERN NSSEdiPartyName *
-NSSGeneralName_GetEdiPartyName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetUniformResourceIdentifier
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * URI, this routine will return a pointer to that URI.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSURI
- */
-
-NSS_EXTERN NSSURI *
-NSSGeneralName_GetUniformResourceIdentifier
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetIPAddress
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * IP Address , this routine will return a pointer to that address.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSIPAddress
- */
-
-NSS_EXTERN NSSIPAddress *
-NSSGeneralName_GetIPAddress
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetRegisteredID
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * Registered ID, this routine will return a pointer to that ID.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRegisteredID
- */
-
-NSS_EXTERN NSSRegisteredID *
-NSSGeneralName_GetRegisteredID
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetSpecifiedChoice
- *
- * If the choice underlying the specified NSSGeneralName matches the
- * specified choice, a caller-owned pointer to that underlying object
- * will be returned. Otherwise, an error will be placed on the error
- * stack and NULL will be returned. If the optional arena argument
- * is non-null, the memory required will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. The caller
- * owns the returned pointer. This routine may return NULL upon
- * error, in which caes it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer, which must be typecast
- */
-
-NSS_EXTERN void *
-NSSGeneralName_GetSpecifiedChoice
-(
- NSSGeneralName *generalName,
- NSSGeneralNameChoice choice,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_Compare
- *
- * This routine compares two General Names for equality. For two
- * General Names to be equal, they must have the same choice of
- * underlying types, and the underlying values must be equal. The
- * result of the comparison will be stored at the location pointed
- * to by the "equalp" variable, which must point to a valid PRBool.
- * This routine may return PR_FAILURE upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following value:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSGeneralName_Compare
-(
- NSSGeneralName *generalName1,
- NSSGeneralName *generalName2,
- PRBool *equalp
-);
-
-/*
- * NSSGeneralName_Duplicate
- *
- * This routine duplicates the specified General Name. If the optional
- * arena argument is non-null, the memory required will be obtained
- * from that arena; otherwise, the memory will be obtained from the
- * heap. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new NSSGeneralName
- */
-
-NSS_EXTERN NSSGeneralName *
-NSSGeneralName_Duplicate
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetUID
- *
- * This routine will attempt to derive a user identifier from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished Names containing a UID
- * attribute, the UID will be the value of that attribute. Note
- * that no UID attribute is defined in either PKIX or PKCS#9;
- * rather, this seems to derive from RFC 1274, which defines the
- * type as a caseIgnoreString. We'll return a Directory String.
- * If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_UID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String.
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetUID
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetEmail
- *
- * This routine will attempt to derive an email address from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing either
- * a PKIX email address or a PKCS#9 email address, the result will
- * be the value of that attribute. If the General Name is an RFC 822
- * Name, the result will be the string form of that name. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_EMAIL
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5String */
-NSSGeneralName_GetEmail
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetCommonName
- *
- * This routine will attempt to derive a common name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a PKIX
- * Common Name, the result will be that name. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetCommonName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetOrganization
- *
- * This routine will attempt to derive an organisation name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing an
- * Organization, the result will be the value of that attribute.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ORGANIZATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetOrganization
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetOrganizationalUnits
- *
- * This routine will attempt to derive a sequence of organisational
- * unit names from the specified general name, if the choices and
- * content of the name permit. If the General Name is a (directory)
- * Name consisting of a Sequence of Relative Distinguished names
- * containing one or more organisational units, the result will
- * consist of those units. If the optional arena argument is non-
- * null, the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ORGANIZATIONAL_UNITS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a null-terminated array of UTF8 Strings
- */
-
-NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */
-NSSGeneralName_GetOrganizationalUnits
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetStateOrProvince
- *
- * This routine will attempt to derive a state or province name from
- * the specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a state or
- * province, the result will be the value of that attribute. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_STATE_OR_PROVINCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetStateOrProvince
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetLocality
- *
- * This routine will attempt to derive a locality name from
- * the specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a Locality,
- * the result will be the value of that attribute. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_LOCALITY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetLocality
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetCountry
- *
- * This routine will attempt to derive a country name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting of a
- * Sequence of Relative Distinguished names containing a Country, the
- * result will be the value of that attribute. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_COUNTRY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */
-NSSGeneralName_GetCountry
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetAttribute
- *
- * If the specified general name is a (directory) name consisting
- * of a Sequence of Relative Distinguished Names containing an
- * attribute with the specified type, and the actual value of that
- * attribute may be expressed with a Directory String, then the
- * value of that attribute will be returned as a Directory String.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ATTRIBUTE
- * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetAttribute
-(
- NSSGeneralName *generalName,
- NSSOID *attribute,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralNameSeq
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSGeneralNameSeq_CreateFromBER -- constructor
- * NSSGeneralNameSeq_Create -- constructor
- *
- * NSSGeneralNameSeq_Destroy
- * NSSGeneralNameSeq_GetDEREncoding
- * NSSGeneralNameSeq_AppendGeneralName
- * NSSGeneralNameSeq_GetGeneralNameCount
- * NSSGeneralNameSeq_GetGeneralName
- * NSSGeneralNameSeq_Compare
- * NSSGeneralnameSeq_Duplicate
- */
-
-/*
- * NSSGeneralNameSeq_CreateFromBER
- *
- * This routine creates a general name sequence by decoding a BER-
- * or DER-encoded GeneralNames. If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralNameSeq upon success
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-NSSGeneralNameSeq_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berGeneralNameSeq
-);
-
-/*
- * NSSGeneralNameSeq_Create
- *
- * This routine creates an NSSGeneralNameSeq from one or more General
- * Names. The final argument to this routine must be NULL. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralNameSeq upon success
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-NSSGeneralNameSeq_Create
-(
- NSSArena *arenaOpt,
- NSSGeneralName *generalName1,
- ...
-);
-
-/*
- * NSSGeneralNameSeq_Destroy
- *
- * This routine will destroy an NSSGeneralNameSeq object. It should
- * eventually be called on all NSSGeneralNameSeqs created without an
- * arena. While it is not necessary to call it on NSSGeneralNameSeq's
- * created within an arena, it is not an error to do so. This routine
- * returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSGeneralNameSeq_Destroy
-(
- NSSGeneralNameSeq *generalNameSeq
-);
-
-/*
- * NSSGeneralNameSeq_GetDEREncoding
- *
- * This routine will DER-encode an NSSGeneralNameSeq object. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSGeneralNameSeq
- */
-
-NSS_EXTERN NSSDER *
-NSSGeneralNameSeq_GetDEREncoding
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralNameSeq_AppendGeneralName
- *
- * This routine appends a General Name to the end of the existing
- * General Name Sequence. If the sequence was created with a non-null
- * arena argument, that same arena will be used for any additional
- * required memory. If the sequence was created with a NULL arena
- * argument, any additional memory will be obtained from the heap.
- * This routine returns a PRStatus value; it will return PR_SUCCESS
- * upon success, and upon failure it will create an error stack and
- * return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure.
- */
-
-NSS_EXTERN PRStatus
-NSSGeneralNameSeq_AppendGeneralName
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSGeneralName *generalName
-);
-
-/*
- * NSSGeneralNameSeq_GetGeneralNameCount
- *
- * This routine returns the cardinality of the specified General name
- * Sequence. This routine may return 0 upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- *
- * Return value;
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-NSSGeneralNameSeq_GetGeneralNameCount
-(
- NSSGeneralNameSeq *generalNameSeq
-);
-
-/*
- * NSSGeneralNameSeq_GetGeneralName
- *
- * This routine returns a pointer to the i'th General Name in the
- * specified General Name Sequence. The value of the variable 'i' is
- * on the range [0,c) where c is the cardinality returned from
- * NSSGeneralNameSeq_GetGeneralNameCount. The caller owns the General
- * Name the pointer to which is returned. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to a General Name.
- */
-
-NSS_EXTERN NSSGeneralName *
-NSSGeneralNameSeq_GetGeneralName
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * NSSGeneralNameSeq_Compare
- *
- * This routine compares two General Name Sequences for equality. For
- * two General Name Sequences to be equal, they must have the same
- * cardinality, and each General Name in one sequence must be equal to
- * the corresponding General Name in the other. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSGeneralNameSeq_Compare
-(
- NSSGeneralNameSeq *generalNameSeq1,
- NSSGeneralNameSeq *generalNameSeq2,
- PRBool *equalp
-);
-
-/*
- * NSSGeneralNameSeq_Duplicate
- *
- * This routine duplicates the specified sequence of general names. If
- * the optional arena argument is non-null, the memory required will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new General Name Sequence.
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-NSSGeneralNameSeq_Duplicate
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt
-);
-
-PR_END_EXTERN_C
-
-#endif /* NSSPT1M_H */
diff --git a/security/nss/lib/pki1/nsspki1t.h b/security/nss/lib/pki1/nsspki1t.h
deleted file mode 100644
index 8765a3ad3..000000000
--- a/security/nss/lib/pki1/nsspki1t.h
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSPKI1T_H
-#define NSSPKI1T_H
-
-#ifdef DEBUG
-static const char NSSPKI1T_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nsspki1t.h
- *
- * This file contains the public type definitions for the PKIX part-1
- * objects.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * OBJECT IDENTIFIER
- *
- * This is the basic OID that crops up everywhere.
- */
-
-struct NSSOIDStr;
-typedef struct NSSOIDStr NSSOID;
-
-/*
- * AttributeTypeAndValue
- *
- * This structure contains an attribute type (indicated by an OID),
- * and the type-specific value. RelativeDistinguishedNamess consist
- * of a set of these. These are distinct from Attributes (which have
- * SET of values), from AttributeDescriptions (which have qualifiers
- * on the types), and from AttributeValueAssertions (which assert a
- * a value comparison under some matching rule).
- */
-
-struct NSSATAVStr;
-typedef struct NSSATAVStr NSSATAV;
-
-/*
- * RelativeDistinguishedName
- *
- * This structure contains an unordered set of AttributeTypeAndValue
- * objects. RDNs are used to distinguish a set of objects underneath
- * a common object.
- *
- * Often, a single ATAV is sufficient to make a unique distinction.
- * For example, if a company assigns its people unique uid values,
- * then in the Name "uid=smith,ou=People,o=Acme,c=US" the "uid=smith"
- * ATAV by itself forms an RDN. However, sometimes a set of ATAVs is
- * needed. For example, if a company needed to distinguish between
- * two Smiths by specifying their corporate divisions, then in the
- * Name "(cn=Smith,ou=Sales),ou=People,o=Acme,c=US" the parenthesised
- * set of ATAVs forms the RDN.
- */
-
-struct NSSRDNStr;
-typedef struct NSSRDNStr NSSRDN;
-
-/*
- * RDNSequence
- *
- * This structure contains a sequence of RelativeDistinguishedName
- * objects.
- */
-
-struct NSSRDNSeqStr;
-typedef struct NSSRDNSeqStr NSSRDNSeq;
-
-/*
- * Name
- *
- * This structure contains a union of the possible name formats,
- * which at the moment is limited to an RDNSequence.
- */
-
-struct NSSNameStr;
-typedef struct NSSNameStr NSSName;
-
-/*
- * NameChoice
- *
- * This enumeration is used to specify choice within a name.
- */
-
-enum NSSNameChoiceEnum {
- NSSNameChoiceInvalid = -1,
- NSSNameChoiceRdnSequence
-};
-typedef enum NSSNameChoiceEnum NSSNameChoice;
-
-/*
- * GeneralName
- *
- * This structure contains a union of the possible general names,
- * of which there are several.
- */
-
-struct NSSGeneralNameStr;
-typedef struct NSSGeneralNameStr NSSGeneralName;
-
-/*
- * GeneralNameChoice
- *
- * This enumerates the possible general name types.
- */
-
-enum NSSGeneralNameChoiceEnum {
- NSSGeneralNameChoiceInvalid = -1,
- NSSGeneralNameChoiceOtherName = 0,
- NSSGeneralNameChoiceRfc822Name = 1,
- NSSGeneralNameChoiceDNSName = 2,
- NSSGeneralNameChoiceX400Address = 3,
- NSSGeneralNameChoiceDirectoryName = 4,
- NSSGeneralNameChoiceEdiPartyName = 5,
- NSSGeneralNameChoiceUniformResourceIdentifier = 6,
- NSSGeneralNameChoiceIPAddress = 7,
- NSSGeneralNameChoiceRegisteredID = 8
-};
-typedef enum NSSGeneralNameChoiceEnum NSSGeneralNameChoice;
-
-/*
- * The "other" types of general names.
- */
-
-struct NSSOtherNameStr;
-typedef struct NSSOtherNameStr NSSOtherName;
-
-struct NSSRFC822NameStr;
-typedef struct NSSRFC822NameStr NSSRFC822Name;
-
-struct NSSDNSNameStr;
-typedef struct NSSDNSNameStr NSSDNSName;
-
-struct NSSX400AddressStr;
-typedef struct NSSX400AddressStr NSSX400Address;
-
-struct NSSEdiPartyNameStr;
-typedef struct NSSEdiPartyNameStr NSSEdiPartyName;
-
-struct NSSURIStr;
-typedef struct NSSURIStr NSSURI;
-
-struct NSSIPAddressStr;
-typedef struct NSSIPAddressStr NSSIPAddress;
-
-struct NSSRegisteredIDStr;
-typedef struct NSSRegisteredIDStr NSSRegisteredID;
-
-/*
- * GeneralNameSeq
- *
- * This structure contains a sequence of GeneralName objects.
- * Note that the PKIX documents refer to this as "GeneralNames,"
- * which differs from "GeneralName" by only one letter. To
- * try to reduce confusion, we expand the name slightly to
- * "GeneralNameSeq."
- */
-
-struct NSSGeneralNameSeqStr;
-typedef struct NSSGeneralNameSeqStr NSSGeneralNameSeq;
-
-PR_END_EXTERN_C
-
-#endif /* NSSPKI1T_H */
diff --git a/security/nss/lib/pki1/oid.c b/security/nss/lib/pki1/oid.c
deleted file mode 100644
index c4028a803..000000000
--- a/security/nss/lib/pki1/oid.c
+++ /dev/null
@@ -1,1615 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * oid.c
- *
- * This file contains the implementation of the basic OID routines.
- */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-#include "plhash.h"
-#include "plstr.h"
-
-/*
- * NSSOID
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSOID_CreateFromBER -- constructor
- * NSSOID_CreateFromUTF8 -- constructor
- * (there is no explicit destructor)
- *
- * NSSOID_GetDEREncoding
- * NSSOID_GetUTF8Encoding
-
- * The non-public "methods" regarding this "object" are:
- *
- * nssOID_CreateFromBER -- constructor
- * nssOID_CreateFromUTF8 -- constructor
- * (there is no explicit destructor)
- *
- * nssOID_GetDEREncoding
- * nssOID_GetUTF8Encoding
- *
- * In debug builds, the following non-public calls are also available:
- *
- * nssOID_verifyPointer
- * nssOID_getExplanation
- * nssOID_getTaggedUTF8
- */
-
-const NSSOID *NSS_OID_UNKNOWN = (NSSOID *)NULL;
-
-/*
- * First, the public "wrappers"
- */
-
-/*
- * NSSOID_CreateFromBER
- *
- * This routine creates an NSSOID by decoding a BER- or DER-encoded
- * OID. It may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-NSSOID_CreateFromBER
-(
- NSSBER *berOid
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- /*
- * NSSBERs can be created by the user,
- * so no pointer-tracking can be checked.
- */
-
- if( (NSSBER *)NULL == berOid ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSOID *)NULL;
- }
-
- if( (void *)NULL == berOid->data ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSOID *)NULL;
- }
-#endif /* DEBUG */
-
- return nssOID_CreateFromBER(berOid);
-}
-
-/*
- * NSSOID_CreateFromUTF8
- *
- * This routine creates an NSSOID by decoding a UTF8 string
- * representation of an OID in dotted-number format. The string may
- * optionally begin with an octothorpe. It may return NULL
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-NSSOID_CreateFromUTF8
-(
- NSSUTF8 *stringOid
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- /*
- * NSSUTF8s can be created by the user,
- * so no pointer-tracking can be checked.
- */
-
- if( (NSSUTF8 *)NULL == stringOid ) {
- nss_SetError(NSS_ERROR_INVALID_UTF8);
- return (NSSOID *)NULL;
- }
-#endif /* DEBUG */
-
- return nssOID_CreateFromUTF8(stringOid);
-}
-
-/*
- * NSSOID_GetDEREncoding
- *
- * This routine returns the DER encoding of the specified NSSOID.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return return null upon error, in
- * which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSOID
- */
-
-NSS_EXTERN NSSDER *
-NSSOID_GetDEREncoding
-(
- const NSSOID *oid,
- NSSDER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSDER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssOID_GetDEREncoding(oid, rvOpt, arenaOpt);
-}
-
-/*
- * NSSOID_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing the dotted-number
- * encoding of the specified NSSOID. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return null upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the dotted-digit encoding of
- * this NSSOID
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSOID_GetUTF8Encoding
-(
- const NSSOID *oid,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssOID_GetUTF8Encoding(oid, arenaOpt);
-}
-
-/*
- * Next, some internal bookkeeping; including the OID "tag" table
- * and the debug-version pointer tracker.
- */
-
-/*
- * For implementation reasons (so NSSOIDs can be compared with ==),
- * we hash all NSSOIDs. This is the hash table.
- */
-
-static PLHashTable *oid_hash_table;
-
-/*
- * And this is its lock.
- */
-
-static PRLock *oid_hash_lock;
-
-/*
- * This is the hash function. We simply XOR the encoded form with
- * itself in sizeof(PLHashNumber)-byte chunks. Improving this
- * routine is left as an excercise for the more mathematically
- * inclined student.
- */
-
-static PR_CALLBACK PLHashNumber
-oid_hash
-(
- const void *key
-)
-{
- const NSSItem *item = (const NSSItem *)key;
- PLHashNumber rv = 0;
-
- PRUint8 *data = (PRUint8 *)item->data;
- PRUint32 i;
- PRUint8 *rvc = (PRUint8 *)&rv;
-
- for( i = 0; i < item->size; i++ ) {
- rvc[ i % sizeof(rv) ] ^= *data;
- data++;
- }
-
- return rv;
-}
-
-/*
- * This is the key-compare function. It simply does a lexical
- * comparison on the encoded OID form. This does not result in
- * quite the same ordering as the "sequence of numbers" order,
- * but heck it's only used internally by the hash table anyway.
- */
-
-static PR_CALLBACK PRIntn
-oid_hash_compare
-(
- const void *k1,
- const void *k2
-)
-{
- PRIntn rv;
-
- const NSSItem *i1 = (const NSSItem *)k1;
- const NSSItem *i2 = (const NSSItem *)k2;
-
- PRUint32 size = (i1->size < i2->size) ? i1->size : i2->size;
-
- rv = (PRIntn)nsslibc_memcmp(i1->data, i2->data, size, (PRStatus *)NULL);
- if( 0 == rv ) {
- rv = i1->size - i2->size;
- }
-
- return !rv;
-}
-
-/*
- * The pointer-tracking code
- */
-
-#ifdef DEBUG
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker oid_pointer_tracker;
-
-static PRStatus
-oid_add_pointer
-(
- const NSSOID *oid
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&oid_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&oid_pointer_tracker, oid);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- return PR_SUCCESS;
-}
-
-#if defined(CAN_DELETE_OIDS)
-/*
- * We actually don't define NSSOID deletion, since we keep OIDs
- * in a hash table for easy comparison. Were we to, this is
- * what the pointer-removal function would look like.
- */
-
-static PRStatus
-oid_remove_pointer
-(
- const NSSOID *oid
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&oid_pointer_tracker, oid);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
-}
-#endif /* CAN_DELETE_OIDS */
-
-#endif /* DEBUG */
-
-/*
- * All dynamically-added OIDs get their memory from one statically-
- * declared arena here, merely so that any cleanup code will have
- * an easier time of it.
- */
-
-static NSSArena *oid_arena;
-
-/*
- * This is the call-once function which initializes the hashtable.
- * It creates it, then prepopulates it with all of the builtin OIDs.
- * It also creates the aforementioned NSSArena.
- */
-
-static PR_CALLBACK PRStatus
-oid_once_func
-(
- void
-)
-{
- PRUint32 i;
-
- /* Initialize the arena */
- oid_arena = nssArena_Create();
- if( (NSSArena *)NULL == oid_arena ) {
- goto loser;
- }
-
- /* Create the hash table lock */
- oid_hash_lock = PR_NewLock();
- if( (PRLock *)NULL == oid_hash_lock ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* Create the hash table */
- oid_hash_table = PL_NewHashTable(0, oid_hash, oid_hash_compare,
- PL_CompareValues,
- (PLHashAllocOps *)0,
- (void *)0);
- if( (PLHashTable *)NULL == oid_hash_table ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* And populate it with all the builtins */
- for( i = 0; i < nss_builtin_oid_count; i++ ) {
- NSSOID *oid = (NSSOID *)&nss_builtin_oids[i];
- PLHashEntry *e = PL_HashTableAdd(oid_hash_table, &oid->data, oid);
- if( (PLHashEntry *)NULL == e ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- goto loser;
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != oid_add_pointer(oid) ) {
- goto loser;
- }
-#endif /* DEBUG */
- }
-
- return PR_SUCCESS;
-
- loser:
- if( (PLHashTable *)NULL != oid_hash_table ) {
- PL_HashTableDestroy(oid_hash_table);
- oid_hash_table = (PLHashTable *)NULL;
- }
-
- if( (PRLock *)NULL != oid_hash_lock ) {
- PR_DestroyLock(oid_hash_lock);
- oid_hash_lock = (PRLock *)NULL;
- }
-
- if( (NSSArena *)NULL != oid_arena ) {
- (void)nssArena_Destroy(oid_arena);
- oid_arena = (NSSArena *)NULL;
- }
-
- return PR_FAILURE;
-}
-
-/*
- * This is NSPR's once-block.
- */
-
-static PRCallOnceType oid_call_once;
-
-/*
- * And this is our multiply-callable internal init routine, which
- * will call-once our call-once function.
- */
-
-static PRStatus
-oid_init
-(
- void
-)
-{
- return PR_CallOnce(&oid_call_once, oid_once_func);
-}
-
-#ifdef DEBUG
-
-/*
- * nssOID_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSOID object,
- * this routine will return PR_SUCCESS. Otherwise, it will put an
- * error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssOID_verifyPointer
-(
- const NSSOID *oid
-)
-{
- PRStatus rv;
-
- rv = oid_init();
- if( PR_SUCCESS != rv ) {
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_initialize(&oid_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&oid_pointer_tracker, oid);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_NSSOID);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-#endif /* DEBUG */
-
-/*
- * oid_sanity_check_ber
- *
- * This routine merely applies some sanity-checking to the BER-encoded
- * OID.
- */
-
-static PRStatus
-oid_sanity_check_ber
-(
- NSSBER *berOid
-)
-{
- PRUint32 i;
- PRUint8 *data = (PRUint8 *)berOid->data;
-
- /*
- * The size must be longer than zero bytes.
- */
-
- if( berOid->size <= 0 ) {
- return PR_FAILURE;
- }
-
- /*
- * In general, we can't preclude any number from showing up
- * someday. We could probably guess that top-level numbers
- * won't get very big (beyond the current ccitt(0), iso(1),
- * or joint-ccitt-iso(2)). However, keep in mind that the
- * encoding rules wrap the first two numbers together, as
- *
- * (first * 40) + second
- *
- * Also, it is noted in the specs that this implies that the
- * second number won't go above forty.
- *
- * 128 encodes 3.8, which seems pretty safe for now. Let's
- * check that the first byte is less than that.
- *
- * XXX This is a "soft check" -- we may want to exclude it.
- */
-
- if( data[0] >= 0x80 ) {
- return PR_FAILURE;
- }
-
- /*
- * In a normalised format, leading 0x80s will never show up.
- * This means that no 0x80 will be preceeded by the final
- * byte of a sequence, which would naturaly be less than 0x80.
- * Our internal encoding for the single-digit OIDs uses 0x80,
- * but the only places we use them (loading the builtin table,
- * and adding a UTF8-encoded OID) bypass this check.
- */
-
- for( i = 1; i < berOid->size; i++ ) {
- if( (0x80 == data[i]) && (data[i-1] < 0x80) ) {
- return PR_FAILURE;
- }
- }
-
- /*
- * The high bit of each octet indicates that following octets
- * are included in the current number. Thus the last byte can't
- * have the high bit set.
- */
-
- if( data[ berOid->size-1 ] >= 0x80 ) {
- return PR_FAILURE;
- }
-
- /*
- * Other than that, any byte sequence is legit.
- */
- return PR_SUCCESS;
-}
-
-/*
- * nssOID_CreateFromBER
- *
- * This routine creates an NSSOID by decoding a BER- or DER-encoded
- * OID. It may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-nssOID_CreateFromBER
-(
- NSSBER *berOid
-)
-{
- NSSOID *rv;
- PLHashEntry *e;
-
- if( PR_SUCCESS != oid_init() ) {
- return (NSSOID *)NULL;
- }
-
- if( PR_SUCCESS != oid_sanity_check_ber(berOid) ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSOID *)NULL;
- }
-
- /*
- * Does it exist?
- */
- PR_Lock(oid_hash_lock);
- rv = (NSSOID *)PL_HashTableLookup(oid_hash_table, berOid);
- (void)PR_Unlock(oid_hash_lock);
- if( (NSSOID *)NULL != rv ) {
- /* Found it! */
- return rv;
- }
-
- /*
- * Doesn't exist-- create it.
- */
- rv = nss_ZNEW(oid_arena, NSSOID);
- if( (NSSOID *)NULL == rv ) {
- return (NSSOID *)NULL;
- }
-
- rv->data.data = nss_ZAlloc(oid_arena, berOid->size);
- if( (void *)NULL == rv->data.data ) {
- return (NSSOID *)NULL;
- }
-
- rv->data.size = berOid->size;
- nsslibc_memcpy(rv->data.data, berOid->data, berOid->size);
-
-#ifdef DEBUG
- rv->tag = "<runtime>";
- rv->expl = "(OID registered at runtime)";
-#endif /* DEBUG */
-
- PR_Lock(oid_hash_lock);
- e = PL_HashTableAdd(oid_hash_table, &rv->data, rv);
- (void)PR_Unlock(oid_hash_lock);
- if( (PLHashEntry *)NULL == e ) {
- nss_ZFreeIf(rv->data.data);
- nss_ZFreeIf(rv);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSOID *)NULL;
- }
-
-#ifdef DEBUG
- {
- PRStatus st;
- st = oid_add_pointer(rv);
- if( PR_SUCCESS != st ) {
- PR_Lock(oid_hash_lock);
- (void)PL_HashTableRemove(oid_hash_table, &rv->data);
- (void)PR_Unlock(oid_hash_lock);
- (void)nss_ZFreeIf(rv->data.data);
- (void)nss_ZFreeIf(rv);
- return (NSSOID *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return rv;
-}
-
-/*
- * oid_sanity_check_utf8
- *
- * This routine merely applies some sanity-checking to the
- * UTF8-encoded OID.
- */
-
-static PRStatus
-oid_sanity_check_utf8
-(
- NSSUTF8 *s
-)
-{
- /*
- * It may begin with an octothorpe, which we skip.
- */
-
- if( '#' == *s ) {
- s++;
- }
-
- /*
- * It begins with a number
- */
-
- if( (*s < '0') || (*s > '9') ) {
- return PR_FAILURE;
- }
-
- /*
- * First number is only one digit long
- *
- * XXX This is a "soft check" -- we may want to exclude it
- */
-
- if( (s[1] != '.') && (s[1] != '\0') ) {
- return PR_FAILURE;
- }
-
- /*
- * Every character is either a digit or a period
- */
-
- for( ; '\0' != *s; s++ ) {
- if( ('.' != *s) && ((*s < '0') || (*s > '9')) ) {
- return PR_FAILURE;
- }
-
- /* No two consecutive periods */
- if( ('.' == *s) && ('.' == s[1]) ) {
- return PR_FAILURE;
- }
- }
-
- /*
- * The last character isn't a period
- */
-
- if( '.' == *--s ) {
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-static PRUint32
-oid_encode_number
-(
- PRUint32 n,
- PRUint8 *dp,
- PRUint32 nb
-)
-{
- PRUint32 a[5];
- PRUint32 i;
- PRUint32 rv;
-
- a[0] = (n >> 28) & 0x7f;
- a[1] = (n >> 21) & 0x7f;
- a[2] = (n >> 14) & 0x7f;
- a[3] = (n >> 7) & 0x7f;
- a[4] = n & 0x7f;
-
- for( i = 0; i < 5; i++ ) {
- if( 0 != a[i] ) {
- break;
- }
- }
-
- if( 5 == i ) {
- i--;
- }
-
- rv = 5-i;
- if( rv > nb ) {
- return rv;
- }
-
- for( ; i < 4; i++ ) {
- *dp = 0x80 | a[i];
- dp++;
- }
-
- *dp = a[4];
-
- return rv;
-}
-
-/*
- * oid_encode_huge
- *
- * This routine will convert a huge decimal number into the DER
- * encoding for oid numbers. It is not limited to numbers that will
- * fit into some wordsize, like oid_encode_number. But it's not
- * necessarily very fast, either. This is here in case some joker
- * throws us an ASCII oid like 1.2.3.99999999999999999999999999.
- */
-
-static PRUint32
-oid_encode_huge
-(
- NSSUTF8 *s,
- NSSUTF8 *e,
- PRUint8 *dp,
- PRUint32 nb
-)
-{
- PRUint32 slen = (e-s);
- PRUint32 blen = (slen+1)/2;
- PRUint8 *st = (PRUint8 *)NULL;
- PRUint8 *bd = (PRUint8 *)NULL;
- PRUint32 i;
- PRUint32 bitno;
- PRUint8 *last;
- PRUint8 *first;
- PRUint32 byteno;
- PRUint8 mask;
-
- /* We'll be munging the data, so duplicate it */
- st = (PRUint8 *)nss_ZAlloc((NSSArena *)NULL, slen);
- if( (PRUint8 *)NULL == st ) {
- return 0;
- }
-
- /* Don't know ahead of time exactly how long we'll need */
- bd = (PRUint8 *)nss_ZAlloc((NSSArena *)NULL, blen);
- if( (PRUint8 *)NULL == bd ) {
- (void)nss_ZFreeIf(st);
- return 0;
- }
-
- /* Copy the original, and convert ASCII to numbers */
- for( i = 0; i < slen; i++ ) {
- st[i] = (PRUint8)(s[i] - '0');
- }
-
- last = &st[slen-1];
- first = &st[0];
-
- /*
- * The way we create the binary version is by looking at it
- * bit by bit. Start with the least significant bit. If the
- * number is odd, set that bit. Halve the number (with integer
- * division), and go to the next least significant bit. Keep
- * going until the number goes to zero.
- */
- for( bitno = 0; ; bitno++ ) {
- PRUint8 *d;
-
- byteno = bitno/7;
- mask = (PRUint8)(1 << (bitno%7));
-
- /* Skip leading zeroes */
- for( ; first < last; first ++ ) {
- if( 0 != *first ) {
- break;
- }
- }
-
- /* Down to one number and it's a zero? Done. */
- if( (first == last) && (0 == *last) ) {
- break;
- }
-
- /* Last digit is odd? Set the bit */
- if( *last & 1 ) {
- bd[ byteno ] |= mask;
- }
-
-
- /*
- * Divide the number in half. This is just a matter
- * of going from the least significant digit upwards,
- * halving each one. If any digit is odd (other than
- * the last, which has already been handled), add five
- * to the digit to its right.
- */
- *last /= 2;
-
- for( d = &last[-1]; d >= first; d-- ) {
- if( *d & 1 ) {
- d[1] += 5;
- }
-
- *d /= 2;
- }
- }
-
- /* Is there room to write the encoded data? */
- if( (byteno+1) > nb ) {
- return (byteno+1);
- }
-
- /* Trim any leading zero that crept in there */
- for( ; byteno > 0; byteno-- ) {
- if( 0 != bd[ byteno ] ) {
- break;
- }
- }
-
- /* Copy all but the last, marking the "continue" bit */
- for( i = 0; i < byteno; i++ ) {
- dp[i] = bd[ byteno-i ] | 0x80;
- }
- /* And the last with the "continue" bit clear */
- dp[byteno] = bd[0];
-
- (void)nss_ZFreeIf(bd);
- (void)nss_ZFreeIf(st);
- return (byteno+1);
-}
-
-/*
- * oid_encode_string
- *
- * This routine converts a dotted-number OID into a DER-encoded
- * one. It assumes we've already sanity-checked the string.
- */
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static NSSOID *
-oid_encode_string
-(
- NSSUTF8 *s
-)
-{
- PRUint32 nn = 0; /* number of numbers */
- PRUint32 nb = 0; /* number of bytes (estimated) */
- NSSUTF8 *t;
- PRUint32 nd = 0; /* number of digits */
- NSSOID *rv;
- PRUint8 *dp;
- PRUint32 a, b;
- PRUint32 inc;
-
- /* Dump any octothorpe */
- if( '#' == *s ) {
- s++;
- }
-
- /* Count up the bytes needed */
- for( t = s; '\0' != *t; t++ ) {
- if( '.' == *t ) {
- nb += (nd+1)/2; /* errs on the big side */
- nd = 0;
- nn++;
- } else {
- nd++;
- }
- }
- nb += (nd+1)/2;
- nn++;
-
- if( 1 == nn ) {
- /*
- * We have our own "denormalised" encoding for these,
- * which is only used internally.
- */
- nb++;
- }
-
- /*
- * Allocate. Note that we don't use the oid_arena here.. this is
- * because there really isn't a "free()" for stuff allocated out of
- * arenas (at least with the current implementation), so this would
- * keep using up memory each time a UTF8-encoded OID were added.
- * If need be (if this is the first time this oid has been seen),
- * we'll copy it.
- */
- rv = nss_ZNEW((NSSArena *)NULL, NSSOID);
- if( (NSSOID *)NULL == rv ) {
- return (NSSOID *)NULL;
- }
-
- rv->data.data = nss_ZAlloc((NSSArena *)NULL, nb);
- if( (void *)NULL == rv->data.data ) {
- (void)nss_ZFreeIf(rv);
- return (NSSOID *)NULL;
- }
-
- dp = (PRUint8 *)rv->data.data;
-
- a = atoi(s);
-
- if( 1 == nn ) {
- dp[0] = '\x80';
- inc = oid_encode_number(a, &dp[1], nb-1);
- if( inc >= nb ) {
- goto loser;
- }
- } else {
- for( t = s; '.' != *t; t++ ) {
- ;
- }
-
- t++;
- b = atoi(t);
- inc = oid_encode_number(a*40+b, dp, nb);
- if( inc > nb ) {
- goto loser;
- }
- dp += inc;
- nb -= inc;
- nn -= 2;
-
- while( nn-- > 0 ) {
- NSSUTF8 *u;
-
- for( ; '.' != *t; t++ ) {
- ;
- }
-
- t++;
-
- for( u = t; ('\0' != *u) && ('.' != *u); u++ ) {
- ;
- }
-
- if( (u-t > 9) ) {
- /* In the billions. Rats. */
- inc = oid_encode_huge(t, u, dp, nb);
- } else {
- b = atoi(t);
- inc = oid_encode_number(b, dp, nb);
- }
-
- if( inc > nb ) {
- goto loser;
- }
- dp += inc;
- nb -= inc;
- }
- }
-
- return rv;
-
- loser:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return (NSSOID *)NULL;
-}
-
-/*
- * nssOID_CreateFromUTF8
- *
- * This routine creates an NSSOID by decoding a UTF8 string
- * representation of an OID in dotted-number format. The string may
- * optionally begin with an octothorpe. It may return NULL
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-nssOID_CreateFromUTF8
-(
- NSSUTF8 *stringOid
-)
-{
- NSSOID *rv = (NSSOID *)NULL;
- NSSOID *candidate = (NSSOID *)NULL;
- PLHashEntry *e;
-
- if( PR_SUCCESS != oid_init() ) {
- return (NSSOID *)NULL;
- }
-
- if( PR_SUCCESS != oid_sanity_check_utf8(stringOid) ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSOID *)NULL;
- }
-
- candidate = oid_encode_string(stringOid);
- if( (NSSOID *)NULL == candidate ) {
- /* Internal error only */
- return rv;
- }
-
- /*
- * Does it exist?
- */
- PR_Lock(oid_hash_lock);
- rv = (NSSOID *)PL_HashTableLookup(oid_hash_table, &candidate->data);
- (void)PR_Unlock(oid_hash_lock);
- if( (NSSOID *)NULL != rv ) {
- /* Already exists. Delete my copy and return the original. */
- (void)nss_ZFreeIf(candidate->data.data);
- (void)nss_ZFreeIf(candidate);
- return rv;
- }
-
- /*
- * Nope. Add it. Remember to allocate it out of the oid arena.
- */
-
- rv = nss_ZNEW(oid_arena, NSSOID);
- if( (NSSOID *)NULL == rv ) {
- goto loser;
- }
-
- rv->data.data = nss_ZAlloc(oid_arena, candidate->data.size);
- if( (void *)NULL == rv->data.data ) {
- goto loser;
- }
-
- rv->data.size = candidate->data.size;
- nsslibc_memcpy(rv->data.data, candidate->data.data, rv->data.size);
-
- (void)nss_ZFreeIf(candidate->data.data);
- (void)nss_ZFreeIf(candidate);
-
-#ifdef DEBUG
- rv->tag = "<runtime>";
- rv->expl = "(OID registered at runtime)";
-#endif /* DEBUG */
-
- PR_Lock(oid_hash_lock);
- e = PL_HashTableAdd(oid_hash_table, &rv->data, rv);
- (void)PR_Unlock(oid_hash_lock);
- if( (PLHashEntry *)NULL == e ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- goto loser;
- }
-
-#ifdef DEBUG
- {
- PRStatus st;
- st = oid_add_pointer(rv);
- if( PR_SUCCESS != st ) {
- PR_Lock(oid_hash_lock);
- (void)PL_HashTableRemove(oid_hash_table, &rv->data);
- (void)PR_Unlock(oid_hash_lock);
- goto loser;
- }
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (NSSOID *)NULL != candidate ) {
- (void)nss_ZFreeIf(candidate->data.data);
- }
- (void)nss_ZFreeIf(candidate);
-
- if( (NSSOID *)NULL != rv ) {
- (void)nss_ZFreeIf(rv->data.data);
- }
- (void)nss_ZFreeIf(rv);
-
- return (NSSOID *)NULL;
-}
-
-/*
- * nssOID_GetDEREncoding
- *
- * This routine returns the DER encoding of the specified NSSOID.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return return null upon error, in
- * which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSOID
- */
-
-NSS_EXTERN NSSDER *
-nssOID_GetDEREncoding
-(
- const NSSOID *oid,
- NSSDER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- const NSSItem *it;
- NSSDER *rv;
-
- if( PR_SUCCESS != oid_init() ) {
- return (NSSDER *)NULL;
- }
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSDER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- it = &oid->data;
-
- if( (NSSDER *)NULL == rvOpt ) {
- rv = nss_ZNEW(arenaOpt, NSSDER);
- if( (NSSDER *)NULL == rv ) {
- return (NSSDER *)NULL;
- }
- } else {
- rv = rvOpt;
- }
-
- rv->data = nss_ZAlloc(arenaOpt, it->size);
- if( (void *)NULL == rv->data ) {
- if( rv != rvOpt ) {
- (void)nss_ZFreeIf(rv);
- }
- return (NSSDER *)NULL;
- }
-
- rv->size = it->size;
- nsslibc_memcpy(rv->data, it->data, it->size);
-
- return rv;
-}
-
-/*
- * nssOID_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing the dotted-number
- * encoding of the specified NSSOID. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return null upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the dotted-digit encoding of
- * this NSSOID
- */
-
-NSS_EXTERN NSSUTF8 *
-nssOID_GetUTF8Encoding
-(
- const NSSOID *oid,
- NSSArena *arenaOpt
-)
-{
- NSSUTF8 *rv;
- PRUint8 *end;
- PRUint8 *d;
- PRUint8 *e;
- char *a;
- char *b;
- PRUint32 len;
-
- if( PR_SUCCESS != oid_init() ) {
- return (NSSUTF8 *)NULL;
- }
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- a = (char *)NULL;
-
- /* d will point to the next sequence of bytes to decode */
- d = (PRUint8 *)oid->data.data;
- /* end points to one past the legitimate data */
- end = &d[ oid->data.size ];
-
-#ifdef NSSDEBUG
- /*
- * Guarantee that the for(e=d;e<end;e++) loop below will
- * terminate. Our BER sanity-checking code above will prevent
- * such a BER from being registered, so the only other way one
- * might show up is if our dotted-decimal encoder above screws
- * up or our generated list is wrong. So I'll wrap it with
- * #ifdef NSSDEBUG and #endif.
- */
- if( end[-1] & 0x80 ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return (NSSUTF8 *)NULL;
- }
-#endif /* NSSDEBUG */
-
- /*
- * Check for our pseudo-encoded single-digit OIDs
- */
- if( (*d == 0x80) && (2 == oid->data.size) ) {
- /* Funky encoding. The second byte is the number */
- a = PR_smprintf("%lu", (PRUint32)d[1]);
- if( (char *)NULL == a ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
- goto done;
- }
-
- for( ; d < end; d = &e[1] ) {
-
- for( e = d; e < end; e++ ) {
- if( 0 == (*e & 0x80) ) {
- break;
- }
- }
-
- if( ((e-d) > 4) || (((e-d) == 4) && (*d & 0x70)) ) {
- /* More than a 32-bit number */
- } else {
- PRUint32 n = 0;
-
- switch( e-d ) {
- case 4:
- n |= ((PRUint32)(e[-4] & 0x0f)) << 28;
- case 3:
- n |= ((PRUint32)(e[-3] & 0x7f)) << 21;
- case 2:
- n |= ((PRUint32)(e[-2] & 0x7f)) << 14;
- case 1:
- n |= ((PRUint32)(e[-1] & 0x7f)) << 7;
- case 0:
- n |= ((PRUint32)(e[-0] & 0x7f)) ;
- }
-
- if( (char *)NULL == a ) {
- /* This is the first number.. decompose it */
- PRUint32 one = (n/40), two = (n%40);
-
- a = PR_smprintf("%lu.%lu", one, two);
- if( (char *)NULL == a ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
- } else {
- b = PR_smprintf("%s.%lu", a, n);
- if( (char *)NULL == b ) {
- PR_smprintf_free(a);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-
- PR_smprintf_free(a);
- a = b;
- }
- }
- }
-
- done:
- /*
- * Even if arenaOpt is NULL, we have to copy the data so that
- * it'll be freed with the right version of free: ours, not
- * PR_smprintf_free's.
- */
- len = PL_strlen(a);
- rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len);
- if( (NSSUTF8 *)NULL == rv ) {
- PR_smprintf_free(a);
- return (NSSUTF8 *)NULL;
- }
-
- nsslibc_memcpy(rv, a, len);
- PR_smprintf_free(a);
-
- return rv;
-}
-
-/*
- * nssOID_getExplanation
- *
- * This method is only present in debug builds.
- *
- * This routine will return a static pointer to a UTF8-encoded string
- * describing (in English) the specified OID. The memory pointed to
- * by the return value is not owned by the caller, and should not be
- * freed or modified. Note that explanations are only provided for
- * the OIDs built into the NSS library; there is no way to specify an
- * explanation for dynamically created OIDs. This routine is intended
- * only for use in debugging tools such as "derdump." This routine
- * may return null upon error, in which case it will have placed an
- * error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- *
- * Return value:
- * NULL upon error
- * A static pointer to a readonly, non-caller-owned UTF8-encoded
- * string explaining the specified OID.
- */
-
-#ifdef DEBUG
-NSS_EXTERN const NSSUTF8 *
-nssOID_getExplanation
-(
- NSSOID *oid
-)
-{
- if( PR_SUCCESS != oid_init() ) {
- return (const NSSUTF8 *)NULL;
- }
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSUTF8 *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return oid->expl;
-}
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-#endif /* DEBUG */
-
-/*
- * nssOID_getTaggedUTF8
- *
- * This method is only present in debug builds.
- *
- * This routine will return a pointer to a caller-owned UTF8-encoded
- * string containing a tagged encoding of the specified OID. Note
- * that OID (component) tags are only provided for the OIDs built
- * into the NSS library; there is no way to specify tags for
- * dynamically created OIDs. This routine is intended for use in
- * debugging tools such as "derdump." If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the tagged encoding of
- * this NSSOID
- */
-
-#ifdef DEBUG
-NSS_EXTERN NSSUTF8 *
-nssOID_getTaggedUTF8
-(
- NSSOID *oid,
- NSSArena *arenaOpt
-)
-{
- NSSUTF8 *rv;
- char *raw;
- char *c;
- char *a = (char *)NULL;
- char *b;
- PRBool done = PR_FALSE;
- PRUint32 len;
-
- if( PR_SUCCESS != oid_init() ) {
- return (NSSUTF8 *)NULL;
- }
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- a = PR_smprintf("{");
- if( (char *)NULL == a ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-
- /*
- * What I'm doing here is getting the text version of the OID,
- * e.g. 1.2.12.92, then looking up each set of leading numbers
- * as oids.. e.g. "1," then "1.2," then "1.2.12," etc. Each of
- * those will have the leaf tag, and I just build up the string.
- * I never said this was the most efficient way of doing it,
- * but hey it's a debug-build thing, and I'm getting really tired
- * of writing this stupid low-level PKI code.
- */
-
- /* I know it's all ASCII, so I can use char */
- raw = (char *)nssOID_GetUTF8Encoding(oid, (NSSArena *)NULL);
- if( (char *)NULL == raw ) {
- return (NSSUTF8 *)NULL;
- }
-
- for( c = raw; !done; c++ ) {
- NSSOID *lead;
- char *lastdot;
-
- for( ; '.' != *c; c++ ) {
- if( '\0' == *c ) {
- done = PR_TRUE;
- break;
- }
- }
-
- *c = '\0';
- lead = nssOID_CreateFromUTF8((NSSUTF8 *)raw);
- if( (NSSOID *)NULL == lead ) {
- PR_smprintf_free(a);
- nss_ZFreeIf(raw);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-
- lastdot = PL_strrchr(raw, '.');
- if( (char *)NULL == lastdot ) {
- lastdot = raw;
- }
-
- b = PR_smprintf("%s %s(%s) ", a, lead->tag, &lastdot[1]);
- if( (char *)NULL == b ) {
- PR_smprintf_free(a);
- nss_ZFreeIf(raw);
- /* drop the OID reference on the floor */
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-
- PR_smprintf_free(a);
- a = b;
-
- if( !done ) {
- *c = '.';
- }
- }
-
- nss_ZFreeIf(raw);
-
- b = PR_smprintf("%s }", a);
- if( (char *)NULL == b ) {
- PR_smprintf_free(a);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-
- len = PL_strlen(b);
-
- rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len+1);
- if( (NSSUTF8 *)NULL == rv ) {
- PR_smprintf_free(b);
- return (NSSUTF8 *)NULL;
- }
-
- nsslibc_memcpy(rv, b, len);
- PR_smprintf_free(b);
-
- return rv;
-}
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-#endif /* DEBUG */
diff --git a/security/nss/lib/pki1/oidgen.perl b/security/nss/lib/pki1/oidgen.perl
deleted file mode 100755
index 959e3cbaf..000000000
--- a/security/nss/lib/pki1/oidgen.perl
+++ /dev/null
@@ -1,311 +0,0 @@
-#!perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-$cvs_id = '@(#) $RCSfile$ $Revision$ $Date$ $Name$';
-
-$count = -1;
-while(<>) {
- s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/;
- next if (/^\s*$/);
-
- /^([\S]+)\s+([^"][\S]*|"[^"]*")/;
- $name = $1;
- $value = $2;
- # This is certainly not the best way to dequote the data.
- $value =~ s/"//g;
-
- if( $name =~ "OID" ) {
- $count++;
- $x[$count]{$name} = $value;
- $enc = encodeoid($value);
- $x[$count]{" encoding"} = escapeoid($enc);
- $x[$count]{" encoding length"} = length($enc);
- } else {
- if( $count < 0 ) {
- $g{$name} = $value;
- } else {
- $x[$count]{$name} = $value;
- }
- }
-}
-
-# dodump();
-doprint();
-
-sub dodump {
-for( $i = 0; $i <= $count; $i++ ) {
- print "number $i:\n";
- %y = %{$x[$i]};
- while(($n,$v) = each(%y)) {
- print "\t$n ==> $v\n";
- }
-}
-}
-
-sub doprint {
-open(CFILE, ">oiddata.c") || die "Can't open oiddata.c: $!";
-open(HFILE, ">oiddata.h") || die "Can't open oiddata.h: $!";
-
-print CFILE <<EOD
-/* THIS IS A GENERATED FILE */
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifdef DEBUG
-static const char CVS_ID[] = "$g{CVS_ID} ; $cvs_id";
-#endif /* DEBUG */
-
-#ifndef PKI1T_H
-#include "pki1t.h"
-#endif /* PKI1T_H */
-
-const NSSOID nss_builtin_oids[] = {
-EOD
- ;
-
-for( $i = 0; $i <= $count; $i++ ) {
- %y = %{$x[$i]};
- print CFILE " {\n";
- print CFILE "#ifdef DEBUG\n";
- print CFILE " \"$y{TAG}\",\n";
- print CFILE " \"$y{EXPL}\",\n";
- print CFILE "#endif /* DEBUG */\n";
- print CFILE " { \"", $y{" encoding"};
- print CFILE "\", ", $y{" encoding length"}, " }\n";
-
- if( $i == $count ) {
- print CFILE " }\n";
- } else {
- print CFILE " },\n";
- }
-}
-
-print CFILE "};\n\n";
-
-print CFILE "const PRUint32 nss_builtin_oid_count = ", ($count+1), ";\n\n";
-
-for( $i = 0; $i <= $count; $i++ ) {
- %y = %{$x[$i]};
- if( defined($y{NAME}) ) {
- print CFILE "const NSSOID *$y{NAME} = (NSSOID *)&nss_builtin_oids[$i];\n";
- }
-}
-
-print CFILE "\n";
-
-$attrcount = -1;
-for( $i = 0; $i <= $count; $i++ ) {
- %y = %{$x[$i]};
- if( defined($y{ATTR}) ) {
- if( defined($y{NAME}) ) {
- $attrcount++;
- $attr[$attrcount]{ATTR} = $y{ATTR};
- $attr[$attrcount]{NAME} = $y{NAME};
- } else {
- warn "Attribute $y{ATTR} has no name, and will be omitted!";
- }
- }
-}
-
-print CFILE "const nssAttributeTypeAliasTable nss_attribute_type_aliases[] = {\n";
-
-for( $i = 0; $i <= $attrcount; $i++ ) {
- %y = %{$attr[$i]};
- print CFILE " {\n";
- print CFILE " \"$y{ATTR}\",\n";
- print CFILE " &$y{NAME}\n";
-
- if( $i == $attrcount ) {
- print CFILE " }\n";
- } else {
- print CFILE " },\n";
- }
-}
-
-print CFILE "};\n\n";
-
-print CFILE "const PRUint32 nss_attribute_type_alias_count = ", ($attrcount+1), ";\n\n";
-
-print HFILE <<EOD
-/* THIS IS A GENERATED FILE */
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef OIDDATA_H
-#define OIDDATA_H
-
-#ifdef DEBUG
-static const char OIDDATA_CVS_ID[] = "$g{CVS_ID} ; $cvs_id";
-#endif /* DEBUG */
-
-#ifndef NSSPKI1T_H
-#include "nsspki1t.h"
-#endif /* NSSPKI1T_H */
-
-extern const NSSOID nss_builtin_oids[];
-extern const PRUint32 nss_builtin_oid_count;
-
-/*extern const nssAttributeTypeAliasTable nss_attribute_type_aliases[];*/
-/*extern const PRUint32 nss_attribute_type_alias_count;*/
-
-EOD
- ;
-
-for( $i = 0; $i <= $count; $i++ ) {
- %y = %{$x[$i]};
- if( defined($y{NAME}) ) {
- print HFILE "extern const NSSOID *$y{NAME};\n";
- }
-}
-
-print HFILE <<EOD
-
-#endif /* OIDDATA_H */
-EOD
- ;
-
-close CFILE;
-close HFILE;
-}
-
-sub encodenum {
- my $v = $_[0];
- my @d;
- my $i;
- my $rv = "";
-
- while( $v > 128 ) {
- push @d, ($v % 128);
- $v /= 128;
- };
- push @d, ($v%128);
-
- for( $i = @d-1; $i > 0; $i-- ) {
- $rv = $rv . chr(128 + $d[$i]);
- }
-
- $rv = $rv . chr($d[0]);
-
- return $rv;
-}
-
-sub encodeoid {
- my @o = split(/\./, $_[0]);
- my $rv = "";
- my $i;
-
- if( @o < 2 ) {
- # NSS's special "illegal" encoding
- return chr(128) . encodenum($o[0]);
- }
-
- $rv = encodenum($o[0] * 40 + $o[1]);
- shift @o; shift @o;
-
- foreach $i (@o) {
- $rv = $rv . encodenum($i);
- }
-
- return $rv;
-}
-
-sub escapeoid {
- my @v = unpack("C*", $_[0]);
- my $a;
- my $rv = "";
-
- foreach $a (@v) {
- $rv = $rv . sprintf("\\x%02x", $a);
- }
-
- return $rv;
-}
diff --git a/security/nss/lib/pki1/oids.txt b/security/nss/lib/pki1/oids.txt
deleted file mode 100644
index df7b3ab28..000000000
--- a/security/nss/lib/pki1/oids.txt
+++ /dev/null
@@ -1,2115 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CVS_ID "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-# Fields
-# OID -- the OID data itself, in dotted-number format
-# TAG -- the unofficial but common name. e.g., when written like
-# { joint-iso-ccitt(2) country(16) US(840) company(1) netscape(113730) }
-# those words ("joint-iso-ccitt," "country," etc.) are the tags.
-# EXPL -- a textual explanation, that should stand by itself
-# NAME -- the name we use in our code. If no NAME is given, it won't be included
-#
-# Additionally, some sets of OIDs map to some other spaces..
-# additional fields capture that data:
-#
-# CKM -- the corresponding Cryptoki Mechanism, if any
-# CKK -- the corresponding Cryptoki Key type, if any
-# ATTR -- the UTF-8 attribute type encoding, if applicable
-# it should be in the standard presentation style (e.g., lowercase),
-# already-escaped a la RFC 2253 if necessary (which would only
-# be necessary if some idiot defined an attribute with, say,
-# an equals sign in it)
-# CERT_EXTENSION -- SUPPORTED or UNSUPPORTED certificate extension, if applicable
-
-# Top of the OID tree -- see http://www.alvestrand.no/objectid/top.html
-#
-OID 0
-TAG ccitt # ITU-T used to be called CCITT
-EXPL "ITU-T"
-
-# See X.208 Annex C for an explanation of the OIDs below ccitt/itu-t
-
-OID 0.0
-TAG recommendation
-EXPL "ITU-T Recommendation"
-
-OID 0.1
-TAG question
-EXPL "ITU-T Question"
-
-OID 0.2
-TAG administration
-EXPL "ITU-T Administration"
-
-OID 0.3
-TAG network-operator
-EXPL "ITU-T Network Operator"
-
-OID 0.4
-TAG identified-organization
-EXPL "ITU-T Identified Organization"
-
-OID 0.9 # used in some RFCs (unofficial!)
-TAG data
-EXPL "RFC Data"
-
-OID 0.9.2342
-TAG pss
-EXPL "PSS British Telecom X.25 Network"
-
-OID 0.9.2342.19200300
-TAG ucl
-EXPL "RFC 1274 UCL Data networks"
-
-OID 0.9.2342.19200300.100
-TAG pilot
-EXPL "RFC 1274 pilot"
-
-OID 0.9.2342.19200300.100.1
-TAG attributeType
-EXPL "RFC 1274 Attribute Type"
-
-OID 0.9.2342.19200300.100.1.1
-TAG uid
-EXPL "RFC 1274 User Id"
-NAME NSS_OID_RFC1274_UID
-ATTR "uid"
-
-OID 0.9.2342.19200300.100.1.3
-TAG mail
-EXPL "RFC 1274 E-mail Addres"
-NAME NSS_OID_RFC1274_EMAIL
-ATTR "mail" # XXX fgmr
-
-OID 0.9.2342.19200300.100.1.25
-TAG dc
-EXPL "RFC 2247 Domain Component"
-NAME NSS_OID_RFC2247_DC
-ATTR "dc"
-
-OID 0.9.2342.19200300.100.3
-TAG attributeSyntax
-EXPL "RFC 1274 Attribute Syntax"
-
-OID 0.9.2342.19200300.100.3.4
-TAG iA5StringSyntax
-EXPL "RFC 1274 IA5 String Attribute Syntax"
-
-OID 0.9.2342.19200300.100.3.5
-TAG caseIgnoreIA5StringSyntax
-EXPL "RFC 1274 Case-Ignore IA5 String Attribute Syntax"
-
-OID 0.9.2342.19200300.100.4
-TAG objectClass
-EXPL "RFC 1274 Object Class"
-
-OID 0.9.2342.19200300.100.10
-TAG groups
-EXPL "RFC 1274 Groups"
-
-OID 0.9.2342.234219200300
-TAG ucl
-EXPL "RFC 1327 ucl"
-
-OID 1
-TAG iso
-EXPL "ISO"
-
-# See X.208 Annex B for an explanation of the OIDs below iso
-
-OID 1.0
-TAG standard
-EXPL "ISO Standard"
-
-OID 1.1
-TAG registration-authority
-EXPL "ISO Registration Authority"
-
-OID 1.2
-TAG member-body
-EXPL "ISO Member Body"
-
-OID 1.2.36
-TAG australia
-EXPL "Australia (ISO)"
-
-OID 1.2.158
-TAG taiwan
-EXPL "Taiwan (ISO)"
-
-OID 1.2.372
-TAG ireland
-EXPL "Ireland (ISO)"
-
-OID 1.2.578
-TAG norway
-EXPL "Norway (ISO)"
-
-OID 1.2.752
-TAG sweden
-EXPL "Sweden (ISO)"
-
-OID 1.2.826
-TAG great-britain
-EXPL "Great Britain (ISO)"
-
-OID 1.2.840
-TAG us
-EXPL "United States (ISO)"
-
-OID 1.2.840.1
-TAG organization
-EXPL "US (ISO) organization"
-
-OID 1.2.840.10003
-TAG ansi-z30-50
-EXPL "ANSI Z39.50"
-
-OID 1.2.840.10008
-TAG dicom
-EXPL "DICOM"
-
-OID 1.2.840.10017
-TAG ieee-1224
-EXPL "IEEE 1224"
-
-OID 1.2.840.10022
-TAG ieee-802-10
-EXPL "IEEE 802.10"
-
-OID 1.2.840.10036
-TAG ieee-802-11
-EXPL "IEEE 802.11"
-
-OID 1.2.840.10040
-TAG x9-57
-EXPL "ANSI X9.57"
-
-# RFC 2459:
-#
-# holdInstruction OBJECT IDENTIFIER ::=
-# {iso(1) member-body(2) us(840) x9cm(10040) 2}
-#
-# Note that the appendices of RFC 2459 define the (wrong) value
-# of 2.2.840.10040.2 for this oid.
-OID 1.2.840.10040.2
-TAG holdInstruction
-EXPL "ANSI X9.57 Hold Instruction"
-
-# RFC 2459:
-#
-# id-holdinstruction-none OBJECT IDENTIFIER ::=
-# {holdInstruction 1} -- deprecated
-OID 1.2.840.10040.2.1
-TAG id-holdinstruction-none
-EXPL "ANSI X9.57 Hold Instruction: None"
-
-# RFC 2459:
-#
-# id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
-# {holdInstruction 2}
-OID 1.2.840.10040.2.2
-TAG id-holdinstruction-callissuer
-EXPL "ANSI X9.57 Hold Instruction: Call Issuer"
-
-# RFC 2459:
-#
-# id-holdinstruction-reject OBJECT IDENTIFIER ::=
-# {holdInstruction 3}
-OID 1.2.840.10040.2.3
-TAG id-holdinstruction-reject
-EXPL "ANSI X9.57 Hold Instruction: Reject"
-
-OID 1.2.840.10040.4
-TAG x9algorithm
-EXPL "ANSI X9.57 Algorithm"
-
-# RFC 2459:
-#
-# id-dsa OBJECT IDENTIFIER ::= {
-# iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
-OID 1.2.840.10040.4.1
-TAG id-dsa
-EXPL "ANSI X9.57 DSA Signature"
-NAME NSS_OID_ANSIX9_DSA_SIGNATURE
-CKM CKM_DSA
-CKK CKK_DSA
-
-# RFC 2459:
-#
-# id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
-# iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
-OID 1.2.840.10040.4.3
-TAG id-dsa-with-sha1
-EXPL "ANSI X9.57 Algorithm DSA Signature with SHA-1 Digest"
-NAME NSS_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST
-CKM CKM_DSA_SHA1
-
-OID 1.2.840.10046
-TAG x942
-EXPL "ANSI X9.42"
-
-OID 1.2.840.10046.2
-TAG algorithm
-EXPL "ANSI X9.42 Algorithm"
-
-# RFC 2459:
-#
-# dhpublicnumber OBJECT IDENTIFIER ::= {
-# iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
-OID 1.2.840.10046.2.1
-TAG dhpublicnumber
-EXPL "Diffie-Hellman Public Key Algorithm"
-NAME NSS_OID_X942_DIFFIE_HELMAN_KEY
-CKM CKM_DH_PKCS_DERIVE
-CKK CKK_DH
-
-OID 1.2.840.113533
-TAG entrust
-EXPL "Entrust Technologies"
-
-OID 1.2.840.113549
-TAG rsadsi
-EXPL "RSA Data Security Inc."
-
-OID 1.2.840.113549.1
-# http://www.rsa.com/rsalabs/pubs/PKCS/
-TAG pkcs
-EXPL "PKCS"
-
-# RFC 2459:
-#
-# pkcs-1 OBJECT IDENTIFIER ::= {
-# iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
-OID 1.2.840.113549.1.1
-# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-1.asc
-TAG pkcs-1
-EXPL "PKCS #1"
-
-# RFC 2459:
-#
-# rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
-OID 1.2.840.113549.1.1.1
-TAG rsaEncryption
-EXPL "PKCS #1 RSA Encryption"
-NAME NSS_OID_PKCS1_RSA_ENCRYPTION
-CKM CKM_RSA_PKCS
-CKK CKK_RSA
-
-# RFC 2459:
-#
-# md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
-OID 1.2.840.113549.1.1.2
-TAG md2WithRSAEncryption
-EXPL "PKCS #1 MD2 With RSA Encryption"
-NAME NSS_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION
-CKM CKM_MD2_RSA_PKCS
-
-OID 1.2.840.113549.1.1.3
-TAG md4WithRSAEncryption
-EXPL "PKCS #1 MD4 With RSA Encryption"
-NAME NSS_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION
-# No CKM!
-
-# RFC 2459:
-#
-# md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
-OID 1.2.840.113549.1.1.4
-TAG md5WithRSAEncryption
-EXPL "PKCS #1 MD5 With RSA Encryption"
-NAME NSS_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION
-CKM CKM_MD5_RSA_PKCS
-
-# RFC 2459:
-#
-# sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
-OID 1.2.840.113549.1.1.5
-TAG sha1WithRSAEncryption
-EXPL "PKCS #1 SHA-1 With RSA Encryption"
-NAME NSS_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION
-CKM CKM_SHA1_RSA_PKCS
-
-OID 1.2.840.113549.1.5
-# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-5.asc
-TAG pkcs-5
-EXPL "PKCS #5"
-
-OID 1.2.840.113549.1.5.1
-TAG pbeWithMD2AndDES-CBC
-EXPL "PKCS #5 Password Based Encryption With MD2 and DES-CBC"
-NAME NSS_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC
-CKM CKM_PBE_MD2_DES_CBC
-
-OID 1.2.840.113549.1.5.3
-TAG pbeWithMD5AndDES-CBC
-EXPL "PKCS #5 Password Based Encryption With MD5 and DES-CBC"
-NAME NSS_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC
-CKM CKM_PBE_MD5_DES_CBC
-
-OID 1.2.840.113549.1.5.10
-TAG pbeWithSha1AndDES-CBC
-EXPL "PKCS #5 Password Based Encryption With SHA-1 and DES-CBC"
-NAME NSS_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC
-CKM CKM_NETSCAPE_PBE_SHA1_DES_CBC
-
-OID 1.2.840.113549.1.7
-# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-7.asc
-TAG pkcs-7
-EXPL "PKCS #7"
-NAME NSS_OID_PKCS7
-
-OID 1.2.840.113549.1.7.1
-TAG data
-EXPL "PKCS #7 Data"
-NAME NSS_OID_PKCS7_DATA
-
-OID 1.2.840.113549.1.7.2
-TAG signedData
-EXPL "PKCS #7 Signed Data"
-NAME NSS_OID_PKCS7_SIGNED_DATA
-
-OID 1.2.840.113549.1.7.3
-TAG envelopedData
-EXPL "PKCS #7 Enveloped Data"
-NAME NSS_OID_PKCS7_ENVELOPED_DATA
-
-OID 1.2.840.113549.1.7.4
-TAG signedAndEnvelopedData
-EXPL "PKCS #7 Signed and Enveloped Data"
-NAME NSS_OID_PKCS7_SIGNED_ENVELOPED_DATA
-
-OID 1.2.840.113549.1.7.5
-TAG digestedData
-EXPL "PKCS #7 Digested Data"
-NAME NSS_OID_PKCS7_DIGESTED_DATA
-
-OID 1.2.840.113549.1.7.6
-TAG encryptedData
-EXPL "PKCS #7 Encrypted Data"
-NAME NSS_OID_PKCS7_ENCRYPTED_DATA
-
-# RFC 2459:
-#
-# pkcs-9 OBJECT IDENTIFIER ::=
-# { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
-OID 1.2.840.113549.1.9
-# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-9.asc
-TAG pkcs-9
-EXPL "PKCS #9"
-
-# RFC 2459:
-#
-# emailAddress AttributeType ::= { pkcs-9 1 }
-OID 1.2.840.113549.1.9.1
-TAG emailAddress
-EXPL "PKCS #9 Email Address"
-NAME NSS_OID_PKCS9_EMAIL_ADDRESS
-
-OID 1.2.840.113549.1.9.2
-TAG unstructuredName
-EXPL "PKCS #9 Unstructured Name"
-NAME NSS_OID_PKCS9_UNSTRUCTURED_NAME
-
-OID 1.2.840.113549.1.9.3
-TAG contentType
-EXPL "PKCS #9 Content Type"
-NAME NSS_OID_PKCS9_CONTENT_TYPE
-
-OID 1.2.840.113549.1.9.4
-TAG messageDigest
-EXPL "PKCS #9 Message Digest"
-NAME NSS_OID_PKCS9_MESSAGE_DIGEST
-
-OID 1.2.840.113549.1.9.5
-TAG signingTime
-EXPL "PKCS #9 Signing Time"
-NAME NSS_OID_PKCS9_SIGNING_TIME
-
-OID 1.2.840.113549.1.9.6
-TAG counterSignature
-EXPL "PKCS #9 Counter Signature"
-NAME NSS_OID_PKCS9_COUNTER_SIGNATURE
-
-OID 1.2.840.113549.1.9.7
-TAG challengePassword
-EXPL "PKCS #9 Challenge Password"
-NAME NSS_OID_PKCS9_CHALLENGE_PASSWORD
-
-OID 1.2.840.113549.1.9.8
-TAG unstructuredAddress
-EXPL "PKCS #9 Unstructured Address"
-NAME NSS_OID_PKCS9_UNSTRUCTURED_ADDRESS
-
-OID 1.2.840.113549.1.9.9
-TAG extendedCertificateAttributes
-EXPL "PKCS #9 Extended Certificate Attributes"
-NAME NSS_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES
-
-OID 1.2.840.113549.1.9.15
-TAG sMIMECapabilities
-EXPL "PKCS #9 S/MIME Capabilities"
-NAME NSS_OID_PKCS9_SMIME_CAPABILITIES
-
-OID 1.2.840.113549.1.9.20
-TAG friendlyName
-EXPL "PKCS #9 Friendly Name"
-NAME NSS_OID_PKCS9_FRIENDLY_NAME
-
-OID 1.2.840.113549.1.9.21
-TAG localKeyID
-EXPL "PKCS #9 Local Key ID"
-NAME NSS_OID_PKCS9_LOCAL_KEY_ID
-
-OID 1.2.840.113549.1.9.22
-TAG certTypes
-EXPL "PKCS #9 Certificate Types"
-
-OID 1.2.840.113549.1.9.22.1
-TAG x509Certificate
-EXPL "PKCS #9 Certificate Type = X.509"
-NAME NSS_OID_PKCS9_X509_CERT
-
-OID 1.2.840.113549.1.9.22.2
-TAG sdsiCertificate
-EXPL "PKCS #9 Certificate Type = SDSI"
-NAME NSS_OID_PKCS9_SDSI_CERT
-
-OID 1.2.840.113549.1.9.23
-TAG crlTypes
-EXPL "PKCS #9 Certificate Revocation List Types"
-
-OID 1.2.840.113549.1.9.23.1
-TAG x509Crl
-EXPL "PKCS #9 CRL Type = X.509"
-NAME NSS_OID_PKCS9_X509_CRL
-
-OID 1.2.840.113549.1.12
-# http://www.rsa.com/rsalabs/pubs/PKCS/html/pkcs-12.html
-# NOTE -- PKCS #12 multiple contradictory
-# documents exist. Somebody go figure out the canonical
-# OID list, keeping in mind backwards-compatability..
-TAG pkcs-12
-EXPL "PKCS #12"
-NAME NSS_OID_PKCS12
-
-OID 1.2.840.113549.1.12.1
-TAG pkcs-12PbeIds
-EXPL "PKCS #12 Password Based Encryption IDs"
-NAME NSS_OID_PKCS12_PBE_IDS
-# We called it SEC_OID_PKCS12_MODE_IDS
-
-OID 1.2.840.113549.1.12.1.1
-TAG pbeWithSHA1And128BitRC4
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC4"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4
-CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4
-
-OID 1.2.840.113549.1.12.1.2
-TAG pbeWithSHA1And40BitRC4
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC4"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4
-CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4
-
-OID 1.2.840.113549.1.12.1.3
-TAG pbeWithSHA1And3-KeyTripleDES-CBC
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 3-key Triple DES-CBC"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_3_KEY_TRIPLE_DES_CBC
-CKM CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC
-
-OID 1.2.840.113549.1.12.1.4
-TAG pbeWithSHA1And2-KeyTripleDES-CBC
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 2-key Triple DES-CBC"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_2_KEY_TRIPLE_DES_CBC
-CKM CKM_PBE_SHA1_DES2_EDE_CBC
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC
-
-OID 1.2.840.113549.1.12.1.5
-TAG pbeWithSHA1And128BitRC2-CBC
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC2-CBC"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC
-CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC
-
-OID 1.2.840.113549.1.12.1.6
-TAG pbeWithSHA1And40BitRC2-CBC
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC2-CBC"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC
-CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC
-
-OID 1.2.840.113549.1.12.2
-TAG pkcs-12EspvkIds
-EXPL "PKCS #12 ESPVK IDs"
-# We called it SEC_OID_PKCS12_ESPVK_IDS
-
-OID 1.2.840.113549.1.12.2.1
-TAG pkcs8-key-shrouding
-EXPL "PKCS #12 Key Shrouding"
-# We called it SEC_OID_PKCS12_PKCS8_KEY_SHROUDING
-
-OID 1.2.840.113549.1.12.3
-TAG draft1Pkcs-12Bag-ids
-EXPL "Draft 1.0 PKCS #12 Bag IDs"
-# We called it SEC_OID_PKCS12_BAG_IDS
-
-OID 1.2.840.113549.1.12.3.1
-TAG keyBag
-EXPL "Draft 1.0 PKCS #12 Key Bag"
-# We called it SEC_OID_PKCS12_KEY_BAG_ID
-
-OID 1.2.840.113549.1.12.3.2
-TAG certAndCRLBagId
-EXPL "Draft 1.0 PKCS #12 Cert and CRL Bag ID"
-# We called it SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID
-
-OID 1.2.840.113549.1.12.3.3
-TAG secretBagId
-EXPL "Draft 1.0 PKCS #12 Secret Bag ID"
-# We called it SEC_OID_PKCS12_SECRET_BAG_ID
-
-OID 1.2.840.113549.1.12.3.4
-TAG safeContentsId
-EXPL "Draft 1.0 PKCS #12 Safe Contents Bag ID"
-# We called it SEC_OID_PKCS12_SAFE_CONTENTS_ID
-
-OID 1.2.840.113549.1.12.3.5
-TAG pkcs-8ShroudedKeyBagId
-EXPL "Draft 1.0 PKCS #12 PKCS #8-shrouded Key Bag ID"
-# We called it SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID
-
-OID 1.2.840.113549.1.12.4
-TAG pkcs-12CertBagIds
-EXPL "PKCS #12 Certificate Bag IDs"
-# We called it SEC_OID_PKCS12_CERT_BAG_IDS
-
-OID 1.2.840.113549.1.12.4.1
-TAG x509CertCRLBagId
-EXPL "PKCS #12 X.509 Certificate and CRL Bag"
-# We called it SEC_OID_PKCS12_X509_CERT_CRL_BAG
-
-OID 1.2.840.113549.1.12.4.2
-TAG SDSICertBagID
-EXPL "PKCS #12 SDSI Certificate Bag"
-# We called it SEC_OID_PKCS12_SDSI_CERT_BAG
-
-OID 1.2.840.113549.1.12.5
-TAG pkcs-12Oids
-EXPL "PKCS #12 OIDs (XXX)"
-# We called it SEC_OID_PKCS12_OIDS
-
-OID 1.2.840.113549.1.12.5.1
-TAG pkcs-12PbeIds
-EXPL "PKCS #12 OIDs PBE IDs (XXX)"
-# We called it SEC_OID_PKCS12_PBE_IDS
-
-OID 1.2.840.113549.1.12.5.1.1
-TAG pbeWithSha1And128BitRC4
-EXPL "PKCS #12 OIDs PBE with SHA-1 and 128-bit RC4 (XXX)"
-CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4
-# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4
-
-OID 1.2.840.113549.1.12.5.1.2
-TAG pbeWithSha1And40BitRC4
-EXPL "PKCS #12 OIDs PBE with SHA-1 and 40-bit RC4 (XXX)"
-CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4
-# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4
-
-OID 1.2.840.113549.1.12.5.1.3
-TAG pbeWithSha1AndTripleDES-CBC
-EXPL "PKCS #12 OIDs PBE with SHA-1 and Triple DES-CBC (XXX)"
-CKM CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC
-# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC
-
-OID 1.2.840.113549.1.12.5.1.4
-TAG pbeWithSha1And128BitRC2-CBC
-EXPL "PKCS #12 OIDs PBE with SHA-1 and 128-bit RC2-CBC (XXX)"
-CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC
-# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC
-
-OID 1.2.840.113549.1.12.5.1.5
-TAG pbeWithSha1And40BitRC2-CBC
-EXPL "PKCS #12 OIDs PBE with SHA-1 and 40-bit RC2-CBC (XXX)"
-CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC
-# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC
-
-OID 1.2.840.113549.1.12.5.2
-TAG pkcs-12EnvelopingIds
-EXPL "PKCS #12 OIDs Enveloping IDs (XXX)"
-# We called it SEC_OID_PKCS12_ENVELOPING_IDS
-
-OID 1.2.840.113549.1.12.5.2.1
-TAG rsaEncryptionWith128BitRC4
-EXPL "PKCS #12 OIDs Enveloping RSA Encryption with 128-bit RC4"
-# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4
-
-OID 1.2.840.113549.1.12.5.2.2
-TAG rsaEncryptionWith40BitRC4
-EXPL "PKCS #12 OIDs Enveloping RSA Encryption with 40-bit RC4"
-# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4
-
-OID 1.2.840.113549.1.12.5.2.3
-TAG rsaEncryptionWithTripleDES
-EXPL "PKCS #12 OIDs Enveloping RSA Encryption with Triple DES"
-# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES
-
-OID 1.2.840.113549.1.12.5.3
-TAG pkcs-12SignatureIds
-EXPL "PKCS #12 OIDs Signature IDs (XXX)"
-# We called it SEC_OID_PKCS12_SIGNATURE_IDS
-
-OID 1.2.840.113549.1.12.5.3.1
-TAG rsaSignatureWithSHA1Digest
-EXPL "PKCS #12 OIDs RSA Signature with SHA-1 Digest"
-# We called it SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST
-
-OID 1.2.840.113549.1.12.10
-TAG pkcs-12Version1
-EXPL "PKCS #12 Version 1"
-
-OID 1.2.840.113549.1.12.10.1
-TAG pkcs-12BagIds
-EXPL "PKCS #12 Bag IDs"
-
-OID 1.2.840.113549.1.12.10.1.1
-TAG keyBag
-EXPL "PKCS #12 Key Bag"
-NAME NSS_OID_PKCS12_KEY_BAG
-# We called it SEC_OID_PKCS12_V1_KEY_BAG_ID
-
-OID 1.2.840.113549.1.12.10.1.2
-TAG pkcs-8ShroudedKeyBag
-EXPL "PKCS #12 PKCS #8-shrouded Key Bag"
-NAME NSS_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG
-# We called it SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID
-
-OID 1.2.840.113549.1.12.10.1.3
-TAG certBag
-EXPL "PKCS #12 Certificate Bag"
-NAME NSS_OID_PKCS12_CERT_BAG
-# We called it SEC_OID_PKCS12_V1_CERT_BAG_ID
-
-OID 1.2.840.113549.1.12.10.1.4
-TAG crlBag
-EXPL "PKCS #12 CRL Bag"
-NAME NSS_OID_PKCS12_CRL_BAG
-# We called it SEC_OID_PKCS12_V1_CRL_BAG_ID
-
-OID 1.2.840.113549.1.12.10.1.5
-TAG secretBag
-EXPL "PKCS #12 Secret Bag"
-NAME NSS_OID_PKCS12_SECRET_BAG
-# We called it SEC_OID_PKCS12_V1_SECRET_BAG_ID
-
-OID 1.2.840.113549.1.12.10.1.6
-TAG safeContentsBag
-EXPL "PKCS #12 Safe Contents Bag"
-NAME NSS_OID_PKCS12_SAFE_CONTENTS_BAG
-# We called it SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID
-
-OID 1.2.840.113549.2
-TAG digest
-EXPL "RSA digest algorithm"
-
-OID 1.2.840.113549.2.2
-TAG md2
-EXPL "MD2"
-NAME NSS_OID_MD2
-CKM CKM_MD2
-
-OID 1.2.840.113549.2.4
-TAG md4
-EXPL "MD4"
-NAME NSS_OID_MD4
-# No CKM
-
-OID 1.2.840.113549.2.5
-TAG md5
-EXPL "MD5"
-NAME NSS_OID_MD5
-CKM CKM_MD5
-
-OID 1.2.840.113549.3
-TAG cipher
-EXPL "RSA cipher algorithm"
-
-OID 1.2.840.113549.3.2
-TAG rc2cbc
-EXPL "RC2-CBC"
-NAME NSS_OID_RC2_CBC
-CKM_RC2_CBC
-
-OID 1.2.840.113549.3.4
-TAG rc4
-EXPL "RC4"
-NAME NSS_OID_RC4
-CKM CKM_RC4
-
-OID 1.2.840.113549.3.7
-TAG desede3cbc
-EXPL "DES-EDE3-CBC"
-NAME NSS_OID_DES_EDE3_CBC
-CKM CKM_DES3_CBC
-
-OID 1.2.840.113549.3.9
-TAG rc5cbcpad
-EXPL "RC5-CBCPad"
-NAME NSS_OID_RC5_CBC_PAD
-CKM CKM_RC5_CBC
-
-OID 1.2.840.113556
-TAG microsoft
-EXPL "Microsoft"
-
-OID 1.2.840.113560
-TAG columbia-university
-EXPL "Columbia University"
-
-OID 1.2.840.113572
-TAG unisys
-EXPL "Unisys"
-
-OID 1.2.840.113658
-TAG xapia
-EXPL "XAPIA"
-
-OID 1.2.840.113699
-TAG wordperfect
-EXPL "WordPerfect"
-
-OID 1.3
-TAG identified-organization
-EXPL "ISO identified organizations"
-
-OID 1.3.6
-TAG us-dod
-EXPL "United States Department of Defense"
-
-OID 1.3.6.1
-TAG internet # See RFC 1065
-EXPL "The Internet"
-
-OID 1.3.6.1.1
-TAG directory
-EXPL "Internet: Directory"
-
-OID 1.3.6.1.2
-TAG management
-EXPL "Internet: Management"
-
-OID 1.3.6.1.3
-TAG experimental
-EXPL "Internet: Experimental"
-
-OID 1.3.6.1.4
-TAG private
-EXPL "Internet: Private"
-
-OID 1.3.6.1.5
-TAG security
-EXPL "Internet: Security"
-
-OID 1.3.6.1.5.5
-
-# RFC 2459:
-#
-# id-pkix OBJECT IDENTIFIER ::=
-# { iso(1) identified-organization(3) dod(6) internet(1)
-# security(5) mechanisms(5) pkix(7) }
-OID 1.3.6.1.5.5.7
-TAG id-pkix
-EXPL "Public Key Infrastructure"
-
-# RFC 2459:
-#
-# PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1)
-# security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-88(1)}
-OID 1.3.6.1.5.5.7.0.1
-TAG PKIX1Explicit88
-EXPL "RFC 2459 Explicitly Tagged Module, 1988 Syntax"
-
-# RFC 2459:
-#
-# PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1)
-# security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-88(2)}
-OID 1.3.6.1.5.5.7.0.2
-TAG PKIXImplicit88
-EXPL "RFC 2459 Implicitly Tagged Module, 1988 Syntax"
-
-# RFC 2459:
-#
-# PKIX1Explicit93 {iso(1) identified-organization(3) dod(6) internet(1)
-# security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-93(3)}
-OID 1.3.6.1.5.5.7.0.3
-TAG PKIXExplicit93
-EXPL "RFC 2459 Explicitly Tagged Module, 1993 Syntax"
-
-# RFC 2459:
-#
-# id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
-# -- arc for private certificate extensions
-OID 1.3.6.1.5.5.7.1
-TAG id-pe
-EXPL "PKIX Private Certificate Extensions"
-
-# RFC 2459:
-#
-# id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
-OID 1.3.6.1.5.5.7.1.1
-TAG id-pe-authorityInfoAccess
-EXPL "Certificate Authority Information Access"
-NAME NSS_OID_X509_AUTH_INFO_ACCESS
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
-# -- arc for policy qualifier types
-OID 1.3.6.1.5.5.7.2
-TAG id-qt
-EXPL "PKIX Policy Qualifier Types"
-
-# RFC 2459:
-#
-# id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
-# -- OID for CPS qualifier
-OID 1.3.6.1.5.5.7.2.1
-TAG id-qt-cps
-EXPL "PKIX CPS Pointer Qualifier"
-NAME NSS_OID_PKIX_CPS_POINTER_QUALIFIER
-
-# RFC 2459:
-#
-# id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
-# -- OID for user notice qualifier
-OID 1.3.6.1.5.5.7.2.2
-TAG id-qt-unotice
-EXPL "PKIX User Notice Qualifier"
-NAME NSS_OID_PKIX_USER_NOTICE_QUALIFIER
-
-# RFC 2459:
-#
-# id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
-# -- arc for extended key purpose OIDS
-OID 1.3.6.1.5.5.7.3
-TAG id-kp
-EXPL "PKIX Key Purpose"
-
-# RFC 2459:
-#
-# id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
-OID 1.3.6.1.5.5.7.3.1
-TAG id-kp-serverAuth
-EXPL "TLS Web Server Authentication Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_SERVER_AUTH
-
-# RFC 2459:
-#
-# id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
-OID 1.3.6.1.5.5.7.3.2
-TAG id-kp-clientAuth
-EXPL "TLS Web Client Authentication Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_CLIENT_AUTH
-
-# RFC 2459:
-#
-# id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
-OID 1.3.6.1.5.5.7.3.3
-TAG id-kp-codeSigning
-EXPL "Code Signing Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_CODE_SIGN
-
-# RFC 2459:
-#
-# id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
-OID 1.3.6.1.5.5.7.3.4
-TAG id-kp-emailProtection
-EXPL "E-Mail Protection Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_EMAIL_PROTECTION
-
-# RFC 2459:
-#
-# id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
-OID 1.3.6.1.5.5.7.3.5
-TAG id-kp-ipsecEndSystem
-EXPL "IPSEC End System Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_IPSEC_END_SYSTEM
-
-# RFC 2459:
-#
-# id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
-OID 1.3.6.1.5.5.7.3.6
-TAG id-kp-ipsecTunnel
-EXPL "IPSEC Tunnel Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_IPSEC_TUNNEL
-
-# RFC 2459:
-#
-# id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
-OID 1.3.6.1.5.5.7.3.7
-TAG id-kp-ipsecUser
-EXPL "IPSEC User Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_IPSEC_USER
-
-# RFC 2459:
-#
-# id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
-OID 1.3.6.1.5.5.7.3.8
-TAG id-kp-timeStamping
-EXPL "Time Stamping Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_TIME_STAMP
-
-OID 1.3.6.1.5.5.7.3.9
-TAG ocsp-responder
-EXPL "OCSP Responder Certificate"
-NAME NSS_OID_OCSP_RESPONDER
-
-OID 1.3.6.1.5.5.7.7
-TAG pkix-id-pkix
-
-OID 1.3.6.1.5.5.7.7.5
-TAG pkix-id-pkip
-
-OID 1.3.6.1.5.5.7.7.5.1
-TAG pkix-id-regctrl
-EXPL "CRMF Registration Control"
-
-OID 1.3.6.1.5.5.7.7.5.1.1
-TAG regtoken
-EXPL "CRMF Registration Control, Registration Token"
-NAME NSS_OID_PKIX_REGCTRL_REGTOKEN
-
-OID 1.3.6.1.5.5.7.7.5.1.2
-TAG authenticator
-EXPL "CRMF Registration Control, Registration Authenticator"
-NAME NSS_OID_PKIX_REGCTRL_AUTHENTICATOR
-
-OID 1.3.6.1.5.5.7.7.5.1.3
-TAG pkipubinfo
-EXPL "CRMF Registration Control, PKI Publication Info"
-NAME NSS_OID_PKIX_REGCTRL_PKIPUBINFO
-
-OID 1.3.6.1.5.5.7.7.5.1.4
-TAG pki-arch-options
-EXPL "CRMF Registration Control, PKI Archive Options"
-NAME NSS_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS
-
-OID 1.3.6.1.5.5.7.7.5.1.5
-TAG old-cert-id
-EXPL "CRMF Registration Control, Old Certificate ID"
-NAME NSS_OID_PKIX_REGCTRL_OLD_CERT_ID
-
-OID 1.3.6.1.5.5.7.7.5.1.6
-TAG protocol-encryption-key
-EXPL "CRMF Registration Control, Protocol Encryption Key"
-NAME NSS_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY
-
-OID 1.3.6.1.5.5.7.7.5.2
-TAG pkix-id-reginfo
-EXPL "CRMF Registration Info"
-
-OID 1.3.6.1.5.5.7.7.5.2.1
-TAG utf8-pairs
-EXPL "CRMF Registration Info, UTF8 Pairs"
-NAME NSS_OID_PKIX_REGINFO_UTF8_PAIRS
-
-OID 1.3.6.1.5.5.7.7.5.2.2
-TAG cert-request
-EXPL "CRMF Registration Info, Certificate Request"
-NAME NSS_OID_PKIX_REGINFO_CERT_REQUEST
-
-# RFC 2549:
-#
-# id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
-# -- arc for access descriptors
-OID 1.3.6.1.5.5.7.48
-TAG id-ad
-EXPL "PKIX Access Descriptors"
-
-# RFC 2549:
-#
-# id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
-OID 1.3.6.1.5.5.7.48.1
-TAG id-ad-ocsp
-EXPL "PKIX Online Certificate Status Protocol"
-NAME NSS_OID_OID_PKIX_OCSP
-
-OID 1.3.6.1.5.5.7.48.1.1
-TAG basic-response
-EXPL "OCSP Basic Response"
-NAME NSS_OID_PKIX_OCSP_BASIC_RESPONSE
-
-OID 1.3.6.1.5.5.7.48.1.2
-TAG nonce-extension
-EXPL "OCSP Nonce Extension"
-NAME NSS_OID_PKIX_OCSP_NONCE
-
-OID 1.3.6.1.5.5.7.48.1.3
-TAG response
-EXPL "OCSP Response Types Extension"
-NAME NSS_OID_PKIX_OCSP_RESPONSE
-
-OID 1.3.6.1.5.5.7.48.1.4
-TAG crl
-EXPL "OCSP CRL Reference Extension"
-NAME NSS_OID_PKIX_OCSP_CRL
-
-OID 1.3.6.1.5.5.7.48.1.5
-TAG no-check
-EXPL "OCSP No Check Extension"
-NAME NSS_OID_X509_OCSP_NO_CHECK # X509_... ?
-
-OID 1.3.6.1.5.5.7.48.1.6
-TAG archive-cutoff
-EXPL "OCSP Archive Cutoff Extension"
-NAME NSS_OID_PKIX_OCSP_ARCHIVE_CUTOFF
-
-OID 1.3.6.1.5.5.7.48.1.7
-TAG service-locator
-EXPL "OCSP Service Locator Extension"
-NAME NSS_OID_PKIX_OCSP_SERVICE_LOCATOR
-
-# RFC 2549:
-#
-# id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
-OID 1.3.6.1.5.5.7.48.2
-TAG id-ad-caIssuers
-EXPL "Certificate Authority Issuers"
-
-OID 1.3.6.1.6
-TAG snmpv2
-EXPL "Internet: SNMPv2"
-
-OID 1.3.6.1.7
-TAG mail
-EXPL "Internet: mail"
-
-OID 1.3.6.1.7.1
-TAG mime-mhs
-EXPL "Internet: mail MIME mhs"
-
-OID 1.3.12
-TAG ecma
-EXPL "European Computers Manufacturing Association"
-
-OID 1.3.14
-TAG oiw
-EXPL "Open Systems Implementors Workshop"
-
-OID 1.3.14.3 secsig
-TAG secsig
-EXPL "Open Systems Implementors Workshop Security Special Interest Group"
-
-OID 1.3.14.3.1
-TAG oIWSECSIGAlgorithmObjectIdentifiers
-EXPL "OIW SECSIG Algorithm OIDs"
-
-OID 1.3.14.3.2
-TAG algorithm
-EXPL "OIW SECSIG Algorithm"
-
-OID 1.3.14.3.2.6
-TAG desecb
-EXPL "DES-ECB"
-NAME NSS_OID_DES_ECB
-CKM CKM_DES_ECB
-
-OID 1.3.14.3.2.7
-TAG descbc
-EXPL "DES-CBC"
-NAME NSS_OID_DES_CBC
-CKM CKM_DES_CBC
-
-OID 1.3.14.3.2.8
-TAG desofb
-EXPL "DES-OFB"
-NAME NSS_OID_DES_OFB
-# No CKM..
-
-OID 1.3.14.3.2.9
-TAG descfb
-EXPL "DES-CFB"
-NAME NSS_OID_DES_CFB
-# No CKM..
-
-OID 1.3.14.3.2.10
-TAG desmac
-EXPL "DES-MAC"
-NAME NSS_OID_DES_MAC
-CKM CKM_DES_MAC
-
-OID 1.3.14.3.2.15
-TAG isoSHAWithRSASignature
-EXPL "ISO SHA with RSA Signature"
-NAME NSS_OID_ISO_SHA_WITH_RSA_SIGNATURE
-# No CKM..
-
-OID 1.3.14.3.2.17
-TAG desede
-EXPL "DES-EDE"
-NAME NSS_OID_DES_EDE
-# No CKM..
-
-OID 1.3.14.3.2.26
-TAG sha1
-EXPL "SHA-1"
-NAME NSS_OID_SHA1
-CKM CKM_SHA_1
-
-OID 1.3.14.3.2.27
-TAG bogusDSASignatureWithSHA1Digest
-EXPL "Forgezza DSA Signature with SHA-1 Digest"
-NAME NSS_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST
-CKM CKM_DSA_SHA1
-
-OID 1.3.14.3.3
-TAG authentication-mechanism
-EXPL "OIW SECSIG Authentication Mechanisms"
-
-OID 1.3.14.3.4
-TAG security-attribute
-EXPL "OIW SECSIG Security Attributes"
-
-OID 1.3.14.3.5
-TAG document-definition
-EXPL "OIW SECSIG Document Definitions used in security"
-
-OID 1.3.14.7
-TAG directory-services-sig
-EXPL "OIW directory services sig"
-
-OID 1.3.16
-TAG ewos
-EXPL "European Workshop on Open Systems"
-
-OID 1.3.22
-TAG osf
-EXPL "Open Software Foundation"
-
-OID 1.3.23
-TAG nordunet
-EXPL "Nordunet"
-
-OID 1.3.26
-TAG nato-id-org
-EXPL "NATO identified organisation"
-
-OID 1.3.36
-TAG teletrust
-EXPL "Teletrust"
-
-OID 1.3.52
-TAG smpte
-EXPL "Society of Motion Picture and Television Engineers"
-
-OID 1.3.69
-TAG sita
-EXPL "Societe Internationale de Telecommunications Aeronautiques"
-
-OID 1.3.90
-TAG iana
-EXPL "Internet Assigned Numbers Authority"
-
-OID 1.3.101
-TAG thawte
-EXPL "Thawte"
-
-OID 2
-TAG joint-iso-ccitt
-EXPL "Joint ISO/ITU-T assignment"
-
-OID 2.0
-TAG presentation
-EXPL "Joint ISO/ITU-T Presentation"
-
-OID 2.1
-TAG asn-1
-EXPL "Abstract Syntax Notation One"
-
-OID 2.2
-TAG acse
-EXPL "Association Control"
-
-OID 2.3
-TAG rtse
-EXPL "Reliable Transfer"
-
-OID 2.4
-TAG rose
-EXPL "Remote Operations"
-
-OID 2.5
-TAG x500
-EXPL "Directory"
-
-OID 2.5.1
-TAG modules
-EXPL "X.500 modules"
-
-OID 2.5.2
-TAG service-environment
-EXPL "X.500 service environment"
-
-OID 2.5.3
-TAG application-context
-EXPL "X.500 application context"
-
-# RFC 2459:
-#
-# id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
-OID 2.5.4
-TAG id-at
-EXPL "X.520 attribute types"
-
-# RFC 2459:
-#
-# id-at-commonName AttributeType ::= {id-at 3}
-OID 2.5.4.3
-TAG id-at-commonName
-EXPL "X.520 Common Name"
-NAME NSS_OID_X520_COMMON_NAME
-ATTR "cn"
-
-# RFC 2459:
-#
-# id-at-surname AttributeType ::= {id-at 4}
-OID 2.5.4.4
-TAG id-at-surname
-EXPL "X.520 Surname"
-NAME NSS_OID_X520_SURNAME
-ATTR "sn"
-
-# RFC 2459:
-#
-# id-at-countryName AttributeType ::= {id-at 6}
-OID 2.5.4.6
-TAG id-at-countryName
-EXPL "X.520 Country Name"
-NAME NSS_OID_X520_COUNTRY_NAME
-ATTR "c"
-
-# RFC 2459:
-#
-# id-at-localityName AttributeType ::= {id-at 7}
-OID 2.5.4.7
-TAG id-at-localityName
-EXPL "X.520 Locality Name"
-NAME NSS_OID_X520_LOCALITY_NAME
-ATTR "l"
-
-# RFC 2459:
-#
-# id-at-stateOrProvinceName AttributeType ::= {id-at 8}
-OID 2.5.4.8
-TAG id-at-stateOrProvinceName
-EXPL "X.520 State or Province Name"
-NAME NSS_OID_X520_STATE_OR_PROVINCE_NAME
-ATTR "s"
-
-# RFC 2459:
-#
-# id-at-organizationName AttributeType ::= {id-at 10}
-OID 2.5.4.10
-TAG id-at-organizationName
-EXPL "X.520 Organization Name"
-NAME NSS_OID_X520_ORGANIZATION_NAME
-ATTR "o"
-
-# RFC 2459:
-#
-# id-at-organizationalUnitName AttributeType ::= {id-at 11}
-OID 2.5.4.11
-TAG id-at-organizationalUnitName
-EXPL "X.520 Organizational Unit Name"
-NAME NSS_OID_X520_ORGANIZATIONAL_UNIT_NAME
-ATTR "ou"
-
-# RFC 2459:
-#
-# id-at-title AttributeType ::= {id-at 12}
-OID 2.5.4.12
-TAG id-at-title
-EXPL "X.520 Title"
-NAME NSS_OID_X520_TITLE
-ATTR "title"
-
-# RFC 2459:
-#
-# id-at-name AttributeType ::= {id-at 41}
-OID 2.5.4.41
-TAG id-at-name
-EXPL "X.520 Name"
-NAME NSS_OID_X520_NAME
-ATTR "name"
-
-# RFC 2459:
-#
-# id-at-givenName AttributeType ::= {id-at 42}
-OID 2.5.4.42
-TAG id-at-givenName
-EXPL "X.520 Given Name"
-NAME NSS_OID_X520_GIVEN_NAME
-ATTR "givenName"
-
-# RFC 2459:
-#
-# id-at-initials AttributeType ::= {id-at 43}
-OID 2.5.4.43
-TAG id-at-initials
-EXPL "X.520 Initials"
-NAME NSS_OID_X520_INITIALS
-ATTR "initials"
-
-# RFC 2459:
-#
-# id-at-generationQualifier AttributeType ::= {id-at 44}
-OID 2.5.4.44
-TAG id-at-generationQualifier
-EXPL "X.520 Generation Qualifier"
-NAME NSS_OID_X520_GENERATION_QUALIFIER
-ATTR "generationQualifier"
-
-# RFC 2459:
-#
-# id-at-dnQualifier AttributeType ::= {id-at 46}
-OID 2.5.4.46
-TAG id-at-dnQualifier
-EXPL "X.520 DN Qualifier"
-NAME NSS_OID_X520_DN_QUALIFIER
-ATTR "dnQualifier"
-
-OID 2.5.5
-TAG attribute-syntax
-EXPL "X.500 attribute syntaxes"
-
-OID 2.5.6
-TAG object-classes
-EXPL "X.500 standard object classes"
-
-OID 2.5.7
-TAG attribute-set
-EXPL "X.500 attribute sets"
-
-OID 2.5.8
-TAG algorithms
-EXPL "X.500-defined algorithms"
-
-OID 2.5.8.1
-TAG encryption
-EXPL "X.500-defined encryption algorithms"
-
-OID 2.5.8.1.1
-TAG rsa
-EXPL "RSA Encryption Algorithm"
-NAME NSS_OID_X500_RSA_ENCRYPTION
-CKM CKM_RSA_X_509
-
-OID 2.5.9
-TAG abstract-syntax
-EXPL "X.500 abstract syntaxes"
-
-OID 2.5.12
-TAG operational-attribute
-EXPL "DSA Operational Attributes"
-
-OID 2.5.13
-TAG matching-rule
-EXPL "Matching Rule"
-
-OID 2.5.14
-TAG knowledge-matching-rule
-EXPL "X.500 knowledge Matching Rules"
-
-OID 2.5.15
-TAG name-form
-EXPL "X.500 name forms"
-
-OID 2.5.16
-TAG group
-EXPL "X.500 groups"
-
-OID 2.5.17
-TAG subentry
-EXPL "X.500 subentry"
-
-OID 2.5.18
-TAG operational-attribute-type
-EXPL "X.500 operational attribute type"
-
-OID 2.5.19
-TAG operational-binding
-EXPL "X.500 operational binding"
-
-OID 2.5.20
-TAG schema-object-class
-EXPL "X.500 schema Object class"
-
-OID 2.5.21
-TAG schema-operational-attribute
-EXPL "X.500 schema operational attributes"
-
-OID 2.5.23
-TAG administrative-role
-EXPL "X.500 administrative roles"
-
-OID 2.5.24
-TAG access-control-attribute
-EXPL "X.500 access control attribute"
-
-OID 2.5.25
-TAG ros
-EXPL "X.500 ros object"
-
-OID 2.5.26
-TAG contract
-EXPL "X.500 contract"
-
-OID 2.5.27
-TAG package
-EXPL "X.500 package"
-
-OID 2.5.28
-TAG access-control-schema
-EXPL "X.500 access control schema"
-
-# RFC 2459:
-#
-# id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
-OID 2.5.29
-TAG id-ce
-EXPL "X.500 Certificate Extension"
-
-OID 2.5.29.5
-TAG subject-directory-attributes
-EXPL "Certificate Subject Directory Attributes"
-NAME NSS_OID_X509_SUBJECT_DIRECTORY_ATTR
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
-OID 2.5.29.9
-TAG id-ce-subjectDirectoryAttributes
-EXPL "Certificate Subject Directory Attributes"
-NAME NSS_OID_X509_SUBJECT_DIRECTORY_ATTRIBUTES
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
-OID 2.5.29.14
-TAG id-ce-subjectKeyIdentifier
-EXPL "Certificate Subject Key ID"
-NAME NSS_OID_X509_SUBJECT_KEY_ID
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
-OID 2.5.29.15
-TAG id-ce-keyUsage
-EXPL "Certificate Key Usage"
-NAME NSS_OID_X509_KEY_USAGE
-CERT_EXTENSION SUPPORTED
-# We called it PKCS12_KEY_USAGE
-
-# RFC 2459:
-#
-# id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
-OID 2.5.29.16
-TAG id-ce-privateKeyUsagePeriod
-EXPL "Certificate Private Key Usage Period"
-NAME NSS_OID_X509_PRIVATE_KEY_USAGE_PERIOD
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
-OID 2.5.29.17
-TAG id-ce-subjectAltName
-EXPL "Certificate Subject Alternate Name"
-NAME NSS_OID_X509_SUBJECT_ALT_NAME
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
-OID 2.5.29.18
-TAG id-ce-issuerAltName
-EXPL "Certificate Issuer Alternate Name"
-NAME NSS_OID_X509_ISSUER_ALT_NAME
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
-OID 2.5.29.19
-TAG id-ce-basicConstraints
-EXPL "Certificate Basic Constraints"
-NAME NSS_OID_X509_BASIC_CONSTRAINTS
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
-OID 2.5.29.20
-TAG id-ce-cRLNumber
-EXPL "CRL Number"
-NAME NSS_OID_X509_CRL_NUMBER
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
-OID 2.5.29.21
-TAG id-ce-cRLReasons
-EXPL "CRL Reason Code"
-NAME NSS_OID_X509_REASON_CODE
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
-OID 2.5.29.23
-TAG id-ce-holdInstructionCode
-EXPL "Hold Instruction Code"
-NAME NSS_OID_X509_HOLD_INSTRUCTION_CODE
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
-OID 2.5.29.24
-TAG id-ce-invalidityDate
-EXPL "Invalid Date"
-NAME NSS_OID_X509_INVALID_DATE
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
-OID 2.5.29.27
-TAG id-ce-deltaCRLIndicator
-EXPL "Delta CRL Indicator"
-NAME NSS_OID_X509_DELTA_CRL_INDICATOR
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
-OID 2.5.29.28
-TAG id-ce-issuingDistributionPoint
-EXPL "Issuing Distribution Point"
-NAME NSS_OID_X509_ISSUING_DISTRIBUTION_POINT
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
-OID 2.5.29.29
-TAG id-ce-certificateIssuer
-EXPL "Certificate Issuer"
-NAME NSS_OID_X509_CERTIFICATE_ISSUER
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
-OID 2.5.29.30
-TAG id-ce-nameConstraints
-EXPL "Certificate Name Constraints"
-NAME NSS_OID_X509_NAME_CONSTRAINTS
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
-OID 2.5.29.31
-TAG id-ce-cRLDistributionPoints
-EXPL "CRL Distribution Points"
-NAME NSS_OID_X509_CRL_DIST_POINTS
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
-OID 2.5.29.32
-TAG id-ce-certificatePolicies
-EXPL "Certificate Policies"
-NAME NSS_OID_X509_CERTIFICATE_POLICIES
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
-OID 2.5.29.33
-TAG id-ce-policyMappings
-EXPL "Certificate Policy Mappings"
-NAME NSS_OID_X509_POLICY_MAPPINGS
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.5.29.34
-TAG policy-constraints
-EXPL "Certificate Policy Constraints (old)"
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
-OID 2.5.29.35
-TAG id-ce-authorityKeyIdentifier
-EXPL "Certificate Authority Key Identifier"
-NAME NSS_OID_X509_AUTH_KEY_ID
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
-OID 2.5.29.36
-TAG id-ce-policyConstraints
-EXPL "Certificate Policy Constraints"
-NAME NSS_OID_X509_POLICY_CONSTRAINTS
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
-OID 2.5.29.37
-TAG id-ce-extKeyUsage
-EXPL "Extended Key Usage"
-NAME NSS_OID_X509_EXT_KEY_USAGE
-CERT_EXTENSION SUPPORTED
-
-OID 2.5.30
-TAG id-mgt
-EXPL "X.500 Management Object"
-
-OID 2.6
-TAG x400
-EXPL "X.400 MHS"
-
-OID 2.7
-TAG ccr
-EXPL "Committment, Concurrency and Recovery"
-
-OID 2.8
-TAG oda
-EXPL "Office Document Architecture"
-
-OID 2.9
-TAG osi-management
-EXPL "OSI management"
-
-OID 2.10
-TAG tp
-EXPL "Transaction Processing"
-
-OID 2.11
-TAG dor
-EXPL "Distinguished Object Reference"
-
-OID 2.12
-TAG rdt
-EXPL "Referenced Data Transfer"
-
-OID 2.13
-TAG nlm
-EXPL "Network Layer Management"
-
-OID 2.14
-TAG tlm
-EXPL "Transport Layer Management"
-
-OID 2.15
-TAG llm
-EXPL "Link Layer Management"
-
-OID 2.16
-TAG country
-EXPL "Country Assignments"
-
-OID 2.16.124
-TAG canada
-EXPL "Canada"
-
-OID 2.16.158
-TAG taiwan
-EXPL "Taiwan"
-
-OID 2.16.578
-TAG norway
-EXPL "Norway"
-
-OID 2.16.756
-TAG switzerland
-EXPL "Switzerland"
-
-OID 2.16.840
-TAG us
-EXPL "United States"
-
-OID 2.16.840.1
-TAG us-company
-EXPL "United States Company"
-
-OID 2.16.840.1.101
-TAG us-government
-EXPL "United States Government (1.101)"
-
-OID 2.16.840.1.101.2
-TAG us-dod
-EXPL "United States Department of Defense"
-
-OID 2.16.840.1.101.2.1
-TAG id-infosec
-EXPL "US DOD Infosec"
-
-OID 2.16.840.1.101.2.1.0
-TAG id-modules
-EXPL "US DOD Infosec modules"
-
-OID 2.16.840.1.101.2.1.1
-TAG id-algorithms
-EXPL "US DOD Infosec algorithms (MISSI)"
-
-OID 2.16.840.1.101.2.1.1.2
-TAG old-dss
-EXPL "MISSI DSS Algorithm (Old)"
-NAME NSS_OID_MISSI_DSS_OLD
-
-# This is labeled as "### mwelch temporary"
-# Is it official?? XXX fgmr
-OID 2.16.840.1.101.2.1.1.4
-TAG skipjack-cbc-64
-EXPL "Skipjack CBC64"
-NAME NSS_OID_FORTEZZA_SKIPJACK
-CKM CKM_SKIPJACK_CBC64
-
-OID 2.16.840.1.101.2.1.1.10
-TAG kea
-EXPL "MISSI KEA Algorithm"
-NAME NSS_OID_MISSI_KEA
-
-OID 2.16.840.1.101.2.1.1.12
-TAG old-kea-dss
-EXPL "MISSI KEA and DSS Algorithm (Old)"
-NAME NSS_OID_MISSI_KEA_DSS_OLD
-
-OID 2.16.840.1.101.2.1.1.19
-TAG dss
-EXPL "MISSI DSS Algorithm"
-NAME NSS_OID_MISSI_DSS
-
-OID 2.16.840.1.101.2.1.1.20
-TAG kea-dss
-EXPL "MISSI KEA and DSS Algorithm"
-NAME NSS_OID_MISSI_KEA_DSS
-
-OID 2.16.840.1.101.2.1.1.22
-TAG alt-kea
-EXPL "MISSI Alternate KEA Algorithm"
-NAME NSS_OID_MISSI_ALT_KEY
-
-OID 2.16.840.1.101.2.1.2
-TAG id-formats
-EXPL "US DOD Infosec formats"
-
-OID 2.16.840.1.101.2.1.3
-TAG id-policy
-EXPL "US DOD Infosec policy"
-
-OID 2.16.840.1.101.2.1.4
-TAG id-object-classes
-EXPL "US DOD Infosec object classes"
-
-OID 2.16.840.1.101.2.1.5
-TAG id-attributes
-EXPL "US DOD Infosec attributes"
-
-OID 2.16.840.1.101.2.1.6
-TAG id-attribute-syntax
-EXPL "US DOD Infosec attribute syntax"
-
-OID 2.16.840.1.113730
-# The Netscape OID space
-TAG netscape
-EXPL "Netscape Communications Corp."
-
-OID 2.16.840.1.113730.1
-TAG cert-ext
-EXPL "Netscape Cert Extensions"
-
-OID 2.16.840.1.113730.1.1
-TAG cert-type
-EXPL "Certificate Type"
-NAME NSS_OID_NS_CERT_EXT_CERT_TYPE
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.2
-TAG base-url
-EXPL "Certificate Extension Base URL"
-NAME NSS_OID_NS_CERT_EXT_BASE_URL
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.3
-TAG revocation-url
-EXPL "Certificate Revocation URL"
-NAME NSS_OID_NS_CERT_EXT_REVOCATION_URL
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.4
-TAG ca-revocation-url
-EXPL "Certificate Authority Revocation URL"
-NAME NSS_OID_NS_CERT_EXT_CA_REVOCATION_URL
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.5
-TAG ca-crl-download-url
-EXPL "Certificate Authority CRL Download URL"
-NAME NSS_OID_NS_CERT_EXT_CA_CRL_URL
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.1.6
-TAG ca-cert-url
-EXPL "Certificate Authority Certificate Download URL"
-NAME NSS_OID_NS_CERT_EXT_CA_CERT_URL
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.1.7
-TAG renewal-url
-EXPL "Certificate Renewal URL"
-NAME NSS_OID_NS_CERT_EXT_CERT_RENEWAL_URL
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.8
-TAG ca-policy-url
-EXPL "Certificate Authority Policy URL"
-NAME NSS_OID_NS_CERT_EXT_CA_POLICY_URL
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.9
-TAG homepage-url
-EXPL "Certificate Homepage URL"
-NAME NSS_OID_NS_CERT_EXT_HOMEPAGE_URL
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.1.10
-TAG entity-logo
-EXPL "Certificate Entity Logo"
-NAME NSS_OID_NS_CERT_EXT_ENTITY_LOGO
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.1.11
-TAG user-picture
-EXPL "Certificate User Picture"
-NAME NSS_OID_NS_CERT_EXT_USER_PICTURE
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.1.12
-TAG ssl-server-name
-EXPL "Certificate SSL Server Name"
-NAME NSS_OID_NS_CERT_EXT_SSL_SERVER_NAME
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.13
-TAG comment
-EXPL "Certificate Comment"
-NAME NSS_OID_NS_CERT_EXT_COMMENT
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.14
-TAG thayes
-EXPL ""
-NAME NSS_OID_NS_CERT_EXT_THAYES
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.2
-TAG data-type
-EXPL "Netscape Data Types"
-
-OID 2.16.840.1.113730.2.1
-TAG gif
-EXPL "image/gif"
-NAME NSS_OID_NS_TYPE_GIF
-
-OID 2.16.840.1.113730.2.2
-TAG jpeg
-EXPL "image/jpeg"
-NAME NSS_OID_NS_TYPE_JPEG
-
-OID 2.16.840.1.113730.2.3
-TAG url
-EXPL "URL"
-NAME NSS_OID_NS_TYPE_URL
-
-OID 2.16.840.1.113730.2.4
-TAG html
-EXPL "text/html"
-NAME NSS_OID_NS_TYPE_HTML
-
-OID 2.16.840.1.113730.2.5
-TAG cert-sequence
-EXPL "Certificate Sequence"
-NAME NSS_OID_NS_TYPE_CERT_SEQUENCE
-
-OID 2.16.840.1.113730.3
-# The Netscape Directory OID space
-TAG directory
-EXPL "Netscape Directory"
-
-OID 2.16.840.1.113730.4
-TAG policy
-EXPL "Netscape Policy Type OIDs"
-
-OID 2.16.840.1.113730.4.1
-TAG export-approved
-EXPL "Strong Crypto Export Approved"
-NAME NSS_OID_NS_KEY_USAGE_GOVT_APPROVED
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.5
-TAG cert-server
-EXPL "Netscape Certificate Server"
-
-OID 2.16.840.1.113730.5.1
-
-OID 2.16.840.1.113730.5.1.1
-TAG recovery-request
-EXPL "Netscape Cert Server Recovery Request"
-NAME NSS_OID_NETSCAPE_RECOVERY_REQUEST
-
-OID 2.16.840.1.113730.6
-TAG algs
-EXPL "Netscape algorithm OIDs"
-
-OID 2.16.840.1.113730.6.1
-TAG smime-kea
-EXPL "Netscape S/MIME KEA"
-NAME NSS_OID_NETSCAPE_SMIME_KEA
-
-OID 2.16.840.1.113730.7
-TAG name-components
-EXPL "Netscape Name Components"
-
-OID 2.16.840.1.113730.7.1
-TAG nickname
-EXPL "Netscape Nickname"
-NAME NSS_OID_NETSCAPE_NICKNAME
-
-OID 2.16.840.1.113733
-TAG verisign
-EXPL "Verisign"
-
-OID 2.16.840.1.113733.1
-
-OID 2.16.840.1.113733.1.7
-
-OID 2.16.840.1.113733.1.7.1
-
-OID 2.16.840.1.113733.1.7.1.1
-TAG verisign-user-notices
-EXPL "Verisign User Notices"
-NAME NSS_OID_VERISIGN_USER_NOTICES
-
-OID 2.16.840.101
-TAG us-government
-EXPL "US Government (101)"
-
-OID 2.16.840.102
-TAG us-government2
-EXPL "US Government (102)"
-
-OID 2.16.840.11370
-TAG old-netscape
-EXPL "Netscape Communications Corp. (Old)"
-
-OID 2.16.840.11370.1
-TAG ns-cert-ext
-EXPL "Netscape Cert Extensions (Old NS)"
-
-OID 2.16.840.11370.1.1
-TAG netscape-ok
-EXPL "Netscape says this cert is ok (Old NS)"
-NAME NSS_OID_NS_CERT_EXT_NETSCAPE_OK
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.11370.1.2
-TAG issuer-logo
-EXPL "Certificate Issuer Logo (Old NS)"
-NAME NSS_OID_NS_CERT_EXT_ISSUER_LOGO
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.11370.1.3
-TAG subject-logo
-EXPL "Certificate Subject Logo (Old NS)"
-NAME NSS_OID_NS_CERT_EXT_SUBJECT_LOGO
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.11370.2
-TAG ns-file-type
-EXPL "Netscape File Type"
-
-OID 2.16.840.11370.3
-TAG ns-image-type
-EXPL "Netscape Image Type"
-
-OID 2.17
-TAG registration-procedures
-EXPL "Registration procedures"
-
-OID 2.18
-TAG physical-layer-management
-EXPL "Physical layer Management"
-
-OID 2.19
-TAG mheg
-EXPL "MHEG"
-
-OID 2.20
-TAG guls
-EXPL "Generic Upper Layer Security"
-
-OID 2.21
-TAG tls
-EXPL "Transport Layer Security Protocol"
-
-OID 2.22
-TAG nls
-EXPL "Network Layer Security Protocol"
-
-OID 2.23
-TAG organization
-EXPL "International organizations"
diff --git a/security/nss/lib/pki1/pki1.h b/security/nss/lib/pki1/pki1.h
deleted file mode 100644
index 62049efcc..000000000
--- a/security/nss/lib/pki1/pki1.h
+++ /dev/null
@@ -1,3032 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef PKI1_H
-#define PKI1_H
-
-#ifdef DEBUG
-static const char PKI1_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * pki1.h
- *
- * This file contains the prototypes to the non-public NSS routines
- * relating to the PKIX part-1 objects.
- */
-
-#ifndef PKI1T_H
-#include "pki1t.h"
-#endif /* PKI1T_H */
-
-#ifndef NSSPKI1_H
-#include "nsspki1.h"
-#endif /* NSSPKI1_H */
-
-PR_BEGIN_EXTERN_C
-
-/* fgmr 19990505 moved these here from oiddata.h */
-extern const nssAttributeTypeAliasTable nss_attribute_type_aliases[];
-extern const PRUint32 nss_attribute_type_alias_count;
-
-/*
- * NSSOID
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssOID_CreateFromBER -- constructor
- * nssOID_CreateFromUTF8 -- constructor
- * (there is no explicit destructor)
- *
- * nssOID_GetDEREncoding
- * nssOID_GetUTF8Encoding
- *
- * In debug builds, the following non-public calls are also available:
- *
- * nssOID_verifyPointer
- * nssOID_getExplanation
- * nssOID_getTaggedUTF8
- */
-
-/*
- * nssOID_CreateFromBER
- *
- * This routine creates an NSSOID by decoding a BER- or DER-encoded
- * OID. It may return NSS_OID_UNKNOWN upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-nssOID_CreateFromBER
-(
- NSSBER *berOid
-);
-
-extern const NSSError NSS_ERROR_INVALID_BER;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * nssOID_CreateFromUTF8
- *
- * This routine creates an NSSOID by decoding a UTF8 string
- * representation of an OID in dotted-number format. The string may
- * optionally begin with an octothorpe. It may return NSS_OID_UNKNOWN
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-nssOID_CreateFromUTF8
-(
- NSSUTF8 *stringOid
-);
-
-extern const NSSError NSS_ERROR_INVALID_UTF8;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * nssOID_GetDEREncoding
- *
- * This routine returns the DER encoding of the specified NSSOID.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return return null upon error, in
- * which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSOID
- */
-
-NSS_EXTERN NSSDER *
-nssOID_GetDEREncoding
-(
- const NSSOID *oid,
- NSSDER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssOID_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing the dotted-number
- * encoding of the specified NSSOID. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return null upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the dotted-digit encoding of
- * this NSSOID
- */
-
-NSS_EXTERN NSSUTF8 *
-nssOID_GetUTF8Encoding
-(
- const NSSOID *oid,
- NSSArena *arenaOpt
-);
-
-/*
- * nssOID_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid poitner to an NSSOID object,
- * this routine will return PR_SUCCESS. Otherwise, it will put an
- * error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssOID_verifyPointer
-(
- const NSSOID *oid
-);
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-#endif /* DEBUG */
-
-/*
- * nssOID_getExplanation
- *
- * This method is only present in debug builds.
- *
- * This routine will return a static pointer to a UTF8-encoded string
- * describing (in English) the specified OID. The memory pointed to
- * by the return value is not owned by the caller, and should not be
- * freed or modified. Note that explanations are only provided for
- * the OIDs built into the NSS library; there is no way to specify an
- * explanation for dynamically created OIDs. This routine is intended
- * only for use in debugging tools such as "derdump." This routine
- * may return null upon error, in which case it will have placed an
- * error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- *
- * Return value:
- * NULL upon error
- * A static pointer to a readonly, non-caller-owned UTF8-encoded
- * string explaining the specified OID.
- */
-
-#ifdef DEBUG
-NSS_EXTERN const char *
-nssOID_getExplanation
-(
- NSSOID *oid
-);
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-#endif /* DEBUG */
-
-/*
- * nssOID_getTaggedUTF8
- *
- * This method is only present in debug builds.
- *
- * This routine will return a pointer to a caller-owned UTF8-encoded
- * string containing a tagged encoding of the specified OID. Note
- * that OID (component) tags are only provided for the OIDs built
- * into the NSS library; there is no way to specify tags for
- * dynamically created OIDs. This routine is intended for use in
- * debugging tools such as "derdump." If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the tagged encoding of
- * this NSSOID
- */
-
-#ifdef DEBUG
-NSS_EXTERN NSSUTF8 *
-nssOID_getTaggedUTF8
-(
- NSSOID *oid,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-#endif /* DEBUG */
-
-/*
- * NSSATAV
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssATAV_CreateFromBER -- constructor
- * nssATAV_CreateFromUTF8 -- constructor
- * nssATAV_Create -- constructor
- *
- * nssATAV_Destroy
- * nssATAV_GetDEREncoding
- * nssATAV_GetUTF8Encoding
- * nssATAV_GetType
- * nssATAV_GetValue
- * nssATAV_Compare
- * nssATAV_Duplicate
- *
- * In debug builds, the following non-public call is also available:
- *
- * nssATAV_verifyPointer
- */
-
-/*
- * nssATAV_CreateFromBER
- *
- * This routine creates an NSSATAV by decoding a BER- or DER-encoded
- * ATAV. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-nssATAV_CreateFromBER
-(
- NSSArena *arenaOpt,
- const NSSBER *berATAV
-);
-
-/*
- * nssATAV_CreateFromUTF8
- *
- * This routine creates an NSSATAV by decoding a UTF8 string in the
- * "equals" format, e.g., "c=US." If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-nssATAV_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- const NSSUTF8 *stringATAV
-);
-
-/*
- * nssATAV_Create
- *
- * This routine creates an NSSATAV from the specified NSSOID and the
- * specified data. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap.If the specified data length is zero,
- * the data is assumed to be terminated by first zero byte; this allows
- * UTF8 strings to be easily specified. This routine may return NULL
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-nssATAV_Create
-(
- NSSArena *arenaOpt,
- const NSSOID *oid,
- const void *data,
- PRUint32 length
-);
-
-/*
- * nssATAV_Destroy
- *
- * This routine will destroy an ATAV object. It should eventually be
- * called on all ATAVs created without an arena. While it is not
- * necessary to call it on ATAVs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssATAV_Destroy
-(
- NSSATAV *atav
-);
-
-/*
- * nssATAV_GetDEREncoding
- *
- * This routine will DER-encode an ATAV object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSATAV
- */
-
-NSS_EXTERN NSSDER *
-nssATAV_GetDEREncoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-/*
- * nssATAV_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the ATAV in "equals" notation (e.g., "o=Acme").
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the "equals" encoding of the
- * ATAV
- */
-
-NSS_EXTERN NSSUTF8 *
-nssATAV_GetUTF8Encoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-/*
- * nssATAV_GetType
- *
- * This routine returns the NSSOID corresponding to the attribute type
- * in the specified ATAV. This routine may return NSS_OID_UNKNOWN
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An element of enum NSSOIDenum upon success
- */
-
-NSS_EXTERN const NSSOID *
-nssATAV_GetType
-(
- NSSATAV *atav
-);
-
-/*
- * nssATAV_GetValue
- *
- * This routine returns a string containing the attribute value
- * in the specified ATAV. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error upon the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSItem containing the attribute value.
- */
-
-NSS_EXTERN NSSUTF8 *
-nssATAV_GetValue
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-/*
- * nssATAV_Compare
- *
- * This routine compares two ATAVs for equality. For two ATAVs to be
- * equal, the attribute types must be the same, and the attribute
- * values must have equal length and contents. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have set an
- * error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssATAV_Compare
-(
- NSSATAV *atav1,
- NSSATAV *atav2,
- PRBool *equalp
-);
-
-/*
- * nssATAV_Duplicate
- *
- * This routine duplicates the specified ATAV. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new ATAV
- */
-
-NSS_EXTERN NSSATAV *
-nssATAV_Duplicate
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-/*
- * nssATAV_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSATAV object,
- * this routine will return PR_SUCCESS. Otherwise, it will put an
- * error on the error stack and return PR_FAILRUE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssATAV_verifyPointer
-(
- NSSATAV *atav
-);
-#endif /* DEBUG */
-
-/*
- * NSSRDN
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssRDN_CreateFromBER -- constructor
- * nssRDN_CreateFromUTF8 -- constructor
- * nssRDN_Create -- constructor
- * nssRDN_CreateSimple -- constructor
- *
- * nssRDN_Destroy
- * nssRDN_GetDEREncoding
- * nssRDN_GetUTF8Encoding
- * nssRDN_AddATAV
- * nssRDN_GetATAVCount
- * nssRDN_GetATAV
- * nssRDN_GetSimpleATAV
- * nssRDN_Compare
- * nssRDN_Duplicate
- */
-
-/*
- * nssRDN_CreateFromBER
- *
- * This routine creates an NSSRDN by decoding a BER- or DER-encoded
- * RDN. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-nssRDN_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berRDN
-);
-
-/*
- * nssRDN_CreateFromUTF8
- *
- * This routine creates an NSSRDN by decoding an UTF8 string
- * consisting of either a single ATAV in the "equals" format, e.g.,
- * "uid=smith," or one or more such ATAVs in parentheses, e.g.,
- * "(sn=Smith,ou=Sales)." If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-nssRDN_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringRDN
-);
-
-/*
- * nssRDN_Create
- *
- * This routine creates an NSSRDN from one or more NSSATAVs. The
- * final argument to this routine must be NULL. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-nssRDN_Create
-(
- NSSArena *arenaOpt,
- NSSATAV *atav1,
- ...
-);
-
-/*
- * nssRDN_CreateSimple
- *
- * This routine creates a simple NSSRDN from a single NSSATAV. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-nssRDN_CreateSimple
-(
- NSSArena *arenaOpt,
- NSSATAV *atav
-);
-
-/*
- * nssRDN_Destroy
- *
- * This routine will destroy an RDN object. It should eventually be
- * called on all RDNs created without an arena. While it is not
- * necessary to call it on RDNs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * PR_FAILURE upon failure
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssRDN_Destroy
-(
- NSSRDN *rdn
-);
-
-/*
- * nssRDN_GetDEREncoding
- *
- * This routine will DER-encode an RDN object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSRDN
- */
-
-NSS_EXTERN NSSDER *
-nssRDN_GetDEREncoding
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDN_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the RDN. A simple (one-ATAV) RDN will be simply
- * the string representation of that ATAV; a non-simple RDN will be in
- * parenthesised form. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * null upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-nssRDN_GetUTF8Encoding
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDN_AddATAV
- *
- * This routine adds an ATAV to the set of ATAVs in the specified RDN.
- * Remember that RDNs consist of an unordered set of ATAVs. If the
- * RDN was created with a non-null arena argument, that same arena
- * will be used for any additional required memory. If the RDN was
- * created with a NULL arena argument, any additional memory will
- * be obtained from the heap. This routine returns a PRStatus value;
- * it will return PR_SUCCESS upon success, and upon failure it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssRDN_AddATAV
-(
- NSSRDN *rdn,
- NSSATAV *atav
-);
-
-/*
- * nssRDN_GetATAVCount
- *
- * This routine returns the cardinality of the set of ATAVs within
- * the specified RDN. This routine may return 0 upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-nssRDN_GetATAVCount
-(
- NSSRDN *rdn
-);
-
-/*
- * nssRDN_GetATAV
- *
- * This routine returns a pointer to an ATAV that is a member of
- * the set of ATAVs within the specified RDN. While the set of
- * ATAVs within an RDN is unordered, this routine will return
- * distinct values for distinct values of 'i' as long as the RDN
- * is not changed in any way. The RDN may be changed by calling
- * NSSRDN_AddATAV. The value of the variable 'i' is on the range
- * [0,c) where c is the cardinality returned from NSSRDN_GetATAVCount.
- * The caller owns the ATAV the pointer to which is returned. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error upon the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSATAV
- */
-
-NSS_EXTERN NSSATAV *
-nssRDN_GetATAV
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * nssRDN_GetSimpleATAV
- *
- * Most RDNs are actually very simple, with a single ATAV. This
- * routine will return the single ATAV from such an RDN. The caller
- * owns the ATAV the pointer to which is returned. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, including the case where
- * the set of ATAVs in the RDN is nonsingular. Upon error, this
- * routine will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_RDN_NOT_SIMPLE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSATAV
- */
-
-NSS_EXTERN NSSATAV *
-nssRDN_GetSimpleATAV
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDN_Compare
- *
- * This routine compares two RDNs for equality. For two RDNs to be
- * equal, they must have the same number of ATAVs, and every ATAV in
- * one must be equal to an ATAV in the other. (Note that the sets
- * of ATAVs are unordered.) The result of the comparison will be
- * stored at the location pointed to by the "equalp" variable, which
- * must point to a valid PRBool. This routine may return PR_FAILURE
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssRDN_Compare
-(
- NSSRDN *rdn1,
- NSSRDN *rdn2,
- PRBool *equalp
-);
-
-/*
- * nssRDN_Duplicate
- *
- * This routine duplicates the specified RDN. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new RDN
- */
-
-NSS_EXTERN NSSRDN *
-nssRDN_Duplicate
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDNSeq
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssRDNSeq_CreateFromBER -- constructor
- * nssRDNSeq_CreateFromUTF8 -- constructor
- * nssRDNSeq_Create -- constructor
- *
- * nssRDNSeq_Destroy
- * nssRDNSeq_GetDEREncoding
- * nssRDNSeq_GetUTF8Encoding
- * nssRDNSeq_AppendRDN
- * nssRDNSeq_GetRDNCount
- * nssRDNSeq_GetRDN
- * nssRDNSeq_Compare
- * nssRDNSeq_Duplicate
- *
- * nssRDNSeq_EvaluateUTF8 -- not an object method
- */
-
-/*
- * nssRDNSeq_CreateFromBER
- *
- * This routine creates an NSSRDNSeq by decoding a BER- or DER-encoded
- * sequence of RDNs. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-nssRDNSeq_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berRDNSeq
-);
-
-/*
- * nssRDNSeq_CreateFromUTF8
- *
- * This routine creates an NSSRDNSeq by decoding a UTF8 string
- * consisting of a comma-separated sequence of RDNs, such as
- * "(sn=Smith,ou=Sales),o=Acme,c=US." If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-nssRDNSeq_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringRDNSeq
-);
-
-/*
- * nssRDNSeq_Create
- *
- * This routine creates an NSSRDNSeq from one or more NSSRDNs. The
- * final argument to this routine must be NULL. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * NULL upon error
- * A pointero to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-nssRDNSeq_Create
-(
- NSSArena *arenaOpt,
- NSSRDN *rdn1,
- ...
-);
-
-/*
- * nssRDNSeq_Destroy
- *
- * This routine will destroy an RDNSeq object. It should eventually
- * be called on all RDNSeqs created without an arena. While it is not
- * necessary to call it on RDNSeqs created within an arena, it is not
- * an error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssRDNSeq_Destroy
-(
- NSSRDNSeq *rdnseq
-);
-
-/*
- * nssRDNSeq_GetDEREncoding
- *
- * This routine will DER-encode an RDNSeq object. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return null upon error, in which case it will have
- * set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSRDNSeq
- */
-
-NSS_EXTERN NSSDER *
-nssRDNSeq_GetDEREncoding
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDNSeq_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the RDNSeq as a comma-separated sequence of RDNs.
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to the UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-nssRDNSeq_GetUTF8Encoding
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDNSeq_AppendRDN
- *
- * This routine appends an RDN to the end of the existing RDN
- * sequence. If the RDNSeq was created with a non-null arena
- * argument, that same arena will be used for any additional required
- * memory. If the RDNSeq was created with a NULL arena argument, any
- * additional memory will be obtained from the heap. This routine
- * returns a PRStatus value; it will return PR_SUCCESS upon success,
- * and upon failure it will set an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssRDNSeq_AppendRDN
-(
- NSSRDNSeq *rdnseq,
- NSSRDN *rdn
-);
-
-/*
- * nssRDNSeq_GetRDNCount
- *
- * This routine returns the cardinality of the sequence of RDNs within
- * the specified RDNSeq. This routine may return 0 upon error, in
- * which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- *
- * Return value:
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-nssRDNSeq_GetRDNCount
-(
- NSSRDNSeq *rdnseq
-);
-
-/*
- * nssRDNSeq_GetRDN
- *
- * This routine returns a pointer to the i'th RDN in the sequence of
- * RDNs that make up the specified RDNSeq. The sequence begins with
- * the top-level (e.g., "c=US") RDN. The value of the variable 'i'
- * is on the range [0,c) where c is the cardinality returned from
- * NSSRDNSeq_GetRDNCount. The caller owns the RDN the pointer to which
- * is returned. If the optional arena argument is non-null, the memory
- * used will be obtained from that areana; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error upon the error stack. Note
- * that the usual UTF8 representation of RDN Sequences is from last
- * to first.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRDN
- */
-
-NSS_EXTERN NSSRDN *
-nssRDNSeq_GetRDN
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * nssRDNSeq_Compare
- *
- * This routine compares two RDNSeqs for equality. For two RDNSeqs to
- * be equal, they must have the same number of RDNs, and each RDN in
- * one sequence must be equal to the corresponding RDN in the other
- * sequence. The result of the comparison will be stored at the
- * location pointed to by the "equalp" variable, which must point to a
- * valid PRBool. This routine may return PR_FAILURE upon error, in
- * which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssRDNSeq_Compare
-(
- NSSRDNSeq *rdnseq1,
- NSSRDNSeq *rdnseq2,
- PRBool *equalp
-);
-
-/*
- * nssRDNSeq_Duplicate
- *
- * This routine duplicates the specified RDNSeq. If the optional arena
- * argument is non-null, the memory required will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new RDNSeq
- */
-
-NSS_EXTERN NSSRDNSeq *
-nssRDNSeq_Duplicate
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDNSeq_EvaluateUTF8
- *
- * This routine evaluates a UTF8 string, and returns PR_TRUE if the
- * string contains the string representation of an RDNSeq. This
- * routine is used by the (directory) Name routines
- * nssName_CreateFromUTF8 and nssName_EvaluateUTF8 to determine which
- * choice of directory name the string may encode. This routine may
- * return PR_FALSE upon error, but it subsumes that condition under the
- * general "string does not evaluate as an RDNSeq" state, and does not
- * set an error on the error stack.
- *
- * Return value:
- * PR_TRUE if the string represents an RDNSeq
- * PR_FALSE if otherwise
- */
-
-NSS_EXTERN PRBool
-nssRDNSeq_EvaluateUTF8
-(
- NSSUTF8 *str
-);
-
-/*
- * NSSName
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssName_CreateFromBER -- constructor
- * nssName_CreateFromUTF8 -- constructor
- * nssName_Create -- constructor
- *
- * nssName_Destroy
- * nssName_GetDEREncoding
- * nssName_GetUTF8Encoding
- * nssName_GetChoice
- * nssName_GetRDNSequence
- * nssName_GetSpecifiedChoice
- * nssName_Compare
- * nssName_Duplicate
- *
- * nssName_GetUID
- * nssName_GetEmail
- * nssName_GetCommonName
- * nssName_GetOrganization
- * nssName_GetOrganizationalUnits
- * nssName_GetStateOrProvince
- * nssName_GetLocality
- * nssName_GetCountry
- * nssName_GetAttribute
- *
- * nssName_EvaluateUTF8 -- not an object method
- */
-
-/*
- * nssName_CreateFromBER
- *
- * This routine creates an NSSName by decoding a BER- or DER-encoded
- * (directory) Name. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-nssName_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berName
-);
-
-/*
- * nssName_CreateFromUTF8
- *
- * This routine creates an NSSName by decoding a UTF8 string
- * consisting of the string representation of one of the choices of
- * (directory) names. Currently the only choice is an RDNSeq. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. The routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-nssName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringName
-);
-
-/*
- * nssName_Create
- *
- * This routine creates an NSSName with the specified choice of
- * underlying name types. The value of the choice variable must be
- * one of the values of the NSSNameChoice enumeration, and the type
- * of the arg variable must be as specified in the following table:
- *
- * Choice Type
- * ======================== ===========
- * NSSNameChoiceRdnSequence NSSRDNSeq *
- *
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-nssName_Create
-(
- NSSArena *arenaOpt,
- NSSNameChoice choice,
- void *arg
-);
-
-/*
- * nssName_Destroy
- *
- * This routine will destroy a Name object. It should eventually be
- * called on all Names created without an arena. While it is not
- * necessary to call it on Names created within an arena, it is not
- * an error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssName_Destroy
-(
- NSSName *name
-);
-
-/*
- * nssName_GetDEREncoding
- *
- * This routine will DER-encode a name object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSName
- */
-
-NSS_EXTERN NSSDER *
-nssName_GetDEREncoding
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the Name in the format specified by the
- * underlying name choice. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to the UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-nssName_GetUTF8Encoding
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetChoice
- *
- * This routine returns the type of the choice underlying the specified
- * name. The return value will be a member of the NSSNameChoice
- * enumeration. This routine may return NSSNameChoiceInvalid upon
- * error, in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- *
- * Return value:
- * NSSNameChoiceInvalid upon error
- * An other member of the NSSNameChoice enumeration upon success
- */
-
-NSS_EXTERN NSSNameChoice
-nssName_GetChoice
-(
- NSSName *name
-);
-
-/*
- * nssName_GetRDNSequence
- *
- * If the choice underlying the specified NSSName is that of an
- * RDNSequence, this routine will return a pointer to that RDN
- * sequence. Otherwise, this routine will place an error on the
- * error stack, and return NULL. If the optional arena argument is
- * non-null, the memory required will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. The
- * caller owns the returned pointer. This routine may return NULL
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRDNSeq
- */
-
-NSS_EXTERN NSSRDNSeq *
-nssName_GetRDNSequence
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetSpecifiedChoice
- *
- * If the choice underlying the specified NSSName matches the specified
- * choice, a caller-owned pointer to that underlying object will be
- * returned. Otherwise, an error will be placed on the error stack and
- * NULL will be returned. If the optional arena argument is non-null,
- * the memory required will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer, which must be typecast
- */
-
-NSS_EXTERN void *
-nssName_GetSpecifiedChoice
-(
- NSSName *name,
- NSSNameChoice choice,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_Compare
- *
- * This routine compares two Names for equality. For two Names to be
- * equal, they must have the same choice of underlying types, and the
- * underlying values must be equal. The result of the comparison will
- * be stored at the location pointed to by the "equalp" variable, which
- * must point to a valid PRBool. This routine may return PR_FAILURE
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssName_Compare
-(
- NSSName *name1,
- NSSName *name2,
- PRBool *equalp
-);
-
-/*
- * nssName_Duplicate
- *
- * This routine duplicates the specified nssname. If the optional
- * arena argument is non-null, the memory required will be obtained
- * from that arena; otherwise, the memory will be obtained from the
- * heap. This routine may return NULL upon error, in which case it
- * will have placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new NSSName
- */
-
-NSS_EXTERN NSSName *
-nssName_Duplicate
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetUID
- *
- * This routine will attempt to derive a user identifier from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing a UID attribute, the UID will be the value of
- * that attribute. Note that no UID attribute is defined in either
- * PKIX or PKCS#9; rather, this seems to derive from RFC 1274, which
- * defines the type as a caseIgnoreString. We'll return a Directory
- * String. If the optional arena argument is non-null, the memory
- * used will be obtained from that arena; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_UID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String.
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetUID
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetEmail
- *
- * This routine will attempt to derive an email address from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing either a PKIX email address or a PKCS#9 email
- * address, the result will be the value of that attribute. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_EMAIL
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5 String */
-nssName_GetEmail
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetCommonName
- *
- * This routine will attempt to derive a common name from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished Names
- * containing a PKIX Common Name, the result will be that name. If
- * the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetCommonName
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetOrganization
- *
- * This routine will attempt to derive an organisation name from the
- * specified name, if the choices and content of the name permit.
- * If Name consists of a Sequence of Relative Distinguished names
- * containing a PKIX Organization, the result will be the value of
- * that attribute. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. This routine may return NULL upon
- * error, in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ORGANIZATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetOrganization
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetOrganizationalUnits
- *
- * This routine will attempt to derive a sequence of organisational
- * unit names from the specified name, if the choices and content of
- * the name permit. If the Name consists of a Sequence of Relative
- * Distinguished Names containing one or more organisational units,
- * the result will be the values of those attributes. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ORGANIZATIONAL_UNITS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a null-terminated array of UTF8 Strings
- */
-
-NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */
-nssName_GetOrganizationalUnits
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetStateOrProvince
- *
- * This routine will attempt to derive a state or province name from
- * the specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished Names
- * containing a state or province, the result will be the value of
- * that attribute. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. This routine may return NULL upon
- * error, in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_STATE_OR_PROVINCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetStateOrProvince
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetLocality
- *
- * This routine will attempt to derive a locality name from the
- * specified name, if the choices and content of the name permit. If
- * the Name consists of a Sequence of Relative Distinguished names
- * containing a Locality, the result will be the value of that
- * attribute. If the optional arena argument is non-null, the memory
- * used will be obtained from that arena; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_LOCALITY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetLocality
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetCountry
- *
- * This routine will attempt to derive a country name from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing a Country, the result will be the value of
- * that attribute.. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_COUNTRY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */
-nssName_GetCountry
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetAttribute
- *
- * If the specified name consists of a Sequence of Relative
- * Distinguished Names containing an attribute with the specified
- * type, and the actual value of that attribute may be expressed
- * with a Directory String, then the value of that attribute will
- * be returned as a Directory String. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ATTRIBUTE
- * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetAttribute
-(
- NSSName *name,
- NSSOID *attribute,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_EvaluateUTF8
- *
- * This routine evaluates a UTF8 string, and returns PR_TRUE if the
- * string contains the string representation of an NSSName. This
- * routine is used by the GeneralName routine
- * nssGeneralName_CreateFromUTF8 to determine which choice of
- * general name the string may encode. This routine may return
- * PR_FALSE upon error, but it subsumes that condition under the
- * general "string does not evaluate as a Name" state, and does not
- * set an error on the error stack.
- *
- * Return value:
- * PR_TRUE if the string represents a Name
- * PR_FALSE otherwise
- */
-
-NSS_EXTERN PRBool
-nssName_EvaluateUTF8
-(
- NSSUTF8 *str
-);
-
-/*
- * NSSGeneralName
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssGeneralName_CreateFromBER -- constructor
- * nssGeneralName_CreateFromUTF8 -- constructor
- * nssGeneralName_Create -- constructor
- *
- * nssGeneralName_Destroy
- * nssGeneralName_GetDEREncoding
- * nssGeneralName_GetUTF8Encoding
- * nssGeneralName_GetChoice
- * nssGeneralName_GetOtherName
- * nssGeneralName_GetRfc822Name
- * nssGeneralName_GetDNSName
- * nssGeneralName_GetX400Address
- * nssGeneralName_GetDirectoryName
- * nssGeneralName_GetEdiPartyName
- * nssGeneralName_GetUniformResourceIdentifier
- * nssGeneralName_GetIPAddress
- * nssGeneralName_GetRegisteredID
- * nssGeneralName_GetSpecifiedChoice
- * nssGeneralName_Compare
- * nssGeneralName_Duplicate
- *
- * nssGeneralName_GetUID
- * nssGeneralName_GetEmail
- * nssGeneralName_GetCommonName
- * nssGeneralName_GetOrganization
- * nssGeneralName_GetOrganizationalUnits
- * nssGeneralName_GetStateOrProvince
- * nssGeneralName_GetLocality
- * nssGeneralName_GetCountry
- * nssGeneralName_GetAttribute
- */
-
-/*
- * nssGeneralName_CreateFromBER
- *
- * This routine creates an NSSGeneralName by decoding a BER- or DER-
- * encoded general name. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-nssGeneralName_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berGeneralName
-);
-
-/*
- * nssGeneralName_CreateFromUTF8
- *
- * This routine creates an NSSGeneralName by decoding a UTF8 string
- * consisting of the string representation of one of the choices of
- * general names. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The routine may return NULL upon
- * error, in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-nssGeneralName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringGeneralName
-);
-
-/*
- * nssGeneralName_Create
- *
- * This routine creates an NSSGeneralName with the specified choice of
- * underlying name types. The value of the choice variable must be one
- * of the values of the NSSGeneralNameChoice enumeration, and the type
- * of the arg variable must be as specified in the following table:
- *
- * Choice Type
- * ============================================ =========
- * NSSGeneralNameChoiceOtherName
- * NSSGeneralNameChoiceRfc822Name
- * NSSGeneralNameChoiceDNSName
- * NSSGeneralNameChoiceX400Address
- * NSSGeneralNameChoiceDirectoryName NSSName *
- * NSSGeneralNameChoiceEdiPartyName
- * NSSGeneralNameChoiceUniformResourceIdentifier
- * NSSGeneralNameChoiceIPAddress
- * NSSGeneralNameChoiceRegisteredID
- *
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one fo the following values:
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-nssGeneralName_Create
-(
- NSSGeneralNameChoice choice,
- void *arg
-);
-
-/*
- * nssGeneralName_Destroy
- *
- * This routine will destroy a General Name object. It should
- * eventually be called on all General Names created without an arena.
- * While it is not necessary to call it on General Names created within
- * an arena, it is not an error to do so. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * usuccessful, it will set an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * PR_FAILURE upon failure
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssGeneralName_Destroy
-(
- NSSGeneralName *generalName
-);
-
-/*
- * nssGeneralName_GetDEREncoding
- *
- * This routine will DER-encode a name object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSGeneralName
- */
-
-NSS_EXTERN NSSDER *
-nssGeneralName_GetDEREncoding
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the General Name in the format specified by the
- * underlying name choice. If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-nssGeneralName_GetUTF8Encoding
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetChoice
- *
- * This routine returns the type of choice underlying the specified
- * general name. The return value will be a member of the
- * NSSGeneralNameChoice enumeration. This routine may return
- * NSSGeneralNameChoiceInvalid upon error, in which case it will have
- * set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * NSSGeneralNameChoiceInvalid upon error
- * An other member of the NSSGeneralNameChoice enumeration
- */
-
-NSS_EXTERN NSSGeneralNameChoice
-nssGeneralName_GetChoice
-(
- NSSGeneralName *generalName
-);
-
-/*
- * nssGeneralName_GetOtherName
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * Other Name, this routine will return a pointer to that Other name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSOtherName
- */
-
-NSS_EXTERN NSSOtherName *
-nssGeneralName_GetOtherName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetRfc822Name
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * RFC 822 Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRFC822Name
- */
-
-NSS_EXTERN NSSRFC822Name *
-nssGeneralName_GetRfc822Name
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetDNSName
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * DNS Name, this routine will return a pointer to that DNS name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSDNSName
- */
-
-NSS_EXTERN NSSDNSName *
-nssGeneralName_GetDNSName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetX400Address
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * X.400 Address, this routine will return a pointer to that Address.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSX400Address
- */
-
-NSS_EXTERN NSSX400Address *
-nssGeneralName_GetX400Address
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetDirectoryName
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * (directory) Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSName
- */
-
-NSS_EXTERN NSSName *
-nssGeneralName_GetName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetEdiPartyName
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * EDI Party Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSEdiPartyName
- */
-
-NSS_EXTERN NSSEdiPartyName *
-nssGeneralName_GetEdiPartyName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetUniformResourceIdentifier
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * URI, this routine will return a pointer to that URI.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSURI
- */
-
-NSS_EXTERN NSSURI *
-nssGeneralName_GetUniformResourceIdentifier
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetIPAddress
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * IP Address , this routine will return a pointer to that address.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSIPAddress
- */
-
-NSS_EXTERN NSSIPAddress *
-nssGeneralName_GetIPAddress
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetRegisteredID
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * Registered ID, this routine will return a pointer to that ID.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRegisteredID
- */
-
-NSS_EXTERN NSSRegisteredID *
-nssGeneralName_GetRegisteredID
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetSpecifiedChoice
- *
- * If the choice underlying the specified NSSGeneralName matches the
- * specified choice, a caller-owned pointer to that underlying object
- * will be returned. Otherwise, an error will be placed on the error
- * stack and NULL will be returned. If the optional arena argument
- * is non-null, the memory required will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. The caller
- * owns the returned pointer. This routine may return NULL upon
- * error, in which caes it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer, which must be typecast
- */
-
-NSS_EXTERN void *
-nssGeneralName_GetSpecifiedChoice
-(
- NSSGeneralName *generalName,
- NSSGeneralNameChoice choice,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_Compare
- *
- * This routine compares two General Names for equality. For two
- * General Names to be equal, they must have the same choice of
- * underlying types, and the underlying values must be equal. The
- * result of the comparison will be stored at the location pointed
- * to by the "equalp" variable, which must point to a valid PRBool.
- * This routine may return PR_FAILURE upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following value:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssGeneralName_Compare
-(
- NSSGeneralName *generalName1,
- NSSGeneralName *generalName2,
- PRBool *equalp
-);
-
-/*
- * nssGeneralName_Duplicate
- *
- * This routine duplicates the specified General Name. If the optional
- * arena argument is non-null, the memory required will be obtained
- * from that arena; otherwise, the memory will be obtained from the
- * heap. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new NSSGeneralName
- */
-
-NSS_EXTERN NSSGeneralName *
-nssGeneralName_Duplicate
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetUID
- *
- * This routine will attempt to derive a user identifier from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished Names containing a UID
- * attribute, the UID will be the value of that attribute. Note
- * that no UID attribute is defined in either PKIX or PKCS#9;
- * rather, this seems to derive from RFC 1274, which defines the
- * type as a caseIgnoreString. We'll return a Directory String.
- * If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_UID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String.
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetUID
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetEmail
- *
- * This routine will attempt to derive an email address from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing either
- * a PKIX email address or a PKCS#9 email address, the result will
- * be the value of that attribute. If the General Name is an RFC 822
- * Name, the result will be the string form of that name. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_EMAIL
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5String */
-nssGeneralName_GetEmail
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetCommonName
- *
- * This routine will attempt to derive a common name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a PKIX
- * Common Name, the result will be that name. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetCommonName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetOrganization
- *
- * This routine will attempt to derive an organisation name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing an
- * Organization, the result will be the value of that attribute.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ORGANIZATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetOrganization
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetOrganizationalUnits
- *
- * This routine will attempt to derive a sequence of organisational
- * unit names from the specified general name, if the choices and
- * content of the name permit. If the General Name is a (directory)
- * Name consisting of a Sequence of Relative Distinguished names
- * containing one or more organisational units, the result will
- * consist of those units. If the optional arena argument is non-
- * null, the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ORGANIZATIONAL_UNITS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a null-terminated array of UTF8 Strings
- */
-
-NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */
-nssGeneralName_GetOrganizationalUnits
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetStateOrProvince
- *
- * This routine will attempt to derive a state or province name from
- * the specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a state or
- * province, the result will be the value of that attribute. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_STATE_OR_PROVINCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetStateOrProvince
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetLocality
- *
- * This routine will attempt to derive a locality name from
- * the specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a Locality,
- * the result will be the value of that attribute. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_LOCALITY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetLocality
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetCountry
- *
- * This routine will attempt to derive a country name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting of a
- * Sequence of Relative Distinguished names containing a Country, the
- * result will be the value of that attribute. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_COUNTRY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */
-nssGeneralName_GetCountry
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetAttribute
- *
- * If the specified general name is a (directory) name consisting
- * of a Sequence of Relative Distinguished Names containing an
- * attribute with the specified type, and the actual value of that
- * attribute may be expressed with a Directory String, then the
- * value of that attribute will be returned as a Directory String.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ATTRIBUTE
- * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetAttribute
-(
- NSSGeneralName *generalName,
- NSSOID *attribute,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralNameSeq
- *
- * The public "methods" regarding this "object" are:
- *
- * nssGeneralNameSeq_CreateFromBER -- constructor
- * nssGeneralNameSeq_Create -- constructor
- *
- * nssGeneralNameSeq_Destroy
- * nssGeneralNameSeq_GetDEREncoding
- * nssGeneralNameSeq_AppendGeneralName
- * nssGeneralNameSeq_GetGeneralNameCount
- * nssGeneralNameSeq_GetGeneralName
- * nssGeneralNameSeq_Compare
- * nssGeneralnameSeq_Duplicate
- */
-
-/*
- * nssGeneralNameSeq_CreateFromBER
- *
- * This routine creates a general name sequence by decoding a BER-
- * or DER-encoded GeneralNames. If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralNameSeq upon success
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-nssGeneralNameSeq_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berGeneralNameSeq
-);
-
-/*
- * nssGeneralNameSeq_Create
- *
- * This routine creates an NSSGeneralNameSeq from one or more General
- * Names. The final argument to this routine must be NULL. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralNameSeq upon success
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-nssGeneralNameSeq_Create
-(
- NSSArena *arenaOpt,
- NSSGeneralName *generalName1,
- ...
-);
-
-/*
- * nssGeneralNameSeq_Destroy
- *
- * This routine will destroy an NSSGeneralNameSeq object. It should
- * eventually be called on all NSSGeneralNameSeqs created without an
- * arena. While it is not necessary to call it on NSSGeneralNameSeq's
- * created within an arena, it is not an error to do so. This routine
- * returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will set an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssGeneralNameSeq_Destroy
-(
- NSSGeneralNameSeq *generalNameSeq
-);
-
-/*
- * nssGeneralNameSeq_GetDEREncoding
- *
- * This routine will DER-encode an NSSGeneralNameSeq object. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSGeneralNameSeq
- */
-
-NSS_EXTERN NSSDER *
-nssGeneralNameSeq_GetDEREncoding
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralNameSeq_AppendGeneralName
- *
- * This routine appends a General Name to the end of the existing
- * General Name Sequence. If the sequence was created with a non-null
- * arena argument, that same arena will be used for any additional
- * required memory. If the sequence was created with a NULL arena
- * argument, any additional memory will be obtained from the heap.
- * This routine returns a PRStatus value; it will return PR_SUCCESS
- * upon success, and upon failure it will set an error on the error
- * stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure.
- */
-
-NSS_EXTERN PRStatus
-nssGeneralNameSeq_AppendGeneralName
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSGeneralName *generalName
-);
-
-/*
- * nssGeneralNameSeq_GetGeneralNameCount
- *
- * This routine returns the cardinality of the specified General name
- * Sequence. This routine may return 0 upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- *
- * Return value;
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-nssGeneralNameSeq_GetGeneralNameCount
-(
- NSSGeneralNameSeq *generalNameSeq
-);
-
-/*
- * nssGeneralNameSeq_GetGeneralName
- *
- * This routine returns a pointer to the i'th General Name in the
- * specified General Name Sequence. The value of the variable 'i' is
- * on the range [0,c) where c is the cardinality returned from
- * NSSGeneralNameSeq_GetGeneralNameCount. The caller owns the General
- * Name the pointer to which is returned. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have set
- * an error upon the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to a General Name.
- */
-
-NSS_EXTERN NSSGeneralName *
-nssGeneralNameSeq_GetGeneralName
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * nssGeneralNameSeq_Compare
- *
- * This routine compares two General Name Sequences for equality. For
- * two General Name Sequences to be equal, they must have the same
- * cardinality, and each General Name in one sequence must be equal to
- * the corresponding General Name in the other. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have set an
- * error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssGeneralNameSeq_Compare
-(
- NSSGeneralNameSeq *generalNameSeq1,
- NSSGeneralNameSeq *generalNameSeq2,
- PRBool *equalp
-);
-
-/*
- * nssGeneralNameSeq_Duplicate
- *
- * This routine duplicates the specified sequence of general names. If
- * the optional arena argument is non-null, the memory required will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new General Name Sequence.
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-nssGeneralNameSeq_Duplicate
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt
-);
-
-PR_END_EXTERN_C
-
-#endif /* PKI1_H */
diff --git a/security/nss/lib/pki1/pki1t.h b/security/nss/lib/pki1/pki1t.h
deleted file mode 100644
index de6e5c835..000000000
--- a/security/nss/lib/pki1/pki1t.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef PKI1T_H
-#define PKI1T_H
-
-#ifdef DEBUG
-static const char PKI1T_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * pki1t.h
- *
- * This file contains definitions for the types used in the PKIX part-1
- * code, but not available publicly.
- */
-
-#ifndef BASET_H
-#include "baset.h"
-#endif /* BASET_H */
-
-#ifndef NSSPKI1T_H
-#include "nsspki1t.h"
-#endif /* NSSPKI1T_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * NSSOID
- *
- * This structure is used to hold our internal table of built-in OID
- * data. The fields are as follows:
- *
- * NSSItem data -- this is the actual DER-encoded multinumber oid
- * const char *expl -- this explains the derivation, and is checked
- * in a unit test. While the field always exists,
- * it is only populated or used in debug builds.
- *
- */
-
-struct NSSOIDStr {
-#ifdef DEBUG
- const NSSUTF8 *tag;
- const NSSUTF8 *expl;
-#endif /* DEBUG */
- NSSItem data;
-};
-
-/*
- * nssAttributeTypeAliasTable
- *
- * Attribute types are passed around as oids (at least in the X.500
- * and PKI worlds, as opposed to ldap). However, when written as
- * strings they usually have well-known aliases, e.g., "ou" or "c."
- *
- * This type defines a table, populated in the generated oiddata.c
- * file, of the aliases we recognize.
- *
- * The fields are as follows:
- *
- * NSSUTF8 *alias -- a well-known string alias for an oid
- * NSSOID *oid -- the oid to which the alias corresponds
- *
- */
-
-struct nssAttributeTypeAliasTableStr {
- const NSSUTF8 *alias;
- const NSSOID **oid;
-};
-typedef struct nssAttributeTypeAliasTableStr nssAttributeTypeAliasTable;
-
-PR_END_EXTERN_C
-
-#endif /* PKI1T_H */
diff --git a/security/nss/lib/pki1/rdn.c b/security/nss/lib/pki1/rdn.c
deleted file mode 100644
index f778de22c..000000000
--- a/security/nss/lib/pki1/rdn.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * rdn.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * RelativeDistinguishedName.
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * RelativeDistinguishedName
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * RelativeDistinguishedName ::=
- * SET SIZE (1 .. MAX) OF AttributeTypeAndValue
- *
- * An RDN is merely an (unordered) set of ATAV's. The setSize (that's
- * a noun, not a verb) variable is a "helper" variable kept for
- * convenience.
- */
-
-struct nssRDNStr {
- PRUint32 setSize;
- NSSATAV **atavs;
-};
diff --git a/security/nss/lib/pki1/rdnseq.c b/security/nss/lib/pki1/rdnseq.c
deleted file mode 100644
index bbd4dfe4b..000000000
--- a/security/nss/lib/pki1/rdnseq.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * rdnseq.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * RDNSequence.
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * RDNSequence
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- *
- * An RDNSequence is simply an (ordered) sequence of RDN's. The
- * seqSize variable is a "helper" kept for simplicity.
- */
-
-struct nssRDNSeqStr {
- PRUint32 seqSize;
- NSSRDN **rdns;
-};
diff --git a/security/nss/lib/pkix/doc/name_rules.html b/security/nss/lib/pkix/doc/name_rules.html
deleted file mode 100644
index 70f9dd72e..000000000
--- a/security/nss/lib/pkix/doc/name_rules.html
+++ /dev/null
@@ -1,178 +0,0 @@
-<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
-<!--
- - The contents of this file are subject to the Mozilla Public
- - License Version 1.1 (the "License"); you may not use this file
- - except in compliance with the License. You may obtain a copy of
- - the License at http://www.mozilla.org/MPL/
- -
- - Software distributed under the License is distributed on an "AS
- - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- - implied. See the License for the specific language governing
- - rights and limitations under the License.
- -
- - The Original Code is the Netscape security libraries.
- -
- - The Initial Developer of the Original Code is Netscape
- - Communications Corporation. Portions created by Netscape are
- - Copyright (C) 1994-2000 Netscape Communications Corporation. All
- - Rights Reserved.
- -
- - Contributor(s):
- -
- - Alternatively, the contents of this file may be used under the
- - terms of the GNU General Public License Version 2 or later (the
- - "GPL"), in which case the provisions of the GPL are applicable
- - instead of those above. If you wish to allow use of your
- - version of this file only under the terms of the GPL and not to
- - allow others to use your version of this file under the MPL,
- - indicate your decision by deleting the provisions above and
- - replace them with the notice and other provisions required by
- - the GPL. If you do not delete the provisions above, a recipient
- - may use your version of this file under either the MPL or the
- - GPL.
- -->
-<html>
-<head>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
- <meta name="GENERATOR" content="Mozilla/4.6 [en] (X11; U; IRIX 6.3 IP32) [Netscape]">
-</head>
-<body>
-
-<h1>
-Notes on libpkix name rules</h1>
-&nbsp;
-<h2>
-Types</h2>
-Every type mentioned in RFC 2459 is reflected in libpkix.&nbsp; The type
-names, defined in <tt>nsspkix.h</tt>, are exactly the names used in the
-RFC with the added prefix of ``<tt>NSSPKIX</tt>.''&nbsp; The <tt>PKIX</tt>
-part of the name is to distinguish between these specifically defined types
-and more general reflections that are used in higher-level trust domains,
-crypto contexts, etc.&nbsp; For example, <tt>NSSPKIXCertificate</tt> is
-a type with specific properties defined in RFC 2459, while <tt>NSSCertificate</tt>
-is a general type, not necessarily based on an X.509 certificate, that
-has additional associated information.
-<p>Additionally, libpkix defines some "helper"&nbsp;types, usually when
-a type definition in the RFC&nbsp;was unusually complex.&nbsp; These types
-are prefixed with <tt>NSSPKIX</tt> as above, but the next letter is lowercase.&nbsp;
-Examples of these types include <tt>NSSPKIXrevokedCertificates</tt> and
-<tt>NSSPKIXpolicyMapping</tt>.
-<br>&nbsp;
-<h2>
-Simple types</h2>
-Many types used in or defined by RFC 2459 have more-or-less equivalent
-``natural'' types.&nbsp; These include <tt>BOOLEAN</tt>, <tt>INTEGER</tt>,
-the string types, and the date types.
-<p><tt>BOOLEAN</tt> values are always automatically converted to and from
-<tt>PRBool</tt> types.
-<p><tt>INTEGER</tt> types are used in two ways: as a ``small integer,''
-typically a quantity, and as an identification value (e.g., the serial
-number of a certificate).&nbsp; In the former situation, the RFC usually
-states that the values may be limited by the application to some value.&nbsp;
-We reflect these integers as <tt>PRInt32</tt> values, which is limited
-to about two billion.&nbsp; (The reason an unsigned integer wasn't used
-is that we use -1 as an error value; while admittedly reserving one half
-of the number space merely to indicate an error is perhaps wasteful, reducing
-the count limit from four billion to two isn't that unreasonable.)&nbsp;
-``Large integer'' uses are reflected as <tt>NSSItem</tt>s.
-<p>String types -- even complicated <tt>CHOICE</tt>s of strings -- are
-always converted to and from <tt>NSSUTF8</tt> strings.&nbsp; Most of the
-string types can handle any UTF-8 string; the few that don't will check
-the <tt>NSSUTF8</tt> string for invalid characters and return an error
-if any are found.
-<p>Date types are always converted to and from <tt>PRTime</tt> values.
-<font color="#FF0000">***FGMR*** or whatever.</font><font color="#000000">&nbsp;
-The RFC-defined types may contain values that may not be represented as
-<tt>PRTime</tt>s; when conversion of such a value is attempted, the error
-<tt>NSS_ERROR_VALUE_OUT_OF_RANGE</tt> will be returned.&nbsp; However,
-types that contain time values have comparator methods defined, so that
-valid comparisons may be made, even if the time is out of the range of
-<tt>PRTime</tt>.</font>
-<br><font color="#000000"></font>&nbsp;
-<h2>
-<font color="#000000">Function names</font></h2>
-<font color="#000000">All function names are created by catenating the
-type name, an underscore, and the name of a method defined on that type.&nbsp;
-In some situations, this does create rather long function names; however,
-since these are usually assocated with the more obscure types, we felt
-that sticking to a common naming system was preferable to inventing new
-names.&nbsp; (The Principle of Least Surprise.)</font>
-<br><font color="#000000"></font>&nbsp;
-<h2>
-<font color="#000000">Universal methods</font></h2>
-<font color="#000000">Every type has a few standard methods:</font>
-<ul>
-<li>
-<tt><font color="#000000">&lt;typename>_CreateFromBER</font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Create</font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Destroy</font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_GetDEREncoding</font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Equal</font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Duplicate</font></tt></li>
-</ul>
-<font color="#000000">For types for which a BER encoding can be created
-which is not the DER&nbsp;encoding, there is a method <tt>&lt;typename>_GetBEREncoding</tt>.</font>
-<br><font color="#000000"></font>&nbsp;
-<h2>
-<font color="#000000">Accessors</font></h2>
-<font color="#000000">Simple accessor method names are constructed with
-``<tt>Get</tt>'' and ``<tt>Set</tt>'' followed by the field name:</font>
-<ul>
-<li>
-<tt><font color="#000000">&lt;typename>_Get&lt;fieldname></font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Set&lt;fieldname></font></tt></li>
-</ul>
-<font color="#000000">Optional fields also have ``<tt>Has</tt>'' and ``<tt>Remove</tt>''
-methods, constructed in the same way.</font>
-<br><font color="#000000"></font>&nbsp;
-<h2>
-<font color="#000000">Sequences</font></h2>
-<font color="#000000">Sequences have the following accessors:</font>
-<ul>
-<li>
-<tt><font color="#000000">&lt;typename>_Get&lt;name>Count</font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Get&lt;name>s</font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Set&lt;name>s</font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Get&lt;name></font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Set&lt;name></font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Append&lt;name></font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Insert&lt;name></font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Remove&lt;name></font></tt></li>
-
-<li>
-<tt><font color="#000000">&lt;typename>_Find&lt;name></font></tt></li>
-</ul>
-<font color="#000000">Sets (unordered sequences) replace the <tt>Append</tt>
-and <tt>Insert</tt> methods with <tt>Add</tt>.&nbsp; The plural Get and
-Set methods operate on arrays of the subtype.</font>
-<br><font color="#000000"></font>&nbsp;
-<br><font color="#000000"></font>&nbsp;
-<br><font color="#000000"></font>&nbsp;
-</body>
-</html>
diff --git a/security/nss/lib/pkix/include/nsspkix.h b/security/nss/lib/pkix/include/nsspkix.h
deleted file mode 100644
index 6e55be3a9..000000000
--- a/security/nss/lib/pkix/include/nsspkix.h
+++ /dev/null
@@ -1,24377 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSPKIX_H
-#define NSSPKIX_H
-
-#ifdef DEBUG
-static const char NSSPKIX_CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nsspkix.h
- *
- * This file contains the prototypes for the public methods defined
- * for the PKIX part-1 objects.
- */
-
-#ifndef NSSPKIXT_H
-#include "nsspkixt.h"
-#endif /* NSSPKIXT_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * Attribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Attribute ::= SEQUENCE {
- * type AttributeType,
- * values SET OF AttributeValue
- * -- at least one value is required -- }
- *
- * The public calls for the type:
- *
- * NSSPKIXAttribute_Decode
- * NSSPKIXAttribute_Create
- * NSSPKIXAttribute_CreateFromArray
- * NSSPKIXAttribute_Destroy
- * NSSPKIXAttribute_Encode
- * NSSPKIXAttribute_GetType
- * NSSPKIXAttribute_SetType
- * NSSPKIXAttribute_GetValueCount
- * NSSPKIXAttribute_GetValues
- * NSSPKIXAttribute_SetValues
- * NSSPKIXAttribute_GetValue
- * NSSPKIXAttribute_SetValue
- * NSSPKIXAttribute_AddValue
- * NSSPKIXAttribute_RemoveValue
- * NSSPKIXAttribute_FindValue
- * NSSPKIXAttribute_Equal
- * NSSPKIXAttribute_Duplicate
- *
- */
-
-/*
- * NSSPKIXAttribute_Decode
- *
- * This routine creates an NSSPKIXAttribute by decoding a BER-
- * or DER-encoded Attribute as defined in RFC 2459. This
- * routine may return NULL upon error, in which case it will
- * have created an error stack. If the optional arena argument
- * is non-NULL, that arena will be used for the required memory.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-NSSPKIXAttribute_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXAttribute_Create
- *
- * This routine creates an NSSPKIXAttribute from specified components.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack. If the optional arena argument is non-NULL,
- * that arena will be used for the required memory. There must be at
- * least one attribute value specified. The final argument must be
- * NULL, to indicate the end of the set of attribute values.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-NSSPKIXAttribute_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- NSSPKIXAttributeValue *value1,
- ...
-);
-
-/*
- * NSSPKIXAttribute_CreateFromArray
- *
- * This routine creates an NSSPKIXAttribute from specified components.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack. If the optional arena argument is non-NULL,
- * that arena will be used for the required memory. There must be at
- * least one attribute value specified. The final argument must be
- * NULL, to indicate the end of the set of attribute values.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-NSSPKIXAttribute_CreateFromArray
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- PRUint32 count,
- NSSPKIXAttributeValue values[]
-);
-
-/*
- * NSSPKIXAttribute_Destroy
- *
- * This routine destroys an NSSPKIXAttribute. It should be called on
- * all such objects created without an arena. It does not need to be
- * called for objects created with an arena, but it may be. This
- * routine returns a PRStatus value. Upon error, it will create an
- * error stack and return PR_FAILURE.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAttribute_Destroy
-(
- NSSPKIXAttribute *attribute
-);
-
-/*
- * NSSPKIXAttribute_Encode
- *
- * This routine returns the BER encoding of the specified
- * NSSPKIXAttribute. {usual rules about itemOpt and arenaOpt}
- * This routine indicates an error (NSS_ERROR_INVALID_DATA)
- * if there are no attribute values (i.e., the last one was removed).
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_DATA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXAttribute_Encode
-(
- NSSPKIXAttribute *attribute,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAttribute_GetType
- *
- * This routine returns the attribute type oid of the specified
- * NSSPKIXAttribute.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSPKIXAttributeType pointer upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttributeType *
-NSSPKIXAttribute_GetType
-(
- NSSPKIXAttribute *attribute
-);
-
-/*
- * NSSPKIXAttribute_SetType
- *
- * This routine sets the attribute type oid of the indicated
- * NSSPKIXAttribute to the specified value. Since attributes
- * may be application-defined, no checking can be done on
- * either the correctness of the attribute type oid value nor
- * the suitability of the set of attribute values.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAttribute_SetType
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeType *attributeType
-);
-
-/*
- * NSSPKIXAttribute_GetValueCount
- *
- * This routine returns the number of attribute values present in
- * the specified NSSPKIXAttribute. This routine returns a PRInt32.
- * Upon error, this routine returns -1. This routine indicates an
- * error if the number of values cannot be expressed as a PRInt32.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXAttribute_GetValueCount
-(
- NSSPKIXAttribute *attribute
-);
-
-/*
- * NSSPKIXAttribute_GetValues
- *
- * This routine returns all of the attribute values in the specified
- * NSSPKIXAttribute. If the optional pointer to an array of NSSItems
- * is non-null, then that array will be used and returned; otherwise,
- * an array will be allocated and returned. If the limit is nonzero
- * (which is must be if the specified array is nonnull), then an
- * error is indicated if it is smaller than the value count.
- * {arenaOpt}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSItem's upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttributeValue *
-NSSPKIXAttribute_GetValues
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAttribute_SetValues
- *
- * This routine sets all of the values of the specified
- * NSSPKIXAttribute to the values in the specified NSSItem array.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAttribute_SetValues
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue values[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXAttribute_GetValue
- *
- * This routine returns the i'th attribute value of the set of
- * values in the specified NSSPKIXAttribute. Although the set
- * is unordered, an arbitrary ordering will be maintained until
- * the data in the attribute is changed. {usual comments about
- * itemOpt and arenaOpt}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeValue *
-NSSPKIXAttribute_GetValue
-(
- NSSPKIXAttribute *attribute,
- PRInt32 i,
- NSSPKIXAttributeValue *itemOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAttribute_SetValue
- *
- * This routine sets the i'th attribute value {blah blah; copies
- * memory contents over..}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAttribute_SetValue
-(
- NSSPKIXAttribute *attribute,
- PRInt32 i,
- NSSPKIXAttributeValue *value
-);
-
-/*
- * NSSPKIXAttribute_AddValue
- *
- * This routine adds the specified attribute value to the set in
- * the specified NSSPKIXAttribute.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAttribute_AddValue
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue *value
-);
-
-/*
- * NSSPKIXAttribute_RemoveValue
- *
- * This routine removes the i'th attribute value of the set in the
- * specified NSSPKIXAttribute. An attempt to remove the last value
- * will fail.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_AT_MINIMUM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAttribute_RemoveValue
-(
- NSSPKIXAttribute *attribute,
- PRInt32 i
-);
-
-/*
- * NSSPKIXAttribute_FindValue
- *
- * This routine searches the set of attribute values in the specified
- * NSSPKIXAttribute for the provided data. If an exact match is found,
- * then that value's index is returned. If an exact match is not
- * found, -1 is returned. If there is more than one exact match, one
- * index will be returned. {notes about unorderdness of SET, etc}
- * If the index may not be represented as an integer, an error is
- * indicated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXAttribute_FindValue
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue *attributeValue
-);
-
-/*
- * NSSPKIXAttribute_Equal
- *
- * This routine compares two NSSPKIXAttribute's for equality.
- * It returns PR_TRUE if they are equal, PR_FALSE otherwise.
- * This routine also returns PR_FALSE upon error; if you're
- * that worried about it, check for an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXAttribute_Equal
-(
- NSSPKIXAttribute *one,
- NSSPKIXAttribute *two,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXAttribute_Duplicate
- *
- * This routine duplicates an NSSPKIXAttribute. {arenaOpt}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-NSSPKIXAttribute_Duplicate
-(
- NSSPKIXAttribute *attribute,
- NSSArena *arenaOpt
-);
-
-/*
- * AttributeTypeAndValue
- *
- * This structure contains an attribute type (indicated by an OID),
- * and the type-specific value. RelativeDistinguishedNames consist
- * of a set of these. These are distinct from Attributes (which have
- * SET of values), from AttributeDescriptions (which have qualifiers
- * on the types), and from AttributeValueAssertions (which assert a
- * a value comparison under some matching rule).
- *
- * From RFC 2459:
- *
- * AttributeTypeAndValue ::= SEQUENCE {
- * type AttributeType,
- * value AttributeValue }
- *
- * The public calls for the type:
- *
- * NSSPKIXAttributeTypeAndValue_Decode
- * NSSPKIXAttributeTypeAndValue_CreateFromUTF8
- * NSSPKIXAttributeTypeAndValue_Create
- * NSSPKIXAttributeTypeAndValue_Destroy
- * NSSPKIXAttributeTypeAndValue_Encode
- * NSSPKIXAttributeTypeAndValue_GetUTF8Encoding
- * NSSPKIXAttributeTypeAndValue_GetType
- * NSSPKIXAttributeTypeAndValue_SetType
- * NSSPKIXAttributeTypeAndValue_GetValue
- * NSSPKIXAttributeTypeAndValue_SetValue
- * NSSPKIXAttributeTypeAndValue_Equal
- * NSSPKIXAttributeTypeAndValue_Duplicate
- */
-
-/*
- * NSSPKIXAttributeTypeAndValue_Decode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue *
-NSSPKIXAttributeTypeAndValue_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXAttributeTypeAndValue_CreateFromUTF8
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue *
-NSSPKIXAttributeTypeAndValue_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-);
-
-/*
- * NSSPKIXAttributeTypeAndValue_Create
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue *
-NSSPKIXAttributeTypeAndValue_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- NSSPKIXAttributeValue *value
-);
-
-/*
- * NSSPKIXAttributeTypeAndValue_Destroy
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAttributeTypeAndValue_Destroy
-(
- NSSPKIXAttributeTypeAndValue *atav
-);
-
-/*
- * NSSPKIXAttributeTypeAndValue_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXAttributeTypeAndValue_Encode
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAttributeTypeAndValue_GetUTF8Encoding
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXAttributeTypeAndValue_GetUTF8Encoding
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAttributeTypeAndValue_GetType
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSPKIXAttributeType pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeType *
-NSSPKIXAttributeTypeAndValue_GetType
-(
- NSSPKIXAttributeTypeAndValue *atav
-);
-
-/*
- * NSSPKIXAttributeTypeAndValue_SetType
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAttributeTypeAndValue_SetType
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeType *attributeType
-);
-
-/*
- * NSSPKIXAttributeTypeAndValue_GetValue
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSAttributeValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeValue *
-NSSPKIXAttributeTypeAndValue_GetValue
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeValue *itemOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAttributeTypeAndValue_SetValue
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAttributeTypeAndValue_SetValue
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeValue *value
-);
-
-/*
- * NSSPKIXAttributeTypeAndValue_Equal
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXAttributeTypeAndValue_Equal
-(
- NSSPKIXAttributeTypeAndValue *atav1,
- NSSPKIXAttributeTypeAndValue *atav2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXAttributeTypeAndValue_Duplicate
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue *
-NSSPKIXAttributeTypeAndValue_Duplicate
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSArena *arenaOpt
-);
-
-/*
- * X520Name
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520name ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-name)),
- * printableString PrintableString (SIZE (1..ub-name)),
- * universalString UniversalString (SIZE (1..ub-name)),
- * utf8String UTF8String (SIZE (1..ub-name)),
- * bmpString BMPString (SIZE(1..ub-name)) }
- *
- * ub-name INTEGER ::= 32768
- *
- * The public calls for this type:
- *
- * NSSPKIXX520Name_Decode
- * NSSPKIXX520Name_CreateFromUTF8
- * NSSPKIXX520Name_Create (?)
- * NSSPKIXX520Name_Destroy
- * NSSPKIXX520Name_Encode
- * NSSPKIXX520Name_GetUTF8Encoding
- * NSSPKIXX520Name_Equal
- * NSSPKIXX520Name_Duplicate
- *
- * The public data for this type:
- *
- * NSSPKIXX520Name_MAXIMUM_LENGTH
- *
- */
-
-/*
- * NSSPKIXX520Name_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520Name *
-NSSPKIXX520Name_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXX520Name_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520Name *
-NSSPKIXX520Name_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXX520Name_Create
- *
- * XXX fgmr: currently nssStringType is a private type. Thus,
- * this public method should not exist. I'm leaving this here
- * to remind us later what we want to decide.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING_TYPE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-/*
- * NSS_EXTERN NSSPKIXX520Name *
- * NSSPKIXX520Name_Create
- * (
- * NSSArena *arenaOpt,
- * nssStringType type,
- * NSSItem *data
- * );
- */
-
-/*
- * NSSPKIXX520Name_Destroy
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX520Name_Destroy
-(
- NSSPKIXX520Name *name
-);
-
-/*
- * NSSPKIXX520Name_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX520Name_Encode
-(
- NSSPKIXX520Name *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXX520Name_GetUTF8Encoding
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXX520Name_GetUTF8Encoding
-(
- NSSPKIXX520Name *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXX520Name_Equal
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXX520Name_Equal
-(
- NSSPKIXX520Name *name1,
- NSSPKIXX520Name *name2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXX520Name_Duplicate
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520Name *
-NSSPKIXX520Name_Duplicate
-(
- NSSPKIXX520Name *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXX520Name_MAXIMUM_LENGTH
- *
- * From RFC 2459:
- *
- * ub-name INTEGER ::= 32768
- */
-
-extern const PRUint32 NSSPKIXX520Name_MAXIMUM_LENGTH;
-
-/*
- * X520CommonName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520CommonName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-common-name)),
- * printableString PrintableString (SIZE (1..ub-common-name)),
- * universalString UniversalString (SIZE (1..ub-common-name)),
- * utf8String UTF8String (SIZE (1..ub-common-name)),
- * bmpString BMPString (SIZE(1..ub-common-name)) }
- *
- * ub-common-name INTEGER ::= 64
- *
- * The public calls for this type:
- *
- * NSSPKIXX520CommonName_Decode
- * NSSPKIXX520CommonName_CreateFromUTF8
- * NSSPKIXX520CommonName_Create (?)
- * NSSPKIXX520CommonName_Destroy
- * NSSPKIXX520CommonName_Encode
- * NSSPKIXX520CommonName_GetUTF8Encoding
- * NSSPKIXX520CommonName_Equal
- * NSSPKIXX520CommonName_Duplicate
- *
- * The public data for this type:
- *
- * NSSPKIXX520CommonName_MAXIMUM_LENGTH
- *
- */
-
-/*
- * NSSPKIXX520CommonName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520CommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520CommonName *
-NSSPKIXX520CommonName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXX520CommonName_Create
- *
- * XXX fgmr: currently nssStringType is a private type. Thus,
- * this public method should not exist. I'm leaving this here
- * to remind us later what we want to decide.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING_TYPE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520CommonName upon success
- * NULL upon failure
- */
-
-/*
- * NSS_EXTERN NSSPKIXX520CommonName *
- * NSSPKIXX520CommonName_Create
- * (
- * NSSArena *arenaOpt,
- * nssStringType type,
- * NSSItem *data
- * );
- */
-
-/*
- * NSSPKIXX520CommonName_Destroy
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_COMMON_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX520CommonName_Destroy
-(
- NSSPKIXX520CommonName *name
-);
-
-/*
- * NSSPKIXX520CommonName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520CommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520CommonName *
-NSSPKIXX520CommonName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXX520CommonName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX520CommonName_Encode
-(
- NSSPKIXX520CommonName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXX520CommonName_GetUTF8Encoding
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXX520CommonName_GetUTF8Encoding
-(
- NSSPKIXX520CommonName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXX520CommonName_Equal
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_COMMON_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXX520CommonName_Equal
-(
- NSSPKIXX520CommonName *name1,
- NSSPKIXX520CommonName *name2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXX520CommonName_Duplicate
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520CommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520CommonName *
-NSSPKIXX520CommonName_Duplicate
-(
- NSSPKIXX520CommonName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXX520CommonName_MAXIMUM_LENGTH
- *
- * From RFC 2459:
- *
- * ub-common-name INTEGER ::= 64
- */
-
-extern const PRUint32 NSSPKIXX520CommonName_MAXIMUM_LENGTH;
-
-/*
- * X520LocalityName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520LocalityName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-locality-name)),
- * printableString PrintableString (SIZE (1..ub-locality-name)),
- * universalString UniversalString (SIZE (1..ub-locality-name)),
- * utf8String UTF8String (SIZE (1..ub-locality-name)),
- * bmpString BMPString (SIZE(1..ub-locality-name)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXX520LocalityName_Decode
- * NSSPKIXX520LocalityName_CreateFromUTF8
- * NSSPKIXX520LocalityName_Encode
- *
- */
-
-/*
- * NSSPKIXX520LocalityName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520LocalityName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520LocalityName *
-NSSPKIXX520LocalityName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXX520LocalityName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520LocalityName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520LocalityName *
-NSSPKIXX520LocalityName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXX520LocalityName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX520LocalityName_Encode
-(
- NSSPKIXX520LocalityName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520StateOrProvinceName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520StateOrProvinceName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-state-name)),
- * printableString PrintableString (SIZE (1..ub-state-name)),
- * universalString UniversalString (SIZE (1..ub-state-name)),
- * utf8String UTF8String (SIZE (1..ub-state-name)),
- * bmpString BMPString (SIZE(1..ub-state-name)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXX520StateOrProvinceName_Decode
- * NSSPKIXX520StateOrProvinceName_CreateFromUTF8
- * NSSPKIXX520StateOrProvinceName_Encode
- *
- */
-
-/*
- * NSSPKIXX520StateOrProvinceName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520StateOrProvinceName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520StateOrProvinceName *
-NSSPKIXX520StateOrProvinceName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXX520StateOrProvinceName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520StateOrProvinceName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520StateOrProvinceName *
-NSSPKIXX520StateOrProvinceName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXX520StateOrProvinceName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX520StateOrProvinceName_Encode
-(
- NSSPKIXX520StateOrProvinceName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520OrganizationName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520OrganizationName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-organization-name)),
- * printableString PrintableString (SIZE (1..ub-organization-name)),
- * universalString UniversalString (SIZE (1..ub-organization-name)),
- * utf8String UTF8String (SIZE (1..ub-organization-name)),
- * bmpString BMPString (SIZE(1..ub-organization-name)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXX520OrganizationName_Decode
- * NSSPKIXX520OrganizationName_CreateFromUTF8
- * NSSPKIXX520OrganizationName_Encode
- *
- */
-
-/*
- * NSSPKIXX520OrganizationName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520OrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520OrganizationName *
-NSSPKIXX520OrganizationName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXX520OrganizationName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520OrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520OrganizationName *
-NSSPKIXX520OrganizationName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXX520OrganizationName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX520OrganizationName_Encode
-(
- NSSPKIXX520OrganizationName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520OrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520OrganizationalUnitName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-organizational-unit-name)),
- * printableString PrintableString
- * (SIZE (1..ub-organizational-unit-name)),
- * universalString UniversalString
- * (SIZE (1..ub-organizational-unit-name)),
- * utf8String UTF8String (SIZE (1..ub-organizational-unit-name)),
- * bmpString BMPString (SIZE(1..ub-organizational-unit-name)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXX520OrganizationalUnitName_Decode
- * NSSPKIXX520OrganizationalUnitName_CreateFromUTF8
- * NSSPKIXX520OrganizationalUnitName_Encode
- *
- */
-
-/*
- * NSSPKIXX520OrganizationalUnitName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520OrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520OrganizationalUnitName *
-NSSPKIXX520OrganizationalUnitName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXX520OrganizationalUnitName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520OrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520OrganizationalUnitName *
-NSSPKIXX520OrganizationalUnitName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXX520OrganizationalUnitName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX520OrganizationalUnitName_Encode
-(
- NSSPKIXX520OrganizationalUnitName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520Title
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520Title ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-title)),
- * printableString PrintableString (SIZE (1..ub-title)),
- * universalString UniversalString (SIZE (1..ub-title)),
- * utf8String UTF8String (SIZE (1..ub-title)),
- * bmpString BMPString (SIZE(1..ub-title)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXX520Title_Decode
- * NSSPKIXX520Title_CreateFromUTF8
- * NSSPKIXX520Title_Encode
- *
- */
-
-/*
- * NSSPKIXX520Title_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Title upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520Title *
-NSSPKIXX520Title_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXX520Title_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Title upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520Title *
-NSSPKIXX520Title_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXX520Title_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX520Title_Encode
-(
- NSSPKIXX520Title *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520dnQualifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520dnQualifier ::= PrintableString
- *
- * The public calls for this type:
- *
- * NSSPKIXX520dnQualifier_Decode
- * NSSPKIXX520dnQualifier_CreateFromUTF8
- * NSSPKIXX520dnQualifier_Encode
- *
- */
-
-/*
- * NSSPKIXX520dnQualifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520dnQualifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520dnQualifier *
-NSSPKIXX520dnQualifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXX520dnQualifier_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520dnQualifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520dnQualifier *
-NSSPKIXX520dnQualifier_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXX520dnQualifier_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX520dnQualifier_Encode
-(
- NSSPKIXX520dnQualifier *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520countryName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes
- *
- * The public calls for this type:
- *
- * NSSPKIXX520countryName_Decode
- * NSSPKIXX520countryName_CreateFromUTF8
- * NSSPKIXX520countryName_Encode
- *
- */
-
-/*
- * NSSPKIXX520countryName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520countryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520countryName *
-NSSPKIXX520countryName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXX520countryName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520countryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520countryName *
-NSSPKIXX520countryName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXX520countryName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX520countryName_Encode
-(
- NSSPKIXX520countryName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * Pkcs9email
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
- *
- * The public calls for this type:
- *
- * NSSPKIXPkcs9email_Decode
- * NSSPKIXPkcs9email_CreateFromUTF8
- * NSSPKIXPkcs9email_Encode
- *
- */
-
-/*
- * NSSPKIXPkcs9email_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPkcs9email upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPkcs9email *
-NSSPKIXPkcs9email_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPkcs9email_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPkcs9email upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPkcs9email *
-NSSPKIXPkcs9email_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXPkcs9email_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPkcs9email_Encode
-(
- NSSPKIXPkcs9email *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * Name
- *
- * This structure contains a union of the possible name formats,
- * which at the moment is limited to an RDNSequence.
- *
- * From RFC 2459:
- *
- * Name ::= CHOICE { -- only one possibility for now --
- * rdnSequence RDNSequence }
- *
- * The public calls for this type:
- *
- * NSSPKIXName_Decode
- * NSSPKIXName_CreateFromUTF8
- * NSSPKIXName_Create
- * NSSPKIXName_CreateFromRDNSequence
- * NSSPKIXName_Destroy
- * NSSPKIXName_Encode
- * NSSPKIXName_GetUTF8Encoding
- * NSSPKIXName_GetChoice
- * NSSPKIXName_GetRDNSequence
- * NSSPKIXName_GetSpecifiedChoice {fgmr remove this}
- * NSSPKIXName_SetRDNSequence
- * NSSPKIXName_SetSpecifiedChoice
- * NSSPKIXName_Equal
- * NSSPKIXName_Duplicate
- *
- * (here is where I had specific attribute value gettors in pki1)
- *
- */
-
-/*
- * NSSPKIXName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-NSSPKIXName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXName_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-NSSPKIXName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-);
-
-/*
- * NSSPKIXName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-NSSPKIXName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXNameChoice choice,
- void *arg
-);
-
-/*
- * NSSPKIXName_CreateFromRDNSequence
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-NSSPKIXName_CreateFromRDNSequence
-(
- NSSArena *arenaOpt,
- NSSPKIXRDNSequence *rdnSequence
-);
-
-/*
- * NSSPKIXName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXName_Destroy
-(
- NSSPKIXName *name
-);
-
-/*
- * NSSPKIXName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXName_Encode
-(
- NSSPKIXName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXName_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXName_GetUTF8Encoding
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXName_GetChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * A valid element of the NSSPKIXNameChoice enumeration upon success
- * The value NSSPKIXNameChoice_NSSinvalid (-1) upon error
- */
-
-NSS_EXTERN NSSPKIXNameChoice
-NSSPKIXName_GetChoice
-(
- NSSPKIXName *name
-);
-
-/*
- * NSSPKIXName_GetRDNSequence
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A pointer to a valid NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-NSSPKIXName_GetRDNSequence
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXName_GetSpecifiedChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A valid pointer ...
- * NULL upon failure
- */
-
-NSS_EXTERN void *
-NSSPKIXName_GetSpecifiedChoice
-(
- NSSPKIXName *name,
- NSSPKIXNameChoice choice,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXName_Equal
-(
- NSSPKIXName *name1,
- NSSPKIXName *name2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-NSSPKIXName_Duplicate
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * RDNSequence
- *
- * This structure contains a sequence of RelativeDistinguishedName
- * objects.
- *
- * From RFC 2459:
- *
- * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- *
- * The public calls for this type:
- *
- * NSSPKIXRDNSequence_Decode
- * NSSPKIXRDNSequence_CreateFromUTF8
- * NSSPKIXRDNSequence_Create
- * NSSPKIXRDNSequence_CreateFromArray
- * NSSPKIXRDNSequence_Destroy
- * NSSPKIXRDNSequence_Encode
- * NSSPKIXRDNSequence_GetUTF8Encoding
- * NSSPKIXRDNSequence_GetRelativeDistinguishedNameCount
- * NSSPKIXRDNSequence_GetRelativeDistinguishedNames
- * NSSPKIXRDNSequence_SetRelativeDistinguishedNames
- * NSSPKIXRDNSequence_GetRelativeDistinguishedName
- * NSSPKIXRDNSequence_SetRelativeDistinguishedName
- * NSSPKIXRDNSequence_AppendRelativeDistinguishedName
- * NSSPKIXRDNSequence_InsertRelativeDistinguishedName
- * NSSPKIXRDNSequence_RemoveRelativeDistinguishedName
- * NSSPKIXRDNSequence_FindRelativeDistinguishedName
- * NSSPKIXRDNSequence_Equal
- * NSSPKIXRDNSequence_Duplicate
- *
- */
-
-/*
- * NSSPKIXRDNSequence_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-NSSPKIXRDNSequence_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXRDNSequence_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-NSSPKIXRDNSequence_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-);
-
-/*
- * NSSPKIXRDNSequence_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-NSSPKIXRDNSequence_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXRelativeDistinguishedName *rdn1,
- ...
-);
-
-/*
- * NSSPKIXRDNSequence_CreateFromArray
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-NSSPKIXRDNSequence_Create
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- NSSPKIXRelativeDistinguishedName *rdns[]
-);
-
-/*
- * NSSPKIXRDNSequence_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXRDNSequence_Destroy
-(
- NSSPKIXRDNSequence *rdnseq
-);
-
-/*
- * NSSPKIXRDNSequence_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXRDNSequence_Encode
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXRDNSequence_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXRDNSequence_GetUTF8Encoding
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXRDNSequence_GetRelativeDistinguishedNameCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXRDNSequence_GetRelativeDistinguishedNameCount
-(
- NSSPKIXRDNSequence *rdnseq
-);
-
-/*
- * NSSPKIXRDNSequence_GetRelativeDistinguishedNames
- *
- * This routine returns all of the relative distinguished names in the
- * specified RDN Sequence. {...} If the array is allocated, or if the
- * specified one has extra space, the array will be null-terminated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXRelativeDistinguishedName
- * pointers upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName **
-NSSPKIXRDNSequence_GetRelativeDistinguishedNames
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXRDNSequence_SetRelativeDistinguishedNames
- *
- * -- fgmr comments --
- * If the array pointer itself is null, the set is considered empty.
- * If the count is zero but the pointer nonnull, the array will be
- * assumed to be null-terminated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXRDNSequence_SetRelativeDistinguishedNames
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdns[],
- PRInt32 countOpt
-);
-
-/*
- * NSSPKIXRDNSequence_GetRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-NSSPKIXRDNSequence_GetRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXRDNSequence_SetRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXRDNSequence_SetRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * NSSPKIXRDNSequence_AppendRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXRDNSequence_AppendRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * NSSPKIXRDNSequence_InsertRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXRDNSequence_InsertRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * NSSPKIXRDNSequence_RemoveRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXRDNSequence_RemoveRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i
-);
-
-/*
- * NSSPKIXRDNSequence_FindRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXRDNSequence_FindRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * NSSPKIXRDNSequence_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXRDNSequence_Equal
-(
- NSSPKIXRDNSequence *one,
- NSSPKIXRDNSequence *two,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXRDNSequence_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-NSSPKIXRDNSequence_Duplicate
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * DistinguishedName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DistinguishedName ::= RDNSequence
- *
- * This is just a public typedef; no new methods are required. {fgmr-- right?}
- */
-
-/*
- * RelativeDistinguishedName
- *
- * This structure contains an unordered set of AttributeTypeAndValue
- * objects. RDNs are used to distinguish a set of objects underneath
- * a common object.
- *
- * Often, a single ATAV is sufficient to make a unique distinction.
- * For example, if a company assigns its people unique uid values,
- * then in the Name "uid=smith,ou=People,o=Acme,c=US" the "uid=smith"
- * ATAV by itself forms an RDN. However, sometimes a set of ATAVs is
- * needed. For example, if a company needed to distinguish between
- * two Smiths by specifying their corporate divisions, then in the
- * Name "(cn=Smith,ou=Sales),ou=People,o=Acme,c=US" the parenthesised
- * set of ATAVs forms the RDN.
- *
- * From RFC 2459:
- *
- * RelativeDistinguishedName ::=
- * SET SIZE (1 .. MAX) OF AttributeTypeAndValue
- *
- * The public calls for this type:
- *
- * NSSPKIXRelativeDistinguishedName_Decode
- * NSSPKIXRelativeDistinguishedName_CreateFromUTF8
- * NSSPKIXRelativeDistinguishedName_Create
- * NSSPKIXRelativeDistinguishedName_CreateFromArray
- * NSSPKIXRelativeDistinguishedName_Destroy
- * NSSPKIXRelativeDistinguishedName_Encode
- * NSSPKIXRelativeDistinguishedName_GetUTF8Encoding
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValueCount
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValues
- * NSSPKIXRelativeDistinguishedName_SetAttributeTypeAndValues
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValue
- * NSSPKIXRelativeDistinguishedName_SetAttributeTypeAndValue
- * NSSPKIXRelativeDistinguishedName_AddAttributeTypeAndValue
- * NSSPKIXRelativeDistinguishedName_RemoveAttributeTypeAndValue
- * NSSPKIXRelativeDistinguishedName_FindAttributeTypeAndValue
- * NSSPKIXRelativeDistinguishedName_Equal
- * NSSPKIXRelativeDistinguishedName_Duplicate
- *
- * fgmr: Logical additional functions include
- *
- * NSSPKIXRelativeDistinguishedName_FindAttributeTypeAndValueByType
- * returns PRInt32
- * NSSPKIXRelativeDistinguishedName_FindAttributeTypeAndValuesByType
- * returns array of PRInt32
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValueForType
- * returns NSSPKIXAttributeTypeAndValue
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValuesForType
- * returns array of NSSPKIXAttributeTypeAndValue
- * NSSPKIXRelativeDistinguishedName_GetAttributeValueForType
- * returns NSSPKIXAttributeValue
- * NSSPKIXRelativeDistinguishedName_GetAttributeValuesForType
- * returns array of NSSPKIXAttributeValue
- *
- * NOTE: the "return array" versions are only meaningful if an RDN may
- * contain multiple ATAVs with the same type. Verify in the RFC if
- * this is possible or not. If not, nuke those three functions.
- *
- */
-
-/*
- * NSSPKIXRelativeDistinguishedName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-NSSPKIXRelativeDistinguishedName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-NSSPKIXRelativeDistinguishedName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-NSSPKIXRelativeDistinguishedName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeTypeAndValue *atav1,
- ...
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_CreateFromArray
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-NSSPKIXRelativeDistinguishedName_CreateFromArray
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- NSSPKIXAttributeTypeAndValue *atavs[]
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXRelativeDistinguishedName_Destroy
-(
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXRelativeDistinguishedName_Encode
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXRelativeDistinguishedName_GetUTF8Encoding
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValueCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValueCount
-(
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValues
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXAttributeTypeAndValue
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue **
-NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValues
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_SetAttributeTypeAndValues
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXRelativeDistinguishedName_SetAttributeTypeAndValues
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atavs[],
- PRInt32 countOpt
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue *
-NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_SetAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXRelativeDistinguishedName_SetAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i,
- NSSPKIXAttributeTypeAndValue *atav
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_AddAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXRelativeDistinguishedName_AddAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atav
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_RemoveAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_AT_MINIMUM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXRelativeDistinguishedName_RemoveAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_FindAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXRelativeDistinguishedName_FindAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atav
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXRelativeDistinguishedName_Equal
-(
- NSSPKIXRelativeDistinguishedName *one,
- NSSPKIXRelativeDistinguishedName *two,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXRelativeDistinguishedName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-NSSPKIXRelativeDistinguishedName_Duplicate
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * DirectoryString
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DirectoryString ::= CHOICE {
- * teletexString TeletexString (SIZE (1..MAX)),
- * printableString PrintableString (SIZE (1..MAX)),
- * universalString UniversalString (SIZE (1..MAX)),
- * utf8String UTF8String (SIZE (1..MAX)),
- * bmpString BMPString (SIZE(1..MAX)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXDirectoryString_Decode
- * NSSPKIXDirectoryString_CreateFromUTF8
- * NSSPKIXDirectoryString_Encode
- *
- */
-
-/*
- * NSSPKIXDirectoryString_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDirectoryString upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDirectoryString *
-NSSPKIXDirectoryString_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXDirectoryString_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDirectoryString upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDirectoryString *
-NSSPKIXDirectoryString_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXDirectoryString_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_DIRECTORY_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXDirectoryString_Encode
-(
- NSSPKIXDirectoryString *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * Certificate
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Certificate ::= SEQUENCE {
- * tbsCertificate TBSCertificate,
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING }
- *
- * The public calls for this type:
- *
- * NSSPKIXCertificate_Decode
- * NSSPKIXCertificate_Create
- * NSSPKIXCertificate_Destroy
- * NSSPKIXCertificate_Encode
- * NSSPKIXCertificate_GetTBSCertificate
- * NSSPKIXCertificate_SetTBSCertificate
- * NSSPKIXCertificate_GetAlgorithmIdentifier
- * NSSPKIXCertificate_SetAlgorithmIdentifier
- * NSSPKIXCertificate_GetSignature
- * NSSPKIXCertificate_SetSignature
- * NSSPKIXCertificate_Equal
- * NSSPKIXCertificate_Duplicate
- *
- * { inherit TBSCertificate gettors? }
- *
- */
-
-/*
- * NSSPKIXCertificate_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificate *
-NSSPKIXCertificate_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXCertificate_Create
- *
- * -- fgmr comments --
- * { at this level we'll have to just accept a specified signature }
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_ALGID
- * NSS_ERROR_INVALID_PKIX_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificate *
-NSSPKIXCertificate_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXAlgorithmIdentifier *algID,
- NSSItem *signature
-);
-
-/*
- * NSSPKIXCertificate_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificate_Destroy
-(
- NSSPKIXCertificate *cert
-);
-
-/*
- * NSSPKIXCertificate_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXCertificate_Encode
-(
- NSSPKIXCertificate *cert,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCertificate_GetTBSCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertificate *
-NSSPKIXCertificate_GetTBSCertificate
-(
- NSSPKIXCertificate *cert,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCertificate_SetTBSCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificate_SetTBSCertificate
-(
- NSSPKIXCertificate *cert,
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * NSSPKIXCertificate_GetAlgorithmIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-NSSPKIXCertificate_GetAlgorithmIdentifier
-(
- NSSPKIXCertificate *cert,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCertificate_SetAlgorithmIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificate_SetAlgorithmIdentifier
-(
- NSSPKIXCertificate *cert,
- NSSPKIXAlgorithmIdentifier *algid,
-);
-
-/*
- * NSSPKIXCertificate_GetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-NSSPKIXCertificate_GetSignature
-(
- NSSPKIXCertificate *cert,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCertificate_SetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificate_SetSignature
-(
- NSSPKIXCertificate *cert,
- NSSItem *signature
-);
-
-/*
- * NSSPKIXCertificate_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXCertificate_Equal
-(
- NSSPKIXCertificate *one,
- NSSPKIXCertificate *two,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXCertificate_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificate *
-NSSPKIXCertificate_Duplicate
-(
- NSSPKIXCertificate *cert,
- NSSArena *arenaOpt
-);
-
-/*
- * TBSCertificate
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TBSCertificate ::= SEQUENCE {
- * version [0] Version DEFAULT v1,
- * serialNumber CertificateSerialNumber,
- * signature AlgorithmIdentifier,
- * issuer Name,
- * validity Validity,
- * subject Name,
- * subjectPublicKeyInfo SubjectPublicKeyInfo,
- * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version shall be v2 or v3
- * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version shall be v2 or v3
- * extensions [3] Extensions OPTIONAL
- * -- If present, version shall be v3 -- }
- *
- * The public calls for this type:
- *
- * NSSPKIXTBSCertificate_Decode
- * NSSPKIXTBSCertificate_Create
- * NSSPKIXTBSCertificate_Destroy
- * NSSPKIXTBSCertificate_Encode
- * NSSPKIXTBSCertificate_GetVersion
- * NSSPKIXTBSCertificate_SetVersion
- * NSSPKIXTBSCertificate_GetSerialNumber
- * NSSPKIXTBSCertificate_SetSerialNumber
- * NSSPKIXTBSCertificate_GetSignature
- * NSSPKIXTBSCertificate_SetSignature
- * { inherit algid gettors? }
- * NSSPKIXTBSCertificate_GetIssuer
- * NSSPKIXTBSCertificate_SetIssuer
- * { inherit "helper" issuer gettors? }
- * NSSPKIXTBSCertificate_GetValidity
- * NSSPKIXTBSCertificate_SetValidity
- * { inherit validity accessors }
- * NSSPKIXTBSCertificate_GetSubject
- * NSSPKIXTBSCertificate_SetSubject
- * NSSPKIXTBSCertificate_GetSubjectPublicKeyInfo
- * NSSPKIXTBSCertificate_SetSubjectPublicKeyInfo
- * NSSPKIXTBSCertificate_HasIssuerUniqueID
- * NSSPKIXTBSCertificate_GetIssuerUniqueID
- * NSSPKIXTBSCertificate_SetIssuerUniqueID
- * NSSPKIXTBSCertificate_RemoveIssuerUniqueID
- * NSSPKIXTBSCertificate_HasSubjectUniqueID
- * NSSPKIXTBSCertificate_GetSubjectUniqueID
- * NSSPKIXTBSCertificate_SetSubjectUniqueID
- * NSSPKIXTBSCertificate_RemoveSubjectUniqueID
- * NSSPKIXTBSCertificate_HasExtensions
- * NSSPKIXTBSCertificate_GetExtensions
- * NSSPKIXTBSCertificate_SetExtensions
- * NSSPKIXTBSCertificate_RemoveExtensions
- * { extension accessors }
- * NSSPKIXTBSCertificate_Equal
- * NSSPKIXTBSCertificate_Duplicate
- */
-
-/*
- * NSSPKIXTBSCertificate_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertificate *
-NSSPKIXTBSCertificate_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXTBSCertificate_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_VERSION
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_SERIAL_NUMBER
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ISSUER_NAME
- * NSS_ERROR_INVALID_VALIDITY
- * NSS_ERROR_INVALID_SUBJECT_NAME
- * NSS_ERROR_INVALID_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_ISSUER_UNIQUE_IDENTIFIER
- * NSS_ERROR_INVALID_SUBJECT_UNIQUE_IDENTIFIER
- * NSS_ERROR_INVALID_EXTENSION
- *
- * Return value:
- */
-
-NSS_EXTERN NSSPKIXTBSCertificate *
-NSSPKIXTBSCertificate_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXVersion version,
- NSSPKIXCertificateSerialNumber *serialNumber,
- NSSPKIXAlgorithmIdentifier *signature,
- NSSPKIXName *issuer,
- NSSPKIXValidity *validity,
- NSSPKIXName *subject,
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSPKIXUniqueIdentifier *issuerUniqueID,
- NSSPKIXUniqueIdentifier *subjectUniqueID,
- NSSPKIXExtensions *extensions
-);
-
-/*
- * NSSPKIXTBSCertificate_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_Destroy
-(
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * NSSPKIXTBSCertificate_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXTBSCertificate_Encode
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_GetVersion
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid element of the NSSPKIXVersion enumeration upon success
- * NSSPKIXVersion_NSSinvalid (-1) upon failure
- */
-
-NSS_EXTERN NSSPKIXVersion
-NSSPKIXTBSCertificate_GetVersion
-(
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * NSSPKIXTBSCertificate_SetVersion
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_VERSION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_SetVersion
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXVersion version
-);
-
-/*
- * NSSPKIXTBSCertificate_GetSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateSerialNumber upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateSerialNumber *
-NSSPKIXTBSCertificate_GetSerialNumber
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXCertificateSerialNumber *snOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_SetSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_SetSerialNumber
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXCertificateSerialNumber *sn
-);
-
-/*
- * NSSPKIXTBSCertificate_GetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-NSSPKIXTBSCertificate_GetSignature
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_SetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_SetSignature
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXAlgorithmIdentifier *algID
-);
-
-/*
- * { fgmr inherit algid gettors? }
- */
-
-/*
- * NSSPKIXTBSCertificate_GetIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-NSSPKIXTBSCertificate_GetIssuer
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_SetIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_SetIssuer
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXName *issuer
-);
-
-/*
- * { inherit "helper" issuer gettors? }
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- *
- * Return value:
- */
-
-/*
- * NSSPKIXTBSCertificate_GetValidity
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXValidity upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXValidity *
-NSSPKIXTBSCertificate_GetValidity
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_SetValidity
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_SetValidity
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXValidity *validity
-);
-
-/*
- * { fgmr inherit validity accessors }
- */
-
-/*
- * NSSPKIXTBSCertificate_GetSubject
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-NSSPKIXTBSCertificate_GetSubject
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_SetSubject
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_SetSubject
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXName *subject
-);
-
-/*
- * NSSPKIXTBSCertificate_GetSubjectPublicKeyInfo
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectPublicKeyInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectPublicKeyInfo *
-NSSPKIXTBSCertificate_GetSubjectPublicKeyInfo
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_SetSubjectPublicKeyInfo
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_SetSubjectPublicKeyInfo
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXSubjectPublicKeyInfo *spki
-);
-
-/*
- * NSSPKIXTBSCertificate_HasIssuerUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTBSCertificate_HasIssuerUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_GetIssuerUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_CERT_HAS_NO_ISSUER_UNIQUE_ID
- *
- * Return value:
- * A valid pointer to an NSSPKIXUniqueIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXUniqueIdentifier *
-NSSPKIXTBSCertificate_GetIssuerUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXUniqueIdentifier *uidOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_SetIssuerUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_SetIssuerUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXUniqueIdentifier *uid
-);
-
-/*
- * NSSPKIXTBSCertificate_RemoveIssuerUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_CERT_HAS_NO_ISSUER_UNIQUE_ID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_RemoveIssuerUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * NSSPKIXTBSCertificate_HasSubjectUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTBSCertificate_HasSubjectUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_GetSubjectUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_CERT_HAS_NO_SUBJECT_UNIQUE_ID
- *
- * Return value:
- * A valid pointer to an NSSPKIXUniqueIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXUniqueIdentifier *
-NSSPKIXTBSCertificate_GetSubjectUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXUniqueIdentifier *uidOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_SetSubjectUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_SetSubjectUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXUniqueIdentifier *uid
-);
-
-/*
- * NSSPKIXTBSCertificate_RemoveSubjectUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_CERT_HAS_NO_SUBJECT_UNIQUE_ID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_RemoveSubjectUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * NSSPKIXTBSCertificate_HasExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTBSCertificate_HasExtensions
-(
- NSSPKIXTBSCertificate *tbsCert,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_GetExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_CERT_HAS_NO_EXTENSIONS
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensions upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensions *
-NSSPKIXTBSCertificate_GetExtensions
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_SetExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_SetExtensions
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXExtensions *extensions
-);
-
-/*
- * NSSPKIXTBSCertificate_RemoveExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_CERT_HAS_NO_EXTENSIONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertificate_RemoveExtensions
-(
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * { extension accessors }
- */
-
-/*
- * NSSPKIXTBSCertificate_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTBSCertificate_Equal
-(
- NSSPKIXTBSCertificate *one,
- NSSPKIXTBSCertificate *two,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTBSCertificate_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertificate *
-NSSPKIXTBSCertificate_Duplicate
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * CertificateSerialNumber
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificateSerialNumber ::= INTEGER
- *
- * This is just a typedef'd NSSBER; no methods are required.
- * {fgmr -- the asn.1 stuff should have routines to convert
- * integers to natural types when possible and vv. we can
- * refer to them here..}
- */
-
-/*
- * Validity
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- * The public calls for the type:
- *
- * NSSPKIXValidity_Decode
- * NSSPKIXValidity_Create
- * NSSPKIXValidity_Encode
- * NSSPKIXValidity_Destroy
- * NSSPKIXValidity_GetNotBefore
- * NSSPKIXValidity_SetNotBefore
- * NSSPKIXValidity_GetNotAfter
- * NSSPKIXValidity_SetNotAfter
- * NSSPKIXValidity_Equal
- * NSSPKIXValidity_Compare
- * NSSPKIXValidity_Duplicate
- *
- */
-
-/*
- * NSSPKIXValidity_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXValidity upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXValidity *
-NSSPKIXValidity_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXValidity_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_TIME
- *
- * Return value:
- * A valid pointer to an NSSPKIXValidity upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXValidity *
-NSSPKIXValidity_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXTime notBefore,
- NSSPKIXTime notAfter
-);
-
-/*
- * NSSPKIXValidity_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXValidity_Destroy
-(
- NSSPKIXValidity *validity
-);
-
-/*
- * NSSPKIXValidity_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXValidity_Encode
-(
- NSSPKIXValidity *validity,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXValidity_GetNotBefore
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid NSSPKIXTime upon success
- * {we need to rethink NSSPKIXTime}
- */
-
-NSS_EXTERN NSSPKIXTime
-NSSPKIXValidity_GetNotBefore
-(
- NSSPKIXValidity *validity
-);
-
-/*
- * NSSPKIXValidity_SetNotBefore
- *
- * -- fgmr comments --
- * {do we require that it be before the "notAfter" value?}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_VALUE_TOO_LARGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXValidity_SetNotBefore
-(
- NSSPKIXValidity *validity,
- NSSPKIXTime notBefore
-);
-
-/*
- * NSSPKIXValidity_GetNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid NSSPKIXTime upon success
- * {we need to rethink NSSPKIXTime}
- */
-
-NSS_EXTERN NSSPKIXTime
-NSSPKIXValidity_GetNotAfter
-(
- NSSPKIXValidity *validity
-);
-
-/*
- * NSSPKIXValidity_SetNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_VALUE_TOO_SMALL
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXValidity_SetNotAfter
-(
- NSSPKIXValidity *validity,
- NSSPKIXTime notAfter
-);
-
-/*
- * NSSPKIXValidity_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXValidity_Equal
-(
- NSSPKIXValidity *one,
- NSSPKIXValidity *two,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXValidity_Compare
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- *
- * Return value:
- * 1 if the second is "greater" or later than the first
- * 0 if they are equal
- * -1 if the first is "greater" or later than the first
- * -2 upon failure
- */
-
-NSS_EXTERN PRIntn
-NSSPKIXValidity_Compare
-(
- NSSPKIXValidity *one,
- NSSPKIXValidity *two
-);
-
-/*
- * NSSPKIXValidity_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXValidity upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXValidity *
-NSSPKIXValidity_Duplicate
-(
- NSSPKIXValidity *validity,
- NSSArena *arenaOpt
-);
-
-/*
- * Time
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- *
- * The public calls for the type:
- *
- * NSSPKIXTime_Decode
- * NSSPKIXTime_CreateFromPRTime
- * NSSPKIXTime_CreateFromUTF8
- * NSSPKIXTime_Destroy
- * NSSPKIXTime_Encode
- * NSSPKIXTime_GetPRTime
- * NSSPKIXTime_GetUTF8Encoding
- * NSSPKIXTime_Equal
- * NSSPKIXTime_Duplicate
- * NSSPKIXTime_Compare
- *
- */
-
-/*
- * NSSPKIXTime_Decode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTime upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTime *
-NSSPKIXTime_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXTime_CreateFromPRTime
- *
- */
-
-NSS_EXTERN NSSPKIXTime *
-NSSPKIXTime_CreateFromPRTime
-(
- NSSArena *arenaOpt,
- PRTime prTime
-);
-
-/*
- * NSSPKIXTime_CreateFromUTF8
- *
- */
-
-NSS_EXTERN NSSPKIXTime *
-NSSPKIXTime_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXTime_Destroy
- *
- */
-
-NSS_EXTERN PR_STATUS
-NSSPKIXTime_Destroy
-(
- NSSPKIXTime *time
-);
-
-/*
- * NSSPKIXTime_Encode
- *
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXTime_Encode
-(
- NSSPKIXTime *time,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTime_GetPRTime
- *
- * Returns a zero on error
- */
-
-NSS_EXTERN PRTime
-NSSPKIXTime_GetPRTime
-(
- NSSPKIXTime *time,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTime_GetUTF8Encoding
- *
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKXITime_GetUTF8Encoding
-(
- NSSPKIXTime *time,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTime_Equal
- *
- */
-
-NSS_EXTERN PRBool
-NSSPKXITime_Equal
-(
- NSSPKXITime *time1,
- NSSPKXITime *time2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTime_Duplicate
- *
- */
-
-NSS_EXTERN NSSPKIXTime *
-NSSPKXITime_Duplicate
-(
- NSSPKIXTime *time,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTime_Compare
- *
- * Usual result: -1, 0, 1
- * Returns 0 on error
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXTime_Compare
-(
- NSSPKIXTime *time1,
- NSSPKIXTime *tiem2,
- PRStatus *statusOpt
-);
-
-/*
- * UniqueIdentifier
- *
- * -- fgmr comments --
- * Should we distinguish bitstrings from "regular" items/BERs?
- * It could be another typedef, but with a separate type to help
- * remind users about the factor of 8. OR we could make it a
- * hard type, and require the use of some (trivial) converters.
- *
- * From RFC 2459:
- *
- * UniqueIdentifier ::= BIT STRING
- *
- */
-
-/*
- * SubjectPublicKeyInfo
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- *
- * The public calls for the type:
- *
- * NSSPKIXSubjectPublicKeyInfo_Decode
- * NSSPKIXSubjectPublicKeyInfo_Create
- * NSSPKIXSubjectPublicKeyInfo_Encode
- * NSSPKIXSubjectPublicKeyInfo_Destroy
- * NSSPKIXSubjectPublicKeyInfo_GetAlgorithm
- * NSSPKIXSubjectPublicKeyInfo_SetAlgorithm
- * NSSPKIXSubjectPublicKeyInfo_GetSubjectPublicKey
- * NSSPKIXSubjectPublicKeyInfo_SetSubjectPublicKey
- * NSSPKIXSubjectPublicKeyInfo_Equal
- * NSSPKIXSubjectPublicKeyInfo_Duplicate
- *
- */
-
-/*
- * NSSPKIXSubjectPublicKeyInfo_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectPublicKeyInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectPublicKeyInfo *
-NSSPKIXSubjectPublicKeyInfo_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXSubjectPublicKeyInfo_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectPublicKeyInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectPublicKeyInfo *
-NSSPKIXSubjectPublicKeyInfo_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAlgorithmIdentifier *algid,
- NSSItem *subjectPublicKey
-);
-
-/*
- * NSSPKIXSubjectPublicKeyInfo_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXSubjectPublicKeyInfo_Destroy
-(
- NSSPKIXSubjectPublicKeyInfo *spki
-);
-
-/*
- * NSSPKIXSubjectPublicKeyInfo_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXSubjectPublicKeyInfo_Encode
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXSubjectPublicKeyInfo_GetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-NSSPKIXSubjectPublicKeyInfo_GetAlgorithm
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXSubjectPublicKeyInfo_SetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXSubjectPublicKeyInfo_SetAlgorithm
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSPKIXAlgorithmIdentifier *algid
-);
-
-/*
- * NSSPKIXSubjectPublicKeyInfo_GetSubjectPublicKey
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-NSSPKIXSubjectPublicKeyInfo_GetSubjectPublicKey
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSItem *spkOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXSubjectPublicKeyInfo_SetSubjectPublicKey
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXSubjectPublicKeyInfo_SetSubjectPublicKey
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSItem *spk
-);
-
-/*
- * NSSPKIXSubjectPublicKeyInfo_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXSubjectPublicKeyInfo_Equal
-(
- NSSPKIXSubjectPublicKeyInfo *one,
- NSSPKIXSubjectPublicKeyInfo *two,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXSubjectPublicKeyInfo_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectPublicKeyInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectPublicKeyInfo *
-NSSPKIXSubjectPublicKeyInfo_Duplicate
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSArena *arenaOpt
-);
-
-/*
- * Extensions
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
- *
- */
-
-/* { FGMR } */
-
-/*
- * Extension
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Extension ::= SEQUENCE {
- * extnID OBJECT IDENTIFIER,
- * critical BOOLEAN DEFAULT FALSE,
- * extnValue OCTET STRING }
- *
- */
-
-/* { FGMR } */
-
-/*
- * CertificateList
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificateList ::= SEQUENCE {
- * tbsCertList TBSCertList,
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING }
- *
- * The public calls for the type:
- *
- * NSSPKIXCertificateList_Decode
- * NSSPKIXCertificateList_Create
- * NSSPKIXCertificateList_Encode
- * NSSPKIXCertificateList_Destroy
- * NSSPKIXCertificateList_GetTBSCertList
- * NSSPKIXCertificateList_SetTBSCertList
- * NSSPKIXCertificateList_GetSignatureAlgorithm
- * NSSPKIXCertificateList_SetSignatureAlgorithm
- * NSSPKIXCertificateList_GetSignature
- * NSSPKIXCertificateList_SetSignature
- * NSSPKIXCertificateList_Equal
- * NSSPKIXCertificateList_Duplicate
- *
- */
-
-/*
- * NSSPKIXCertificateList_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateList *
-NSSPKIXCertificateList_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXCertificateList_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateList *
-NSSPKIXCertificateList_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXTBSCertList *tbsCertList,
- NSSPKIXAlgorithmIdentifier *sigAlg,
- NSSItem *signature
-);
-
-/*
- * NSSPKIXCertificateList_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificateList_Destroy
-(
- NSSPKIXCertificateList *certList
-);
-
-/*
- * NSSPKIXCertificateList_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXCertificateList_Encode
-(
- NSSPKIXCertificateList *certList,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCertificateList_GetTBSCertList
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertList *
-NSSPKIXCertificateList_GetTBSCertList
-(
- NSSPKIXCertificateList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCertificateList_SetTBSCertList
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificateList_SetTBSCertList
-(
- NSSPKIXCertificateList *certList,
- NSSPKIXTBSCertList *tbsCertList
-);
-
-/*
- * NSSPKIXCertificateList_GetSignatureAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-NSSPKIXCertificateList_GetSignatureAlgorithm
-(
- NSSPKIXCertificateList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCertificateList_SetSignatureAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificateList_SetSignatureAlgorithm
-(
- NSSPKIXCertificateList *certList,
- NSSPKIXAlgorithmIdentifier *sigAlg
-);
-
-/*
- * NSSPKIXCertificateList_GetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-NSSPKIXCertificateList_GetSignature
-(
- NSSPKIXCertificateList *certList,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCertificateList_SetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificateList_SetSignature
-(
- NSSPKIXCertificateList *certList,
- NSSItem *sig
-);
-
-/*
- * NSSPKIXCertificateList_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXCertificateList_Equal
-(
- NSSPKIXCertificateList *one,
- NSSPKIXCertificateList *two,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXCertificateList_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateList *
-NSSPKIXCertificateList_Duplicate
-(
- NSSPKIXCertificateList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * TBSCertList
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TBSCertList ::= SEQUENCE {
- * version Version OPTIONAL,
- * -- if present, shall be v2
- * signature AlgorithmIdentifier,
- * issuer Name,
- * thisUpdate Time,
- * nextUpdate Time OPTIONAL,
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- * crlExtensions [0] Extensions OPTIONAL
- * -- if present, shall be v2 -- }
- *
- * The public calls for the type:
- *
- * NSSPKIXTBSCertList_Decode
- * NSSPKIXTBSCertList_Create
- * NSSPKIXTBSCertList_Destroy
- * NSSPKIXTBSCertList_Encode
- * NSSPKIXTBSCertList_GetVersion
- * NSSPKIXTBSCertList_SetVersion
- * NSSPKIXTBSCertList_GetSignature
- * NSSPKIXTBSCertList_SetSignature
- * NSSPKIXTBSCertList_GetIssuer
- * NSSPKIXTBSCertList_SetIssuer
- * NSSPKIXTBSCertList_GetThisUpdate
- * NSSPKIXTBSCertList_SetThisUpdate
- * NSSPKIXTBSCertList_HasNextUpdate
- * NSSPKIXTBSCertList_GetNextUpdate
- * NSSPKIXTBSCertList_SetNextUpdate
- * NSSPKIXTBSCertList_RemoveNextUpdate
- * NSSPKIXTBSCertList_GetRevokedCertificates
- * NSSPKIXTBSCertList_SetRevokedCertificates
- * NSSPKIXTBSCertList_HasCrlExtensions
- * NSSPKIXTBSCertList_GetCrlExtensions
- * NSSPKIXTBSCertList_SetCrlExtensions
- * NSSPKIXTBSCertList_RemoveCrlExtensions
- * NSSPKIXTBSCertList_Equal
- * NSSPKIXTBSCertList_Duplicate
- *
- */
-
-/*
- * NSSPKIXTBSCertList_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertList *
-NSSPKIXTBSCertList_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXTBSCertList_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_VERSION
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_PKIX_TIME
- * (something for the times being out of order?)
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertList *
-NSSPKIXTBSCertList_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXVersion version,
- NSSPKIXAlgorithmIdentifier *signature,
- NSSPKIXName *issuer,
- NSSPKIXTime thisUpdate,
- NSSPKIXTime nextUpdateOpt,
- NSSPKIXrevokedCertificates *revokedCerts,
- NSSPKIXExtensions *crlExtensionsOpt
-);
-
-/*
- * NSSPKIXTBSCertList_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertList_Destroy
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * NSSPKIXTBSCertList_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXTBSCertList_Encode
-(
- NSSPKIXTBSCertList *certList,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertList_GetVersion
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid element of the NSSPKIXVersion enumeration upon success
- * NSSPKIXVersion_NSSinvalid (-1) upon failure
- */
-
-NSS_EXTERN NSSPKIXVersion
-NSSPKIXTBSCertList_GetVersion
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * NSSPKIXTBSCertList_SetVersion
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_VERSION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertList_SetVersion
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXVersion version
-);
-
-/*
- * NSSPKIXTBSCertList_GetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-NSSPKIXTBSCertList_GetSignature
-(
- NSSPKIXTBSCertList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertList_SetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertList_SetSignature
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXAlgorithmIdentifier *algid,
-);
-
-/*
- * NSSPKIXTBSCertList_GetIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-NSSPKIXTBSCertList_GetIssuer
-(
- NSSPKIXTBSCertList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertList_SetIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertList_SetIssuer
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXName *issuer
-);
-
-/*
- * NSSPKIXTBSCertList_GetThisUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid NSSPKIXTime upon success
- * {we need to rethink NSSPKIXTime}
- */
-
-NSS_EXTERN NSSPKIXTime
-NSSPKIXTBSCertList_GetThisUpdate
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * NSSPKIXTBSCertList_SetThisUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_VALUE_TOO_LARGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertList_SetThisUpdate
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXTime thisUpdate
-);
-
-/*
- * NSSPKIXTBSCertList_HasNextUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTBSCertList_HasNextUpdate
-(
- NSSPKIXTBSCertList *certList,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTBSCertList_GetNextUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid NSSPKIXTime upon success
- * {we need to rethink NSSPKIXTime}
- */
-
-NSS_EXTERN NSSPKIXTime
-NSSPKIXTBSCertList_GetNextUpdate
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * NSSPKIXTBSCertList_SetNextUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_VALUE_TOO_SMALL
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertList_SetNextUpdate
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXTime nextUpdate
-);
-
-/*
- * NSSPKIXTBSCertList_RemoveNextUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_HAS_NO_NEXT_UPDATE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertList_RemoveNextUpdate
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * NSSPKIXTBSCertList_GetRevokedCertificates
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificates upon succes
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificates *
-NSSPKIXTBSCertList_GetRevokedCertificates
-(
- NSSPKIXTBSCertList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertList_SetRevokedCertificates
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATES
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertList_SetRevokedCertificates
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXrevokedCertificates *revoked
-);
-
-/*
- * NSSPKIXTBSCertList_HasCrlExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTBSCertList_HasCrlExtensions
-(
- NSSPKIXTBSCertList *certList,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTBSCertList_GetCrlExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensions upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensions *
-NSSPKIXTBSCertList_GetCrlExtensions
-(
- NSSPKIXTBSCertList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTBSCertList_SetCrlExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertList_SetCrlExtensions
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXExtensions *extensions
-);
-
-/*
- * NSSPKIXTBSCertList_RemoveCrlExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_HAS_NO_EXTENSIONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTBSCertList_RemoveCrlExtensions
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * NSSPKIXTBSCertList_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTBSCertList_Equal
-(
- NSSPKIXTBSCertList *one,
- NSSPKIXTBSCertList *two,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTBSCertList_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertList *
-NSSPKIXTBSCertList_Duplicate
-(
- NSSPKIXTBSCertList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * revokedCertificates
- *
- * This is a "helper type" to simplify handling of TBSCertList objects.
- *
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- *
- * The public calls for the type:
- *
- * NSSPKIXrevokedCertificates_Decode
- * NSSPKIXrevokedCertificates_Create
- * NSSPKIXrevokedCertificates_Encode
- * NSSPKIXrevokedCertificates_Destroy
- * NSSPKIXrevokedCertificates_GetRevokedCertificateCount
- * NSSPKIXrevokedCertificates_GetRevokedCertificates
- * NSSPKIXrevokedCertificates_SetRevokedCertificates
- * NSSPKIXrevokedCertificates_GetRevokedCertificate
- * NSSPKIXrevokedCertificates_SetRevokedCertificate
- * NSSPKIXrevokedCertificates_InsertRevokedCertificate
- * NSSPKIXrevokedCertificates_AppendRevokedCertificate
- * NSSPKIXrevokedCertificates_RemoveRevokedCertificate
- * NSSPKIXrevokedCertificates_Equal
- * NSSPKIXrevokedCertificates_Duplicate
- *
- */
-
-/*
- * NSSPKIXrevokedCertificates_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificates upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificates *
-NSSPKIXrevokedCertificates_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXrevokedCertificates_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificates upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificates *
-NSSPKIXrevokedCertificates_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXrevokedCertificate *rc1,
- ...
-);
-
-/*
- * NSSPKIXrevokedCertificates_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXrevokedCertificates_Destroy
-(
- NSSPKIXrevokedCertificates *rcs
-);
-
-/*
- * NSSPKIXrevokedCertificates_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXrevokedCertificates_Encode
-(
- NSSPKIXrevokedCertificates *rcs,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXrevokedCertificates_GetRevokedCertificateCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXrevokedCertificates_GetRevokedCertificateCount
-(
- NSSPKIXrevokedCertificates *rcs
-);
-
-/*
- * NSSPKIXrevokedCertificates_GetRevokedCertificates
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXrevokedCertificate pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificate **
-NSSPKIXrevokedCertificates_GetRevokedCertificates
-(
- NSSPKIXrevokedCertificates *rcs,
- NSSPKIXrevokedCertificate *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXrevokedCertificates_SetRevokedCertificates
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXrevokedCertificates_SetRevokedCertificates
-(
- NSSPKIXrevokedCertificates *rcs,
- NSSPKIXrevokedCertificate *rc[],
- PRInt32 countOpt
-);
-
-/*
- * NSSPKIXrevokedCertificates_GetRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificate *
-NSSPKIXrevokedCertificates_GetRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXrevokedCertificates_SetRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXrevokedCertificates_SetRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- PRInt32 i,
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * NSSPKIXrevokedCertificates_InsertRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXrevokedCertificates_InsertRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- PRInt32 i,
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * NSSPKIXrevokedCertificates_AppendRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXrevokedCertificates_AppendRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- PRInt32 i,
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * NSSPKIXrevokedCertificates_RemoveRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXrevokedCertificates_RemoveRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- PRInt32 i
-);
-
-/*
- * NSSPKIXrevokedCertificates_FindRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- *
- * Return value:
- * The index of the specified revoked certificate upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXrevokedCertificates_FindRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * NSSPKIXrevokedCertificates_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXrevokedCertificates_Equal
-(
- NSSPKIXrevokedCertificates *one,
- NSSPKIXrevokedCertificates *two,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXrevokedCertificates_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificates upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificates *
-NSSPKIXrevokedCertificates_Duplicate
-(
- NSSPKIXrevokedCertificates *rcs,
- NSSArena *arenaOpt
-);
-
-/*
- * revokedCertificate
- *
- * This is a "helper type" to simplify handling of TBSCertList objects.
- *
- * SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- *
- * The public calls for this type:
- *
- * NSSPKIXrevokedCertificate_Decode
- * NSSPKIXrevokedCertificate_Create
- * NSSPKIXrevokedCertificate_Encode
- * NSSPKIXrevokedCertificate_Destroy
- * NSSPKIXrevokedCertificate_GetUserCertificate
- * NSSPKIXrevokedCertificate_SetUserCertificate
- * NSSPKIXrevokedCertificate_GetRevocationDate
- * NSSPKIXrevokedCertificate_SetRevocationDate
- * NSSPKIXrevokedCertificate_HasCrlEntryExtensions
- * NSSPKIXrevokedCertificate_GetCrlEntryExtensions
- * NSSPKIXrevokedCertificate_SetCrlEntryExtensions
- * NSSPKIXrevokedCertificate_RemoveCrlEntryExtensions
- * NSSPKIXrevokedCertificate_Equal
- * NSSPKIXrevokedCertificate_Duplicate
- *
- */
-
-
-/*
- * NSSPKIXrevokedCertificate_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificate *
-NSSPKIXrevokedCertificate_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXrevokedCertificate_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_SERIAL_NUMBER
- * NSS_ERROR_INVALID_PKIX_TIME
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificate *
-NSSPKIXrevokedCertificate_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXCertificateSerialNumber *userCertificate,
- NSSPKIXTime *revocationDate,
- NSSPKIXExtensions *crlEntryExtensionsOpt
-);
-
-/*
- * NSSPKIXrevokedCertificate_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXrevokedCertificate_Destroy
-(
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * NSSPKIXrevokedCertificate_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXrevokedCertificate_Encode
-(
- NSSPKIXrevokedCertificate *rc,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXrevokedCertificate_GetUserCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateSerialNumber upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateSerialNumber *
-NSSPKIXrevokedCertificate_GetUserCertificate
-(
- NSSPKIXrevokedCertificate *rc,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXrevokedCertificate_SetUserCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_SERIAL_NUMBER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXrevokedCertificate_SetUserCertificate
-(
- NSSPKIXrevokedCertificate *rc,
- NSSPKIXCertificateSerialNumber *csn
-);
-
-/*
- * NSSPKIXrevokedCertificate_GetRevocationDate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTime upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTime *
-NSSPKIXrevokedCertificate_GetRevocationDate
-(
- NSSPKIXrevokedCertificate *rc,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXrevokedCertificate_SetRevocationDate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_TIME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXrevokedCertificate_SetRevocationDate
-(
- NSSPKIXrevokedCertificate *rc,
- NSSPKIXTime *revocationDate
-);
-
-/*
- * NSSPKIXrevokedCertificate_HasCrlEntryExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXrevokedCertificate_HasCrlEntryExtensions
-(
- NSSPKIXrevokedCertificate *rc,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXrevokedCertificate_GetCrlEntryExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_NO_EXTENSIONS
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensions upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensions *
-NSSPKIXrevokedCertificate_GetCrlEntryExtensions
-(
- NSSPKIXrevokedCertificate *rc,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXrevokedCertificate_SetCrlEntryExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXrevokedCertificate_SetCrlEntryExtensions
-(
- NSSPKIXrevokedCertificate *rc,
- NSSPKIXExtensions *crlEntryExtensions
-);
-
-/*
- * NSSPKIXrevokedCertificate_RemoveCrlEntryExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_EXTENSIONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXrevokedCertificate_RemoveCrlEntryExtensions
-(
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * NSSPKIXrevokedCertificate_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXrevokedCertificate_Equal
-(
- NSSPKIXrevokedCertificate *one,
- NSSPKIXrevokedCertificate *two,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXrevokedCertificate_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificate *
-NSSPKIXrevokedCertificate_Duplicate
-(
- NSSPKIXrevokedCertificate *rc,
- NSSArena *arenaOpt
-);
-
-/*
- * AlgorithmIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * (1988 syntax)
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- * -- contains a value of the type
- * -- registered for use with the
- * -- algorithm object identifier value
- *
- * The public calls for this type:
- *
- * NSSPKIXAlgorithmIdentifier_Decode
- * NSSPKIXAlgorithmIdentifier_Create
- * NSSPKIXAlgorithmIdentifier_Encode
- * NSSPKIXAlgorithmIdentifier_Destroy
- * NSSPKIXAlgorithmIdentifier_GetAlgorithm
- * NSSPKIXAlgorithmIdentifier_SetAlgorithm
- * NSSPKIXAlgorithmIdentifier_GetParameters
- * NSSPKIXAlgorithmIdentifier_SetParameters
- * NSSPKIXAlgorithmIdentifier_Compare
- * NSSPKIXAlgorithmIdentifier_Duplicate
- * { algorithm-specific parameter types and accessors ? }
- *
- */
-
-/*
- * NSSPKIXAlgorithmIdentifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-NSSPKIXAlgorithmIdentifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXAlgorithmIdentifier_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-NSSPKIXAlgorithmIdentifier_Create
-(
- NSSArena *arenaOpt,
- NSSOID *algorithm,
- NSSItem *parameters
-);
-
-/*
- * NSSPKIXAlgorithmIdentifier_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAlgorithmIdentifier_Destroy
-(
- NSSPKIXAlgorithmIdentifier *algid
-);
-
-/*
- * NSSPKIXAlgorithmIdentifier_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXAlgorithmIdentifier_Encode
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAlgorithmIdentifier_GetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSOID pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSOID *
-NSSPKIXAlgorithmIdentifier_GetAlgorithm
-(
- NSSPKIXAlgorithmIdentifier *algid
-);
-
-/*
- * NSSPKIXAlgorithmIdentifier_SetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAlgorithmIdentifier_SetAlgorithm
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSOID *algorithm
-);
-
-/*
- * NSSPKIXAlgorithmIdentifier_GetParameters
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-NSSPKIXAlgorithmIdentifier_GetParameters
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAlgorithmIdentifier_SetParameters
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAlgorithmIdentifier_SetParameters
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSItem *parameters
-);
-
-/*
- * NSSPKIXAlgorithmIdentifier_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXAlgorithmIdentifier_Equal
-(
- NSSPKIXAlgorithmIdentifier *algid1,
- NSSPKIXAlgorithmIdentifier *algid2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXAlgorithmIdentifier_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-NSSPKIXAlgorithmIdentifier_Duplicate
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSArena *arenaOpt
-);
-
-/*
- * { algorithm-specific parameter types and accessors ? }
- */
-
-/*
- * ORAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ORAddress ::= SEQUENCE {
- * built-in-standard-attributes BuiltInStandardAttributes,
- * built-in-domain-defined-attributes
- * BuiltInDomainDefinedAttributes OPTIONAL,
- * -- see also teletex-domain-defined-attributes
- * extension-attributes ExtensionAttributes OPTIONAL }
- * -- The OR-address is semantically absent from the OR-name if the
- * -- built-in-standard-attribute sequence is empty and the
- * -- built-in-domain-defined-attributes and extension-attributes are
- * -- both omitted.
- *
- * The public calls for this type:
- *
- * NSSPKIXORAddress_Decode
- * NSSPKIXORAddress_Create
- * NSSPKIXORAddress_Destroy
- * NSSPKIXORAddress_Encode
- * NSSPKIXORAddress_GetBuiltInStandardAttributes
- * NSSPKIXORAddress_SetBuiltInStandardAttributes
- * NSSPKIXORAddress_HasBuiltInDomainDefinedAttributes
- * NSSPKIXORAddress_GetBuiltInDomainDefinedAttributes
- * NSSPKIXORAddress_SetBuiltInDomainDefinedAttributes
- * NSSPKIXORAddress_RemoveBuiltInDomainDefinedAttributes
- * NSSPKIXORAddress_HasExtensionsAttributes
- * NSSPKIXORAddress_GetExtensionsAttributes
- * NSSPKIXORAddress_SetExtensionsAttributes
- * NSSPKIXORAddress_RemoveExtensionsAttributes
- * NSSPKIXORAddress_Equal
- * NSSPKIXORAddress_Duplicate
- *
- */
-
-/*
- * NSSPKIXORAddress_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXORAddres upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXORAddress *
-NSSPKIXORAddress_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXORAddress_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS_ATTRIBUTES
- *
- * Return value:
- * A valid pointer to an NSSPKIXORAddres upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXORAddress *
-NSSPKIXORAddress_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXBuiltInDomainDefinedAttributes *biddaOpt,
- NSSPKIXExtensionAttributes *eaOpt
-);
-
-/*
- * NSSPKIXORAddress_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXORAddress_Destroy
-(
- NSSPKIXORAddress *ora
-);
-
-/*
- * NSSPKIXORAddress_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXORAddress_Encode
-(
- NSSPKIXORAddress *ora,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXORAddress_GetBuiltInStandardAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInStandardAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInStandardAttributes *
-NSSPKIXORAddress_GetBuiltInStandardAttributes
-(
- NSSPKIXORAddress *ora,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXORAddress_SetBuiltInStandardAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXORAddress_SetBuiltInStandardAttributes
-(
- NSSPKIXORAddress *ora,
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXORAddress_HasBuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXORAddress_HasBuiltInDomainDefinedAttributes
-(
- NSSPKIXORAddress *ora,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXORAddress_GetBuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_NO_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttributes upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttributes *
-NSSPKIXORAddress_GetBuiltInDomainDefinedAttributes
-(
- NSSPKIXORAddress *ora,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXORAddress_SetBuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXORAddress_SetBuiltInDomainDefinedAttributes
-(
- NSSPKIXORAddress *ora,
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXORAddress_RemoveBuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_NO_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXORAddress_RemoveBuiltInDomainDefinedAttributes
-(
- NSSPKIXORAddress *ora
-);
-
-/*
- * NSSPKIXORAddress_HasExtensionsAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXORAddress_HasExtensionsAttributes
-(
- NSSPKIXORAddress *ora,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXORAddress_GetExtensionsAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_NO_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttributes *
-NSSPKIXORAddress_GetExtensionsAttributes
-(
- NSSPKIXORAddress *ora,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXORAddress_SetExtensionsAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXORAddress_SetExtensionsAttributes
-(
- NSSPKIXORAddress *ora,
- NSSPKIXExtensionAttributes *eaOpt
-);
-
-/*
- * NSSPKIXORAddress_RemoveExtensionsAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_NO_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXORAddress_RemoveExtensionsAttributes
-(
- NSSPKIXORAddress *ora
-);
-
-/*
- * NSSPKIXORAddress_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXORAddress_Equal
-(
- NSSPKIXORAddress *ora1,
- NSSPKIXORAddress *ora2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXORAddress_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXORAddres upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXORAddress *
-NSSPKIXORAddress_Duplicate
-(
- NSSPKIXORAddress *ora,
- NSSArena *arenaOpt
-);
-
-/*
- * BuiltInStandardAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInStandardAttributes ::= SEQUENCE {
- * country-name CountryName OPTIONAL,
- * administration-domain-name AdministrationDomainName OPTIONAL,
- * network-address [0] NetworkAddress OPTIONAL,
- * -- see also extended-network-address
- * terminal-identifier [1] TerminalIdentifier OPTIONAL,
- * private-domain-name [2] PrivateDomainName OPTIONAL,
- * organization-name [3] OrganizationName OPTIONAL,
- * -- see also teletex-organization-name
- * numeric-user-identifier [4] NumericUserIdentifier OPTIONAL,
- * personal-name [5] PersonalName OPTIONAL,
- * -- see also teletex-personal-name
- * organizational-unit-names [6] OrganizationalUnitNames OPTIONAL
- * -- see also teletex-organizational-unit-names -- }
- *
- * The public calls for this type:
- *
- * NSSPKIXBuiltInStandardAttributes_Decode
- * NSSPKIXBuiltInStandardAttributes_Create
- * NSSPKIXBuiltInStandardAttributes_Destroy
- * NSSPKIXBuiltInStandardAttributes_Encode
- * NSSPKIXBuiltInStandardAttributes_HasCountryName
- * NSSPKIXBuiltInStandardAttributes_GetCountryName
- * NSSPKIXBuiltInStandardAttributes_SetCountryName
- * NSSPKIXBuiltInStandardAttributes_RemoveCountryName
- * NSSPKIXBuiltInStandardAttributes_HasAdministrationDomainName
- * NSSPKIXBuiltInStandardAttributes_GetAdministrationDomainName
- * NSSPKIXBuiltInStandardAttributes_SetAdministrationDomainName
- * NSSPKIXBuiltInStandardAttributes_RemoveAdministrationDomainName
- * NSSPKIXBuiltInStandardAttributes_HasNetworkAddress
- * NSSPKIXBuiltInStandardAttributes_GetNetworkAddress
- * NSSPKIXBuiltInStandardAttributes_SetNetworkAddress
- * NSSPKIXBuiltInStandardAttributes_RemoveNetworkAddress
- * NSSPKIXBuiltInStandardAttributes_HasTerminalIdentifier
- * NSSPKIXBuiltInStandardAttributes_GetTerminalIdentifier
- * NSSPKIXBuiltInStandardAttributes_SetTerminalIdentifier
- * NSSPKIXBuiltInStandardAttributes_RemoveTerminalIdentifier
- * NSSPKIXBuiltInStandardAttributes_HasPrivateDomainName
- * NSSPKIXBuiltInStandardAttributes_GetPrivateDomainName
- * NSSPKIXBuiltInStandardAttributes_SetPrivateDomainName
- * NSSPKIXBuiltInStandardAttributes_RemovePrivateDomainName
- * NSSPKIXBuiltInStandardAttributes_HasOrganizationName
- * NSSPKIXBuiltInStandardAttributes_GetOrganizationName
- * NSSPKIXBuiltInStandardAttributes_SetOrganizationName
- * NSSPKIXBuiltInStandardAttributes_RemoveOrganizationName
- * NSSPKIXBuiltInStandardAttributes_HasNumericUserIdentifier
- * NSSPKIXBuiltInStandardAttributes_GetNumericUserIdentifier
- * NSSPKIXBuiltInStandardAttributes_SetNumericUserIdentifier
- * NSSPKIXBuiltInStandardAttributes_RemoveNumericUserIdentifier
- * NSSPKIXBuiltInStandardAttributes_HasPersonalName
- * NSSPKIXBuiltInStandardAttributes_GetPersonalName
- * NSSPKIXBuiltInStandardAttributes_SetPersonalName
- * NSSPKIXBuiltInStandardAttributes_RemovePersonalName
- * NSSPKIXBuiltInStandardAttributes_HasOrganizationLUnitNames
- * NSSPKIXBuiltInStandardAttributes_GetOrganizationLUnitNames
- * NSSPKIXBuiltInStandardAttributes_SetOrganizationLUnitNames
- * NSSPKIXBuiltInStandardAttributes_RemoveOrganizationLUnitNames
- * NSSPKIXBuiltInStandardAttributes_Equal
- * NSSPKIXBuiltInStandardAttributes_Duplicate
- *
- */
-
-/*
- * NSSPKIXBuiltInStandardAttributes_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInStandardAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInStandardAttributes *
-NSSPKIXBuiltInStandardAttributes_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_COUNTRY_NAME
- * NSS_ERROR_INVALID_PKIX_ADMINISTRATION_DOMAIN_NAME
- * NSS_ERROR_INVALID_PKIX_NETWORK_ADDRESS
- * NSS_ERROR_INVALID_PKIX_TERMINAL_IDENTIFIER
- * NSS_ERROR_INVALID_PKIX_PRIVATE_DOMAIN_NAME
- * NSS_ERROR_INVALID_PKIX_ORGANIZATION_NAME
- * NSS_ERROR_INVALID_PKIX_NUMERIC_USER_IDENTIFIER
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInStandardAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInStandardAttributes *
-NSSPKIXBuiltInStandardAttributes_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXCountryName *countryNameOpt,
- NSSPKIXAdministrationDomainName *administrationDomainNameOpt,
- NSSPKIXNetworkAddress *networkAddressOpt,
- NSSPKIXTerminalIdentifier *terminalIdentifierOpt,
- NSSPKIXPrivateDomainName *privateDomainNameOpt,
- NSSPKIXOrganizationName *organizationNameOpt,
- NSSPKIXNumericUserIdentifier *numericUserIdentifierOpt,
- NSSPKIXPersonalName *personalNameOpt,
- NSSPKIXOrganizationalUnitNames *organizationalUnitNamesOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_Destroy
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXBuiltInStandardAttributes_Encode
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_HasCountryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInStandardAttributes_HasCountryName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_GetCountryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCountryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCountryName *
-NSSPKIXBuiltInStandardAttributes_GetCountryName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_SetCountryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_COUNTRY_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_SetCountryName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXCountryName *countryName
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_RemoveCountryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_COUNTRY_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_RemoveCountryName
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_HasAdministrationDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInStandardAttributes_HasAdministrationDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_GetAdministrationDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAdministrationDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAdministrationDomainName *
-NSSPKIXBuiltInStandardAttributes_GetAdministrationDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_SetAdministrationDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ADMINISTRATION_DOMAIN_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_SetAdministrationDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXAdministrationDomainName *administrationDomainName
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_RemoveAdministrationDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_ADMINISTRATION_DOMAIN_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_RemoveAdministrationDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_HasNetworkAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInStandardAttributes_HasNetworkAddress
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_GetNetworkAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNetworkAddress *
-NSSPKIXBuiltInStandardAttributes_GetNetworkAddress
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_SetNetworkAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_NETWORK_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_SetNetworkAddress
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXNetworkAddress *networkAddress
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_RemoveNetworkAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_NETWORK_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_RemoveNetworkAddress
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_HasTerminalIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInStandardAttributes_HasTerminalIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_GetTerminalIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTerminalIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTerminalIdentifier *
-NSSPKIXBuiltInStandardAttributes_GetTerminalIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_SetTerminalIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_TERMINAL_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_SetTerminalIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXTerminalIdentifier *terminalIdentifier
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_RemoveTerminalIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_TERMINAL_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_RemoveTerminalIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_HasPrivateDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInStandardAttributes_HasPrivateDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_GetPrivateDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateDomainName *
-NSSPKIXBuiltInStandardAttributes_GetPrivateDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_SetPrivateDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_PRIVATE_DOMAIN_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_SetPrivateDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXPrivateDomainName *privateDomainName
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_RemovePrivateDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_PRIVATE_DOMAIN_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_RemovePrivateDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_HasOrganizationName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInStandardAttributes_HasOrganizationName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_GetOrganizationName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationName *
-NSSPKIXBuiltInStandardAttributes_GetOrganizationName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_SetOrganizationName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ORGANIZATION_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_SetOrganizationName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXOrganizationName *organizationName
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_RemoveOrganizationName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_ORGANIZATION_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_RemoveOrganizationName
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_HasNumericUserIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInStandardAttributes_HasNumericUserIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_GetNumericUserIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNumericUserIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNumericUserIdentifier *
-NSSPKIXBuiltInStandardAttributes_GetNumericUserIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_SetNumericUserIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_NUMERIC_USER_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_SetNumericUserIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXNumericUserIdentifier *numericUserIdentifier
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_RemoveNumericUserIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_NUMERIC_USER_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_RemoveNumericUserIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_HasPersonalName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInStandardAttributes_HasPersonalName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_GetPersonalName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPersonalName *
-NSSPKIXBuiltInStandardAttributes_GetPersonalName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_SetPersonalName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_SetPersonalName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXPersonalName *personalName
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_RemovePersonalName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_RemovePersonalName
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_HasOrganizationLUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInStandardAttributes_HasOrganizationLUnitNames
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_GetOrganizationLUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitNames *
-NSSPKIXBuiltInStandardAttributes_GetOrganizationLUnitNames
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_SetOrganizationLUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_SetOrganizationLUnitNames
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXOrganizationalUnitNames *organizationalUnitNames
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_RemoveOrganizationLUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInStandardAttributes_RemoveOrganizationLUnitNames
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInStandardAttributes_Equal
-(
- NSSPKIXBuiltInStandardAttributes *bisa1,
- NSSPKIXBuiltInStandardAttributes *bisa2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInStandardAttributes_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInStandardAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInStandardAttributes *
-NSSPKIXBuiltInStandardAttributes_Duplicate
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * CountryName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CountryName ::= [APPLICATION 1] CHOICE {
- * x121-dcc-code NumericString
- * (SIZE (ub-country-name-numeric-length)),
- * iso-3166-alpha2-code PrintableString
- * (SIZE (ub-country-name-alpha-length)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXCountryName_Decode
- * NSSPKIXCountryName_CreateFromUTF8
- * NSSPKIXCountryName_Encode
- *
- */
-
-/*
- * NSSPKIXCountryName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCountryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCountryName *
-NSSPKIXCountryName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXCountryName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCountryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCountryName *
-NSSPKIXCountryName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXCountryName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_COUNTRY_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXCountryName_Encode
-(
- NSSPKIXCountryName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * AdministrationDomainName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AdministrationDomainName ::= [APPLICATION 2] CHOICE {
- * numeric NumericString (SIZE (0..ub-domain-name-length)),
- * printable PrintableString (SIZE (0..ub-domain-name-length)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXAdministrationDomainName_Decode
- * NSSPKIXAdministrationDomainName_CreateFromUTF8
- * NSSPKIXAdministrationDomainName_Encode
- *
- */
-
-/*
- * NSSPKIXAdministrationDomainName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAdministrationDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAdministrationDomainName *
-NSSPKIXAdministrationDomainName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXAdministrationDomainName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAdministrationDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAdministrationDomainName *
-NSSPKIXAdministrationDomainName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXAdministrationDomainName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ADMINISTRATION_DOMAIN_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXAdministrationDomainName_Encode
-(
- NSSPKIXAdministrationDomainName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X121Address
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
- *
- * The public calls for this type:
- *
- * NSSPKIXX121Address_Decode
- * NSSPKIXX121Address_CreateFromUTF8
- * NSSPKIXX121Address_Encode
- *
- */
-
-/*
- * NSSPKIXX121Address_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX121Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX121Address *
-NSSPKIXX121Address_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXX121Address_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX121Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX121Address *
-NSSPKIXX121Address_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXX121Address_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_X121_ADDRESS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXX121Address_Encode
-(
- NSSPKIXX121Address *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NetworkAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NetworkAddress ::= X121Address -- see also extended-network-address
- *
- * The public calls for this type:
- *
- * NSSPKIXNetworkAddress_Decode
- * NSSPKIXNetworkAddress_CreateFromUTF8
- * NSSPKIXNetworkAddress_Encode
- *
- */
-
-/*
- * NSSPKIXNetworkAddress_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNetworkAddress *
-NSSPKIXNetworkAddress_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXNetworkAddress_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNetworkAddress *
-NSSPKIXNetworkAddress_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXNetworkAddress_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NETWORK_ADDRESS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXNetworkAddress_Encode
-(
- NSSPKIXNetworkAddress *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * TerminalIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
- *
- * The public calls for this type:
- *
- * NSSPKIXTerminalIdentifier_Decode
- * NSSPKIXTerminalIdentifier_CreateFromUTF8
- * NSSPKIXTerminalIdentifier_Encode
- *
- */
-
-/*
- * NSSPKIXTerminalIdentifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTerminalIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTerminalIdentifier *
-NSSPKIXTerminalIdentifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXTerminalIdentifier_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTerminalIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTerminalIdentifier *
-NSSPKIXTerminalIdentifier_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXTerminalIdentifier_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TERMINAL_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXTerminalIdentifier_Encode
-(
- NSSPKIXTerminalIdentifier *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PrivateDomainName
- *
- * -- fgmr comments --
- *
- * PrivateDomainName ::= CHOICE {
- * numeric NumericString (SIZE (1..ub-domain-name-length)),
- * printable PrintableString (SIZE (1..ub-domain-name-length)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXPrivateDomainName_Decode
- * NSSPKIXPrivateDomainName_CreateFromUTF8
- * NSSPKIXPrivateDomainName_Encode
- *
- */
-
-/*
- * NSSPKIXPrivateDomainName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateDomainName *
-NSSPKIXPrivateDomainName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPrivateDomainName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateDomainName *
-NSSPKIXPrivateDomainName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXPrivateDomainName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_DOMAIN_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPrivateDomainName_Encode
-(
- NSSPKIXPrivateDomainName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * OrganizationName
- *
- * -- fgmr comments --
- *
- * OrganizationName ::= PrintableString
- * (SIZE (1..ub-organization-name-length))
- *
- * The public calls for this type:
- *
- * NSSPKIXOrganizationName_Decode
- * NSSPKIXOrganizationName_CreateFromUTF8
- * NSSPKIXOrganizationName_Encode
- *
- */
-
-/*
- * NSSPKIXOrganizationName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationName *
-NSSPKIXOrganizationName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXOrganizationName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationName *
-NSSPKIXOrganizationName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXOrganizationName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATION_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXOrganizationName_Encode
-(
- NSSPKIXOrganizationName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NumericUserIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NumericUserIdentifier ::= NumericString
- * (SIZE (1..ub-numeric-user-id-length))
- *
- * The public calls for this type:
- *
- * NSSPKIXNumericUserIdentifier_Decode
- * NSSPKIXNumericUserIdentifier_CreateFromUTF8
- * NSSPKIXNumericUserIdentifier_Encode
- *
- */
-
-/*
- * NSSPKIXNumericUserIdentifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNumericUserIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNumericUserIdentifier *
-NSSPKIXNumericUserIdentifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXNumericUserIdentifier_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNumericUserIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNumericUserIdentifier *
-NSSPKIXNumericUserIdentifier_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXNumericUserIdentifier_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NUMERIC_USER_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXNumericUserIdentifier_Encode
-(
- NSSPKIXNumericUserIdentifier *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PersonalName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PersonalName ::= SET {
- * surname [0] PrintableString (SIZE (1..ub-surname-length)),
- * given-name [1] PrintableString
- * (SIZE (1..ub-given-name-length)) OPTIONAL,
- * initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL,
- * generation-qualifier [3] PrintableString
- * (SIZE (1..ub-generation-qualifier-length)) OPTIONAL }
- *
- * The public calls for this type:
- *
- * NSSPKIXPersonalName_Decode
- * NSSPKIXPersonalName_Create
- * NSSPKIXPersonalName_Destroy
- * NSSPKIXPersonalName_Encode
- * NSSPKIXPersonalName_GetSurname
- * NSSPKIXPersonalName_SetSurname
- * NSSPKIXPersonalName_HasGivenName
- * NSSPKIXPersonalName_GetGivenName
- * NSSPKIXPersonalName_SetGivenName
- * NSSPKIXPersonalName_RemoveGivenName
- * NSSPKIXPersonalName_HasInitials
- * NSSPKIXPersonalName_GetInitials
- * NSSPKIXPersonalName_SetInitials
- * NSSPKIXPersonalName_RemoveInitials
- * NSSPKIXPersonalName_HasGenerationQualifier
- * NSSPKIXPersonalName_GetGenerationQualifier
- * NSSPKIXPersonalName_SetGenerationQualifier
- * NSSPKIXPersonalName_RemoveGenerationQualifier
- * NSSPKIXPersonalName_Equal
- * NSSPKIXPersonalName_Duplicate
- *
- */
-
-/*
- * NSSPKIXPersonalName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPersonalName *
-NSSPKIXPersonalName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPersonalName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPersonalName *
-NSSPKIXPersonalName_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *surname,
- NSSUTF8 *givenNameOpt,
- NSSUTF8 *initialsOpt,
- NSSUTF8 *generationQualifierOpt
-);
-
-/*
- * NSSPKIXPersonalName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPersonalName_Destroy
-(
- NSSPKIXPersonalName *personalName
-);
-
-/*
- * NSSPKIXPersonalName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPersonalName_Encode
-(
- NSSPKIXPersonalName *personalName,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPersonalName_GetSurname
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXPersonalName_GetSurname
-(
- NSSPKIXPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPersonalName_SetSurname
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPersonalName_SetSurname
-(
- NSSPKIXPersonalName *personalName,
- NSSUTF8 *surname
-);
-
-/*
- * NSSPKIXPersonalName_HasGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPersonalName_HasGivenName
-(
- NSSPKIXPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPersonalName_GetGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_GIVEN_NAME
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXPersonalName_GetGivenName
-(
- NSSPKIXPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPersonalName_SetGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPersonalName_SetGivenName
-(
- NSSPKIXPersonalName *personalName,
- NSSUTF8 *givenName
-);
-
-/*
- * NSSPKIXPersonalName_RemoveGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_HAS_NO_GIVEN_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPersonalName_RemoveGivenName
-(
- NSSPKIXPersonalName *personalName
-);
-
-/*
- * NSSPKIXPersonalName_HasInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPersonalName_HasInitials
-(
- NSSPKIXPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPersonalName_GetInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXPersonalName_GetInitials
-(
- NSSPKIXPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPersonalName_SetInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPersonalName_SetInitials
-(
- NSSPKIXPersonalName *personalName,
- NSSUTF8 *initials
-);
-
-/*
- * NSSPKIXPersonalName_RemoveInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPersonalName_RemoveInitials
-(
- NSSPKIXPersonalName *personalName
-);
-
-/*
- * NSSPKIXPersonalName_HasGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPersonalName_HasGenerationQualifier
-(
- NSSPKIXPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPersonalName_GetGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXPersonalName_GetGenerationQualifier
-(
- NSSPKIXPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPersonalName_SetGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPersonalName_SetGenerationQualifier
-(
- NSSPKIXPersonalName *personalName,
- NSSUTF8 *generationQualifier
-);
-
-/*
- * NSSPKIXPersonalName_RemoveGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPersonalName_RemoveGenerationQualifier
-(
- NSSPKIXPersonalName *personalName
-);
-
-/*
- * NSSPKIXPersonalName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPersonalName_Equal
-(
- NSSPKIXPersonalName *personalName1,
- NSSPKIXPersonalName *personalName2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPersonalName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPersonalName *
-NSSPKIXPersonalName_Duplicate
-(
- NSSPKIXPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * OrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
- * OF OrganizationalUnitName
- *
- * The public calls for the type:
- *
- * NSSPKIXOrganizationalUnitNames_Decode
- * NSSPKIXOrganizationalUnitNames_Create
- * NSSPKIXOrganizationalUnitNames_Destroy
- * NSSPKIXOrganizationalUnitNames_Encode
- * NSSPKIXOrganizationalUnitNames_GetOrganizationalUnitNameCount
- * NSSPKIXOrganizationalUnitNames_GetOrganizationalUnitNames
- * NSSPKIXOrganizationalUnitNames_SetOrganizationalUnitNames
- * NSSPKIXOrganizationalUnitNames_GetOrganizationalUnitName
- * NSSPKIXOrganizationalUnitNames_SetOrganizationalUnitName
- * NSSPKIXOrganizationalUnitNames_InsertOrganizationalUnitName
- * NSSPKIXOrganizationalUnitNames_AppendOrganizationalUnitName
- * NSSPKIXOrganizationalUnitNames_RemoveOrganizationalUnitName
- * NSSPKIXOrganizationalUnitNames_FindOrganizationalUnitName
- * NSSPKIXOrganizationalUnitNames_Equal
- * NSSPKIXOrganizationalUnitNames_Duplicate
- *
- */
-
-/*
- * NSSPKIXOrganizationalUnitNames_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitNames *
-NSSPKIXOrganizationalUnitNames_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitNames *
-NSSPKIXOrganizationalUnitNames_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXOrganizationalUnitName *ou1,
- ...
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXOrganizationalUnitNames_Destroy
-(
- NSSPKIXOrganizationalUnitNames *ous
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXOrganizationalUnitNames_Encode
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_GetOrganizationalUnitNameCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXOrganizationalUnitNames_GetOrganizationalUnitNameCount
-(
- NSSPKIXOrganizationalUnitNames *ous
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_GetOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXOrganizationalUnitName
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitName **
-NSSPKIXOrganizationalUnitNames_GetOrganizationalUnitNames
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSPKIXOrganizationalUnitName *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_SetOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXOrganizationalUnitNames_SetOrganizationalUnitNames
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSPKIXOrganizationalUnitName *ou[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_GetOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitName *
-NSSPKIXOrganizationalUnitNames_GetOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_SetOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXOrganizationalUnitNames_SetOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSPKIXOrganizationalUnitName *ou
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_InsertOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXOrganizationalUnitNames_InsertOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSPKIXOrganizationalUnitName *ou
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_AppendOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXOrganizationalUnitNames_AppendOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSPKIXOrganizationalUnitName *ou
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_RemoveOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXOrganizationalUnitNames_RemoveOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- PRInt32 i
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_FindOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- *
- * Return value:
- * The index of the specified revoked certificate upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRIntn
-NSSPKIXOrganizationalUnitNames_FindOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSPKIXOrganizationalUnitName *ou
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXOrganizationalUnitNames_Equal
-(
- NSSPKIXOrganizationalUnitNames *ous1,
- NSSPKIXOrganizationalUnitNames *ous2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXOrganizationalUnitNames_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitNames *
-NSSPKIXOrganizationalUnitNames_Duplicate
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSArena *arenaOpt
-);
-
-/*
- * OrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * OrganizationalUnitName ::= PrintableString (SIZE
- * (1..ub-organizational-unit-name-length))
- *
- * The public calls for this type:
- *
- * NSSPKIXOrganizationalUnitName_Decode
- * NSSPKIXOrganizationalUnitName_CreateFromUTF8
- * NSSPKIXOrganizationalUnitName_Encode
- *
- */
-
-/*
- * NSSPKIXOrganizationalUnitName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitName *
-NSSPKIXOrganizationalUnitName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXOrganizationalUnitName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitName *
-NSSPKIXOrganizationalUnitName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXOrganizationalUnitName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXOrganizationalUnitName_Encode
-(
- NSSPKIXOrganizationalUnitName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * BuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
- * (1..ub-domain-defined-attributes) OF
- * BuiltInDomainDefinedAttribute
- *
- * The public calls for this type:
- *
- * NSSPKIXBuiltInDomainDefinedAttributes_Decode
- * NSSPKIXBuiltInDomainDefinedAttributes_Create
- * NSSPKIXBuiltInDomainDefinedAttributes_Destroy
- * NSSPKIXBuiltInDomainDefinedAttributes_Encode
- * NSSPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributeCount
- * NSSPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributes
- * NSSPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttributes
- * NSSPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttribute
- * NSSPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttribute
- * NSSPKIXBuiltInDomainDefinedAttributes_InsertBuiltIndomainDefinedAttribute
- * NSSPKIXBuiltInDomainDefinedAttributes_AppendBuiltIndomainDefinedAttribute
- * NSSPKIXBuiltInDomainDefinedAttributes_RemoveBuiltIndomainDefinedAttribute
- * NSSPKIXBuiltInDomainDefinedAttributes_Equal
- * NSSPKIXBuiltInDomainDefinedAttributes_Duplicate
- *
- */
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttributes *
-NSSPKIXBuiltInDomainDefinedAttributes_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttributes *
-NSSPKIXBuiltInDomainDefinedAttributes_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda1,
- ...
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInDomainDefinedAttributes_Destroy
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXBuiltInDomainDefinedAttributes_Encode
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributeCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributeCount
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXBuiltInDomainDefinedAttribute
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttribute **
-NSSPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributes
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSPKIXBuiltInDomainDefinedAttribut *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttributes
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSPKIXBuiltInDomainDefinedAttribut *bidda[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttribute *
-NSSPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- PRInt32 i,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_InsertBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInDomainDefinedAttributes_InsertBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- PRInt32 i,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_AppendBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInDomainDefinedAttributes_AppendBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_RemoveBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInDomainDefinedAttributes_RemoveBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- PRInt32 i
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_FindBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * The index of the specified revoked certificate upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXBuiltInDomainDefinedAttributes_FindBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInDomainDefinedAttributes_Equal
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas1,
- NSSPKIXBuiltInDomainDefinedAttributes *biddas2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttributes_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttributes *
-NSSPKIXBuiltInDomainDefinedAttributes_Duplicate
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSArena *arenaOpt
-);
-
-/*
- * BuiltInDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInDomainDefinedAttribute ::= SEQUENCE {
- * type PrintableString (SIZE
- * (1..ub-domain-defined-attribute-type-length)),
- * value PrintableString (SIZE
- * (1..ub-domain-defined-attribute-value-length))}
- *
- * The public calls for this type:
- *
- * NSSPKIXBuiltInDomainDefinedAttribute_Decode
- * NSSPKIXBuiltInDomainDefinedAttribute_Create
- * NSSPKIXBuiltInDomainDefinedAttribute_Destroy
- * NSSPKIXBuiltInDomainDefinedAttribute_Encode
- * NSSPKIXBuiltInDomainDefinedAttribute_GetType
- * NSSPKIXBuiltInDomainDefinedAttribute_SetType
- * NSSPKIXBuiltInDomainDefinedAttribute_GetValue
- * NSSPKIXBuiltInDomainDefinedAttribute_SetValue
- * NSSPKIXBuiltInDomainDefinedAttribute_Equal
- * NSSPKIXBuiltInDomainDefinedAttribute_Duplicate
- *
- */
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttribute_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttribute *
-NSSPKIXBuiltInDomainDefinedAttribute_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttribute_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttribute *
-NSSPKIXBuiltInDomainDefinedAttribute_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *type,
- NSSUTF8 *value
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttribute_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInDomainDefinedAttribute_Destroy
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttribute_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXBuiltInDomainDefinedAttribute_Encode
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttribute_GetType
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXBuiltInDomainDefinedAttribute_GetType
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttribute_SetType
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInDomainDefinedAttribute_SetType
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSUTF8 *type
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttribute_GetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXBuiltInDomainDefinedAttribute_GetValue
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttribute_SetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBuiltInDomainDefinedAttribute_SetValue
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSUTF8 *value
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttribute_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBuiltInDomainDefinedAttribute_Equal
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda1,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBuiltInDomainDefinedAttribute_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttribute *
-NSSPKIXBuiltInDomainDefinedAttribute_Duplicate
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSArena *arenaOpt
-);
-
-/*
- * ExtensionAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
- * ExtensionAttribute
- *
- * The public calls for this type:
- *
- * NSSPKIXExtensionAttributes_Decode
- * NSSPKIXExtensionAttributes_Create
- * NSSPKIXExtensionAttributes_Destroy
- * NSSPKIXExtensionAttributes_Encode
- * NSSPKIXExtensionAttributes_GetExtensionAttributeCount
- * NSSPKIXExtensionAttributes_GetExtensionAttributes
- * NSSPKIXExtensionAttributes_SetExtensionAttributes
- * NSSPKIXExtensionAttributes_GetExtensionAttribute
- * NSSPKIXExtensionAttributes_SetExtensionAttribute
- * NSSPKIXExtensionAttributes_InsertExtensionAttribute
- * NSSPKIXExtensionAttributes_AppendExtensionAttribute
- * NSSPKIXExtensionAttributes_RemoveExtensionAttribute
- * NSSPKIXExtensionAttributes_FindExtensionAttribute
- * NSSPKIXExtensionAttributes_Equal
- * NSSPKIXExtensionAttributes_Duplicate
- *
- */
-
-/*
- * NSSPKIXExtensionAttributes_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttributes *
-NSSPKIXExtensionAttributes_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXExtensionAttributes_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttributes *
-NSSPKIXExtensionAttributes_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXExtensionAttribute ea1,
- ...
-);
-
-/*
- * NSSPKIXExtensionAttributes_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtensionAttributes_Destroy
-(
- NSSPKIXExtensionAttributes *eas
-);
-
-/*
- * NSSPKIXExtensionAttributes_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXExtensionAttributes_Encode
-(
- NSSPKIXExtensionAttributes *eas
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtensionAttributes_GetExtensionAttributeCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXExtensionAttributes_GetExtensionAttributeCount
-(
- NSSPKIXExtensionAttributes *eas
-);
-
-/*
- * NSSPKIXExtensionAttributes_GetExtensionAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXExtensionAttribute pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttribute **
-NSSPKIXExtensionAttributes_GetExtensionAttributes
-(
- NSSPKIXExtensionAttributes *eas,
- NSSPKIXExtensionAttribute *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtensionAttributes_SetExtensionAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtensionAttributes_SetExtensionAttributes
-(
- NSSPKIXExtensionAttributes *eas,
- NSSPKIXExtensionAttribute *ea[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXExtensionAttributes_GetExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttribute upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttribute *
-NSSPKIXExtensionAttributes_GetExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtensionAttributes_SetExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtensionAttributes_SetExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- PRInt32 i,
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * NSSPKIXExtensionAttributes_InsertExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtensionAttributes_InsertExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- PRInt32 i,
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * NSSPKIXExtensionAttributes_AppendExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtensionAttributes_AppendExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * NSSPKIXExtensionAttributes_RemoveExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtensionAttributes_RemoveExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- PRInt32 i,
-);
-
-/*
- * NSSPKIXExtensionAttributes_FindExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * A nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXExtensionAttributes_FindExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * NSSPKIXExtensionAttributes_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXExtensionAttributes_Equal
-(
- NSSPKIXExtensionAttributes *eas1,
- NSSPKIXExtensionAttributes *eas2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXExtensionAttributes_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttributes *
-NSSPKIXExtensionAttributes_Duplicate
-(
- NSSPKIXExtensionAttributes *eas,
- NSSArena *arenaOpt
-);
-
-/*
- * fgmr
- * There should be accessors to search the ExtensionAttributes and
- * return the value for a specific value, etc.
- */
-
-/*
- * ExtensionAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtensionAttribute ::= SEQUENCE {
- * extension-attribute-type [0] INTEGER (0..ub-extension-attributes),
- * extension-attribute-value [1]
- * ANY DEFINED BY extension-attribute-type }
- *
- * The public calls for this type:
- *
- * NSSPKIXExtensionAttribute_Decode
- * NSSPKIXExtensionAttribute_Create
- * NSSPKIXExtensionAttribute_Destroy
- * NSSPKIXExtensionAttribute_Encode
- * NSSPKIXExtensionAttribute_GetExtensionsAttributeType
- * NSSPKIXExtensionAttribute_SetExtensionsAttributeType
- * NSSPKIXExtensionAttribute_GetExtensionsAttributeValue
- * NSSPKIXExtensionAttribute_SetExtensionsAttributeValue
- * NSSPKIXExtensionAttribute_Equal
- * NSSPKIXExtensionAttribute_Duplicate
- *
- */
-
-/*
- * NSSPKIXExtensionAttribute_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttribute upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttribute *
-NSSPKIXExtensionAttribute_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXExtensionAttribute_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE_TYPE
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttribute upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttribute *
-NSSPKIXExtensionAttribute_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXExtensionAttributeType type,
- NSSItem *value
-);
-
-/*
- * NSSPKIXExtensionAttribute_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtensionAttribute_Destroy
-(
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * NSSPKIXExtensionAttribute_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXExtensionAttribute_Encode
-(
- NSSPKIXExtensionAttribute *ea,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtensionAttribute_GetExtensionsAttributeType
- *
- * -- fgmr comments --
- * {One of these objects created from BER generated by a program
- * adhering to a later version of the PKIX standards might have
- * a value not mentioned in the enumeration definition. This isn't
- * a bug.}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * A member of the NSSPKIXExtensionAttributeType enumeration
- * upon success
- * NSSPKIXExtensionAttributeType_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttributeType
-NSSPKIXExtensionAttribute_GetExtensionsAttributeType
-(
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * NSSPKIXExtensionAttribute_SetExtensionsAttributeType
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtensionAttribute_SetExtensionsAttributeType
-(
- NSSPKIXExtensionAttribute *ea,
- NSSPKIXExtensionAttributeType type
-);
-
-/*
- * NSSPKIXExtensionAttribute_GetExtensionsAttributeValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-NSSPKIXExtensionAttribute_GetExtensionsAttributeValue
-(
- NSSPKIXExtensionAttribute *ea,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtensionAttribute_SetExtensionsAttributeValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtensionAttribute_SetExtensionsAttributeValue
-(
- NSSPKIXExtensionAttribute *ea,
- NSSItem *value
-);
-
-/*
- * NSSPKIXExtensionAttribute_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXExtensionAttribute_Equal
-(
- NSSPKIXExtensionAttribute *ea1,
- NSSPKIXExtensionAttribute *ea2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXExtensionAttribute_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttribute upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttribute *
-NSSPKIXExtensionAttribute_Duplicate
-(
- NSSPKIXExtensionAttribute *ea,
- NSSArena *arenaOpt
-);
-
-/*
- * CommonName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
- *
- * The public calls for this type:
- *
- * NSSPKIXCommonName_Decode
- * NSSPKIXCommonName_CreateFromUTF8
- * NSSPKIXCommonName_Encode
- *
- */
-
-/*
- * NSSPKIXCommonName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCommonName *
-NSSPKIXCommonName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXCommonName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCommonName *
-NSSPKIXCommonName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXCommonName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXCommonName_Encode
-(
- NSSPKIXCommonName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * TeletexCommonName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
- *
- * The public calls for this type:
- *
- * NSSPKIXTeletexCommonName_Decode
- * NSSPKIXTeletexCommonName_CreateFromUTF8
- * NSSPKIXTeletexCommonName_Encode
- *
- */
-
-/*
- * NSSPKIXTeletexCommonName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexCommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexCommonName *
-NSSPKIXTeletexCommonName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXTeletexCommonName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexCommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexCommonName *
-NSSPKIXTeletexCommonName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXTeletexCommonName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXTeletexCommonName_Encode
-(
- NSSPKIXTeletexCommonName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * TeletexOrganizationName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexOrganizationName ::=
- * TeletexString (SIZE (1..ub-organization-name-length))
- *
- * The public calls for this type:
- *
- * NSSPKIXTeletexOrganizationName_Decode
- * NSSPKIXTeletexOrganizationName_CreateFromUTF8
- * NSSPKIXTeletexOrganizationName_Encode
- *
- */
-
-/*
- * NSSPKIXTeletexOrganizationName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationName *
-NSSPKIXTeletexOrganizationName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXTeletexOrganizationName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationName *
-NSSPKIXTeletexOrganizationName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXTeletexOrganizationName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATION_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXTeletexOrganizationName_Encode
-(
- NSSPKIXTeletexOrganizationName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * TeletexPersonalName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexPersonalName ::= SET {
- * surname [0] TeletexString (SIZE (1..ub-surname-length)),
- * given-name [1] TeletexString
- * (SIZE (1..ub-given-name-length)) OPTIONAL,
- * initials [2] TeletexString (SIZE (1..ub-initials-length)) OPTIONAL,
- * generation-qualifier [3] TeletexString (SIZE
- * (1..ub-generation-qualifier-length)) OPTIONAL }
- *
- * The public calls for this type:
- *
- * NSSPKIXTeletexPersonalName_Decode
- * NSSPKIXTeletexPersonalName_Create
- * NSSPKIXTeletexPersonalName_Destroy
- * NSSPKIXTeletexPersonalName_Encode
- * NSSPKIXTeletexPersonalName_GetSurname
- * NSSPKIXTeletexPersonalName_SetSurname
- * NSSPKIXTeletexPersonalName_HasGivenName
- * NSSPKIXTeletexPersonalName_GetGivenName
- * NSSPKIXTeletexPersonalName_SetGivenName
- * NSSPKIXTeletexPersonalName_RemoveGivenName
- * NSSPKIXTeletexPersonalName_HasInitials
- * NSSPKIXTeletexPersonalName_GetInitials
- * NSSPKIXTeletexPersonalName_SetInitials
- * NSSPKIXTeletexPersonalName_RemoveInitials
- * NSSPKIXTeletexPersonalName_HasGenerationQualifier
- * NSSPKIXTeletexPersonalName_GetGenerationQualifier
- * NSSPKIXTeletexPersonalName_SetGenerationQualifier
- * NSSPKIXTeletexPersonalName_RemoveGenerationQualifier
- * NSSPKIXTeletexPersonalName_Equal
- * NSSPKIXTeletexPersonalName_Duplicate
- *
- */
-
-/*
- * NSSPKIXTeletexPersonalName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexPersonalName *
-NSSPKIXTeletexPersonalName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXTeletexPersonalName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexPersonalName *
-NSSPKIXTeletexPersonalName_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *surname,
- NSSUTF8 *givenNameOpt,
- NSSUTF8 *initialsOpt,
- NSSUTF8 *generationQualifierOpt
-);
-
-/*
- * NSSPKIXTeletexPersonalName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexPersonalName_Destroy
-(
- NSSPKIXTeletexPersonalName *personalName
-);
-
-/*
- * NSSPKIXTeletexPersonalName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXTeletexPersonalName_Encode
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexPersonalName_GetSurname
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXTeletexPersonalName_GetSurname
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexPersonalName_SetSurname
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexPersonalName_SetSurname
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSUTF8 *surname
-);
-
-/*
- * NSSPKIXTeletexPersonalName_HasGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTeletexPersonalName_HasGivenName
-(
- NSSPKIXTeletexPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTeletexPersonalName_GetGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXTeletexPersonalName_GetGivenName
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexPersonalName_SetGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexPersonalName_SetGivenName
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSUTF8 *givenName
-);
-
-/*
- * NSSPKIXTeletexPersonalName_RemoveGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexPersonalName_RemoveGivenName
-(
- NSSPKIXTeletexPersonalName *personalName
-);
-
-/*
- * NSSPKIXTeletexPersonalName_HasInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTeletexPersonalName_HasInitials
-(
- NSSPKIXTeletexPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTeletexPersonalName_GetInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXTeletexPersonalName_GetInitials
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexPersonalName_SetInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexPersonalName_SetInitials
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSUTF8 *initials
-);
-
-/*
- * NSSPKIXTeletexPersonalName_RemoveInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexPersonalName_RemoveInitials
-(
- NSSPKIXTeletexPersonalName *personalName
-);
-
-/*
- * NSSPKIXTeletexPersonalName_HasGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTeletexPersonalName_HasGenerationQualifier
-(
- NSSPKIXTeletexPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTeletexPersonalName_GetGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXTeletexPersonalName_GetGenerationQualifier
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexPersonalName_SetGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexPersonalName_SetGenerationQualifier
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSUTF8 *generationQualifier
-);
-
-/*
- * NSSPKIXTeletexPersonalName_RemoveGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexPersonalName_RemoveGenerationQualifier
-(
- NSSPKIXTeletexPersonalName *personalName
-);
-
-/*
- * NSSPKIXTeletexPersonalName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTeletexPersonalName_Equal
-(
- NSSPKIXTeletexPersonalName *personalName1,
- NSSPKIXTeletexPersonalName *personalName2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTeletexPersonalName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexPersonalName *
-NSSPKIXTeletexPersonalName_Duplicate
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * TeletexOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
- * (1..ub-organizational-units) OF TeletexOrganizationalUnitName
- *
- * The public calls for the type:
- *
- * NSSPKIXTeletexOrganizationalUnitNames_Decode
- * NSSPKIXTeletexOrganizationalUnitNames_Create
- * NSSPKIXTeletexOrganizationalUnitNames_Destroy
- * NSSPKIXTeletexOrganizationalUnitNames_Encode
- * NSSPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNameCount
- * NSSPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNames
- * NSSPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitNames
- * NSSPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitName
- * NSSPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitName
- * NSSPKIXTeletexOrganizationalUnitNames_InsertTeletexOrganizationalUnitName
- * NSSPKIXTeletexOrganizationalUnitNames_AppendTeletexOrganizationalUnitName
- * NSSPKIXTeletexOrganizationalUnitNames_RemoveTeletexOrganizationalUnitName
- * NSSPKIXTeletexOrganizationalUnitNames_FindTeletexOrganizationalUnitName
- * NSSPKIXTeletexOrganizationalUnitNames_Equal
- * NSSPKIXTeletexOrganizationalUnitNames_Duplicate
- *
- */
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitNames *
-NSSPKIXTeletexOrganizationalUnitNames_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitNames *
-NSSPKIXTeletexOrganizationalUnitNames_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXTeletexOrganizationalUnitName *ou1,
- ...
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexOrganizationalUnitNames_Destroy
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXTeletexOrganizationalUnitNames_Encode
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNameCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNameCount
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXTeletexOrganizationalUnitName
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitName **
-NSSPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNames
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSPKIXTeletexOrganizationalUnitName *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitNames
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSPKIXTeletexOrganizationalUnitName *ou[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitName *
-NSSPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSPKIXTeletexOrganizationalUnitName *ou
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_InsertTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexOrganizationalUnitNames_InsertTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSPKIXTeletexOrganizationalUnitName *ou
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_AppendTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexOrganizationalUnitNames_AppendTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSPKIXTeletexOrganizationalUnitName *ou
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_RemoveTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexOrganizationalUnitNames_RemoveTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- PRInt32 i
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_FindTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- *
- * Return value:
- * The index of the specified revoked certificate upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXTeletexOrganizationalUnitNames_FindTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSPKIXTeletexOrganizationalUnitName *ou
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTeletexOrganizationalUnitNames_Equal
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous1,
- NSSPKIXTeletexOrganizationalUnitNames *ous2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitNames_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitNames *
-NSSPKIXTeletexOrganizationalUnitNames_Duplicate
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSArena *arenaOpt
-);
-
-/*
- * TeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexOrganizationalUnitName ::= TeletexString
- * (SIZE (1..ub-organizational-unit-name-length))
- *
- * The public calls for this type:
- *
- * NSSPKIXTeletexOrganizationalUnitName_Decode
- * NSSPKIXTeletexOrganizationalUnitName_CreateFromUTF8
- * NSSPKIXTeletexOrganizationalUnitName_Encode
- *
- */
-
-/*
- * NSSPKIXTeletexOrganizationalUnitName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitName *
-NSSPKIXTeletexOrganizationalUnitName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitName *
-NSSPKIXTeletexOrganizationalUnitName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXTeletexOrganizationalUnitName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXTeletexOrganizationalUnitName_Encode
-(
- NSSPKIXTeletexOrganizationalUnitName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PDSName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
- *
- * The public calls for this type:
- *
- * NSSPKIXPDSName_Decode
- * NSSPKIXPDSName_CreateFromUTF8
- * NSSPKIXPDSName_Encode
- *
- */
-
-/*
- * NSSPKIXPDSName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSName *
-NSSPKIXPDSName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPDSName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSName *
-NSSPKIXPDSName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXPDSName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPDSName_Encode
-(
- NSSPKIXPDSName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PhysicalDeliveryCountryName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PhysicalDeliveryCountryName ::= CHOICE {
- * x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
- * iso-3166-alpha2-code PrintableString
- * (SIZE (ub-country-name-alpha-length)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXPhysicalDeliveryCountryName_Decode
- * NSSPKIXPhysicalDeliveryCountryName_CreateFromUTF8
- * NSSPKIXPhysicalDeliveryCountryName_Encode
- *
- */
-
-/*
- * NSSPKIXPhysicalDeliveryCountryName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPhysicalDeliveryCountryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPhysicalDeliveryCountryName *
-NSSPKIXPhysicalDeliveryCountryName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPhysicalDeliveryCountryName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPhysicalDeliveryCountryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPhysicalDeliveryCountryName *
-NSSPKIXPhysicalDeliveryCountryName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXPhysicalDeliveryCountryName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PHYSICAL_DELIVERY_COUNTRY_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPhysicalDeliveryCountryName_Encode
-(
- NSSPKIXPhysicalDeliveryCountryName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PostalCode
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PostalCode ::= CHOICE {
- * numeric-code NumericString (SIZE (1..ub-postal-code-length)),
- * printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXPostalCode_Decode
- * NSSPKIXPostalCode_CreateFromUTF8
- * NSSPKIXPostalCode_Encode
- *
- */
-
-/*
- * NSSPKIXPostalCode_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPostalCode upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPostalCode *
-NSSPKIXPostalCode_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPostalCode_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPostalCode upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPostalCode *
-NSSPKIXPostalCode_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXPostalCode_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POSTAL_CODE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPostalCode_Encode
-(
- NSSPKIXPostalCode *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PDSParameter
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PDSParameter ::= SET {
- * printable-string PrintableString
- * (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
- * teletex-string TeletexString
- * (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
- *
- * The public calls for this type:
- *
- * NSSPKIXPDSParameter_Decode
- * NSSPKIXPDSParameter_CreateFromUTF8
- * NSSPKIXPDSParameter_Create
- * NSSPKIXPDSParameter_Delete
- * NSSPKIXPDSParameter_Encode
- * NSSPKIXPDSParameter_GetUTF8Encoding
- * NSSPKIXPDSParameter_HasPrintableString
- * NSSPKIXPDSParameter_GetPrintableString
- * NSSPKIXPDSParameter_SetPrintableString
- * NSSPKIXPDSParameter_RemovePrintableString
- * NSSPKIXPDSParameter_HasTeletexString
- * NSSPKIXPDSParameter_GetTeletexString
- * NSSPKIXPDSParameter_SetTeletexString
- * NSSPKIXPDSParameter_RemoveTeletexString
- * NSSPKIXPDSParameter_Equal
- * NSSPKIXPDSParameter_Duplicate
- */
-
-/*
- * NSSPKIXPDSParameter_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSParameter upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSParameter *
-NSSPKIXPDSParameter_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPDSParameter_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSParameter upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSParameter *
-NSSPKIXPDSParameter_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXPDSParameter_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSParameter upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSParameter *
-NSSPKIXPDSParameter_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *printableStringOpt,
- NSSUTF8 *teletexStringOpt
-);
-
-/*
- * NSSPKIXPDSParameter_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPDSParameter_Destroy
-(
- NSSPKIXPDSParameter *p
-);
-
-/*
- * NSSPKIXPDSParameter_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPDSParameter_Encode
-(
- NSSPKIXPDSParameter *p,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPDSParameter_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXPDSParameter_GetUTF8Encoding
-(
- NSSPKIXPDSParameter *p,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPDSParameter_HasPrintableString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPDSParameter_HasPrintableString
-(
- NSSPKIXPDSParameter *p,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPDSParameter_GetPrintableString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXPDSParameter_GetPrintableString
-(
- NSSPKIXPDSParameter *p,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPDSParameter_SetPrintableString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPDSParameter_SetPrintableString
-(
- NSSPKIXPDSParameter *p,
- NSSUTF8 *printableString
-);
-
-/*
- * NSSPKIXPDSParameter_RemovePrintableString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPDSParameter_RemovePrintableString
-(
- NSSPKIXPDSParameter *p
-);
-
-/*
- * NSSPKIXPDSParameter_HasTeletexString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPDSParameter_HasTeletexString
-(
- NSSPKIXPDSParameter *p,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPDSParameter_GetTeletexString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXPDSParameter_GetTeletexString
-(
- NSSPKIXPDSParameter *p,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPDSParameter_SetTeletexString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPDSParameter_SetTeletexString
-(
- NSSPKIXPDSParameter *p,
- NSSUTF8 *teletexString
-);
-
-/*
- * NSSPKIXPDSParameter_RemoveTeletexString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPDSParameter_RemoveTeletexString
-(
- NSSPKIXPDSParameter *p
-);
-
-/*
- * NSSPKIXPDSParameter_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPDSParameter_Equal
-(
- NSSPKIXPDSParameter *p1,
- NSSPKIXPDSParameter *p2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPDSParameter_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSParameter upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSParameter *
-NSSPKIXPDSParameter_Duplicate
-(
- NSSPKIXPDSParameter *p,
- NSSArena *arenaOpt
-);
-
-/*
- * fgmr: what about these PDS types?
- *
- * PhysicalDeliveryOfficeName
- *
- * PhysicalDeliveryOfficeNumber
- *
- * ExtensionORAddressComponents
- *
- * PhysicalDeliveryPersonalName
- *
- * PhysicalDeliveryOrganizationName
- *
- * ExtensionPhysicalDeliveryAddressComponents
- *
- * StreetAddress
- *
- * PostOfficeBoxAddress
- *
- * PosteRestanteAddress
- *
- * UniquePostalName
- *
- * LocalPostalAttributes
- *
- */
-
-/*
- * UnformattedPostalAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * UnformattedPostalAddress ::= SET {
- * printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF
- * PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
- * teletex-string TeletexString
- * (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
- *
- * The public calls for the type:
- *
- *
- */
-
-/*
- * ExtendedNetworkAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtendedNetworkAddress ::= CHOICE {
- * e163-4-address SEQUENCE {
- * number [0] NumericString (SIZE (1..ub-e163-4-number-length)),
- * sub-address [1] NumericString
- * (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
- * psap-address [0] PresentationAddress }
- *
- * The public calls for the type:
- *
- * NSSPKIXExtendedNetworkAddress_Decode
- * NSSPKIXExtendedNetworkAddress_Create
- * NSSPKIXExtendedNetworkAddress_Destroy
- * NSSPKIXExtendedNetworkAddress_Encode
- * NSSPKIXExtendedNetworkAddress_GetChoice
- * NSSPKIXExtendedNetworkAddress_Get
- * NSSPKIXExtendedNetworkAddress_GetE1634Address
- * NSSPKIXExtendedNetworkAddress_GetPsapAddress
- * NSSPKIXExtendedNetworkAddress_Set
- * NSSPKIXExtendedNetworkAddress_SetE163Address
- * NSSPKIXExtendedNetworkAddress_SetPsapAddress
- * NSSPKIXExtendedNetworkAddress_Equal
- * NSSPKIXExtendedNetworkAddress_Duplicate
- *
- */
-
-/*
- * NSSPKIXExtendedNetworkAddress_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtendedNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddress *
-NSSPKIXExtendedNetworkAddress_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_INVALID_PKIX_PRESENTATION_ADDRESS
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtendedNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddress *
-NSSPKIXExtendedNetworkAddress_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXExtendedNetworkAddressChoice choice,
- void *address
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_CreateFromE1634Address
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtendedNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddress *
-NSSPKIXExtendedNetworkAddress_CreateFromE1634Address
-(
- NSSArena *arenaOpt,
- NSSPKIXe1634Address *e1634address
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_CreateFromPresentationAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_PRESENTATION_ADDRESS
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtendedNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddress *
-NSSPKIXExtendedNetworkAddress_CreateFromPresentationAddress
-(
- NSSArena *arenaOpt,
- NSSPKIXPresentationAddress *presentationAddress
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtendedNetworkAddress_Destroy
-(
- NSSPKIXExtendedNetworkAddress *ena
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXExtendedNetworkAddress_Encode
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_GetChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- *
- * Return value:
- * A valid element of the NSSPKIXExtendedNetworkAddressChoice upon
- * success
- * The value NSSPKIXExtendedNetworkAddress_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddressChoice
-NSSPKIXExtendedNetworkAddress_GetChoice
-(
- NSSPKIXExtendedNetworkAddress *ena
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_GetSpecifiedChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A pointer...
- * NULL upon failure
- */
-
-NSS_EXTERN void *
-NSSPKIXExtendedNetworkAddress_GetSpecifiedChoice
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSPKIXExtendedNetworkAddressChoice which,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_GetE1634Address
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A valid pointer to an NSSPKIXe1643Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXe1643Address *
-NSSPKIXExtendedNetworkAddress_GetE1634Address
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_GetPresentationAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A valid pointer to an NSSPKIXPresentationAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPresentationAddress *
-NSSPKIXExtendedNetworkAddress_GetPresentationAddress
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_SetSpecifiedChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_INVALID_PKIX_PRESENTATION_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtendedNetworkAddress_SetSpecifiedChoice
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSPKIXExtendedNetworkAddressChoice which,
- void *address
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_SetE163Address
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtendedNetworkAddress_SetE163Address
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSPKIXe1634Address *e1634address
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_SetPresentationAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_PRESENTATION_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtendedNetworkAddress_SetPresentationAddress
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSPKIXPresentationAddress *presentationAddress
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXExtendedNetworkAddress_Equal
-(
- NSSPKIXExtendedNetworkAddress *ena1,
- NSSPKIXExtendedNetworkAddress *ena2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXExtendedNetworkAddress_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtendedNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddress *
-NSSPKIXExtendedNetworkAddress_Duplicate
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSArena *arenaOpt
-);
-
-/*
- * e163-4-address
- *
- * Helper structure for ExtendedNetworkAddress.
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * e163-4-address SEQUENCE {
- * number [0] NumericString (SIZE (1..ub-e163-4-number-length)),
- * sub-address [1] NumericString
- * (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
- *
- * The public calls for the type:
- *
- * NSSPKIXe1634Address_Decode
- * NSSPKIXe1634Address_Create
- * NSSPKIXe1634Address_Destroy
- * NSSPKIXe1634Address_Encode
- * NSSPKIXe1634Address_GetNumber
- * NSSPKIXe1634Address_SetNumber
- * NSSPKIXe1634Address_HasSubAddress
- * NSSPKIXe1634Address_GetSubAddress
- * NSSPKIXe1634Address_SetSubAddress
- * NSSPKIXe1634Address_RemoveSubAddress
- * NSSPKIXe1634Address_Equal
- * NSSPKIXe1634Address_Duplicate
- *
- */
-
-/*
- * NSSPKIXe1634Address_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXe1634Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXe1634Address *
-NSSPKIXe1634Address_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXe1634Address_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXe1634Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXe1634Address *
-NSSPKIXe1634Address_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *number,
- NSSUTF8 *subAddressOpt
-);
-
-/*
- * NSSPKIXe1634Address_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXe1634Address_Destroy
-(
- NSSPKIXe1634Address *e
-);
-
-/*
- * NSSPKIXe1634Address_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXe1634Address_Encode
-(
- NSSPKIXe1634Address *e,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXe1634Address_GetNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXe1634Address_GetNumber
-(
- NSSPKIXe1634Address *e,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXe1634Address_SetNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXe1634Address_SetNumber
-(
- NSSPKIXe1634Address *e,
- NSSUTF8 *number
-);
-
-/*
- * NSSPKIXe1634Address_HasSubAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXe1634Address_HasSubAddress
-(
- NSSPKIXe1634Address *e,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXe1634Address_GetSubAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXe1634Address_GetSubAddress
-(
- NSSPKIXe1634Address *e,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXe1634Address_SetSubAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXe1634Address_SetSubAddress
-(
- NSSPKIXe1634Address *e,
- NSSUTF8 *subAddress
-);
-
-/*
- * NSSPKIXe1634Address_RemoveSubAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXe1634Address_RemoveSubAddress
-(
- NSSPKIXe1634Address *e
-);
-
-/*
- * NSSPKIXe1634Address_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXe1634Address_Equal
-(
- NSSPKIXe1634Address *e1,
- NSSPKIXe1634Address *e2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXe1634Address_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXe1634Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXe1634Address *
-NSSPKIXe1634Address_Duplicate
-(
- NSSPKIXe1634Address *e,
- NSSArena *arenaOpt
-);
-
-/*
- * PresentationAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PresentationAddress ::= SEQUENCE {
- * pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
- * sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
- * tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
- * nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
- *
- * The public calls for the type:
- *
- * NSSPKIXPresentationAddress_Decode
- * NSSPKIXPresentationAddress_Create
- * NSSPKIXPresentationAddress_Destroy
- * NSSPKIXPresentationAddress_Encode
- * NSSPKIXPresentationAddress_HasPSelector
- * NSSPKIXPresentationAddress_GetPSelector
- * NSSPKIXPresentationAddress_SetPSelector
- * NSSPKIXPresentationAddress_RemovePSelector
- * NSSPKIXPresentationAddress_HasSSelector
- * NSSPKIXPresentationAddress_GetSSelector
- * NSSPKIXPresentationAddress_SetSSelector
- * NSSPKIXPresentationAddress_RemoveSSelector
- * NSSPKIXPresentationAddress_HasTSelector
- * NSSPKIXPresentationAddress_GetTSelector
- * NSSPKIXPresentationAddress_SetTSelector
- * NSSPKIXPresentationAddress_RemoveTSelector
- * NSSPKIXPresentationAddress_HasNAddresses
- * NSSPKIXPresentationAddress_GetNAddresses
- * NSSPKIXPresentationAddress_SetNAddresses
- * NSSPKIXPresentationAddress_RemoveNAddresses
- *{NAddresses must be more complex than that}
- * NSSPKIXPresentationAddress_Compare
- * NSSPKIXPresentationAddress_Duplicate
- *
- */
-
-/*
- * TeletexDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
- * (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
- *
- * The public calls for the type:
- *
- * NSSPKIXTeletexDomainDefinedAttributes_Decode
- * NSSPKIXTeletexDomainDefinedAttributes_Create
- * NSSPKIXTeletexDomainDefinedAttributes_Destroy
- * NSSPKIXTeletexDomainDefinedAttributes_Encode
- * NSSPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributeCount
- * NSSPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributes
- * NSSPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttributes
- * NSSPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttribute
- * NSSPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttribute
- * NSSPKIXTeletexDomainDefinedAttributes_InsertTeletexDomainDefinedAttribute
- * NSSPKIXTeletexDomainDefinedAttributes_AppendTeletexDomainDefinedAttribute
- * NSSPKIXTeletexDomainDefinedAttributes_RemoveTeletexDomainDefinedAttribute
- * NSSPKIXTeletexDomainDefinedAttributes_FindTeletexDomainDefinedAttribute
- * NSSPKIXTeletexDomainDefinedAttributes_Equal
- * NSSPKIXTeletexDomainDefinedAttributes_Duplicate
- *
- */
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttributes *
-NSSPKIXTeletexDomainDefinedAttributes_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttributes *
-NSSPKIXTeletexDomainDefinedAttributes_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXTeletexDomainDefinedAttribute *tdda1,
- ...
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexDomainDefinedAttributes_Destroy
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXTeletexDomainDefinedAttributes_Encode
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributeCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributeCount
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXTeletexDomainDefinedAttribute
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute **
-NSSPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributes
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSPKIXTeletexDomainDefinedAttribute *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttributes
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSPKIXTeletexDomainDefinedAttribute *tdda[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttribute upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute *
-NSSPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- PRInt32 i,
- NSSPKIXTeletexDomainDefinedAttribute *tdda
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_InsertTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexDomainDefinedAttributes_InsertTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- PRInt32 i,
- NSSPKIXTeletexDomainDefinedAttribute *tdda
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_AppendTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexDomainDefinedAttributes_AppendTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSPKIXTeletexDomainDefinedAttribute *tdda
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_RemoveTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexDomainDefinedAttributes_RemoveTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- PRInt32 i
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_FindTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * The nonnegative integer upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXTeletexDomainDefinedAttributes_FindTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSPKIXTeletexDomainDefinedAttribute *tdda
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTeletexDomainDefinedAttributes_Equal
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas1,
- NSSPKIXTeletexDomainDefinedAttributes *tddas2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttributes_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttributes *
-NSSPKIXTeletexDomainDefinedAttributes_Duplicate
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSArena *arenaOpt
-);
-
-/*
- * TeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexDomainDefinedAttribute ::= SEQUENCE {
- * type TeletexString
- * (SIZE (1..ub-domain-defined-attribute-type-length)),
- * value TeletexString
- * (SIZE (1..ub-domain-defined-attribute-value-length)) }
- *
- * The public calls for the type:
- *
- * NSSPKIXTeletexDomainDefinedAttribute_Decode
- * NSSPKIXTeletexDomainDefinedAttribute_CreateFromUTF8
- * NSSPKIXTeletexDomainDefinedAttribute_Create
- * NSSPKIXTeletexDomainDefinedAttribute_Destroy
- * NSSPKIXTeletexDomainDefinedAttribute_Encode
- * NSSPKIXTeletexDomainDefinedAttribute_GetUTF8Encoding
- * NSSPKIXTeletexDomainDefinedAttribute_GetType
- * NSSPKIXTeletexDomainDefinedAttribute_SetType
- * NSSPKIXTeletexDomainDefinedAttribute_GetValue
- * NSSPKIXTeletexDomainDefinedAttribute_GetValue
- * NSSPKIXTeletexDomainDefinedAttribute_Equal
- * NSSPKIXTeletexDomainDefinedAttribute_Duplicate
- *
- */
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute *
-NSSPKIXTeletexDomainDefinedAttribute_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute *
-NSSPKIXTeletexDomainDefinedAttribute_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute *
-NSSPKIXTeletexDomainDefinedAttribute_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *type,
- NSSUTF8 *value
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexDomainDefinedAttribute_Destroy
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXTeletexDomainDefinedAttribute_Encode
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXTeletexDomainDefinedAttribute_GetUTF8Encoding
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_GetType
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXTeletexDomainDefinedAttribute_GetType
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_SetType
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexDomainDefinedAttribute_SetType
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSUTF8 *type
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_GetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXTeletexDomainDefinedAttribute_GetValue
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_SetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXTeletexDomainDefinedAttribute_SetValue
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSUTF8 *value
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXTeletexDomainDefinedAttribute_Equal
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda1,
- NSSPKIXTeletexDomainDefinedAttribute *tdda2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXTeletexDomainDefinedAttribute_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute *
-NSSPKIXTeletexDomainDefinedAttribute_Duplicate
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSArena *arenaOpt
-);
-
-/*
- * AuthorityKeyIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AuthorityKeyIdentifier ::= SEQUENCE {
- * keyIdentifier [0] KeyIdentifier OPTIONAL,
- * authorityCertIssuer [1] GeneralNames OPTIONAL,
- * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
- * -- authorityCertIssuer and authorityCertSerialNumber shall both
- * -- be present or both be absent
- *
- * The public calls for the type:
- *
- * NSSPKIXAuthorityKeyIdentifier_Decode
- * NSSPKIXAuthorityKeyIdentifier_Create
- * NSSPKIXAuthorityKeyIdentifier_Destroy
- * NSSPKIXAuthorityKeyIdentifier_Encode
- * NSSPKIXAuthorityKeyIdentifier_HasKeyIdentifier
- * NSSPKIXAuthorityKeyIdentifier_GetKeyIdentifier
- * NSSPKIXAuthorityKeyIdentifier_SetKeyIdentifier
- * NSSPKIXAuthorityKeyIdentifier_RemoveKeyIdentifier
- * NSSPKIXAuthorityKeyIdentifier_HasAuthorityCertIssuerAndSerialNumber
- * NSSPKIXAuthorityKeyIdentifier_RemoveAuthorityCertIssuerAndSerialNumber
- * NSSPKIXAuthorityKeyIdentifier_GetAuthorityCertIssuer
- * NSSPKIXAuthorityKeyIdentifier_GetAuthorityCertSerialNumber
- * NSSPKIXAuthorityKeyIdentifier_SetAuthorityCertIssuerAndSerialNumber
- * NSSPKIXAuthorityKeyIdentifier_Equal
- * NSSPKIXAuthorityKeyIdentifier_Duplicate
- *
- */
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityKeyIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityKeyIdentifier *
-NSSPKIXAuthorityKeyIdentifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_ARGUMENTS
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityKeyIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityKeyIdentifier *
-NSSPKIXAuthorityKeyIdentifier_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXKeyIdentifier *keyIdentifierOpt,
- NSSPKIXGeneralNames *authorityCertIssuerOpt,
- NSSPKIXCertificateSerialNumber *authorityCertSerialNumberOpt
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAuthorityKeyIdentifier_Destroy
-(
- NSSPKIXAuthorityKeyIdentifier *aki
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXAuthorityKeyIdentifier_Encode
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_HasKeyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXAuthorityKeyIdentifier_HasKeyIdentifier
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_GetKeyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_KEY_IDENTIFIER
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyIdentifier *
-NSSPKIXAuthorityKeyIdentifier_GetKeyIdentifier
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSPKIXKeyIdentifier *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_SetKeyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAuthorityKeyIdentifier_SetKeyIdentifier
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSPKIXKeyIdentifier *keyIdentifier
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_RemoveKeyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_HAS_NO_KEY_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAuthorityKeyIdentifier_RemoveKeyIdentifier
-(
- NSSPKIXAuthorityKeyIdentifier *aki
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_HasAuthorityCertIssuerAndSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- *
- * Return value:
- * PR_TRUE if it has them
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXAuthorityKeyIdentifier_HasAuthorityCertIssuerAndSerialNumber
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_RemoveAuthorityCertIssuerAndSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_HAS_NO_AUTHORITY_CERT_ISSUER_AND_SERIAL_NUMBER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAuthorityKeyIdentifier_RemoveAuthorityCertIssuerAndSerialNumber
-(
- NSSPKIXAuthorityKeyIdentifier *aki
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_GetAuthorityCertIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_AUTHORITY_CERT_ISSUER_AND_SERIAL_NUMBER
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNames *
-NSSPKIXAuthorityKeyIdentifier_GetAuthorityCertIssuer
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_GetAuthorityCertSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_AUTHORITY_CERT_ISSUER_AND_SERIAL_NUMBER
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateSerialNumber upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateSerialNumber *
-NSSPKIXAuthorityKeyIdentifier_GetAuthorityCertSerialNumber
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSPKIXCertificateSerialNumber *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_SetAuthorityCertIssuerAndSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAuthorityKeyIdentifier_SetAuthorityCertIssuerAndSerialNumber
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSPKIXGeneralNames *issuer,
- NSSPKIXCertificateSerialNumber *serialNumber
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXAuthorityKeyIdentifier_Equal
-(
- NSSPKIXAuthorityKeyIdentifier *aki1,
- NSSPKIXAuthorityKeyIdentifier *aki2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXAuthorityKeyIdentifier_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityKeyIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityKeyIdentifier *
-NSSPKIXAuthorityKeyIdentifier_Duplicate
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSArena *arenaOpt
-);
-
-/*
- * KeyUsage
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * KeyUsage ::= BIT STRING {
- * digitalSignature (0),
- * nonRepudiation (1),
- * keyEncipherment (2),
- * dataEncipherment (3),
- * keyAgreement (4),
- * keyCertSign (5),
- * cRLSign (6),
- * encipherOnly (7),
- * decipherOnly (8) }
- *
- * The public calls for the type:
- *
- * NSSPKIXKeyUsage_Decode
- * NSSPKIXKeyUsage_CreateFromUTF8
- * NSSPKIXKeyUsage_CreateFromValue
- * NSSPKIXKeyUsage_Destroy
- * NSSPKIXKeyUsage_Encode
- * NSSPKIXKeyUsage_GetUTF8Encoding
- * NSSPKIXKeyUsage_GetValue
- * NSSPKIXKeyUsage_SetValue
- * { bitwise accessors? }
- * NSSPKIXKeyUsage_Equal
- * NSSPKIXKeyUsage_Duplicate
- *
- */
-
-/*
- * NSSPKIXKeyUsage_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyUsage upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyUsage *
-NSSPKIXKeyUsage_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXKeyUsage_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyUsage upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyUsage *
-NSSPKIXKeyUsage_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXKeyUsage_CreateFromValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE_VALUE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyUsage upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyUsage *
-NSSPKIXKeyUsage_CreateFromValue
-(
- NSSArena *arenaOpt,
- NSSPKIXKeyUsageValue value
-);
-
-/*
- * NSSPKIXKeyUsage_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXKeyUsage_Destroy
-(
- NSSPKIXKeyUsage *keyUsage
-);
-
-/*
- * NSSPKIXKeyUsage_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXKeyUsage_Encode
-(
- NSSPKIXKeyUsage *keyUsage,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXKeyUsage_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXKeyUsage_GetUTF8Encoding
-(
- NSSPKIXKeyUsage *keyUsage,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXKeyUsage_GetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- *
- * Return value:
- * A set of NSSKeyUsageValue values OR-d together upon success
- * NSSKeyUsage_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSKeyUsageValue
-NSSPKIXKeyUsage_GetValue
-(
- NSSPKIXKeyUsage *keyUsage
-);
-
-/*
- * NSSPKIXKeyUsage_SetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXKeyUsage_SetValue
-(
- NSSPKIXKeyUsage *keyUsage,
- NSSPKIXKeyUsageValue value
-);
-
-/*
- * NSSPKIXKeyUsage_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXKeyUsage_Equal
-(
- NSSPKIXKeyUsage *keyUsage1,
- NSSPKIXKeyUsage *keyUsage2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXKeyUsage_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyUsage upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyUsage *
-NSSPKIXKeyUsage_Duplicate
-(
- NSSPKIXKeyUsage *keyUsage,
- NSSArena *arenaOpt
-);
-
-/*
- * PrivateKeyUsagePeriod
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PrivateKeyUsagePeriod ::= SEQUENCE {
- * notBefore [0] GeneralizedTime OPTIONAL,
- * notAfter [1] GeneralizedTime OPTIONAL }
- * -- either notBefore or notAfter shall be present
- *
- * The public calls for the type:
- *
- * NSSPKIXPrivateKeyUsagePeriod_Decode
- * NSSPKIXPrivateKeyUsagePeriod_Create
- * NSSPKIXPrivateKeyUsagePeriod_Destroy
- * NSSPKIXPrivateKeyUsagePeriod_Encode
- * NSSPKIXPrivateKeyUsagePeriod_HasNotBefore
- * NSSPKIXPrivateKeyUsagePeriod_GetNotBefore
- * NSSPKIXPrivateKeyUsagePeriod_SetNotBefore
- * NSSPKIXPrivateKeyUsagePeriod_RemoveNotBefore
- * NSSPKIXPrivateKeyUsagePeriod_HasNotAfter
- * NSSPKIXPrivateKeyUsagePeriod_GetNotAfter
- * NSSPKIXPrivateKeyUsagePeriod_SetNotAfter
- * NSSPKIXPrivateKeyUsagePeriod_RemoveNotAfter
- * NSSPKIXPrivateKeyUsagePeriod_Equal
- * NSSPKIXPrivateKeyUsagePeriod_Duplicate
- *
- */
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateKeyUsagePeriod upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateKeyUsagePeriod *
-NSSPKIXPrivateKeyUsagePeriod_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_TIME
- * NSS_ERROR_INVALID_ARGUMENTS
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateKeyUsagePeriod upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateKeyUsagePeriod *
-NSSPKIXPrivateKeyUsagePeriod_Create
-(
- NSSArena *arenaOpt,
- NSSTime *notBeforeOpt,
- NSSTime *notAfterOpt
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPrivateKeyUsagePeriod_Destroy
-(
- NSSPKIXPrivateKeyUsagePeriod *period
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_DATA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPrivateKeyUsagePeriod_Encode
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_HasNotBefore
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPrivateKeyUsagePeriod_HasNotBefore
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_GetNotBefore
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_NOT_BEFORE
- *
- * Return value:
- * NSSTime {fgmr!}
- * NULL upon failure
- */
-
-NSS_EXTERN NSSTime *
-NSSPKIXPrivateKeyUsagePeriod_GetNotBefore
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_SetNotBefore
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_INVALID_TIME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPrivateKeyUsagePeriod_SetNotBefore
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSTime *notBefore
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_RemoveNotBefore
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_HAS_NO_NOT_BEFORE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPrivateKeyUsagePeriod_RemoveNotBefore
-(
- NSSPKIXPrivateKeyUsagePeriod *period
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_HasNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPrivateKeyUsagePeriod_HasNotAfter
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_GetNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_NOT_AFTER
- *
- * Return value:
- * NSSTime {fgmr!}
- * NULL upon failure
- */
-
-NSS_EXTERN NSSTime *
-NSSPKIXPrivateKeyUsagePeriod_GetNotAfter
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_SetNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_INVALID_TIME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPrivateKeyUsagePeriod_SetNotAfter
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSTime *notAfter
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_RemoveNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_HAS_NO_NOT_AFTER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPrivateKeyUsagePeriod_RemoveNotAfter
-(
- NSSPKIXPrivateKeyUsagePeriod *period
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPrivateKeyUsagePeriod_Equal
-(
- NSSPKIXPrivateKeyUsagePeriod *period1,
- NSSPKIXPrivateKeyUsagePeriod *period2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPrivateKeyUsagePeriod_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateKeyUsagePeriod upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateKeyUsagePeriod *
-NSSPKIXPrivateKeyUsagePeriod_Duplicate
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSArena *arenaOpt
-);
-
-/*
- * CertificatePolicies
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
- *
- * The public calls for the type:
- *
- * NSSPKIXCertificatePolicies_Decode
- * NSSPKIXCertificatePolicies_Create
- * NSSPKIXCertificatePolicies_Destroy
- * NSSPKIXCertificatePolicies_Encode
- * NSSPKIXCertificatePolicies_GetPolicyInformationCount
- * NSSPKIXCertificatePolicies_GetPolicyInformations
- * NSSPKIXCertificatePolicies_SetPolicyInformations
- * NSSPKIXCertificatePolicies_GetPolicyInformation
- * NSSPKIXCertificatePolicies_SetPolicyInformation
- * NSSPKIXCertificatePolicies_InsertPolicyInformation
- * NSSPKIXCertificatePolicies_AppendPolicyInformation
- * NSSPKIXCertificatePolicies_RemovePolicyInformation
- * NSSPKIXCertificatePolicies_FindPolicyInformation
- * NSSPKIXCertificatePolicies_Equal
- * NSSPKIXCertificatePolicies_Duplicate
- *
- */
-
-/*
- * NSSPKIXCertificatePolicies_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificatePolicies upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificatePolicies *
-NSSPKIXCertificatePolicies_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXCertificatePolicies_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificatePolicies upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificatePolicies *
-NSSPKIXCertificatePolicies_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXPolicyInformation *pi1,
- ...
-);
-
-/*
- * NSSPKIXCertificatePolicies_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificatePolicies_Destroy
-(
- NSSPKIXCertificatePolicies *cp
-);
-
-/*
- * NSSPKIXCertificatePolicies_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXCertificatePolicies_Encode
-(
- NSSPKIXCertificatePolicies *cp,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCertificatePolicies_GetPolicyInformationCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXCertificatePolicies_GetPolicyInformationCount
-(
- NSSPKIXCertificatePolicies *cp
-);
-
-/*
- * NSSPKIXCertificatePolicies_GetPolicyInformations
- *
- * We regret the function name.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXPolicyInformation pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyInformation **
-NSSPKIXCertificatePolicies_GetPolicyInformations
-(
- NSSPKIXCertificatePolicies *cp,
- NSSPKIXPolicyInformation *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCertificatePolicies_SetPolicyInformations
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificatePolicies_SetPolicyInformations
-(
- NSSPKIXCertificatePolicies *cp,
- NSSPKIXPolicyInformation *pi[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXCertificatePolicies_GetPolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyInformation upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyInformation *
-NSSPKIXCertificatePolicies_GetPolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCertificatePolicies_SetPolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificatePolicies_SetPolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- PRInt32 i,
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * NSSPKIXCertificatePolicies_InsertPolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificatePolicies_InsertPolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- PRInt32 i,
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * NSSPKIXCertificatePolicies_AppendPolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificatePolicies_AppendPolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * NSSPKIXCertificatePolicies_RemovePolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCertificatePolicies_RemovePolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- PRInt32 i
-);
-
-/*
- * NSSPKIXCertificatePolicies_FindPolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- *
- * Return value:
- * The nonnegative integer upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXCertificatePolicies_FindPolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * NSSPKIXCertificatePolicies_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXCertificatePolicies_Equal
-(
- NSSPKIXCertificatePolicies *cp1,
- NSSPKIXCertificatePolicies *cp2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXCertificatePolicies_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificatePolicies upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificatePolicies *
-NSSPKIXCertificatePolicies_Duplicate
-(
- NSSPKIXCertificatePolicies *cp,
- NSSArena *arenaOpt
-);
-
-/*
- * PolicyInformation
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * policyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- * The public calls for the type:
- *
- * NSSPKIXPolicyInformation_Decode
- * NSSPKIXPolicyInformation_Create
- * NSSPKIXPolicyInformation_Destroy
- * NSSPKIXPolicyInformation_Encode
- * NSSPKIXPolicyInformation_GetPolicyIdentifier
- * NSSPKIXPolicyInformation_SetPolicyIdentifier
- * NSSPKIXPolicyInformation_GetPolicyQualifierCount
- * NSSPKIXPolicyInformation_GetPolicyQualifiers
- * NSSPKIXPolicyInformation_SetPolicyQualifiers
- * NSSPKIXPolicyInformation_GetPolicyQualifier
- * NSSPKIXPolicyInformation_SetPolicyQualifier
- * NSSPKIXPolicyInformation_InsertPolicyQualifier
- * NSSPKIXPolicyInformation_AppendPolicyQualifier
- * NSSPKIXPolicyInformation_RemovePolicyQualifier
- * NSSPKIXPolicyInformation_Equal
- * NSSPKIXPolicyInformation_Duplicate
- * { and accessors by specific policy qualifier ID }
- *
- */
-
-/*
- * NSSPKIXPolicyInformation_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyInformation upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyInformation *
-NSSPKIXPolicyInformation_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPolicyInformation_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyInformation upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyInformation *
-NSSPKIXPolicyInformation_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXCertPolicyId *id,
- NSSPKIXPolicyQualifierInfo *pqi1,
- ...
-);
-
-/*
- * NSSPKIXPolicyInformation_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyInformation_Destroy
-(
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * NSSPKIXPolicyInformation_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPolicyInformation_Encode
-(
- NSSPKIXPolicyInformation *pi,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPolicyInformation_GetPolicyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid OID upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertPolicyId *
-NSSPKIXPolicyInformation_GetPolicyIdentifier
-(
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * NSSPKIXPolicyInformation_SetPolicyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyInformation_SetPolicyIdentifier
-(
- NSSPKIXPolicyInformation *pi,
- NSSPKIXCertPolicyIdentifier *cpi
-);
-
-/*
- * NSSPKIXPolicyInformation_GetPolicyQualifierCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXPolicyInformation_GetPolicyQualifierCount
-(
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * NSSPKIXPolicyInformation_GetPolicyQualifiers
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXPolicyQualifierInfo pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierInfo **
-NSSPKIXPolicyInformation_GetPolicyQualifiers
-(
- NSSPKIXPolicyInformation *pi,
- NSSPKIXPolicyQualifierInfo *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPolicyInformation_SetPolicyQualifiers
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyInformation_SetPolicyQualifiers
-(
- NSSPKIXPolicyInformation *pi,
- NSSPKIXPolicyQualifierInfo *pqi[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXPolicyInformation_GetPolicyQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyQualifierInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierInfo *
-NSSPKIXPolicyInformation_GetPolicyQualifier
-(
- NSSPKIXPolicyInformation *pi,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPolicyInformation_SetPolicyQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyInformation_SetPolicyQualifier
-(
- NSSPKIXPolicyInformation *pi,
- PRInt32 i,
- NSSPKIXPolicyQualifierInfo *pqi
-);
-
-/*
- * NSSPKIXPolicyInformation_InsertPolicyQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyInformation_InsertPolicyQualifier
-(
- NSSPKIXPolicyInformation *pi,
- PRInt32 i,
- NSSPKIXPolicyQualifierInfo *pqi
-);
-
-/*
- * NSSPKIXPolicyInformation_AppendPolicyQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyInformation_AppendPolicyQualifier
-(
- NSSPKIXPolicyInformation *pi,
- PRInt32 i,
- NSSPKIXPolicyQualifierInfo *pqi
-);
-
-/*
- * NSSPKIXPolicyInformation_RemovePolicyQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyInformation_RemovePolicyQualifier
-(
- NSSPKIXPolicyInformation *pi,
- PRInt32 i
-);
-
-/*
- * NSSPKIXPolicyInformation_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPolicyInformation_Equal
-(
- NSSPKIXPolicyInformation *pi1,
- NSSPKIXPolicyInformation *pi2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPolicyInformation_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyInformation upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyInformation *
-NSSPKIXPolicyInformation_Duplicate
-(
- NSSPKIXPolicyInformation *pi,
- NSSArena *arenaOpt
-);
-
-/*
- * { and accessors by specific policy qualifier ID }
- *
- */
-
-/*
- * PolicyQualifierInfo
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- * The public calls for the type:
- *
- * NSSPKIXPolicyQualifierInfo_Decode
- * NSSPKIXPolicyQualifierInfo_Create
- * NSSPKIXPolicyQualifierInfo_Destroy
- * NSSPKIXPolicyQualifierInfo_Encode
- * NSSPKIXPolicyQualifierInfo_GetPolicyQualifierID
- * NSSPKIXPolicyQualifierInfo_SetPolicyQualifierID
- * NSSPKIXPolicyQualifierInfo_GetQualifier
- * NSSPKIXPolicyQualifierInfo_SetQualifier
- * NSSPKIXPolicyQualifierInfo_Equal
- * NSSPKIXPolicyQualifierInfo_Duplicate
- * { and accessors by specific qualifier id/type }
- *
- */
-
-/*
- * NSSPKIXPolicyQualifierInfo_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyQualifierInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierInfo *
-NSSPKIXPolicyQualifierInfo_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPolicyQualifierInfo_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_ID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyQualifierInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierInfo *
-NSSPKIXPolicyQualifierInfo_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXPolicyQualifierId *policyQualifierId,
- NSSItem *qualifier
-);
-
-/*
- * NSSPKIXPolicyQualifierInfo_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyQualifierInfo_Destroy
-(
- NSSPKIXPolicyQualifierInfo *pqi
-);
-
-/*
- * NSSPKIXPolicyQualifierInfo_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPolicyQualifierInfo_Encode
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPolicyQualifierInfo_GetPolicyQualifierId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyQualifierId (an NSSOID) upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierId *
-NSSPKIXPolicyQualifierInfo_GetPolicyQualifierId
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPolicyQualifierInfo_SetPolicyQualifierId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_ID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyQualifierInfo_SetPolicyQualifierId
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSPKIXPolicyQualifierId *pqid
-);
-
-/*
- * NSSPKIXPolicyQualifierInfo_GetQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-NSSPKIXPolicyQualifierInfo_GetQualifier
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPolicyQualifierInfo_SetQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyQualifierInfo_SetQualifier
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSItem *qualifier
-);
-
-/*
- * NSSPKIXPolicyQualifierInfo_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPolicyQualifierInfo_Equal
-(
- NSSPKIXPolicyQualifierInfo *pqi1,
- NSSPKIXPolicyQualifierInfo *pqi2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPolicyQualifierInfo_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyQualifierInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierInfo *
-NSSPKIXPolicyQualifierInfo_Duplicate
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSArena *arenaOpt
-);
-
-/*
- * { and accessors by specific qualifier id/type }
- *
- */
-
-/*
- * CPSuri
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CPSuri ::= IA5String
- *
- * The public calls for this type:
- *
- * NSSPKIXCPSuri_Decode
- * NSSPKIXCPSuri_CreateFromUTF8
- * NSSPKIXCPSuri_Encode
- *
- */
-
-/*
- * NSSPKIXCPSuri_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCPSuri upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCPSuri *
-NSSPKIXCPSuri_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXCPSuri_CreateFromUTF8
- *
- * { basically just enforces the length and charset limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCPSuri upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCPSuri *
-NSSPKIXCPSuri_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXCPSuri_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CPS_URI
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXCPSuri_Encode
-(
- NSSPKIXCPSuri *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * UserNotice
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * UserNotice ::= SEQUENCE {
- * noticeRef NoticeReference OPTIONAL,
- * explicitText DisplayText OPTIONAL}
- *
- * The public calls for this type:
- *
- * NSSPKIXUserNotice_Decode
- * NSSPKIXUserNotice_Create
- * NSSPKIXUserNotice_Destroy
- * NSSPKIXUserNotice_Encode
- * NSSPKIXUserNotice_HasNoticeRef
- * NSSPKIXUserNotice_GetNoticeRef
- * NSSPKIXUserNotice_SetNoticeRef
- * NSSPKIXUserNotice_RemoveNoticeRef
- * NSSPKIXUserNotice_HasExplicitText
- * NSSPKIXUserNotice_GetExplicitText
- * NSSPKIXUserNotice_SetExplicitText
- * NSSPKIXUserNotice_RemoveExplicitText
- * NSSPKIXUserNotice_Equal
- * NSSPKIXUserNotice_Duplicate
- *
- */
-
-
-/*
- * NSSPKIXUserNotice_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXUserNotice upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXUserNotice *
-NSSPKIXUserNotice_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXUserNotice_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_INVALID_PKIX_DISPLAY_TEXT
- *
- * Return value:
- * A valid pointer to an NSSPKIXUserNotice upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXUserNotice *
-NSSPKIXUserNotice_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXNoticeReference *noticeRef,
- NSSPKIXDisplayText *explicitText
-);
-
-/*
- * NSSPKIXUserNotice_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXUserNotice_Destroy
-(
- NSSPKIXUserNotice *userNotice
-);
-
-/*
- * NSSPKIXUserNotice_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXUserNotice_Encode
-(
- NSSPKIXUserNotice *userNotice,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXUserNotice_HasNoticeRef
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXUserNotice_HasNoticeRef
-(
- NSSPKIXUserNotice *userNotice,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXUserNotice_GetNoticeRef
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_NOTICE_REF
- *
- * Return value:
- * A valid pointer to an NSSPKIXNoticeReference upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNoticeReference *
-NSSPKIXUserNotice_GetNoticeRef
-(
- NSSPKIXUserNotice *userNotice,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXUserNotice_SetNoticeRef
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXUserNotice_SetNoticeRef
-(
- NSSPKIXUserNotice *userNotice,
- NSSPKIXNoticeReference *noticeRef
-);
-
-/*
- * NSSPKIXUserNotice_RemoveNoticeRef
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_HAS_NO_NOTICE_REF
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXUserNotice_RemoveNoticeRef
-(
- NSSPKIXUserNotice *userNotice
-);
-
-/*
- * NSSPKIXUserNotice_HasExplicitText
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- *
- * Return value:
- * PR_TRUE if it has some
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXUserNotice_HasExplicitText
-(
- NSSPKIXUserNotice *userNotice,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXUserNotice_GetExplicitText
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_EXPLICIT_TEXT
- *
- * Return value:
- * A valid pointer to an NSSPKIXDisplayText string upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDisplayText *
-NSSPKIXUserNotice_GetExplicitText
-(
- NSSPKIXUserNotice *userNotice,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXUserNotice_SetExplicitText
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_INVALID_PKIX_DISPLAY_TEXT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXUserNotice_SetExplicitText
-(
- NSSPKIXUserNotice *userNotice,
- NSSPKIXDisplayText *explicitText
-);
-
-/*
- * NSSPKIXUserNotice_RemoveExplicitText
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_HAS_NO_EXPLICIT_TEXT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXUserNotice_RemoveExplicitText
-(
- NSSPKIXUserNotice *userNotice
-);
-
-/*
- * NSSPKIXUserNotice_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXUserNotice_Equal
-(
- NSSPKIXUserNotice *userNotice1,
- NSSPKIXUserNotice *userNotice2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXUserNotice_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXUserNotice upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXUserNotice *
-NSSPKIXUserNotice_Duplicate
-(
- NSSPKIXUserNotice *userNotice,
- NSSArena *arenaOpt
-);
-
-/*
- * NoticeReference
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NoticeReference ::= SEQUENCE {
- * organization DisplayText,
- * noticeNumbers SEQUENCE OF INTEGER }
- *
- * The public calls for this type:
- *
- * NSSPKIXNoticeReference_Decode
- * NSSPKIXNoticeReference_Create
- * NSSPKIXNoticeReference_Destroy
- * NSSPKIXNoticeReference_Encode
- * NSSPKIXNoticeReference_GetOrganization
- * NSSPKIXNoticeReference_SetOrganization
- * NSSPKIXNoticeReference_GetNoticeNumberCount
- * NSSPKIXNoticeReference_GetNoticeNumbers
- * NSSPKIXNoticeReference_SetNoticeNumbers
- * NSSPKIXNoticeReference_GetNoticeNumber
- * NSSPKIXNoticeReference_SetNoticeNumber
- * NSSPKIXNoticeReference_InsertNoticeNumber
- * NSSPKIXNoticeReference_AppendNoticeNumber
- * NSSPKIXNoticeReference_RemoveNoticeNumber
- * { maybe number-exists-p gettor? }
- * NSSPKIXNoticeReference_Equal
- * NSSPKIXNoticeReference_Duplicate
- *
- */
-
-/*
- * NSSPKIXNoticeReference_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNoticeReference upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNoticeReference *
-NSSPKIXNoticeReference_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXNoticeReference_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_DISPLAY_TEXT
- *
- * Return value:
- * A valid pointer to an NSSPKIXNoticeReference upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNoticeReference *
-NSSPKIXNoticeReference_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXDisplayText *organization,
- PRUint32 noticeCount,
- PRInt32 noticeNumber1,
- ...
-);
-
-/*
- * { fgmr -- or should the call that takes PRInt32 be _CreateFromValues,
- * and the _Create call take NSSBER integers? }
- */
-
-/*
- * NSSPKIXNoticeReference_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNoticeReference_Destroy
-(
- NSSPKIXNoticeReference *nr
-);
-
-/*
- * NSSPKIXNoticeReference_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXNoticeReference_Encode
-(
- NSSPKIXNoticeReference *nr,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXNoticeReference_GetOrganization
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXDisplayText string upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDisplayText *
-NSSPKIXNoticeReference_GetOrganization
-(
- NSSPKIXNoticeReference *nr,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXNoticeReference_SetOrganization
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_INVALID_PKIX_DISPLAY_TEXT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNoticeReference_SetOrganization
-(
- NSSPKIXNoticeReference *nr,
- NSSPKIXDisplayText *organization
-);
-
-/*
- * NSSPKIXNoticeReference_GetNoticeNumberCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXNoticeReference_GetNoticeNumberCount
-(
- NSSPKIXNoticeReference *nr
-);
-
-/*
- * NSSPKIXNoticeReference_GetNoticeNumbers
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of PRInt32 values upon success
- * NULL upon failure
- */
-
-NSS_EXTERN PRInt32 *
-NSSPKIXNoticeReference_GetNoticeNumbers
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXNoticeReference_SetNoticeNumbers
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNoticeReference_SetNoticeNumbers
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 noticeNumbers[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXNoticeReference_GetNoticeNumber
- *
- * -- fgmr comments --
- * Because there is no natural "invalid" notice number value, we must
- * pass the number by reference, and return an explicit status value.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNoticeReference_GetNoticeNumber
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 i,
- PRInt32 *noticeNumberP
-);
-
-/*
- * NSSPKIXNoticeReference_SetNoticeNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNoticeReference_SetNoticeNumber
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 i,
- PRInt32 noticeNumber
-);
-
-/*
- * NSSPKIXNoticeReference_InsertNoticeNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNoticeReference_InsertNoticeNumber
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 i,
- PRInt32 noticeNumber
-);
-
-/*
- * NSSPKIXNoticeReference_AppendNoticeNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNoticeReference_AppendNoticeNumber
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 noticeNumber
-);
-
-/*
- * NSSPKIXNoticeReference_RemoveNoticeNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNoticeReference_RemoveNoticeNumber
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 i
-);
-
-/*
- * { maybe number-exists-p gettor? }
- */
-
-/*
- * NSSPKIXNoticeReference_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXNoticeReference_Equal
-(
- NSSPKIXNoticeReference *nr1,
- NSSPKIXNoticeReference *nr2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXNoticeReference_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNoticeReference upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNoticeReference *
-NSSPKIXNoticeReference_Duplicate
-(
- NSSPKIXNoticeReference *nr,
- NSSArena *arenaOpt
-);
-
-/*
- * DisplayText
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DisplayText ::= CHOICE {
- * visibleString VisibleString (SIZE (1..200)),
- * bmpString BMPString (SIZE (1..200)),
- * utf8String UTF8String (SIZE (1..200)) }
- *
- * The public calls for this type:
- *
- * NSSPKIXDisplayText_Decode
- * NSSPKIXDisplayText_CreateFromUTF8
- * NSSPKIXDisplayText_Encode
- *
- */
-
-/*
- * NSSPKIXDisplayText_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDisplayText upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDisplayText *
-NSSPKIXDisplayText_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXDisplayText_CreateFromUTF8
- *
- * { basically just enforces the length and charset limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDisplayText upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDisplayText *
-NSSPKIXDisplayText_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXDisplayText_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISPLAY_TEXT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXDisplayText_Encode
-(
- NSSPKIXDisplayText *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PolicyMappings
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- * The public calls for this type:
- *
- * NSSPKIXPolicyMappings_Decode
- * NSSPKIXPolicyMappings_Create
- * NSSPKIXPolicyMappings_Destroy
- * NSSPKIXPolicyMappings_Encode
- * NSSPKIXPolicyMappings_GetPolicyMappingCount
- * NSSPKIXPolicyMappings_GetPolicyMappings
- * NSSPKIXPolicyMappings_SetPolicyMappings
- * NSSPKIXPolicyMappings_GetPolicyMapping
- * NSSPKIXPolicyMappings_SetPolicyMapping
- * NSSPKIXPolicyMappings_InsertPolicyMapping
- * NSSPKIXPolicyMappings_AppendPolicyMapping
- * NSSPKIXPolicyMappings_RemovePolicyMapping
- * NSSPKIXPolicyMappings_FindPolicyMapping
- * NSSPKIXPolicyMappings_Equal
- * NSSPKIXPolicyMappings_Duplicate
- * NSSPKIXPolicyMappings_IssuerDomainPolicyExists
- * NSSPKIXPolicyMappings_SubjectDomainPolicyExists
- * NSSPKIXPolicyMappings_FindIssuerDomainPolicy
- * NSSPKIXPolicyMappings_FindSubjectDomainPolicy
- * NSSPKIXPolicyMappings_MapIssuerToSubject
- * NSSPKIXPolicyMappings_MapSubjectToIssuer
- * { find's and map's: what if there's more than one? }
- *
- */
-
-/*
- * NSSPKIXPolicyMappings_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyMappings upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyMappings *
-NSSPKIXPolicyMappings_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPolicyMappings_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyMappings upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyMappings *
-NSSPKIXPolicyMappings_Decode
-(
- NSSArena *arenaOpt,
- NSSPKIXpolicyMapping *policyMapping1,
- ...
-);
-
-/*
- * NSSPKIXPolicyMappings_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyMappings_Destroy
-(
- NSSPKIXPolicyMappings *policyMappings
-);
-
-/*
- * NSSPKIXPolicyMappings_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_DATA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPolicyMappings_Encode
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPolicyMappings_GetPolicyMappingCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXPolicyMappings_GetPolicyMappingCount
-(
- NSSPKIXPolicyMappings *policyMappings
-);
-
-/*
- * NSSPKIXPolicyMappings_GetPolicyMappings
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXpolicyMapping pointers upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXpolicyMapping **
-NSSPKIXPolicyMappings_GetPolicyMappings
-(
- NSSPKIXPolicyMappings *policyMappings
- NSSPKIXpolicyMapping *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPolicyMappings_SetPolicyMappings
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyMappings_SetPolicyMappings
-(
- NSSPKIXPolicyMappings *policyMappings
- NSSPKIXpolicyMapping *policyMapping[]
- PRInt32 count
-);
-
-/*
- * NSSPKIXPolicyMappings_GetPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXpolicyMapping upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXpolicyMapping *
-NSSPKIXPolicyMappings_GetPolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPolicyMappings_SetPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyMappings_SetPolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- PRInt32 i,
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * NSSPKIXPolicyMappings_InsertPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyMappings_InsertPolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- PRInt32 i,
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * NSSPKIXPolicyMappings_AppendPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyMappings_AppendPolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * NSSPKIXPolicyMappings_RemovePolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyMappings_RemovePolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- PRInt32 i
-);
-
-/*
- * NSSPKIXPolicyMappings_FindPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXPolicyMappings_FindPolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * NSSPKIXPolicyMappings_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPolicyMappings_Equal
-(
- NSSPKIXPolicyMappings *policyMappings1,
- NSSPKIXpolicyMappings *policyMappings2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPolicyMappings_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyMappings upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyMappings *
-NSSPKIXPolicyMappings_Duplicate
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPolicyMappings_IssuerDomainPolicyExists
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- *
- * Return value:
- * PR_TRUE if the specified domain policy OID exists
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPolicyMappings_IssuerDomainPolicyExists
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *issuerDomainPolicy,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPolicyMappings_SubjectDomainPolicyExists
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- *
- * Return value:
- * PR_TRUE if the specified domain policy OID exists
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPolicyMappings_SubjectDomainPolicyExists
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *subjectDomainPolicy,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPolicyMappings_FindIssuerDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXPolicyMappings_FindIssuerDomainPolicy
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *issuerDomainPolicy
-);
-
-/*
- * NSSPKIXPolicyMappings_FindSubjectDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXPolicyMappings_FindSubjectDomainPolicy
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *issuerDomainPolicy
-);
-
-/*
- * NSSPKIXPolicyMappings_MapIssuerToSubject
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NOT_FOUND
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertPolicyId upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertPolicyId *
-NSSPKIXPolicyMappings_MapIssuerToSubject
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *issuerDomainPolicy
-);
-
-/*
- * NSSPKIXPolicyMappings_MapSubjectToIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NOT_FOUND
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertPolicyId upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertPolicyId *
-NSSPKIXPolicyMappings_MapSubjectToIssuer
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *issuerDomainPolicy
-);
-
-/*
- * policyMapping
- *
- * Helper structure for PolicyMappings
- *
- * SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- * The public calls for this type:
- *
- * NSSPKIXpolicyMapping_Decode
- * NSSPKIXpolicyMapping_Create
- * NSSPKIXpolicyMapping_Destroy
- * NSSPKIXpolicyMapping_Encode
- * NSSPKIXpolicyMapping_GetIssuerDomainPolicy
- * NSSPKIXpolicyMapping_SetIssuerDomainPolicy
- * NSSPKIXpolicyMapping_GetSubjectDomainPolicy
- * NSSPKIXpolicyMapping_SetSubjectDomainPolicy
- * NSSPKIXpolicyMapping_Equal
- * NSSPKIXpolicyMapping_Duplicate
- *
- */
-
-/*
- * NSSPKIXpolicyMapping_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXpolicyMapping upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXpolicyMapping *
-NSSPKIXpolicyMapping_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXpolicyMapping_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- *
- * Return value:
- * A valid pointer to an NSSPKIXpolicyMapping upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXpolicyMapping *
-NSSPKIXpolicyMapping_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXCertPolicyId *issuerDomainPolicy,
- NSSPKIXCertPolicyId *subjectDomainPolicy
-);
-
-/*
- * NSSPKIXpolicyMapping_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXpolicyMapping_Destroy
-(
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * NSSPKIXpolicyMapping_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_DATA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXpolicyMapping_Encode
-(
- NSSPKIXpolicyMapping *policyMapping,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXpolicyMapping_GetIssuerDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertPolicyId OID upon success
- * NULL upon faliure
- */
-
-NSS_EXTERN NSSPKIXCertPolicyId *
-NSSPKIXpolicyMapping_GetIssuerDomainPolicy
-(
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * NSSPKIXpolicyMapping_SetIssuerDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXpolicyMapping_SetIssuerDomainPolicy
-(
- NSSPKIXpolicyMapping *policyMapping,
- NSSPKIXCertPolicyId *issuerDomainPolicy
-);
-
-/*
- * NSSPKIXpolicyMapping_GetSubjectDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertPolicyId OID upon success
- * NULL upon faliure
- */
-
-NSS_EXTERN NSSPKIXCertPolicyId *
-NSSPKIXpolicyMapping_GetSubjectDomainPolicy
-(
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * NSSPKIXpolicyMapping_SetSubjectDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXpolicyMapping_SetSubjectDomainPolicy
-(
- NSSPKIXpolicyMapping *policyMapping,
- NSSPKIXCertPolicyId *subjectDomainPolicy
-);
-
-/*
- * NSSPKIXpolicyMapping_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXpolicyMapping_Equal
-(
- NSSPKIXpolicyMapping *policyMapping1,
- NSSPKIXpolicyMapping *policyMapping2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXpolicyMapping_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXpolicyMapping upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXpolicyMapping *
-NSSPKIXpolicyMapping_Duplicate
-(
- NSSPKIXpolicyMapping *policyMapping,
- NSSArena *arenaOpt
-);
-
-/*
- * GeneralName
- *
- * This structure contains a union of the possible general names,
- * of which there are several.
- *
- * From RFC 2459:
- *
- * GeneralName ::= CHOICE {
- * otherName [0] AnotherName,
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER }
- *
- * The public calls for this type:
- *
- * NSSPKIXGeneralName_Decode
- * NSSPKIXGeneralName_CreateFromUTF8
- * NSSPKIXGeneralName_Create
- * NSSPKIXGeneralName_CreateFromOtherName
- * NSSPKIXGeneralName_CreateFromRfc822Name
- * NSSPKIXGeneralName_CreateFromDNSName
- * NSSPKIXGeneralName_CreateFromX400Address
- * NSSPKIXGeneralName_CreateFromDirectoryName
- * NSSPKIXGeneralName_CreateFromEDIPartyName
- * NSSPKIXGeneralName_CreateFromUniformResourceIdentifier
- * NSSPKIXGeneralName_CreateFromIPAddress
- * NSSPKIXGeneralName_CreateFromRegisteredID
- * NSSPKIXGeneralName_Destroy
- * NSSPKIXGeneralName_Encode
- * NSSPKIXGeneralName_GetUTF8Encoding
- * NSSPKIXGeneralName_GetChoice
- * NSSPKIXGeneralName_GetOtherName
- * NSSPKIXGeneralName_GetRfc822Name
- * NSSPKIXGeneralName_GetDNSName
- * NSSPKIXGeneralName_GetX400Address
- * NSSPKIXGeneralName_GetDirectoryName
- * NSSPKIXGeneralName_GetEDIPartyName
- * NSSPKIXGeneralName_GetUniformResourceIdentifier
- * NSSPKIXGeneralName_GetIPAddress
- * NSSPKIXGeneralName_GetRegisteredID
- * NSSPKIXGeneralName_GetSpecifiedChoice
- * NSSPKIXGeneralName_Equal
- * NSSPKIXGeneralName_Duplicate
- * (in pki1 I had specific attribute value gettors here too)
- *
- */
-
-/*
- * NSSPKIXGeneralName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXGeneralName_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * NSSPKIXGeneralName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME_CHOICE
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_INVALID_PKIX_IA5_STRING
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXGeneralNameChoice choice,
- void *content
-);
-
-/*
- * NSSPKIXGeneralName_CreateFromOtherName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_CreateFromOtherName
-(
- NSSArena *arenaOpt,
- NSSPKIXAnotherName *otherName
-);
-
-/*
- * NSSPKIXGeneralName_CreateFromRfc822Name
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_IA5_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_CreateFromRfc822Name
-(
- NSSArena *arenaOpt,
- NSSUTF8 *rfc822Name
-);
-
-/*
- * NSSPKIXGeneralName_CreateFromDNSName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_IA5_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_CreateFromDNSName
-(
- NSSArena *arenaOpt,
- NSSUTF8 *dNSName
-);
-
-/*
- * NSSPKIXGeneralName_CreateFromX400Address
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_CreateFromX400Address
-(
- NSSArena *arenaOpt,
- NSSPKIXORAddress *x400Address
-);
-
-/*
- * NSSPKIXGeneralName_CreateFromDirectoryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_CreateFromDirectoryName
-(
- NSSArena *arenaOpt,
- NSSPKIXName *directoryName
-);
-
-/*
- * NSSPKIXGeneralName_CreateFromEDIPartyName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_CreateFromEDIPartyName
-(
- NSSArena *arenaOpt,
- NSSPKIXEDIPartyName *ediPartyname
-);
-
-/*
- * NSSPKIXGeneralName_CreateFromUniformResourceIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_IA5_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_CreateFromUniformResourceIdentifier
-(
- NSSArena *arenaOpt,
- NSSUTF8 *uniformResourceIdentifier
-);
-
-/*
- * NSSPKIXGeneralName_CreateFromIPAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_CreateFromIPAddress
-(
- NSSArena *arenaOpt,
- NSSItem *iPAddress
-);
-
-/*
- * NSSPKIXGeneralName_CreateFromRegisteredID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_CreateFromRegisteredID
-(
- NSSArena *arenaOpt,
- NSSOID *registeredID
-);
-
-/*
- * NSSPKIXGeneralName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralName_Destroy
-(
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * NSSPKIXGeneralName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXGeneralName_Encode
-(
- NSSPKIXGeneralName *generalName,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralName_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXGeneralName_GetUTF8Encoding
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralName_GetChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- *
- * Return value:
- * A valid NSSPKIXGeneralNameChoice value upon success
- * NSSPKIXGeneralNameChoice_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNameChoice
-NSSPKIXGeneralName_GetChoice
-(
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * NSSPKIXGeneralName_GetOtherName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAnotherName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAnotherName *
-NSSPKIXGeneralName_GetOtherName
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralName_GetRfc822Name
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXGeneralName_GetRfc822Name
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralName_GetDNSName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXGeneralName_GetDNSName
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralName_GetX400Address
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXORAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXORAddress *
-NSSPKIXGeneralName_GetX400Address
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralName_GetDirectoryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-NSSPKIXGeneralName_GetDirectoryName
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralName_GetEDIPartyName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXEDIPartyName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXEDIPartyName *
-NSSPKIXGeneralName_GetEDIPartyName
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralName_GetUniformResourceIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXGeneralName_GetUniformResourceIdentifier
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralName_GetIPAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-NSSPKIXGeneralName_GetIPAddress
-(
- NSSPKIXGeneralName *generalName,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralName_GetRegisteredID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSOID upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSOID *
-NSSPKIXGeneralName_GetRegisteredID
-(
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * NSSPKIXGeneralName_GetSpecifiedChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN void *
-NSSPKIXGeneralName_GetSpecifiedChoice
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXGeneralName_Equal
-(
- NSSPKIXGeneralName *generalName1,
- NSSPKIXGeneralName *generalName2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXGeneralName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralName_Duplicate
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * (in pki1 I had specific attribute value gettors here too)
- *
- */
-
-/*
- * GeneralNames
- *
- * This structure contains a sequence of GeneralName objects.
- *
- * From RFC 2459:
- *
- * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
- *
- * The public calls for this type:
- *
- * NSSPKIXGeneralNames_Decode
- * NSSPKIXGeneralNames_Create
- * NSSPKIXGeneralNames_Destroy
- * NSSPKIXGeneralNames_Encode
- * NSSPKIXGeneralNames_GetGeneralNameCount
- * NSSPKIXGeneralNames_GetGeneralNames
- * NSSPKIXGeneralNames_SetGeneralNames
- * NSSPKIXGeneralNames_GetGeneralName
- * NSSPKIXGeneralNames_SetGeneralName
- * NSSPKIXGeneralNames_InsertGeneralName
- * NSSPKIXGeneralNames_AppendGeneralName
- * NSSPKIXGeneralNames_RemoveGeneralName
- * NSSPKIXGeneralNames_FindGeneralName
- * NSSPKIXGeneralNames_Equal
- * NSSPKIXGeneralNames_Duplicate
- *
- */
-
-/*
- * NSSPKIXGeneralNames_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNames *
-NSSPKIXGeneralNames_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXGeneralNames_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNames *
-NSSPKIXGeneralNames_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXGeneralName *generalName1,
- ...
-);
-
-/*
- * NSSPKIXGeneralNames_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralNames_Destroy
-(
- NSSPKIXGeneralNames *generalNames
-);
-
-/*
- * NSSPKIXGeneralNames_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXGeneralNames_Encode
-(
- NSSPKIXGeneralNames *generalNames,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralNames_GetGeneralNameCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXGeneralNames_GetGeneralNameCount
-(
- NSSPKIXGeneralNames *generalNames
-);
-
-/*
- * NSSPKIXGeneralNames_GetGeneralNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXGeneralName pointers upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName **
-NSSPKIXGeneralNames_GetGeneralNames
-(
- NSSPKIXGeneralNames *generalNames,
- NSSPKIXGeneralName *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralNames_SetGeneralNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralNames_SetGeneralNames
-(
- NSSPKIXGeneralNames *generalNames,
- NSSPKIXGeneralName *generalName[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXGeneralNames_GetGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralNames_GetGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralNames_SetGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralNames_SetGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- PRInt32 i,
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * NSSPKIXGeneralNames_InsertGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralNames_InsertGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- PRInt32 i,
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * NSSPKIXGeneralNames_AppendGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralNames_AppendGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * NSSPKIXGeneralNames_RemoveGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralNames_RemoveGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- PRInt32 i
-);
-
-/*
- * NSSPKIXGeneralNames_FindGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXGeneralNames_FindGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * NSSPKIXGeneralNames_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXGeneralNames_Equal
-(
- NSSPKIXGeneralNames *generalNames1,
- NSSPKIXGeneralNames *generalNames2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXGeneralNames_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNames *
-NSSPKIXGeneralNames_Duplicate
-(
- NSSPKIXGeneralNames *generalNames,
- NSSArena *arenaOpt
-);
-
-/*
- * AnotherName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AnotherName ::= SEQUENCE {
- * type-id OBJECT IDENTIFIER,
- * value [0] EXPLICIT ANY DEFINED BY type-id }
- *
- * The public calls for this type:
- *
- * NSSPKIXAnotherName_Decode
- * NSSPKIXAnotherName_Create
- * NSSPKIXAnotherName_Destroy
- * NSSPKIXAnotherName_Encode
- * NSSPKIXAnotherName_GetTypeId
- * NSSPKIXAnotherName_SetTypeId
- * NSSPKIXAnotherName_GetValue
- * NSSPKIXAnotherName_SetValue
- * NSSPKIXAnotherName_Equal
- * NSSPKIXAnotherName_Duplicate
- *
- */
-
-/*
- * NSSPKIXAnotherName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAnotherName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAnotherName *
-NSSPKIXAnotherName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXAnotherName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAnotherName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAnotherName *
-NSSPKIXAnotherName_Create
-(
- NSSArena *arenaOpt,
- NSSOID *typeId,
- NSSItem *value
-);
-
-/*
- * NSSPKIXAnotherName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAnotherName_Destroy
-(
- NSSPKIXAnotherName *anotherName
-);
-
-/*
- * NSSPKIXAnotherName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXAnotherName_Encode
-(
- NSSPKIXAnotherName *anotherName,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAnotherName_GetTypeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSOID upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSOID *
-NSSPKIXAnotherName_GetTypeId
-(
- NSSPKIXAnotherName *anotherName
-);
-
-/*
- * NSSPKIXAnotherName_SetTypeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAnotherName_SetTypeId
-(
- NSSPKIXAnotherName *anotherName,
- NSSOID *typeId
-);
-
-/*
- * NSSPKIXAnotherName_GetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-NSSPKIXAnotherName_GetValue
-(
- NSSPKIXAnotherName *anotherName,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAnotherName_SetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAnotherName_SetValue
-(
- NSSPKIXAnotherName *anotherName,
- NSSItem *value
-);
-
-/*
- * NSSPKIXAnotherName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXAnotherName_Equal
-(
- NSSPKIXAnotherName *anotherName1,
- NSSPKIXAnotherName *anotherName2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXAnotherName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAnotherName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAnotherName *
-NSSPKIXAnotherName_Duplicate
-(
- NSSPKIXAnotherName *anotherName,
- NSSArena *arenaOpt
-);
-
-/*
- * EDIPartyName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- *
- * EDIPartyName ::= SEQUENCE {
- * nameAssigner [0] DirectoryString OPTIONAL,
- * partyName [1] DirectoryString }
- *
- * The public calls for this type:
- *
- * NSSPKIXEDIPartyName_Decode
- * NSSPKIXEDIPartyName_Create
- * NSSPKIXEDIPartyName_Destroy
- * NSSPKIXEDIPartyName_Encode
- * NSSPKIXEDIPartyName_HasNameAssigner
- * NSSPKIXEDIPartyName_GetNameAssigner
- * NSSPKIXEDIPartyName_SetNameAssigner
- * NSSPKIXEDIPartyName_RemoveNameAssigner
- * NSSPKIXEDIPartyName_GetPartyName
- * NSSPKIXEDIPartyName_SetPartyName
- * NSSPKIXEDIPartyName_Equal
- * NSSPKIXEDIPartyName_Duplicate
- *
- */
-
-/*
- * NSSPKIXEDIPartyName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXEDIPartyName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXEDIPartyName *
-NSSPKIXEDIPartyName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXEDIPartyName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXEDIPartyName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXEDIPartyName *
-NSSPKIXEDIPartyName_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *nameAssignerOpt,
- NSSUTF8 *partyName
-);
-
-/*
- * NSSPKIXEDIPartyName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXEDIPartyName_Destroy
-(
- NSSPKIXEDIPartyName *ediPartyName
-);
-
-/*
- * NSSPKIXEDIPartyName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXEDIPartyName_Encode
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXEDIPartyName_HasNameAssigner
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXEDIPartyName_HasNameAssigner
-(
- NSSPKIXEDIPartyName *ediPartyName
-);
-
-/*
- * NSSPKIXEDIPartyName_GetNameAssigner
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_NAME_ASSIGNER
- *
- * Return value:
- * A valid pointer to an NSSUTF8 string upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXEDIPartyName_GetNameAssigner
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXEDIPartyName_SetNameAssigner
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXEDIPartyName_SetNameAssigner
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSUTF8 *nameAssigner
-);
-
-/*
- * NSSPKIXEDIPartyName_RemoveNameAssigner
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_HAS_NO_NAME_ASSIGNER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXEDIPartyName_RemoveNameAssigner
-(
- NSSPKIXEDIPartyName *ediPartyName
-);
-
-/*
- * NSSPKIXEDIPartyName_GetPartyName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 string upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSPKIXEDIPartyName_GetPartyName
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXEDIPartyName_SetPartyName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXEDIPartyName_SetPartyName
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSUTF8 *partyName
-);
-
-/*
- * NSSPKIXEDIPartyName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXEDIPartyName_Equal
-(
- NSSPKIXEDIPartyName *ediPartyName1,
- NSSPKIXEDIPartyName *ediPartyName2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXEDIPartyName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXEDIPartyName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXEDIPartyName *
-NSSPKIXEDIPartyName_Duplicate
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSArena *arenaOpt
-);
-
-/*
- * SubjectDirectoryAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
- *
- * The public calls for this type:
- *
- * NSSPKIXSubjectDirectoryAttributes_Decode
- * NSSPKIXSubjectDirectoryAttributes_Create
- * NSSPKIXSubjectDirectoryAttributes_Destroy
- * NSSPKIXSubjectDirectoryAttributes_Encode
- * NSSPKIXSubjectDirectoryAttributes_GetAttributeCount
- * NSSPKIXSubjectDirectoryAttributes_GetAttributes
- * NSSPKIXSubjectDirectoryAttributes_SetAttributes
- * NSSPKIXSubjectDirectoryAttributes_GetAttribute
- * NSSPKIXSubjectDirectoryAttributes_SetAttribute
- * NSSPKIXSubjectDirectoryAttributes_InsertAttribute
- * NSSPKIXSubjectDirectoryAttributes_AppendAttribute
- * NSSPKIXSubjectDirectoryAttributes_RemoveAttribute
- * NSSPKIXSubjectDirectoryAttributes_FindAttribute
- * NSSPKIXSubjectDirectoryAttributes_Equal
- * NSSPKIXSubjectDirectoryAttributes_Duplicate
- *
- */
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectDirectoryAttributes upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectDirectoryAttributes *
-NSSPKIXSubjectDirectoryAttributes_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectDirectoryAttributes upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectDirectoryAttributes *
-NSSPKIXSubjectDirectoryAttributes_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttribute *attribute1,
- ...
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXSubjectDirectoryAttributes_Destroy
-(
- NSSPKIXSubjectDirectoryAttributes *sda
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXSubjectDirectoryAttributes_Encode
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_GetAttributeCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXSubjectDirectoryAttributes_GetAttributeCount
-(
- NSSPKIXSubjectDirectoryAttributes *sda
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_GetAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXAttribute pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttribute **
-NSSPKIXSubjectDirectoryAttributes_GetAttributes
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSPKIXAttribute *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_SetAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXSubjectDirectoryAttributes_SetAttributes
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSAttribute *attributes[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_GetAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon error
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-NSSPKIXSubjectDirectoryAttributes_GetAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_SetAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXSubjectDirectoryAttributes_SetAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- PRInt32 i,
- NSSPKIXAttribute *attribute
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_InsertAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXSubjectDirectoryAttributes_InsertAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- PRInt32 i,
- NSSPKIXAttribute *attribute
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_AppendAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXSubjectDirectoryAttributes_AppendAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSPKIXAttribute *attribute
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_RemoveAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXSubjectDirectoryAttributes_RemoveAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- PRInt32 i
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_FindAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_ATTRIBUTE
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXSubjectDirectoryAttributes_FindAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSPKIXAttribute *attribute
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXSubjectDirectoryAttributes_Equal
-(
- NSSPKIXSubjectDirectoryAttributes *sda1,
- NSSPKIXSubjectDirectoryAttributes *sda2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXSubjectDirectoryAttributes_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectDirectoryAttributes upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectDirectoryAttributes *
-NSSPKIXSubjectDirectoryAttributes_Duplicate
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSArena *arenaOpt
-);
-
-/*
- * BasicConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BasicConstraints ::= SEQUENCE {
- * cA BOOLEAN DEFAULT FALSE,
- * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
- *
- * The public calls for this type:
- *
- * NSSPKIXBasicConstraints_Decode
- * NSSPKIXBasicConstraints_Create
- * NSSPKIXBasicConstraints_Destroy
- * NSSPKIXBasicConstraints_Encode
- * NSSPKIXBasicConstraints_GetCA
- * NSSPKIXBasicConstraints_SetCA
- * NSSPKIXBasicConstraints_HasPathLenConstraint
- * NSSPKIXBasicConstraints_GetPathLenConstraint
- * NSSPKIXBasicConstraints_SetPathLenConstraint
- * NSSPKIXBasicConstraints_RemovePathLenConstraint
- * NSSPKIXBasicConstraints_Equal
- * NSSPKIXBasicConstraints_Duplicate
- * NSSPKIXBasicConstraints_CompareToPathLenConstraint
- *
- */
-
-/*
- * NSSPKIXBasicConstraints_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBasicConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBasicConstraints *
-NSSPKIXBasicConstraints_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXBasicConstraints_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * A valid pointer to an NSSPKIXBasicConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBasicConstraints *
-NSSPKIXBasicConstraints_Create
-(
- NSSArena *arenaOpt,
- PRBool ca,
- PRInt32 pathLenConstraint
-);
-
-/*
- * NSSPKIXBasicConstraints_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBasicConstraints_Destroy
-(
- NSSPKIXBasicConstraints *basicConstraints
-);
-
-/*
- * NSSPKIXBasicConstraints_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXBasicConstraints_Encode
-(
- NSSPKIXBasicConstraints *basicConstraints,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBasicConstraints_GetCA
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if the CA bit is true
- * PR_FALSE if it isn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBasicConstraints_GetCA
-(
- NSSPKIXBasicConstraints *basicConstraints,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBasicConstraints_SetCA
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBasicConstraints_SetCA
-(
- NSSPKIXBasicConstraints *basicConstraints,
- PRBool ca
-);
-
-/*
- * NSSPKIXBasicConstraints_HasPathLenConstraint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBasicConstraints_HasPathLenConstraint
-(
- NSSPKIXBasicConstraints *basicConstraints,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBasicConstraints_GetPathLenConstraint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_HAS_NO_PATH_LEN_CONSTRAINT
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXBasicConstraints_GetPathLenConstraint
-(
- NSSPKIXBasicConstraints *basicConstraints
-);
-
-/*
- * NSSPKIXBasicConstraints_SetPathLenConstraint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBasicConstraints_SetPathLenConstraint
-(
- NSSPKIXBasicConstraints *basicConstraints,
- PRInt32 pathLenConstraint
-);
-
-/*
- * NSSPKIXBasicConstraints_RemovePathLenConstraint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_HAS_NO_PATH_LEN_CONSTRAINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXBasicConstraints_RemovePathLenConstraint
-(
- NSSPKIXBasicConstraints *basicConstraints
-);
-
-/*
- * NSSPKIXBasicConstraints_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXBasicConstraints_Equal
-(
- NSSPKIXBasicConstraints *basicConstraints1,
- NSSPKIXBasicConstraints *basicConstraints2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXBasicConstraints_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXBasicConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBasicConstraints *
-NSSPKIXBasicConstraints_Duplicate
-(
- NSSPKIXBasicConstraints *basicConstraints,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXBasicConstraints_CompareToPathLenConstraint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_HAS_NO_PATH_LEN_CONSTRAINT
- *
- * Return value:
- * 1 if the specified value is greater than the pathLenConstraint
- * 0 if the specified value equals the pathLenConstraint
- * -1 if the specified value is less than the pathLenConstraint
- * -2 upon error
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXBasicConstraints_CompareToPathLenConstraint
-(
- NSSPKIXBasicConstraints *basicConstraints,
- PRInt32 value
-);
-
-/*
- * NameConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NameConstraints ::= SEQUENCE {
- * permittedSubtrees [0] GeneralSubtrees OPTIONAL,
- * excludedSubtrees [1] GeneralSubtrees OPTIONAL }
- *
- * The public calls for this type:
- *
- * NSSPKIXNameConstraints_Decode
- * NSSPKIXNameConstraints_Create
- * NSSPKIXNameConstraints_Destroy
- * NSSPKIXNameConstraints_Encode
- * NSSPKIXNameConstraints_HasPermittedSubtrees
- * NSSPKIXNameConstraints_GetPermittedSubtrees
- * NSSPKIXNameConstraints_SetPermittedSubtrees
- * NSSPKIXNameConstraints_RemovePermittedSubtrees
- * NSSPKIXNameConstraints_HasExcludedSubtrees
- * NSSPKIXNameConstraints_GetExcludedSubtrees
- * NSSPKIXNameConstraints_SetExcludedSubtrees
- * NSSPKIXNameConstraints_RemoveExcludedSubtrees
- * NSSPKIXNameConstraints_Equal
- * NSSPKIXNameConstraints_Duplicate
- * { and the comparator functions }
- *
- */
-
-/*
- * NSSPKIXNameConstraints_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNameConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNameConstraints *
-NSSPKIXNameConstraints_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXNameConstraints_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- *
- * Return value:
- * A valid pointer to an NSSPKIXNameConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNameConstraints *
-NSSPKIXNameConstraints_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXGeneralSubtrees *permittedSubtrees,
- NSSPKIXGeneralSubtrees *excludedSubtrees
-);
-
-/*
- * NSSPKIXNameConstraints_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNameConstraints_Destroy
-(
- NSSPKIXNameConstraints *nameConstraints
-);
-
-/*
- * NSSPKIXNameConstraints_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXNameConstraints_Encode
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXNameConstraints_HasPermittedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXNameConstraints_HasPermittedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXNameConstraints_GetPermittedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_HAS_NO_PERMITTED_SUBTREES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtrees upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtrees *
-NSSPKIXNameConstraints_GetPermittedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXNameConstraints_SetPermittedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNameConstraints_SetPermittedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSPKIXGeneralSubtrees *permittedSubtrees
-);
-
-/*
- * NSSPKIXNameConstraints_RemovePermittedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_HAS_NO_PERMITTED_SUBTREES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNameConstraints_RemovePermittedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints
-);
-
-/*
- * NSSPKIXNameConstraints_HasExcludedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXNameConstraints_HasExcludedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXNameConstraints_GetExcludedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_HAS_NO_EXCLUDED_SUBTREES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtrees upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtrees *
-NSSPKIXNameConstraints_GetExcludedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXNameConstraints_SetExcludedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNameConstraints_SetExcludedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSPKIXGeneralSubtrees *excludedSubtrees
-);
-
-/*
- * NSSPKIXNameConstraints_RemoveExcludedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_HAS_NO_EXCLUDED_SUBTREES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXNameConstraints_RemoveExcludedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints
-);
-
-/*
- * NSSPKIXNameConstraints_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXNameConstraints_Equal
-(
- NSSPKIXNameConstraints *nameConstraints1,
- NSSPKIXNameConstraints *nameConstraints2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXNameConstraints_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXNameConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNameConstraints *
-NSSPKIXNameConstraints_Duplicate
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSArena *arenaOpt
-);
-
-/*
- * { and the comparator functions }
- *
- */
-
-/*
- * GeneralSubtrees
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
- *
- * The public calls for this type:
- *
- * NSSPKIXGeneralSubtrees_Decode
- * NSSPKIXGeneralSubtrees_Create
- * NSSPKIXGeneralSubtrees_Destroy
- * NSSPKIXGeneralSubtrees_Encode
- * NSSPKIXGeneralSubtrees_GetGeneralSubtreeCount
- * NSSPKIXGeneralSubtrees_GetGeneralSubtrees
- * NSSPKIXGeneralSubtrees_SetGeneralSubtrees
- * NSSPKIXGeneralSubtrees_GetGeneralSubtree
- * NSSPKIXGeneralSubtrees_SetGeneralSubtree
- * NSSPKIXGeneralSubtrees_InsertGeneralSubtree
- * NSSPKIXGeneralSubtrees_AppendGeneralSubtree
- * NSSPKIXGeneralSubtrees_RemoveGeneralSubtree
- * NSSPKIXGeneralSubtrees_FindGeneralSubtree
- * NSSPKIXGeneralSubtrees_Equal
- * NSSPKIXGeneralSubtrees_Duplicate
- * { and finders and comparators }
- *
- */
-
-/*
- * NSSPKIXGeneralSubtrees_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtrees upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtrees *
-NSSPKIXGeneralSubtrees_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXGeneralSubtrees_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtrees upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtrees *
-NSSPKIXGeneralSubtrees_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXGeneralSubtree *generalSubtree1,
- ...
-);
-
-/*
- * NSSPKIXGeneralSubtrees_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralSubtrees_Destroy
-(
- NSSPKIXGeneralSubtrees *generalSubtrees
-);
-
-/*
- * NSSPKIXGeneralSubtrees_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXGeneralSubtrees_Encode
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralSubtrees_GetGeneralSubtreeCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXGeneralSubtrees_GetGeneralSubtreeCount
-(
- NSSPKIXGeneralSubtrees *generalSubtrees
-);
-
-/*
- * NSSPKIXGeneralSubtrees_GetGeneralSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXGeneralSubtree pointers upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtree **
-NSSPKIXGeneralSubtrees_GetGeneralSubtrees
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSPKIXGeneralSubtree *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralSubtrees_SetGeneralSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralSubtrees_SetGeneralSubtrees
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSPKIXGeneralSubtree *generalSubtree[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXGeneralSubtrees_GetGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtree upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtree *
-NSSPKIXGeneralSubtrees_GetGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralSubtrees_SetGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralSubtrees_SetGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- PRInt32 i,
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * NSSPKIXGeneralSubtrees_InsertGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralSubtrees_InsertGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- PRInt32 i,
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * NSSPKIXGeneralSubtrees_AppendGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralSubtrees_AppendGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * NSSPKIXGeneralSubtrees_RemoveGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralSubtrees_RemoveGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- PRInt32 i
-);
-
-/*
- * NSSPKIXGeneralSubtrees_FindGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXGeneralSubtrees_FindGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * NSSPKIXGeneralSubtrees_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXGeneralSubtrees_Equal
-(
- NSSPKIXGeneralSubtrees *generalSubtrees1,
- NSSPKIXGeneralSubtrees *generalSubtrees2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXGeneralSubtrees_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtrees upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtrees *
-NSSPKIXGeneralSubtrees_Duplicate
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSArena *arenaOpt
-);
-
-/*
- * { and finders and comparators }
- *
- */
-
-/*
- * GeneralSubtree
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * GeneralSubtree ::= SEQUENCE {
- * base GeneralName,
- * minimum [0] BaseDistance DEFAULT 0,
- * maximum [1] BaseDistance OPTIONAL }
- *
- * The public calls for this type:
- *
- * NSSPKIXGeneralSubtree_Decode
- * NSSPKIXGeneralSubtree_Create
- * NSSPKIXGeneralSubtree_Destroy
- * NSSPKIXGeneralSubtree_Encode
- * NSSPKIXGeneralSubtree_GetBase
- * NSSPKIXGeneralSubtree_SetBase
- * NSSPKIXGeneralSubtree_GetMinimum
- * NSSPKIXGeneralSubtree_SetMinimum
- * NSSPKIXGeneralSubtree_HasMaximum
- * NSSPKIXGeneralSubtree_GetMaximum
- * NSSPKIXGeneralSubtree_SetMaximum
- * NSSPKIXGeneralSubtree_RemoveMaximum
- * NSSPKIXGeneralSubtree_Equal
- * NSSPKIXGeneralSubtree_Duplicate
- * NSSPKIXGeneralSubtree_DistanceInRange
- * {other tests and comparators}
- *
- */
-
-/*
- * NSSPKIXGeneralSubtree_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtree upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtree *
-NSSPKIXGeneralSubtree_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXGeneralSubtree_Create
- *
- * -- fgmr comments --
- * The optional maximum value may be omitted by specifying -1.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtree upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtree *
-NSSPKIXGeneralSubtree_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXBaseDistance minimum,
- NSSPKIXBaseDistance maximumOpt
-);
-
-/*
- * NSSPKIXGeneralSubtree_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralSubtree_Destroy
-(
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * NSSPKIXGeneralSubtree_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXGeneralSubtree_Encode
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralSubtree_GetBase
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXGeneralSubtree_GetBase
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralSubtree_SetBase
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralSubtree_SetBase
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSPKIXGeneralName *base
-);
-
-/*
- * NSSPKIXGeneralSubtree_GetMinimum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN NSSPKIXBaseDistance
-NSSPKIXGeneralSubtree_GetMinimum
-(
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * NSSPKIXGeneralSubtree_SetMinimum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralSubtree_SetMinimum
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSPKIXBaseDistance *minimum
-);
-
-/*
- * NSSPKIXGeneralSubtree_HasMaximum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXGeneralSubtree_HasMaximum
-(
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * NSSPKIXGeneralSubtree_GetMaximum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_HAS_NO_MAXIMUM_BASE_DISTANCE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN NSSPKIXBaseDistance
-NSSPKIXGeneralSubtree_GetMaximum
-(
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * NSSPKIXGeneralSubtree_SetMaximum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralSubtree_SetMaximum
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSPKIXBaseDistance *maximum
-);
-
-/*
- * NSSPKIXGeneralSubtree_RemoveMaximum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_HAS_NO_MAXIMUM_BASE_DISTANCE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXGeneralSubtree_RemoveMaximum
-(
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * NSSPKIXGeneralSubtree_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXGeneralSubtree_Equal
-(
- NSSPKIXGeneralSubtree *generalSubtree1,
- NSSPKIXGeneralSubtree *generalSubtree2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXGeneralSubtree_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtree upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtree *
-NSSPKIXGeneralSubtree_Duplicate
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXGeneralSubtree_DistanceInRange
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_TRUE if the specified value is within the minimum and maximum
- * base distances
- * PR_FALSE if it isn't
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXGeneralSubtree_DistanceInRange
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSPKIXBaseDistance value,
- PRStatus *statusOpt
-);
-
-/*
- * {other tests and comparators}
- *
- */
-
-/*
- * PolicyConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyConstraints ::= SEQUENCE {
- * requireExplicitPolicy [0] SkipCerts OPTIONAL,
- * inhibitPolicyMapping [1] SkipCerts OPTIONAL }
- *
- * The public calls for this type:
- *
- * NSSPKIXPolicyConstraints_Decode
- * NSSPKIXPolicyConstraints_Create
- * NSSPKIXPolicyConstraints_Destroy
- * NSSPKIXPolicyConstraints_Encode
- * NSSPKIXPolicyConstraints_HasRequireExplicitPolicy
- * NSSPKIXPolicyConstraints_GetRequireExplicitPolicy
- * NSSPKIXPolicyConstraints_SetRequireExplicitPolicy
- * NSSPKIXPolicyConstraints_RemoveRequireExplicitPolicy
- * NSSPKIXPolicyConstraints_HasInhibitPolicyMapping
- * NSSPKIXPolicyConstraints_GetInhibitPolicyMapping
- * NSSPKIXPolicyConstraints_SetInhibitPolicyMapping
- * NSSPKIXPolicyConstraints_RemoveInhibitPolicyMapping
- * NSSPKIXPolicyConstraints_Equal
- * NSSPKIXPolicyConstraints_Duplicate
- *
- */
-
-/*
- * NSSPKIXPolicyConstraints_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyConstraints *
-NSSPKIXPolicyConstraints_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXPolicyConstraints_Create
- *
- * -- fgmr comments --
- * The optional values may be omitted by specifying -1.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyConstraints *
-NSSPKIXPolicyConstraints_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXSkipCerts requireExplicitPolicy,
- NSSPKIXSkipCerts inhibitPolicyMapping
-);
-
-/*
- * NSSPKIXPolicyConstraints_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyConstraints_Destroy
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * NSSPKIXPolicyConstraints_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXPolicyConstraints_Encode
-(
- NSSPKIXPolicyConstraints *policyConstraints,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXPolicyConstraints_HasRequireExplicitPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPolicyConstraints_HasRequireExplicitPolicy
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * NSSPKIXPolicyConstraints_GetRequireExplicitPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_HAS_NO_REQUIRE_EXPLICIT_POLICY
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXPolicyConstraints_GetRequireExplicitPolicy
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * NSSPKIXPolicyConstraints_SetRequireExplicitPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyConstraints_SetRequireExplicitPolicy
-(
- NSSPKIXPolicyConstraints *policyConstraints,
- NSSPKIXSkipCerts requireExplicitPolicy
-);
-
-/*
- * NSSPKIXPolicyConstraints_RemoveRequireExplicitPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_HAS_NO_REQUIRE_EXPLICIT_POLICY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyConstraints_RemoveRequireExplicitPolicy
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * NSSPKIXPolicyConstraints_HasInhibitPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPolicyConstraints_HasInhibitPolicyMapping
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * NSSPKIXPolicyConstraints_GetInhibitPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_HAS_NO_INHIBIT_POLICY_MAPPING
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXPolicyConstraints_GetInhibitPolicyMapping
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * NSSPKIXPolicyConstraints_SetInhibitPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyConstraints_SetInhibitPolicyMapping
-(
- NSSPKIXPolicyConstraints *policyConstraints,
- NSSPKIXSkipCerts inhibitPolicyMapping
-);
-
-/*
- * NSSPKIXPolicyConstraints_RemoveInhibitPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_HAS_NO_INHIBIT_POLICY_MAPPING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXPolicyConstraints_RemoveInhibitPolicyMapping
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * NSSPKIXPolicyConstraints_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXPolicyConstraints_Equal
-(
- NSSPKIXPolicyConstraints *policyConstraints1,
- NSSPKIXPolicyConstraints *policyConstraints2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXPolicyConstraints_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyConstraints *
-NSSPKIXPolicyConstraints_Duplicate
-(
- NSSPKIXPolicyConstraints *policyConstraints,
- NSSArena *arenaOpt
-);
-
-/*
- * CRLDistPointsSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
- *
- * The public calls for this type:
- *
- * NSSPKIXCRLDistPointsSyntax_Decode
- * NSSPKIXCRLDistPointsSyntax_Create
- * NSSPKIXCRLDistPointsSyntax_Destroy
- * NSSPKIXCRLDistPointsSyntax_Encode
- * NSSPKIXCRLDistPointsSyntax_GetDistributionPointCount
- * NSSPKIXCRLDistPointsSyntax_GetDistributionPoints
- * NSSPKIXCRLDistPointsSyntax_SetDistributionPoints
- * NSSPKIXCRLDistPointsSyntax_GetDistributionPoint
- * NSSPKIXCRLDistPointsSyntax_SetDistributionPoint
- * NSSPKIXCRLDistPointsSyntax_InsertDistributionPoint
- * NSSPKIXCRLDistPointsSyntax_AppendDistributionPoint
- * NSSPKIXCRLDistPointsSyntax_RemoveDistributionPoint
- * NSSPKIXCRLDistPointsSyntax_FindDistributionPoint
- * NSSPKIXCRLDistPointsSyntax_Equal
- * NSSPKIXCRLDistPointsSyntax_Duplicate
- *
- */
-
-/*
- * NSSPKIXCRLDistPointsSyntax_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCRLDistPointsSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCRLDistPointsSyntax *
-NSSPKIXCRLDistPointsSyntax_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * A valid pointer to an NSSPKIXCRLDistPointsSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCRLDistPointsSyntax *
-NSSPKIXCRLDistPointsSyntax_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXDistributionPoint *distributionPoint1,
- ...
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCRLDistPointsSyntax_Destroy
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXCRLDistPointsSyntax_Encode
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_GetDistributionPointCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXCRLDistPointsSyntax_GetDistributionPointCount
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_GetDistributionPoints
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXDistributionPoint pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPoints **
-NSSPKIXCRLDistPointsSyntax_GetDistributionPoints
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSDistributionPoint *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_SetDistributionPoints
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCRLDistPointsSyntax_SetDistributionPoints
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSDistributionPoint *distributionPoint[]
- PRInt32 count
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_GetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPoint *
-NSSPKIXCRLDistPointsSyntax_GetDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_SetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCRLDistPointsSyntax_SetDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- PRInt32 i,
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_InsertDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCRLDistPointsSyntax_InsertDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- PRInt32 i,
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_AppendDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCRLDistPointsSyntax_AppendDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_RemoveDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXCRLDistPointsSyntax_RemoveDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- PRInt32 i
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_FindDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXCRLDistPointsSyntax_FindDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXCRLDistPointsSyntax_Equal
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax1,
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXCRLDistPointsSyntax_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCRLDistPointsSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCRLDistPointsSyntax *
-NSSPKIXCRLDistPointsSyntax_Duplicate
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSArena *arenaOpt
-);
-
-/*
- * DistributionPoint
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DistributionPoint ::= SEQUENCE {
- * distributionPoint [0] DistributionPointName OPTIONAL,
- * reasons [1] ReasonFlags OPTIONAL,
- * cRLIssuer [2] GeneralNames OPTIONAL }
- *
- * The public calls for this type:
- *
- * NSSPKIXDistributionPoint_Decode
- * NSSPKIXDistributionPoint_Create
- * NSSPKIXDistributionPoint_Destroy
- * NSSPKIXDistributionPoint_Encode
- * NSSPKIXDistributionPoint_HasDistributionPoint
- * NSSPKIXDistributionPoint_GetDistributionPoint
- * NSSPKIXDistributionPoint_SetDistributionPoint
- * NSSPKIXDistributionPoint_RemoveDistributionPoint
- * NSSPKIXDistributionPoint_HasReasons
- * NSSPKIXDistributionPoint_GetReasons
- * NSSPKIXDistributionPoint_SetReasons
- * NSSPKIXDistributionPoint_RemoveReasons
- * NSSPKIXDistributionPoint_HasCRLIssuer
- * NSSPKIXDistributionPoint_GetCRLIssuer
- * NSSPKIXDistributionPoint_SetCRLIssuer
- * NSSPKIXDistributionPoint_RemoveCRLIssuer
- * NSSPKIXDistributionPoint_Equal
- * NSSPKIXDistributionPoint_Duplicate
- *
- */
-
-/*
- * NSSPKIXDistributionPoint_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPoint *
-NSSPKIXDistributionPoint_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXDistributionPoint_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPoint *
-NSSPKIXDistributionPoint_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXDistributionPointName *distributionPoint,
- NSSPKIXReasonFlags reasons,
- NSSPKIXGeneralNames *cRLIssuer
-);
-
-/*
- * NSSPKIXDistributionPoint_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXDistributionPoint_Destroy
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * NSSPKIXDistributionPoint_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXDistributionPoint_Encode
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXDistributionPoint_HasDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXDistributionPoint_HasDistributionPoint
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * NSSPKIXDistributionPoint_GetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-NSSPKIXDistributionPoint_GetDistributionPoint
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXDistributionPoint_SetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXDistributionPoint_SetDistributionPoint
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSPKIXDistributionPointName *name
-);
-
-/*
- * NSSPKIXDistributionPoint_RemoveDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXDistributionPoint_RemoveDistributionPoint
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * NSSPKIXDistributionPoint_HasReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXDistributionPoint_HasReasons
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * NSSPKIXDistributionPoint_GetReasons
- *
- * It is unlikely that the reason flags are all zero; so zero is
- * returned in error situations.
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_REASONS
- *
- * Return value:
- * A valid nonzero NSSPKIXReasonFlags value upon success
- * A valid zero NSSPKIXReasonFlags if the value is indeed zero
- * Zero upon error
- */
-
-NSS_EXTERN NSSPKIXReasonFlags
-NSSPKIXDistributionPoint_GetReasons
-(
- NSSPKIXDistributionPoint *distributionPoint,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXDistributionPoint_SetReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXDistributionPoint_SetReasons
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSPKIXReasonFlags reasons
-);
-
-/*
- * NSSPKIXDistributionPoint_RemoveReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_REASONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXDistributionPoint_RemoveReasons
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * NSSPKIXDistributionPoint_HasCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXDistributionPoint_HasCRLIssuer
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * NSSPKIXDistributionPoint_GetCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_CRL_ISSUER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNames *
-NSSPKIXDistributionPoint_GetCRLIssuer
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXDistributionPoint_SetCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXDistributionPoint_SetCRLIssuer
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSPKIXGeneralNames *cRLIssuer
-);
-
-/*
- * NSSPKIXDistributionPoint_RemoveCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_CRL_ISSUER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXDistributionPoint_RemoveCRLIssuer
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * NSSPKIXDistributionPoint_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXDistributionPoint_Equal
-(
- NSSPKIXDistributionPoint *distributionPoint1,
- NSSPKIXDistributionPoint *distributionPoint2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXDistributionPoint_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPoint *
-NSSPKIXDistributionPoint_Duplicate
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSArena *arenaOpt
-);
-
-/*
- * DistributionPointName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DistributionPointName ::= CHOICE {
- * fullName [0] GeneralNames,
- * nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
- *
- * The public calls for this type:
- *
- * NSSPKIXDistributionPointName_Decode
- * NSSPKIXDistributionPointName_Create
- * NSSPKIXDistributionPointName_CreateFromFullName
- * NSSPKIXDistributionPointName_CreateFromNameRelativeToCRLIssuer
- * NSSPKIXDistributionPointName_Destroy
- * NSSPKIXDistributionPointName_Encode
- * NSSPKIXDistributionPointName_GetChoice
- * NSSPKIXDistributionPointName_GetFullName
- * NSSPKIXDistributionPointName_GetNameRelativeToCRLIssuer
- * NSSPKIXDistributionPointName_Equal
- * NSSPKIXDistributionPointName_Duplicate
- *
- */
-
-/*
- * NSSPKIXDistributionPointName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-NSSPKIXDistributionPointName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXDistributionPointName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME_CHOICE
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_RELATIVE_DISTINGUISHED_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-NSSPKIXDistributionPointName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXDistributionPointNameChoice which,
- void *name
-);
-
-/*
- * NSSPKIXDistributionPointName_CreateFromFullName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-NSSPKIXDistributionPointName_CreateFromFullName
-(
- NSSArena *arenaOpt,
- NSSPKIXGeneralNames *fullName
-);
-
-/*
- * NSSPKIXDistributionPointName_CreateFromNameRelativeToCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RELATIVE_DISTINGUISHED_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-NSSPKIXDistributionPointName_CreateFromNameRelativeToCRLIssuer
-(
- NSSArena *arenaOpt,
- NSSPKIXRelativeDistinguishedName *nameRelativeToCRLIssuer
-);
-
-/*
- * NSSPKIXDistributionPointName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXDistributionPointName_Destroy
-(
- NSSPKIXDistributionPointName *dpn
-);
-
-/*
- * NSSPKIXDistributionPointName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXDistributionPointName_Encode
-(
- NSSPKIXDistributionPointName *dpn,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXDistributionPointName_GetChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- *
- * Return value:
- * A valid NSSPKIXDistributionPointNameChoice value upon success
- * NSSPKIXDistributionPointNameChoice_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointNameChoice
-NSSPKIXDistributionPointName_GetChoice
-(
- NSSPKIXDistributionPointName *dpn
-);
-
-/*
- * NSSPKIXDistributionPointName_GetFullName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralnames *
-NSSPKIXDistributionPointName_GetFullName
-(
- NSSPKIXDistributionPointName *dpn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXDistributionPointName_GetNameRelativeToCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-NSSPKIXDistributionPointName_GetNameRelativeToCRLIssuer
-(
- NSSPKIXDistributionPointName *dpn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXDistributionPointName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXDistributionPointName_Equal
-(
- NSSPKIXDistributionPointName *dpn1,
- NSSPKIXDistributionPointName *dpn2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXDistributionPointName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-NSSPKIXDistributionPointName_Duplicate
-(
- NSSPKIXDistributionPointName *dpn,
- NSSArena *arenaOpt
-);
-
-/*
- * ReasonFlags
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ReasonFlags ::= BIT STRING {
- * unused (0),
- * keyCompromise (1),
- * cACompromise (2),
- * affiliationChanged (3),
- * superseded (4),
- * cessationOfOperation (5),
- * certificateHold (6) }
- *
- * The public calls for this type:
- *
- * NSSPKIXReasonFlags_Decode
- * NSSPKIXReasonFlags_Create
- * NSSPKIXReasonFlags_CreateFromMask
- * NSSPKIXReasonFlags_Destroy
- * NSSPKIXReasonFlags_Encode
- * NSSPKIXReasonFlags_GetMask
- * NSSPKIXReasonFlags_SetMask
- * NSSPKIXReasonFlags_Equal
- * NSSPKIXReasonFlags_Duplicate
- * { bitwise accessors? }
- *
- */
-
-/*
- * NSSPKIXReasonFlags_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXReasonFlags upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlags *
-NSSPKIXReasonFlags_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXReasonFlags_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXReasonFlags upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlags *
-NSSPKIXReasonFlags_Create
-(
- NSSArena *arenaOpt,
- PRBool keyCompromise,
- PRBool cACompromise,
- PRBool affiliationChanged,
- PRBool superseded,
- PRBool cessationOfOperation,
- PRBool certificateHold
-);
-
-/*
- * NSSPKIXReasonFlags_CreateFromMask
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS_MASK
- *
- * Return value:
- * A valid pointer to an NSSPKIXReasonFlags upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlags *
-NSSPKIXReasonFlags_CreateFromMask
-(
- NSSArena *arenaOpt,
- NSSPKIXReasonFlagsMask why
-);
-
-/*
- * NSSPKIXReasonFlags_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXReasonFlags_Destroy
-(
- NSSPKIXReasonFlags *reasonFlags
-);
-
-/*
- * NSSPKIXReasonFlags_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXReasonFlags_Encode
-(
- NSSPKIXReasonFlags *reasonFlags,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXReasonFlags_GetMask
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- *
- * Return value:
- * A valid mask of NSSPKIXReasonFlagsMask values upon success
- * NSSPKIXReasonFlagsMask_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlagsMask
-NSSPKIXReasonFlags_GetMask
-(
- NSSPKIXReasonFlags *reasonFlags
-);
-
-/*
- * NSSPKIXReasonFlags_SetMask
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS_MASK
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXReasonFlags_SetMask
-(
- NSSPKIXReasonFlags *reasonFlags,
- NSSPKIXReasonFlagsMask mask
-);
-
-/*
- * NSSPKIXReasonFlags_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXReasonFlags_Equal
-(
- NSSPKIXReasonFlags *reasonFlags1,
- NSSPKIXReasonFlags *reasonFlags2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXReasonFlags_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXReasonFlags upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlags *
-NSSPKIXReasonFlags_Duplicate
-(
- NSSPKIXReasonFlags *reasonFlags,
- NSSArena *arenaOpt
-);
-
-/*
- * { bitwise accessors? }
- *
- */
-
-/*
- * ExtKeyUsageSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- * The public calls for this type:
- *
- * NSSPKIXExtKeyUsageSyntax_Decode
- * NSSPKIXExtKeyUsageSyntax_Create
- * NSSPKIXExtKeyUsageSyntax_Destroy
- * NSSPKIXExtKeyUsageSyntax_Encode
- * NSSPKIXExtKeyUsageSyntax_GetKeyPurposeIdCount
- * NSSPKIXExtKeyUsageSyntax_GetKeyPurposeIds
- * NSSPKIXExtKeyUsageSyntax_SetKeyPurposeIds
- * NSSPKIXExtKeyUsageSyntax_GetKeyPurposeId
- * NSSPKIXExtKeyUsageSyntax_SetKeyPurposeId
- * NSSPKIXExtKeyUsageSyntax_InsertKeyPurposeId
- * NSSPKIXExtKeyUsageSyntax_AppendKeyPurposeId
- * NSSPKIXExtKeyUsageSyntax_RemoveKeyPurposeId
- * NSSPKIXExtKeyUsageSyntax_FindKeyPurposeId
- * NSSPKIXExtKeyUsageSyntax_Equal
- * NSSPKIXExtKeyUsageSyntax_Duplicate
- *
- */
-
-/*
- * NSSPKIXExtKeyUsageSyntax_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtKeyUsageSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtKeyUsageSyntax *
-NSSPKIXExtKeyUsageSyntax_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtKeyUsageSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtKeyUsageSyntax *
-NSSPKIXExtKeyUsageSyntax_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXKeyPurposeId *kpid1,
- ...
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtKeyUsageSyntax_Destroy
-(
- NSSPKIXExtKeyUsageSyntax *eku
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXExtKeyUsageSyntax_Encode
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_GetKeyPurposeIdCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXExtKeyUsageSyntax_GetKeyPurposeIdCount
-(
- NSSPKIXExtKeyUsageSyntax *eku
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_GetKeyPurposeIds
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXKeyPurposeId pointers upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyPurposeId **
-NSSPKIXExtKeyUsageSyntax_GetKeyPurposeIds
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSPKIXKeyPurposeId *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_SetKeyPurposeIds
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtKeyUsageSyntax_SetKeyPurposeIds
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSPKIXKeyPurposeId *ids[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_GetKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyPurposeId upon success
- * NULL upon error
- */
-
-NSS_EXTERN NSSPKIXKeyPurposeId *
-NSSPKIXExtKeyUsageSyntax_GetKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_SetKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtKeyUsageSyntax_SetKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- PRInt32 i,
- NSSPKIXKeyPurposeId *id
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_InsertKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtKeyUsageSyntax_InsertKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- PRInt32 i,
- NSSPKIXKeyPurposeId *id
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_AppendKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtKeyUsageSyntax_AppendKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSPKIXKeyPurposeId *id
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_RemoveKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXExtKeyUsageSyntax_RemoveKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- PRInt32 i
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_FindKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified key purpose id upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXExtKeyUsageSyntax_FindKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSPKIXKeyPurposeId *id
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXExtKeyUsageSyntax_Equal
-(
- NSSPKIXExtKeyUsageSyntax *eku1,
- NSSPKIXExtKeyUsageSyntax *eku2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXExtKeyUsageSyntax_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtKeyUsageSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtKeyUsageSyntax *
-NSSPKIXExtKeyUsageSyntax_Duplicate
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSArena *arenaOpt
-);
-
-/*
- * AuthorityInfoAccessSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AuthorityInfoAccessSyntax ::=
- * SEQUENCE SIZE (1..MAX) OF AccessDescription
- *
- * The public calls for this type:
- *
- * NSSPKIXAuthorityInfoAccessSyntax_Decode
- * NSSPKIXAuthorityInfoAccessSyntax_Create
- * NSSPKIXAuthorityInfoAccessSyntax_Destroy
- * NSSPKIXAuthorityInfoAccessSyntax_Encode
- * NSSPKIXAuthorityInfoAccessSyntax_GetAccessDescriptionCount
- * NSSPKIXAuthorityInfoAccessSyntax_GetAccessDescriptions
- * NSSPKIXAuthorityInfoAccessSyntax_SetAccessDescriptions
- * NSSPKIXAuthorityInfoAccessSyntax_GetAccessDescription
- * NSSPKIXAuthorityInfoAccessSyntax_SetAccessDescription
- * NSSPKIXAuthorityInfoAccessSyntax_InsertAccessDescription
- * NSSPKIXAuthorityInfoAccessSyntax_AppendAccessDescription
- * NSSPKIXAuthorityInfoAccessSyntax_RemoveAccessDescription
- * NSSPKIXAuthorityInfoAccessSyntax_FindAccessDescription
- * NSSPKIXAuthorityInfoAccessSyntax_Equal
- * NSSPKIXAuthorityInfoAccessSyntax_Duplicate
- *
- */
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityInfoAccessSyntax upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityInfoAccessSyntax *
-NSSPKIXAuthorityInfoAccessSyntax_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityInfoAccessSyntax upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityInfoAccessSyntax *
-NSSPKIXAuthorityInfoAccessSyntax_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAccessDescription *ad1,
- ...
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAuthorityInfoAccessSyntax_Destroy
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXAuthorityInfoAccessSyntax_Encode
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_GetAccessDescriptionCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXAuthorityInfoAccessSyntax_GetAccessDescriptionCount
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_GetAccessDescriptions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXAccessDescription pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAccessDescription **
-NSSPKIXAuthorityInfoAccessSyntax_GetAccessDescriptions
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSPKIXAccessDescription *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_SetAccessDescriptions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAuthorityInfoAccessSyntax_SetAccessDescriptions
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSPKIXAccessDescription *ad[],
- PRInt32 count
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_GetAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAccessDescription upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAccessDescription *
-NSSPKIXAuthorityInfoAccessSyntax_GetAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_SetAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAuthorityInfoAccessSyntax_SetAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- PRInt32 i,
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_InsertAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAuthorityInfoAccessSyntax_InsertAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- PRInt32 i,
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_AppendAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAuthorityInfoAccessSyntax_AppendAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_RemoveAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAuthorityInfoAccessSyntax_RemoveAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- PRInt32 i
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_FindAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXAuthorityInfoAccessSyntax_FindAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXAuthorityInfoAccessSyntax_Equal
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias1,
- NSSPKIXAuthorityInfoAccessSyntax *aias2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXAuthorityInfoAccessSyntax_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityInfoAccessSyntax upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityInfoAccessSyntax *
-NSSPKIXAuthorityInfoAccessSyntax_Duplicate
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSArena *arenaOpt
-);
-
-/*
- * AccessDescription
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName }
- *
- * The public calls for this type:
- *
- * NSSPKIXAccessDescription_Decode
- * NSSPKIXAccessDescription_Create
- * NSSPKIXAccessDescription_Destroy
- * NSSPKIXAccessDescription_Encode
- * NSSPKIXAccessDescription_GetAccessMethod
- * NSSPKIXAccessDescription_SetAccessMethod
- * NSSPKIXAccessDescription_GetAccessLocation
- * NSSPKIXAccessDescription_SetAccessLocation
- * NSSPKIXAccessDescription_Equal
- * NSSPKIXAccessDescription_Duplicate
- *
- */
-
-/*
- * NSSPKIXAccessDescription_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAccessDescription upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAccessDescription *
-NSSPKIXAccessDescription_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXAccessDescription_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXAccessDescription upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAccessDescription *
-NSSPKIXAccessDescription_Create
-(
- NSSArena *arenaOpt,
- NSSOID *accessMethod,
- NSSPKIXGeneralName *accessLocation
-);
-
-/*
- * NSSPKIXAccessDescription_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAccessDescription_Destroy
-(
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * NSSPKIXAccessDescription_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXAccessDescription_Encode
-(
- NSSPKIXAccessDescription *ad,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAccessDescription_GetAccessMethod
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSOID pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSOID *
-NSSPKIXAccessDescription_GetAccessMethod
-(
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * NSSPKIXAccessDescription_SetAccessMethod
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAccessDescription_SetAccessMethod
-(
- NSSPKIXAccessDescription *ad,
- NSSOID *accessMethod
-);
-
-/*
- * NSSPKIXAccessDescription_GetAccessLocation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-NSSPKIXAccessDescription_GetAccessLocation
-(
- NSSPKIXAccessDescription *ad,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXAccessDescription_SetAccessLocation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAccessDescription_SetAccessLocation
-(
- NSSPKIXAccessDescription *ad,
- NSSPKIXGeneralName *accessLocation
-);
-
-/*
- * NSSPKIXAccessDescription_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXAccessDescription_Equal
-(
- NSSPKIXAccessDescription *ad1,
- NSSPKIXAccessDescription *ad2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXAccessDescription_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAccessDescription upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAccessDescription *
-NSSPKIXAccessDescription_Duplicate
-(
- NSSPKIXAccessDescription *ad,
- NSSArena *arenaOpt
-);
-
-/*
- * IssuingDistributionPoint
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * IssuingDistributionPoint ::= SEQUENCE {
- * distributionPoint [0] DistributionPointName OPTIONAL,
- * onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
- * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
- * onlySomeReasons [3] ReasonFlags OPTIONAL,
- * indirectCRL [4] BOOLEAN DEFAULT FALSE }
- *
- * The public calls for this type:
- *
- * NSSPKIXIssuingDistributionPoint_Decode
- * NSSPKIXIssuingDistributionPoint_Create
- * NSSPKIXIssuingDistributionPoint_Destroy
- * NSSPKIXIssuingDistributionPoint_Encode
- * NSSPKIXIssuingDistributionPoint_HasDistributionPoint
- * NSSPKIXIssuingDistributionPoint_GetDistributionPoint
- * NSSPKIXIssuingDistributionPoint_SetDistributionPoint
- * NSSPKIXIssuingDistributionPoint_RemoveDistributionPoint
- * NSSPKIXIssuingDistributionPoint_GetOnlyContainsUserCerts
- * NSSPKIXIssuingDistributionPoint_SetOnlyContainsUserCerts
- * NSSPKIXIssuingDistributionPoint_GetOnlyContainsCACerts
- * NSSPKIXIssuingDistributionPoint_SetOnlyContainsCACerts
- * NSSPKIXIssuingDistributionPoint_HasOnlySomeReasons
- * NSSPKIXIssuingDistributionPoint_GetOnlySomeReasons
- * NSSPKIXIssuingDistributionPoint_SetOnlySomeReasons
- * NSSPKIXIssuingDistributionPoint_RemoveOnlySomeReasons
- * NSSPKIXIssuingDistributionPoint_GetIndirectCRL
- * NSSPKIXIssuingDistributionPoint_SetIndirectCRL
- * NSSPKIXIssuingDistributionPoint_Equal
- * NSSPKIXIssuingDistributionPoint_Duplicate
- *
- */
-
-/*
- * NSSPKIXIssuingDistributionPoint_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXIssuingDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXIssuingDistributionPoint *
-NSSPKIXIssuingDistributionPoint_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- *
- * Return value:
- * A valid pointer to an NSSPKIXIssuingDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXIssuingDistributionPoint *
-NSSPKIXIssuingDistributionPoint_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXDistributionPointName *distributionPointOpt,
- PRBool onlyContainsUserCerts,
- PRBool onlyContainsCACerts,
- NSSPKIXReasonFlags *onlySomeReasons
- PRBool indirectCRL
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXIssuingDistributionPoint_Destroy
-(
- NSSPKIXIssuingDistributionPoint *idp
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-NSSPKIXIssuingDistributionPoint_Encode
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_HasDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXIssuingDistributionPoint_HasDistributionPoint
-(
- NSSPKIXIssuingDistributionPoint *idp
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_GetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-NSSPKIXIssuingDistributionPoint_GetDistributionPoint
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_SetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXIssuingDistributionPoint_SetDistributionPoint
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSPKIXDistributionPointName *dpn
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_RemoveDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXIssuingDistributionPoint_RemoveDistributionPoint
-(
- NSSPKIXIssuingDistributionPoint *idp
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_GetOnlyContainsUserCerts
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if the onlyContainsUserCerts value is true
- * PR_FALSE if it isn't
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXIssuingDistributionPoint_GetOnlyContainsUserCerts
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_SetOnlyContainsUserCerts
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXIssuingDistributionPoint_SetOnlyContainsUserCerts
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRBool onlyContainsUserCerts
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_GetOnlyContainsCACerts
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if the onlyContainsCACerts value is true
- * PR_FALSE if it isn't
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXIssuingDistributionPoint_GetOnlyContainsCACerts
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_SetOnlyContainsCACerts
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXIssuingDistributionPoint_SetOnlyContainsCACerts
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRBool onlyContainsCACerts
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_HasOnlySomeReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-NSSPKIXIssuingDistributionPoint_HasOnlySomeReasons
-(
- NSSPKIXIssuingDistributionPoint *idp
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_GetOnlySomeReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_ONLY_SOME_REASONS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXReasonFlags upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlags *
-NSSPKIXIssuingDistributionPoint_GetOnlySomeReasons
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_SetOnlySomeReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXIssuingDistributionPoint_SetOnlySomeReasons
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSPKIXReasonFlags *onlySomeReasons
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_RemoveOnlySomeReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_ONLY_SOME_REASONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXIssuingDistributionPoint_RemoveOnlySomeReasons
-(
- NSSPKIXIssuingDistributionPoint *idp
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_GetIndirectCRL
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if the indirectCRL value is true
- * PR_FALSE if it isn't
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXIssuingDistributionPoint_GetIndirectCRL
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_SetIndirectCRL
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXIssuingDistributionPoint_SetIndirectCRL
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRBool indirectCRL
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXIssuingDistributionPoint_Equal
-(
- NSSPKIXIssuingDistributionPoint *idp1,
- NSSPKIXIssuingDistributionPoint *idp2,
- PRStatus *statusOpt
-);
-
-/*
- * NSSPKIXIssuingDistributionPoint_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXIssuingDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXIssuingDistributionPoint *
-NSSPKIXIssuingDistributionPoint_Duplicate
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSArena *arenaOpt
-);
-
-PR_END_EXTERN_C
-
-#endif /* NSSPKIX_H */
diff --git a/security/nss/lib/pkix/include/nsspkixt.h b/security/nss/lib/pkix/include/nsspkixt.h
deleted file mode 100644
index ea35269ff..000000000
--- a/security/nss/lib/pkix/include/nsspkixt.h
+++ /dev/null
@@ -1,2281 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSPKIXT_H
-#define NSSPKIXT_H
-
-#ifdef DEBUG
-static const char NSSPKIXT_CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nsspkixt.h
- *
- * This file contains the public type definitions for the PKIX part-1
- * objects. The contents are strongly based on the types defined in
- * RFC 2459 {fgmr: and others, e.g., s/mime?}. The type names have
- * been prefixed with "NSSPKIX."
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * A Note About Strings
- *
- * RFC 2459 refers to several types of strings, including UniversalString,
- * BMPString, UTF8String, TeletexString, PrintableString, IA5String, and
- * more. As with the rest of the NSS libraries, all strings are converted
- * to UTF8 form as soon as possible, and dealt with in that form from
- * then on.
- *
- */
-
-/*
- * Attribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Attribute ::= SEQUENCE {
- * type AttributeType,
- * values SET OF AttributeValue
- * -- at least one value is required -- }
- *
- */
-
-struct NSSPKIXAttributeStr;
-typedef struct NSSPKIXAttributeStr NSSPKIXAttribute;
-
-/*
- * AttributeType
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AttributeType ::= OBJECT IDENTIFIER
- *
- */
-
-typedef NSSOID NSSPKIXAttributeType;
-
-/*
- * AttributeValue
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AttributeValue ::= ANY
- *
- */
-
-typedef NSSItem NSSPKIXAttributeValue;
-
-/*
- * AttributeTypeAndValue
- *
- * This structure contains an attribute type (indicated by an OID),
- * and the type-specific value. RelativeDistinguishedNamess consist
- * of a set of these. These are distinct from Attributes (which have
- * SET of values), from AttributeDescriptions (which have qualifiers
- * on the types), and from AttributeValueAssertions (which assert a
- * a value comparison under some matching rule).
- *
- * From RFC 2459:
- *
- * AttributeTypeAndValue ::= SEQUENCE {
- * type AttributeType,
- * value AttributeValue }
- *
- */
-
-struct NSSPKIXAttributeTypeAndValueStr;
-typedef struct NSSPKIXAttributeTypeAndValueStr NSSPKIXAttributeTypeAndValue;
-
-/*
- * X520Name
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520name ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-name)),
- * printableString PrintableString (SIZE (1..ub-name)),
- * universalString UniversalString (SIZE (1..ub-name)),
- * utf8String UTF8String (SIZE (1..ub-name)),
- * bmpString BMPString (SIZE(1..ub-name)) }
- *
- */
-
-struct NSSPKIXX520NameStr;
-typedef struct NSSPKIXX520NameStr NSSPKIXX520Name;
-
-/*
- * X520CommonName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520CommonName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-common-name)),
- * printableString PrintableString (SIZE (1..ub-common-name)),
- * universalString UniversalString (SIZE (1..ub-common-name)),
- * utf8String UTF8String (SIZE (1..ub-common-name)),
- * bmpString BMPString (SIZE(1..ub-common-name)) }
- *
- */
-
-struct NSSPKIXX520CommonNameStr;
-typedef struct NSSPKIXX520CommonNameStr NSSPKIXX520CommonName;
-
-/*
- * X520LocalityName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520LocalityName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-locality-name)),
- * printableString PrintableString (SIZE (1..ub-locality-name)),
- * universalString UniversalString (SIZE (1..ub-locality-name)),
- * utf8String UTF8String (SIZE (1..ub-locality-name)),
- * bmpString BMPString (SIZE(1..ub-locality-name)) }
- *
- */
-
-struct NSSPKIXX520LocalityNameStr;
-typedef struct NSSPKIXX520LocalityNameStr NSSPKIXX520LocalityName;
-
-/*
- * X520StateOrProvinceName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520StateOrProvinceName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-state-name)),
- * printableString PrintableString (SIZE (1..ub-state-name)),
- * universalString UniversalString (SIZE (1..ub-state-name)),
- * utf8String UTF8String (SIZE (1..ub-state-name)),
- * bmpString BMPString (SIZE(1..ub-state-name)) }
- *
- */
-
-struct NSSPKIXX520StateOrProvinceNameStr;
-typedef struct NSSPKIXX520StateOrProvinceNameStr NSSPKIXX520StateOrProvinceName;
-
-/*
- * X520OrganizationName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520OrganizationName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-organization-name)),
- * printableString PrintableString (SIZE (1..ub-organization-name)),
- * universalString UniversalString (SIZE (1..ub-organization-name)),
- * utf8String UTF8String (SIZE (1..ub-organization-name)),
- * bmpString BMPString (SIZE(1..ub-organization-name)) }
- *
- */
-
-struct NSSPKIXX520OrganizationNameStr;
-typedef struct NSSPKIXX520OrganizationNameStr NSSPKIXX520OrganizationName;
-
-/*
- * X520OrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520OrganizationalUnitName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-organizational-unit-name)),
- * printableString PrintableString
- * (SIZE (1..ub-organizational-unit-name)),
- * universalString UniversalString
- * (SIZE (1..ub-organizational-unit-name)),
- * utf8String UTF8String (SIZE (1..ub-organizational-unit-name)),
- * bmpString BMPString (SIZE(1..ub-organizational-unit-name)) }
- *
- */
-
-struct NSSPKIXX520OrganizationalUnitNameStr;
-typedef struct NSSPKIXX520OrganizationalUnitNameStr NSSPKIXX520OrganizationalUnitName;
-
-/*
- * X520Title
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520Title ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-title)),
- * printableString PrintableString (SIZE (1..ub-title)),
- * universalString UniversalString (SIZE (1..ub-title)),
- * utf8String UTF8String (SIZE (1..ub-title)),
- * bmpString BMPString (SIZE(1..ub-title)) }
- *
- */
-
-struct NSSPKIXX520TitleStr;
-typedef struct NSSPKIXX520TitleStr NSSPKIXX520Title;
-
-/*
- * X520dnQualifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520dnQualifier ::= PrintableString
- *
- */
-
-struct NSSPKIXX520dnQualifierStr;
-typedef struct NSSPKIXX520dnQualifierStr NSSPKIXX520dnQualifier;
-
-/*
- * X520countryName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes
- *
- */
-
-struct NSSPKIXX520countryNameStr;
-typedef struct NSSPKIXX520countryNameStr NSSPKIXX520countryName;
-
-/*
- * Pkcs9email
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
- *
- */
-
-struct NSSPKIXPkcs9emailStr;
-typedef struct NSSPKIXPkcs9emailStr NSSPKIXPkcs9email;
-
-/*
- * Name
- *
- * This structure contains a union of the possible name formats,
- * which at the moment is limited to an RDNSequence.
- *
- * From RFC 2459:
- *
- * Name ::= CHOICE { -- only one possibility for now --
- * rdnSequence RDNSequence }
- *
- */
-
-struct NSSPKIXNameStr;
-typedef struct NSSPKIXNameStr NSSPKIXName;
-
-/*
- * NameChoice
- *
- * This enumeration is used to specify choice within a name.
- */
-
-enum NSSPKIXNameChoiceEnum {
- NSSPKIXNameChoice_NSSinvalid = -1,
- NSSPKIXNameChoice_rdnSequence
-};
-typedef enum NSSPKIXNameChoiceEnum NSSPKIXNameChoice;
-
-/*
- * RDNSequence
- *
- * This structure contains a sequence of RelativeDistinguishedName
- * objects.
- *
- * From RFC 2459:
- *
- * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- *
- */
-
-struct NSSPKIXRDNSequenceStr;
-typedef struct NSSPKIXRDNSequenceStr NSSPKIXRDNSequence;
-
-/*
- * DistinguishedName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DistinguishedName ::= RDNSequence
- *
- */
-
-typedef NSSPKIXRDNSequence NSSPKIXDistinguishedName;
-
-/*
- * RelativeDistinguishedName
- *
- * This structure contains an unordered set of AttributeTypeAndValue
- * objects. RDNs are used to distinguish a set of objects underneath
- * a common object.
- *
- * Often, a single ATAV is sufficient to make a unique distinction.
- * For example, if a company assigns its people unique uid values,
- * then in the Name "uid=smith,ou=People,o=Acme,c=US" the "uid=smith"
- * ATAV by itself forms an RDN. However, sometimes a set of ATAVs is
- * needed. For example, if a company needed to distinguish between
- * two Smiths by specifying their corporate divisions, then in the
- * Name "(cn=Smith,ou=Sales),ou=People,o=Acme,c=US" the parenthesised
- * set of ATAVs forms the RDN.
- *
- * From RFC 2459:
- *
- * RelativeDistinguishedName ::=
- * SET SIZE (1 .. MAX) OF AttributeTypeAndValue
- *
- */
-
-struct NSSPKIXRelativeDistinguishedNameStr;
-typedef struct NSSPKIXRelativeDistinguishedNameStr NSSPKIXRelativeDistinguishedName;
-
-/*
- * DirectoryString
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DirectoryString ::= CHOICE {
- * teletexString TeletexString (SIZE (1..MAX)),
- * printableString PrintableString (SIZE (1..MAX)),
- * universalString UniversalString (SIZE (1..MAX)),
- * utf8String UTF8String (SIZE (1..MAX)),
- * bmpString BMPString (SIZE(1..MAX)) }
- *
- */
-
-struct NSSPKIXDirectoryStringStr;
-typedef struct NSSPKIXDirectoryStringStr NSSPKIXDirectoryString;
-
-/*
- * Certificate
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Certificate ::= SEQUENCE {
- * tbsCertificate TBSCertificate,
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING }
- *
- */
-
-struct NSSPKIXCertificateStr;
-typedef struct NSSPKIXCertificateStr NSSPKIXCertificate;
-
-/*
- * TBSCertificate
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TBSCertificate ::= SEQUENCE {
- * version [0] Version DEFAULT v1,
- * serialNumber CertificateSerialNumber,
- * signature AlgorithmIdentifier,
- * issuer Name,
- * validity Validity,
- * subject Name,
- * subjectPublicKeyInfo SubjectPublicKeyInfo,
- * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version shall be v2 or v3
- * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version shall be v2 or v3
- * extensions [3] Extensions OPTIONAL
- * -- If present, version shall be v3 -- }
- *
- */
-
-struct NSSPKIXTBSCertificateStr;
-typedef struct NSSPKIXTBSCertificateStr NSSPKIXTBSCertificate;
-
-/*
- * Version
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Version ::= INTEGER { v1(0), v2(1), v3(2) }
- *
- */
-
-enum NSSPKIXVersionEnum {
- NSSPKIXVersion_NSSinvalid = -1,
- NSSPKIXVersion_v1 = 0,
- NSSPKIXVersion_v2 = 1,
- NSSPKIXVersion_v3 = 2
-};
-typedef enum NSSPKIXVersionEnum NSSPKIXVersion;
-
-/*
- * CertificateSerialNumber
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificateSerialNumber ::= INTEGER
- *
- */
-
-typedef NSSBER NSSPKIXCertificateSerialNumber;
-
-/*
- * Validity
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- */
-
-struct NSSPKIXValidityStr;
-typedef struct NSSPKIXValidityStr NSSPKIXValidity;
-
-/*
- * Time
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- *
- */
-
-struct NSSPKIXTimeStr;
-typedef struct NSSPKIXTimeStr NSSPKIXTime;
-
-/*
- * UniqueIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * UniqueIdentifier ::= BIT STRING
- *
- */
-
-typedef NSSBitString NSSPKIXUniqueIdentifier;
-
-/*
- * SubjectPublicKeyInfo
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- *
- */
-
-struct NSSPKIXSubjectPublicKeyInfoStr;
-typedef NSSPKIXSubjectPublicKeyInfoStr NSSPKIXSubjectPublicKeyInfo;
-
-/*
- * Extensions
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
- *
- */
-
-struct NSSPKIXExtensionsStr;
-typedef struct NSSPKIXExtensionsStr NSSPKIXExtensions;
-
-/*
- * Extension
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Extension ::= SEQUENCE {
- * extnID OBJECT IDENTIFIER,
- * critical BOOLEAN DEFAULT FALSE,
- * extnValue OCTET STRING }
- *
- */
-
-struct NSSPKIXExtensionStr;
-typedef struct NSSPKIXExtensionStr NSSPKIXExtension;
-
-/*
- * CertificateList
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificateList ::= SEQUENCE {
- * tbsCertList TBSCertList,
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING }
- *
- */
-
-struct NSSPKIXCertificateListStr;
-typedef struct NSSPKIXCertificateListStr NSSPKIXCertificateList;
-
-/*
- * TBSCertList
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TBSCertList ::= SEQUENCE {
- * version Version OPTIONAL,
- * -- if present, shall be v2
- * signature AlgorithmIdentifier,
- * issuer Name,
- * thisUpdate Time,
- * nextUpdate Time OPTIONAL,
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- * crlExtensions [0] Extensions OPTIONAL
- * -- if present, shall be v2 -- }
- *
- */
-
-struct NSSPKIXTBSCertListStr;
-typedef struct NSSPKIXTBSCertListStr NSSPKIXTBSCertList;
-
-/*
- * revokedCertificates
- *
- * This is a "helper type" to simplify handling of TBSCertList objects.
- *
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- *
- */
-
-struct NSSPKIXrevokedCertificatesStr;
-typedef struct NSSPKIXrevokedCertificatesStr NSSPKIXrevokedCertificates;
-
-/*
- * revokedCertificate
- *
- * This is a "helper type" to simplify handling of TBSCertList objects.
- *
- * SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- *
- */
-
-struct NSSPKIXrevokedCertificateStr;
-typedef struct NSSPKIXrevokedCertificateStr NSSPKIXrevokedCertificate;
-
-/*
- * AlgorithmIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * (1988 syntax)
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- * -- contains a value of the type
- * -- registered for use with the
- * -- algorithm object identifier value
- *
- *
- */
-
-struct NSSPKIXAlgorithmIdentifierStr;
-typedef NSSPKIXAlgorithmIdentifierStr NSSPKIXAlgorithmIdentifier;
-
-/*
- * -- types related to NSSPKIXAlgorithmIdentifiers:
- *
- * Dss-Sig-Value ::= SEQUENCE {
- * r INTEGER,
- * s INTEGER }
- *
- * DomainParameters ::= SEQUENCE {
- * p INTEGER, -- odd prime, p=jq +1
- * g INTEGER, -- generator, g
- * q INTEGER, -- factor of p-1
- * j INTEGER OPTIONAL, -- subgroup factor, j>= 2
- * validationParms ValidationParms OPTIONAL }
- *
- * ValidationParms ::= SEQUENCE {
- * seed BIT STRING,
- * pgenCounter INTEGER }
- *
- * Dss-Parms ::= SEQUENCE {
- * p INTEGER,
- * q INTEGER,
- * g INTEGER }
- *
- */
-
-/*
- * ORAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ORAddress ::= SEQUENCE {
- * built-in-standard-attributes BuiltInStandardAttributes,
- * built-in-domain-defined-attributes
- * BuiltInDomainDefinedAttributes OPTIONAL,
- * -- see also teletex-domain-defined-attributes
- * extension-attributes ExtensionAttributes OPTIONAL }
- * -- The OR-address is semantically absent from the OR-name if the
- * -- built-in-standard-attribute sequence is empty and the
- * -- built-in-domain-defined-attributes and extension-attributes are
- * -- both omitted.
- *
- */
-
-struct NSSPKIXORAddressStr;
-typedef struct NSSPKIXORAddressStr NSSPKIXORAddress;
-
-/*
- * BuiltInStandardAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInStandardAttributes ::= SEQUENCE {
- * country-name CountryName OPTIONAL,
- * administration-domain-name AdministrationDomainName OPTIONAL,
- * network-address [0] NetworkAddress OPTIONAL,
- * -- see also extended-network-address
- * terminal-identifier [1] TerminalIdentifier OPTIONAL,
- * private-domain-name [2] PrivateDomainName OPTIONAL,
- * organization-name [3] OrganizationName OPTIONAL,
- * -- see also teletex-organization-name
- * numeric-user-identifier [4] NumericUserIdentifier OPTIONAL,
- * personal-name [5] PersonalName OPTIONAL,
- * -- see also teletex-personal-name
- * organizational-unit-names [6] OrganizationalUnitNames OPTIONAL
- * -- see also teletex-organizational-unit-names -- }
- *
- */
-
-struct NSSPKIXBuiltInStandardAttributesStr;
-typedef struct NSSPKIXBuiltInStandardAttributesStr NSSPKIXBuiltInStandardAttributes;
-
-/*
- * CountryName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CountryName ::= [APPLICATION 1] CHOICE {
- * x121-dcc-code NumericString
- * (SIZE (ub-country-name-numeric-length)),
- * iso-3166-alpha2-code PrintableString
- * (SIZE (ub-country-name-alpha-length)) }
- *
- */
-
-struct NSSPKIXCountryNameStr;
-typedef struct NSSPKIXCountryNameStr NSSPKIXCountryName;
-
-/*
- * AdministrationDomainName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AdministrationDomainName ::= [APPLICATION 2] CHOICE {
- * numeric NumericString (SIZE (0..ub-domain-name-length)),
- * printable PrintableString (SIZE (0..ub-domain-name-length)) }
- *
- */
-
-struct NSSPKIXAdministrationDomainNameStr;
-typedef struct NSSPKIXAdministrationDomainNameStr NSSPKIXAdministrationDomainName;
-
-/*
- * X121Address
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
- *
- */
-
-struct NSSPKIXX121AddressStr;
-typedef struct NSSPKIXX121AddressStr NSSPKIXX121Address;
-
-/*
- * NetworkAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NetworkAddress ::= X121Address -- see also extended-network-address
- *
- */
-
-struct NSSPKIXNetworkAddressStr;
-typedef struct NSSPKIXNetworkAddressStr NSSPKIXNetworkAddress;
-
-/*
- * TerminalIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
- *
- */
-
-struct NSSPKIXTerminalIdentifierStr;
-typedef struct NSSPKIXTerminalIdentifierStr NSSPKIXTerminalIdentifier;
-
-/*
- * PrivateDomainName
- *
- * -- fgmr comments --
- *
- * PrivateDomainName ::= CHOICE {
- * numeric NumericString (SIZE (1..ub-domain-name-length)),
- * printable PrintableString (SIZE (1..ub-domain-name-length)) }
- *
- */
-
-struct NSSPKIXPrivateDomainNameStr;
-typedef struct NSSPKIXPrivateDomainNameStr NSSPKIXPrivateDomainName;
-
-/*
- * OrganizationName
- *
- * -- fgmr comments --
- *
- * OrganizationName ::= PrintableString
- * (SIZE (1..ub-organization-name-length))
- *
- */
-
-struct NSSPKIXOrganizationNameStr;
-typedef struct NSSPKIXOrganizationNameStr NSSPKIXOrganizationName;
-
-/*
- * NumericUserIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NumericUserIdentifier ::= NumericString
- * (SIZE (1..ub-numeric-user-id-length))
- *
- */
-
-struct NSSPKIXNumericUserIdentifierStr;
-typedef struct NSSPKIXNumericUserIdentifierStr NSSPKIXNumericUserIdentifier;
-
-/*
- * PersonalName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PersonalName ::= SET {
- * surname [0] PrintableString (SIZE (1..ub-surname-length)),
- * given-name [1] PrintableString
- * (SIZE (1..ub-given-name-length)) OPTIONAL,
- * initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL,
- * generation-qualifier [3] PrintableString
- * (SIZE (1..ub-generation-qualifier-length)) OPTIONAL }
- *
- */
-
-struct NSSPKIXPersonalNameStr;
-typedef NSSPKIXPersonalNameStr NSSPKIXPersonalName;
-
-/*
- * OrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
- * OF OrganizationalUnitName
- *
- */
-
-struct NSSPKIXOrganizationalUnitNamesStr;
-typedef NSSPKIXOrganizationalUnitNamesStr NSSPKIXOrganizationalUnitNames;
-
-/*
- * OrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * OrganizationalUnitName ::= PrintableString (SIZE
- * (1..ub-organizational-unit-name-length))
- *
- */
-
-struct NSSPKIXOrganizationalUnitNameStr;
-typedef struct NSSPKIXOrganizationalUnitNameStr NSSPKIXOrganizationalUnitName;
-
-/*
- * BuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
- * (1..ub-domain-defined-attributes) OF
- * BuiltInDomainDefinedAttribute
- *
- */
-
-struct NSSPKIXBuiltInDomainDefinedAttributesStr;
-typedef struct NSSPKIXBuiltInDomainDefinedAttributesStr NSSPKIXBuiltInDomainDefinedAttributes;
-
-/*
- * BuiltInDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInDomainDefinedAttribute ::= SEQUENCE {
- * type PrintableString (SIZE
- * (1..ub-domain-defined-attribute-type-length)),
- * value PrintableString (SIZE
- * (1..ub-domain-defined-attribute-value-length))}
- *
- */
-
-struct NSSPKIXBuiltInDomainDefinedAttributeStr;
-typedef struct NSSPKIXBuiltInDomainDefinedAttributeStr NSSPKIXBuiltInDomainDefinedAttribute;
-
-/*
- * ExtensionAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
- * ExtensionAttribute
- *
- */
-
-struct NSSPKIXExtensionAttributesStr;
-typedef struct NSSPKIXExtensionAttributesStr NSSPKIXExtensionAttributes;
-
-/*
- * ExtensionAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtensionAttribute ::= SEQUENCE {
- * extension-attribute-type [0] INTEGER (0..ub-extension-attributes),
- * extension-attribute-value [1]
- * ANY DEFINED BY extension-attribute-type }
- *
- */
-
-struct NSSPKIXExtensionAttributeStr;
-typedef struct NSSPKIXExtensionAttributeStr NSSPKIXExtensionAttribute;
-
-/*
- * ExtensionAttributeType
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * common-name INTEGER ::= 1
- * teletex-common-name INTEGER ::= 2
- * teletex-organization-name INTEGER ::= 3
- * teletex-personal-name INTEGER ::= 4
- * teletex-organizational-unit-names INTEGER ::= 5
- * teletex-domain-defined-attributes INTEGER ::= 6
- * pds-name INTEGER ::= 7
- * physical-delivery-country-name INTEGER ::= 8
- * postal-code INTEGER ::= 9
- * physical-delivery-office-name INTEGER ::= 10
- * physical-delivery-office-number INTEGER ::= 11
- * extension-OR-address-components INTEGER ::= 12
- * physical-delivery-personal-name INTEGER ::= 13
- * physical-delivery-organization-name INTEGER ::= 14
- * extension-physical-delivery-address-components INTEGER ::= 15
- * unformatted-postal-address INTEGER ::= 16
- * street-address INTEGER ::= 17
- * post-office-box-address INTEGER ::= 18
- * poste-restante-address INTEGER ::= 19
- * unique-postal-name INTEGER ::= 20
- * local-postal-attributes INTEGER ::= 21
- * extended-network-address INTEGER ::= 22
- * terminal-type INTEGER ::= 23
- *
- */
-
-enum NSSPKIXExtensionAttributeTypeEnum {
- NSSPKIXExtensionAttributeType_NSSinvalid = -1,
- NSSPKIXExtensionAttributeType_CommonName = 1,
- NSSPKIXExtensionAttributeType_TeletexCommonName = 2,
- NSSPKIXExtensionAttributeType_TeletexOrganizationName = 3,
- NSSPKIXExtensionAttributeType_TeletexPersonalName = 4,
- NSSPKIXExtensionAttributeType_TeletexOrganizationalUnitNames = 5,
- NSSPKIXExtensionAttributeType_TeletexDomainDefinedAttributes = 6,
- NSSPKIXExtensionAttributeType_PdsName = 7,
- NSSPKIXExtensionAttributeType_PhysicalDeliveryCountryName = 8,
- NSSPKIXExtensionAttributeType_PostalCode = 9,
- NSSPKIXExtensionAttributeType_PhysicalDeliveryOfficeName = 10,
- NSSPKIXExtensionAttributeType_PhysicalDeliveryOfficeNumber = 11,
- NSSPKIXExtensionAttributeType_ExtensionOrAddressComponents = 12,
- NSSPKIXExtensionAttributeType_PhysicalDeliveryPersonalName = 13,
- NSSPKIXExtensionAttributeType_PhysicalDeliveryOrganizationName = 14,
- NSSPKIXExtensionAttributeType_ExtensionPhysicalDeliveryAddressComponents = 15,
- NSSPKIXExtensionAttributeType_UnformattedPostalAddress = 16,
- NSSPKIXExtensionAttributeType_StreetAddress = 17,
- NSSPKIXExtensionAttributeType_PostOfficeBoxAddress = 18,
- NSSPKIXExtensionAttributeType_PosteRestanteAddress = 19,
- NSSPKIXExtensionAttributeType_UniquePostalName = 20,
- NSSPKIXExtensionAttributeType_LocalPostalAttributes = 21,
- NSSPKIXExtensionAttributeType_ExtendedNetworkAddress = 22,
- NSSPKIXExtensionAttributeType_TerminalType = 23
-};
-typedef enum NSSPKIXExtensionAttributeTypeEnum NSSPKIXExtensionAttributeType;
-
-/*
- * CommonName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
- *
- */
-
-struct NSSPKIXCommonNameStr;
-typedef struct NSSPKIXCommonNameStr NSSPKIXCommonName;
-
-/*
- * TeletexCommonName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
- *
- */
-
-struct NSSPKIXTeletexCommonNameStr;
-typedef struct NSSPKIXTeletexCommonNameStr NSSPKIXTeletexCommonName;
-
-/*
- * TeletexOrganizationName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexOrganizationName ::=
- * TeletexString (SIZE (1..ub-organization-name-length))
- *
- */
-
-struct NSSPKIXTeletexOrganizationNameStr;
-typedef struct NSSPKIXTeletexOrganizationNameStr NSSPKIXTeletexOrganizationName;
-
-/*
- * TeletexPersonalName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexPersonalName ::= SET {
- * surname [0] TeletexString (SIZE (1..ub-surname-length)),
- * given-name [1] TeletexString
- * (SIZE (1..ub-given-name-length)) OPTIONAL,
- * initials [2] TeletexString (SIZE (1..ub-initials-length)) OPTIONAL,
- * generation-qualifier [3] TeletexString (SIZE
- * (1..ub-generation-qualifier-length)) OPTIONAL }
- *
- */
-
-struct NSSPKIXTeletexPersonalNameStr;
-typedef struct NSSPKIXTeletexPersonalNameStr NSSPKIXTeletexPersonalName;
-
-/*
- * TeletexOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
- * (1..ub-organizational-units) OF TeletexOrganizationalUnitName
- *
- */
-
-struct NSSPKIXTeletexOrganizationalUnitNamesStr;
-typedef struct NSSPKIXTeletexOrganizationalUnitNamesStr NSSPKIXTeletexOrganizationalUnitNames;
-
-/*
- * TeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexOrganizationalUnitName ::= TeletexString
- * (SIZE (1..ub-organizational-unit-name-length))
- *
- */
-
-struct NSSPKIXTeletexOrganizationalUnitNameStr;
-typedef struct NSSPKIXTeletexOrganizationalUnitNameStr NSSPKIXTeletexOrganizationalUnitName;
-
-/*
- * PDSName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
- *
- */
-
-struct NSSPKIXPDSNameStr;
-typedef struct NSSPKIXPDSNameStr NSSPKIXPDSName;
-
-/*
- * PhysicalDeliveryCountryName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PhysicalDeliveryCountryName ::= CHOICE {
- * x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
- * iso-3166-alpha2-code PrintableString
- * (SIZE (ub-country-name-alpha-length)) }
- *
- */
-
-struct NSSPKIXPhysicalDeliveryCountryNameStr;
-typedef struct NSSPKIXPhysicalDeliveryCountryNameStr NSSPKIXPhysicalDeliveryCountryName;
-
-/*
- * PostalCode
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PostalCode ::= CHOICE {
- * numeric-code NumericString (SIZE (1..ub-postal-code-length)),
- * printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
- *
- */
-
-struct NSSPKIXPostalCodeStr;
-typedef struct NSSPKIXPostalCodeStr NSSPKIXPostalCode;
-
-/*
- * PDSParameter
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PDSParameter ::= SET {
- * printable-string PrintableString
- * (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
- * teletex-string TeletexString
- * (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
- *
- */
-
-struct NSSPKIXPDSParameterStr;
-typedef struct NSSPKIXPDSParameterStr NSSPKIXPDSParameter;
-
-/*
- * PhysicalDeliveryOfficeName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PhysicalDeliveryOfficeName ::= PDSParameter
- *
- */
-
-typedef NSSPKIXPDSParameter NSSPKIXPhysicalDeliveryOfficeName;
-
-/*
- * PhysicalDeliveryOfficeNumber
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PhysicalDeliveryOfficeNumber ::= PDSParameter
- *
- */
-
-typedef NSSPKIXPDSParameter NSSPKIXPhysicalDeliveryOfficeNumber;
-
-/*
- * ExtensionORAddressComponents
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtensionORAddressComponents ::= PDSParameter
- *
- */
-
-typedef NSSPKIXPDSParameter NSSPKIXExtensionORAddressComponents;
-
-/*
- * PhysicalDeliveryPersonalName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PhysicalDeliveryPersonalName ::= PDSParameter
- *
- */
-
-typedef NSSPKIXPDSParameter NSSPKIXPhysicalDeliveryPersonalName;
-
-/*
- * PhysicalDeliveryOrganizationName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PhysicalDeliveryOrganizationName ::= PDSParameter
- *
- */
-
-typedef NSSPKIXPDSParameter NSSPKIXPhysicalDeliveryOrganizationName;
-
-/*
- * ExtensionPhysicalDeliveryAddressComponents
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
- *
- */
-
-typedef NSSPKIXPDSParameter NSSPKIXExtensionPhysicalDeliveryAddressComponents;
-
-/*
- * UnformattedPostalAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * UnformattedPostalAddress ::= SET {
- * printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF
- * PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
- * teletex-string TeletexString
- * (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
- *
- */
-
-struct NSSPKIXUnformattedPostalAddressStr;
-typedef struct NSSPKIXUnformattedPostalAddressStr NSSPKIXUnformattedPostalAddress;
-
-/*
- * StreetAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * StreetAddress ::= PDSParameter
- *
- */
-
-typedef NSSPKIXPDSParameter NSSPKIXStreetAddress;
-
-/*
- * PostOfficeBoxAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PostOfficeBoxAddress ::= PDSParameter
- *
- */
-
-typedef NSSPKIXPDSParameter NSSPKIXPostOfficeBoxAddress;
-
-/*
- * PosteRestanteAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PosteRestanteAddress ::= PDSParameter
- *
- */
-
-typedef NSSPKIXPDSParameter NSSPKIXPosteRestanteAddress;
-
-/*
- * UniquePostalName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * UniquePostalName ::= PDSParameter
- *
- */
-
-typedef NSSPKIXPDSParameter NSSPKIXUniquePostalName;
-
-/*
- * LocalPostalAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * LocalPostalAttributes ::= PDSParameter
- *
- */
-
-typedef NSSPKIXPDSParameter NSSPKIXLocalPostalAttributes;
-
-/*
- * ExtendedNetworkAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtendedNetworkAddress ::= CHOICE {
- * e163-4-address SEQUENCE {
- * number [0] NumericString (SIZE (1..ub-e163-4-number-length)),
- * sub-address [1] NumericString
- * (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
- * psap-address [0] PresentationAddress }
- *
- */
-
-struct NSSPKIXExtendedNetworkAddressStr;
-typedef struct NSSPKIXExtendedNetworkAddressStr NSSPKIXExtendedNetworkAddress;
-
-/*
- * NSSPKIXExtendedNetworkAddressChoice
- *
- * Helper enumeration for ExtendedNetworkAddress
- * -- fgmr comments --
- *
- */
-
-enum NSSPKIXExtendedNetworkAddressEnum {
- NSSPKIXExtendedNetworkAddress_NSSinvalid = -1,
- NSSPKIXExtendedNetworkAddress_e1634Address,
- NSSPKIXExtendedNetworkAddress_psapAddress
-};
-typedef enum NSSPKIXExtendedNetworkAddressEnum NSSPKIXExtendedNetworkAddressChoice;
-
-/*
- * e163-4-address
- *
- * Helper structure for ExtendedNetworkAddress.
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * e163-4-address SEQUENCE {
- * number [0] NumericString (SIZE (1..ub-e163-4-number-length)),
- * sub-address [1] NumericString
- * (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
- *
- */
-
-struct NSSe1634addressStr;
-typedef struct NSSe1634addressStr NSSe1634address;
-
-/*
- * PresentationAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PresentationAddress ::= SEQUENCE {
- * pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
- * sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
- * tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
- * nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
- *
- */
-
-struct NSSPKIXPresentationAddressStr;
-typedef struct NSSPKIXPresentationAddressStr NSSPKIXPresentationAddress;
-
-/*
- * TerminalType
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TerminalType ::= INTEGER {
- * telex (3),
- * teletex (4),
- * g3-facsimile (5),
- * g4-facsimile (6),
- * ia5-terminal (7),
- * videotex (8) } (0..ub-integer-options)
- *
- */
-
-enum NSSPKIXTerminalTypeEnum {
- NSSPKIXTerminalType_NSSinvalid = -1,
- NSSPKIXTerminalType_telex = 3,
- NSSPKIXTerminalType_teletex = 4,
- NSSPKIXTerminalType_g3Facsimile = 5,
- NSSPKIXTerminalType_g4Facsimile = 6,
- NSSPKIXTerminalType_iA5Terminal = 7,
- NSSPKIXTerminalType_videotex = 8
-};
-typedef enum NSSPKIXTerminalTypeEnum NSSPKIXTerminalType;
-
-/*
- * TeletexDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
- * (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
- *
- */
-
-struct NSSPKIXTeletexDomainDefinedAttributesStr;
-typedef struct NSSPKIXTeletexDomainDefinedAttributesStr NSSPKIXTeletexDomainDefinedAttributes;
-
-/*
- * TeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexDomainDefinedAttribute ::= SEQUENCE {
- * type TeletexString
- * (SIZE (1..ub-domain-defined-attribute-type-length)),
- * value TeletexString
- * (SIZE (1..ub-domain-defined-attribute-value-length)) }
- *
- */
-
-struct NSSPKIXTeletexDomainDefinedAttributeStr;
-typedef struct NSSPKIXTeletexDomainDefinedAttributeStr NSSPKIXTeletexDomainDefinedAttribute;
-
-/*
- * AuthorityKeyIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AuthorityKeyIdentifier ::= SEQUENCE {
- * keyIdentifier [0] KeyIdentifier OPTIONAL,
- * authorityCertIssuer [1] GeneralNames OPTIONAL,
- * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
- * -- authorityCertIssuer and authorityCertSerialNumber shall both
- * -- be present or both be absent
- *
- */
-
-struct NSSPKIXAuthorityKeyIdentifierStr;
-typedef struct NSSPKIXAuthorityKeyIdentifierStr NSSPKIXAuthorityKeyIdentifier;
-
-/*
- * KeyIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * KeyIdentifier ::= OCTET STRING
- *
- */
-
-typedef NSSItem NSSPKIXKeyIdentifier;
-
-/*
- * SubjectKeyIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * SubjectKeyIdentifier ::= KeyIdentifier
- *
- */
-
-typedef NSSPKIXKeyIdentifier NSSPKIXSubjectKeyIdentifier;
-
-/*
- * KeyUsage
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * KeyUsage ::= BIT STRING {
- * digitalSignature (0),
- * nonRepudiation (1),
- * keyEncipherment (2),
- * dataEncipherment (3),
- * keyAgreement (4),
- * keyCertSign (5),
- * cRLSign (6),
- * encipherOnly (7),
- * decipherOnly (8) }
- *
- */
-
-struct NSSPKIXKeyUsageStr;
-typedef struct NSSPKIXKeyUsageStr NSSPKIXKeyUsage;
-
-/*
- * KeyUsageValue
- *
- * -- helper for testing many key usages at once
- *
- */
-
-enum NSSPKIXKeyUsageValueEnum {
- NSSPKIXKeyUsage_NSSinvalid = 0,
- NSSPKIXKeyUsage_DigitalSignature = 0x001,
- NSSPKIXKeyUsage_NonRepudiation = 0x002,
- NSSPKIXKeyUsage_KeyEncipherment = 0x004,
- NSSPKIXKeyUsage_DataEncipherment = 0x008,
- NSSPKIXKeyUsage_KeyAgreement = 0x010,
- NSSPKIXKeyUsage_KeyCertSign = 0x020,
- NSSPKIXKeyUsage_CRLSign = 0x040,
- NSSPKIXKeyUsage_EncipherOnly = 0x080,
- NSSPKIXKeyUsage_DecipherOnly = 0x100
-};
-typedef enum NSSPKIXKeyUsageValueEnum NSSPKIXKeyUsageValue;
-
-/*
- * PrivateKeyUsagePeriod
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PrivateKeyUsagePeriod ::= SEQUENCE {
- * notBefore [0] GeneralizedTime OPTIONAL,
- * notAfter [1] GeneralizedTime OPTIONAL }
- * -- either notBefore or notAfter shall be present
- *
- */
-
-struct NSSPKIXPrivateKeyUsagePeriodStr;
-typedef struct NSSPKIXPrivateKeyUsagePeriodStr NSSPKIXPrivateKeyUsagePeriod;
-
-/*
- * CertificatePolicies
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
- *
- */
-
-struct NSSPKIXCertificatePoliciesStr;
-typedef struct NSSPKIXCertificatePoliciesStr NSSPKIXCertificatePolicies;
-
-/*
- * PolicyInformation
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * policyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- */
-
-struct NSSPKIXPolicyInformationStr;
-typedef struct NSSPKIXPolicyInformationStr NSSPKIXPolicyInformation;
-
-/*
- * CertPolicyId
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertPolicyId ::= OBJECT IDENTIFIER
- *
- */
-
-typedef NSSOID NSSPKIXCertPolicyId;
-
-/*
- * PolicyQualifierInfo
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- */
-
-struct NSSPKIXPolicyQualifierInfoStr;
-typedef NSSPKIXPolicyQualifierInfoStr NSSPKIXPolicyQualifierInfo;
-
-/*
- * PolicyQualifierId
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyQualifierId ::=
- * OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
- *
- */
-
-typedef NSSOID NSSPKIXPolicyQualifierId;
-
-/*
- * CPSuri
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CPSuri ::= IA5String
- *
- */
-
-struct NSSPKIXCPSuriStr;
-typedef struct NSSPKIXCPSuriStr NSSPKIXCPSuri;
-
-/*
- * UserNotice
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * UserNotice ::= SEQUENCE {
- * noticeRef NoticeReference OPTIONAL,
- * explicitText DisplayText OPTIONAL}
- *
- */
-
-struct NSSPKIXUserNoticeStr;
-typedef struct NSSPKIXUserNoticeStr NSSPKIXUserNotice;
-
-/*
- * NoticeReference
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NoticeReference ::= SEQUENCE {
- * organization DisplayText,
- * noticeNumbers SEQUENCE OF INTEGER }
- *
- */
-
-struct NSSPKIXNoticeReferenceStr;
-typedef struct NSSPKIXNoticeReferenceStr NSSPKIXNoticeReference;
-
-/*
- * DisplayText
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DisplayText ::= CHOICE {
- * visibleString VisibleString (SIZE (1..200)),
- * bmpString BMPString (SIZE (1..200)),
- * utf8String UTF8String (SIZE (1..200)) }
- *
- */
-
-struct NSSPKIXDisplayTextStr;
-typedef struct NSSPKIXDisplayTextStr NSSPKIXDisplayText;
-
-/*
- * PolicyMappings
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- */
-
-struct NSSPKIXPolicyMappingsStr;
-typedef struct NSSPKIXPolicyMappingsStr NSSPKIXPolicyMappings;
-
-/*
- * policyMapping
- *
- * Helper structure for PolicyMappings
- *
- * SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- */
-
-struct NSSPKIXpolicyMappingStr;
-typedef struct NSSPKIXpolicyMappingStr NSSPKIXpolicyMapping;
-
-/*
- * GeneralName
- *
- * This structure contains a union of the possible general names,
- * of which there are several.
- *
- * From RFC 2459:
- *
- * GeneralName ::= CHOICE {
- * otherName [0] AnotherName,
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER }
- *
- */
-
-struct NSSPKIXGeneralNameStr;
-typedef struct NSSPKIXGeneralNameStr NSSPKIXGeneralName;
-
-/*
- * GeneralNameChoice
- *
- * This enumerates the possible general name types.
- */
-
-enum NSSPKIXGeneralNameChoiceEnum {
- NSSPKIXGeneralNameChoice_NSSinvalid = -1,
- NSSPKIXGeneralNameChoice_otherName = 0,
- NSSPKIXGeneralNameChoice_rfc822Name = 1,
- NSSPKIXGeneralNameChoice_dNSName = 2,
- NSSPKIXGeneralNameChoice_x400Address = 3,
- NSSPKIXGeneralNameChoice_directoryName = 4,
- NSSPKIXGeneralNameChoice_ediPartyName = 5,
- NSSPKIXGeneralNameChoice_uniformResourceIdentifier = 6,
- NSSPKIXGeneralNameChoice_iPAddress = 7,
- NSSPKIXGeneralNameChoice_registeredID = 8
-};
-typedef enum NSSPKIXGeneralNameChoiceEnum NSSPKIXGeneralNameChoice;
-
-/*
- * GeneralNames
- *
- * This structure contains a sequence of GeneralName objects.
- *
- * From RFC 2459:
- *
- * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
- *
- */
-
-struct NSSPKIXGeneralNamesStr;
-typedef struct NSSPKIXGeneralNamesStr NSSPKIXGeneralNames;
-
-/*
- * SubjectAltName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * SubjectAltName ::= GeneralNames
- *
- */
-
-typedef NSSPKIXGeneralNames NSSPKIXSubjectAltName;
-
-/*
- * AnotherName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AnotherName ::= SEQUENCE {
- * type-id OBJECT IDENTIFIER,
- * value [0] EXPLICIT ANY DEFINED BY type-id }
- *
- */
-
-struct NSSPKIXAnotherNameStr;
-typedef struct NSSPKIXAnotherNameStr NSSPKIXAnotherName;
-
-/*
- * EDIPartyName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- *
- * EDIPartyName ::= SEQUENCE {
- * nameAssigner [0] DirectoryString OPTIONAL,
- * partyName [1] DirectoryString }
- *
- */
-
-struct NSSPKIXEDIPartyNameStr;
-typedef struct NSSPKIXEDIPartyNameStr NSSPKIXEDIPartyName;
-
-/*
- * IssuerAltName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * IssuerAltName ::= GeneralNames
- *
- */
-
-typedef NSSPKIXGeneralNames NSSPKIXIssuerAltName;
-
-/*
- * SubjectDirectoryAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
- *
- */
-
-struct NSSPKIXSubjectDirectoryAttributesStr;
-typedef struct NSSPKIXSubjectDirectoryAttributesStr NSSPKIXSubjectDirectoryAttributes;
-
-/*
- * BasicConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BasicConstraints ::= SEQUENCE {
- * cA BOOLEAN DEFAULT FALSE,
- * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
- *
- */
-
-struct NSSPKIXBasicConstraintsStr;
-typedef struct NSSPKIXBasicConstraintsStr NSSPKIXBasicConstraints;
-
-/*
- * NameConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NameConstraints ::= SEQUENCE {
- * permittedSubtrees [0] GeneralSubtrees OPTIONAL,
- * excludedSubtrees [1] GeneralSubtrees OPTIONAL }
- *
- */
-
-struct NSSPKIXNameConstraintsStr;
-typedef struct NSSPKIXNameConstraintsStr NSSPKIXNameConstraints;
-
-/*
- * GeneralSubtrees
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
- *
- */
-
-struct NSSPKIXGeneralSubtreesStr;
-typedef struct NSSPKIXGeneralSubtreesStr NSSPKIXGeneralSubtrees;
-
-/*
- * GeneralSubtree
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * GeneralSubtree ::= SEQUENCE {
- * base GeneralName,
- * minimum [0] BaseDistance DEFAULT 0,
- * maximum [1] BaseDistance OPTIONAL }
- *
- */
-
-struct NSSPKIXGeneralSubtreeStr;
-typedef struct NSSPKIXGeneralSubtreeStr NSSPKIXGeneralSubtree;
-
-/*
- * BaseDistance
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BaseDistance ::= INTEGER (0..MAX)
- *
- */
-
-typedef PRInt32 NSSPKIXBaseDistance;
-
-/*
- * PolicyConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyConstraints ::= SEQUENCE {
- * requireExplicitPolicy [0] SkipCerts OPTIONAL,
- * inhibitPolicyMapping [1] SkipCerts OPTIONAL }
- *
- */
-
-struct NSSPKIXPolicyConstraintsStr;
-typedef NSSPKIXPolicyConstraintsStr NSSPKIXPolicyConstraints;
-
-/*
- * SkipCerts
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * SkipCerts ::= INTEGER (0..MAX)
- *
- */
-
-typedef NSSItem NSSPKIXSkipCerts;
-
-/*
- * CRLDistPointsSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
- *
- */
-
-struct NSSPKIXCRLDistPointsSyntaxStr;
-typedef struct NSSPKIXCRLDistPointsSyntaxStr NSSPKIXCRLDistPointsSyntax;
-
-/*
- * DistributionPoint
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DistributionPoint ::= SEQUENCE {
- * distributionPoint [0] DistributionPointName OPTIONAL,
- * reasons [1] ReasonFlags OPTIONAL,
- * cRLIssuer [2] GeneralNames OPTIONAL }
- *
- */
-
-struct NSSPKIXDistributionPointStr;
-typedef struct NSSPKIXDistributionPointStr NSSPKIXDistributionPoint;
-
-/*
- * DistributionPointName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DistributionPointName ::= CHOICE {
- * fullName [0] GeneralNames,
- * nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
- *
- */
-
-struct NSSPKIXDistributionPointNameStr;
-typedef struct NSSPKIXDistributionPointNameStr NSSPKIXDistributionPointName;
-
-/*
- * DistributionPointNameChoice
- *
- * -- fgmr comments --
- *
- */
-
-enum NSSPKIXDistributionPointNameChoiceEnum {
- NSSDistributionPointNameChoice_NSSinvalid = -1,
- NSSDistributionPointNameChoice_FullName = 0,
- NSSDistributionPointNameChoice_NameRelativeToCRLIssuer = 1
-};
-typedef enum NSSPKIXDistributionPointNameChoiceEnum NSSPKIXDistributionPointNameChoice;
-
-/*
- * ReasonFlags
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ReasonFlags ::= BIT STRING {
- * unused (0),
- * keyCompromise (1),
- * cACompromise (2),
- * affiliationChanged (3),
- * superseded (4),
- * cessationOfOperation (5),
- * certificateHold (6) }
- *
- */
-
-struct NSSPKIXReasonFlagsStr;
-typedef struct NSSPKIXReasonFlagsStr NSSPKIXReasonFlags;
-
-/*
- * ReasonFlagsMask
- *
- * -- fgmr comments --
- *
- */
-
-typedef PRInt32 NSSPKIXReasonFlagsMask;
-const NSSPKIXReasonFlagsMask NSSPKIXReasonFlagsMask_NSSinvalid = -1;
-const NSSPKIXReasonFlagsMask NSSPKIXReasonFlagsMask_KeyCompromise = 0x02;
-const NSSPKIXReasonFlagsMask NSSPKIXReasonFlagsMask_CACompromise = 0x04;
-const NSSPKIXReasonFlagsMask NSSPKIXReasonFlagsMask_AffiliationChanged = 0x08;
-const NSSPKIXReasonFlagsMask NSSPKIXReasonFlagsMask_Superseded = 0x10;
-const NSSPKIXReasonFlagsMask NSSPKIXReasonFlagsMask_CessationOfOperation= 0x20;
-const NSSPKIXReasonFlagsMask NSSPKIXReasonFlagsMask_CertificateHold = 0x40;
-
-/*
- * ExtKeyUsageSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- */
-
-struct NSSPKIXExtKeyUsageSyntaxStr;
-typedef struct NSSPKIXExtKeyUsageSyntaxStr NSSPKIXExtKeyUsageSyntax;
-
-/*
- * KeyPurposeId
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * KeyPurposeId ::= OBJECT IDENTIFIER
- *
- */
-
-typedef NSSOID NSSPKIXKeyPurposeId;
-
-/*
- * AuthorityInfoAccessSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AuthorityInfoAccessSyntax ::=
- * SEQUENCE SIZE (1..MAX) OF AccessDescription
- *
- */
-
-struct NSSPKIXAuthorityInfoAccessSyntaxStr;
-typedef struct NSSPKIXAuthorityInfoAccessSyntaxStr NSSPKIXAuthorityInfoAccessSyntax;
-
-/*
- * AccessDescription
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName }
- *
- */
-
-struct NSSPKIXAccessDescriptionStr;
-typedef struct NSSPKIXAccessDescriptionStr NSSPKIXAccessDescription;
-
-/*
- * CRLNumber
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CRLNumber ::= INTEGER (0..MAX)
- *
- */
-
-typedef NSSItem NSSPKIXCRLNumber;
-
-/*
- * IssuingDistributionPoint
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * IssuingDistributionPoint ::= SEQUENCE {
- * distributionPoint [0] DistributionPointName OPTIONAL,
- * onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
- * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
- * onlySomeReasons [3] ReasonFlags OPTIONAL,
- * indirectCRL [4] BOOLEAN DEFAULT FALSE }
- *
- */
-
-struct NSSPKIXIssuingDistributionPointStr;
-typedef struct NSSPKIXIssuingDistributionPointStr NSSPKIXIssuingDistributionPoint;
-
-/*
- * BaseCRLNumber
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BaseCRLNumber ::= CRLNumber
- *
- */
-
-typedef NSSPKIXCRLNumber NSSPKIXBaseCRLNumber;
-
-/*
- * CRLReason
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CRLReason ::= ENUMERATED {
- * unspecified (0),
- * keyCompromise (1),
- * cACompromise (2),
- * affiliationChanged (3),
- * superseded (4),
- * cessationOfOperation (5),
- * certificateHold (6),
- * removeFromCRL (8) }
- *
- */
-
-enum NSSPKIXCRLReasonEnum {
- NSSPKIXCRLReasonEnum_NSSinvalid = -1,
- NSSPKIXCRLReasonEnum_unspecified = 0,
- NSSPKIXCRLReasonEnum_keyCompromise = 1,
- NSSPKIXCRLReasonEnum_cACompromise = 2,
- NSSPKIXCRLReasonEnum_affiliationChanged = 3,
- NSSPKIXCRLReasonEnum_superseded = 4,
- NSSPKIXCRLReasonEnum_cessationOfOperation = 5,
- NSSPKIXCRLReasonEnum_certificateHold = 6,
- NSSPKIXCRLReasonEnum_removeFromCRL = 8
-};
-typedef enum NSSPKIXCRLReasonEnum NSSPKIXCRLReason;
-
-/*
- * CertificateIssuer
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificateIssuer ::= GeneralNames
- *
- */
-
-typedef NSSPKIXGeneralNames NSSPKIXCertificateIssuer;
-
-/*
- * HoldInstructionCode
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * HoldInstructionCode ::= OBJECT IDENTIFIER
- *
- */
-
-typedef NSSOID NSSPKIXHoldInstructionCode;
-
-/*
- * InvalidityDate
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * InvalidityDate ::= GeneralizedTime
- *
- */
-
-typedef PRTime NSSPKIXInvalidityDate;
-
-PR_END_EXTERN_C
-
-#endif /* NSSPKIXT_H */
diff --git a/security/nss/lib/pkix/include/pkix.h b/security/nss/lib/pkix/include/pkix.h
deleted file mode 100644
index 8ebe95595..000000000
--- a/security/nss/lib/pkix/include/pkix.h
+++ /dev/null
@@ -1,26086 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef PKIX_H
-#define PKIX_H
-
-#ifdef DEBUG
-static const char PKIX_CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * pkix.h
- *
- * This file contains the prototypes for the private methods defined
- * for the PKIX part-1 objects.
- */
-
-#ifndef NSSPKIX_H
-#include "nsspkix.h"
-#endif /* NSSPKIX_H */
-
-#ifndef PKIXT_H
-#include "pkixt.h"
-#endif /* PKIXT_H */
-
-#ifndef ASN1T_H
-#include "asn1t.h"
-#endif /* ASN1T_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * Attribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Attribute ::= SEQUENCE {
- * type AttributeType,
- * values SET OF AttributeValue
- * -- at least one value is required -- }
- *
- * The private calls for the type:
- *
- * nssPKIXAttribute_Decode
- * nssPKIXAttribute_Create
- * nssPKIXAttribute_CreateFromArray
- * nssPKIXAttribute_Destroy
- * nssPKIXAttribute_Encode
- * nssPKIXAttribute_GetType
- * nssPKIXAttribute_SetType
- * nssPKIXAttribute_GetValueCount
- * nssPKIXAttribute_GetValues
- * nssPKIXAttribute_SetValues
- * nssPKIXAttribute_GetValue
- * nssPKIXAttribute_SetValue
- * nssPKIXAttribute_AddValue
- * nssPKIXAttribute_RemoveValue
- * nssPKIXAttribute_FindValue
- * nssPKIXAttribute_Equal
- * nssPKIXAttribute_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXAttribute_verifyPointer
- */
-
-/*
- * nssPKIXAttribute_template
- *
- *
- */
-
-extern const nssASN1Template nssPKIXAttribute_template[];
-
-/*
- * nssPKIXAttribute_Decode
- *
- * This routine creates an NSSPKIXAttribute by decoding a BER-
- * or DER-encoded Attribute as defined in RFC 2459. This
- * routine may return NULL upon error, in which case it will
- * have created an error stack. If the optional arena argument
- * is non-NULL, that arena will be used for the required memory.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-nssPKIXAttribute_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXAttribute_Create
- *
- * This routine creates an NSSPKIXAttribute from specified components.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack. If the optional arena argument is non-NULL,
- * that arena will be used for the required memory. There must be at
- * least one attribute value specified. The final argument must be
- * NULL, to indicate the end of the set of attribute values.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-nssPKIXAttribute_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- NSSPKIXAttributeValue *value1,
- ...
-);
-
-/*
- * nssPKIXAttribute_CreateFromArray
- *
- * This routine creates an NSSPKIXAttribute from specified components.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack. If the optional arena argument is non-NULL,
- * that arena will be used for the required memory. There must be at
- * least one attribute value specified. The final argument must be
- * NULL, to indicate the end of the set of attribute values.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-nssPKIXAttribute_CreateFromArray
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- PRUint32 count,
- NSSPKIXAttributeValue values[]
-);
-
-/*
- * nssPKIXAttribute_Destroy
- *
- * This routine destroys an NSSPKIXAttribute. It should be called on
- * all such objects created without an arena. It does not need to be
- * called for objects created with an arena, but it may be. This
- * routine returns a PRStatus value. Upon error, it will create an
- * error stack and return PR_FAILURE.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttribute_Destroy
-(
- NSSPKIXAttribute *attribute
-);
-
-/*
- * nssPKIXAttribute_Encode
- *
- * This routine returns the BER encoding of the specified
- * NSSPKIXAttribute. {usual rules about itemOpt and arenaOpt}
- * This routine indicates an error (NSS_ERROR_INVALID_DATA)
- * if there are no attribute values (i.e., the last one was removed).
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_DATA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXAttribute_Encode
-(
- NSSPKIXAttribute *attribute,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAttribute_GetType
- *
- * This routine returns the attribute type oid of the specified
- * NSSPKIXAttribute.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSPKIXAttributeType pointer upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttributeType *
-nssPKIXAttribute_GetType
-(
- NSSPKIXAttribute *attribute
-);
-
-/*
- * nssPKIXAttribute_SetType
- *
- * This routine sets the attribute type oid of the indicated
- * NSSPKIXAttribute to the specified value. Since attributes
- * may be application-defined, no checking can be done on
- * either the correctness of the attribute type oid value nor
- * the suitability of the set of attribute values.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttribute_SetType
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeType *attributeType
-);
-
-/*
- * nssPKIXAttribute_GetValueCount
- *
- * This routine returns the number of attribute values present in
- * the specified NSSPKIXAttribute. This routine returns a PRInt32.
- * Upon error, this routine returns -1. This routine indicates an
- * error if the number of values cannot be expressed as a PRInt32.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXAttribute_GetValueCount
-(
- NSSPKIXAttribute *attribute
-);
-
-/*
- * nssPKIXAttribute_GetValues
- *
- * This routine returns all of the attribute values in the specified
- * NSSPKIXAttribute. If the optional pointer to an array of NSSItems
- * is non-null, then that array will be used and returned; otherwise,
- * an array will be allocated and returned. If the limit is nonzero
- * (which is must be if the specified array is nonnull), then an
- * error is indicated if it is smaller than the value count.
- * {arenaOpt}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSItem's upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttributeValue *
-nssPKIXAttribute_GetValues
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAttribute_SetValues
- *
- * This routine sets all of the values of the specified
- * NSSPKIXAttribute to the values in the specified NSSItem array.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttribute_SetValues
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue values[],
- PRInt32 count
-);
-
-/*
- * nssPKIXAttribute_GetValue
- *
- * This routine returns the i'th attribute value of the set of
- * values in the specified NSSPKIXAttribute. Although the set
- * is unordered, an arbitrary ordering will be maintained until
- * the data in the attribute is changed. {usual comments about
- * itemOpt and arenaOpt}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeValue *
-nssPKIXAttribute_GetValue
-(
- NSSPKIXAttribute *attribute,
- PRInt32 i,
- NSSPKIXAttributeValue *itemOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAttribute_SetValue
- *
- * This routine sets the i'th attribute value {blah blah; copies
- * memory contents over..}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttribute_SetValue
-(
- NSSPKIXAttribute *attribute,
- PRInt32 i,
- NSSPKIXAttributeValue *value
-);
-
-/*
- * nssPKIXAttribute_AddValue
- *
- * This routine adds the specified attribute value to the set in
- * the specified NSSPKIXAttribute.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttribute_AddValue
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue *value
-);
-
-/*
- * nssPKIXAttribute_RemoveValue
- *
- * This routine removes the i'th attribute value of the set in the
- * specified NSSPKIXAttribute. An attempt to remove the last value
- * will fail.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_AT_MINIMUM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttribute_RemoveValue
-(
- NSSPKIXAttribute *attribute,
- PRInt32 i
-);
-
-/*
- * nssPKIXAttribute_FindValue
- *
- * This routine searches the set of attribute values in the specified
- * NSSPKIXAttribute for the provided data. If an exact match is found,
- * then that value's index is returned. If an exact match is not
- * found, -1 is returned. If there is more than one exact match, one
- * index will be returned. {notes about unorderdness of SET, etc}
- * If the index may not be represented as an integer, an error is
- * indicated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXAttribute_FindValue
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue *attributeValue
-);
-
-/*
- * nssPKIXAttribute_Equal
- *
- * This routine compares two NSSPKIXAttribute's for equality.
- * It returns PR_TRUE if they are equal, PR_FALSE otherwise.
- * This routine also returns PR_FALSE upon error; if you're
- * that worried about it, check for an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXAttribute_Equal
-(
- NSSPKIXAttribute *one,
- NSSPKIXAttribute *two,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXAttribute_Duplicate
- *
- * This routine duplicates an NSSPKIXAttribute. {arenaOpt}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-nssPKIXAttribute_Duplicate
-(
- NSSPKIXAttribute *attribute,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXAttribute_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXAttribute
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttribute_verifyPointer
-(
- NSSPKIXAttribute *p
-);
-#endif /* DEBUG */
-
-/*
- * AttributeTypeAndValue
- *
- * This structure contains an attribute type (indicated by an OID),
- * and the type-specific value. RelativeDistinguishedNames consist
- * of a set of these. These are distinct from Attributes (which have
- * SET of values), from AttributeDescriptions (which have qualifiers
- * on the types), and from AttributeValueAssertions (which assert a
- * a value comparison under some matching rule).
- *
- * From RFC 2459:
- *
- * AttributeTypeAndValue ::= SEQUENCE {
- * type AttributeType,
- * value AttributeValue }
- *
- * The private calls for the type:
- *
- * nssPKIXAttributeTypeAndValue_Decode
- * nssPKIXAttributeTypeAndValue_CreateFromUTF8
- * nssPKIXAttributeTypeAndValue_Create
- * nssPKIXAttributeTypeAndValue_Destroy
- * nssPKIXAttributeTypeAndValue_Encode
- * nssPKIXAttributeTypeAndValue_GetUTF8Encoding
- * nssPKIXAttributeTypeAndValue_GetType
- * nssPKIXAttributeTypeAndValue_SetType
- * nssPKIXAttributeTypeAndValue_GetValue
- * nssPKIXAttributeTypeAndValue_SetValue
- * nssPKIXAttributeTypeAndValue_Equal
- * nssPKIXAttributeTypeAndValue_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXAttributeTypeAndValue_verifyPointer
- */
-
-/*
- * nssPKIXAttributeTypeAndValue_Decode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue *
-nssPKIXAttributeTypeAndValue_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXAttributeTypeAndValue_CreateFromUTF8
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue *
-nssPKIXAttributeTypeAndValue_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-);
-
-/*
- * nssPKIXAttributeTypeAndValue_Create
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue *
-nssPKIXAttributeTypeAndValue_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- NSSPKIXAttributeValue *value
-);
-
-/*
- * nssPKIXAttributeTypeAndValue_Destroy
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttributeTypeAndValue_Destroy
-(
- NSSPKIXAttributeTypeAndValue *atav
-);
-
-/*
- * nssPKIXAttributeTypeAndValue_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXAttributeTypeAndValue_Encode
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAttributeTypeAndValue_GetUTF8Encoding
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXAttributeTypeAndValue_GetUTF8Encoding
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAttributeTypeAndValue_GetType
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSPKIXAttributeType pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeType *
-nssPKIXAttributeTypeAndValue_GetType
-(
- NSSPKIXAttributeTypeAndValue *atav
-);
-
-/*
- * nssPKIXAttributeTypeAndValue_SetType
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttributeTypeAndValue_SetType
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeType *attributeType
-);
-
-/*
- * nssPKIXAttributeTypeAndValue_GetValue
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSAttributeValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeValue *
-nssPKIXAttributeTypeAndValue_GetValue
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeValue *itemOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAttributeTypeAndValue_SetValue
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttributeTypeAndValue_SetValue
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeValue *value
-);
-
-/*
- * nssPKIXAttributeTypeAndValue_Equal
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXAttributeTypeAndValue_Equal
-(
- NSSPKIXAttributeTypeAndValue *atav1,
- NSSPKIXAttributeTypeAndValue *atav2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXAttributeTypeAndValue_Duplicate
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue *
-nssPKIXAttributeTypeAndValue_Duplicate
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXAttributeTypeAndValue_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXAttributeTypeAndValue
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE_TYPE_AND_VALUE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttributeTypeAndValue_verifyPointer
-(
- NSSPKIXAttributeTypeAndValue *p
-);
-#endif /* DEBUG */
-
-/*
- * X520Name
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520name ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-name)),
- * printableString PrintableString (SIZE (1..ub-name)),
- * universalString UniversalString (SIZE (1..ub-name)),
- * utf8String UTF8String (SIZE (1..ub-name)),
- * bmpString BMPString (SIZE(1..ub-name)) }
- *
- *
- * ub-name INTEGER ::= 32768
- *
- * The private calls for this type:
- *
- * nssPKIXX520Name_Decode
- * nssPKIXX520Name_CreateFromUTF8
- * nssPKIXX520Name_Create
- * nssPKIXX520Name_Destroy
- * nssPKIXX520Name_Encode
- * nssPKIXX520Name_GetUTF8Encoding
- * nssPKIXX520Name_Equal
- * nssPKIXX520Name_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXX520Name_verifyPointer
- */
-
-/*
- * nssPKIXX520Name_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520Name *
-nssPKIXX520Name_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXX520Name_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520Name *
-nssPKIXX520Name_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXX520Name_Create
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING_TYPE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520Name *
-nssPKIXX520Name_Create
-(
- NSSArena *arenaOpt,
- nssStringType type,
- NSSItem *data
-);
-
-/*
- * nssPKIXX520Name_Destroy
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX520Name_Destroy
-(
- NSSPKIXX520Name *name
-);
-
-/*
- * nssPKIXX520Name_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX520Name_Encode
-(
- NSSPKIXX520Name *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXX520Name_GetUTF8Encoding
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXX520Name_GetUTF8Encoding
-(
- NSSPKIXX520Name *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXX520Name_Equal
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXX520Name_Equal
-(
- NSSPKIXX520Name *name1,
- NSSPKIXX520Name *name2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXX520Name_Duplicate
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520Name *
-nssPKIXX520Name_Duplicate
-(
- NSSPKIXX520Name *name,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-
-/*
- * nssPKIXX520Name_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXX520Name
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_X520_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXX520Name_verifyPointer
-(
- NSSPKIXX520Name *p
-);
-
-#endif /* DEBUG */
-
-/*
- * X520CommonName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520CommonName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-common-name)),
- * printableString PrintableString (SIZE (1..ub-common-name)),
- * universalString UniversalString (SIZE (1..ub-common-name)),
- * utf8String UTF8String (SIZE (1..ub-common-name)),
- * bmpString BMPString (SIZE(1..ub-common-name)) }
- *
- *
- * ub-common-name INTEGER ::= 64
- *
- * The private calls for this type:
- *
- *
- * nssPKIXX520CommonName_Decode
- * nssPKIXX520CommonName_CreateFromUTF8
- * nssPKIXX520CommonName_Create
- * nssPKIXX520CommonName_Destroy
- * nssPKIXX520CommonName_Encode
- * nssPKIXX520CommonName_GetUTF8Encoding
- * nssPKIXX520CommonName_Equal
- * nssPKIXX520CommonName_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXX520CommonName_verifyPointer
- */
-
-/*
- * nssPKIXX520CommonName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520CommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520CommonName *
-nssPKIXX520CommonName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXX520CommonName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520CommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520CommonName *
-nssPKIXX520CommonName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXX520CommonName_Create
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING_TYPE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520CommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520CommonName *
-nssPKIXX520CommonName_Create
-(
- NSSArena *arenaOpt,
- nssStringType type,
- NSSItem *data
-);
-
-/*
- * nssPKIXX520CommonName_Destroy
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX520CommonName_Destroy
-(
- NSSPKIXX520CommonName *name
-);
-
-/*
- * nssPKIXX520CommonName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX520CommonName_Encode
-(
- NSSPKIXX520CommonName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXX520CommonName_GetUTF8Encoding
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXX520CommonName_GetUTF8Encoding
-(
- NSSPKIXX520CommonName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXX520CommonName_Equal
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXX520CommonName_Equal
-(
- NSSPKIXX520CommonName *name1,
- NSSPKIXX520CommonName *name2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXX520CommonName_Duplicate
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520CommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520CommonName *
-nssPKIXX520CommonName_Duplicate
-(
- NSSPKIXX520CommonName *name,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-
-/*
- * nssPKIXX520CommonName_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXX520CommonName
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_X520_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXX520CommonName_verifyPointer
-(
- NSSPKIXX520CommonName *p
-);
-
-#endif /* DEBUG */
-
-/*
- * X520LocalityName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520LocalityName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-locality-name)),
- * printableString PrintableString (SIZE (1..ub-locality-name)),
- * universalString UniversalString (SIZE (1..ub-locality-name)),
- * utf8String UTF8String (SIZE (1..ub-locality-name)),
- * bmpString BMPString (SIZE(1..ub-locality-name)) }
- *
- * The private calls for this type:
- *
- * nssPKIXX520LocalityName_Decode
- * nssPKIXX520LocalityName_CreateFromUTF8
- * nssPKIXX520LocalityName_Encode
- *
- */
-
-/*
- * nssPKIXX520LocalityName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520LocalityName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520LocalityName *
-nssPKIXX520LocalityName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXX520LocalityName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520LocalityName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520LocalityName *
-nssPKIXX520LocalityName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXX520LocalityName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX520LocalityName_Encode
-(
- NSSPKIXX520LocalityName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520StateOrProvinceName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520StateOrProvinceName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-state-name)),
- * printableString PrintableString (SIZE (1..ub-state-name)),
- * universalString UniversalString (SIZE (1..ub-state-name)),
- * utf8String UTF8String (SIZE (1..ub-state-name)),
- * bmpString BMPString (SIZE(1..ub-state-name)) }
- *
- * The private calls for this type:
- *
- * nssPKIXX520StateOrProvinceName_Decode
- * nssPKIXX520StateOrProvinceName_CreateFromUTF8
- * nssPKIXX520StateOrProvinceName_Encode
- *
- */
-
-/*
- * nssPKIXX520StateOrProvinceName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520StateOrProvinceName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520StateOrProvinceName *
-nssPKIXX520StateOrProvinceName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXX520StateOrProvinceName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520StateOrProvinceName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520StateOrProvinceName *
-nssPKIXX520StateOrProvinceName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXX520StateOrProvinceName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX520StateOrProvinceName_Encode
-(
- NSSPKIXX520StateOrProvinceName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520OrganizationName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520OrganizationName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-organization-name)),
- * printableString PrintableString (SIZE (1..ub-organization-name)),
- * universalString UniversalString (SIZE (1..ub-organization-name)),
- * utf8String UTF8String (SIZE (1..ub-organization-name)),
- * bmpString BMPString (SIZE(1..ub-organization-name)) }
- *
- * The private calls for this type:
- *
- * nssPKIXX520OrganizationName_Decode
- * nssPKIXX520OrganizationName_CreateFromUTF8
- * nssPKIXX520OrganizationName_Encode
- *
- */
-
-/*
- * nssPKIXX520OrganizationName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520OrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520OrganizationName *
-nssPKIXX520OrganizationName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXX520OrganizationName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520OrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520OrganizationName *
-nssPKIXX520OrganizationName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXX520OrganizationName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX520OrganizationName_Encode
-(
- NSSPKIXX520OrganizationName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520OrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520OrganizationalUnitName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-organizational-unit-name)),
- * printableString PrintableString
- * (SIZE (1..ub-organizational-unit-name)),
- * universalString UniversalString
- * (SIZE (1..ub-organizational-unit-name)),
- * utf8String UTF8String (SIZE (1..ub-organizational-unit-name)),
- * bmpString BMPString (SIZE(1..ub-organizational-unit-name)) }
- *
- * The private calls for this type:
- *
- * nssPKIXX520OrganizationalUnitName_Decode
- * nssPKIXX520OrganizationalUnitName_CreateFromUTF8
- * nssPKIXX520OrganizationalUnitName_Encode
- *
- */
-
-/*
- * nssPKIXX520OrganizationalUnitName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520OrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520OrganizationalUnitName *
-nssPKIXX520OrganizationalUnitName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXX520OrganizationalUnitName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520OrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520OrganizationalUnitName *
-nssPKIXX520OrganizationalUnitName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXX520OrganizationalUnitName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX520OrganizationalUnitName_Encode
-(
- NSSPKIXX520OrganizationalUnitName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520Title
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520Title ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-title)),
- * printableString PrintableString (SIZE (1..ub-title)),
- * universalString UniversalString (SIZE (1..ub-title)),
- * utf8String UTF8String (SIZE (1..ub-title)),
- * bmpString BMPString (SIZE(1..ub-title)) }
- *
- * The private calls for this type:
- *
- * nssPKIXX520Title_Decode
- * nssPKIXX520Title_CreateFromUTF8
- * nssPKIXX520Title_Encode
- *
- */
-
-/*
- * nssPKIXX520Title_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Title upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520Title *
-nssPKIXX520Title_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXX520Title_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Title upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520Title *
-nssPKIXX520Title_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXX520Title_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX520Title_Encode
-(
- NSSPKIXX520Title *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520dnQualifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520dnQualifier ::= PrintableString
- *
- * The private calls for this type:
- *
- * nssPKIXX520dnQualifier_Decode
- * nssPKIXX520dnQualifier_CreateFromUTF8
- * nssPKIXX520dnQualifier_Encode
- *
- */
-
-/*
- * nssPKIXX520dnQualifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520dnQualifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520dnQualifier *
-nssPKIXX520dnQualifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXX520dnQualifier_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520dnQualifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520dnQualifier *
-nssPKIXX520dnQualifier_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXX520dnQualifier_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX520dnQualifier_Encode
-(
- NSSPKIXX520dnQualifier *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X520countryName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes
- *
- * The private calls for this type:
- *
- * nssPKIXX520countryName_Decode
- * nssPKIXX520countryName_CreateFromUTF8
- * nssPKIXX520countryName_Encode
- *
- */
-
-/*
- * nssPKIXX520countryName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520countryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520countryName *
-nssPKIXX520countryName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXX520countryName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520countryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX520countryName *
-nssPKIXX520countryName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXX520countryName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX520countryName_Encode
-(
- NSSPKIXX520countryName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * Pkcs9email
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
- *
- * The private calls for this type:
- *
- * nssPKIXPkcs9email_Decode
- * nssPKIXPkcs9email_CreateFromUTF8
- * nssPKIXPkcs9email_Encode
- *
- */
-
-/*
- * nssPKIXPkcs9email_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPkcs9email upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPkcs9email *
-nssPKIXPkcs9email_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPkcs9email_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPkcs9email upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPkcs9email *
-nssPKIXPkcs9email_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXPkcs9email_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPkcs9email_Encode
-(
- NSSPKIXPkcs9email *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * Name
- *
- * This structure contains a union of the possible name formats,
- * which at the moment is limited to an RDNSequence.
- *
- * From RFC 2459:
- *
- * Name ::= CHOICE { -- only one possibility for now --
- * rdnSequence RDNSequence }
- *
- * The private calls for this type:
- *
- * nssPKIXName_Decode
- * nssPKIXName_CreateFromUTF8
- * nssPKIXName_Create
- * nssPKIXName_CreateFromRDNSequence
- * nssPKIXName_Destroy
- * nssPKIXName_Encode
- * nssPKIXName_GetUTF8Encoding
- * nssPKIXName_GetChoice
- * nssPKIXName_GetRDNSequence
- * nssPKIXName_GetSpecifiedChoice {fgmr remove this}
-{fgmr} _SetRDNSequence
-{fgmr} _SetSpecifiedChoice
- * nssPKIXName_Equal
- * nssPKIXName_Duplicate
- *
- * (here is where I had specific attribute value gettors in pki1)
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXName_verifyPointer
- *
- */
-
-/*
- * nssPKIXName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-nssPKIXName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXName_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-nssPKIXName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-);
-
-/*
- * nssPKIXName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-nssPKIXName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXNameChoice choice,
- void *arg
-);
-
-/*
- * nssPKIXName_CreateFromRDNSequence
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-nssPKIXName_CreateFromRDNSequence
-(
- NSSArena *arenaOpt,
- NSSPKIXRDNSequence *rdnSequence
-);
-
-/*
- * nssPKIXName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXName_Destroy
-(
- NSSPKIXName *name
-);
-
-/*
- * nssPKIXName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXName_Encode
-(
- NSSPKIXName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXName_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXName_GetUTF8Encoding
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXName_GetChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * A valid element of the NSSPKIXNameChoice enumeration upon success
- * The value NSSPKIXNameChoice_NSSinvalid (-1) upon error
- */
-
-NSS_EXTERN NSSPKIXNameChoice
-nssPKIXName_GetChoice
-(
- NSSPKIXName *name
-);
-
-/*
- * nssPKIXName_GetRDNSequence
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A pointer to a valid NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-nssPKIXName_GetRDNSequence
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXName_GetSpecifiedChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A valid pointer ...
- * NULL upon failure
- */
-
-NSS_EXTERN void *
-nssPKIXName_GetSpecifiedChoice
-(
- NSSPKIXName *name,
- NSSPKIXNameChoice choice,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXName_Equal
-(
- NSSPKIXName *name1,
- NSSPKIXName *name2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-nssPKIXName_Duplicate
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXName_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXName
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXName_verifyPointer
-(
- NSSPKIXName *p
-);
-#endif /* DEBUG */
-
-/*
- * RDNSequence
- *
- * This structure contains a sequence of RelativeDistinguishedName
- * objects.
- *
- * From RFC 2459:
- *
- * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- *
- * The private calls for this type:
- *
- * nssPKIXRDNSequence_Decode
- * nssPKIXRDNSequence_CreateFromUTF8
- * nssPKIXRDNSequence_Create
- * nssPKIXRDNSequence_CreateFromArray
- * nssPKIXRDNSequence_Destroy
- * nssPKIXRDNSequence_Encode
- * nssPKIXRDNSequence_GetUTF8Encoding
- * nssPKIXRDNSequence_GetRelativeDistinguishedNameCount
- * nssPKIXRDNSequence_GetRelativeDistinguishedNames
- * nssPKIXRDNSequence_SetRelativeDistinguishedNames
- * nssPKIXRDNSequence_GetRelativeDistinguishedName
- * nssPKIXRDNSequence_SetRelativeDistinguishedName
- * nssPKIXRDNSequence_AppendRelativeDistinguishedName
- * nssPKIXRDNSequence_InsertRelativeDistinguishedName
- * nssPKIXRDNSequence_RemoveRelativeDistinguishedName
- * nssPKIXRDNSequence_FindRelativeDistinguishedName
- * nssPKIXRDNSequence_Equal
- * nssPKIXRDNSequence_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXRDNSequence_verifyPointer
- *
- */
-
-/*
- * nssPKIXRDNSequence_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-nssPKIXRDNSequence_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXRDNSequence_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-nssPKIXRDNSequence_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-);
-
-/*
- * nssPKIXRDNSequence_CreateFromArray
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-nssPKIXRDNSequence_CreateFromArray
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- NSSPKIXRelativeDistinguishedName *rdn1
-);
-
-/*
- * nssPKIXRDNSequence_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-nssPKIXRDNSequence_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXRelativeDistinguishedName *rdn1,
- ...
-);
-
-/*
- * nssPKIXRDNSequence_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRDNSequence_Destroy
-(
- NSSPKIXRDNSequence *rdnseq
-);
-
-/*
- * nssPKIXRDNSequence_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXRDNSequence_Encode
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXRDNSequence_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXRDNSequence_GetUTF8Encoding
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXRDNSequence_GetRelativeDistinguishedNameCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXRDNSequence_GetRelativeDistinguishedNameCount
-(
- NSSPKIXRDNSequence *rdnseq
-);
-
-/*
- * nssPKIXRDNSequence_GetRelativeDistinguishedNames
- *
- * This routine returns all of the relative distinguished names in the
- * specified RDN Sequence. {...} If the array is allocated, or if the
- * specified one has extra space, the array will be null-terminated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXRelativeDistinguishedName
- * pointers upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName **
-nssPKIXRDNSequence_GetRelativeDistinguishedNames
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXRDNSequence_SetRelativeDistinguishedNames
- *
- * -- fgmr comments --
- * If the array pointer itself is null, the set is considered empty.
- * If the count is zero but the pointer nonnull, the array will be
- * assumed to be null-terminated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRDNSequence_SetRelativeDistinguishedNames
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdns[],
- PRInt32 countOpt
-);
-
-/*
- * nssPKIXRDNSequence_GetRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-nssPKIXRDNSequence_GetRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXRDNSequence_SetRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRDNSequence_SetRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * nssPKIXRDNSequence_AppendRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRDNSequence_AppendRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * nssPKIXRDNSequence_InsertRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRDNSequence_InsertRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * nssPKIXRDNSequence_RemoveRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRDNSequence_RemoveRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i
-);
-
-/*
- * nssPKIXRDNSequence_FindRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXRDNSequence_FindRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * nssPKIXRDNSequence_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXRDNSequence_Equal
-(
- NSSPKIXRDNSequence *one,
- NSSPKIXRDNSequence *two,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXRDNSequence_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-nssPKIXRDNSequence_Duplicate
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXRDNSequence_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXRDNSequence
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRDNSequence_verifyPointer
-(
- NSSPKIXRDNSequence *p
-);
-#endif /* DEBUG */
-
-/*
- * DistinguishedName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DistinguishedName ::= RDNSequence
- *
- * This is just a public typedef; no new methods are required. {fgmr-- right?}
- */
-
-/*
- * RelativeDistinguishedName
- *
- * This structure contains an unordered set of AttributeTypeAndValue
- * objects. RDNs are used to distinguish a set of objects underneath
- * a common object.
- *
- * Often, a single ATAV is sufficient to make a unique distinction.
- * For example, if a company assigns its people unique uid values,
- * then in the Name "uid=smith,ou=People,o=Acme,c=US" the "uid=smith"
- * ATAV by itself forms an RDN. However, sometimes a set of ATAVs is
- * needed. For example, if a company needed to distinguish between
- * two Smiths by specifying their corporate divisions, then in the
- * Name "(cn=Smith,ou=Sales),ou=People,o=Acme,c=US" the parenthesised
- * set of ATAVs forms the RDN.
- *
- * From RFC 2459:
- *
- * RelativeDistinguishedName ::=
- * SET SIZE (1 .. MAX) OF AttributeTypeAndValue
- *
- * The private calls for this type:
- *
- * nssPKIXRelativeDistinguishedName_Decode
- * nssPKIXRelativeDistinguishedName_CreateFromUTF8
- * nssPKIXRelativeDistinguishedName_Create
- * nssPKIXRelativeDistinguishedName_CreateFromArray
- * nssPKIXRelativeDistinguishedName_Destroy
- * nssPKIXRelativeDistinguishedName_Encode
- * nssPKIXRelativeDistinguishedName_GetUTF8Encoding
- * nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValueCount
- * nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValues
- * nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValues
- * nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValue
- * nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValue
- * nssPKIXRelativeDistinguishedName_AddAttributeTypeAndValue
- * nssPKIXRelativeDistinguishedName_RemoveAttributeTypeAndValue
- * nssPKIXRelativeDistinguishedName_FindAttributeTypeAndValue
- * nssPKIXRelativeDistinguishedName_Equal
- * nssPKIXRelativeDistinguishedName_Duplicate
- *
- * fgmr: Logical additional functions include
- *
- * NSSPKIXRelativeDistinguishedName_FindAttributeTypeAndValueByType
- * returns PRInt32
- * NSSPKIXRelativeDistinguishedName_FindAttributeTypeAndValuesByType
- * returns array of PRInt32
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValueForType
- * returns NSSPKIXAttributeTypeAndValue
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValuesForType
- * returns array of NSSPKIXAttributeTypeAndValue
- * NSSPKIXRelativeDistinguishedName_GetAttributeValueForType
- * returns NSSPKIXAttributeValue
- * NSSPKIXRelativeDistinguishedName_GetAttributeValuesForType
- * returns array of NSSPKIXAttributeValue
- *
- * NOTE: the "return array" versions are only meaningful if an RDN may
- * contain multiple ATAVs with the same type. Verify in the RFC if
- * this is possible or not. If not, nuke those three functions.
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXRelativeDistinguishedName_verifyPointer
- *
- */
-
-/*
- * nssPKIXRelativeDistinguishedName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-nssPKIXRelativeDistinguishedName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-nssPKIXRelativeDistinguishedName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-nssPKIXRelativeDistinguishedName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeTypeAndValue *atav1,
- ...
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_CreateFromArray
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-nssPKIXRelativeDistinguishedName_CreateFromArray
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- NSSPKIXAttributeTypeAndValue *atavs
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRelativeDistinguishedName_Destroy
-(
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXRelativeDistinguishedName_Encode
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXRelativeDistinguishedName_GetUTF8Encoding
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValueCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValueCount
-(
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValues
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXAttributeTypeAndValue
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue **
-nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValues
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValues
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValues
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atavs[],
- PRInt32 countOpt
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeTypeAndValue *
-nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i,
- NSSPKIXAttributeTypeAndValue *atav
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_AddAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRelativeDistinguishedName_AddAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atav
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_RemoveAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_AT_MINIMUM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRelativeDistinguishedName_RemoveAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_FindAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXRelativeDistinguishedName_FindAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atav
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXRelativeDistinguishedName_Equal
-(
- NSSPKIXRelativeDistinguishedName *one,
- NSSPKIXRelativeDistinguishedName *two,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXRelativeDistinguishedName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-nssPKIXRelativeDistinguishedName_Duplicate
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXRelativeDistinguishedName_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXRelativeDistinguishedName
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RELATIVE_DISTINGUISHED_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXRelativeDistinguishedName_verifyPointer
-(
- NSSPKIXRelativeDistinguishedName *p
-);
-#endif /* DEBUG */
-
-/*
- * DirectoryString
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DirectoryString ::= CHOICE {
- * teletexString TeletexString (SIZE (1..MAX)),
- * printableString PrintableString (SIZE (1..MAX)),
- * universalString UniversalString (SIZE (1..MAX)),
- * utf8String UTF8String (SIZE (1..MAX)),
- * bmpString BMPString (SIZE(1..MAX)) }
- *
- * The private calls for this type:
- *
- * nssPKIXDirectoryString_Decode
- * nssPKIXDirectoryString_CreateFromUTF8
- * nssPKIXDirectoryString_Encode
- *
- */
-
-/*
- * nssPKIXDirectoryString_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDirectoryString upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDirectoryString *
-nssPKIXDirectoryString_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXDirectoryString_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDirectoryString upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDirectoryString *
-nssPKIXDirectoryString_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXDirectoryString_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_DIRECTORY_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXDirectoryString_Encode
-(
- NSSPKIXDirectoryString *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * Certificate
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Certificate ::= SEQUENCE {
- * tbsCertificate TBSCertificate,
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING }
- *
- * The private calls for this type:
- *
- * nssPKIXCertificate_Decode
- * nssPKIXCertificate_Create
- * nssPKIXCertificate_Destroy
- * nssPKIXCertificate_Encode
- * nssPKIXCertificate_GetTBSCertificate
- * nssPKIXCertificate_SetTBSCertificate
- * nssPKIXCertificate_GetAlgorithmIdentifier
- * nssPKIXCertificate_SetAlgorithmIdentifier
- * nssPKIXCertificate_GetSignature
- * nssPKIXCertificate_SetSignature
- * nssPKIXCertificate_Equal
- * nssPKIXCertificate_Duplicate
- *
- * { inherit TBSCertificate gettors? }
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXCertificate_verifyPointer
- *
- */
-
-/*
- * nssPKIXCertificate_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificate *
-nssPKIXCertificate_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXCertificate_Create
- *
- * -- fgmr comments --
- * { at this level we'll have to just accept a specified signature }
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_ALGID
- * NSS_ERROR_INVALID_PKIX_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificate *
-nssPKIXCertificate_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXAlgorithmIdentifier *algID,
- NSSItem *signature
-);
-
-/*
- * nssPKIXCertificate_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificate_Destroy
-(
- NSSPKIXCertificate *cert
-);
-
-/*
- * nssPKIXCertificate_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXCertificate_Encode
-(
- NSSPKIXCertificate *cert,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCertificate_GetTBSCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertificate *
-nssPKIXCertificate_GetTBSCertificate
-(
- NSSPKIXCertificate *cert,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCertificate_SetTBSCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificate_SetTBSCertificate
-(
- NSSPKIXCertificate *cert,
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * nssPKIXCertificate_GetAlgorithmIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-nssPKIXCertificate_GetAlgorithmIdentifier
-(
- NSSPKIXCertificate *cert,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCertificate_SetAlgorithmIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificate_SetAlgorithmIdentifier
-(
- NSSPKIXCertificate *cert,
- NSSPKIXAlgorithmIdentifier *algid,
-);
-
-/*
- * nssPKIXCertificate_GetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-nssPKIXCertificate_GetSignature
-(
- NSSPKIXCertificate *cert,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCertificate_SetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificate_SetSignature
-(
- NSSPKIXCertificate *cert,
- NSSItem *signature
-);
-
-/*
- * nssPKIXCertificate_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXCertificate_Equal
-(
- NSSPKIXCertificate *one,
- NSSPKIXCertificate *two,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXCertificate_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificate *
-nssPKIXCertificate_Duplicate
-(
- NSSPKIXCertificate *cert,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXCertificate_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXCertificate
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificate_verifyPointer
-(
- NSSPKIXCertificate *p
-);
-#endif /* DEBUG */
-
-/*
- * TBSCertificate
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TBSCertificate ::= SEQUENCE {
- * version [0] Version DEFAULT v1,
- * serialNumber CertificateSerialNumber,
- * signature AlgorithmIdentifier,
- * issuer Name,
- * validity Validity,
- * subject Name,
- * subjectPublicKeyInfo SubjectPublicKeyInfo,
- * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version shall be v2 or v3
- * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version shall be v2 or v3
- * extensions [3] Extensions OPTIONAL
- * -- If present, version shall be v3 -- }
- *
- * The private calls for this type:
- *
- * nssPKIXTBSCertificate_Decode
- * nssPKIXTBSCertificate_Create
- * nssPKIXTBSCertificate_Destroy
- * nssPKIXTBSCertificate_Encode
- * nssPKIXTBSCertificate_GetVersion
- * nssPKIXTBSCertificate_SetVersion
- * nssPKIXTBSCertificate_GetSerialNumber
- * nssPKIXTBSCertificate_SetSerialNumber
- * nssPKIXTBSCertificate_GetSignature
- * nssPKIXTBSCertificate_SetSignature
- * { inherit algid gettors? }
- * nssPKIXTBSCertificate_GetIssuer
- * nssPKIXTBSCertificate_SetIssuer
- * { inherit "helper" issuer gettors? }
- * nssPKIXTBSCertificate_GetValidity
- * nssPKIXTBSCertificate_SetValidity
- * { inherit validity accessors }
- * nssPKIXTBSCertificate_GetSubject
- * nssPKIXTBSCertificate_SetSubject
- * nssPKIXTBSCertificate_GetSubjectPublicKeyInfo
- * nssPKIXTBSCertificate_SetSubjectPublicKeyInfo
- * nssPKIXTBSCertificate_HasIssuerUniqueID
- * nssPKIXTBSCertificate_GetIssuerUniqueID
- * nssPKIXTBSCertificate_SetIssuerUniqueID
- * nssPKIXTBSCertificate_RemoveIssuerUniqueID
- * nssPKIXTBSCertificate_HasSubjectUniqueID
- * nssPKIXTBSCertificate_GetSubjectUniqueID
- * nssPKIXTBSCertificate_SetSubjectUniqueID
- * nssPKIXTBSCertificate_RemoveSubjectUniqueID
- * nssPKIXTBSCertificate_HasExtensions
- * nssPKIXTBSCertificate_GetExtensions
- * nssPKIXTBSCertificate_SetExtensions
- * nssPKIXTBSCertificate_RemoveExtensions
- * { extension accessors }
- * nssPKIXTBSCertificate_Equal
- * nssPKIXTBSCertificate_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXTBSCertificate_verifyPointer
- */
-
-/*
- * nssPKIXTBSCertificate_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertificate *
-nssPKIXTBSCertificate_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXTBSCertificate_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_VERSION
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_SERIAL_NUMBER
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ISSUER_NAME
- * NSS_ERROR_INVALID_VALIDITY
- * NSS_ERROR_INVALID_SUBJECT_NAME
- * NSS_ERROR_INVALID_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_ISSUER_UNIQUE_IDENTIFIER
- * NSS_ERROR_INVALID_SUBJECT_UNIQUE_IDENTIFIER
- * NSS_ERROR_INVALID_EXTENSION
- *
- * Return value:
- */
-
-NSS_EXTERN NSSPKIXTBSCertificate *
-nssPKIXTBSCertificate_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXVersion version,
- NSSPKIXCertificateSerialNumber *serialNumber,
- NSSPKIXAlgorithmIdentifier *signature,
- NSSPKIXName *issuer,
- NSSPKIXValidity *validity,
- NSSPKIXName *subject,
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSPKIXUniqueIdentifier *issuerUniqueID,
- NSSPKIXUniqueIdentifier *subjectUniqueID,
- NSSPKIXExtensions *extensions
-);
-
-/*
- * nssPKIXTBSCertificate_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_Destroy
-(
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * nssPKIXTBSCertificate_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXTBSCertificate_Encode
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertificate_GetVersion
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid element of the NSSPKIXVersion enumeration upon success
- * NSSPKIXVersion_NSSinvalid (-1) upon failure
- */
-
-NSS_EXTERN NSSPKIXVersion
-nssPKIXTBSCertificate_GetVersion
-(
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * nssPKIXTBSCertificate_SetVersion
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_VERSION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_SetVersion
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXVersion version
-);
-
-/*
- * nssPKIXTBSCertificate_GetSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateSerialNumber upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateSerialNumber *
-nssPKIXTBSCertificate_GetSerialNumber
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXCertificateSerialNumber *snOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertificate_SetSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_SetSerialNumber
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXCertificateSerialNumber *sn
-);
-
-/*
- * nssPKIXTBSCertificate_GetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-nssPKIXTBSCertificate_GetSignature
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertificate_SetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_SetSignature
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXAlgorithmIdentifier *algID
-);
-
-/*
- * { fgmr inherit algid gettors? }
- */
-
-/*
- * nssPKIXTBSCertificate_GetIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-nssPKIXTBSCertificate_GetIssuer
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertificate_SetIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_SetIssuer
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXName *issuer
-);
-
-/*
- * { inherit "helper" issuer gettors? }
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- *
- * Return value:
- */
-
-/*
- * nssPKIXTBSCertificate_GetValidity
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXValidity upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXValidity *
-nssPKIXTBSCertificate_GetValidity
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertificate_SetValidity
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_SetValidity
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXValidity *validity
-);
-
-/*
- * { fgmr inherit validity accessors }
- */
-
-/*
- * nssPKIXTBSCertificate_GetSubject
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-nssPKIXTBSCertificate_GetSubject
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertificate_SetSubject
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_SetSubject
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXName *subject
-);
-
-/*
- * nssPKIXTBSCertificate_GetSubjectPublicKeyInfo
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectPublicKeyInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectPublicKeyInfo *
-nssPKIXTBSCertificate_GetSubjectPublicKeyInfo
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertificate_SetSubjectPublicKeyInfo
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_SetSubjectPublicKeyInfo
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXSubjectPublicKeyInfo *spki
-);
-
-/*
- * nssPKIXTBSCertificate_HasIssuerUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXTBSCertificate_HasIssuerUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTBSCertificate_GetIssuerUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_CERT_HAS_NO_ISSUER_UNIQUE_ID
- *
- * Return value:
- * A valid pointer to an NSSPKIXUniqueIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXUniqueIdentifier *
-nssPKIXTBSCertificate_GetIssuerUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXUniqueIdentifier *uidOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertificate_SetIssuerUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_SetIssuerUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXUniqueIdentifier *uid
-);
-
-/*
- * nssPKIXTBSCertificate_RemoveIssuerUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_CERT_HAS_NO_ISSUER_UNIQUE_ID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_RemoveIssuerUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * nssPKIXTBSCertificate_HasSubjectUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXTBSCertificate_HasSubjectUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTBSCertificate_GetSubjectUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_CERT_HAS_NO_SUBJECT_UNIQUE_ID
- *
- * Return value:
- * A valid pointer to an NSSPKIXUniqueIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXUniqueIdentifier *
-nssPKIXTBSCertificate_GetSubjectUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXUniqueIdentifier *uidOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertificate_SetSubjectUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_SetSubjectUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXUniqueIdentifier *uid
-);
-
-/*
- * nssPKIXTBSCertificate_RemoveSubjectUniqueID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_CERT_HAS_NO_SUBJECT_UNIQUE_ID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_RemoveSubjectUniqueID
-(
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * nssPKIXTBSCertificate_HasExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXTBSCertificate_HasExtensions
-(
- NSSPKIXTBSCertificate *tbsCert,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTBSCertificate_GetExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_CERT_HAS_NO_EXTENSIONS
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensions upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensions *
-nssPKIXTBSCertificate_GetExtensions
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertificate_SetExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_SetExtensions
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSPKIXExtensions *extensions
-);
-
-/*
- * nssPKIXTBSCertificate_RemoveExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_CERT_HAS_NO_EXTENSIONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_RemoveExtensions
-(
- NSSPKIXTBSCertificate *tbsCert
-);
-
-/*
- * { extension accessors }
- */
-
-/*
- * nssPKIXTBSCertificate_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXTBSCertificate_Equal
-(
- NSSPKIXTBSCertificate *one,
- NSSPKIXTBSCertificate *two,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTBSCertificate_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertificate *
-nssPKIXTBSCertificate_Duplicate
-(
- NSSPKIXTBSCertificate *tbsCert,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXTBSCertificate_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXTBSCertificate
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERTIFICATE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertificate_verifyPointer
-(
- NSSPKIXTBSCertificate *p
-);
-#endif /* DEBUG */
-
-/*
- * CertificateSerialNumber
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificateSerialNumber ::= INTEGER
- *
- * This is just a typedef'd NSSBER; no methods are required.
- * {fgmr -- the asn.1 stuff should have routines to convert
- * integers to natural types when possible and vv. we can
- * refer to them here..}
- */
-
-/*
- * Validity
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- * The private calls for the type:
- *
- * nssPKIXValidity_Decode
- * nssPKIXValidity_Create
- * nssPKIXValidity_Encode
- * nssPKIXValidity_Destroy
- * nssPKIXValidity_GetNotBefore
- * nssPKIXValidity_SetNotBefore
- * nssPKIXValidity_GetNotAfter
- * nssPKIXValidity_SetNotAfter
- * nssPKIXValidity_Equal
- * nssPKIXValidity_Compare
- * nssPKIXValidity_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXValidity_verifyPointer
- *
- */
-
-/*
- * nssPKIXValidity_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXValidity upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXValidity *
-nssPKIXValidity_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXValidity_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_TIME
- *
- * Return value:
- * A valid pointer to an NSSPKIXValidity upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXValidity *
-nssPKIXValidity_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXTime notBefore,
- NSSPKIXTime notAfter
-);
-
-/*
- * nssPKIXValidity_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXValidity_Destroy
-(
- NSSPKIXValidity *validity
-);
-
-/*
- * nssPKIXValidity_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXValidity_Encode
-(
- NSSPKIXValidity *validity,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXValidity_GetNotBefore
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid NSSPKIXTime upon success
- * {we need to rethink NSSPKIXTime}
- */
-
-NSS_EXTERN NSSPKIXTime
-nssPKIXValidity_GetNotBefore
-(
- NSSPKIXValidity *validity
-);
-
-/*
- * nssPKIXValidity_SetNotBefore
- *
- * -- fgmr comments --
- * {do we require that it be before the "notAfter" value?}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_VALUE_TOO_LARGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXValidity_SetNotBefore
-(
- NSSPKIXValidity *validity,
- NSSPKIXTime notBefore
-);
-
-/*
- * nssPKIXValidity_GetNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid NSSPKIXTime upon success
- * {we need to rethink NSSPKIXTime}
- */
-
-NSS_EXTERN NSSPKIXTime
-nssPKIXValidity_GetNotAfter
-(
- NSSPKIXValidity *validity
-);
-
-/*
- * nssPKIXValidity_SetNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_VALUE_TOO_SMALL
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXValidity_SetNotAfter
-(
- NSSPKIXValidity *validity,
- NSSPKIXTime notAfter
-);
-
-/*
- * nssPKIXValidity_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXValidity_Equal
-(
- NSSPKIXValidity *one,
- NSSPKIXValidity *two,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXValidity_Compare
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- *
- * Return value:
- * 1 if the second is "greater" or later than the first
- * 0 if they are equal
- * -1 if the first is "greater" or later than the first
- * -2 upon failure
- */
-
-NSS_EXTERN PRIntn
-nssPKIXValidity_Compare
-(
- NSSPKIXValidity *one,
- NSSPKIXValidity *two
-);
-
-/*
- * nssPKIXValidity_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXValidity upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXValidity *
-nssPKIXValidity_Duplicate
-(
- NSSPKIXValidity *validity,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXValidity_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXValidity
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_VALIDITY
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXValidity_verifyPointer
-(
- NSSPKIXValidity *p
-);
-#endif /* DEBUG */
-
-/*
- * Time
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- *
- * The private calls for the type:
- *
- * nssPKIXTime_Decode
- * nssPKIXTime_CreateFromPRTime
- * nssPKIXTime_CreateFromUTF8
- * nssPKIXTime_Destroy
- * nssPKIXTime_Encode
- * nssPKIXTime_GetPRTime
- * nssPKIXTime_GetUTF8Encoding
- * nssPKIXTime_Equal
- * nssPKIXTime_Duplicate
- * nssPKIXTime_Compare
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXTime_verifyPointer
- *
- */
-
-/*
- * nssPKIXTime_Decode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTime upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTime *
-nssPKIXTime_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXTime_CreateFromPRTime
- *
- */
-
-NSS_EXTERN NSSPKIXTime *
-nssPKIXTime_CreateFromPRTime
-(
- NSSArena *arenaOpt,
- PRTime prTime
-);
-
-/*
- * nssPKIXTime_CreateFromUTF8
- *
- */
-
-NSS_EXTERN NSSPKIXTime *
-nssPKIXTime_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXTime_Destroy
- *
- */
-
-NSS_EXTERN PR_STATUS
-nssPKIXTime_Destroy
-(
- NSSPKIXTime *time
-);
-
-/*
- * nssPKIXTime_Encode
- *
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXTime_Encode
-(
- NSSPKIXTime *time,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTime_GetPRTime
- *
- * Returns a zero on error
- */
-
-NSS_EXTERN PRTime
-nssPKIXTime_GetPRTime
-(
- NSSPKIXTime *time,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTime_GetUTF8Encoding
- *
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKXITime_GetUTF8Encoding
-(
- NSSPKIXTime *time,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTime_Equal
- *
- */
-
-NSS_EXTERN PRBool
-nssPKXITime_Equal
-(
- NSSPKXITime *time1,
- NSSPKXITime *time2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTime_Duplicate
- *
- */
-
-NSS_EXTERN NSSPKIXTime *
-nssPKXITime_Duplicate
-(
- NSSPKIXTime *time,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTime_Compare
- *
- * Usual result: -1, 0, 1
- * Returns 0 on error
- */
-
-NSS_EXTERN PRInt32
-nssPKIXTime_Compare
-(
- NSSPKIXTime *time1,
- NSSPKIXTime *tiem2,
- PRStatus *statusOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXTime_verifyPointer
- *
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTime_verifyPointer
-(
- NSSPKIXTime *time
-);
-#endif /* DEBUG */
-
-/*
- * UniqueIdentifier
- *
- * From RFC 2459:
- *
- * UniqueIdentifier ::= BIT STRING
- *
- */
-
-/*
- * SubjectPublicKeyInfo
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- *
- * The private calls for the type:
- *
- * nssPKIXSubjectPublicKeyInfo_Decode
- * nssPKIXSubjectPublicKeyInfo_Create
- * nssPKIXSubjectPublicKeyInfo_Encode
- * nssPKIXSubjectPublicKeyInfo_Destroy
- * nssPKIXSubjectPublicKeyInfo_GetAlgorithm
- * nssPKIXSubjectPublicKeyInfo_SetAlgorithm
- * nssPKIXSubjectPublicKeyInfo_GetSubjectPublicKey
- * nssPKIXSubjectPublicKeyInfo_SetSubjectPublicKey
- * nssPKIXSubjectPublicKeyInfo_Equal
- * nssPKIXSubjectPublicKeyInfo_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXSubjectPublicKeyInfo_verifyPointer
- *
- */
-
-/*
- * nssPKIXSubjectPublicKeyInfo_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectPublicKeyInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectPublicKeyInfo *
-nssPKIXSubjectPublicKeyInfo_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXSubjectPublicKeyInfo_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectPublicKeyInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectPublicKeyInfo *
-nssPKIXSubjectPublicKeyInfo_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAlgorithmIdentifier *algid,
- NSSItem *subjectPublicKey
-);
-
-/*
- * nssPKIXSubjectPublicKeyInfo_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXSubjectPublicKeyInfo_Destroy
-(
- NSSPKIXSubjectPublicKeyInfo *spki
-);
-
-/*
- * nssPKIXSubjectPublicKeyInfo_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXSubjectPublicKeyInfo_Encode
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXSubjectPublicKeyInfo_GetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-nssPKIXSubjectPublicKeyInfo_GetAlgorithm
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXSubjectPublicKeyInfo_SetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXSubjectPublicKeyInfo_SetAlgorithm
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSPKIXAlgorithmIdentifier *algid
-);
-
-/*
- * nssPKIXSubjectPublicKeyInfo_GetSubjectPublicKey
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-nssPKIXSubjectPublicKeyInfo_GetSubjectPublicKey
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSItem *spkOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXSubjectPublicKeyInfo_SetSubjectPublicKey
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXSubjectPublicKeyInfo_SetSubjectPublicKey
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSItem *spk
-);
-
-/*
- * nssPKIXSubjectPublicKeyInfo_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXSubjectPublicKeyInfo_Equal
-(
- NSSPKIXSubjectPublicKeyInfo *one,
- NSSPKIXSubjectPublicKeyInfo *two,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXSubjectPublicKeyInfo_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectPublicKeyInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectPublicKeyInfo *
-nssPKIXSubjectPublicKeyInfo_Duplicate
-(
- NSSPKIXSubjectPublicKeyInfo *spki,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXSubjectPublicKeyInfo_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXSubjectPublicKeyInfo
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_PUBLIC_KEY_INFO
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXSubjectPublicKeyInfo_verifyPointer
-(
- NSSPKIXSubjectPublicKeyInfo *p
-);
-#endif /* DEBUG */
-
-/*
- * Extensions
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
- *
- */
-
-/* { FGMR } */
-
-/*
- * Extension
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Extension ::= SEQUENCE {
- * extnID OBJECT IDENTIFIER,
- * critical BOOLEAN DEFAULT FALSE,
- * extnValue OCTET STRING }
- *
- */
-
-/* { FGMR } */
-
-/*
- * CertificateList
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificateList ::= SEQUENCE {
- * tbsCertList TBSCertList,
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING }
- *
- * The private calls for the type:
- *
- * nssPKIXCertificateList_Decode
- * nssPKIXCertificateList_Create
- * nssPKIXCertificateList_Encode
- * nssPKIXCertificateList_Destroy
- * nssPKIXCertificateList_GetTBSCertList
- * nssPKIXCertificateList_SetTBSCertList
- * nssPKIXCertificateList_GetSignatureAlgorithm
- * nssPKIXCertificateList_SetSignatureAlgorithm
- * nssPKIXCertificateList_GetSignature
- * nssPKIXCertificateList_SetSignature
- * nssPKIXCertificateList_Equal
- * nssPKIXCertificateList_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXCertificateList_verifyPointer
- *
- */
-
-/*
- * nssPKIXCertificateList_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateList *
-nssPKIXCertificateList_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXCertificateList_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateList *
-nssPKIXCertificateList_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXTBSCertList *tbsCertList,
- NSSPKIXAlgorithmIdentifier *sigAlg,
- NSSItem *signature
-);
-
-/*
- * nssPKIXCertificateList_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificateList_Destroy
-(
- NSSPKIXCertificateList *certList
-);
-
-/*
- * nssPKIXCertificateList_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXCertificateList_Encode
-(
- NSSPKIXCertificateList *certList,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCertificateList_GetTBSCertList
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertList *
-nssPKIXCertificateList_GetTBSCertList
-(
- NSSPKIXCertificateList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCertificateList_SetTBSCertList
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificateList_SetTBSCertList
-(
- NSSPKIXCertificateList *certList,
- NSSPKIXTBSCertList *tbsCertList
-);
-
-/*
- * nssPKIXCertificateList_GetSignatureAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-nssPKIXCertificateList_GetSignatureAlgorithm
-(
- NSSPKIXCertificateList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCertificateList_SetSignatureAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificateList_SetSignatureAlgorithm
-(
- NSSPKIXCertificateList *certList,
- NSSPKIXAlgorithmIdentifier *sigAlg
-);
-
-/*
- * nssPKIXCertificateList_GetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-nssPKIXCertificateList_GetSignature
-(
- NSSPKIXCertificateList *certList,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCertificateList_SetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificateList_SetSignature
-(
- NSSPKIXCertificateList *certList,
- NSSItem *sig
-);
-
-/*
- * nssPKIXCertificateList_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXCertificateList_Equal
-(
- NSSPKIXCertificateList *one,
- NSSPKIXCertificateList *two,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXCertificateList_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateList *
-nssPKIXCertificateList_Duplicate
-(
- NSSPKIXCertificateList *certList,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXCertificateList_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXCertificateList
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_LIST
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificateList_verifyPointer
-(
- NSSPKIXCertificateList *p
-);
-#endif /* DEBUG */
-
-/*
- * TBSCertList
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TBSCertList ::= SEQUENCE {
- * version Version OPTIONAL,
- * -- if present, shall be v2
- * signature AlgorithmIdentifier,
- * issuer Name,
- * thisUpdate Time,
- * nextUpdate Time OPTIONAL,
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- * crlExtensions [0] Extensions OPTIONAL
- * -- if present, shall be v2 -- }
- *
- * The private calls for the type:
- *
- * nssPKIXTBSCertList_Decode
- * nssPKIXTBSCertList_Create
- * nssPKIXTBSCertList_Destroy
- * nssPKIXTBSCertList_Encode
- * nssPKIXTBSCertList_GetVersion
- * nssPKIXTBSCertList_SetVersion
- * nssPKIXTBSCertList_GetSignature
- * nssPKIXTBSCertList_SetSignature
- * nssPKIXTBSCertList_GetIssuer
- * nssPKIXTBSCertList_SetIssuer
- * nssPKIXTBSCertList_GetThisUpdate
- * nssPKIXTBSCertList_SetThisUpdate
- * nssPKIXTBSCertList_HasNextUpdate
- * nssPKIXTBSCertList_GetNextUpdate
- * nssPKIXTBSCertList_SetNextUpdate
- * nssPKIXTBSCertList_RemoveNextUpdate
- * nssPKIXTBSCertList_GetRevokedCertificates
- * nssPKIXTBSCertList_SetRevokedCertificates
- * nssPKIXTBSCertList_HasCrlExtensions
- * nssPKIXTBSCertList_GetCrlExtensions
- * nssPKIXTBSCertList_SetCrlExtensions
- * nssPKIXTBSCertList_RemoveCrlExtensions
- * nssPKIXTBSCertList_Equal
- * nssPKIXTBSCertList_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXTBSCertList_verifyPointer
- *
- */
-
-/*
- * nssPKIXTBSCertList_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertList *
-nssPKIXTBSCertList_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXTBSCertList_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_VERSION
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_PKIX_TIME
- * (something for the times being out of order?)
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertList *
-nssPKIXTBSCertList_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXVersion version,
- NSSPKIXAlgorithmIdentifier *signature,
- NSSPKIXName *issuer,
- NSSPKIXTime thisUpdate,
- NSSPKIXTime nextUpdateOpt,
- NSSPKIXrevokedCertificates *revokedCerts,
- NSSPKIXExtensions *crlExtensionsOpt
-);
-
-/*
- * nssPKIXTBSCertList_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertList_Destroy
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * nssPKIXTBSCertList_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXTBSCertList_Encode
-(
- NSSPKIXTBSCertList *certList,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertList_GetVersion
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid element of the NSSPKIXVersion enumeration upon success
- * NSSPKIXVersion_NSSinvalid (-1) upon failure
- */
-
-NSS_EXTERN NSSPKIXVersion
-nssPKIXTBSCertList_GetVersion
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * nssPKIXTBSCertList_SetVersion
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_VERSION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertList_SetVersion
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXVersion version
-);
-
-/*
- * nssPKIXTBSCertList_GetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-nssPKIXTBSCertList_GetSignature
-(
- NSSPKIXTBSCertList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertList_SetSignature
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertList_SetSignature
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXAlgorithmIdentifier *algid,
-);
-
-/*
- * nssPKIXTBSCertList_GetIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-nssPKIXTBSCertList_GetIssuer
-(
- NSSPKIXTBSCertList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertList_SetIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertList_SetIssuer
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXName *issuer
-);
-
-/*
- * nssPKIXTBSCertList_GetThisUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid NSSPKIXTime upon success
- * {we need to rethink NSSPKIXTime}
- */
-
-NSS_EXTERN NSSPKIXTime
-nssPKIXTBSCertList_GetThisUpdate
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * nssPKIXTBSCertList_SetThisUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_VALUE_TOO_LARGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertList_SetThisUpdate
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXTime thisUpdate
-);
-
-/*
- * nssPKIXTBSCertList_HasNextUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXTBSCertList_HasNextUpdate
-(
- NSSPKIXTBSCertList *certList,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTBSCertList_GetNextUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid NSSPKIXTime upon success
- * {we need to rethink NSSPKIXTime}
- */
-
-NSS_EXTERN NSSPKIXTime
-nssPKIXTBSCertList_GetNextUpdate
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * nssPKIXTBSCertList_SetNextUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_VALUE_TOO_SMALL
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertList_SetNextUpdate
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXTime nextUpdate
-);
-
-/*
- * nssPKIXTBSCertList_RemoveNextUpdate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_HAS_NO_NEXT_UPDATE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertList_RemoveNextUpdate
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * nssPKIXTBSCertList_GetRevokedCertificates
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificates upon succes
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificates *
-nssPKIXTBSCertList_GetRevokedCertificates
-(
- NSSPKIXTBSCertList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertList_SetRevokedCertificates
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATES
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertList_SetRevokedCertificates
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXrevokedCertificates *revoked
-);
-
-/*
- * nssPKIXTBSCertList_HasCrlExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXTBSCertList_HasCrlExtensions
-(
- NSSPKIXTBSCertList *certList,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTBSCertList_GetCrlExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensions upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensions *
-nssPKIXTBSCertList_GetCrlExtensions
-(
- NSSPKIXTBSCertList *certList,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTBSCertList_SetCrlExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertList_SetCrlExtensions
-(
- NSSPKIXTBSCertList *certList,
- NSSPKIXExtensions *extensions
-);
-
-/*
- * nssPKIXTBSCertList_RemoveCrlExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_HAS_NO_EXTENSIONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertList_RemoveCrlExtensions
-(
- NSSPKIXTBSCertList *certList
-);
-
-/*
- * nssPKIXTBSCertList_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXTBSCertList_Equal
-(
- NSSPKIXTBSCertList *one,
- NSSPKIXTBSCertList *two,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTBSCertList_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTBSCertList upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTBSCertList *
-nssPKIXTBSCertList_Duplicate
-(
- NSSPKIXTBSCertList *certList,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXTBSCertList_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXTBSCertList
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TBS_CERT_LIST
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTBSCertList_verifyPointer
-(
- NSSPKIXTBSCertList *p
-);
-#endif /* DEBUG */
-
-/*
- * revokedCertificates
- *
- * This is a "helper type" to simplify handling of TBSCertList objects.
- *
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- *
- * The private calls for the type:
- *
- * nssPKIXrevokedCertificates_Decode
- * nssPKIXrevokedCertificates_Create
- * nssPKIXrevokedCertificates_Encode
- * nssPKIXrevokedCertificates_Destroy
- * nssPKIXrevokedCertificates_GetRevokedCertificateCount
- * nssPKIXrevokedCertificates_GetRevokedCertificates
- * nssPKIXrevokedCertificates_SetRevokedCertificates
- * nssPKIXrevokedCertificates_GetRevokedCertificate
- * nssPKIXrevokedCertificates_SetRevokedCertificate
- * nssPKIXrevokedCertificates_InsertRevokedCertificate
- * nssPKIXrevokedCertificates_AppendRevokedCertificate
- * nssPKIXrevokedCertificates_RemoveRevokedCertificate
- * nssPKIXrevokedCertificates_Equal
- * nssPKIXrevokedCertificates_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXrevokedCertificates_verifyPointer
- *
- */
-
-/*
- * nssPKIXrevokedCertificates_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificates upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificates *
-nssPKIXrevokedCertificates_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXrevokedCertificates_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificates upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificates *
-nssPKIXrevokedCertificates_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXrevokedCertificate *rc1,
- ...
-);
-
-/*
- * nssPKIXrevokedCertificates_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificates_Destroy
-(
- NSSPKIXrevokedCertificates *rcs
-);
-
-/*
- * nssPKIXrevokedCertificates_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXrevokedCertificates_Encode
-(
- NSSPKIXrevokedCertificates *rcs,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXrevokedCertificates_GetRevokedCertificateCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXrevokedCertificates_GetRevokedCertificateCount
-(
- NSSPKIXrevokedCertificates *rcs
-);
-
-/*
- * nssPKIXrevokedCertificates_GetRevokedCertificates
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXrevokedCertificate pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificate **
-nssPKIXrevokedCertificates_GetRevokedCertificates
-(
- NSSPKIXrevokedCertificates *rcs,
- NSSPKIXrevokedCertificate *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXrevokedCertificates_SetRevokedCertificates
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificates_SetRevokedCertificates
-(
- NSSPKIXrevokedCertificates *rcs,
- NSSPKIXrevokedCertificate *rc[],
- PRInt32 countOpt
-);
-
-/*
- * nssPKIXrevokedCertificates_GetRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificate *
-nssPKIXrevokedCertificates_GetRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXrevokedCertificates_SetRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificates_SetRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- PRInt32 i,
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * nssPKIXrevokedCertificates_InsertRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificates_InsertRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- PRInt32 i,
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * nssPKIXrevokedCertificates_AppendRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificates_AppendRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- PRInt32 i,
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * nssPKIXrevokedCertificates_RemoveRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificates_RemoveRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- PRInt32 i
-);
-
-/*
- * nssPKIXrevokedCertificates_FindRevokedCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATE
- *
- * Return value:
- * The index of the specified revoked certificate upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRInt32
-nssPKIXrevokedCertificates_FindRevokedCertificate
-(
- NSSPKIXrevokedCertificates *rcs,
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * nssPKIXrevokedCertificates_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXrevokedCertificates_Equal
-(
- NSSPKIXrevokedCertificates *one,
- NSSPKIXrevokedCertificates *two,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXrevokedCertificates_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_REVOKED_CERTIFICATES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificates upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificates *
-nssPKIXrevokedCertificates_Duplicate
-(
- NSSPKIXrevokedCertificates *rcs,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXrevokedCertificates_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXrevokedCertificates
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATES
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificates_verifyPointer
-(
- NSSPKIXrevokedCertificates *p
-);
-#endif /* DEBUG */
-
-/*
- * revokedCertificate
- *
- * This is a "helper type" to simplify handling of TBSCertList objects.
- *
- * SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- *
- * The private calls for this type:
- *
- * nssPKIXrevokedCertificate_Decode
- * nssPKIXrevokedCertificate_Create
- * nssPKIXrevokedCertificate_Encode
- * nssPKIXrevokedCertificate_Destroy
- * nssPKIXrevokedCertificate_GetUserCertificate
- * nssPKIXrevokedCertificate_SetUserCertificate
- * nssPKIXrevokedCertificate_GetRevocationDate
- * nssPKIXrevokedCertificate_SetRevocationDate
- * nssPKIXrevokedCertificate_HasCrlEntryExtensions
- * nssPKIXrevokedCertificate_GetCrlEntryExtensions
- * nssPKIXrevokedCertificate_SetCrlEntryExtensions
- * nssPKIXrevokedCertificate_RemoveCrlEntryExtensions
- * nssPKIXrevokedCertificate_Equal
- * nssPKIXrevokedCertificate_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXrevokedCertificate_verifyPointer
- *
- */
-
-
-/*
- * nssPKIXrevokedCertificate_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificate *
-nssPKIXrevokedCertificate_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXrevokedCertificate_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_SERIAL_NUMBER
- * NSS_ERROR_INVALID_PKIX_TIME
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificate *
-nssPKIXrevokedCertificate_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXCertificateSerialNumber *userCertificate,
- NSSPKIXTime *revocationDate,
- NSSPKIXExtensions *crlEntryExtensionsOpt
-);
-
-/*
- * nssPKIXrevokedCertificate_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificate_Destroy
-(
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * nssPKIXrevokedCertificate_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXrevokedCertificate_Encode
-(
- NSSPKIXrevokedCertificate *rc,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXrevokedCertificate_GetUserCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateSerialNumber upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateSerialNumber *
-nssPKIXrevokedCertificate_GetUserCertificate
-(
- NSSPKIXrevokedCertificate *rc,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXrevokedCertificate_SetUserCertificate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_SERIAL_NUMBER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificate_SetUserCertificate
-(
- NSSPKIXrevokedCertificate *rc,
- NSSPKIXCertificateSerialNumber *csn
-);
-
-/*
- * nssPKIXrevokedCertificate_GetRevocationDate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTime upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTime *
-nssPKIXrevokedCertificate_GetRevocationDate
-(
- NSSPKIXrevokedCertificate *rc,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXrevokedCertificate_SetRevocationDate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_TIME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificate_SetRevocationDate
-(
- NSSPKIXrevokedCertificate *rc,
- NSSPKIXTime *revocationDate
-);
-
-/*
- * nssPKIXrevokedCertificate_HasCrlEntryExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXrevokedCertificate_HasCrlEntryExtensions
-(
- NSSPKIXrevokedCertificate *rc,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXrevokedCertificate_GetCrlEntryExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_NO_EXTENSIONS
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensions upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensions *
-nssPKIXrevokedCertificate_GetCrlEntryExtensions
-(
- NSSPKIXrevokedCertificate *rc,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXrevokedCertificate_SetCrlEntryExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificate_SetCrlEntryExtensions
-(
- NSSPKIXrevokedCertificate *rc,
- NSSPKIXExtensions *crlEntryExtensions
-);
-
-/*
- * nssPKIXrevokedCertificate_RemoveCrlEntryExtensions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- * NSS_ERROR_NO_EXTENSIONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificate_RemoveCrlEntryExtensions
-(
- NSSPKIXrevokedCertificate *rc
-);
-
-/*
- * nssPKIXrevokedCertificate_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXrevokedCertificate_Equal
-(
- NSSPKIXrevokedCertificate *one,
- NSSPKIXrevokedCertificate *two,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXrevokedCertificate_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- *
- * Return value:
- * A valid pointer to an NSSPKIXrevokedCertificate upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXrevokedCertificate *
-nssPKIXrevokedCertificate_Duplicate
-(
- NSSPKIXrevokedCertificate *rc,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXrevokedCertificate_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXrevokedCertificate
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REVOKED_CERTIFICATE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXrevokedCertificate_verifyPointer
-(
- NSSPKIXrevokedCertificate *p
-);
-#endif /* DEBUG */
-
-/*
- * AlgorithmIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * (1988 syntax)
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- * -- contains a value of the type
- * -- registered for use with the
- * -- algorithm object identifier value
- *
- * The private calls for this type:
- *
- * nssPKIXAlgorithmIdentifier_Decode
- * nssPKIXAlgorithmIdentifier_Create
- * nssPKIXAlgorithmIdentifier_Encode
- * nssPKIXAlgorithmIdentifier_Destroy
- * nssPKIXAlgorithmIdentifier_GetAlgorithm
- * nssPKIXAlgorithmIdentifier_SetAlgorithm
- * nssPKIXAlgorithmIdentifier_GetParameters
- * nssPKIXAlgorithmIdentifier_SetParameters
- * nssPKIXAlgorithmIdentifier_Compare
- * nssPKIXAlgorithmIdentifier_Duplicate
- * { algorithm-specific parameter types and accessors ? }
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXAlgorithmIdentifier_verifyPointer
- *
- */
-
-/*
- * nssPKIXAlgorithmIdentifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-nssPKIXAlgorithmIdentifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXAlgorithmIdentifier_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-nssPKIXAlgorithmIdentifier_Create
-(
- NSSArena *arenaOpt,
- NSSOID *algorithm,
- NSSItem *parameters
-);
-
-/*
- * nssPKIXAlgorithmIdentifier_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAlgorithmIdentifier_Destroy
-(
- NSSPKIXAlgorithmIdentifier *algid
-);
-
-/*
- * nssPKIXAlgorithmIdentifier_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXAlgorithmIdentifier_Encode
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAlgorithmIdentifier_GetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSOID pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSOID *
-nssPKIXAlgorithmIdentifier_GetAlgorithm
-(
- NSSPKIXAlgorithmIdentifier *algid
-);
-
-/*
- * nssPKIXAlgorithmIdentifier_SetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAlgorithmIdentifier_SetAlgorithm
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSOID *algorithm
-);
-
-/*
- * nssPKIXAlgorithmIdentifier_GetParameters
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-nssPKIXAlgorithmIdentifier_GetParameters
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAlgorithmIdentifier_SetParameters
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAlgorithmIdentifier_SetParameters
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSItem *parameters
-);
-
-/*
- * nssPKIXAlgorithmIdentifier_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXAlgorithmIdentifier_Equal
-(
- NSSPKIXAlgorithmIdentifier *algid1,
- NSSPKIXAlgorithmIdentifier *algid2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXAlgorithmIdentifier_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAlgorithmIdentifier *
-nssPKIXAlgorithmIdentifier_Duplicate
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSArena *arenaOpt
-);
-
-/*
- * { algorithm-specific parameter types and accessors ? }
- */
-
-#ifdef DEBUG
-/*
- * nssPKIXAlgorithmIdentifier_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXAlgorithmIdentifier
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAlgorithmIdentifier_verifyPointer
-(
- NSSPKIXAlgorithmIdentifier *p
-);
-#endif /* DEBUG */
-
-/*
- * ORAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ORAddress ::= SEQUENCE {
- * built-in-standard-attributes BuiltInStandardAttributes,
- * built-in-domain-defined-attributes
- * BuiltInDomainDefinedAttributes OPTIONAL,
- * -- see also teletex-domain-defined-attributes
- * extension-attributes ExtensionAttributes OPTIONAL }
- * -- The OR-address is semantically absent from the OR-name if the
- * -- built-in-standard-attribute sequence is empty and the
- * -- built-in-domain-defined-attributes and extension-attributes are
- * -- both omitted.
- *
- * The private calls for this type:
- *
- * nssPKIXORAddress_Decode
- * nssPKIXORAddress_Create
- * nssPKIXORAddress_Destroy
- * nssPKIXORAddress_Encode
- * nssPKIXORAddress_GetBuiltInStandardAttributes
- * nssPKIXORAddress_SetBuiltInStandardAttributes
- * nssPKIXORAddress_HasBuiltInDomainDefinedAttributes
- * nssPKIXORAddress_GetBuiltInDomainDefinedAttributes
- * nssPKIXORAddress_SetBuiltInDomainDefinedAttributes
- * nssPKIXORAddress_RemoveBuiltInDomainDefinedAttributes
- * nssPKIXORAddress_HasExtensionsAttributes
- * nssPKIXORAddress_GetExtensionsAttributes
- * nssPKIXORAddress_SetExtensionsAttributes
- * nssPKIXORAddress_RemoveExtensionsAttributes
- * nssPKIXORAddress_Equal
- * nssPKIXORAddress_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXORAddress_verifyPointer
- *
- */
-
-/*
- * nssPKIXORAddress_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXORAddres upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXORAddress *
-nssPKIXORAddress_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXORAddress_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_EXTENSIONS_ATTRIBUTES
- *
- * Return value:
- * A valid pointer to an NSSPKIXORAddres upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXORAddress *
-nssPKIXORAddress_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXBuiltInDomainDefinedAttributes *biddaOpt,
- NSSPKIXExtensionAttributes *eaOpt
-);
-
-/*
- * nssPKIXORAddress_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXORAddress_Destroy
-(
- NSSPKIXORAddress *ora
-);
-
-/*
- * nssPKIXORAddress_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXORAddress_Encode
-(
- NSSPKIXORAddress *ora,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXORAddress_GetBuiltInStandardAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInStandardAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInStandardAttributes *
-nssPKIXORAddress_GetBuiltInStandardAttributes
-(
- NSSPKIXORAddress *ora,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXORAddress_SetBuiltInStandardAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXORAddress_SetBuiltInStandardAttributes
-(
- NSSPKIXORAddress *ora,
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXORAddress_HasBuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXORAddress_HasBuiltInDomainDefinedAttributes
-(
- NSSPKIXORAddress *ora,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXORAddress_GetBuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_NO_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttributes upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttributes *
-nssPKIXORAddress_GetBuiltInDomainDefinedAttributes
-(
- NSSPKIXORAddress *ora,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXORAddress_SetBuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXORAddress_SetBuiltInDomainDefinedAttributes
-(
- NSSPKIXORAddress *ora,
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXORAddress_RemoveBuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_NO_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXORAddress_RemoveBuiltInDomainDefinedAttributes
-(
- NSSPKIXORAddress *ora
-);
-
-/*
- * nssPKIXORAddress_HasExtensionsAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXORAddress_HasExtensionsAttributes
-(
- NSSPKIXORAddress *ora,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXORAddress_GetExtensionsAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_NO_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttributes *
-nssPKIXORAddress_GetExtensionsAttributes
-(
- NSSPKIXORAddress *ora,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXORAddress_SetExtensionsAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXORAddress_SetExtensionsAttributes
-(
- NSSPKIXORAddress *ora,
- NSSPKIXExtensionAttributes *eaOpt
-);
-
-/*
- * nssPKIXORAddress_RemoveExtensionsAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_NO_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXORAddress_RemoveExtensionsAttributes
-(
- NSSPKIXORAddress *ora
-);
-
-/*
- * nssPKIXORAddress_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXORAddress_Equal
-(
- NSSPKIXORAddress *ora1,
- NSSPKIXORAddress *ora2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXORAddress_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXORAddres upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXORAddress *
-nssPKIXORAddress_Duplicate
-(
- NSSPKIXORAddress *ora,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXORAddress_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXORAddress
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXORAddress_verifyPointer
-(
- NSSPKIXORAddress *p
-);
-#endif /* DEBUG */
-
-/*
- * BuiltInStandardAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInStandardAttributes ::= SEQUENCE {
- * country-name CountryName OPTIONAL,
- * administration-domain-name AdministrationDomainName OPTIONAL,
- * network-address [0] NetworkAddress OPTIONAL,
- * -- see also extended-network-address
- * terminal-identifier [1] TerminalIdentifier OPTIONAL,
- * private-domain-name [2] PrivateDomainName OPTIONAL,
- * organization-name [3] OrganizationName OPTIONAL,
- * -- see also teletex-organization-name
- * numeric-user-identifier [4] NumericUserIdentifier OPTIONAL,
- * personal-name [5] PersonalName OPTIONAL,
- * -- see also teletex-personal-name
- * organizational-unit-names [6] OrganizationalUnitNames OPTIONAL
- * -- see also teletex-organizational-unit-names -- }
- *
- * The private calls for this type:
- *
- * nssPKIXBuiltInStandardAttributes_Decode
- * nssPKIXBuiltInStandardAttributes_Create
- * nssPKIXBuiltInStandardAttributes_Destroy
- * nssPKIXBuiltInStandardAttributes_Encode
- * nssPKIXBuiltInStandardAttributes_HasCountryName
- * nssPKIXBuiltInStandardAttributes_GetCountryName
- * nssPKIXBuiltInStandardAttributes_SetCountryName
- * nssPKIXBuiltInStandardAttributes_RemoveCountryName
- * nssPKIXBuiltInStandardAttributes_HasAdministrationDomainName
- * nssPKIXBuiltInStandardAttributes_GetAdministrationDomainName
- * nssPKIXBuiltInStandardAttributes_SetAdministrationDomainName
- * nssPKIXBuiltInStandardAttributes_RemoveAdministrationDomainName
- * nssPKIXBuiltInStandardAttributes_HasNetworkAddress
- * nssPKIXBuiltInStandardAttributes_GetNetworkAddress
- * nssPKIXBuiltInStandardAttributes_SetNetworkAddress
- * nssPKIXBuiltInStandardAttributes_RemoveNetworkAddress
- * nssPKIXBuiltInStandardAttributes_HasTerminalIdentifier
- * nssPKIXBuiltInStandardAttributes_GetTerminalIdentifier
- * nssPKIXBuiltInStandardAttributes_SetTerminalIdentifier
- * nssPKIXBuiltInStandardAttributes_RemoveTerminalIdentifier
- * nssPKIXBuiltInStandardAttributes_HasPrivateDomainName
- * nssPKIXBuiltInStandardAttributes_GetPrivateDomainName
- * nssPKIXBuiltInStandardAttributes_SetPrivateDomainName
- * nssPKIXBuiltInStandardAttributes_RemovePrivateDomainName
- * nssPKIXBuiltInStandardAttributes_HasOrganizationName
- * nssPKIXBuiltInStandardAttributes_GetOrganizationName
- * nssPKIXBuiltInStandardAttributes_SetOrganizationName
- * nssPKIXBuiltInStandardAttributes_RemoveOrganizationName
- * nssPKIXBuiltInStandardAttributes_HasNumericUserIdentifier
- * nssPKIXBuiltInStandardAttributes_GetNumericUserIdentifier
- * nssPKIXBuiltInStandardAttributes_SetNumericUserIdentifier
- * nssPKIXBuiltInStandardAttributes_RemoveNumericUserIdentifier
- * nssPKIXBuiltInStandardAttributes_HasPersonalName
- * nssPKIXBuiltInStandardAttributes_GetPersonalName
- * nssPKIXBuiltInStandardAttributes_SetPersonalName
- * nssPKIXBuiltInStandardAttributes_RemovePersonalName
- * nssPKIXBuiltInStandardAttributes_HasOrganizationLUnitNames
- * nssPKIXBuiltInStandardAttributes_GetOrganizationLUnitNames
- * nssPKIXBuiltInStandardAttributes_SetOrganizationLUnitNames
- * nssPKIXBuiltInStandardAttributes_RemoveOrganizationLUnitNames
- * nssPKIXBuiltInStandardAttributes_Equal
- * nssPKIXBuiltInStandardAttributes_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXBuiltInStandardAttributes_verifyPointer
- *
- */
-
-/*
- * nssPKIXBuiltInStandardAttributes_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInStandardAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInStandardAttributes *
-nssPKIXBuiltInStandardAttributes_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_COUNTRY_NAME
- * NSS_ERROR_INVALID_PKIX_ADMINISTRATION_DOMAIN_NAME
- * NSS_ERROR_INVALID_PKIX_NETWORK_ADDRESS
- * NSS_ERROR_INVALID_PKIX_TERMINAL_IDENTIFIER
- * NSS_ERROR_INVALID_PKIX_PRIVATE_DOMAIN_NAME
- * NSS_ERROR_INVALID_PKIX_ORGANIZATION_NAME
- * NSS_ERROR_INVALID_PKIX_NUMERIC_USER_IDENTIFIER
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInStandardAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInStandardAttributes *
-nssPKIXBuiltInStandardAttributes_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXCountryName *countryNameOpt,
- NSSPKIXAdministrationDomainName *administrationDomainNameOpt,
- NSSPKIXNetworkAddress *networkAddressOpt,
- NSSPKIXTerminalIdentifier *terminalIdentifierOpt,
- NSSPKIXPrivateDomainName *privateDomainNameOpt,
- NSSPKIXOrganizationName *organizationNameOpt,
- NSSPKIXNumericUserIdentifier *numericUserIdentifierOpt,
- NSSPKIXPersonalName *personalNameOpt,
- NSSPKIXOrganizationalUnitNames *organizationalUnitNamesOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_Destroy
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXBuiltInStandardAttributes_Encode
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_HasCountryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInStandardAttributes_HasCountryName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_GetCountryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCountryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCountryName *
-nssPKIXBuiltInStandardAttributes_GetCountryName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_SetCountryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_COUNTRY_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_SetCountryName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXCountryName *countryName
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_RemoveCountryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_COUNTRY_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_RemoveCountryName
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_HasAdministrationDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInStandardAttributes_HasAdministrationDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_GetAdministrationDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAdministrationDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAdministrationDomainName *
-nssPKIXBuiltInStandardAttributes_GetAdministrationDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_SetAdministrationDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ADMINISTRATION_DOMAIN_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_SetAdministrationDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXAdministrationDomainName *administrationDomainName
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_RemoveAdministrationDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_ADMINISTRATION_DOMAIN_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_RemoveAdministrationDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_HasNetworkAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInStandardAttributes_HasNetworkAddress
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_GetNetworkAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNetworkAddress *
-nssPKIXBuiltInStandardAttributes_GetNetworkAddress
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_SetNetworkAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_NETWORK_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_SetNetworkAddress
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXNetworkAddress *networkAddress
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_RemoveNetworkAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_NETWORK_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_RemoveNetworkAddress
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_HasTerminalIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInStandardAttributes_HasTerminalIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_GetTerminalIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTerminalIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTerminalIdentifier *
-nssPKIXBuiltInStandardAttributes_GetTerminalIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_SetTerminalIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_TERMINAL_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_SetTerminalIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXTerminalIdentifier *terminalIdentifier
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_RemoveTerminalIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_TERMINAL_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_RemoveTerminalIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_HasPrivateDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInStandardAttributes_HasPrivateDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_GetPrivateDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateDomainName *
-nssPKIXBuiltInStandardAttributes_GetPrivateDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_SetPrivateDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_PRIVATE_DOMAIN_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_SetPrivateDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXPrivateDomainName *privateDomainName
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_RemovePrivateDomainName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_PRIVATE_DOMAIN_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_RemovePrivateDomainName
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_HasOrganizationName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInStandardAttributes_HasOrganizationName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_GetOrganizationName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationName *
-nssPKIXBuiltInStandardAttributes_GetOrganizationName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_SetOrganizationName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ORGANIZATION_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_SetOrganizationName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXOrganizationName *organizationName
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_RemoveOrganizationName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_ORGANIZATION_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_RemoveOrganizationName
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_HasNumericUserIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInStandardAttributes_HasNumericUserIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_GetNumericUserIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNumericUserIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNumericUserIdentifier *
-nssPKIXBuiltInStandardAttributes_GetNumericUserIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_SetNumericUserIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_NUMERIC_USER_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_SetNumericUserIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXNumericUserIdentifier *numericUserIdentifier
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_RemoveNumericUserIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_NUMERIC_USER_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_RemoveNumericUserIdentifier
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_HasPersonalName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInStandardAttributes_HasPersonalName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_GetPersonalName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPersonalName *
-nssPKIXBuiltInStandardAttributes_GetPersonalName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_SetPersonalName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_SetPersonalName
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXPersonalName *personalName
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_RemovePersonalName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_RemovePersonalName
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_HasOrganizationLUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInStandardAttributes_HasOrganizationLUnitNames
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_GetOrganizationLUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitNames *
-nssPKIXBuiltInStandardAttributes_GetOrganizationLUnitNames
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_SetOrganizationLUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_SetOrganizationLUnitNames
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSPKIXOrganizationalUnitNames *organizationalUnitNames
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_RemoveOrganizationLUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_RemoveOrganizationLUnitNames
-(
- NSSPKIXBuiltInStandardAttributes *bisa
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInStandardAttributes_Equal
-(
- NSSPKIXBuiltInStandardAttributes *bisa1,
- NSSPKIXBuiltInStandardAttributes *bisa2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInStandardAttributes_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInStandardAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInStandardAttributes *
-nssPKIXBuiltInStandardAttributes_Duplicate
-(
- NSSPKIXBuiltInStandardAttributes *bisa,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXBuiltInStandardAttributes_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXBuiltInStandardAttributes
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_STANDARD_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInStandardAttributes_verifyPointer
-(
- NSSPKIXBuiltInStandardAttributes *p
-);
-#endif /* DEBUG */
-
-/*
- * CountryName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CountryName ::= [APPLICATION 1] CHOICE {
- * x121-dcc-code NumericString
- * (SIZE (ub-country-name-numeric-length)),
- * iso-3166-alpha2-code PrintableString
- * (SIZE (ub-country-name-alpha-length)) }
- *
- * The private calls for this type:
- *
- * nssPKIXCountryName_Decode
- * nssPKIXCountryName_CreateFromUTF8
- * nssPKIXCountryName_Encode
- *
- */
-
-/*
- * nssPKIXCountryName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCountryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCountryName *
-nssPKIXCountryName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXCountryName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCountryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCountryName *
-nssPKIXCountryName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXCountryName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_COUNTRY_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXCountryName_Encode
-(
- NSSPKIXCountryName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * AdministrationDomainName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AdministrationDomainName ::= [APPLICATION 2] CHOICE {
- * numeric NumericString (SIZE (0..ub-domain-name-length)),
- * printable PrintableString (SIZE (0..ub-domain-name-length)) }
- *
- * The private calls for this type:
- *
- * nssPKIXAdministrationDomainName_Decode
- * nssPKIXAdministrationDomainName_CreateFromUTF8
- * nssPKIXAdministrationDomainName_Encode
- *
- */
-
-/*
- * nssPKIXAdministrationDomainName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAdministrationDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAdministrationDomainName *
-nssPKIXAdministrationDomainName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXAdministrationDomainName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAdministrationDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAdministrationDomainName *
-nssPKIXAdministrationDomainName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXAdministrationDomainName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ADMINISTRATION_DOMAIN_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXAdministrationDomainName_Encode
-(
- NSSPKIXAdministrationDomainName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * X121Address
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
- *
- * The private calls for this type:
- *
- * nssPKIXX121Address_Decode
- * nssPKIXX121Address_CreateFromUTF8
- * nssPKIXX121Address_Encode
- *
- */
-
-/*
- * nssPKIXX121Address_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX121Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX121Address *
-nssPKIXX121Address_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXX121Address_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX121Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXX121Address *
-nssPKIXX121Address_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXX121Address_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_X121_ADDRESS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXX121Address_Encode
-(
- NSSPKIXX121Address *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NetworkAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NetworkAddress ::= X121Address -- see also extended-network-address
- *
- * The private calls for this type:
- *
- * nssPKIXNetworkAddress_Decode
- * nssPKIXNetworkAddress_CreateFromUTF8
- * nssPKIXNetworkAddress_Encode
- *
- */
-
-/*
- * nssPKIXNetworkAddress_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNetworkAddress *
-nssPKIXNetworkAddress_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXNetworkAddress_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNetworkAddress *
-nssPKIXNetworkAddress_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXNetworkAddress_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NETWORK_ADDRESS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXNetworkAddress_Encode
-(
- NSSPKIXNetworkAddress *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * TerminalIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
- *
- * The private calls for this type:
- *
- * nssPKIXTerminalIdentifier_Decode
- * nssPKIXTerminalIdentifier_CreateFromUTF8
- * nssPKIXTerminalIdentifier_Encode
- *
- */
-
-/*
- * nssPKIXTerminalIdentifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTerminalIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTerminalIdentifier *
-nssPKIXTerminalIdentifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXTerminalIdentifier_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTerminalIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTerminalIdentifier *
-nssPKIXTerminalIdentifier_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXTerminalIdentifier_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TERMINAL_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXTerminalIdentifier_Encode
-(
- NSSPKIXTerminalIdentifier *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PrivateDomainName
- *
- * -- fgmr comments --
- *
- * PrivateDomainName ::= CHOICE {
- * numeric NumericString (SIZE (1..ub-domain-name-length)),
- * printable PrintableString (SIZE (1..ub-domain-name-length)) }
- *
- * The private calls for this type:
- *
- * nssPKIXPrivateDomainName_Decode
- * nssPKIXPrivateDomainName_CreateFromUTF8
- * nssPKIXPrivateDomainName_Encode
- *
- */
-
-/*
- * nssPKIXPrivateDomainName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateDomainName *
-nssPKIXPrivateDomainName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPrivateDomainName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateDomainName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateDomainName *
-nssPKIXPrivateDomainName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXPrivateDomainName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_DOMAIN_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPrivateDomainName_Encode
-(
- NSSPKIXPrivateDomainName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * OrganizationName
- *
- * -- fgmr comments --
- *
- * OrganizationName ::= PrintableString
- * (SIZE (1..ub-organization-name-length))
- *
- * The private calls for this type:
- *
- * nssPKIXOrganizationName_Decode
- * nssPKIXOrganizationName_CreateFromUTF8
- * nssPKIXOrganizationName_Encode
- *
- */
-
-/*
- * nssPKIXOrganizationName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationName *
-nssPKIXOrganizationName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXOrganizationName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationName *
-nssPKIXOrganizationName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXOrganizationName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATION_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXOrganizationName_Encode
-(
- NSSPKIXOrganizationName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * NumericUserIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NumericUserIdentifier ::= NumericString
- * (SIZE (1..ub-numeric-user-id-length))
- *
- * The private calls for this type:
- *
- * nssPKIXNumericUserIdentifier_Decode
- * nssPKIXNumericUserIdentifier_CreateFromUTF8
- * nssPKIXNumericUserIdentifier_Encode
- *
- */
-
-/*
- * nssPKIXNumericUserIdentifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNumericUserIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNumericUserIdentifier *
-nssPKIXNumericUserIdentifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXNumericUserIdentifier_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNumericUserIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNumericUserIdentifier *
-nssPKIXNumericUserIdentifier_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXNumericUserIdentifier_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NUMERIC_USER_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXNumericUserIdentifier_Encode
-(
- NSSPKIXNumericUserIdentifier *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PersonalName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PersonalName ::= SET {
- * surname [0] PrintableString (SIZE (1..ub-surname-length)),
- * given-name [1] PrintableString
- * (SIZE (1..ub-given-name-length)) OPTIONAL,
- * initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL,
- * generation-qualifier [3] PrintableString
- * (SIZE (1..ub-generation-qualifier-length)) OPTIONAL }
- *
- * The private calls for this type:
- *
- * nssPKIXPersonalName_Decode
- * nssPKIXPersonalName_Create
- * nssPKIXPersonalName_Destroy
- * nssPKIXPersonalName_Encode
- * nssPKIXPersonalName_GetSurname
- * nssPKIXPersonalName_SetSurname
- * nssPKIXPersonalName_HasGivenName
- * nssPKIXPersonalName_GetGivenName
- * nssPKIXPersonalName_SetGivenName
- * nssPKIXPersonalName_RemoveGivenName
- * nssPKIXPersonalName_HasInitials
- * nssPKIXPersonalName_GetInitials
- * nssPKIXPersonalName_SetInitials
- * nssPKIXPersonalName_RemoveInitials
- * nssPKIXPersonalName_HasGenerationQualifier
- * nssPKIXPersonalName_GetGenerationQualifier
- * nssPKIXPersonalName_SetGenerationQualifier
- * nssPKIXPersonalName_RemoveGenerationQualifier
- * nssPKIXPersonalName_Equal
- * nssPKIXPersonalName_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXPersonalName_verifyPointer
- *
- */
-
-/*
- * nssPKIXPersonalName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPersonalName *
-nssPKIXPersonalName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPersonalName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPersonalName *
-nssPKIXPersonalName_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *surname,
- NSSUTF8 *givenNameOpt,
- NSSUTF8 *initialsOpt,
- NSSUTF8 *generationQualifierOpt
-);
-
-/*
- * nssPKIXPersonalName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPersonalName_Destroy
-(
- NSSPKIXPersonalName *personalName
-);
-
-/*
- * nssPKIXPersonalName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPersonalName_Encode
-(
- NSSPKIXPersonalName *personalName,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPersonalName_GetSurname
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXPersonalName_GetSurname
-(
- NSSPKIXPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPersonalName_SetSurname
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPersonalName_SetSurname
-(
- NSSPKIXPersonalName *personalName,
- NSSUTF8 *surname
-);
-
-/*
- * nssPKIXPersonalName_HasGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXPersonalName_HasGivenName
-(
- NSSPKIXPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPersonalName_GetGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_GIVEN_NAME
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXPersonalName_GetGivenName
-(
- NSSPKIXPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPersonalName_SetGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPersonalName_SetGivenName
-(
- NSSPKIXPersonalName *personalName,
- NSSUTF8 *givenName
-);
-
-/*
- * nssPKIXPersonalName_RemoveGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_HAS_NO_GIVEN_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPersonalName_RemoveGivenName
-(
- NSSPKIXPersonalName *personalName
-);
-
-/*
- * nssPKIXPersonalName_HasInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXPersonalName_HasInitials
-(
- NSSPKIXPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPersonalName_GetInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXPersonalName_GetInitials
-(
- NSSPKIXPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPersonalName_SetInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPersonalName_SetInitials
-(
- NSSPKIXPersonalName *personalName,
- NSSUTF8 *initials
-);
-
-/*
- * nssPKIXPersonalName_RemoveInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPersonalName_RemoveInitials
-(
- NSSPKIXPersonalName *personalName
-);
-
-/*
- * nssPKIXPersonalName_HasGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXPersonalName_HasGenerationQualifier
-(
- NSSPKIXPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPersonalName_GetGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXPersonalName_GetGenerationQualifier
-(
- NSSPKIXPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPersonalName_SetGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPersonalName_SetGenerationQualifier
-(
- NSSPKIXPersonalName *personalName,
- NSSUTF8 *generationQualifier
-);
-
-/*
- * nssPKIXPersonalName_RemoveGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPersonalName_RemoveGenerationQualifier
-(
- NSSPKIXPersonalName *personalName
-);
-
-/*
- * nssPKIXPersonalName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXPersonalName_Equal
-(
- NSSPKIXPersonalName *personalName1,
- NSSPKIXPersonalName *personalName2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPersonalName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPersonalName *
-nssPKIXPersonalName_Duplicate
-(
- NSSPKIXPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXPersonalName_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXPersonalName
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPersonalName_verifyPointer
-(
- NSSPKIXPersonalName *p
-);
-#endif /* DEBUG */
-
-/*
- * OrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
- * OF OrganizationalUnitName
- *
- * The private calls for the type:
- *
- * nssPKIXOrganizationalUnitNames_Decode
- * nssPKIXOrganizationalUnitNames_Create
- * nssPKIXOrganizationalUnitNames_Destroy
- * nssPKIXOrganizationalUnitNames_Encode
- * nssPKIXOrganizationalUnitNames_GetOrganizationalUnitNameCount
- * nssPKIXOrganizationalUnitNames_GetOrganizationalUnitNames
- * nssPKIXOrganizationalUnitNames_SetOrganizationalUnitNames
- * nssPKIXOrganizationalUnitNames_GetOrganizationalUnitName
- * nssPKIXOrganizationalUnitNames_SetOrganizationalUnitName
- * nssPKIXOrganizationalUnitNames_InsertOrganizationalUnitName
- * nssPKIXOrganizationalUnitNames_AppendOrganizationalUnitName
- * nssPKIXOrganizationalUnitNames_RemoveOrganizationalUnitName
- * nssPKIXOrganizationalUnitNames_FindOrganizationalUnitName
- * nssPKIXOrganizationalUnitNames_Equal
- * nssPKIXOrganizationalUnitNames_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXOrganizationalUnitNames_verifyPointer
- *
- */
-
-/*
- * nssPKIXOrganizationalUnitNames_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitNames *
-nssPKIXOrganizationalUnitNames_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitNames *
-nssPKIXOrganizationalUnitNames_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXOrganizationalUnitName *ou1,
- ...
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXOrganizationalUnitNames_Destroy
-(
- NSSPKIXOrganizationalUnitNames *ous
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXOrganizationalUnitNames_Encode
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_GetOrganizationalUnitNameCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXOrganizationalUnitNames_GetOrganizationalUnitNameCount
-(
- NSSPKIXOrganizationalUnitNames *ous
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_GetOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXOrganizationalUnitName
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitName **
-nssPKIXOrganizationalUnitNames_GetOrganizationalUnitNames
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSPKIXOrganizationalUnitName *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_SetOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXOrganizationalUnitNames_SetOrganizationalUnitNames
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSPKIXOrganizationalUnitName *ou[],
- PRInt32 count
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_GetOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitName *
-nssPKIXOrganizationalUnitNames_GetOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_SetOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXOrganizationalUnitNames_SetOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSPKIXOrganizationalUnitName *ou
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_InsertOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXOrganizationalUnitNames_InsertOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSPKIXOrganizationalUnitName *ou
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_AppendOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXOrganizationalUnitNames_AppendOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSPKIXOrganizationalUnitName *ou
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_RemoveOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXOrganizationalUnitNames_RemoveOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- PRInt32 i
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_FindOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- *
- * Return value:
- * The index of the specified revoked certificate upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRIntn
-nssPKIXOrganizationalUnitNames_FindOrganizationalUnitName
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSPKIXOrganizationalUnitName *ou
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXOrganizationalUnitNames_Equal
-(
- NSSPKIXOrganizationalUnitNames *ous1,
- NSSPKIXOrganizationalUnitNames *ous2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXOrganizationalUnitNames_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitNames *
-nssPKIXOrganizationalUnitNames_Duplicate
-(
- NSSPKIXOrganizationalUnitNames *ous,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXOrganizationalUnitNames_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXOrganizationalUnitNames
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXOrganizationalUnitNames_verifyPointer
-(
- NSSPKIXOrganizationalUnitNames *p
-);
-#endif /* DEBUG */
-
-/*
- * OrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * OrganizationalUnitName ::= PrintableString (SIZE
- * (1..ub-organizational-unit-name-length))
- *
- * The private calls for this type:
- *
- * nssPKIXOrganizationalUnitName_Decode
- * nssPKIXOrganizationalUnitName_CreateFromUTF8
- * nssPKIXOrganizationalUnitName_Encode
- *
- */
-
-/*
- * nssPKIXOrganizationalUnitName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitName *
-nssPKIXOrganizationalUnitName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXOrganizationalUnitName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXOrganizationalUnitName *
-nssPKIXOrganizationalUnitName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXOrganizationalUnitName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXOrganizationalUnitName_Encode
-(
- NSSPKIXOrganizationalUnitName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * BuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
- * (1..ub-domain-defined-attributes) OF
- * BuiltInDomainDefinedAttribute
- *
- * The private calls for this type:
- *
- * nssPKIXBuiltInDomainDefinedAttributes_Decode
- * nssPKIXBuiltInDomainDefinedAttributes_Create
- * nssPKIXBuiltInDomainDefinedAttributes_Destroy
- * nssPKIXBuiltInDomainDefinedAttributes_Encode
- * nssPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributeCount
- * nssPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributes
- * nssPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttributes
- * nssPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttribute
- * nssPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttribute
- * nssPKIXBuiltInDomainDefinedAttributes_InsertBuiltIndomainDefinedAttribute
- * nssPKIXBuiltInDomainDefinedAttributes_AppendBuiltIndomainDefinedAttribute
- * nssPKIXBuiltInDomainDefinedAttributes_RemoveBuiltIndomainDefinedAttribute
- * nssPKIXBuiltInDomainDefinedAttributes_Equal
- * nssPKIXBuiltInDomainDefinedAttributes_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXBuiltInDomainDefinedAttributes_verifyPointer
- *
- */
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttributes *
-nssPKIXBuiltInDomainDefinedAttributes_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttributes *
-nssPKIXBuiltInDomainDefinedAttributes_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda1,
- ...
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInDomainDefinedAttributes_Destroy
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXBuiltInDomainDefinedAttributes_Encode
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributeCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributeCount
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXBuiltInDomainDefinedAttribute
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttribute **
-nssPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttributes
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSPKIXBuiltInDomainDefinedAttribut *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttributes
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSPKIXBuiltInDomainDefinedAttribut *bidda[],
- PRInt32 count
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttribute *
-nssPKIXBuiltInDomainDefinedAttributes_GetBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInDomainDefinedAttributes_SetBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- PRInt32 i,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_InsertBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInDomainDefinedAttributes_InsertBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- PRInt32 i,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_AppendBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInDomainDefinedAttributes_AppendBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_RemoveBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInDomainDefinedAttributes_RemoveBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- PRInt32 i
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_FindBuiltIndomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * The index of the specified revoked certificate upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRInt32
-nssPKIXBuiltInDomainDefinedAttributes_FindBuiltIndomainDefinedAttribute
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInDomainDefinedAttributes_Equal
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas1,
- NSSPKIXBuiltInDomainDefinedAttributes *biddas2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttributes *
-nssPKIXBuiltInDomainDefinedAttributes_Duplicate
-(
- NSSPKIXBuiltInDomainDefinedAttributes *biddas,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXBuiltInDomainDefinedAttributes_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXBuiltInDomainDefinedAttributes
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInDomainDefinedAttributes_verifyPointer
-(
- NSSPKIXBuiltInDomainDefinedAttributes *p
-);
-#endif /* DEBUG */
-
-/*
- * BuiltInDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInDomainDefinedAttribute ::= SEQUENCE {
- * type PrintableString (SIZE
- * (1..ub-domain-defined-attribute-type-length)),
- * value PrintableString (SIZE
- * (1..ub-domain-defined-attribute-value-length))}
- *
- * The private calls for this type:
- *
- * nssPKIXBuiltInDomainDefinedAttribute_Decode
- * nssPKIXBuiltInDomainDefinedAttribute_Create
- * nssPKIXBuiltInDomainDefinedAttribute_Destroy
- * nssPKIXBuiltInDomainDefinedAttribute_Encode
- * nssPKIXBuiltInDomainDefinedAttribute_GetType
- * nssPKIXBuiltInDomainDefinedAttribute_SetType
- * nssPKIXBuiltInDomainDefinedAttribute_GetValue
- * nssPKIXBuiltInDomainDefinedAttribute_SetValue
- * nssPKIXBuiltInDomainDefinedAttribute_Equal
- * nssPKIXBuiltInDomainDefinedAttribute_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXBuiltInDomainDefinedAttribute_verifyPointer
- *
- */
-
-/*
- * nssPKIXBuiltInDomainDefinedAttribute_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttribute *
-nssPKIXBuiltInDomainDefinedAttribute_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttribute_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttribute *
-nssPKIXBuiltInDomainDefinedAttribute_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *type,
- NSSUTF8 *value
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttribute_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInDomainDefinedAttribute_Destroy
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttribute_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXBuiltInDomainDefinedAttribute_Encode
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttribute_GetType
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXBuiltInDomainDefinedAttribute_GetType
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttribute_SetType
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInDomainDefinedAttribute_SetType
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSUTF8 *type
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttribute_GetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXBuiltInDomainDefinedAttribute_GetValue
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttribute_SetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInDomainDefinedAttribute_SetValue
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSUTF8 *value
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttribute_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXBuiltInDomainDefinedAttribute_Equal
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda1,
- NSSPKIXBuiltInDomainDefinedAttribute *bidda2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBuiltInDomainDefinedAttribute_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXBuiltInDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBuiltInDomainDefinedAttribute *
-nssPKIXBuiltInDomainDefinedAttribute_Duplicate
-(
- NSSPKIXBuiltInDomainDefinedAttribute *bidda,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXBuiltInDomainDefinedAttribute_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXBuiltInDomainDefinedAttribute
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BUILT_IN_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBuiltInDomainDefinedAttribute_verifyPointer
-(
- NSSPKIXBuiltInDomainDefinedAttribute *p
-);
-#endif /* DEBUG */
-
-/*
- * ExtensionAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
- * ExtensionAttribute
- *
- * The private calls for this type:
- *
- * nssPKIXExtensionAttributes_Decode
- * nssPKIXExtensionAttributes_Create
- * nssPKIXExtensionAttributes_Destroy
- * nssPKIXExtensionAttributes_Encode
- * nssPKIXExtensionAttributes_GetExtensionAttributeCount
- * nssPKIXExtensionAttributes_GetExtensionAttributes
- * nssPKIXExtensionAttributes_SetExtensionAttributes
- * nssPKIXExtensionAttributes_GetExtensionAttribute
- * nssPKIXExtensionAttributes_SetExtensionAttribute
- * nssPKIXExtensionAttributes_InsertExtensionAttribute
- * nssPKIXExtensionAttributes_AppendExtensionAttribute
- * nssPKIXExtensionAttributes_RemoveExtensionAttribute
- * nssPKIXExtensionAttributes_FindExtensionAttribute
- * nssPKIXExtensionAttributes_Equal
- * nssPKIXExtensionAttributes_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXExtensionAttributes_verifyPointer
- *
- */
-
-/*
- * nssPKIXExtensionAttributes_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttributes *
-nssPKIXExtensionAttributes_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXExtensionAttributes_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttributes *
-nssPKIXExtensionAttributes_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXExtensionAttribute ea1,
- ...
-);
-
-/*
- * nssPKIXExtensionAttributes_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtensionAttributes_Destroy
-(
- NSSPKIXExtensionAttributes *eas
-);
-
-/*
- * nssPKIXExtensionAttributes_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXExtensionAttributes_Encode
-(
- NSSPKIXExtensionAttributes *eas
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtensionAttributes_GetExtensionAttributeCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXExtensionAttributes_GetExtensionAttributeCount
-(
- NSSPKIXExtensionAttributes *eas
-);
-
-/*
- * nssPKIXExtensionAttributes_GetExtensionAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXExtensionAttribute pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttribute **
-nssPKIXExtensionAttributes_GetExtensionAttributes
-(
- NSSPKIXExtensionAttributes *eas,
- NSSPKIXExtensionAttribute *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtensionAttributes_SetExtensionAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtensionAttributes_SetExtensionAttributes
-(
- NSSPKIXExtensionAttributes *eas,
- NSSPKIXExtensionAttribute *ea[],
- PRInt32 count
-);
-
-/*
- * nssPKIXExtensionAttributes_GetExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttribute upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttribute *
-nssPKIXExtensionAttributes_GetExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtensionAttributes_SetExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtensionAttributes_SetExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- PRInt32 i,
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * nssPKIXExtensionAttributes_InsertExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtensionAttributes_InsertExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- PRInt32 i,
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * nssPKIXExtensionAttributes_AppendExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtensionAttributes_AppendExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * nssPKIXExtensionAttributes_RemoveExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtensionAttributes_RemoveExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- PRInt32 i,
-);
-
-/*
- * nssPKIXExtensionAttributes_FindExtensionAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * A nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXExtensionAttributes_FindExtensionAttribute
-(
- NSSPKIXExtensionAttributes *eas,
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * nssPKIXExtensionAttributes_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXExtensionAttributes_Equal
-(
- NSSPKIXExtensionAttributes *eas1,
- NSSPKIXExtensionAttributes *eas2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXExtensionAttributes_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttributes upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttributes *
-nssPKIXExtensionAttributes_Duplicate
-(
- NSSPKIXExtensionAttributes *eas,
- NSSArena *arenaOpt
-);
-
-/*
- * fgmr
- * There should be accessors to search the ExtensionAttributes and
- * return the value for a specific value, etc.
- */
-
-#ifdef DEBUG
-/*
- * nssPKIXExtensionAttributes_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXExtensionAttributes
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtensionAttributes_verifyPointer
-(
- NSSPKIXExtensionAttributes *p
-);
-#endif /* DEBUG */
-
-/*
- * ExtensionAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtensionAttribute ::= SEQUENCE {
- * extension-attribute-type [0] INTEGER (0..ub-extension-attributes),
- * extension-attribute-value [1]
- * ANY DEFINED BY extension-attribute-type }
- *
- * The private calls for this type:
- *
- * nssPKIXExtensionAttribute_Decode
- * nssPKIXExtensionAttribute_Create
- * nssPKIXExtensionAttribute_Destroy
- * nssPKIXExtensionAttribute_Encode
- * nssPKIXExtensionAttribute_GetExtensionsAttributeType
- * nssPKIXExtensionAttribute_SetExtensionsAttributeType
- * nssPKIXExtensionAttribute_GetExtensionsAttributeValue
- * nssPKIXExtensionAttribute_SetExtensionsAttributeValue
- * nssPKIXExtensionAttribute_Equal
- * nssPKIXExtensionAttribute_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXExtensionAttribute_verifyPointer
- *
- */
-
-/*
- * nssPKIXExtensionAttribute_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttribute upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttribute *
-nssPKIXExtensionAttribute_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXExtensionAttribute_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE_TYPE
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttribute upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttribute *
-nssPKIXExtensionAttribute_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXExtensionAttributeType type,
- NSSItem *value
-);
-
-/*
- * nssPKIXExtensionAttribute_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtensionAttribute_Destroy
-(
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * nssPKIXExtensionAttribute_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXExtensionAttribute_Encode
-(
- NSSPKIXExtensionAttribute *ea,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtensionAttribute_GetExtensionsAttributeType
- *
- * -- fgmr comments --
- * {One of these objects created from BER generated by a program
- * adhering to a later version of the PKIX standards might have
- * a value not mentioned in the enumeration definition. This isn't
- * a bug.}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * A member of the NSSPKIXExtensionAttributeType enumeration
- * upon success
- * NSSPKIXExtensionAttributeType_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttributeType
-nssPKIXExtensionAttribute_GetExtensionsAttributeType
-(
- NSSPKIXExtensionAttribute *ea
-);
-
-/*
- * nssPKIXExtensionAttribute_SetExtensionsAttributeType
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtensionAttribute_SetExtensionsAttributeType
-(
- NSSPKIXExtensionAttribute *ea,
- NSSPKIXExtensionAttributeType type
-);
-
-/*
- * nssPKIXExtensionAttribute_GetExtensionsAttributeValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-nssPKIXExtensionAttribute_GetExtensionsAttributeValue
-(
- NSSPKIXExtensionAttribute *ea,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtensionAttribute_SetExtensionsAttributeValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtensionAttribute_SetExtensionsAttributeValue
-(
- NSSPKIXExtensionAttribute *ea,
- NSSItem *value
-);
-
-/*
- * nssPKIXExtensionAttribute_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXExtensionAttribute_Equal
-(
- NSSPKIXExtensionAttribute *ea1,
- NSSPKIXExtensionAttribute *ea2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXExtensionAttribute_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtensionAttribute upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtensionAttribute *
-nssPKIXExtensionAttribute_Duplicate
-(
- NSSPKIXExtensionAttribute *ea,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXExtensionAttribute_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXExtensionAttribute
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENSION_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtensionAttribute_verifyPointer
-(
- NSSPKIXExtensionAttribute *p
-);
-#endif /* DEBUG */
-
-/*
- * CommonName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
- *
- * The private calls for this type:
- *
- * nssPKIXCommonName_Decode
- * nssPKIXCommonName_CreateFromUTF8
- * nssPKIXCommonName_Encode
- *
- */
-
-/*
- * nssPKIXCommonName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCommonName *
-nssPKIXCommonName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXCommonName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCommonName *
-nssPKIXCommonName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXCommonName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXCommonName_Encode
-(
- NSSPKIXCommonName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * TeletexCommonName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
- *
- * The private calls for this type:
- *
- * nssPKIXTeletexCommonName_Decode
- * nssPKIXTeletexCommonName_CreateFromUTF8
- * nssPKIXTeletexCommonName_Encode
- *
- */
-
-/*
- * nssPKIXTeletexCommonName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexCommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexCommonName *
-nssPKIXTeletexCommonName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXTeletexCommonName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexCommonName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexCommonName *
-nssPKIXTeletexCommonName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXTeletexCommonName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXTeletexCommonName_Encode
-(
- NSSPKIXTeletexCommonName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * TeletexOrganizationName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexOrganizationName ::=
- * TeletexString (SIZE (1..ub-organization-name-length))
- *
- * The private calls for this type:
- *
- * nssPKIXTeletexOrganizationName_Decode
- * nssPKIXTeletexOrganizationName_CreateFromUTF8
- * nssPKIXTeletexOrganizationName_Encode
- *
- */
-
-/*
- * nssPKIXTeletexOrganizationName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationName *
-nssPKIXTeletexOrganizationName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXTeletexOrganizationName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationName *
-nssPKIXTeletexOrganizationName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXTeletexOrganizationName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATION_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXTeletexOrganizationName_Encode
-(
- NSSPKIXTeletexOrganizationName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * TeletexPersonalName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexPersonalName ::= SET {
- * surname [0] TeletexString (SIZE (1..ub-surname-length)),
- * given-name [1] TeletexString
- * (SIZE (1..ub-given-name-length)) OPTIONAL,
- * initials [2] TeletexString (SIZE (1..ub-initials-length)) OPTIONAL,
- * generation-qualifier [3] TeletexString (SIZE
- * (1..ub-generation-qualifier-length)) OPTIONAL }
- *
- * The private calls for this type:
- *
- * nssPKIXTeletexPersonalName_Decode
- * nssPKIXTeletexPersonalName_Create
- * nssPKIXTeletexPersonalName_Destroy
- * nssPKIXTeletexPersonalName_Encode
- * nssPKIXTeletexPersonalName_GetSurname
- * nssPKIXTeletexPersonalName_SetSurname
- * nssPKIXTeletexPersonalName_HasGivenName
- * nssPKIXTeletexPersonalName_GetGivenName
- * nssPKIXTeletexPersonalName_SetGivenName
- * nssPKIXTeletexPersonalName_RemoveGivenName
- * nssPKIXTeletexPersonalName_HasInitials
- * nssPKIXTeletexPersonalName_GetInitials
- * nssPKIXTeletexPersonalName_SetInitials
- * nssPKIXTeletexPersonalName_RemoveInitials
- * nssPKIXTeletexPersonalName_HasGenerationQualifier
- * nssPKIXTeletexPersonalName_GetGenerationQualifier
- * nssPKIXTeletexPersonalName_SetGenerationQualifier
- * nssPKIXTeletexPersonalName_RemoveGenerationQualifier
- * nssPKIXTeletexPersonalName_Equal
- * nssPKIXTeletexPersonalName_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXTeletexPersonalName_verifyPointer
- *
- */
-
-/*
- * nssPKIXTeletexPersonalName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexPersonalName *
-nssPKIXTeletexPersonalName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXTeletexPersonalName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexPersonalName *
-nssPKIXTeletexPersonalName_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *surname,
- NSSUTF8 *givenNameOpt,
- NSSUTF8 *initialsOpt,
- NSSUTF8 *generationQualifierOpt
-);
-
-/*
- * nssPKIXTeletexPersonalName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexPersonalName_Destroy
-(
- NSSPKIXTeletexPersonalName *personalName
-);
-
-/*
- * nssPKIXTeletexPersonalName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXTeletexPersonalName_Encode
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexPersonalName_GetSurname
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXTeletexPersonalName_GetSurname
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexPersonalName_SetSurname
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexPersonalName_SetSurname
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSUTF8 *surname
-);
-
-/*
- * nssPKIXTeletexPersonalName_HasGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXTeletexPersonalName_HasGivenName
-(
- NSSPKIXTeletexPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTeletexPersonalName_GetGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXTeletexPersonalName_GetGivenName
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexPersonalName_SetGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexPersonalName_SetGivenName
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSUTF8 *givenName
-);
-
-/*
- * nssPKIXTeletexPersonalName_RemoveGivenName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexPersonalName_RemoveGivenName
-(
- NSSPKIXTeletexPersonalName *personalName
-);
-
-/*
- * nssPKIXTeletexPersonalName_HasInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXTeletexPersonalName_HasInitials
-(
- NSSPKIXTeletexPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTeletexPersonalName_GetInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXTeletexPersonalName_GetInitials
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexPersonalName_SetInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexPersonalName_SetInitials
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSUTF8 *initials
-);
-
-/*
- * nssPKIXTeletexPersonalName_RemoveInitials
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexPersonalName_RemoveInitials
-(
- NSSPKIXTeletexPersonalName *personalName
-);
-
-/*
- * nssPKIXTeletexPersonalName_HasGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXTeletexPersonalName_HasGenerationQualifier
-(
- NSSPKIXTeletexPersonalName *personalName,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTeletexPersonalName_GetGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXTeletexPersonalName_GetGenerationQualifier
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexPersonalName_SetGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexPersonalName_SetGenerationQualifier
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSUTF8 *generationQualifier
-);
-
-/*
- * nssPKIXTeletexPersonalName_RemoveGenerationQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexPersonalName_RemoveGenerationQualifier
-(
- NSSPKIXTeletexPersonalName *personalName
-);
-
-/*
- * nssPKIXTeletexPersonalName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXTeletexPersonalName_Equal
-(
- NSSPKIXTeletexPersonalName *personalName1,
- NSSPKIXTeletexPersonalName *personalName2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTeletexPersonalName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexPersonalName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexPersonalName *
-nssPKIXTeletexPersonalName_Duplicate
-(
- NSSPKIXTeletexPersonalName *personalName,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXTeletexPersonalName_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXTeletexPersonalName
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_PERSONAL_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexPersonalName_verifyPointer
-(
- NSSPKIXTeletexPersonalName *p
-);
-#endif /* DEBUG */
-
-/*
- * TeletexOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
- * (1..ub-organizational-units) OF TeletexOrganizationalUnitName
- *
- * The private calls for the type:
- *
- * nssPKIXTeletexOrganizationalUnitNames_Decode
- * nssPKIXTeletexOrganizationalUnitNames_Create
- * nssPKIXTeletexOrganizationalUnitNames_Destroy
- * nssPKIXTeletexOrganizationalUnitNames_Encode
- * nssPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNameCount
- * nssPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNames
- * nssPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitNames
- * nssPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitName
- * nssPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitName
- * nssPKIXTeletexOrganizationalUnitNames_InsertTeletexOrganizationalUnitName
- * nssPKIXTeletexOrganizationalUnitNames_AppendTeletexOrganizationalUnitName
- * nssPKIXTeletexOrganizationalUnitNames_RemoveTeletexOrganizationalUnitName
- * nssPKIXTeletexOrganizationalUnitNames_FindTeletexOrganizationalUnitName
- * nssPKIXTeletexOrganizationalUnitNames_Equal
- * nssPKIXTeletexOrganizationalUnitNames_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXTeletexOrganizationalUnitNames_verifyPointer
- *
- */
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitNames *
-nssPKIXTeletexOrganizationalUnitNames_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitNames *
-nssPKIXTeletexOrganizationalUnitNames_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXTeletexOrganizationalUnitName *ou1,
- ...
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexOrganizationalUnitNames_Destroy
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXTeletexOrganizationalUnitNames_Encode
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNameCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNameCount
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXTeletexOrganizationalUnitName
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitName **
-nssPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitNames
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSPKIXTeletexOrganizationalUnitName *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitNames
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSPKIXTeletexOrganizationalUnitName *ou[],
- PRInt32 count
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitName *
-nssPKIXTeletexOrganizationalUnitNames_GetTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexOrganizationalUnitNames_SetTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSPKIXTeletexOrganizationalUnitName *ou
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_InsertTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexOrganizationalUnitNames_InsertTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- PRInt32 i,
- NSSPKIXTeletexOrganizationalUnitName *ou
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_AppendTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexOrganizationalUnitNames_AppendTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSPKIXTeletexOrganizationalUnitName *ou
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_RemoveTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexOrganizationalUnitNames_RemoveTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- PRInt32 i
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_FindTeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- *
- * Return value:
- * The index of the specified revoked certificate upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRInt32
-nssPKIXTeletexOrganizationalUnitNames_FindTeletexOrganizationalUnitName
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSPKIXTeletexOrganizationalUnitName *ou
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXTeletexOrganizationalUnitNames_Equal
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous1,
- NSSPKIXTeletexOrganizationalUnitNames *ous2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitNames_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitNames *
-nssPKIXTeletexOrganizationalUnitNames_Duplicate
-(
- NSSPKIXTeletexOrganizationalUnitNames *ous,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXTeletexOrganizationalUnitNames_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXTeletexOrganizationalUnitNames
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexOrganizationalUnitNames_verifyPointer
-(
- NSSPKIXTeletexOrganizationalUnitNames *p
-);
-#endif /* DEBUG */
-
-/*
- * TeletexOrganizationalUnitName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexOrganizationalUnitName ::= TeletexString
- * (SIZE (1..ub-organizational-unit-name-length))
- *
- * The private calls for this type:
- *
- * nssPKIXTeletexOrganizationalUnitName_Decode
- * nssPKIXTeletexOrganizationalUnitName_CreateFromUTF8
- * nssPKIXTeletexOrganizationalUnitName_Encode
- *
- */
-
-/*
- * nssPKIXTeletexOrganizationalUnitName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitName *
-nssPKIXTeletexOrganizationalUnitName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexOrganizationalUnitName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexOrganizationalUnitName *
-nssPKIXTeletexOrganizationalUnitName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXTeletexOrganizationalUnitName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_ORGANIZATIONAL_UNIT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXTeletexOrganizationalUnitName_Encode
-(
- NSSPKIXTeletexOrganizationalUnitName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PDSName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
- *
- * The private calls for this type:
- *
- * nssPKIXPDSName_Decode
- * nssPKIXPDSName_CreateFromUTF8
- * nssPKIXPDSName_Encode
- *
- */
-
-/*
- * nssPKIXPDSName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSName *
-nssPKIXPDSName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPDSName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSName *
-nssPKIXPDSName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXPDSName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPDSName_Encode
-(
- NSSPKIXPDSName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PhysicalDeliveryCountryName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PhysicalDeliveryCountryName ::= CHOICE {
- * x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
- * iso-3166-alpha2-code PrintableString
- * (SIZE (ub-country-name-alpha-length)) }
- *
- * The private calls for this type:
- *
- * nssPKIXPhysicalDeliveryCountryName_Decode
- * nssPKIXPhysicalDeliveryCountryName_CreateFromUTF8
- * nssPKIXPhysicalDeliveryCountryName_Encode
- *
- */
-
-/*
- * nssPKIXPhysicalDeliveryCountryName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPhysicalDeliveryCountryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPhysicalDeliveryCountryName *
-nssPKIXPhysicalDeliveryCountryName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPhysicalDeliveryCountryName_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPhysicalDeliveryCountryName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPhysicalDeliveryCountryName *
-nssPKIXPhysicalDeliveryCountryName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXPhysicalDeliveryCountryName_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PHYSICAL_DELIVERY_COUNTRY_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPhysicalDeliveryCountryName_Encode
-(
- NSSPKIXPhysicalDeliveryCountryName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PostalCode
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PostalCode ::= CHOICE {
- * numeric-code NumericString (SIZE (1..ub-postal-code-length)),
- * printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
- *
- * The private calls for this type:
- *
- * nssPKIXPostalCode_Decode
- * nssPKIXPostalCode_CreateFromUTF8
- * nssPKIXPostalCode_Encode
- *
- */
-
-/*
- * nssPKIXPostalCode_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPostalCode upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPostalCode *
-nssPKIXPostalCode_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPostalCode_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPostalCode upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPostalCode *
-nssPKIXPostalCode_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXPostalCode_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POSTAL_CODE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPostalCode_Encode
-(
- NSSPKIXPostalCode *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PDSParameter
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PDSParameter ::= SET {
- * printable-string PrintableString
- * (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
- * teletex-string TeletexString
- * (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
- *
- * The private calls for this type:
- *
- * nssPKIXPDSParameter_Decode
- * nssPKIXPDSParameter_CreateFromUTF8
- * nssPKIXPDSParameter_Create
- * nssPKIXPDSParameter_Delete
- * nssPKIXPDSParameter_Encode
- * nssPKIXPDSParameter_GetUTF8Encoding
- * nssPKIXPDSParameter_HasPrintableString
- * nssPKIXPDSParameter_GetPrintableString
- * nssPKIXPDSParameter_SetPrintableString
- * nssPKIXPDSParameter_RemovePrintableString
- * nssPKIXPDSParameter_HasTeletexString
- * nssPKIXPDSParameter_GetTeletexString
- * nssPKIXPDSParameter_SetTeletexString
- * nssPKIXPDSParameter_RemoveTeletexString
- * nssPKIXPDSParameter_Equal
- * nssPKIXPDSParameter_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXPDSParameter_verifyPointer
- */
-
-/*
- * nssPKIXPDSParameter_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSParameter upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSParameter *
-nssPKIXPDSParameter_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPDSParameter_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSParameter upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSParameter *
-nssPKIXPDSParameter_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXPDSParameter_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSParameter upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSParameter *
-nssPKIXPDSParameter_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *printableStringOpt,
- NSSUTF8 *teletexStringOpt
-);
-
-/*
- * nssPKIXPDSParameter_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPDSParameter_Destroy
-(
- NSSPKIXPDSParameter *p
-);
-
-/*
- * nssPKIXPDSParameter_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPDSParameter_Encode
-(
- NSSPKIXPDSParameter *p,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPDSParameter_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXPDSParameter_GetUTF8Encoding
-(
- NSSPKIXPDSParameter *p,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPDSParameter_HasPrintableString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXPDSParameter_HasPrintableString
-(
- NSSPKIXPDSParameter *p,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPDSParameter_GetPrintableString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXPDSParameter_GetPrintableString
-(
- NSSPKIXPDSParameter *p,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPDSParameter_SetPrintableString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPDSParameter_SetPrintableString
-(
- NSSPKIXPDSParameter *p,
- NSSUTF8 *printableString
-);
-
-/*
- * nssPKIXPDSParameter_RemovePrintableString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPDSParameter_RemovePrintableString
-(
- NSSPKIXPDSParameter *p
-);
-
-/*
- * nssPKIXPDSParameter_HasTeletexString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXPDSParameter_HasTeletexString
-(
- NSSPKIXPDSParameter *p,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPDSParameter_GetTeletexString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXPDSParameter_GetTeletexString
-(
- NSSPKIXPDSParameter *p,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPDSParameter_SetTeletexString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPDSParameter_SetTeletexString
-(
- NSSPKIXPDSParameter *p,
- NSSUTF8 *teletexString
-);
-
-/*
- * nssPKIXPDSParameter_RemoveTeletexString
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPDSParameter_RemoveTeletexString
-(
- NSSPKIXPDSParameter *p
-);
-
-/*
- * nssPKIXPDSParameter_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXPDSParameter_Equal
-(
- NSSPKIXPDSParameter *p1,
- NSSPKIXPDSParameter *p2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPDSParameter_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPDSParameter upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPDSParameter *
-nssPKIXPDSParameter_Duplicate
-(
- NSSPKIXPDSParameter *p,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXPDSParameter_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXPDSParameter
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PDS_PARAMETER
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPDSParameter_verifyPointer
-(
- NSSPKIXPDSParameter *p
-);
-#endif /* DEBUG */
-
-/*
- * fgmr: what about these PDS types?
- *
- * PhysicalDeliveryOfficeName
- *
- * PhysicalDeliveryOfficeNumber
- *
- * ExtensionORAddressComponents
- *
- * PhysicalDeliveryPersonalName
- *
- * PhysicalDeliveryOrganizationName
- *
- * ExtensionPhysicalDeliveryAddressComponents
- *
- * StreetAddress
- *
- * PostOfficeBoxAddress
- *
- * PosteRestanteAddress
- *
- * UniquePostalName
- *
- * LocalPostalAttributes
- *
- */
-
-/*
- * UnformattedPostalAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * UnformattedPostalAddress ::= SET {
- * printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF
- * PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
- * teletex-string TeletexString
- * (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
- *
- * The private calls for the type:
- *
- *
- */
-
-/*
- * ExtendedNetworkAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtendedNetworkAddress ::= CHOICE {
- * e163-4-address SEQUENCE {
- * number [0] NumericString (SIZE (1..ub-e163-4-number-length)),
- * sub-address [1] NumericString
- * (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
- * psap-address [0] PresentationAddress }
- *
- * The private calls for the type:
- *
- * nssPKIXExtendedNetworkAddress_Decode
- * nssPKIXExtendedNetworkAddress_Create
- * nssPKIXExtendedNetworkAddress_Encode
- * nssPKIXExtendedNetworkAddress_Destroy
- * nssPKIXExtendedNetworkAddress_GetChoice
- * nssPKIXExtendedNetworkAddress_Get
- * nssPKIXExtendedNetworkAddress_GetE1634Address
- * nssPKIXExtendedNetworkAddress_GetPsapAddress
- * nssPKIXExtendedNetworkAddress_Set
- * nssPKIXExtendedNetworkAddress_SetE163Address
- * nssPKIXExtendedNetworkAddress_SetPsapAddress
- * nssPKIXExtendedNetworkAddress_Equal
- * nssPKIXExtendedNetworkAddress_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXExtendedNetworkAddress_verifyPointer
- *
- */
-
-/*
- * nssPKIXExtendedNetworkAddress_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtendedNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddress *
-nssPKIXExtendedNetworkAddress_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_INVALID_PKIX_PRESENTATION_ADDRESS
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtendedNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddress *
-nssPKIXExtendedNetworkAddress_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXExtendedNetworkAddressChoice choice,
- void *address
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_CreateFromE1634Address
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtendedNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddress *
-nssPKIXExtendedNetworkAddress_CreateFromE1634Address
-(
- NSSArena *arenaOpt,
- NSSPKIXe1634Address *e1634address
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_CreateFromPresentationAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_PRESENTATION_ADDRESS
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtendedNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddress *
-nssPKIXExtendedNetworkAddress_CreateFromPresentationAddress
-(
- NSSArena *arenaOpt,
- NSSPKIXPresentationAddress *presentationAddress
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtendedNetworkAddress_Destroy
-(
- NSSPKIXExtendedNetworkAddress *ena
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXExtendedNetworkAddress_Encode
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_GetChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- *
- * Return value:
- * A valid element of the NSSPKIXExtendedNetworkAddressChoice upon
- * success
- * The value nssPKIXExtendedNetworkAddress_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddressChoice
-nssPKIXExtendedNetworkAddress_GetChoice
-(
- NSSPKIXExtendedNetworkAddress *ena
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_GetSpecifiedChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A pointer...
- * NULL upon failure
- */
-
-NSS_EXTERN void *
-nssPKIXExtendedNetworkAddress_GetSpecifiedChoice
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSPKIXExtendedNetworkAddressChoice which,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_GetE1634Address
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A valid pointer to an NSSPKIXe1643Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXe1643Address *
-nssPKIXExtendedNetworkAddress_GetE1634Address
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_GetPresentationAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A valid pointer to an NSSPKIXPresentationAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPresentationAddress *
-nssPKIXExtendedNetworkAddress_GetPresentationAddress
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_SetSpecifiedChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_INVALID_PKIX_PRESENTATION_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtendedNetworkAddress_SetSpecifiedChoice
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSPKIXExtendedNetworkAddressChoice which,
- void *address
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_SetE163Address
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtendedNetworkAddress_SetE163Address
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSPKIXe1634Address *e1634address
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_SetPresentationAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_PRESENTATION_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtendedNetworkAddress_SetPresentationAddress
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSPKIXPresentationAddress *presentationAddress
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXExtendedNetworkAddress_Equal
-(
- NSSPKIXExtendedNetworkAddress *ena1,
- NSSPKIXExtendedNetworkAddress *ena2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXExtendedNetworkAddress_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtendedNetworkAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtendedNetworkAddress *
-nssPKIXExtendedNetworkAddress_Duplicate
-(
- NSSPKIXExtendedNetworkAddress *ena,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXExtendedNetworkAddress_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXExtendedNetworkAddress
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXTENDED_NETWORK_ADDRESS
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtendedNetworkAddress_verifyPointer
-(
- NSSPKIXExtendedNetworkAddress *p
-);
-#endif /* DEBUG */
-
-/*
- * e163-4-address
- *
- * Helper structure for ExtendedNetworkAddress.
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * e163-4-address SEQUENCE {
- * number [0] NumericString (SIZE (1..ub-e163-4-number-length)),
- * sub-address [1] NumericString
- * (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
- *
- * The private calls for the type:
- *
- * nssPKIXe1634Address_Decode
- * nssPKIXe1634Address_Create
- * nssPKIXe1634Address_Destroy
- * nssPKIXe1634Address_Encode
- * nssPKIXe1634Address_GetNumber
- * nssPKIXe1634Address_SetNumber
- * nssPKIXe1634Address_HasSubAddress
- * nssPKIXe1634Address_GetSubAddress
- * nssPKIXe1634Address_SetSubAddress
- * nssPKIXe1634Address_RemoveSubAddress
- * nssPKIXe1634Address_Equal
- * nssPKIXe1634Address_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXe1634Address_verifyPointer
- *
- */
-
-/*
- * nssPKIXe1634Address_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXe1634Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXe1634Address *
-nssPKIXe1634Address_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXe1634Address_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXe1634Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXe1634Address *
-nssPKIXe1634Address_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *number,
- NSSUTF8 *subAddressOpt
-);
-
-/*
- * nssPKIXe1634Address_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXe1634Address_Destroy
-(
- NSSPKIXe1634Address *e
-);
-
-/*
- * nssPKIXe1634Address_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXe1634Address_Encode
-(
- NSSPKIXe1634Address *e,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXe1634Address_GetNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXe1634Address_GetNumber
-(
- NSSPKIXe1634Address *e,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXe1634Address_SetNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXe1634Address_SetNumber
-(
- NSSPKIXe1634Address *e,
- NSSUTF8 *number
-);
-
-/*
- * nssPKIXe1634Address_HasSubAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXe1634Address_HasSubAddress
-(
- NSSPKIXe1634Address *e,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXe1634Address_GetSubAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXe1634Address_GetSubAddress
-(
- NSSPKIXe1634Address *e,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXe1634Address_SetSubAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXe1634Address_SetSubAddress
-(
- NSSPKIXe1634Address *e,
- NSSUTF8 *subAddress
-);
-
-/*
- * nssPKIXe1634Address_RemoveSubAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXe1634Address_RemoveSubAddress
-(
- NSSPKIXe1634Address *e
-);
-
-/*
- * nssPKIXe1634Address_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXe1634Address_Equal
-(
- NSSPKIXe1634Address *e1,
- NSSPKIXe1634Address *e2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXe1634Address_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXe1634Address upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXe1634Address *
-nssPKIXe1634Address_Duplicate
-(
- NSSPKIXe1634Address *e,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXe1634Address_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXe1634Address
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_E163_4_ADDRESS
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXe1634Address_verifyPointer
-(
- NSSPKIXe1634Address *p
-);
-#endif /* DEBUG */
-
-/*
- * PresentationAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PresentationAddress ::= SEQUENCE {
- * pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
- * sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
- * tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
- * nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
- *
- * The private calls for the type:
- *
- * nssPKIXPresentationAddress_Decode
- * nssPKIXPresentationAddress_Create
- * nssPKIXPresentationAddress_Destroy
- * nssPKIXPresentationAddress_Encode
- * nssPKIXPresentationAddress_HasPSelector
- * nssPKIXPresentationAddress_GetPSelector
- * nssPKIXPresentationAddress_SetPSelector
- * nssPKIXPresentationAddress_RemovePSelector
- * nssPKIXPresentationAddress_HasSSelector
- * nssPKIXPresentationAddress_GetSSelector
- * nssPKIXPresentationAddress_SetSSelector
- * nssPKIXPresentationAddress_RemoveSSelector
- * nssPKIXPresentationAddress_HasTSelector
- * nssPKIXPresentationAddress_GetTSelector
- * nssPKIXPresentationAddress_SetTSelector
- * nssPKIXPresentationAddress_RemoveTSelector
- * nssPKIXPresentationAddress_HasNAddresses
- * nssPKIXPresentationAddress_GetNAddresses
- * nssPKIXPresentationAddress_SetNAddresses
- * nssPKIXPresentationAddress_RemoveNAddresses
- *{NAddresses must be more complex than that}
- * nssPKIXPresentationAddress_Compare
- * nssPKIXPresentationAddress_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * _verifyPointer
- *
- */
-
-/*
- * TeletexDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
- * (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
- *
- * The private calls for the type:
- *
- * nssPKIXTeletexDomainDefinedAttributes_Decode
- * nssPKIXTeletexDomainDefinedAttributes_Create
- * nssPKIXTeletexDomainDefinedAttributes_Destroy
- * nssPKIXTeletexDomainDefinedAttributes_Encode
- * nssPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributeCount
- * nssPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributes
- * nssPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttributes
- * nssPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttribute
- * nssPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttribute
- * nssPKIXTeletexDomainDefinedAttributes_InsertTeletexDomainDefinedAttribute
- * nssPKIXTeletexDomainDefinedAttributes_AppendTeletexDomainDefinedAttribute
- * nssPKIXTeletexDomainDefinedAttributes_RemoveTeletexDomainDefinedAttribute
- * nssPKIXTeletexDomainDefinedAttributes_FindTeletexDomainDefinedAttribute
- * nssPKIXTeletexDomainDefinedAttributes_Equal
- * nssPKIXTeletexDomainDefinedAttributes_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXTeletexDomainDefinedAttributes_verifyPointer
- *
- */
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttributes *
-nssPKIXTeletexDomainDefinedAttributes_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttributes *
-nssPKIXTeletexDomainDefinedAttributes_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXTeletexDomainDefinedAttribute *tdda1,
- ...
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexDomainDefinedAttributes_Destroy
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXTeletexDomainDefinedAttributes_Encode
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributeCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributeCount
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXTeletexDomainDefinedAttribute
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute **
-nssPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttributes
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSPKIXTeletexDomainDefinedAttribute *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttributes
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSPKIXTeletexDomainDefinedAttribute *tdda[],
- PRInt32 count
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttribute upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute *
-nssPKIXTeletexDomainDefinedAttributes_GetTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexDomainDefinedAttributes_SetTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- PRInt32 i,
- NSSPKIXTeletexDomainDefinedAttribute *tdda
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_InsertTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexDomainDefinedAttributes_InsertTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- PRInt32 i,
- NSSPKIXTeletexDomainDefinedAttribute *tdda
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_AppendTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexDomainDefinedAttributes_AppendTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSPKIXTeletexDomainDefinedAttribute *tdda
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_RemoveTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexDomainDefinedAttributes_RemoveTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- PRInt32 i
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_FindTeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * The nonnegative integer upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRInt32
-nssPKIXTeletexDomainDefinedAttributes_FindTeletexDomainDefinedAttribute
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSPKIXTeletexDomainDefinedAttribute *tdda
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXTeletexDomainDefinedAttributes_Equal
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas1,
- NSSPKIXTeletexDomainDefinedAttributes *tddas2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttributes_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttributes
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttributes *
-nssPKIXTeletexDomainDefinedAttributes_Duplicate
-(
- NSSPKIXTeletexDomainDefinedAttributes *tddas,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXTeletexDomainDefinedAttributes_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXTeletexDomainDefinedAttributes
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexDomainDefinedAttributes_verifyPointer
-(
- NSSPKIXTeletexDomainDefinedAttributes *p
-);
-#endif /* DEBUG */
-
-/*
- * TeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexDomainDefinedAttribute ::= SEQUENCE {
- * type TeletexString
- * (SIZE (1..ub-domain-defined-attribute-type-length)),
- * value TeletexString
- * (SIZE (1..ub-domain-defined-attribute-value-length)) }
- *
- * The private calls for the type:
- *
- * nssPKIXTeletexDomainDefinedAttribute_Decode
- * nssPKIXTeletexDomainDefinedAttribute_CreateFromUTF8
- * nssPKIXTeletexDomainDefinedAttribute_Create
- * nssPKIXTeletexDomainDefinedAttribute_Destroy
- * nssPKIXTeletexDomainDefinedAttribute_Encode
- * nssPKIXTeletexDomainDefinedAttribute_GetUTF8Encoding
- * nssPKIXTeletexDomainDefinedAttribute_GetType
- * nssPKIXTeletexDomainDefinedAttribute_SetType
- * nssPKIXTeletexDomainDefinedAttribute_GetValue
- * nssPKIXTeletexDomainDefinedAttribute_GetValue
- * nssPKIXTeletexDomainDefinedAttribute_Equal
- * nssPKIXTeletexDomainDefinedAttribute_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXTeletexDomainDefinedAttribute_verifyPointer
- *
- */
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute *
-nssPKIXTeletexDomainDefinedAttribute_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute *
-nssPKIXTeletexDomainDefinedAttribute_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute *
-nssPKIXTeletexDomainDefinedAttribute_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *type,
- NSSUTF8 *value
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexDomainDefinedAttribute_Destroy
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXTeletexDomainDefinedAttribute_Encode
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXTeletexDomainDefinedAttribute_GetUTF8Encoding
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_GetType
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXTeletexDomainDefinedAttribute_GetType
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_SetType
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexDomainDefinedAttribute_SetType
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSUTF8 *type
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_GetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXTeletexDomainDefinedAttribute_GetValue
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_SetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexDomainDefinedAttribute_SetValue
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSUTF8 *value
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXTeletexDomainDefinedAttribute_Equal
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda1,
- NSSPKIXTeletexDomainDefinedAttribute *tdda2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXTeletexDomainDefinedAttribute_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTeletexDomainDefinedAttribute
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXTeletexDomainDefinedAttribute *
-nssPKIXTeletexDomainDefinedAttribute_Duplicate
-(
- NSSPKIXTeletexDomainDefinedAttribute *tdda,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXTeletexDomainDefinedAttribute_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXTeletexDomainDefinedAttribute
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_TELETEX_DOMAIN_DEFINED_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXTeletexDomainDefinedAttribute_verifyPointer
-(
- NSSPKIXTeletexDomainDefinedAttribute *p
-);
-#endif /* DEBUG */
-
-/*
- * AuthorityKeyIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AuthorityKeyIdentifier ::= SEQUENCE {
- * keyIdentifier [0] KeyIdentifier OPTIONAL,
- * authorityCertIssuer [1] GeneralNames OPTIONAL,
- * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
- * -- authorityCertIssuer and authorityCertSerialNumber shall both
- * -- be present or both be absent
- *
- * The private calls for the type:
- *
- * nssPKIXAuthorityKeyIdentifier_Decode
- * nssPKIXAuthorityKeyIdentifier_Create
- * nssPKIXAuthorityKeyIdentifier_Destroy
- * nssPKIXAuthorityKeyIdentifier_Encode
- * nssPKIXAuthorityKeyIdentifier_HasKeyIdentifier
- * nssPKIXAuthorityKeyIdentifier_GetKeyIdentifier
- * nssPKIXAuthorityKeyIdentifier_SetKeyIdentifier
- * nssPKIXAuthorityKeyIdentifier_RemoveKeyIdentifier
- * nssPKIXAuthorityKeyIdentifier_HasAuthorityCertIssuerAndSerialNumber
- * nssPKIXAuthorityKeyIdentifier_RemoveAuthorityCertIssuerAndSerialNumber
- * nssPKIXAuthorityKeyIdentifier_GetAuthorityCertIssuer
- * nssPKIXAuthorityKeyIdentifier_GetAuthorityCertSerialNumber
- * nssPKIXAuthorityKeyIdentifier_SetAuthorityCertIssuerAndSerialNumber
- * nssPKIXAuthorityKeyIdentifier_Equal
- * nssPKIXAuthorityKeyIdentifier_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXAuthorityKeyIdentifier_verifyPointer
- *
- */
-
-/*
- * nssPKIXAuthorityKeyIdentifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityKeyIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityKeyIdentifier *
-nssPKIXAuthorityKeyIdentifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_ARGUMENTS
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityKeyIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityKeyIdentifier *
-nssPKIXAuthorityKeyIdentifier_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXKeyIdentifier *keyIdentifierOpt,
- NSSPKIXGeneralNames *authorityCertIssuerOpt,
- NSSPKIXCertificateSerialNumber *authorityCertSerialNumberOpt
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityKeyIdentifier_Destroy
-(
- NSSPKIXAuthorityKeyIdentifier *aki
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXAuthorityKeyIdentifier_Encode
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_HasKeyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXAuthorityKeyIdentifier_HasKeyIdentifier
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_GetKeyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_KEY_IDENTIFIER
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyIdentifier *
-nssPKIXAuthorityKeyIdentifier_GetKeyIdentifier
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSPKIXKeyIdentifier *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_SetKeyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityKeyIdentifier_SetKeyIdentifier
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSPKIXKeyIdentifier *keyIdentifier
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_RemoveKeyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_HAS_NO_KEY_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityKeyIdentifier_RemoveKeyIdentifier
-(
- NSSPKIXAuthorityKeyIdentifier *aki
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_HasAuthorityCertIssuerAndSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- *
- * Return value:
- * PR_TRUE if it has them
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXAuthorityKeyIdentifier_HasAuthorityCertIssuerAndSerialNumber
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_RemoveAuthorityCertIssuerAndSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_HAS_NO_AUTHORITY_CERT_ISSUER_AND_SERIAL_NUMBER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityKeyIdentifier_RemoveAuthorityCertIssuerAndSerialNumber
-(
- NSSPKIXAuthorityKeyIdentifier *aki
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_GetAuthorityCertIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_AUTHORITY_CERT_ISSUER_AND_SERIAL_NUMBER
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNames *
-nssPKIXAuthorityKeyIdentifier_GetAuthorityCertIssuer
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_GetAuthorityCertSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_AUTHORITY_CERT_ISSUER_AND_SERIAL_NUMBER
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificateSerialNumber upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificateSerialNumber *
-nssPKIXAuthorityKeyIdentifier_GetAuthorityCertSerialNumber
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSPKIXCertificateSerialNumber *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_SetAuthorityCertIssuerAndSerialNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityKeyIdentifier_SetAuthorityCertIssuerAndSerialNumber
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSPKIXGeneralNames *issuer,
- NSSPKIXCertificateSerialNumber *serialNumber
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXAuthorityKeyIdentifier_Equal
-(
- NSSPKIXAuthorityKeyIdentifier *aki1,
- NSSPKIXAuthorityKeyIdentifier *aki2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXAuthorityKeyIdentifier_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityKeyIdentifier upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityKeyIdentifier *
-nssPKIXAuthorityKeyIdentifier_Duplicate
-(
- NSSPKIXAuthorityKeyIdentifier *aki,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXAuthorityKeyIdentifier_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXAuthorityKeyIdentifier
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_KEY_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityKeyIdentifier_verifyPointer
-(
- NSSPKIXAuthorityKeyIdentifier *p
-);
-#endif /* DEBUG */
-
-/*
- * KeyUsage
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * KeyUsage ::= BIT STRING {
- * digitalSignature (0),
- * nonRepudiation (1),
- * keyEncipherment (2),
- * dataEncipherment (3),
- * keyAgreement (4),
- * keyCertSign (5),
- * cRLSign (6),
- * encipherOnly (7),
- * decipherOnly (8) }
- *
- * The private calls for the type:
- *
- * nssPKIXKeyUsage_Decode
- * nssPKIXKeyUsage_CreateFromUTF8
- * nssPKIXKeyUsage_CreateFromValue
- * nssPKIXKeyUsage_Destroy
- * nssPKIXKeyUsage_Encode
- * nssPKIXKeyUsage_GetUTF8Encoding
- * nssPKIXKeyUsage_GetValue
- * nssPKIXKeyUsage_SetValue
- * { bitwise accessors? }
- * nssPKIXKeyUsage_Equal
- * nssPKIXKeyUsage_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXKeyUsage_verifyPointer
- *
- */
-
-/*
- * nssPKIXKeyUsage_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyUsage upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyUsage *
-nssPKIXKeyUsage_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXKeyUsage_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyUsage upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyUsage *
-nssPKIXKeyUsage_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXKeyUsage_CreateFromValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE_VALUE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyUsage upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyUsage *
-nssPKIXKeyUsage_CreateFromValue
-(
- NSSArena *arenaOpt,
- NSSPKIXKeyUsageValue value
-);
-
-/*
- * nssPKIXKeyUsage_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXKeyUsage_Destroy
-(
- NSSPKIXKeyUsage *keyUsage
-);
-
-/*
- * nssPKIXKeyUsage_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXKeyUsage_Encode
-(
- NSSPKIXKeyUsage *keyUsage,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXKeyUsage_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXKeyUsage_GetUTF8Encoding
-(
- NSSPKIXKeyUsage *keyUsage,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXKeyUsage_GetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- *
- * Return value:
- * A set of NSSKeyUsageValue values OR-d together upon success
- * NSSKeyUsage_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSKeyUsageValue
-nssPKIXKeyUsage_GetValue
-(
- NSSPKIXKeyUsage *keyUsage
-);
-
-/*
- * nssPKIXKeyUsage_SetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXKeyUsage_SetValue
-(
- NSSPKIXKeyUsage *keyUsage,
- NSSPKIXKeyUsageValue value
-);
-
-/*
- * nssPKIXKeyUsage_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXKeyUsage_Equal
-(
- NSSPKIXKeyUsage *keyUsage1,
- NSSPKIXKeyUsage *keyUsage2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXKeyUsage_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyUsage upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyUsage *
-nssPKIXKeyUsage_Duplicate
-(
- NSSPKIXKeyUsage *keyUsage,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXKeyUsage_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXKeyUsage
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_KEY_USAGE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXKeyUsage_verifyPointer
-(
- NSSPKIXKeyUsage *p
-);
-#endif /* DEBUG */
-
-/*
- * PrivateKeyUsagePeriod
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PrivateKeyUsagePeriod ::= SEQUENCE {
- * notBefore [0] GeneralizedTime OPTIONAL,
- * notAfter [1] GeneralizedTime OPTIONAL }
- * -- either notBefore or notAfter shall be present
- *
- * The private calls for the type:
- *
- * nssPKIXPrivateKeyUsagePeriod_Decode
- * nssPKIXPrivateKeyUsagePeriod_Create
- * nssPKIXPrivateKeyUsagePeriod_Destroy
- * nssPKIXPrivateKeyUsagePeriod_Encode
- * nssPKIXPrivateKeyUsagePeriod_HasNotBefore
- * nssPKIXPrivateKeyUsagePeriod_GetNotBefore
- * nssPKIXPrivateKeyUsagePeriod_SetNotBefore
- * nssPKIXPrivateKeyUsagePeriod_RemoveNotBefore
- * nssPKIXPrivateKeyUsagePeriod_HasNotAfter
- * nssPKIXPrivateKeyUsagePeriod_GetNotAfter
- * nssPKIXPrivateKeyUsagePeriod_SetNotAfter
- * nssPKIXPrivateKeyUsagePeriod_RemoveNotAfter
- * nssPKIXPrivateKeyUsagePeriod_Equal
- * nssPKIXPrivateKeyUsagePeriod_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXPrivateKeyUsagePeriod_verifyPointer
- *
- */
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateKeyUsagePeriod upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateKeyUsagePeriod *
-nssPKIXPrivateKeyUsagePeriod_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_TIME
- * NSS_ERROR_INVALID_ARGUMENTS
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateKeyUsagePeriod upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateKeyUsagePeriod *
-nssPKIXPrivateKeyUsagePeriod_Create
-(
- NSSArena *arenaOpt,
- NSSTime *notBeforeOpt,
- NSSTime *notAfterOpt
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPrivateKeyUsagePeriod_Destroy
-(
- NSSPKIXPrivateKeyUsagePeriod *period
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_DATA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPrivateKeyUsagePeriod_Encode
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_HasNotBefore
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXPrivateKeyUsagePeriod_HasNotBefore
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_GetNotBefore
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_NOT_BEFORE
- *
- * Return value:
- * NSSTime {fgmr!}
- * NULL upon failure
- */
-
-NSS_EXTERN NSSTime *
-nssPKIXPrivateKeyUsagePeriod_GetNotBefore
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_SetNotBefore
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_INVALID_TIME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPrivateKeyUsagePeriod_SetNotBefore
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSTime *notBefore
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_RemoveNotBefore
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_HAS_NO_NOT_BEFORE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPrivateKeyUsagePeriod_RemoveNotBefore
-(
- NSSPKIXPrivateKeyUsagePeriod *period
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_HasNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXPrivateKeyUsagePeriod_HasNotAfter
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_GetNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_NOT_AFTER
- *
- * Return value:
- * NSSTime {fgmr!}
- * NULL upon failure
- */
-
-NSS_EXTERN NSSTime *
-nssPKIXPrivateKeyUsagePeriod_GetNotAfter
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_SetNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_INVALID_TIME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPrivateKeyUsagePeriod_SetNotAfter
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSTime *notAfter
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_RemoveNotAfter
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_HAS_NO_NOT_AFTER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPrivateKeyUsagePeriod_RemoveNotAfter
-(
- NSSPKIXPrivateKeyUsagePeriod *period
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXPrivateKeyUsagePeriod_Equal
-(
- NSSPKIXPrivateKeyUsagePeriod *period1,
- NSSPKIXPrivateKeyUsagePeriod *period2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPrivateKeyUsagePeriod_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPrivateKeyUsagePeriod upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPrivateKeyUsagePeriod *
-nssPKIXPrivateKeyUsagePeriod_Duplicate
-(
- NSSPKIXPrivateKeyUsagePeriod *period,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXPrivateKeyUsagePeriod_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXPrivateKeyUsagePeriod
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_PRIVATE_KEY_USAGE_PERIOD
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPrivateKeyUsagePeriod_verifyPointer
-(
- NSSPKIXPrivateKeyUsagePeriod *p
-);
-#endif /* DEBUG */
-
-/*
- * CertificatePolicies
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
- *
- * The private calls for the type:
- *
- * nssPKIXCertificatePolicies_Decode
- * nssPKIXCertificatePolicies_Create
- * nssPKIXCertificatePolicies_Destroy
- * nssPKIXCertificatePolicies_Encode
- * nssPKIXCertificatePolicies_GetPolicyInformationCount
- * nssPKIXCertificatePolicies_GetPolicyInformations
- * nssPKIXCertificatePolicies_SetPolicyInformations
- * nssPKIXCertificatePolicies_GetPolicyInformation
- * nssPKIXCertificatePolicies_SetPolicyInformation
- * nssPKIXCertificatePolicies_InsertPolicyInformation
- * nssPKIXCertificatePolicies_AppendPolicyInformation
- * nssPKIXCertificatePolicies_RemovePolicyInformation
- * nssPKIXCertificatePolicies_FindPolicyInformation
- * nssPKIXCertificatePolicies_Equal
- * nssPKIXCertificatePolicies_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXCertificatePolicies_verifyPointer
- *
- */
-
-/*
- * nssPKIXCertificatePolicies_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificatePolicies upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificatePolicies *
-nssPKIXCertificatePolicies_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXCertificatePolicies_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificatePolicies upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificatePolicies *
-nssPKIXCertificatePolicies_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXPolicyInformation *pi1,
- ...
-);
-
-/*
- * nssPKIXCertificatePolicies_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificatePolicies_Destroy
-(
- NSSPKIXCertificatePolicies *cp
-);
-
-/*
- * nssPKIXCertificatePolicies_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXCertificatePolicies_Encode
-(
- NSSPKIXCertificatePolicies *cp,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCertificatePolicies_GetPolicyInformationCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXCertificatePolicies_GetPolicyInformationCount
-(
- NSSPKIXCertificatePolicies *cp
-);
-
-/*
- * nssPKIXCertificatePolicies_GetPolicyInformations
- *
- * We regret the function name.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXPolicyInformation pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyInformation **
-nssPKIXCertificatePolicies_GetPolicyInformations
-(
- NSSPKIXCertificatePolicies *cp,
- NSSPKIXPolicyInformation *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCertificatePolicies_SetPolicyInformations
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificatePolicies_SetPolicyInformations
-(
- NSSPKIXCertificatePolicies *cp,
- NSSPKIXPolicyInformation *pi[],
- PRInt32 count
-);
-
-/*
- * nssPKIXCertificatePolicies_GetPolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyInformation upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyInformation *
-nssPKIXCertificatePolicies_GetPolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCertificatePolicies_SetPolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificatePolicies_SetPolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- PRInt32 i,
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * nssPKIXCertificatePolicies_InsertPolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificatePolicies_InsertPolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- PRInt32 i,
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * nssPKIXCertificatePolicies_AppendPolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificatePolicies_AppendPolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * nssPKIXCertificatePolicies_RemovePolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificatePolicies_RemovePolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- PRInt32 i
-);
-
-/*
- * nssPKIXCertificatePolicies_FindPolicyInformation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- *
- * Return value:
- * The nonnegative integer upon success
- * -1 upon failure
- */
-
-NSS_EXTERN PRInt32
-nssPKIXCertificatePolicies_FindPolicyInformation
-(
- NSSPKIXCertificatePolicies *cp,
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * nssPKIXCertificatePolicies_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXCertificatePolicies_Equal
-(
- NSSPKIXCertificatePolicies *cp1,
- NSSPKIXCertificatePolicies *cp2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXCertificatePolicies_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertificatePolicies upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertificatePolicies *
-nssPKIXCertificatePolicies_Duplicate
-(
- NSSPKIXCertificatePolicies *cp,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXCertificatePolicies_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXCertificatePolicies
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CERTIFICATE_POLICIES
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCertificatePolicies_verifyPointer
-(
- NSSPKIXCertificatePolicies *p
-);
-#endif /* DEBUG */
-
-/*
- * PolicyInformation
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * policyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- * The private calls for the type:
- *
- * nssPKIXPolicyInformation_Decode
- * nssPKIXPolicyInformation_Create
- * nssPKIXPolicyInformation_Destroy
- * nssPKIXPolicyInformation_Encode
- * nssPKIXPolicyInformation_GetPolicyIdentifier
- * nssPKIXPolicyInformation_SetPolicyIdentifier
- * nssPKIXPolicyInformation_GetPolicyQualifierCount
- * nssPKIXPolicyInformation_GetPolicyQualifiers
- * nssPKIXPolicyInformation_SetPolicyQualifiers
- * nssPKIXPolicyInformation_GetPolicyQualifier
- * nssPKIXPolicyInformation_SetPolicyQualifier
- * nssPKIXPolicyInformation_InsertPolicyQualifier
- * nssPKIXPolicyInformation_AppendPolicyQualifier
- * nssPKIXPolicyInformation_RemovePolicyQualifier
- * nssPKIXPolicyInformation_Equal
- * nssPKIXPolicyInformation_Duplicate
- * { and accessors by specific policy qualifier ID }
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXPolicyInformation_verifyPointer
- *
- */
-
-/*
- * nssPKIXPolicyInformation_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyInformation upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyInformation *
-nssPKIXPolicyInformation_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPolicyInformation_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyInformation upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyInformation *
-nssPKIXPolicyInformation_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXCertPolicyId *id,
- NSSPKIXPolicyQualifierInfo *pqi1,
- ...
-);
-
-/*
- * nssPKIXPolicyInformation_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyInformation_Destroy
-(
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * nssPKIXPolicyInformation_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPolicyInformation_Encode
-(
- NSSPKIXPolicyInformation *pi,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPolicyInformation_GetPolicyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid OID upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertPolicyId *
-nssPKIXPolicyInformation_GetPolicyIdentifier
-(
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * nssPKIXPolicyInformation_SetPolicyIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyInformation_SetPolicyIdentifier
-(
- NSSPKIXPolicyInformation *pi,
- NSSPKIXCertPolicyIdentifier *cpi
-);
-
-/*
- * nssPKIXPolicyInformation_GetPolicyQualifierCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXPolicyInformation_GetPolicyQualifierCount
-(
- NSSPKIXPolicyInformation *pi
-);
-
-/*
- * nssPKIXPolicyInformation_GetPolicyQualifiers
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXPolicyQualifierInfo pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierInfo **
-nssPKIXPolicyInformation_GetPolicyQualifiers
-(
- NSSPKIXPolicyInformation *pi,
- NSSPKIXPolicyQualifierInfo *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPolicyInformation_SetPolicyQualifiers
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyInformation_SetPolicyQualifiers
-(
- NSSPKIXPolicyInformation *pi,
- NSSPKIXPolicyQualifierInfo *pqi[],
- PRInt32 count
-);
-
-/*
- * nssPKIXPolicyInformation_GetPolicyQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyQualifierInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierInfo *
-nssPKIXPolicyInformation_GetPolicyQualifier
-(
- NSSPKIXPolicyInformation *pi,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPolicyInformation_SetPolicyQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyInformation_SetPolicyQualifier
-(
- NSSPKIXPolicyInformation *pi,
- PRInt32 i,
- NSSPKIXPolicyQualifierInfo *pqi
-);
-
-/*
- * nssPKIXPolicyInformation_InsertPolicyQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyInformation_InsertPolicyQualifier
-(
- NSSPKIXPolicyInformation *pi,
- PRInt32 i,
- NSSPKIXPolicyQualifierInfo *pqi
-);
-
-/*
- * nssPKIXPolicyInformation_AppendPolicyQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyInformation_AppendPolicyQualifier
-(
- NSSPKIXPolicyInformation *pi,
- PRInt32 i,
- NSSPKIXPolicyQualifierInfo *pqi
-);
-
-/*
- * nssPKIXPolicyInformation_RemovePolicyQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyInformation_RemovePolicyQualifier
-(
- NSSPKIXPolicyInformation *pi,
- PRInt32 i
-);
-
-/*
- * nssPKIXPolicyInformation_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXPolicyInformation_Equal
-(
- NSSPKIXPolicyInformation *pi1,
- NSSPKIXPolicyInformation *pi2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPolicyInformation_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyInformation upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyInformation *
-nssPKIXPolicyInformation_Duplicate
-(
- NSSPKIXPolicyInformation *pi,
- NSSArena *arenaOpt
-);
-
-/*
- * { and accessors by specific policy qualifier ID }
- *
- */
-
-#ifdef DEBUG
-/*
- * nssPKIXPolicyInformation_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXPolicyInformation
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_INFORMATION
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyInformation_verifyPointer
-(
- NSSPKIXPolicyInformation *p
-);
-#endif /* DEBUG */
-
-/*
- * PolicyQualifierInfo
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- * The private calls for the type:
- *
- * nssPKIXPolicyQualifierInfo_Decode
- * nssPKIXPolicyQualifierInfo_Create
- * nssPKIXPolicyQualifierInfo_Destroy
- * nssPKIXPolicyQualifierInfo_Encode
- * nssPKIXPolicyQualifierInfo_GetPolicyQualifierID
- * nssPKIXPolicyQualifierInfo_SetPolicyQualifierID
- * nssPKIXPolicyQualifierInfo_GetQualifier
- * nssPKIXPolicyQualifierInfo_SetQualifier
- * nssPKIXPolicyQualifierInfo_Equal
- * nssPKIXPolicyQualifierInfo_Duplicate
- * { and accessors by specific qualifier id/type }
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXPolicyQualifierInfo_verifyPointer
- *
- */
-
-/*
- * nssPKIXPolicyQualifierInfo_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyQualifierInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierInfo *
-nssPKIXPolicyQualifierInfo_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPolicyQualifierInfo_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_ID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyQualifierInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierInfo *
-nssPKIXPolicyQualifierInfo_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXPolicyQualifierId *policyQualifierId,
- NSSItem *qualifier
-);
-
-/*
- * nssPKIXPolicyQualifierInfo_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyQualifierInfo_Destroy
-(
- NSSPKIXPolicyQualifierInfo *pqi
-);
-
-/*
- * nssPKIXPolicyQualifierInfo_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPolicyQualifierInfo_Encode
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPolicyQualifierInfo_GetPolicyQualifierId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyQualifierId (an NSSOID) upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierId *
-nssPKIXPolicyQualifierInfo_GetPolicyQualifierId
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPolicyQualifierInfo_SetPolicyQualifierId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_ID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyQualifierInfo_SetPolicyQualifierId
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSPKIXPolicyQualifierId *pqid
-);
-
-/*
- * nssPKIXPolicyQualifierInfo_GetQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-nssPKIXPolicyQualifierInfo_GetQualifier
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPolicyQualifierInfo_SetQualifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyQualifierInfo_SetQualifier
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSItem *qualifier
-);
-
-/*
- * nssPKIXPolicyQualifierInfo_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXPolicyQualifierInfo_Equal
-(
- NSSPKIXPolicyQualifierInfo *pqi1,
- NSSPKIXPolicyQualifierInfo *pqi2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPolicyQualifierInfo_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyQualifierInfo upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyQualifierInfo *
-nssPKIXPolicyQualifierInfo_Duplicate
-(
- NSSPKIXPolicyQualifierInfo *pqi,
- NSSArena *arenaOpt
-);
-
-/*
- * { and accessors by specific qualifier id/type }
- *
- */
-#ifdef DEBUG
-/*
- * nssPKIXPolicyQualifierInfo_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXPolicyQualifierInfo
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_QUALIFIER_INFO
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyQualifierInfo_verifyPointer
-(
- NSSPKIXPolicyQualifierInfo *p
-);
-#endif /* DEBUG */
-
-/*
- * CPSuri
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CPSuri ::= IA5String
- *
- * The private calls for this type:
- *
- * nssPKIXCPSuri_Decode
- * nssPKIXCPSuri_CreateFromUTF8
- * nssPKIXCPSuri_Encode
- *
- */
-
-/*
- * nssPKIXCPSuri_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCPSuri upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCPSuri *
-nssPKIXCPSuri_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXCPSuri_CreateFromUTF8
- *
- * { basically just enforces the length and charset limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCPSuri upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCPSuri *
-nssPKIXCPSuri_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXCPSuri_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CPS_URI
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXCPSuri_Encode
-(
- NSSPKIXCPSuri *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * UserNotice
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * UserNotice ::= SEQUENCE {
- * noticeRef NoticeReference OPTIONAL,
- * explicitText DisplayText OPTIONAL}
- *
- * The private calls for this type:
- *
- * nssPKIXUserNotice_Decode
- * nssPKIXUserNotice_Create
- * nssPKIXUserNotice_Destroy
- * nssPKIXUserNotice_Encode
- * nssPKIXUserNotice_HasNoticeRef
- * nssPKIXUserNotice_GetNoticeRef
- * nssPKIXUserNotice_SetNoticeRef
- * nssPKIXUserNotice_RemoveNoticeRef
- * nssPKIXUserNotice_HasExplicitText
- * nssPKIXUserNotice_GetExplicitText
- * nssPKIXUserNotice_SetExplicitText
- * nssPKIXUserNotice_RemoveExplicitText
- * nssPKIXUserNotice_Equal
- * nssPKIXUserNotice_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXUserNotice_verifyPointer
- *
- */
-
-
-/*
- * nssPKIXUserNotice_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXUserNotice upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXUserNotice *
-nssPKIXUserNotice_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXUserNotice_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_INVALID_PKIX_DISPLAY_TEXT
- *
- * Return value:
- * A valid pointer to an NSSPKIXUserNotice upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXUserNotice *
-nssPKIXUserNotice_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXNoticeReference *noticeRef,
- NSSPKIXDisplayText *explicitText
-);
-
-/*
- * nssPKIXUserNotice_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXUserNotice_Destroy
-(
- NSSPKIXUserNotice *userNotice
-);
-
-/*
- * nssPKIXUserNotice_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXUserNotice_Encode
-(
- NSSPKIXUserNotice *userNotice,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXUserNotice_HasNoticeRef
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXUserNotice_HasNoticeRef
-(
- NSSPKIXUserNotice *userNotice,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXUserNotice_GetNoticeRef
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_NOTICE_REF
- *
- * Return value:
- * A valid pointer to an NSSPKIXNoticeReference upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNoticeReference *
-nssPKIXUserNotice_GetNoticeRef
-(
- NSSPKIXUserNotice *userNotice,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXUserNotice_SetNoticeRef
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXUserNotice_SetNoticeRef
-(
- NSSPKIXUserNotice *userNotice,
- NSSPKIXNoticeReference *noticeRef
-);
-
-/*
- * nssPKIXUserNotice_RemoveNoticeRef
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_HAS_NO_NOTICE_REF
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXUserNotice_RemoveNoticeRef
-(
- NSSPKIXUserNotice *userNotice
-);
-
-/*
- * nssPKIXUserNotice_HasExplicitText
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- *
- * Return value:
- * PR_TRUE if it has some
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXUserNotice_HasExplicitText
-(
- NSSPKIXUserNotice *userNotice,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXUserNotice_GetExplicitText
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_EXPLICIT_TEXT
- *
- * Return value:
- * A valid pointer to an NSSPKIXDisplayText string upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDisplayText *
-nssPKIXUserNotice_GetExplicitText
-(
- NSSPKIXUserNotice *userNotice,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXUserNotice_SetExplicitText
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_INVALID_PKIX_DISPLAY_TEXT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXUserNotice_SetExplicitText
-(
- NSSPKIXUserNotice *userNotice,
- NSSPKIXDisplayText *explicitText
-);
-
-/*
- * nssPKIXUserNotice_RemoveExplicitText
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_HAS_NO_EXPLICIT_TEXT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXUserNotice_RemoveExplicitText
-(
- NSSPKIXUserNotice *userNotice
-);
-
-/*
- * nssPKIXUserNotice_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXUserNotice_Equal
-(
- NSSPKIXUserNotice *userNotice1,
- NSSPKIXUserNotice *userNotice2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXUserNotice_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXUserNotice upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXUserNotice *
-nssPKIXUserNotice_Duplicate
-(
- NSSPKIXUserNotice *userNotice,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXUserNotice_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXUserNotice
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_USER_NOTICE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXUserNotice_verifyPointer
-(
- NSSPKIXUserNotice *p
-);
-#endif /* DEBUG */
-
-/*
- * NoticeReference
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NoticeReference ::= SEQUENCE {
- * organization DisplayText,
- * noticeNumbers SEQUENCE OF INTEGER }
- *
- * The private calls for this type:
- *
- * nssPKIXNoticeReference_Decode
- * nssPKIXNoticeReference_Create
- * nssPKIXNoticeReference_Destroy
- * nssPKIXNoticeReference_Encode
- * nssPKIXNoticeReference_GetOrganization
- * nssPKIXNoticeReference_SetOrganization
- * nssPKIXNoticeReference_GetNoticeNumberCount
- * nssPKIXNoticeReference_GetNoticeNumbers
- * nssPKIXNoticeReference_SetNoticeNumbers
- * nssPKIXNoticeReference_GetNoticeNumber
- * nssPKIXNoticeReference_SetNoticeNumber
- * nssPKIXNoticeReference_InsertNoticeNumber
- * nssPKIXNoticeReference_AppendNoticeNumber
- * nssPKIXNoticeReference_RemoveNoticeNumber
- * { maybe number-exists-p gettor? }
- * nssPKIXNoticeReference_Equal
- * nssPKIXNoticeReference_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXNoticeReference_verifyPointer
- *
- */
-
-/*
- * nssPKIXNoticeReference_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNoticeReference upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNoticeReference *
-nssPKIXNoticeReference_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXNoticeReference_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_DISPLAY_TEXT
- *
- * Return value:
- * A valid pointer to an NSSPKIXNoticeReference upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNoticeReference *
-nssPKIXNoticeReference_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXDisplayText *organization,
- PRUint32 noticeCount,
- PRInt32 noticeNumber1,
- ...
-);
-
-/*
- * { fgmr -- or should the call that takes PRInt32 be _CreateFromValues,
- * and the _Create call take NSSBER integers? }
- */
-
-/*
- * nssPKIXNoticeReference_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNoticeReference_Destroy
-(
- NSSPKIXNoticeReference *nr
-);
-
-/*
- * nssPKIXNoticeReference_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXNoticeReference_Encode
-(
- NSSPKIXNoticeReference *nr,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXNoticeReference_GetOrganization
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXDisplayText string upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDisplayText *
-nssPKIXNoticeReference_GetOrganization
-(
- NSSPKIXNoticeReference *nr,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXNoticeReference_SetOrganization
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_INVALID_PKIX_DISPLAY_TEXT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNoticeReference_SetOrganization
-(
- NSSPKIXNoticeReference *nr,
- NSSPKIXDisplayText *organization
-);
-
-/*
- * nssPKIXNoticeReference_GetNoticeNumberCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXNoticeReference_GetNoticeNumberCount
-(
- NSSPKIXNoticeReference *nr
-);
-
-/*
- * nssPKIXNoticeReference_GetNoticeNumbers
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of PRInt32 values upon success
- * NULL upon failure
- */
-
-NSS_EXTERN PRInt32 *
-nssPKIXNoticeReference_GetNoticeNumbers
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXNoticeReference_SetNoticeNumbers
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNoticeReference_SetNoticeNumbers
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 noticeNumbers[],
- PRInt32 count
-);
-
-/*
- * nssPKIXNoticeReference_GetNoticeNumber
- *
- * -- fgmr comments --
- * Because there is no natural "invalid" notice number value, we must
- * pass the number by reference, and return an explicit status value.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNoticeReference_GetNoticeNumber
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 i,
- PRInt32 *noticeNumberP
-);
-
-/*
- * nssPKIXNoticeReference_SetNoticeNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNoticeReference_SetNoticeNumber
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 i,
- PRInt32 noticeNumber
-);
-
-/*
- * nssPKIXNoticeReference_InsertNoticeNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNoticeReference_InsertNoticeNumber
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 i,
- PRInt32 noticeNumber
-);
-
-/*
- * nssPKIXNoticeReference_AppendNoticeNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNoticeReference_AppendNoticeNumber
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 noticeNumber
-);
-
-/*
- * nssPKIXNoticeReference_RemoveNoticeNumber
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNoticeReference_RemoveNoticeNumber
-(
- NSSPKIXNoticeReference *nr,
- PRInt32 i
-);
-
-/*
- * { maybe number-exists-p gettor? }
- */
-
-/*
- * nssPKIXNoticeReference_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXNoticeReference_Equal
-(
- NSSPKIXNoticeReference *nr1,
- NSSPKIXNoticeReference *nr2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXNoticeReference_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNoticeReference upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNoticeReference *
-nssPKIXNoticeReference_Duplicate
-(
- NSSPKIXNoticeReference *nr,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXNoticeReference_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXNoticeReference
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NOTICE_REFERENCE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNoticeReference_verifyPointer
-(
- NSSPKIXNoticeReference *p
-);
-#endif /* DEBUG */
-
-/*
- * DisplayText
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DisplayText ::= CHOICE {
- * visibleString VisibleString (SIZE (1..200)),
- * bmpString BMPString (SIZE (1..200)),
- * utf8String UTF8String (SIZE (1..200)) }
- *
- * The private calls for this type:
- *
- * nssPKIXDisplayText_Decode
- * nssPKIXDisplayText_CreateFromUTF8
- * nssPKIXDisplayText_Encode
- *
- */
-
-/*
- * nssPKIXDisplayText_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDisplayText upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDisplayText *
-nssPKIXDisplayText_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXDisplayText_CreateFromUTF8
- *
- * { basically just enforces the length and charset limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDisplayText upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDisplayText *
-nssPKIXDisplayText_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXDisplayText_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISPLAY_TEXT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXDisplayText_Encode
-(
- NSSPKIXDisplayText *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * PolicyMappings
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- * The private calls for this type:
- *
- * nssPKIXPolicyMappings_Decode
- * nssPKIXPolicyMappings_Create
- * nssPKIXPolicyMappings_Destroy
- * nssPKIXPolicyMappings_Encode
- * nssPKIXPolicyMappings_GetPolicyMappingCount
- * nssPKIXPolicyMappings_GetPolicyMappings
- * nssPKIXPolicyMappings_SetPolicyMappings
- * nssPKIXPolicyMappings_GetPolicyMapping
- * nssPKIXPolicyMappings_SetPolicyMapping
- * nssPKIXPolicyMappings_InsertPolicyMapping
- * nssPKIXPolicyMappings_AppendPolicyMapping
- * nssPKIXPolicyMappings_RemovePolicyMapping
- * nssPKIXPolicyMappings_FindPolicyMapping
- * nssPKIXPolicyMappings_Equal
- * nssPKIXPolicyMappings_Duplicate
- * nssPKIXPolicyMappings_IssuerDomainPolicyExists
- * nssPKIXPolicyMappings_SubjectDomainPolicyExists
- * nssPKIXPolicyMappings_FindIssuerDomainPolicy
- * nssPKIXPolicyMappings_FindSubjectDomainPolicy
- * nssPKIXPolicyMappings_MapIssuerToSubject
- * nssPKIXPolicyMappings_MapSubjectToIssuer
- * { find's and map's: what if there's more than one? }
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXPolicyMappings_verifyPointer
- *
- */
-
-/*
- * nssPKIXPolicyMappings_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyMappings upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyMappings *
-nssPKIXPolicyMappings_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPolicyMappings_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyMappings upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyMappings *
-nssPKIXPolicyMappings_Decode
-(
- NSSArena *arenaOpt,
- NSSPKIXpolicyMapping *policyMapping1,
- ...
-);
-
-/*
- * nssPKIXPolicyMappings_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyMappings_Destroy
-(
- NSSPKIXPolicyMappings *policyMappings
-);
-
-/*
- * nssPKIXPolicyMappings_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_DATA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPolicyMappings_Encode
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPolicyMappings_GetPolicyMappingCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXPolicyMappings_GetPolicyMappingCount
-(
- NSSPKIXPolicyMappings *policyMappings
-);
-
-/*
- * nssPKIXPolicyMappings_GetPolicyMappings
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXpolicyMapping pointers upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXpolicyMapping **
-nssPKIXPolicyMappings_GetPolicyMappings
-(
- NSSPKIXPolicyMappings *policyMappings
- NSSPKIXpolicyMapping *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPolicyMappings_SetPolicyMappings
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyMappings_SetPolicyMappings
-(
- NSSPKIXPolicyMappings *policyMappings
- NSSPKIXpolicyMapping *policyMapping[]
- PRInt32 count
-);
-
-/*
- * nssPKIXPolicyMappings_GetPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXpolicyMapping upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXpolicyMapping *
-nssPKIXPolicyMappings_GetPolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPolicyMappings_SetPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyMappings_SetPolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- PRInt32 i,
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * nssPKIXPolicyMappings_InsertPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyMappings_InsertPolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- PRInt32 i,
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * nssPKIXPolicyMappings_AppendPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyMappings_AppendPolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * nssPKIXPolicyMappings_RemovePolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyMappings_RemovePolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- PRInt32 i
-);
-
-/*
- * nssPKIXPolicyMappings_FindPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXPolicyMappings_FindPolicyMapping
-(
- NSSPKIXPolicyMappings *policyMappings
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * nssPKIXPolicyMappings_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXPolicyMappings_Equal
-(
- NSSPKIXPolicyMappings *policyMappings1,
- NSSPKIXpolicyMappings *policyMappings2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPolicyMappings_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyMappings upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyMappings *
-nssPKIXPolicyMappings_Duplicate
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXPolicyMappings_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXPolicyMappings
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyMappings_verifyPointer
-(
- NSSPKIXPolicyMappings *p
-);
-#endif /* DEBUG */
-
-/*
- * nssPKIXPolicyMappings_IssuerDomainPolicyExists
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- *
- * Return value:
- * PR_TRUE if the specified domain policy OID exists
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXPolicyMappings_IssuerDomainPolicyExists
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *issuerDomainPolicy,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPolicyMappings_SubjectDomainPolicyExists
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- *
- * Return value:
- * PR_TRUE if the specified domain policy OID exists
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXPolicyMappings_SubjectDomainPolicyExists
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *subjectDomainPolicy,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPolicyMappings_FindIssuerDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXPolicyMappings_FindIssuerDomainPolicy
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *issuerDomainPolicy
-);
-
-/*
- * nssPKIXPolicyMappings_FindSubjectDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXPolicyMappings_FindSubjectDomainPolicy
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *issuerDomainPolicy
-);
-
-/*
- * nssPKIXPolicyMappings_MapIssuerToSubject
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NOT_FOUND
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertPolicyId upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertPolicyId *
-nssPKIXPolicyMappings_MapIssuerToSubject
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *issuerDomainPolicy
-);
-
-/*
- * nssPKIXPolicyMappings_MapSubjectToIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPINGS
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NOT_FOUND
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertPolicyId upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCertPolicyId *
-nssPKIXPolicyMappings_MapSubjectToIssuer
-(
- NSSPKIXPolicyMappings *policyMappings,
- NSSPKIXCertPolicyId *issuerDomainPolicy
-);
-
-/*
- * policyMapping
- *
- * Helper structure for PolicyMappings
- *
- * SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- * The private calls for this type:
- *
- * nssPKIXpolicyMapping_Decode
- * nssPKIXpolicyMapping_Create
- * nssPKIXpolicyMapping_Destroy
- * nssPKIXpolicyMapping_Encode
- * nssPKIXpolicyMapping_GetIssuerDomainPolicy
- * nssPKIXpolicyMapping_SetIssuerDomainPolicy
- * nssPKIXpolicyMapping_GetSubjectDomainPolicy
- * nssPKIXpolicyMapping_SetSubjectDomainPolicy
- * nssPKIXpolicyMapping_Equal
- * nssPKIXpolicyMapping_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXpolicyMapping_verifyPointer
- *
- */
-
-/*
- * nssPKIXpolicyMapping_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXpolicyMapping upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXpolicyMapping *
-nssPKIXpolicyMapping_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXpolicyMapping_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- *
- * Return value:
- * A valid pointer to an NSSPKIXpolicyMapping upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXpolicyMapping *
-nssPKIXpolicyMapping_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXCertPolicyId *issuerDomainPolicy,
- NSSPKIXCertPolicyId *subjectDomainPolicy
-);
-
-/*
- * nssPKIXpolicyMapping_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXpolicyMapping_Destroy
-(
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * nssPKIXpolicyMapping_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_DATA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXpolicyMapping_Encode
-(
- NSSPKIXpolicyMapping *policyMapping,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXpolicyMapping_GetIssuerDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertPolicyId OID upon success
- * NULL upon faliure
- */
-
-NSS_EXTERN NSSPKIXCertPolicyId *
-nssPKIXpolicyMapping_GetIssuerDomainPolicy
-(
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * nssPKIXpolicyMapping_SetIssuerDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXpolicyMapping_SetIssuerDomainPolicy
-(
- NSSPKIXpolicyMapping *policyMapping,
- NSSPKIXCertPolicyId *issuerDomainPolicy
-);
-
-/*
- * nssPKIXpolicyMapping_GetSubjectDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXCertPolicyId OID upon success
- * NULL upon faliure
- */
-
-NSS_EXTERN NSSPKIXCertPolicyId *
-nssPKIXpolicyMapping_GetSubjectDomainPolicy
-(
- NSSPKIXpolicyMapping *policyMapping
-);
-
-/*
- * nssPKIXpolicyMapping_SetSubjectDomainPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_INVALID_PKIX_CERT_POLICY_ID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXpolicyMapping_SetSubjectDomainPolicy
-(
- NSSPKIXpolicyMapping *policyMapping,
- NSSPKIXCertPolicyId *subjectDomainPolicy
-);
-
-/*
- * nssPKIXpolicyMapping_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXpolicyMapping_Equal
-(
- NSSPKIXpolicyMapping *policyMapping1,
- NSSPKIXpolicyMapping *policyMapping2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXpolicyMapping_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXpolicyMapping upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXpolicyMapping *
-nssPKIXpolicyMapping_Duplicate
-(
- NSSPKIXpolicyMapping *policyMapping,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXpolicyMapping_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXpolicyMapping
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_MAPPING
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXpolicyMapping_verifyPointer
-(
- NSSPKIXpolicyMapping *p
-);
-#endif /* DEBUG */
-
-/*
- * GeneralName
- *
- * This structure contains a union of the possible general names,
- * of which there are several.
- *
- * From RFC 2459:
- *
- * GeneralName ::= CHOICE {
- * otherName [0] AnotherName,
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER }
- *
- * The private calls for this type:
- *
- * nssPKIXGeneralName_Decode
- * nssPKIXGeneralName_CreateFromUTF8
- * nssPKIXGeneralName_Create
- * nssPKIXGeneralName_CreateFromOtherName
- * nssPKIXGeneralName_CreateFromRfc822Name
- * nssPKIXGeneralName_CreateFromDNSName
- * nssPKIXGeneralName_CreateFromX400Address
- * nssPKIXGeneralName_CreateFromDirectoryName
- * nssPKIXGeneralName_CreateFromEDIPartyName
- * nssPKIXGeneralName_CreateFromUniformResourceIdentifier
- * nssPKIXGeneralName_CreateFromIPAddress
- * nssPKIXGeneralName_CreateFromRegisteredID
- * nssPKIXGeneralName_Destroy
- * nssPKIXGeneralName_Encode
- * nssPKIXGeneralName_GetUTF8Encoding
- * nssPKIXGeneralName_GetChoice
- * nssPKIXGeneralName_GetOtherName
- * nssPKIXGeneralName_GetRfc822Name
- * nssPKIXGeneralName_GetDNSName
- * nssPKIXGeneralName_GetX400Address
- * nssPKIXGeneralName_GetDirectoryName
- * nssPKIXGeneralName_GetEDIPartyName
- * nssPKIXGeneralName_GetUniformResourceIdentifier
- * nssPKIXGeneralName_GetIPAddress
- * nssPKIXGeneralName_GetRegisteredID
- * nssPKIXGeneralName_GetSpecifiedChoice
- * nssPKIXGeneralName_Equal
- * nssPKIXGeneralName_Duplicate
- * (in pki1 I had specific attribute value gettors here too)
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXGeneralName_verifyPointer
- *
- */
-
-/*
- * nssPKIXGeneralName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXGeneralName_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-);
-
-/*
- * nssPKIXGeneralName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME_CHOICE
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_INVALID_PKIX_IA5_STRING
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXGeneralNameChoice choice,
- void *content
-);
-
-/*
- * nssPKIXGeneralName_CreateFromOtherName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_CreateFromOtherName
-(
- NSSArena *arenaOpt,
- NSSPKIXAnotherName *otherName
-);
-
-/*
- * nssPKIXGeneralName_CreateFromRfc822Name
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_IA5_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_CreateFromRfc822Name
-(
- NSSArena *arenaOpt,
- NSSUTF8 *rfc822Name
-);
-
-/*
- * nssPKIXGeneralName_CreateFromDNSName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_IA5_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_CreateFromDNSName
-(
- NSSArena *arenaOpt,
- NSSUTF8 *dNSName
-);
-
-/*
- * nssPKIXGeneralName_CreateFromX400Address
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_OR_ADDRESS
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_CreateFromX400Address
-(
- NSSArena *arenaOpt,
- NSSPKIXORAddress *x400Address
-);
-
-/*
- * nssPKIXGeneralName_CreateFromDirectoryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_CreateFromDirectoryName
-(
- NSSArena *arenaOpt,
- NSSPKIXName *directoryName
-);
-
-/*
- * nssPKIXGeneralName_CreateFromEDIPartyName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_CreateFromEDIPartyName
-(
- NSSArena *arenaOpt,
- NSSPKIXEDIPartyName *ediPartyname
-);
-
-/*
- * nssPKIXGeneralName_CreateFromUniformResourceIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_IA5_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_CreateFromUniformResourceIdentifier
-(
- NSSArena *arenaOpt,
- NSSUTF8 *uniformResourceIdentifier
-);
-
-/*
- * nssPKIXGeneralName_CreateFromIPAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_CreateFromIPAddress
-(
- NSSArena *arenaOpt,
- NSSItem *iPAddress
-);
-
-/*
- * nssPKIXGeneralName_CreateFromRegisteredID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_CreateFromRegisteredID
-(
- NSSArena *arenaOpt,
- NSSOID *registeredID
-);
-
-/*
- * nssPKIXGeneralName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralName_Destroy
-(
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * nssPKIXGeneralName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXGeneralName_Encode
-(
- NSSPKIXGeneralName *generalName,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralName_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXGeneralName_GetUTF8Encoding
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralName_GetChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- *
- * Return value:
- * A valid NSSPKIXGeneralNameChoice value upon success
- * NSSPKIXGeneralNameChoice_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNameChoice
-nssPKIXGeneralName_GetChoice
-(
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * nssPKIXGeneralName_GetOtherName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAnotherName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAnotherName *
-nssPKIXGeneralName_GetOtherName
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralName_GetRfc822Name
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXGeneralName_GetRfc822Name
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralName_GetDNSName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXGeneralName_GetDNSName
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralName_GetX400Address
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXORAddress upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXORAddress *
-nssPKIXGeneralName_GetX400Address
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralName_GetDirectoryName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXName *
-nssPKIXGeneralName_GetDirectoryName
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralName_GetEDIPartyName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXEDIPartyName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXEDIPartyName *
-nssPKIXGeneralName_GetEDIPartyName
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralName_GetUniformResourceIdentifier
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXGeneralName_GetUniformResourceIdentifier
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralName_GetIPAddress
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-nssPKIXGeneralName_GetIPAddress
-(
- NSSPKIXGeneralName *generalName,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralName_GetRegisteredID
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSOID upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSOID *
-nssPKIXGeneralName_GetRegisteredID
-(
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * nssPKIXGeneralName_GetSpecifiedChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN void *
-nssPKIXGeneralName_GetSpecifiedChoice
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXGeneralName_Equal
-(
- NSSPKIXGeneralName *generalName1,
- NSSPKIXGeneralName *generalName2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXGeneralName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralName_Duplicate
-(
- NSSPKIXGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * (in pki1 I had specific attribute value gettors here too)
- *
- */
-
-#ifdef DEBUG
-/*
- * nssPKIXGeneralName_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXGeneralName
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralName_verifyPointer
-(
- NSSPKIXGeneralName *p
-);
-#endif /* DEBUG */
-
-/*
- * GeneralNames
- *
- * This structure contains a sequence of GeneralName objects.
- *
- * From RFC 2459:
- *
- * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
- *
- * The private calls for this type:
- *
- * nssPKIXGeneralNames_Decode
- * nssPKIXGeneralNames_Create
- * nssPKIXGeneralNames_Destroy
- * nssPKIXGeneralNames_Encode
- * nssPKIXGeneralNames_GetGeneralNameCount
- * nssPKIXGeneralNames_GetGeneralNames
- * nssPKIXGeneralNames_SetGeneralNames
- * nssPKIXGeneralNames_GetGeneralName
- * nssPKIXGeneralNames_SetGeneralName
- * nssPKIXGeneralNames_InsertGeneralName
- * nssPKIXGeneralNames_AppendGeneralName
- * nssPKIXGeneralNames_RemoveGeneralName
- * nssPKIXGeneralNames_FindGeneralName
- * nssPKIXGeneralNames_Equal
- * nssPKIXGeneralNames_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXGeneralNames_verifyPointer
- *
- */
-
-/*
- * nssPKIXGeneralNames_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNames *
-nssPKIXGeneralNames_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXGeneralNames_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNames *
-nssPKIXGeneralNames_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXGeneralName *generalName1,
- ...
-);
-
-/*
- * nssPKIXGeneralNames_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralNames_Destroy
-(
- NSSPKIXGeneralNames *generalNames
-);
-
-/*
- * nssPKIXGeneralNames_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXGeneralNames_Encode
-(
- NSSPKIXGeneralNames *generalNames,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralNames_GetGeneralNameCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXGeneralNames_GetGeneralNameCount
-(
- NSSPKIXGeneralNames *generalNames
-);
-
-/*
- * nssPKIXGeneralNames_GetGeneralNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXGeneralName pointers upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName **
-nssPKIXGeneralNames_GetGeneralNames
-(
- NSSPKIXGeneralNames *generalNames,
- NSSPKIXGeneralName *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralNames_SetGeneralNames
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralNames_SetGeneralNames
-(
- NSSPKIXGeneralNames *generalNames,
- NSSPKIXGeneralName *generalName[],
- PRInt32 count
-);
-
-/*
- * nssPKIXGeneralNames_GetGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralNames_GetGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralNames_SetGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralNames_SetGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- PRInt32 i,
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * nssPKIXGeneralNames_InsertGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralNames_InsertGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- PRInt32 i,
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * nssPKIXGeneralNames_AppendGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralNames_AppendGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * nssPKIXGeneralNames_RemoveGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralNames_RemoveGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- PRInt32 i
-);
-
-/*
- * nssPKIXGeneralNames_FindGeneralName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXGeneralNames_FindGeneralName
-(
- NSSPKIXGeneralNames *generalNames,
- NSSPKIXGeneralName *generalName
-);
-
-/*
- * nssPKIXGeneralNames_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXGeneralNames_Equal
-(
- NSSPKIXGeneralNames *generalNames1,
- NSSPKIXGeneralNames *generalNames2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXGeneralNames_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNames *
-nssPKIXGeneralNames_Duplicate
-(
- NSSPKIXGeneralNames *generalNames,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXGeneralNames_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXGeneralNames
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralNames_verifyPointer
-(
- NSSPKIXGeneralNames *p
-);
-#endif /* DEBUG */
-
-/*
- * AnotherName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AnotherName ::= SEQUENCE {
- * type-id OBJECT IDENTIFIER,
- * value [0] EXPLICIT ANY DEFINED BY type-id }
- *
- * The private calls for this type:
- *
- * nssPKIXAnotherName_Decode
- * nssPKIXAnotherName_Create
- * nssPKIXAnotherName_Destroy
- * nssPKIXAnotherName_Encode
- * nssPKIXAnotherName_GetTypeId
- * nssPKIXAnotherName_SetTypeId
- * nssPKIXAnotherName_GetValue
- * nssPKIXAnotherName_SetValue
- * nssPKIXAnotherName_Equal
- * nssPKIXAnotherName_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXAnotherName_verifyPointer
- *
- */
-
-/*
- * nssPKIXAnotherName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAnotherName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAnotherName *
-nssPKIXAnotherName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXAnotherName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAnotherName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAnotherName *
-nssPKIXAnotherName_Create
-(
- NSSArena *arenaOpt,
- NSSOID *typeId,
- NSSItem *value
-);
-
-/*
- * nssPKIXAnotherName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAnotherName_Destroy
-(
- NSSPKIXAnotherName *anotherName
-);
-
-/*
- * nssPKIXAnotherName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXAnotherName_Encode
-(
- NSSPKIXAnotherName *anotherName,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAnotherName_GetTypeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSOID upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSOID *
-nssPKIXAnotherName_GetTypeId
-(
- NSSPKIXAnotherName *anotherName
-);
-
-/*
- * nssPKIXAnotherName_SetTypeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAnotherName_SetTypeId
-(
- NSSPKIXAnotherName *anotherName,
- NSSOID *typeId
-);
-
-/*
- * nssPKIXAnotherName_GetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSItem *
-nssPKIXAnotherName_GetValue
-(
- NSSPKIXAnotherName *anotherName,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAnotherName_SetValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAnotherName_SetValue
-(
- NSSPKIXAnotherName *anotherName,
- NSSItem *value
-);
-
-/*
- * nssPKIXAnotherName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXAnotherName_Equal
-(
- NSSPKIXAnotherName *anotherName1,
- NSSPKIXAnotherName *anotherName2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXAnotherName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAnotherName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAnotherName *
-nssPKIXAnotherName_Duplicate
-(
- NSSPKIXAnotherName *anotherName,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXAnotherName_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXAnotherName
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ANOTHER_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAnotherName_verifyPointer
-(
- NSSPKIXAnotherName *p
-);
-#endif /* DEBUG */
-
-/*
- * EDIPartyName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- *
- * EDIPartyName ::= SEQUENCE {
- * nameAssigner [0] DirectoryString OPTIONAL,
- * partyName [1] DirectoryString }
- *
- * The private calls for this type:
- *
- * nssPKIXEDIPartyName_Decode
- * nssPKIXEDIPartyName_Create
- * nssPKIXEDIPartyName_Destroy
- * nssPKIXEDIPartyName_Encode
- * nssPKIXEDIPartyName_HasNameAssigner
- * nssPKIXEDIPartyName_GetNameAssigner
- * nssPKIXEDIPartyName_SetNameAssigner
- * nssPKIXEDIPartyName_RemoveNameAssigner
- * nssPKIXEDIPartyName_GetPartyName
- * nssPKIXEDIPartyName_SetPartyName
- * nssPKIXEDIPartyName_Equal
- * nssPKIXEDIPartyName_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXEDIPartyName_verifyPointer
- *
- */
-
-/*
- * nssPKIXEDIPartyName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXEDIPartyName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXEDIPartyName *
-nssPKIXEDIPartyName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXEDIPartyName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * A valid pointer to an NSSPKIXEDIPartyName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXEDIPartyName *
-nssPKIXEDIPartyName_Create
-(
- NSSArena *arenaOpt,
- NSSUTF8 *nameAssignerOpt,
- NSSUTF8 *partyName
-);
-
-/*
- * nssPKIXEDIPartyName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXEDIPartyName_Destroy
-(
- NSSPKIXEDIPartyName *ediPartyName
-);
-
-/*
- * nssPKIXEDIPartyName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXEDIPartyName_Encode
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXEDIPartyName_HasNameAssigner
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXEDIPartyName_HasNameAssigner
-(
- NSSPKIXEDIPartyName *ediPartyName
-);
-
-/*
- * nssPKIXEDIPartyName_GetNameAssigner
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_HAS_NO_NAME_ASSIGNER
- *
- * Return value:
- * A valid pointer to an NSSUTF8 string upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXEDIPartyName_GetNameAssigner
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXEDIPartyName_SetNameAssigner
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXEDIPartyName_SetNameAssigner
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSUTF8 *nameAssigner
-);
-
-/*
- * nssPKIXEDIPartyName_RemoveNameAssigner
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_HAS_NO_NAME_ASSIGNER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXEDIPartyName_RemoveNameAssigner
-(
- NSSPKIXEDIPartyName *ediPartyName
-);
-
-/*
- * nssPKIXEDIPartyName_GetPartyName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSUTF8 string upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSUTF8 *
-nssPKIXEDIPartyName_GetPartyName
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXEDIPartyName_SetPartyName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_STRING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXEDIPartyName_SetPartyName
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSUTF8 *partyName
-);
-
-/*
- * nssPKIXEDIPartyName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXEDIPartyName_Equal
-(
- NSSPKIXEDIPartyName *ediPartyName1,
- NSSPKIXEDIPartyName *ediPartyName2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXEDIPartyName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXEDIPartyName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXEDIPartyName *
-nssPKIXEDIPartyName_Duplicate
-(
- NSSPKIXEDIPartyName *ediPartyName,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXEDIPartyName_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXEDIPartyName
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EDI_PARTY_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXEDIPartyName_verifyPointer
-(
- NSSPKIXEDIPartyName *p
-);
-#endif /* DEBUG */
-
-/*
- * SubjectDirectoryAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
- *
- * The private calls for this type:
- *
- * nssPKIXSubjectDirectoryAttributes_Decode
- * nssPKIXSubjectDirectoryAttributes_Create
- * nssPKIXSubjectDirectoryAttributes_Destroy
- * nssPKIXSubjectDirectoryAttributes_Encode
- * nssPKIXSubjectDirectoryAttributes_GetAttributeCount
- * nssPKIXSubjectDirectoryAttributes_GetAttributes
- * nssPKIXSubjectDirectoryAttributes_SetAttributes
- * nssPKIXSubjectDirectoryAttributes_GetAttribute
- * nssPKIXSubjectDirectoryAttributes_SetAttribute
- * nssPKIXSubjectDirectoryAttributes_InsertAttribute
- * nssPKIXSubjectDirectoryAttributes_AppendAttribute
- * nssPKIXSubjectDirectoryAttributes_RemoveAttribute
- * nssPKIXSubjectDirectoryAttributes_FindAttribute
- * nssPKIXSubjectDirectoryAttributes_Equal
- * nssPKIXSubjectDirectoryAttributes_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXSubjectDirectoryAttributes_verifyPointer
- *
- */
-
-/*
- * nssPKIXSubjectDirectoryAttributes_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectDirectoryAttributes upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectDirectoryAttributes *
-nssPKIXSubjectDirectoryAttributes_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectDirectoryAttributes upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectDirectoryAttributes *
-nssPKIXSubjectDirectoryAttributes_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttribute *attribute1,
- ...
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXSubjectDirectoryAttributes_Destroy
-(
- NSSPKIXSubjectDirectoryAttributes *sda
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXSubjectDirectoryAttributes_Encode
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_GetAttributeCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXSubjectDirectoryAttributes_GetAttributeCount
-(
- NSSPKIXSubjectDirectoryAttributes *sda
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_GetAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXAttribute pointers upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttribute **
-nssPKIXSubjectDirectoryAttributes_GetAttributes
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSPKIXAttribute *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_SetAttributes
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXSubjectDirectoryAttributes_SetAttributes
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSAttribute *attributes[],
- PRInt32 count
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_GetAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon error
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-nssPKIXSubjectDirectoryAttributes_GetAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_SetAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXSubjectDirectoryAttributes_SetAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- PRInt32 i,
- NSSPKIXAttribute *attribute
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_InsertAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXSubjectDirectoryAttributes_InsertAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- PRInt32 i,
- NSSPKIXAttribute *attribute
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_AppendAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXSubjectDirectoryAttributes_AppendAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSPKIXAttribute *attribute
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_RemoveAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXSubjectDirectoryAttributes_RemoveAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- PRInt32 i
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_FindAttribute
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_ATTRIBUTE
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXSubjectDirectoryAttributes_FindAttribute
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSPKIXAttribute *attribute
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXSubjectDirectoryAttributes_Equal
-(
- NSSPKIXSubjectDirectoryAttributes *sda1,
- NSSPKIXSubjectDirectoryAttributes *sda2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXSubjectDirectoryAttributes_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXSubjectDirectoryAttributes upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXSubjectDirectoryAttributes *
-nssPKIXSubjectDirectoryAttributes_Duplicate
-(
- NSSPKIXSubjectDirectoryAttributes *sda,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXSubjectDirectoryAttributes_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXSubjectDirectoryAttributes
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_SUBJECT_DIRECTORY_ATTRIBUTES
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXSubjectDirectoryAttributes_verifyPointer
-(
- NSSPKIXSubjectDirectoryAttributes *p
-);
-#endif /* DEBUG */
-
-/*
- * BasicConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BasicConstraints ::= SEQUENCE {
- * cA BOOLEAN DEFAULT FALSE,
- * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
- *
- * The private calls for this type:
- *
- * nssPKIXBasicConstraints_Decode
- * nssPKIXBasicConstraints_Create
- * nssPKIXBasicConstraints_Destroy
- * nssPKIXBasicConstraints_Encode
- * nssPKIXBasicConstraints_GetCA
- * nssPKIXBasicConstraints_SetCA
- * nssPKIXBasicConstraints_HasPathLenConstraint
- * nssPKIXBasicConstraints_GetPathLenConstraint
- * nssPKIXBasicConstraints_SetPathLenConstraint
- * nssPKIXBasicConstraints_RemovePathLenConstraint
- * nssPKIXBasicConstraints_Equal
- * nssPKIXBasicConstraints_Duplicate
- * nssPKIXBasicConstraints_CompareToPathLenConstraint
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXBasicConstraints_verifyPointer
- *
- */
-
-/*
- * nssPKIXBasicConstraints_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXBasicConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBasicConstraints *
-nssPKIXBasicConstraints_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXBasicConstraints_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * A valid pointer to an NSSPKIXBasicConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBasicConstraints *
-nssPKIXBasicConstraints_Create
-(
- NSSArena *arenaOpt,
- PRBool ca,
- PRInt32 pathLenConstraint
-);
-
-/*
- * nssPKIXBasicConstraints_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBasicConstraints_Destroy
-(
- NSSPKIXBasicConstraints *basicConstraints
-);
-
-/*
- * nssPKIXBasicConstraints_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXBasicConstraints_Encode
-(
- NSSPKIXBasicConstraints *basicConstraints,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXBasicConstraints_GetCA
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if the CA bit is true
- * PR_FALSE if it isn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXBasicConstraints_GetCA
-(
- NSSPKIXBasicConstraints *basicConstraints,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBasicConstraints_SetCA
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBasicConstraints_SetCA
-(
- NSSPKIXBasicConstraints *basicConstraints,
- PRBool ca
-);
-
-/*
- * nssPKIXBasicConstraints_HasPathLenConstraint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXBasicConstraints_HasPathLenConstraint
-(
- NSSPKIXBasicConstraints *basicConstraints,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBasicConstraints_GetPathLenConstraint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_HAS_NO_PATH_LEN_CONSTRAINT
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXBasicConstraints_GetPathLenConstraint
-(
- NSSPKIXBasicConstraints *basicConstraints
-);
-
-/*
- * nssPKIXBasicConstraints_SetPathLenConstraint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBasicConstraints_SetPathLenConstraint
-(
- NSSPKIXBasicConstraints *basicConstraints,
- PRInt32 pathLenConstraint
-);
-
-/*
- * nssPKIXBasicConstraints_RemovePathLenConstraint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_HAS_NO_PATH_LEN_CONSTRAINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBasicConstraints_RemovePathLenConstraint
-(
- NSSPKIXBasicConstraints *basicConstraints
-);
-
-/*
- * nssPKIXBasicConstraints_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXBasicConstraints_Equal
-(
- NSSPKIXBasicConstraints *basicConstraints1,
- NSSPKIXBasicConstraints *basicConstraints2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXBasicConstraints_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXBasicConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXBasicConstraints *
-nssPKIXBasicConstraints_Duplicate
-(
- NSSPKIXBasicConstraints *basicConstraints,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXBasicConstraints_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXBasicConstraints
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXBasicConstraints_verifyPointer
-(
- NSSPKIXBasicConstraints *p
-);
-#endif /* DEBUG */
-
-/*
- * nssPKIXBasicConstraints_CompareToPathLenConstraint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_BASIC_CONSTRAINTS
- * NSS_ERROR_HAS_NO_PATH_LEN_CONSTRAINT
- *
- * Return value:
- * 1 if the specified value is greater than the pathLenConstraint
- * 0 if the specified value equals the pathLenConstraint
- * -1 if the specified value is less than the pathLenConstraint
- * -2 upon error
- */
-
-NSS_EXTERN PRInt32
-nssPKIXBasicConstraints_CompareToPathLenConstraint
-(
- NSSPKIXBasicConstraints *basicConstraints,
- PRInt32 value
-);
-
-/*
- * NameConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NameConstraints ::= SEQUENCE {
- * permittedSubtrees [0] GeneralSubtrees OPTIONAL,
- * excludedSubtrees [1] GeneralSubtrees OPTIONAL }
- *
- * The private calls for this type:
- *
- * nssPKIXNameConstraints_Decode
- * nssPKIXNameConstraints_Create
- * nssPKIXNameConstraints_Destroy
- * nssPKIXNameConstraints_Encode
- * nssPKIXNameConstraints_HasPermittedSubtrees
- * nssPKIXNameConstraints_GetPermittedSubtrees
- * nssPKIXNameConstraints_SetPermittedSubtrees
- * nssPKIXNameConstraints_RemovePermittedSubtrees
- * nssPKIXNameConstraints_HasExcludedSubtrees
- * nssPKIXNameConstraints_GetExcludedSubtrees
- * nssPKIXNameConstraints_SetExcludedSubtrees
- * nssPKIXNameConstraints_RemoveExcludedSubtrees
- * nssPKIXNameConstraints_Equal
- * nssPKIXNameConstraints_Duplicate
- * { and the comparator functions }
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXNameConstraints_verifyPointer
- *
- */
-
-/*
- * nssPKIXNameConstraints_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXNameConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNameConstraints *
-nssPKIXNameConstraints_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXNameConstraints_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- *
- * Return value:
- * A valid pointer to an NSSPKIXNameConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNameConstraints *
-nssPKIXNameConstraints_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXGeneralSubtrees *permittedSubtrees,
- NSSPKIXGeneralSubtrees *excludedSubtrees
-);
-
-/*
- * nssPKIXNameConstraints_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNameConstraints_Destroy
-(
- NSSPKIXNameConstraints *nameConstraints
-);
-
-/*
- * nssPKIXNameConstraints_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXNameConstraints_Encode
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXNameConstraints_HasPermittedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXNameConstraints_HasPermittedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXNameConstraints_GetPermittedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_HAS_NO_PERMITTED_SUBTREES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtrees upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtrees *
-nssPKIXNameConstraints_GetPermittedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXNameConstraints_SetPermittedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNameConstraints_SetPermittedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSPKIXGeneralSubtrees *permittedSubtrees
-);
-
-/*
- * nssPKIXNameConstraints_RemovePermittedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_HAS_NO_PERMITTED_SUBTREES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNameConstraints_RemovePermittedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints
-);
-
-/*
- * nssPKIXNameConstraints_HasExcludedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXNameConstraints_HasExcludedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXNameConstraints_GetExcludedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_HAS_NO_EXCLUDED_SUBTREES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtrees upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtrees *
-nssPKIXNameConstraints_GetExcludedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXNameConstraints_SetExcludedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNameConstraints_SetExcludedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSPKIXGeneralSubtrees *excludedSubtrees
-);
-
-/*
- * nssPKIXNameConstraints_RemoveExcludedSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_HAS_NO_EXCLUDED_SUBTREES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNameConstraints_RemoveExcludedSubtrees
-(
- NSSPKIXNameConstraints *nameConstraints
-);
-
-/*
- * nssPKIXNameConstraints_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXNameConstraints_Equal
-(
- NSSPKIXNameConstraints *nameConstraints1,
- NSSPKIXNameConstraints *nameConstraints2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXNameConstraints_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXNameConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXNameConstraints *
-nssPKIXNameConstraints_Duplicate
-(
- NSSPKIXNameConstraints *nameConstraints,
- NSSArena *arenaOpt
-);
-
-/*
- * { and the comparator functions }
- *
- */
-
-#ifdef DEBUG
-/*
- * nssPKIXNameConstraints_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXNameConstraints
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME_CONSTRAINTS
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXNameConstraints_verifyPointer
-(
- NSSPKIXNameConstraints *p
-);
-#endif /* DEBUG */
-
-/*
- * GeneralSubtrees
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
- *
- * The private calls for this type:
- *
- * nssPKIXGeneralSubtrees_Decode
- * nssPKIXGeneralSubtrees_Create
- * nssPKIXGeneralSubtrees_Destroy
- * nssPKIXGeneralSubtrees_Encode
- * nssPKIXGeneralSubtrees_GetGeneralSubtreeCount
- * nssPKIXGeneralSubtrees_GetGeneralSubtrees
- * nssPKIXGeneralSubtrees_SetGeneralSubtrees
- * nssPKIXGeneralSubtrees_GetGeneralSubtree
- * nssPKIXGeneralSubtrees_SetGeneralSubtree
- * nssPKIXGeneralSubtrees_InsertGeneralSubtree
- * nssPKIXGeneralSubtrees_AppendGeneralSubtree
- * nssPKIXGeneralSubtrees_RemoveGeneralSubtree
- * nssPKIXGeneralSubtrees_FindGeneralSubtree
- * nssPKIXGeneralSubtrees_Equal
- * nssPKIXGeneralSubtrees_Duplicate
- * { and finders and comparators }
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXGeneralSubtrees_verifyPointer
- *
- */
-
-/*
- * nssPKIXGeneralSubtrees_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtrees upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtrees *
-nssPKIXGeneralSubtrees_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXGeneralSubtrees_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtrees upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtrees *
-nssPKIXGeneralSubtrees_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXGeneralSubtree *generalSubtree1,
- ...
-);
-
-/*
- * nssPKIXGeneralSubtrees_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtrees_Destroy
-(
- NSSPKIXGeneralSubtrees *generalSubtrees
-);
-
-/*
- * nssPKIXGeneralSubtrees_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXGeneralSubtrees_Encode
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralSubtrees_GetGeneralSubtreeCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXGeneralSubtrees_GetGeneralSubtreeCount
-(
- NSSPKIXGeneralSubtrees *generalSubtrees
-);
-
-/*
- * nssPKIXGeneralSubtrees_GetGeneralSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXGeneralSubtree pointers upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtree **
-nssPKIXGeneralSubtrees_GetGeneralSubtrees
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSPKIXGeneralSubtree *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralSubtrees_SetGeneralSubtrees
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtrees_SetGeneralSubtrees
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSPKIXGeneralSubtree *generalSubtree[],
- PRInt32 count
-);
-
-/*
- * nssPKIXGeneralSubtrees_GetGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtree upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtree *
-nssPKIXGeneralSubtrees_GetGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralSubtrees_SetGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtrees_SetGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- PRInt32 i,
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * nssPKIXGeneralSubtrees_InsertGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtrees_InsertGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- PRInt32 i,
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * nssPKIXGeneralSubtrees_AppendGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtrees_AppendGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * nssPKIXGeneralSubtrees_RemoveGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtrees_RemoveGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- PRInt32 i
-);
-
-/*
- * nssPKIXGeneralSubtrees_FindGeneralSubtree
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXGeneralSubtrees_FindGeneralSubtree
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * nssPKIXGeneralSubtrees_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXGeneralSubtrees_Equal
-(
- NSSPKIXGeneralSubtrees *generalSubtrees1,
- NSSPKIXGeneralSubtrees *generalSubtrees2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXGeneralSubtrees_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtrees upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtrees *
-nssPKIXGeneralSubtrees_Duplicate
-(
- NSSPKIXGeneralSubtrees *generalSubtrees,
- NSSArena *arenaOpt
-);
-
-/*
- * { and finders and comparators }
- *
- */
-
-#ifdef DEBUG
-/*
- * nssPKIXGeneralSubtrees_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXGeneralSubtrees
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREES
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtrees_verifyPointer
-(
- NSSPKIXGeneralSubtrees *p
-);
-#endif /* DEBUG */
-
-/*
- * GeneralSubtree
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * GeneralSubtree ::= SEQUENCE {
- * base GeneralName,
- * minimum [0] BaseDistance DEFAULT 0,
- * maximum [1] BaseDistance OPTIONAL }
- *
- * The private calls for this type:
- *
- * nssPKIXGeneralSubtree_Decode
- * nssPKIXGeneralSubtree_Create
- * nssPKIXGeneralSubtree_Destroy
- * nssPKIXGeneralSubtree_Encode
- * nssPKIXGeneralSubtree_GetBase
- * nssPKIXGeneralSubtree_SetBase
- * nssPKIXGeneralSubtree_GetMinimum
- * nssPKIXGeneralSubtree_SetMinimum
- * nssPKIXGeneralSubtree_HasMaximum
- * nssPKIXGeneralSubtree_GetMaximum
- * nssPKIXGeneralSubtree_SetMaximum
- * nssPKIXGeneralSubtree_RemoveMaximum
- * nssPKIXGeneralSubtree_Equal
- * nssPKIXGeneralSubtree_Duplicate
- * nssPKIXGeneralSubtree_DistanceInRange
- * {other tests and comparators}
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXGeneralSubtree_verifyPointer
- *
- */
-
-/*
- * nssPKIXGeneralSubtree_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtree upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtree *
-nssPKIXGeneralSubtree_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXGeneralSubtree_Create
- *
- * -- fgmr comments --
- * The optional maximum value may be omitted by specifying -1.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtree upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtree *
-nssPKIXGeneralSubtree_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXBaseDistance minimum,
- NSSPKIXBaseDistance maximumOpt
-);
-
-/*
- * nssPKIXGeneralSubtree_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtree_Destroy
-(
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * nssPKIXGeneralSubtree_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXGeneralSubtree_Encode
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralSubtree_GetBase
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXGeneralSubtree_GetBase
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXGeneralSubtree_SetBase
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtree_SetBase
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSPKIXGeneralName *base
-);
-
-/*
- * nssPKIXGeneralSubtree_GetMinimum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN NSSPKIXBaseDistance
-nssPKIXGeneralSubtree_GetMinimum
-(
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * nssPKIXGeneralSubtree_SetMinimum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtree_SetMinimum
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSPKIXBaseDistance *minimum
-);
-
-/*
- * nssPKIXGeneralSubtree_HasMaximum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXGeneralSubtree_HasMaximum
-(
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * nssPKIXGeneralSubtree_GetMaximum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_HAS_NO_MAXIMUM_BASE_DISTANCE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN NSSPKIXBaseDistance
-nssPKIXGeneralSubtree_GetMaximum
-(
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * nssPKIXGeneralSubtree_SetMaximum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtree_SetMaximum
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSPKIXBaseDistance *maximum
-);
-
-/*
- * nssPKIXGeneralSubtree_RemoveMaximum
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_HAS_NO_MAXIMUM_BASE_DISTANCE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtree_RemoveMaximum
-(
- NSSPKIXGeneralSubtree *generalSubtree
-);
-
-/*
- * nssPKIXGeneralSubtree_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXGeneralSubtree_Equal
-(
- NSSPKIXGeneralSubtree *generalSubtree1,
- NSSPKIXGeneralSubtree *generalSubtree2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXGeneralSubtree_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralSubtree upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralSubtree *
-nssPKIXGeneralSubtree_Duplicate
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXGeneralSubtree_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXGeneralSubtree
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXGeneralSubtree_verifyPointer
-(
- NSSPKIXGeneralSubtree *p
-);
-#endif /* DEBUG */
-
-/*
- * nssPKIXGeneralSubtree_DistanceInRange
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_GENERAL_SUBTREE
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_TRUE if the specified value is within the minimum and maximum
- * base distances
- * PR_FALSE if it isn't
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXGeneralSubtree_DistanceInRange
-(
- NSSPKIXGeneralSubtree *generalSubtree,
- NSSPKIXBaseDistance value,
- PRStatus *statusOpt
-);
-
-/*
- * {other tests and comparators}
- *
- */
-
-/*
- * PolicyConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyConstraints ::= SEQUENCE {
- * requireExplicitPolicy [0] SkipCerts OPTIONAL,
- * inhibitPolicyMapping [1] SkipCerts OPTIONAL }
- *
- * The private calls for this type:
- *
- * nssPKIXPolicyConstraints_Decode
- * nssPKIXPolicyConstraints_Create
- * nssPKIXPolicyConstraints_Destroy
- * nssPKIXPolicyConstraints_Encode
- * nssPKIXPolicyConstraints_HasRequireExplicitPolicy
- * nssPKIXPolicyConstraints_GetRequireExplicitPolicy
- * nssPKIXPolicyConstraints_SetRequireExplicitPolicy
- * nssPKIXPolicyConstraints_RemoveRequireExplicitPolicy
- * nssPKIXPolicyConstraints_HasInhibitPolicyMapping
- * nssPKIXPolicyConstraints_GetInhibitPolicyMapping
- * nssPKIXPolicyConstraints_SetInhibitPolicyMapping
- * nssPKIXPolicyConstraints_RemoveInhibitPolicyMapping
- * nssPKIXPolicyConstraints_Equal
- * nssPKIXPolicyConstraints_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXPolicyConstraints_verifyPointer
- *
- */
-
-/*
- * nssPKIXPolicyConstraints_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyConstraints *
-nssPKIXPolicyConstraints_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXPolicyConstraints_Create
- *
- * -- fgmr comments --
- * The optional values may be omitted by specifying -1.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyConstraints *
-nssPKIXPolicyConstraints_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXSkipCerts requireExplicitPolicy,
- NSSPKIXSkipCerts inhibitPolicyMapping
-);
-
-/*
- * nssPKIXPolicyConstraints_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyConstraints_Destroy
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * nssPKIXPolicyConstraints_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXPolicyConstraints_Encode
-(
- NSSPKIXPolicyConstraints *policyConstraints,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXPolicyConstraints_HasRequireExplicitPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXPolicyConstraints_HasRequireExplicitPolicy
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * nssPKIXPolicyConstraints_GetRequireExplicitPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_HAS_NO_REQUIRE_EXPLICIT_POLICY
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXPolicyConstraints_GetRequireExplicitPolicy
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * nssPKIXPolicyConstraints_SetRequireExplicitPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyConstraints_SetRequireExplicitPolicy
-(
- NSSPKIXPolicyConstraints *policyConstraints,
- NSSPKIXSkipCerts requireExplicitPolicy
-);
-
-/*
- * nssPKIXPolicyConstraints_RemoveRequireExplicitPolicy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_HAS_NO_REQUIRE_EXPLICIT_POLICY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyConstraints_RemoveRequireExplicitPolicy
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * nssPKIXPolicyConstraints_HasInhibitPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXPolicyConstraints_HasInhibitPolicyMapping
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * nssPKIXPolicyConstraints_GetInhibitPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_HAS_NO_INHIBIT_POLICY_MAPPING
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXPolicyConstraints_GetInhibitPolicyMapping
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * nssPKIXPolicyConstraints_SetInhibitPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_INVALID_VALUE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyConstraints_SetInhibitPolicyMapping
-(
- NSSPKIXPolicyConstraints *policyConstraints,
- NSSPKIXSkipCerts inhibitPolicyMapping
-);
-
-/*
- * nssPKIXPolicyConstraints_RemoveInhibitPolicyMapping
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_HAS_NO_INHIBIT_POLICY_MAPPING
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyConstraints_RemoveInhibitPolicyMapping
-(
- NSSPKIXPolicyConstraints *policyConstraints
-);
-
-/*
- * nssPKIXPolicyConstraints_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXPolicyConstraints_Equal
-(
- NSSPKIXPolicyConstraints *policyConstraints1,
- NSSPKIXPolicyConstraints *policyConstraints2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXPolicyConstraints_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXPolicyConstraints upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXPolicyConstraints *
-nssPKIXPolicyConstraints_Duplicate
-(
- NSSPKIXPolicyConstraints *policyConstraints,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXPolicyConstraints_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXPolicyConstraints
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_POLICY_CONSTRAINTS
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXPolicyConstraints_verifyPointer
-(
- NSSPKIXPolicyConstraints *p
-);
-#endif /* DEBUG */
-
-/*
- * CRLDistPointsSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
- *
- * The private calls for this type:
- *
- * nssPKIXCRLDistPointsSyntax_Decode
- * nssPKIXCRLDistPointsSyntax_Create
- * nssPKIXCRLDistPointsSyntax_Destroy
- * nssPKIXCRLDistPointsSyntax_Encode
- * nssPKIXCRLDistPointsSyntax_GetDistributionPointCount
- * nssPKIXCRLDistPointsSyntax_GetDistributionPoints
- * nssPKIXCRLDistPointsSyntax_SetDistributionPoints
- * nssPKIXCRLDistPointsSyntax_GetDistributionPoint
- * nssPKIXCRLDistPointsSyntax_SetDistributionPoint
- * nssPKIXCRLDistPointsSyntax_InsertDistributionPoint
- * nssPKIXCRLDistPointsSyntax_AppendDistributionPoint
- * nssPKIXCRLDistPointsSyntax_RemoveDistributionPoint
- * nssPKIXCRLDistPointsSyntax_FindDistributionPoint
- * nssPKIXCRLDistPointsSyntax_Equal
- * nssPKIXCRLDistPointsSyntax_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXCRLDistPointsSyntax_verifyPointer
- *
- */
-
-/*
- * nssPKIXCRLDistPointsSyntax_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCRLDistPointsSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCRLDistPointsSyntax *
-nssPKIXCRLDistPointsSyntax_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * A valid pointer to an NSSPKIXCRLDistPointsSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCRLDistPointsSyntax *
-nssPKIXCRLDistPointsSyntax_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXDistributionPoint *distributionPoint1,
- ...
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCRLDistPointsSyntax_Destroy
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXCRLDistPointsSyntax_Encode
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_GetDistributionPointCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXCRLDistPointsSyntax_GetDistributionPointCount
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_GetDistributionPoints
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXDistributionPoint pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPoints **
-nssPKIXCRLDistPointsSyntax_GetDistributionPoints
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSDistributionPoint *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_SetDistributionPoints
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCRLDistPointsSyntax_SetDistributionPoints
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSDistributionPoint *distributionPoint[]
- PRInt32 count
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_GetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPoint *
-nssPKIXCRLDistPointsSyntax_GetDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_SetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCRLDistPointsSyntax_SetDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- PRInt32 i,
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_InsertDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCRLDistPointsSyntax_InsertDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- PRInt32 i,
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_AppendDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCRLDistPointsSyntax_AppendDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_RemoveDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCRLDistPointsSyntax_RemoveDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- PRInt32 i
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_FindDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXCRLDistPointsSyntax_FindDistributionPoint
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXCRLDistPointsSyntax_Equal
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax1,
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXCRLDistPointsSyntax_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXCRLDistPointsSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXCRLDistPointsSyntax *
-nssPKIXCRLDistPointsSyntax_Duplicate
-(
- NSSPKIXCRLDistPointsSyntax *crlDistPointsSyntax,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXCRLDistPointsSyntax_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXCRLDistPointsSyntax
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_CRL_DIST_POINTS_SYNTAX
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXCRLDistPointsSyntax_verifyPointer
-(
- NSSPKIXCRLDistPointsSyntax *p
-);
-#endif /* DEBUG */
-
-/*
- * DistributionPoint
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DistributionPoint ::= SEQUENCE {
- * distributionPoint [0] DistributionPointName OPTIONAL,
- * reasons [1] ReasonFlags OPTIONAL,
- * cRLIssuer [2] GeneralNames OPTIONAL }
- *
- * The private calls for this type:
- *
- * nssPKIXDistributionPoint_Decode
- * nssPKIXDistributionPoint_Create
- * nssPKIXDistributionPoint_Destroy
- * nssPKIXDistributionPoint_Encode
- * nssPKIXDistributionPoint_HasDistributionPoint
- * nssPKIXDistributionPoint_GetDistributionPoint
- * nssPKIXDistributionPoint_SetDistributionPoint
- * nssPKIXDistributionPoint_RemoveDistributionPoint
- * nssPKIXDistributionPoint_HasReasons
- * nssPKIXDistributionPoint_GetReasons
- * nssPKIXDistributionPoint_SetReasons
- * nssPKIXDistributionPoint_RemoveReasons
- * nssPKIXDistributionPoint_HasCRLIssuer
- * nssPKIXDistributionPoint_GetCRLIssuer
- * nssPKIXDistributionPoint_SetCRLIssuer
- * nssPKIXDistributionPoint_RemoveCRLIssuer
- * nssPKIXDistributionPoint_Equal
- * nssPKIXDistributionPoint_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXDistributionPoint_verifyPointer
- *
- */
-
-/*
- * nssPKIXDistributionPoint_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPoint *
-nssPKIXDistributionPoint_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXDistributionPoint_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPoint *
-nssPKIXDistributionPoint_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXDistributionPointName *distributionPoint,
- NSSPKIXReasonFlags reasons,
- NSSPKIXGeneralNames *cRLIssuer
-);
-
-/*
- * nssPKIXDistributionPoint_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXDistributionPoint_Destroy
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * nssPKIXDistributionPoint_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXDistributionPoint_Encode
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXDistributionPoint_HasDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXDistributionPoint_HasDistributionPoint
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * nssPKIXDistributionPoint_GetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-nssPKIXDistributionPoint_GetDistributionPoint
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXDistributionPoint_SetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXDistributionPoint_SetDistributionPoint
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSPKIXDistributionPointName *name
-);
-
-/*
- * nssPKIXDistributionPoint_RemoveDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXDistributionPoint_RemoveDistributionPoint
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * nssPKIXDistributionPoint_HasReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXDistributionPoint_HasReasons
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * nssPKIXDistributionPoint_GetReasons
- *
- * It is unlikely that the reason flags are all zero; so zero is
- * returned in error situations.
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_REASONS
- *
- * Return value:
- * A valid nonzero NSSPKIXReasonFlags value upon success
- * A valid zero NSSPKIXReasonFlags if the value is indeed zero
- * Zero upon error
- */
-
-NSS_EXTERN NSSPKIXReasonFlags
-nssPKIXDistributionPoint_GetReasons
-(
- NSSPKIXDistributionPoint *distributionPoint,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXDistributionPoint_SetReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXDistributionPoint_SetReasons
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSPKIXReasonFlags reasons
-);
-
-/*
- * nssPKIXDistributionPoint_RemoveReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_REASONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXDistributionPoint_RemoveReasons
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * nssPKIXDistributionPoint_HasCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXDistributionPoint_HasCRLIssuer
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * nssPKIXDistributionPoint_GetCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_CRL_ISSUER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralNames *
-nssPKIXDistributionPoint_GetCRLIssuer
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXDistributionPoint_SetCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXDistributionPoint_SetCRLIssuer
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSPKIXGeneralNames *cRLIssuer
-);
-
-/*
- * nssPKIXDistributionPoint_RemoveCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_CRL_ISSUER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXDistributionPoint_RemoveCRLIssuer
-(
- NSSPKIXDistributionPoint *distributionPoint
-);
-
-/*
- * nssPKIXDistributionPoint_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXDistributionPoint_Equal
-(
- NSSPKIXDistributionPoint *distributionPoint1,
- NSSPKIXDistributionPoint *distributionPoint2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXDistributionPoint_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPoint *
-nssPKIXDistributionPoint_Duplicate
-(
- NSSPKIXDistributionPoint *distributionPoint,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXDistributionPoint_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXDistributionPoint
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXDistributionPoint_verifyPointer
-(
- NSSPKIXDistributionPoint *p
-);
-#endif /* DEBUG */
-
-/*
- * DistributionPointName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DistributionPointName ::= CHOICE {
- * fullName [0] GeneralNames,
- * nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
- *
- * The private calls for this type:
- *
- * nssPKIXDistributionPointName_Decode
- * nssPKIXDistributionPointName_Create
- * nssPKIXDistributionPointName_CreateFromFullName
- * nssPKIXDistributionPointName_CreateFromNameRelativeToCRLIssuer
- * nssPKIXDistributionPointName_Destroy
- * nssPKIXDistributionPointName_Encode
- * nssPKIXDistributionPointName_GetChoice
- * nssPKIXDistributionPointName_GetFullName
- * nssPKIXDistributionPointName_GetNameRelativeToCRLIssuer
- * nssPKIXDistributionPointName_Equal
- * nssPKIXDistributionPointName_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXDistributionPointName_verifyPointer
- *
- */
-
-/*
- * nssPKIXDistributionPointName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-nssPKIXDistributionPointName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXDistributionPointName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME_CHOICE
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- * NSS_ERROR_INVALID_PKIX_RELATIVE_DISTINGUISHED_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-nssPKIXDistributionPointName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXDistributionPointNameChoice which,
- void *name
-);
-
-/*
- * nssPKIXDistributionPointName_CreateFromFullName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAMES
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-nssPKIXDistributionPointName_CreateFromFullName
-(
- NSSArena *arenaOpt,
- NSSPKIXGeneralNames *fullName
-);
-
-/*
- * nssPKIXDistributionPointName_CreateFromNameRelativeToCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RELATIVE_DISTINGUISHED_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-nssPKIXDistributionPointName_CreateFromNameRelativeToCRLIssuer
-(
- NSSArena *arenaOpt,
- NSSPKIXRelativeDistinguishedName *nameRelativeToCRLIssuer
-);
-
-/*
- * nssPKIXDistributionPointName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXDistributionPointName_Destroy
-(
- NSSPKIXDistributionPointName *dpn
-);
-
-/*
- * nssPKIXDistributionPointName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXDistributionPointName_Encode
-(
- NSSPKIXDistributionPointName *dpn,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXDistributionPointName_GetChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- *
- * Return value:
- * A valid NSSPKIXDistributionPointNameChoice value upon success
- * NSSPKIXDistributionPointNameChoice_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointNameChoice
-nssPKIXDistributionPointName_GetChoice
-(
- NSSPKIXDistributionPointName *dpn
-);
-
-/*
- * nssPKIXDistributionPointName_GetFullName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralNames upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralnames *
-nssPKIXDistributionPointName_GetFullName
-(
- NSSPKIXDistributionPointName *dpn,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXDistributionPointName_GetNameRelativeToCRLIssuer
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-nssPKIXDistributionPointName_GetNameRelativeToCRLIssuer
-(
- NSSPKIXDistributionPointName *dpn,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXDistributionPointName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXDistributionPointName_Equal
-(
- NSSPKIXDistributionPointName *dpn1,
- NSSPKIXDistributionPointName *dpn2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXDistributionPointName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-nssPKIXDistributionPointName_Duplicate
-(
- NSSPKIXDistributionPointName *dpn,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXDistributionPointName_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXDistributionPointName
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXDistributionPointName_verifyPointer
-(
- NSSPKIXDistributionPointName *p
-);
-#endif /* DEBUG */
-
-/*
- * ReasonFlags
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ReasonFlags ::= BIT STRING {
- * unused (0),
- * keyCompromise (1),
- * cACompromise (2),
- * affiliationChanged (3),
- * superseded (4),
- * cessationOfOperation (5),
- * certificateHold (6) }
- *
- * The private calls for this type:
- *
- * nssPKIXReasonFlags_Decode
- * nssPKIXReasonFlags_Create
- * nssPKIXReasonFlags_CreateFromMask
- * nssPKIXReasonFlags_Destroy
- * nssPKIXReasonFlags_Encode
- * nssPKIXReasonFlags_GetMask
- * nssPKIXReasonFlags_SetMask
- * nssPKIXReasonFlags_Equal
- * nssPKIXReasonFlags_Duplicate
- * { bitwise accessors? }
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXReasonFlags_verifyPointer
- *
- */
-
-/*
- * nssPKIXReasonFlags_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXReasonFlags upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlags *
-nssPKIXReasonFlags_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXReasonFlags_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXReasonFlags upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlags *
-nssPKIXReasonFlags_Create
-(
- NSSArena *arenaOpt,
- PRBool keyCompromise,
- PRBool cACompromise,
- PRBool affiliationChanged,
- PRBool superseded,
- PRBool cessationOfOperation,
- PRBool certificateHold
-);
-
-/*
- * nssPKIXReasonFlags_CreateFromMask
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS_MASK
- *
- * Return value:
- * A valid pointer to an NSSPKIXReasonFlags upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlags *
-nssPKIXReasonFlags_CreateFromMask
-(
- NSSArena *arenaOpt,
- NSSPKIXReasonFlagsMask why
-);
-
-/*
- * nssPKIXReasonFlags_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXReasonFlags_Destroy
-(
- NSSPKIXReasonFlags *reasonFlags
-);
-
-/*
- * nssPKIXReasonFlags_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXReasonFlags_Encode
-(
- NSSPKIXReasonFlags *reasonFlags,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXReasonFlags_GetMask
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- *
- * Return value:
- * A valid mask of NSSPKIXReasonFlagsMask values upon success
- * NSSPKIXReasonFlagsMask_NSSinvalid upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlagsMask
-nssPKIXReasonFlags_GetMask
-(
- NSSPKIXReasonFlags *reasonFlags
-);
-
-/*
- * nssPKIXReasonFlags_SetMask
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS_MASK
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXReasonFlags_SetMask
-(
- NSSPKIXReasonFlags *reasonFlags,
- NSSPKIXReasonFlagsMask mask
-);
-
-/*
- * nssPKIXReasonFlags_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXReasonFlags_Equal
-(
- NSSPKIXReasonFlags *reasonFlags1,
- NSSPKIXReasonFlags *reasonFlags2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXReasonFlags_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXReasonFlags upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlags *
-nssPKIXReasonFlags_Duplicate
-(
- NSSPKIXReasonFlags *reasonFlags,
- NSSArena *arenaOpt
-);
-
-/*
- * { bitwise accessors? }
- *
- */
-
-#ifdef DEBUG
-/*
- * nssPKIXReasonFlags_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXReasonFlags
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXReasonFlags_verifyPointer
-(
- NSSPKIXReasonFlags *p
-);
-#endif /* DEBUG */
-
-/*
- * ExtKeyUsageSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- * The private calls for this type:
- *
- * nssPKIXExtKeyUsageSyntax_Decode
- * nssPKIXExtKeyUsageSyntax_Create
- * nssPKIXExtKeyUsageSyntax_Destroy
- * nssPKIXExtKeyUsageSyntax_Encode
- * nssPKIXExtKeyUsageSyntax_GetKeyPurposeIdCount
- * nssPKIXExtKeyUsageSyntax_GetKeyPurposeIds
- * nssPKIXExtKeyUsageSyntax_SetKeyPurposeIds
- * nssPKIXExtKeyUsageSyntax_GetKeyPurposeId
- * nssPKIXExtKeyUsageSyntax_SetKeyPurposeId
- * nssPKIXExtKeyUsageSyntax_InsertKeyPurposeId
- * nssPKIXExtKeyUsageSyntax_AppendKeyPurposeId
- * nssPKIXExtKeyUsageSyntax_RemoveKeyPurposeId
- * nssPKIXExtKeyUsageSyntax_FindKeyPurposeId
- * nssPKIXExtKeyUsageSyntax_Equal
- * nssPKIXExtKeyUsageSyntax_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXExtKeyUsageSyntax_verifyPointer
- *
- */
-
-/*
- * nssPKIXExtKeyUsageSyntax_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtKeyUsageSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtKeyUsageSyntax *
-nssPKIXExtKeyUsageSyntax_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtKeyUsageSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtKeyUsageSyntax *
-nssPKIXExtKeyUsageSyntax_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXKeyPurposeId *kpid1,
- ...
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtKeyUsageSyntax_Destroy
-(
- NSSPKIXExtKeyUsageSyntax *eku
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXExtKeyUsageSyntax_Encode
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_GetKeyPurposeIdCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXExtKeyUsageSyntax_GetKeyPurposeIdCount
-(
- NSSPKIXExtKeyUsageSyntax *eku
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_GetKeyPurposeIds
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXKeyPurposeId pointers upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXKeyPurposeId **
-nssPKIXExtKeyUsageSyntax_GetKeyPurposeIds
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSPKIXKeyPurposeId *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_SetKeyPurposeIds
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtKeyUsageSyntax_SetKeyPurposeIds
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSPKIXKeyPurposeId *ids[],
- PRInt32 count
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_GetKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXKeyPurposeId upon success
- * NULL upon error
- */
-
-NSS_EXTERN NSSPKIXKeyPurposeId *
-nssPKIXExtKeyUsageSyntax_GetKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_SetKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtKeyUsageSyntax_SetKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- PRInt32 i,
- NSSPKIXKeyPurposeId *id
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_InsertKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtKeyUsageSyntax_InsertKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- PRInt32 i,
- NSSPKIXKeyPurposeId *id
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_AppendKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtKeyUsageSyntax_AppendKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSPKIXKeyPurposeId *id
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_RemoveKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtKeyUsageSyntax_RemoveKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- PRInt32 i
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_FindKeyPurposeId
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_PKIX_KEY_PURPOSE_ID
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified key purpose id upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXExtKeyUsageSyntax_FindKeyPurposeId
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSPKIXKeyPurposeId *id
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXExtKeyUsageSyntax_Equal
-(
- NSSPKIXExtKeyUsageSyntax *eku1,
- NSSPKIXExtKeyUsageSyntax *eku2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXExtKeyUsageSyntax_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXExtKeyUsageSyntax upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXExtKeyUsageSyntax *
-nssPKIXExtKeyUsageSyntax_Duplicate
-(
- NSSPKIXExtKeyUsageSyntax *eku,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXExtKeyUsageSyntax_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXExtKeyUsageSyntax
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_EXT_KEY_USAGE_SYNTAX
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXExtKeyUsageSyntax_verifyPointer
-(
- NSSPKIXExtKeyUsageSyntax *p
-);
-#endif /* DEBUG */
-
-/*
- * AuthorityInfoAccessSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AuthorityInfoAccessSyntax ::=
- * SEQUENCE SIZE (1..MAX) OF AccessDescription
- *
- * The private calls for this type:
- *
- * nssPKIXAuthorityInfoAccessSyntax_Decode
- * nssPKIXAuthorityInfoAccessSyntax_Create
- * nssPKIXAuthorityInfoAccessSyntax_Destroy
- * nssPKIXAuthorityInfoAccessSyntax_Encode
- * nssPKIXAuthorityInfoAccessSyntax_GetAccessDescriptionCount
- * nssPKIXAuthorityInfoAccessSyntax_GetAccessDescriptions
- * nssPKIXAuthorityInfoAccessSyntax_SetAccessDescriptions
- * nssPKIXAuthorityInfoAccessSyntax_GetAccessDescription
- * nssPKIXAuthorityInfoAccessSyntax_SetAccessDescription
- * nssPKIXAuthorityInfoAccessSyntax_InsertAccessDescription
- * nssPKIXAuthorityInfoAccessSyntax_AppendAccessDescription
- * nssPKIXAuthorityInfoAccessSyntax_RemoveAccessDescription
- * nssPKIXAuthorityInfoAccessSyntax_FindAccessDescription
- * nssPKIXAuthorityInfoAccessSyntax_Equal
- * nssPKIXAuthorityInfoAccessSyntax_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXAuthorityInfoAccessSyntax_verifyPointer
- *
- */
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityInfoAccessSyntax upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityInfoAccessSyntax *
-nssPKIXAuthorityInfoAccessSyntax_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityInfoAccessSyntax upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityInfoAccessSyntax *
-nssPKIXAuthorityInfoAccessSyntax_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAccessDescription *ad1,
- ...
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityInfoAccessSyntax_Destroy
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXAuthorityInfoAccessSyntax_Encode
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_GetAccessDescriptionCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXAuthorityInfoAccessSyntax_GetAccessDescriptionCount
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_GetAccessDescriptions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXAccessDescription pointers
- * upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAccessDescription **
-nssPKIXAuthorityInfoAccessSyntax_GetAccessDescriptions
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSPKIXAccessDescription *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_SetAccessDescriptions
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityInfoAccessSyntax_SetAccessDescriptions
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSPKIXAccessDescription *ad[],
- PRInt32 count
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_GetAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAccessDescription upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAccessDescription *
-nssPKIXAuthorityInfoAccessSyntax_GetAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- PRInt32 i,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_SetAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityInfoAccessSyntax_SetAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- PRInt32 i,
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_InsertAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityInfoAccessSyntax_InsertAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- PRInt32 i,
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_AppendAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityInfoAccessSyntax_AppendAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_RemoveAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityInfoAccessSyntax_RemoveAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- PRInt32 i
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_FindAccessDescription
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified policy mapping upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-nssPKIXAuthorityInfoAccessSyntax_FindAccessDescription
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXAuthorityInfoAccessSyntax_Equal
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias1,
- NSSPKIXAuthorityInfoAccessSyntax *aias2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXAuthorityInfoAccessSyntax_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAuthorityInfoAccessSyntax upon
- * success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAuthorityInfoAccessSyntax *
-nssPKIXAuthorityInfoAccessSyntax_Duplicate
-(
- NSSPKIXAuthorityInfoAccessSyntax *aias,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXAuthorityInfoAccessSyntax_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXAuthorityInfoAccessSyntax
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_AUTHORITY_INFO_ACCESS_SYNTAX
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAuthorityInfoAccessSyntax_verifyPointer
-(
- NSSPKIXAuthorityInfoAccessSyntax *p
-);
-#endif /* DEBUG */
-
-/*
- * AccessDescription
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName }
- *
- * The private calls for this type:
- *
- * nssPKIXAccessDescription_Decode
- * nssPKIXAccessDescription_Create
- * nssPKIXAccessDescription_Destroy
- * nssPKIXAccessDescription_Encode
- * nssPKIXAccessDescription_GetAccessMethod
- * nssPKIXAccessDescription_SetAccessMethod
- * nssPKIXAccessDescription_GetAccessLocation
- * nssPKIXAccessDescription_SetAccessLocation
- * nssPKIXAccessDescription_Equal
- * nssPKIXAccessDescription_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXAccessDescription_verifyPointer
- *
- */
-
-/*
- * nssPKIXAccessDescription_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAccessDescription upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAccessDescription *
-nssPKIXAccessDescription_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXAccessDescription_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- *
- * Return value:
- * A valid pointer to an NSSPKIXAccessDescription upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAccessDescription *
-nssPKIXAccessDescription_Create
-(
- NSSArena *arenaOpt,
- NSSOID *accessMethod,
- NSSPKIXGeneralName *accessLocation
-);
-
-/*
- * nssPKIXAccessDescription_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAccessDescription_Destroy
-(
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * nssPKIXAccessDescription_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXAccessDescription_Encode
-(
- NSSPKIXAccessDescription *ad,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAccessDescription_GetAccessMethod
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSOID pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSOID *
-nssPKIXAccessDescription_GetAccessMethod
-(
- NSSPKIXAccessDescription *ad
-);
-
-/*
- * nssPKIXAccessDescription_SetAccessMethod
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAccessDescription_SetAccessMethod
-(
- NSSPKIXAccessDescription *ad,
- NSSOID *accessMethod
-);
-
-/*
- * nssPKIXAccessDescription_GetAccessLocation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXGeneralName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXGeneralName *
-nssPKIXAccessDescription_GetAccessLocation
-(
- NSSPKIXAccessDescription *ad,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXAccessDescription_SetAccessLocation
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_INVALID_PKIX_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAccessDescription_SetAccessLocation
-(
- NSSPKIXAccessDescription *ad,
- NSSPKIXGeneralName *accessLocation
-);
-
-/*
- * nssPKIXAccessDescription_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXAccessDescription_Equal
-(
- NSSPKIXAccessDescription *ad1,
- NSSPKIXAccessDescription *ad2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXAccessDescription_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAccessDescription upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAccessDescription *
-nssPKIXAccessDescription_Duplicate
-(
- NSSPKIXAccessDescription *ad,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXAccessDescription_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXAccessDescription
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ACCESS_DESCRIPTION
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAccessDescription_verifyPointer
-(
- NSSPKIXAccessDescription *p
-);
-#endif /* DEBUG */
-
-/*
- * IssuingDistributionPoint
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * IssuingDistributionPoint ::= SEQUENCE {
- * distributionPoint [0] DistributionPointName OPTIONAL,
- * onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
- * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
- * onlySomeReasons [3] ReasonFlags OPTIONAL,
- * indirectCRL [4] BOOLEAN DEFAULT FALSE }
- *
- * The private calls for this type:
- *
- * nssPKIXIssuingDistributionPoint_Decode
- * nssPKIXIssuingDistributionPoint_Create
- * nssPKIXIssuingDistributionPoint_Destroy
- * nssPKIXIssuingDistributionPoint_Encode
- * nssPKIXIssuingDistributionPoint_HasDistributionPoint
- * nssPKIXIssuingDistributionPoint_GetDistributionPoint
- * nssPKIXIssuingDistributionPoint_SetDistributionPoint
- * nssPKIXIssuingDistributionPoint_RemoveDistributionPoint
- * nssPKIXIssuingDistributionPoint_GetOnlyContainsUserCerts
- * nssPKIXIssuingDistributionPoint_SetOnlyContainsUserCerts
- * nssPKIXIssuingDistributionPoint_GetOnlyContainsCACerts
- * nssPKIXIssuingDistributionPoint_SetOnlyContainsCACerts
- * nssPKIXIssuingDistributionPoint_HasOnlySomeReasons
- * nssPKIXIssuingDistributionPoint_GetOnlySomeReasons
- * nssPKIXIssuingDistributionPoint_SetOnlySomeReasons
- * nssPKIXIssuingDistributionPoint_RemoveOnlySomeReasons
- * nssPKIXIssuingDistributionPoint_GetIndirectCRL
- * nssPKIXIssuingDistributionPoint_SetIndirectCRL
- * nssPKIXIssuingDistributionPoint_Equal
- * nssPKIXIssuingDistributionPoint_Duplicate
- *
- * In debug builds, the following call is available:
- *
- * nssPKIXIssuingDistributionPoint_verifyPointer
- *
- */
-
-/*
- * nssPKIXIssuingDistributionPoint_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXIssuingDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXIssuingDistributionPoint *
-nssPKIXIssuingDistributionPoint_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- *
- * Return value:
- * A valid pointer to an NSSPKIXIssuingDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXIssuingDistributionPoint *
-nssPKIXIssuingDistributionPoint_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXDistributionPointName *distributionPointOpt,
- PRBool onlyContainsUserCerts,
- PRBool onlyContainsCACerts,
- NSSPKIXReasonFlags *onlySomeReasons
- PRBool indirectCRL
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXIssuingDistributionPoint_Destroy
-(
- NSSPKIXIssuingDistributionPoint *idp
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXIssuingDistributionPoint_Encode
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_HasDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXIssuingDistributionPoint_HasDistributionPoint
-(
- NSSPKIXIssuingDistributionPoint *idp
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_GetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXDistributionPointName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXDistributionPointName *
-nssPKIXIssuingDistributionPoint_GetDistributionPoint
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_SetDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_PKIX_DISTRIBUTION_POINT_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXIssuingDistributionPoint_SetDistributionPoint
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSPKIXDistributionPointName *dpn
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_RemoveDistributionPoint
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXIssuingDistributionPoint_RemoveDistributionPoint
-(
- NSSPKIXIssuingDistributionPoint *idp
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_GetOnlyContainsUserCerts
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if the onlyContainsUserCerts value is true
- * PR_FALSE if it isn't
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXIssuingDistributionPoint_GetOnlyContainsUserCerts
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_SetOnlyContainsUserCerts
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXIssuingDistributionPoint_SetOnlyContainsUserCerts
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRBool onlyContainsUserCerts
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_GetOnlyContainsCACerts
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if the onlyContainsCACerts value is true
- * PR_FALSE if it isn't
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXIssuingDistributionPoint_GetOnlyContainsCACerts
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_SetOnlyContainsCACerts
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXIssuingDistributionPoint_SetOnlyContainsCACerts
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRBool onlyContainsCACerts
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_HasOnlySomeReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if it has one
- * PR_FALSE if it doesn't
- * PR_FALSE upon failure
- */
-
-NSS_EXTERN PRBool
-nssPKIXIssuingDistributionPoint_HasOnlySomeReasons
-(
- NSSPKIXIssuingDistributionPoint *idp
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_GetOnlySomeReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_ONLY_SOME_REASONS
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXReasonFlags upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXReasonFlags *
-nssPKIXIssuingDistributionPoint_GetOnlySomeReasons
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSArena *arenaOpt
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_SetOnlySomeReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_INVALID_PKIX_REASON_FLAGS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXIssuingDistributionPoint_SetOnlySomeReasons
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSPKIXReasonFlags *onlySomeReasons
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_RemoveOnlySomeReasons
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_HAS_NO_ONLY_SOME_REASONS
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXIssuingDistributionPoint_RemoveOnlySomeReasons
-(
- NSSPKIXIssuingDistributionPoint *idp
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_GetIndirectCRL
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if the indirectCRL value is true
- * PR_FALSE if it isn't
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXIssuingDistributionPoint_GetIndirectCRL
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_SetIndirectCRL
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXIssuingDistributionPoint_SetIndirectCRL
-(
- NSSPKIXIssuingDistributionPoint *idp,
- PRBool indirectCRL
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-nssPKIXIssuingDistributionPoint_Equal
-(
- NSSPKIXIssuingDistributionPoint *idp1,
- NSSPKIXIssuingDistributionPoint *idp2,
- PRStatus *statusOpt
-);
-
-/*
- * nssPKIXIssuingDistributionPoint_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXIssuingDistributionPoint upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXIssuingDistributionPoint *
-nssPKIXIssuingDistributionPoint_Duplicate
-(
- NSSPKIXIssuingDistributionPoint *idp,
- NSSArena *arenaOpt
-);
-
-#ifdef DEBUG
-/*
- * nssPKIXIssuingDistributionPoint_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXIssuingDistributionPoint
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ISSUING_DISTRIBUTION_POINT
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssPKIXIssuingDistributionPoint_verifyPointer
-(
- NSSPKIXIssuingDistributionPoint *p
-);
-#endif /* DEBUG */
-
-PR_END_EXTERN_C
-
-#endif /* NSSPKIX_H */
diff --git a/security/nss/lib/pkix/include/pkixm.h b/security/nss/lib/pkix/include/pkixm.h
deleted file mode 100644
index c273848b5..000000000
--- a/security/nss/lib/pkix/include/pkixm.h
+++ /dev/null
@@ -1,969 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef PKIXM_H
-#define PKIXM_H
-
-#ifdef DEBUG
-static const char PKIXM_CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * pkixm.h
- *
- * This file contains the private type definitions for the
- * PKIX part-1 objects. Mostly, this file contains the actual
- * structure definitions for the NSSPKIX types declared in nsspkixt.h.
- */
-
-#ifndef PKIXTM_H
-#include "pkixtm.h"
-#endif /* PKIXTM_H */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * nss_pkix_Attribute_v_create
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-nss_pkix_Attribute_v_create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- PRUint32 count,
- va_list ap
-);
-
-#ifdef DEBUG
-
-/*
- * nss_pkix_Attribute_add_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine adds an NSSPKIXAttribute pointer to
- * the internal pointer-tracker. This routine should only be used
- * by the NSSPKIX module. This routine returns a PRStatus value;
- * upon error it will place an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nss_pkix_Attribute_add_pointer
-(
- const NSSPKIXAttribute *p
-);
-
-/*
- * nss_pkix_Attribute_remove_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine removes a valid NSSPKIXAttribute
- * pointer from the internal pointer-tracker. This routine should
- * only be used by the NSSPKIX module. This routine returns a
- * PRStatus value; upon error it will place an error on the error
- * stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nss_pkix_Attribute_remove_pointer
-(
- const NSSPKIXAttribute *p
-);
-
-#endif /* DEBUG */
-
-
-#ifdef DEBUG
-
-NSS_EXTERN PRStatus
-nss_pkix_AttributeTypeAndValue_add_pointer
-(
- const NSSPKIXAttributeTypeAndValue *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_AttributeTypeAndValue_remove_pointer
-(
- const NSSPKIXAttributeTypeAndValue *p
-);
-
-#endif /* DEBUG */
-
-/*
- * nss_pkix_X520Name_DoUTF8
- *
- */
-
-NSS_EXTERN PR_STATUS
-nss_pkix_X520Name_DoUTF8
-(
- NSSPKIXX520Name *name
-);
-
-#ifdef DEBUG
-
-NSS_EXTERN PRStatus
-nss_pkix_X520Name_add_pointer
-(
- const NSSPKIXX520Name *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_X520Name_remove_pointer
-(
- const NSSPKIXX520Name *p
-);
-
-#endif /* DEBUG */
-
-/*
- * nss_pkix_X520CommonName_DoUTF8
- *
- */
-
-NSS_EXTERN PR_STATUS
-nss_pkix_X520CommonName_DoUTF8
-(
- NSSPKIXX520CommonName *name
-);
-
-#ifdef DEBUG
-
-NSS_EXTERN PRStatus
-nss_pkix_X520CommonName_add_pointer
-(
- const NSSPKIXX520CommonName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_X520CommonName_remove_pointer
-(
- const NSSPKIXX520CommonName *p
-);
-
-
-NSS_EXTERN PRStatus
-nss_pkix_Name_add_pointer
-(
- const NSSPKIXName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_Name_remove_pointer
-(
- const NSSPKIXName *p
-);
-
-/*
- * nss_pkix_RDNSequence_v_create
- */
-
-NSS_EXTERN NSSPKIXRDNSequence *
-nss_pkix_RDNSequence_v_create
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- va_list ap
-);
-
-/*
- * nss_pkix_RDNSequence_Clear
- *
- * Wipes out cached data.
- */
-
-NSS_EXTERN PRStatus
-nss_pkix_RDNSequence_Clear
-(
- NSSPKIXRDNSequence *rdnseq
-);
-
-#ifdef DEBUG
-
-#ifdef NSSDEBUG
-
-NSS_EXTERN PRStatus
-nss_pkix_RDNSequence_register
-(
- NSSPKIXRDNSequence *rdnseq
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_RDNSequence_deregister
-(
- NSSPKIXRDNSequence *rdnseq
-);
-
-#endif /* NSSDEBUG */
-
-NSS_EXTERN PRStatus
-nss_pkix_RDNSequence_add_pointer
-(
- const NSSPKIXRDNSequence *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_RDNSequence_remove_pointer
-(
- const NSSPKIXRDNSequence *p
-);
-
-#endif /* DEBUG */
-
-/*
- * nss_pkix_RelativeDistinguishedName_v_create
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-nss_pkix_RelativeDistinguishedName_V_Create
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- va_list ap
-);
-
-/*
- * nss_pkix_RelativeDistinguishedName_Clear
- *
- * Wipes out cached data.
- */
-
-NSS_EXTERN PRStatus
-nss_pkix_RelativeDistinguishedName_Clear
-(
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-#ifdef DEBUG
-
-#ifdef NSSDEBUG
-
-NSS_EXTERN PRStatus
-nss_pkix_RelativeDistinguishedName_register
-(
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_RelativeDistinguishedName_deregister
-(
- NSSPKIXRelativeDistinguishedName *rdn
-);
-
-#endif /* NSSDEBUG */
-
-NSS_EXTERN PRStatus
-nss_pkix_RelativeDistinguishedName_add_pointer
-(
- const NSSPKIXRelativeDistinguishedName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_RelativeDistinguishedName_remove_pointer
-(
- const NSSPKIXRelativeDistinguishedName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_Certificate_add_pointer
-(
- const NSSPKIXCertificate *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_Certificate_remove_pointer
-(
- const NSSPKIXCertificate *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TBSCertificate_add_pointer
-(
- const NSSPKIXTBSCertificate *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TBSCertificate_remove_pointer
-(
- const NSSPKIXTBSCertificate *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_Validity_add_pointer
-(
- const NSSPKIXValidity *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_Validity_remove_pointer
-(
- const NSSPKIXValidity *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_SubjectPublicKeyInfo_add_pointer
-(
- const NSSPKIXSubjectPublicKeyInfo *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_SubjectPublicKeyInfo_remove_pointer
-(
- const NSSPKIXSubjectPublicKeyInfo *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_CertificateList_add_pointer
-(
- const NSSPKIXCertificateList *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_CertificateList_remove_pointer
-(
- const NSSPKIXCertificateList *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TBSCertList_add_pointer
-(
- const NSSPKIXTBSCertList *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TBSCertList_remove_pointer
-(
- const NSSPKIXTBSCertList *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_revokedCertificates_add_pointer
-(
- const NSSPKIXrevokedCertificates *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_revokedCertificates_remove_pointer
-(
- const NSSPKIXrevokedCertificates *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_revokedCertificate_add_pointer
-(
- const NSSPKIXrevokedCertificate *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_revokedCertificate_remove_pointer
-(
- const NSSPKIXrevokedCertificate *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_AlgorithmIdentifier_add_pointer
-(
- const NSSPKIXAlgorithmIdentifier *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_AlgorithmIdentifier_remove_pointer
-(
- const NSSPKIXAlgorithmIdentifier *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ORAddress_add_pointer
-(
- const NSSPKIXORAddress *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ORAddress_remove_pointer
-(
- const NSSPKIXORAddress *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_BuiltInStandardAttributes_add_pointer
-(
- const NSSPKIXBuiltInStandardAttributes *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_BuiltInStandardAttributes_remove_pointer
-(
- const NSSPKIXBuiltInStandardAttributes *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PersonalName_add_pointer
-(
- const NSSPKIXPersonalName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PersonalName_remove_pointer
-(
- const NSSPKIXPersonalName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_OrganizationalUnitNames_add_pointer
-(
- const NSSPKIXOrganizationalUnitNames *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_OrganizationalUnitNames_remove_pointer
-(
- const NSSPKIXOrganizationalUnitNames *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_BuiltInDomainDefinedAttributes_add_pointer
-(
- const NSSPKIXBuiltInDomainDefinedAttributes *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_BuiltInDomainDefinedAttributes_remove_pointer
-(
- const NSSPKIXBuiltInDomainDefinedAttributes *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_BuiltInDomainDefinedAttribute_add_pointer
-(
- const NSSPKIXBuiltInDomainDefinedAttribute *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_BuiltInDomainDefinedAttribute_remove_pointer
-(
- const NSSPKIXBuiltInDomainDefinedAttribute *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ExtensionAttributes_add_pointer
-(
- const NSSPKIXExtensionAttributes *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ExtensionAttributes_remove_pointer
-(
- const NSSPKIXExtensionAttribute *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ExtensionAttribute_add_pointer
-(
- const NSSPKIXExtensionAttribute *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ExtensionAttribute_remove_pointer
-(
- const NSSPKIXExtensionAttribute *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TeletexPersonalName_add_pointer
-(
- const NSSPKIXTeletexPersonalName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TeletexPersonalName_remove_pointer
-(
- const NSSPKIXTeletexPersonalName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TeletexOrganizationalUnitNames_add_pointer
-(
- const NSSPKIXTeletexOrganizationalUnitNames *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TeletexOrganizationalUnitNames_remove_pointer
-(
- const NSSPKIXTeletexOrganizationalUnitNames *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PDSParameter_add_pointer
-(
- const NSSPKIXPDSParameter *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PDSParameter_remove_pointer
-(
- const NSSPKIXPDSParameter *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ExtendedNetworkAddress_add_pointer
-(
- const NSSPKIXExtendedNetworkAddress *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ExtendedNetworkAddress_remove_pointer
-(
- const NSSPKIXExtendedNetworkAddress *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_e1634Address_add_pointer
-(
- const NSSPKIXe1634Address *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_e1634Address_remove_pointer
-(
- const NSSPKIXe1634Address *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TeletexDomainDefinedAttributes_add_pointer
-(
- const NSSPKIXTeletexDomainDefinedAttributes *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TeletexDomainDefinedAttributes_remove_pointer
-(
- const NSSPKIXTeletexDomainDefinedAttributes *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TeletexDomainDefinedAttribute_add_pointer
-(
- const NSSPKIXTeletexDomainDefinedAttribute *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_TeletexDomainDefinedAttribute_remove_pointer
-(
- const NSSPKIXTeletexDomainDefinedAttribute *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_AuthorityKeyIdentifier_add_pointer
-(
- const NSSPKIXAuthorityKeyIdentifier *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_AuthorityKeyIdentifier_remove_pointer
-(
- const NSSPKIXAuthorityKeyIdentifier *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_KeyUsage_add_pointer
-(
- const NSSPKIXKeyUsage *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_KeyUsage_remove_pointer
-(
- const NSSPKIXKeyUsage *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PrivateKeyUsagePeriod_add_pointer
-(
- const NSSPKIXPrivateKeyUsagePeriod *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PrivateKeyUsagePeriod_remove_pointer
-(
- const NSSPKIXPrivateKeyUsagePeriod *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_CertificatePolicies_add_pointer
-(
- const NSSPKIXCertificatePolicies *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_CertificatePolicies_remove_pointer
-(
- const NSSPKIXCertificatePolicies *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PolicyInformation_add_pointer
-(
- const NSSPKIXPolicyInformation *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PolicyInformation_remove_pointer
-(
- const NSSPKIXPolicyInformation *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PolicyQualifierInfo_add_pointer
-(
- const NSSPKIXPolicyQualifierInfo *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PolicyQualifierInfo_remove_pointer
-(
- const NSSPKIXPolicyQualifierInfo *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_UserNotice_add_pointer
-(
- const NSSPKIXUserNotice *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_UserNotice_remove_pointer
-(
- const NSSPKIXUserNotice *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_NoticeReference_add_pointer
-(
- const NSSPKIXNoticeReference *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_NoticeReference_remove_pointer
-(
- const NSSPKIXNoticeReference *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PolicyMappings_add_pointer
-(
- const NSSPKIXPolicyMappings *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PolicyMappings_remove_pointer
-(
- const NSSPKIXPolicyMappings *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_policyMapping_add_pointer
-(
- const NSSPKIXpolicyMapping *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_policyMapping_remove_pointer
-(
- const NSSPKIXpolicyMapping *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_GeneralName_add_pointer
-(
- const NSSPKIXGeneralName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_GeneralName_remove_pointer
-(
- const NSSPKIXGeneralName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_GeneralNames_add_pointer
-(
- const NSSPKIXGeneralNames *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_GeneralNames_remove_pointer
-(
- const NSSPKIXGeneralNames *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_AnotherName_add_pointer
-(
- const NSSPKIXAnotherName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_AnotherName_remove_pointer
-(
- const NSSPKIXAnotherName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_EDIPartyName_add_pointer
-(
- const NSSPKIXEDIPartyName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_EDIPartyName_remove_pointer
-(
- const NSSPKIXEDIPartyName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_SubjectDirectoryAttributes_add_pointer
-(
- const NSSPKIXSubjectDirectoryAttributes *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_SubjectDirectoryAttributes_remove_pointer
-(
- const NSSPKIXSubjectDirectoryAttributes *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_BasicConstraints_add_pointer
-(
- const NSSPKIXBasicConstraints *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_BasicConstraints_remove_pointer
-(
- const NSSPKIXBasicConstraints *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_NameConstraints_add_pointer
-(
- const NSSPKIXNameConstraints *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_NameConstraints_remove_pointer
-(
- const NSSPKIXNameConstraints *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_GeneralSubtrees_add_pointer
-(
- const NSSPKIXGeneralSubtrees *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_GeneralSubtrees_remove_pointer
-(
- const NSSPKIXGeneralSubtrees *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_GeneralSubtree_add_pointer
-(
- const NSSPKIXGeneralSubtree *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_GeneralSubtree_remove_pointer
-(
- const NSSPKIXGeneralSubtree *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PolicyConstraints_add_pointer
-(
- const NSSPKIXPolicyConstraints *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_PolicyConstraints_remove_pointer
-(
- const NSSPKIXPolicyConstraints *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_CRLDistPointsSyntax_add_pointer
-(
- const NSSPKIXCRLDistPointsSyntax *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_CRLDistPointsSyntax_remove_pointer
-(
- const NSSPKIXCRLDistPointsSyntax *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_DistributionPoint_add_pointer
-(
- const NSSPKIXDistributionPoint *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_DistributionPoint_remove_pointer
-(
- const NSSPKIXDistributionPoint *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_DistributionPointName_add_pointer
-(
- const NSSPKIXDistributionPointName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_DistributionPointName_remove_pointer
-(
- const NSSPKIXDistributionPointName *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ReasonFlags_add_pointer
-(
- const NSSPKIXReasonFlags *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ReasonFlags_remove_pointer
-(
- const NSSPKIXReasonFlags *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ExtKeyUsageSyntax_add_pointer
-(
- const NSSPKIXExtKeyUsageSyntax *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_ExtKeyUsageSyntax_remove_pointer
-(
- const NSSPKIXExtKeyUsageSyntax *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_AuthorityInfoAccessSyntax_add_pointer
-(
- const NSSPKIXAuthorityInfoAccessSyntax *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_AuthorityInfoAccessSyntax_remove_pointer
-(
- const NSSPKIXAuthorityInfoAccessSyntax *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_AccessDescription_add_pointer
-(
- const NSSPKIXAccessDescription *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_AccessDescription_remove_pointer
-(
- const NSSPKIXAccessDescription *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_IssuingDistributionPoint_add_pointer
-(
- const NSSPKIXIssuingDistributionPoint *p
-);
-
-NSS_EXTERN PRStatus
-nss_pkix_IssuingDistributionPoint_remove_pointer
-(
- const NSSPKIXIssuingDistributionPoint *p
-);
-
-#endif /* DEBUG */
-
-PR_END_EXTERN_C
-
-#endif /* PKIXM_H */
diff --git a/security/nss/lib/pkix/include/pkixt.h b/security/nss/lib/pkix/include/pkixt.h
deleted file mode 100644
index b620cfb8c..000000000
--- a/security/nss/lib/pkix/include/pkixt.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef PKIXT_H
-#define PKIXT_H
-
-#ifdef DEBUG
-static const char PKIXT_CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * pkixt.h
- *
- * This file contains the private type definitions for the
- * PKIX part-1 objects. Mostly, this file contains the actual
- * structure definitions for the NSSPKIX types declared in nsspkixt.h.
- */
-
-#ifndef NSSPKIXT_H
-#include "nsspkixt.h"
-#endif /* NSSPKIXT_H */
-
-PR_BEGIN_EXTERN_C
-
-PR_END_EXTERN_C
-
-#endif /* PKIXT_H */
diff --git a/security/nss/lib/pkix/include/pkixtm.h b/security/nss/lib/pkix/include/pkixtm.h
deleted file mode 100644
index 1a9e57af0..000000000
--- a/security/nss/lib/pkix/include/pkixtm.h
+++ /dev/null
@@ -1,1581 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef PKIXTM_H
-#define PKIXTM_H
-
-#ifdef DEBUG
-static const char PKIXTM_CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * pkixtm.h
- *
- * This file contains the module-private type definitions for the
- * PKIX part-1 objects. Mostly, this file contains the actual
- * structure definitions for the NSSPKIX types declared in nsspkixt.h.
- */
-
-#ifndef NSSPKIXT_H
-#include "nsspkixt.h"
-#endif /* NSSPKIXT_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * Attribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Attribute ::= SEQUENCE {
- * type AttributeType,
- * values SET OF AttributeValue
- * -- at least one value is required -- }
- *
- */
-
-struct NSSPKIXAttributeStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSBER *ber;
- NSSDER *der;
- nssASN1Item asn1type;
- nssASN1Item **asn1values;
- NSSPKIXAttributeType *type;
- PRUint32 valuesCount;
-};
-
-/*
- * AttributeTypeAndValue
- *
- * This structure contains an attribute type (indicated by an OID),
- * and the type-specific value. RelativeDistinguishedNamess consist
- * of a set of these. These are distinct from Attributes (which have
- * SET of values), from AttributeDescriptions (which have qualifiers
- * on the types), and from AttributeValueAssertions (which assert a
- * a value comparison under some matching rule).
- *
- * From RFC 2459:
- *
- * AttributeTypeAndValue ::= SEQUENCE {
- * type AttributeType,
- * value AttributeValue }
- *
- */
-
-struct NSSPKIXAttributeTypeAndValueStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- nssASN1Item asn1type;
- nssASN1Item asn1value;
- NSSPKIXAttributeType *type;
- NSSUTF8 *utf8;
-};
-
-/*
- * X520Name
- *
- * From RFC 2459:
- *
- * X520name ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-name)),
- * printableString PrintableString (SIZE (1..ub-name)),
- * universalString UniversalString (SIZE (1..ub-name)),
- * utf8String UTF8String (SIZE (1..ub-name)),
- * bmpString BMPString (SIZE(1..ub-name)) }
- *
- *
- * ub-name INTEGER ::= 32768
- *
- */
-
-struct NSSPKIXX520NameStr {
- nssASN1Item string;
- NSSUTF8 *utf8;
- NSSDER *der;
- PRBool wasPrintable;
- PRBool inArena;
-};
-
-/*
- * From RFC 2459:
- *
- * X520CommonName ::= CHOICE {
- * teletexString TeletexString (SIZE (1..ub-common-name)),
- * printableString PrintableString (SIZE (1..ub-common-name)),
- * universalString UniversalString (SIZE (1..ub-common-name)),
- * utf8String UTF8String (SIZE (1..ub-common-name)),
- * bmpString BMPString (SIZE(1..ub-common-name)) }
- *
- * ub-common-name INTEGER ::= 64
- *
- */
-
-struct NSSPKIXX520CommonNameStr {
-};
-
-/*
- * Name
- *
- * This structure contains a union of the possible name formats,
- * which at the moment is limited to an RDNSequence.
- *
- * From RFC 2459:
- *
- * Name ::= CHOICE { -- only one possibility for now --
- * rdnSequence RDNSequence }
- *
- */
-
-struct NSSPKIXNameStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *ber;
- NSSDER *der;
- NSSUTF8 *utf;
- NSSPKIXNameChoice choice;
- union {
- NSSPKIXRDNSequence *rdnSequence;
- } u;
-};
-
-/*
- * RDNSequence
- *
- * This structure contains a sequence of RelativeDistinguishedName
- * objects.
- *
- * From RFC 2459:
- *
- * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- *
- */
-
-struct NSSPKIXRDNSequenceStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSBER *ber;
- NSSDER *der;
- NSSUTF8 *utf8;
- PRUint32 count;
- NSSPKIXRelativeDistinguishedName **rdns;
-};
-
-/*
- * RelativeDistinguishedName
- *
- * This structure contains an unordered set of AttributeTypeAndValue
- * objects. RDNs are used to distinguish a set of objects underneath
- * a common object.
- *
- * Often, a single ATAV is sufficient to make a unique distinction.
- * For example, if a company assigns its people unique uid values,
- * then in the Name "uid=smith,ou=People,o=Acme,c=US" the "uid=smith"
- * ATAV by itself forms an RDN. However, sometimes a set of ATAVs is
- * needed. For example, if a company needed to distinguish between
- * two Smiths by specifying their corporate divisions, then in the
- * Name "(cn=Smith,ou=Sales),ou=People,o=Acme,c=US" the parenthesised
- * set of ATAVs forms the RDN.
- *
- * From RFC 2459:
- *
- * RelativeDistinguishedName ::=
- * SET SIZE (1 .. MAX) OF AttributeTypeAndValue
- *
- */
-
-struct NSSPKIXRelativeDistinguishedNameStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSBER *ber;
- NSSUTF8 *utf8;
- PRUint32 count;
- NSSPKIXAttributeTypeAndValue **atavs;
-};
-
-/*
- * Certificate
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Certificate ::= SEQUENCE {
- * tbsCertificate TBSCertificate,
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING }
- *
- */
-
-struct NSSPKIXCertificateStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXTBSCertificate *tbsCertificate;
- NSSPKIXAlgorithmIdentifier *signatureAlgorithm;
- NSSItem *signature;
-};
-
-/*
- * TBSCertificate
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TBSCertificate ::= SEQUENCE {
- * version [0] Version DEFAULT v1,
- * serialNumber CertificateSerialNumber,
- * signature AlgorithmIdentifier,
- * issuer Name,
- * validity Validity,
- * subject Name,
- * subjectPublicKeyInfo SubjectPublicKeyInfo,
- * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version shall be v2 or v3
- * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version shall be v2 or v3
- * extensions [3] Extensions OPTIONAL
- * -- If present, version shall be v3 -- }
- *
- */
-
-struct NSSPKIXTBSCertificateStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXVersion version;
- NSSPKIXCertificateSerialNumber serialNumber;
- NSSPKIXAlgorithmIdentifier *signature;
- NSSPKIXName *issuer;
- NSSPKIXValidity *validity;
- NSSPKIXName *subject;
- NSSPKIXSubjectPublicKeyInfo *subjectPublicKeyInfo;
- NSSPKIXUniqueIdentifier *issuerUniqueID;
- NSSPKIXUniqueIdentifier *subjectUniqueID;
- NSSPKIXExtensions *extensions;
-};
-
-/*
- * Validity
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- */
-
-struct NSSPKIXValidityStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * Time
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- *
- */
-
-struct NSSPKIXTimeStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSBER *ber;
- nssASN1Item asn1item;
- PRTime prTime;
- PRBool prTimeValid;
-};
-
-/*
- * SubjectPublicKeyInfo
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- *
- */
-
-struct NSSPKIXSubjectPublicKeyInfoStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXAlgorithmIdentifier *algorithm;
- NSSItem *subjectPublicKey;
-};
-
-/*
- * Extensions
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
- *
- */
-
-struct NSSPKIXExtensionsStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * Extension
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * Extension ::= SEQUENCE {
- * extnID OBJECT IDENTIFIER,
- * critical BOOLEAN DEFAULT FALSE,
- * extnValue OCTET STRING }
- *
- */
-
-struct NSSPKIXExtensionStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSOID *extnID;
- PRBool critical;
- NSSItem *extnValue;
-};
-
-/*
- * CertificateList
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificateList ::= SEQUENCE {
- * tbsCertList TBSCertList,
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING }
- *
- */
-
-struct NSSPKIXCertificateListStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXTBSCertList *tbsCertList;
- NSSPKIXAlgorithmIdentifier *signatureAlgorithm;
- NSSItem *signature;
-};
-
-/*
- * TBSCertList
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TBSCertList ::= SEQUENCE {
- * version Version OPTIONAL,
- * -- if present, shall be v2
- * signature AlgorithmIdentifier,
- * issuer Name,
- * thisUpdate Time,
- * nextUpdate Time OPTIONAL,
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- * crlExtensions [0] Extensions OPTIONAL
- * -- if present, shall be v2 -- }
- *
- */
-
-struct NSSPKIXTBSCertListStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXVersion version;
- NSSPKIXAlgorithmIdentifier *signature;
- NSSPKIXName *issuer;
- -time- thisUpdate;
- -time- nextUpdate;
- NSSPKIXrevokedCertificates *revokedCertificates;
- NSSPKIXExtensions *crlExtensions;
-};
-
-/*
- * revokedCertificates
- *
- * This is a "helper type" to simplify handling of TBSCertList objects.
- *
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- *
- */
-
-struct NSSPKIXrevokedCertificatesStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * revokedCertificate
- *
- * This is a "helper type" to simplify handling of TBSCertList objects.
- *
- * SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, shall be v2
- * } OPTIONAL,
- *
- */
-
-struct NSSPKIXrevokedCertificateStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXCertificateSerialNumber *userCertificate;
- -time- revocationDate;
- NSSPKIXExtensions *crlEntryExtensions;
-};
-
-/*
- * AlgorithmIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * (1988 syntax)
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- * -- contains a value of the type
- * -- registered for use with the
- * -- algorithm object identifier value
- *
- *
- */
-
-struct NSSPKIXAlgorithmIdentifierStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSBER *ber;
- NSSOID *algorithm;
- NSSItem *parameters;
-};
-
-/*
- * -- types related to NSSPKIXAlgorithmIdentifiers:
- *
- * Dss-Sig-Value ::= SEQUENCE {
- * r INTEGER,
- * s INTEGER }
- *
- * DomainParameters ::= SEQUENCE {
- * p INTEGER, -- odd prime, p=jq +1
- * g INTEGER, -- generator, g
- * q INTEGER, -- factor of p-1
- * j INTEGER OPTIONAL, -- subgroup factor, j>= 2
- * validationParms ValidationParms OPTIONAL }
- *
- * ValidationParms ::= SEQUENCE {
- * seed BIT STRING,
- * pgenCounter INTEGER }
- *
- * Dss-Parms ::= SEQUENCE {
- * p INTEGER,
- * q INTEGER,
- * g INTEGER }
- *
- */
-
-/*
- * ORAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ORAddress ::= SEQUENCE {
- * built-in-standard-attributes BuiltInStandardAttributes,
- * built-in-domain-defined-attributes
- * BuiltInDomainDefinedAttributes OPTIONAL,
- * -- see also teletex-domain-defined-attributes
- * extension-attributes ExtensionAttributes OPTIONAL }
- * -- The OR-address is semantically absent from the OR-name if the
- * -- built-in-standard-attribute sequence is empty and the
- * -- built-in-domain-defined-attributes and extension-attributes are
- * -- both omitted.
- *
- */
-
-struct NSSPKIXORAddressStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXBuiltInStandardAttributes *builtInStandardAttributes;
- NSSPKIXBuiltInDomainDefinedAttributes *builtInDomainDefinedAttributes;
- NSSPKIXExtensionsAttributes *extensionAttributes;
-};
-
-/*
- * BuiltInStandardAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInStandardAttributes ::= SEQUENCE {
- * country-name CountryName OPTIONAL,
- * administration-domain-name AdministrationDomainName OPTIONAL,
- * network-address [0] NetworkAddress OPTIONAL,
- * -- see also extended-network-address
- * terminal-identifier [1] TerminalIdentifier OPTIONAL,
- * private-domain-name [2] PrivateDomainName OPTIONAL,
- * organization-name [3] OrganizationName OPTIONAL,
- * -- see also teletex-organization-name
- * numeric-user-identifier [4] NumericUserIdentifier OPTIONAL,
- * personal-name [5] PersonalName OPTIONAL,
- * -- see also teletex-personal-name
- * organizational-unit-names [6] OrganizationalUnitNames OPTIONAL
- * -- see also teletex-organizational-unit-names -- }
- *
- */
-
-struct NSSPKIXBuiltInStandardAttributesStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXCountryName *countryName;
- NSSPKIXAdministrationDomainName *administrationDomainName;
- NSSPKIXNetworkAddress *networkAddress;
- NSSPKIXTerminalIdentifier *terminalIdentifier;
- NSSPKIXPrivateDomainName *privateDomainName;
- NSSPKIXOrganizationName *organizationName;
- NSSPKIXNumericUserIdentifier *numericUserIdentifier;
- NSSPKIXPersonalName *personalName;
- NSSPKIXOrganizationalUnitNames *organizationalUnitNames;
-};
-
-/*
- * PersonalName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PersonalName ::= SET {
- * surname [0] PrintableString (SIZE (1..ub-surname-length)),
- * given-name [1] PrintableString
- * (SIZE (1..ub-given-name-length)) OPTIONAL,
- * initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL,
- * generation-qualifier [3] PrintableString
- * (SIZE (1..ub-generation-qualifier-length)) OPTIONAL }
- *
- */
-
-struct NSSPKIXPersonalNameStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSUTF8 *surname;
- NSSUTF8 *givenName;
- NSSUTF8 *initials;
- NSSUTF8 *generationQualifier;
-};
-
-/*
- * OrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
- * OF OrganizationalUnitName
- *
- */
-
-struct NSSPKIXOrganizationalUnitNamesStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * BuiltInDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
- * (1..ub-domain-defined-attributes) OF
- * BuiltInDomainDefinedAttribute
- *
- */
-
-struct NSSPKIXBuiltInDomainDefinedAttributesStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * BuiltInDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BuiltInDomainDefinedAttribute ::= SEQUENCE {
- * type PrintableString (SIZE
- * (1..ub-domain-defined-attribute-type-length)),
- * value PrintableString (SIZE
- * (1..ub-domain-defined-attribute-value-length))}
- *
- */
-
-struct NSSPKIXBuiltInDomainDefinedAttributeStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSUTF8 *type;
- NSSUTF8 *value;
-};
-
-/*
- * ExtensionAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
- * ExtensionAttribute
- *
- */
-
-struct NSSPKIXExtensionAttributesStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * ExtensionAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtensionAttribute ::= SEQUENCE {
- * extension-attribute-type [0] INTEGER (0..ub-extension-attributes),
- * extension-attribute-value [1]
- * ANY DEFINED BY extension-attribute-type }
- *
- */
-
-struct NSSPKIXExtensionAttributeStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXExtensionsAttributeType extensionAttributeType;
- NSSItem *extensionAttributeValue;
-};
-
-/*
- * TeletexPersonalName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexPersonalName ::= SET {
- * surname [0] TeletexString (SIZE (1..ub-surname-length)),
- * given-name [1] TeletexString
- * (SIZE (1..ub-given-name-length)) OPTIONAL,
- * initials [2] TeletexString (SIZE (1..ub-initials-length)) OPTIONAL,
- * generation-qualifier [3] TeletexString (SIZE
- * (1..ub-generation-qualifier-length)) OPTIONAL }
- *
- */
-
-struct NSSPKIXTeletexPersonalNameStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSUTF8 *surname;
- NSSUTF8 *givenName;
- NSSUTF8 *initials;
- NSSUTF8 *generationQualifier;
-};
-
-/*
- * TeletexOrganizationalUnitNames
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
- * (1..ub-organizational-units) OF TeletexOrganizationalUnitName
- *
- */
-
-struct NSSPKIXTeletexOrganizationalUnitNamesStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * PDSParameter
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PDSParameter ::= SET {
- * printable-string PrintableString
- * (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
- * teletex-string TeletexString
- * (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
- *
- */
-
-struct NSSPKIXPDSParameterStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSUTF8 *printableString;
- NSSTUF8 *teletexString;
-};
-
-/*
- * UnformattedPostalAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * UnformattedPostalAddress ::= SET {
- * printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF
- * PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
- * teletex-string TeletexString
- * (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
- *
- */
-
-struct NSSPKIXUnformattedPostalAddressStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
- NSSUTF8 *teletexString;
-};
-
-/*
- * ExtendedNetworkAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtendedNetworkAddress ::= CHOICE {
- * e163-4-address SEQUENCE {
- * number [0] NumericString (SIZE (1..ub-e163-4-number-length)),
- * sub-address [1] NumericString
- * (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
- * psap-address [0] PresentationAddress }
- *
- */
-
-struct NSSPKIXExtendedNetworkAddressStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXExtendedNetworkAddressChoice choice;
- union {
- NSSe1634address *e1634Address;
- NSSPKIXPresentationAddress *psapAddress;
- } u;
-};
-
-/*
- * e163-4-address
- *
- * Helper structure for ExtendedNetworkAddress.
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * e163-4-address SEQUENCE {
- * number [0] NumericString (SIZE (1..ub-e163-4-number-length)),
- * sub-address [1] NumericString
- * (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
- *
- */
-
-struct NSSe1634addressStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSUTF8 *number;
- NSSUTF8 *subAddress;
-};
-
-/*
- * PresentationAddress
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PresentationAddress ::= SEQUENCE {
- * pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
- * sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
- * tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
- * nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
- *
- */
-
-struct NSSPKIXPresentationAddressStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSItem *pSelector;
- NSSItem *sSelector;
- NSSItem *tSelector;
- NSSItem *nAddresses[]; --fgmr--
-};
-
-/*
- * TeletexDomainDefinedAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
- * (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
- *
- */
-
-struct NSSPKIXTeletexDomainDefinedAttributesStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * TeletexDomainDefinedAttribute
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * TeletexDomainDefinedAttribute ::= SEQUENCE {
- * type TeletexString
- * (SIZE (1..ub-domain-defined-attribute-type-length)),
- * value TeletexString
- * (SIZE (1..ub-domain-defined-attribute-value-length)) }
- *
- */
-
-struct NSSPKIXTeletexDomainDefinedAttributeStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSUTF8 *type;
- NSSUTF8 *value;
-};
-
-/*
- * AuthorityKeyIdentifier
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AuthorityKeyIdentifier ::= SEQUENCE {
- * keyIdentifier [0] KeyIdentifier OPTIONAL,
- * authorityCertIssuer [1] GeneralNames OPTIONAL,
- * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
- * -- authorityCertIssuer and authorityCertSerialNumber shall both
- * -- be present or both be absent
- *
- */
-
-struct NSSPKIXAuthorityKeyIdentifierStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXKeyIdentifier *keyIdentifier;
- NSSPKIXGeneralNames *authorityCertIssuer;
- NSSPKIXCertificateSerialNumber *authorityCertSerialNumber;
-};
-
-/*
- * KeyUsage
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * KeyUsage ::= BIT STRING {
- * digitalSignature (0),
- * nonRepudiation (1),
- * keyEncipherment (2),
- * dataEncipherment (3),
- * keyAgreement (4),
- * keyCertSign (5),
- * cRLSign (6),
- * encipherOnly (7),
- * decipherOnly (8) }
- *
- */
-
-struct NSSPKIXKeyUsageStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXKeyUsageValue keyUsage;
-};
-
-/*
- * PrivateKeyUsagePeriod
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PrivateKeyUsagePeriod ::= SEQUENCE {
- * notBefore [0] GeneralizedTime OPTIONAL,
- * notAfter [1] GeneralizedTime OPTIONAL }
- * -- either notBefore or notAfter shall be present
- *
- */
-
-struct NSSPKIXPrivateKeyUsagePeriodStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- --time--
- --time--
-};
-
-/*
- * CertificatePolicies
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
- *
- */
-
-struct NSSPKIXCertificatePoliciesStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * PolicyInformation
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * policyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- */
-
-struct NSSPKIXPolicyInformationStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXCertPolicyId *policyIdentifier;
- NSSPKIXPolicyQualifierInfo *policyQualifiers[];
- --fgmr--
-};
-
-/*
- * PolicyQualifierInfo
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- */
-
-struct NSSPKIXPolicyQualifierInfoStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXPolicyQualifierId *policyQualifierId;
- NSSItem *qualifier;
-};
-
-/*
- * UserNotice
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * UserNotice ::= SEQUENCE {
- * noticeRef NoticeReference OPTIONAL,
- * explicitText DisplayText OPTIONAL}
- *
- */
-
-struct NSSPKIXUserNoticeStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXNoticeReference *noticeRef;
- NSSPKIXDisplayText *explicitText;
-};
-
-/*
- * NoticeReference
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NoticeReference ::= SEQUENCE {
- * organization DisplayText,
- * noticeNumbers SEQUENCE OF INTEGER }
- *
- */
-
-struct NSSPKIXNoticeReferenceStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXDisplayText *organization;
- NSSItem *noticeNumbers[]; --fgmr--
- ...
-};
-
-/*
- * PolicyMappings
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- */
-
-struct NSSPKIXPolicyMappingsStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXpolicyMapping *policyMappings[]; --fgmr--
- ...
-};
-
-/*
- * policyMapping
- *
- * Helper structure for PolicyMappings
- *
- * SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- */
-
-struct NSSPKIXpolicyMappingStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXCertPolicyId *issuerDomainPolicy;
- NSSPKIXCertPolicyId *subjectDomainPolicy;
-};
-
-/*
- * GeneralName
- *
- * This structure contains a union of the possible general names,
- * of which there are several.
- *
- * From RFC 2459:
- *
- * GeneralName ::= CHOICE {
- * otherName [0] AnotherName,
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER }
- *
- */
-
-struct NSSPKIXGeneralNameStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXGeneralNameChoice choice;
- union {
- NSSPKIXAnotherName *otherName;
- NSSUTF8 *rfc822Name;
- NSSUTF8 *dNSName;
- NSSPKIXORAddress *x400Address;
- NSSPKIXName *directoryName;
- NSSEDIPartyName *ediPartyName;
- NSSUTF8 *uniformResourceIdentifier;
- NSSItem *iPAddress;
- NSSOID *registeredID;
- } u;
-};
-
-/*
- * GeneralNames
- *
- * This structure contains a sequence of GeneralName objects.
- *
- * From RFC 2459:
- *
- * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
- *
- */
-
-struct NSSPKIXGeneralNamesStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * AnotherName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AnotherName ::= SEQUENCE {
- * type-id OBJECT IDENTIFIER,
- * value [0] EXPLICIT ANY DEFINED BY type-id }
- *
- */
-
-struct NSSPKIXAnotherNameStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSOID *typeId;
- NSSItem *value;
-};
-
-/*
- * EDIPartyName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- *
- * EDIPartyName ::= SEQUENCE {
- * nameAssigner [0] DirectoryString OPTIONAL,
- * partyName [1] DirectoryString }
- *
- */
-
-struct NSSPKIXEDIPartyNameStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXDirectoryString *nameAssigner;
- NSSPKIXDirectoryString *partyname;
-};
-
-/*
- * SubjectDirectoryAttributes
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
- *
- */
-
-struct NSSPKIXSubjectDirectoryAttributesStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * BasicConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * BasicConstraints ::= SEQUENCE {
- * cA BOOLEAN DEFAULT FALSE,
- * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
- *
- */
-
-struct NSSPKIXBasicConstraintsStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- PRBool cA;
- PRInt32 pathLenConstraint; --fgmr--
-};
-
-/*
- * NameConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * NameConstraints ::= SEQUENCE {
- * permittedSubtrees [0] GeneralSubtrees OPTIONAL,
- * excludedSubtrees [1] GeneralSubtrees OPTIONAL }
- *
- */
-
-struct NSSPKIXNameConstraintsStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXGeneralSubtrees *permittedSubtrees;
- NSSPKIXGeneralSubtrees *excludedSubtrees;
-};
-
-/*
- * GeneralSubtrees
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
- *
- */
-
-struct NSSPKIXGeneralSubtreesStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * GeneralSubtree
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * GeneralSubtree ::= SEQUENCE {
- * base GeneralName,
- * minimum [0] BaseDistance DEFAULT 0,
- * maximum [1] BaseDistance OPTIONAL }
- *
- */
-
-struct NSSPKIXGeneralSubtreeStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXGeneralName;
- NSSPKIXBaseDistance minimum;
- NSSPKIXBaseDistance maximum;
-};
-
-/*
- * PolicyConstraints
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * PolicyConstraints ::= SEQUENCE {
- * requireExplicitPolicy [0] SkipCerts OPTIONAL,
- * inhibitPolicyMapping [1] SkipCerts OPTIONAL }
- *
- */
-
-struct NSSPKIXPolicyConstraintsStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXSkipCerts *requireExplicitPolicy;
- NSSPKIXSkipCerts *inhibitPolicyMapping;
-};
-
-/*
- * CRLDistPointsSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
- *
- */
-
-struct NSSPKIXCRLDistPointsSyntaxStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * DistributionPoint
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DistributionPoint ::= SEQUENCE {
- * distributionPoint [0] DistributionPointName OPTIONAL,
- * reasons [1] ReasonFlags OPTIONAL,
- * cRLIssuer [2] GeneralNames OPTIONAL }
- *
- */
-
-struct NSSPKIXDistributionPointStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXDistributionPointName *distributionPoint;
- NSSPKIXReasonFlags *reasons;
- NSSPKIXGeneralNames *cRLIssuer;
-};
-
-/*
- * DistributionPointName
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * DistributionPointName ::= CHOICE {
- * fullName [0] GeneralNames,
- * nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
- *
- */
-
-struct NSSPKIXDistributionPointNameStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXDistributionPointNameChoice choice;
- union {
- NSSPKIXGeneralNames *fullName;
- NSSPKIXRelativeDistinguishedName *nameRelativeToCRLIssuer;
- } u;
-};
-
-/*
- * ReasonFlags
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ReasonFlags ::= BIT STRING {
- * unused (0),
- * keyCompromise (1),
- * cACompromise (2),
- * affiliationChanged (3),
- * superseded (4),
- * cessationOfOperation (5),
- * certificateHold (6) }
- *
- */
-
-struct NSSPKIXReasonFlagsStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXReasonFlagsMask reasonFlags;
-};
-
-/*
- * ExtKeyUsageSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- */
-
-struct NSSPKIXExtKeyUsageSyntaxStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * AuthorityInfoAccessSyntax
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AuthorityInfoAccessSyntax ::=
- * SEQUENCE SIZE (1..MAX) OF AccessDescription
- *
- */
-
-struct NSSPKIXAuthorityInfoAccessSyntaxStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- ...
-};
-
-/*
- * AccessDescription
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName }
- *
- */
-
-struct NSSPKIXAccessDescriptionStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSOID *accessMethod;
- NSSPKIXGeneralName *accessLocation;
-};
-
-/*
- * IssuingDistributionPoint
- *
- * -- fgmr comments --
- *
- * From RFC 2459:
- *
- * IssuingDistributionPoint ::= SEQUENCE {
- * distributionPoint [0] DistributionPointName OPTIONAL,
- * onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
- * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
- * onlySomeReasons [3] ReasonFlags OPTIONAL,
- * indirectCRL [4] BOOLEAN DEFAULT FALSE }
- *
- */
-
-struct NSSPKIXIssuingDistributionPointStr {
- NSSArena *arena;
- PRBool i_allocated_arena;
- NSSDER *der;
- NSSPKIXDistributionPointName *distributionPoint;
- PRBool onlyContainsUserCerts;
- PRBool onlyContainsCACerts;
- NSSPKIXReasonFlags onlySomeReasons;
- PRBool indirectCRL;
-};
-
-PR_END_EXTERN_C
-
-#endif /* PKIXTM_H */
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/Create.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/Create.c
deleted file mode 100644
index cf95b4e26..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/Create.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAlgorithmIdentifier_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAlgorithmIdentifier *
-NSSPKIXAlgorithmIdentifier_Create
-(
- NSSArena *arenaOpt,
- NSSOID *algorithm,
- NSSItem *parameters
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(algorithm) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(parameters) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXAlgorithmIdentifier_Create(arenaOpt, algorithm, parameters);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/Decode.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/Decode.c
deleted file mode 100644
index 1e4e47b03..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/Decode.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAlgorithmIdentifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAlgorithmIdentifier *
-NSSPKIXAlgorithmIdentifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXAlgorithmIdentifier_Decode(arenaOpt, ber);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/Destroy.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/Destroy.c
deleted file mode 100644
index f2a901151..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/Destroy.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAlgorithmIdentifier_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXAlgorithmIdentifier_Destroy
-(
- NSSPKIXAlgorithmIdentifier *algid
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAlgorithmIdentifier_Destroy(algid);
-}
-
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/Duplicate.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/Duplicate.c
deleted file mode 100644
index 186ab49bc..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/Duplicate.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAlgorithmIdentifier_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAlgorithmIdentifier *
-NSSPKIXAlgorithmIdentifier_Duplicate
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAlgorithmIdentifier_Duplicate(algid, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/Encode.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/Encode.c
deleted file mode 100644
index d390b3595..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/Encode.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAlgorithmIdentifier_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-NSSPKIXAlgorithmIdentifier_Encode
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAlgorithmIdentifier_Encode(algid, encoding, rvOpt, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/Equal.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/Equal.c
deleted file mode 100644
index 65c52a2ba..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/Equal.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAlgorithmIdentifier_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-NSSPKIXAlgorithmIdentifier_Equal
-(
- NSSPKIXAlgorithmIdentifier *algid1,
- NSSPKIXAlgorithmIdentifier *algid2,
- PRStatus *statusOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAlgorithmIdentifier_Equal(algid1, algid2, statusOpt);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/GetAlgorithm.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/GetAlgorithm.c
deleted file mode 100644
index be7493a66..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/GetAlgorithm.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAlgorithmIdentifier_GetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSOID pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSOID *
-NSSPKIXAlgorithmIdentifier_GetAlgorithm
-(
- NSSPKIXAlgorithmIdentifier *algid
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return (NSSOID *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXAlgorithmIdentifier_GetAlgorithm(algid);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/GetParameters.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/GetParameters.c
deleted file mode 100644
index e94622e23..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/GetParameters.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAlgorithmIdentifier_GetParameters
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSItem *
-NSSPKIXAlgorithmIdentifier_GetParameters
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return (NSSItem *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSItem *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAlgorithmIdentifier_GetParameters(algid, rvOpt, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/MClear.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/MClear.c
deleted file mode 100644
index 0797fbd49..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/MClear.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-/*
- * nss_pkix_AlgorithmIdentifier_Clear
- *
- * Wipes out cached data.
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_AlgorithmIdentifier_Clear
-(
- NSSPKIXAlgorithmIdentifier *algid
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSBER *)NULL != algid->ber ) {
- nss_ZFreeIf(algid->ber->data);
- nss_ZFreeIf(algid->ber);
- }
-
- if( (NSSDER *)NULL != algid->der ) {
- nss_ZFreeIf(algid->der->data);
- nss_ZFreeIf(algid->der);
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/PCreate.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/PCreate.c
deleted file mode 100644
index c527a6a56..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/PCreate.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAlgorithmIdentifier_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_POINTER
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAlgorithmIdentifier *
-nssPKIXAlgorithmIdentifier_Create
-(
- NSSArena *arenaOpt,
- NSSOID *algorithm,
- NSSItem *parameters
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXAlgorithmIdentifier *rv = (NSSPKIXAlgorithmIdentifier *)NULL;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(algorithm) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(parameters) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXAlgorithmIdentifier);
- if( (NSSPKIXAlgorithmIdentifier *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->algorithm = algorithm;
- rv->parameters = nssItem_Duplicate(parameters, arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == rv->parameters ) {
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_AlgorithmIdentifier_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXAlgorithmIdentifier *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/PDecode.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/PDecode.c
deleted file mode 100644
index 9713d34db..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/PDecode.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAlgorithmIdentifier_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAlgorithmIdentifier *
-nssPKIXAlgorithmIdentifier_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXAlgorithmIdentifier *rv = (NSSPKIXAlgorithmIdentifier *)NULL;
- PRStatus status;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXAlgorithmIdentifier);
- if( (NSSPKIXAlgorithmIdentifier *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->ber = nssItem_Duplicate(ber, arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == rv->ber ) {
- goto loser;
- }
-
- status = nssASN1_DecodeBER(arena, rv, nssPKIXAlgorithmIdentifier_template, ber);
- if( PR_SUCCESS != status ) {
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_AlgorithmIdentifier_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXAlgorithmIdentifier *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/PDestroy.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/PDestroy.c
deleted file mode 100644
index 7ef4d1fe1..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/PDestroy.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAlgorithmIdentifier_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAlgorithmIdentifier_Destroy
-(
- NSSPKIXAlgorithmIdentifier *algid
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
-#ifdef DEBUG
- (void)nss_pkix_AlgorithmIdentifier_remove_pointer(algid);
-#endif /* DEBUG */
-
- if( PR_TRUE == algid->i_allocated_arena ) {
- return nssArena_Destroy(algid->arena);
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/PDuplicate.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/PDuplicate.c
deleted file mode 100644
index ae3cf72b2..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/PDuplicate.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAlgorithmIdentifier_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAlgorithmIdentifier upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAlgorithmIdentifier *
-nssPKIXAlgorithmIdentifier_Duplicate
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSArena *arenaOpt
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXAlgorithmIdentifier *rv = (NSSPKIXAlgorithmIdentifier *)NULL;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAlgorithmIdentifier *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXAlgorithmIdentifier);
- if( (NSSPKIXAlgorithmIdentifier *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
-
- rv->ber = nssItem_Duplicate(algid->ber, arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == rv->ber ) {
- goto loser;
- }
-
- rv->der = nssItem_Duplicate(algid->der, arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == rv->der ) {
- goto loser;
- }
-
- rv->algorithm = algid->algorithm;
-
- rv->parameters = nssItem_Duplicate(algid->parameters, arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == rv->parameters ) {
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_AlgorithmIdentifier_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXAlgorithmIdentifier *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/PEncode.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/PEncode.c
deleted file mode 100644
index c9939350a..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/PEncode.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAlgorithmIdentifier_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-nssPKIXAlgorithmIdentifier_Encode
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- switch( encoding ) {
- case NSSASN1BER:
- if( (NSSBER *)NULL != algid->ber ) {
- it = algid->ber;
- goto done;
- }
- /*FALLTHROUGH*/
- case NSSASN1DER:
- if( (NSSDER *)NULL != algid->der ) {
- it = algid->der;
- goto done;
- }
- break;
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_ENCODING);
- return (NSSBER *)NULL;
- }
-
- it = nssASN1_EncodeItem(algid->arena, (NSSItem *)NULL, algid,
- nssPKIXAlgorithmIdentifier_template, encoding);
- if( (NSSBER *)NULL == it ) {
- return (NSSBER *)NULL;
- }
-
- switch( encoding ) {
- case NSSASN1BER:
- algid->ber = it;
- break;
- case NSSASN1DER:
- algid->der = it;
- break;
- default:
- PR_ASSERT(0);
- break;
- }
-
- done:
- return nssItem_Duplicate(it, arenaOpt, rvOpt);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/PEqual.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/PEqual.c
deleted file mode 100644
index 423dfdb74..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/PEqual.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAlgorithmIdentifier_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-nssPKIXAlgorithmIdentifier_Equal
-(
- NSSPKIXAlgorithmIdentifier *algid1,
- NSSPKIXAlgorithmIdentifier *algid2,
- PRStatus *statusOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( algid1->algorithm != algid2->algorithm ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
- return PR_FALSE;
- }
-
- return nssItem_Equal(algid1->parameters, algid2->parameters, statusOpt);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/PGetAlgorithm.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/PGetAlgorithm.c
deleted file mode 100644
index 4c7c37b6e..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/PGetAlgorithm.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAlgorithmIdentifier_GetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSOID pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSOID *
-nssPKIXAlgorithmIdentifier_GetAlgorithm
-(
- NSSPKIXAlgorithmIdentifier *algid
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return (NSSOID *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return algid->algorithm;
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/PGetParameters.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/PGetParameters.c
deleted file mode 100644
index 5d6f1decb..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/PGetParameters.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAlgorithmIdentifier_GetParameters
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSItem upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSItem *
-nssPKIXAlgorithmIdentifier_GetParameters
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return (NSSItem *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSItem *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- return nssItem_Duplicate(algid->parameters, arenaOpt, rvOpt);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/PSetAlgorithm.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/PSetAlgorithm.c
deleted file mode 100644
index ccf9f23e2..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/PSetAlgorithm.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAlgorithmIdentifier_SetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAlgorithmIdentifier_SetAlgorithm
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSOID *algorithm
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(algorithm) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- algid->algorithm = algorithm;
- return nss_pkix_AlgorithmIdentifier_Clear(algid);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/PSetParameters.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/PSetParameters.c
deleted file mode 100644
index d5a7e8424..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/PSetParameters.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAlgorithmIdentifier_SetParameters
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAlgorithmIdentifier_SetParameters
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSItem *parameters
-)
-{
- NSSItem *prev;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(parameters) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- prev = algid->parameters;
-
- algid->parameters = nssItem_Duplicate(parameters, algid->arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == algid->parameters ) {
- algid->parameters = prev;
- return PR_FAILURE;
- }
-
- (void)nssItem_Destroy(prev);
- return nss_pkix_AlgorithmIdentifier_Clear(algid);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/SetAlgorithm.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/SetAlgorithm.c
deleted file mode 100644
index d829643e0..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/SetAlgorithm.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAlgorithmIdentifier_SetAlgorithm
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXAlgorithmIdentifier_SetAlgorithm
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSOID *algorithm
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(algorithm) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAlgorithmIdentifier_SetAlgorithm(algid, algorithm);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/SetParameters.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/SetParameters.c
deleted file mode 100644
index d751fb689..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/SetParameters.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAlgorithmIdentifier_SetParameters
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ALGORITHM_IDENTIFIER
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXAlgorithmIdentifier_SetParameters
-(
- NSSPKIXAlgorithmIdentifier *algid,
- NSSItem *parameters
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAlgorithmIdentifier_verifyPointer(algid) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(parameters) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAlgorithmIdentifier_SetParameters(algid, parameters);
-}
diff --git a/security/nss/lib/pkix/src/AlgorithmIdentifier/verifyPointer.c b/security/nss/lib/pkix/src/AlgorithmIdentifier/verifyPointer.c
deleted file mode 100644
index c9a9f8072..000000000
--- a/security/nss/lib/pkix/src/AlgorithmIdentifier/verifyPointer.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-#ifdef DEBUG
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker pkix_algid_pointer_tracker;
-
-/*
- * nss_pkix_AlgorithmIdentifier_add_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine adds an NSSPKIXAlgorithmIdentifier pointer to
- * the internal pointer-tracker. This routine should only be used
- * by the NSSPKIX module. This routine returns a PRStatus value;
- * upon error it will place an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_AlgorithmIdentifier_add_pointer
-(
- const NSSPKIXAlgorithmIdentifier *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_algid_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&pkix_algid_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- rv = nssArena_registerDestructor(p->arena,
- nss_pkix_AlgorithmIdentifier_remove_pointer, p);
- if( PR_SUCCESS != rv ) {
- (void)nss_pkix_AlgorithmIdentifier_remove_pointer(p);
- return rv;
- }
-
- return rv;
-}
-
-/*
- * nss_pkix_AlgorithmIdentifier_remove_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine removes a valid NSSPKIXAlgorithmIdentifier
- * pointer from the internal pointer-tracker. This routine should
- * only be used by the NSSPKIX module. This routine returns a
- * PRStatus value; upon error it will place an error on the error
- * stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_AlgorithmIdentifier_remove_pointer
-(
- const NSSPKIXAlgorithmIdentifier *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&pkix_algid_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- /*
- * nssArena_deregisterDestructor(p->arena,
- * nss_pkix_AlgorithmIdentifier_remove_pointer, p);
- */
-
- return rv;
-}
-
-/*
- * nssPKIXAlgorithmIdentifier_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXAlgorithmIdentifier
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAlgorithmIdentifier_verifyPointer
-(
- NSSPKIXAlgorithmIdentifier *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_algid_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&pkix_algid_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-#endif /* DEBUG */
-
diff --git a/security/nss/lib/pkix/src/Attribute/AddValue.c b/security/nss/lib/pkix/src/Attribute/AddValue.c
deleted file mode 100644
index aad082c50..000000000
--- a/security/nss/lib/pkix/src/Attribute/AddValue.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_AddValue
- *
- * This routine adds the specified attribute value to the set in
- * the specified NSSPKIXAttribute.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXAttribute_AddValue
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue *value
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(value) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_AddValue(attribute, value);
-}
-
diff --git a/security/nss/lib/pkix/src/Attribute/Create.c b/security/nss/lib/pkix/src/Attribute/Create.c
deleted file mode 100644
index 9fe406b2d..000000000
--- a/security/nss/lib/pkix/src/Attribute/Create.c
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_Create
- *
- * This routine creates an NSSPKIXAttribute from specified components.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack. If the optional arena argument is non-NULL,
- * that arena will be used for the required memory. There must be at
- * least one attribute value specified. The final argument must be
- * NULL, to indicate the end of the set of attribute values.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_INSUFFICIENT_VALUES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttribute *
-NSSPKIXAttribute_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- NSSPKIXAttributeValue *value1,
- ...
-)
-{
- va_list ap;
- NSSPKIXAttribute *rv;
- PRUint32 count;
-
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(typeOid) ) {
- return (NSSPKIXAttribute *)NULL;
- }
-
- if( (NSSPKIXAttributeValue *)NULL == value1 ) {
- nss_SetError(NSS_ERROR_INSUFFICIENT_VALUES);
- return (NSSPKIXAttribute *)NULL;
- }
-
- {
- va_start(ap, typeOid);
-
- while( 1 ) {
- NSSPKIXAttributeValue *v;
- v = (NSSPKIXAttributeValue *)va_arg(ap, NSSPKIXAttributeValue *);
- if( (NSSPKIXAttributeValue *)NULL == v ) {
- break;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(v) ) {
- va_end(ap);
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- va_end(ap);
- }
-#endif /* DEBUG */
-
- va_start(ap, typeOid);
-
- for( count = 0; ; count++ ) {
- NSSPKIXAttributeValue *v;
- v = (NSSPKIXAttributeValue *)va_arg(ap, NSSPKIXAttributeValue *);
- if( (NSSPKIXAttributeValue *)NULL == v ) {
- break;
- }
-
-#ifdef PEDANTIC
- if( count == 0xFFFFFFFF ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- va_end(ap);
- return (NSSPKIXAttribute *)NULL;
- }
-#endif /* PEDANTIC */
- }
-
- va_end(ap);
-
- va_start(ap, typeOid);
- rv = nss_pkix_Attribute_V_Create(arenaOpt, typeOid, count, ap);
- va_end(ap);
-
- return rv;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/CreateFromArray.c b/security/nss/lib/pkix/src/Attribute/CreateFromArray.c
deleted file mode 100644
index 2928c3bcc..000000000
--- a/security/nss/lib/pkix/src/Attribute/CreateFromArray.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_CreateFromArray
- *
- * This routine creates an NSSPKIXAttribute from specified components.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack. If the optional arena argument is non-NULL,
- * that arena will be used for the required memory. There must be at
- * least one attribute value specified. The final argument must be
- * NULL, to indicate the end of the set of attribute values.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttribute *
-NSSPKIXAttribute_CreateFromArray
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- PRUint32 count,
- NSSPKIXAttributeValue values[]
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(typeOid) ) {
- return (NSSPKIXAttribute *)NULL;
- }
-
- {
- PRUint32 i;
-
- for( i = 0; i < count; i++ ) {
- if( PR_SUCCESS != nssItem_verifyPointer(&values[i]) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_CreateFromArray(arenaOpt, typeOid, count, values);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/Decode.c b/security/nss/lib/pkix/src/Attribute/Decode.c
deleted file mode 100644
index a16f195cd..000000000
--- a/security/nss/lib/pkix/src/Attribute/Decode.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_Decode
- *
- * This routine creates an NSSPKIXAttribute by decoding a BER-
- * or DER-encoded Attribute as defined in RFC 2459. This
- * routine may return NULL upon error, in which case it will
- * have created an error stack. If the optional arena argument
- * is non-NULL, that arena will be used for the required memory.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttribute *
-NSSPKIXAttribute_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXAttribute *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_Decode(arenaOpt, ber);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/Destroy.c b/security/nss/lib/pkix/src/Attribute/Destroy.c
deleted file mode 100644
index bd9454fca..000000000
--- a/security/nss/lib/pkix/src/Attribute/Destroy.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_Destroy
- *
- * This routine destroys an NSSPKIXAttribute. It should be called on
- * all such objects created without an arena. It does not need to be
- * called for objects created with an arena, but it may be. This
- * routine returns a PRStatus value. Upon error, it will create an
- * error stack and return PR_FAILURE.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSPKIXAttribute_Destroy
-(
- NSSPKIXAttribute *attribute
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_Destroy(attribute);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/Duplicate.c b/security/nss/lib/pkix/src/Attribute/Duplicate.c
deleted file mode 100644
index 146a49610..000000000
--- a/security/nss/lib/pkix/src/Attribute/Duplicate.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_Duplicate
- *
- * This routine duplicates an NSSPKIXAttribute. {arenaOpt}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttribute *
-NSSPKIXAttribute_Duplicate
-(
- NSSPKIXAttribute *attribute,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return (NSSPKIXAttribute *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_Duplicate(attribute, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/Encode.c b/security/nss/lib/pkix/src/Attribute/Encode.c
deleted file mode 100644
index 179bd3d68..000000000
--- a/security/nss/lib/pkix/src/Attribute/Encode.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_Encode
- *
- * This routine returns an ASN.1 encoding of the specified
- * NSSPKIXAttribute. {usual rules about itemOpt and arenaOpt}
- * This routine indicates an error (NSS_ERROR_INVALID_DATA)
- * if there are no attribute values (i.e., the last one was removed).
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_DATA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-NSSPKIXAttribute_Encode
-(
- NSSPKIXAttribute *attribute,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_Encode(attribute, encoding, rvOpt, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/Equal.c b/security/nss/lib/pkix/src/Attribute/Equal.c
deleted file mode 100644
index d91782aea..000000000
--- a/security/nss/lib/pkix/src/Attribute/Equal.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_Equal
- *
- * This routine compares two NSSPKIXAttribute's for equality.
- * It returns PR_TRUE if they are equal, PR_FALSE otherwise.
- * This routine also returns PR_FALSE upon error; if you're
- * that worried about it, check for an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-NSSPKIXAttribute_Equal
-(
- NSSPKIXAttribute *one,
- NSSPKIXAttribute *two,
- PRStatus *statusOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(one) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(two) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_Equal(one, two);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/FindValue.c b/security/nss/lib/pkix/src/Attribute/FindValue.c
deleted file mode 100644
index ba725051f..000000000
--- a/security/nss/lib/pkix/src/Attribute/FindValue.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_FindValue
- *
- * This routine searches the set of attribute values in the specified
- * NSSPKIXAttribute for the provided data. If an exact match is found,
- * then that value's index is returned. If an exact match is not
- * found, -1 is returned. If there is more than one exact match, one
- * index will be returned. {notes about unorderdness of SET, etc}
- * If the index may not be represented as an integer, an error is
- * indicated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_IMPLEMENT PRInt32
-NSSPKIXAttribute_FindValue
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue *value
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(value) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_FindValue(attribute, value);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/GetType.c b/security/nss/lib/pkix/src/Attribute/GetType.c
deleted file mode 100644
index 0bae2b988..000000000
--- a/security/nss/lib/pkix/src/Attribute/GetType.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_GetType
- *
- * This routine returns the attribute type oid of the specified
- * NSSPKIXAttribute.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSPKIXAttributeType pointer upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeType *
-NSSPKIXAttribute_GetType
-(
- NSSPKIXAttribute *attribute
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return (NSSPKIXAttributeType *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_GetType(attribute);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/GetValue.c b/security/nss/lib/pkix/src/Attribute/GetValue.c
deleted file mode 100644
index afce8d135..000000000
--- a/security/nss/lib/pkix/src/Attribute/GetValue.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_GetValue
- *
- * This routine returns the i'th attribute value of the set of
- * values in the specified NSSPKIXAttribute. Although the set
- * is unordered, an arbitrary ordering will be maintained until
- * the data in the attribute is changed. {usual comments about
- * itemOpt and arenaOpt}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeValue *
-NSSPKIXAttribute_GetValue
-(
- NSSPKIXAttribute *attribute,
- PRInt32 i,
- NSSPKIXAttributeValue *itemOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return (NSSPKIXAttributeValue *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeValue *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_GetValue(attribute, i, itemOpt, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/GetValueCount.c b/security/nss/lib/pkix/src/Attribute/GetValueCount.c
deleted file mode 100644
index 0cdc36b60..000000000
--- a/security/nss/lib/pkix/src/Attribute/GetValueCount.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_GetValueCount
- *
- * This routine returns the number of attribute values present in
- * the specified NSSPKIXAttribute. This routine returns a PRInt32.
- * Upon error, this routine returns -1. This routine indicates an
- * error if the number of values cannot be expressed as a PRInt32.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_IMPLEMENT PRInt32
-NSSPKIXAttribute_GetValueCount
-(
- NSSPKIXAttribute *attribute
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return -1;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_GetValueCount(attribute);
-}
-
diff --git a/security/nss/lib/pkix/src/Attribute/GetValues.c b/security/nss/lib/pkix/src/Attribute/GetValues.c
deleted file mode 100644
index 986af03d1..000000000
--- a/security/nss/lib/pkix/src/Attribute/GetValues.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_GetValues
- *
- * This routine returns all of the attribute values in the specified
- * NSSPKIXAttribute. If the optional pointer to an array of NSSItems
- * is non-null, then that array will be used and returned; otherwise,
- * an array will be allocated and returned. If the limit is nonzero
- * (which is must be if the specified array is nonnull), then an
- * error is indicated if it is smaller than the value count.
- * {arenaOpt}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSItem's upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeValue *
-NSSPKIXAttribute_GetValues
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return (NSSPKIXAttributeValue *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyOpt(attribute) ) {
- return (NSSPKIXAttributeValue *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_GetValues(attribute, rvOpt, limit, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/MClear.c b/security/nss/lib/pkix/src/Attribute/MClear.c
deleted file mode 100644
index 6fb77ba7d..000000000
--- a/security/nss/lib/pkix/src/Attribute/MClear.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nss_pkix_Attribute_Clear
- *
- * Wipes out cached data.
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_Attribute_Clear
-(
- NSSPKIXAttribute *a
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(a) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSBER *)NULL != a->ber ) {
- nss_ZFreeIf(a->ber->data);
- nss_ZFreeIf(a->ber);
- }
-
- if( (NSSDER *)NULL != a->der ) {
- nss_ZFreeIf(a->der->data);
- nss_ZFreeIf(a->der);
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/MCount.c b/security/nss/lib/pkix/src/Attribute/MCount.c
deleted file mode 100644
index abb0831cb..000000000
--- a/security/nss/lib/pkix/src/Attribute/MCount.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-/*
- * nss_pkix_Attribute_Count
- *
- * This module-private routine sets the valuesCount part of the
- * NSSPKIXAttribute argument. It does no checking, and is intended
- * only for use inside the NSSPKIXAttribute implementation itself.
- * There is no error return. There is no return value.
- */
-
-NSS_IMPLEMENT void
-nss_pkix_Attribute_Count
-(
- NSSPKIXAttribute *a
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(a) ) {
- return;
- }
-#endif /* NSSDEBUG */
-
- PR_ASSERT((nssASN1Item **)NULL != a->asn1values);
- if( (nssASN1Item *)NULL == a->asn1values ) {
- nss_SetError(NSS_ERROR_ASSERTION_FAILED);
- return;
- }
-
- if( 0 == a->valuesCount ) {
- PRUint32 i;
- for( i = 0; i < 0xFFFFFFFF; i++ ) {
- if( (nssASN1Item *)NULL == a->asn1values[i] ) {
- break;
- }
- }
-
-#ifdef PEDANTIC
- if( 0xFFFFFFFF == i ) {
- return;
- }
-#endif /* PEDANTIC */
-
- a->valuesCount = i;
- }
-
- return;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/MVCreate.c b/security/nss/lib/pkix/src/Attribute/MVCreate.c
deleted file mode 100644
index 1a54026d4..000000000
--- a/security/nss/lib/pkix/src/Attribute/MVCreate.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-/*
- * nss_pkix_Attribute_V_Create
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_INTERNAL_ERROR;
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttribute *
-nss_pkix_Attribute_V_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- PRUint32 count,
- va_list ap
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXAttribute *rv = (NSSPKIXAttribute *)NULL;
- PRStatus status;
- PRUint32 i;
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXAttribute);
- if( (NSSPKIXAttribute *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
-
- rv->type = typeOid;
- {
- NSSItem typeder;
- NSSItem *x = nssOID_GetDEREncoding(rv->type, &typeder, arena);
- if( (NSSItem *)NULL == x ) {
- goto loser;
- }
-
- rv->asn1type.size = typeder.size;
- rv->asn1type.data = typeder.data;
- }
-
- rv->valuesCount = count;
-
- rv->asn1values = nss_ZNEWARRAY(arena, nssASN1Item *, count);
- if( (nssASN1Item **)NULL == rv->asn1values ) {
- goto loser;
- }
-
- for( i = 0; i < count; i++ ) {
- NSSItem tmp;
- NSSPKIXAttributeValue *v = (NSSPKIXAttributeValue *)
- va_arg(ap, NSSPKIXAttributeValue *);
-
- rv->asn1values[i] = nss_ZNEW(arena, nssASN1Item);
- if( (nssASN1Item *)NULL == rv->asn1values[i] ) {
- goto loser;
- }
-
- if( (NSSItem *)NULL == nssItem_Duplicate(v, arena, &tmp) ) {
- goto loser;
- }
-
- rv->asn1values[i].size = tmp.size;
- rv->asn1values[i].data = tmp.data;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Attribute_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS !=
- nssArena_registerDestructor(arena,
- nss_pkix_Attribute_remove_pointer,
- rv) ) {
- (void)nss_pkix_Attribute_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXAttribute *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PAddValue.c b/security/nss/lib/pkix/src/Attribute/PAddValue.c
deleted file mode 100644
index 732845490..000000000
--- a/security/nss/lib/pkix/src/Attribute/PAddValue.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_AddValue
- *
- * This routine adds the specified attribute value to the set in
- * the specified NSSPKIXAttribute.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAttribute_AddValue
-(
- NSSPKIXAttribute *a,
- NSSPKIXAttributeValue *value
-)
-{
- PRUint32 newcount;
- nssASN1Item **new_asn1_items = (nssASN1Item **)NULL;
- NSSItem tmp;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(a) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(value) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- PR_ASSERT((nssASN1Item **)NULL != a->asn1values);
- if( (nssASN1Item **)NULL == a->asn1values ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
- }
-
- if( 0 == a->valuesCount ) {
- PRUint32 i;
-
- for( i = 0; i < 0xFFFFFFFF; i++ ) {
- if( (nssASN1Item *)NULL == a->asn1values[i] ) {
- break;
- }
- }
-
-#ifdef PEDANTIC
- if( 0xFFFFFFFF == i ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- /* Internal error is that we don't handle them this big */
- return PR_FAILURE;
- }
-#endif /* PEDANTIC */
-
- a->valuesCount = i;
- }
-
- newcount = a->valuesCount + 1;
- /* Check newcount for a rollover. */
-
- /* Remember that our asn1values array is NULL-terminated */
- new_asn1_items = (nssASN1Item **)nss_ZRealloc(a->asn1values,
- ((newcount+1) * sizeof(nssASN1Item *)));
- if( (nssASN1Item **)NULL == new_asn1_items ) {
- goto loser;
- }
-
- new_asn1_items[ a->valuesCount ] = nss_ZNEW(a->arena, nssASN1Item);
- if( (nssASN1Item *)NULL == new_asn1_items[ a->valuesCount ] ) {
- goto loser;
- }
-
- if( (NSSItem *)NULL == nssItem_Duplicate(value, a->arena, &tmp) ) {
- goto loser;
- }
-
- new_asn1_items[ a->valuesCount ]->size = tmp.size;
- new_asn1_items[ a->valuesCount ]->data = tmp.data;
-
- a->valuesCount++;
- a->asn1values = new_asn1_items;
-
- return nss_pkix_Attribute_Clear(a);
-
- loser:
- if( (nssASN1Item **)NULL != new_asn1_items ) {
- nss_ZFreeIf(new_asn1_items[ newcount-1 ]);
- /* We could realloc back down, but we actually know it's a no-op */
- a->asn1values = new_asn1_items;
- }
-
- return PR_FAILURE;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PCreate.c b/security/nss/lib/pkix/src/Attribute/PCreate.c
deleted file mode 100644
index 40dc5c07c..000000000
--- a/security/nss/lib/pkix/src/Attribute/PCreate.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_Create
- *
- * This routine creates an NSSPKIXAttribute from specified components.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack. If the optional arena argument is non-NULL,
- * that arena will be used for the required memory. There must be at
- * least one attribute value specified. The final argument must be
- * NULL, to indicate the end of the set of attribute values.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_INSUFFICIENT_VALUES
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXAttribute *
-nssPKIXAttribute_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- NSSPKIXAttributeValue *value1,
- ...
-)
-{
- va_list ap;
- NSSPKIXAttribute *rv;
- PRUint32 count;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(typeOid) ) {
- return (NSSPKIXAttribute *)NULL;
- }
-
- if( (NSSPKIXAttributeValue *)NULL == value1 ) {
- nss_SetError(NSS_ERROR_INSUFFICIENT_VALUES);
- return (NSSPKIXAttribute *)NULL;
- }
-
- {
- va_start(ap, typeOid);
-
- while( 1 ) {
- NSSPKIXAttributeValue *v;
- v = (NSSPKIXAttributeValue *)va_arg(ap, NSSPKIXAttributeValue *);
- if( (NSSPKIXAttributeValue *)NULL == v ) {
- break;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(v) ) {
- va_end(ap);
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- va_end(ap);
- }
-#endif /* NSSDEBUG */
-
- va_start(ap, typeOid);
-
- for( count = 0; ; count++ ) {
- NSSPKIXAttributeValue *v;
- v = (NSSPKIXAttributeValue *)va_arg(ap, NSSPKIXAttributeValue *);
- if( (NSSPKIXAttributeValue *)NULL == v ) {
- break;
- }
-
-#ifdef PEDANTIC
- if( count == 0xFFFFFFFF ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- va_end(ap);
- return (NSSPKIXAttribute *)NULL;
- }
-#endif /* PEDANTIC */
- }
-
- va_end(ap);
-
- va_start(ap, typeOid);
- rv = nss_pkix_Attribute_V_Create(arenaOpt, typeOid, count, ap);
- va_end(ap);
-
- return rv;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PCreateFromArray.c b/security/nss/lib/pkix/src/Attribute/PCreateFromArray.c
deleted file mode 100644
index c2d301d12..000000000
--- a/security/nss/lib/pkix/src/Attribute/PCreateFromArray.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXAttribute_CreateFromArray
- *
- * This routine creates an NSSPKIXAttribute from specified components.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack. If the optional arena argument is non-NULL,
- * that arena will be used for the required memory. There must be at
- * least one attribute value specified. The final argument must be
- * NULL, to indicate the end of the set of attribute values.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttribute *
-nssPKIXAttribute_CreateFromArray
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- PRUint32 count,
- NSSPKIXAttributeValue values[]
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXAttribute *rv = (NSSPKIXAttribute *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(typeOid) ) {
- return (NSSPKIXAttribute *)NULL;
- }
-
- for( i = 0; i < count; i++ ) {
- if( PR_SUCCESS != nssItem_verifyPointer(&values[i]) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXAttribute);
- if( (NSSPKIXAttribute *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
-
- rv->type = typeOid;
- {
- NSSItem typeder;
- NSSItem *x = nssOID_GetDEREncoding(rv->type, &typeder, arena);
- if( (NSSItem *)NULL == x ) {
- goto loser;
- }
-
- rv->asn1type.size = typeder.size;
- rv->asn1type.data = typeder.data;
- }
-
- rv->valuesCount = count;
-
- rv->asn1values = nss_ZNEWARRAY(arena, nssASN1Item *, count);
- if( (nssASN1Item **)NULL == rv->asn1values ) {
- goto loser;
- }
-
- for( i = 0; i < count; i++ ) {
- NSSItem tmp;
- NSSPKIXAttributeValue *v = &values[i];
-
- rv->asn1values[i] = nss_ZNEW(arena, nssASN1Item);
- if( (nssASN1Item *)NULL == rv->asn1values[i] ) {
- goto loser;
- }
-
- if( (NSSItem *)NULL == nssItem_Duplicate(v, arena, &tmp) ) {
- goto loser;
- }
-
- rv->asn1values[i].size = tmp.size;
- rv->asn1values[i].data = tmp.data;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Attribute_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS !=
- nssArena_registerDestructor(arena,
- nss_pkix_Attribute_remove_pointer,
- rv) ) {
- (void)nss_pkix_Attribute_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXAttribute *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PDecode.c b/security/nss/lib/pkix/src/Attribute/PDecode.c
deleted file mode 100644
index 49a059404..000000000
--- a/security/nss/lib/pkix/src/Attribute/PDecode.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXAttribute_Decode
- *
- * This routine creates an NSSPKIXAttribute by decoding a BER-
- * or DER-encoded Attribute as defined in RFC 2459. This
- * routine may return NULL upon error, in which case it will
- * have created an error stack. If the optional arena argument
- * is non-NULL, that arena will be used for the required memory.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttribute *
-nssPKIXAttribute_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXAttribute *rv = (NSSPKIXAttribute *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXAttribute *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXAttribute);
- if( (NSSPKIXAttribute *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->ber = nssItem_Duplicate(ber, arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == rv->ber ) {
- goto loser;
- }
-
- status = nssASN1_DecodeBER(arena, rv, nssPKIXAttribute_template, ber);
- if( PR_SUCCESS != status ) {
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Attribute_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssArena_registerDestructor(arena,
- nss_pkix_Attribute_remove_pointer, rv) ) {
- (void)nss_pkix_Attribute_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXAttribute *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PDestroy.c b/security/nss/lib/pkix/src/Attribute/PDestroy.c
deleted file mode 100644
index 5f2b5a135..000000000
--- a/security/nss/lib/pkix/src/Attribute/PDestroy.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_Destroy
- *
- * This routine destroys an NSSPKIXAttribute. It should be called on
- * all such objects created without an arena. It does not need to be
- * called for objects created with an arena, but it may be. This
- * routine returns a PRStatus value. Upon error, it place an error on
- * the error stack and return PR_FAILURE.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAttribute_Destroy
-(
- NSSPKIXAttribute *attribute
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
-#ifdef DEBUG
- (void)nss_pkix_Attribute_remove_pointer(attribute);
- (void)nssArena_RemoveDestructor(arena, nss_pkix_Attribute_remove_pointer,
- attribute);
-#endif /* DEBUG */
-
- if( PR_TRUE == attribute->i_allocated_arena ) {
- return nssArena_Destroy(attribute->arena);
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PDuplicate.c b/security/nss/lib/pkix/src/Attribute/PDuplicate.c
deleted file mode 100644
index 765510e59..000000000
--- a/security/nss/lib/pkix/src/Attribute/PDuplicate.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_Duplicate
- *
- * This routine duplicates an NSSPKIXAttribute. {arenaOpt}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttribute upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttribute *
-nssPKIXAttribute_Duplicate
-(
- NSSPKIXAttribute *attribute,
- NSSArena *arenaOpt
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXAttribute *rv = (NSSPKIXAttribute *)NULL;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return PR_FAILURE;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return PR_FAILURE;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXAttribute);
- if( (NSSPKIXAttribute *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
-
- if( (NSSBER *)NULL != attribute->ber ) {
- rv->ber = nssItem_Duplicate(arena, attribute->ber, (NSSItem *)NULL);
- if( (NSSBER *)NULL == rv->ber ) {
- goto loser;
- }
- }
-
- if( (NSSDER *)NULL != attribute->der ) {
- rv->der = nssItem_Duplicate(arena, attribute->der, (NSSItem *)NULL);
- if( (NSSDER *)NULL == rv->der ) {
- goto loser;
- }
- }
-
- if( (void *)NULL != attribute->asn1type.data ) {
- rv->asn1type.size = attribute->asn1type.size;
- rv->asn1type.data = nss_ZAlloc(arena, attribute->asn1type.size);
- if( (void *)NULL == rv->asn1type.data ) {
- goto loser;
- }
- (void)nsslibc_memcpy(rv->asn1type.data, attribute->asn1type.data,
- rv->asn1type.size);
- }
-
- if( (nssASN1Item **)NULL != attribute->asn1values ) {
- rv->asn1values = nss_ZNEWARRAY(arena, nssASN1Item *, attribute->valuesCount);
- if( (nssASN1Item **)NULL == rv->asn1values ) {
- goto loser;
- }
-
- for( i = 0; i < attribute->valuesCount; i++ ) {
- nssASN1Item *src;
- nssASN1Item *dst;
-
- src = attribute->asn1values[i];
- dst = nss_ZNEW(arena, nssASN1Item);
- if( (nssASN1Item *)NULL == dst ) {
- goto loser;
- }
-
- rv->asn1values[i] = dst;
-
- dst->size = src->size;
- dst->data = nss_ZAlloc(arena, dst->size);
- if( (void *)NULL == dst->data ) {
- goto loser;
- }
- (void)nsslibc_memcpy(dst->data, src->data, src->size);
- }
- }
-
- rv->type = attribute->type; /* NULL or otherwise */
- rv->valuescount = attribute->valuesCount;
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Attribute_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS !=
- nssArena_registerDestructor(arena,
- nss_pkix_Attribute_remove_pointer,
- rv) ) {
- (void)nss_pkix_Attribute_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXAttribute *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PEncode.c b/security/nss/lib/pkix/src/Attribute/PEncode.c
deleted file mode 100644
index 7fc647ed2..000000000
--- a/security/nss/lib/pkix/src/Attribute/PEncode.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXAttribute_Encode
- *
- * This routine returns an ASN.1 encoding of the specified
- * NSSPKIXAttribute. {usual rules about itemOpt and arenaOpt}
- * This routine indicates an error (NSS_ERROR_INVALID_DATA)
- * if there are no attribute values (i.e., the last one was removed).
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_DATA
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-nssPKIXAttribute_Encode
-(
- NSSPKIXAttribute *a,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- NSSBER *it;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(a) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- switch( encoding ) {
- case NSSASN1BER:
- if( (NSSBER *)NULL != a->ber ) {
- it = a->ber;
- goto done;
- }
- /*FALLTHROUGH*/
- case NSSASN1DER:
- if( (NSSDER *)NULL != a->der ) {
- it = a->der;
- goto done;
- }
- break;
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_ENCODING);
- return (NSSBER *)NULL;
- }
-
- it = nssASN1_EncodeItem(a->arena, (NSSItem *)NULL, a,
- nssPKIXAttribute_template, encoding);
- if( (NSSBER *)NULL == it ) {
- return (NSSBER *)NULL;
- }
-
- switch( encoding ) {
- case NSSASN1BER:
- a->ber = it;
- break;
- case NSSASN1DER:
- a->der = it;
- break;
- default:
- PR_ASSERT(0);
- break;
- }
-
- done:
- return nssItem_Duplicate(it, arenaOpt, rvOpt);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PEqual.c b/security/nss/lib/pkix/src/Attribute/PEqual.c
deleted file mode 100644
index 247bfd575..000000000
--- a/security/nss/lib/pkix/src/Attribute/PEqual.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_Equal
- *
- * This routine compares two NSSPKIXAttribute's for equality.
- * It returns PR_TRUE if they are equal, PR_FALSE otherwise.
- * This routine also returns PR_FALSE upon error; if you're
- * that worried about it, check for an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-nssPKIXAttribute_Equal
-(
- NSSPKIXAttribute *one,
- NSSPKIXAttribute *two,
- PRStatus *statusOpt
-)
-{
- PRStatus dummyStatus = PR_SUCCESS; /* quiet warnings */
- PRStatus *status;
- PRUint32 i;
-
- if( (PRStatus *)NULL != statusOpt ) {
- status = statusOpt;
- *status = PR_SUCCESS;
- } else {
- status = &dummyStatus;
- }
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(one) ) {
- *status = PR_FAILURE;
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(two) ) {
- *status = PR_FAILURE;
- return PR_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( ((NSSDER *)NULL != one->der) && ((NSSDER *)NULL != two->der) ) {
- return nssItem_Equal(one->der, two->der, statusOpt);
- }
-
- if( (NSSPKIXAttributeType *)NULL == one->type ) {
- NSSItem berOid;
- berOid.size = one->asn1type.size;
- berOid.data = one->asn1type.data;
- one->type = (NSSPKIXAttributeType *)NSSOID_CreateFromBER(&berOid);
- }
-
- if( (NSSPKIXAttributeType *)NULL == two->type ) {
- NSSItem berOid;
- berOid.size = two->asn1type.size;
- berOid.data = two->asn1type.data;
- two->type = (NSSPKIXAttributeType *)NSSOID_CreateFromBER(&berOid);
- }
-
- if( one->type != two->type ) {
- return PR_FALSE;
- }
-
- if( 0 == one->valuesCount ) {
- nss_pkix_Attribute_Count(one);
- }
-
-#ifdef PEDANTIC
- if( 0 == one->valuesCount ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- *statusOpt = PR_FAILURE;
- return PR_FALSE;
- }
-#endif /* PEDANTIC */
-
- if( 0 == two->valuesCount ) {
- nss_pkix_Attribute_Count(two);
- }
-
-#ifdef PEDANTIC
- if( 0 == two->valuesCount ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- *statusOpt = PR_FAILURE;
- return PR_FALSE;
- }
-#endif /* PEDANTIC */
-
- if( one->valuesCount != two->valuesCount ) {
- return PR_FALSE;
- }
-
- *status = nss_pkix_Attribute_Distinguish(one);
- if( PR_FAILURE == *status ) {
- return PR_FALSE;
- }
-
- *status = nss_pkix_Attribute_Distinguish(two);
- if( PR_FAILURE == *status ) {
- return PR_FALSE;
- }
-
- for( i == 0; i < one->valuesCount; i++ ) {
- NSSItem onetmp, twotmp;
-
- onetmp.size = one->asn1values[i]->size;
- onetmp.data = one->asn1values[i]->data;
- twotmp.size = two->asn1values[i]->size;
- twotmp.data = two->asn1values[i]->data;
-
- if( PR_FALSE == nssItem_Equal(&one, &two, statusOpt) ) {
- return PR_FALSE;
- }
- }
-
- return PR_TRUE;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PFindValue.c b/security/nss/lib/pkix/src/Attribute/PFindValue.c
deleted file mode 100644
index 0f1095f0c..000000000
--- a/security/nss/lib/pkix/src/Attribute/PFindValue.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_FindValue
- *
- * This routine searches the set of attribute values in the specified
- * NSSPKIXAttribute for the provided data. If an exact match is found,
- * then that value's index is returned. If an exact match is not
- * found, -1 is returned. If there is more than one exact match, one
- * index will be returned. {notes about unorderdness of SET, etc}
- * If the index may not be represented as an integer, an error is
- * indicated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_IMPLEMENT PRInt32
-nssPKIXAttribute_FindValue
-(
- NSSPKIXAttribute *a,
- NSSPKIXAttributeValue *attributeValue
-)
-{
- PRUint32 i;
- nssASN1Item **a;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(a) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(value) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- PR_ASSERT((nssASN1Item **)NULL != a->asn1values);
- if( (nssASN1Item **)NULL == a->asn1values ) {
- nss_SetError(NSS_ERROR_ASSERTION_FAILED);
- return -1;
- }
-
- for( i = 0, a = &a->asn1values[0]; *a; a++, (i > 0x7fffffff) || i++ ) {
- NSSItem tmp;
-
- tmp.size = (*a)->size;
- tmp.data = (*a)->data;
-
- if( PR_TRUE == nssItem_Equal(attributeValue, &tmp, (PRStatus *)NULL) ) {
- if( i > 0x7fffffff ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return -1;
- }
- return (PRInt32)i;
- }
- }
-
- nss_SetError(NSS_ERROR_NOT_FOUND);
- return -1;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PGetType.c b/security/nss/lib/pkix/src/Attribute/PGetType.c
deleted file mode 100644
index 4b61431b8..000000000
--- a/security/nss/lib/pkix/src/Attribute/PGetType.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_GetType
- *
- * This routine returns the attribute type oid of the specified
- * NSSPKIXAttribute.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSPKIXAttributeType pointer upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeType *
-nssPKIXAttribute_GetType
-(
- NSSPKIXAttribute *a
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(a) ) {
- return (NSSPKIXAttributeType *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSPKIXAttributeType *)NULL == a->type ) {
- NSSItem ber;
-
- ber.size = a->asn1type.size;
- ber.data = a->asn1type.data;
-
- a->type = (NSSPKIXAttributeType *)NSSOID_CreateFromBER(&ber);
- }
-
- return a->type;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PGetValue.c b/security/nss/lib/pkix/src/Attribute/PGetValue.c
deleted file mode 100644
index bbf12ca67..000000000
--- a/security/nss/lib/pkix/src/Attribute/PGetValue.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_GetValue
- *
- * This routine returns the i'th attribute value of the set of
- * values in the specified NSSPKIXAttribute. Although the set
- * is unordered, an arbitrary ordering will be maintained until
- * the data in the attribute is changed. {usual comments about
- * itemOpt and arenaOpt} [0,valueCount)
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeValue *
-nssPKIXAttribute_GetValue
-(
- NSSPKIXAttribute *attribute,
- PRInt32 i,
- NSSPKIXAttributeValue *itemOpt,
- NSSArena *arenaOpt
-)
-{
- NSSItem tmp;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return (NSSPKIXAttributeValue *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeValue *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( 0 == attribute->valuesCount ) {
- nss_pkix_Attribute_Count(attribute);
- }
-
- if( (i < 0) || (i >= attribute->valuesCount) ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXAttributeValue *)NULL;
- }
-
- tmp.size = attribute->asn1values[i]->size;
- tmp.data = attribute->asn1values[i]->data;
-
- return nssItem_Duplicate(&tmp, arenaOpt, itemOpt);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PGetValueCount.c b/security/nss/lib/pkix/src/Attribute/PGetValueCount.c
deleted file mode 100644
index ada1d403d..000000000
--- a/security/nss/lib/pkix/src/Attribute/PGetValueCount.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_GetValueCount
- *
- * This routine returns the number of attribute values present in
- * the specified NSSPKIXAttribute. This routine returns a PRInt32.
- * Upon error, this routine returns -1. This routine indicates an
- * error if the number of values cannot be expressed as a PRInt32.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_IMPLEMENT PRInt32
-nssPKIXAttribute_GetValueCount
-(
- NSSPKIXAttribute *attribute
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return -1;
- }
-#endif /* NSSDEBUG */
-
- if( 0 == attribute->valuesCount ) {
- nss_pkix_Attribute_Count(attribute);
- }
-
-#ifdef PEDANTIC
- if( 0 == attribute->valuesCount ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return -1;
- }
-#endif /* PEDANTIC */
-
- if( attribute->valuesCount > 0x7fffffff ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return -1;
- }
-
- return (PRInt32)(attribute->valuesCount);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PGetValues.c b/security/nss/lib/pkix/src/Attribute/PGetValues.c
deleted file mode 100644
index ccc11dbe0..000000000
--- a/security/nss/lib/pkix/src/Attribute/PGetValues.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_GetValues
- *
- * This routine returns all of the attribute values in the specified
- * NSSPKIXAttribute. If the optional pointer to an array of NSSItems
- * is non-null, then that array will be used and returned; otherwise,
- * an array will be allocated and returned. If the limit is nonzero
- * (which is must be if the specified array is nonnull), then an
- * error is indicated if it is smaller than the value count.
- * {arenaOpt}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSItem's upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeValue *
-nssPKIXAttribute_GetValues
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-)
-{
- NSSPKIXAttributeValue *rv = (NSSPKIXAttributeValue *)NULL;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return (NSSPKIXAttributeValue *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyOpt(attribute) ) {
- return (NSSPKIXAttributeValue *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( 0 == attribute->valuesCount ) {
- nss_pkix_Attribute_Count(attribute);
- }
-
-#ifdef PEDANTIC
- if( 0 == attribute->valuesCount ) {
- if( 0 == limit ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- } else {
- nss_SetError(NSS_ERROR_ARRAY_TOO_SMALL);
- }
- return (NSSPKIXAttributeValue *)NULL;
- }
-#endif /* PEDANTIC */
-
- if( (limit < attribute->valuesCount) &&
- !((0 == limit) && ((NSSPKIXAttributeValue *)NULL == rvOpt)) ) {
- nss_SetError(NSS_ERROR_ARRAY_TOO_SMALL);
- return (NSSPKIXAttributeValue *)NULL;
- }
-
- limit = attribute->valuesCount;
- if( (NSSPKIXAttributeValue *)NULL == rvOpt ) {
- rv = nss_ZNEWARRAY(arenaOpt, NSSPKIXAttributeValue, limit);
- if( (NSSPKIXAttributeValue *)NULL == rv ) {
- return (NSSPKIXAttributeValue *)NULL;
- }
- } else {
- rv = rvOpt;
- }
-
- for( i = 0; i < limit; i++ ) {
- NSSAttributeValue tmp;
- nssASN1Item *p = attribute->asn1values[i];
- NSSAttributeValue *r = &rv[i];
-
- tmp.size = p->size;
- tmp.data = p->data;
-
- if( (NSSItem *)NULL == nssItem_Duplicate(&tmp, arenaOpt, r) ) {
- goto loser;
- }
- }
-
- return rv;
-
- loser:
- for( i = 0; i < limit; i++ ) {
- NSSAttributeValue *r = &rv[i];
- nss_ZFreeIf(r->data);
- }
-
- if( rv != rvOpt ) {
- nss_ZFreeIf(rv);
- }
-
- return (NSSAttributeValue *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PRemoveValue.c b/security/nss/lib/pkix/src/Attribute/PRemoveValue.c
deleted file mode 100644
index 6da2ebc07..000000000
--- a/security/nss/lib/pkix/src/Attribute/PRemoveValue.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_RemoveValue
- *
- * This routine removes the i'th attribute value of the set in the
- * specified NSSPKIXAttribute. An attempt to remove the last value
- * will fail.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_AT_MINIMUM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-PR_IMPLEMENET(PRStatus)
-nssPKIXAttribute_RemoveValue
-(
- NSSPKIXAttribute *a,
- PRInt32 i
-)
-{
- nssASN1Item **ip;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(a) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( 0 == a->valuesCount ) {
- nss_pkix_Attribute_Count(a);
- }
-
- if( i < 0 ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-
- if( 1 == a->valuesCount ) {
- nss_SetError(NSS_ERROR_AT_MINIMUM);
- return PR_FAILURE;
- }
-
-#ifdef PEDANTIC
- if( 0 == a->valuesCount ) {
- /* Too big.. but we can still remove one */
- nss_ZFreeIf(a->asn1values[i].data);
- for( ip = &a->asn1values[i]; *ip; ip++ ) {
- ip[0] = ip[1];
- }
- } else
-#endif /* PEDANTIC */
-
- {
- nssASN1Item *si;
- PRUint32 end;
-
- if( i >= a->valueCount ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-
- end = a->valuesCount - 1;
-
- si = a->asn1values[i];
- a->asn1values[i] = a->asn1values[ end ];
- a->asn1values[ end ] = (nssASN1Item *)NULL;
-
- nss_ZFreeIf(si->data);
- nss_ZFreeIf(si);
-
- /* We could realloc down, but we know it's a no-op */
- a->valuesCount = end;
- }
-
- return nss_pkix_Attribute_Clear(a);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PSetType.c b/security/nss/lib/pkix/src/Attribute/PSetType.c
deleted file mode 100644
index 8f430aab3..000000000
--- a/security/nss/lib/pkix/src/Attribute/PSetType.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_SetType
- *
- * This routine sets the attribute type oid of the indicated
- * NSSPKIXAttribute to the specified value. Since attributes
- * may be application-defined, no checking can be done on
- * either the correctness of the attribute type oid value nor
- * the suitability of the set of attribute values.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAttribute_SetType
-(
- NSSPKIXAttribute *a,
- NSSPKIXAttributeType *attributeType
-)
-{
- NSSDER tmp;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(a) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(attributeType) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- a->type = attributeType;
-
- nss_ZFreeIf(a->asn1type.data);
- if( (NSSDER *)NULL == nssOID_GetDEREncoding(a->type, &tmp, a->arena) ) {
- return PR_FAILURE;
- }
-
- a->asn1type.size = tmp.size;
- a->asn1type.data = tmp.data;
-
- return nss_pkix_Attribute_Clear(a);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PSetValue.c b/security/nss/lib/pkix/src/Attribute/PSetValue.c
deleted file mode 100644
index 4fd490a6a..000000000
--- a/security/nss/lib/pkix/src/Attribute/PSetValue.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_SetValue
- *
- * This routine sets the i'th attribute value {blah blah; copies
- * memory contents over..}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAttribute_SetValue
-(
- NSSPKIXAttribute *a,
- PRInt32 i,
- NSSPKIXAttributeValue *value
-)
-{
- NSSItem tmp;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(a) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(value) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( i < 0 ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-
- if( 0 == a->valuesCount ) {
- nss_pkix_Attribute_Count(a);
- }
-
- if( (0 != a->valuesCount) && (i > a->valuesCount) ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-
- if( (NSSItem *)NULL == nssItem_Duplicate(value, a->arena, &tmp) ) {
- return PR_FAILURE;
- }
-
- nss_ZFreeIf(a->asn1values[i]->data);
- a->asn1values[i]->size = tmp.size;
- a->asn1values[i]->data = tmp.data;
-
- return nss_pkix_Attribute_Clear(a);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/PSetValues.c b/security/nss/lib/pkix/src/Attribute/PSetValues.c
deleted file mode 100644
index 64df8eb55..000000000
--- a/security/nss/lib/pkix/src/Attribute/PSetValues.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttribute_SetValues
- *
- * This routine sets all of the values of the specified
- * NSSPKIXAttribute to the values in the specified NSSItem array.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAttribute_SetValues
-(
- NSSPKIXAttribute *a,
- NSSPKIXAttributeValue values[],
- PRInt32 count
-)
-{
- nssASN1Item **ip;
- nssASN1Item *newarray;
- PRUint32 i;
- nssArenaMark *mark;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(a) ) {
- return PR_FAILURE;
- }
-
- if( (NSSPKIXAttributeValue *)NULL == values ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-
- if( count < 1 ) {
- nss_SetError(NSS_ERROR_ARRAY_TOO_SMALL);
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- PR_ASSERT((nssASN1Item **)NULL != a->asn1values);
- if( (nssASN1Item **)NULL == a->asn1values ) {
- nss_SetError(NSS_ERROR_ASSERTION_FAILED);
- return PR_FAILURE;
- }
-
- mark = nssArena_Mark(a->arena);
- if( (nssArenaMark *)NULL == mark ) {
- return PR_FAILURE;
- }
-
- newarray = nss_ZNEWARRAY(a->arena, nssASN1Item *, count);
- if( (nssASN1Item *)NULL == newarray ) {
- return PR_FAILURE;
- }
-
- for( i = 0; i < count; i++ ) {
- NSSItem tmp;
-
- newarray[i] = nss_ZNEW(a->arena, nssASN1Item);
- if( (nssASN1Item *)NULL == newarray[i] ) {
- goto loser;
- }
-
- if( (NSSItem *)NULL == nssItem_Duplicate(&values[i], a->arena, &tmp) ) {
- goto loser;
- }
-
- newarray[i]->size = tmp.size;
- newarray[i]->data = tmp.data;
- }
-
- for( ip = &a->asn1values[0]; *ip; ip++ ) {
- nss_ZFreeIf((*ip)->data);
- nss_ZFreeIf(*ip);
- }
-
- nss_ZFreeIf(a->asn1values);
-
- a->asn1values = newarray;
- a->valuesCount = count;
-
- (void)nss_pkix_Attribute_Clear(a);
- return nssArena_Unmark(a->arena, mark);
-
- loser:
- (void)nssArena_Release(a->arena, mark);
- return PR_FAILURE;
-}
diff --git a/security/nss/lib/pkix/src/Attribute/RemoveValue.c b/security/nss/lib/pkix/src/Attribute/RemoveValue.c
deleted file mode 100644
index e869fd96a..000000000
--- a/security/nss/lib/pkix/src/Attribute/RemoveValue.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_RemoveValue
- *
- * This routine removes the i'th attribute value of the set in the
- * specified NSSPKIXAttribute. An attempt to remove the last value
- * will fail.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_AT_MINIMUM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXAttribute_RemoveValue
-(
- NSSPKIXAttribute *attribute,
- PRInt32 i
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_RemoveValue(attribute, i);
-}
-
diff --git a/security/nss/lib/pkix/src/Attribute/SetType.c b/security/nss/lib/pkix/src/Attribute/SetType.c
deleted file mode 100644
index 4975c8f8a..000000000
--- a/security/nss/lib/pkix/src/Attribute/SetType.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_SetType
- *
- * This routine sets the attribute type oid of the indicated
- * NSSPKIXAttribute to the specified value. Since attributes
- * may be application-defined, no checking can be done on
- * either the correctness of the attribute type oid value nor
- * the suitability of the set of attribute values.
- *
- * The error value may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXAttribute_SetType
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeType *attributeType
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(attributeType) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_SetType(attribute, attributeType);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/SetValue.c b/security/nss/lib/pkix/src/Attribute/SetValue.c
deleted file mode 100644
index 43f74ad26..000000000
--- a/security/nss/lib/pkix/src/Attribute/SetValue.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_SetValue
- *
- * This routine sets the i'th attribute value {blah blah; copies
- * memory contents over..}
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXAttribute_SetValue
-(
- NSSPKIXAttribute *attribute,
- PRInt32 i,
- NSSPKIXAttributeValue *value
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(value) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttribute_SetValue(attribute, i, value);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/SetValues.c b/security/nss/lib/pkix/src/Attribute/SetValues.c
deleted file mode 100644
index 7c3645cf7..000000000
--- a/security/nss/lib/pkix/src/Attribute/SetValues.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttribute_SetValues
- *
- * This routine sets all of the values of the specified
- * NSSPKIXAttribute to the values in the specified NSSItem array.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXAttribute_SetValues
-(
- NSSPKIXAttribute *attribute,
- NSSPKIXAttributeValue values[],
- PRInt32 count
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttribute_verifyPointer(attribute) ) {
- return PR_FAILURE;
- }
-
- if( (NSSPKIXAttributeValue *)NULL == values ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-
- if( count < 1 ) {
- nss_SetError(NSS_ERROR_ARRAY_TOO_SMALL);
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKXIAttribute_SetValues(attribute, values, count);
-}
diff --git a/security/nss/lib/pkix/src/Attribute/template.c b/security/nss/lib/pkix/src/Attribute/template.c
deleted file mode 100644
index 850b6a9b0..000000000
--- a/security/nss/lib/pkix/src/Attribute/template.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXAttribute_template
- *
- *
- */
-
-const nssASN1Template nssPKIXAttribute_template[] = {
- { nssASN1_SEQUENCE, 0, NULL, sizeof(NSSPKIXAttribute) },
- { nssASN1_OBJECT_ID, offsetof(NSSPKIXAttribute, asn1type) },
- { nssASN1_SET_OF, offsetof(NSSPKIXAttribute, asn1values),
- nssASN1Template_Any },
- { 0 }
-};
diff --git a/security/nss/lib/pkix/src/Attribute/verifyPointer.c b/security/nss/lib/pkix/src/Attribute/verifyPointer.c
deleted file mode 100644
index c0ae3ed84..000000000
--- a/security/nss/lib/pkix/src/Attribute/verifyPointer.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-#ifdef DEBUG
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker pkix_attribute_pointer_tracker;
-
-/*
- * nss_pkix_Attribute_add_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine adds an NSSPKIXAttribute pointer to
- * the internal pointer-tracker. This routine should only be used
- * by the NSSPKIX module. This routine returns a PRStatus value;
- * upon error it will place an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_Attribute_add_pointer
-(
- const NSSPKIXAttribute *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_attribute_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&pkix_attribute_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- return PR_SUCCESS;
-}
-
-/*
- * nss_pkix_Attribute_remove_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine removes a valid NSSPKIXAttribute
- * pointer from the internal pointer-tracker. This routine should
- * only be used by the NSSPKIX module. This routine returns a
- * PRStatus value; upon error it will place an error on the error
- * stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_Attribute_remove_pointer
-(
- const NSSPKIXAttribute *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&pkix_attribute_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
-}
-
-/*
- * nssPKIXAttribute_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXAttribute
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAttribute_verifyPointer
-(
- NSSPKIXAttribute *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_attribute_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&pkix_attribute_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-#endif /* DEBUG */
-
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/Create.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/Create.c
deleted file mode 100644
index 84e721f80..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/Create.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_Create
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue *
-NSSPKIXAttributeTypeAndValue_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- NSSPKIXAttributeValue *value
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(typeOid) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(value) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue(arenaOpt, typeOid, value);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/CreateFromUTF8.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/CreateFromUTF8.c
deleted file mode 100644
index 72e0a3114..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/CreateFromUTF8.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_CreateFromUTF8
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue *
-NSSPKIXAttributeTypeAndValue_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue_CreateFromUTF8(arenaOpt, string);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/Decode.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/Decode.c
deleted file mode 100644
index 33b657303..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/Decode.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_Decode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue *
-NSSPKIXAttributeTypeAndValue_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue_Decode(arenaOpt, ber);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/Destroy.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/Destroy.c
deleted file mode 100644
index b3c28a03f..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/Destroy.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_Destroy
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXAttributeTypeAndValue_Destroy
-(
- NSSPKIXAttributeTypeAndValue *atav
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue_Destroy(atav);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/Duplicate.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/Duplicate.c
deleted file mode 100644
index 09d1f27c3..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/Duplicate.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_Duplicate
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue *
-NSSPKIXAttributeTypeAndValue_Duplicate
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue_Duplicate(atav, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/Encode.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/Encode.c
deleted file mode 100644
index 1b67be84d..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/Encode.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-NSSPKIXAttributeTypeAndValue_Encode
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue_Encode(atav, encoding, rvOpt, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/Equal.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/Equal.c
deleted file mode 100644
index 0cbf06eca..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/Equal.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_Equal
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-NSSPKIXAttributeTypeAndValue_Equal
-(
- NSSPKIXAttributeTypeAndValue *atav1,
- NSSPKIXAttributeTypeAndValue *atav2,
- PRStatus *statusOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav1) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav2) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue_Equal(atav1, atav2, statusOpt);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/GetType.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/GetType.c
deleted file mode 100644
index 68e2f48f6..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/GetType.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_GetType
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSPKIXAttributeType pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeType *
-NSSPKIXAttributeTypeAndValue_GetType
-(
- NSSPKIXAttributeTypeAndValue *atav
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return (NSSPKIXAttributeType *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue_GetType(atav);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/GetUTF8Encoding.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/GetUTF8Encoding.c
deleted file mode 100644
index 611e4bcb9..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/GetUTF8Encoding.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_GetUTF8Encoding
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-NSSPKIXAttributeTypeAndValue_GetUTF8Encoding
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue_GetUTF8Encoding(atav, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/GetValue.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/GetValue.c
deleted file mode 100644
index 5516c63ea..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/GetValue.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_GetValue
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSAttributeValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeValue *
-NSSPKIXAttributeTypeAndValue_GetValue
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeValue *itemOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return (NSSPKIXAttributeValue *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeValue *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue_GetValue(atav, itemOpt, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/MClear.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/MClear.c
deleted file mode 100644
index eeae7db86..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/MClear.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nss_pkix_AttributeTypeAndValue_Clear
- *
- * Wipes out cached data.
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_AttributeTypeAndValue_Clear
-(
- NSSPKIXAttributeTypeAndValue *atav
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSBER *)NULL != atav->ber ) {
- nss_ZFreeIf(atav->ber->data);
- nss_ZFreeIf(atav->ber);
- }
-
- if( (NSSDER *)NULL != atav->der ) {
- nss_ZFreeIf(atav->der->data);
- nss_ZFreeIf(atav->der);
- }
-
- nss_ZFreeIf(atav->utf8);
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PCreate.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PCreate.c
deleted file mode 100644
index 2dc6d8ac5..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PCreate.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_Create
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue *
-nssPKIXAttributeTypeAndValue_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeType *typeOid,
- NSSPKIXAttributeValue *value
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXAttributeTypeAndValue *rv = (NSSPKIXAttributeTypeAndValue *)NULL;
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(typeOid) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(value) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-#endif /* DEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXAttributeTypeAndValue);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->type = typeOid;
-
- {
- NSSItem tmp;
- if( (NSSItem *)NULL == nssOID_GetDEREncoding(typeOid, arena, &tmp) ) {
- goto loser;
- }
-
- rv->asn1type.size = tmp.size;
- rv->asn1type.data = tmp.data;
- }
-
- {
- NSSItem tmp;
- if( (NSSItem *)NULL == nssItem_Duplicate(value, arena, &tmp) ) {
- goto loser;
- }
-
- rv->asn1value.size = tmp.size;
- rv->asn1value.data = tmp.data;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_AttributeTypeAndValue_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXAttributeTypeAndValue *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PCreateFromUTF8.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PCreateFromUTF8.c
deleted file mode 100644
index a2fa289ea..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PCreateFromUTF8.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_CreateFromUTF8
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue *
-nssPKIXAttributeTypeAndValue_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXAttributeTypeAndValue *rv = (NSSPKIXAttributeTypeAndValue *)NULL;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXAttributeTypeAndValue);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->utf8 = nssUTF8_Duplicate(string, arena);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
-
- /* Fill this in later from ../pki1/atav.c implementation */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- goto loser;
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_AttributeTypeAndValue_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXAttributeTypeAndValue *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PDecode.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PDecode.c
deleted file mode 100644
index 9e017526c..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PDecode.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_Decode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue *
-nssPKIXAttributeTypeAndValue_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXAttributeTypeAndValue *rv = (NSSPKIXAttributeTypeAndValue *)NULL;
- PRStatus status;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXAttributeTypeAndValue);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- /* For this object, BER is DER */
- rv->der = nssItem_Duplicate(ber, arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == rv->ber ) {
- goto loser;
- }
-
- status = nssASN1_DecodeBER(arena, rv,
- nssPKIXAttributeTypeAndValue_template,
- ber);
- if( PR_SUCCESS != status ) {
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_AttributeTypeAndValue_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXAttributeTypeAndValue *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PDestroy.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PDestroy.c
deleted file mode 100644
index 47242f545..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PDestroy.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_Destroy
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAttributeTypeAndValue_Destroy
-(
- NSSPKIXAttributeTypeAndValue *atav
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
-#ifdef DEBUG
- (void)nss_pkix_AttributeTypeAndValue_remove_pointer(atav);
- (void)nssArena_RemoveDestructor(arena,
- nss_pkix_AttributeTypeAndValue_remove_pointer, atav);
-#endif /* DEBUG */
-
- if( PR_TRUE == atav->i_allocated_arena ) {
- return nssArena_Destroy(atav->arena);
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PDuplicate.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PDuplicate.c
deleted file mode 100644
index 53fc85171..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PDuplicate.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_Duplicate
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue *
-nssPKIXAttributeTypeAndValue_Duplicate
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSArena *arenaOpt
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXAttributeTypeAndValue *rv = (NSSPKIXAttributeTypeAndValue *)NULL;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXAttributeTypeAndValue);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
-
- if( (NSSDER *)NULL != atav->der ) {
- rv->der = nssItem_Duplicate(atav->der, arena, (NSSItem *)NULL);
- if( (NSSDER *)NULL == rv->der ) {
- goto loser; /* actually, this isn't fatal */
- }
- }
-
- {
- NSSItem src, dst;
- src.size = atav->asn1type.size;
- src.data = atav->asn1type.data;
- if( (NSSItem *)NULL == nssItem_Duplicate(&src, arena, &dst) ) {
- goto loser;
- }
- rv->asn1type.size = dst.size;
- rv->asn1type.data = dst.data;
- }
-
- {
- NSSItem src, dst;
- src.size = atav->asn1value.size;
- src.data = atav->asn1value.data;
- if( (NSSItem *)NULL == nssItem_Duplicate(&src, arena, &dst) ) {
- goto loser;
- }
- rv->asn1value.size = dst.size;
- rv->asn1value.data = dst.data;
- }
-
- rv->type = atav->type;
-
- if( (NSSUTF8 *)NULL != atav->utf8 ) {
- rv->utf8 = nssUTF8_Duplicate(atav->utf8, arena);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser; /* actually, this isn't fatal */
- }
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_AttributeTypeAndValue_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXAttributeTypeAndValue *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PEncode.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PEncode.c
deleted file mode 100644
index 64a77e590..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PEncode.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSBER *
-nssPKIXAttributeTypeAndValue_Encode
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- switch( encoding ) {
- case NSSASN1BER:
- case NSSASN1DER:
- break;
- case NSSASN1CER:
- case NSSASN1LWER:
- case NSSASN1PER:
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_ENCODING);
- return (NSSBER *)NULL;
- }
-
- /* For this item its DER is BER */
-
- if( (NSSDER *)NULL == atav->der ) {
- atav->der = nssASN1_EncodeDER(atav->arena, (NSSItem *)NULL, a,
- nssPKIXAtributeTypeAndValue_template, NSSASN1DER);
- if( (NSSDER *)NULL == atav->der ) {
- return (NSSBER *)NULL;
- }
- }
-
- return nssItem_Duplicate(a->der, arenaOpt, rvOpt);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PEqual.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PEqual.c
deleted file mode 100644
index 67dc970f1..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PEqual.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_Equal
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-nssPKIXAttributeTypeAndValue_Equal
-(
- NSSPKIXAttributeTypeAndValue *atav1,
- NSSPKIXAttributeTypeAndValue *atav2,
- PRStatus *statusOpt
-)
-{
- NSSItem one, two;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav1) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav2) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- one.size = atav1->asn1type.size;
- one.data = atav1->asn1type.data;
- two.size = atav2->asn1type.size;
- two.data = atav2->asn1type.data;
-
- if( PR_FALSE == nssItem_Equal(&one, &two, statusOpt) ) {
- return PR_FALSE;
- }
-
- one.size = atav1->asn1value.size;
- one.data = atav1->asn1value.data;
- two.size = atav2->asn1value.size;
- two.data = atav2->asn1value.data;
-
- return nssItem_Equal(&one, &two, statusOpt);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PGetType.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PGetType.c
deleted file mode 100644
index 20411e8ee..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PGetType.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_GetType
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSPKIXAttributeType pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeType *
-nssPKIXAttributeTypeAndValue_GetType
-(
- NSSPKIXAttributeTypeAndValue *atav
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSPKIXAttributeType *)NULL == atav->type ) {
- NSSItem ber;
-
- ber.size = atav->asn1type.size;
- ber.data = atav->asn1type.data;
-
- atav->type = (NSSPKIXAttributeType *)NSSOID_CreateFromBER(&ber);
- }
-
- return atav->type;
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PGetUTF8Encoding.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PGetUTF8Encoding.c
deleted file mode 100644
index 41145b3cf..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PGetUTF8Encoding.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_GetUTF8Encoding
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssPKIXAttributeTypeAndValue_GetUTF8Encoding
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSUTF8 *)NULL == atav->utf8 ) {
- /* xxx fgmr fill this in from the ../pki1/atav.c implementation */
- }
-
- return nssUTF8_Duplicate(atav->utf8, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PGetValue.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PGetValue.c
deleted file mode 100644
index 33f9e5b2b..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PGetValue.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_GetValue
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSAttributeValue upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXAttributeValue *
-nssPKIXAttributeTypeAndValue_GetValue
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeValue *rvOpt,
- NSSArena *arenaOpt
-)
-{
- NSSItem tmp;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- tmp.size = atav->asn1value.size;
- tmp.data = atav->asn1value.data;
-
- return nssItem_Duplicate(&tmp, arenaOpt, rvOpt);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PSetType.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PSetType.c
deleted file mode 100644
index 4e25b88cc..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PSetType.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_SetType
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssPKIXAttributeTypeAndValue_SetType
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeType *attributeType
-)
-{
- NSSDER tmp;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(attributeType) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- atav->type = attributeType;
-
- nss_ZFreeIf(atav->asn1type.data);
- if( (NSSDER *)NULL == nssOID_GetDEREncoding(atav->type, &tmp, atav->arena) ) {
- return PR_FAILURE;
- }
-
- atav->asn1type.size = tmp.size;
- atav->asn1type.data = tmp.data;
-
- return nss_pkix_AttributeTypeAndValue_Clear(atav);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/PSetValue.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/PSetValue.c
deleted file mode 100644
index 82de4db00..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/PSetValue.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_SetValue
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAttributeTypeAndValue_SetValue
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeValue *value
-)
-{
- NSSItem tmp;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(value) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSItem *)NULL == nssItem_Duplicate(value, atav->arena, &tmp) ) {
- return PR_FAILURE;
- }
-
- nss_ZFreeIf(atav->asn1value.data);
- atav->asn1value.size = tmp.size;
- atav->asn1value.data = tmp.data;
-
- return nss_pkix_AttributeTypeAndValue_Clear(atav);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/SetType.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/SetType.c
deleted file mode 100644
index 672b7b738..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/SetType.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_SetType
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_OID
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXAttributeTypeAndValue_SetType
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeType *attributeType
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(attributeType) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue_SetType(atav, attributeType);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/SetValue.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/SetValue.c
deleted file mode 100644
index fafc54d6c..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/SetValue.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXAttributeTypeAndValue_SetValue
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXAttributeTypeAndValue_SetValue
-(
- NSSPKIXAttributeTypeAndValue *atav,
- NSSPKIXAttributeValue *value
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(value) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXAttributeTypeAndValue_SetValue(atav, value);
-}
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/template.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/template.c
deleted file mode 100644
index 548a4fac9..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/template.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXAttributeTypeAndValue_template
- *
- */
-
-const nssASN1Template nssPKIXAttributeTypeAndValue_template[] = {
- { nssASN1_SEQUENCE, 0, NULL, sizeof(NSSPKIXAttributeTypeAndValue) },
- { nssASN1_OBJECT_ID, offsetof(NSSPKIXAttributeTypeAndValue, asn1type) },
- { nssASN1_ANY, offsetof(NSSPKIXAttributeTypeAndValue, asn1value) },
- { 0 }
-};
diff --git a/security/nss/lib/pkix/src/AttributeTypeAndValue/verifyPointer.c b/security/nss/lib/pkix/src/AttributeTypeAndValue/verifyPointer.c
deleted file mode 100644
index 340e19c1b..000000000
--- a/security/nss/lib/pkix/src/AttributeTypeAndValue/verifyPointer.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-#ifdef DEBUG
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker pkix_atav_pointer_tracker;
-
-/*
- * nss_pkix_AttributeTypeAndValue_add_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine adds an NSSPKIXAttributeTypeAndValue
- * pointer to the internal pointer-tracker. This routine should only
- * be used by the NSSPKIX module. This routine returns a PRStatus
- * value; upon error it will place an error on the error stack and
- * return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_AttributeTypeAndValue_add_pointer
-(
- const NSSPKIXAttributeTypeAndValue *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_atav_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&pkix_atav_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- rv = nssArena_registerDestructor(arena,
- nss_pkix_AttributeTypeAndValue_remove_pointer, p);
- if( PR_SUCCESS != rv ) {
- (void)nss_pkix_AttributeTypeAndValue_remove_pointer(p);
- return rv;
- }
-
- return PR_SUCCESS;
-}
-
-/*
- * nss_pkix_AttributeTypeAndValue_remove_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine removes a valid
- * NSSPKIXAttributeTypeAndValue pointer from the internal
- * pointer-tracker. This routine should only be used by the
- * NSSPKIX module. This routine returns a PRStatus value;
- * upon error it will place an error on the error stack and
- * return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_AttributeTypeAndValue_remove_pointer
-(
- const NSSPKIXAttributeTypeAndValue *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&pkix_atav_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- /*
- * nssArena_deregisterDestructor(p->arena,
- * nss_pkix_AttributeTypeAndValue_remove_pointer, p);
- */
-
- return rv;
-}
-
-/*
- * nssPKIXAttributeTypeAndValue_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an
- * NSSPKIXAttributeTypeAndValue object, this routine will return
- * PR_SUCCESS. Otherwise, it will put an error on the error stack
- * and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXAttributeTypeAndValue_verifyPointer
-(
- NSSPKIXAttributeTypeAndValue *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_atav_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&pkix_atav_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-#endif /* DEBUG */
-
diff --git a/security/nss/lib/pkix/src/Name/Create.c b/security/nss/lib/pkix/src/Name/Create.c
deleted file mode 100644
index dc9059f0b..000000000
--- a/security/nss/lib/pkix/src/Name/Create.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXName *
-NSSPKIXName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXNameChoice choice,
- void *arg
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXName *)NULL;
- }
- }
-
- switch( choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- {
- NSSPKIXRDNSequence *r = (NSSPKIXRDNSequence *)arg;
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(r) ) {
- return (NSSPKIXName *)NULL;
- }
- }
-
- break;
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- nss_SetError(NSS_ERROR_INVALID_CHOICE);
- return (NSSPKIXName *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXName_Create(arenaOpt, choice, arg);
-}
diff --git a/security/nss/lib/pkix/src/Name/CreateFromRDNSequence.c b/security/nss/lib/pkix/src/Name/CreateFromRDNSequence.c
deleted file mode 100644
index da07742cc..000000000
--- a/security/nss/lib/pkix/src/Name/CreateFromRDNSequence.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_CreateFromRDNSequence
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXName *
-NSSPKIXName_CreateFromRDNSequence
-(
- NSSArena *arenaOpt,
- NSSPKIXRDNSequence *rdnSequence
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXName *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnSequence) ) {
- return (NSSPKIXName *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXName_CreateFromRDNSequence(arenaOpt, rdnSequence);
-}
diff --git a/security/nss/lib/pkix/src/Name/CreateFromUTF8.c b/security/nss/lib/pkix/src/Name/CreateFromUTF8.c
deleted file mode 100644
index f2111ea75..000000000
--- a/security/nss/lib/pkix/src/Name/CreateFromUTF8.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXName *
-NSSPKIXName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXName *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXName_CreateFromUTF8(arenaOpt, string);
-}
diff --git a/security/nss/lib/pkix/src/Name/Decode.c b/security/nss/lib/pkix/src/Name/Decode.c
deleted file mode 100644
index b30fac01e..000000000
--- a/security/nss/lib/pkix/src/Name/Decode.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_CreateFromBER
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXName *
-NSSPKIXName_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXName *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXName *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXName_CreateFromBER(arenaOpt, ber);
-}
diff --git a/security/nss/lib/pkix/src/Name/Destroy.c b/security/nss/lib/pkix/src/Name/Destroy.c
deleted file mode 100644
index c8c2bc9f2..000000000
--- a/security/nss/lib/pkix/src/Name/Destroy.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXName_Destroy
-(
- NSSPKIXName *name
-)
-{
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXName_Destroy(name);
-}
diff --git a/security/nss/lib/pkix/src/Name/Duplicate.c b/security/nss/lib/pkix/src/Name/Duplicate.c
deleted file mode 100644
index 6c8831729..000000000
--- a/security/nss/lib/pkix/src/Name/Duplicate.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXName *
-NSSPKIXName_Duplicate
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return (NSSDER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXName_Duplicate(name, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Name/Encode.c b/security/nss/lib/pkix/src/Name/Encode.c
deleted file mode 100644
index 344a53724..000000000
--- a/security/nss/lib/pkix/src/Name/Encode.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-NSSPKIXName_Encode
-(
- NSSPKIXName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXName_Encode(name, rvOpt, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Name/Equal.c b/security/nss/lib/pkix/src/Name/Equal.c
deleted file mode 100644
index 9a74eef94..000000000
--- a/security/nss/lib/pkix/src/Name/Equal.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-NSSPKIXName_Equal
-(
- NSSPKIXName *name1,
- NSSPKIXName *name2,
- PRStatus *statusOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(name1) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(name2) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
- }
-#endif /* DEBUG */
-
- return nssPKIX_Equal(name1, name2, statusOpt);
-}
diff --git a/security/nss/lib/pkix/src/Name/GetChoice.c b/security/nss/lib/pkix/src/Name/GetChoice.c
deleted file mode 100644
index 8a36ada00..000000000
--- a/security/nss/lib/pkix/src/Name/GetChoice.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_GetChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * A valid element of the NSSPKIXNameChoice enumeration upon success
- * The value NSSPKIXNameChoice_NSSinvalid (-1) upon error
- */
-
-NSS_IMPLEMENT NSSPKIXNameChoice
-NSSPKIXName_GetChoice
-(
- NSSPKIXName *name
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return NSSPKIXNameChoice_NSSinvalid;
- }
-#endif /* DEBUG */
-
- return nssPKIXName_GetChoice(name);
-}
diff --git a/security/nss/lib/pkix/src/Name/GetRDNSequence.c b/security/nss/lib/pkix/src/Name/GetRDNSequence.c
deleted file mode 100644
index 94562ae3c..000000000
--- a/security/nss/lib/pkix/src/Name/GetRDNSequence.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_GetRDNSequence
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A pointer to a valid NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-NSSPKIXName_GetRDNSequence
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXName_GetRDNSequence(name, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Name/GetSpecifiedChoice.c b/security/nss/lib/pkix/src/Name/GetSpecifiedChoice.c
deleted file mode 100644
index 3de2d5b84..000000000
--- a/security/nss/lib/pkix/src/Name/GetSpecifiedChoice.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_GetSpecifiedChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A valid pointer ...
- * NULL upon failure
- */
-
-NSS_IMPLEMENT void *
-NSSPKIXName_GetSpecifiedChoice
-(
- NSSPKIXName *name,
- NSSPKIXNameChoice choice,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(name) ) {
- return (void *)NULL;
- }
-
- switch( choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- break;
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- nss_SetError(NSS_ERROR_INVALID_CHOICE);
- return (void *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (void *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXName_GetSpecifiedChoice(name, choice, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Name/GetUTF8Encoding.c b/security/nss/lib/pkix/src/Name/GetUTF8Encoding.c
deleted file mode 100644
index c86dd94b2..000000000
--- a/security/nss/lib/pkix/src/Name/GetUTF8Encoding.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXName_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-NSSPKIXName_GetUTF8Encoding
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXName_GetUTF8Encoding(name, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Name/MClear.c b/security/nss/lib/pkix/src/Name/MClear.c
deleted file mode 100644
index e8d6b1961..000000000
--- a/security/nss/lib/pkix/src/Name/MClear.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nss_pkix_Name_Clear
- *
- * Wipes out cached data.
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_Name_Clear
-(
- NSSPKIXName *name
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSBER *)NULL != name->ber ) {
- nss_ZFreeIf(name->ber->data);
- nss_ZFreeIf(name->ber);
- }
-
- if( (NSSDER *)NULL != name->der ) {
- nss_ZFreeIf(name->der->data);
- nss_ZFreeIf(name->der);
- }
-
- nss_ZFreeIf(name->utf8);
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/Name/Mregister.c b/security/nss/lib/pkix/src/Name/Mregister.c
deleted file mode 100644
index 09ddb9d99..000000000
--- a/security/nss/lib/pkix/src/Name/Mregister.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifdef NSSDEBUG
-/*
- * nss_pkix_Name_register
- *
- * Registers whatever sub-component exists within this Name.
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_Name_register
-(
- NSSPKIXName *name
-)
-{
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return PR_FAILURE;
- }
-
- switch( name->choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- /* add pointer */
- /* (sub-)register pointer */
- /* add destructor to arena */
- break;
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/Name/PCreate.c b/security/nss/lib/pkix/src/Name/PCreate.c
deleted file mode 100644
index e93737599..000000000
--- a/security/nss/lib/pkix/src/Name/PCreate.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXName *
-nssPKIXName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXNameChoice choice,
- void *arg
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXName *rv = (NSSPKIXName *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXName *)NULL;
- }
- }
-
- switch( choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- if( (PR_SUCCESS != nssPKIXRDNSequence_verifyPointer((NSSPKIXRDNSequence *)arg) ) ) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return (NSSPKIXName *)NULL;
- }
- break;
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- nss_SetError(NSS_ERROR_INVALID_CHOICE);
- return (NSSPKIXName *)NULL;
- }
-#endif /* NSSDEBUG */
-
- switch( choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- break;
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- nss_SetError(NSS_ERROR_INVALID_CHOICE);
- goto loser;
- }
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXName);
- if( (NSSPKIXName *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->utf8 = nssUTF8_Duplicate(string, arena);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
-
- rv->choice = choice;
- switch( choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- rv->u.rdnSequence = nssPKIXRDNSequence_Duplicate((NSSPKIXRDNSequence *)arg, arena);
- if( (NSSPKIXRDNSequence *)NULL == rv->u.rdnSequence ) {
- goto loser;
- }
- break;
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- nss_SetError(NSS_ERROR_INVALID_CHOICE);
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Name_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssArena_registerDestructor(arena,
- nss_pkix_Name_remove_pointer, rv) ) {
- (void)nss_pkix_Name_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXName *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Name/PCreateFromRDNSequence.c b/security/nss/lib/pkix/src/Name/PCreateFromRDNSequence.c
deleted file mode 100644
index 169e409a3..000000000
--- a/security/nss/lib/pkix/src/Name/PCreateFromRDNSequence.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_CreateFromRDNSequence
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXName *
-nssPKIXName_CreateFromRDNSequence
-(
- NSSArena *arenaOpt,
- NSSPKIXRDNSequence *rdnSequence
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXName *rv = (NSSPKIXName *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXName *)NULL;
- }
- }
-
- if( (PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnSequence) ) ) {
- return (NSSPKIXName *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXName);
- if( (NSSPKIXName *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->utf8 = nssUTF8_Duplicate(string, arena);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
-
- rv->choice = NSSPKIXNameChoice_rdnSequence;
- rv->u.rdnSequence = nssPKIXRDNSequence_Duplicate(rdnSequence, arena);
- if( (NSSPKIXRDNSequence *)NULL == rv->u.rdnSequence ) {
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Name_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssArena_registerDestructor(arena,
- nss_pkix_Name_remove_pointer, rv) ) {
- (void)nss_pkix_Name_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXName *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Name/PCreateFromUTF8.c b/security/nss/lib/pkix/src/Name/PCreateFromUTF8.c
deleted file mode 100644
index 0939a19e3..000000000
--- a/security/nss/lib/pkix/src/Name/PCreateFromUTF8.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXName *
-nssPKIXName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXName *rv = (NSSPKIXName *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXName *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXName *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXName);
- if( (NSSPKIXName *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->utf8 = nssUTF8_Duplicate(string, arena);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
-
- /* Insert intelligence here -- fgmr */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- goto loser;
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Name_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssArena_registerDestructor(arena,
- nss_pkix_Name_remove_pointer, rv) ) {
- (void)nss_pkix_Name_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXName *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Name/PDecode.c b/security/nss/lib/pkix/src/Name/PDecode.c
deleted file mode 100644
index d3f20d473..000000000
--- a/security/nss/lib/pkix/src/Name/PDecode.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_CreateFromBER
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXName *
-nssPKIXName_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXName *rv = (NSSPKIXName *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXName *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXName *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXName);
- if( (NSSPKIXName *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->ber = nssItem_Duplicate(ber, arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == rv->ber ) {
- goto loser;
- }
-
- status = nssASN1_DecodeBER(arena, rv, nssPKIXName_template, ber);
- if( PR_SUCCESS != status ) {
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Name_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXName *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Name/PDestroy.c b/security/nss/lib/pkix/src/Name/PDestroy.c
deleted file mode 100644
index f1fd41721..000000000
--- a/security/nss/lib/pkix/src/Name/PDestroy.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXName_Destroy
-(
- NSSPKIXName *name
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
-#ifdef DEBUG
- (void)nss_pkix_Name_remove_pointer(name);
-#endif /* DEBUG */
-
- if( PR_TRUE == name->i_allocated_arena ) {
- return nssArena_Destroy(name->arena);
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/Name/PDuplicate.c b/security/nss/lib/pkix/src/Name/PDuplicate.c
deleted file mode 100644
index c5788a0f1..000000000
--- a/security/nss/lib/pkix/src/Name/PDuplicate.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXName *
-nssPKIXName_Duplicate
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXName *rv = (NSSPKIXName *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXName *)NULL;
- }
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXName);
- if( (NSSPKIXName *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
-
- if( (NSSBER *)NULL != name->ber ) {
- rv->ber = nssItem_Duplicate(name->ber, arena, (NSSItem *)NULL);
- if( (NSSBER *)NULL == rv->ber ) {
- goto loser;
- }
- }
-
- if( (NSSDER *)NULL != name->der ) {
- rv->der = nssItem_Duplicate(name->der, arena, (NSSItem *)NULL);
- if( (NSSDER *)NULL == rv->der ) {
- goto loser;
- }
- }
-
- if( (NSSUTF8 *)NULL != name->utf8 ) {
- rv->utf8 = nssUTF8_duplicate(name->utf8, arena);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
- }
-
- rv->choice = name->choice;
- switch( name->choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- rv->u.rdnSequence = nssPKIXRDNSequence_Duplicate(name->u.rdnSequence, arena);
- if( (NSSPKIXRDNSequence *)NULL == rv->u.rdnSequence ) {
- goto loser;
- }
- break;
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Name_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssArena_registerDestructor(arena,
- nss_pkix_Name_remove_pointer, rv) ) {
- (void)nss_pkix_Name_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXName *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Name/PEncode.c b/security/nss/lib/pkix/src/Name/PEncode.c
deleted file mode 100644
index 469b528fb..000000000
--- a/security/nss/lib/pkix/src/Name/PEncode.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-nssPKIXName_Encode
-(
- NSSPKIXName *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- NSSBER *it;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- switch( encoding ) {
- case NSSASN1BER:
- if( (NSSBER *)NULL != name->ber ) {
- it = name->ber;
- goto done;
- }
- /*FALLTHROUGH*/
- case NSSASN1DER:
- if( (NSSDER *)NULL != name->der ) {
- it = name->der;
- goto done;
- }
- break;
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_ENCODING);
- return (NSSBER *)NULL;
- }
-
- it = nssASN1_EncodeItem(name->arena, (NSSItem *)NULL, name,
- nssPKIXName_template, encoding);
- if( (NSSBER *)NULL == it ) {
- return (NSSBER *)NULL;
- }
-
- switch( encoding ) {
- case NSSASN1BER:
- name->ber = it;
- break;
- case NSSASN1DER:
- name->der = it;
- break;
- default:
- PR_ASSERT(0);
- break;
- }
-
- done:
- return nssItem_Duplicate(it, arenaOpt, rvOpt);
-}
diff --git a/security/nss/lib/pkix/src/Name/PEqual.c b/security/nss/lib/pkix/src/Name/PEqual.c
deleted file mode 100644
index 5ad91dd2a..000000000
--- a/security/nss/lib/pkix/src/Name/PEqual.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-nssPKIXName_Equal
-(
- NSSPKIXName *one,
- NSSPKIXName *two,
- PRStatus *statusOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(one) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXName_verifyPointer(two) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( ((NSSDER *)NULL != one->der) && ((NSSDER *)NULL != two->der) ) {
- return nssItem_Equal(one->der, two->der, statusOpt);
- }
-
- if( one->choice != two->choice ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
- return PR_FALSE;
- }
-
- switch( one->choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- return nssPKIXRDNSequence_Equal(one->u.rdnSequence, two->u.rdnSequence, statusOpt);
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- break;
- }
-
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
-}
diff --git a/security/nss/lib/pkix/src/Name/PGetChoice.c b/security/nss/lib/pkix/src/Name/PGetChoice.c
deleted file mode 100644
index f34a93908..000000000
--- a/security/nss/lib/pkix/src/Name/PGetChoice.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_GetChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- *
- * Return value:
- * A valid element of the NSSPKIXNameChoice enumeration upon success
- * The value NSSPKIXNameChoice_NSSinvalid (-1) upon error
- */
-
-NSS_IMPLEMENT NSSPKIXNameChoice
-nssPKIXName_GetChoice
-(
- NSSPKIXName *name
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return NSSPKIXNameChoice_NSSinvalid;
- }
-#endif /* NSSDEBUG */
-
- return name->choice;
-}
diff --git a/security/nss/lib/pkix/src/Name/PGetRDNSequence.c b/security/nss/lib/pkix/src/Name/PGetRDNSequence.c
deleted file mode 100644
index 0899e550d..000000000
--- a/security/nss/lib/pkix/src/Name/PGetRDNSequence.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_GetRDNSequence
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A pointer to a valid NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-nssPKIXName_GetRDNSequence
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- switch( name->choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- return nssPKIXRDNSequence_Duplicate(name->u.rdnSequence, arenaOpt);
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- break;
- }
-
- nss_SetError(NSS_ERROR_WRONG_CHOICE);
- return (NSSPKIXRDNSequence *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Name/PGetSpecifiedChoice.c b/security/nss/lib/pkix/src/Name/PGetSpecifiedChoice.c
deleted file mode 100644
index a24c8ea86..000000000
--- a/security/nss/lib/pkix/src/Name/PGetSpecifiedChoice.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_GetSpecifiedChoice
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_WRONG_CHOICE
- *
- * Return value:
- * A valid pointer ...
- * NULL upon failure
- */
-
-NSS_IMPLEMENT void *
-nssPKIXName_GetSpecifiedChoice
-(
- NSSPKIXName *name,
- NSSPKIXNameChoice choice,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return (void *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (void *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( choice != name->choice ) {
- nss_SetError(NSS_ERROR_WRONG_CHOICE);
- return (void *)NULL;
- }
-
- switch( name->choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- return (void *)nssPKIXRDNSequence_Duplicate(name->u.rdnSequence, arenaOpt);
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- break;
- }
-
- nss_SetError(NSS_ERROR_WRONG_CHOICE);
- return (NSSPKIXRDNSequence *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Name/PGetUTF8Encoding.c b/security/nss/lib/pkix/src/Name/PGetUTF8Encoding.c
deleted file mode 100644
index 164229277..000000000
--- a/security/nss/lib/pkix/src/Name/PGetUTF8Encoding.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXName_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_NAME
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssPKIXName_GetUTF8Encoding
-(
- NSSPKIXName *name,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXName_verifyPointer(name) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSUTF8 *)NULL == name->utf8 ) {
- /* xxx fgmr fill this in from pki1 implementation */
- }
-
- return nssUTF8_Duplicate(name->utf8, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Name/template.c b/security/nss/lib/pkix/src/Name/template.c
deleted file mode 100644
index 72ac85466..000000000
--- a/security/nss/lib/pkix/src/Name/template.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXName_template
- *
- */
-
-const nssASN1Template nssPKIXName_template[] = {
- { nssASN1_CHOICE, offsetof(NSSPKIXName, choice), 0, sizeof(NSSPKIXName) },
- { nssASN1_POINTER, offsetof(NSSPKIXName, u.rdnSequence),
- nssPKIXRDNSequence_template, NSSPKIXNameChoice_rdnSequence },
- { 0 }
-};
diff --git a/security/nss/lib/pkix/src/Name/verifyPointer.c b/security/nss/lib/pkix/src/Name/verifyPointer.c
deleted file mode 100644
index 6c27e5910..000000000
--- a/security/nss/lib/pkix/src/Name/verifyPointer.c
+++ /dev/null
@@ -1,210 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-#ifdef DEBUG
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker pkix_name_pointer_tracker;
-
-/*
- * nss_pkix_Name_add_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine adds an NSSPKIXName pointer to
- * the internal pointer-tracker. This routine should only be used
- * by the NSSPKIX module. This routine returns a PRStatus value;
- * upon error it will place an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_Name_add_pointer
-(
- const NSSPKIXName *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_name_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&pkix_name_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- rv = nssArena_registerDestructor(p->arena,
- nss_pkix_Name_remove_pointer, p);
- if( PR_SUCCESS != rv ) {
- (void)nss_pkix_Name_remove_pointer(p);
- return rv;
- }
-
-#ifdef NSSDEBUG
- switch( p->choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- rv = nss_pkix_RDNSequence_register(p->u.rdnSequence);
- break;
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- rv = PR_FAILURE;
- break;
- }
-
- if( PR_SUCCESS != rv ) {
- (void)nss_pkix_Name_remove_pointer(p);
- }
-#endif /* NSSDEBUG */
-
- return rv;
-}
-
-/*
- * nss_pkix_Name_remove_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine removes a valid NSSPKIXName
- * pointer from the internal pointer-tracker. This routine should
- * only be used by the NSSPKIX module. This routine returns a
- * PRStatus value; upon error it will place an error on the error
- * stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_Name_remove_pointer
-(
- const NSSPKIXName *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&pkix_name_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
-#ifdef NSSDEBUG
- switch( p->choice ) {
- case NSSPKIXNameChoice_rdnSequence:
- (void)nss_pkix_RDNSequence_register(p->u.rdnSequence);
- break;
- case NSSPKIXNameChoice_NSSinvalid:
- default:
- break;
- }
-#endif /* NSSDEBUG */
-
- /*
- * nssArena_deregisterDestructor(p->arena,
- * nss_pkix_Name_remove_pointer, p);
- */
-
- return rv;
-}
-
-/*
- * nssPKIXName_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXName
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXName_verifyPointer
-(
- NSSPKIXName *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_name_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&pkix_name_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-#endif /* DEBUG */
-
diff --git a/security/nss/lib/pkix/src/RDNSequence/AppendRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/AppendRelativeDistinguishedName.c
deleted file mode 100644
index 4e0d0d018..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/AppendRelativeDistinguishedName.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_AppendRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXRDNSequence_AppendRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_AppendRelativeDistinguishedName(rdnseq, rdn);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/Create.c b/security/nss/lib/pkix/src/RDNSequence/Create.c
deleted file mode 100644
index 52b8a851c..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/Create.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-NSSPKIXRDNSequence_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXRelativeDistinguishedName *rdn1,
- ...
-)
-{
- va_list ap;
- NSSPKIXRDNSequence *rv;
- PRUint32 count;
-
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-
- /* Is there a nonzero minimum number of RDNs required? */
-
- {
- va_start(ap, arenaOpt);
-
- while( 1 ) {
- NSSPKIXRelativeDistinguishedName *rdn;
- rdn = (NSSPKIXRelativeDistinguishedName *)va_arg(ap, NSSPKIXRelativeDistinguishedName *);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rdn ) {
- break;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- va_end(ap);
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-
- va_end(ap);
- }
-#endif /* DEBUG */
-
- va_start(ap, arenaOpt);
-
- for( count = 0; ; count++ ) {
- NSSPKIXRelativeDistinguishedName *rdn;
- rdn = (NSSPKIXRelativeDistinguishedName *)va_arg(ap, NSSPKIXRelativeDistinguishedName *);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rdn ) {
- break;
- }
-
-#ifdef PEDANTIC
- if( count == 0xFFFFFFFF ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- va_end(ap);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* PEDANTIC */
- }
-
- va_end(ap);
-
- va_start(ap, arenaOpt);
- rv = nss_pkix_RDNSequence_V_Create(arenaOpt, count, ap);
- va_end(ap);
-
- return rv;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/CreateFromArray.c b/security/nss/lib/pkix/src/RDNSequence/CreateFromArray.c
deleted file mode 100644
index b6412187c..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/CreateFromArray.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_CreateFromArray
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-NSSPKIXRDNSequence_Create
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- NSSPKIXRelativeDistinguishedName *rdns[]
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- {
- PRUint32 i;
-
- for( i = 0; i < count; i++ ) {
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(&rdns[i]) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_CreateFromArray(arenaOpt, count, rnds);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/CreateFromUTF8.c b/security/nss/lib/pkix/src/RDNSequence/CreateFromUTF8.c
deleted file mode 100644
index dcdbc54a2..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/CreateFromUTF8.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-NSSPKIXRDNSequence_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXRDNSequence *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_CreateFromUTF8(arenaOpt, string);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/Decode.c b/security/nss/lib/pkix/src/RDNSequence/Decode.c
deleted file mode 100644
index ebbad116a..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/Decode.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-NSSPKIXRDNSequence_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_Decode(arenaOpt, ber);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/Destroy.c b/security/nss/lib/pkix/src/RDNSequence/Destroy.c
deleted file mode 100644
index 5962364e5..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/Destroy.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXRDNSequence_Destroy
-(
- NSSPKIXRDNSequence *rdnseq
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_Destroy(rdnseq);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/Duplicate.c b/security/nss/lib/pkix/src/RDNSequence/Duplicate.c
deleted file mode 100644
index 2bf53ba59..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/Duplicate.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-NSSPKIXRDNSequence_Duplicate
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_Duplicate(rdnseq, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/Encode.c b/security/nss/lib/pkix/src/RDNSequence/Encode.c
deleted file mode 100644
index 84ab4db67..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/Encode.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-NSSPKIXRDNSequence_Encode
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_Encode(rdnseq, encoding, rvOpt, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/Equal.c b/security/nss/lib/pkix/src/RDNSequence/Equal.c
deleted file mode 100644
index fe0fa0f07..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/Equal.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-NSSPKIXRDNSequence_Equal
-(
- NSSPKIXRDNSequence *one,
- NSSPKIXRDNSequence *two,
- PRStatus *statusOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(one) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(two) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_Equal(one, two, statusOpt);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/FindRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/FindRelativeDistinguishedName.c
deleted file mode 100644
index cb04286d3..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/FindRelativeDistinguishedName.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_FindRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_IMPLEMENT PRInt32
-NSSPKIXRDNSequence_FindRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_FindRelativeDistinguishedName(rdnseq, rdn);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedName.c
deleted file mode 100644
index 9b152f4da..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedName.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_GetRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName *
-NSSPKIXRDNSequence_GetRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_GetRelativeDistinguishedName(rdnseq, i, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedNameCount.c b/security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedNameCount.c
deleted file mode 100644
index 05b5e89b4..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedNameCount.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_GetRelativeDistinguishedNameCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_IMPLEMENT PRInt32
-NSSPKIXRDNSequence_GetRelativeDistinguishedNameCount
-(
- NSSPKIXRDNSequence *rdnseq
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return -1;
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_GetRelativeDistinguishedNameCount(rdnseq);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedNames.c b/security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedNames.c
deleted file mode 100644
index 06d419bed..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/GetRelativeDistinguishedNames.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_GetRelativeDistinguishedNames
- *
- * This routine returns all of the relative distinguished names in the
- * specified RDN Sequence. {...} If the array is allocated, or if the
- * specified one has extra space, the array will be null-terminated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXRelativeDistinguishedName
- * pointers upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName **
-NSSPKIXRDNSequence_GetRelativeDistinguishedNames
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return (NSSPKIXRelativeDistinguishedName **)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyOpt(attribute) ) {
- return (NSSPKIXRelativeDistinguishedName **)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_GetRelativeDistinguishedNames(rdnseq, rvOpt, limit, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/GetUTF8Encoding.c b/security/nss/lib/pkix/src/RDNSequence/GetUTF8Encoding.c
deleted file mode 100644
index 4519a5ba4..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/GetUTF8Encoding.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-NSSPKIXRDNSequence_GetUTF8Encoding
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_GetUTF8Encoding(rdnseq, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/InsertRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/InsertRelativeDistinguishedName.c
deleted file mode 100644
index 433c2a315..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/InsertRelativeDistinguishedName.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_InsertRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXRDNSequence_InsertRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_InsertRelativeDistinguishedName(rdnseq, i, rdn);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/MClear.c b/security/nss/lib/pkix/src/RDNSequence/MClear.c
deleted file mode 100644
index 7df7eb099..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/MClear.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nss_pkix_RDNSequence_Clear
- *
- * Wipes out cached data.
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_RDNSequence_Clear
-(
- NSSPKIXRDNSequence *rdnseq
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSBER *)NULL != rdnseq->ber ) {
- nss_ZFreeIf(rdnseq->ber->data);
- nss_ZFreeIf(rdnseq->ber);
- }
-
- if( (NSSDER *)NULL != rdnseq->der ) {
- nss_ZFreeIf(rdnseq->der->data);
- nss_ZFreeIf(rdnseq->der);
- }
-
- nss_ZFreeIf(rdnseq->utf8);
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/MCount.c b/security/nss/lib/pkix/src/RDNSequence/MCount.c
deleted file mode 100644
index 649721c9f..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/MCount.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-/*
- * nss_pkix_RDNSequence_Count
- */
-
-NSS_IMPLEMENT void
-nss_pkix_RDNSequence_Count
-(
- NSSPKIXRDNSequence *rdnseq
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return;
- }
-#endif /* NSSDEBUG */
-
- PR_ASSERT((NSSPKIXRelativeDistinguishedName **)NULL != rdnseq->rdns);
- if( (NSSPKIXRelativeDistinguishedName **)NULL == rdnseq->rdns ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
- }
-
- if( 0 == rdnseq->count ) {
- PRUint32 i;
- for( i = 0; i < 0xFFFFFFFF; i++ ) {
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rdnseq->rdns[i] ) {
- break;
- }
- }
-
-#ifdef PEDANTIC
- if( 0xFFFFFFFF == i ) {
- return;
- }
-#endif /* PEDANTIC */
-
- rdnseq->count = i;
- }
-
- return;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/MVCreate.c b/security/nss/lib/pkix/src/RDNSequence/MVCreate.c
deleted file mode 100644
index caeb1995f..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/MVCreate.c
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nss_pkix_RDNSequence_v_create
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-nss_pkix_RDNSequence_v_create
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- va_list ap
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXRDNSequence *rv = (NSSPKIXRDNSequence *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXRDNSequence);
- if( (NSSPKIXRDNSequence *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->count = count;
-
- rv->rdns = nss_ZNEWARRAY(arena, NSSPKIXRelativeDistinguishedName *, count);
- if( (NSSPKIXRelativeDistinguishedName **)NULL == rv->rdns ) {
- goto loser;
- }
-
- for( i = 0; i < count; i++ ) {
- NSSPKIXRelativeDistinguishedName *v = (NSSPKIXRelativeDistinguishedName *)
- va_arg(ap, NSSPKIXRelativeDistinguishedName *);
-
-#ifdef NSSDEBUG
- /*
- * It's okay to test this down here, since
- * supposedly these have already been checked.
- */
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(v) ) {
- goto loser;
- }
-#endif /* NSSDEBUG */
-
- rv->rdns[i] = nssPKIXRelativeDistinguishedName_Duplicate(v, arena);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rv->rdns[i] ) {
- goto loser;
- }
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_RDNSequence_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXRDNSequence *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PAppendRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/PAppendRelativeDistinguishedName.c
deleted file mode 100644
index 9d1ea4875..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PAppendRelativeDistinguishedName.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_AppendRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRDNSequence_AppendRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
- NSSPKIXRelativeDistinguishedName **na;
- NSSPKIXRelativeDistinguishedName *dup;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( 0 == rdnseq->count ) {
- nss_pkix_RDNSequence_Count(rdnseq);
- }
-
-#ifdef PEDANTIC
- if( 0 == rdnseq->count ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* PEDANTIC */
-
- na = (NSSPKIXRelativeDistinguishedName **)
- nss_ZRealloc(rdnseq->rdns, ((rdnseq->count+2) *
- sizeof(NSSPKIXRelativeDistinguishedName *)));
- if( (NSSPKIXRelativeDistinguishedName **)NULL == na ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- rdnseq->rdns = na;
-
- dup = nssPKIXRelativeDistinguishedName_Duplicate(rdn, rdnseq->arena);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == dup ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- na[ rdnseq->count++ ] = dup;
-
- return nss_pkix_RDNSequence_Clear(rdnseq);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PCreate.c b/security/nss/lib/pkix/src/RDNSequence/PCreate.c
deleted file mode 100644
index 0fdc6848f..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PCreate.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-nssPKIXRDNSequence_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXRelativeDistinguishedName *rdn1,
- ...
-)
-{
- va_list ap;
- NSSPKIXRDNSequence *rv;
- PRUint32 count;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-
- /* Is there a nonzero minimum number of RDNs required? */
-
- {
- va_start(ap, arenaOpt);
-
- while( 1 ) {
- NSSPKIXRelativeDistinguishedName *rdn;
- rdn = (NSSPKIXRelativeDistinguishedName *)va_arg(ap, NSSPKIXRelativeDistinguishedName *);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rdn ) {
- break;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- va_end(ap);
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-
- va_end(ap);
- }
-#endif /* NSSDEBUG */
-
- va_start(ap, arenaOpt);
-
- for( count = 0; ; count++ ) {
- NSSPKIXRelativeDistinguishedName *rdn;
- rdn = (NSSPKIXRelativeDistinguishedName *)va_arg(ap, NSSPKIXRelativeDistinguishedName *);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rdn ) {
- break;
- }
-
-#ifdef PEDANTIC
- if( count == 0xFFFFFFFF ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- va_end(ap);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* PEDANTIC */
- }
-
- va_end(ap);
-
- va_start(ap, arenaOpt);
- rv = nss_pkix_RDNSequence_V_Create(arenaOpt, count, ap);
- va_end(ap);
-
- return rv;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PCreateFromArray.c b/security/nss/lib/pkix/src/RDNSequence/PCreateFromArray.c
deleted file mode 100644
index 0e244cb73..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PCreateFromArray.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_CreateFromArray
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-nssPKIXRDNSequence_CreateFromArray
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- NSSPKIXRelativeDistinguishedName *rdns[]
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXRDNSequence *rv = (NSSPKIXRDNSequence *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- {
- PRUint32 i;
-
- for( i = 0; i < count; i++ ) {
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(&rdns[i]) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXRDNSequence);
- if( (NSSPKIXRDNSequence *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->count = count;
-
- rv->rdns = nss_ZNEWARRAY(arena, NSSPKIXRelativeDistinguishedName *, (count+1));
- if( (NSSPKIXRelativeDistinguishedName **)NULL == rv->rdns ) {
- goto loser;
- }
-
- for( i = 0; i < count; i++ ) {
- NSSPKIXRelativeDistinguishedName *v = rdns[i];
-
- rv->rdns[i] = nssPKIXRelativeDistinguishedName_Duplicate(v, arena);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rv->rdns[i] ) {
- goto loser;
- }
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_RDNSequence_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXRDNSequence *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PCreateFromUTF8.c b/security/nss/lib/pkix/src/RDNSequence/PCreateFromUTF8.c
deleted file mode 100644
index 196332665..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PCreateFromUTF8.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-nssPKIXRDNSequence_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXRDNSequence *rv = (NSSPKIXRDNSequence *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXRDNSequence *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXRDNSequence);
- if( (NSSPKIXRDNSequence *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->utf8 = nssUTF8_Duplicate(string, arena);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
-
- /* Insert intelligence here -- fgmr */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- goto loser;
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_RDNSequence_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXRDNSequence *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PDecode.c b/security/nss/lib/pkix/src/RDNSequence/PDecode.c
deleted file mode 100644
index 557f5bc32..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PDecode.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-nssPKIXRDNSequence_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXRDNSequence *rv = (NSSPKIXRDNSequence *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXRDNSequence *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXRDNSequence);
- if( (NSSPKIXRDNSequence *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->ber = nssItem_Duplicate(ber, arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == rv->ber ) {
- goto loser;
- }
-
- status = nssASN1_DecodeBER(arena, rv, nssPKIXRDNSequence_template, ber);
- if( PR_SUCCESS != status ) {
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_RDNSequence_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXRDNSequence *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PDestroy.c b/security/nss/lib/pkix/src/RDNSequence/PDestroy.c
deleted file mode 100644
index 17cc846cf..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PDestroy.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRDNSequence_Destroy
-(
- NSSPKIXRDNSequence *rdnseq
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
-#ifdef DEBUG
- (void)nss_pkix_RDNSequence_remove_pointer(rdnseq);
-#endif /* DEBUG */
-
- if( PR_TRUE == rdnseq->i_allocated_arena ) {
- return nssArena_Destroy(rdnseq->arena);
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PDuplicate.c b/security/nss/lib/pkix/src/RDNSequence/PDuplicate.c
deleted file mode 100644
index a57828692..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PDuplicate.c
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXRDNSequence upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRDNSequence *
-nssPKIXRDNSequence_Duplicate
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSArena *arenaOpt
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXRDNSequence *rv = (NSSPKIXRDNSequence *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyOpt(attribute) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXRDNSequence);
- if( (NSSPKIXRDNSequence *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
-
- if( (NSSBER *)NULL != rdnseq->ber ) {
- rv->ber = nssItem_Duplicate(rdnseq->ber, arena, (NSSItem *)NULL);
- if( (NSSBER *)NULL == rv->ber ) {
- goto loser;
- }
- }
-
- if( (NSSDER *)NULL != rdnseq->der ) {
- rv->der = nssItem_Duplicate(rdnseq->der, arena, (NSSItem *)NULL);
- if( (NSSDER *)NULL == rv->der ) {
- goto loser;
- }
- }
-
- if( (NSSUTF8 *)NULL != rdnseq->utf8 ) {
- rv->utf8 = nssUTF8_duplicate(rdnseq->utf8, arena);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
- }
-
- if( 0 == rdnseq->count ) {
- nss_pkix_RDNSequence_Count(rdnseq);
- }
-
-#ifdef PEDANTIC
- if( 0 == rdnseq->count ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* PEDANTIC */
-
- rv->count = rdnseq->count;
-
- rv->rdns = nss_ZNEWARRAY(arena, NSSPKIXRelativeDistinguishedName *, (rv->count+1));
- if( (NSSPKIXRelativeDistinguishedName **)NULL == rv->rdns ) {
- goto loser;
- }
-
- for( i = 0; i < count; i++ ) {
- NSSPKIXRelativeDistinguishedName *v = rdnseq->rdns[i];
-
- rv->rdns[i] = nssPKIXRelativeDistinguishedName_Duplicate(v, arena);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rv->rdns[i] ) {
- goto loser;
- }
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_RDNSequence_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXRDNSequence *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PEncode.c b/security/nss/lib/pkix/src/RDNSequence/PEncode.c
deleted file mode 100644
index 5700fa099..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PEncode.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-nssPKIXRDNSequence_Encode
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- NSSBER *it;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- switch( encoding ) {
- case NSSASN1BER:
- if( (NSSBER *)NULL != rdnseq->ber ) {
- it = rdnseq->ber;
- goto done;
- }
- /*FALLTHROUGH*/
- case NSSASN1DER:
- if( (NSSDER *)NULL != rdnseq->der ) {
- it = rdnseq->der;
- goto done;
- }
- break;
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_ENCODING);
- return (NSSBER *)NULL;
- }
-
- it = nssASN1_EncodeItem(rdnseq->arena, (NSSItem *)NULL, rdnseq,
- nssPKIXRDNSequence_template, encoding);
- if( (NSSBER *)NULL == it ) {
- return (NSSBER *)NULL;
- }
-
- switch( encoding ) {
- case NSSASN1BER:
- rdnseq->ber = it;
- break;
- case NSSASN1DER:
- rdnseq->der = it;
- break;
- default:
- PR_ASSERT(0);
- break;
- }
-
- done:
- return nssItem_Duplicate(it, arenaOpt, rvOpt);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PEqual.c b/security/nss/lib/pkix/src/RDNSequence/PEqual.c
deleted file mode 100644
index a1dd5af53..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PEqual.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-nssPKIXRDNSequence_Equal
-(
- NSSPKIXRDNSequence *one,
- NSSPKIXRDNSequence *two,
- PRStatus *statusOpt
-)
-{
- NSSPKIXRelativeDistinguishedName **a;
- NSSPKIXRelativeDistinguishedName **b;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(one) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(two) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( ((NSSDER *)NULL != one->der) && ((NSSDER *)NULL != two->der) ) {
- return nssItem_Equal(one->der, two->der, statusOpt);
- }
-
- /*
- * Since this is a sequence, the order is significant.
- * So we just walk down both lists, comparing.
- */
-
- for( a = one->rdns, b = two->rdns; *a && *b; a++, b++ ) {
- if( PR_FALSE == nssPKIXRelativeDistinguishedName_Equal(*a, *b, statusOpt) ) {
- return PR_FALSE;
- }
- }
-
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- if( *a || *b ) {
- return PR_FALSE;
- }
-
- return PR_TRUE;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PFindRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/PFindRelativeDistinguishedName.c
deleted file mode 100644
index 8064b9636..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PFindRelativeDistinguishedName.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_FindRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_IMPLEMENT PRInt32
-nssPKIXRDNSequence_FindRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
- PRUint32 i;
- NSSPKIXRelativeDistinguishedName **a;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- for( i = 0, a = rdnseq->rdns; *a; a++, (i > 0x7fffffff) || i++ ) {
- if( PR_TRUE == nssPKIXRelativeDistinguishedName_Equal(*a, rdn) ) {
- if( i > 0x7fffffff ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return -1;
- }
- return (PRInt32)i;
- }
- }
-
- nss_SetError(NSS_ERROR_NOT_FOUND);
- return -1;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedName.c
deleted file mode 100644
index 7ea20d259..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedName.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_GetRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName *
-nssPKIXRDNSequence_GetRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSArena *arenaOpt
-)
-{
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyOpt(attribute) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( 0 == rdnseq->count ) {
- nss_pkix_RDNSequence_Count(rdnseq);
- }
-
-#ifdef PEDANTIC
- if( 0 == rdnseq->count ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* PEDANTIC */
-
- if( (i < 0) || (i >= rdnseq->count) ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- return nssPKIXRelativeDistinguishedName_Duplicate(rdnseq->rdns[i], arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedNameCount.c b/security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedNameCount.c
deleted file mode 100644
index a01077db1..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedNameCount.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_GetRelativeDistinguishedNameCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_IMPLEMENT PRInt32
-nssPKIXRDNSequence_GetRelativeDistinguishedNameCount
-(
- NSSPKIXRDNSequence *rdnseq
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return -1;
- }
-#endif /* NSSDEBUG */
-
- if( 0 == rdnseq->count ) {
- nss_pkix_RDNSequence_Count(rdnseq);
- }
-
-#ifdef PEDANTIC
- if( 0 == rdnseq->count ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return -1;
- }
-#endif /* PEDANTIC */
-
- if( rdnseq->count > 0x7fffffff ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return -1;
- }
-
- return (PRInt32)(rdnseq->count);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedNames.c b/security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedNames.c
deleted file mode 100644
index 115480dfd..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PGetRelativeDistinguishedNames.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_GetRelativeDistinguishedNames
- *
- * This routine returns all of the relative distinguished names in the
- * specified RDN Sequence. {...} If the array is allocated, or if the
- * specified one has extra space, the array will be null-terminated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXRelativeDistinguishedName
- * pointers upon success
- * NULL upon failure.
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName **
-nssPKIXRDNSequence_GetRelativeDistinguishedNames
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-)
-{
- NSSPKIXRelativeDistinguishedName **rv = (NSSPKIXRelativeDistinguishedName **)NULL;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return (NSSPKIXRelativeDistinguishedName **)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyOpt(attribute) ) {
- return (NSSPKIXRelativeDistinguishedName **)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( 0 == rdnseq->count ) {
- nss_pkix_RDNSequence_Count(rdnseq);
- }
-
-#ifdef PEDANTIC
- if( 0 == rdnseq->count ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXRelativeDistinguishedName **)NULL;
- }
-#endif /* PEDANTIC */
-
- if( (limit < rdnseq->count) &&
- !((0 == limit) && ((NSSPKIXRelativeDistinguishedName **)NULL == rvOpt)) ) {
- nss_SetError(NSS_ERROR_ARRAY_TOO_SMALL);
- return (NSSPKIXRelativeDistinguishedName **)NULL;
- }
-
- limit = rdnseq->count;
- if( (NSSPKIXRelativeDistinguishedName **)NULL == rvOpt ) {
- rv = nss_ZNEWARRAY(arenaOpt, NSSPKIXRelativeDistinguishedName *, limit);
- if( (NSSPKIXRelativeDistinguishedName **)NULL == rv ) {
- return (NSSPKIXRelativeDistinguishedName **)NULL;
- }
- } else {
- rv = rvOpt;
- }
-
- for( i = 0; i < limit; i++ ) {
- rv[i] = nssPKIXRelativedistinguishedName_Duplicate(rdnseq->rdns[i], arenaOpt);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rv[i] ) {
- goto loser;
- }
- }
-
- return rv;
-
- loser:
- for( i = 0; i < limit; i++ ) {
- NSSPKIXRelativeDistinguishedName *x = rv[i];
- if( (NSSPKIXRelativeDistinguishedName *)NULL == x ) {
- break;
- }
- (void)nssPKIXRelativeDistinguishedName_Destroy(x);
- }
-
- if( rv != rvOpt ) {
- nss_ZFreeIf(rv);
- }
-
- return (NSSPKIXRelativeDistinguishedName **)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PGetUTF8Encoding.c b/security/nss/lib/pkix/src/RDNSequence/PGetUTF8Encoding.c
deleted file mode 100644
index 2250bf960..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PGetUTF8Encoding.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssPKIXRDNSequence_GetUTF8Encoding
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSUTF8 *)NULL == rdnseq->utf8 ) {
- /* xxx fgmr fill this in from pki1 implementation */
- }
-
- return nssUTF8_Duplicate(rdnseq->utf8, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PInsertRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/PInsertRelativeDistinguishedName.c
deleted file mode 100644
index 213866694..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PInsertRelativeDistinguishedName.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_InsertRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRDNSequence_InsertRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
- NSSPKIXRelativeDistinguishedName **na;
- NSSPKIXRelativeDistinguishedName *dup;
- PRInt32 c;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( 0 == rdnseq->count ) {
- nss_pkix_RDNSequence_Count(rdnseq);
- }
-
-#ifdef PEDANTIC
- if( 0 == rdnseq->count ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* PEDANTIC */
-
- if( (i < 0) || (i >= rdnseq->count) ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- na = (NSSPKIXRelativeDistinguishedName **)
- nss_ZRealloc(rdnseq->rdns, ((rdnseq->count+2) *
- sizeof(NSSPKIXRelativeDistinguishedName *)));
- if( (NSSPKIXRelativeDistinguishedName **)NULL == na ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- rdnseq->rdns = na;
-
- dup = nssPKIXRelativeDistinguishedName_Duplicate(rdn, rdnseq->arena);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == dup ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- for( c = rdnseq->count; c > i; c-- ) {
- na[ c ] = na[ c-1 ];
- }
-
- na[ i ] = dup;
- rdnseq->count++;
-
- return nss_pkix_RDNSequence_Clear(rdnseq);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PRemoveRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/PRemoveRelativeDistinguishedName.c
deleted file mode 100644
index 447620c77..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PRemoveRelativeDistinguishedName.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_RemoveRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRDNSequence_RemoveRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i
-)
-{
- NSSPKIXRelativeDistinguishedName **na;
- PRInt32 c;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( 0 == rdnseq->count ) {
- nss_pkix_RDNSequence_Count(rdnseq);
- }
-
-#ifdef PEDANTIC
- if( 0 == rdnseq->count ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* PEDANTIC */
-
- if( (i < 0) || (i >= rdnseq->count) ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- nssPKIXRelativeDistinguishedName_Destroy(rdnseq->rdns[i]);
-
- rdnseq->rdns[i] = rdnseq->rdns[ rdnseq->count ];
- rdnseq->rdns[ rdnseq->count ] = (NSSPKIXRelativeDistinguishedName *)NULL;
- rdnseq->count--;
-
- na = (NSSPKIXRelativeDistinguishedName **)
- nss_ZRealloc(rdnseq->rdns, ((rdnseq->count) *
- sizeof(NSSPKIXRelativeDistinguishedName *)));
- if( (NSSPKIXRelativeDistinguishedName **)NULL == na ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- rdnseq->rdns = na;
-
- return nss_pkix_RDNSequence_Clear(rdnseq);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PSetRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/PSetRelativeDistinguishedName.c
deleted file mode 100644
index 5c8123266..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PSetRelativeDistinguishedName.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_SetRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRDNSequence_SetRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
- NSSPKIXRelativeDistinguishedName *dup;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( 0 == rdnseq->count ) {
- nss_pkix_RDNSequence_Count(rdnseq);
- }
-
-#ifdef PEDANTIC
- if( 0 == rdnseq->count ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* PEDANTIC */
-
- if( (i < 0) || (i >= rdnseq->count) ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- dup = nssPKIXRelativeDistinguishedName_Duplicate(rdn, rdnseq->arena);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == dup ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- nssPKIXRelativeDistinguishedName_Destroy(rdnseq->rdns[i]);
- rdnseq->rdns[i] = dup;
-
- return nss_pkix_RDNSequence_Clear(rdnseq);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/PSetRelativeDistinguishedNames.c b/security/nss/lib/pkix/src/RDNSequence/PSetRelativeDistinguishedNames.c
deleted file mode 100644
index b0320a4b7..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/PSetRelativeDistinguishedNames.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRDNSequence_SetRelativeDistinguishedNames
- *
- * -- fgmr comments --
- * If the array pointer itself is null, the set is considered empty.
- * If the count is zero but the pointer nonnull, the array will be
- * assumed to be null-terminated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRDNSequence_SetRelativeDistinguishedNames
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdns[],
- PRInt32 countOpt
-)
-{
- NSSPKIXRelativeDistinguishedName **ip;
- NSSPKIXRelativeDistinguishedName **newarray;
- PRUint32 i;
- nssArenaMark *mark;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-
- if( (NSSPKIXRelativeDistinguishedName **)NULL == rdns ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-
- {
- PRUint32 i, count;
-
- if( 0 == countOpt ) {
- for( i = 0; i < 0x80000000; i++ ) {
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rdns[i] ) {
- break;
- }
- }
-
-#ifdef PEDANTIC
- if( 0x80000000 == i ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-#endif /* PEDANTIC */
-
- count = (PRUint32)i;
- } else {
- if( countOpt < 0 ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-
- count = (PRUint32)countOpt;
- }
-
- for( i = 0; i < count; i++ ) {
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdns[i]) ) {
- return PR_FAILURE;
- }
- }
- }
-#endif /* NSSDEBUG */
-
- mark = nssArena_Mark(rdnseq->mark);
- if( (nssArenaMark *)NULL == mark ) {
- return PR_FAILURE;
- }
-
- newarray = nss_ZNEWARRAY(rdnseq->arena, NSSPKIXRelativeDistinguishedName *, countOpt);
- if( (NSSPKIXRelativeDistinguishedName **)NULL == newarray ) {
- goto loser;
- }
-
- for( i = 0; i < countOpt; i++ ) {
- newarray[i] = nssPKIXRelativeDistinguishedName_Duplicate(rdns[i], rdnseq->arena);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == newarray[i] ) {
- goto loser;
- }
- }
-
- for( i = 0; i < rdnseq->count; i++ ) {
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_Destroy(rdnseq->rdns[i]) ) {
- goto loser;
- }
- }
-
- nss_ZFreeIf(rdnseq->rdns);
-
- rdnseq->count = countOpt;
- rdnseq->rdns = newarray;
-
- (void)nss_pkix_RDNSequence_Clear(rdnseq);
-
- return nssArena_Unmark(rdnseq->arena, mark);
-
- loser:
- (void)nssArena_Release(a->arena, mark);
- return PR_FAILURE;
-}
-
diff --git a/security/nss/lib/pkix/src/RDNSequence/RemoveRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/RemoveRelativeDistinguishedName.c
deleted file mode 100644
index 141ab7f37..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/RemoveRelativeDistinguishedName.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_RemoveRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXRDNSequence_RemoveRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_RemoveRelativeDistinguishedName(rdnseq, i);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/SetRelativeDistinguishedName.c b/security/nss/lib/pkix/src/RDNSequence/SetRelativeDistinguishedName.c
deleted file mode 100644
index 7484eb55d..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/SetRelativeDistinguishedName.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_SetRelativeDistinguishedName
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXRDNSequence_SetRelativeDistinguishedName
-(
- NSSPKIXRDNSequence *rdnseq,
- PRInt32 i,
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_SetRelativeDistinguishedName(rdnseq, i, rdn);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/SetRelativeDistinguishedNames.c b/security/nss/lib/pkix/src/RDNSequence/SetRelativeDistinguishedNames.c
deleted file mode 100644
index 40e7c8247..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/SetRelativeDistinguishedNames.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRDNSequence_SetRelativeDistinguishedNames
- *
- * -- fgmr comments --
- * If the array pointer itself is null, the set is considered empty.
- * If the count is zero but the pointer nonnull, the array will be
- * assumed to be null-terminated.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN_SEQUENCE
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXRDNSequence_SetRelativeDistinguishedNames
-(
- NSSPKIXRDNSequence *rdnseq,
- NSSPKIXRelativeDistinguishedName *rdns[],
- PRInt32 countOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRDNSequence_verifyPointer(rdnseq) ) {
- return PR_FAILURE;
- }
-
- if( (NSSPKIXRelativeDistinguishedName **)NULL == rdns ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-
- {
- PRUint32 i, count;
-
- if( 0 == countOpt ) {
- for( i = 0; i < 0x80000000; i++ ) {
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rdns[i] ) {
- break;
- }
- }
-
-#ifdef PEDANTIC
- if( 0x80000000 == i ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-#endif /* PEDANTIC */
-
- count = (PRUint32)i;
- } else {
- if( countOpt < 0 ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-
- count = (PRUint32)countOpt;
- }
-
- for( i = 0; i < count; i++ ) {
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdns[i]) ) {
- return PR_FAILURE;
- }
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRDNSequence_SetRelativeDistinguishedNames(rdnseq, rdns, countOpt);
-}
diff --git a/security/nss/lib/pkix/src/RDNSequence/template.c b/security/nss/lib/pkix/src/RDNSequence/template.c
deleted file mode 100644
index ff5bbc0ba..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/template.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXRDNSequence_template
- *
- */
-
-const nssASN1Template nssPKIXRDNSequence_template[] = {
- { nssASN1_SEQUENCE_OF, offsetof(NSSPKIXRDNSequence, rdns),
- nssPKIXRelativeDistinguishedName_template },
- { 0 }
-};
diff --git a/security/nss/lib/pkix/src/RDNSequence/verifyPointer.c b/security/nss/lib/pkix/src/RDNSequence/verifyPointer.c
deleted file mode 100644
index 47a53a5c4..000000000
--- a/security/nss/lib/pkix/src/RDNSequence/verifyPointer.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-#ifdef DEBUG
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker pkix_rdnseq_pointer_tracker;
-
-/*
- * nss_pkix_RDNSequence_add_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine adds an NSSPKIXRDNSequence pointer to
- * the internal pointer-tracker. This routine should only be used
- * by the NSSPKIX module. This routine returns a PRStatus value;
- * upon error it will place an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_RDNSequence_add_pointer
-(
- const NSSPKIXRDNSequence *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_rdnseq_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&pkix_rdnseq_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- rv = nssArena_registerDestructor(arena,
- nss_pkix_RDNSequence_remove_pointer, p);
- if( PR_SUCCESS != rv ) {
- (void)nss_pkix_RDNSequence_remove_pointer(p);
- return rv;
- }
-
-#ifdef NSSDEBUG
- {
- NSSPKIXRelativeDistinguishedName *r;
-
- for( r = p->rdns; *r; r++ ) {
- if( PR_SUCCESS != nss_pkix_RelativeDistinguishedName_add_pointer(*r) ) {
- (void)nss_pkix_RDNSequence_remove_pointer(p);
- return PR_FAILURE;
- }
- }
- }
-#endif /* NSSDEBUG */
-
- return PR_SUCCESS;
-}
-
-/*
- * nss_pkix_RDNSequence_remove_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine removes a valid NSSPKIXRDNSequence
- * pointer from the internal pointer-tracker. This routine should
- * only be used by the NSSPKIX module. This routine returns a
- * PRStatus value; upon error it will place an error on the error
- * stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_RDNSequence_remove_pointer
-(
- const NSSPKIXRDNSequence *p
-)
-{
- PRStatus rv;
-
-#ifdef NSSDEBUG
- {
- NSSPKIXRelativeDistinguishedName *r;
-
- for( r = p->rdns; *r; r++ ) {
- (void)nss_pkix_RelativeDistinguishedName_remove_pointer(*r);
- }
- }
-#endif /* NSSDEBUG */
-
- rv = nssPointerTracker_remove(&pkix_rdnseq_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- /*
- * nssArena_deregisterDestructor(p->arena,
- * nss_pkix_RDNSequence_remove_pointer, p);
- */
-
- return rv;
-}
-
-/*
- * nssPKIXRDNSequence_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXRDNSequence
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRDNSequence_verifyPointer
-(
- NSSPKIXRDNSequence *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_rdnseq_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&pkix_rdnseq_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-#endif /* DEBUG */
-
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/AddAttributeTypeAndValue.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/AddAttributeTypeAndValue.c
deleted file mode 100644
index efb142396..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/AddAttributeTypeAndValue.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_AddAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXRelativeDistinguishedName_AddAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atav
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_AddAttributeTypeAndValue(rdn, atav);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/Create.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/Create.c
deleted file mode 100644
index 52e139c69..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/Create.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-NSSPKIXRelativeDistinguishedName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeTypeAndValue *atav1,
- ...
-)
-{
- va_list ap;
- NSSPKIXRelativeDistinguishedName *rv;
- PRUint32 count;
-
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-
- /* Is there a nonzero minimum number of ATAVs required? */
-
- {
- va_start(ap, arenaOpt);
-
- while( 1 ) {
- NSSPKIXAttributeTypeAndValue *atav;
- atav = (NSSPKIXAttributeTypeAndValue *)va_arg(ap, NSSPKIXAttributeTypeAndValue *);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == atav ) {
- break;
- }
-
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- va_end(ap);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-
- va_end(ap);
- }
-#endif /* DEBUG */
-
- va_start(ap, arenaOpt);
-
- for( count = 0; ; count++ ) {
- NSSPKIXAttributeTypeAndValue *atav;
- atav = (NSSPKIXAttributeTypeAndValue *)va_arg(ap, NSSPKIXAttributeTypeAndValue *);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == atav ) {
- break;
- }
-
-#ifdef PEDANTIC
- if( count == 0xFFFFFFFF ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- va_end(ap);
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-#endif /* PEDANTIC */
- }
-
- va_end(ap);
-
- va_start(ap, arenaOpt);
- rv = nss_pkix_RelativeDistinguishedName_V_Create(arenaOpt, count, ap);
- va_end(ap);
-
- return rv;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/CreateFromArray.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/CreateFromArray.c
deleted file mode 100644
index 0c01be4da..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/CreateFromArray.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_CreateFromArray
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName *
-NSSPKIXRelativeDistinguishedName_CreateFromArray
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- NSSPKIXAttributeTypeAndValue *atavs[]
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- {
- PRUint32 i;
-
- for( i = 0; i < count; i++ ) {
- if( PR_SUCCESS != nssAttributeTypeAndValue_verifyPointer(&atavs[i]) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_CreateFromArray(arenaOpt, count, atavs);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/CreateFromUTF8.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/CreateFromUTF8.c
deleted file mode 100644
index 990b7acd2..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/CreateFromUTF8.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName *
-NSSPKIXRelativeDistinguishedName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_CreateFromUTF8(arenaOpt, string);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/Decode.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/Decode.c
deleted file mode 100644
index b8d0b243a..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/Decode.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName *
-NSSPKIXRelativeDistinguishedName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_Decode(arenaOpt, ber);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/Destroy.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/Destroy.c
deleted file mode 100644
index ca8b1e85f..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/Destroy.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXRelativeDistinguishedName_Destroy
-(
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_Destroy(rdn);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/Duplicate.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/Duplicate.c
deleted file mode 100644
index 416b405e8..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/Duplicate.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName *
-NSSPKIXRelativeDistinguishedName_Duplicate
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_Duplicate(rdn, arenaOpt);
-}
-
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/Encode.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/Encode.c
deleted file mode 100644
index ea6b82a55..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/Encode.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-NSSPKIXRelativeDistinguishedName_Encode
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_Encode(rdn, encoding, rvOpt, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/Equal.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/Equal.c
deleted file mode 100644
index 3e4a3fc3e..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/Equal.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_EXTERN PRBool
-NSSPKIXRelativeDistinguishedName_Equal
-(
- NSSPKIXRelativeDistinguishedName *one,
- NSSPKIXRelativeDistinguishedName *two,
- PRStatus *statusOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(one) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(two) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_Equal(one, two, statusOpt);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/FindAttributeTypeAndValue.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/FindAttributeTypeAndValue.c
deleted file mode 100644
index 65032b1c1..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/FindAttributeTypeAndValue.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_FindAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_EXTERN PRInt32
-NSSPKIXRelativeDistinguishedName_FindAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atav
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_FindAttributeTypeAndValue(rdn, atav);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValue.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValue.c
deleted file mode 100644
index 1a58bd132..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValue.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue *
-NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValue(rdn, i, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValueCount.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValueCount.c
deleted file mode 100644
index 1209e726c..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValueCount.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValueCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_IMPLEMENT PRInt32
-NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValueCount
-(
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return -1;
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValueCount(rdn);
-}
-
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValues.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValues.c
deleted file mode 100644
index 7efc30173..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/GetAttributeTypeAndValues.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValues
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXAttributeTypeAndValue
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue **
-NSSPKIXRelativeDistinguishedName_GetAttributeTypeAndValues
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return (NSSPKIXAttributeTypeAndValue **)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyOpt(attribute) ) {
- return (NSSPKIXAttributeTypeAndValue **)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValues(rdn, rvOpt, limit, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/GetUTF8Encoding.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/GetUTF8Encoding.c
deleted file mode 100644
index 9c428ae40..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/GetUTF8Encoding.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-NSSPKIXRelativeDistinguishedName_GetUTF8Encoding
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_GetUTF8Encoding(rdn, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/MClear.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/MClear.c
deleted file mode 100644
index 2b1a93820..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/MClear.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nss_pkix_RelativeDistinguishedName_Clear
- *
- * Wipes out cached data.
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_RelativeDistinguishedName_Clear
-(
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSBER *)NULL != rdn->ber ) {
- nss_ZFreeIf(rdn->ber->data);
- nss_ZFreeIf(rdn->ber);
- }
-
- if( (NSSDER *)NULL != rdn->der ) {
- nss_ZFreeIf(rdn->der->data);
- nss_ZFreeIf(rdn->der);
- }
-
- nss_ZFreeIf(rdn->utf8);
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/MCount.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/MCount.c
deleted file mode 100644
index 23d976160..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/MCount.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-/*
- * nss_pkix_RelativeDistinguishedName_Count
- */
-
-NSS_IMPLEMENT void
-nss_pkix_RelativeDistinguishedName_Count
-(
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return;
- }
-#endif /* NSSDEBUG */
-
- PR_ASSERT((NSSPKIXAttributeTypeAndValue **)NULL != rdn->atavs);
- if( (NSSPKIXAttributeTypeAndValue **)NULL == rdn->atavs ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
- }
-
- if( 0 == rdn->count ) {
- PRUint32 i;
- for( i = 0; i < 0xFFFFFFFF; i++ ) {
- if( (NSSPKIXAttributeTypeAndValue *)NULL == rdn->atavs[i] ) {
- break;
- }
- }
-
-#ifdef PEDANTIC
- if( 0xFFFFFFFF == i ) {
- return;
- }
-#endif /* PEDANTIC */
-
- rdn->count = i;
- }
-
- return;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/MVCreate.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/MVCreate.c
deleted file mode 100644
index c40a4b6e7..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/MVCreate.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-/*
- * nss_pkix_RelativeDistinguishedName_v_create
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_INVALID_ITEM
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure.
- */
-
-NSS_EXTERN NSSPKIXRelativeDistinguishedName *
-nss_pkix_RelativeDistinguishedName_V_Create
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- va_list ap
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXRelativeDistinguishedName *rv = (NSSPKIXRelativeDistinguishedName *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXRelativeDistinguishedName);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->count = count;
-
- rv->atav = nss_ZNEWARRAY(arena, NSSPKIXAttributeTypeAndValue *, count);
- if( (NSSPKIXAttributeTypeAndValue **)NULL == rv->atav ) {
- goto loser;
- }
-
- for( i = 0; i < count; i++ ) {
- NSSPKIXAttributeTypeAndValue *v = (NSSPKIXAttributeTypeAndValue *)
- va_arg(ap, NSSPKIXAttributeTypeAndValue *);
-
-#ifdef NSSDEBUG
- /*
- * It's okay to test this down here, since
- * supposedly these have already been checked.
- */
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(v) ) {
- goto loser;
- }
-#endif /* NSSDEBUG */
-
- rv->atav[i] = nssPKIXAttributeTypeAndValue_Duplicate(v, arena);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == rv->atav[i] ) {
- goto loser;
- }
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_RelativeDistinguishedName_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssArena_registerDestructor(arena,
- nss_pkix_RelativeDistinguishedName_remove_pointer, rv) ) {
- (void)nss_pkix_RelativeDistinguishedName_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXRelativeDistinguishedName *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PAddAttributeTypeAndValue.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PAddAttributeTypeAndValue.c
deleted file mode 100644
index 68541d17e..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PAddAttributeTypeAndValue.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_AddAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRelativeDistinguishedName_AddAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atav
-)
-{
- PRUint32 newcount;
- NSSPKIXAttributeTypeAndValue **newarray;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- PR_ASSERT((NSSPKIXAttributeTypeAndValue **)NULL != rdn->atavs);
- if( (NSSPKIXAttributeTypeAndValue **)NULL == rdn->atavs ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
- }
-
- if( 0 == rdn->count ) {
- nss_pkix_RelativeDistinguishedName_Count(rdn);
- }
-
- newcount = rdn->count+1;
- /* Check newcount for a rollover. */
-
- /* Remember that our atavs array is NULL-terminated */
- newarray = (NSSPKIXAttributeTypeAndValue **)nss_ZRealloc(rdn->atavs,
- ((newcount+1) * sizeof(NSSPKIXAttributeTypeAndValue *)));
- if( (NSSPKIXAttributeTypeAndValue **)NULL == newarray ) {
- return PR_FAILURE;
- }
-
- rdn->atavs = newarray;
-
- rdn->atavs[ rdn->count ] = nssPKIXAttributeTypeAndValue_Duplicate(atav, rdn->arena);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == rdn->atavs[ rdn->count ] ) {
- return PR_FAILURE; /* array is "too big" but whatever */
- }
-
- rdn->count = newcount;
-
- return nss_pkix_RelativeDistinguishedName_Clear(rdn);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PCreate.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PCreate.c
deleted file mode 100644
index a3a1f7315..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PCreate.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_Create
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName *
-nssPKIXRelativeDistinguishedName_Create
-(
- NSSArena *arenaOpt,
- NSSPKIXAttributeTypeAndValue *atav1,
- ...
-)
-{
- va_list ap;
- NSSPKIXRelativeDistinguishedName *rv;
- PRUint32 count;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-
- /* Is there a nonzero minimum number of ATAVs required? */
-
- {
- va_start(ap, arenaOpt);
-
- while( 1 ) {
- NSSPKIXAttributeTypeAndValue *atav;
- atav = (NSSPKIXAttributeTypeAndValue *)va_arg(ap, NSSPKIXAttributeTypeAndValue *);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == atav ) {
- break;
- }
-
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- va_end(ap);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-
- va_end(ap);
- }
-#endif /* NSSDEBUG */
-
- va_start(ap, arenaOpt);
-
- for( count = 0; ; count++ ) {
- NSSPKIXAttributeTypeAndValue *atav;
- atav = (NSSPKIXAttributeTypeAndValue *)va_arg(ap, NSSPKIXAttributeTypeAndValue *);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == atav ) {
- break;
- }
-
-#ifdef PEDANTIC
- if( count == 0xFFFFFFFF ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- va_end(ap);
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-#endif /* PEDANTIC */
- }
-
- va_end(ap);
-
- va_start(ap, arenaOpt);
- rv = nss_pkix_RelativeDistinguishedName_V_Create(arenaOpt, count, ap);
- va_end(ap);
-
- return rv;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PCreateFromArray.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PCreateFromArray.c
deleted file mode 100644
index fa7e27eed..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PCreateFromArray.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_CreateFromArray
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName *
-nssPKIXRelativeDistinguishedName_CreateFromArray
-(
- NSSArena *arenaOpt,
- PRUint32 count,
- NSSPKIXAttributeTypeAndValue *atavs
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXRelativeDistinguishedName *rv = (NSSPKIXRelativeDistinguishedName *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-
- {
- PRUint32 i;
-
- for( i = 0; i < count; i++ ) {
- if( PR_SUCCESS != nssAttributeTypeAndValue_verifyPointer(&atavs[i]) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXRelativeDistinguishedName);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->count = count;
-
- rv->atav = nss_ZNEWARRAY(arena, NSSPKIXAttributeTypeAndValue *, count);
- if( (NSSPKIXAttributeTypeAndValue **)NULL == rv->atav ) {
- goto loser;
- }
-
- for( i = 0; i < count; i++ ) {
- NSSPKIXAttributeTypeAndValue *v = atavs[i];
-
- rv->atav[i] = nssPKIXAttributeTypeAndValue_Duplicate(v, arena);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == rv->atav[i] ) {
- goto loser;
- }
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_RelativeDistinguishedName_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXRelativeDistinguishedName *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PCreateFromUTF8.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PCreateFromUTF8.c
deleted file mode 100644
index 2f2f995be..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PCreateFromUTF8.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_CreateFromUTF8
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName *
-nssPKIXRelativeDistinguishedName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *string
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXRelativeDistinguishedName *rv = (NSSPKIXRelativeDistinguishedName *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXRelativeDistinguishedName);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->utf8 = nssUTF8_Duplicate(string, arena);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
-
- /* Insert intelligence here -- fgmr */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- goto loser;
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_RelativeDistinguishedName_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXRelativeDistinguishedName *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PDecode.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PDecode.c
deleted file mode 100644
index ad1766280..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PDecode.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName *
-nssPKIXRelativeDistinguishedName_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXRelativeDistinguishedName *rv = (NSSPKIXRelativeDistinguishedName *)NULL;
- PRStatus status;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXRelativeDistinguishedName);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->ber = nssItem_Duplicate(ber, arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == rv->ber ) {
- goto loser;
- }
-
- status = nssASN1_DecodeBER(arena, rv, nssPKIXRelativeDistinguishedName_template, ber);
- if( PR_SUCCESS != status ) {
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_RelativeDistinguishedName_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXRelativeDistinguishedName *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PDestroy.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PDestroy.c
deleted file mode 100644
index 94b8fcf00..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PDestroy.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_Destroy
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRelativeDistinguishedName_Destroy
-(
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
-#ifdef DEBUG
- (void)nss_pkix_RelativeDistinguishedName_remove_pointer(rdn);
-#endif /* DEBUG */
-
- if( PR_TRUE == rdn->i_allocated_arena ) {
- return nssArena_Destroy(rdn->arena);
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PDuplicate.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PDuplicate.c
deleted file mode 100644
index 0277b7b01..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PDuplicate.c
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_Duplicate
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXRelativeDistinguishedName upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXRelativeDistinguishedName *
-nssPKIXRelativeDistinguishedName_Duplicate
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSArena *arenaOpt
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXRelativeDistinguishedName *rv = (NSSPKIXRelativeDistinguishedName *)NULL;
- PRStatus status;
- PRUint32 i;
- NSSPKIXAttributeTypeAndValue **from, **to;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXRelativeDistinguishedName *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXRelativeDistinguishedName);
- if( (NSSPKIXRelativeDistinguishedName *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
-
- if( (NSSDER *)NULL != rdn->der ) {
- rv->der = nssItem_Duplicate(rdn->der, arena, (NSSItem *)NULL);
- if( (NSSDER *)NULL == rv->der ) {
- goto loser;
- }
- }
-
- if( (NSSBER *)NULL != rdn->ber ) {
- rv->ber = nssItem_Duplicate(rdn->ber, arena, (NSSItem *)NULL);
- if( (NSSBER *)NULL == rv->ber ) {
- goto loser;
- }
- }
-
- if( (NSSUTF8 *)NULL != rdn->utf8 ) {
- rv->utf8 = nssUTF8_Duplicate(rdn->utf8, arena);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
- }
-
- rv->count = rdn->count;
-
- {
- if( 0 == rdn->count ) {
- nss_pkix_RelativeDistinguishedName_Count(rdn);
- if( 0 == rdn->count ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- goto loser;
- }
-
- rv->count = rdn->count; /* might as well save it */
- }
-
- rv->atavs = nss_ZNEWARRAY(arena, NSSPKIXAttributeTypeAndValue *, rdn->count + 1);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == rv->atavs ) {
- goto loser;
- }
- }
-
- for( from = &rdn->atavs[0], to = &rv->atavs[0]; *from; from++, to++ ) {
- *to = nssPKIXAttributeTypeAndValue_Duplicate(*from, arena);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == *to ) {
- goto loser;
- }
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_RelativeDistinguishedName_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXRelativeDistinguishedName *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PEncode.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PEncode.c
deleted file mode 100644
index d2af9470b..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PEncode.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_Encode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-nssPKIXRelativeDistinguishedName_Encode
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- NSSBER *it;
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- switch( encoding ) {
- case NSSASN1BER:
- if( (NSSBER *)NULL != rdn->ber ) {
- it = rdn->ber;
- goto done;
- }
- /*FALLTHROUGH*/
- case NSSASN1DER:
- if( (NSSDER *)NULL != rdn->der ) {
- it = rdn->der;
- goto done;
- }
- break;
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_ENCODING);
- return (NSSBER *)NULL;
- }
-
- it = nssASN1_EncodeItem(rdn->arena, (NSSItem *)NULL, rdn,
- nssPKIXRelativeDistinguishedName_template,
- encoding);
- if( (NSSBER *)NULL == it ) {
- return (NSSBER *)NULL;
- }
-
- switch( encoding ) {
- case NSSASN1BER:
- rdn->ber = it;
- break;
- case NSSASN1DER:
- rdn->der = it;
- break;
- default:
- PR_ASSERT(0);
- break;
- }
-
- done:
- return nssItem_Duplicate(it, arenaOpt, rvOpt);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PEqual.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PEqual.c
deleted file mode 100644
index 2ac566a8b..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PEqual.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_Equal
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-nssPKIXRelativeDistinguishedName_Equal
-(
- NSSPKIXRelativeDistinguishedName *one,
- NSSPKIXRelativeDistinguishedName *two,
- PRStatus *statusOpt
-)
-{
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(one) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(two) ) {
- goto loser;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSDER *)NULL == one->der ) {
- one->der = nssASN1_EncodeItem(one->arena, (NSSItem *)NULL, one,
- nssPKIXRelativeDistinguishedName_template,
- NSSASN1DER);
- if( (NSSDER *)NULL == one->der ) {
- goto loser;
- }
- }
-
- if( (NSSDER *)NULL == two->der ) {
- two->der = nssASN1_EncodeItem(two->arena, (NSSItem *)NULL, two,
- nssPKIXRelativeDistinguishedName_template,
- NSSASN1DER);
- if( (NSSDER *)NULL == two->der ) {
- goto loser;
- }
- }
-
- return nssItem_Equal(one->der, two->der, statusOpt);
-
- loser:
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PFindAttributeTypeAndValue.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PFindAttributeTypeAndValue.c
deleted file mode 100644
index ee7c55e10..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PFindAttributeTypeAndValue.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_FindAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NOT_FOUND
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * The index of the specified attribute value upon success
- * -1 upon failure.
- */
-
-NSS_IMPLEMENT PRInt32
-nssPKIXRelativeDistinguishedName_FindAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atav
-)
-{
- PRUint32 i;
- NSSPKIXAttributeTypeAndValue **a;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return -1;
- }
-
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return -1;
- }
-#endif /* NSSDEBUG */
-
- PR_ASSERT((NSSPKIXAttributeTypeAndValue **)NULL != rdn->atavs);
- if( (NSSPKIXAttributeTypeAndValue **)NULL == rdn->atavs ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return -1;
- }
-
- for( i = 0, a = rdn->atavs; *a; a++, (i > 0x7fffffff) || i++ ) {
- if( PR_TRUE == nssPKIXAttributeTypeAndValue_Equal(*a, atav) ) {
- if( i > 0x7fffffff ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return -1;
- }
- return (PRInt32)i;
- }
- }
-
- nss_SetError(NSS_ERROR_NOT_FOUND);
- return -1;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValue.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValue.c
deleted file mode 100644
index 22c3abac6..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValue.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXAttributeTypeAndValue upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue *
-nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i,
- NSSArena *arenaOpt
-)
-{
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( 0 == rdn->count ) {
- nss_pkix_RelativeDistinguishedName_Count(rdn);
- }
-
- if( (i < 0) || (i >= rdn->count) ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXAttributeTypeAndValue *)NULL;
- }
-
- return nssPKIXAttributeTypeAndValue_Duplicate(rdn->atavs[i], arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValueCount.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValueCount.c
deleted file mode 100644
index df8e1b48e..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValueCount.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValueCount
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- *
- * Return value:
- * Nonnegative integer upon success
- * -1 upon failure.
- */
-
-NSS_IMPLEMENT PRInt32
-nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValueCount
-(
- NSSPKIXRelativeDistinguishedName *rdn
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return -1;
- }
-#endif /* NSSDEBUG */
-
- if( 0 == rdn->count ) {
- nss_pkix_RelativeDistinguishedName_Count(rdn);
- }
-
-#ifdef PEDANTIC
- if( 0 == rdn->count ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return -1;
- }
-#endif /* PEDANTIC */
-
- if( rdn->count > 0x7fffffff ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return -1;
- }
-
- return (PRInt32)(rdn->count);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValues.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValues.c
deleted file mode 100644
index 7675d5ad3..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetAttributeTypeAndValues.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValues
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_ARRAY_TOO_SMALL
- *
- * Return value:
- * A valid pointer to an array of NSSPKIXAttributeTypeAndValue
- * pointers upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXAttributeTypeAndValue **
-nssPKIXRelativeDistinguishedName_GetAttributeTypeAndValues
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *rvOpt[],
- PRInt32 limit,
- NSSArena *arenaOpt
-)
-{
- NSSPKIXAttributeTypeAndValue **rv = (NSSPKIXAttributeTypeAndValue **)NULL;
- PRUint32 i;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return (NSSPKIXAttributeTypeAndValue **)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyOpt(attribute) ) {
- return (NSSPKIXAttributeTypeAndValue **)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( 0 == rdn->count ) {
- nss_pkix_RelativeDistinguishedName_Count(rdn);
- }
-
-#ifdef PEDANTIC
- if( 0 == rdn->count ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return (NSSPKIXAttributeTypeAndValue **)NULL;
- }
-#endif /* PEDANTIC */
-
- if( (limit < rdn->count) &&
- !((0 == limit) && ((NSSPKIXAttributeTypeAndValue **)NULL == rvOpt)) ) {
- nss_SetError(NSS_ERROR_ARRAY_TOO_SMALL);
- return (NSSPKIXAttributeTypeAndValue **)NULL;
- }
-
- limit = rdn->count;
- if( (NSSPKIXAttributeTypeAndValue **)NULL == rvOpt ) {
- rv = nss_ZNEWARRAY(arenaOpt, NSSPKIXAttributeTypeAndValue *, limit);
- if( (NSSPKIXAttributeTypeAndValue **)NULL == rv ) {
- return (NSSPKIXAttributeTypeAndValue **)NULL;
- }
- } else {
- rv = rvOpt;
- }
-
- for( i = 0; i < limit; i++ ) {
- rv[i] = nssPKIXAttributeTypeAndValue_Duplicate(rdn->atav[i], arenaOpt);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == rv[i] ) {
- goto loser;
- }
- }
-
- return rv;
-
- loser:
- for( i = 0; i < limit; i++ ) {
- NSSPKIXAttributeTypeAndValue *x = rv[i];
- if( (NSSPKIXAttributeTypeAndValue *)NULL == x ) {
- break;
- }
- (void)nssPKIXAttributeTypeAndValue_Destroy(x);
- }
-
- if( rv != rvOpt ) {
- nss_ZFreeIf(rv);
- }
-
- return (NSSPKIXAttributeTypeAndValue **)NULL;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetUTF8Encoding.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetUTF8Encoding.c
deleted file mode 100644
index 01abf228c..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PGetUTF8Encoding.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_GetUTF8Encoding
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSUTF8 pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssPKIXRelativeDistinguishedName_GetUTF8Encoding
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSUTF8 *)NULL == rdn->utf8 ) {
- /* xxx fgmr fill this in from pki1 implementation */
- }
-
- return nssUTF8_Duplicate(rdn->utf8, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PRemoveAttributeTypeAndValue.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PRemoveAttributeTypeAndValue.c
deleted file mode 100644
index 84b5cc819..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PRemoveAttributeTypeAndValue.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_RemoveAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_AT_MINIMUM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRelativeDistinguishedName_RemoveAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i
-)
-{
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( 0 == rdn->count ) {
- nss_pkix_RelativeDistinguishedName_Count(rdn);
- }
-
- if( i < 0 ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-
- /* Is there a technical minimum? */
- /*
- * if( 1 == rdn->count ) {
- * nss_SetError(NSS_ERROR_AT_MINIMUM);
- * return PR_FAILURE;
- * }
- */
-
-#ifdef PEDANTIC
- if( 0 == rdn->count ) {
- NSSPKIXAttributeTypeAndValue **ip;
- /* Too big.. but we can still remove one */
- nssPKIXAttributeTypeAndValue_Destroy(rdn->atavs[i]);
- for( ip = &rdn->atavs[i]; *ip; ip++ ) {
- ip[0] = ip[1];
- }
- } else
-#endif /* PEDANTIC */
-
- {
- NSSPKIXAttributeTypeAndValue *si;
- PRUint32 end;
-
- if( i >= rdn->count ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-
- end = rdn->count - 1;
-
- si = rdn->atavs[i];
- rdn->atavs[i] = rdn->atavs[end];
- rdn->atavs[end] = (NSSPKIXAttributeTypeAndValue *)NULL;
-
- nssPKIXAttributeTypeAndValue_Destroy(si);
-
- /* We could realloc down, but we know it's a no-op */
- rdn->count = end;
- }
-
- return nss_pkix_RelativeDistinguishedName_Clear(rdn);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PSetAttributeTypeAndValue.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PSetAttributeTypeAndValue.c
deleted file mode 100644
index 01439e2e7..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PSetAttributeTypeAndValue.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i,
- NSSPKIXAttributeTypeAndValue *atav
-)
-{
- NSSPKIXAttributeTypeAndValue *dup;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- PR_ASSERT((NSSPKIXAttributeTypeAndValue **)NULL != rdn->atavs);
- if( (NSSPKIXAttributeTypeAndValue **)NULL == rdn->atavs ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
- }
-
- if( 0 == rdn->count ) {
- nss_pkix_RelativeDistinguishedName_Count(rdn);
- }
-
- if( (i < 0) || (i >= rdn->count) ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-
- dup = nssPKIXAttributeTypeAndValue_Duplicate(atav, rdn->arena);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == dup ) {
- return PR_FAILURE;
- }
-
- nssPKIXAttributeTypeAndValue_Destroy(rdn->atavs[i]);
- rdn->atavs[i] = dup;
-
- return nss_pkix_RelativeDistinguishedName_Clear(rdn);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/PSetAttributeTypeAndValues.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/PSetAttributeTypeAndValues.c
deleted file mode 100644
index 839839ea2..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/PSetAttributeTypeAndValues.c
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValues
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValues
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atavs[],
- PRInt32 countOpt
-)
-{
- NSSPKIXAttributeTypeAndValue **ip;
- NSSPKIXAttributeTypeAndValue **newarray;
- PRUint32 i;
- nssArenaMark *mark;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-
- if( (NSSPKIXAttributeTypeAndValues **)NULL == atavs ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-
- {
- PRUint32 i, count;
-
- if( 0 == countOpt ) {
- for( i = 0; i < 0x80000000; i++ ) {
- if( (NSSPKIXAttributeTypeAndValue *)NULL == atav[i] ) {
- break;
- }
- }
-
-#ifdef PEDANTIC
- if( 0x80000000 == i ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-#endif /* PEDANTIC */
-
- count = (PRUint32)i;
- } else {
- if( countOpt < 0 ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-
- count = (PRUint32)countOpt;
- }
-
- for( i = 0; i < count; i++ ) {
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav[i]) ) {
- return PR_FAILURE;
- }
- }
- }
-#endif /* NSSDEBUG */
-
- if( 0 == countOpt ) {
- for( i = 0; i < 0xffffffff; i++ ) {
- if( (NSSPKIXAttributeTypeAndValue *)NULL == atavs[i] ) {
- break;
- }
- }
-
-#ifdef PEDANTIC
- if( 0xffffffff == 0 ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- reutrn PR_FAILURE;
- }
-#endif /* PEDANTIC */
-
- countOpt = i;
- }
-
- mark = nssArena_Mark(rdn->mark);
- if( (nssArenaMark *)NULL == mark ) {
- return PR_FAILURE;
- }
-
- newarray = nss_ZNEWARRAY(rdn->arena, NSSPKIXAttributeTypeAndValue *, countOpt);
- if( (NSSPKIXAttributeTypeAndValue **)NULL == newarray ) {
- goto loser;
- }
-
- for( i = 0; i < countOpt; i++ ) {
- newarray[i] = nssPKIXAttributeTypeAndValue_Duplicate(atavs[i], rdn->arena);
- if( (NSSPKIXAttributeTypeAndValue *)NULL == newarray[i] ) {
- goto loser;
- }
- }
-
- for( i = 0; i < rdn->count; i++ ) {
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_Destroy(rdn->atavs[i]) ) {
- goto loser;
- }
- }
-
- nss_ZFreeIf(rdn->atavs);
-
- rdn->count = countOpt;
- rdn->atavs = newarray;
-
- (void)nss_pkix_RelativeDistinguishedName_Clear(rdn);
-
- return nssArena_Unmark(rdn->arena, mark);
-
- loser:
- (void)nssArena_Release(a->arena, mark);
- return PR_FAILURE;
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/RemoveAttributeTypeAndValue.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/RemoveAttributeTypeAndValue.c
deleted file mode 100644
index b9f1deb66..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/RemoveAttributeTypeAndValue.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_RemoveAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_AT_MINIMUM
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXRelativeDistinguishedName_RemoveAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_RemoveAttributeTypeAndValue(rdn, i);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/SetAttributeTypeAndValue.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/SetAttributeTypeAndValue.c
deleted file mode 100644
index fa2224a6b..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/SetAttributeTypeAndValue.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_SetAttributeTypeAndValue
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_INVALID_PKIX_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXRelativeDistinguishedName_SetAttributeTypeAndValue
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- PRInt32 i,
- NSSPKIXAttributeTypeAndValue *atav
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValue(rdn, i, atav);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/SetAttributeTypeAndValues.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/SetAttributeTypeAndValues.c
deleted file mode 100644
index c6a8f0434..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/SetAttributeTypeAndValues.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXRelativeDistinguishedName_SetAttributeTypeAndValues
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_RDN
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-NSSPKIXRelativeDistinguishedName_SetAttributeTypeAndValues
-(
- NSSPKIXRelativeDistinguishedName *rdn,
- NSSPKIXAttributeTypeAndValue *atavs[],
- PRInt32 countOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXRelativeDistinguishedName_verifyPointer(rdn) ) {
- return PR_FAILURE;
- }
-
- if( (NSSPKIXAttributeTypeAndValue **)NULL == atavs ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
-
- {
- PRUint32 i, count;
-
- if( 0 == countOpt ) {
- for( i = 0; i < 0x80000000; i++ ) {
- if( (NSSPKIXAttributeTypeAndValue *)NULL == atavs[i] ) {
- break;
- }
- }
-
-#ifdef PEDANTIC
- if( 0x80000000 == i ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-#endif /* PEDANTIC */
-
- count = (PRUint32)i;
- } else {
- if( countOpt < 0 ) {
- nss_SetError(NSS_ERROR_VALUE_OUT_OF_RANGE);
- return PR_FAILURE;
- }
-
- count = (PRUint32)countOpt;
- }
-
- for( i = 0; i < count; i++ ) {
- if( PR_SUCCESS != nssPKIXAttributeTypeAndValue_verifyPointer(atavs[i]) ) {
- return PR_FAILURE;
- }
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXRelativeDistinguishedName_SetAttributeTypeAndValues(rdn, atavs, countOpt);
-}
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/template.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/template.c
deleted file mode 100644
index fff01836a..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/template.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXRelativeDistinguishedName_template
- *
- */
-
-const nssASN1Template nssPKIXRelativeDistinguishedName_template[] = {
- { nssASN1_SET_OF, offsetof(NSSPKIXRelativeDistinguishedName, atavs),
- nssPKIXAttributeTypeAndValue_template,
- sizeof(NSSPKIXRelativeDistinguishedName) }
-};
diff --git a/security/nss/lib/pkix/src/RelativeDistinguishedName/verifyPointer.c b/security/nss/lib/pkix/src/RelativeDistinguishedName/verifyPointer.c
deleted file mode 100644
index d7274abae..000000000
--- a/security/nss/lib/pkix/src/RelativeDistinguishedName/verifyPointer.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-#ifdef DEBUG
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker pkix_rdn_pointer_tracker;
-
-/*
- * nss_pkix_RelativeDistinguishedName_add_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine adds an NSSPKIXRelativeDistinguishedName pointer to
- * the internal pointer-tracker. This routine should only be used
- * by the NSSPKIX module. This routine returns a PRStatus value;
- * upon error it will place an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_RelativeDistinguishedName_add_pointer
-(
- const NSSPKIXRelativeDistinguishedName *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_rdn_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&pkix_rdn_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- rv = nssArena_registerDestructor(p->arena,
- nss_pkix_RelativeDistinguishedName_remove_pointer, p);
- if( PR_SUCCESS != rv ) {
- (void)nss_pkix_RelativeDistinguishedName_remove_pointer(p);
- return rv;
- }
-
-#ifdef NSSDEBUG
- {
- NSSPKIXAttributeTypeAndValue *a;
-
- for( a = p->atavs; *a; a++ ) {
- if( PR_SUCCESS != nss_pkix_AttributeTypeAndValue_add_pointer(*a) ) {
- nss_pkix_RelativeDistinguishedName_remove_pointer(p);
- return PR_FAILURE;
- }
- }
- }
-#endif /* NSSDEBUG */
-
- return PR_SUCCESS;
-}
-
-/*
- * nss_pkix_RelativeDistinguishedName_remove_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine removes a valid NSSPKIXRelativeDistinguishedName
- * pointer from the internal pointer-tracker. This routine should
- * only be used by the NSSPKIX module. This routine returns a
- * PRStatus value; upon error it will place an error on the error
- * stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_RelativeDistinguishedName_remove_pointer
-(
- const NSSPKIXRelativeDistinguishedName *p
-)
-{
- PRStatus rv;
-
-#ifdef NSSDEBUG
- {
- NSSPKIXAttributeTypeAndValue *a;
-
- for( a = p->atavs; *a; a++ ) {
- (void)nss_pkix_AttributeTypeAndValue_remove_pointer(*a);
- }
- }
-#endif /* NSSDEBUG */
-
- rv = nssPointerTracker_remove(&pkix_rdn_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- /*
- * nssArena_deregisterDestructor(p->arena,
- * nss_pkix_RelativeDistinguishedName_remove_pointer, p);
- */
-
- return rv;
-}
-
-/*
- * nssPKIXRelativeDistinguishedName_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXRelativeDistinguishedName
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_ATTRIBUTE
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXRelativeDistinguishedName_verifyPointer
-(
- NSSPKIXRelativeDistinguishedName *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_rdn_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&pkix_rdn_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_ATTRIBUTE);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-#endif /* DEBUG */
-
diff --git a/security/nss/lib/pkix/src/Time/Compare.c b/security/nss/lib/pkix/src/Time/Compare.c
deleted file mode 100644
index 6a125d6c6..000000000
--- a/security/nss/lib/pkix/src/Time/Compare.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXTime_Compare
- *
- * Usual result: -1, 0, 1
- * Returns 0 on error
- */
-
-NSS_IMPLEMENT PRInt32
-NSSPKIXTime_Compare
-(
- NSSPKIXTime *time1,
- NSSPKIXTime *tiem2,
- PRStatus *statusOpt
-)
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXTime_verifyPointer(time1) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return 0;
- }
-
- if( PR_SUCCESS != nssPKIXTime_verifyPointer(time2) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return 0;
- }
-#endif /* DEBUG */
-
- return nssPKIXTime_Compare(time1, time2, statusOpt);
-}
diff --git a/security/nss/lib/pkix/src/Time/CreateFromPRTime.c b/security/nss/lib/pkix/src/Time/CreateFromPRTime.c
deleted file mode 100644
index 909adb14e..000000000
--- a/security/nss/lib/pkix/src/Time/CreateFromPRTime.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXTime_CreateFromPRTime
- *
- */
-
-NSS_IMPLEMENT NSSPKIXTime *
-NSSPKIXTime_CreateFromPRTime
-(
- NSSArena *arenaOpt,
- PRTime prTime
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXTime *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXTime_CreateFromPRTime(arenaOpt, prTime);
-}
diff --git a/security/nss/lib/pkix/src/Time/CreateFromUTF8.c b/security/nss/lib/pkix/src/Time/CreateFromUTF8.c
deleted file mode 100644
index 469741ac6..000000000
--- a/security/nss/lib/pkix/src/Time/CreateFromUTF8.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXTime_CreateFromUTF8
- *
- */
-
-NSS_EXTERN NSSPKIXTime *
-NSSPKIXTime_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXTime *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == utf8 ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXTime *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXTime_CreateFromUTF8(arenaOpt, utf8);
-}
diff --git a/security/nss/lib/pkix/src/Time/Decode.c b/security/nss/lib/pkix/src/Time/Decode.c
deleted file mode 100644
index 948dc0b93..000000000
--- a/security/nss/lib/pkix/src/Time/Decode.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXTime_Decode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTime upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXTime *
-NSSPKIXTime_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXTime *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXTime *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXTime_Decode(arenaOpt, ber);
-}
diff --git a/security/nss/lib/pkix/src/Time/Destroy.c b/security/nss/lib/pkix/src/Time/Destroy.c
deleted file mode 100644
index d694850ef..000000000
--- a/security/nss/lib/pkix/src/Time/Destroy.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXTime_Destroy
- *
- */
-
-NSS_IMPLEMENT PR_STATUS
-NSSPKIXTime_Destroy
-(
- NSSPKIXTime *time
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXTime_verifyPointer(time) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssPKIXTime_Destroy(time);
-}
diff --git a/security/nss/lib/pkix/src/Time/Duplicate.c b/security/nss/lib/pkix/src/Time/Duplicate.c
deleted file mode 100644
index dee6f61e9..000000000
--- a/security/nss/lib/pkix/src/Time/Duplicate.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXTime_Duplicate
- *
- */
-
-NSS_IMPLEMENT NSSPKIXTime *
-NSSPKXITime_Duplicate
-(
- NSSPKIXTime *time,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXTime_verifyPointer(time) ) {
- return (NSSPKXITime *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXTime *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXTime_Duplicate(time, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Time/Encode.c b/security/nss/lib/pkix/src/Time/Encode.c
deleted file mode 100644
index 9063e4f3a..000000000
--- a/security/nss/lib/pkix/src/Time/Encode.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXTime_Encode
- *
- */
-
-NSS_IMPLEMENT NSSBER *
-NSSPKIXTime_Encode
-(
- NSSPKIXTime *time,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXTime_verifyPointer(time) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXTime_Encode(time, encoding, rvOpt, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Time/Equal.c b/security/nss/lib/pkix/src/Time/Equal.c
deleted file mode 100644
index 4ed05acd5..000000000
--- a/security/nss/lib/pkix/src/Time/Equal.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXTime_Equal
- *
- */
-
-NSS_IMPLEMENT PRBool
-NSSPKXITime_Equal
-(
- NSSPKXITime *time1,
- NSSPKXITime *time2,
- PRStatus *statusOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXTime_verifyPointer(time1) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXTime_verifyPointer(time2) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-#endif /* DEBUG */
-
- return nssPKIXTime_Equal(time1, time2, statusOpt);
-}
diff --git a/security/nss/lib/pkix/src/Time/GetPRTime.c b/security/nss/lib/pkix/src/Time/GetPRTime.c
deleted file mode 100644
index 5871a482d..000000000
--- a/security/nss/lib/pkix/src/Time/GetPRTime.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXTime_GetPRTime
- *
- * Returns a zero on error
- */
-
-NSS_IMPLEMENT PRTime
-NSSPKIXTime_GetPRTime
-(
- NSSPKIXTime *time,
- PRStatus *statusOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXTime_verifyPointer(time) ) {
- return (PRTime)0;
- }
-#endif /* DEBUG */
-
- return nssPKIXTime_GetPRTime(time, statusOpt);
-}
diff --git a/security/nss/lib/pkix/src/Time/GetUTF8Encoding.c b/security/nss/lib/pkix/src/Time/GetUTF8Encoding.c
deleted file mode 100644
index 7fc383b81..000000000
--- a/security/nss/lib/pkix/src/Time/GetUTF8Encoding.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXTime_GetUTF8Encoding
- *
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-NSSPKXITime_GetUTF8Encoding
-(
- NSSPKIXTime *time,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXTime_verifyPointer(time) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXTime_GetUTF8Encoding(time, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/Time/PCreateFromPRTime.c b/security/nss/lib/pkix/src/Time/PCreateFromPRTime.c
deleted file mode 100644
index 13805e65d..000000000
--- a/security/nss/lib/pkix/src/Time/PCreateFromPRTime.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXTime_CreateFromPRTime
- *
- */
-
-NSS_IMPLEMENT NSSPKIXTime *
-nssPKIXTime_CreateFromPRTime
-(
- NSSArena *arenaOpt,
- PRTime prTime
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXTime *rv = (NSSPKIXTime *)NULL;
- PRStatus status;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXTime *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXTime);
- if( (NSSPKIXTime *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
-
- rv->prTime = prTime;
- rv->prTimeValid = PR_TRUE;
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Time_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXTime *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Time/PCreateFromUTF8.c b/security/nss/lib/pkix/src/Time/PCreateFromUTF8.c
deleted file mode 100644
index 1a15639ed..000000000
--- a/security/nss/lib/pkix/src/Time/PCreateFromUTF8.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXTime_CreateFromUTF8
- *
- */
-
-NSS_IMPLEMENT NSSPKIXTime *
-nssPKIXTime_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXTime *rv = (NSSPKIXTime *)NULL;
- PRStatus status;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXTime *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == utf8 ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXTime *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXTime);
- if( (NSSPKIXTime *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
-
- /* fgmr base on nspr's pl implementation? */
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Time_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXTime *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Time/PDecode.c b/security/nss/lib/pkix/src/Time/PDecode.c
deleted file mode 100644
index 385665468..000000000
--- a/security/nss/lib/pkix/src/Time/PDecode.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXTime_Decode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXTime upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXTime *
-nssPKIXTime_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- NSSArena *arena;
- PRBool arena_allocated = PR_FALSE;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- NSSPKIXTime *rv = (NSSPKIXTime *)NULL;
- PRStatus status;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXTime *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXTime *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL == arenaOpt ) {
- arena = nssArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
- arena_allocated = PR_TRUE;
- } else {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arena, NSSPKIXTime);
- if( (NSSPKIXTime *)NULL == rv ) {
- goto loser;
- }
-
- rv->arena = arena;
- rv->i_allocated_arena = arena_allocated;
- rv->ber = nssItem_Duplicate(ber, arena, (NSSItem *)NULL);
- if( (NSSItem *)NULL == rv->ber ) {
- goto loser;
- }
-
- status = nssASN1_DecodeBER(arena, rv, nssPKIXTime_template, ber);
- if( PR_SUCCESS != status ) {
- goto loser;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arena, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_Time_add_pointer(rv) ) {
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arena, mark);
- }
-
- if( PR_TRUE == arena_allocated ) {
- (void)nssArena_Destroy(arena);
- }
-
- return (NSSPKIXTime *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/Time/PDestroy.c b/security/nss/lib/pkix/src/Time/PDestroy.c
deleted file mode 100644
index 973974b51..000000000
--- a/security/nss/lib/pkix/src/Time/PDestroy.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXTime_Destroy
- *
- */
-
-NSS_IMPLEMENT PR_STATUS
-nssPKIXTime_Destroy
-(
- NSSPKIXTime *time
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXTime_verifyPointer(time) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
-#ifdef DEBUG
- (void)nss_pkix_Time_remove_pointer(time);
-#endif /* DEBUG */
-
- if( PR_TRUE == time->i_allocated_arena ) {
- return nssArena_Destroy(time->arena);
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/Time/PEncode.c b/security/nss/lib/pkix/src/Time/PEncode.c
deleted file mode 100644
index 8904fac50..000000000
--- a/security/nss/lib/pkix/src/Time/PEncode.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXTime_Encode
- *
- */
-
-NSS_IMPLEMENT NSSBER *
-nssPKIXTime_Encode
-(
- NSSPKIXTime *time,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXTime_verifyPointer(time) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* NSSDEBUG */
diff --git a/security/nss/lib/pkix/src/Time/template.c b/security/nss/lib/pkix/src/Time/template.c
deleted file mode 100644
index 38c4f3c78..000000000
--- a/security/nss/lib/pkix/src/Time/template.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXTime_template
- *
- */
-
-const nssASN1Template nssPKIXTime_template[] = {
- { nssASN1_INLINE, offsetof(NSSPKIXTime, asn1item),
- nssASN1Template_Any, sizeof(NSSPKIXTime) }
-};
diff --git a/security/nss/lib/pkix/src/X520Name/CreateFromUTF8.c b/security/nss/lib/pkix/src/X520Name/CreateFromUTF8.c
deleted file mode 100644
index 84df20054..000000000
--- a/security/nss/lib/pkix/src/X520Name/CreateFromUTF8.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXX520Name_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXX520Name *
-NSSPKIXX520Name_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-)
-{
- PRStatus status = PR_SUCCESS;
- PRUint32 length;
- nss_ClearErrorStack();
-
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXX520Name *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == utf8 ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXX520Name *)NULL;
- }
-#endif /* DEBUG */
-
- length = nssUTF8_Length(utf8, &status);
- if( PR_SUCCESS != status ) {
- if( NSS_ERROR_VALUE_TOO_LARGE == NSS_GetError() ) {
- nss_SetError(NSS_ERROR_STRING_TOO_LONG);
- }
- return (NSSPKIXX520Name *)NULL;
- }
-
- if( (length < 1 ) || (length > NSSPKIXX520Name_MAXIMUM_LENGTH) ) {
- nss_SetError(NSS_ERROR_STRING_TOO_LONG);
- }
-
- return nssPKIXX520Name_CreateFromUTF8(arenaOpt, utf8);
-}
-
-/*
- * NSSPKIXX520Name_MAXIMUM_LENGTH
- *
- * From RFC 2459:
- *
- * ub-name INTEGER ::= 32768
- */
-
-const PRUint32 NSSPKIXX520Name_MAXIMUM_LENGTH = 32768;
diff --git a/security/nss/lib/pkix/src/X520Name/Decode.c b/security/nss/lib/pkix/src/X520Name/Decode.c
deleted file mode 100644
index ac59d5598..000000000
--- a/security/nss/lib/pkix/src/X520Name/Decode.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXX520Name_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXX520Name *
-NSSPKIXX520Name_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXAttribute *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXX520Name_Decode(arenaOpt, ber);
-}
diff --git a/security/nss/lib/pkix/src/X520Name/Destroy.c b/security/nss/lib/pkix/src/X520Name/Destroy.c
deleted file mode 100644
index 49037d3b4..000000000
--- a/security/nss/lib/pkix/src/X520Name/Destroy.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXX520Name_Destroy
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT NSSDER *
-NSSPKIXX520Name_Destroy
-(
- NSSPKIXX520Name *name
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name) ) {
- return (NSSDER *)NULL;
- }
-#endif /* DEBUG */
-
- return nssPKIXX520Name_Destroy(name);
-}
diff --git a/security/nss/lib/pkix/src/X520Name/Duplicate.c b/security/nss/lib/pkix/src/X520Name/Duplicate.c
deleted file mode 100644
index bcb4b5a2b..000000000
--- a/security/nss/lib/pkix/src/X520Name/Duplicate.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXX520Name_Duplicate
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXX520Name *
-NSSPKIXX520Name_Duplicate
-(
- NSSPKIXX520Name *name,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name) ) {
- return (NSSPKIXAttribute *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXX520Name_Duplicate(name, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/X520Name/Encode.c b/security/nss/lib/pkix/src/X520Name/Encode.c
deleted file mode 100644
index 83cfd5442..000000000
--- a/security/nss/lib/pkix/src/X520Name/Encode.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXX520Name_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-NSSPKIXX520Name_Encode
-(
- NSSPKIXX520Name *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXX520Name_Encode(name, encoding, rvOpt, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/X520Name/Equal.c b/security/nss/lib/pkix/src/X520Name/Equal.c
deleted file mode 100644
index 75842e8f5..000000000
--- a/security/nss/lib/pkix/src/X520Name/Equal.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXX520Name_Equal
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-NSSPKIXX520Name_Equal
-(
- NSSPKIXX520Name *name1,
- NSSPKIXX520Name *name2,
- PRStatus *statusOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name1) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name2) ) {
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
- return PR_FALSE;
- }
-#endif /* DEBUG */
-
- return nssPKIXX520Name_Equal(name1, name2, statusOpt);
-}
diff --git a/security/nss/lib/pkix/src/X520Name/GetUTF8Encoding.c b/security/nss/lib/pkix/src/X520Name/GetUTF8Encoding.c
deleted file mode 100644
index 2e42124eb..000000000
--- a/security/nss/lib/pkix/src/X520Name/GetUTF8Encoding.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * NSSPKIXX520Name_GetUTF8Encoding
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSDER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-NSSPKIXX520Name_GetUTF8Encoding
-(
- NSSPKIXX520Name *name,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssPKIXX520Name_GetUTF8Encoding(name, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/X520Name/MDoUTF8.c b/security/nss/lib/pkix/src/X520Name/MDoUTF8.c
deleted file mode 100644
index 69cbf691e..000000000
--- a/security/nss/lib/pkix/src/X520Name/MDoUTF8.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-/*
- * nss_pkix_X520Name_DoUTF8
- *
- */
-
-NSS_IMPLEMENT PR_STATUS
-nss_pkix_X520Name_DoUTF8
-(
- NSSPKIXX520Name *name
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSUTF8 *)NULL == name->utf8 ) {
- PRUint8 tag = (*(PRUint8 *)name->string.data) & nssASN1_TAG_MASK;
- nssStringType type;
- void *data = (void *)&((PRUint8 *)name->string.data)[1];
- PRUint32 size = name->string.size-1;
-
- switch( tag ) {
- case nssASN1_TELETEX_STRING:
- type = nssStringType_TeletexString;
- break;
- case nssASN1_PRINTABLE_STRING:
- type = nssStringType_PrintableString;
- break;
- case nssASN1_UNIVERSAL_STRING:
- type = nssStringType_UniversalString;
- break;
- case nssASN1_BMP_STRING:
- type = nssStringType_BMPString;
- break;
- case nssASN1_UTF8_STRING:
- type = nssStringType_UTF8String;
- break;
- default:
- nss_SetError(NSS_ERROR_INVALID_BER);
- return PR_FAILURE;
- }
-
- name->utf8 = nssUTF8_Create(arenaOpt, type, data, size);
- if( (NSSUTF8 *)NULL == name->utf8 ) {
- return PR_FAILURE;
- }
-
- if( nssASN1_PRINTABLE_STRING == tag ) {
- name->wasPrintable = PR_TRUE;
- }
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/X520Name/PCreate.c b/security/nss/lib/pkix/src/X520Name/PCreate.c
deleted file mode 100644
index c507a8f75..000000000
--- a/security/nss/lib/pkix/src/X520Name/PCreate.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXX520Name_Create
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING_TYPE
- * NSS_ERROR_INVALID_ITEM
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXX520Name *
-nssPKIXX520Name_Create
-(
- NSSArena *arenaOpt,
- nssStringType type,
- NSSItem *data
-)
-{
- NSSPKIXX520Name *rv = (NSSPKIXX520Name *)NULL;
- nssArenaMark *mark = (nssArenaMark *)NULL;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXX520Name *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(data) ) {
- return (NSSPKIXX520Name *)NULL;
- }
-#endif /* NSSDEBUG */
-
- switch( type ) {
- case nssStringType_TeletexString:
- case nssStringType_PrintableString:
- case nssStringType_UniversalString:
- case nssStringType_UTF8String:
- case nssStringType_BMPString:
- break;
- default:
- nss_SetError(NSS_ERROR_INVALID_STRING_TYPE);
- goto loser;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- mark = nssArena_Mark(arenaOpt);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arenaOpt, NSSPKIXX520Name);
- if( (NSSPKIXX520Name *)NULL == rv ) {
- goto loser;
- }
-
- rv->utf8 = nssUTF8_Create(arenaOpt, type, data->data, data->size);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
-
- if( nssStringType_PrintableString == type ) {
- rv->wasPrintable = PR_TRUE;
- }
-
- rv->der = nssUTF8_GetDEREncoding(arenaOpt, type, rv->utf8);
- if( (NSSDER *)NULL == rv->der ) {
- goto loser;
- }
-
- rv->string.size = rv->der->size;
- rv->string.data = nss_ZAlloc(arenaOpt, rv->string.size);
- if( (void *)NULL == rv->string.data ) {
- goto loser;
- }
-
- (void)nsslibc_memcpy(rv->string.data, rv->der->data, rv->string.size);
-
- if( (NSSArena *)NULL != arenaOpt ) {
- rv->inArena = PR_TRUE;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arenaOpt, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_X520Name_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssArena_registerDestructor(arena,
- nss_pkix_X520Name_remove_pointer, rv) ) {
- (void)nss_pkix_X520Name_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arenaOpt, mark);
- }
-
- if( (NSSArena *)NULL == arenaOpt ) {
- if( (NSSPKIXX520Name *)NULL != rv ) {
- if( (NSSDER *)NULL != rv->der ) {
- nss_ZFreeIf(rv->der->data);
- nss_ZFreeIf(rv->der);
- }
-
- nss_ZFreeIf(rv->string.data);
- nss_ZFreeIf(rv->utf8);
- nss_ZFreeIf(rv);
- }
- }
-
- return (NSSPKIXX520Name *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/X520Name/PCreateFromUTF8.c b/security/nss/lib/pkix/src/X520Name/PCreateFromUTF8.c
deleted file mode 100644
index 0459f8c51..000000000
--- a/security/nss/lib/pkix/src/X520Name/PCreateFromUTF8.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXX520Name_CreateFromUTF8
- *
- * { basically just enforces the length limit }
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXX520Name *
-nssPKIXX520Name_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *utf8
-)
-{
- NSSPKIXX520Name *rv = (NSSPKIXX520Name *)NULL;
- nssArenaMark *mark = (nssArenaMark *)NULL;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXX520Name *)NULL;
- }
- }
-
- if( (NSSUTF8 *)NULL == utf8 ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSPKIXX520Name *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL != arenaOpt ) {
- mark = nssArena_Mark(arenaOpt);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arenaOpt, NSSPKIXX520Name);
- if( (NSSPKIXX520Name *)NULL == rv ) {
- goto loser;
- }
-
- rv->utf8 = nssUTF8_Duplicate(utf8, arenaOpt);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
-
- /*
- * RFC 2459 states (s. 4.1.2.4) that certificates issued after
- * 2003-12-31 MUST encode strings as UTF8Strings, and until
- * then they may be encoded as PrintableStrings, BMPStrings,
- * or UTF8Strings (when the character sets allow). However, it
- * specifically notes that even before 2003-12-31, strings may
- * be encoded as UTF8Strings. So unless something important
- * breaks, I'll do UTF8Strings.
- */
-
- rv->der = nssUTF8_GetDEREncoding(arenaOpt, nssStringType_UTF8String,
- utf8);
- if( (NSSDER *)NULL == rv->der ) {
- goto loser;
- }
-
- rv->string.size = rv->der->size;
- rv->string.data = nss_ZAlloc(arenaOpt, rv->string.size);
- if( (void *)NULL == rv->string.data ) {
- goto loser;
- }
-
- (void)nsslibc_memcpy(rv->string.data, rv->der->size, rv->string.size);
-
- if( (NSSArena *)NULL != arenaOpt ) {
- rv->inArena = PR_TRUE;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arenaOpt, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_X520Name_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssArena_registerDestructor(arena,
- nss_pkix_X520Name_remove_pointer, rv) ) {
- (void)nss_pkix_X520Name_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arenaOpt, mark);
- }
-
- if( (NSSArena *)NULL == arenaOpt ) {
- if( (NSSPKIXX520Name *)NULL != rv ) {
- if( (NSSDER *)NULL != rv->der ) {
- nss_ZFreeIf(rv->der->data);
- nss_ZFreeIf(rv->der);
- }
-
- nss_ZFreeIf(rv->string.data);
- nss_ZFreeIf(rv->utf8);
- nss_ZFreeIf(rv);
- }
- }
-
- return (NSSPKIXX520Name *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/X520Name/PDecode.c b/security/nss/lib/pkix/src/X520Name/PDecode.c
deleted file mode 100644
index 8228c8db4..000000000
--- a/security/nss/lib/pkix/src/X520Name/PDecode.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXX520Name_Decode
- *
- * -- fgmr comments --
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXX520Name *
-nssPKIXX520Name_Decode
-(
- NSSArena *arenaOpt,
- NSSBER *ber
-)
-{
- NSSPKIXX520Name *rv = (NSSPKIXX520Name *)NULL;
- nssArenaMark *mark = (nssArenaMark *)NULL;
- PRStatus status;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssItem_verifyPointer(ber) ) {
- return (NSSPKIXAttribute *)NULL;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL != arenaOpt ) {
- mark = nssArena_Mark(arenaOpt);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arenaOpt, NSSPKIXX520Name);
- if( (NSSPKIXX520Name *)NULL == rv ) {
- goto loser;
- }
-
- status = nssASN1_DecodeBER(arenaOpt, rv, nssPKIXX520_template, ber);
- if( PR_SUCCESS != status ) {
- goto loser;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- rv->inArena = PR_TRUE;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arenaOpt, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_X520Name_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssArena_registerDestructor(arena,
- nss_pkix_X520Name_remove_pointer, rv) ) {
- (void)nss_pkix_X520Name_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arenaOpt, mark);
- }
-
- if( (NSSArena *)NULL == arenaOpt ) {
- if( (NSSPKIXX520Name *)NULL != rv ) {
- nss_ZFreeIf(rv->string.data);
- nss_ZFreeIf(rv->utf8);
- nss_ZFreeIf(rv);
- }
- }
-
- return (NSSPKIXX520Name *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/X520Name/PDestroy.c b/security/nss/lib/pkix/src/X520Name/PDestroy.c
deleted file mode 100644
index 9a9bdaaa2..000000000
--- a/security/nss/lib/pkix/src/X520Name/PDestroy.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXX520Name_Destroy
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN NSSDER *
-nssPKIXX520Name_Destroy
-(
- NSSPKIXX520Name *name
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- if( PR_TRUE != name->inArena ) {
- /*
- * Note that inArena is merely a hint. If this object was
- * created passively, this flag will be NULL no matter if
- * it was in an arena or not. However, you may safely
- * (try to) free memory in an NSSArena, so this isn't a
- * problem.
- */
-
- if( (NSSDER *)NULL != name->der ) {
- nss_ZFreeIf(name->der->data);
- nss_ZFreeIf(name->der);
- }
-
- nss_ZFreeIf(name->utf8);
- nss_ZFreeIf(name->string.data);
- nss_ZFreeIf(name);
- }
-
- return PR_SUCCESS;
-}
diff --git a/security/nss/lib/pkix/src/X520Name/PDuplicate.c b/security/nss/lib/pkix/src/X520Name/PDuplicate.c
deleted file mode 100644
index a2b6d7e53..000000000
--- a/security/nss/lib/pkix/src/X520Name/PDuplicate.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXX520Name_Duplicate
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ARENA
- *
- * Return value:
- * A valid pointer to an NSSPKIXX520Name upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSPKIXX520Name *
-nssPKIXX520Name_Duplicate
-(
- NSSPKIXX520Name *name,
- NSSArena *arenaOpt
-)
-{
- NSSPKIXX520Name *rv = (NSSPKIXX520Name *)NULL;
- nssArenaMark *mark = (nssArenaMark *)NULL;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name) ) {
- return (NSSPKIXAttribute *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSPKIXAttribute *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSArena *)NULL != arenaOpt ) {
- mark = nssArena_Mark(arenaOpt);
- if( (nssArenaMark *)NULL == mark ) {
- goto loser;
- }
- }
-
- rv = nss_ZNEW(arenaOpt, NSSPKIXX520Name);
- if( (NSSPKIXX520Name *)NULL == rv ) {
- goto loser;
- }
-
- rv->string.size = name->string.size;
- rv->string.data = nss_ZAlloc(arenaOpt, name->string.size);
- if( (void *)NULL == rv->string.data ) {
- goto loser;
- }
-
- (void)nsslibc_memcpy(rv->string.data, name->string.data, name->string.size);
-
- if( (NSSUTF8 *)NULL != name->utf8 ) {
- rv->utf8 = nssUTF8_Duplicate(name->utf8, arenaOpt);
- if( (NSSUTF8 *)NULL == rv->utf8 ) {
- goto loser;
- }
- }
-
- if( (NSSDER *)NULL != name->der ) {
- rv->der = nssItem_Duplicate(name->der, arenaOpt, (NSSItem *)NULL);
- if( (NSSDER *)NULL == rv->der ) {
- goto loser;
- }
- }
-
- rv->wasPrintable = name->wasPrintable;
-
- if( (NSSArena *)NULL != arenaOpt ) {
- rv->inArena = PR_TRUE;
- }
-
- if( (nssArenaMark *)NULL != mark ) {
- if( PR_SUCCESS != nssArena_Unmark(arenaOpt, mark) ) {
- goto loser;
- }
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != nss_pkix_X520Name_add_pointer(rv) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssArena_registerDestructor(arena,
- nss_pkix_X520Name_remove_pointer, rv) ) {
- (void)nss_pkix_X520Name_remove_pointer(rv);
- goto loser;
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (nssArenaMark *)NULL != mark ) {
- (void)nssArena_Release(arenaOpt, mark);
- }
-
- if( (NSSArena *)NULL == arenaOpt ) {
- if( (NSSPKIXX520Name *)NULL != rv ) {
- if( (NSSDER *)NULL != rv->der ) {
- nss_ZFreeIf(rv->der->data);
- nss_ZFreeIf(rv->der);
- }
-
- nss_ZFreeIf(rv->string.data);
- nss_ZFreeIf(rv->utf8);
- nss_ZFreeIf(rv);
- }
- }
-
- return (NSSPKIXX520Name *)NULL;
-}
diff --git a/security/nss/lib/pkix/src/X520Name/PEncode.c b/security/nss/lib/pkix/src/X520Name/PEncode.c
deleted file mode 100644
index d9f001bae..000000000
--- a/security/nss/lib/pkix/src/X520Name/PEncode.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXX520Name_Encode
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSBER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSBER *
-nssPKIXX520Name_Encode
-(
- NSSPKIXX520Name *name,
- NSSASN1EncodingType encoding,
- NSSBER *rvOpt,
- NSSArena *arenaOpt
-)
-{
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name) ) {
- return (NSSBER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSBER *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSDER *)NULL == name->der ) {
- /* XXX fgmr */
- if( (NSSUTF8 *)NULL == name->utf8 ) {
- if( PR_SUCCESS != nss_pkix_X520Name_DoUTF8(name) ) {
- return (NSSBER *)NULL;
- }
- }
-
- rv->der = nssUTF8_GetDEREncoding(arenaOpt, type, rv->utf8);
- if( (NSSDER *)NULL == rv->der ) {
- return (NSSBER *)NULL;
- }
- }
-
- return nssItem_Duplicate(name->der, arenaOpt, rvOpt);
-}
diff --git a/security/nss/lib/pkix/src/X520Name/PEqual.c b/security/nss/lib/pkix/src/X520Name/PEqual.c
deleted file mode 100644
index 9ebe75005..000000000
--- a/security/nss/lib/pkix/src/X520Name/PEqual.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXX520Name_Equal
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- *
- * Return value:
- * PR_TRUE if the two objects have equal values
- * PR_FALSE otherwise
- * PR_FALSE upon error
- */
-
-NSS_IMPLEMENT PRBool
-nssPKIXX520Name_Equal
-(
- NSSPKIXX520Name *name1,
- NSSPKIXX520Name *name2,
- PRStatus *statusOpt
-)
-{
- PRBool rv;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name1) ) {
- goto loser;
- }
-
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name2) ) {
- goto loser;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSUTF8 *)NULL == name1->utf8 ) {
- if( PR_SUCCESS != nss_pkix_X520Name_DoUTF8(name1) ) {
- goto loser;
- }
- }
-
- if( (NSSUTF8 *)NULL == name2->utf8 ) {
- if( PR_SUCCESS != nss_pkix_X520Name_DoUTF8(name2) ) {
- goto loser;
- }
- }
-
- if( (PR_TRUE == name1->wasPrintable) && (PR_TRUE == name2->wasPrintable) ) {
- return nssUTF8_PrintableMatch(name1->utf8, name2->utf8, statusOpt);
- }
-
- return nssUTF8_Equal(name1->utf8, name2->utf8, statusOpt);
-
- loser:
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
-
- return PR_FALSE;
-}
diff --git a/security/nss/lib/pkix/src/X520Name/PGetUTF8Encoding.c b/security/nss/lib/pkix/src/X520Name/PGetUTF8Encoding.c
deleted file mode 100644
index b023b1fea..000000000
--- a/security/nss/lib/pkix/src/X520Name/PGetUTF8Encoding.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-/*
- * nssPKIXX520Name_GetUTF8Encoding
- *
- *
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_X520_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * A valid NSSDER pointer upon success
- * NULL upon failure
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssPKIXX520Name_GetUTF8Encoding
-(
- NSSPKIXX520Name *name,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssPKIXX520Name_verifyPointer(name) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- if( (NSSUTF8 *)NULL == name->utf8 ) {
- if( PR_SUCCESS != nss_pkix_X520Name_DoUTF8(name) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-
- return nssUTF8_Duplicate(rv->utf8, arenaOpt);
-}
diff --git a/security/nss/lib/pkix/src/X520Name/template.c b/security/nss/lib/pkix/src/X520Name/template.c
deleted file mode 100644
index 63f18e724..000000000
--- a/security/nss/lib/pkix/src/X520Name/template.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIX_H
-#include "pkix.h"
-#endif /* PKIX_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-/*
- * nssPKIXX520Name_template
- *
- *
- */
-
-const nssASN1Template nssPKIXX520Name_template[] = {
- { nssASN1_ANY, offsetof(NSSPKIXX520Name, string), NULL,
- sizeof(NSSPKIXX520Name) },
- { 0 }
-};
diff --git a/security/nss/lib/pkix/src/X520Name/verifyPointer.c b/security/nss/lib/pkix/src/X520Name/verifyPointer.c
deleted file mode 100644
index 9e447797d..000000000
--- a/security/nss/lib/pkix/src/X520Name/verifyPointer.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $Source$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#ifndef PKIXM_H
-#include "pkixm.h"
-#endif /* PKIXM_H */
-
-#ifdef DEBUG
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker pkix_x520_name_pointer_tracker;
-
-/*
- * nss_pkix_X520Name_add_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine adds an NSSPKIXX520Name pointer to
- * the internal pointer-tracker. This routine should only be used
- * by the NSSPKIX module. This routine returns a PRStatus value;
- * upon error it will place an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_X520Name_add_pointer
-(
- const NSSPKIXX520Name *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_x520_name_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&pkix_x520_name_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- return PR_SUCCESS;
-}
-
-/*
- * nss_pkix_X520Name_remove_pointer
- *
- * This method is only present in debug builds.
- *
- * This module-private routine removes a valid NSSPKIXX520Name
- * pointer from the internal pointer-tracker. This routine should
- * only be used by the NSSPKIX module. This routine returns a
- * PRStatus value; upon error it will place an error on the error
- * stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INTERNAL_ERROR
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_IMPLEMENT PRStatus
-nss_pkix_X520Name_remove_pointer
-(
- const NSSPKIXX520Name *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&pkix_x520_name_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
-}
-
-/*
- * nssPKIXX520Name_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSPKIXX520Name
- * object, this routine will return PR_SUCCESS. Otherwise, it will
- * put an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_PKIX_X520_NAME
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_IMPLEMENT PRStatus
-nssPKIXX520Name_verifyPointer
-(
- NSSPKIXX520Name *p
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&pkix_x520_name_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_X520_NAME);
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&pkix_x520_name_pointer_tracker, p);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_PKIX_X520_NAME);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-#endif /* DEBUG */
diff --git a/security/nss/lib/smime/Makefile b/security/nss/lib/smime/Makefile
deleted file mode 100644
index cb85677bc..000000000
--- a/security/nss/lib/smime/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
diff --git a/security/nss/lib/smime/cms.h b/security/nss/lib/smime/cms.h
deleted file mode 100644
index cb9a9001a..000000000
--- a/security/nss/lib/smime/cms.h
+++ /dev/null
@@ -1,1065 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Interfaces of the CMS implementation.
- *
- * $Id$
- */
-
-#ifndef _CMS_H_
-#define _CMS_H_
-
-#include "seccomon.h"
-#include "mcom_db.h" /* needed by certt.h */
-
-#include "secoidt.h"
-#include "secder.h" /* needed by certt.h; XXX go away when possible */
-#include "certt.h"
-#include "keyt.h"
-#include "hasht.h"
-#include "cmst.h"
-
-/************************************************************************/
-SEC_BEGIN_PROTOS
-
-/************************************************************************
- * cmsdecode.c - CMS decoding
- ************************************************************************/
-
-/*
- * NSS_CMSDecoder_Start - set up decoding of a DER-encoded CMS message
- *
- * "poolp" - pointer to arena for message, or NULL if new pool should be created
- * "cb", "cb_arg" - callback function and argument for delivery of inner content
- * inner content will be stored in the message if cb is NULL.
- * "pwfn", pwfn_arg" - callback function for getting token password
- * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
- */
-extern NSSCMSDecoderContext *
-NSS_CMSDecoder_Start(PRArenaPool *poolp,
- NSSCMSContentCallback cb, void *cb_arg,
- PK11PasswordFunc pwfn, void *pwfn_arg,
- NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
-
-/*
- * NSS_CMSDecoder_Update - feed DER-encoded data to decoder
- */
-extern SECStatus
-NSS_CMSDecoder_Update(NSSCMSDecoderContext *p7dcx, const char *buf, unsigned long len);
-
-/*
- * NSS_CMSDecoder_Cancel - cancel a decoding process
- */
-extern void
-NSS_CMSDecoder_Cancel(NSSCMSDecoderContext *p7dcx);
-
-/*
- * NSS_CMSDecoder_Finish - mark the end of inner content and finish decoding
- */
-extern NSSCMSMessage *
-NSS_CMSDecoder_Finish(NSSCMSDecoderContext *p7dcx);
-
-/*
- * NSS_CMSMessage_CreateFromDER - decode a CMS message from DER encoded data
- */
-extern NSSCMSMessage *
-NSS_CMSMessage_CreateFromDER(SECItem *DERmessage,
- NSSCMSContentCallback cb, void *cb_arg,
- PK11PasswordFunc pwfn, void *pwfn_arg,
- NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
-
-/************************************************************************
- * cmsencode.c - CMS encoding
- ************************************************************************/
-
-/*
- * NSS_CMSEncoder_Start - set up encoding of a CMS message
- *
- * "cmsg" - message to encode
- * "outputfn", "outputarg" - callback function for delivery of DER-encoded output
- * will not be called if NULL.
- * "dest" - if non-NULL, pointer to SECItem that will hold the DER-encoded output
- * "destpoolp" - pool to allocate DER-encoded output in
- * "pwfn", pwfn_arg" - callback function for getting token password
- * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
- * "detached_digestalgs", "detached_digests" - digests from detached content
- */
-extern NSSCMSEncoderContext *
-NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
- NSSCMSContentCallback outputfn, void *outputarg,
- SECItem *dest, PLArenaPool *destpoolp,
- PK11PasswordFunc pwfn, void *pwfn_arg,
- NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
- SECAlgorithmID **detached_digestalgs, SECItem **detached_digests);
-
-/*
- * NSS_CMSEncoder_Update - take content data delivery from the user
- *
- * "p7ecx" - encoder context
- * "data" - content data
- * "len" - length of content data
- */
-extern SECStatus
-NSS_CMSEncoder_Update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned long len);
-
-/*
- * NSS_CMSEncoder_Finish - signal the end of data
- *
- * we need to walk down the chain of encoders and the finish them from the innermost out
- */
-extern SECStatus
-NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx);
-
-/************************************************************************
- * cmsmessage.c - CMS message object
- ************************************************************************/
-
-/*
- * NSS_CMSMessage_Create - create a CMS message object
- *
- * "poolp" - arena to allocate memory from, or NULL if new arena should be created
- */
-extern NSSCMSMessage *
-NSS_CMSMessage_Create(PLArenaPool *poolp);
-
-/*
- * NSS_CMSMessage_SetEncodingParams - set up a CMS message object for encoding or decoding
- *
- * "cmsg" - message object
- * "pwfn", pwfn_arg" - callback function for getting token password
- * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
- * "detached_digestalgs", "detached_digests" - digests from detached content
- *
- * used internally.
- */
-extern void
-NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
- PK11PasswordFunc pwfn, void *pwfn_arg,
- NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
- SECAlgorithmID **detached_digestalgs, SECItem **detached_digests);
-
-/*
- * NSS_CMSMessage_Destroy - destroy a CMS message and all of its sub-pieces.
- */
-extern void
-NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg);
-
-/*
- * NSS_CMSMessage_Copy - return a copy of the given message.
- *
- * The copy may be virtual or may be real -- either way, the result needs
- * to be passed to NSS_CMSMessage_Destroy later (as does the original).
- */
-extern NSSCMSMessage *
-NSS_CMSMessage_Copy(NSSCMSMessage *cmsg);
-
-/*
- * NSS_CMSMessage_GetArena - return a pointer to the message's arena pool
- */
-extern PLArenaPool *
-NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg);
-
-/*
- * NSS_CMSMessage_GetContentInfo - return a pointer to the top level contentInfo
- */
-extern NSSCMSContentInfo *
-NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg);
-
-/*
- * Return a pointer to the actual content.
- * In the case of those types which are encrypted, this returns the *plain* content.
- * In case of nested contentInfos, this descends and retrieves the innermost content.
- */
-extern SECItem *
-NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg);
-
-/*
- * NSS_CMSMessage_ContentLevelCount - count number of levels of CMS content objects in this message
- *
- * CMS data content objects do not count.
- */
-extern int
-NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg);
-
-/*
- * NSS_CMSMessage_ContentLevel - find content level #n
- *
- * CMS data content objects do not count.
- */
-extern NSSCMSContentInfo *
-NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n);
-
-/*
- * NSS_CMSMessage_ContainsCertsOrCrls - see if message contains certs along the way
- */
-extern PRBool
-NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg);
-
-/*
- * NSS_CMSMessage_IsEncrypted - see if message contains a encrypted submessage
- */
-extern PRBool
-NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg);
-
-/*
- * NSS_CMSMessage_IsSigned - see if message contains a signed submessage
- *
- * If the CMS message has a SignedData with a signature (not just a SignedData)
- * return true; false otherwise. This can/should be called before calling
- * VerifySignature, which will always indicate failure if no signature is
- * present, but that does not mean there even was a signature!
- * Note that the content itself can be empty (detached content was sent
- * another way); it is the presence of the signature that matters.
- */
-extern PRBool
-NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg);
-
-/*
- * NSS_CMSMessage_IsContentEmpty - see if content is empty
- *
- * returns PR_TRUE is innermost content length is < minLen
- * XXX need the encrypted content length (why?)
- */
-extern PRBool
-NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen);
-
-/************************************************************************
- * cmscinfo.c - CMS contentInfo methods
- ************************************************************************/
-
-/*
- * NSS_CMSContentInfo_Destroy - destroy a CMS contentInfo and all of its sub-pieces.
- */
-extern void
-NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo);
-
-/*
- * NSS_CMSContentInfo_GetChildContentInfo - get content's contentInfo (if it exists)
- */
-extern NSSCMSContentInfo *
-NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo);
-
-/*
- * NSS_CMSContentInfo_SetContent - set cinfo's content type & content to CMS object
- */
-extern SECStatus
-NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECOidTag type, void *ptr);
-
-/*
- * NSS_CMSContentInfo_SetContent_XXXX - typesafe wrappers for NSS_CMSContentInfo_SetType
- * set cinfo's content type & content to CMS object
- */
-extern SECStatus
-NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECItem *data, PRBool detached);
-
-extern SECStatus
-NSS_CMSContentInfo_SetContent_SignedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSSignedData *sigd);
-
-extern SECStatus
-NSS_CMSContentInfo_SetContent_EnvelopedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEnvelopedData *envd);
-
-extern SECStatus
-NSS_CMSContentInfo_SetContent_DigestedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSDigestedData *digd);
-
-extern SECStatus
-NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEncryptedData *encd);
-
-/*
- * NSS_CMSContentInfo_GetContent - get pointer to inner content
- *
- * needs to be casted...
- */
-extern void *
-NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo);
-
-/*
- * NSS_CMSContentInfo_GetInnerContent - get pointer to innermost content
- *
- * this is typically only called by NSS_CMSMessage_GetContent()
- */
-extern SECItem *
-NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo);
-
-/*
- * NSS_CMSContentInfo_GetContentType{Tag,OID} - find out (saving pointer to lookup result
- * for future reference) and return the inner content type.
- */
-extern SECOidTag
-NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo);
-
-extern SECItem *
-NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo);
-
-/*
- * NSS_CMSContentInfo_GetContentEncAlgTag - find out (saving pointer to lookup result
- * for future reference) and return the content encryption algorithm tag.
- */
-extern SECOidTag
-NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo);
-
-/*
- * NSS_CMSContentInfo_GetContentEncAlg - find out and return the content encryption algorithm tag.
- */
-extern SECAlgorithmID *
-NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo);
-
-extern SECStatus
-NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
- SECOidTag bulkalgtag, SECItem *parameters, int keysize);
-
-extern SECStatus
-NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
- SECAlgorithmID *algid, int keysize);
-
-extern void
-NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey);
-
-extern PK11SymKey *
-NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo);
-
-extern int
-NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo);
-
-/************************************************************************
- * cmsutil.c - CMS misc utility functions
- ************************************************************************/
-
-/*
- * NSS_CMSArray_SortByDER - sort array of objects by objects' DER encoding
- *
- * make sure that the order of the objects guarantees valid DER (which must be
- * in lexigraphically ascending order for a SET OF); if reordering is necessary it
- * will be done in place (in objs).
- */
-extern SECStatus
-NSS_CMSArray_SortByDER(void **objs, const SEC_ASN1Template *objtemplate, void **objs2);
-
-/*
- * NSS_CMSUtil_DERCompare - for use with NSS_CMSArray_Sort to
- * sort arrays of SECItems containing DER
- */
-extern int
-NSS_CMSUtil_DERCompare(void *a, void *b);
-
-/*
- * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of
- * algorithms.
- *
- * algorithmArray - array of algorithm IDs
- * algid - algorithmid of algorithm to pick
- *
- * Returns:
- * An integer containing the index of the algorithm in the array or -1 if
- * algorithm was not found.
- */
-extern int
-NSS_CMSAlgArray_GetIndexByAlgID(SECAlgorithmID **algorithmArray, SECAlgorithmID *algid);
-
-/*
- * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of
- * algorithms.
- *
- * algorithmArray - array of algorithm IDs
- * algiddata - id of algorithm to pick
- *
- * Returns:
- * An integer containing the index of the algorithm in the array or -1 if
- * algorithm was not found.
- */
-extern int
-NSS_CMSAlgArray_GetIndexByAlgTag(SECAlgorithmID **algorithmArray, SECOidTag algtag);
-
-extern SECHashObject *
-NSS_CMSUtil_GetHashObjByAlgID(SECAlgorithmID *algid);
-
-/*
- * XXX I would *really* like to not have to do this, but the current
- * signing interface gives me little choice.
- */
-extern SECOidTag
-NSS_CMSUtil_MakeSignatureAlgorithm(SECOidTag hashalg, SECOidTag encalg);
-
-extern const SEC_ASN1Template *
-NSS_CMSUtil_GetTemplateByTypeTag(SECOidTag type);
-
-extern size_t
-NSS_CMSUtil_GetSizeByTypeTag(SECOidTag type);
-
-extern NSSCMSContentInfo *
-NSS_CMSContent_GetContentInfo(void *msg, SECOidTag type);
-
-extern const char *
-NSS_CMSUtil_VerificationStatusToString(NSSCMSVerificationStatus vs);
-
-/************************************************************************
- * cmssigdata.c - CMS signedData methods
- ************************************************************************/
-
-extern NSSCMSSignedData *
-NSS_CMSSignedData_Create(NSSCMSMessage *cmsg);
-
-extern void
-NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd);
-
-/*
- * NSS_CMSSignedData_Encode_BeforeStart - do all the necessary things to a SignedData
- * before start of encoding.
- *
- * In detail:
- * - find out about the right value to put into sigd->version
- * - come up with a list of digestAlgorithms (which should be the union of the algorithms
- * in the signerinfos).
- * If we happen to have a pre-set list of algorithms (and digest values!), we
- * check if we have all the signerinfos' algorithms. If not, this is an error.
- */
-extern SECStatus
-NSS_CMSSignedData_Encode_BeforeStart(NSSCMSSignedData *sigd);
-
-extern SECStatus
-NSS_CMSSignedData_Encode_BeforeData(NSSCMSSignedData *sigd);
-
-/*
- * NSS_CMSSignedData_Encode_AfterData - do all the necessary things to a SignedData
- * after all the encapsulated data was passed through the encoder.
- *
- * In detail:
- * - create the signatures in all the SignerInfos
- *
- * Please note that nothing is done to the Certificates and CRLs in the message - this
- * is entirely the responsibility of our callers.
- */
-extern SECStatus
-NSS_CMSSignedData_Encode_AfterData(NSSCMSSignedData *sigd);
-
-extern SECStatus
-NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd);
-
-/*
- * NSS_CMSSignedData_Decode_AfterData - do all the necessary things to a SignedData
- * after all the encapsulated data was passed through the decoder.
- */
-extern SECStatus
-NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd);
-
-/*
- * NSS_CMSSignedData_Decode_AfterEnd - do all the necessary things to a SignedData
- * after all decoding is finished.
- */
-extern SECStatus
-NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd);
-
-/*
- * NSS_CMSSignedData_GetSignerInfos - retrieve the SignedData's signer list
- */
-extern NSSCMSSignerInfo **
-NSS_CMSSignedData_GetSignerInfos(NSSCMSSignedData *sigd);
-
-extern int
-NSS_CMSSignedData_SignerInfoCount(NSSCMSSignedData *sigd);
-
-extern NSSCMSSignerInfo *
-NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i);
-
-/*
- * NSS_CMSSignedData_GetDigestAlgs - retrieve the SignedData's digest algorithm list
- */
-extern SECAlgorithmID **
-NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd);
-
-/*
- * NSS_CMSSignedData_GetContentInfo - return pointer to this signedData's contentinfo
- */
-extern NSSCMSContentInfo *
-NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd);
-
-/*
- * NSS_CMSSignedData_GetCertificateList - retrieve the SignedData's certificate list
- */
-extern SECItem **
-NSS_CMSSignedData_GetCertificateList(NSSCMSSignedData *sigd);
-
-extern SECStatus
-NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb,
- SECCertUsage certusage, PRBool keepcerts);
-
-/*
- * NSS_CMSSignedData_HasDigests - see if we have digests in place
- */
-extern PRBool
-NSS_CMSSignedData_HasDigests(NSSCMSSignedData *sigd);
-
-/*
- * NSS_CMSSignedData_VerifySignerInfo - check a signature.
- *
- * The digests were either calculated during decoding (and are stored in the
- * signedData itself) or set after decoding using NSS_CMSSignedData_SetDigests.
- *
- * The verification checks if the signing cert is valid and has a trusted chain
- * for the purpose specified by "certusage".
- */
-extern SECStatus
-NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i, CERTCertDBHandle *certdb,
- SECCertUsage certusage);
-
-extern SECStatus
-NSS_CMSSignedData_AddCertList(NSSCMSSignedData *sigd, CERTCertificateList *certlist);
-
-/*
- * NSS_CMSSignedData_AddCertChain - add cert and its entire chain to the set of certs
- */
-extern SECStatus
-NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert);
-
-extern SECStatus
-NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
-
-extern PRBool
-NSS_CMSSignedData_ContainsCertsOrCrls(NSSCMSSignedData *sigd);
-
-extern SECStatus
-NSS_CMSSignedData_AddSignerInfo(NSSCMSSignedData *sigd,
- NSSCMSSignerInfo *signerinfo);
-
-extern SECItem *
-NSS_CMSSignedData_GetDigestByAlgTag(NSSCMSSignedData *sigd, SECOidTag algtag);
-
-extern SECStatus
-NSS_CMSSignedData_SetDigests(NSSCMSSignedData *sigd,
- SECAlgorithmID **digestalgs,
- SECItem **digests);
-
-extern SECStatus
-NSS_CMSSignedData_SetDigestValue(NSSCMSSignedData *sigd,
- SECOidTag digestalgtag,
- SECItem *digestdata);
-
-extern SECStatus
-NSS_CMSSignedData_AddDigest(PRArenaPool *poolp,
- NSSCMSSignedData *sigd,
- SECOidTag digestalgtag,
- SECItem *digest);
-
-extern SECItem *
-NSS_CMSSignedData_GetDigestValue(NSSCMSSignedData *sigd, SECOidTag digestalgtag);
-
-/*
- * NSS_CMSSignedData_CreateCertsOnly - create a certs-only SignedData.
- *
- * cert - base certificates that will be included
- * include_chain - if true, include the complete cert chain for cert
- *
- * More certs and chains can be added via AddCertificate and AddCertChain.
- *
- * An error results in a return value of NULL and an error set.
- */
-extern NSSCMSSignedData *
-NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PRBool include_chain);
-
-/************************************************************************
- * cmssiginfo.c - signerinfo methods
- ************************************************************************/
-
-extern NSSCMSSignerInfo *
-NSS_CMSSignerInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert, SECOidTag digestalgtag);
-
-/*
- * NSS_CMSSignerInfo_Destroy - destroy a SignerInfo data structure
- */
-extern void
-NSS_CMSSignerInfo_Destroy(NSSCMSSignerInfo *si);
-
-/*
- * NSS_CMSSignerInfo_Sign - sign something
- *
- */
-extern SECStatus
-NSS_CMSSignerInfo_Sign(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType);
-
-extern SECStatus
-NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb,
- SECCertUsage certusage);
-
-/*
- * NSS_CMSSignerInfo_Verify - verify the signature of a single SignerInfo
- *
- * Just verifies the signature. The assumption is that verification of the certificate
- * is done already.
- */
-extern SECStatus
-NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType);
-
-extern NSSCMSVerificationStatus
-NSS_CMSSignerInfo_GetVerificationStatus(NSSCMSSignerInfo *signerinfo);
-
-extern SECOidData *
-NSS_CMSSignerInfo_GetDigestAlg(NSSCMSSignerInfo *signerinfo);
-
-extern SECOidTag
-NSS_CMSSignerInfo_GetDigestAlgTag(NSSCMSSignerInfo *signerinfo);
-
-extern int
-NSS_CMSSignerInfo_GetVersion(NSSCMSSignerInfo *signerinfo);
-
-extern CERTCertificateList *
-NSS_CMSSignerInfo_GetCertList(NSSCMSSignerInfo *signerinfo);
-
-/*
- * NSS_CMSSignerInfo_GetSigningTime - return the signing time,
- * in UTCTime format, of a CMS signerInfo.
- *
- * sinfo - signerInfo data for this signer
- *
- * Returns a pointer to XXXX (what?)
- * A return value of NULL is an error.
- */
-extern SECStatus
-NSS_CMSSignerInfo_GetSigningTime(NSSCMSSignerInfo *sinfo, PRTime *stime);
-
-/*
- * Return the signing cert of a CMS signerInfo.
- *
- * the certs in the enclosing SignedData must have been imported already
- */
-extern CERTCertificate *
-NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb);
-
-/*
- * NSS_CMSSignerInfo_GetSignerCommonName - return the common name of the signer
- *
- * sinfo - signerInfo data for this signer
- *
- * Returns a pointer to allocated memory, which must be freed.
- * A return value of NULL is an error.
- */
-extern char *
-NSS_CMSSignerInfo_GetSignerCommonName(NSSCMSSignerInfo *sinfo);
-
-/*
- * NSS_CMSSignerInfo_GetSignerEmailAddress - return the common name of the signer
- *
- * sinfo - signerInfo data for this signer
- *
- * Returns a pointer to allocated memory, which must be freed.
- * A return value of NULL is an error.
- */
-extern char *
-NSS_CMSSignerInfo_GetSignerEmailAddress(NSSCMSSignerInfo *sinfo);
-
-/*
- * NSS_CMSSignerInfo_AddAuthAttr - add an attribute to the
- * authenticated (i.e. signed) attributes of "signerinfo".
- */
-extern SECStatus
-NSS_CMSSignerInfo_AddAuthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr);
-
-/*
- * NSS_CMSSignerInfo_AddUnauthAttr - add an attribute to the
- * unauthenticated attributes of "signerinfo".
- */
-extern SECStatus
-NSS_CMSSignerInfo_AddUnauthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr);
-
-/*
- * NSS_CMSSignerInfo_AddSigningTime - add the signing time to the
- * authenticated (i.e. signed) attributes of "signerinfo".
- *
- * This is expected to be included in outgoing signed
- * messages for email (S/MIME) but is likely useful in other situations.
- *
- * This should only be added once; a second call will do nothing.
- *
- * XXX This will probably just shove the current time into "signerinfo"
- * but it will not actually get signed until the entire item is
- * processed for encoding. Is this (expected to be small) delay okay?
- */
-extern SECStatus
-NSS_CMSSignerInfo_AddSigningTime(NSSCMSSignerInfo *signerinfo, PRTime t);
-
-/*
- * NSS_CMSSignerInfo_AddSMIMECaps - add a SMIMECapabilities attribute to the
- * authenticated (i.e. signed) attributes of "signerinfo".
- *
- * This is expected to be included in outgoing signed
- * messages for email (S/MIME).
- */
-extern SECStatus
-NSS_CMSSignerInfo_AddSMIMECaps(NSSCMSSignerInfo *signerinfo);
-
-/*
- * NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
- * authenticated (i.e. signed) attributes of "signerinfo".
- *
- * This is expected to be included in outgoing signed messages for email (S/MIME).
- */
-SECStatus
-NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb);
-
-/*
- * NSS_CMSSignerInfo_AddCounterSignature - countersign a signerinfo
- */
-extern SECStatus
-NSS_CMSSignerInfo_AddCounterSignature(NSSCMSSignerInfo *signerinfo,
- SECOidTag digestalg, CERTCertificate signingcert);
-
-/*
- * XXXX the following needs to be done in the S/MIME layer code
- * after signature of a signerinfo is verified
- */
-extern SECStatus
-NSS_SMIMESignerInfo_SaveSMIMEProfile(NSSCMSSignerInfo *signerinfo);
-
-/*
- * NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signer
- */
-extern SECStatus
-NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo, NSSCMSCertChainMode cm, SECCertUsage usage);
-
-/************************************************************************
- * cmsenvdata.c - CMS envelopedData methods
- ************************************************************************/
-
-/*
- * NSS_CMSEnvelopedData_Create - create an enveloped data message
- */
-extern NSSCMSEnvelopedData *
-NSS_CMSEnvelopedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize);
-
-/*
- * NSS_CMSEnvelopedData_Destroy - destroy an enveloped data message
- */
-extern void
-NSS_CMSEnvelopedData_Destroy(NSSCMSEnvelopedData *edp);
-
-/*
- * NSS_CMSEnvelopedData_GetContentInfo - return pointer to this envelopedData's contentinfo
- */
-extern NSSCMSContentInfo *
-NSS_CMSEnvelopedData_GetContentInfo(NSSCMSEnvelopedData *envd);
-
-/*
- * NSS_CMSEnvelopedData_AddRecipient - add a recipientinfo to the enveloped data msg
- *
- * rip must be created on the same pool as edp - this is not enforced, though.
- */
-extern SECStatus
-NSS_CMSEnvelopedData_AddRecipient(NSSCMSEnvelopedData *edp, NSSCMSRecipientInfo *rip);
-
-/*
- * NSS_CMSEnvelopedData_Encode_BeforeStart - prepare this envelopedData for encoding
- *
- * at this point, we need
- * - recipientinfos set up with recipient's certificates
- * - a content encryption algorithm (if none, 3DES will be used)
- *
- * this function will generate a random content encryption key (aka bulk key),
- * initialize the recipientinfos with certificate identification and wrap the bulk key
- * using the proper algorithm for every certificiate.
- * it will finally set the bulk algorithm and key so that the encode step can find it.
- */
-extern SECStatus
-NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd);
-
-/*
- * NSS_CMSEnvelopedData_Encode_BeforeData - set up encryption
- */
-extern SECStatus
-NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd);
-
-/*
- * NSS_CMSEnvelopedData_Encode_AfterData - finalize this envelopedData for encoding
- */
-extern SECStatus
-NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd);
-
-/*
- * NSS_CMSEnvelopedData_Decode_BeforeData - find our recipientinfo,
- * derive bulk key & set up our contentinfo
- */
-extern SECStatus
-NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd);
-
-/*
- * NSS_CMSEnvelopedData_Decode_AfterData - finish decrypting this envelopedData's content
- */
-extern SECStatus
-NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd);
-
-/*
- * NSS_CMSEnvelopedData_Decode_AfterEnd - finish decoding this envelopedData
- */
-extern SECStatus
-NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd);
-
-
-/************************************************************************
- * cmsrecinfo.c - CMS recipientInfo methods
- ************************************************************************/
-
-/*
- * NSS_CMSRecipientInfo_Create - create a recipientinfo
- *
- * we currently do not create KeyAgreement recipientinfos with multiple recipientEncryptedKeys
- * the certificate is supposed to have been verified by the caller
- */
-extern NSSCMSRecipientInfo *
-NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert);
-
-extern void
-NSS_CMSRecipientInfo_Destroy(NSSCMSRecipientInfo *ri);
-
-extern int
-NSS_CMSRecipientInfo_GetVersion(NSSCMSRecipientInfo *ri);
-
-extern SECItem *
-NSS_CMSRecipientInfo_GetEncryptedKey(NSSCMSRecipientInfo *ri, int subIndex);
-
-
-extern SECOidTag
-NSS_CMSRecipientInfo_GetKeyEncryptionAlgorithmTag(NSSCMSRecipientInfo *ri);
-
-extern SECStatus
-NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, SECOidTag bulkalgtag);
-
-extern PK11SymKey *
-NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
- CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag);
-
-/************************************************************************
- * cmsencdata.c - CMS encryptedData methods
- ************************************************************************/
-/*
- * NSS_CMSEncryptedData_Create - create an empty encryptedData object.
- *
- * "algorithm" specifies the bulk encryption algorithm to use.
- * "keysize" is the key size.
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-extern NSSCMSEncryptedData *
-NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize);
-
-/*
- * NSS_CMSEncryptedData_Destroy - destroy an encryptedData object
- */
-extern void
-NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd);
-
-/*
- * NSS_CMSEncryptedData_GetContentInfo - return pointer to encryptedData object's contentInfo
- */
-extern NSSCMSContentInfo *
-NSS_CMSEncryptedData_GetContentInfo(NSSCMSEncryptedData *encd);
-
-/*
- * NSS_CMSEncryptedData_Encode_BeforeStart - do all the necessary things to a EncryptedData
- * before encoding begins.
- *
- * In particular:
- * - set the correct version value.
- * - get the encryption key
- */
-extern SECStatus
-NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd);
-
-/*
- * NSS_CMSEncryptedData_Encode_BeforeData - set up encryption
- */
-extern SECStatus
-NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd);
-
-/*
- * NSS_CMSEncryptedData_Encode_AfterData - finalize this encryptedData for encoding
- */
-extern SECStatus
-NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd);
-
-/*
- * NSS_CMSEncryptedData_Decode_BeforeData - find bulk key & set up decryption
- */
-extern SECStatus
-NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd);
-
-/*
- * NSS_CMSEncryptedData_Decode_AfterData - finish decrypting this encryptedData's content
- */
-extern SECStatus
-NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd);
-
-/*
- * NSS_CMSEncryptedData_Decode_AfterEnd - finish decoding this encryptedData
- */
-extern SECStatus
-NSS_CMSEncryptedData_Decode_AfterEnd(NSSCMSEncryptedData *encd);
-
-/************************************************************************
- * cmsdigdata.c - CMS encryptedData methods
- ************************************************************************/
-/*
- * NSS_CMSDigestedData_Create - create a digestedData object (presumably for encoding)
- *
- * version will be set by NSS_CMSDigestedData_Encode_BeforeStart
- * digestAlg is passed as parameter
- * contentInfo must be filled by the user
- * digest will be calculated while encoding
- */
-extern NSSCMSDigestedData *
-NSS_CMSDigestedData_Create(NSSCMSMessage *cmsg, SECAlgorithmID *digestalg);
-
-/*
- * NSS_CMSDigestedData_Destroy - destroy a digestedData object
- */
-extern void
-NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd);
-
-/*
- * NSS_CMSDigestedData_GetContentInfo - return pointer to digestedData object's contentInfo
- */
-extern NSSCMSContentInfo *
-NSS_CMSDigestedData_GetContentInfo(NSSCMSDigestedData *digd);
-
-/*
- * NSS_CMSDigestedData_Encode_BeforeStart - do all the necessary things to a DigestedData
- * before encoding begins.
- *
- * In particular:
- * - set the right version number. The contentInfo's content type must be set up already.
- */
-extern SECStatus
-NSS_CMSDigestedData_Encode_BeforeStart(NSSCMSDigestedData *digd);
-
-/*
- * NSS_CMSDigestedData_Encode_BeforeData - do all the necessary things to a DigestedData
- * before the encapsulated data is passed through the encoder.
- *
- * In detail:
- * - set up the digests if necessary
- */
-extern SECStatus
-NSS_CMSDigestedData_Encode_BeforeData(NSSCMSDigestedData *digd);
-
-/*
- * NSS_CMSDigestedData_Encode_AfterData - do all the necessary things to a DigestedData
- * after all the encapsulated data was passed through the encoder.
- *
- * In detail:
- * - finish the digests
- */
-extern SECStatus
-NSS_CMSDigestedData_Encode_AfterData(NSSCMSDigestedData *digd);
-
-/*
- * NSS_CMSDigestedData_Decode_BeforeData - do all the necessary things to a DigestedData
- * before the encapsulated data is passed through the encoder.
- *
- * In detail:
- * - set up the digests if necessary
- */
-extern SECStatus
-NSS_CMSDigestedData_Decode_BeforeData(NSSCMSDigestedData *digd);
-
-/*
- * NSS_CMSDigestedData_Decode_AfterData - do all the necessary things to a DigestedData
- * after all the encapsulated data was passed through the encoder.
- *
- * In detail:
- * - finish the digests
- */
-extern SECStatus
-NSS_CMSDigestedData_Decode_AfterData(NSSCMSDigestedData *digd);
-
-/*
- * NSS_CMSDigestedData_Decode_AfterEnd - finalize a digestedData.
- *
- * In detail:
- * - check the digests for equality
- */
-extern SECStatus
-NSS_CMSDigestedData_Decode_AfterEnd(NSSCMSDigestedData *digd);
-
-/************************************************************************
- * cmsdigest.c - digestion routines
- ************************************************************************/
-
-/*
- * NSS_CMSDigestContext_StartMultiple - start digest calculation using all the
- * digest algorithms in "digestalgs" in parallel.
- */
-extern NSSCMSDigestContext *
-NSS_CMSDigestContext_StartMultiple(SECAlgorithmID **digestalgs);
-
-/*
- * NSS_CMSDigestContext_StartSingle - same as NSS_CMSDigestContext_StartMultiple, but
- * only one algorithm.
- */
-extern NSSCMSDigestContext *
-NSS_CMSDigestContext_StartSingle(SECAlgorithmID *digestalg);
-
-/*
- * NSS_CMSDigestContext_Update - feed more data into the digest machine
- */
-extern void
-NSS_CMSDigestContext_Update(NSSCMSDigestContext *cmsdigcx, const unsigned char *data, int len);
-
-/*
- * NSS_CMSDigestContext_Cancel - cancel digesting operation
- */
-extern void
-NSS_CMSDigestContext_Cancel(NSSCMSDigestContext *cmsdigcx);
-
-/*
- * NSS_CMSDigestContext_FinishMultiple - finish the digests and put them
- * into an array of SECItems (allocated on poolp)
- */
-extern SECStatus
-NSS_CMSDigestContext_FinishMultiple(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
- SECItem ***digestsp);
-
-/*
- * NSS_CMSDigestContext_FinishSingle - same as NSS_CMSDigestContext_FinishMultiple,
- * but for one digest.
- */
-extern SECStatus
-NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
- SECItem *digest);
-
-/************************************************************************
- *
- ************************************************************************/
-
-
-/************************************************************************/
-SEC_END_PROTOS
-
-#endif /* _CMS_H_ */
diff --git a/security/nss/lib/smime/cmsarray.c b/security/nss/lib/smime/cmsarray.c
deleted file mode 100644
index 68d7e1963..000000000
--- a/security/nss/lib/smime/cmsarray.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS array functions.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "secerr.h"
-
-/*
- * ARRAY FUNCTIONS
- *
- * In NSS, arrays are rather primitive arrays of pointers.
- * Makes it easy to walk the array, but hard to count elements
- * and manage the storage.
- *
- * This is a feeble attempt to encapsulate the functionality
- * and get rid of hundreds of lines of similar code
- */
-
-/*
- * NSS_CMSArray_Alloc - allocate an array in an arena
- *
- * This allocates space for the array of pointers
- */
-void **
-NSS_CMSArray_Alloc(PRArenaPool *poolp, int n)
-{
- return (void **)PORT_ArenaZAlloc(poolp, n * sizeof(void *));
-}
-
-/*
- * NSS_CMSArray_Add - add an element to the end of an array
- *
- * The array of pointers is either created (if array was empty before) or grown.
- */
-SECStatus
-NSS_CMSArray_Add(PRArenaPool *poolp, void ***array, void *obj)
-{
- void **p;
- int n;
- void **dest;
-
- PORT_Assert(array != NULL);
- if (array == NULL)
- return SECFailure;
-
- if (*array == NULL) {
- dest = (void **)PORT_ArenaAlloc(poolp, 2 * sizeof(void *));
- n = 0;
- } else {
- n = 0; p = *array;
- while (*p++)
- n++;
- dest = (void **)PORT_ArenaGrow (poolp,
- *array,
- (n + 1) * sizeof(void *),
- (n + 2) * sizeof(void *));
- }
- dest[n] = obj;
- dest[n+1] = NULL;
- *array = dest;
- return SECSuccess;
-}
-
-/*
- * NSS_CMSArray_IsEmpty - check if array is empty
- */
-PRBool
-NSS_CMSArray_IsEmpty(void **array)
-{
- return (array == NULL || array[0] == NULL);
-}
-
-/*
- * NSS_CMSArray_Count - count number of elements in array
- */
-int
-NSS_CMSArray_Count(void **array)
-{
- int n = 0;
-
- if (array == NULL)
- return 0;
-
- while (*array++ != NULL)
- n++;
-
- return n;
-}
-
-/*
- * NSS_CMSArray_Sort - sort an array in place
- *
- * If "secondary" or "tertiary are not NULL, it must be arrays with the same
- * number of elements as "primary". The same reordering will get applied to it.
- *
- * "compare" is a function that returns
- * < 0 when the first element is less than the second
- * = 0 when the first element is equal to the second
- * > 0 when the first element is greater than the second
- * to acheive ascending ordering.
- */
-void
-NSS_CMSArray_Sort(void **primary, int (*compare)(void *,void *), void **secondary, void **tertiary)
-{
- int n, i, limit, lastxchg;
- void *tmp;
-
- n = NSS_CMSArray_Count(primary);
-
- PORT_Assert(secondary == NULL || NSS_CMSArray_Count(secondary) == n);
- PORT_Assert(tertiary == NULL || NSS_CMSArray_Count(tertiary) == n);
-
- if (n <= 1) /* ordering is fine */
- return;
-
- /* yes, ladies and gentlemen, it's BUBBLE SORT TIME! */
- limit = n - 1;
- while (1) {
- lastxchg = 0;
- for (i = 0; i < limit; i++) {
- if ((*compare)(primary[i], primary[i+1]) > 0) {
- /* exchange the neighbours */
- tmp = primary[i+1];
- primary[i+1] = primary[i];
- primary[i] = tmp;
- if (secondary) { /* secondary array? */
- tmp = secondary[i+1]; /* exchange there as well */
- secondary[i+1] = secondary[i];
- secondary[i] = tmp;
- }
- if (tertiary) { /* tertiary array? */
- tmp = tertiary[i+1]; /* exchange there as well */
- tertiary[i+1] = tertiary[i];
- tertiary[i] = tmp;
- }
- lastxchg = i+1; /* index of the last element bubbled up */
- }
- }
- if (lastxchg == 0) /* no exchanges, so array is sorted */
- break; /* we're done */
- limit = lastxchg; /* array is sorted up to [limit] */
- }
-}
-
-#if 0
-
-/* array iterator stuff... not used */
-
-typedef void **NSSCMSArrayIterator;
-
-/* iterator */
-NSSCMSArrayIterator
-NSS_CMSArray_First(void **array)
-{
- if (array == NULL || array[0] == NULL)
- return NULL;
- return (NSSCMSArrayIterator)&(array[0]);
-}
-
-void *
-NSS_CMSArray_Obj(NSSCMSArrayIterator iter)
-{
- void **p = (void **)iter;
-
- return *iter; /* which is NULL if we are at the end of the array */
-}
-
-NSSCMSArrayIterator
-NSS_CMSArray_Next(NSSCMSArrayIterator iter)
-{
- void **p = (void **)iter;
-
- return (NSSCMSArrayIterator)(p + 1);
-}
-
-#endif
diff --git a/security/nss/lib/smime/cmsasn1.c b/security/nss/lib/smime/cmsasn1.c
deleted file mode 100644
index d649c4192..000000000
--- a/security/nss/lib/smime/cmsasn1.c
+++ /dev/null
@@ -1,560 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS ASN.1 templates
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "key.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "prtime.h"
-#include "secerr.h"
-
-
-extern const SEC_ASN1Template nss_cms_set_of_attribute_template[];
-
-/* -----------------------------------------------------------------------------
- * MESSAGE
- * (uses NSSCMSContentInfo)
- */
-
-/* forward declaration */
-static const SEC_ASN1Template *
-nss_cms_choose_content_template(void *src_or_dest, PRBool encoding);
-
-static SEC_ChooseASN1TemplateFunc nss_cms_chooser
- = nss_cms_choose_content_template;
-
-const SEC_ASN1Template NSSCMSMessageTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(NSSCMSMessage) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(NSSCMSMessage,contentInfo.contentType) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM
- | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSCMSMessage,contentInfo.content),
- &nss_cms_chooser },
- { 0 }
-};
-
-static const SEC_ASN1Template NSS_PointerToCMSMessageTemplate[] = {
- { SEC_ASN1_POINTER, 0, NSSCMSMessageTemplate }
-};
-
-/* -----------------------------------------------------------------------------
- * ENCAPSULATED & ENCRYPTED CONTENTINFO
- * (both use a NSSCMSContentInfo)
- */
-static const SEC_ASN1Template NSSCMSEncapsulatedContentInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(NSSCMSContentInfo) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(NSSCMSContentInfo,contentType) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | SEC_ASN1_MAY_STREAM |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSCMSContentInfo,rawContent),
- SEC_PointerToOctetStringTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template NSSCMSEncryptedContentInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(NSSCMSContentInfo) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(NSSCMSContentInfo,contentType) },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSContentInfo,contentEncAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER | SEC_ASN1_MAY_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSCMSContentInfo,rawContent),
- SEC_OctetStringTemplate },
- { 0 }
-};
-
-/* -----------------------------------------------------------------------------
- * SIGNED DATA
- */
-
-const SEC_ASN1Template NSSCMSSignerInfoTemplate[];
-
-const SEC_ASN1Template NSSCMSSignedDataTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(NSSCMSSignedData) },
- { SEC_ASN1_INTEGER,
- offsetof(NSSCMSSignedData,version) },
- { SEC_ASN1_SET_OF,
- offsetof(NSSCMSSignedData,digestAlgorithms),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSSignedData,contentInfo),
- NSSCMSEncapsulatedContentInfoTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSCMSSignedData,rawCerts),
- SEC_SetOfAnyTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(NSSCMSSignedData,crls),
- CERT_SetOfSignedCrlTemplate },
- { SEC_ASN1_SET_OF,
- offsetof(NSSCMSSignedData,signerInfos),
- NSSCMSSignerInfoTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template NSS_PointerToCMSSignedDataTemplate[] = {
- { SEC_ASN1_POINTER, 0, NSSCMSSignedDataTemplate }
-};
-
-/* -----------------------------------------------------------------------------
- * signeridentifier
- */
-
-static const SEC_ASN1Template NSSCMSSignerIdentifierTemplate[] = {
- { SEC_ASN1_CHOICE,
- offsetof(NSSCMSSignerIdentifier,identifierType), NULL,
- sizeof(NSSCMSSignerIdentifier) },
- { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSCMSSignerIdentifier,id.subjectKeyID),
- SEC_OctetStringTemplate,
- NSSCMSRecipientID_SubjectKeyID },
- { SEC_ASN1_POINTER,
- offsetof(NSSCMSSignerIdentifier,id.issuerAndSN),
- CERT_IssuerAndSNTemplate,
- NSSCMSRecipientID_IssuerSN },
- { 0 }
-};
-
-/* -----------------------------------------------------------------------------
- * signerinfo
- */
-
-const SEC_ASN1Template NSSCMSSignerInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSSignerInfo) },
- { SEC_ASN1_INTEGER,
- offsetof(NSSCMSSignerInfo,version) },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSSignerInfo,signerIdentifier),
- NSSCMSSignerIdentifierTemplate },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSSignerInfo,digestAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSCMSSignerInfo,authAttr),
- nss_cms_set_of_attribute_template },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSSignerInfo,digestEncAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSSignerInfo,encDigest) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(NSSCMSSignerInfo,unAuthAttr),
- nss_cms_set_of_attribute_template },
- { 0 }
-};
-
-/* -----------------------------------------------------------------------------
- * ENVELOPED DATA
- */
-
-static const SEC_ASN1Template NSSCMSOriginatorInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSOriginatorInfo) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSCMSOriginatorInfo,rawCerts),
- SEC_SetOfAnyTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(NSSCMSOriginatorInfo,crls),
- CERT_SetOfSignedCrlTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template NSSCMSRecipientInfoTemplate[];
-
-const SEC_ASN1Template NSSCMSEnvelopedDataTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(NSSCMSEnvelopedData) },
- { SEC_ASN1_INTEGER,
- offsetof(NSSCMSEnvelopedData,version) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSCMSEnvelopedData,originatorInfo),
- NSSCMSOriginatorInfoTemplate },
- { SEC_ASN1_SET_OF,
- offsetof(NSSCMSEnvelopedData,recipientInfos),
- NSSCMSRecipientInfoTemplate },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSEnvelopedData,contentInfo),
- NSSCMSEncryptedContentInfoTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(NSSCMSEnvelopedData,unprotectedAttr),
- nss_cms_set_of_attribute_template },
- { 0 }
-};
-
-const SEC_ASN1Template NSS_PointerToCMSEnvelopedDataTemplate[] = {
- { SEC_ASN1_POINTER, 0, NSSCMSEnvelopedDataTemplate }
-};
-
-/* here come the 15 gazillion templates for all the v3 varieties of RecipientInfo */
-
-/* -----------------------------------------------------------------------------
- * key transport recipient info
- */
-
-static const SEC_ASN1Template NSSCMSRecipientIdentifierTemplate[] = {
- { SEC_ASN1_CHOICE,
- offsetof(NSSCMSRecipientIdentifier,identifierType), NULL,
- sizeof(NSSCMSRecipientIdentifier) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSCMSRecipientIdentifier,id.subjectKeyID),
- SEC_PointerToOctetStringTemplate,
- NSSCMSRecipientID_SubjectKeyID },
- { SEC_ASN1_POINTER,
- offsetof(NSSCMSRecipientIdentifier,id.issuerAndSN),
- CERT_IssuerAndSNTemplate,
- NSSCMSRecipientID_IssuerSN },
- { 0 }
-};
-
-
-static const SEC_ASN1Template NSSCMSKeyTransRecipientInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSKeyTransRecipientInfo) },
- { SEC_ASN1_INTEGER,
- offsetof(NSSCMSKeyTransRecipientInfo,version) },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSKeyTransRecipientInfo,recipientIdentifier),
- NSSCMSRecipientIdentifierTemplate },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSKeyTransRecipientInfo,keyEncAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSKeyTransRecipientInfo,encKey) },
- { 0 }
-};
-
-/* -----------------------------------------------------------------------------
- * key agreement recipient info
- */
-
-static const SEC_ASN1Template NSSCMSOriginatorPublicKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSOriginatorPublicKey) },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSOriginatorPublicKey,algorithmIdentifier),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSOriginatorPublicKey,publicKey),
- SEC_BitStringTemplate },
- { 0 }
-};
-
-
-static const SEC_ASN1Template NSSCMSOriginatorIdentifierOrKeyTemplate[] = {
- { SEC_ASN1_CHOICE,
- offsetof(NSSCMSOriginatorIdentifierOrKey,identifierType), NULL,
- sizeof(NSSCMSOriginatorIdentifierOrKey) },
- { SEC_ASN1_POINTER,
- offsetof(NSSCMSOriginatorIdentifierOrKey,id.issuerAndSN),
- CERT_IssuerAndSNTemplate,
- NSSCMSOriginatorIDOrKey_IssuerSN },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(NSSCMSOriginatorIdentifierOrKey,id.subjectKeyID),
- SEC_PointerToOctetStringTemplate,
- NSSCMSOriginatorIDOrKey_SubjectKeyID },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
- offsetof(NSSCMSOriginatorIdentifierOrKey,id.originatorPublicKey),
- NSSCMSOriginatorPublicKeyTemplate,
- NSSCMSOriginatorIDOrKey_OriginatorPublicKey },
- { 0 }
-};
-
-const SEC_ASN1Template NSSCMSRecipientKeyIdentifierTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSRecipientKeyIdentifier) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSRecipientKeyIdentifier,subjectKeyIdentifier) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSRecipientKeyIdentifier,date) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSRecipientKeyIdentifier,other) },
- { 0 }
-};
-
-
-static const SEC_ASN1Template NSSCMSKeyAgreeRecipientIdentifierTemplate[] = {
- { SEC_ASN1_CHOICE,
- offsetof(NSSCMSKeyAgreeRecipientIdentifier,identifierType), NULL,
- sizeof(NSSCMSKeyAgreeRecipientIdentifier) },
- { SEC_ASN1_POINTER,
- offsetof(NSSCMSKeyAgreeRecipientIdentifier,id.issuerAndSN),
- CERT_IssuerAndSNTemplate,
- NSSCMSKeyAgreeRecipientID_IssuerSN },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSCMSKeyAgreeRecipientIdentifier,id.recipientKeyIdentifier),
- NSSCMSRecipientKeyIdentifierTemplate,
- NSSCMSKeyAgreeRecipientID_RKeyID },
- { 0 }
-};
-
-static const SEC_ASN1Template NSSCMSRecipientEncryptedKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSRecipientEncryptedKey) },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSRecipientEncryptedKey,recipientIdentifier),
- NSSCMSKeyAgreeRecipientIdentifierTemplate },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSRecipientEncryptedKey,encKey),
- SEC_BitStringTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template NSSCMSKeyAgreeRecipientInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSKeyAgreeRecipientInfo) },
- { SEC_ASN1_INTEGER,
- offsetof(NSSCMSKeyAgreeRecipientInfo,version) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSCMSKeyAgreeRecipientInfo,originatorIdentifierOrKey),
- NSSCMSOriginatorIdentifierOrKeyTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(NSSCMSKeyAgreeRecipientInfo,ukm),
- SEC_OctetStringTemplate },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSKeyAgreeRecipientInfo,keyEncAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(NSSCMSKeyAgreeRecipientInfo,recipientEncryptedKeys),
- NSSCMSRecipientEncryptedKeyTemplate },
- { 0 }
-};
-
-/* -----------------------------------------------------------------------------
- * KEK recipient info
- */
-
-static const SEC_ASN1Template NSSCMSKEKIdentifierTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSKEKIdentifier) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSKEKIdentifier,keyIdentifier) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSKEKIdentifier,date) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSKEKIdentifier,other) },
- { 0 }
-};
-
-static const SEC_ASN1Template NSSCMSKEKRecipientInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSKEKRecipientInfo) },
- { SEC_ASN1_INTEGER,
- offsetof(NSSCMSKEKRecipientInfo,version) },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSKEKRecipientInfo,kekIdentifier),
- NSSCMSKEKIdentifierTemplate },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSKEKRecipientInfo,keyEncAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSKEKRecipientInfo,encKey) },
- { 0 }
-};
-
-/* -----------------------------------------------------------------------------
- * recipient info
- */
-const SEC_ASN1Template NSSCMSRecipientInfoTemplate[] = {
- { SEC_ASN1_CHOICE,
- offsetof(NSSCMSRecipientInfo,recipientInfoType), NULL,
- sizeof(NSSCMSRecipientInfo) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(NSSCMSRecipientInfo,ri.keyAgreeRecipientInfo),
- NSSCMSKeyAgreeRecipientInfoTemplate,
- NSSCMSRecipientInfoID_KeyAgree },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
- offsetof(NSSCMSRecipientInfo,ri.kekRecipientInfo),
- NSSCMSKEKRecipientInfoTemplate,
- NSSCMSRecipientInfoID_KEK },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSRecipientInfo,ri.keyTransRecipientInfo),
- NSSCMSKeyTransRecipientInfoTemplate,
- NSSCMSRecipientInfoID_KeyTrans },
- { 0 }
-};
-
-/* -----------------------------------------------------------------------------
- *
- */
-
-const SEC_ASN1Template NSSCMSDigestedDataTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(NSSCMSDigestedData) },
- { SEC_ASN1_INTEGER,
- offsetof(NSSCMSDigestedData,version) },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSDigestedData,digestAlg),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSDigestedData,contentInfo),
- NSSCMSEncapsulatedContentInfoTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSDigestedData,digest) },
- { 0 }
-};
-
-const SEC_ASN1Template NSS_PointerToCMSDigestedDataTemplate[] = {
- { SEC_ASN1_POINTER, 0, NSSCMSDigestedDataTemplate }
-};
-
-const SEC_ASN1Template NSSCMSEncryptedDataTemplate[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
- 0, NULL, sizeof(NSSCMSEncryptedData) },
- { SEC_ASN1_INTEGER,
- offsetof(NSSCMSEncryptedData,version) },
- { SEC_ASN1_INLINE,
- offsetof(NSSCMSEncryptedData,contentInfo),
- NSSCMSEncryptedContentInfoTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(NSSCMSEncryptedData,unprotectedAttr),
- nss_cms_set_of_attribute_template },
- { 0 }
-};
-
-const SEC_ASN1Template NSS_PointerToCMSEncryptedDataTemplate[] = {
- { SEC_ASN1_POINTER, 0, NSSCMSEncryptedDataTemplate }
-};
-
-/* -----------------------------------------------------------------------------
- * FORTEZZA KEA
- */
-const SEC_ASN1Template NSS_SMIMEKEAParamTemplateSkipjack[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSSMIMEKEAParameters) },
- { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */,
- offsetof(NSSCMSSMIMEKEAParameters,originatorKEAKey) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSSMIMEKEAParameters,originatorRA) },
- { 0 }
-};
-
-const SEC_ASN1Template NSS_SMIMEKEAParamTemplateNoSkipjack[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSSMIMEKEAParameters) },
- { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */,
- offsetof(NSSCMSSMIMEKEAParameters,originatorKEAKey) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSSMIMEKEAParameters,originatorRA) },
- { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL ,
- offsetof(NSSCMSSMIMEKEAParameters,nonSkipjackIV) },
- { 0 }
-};
-
-const SEC_ASN1Template NSS_SMIMEKEAParamTemplateAllParams[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSSMIMEKEAParameters) },
- { SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */,
- offsetof(NSSCMSSMIMEKEAParameters,originatorKEAKey) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(NSSCMSSMIMEKEAParameters,originatorRA) },
- { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL ,
- offsetof(NSSCMSSMIMEKEAParameters,nonSkipjackIV) },
- { SEC_ASN1_OCTET_STRING | SEC_ASN1_OPTIONAL ,
- offsetof(NSSCMSSMIMEKEAParameters,bulkKeySize) },
- { 0 }
-};
-
-const SEC_ASN1Template *
-nss_cms_get_kea_template(NSSCMSKEATemplateSelector whichTemplate)
-{
- const SEC_ASN1Template *returnVal = NULL;
-
- switch(whichTemplate)
- {
- case NSSCMSKEAUsesNonSkipjack:
- returnVal = NSS_SMIMEKEAParamTemplateNoSkipjack;
- break;
- case NSSCMSKEAUsesSkipjack:
- returnVal = NSS_SMIMEKEAParamTemplateSkipjack;
- break;
- case NSSCMSKEAUsesNonSkipjackWithPaddedEncKey:
- default:
- returnVal = NSS_SMIMEKEAParamTemplateAllParams;
- break;
- }
- return returnVal;
-}
-
-/* -----------------------------------------------------------------------------
- *
- */
-static const SEC_ASN1Template *
-nss_cms_choose_content_template(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- NSSCMSContentInfo *cinfo;
-
- PORT_Assert (src_or_dest != NULL);
- if (src_or_dest == NULL)
- return NULL;
-
- cinfo = (NSSCMSContentInfo *)src_or_dest;
- switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
- default:
- theTemplate = SEC_PointerToAnyTemplate;
- break;
- case SEC_OID_PKCS7_DATA:
- theTemplate = SEC_PointerToOctetStringTemplate;
- break;
- case SEC_OID_PKCS7_SIGNED_DATA:
- theTemplate = NSS_PointerToCMSSignedDataTemplate;
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- theTemplate = NSS_PointerToCMSEnvelopedDataTemplate;
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- theTemplate = NSS_PointerToCMSDigestedDataTemplate;
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- theTemplate = NSS_PointerToCMSEncryptedDataTemplate;
- break;
- }
- return theTemplate;
-}
diff --git a/security/nss/lib/smime/cmsattr.c b/security/nss/lib/smime/cmsattr.c
deleted file mode 100644
index 34016bd55..000000000
--- a/security/nss/lib/smime/cmsattr.c
+++ /dev/null
@@ -1,453 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS attributes.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "prtime.h"
-#include "secerr.h"
-
-/*
- * -------------------------------------------------------------------
- * XXX The following Attribute stuff really belongs elsewhere.
- * The Attribute type is *not* part of CMS but rather X.501.
- * But for now, since CMS is the only customer of attributes,
- * we define them here. Once there is a use outside of CMS,
- * then change the attribute types and functions from internal
- * to external naming convention, and move them elsewhere!
- */
-
-
-/*
- * NSS_CMSAttribute_Create - create an attribute
- *
- * if value is NULL, the attribute won't have a value. It can be added later
- * with NSS_CMSAttribute_AddValue.
- */
-NSSCMSAttribute *
-NSS_CMSAttribute_Create(PRArenaPool *poolp, SECOidTag oidtag, SECItem *value, PRBool encoded)
-{
- NSSCMSAttribute *attr;
- SECItem *copiedvalue;
- void *mark;
-
- PORT_Assert (poolp != NULL);
-
- mark = PORT_ArenaMark (poolp);
-
- attr = (NSSCMSAttribute *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSAttribute));
- if (attr == NULL)
- goto loser;
-
- attr->typeTag = SECOID_FindOIDByTag(oidtag);
- if (attr->typeTag == NULL)
- goto loser;
-
- if (SECITEM_CopyItem(poolp, &(attr->type), &(attr->typeTag->oid)) != SECSuccess)
- goto loser;
-
- if (value != NULL) {
- if ((copiedvalue = SECITEM_AllocItem(poolp, NULL, value->len)) == NULL)
- goto loser;
-
- if (SECITEM_CopyItem(poolp, copiedvalue, value) != SECSuccess)
- goto loser;
-
- NSS_CMSArray_Add(poolp, (void ***)&(attr->values), (void *)copiedvalue);
- }
-
- attr->encoded = encoded;
-
- PORT_ArenaUnmark (poolp, mark);
-
- return attr;
-
-loser:
- PORT_Assert (mark != NULL);
- PORT_ArenaRelease (poolp, mark);
- return NULL;
-}
-
-/*
- * NSS_CMSAttribute_AddValue - add another value to an attribute
- */
-SECStatus
-NSS_CMSAttribute_AddValue(PLArenaPool *poolp, NSSCMSAttribute *attr, SECItem *value)
-{
- SECItem copiedvalue;
- void *mark;
-
- PORT_Assert (poolp != NULL);
-
- mark = PORT_ArenaMark(poolp);
-
- /* XXX we need an object memory model #$%#$%! */
- if (SECITEM_CopyItem(poolp, &copiedvalue, value) != SECSuccess)
- goto loser;
-
- if (NSS_CMSArray_Add(poolp, (void ***)&(attr->values), (void *)&copiedvalue) != SECSuccess)
- goto loser;
-
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_Assert (mark != NULL);
- PORT_ArenaRelease (poolp, mark);
- return SECFailure;
-}
-
-/*
- * NSS_CMSAttribute_GetType - return the OID tag
- */
-SECOidTag
-NSS_CMSAttribute_GetType(NSSCMSAttribute *attr)
-{
- SECOidData *typetag;
-
- typetag = SECOID_FindOID(&(attr->type));
- if (typetag == NULL)
- return SEC_OID_UNKNOWN;
-
- return typetag->offset;
-}
-
-/*
- * NSS_CMSAttribute_GetValue - return the first attribute value
- *
- * We do some sanity checking first:
- * - Multiple values are *not* expected.
- * - Empty values are *not* expected.
- */
-SECItem *
-NSS_CMSAttribute_GetValue(NSSCMSAttribute *attr)
-{
- SECItem *value;
-
- if (attr == NULL)
- return NULL;
-
- value = attr->values[0];
-
- if (value == NULL || value->data == NULL || value->len == 0)
- return NULL;
-
- if (attr->values[1] != NULL)
- return NULL;
-
- return value;
-}
-
-/*
- * NSS_CMSAttribute_CompareValue - compare the attribute's first value against data
- */
-PRBool
-NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av)
-{
- SECItem *value;
-
- if (attr == NULL)
- return PR_FALSE;
-
- value = NSS_CMSAttribute_GetValue(attr);
-
- return (value != NULL && value->len == av->len &&
- PORT_Memcmp (value->data, av->data, value->len) == 0);
-}
-
-/*
- * templates and functions for separate ASN.1 encoding of attributes
- *
- * used in NSS_CMSAttributeArray_Reorder
- */
-
-/*
- * helper function for dynamic template determination of the attribute value
- */
-static const SEC_ASN1Template *
-cms_attr_choose_attr_value_template(void *src_or_dest, PRBool encoding)
-{
- const SEC_ASN1Template *theTemplate;
- NSSCMSAttribute *attribute;
- SECOidData *oiddata;
- PRBool encoded;
-
- PORT_Assert (src_or_dest != NULL);
- if (src_or_dest == NULL)
- return NULL;
-
- attribute = (NSSCMSAttribute *)src_or_dest;
-
- if (encoding && attribute->encoded)
- /* we're encoding, and the attribute value is already encoded. */
- return SEC_AnyTemplate;
-
- /* get attribute's typeTag */
- oiddata = attribute->typeTag;
- if (oiddata == NULL) {
- oiddata = SECOID_FindOID(&attribute->type);
- attribute->typeTag = oiddata;
- }
-
- if (oiddata == NULL) {
- /* still no OID tag? OID is unknown then. en/decode value as ANY. */
- encoded = PR_TRUE;
- theTemplate = SEC_AnyTemplate;
- } else {
- switch (oiddata->offset) {
- SEC_OID_PKCS9_SMIME_CAPABILITIES:
- SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE:
- /* these guys need to stay DER-encoded */
- default:
- /* same goes for OIDs that are not handled here */
- encoded = PR_TRUE;
- theTemplate = SEC_AnyTemplate;
- break;
- /* otherwise choose proper template */
- case SEC_OID_PKCS9_EMAIL_ADDRESS:
- case SEC_OID_RFC1274_MAIL:
- case SEC_OID_PKCS9_UNSTRUCTURED_NAME:
- encoded = PR_FALSE;
- theTemplate = SEC_IA5StringTemplate;
- break;
- case SEC_OID_PKCS9_CONTENT_TYPE:
- encoded = PR_FALSE;
- theTemplate = SEC_ObjectIDTemplate;
- break;
- case SEC_OID_PKCS9_MESSAGE_DIGEST:
- encoded = PR_FALSE;
- theTemplate = SEC_OctetStringTemplate;
- break;
- case SEC_OID_PKCS9_SIGNING_TIME:
- encoded = PR_FALSE;
- theTemplate = SEC_UTCTimeTemplate;
- break;
- /* XXX Want other types here, too */
- }
- }
-
- if (encoding) {
- /*
- * If we are encoding and we think we have an already-encoded value,
- * then the code which initialized this attribute should have set
- * the "encoded" property to true (and we would have returned early,
- * up above). No devastating error, but that code should be fixed.
- * (It could indicate that the resulting encoded bytes are wrong.)
- */
- PORT_Assert (!encoded);
- } else {
- /*
- * We are decoding; record whether the resulting value is
- * still encoded or not.
- */
- attribute->encoded = encoded;
- }
- return theTemplate;
-}
-
-static SEC_ChooseASN1TemplateFunc cms_attr_chooser
- = cms_attr_choose_attr_value_template;
-
-const SEC_ASN1Template nss_cms_attribute_template[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSCMSAttribute) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(NSSCMSAttribute,type) },
- { SEC_ASN1_DYNAMIC | SEC_ASN1_SET_OF,
- offsetof(NSSCMSAttribute,values),
- &cms_attr_chooser },
- { 0 }
-};
-
-const SEC_ASN1Template nss_cms_set_of_attribute_template[] = {
- { SEC_ASN1_SET_OF, 0, nss_cms_attribute_template },
-};
-
-/* =============================================================================
- * Attribute Array methods
- */
-
-/*
- * NSS_CMSAttributeArray_Encode - encode an Attribute array as SET OF Attributes
- *
- * If you are wondering why this routine does not reorder the attributes
- * first, and might be tempted to make it do so, see the comment by the
- * call to ReorderAttributes in cmsencode.c. (Or, see who else calls this
- * and think long and hard about the implications of making it always
- * do the reordering.)
- */
-SECItem *
-NSS_CMSAttributeArray_Encode(PRArenaPool *poolp, NSSCMSAttribute ***attrs, SECItem *dest)
-{
- return SEC_ASN1EncodeItem (poolp, dest, (void *)attrs, nss_cms_set_of_attribute_template);
-}
-
-/*
- * NSS_CMSAttributeArray_Reorder - sort attribute array by attribute's DER encoding
- *
- * make sure that the order of the attributes guarantees valid DER (which must be
- * in lexigraphically ascending order for a SET OF); if reordering is necessary it
- * will be done in place (in attrs).
- */
-SECStatus
-NSS_CMSAttributeArray_Reorder(NSSCMSAttribute **attrs)
-{
- return NSS_CMSArray_SortByDER((void **)attrs, nss_cms_attribute_template, NULL);
-}
-
-/*
- * NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and
- * find one that matches the specified object ID.
- *
- * If "only" is true, then make sure that there is not more than one attribute
- * of the same type. Otherwise, just return the first one found. (XXX Does
- * anybody really want that first-found behavior? It was like that when I found it...)
- */
-NSSCMSAttribute *
-NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only)
-{
- SECOidData *oid;
- NSSCMSAttribute *attr1, *attr2;
-
- if (attrs == NULL)
- return NULL;
-
- oid = SECOID_FindOIDByTag(oidtag);
- if (oid == NULL)
- return NULL;
-
- while ((attr1 = *attrs++) != NULL) {
- if (attr1->type.len == oid->oid.len && PORT_Memcmp (attr1->type.data,
- oid->oid.data,
- oid->oid.len) == 0)
- break;
- }
-
- if (attr1 == NULL)
- return NULL;
-
- if (!only)
- return attr1;
-
- while ((attr2 = *attrs++) != NULL) {
- if (attr2->type.len == oid->oid.len && PORT_Memcmp (attr2->type.data,
- oid->oid.data,
- oid->oid.len) == 0)
- break;
- }
-
- if (attr2 != NULL)
- return NULL;
-
- return attr1;
-}
-
-/*
- * NSS_CMSAttributeArray_AddAttr - add an attribute to an
- * array of attributes.
- */
-SECStatus
-NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSCMSAttribute *attr)
-{
- NSSCMSAttribute *oattr;
- void *mark;
- SECOidTag type;
-
- mark = PORT_ArenaMark(poolp);
-
- /* find oidtag of attr */
- type = NSS_CMSAttribute_GetType(attr);
-
- /* see if we have one already */
- oattr = NSS_CMSAttributeArray_FindAttrByOidTag(*attrs, type, PR_FALSE);
- PORT_Assert (oattr == NULL);
- if (oattr != NULL)
- goto loser; /* XXX or would it be better to replace it? */
-
- /* no, shove it in */
- if (NSS_CMSArray_Add(poolp, (void ***)attrs, (void *)attr) != SECSuccess)
- goto loser;
-
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
-}
-
-/*
- * NSS_CMSAttributeArray_SetAttr - set an attribute's value in a set of attributes
- */
-SECStatus
-NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECOidTag type, SECItem *value, PRBool encoded)
-{
- NSSCMSAttribute *attr;
- void *mark;
-
- mark = PORT_ArenaMark(poolp);
-
- /* see if we have one already */
- attr = NSS_CMSAttributeArray_FindAttrByOidTag(*attrs, type, PR_FALSE);
- if (attr == NULL) {
- /* not found? create one! */
- attr = NSS_CMSAttribute_Create(poolp, type, value, encoded);
- if (attr == NULL)
- goto loser;
- /* and add it to the list */
- if (NSS_CMSArray_Add(poolp, (void ***)attrs, (void *)attr) != SECSuccess)
- goto loser;
- } else {
- /* found, shove it in */
- /* XXX we need a decent memory model @#$#$!#!!! */
- attr->values[0] = value;
- attr->encoded = encoded;
- }
-
- PORT_ArenaUnmark (poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease (poolp, mark);
- return SECFailure;
-}
-
diff --git a/security/nss/lib/smime/cmscinfo.c b/security/nss/lib/smime/cmscinfo.c
deleted file mode 100644
index 9e4a2dc5e..000000000
--- a/security/nss/lib/smime/cmscinfo.c
+++ /dev/null
@@ -1,327 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS contentInfo methods.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "pk11func.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "secerr.h"
-
-/*
- * NSS_CMSContentInfo_Create - create a content info
- *
- * version is set in the _Finalize procedures for each content type
- */
-
-/*
- * NSS_CMSContentInfo_Destroy - destroy a CMS contentInfo and all of its sub-pieces.
- */
-void
-NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo)
-{
- SECOidTag kind;
-
- kind = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
- switch (kind) {
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- NSS_CMSEnvelopedData_Destroy(cinfo->content.envelopedData);
- break;
- case SEC_OID_PKCS7_SIGNED_DATA:
- NSS_CMSSignedData_Destroy(cinfo->content.signedData);
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- NSS_CMSEncryptedData_Destroy(cinfo->content.encryptedData);
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- NSS_CMSDigestedData_Destroy(cinfo->content.digestedData);
- break;
- default:
- /* XXX Anything else that needs to be "manually" freed/destroyed? */
- break;
- }
- if (cinfo->bulkkey)
- PK11_FreeSymKey(cinfo->bulkkey);
-
- /* we live in a pool, so no need to worry about storage */
-}
-
-/*
- * NSS_CMSContentInfo_GetChildContentInfo - get content's contentInfo (if it exists)
- */
-NSSCMSContentInfo *
-NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo)
-{
- switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
- case SEC_OID_PKCS7_DATA:
- return NULL;
- case SEC_OID_PKCS7_SIGNED_DATA:
- return &(cinfo->content.signedData->contentInfo);
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- return &(cinfo->content.envelopedData->contentInfo);
- case SEC_OID_PKCS7_DIGESTED_DATA:
- return &(cinfo->content.digestedData->contentInfo);
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- return &(cinfo->content.encryptedData->contentInfo);
- default:
- return NULL;
- }
-}
-
-/*
- * NSS_CMSContentInfo_SetContent - set content type & content
- */
-SECStatus
-NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECOidTag type, void *ptr)
-{
- SECStatus rv;
-
- cinfo->contentTypeTag = SECOID_FindOIDByTag(type);
- if (cinfo->contentTypeTag == NULL)
- return SECFailure;
-
- /* do not copy the oid, just create a reference */
- rv = SECITEM_CopyItem (cmsg->poolp, &(cinfo->contentType), &(cinfo->contentTypeTag->oid));
- if (rv != SECSuccess)
- return SECFailure;
-
- cinfo->content.pointer = ptr;
-
- if (type != SEC_OID_PKCS7_DATA) {
- /* as we always have some inner data,
- * we need to set it to something, just to fool the encoder enough to work on it
- * and get us into nss_cms_encoder_notify at that point */
- cinfo->rawContent = SECITEM_AllocItem(cmsg->poolp, NULL, 1);
- if (cinfo->rawContent == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- }
-
- return SECSuccess;
-}
-
-/*
- * NSS_CMSContentInfo_SetContent_XXXX - typesafe wrappers for NSS_CMSContentInfo_SetContent
- */
-
-/*
- * data == NULL -> pass in data via NSS_CMSEncoder_Update
- * data != NULL -> take this data
- */
-SECStatus
-NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECItem *data, PRBool detached)
-{
- if (NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_DATA, (void *)data) != SECSuccess)
- return SECFailure;
- cinfo->rawContent = (detached) ?
- NULL : (data) ?
- data : SECITEM_AllocItem(cmsg->poolp, NULL, 1);
- return SECSuccess;
-}
-
-SECStatus
-NSS_CMSContentInfo_SetContent_SignedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSSignedData *sigd)
-{
- return NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_SIGNED_DATA, (void *)sigd);
-}
-
-SECStatus
-NSS_CMSContentInfo_SetContent_EnvelopedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEnvelopedData *envd)
-{
- return NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_ENVELOPED_DATA, (void *)envd);
-}
-
-SECStatus
-NSS_CMSContentInfo_SetContent_DigestedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSDigestedData *digd)
-{
- return NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_DIGESTED_DATA, (void *)digd);
-}
-
-SECStatus
-NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEncryptedData *encd)
-{
- return NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_ENCRYPTED_DATA, (void *)encd);
-}
-
-/*
- * NSS_CMSContentInfo_GetContent - get pointer to inner content
- *
- * needs to be casted...
- */
-void *
-NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo)
-{
- switch (cinfo->contentTypeTag->offset) {
- case SEC_OID_PKCS7_DATA:
- case SEC_OID_PKCS7_SIGNED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_DIGESTED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- return cinfo->content.pointer;
- default:
- return NULL;
- }
-}
-
-/*
- * NSS_CMSContentInfo_GetInnerContent - get pointer to innermost content
- *
- * this is typically only called by NSS_CMSMessage_GetContent()
- */
-SECItem *
-NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo)
-{
- NSSCMSContentInfo *ccinfo;
-
- switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
- case SEC_OID_PKCS7_DATA:
- return cinfo->content.data; /* end of recursion - every message has to have a data cinfo */
- case SEC_OID_PKCS7_DIGESTED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_SIGNED_DATA:
- if ((ccinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) == NULL)
- break;
- return NSS_CMSContentInfo_GetContent(ccinfo);
- default:
- PORT_Assert(0);
- break;
- }
- return NULL;
-}
-
-/*
- * NSS_CMSContentInfo_GetContentType{Tag,OID} - find out (saving pointer to lookup result
- * for future reference) and return the inner content type.
- */
-SECOidTag
-NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo)
-{
- if (cinfo->contentTypeTag == NULL)
- cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
-
- if (cinfo->contentTypeTag == NULL)
- return SEC_OID_UNKNOWN;
-
- return cinfo->contentTypeTag->offset;
-}
-
-SECItem *
-NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo)
-{
- if (cinfo->contentTypeTag == NULL)
- cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
-
- if (cinfo->contentTypeTag == NULL)
- return NULL;
-
- return &(cinfo->contentTypeTag->oid);
-}
-
-/*
- * NSS_CMSContentInfo_GetContentEncAlgTag - find out (saving pointer to lookup result
- * for future reference) and return the content encryption algorithm tag.
- */
-SECOidTag
-NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo)
-{
- if (cinfo->contentEncAlgTag == SEC_OID_UNKNOWN)
- cinfo->contentEncAlgTag = SECOID_GetAlgorithmTag(&(cinfo->contentEncAlg));
-
- return cinfo->contentEncAlgTag;
-}
-
-/*
- * NSS_CMSContentInfo_GetContentEncAlg - find out and return the content encryption algorithm tag.
- */
-SECAlgorithmID *
-NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo)
-{
- return &(cinfo->contentEncAlg);
-}
-
-SECStatus
-NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
- SECOidTag bulkalgtag, SECItem *parameters, int keysize)
-{
- SECStatus rv;
-
- rv = SECOID_SetAlgorithmID(poolp, &(cinfo->contentEncAlg), bulkalgtag, parameters);
- if (rv != SECSuccess)
- return SECFailure;
- cinfo->keysize = keysize;
- return SECSuccess;
-}
-
-SECStatus
-NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
- SECAlgorithmID *algid, int keysize)
-{
- SECStatus rv;
-
- rv = SECOID_CopyAlgorithmID(poolp, &(cinfo->contentEncAlg), algid);
- if (rv != SECSuccess)
- return SECFailure;
- if (keysize >= 0)
- cinfo->keysize = keysize;
- return SECSuccess;
-}
-
-void
-NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey)
-{
- cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey);
- cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg));
-}
-
-PK11SymKey *
-NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo)
-{
- if (cinfo->bulkkey == NULL)
- return NULL;
-
- return PK11_ReferenceSymKey(cinfo->bulkkey);
-}
-
-int
-NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo)
-{
- return cinfo->keysize;
-}
diff --git a/security/nss/lib/smime/cmscipher.c b/security/nss/lib/smime/cmscipher.c
deleted file mode 100644
index 27e5668aa..000000000
--- a/security/nss/lib/smime/cmscipher.c
+++ /dev/null
@@ -1,792 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Encryption/decryption routines for CMS implementation, none of which are exported.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "secoid.h"
-#include "secitem.h"
-#include "pk11func.h"
-#include "secerr.h"
-#include "secpkcs5.h"
-
-/*
- * -------------------------------------------------------------------
- * Cipher stuff.
- */
-
-typedef SECStatus (*nss_cms_cipher_function) (void *, unsigned char *, unsigned int *,
- unsigned int, const unsigned char *, unsigned int);
-typedef SECStatus (*nss_cms_cipher_destroy) (void *, PRBool);
-
-#define BLOCK_SIZE 4096
-
-struct NSSCMSCipherContextStr {
- void * cx; /* PK11 cipher context */
- nss_cms_cipher_function doit;
- nss_cms_cipher_destroy destroy;
- PRBool encrypt; /* encrypt / decrypt switch */
- int block_size; /* block & pad sizes for cipher */
- int pad_size;
- int pending_count; /* pending data (not yet en/decrypted */
- unsigned char pending_buf[BLOCK_SIZE];/* because of blocking */
-};
-
-/*
- * NSS_CMSCipherContext_StartDecrypt - create a cipher context to do decryption
- * based on the given bulk * encryption key and algorithm identifier (which may include an iv).
- *
- * XXX Once both are working, it might be nice to combine this and the
- * function below (for starting up encryption) into one routine, and just
- * have two simple cover functions which call it.
- */
-NSSCMSCipherContext *
-NSS_CMSCipherContext_StartDecrypt(PK11SymKey *key, SECAlgorithmID *algid)
-{
- NSSCMSCipherContext *cc;
- void *ciphercx;
- CK_MECHANISM_TYPE mechanism;
- SECItem *param;
- PK11SlotInfo *slot;
- SECOidTag algtag;
-
- algtag = SECOID_GetAlgorithmTag(algid);
-
- /* set param and mechanism */
- if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
- CK_MECHANISM pbeMech, cryptoMech;
- SECItem *pbeParams;
- SEC_PKCS5KeyAndPassword *keyPwd;
-
- PORT_Memset(&pbeMech, 0, sizeof(CK_MECHANISM));
- PORT_Memset(&cryptoMech, 0, sizeof(CK_MECHANISM));
-
- /* HACK ALERT!
- * in this case, key is not actually a PK11SymKey *, but a SEC_PKCS5KeyAndPassword *
- */
- keyPwd = (SEC_PKCS5KeyAndPassword *)key;
- key = keyPwd->key;
-
- /* find correct PK11 mechanism and parameters to initialize pbeMech */
- pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
- pbeParams = PK11_ParamFromAlgid(algid);
- if (!pbeParams)
- return NULL;
- pbeMech.pParameter = pbeParams->data;
- pbeMech.ulParameterLen = pbeParams->len;
-
- /* now map pbeMech to cryptoMech */
- if (PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, keyPwd->pwitem,
- PR_FALSE) != CKR_OK) {
- SECITEM_ZfreeItem(pbeParams, PR_TRUE);
- return NULL;
- }
- SECITEM_ZfreeItem(pbeParams, PR_TRUE);
-
- /* and use it to initialize param & mechanism */
- if ((param = (SECItem *)PORT_ZAlloc(sizeof(SECItem))) == NULL)
- return NULL;
-
- param->data = (unsigned char *)cryptoMech.pParameter;
- param->len = cryptoMech.ulParameterLen;
- mechanism = cryptoMech.mechanism;
- } else {
- mechanism = PK11_AlgtagToMechanism(algtag);
- if ((param = PK11_ParamFromAlgid(algid)) == NULL)
- return NULL;
- }
-
- cc = (NSSCMSCipherContext *)PORT_ZAlloc(sizeof(NSSCMSCipherContext));
- if (cc == NULL) {
- SECITEM_FreeItem(param,PR_TRUE);
- return NULL;
- }
-
- /* figure out pad and block sizes */
- cc->pad_size = PK11_GetBlockSize(mechanism, param);
- slot = PK11_GetSlotFromKey(key);
- cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size;
- PK11_FreeSlot(slot);
-
- /* create PK11 cipher context */
- ciphercx = PK11_CreateContextBySymKey(mechanism, CKA_DECRYPT, key, param);
- SECITEM_FreeItem(param, PR_TRUE);
- if (ciphercx == NULL) {
- PORT_Free (cc);
- return NULL;
- }
-
- cc->cx = ciphercx;
- cc->doit = (nss_cms_cipher_function) PK11_CipherOp;
- cc->destroy = (nss_cms_cipher_destroy) PK11_DestroyContext;
- cc->encrypt = PR_FALSE;
- cc->pending_count = 0;
-
- return cc;
-}
-
-/*
- * NSS_CMSCipherContext_StartEncrypt - create a cipher object to do encryption,
- * based on the given bulk encryption key and algorithm tag. Fill in the algorithm
- * identifier (which may include an iv) appropriately.
- *
- * XXX Once both are working, it might be nice to combine this and the
- * function above (for starting up decryption) into one routine, and just
- * have two simple cover functions which call it.
- */
-NSSCMSCipherContext *
-NSS_CMSCipherContext_StartEncrypt(PRArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid)
-{
- NSSCMSCipherContext *cc;
- void *ciphercx;
- SECItem *param;
- SECStatus rv;
- CK_MECHANISM_TYPE mechanism;
- PK11SlotInfo *slot;
- PRBool needToEncodeAlgid = PR_FALSE;
- SECOidTag algtag = SECOID_GetAlgorithmTag(algid);
-
- /* set param and mechanism */
- if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
- CK_MECHANISM pbeMech, cryptoMech;
- SECItem *pbeParams;
- SEC_PKCS5KeyAndPassword *keyPwd;
-
- PORT_Memset(&pbeMech, 0, sizeof(CK_MECHANISM));
- PORT_Memset(&cryptoMech, 0, sizeof(CK_MECHANISM));
-
- /* HACK ALERT!
- * in this case, key is not actually a PK11SymKey *, but a SEC_PKCS5KeyAndPassword *
- */
- keyPwd = (SEC_PKCS5KeyAndPassword *)key;
- key = keyPwd->key;
-
- /* find correct PK11 mechanism and parameters to initialize pbeMech */
- pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
- pbeParams = PK11_ParamFromAlgid(algid);
- if (!pbeParams)
- return NULL;
- pbeMech.pParameter = pbeParams->data;
- pbeMech.ulParameterLen = pbeParams->len;
-
- /* now map pbeMech to cryptoMech */
- if (PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, keyPwd->pwitem,
- PR_FALSE) != CKR_OK) {
- SECITEM_ZfreeItem(pbeParams, PR_TRUE);
- return NULL;
- }
- SECITEM_ZfreeItem(pbeParams, PR_TRUE);
-
- /* and use it to initialize param & mechanism */
- if ((param = (SECItem *)PORT_ZAlloc(sizeof(SECItem))) == NULL)
- return NULL;
-
- param->data = (unsigned char *)cryptoMech.pParameter;
- param->len = cryptoMech.ulParameterLen;
- mechanism = cryptoMech.mechanism;
- } else {
- mechanism = PK11_AlgtagToMechanism(algtag);
- if ((param = PK11_GenerateNewParam(mechanism, key)) == NULL)
- return NULL;
- needToEncodeAlgid = PR_TRUE;
- }
-
- cc = (NSSCMSCipherContext *)PORT_ZAlloc(sizeof(NSSCMSCipherContext));
- if (cc == NULL)
- return NULL;
-
- /* now find pad and block sizes for our mechanism */
- cc->pad_size = PK11_GetBlockSize(mechanism,param);
- slot = PK11_GetSlotFromKey(key);
- cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size;
- PK11_FreeSlot(slot);
-
- /* and here we go, creating a PK11 cipher context */
- ciphercx = PK11_CreateContextBySymKey(mechanism, CKA_ENCRYPT, key, param);
- if (ciphercx == NULL) {
- PORT_Free(cc);
- cc = NULL;
- goto loser;
- }
-
- /*
- * These are placed after the CreateContextBySymKey() because some
- * mechanisms have to generate their IVs from their card (i.e. FORTEZZA).
- * Don't move it from here.
- * XXX is that right? the purpose of this is to get the correct algid
- * containing the IVs etc. for encoding. this means we need to set this up
- * BEFORE encoding the algid in the contentInfo, right?
- */
- if (needToEncodeAlgid) {
- rv = PK11_ParamToAlgid(algtag, param, poolp, algid);
- if(rv != SECSuccess) {
- PORT_Free(cc);
- cc = NULL;
- goto loser;
- }
- }
-
- cc->cx = ciphercx;
- cc->doit = (nss_cms_cipher_function)PK11_CipherOp;
- cc->destroy = (nss_cms_cipher_destroy)PK11_DestroyContext;
- cc->encrypt = PR_TRUE;
- cc->pending_count = 0;
-
-loser:
- SECITEM_FreeItem(param, PR_TRUE);
-
- return cc;
-}
-
-void
-NSS_CMSCipherContext_Destroy(NSSCMSCipherContext *cc)
-{
- PORT_Assert(cc != NULL);
- if (cc == NULL)
- return;
- (*cc->destroy)(cc->cx, PR_TRUE);
- PORT_Free(cc);
-}
-
-/*
- * NSS_CMSCipherContext_DecryptLength - find the output length of the next call to decrypt.
- *
- * cc - the cipher context
- * input_len - number of bytes used as input
- * final - true if this is the final chunk of data
- *
- * Result can be used to perform memory allocations. Note that the amount
- * is exactly accurate only when not doing a block cipher or when final
- * is false, otherwise it is an upper bound on the amount because until
- * we see the data we do not know how many padding bytes there are
- * (always between 1 and bsize).
- *
- * Note that this can return zero, which does not mean that the decrypt
- * operation can be skipped! (It simply means that there are not enough
- * bytes to make up an entire block; the bytes will be reserved until
- * there are enough to encrypt/decrypt at least one block.) However,
- * if zero is returned it *does* mean that no output buffer need be
- * passed in to the subsequent decrypt operation, as no output bytes
- * will be stored.
- */
-unsigned int
-NSS_CMSCipherContext_DecryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final)
-{
- int blocks, block_size;
-
- PORT_Assert (! cc->encrypt);
-
- block_size = cc->block_size;
-
- /*
- * If this is not a block cipher, then we always have the same
- * number of output bytes as we had input bytes.
- */
- if (block_size == 0)
- return input_len;
-
- /*
- * On the final call, we will always use up all of the pending
- * bytes plus all of the input bytes, *but*, there will be padding
- * at the end and we cannot predict how many bytes of padding we
- * will end up removing. The amount given here is actually known
- * to be at least 1 byte too long (because we know we will have
- * at least 1 byte of padding), but seemed clearer/better to me.
- */
- if (final)
- return cc->pending_count + input_len;
-
- /*
- * Okay, this amount is exactly what we will output on the
- * next cipher operation. We will always hang onto the last
- * 1 - block_size bytes for non-final operations. That is,
- * we will do as many complete blocks as we can *except* the
- * last block (complete or partial). (This is because until
- * we know we are at the end, we cannot know when to interpret
- * and removing the padding byte(s), which are guaranteed to
- * be there.)
- */
- blocks = (cc->pending_count + input_len - 1) / block_size;
- return blocks * block_size;
-}
-
-/*
- * NSS_CMSCipherContext_EncryptLength - find the output length of the next call to encrypt.
- *
- * cc - the cipher context
- * input_len - number of bytes used as input
- * final - true if this is the final chunk of data
- *
- * Result can be used to perform memory allocations.
- *
- * Note that this can return zero, which does not mean that the encrypt
- * operation can be skipped! (It simply means that there are not enough
- * bytes to make up an entire block; the bytes will be reserved until
- * there are enough to encrypt/decrypt at least one block.) However,
- * if zero is returned it *does* mean that no output buffer need be
- * passed in to the subsequent encrypt operation, as no output bytes
- * will be stored.
- */
-unsigned int
-NSS_CMSCipherContext_EncryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final)
-{
- int blocks, block_size;
- int pad_size;
-
- PORT_Assert (cc->encrypt);
-
- block_size = cc->block_size;
- pad_size = cc->pad_size;
-
- /*
- * If this is not a block cipher, then we always have the same
- * number of output bytes as we had input bytes.
- */
- if (block_size == 0)
- return input_len;
-
- /*
- * On the final call, we only send out what we need for
- * remaining bytes plus the padding. (There is always padding,
- * so even if we have an exact number of blocks as input, we
- * will add another full block that is just padding.)
- */
- if (final) {
- if (pad_size == 0) {
- return cc->pending_count + input_len;
- } else {
- blocks = (cc->pending_count + input_len) / pad_size;
- blocks++;
- return blocks*pad_size;
- }
- }
-
- /*
- * Now, count the number of complete blocks of data we have.
- */
- blocks = (cc->pending_count + input_len) / block_size;
-
-
- return blocks * block_size;
-}
-
-
-/*
- * NSS_CMSCipherContext_Decrypt - do the decryption
- *
- * cc - the cipher context
- * output - buffer for decrypted result bytes
- * output_len_p - number of bytes in output
- * max_output_len - upper bound on bytes to put into output
- * input - pointer to input bytes
- * input_len - number of input bytes
- * final - true if this is the final chunk of data
- *
- * Decrypts a given length of input buffer (starting at "input" and
- * containing "input_len" bytes), placing the decrypted bytes in
- * "output" and storing the output length in "*output_len_p".
- * "cc" is the return value from NSS_CMSCipher_StartDecrypt.
- * When "final" is true, this is the last of the data to be decrypted.
- *
- * This is much more complicated than it sounds when the cipher is
- * a block-type, meaning that the decryption function will only
- * operate on whole blocks. But our caller is operating stream-wise,
- * and can pass in any number of bytes. So we need to keep track
- * of block boundaries. We save excess bytes between calls in "cc".
- * We also need to determine which bytes are padding, and remove
- * them from the output. We can only do this step when we know we
- * have the final block of data. PKCS #7 specifies that the padding
- * used for a block cipher is a string of bytes, each of whose value is
- * the same as the length of the padding, and that all data is padded.
- * (Even data that starts out with an exact multiple of blocks gets
- * added to it another block, all of which is padding.)
- */
-SECStatus
-NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output,
- unsigned int *output_len_p, unsigned int max_output_len,
- const unsigned char *input, unsigned int input_len,
- PRBool final)
-{
- int blocks, bsize, pcount, padsize;
- unsigned int max_needed, ifraglen, ofraglen, output_len;
- unsigned char *pbuf;
- SECStatus rv;
-
- PORT_Assert (! cc->encrypt);
-
- /*
- * Check that we have enough room for the output. Our caller should
- * already handle this; failure is really an internal error (i.e. bug).
- */
- max_needed = NSS_CMSCipherContext_DecryptLength(cc, input_len, final);
- PORT_Assert (max_output_len >= max_needed);
- if (max_output_len < max_needed) {
- /* PORT_SetError (XXX); */
- return SECFailure;
- }
-
- /*
- * hardware encryption does not like small decryption sizes here, so we
- * allow both blocking and padding.
- */
- bsize = cc->block_size;
- padsize = cc->pad_size;
-
- /*
- * When no blocking or padding work to do, we can simply call the
- * cipher function and we are done.
- */
- if (bsize == 0) {
- return (* cc->doit) (cc->cx, output, output_len_p, max_output_len,
- input, input_len);
- }
-
- pcount = cc->pending_count;
- pbuf = cc->pending_buf;
-
- output_len = 0;
-
- if (pcount) {
- /*
- * Try to fill in an entire block, starting with the bytes
- * we already have saved away.
- */
- while (input_len && pcount < bsize) {
- pbuf[pcount++] = *input++;
- input_len--;
- }
- /*
- * If we have at most a whole block and this is not our last call,
- * then we are done for now. (We do not try to decrypt a lone
- * single block because we cannot interpret the padding bytes
- * until we know we are handling the very last block of all input.)
- */
- if (input_len == 0 && !final) {
- cc->pending_count = pcount;
- if (output_len_p)
- *output_len_p = 0;
- return SECSuccess;
- }
- /*
- * Given the logic above, we expect to have a full block by now.
- * If we do not, there is something wrong, either with our own
- * logic or with (length of) the data given to us.
- */
- PORT_Assert ((padsize == 0) || (pcount % padsize) == 0);
- if ((padsize != 0) && (pcount % padsize) != 0) {
- PORT_Assert (final);
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- /*
- * Decrypt the block.
- */
- rv = (*cc->doit)(cc->cx, output, &ofraglen, max_output_len,
- pbuf, pcount);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * For now anyway, all of our ciphers have the same number of
- * bytes of output as they do input. If this ever becomes untrue,
- * then NSS_CMSCipherContext_DecryptLength needs to be made smarter!
- */
- PORT_Assert(ofraglen == pcount);
-
- /*
- * Account for the bytes now in output.
- */
- max_output_len -= ofraglen;
- output_len += ofraglen;
- output += ofraglen;
- }
-
- /*
- * If this is our last call, we expect to have an exact number of
- * blocks left to be decrypted; we will decrypt them all.
- *
- * If not our last call, we always save between 1 and bsize bytes
- * until next time. (We must do this because we cannot be sure
- * that none of the decrypted bytes are padding bytes until we
- * have at least another whole block of data. You cannot tell by
- * looking -- the data could be anything -- you can only tell by
- * context, knowing you are looking at the last block.) We could
- * decrypt a whole block now but it is easier if we just treat it
- * the same way we treat partial block bytes.
- */
- if (final) {
- if (padsize) {
- blocks = input_len / padsize;
- ifraglen = blocks * padsize;
- } else ifraglen = input_len;
- PORT_Assert (ifraglen == input_len);
-
- if (ifraglen != input_len) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- } else {
- blocks = (input_len - 1) / bsize;
- ifraglen = blocks * bsize;
- PORT_Assert (ifraglen < input_len);
-
- pcount = input_len - ifraglen;
- PORT_Memcpy (pbuf, input + ifraglen, pcount);
- cc->pending_count = pcount;
- }
-
- if (ifraglen) {
- rv = (* cc->doit)(cc->cx, output, &ofraglen, max_output_len,
- input, ifraglen);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * For now anyway, all of our ciphers have the same number of
- * bytes of output as they do input. If this ever becomes untrue,
- * then sec_PKCS7DecryptLength needs to be made smarter!
- */
- PORT_Assert (ifraglen == ofraglen);
- if (ifraglen != ofraglen) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
-
- output_len += ofraglen;
- } else {
- ofraglen = 0;
- }
-
- /*
- * If we just did our very last block, "remove" the padding by
- * adjusting the output length.
- */
- if (final && (padsize != 0)) {
- unsigned int padlen = *(output + ofraglen - 1);
- PORT_Assert (padlen > 0 && padlen <= padsize);
- if (padlen == 0 || padlen > padsize) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- output_len -= padlen;
- }
-
- PORT_Assert (output_len_p != NULL || output_len == 0);
- if (output_len_p != NULL)
- *output_len_p = output_len;
-
- return SECSuccess;
-}
-
-/*
- * NSS_CMSCipherContext_Encrypt - do the encryption
- *
- * cc - the cipher context
- * output - buffer for decrypted result bytes
- * output_len_p - number of bytes in output
- * max_output_len - upper bound on bytes to put into output
- * input - pointer to input bytes
- * input_len - number of input bytes
- * final - true if this is the final chunk of data
- *
- * Encrypts a given length of input buffer (starting at "input" and
- * containing "input_len" bytes), placing the encrypted bytes in
- * "output" and storing the output length in "*output_len_p".
- * "cc" is the return value from NSS_CMSCipher_StartEncrypt.
- * When "final" is true, this is the last of the data to be encrypted.
- *
- * This is much more complicated than it sounds when the cipher is
- * a block-type, meaning that the encryption function will only
- * operate on whole blocks. But our caller is operating stream-wise,
- * and can pass in any number of bytes. So we need to keep track
- * of block boundaries. We save excess bytes between calls in "cc".
- * We also need to add padding bytes at the end. PKCS #7 specifies
- * that the padding used for a block cipher is a string of bytes,
- * each of whose value is the same as the length of the padding,
- * and that all data is padded. (Even data that starts out with
- * an exact multiple of blocks gets added to it another block,
- * all of which is padding.)
- *
- * XXX I would kind of like to combine this with the function above
- * which does decryption, since they have a lot in common. But the
- * tricky parts about padding and filling blocks would be much
- * harder to read that way, so I left them separate. At least for
- * now until it is clear that they are right.
- */
-SECStatus
-NSS_CMSCipherContext_Encrypt(NSSCMSCipherContext *cc, unsigned char *output,
- unsigned int *output_len_p, unsigned int max_output_len,
- const unsigned char *input, unsigned int input_len,
- PRBool final)
-{
- int blocks, bsize, padlen, pcount, padsize;
- unsigned int max_needed, ifraglen, ofraglen, output_len;
- unsigned char *pbuf;
- SECStatus rv;
-
- PORT_Assert (cc->encrypt);
-
- /*
- * Check that we have enough room for the output. Our caller should
- * already handle this; failure is really an internal error (i.e. bug).
- */
- max_needed = NSS_CMSCipherContext_EncryptLength (cc, input_len, final);
- PORT_Assert (max_output_len >= max_needed);
- if (max_output_len < max_needed) {
- /* PORT_SetError (XXX); */
- return SECFailure;
- }
-
- bsize = cc->block_size;
- padsize = cc->pad_size;
-
- /*
- * When no blocking and padding work to do, we can simply call the
- * cipher function and we are done.
- */
- if (bsize == 0) {
- return (*cc->doit)(cc->cx, output, output_len_p, max_output_len,
- input, input_len);
- }
-
- pcount = cc->pending_count;
- pbuf = cc->pending_buf;
-
- output_len = 0;
-
- if (pcount) {
- /*
- * Try to fill in an entire block, starting with the bytes
- * we already have saved away.
- */
- while (input_len && pcount < bsize) {
- pbuf[pcount++] = *input++;
- input_len--;
- }
- /*
- * If we do not have a full block and we know we will be
- * called again, then we are done for now.
- */
- if (pcount < bsize && !final) {
- cc->pending_count = pcount;
- if (output_len_p != NULL)
- *output_len_p = 0;
- return SECSuccess;
- }
- /*
- * If we have a whole block available, encrypt it.
- */
- if ((padsize == 0) || (pcount % padsize) == 0) {
- rv = (* cc->doit) (cc->cx, output, &ofraglen, max_output_len,
- pbuf, pcount);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * For now anyway, all of our ciphers have the same number of
- * bytes of output as they do input. If this ever becomes untrue,
- * then sec_PKCS7EncryptLength needs to be made smarter!
- */
- PORT_Assert (ofraglen == pcount);
-
- /*
- * Account for the bytes now in output.
- */
- max_output_len -= ofraglen;
- output_len += ofraglen;
- output += ofraglen;
-
- pcount = 0;
- }
- }
-
- if (input_len) {
- PORT_Assert (pcount == 0);
-
- blocks = input_len / bsize;
- ifraglen = blocks * bsize;
-
- if (ifraglen) {
- rv = (* cc->doit) (cc->cx, output, &ofraglen, max_output_len,
- input, ifraglen);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * For now anyway, all of our ciphers have the same number of
- * bytes of output as they do input. If this ever becomes untrue,
- * then sec_PKCS7EncryptLength needs to be made smarter!
- */
- PORT_Assert (ifraglen == ofraglen);
-
- max_output_len -= ofraglen;
- output_len += ofraglen;
- output += ofraglen;
- }
-
- pcount = input_len - ifraglen;
- PORT_Assert (pcount < bsize);
- if (pcount)
- PORT_Memcpy (pbuf, input + ifraglen, pcount);
- }
-
- if (final) {
- padlen = padsize - (pcount % padsize);
- PORT_Memset (pbuf + pcount, padlen, padlen);
- rv = (* cc->doit) (cc->cx, output, &ofraglen, max_output_len,
- pbuf, pcount+padlen);
- if (rv != SECSuccess)
- return rv;
-
- /*
- * For now anyway, all of our ciphers have the same number of
- * bytes of output as they do input. If this ever becomes untrue,
- * then sec_PKCS7EncryptLength needs to be made smarter!
- */
- PORT_Assert (ofraglen == (pcount+padlen));
- output_len += ofraglen;
- } else {
- cc->pending_count = pcount;
- }
-
- PORT_Assert (output_len_p != NULL || output_len == 0);
- if (output_len_p != NULL)
- *output_len_p = output_len;
-
- return SECSuccess;
-}
diff --git a/security/nss/lib/smime/cmsdecode.c b/security/nss/lib/smime/cmsdecode.c
deleted file mode 100644
index c1b78cc3e..000000000
--- a/security/nss/lib/smime/cmsdecode.c
+++ /dev/null
@@ -1,688 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS decoding.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "key.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "prtime.h"
-#include "secerr.h"
-
-struct NSSCMSDecoderContextStr {
- SEC_ASN1DecoderContext * dcx; /* ASN.1 decoder context */
- NSSCMSMessage * cmsg; /* backpointer to the root message */
- SECOidTag type; /* type of message */
- NSSCMSContent content; /* pointer to message */
- NSSCMSDecoderContext * childp7dcx; /* inner CMS decoder context */
- PRBool saw_contents;
- int error;
- NSSCMSContentCallback cb;
- void * cb_arg;
-};
-
-static void nss_cms_decoder_update_filter (void *arg, const char *data, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind);
-static SECStatus nss_cms_before_data(NSSCMSDecoderContext *p7dcx);
-static SECStatus nss_cms_after_data(NSSCMSDecoderContext *p7dcx);
-static SECStatus nss_cms_after_end(NSSCMSDecoderContext *p7dcx);
-static void nss_cms_decoder_work_data(NSSCMSDecoderContext *p7dcx,
- const unsigned char *data, unsigned long len, PRBool final);
-
-extern const SEC_ASN1Template NSSCMSMessageTemplate[];
-
-/*
- * nss_cms_decoder_notify -
- * this is the driver of the decoding process. It gets called by the ASN.1
- * decoder before and after an object is decoded.
- * at various points in the decoding process, we intercept to set up and do
- * further processing.
- */
-static void
-nss_cms_decoder_notify(void *arg, PRBool before, void *dest, int depth)
-{
- NSSCMSDecoderContext *p7dcx;
- NSSCMSContentInfo *rootcinfo, *cinfo;
- PRBool after = !before;
-
- p7dcx = (NSSCMSDecoderContext *)arg;
- rootcinfo = &(p7dcx->cmsg->contentInfo);
-
- /* XXX error handling: need to set p7dcx->error */
-
-#ifdef CMSDEBUG
- fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth);
-#endif
-
- /* so what are we working on right now? */
- switch (p7dcx->type) {
- case SEC_OID_UNKNOWN:
- /*
- * right now, we are still decoding the OUTER (root) cinfo
- * As soon as we know the inner content type, set up the info,
- * but NO inner decoder or filter. The root decoder handles the first
- * level children by itself - only for encapsulated contents (which
- * are encoded as DER inside of an OCTET STRING) we need to set up a
- * child decoder...
- */
- if (after && dest == &(rootcinfo->contentType)) {
- p7dcx->type = NSS_CMSContentInfo_GetContentTypeTag(rootcinfo);
- p7dcx->content = rootcinfo->content; /* is this ready already ? need to alloc? */
- /* XXX yes we need to alloc -- continue here */
- }
- break;
- case SEC_OID_PKCS7_DATA:
- /* this can only happen if the outermost cinfo has DATA in it */
- /* otherwise, we handle this type implicitely in the inner decoders */
-
- if (before && dest == &(rootcinfo->content)) {
- /* fake it to cause the filter to put the data in the right place... */
- /* we want the ASN.1 decoder to deliver the decoded bytes to us from now on */
- SEC_ASN1DecoderSetFilterProc(p7dcx->dcx,
- nss_cms_decoder_update_filter,
- p7dcx,
- (PRBool)(p7dcx->cb != NULL));
- break;
- }
-
- if (after && dest == &(rootcinfo->content.data)) {
- /* remove the filter */
- SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
- }
- break;
-
- case SEC_OID_PKCS7_SIGNED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_DIGESTED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
-
- if (before && dest == &(rootcinfo->content))
- break; /* we're not there yet */
-
- if (p7dcx->content.pointer == NULL)
- p7dcx->content = rootcinfo->content;
-
- /* get this data type's inner contentInfo */
- cinfo = NSS_CMSContent_GetContentInfo(p7dcx->content.pointer, p7dcx->type);
-
- if (before && dest == &(cinfo->contentType)) {
- /* at this point, set up the &%$&$ back pointer */
- /* we cannot do it later, because the content itself is optional! */
- /* please give me C++ */
- switch (p7dcx->type) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- p7dcx->content.signedData->cmsg = p7dcx->cmsg;
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- p7dcx->content.digestedData->cmsg = p7dcx->cmsg;
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- p7dcx->content.envelopedData->cmsg = p7dcx->cmsg;
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- p7dcx->content.encryptedData->cmsg = p7dcx->cmsg;
- break;
- }
- }
-
- if (before && dest == &(cinfo->rawContent)) {
- /* we want the ASN.1 decoder to deliver the decoded bytes to us from now on */
- SEC_ASN1DecoderSetFilterProc(p7dcx->dcx, nss_cms_decoder_update_filter,
- p7dcx, (PRBool)(p7dcx->cb != NULL));
-
-
- /* we're right in front of the data */
- if (nss_cms_before_data(p7dcx) != SECSuccess) {
- SEC_ASN1DecoderClearFilterProc(p7dcx->dcx); /* stop all processing */
- p7dcx->error = PORT_GetError();
- }
- }
- if (after && dest == &(cinfo->rawContent)) {
- /* we're right after of the data */
- if (nss_cms_after_data(p7dcx) != SECSuccess)
- p7dcx->error = PORT_GetError();
-
- /* we don't need to see the contents anymore */
- SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
- }
- break;
-
-#if 0 /* NIH */
- case SEC_OID_PKCS7_AUTHENTICATED_DATA:
-#endif
- default:
- /* unsupported or unknown message type - fail (more or less) gracefully */
- p7dcx->error = SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE;
- break;
- }
-}
-
-/*
- * nss_cms_before_data - set up the current encoder to receive data
- */
-static SECStatus
-nss_cms_before_data(NSSCMSDecoderContext *p7dcx)
-{
- SECStatus rv;
- SECOidTag childtype;
- PLArenaPool *poolp;
- NSSCMSDecoderContext *childp7dcx;
- NSSCMSContentInfo *cinfo;
- const SEC_ASN1Template *template;
- void *mark = NULL;
- size_t size;
-
- poolp = p7dcx->cmsg->poolp;
-
- /* call _Decode_BeforeData handlers */
- switch (p7dcx->type) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- /* we're decoding a signedData, so set up the digests */
- rv = NSS_CMSSignedData_Decode_BeforeData(p7dcx->content.signedData);
- if (rv != SECSuccess)
- return SECFailure;
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- /* we're encoding a digestedData, so set up the digest */
- rv = NSS_CMSDigestedData_Decode_BeforeData(p7dcx->content.digestedData);
- if (rv != SECSuccess)
- return SECFailure;
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- rv = NSS_CMSEnvelopedData_Decode_BeforeData(p7dcx->content.envelopedData);
- if (rv != SECSuccess)
- return SECFailure;
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- rv = NSS_CMSEncryptedData_Decode_BeforeData(p7dcx->content.encryptedData);
- if (rv != SECSuccess)
- return SECFailure;
- break;
- default:
- return SECFailure;
- }
-
- /* ok, now we have a pointer to cinfo */
- /* find out what kind of data is encapsulated */
-
- cinfo = NSS_CMSContent_GetContentInfo(p7dcx->content.pointer, p7dcx->type);
- childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
-
- if (childtype == SEC_OID_PKCS7_DATA) {
- cinfo->content.data = SECITEM_AllocItem(poolp, NULL, 0);
- if (cinfo->content.data == NULL)
- /* set memory error */
- return SECFailure;
-
- p7dcx->childp7dcx = NULL;
- return SECSuccess;
- }
-
- /* set up inner decoder */
-
- if ((template = NSS_CMSUtil_GetTemplateByTypeTag(childtype)) == NULL)
- return SECFailure;
-
- childp7dcx = (NSSCMSDecoderContext *)PORT_ZAlloc(sizeof(NSSCMSDecoderContext));
- if (childp7dcx == NULL)
- return SECFailure;
-
- mark = PORT_ArenaMark(poolp);
-
- /* allocate space for the stuff we're creating */
- size = NSS_CMSUtil_GetSizeByTypeTag(childtype);
- childp7dcx->content.pointer = (void *)PORT_ArenaZAlloc(poolp, size);
- if (childp7dcx->content.pointer == NULL)
- goto loser;
-
- /* start the child decoder */
- childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer, template);
- if (childp7dcx->dcx == NULL)
- goto loser;
-
- /* the new decoder needs to notify, too */
- SEC_ASN1DecoderSetNotifyProc(childp7dcx->dcx, nss_cms_decoder_notify, childp7dcx);
-
- /* tell the parent decoder that it needs to feed us the content data */
- p7dcx->childp7dcx = childp7dcx;
-
- childp7dcx->type = childtype; /* our type */
-
- childp7dcx->cmsg = p7dcx->cmsg; /* backpointer to root message */
-
- /* should the child decoder encounter real data, it needs to give it to the caller */
- childp7dcx->cb = p7dcx->cb;
- childp7dcx->cb_arg = p7dcx->cb_arg;
-
- /* now set up the parent to hand decoded data to the next level decoder */
- p7dcx->cb = (NSSCMSContentCallback)NSS_CMSDecoder_Update;
- p7dcx->cb_arg = childp7dcx;
-
- PORT_ArenaUnmark(poolp, mark);
-
- return SECSuccess;
-
-loser:
- if (mark)
- PORT_ArenaRelease(poolp, mark);
- if (childp7dcx)
- PORT_Free(childp7dcx);
- p7dcx->childp7dcx = NULL;
- return SECFailure;
-}
-
-static SECStatus
-nss_cms_after_data(NSSCMSDecoderContext *p7dcx)
-{
- PLArenaPool *poolp;
- NSSCMSDecoderContext *childp7dcx;
- SECStatus rv;
-
- poolp = p7dcx->cmsg->poolp;
-
- /* Handle last block. This is necessary to flush out the last bytes
- * of a possibly incomplete block */
- nss_cms_decoder_work_data(p7dcx, NULL, 0, PR_TRUE);
-
- /* finish any "inner" decoders - there's no more data coming... */
- if (p7dcx->childp7dcx != NULL) {
- childp7dcx = p7dcx->childp7dcx;
- if (childp7dcx->dcx != NULL) {
- if (SEC_ASN1DecoderFinish(childp7dcx->dcx) != SECSuccess) {
- /* do what? free content? */
- rv = SECFailure;
- } else {
- rv = nss_cms_after_end(childp7dcx);
- }
- if (rv != SECSuccess)
- goto done;
- }
- PORT_Free(p7dcx->childp7dcx);
- p7dcx->childp7dcx = NULL;
- }
-
- switch (p7dcx->type) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- /* this will finish the digests and verify */
- rv = NSS_CMSSignedData_Decode_AfterData(p7dcx->content.signedData);
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- rv = NSS_CMSEnvelopedData_Decode_AfterData(p7dcx->content.envelopedData);
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- rv = NSS_CMSDigestedData_Decode_AfterData(p7dcx->content.digestedData);
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- rv = NSS_CMSEncryptedData_Decode_AfterData(p7dcx->content.encryptedData);
- break;
- case SEC_OID_PKCS7_DATA:
- /* do nothing */
- break;
- default:
- rv = SECFailure;
- break;
- }
-done:
- return rv;
-}
-
-static SECStatus
-nss_cms_after_end(NSSCMSDecoderContext *p7dcx)
-{
- SECStatus rv;
- PLArenaPool *poolp;
-
- poolp = p7dcx->cmsg->poolp;
-
- switch (p7dcx->type) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- rv = NSS_CMSSignedData_Decode_AfterEnd(p7dcx->content.signedData);
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- rv = NSS_CMSEnvelopedData_Decode_AfterEnd(p7dcx->content.envelopedData);
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- rv = NSS_CMSDigestedData_Decode_AfterEnd(p7dcx->content.digestedData);
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- rv = NSS_CMSEncryptedData_Decode_AfterEnd(p7dcx->content.encryptedData);
- break;
- case SEC_OID_PKCS7_DATA:
- rv = SECSuccess;
- break;
- default:
- rv = SECFailure; /* we should not have got that far... */
- break;
- }
- return rv;
-}
-
-/*
- * nss_cms_decoder_work_data - handle decoded data bytes.
- *
- * This function either decrypts the data if needed, and/or calculates digests
- * on it, then either stores it or passes it on to the next level decoder.
- */
-static void
-nss_cms_decoder_work_data(NSSCMSDecoderContext *p7dcx,
- const unsigned char *data, unsigned long len,
- PRBool final)
-{
- NSSCMSContentInfo *cinfo;
- unsigned char *buf = NULL;
- unsigned char *dest;
- unsigned int offset;
- SECStatus rv;
- SECItem *storage;
-
- /*
- * We should really have data to process, or we should be trying
- * to finish/flush the last block. (This is an overly paranoid
- * check since all callers are in this file and simple inspection
- * proves they do it right. But it could find a bug in future
- * modifications/development, that is why it is here.)
- */
- PORT_Assert ((data != NULL && len) || final);
-
- cinfo = NSS_CMSContent_GetContentInfo(p7dcx->content.pointer, p7dcx->type);
-
- if (cinfo->ciphcx != NULL) {
- /*
- * we are decrypting.
- *
- * XXX If we get an error, we do not want to do the digest or callback,
- * but we want to keep decoding. Or maybe we want to stop decoding
- * altogether if there is a callback, because obviously we are not
- * sending the data back and they want to know that.
- */
-
- unsigned int outlen = 0; /* length of decrypted data */
- unsigned int buflen; /* length available for decrypted data */
-
- /* find out about the length of decrypted data */
- buflen = NSS_CMSCipherContext_DecryptLength(cinfo->ciphcx, len, final);
-
- /*
- * it might happen that we did not provide enough data for a full
- * block (decryption unit), and that there is no output available
- */
-
- /* no output available, AND no input? */
- if (buflen == 0 && len == 0)
- goto loser; /* bail out */
-
- /*
- * have inner decoder: pass the data on (means inner content type is NOT data)
- * no inner decoder: we have DATA in here: either call callback or store
- */
- if (buflen != 0) {
- /* there will be some output - need to make room for it */
- /* allocate buffer from the heap */
- buf = (unsigned char *)PORT_Alloc(buflen);
- if (buf == NULL) {
- p7dcx->error = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
- }
-
- /*
- * decrypt incoming data
- * buf can still be NULL here (and buflen == 0) here if we don't expect
- * any output (see above), but we still need to call NSS_CMSCipherContext_Decrypt to
- * keep track of incoming data
- */
- rv = NSS_CMSCipherContext_Decrypt(cinfo->ciphcx, buf, &outlen, buflen,
- data, len, final);
- if (rv != SECSuccess) {
- p7dcx->error = PORT_GetError();
- goto loser;
- }
-
- PORT_Assert (final || outlen == buflen);
-
- /* swap decrypted data in */
- data = buf;
- len = outlen;
- }
-
- if (len == 0)
- return; /* nothing more to do */
-
- /*
- * Update the running digests with plaintext bytes (if we need to).
- */
- if (cinfo->digcx)
- NSS_CMSDigestContext_Update(cinfo->digcx, data, len);
-
- /* at this point, we have the plain decoded & decrypted data */
- /* which is either more encoded DER which we need to hand to the child decoder */
- /* or data we need to hand back to our caller */
-
- /* pass the content back to our caller or */
- /* feed our freshly decrypted and decoded data into child decoder */
- if (p7dcx->cb != NULL) {
- (*p7dcx->cb)(p7dcx->cb_arg, (const char *)data, len);
- }
-#if 1
- else
-#endif
- if (NSS_CMSContentInfo_GetContentTypeTag(cinfo) == SEC_OID_PKCS7_DATA) {
- /* store it in "inner" data item as well */
- /* find the DATA item in the encapsulated cinfo and store it there */
- storage = cinfo->content.data;
-
- offset = storage->len;
- if (storage->len == 0) {
- dest = (unsigned char *)PORT_ArenaAlloc(p7dcx->cmsg->poolp, len);
- } else {
- dest = (unsigned char *)PORT_ArenaGrow(p7dcx->cmsg->poolp,
- storage->data,
- storage->len,
- storage->len + len);
- }
- if (dest == NULL) {
- p7dcx->error = SEC_ERROR_NO_MEMORY;
- goto loser;
- }
-
- storage->data = dest;
- storage->len += len;
-
- /* copy it in */
- PORT_Memcpy(storage->data + offset, data, len);
- }
-
-loser:
- if (buf)
- PORT_Free (buf);
-}
-
-/*
- * nss_cms_decoder_update_filter - process ASN.1 data
- *
- * once we have set up a filter in nss_cms_decoder_notify(),
- * all data processed by the ASN.1 decoder is also passed through here.
- * we pass the content bytes (as opposed to length and tag bytes) on to
- * nss_cms_decoder_work_data().
- */
-static void
-nss_cms_decoder_update_filter (void *arg, const char *data, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
-{
- NSSCMSDecoderContext *p7dcx;
-
- PORT_Assert (len); /* paranoia */
- if (len == 0)
- return;
-
- p7dcx = (NSSCMSDecoderContext*)arg;
-
- p7dcx->saw_contents = PR_TRUE;
-
- /* pass on the content bytes only */
- if (data_kind == SEC_ASN1_Contents)
- nss_cms_decoder_work_data(p7dcx, (const unsigned char *) data, len, PR_FALSE);
-}
-
-/*
- * NSS_CMSDecoder_Start - set up decoding of a DER-encoded CMS message
- *
- * "poolp" - pointer to arena for message, or NULL if new pool should be created
- * "cb", "cb_arg" - callback function and argument for delivery of inner content
- * "pwfn", pwfn_arg" - callback function for getting token password
- * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
- */
-NSSCMSDecoderContext *
-NSS_CMSDecoder_Start(PRArenaPool *poolp,
- NSSCMSContentCallback cb, void *cb_arg,
- PK11PasswordFunc pwfn, void *pwfn_arg,
- NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg)
-{
- NSSCMSDecoderContext *p7dcx;
- NSSCMSMessage *cmsg;
-
- cmsg = NSS_CMSMessage_Create(poolp);
- if (cmsg == NULL)
- return NULL;
-
- NSS_CMSMessage_SetEncodingParams(cmsg, pwfn, pwfn_arg, decrypt_key_cb, decrypt_key_cb_arg,
- NULL, NULL);
-
- p7dcx = (NSSCMSDecoderContext*)PORT_ZAlloc(sizeof(NSSCMSDecoderContext));
- if (p7dcx == NULL) {
- NSS_CMSMessage_Destroy(cmsg);
- return NULL;
- }
-
- p7dcx->dcx = SEC_ASN1DecoderStart(cmsg->poolp, cmsg, NSSCMSMessageTemplate);
- if (p7dcx->dcx == NULL) {
- PORT_Free (p7dcx);
- NSS_CMSMessage_Destroy(cmsg);
- return NULL;
- }
-
- SEC_ASN1DecoderSetNotifyProc (p7dcx->dcx, nss_cms_decoder_notify, p7dcx);
-
- p7dcx->cmsg = cmsg;
- p7dcx->type = SEC_OID_UNKNOWN;
-
- p7dcx->cb = cb;
- p7dcx->cb_arg = cb_arg;
-
- return p7dcx;
-}
-
-/*
- * NSS_CMSDecoder_Update - feed DER-encoded data to decoder
- */
-SECStatus
-NSS_CMSDecoder_Update(NSSCMSDecoderContext *p7dcx, const char *buf, unsigned long len)
-{
- if (p7dcx->dcx != NULL && p7dcx->error == 0) { /* if error is set already, don't bother */
- if (SEC_ASN1DecoderUpdate (p7dcx->dcx, buf, len) != SECSuccess) {
- p7dcx->error = PORT_GetError();
- PORT_Assert (p7dcx->error);
- if (p7dcx->error == 0)
- p7dcx->error = -1;
- }
- }
-
- if (p7dcx->error == 0)
- return SECSuccess;
-
- /* there has been a problem, let's finish the decoder */
- if (p7dcx->dcx != NULL) {
- (void) SEC_ASN1DecoderFinish (p7dcx->dcx);
- p7dcx->dcx = NULL;
- }
- PORT_SetError (p7dcx->error);
-
- return SECFailure;
-}
-
-/*
- * NSS_CMSDecoder_Cancel - stop decoding in case of error
- */
-void
-NSS_CMSDecoder_Cancel(NSSCMSDecoderContext *p7dcx)
-{
- /* XXXX what about inner decoders? running digests? decryption? */
- /* XXXX there's a leak here! */
- NSS_CMSMessage_Destroy(p7dcx->cmsg);
- (void)SEC_ASN1DecoderFinish(p7dcx->dcx);
- PORT_Free(p7dcx);
-}
-
-/*
- * NSS_CMSDecoder_Finish - mark the end of inner content and finish decoding
- */
-NSSCMSMessage *
-NSS_CMSDecoder_Finish(NSSCMSDecoderContext *p7dcx)
-{
- NSSCMSMessage *cmsg;
-
- cmsg = p7dcx->cmsg;
-
- if (p7dcx->dcx == NULL || SEC_ASN1DecoderFinish(p7dcx->dcx) != SECSuccess ||
- nss_cms_after_end(p7dcx) != SECSuccess)
- {
- NSS_CMSMessage_Destroy(cmsg); /* needs to get rid of pool if it's ours */
- cmsg = NULL;
- }
-
- PORT_Free(p7dcx);
- return cmsg;
-}
-
-NSSCMSMessage *
-NSS_CMSMessage_CreateFromDER(SECItem *DERmessage,
- NSSCMSContentCallback cb, void *cb_arg,
- PK11PasswordFunc pwfn, void *pwfn_arg,
- NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg)
-{
- NSSCMSDecoderContext *p7dcx;
-
- /* first arg(poolp) == NULL => create our own pool */
- p7dcx = NSS_CMSDecoder_Start(NULL, cb, cb_arg, pwfn, pwfn_arg, decrypt_key_cb, decrypt_key_cb_arg);
- (void) NSS_CMSDecoder_Update(p7dcx, (char *)DERmessage->data, DERmessage->len);
- return NSS_CMSDecoder_Finish(p7dcx);
-}
-
diff --git a/security/nss/lib/smime/cmsdigdata.c b/security/nss/lib/smime/cmsdigdata.c
deleted file mode 100644
index 04a670b68..000000000
--- a/security/nss/lib/smime/cmsdigdata.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS digestedData methods.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "secitem.h"
-#include "secasn1.h"
-#include "secoid.h"
-#include "secerr.h"
-
-/*
- * NSS_CMSDigestedData_Create - create a digestedData object (presumably for encoding)
- *
- * version will be set by NSS_CMSDigestedData_Encode_BeforeStart
- * digestAlg is passed as parameter
- * contentInfo must be filled by the user
- * digest will be calculated while encoding
- */
-NSSCMSDigestedData *
-NSS_CMSDigestedData_Create(NSSCMSMessage *cmsg, SECAlgorithmID *digestalg)
-{
- void *mark;
- NSSCMSDigestedData *digd;
- PLArenaPool *poolp;
-
- poolp = cmsg->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- digd = (NSSCMSDigestedData *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSDigestedData));
- if (digd == NULL)
- goto loser;
-
- digd->cmsg = cmsg;
-
- if (SECOID_CopyAlgorithmID (poolp, &(digd->digestAlg), digestalg) != SECSuccess)
- goto loser;
-
- PORT_ArenaUnmark(poolp, mark);
- return digd;
-
-loser:
- PORT_ArenaRelease(poolp, mark);
- return NULL;
-}
-
-/*
- * NSS_CMSDigestedData_Destroy - destroy a digestedData object
- */
-void
-NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd)
-{
- /* everything's in a pool, so don't worry about the storage */
- return;
-}
-
-/*
- * NSS_CMSDigestedData_GetContentInfo - return pointer to digestedData object's contentInfo
- */
-NSSCMSContentInfo *
-NSS_CMSDigestedData_GetContentInfo(NSSCMSDigestedData *digd)
-{
- return &(digd->contentInfo);
-}
-
-/*
- * NSS_CMSDigestedData_Encode_BeforeStart - do all the necessary things to a DigestedData
- * before encoding begins.
- *
- * In particular:
- * - set the right version number. The contentInfo's content type must be set up already.
- */
-SECStatus
-NSS_CMSDigestedData_Encode_BeforeStart(NSSCMSDigestedData *digd)
-{
- unsigned long version;
- SECItem *dummy;
-
- version = NSS_CMS_DIGESTED_DATA_VERSION_DATA;
- if (NSS_CMSContentInfo_GetContentTypeTag(&(digd->contentInfo)) != SEC_OID_PKCS7_DATA)
- version = NSS_CMS_DIGESTED_DATA_VERSION_ENCAP;
-
- dummy = SEC_ASN1EncodeInteger(digd->cmsg->poolp, &(digd->version), version);
- return (dummy == NULL) ? SECFailure : SECSuccess;
-}
-
-/*
- * NSS_CMSDigestedData_Encode_BeforeData - do all the necessary things to a DigestedData
- * before the encapsulated data is passed through the encoder.
- *
- * In detail:
- * - set up the digests if necessary
- */
-SECStatus
-NSS_CMSDigestedData_Encode_BeforeData(NSSCMSDigestedData *digd)
-{
- /* set up the digests */
- if (digd->digestAlg.algorithm.len != 0 && digd->digest.len == 0) {
- /* if digest is already there, do nothing */
- digd->contentInfo.digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
- if (digd->contentInfo.digcx == NULL)
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * NSS_CMSDigestedData_Encode_AfterData - do all the necessary things to a DigestedData
- * after all the encapsulated data was passed through the encoder.
- *
- * In detail:
- * - finish the digests
- */
-SECStatus
-NSS_CMSDigestedData_Encode_AfterData(NSSCMSDigestedData *digd)
-{
- /* did we have digest calculation going on? */
- if (digd->contentInfo.digcx) {
- if (NSS_CMSDigestContext_FinishSingle(digd->contentInfo.digcx,
- digd->cmsg->poolp, &(digd->digest)) != SECSuccess)
- return SECFailure; /* error has been set by NSS_CMSDigestContext_FinishSingle */
- digd->contentInfo.digcx = NULL;
- }
-
- return SECSuccess;
-}
-
-/*
- * NSS_CMSDigestedData_Decode_BeforeData - do all the necessary things to a DigestedData
- * before the encapsulated data is passed through the encoder.
- *
- * In detail:
- * - set up the digests if necessary
- */
-SECStatus
-NSS_CMSDigestedData_Decode_BeforeData(NSSCMSDigestedData *digd)
-{
- /* is there a digest algorithm yet? */
- if (digd->digestAlg.algorithm.len == 0)
- return SECFailure;
-
- digd->contentInfo.digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
- if (digd->contentInfo.digcx == NULL)
- return SECFailure;
-
- return SECSuccess;
-}
-
-/*
- * NSS_CMSDigestedData_Decode_AfterData - do all the necessary things to a DigestedData
- * after all the encapsulated data was passed through the encoder.
- *
- * In detail:
- * - finish the digests
- */
-SECStatus
-NSS_CMSDigestedData_Decode_AfterData(NSSCMSDigestedData *digd)
-{
- /* did we have digest calculation going on? */
- if (digd->contentInfo.digcx) {
- if (NSS_CMSDigestContext_FinishSingle(digd->contentInfo.digcx,
- digd->cmsg->poolp, &(digd->cdigest)) != SECSuccess)
- return SECFailure; /* error has been set by NSS_CMSDigestContext_FinishSingle */
- digd->contentInfo.digcx = NULL;
- }
-
- return SECSuccess;
-}
-
-/*
- * NSS_CMSDigestedData_Decode_AfterEnd - finalize a digestedData.
- *
- * In detail:
- * - check the digests for equality
- */
-SECStatus
-NSS_CMSDigestedData_Decode_AfterEnd(NSSCMSDigestedData *digd)
-{
- /* did we have digest calculation going on? */
- if (digd->cdigest.len != 0) {
- /* XXX comparision btw digest & cdigest */
- /* XXX set status */
- /* TODO!!!! */
- }
-
- return SECSuccess;
-}
diff --git a/security/nss/lib/smime/cmsdigest.c b/security/nss/lib/smime/cmsdigest.c
deleted file mode 100644
index ce3f59228..000000000
--- a/security/nss/lib/smime/cmsdigest.c
+++ /dev/null
@@ -1,259 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS digesting.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "key.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "prtime.h"
-#include "secerr.h"
-
-
-struct NSSCMSDigestContextStr {
- PRBool saw_contents;
- int digcnt;
- void ** digcxs;
- SECHashObject ** digobjs;
-};
-
-/*
- * NSS_CMSDigestContext_StartMultiple - start digest calculation using all the
- * digest algorithms in "digestalgs" in parallel.
- */
-NSSCMSDigestContext *
-NSS_CMSDigestContext_StartMultiple(SECAlgorithmID **digestalgs)
-{
- NSSCMSDigestContext *cmsdigcx;
- SECHashObject *digobj;
- void *digcx;
- int digcnt;
- int i;
-
- digcnt = (digestalgs == NULL) ? 0 : NSS_CMSArray_Count((void **)digestalgs);
-
- cmsdigcx = (NSSCMSDigestContext *)PORT_Alloc(sizeof(NSSCMSDigestContext));
- if (cmsdigcx == NULL)
- return NULL;
-
- if (digcnt > 0) {
- cmsdigcx->digcxs = (void **)PORT_Alloc(digcnt * sizeof (void *));
- cmsdigcx->digobjs = (SECHashObject **)PORT_Alloc(digcnt * sizeof(SECHashObject *));
- if (cmsdigcx->digcxs == NULL || cmsdigcx->digobjs == NULL)
- goto loser;
- }
-
- cmsdigcx->digcnt = 0;
-
- /*
- * Create a digest object context for each algorithm.
- */
- for (i = 0; i < digcnt; i++) {
- digobj = NSS_CMSUtil_GetHashObjByAlgID(digestalgs[i]);
- /*
- * Skip any algorithm we do not even recognize; obviously,
- * this could be a problem, but if it is critical then the
- * result will just be that the signature does not verify.
- * We do not necessarily want to error out here, because
- * the particular algorithm may not actually be important,
- * but we cannot know that until later.
- */
- if (digobj == NULL)
- continue;
-
- digcx = (*digobj->create)();
- if (digcx != NULL) {
- (*digobj->begin) (digcx);
- cmsdigcx->digobjs[cmsdigcx->digcnt] = digobj;
- cmsdigcx->digcxs[cmsdigcx->digcnt] = digcx;
- cmsdigcx->digcnt++;
- }
- }
-
- cmsdigcx->saw_contents = PR_FALSE;
-
- return cmsdigcx;
-
-loser:
- if (cmsdigcx) {
- if (cmsdigcx->digobjs)
- PORT_Free(cmsdigcx->digobjs);
- if (cmsdigcx->digcxs)
- PORT_Free(cmsdigcx->digcxs);
- }
- return NULL;
-}
-
-/*
- * NSS_CMSDigestContext_StartSingle - same as NSS_CMSDigestContext_StartMultiple, but
- * only one algorithm.
- */
-NSSCMSDigestContext *
-NSS_CMSDigestContext_StartSingle(SECAlgorithmID *digestalg)
-{
- SECAlgorithmID *digestalgs[] = { NULL, NULL }; /* fake array */
-
- digestalgs[0] = digestalg;
- return NSS_CMSDigestContext_StartMultiple(digestalgs);
-}
-
-/*
- * NSS_CMSDigestContext_Update - feed more data into the digest machine
- */
-void
-NSS_CMSDigestContext_Update(NSSCMSDigestContext *cmsdigcx, const unsigned char *data, int len)
-{
- int i;
-
- cmsdigcx->saw_contents = PR_TRUE;
-
- for (i = 0; i < cmsdigcx->digcnt; i++)
- (*cmsdigcx->digobjs[i]->update)(cmsdigcx->digcxs[i], data, len);
-}
-
-/*
- * NSS_CMSDigestContext_Cancel - cancel digesting operation
- */
-void
-NSS_CMSDigestContext_Cancel(NSSCMSDigestContext *cmsdigcx)
-{
- int i;
-
- for (i = 0; i < cmsdigcx->digcnt; i++)
- (*cmsdigcx->digobjs[i]->destroy)(cmsdigcx->digcxs[i], PR_TRUE);
-}
-
-/*
- * NSS_CMSDigestContext_FinishMultiple - finish the digests and put them
- * into an array of SECItems (allocated on poolp)
- */
-SECStatus
-NSS_CMSDigestContext_FinishMultiple(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
- SECItem ***digestsp)
-{
- SECHashObject *digobj;
- void *digcx;
- SECItem **digests, *digest;
- int i;
- void *mark;
- SECStatus rv = SECFailure;
-
- /* no contents? do not update digests */
- if (digestsp == NULL || !cmsdigcx->saw_contents) {
- for (i = 0; i < cmsdigcx->digcnt; i++)
- (*cmsdigcx->digobjs[i]->destroy)(cmsdigcx->digcxs[i], PR_TRUE);
- rv = SECSuccess;
- goto cleanup;
- }
-
- mark = PORT_ArenaMark (poolp);
-
- /* allocate digest array & SECItems on arena */
- digests = (SECItem **)PORT_ArenaAlloc(poolp, (cmsdigcx->digcnt+1) * sizeof(SECItem *));
- digest = (SECItem *)PORT_ArenaZAlloc(poolp, cmsdigcx->digcnt * sizeof(SECItem));
- if (digests == NULL || digest == NULL) {
- goto loser;
- }
-
- for (i = 0; i < cmsdigcx->digcnt; i++, digest++) {
- digcx = cmsdigcx->digcxs[i];
- digobj = cmsdigcx->digobjs[i];
-
- digest->data = (unsigned char*)PORT_ArenaAlloc(poolp, digobj->length);
- if (digest->data == NULL)
- goto loser;
- digest->len = digobj->length;
- (* digobj->end)(digcx, digest->data, &(digest->len), digest->len);
- digests[i] = digest;
- (* digobj->destroy)(digcx, PR_TRUE);
- }
- digests[i] = NULL;
- *digestsp = digests;
-
- rv = SECSuccess;
-
-loser:
- if (rv == SECSuccess)
- PORT_ArenaUnmark(poolp, mark);
- else
- PORT_ArenaRelease(poolp, mark);
-
-cleanup:
- if (cmsdigcx->digcnt > 0) {
- PORT_Free(cmsdigcx->digcxs);
- PORT_Free(cmsdigcx->digobjs);
- }
- PORT_Free(cmsdigcx);
-
- return rv;
-}
-
-/*
- * NSS_CMSDigestContext_FinishSingle - same as NSS_CMSDigestContext_FinishMultiple,
- * but for one digest.
- */
-SECStatus
-NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
- SECItem *digest)
-{
- SECStatus rv = SECFailure;
- SECItem **dp;
- PLArenaPool *arena = NULL;
-
- if ((arena = PORT_NewArena(1024)) == NULL)
- goto loser;
-
- /* get the digests into arena, then copy the first digest into poolp */
- if (NSS_CMSDigestContext_FinishMultiple(cmsdigcx, arena, &dp) != SECSuccess)
- goto loser;
-
- /* now copy it into poolp */
- if (SECITEM_CopyItem(poolp, digest, dp[0]) != SECSuccess)
- goto loser;
-
- rv = SECSuccess;
-
-loser:
- if (arena)
- PORT_FreeArena(arena, PR_FALSE);
-
- return rv;
-}
diff --git a/security/nss/lib/smime/cmsencdata.c b/security/nss/lib/smime/cmsencdata.c
deleted file mode 100644
index 0dc23a317..000000000
--- a/security/nss/lib/smime/cmsencdata.c
+++ /dev/null
@@ -1,279 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS encryptedData methods.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "key.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "prtime.h"
-#include "secerr.h"
-
-/*
- * NSS_CMSEncryptedData_Create - create an empty encryptedData object.
- *
- * "algorithm" specifies the bulk encryption algorithm to use.
- * "keysize" is the key size.
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-NSSCMSEncryptedData *
-NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize)
-{
- void *mark;
- NSSCMSEncryptedData *encd;
- PLArenaPool *poolp;
- SECAlgorithmID *pbe_algid;
- SECStatus rv;
-
- poolp = cmsg->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- encd = (NSSCMSEncryptedData *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSEncryptedData));
- if (encd == NULL)
- goto loser;
-
- encd->cmsg = cmsg;
-
- /* version is set in NSS_CMSEncryptedData_Encode_BeforeStart() */
-
- switch (algorithm) {
- /* XXX hmmm... hardcoded algorithms? */
- case SEC_OID_RC2_CBC:
- case SEC_OID_DES_EDE3_CBC:
- case SEC_OID_DES_CBC:
- rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, &(encd->contentInfo), algorithm, NULL, keysize);
- break;
- default:
- /* Assume password-based-encryption. At least, try that. */
- pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL);
- if (pbe_algid == NULL) {
- rv = SECFailure;
- break;
- }
- rv = NSS_CMSContentInfo_SetContentEncAlgID(poolp, &(encd->contentInfo), pbe_algid, keysize);
- SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE);
- break;
- }
- if (rv != SECSuccess)
- goto loser;
-
- PORT_ArenaUnmark(poolp, mark);
- return encd;
-
-loser:
- PORT_ArenaRelease(poolp, mark);
- return NULL;
-}
-
-/*
- * NSS_CMSEncryptedData_Destroy - destroy an encryptedData object
- */
-void
-NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd)
-{
- /* everything's in a pool, so don't worry about the storage */
- return;
-}
-
-/*
- * NSS_CMSEncryptedData_GetContentInfo - return pointer to encryptedData object's contentInfo
- */
-NSSCMSContentInfo *
-NSS_CMSEncryptedData_GetContentInfo(NSSCMSEncryptedData *encd)
-{
- return &(encd->contentInfo);
-}
-
-/*
- * NSS_CMSEncryptedData_Encode_BeforeStart - do all the necessary things to a EncryptedData
- * before encoding begins.
- *
- * In particular:
- * - set the correct version value.
- * - get the encryption key
- */
-SECStatus
-NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd)
-{
- int version;
- PK11SymKey *bulkkey = NULL;
- SECItem *dummy;
- NSSCMSContentInfo *cinfo = &(encd->contentInfo);
-
- if (NSS_CMSArray_IsEmpty((void **)encd->unprotectedAttr))
- version = NSS_CMS_ENCRYPTED_DATA_VERSION;
- else
- version = NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR;
-
- dummy = SEC_ASN1EncodeInteger (encd->cmsg->poolp, &(encd->version), version);
- if (dummy == NULL)
- return SECFailure;
-
- /* now get content encryption key (bulk key) by using our cmsg callback */
- if (encd->cmsg->decrypt_key_cb)
- bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg,
- NSS_CMSContentInfo_GetContentEncAlg(cinfo));
- if (bulkkey == NULL)
- return SECFailure;
-
- /* store the bulk key in the contentInfo so that the encoder can find it */
- NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
-
- return SECSuccess;
-}
-
-/*
- * NSS_CMSEncryptedData_Encode_BeforeData - set up encryption
- */
-SECStatus
-NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd)
-{
- NSSCMSContentInfo *cinfo;
- PK11SymKey *bulkkey;
- SECAlgorithmID *algid;
-
- cinfo = &(encd->contentInfo);
-
- /* find bulkkey and algorithm - must have been set by NSS_CMSEncryptedData_Encode_BeforeStart */
- bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo);
- if (bulkkey == NULL)
- return SECFailure;
- algid = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
- if (algid == NULL)
- return SECFailure;
-
- /* this may modify algid (with IVs generated in a token).
- * it is therefore essential that algid is a pointer to the "real" contentEncAlg,
- * not just to a copy */
- cinfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid);
- PK11_FreeSymKey(bulkkey);
- if (cinfo->ciphcx == NULL)
- return SECFailure;
-
- return SECSuccess;
-}
-
-/*
- * NSS_CMSEncryptedData_Encode_AfterData - finalize this encryptedData for encoding
- */
-SECStatus
-NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd)
-{
- if (encd->contentInfo.ciphcx)
- NSS_CMSCipherContext_Destroy(encd->contentInfo.ciphcx);
-
- /* nothing to do after data */
- return SECSuccess;
-}
-
-
-/*
- * NSS_CMSEncryptedData_Decode_BeforeData - find bulk key & set up decryption
- */
-SECStatus
-NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd)
-{
- PK11SymKey *bulkkey = NULL;
- NSSCMSContentInfo *cinfo;
- SECAlgorithmID *bulkalg;
- SECStatus rv = SECFailure;
-
- cinfo = &(encd->contentInfo);
-
- bulkalg = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
-
- if (encd->cmsg->decrypt_key_cb == NULL) /* no callback? no key../ */
- goto loser;
-
- bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg, bulkalg);
- if (bulkkey == NULL)
- /* no success finding a bulk key */
- goto loser;
-
- NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
-
- cinfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
- if (cinfo->ciphcx == NULL)
- goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
-
- /*
- * HACK ALERT!!
- * For PKCS5 Encryption Algorithms, the bulkkey is actually a different
- * structure. Therefore, we need to set the bulkkey to the actual key
- * prior to freeing it.
- */
- if (SEC_PKCS5IsAlgorithmPBEAlg(bulkalg)) {
- SEC_PKCS5KeyAndPassword *keyPwd = (SEC_PKCS5KeyAndPassword *)bulkkey;
- bulkkey = keyPwd->key;
- }
-
- /* we are done with (this) bulkkey now. */
- PK11_FreeSymKey(bulkkey);
-
- rv = SECSuccess;
-
-loser:
- return rv;
-}
-
-/*
- * NSS_CMSEncryptedData_Decode_AfterData - finish decrypting this encryptedData's content
- */
-SECStatus
-NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd)
-{
- NSS_CMSCipherContext_Destroy(encd->contentInfo.ciphcx);
-
- return SECSuccess;
-}
-
-/*
- * NSS_CMSEncryptedData_Decode_AfterEnd - finish decoding this encryptedData
- */
-SECStatus
-NSS_CMSEncryptedData_Decode_AfterEnd(NSSCMSEncryptedData *encd)
-{
- /* apply final touches */
- return SECSuccess;
-}
diff --git a/security/nss/lib/smime/cmsencode.c b/security/nss/lib/smime/cmsencode.c
deleted file mode 100644
index cc0303cd6..000000000
--- a/security/nss/lib/smime/cmsencode.c
+++ /dev/null
@@ -1,740 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS encoding.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "key.h"
-#include "secasn1.h"
-#include "secoid.h"
-#include "secrng.h"
-#include "secitem.h"
-#include "pk11func.h"
-#include "secerr.h"
-
-struct nss_cms_encoder_output {
- NSSCMSContentCallback outputfn;
- void *outputarg;
- PLArenaPool *destpoolp;
- SECItem *dest;
-};
-
-struct NSSCMSEncoderContextStr {
- SEC_ASN1EncoderContext * ecx; /* ASN.1 encoder context */
- PRBool ecxupdated; /* true if data was handed in */
- NSSCMSMessage * cmsg; /* pointer to the root message */
- SECOidTag type; /* type tag of the current content */
- NSSCMSContent content; /* pointer to current content */
- struct nss_cms_encoder_output output; /* output function */
- int error; /* error code */
- NSSCMSEncoderContext * childp7ecx; /* link to child encoder context */
-};
-
-static SECStatus nss_cms_before_data(NSSCMSEncoderContext *p7ecx);
-static SECStatus nss_cms_after_data(NSSCMSEncoderContext *p7ecx);
-static SECStatus nss_cms_encoder_update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned long len);
-static SECStatus nss_cms_encoder_work_data(NSSCMSEncoderContext *p7ecx, SECItem *dest,
- const unsigned char *data, unsigned long len,
- PRBool final, PRBool innermost);
-
-extern const SEC_ASN1Template NSSCMSMessageTemplate[];
-
-/*
- * The little output function that the ASN.1 encoder calls to hand
- * us bytes which we in turn hand back to our caller (via the callback
- * they gave us).
- */
-static void
-nss_cms_encoder_out(void *arg, const char *buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
-{
- struct nss_cms_encoder_output *output = (struct nss_cms_encoder_output *)arg;
- unsigned char *dest;
- unsigned long offset;
-
-#ifdef CMSDEBUG
- int i;
-
- fprintf(stderr, "kind = %d, depth = %d, len = %d\n", data_kind, depth, len);
- for (i=0; i < len; i++) {
- fprintf(stderr, " %02x%s", (unsigned int)buf[i] & 0xff, ((i % 16) == 15) ? "\n" : "");
- }
- if ((i % 16) != 0)
- fprintf(stderr, "\n");
-#endif
-
- if (output->outputfn != NULL)
- /* call output callback with DER data */
- output->outputfn(output->outputarg, buf, len);
-
- if (output->dest != NULL) {
- /* store DER data in SECItem */
- offset = output->dest->len;
- if (offset == 0) {
- dest = (unsigned char *)PORT_ArenaAlloc(output->destpoolp, len);
- } else {
- dest = (unsigned char *)PORT_ArenaGrow(output->destpoolp,
- output->dest->data,
- output->dest->len,
- output->dest->len + len);
- }
- if (dest == NULL)
- /* oops */
- return;
-
- output->dest->data = dest;
- output->dest->len += len;
-
- /* copy it in */
- PORT_Memcpy(output->dest->data + offset, buf, len);
- }
-}
-
-/*
- * nss_cms_encoder_notify - ASN.1 encoder callback
- *
- * this function is called by the ASN.1 encoder before and after the encoding of
- * every object. here, it is used to keep track of data structures, set up
- * encryption and/or digesting and possibly set up child encoders.
- */
-static void
-nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth)
-{
- NSSCMSEncoderContext *p7ecx;
- NSSCMSContentInfo *rootcinfo, *cinfo;
- PRBool after = !before;
- PLArenaPool *poolp;
- SECOidTag childtype;
- SECItem *item;
-
- p7ecx = (NSSCMSEncoderContext *)arg;
- PORT_Assert(p7ecx != NULL);
-
- rootcinfo = &(p7ecx->cmsg->contentInfo);
- poolp = p7ecx->cmsg->poolp;
-
-#ifdef CMSDEBUG
- fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth);
-#endif
-
- /*
- * Watch for the content field, at which point we want to instruct
- * the ASN.1 encoder to start taking bytes from the buffer.
- */
- switch (p7ecx->type) {
- default:
- case SEC_OID_UNKNOWN:
- /* we're still in the root message */
- if (after && dest == &(rootcinfo->contentType)) {
- /* got the content type OID now - so find out the type tag */
- p7ecx->type = NSS_CMSContentInfo_GetContentTypeTag(rootcinfo);
- /* set up a pointer to our current content */
- p7ecx->content = rootcinfo->content;
- }
- break;
-
- case SEC_OID_PKCS7_DATA:
- if (before && dest == &(rootcinfo->rawContent)) {
- /* just set up encoder to grab from user - no encryption or digesting */
- if ((item = rootcinfo->content.data) != NULL)
- (void)nss_cms_encoder_work_data(p7ecx, NULL, item->data, item->len, PR_TRUE, PR_TRUE);
- else
- SEC_ASN1EncoderSetTakeFromBuf(p7ecx->ecx);
- SEC_ASN1EncoderClearNotifyProc(p7ecx->ecx); /* no need to get notified anymore */
- }
- break;
-
- case SEC_OID_PKCS7_SIGNED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_DIGESTED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
-
- /* when we know what the content is, we encode happily until we reach the inner content */
- cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
- childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
-
- if (after && dest == &(cinfo->contentType)) {
- /* we're right before encoding the data (if we have some or not) */
- /* (for encrypted data, we're right before the contentEncAlg which may change */
- /* in nss_cms_before_data because of IV calculation when setting up encryption) */
- if (nss_cms_before_data(p7ecx) != SECSuccess)
- p7ecx->error = PORT_GetError();
- }
- if (before && dest == &(cinfo->rawContent)) {
- if (childtype == SEC_OID_PKCS7_DATA && (item = cinfo->content.data) != NULL)
- /* we have data - feed it in */
- (void)nss_cms_encoder_work_data(p7ecx, NULL, item->data, item->len, PR_TRUE, PR_TRUE);
- else
- /* else try to get it from user */
- SEC_ASN1EncoderSetTakeFromBuf(p7ecx->ecx);
- }
- if (after && dest == &(cinfo->rawContent)) {
- if (nss_cms_after_data(p7ecx) != SECSuccess)
- p7ecx->error = PORT_GetError();
- SEC_ASN1EncoderClearNotifyProc(p7ecx->ecx); /* no need to get notified anymore */
- }
- break;
- }
-}
-
-/*
- * nss_cms_before_data - setup the current encoder to receive data
- */
-static SECStatus
-nss_cms_before_data(NSSCMSEncoderContext *p7ecx)
-{
- SECStatus rv;
- SECOidTag childtype;
- NSSCMSContentInfo *cinfo;
- PLArenaPool *poolp;
- NSSCMSEncoderContext *childp7ecx;
- const SEC_ASN1Template *template;
-
- poolp = p7ecx->cmsg->poolp;
-
- /* call _Encode_BeforeData handlers */
- switch (p7ecx->type) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- /* we're encoding a signedData, so set up the digests */
- rv = NSS_CMSSignedData_Encode_BeforeData(p7ecx->content.signedData);
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- /* we're encoding a digestedData, so set up the digest */
- rv = NSS_CMSDigestedData_Encode_BeforeData(p7ecx->content.digestedData);
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- rv = NSS_CMSEnvelopedData_Encode_BeforeData(p7ecx->content.envelopedData);
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- rv = NSS_CMSEncryptedData_Encode_BeforeData(p7ecx->content.encryptedData);
- break;
- default:
- rv = SECFailure;
- }
- if (rv != SECSuccess)
- return SECFailure;
-
- /* ok, now we have a pointer to cinfo */
- /* find out what kind of data is encapsulated */
-
- cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
- childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
-
- switch (childtype) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- case SEC_OID_PKCS7_DIGESTED_DATA:
-#if 0
- case SEC_OID_PKCS7_DATA: /* XXX here also??? maybe yes! */
-#endif
- /* in these cases, we need to set up a child encoder! */
- /* create new encoder context */
- childp7ecx = PORT_ZAlloc(sizeof(NSSCMSEncoderContext));
- if (childp7ecx == NULL)
- return SECFailure;
-
- /* the CHILD encoder needs to hand its encoded data to the CURRENT encoder
- * (which will encrypt and/or digest it)
- * this needs to route back into our update function
- * which finds the lowest encoding context & encrypts and computes digests */
- childp7ecx->type = childtype;
- childp7ecx->content = cinfo->content;
- /* use the non-recursive update function here, of course */
- childp7ecx->output.outputfn = (NSSCMSContentCallback)nss_cms_encoder_update;
- childp7ecx->output.outputarg = p7ecx;
- childp7ecx->output.destpoolp = NULL;
- childp7ecx->output.dest = NULL;
- childp7ecx->cmsg = p7ecx->cmsg;
-
- template = NSS_CMSUtil_GetTemplateByTypeTag(childtype);
- if (template == NULL)
- goto loser; /* cannot happen */
-
- /* now initialize the data for encoding the first third */
- switch (childp7ecx->type) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- rv = NSS_CMSSignedData_Encode_BeforeStart(cinfo->content.signedData);
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- rv = NSS_CMSEnvelopedData_Encode_BeforeStart(cinfo->content.envelopedData);
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- rv = NSS_CMSDigestedData_Encode_BeforeStart(cinfo->content.digestedData);
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- rv = NSS_CMSEncryptedData_Encode_BeforeStart(cinfo->content.encryptedData);
- break;
- case SEC_OID_PKCS7_DATA:
- rv = SECSuccess;
- break;
- }
- if (rv != SECSuccess)
- goto loser;
-
- /*
- * Initialize the BER encoder.
- */
- childp7ecx->ecx = SEC_ASN1EncoderStart(cinfo->content.pointer, template,
- nss_cms_encoder_out, &(childp7ecx->output));
- if (childp7ecx->ecx == NULL)
- goto loser;
-
- childp7ecx->ecxupdated = PR_FALSE;
-
- /*
- * Indicate that we are streaming. We will be streaming until we
- * get past the contents bytes.
- */
- SEC_ASN1EncoderSetStreaming(childp7ecx->ecx);
-
- /*
- * The notify function will watch for the contents field.
- */
- SEC_ASN1EncoderSetNotifyProc(childp7ecx->ecx, nss_cms_encoder_notify, childp7ecx);
-
- /* please note that we are NOT calling SEC_ASN1EncoderUpdate here to kick off the */
- /* encoding process - we'll do that from the update function instead */
- /* otherwise we'd be encoding data from a call of the notify function of the */
- /* parent encoder (which would not work) */
-
- /* this will kick off the encoding process & encode everything up to the content bytes,
- * at which point the notify function sets streaming mode (and possibly creates
- * another child encoder). */
- if (SEC_ASN1EncoderUpdate(childp7ecx->ecx, NULL, 0) != SECSuccess)
- goto loser;
-
- p7ecx->childp7ecx = childp7ecx;
- break;
-
- case SEC_OID_PKCS7_DATA:
- p7ecx->childp7ecx = NULL;
- break;
- default:
- /* we do not know this type */
- p7ecx->error = SEC_ERROR_BAD_DER;
- break;
- }
-
- return SECSuccess;
-
-loser:
- if (childp7ecx) {
- if (childp7ecx->ecx)
- SEC_ASN1EncoderFinish(childp7ecx->ecx);
- PORT_Free(childp7ecx);
- }
- return SECFailure;
-}
-
-static SECStatus
-nss_cms_after_data(NSSCMSEncoderContext *p7ecx)
-{
- SECStatus rv;
-
- switch (p7ecx->type) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- /* this will finish the digests and sign */
- rv = NSS_CMSSignedData_Encode_AfterData(p7ecx->content.signedData);
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- rv = NSS_CMSEnvelopedData_Encode_AfterData(p7ecx->content.envelopedData);
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- rv = NSS_CMSDigestedData_Encode_AfterData(p7ecx->content.digestedData);
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- rv = NSS_CMSEncryptedData_Encode_AfterData(p7ecx->content.encryptedData);
- break;
- case SEC_OID_PKCS7_DATA:
- /* do nothing */
- break;
- default:
- rv = SECFailure;
- break;
- }
- return rv;
-}
-
-/*
- * nss_cms_encoder_work_data - process incoming data
- *
- * (from the user or the next encoding layer)
- * Here, we need to digest and/or encrypt, then pass it on
- */
-static SECStatus
-nss_cms_encoder_work_data(NSSCMSEncoderContext *p7ecx, SECItem *dest,
- const unsigned char *data, unsigned long len,
- PRBool final, PRBool innermost)
-{
- unsigned char *buf = NULL;
- SECStatus rv;
- NSSCMSContentInfo *cinfo;
-
- rv = SECSuccess; /* may as well be optimistic */
-
- /*
- * We should really have data to process, or we should be trying
- * to finish/flush the last block. (This is an overly paranoid
- * check since all callers are in this file and simple inspection
- * proves they do it right. But it could find a bug in future
- * modifications/development, that is why it is here.)
- */
- PORT_Assert ((data != NULL && len) || final);
-
- /* we got data (either from the caller, or from a lower level encoder) */
- cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
-
- /* Update the running digest. */
- if (len && cinfo->digcx != NULL)
- NSS_CMSDigestContext_Update(cinfo->digcx, data, len);
-
- /* Encrypt this chunk. */
- if (cinfo->ciphcx != NULL) {
- unsigned int inlen; /* length of data being encrypted */
- unsigned int outlen; /* length of encrypted data */
- unsigned int buflen; /* length available for encrypted data */
-
- inlen = len;
- buflen = NSS_CMSCipherContext_EncryptLength(cinfo->ciphcx, inlen, final);
- if (buflen == 0) {
- /*
- * No output is expected, but the input data may be buffered
- * so we still have to call Encrypt.
- */
- rv = NSS_CMSCipherContext_Encrypt(cinfo->ciphcx, NULL, NULL, 0,
- data, inlen, final);
- if (final) {
- len = 0;
- goto done;
- }
- return rv;
- }
-
- if (dest != NULL)
- buf = (unsigned char*)PORT_ArenaAlloc(p7ecx->cmsg->poolp, buflen);
- else
- buf = (unsigned char*)PORT_Alloc(buflen);
-
- if (buf == NULL) {
- rv = SECFailure;
- } else {
- rv = NSS_CMSCipherContext_Encrypt(cinfo->ciphcx, buf, &outlen, buflen,
- data, inlen, final);
- data = buf;
- len = outlen;
- }
- if (rv != SECSuccess)
- /* encryption or malloc failed? */
- return rv;
- }
-
-
- /*
- * at this point (data,len) has everything we'd like to give to the CURRENT encoder
- * (which will encode it, then hand it back to the user or the parent encoder)
- * We don't encode the data if we're innermost and we're told not to include the data
- */
- if (p7ecx->ecx != NULL && len && (!innermost || cinfo->rawContent != NULL))
- rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, (const char *)data, len);
-
-done:
-
- if (cinfo->ciphcx != NULL) {
- if (dest != NULL) {
- dest->data = buf;
- dest->len = len;
- } else if (buf != NULL) {
- PORT_Free (buf);
- }
- }
- return rv;
-}
-
-/*
- * nss_cms_encoder_update - deliver encoded data to the next higher level
- *
- * no recursion here because we REALLY want to end up at the next higher encoder!
- */
-static SECStatus
-nss_cms_encoder_update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned long len)
-{
- /* XXX Error handling needs help. Return what? Do "Finish" on failure? */
- return nss_cms_encoder_work_data (p7ecx, NULL, (const unsigned char *)data, len, PR_FALSE, PR_FALSE);
-}
-
-/*
- * NSS_CMSEncoder_Start - set up encoding of a CMS message
- *
- * "cmsg" - message to encode
- * "outputfn", "outputarg" - callback function for delivery of DER-encoded output
- * will not be called if NULL.
- * "dest" - if non-NULL, pointer to SECItem that will hold the DER-encoded output
- * "destpoolp" - pool to allocate DER-encoded output in
- * "pwfn", pwfn_arg" - callback function for getting token password
- * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
- * "detached_digestalgs", "detached_digests" - digests from detached content
- */
-NSSCMSEncoderContext *
-NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
- NSSCMSContentCallback outputfn, void *outputarg,
- SECItem *dest, PLArenaPool *destpoolp,
- PK11PasswordFunc pwfn, void *pwfn_arg,
- NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
- SECAlgorithmID **detached_digestalgs, SECItem **detached_digests)
-{
- NSSCMSEncoderContext *p7ecx;
- SECStatus rv;
- NSSCMSContentInfo *cinfo;
-
- NSS_CMSMessage_SetEncodingParams(cmsg, pwfn, pwfn_arg, decrypt_key_cb, decrypt_key_cb_arg,
- detached_digestalgs, detached_digests);
-
- p7ecx = (NSSCMSEncoderContext *)PORT_ZAlloc(sizeof(NSSCMSEncoderContext));
- if (p7ecx == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- p7ecx->cmsg = cmsg;
- p7ecx->output.outputfn = outputfn;
- p7ecx->output.outputarg = outputarg;
- p7ecx->output.dest = dest;
- p7ecx->output.destpoolp = destpoolp;
- p7ecx->type = SEC_OID_UNKNOWN;
-
- cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
-
- switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- rv = NSS_CMSSignedData_Encode_BeforeStart(cinfo->content.signedData);
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- rv = NSS_CMSEnvelopedData_Encode_BeforeStart(cinfo->content.envelopedData);
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- rv = NSS_CMSDigestedData_Encode_BeforeStart(cinfo->content.digestedData);
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- rv = NSS_CMSEncryptedData_Encode_BeforeStart(cinfo->content.encryptedData);
- break;
- default:
- rv = SECFailure;
- break;
- }
- if (rv != SECSuccess)
- return NULL;
-
- /* Initialize the BER encoder.
- * Note that this will not encode anything until the first call to SEC_ASN1EncoderUpdate */
- p7ecx->ecx = SEC_ASN1EncoderStart(cmsg, NSSCMSMessageTemplate,
- nss_cms_encoder_out, &(p7ecx->output));
- if (p7ecx->ecx == NULL) {
- PORT_Free (p7ecx);
- return NULL;
- }
- p7ecx->ecxupdated = PR_FALSE;
-
- /*
- * Indicate that we are streaming. We will be streaming until we
- * get past the contents bytes.
- */
- SEC_ASN1EncoderSetStreaming(p7ecx->ecx);
-
- /*
- * The notify function will watch for the contents field.
- */
- SEC_ASN1EncoderSetNotifyProc(p7ecx->ecx, nss_cms_encoder_notify, p7ecx);
-
- /* this will kick off the encoding process & encode everything up to the content bytes,
- * at which point the notify function sets streaming mode (and possibly creates
- * a child encoder). */
- if (SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0) != SECSuccess) {
- PORT_Free (p7ecx);
- return NULL;
- }
-
- return p7ecx;
-}
-
-/*
- * NSS_CMSEncoder_Update - take content data delivery from the user
- *
- * "p7ecx" - encoder context
- * "data" - content data
- * "len" - length of content data
- *
- * need to find the lowest level (and call SEC_ASN1EncoderUpdate on the way down),
- * then hand the data to the work_data fn
- */
-SECStatus
-NSS_CMSEncoder_Update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned long len)
-{
- SECStatus rv;
- NSSCMSContentInfo *cinfo;
- SECOidTag childtype;
-
- if (p7ecx->error)
- return SECFailure;
-
- /* hand data to the innermost decoder */
- if (p7ecx->childp7ecx) {
- /* recursion here */
- rv = NSS_CMSEncoder_Update(p7ecx->childp7ecx, data, len);
- } else {
- /* we are at innermost decoder */
- /* find out about our inner content type - must be data */
- cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
- childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
- if (childtype != SEC_OID_PKCS7_DATA)
- return SECFailure;
- /* and we must not have preset data */
- if (cinfo->content.data != NULL)
- return SECFailure;
-
- /* hand it the data so it can encode it (let DER trickle up the chain) */
- rv = nss_cms_encoder_work_data(p7ecx, NULL, (const unsigned char *)data, len, PR_FALSE, PR_TRUE);
- }
- return rv;
-}
-
-/*
- * NSS_CMSEncoder_Cancel - stop all encoding
- *
- * we need to walk down the chain of encoders and the finish them from the innermost out
- */
-SECStatus
-NSS_CMSEncoder_Cancel(NSSCMSEncoderContext *p7ecx)
-{
- SECStatus rv = SECFailure;
-
- /* XXX do this right! */
-
- /*
- * Finish any inner decoders before us so that all the encoded data is flushed
- * This basically finishes all the decoders from the innermost to the outermost.
- * Finishing an inner decoder may result in data being updated to the outer decoder
- * while we are already in NSS_CMSEncoder_Finish, but that's allright.
- */
- if (p7ecx->childp7ecx) {
- rv = NSS_CMSEncoder_Cancel(p7ecx->childp7ecx); /* frees p7ecx->childp7ecx */
- /* remember rv for now */
- }
-
- /*
- * On the way back up, there will be no more data (if we had an
- * inner encoder, it is done now!)
- * Flush out any remaining data and/or finish digests.
- */
- rv = nss_cms_encoder_work_data(p7ecx, NULL, NULL, 0, PR_TRUE, (p7ecx->childp7ecx == NULL));
- if (rv != SECSuccess)
- goto loser;
-
- p7ecx->childp7ecx = NULL;
-
- /* kick the encoder back into working mode again.
- * We turn off streaming stuff (which will cause the encoder to continue
- * encoding happily, now that we have all the data (like digests) ready for it).
- */
- SEC_ASN1EncoderClearTakeFromBuf(p7ecx->ecx);
- SEC_ASN1EncoderClearStreaming(p7ecx->ecx);
-
- /* now that TakeFromBuf is off, this will kick this encoder to finish encoding */
- rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0);
-
-loser:
- SEC_ASN1EncoderFinish(p7ecx->ecx);
- PORT_Free (p7ecx);
- return rv;
-}
-
-/*
- * NSS_CMSEncoder_Finish - signal the end of data
- *
- * we need to walk down the chain of encoders and the finish them from the innermost out
- */
-SECStatus
-NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx)
-{
- SECStatus rv = SECFailure;
- NSSCMSContentInfo *cinfo;
- SECOidTag childtype;
-
- /*
- * Finish any inner decoders before us so that all the encoded data is flushed
- * This basically finishes all the decoders from the innermost to the outermost.
- * Finishing an inner decoder may result in data being updated to the outer decoder
- * while we are already in NSS_CMSEncoder_Finish, but that's allright.
- */
- if (p7ecx->childp7ecx) {
- rv = NSS_CMSEncoder_Finish(p7ecx->childp7ecx); /* frees p7ecx->childp7ecx */
- if (rv != SECSuccess)
- goto loser;
- }
-
- /*
- * On the way back up, there will be no more data (if we had an
- * inner encoder, it is done now!)
- * Flush out any remaining data and/or finish digests.
- */
- rv = nss_cms_encoder_work_data(p7ecx, NULL, NULL, 0, PR_TRUE, (p7ecx->childp7ecx == NULL));
- if (rv != SECSuccess)
- goto loser;
-
- p7ecx->childp7ecx = NULL;
-
- /* find out about our inner content type - must be data */
- cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
- childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
- if (childtype == SEC_OID_PKCS7_DATA && cinfo->content.data == NULL) {
- SEC_ASN1EncoderClearTakeFromBuf(p7ecx->ecx);
- /* now that TakeFromBuf is off, this will kick this encoder to finish encoding */
- rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0);
- }
-
- SEC_ASN1EncoderClearStreaming(p7ecx->ecx);
-
- if (p7ecx->error)
- rv = SECFailure;
-
-loser:
- SEC_ASN1EncoderFinish(p7ecx->ecx);
- PORT_Free (p7ecx);
- return rv;
-}
diff --git a/security/nss/lib/smime/cmsenvdata.c b/security/nss/lib/smime/cmsenvdata.c
deleted file mode 100644
index d6e45a10a..000000000
--- a/security/nss/lib/smime/cmsenvdata.c
+++ /dev/null
@@ -1,416 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS envelopedData methods.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "key.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "secerr.h"
-
-/*
- * NSS_CMSEnvelopedData_Create - create an enveloped data message
- */
-NSSCMSEnvelopedData *
-NSS_CMSEnvelopedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize)
-{
- void *mark;
- NSSCMSEnvelopedData *envd;
- PLArenaPool *poolp;
- SECStatus rv;
-
- poolp = cmsg->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- envd = (NSSCMSEnvelopedData *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSEnvelopedData));
- if (envd == NULL)
- goto loser;
-
- envd->cmsg = cmsg;
-
- /* version is set in NSS_CMSEnvelopedData_Encode_BeforeStart() */
-
- rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, &(envd->contentInfo), algorithm, NULL, keysize);
- if (rv != SECSuccess)
- goto loser;
-
- PORT_ArenaUnmark(poolp, mark);
- return envd;
-
-loser:
- PORT_ArenaRelease(poolp, mark);
- return NULL;
-}
-
-/*
- * NSS_CMSEnvelopedData_Destroy - destroy an enveloped data message
- */
-void
-NSS_CMSEnvelopedData_Destroy(NSSCMSEnvelopedData *edp)
-{
- NSSCMSRecipientInfo **recipientinfos;
- NSSCMSRecipientInfo *ri;
-
- if (edp == NULL)
- return;
-
- recipientinfos = edp->recipientInfos;
- if (recipientinfos == NULL)
- return;
-
- while ((ri = *recipientinfos++) != NULL)
- NSS_CMSRecipientInfo_Destroy(ri);
-
- /* XXX storage ??? */
-}
-
-/*
- * NSS_CMSEnvelopedData_GetContentInfo - return pointer to this envelopedData's contentinfo
- */
-NSSCMSContentInfo *
-NSS_CMSEnvelopedData_GetContentInfo(NSSCMSEnvelopedData *envd)
-{
- return &(envd->contentInfo);
-}
-
-/*
- * NSS_CMSEnvelopedData_AddRecipient - add a recipientinfo to the enveloped data msg
- *
- * rip must be created on the same pool as edp - this is not enforced, though.
- */
-SECStatus
-NSS_CMSEnvelopedData_AddRecipient(NSSCMSEnvelopedData *edp, NSSCMSRecipientInfo *rip)
-{
- void *mark;
- SECStatus rv;
-
- /* XXX compare pools, if not same, copy rip into edp's pool */
-
- PR_ASSERT(edp != NULL);
- PR_ASSERT(rip != NULL);
-
- mark = PORT_ArenaMark(edp->cmsg->poolp);
-
- rv = NSS_CMSArray_Add(edp->cmsg->poolp, (void ***)&(edp->recipientInfos), (void *)rip);
- if (rv != SECSuccess) {
- PORT_ArenaRelease(edp->cmsg->poolp, mark);
- return SECFailure;
- }
-
- PORT_ArenaUnmark (edp->cmsg->poolp, mark);
- return SECSuccess;
-}
-
-/*
- * NSS_CMSEnvelopedData_Encode_BeforeStart - prepare this envelopedData for encoding
- *
- * at this point, we need
- * - recipientinfos set up with recipient's certificates
- * - a content encryption algorithm (if none, 3DES will be used)
- *
- * this function will generate a random content encryption key (aka bulk key),
- * initialize the recipientinfos with certificate identification and wrap the bulk key
- * using the proper algorithm for every certificiate.
- * it will finally set the bulk algorithm and key so that the encode step can find it.
- */
-SECStatus
-NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd)
-{
- int version;
- NSSCMSRecipientInfo **recipientinfos;
- NSSCMSContentInfo *cinfo;
- PK11SymKey *bulkkey = NULL;
- SECOidTag bulkalgtag;
- CK_MECHANISM_TYPE type;
- PK11SlotInfo *slot;
- SECStatus rv;
- SECItem *dummy;
- PLArenaPool *poolp;
- extern const SEC_ASN1Template NSSCMSRecipientInfoTemplate[];
- void *mark = NULL;
- int i;
-
- poolp = envd->cmsg->poolp;
- cinfo = &(envd->contentInfo);
-
- recipientinfos = envd->recipientInfos;
- if (recipientinfos == NULL) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
-#if 0
- PORT_SetErrorString("Cannot find recipientinfos to encode.");
-#endif
- goto loser;
- }
-
- version = NSS_CMS_ENVELOPED_DATA_VERSION_REG;
- if (envd->originatorInfo != NULL || envd->unprotectedAttr != NULL) {
- version = NSS_CMS_ENVELOPED_DATA_VERSION_ADV;
- } else {
- for (i = 0; recipientinfos[i] != NULL; i++) {
- if (NSS_CMSRecipientInfo_GetVersion(recipientinfos[i]) != 0) {
- version = NSS_CMS_ENVELOPED_DATA_VERSION_ADV;
- break;
- }
- }
- }
- dummy = SEC_ASN1EncodeInteger(poolp, &(envd->version), version);
- if (dummy == NULL)
- goto loser;
-
- /* now we need to have a proper content encryption algorithm
- * on the SMIME level, we would figure one out by looking at SMIME capabilities
- * we cannot do that on our level, so if none is set already, we'll just go
- * with one of the mandatory algorithms (3DES) */
- if ((bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo)) == SEC_OID_UNKNOWN) {
- rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, cinfo, SEC_OID_DES_EDE3_CBC, NULL, 168);
- if (rv != SECSuccess)
- goto loser;
- bulkalgtag = SEC_OID_DES_EDE3_CBC;
- }
-
- /* generate a random bulk key suitable for content encryption alg */
- type = PK11_AlgtagToMechanism(bulkalgtag);
- slot = PK11_GetBestSlot(type, envd->cmsg->pwfn_arg);
- if (slot == NULL)
- goto loser; /* error has been set by PK11_GetBestSlot */
-
- /* this is expensive... */
- bulkkey = PK11_KeyGen(slot, type, NULL, NSS_CMSContentInfo_GetBulkKeySize(cinfo) / 8, envd->cmsg->pwfn_arg);
- PK11_FreeSlot(slot);
- if (bulkkey == NULL)
- goto loser; /* error has been set by PK11_KeyGen */
-
- mark = PORT_ArenaMark(poolp);
-
- /* Encrypt the bulk key with the public key of each recipient. */
- for (i = 0; recipientinfos[i] != NULL; i++) {
- rv = NSS_CMSRecipientInfo_WrapBulkKey(recipientinfos[i], bulkkey, bulkalgtag);
- if (rv != SECSuccess)
- goto loser; /* error has been set by NSS_CMSRecipientInfo_EncryptBulkKey */
- /* could be: alg not supported etc. */
- }
-
- /* the recipientinfos are all finished. now sort them by DER for SET OF encoding */
- rv = NSS_CMSArray_SortByDER((void **)envd->recipientInfos, NSSCMSRecipientInfoTemplate, NULL);
- if (rv != SECSuccess)
- goto loser; /* error has been set by NSS_CMSArray_SortByDER */
-
- /* store the bulk key in the contentInfo so that the encoder can find it */
- NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
-
- PORT_ArenaUnmark(poolp, mark);
-
- PK11_FreeSymKey(bulkkey);
-
- return SECSuccess;
-
-loser:
- if (mark != NULL)
- PORT_ArenaRelease (poolp, mark);
- if (bulkkey)
- PK11_FreeSymKey(bulkkey);
-
- return SECFailure;
-}
-
-/*
- * NSS_CMSEnvelopedData_Encode_BeforeData - set up encryption
- *
- * it is essential that this is called before the contentEncAlg is encoded, because
- * setting up the encryption may generate IVs and thus change it!
- */
-SECStatus
-NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd)
-{
- NSSCMSContentInfo *cinfo;
- PK11SymKey *bulkkey;
- SECAlgorithmID *algid;
-
- cinfo = &(envd->contentInfo);
-
- /* find bulkkey and algorithm - must have been set by NSS_CMSEnvelopedData_Encode_BeforeStart */
- bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo);
- if (bulkkey == NULL)
- return SECFailure;
- algid = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
- if (algid == NULL)
- return SECFailure;
-
- /* this may modify algid (with IVs generated in a token).
- * it is essential that algid is a pointer to the contentEncAlg data, not a
- * pointer to a copy! */
- cinfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(envd->cmsg->poolp, bulkkey, algid);
- PK11_FreeSymKey(bulkkey);
- if (cinfo->ciphcx == NULL)
- return SECFailure;
-
- return SECSuccess;
-}
-
-/*
- * NSS_CMSEnvelopedData_Encode_AfterData - finalize this envelopedData for encoding
- */
-SECStatus
-NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd)
-{
- if (envd->contentInfo.ciphcx) {
- NSS_CMSCipherContext_Destroy(envd->contentInfo.ciphcx);
- envd->contentInfo.ciphcx = NULL;
- }
-
- /* nothing else to do after data */
- return SECSuccess;
-}
-
-/*
- * NSS_CMSEnvelopedData_Decode_BeforeData - find our recipientinfo,
- * derive bulk key & set up our contentinfo
- */
-SECStatus
-NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd)
-{
- NSSCMSRecipientInfo *ri;
- PK11SymKey *bulkkey = NULL;
- SECOidTag bulkalgtag;
- SECAlgorithmID *bulkalg;
- SECStatus rv = SECFailure;
- NSSCMSContentInfo *cinfo;
- NSSCMSRecipient **recipient_list;
- int rlIndex;
-
- if (NSS_CMSArray_Count((void **)envd->recipientInfos) == 0) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
-#if 0
- PORT_SetErrorString("No recipient data in envelope.");
-#endif
- goto loser;
- }
-
- /* look if one of OUR cert's issuerSN is on the list of recipients, and if so, */
- /* get the cert and private key for it right away */
- recipient_list = nss_cms_recipient_list_create(envd->recipientInfos);
- if (recipient_list == NULL)
- goto loser;
-
- /* what about multiple recipientInfos that match?
- * especially if, for some reason, we could not produce a bulk key with the first match?!
- * we could loop & feed partial recipient_list to PK11_FindCertAndKeyByRecipientList...
- * maybe later... */
- rlIndex = PK11_FindCertAndKeyByRecipientListNew(recipient_list, envd->cmsg->pwfn_arg);
-
- /* if that fails, then we're not an intended recipient and cannot decrypt */
- if (rlIndex < 0) {
- PORT_SetError(SEC_ERROR_NOT_A_RECIPIENT);
-#if 0
- PORT_SetErrorString("Cannot decrypt data because proper key cannot be found.");
-#endif
- goto loser;
- }
-
- /* get a pointer to "our" recipientinfo */
- ri = envd->recipientInfos[recipient_list[rlIndex]->riIndex];
-
- cinfo = &(envd->contentInfo);
- bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo);
- bulkkey = NSS_CMSRecipientInfo_UnwrapBulkKey(ri,recipient_list[rlIndex]->subIndex,
- recipient_list[rlIndex]->cert,
- recipient_list[rlIndex]->privkey,
- bulkalgtag);
- if (bulkkey == NULL) {
- /* no success finding a bulk key */
- goto loser;
- }
-
- NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
-
- bulkalg = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
-
- cinfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
- if (cinfo->ciphcx == NULL)
- goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
-
- /*
- * HACK ALERT!!
- * For PKCS5 Encryption Algorithms, the bulkkey is actually a different
- * structure. Therefore, we need to set the bulkkey to the actual key
- * prior to freeing it.
- */
- if (SEC_PKCS5IsAlgorithmPBEAlg(bulkalg)) {
- SEC_PKCS5KeyAndPassword *keyPwd = (SEC_PKCS5KeyAndPassword *)bulkkey;
- bulkkey = keyPwd->key;
- }
-
- rv = SECSuccess;
-
-loser:
- if (bulkkey)
- PK11_FreeSymKey(bulkkey);
- if (recipient_list != NULL)
- nss_cms_recipient_list_destroy(recipient_list);
- return rv;
-}
-
-/*
- * NSS_CMSEnvelopedData_Decode_AfterData - finish decrypting this envelopedData's content
- */
-SECStatus
-NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd)
-{
- if (envd->contentInfo.ciphcx) {
- NSS_CMSCipherContext_Destroy(envd->contentInfo.ciphcx);
- envd->contentInfo.ciphcx = NULL;
- }
-
- return SECSuccess;
-}
-
-/*
- * NSS_CMSEnvelopedData_Decode_AfterEnd - finish decoding this envelopedData
- */
-SECStatus
-NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd)
-{
- /* apply final touches */
- return SECSuccess;
-}
-
diff --git a/security/nss/lib/smime/cmslocal.h b/security/nss/lib/smime/cmslocal.h
deleted file mode 100644
index e7f15c4e1..000000000
--- a/security/nss/lib/smime/cmslocal.h
+++ /dev/null
@@ -1,330 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Support routines for CMS implementation, none of which are exported.
- *
- * Do not export this file! If something in here is really needed outside
- * of smime code, first try to add a CMS interface which will do it for
- * you. If that has a problem, then just move out what you need, changing
- * its name as appropriate!
- *
- * $Id$
- */
-
-#ifndef _CMSLOCAL_H_
-#define _CMSLOCAL_H_
-
-#include "cms.h"
-#include "cmsreclist.h"
-#include "secasn1t.h"
-
-extern const SEC_ASN1Template NSSCMSContentInfoTemplate[];
-
-/************************************************************************/
-SEC_BEGIN_PROTOS
-
-/***********************************************************************
- * cmscipher.c - en/decryption routines
- ***********************************************************************/
-
-/*
- * NSS_CMSCipherContext_StartDecrypt - create a cipher context to do decryption
- * based on the given bulk * encryption key and algorithm identifier (which may include an iv).
- */
-extern NSSCMSCipherContext *
-NSS_CMSCipherContext_StartDecrypt(PK11SymKey *key, SECAlgorithmID *algid);
-
-/*
- * NSS_CMSCipherContext_StartEncrypt - create a cipher object to do encryption,
- * based on the given bulk encryption key and algorithm tag. Fill in the algorithm
- * identifier (which may include an iv) appropriately.
- */
-extern NSSCMSCipherContext *
-NSS_CMSCipherContext_StartEncrypt(PRArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid);
-
-extern void
-NSS_CMSCipherContext_Destroy(NSSCMSCipherContext *cc);
-
-/*
- * NSS_CMSCipherContext_DecryptLength - find the output length of the next call to decrypt.
- *
- * cc - the cipher context
- * input_len - number of bytes used as input
- * final - true if this is the final chunk of data
- *
- * Result can be used to perform memory allocations. Note that the amount
- * is exactly accurate only when not doing a block cipher or when final
- * is false, otherwise it is an upper bound on the amount because until
- * we see the data we do not know how many padding bytes there are
- * (always between 1 and bsize).
- */
-extern unsigned int
-NSS_CMSCipherContext_DecryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
-
-/*
- * NSS_CMSCipherContext_EncryptLength - find the output length of the next call to encrypt.
- *
- * cc - the cipher context
- * input_len - number of bytes used as input
- * final - true if this is the final chunk of data
- *
- * Result can be used to perform memory allocations.
- */
-extern unsigned int
-NSS_CMSCipherContext_EncryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
-
-/*
- * NSS_CMSCipherContext_Decrypt - do the decryption
- *
- * cc - the cipher context
- * output - buffer for decrypted result bytes
- * output_len_p - number of bytes in output
- * max_output_len - upper bound on bytes to put into output
- * input - pointer to input bytes
- * input_len - number of input bytes
- * final - true if this is the final chunk of data
- *
- * Decrypts a given length of input buffer (starting at "input" and
- * containing "input_len" bytes), placing the decrypted bytes in
- * "output" and storing the output length in "*output_len_p".
- * "cc" is the return value from NSS_CMSCipher_StartDecrypt.
- * When "final" is true, this is the last of the data to be decrypted.
- */
-extern SECStatus
-NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output,
- unsigned int *output_len_p, unsigned int max_output_len,
- const unsigned char *input, unsigned int input_len,
- PRBool final);
-
-/*
- * NSS_CMSCipherContext_Encrypt - do the encryption
- *
- * cc - the cipher context
- * output - buffer for decrypted result bytes
- * output_len_p - number of bytes in output
- * max_output_len - upper bound on bytes to put into output
- * input - pointer to input bytes
- * input_len - number of input bytes
- * final - true if this is the final chunk of data
- *
- * Encrypts a given length of input buffer (starting at "input" and
- * containing "input_len" bytes), placing the encrypted bytes in
- * "output" and storing the output length in "*output_len_p".
- * "cc" is the return value from NSS_CMSCipher_StartEncrypt.
- * When "final" is true, this is the last of the data to be encrypted.
- */
-extern SECStatus
-NSS_CMSCipherContext_Encrypt(NSSCMSCipherContext *cc, unsigned char *output,
- unsigned int *output_len_p, unsigned int max_output_len,
- const unsigned char *input, unsigned int input_len,
- PRBool final);
-
-/************************************************************************
- * cmspubkey.c - public key operations
- ************************************************************************/
-
-/*
- * NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA
- *
- * this function takes a symmetric key and encrypts it using an RSA public key
- * according to PKCS#1 and RFC2633 (S/MIME)
- */
-extern SECStatus
-NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
- SECItem *encKey);
-
-/*
- * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key
- *
- * this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric
- * key handle. Please note that the actual unwrapped key data may not be allowed to leave
- * a hardware token...
- */
-extern PK11SymKey *
-NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag);
-
-extern SECStatus
-NSS_CMSUtil_EncryptSymKey_MISSI(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
- SECOidTag symalgtag, SECItem *encKey, SECItem **pparams, void *pwfn_arg);
-
-extern PK11SymKey *
-NSS_CMSUtil_DecryptSymKey_MISSI(SECKEYPrivateKey *privkey, SECItem *encKey,
- SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg);
-
-extern SECStatus
-NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
- SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg,
- SECItem *originatorPubKey);
-
-extern PK11SymKey *
-NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey,
- SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg);
-
-/************************************************************************
- * cmsreclist.c - recipient list stuff
- ************************************************************************/
-extern NSSCMSRecipient **nss_cms_recipient_list_create(NSSCMSRecipientInfo **recipientinfos);
-extern void nss_cms_recipient_list_destroy(NSSCMSRecipient **recipient_list);
-extern NSSCMSRecipientEncryptedKey *NSS_CMSRecipientEncryptedKey_Create(PLArenaPool *poolp);
-
-/************************************************************************
- * cmsarray.c - misc array functions
- ************************************************************************/
-/*
- * NSS_CMSArray_Alloc - allocate an array in an arena
- */
-extern void **
-NSS_CMSArray_Alloc(PRArenaPool *poolp, int n);
-
-/*
- * NSS_CMSArray_Add - add an element to the end of an array
- */
-extern SECStatus
-NSS_CMSArray_Add(PRArenaPool *poolp, void ***array, void *obj);
-
-/*
- * NSS_CMSArray_IsEmpty - check if array is empty
- */
-extern PRBool
-NSS_CMSArray_IsEmpty(void **array);
-
-/*
- * NSS_CMSArray_Count - count number of elements in array
- */
-extern int
-NSS_CMSArray_Count(void **array);
-
-/*
- * NSS_CMSArray_Sort - sort an array ascending, in place
- *
- * If "secondary" is not NULL, the same reordering gets applied to it.
- * If "tertiary" is not NULL, the same reordering gets applied to it.
- * "compare" is a function that returns
- * < 0 when the first element is less than the second
- * = 0 when the first element is equal to the second
- * > 0 when the first element is greater than the second
- */
-extern void
-NSS_CMSArray_Sort(void **primary, int (*compare)(void *,void *), void **secondary, void **tertiary);
-
-/************************************************************************
- * cmsattr.c - misc attribute functions
- ************************************************************************/
-/*
- * NSS_CMSAttribute_Create - create an attribute
- *
- * if value is NULL, the attribute won't have a value. It can be added later
- * with NSS_CMSAttribute_AddValue.
- */
-extern NSSCMSAttribute *
-NSS_CMSAttribute_Create(PRArenaPool *poolp, SECOidTag oidtag, SECItem *value, PRBool encoded);
-
-/*
- * NSS_CMSAttribute_AddValue - add another value to an attribute
- */
-extern SECStatus
-NSS_CMSAttribute_AddValue(PLArenaPool *poolp, NSSCMSAttribute *attr, SECItem *value);
-
-/*
- * NSS_CMSAttribute_GetType - return the OID tag
- */
-extern SECOidTag
-NSS_CMSAttribute_GetType(NSSCMSAttribute *attr);
-
-/*
- * NSS_CMSAttribute_GetValue - return the first attribute value
- *
- * We do some sanity checking first:
- * - Multiple values are *not* expected.
- * - Empty values are *not* expected.
- */
-extern SECItem *
-NSS_CMSAttribute_GetValue(NSSCMSAttribute *attr);
-
-/*
- * NSS_CMSAttribute_CompareValue - compare the attribute's first value against data
- */
-extern PRBool
-NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av);
-
-/*
- * NSS_CMSAttributeArray_Encode - encode an Attribute array as SET OF Attributes
- *
- * If you are wondering why this routine does not reorder the attributes
- * first, and might be tempted to make it do so, see the comment by the
- * call to ReorderAttributes in cmsencode.c. (Or, see who else calls this
- * and think long and hard about the implications of making it always
- * do the reordering.)
- */
-extern SECItem *
-NSS_CMSAttributeArray_Encode(PRArenaPool *poolp, NSSCMSAttribute ***attrs, SECItem *dest);
-
-/*
- * NSS_CMSAttributeArray_Reorder - sort attribute array by attribute's DER encoding
- *
- * make sure that the order of the attributes guarantees valid DER (which must be
- * in lexigraphically ascending order for a SET OF); if reordering is necessary it
- * will be done in place (in attrs).
- */
-extern SECStatus
-NSS_CMSAttributeArray_Reorder(NSSCMSAttribute **attrs);
-
-/*
- * NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and
- * find one that matches the specified object ID.
- *
- * If "only" is true, then make sure that there is not more than one attribute
- * of the same type. Otherwise, just return the first one found. (XXX Does
- * anybody really want that first-found behavior? It was like that when I found it...)
- */
-extern NSSCMSAttribute *
-NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only);
-
-/*
- * NSS_CMSAttributeArray_AddAttr - add an attribute to an
- * array of attributes.
- */
-extern SECStatus
-NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSCMSAttribute *attr);
-
-/*
- * NSS_CMSAttributeArray_SetAttr - set an attribute's value in a set of attributes
- */
-extern SECStatus
-NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECOidTag type, SECItem *value, PRBool encoded);
-
-/************************************************************************/
-SEC_END_PROTOS
-
-#endif /* _CMSLOCAL_H_ */
diff --git a/security/nss/lib/smime/cmsmessage.c b/security/nss/lib/smime/cmsmessage.c
deleted file mode 100644
index a25445627..000000000
--- a/security/nss/lib/smime/cmsmessage.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS message methods.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "secerr.h"
-
-/*
- * NSS_CMSMessage_Create - create a CMS message object
- *
- * "poolp" - arena to allocate memory from, or NULL if new arena should be created
- */
-NSSCMSMessage *
-NSS_CMSMessage_Create(PLArenaPool *poolp)
-{
- void *mark;
- NSSCMSMessage *cmsg;
- PRBool poolp_is_ours = PR_FALSE;
-
- if (poolp == NULL) {
- poolp = PORT_NewArena (1024); /* XXX what is right value? */
- if (poolp == NULL)
- return NULL;
- poolp_is_ours = PR_TRUE;
- }
-
- if (!poolp_is_ours)
- mark = PORT_ArenaMark(poolp);
-
- cmsg = (NSSCMSMessage *)PORT_ArenaZAlloc (poolp, sizeof(NSSCMSMessage));
- if (cmsg == NULL) {
- if (!poolp_is_ours)
- PORT_ArenaRelease(poolp, mark);
- else
- PORT_FreeArena(poolp, PR_FALSE);
- return NULL;
- }
-
- cmsg->poolp = poolp;
- cmsg->poolp_is_ours = poolp_is_ours;
- cmsg->refCount = 1;
-
- if (!poolp_is_ours)
- PORT_ArenaUnmark(poolp, mark);
-
- return cmsg;
-}
-
-/*
- * NSS_CMSMessage_SetEncodingParams - set up a CMS message object for encoding or decoding
- *
- * "cmsg" - message object
- * "pwfn", pwfn_arg" - callback function for getting token password
- * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
- * "detached_digestalgs", "detached_digests" - digests from detached content
- */
-void
-NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
- PK11PasswordFunc pwfn, void *pwfn_arg,
- NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
- SECAlgorithmID **detached_digestalgs, SECItem **detached_digests)
-{
- if (pwfn)
- PK11_SetPasswordFunc(pwfn);
- cmsg->pwfn_arg = pwfn_arg;
- cmsg->decrypt_key_cb = decrypt_key_cb;
- cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
- cmsg->detached_digestalgs = detached_digestalgs;
- cmsg->detached_digests = detached_digests;
-}
-
-/*
- * NSS_CMSMessage_Destroy - destroy a CMS message and all of its sub-pieces.
- */
-void
-NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg)
-{
- PORT_Assert (cmsg->refCount > 0);
- if (cmsg->refCount <= 0) /* oops */
- return;
-
- cmsg->refCount--; /* thread safety? */
- if (cmsg->refCount > 0)
- return;
-
- NSS_CMSContentInfo_Destroy(&(cmsg->contentInfo));
-
- /* if poolp is not NULL, cmsg is the owner of its arena */
- if (cmsg->poolp_is_ours)
- PORT_FreeArena (cmsg->poolp, PR_FALSE); /* XXX clear it? */
-}
-
-/*
- * NSS_CMSMessage_Copy - return a copy of the given message.
- *
- * The copy may be virtual or may be real -- either way, the result needs
- * to be passed to NSS_CMSMessage_Destroy later (as does the original).
- */
-NSSCMSMessage *
-NSS_CMSMessage_Copy(NSSCMSMessage *cmsg)
-{
- if (cmsg == NULL)
- return NULL;
-
- PORT_Assert (cmsg->refCount > 0);
-
- cmsg->refCount++; /* XXX chrisk thread safety? */
- return cmsg;
-}
-
-/*
- * NSS_CMSMessage_GetArena - return a pointer to the message's arena pool
- */
-PLArenaPool *
-NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg)
-{
- return cmsg->poolp;
-}
-
-/*
- * NSS_CMSMessage_GetContentInfo - return a pointer to the top level contentInfo
- */
-NSSCMSContentInfo *
-NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg)
-{
- return &(cmsg->contentInfo);
-}
-
-/*
- * Return a pointer to the actual content.
- * In the case of those types which are encrypted, this returns the *plain* content.
- * In case of nested contentInfos, this descends and retrieves the innermost content.
- */
-SECItem *
-NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg)
-{
- /* this is a shortcut */
- return NSS_CMSContentInfo_GetInnerContent(NSS_CMSMessage_GetContentInfo(cmsg));
-}
-
-/*
- * NSS_CMSMessage_ContentLevelCount - count number of levels of CMS content objects in this message
- *
- * CMS data content objects do not count.
- */
-int
-NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg)
-{
- int count = 0;
- NSSCMSContentInfo *cinfo;
-
- /* walk down the chain of contentinfos */
- for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
- count++;
- }
- return count;
-}
-
-/*
- * NSS_CMSMessage_ContentLevel - find content level #n
- *
- * CMS data content objects do not count.
- */
-NSSCMSContentInfo *
-NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n)
-{
- int count = 0;
- NSSCMSContentInfo *cinfo;
-
- /* walk down the chain of contentinfos */
- for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
- count++;
- }
-
- return cinfo;
-}
-
-/*
- * NSS_CMSMessage_ContainsCertsOrCrls - see if message contains certs along the way
- */
-PRBool
-NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg)
-{
- NSSCMSContentInfo *cinfo;
-
- /* descend into CMS message */
- for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
- if (NSS_CMSContentInfo_GetContentTypeTag(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
- continue; /* next level */
-
- if (NSS_CMSSignedData_ContainsCertsOrCrls(cinfo->content.signedData))
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-/*
- * NSS_CMSMessage_IsEncrypted - see if message contains a encrypted submessage
- */
-PRBool
-NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg)
-{
- NSSCMSContentInfo *cinfo;
-
- /* walk down the chain of contentinfos */
- for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo))
- {
- switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- return PR_TRUE;
- default:
- break;
- }
- }
- return PR_FALSE;
-}
-
-/*
- * NSS_CMSMessage_IsSigned - see if message contains a signed submessage
- *
- * If the CMS message has a SignedData with a signature (not just a SignedData)
- * return true; false otherwise. This can/should be called before calling
- * VerifySignature, which will always indicate failure if no signature is
- * present, but that does not mean there even was a signature!
- * Note that the content itself can be empty (detached content was sent
- * another way); it is the presence of the signature that matters.
- */
-PRBool
-NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg)
-{
- NSSCMSContentInfo *cinfo;
-
- /* walk down the chain of contentinfos */
- for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo))
- {
- switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- if (!NSS_CMSArray_IsEmpty((void **)cinfo->content.signedData->signerInfos))
- return PR_TRUE;
- break;
- default:
- break;
- }
- }
- return PR_FALSE;
-}
-
-/*
- * NSS_CMSMessage_IsContentEmpty - see if content is empty
- *
- * returns PR_TRUE is innermost content length is < minLen
- * XXX need the encrypted content length (why?)
- */
-PRBool
-NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen)
-{
- SECItem *item = NULL;
-
- if (cmsg == NULL)
- return PR_TRUE;
-
- item = NSS_CMSContentInfo_GetContent(NSS_CMSMessage_GetContentInfo(cmsg));
-
- if (!item) {
- return PR_TRUE;
- } else if(item->len <= minLen) {
- return PR_TRUE;
- }
-
- return PR_FALSE;
-}
diff --git a/security/nss/lib/smime/cmspubkey.c b/security/nss/lib/smime/cmspubkey.c
deleted file mode 100644
index 9654ef26c..000000000
--- a/security/nss/lib/smime/cmspubkey.c
+++ /dev/null
@@ -1,531 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS public key crypto
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "key.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "secerr.h"
-
-/* ====== RSA ======================================================================= */
-
-/*
- * NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA
- *
- * this function takes a symmetric key and encrypts it using an RSA public key
- * according to PKCS#1 and RFC2633 (S/MIME)
- */
-SECStatus
-NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *bulkkey,
- SECItem *encKey)
-{
- SECOidTag certalgtag; /* the certificate's encryption algorithm */
- SECOidTag encalgtag; /* the algorithm used for key exchange/agreement */
- SECStatus rv;
- SECKEYPublicKey *publickey;
- int data_len;
- void *mark;
-
- /* sanity check */
- certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
- PORT_Assert(certalgtag == SEC_OID_PKCS1_RSA_ENCRYPTION);
-
- encalgtag = SEC_OID_PKCS1_RSA_ENCRYPTION;
- publickey = CERT_ExtractPublicKey(cert);
- if (publickey == NULL)
- goto loser;
-
- mark = PORT_ArenaMark(poolp);
-
- /* allocate memory for the encrypted key */
- data_len = SECKEY_PublicKeyStrength(publickey); /* block size (assumed to be > keylen) */
- encKey->data = (unsigned char*)PORT_ArenaAlloc(poolp, data_len);
- encKey->len = data_len;
- if (encKey->data == NULL)
- goto loser;
-
- /* encrypt the key now */
- rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(SEC_OID_PKCS1_RSA_ENCRYPTION),
- publickey, bulkkey, encKey);
-
- SECKEY_DestroyPublicKey(publickey);
- if (rv != SECSuccess)
- goto loser;
-
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
-}
-
-/*
- * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key
- *
- * this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric
- * key handle. Please note that the actual unwrapped key data may not be allowed to leave
- * a hardware token...
- */
-PK11SymKey *
-NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag)
-{
- /* that's easy */
- return PK11_PubUnwrapSymKey(privkey, encKey, PK11_AlgtagToMechanism(bulkalgtag), CKA_DECRYPT, 0);
-}
-
-/* ====== MISSI (Fortezza) ========================================================== */
-
-extern const SEC_ASN1Template NSS_SMIMEKEAParamTemplateAllParams[];
-
-SECStatus
-NSS_CMSUtil_EncryptSymKey_MISSI(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *bulkkey,
- SECOidTag symalgtag, SECItem *encKey, SECItem **pparams, void *pwfn_arg)
-{
- SECOidTag certalgtag; /* the certificate's encryption algorithm */
- SECOidTag encalgtag; /* the algorithm used for key exchange/agreement */
- SECStatus rv = SECFailure;
- SECItem *params = NULL;
- SECStatus err;
- PK11SymKey *tek;
- CERTCertificate *ourCert;
- SECKEYPublicKey *ourPubKey, *publickey = NULL;
- SECKEYPrivateKey *ourPrivKey = NULL;
- NSSCMSKEATemplateSelector whichKEA;
- NSSCMSSMIMEKEAParameters keaParams;
- PLArenaPool *arena;
- extern const SEC_ASN1Template *nss_cms_get_kea_template(NSSCMSKEATemplateSelector whichTemplate);
-
- /* Clear keaParams, since cleanup code checks the lengths */
- (void) memset(&keaParams, 0, sizeof(keaParams));
-
- certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
- PORT_Assert(certalgtag == SEC_OID_MISSI_KEA_DSS_OLD ||
- certalgtag == SEC_OID_MISSI_KEA_DSS ||
- certalgtag == SEC_OID_MISSI_KEA);
-
-#define SMIME_FORTEZZA_RA_LENGTH 128
-#define SMIME_FORTEZZA_IV_LENGTH 24
-#define SMIME_FORTEZZA_MAX_KEY_SIZE 256
-
- /* We really want to show our KEA tag as the key exchange algorithm tag. */
- encalgtag = SEC_OID_NETSCAPE_SMIME_KEA;
-
- /* Get the public key of the recipient. */
- publickey = CERT_ExtractPublicKey(cert);
- if (publickey == NULL) goto loser;
-
- /* Find our own cert, and extract its keys. */
- ourCert = PK11_FindBestKEAMatch(cert, pwfn_arg);
- if (ourCert == NULL) goto loser;
-
- arena = PORT_NewArena(1024);
- if (arena == NULL)
- goto loser;
-
- ourPubKey = CERT_ExtractPublicKey(ourCert);
- if (ourPubKey == NULL) {
- CERT_DestroyCertificate(ourCert);
- goto loser;
- }
-
- /* While we're here, copy the public key into the outgoing
- * KEA parameters. */
- SECITEM_CopyItem(arena, &(keaParams.originatorKEAKey), &(ourPubKey->u.fortezza.KEAKey));
- SECKEY_DestroyPublicKey(ourPubKey);
- ourPubKey = NULL;
-
- /* Extract our private key in order to derive the KEA key. */
- ourPrivKey = PK11_FindKeyByAnyCert(ourCert, pwfn_arg);
- CERT_DestroyCertificate(ourCert); /* we're done with this */
- if (!ourPrivKey)
- goto loser;
-
- /* Prepare raItem with 128 bytes (filled with zeros). */
- keaParams.originatorRA.data = (unsigned char *)PORT_ArenaAlloc(arena,SMIME_FORTEZZA_RA_LENGTH);
- keaParams.originatorRA.len = SMIME_FORTEZZA_RA_LENGTH;
-
- /* Generate the TEK (token exchange key) which we use
- * to wrap the bulk encryption key. (keaparams.originatorRA) will be
- * filled with a random seed which we need to send to
- * the recipient. (user keying material in RFC2630/DSA speak) */
- tek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE,
- &keaParams.originatorRA, NULL,
- CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP,
- CKA_WRAP, 0, pwfn_arg);
-
- SECKEY_DestroyPublicKey(publickey);
- SECKEY_DestroyPrivateKey(ourPrivKey);
- publickey = NULL;
- ourPrivKey = NULL;
-
- if (!tek)
- goto loser;
-
- /* allocate space for the wrapped key data */
- encKey->data = (unsigned char *)PORT_ArenaAlloc(poolp, SMIME_FORTEZZA_MAX_KEY_SIZE);
- encKey->len = SMIME_FORTEZZA_MAX_KEY_SIZE;
-
- if (encKey->data == NULL) {
- PK11_FreeSymKey(tek);
- goto loser;
- }
-
- /* Wrap the bulk key. What we do with the resulting data
- depends on whether we're using Skipjack to wrap the key. */
- switch (PK11_AlgtagToMechanism(symalgtag)) {
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- /* SKIPJACK, we use the wrap mechanism because we can do it on the hardware */
- err = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, tek, bulkkey, encKey);
- whichKEA = NSSCMSKEAUsesSkipjack;
- break;
- default:
- /* Not SKIPJACK, we encrypt the raw key data */
- keaParams.nonSkipjackIV.data =
- (unsigned char *)PORT_ArenaAlloc(arena, SMIME_FORTEZZA_IV_LENGTH);
- keaParams.nonSkipjackIV.len = SMIME_FORTEZZA_IV_LENGTH;
- err = PK11_WrapSymKey(CKM_SKIPJACK_CBC64, &keaParams.nonSkipjackIV, tek, bulkkey, encKey);
- if (err != SECSuccess)
- goto loser;
-
- if (encKey->len != PK11_GetKeyLength(bulkkey)) {
- /* The size of the encrypted key is not the same as
- that of the original bulk key, presumably due to
- padding. Encode and store the real size of the
- bulk key. */
- if (SEC_ASN1EncodeInteger(arena, &keaParams.bulkKeySize, PK11_GetKeyLength(bulkkey)) == NULL)
- err = (SECStatus)PORT_GetError();
- else
- /* use full template for encoding */
- whichKEA = NSSCMSKEAUsesNonSkipjackWithPaddedEncKey;
- }
- else
- /* enc key length == bulk key length */
- whichKEA = NSSCMSKEAUsesNonSkipjack;
- break;
- }
-
- PK11_FreeSymKey(tek);
- if (err != SECSuccess)
- goto loser;
-
- /* Encode the KEA parameters into the recipient info. */
- params = SEC_ASN1EncodeItem(poolp, NULL, &keaParams, nss_cms_get_kea_template(whichKEA));
- if (params == NULL)
- goto loser;
-
- /* pass back the algorithm params */
- *pparams = params;
-
- rv = SECSuccess;
-
-loser:
- if (arena)
- PORT_FreeArena(arena, PR_FALSE);
- if (publickey)
- SECKEY_DestroyPublicKey(publickey);
- if (ourPrivKey)
- SECKEY_DestroyPrivateKey(ourPrivKey);
- return rv;
-}
-
-PK11SymKey *
-NSS_CMSUtil_DecryptSymKey_MISSI(SECKEYPrivateKey *privkey, SECItem *encKey, SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg)
-{
- /* fortezza: do a key exchange */
- SECStatus err;
- CK_MECHANISM_TYPE bulkType;
- PK11SymKey *tek;
- SECKEYPublicKey *originatorPubKey;
- NSSCMSSMIMEKEAParameters keaParams;
- PK11SymKey *bulkkey;
- int bulkLength;
-
- (void) memset(&keaParams, 0, sizeof(keaParams));
-
- /* NOTE: this uses the SMIME v2 recipientinfo for compatibility.
- All additional KEA parameters are DER-encoded in the encryption algorithm parameters */
-
- /* Decode the KEA algorithm parameters. */
- err = SEC_ASN1DecodeItem(NULL, &keaParams, NSS_SMIMEKEAParamTemplateAllParams,
- &(keyEncAlg->parameters));
- if (err != SECSuccess)
- goto loser;
-
- /* get originator's public key */
- originatorPubKey = PK11_MakeKEAPubKey(keaParams.originatorKEAKey.data,
- keaParams.originatorKEAKey.len);
- if (originatorPubKey == NULL)
- goto loser;
-
- /* Generate the TEK (token exchange key) which we use to unwrap the bulk encryption key.
- The Derive function generates a shared secret and combines it with the originatorRA
- data to come up with an unique session key */
- tek = PK11_PubDerive(privkey, originatorPubKey, PR_FALSE,
- &keaParams.originatorRA, NULL,
- CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP,
- CKA_WRAP, 0, pwfn_arg);
- SECKEY_DestroyPublicKey(originatorPubKey); /* not needed anymore */
- if (tek == NULL)
- goto loser;
-
- /* Now that we have the TEK, unwrap the bulk key
- with which to decrypt the message. We have to
- do one of two different things depending on
- whether Skipjack was used for *bulk* encryption
- of the message. */
- bulkType = PK11_AlgtagToMechanism(bulkalgtag);
- switch (bulkType) {
- case CKM_SKIPJACK_CBC64:
- case CKM_SKIPJACK_ECB64:
- case CKM_SKIPJACK_OFB64:
- case CKM_SKIPJACK_CFB64:
- case CKM_SKIPJACK_CFB32:
- case CKM_SKIPJACK_CFB16:
- case CKM_SKIPJACK_CFB8:
- /* Skipjack is being used as the bulk encryption algorithm.*/
- /* Unwrap the bulk key. */
- bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP, NULL,
- encKey, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
- break;
- default:
- /* Skipjack was not used for bulk encryption of this
- message. Use Skipjack CBC64, with the nonSkipjackIV
- part of the KEA key parameters, to decrypt
- the bulk key. If the optional parameter bulkKeySize is present,
- bulk key size is different than the encrypted key size */
- if (keaParams.bulkKeySize.len > 0) {
- err = SEC_ASN1DecodeItem(NULL, &bulkLength,
- SEC_IntegerTemplate,
- &keaParams.bulkKeySize);
- if (err != SECSuccess)
- goto loser;
- }
-
- bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_CBC64, &keaParams.nonSkipjackIV,
- encKey, bulkType, CKA_DECRYPT, bulkLength);
- break;
- }
- return bulkkey;
-loser:
- return NULL;
-}
-
-/* ====== ESDH (Ephemeral-Static Diffie-Hellman) ==================================== */
-
-SECStatus
-NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
- SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg,
- SECItem *pubKey)
-{
-#if 0 /* not yet done */
- SECOidTag certalgtag; /* the certificate's encryption algorithm */
- SECOidTag encalgtag; /* the algorithm used for key exchange/agreement */
- SECStatus rv;
- SECItem *params = NULL;
- int data_len;
- SECStatus err;
- PK11SymKey *tek;
- CERTCertificate *ourCert;
- SECKEYPublicKey *ourPubKey;
- NSSCMSKEATemplateSelector whichKEA;
-
- certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
- PORT_Assert(certalgtag == SEC_OID_X942_DIFFIE_HELMAN_KEY);
-
- /* We really want to show our KEA tag as the key exchange algorithm tag. */
- encalgtag = SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN;
-
- /* Get the public key of the recipient. */
- publickey = CERT_ExtractPublicKey(cert);
- if (publickey == NULL) goto loser;
-
- /* XXXX generate a DH key pair on a PKCS11 module (XXX which parameters?) */
- /* XXXX */ourCert = PK11_FindBestKEAMatch(cert, wincx);
- if (ourCert == NULL) goto loser;
-
- arena = PORT_NewArena(1024);
- if (arena == NULL) goto loser;
-
- /* While we're here, extract the key pair's public key data and copy it into */
- /* the outgoing parameters. */
- /* XXXX */ourPubKey = CERT_ExtractPublicKey(ourCert);
- if (ourPubKey == NULL)
- {
- goto loser;
- }
- SECITEM_CopyItem(arena, pubKey, /* XXX */&(ourPubKey->u.fortezza.KEAKey));
- SECKEY_DestroyPublicKey(ourPubKey); /* we only need the private key from now on */
- ourPubKey = NULL;
-
- /* Extract our private key in order to derive the KEA key. */
- ourPrivKey = PK11_FindKeyByAnyCert(ourCert,wincx);
- CERT_DestroyCertificate(ourCert); /* we're done with this */
- if (!ourPrivKey) goto loser;
-
- /* If ukm desired, prepare it - allocate enough space (filled with zeros). */
- if (ukm) {
- ukm->data = (unsigned char*)PORT_ArenaZAlloc(arena,/* XXXX */);
- ukm->len = /* XXXX */;
- }
-
- /* Generate the KEK (key exchange key) according to RFC2631 which we use
- * to wrap the bulk encryption key. */
- kek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE,
- ukm, NULL,
- /* XXXX */CKM_KEA_KEY_DERIVE, /* XXXX */CKM_SKIPJACK_WRAP,
- CKA_WRAP, 0, wincx);
-
- SECKEY_DestroyPublicKey(publickey);
- SECKEY_DestroyPrivateKey(ourPrivKey);
- publickey = NULL;
- ourPrivKey = NULL;
-
- if (!kek)
- goto loser;
-
- /* allocate space for the encrypted CEK (bulk key) */
- encKey->data = (unsigned char*)PORT_ArenaAlloc(poolp, SMIME_FORTEZZA_MAX_KEY_SIZE);
- encKey->len = SMIME_FORTEZZA_MAX_KEY_SIZE;
-
- if (encKey->data == NULL)
- {
- PK11_FreeSymKey(kek);
- goto loser;
- }
-
-
- /* Wrap the bulk key using CMSRC2WRAP or CMS3DESWRAP, depending on the */
- /* bulk encryption algorithm */
- switch (/* XXXX */PK11_AlgtagToMechanism(enccinfo->encalg))
- {
- case /* XXXX */CKM_SKIPJACK_CFB8:
- err = PK11_WrapSymKey(/* XXXX */CKM_CMS3DES_WRAP, NULL, kek, bulkkey, encKey);
- whichKEA = NSSCMSKEAUsesSkipjack;
- break;
- case /* XXXX */CKM_SKIPJACK_CFB8:
- err = PK11_WrapSymKey(/* XXXX */CKM_CMSRC2_WRAP, NULL, kek, bulkkey, encKey);
- whichKEA = NSSCMSKEAUsesSkipjack;
- break;
- default:
- /* XXXX what do we do here? Neither RC2 nor 3DES... */
- break;
- }
-
- PK11_FreeSymKey(kek); /* we do not need the KEK anymore */
- if (err != SECSuccess)
- goto loser;
-
- /* see RFC2630 12.3.1.1 "keyEncryptionAlgorithm must be ..." */
- /* params is the DER encoded key wrap algorithm (with parameters!) (XXX) */
- params = SEC_ASN1EncodeItem(arena, NULL, &keaParams, sec_pkcs7_get_kea_template(whichKEA));
- if (params == NULL)
- goto loser;
-
- /* now set keyEncAlg */
- rv = SECOID_SetAlgorithmID(poolp, keyEncAlg, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN, params);
- if (rv != SECSuccess)
- goto loser;
-
- /* XXXXXXX this is not right yet */
-loser:
- if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- if (publickey) {
- SECKEY_DestroyPublicKey(publickey);
- }
- if (ourPrivKey) {
- SECKEY_DestroyPrivateKey(ourPrivKey);
- }
-#endif
- return SECFailure;
-}
-
-PK11SymKey *
-NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey, SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg)
-{
-#if 0 /* not yet done */
- SECStatus err;
- CK_MECHANISM_TYPE bulkType;
- PK11SymKey *tek;
- SECKEYPublicKey *originatorPubKey;
- NSSCMSSMIMEKEAParameters keaParams;
-
- /* XXXX get originator's public key */
- originatorPubKey = PK11_MakeKEAPubKey(keaParams.originatorKEAKey.data,
- keaParams.originatorKEAKey.len);
- if (originatorPubKey == NULL)
- goto loser;
-
- /* Generate the TEK (token exchange key) which we use to unwrap the bulk encryption key.
- The Derive function generates a shared secret and combines it with the originatorRA
- data to come up with an unique session key */
- tek = PK11_PubDerive(privkey, originatorPubKey, PR_FALSE,
- &keaParams.originatorRA, NULL,
- CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP,
- CKA_WRAP, 0, pwfn_arg);
- SECKEY_DestroyPublicKey(originatorPubKey); /* not needed anymore */
- if (tek == NULL)
- goto loser;
-
- /* Now that we have the TEK, unwrap the bulk key
- with which to decrypt the message. */
- /* Skipjack is being used as the bulk encryption algorithm.*/
- /* Unwrap the bulk key. */
- bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP, NULL,
- encKey, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
-
- return bulkkey;
-
-loser:
-#endif
- return NULL;
-}
-
diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c
deleted file mode 100644
index 45ac16658..000000000
--- a/security/nss/lib/smime/cmsrecinfo.c
+++ /dev/null
@@ -1,421 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS recipientInfo methods.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "key.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "secerr.h"
-
-/*
- * NSS_CMSRecipientInfo_Create - create a recipientinfo
- *
- * we currently do not create KeyAgreement recipientinfos with multiple recipientEncryptedKeys
- * the certificate is supposed to have been verified by the caller
- */
-NSSCMSRecipientInfo *
-NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert)
-{
- NSSCMSRecipientInfo *ri;
- void *mark;
- SECOidTag certalgtag;
- SECStatus rv;
- NSSCMSRecipientEncryptedKey *rek;
- NSSCMSOriginatorIdentifierOrKey *oiok;
- unsigned long version;
- SECItem *dummy;
- PLArenaPool *poolp;
-
- poolp = cmsg->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- ri = (NSSCMSRecipientInfo *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSRecipientInfo));
- if (ri == NULL)
- goto loser;
-
- ri->cmsg = cmsg;
- ri->cert = CERT_DupCertificate(cert);
- if (ri->cert == NULL)
- goto loser;
-
- certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
-
- switch (certalgtag) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- ri->recipientInfoType = NSSCMSRecipientInfoID_KeyTrans;
- /* hardcoded issuerSN choice for now */
- ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType = NSSCMSRecipientID_IssuerSN;
- ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert);
- if (ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN == NULL) {
- rv = SECFailure;
- break;
- }
- break;
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_KEA:
- /* backward compatibility - this is not really a keytrans operation */
- ri->recipientInfoType = NSSCMSRecipientInfoID_KeyTrans;
- /* hardcoded issuerSN choice for now */
- ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType = NSSCMSRecipientID_IssuerSN;
- ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert);
- if (ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN == NULL) {
- rv = SECFailure;
- break;
- }
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */
- /* a key agreement op */
- ri->recipientInfoType = NSSCMSRecipientInfoID_KeyAgree;
-
- if (ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN == NULL) {
- rv = SECFailure;
- break;
- }
- /* we do not support the case where multiple recipients
- * share the same KeyAgreeRecipientInfo and have multiple RecipientEncryptedKeys
- * in this case, we would need to walk all the recipientInfos, take the
- * ones that do KeyAgreement algorithms and join them, algorithm by algorithm
- * Then, we'd generate ONE ukm and OriginatorIdentifierOrKey */
-
- /* only epheremal-static Diffie-Hellman is supported for now
- * this is the only form of key agreement that provides potential anonymity
- * of the sender, plus we do not have to include certs in the message */
-
- /* force single recipientEncryptedKey for now */
- if ((rek = NSS_CMSRecipientEncryptedKey_Create(poolp)) == NULL) {
- rv = SECFailure;
- break;
- }
-
- /* hardcoded IssuerSN choice for now */
- rek->recipientIdentifier.identifierType = NSSCMSKeyAgreeRecipientID_IssuerSN;
- if ((rek->recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert)) == NULL) {
- rv = SECFailure;
- break;
- }
-
- oiok = &(ri->ri.keyAgreeRecipientInfo.originatorIdentifierOrKey);
-
- /* see RFC2630 12.3.1.1 */
- oiok->identifierType = NSSCMSOriginatorIDOrKey_OriginatorPublicKey;
-
- rv = NSS_CMSArray_Add(poolp, (void ***)&ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys,
- (void *)rek);
-
- break;
- default:
- /* other algorithms not supported yet */
- /* NOTE that we do not support any KEK algorithm */
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- rv = SECFailure;
- break;
- }
-
- if (rv == SECFailure)
- goto loser;
-
- /* set version */
- switch (ri->recipientInfoType) {
- case NSSCMSRecipientInfoID_KeyTrans:
- if (ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType == NSSCMSRecipientID_IssuerSN)
- version = NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN;
- else
- version = NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY;
- dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.keyTransRecipientInfo.version), version);
- if (dummy == NULL)
- goto loser;
- break;
- case NSSCMSRecipientInfoID_KeyAgree:
- dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.keyAgreeRecipientInfo.version),
- NSS_CMS_KEYAGREE_RECIPIENT_INFO_VERSION);
- if (dummy == NULL)
- goto loser;
- break;
- case NSSCMSRecipientInfoID_KEK:
- /* NOTE: this cannot happen as long as we do not support any KEK algorithm */
- dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.kekRecipientInfo.version),
- NSS_CMS_KEK_RECIPIENT_INFO_VERSION);
- if (dummy == NULL)
- goto loser;
- break;
-
- }
-
- PORT_ArenaUnmark (poolp, mark);
- return ri;
-
-loser:
- PORT_ArenaRelease (poolp, mark);
- return NULL;
-}
-
-void
-NSS_CMSRecipientInfo_Destroy(NSSCMSRecipientInfo *ri)
-{
- /* version was allocated on the pool, so no need to destroy it */
- /* issuerAndSN was allocated on the pool, so no need to destroy it */
- if (ri->cert != NULL)
- CERT_DestroyCertificate(ri->cert);
- /* recipientInfo structure itself was allocated on the pool, so no need to destroy it */
- /* we're done. */
-}
-
-int
-NSS_CMSRecipientInfo_GetVersion(NSSCMSRecipientInfo *ri)
-{
- unsigned long version;
- SECItem *versionitem;
-
- switch (ri->recipientInfoType) {
- case NSSCMSRecipientInfoID_KeyTrans:
- /* ignore subIndex */
- versionitem = &(ri->ri.keyTransRecipientInfo.version);
- break;
- case NSSCMSRecipientInfoID_KEK:
- /* ignore subIndex */
- versionitem = &(ri->ri.kekRecipientInfo.version);
- break;
- case NSSCMSRecipientInfoID_KeyAgree:
- versionitem = &(ri->ri.keyAgreeRecipientInfo.version);
- break;
- }
- /* always take apart the SECItem */
- if (SEC_ASN1DecodeInteger(versionitem, &version) != SECSuccess)
- return 0;
- else
- return (int)version;
-}
-
-SECItem *
-NSS_CMSRecipientInfo_GetEncryptedKey(NSSCMSRecipientInfo *ri, int subIndex)
-{
- SECItem *enckey;
-
- switch (ri->recipientInfoType) {
- case NSSCMSRecipientInfoID_KeyTrans:
- /* ignore subIndex */
- enckey = &(ri->ri.keyTransRecipientInfo.encKey);
- break;
- case NSSCMSRecipientInfoID_KEK:
- /* ignore subIndex */
- enckey = &(ri->ri.kekRecipientInfo.encKey);
- break;
- case NSSCMSRecipientInfoID_KeyAgree:
- enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey);
- break;
- }
- return enckey;
-}
-
-
-SECOidTag
-NSS_CMSRecipientInfo_GetKeyEncryptionAlgorithmTag(NSSCMSRecipientInfo *ri)
-{
- SECOidTag encalgtag;
-
- switch (ri->recipientInfoType) {
- case NSSCMSRecipientInfoID_KeyTrans:
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg));
- break;
- case NSSCMSRecipientInfoID_KeyAgree:
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg));
- break;
- case NSSCMSRecipientInfoID_KEK:
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg));
- break;
- }
- return encalgtag;
-}
-
-SECStatus
-NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, SECOidTag bulkalgtag)
-{
- CERTCertificate *cert;
- SECOidTag certalgtag;
- SECStatus rv;
- SECItem *params = NULL;
- NSSCMSRecipientEncryptedKey *rek;
- NSSCMSOriginatorIdentifierOrKey *oiok;
- PLArenaPool *poolp;
-
- poolp = ri->cmsg->poolp;
- cert = ri->cert;
- PORT_Assert (cert != NULL);
- if (cert == NULL)
- return SECFailure;
-
- /* XXX set ri->recipientInfoType to the proper value here */
- /* or should we look if it's been set already ? */
-
- certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
- switch (certalgtag) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- /* wrap the symkey */
- if (NSS_CMSUtil_EncryptSymKey_RSA(poolp, cert, bulkkey, &ri->ri.keyTransRecipientInfo.encKey) != SECSuccess) {
- rv = SECFailure;
- break;
- }
-
- rv = SECOID_SetAlgorithmID(poolp, &(ri->ri.keyTransRecipientInfo.keyEncAlg), certalgtag, NULL);
- break;
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_KEA:
- rv = NSS_CMSUtil_EncryptSymKey_MISSI(poolp, cert, bulkkey,
- bulkalgtag,
- &ri->ri.keyTransRecipientInfo.encKey,
- &params, ri->cmsg->pwfn_arg);
- if (rv != SECSuccess)
- break;
-
- /* here, we DO need to pass the params to the wrap function because, with
- * RSA, there is no funny stuff going on with generation of IV vectors or so */
- rv = SECOID_SetAlgorithmID(poolp, &(ri->ri.keyTransRecipientInfo.keyEncAlg), certalgtag, params);
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */
- rek = ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[0];
- if (rek == NULL) {
- rv = SECFailure;
- break;
- }
-
- oiok = &(ri->ri.keyAgreeRecipientInfo.originatorIdentifierOrKey);
- PORT_Assert(oiok->identifierType == NSSCMSOriginatorIDOrKey_OriginatorPublicKey);
-
- /* see RFC2630 12.3.1.1 */
- if (SECOID_SetAlgorithmID(poolp, &oiok->id.originatorPublicKey.algorithmIdentifier,
- SEC_OID_X942_DIFFIE_HELMAN_KEY, NULL) != SECSuccess) {
- rv = SECFailure;
- break;
- }
-
- /* this will generate a key pair, compute the shared secret, */
- /* derive a key and ukm for the keyEncAlg out of it, encrypt the bulk key with */
- /* the keyEncAlg, set encKey, keyEncAlg, publicKey etc. */
- rv = NSS_CMSUtil_EncryptSymKey_ESDH(poolp, cert, bulkkey,
- &rek->encKey,
- &ri->ri.keyAgreeRecipientInfo.ukm,
- &ri->ri.keyAgreeRecipientInfo.keyEncAlg,
- &oiok->id.originatorPublicKey.publicKey);
-
- break;
- default:
- /* other algorithms not supported yet */
- /* NOTE that we do not support any KEK algorithm */
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- rv = SECFailure;
- break;
- }
- return rv;
-}
-
-PK11SymKey *
-NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag)
-{
- PK11SymKey *bulkkey = NULL;
- SECAlgorithmID *encalg;
- SECOidTag encalgtag;
- SECItem *enckey;
- int error;
-
- ri->cert = cert; /* mark the recipientInfo so we can find it later */
-
- switch (ri->recipientInfoType) {
- case NSSCMSRecipientInfoID_KeyTrans:
- encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg);
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg));
- enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */
- switch (encalgtag) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- /* RSA encryption algorithm: */
- /* get the symmetric (bulk) key by unwrapping it using our private key */
- bulkkey = NSS_CMSUtil_DecryptSymKey_RSA(privkey, enckey, bulkalgtag);
- break;
- case SEC_OID_NETSCAPE_SMIME_KEA:
- /* FORTEZZA key exchange algorithm */
- /* the supplemental data is in the parameters of encalg */
- bulkkey = NSS_CMSUtil_DecryptSymKey_MISSI(privkey, enckey, encalg, bulkalgtag, ri->cmsg->pwfn_arg);
- break;
- default:
- error = SEC_ERROR_UNSUPPORTED_KEYALG;
- goto loser;
- }
- break;
- case NSSCMSRecipientInfoID_KeyAgree:
- encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg);
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg));
- enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey);
- switch (encalgtag) {
- case SEC_OID_X942_DIFFIE_HELMAN_KEY:
- /* Diffie-Helman key exchange */
- /* XXX not yet implemented */
- /* XXX problem: SEC_OID_X942_DIFFIE_HELMAN_KEY points to a PKCS3 mechanism! */
- /* we support ephemeral-static DH only, so if the recipientinfo */
- /* has originator stuff in it, we punt (or do we? shouldn't be that hard...) */
- /* first, we derive the KEK (a symkey!) using a Derive operation, then we get the */
- /* content encryption key using a Unwrap op */
- /* the derive operation has to generate the key using the algorithm in RFC2631 */
- error = SEC_ERROR_UNSUPPORTED_KEYALG;
- break;
- default:
- error = SEC_ERROR_UNSUPPORTED_KEYALG;
- goto loser;
- }
- break;
- case NSSCMSRecipientInfoID_KEK:
- encalg = &(ri->ri.kekRecipientInfo.keyEncAlg);
- encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg));
- enckey = &(ri->ri.kekRecipientInfo.encKey);
- /* not supported yet */
- error = SEC_ERROR_UNSUPPORTED_KEYALG;
- goto loser;
- break;
- }
- /* XXXX continue here */
- return bulkkey;
-
-loser:
- return NULL;
-}
diff --git a/security/nss/lib/smime/cmsreclist.c b/security/nss/lib/smime/cmsreclist.c
deleted file mode 100644
index b6fc62ee4..000000000
--- a/security/nss/lib/smime/cmsreclist.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS recipient list functions
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "key.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "prtime.h"
-#include "secerr.h"
-
-static int
-nss_cms_recipients_traverse(NSSCMSRecipientInfo **recipientinfos, NSSCMSRecipient **recipient_list)
-{
- int count = 0;
- int rlindex = 0;
- int i, j;
- NSSCMSRecipient *rle;
- NSSCMSRecipientInfo *ri;
- NSSCMSRecipientEncryptedKey *rek;
-
- for (i = 0; recipientinfos[i] != NULL; i++) {
- ri = recipientinfos[i];
- switch (ri->recipientInfoType) {
- case NSSCMSRecipientInfoID_KeyTrans:
- if (recipient_list) {
- /* alloc one & fill it out */
- rle = (NSSCMSRecipient *)PORT_ZAlloc(sizeof(NSSCMSRecipient));
- if (rle == NULL)
- return -1;
-
- rle->riIndex = i;
- rle->subIndex = -1;
- switch (ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType) {
- case NSSCMSRecipientID_IssuerSN:
- rle->kind = RLIssuerSN;
- rle->id.issuerAndSN = ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN;
- break;
- case NSSCMSRecipientID_SubjectKeyID:
- rle->kind = RLSubjKeyID;
- rle->id.subjectKeyID = ri->ri.keyTransRecipientInfo.recipientIdentifier.id.subjectKeyID;
- break;
- }
- recipient_list[rlindex++] = rle;
- } else {
- count++;
- }
- break;
- case NSSCMSRecipientInfoID_KeyAgree:
- if (ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys == NULL)
- break;
- for (j=0; ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[j] != NULL; j++) {
- if (recipient_list) {
- rek = ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[j];
- /* alloc one & fill it out */
- rle = (NSSCMSRecipient *)PORT_ZAlloc(sizeof(NSSCMSRecipient));
- if (rle == NULL)
- return -1;
-
- rle->riIndex = i;
- rle->subIndex = j;
- switch (rek->recipientIdentifier.identifierType) {
- case NSSCMSKeyAgreeRecipientID_IssuerSN:
- rle->kind = RLIssuerSN;
- rle->id.issuerAndSN = rek->recipientIdentifier.id.issuerAndSN;
- break;
- case NSSCMSKeyAgreeRecipientID_RKeyID:
- rle->kind = RLSubjKeyID;
- rle->id.subjectKeyID = rek->recipientIdentifier.id.recipientKeyIdentifier.subjectKeyIdentifier;
- break;
- }
- recipient_list[rlindex++] = rle;
- } else {
- count++;
- }
- }
- break;
- case NSSCMSRecipientInfoID_KEK:
- /* KEK is not implemented */
- break;
- }
- }
- /* if we have a recipient list, we return on success (-1, above, on failure) */
- /* otherwise, we return the count. */
- if (recipient_list) {
- recipient_list[rlindex] = NULL;
- return 0;
- } else {
- return count;
- }
-}
-
-NSSCMSRecipient **
-nss_cms_recipient_list_create(NSSCMSRecipientInfo **recipientinfos)
-{
- int count, rv;
- NSSCMSRecipient **recipient_list;
-
- /* count the number of recipient identifiers */
- count = nss_cms_recipients_traverse(recipientinfos, NULL);
- if (count <= 0) {
- /* no recipients? */
- PORT_SetError(SEC_ERROR_BAD_DATA);
-#if 0
- PORT_SetErrorString("Cannot find recipient data in envelope.");
-#endif
- return NULL;
- }
-
- /* allocate an array of pointers */
- recipient_list = (NSSCMSRecipient **)
- PORT_ZAlloc((count + 1) * sizeof(NSSCMSRecipient *));
- if (recipient_list == NULL)
- return NULL;
-
- /* now fill in the recipient_list */
- rv = nss_cms_recipients_traverse(recipientinfos, recipient_list);
- if (rv < 0) {
- nss_cms_recipient_list_destroy(recipient_list);
- return NULL;
- }
- return recipient_list;
-}
-
-void
-nss_cms_recipient_list_destroy(NSSCMSRecipient **recipient_list)
-{
- int i;
- NSSCMSRecipient *recipient;
-
- for (i=0; recipient_list[i] != NULL; i++) {
- recipient = recipient_list[i];
- if (recipient->cert)
- CERT_DestroyCertificate(recipient->cert);
- if (recipient->privkey)
- SECKEY_DestroyPrivateKey(recipient->privkey);
- if (recipient->slot)
- PK11_FreeSlot(recipient->slot);
- PORT_Free(recipient);
- }
- PORT_Free(recipient_list);
-}
-
-NSSCMSRecipientEncryptedKey *
-NSS_CMSRecipientEncryptedKey_Create(PLArenaPool *poolp)
-{
- return (NSSCMSRecipientEncryptedKey *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSRecipientEncryptedKey));
-}
diff --git a/security/nss/lib/smime/cmsreclist.h b/security/nss/lib/smime/cmsreclist.h
deleted file mode 100644
index 32ff188ef..000000000
--- a/security/nss/lib/smime/cmsreclist.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * $Id$
- */
-
-#ifndef _CMSRECLIST_H
-#define _CMSRECLIST_H
-
-struct NSSCMSRecipientStr {
- int riIndex; /* this recipient's index in recipientInfo array */
- int subIndex; /* index into recipientEncryptedKeys */
- /* (only in NSSCMSKeyAgreeRecipientInfoStr) */
- enum {RLIssuerSN, RLSubjKeyID} kind; /* for conversion recipientinfos -> recipientlist */
- union {
- CERTIssuerAndSN * issuerAndSN;
- SECItem * subjectKeyID;
- } id;
-
- /* result data (filled out for each recipient that's us) */
- CERTCertificate * cert;
- SECKEYPrivateKey * privkey;
- PK11SlotInfo * slot;
-};
-
-typedef struct NSSCMSRecipientStr NSSCMSRecipient;
-
-#endif /* _CMSRECLIST_H */
diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c
deleted file mode 100644
index 9b39871cd..000000000
--- a/security/nss/lib/smime/cmssigdata.c
+++ /dev/null
@@ -1,850 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS signedData methods.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "cdbhdl.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "secerr.h"
-
-NSSCMSSignedData *
-NSS_CMSSignedData_Create(NSSCMSMessage *cmsg)
-{
- void *mark;
- NSSCMSSignedData *sigd;
- PLArenaPool *poolp;
-
- poolp = cmsg->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- sigd = (NSSCMSSignedData *)PORT_ArenaZAlloc (poolp, sizeof(NSSCMSSignedData));
- if (sigd == NULL)
- goto loser;
-
- sigd->cmsg = cmsg;
-
- /* signerInfos, certs, certlists, crls are all empty */
- /* version is set in NSS_CMSSignedData_Finalize() */
-
- PORT_ArenaUnmark(poolp, mark);
- return sigd;
-
-loser:
- PORT_ArenaRelease(poolp, mark);
- return NULL;
-}
-
-void
-NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd)
-{
- CERTCertificate **certs, *cert;
- CERTCertificateList **certlists, *certlist;
- NSSCMSSignerInfo **signerinfos, *si;
-
- if (sigd == NULL)
- return;
-
- certs = sigd->certs;
- certlists = sigd->certLists;
- signerinfos = sigd->signerInfos;
-
- if (certs != NULL) {
- while ((cert = *certs++) != NULL)
- CERT_DestroyCertificate (cert);
- }
-
- if (certlists != NULL) {
- while ((certlist = *certlists++) != NULL)
- CERT_DestroyCertificateList (certlist);
- }
-
- if (signerinfos != NULL) {
- while ((si = *signerinfos++) != NULL)
- NSS_CMSSignerInfo_Destroy(si);
- }
-
- /* everything's in a pool, so don't worry about the storage */
-}
-
-/*
- * NSS_CMSSignedData_Encode_BeforeStart - do all the necessary things to a SignedData
- * before start of encoding.
- *
- * In detail:
- * - find out about the right value to put into sigd->version
- * - come up with a list of digestAlgorithms (which should be the union of the algorithms
- * in the signerinfos).
- * If we happen to have a pre-set list of algorithms (and digest values!), we
- * check if we have all the signerinfos' algorithms. If not, this is an error.
- */
-SECStatus
-NSS_CMSSignedData_Encode_BeforeStart(NSSCMSSignedData *sigd)
-{
- NSSCMSSignerInfo **signerinfos, *signerinfo;
- SECOidTag digestalgtag;
- SECItem *dummy;
- int version;
- SECStatus rv;
- PRBool haveDigests = PR_FALSE;
- int n, i;
- PLArenaPool *poolp;
-
- poolp = sigd->cmsg->poolp;
-
- /* we assume that we have precomputed digests if there is a list of algorithms, and */
- /* a chunk of data for each of those algorithms */
- if (sigd->digestAlgorithms != NULL && sigd->digests != NULL) {
- for (i=0; sigd->digestAlgorithms[i] != NULL; i++) {
- if (sigd->digests[i] == NULL)
- break;
- }
- if (sigd->digestAlgorithms[i] == NULL) /* reached the end of the array? */
- haveDigests = PR_TRUE; /* yes: we must have all the digests */
- }
-
- version = NSS_CMS_SIGNED_DATA_VERSION_BASIC;
-
- /* RFC2630 5.1 "version is the syntax version number..." */
- if (NSS_CMSContentInfo_GetContentTypeTag(&(sigd->contentInfo)) != SEC_OID_PKCS7_DATA)
- version = NSS_CMS_SIGNED_DATA_VERSION_EXT;
-
- signerinfos = sigd->signerInfos;
- /* prepare all the SignerInfos */
- for (i = 0; signerinfos[i] != NULL; i++) {
- signerinfo = signerinfos[i];
-
- /* RFC2630 5.1 "version is the syntax version number..." */
- if (NSS_CMSSignerInfo_GetVersion(signerinfo) != NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN)
- version = NSS_CMS_SIGNED_DATA_VERSION_EXT;
-
- /* collect digestAlgorithms from SignerInfos */
- /* (we need to know which algorithms we have when the content comes in) */
- /* do not overwrite any existing digestAlgorithms (and digest) */
- digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
- n = NSS_CMSAlgArray_GetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);
- if (n < 0 && haveDigests) {
- /* oops, there is a digestalg we do not have a digest for */
- /* but we were supposed to have all the digests already... */
- goto loser;
- } else if (n < 0) {
- /* add the digestAlgorithm & a NULL digest */
- rv = NSS_CMSSignedData_AddDigest(poolp, sigd, digestalgtag, NULL);
- if (rv != SECSuccess)
- goto loser;
- } else {
- /* found it, nothing to do */
- }
- }
-
- dummy = SEC_ASN1EncodeInteger(poolp, &(sigd->version), (long)version);
- if (dummy == NULL)
- return SECFailure;
-
- /* this is a SET OF, so we need to sort them guys */
- rv = NSS_CMSArray_SortByDER((void **)sigd->digestAlgorithms, SECOID_AlgorithmIDTemplate,
- (void **)sigd->digests);
- if (rv != SECSuccess)
- return SECFailure;
-
- return SECSuccess;
-
-loser:
- return SECFailure;
-}
-
-SECStatus
-NSS_CMSSignedData_Encode_BeforeData(NSSCMSSignedData *sigd)
-{
- /* set up the digests */
- if (sigd->digestAlgorithms != NULL) {
- sigd->contentInfo.digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms);
- if (sigd->contentInfo.digcx == NULL)
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * NSS_CMSSignedData_Encode_AfterData - do all the necessary things to a SignedData
- * after all the encapsulated data was passed through the encoder.
- *
- * In detail:
- * - create the signatures in all the SignerInfos
- *
- * Please note that nothing is done to the Certificates and CRLs in the message - this
- * is entirely the responsibility of our callers.
- */
-SECStatus
-NSS_CMSSignedData_Encode_AfterData(NSSCMSSignedData *sigd)
-{
- NSSCMSSignerInfo **signerinfos, *signerinfo;
- NSSCMSContentInfo *cinfo;
- SECOidTag digestalgtag;
- SECStatus ret = SECFailure;
- SECStatus rv;
- SECItem *contentType;
- int certcount;
- int i, ci, cli, n, rci, si;
- PLArenaPool *poolp;
- CERTCertificateList *certlist;
- extern const SEC_ASN1Template NSSCMSSignerInfoTemplate[];
-
- poolp = sigd->cmsg->poolp;
- cinfo = &(sigd->contentInfo);
-
- /* did we have digest calculation going on? */
- if (cinfo->digcx) {
- rv = NSS_CMSDigestContext_FinishMultiple(cinfo->digcx, poolp, &(sigd->digests));
- if (rv != SECSuccess)
- goto loser; /* error has been set by NSS_CMSDigestContext_FinishMultiple */
- cinfo->digcx = NULL;
- }
-
- signerinfos = sigd->signerInfos;
- certcount = 0;
-
- /* prepare all the SignerInfos */
- for (i = 0; signerinfos[i] != NULL; i++) {
- signerinfo = signerinfos[i];
-
- /* find correct digest for this signerinfo */
- digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
- n = NSS_CMSAlgArray_GetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);
- if (n < 0 || sigd->digests == NULL || sigd->digests[n] == NULL) {
- /* oops - digest not found */
- PORT_SetError(SEC_ERROR_DIGEST_NOT_FOUND);
- goto loser;
- }
-
- /* XXX if our content is anything else but data, we need to force the
- * presence of signed attributes (RFC2630 5.3 "signedAttributes is a
- * collection...") */
-
- /* pass contentType here as we want a contentType attribute */
- if ((contentType = NSS_CMSContentInfo_GetContentTypeOID(cinfo)) == NULL)
- goto loser;
-
- /* sign the thing */
- rv = NSS_CMSSignerInfo_Sign(signerinfo, sigd->digests[n], contentType);
- if (rv != SECSuccess)
- goto loser;
-
- /* while we're at it, count number of certs in certLists */
- certlist = NSS_CMSSignerInfo_GetCertList(signerinfo);
- if (certlist)
- certcount += certlist->len;
- }
-
- /* this is a SET OF, so we need to sort them guys */
- rv = NSS_CMSArray_SortByDER((void **)signerinfos, NSSCMSSignerInfoTemplate, NULL);
- if (rv != SECSuccess)
- goto loser;
-
- /*
- * now prepare certs & crls
- */
-
- /* count the rest of the certs */
- if (sigd->certs != NULL) {
- for (ci = 0; sigd->certs[ci] != NULL; ci++)
- certcount++;
- }
-
- if (sigd->certLists != NULL) {
- for (cli = 0; sigd->certLists[cli] != NULL; cli++)
- certcount += sigd->certLists[cli]->len;
- }
-
- if (certcount == 0) {
- sigd->rawCerts = NULL;
- } else {
- /*
- * Combine all of the certs and cert chains into rawcerts.
- * Note: certcount is an upper bound; we may not need that many slots
- * but we will allocate anyway to avoid having to do another pass.
- * (The temporary space saving is not worth it.)
- *
- * XXX ARGH - this NEEDS to be fixed. need to come up with a decent
- * SetOfDERcertficates implementation
- */
- sigd->rawCerts = (SECItem **)PORT_ArenaAlloc(poolp, (certcount + 1) * sizeof(SECItem *));
- if (sigd->rawCerts == NULL)
- return SECFailure;
-
- /*
- * XXX Want to check for duplicates and not add *any* cert that is
- * already in the set. This will be more important when we start
- * dealing with larger sets of certs, dual-key certs (signing and
- * encryption), etc. For the time being we can slide by...
- *
- * XXX ARGH - this NEEDS to be fixed. need to come up with a decent
- * SetOfDERcertficates implementation
- */
- rci = 0;
- if (signerinfos != NULL) {
- for (si = 0; signerinfos[si] != NULL; si++) {
- signerinfo = signerinfos[si];
- for (ci = 0; ci < signerinfo->certList->len; ci++)
- sigd->rawCerts[rci++] = &(signerinfo->certList->certs[ci]);
- }
- }
-
- if (sigd->certs != NULL) {
- for (ci = 0; sigd->certs[ci] != NULL; ci++)
- sigd->rawCerts[rci++] = &(sigd->certs[ci]->derCert);
- }
-
- if (sigd->certLists != NULL) {
- for (cli = 0; sigd->certLists[cli] != NULL; cli++) {
- for (ci = 0; ci < sigd->certLists[cli]->len; ci++)
- sigd->rawCerts[rci++] = &(sigd->certLists[cli]->certs[ci]);
- }
- }
-
- sigd->rawCerts[rci] = NULL;
-
- /* this is a SET OF, so we need to sort them guys - we have the DER already, though */
- NSS_CMSArray_Sort((void **)sigd->rawCerts, NSS_CMSUtil_DERCompare, NULL, NULL);
- }
-
- ret = SECSuccess;
-
-loser:
- return ret;
-}
-
-SECStatus
-NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd)
-{
- /* set up the digests */
- if (sigd->digestAlgorithms != NULL && sigd->digests == NULL) {
- /* if digests are already there, do nothing */
- sigd->contentInfo.digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms);
- if (sigd->contentInfo.digcx == NULL)
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * NSS_CMSSignedData_Decode_AfterData - do all the necessary things to a SignedData
- * after all the encapsulated data was passed through the decoder.
- */
-SECStatus
-NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd)
-{
- /* did we have digest calculation going on? */
- if (sigd->contentInfo.digcx) {
- if (NSS_CMSDigestContext_FinishMultiple(sigd->contentInfo.digcx, sigd->cmsg->poolp, &(sigd->digests)) != SECSuccess)
- return SECFailure; /* error has been set by NSS_CMSDigestContext_FinishMultiple */
- sigd->contentInfo.digcx = NULL;
- }
- return SECSuccess;
-}
-
-/*
- * NSS_CMSSignedData_Decode_AfterEnd - do all the necessary things to a SignedData
- * after all decoding is finished.
- */
-SECStatus
-NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd)
-{
- NSSCMSSignerInfo **signerinfos;
- int i;
-
- /* set cmsg for all the signerinfos */
- signerinfos = sigd->signerInfos;
-
- /* set cmsg for all the signerinfos */
- for (i = 0; signerinfos[i] != NULL; i++)
- signerinfos[i]->cmsg = sigd->cmsg;
-
- return SECSuccess;
-}
-
-/*
- * NSS_CMSSignedData_GetSignerInfos - retrieve the SignedData's signer list
- */
-NSSCMSSignerInfo **
-NSS_CMSSignedData_GetSignerInfos(NSSCMSSignedData *sigd)
-{
- return sigd->signerInfos;
-}
-
-int
-NSS_CMSSignedData_SignerInfoCount(NSSCMSSignedData *sigd)
-{
- return NSS_CMSArray_Count((void **)sigd->signerInfos);
-}
-
-NSSCMSSignerInfo *
-NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
-{
- return sigd->signerInfos[i];
-}
-
-/*
- * NSS_CMSSignedData_GetDigestAlgs - retrieve the SignedData's digest algorithm list
- */
-SECAlgorithmID **
-NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd)
-{
- return sigd->digestAlgorithms;
-}
-
-/*
- * NSS_CMSSignedData_GetContentInfo - return pointer to this signedData's contentinfo
- */
-NSSCMSContentInfo *
-NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd)
-{
- return &(sigd->contentInfo);
-}
-
-/*
- * NSS_CMSSignedData_GetCertificateList - retrieve the SignedData's certificate list
- */
-SECItem **
-NSS_CMSSignedData_GetCertificateList(NSSCMSSignedData *sigd)
-{
- return sigd->rawCerts;
-}
-
-SECStatus
-NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb,
- SECCertUsage certusage, PRBool keepcerts)
-{
- int certcount;
- SECStatus rv;
- int i;
-
- certcount = NSS_CMSArray_Count((void **)sigd->rawCerts);
-
- rv = CERT_ImportCerts(certdb, certusage, certcount, sigd->rawCerts, NULL,
- keepcerts, PR_FALSE, NULL);
-
- /* XXX CRL handling */
-
- if (sigd->signerInfos != NULL) {
- /* fill in all signerinfo's certs */
- for (i = 0; sigd->signerInfos[i] != NULL; i++)
- (void)NSS_CMSSignerInfo_GetSigningCertificate(sigd->signerInfos[i], certdb);
- }
-
- return rv;
-}
-
-/*
- * XXX the digests need to be passed in BETWEEN the decoding and the verification in case
- * of external signatures!
- */
-
-/*
- * NSS_CMSSignedData_VerifySignerInfo - check the signatures.
- *
- * The digests were either calculated during decoding (and are stored in the
- * signedData itself) or set after decoding using NSS_CMSSignedData_SetDigests.
- *
- * The verification checks if the signing cert is valid and has a trusted chain
- * for the purpose specified by "certusage".
- */
-SECStatus
-NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i,
- CERTCertDBHandle *certdb, SECCertUsage certusage)
-{
- NSSCMSSignerInfo *signerinfo;
- NSSCMSContentInfo *cinfo;
- SECOidData *algiddata;
- SECItem *contentType, *digest;
-
- cinfo = &(sigd->contentInfo);
-
- signerinfo = sigd->signerInfos[i];
-
- /* verify certificate */
- if (NSS_CMSSignerInfo_VerifyCertificate(signerinfo, certdb, certusage) != SECSuccess)
- return SECFailure; /* error is set by NSS_CMSSignerInfo_VerifyCertificate */
-
- /* find digest and contentType for signerinfo */
- algiddata = NSS_CMSSignerInfo_GetDigestAlg(signerinfo);
- digest = NSS_CMSSignedData_GetDigestByAlgTag(sigd, algiddata->offset);
- contentType = NSS_CMSContentInfo_GetContentTypeOID(cinfo);
-
- /* now verify signature */
- return NSS_CMSSignerInfo_Verify(signerinfo, digest, contentType);
-}
-
-/*
- * NSS_CMSSignedData_HasDigests - see if we have digests in place
- */
-PRBool
-NSS_CMSSignedData_HasDigests(NSSCMSSignedData *sigd)
-{
- return (sigd->digests != NULL);
-}
-
-SECStatus
-NSS_CMSSignedData_AddCertList(NSSCMSSignedData *sigd, CERTCertificateList *certlist)
-{
- SECStatus rv;
-
- PORT_Assert(certlist != NULL);
-
- if (certlist == NULL)
- return SECFailure;
-
- /* XXX memory?? a certlist has an arena of its own and is not refcounted!?!? */
- rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->certLists), (void *)certlist);
-
- return rv;
-}
-
-/*
- * NSS_CMSSignedData_AddCertChain - add cert and its entire chain to the set of certs
- */
-SECStatus
-NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert)
-{
- CERTCertificateList *certlist;
- SECCertUsage usage;
- SECStatus rv;
-
- usage = certUsageEmailSigner;
-
- /* do not include root */
- certlist = CERT_CertChainFromCert(cert, usage, PR_FALSE);
- if (certlist == NULL)
- return SECFailure;
-
- rv = NSS_CMSSignedData_AddCertList(sigd, certlist);
- CERT_DestroyCertificateList(certlist);
-
- return rv;
-}
-
-SECStatus
-NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert)
-{
- CERTCertificate *c;
- SECStatus rv;
-
- PORT_Assert(cert != NULL);
-
- if (cert == NULL)
- return SECFailure;
-
- c = CERT_DupCertificate(cert);
- rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->certs), (void *)c);
- return rv;
-}
-
-PRBool
-NSS_CMSSignedData_ContainsCertsOrCrls(NSSCMSSignedData *sigd)
-{
- if (sigd->rawCerts != NULL && sigd->rawCerts[0] != NULL)
- return PR_TRUE;
- else if (sigd->crls != NULL && sigd->crls[0] != NULL)
- return PR_TRUE;
- else
- return PR_FALSE;
-}
-
-SECStatus
-NSS_CMSSignedData_AddSignerInfo(NSSCMSSignedData *sigd,
- NSSCMSSignerInfo *signerinfo)
-{
- void *mark;
- SECStatus rv;
- SECOidTag digestalgtag;
- PLArenaPool *poolp;
-
- poolp = sigd->cmsg->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- /* add signerinfo */
- rv = NSS_CMSArray_Add(poolp, (void ***)&(sigd->signerInfos), (void *)signerinfo);
- if (rv != SECSuccess)
- goto loser;
-
- /*
- * add empty digest
- * Empty because we don't have it yet. Either it gets created during encoding
- * (if the data is present) or has to be set externally.
- * XXX maybe pass it in optionally?
- */
- digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
- rv = NSS_CMSSignedData_SetDigestValue(sigd, digestalgtag, NULL);
- if (rv != SECSuccess)
- goto loser;
-
- /*
- * The last thing to get consistency would be adding the digest.
- */
-
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease (poolp, mark);
- return SECFailure;
-}
-
-SECItem *
-NSS_CMSSignedData_GetDigestByAlgTag(NSSCMSSignedData *sigd, SECOidTag algtag)
-{
- int idx;
-
- idx = NSS_CMSAlgArray_GetIndexByAlgTag(sigd->digestAlgorithms, algtag);
- return sigd->digests[idx];
-}
-
-/*
- * NSS_CMSSignedData_SetDigests - set a signedData's digests member
- *
- * "digestalgs" - array of digest algorithm IDs
- * "digests" - array of digests corresponding to the digest algorithms
- */
-SECStatus
-NSS_CMSSignedData_SetDigests(NSSCMSSignedData *sigd,
- SECAlgorithmID **digestalgs,
- SECItem **digests)
-{
- int cnt, i, idx;
-
- if (sigd->digestAlgorithms == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- /* we assume that the digests array is just not there yet */
- PORT_Assert(sigd->digests == NULL);
- if (sigd->digests != NULL) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
-
- /* now allocate one (same size as digestAlgorithms) */
- cnt = NSS_CMSArray_Count((void **)sigd->digestAlgorithms);
- sigd->digests = PORT_ArenaZAlloc(sigd->cmsg->poolp, (cnt + 1) * sizeof(SECItem *));
- if (sigd->digests == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- for (i = 0; sigd->digestAlgorithms[i] != NULL; i++) {
- /* try to find the sigd's i'th digest algorithm in the array we passed in */
- idx = NSS_CMSAlgArray_GetIndexByAlgID(digestalgs, sigd->digestAlgorithms[i]);
- if (idx < 0) {
- PORT_SetError(SEC_ERROR_DIGEST_NOT_FOUND);
- return SECFailure;
- }
-
- /* found it - now set it */
- if ((sigd->digests[i] = SECITEM_AllocItem(sigd->cmsg->poolp, NULL, 0)) == NULL ||
- SECITEM_CopyItem(sigd->cmsg->poolp, sigd->digests[i], digests[idx]) != SECSuccess)
- {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- }
- return SECSuccess;
-}
-
-SECStatus
-NSS_CMSSignedData_SetDigestValue(NSSCMSSignedData *sigd,
- SECOidTag digestalgtag,
- SECItem *digestdata)
-{
- SECItem *digest = NULL;
- PLArenaPool *poolp;
- void *mark;
- int n;
-
- poolp = sigd->cmsg->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- if (digestdata) {
- /* copy digestdata item to arena (in case we have it and are not only making room) */
- if (SECITEM_CopyItem(poolp, digest, digestdata) != SECSuccess)
- goto loser;
- }
-
- n = -1;
- if (sigd->digestAlgorithms != NULL)
- n = NSS_CMSAlgArray_GetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);
-
- /* if not found, add a digest */
- if (n < 0) {
- if (NSS_CMSSignedData_AddDigest(poolp, sigd, digestalgtag, digest) != SECSuccess)
- goto loser;
- } else {
- /* replace NULL pointer with digest item (and leak previous value) */
- sigd->digests[n] = digest;
- }
-
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
-}
-
-SECStatus
-NSS_CMSSignedData_AddDigest(PRArenaPool *poolp,
- NSSCMSSignedData *sigd,
- SECOidTag digestalgtag,
- SECItem *digest)
-{
- SECAlgorithmID *digestalg;
- void *mark;
-
- mark = PORT_ArenaMark(poolp);
-
- digestalg = PORT_ArenaZAlloc(poolp, sizeof(SECAlgorithmID));
- if (digestalg == NULL)
- goto loser;
-
- if (SECOID_SetAlgorithmID (poolp, digestalg, digestalgtag, NULL) != SECSuccess) /* no params */
- goto loser;
-
- if (NSS_CMSArray_Add(poolp, (void ***)&(sigd->digestAlgorithms), (void *)digestalg) != SECSuccess ||
- /* even if digest is NULL, add dummy to have same-size array */
- NSS_CMSArray_Add(poolp, (void ***)&(sigd->digests), (void *)digest) != SECSuccess)
- {
- goto loser;
- }
-
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
-}
-
-SECItem *
-NSS_CMSSignedData_GetDigestValue(NSSCMSSignedData *sigd, SECOidTag digestalgtag)
-{
- int n;
-
- if (sigd->digestAlgorithms == NULL)
- return NULL;
-
- n = NSS_CMSAlgArray_GetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);
-
- return (n < 0) ? NULL : sigd->digests[n];
-}
-
-/* =============================================================================
- * Misc. utility functions
- */
-
-/*
- * NSS_CMSSignedData_CreateCertsOnly - create a certs-only SignedData.
- *
- * cert - base certificates that will be included
- * include_chain - if true, include the complete cert chain for cert
- *
- * More certs and chains can be added via AddCertificate and AddCertChain.
- *
- * An error results in a return value of NULL and an error set.
- *
- * XXXX CRLs
- */
-NSSCMSSignedData *
-NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PRBool include_chain)
-{
- NSSCMSSignedData *sigd;
- void *mark;
- PLArenaPool *poolp;
- SECStatus rv;
-
- poolp = cmsg->poolp;
- mark = PORT_ArenaMark(poolp);
-
- sigd = NSS_CMSSignedData_Create(cmsg);
- if (sigd == NULL)
- goto loser;
-
- /* no signerinfos, thus no digestAlgorithms */
-
- /* but certs */
- if (include_chain) {
- rv = NSS_CMSSignedData_AddCertChain(sigd, cert);
- } else {
- rv = NSS_CMSSignedData_AddCertificate(sigd, cert);
- }
- if (rv != SECSuccess)
- goto loser;
-
- /* RFC2630 5.2 sez:
- * In the degenerate case where there are no signers, the
- * EncapsulatedContentInfo value being "signed" is irrelevant. In this
- * case, the content type within the EncapsulatedContentInfo value being
- * "signed" should be id-data (as defined in section 4), and the content
- * field of the EncapsulatedContentInfo value should be omitted.
- */
- rv = NSS_CMSContentInfo_SetContent_Data(cmsg, &(sigd->contentInfo), NULL, PR_TRUE);
- if (rv != SECSuccess)
- goto loser;
-
- PORT_ArenaUnmark(poolp, mark);
- return sigd;
-
-loser:
- if (sigd)
- NSS_CMSSignedData_Destroy(sigd);
- PORT_ArenaRelease(poolp, mark);
- return NULL;
-}
-
-/* TODO:
- * NSS_CMSSignerInfo_GetReceiptRequest()
- * NSS_CMSSignedData_HasReceiptRequest()
- * easy way to iterate over signers
- */
-
diff --git a/security/nss/lib/smime/cmssiginfo.c b/security/nss/lib/smime/cmssiginfo.c
deleted file mode 100644
index 76e5d8d66..000000000
--- a/security/nss/lib/smime/cmssiginfo.c
+++ /dev/null
@@ -1,871 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS signerInfo methods.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "key.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "prtime.h"
-#include "secerr.h"
-#include "cryptohi.h"
-
-#include "smime.h"
-
-/* =============================================================================
- * SIGNERINFO
- */
-
-NSSCMSSignerInfo *
-NSS_CMSSignerInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert, SECOidTag digestalgtag)
-{
- void *mark;
- NSSCMSSignerInfo *signerinfo;
- int version;
- PLArenaPool *poolp;
-
- poolp = cmsg->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- signerinfo = (NSSCMSSignerInfo *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSSignerInfo));
- if (signerinfo == NULL) {
- PORT_ArenaRelease(poolp, mark);
- return NULL;
- }
-
- if ((signerinfo->cert = CERT_DupCertificate(cert)) == NULL)
- goto loser;
-
- signerinfo->cmsg = cmsg;
-
- signerinfo->signerIdentifier.identifierType = NSSCMSSignerID_IssuerSN; /* hardcoded for now */
- if ((signerinfo->signerIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert)) == NULL)
- goto loser;
-
- /* set version right now */
- version = NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN;
- /* RFC2630 5.3 "version is the syntax version number. If the .... " */
- if (signerinfo->signerIdentifier.identifierType == NSSCMSSignerID_SubjectKeyID)
- version = NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY;
- (void)SEC_ASN1EncodeInteger(poolp, &(signerinfo->version), (long)version);
-
- if (SECOID_SetAlgorithmID(poolp, &signerinfo->digestAlg, digestalgtag, NULL) != SECSuccess)
- goto loser;
-
- PORT_ArenaUnmark(poolp, mark);
- return signerinfo;
-
-loser:
- PORT_ArenaRelease(poolp, mark);
- return NULL;
-}
-
-/*
- * NSS_CMSSignerInfo_Destroy - destroy a SignerInfo data structure
- */
-void
-NSS_CMSSignerInfo_Destroy(NSSCMSSignerInfo *si)
-{
- if (si->cert != NULL)
- CERT_DestroyCertificate(si->cert);
-
- /* XXX storage ??? */
-}
-
-/*
- * NSS_CMSSignerInfo_Sign - sign something
- *
- */
-SECStatus
-NSS_CMSSignerInfo_Sign(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType)
-{
- CERTCertificate *cert;
- SECKEYPrivateKey *privkey = NULL;
- SECOidTag digestalgtag;
- SECOidTag signalgtag;
- SECItem signature = { 0 };
- SECStatus rv;
- PLArenaPool *poolp, *tmppoolp;
-
- PORT_Assert (digest != NULL);
-
- poolp = signerinfo->cmsg->poolp;
-
- cert = signerinfo->cert;
-
- if ((privkey = PK11_FindKeyByAnyCert(cert, signerinfo->cmsg->pwfn_arg)) == NULL)
- goto loser;
-
- digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
- /*
- * XXX I think there should be a cert-level interface for this,
- * so that I do not have to know about subjectPublicKeyInfo...
- */
- signalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
-
- /* Fortezza MISSI have weird signature formats. Map them to standard DSA formats */
- signalgtag = PK11_FortezzaMapSig(signalgtag);
-
- if (signerinfo->authAttr != NULL) {
- SECItem encoded_attrs;
-
- /* find and fill in the message digest attribute. */
- rv = NSS_CMSAttributeArray_SetAttr(poolp, &(signerinfo->authAttr), SEC_OID_PKCS9_MESSAGE_DIGEST, digest, PR_FALSE);
- if (rv != SECSuccess)
- goto loser;
-
- if (contentType != NULL) {
- /* if the caller wants us to, find and fill in the content type attribute. */
- rv = NSS_CMSAttributeArray_SetAttr(poolp, &(signerinfo->authAttr), SEC_OID_PKCS9_CONTENT_TYPE, contentType, PR_FALSE);
- if (rv != SECSuccess)
- goto loser;
- }
-
- if ((tmppoolp = PORT_NewArena (1024)) == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /*
- * Before encoding, reorder the attributes so that when they
- * are encoded, they will be conforming DER, which is required
- * to have a specific order and that is what must be used for
- * the hash/signature. We do this here, rather than building
- * it into EncodeAttributes, because we do not want to do
- * such reordering on incoming messages (which also uses
- * EncodeAttributes) or our old signatures (and other "broken"
- * implementations) will not verify. So, we want to guarantee
- * that we send out good DER encodings of attributes, but not
- * to expect to receive them.
- */
- if (NSS_CMSAttributeArray_Reorder(signerinfo->authAttr) != SECSuccess)
- goto loser;
-
- encoded_attrs.data = NULL;
- encoded_attrs.len = 0;
- if (NSS_CMSAttributeArray_Encode(tmppoolp, &(signerinfo->authAttr), &encoded_attrs) == NULL)
- goto loser;
-
- rv = SEC_SignData(&signature, encoded_attrs.data, encoded_attrs.len, privkey,
- NSS_CMSUtil_MakeSignatureAlgorithm(digestalgtag, signalgtag));
- PORT_FreeArena(tmppoolp, PR_FALSE); /* awkward memory management :-( */
- } else {
- rv = SGN_Digest(privkey, digestalgtag, &signature, digest);
- }
-
- SECKEY_DestroyPrivateKey(privkey);
- privkey = NULL;
-
- if (rv != SECSuccess)
- goto loser;
-
- if (SECITEM_CopyItem(poolp, &(signerinfo->encDigest), &signature) != SECSuccess)
- goto loser;
-
- SECITEM_FreeItem(&signature, PR_FALSE);
-
- if (SECOID_SetAlgorithmID(poolp, &(signerinfo->digestEncAlg), signalgtag, NULL) != SECSuccess)
- goto loser;
-
- return SECSuccess;
-
-loser:
- if (signature.len != 0)
- SECITEM_FreeItem (&signature, PR_FALSE);
- if (privkey)
- SECKEY_DestroyPrivateKey(privkey);
- return SECFailure;
-}
-
-SECStatus
-NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb,
- SECCertUsage certusage)
-{
- CERTCertificate *cert;
- int64 stime;
-
- if ((cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, certdb)) == NULL) {
- signerinfo->verificationStatus = NSSCMSVS_SigningCertNotFound;
- return SECFailure;
- }
-
- /*
- * Get and convert the signing time; if available, it will be used
- * both on the cert verification and for importing the sender
- * email profile.
- */
- if (NSS_CMSSignerInfo_GetSigningTime (signerinfo, &stime) != SECSuccess)
- stime = PR_Now(); /* not found or conversion failed, so check against now */
-
- /*
- * XXX This uses the signing time, if available. Additionally, we
- * might want to, if there is no signing time, get the message time
- * from the mail header itself, and use that. That would require
- * a change to our interface though, and for S/MIME callers to pass
- * in a time (and for non-S/MIME callers to pass in nothing, or
- * maybe make them pass in the current time, always?).
- */
- if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, stime, signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
- signerinfo->verificationStatus = NSSCMSVS_SigningCertNotTrusted;
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * NSS_CMSSignerInfo_Verify - verify the signature of a single SignerInfo
- *
- * Just verifies the signature. The assumption is that verification of the certificate
- * is done already.
- */
-SECStatus
-NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType)
-{
- SECKEYPublicKey *publickey = NULL;
- NSSCMSAttribute *attr;
- SECItem encoded_attrs;
- CERTCertificate *cert;
- NSSCMSVerificationStatus vs = NSSCMSVS_Unverified;
- PLArenaPool *poolp;
-
- if (signerinfo == NULL)
- return SECFailure;
-
- /* NSS_CMSSignerInfo_GetSigningCertificate will fail if 2nd parm is NULL and */
- /* cert has not been verified */
- if ((cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, NULL)) == NULL) {
- vs = NSSCMSVS_SigningCertNotFound;
- goto loser;
- }
-
- if ((publickey = CERT_ExtractPublicKey(cert)) == NULL) {
- vs = NSSCMSVS_ProcessingError;
- goto loser;
- }
-
- /*
- * XXX This may not be the right set of algorithms to check.
- * I'd prefer to trust that just calling VFY_Verify{Data,Digest}
- * would do the right thing (and set an error if it could not);
- * then additional algorithms could be handled by that code
- * and we would Just Work. So this check should just be removed,
- * but not until the VFY code is better at setting errors.
- */
- switch (SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg))) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- /* ok */
- break;
- case SEC_OID_UNKNOWN:
- vs = NSSCMSVS_SignatureAlgorithmUnknown;
- goto loser;
- default:
- vs = NSSCMSVS_SignatureAlgorithmUnsupported;
- goto loser;
- }
-
- if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr)) {
- if (contentType) {
- /*
- * Check content type
- *
- * RFC2630 sez that if there are any authenticated attributes,
- * then there must be one for content type which matches the
- * content type of the content being signed, and there must
- * be one for message digest which matches our message digest.
- * So check these things first.
- */
- if ((attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
- SEC_OID_PKCS9_CONTENT_TYPE, PR_TRUE)) == NULL)
- {
- vs = NSSCMSVS_MalformedSignature;
- goto loser;
- }
-
- if (NSS_CMSAttribute_CompareValue(attr, contentType) == PR_FALSE) {
- vs = NSSCMSVS_MalformedSignature;
- goto loser;
- }
- }
-
- /*
- * Check digest
- */
- if ((attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr, SEC_OID_PKCS9_MESSAGE_DIGEST, PR_TRUE)) == NULL)
- {
- vs = NSSCMSVS_MalformedSignature;
- goto loser;
- }
- if (NSS_CMSAttribute_CompareValue(attr, digest) == PR_FALSE) {
- vs = NSSCMSVS_DigestMismatch;
- goto loser;
- }
-
- if ((poolp = PORT_NewArena (1024)) == NULL) {
- vs = NSSCMSVS_ProcessingError;
- goto loser;
- }
-
- /*
- * Check signature
- *
- * The signature is based on a digest of the DER-encoded authenticated
- * attributes. So, first we encode and then we digest/verify.
- * we trust the decoder to have the attributes in the right (sorted) order
- */
- encoded_attrs.data = NULL;
- encoded_attrs.len = 0;
-
- if (NSS_CMSAttributeArray_Encode(poolp, &(signerinfo->authAttr), &encoded_attrs) == NULL ||
- encoded_attrs.data == NULL || encoded_attrs.len == 0)
- {
- vs = NSSCMSVS_ProcessingError;
- goto loser;
- }
-
- vs = (VFY_VerifyData (encoded_attrs.data, encoded_attrs.len,
- publickey, &(signerinfo->encDigest),
- SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg)),
- signerinfo->cmsg->pwfn_arg) != SECSuccess) ? NSSCMSVS_BadSignature : NSSCMSVS_GoodSignature;
-
- PORT_FreeArena(poolp, PR_FALSE); /* awkward memory management :-( */
-
- } else {
- SECItem *sig;
-
- /* No authenticated attributes. The signature is based on the plain message digest. */
- sig = &(signerinfo->encDigest);
- if (sig->len == 0)
- goto loser;
-
- vs = (VFY_VerifyDigest(digest, publickey, sig,
- SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg)),
- signerinfo->cmsg->pwfn_arg) != SECSuccess) ? NSSCMSVS_BadSignature : NSSCMSVS_GoodSignature;
- }
-
- if (vs == NSSCMSVS_BadSignature) {
- /*
- * XXX Change the generic error into our specific one, because
- * in that case we get a better explanation out of the Security
- * Advisor. This is really a bug in our error strings (the
- * "generic" error has a lousy/wrong message associated with it
- * which assumes the signature verification was done for the
- * purposes of checking the issuer signature on a certificate)
- * but this is at least an easy workaround and/or in the
- * Security Advisor, which specifically checks for the error
- * SEC_ERROR_PKCS7_BAD_SIGNATURE and gives more explanation
- * in that case but does not similarly check for
- * SEC_ERROR_BAD_SIGNATURE. It probably should, but then would
- * probably say the wrong thing in the case that it *was* the
- * certificate signature check that failed during the cert
- * verification done above. Our error handling is really a mess.
- */
- if (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE)
- PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
- }
-
- if (publickey != NULL)
- SECKEY_DestroyPublicKey (publickey);
-
- signerinfo->verificationStatus = vs;
-
- return (vs == NSSCMSVS_GoodSignature) ? SECSuccess : SECFailure;
-
-loser:
- if (publickey != NULL)
- SECKEY_DestroyPublicKey (publickey);
-
- signerinfo->verificationStatus = vs;
-
- PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
- return SECFailure;
-}
-
-NSSCMSVerificationStatus
-NSS_CMSSignerInfo_GetVerificationStatus(NSSCMSSignerInfo *signerinfo)
-{
- return signerinfo->verificationStatus;
-}
-
-SECOidData *
-NSS_CMSSignerInfo_GetDigestAlg(NSSCMSSignerInfo *signerinfo)
-{
- return SECOID_FindOID (&(signerinfo->digestAlg.algorithm));
-}
-
-SECOidTag
-NSS_CMSSignerInfo_GetDigestAlgTag(NSSCMSSignerInfo *signerinfo)
-{
- SECOidData *algdata;
-
- algdata = SECOID_FindOID (&(signerinfo->digestAlg.algorithm));
- if (algdata != NULL)
- return algdata->offset;
- else
- return SEC_OID_UNKNOWN;
-}
-
-CERTCertificateList *
-NSS_CMSSignerInfo_GetCertList(NSSCMSSignerInfo *signerinfo)
-{
- return signerinfo->certList;
-}
-
-int
-NSS_CMSSignerInfo_GetVersion(NSSCMSSignerInfo *signerinfo)
-{
- unsigned long version;
-
- /* always take apart the SECItem */
- if (SEC_ASN1DecodeInteger(&(signerinfo->version), &version) != SECSuccess)
- return 0;
- else
- return (int)version;
-}
-
-/*
- * NSS_CMSSignerInfo_GetSigningTime - return the signing time,
- * in UTCTime format, of a CMS signerInfo.
- *
- * sinfo - signerInfo data for this signer
- *
- * Returns a pointer to XXXX (what?)
- * A return value of NULL is an error.
- */
-SECStatus
-NSS_CMSSignerInfo_GetSigningTime(NSSCMSSignerInfo *sinfo, PRTime *stime)
-{
- NSSCMSAttribute *attr;
- SECItem *value;
-
- if (sinfo == NULL)
- return SECFailure;
-
- if (sinfo->signingTime != 0) {
- *stime = sinfo->signingTime; /* cached copy */
- return SECSuccess;
- }
-
- attr = NSS_CMSAttributeArray_FindAttrByOidTag(sinfo->authAttr, SEC_OID_PKCS9_SIGNING_TIME, PR_TRUE);
- /* XXXX multi-valued attributes NIH */
- if (attr == NULL || (value = NSS_CMSAttribute_GetValue(attr)) == NULL)
- return SECFailure;
- if (DER_UTCTimeToTime(stime, value) != SECSuccess)
- return SECFailure;
- sinfo->signingTime = *stime; /* make cached copy */
- return SECSuccess;
-}
-
-/*
- * Return the signing cert of a CMS signerInfo.
- *
- * the certs in the enclosing SignedData must have been imported already
- */
-CERTCertificate *
-NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb)
-{
- CERTCertificate *cert;
-
- if (signerinfo->cert != NULL)
- return signerinfo->cert;
-
- /* no certdb, and cert hasn't been set yet? */
- if (certdb == NULL)
- return NULL;
-
- /*
- * This cert will also need to be freed, but since we save it
- * in signerinfo for later, we do not want to destroy it when
- * we leave this function -- we let the clean-up of the entire
- * cinfo structure later do the destroy of this cert.
- */
- switch (signerinfo->signerIdentifier.identifierType) {
- case NSSCMSSignerID_IssuerSN:
- cert = CERT_FindCertByIssuerAndSN(certdb, signerinfo->signerIdentifier.id.issuerAndSN);
- break;
- case NSSCMSSignerID_SubjectKeyID:
-#if 0 /* not yet implemented */
- cert = CERT_FindCertBySubjectKeyID(certdb, signerinfo->signerIdentifier.id.subjectKeyID);
-#else
- cert = NULL;
-#endif
- break;
- default:
- cert = NULL;
- break;
- }
-
- /* cert can be NULL at that point */
- signerinfo->cert = cert; /* earmark it */
-
- return cert;
-}
-
-/*
- * NSS_CMSSignerInfo_GetSignerCommonName - return the common name of the signer
- *
- * sinfo - signerInfo data for this signer
- *
- * Returns a pointer to allocated memory, which must be freed.
- * A return value of NULL is an error.
- */
-char *
-NSS_CMSSignerInfo_GetSignerCommonName(NSSCMSSignerInfo *sinfo)
-{
- CERTCertificate *signercert;
-
- /* will fail if cert is not verified */
- if ((signercert = NSS_CMSSignerInfo_GetSigningCertificate(sinfo, NULL)) == NULL)
- return NULL;
-
- return (CERT_GetCommonName(&signercert->subject));
-}
-
-/*
- * NSS_CMSSignerInfo_GetSignerEmailAddress - return the common name of the signer
- *
- * sinfo - signerInfo data for this signer
- *
- * Returns a pointer to allocated memory, which must be freed.
- * A return value of NULL is an error.
- */
-char *
-NSS_CMSSignerInfo_GetSignerEmailAddress(NSSCMSSignerInfo *sinfo)
-{
- CERTCertificate *signercert;
-
- if ((signercert = NSS_CMSSignerInfo_GetSigningCertificate(sinfo, NULL)) == NULL)
- return NULL;
-
- if (signercert->emailAddr == NULL)
- return NULL;
-
- return (PORT_Strdup(signercert->emailAddr));
-}
-
-/*
- * NSS_CMSSignerInfo_AddAuthAttr - add an attribute to the
- * authenticated (i.e. signed) attributes of "signerinfo".
- */
-SECStatus
-NSS_CMSSignerInfo_AddAuthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr)
-{
- return NSS_CMSAttributeArray_AddAttr(signerinfo->cmsg->poolp, &(signerinfo->authAttr), attr);
-}
-
-/*
- * NSS_CMSSignerInfo_AddUnauthAttr - add an attribute to the
- * unauthenticated attributes of "signerinfo".
- */
-SECStatus
-NSS_CMSSignerInfo_AddUnauthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr)
-{
- return NSS_CMSAttributeArray_AddAttr(signerinfo->cmsg->poolp, &(signerinfo->unAuthAttr), attr);
-}
-
-/*
- * NSS_CMSSignerInfo_AddSigningTime - add the signing time to the
- * authenticated (i.e. signed) attributes of "signerinfo".
- *
- * This is expected to be included in outgoing signed
- * messages for email (S/MIME) but is likely useful in other situations.
- *
- * This should only be added once; a second call will do nothing.
- *
- * XXX This will probably just shove the current time into "signerinfo"
- * but it will not actually get signed until the entire item is
- * processed for encoding. Is this (expected to be small) delay okay?
- */
-SECStatus
-NSS_CMSSignerInfo_AddSigningTime(NSSCMSSignerInfo *signerinfo, PRTime t)
-{
- NSSCMSAttribute *attr;
- SECItem stime;
- void *mark;
- PLArenaPool *poolp;
-
- poolp = signerinfo->cmsg->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- /* create new signing time attribute */
- if (DER_TimeToUTCTime(&stime, t) != SECSuccess)
- goto loser;
-
- if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_PKCS9_SIGNING_TIME, &stime, PR_FALSE)) == NULL) {
- SECITEM_FreeItem (&stime, PR_FALSE);
- goto loser;
- }
-
- SECITEM_FreeItem (&stime, PR_FALSE);
-
- if (NSS_CMSSignerInfo_AddAuthAttr(signerinfo, attr) != SECSuccess)
- goto loser;
-
- PORT_ArenaUnmark (poolp, mark);
-
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease (poolp, mark);
- return SECFailure;
-}
-
-/*
- * NSS_CMSSignerInfo_AddSMIMECaps - add a SMIMECapabilities attribute to the
- * authenticated (i.e. signed) attributes of "signerinfo".
- *
- * This is expected to be included in outgoing signed
- * messages for email (S/MIME).
- */
-SECStatus
-NSS_CMSSignerInfo_AddSMIMECaps(NSSCMSSignerInfo *signerinfo)
-{
- NSSCMSAttribute *attr;
- SECItem *smimecaps = NULL;
- void *mark;
- PLArenaPool *poolp;
-
- poolp = signerinfo->cmsg->poolp;
-
- mark = PORT_ArenaMark(poolp);
-
- smimecaps = SECITEM_AllocItem(poolp, NULL, 0);
- if (smimecaps == NULL)
- goto loser;
-
- /* create new signing time attribute */
- if (NSS_SMIMEUtil_CreateSMIMECapabilities(poolp, smimecaps,
- PK11_FortezzaHasKEA(signerinfo->cert)) != SECSuccess)
- goto loser;
-
- if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_PKCS9_SMIME_CAPABILITIES, smimecaps, PR_TRUE)) == NULL)
- goto loser;
-
- if (NSS_CMSSignerInfo_AddAuthAttr(signerinfo, attr) != SECSuccess)
- goto loser;
-
- PORT_ArenaUnmark (poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease (poolp, mark);
- return SECFailure;
-}
-
-/*
- * NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
- * authenticated (i.e. signed) attributes of "signerinfo".
- *
- * This is expected to be included in outgoing signed messages for email (S/MIME).
- */
-SECStatus
-NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb)
-{
- NSSCMSAttribute *attr;
- SECItem *smimeekp = NULL;
- void *mark;
- PLArenaPool *poolp;
-
- /* verify this cert for encryption */
- if (CERT_VerifyCert(certdb, cert, PR_TRUE, certUsageEmailRecipient, PR_Now(), signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
- return SECFailure;
- }
-
- poolp = signerinfo->cmsg->poolp;
- mark = PORT_ArenaMark(poolp);
-
- smimeekp = SECITEM_AllocItem(poolp, NULL, 0);
- if (smimeekp == NULL)
- goto loser;
-
- /* create new signing time attribute */
- if (NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs(poolp, smimeekp, cert) != SECSuccess)
- goto loser;
-
- if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE, smimeekp, PR_TRUE)) == NULL)
- goto loser;
-
- if (NSS_CMSSignerInfo_AddAuthAttr(signerinfo, attr) != SECSuccess)
- goto loser;
-
- PORT_ArenaUnmark (poolp, mark);
- return SECSuccess;
-
-loser:
- PORT_ArenaRelease (poolp, mark);
- return SECFailure;
-}
-
-/*
- * NSS_CMSSignerInfo_AddCounterSignature - countersign a signerinfo
- *
- * 1. digest the DER-encoded signature value of the original signerinfo
- * 2. create new signerinfo with correct version, sid, digestAlg
- * 3. add message-digest authAttr, but NO content-type
- * 4. sign the authAttrs
- * 5. DER-encode the new signerInfo
- * 6. add the whole thing to original signerInfo's unAuthAttrs
- * as a SEC_OID_PKCS9_COUNTER_SIGNATURE attribute
- *
- * XXXX give back the new signerinfo?
- */
-SECStatus
-NSS_CMSSignerInfo_AddCounterSignature(NSSCMSSignerInfo *signerinfo,
- SECOidTag digestalg, CERTCertificate signingcert)
-{
- /* XXXX TBD XXXX */
- return SECFailure;
-}
-
-/*
- * XXXX the following needs to be done in the S/MIME layer code
- * after signature of a signerinfo is verified
- */
-SECStatus
-NSS_SMIMESignerInfo_SaveSMIMEProfile(NSSCMSSignerInfo *signerinfo)
-{
- CERTCertificate *cert = NULL;
- SECItem *profile = NULL;
- NSSCMSAttribute *attr;
- SECItem *utc_stime = NULL;
- SECItem *ekp;
- CERTCertDBHandle *certdb;
- int save_error;
- SECStatus rv;
-
- certdb = CERT_GetDefaultCertDB();
-
- /* sanity check - see if verification status is ok (unverified does not count...) */
- if (signerinfo->verificationStatus != NSSCMSVS_GoodSignature)
- return SECFailure;
-
- /* find preferred encryption cert */
- if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr) &&
- (attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
- SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE, PR_TRUE)) != NULL)
- { /* we have a SMIME_ENCRYPTION_KEY_PREFERENCE attribute! */
- ekp = NSS_CMSAttribute_GetValue(attr);
- if (ekp == NULL)
- return SECFailure;
-
- /* we assume that all certs coming with the message have been imported to the */
- /* temporary database */
- cert = NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference(certdb, ekp);
- if (cert == NULL)
- return SECFailure;
- }
-
- if (cert == NULL) {
- /* no preferred cert found?
- * find the cert the signerinfo is signed with instead */
- cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, certdb);
- if (cert == NULL || cert->emailAddr == NULL)
- return SECFailure;
- }
-
- /* verify this cert for encryption (has been verified for signing so far) */
- if (CERT_VerifyCert(certdb, cert, PR_TRUE, certUsageEmailRecipient, PR_Now(), signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
- return SECFailure;
- }
-
- /* XXX store encryption cert permanently? */
-
- /*
- * Remember the current error set because we do not care about
- * anything set by the functions we are about to call.
- */
- save_error = PORT_GetError();
-
- if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr)) {
- attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
- SEC_OID_PKCS9_SMIME_CAPABILITIES,
- PR_TRUE);
- profile = NSS_CMSAttribute_GetValue(attr);
- attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
- SEC_OID_PKCS9_SIGNING_TIME,
- PR_TRUE);
- utc_stime = NSS_CMSAttribute_GetValue(attr);
- }
-
- rv = CERT_SaveSMimeProfile (cert, profile, utc_stime);
-
- /*
- * Restore the saved error in case the calls above set a new
- * one that we do not actually care about.
- */
- PORT_SetError (save_error);
-
- return rv;
-}
-
-/*
- * NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signer
- */
-SECStatus
-NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo, NSSCMSCertChainMode cm, SECCertUsage usage)
-{
- if (signerinfo->cert == NULL)
- return SECFailure;
-
- switch (cm) {
- case NSSCMSCM_None:
- signerinfo->certList = NULL;
- break;
- case NSSCMSCM_CertOnly:
- signerinfo->certList = CERT_CertListFromCert(signerinfo->cert);
- break;
- case NSSCMSCM_CertChain:
- signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert, usage, PR_FALSE);
- break;
- case NSSCMSCM_CertChainWithRoot:
- signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert, usage, PR_TRUE);
- break;
- }
-
- if (cm != NSSCMSCM_None && signerinfo->certList == NULL)
- return SECFailure;
-
- return SECSuccess;
-}
diff --git a/security/nss/lib/smime/cmst.h b/security/nss/lib/smime/cmst.h
deleted file mode 100644
index 5f7fd0984..000000000
--- a/security/nss/lib/smime/cmst.h
+++ /dev/null
@@ -1,489 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Header for CMS types.
- *
- * $Id$
- */
-
-#ifndef _CMST_H_
-#define _CMST_H_
-
-#include "seccomon.h"
-#include "secoidt.h"
-#include "certt.h"
-#include "secmodt.h"
-#include "secmodt.h"
-
-#include "plarena.h"
-
-/* Non-opaque objects. NOTE, though: I want them to be treated as
- * opaque as much as possible. If I could hide them completely,
- * I would. (I tried, but ran into trouble that was taking me too
- * much time to get out of.) I still intend to try to do so.
- * In fact, the only type that "outsiders" should even *name* is
- * NSSCMSMessage, and they should not reference its fields.
- */
-/* rjr: PKCS #11 cert handling (pk11cert.c) does use NSSCMSRecipientInfo's.
- * This is because when we search the recipient list for the cert and key we
- * want, we need to invert the order of the loops we used to have. The old
- * loops were:
- *
- * For each recipient {
- * find_cert = PK11_Find_AllCert(recipient->issuerSN);
- * [which unrolls to... ]
- * For each slot {
- * Log into slot;
- * search slot for cert;
- * }
- * }
- *
- * the new loop searchs all the recipients at once on a slot. this allows
- * PKCS #11 to order slots in such a way that logout slots don't get checked
- * if we can find the cert on a logged in slot. This eliminates lots of
- * spurious password prompts when smart cards are installed... so why this
- * comment? If you make NSSCMSRecipientInfo completely opaque, you need
- * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
- * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
- * function.
- */
-
-typedef struct NSSCMSMessageStr NSSCMSMessage;
-
-typedef union NSSCMSContentUnion NSSCMSContent;
-typedef struct NSSCMSContentInfoStr NSSCMSContentInfo;
-
-typedef struct NSSCMSSignedDataStr NSSCMSSignedData;
-typedef struct NSSCMSSignerInfoStr NSSCMSSignerInfo;
-typedef struct NSSCMSSignerIdentifierStr NSSCMSSignerIdentifier;
-
-typedef struct NSSCMSEnvelopedDataStr NSSCMSEnvelopedData;
-typedef struct NSSCMSOriginatorInfoStr NSSCMSOriginatorInfo;
-typedef struct NSSCMSRecipientInfoStr NSSCMSRecipientInfo;
-
-typedef struct NSSCMSDigestedDataStr NSSCMSDigestedData;
-typedef struct NSSCMSEncryptedDataStr NSSCMSEncryptedData;
-
-typedef struct NSSCMSSMIMEKEAParametersStr NSSCMSSMIMEKEAParameters;
-
-typedef struct NSSCMSAttributeStr NSSCMSAttribute;
-
-typedef struct NSSCMSDecoderContextStr NSSCMSDecoderContext;
-typedef struct NSSCMSEncoderContextStr NSSCMSEncoderContext;
-
-typedef struct NSSCMSCipherContextStr NSSCMSCipherContext;
-typedef struct NSSCMSDigestContextStr NSSCMSDigestContext;
-
-/*
- * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart.
- * If specified, this is where the content bytes (only) will be "sent"
- * as they are recovered during the decoding.
- * And:
- * Type of function passed to NSSCMSEncode or NSSCMSEncoderStart.
- * This is where the DER-encoded bytes will be "sent".
- *
- * XXX Should just combine this with NSSCMSEncoderContentCallback type
- * and use a simpler, common name.
- */
-typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len);
-
-/*
- * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart
- * to retrieve the decryption key. This function is intended to be
- * used for EncryptedData content info's which do not have a key available
- * in a certificate, etc.
- */
-typedef PK11SymKey *(*NSSCMSGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid);
-
-
-/* =============================================================================
- * ENCAPSULATED CONTENTINFO & CONTENTINFO
- */
-
-union NSSCMSContentUnion {
- /* either unstructured */
- SECItem * data;
- /* or structured data */
- NSSCMSDigestedData * digestedData;
- NSSCMSEncryptedData * encryptedData;
- NSSCMSEnvelopedData * envelopedData;
- NSSCMSSignedData * signedData;
- /* or anonymous pointer to something */
- void * pointer;
-};
-
-struct NSSCMSContentInfoStr {
- SECItem contentType;
- NSSCMSContent content;
- /* --------- local; not part of encoding --------- */
- SECOidData * contentTypeTag;
-
- /* additional info for encryptedData and envelopedData */
- /* we waste this space for signedData and digestedData. sue me. */
-
- SECAlgorithmID contentEncAlg;
- SECItem * rawContent; /* encrypted DER, optional */
- /* XXXX bytes not encrypted, but encoded? */
- /* --------- local; not part of encoding --------- */
- PK11SymKey * bulkkey; /* bulk encryption key */
- int keysize; /* size of bulk encryption key
- * (only used by creation code) */
- SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm
- * (only used by creation code) */
- NSSCMSCipherContext *ciphcx; /* context for en/decryption going on */
- NSSCMSDigestContext *digcx; /* context for digesting going on */
-};
-
-/* =============================================================================
- * MESSAGE
- */
-
-struct NSSCMSMessageStr {
- NSSCMSContentInfo contentInfo; /* "outer" cinfo */
- /* --------- local; not part of encoding --------- */
- PLArenaPool * poolp;
- PRBool poolp_is_ours;
- int refCount;
- /* properties of the "inner" data */
- SECAlgorithmID ** detached_digestalgs;
- SECItem ** detached_digests;
- void * pwfn_arg;
- NSSCMSGetDecryptKeyCallback decrypt_key_cb;
- void * decrypt_key_cb_arg;
-};
-
-/* =============================================================================
- * SIGNEDDATA
- */
-
-struct NSSCMSSignedDataStr {
- SECItem version;
- SECAlgorithmID ** digestAlgorithms;
- NSSCMSContentInfo contentInfo;
- SECItem ** rawCerts;
- CERTSignedCrl ** crls;
- NSSCMSSignerInfo ** signerInfos;
- /* --------- local; not part of encoding --------- */
- NSSCMSMessage * cmsg; /* back pointer to message */
- SECItem ** digests;
- CERTCertificate ** certs;
- CERTCertificateList ** certLists;
-};
-#define NSS_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */
-#define NSS_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */
-
-typedef enum {
- NSSCMSVS_Unverified = 0,
- NSSCMSVS_GoodSignature,
- NSSCMSVS_BadSignature,
- NSSCMSVS_DigestMismatch,
- NSSCMSVS_SigningCertNotFound,
- NSSCMSVS_SigningCertNotTrusted,
- NSSCMSVS_SignatureAlgorithmUnknown,
- NSSCMSVS_SignatureAlgorithmUnsupported,
- NSSCMSVS_MalformedSignature,
- NSSCMSVS_ProcessingError
-} NSSCMSVerificationStatus;
-
-typedef enum {
- NSSCMSSignerID_IssuerSN,
- NSSCMSSignerID_SubjectKeyID
-} NSSCMSSignerIDSelector;
-
-struct NSSCMSSignerIdentifierStr {
- NSSCMSSignerIDSelector identifierType;
- union {
- CERTIssuerAndSN *issuerAndSN;
- SECItem *subjectKeyID;
- } id;
-};
-
-struct NSSCMSSignerInfoStr {
- SECItem version;
- NSSCMSSignerIdentifier signerIdentifier;
- SECAlgorithmID digestAlg;
- NSSCMSAttribute ** authAttr;
- SECAlgorithmID digestEncAlg;
- SECItem encDigest;
- NSSCMSAttribute ** unAuthAttr;
- /* --------- local; not part of encoding --------- */
- NSSCMSMessage * cmsg; /* back pointer to message */
- CERTCertificate * cert;
- CERTCertificateList * certList;
- PRTime signingTime;
- NSSCMSVerificationStatus verificationStatus;
-};
-#define NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN 1 /* what we *create* */
-#define NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY 3 /* what we *create* */
-
-typedef enum {
- NSSCMSCM_None = 0,
- NSSCMSCM_CertOnly,
- NSSCMSCM_CertChain,
- NSSCMSCM_CertChainWithRoot
-} NSSCMSCertChainMode;
-
-/* =============================================================================
- * ENVELOPED DATA
- */
-struct NSSCMSEnvelopedDataStr {
- SECItem version;
- NSSCMSOriginatorInfo * originatorInfo; /* optional */
- NSSCMSRecipientInfo ** recipientInfos;
- NSSCMSContentInfo contentInfo;
- NSSCMSAttribute ** unprotectedAttr;
- /* --------- local; not part of encoding --------- */
- NSSCMSMessage * cmsg; /* back pointer to message */
-};
-#define NSS_CMS_ENVELOPED_DATA_VERSION_REG 0 /* what we *create* */
-#define NSS_CMS_ENVELOPED_DATA_VERSION_ADV 2 /* what we *create* */
-
-struct NSSCMSOriginatorInfoStr {
- SECItem ** rawCerts;
- CERTSignedCrl ** crls;
- /* --------- local; not part of encoding --------- */
- CERTCertificate ** certs;
-};
-
-/* -----------------------------------------------------------------------------
- * key transport recipient info
- */
-typedef enum {
- NSSCMSRecipientID_IssuerSN,
- NSSCMSRecipientID_SubjectKeyID
-} NSSCMSRecipientIDSelector;
-
-struct NSSCMSRecipientIdentifierStr {
- NSSCMSRecipientIDSelector identifierType;
- union {
- CERTIssuerAndSN *issuerAndSN;
- SECItem *subjectKeyID;
- } id;
-};
-typedef struct NSSCMSRecipientIdentifierStr NSSCMSRecipientIdentifier;
-
-struct NSSCMSKeyTransRecipientInfoStr {
- SECItem version;
- NSSCMSRecipientIdentifier recipientIdentifier;
- SECAlgorithmID keyEncAlg;
- SECItem encKey;
-};
-typedef struct NSSCMSKeyTransRecipientInfoStr NSSCMSKeyTransRecipientInfo;
-
-#define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we *create* */
-#define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2 /* what we *create* */
-
-/* -----------------------------------------------------------------------------
- * key agreement recipient info
- */
-struct NSSCMSOriginatorPublicKeyStr {
- SECAlgorithmID algorithmIdentifier;
- SECItem publicKey; /* bit string! */
-};
-typedef struct NSSCMSOriginatorPublicKeyStr NSSCMSOriginatorPublicKey;
-
-typedef enum {
- NSSCMSOriginatorIDOrKey_IssuerSN,
- NSSCMSOriginatorIDOrKey_SubjectKeyID,
- NSSCMSOriginatorIDOrKey_OriginatorPublicKey
-} NSSCMSOriginatorIDOrKeySelector;
-
-struct NSSCMSOriginatorIdentifierOrKeyStr {
- NSSCMSOriginatorIDOrKeySelector identifierType;
- union {
- CERTIssuerAndSN *issuerAndSN; /* static-static */
- SECItem *subjectKeyID; /* static-static */
- NSSCMSOriginatorPublicKey originatorPublicKey; /* ephemeral-static */
- } id;
-};
-typedef struct NSSCMSOriginatorIdentifierOrKeyStr NSSCMSOriginatorIdentifierOrKey;
-
-struct NSSCMSRecipientKeyIdentifierStr {
- SECItem * subjectKeyIdentifier;
- SECItem * date; /* optional */
- SECItem * other; /* optional */
-};
-typedef struct NSSCMSRecipientKeyIdentifierStr NSSCMSRecipientKeyIdentifier;
-
-typedef enum {
- NSSCMSKeyAgreeRecipientID_IssuerSN,
- NSSCMSKeyAgreeRecipientID_RKeyID
-} NSSCMSKeyAgreeRecipientIDSelector;
-
-struct NSSCMSKeyAgreeRecipientIdentifierStr {
- NSSCMSKeyAgreeRecipientIDSelector identifierType;
- union {
- CERTIssuerAndSN *issuerAndSN;
- NSSCMSRecipientKeyIdentifier recipientKeyIdentifier;
- } id;
-};
-typedef struct NSSCMSKeyAgreeRecipientIdentifierStr NSSCMSKeyAgreeRecipientIdentifier;
-
-struct NSSCMSRecipientEncryptedKeyStr {
- NSSCMSKeyAgreeRecipientIdentifier recipientIdentifier;
- SECItem encKey;
-};
-typedef struct NSSCMSRecipientEncryptedKeyStr NSSCMSRecipientEncryptedKey;
-
-struct NSSCMSKeyAgreeRecipientInfoStr {
- SECItem version;
- NSSCMSOriginatorIdentifierOrKey originatorIdentifierOrKey;
- SECItem * ukm; /* optional */
- SECAlgorithmID keyEncAlg;
- NSSCMSRecipientEncryptedKey ** recipientEncryptedKeys;
-};
-typedef struct NSSCMSKeyAgreeRecipientInfoStr NSSCMSKeyAgreeRecipientInfo;
-
-#define NSS_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3 /* what we *create* */
-
-/* -----------------------------------------------------------------------------
- * KEK recipient info
- */
-struct NSSCMSKEKIdentifierStr {
- SECItem keyIdentifier;
- SECItem * date; /* optional */
- SECItem * other; /* optional */
-};
-typedef struct NSSCMSKEKIdentifierStr NSSCMSKEKIdentifier;
-
-struct NSSCMSKEKRecipientInfoStr {
- SECItem version;
- NSSCMSKEKIdentifier kekIdentifier;
- SECAlgorithmID keyEncAlg;
- SECItem encKey;
-};
-typedef struct NSSCMSKEKRecipientInfoStr NSSCMSKEKRecipientInfo;
-
-#define NSS_CMS_KEK_RECIPIENT_INFO_VERSION 4 /* what we *create* */
-
-/* -----------------------------------------------------------------------------
- * recipient info
- */
-
-typedef enum {
- NSSCMSRecipientInfoID_KeyTrans,
- NSSCMSRecipientInfoID_KeyAgree,
- NSSCMSRecipientInfoID_KEK
-} NSSCMSRecipientInfoIDSelector;
-
-struct NSSCMSRecipientInfoStr {
- NSSCMSRecipientInfoIDSelector recipientInfoType;
- union {
- NSSCMSKeyTransRecipientInfo keyTransRecipientInfo;
- NSSCMSKeyAgreeRecipientInfo keyAgreeRecipientInfo;
- NSSCMSKEKRecipientInfo kekRecipientInfo;
- } ri;
- /* --------- local; not part of encoding --------- */
- NSSCMSMessage * cmsg; /* back pointer to message */
- CERTCertificate * cert; /* recipient's certificate */
-};
-
-/* =============================================================================
- * DIGESTED DATA
- */
-struct NSSCMSDigestedDataStr {
- SECItem version;
- SECAlgorithmID digestAlg;
- NSSCMSContentInfo contentInfo;
- SECItem digest;
- /* --------- local; not part of encoding --------- */
- NSSCMSMessage * cmsg; /* back pointer */
- SECItem cdigest; /* calculated digest */
-};
-#define NSS_CMS_DIGESTED_DATA_VERSION_DATA 0 /* what we *create* */
-#define NSS_CMS_DIGESTED_DATA_VERSION_ENCAP 2 /* what we *create* */
-
-/* =============================================================================
- * ENCRYPTED DATA
- */
-struct NSSCMSEncryptedDataStr {
- SECItem version;
- NSSCMSContentInfo contentInfo;
- NSSCMSAttribute ** unprotectedAttr; /* optional */
- /* --------- local; not part of encoding --------- */
- NSSCMSMessage * cmsg; /* back pointer */
-};
-#define NSS_CMS_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
-#define NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we *create* */
-
-/* =============================================================================
- * FORTEZZA KEA
- */
-
-/* An enumerated type used to select templates based on the encryption
- scenario and data specifics. */
-typedef enum {
- NSSCMSKEAUsesSkipjack,
- NSSCMSKEAUsesNonSkipjack,
- NSSCMSKEAUsesNonSkipjackWithPaddedEncKey
-} NSSCMSKEATemplateSelector;
-
-/* ### mwelch - S/MIME KEA parameters. These don't really fit here,
- but I cannot think of a more appropriate place at this time. */
-struct NSSCMSSMIMEKEAParametersStr {
- SECItem originatorKEAKey; /* sender KEA key (encrypted?) */
- SECItem originatorRA; /* random number generated by sender */
- SECItem nonSkipjackIV; /* init'n vector for SkipjackCBC64
- decryption of KEA key if Skipjack
- is not the bulk algorithm used on
- the message */
- SECItem bulkKeySize; /* if Skipjack is not the bulk
- algorithm used on the message,
- and the size of the bulk encryption
- key is not the same as that of
- originatorKEAKey (due to padding
- perhaps), this field will contain
- the real size of the bulk encryption
- key. */
-};
-
-/*
- * *****************************************************************************
- * *****************************************************************************
- * *****************************************************************************
- */
-
-/*
- * See comment above about this type not really belonging to CMS.
- */
-struct NSSCMSAttributeStr {
- /* The following fields make up an encoded Attribute: */
- SECItem type;
- SECItem ** values; /* data may or may not be encoded */
- /* The following fields are not part of an encoded Attribute: */
- SECOidData * typeTag;
- PRBool encoded; /* when true, values are encoded */
-};
-
-#endif /* _CMST_H_ */
diff --git a/security/nss/lib/smime/cmsutil.c b/security/nss/lib/smime/cmsutil.c
deleted file mode 100644
index c71d144f6..000000000
--- a/security/nss/lib/smime/cmsutil.c
+++ /dev/null
@@ -1,362 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * CMS miscellaneous utility functions.
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "key.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "secerr.h"
-
-/*
- * NSS_CMSArray_SortByDER - sort array of objects by objects' DER encoding
- *
- * make sure that the order of the objects guarantees valid DER (which must be
- * in lexigraphically ascending order for a SET OF); if reordering is necessary it
- * will be done in place (in objs).
- */
-SECStatus
-NSS_CMSArray_SortByDER(void **objs, const SEC_ASN1Template *objtemplate, void **objs2)
-{
- PRArenaPool *poolp;
- int num_objs;
- SECItem **enc_objs;
- SECStatus rv = SECFailure;
- int i;
-
- if (objs == NULL) /* already sorted */
- return SECSuccess;
-
- num_objs = NSS_CMSArray_Count((void **)objs);
- if (num_objs == 0 || num_objs == 1) /* already sorted. */
- return SECSuccess;
-
- poolp = PORT_NewArena (1024); /* arena for temporaries */
- if (poolp == NULL)
- return SECFailure; /* no memory; nothing we can do... */
-
- /*
- * Allocate arrays to hold the individual encodings which we will use
- * for comparisons and the reordered attributes as they are sorted.
- */
- enc_objs = (SECItem **)PORT_ArenaZAlloc(poolp, (num_objs + 1) * sizeof(SECItem *));
- if (enc_objs == NULL)
- goto loser;
-
- /* DER encode each individual object. */
- for (i = 0; i < num_objs; i++) {
- enc_objs[i] = SEC_ASN1EncodeItem(poolp, NULL, objs[i], objtemplate);
- if (enc_objs[i] == NULL)
- goto loser;
- }
- enc_objs[num_objs] = NULL;
-
- /* now compare and sort objs by the order of enc_objs */
- NSS_CMSArray_Sort((void **)enc_objs, NSS_CMSUtil_DERCompare, objs, objs2);
-
- rv = SECSuccess;
-
-loser:
- PORT_FreeArena (poolp, PR_FALSE);
- return rv;
-}
-
-/*
- * NSS_CMSUtil_DERCompare - for use with NSS_CMSArray_Sort to
- * sort arrays of SECItems containing DER
- */
-int
-NSS_CMSUtil_DERCompare(void *a, void *b)
-{
- SECItem *der1 = (SECItem *)a;
- SECItem *der2 = (SECItem *)b;
- int j;
-
- /*
- * Find the lowest (lexigraphically) encoding. One that is
- * shorter than all the rest is known to be "less" because each
- * attribute is of the same type (a SEQUENCE) and so thus the
- * first octet of each is the same, and the second octet is
- * the length (or the length of the length with the high bit
- * set, followed by the length, which also works out to always
- * order the shorter first). Two (or more) that have the
- * same length need to be compared byte by byte until a mismatch
- * is found.
- */
- if (der1->len != der2->len)
- return (der1->len < der2->len) ? -1 : 1;
-
- for (j = 0; j < der1->len; j++) {
- if (der1->data[j] == der2->data[j])
- continue;
- return (der1->data[j] < der2->data[j]) ? -1 : 1;
- }
- return 0;
-}
-
-/*
- * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of
- * algorithms.
- *
- * algorithmArray - array of algorithm IDs
- * algid - algorithmid of algorithm to pick
- *
- * Returns:
- * An integer containing the index of the algorithm in the array or -1 if
- * algorithm was not found.
- */
-int
-NSS_CMSAlgArray_GetIndexByAlgID(SECAlgorithmID **algorithmArray, SECAlgorithmID *algid)
-{
- int i;
-
- if (algorithmArray == NULL || algorithmArray[0] == NULL)
- return -1;
-
- for (i = 0; algorithmArray[i] != NULL; i++) {
- if (SECOID_CompareAlgorithmID(algorithmArray[i], algid) == SECEqual)
- break; /* bingo */
- }
-
- if (algorithmArray[i] == NULL)
- return -1; /* not found */
-
- return i;
-}
-
-/*
- * NSS_CMSAlgArray_GetIndexByAlgTag - find a specific algorithm in an array of
- * algorithms.
- *
- * algorithmArray - array of algorithm IDs
- * algtag - algorithm tag of algorithm to pick
- *
- * Returns:
- * An integer containing the index of the algorithm in the array or -1 if
- * algorithm was not found.
- */
-int
-NSS_CMSAlgArray_GetIndexByAlgTag(SECAlgorithmID **algorithmArray, SECOidTag algtag)
-{
- SECOidData *algid;
- int i;
-
- if (algorithmArray == NULL || algorithmArray[0] == NULL)
- return -1;
-
- for (i = 0; algorithmArray[i] != NULL; i++) {
- algid = SECOID_FindOID(&(algorithmArray[i]->algorithm));
- if (algid->offset == algtag)
- break; /* bingo */
- }
-
- if (algorithmArray[i] == NULL)
- return -1; /* not found */
-
- return i;
-}
-
-SECHashObject *
-NSS_CMSUtil_GetHashObjByAlgID(SECAlgorithmID *algid)
-{
- SECOidData *oiddata;
- SECHashObject *digobj;
-
- /* here are the algorithms we know */
- oiddata = SECOID_FindOID(&(algid->algorithm));
- if (oiddata == NULL) {
- digobj = NULL;
- } else {
- switch (oiddata->offset) {
- case SEC_OID_MD2:
- digobj = &SECHashObjects[HASH_AlgMD2];
- break;
- case SEC_OID_MD5:
- digobj = &SECHashObjects[HASH_AlgMD5];
- break;
- case SEC_OID_SHA1:
- digobj = &SECHashObjects[HASH_AlgSHA1];
- break;
- default:
- digobj = NULL;
- break;
- }
- }
- return digobj;
-}
-
-/*
- * XXX I would *really* like to not have to do this, but the current
- * signing interface gives me little choice.
- */
-SECOidTag
-NSS_CMSUtil_MakeSignatureAlgorithm(SECOidTag hashalg, SECOidTag encalg)
-{
- switch (encalg) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- switch (hashalg) {
- case SEC_OID_MD2:
- return SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;
- case SEC_OID_MD5:
- return SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
- case SEC_OID_SHA1:
- return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
- default:
- return SEC_OID_UNKNOWN;
- }
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_DSS:
- switch (hashalg) {
- case SEC_OID_SHA1:
- return SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- default:
- return SEC_OID_UNKNOWN;
- }
- default:
- break;
- }
-
- return encalg; /* maybe it is already the right algid */
-}
-
-const SEC_ASN1Template *
-NSS_CMSUtil_GetTemplateByTypeTag(SECOidTag type)
-{
- const SEC_ASN1Template *template;
- extern const SEC_ASN1Template NSSCMSSignedDataTemplate[];
- extern const SEC_ASN1Template NSSCMSEnvelopedDataTemplate[];
- extern const SEC_ASN1Template NSSCMSEncryptedDataTemplate[];
- extern const SEC_ASN1Template NSSCMSDigestedDataTemplate[];
-
- switch (type) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- template = NSSCMSSignedDataTemplate;
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- template = NSSCMSEnvelopedDataTemplate;
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- template = NSSCMSEncryptedDataTemplate;
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- template = NSSCMSDigestedDataTemplate;
- break;
- default:
- case SEC_OID_PKCS7_DATA:
- template = NULL;
- break;
- }
- return template;
-}
-
-size_t
-NSS_CMSUtil_GetSizeByTypeTag(SECOidTag type)
-{
- size_t size;
-
- switch (type) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- size = sizeof(NSSCMSSignedData);
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- size = sizeof(NSSCMSEnvelopedData);
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- size = sizeof(NSSCMSEncryptedData);
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- size = sizeof(NSSCMSDigestedData);
- break;
- default:
- case SEC_OID_PKCS7_DATA:
- size = 0;
- break;
- }
- return size;
-}
-
-NSSCMSContentInfo *
-NSS_CMSContent_GetContentInfo(void *msg, SECOidTag type)
-{
- NSSCMSContent c;
- NSSCMSContentInfo *cinfo;
-
- PORT_Assert(msg != NULL);
-
- c.pointer = msg;
- switch (type) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- cinfo = &(c.signedData->contentInfo);
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- cinfo = &(c.envelopedData->contentInfo);
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- cinfo = &(c.encryptedData->contentInfo);
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- cinfo = &(c.digestedData->contentInfo);
- break;
- default:
- cinfo = NULL;
- }
- return cinfo;
-}
-
-const char *
-NSS_CMSUtil_VerificationStatusToString(NSSCMSVerificationStatus vs)
-{
- switch (vs) {
- case NSSCMSVS_Unverified: return "Unverified";
- case NSSCMSVS_GoodSignature: return "GoodSignature";
- case NSSCMSVS_BadSignature: return "BadSignature";
- case NSSCMSVS_DigestMismatch: return "DigestMismatch";
- case NSSCMSVS_SigningCertNotFound: return "SigningCertNotFound";
- case NSSCMSVS_SigningCertNotTrusted: return "SigningCertNotTrusted";
- case NSSCMSVS_SignatureAlgorithmUnknown: return "SignatureAlgorithmUnknown";
- case NSSCMSVS_SignatureAlgorithmUnsupported: return "SignatureAlgorithmUnsupported";
- case NSSCMSVS_MalformedSignature: return "MalformedSignature";
- case NSSCMSVS_ProcessingError: return "ProcessingError";
- default: return "Unknown";
- }
-}
diff --git a/security/nss/lib/smime/config.mk b/security/nss/lib/smime/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/smime/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/smime/manifest.mn b/security/nss/lib/smime/manifest.mn
deleted file mode 100644
index c7fef112b..000000000
--- a/security/nss/lib/smime/manifest.mn
+++ /dev/null
@@ -1,74 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../..
-
-EXPORTS = \
- cms.h \
- cmst.h \
- smime.h \
- cmsreclist.h \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- cmslocal.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- cmsarray.c \
- cmsasn1.c \
- cmsattr.c \
- cmscinfo.c \
- cmscipher.c \
- cmsdecode.c \
- cmsdigdata.c \
- cmsdigest.c \
- cmsencdata.c \
- cmsencode.c \
- cmsenvdata.c \
- cmsmessage.c \
- cmspubkey.c \
- cmsrecinfo.c \
- cmsreclist.c \
- cmssigdata.c \
- cmssiginfo.c \
- cmsutil.c \
- smimemessage.c \
- smimeutil.c \
- $(NULL)
-
-REQUIRES = security dbm
-
-LIBRARY_NAME = smime
diff --git a/security/nss/lib/smime/smime.h b/security/nss/lib/smime/smime.h
deleted file mode 100644
index 1832634f7..000000000
--- a/security/nss/lib/smime/smime.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Header file for routines specific to S/MIME. Keep things that are pure
- * pkcs7 out of here; this is for S/MIME policy, S/MIME interoperability, etc.
- *
- * $Id$
- */
-
-#ifndef _SECMIME_H_
-#define _SECMIME_H_ 1
-
-#include "cms.h"
-
-
-/************************************************************************/
-SEC_BEGIN_PROTOS
-
-/*
- * Initialize the local recording of the user S/MIME cipher preferences.
- * This function is called once for each cipher, the order being
- * important (first call records greatest preference, and so on).
- * When finished, it is called with a "which" of CIPHER_FAMILID_MASK.
- * If the function is called again after that, it is assumed that
- * the preferences are being reset, and the old preferences are
- * discarded.
- *
- * XXX This is for a particular user, and right now the storage is
- * XXX local, static. The preference should be stored elsewhere to allow
- * XXX for multiple uses of one library? How does SSL handle this;
- * XXX it has something similar?
- *
- * - The "which" values are defined in ciferfam.h (the SMIME_* values,
- * for example SMIME_DES_CBC_56).
- * - If "on" is non-zero then the named cipher is enabled, otherwise
- * it is disabled. (It is not necessary to call the function for
- * ciphers that are disabled, however, as that is the default.)
- *
- * If the cipher preference is successfully recorded, SECSuccess
- * is returned. Otherwise SECFailure is returned. The only errors
- * are due to failure allocating memory or bad parameters/calls:
- * SEC_ERROR_XXX ("which" is not in the S/MIME cipher family)
- * SEC_ERROR_XXX (function is being called more times than there
- * are known/expected ciphers)
- */
-extern SECStatus NSS_SMIMEUtil_EnableCipher(long which, int on);
-
-/*
- * Initialize the local recording of the S/MIME policy.
- * This function is called to allow/disallow a particular cipher.
- *
- * XXX This is for a the current module, I think, so local, static storage
- * XXX is okay. Is that correct, or could multiple uses of the same
- * XXX library expect to operate under different policies?
- *
- * - The "which" values are defined in ciferfam.h (the SMIME_* values,
- * for example SMIME_DES_CBC_56).
- * - If "on" is non-zero then the named cipher is enabled, otherwise
- * it is disabled.
- */
-extern SECStatus NSS_SMIMEUtils_AllowCipher(long which, int on);
-
-/*
- * Does the current policy allow S/MIME decryption of this particular
- * algorithm and keysize?
- */
-extern PRBool NSS_SMIMEUtil_DecryptionAllowed(SECAlgorithmID *algid, PK11SymKey *key);
-
-/*
- * Does the current policy allow *any* S/MIME encryption (or decryption)?
- *
- * This tells whether or not *any* S/MIME encryption can be done,
- * according to policy. Callers may use this to do nicer user interface
- * (say, greying out a checkbox so a user does not even try to encrypt
- * a message when they are not allowed to) or for any reason they want
- * to check whether S/MIME encryption (or decryption, for that matter)
- * may be done.
- *
- * It takes no arguments. The return value is a simple boolean:
- * PR_TRUE means encryption (or decryption) is *possible*
- * (but may still fail due to other reasons, like because we cannot
- * find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
- * PR_FALSE means encryption (or decryption) is not permitted
- *
- * There are no errors from this routine.
- */
-extern PRBool NSS_SMIMEUtil_EncryptionPossible(void);
-
-/*
- * NSS_SMIMEUtil_CreateSMIMECapabilities - get S/MIME capabilities attr value
- *
- * scans the list of allowed and enabled ciphers and construct a PKCS9-compliant
- * S/MIME capabilities attribute value.
- */
-extern SECStatus NSS_SMIMEUtil_CreateSMIMECapabilities(PLArenaPool *poolp, SECItem *dest, PRBool includeFortezzaCiphers);
-
-/*
- * NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value
- */
-extern SECStatus NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs(PLArenaPool *poolp, SECItem *dest, CERTCertificate *cert);
-
-/*
- * NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference - find cert marked by EncryptionKeyPreference
- * attribute
- */
-extern CERTCertificate *NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference(CERTCertDBHandle *certdb, SECItem *DERekp);
-
-/*
- * NSS_SMIMEUtil_FindBulkAlgForRecipients - find bulk algorithm suitable for all recipients
- */
-extern SECStatus
-NSS_SMIMEUtil_FindBulkAlgForRecipients(CERTCertificate **rcerts, SECOidTag *bulkalgtag, int *keysize);
-
-/************************************************************************/
-SEC_END_PROTOS
-
-#endif /* _SECMIME_H_ */
diff --git a/security/nss/lib/smime/smimemessage.c b/security/nss/lib/smime/smimemessage.c
deleted file mode 100644
index 519f8b8d9..000000000
--- a/security/nss/lib/smime/smimemessage.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * SMIME message methods
- *
- * $Id$
- */
-
-#include "cmslocal.h"
-#include "smime.h"
-
-#include "cert.h"
-#include "key.h"
-#include "secasn1.h"
-#include "secitem.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "prtime.h"
-#include "secerr.h"
-
-
-#if 0
-/*
- * NSS_SMIMEMessage_CreateEncrypted - start an S/MIME encrypting context.
- *
- * "scert" is the cert for the sender. It will be checked for validity.
- * "rcerts" are the certs for the recipients. They will also be checked.
- *
- * "certdb" is the cert database to use for verifying the certs.
- * It can be NULL if a default database is available (like in the client).
- *
- * This function already does all of the stuff specific to S/MIME protocol
- * and local policy; the return value just needs to be passed to
- * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
- * and finally to SEC_PKCS7DestroyContentInfo().
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-NSSCMSMessage *
-NSS_SMIMEMessage_CreateEncrypted(CERTCertificate *scert,
- CERTCertificate **rcerts,
- CERTCertDBHandle *certdb,
- PK11PasswordFunc pwfn,
- void *pwfn_arg)
-{
- NSSCMSMessage *cmsg;
- long cipher;
- SECOidTag encalg;
- int keysize;
- int mapi, rci;
-
- cipher = smime_choose_cipher (scert, rcerts);
- if (cipher < 0)
- return NULL;
-
- mapi = smime_mapi_by_cipher (cipher);
- if (mapi < 0)
- return NULL;
-
- /*
- * XXX This is stretching it -- CreateEnvelopedData should probably
- * take a cipher itself of some sort, because we cannot know what the
- * future will bring in terms of parameters for each type of algorithm.
- * For example, just an algorithm and keysize is *not* sufficient to
- * fully specify the usage of RC5 (which also needs to know rounds and
- * block size). Work this out into a better API!
- */
- encalg = smime_cipher_map[mapi].algtag;
- keysize = smime_keysize_by_cipher (cipher);
- if (keysize < 0)
- return NULL;
-
- cinfo = SEC_PKCS7CreateEnvelopedData (scert, certUsageEmailRecipient,
- certdb, encalg, keysize,
- pwfn, pwfn_arg);
- if (cinfo == NULL)
- return NULL;
-
- for (rci = 0; rcerts[rci] != NULL; rci++) {
- if (rcerts[rci] == scert)
- continue;
- if (SEC_PKCS7AddRecipient (cinfo, rcerts[rci], certUsageEmailRecipient,
- NULL) != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
- }
- }
-
- return cinfo;
-}
-#endif
-
-
-/*
- * Start an S/MIME signing context.
- *
- * "scert" is the cert that will be used to sign the data. It will be
- * checked for validity.
- *
- * "ecert" is the signer's encryption cert. If it is different from
- * scert, then it will be included in the signed message so that the
- * recipient can save it for future encryptions.
- *
- * "certdb" is the cert database to use for verifying the cert.
- * It can be NULL if a default database is available (like in the client).
- *
- * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
- * XXX There should be SECMIME functions for hashing, or the hashing should
- * be built into this interface, which we would like because we would
- * support more smartcards that way, and then this argument should go away.)
- *
- * "digest" is the actual digest of the data. It must be provided in
- * the case of detached data or NULL if the content will be included.
- *
- * This function already does all of the stuff specific to S/MIME protocol
- * and local policy; the return value just needs to be passed to
- * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
- * and finally to SEC_PKCS7DestroyContentInfo().
- *
- * An error results in a return value of NULL and an error set.
- * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
- */
-
-NSSCMSMessage *
-NSS_SMIMEMessage_CreateSigned(CERTCertificate *scert,
- CERTCertificate *ecert,
- CERTCertDBHandle *certdb,
- SECOidTag digestalgtag,
- SECItem *digest,
- PK11PasswordFunc pwfn,
- void *pwfn_arg)
-{
- NSSCMSMessage *cmsg;
- NSSCMSSignedData *sigd;
- NSSCMSSignerInfo *signerinfo;
-
- /* See note in header comment above about digestalg. */
- PORT_Assert (digestalgtag == SEC_OID_SHA1);
-
- cmsg = NSS_CMSMessage_Create(NULL);
- if (cmsg == NULL)
- return NULL;
-
- sigd = NSS_CMSSignedData_Create(cmsg);
- if (sigd == NULL)
- goto loser;
-
- /* create just one signerinfo */
- signerinfo = NSS_CMSSignerInfo_Create(cmsg, scert, digestalgtag);
- if (signerinfo == NULL)
- goto loser;
-
- /* Add the signing time to the signerinfo. */
- if (NSS_CMSSignerInfo_AddSigningTime(signerinfo, PR_Now()) != SECSuccess)
- goto loser;
-
- /* and add the SMIME profile */
- if (NSS_SMIMESignerInfo_AddSMIMEProfile(signerinfo, scert) != SECSuccess)
- goto loser;
-
- /* now add the signerinfo to the signeddata */
- if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess)
- goto loser;
-
- /* include the signing cert and its entire chain */
- /* note that there are no checks for duplicate certs in place, as all the */
- /* essential data structures (like set of certificate) are not there */
- if (NSS_CMSSignedData_AddCertChain(sigd, scert) != SECSuccess)
- goto loser;
-
- /* If the encryption cert and the signing cert differ, then include
- * the encryption cert too. */
- if ( ( ecert != NULL ) && ( ecert != scert ) ) {
- if (NSS_CMSSignedData_AddCertificate(sigd, ecert) != SECSuccess)
- goto loser;
- }
-
- return cmsg;
-loser:
- if (cmsg)
- NSS_CMSMessage_Destroy(cmsg);
- return NULL;
-}
diff --git a/security/nss/lib/smime/smimeutil.c b/security/nss/lib/smime/smimeutil.c
deleted file mode 100644
index 7d98b6a09..000000000
--- a/security/nss/lib/smime/smimeutil.c
+++ /dev/null
@@ -1,714 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Stuff specific to S/MIME policy and interoperability.
- *
- * $Id$
- */
-
-#include "secmime.h"
-#include "secoid.h"
-#include "pk11func.h"
-#include "ciferfam.h" /* for CIPHER_FAMILY symbols */
-#include "secasn1.h"
-#include "secitem.h"
-#include "cert.h"
-#include "key.h"
-#include "secerr.h"
-#include "cms.h"
-
-/* various integer's ASN.1 encoding */
-static unsigned char asn1_int40[] = { SEC_ASN1_INTEGER, 0x01, 0x28 };
-static unsigned char asn1_int64[] = { SEC_ASN1_INTEGER, 0x01, 0x40 };
-static unsigned char asn1_int128[] = { SEC_ASN1_INTEGER, 0x02, 0x00, 0x80 };
-
-/* RC2 algorithm parameters (used in smime_cipher_map) */
-static SECItem param_int40 = { siBuffer, asn1_int40, sizeof(asn1_int40) };
-static SECItem param_int64 = { siBuffer, asn1_int64, sizeof(asn1_int64) };
-static SECItem param_int128 = { siBuffer, asn1_int128, sizeof(asn1_int128) };
-
-/*
- * XXX Would like the "parameters" field to be a SECItem *, but the
- * encoder is having trouble with optional pointers to an ANY. Maybe
- * once that is fixed, can change this back...
- */
-typedef struct {
- SECItem capabilityID;
- SECItem parameters;
- long cipher; /* optimization */
-} NSSSMIMECapability;
-
-static const SEC_ASN1Template NSSSMIMECapabilityTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(NSSSMIMECapability) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(NSSSMIMECapability,capabilityID), },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
- offsetof(NSSSMIMECapability,parameters), },
- { 0, }
-};
-
-static const SEC_ASN1Template NSSSMIMECapabilitiesTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, NSSSMIMECapabilityTemplate }
-};
-
-/*
- * NSSSMIMEEncryptionKeyPreference - if we find one of these, it needs to prompt us
- * to store this and only this certificate permanently for the sender email address.
- */
-typedef enum {
- NSSSMIMEEncryptionKeyPref_IssuerSN,
- NSSSMIMEEncryptionKeyPref_RKeyID,
- NSSSMIMEEncryptionKeyPref_SubjectKeyID
-} NSSSMIMEEncryptionKeyPrefSelector;
-
-typedef struct {
- NSSSMIMEEncryptionKeyPrefSelector selector;
- union {
- CERTIssuerAndSN *issuerAndSN;
- NSSCMSRecipientKeyIdentifier *recipientKeyID;
- SECItem *subjectKeyID;
- } id;
-} NSSSMIMEEncryptionKeyPreference;
-
-extern const SEC_ASN1Template NSSCMSRecipientKeyIdentifierTemplate[];
-
-static const SEC_ASN1Template smime_encryptionkeypref_template[] = {
- { SEC_ASN1_CHOICE,
- offsetof(NSSSMIMEEncryptionKeyPreference,selector), NULL,
- sizeof(NSSSMIMEEncryptionKeyPreference) },
- { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(NSSSMIMEEncryptionKeyPreference,id.issuerAndSN),
- CERT_IssuerAndSNTemplate,
- NSSSMIMEEncryptionKeyPref_IssuerSN },
- { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(NSSSMIMEEncryptionKeyPreference,id.recipientKeyID),
- NSSCMSRecipientKeyIdentifierTemplate,
- NSSSMIMEEncryptionKeyPref_IssuerSN },
- { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 2,
- offsetof(NSSSMIMEEncryptionKeyPreference,id.subjectKeyID),
- SEC_OctetStringTemplate,
- NSSSMIMEEncryptionKeyPref_SubjectKeyID },
- { 0, }
-};
-
-/* smime_cipher_map - map of SMIME symmetric "ciphers" to algtag & parameters */
-typedef struct {
- unsigned long cipher;
- SECOidTag algtag;
- SECItem *parms;
- PRBool enabled; /* in the user's preferences */
- PRBool allowed; /* per export policy */
-} smime_cipher_map_entry;
-
-/* global: list of supported SMIME symmetric ciphers, ordered roughly by increasing strength */
-static smime_cipher_map_entry smime_cipher_map[] = {
-/* cipher algtag parms enabled allowed */
-/* ---------------------------------------------------------------------------------- */
- { SMIME_RC2_CBC_40, SEC_OID_RC2_CBC, &param_int40, PR_TRUE, PR_TRUE },
- { SMIME_DES_CBC_56, SEC_OID_DES_CBC, NULL, PR_TRUE, PR_TRUE },
- { SMIME_RC2_CBC_64, SEC_OID_RC2_CBC, &param_int64, PR_TRUE, PR_TRUE },
- { SMIME_RC2_CBC_128, SEC_OID_RC2_CBC, &param_int128, PR_TRUE, PR_TRUE },
- { SMIME_DES_EDE3_168, SEC_OID_DES_EDE3_CBC, NULL, PR_TRUE, PR_TRUE },
- { SMIME_FORTEZZA, SEC_OID_FORTEZZA_SKIPJACK, NULL, PR_TRUE, PR_TRUE }
-};
-static const int smime_cipher_map_count = sizeof(smime_cipher_map) / sizeof(smime_cipher_map_entry);
-
-/*
- * smime_mapi_by_cipher - find index into smime_cipher_map by cipher
- */
-static int
-smime_mapi_by_cipher(unsigned long cipher)
-{
- int i;
-
- for (i = 0; i < smime_cipher_map_count; i++) {
- if (smime_cipher_map[i].cipher == cipher)
- return i; /* bingo */
- }
- return -1; /* should not happen if we're consistent, right? */
-}
-
-/*
- * NSS_SMIME_EnableCipher - this function locally records the user's preference
- */
-SECStatus
-NSS_SMIMEUtil_EnableCipher(unsigned long which, PRBool on)
-{
- unsigned long mask;
- int mapi;
-
- mask = which & CIPHER_FAMILYID_MASK;
-
- PORT_Assert (mask == CIPHER_FAMILYID_SMIME);
- if (mask != CIPHER_FAMILYID_SMIME)
- /* XXX set an error! */
- return SECFailure;
-
- mapi = smime_mapi_by_cipher(which);
- if (mapi < 0)
- /* XXX set an error */
- return SECFailure;
-
- /* do we try to turn on a forbidden cipher? */
- if (!smime_cipher_map[mapi].allowed && on) {
- PORT_SetError (SEC_ERROR_BAD_EXPORT_ALGORITHM);
- return SECFailure;
- }
-
- if (smime_cipher_map[mapi].enabled != on)
- smime_cipher_map[mapi].enabled = on;
-
- return SECSuccess;
-}
-
-
-/*
- * this function locally records the export policy
- */
-SECStatus
-NSS_SMIMEUtil_AllowCipher(unsigned long which, PRBool on)
-{
- unsigned long mask;
- int mapi;
-
- mask = which & CIPHER_FAMILYID_MASK;
-
- PORT_Assert (mask == CIPHER_FAMILYID_SMIME);
- if (mask != CIPHER_FAMILYID_SMIME)
- /* XXX set an error! */
- return SECFailure;
-
- mapi = smime_mapi_by_cipher(which);
- if (mapi < 0)
- /* XXX set an error */
- return SECFailure;
-
- if (smime_cipher_map[mapi].allowed != on)
- smime_cipher_map[mapi].allowed = on;
-
- return SECSuccess;
-}
-
-/*
- * Based on the given algorithm (including its parameters, in some cases!)
- * and the given key (may or may not be inspected, depending on the
- * algorithm), find the appropriate policy algorithm specification
- * and return it. If no match can be made, -1 is returned.
- */
-static SECStatus
-nss_smime_get_cipher_for_alg_and_key(SECAlgorithmID *algid, PK11SymKey *key, unsigned long *cipher)
-{
- SECOidTag algtag;
- unsigned int keylen_bits;
- SECStatus rv = SECSuccess;
- unsigned long c;
-
- algtag = SECOID_GetAlgorithmTag(algid);
- switch (algtag) {
- case SEC_OID_RC2_CBC:
- keylen_bits = PK11_GetKeyStrength(key, algid);
- switch (keylen_bits) {
- case 40:
- c = SMIME_RC2_CBC_40;
- case 64:
- c = SMIME_RC2_CBC_64;
- case 128:
- c = SMIME_RC2_CBC_128;
- default:
- rv = SECFailure;
- break;
- }
- break;
- case SEC_OID_DES_CBC:
- c = SMIME_DES_CBC_56;
- case SEC_OID_DES_EDE3_CBC:
- c = SMIME_DES_EDE3_168;
- case SEC_OID_FORTEZZA_SKIPJACK:
- c = SMIME_FORTEZZA;
- default:
- rv = SECFailure;
- }
- if (rv == SECSuccess)
- *cipher = c;
- return rv;
-}
-
-static PRBool
-nss_smime_cipher_allowed(unsigned long which)
-{
- int mapi;
-
- mapi = smime_mapi_by_cipher(which);
- if (mapi < 0)
- return PR_FALSE;
- return smime_cipher_map[mapi].allowed;
-}
-
-PRBool
-NSS_SMIMEUtil_DecryptionAllowed(SECAlgorithmID *algid, PK11SymKey *key)
-{
- unsigned long which;
-
- if (nss_smime_get_cipher_for_alg_and_key(algid, key, &which) != SECSuccess)
- return PR_FALSE;
-
- return nss_smime_cipher_allowed(which);
-}
-
-
-/*
- * NSS_SMIME_EncryptionPossible - check if any encryption is allowed
- *
- * This tells whether or not *any* S/MIME encryption can be done,
- * according to policy. Callers may use this to do nicer user interface
- * (say, greying out a checkbox so a user does not even try to encrypt
- * a message when they are not allowed to) or for any reason they want
- * to check whether S/MIME encryption (or decryption, for that matter)
- * may be done.
- *
- * It takes no arguments. The return value is a simple boolean:
- * PR_TRUE means encryption (or decryption) is *possible*
- * (but may still fail due to other reasons, like because we cannot
- * find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
- * PR_FALSE means encryption (or decryption) is not permitted
- *
- * There are no errors from this routine.
- */
-PRBool
-NSS_SMIMEUtil_EncryptionPossible(void)
-{
- int i;
-
- for (i = 0; i < smime_cipher_map_count; i++) {
- if (smime_cipher_map[i].allowed)
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-
-static int
-nss_SMIME_FindCipherForSMIMECap(NSSSMIMECapability *cap)
-{
- int i;
- SECOidTag capIDTag;
-
- /* we need the OIDTag here */
- capIDTag = SECOID_FindOIDTag(&(cap->capabilityID));
-
- /* go over all the SMIME ciphers we know and see if we find a match */
- for (i = 0; i < smime_cipher_map_count; i++) {
- if (smime_cipher_map[i].algtag != capIDTag)
- continue;
- /*
- * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
- * 2 NULLs as equal and NULL and non-NULL as not equal), we could
- * use that here instead of all of the following comparison code.
- */
- if (cap->parameters.data == NULL && smime_cipher_map[i].parms == NULL)
- break; /* both empty: bingo */
-
- if (cap->parameters.data != NULL && smime_cipher_map[i].parms != NULL &&
- cap->parameters.len == smime_cipher_map[i].parms->len &&
- PORT_Memcmp (cap->parameters.data, smime_cipher_map[i].parms->data,
- cap->parameters.len) == 0)
- {
- break; /* both not empty, same length & equal content: bingo */
- }
- }
-
- if (i == smime_cipher_map_count)
- return 0; /* no match found */
- else
- return smime_cipher_map[i].cipher; /* match found, point to cipher */
-}
-
-/*
- * smime_choose_cipher - choose a cipher that works for all the recipients
- *
- * "scert" - sender's certificate
- * "rcerts" - recipient's certificates
- */
-static long
-smime_choose_cipher(CERTCertificate *scert, CERTCertificate **rcerts)
-{
- PRArenaPool *poolp;
- long cipher;
- long chosen_cipher;
- int *cipher_abilities;
- int *cipher_votes;
- int weak_mapi;
- int strong_mapi;
- int rcount, mapi, max, i;
- PRBool scert_is_fortezza = (scert == NULL) ? PR_FALSE : PK11_FortezzaHasKEA(scert);
-
- chosen_cipher = SMIME_RC2_CBC_40; /* the default, LCD */
- weak_mapi = smime_mapi_by_cipher(chosen_cipher);
-
- poolp = PORT_NewArena (1024); /* XXX what is right value? */
- if (poolp == NULL)
- goto done;
-
- cipher_abilities = (int *)PORT_ArenaZAlloc(poolp, smime_cipher_map_count * sizeof(int));
- cipher_votes = (int *)PORT_ArenaZAlloc(poolp, smime_cipher_map_count * sizeof(int));
- if (cipher_votes == NULL || cipher_abilities == NULL)
- goto done;
-
- /* If the user has the Fortezza preference turned on, make
- * that the strong cipher. Otherwise, use triple-DES. */
- strong_mapi = smime_mapi_by_cipher (SMIME_DES_EDE3_168);
- if (scert_is_fortezza) {
- mapi = smime_mapi_by_cipher(SMIME_FORTEZZA);
- if (mapi >= 0 && smime_cipher_map[mapi].enabled)
- strong_mapi = mapi;
- }
-
- /* walk all the recipient's certs */
- for (rcount = 0; rcerts[rcount] != NULL; rcount++) {
- SECItem *profile;
- NSSSMIMECapability **caps;
- int pref;
-
- /* the first cipher that matches in the user's SMIME profile gets
- * "smime_cipher_map_count" votes; the next one gets "smime_cipher_map_count" - 1
- * and so on. If every cipher matches, the last one gets 1 (one) vote */
- pref = smime_cipher_map_count;
-
- /* find recipient's SMIME profile */
- profile = CERT_FindSMimeProfile(rcerts[rcount]);
-
- if (profile != NULL && profile->data != NULL && profile->len > 0) {
- /* we have a profile (still DER-encoded) */
- caps = NULL;
- /* decode it */
- if (SEC_ASN1DecodeItem(poolp, &caps, NSSSMIMECapabilitiesTemplate, profile) == SECSuccess &&
- caps != NULL)
- {
- /* walk the SMIME capabilities for this recipient */
- for (i = 0; caps[i] != NULL; i++) {
- cipher = nss_SMIME_FindCipherForSMIMECap(caps[i]);
- mapi = smime_mapi_by_cipher(cipher);
- if (mapi >= 0) {
- /* found the cipher */
- cipher_abilities[mapi]++;
- cipher_votes[mapi] += pref;
- --pref;
- }
- }
- }
- } else {
- /* no profile found - so we can only assume that the user can do
- * the mandatory algorithms which is RC2-40 (weak crypto) and 3DES (strong crypto) */
- SECKEYPublicKey *key;
- unsigned int pklen_bits;
-
- /*
- * if recipient's public key length is > 512, vote for a strong cipher
- * please not that the side effect of this is that if only one recipient
- * has an export-level public key, the strong cipher is disabled.
- *
- * XXX This is probably only good for RSA keys. What I would
- * really like is a function to just say; Is the public key in
- * this cert an export-length key? Then I would not have to
- * know things like the value 512, or the kind of key, or what
- * a subjectPublicKeyInfo is, etc.
- */
- key = CERT_ExtractPublicKey(rcerts[rcount]);
- pklen_bits = 0;
- if (key != NULL) {
- pklen_bits = SECKEY_PublicKeyStrength (key) * 8;
- SECKEY_DestroyPublicKey (key);
- }
-
- if (pklen_bits > 512) {
- /* cast votes for the strong algorithm */
- cipher_abilities[strong_mapi]++;
- cipher_votes[strong_mapi] += pref;
- pref--;
- }
-
- /* always cast (possibly less) votes for the weak algorithm */
- cipher_abilities[weak_mapi]++;
- cipher_votes[weak_mapi] += pref;
- }
- if (profile != NULL)
- SECITEM_FreeItem(profile, PR_TRUE);
- }
-
- /* find cipher that is agreeable by all recipients and that has the most votes */
- max = 0;
- for (mapi = 0; mapi < smime_cipher_map_count; mapi++) {
- /* if not all of the recipients can do this, forget it */
- if (cipher_abilities[mapi] != rcount)
- continue;
- /* if cipher is not enabled or not allowed by policy, forget it */
- if (!smime_cipher_map[mapi].enabled || !smime_cipher_map[mapi].allowed)
- continue;
- /* if we're not doing fortezza, but the cipher is fortezza, forget it */
- if (!scert_is_fortezza && (smime_cipher_map[mapi].cipher == SMIME_FORTEZZA))
- continue;
- /* now see if this one has more votes than the last best one */
- if (cipher_votes[mapi] >= max) {
- /* if equal number of votes, prefer the ones further down in the list */
- /* with the expectation that these are higher rated ciphers */
- chosen_cipher = smime_cipher_map[mapi].cipher;
- max = cipher_votes[mapi];
- }
- }
- /* if no common cipher was found, chosen_cipher stays at the default */
-
-done:
- if (poolp != NULL)
- PORT_FreeArena (poolp, PR_FALSE);
-
- return chosen_cipher;
-}
-
-/*
- * XXX This is a hack for now to satisfy our current interface.
- * Eventually, with more parameters needing to be specified, just
- * looking up the keysize is not going to be sufficient.
- */
-static int
-smime_keysize_by_cipher (unsigned long which)
-{
- int keysize;
-
- switch (which) {
- case SMIME_RC2_CBC_40:
- keysize = 40;
- break;
- case SMIME_RC2_CBC_64:
- keysize = 64;
- break;
- case SMIME_RC2_CBC_128:
- keysize = 128;
- break;
- case SMIME_DES_CBC_56:
- case SMIME_DES_EDE3_168:
- case SMIME_FORTEZZA:
- /*
- * These are special; since the key size is fixed, we actually
- * want to *avoid* specifying a key size.
- */
- keysize = 0;
- break;
- default:
- keysize = -1;
- break;
- }
-
- return keysize;
-}
-
-/*
- * NSS_SMIMEUtil_FindBulkAlgForRecipients - find bulk algorithm suitable for all recipients
- *
- * it would be great for UI purposes if there would be a way to find out which recipients
- * prevented a strong cipher from being used...
- */
-SECStatus
-NSS_SMIMEUtil_FindBulkAlgForRecipients(CERTCertificate **rcerts, SECOidTag *bulkalgtag, int *keysize)
-{
- unsigned long cipher;
- int mapi;
-
- cipher = smime_choose_cipher(NULL, rcerts);
- mapi = smime_mapi_by_cipher(cipher);
-
- *bulkalgtag = smime_cipher_map[mapi].algtag;
- *keysize = smime_keysize_by_cipher(smime_cipher_map[mapi].algtag);
-
- return SECSuccess;
-}
-
-/*
- * NSS_SMIMEUtil_CreateSMIMECapabilities - get S/MIME capabilities for this instance of NSS
- *
- * scans the list of allowed and enabled ciphers and construct a PKCS9-compliant
- * S/MIME capabilities attribute value.
- *
- * XXX Please note that, in contradiction to RFC2633 2.5.2, the capabilities only include
- * symmetric ciphers, NO signature algorithms or key encipherment algorithms.
- *
- * "poolp" - arena pool to create the S/MIME capabilities data on
- * "dest" - SECItem to put the data in
- * "includeFortezzaCiphers" - PR_TRUE if fortezza ciphers should be included
- */
-SECStatus
-NSS_SMIMEUtil_CreateSMIMECapabilities(PLArenaPool *poolp, SECItem *dest, PRBool includeFortezzaCiphers)
-{
- NSSSMIMECapability *cap;
- NSSSMIMECapability **smime_capabilities;
- smime_cipher_map_entry *map;
- SECOidData *oiddata;
- SECItem *dummy;
- int i, capIndex;
-
- /* if we have an old NSSSMIMECapability array, we'll reuse it (has the right size) */
- /* smime_cipher_map_count + 1 is an upper bound - we might end up with less */
- smime_capabilities = (NSSSMIMECapability **)PORT_ZAlloc((smime_cipher_map_count + 1)
- * sizeof(NSSSMIMECapability *));
- if (smime_capabilities == NULL)
- return SECFailure;
-
- capIndex = 0;
-
- /* Add all the symmetric ciphers
- * We walk the cipher list backwards, as it is ordered by increasing strength,
- * we prefer the stronger cipher over a weaker one, and we have to list the
- * preferred algorithm first */
- for (i = smime_cipher_map_count - 1; i >= 0; i--) {
- /* Find the corresponding entry in the cipher map. */
- map = &(smime_cipher_map[i]);
- if (!map->enabled)
- continue;
-
- /* If we're using a non-Fortezza cert, only advertise non-Fortezza
- capabilities. (We advertise all capabilities if we have a
- Fortezza cert.) */
- if ((!includeFortezzaCiphers) && (map->cipher == SMIME_FORTEZZA))
- continue;
-
- /* get next SMIME capability */
- cap = (NSSSMIMECapability *)PORT_ZAlloc(sizeof(NSSSMIMECapability));
- if (cap == NULL)
- break;
- smime_capabilities[capIndex++] = cap;
-
- oiddata = SECOID_FindOIDByTag(map->algtag);
- if (oiddata == NULL)
- break;
-
- cap->capabilityID.data = oiddata->oid.data;
- cap->capabilityID.len = oiddata->oid.len;
- cap->parameters.data = map->parms ? map->parms->data : NULL;
- cap->parameters.len = map->parms ? map->parms->len : 0;
- cap->cipher = smime_cipher_map[i].cipher;
- }
-
- /* XXX add signature algorithms */
- /* XXX add key encipherment algorithms */
-
- smime_capabilities[capIndex] = NULL; /* last one - now encode */
- dummy = SEC_ASN1EncodeItem(poolp, dest, &smime_capabilities, NSSSMIMECapabilitiesTemplate);
-
- /* now that we have the proper encoded SMIMECapabilities (or not),
- * free the work data */
- for (i = 0; smime_capabilities[i] != NULL; i++)
- PORT_Free(smime_capabilities[i]);
- PORT_Free(smime_capabilities);
-
- return (dummy == NULL) ? SECFailure : SECSuccess;
-}
-
-/*
- * NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value
- *
- * "poolp" - arena pool to create the attr value on
- * "dest" - SECItem to put the data in
- * "cert" - certificate that should be marked as preferred encryption key
- * cert is expected to have been verified for EmailRecipient usage.
- */
-SECStatus
-NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs(PLArenaPool *poolp, SECItem *dest, CERTCertificate *cert)
-{
- NSSSMIMEEncryptionKeyPreference ekp;
- SECItem *dummy = NULL;
- PLArenaPool *tmppoolp;
-
- if (cert == NULL)
- goto loser;
-
- tmppoolp = PORT_NewArena(1024);
- if (tmppoolp == NULL)
- goto loser;
-
- /* XXX hardcoded IssuerSN choice for now */
- ekp.selector = NSSSMIMEEncryptionKeyPref_IssuerSN;
- ekp.id.issuerAndSN = CERT_GetCertIssuerAndSN(tmppoolp, cert);
- if (ekp.id.issuerAndSN == NULL)
- goto loser;
-
- dummy = SEC_ASN1EncodeItem(poolp, dest, &ekp, smime_encryptionkeypref_template);
-
-loser:
- if (tmppoolp) PORT_FreeArena(tmppoolp, PR_FALSE);
-
- return (dummy == NULL) ? SECFailure : SECSuccess;
-}
-
-/*
- * NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference -
- * find cert marked by EncryptionKeyPreference attribute
- *
- * "certdb" - handle for the cert database to look in
- * "DERekp" - DER-encoded value of S/MIME Encryption Key Preference attribute
- *
- * if certificate is supposed to be found among the message's included certificates,
- * they are assumed to have been imported already.
- */
-CERTCertificate *
-NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference(CERTCertDBHandle *certdb, SECItem *DERekp)
-{
- PLArenaPool *tmppoolp = NULL;
- CERTCertificate *cert = NULL;
- NSSSMIMEEncryptionKeyPreference ekp;
-
- tmppoolp = PORT_NewArena(1024);
- if (tmppoolp == NULL)
- return NULL;
-
- /* decode DERekp */
- if (SEC_ASN1DecodeItem(tmppoolp, &ekp, smime_encryptionkeypref_template, DERekp) != SECSuccess)
- goto loser;
-
- /* find cert */
- switch (ekp.selector) {
- case NSSSMIMEEncryptionKeyPref_IssuerSN:
- cert = CERT_FindCertByIssuerAndSN(certdb, ekp.id.issuerAndSN);
- break;
- case NSSSMIMEEncryptionKeyPref_RKeyID:
- case NSSSMIMEEncryptionKeyPref_SubjectKeyID:
- /* XXX not supported yet - we need to be able to look up certs by SubjectKeyID */
- break;
- default:
- PORT_Assert(0);
- }
-loser:
- if (tmppoolp) PORT_FreeArena(tmppoolp, PR_FALSE);
-
- return cert;
-}
diff --git a/security/nss/lib/softoken/Makefile b/security/nss/lib/softoken/Makefile
deleted file mode 100644
index ad4d0cc4d..000000000
--- a/security/nss/lib/softoken/Makefile
+++ /dev/null
@@ -1,77 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
-
diff --git a/security/nss/lib/softoken/alghmac.c b/security/nss/lib/softoken/alghmac.c
deleted file mode 100644
index ff320da09..000000000
--- a/security/nss/lib/softoken/alghmac.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "alghmac.h"
-#include "sechash.h"
-#include "secoid.h"
-#include "secport.h"
-
-#define HMAC_PAD_SIZE 64
-
-struct HMACContextStr {
- void *hash;
- SECHashObject *hashobj;
- unsigned char ipad[HMAC_PAD_SIZE];
- unsigned char opad[HMAC_PAD_SIZE];
-};
-
-void
-HMAC_Destroy(HMACContext *cx)
-{
- if (cx == NULL)
- return;
-
- if (cx->hash != NULL)
- cx->hashobj->destroy(cx->hash, PR_TRUE);
- PORT_ZFree(cx, sizeof(HMACContext));
-}
-
-HMACContext *
-HMAC_Create(SECOidTag hash_alg,
- const unsigned char *secret,
- unsigned int secret_len)
-{
- HMACContext *cx;
- int i;
- unsigned char hashed_secret[SHA1_LENGTH];
-
- cx = (HMACContext*)PORT_ZAlloc(sizeof(HMACContext));
- if (cx == NULL)
- return NULL;
-
- switch (hash_alg) {
- case SEC_OID_MD5:
- cx->hashobj = &SECRawHashObjects[HASH_AlgMD5];
- break;
- case SEC_OID_MD2:
- cx->hashobj = &SECRawHashObjects[HASH_AlgMD2];
- break;
- case SEC_OID_SHA1:
- cx->hashobj = &SECRawHashObjects[HASH_AlgSHA1];
- break;
- default:
- goto loser;
- }
-
- cx->hash = cx->hashobj->create();
- if (cx->hash == NULL)
- goto loser;
-
- if (secret_len > HMAC_PAD_SIZE) {
- cx->hashobj->begin( cx->hash);
- cx->hashobj->update(cx->hash, secret, secret_len);
- cx->hashobj->end( cx->hash, hashed_secret, &secret_len,
- sizeof hashed_secret);
- if (secret_len != cx->hashobj->length)
- goto loser;
- secret = (const unsigned char *)&hashed_secret[0];
- }
-
- PORT_Memset(cx->ipad, 0x36, sizeof cx->ipad);
- PORT_Memset(cx->opad, 0x5c, sizeof cx->opad);
-
- /* fold secret into padding */
- for (i = 0; i < secret_len; i++) {
- cx->ipad[i] ^= secret[i];
- cx->opad[i] ^= secret[i];
- }
- PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
- return cx;
-
-loser:
- PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
- HMAC_Destroy(cx);
- return NULL;
-}
-
-void
-HMAC_Begin(HMACContext *cx)
-{
- /* start inner hash */
- cx->hashobj->begin(cx->hash);
- cx->hashobj->update(cx->hash, cx->ipad, sizeof(cx->ipad));
-}
-
-void
-HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len)
-{
- cx->hashobj->update(cx->hash, data, data_len);
-}
-
-SECStatus
-HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
- unsigned int max_result_len)
-{
- if (max_result_len < cx->hashobj->length)
- return SECFailure;
-
- cx->hashobj->end(cx->hash, result, result_len, max_result_len);
- if (*result_len != cx->hashobj->length)
- return SECFailure;
-
- cx->hashobj->begin(cx->hash);
- cx->hashobj->update(cx->hash, cx->opad, sizeof(cx->opad));
- cx->hashobj->update(cx->hash, result, *result_len);
- cx->hashobj->end(cx->hash, result, result_len, max_result_len);
- return SECSuccess;
-}
-
-HMACContext *
-HMAC_Clone(HMACContext *cx)
-{
- HMACContext *newcx;
-
- newcx = (HMACContext*)PORT_ZAlloc(sizeof(HMACContext));
- if (newcx == NULL)
- goto loser;
-
- newcx->hashobj = cx->hashobj;
- newcx->hash = cx->hashobj->clone(cx->hash);
- if (newcx->hash == NULL)
- goto loser;
- PORT_Memcpy(newcx->ipad, cx->ipad, sizeof(cx->ipad));
- PORT_Memcpy(newcx->opad, cx->opad, sizeof(cx->opad));
- return newcx;
-
-loser:
- HMAC_Destroy(newcx);
- return NULL;
-}
diff --git a/security/nss/lib/softoken/alghmac.h b/security/nss/lib/softoken/alghmac.h
deleted file mode 100644
index 10d598267..000000000
--- a/security/nss/lib/softoken/alghmac.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _ALGHMAC_H_
-#define _ALGHMAC_H_
-
-#include "secoid.h"
-
-typedef struct HMACContextStr HMACContext;
-
-SEC_BEGIN_PROTOS
-
-/* destroy HMAC context */
-extern void
-HMAC_Destroy(HMACContext *cx);
-
-/* create HMAC context
- * hash_alg the algorithm with which the HMAC is performed. This
- * should be, SEC_OID_MD5, SEC_OID_SHA1, or SEC_OID_MD2.
- * secret the secret with which the HMAC is performed.
- * secret_len the length of the secret, limited to at most 64 bytes.
- *
- * NULL is returned if an error occurs or the secret is > 64 bytes.
- */
-extern HMACContext *
-HMAC_Create(SECOidTag hash_alg, const unsigned char *secret,
- unsigned int secret_len);
-
-/* reset HMAC for a fresh round */
-extern void
-HMAC_Begin(HMACContext *cx);
-
-/* update HMAC
- * cx HMAC Context
- * data the data to perform HMAC on
- * data_len the length of the data to process
- */
-extern void
-HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len);
-
-/* Finish HMAC -- place the results within result
- * cx HMAC context
- * result buffer for resulting hmac'd data
- * result_len where the resultant hmac length is stored
- * max_result_len maximum possible length that can be stored in result
- */
-extern SECStatus
-HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
- unsigned int max_result_len);
-
-/* clone a copy of the HMAC state. this is usefult when you would
- * need to keep a running hmac but also need to extract portions
- * partway through the process.
- */
-extern HMACContext *
-HMAC_Clone(HMACContext *cx);
-
-SEC_END_PROTOS
-
-#endif
diff --git a/security/nss/lib/softoken/config.mk b/security/nss/lib/softoken/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/softoken/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/softoken/fipstest.c b/security/nss/lib/softoken/fipstest.c
deleted file mode 100644
index a96a70959..000000000
--- a/security/nss/lib/softoken/fipstest.c
+++ /dev/null
@@ -1,1093 +0,0 @@
-/*
- * PKCS #11 FIPS Power-Up Self Test.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */
- /* DES-CBC, DES3-ECB, DES3-CBC, RSA */
- /* and DSA. */
-#include "seccomon.h" /* Required for RSA and DSA. */
-#include "keylow.h" /* Required for RSA and DSA. */
-#include "pkcs11.h" /* Required for PKCS #11. */
-#include "secerr.h"
-
-/* FIPS preprocessor directives for RC2-ECB and RC2-CBC. */
-#define FIPS_RC2_KEY_LENGTH 5 /* 40-bits */
-#define FIPS_RC2_ENCRYPT_LENGTH 8 /* 64-bits */
-#define FIPS_RC2_DECRYPT_LENGTH 8 /* 64-bits */
-
-
-/* FIPS preprocessor directives for RC4. */
-#define FIPS_RC4_KEY_LENGTH 5 /* 40-bits */
-#define FIPS_RC4_ENCRYPT_LENGTH 8 /* 64-bits */
-#define FIPS_RC4_DECRYPT_LENGTH 8 /* 64-bits */
-
-
-/* FIPS preprocessor directives for DES-ECB and DES-CBC. */
-#define FIPS_DES_ENCRYPT_LENGTH 8 /* 64-bits */
-#define FIPS_DES_DECRYPT_LENGTH 8 /* 64-bits */
-
-
-/* FIPS preprocessor directives for DES3-CBC and DES3-ECB. */
-#define FIPS_DES3_ENCRYPT_LENGTH 8 /* 64-bits */
-#define FIPS_DES3_DECRYPT_LENGTH 8 /* 64-bits */
-
-
-/* FIPS preprocessor directives for MD2. */
-#define FIPS_MD2_HASH_MESSAGE_LENGTH 64 /* 512-bits */
-
-
-/* FIPS preprocessor directives for MD5. */
-#define FIPS_MD5_HASH_MESSAGE_LENGTH 64 /* 512-bits */
-
-
-/* FIPS preprocessor directives for SHA-1. */
-#define FIPS_SHA1_HASH_MESSAGE_LENGTH 64 /* 512-bits */
-
-
-/* FIPS preprocessor directives for RSA. */
-#define FIPS_RSA_TYPE siBuffer
-#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 1 /* 8-bits */
-#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */
-#define FIPS_RSA_MESSAGE_LENGTH 16 /* 128-bits */
-#define FIPS_RSA_COEFFICIENT_LENGTH 32 /* 256-bits */
-#define FIPS_RSA_PRIME0_LENGTH 33 /* 264-bits */
-#define FIPS_RSA_PRIME1_LENGTH 33 /* 264-bits */
-#define FIPS_RSA_EXPONENT0_LENGTH 33 /* 264-bits */
-#define FIPS_RSA_EXPONENT1_LENGTH 33 /* 264-bits */
-#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 64 /* 512-bits */
-#define FIPS_RSA_ENCRYPT_LENGTH 64 /* 512-bits */
-#define FIPS_RSA_DECRYPT_LENGTH 64 /* 512-bits */
-#define FIPS_RSA_CRYPTO_LENGTH 64 /* 512-bits */
-#define FIPS_RSA_SIGNATURE_LENGTH 64 /* 512-bits */
-#define FIPS_RSA_MODULUS_LENGTH 65 /* 520-bits */
-
-
-/* FIPS preprocessor directives for DSA. */
-#define FIPS_DSA_TYPE siBuffer
-#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */
-#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */
-#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */
-#define FIPS_DSA_PRIME_LENGTH 64 /* 512-bits */
-#define FIPS_DSA_BASE_LENGTH 64 /* 512-bits */
-
-static CK_RV
-pk11_fips_RC2_PowerUpSelfTest( void )
-{
- /* RC2 Known Key (40-bits). */
- static PRUint8 rc2_known_key[] = { "RSARC" };
-
- /* RC2-CBC Known Initialization Vector (64-bits). */
- static PRUint8 rc2_cbc_known_initialization_vector[] = {"Security"};
-
- /* RC2 Known Plaintext (64-bits). */
- static PRUint8 rc2_ecb_known_plaintext[] = {"Netscape"};
- static PRUint8 rc2_cbc_known_plaintext[] = {"Netscape"};
-
- /* RC2 Known Ciphertext (64-bits). */
- static PRUint8 rc2_ecb_known_ciphertext[] = {
- 0x1a,0x71,0x33,0x54,0x8d,0x5c,0xd2,0x30};
- static PRUint8 rc2_cbc_known_ciphertext[] = {
- 0xff,0x41,0xdb,0x94,0x8a,0x4c,0x33,0xb3};
-
- /* RC2 variables. */
- PRUint8 rc2_computed_ciphertext[FIPS_RC2_ENCRYPT_LENGTH];
- PRUint8 rc2_computed_plaintext[FIPS_RC2_DECRYPT_LENGTH];
- RC2Context * rc2_context;
- unsigned int rc2_bytes_encrypted;
- unsigned int rc2_bytes_decrypted;
- SECStatus rc2_status;
-
-
- /******************************************************/
- /* RC2-ECB Single-Round Known Answer Encryption Test: */
- /******************************************************/
-
- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
- NULL, NSS_RC2,
- FIPS_RC2_KEY_LENGTH );
-
- if( rc2_context == NULL )
- return( CKR_HOST_MEMORY );
-
- rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
- &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
- rc2_ecb_known_plaintext,
- FIPS_RC2_DECRYPT_LENGTH );
-
- RC2_DestroyContext( rc2_context, PR_TRUE );
-
- if( ( rc2_status != SECSuccess ) ||
- ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
- ( PORT_Memcmp( rc2_computed_ciphertext, rc2_ecb_known_ciphertext,
- FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
-
- /******************************************************/
- /* RC2-ECB Single-Round Known Answer Decryption Test: */
- /******************************************************/
-
- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
- NULL, NSS_RC2,
- FIPS_RC2_KEY_LENGTH );
-
- if( rc2_context == NULL )
- return( CKR_HOST_MEMORY );
-
- rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
- &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
- rc2_ecb_known_ciphertext,
- FIPS_RC2_ENCRYPT_LENGTH );
-
- RC2_DestroyContext( rc2_context, PR_TRUE );
-
- if( ( rc2_status != SECSuccess ) ||
- ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
- ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
- FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
-
- /******************************************************/
- /* RC2-CBC Single-Round Known Answer Encryption Test: */
- /******************************************************/
-
- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
- rc2_cbc_known_initialization_vector,
- NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
-
- if( rc2_context == NULL )
- return( CKR_HOST_MEMORY );
-
- rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
- &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
- rc2_cbc_known_plaintext,
- FIPS_RC2_DECRYPT_LENGTH );
-
- RC2_DestroyContext( rc2_context, PR_TRUE );
-
- if( ( rc2_status != SECSuccess ) ||
- ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
- ( PORT_Memcmp( rc2_computed_ciphertext, rc2_cbc_known_ciphertext,
- FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
-
- /******************************************************/
- /* RC2-CBC Single-Round Known Answer Decryption Test: */
- /******************************************************/
-
- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
- rc2_cbc_known_initialization_vector,
- NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
-
- if( rc2_context == NULL )
- return( CKR_HOST_MEMORY );
-
- rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
- &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
- rc2_cbc_known_ciphertext,
- FIPS_RC2_ENCRYPT_LENGTH );
-
- RC2_DestroyContext( rc2_context, PR_TRUE );
-
- if( ( rc2_status != SECSuccess ) ||
- ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
- ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
- FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
- return( CKR_OK );
-}
-
-
-static CK_RV
-pk11_fips_RC4_PowerUpSelfTest( void )
-{
- /* RC4 Known Key (40-bits). */
- static PRUint8 rc4_known_key[] = { "RSARC" };
-
- /* RC4 Known Plaintext (64-bits). */
- static PRUint8 rc4_known_plaintext[] = { "Netscape" };
-
- /* RC4 Known Ciphertext (64-bits). */
- static PRUint8 rc4_known_ciphertext[] = {
- 0x29,0x33,0xc7,0x9a,0x9d,0x6c,0x09,0xdd};
-
- /* RC4 variables. */
- PRUint8 rc4_computed_ciphertext[FIPS_RC4_ENCRYPT_LENGTH];
- PRUint8 rc4_computed_plaintext[FIPS_RC4_DECRYPT_LENGTH];
- RC4Context * rc4_context;
- unsigned int rc4_bytes_encrypted;
- unsigned int rc4_bytes_decrypted;
- SECStatus rc4_status;
-
-
- /**************************************************/
- /* RC4 Single-Round Known Answer Encryption Test: */
- /**************************************************/
-
- rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
-
- if( rc4_context == NULL )
- return( CKR_HOST_MEMORY );
-
- rc4_status = RC4_Encrypt( rc4_context, rc4_computed_ciphertext,
- &rc4_bytes_encrypted, FIPS_RC4_ENCRYPT_LENGTH,
- rc4_known_plaintext, FIPS_RC4_DECRYPT_LENGTH );
-
- RC4_DestroyContext( rc4_context, PR_TRUE );
-
- if( ( rc4_status != SECSuccess ) ||
- ( rc4_bytes_encrypted != FIPS_RC4_ENCRYPT_LENGTH ) ||
- ( PORT_Memcmp( rc4_computed_ciphertext, rc4_known_ciphertext,
- FIPS_RC4_ENCRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
-
- /**************************************************/
- /* RC4 Single-Round Known Answer Decryption Test: */
- /**************************************************/
-
- rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
-
- if( rc4_context == NULL )
- return( CKR_HOST_MEMORY );
-
- rc4_status = RC4_Decrypt( rc4_context, rc4_computed_plaintext,
- &rc4_bytes_decrypted, FIPS_RC4_DECRYPT_LENGTH,
- rc4_known_ciphertext, FIPS_RC4_ENCRYPT_LENGTH );
-
- RC4_DestroyContext( rc4_context, PR_TRUE );
-
- if( ( rc4_status != SECSuccess ) ||
- ( rc4_bytes_decrypted != FIPS_RC4_DECRYPT_LENGTH ) ||
- ( PORT_Memcmp( rc4_computed_plaintext, rc4_known_plaintext,
- FIPS_RC4_DECRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
- return( CKR_OK );
-}
-
-
-static CK_RV
-pk11_fips_DES_PowerUpSelfTest( void )
-{
- /* DES Known Key (56-bits). */
- static PRUint8 des_known_key[] = { "ANSI DES" };
-
- /* DES-CBC Known Initialization Vector (64-bits). */
- static PRUint8 des_cbc_known_initialization_vector[] = { "Security" };
-
- /* DES Known Plaintext (64-bits). */
- static PRUint8 des_ecb_known_plaintext[] = { "Netscape" };
- static PRUint8 des_cbc_known_plaintext[] = { "Netscape" };
-
- /* DES Known Ciphertext (64-bits). */
- static PRUint8 des_ecb_known_ciphertext[] = {
- 0x26,0x14,0xe9,0xc3,0x28,0x80,0x50,0xb0};
- static PRUint8 des_cbc_known_ciphertext[] = {
- 0x5e,0x95,0x94,0x5d,0x76,0xa2,0xd3,0x7d};
-
- /* DES variables. */
- PRUint8 des_computed_ciphertext[FIPS_DES_ENCRYPT_LENGTH];
- PRUint8 des_computed_plaintext[FIPS_DES_DECRYPT_LENGTH];
- DESContext * des_context;
- unsigned int des_bytes_encrypted;
- unsigned int des_bytes_decrypted;
- SECStatus des_status;
-
-
- /******************************************************/
- /* DES-ECB Single-Round Known Answer Encryption Test: */
- /******************************************************/
-
- des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_TRUE );
-
- if( des_context == NULL )
- return( CKR_HOST_MEMORY );
-
- des_status = DES_Encrypt( des_context, des_computed_ciphertext,
- &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
- des_ecb_known_plaintext,
- FIPS_DES_DECRYPT_LENGTH );
-
- DES_DestroyContext( des_context, PR_TRUE );
-
- if( ( des_status != SECSuccess ) ||
- ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
- ( PORT_Memcmp( des_computed_ciphertext, des_ecb_known_ciphertext,
- FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
-
- /******************************************************/
- /* DES-ECB Single-Round Known Answer Decryption Test: */
- /******************************************************/
-
- des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_FALSE );
-
- if( des_context == NULL )
- return( CKR_HOST_MEMORY );
-
- des_status = DES_Decrypt( des_context, des_computed_plaintext,
- &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
- des_ecb_known_ciphertext,
- FIPS_DES_ENCRYPT_LENGTH );
-
- DES_DestroyContext( des_context, PR_TRUE );
-
- if( ( des_status != SECSuccess ) ||
- ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
- ( PORT_Memcmp( des_computed_plaintext, des_ecb_known_plaintext,
- FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
-
- /******************************************************/
- /* DES-CBC Single-Round Known Answer Encryption Test. */
- /******************************************************/
-
- des_context = DES_CreateContext( des_known_key,
- des_cbc_known_initialization_vector,
- NSS_DES_CBC, PR_TRUE );
-
- if( des_context == NULL )
- return( CKR_HOST_MEMORY );
-
- des_status = DES_Encrypt( des_context, des_computed_ciphertext,
- &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
- des_cbc_known_plaintext,
- FIPS_DES_DECRYPT_LENGTH );
-
- DES_DestroyContext( des_context, PR_TRUE );
-
- if( ( des_status != SECSuccess ) ||
- ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
- ( PORT_Memcmp( des_computed_ciphertext, des_cbc_known_ciphertext,
- FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
-
- /******************************************************/
- /* DES-CBC Single-Round Known Answer Decryption Test. */
- /******************************************************/
-
- des_context = DES_CreateContext( des_known_key,
- des_cbc_known_initialization_vector,
- NSS_DES_CBC, PR_FALSE );
-
- if( des_context == NULL )
- return( CKR_HOST_MEMORY );
-
- des_status = DES_Decrypt( des_context, des_computed_plaintext,
- &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
- des_cbc_known_ciphertext,
- FIPS_DES_ENCRYPT_LENGTH );
-
- DES_DestroyContext( des_context, PR_TRUE );
-
- if( ( des_status != SECSuccess ) ||
- ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
- ( PORT_Memcmp( des_computed_plaintext, des_cbc_known_plaintext,
- FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
- return( CKR_OK );
-}
-
-
-static CK_RV
-pk11_fips_DES3_PowerUpSelfTest( void )
-{
- /* DES3 Known Key (56-bits). */
- static PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
-
- /* DES3-CBC Known Initialization Vector (64-bits). */
- static PRUint8 des3_cbc_known_initialization_vector[] = { "Security" };
-
- /* DES3 Known Plaintext (64-bits). */
- static PRUint8 des3_ecb_known_plaintext[] = { "Netscape" };
- static PRUint8 des3_cbc_known_plaintext[] = { "Netscape" };
-
- /* DES3 Known Ciphertext (64-bits). */
- static PRUint8 des3_ecb_known_ciphertext[] = {
- 0x55,0x8e,0xad,0x3c,0xee,0x49,0x69,0xbe};
- static PRUint8 des3_cbc_known_ciphertext[] = {
- 0x43,0xdc,0x6a,0xc1,0xaf,0xa6,0x32,0xf5};
-
- /* DES3 variables. */
- PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
- PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
- DESContext * des3_context;
- unsigned int des3_bytes_encrypted;
- unsigned int des3_bytes_decrypted;
- SECStatus des3_status;
-
-
- /*******************************************************/
- /* DES3-ECB Single-Round Known Answer Encryption Test. */
- /*******************************************************/
-
- des3_context = DES_CreateContext( des3_known_key, NULL,
- NSS_DES_EDE3, PR_TRUE );
-
- if( des3_context == NULL )
- return( CKR_HOST_MEMORY );
-
- des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
- &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
- des3_ecb_known_plaintext,
- FIPS_DES3_DECRYPT_LENGTH );
-
- DES_DestroyContext( des3_context, PR_TRUE );
-
- if( ( des3_status != SECSuccess ) ||
- ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
- ( PORT_Memcmp( des3_computed_ciphertext, des3_ecb_known_ciphertext,
- FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
-
- /*******************************************************/
- /* DES3-ECB Single-Round Known Answer Decryption Test. */
- /*******************************************************/
-
- des3_context = DES_CreateContext( des3_known_key, NULL,
- NSS_DES_EDE3, PR_FALSE );
-
- if( des3_context == NULL )
- return( CKR_HOST_MEMORY );
-
- des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
- &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
- des3_ecb_known_ciphertext,
- FIPS_DES3_ENCRYPT_LENGTH );
-
- DES_DestroyContext( des3_context, PR_TRUE );
-
- if( ( des3_status != SECSuccess ) ||
- ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
- ( PORT_Memcmp( des3_computed_plaintext, des3_ecb_known_plaintext,
- FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
-
- /*******************************************************/
- /* DES3-CBC Single-Round Known Answer Encryption Test. */
- /*******************************************************/
-
- des3_context = DES_CreateContext( des3_known_key,
- des3_cbc_known_initialization_vector,
- NSS_DES_EDE3_CBC, PR_TRUE );
-
- if( des3_context == NULL )
- return( CKR_HOST_MEMORY );
-
- des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
- &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
- des3_cbc_known_plaintext,
- FIPS_DES3_DECRYPT_LENGTH );
-
- DES_DestroyContext( des3_context, PR_TRUE );
-
- if( ( des3_status != SECSuccess ) ||
- ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
- ( PORT_Memcmp( des3_computed_ciphertext, des3_cbc_known_ciphertext,
- FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
-
- /*******************************************************/
- /* DES3-CBC Single-Round Known Answer Decryption Test. */
- /*******************************************************/
-
- des3_context = DES_CreateContext( des3_known_key,
- des3_cbc_known_initialization_vector,
- NSS_DES_EDE3_CBC, PR_FALSE );
-
- if( des3_context == NULL )
- return( CKR_HOST_MEMORY );
-
- des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
- &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
- des3_cbc_known_ciphertext,
- FIPS_DES3_ENCRYPT_LENGTH );
-
- DES_DestroyContext( des3_context, PR_TRUE );
-
- if( ( des3_status != SECSuccess ) ||
- ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
- ( PORT_Memcmp( des3_computed_plaintext, des3_cbc_known_plaintext,
- FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
- return( CKR_OK );
-}
-
-
-static CK_RV
-pk11_fips_MD2_PowerUpSelfTest( void )
-{
- /* MD2 Known Hash Message (512-bits). */
- static PRUint8 md2_known_hash_message[] = {
- "The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
-
- /* MD2 Known Digest Message (128-bits). */
- static PRUint8 md2_known_digest[] = {
- 0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17,
- 0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b};
-
- /* MD2 variables. */
- MD2Context * md2_context;
- unsigned int md2_bytes_hashed;
- PRUint8 md2_computed_digest[MD2_LENGTH];
-
-
- /***********************************************/
- /* MD2 Single-Round Known Answer Hashing Test. */
- /***********************************************/
-
- md2_context = MD2_NewContext();
-
- if( md2_context == NULL )
- return( CKR_HOST_MEMORY );
-
- MD2_Begin( md2_context );
-
- MD2_Update( md2_context, md2_known_hash_message,
- FIPS_MD2_HASH_MESSAGE_LENGTH );
-
- MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH );
-
- MD2_DestroyContext( md2_context , PR_TRUE );
-
- if( ( md2_bytes_hashed != MD2_LENGTH ) ||
- ( PORT_Memcmp( md2_computed_digest, md2_known_digest,
- MD2_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
- return( CKR_OK );
-}
-
-
-static CK_RV
-pk11_fips_MD5_PowerUpSelfTest( void )
-{
- /* MD5 Known Hash Message (512-bits). */
- static PRUint8 md5_known_hash_message[] = {
- "The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
-
- /* MD5 Known Digest Message (128-bits). */
- static PRUint8 md5_known_digest[] = {
- 0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28,
- 0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d};
-
- /* MD5 variables. */
- PRUint8 md5_computed_digest[MD5_LENGTH];
- SECStatus md5_status;
-
-
- /***********************************************/
- /* MD5 Single-Round Known Answer Hashing Test. */
- /***********************************************/
-
- md5_status = MD5_HashBuf( md5_computed_digest, md5_known_hash_message,
- FIPS_MD5_HASH_MESSAGE_LENGTH );
-
- if( ( md5_status != SECSuccess ) ||
- ( PORT_Memcmp( md5_computed_digest, md5_known_digest,
- MD5_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
- return( CKR_OK );
-}
-
-
-static CK_RV
-pk11_fips_SHA1_PowerUpSelfTest( void )
-{
- /* SHA-1 Known Hash Message (512-bits). */
- static PRUint8 sha1_known_hash_message[] = {
- "The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
-
- /* SHA-1 Known Digest Message (160-bits). */
- static PRUint8 sha1_known_digest[] = {
- 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
- 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
- 0xe0,0x68,0x47,0x7a};
-
- /* SHA-1 variables. */
- PRUint8 sha1_computed_digest[SHA1_LENGTH];
- SECStatus sha1_status;
-
-
- /*************************************************/
- /* SHA-1 Single-Round Known Answer Hashing Test. */
- /*************************************************/
-
- sha1_status = SHA1_HashBuf( sha1_computed_digest, sha1_known_hash_message,
- FIPS_SHA1_HASH_MESSAGE_LENGTH );
-
- if( ( sha1_status != SECSuccess ) ||
- ( PORT_Memcmp( sha1_computed_digest, sha1_known_digest,
- SHA1_LENGTH ) != 0 ) )
- return( CKR_DEVICE_ERROR );
-
- return( CKR_OK );
-}
-
-
-static CK_RV
-pk11_fips_RSA_PowerUpSelfTest( void )
-{
- /* RSA Known Modulus used in both Public/Private Key Values (520-bits). */
- static PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
- 0x00,0xa1,0xe9,0x5e,0x66,0x88,0xe2,0xf2,
- 0x2b,0xe7,0x70,0x36,0x33,0xbc,0xeb,0x55,
- 0x55,0xf1,0x60,0x18,0x3c,0xfb,0xd2,0x79,
- 0xf6,0xc4,0xb8,0x09,0xe3,0x12,0xf6,0x63,
- 0x6d,0xc7,0x8e,0x19,0xc0,0x0e,0x10,0x78,
- 0xc1,0xfe,0x2a,0x41,0x74,0x2d,0xf7,0xc4,
- 0x69,0xa7,0x3c,0xbc,0x8a,0xc8,0x31,0x2b,
- 0x4f,0x60,0xf0,0xf1,0xec,0x5a,0x29,0xec,
- 0x6b};
-
- /* RSA Known Public Key Values (8-bits). */
- static PRUint8 rsa_public_exponent[] = { 0x03 };
-
- /* RSA Known Private Key Values (version is 8-bits), */
- /* (private exponent is 512-bits), */
- /* (private prime0 is 264-bits), */
- /* (private prime1 is 264-bits), */
- /* (private prime exponent0 is 264-bits), */
- /* (private prime exponent1 is 264-bits), */
- /* and (private coefficient is 256-bits). */
- static PRUint8 rsa_version[] = { 0x00 };
- static PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] = {
- 0x6b,0xf0,0xe9,0x99,0xb0,0x97,0x4c,0x1d,
- 0x44,0xf5,0x79,0x77,0xd3,0x47,0x8e,0x39,
- 0x4b,0x95,0x65,0x7d,0xfd,0x36,0xfb,0xf9,
- 0xd8,0x7a,0xb1,0x42,0x0c,0xa4,0x42,0x48,
- 0x20,0x1c,0x6b,0x7d,0x5d,0xa3,0x58,0xd6,
- 0x95,0xd6,0x41,0xe3,0xd6,0x73,0xad,0xdb,
- 0x3b,0x89,0x00,0x8a,0xcd,0x1d,0xb9,0x06,
- 0xac,0xac,0x0e,0x02,0x72,0x1c,0xf8,0xab };
- static PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
- 0x00,0xd2,0x2c,0x9d,0xef,0x7c,0x8f,0x58,
- 0x93,0x19,0xa1,0x77,0x0e,0x38,0x3e,0x85,
- 0xb4,0xaf,0xcc,0x99,0xa5,0x43,0xbf,0x97,
- 0xdc,0x46,0xb8,0x3f,0x6e,0x85,0x18,0x00,
- 0x81};
- static PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
- 0x00,0xc5,0x36,0xda,0x94,0x85,0x0c,0x1a,
- 0xed,0x03,0xc7,0x67,0x90,0x34,0x0b,0xb9,
- 0xec,0x1e,0x22,0xa2,0x15,0x50,0xc4,0xfd,
- 0xe9,0x17,0x36,0x9d,0x7a,0x29,0xe6,0x76,
- 0xeb};
- static PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
- 0x00,0x8c,0x1d,0xbe,0x9f,0xa8,
- 0x5f,0x90,0x62,0x11,0x16,0x4f,
- 0x5e,0xd0,0x29,0xae,0x78,0x75,
- 0x33,0x11,0x18,0xd7,0xd5,0x0f,
- 0xe8,0x2f,0x25,0x7f,0x9f,0x03,
- 0x65,0x55,0xab};
- static PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
- 0x00,0x83,0x79,0xe7,0x0d,0xae,
- 0x08,0x11,0xf3,0x57,0xda,0x45,
- 0x0a,0xcd,0x5d,0x26,0x9d,0x69,
- 0x6c,0x6c,0x0e,0x35,0xd8,0xa9,
- 0x46,0x0f,0x79,0xbe,0x51,0x71,
- 0x44,0x4f,0x47};
- static PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
- 0x54,0x8d,0xb8,0xdc,0x8b,0xde,0xbb,
- 0x08,0xc9,0x67,0xb7,0xa9,0x5f,0xa5,
- 0xc4,0x5e,0x67,0xaa,0xfe,0x1a,0x08,
- 0xeb,0x48,0x43,0xcb,0xb0,0xb9,0x38,
- 0x3a,0x31,0x39,0xde};
-
-
- /* RSA Known Plaintext (512-bits). */
- static PRUint8 rsa_known_plaintext[] = {
- "Known plaintext utilized for RSA"
- " Encryption and Decryption test." };
-
- /* RSA Known Ciphertext (512-bits). */
- static PRUint8 rsa_known_ciphertext[] = {
- 0x12,0x80,0x3a,0x53,0xee,0x93,0x81,0xa5,
- 0xf7,0x40,0xc5,0xb1,0xef,0xd9,0x27,0xaf,
- 0xef,0x4b,0x87,0x44,0x00,0xd0,0xda,0xcf,
- 0x10,0x57,0x4c,0xd5,0xc3,0xed,0x84,0xdc,
- 0x74,0x03,0x19,0x69,0x2c,0xd6,0x54,0x3e,
- 0xd2,0xe3,0x90,0xb6,0x67,0x91,0x2f,0x1f,
- 0x54,0x13,0x99,0x00,0x0b,0xfd,0x52,0x7f,
- 0xd8,0xc6,0xdb,0x8a,0xfe,0x06,0xf3,0xb1};
-
- /* RSA Known Message (128-bits). */
- static PRUint8 rsa_known_message[] = { "Netscape Forever" };
-
- /* RSA Known Signed Hash (512-bits). */
- static PRUint8 rsa_known_signature[] = {
- 0x27,0x23,0xa6,0x71,0x57,0xc8,0x70,0x5f,
- 0x70,0x0e,0x06,0x7b,0x96,0x6a,0xaa,0x41,
- 0x6e,0xab,0x67,0x4b,0x5f,0x76,0xc4,0x53,
- 0x23,0xd7,0x57,0x7a,0x3a,0xbc,0x4c,0x27,
- 0x65,0xca,0xde,0x9f,0xd3,0x1d,0xa4,0x5a,
- 0xf9,0x8f,0xb2,0x05,0xa3,0x86,0xf9,0x66,
- 0x55,0x4c,0x68,0x50,0x66,0xa4,0xe9,0x17,
- 0x45,0x11,0xb8,0x1a,0xfc,0xbc,0x79,0x3b};
-
-
- static RSAPublicKey bl_public_key = { NULL,
- { FIPS_RSA_TYPE, rsa_modulus, FIPS_RSA_MODULUS_LENGTH },
- { FIPS_RSA_TYPE, rsa_public_exponent, FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
- };
- static RSAPrivateKey bl_private_key = { NULL,
- { FIPS_RSA_TYPE, rsa_version, FIPS_RSA_PRIVATE_VERSION_LENGTH },
- { FIPS_RSA_TYPE, rsa_modulus, FIPS_RSA_MODULUS_LENGTH },
- { FIPS_RSA_TYPE, rsa_public_exponent, FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
- { FIPS_RSA_TYPE, rsa_private_exponent, FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
- { FIPS_RSA_TYPE, rsa_prime0, FIPS_RSA_PRIME0_LENGTH },
- { FIPS_RSA_TYPE, rsa_prime1, FIPS_RSA_PRIME1_LENGTH },
- { FIPS_RSA_TYPE, rsa_exponent0, FIPS_RSA_EXPONENT0_LENGTH },
- { FIPS_RSA_TYPE, rsa_exponent1, FIPS_RSA_EXPONENT1_LENGTH },
- { FIPS_RSA_TYPE, rsa_coefficient, FIPS_RSA_COEFFICIENT_LENGTH }
- };
-
- /* RSA variables. */
-#ifdef CREATE_TEMP_ARENAS
- PLArenaPool * rsa_public_arena;
- PLArenaPool * rsa_private_arena;
-#endif
- SECKEYLowPublicKey * rsa_public_key;
- SECKEYLowPrivateKey * rsa_private_key;
- unsigned int rsa_bytes_signed;
- SECStatus rsa_status;
-
- SECKEYLowPublicKey low_public_key = { NULL, rsaKey, };
- SECKEYLowPrivateKey low_private_key = { NULL, rsaKey, };
- PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
- PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
- PRUint8 rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
-
- /****************************************/
- /* Compose RSA Public/Private Key Pair. */
- /****************************************/
-
- low_public_key.u.rsa = bl_public_key;
- low_private_key.u.rsa = bl_private_key;
-
- rsa_public_key = &low_public_key;
- rsa_private_key = &low_private_key;
-
-#ifdef CREATE_TEMP_ARENAS
- /* Create some space for the RSA public key. */
- rsa_public_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
-
- if( rsa_public_arena == NULL ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return( CKR_HOST_MEMORY );
- }
-
- /* Create some space for the RSA private key. */
- rsa_private_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
-
- if( rsa_private_arena == NULL ) {
- PORT_FreeArena( rsa_public_arena, PR_TRUE );
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return( CKR_HOST_MEMORY );
- }
-
- rsa_public_key->arena = rsa_public_arena;
- rsa_private_key->arena = rsa_private_arena;
-#endif
-
- /**************************************************/
- /* RSA Single-Round Known Answer Encryption Test. */
- /**************************************************/
-
- /* Perform RSA Public Key Encryption. */
- rsa_status = RSA_PublicKeyOp(&rsa_public_key->u.rsa,
- rsa_computed_ciphertext, rsa_known_plaintext);
-
- if( ( rsa_status != SECSuccess ) ||
- ( PORT_Memcmp( rsa_computed_ciphertext, rsa_known_ciphertext,
- FIPS_RSA_ENCRYPT_LENGTH ) != 0 ) )
- goto rsa_loser;
-
- /**************************************************/
- /* RSA Single-Round Known Answer Decryption Test. */
- /**************************************************/
-
- /* Perform RSA Private Key Decryption. */
- rsa_status = RSA_PrivateKeyOp(&rsa_private_key->u.rsa,
- rsa_computed_plaintext, rsa_known_ciphertext);
-
- if( ( rsa_status != SECSuccess ) ||
- ( PORT_Memcmp( rsa_computed_plaintext, rsa_known_plaintext,
- FIPS_RSA_DECRYPT_LENGTH ) != 0 ) )
- goto rsa_loser;
-
-
- /*************************************************/
- /* RSA Single-Round Known Answer Signature Test. */
- /*************************************************/
-
- /* Perform RSA signature with the RSA private key. */
- rsa_status = RSA_Sign( rsa_private_key, rsa_computed_signature,
- &rsa_bytes_signed,
- FIPS_RSA_SIGNATURE_LENGTH, rsa_known_message,
- FIPS_RSA_MESSAGE_LENGTH );
-
- if( ( rsa_status != SECSuccess ) ||
- ( rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH ) ||
- ( PORT_Memcmp( rsa_computed_signature, rsa_known_signature,
- FIPS_RSA_SIGNATURE_LENGTH ) != 0 ) )
- goto rsa_loser;
-
-
- /****************************************************/
- /* RSA Single-Round Known Answer Verification Test. */
- /****************************************************/
-
- /* Perform RSA verification with the RSA public key. */
- rsa_status = RSA_CheckSign( rsa_public_key,
- rsa_computed_signature,
- FIPS_RSA_SIGNATURE_LENGTH,
- rsa_known_message,
- FIPS_RSA_MESSAGE_LENGTH );
-
- if( rsa_status != SECSuccess )
- goto rsa_loser;
-
- /* Dispose of all RSA key material. */
- SECKEY_LowDestroyPublicKey( rsa_public_key );
- SECKEY_LowDestroyPrivateKey( rsa_private_key );
-
- return( CKR_OK );
-
-
-rsa_loser:
-
- SECKEY_LowDestroyPublicKey( rsa_public_key );
- SECKEY_LowDestroyPrivateKey( rsa_private_key );
-
- return( CKR_DEVICE_ERROR );
-}
-
-
-static CK_RV
-pk11_fips_DSA_PowerUpSelfTest( void )
-{
- /* DSA Known P (512-bits), Q (160-bits), and G (512-bits) Values. */
- static PRUint8 dsa_P[] = {
- 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
- 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
- 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
- 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
- 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
- 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
- 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
- 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91};
- static PRUint8 dsa_Q[] = {
- 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
- 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
- 0xda,0xce,0x91,0x5f};
- static PRUint8 dsa_G[] = {
- 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
- 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
- 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
- 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
- 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
- 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
- 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
- 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02};
-
- /* DSA Known Random Values (known random key block is 160-bits) */
- /* and (known random signature block is 160-bits). */
- static PRUint8 dsa_known_random_key_block[] = {
- "Mozilla Rules World!"};
- static PRUint8 dsa_known_random_signature_block[] = {
- "Random DSA Signature"};
-
- /* DSA Known Digest (160-bits) */
- static PRUint8 dsa_known_digest[] = { "DSA Signature Digest" };
-
- /* DSA Known Signature (320-bits). */
- static PRUint8 dsa_known_signature[] = {
- 0x39,0x0d,0x84,0xb1,0xf7,0x52,0x89,0xba,
- 0xec,0x1e,0xa8,0xe2,0x00,0x8e,0x37,0x8f,
- 0xc2,0xf5,0xf8,0x70,0x11,0xa8,0xc7,0x02,
- 0x0e,0x75,0xcf,0x6b,0x54,0x4a,0x52,0xe8,
- 0xd8,0x6d,0x4a,0xe8,0xee,0x56,0x8e,0x59};
-
- /* DSA variables. */
- DSAPrivateKey * dsa_private_key;
- SECStatus dsa_status;
- SECItem dsa_signature_item;
- SECItem dsa_digest_item;
- DSAPublicKey dsa_public_key;
- PRUint8 dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
- static PQGParams dsa_pqg = { NULL,
- { FIPS_DSA_TYPE, dsa_P, FIPS_DSA_PRIME_LENGTH },
- { FIPS_DSA_TYPE, dsa_Q, FIPS_DSA_SUBPRIME_LENGTH },
- { FIPS_DSA_TYPE, dsa_G, FIPS_DSA_BASE_LENGTH }};
-
- /*******************************************/
- /* Generate a DSA public/private key pair. */
- /*******************************************/
-
- /* Generate a DSA public/private key pair. */
-
- dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block,
- &dsa_private_key);
-
- if( dsa_status != SECSuccess )
- return( CKR_HOST_MEMORY );
-
- /* construct public key from private key. */
- dsa_public_key.params = dsa_private_key->params;
- dsa_public_key.publicValue = dsa_private_key->publicValue;
-
- /*************************************************/
- /* DSA Single-Round Known Answer Signature Test. */
- /*************************************************/
-
- dsa_signature_item.data = dsa_computed_signature;
- dsa_signature_item.len = sizeof dsa_computed_signature;
-
- dsa_digest_item.data = dsa_known_digest;
- dsa_digest_item.len = SHA1_LENGTH;
-
- /* Perform DSA signature process. */
- dsa_status = DSA_SignDigestWithSeed( dsa_private_key,
- &dsa_signature_item,
- &dsa_digest_item,
- dsa_known_random_signature_block );
-
- if( ( dsa_status != SECSuccess ) ||
- ( dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH ) ||
- ( PORT_Memcmp( dsa_computed_signature, dsa_known_signature,
- FIPS_DSA_SIGNATURE_LENGTH ) != 0 ) ) {
- dsa_status = SECFailure;
- } else {
-
- /****************************************************/
- /* DSA Single-Round Known Answer Verification Test. */
- /****************************************************/
-
- /* Perform DSA verification process. */
- dsa_status = DSA_VerifyDigest( &dsa_public_key,
- &dsa_signature_item,
- &dsa_digest_item);
- }
-
- PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE);
- /* Don't free public key, it uses same arena as private key */
-
- /* Verify DSA signature. */
- if( dsa_status != SECSuccess )
- return( CKR_DEVICE_ERROR );
-
- return( CKR_OK );
-
-
-}
-
-
-CK_RV
-pk11_fipsPowerUpSelfTest( void )
-{
- CK_RV rv;
-
- /* RC2 Power-Up SelfTest(s). */
- rv = pk11_fips_RC2_PowerUpSelfTest();
-
- if( rv != CKR_OK )
- return rv;
-
- /* RC4 Power-Up SelfTest(s). */
- rv = pk11_fips_RC4_PowerUpSelfTest();
-
- if( rv != CKR_OK )
- return rv;
-
- /* DES Power-Up SelfTest(s). */
- rv = pk11_fips_DES_PowerUpSelfTest();
-
- if( rv != CKR_OK )
- return rv;
-
- /* DES3 Power-Up SelfTest(s). */
- rv = pk11_fips_DES3_PowerUpSelfTest();
-
- if( rv != CKR_OK )
- return rv;
-
- /* MD2 Power-Up SelfTest(s). */
- rv = pk11_fips_MD2_PowerUpSelfTest();
-
- if( rv != CKR_OK )
- return rv;
-
- /* MD5 Power-Up SelfTest(s). */
- rv = pk11_fips_MD5_PowerUpSelfTest();
-
- if( rv != CKR_OK )
- return rv;
-
- /* SHA-1 Power-Up SelfTest(s). */
- rv = pk11_fips_SHA1_PowerUpSelfTest();
-
- if( rv != CKR_OK )
- return rv;
-
- /* RSA Power-Up SelfTest(s). */
- rv = pk11_fips_RSA_PowerUpSelfTest();
-
- if( rv != CKR_OK )
- return rv;
-
- /* DSA Power-Up SelfTest(s). */
- rv = pk11_fips_DSA_PowerUpSelfTest();
-
- if( rv != CKR_OK )
- return rv;
-
- /* Passed Power-Up SelfTest(s). */
- return( CKR_OK );
-}
-
diff --git a/security/nss/lib/softoken/fipstokn.c b/security/nss/lib/softoken/fipstokn.c
deleted file mode 100644
index e72a9965a..000000000
--- a/security/nss/lib/softoken/fipstokn.c
+++ /dev/null
@@ -1,951 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * This file implements PKCS 11 on top of our existing security modules
- *
- * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
- * This implementation has two slots:
- * slot 1 is our generic crypto support. It does not require login
- * (unless you've enabled FIPS). It supports Public Key ops, and all they
- * bulk ciphers and hashes. It can also support Private Key ops for imported
- * Private keys. It does not have any token storage.
- * slot 2 is our private key support. It requires a login before use. It
- * can store Private Keys and Certs as token objects. Currently only private
- * keys and their associated Certificates are saved on the token.
- *
- * In this implementation, session objects are only visible to the session
- * that created or generated them.
- */
-#include "seccomon.h"
-#include "softoken.h"
-#include "key.h"
-#include "pkcs11.h"
-#include "pkcs11i.h"
-
-/* The next two strings must be exactly 64 characters long, with the
- first 32 characters meaningful */
-static char *slotDescription =
- "Netscape Internal FIPS-140-1 Cryptographic Services ";
-static char *privSlotDescription =
- "Netscape FIPS-140-1 User Private Key Services ";
-
-
-/*
- * Configuration utils
- */
-void
-PK11_ConfigureFIPS(char *slotdes, char *pslotdes)
-{
- if (slotdes && (PORT_Strlen(slotdes) == 65)) {
- slotDescription = slotdes;
- }
- if (pslotdes && (PORT_Strlen(pslotdes) == 65)) {
- privSlotDescription = pslotdes;
- }
- return;
-}
-
-/*
- * ******************** Password Utilities *******************************
- */
-static PRBool isLoggedIn = PR_FALSE;
-static PRBool fatalError = PR_FALSE;
-
-/* Fips required checks before any useful crypto graphic services */
-static CK_RV pk11_fipsCheck(void) {
- if (isLoggedIn != PR_TRUE)
- return CKR_USER_NOT_LOGGED_IN;
- if (fatalError)
- return CKR_DEVICE_ERROR;
- return CKR_OK;
-}
-
-
-#define PK11_FIPSCHECK() \
- CK_RV rv; \
- if ((rv = pk11_fipsCheck()) != CKR_OK) return rv;
-
-#define PK11_FIPSFATALCHECK() \
- if (fatalError) return CKR_DEVICE_ERROR;
-
-
-/* grab an attribute out of a raw template */
-void *
-fc_getAttribute(CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount, CK_ATTRIBUTE_TYPE type)
-{
- int i;
-
- for (i=0; i < (int) ulCount; i++) {
- if (pTemplate[i].type == type) {
- return pTemplate[i].pValue;
- }
- }
- return NULL;
-}
-
-
-#define __PASTE(x,y) x##y
-
-/* ------------- forward declare all the NSC_ functions ------------- */
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(NS,name)
-#define CK_NEED_ARG_LIST 1
-
-#include "pkcs11f.h"
-
-/* ------------- forward declare all the FIPS functions ------------- */
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(F,name)
-#define CK_NEED_ARG_LIST 1
-
-#include "pkcs11f.h"
-
-/* ------------- build the CK_CRYPTO_TABLE ------------------------- */
-static CK_FUNCTION_LIST pk11_fipsTable = {
- { 1, 10 },
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-#define CK_PKCS11_FUNCTION_INFO(name) __PASTE(F,name),
-
-
-#include "pkcs11f.h"
-
-};
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-#undef __PASTE
-
-
-/**********************************************************************
- *
- * Start of PKCS 11 functions
- *
- **********************************************************************/
-/* return the function list */
-CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) {
- *pFunctionList = &pk11_fipsTable;
- return CKR_OK;
-}
-
-
-/* FC_Initialize initializes the PKCS #11 library. */
-CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
- CK_RV rv;
- static PRBool init= PR_FALSE;
-
-
- rv = PK11_LowInitialize(pReserved);
-
- if (rv == CKR_OK && !init) {
- init = PR_TRUE;
- rv = PK11_SlotInit(FIPS_SLOT_ID,PR_TRUE);
- /* fall through to check below */
- }
-
- /* not an 'else' rv can be set by either PK11_LowInit or PK11_SlotInit*/
- if (rv != CKR_OK) {
- fatalError = PR_TRUE;
- return rv;
- }
-
- fatalError = PR_FALSE; /* any error has been reset */
-
- rv = pk11_fipsPowerUpSelfTest();
- if (rv != CKR_OK) {
- fatalError = PR_TRUE;
- return rv;
- }
-
- return CKR_OK;
-}
-
-/*FC_Finalize indicates that an application is done with the PKCS #11 library.*/
-CK_RV FC_Finalize (CK_VOID_PTR pReserved) {
- /* this should free up FIPS Slot */
- return NSC_Finalize (pReserved);
-}
-
-
-/* FC_GetInfo returns general information about PKCS #11. */
-CK_RV FC_GetInfo(CK_INFO_PTR pInfo) {
- return NSC_GetInfo(pInfo);
-}
-
-/* FC_GetSlotList obtains a list of slots in the system. */
-CK_RV FC_GetSlotList(CK_BBOOL tokenPresent,
- CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
- *pulCount = 1;
- if (pSlotList != NULL) {
- pSlotList[0] = FIPS_SLOT_ID;
- }
- return CKR_OK;
-}
-
-/* FC_GetSlotInfo obtains information about a particular slot in the system. */
-CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
-
- CK_RV crv;
-
- if (slotID != FIPS_SLOT_ID) return CKR_SLOT_ID_INVALID;
-
- /* Use NETSCAPE_SLOT_ID as a basis so that we get Library version number,
- * not key_DB version number */
- crv = NSC_GetSlotInfo(NETSCAPE_SLOT_ID,pInfo);
- if (crv != CKR_OK) {
- return crv;
- }
-
- PORT_Memcpy(pInfo->slotDescription,slotDescription,64);
- return CKR_OK;
-}
-
-
-/*FC_GetTokenInfo obtains information about a particular token in the system.*/
- CK_RV FC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo) {
- CK_RV crv;
-
- if (slotID != FIPS_SLOT_ID) return CKR_SLOT_ID_INVALID;
-
- /* use PRIVATE_KEY_SLOT_ID so we get the correct
- Authentication information */
- crv = NSC_GetTokenInfo(PRIVATE_KEY_SLOT_ID,pInfo);
- pInfo->flags |= CKF_RNG | CKF_LOGIN_REQUIRED;
- /* yes virginia, FIPS can do random number generation:) */
- return crv;
-
-}
-
-
-
-/*FC_GetMechanismList obtains a list of mechanism types supported by a token.*/
- CK_RV FC_GetMechanismList(CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pusCount) {
- PK11_FIPSFATALCHECK();
- if (slotID != FIPS_SLOT_ID) return CKR_SLOT_ID_INVALID;
- /* FIPS Slot supports all functions */
- return NSC_GetMechanismList(NETSCAPE_SLOT_ID,pMechanismList,pusCount);
-}
-
-
-/* FC_GetMechanismInfo obtains information about a particular mechanism
- * possibly supported by a token. */
- CK_RV FC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR pInfo) {
- PK11_FIPSFATALCHECK();
- if (slotID != FIPS_SLOT_ID) return CKR_SLOT_ID_INVALID;
- /* FIPS Slot supports all functions */
- return NSC_GetMechanismInfo(NETSCAPE_SLOT_ID,type,pInfo);
-}
-
-
-/* FC_InitToken initializes a token. */
- CK_RV FC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin,
- CK_ULONG usPinLen,CK_CHAR_PTR pLabel) {
- return CKR_HOST_MEMORY; /*is this the right function for not implemented*/
-}
-
-
-/* FC_InitPIN initializes the normal user's PIN. */
- CK_RV FC_InitPIN(CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pPin, CK_ULONG ulPinLen) {
- return NSC_InitPIN(hSession,pPin,ulPinLen);
-}
-
-
-/* FC_SetPIN modifies the PIN of user that is currently logged in. */
-/* NOTE: This is only valid for the PRIVATE_KEY_SLOT */
- CK_RV FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
- CK_ULONG usOldLen, CK_CHAR_PTR pNewPin, CK_ULONG usNewLen) {
- CK_RV rv;
- if ((rv = pk11_fipsCheck()) != CKR_OK) return rv;
- return NSC_SetPIN(hSession,pOldPin,usOldLen,pNewPin,usNewLen);
-}
-
-/* FC_OpenSession opens a session between an application and a token. */
- CK_RV FC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
- CK_VOID_PTR pApplication,CK_NOTIFY Notify,CK_SESSION_HANDLE_PTR phSession) {
- PK11_FIPSFATALCHECK();
- return NSC_OpenSession(slotID,flags,pApplication,Notify,phSession);
-}
-
-
-/* FC_CloseSession closes a session between an application and a token. */
- CK_RV FC_CloseSession(CK_SESSION_HANDLE hSession) {
- return NSC_CloseSession(hSession);
-}
-
-
-/* FC_CloseAllSessions closes all sessions with a token. */
- CK_RV FC_CloseAllSessions (CK_SLOT_ID slotID) {
- return NSC_CloseAllSessions (slotID);
-}
-
-
-/* FC_GetSessionInfo obtains information about the session. */
- CK_RV FC_GetSessionInfo(CK_SESSION_HANDLE hSession,
- CK_SESSION_INFO_PTR pInfo) {
- CK_RV rv;
- PK11_FIPSFATALCHECK();
-
- rv = NSC_GetSessionInfo(hSession,pInfo);
- if (rv == CKR_OK) {
- if ((isLoggedIn) && (pInfo->state == CKS_RO_PUBLIC_SESSION)) {
- pInfo->state = CKS_RO_USER_FUNCTIONS;
- }
- if ((isLoggedIn) && (pInfo->state == CKS_RW_PUBLIC_SESSION)) {
- pInfo->state = CKS_RW_USER_FUNCTIONS;
- }
- }
- return rv;
-}
-
-/* FC_Login logs a user into a token. */
- CK_RV FC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
- CK_CHAR_PTR pPin, CK_ULONG usPinLen) {
- CK_RV rv;
- PK11_FIPSFATALCHECK();
- rv = NSC_Login(hSession,userType,pPin,usPinLen);
- if (rv == CKR_OK)
- isLoggedIn = PR_TRUE;
- else if (rv == CKR_USER_ALREADY_LOGGED_IN)
- {
- isLoggedIn = PR_TRUE;
-
- /* Provide FIPS PUB 140-1 power-up self-tests on demand. */
- rv = pk11_fipsPowerUpSelfTest();
- if (rv == CKR_OK)
- return CKR_USER_ALREADY_LOGGED_IN;
- else
- fatalError = PR_TRUE;
- }
- return rv;
-}
-
-/* FC_Logout logs a user out from a token. */
- CK_RV FC_Logout(CK_SESSION_HANDLE hSession) {
- PK11_FIPSCHECK();
-
- rv = NSC_Logout(hSession);
- isLoggedIn = PR_FALSE;
- return rv;
-}
-
-
-/* FC_CreateObject creates a new object. */
- CK_RV FC_CreateObject(CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phObject) {
- CK_OBJECT_CLASS * classptr;
- PK11_FIPSCHECK();
- classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS);
- if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE;
-
- /* FIPS can't create keys from raw key material */
- if ((*classptr == CKO_SECRET_KEY) || (*classptr == CKO_PRIVATE_KEY)) {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- return NSC_CreateObject(hSession,pTemplate,ulCount,phObject);
-}
-
-
-
-
-
-/* FC_CopyObject copies an object, creating a new object for the copy. */
- CK_RV FC_CopyObject(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount,
- CK_OBJECT_HANDLE_PTR phNewObject) {
- PK11_FIPSCHECK();
- return NSC_CopyObject(hSession,hObject,pTemplate,usCount,phNewObject);
-}
-
-
-/* FC_DestroyObject destroys an object. */
- CK_RV FC_DestroyObject(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject) {
- PK11_FIPSCHECK();
- return NSC_DestroyObject(hSession,hObject);
-}
-
-
-/* FC_GetObjectSize gets the size of an object in bytes. */
- CK_RV FC_GetObjectSize(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pusSize) {
- PK11_FIPSCHECK();
- return NSC_GetObjectSize(hSession, hObject, pusSize);
-}
-
-
-/* FC_GetAttributeValue obtains the value of one or more object attributes. */
- CK_RV FC_GetAttributeValue(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
- PK11_FIPSCHECK();
- return NSC_GetAttributeValue(hSession,hObject,pTemplate,usCount);
-}
-
-
-/* FC_SetAttributeValue modifies the value of one or more object attributes */
- CK_RV FC_SetAttributeValue (CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
- PK11_FIPSCHECK();
- return NSC_SetAttributeValue(hSession,hObject,pTemplate,usCount);
-}
-
-
-
-/* FC_FindObjectsInit initializes a search for token and session objects
- * that match a template. */
- CK_RV FC_FindObjectsInit(CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
- PK11_FIPSCHECK();
- return NSC_FindObjectsInit(hSession,pTemplate,usCount);
-}
-
-
-/* FC_FindObjects continues a search for token and session objects
- * that match a template, obtaining additional object handles. */
- CK_RV FC_FindObjects(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE_PTR phObject,CK_ULONG usMaxObjectCount,
- CK_ULONG_PTR pusObjectCount) {
- PK11_FIPSCHECK();
- return NSC_FindObjects(hSession,phObject,usMaxObjectCount,
- pusObjectCount);
-}
-
-
-/*
- ************** Crypto Functions: Encrypt ************************
- */
-
-/* FC_EncryptInit initializes an encryption operation. */
- CK_RV FC_EncryptInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
- PK11_FIPSCHECK();
- return NSC_EncryptInit(hSession,pMechanism,hKey);
-}
-
-/* FC_Encrypt encrypts single-part data. */
- CK_RV FC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
- CK_ULONG usDataLen, CK_BYTE_PTR pEncryptedData,
- CK_ULONG_PTR pusEncryptedDataLen) {
- PK11_FIPSCHECK();
- return NSC_Encrypt(hSession,pData,usDataLen,pEncryptedData,
- pusEncryptedDataLen);
-}
-
-
-/* FC_EncryptUpdate continues a multiple-part encryption operation. */
- CK_RV FC_EncryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart, CK_ULONG usPartLen, CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pusEncryptedPartLen) {
- PK11_FIPSCHECK();
- return NSC_EncryptUpdate(hSession,pPart,usPartLen,pEncryptedPart,
- pusEncryptedPartLen);
-}
-
-
-/* FC_EncryptFinal finishes a multiple-part encryption operation. */
- CK_RV FC_EncryptFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pusLastEncryptedPartLen) {
-
- PK11_FIPSCHECK();
- return NSC_EncryptFinal(hSession,pLastEncryptedPart,
- pusLastEncryptedPartLen);
-}
-
-/*
- ************** Crypto Functions: Decrypt ************************
- */
-
-
-/* FC_DecryptInit initializes a decryption operation. */
- CK_RV FC_DecryptInit( CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
- PK11_FIPSCHECK();
- return NSC_DecryptInit(hSession,pMechanism,hKey);
-}
-
-/* FC_Decrypt decrypts encrypted data in a single part. */
- CK_RV FC_Decrypt(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData,CK_ULONG usEncryptedDataLen,CK_BYTE_PTR pData,
- CK_ULONG_PTR pusDataLen) {
- PK11_FIPSCHECK();
- return NSC_Decrypt(hSession,pEncryptedData,usEncryptedDataLen,pData,
- pusDataLen);
-}
-
-
-/* FC_DecryptUpdate continues a multiple-part decryption operation. */
- CK_RV FC_DecryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart, CK_ULONG usEncryptedPartLen,
- CK_BYTE_PTR pPart, CK_ULONG_PTR pusPartLen) {
- PK11_FIPSCHECK();
- return NSC_DecryptUpdate(hSession,pEncryptedPart,usEncryptedPartLen,
- pPart,pusPartLen);
-}
-
-
-/* FC_DecryptFinal finishes a multiple-part decryption operation. */
- CK_RV FC_DecryptFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastPart, CK_ULONG_PTR pusLastPartLen) {
- PK11_FIPSCHECK();
- return NSC_DecryptFinal(hSession,pLastPart,pusLastPartLen);
-}
-
-
-/*
- ************** Crypto Functions: Digest (HASH) ************************
- */
-
-/* FC_DigestInit initializes a message-digesting operation. */
- CK_RV FC_DigestInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism) {
- PK11_FIPSFATALCHECK();
- return NSC_DigestInit(hSession, pMechanism);
-}
-
-
-/* FC_Digest digests data in a single part. */
- CK_RV FC_Digest(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pusDigestLen) {
- PK11_FIPSFATALCHECK();
- return NSC_Digest(hSession,pData,usDataLen,pDigest,pusDigestLen);
-}
-
-
-/* FC_DigestUpdate continues a multiple-part message-digesting operation. */
- CK_RV FC_DigestUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
- CK_ULONG usPartLen) {
- PK11_FIPSFATALCHECK();
- return NSC_DigestUpdate(hSession,pPart,usPartLen);
-}
-
-
-/* FC_DigestFinal finishes a multiple-part message-digesting operation. */
- CK_RV FC_DigestFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pusDigestLen) {
- PK11_FIPSFATALCHECK();
- return NSC_DigestFinal(hSession,pDigest,pusDigestLen);
-}
-
-
-/*
- ************** Crypto Functions: Sign ************************
- */
-
-/* FC_SignInit initializes a signature (private key encryption) operation,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_SignInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
- PK11_FIPSCHECK();
- return NSC_SignInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_Sign signs (encrypts with private key) data in a single part,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_Sign(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,CK_ULONG usDataLen,CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pusSignatureLen) {
- PK11_FIPSCHECK();
- return NSC_Sign(hSession,pData,usDataLen,pSignature,pusSignatureLen);
-}
-
-
-/* FC_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
- CK_ULONG usPartLen) {
- PK11_FIPSCHECK();
- return NSC_SignUpdate(hSession,pPart,usPartLen);
-}
-
-
-/* FC_SignFinal finishes a multiple-part signature operation,
- * returning the signature. */
- CK_RV FC_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pusSignatureLen) {
- PK11_FIPSCHECK();
- return NSC_SignFinal(hSession,pSignature,pusSignatureLen);
-}
-
-/*
- ************** Crypto Functions: Sign Recover ************************
- */
-/* FC_SignRecoverInit initializes a signature operation,
- * where the (digest) data can be recovered from the signature.
- * E.g. encryption with the user's private key */
- CK_RV FC_SignRecoverInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
- PK11_FIPSCHECK();
- return NSC_SignRecoverInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_SignRecover signs data in a single operation
- * where the (digest) data can be recovered from the signature.
- * E.g. encryption with the user's private key */
- CK_RV FC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
- CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen) {
- PK11_FIPSCHECK();
- return NSC_SignRecover(hSession,pData,usDataLen,pSignature,pusSignatureLen);
-}
-
-/*
- ************** Crypto Functions: verify ************************
- */
-
-/* FC_VerifyInit initializes a verification operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature (e.g. DSA) */
- CK_RV FC_VerifyInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
- PK11_FIPSCHECK();
- return NSC_VerifyInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_Verify verifies a signature in a single-part operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
- CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen) {
- /* make sure we're legal */
- PK11_FIPSCHECK();
- return NSC_Verify(hSession,pData,usDataLen,pSignature,usSignatureLen);
-}
-
-
-/* FC_VerifyUpdate continues a multiple-part verification operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_VerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
- CK_ULONG usPartLen) {
- PK11_FIPSCHECK();
- return NSC_VerifyUpdate(hSession,pPart,usPartLen);
-}
-
-
-/* FC_VerifyFinal finishes a multiple-part verification operation,
- * checking the signature. */
- CK_RV FC_VerifyFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen) {
- PK11_FIPSCHECK();
- return NSC_VerifyFinal(hSession,pSignature,usSignatureLen);
-}
-
-/*
- ************** Crypto Functions: Verify Recover ************************
- */
-
-/* FC_VerifyRecoverInit initializes a signature verification operation,
- * where the data is recovered from the signature.
- * E.g. Decryption with the user's public key */
- CK_RV FC_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
- PK11_FIPSCHECK();
- return NSC_VerifyRecoverInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_VerifyRecover verifies a signature in a single-part operation,
- * where the data is recovered from the signature.
- * E.g. Decryption with the user's public key */
- CK_RV FC_VerifyRecover(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen,
- CK_BYTE_PTR pData,CK_ULONG_PTR pusDataLen) {
- PK11_FIPSCHECK();
- return NSC_VerifyRecover(hSession,pSignature,usSignatureLen,pData,
- pusDataLen);
-}
-
-/*
- **************************** Key Functions: ************************
- */
-
-/* FC_GenerateKey generates a secret key, creating a new key object. */
- CK_RV FC_GenerateKey(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phKey) {
- CK_BBOOL *boolptr;
-
- PK11_FIPSCHECK();
-
- /* all secret keys must be sensitive, if the upper level code tries to say
- * otherwise, reject it. */
- boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, ulCount, CKA_SENSITIVE);
- if (boolptr != NULL) {
- if (!(*boolptr)) {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- }
-
- return NSC_GenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey);
-}
-
-
-/* FC_GenerateKeyPair generates a public-key/private-key pair,
- * creating new key objects. */
- CK_RV FC_GenerateKeyPair (CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG usPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG usPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
- CK_OBJECT_HANDLE_PTR phPrivateKey) {
- CK_BBOOL *boolptr;
-
- PK11_FIPSCHECK();
-
- /* all private keys must be sensitive, if the upper level code tries to say
- * otherwise, reject it. */
- boolptr = (CK_BBOOL *) fc_getAttribute(pPrivateKeyTemplate,
- usPrivateKeyAttributeCount, CKA_SENSITIVE);
- if (boolptr != NULL) {
- if (!(*boolptr)) {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- }
- return NSC_GenerateKeyPair (hSession,pMechanism,pPublicKeyTemplate,
- usPublicKeyAttributeCount,pPrivateKeyTemplate,
- usPrivateKeyAttributeCount,phPublicKey,phPrivateKey);
-}
-
-
-/* FC_WrapKey wraps (i.e., encrypts) a key. */
- CK_RV FC_WrapKey(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
- CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
- CK_ULONG_PTR pusWrappedKeyLen) {
- PK11_FIPSCHECK();
- return NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey,
- pusWrappedKeyLen);
-}
-
-
-/* FC_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */
- CK_RV FC_UnwrapKey(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
- CK_BYTE_PTR pWrappedKey, CK_ULONG usWrappedKeyLen,
- CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey) {
- CK_BBOOL *boolptr;
-
- PK11_FIPSCHECK();
-
- /* all secret keys must be sensitive, if the upper level code tries to say
- * otherwise, reject it. */
- boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate,
- usAttributeCount, CKA_SENSITIVE);
- if (boolptr != NULL) {
- if (!(*boolptr)) {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- }
- return NSC_UnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey,
- usWrappedKeyLen,pTemplate,usAttributeCount,phKey);
-}
-
-
-/* FC_DeriveKey derives a key from a base key, creating a new key object. */
- CK_RV FC_DeriveKey( CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
- CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey) {
- CK_BBOOL *boolptr;
-
- PK11_FIPSCHECK();
-
- /* all secret keys must be sensitive, if the upper level code tries to say
- * otherwise, reject it. */
- boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate,
- usAttributeCount, CKA_SENSITIVE);
- if (boolptr != NULL) {
- if (!(*boolptr)) {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- }
- return NSC_DeriveKey(hSession,pMechanism,hBaseKey,pTemplate,
- usAttributeCount, phKey);
-}
-
-/*
- **************************** Radom Functions: ************************
- */
-
-/* FC_SeedRandom mixes additional seed material into the token's random number
- * generator. */
- CK_RV FC_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
- CK_ULONG usSeedLen) {
- CK_RV crv;
-
- PK11_FIPSFATALCHECK();
- crv = NSC_SeedRandom(hSession,pSeed,usSeedLen);
- if (crv != CKR_OK) {
- fatalError = PR_TRUE;
- }
- return crv;
-}
-
-
-/* FC_GenerateRandom generates random data. */
- CK_RV FC_GenerateRandom(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pRandomData, CK_ULONG usRandomLen) {
- CK_RV crv;
-
- PK11_FIPSFATALCHECK();
- crv = NSC_GenerateRandom(hSession,pRandomData,usRandomLen);
- if (crv != CKR_OK) {
- fatalError = PR_TRUE;
- }
- return crv;
-}
-
-
-/* FC_GetFunctionStatus obtains an updated status of a function running
- * in parallel with an application. */
- CK_RV FC_GetFunctionStatus(CK_SESSION_HANDLE hSession) {
- PK11_FIPSCHECK();
- return NSC_GetFunctionStatus(hSession);
-}
-
-
-/* FC_CancelFunction cancels a function running in parallel */
- CK_RV FC_CancelFunction(CK_SESSION_HANDLE hSession) {
- PK11_FIPSCHECK();
- return NSC_CancelFunction(hSession);
-}
-
-/*
- **************************** Version 1.1 Functions: ************************
- */
-
-/* FC_GetOperationState saves the state of the cryptographic
- *operation in a session. */
-CK_RV FC_GetOperationState(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen) {
- PK11_FIPSFATALCHECK();
- return NSC_GetOperationState(hSession,pOperationState,pulOperationStateLen);
-}
-
-
-/* FC_SetOperationState restores the state of the cryptographic operation
- * in a session. */
-CK_RV FC_SetOperationState(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen,
- CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey) {
- PK11_FIPSFATALCHECK();
- return NSC_SetOperationState(hSession,pOperationState,ulOperationStateLen,
- hEncryptionKey,hAuthenticationKey);
-}
-
-/* FC_FindObjectsFinal finishes a search for token and session objects. */
-CK_RV FC_FindObjectsFinal(CK_SESSION_HANDLE hSession) {
- PK11_FIPSCHECK();
- return NSC_FindObjectsFinal(hSession);
-}
-
-
-/* Dual-function cryptographic operations */
-
-/* FC_DigestEncryptUpdate continues a multiple-part digesting and encryption
- * operation. */
-CK_RV FC_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen) {
- PK11_FIPSCHECK();
- return NSC_DigestEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
- pulEncryptedPartLen);
-}
-
-
-/* FC_DecryptDigestUpdate continues a multiple-part decryption and digesting
- * operation. */
-CK_RV FC_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) {
-
- PK11_FIPSCHECK();
- return NSC_DecryptDigestUpdate(hSession, pEncryptedPart,ulEncryptedPartLen,
- pPart,pulPartLen);
-}
-
-/* FC_SignEncryptUpdate continues a multiple-part signing and encryption
- * operation. */
-CK_RV FC_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen) {
-
- PK11_FIPSCHECK();
- return NSC_SignEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
- pulEncryptedPartLen);
-}
-
-/* FC_DecryptVerifyUpdate continues a multiple-part decryption and verify
- * operation. */
-CK_RV FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
- CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) {
-
- PK11_FIPSCHECK();
- return NSC_DecryptVerifyUpdate(hSession,pEncryptedData,ulEncryptedDataLen,
- pData,pulDataLen);
-}
-
-
-/* FC_DigestKey continues a multi-part message-digesting operation,
- * by digesting the value of a secret key as part of the data already digested.
- */
-CK_RV FC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) {
- PK11_FIPSCHECK();
- return NSC_DigestKey(hSession,hKey);
-}
-
-
-CK_RV FC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
- CK_VOID_PTR pReserved)
-{
- return NSC_WaitForSlotEvent(flags, pSlot, pReserved);
-}
diff --git a/security/nss/lib/softoken/keydb.c b/security/nss/lib/softoken/keydb.c
deleted file mode 100644
index e224c18d9..000000000
--- a/security/nss/lib/softoken/keydb.c
+++ /dev/null
@@ -1,2308 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * Private Key Database code
- *
- * $Id$
- */
-
-#include "keylow.h"
-#include "keydbt.h"
-#include "seccomon.h"
-#include "sechash.h"
-#include "secder.h"
-#include "secasn1.h"
-#include "secoid.h"
-#include "blapi.h"
-#include "secitem.h"
-#include "cert.h"
-#include "mcom_db.h"
-#include "secpkcs5.h"
-#include "secerr.h"
-
-#include "private.h"
-
-/*
- * Record keys for keydb
- */
-#define SALT_STRING "global-salt"
-#define VERSION_STRING "Version"
-#define KEYDB_PW_CHECK_STRING "password-check"
-#define KEYDB_PW_CHECK_LEN 14
-
-/* Size of the global salt for key database */
-#define SALT_LENGTH 16
-
-/* ASN1 Templates for new decoder/encoder */
-/*
- * Attribute value for PKCS8 entries (static?)
- */
-const SEC_ASN1Template SECKEY_AttributeTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECKEYAttribute) },
- { SEC_ASN1_OBJECT_ID, offsetof(SECKEYAttribute, attrType) },
- { SEC_ASN1_SET_OF, offsetof(SECKEYAttribute, attrValue),
- SEC_AnyTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SECKEY_SetOfAttributeTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SECKEY_AttributeTemplate },
-};
-
-const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECKEYPrivateKeyInfo) },
- { SEC_ASN1_INTEGER,
- offsetof(SECKEYPrivateKeyInfo,version) },
- { SEC_ASN1_INLINE,
- offsetof(SECKEYPrivateKeyInfo,algorithm),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(SECKEYPrivateKeyInfo,privateKey) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SECKEYPrivateKeyInfo,attributes),
- SECKEY_SetOfAttributeTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[] = {
- { SEC_ASN1_POINTER, 0, SECKEY_PrivateKeyInfoTemplate }
-};
-
-const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECKEYEncryptedPrivateKeyInfo) },
- { SEC_ASN1_INLINE,
- offsetof(SECKEYEncryptedPrivateKeyInfo,algorithm),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(SECKEYEncryptedPrivateKeyInfo,encryptedData) },
- { 0 }
-};
-
-const SEC_ASN1Template SECKEY_PointerToEncryptedPrivateKeyInfoTemplate[] = {
- { SEC_ASN1_POINTER, 0, SECKEY_EncryptedPrivateKeyInfoTemplate }
-};
-
-/* ====== Default key databse encryption algorithm ====== */
-
-static SECOidTag defaultKeyDBAlg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC;
-
-/*
- * Default algorithm for encrypting data in the key database
- */
-SECOidTag
-SECKEY_GetDefaultKeyDBAlg(void)
-{
- return(defaultKeyDBAlg);
-}
-
-void
-SECKEY_SetDefaultKeyDBAlg(SECOidTag alg)
-{
- defaultKeyDBAlg = alg;
-
- return;
-}
-
-static void
-sec_destroy_dbkey(SECKEYDBKey *dbkey)
-{
- if ( dbkey && dbkey->arena ) {
- PORT_FreeArena(dbkey->arena, PR_FALSE);
- }
-}
-
-static void
-free_dbt(DBT *dbt)
-{
- if ( dbt ) {
- PORT_Free(dbt->data);
- PORT_Free(dbt);
- }
-
- return;
-}
-
-/*
- * format of key database entries for version 3 of database:
- * byte offset field
- * ----------- -----
- * 0 version
- * 1 salt-len
- * 2 nn-len
- * 3.. salt-data
- * ... nickname
- * ... encrypted-key-data
- */
-static DBT *
-encode_dbkey(SECKEYDBKey *dbkey)
-{
- DBT *bufitem = NULL;
- unsigned char *buf;
- int nnlen;
- char *nn;
-
- bufitem = (DBT *)PORT_ZAlloc(sizeof(DBT));
- if ( bufitem == NULL ) {
- goto loser;
- }
-
- if ( dbkey->nickname ) {
- nn = dbkey->nickname;
- nnlen = PORT_Strlen(nn) + 1;
- } else {
- nn = "";
- nnlen = 1;
- }
-
- /* compute the length of the record */
- /* 1 + 1 + 1 == version number header + salt length + nn len */
- bufitem->size = dbkey->salt.len + nnlen + dbkey->derPK.len + 1 + 1 + 1;
-
- bufitem->data = (void *)PORT_ZAlloc(bufitem->size);
- if ( bufitem->data == NULL ) {
- goto loser;
- }
-
- buf = (unsigned char *)bufitem->data;
-
- /* set version number */
- buf[0] = PRIVATE_KEY_DB_FILE_VERSION;
-
- /* set length of salt */
- PORT_Assert(dbkey->salt.len < 256);
- buf[1] = dbkey->salt.len;
-
- /* set length of nickname */
- PORT_Assert(nnlen < 256);
- buf[2] = nnlen;
-
- /* copy salt */
- PORT_Memcpy(&buf[3], dbkey->salt.data, dbkey->salt.len);
-
- /* copy nickname */
- PORT_Memcpy(&buf[3 + dbkey->salt.len], nn, nnlen);
-
- /* copy encrypted key */
- PORT_Memcpy(&buf[3 + dbkey->salt.len + nnlen], dbkey->derPK.data,
- dbkey->derPK.len);
-
- return(bufitem);
-
-loser:
- if ( bufitem ) {
- free_dbt(bufitem);
- }
-
- return(NULL);
-}
-
-static SECKEYDBKey *
-decode_dbkey(DBT *bufitem, int expectedVersion)
-{
- SECKEYDBKey *dbkey;
- PLArenaPool *arena = NULL;
- unsigned char *buf;
- int version;
- int keyoff;
- int nnlen;
- int saltoff;
-
- buf = (unsigned char *)bufitem->data;
-
- version = buf[0];
-
- if ( version != expectedVersion ) {
- goto loser;
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
- }
-
- dbkey = (SECKEYDBKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYDBKey));
- if ( dbkey == NULL ) {
- goto loser;
- }
-
- dbkey->arena = arena;
- dbkey->salt.data = NULL;
- dbkey->derPK.data = NULL;
-
- dbkey->salt.len = buf[1];
- dbkey->salt.data = (unsigned char *)PORT_ArenaZAlloc(arena, dbkey->salt.len);
- if ( dbkey->salt.data == NULL ) {
- goto loser;
- }
-
- saltoff = 2;
- keyoff = 2 + dbkey->salt.len;
-
- if ( expectedVersion == PRIVATE_KEY_DB_FILE_VERSION ) {
- nnlen = buf[2];
- if ( nnlen ) {
- dbkey->nickname = (char *)PORT_ArenaZAlloc(arena, nnlen + 1);
- if ( dbkey->nickname ) {
- PORT_Memcpy(dbkey->nickname, &buf[keyoff+1], nnlen);
- }
- }
- keyoff += ( nnlen + 1 );
- saltoff = 3;
- }
-
- PORT_Memcpy(dbkey->salt.data, &buf[saltoff], dbkey->salt.len);
-
- dbkey->derPK.len = bufitem->size - keyoff;
- dbkey->derPK.data = (unsigned char *)PORT_ArenaZAlloc(arena,dbkey->derPK.len);
- if ( dbkey->derPK.data == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(dbkey->derPK.data, &buf[keyoff], dbkey->derPK.len);
-
- return(dbkey);
-
-loser:
-
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-static SECKEYDBKey *
-get_dbkey(SECKEYKeyDBHandle *handle, DBT *index)
-{
- SECKEYDBKey *dbkey;
- DBT entry;
- SECStatus rv;
-
- /* get it from the database */
- rv = (SECStatus)(* handle->db->get)(handle->db, index, &entry, 0);
- if ( rv ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- return NULL;
- }
-
- /* set up dbkey struct */
-
- dbkey = decode_dbkey(&entry, PRIVATE_KEY_DB_FILE_VERSION);
-
- return(dbkey);
-}
-
-static SECStatus
-put_dbkey(SECKEYKeyDBHandle *handle, DBT *index, SECKEYDBKey *dbkey, PRBool update)
-{
- DBT *keydata = NULL;
- int status;
-
- keydata = encode_dbkey(dbkey);
- if ( keydata == NULL ) {
- goto loser;
- }
-
- /* put it in the database */
- if ( update ) {
- status = (* handle->db->put)(handle->db, index, keydata, 0);
- } else {
- status = (* handle->db->put)(handle->db, index, keydata,
- R_NOOVERWRITE);
- }
-
- if ( status ) {
- goto loser;
- }
-
- /* sync the database */
- status = (* handle->db->sync)(handle->db, 0);
- if ( status ) {
- goto loser;
- }
-
- free_dbt(keydata);
- return(SECSuccess);
-
-loser:
- if ( keydata ) {
- free_dbt(keydata);
- }
-
- return(SECFailure);
-}
-
-SECStatus
-SECKEY_TraverseKeys(SECKEYKeyDBHandle *handle,
- SECStatus (* keyfunc)(DBT *k, DBT *d, void *pdata),
- void *udata )
-{
- DBT data;
- DBT key;
- SECStatus status;
- int rv;
-
- if (handle == NULL) {
- return(SECFailure);
- }
-
- rv = (* handle->db->seq)(handle->db, &key, &data, R_FIRST);
- if ( rv ) {
- return(SECFailure);
- }
-
- do {
- /* skip version record */
- if ( data.size > 1 ) {
- if ( key.size == ( sizeof(SALT_STRING) - 1 ) ) {
- if ( PORT_Memcmp(key.data, SALT_STRING, key.size) == 0 ) {
- continue;
- }
- }
-
- /* skip password check */
- if ( key.size == KEYDB_PW_CHECK_LEN ) {
- if ( PORT_Memcmp(key.data, KEYDB_PW_CHECK_STRING,
- KEYDB_PW_CHECK_LEN) == 0 ) {
- continue;
- }
- }
-
- status = (* keyfunc)(&key, &data, udata);
- if (status != SECSuccess) {
- return(status);
- }
- }
- } while ( (* handle->db->seq)(handle->db, &key, &data, R_NEXT) == 0 );
-
- return(SECSuccess);
-}
-
-typedef struct keyNode {
- struct keyNode *next;
- DBT key;
-} keyNode;
-
-typedef struct {
- PLArenaPool *arena;
- keyNode *head;
-} keyList;
-
-static SECStatus
-sec_add_key_to_list(DBT *key, DBT *data, void *arg)
-{
- keyList *keylist;
- keyNode *node;
- void *keydata;
-
- keylist = (keyList *)arg;
-
- /* allocate the node struct */
- node = (keyNode*)PORT_ArenaZAlloc(keylist->arena, sizeof(keyNode));
- if ( node == NULL ) {
- return(SECFailure);
- }
-
- /* allocate room for key data */
- keydata = PORT_ArenaZAlloc(keylist->arena, key->size);
- if ( keydata == NULL ) {
- return(SECFailure);
- }
-
- /* link node into list */
- node->next = keylist->head;
- keylist->head = node;
-
- /* copy key into node */
- PORT_Memcpy(keydata, key->data, key->size);
- node->key.size = key->size;
- node->key.data = keydata;
-
- return(SECSuccess);
-}
-
-static SECItem *
-decodeKeyDBGlobalSalt(DBT *saltData)
-{
- SECItem *saltitem;
-
- saltitem = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if ( saltitem == NULL ) {
- return(NULL);
- }
-
- saltitem->data = (unsigned char *)PORT_ZAlloc(saltData->size);
- if ( saltitem->data == NULL ) {
- PORT_Free(saltitem);
- return(NULL);
- }
-
- saltitem->len = saltData->size;
- PORT_Memcpy(saltitem->data, saltData->data, saltitem->len);
-
- return(saltitem);
-}
-
-static SECItem *
-GetKeyDBGlobalSalt(SECKEYKeyDBHandle *handle)
-{
- DBT saltKey;
- DBT saltData;
- int ret;
-
- saltKey.data = SALT_STRING;
- saltKey.size = sizeof(SALT_STRING) - 1;
-
- ret = (* handle->db->get)(handle->db, &saltKey, &saltData, 0);
- if ( ret ) {
- return(NULL);
- }
-
- return(decodeKeyDBGlobalSalt(&saltData));
-}
-
-static SECStatus
-makeGlobalVersion(SECKEYKeyDBHandle *handle)
-{
- unsigned char version;
- DBT versionData;
- DBT versionKey;
- int status;
-
- version = PRIVATE_KEY_DB_FILE_VERSION;
- versionData.data = &version;
- versionData.size = 1;
- versionKey.data = VERSION_STRING;
- versionKey.size = sizeof(VERSION_STRING)-1;
-
- /* put version string into the database now */
- status = (* handle->db->put)(handle->db, &versionKey, &versionData, 0);
- if ( status ) {
- return(SECFailure);
- }
-
- return(SECSuccess);
-}
-
-
-static SECStatus
-makeGlobalSalt(SECKEYKeyDBHandle *handle)
-{
- DBT saltKey;
- DBT saltData;
- unsigned char saltbuf[16];
- int status;
-
- saltKey.data = SALT_STRING;
- saltKey.size = sizeof(SALT_STRING) - 1;
-
- saltData.data = (void *)saltbuf;
- saltData.size = sizeof(saltbuf);
- RNG_GenerateGlobalRandomBytes(saltbuf, sizeof(saltbuf));
-
- /* put global salt into the database now */
- status = (* handle->db->put)( handle->db, &saltKey, &saltData, 0);
- if ( status ) {
- return(SECFailure);
- }
-
- return(SECSuccess);
-}
-
-static char *
-keyDBFilenameCallback(void *arg, int dbVersion)
-{
- return((char *)arg);
-}
-
-SECKEYKeyDBHandle *
-SECKEY_OpenKeyDBFilename(char *dbname, PRBool readOnly)
-{
- return(SECKEY_OpenKeyDB(readOnly, keyDBFilenameCallback,
- (void *)dbname));
-}
-
-SECKEYKeyDBHandle *
-SECKEY_OpenKeyDB(PRBool readOnly, SECKEYDBNameFunc namecb, void *cbarg)
-{
- SECKEYKeyDBHandle *handle;
- DBT versionKey;
- DBT versionData;
- int rv;
- int openflags;
- char *dbname = NULL;
- PRBool updated = PR_FALSE;
-
- handle = (SECKEYKeyDBHandle *)PORT_ZAlloc (sizeof(SECKEYKeyDBHandle));
- if (handle == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- versionKey.data = VERSION_STRING;
- versionKey.size = sizeof(VERSION_STRING)-1;
-
- if ( readOnly ) {
- openflags = O_RDONLY;
- } else {
- openflags = O_RDWR;
- }
-
- dbname = (*namecb)(cbarg, PRIVATE_KEY_DB_FILE_VERSION);
- if ( dbname == NULL ) {
- goto loser;
- }
-
- handle->db = dbopen( dbname, openflags, 0600, DB_HASH, 0 );
-
- /* check for correct version number */
- if (handle->db != NULL) {
- /* lookup version string in database */
- rv = (* handle->db->get)( handle->db, &versionKey, &versionData, 0 );
-
- /* error accessing the database */
- if ( rv < 0 ) {
- goto loser;
- }
-
- if ( rv == 1 ) {
- /* no version number record, reset the database */
- (* handle->db->close)( handle->db );
- handle->db = NULL;
-
- goto newdb;
-
- }
-
- handle->version = *( (unsigned char *)versionData.data);
-
- if (handle->version != PRIVATE_KEY_DB_FILE_VERSION ) {
- /* bogus version number record, reset the database */
- (* handle->db->close)( handle->db );
- handle->db = NULL;
-
- goto newdb;
- }
-
- }
-
-newdb:
-
- /* if first open fails, try to create a new DB */
- if ( handle->db == NULL ) {
- if ( readOnly ) {
- goto loser;
- }
-
- handle->db = dbopen( dbname,
- O_RDWR | O_CREAT | O_TRUNC, 0600, DB_HASH, 0 );
-
- PORT_Free( dbname );
- dbname = NULL;
-
- /* if create fails then we lose */
- if ( handle->db == NULL ) {
- goto loser;
- }
-
- rv = makeGlobalVersion(handle);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /*
- * try to update from v2 db
- */
- dbname = (*namecb)(cbarg, 2);
- if ( dbname != NULL ) {
- handle->updatedb = dbopen( dbname, O_RDONLY, 0600, DB_HASH, 0 );
-
- if ( handle->updatedb ) {
-
-
- /*
- * Try to update the db using a null password. If the db
- * doesn't have a password, then this will work. If it does
- * have a password, then this will fail and we will do the
- * update later
- */
- rv = SECKEY_UpdateKeyDBPass1(handle);
- if ( rv == SECSuccess ) {
- updated = PR_TRUE;
- }
- }
-
- PORT_Free( dbname );
- dbname = NULL;
- }
-
- /* we are using the old salt if we updated from an old db */
- if ( ! updated ) {
- rv = makeGlobalSalt(handle);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
-
- /* sync the database */
- rv = (* handle->db->sync)(handle->db, 0);
- if ( rv ) {
- goto loser;
- }
- }
-
- handle->global_salt = GetKeyDBGlobalSalt(handle);
- return handle;
-
-loser:
-
- if ( dbname )
- PORT_Free( dbname );
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
-
- if ( handle->db ) {
- (* handle->db->close)(handle->db);
- }
- if ( handle->updatedb ) {
- (* handle->updatedb->close)(handle->updatedb);
- }
- PORT_Free(handle);
- return NULL;
-}
-
-/*
- * Close the database
- */
-void
-SECKEY_CloseKeyDB(SECKEYKeyDBHandle *handle)
-{
- if (handle != NULL) {
- if (handle == SECKEY_GetDefaultKeyDB()) {
- SECKEY_SetDefaultKeyDB(NULL);
- }
- if (handle->db != NULL) {
- (* handle->db->close)(handle->db);
- }
- PORT_Free(handle);
- }
-}
-
-/* Get the key database version */
-int
-SECKEY_GetKeyDBVersion(SECKEYKeyDBHandle *handle)
-{
- PORT_Assert(handle != NULL);
-
- return handle->version;
-}
-
-/*
- * Allow use of default key database, so that apps (such as mozilla) do
- * not have to pass the handle all over the place.
- */
-
-static SECKEYKeyDBHandle *sec_default_key_db = NULL;
-
-void
-SECKEY_SetDefaultKeyDB(SECKEYKeyDBHandle *handle)
-{
- sec_default_key_db = handle;
-}
-
-SECKEYKeyDBHandle *
-SECKEY_GetDefaultKeyDB(void)
-{
- return sec_default_key_db;
-}
-
-/*
- * Delete a private key that was stored in the database
- */
-SECStatus
-SECKEY_DeleteKey(SECKEYKeyDBHandle *handle, SECItem *pubkey)
-{
- DBT namekey;
- int rv;
-
- if (handle == NULL) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- return(SECFailure);
- }
-
- /* set up db key and data */
- namekey.data = pubkey->data;
- namekey.size = pubkey->len;
-
- /* delete it from the database */
- rv = (* handle->db->del)(handle->db, &namekey, 0);
- if ( rv ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- return(SECFailure);
- }
-
- /* sync the database */
- rv = (* handle->db->sync)(handle->db, 0);
- if ( rv ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- return(SECFailure);
- }
-
- return(SECSuccess);
-}
-
-/*
- * Store a key in the database, indexed by its public key modulus.(value!)
- */
-SECStatus
-SECKEY_StoreKeyByPublicKey(SECKEYKeyDBHandle *handle,
- SECKEYLowPrivateKey *privkey,
- SECItem *pubKeyData,
- char *nickname,
- SECKEYGetPasswordKey f, void *arg)
-{
- return SECKEY_StoreKeyByPublicKeyAlg(handle, privkey, pubKeyData, nickname,
- f, arg, SECKEY_GetDefaultKeyDBAlg());
-}
-
-/* see if the public key for this cert is in the database filed
- * by modulus
- */
-SECStatus
-SECKEY_KeyForCertExists(SECKEYKeyDBHandle *handle, CERTCertificate *cert)
-{
- SECKEYPublicKey *pubkey = NULL;
- DBT namekey;
- DBT dummy;
- int status;
-
- /* get cert's public key */
- pubkey = CERT_ExtractPublicKey(cert);
- if ( pubkey == NULL ) {
- return SECFailure;
- }
-
- /* TNH - make key from SECKEYPublicKey */
- switch (pubkey->keyType) {
- case rsaKey:
- namekey.data = pubkey->u.rsa.modulus.data;
- namekey.size = pubkey->u.rsa.modulus.len;
- break;
- case dsaKey:
- namekey.data = pubkey->u.dsa.publicValue.data;
- namekey.size = pubkey->u.dsa.publicValue.len;
- break;
- case dhKey:
- namekey.data = pubkey->u.dh.publicValue.data;
- namekey.size = pubkey->u.dh.publicValue.len;
- break;
- default:
- /* XXX We don't do Fortezza or DH yet. */
- return SECFailure;
- }
-
- status = (* handle->db->get)(handle->db, &namekey, &dummy, 0);
- SECKEY_DestroyPublicKey(pubkey);
- if ( status ) {
- /* TNH - should this really set an error? */
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-/*
- * find the private key for a cert
- */
-SECKEYLowPrivateKey *
-SECKEY_FindKeyByCert(SECKEYKeyDBHandle *handle, CERTCertificate *cert,
- SECKEYGetPasswordKey f, void *arg)
-{
- SECKEYPublicKey *pubkey = NULL;
- SECItem *keyItem;
- SECKEYLowPrivateKey *privKey = NULL;
-
- /* get cert's public key */
- pubkey = CERT_ExtractPublicKey(cert);
- if ( !pubkey ) {
- goto loser;
- }
-
- /* TNH - make record key from SECKEYPublicKey (again) */
- switch (pubkey->keyType) {
- case rsaKey:
- keyItem = &pubkey->u.rsa.modulus;
- break;
- case dsaKey:
- keyItem = &pubkey->u.dsa.publicValue;
- break;
- case dhKey:
- keyItem = &pubkey->u.dh.publicValue;
- break;
- /* fortezza an NULL keys are not stored in the data base */
- case fortezzaKey:
- case nullKey:
- goto loser;
- }
-
- privKey = SECKEY_FindKeyByPublicKey(handle, keyItem, f, arg);
-
- /* success falls through */
-loser:
- SECKEY_DestroyPublicKey(pubkey);
- return(privKey);
-}
-
-/*
- * check to see if the user has a password
- */
-SECStatus
-SECKEY_HasKeyDBPassword(SECKEYKeyDBHandle *handle)
-{
- DBT checkkey, checkdata;
- int rv;
-
- if (handle == NULL) {
- return(SECFailure);
- }
-
- checkkey.data = KEYDB_PW_CHECK_STRING;
- checkkey.size = KEYDB_PW_CHECK_LEN;
-
- rv = (* handle->db->get)(handle->db, &checkkey, &checkdata, 0 );
- if ( rv ) {
- return(SECFailure);
- }
-
- return(SECSuccess);
-}
-
-/*
- * Set up the password checker in the key database.
- * This is done by encrypting a known plaintext with the user's key.
- */
-SECStatus
-SECKEY_SetKeyDBPassword(SECKEYKeyDBHandle *handle, SECItem *pwitem)
-{
- return SECKEY_SetKeyDBPasswordAlg(handle, pwitem,
- SECKEY_GetDefaultKeyDBAlg());
-}
-
-/*
- * Re-encrypt the entire key database with a new password.
- * NOTE: This really should create a new database rather than doing it
- * in place in the original
- */
-SECStatus
-SECKEY_ChangeKeyDBPassword(SECKEYKeyDBHandle *handle,
- SECItem *oldpwitem, SECItem *newpwitem)
-{
- return SECKEY_ChangeKeyDBPasswordAlg(handle, oldpwitem, newpwitem,
- SECKEY_GetDefaultKeyDBAlg());
-}
-
-static SECStatus
-HashPassword(unsigned char *hashresult, char *pw, SECItem *salt)
-{
- SHA1Context *cx;
- unsigned int outlen;
- cx = SHA1_NewContext();
- if ( cx == NULL ) {
- return(SECFailure);
- }
-
- SHA1_Begin(cx);
- if ( ( salt != NULL ) && ( salt->data != NULL ) ) {
- SHA1_Update(cx, salt->data, salt->len);
- }
-
- SHA1_Update(cx, (unsigned char *)pw, PORT_Strlen(pw));
- SHA1_End(cx, hashresult, &outlen, SHA1_LENGTH);
-
- SHA1_DestroyContext(cx, PR_TRUE);
-
- return(SECSuccess);
-}
-
-SECItem *
-SECKEY_HashPassword(char *pw, SECItem *salt)
-{
- SECItem *pwitem;
- SECStatus rv;
-
- pwitem = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if ( pwitem == NULL ) {
- return(NULL);
- }
- pwitem->len = SHA1_LENGTH;
- pwitem->data = (unsigned char *)PORT_ZAlloc(SHA1_LENGTH);
- if ( pwitem->data == NULL ) {
- PORT_Free(pwitem);
- return(NULL);
- }
- if ( pw ) {
- rv = HashPassword(pwitem->data, pw, salt);
- if ( rv != SECSuccess ) {
- SECITEM_ZfreeItem(pwitem, PR_TRUE);
- return(NULL);
- }
- }
-
- return(pwitem);
-}
-
-/* Derive the actual password value for the database from a pw string */
-SECItem *
-SECKEY_DeriveKeyDBPassword(SECKEYKeyDBHandle *keydb, char *pw)
-{
- PORT_Assert(keydb != NULL);
- PORT_Assert(pw != NULL);
- if (keydb == NULL || pw == NULL) return(NULL);
-
- return SECKEY_HashPassword(pw, keydb->global_salt);
-}
-
-#if 0
-/* Appears obsolete - TNH */
-/* get the algorithm with which a private key
- * is encrypted.
- */
-SECOidTag
-seckey_get_private_key_algorithm(SECKEYKeyDBHandle *keydb, DBT *index)
-{
- SECKEYDBKey *dbkey = NULL;
- SECOidTag algorithm = SEC_OID_UNKNOWN;
- SECKEYEncryptedPrivateKeyInfo *epki = NULL;
- PLArenaPool *poolp = NULL;
- SECStatus rv;
-
- poolp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if(poolp == NULL)
- return (SECOidTag)SECFailure; /* TNH - this is bad */
-
- dbkey = get_dbkey(keydb, index);
- if(dbkey == NULL)
- return (SECOidTag)SECFailure;
-
- epki = (SECKEYEncryptedPrivateKeyInfo *)PORT_ArenaZAlloc(poolp,
- sizeof(SECKEYEncryptedPrivateKeyInfo));
- if(epki == NULL)
- goto loser;
- rv = SEC_ASN1DecodeItem(poolp, epki,
- SECKEY_EncryptedPrivateKeyInfoTemplate, &dbkey->derPK);
- if(rv == SECFailure)
- goto loser;
-
- algorithm = SECOID_GetAlgorithmTag(&epki->algorithm);
-
- /* let success fall through */
-loser:
- if(poolp != NULL)
- PORT_FreeArena(poolp, PR_TRUE);\
- if(dbkey != NULL)
- sec_destroy_dbkey(dbkey);
-
- return algorithm;
-}
-#endif
-
-/*
- * Derive an RC4 key from a password key and a salt. This
- * was the method to used to encrypt keys in the version 2?
- * database
- */
-SECItem *
-seckey_create_rc4_key(SECItem *pwitem, SECItem *salt)
-{
- MD5Context *md5 = NULL;
- unsigned int part;
- SECStatus rv = SECFailure;
- SECItem *key = NULL;
-
- key = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(key != NULL)
- {
- key->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) *
- MD5_LENGTH);
- key->len = MD5_LENGTH;
- if(key->data != NULL)
- {
- md5 = MD5_NewContext();
- if ( md5 != NULL )
- {
- MD5_Begin(md5);
- MD5_Update(md5, salt->data, salt->len);
- MD5_Update(md5, pwitem->data, pwitem->len);
- MD5_End(md5, key->data, &part, MD5_LENGTH);
- MD5_DestroyContext(md5, PR_TRUE);
- rv = SECSuccess;
- }
- }
-
- if(rv != SECSuccess)
- {
- SECITEM_FreeItem(key, PR_TRUE);
- key = NULL;
- }
- }
-
- return key;
-}
-
-SECItem *
-seckey_create_rc4_salt(void)
-{
- SECItem *salt = NULL;
- SECStatus rv = SECFailure;
-
- salt = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(salt == NULL)
- return NULL;
-
- salt->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) *
- SALT_LENGTH);
- if(salt->data != NULL)
- {
- salt->len = SALT_LENGTH;
- RNG_GenerateGlobalRandomBytes(salt->data, salt->len);
- rv = SECSuccess;
- }
-
- if(rv == SECFailure)
- {
- SECITEM_FreeItem(salt, PR_TRUE);
- salt = NULL;
- }
-
- return salt;
-}
-
-SECItem *
-seckey_rc4_cipher(SECItem *key, SECItem *src, PRBool encrypt)
-{
- SECItem *dest = NULL;
- RC4Context *ctxt = NULL;
- SECStatus rv = SECFailure;
-
- if((key == NULL) || (src == NULL))
- return NULL;
-
- dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(dest == NULL)
- return NULL;
-
- dest->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) *
- (src->len + 64)); /* TNH - padding? */
- if(dest->data != NULL)
- {
- ctxt = RC4_CreateContext(key->data, key->len);
- if(ctxt != NULL)
- {
- if(encrypt == PR_TRUE)
- rv = RC4_Encrypt(ctxt, dest->data, &dest->len,
- src->len + 64, src->data, src->len);
- else
- rv = RC4_Decrypt(ctxt, dest->data, &dest->len,
- src->len + 64, src->data, src->len);
- RC4_DestroyContext(ctxt, PR_TRUE);
- }
- }
-
- if(rv == SECFailure)
- if(dest != NULL)
- {
- SECITEM_FreeItem(dest, PR_TRUE);
- dest = NULL;
- }
-
- return dest;
-}
-
-/* TNH - keydb is unused */
-/* TNH - the pwitem should be the derived key for RC4 */
-SECKEYEncryptedPrivateKeyInfo *
-seckey_encrypt_private_key(
- SECKEYLowPrivateKey *pk, SECItem *pwitem, SECKEYKeyDBHandle *keydb,
- SECOidTag algorithm)
-{
- SECKEYEncryptedPrivateKeyInfo *epki = NULL;
- SECKEYPrivateKeyInfo *pki = NULL;
- SECStatus rv = SECFailure;
- SECAlgorithmID *algid = NULL;
- PLArenaPool *temparena = NULL, *permarena = NULL;
- SECItem *key = NULL, *salt = NULL, *der_item = NULL;
- SECItem *dummy = NULL, *dest = NULL;
-
- permarena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if(permarena == NULL)
- return NULL;
-
- temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if(temparena == NULL)
- goto loser;
-
- /* allocate structures */
- epki = (SECKEYEncryptedPrivateKeyInfo *)PORT_ArenaZAlloc(permarena,
- sizeof(SECKEYEncryptedPrivateKeyInfo));
- pki = (SECKEYPrivateKeyInfo *)PORT_ArenaZAlloc(temparena,
- sizeof(SECKEYPrivateKeyInfo));
- der_item = (SECItem *)PORT_ArenaZAlloc(temparena, sizeof(SECItem));
- if((epki == NULL) || (pki == NULL) || (der_item == NULL))
- goto loser;
-
- epki->arena = permarena;
-
- /* setup private key info */
- dummy = SEC_ASN1EncodeInteger(temparena, &(pki->version),
- SEC_PRIVATE_KEY_INFO_VERSION);
- if(dummy == NULL)
- goto loser;
-
- /* Encode the key, and set the algorithm (with params) */
- switch (pk->keyType) {
- case rsaKey:
- dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
- SECKEY_RSAPrivateKeyTemplate);
- if (dummy == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
- SEC_OID_PKCS1_RSA_ENCRYPTION, 0);
- if (rv == SECFailure) {
- goto loser;
- }
-
- break;
- case dsaKey:
- dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
- SECKEY_DSAPrivateKeyTemplate);
- if (dummy == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- dummy = SEC_ASN1EncodeItem(temparena, NULL, &pk->u.dsa.params,
- SECKEY_PQGParamsTemplate);
- if (dummy == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
- SEC_OID_ANSIX9_DSA_SIGNATURE, dummy);
- if (rv == SECFailure) {
- goto loser;
- }
-
- break;
- case dhKey:
- dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
- SECKEY_DHPrivateKeyTemplate);
- if (dummy == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
- SEC_OID_X942_DIFFIE_HELMAN_KEY, dummy);
- if (rv == SECFailure) {
- goto loser;
- }
- break;
- default:
- /* We don't support DH or Fortezza private keys yet */
- PORT_Assert(PR_FALSE);
- break;
- }
-
- /* setup encrypted private key info */
- dummy = SEC_ASN1EncodeItem(temparena, der_item, pki,
- SECKEY_PrivateKeyInfoTemplate);
- if(dummy == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- rv = SECFailure; /* assume failure */
- switch(algorithm)
- {
- case SEC_OID_RC4:
- salt = seckey_create_rc4_salt();
- if(salt != NULL)
- {
- key = seckey_create_rc4_key(pwitem, salt);
- if(key != NULL)
- {
- dest = seckey_rc4_cipher(key, der_item, PR_TRUE);
- if(dest != NULL)
- {
- rv = SECITEM_CopyItem(permarena, &epki->encryptedData,
- dest);
- if(rv == SECSuccess)
- rv = SECOID_SetAlgorithmID(permarena,
- &epki->algorithm, SEC_OID_RC4, salt);
- }
- }
- }
- if(dest != NULL)
- SECITEM_FreeItem(dest, PR_TRUE);
- if(key != NULL)
- SECITEM_ZfreeItem(key, PR_TRUE);
- break;
- default:
- algid = SEC_PKCS5CreateAlgorithmID(algorithm, NULL, 1);
- if(algid != NULL)
- {
- dest = SEC_PKCS5CipherData(algid, pwitem,
- der_item, PR_TRUE, NULL);
- if(dest != NULL)
- {
- rv = SECITEM_CopyItem(permarena, &epki->encryptedData,
- dest);
- if(rv == SECSuccess)
- rv = SECOID_CopyAlgorithmID(permarena,
- &epki->algorithm, algid);
- }
- }
- if(dest != NULL)
- SECITEM_FreeItem(dest, PR_TRUE);
- if(algid != NULL)
- SECOID_DestroyAlgorithmID(algid, PR_TRUE);
- break;
- }
-
- /* let success fall through */
-loser:
-
- if(rv == SECFailure)
- {
- PORT_FreeArena(permarena, PR_TRUE);
- epki = NULL;
- }
-
- if(temparena != NULL)
- PORT_FreeArena(temparena, PR_TRUE);
-
- if(salt != NULL)
- SECITEM_FreeItem(salt, PR_TRUE);
-
- return epki;
-}
-
-SECStatus
-seckey_put_private_key(SECKEYKeyDBHandle *keydb, DBT *index, SECItem *pwitem,
- SECKEYLowPrivateKey *pk, char *nickname, PRBool update,
- SECOidTag algorithm)
-{
- SECKEYDBKey *dbkey = NULL;
- SECKEYEncryptedPrivateKeyInfo *epki = NULL;
- PLArenaPool *temparena = NULL, *permarena = NULL;
- SECItem *dummy = NULL;
- SECItem *salt = NULL;
- SECStatus rv = SECFailure;
-
- if((keydb == NULL) || (index == NULL) || (pwitem == NULL) ||
- (pk == NULL))
- return SECFailure;
-
- permarena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if(permarena == NULL)
- return SECFailure;
-
- dbkey = (SECKEYDBKey *)PORT_ArenaZAlloc(permarena, sizeof(SECKEYDBKey));
- if(dbkey == NULL)
- goto loser;
- dbkey->arena = permarena;
- dbkey->nickname = nickname;
-
- /* TNH - for RC4, the salt should be created here */
-
- epki = seckey_encrypt_private_key(pk, pwitem, keydb, algorithm);
- if(epki == NULL)
- goto loser;
- temparena = epki->arena;
-
- /* extract salt for db key */
- switch(algorithm)
- {
- case SEC_OID_RC4:
- rv = SECITEM_CopyItem(permarena, &(dbkey->salt),
- &(epki->algorithm.parameters));
- epki->algorithm.parameters.len = 0;
- epki->algorithm.parameters.data = NULL;
- break;
- default:
- /* TNH - this should not be necessary */
- salt = SEC_PKCS5GetSalt(&epki->algorithm);
- if(salt != NULL)
- {
- rv = SECITEM_CopyItem(permarena, &(dbkey->salt), salt);
- SECITEM_ZfreeItem(salt, PR_TRUE);
- }
- break;
- }
-
- dummy = SEC_ASN1EncodeItem(permarena, &(dbkey->derPK), epki,
- SECKEY_EncryptedPrivateKeyInfoTemplate);
- if(dummy == NULL)
- rv = SECFailure;
- else
- rv = put_dbkey(keydb, index, dbkey, update);
-
- /* let success fall through */
-loser:
- if(rv != SECSuccess)
- if(permarena != NULL)
- PORT_FreeArena(permarena, PR_TRUE);
- if(temparena != NULL)
- PORT_FreeArena(temparena, PR_TRUE);
-
- return rv;
-}
-
-/*
- * Store a key in the database, indexed by its public key modulus.
- * Note that the nickname is optional. It was only used by keyutil.
- */
-SECStatus
-SECKEY_StoreKeyByPublicKeyAlg(SECKEYKeyDBHandle *handle,
- SECKEYLowPrivateKey *privkey,
- SECItem *pubKeyData,
- char *nickname,
- SECKEYGetPasswordKey f, void *arg,
- SECOidTag algorithm)
-{
- DBT namekey;
- SECItem *pwitem = NULL;
- SECStatus rv;
-
- if (handle == NULL) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- return(SECFailure);
- }
-
- /* set up db key and data */
- namekey.data = pubKeyData->data;
- namekey.size = pubKeyData->len;
-
- pwitem = (*f )(arg, handle);
- if ( pwitem == NULL ) {
- return(SECFailure);
- }
-
- /* encrypt the private key */
- rv = seckey_put_private_key(handle, &namekey, pwitem, privkey, nickname,
- PR_FALSE, algorithm);
- SECITEM_ZfreeItem(pwitem, PR_TRUE);
-
- return(rv);
-}
-
-SECKEYLowPrivateKey *
-seckey_decrypt_private_key(SECKEYEncryptedPrivateKeyInfo *epki,
- SECItem *pwitem)
-{
- SECKEYLowPrivateKey *pk = NULL;
- SECKEYPrivateKeyInfo *pki = NULL;
- SECStatus rv = SECFailure;
- SECOidTag algorithm;
- PLArenaPool *temparena = NULL, *permarena = NULL;
- SECItem *salt = NULL, *dest = NULL, *key = NULL;
-
- if((epki == NULL) || (pwitem == NULL))
- goto loser;
-
- temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- permarena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if((temparena == NULL) || (permarena == NULL))
- goto loser;
-
- /* allocate temporary items */
- pki = (SECKEYPrivateKeyInfo *)PORT_ArenaZAlloc(temparena,
- sizeof(SECKEYPrivateKeyInfo));
-
- /* allocate permanent arena items */
- pk = (SECKEYLowPrivateKey *)PORT_ArenaZAlloc(permarena,
- sizeof(SECKEYLowPrivateKey));
-
- if((pk == NULL) || (pki == NULL))
- goto loser;
-
- pk->arena = permarena;
-
- algorithm = SECOID_GetAlgorithmTag(&(epki->algorithm));
- switch(algorithm)
- {
- case SEC_OID_RC4:
- salt = SECITEM_DupItem(&epki->algorithm.parameters);
- if(salt != NULL)
- {
- key = seckey_create_rc4_key(pwitem, salt);
- if(key != NULL)
- {
- dest = seckey_rc4_cipher(key, &epki->encryptedData,
- PR_FALSE);
- }
- }
- if(salt != NULL)
- SECITEM_ZfreeItem(salt, PR_TRUE);
- if(key != NULL)
- SECITEM_ZfreeItem(key, PR_TRUE);
- break;
- default:
- /* we depend on the fact that if this key was encoded with
- * DES, that the pw was also encoded with DES, so we don't have
- * to do the update here, the password code will handle it. */
- dest = SEC_PKCS5CipherData(&epki->algorithm, pwitem,
- &epki->encryptedData, PR_FALSE, NULL);
- break;
- }
-
- if(dest != NULL)
- {
- rv = SEC_ASN1DecodeItem(temparena, pki,
- SECKEY_PrivateKeyInfoTemplate, dest);
- if(rv == SECSuccess)
- {
- switch(SECOID_GetAlgorithmTag(&pki->algorithm)) {
- case SEC_OID_X500_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- pk->keyType = rsaKey;
- rv = SEC_ASN1DecodeItem(permarena, pk,
- SECKEY_RSAPrivateKeyTemplate,
- &pki->privateKey);
- break;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- pk->keyType = dsaKey;
- rv = SEC_ASN1DecodeItem(permarena, pk,
- SECKEY_DSAPrivateKeyTemplate,
- &pki->privateKey);
- if (rv != SECSuccess)
- goto loser;
- rv = SEC_ASN1DecodeItem(permarena, &pk->u.dsa.params,
- SECKEY_PQGParamsTemplate,
- &pki->algorithm.parameters);
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY:
- pk->keyType = dhKey;
- rv = SEC_ASN1DecodeItem(permarena, pk,
- SECKEY_DHPrivateKeyTemplate,
- &pki->privateKey);
- break;
- default:
- rv = SECFailure;
- break;
- }
- }
- else if(PORT_GetError() == SEC_ERROR_BAD_DER)
- {
- PORT_SetError(SEC_ERROR_BAD_PASSWORD);
- goto loser;
- }
- }
-
- /* let success fall through */
-loser:
- if(temparena != NULL)
- PORT_FreeArena(temparena, PR_TRUE);
- if(dest != NULL)
- SECITEM_ZfreeItem(dest, PR_TRUE);
-
- if(rv != SECSuccess)
- {
- if(permarena != NULL)
- PORT_FreeArena(permarena, PR_TRUE);
- pk = NULL;
- }
-
- return pk;
-}
-
-static SECKEYLowPrivateKey *
-seckey_decode_encrypted_private_key(SECKEYDBKey *dbkey, SECItem *pwitem)
-{
- SECKEYLowPrivateKey *pk = NULL;
- SECKEYEncryptedPrivateKeyInfo *epki;
- PLArenaPool *temparena = NULL;
- SECStatus rv;
- SECOidTag algorithm;
-
- if( ( dbkey == NULL ) || ( pwitem == NULL ) ) {
- return NULL;
- }
-
- temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if(temparena == NULL) {
- return NULL;
- }
-
- epki = (SECKEYEncryptedPrivateKeyInfo *)
- PORT_ArenaZAlloc(temparena, sizeof(SECKEYEncryptedPrivateKeyInfo));
-
- if(epki == NULL) {
- goto loser;
- }
-
- rv = SEC_ASN1DecodeItem(temparena, epki,
- SECKEY_EncryptedPrivateKeyInfoTemplate,
- &(dbkey->derPK));
- if(rv != SECSuccess) {
- goto loser;
- }
-
- algorithm = SECOID_GetAlgorithmTag(&(epki->algorithm));
- switch(algorithm)
- {
- case SEC_OID_RC4:
- /* TNH - this code should derive the actual RC4 key from salt and
- pwitem */
- rv = SECITEM_CopyItem(temparena, &(epki->algorithm.parameters),
- &(dbkey->salt));
- break;
- default:
- break;
- }
-
- pk = seckey_decrypt_private_key(epki, pwitem);
-
- /* let success fall through */
-loser:
-
- PORT_FreeArena(temparena, PR_TRUE);
- return pk;
-}
-
-SECKEYLowPrivateKey *
-seckey_get_private_key(SECKEYKeyDBHandle *keydb, DBT *index, char **nickname,
- SECItem *pwitem)
-{
- SECKEYDBKey *dbkey = NULL;
- SECKEYLowPrivateKey *pk = NULL;
-
- if( ( keydb == NULL ) || ( index == NULL ) || ( pwitem == NULL ) ) {
- return NULL;
- }
-
- dbkey = get_dbkey(keydb, index);
- if(dbkey == NULL) {
- goto loser;
- }
-
- if ( nickname ) {
- if ( dbkey->nickname && ( dbkey->nickname[0] != 0 ) ) {
- *nickname = PORT_Strdup(dbkey->nickname);
- } else {
- *nickname = NULL;
- }
- }
-
- pk = seckey_decode_encrypted_private_key(dbkey, pwitem);
-
- /* let success fall through */
-loser:
-
- if ( dbkey != NULL ) {
- sec_destroy_dbkey(dbkey);
- }
-
- return pk;
-}
-
-/*
- * used by pkcs11 to import keys into it's object format... In the future
- * we really need a better way to tie in...
- */
-SECKEYLowPrivateKey *
-SECKEY_DecryptKey(DBT *key, SECItem *pwitem,
- SECKEYKeyDBHandle *handle) {
- return seckey_get_private_key(handle,key,NULL,pwitem);
-}
-
-/*
- * Find a key in the database, indexed by its public key modulus
- * This is used to find keys that have been stored before their
- * certificate arrives. Once the certificate arrives the key
- * is looked up by the public modulus in the certificate, and the
- * re-stored by its nickname.
- */
-SECKEYLowPrivateKey *
-SECKEY_FindKeyByPublicKey(SECKEYKeyDBHandle *handle, SECItem *modulus,
- SECKEYGetPasswordKey f, void *arg)
-{
- DBT namekey;
- SECKEYLowPrivateKey *pk = NULL;
- SECItem *pwitem = NULL;
-
- if (handle == NULL) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- return NULL;
- }
-
- /* set up db key */
- namekey.data = modulus->data;
- namekey.size = modulus->len;
-
- pwitem = (*f )(arg, handle);
- if ( pwitem == NULL ) {
- return(NULL);
- }
-
- pk = seckey_get_private_key(handle, &namekey, NULL, pwitem);
- SECITEM_ZfreeItem(pwitem, PR_TRUE);
-
- /* no need to free dbkey, since its on the stack, and the data it
- * points to is owned by the database
- */
- return(pk);
-}
-
-/* ===== ENCODING ROUTINES ===== */
-
-static SECStatus
-encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg,
- SECItem *encCheck)
-{
- SECOidData *oidData;
- SECStatus rv;
-
- oidData = SECOID_FindOIDByTag(alg);
- if ( oidData == NULL ) {
- rv = SECFailure;
- goto loser;
- }
-
- entry->len = 1 + oidData->oid.len + encCheck->len;
- if ( arena ) {
- entry->data = (unsigned char *)PORT_ArenaAlloc(arena, entry->len);
- } else {
- entry->data = (unsigned char *)PORT_Alloc(entry->len);
- }
-
- if ( entry->data == NULL ) {
- goto loser;
- }
-
- /* first length of oid */
- entry->data[0] = (unsigned char)oidData->oid.len;
- /* next oid itself */
- PORT_Memcpy(&entry->data[1], oidData->oid.data, oidData->oid.len);
- /* finally the encrypted check string */
- PORT_Memcpy(&entry->data[1+oidData->oid.len], encCheck->data,
- encCheck->len);
-
- return(SECSuccess);
-
-loser:
- return(SECFailure);
-}
-
-/*
- * Set up the password checker in the key database.
- * This is done by encrypting a known plaintext with the user's key.
- */
-SECStatus
-SECKEY_SetKeyDBPasswordAlg(SECKEYKeyDBHandle *handle,
- SECItem *pwitem, SECOidTag algorithm)
-{
- DBT checkkey;
- SECAlgorithmID *algid = NULL;
- SECStatus rv = SECFailure;
- SECKEYDBKey *dbkey = NULL;
- PLArenaPool *arena;
- SECItem *key = NULL, *salt = NULL;
- SECItem *dest = NULL, test_key;
-
- if (handle == NULL) {
- return(SECFailure);
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- rv = SECFailure;
- goto loser;
- }
-
- dbkey = (SECKEYDBKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYDBKey));
- if ( dbkey == NULL ) {
- rv = SECFailure;
- goto loser;
- }
-
- dbkey->arena = arena;
-
- /* encrypt key */
- checkkey.data = test_key.data = (unsigned char *)KEYDB_PW_CHECK_STRING;
- checkkey.size = test_key.len = KEYDB_PW_CHECK_LEN;
-
- salt = seckey_create_rc4_salt();
- if(salt == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- switch(algorithm)
- {
- case SEC_OID_RC4:
- key = seckey_create_rc4_key(pwitem, salt);
- if(key != NULL)
- {
- dest = seckey_rc4_cipher(key, &test_key, PR_TRUE);
- SECITEM_FreeItem(key, PR_TRUE);
- }
- break;
- default:
- algid = SEC_PKCS5CreateAlgorithmID(algorithm, salt, 1);
- if(algid != NULL)
- dest = SEC_PKCS5CipherData(algid, pwitem, &test_key,
- PR_TRUE, NULL);
- break;
- }
-
- if(dest != NULL)
- {
- rv = SECITEM_CopyItem(arena, &dbkey->salt, salt);
- if(rv == SECFailure)
- goto loser;
-
- rv = encodePWCheckEntry(arena, &dbkey->derPK, algorithm, dest);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- rv = put_dbkey(handle, &checkkey, dbkey, PR_TRUE);
- } else {
- rv = SECFailure;
- }
-
- /* let success fall through */
-loser:
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_TRUE);
- }
-
- if ( dest != NULL ) {
- SECITEM_ZfreeItem(dest, PR_TRUE);
- }
-
- if ( salt != NULL ) {
- SECITEM_ZfreeItem(salt, PR_TRUE);
- }
-
- return(rv);
-}
-
-/*
- * check to see if the user has typed the right password
- */
-SECStatus
-SECKEY_CheckKeyDBPassword(SECKEYKeyDBHandle *handle, SECItem *pwitem)
-{
- DBT checkkey;
- SECAlgorithmID *algid = NULL;
- SECStatus rv = SECFailure;
- SECKEYDBKey *dbkey = NULL;
- SECItem *key = NULL;
- SECItem *dest = NULL;
- SECOidTag algorithm;
- SECItem oid;
- SECItem encstring;
- PRBool update = PR_FALSE;
-
- if (handle == NULL) {
- goto loser;
- }
-
- checkkey.data = KEYDB_PW_CHECK_STRING;
- checkkey.size = KEYDB_PW_CHECK_LEN;
-
- dbkey = get_dbkey(handle, &checkkey);
-
- if ( dbkey == NULL ) {
- goto loser;
- }
-
- /* build the oid item */
- oid.len = dbkey->derPK.data[0];
- oid.data = &dbkey->derPK.data[1];
-
- /* make sure entry is the correct length
- * since we are probably using a block cipher, the block will be
- * padded, so we may get a bit more than the exact size we need.
- */
- if ( dbkey->derPK.len < (KEYDB_PW_CHECK_LEN + 1 + oid.len ) ) {
- goto loser;
- }
-
- /* find the algorithm tag */
- algorithm = SECOID_FindOIDTag(&oid);
-
- /* make a secitem of the encrypted check string */
- encstring.len = dbkey->derPK.len - ( oid.len + 1 );
- encstring.data = &dbkey->derPK.data[oid.len+1];
-
- switch(algorithm)
- {
- case SEC_OID_RC4:
- key = seckey_create_rc4_key(pwitem, &dbkey->salt);
- if(key != NULL) {
- dest = seckey_rc4_cipher(key, &encstring, PR_FALSE);
- SECITEM_FreeItem(key, PR_TRUE);
- }
- break;
- default:
- algid = SEC_PKCS5CreateAlgorithmID(algorithm,
- &dbkey->salt, 1);
- if(algid != NULL) {
- /* Decrypt - this function implements a workaround for
- * a previous coding error. It will decrypt values using
- * DES rather than 3DES, if the initial try at 3DES
- * decryption fails. In this case, the update flag is
- * set to TRUE. This indication is used later to force
- * an update of the database to "real" 3DES encryption.
- */
- dest = SEC_PKCS5CipherData(algid, pwitem,
- &encstring, PR_FALSE, &update);
- SECOID_DestroyAlgorithmID(algid, PR_TRUE);
- }
- break;
- }
-
- if(dest == NULL) {
- goto loser;
- }
-
- if ((dest->len == KEYDB_PW_CHECK_LEN) &&
- (PORT_Memcmp(dest->data,
- KEYDB_PW_CHECK_STRING, KEYDB_PW_CHECK_LEN) == 0)) {
- rv = SECSuccess;
- /* we succeeded */
- if ( algorithm == SEC_OID_RC4 ) {
- /* partially updated database */
- SECKEY_UpdateKeyDBPass2(handle, pwitem);
- }
- /* Force an update of the password to remove the incorrect DES
- * encryption (see the note above)
- */
- if (update &&
- (algorithm == SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC)) {
- /* data base was encoded with DES not triple des, fix it */
- SECKEY_UpdateKeyDBPass2(handle,pwitem);
- }
- }
-
-loser:
- sec_destroy_dbkey(dbkey);
- if(dest != NULL) {
- SECITEM_ZfreeItem(dest, PR_TRUE);
- }
-
- return(rv);
-}
-
-/*
- * Change the database password and/or algorithm. This internal
- * routine does not check the old password. That must be done by
- * the caller.
- */
-static SECStatus
-ChangeKeyDBPasswordAlg(SECKEYKeyDBHandle *handle,
- SECItem *oldpwitem, SECItem *newpwitem,
- SECOidTag new_algorithm)
-{
- SECStatus rv;
- keyList keylist;
- keyNode *node = NULL;
- SECKEYLowPrivateKey *privkey = NULL;
- char *nickname;
- DBT newkey;
- int ret;
-
- /* traverse the database, collecting the keys of all records */
- keylist.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( keylist.arena == NULL )
- {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return(SECFailure);
- }
- keylist.head = NULL;
-
- /* TNH - TraverseKeys should not be public, since it exposes
- the underlying DBT data type. */
- rv = SECKEY_TraverseKeys(handle, sec_add_key_to_list, (void *)&keylist);
- if ( rv != SECSuccess )
- goto loser;
-
- /* walk the list, re-encrypting each entry */
- node = keylist.head;
- while ( node != NULL )
- {
- privkey = seckey_get_private_key(handle, &node->key, &nickname,
- oldpwitem);
-
- if (privkey == NULL) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- rv = SECFailure;
- goto loser;
- }
-
- /* delete the old record */
- ret = (* handle->db->del)(handle->db, &node->key, 0);
- if ( ret ) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- rv = SECFailure;
- goto loser;
- }
-
- /* get the public key, which we use as the database index */
-
- switch (privkey->keyType) {
- case rsaKey:
- newkey.data = privkey->u.rsa.modulus.data;
- newkey.size = privkey->u.rsa.modulus.len;
- break;
- case dsaKey:
- newkey.data = privkey->u.dsa.publicValue.data;
- newkey.size = privkey->u.dsa.publicValue.len;
- break;
- case dhKey:
- newkey.data = privkey->u.dh.publicValue.data;
- newkey.size = privkey->u.dh.publicValue.len;
- break;
- default:
- /* XXX We don't do Fortezza. */
- return SECFailure;
- }
-
- rv = seckey_put_private_key(handle, &newkey, newpwitem, privkey,
- nickname, PR_TRUE, new_algorithm);
-
- if ( rv != SECSuccess )
- {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- rv = SECFailure;
- goto loser;
- }
-
- /* next node */
- node = node->next;
- }
-
- rv = SECKEY_SetKeyDBPasswordAlg(handle, newpwitem, new_algorithm);
-
-loser:
-
- /* free the arena */
- if ( keylist.arena ) {
- PORT_FreeArena(keylist.arena, PR_FALSE);
- }
-
- return(rv);
-}
-
-/*
- * Re-encrypt the entire key database with a new password.
- * NOTE: The really should create a new database rather than doing it
- * in place in the original
- */
-SECStatus
-SECKEY_ChangeKeyDBPasswordAlg(SECKEYKeyDBHandle *handle,
- SECItem *oldpwitem, SECItem *newpwitem,
- SECOidTag new_algorithm)
-{
- SECStatus rv;
-
- if (handle == NULL) {
- PORT_SetError(SEC_ERROR_BAD_DATABASE);
- rv = SECFailure;
- goto loser;
- }
-
- rv = SECKEY_CheckKeyDBPassword(handle, oldpwitem);
- if ( rv != SECSuccess ) {
- return(SECFailure); /* return rv? */
- }
-
- rv = ChangeKeyDBPasswordAlg(handle, oldpwitem, newpwitem, new_algorithm);
-
-loser:
- return(rv);
-}
-
-/*
- * Second pass of updating the key db. This time we have a password.
- */
-SECStatus
-SECKEY_UpdateKeyDBPass2(SECKEYKeyDBHandle *handle, SECItem *pwitem)
-{
- SECStatus rv;
-
- rv = ChangeKeyDBPasswordAlg(handle, pwitem, pwitem,
- SECKEY_GetDefaultKeyDBAlg());
-
- return(rv);
-}
-
-/*
- * currently updates key database from v2 to v3
- */
-SECStatus
-SECKEY_UpdateKeyDBPass1(SECKEYKeyDBHandle *handle)
-{
- SECStatus rv;
- DBT versionKey;
- DBT versionData;
- DBT checkKey;
- DBT checkData;
- DBT saltKey;
- DBT saltData;
- DBT key;
- DBT data;
- SECItem *rc4key = NULL;
- SECKEYDBKey *dbkey = NULL;
- SECItem *oldSalt = NULL;
- int ret;
- SECItem checkitem;
-
- if ( handle->updatedb == NULL ) {
- return(SECSuccess);
- }
-
- /*
- * check the version record
- */
- versionKey.data = VERSION_STRING;
- versionKey.size = sizeof(VERSION_STRING)-1;
-
- ret = (* handle->updatedb->get)(handle->updatedb, &versionKey,
- &versionData, 0 );
-
- if (ret) {
- /* no version record, so old db never used */
- goto done;
- }
-
- if ( ( versionData.size != 1 ) ||
- ( *((unsigned char *)versionData.data) != 2 ) ) {
- /* corrupt or wrong version number so don't update */
- goto done;
- }
-
- saltKey.data = SALT_STRING;
- saltKey.size = sizeof(SALT_STRING) - 1;
-
- ret = (* handle->updatedb->get)(handle->updatedb, &saltKey, &saltData, 0);
- if ( ret ) {
- /* no salt in old db, so it is corrupted */
- goto done;
- }
-
- oldSalt = decodeKeyDBGlobalSalt(&saltData);
- if ( oldSalt == NULL ) {
- /* bad salt in old db, so it is corrupted */
- goto done;
- }
-
- /*
- * look for a pw check entry
- */
- checkKey.data = KEYDB_PW_CHECK_STRING;
- checkKey.size = KEYDB_PW_CHECK_LEN;
-
- rv = (SECStatus)(* handle->updatedb->get)(handle->updatedb, &checkKey,
- &checkData, 0 );
- if (rv) {
- /* no pw check, so old db never used */
- goto done;
- }
-
- dbkey = decode_dbkey(&checkData, 2);
- if ( dbkey == NULL ) {
- goto done;
- }
-
- /* put global salt into the new database now */
- ret = (* handle->db->put)( handle->db, &saltKey, &saltData, 0);
- if ( ret ) {
- goto done;
- }
-
- checkitem = dbkey->derPK;
- dbkey->derPK.data = NULL;
-
- /* format the new pw check entry */
- rv = encodePWCheckEntry(NULL, &dbkey->derPK, SEC_OID_RC4, &checkitem);
- if ( rv != SECSuccess ) {
- goto done;
- }
-
- rv = put_dbkey(handle, &checkKey, dbkey, PR_TRUE);
- if ( rv != SECSuccess ) {
- goto done;
- }
-
- /* free the dbkey */
- sec_destroy_dbkey(dbkey);
- dbkey = NULL;
-
- /* now traverse the database */
- ret = (* handle->updatedb->seq)(handle->updatedb, &key, &data, R_FIRST);
- if ( ret ) {
- goto done;
- }
-
- do {
- /* skip version record */
- if ( data.size > 1 ) {
- /* skip salt */
- if ( key.size == ( sizeof(SALT_STRING) - 1 ) ) {
- if ( PORT_Memcmp(key.data, SALT_STRING, key.size) == 0 ) {
- continue;
- }
- }
- /* skip pw check entry */
- if ( key.size == checkKey.size ) {
- if ( PORT_Memcmp(key.data, checkKey.data, key.size) == 0 ) {
- continue;
- }
- }
-
- /* keys stored by nickname will have 0 as the last byte of the
- * db key. Other keys must be stored by modulus. We will not
- * update those because they are left over from a keygen that
- * never resulted in a cert.
- */
- if ( ((unsigned char *)key.data)[key.size-1] != 0 ) {
- continue;
- }
-
- dbkey = decode_dbkey(&data, 2);
- if ( dbkey == NULL ) {
- continue;
- }
-
- /* This puts the key into the new database with the same
- * index (nickname) that it had before. The second pass
- * of the update will have the password. It will decrypt
- * and re-encrypt the entries using a new algorithm.
- */
- dbkey->nickname = (char *)key.data;
- rv = put_dbkey(handle, &key, dbkey, PR_FALSE);
- dbkey->nickname = NULL;
-
- sec_destroy_dbkey(dbkey);
- }
- } while ( (* handle->updatedb->seq)(handle->updatedb, &key, &data,
- R_NEXT) == 0 );
-
- dbkey = NULL;
-
-done:
- /* sync the database */
- ret = (* handle->db->sync)(handle->db, 0);
-
- (* handle->updatedb->close)(handle->updatedb);
- handle->updatedb = NULL;
-
- if ( rc4key ) {
- SECITEM_FreeItem(rc4key, PR_TRUE);
- }
-
- if ( oldSalt ) {
- SECITEM_FreeItem(oldSalt, PR_TRUE);
- }
-
- if ( dbkey ) {
- sec_destroy_dbkey(dbkey);
- }
-
- return(SECSuccess);
-}
-
-/*
- * Clear out all the keys in the existing database
- */
-SECStatus
-SECKEY_ResetKeyDB(SECKEYKeyDBHandle *handle)
-{
- SECStatus rv;
- DBT key;
- DBT data;
- int ret;
- int errors = 0;
-
- if ( handle->db == NULL ) {
- return(SECSuccess);
- }
-
-
- /* now traverse the database */
- ret = (* handle->db->seq)(handle->db, &key, &data, R_FIRST);
- if ( ret ) {
- goto done;
- }
-
- do {
- /* delete each entry */
- ret = (* handle->db->del)(handle->db, &key, 0);
- if ( ret ) errors++;
-
- } while ( (* handle->db->seq)(handle->db, &key, &data,
- R_NEXT) == 0 );
- rv = makeGlobalVersion(handle);
- if ( rv != SECSuccess ) {
- errors++;
- goto done;
- }
-
- rv = makeGlobalSalt(handle);
- if ( rv != SECSuccess ) {
- errors++;
- goto done;
- }
-
- if (handle->global_salt) {
- SECITEM_FreeItem(handle->global_salt,PR_TRUE);
- }
- handle->global_salt = GetKeyDBGlobalSalt(handle);
-
-done:
- /* sync the database */
- ret = (* handle->db->sync)(handle->db, 0);
-
- return (errors == 0 ? SECSuccess : SECFailure);
-}
diff --git a/security/nss/lib/softoken/keydbt.h b/security/nss/lib/softoken/keydbt.h
deleted file mode 100644
index 1b781b939..000000000
--- a/security/nss/lib/softoken/keydbt.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * keydbt.h - private data structures for the private key library
- *
- * $Id$
- */
-
-#ifndef _KEYDBT_H_
-#define _KEYDBT_H_
-
-#include "prtypes.h"
-#include "plarena.h"
-#include "secitem.h"
-#include "secasn1t.h"
-#include "secmodt.h"
-#include "pkcs11t.h"
-
-
-/*
- * a key in/for the data base
- */
-struct SECKEYDBKeyStr {
- PLArenaPool *arena;
- int version;
- char *nickname;
- SECItem salt;
- SECItem derPK;
-};
-typedef struct SECKEYDBKeyStr SECKEYDBKey;
-
-typedef struct SECKEYKeyDBHandleStr SECKEYKeyDBHandle;
-
-#define PRIVATE_KEY_DB_FILE_VERSION 3
-
-#define SEC_PRIVATE_KEY_VERSION 0 /* what we *create* */
-
-/*
-** Typedef for callback to get a password "key".
-*/
-typedef SECItem * (* SECKEYGetPasswordKey)(void *arg,
- SECKEYKeyDBHandle *handle);
-
-extern const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[];
-extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[];
-extern const SEC_ASN1Template SECKEY_RSAPrivateKeyTemplate[];
-extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[];
-extern const SEC_ASN1Template SECKEY_DSAPrivateKeyTemplate[];
-extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[];
-extern const SEC_ASN1Template SECKEY_DHPrivateKeyTemplate[];
-extern const SEC_ASN1Template SECKEY_DHPrivateKeyExportTemplate[];
-extern const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[];
-extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[];
-extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[];
-extern const SEC_ASN1Template SECKEY_PointerToEncryptedPrivateKeyInfoTemplate[];
-extern const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[];
-extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[];
-extern const SEC_ASN1Template SECKEY_AttributeTemplate[];
-
-#endif /* _KEYDBT_H_ */
diff --git a/security/nss/lib/softoken/keylow.h b/security/nss/lib/softoken/keylow.h
deleted file mode 100644
index dc84ed426..000000000
--- a/security/nss/lib/softoken/keylow.h
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * key.h - public data structures and prototypes for the private key library
- *
- * $Id$
- */
-
-#ifndef _KEYLOW_H_
-#define _KEYLOW_H_
-
-#include "prtypes.h"
-#include "seccomon.h"
-#include "keydbt.h"
-#include "secoidt.h"
-#include "certt.h"
-#include "keythi.h"
-
-SEC_BEGIN_PROTOS
-
-typedef char * (* SECKEYDBNameFunc)(void *arg, int dbVersion);
-
-/*
-** Open a key database.
-*/
-extern SECKEYKeyDBHandle *SECKEY_OpenKeyDB(PRBool readOnly,
- SECKEYDBNameFunc namecb,
- void *cbarg);
-
-extern SECKEYKeyDBHandle *SECKEY_OpenKeyDBFilename(char *filename,
- PRBool readOnly);
-
-/*
-** Update the database
-*/
-extern SECStatus SECKEY_UpdateKeyDBPass1(SECKEYKeyDBHandle *handle);
-extern SECStatus SECKEY_UpdateKeyDBPass2(SECKEYKeyDBHandle *handle,
- SECItem *pwitem);
-
-/*
- * Clear out all the keys in the existing database
- */
-extern SECStatus SECKEY_ResetKeyDB(SECKEYKeyDBHandle *handle);
-
-/*
-** Close the specified key database.
-*/
-extern void SECKEY_CloseKeyDB(SECKEYKeyDBHandle *handle);
-
-/*
- * Get the version number of the database
- */
-extern int SECKEY_GetKeyDBVersion(SECKEYKeyDBHandle *handle);
-
-/*
-** Support a default key database.
-*/
-extern void SECKEY_SetDefaultKeyDB(SECKEYKeyDBHandle *handle);
-extern SECKEYKeyDBHandle *SECKEY_GetDefaultKeyDB(void);
-
-/* set the alg id of the key encryption algorithm */
-extern void SECKEY_SetDefaultKeyDBAlg(SECOidTag alg);
-
-/*
- * given a password and salt, produce a hash of the password
- */
-extern SECItem *SECKEY_HashPassword(char *pw, SECItem *salt);
-
-/*
- * Derive the actual password value for a key database from the
- * password string value. The derivation uses global salt value
- * stored in the key database.
- */
-extern SECItem *
-SECKEY_DeriveKeyDBPassword(SECKEYKeyDBHandle *handle, char *pw);
-
-/*
-** Delete a key from the database
-*/
-extern SECStatus SECKEY_DeleteKey(SECKEYKeyDBHandle *handle,
- SECItem *pubkey);
-
-/*
-** Store a key in the database, indexed by its public key modulus.
-** "pk" is the private key to store
-** "f" is a the callback function for getting the password
-** "arg" is the argument for the callback
-*/
-extern SECStatus SECKEY_StoreKeyByPublicKey(SECKEYKeyDBHandle *handle,
- SECKEYLowPrivateKey *pk,
- SECItem *pubKeyData,
- char *nickname,
- SECKEYGetPasswordKey f, void *arg);
-
-/* does the key for this cert exist in the database filed by modulus */
-extern SECStatus SECKEY_KeyForCertExists(SECKEYKeyDBHandle *handle,
- CERTCertificate *cert);
-
-SECKEYLowPrivateKey *
-SECKEY_FindKeyByCert(SECKEYKeyDBHandle *handle, CERTCertificate *cert,
- SECKEYGetPasswordKey f, void *arg);
-
-extern SECStatus SECKEY_HasKeyDBPassword(SECKEYKeyDBHandle *handle);
-extern SECStatus SECKEY_SetKeyDBPassword(SECKEYKeyDBHandle *handle,
- SECItem *pwitem);
-extern SECStatus SECKEY_CheckKeyDBPassword(SECKEYKeyDBHandle *handle,
- SECItem *pwitem);
-extern SECStatus SECKEY_ChangeKeyDBPassword(SECKEYKeyDBHandle *handle,
- SECItem *oldpwitem,
- SECItem *newpwitem);
-
-/*
-** Destroy a private key object.
-** "key" the object
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void SECKEY_LowDestroyPrivateKey(SECKEYLowPrivateKey *key);
-
-/*
-** Destroy a public key object.
-** "key" the object
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void SECKEY_LowDestroyPublicKey(SECKEYLowPublicKey *key);
-
-/*
-** Return the modulus length of "pubKey".
-*/
-extern unsigned int SECKEY_LowPublicModulusLen(SECKEYLowPublicKey *pubKey);
-
-
-/*
-** Return the modulus length of "privKey".
-*/
-extern unsigned int SECKEY_LowPrivateModulusLen(SECKEYLowPrivateKey *privKey);
-
-
-/*
-** Convert a low private key "privateKey" into a public low key
-*/
-extern SECKEYLowPublicKey
- *SECKEY_LowConvertToPublicKey(SECKEYLowPrivateKey *privateKey);
-
-/*
- * Set the Key Database password.
- * handle is a handle to the key database
- * pwitem is the new password
- * algorithm is the algorithm by which the key database
- * password is to be encrypted.
- * On failure, SECFailure is returned, otherwise SECSuccess is
- * returned.
- */
-extern SECStatus
-SECKEY_SetKeyDBPasswordAlg(SECKEYKeyDBHandle *handle,
- SECItem *pwitem,
- SECOidTag algorithm);
-
-/* Check the key database password.
- * handle is a handle to the key database
- * pwitem is the suspect password
- * algorithm is the algorithm by which the key database
- * password is to be encrypted.
- * The password is checked against plaintext to see if it is the
- * actual password. If it is not, SECFailure is returned.
- */
-extern SECStatus
-SECKEY_CheckKeyDBPasswordAlg(SECKEYKeyDBHandle *handle,
- SECItem *pwitem,
- SECOidTag algorithm);
-
-/* Change the key database password and/or algorithm by which
- * the password is stored with.
- * handle is a handle to the key database
- * old_pwitem is the current password
- * new_pwitem is the new password
- * old_algorithm is the algorithm by which the key database
- * password is currently encrypted.
- * new_algorithm is the algorithm with which the new password
- * is to be encrypted.
- * A return of anything but SECSuccess indicates failure.
- */
-extern SECStatus
-SECKEY_ChangeKeyDBPasswordAlg(SECKEYKeyDBHandle *handle,
- SECItem *oldpwitem, SECItem *newpwitem,
- SECOidTag old_algorithm);
-
-/* Store key by modulus and specify an encryption algorithm to use.
- * handle is the pointer to the key database,
- * privkey is the private key to be stored,
- * f and arg are the function and arguments to the callback
- * to get a password,
- * algorithm is the algorithm which the privKey is to be stored.
- * A return of anything but SECSuccess indicates failure.
- */
-extern SECStatus
-SECKEY_StoreKeyByPublicKeyAlg(SECKEYKeyDBHandle *handle,
- SECKEYLowPrivateKey *privkey,
- SECItem *pubKeyData,
- char *nickname,
- SECKEYGetPasswordKey f, void *arg,
- SECOidTag algorithm);
-
-/* Find key by modulus. This function is the inverse of store key
- * by modulus. An attempt to locate the key with "modulus" is
- * performed. If the key is found, the private key is returned,
- * else NULL is returned.
- * modulus is the modulus to locate
- */
-extern SECKEYLowPrivateKey *
-SECKEY_FindKeyByPublicKey(SECKEYKeyDBHandle *handle, SECItem *modulus,
- SECKEYGetPasswordKey f, void *arg);
-
-/* Make a copy of a low private key in it's own arena.
- * a return of NULL indicates an error.
- */
-extern SECKEYLowPrivateKey *
-SECKEY_CopyLowPrivateKey(SECKEYLowPrivateKey *privKey);
-
-
-SEC_END_PROTOS
-
-#endif /* _KEYLOW_H_ */
diff --git a/security/nss/lib/softoken/keytboth.h b/security/nss/lib/softoken/keytboth.h
deleted file mode 100644
index 50f6b0ebe..000000000
--- a/security/nss/lib/softoken/keytboth.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifndef _KEYTBOTH_H_
-#define _KEYTBOTH_H_ 1
-
-#include "blapit.h"
-#include "secoidt.h"
-
-/*
-** Attributes
-*/
-struct SECKEYAttributeStr {
- SECItem attrType;
- SECItem **attrValue;
-};
-typedef struct SECKEYAttributeStr SECKEYAttribute;
-
-/*
-** A PKCS#8 private key info object
-*/
-struct SECKEYPrivateKeyInfoStr {
- PLArenaPool *arena;
- SECItem version;
- SECAlgorithmID algorithm;
- SECItem privateKey;
- SECKEYAttribute **attributes;
-};
-typedef struct SECKEYPrivateKeyInfoStr SECKEYPrivateKeyInfo;
-#define SEC_PRIVATE_KEY_INFO_VERSION 0 /* what we *create* */
-
-/*
-** A PKCS#8 private key info object
-*/
-struct SECKEYEncryptedPrivateKeyInfoStr {
- PLArenaPool *arena;
- SECAlgorithmID algorithm;
- SECItem encryptedData;
-};
-typedef struct SECKEYEncryptedPrivateKeyInfoStr SECKEYEncryptedPrivateKeyInfo;
-
-
-struct DiffPQGParamsStr {
- PQGParams DiffKEAParams;
- PQGParams DiffDSAParams;
-};
-typedef struct DiffPQGParamsStr DiffPQGParams;
-
-struct PQGDualParamsStr {
- PQGParams CommParams;
- DiffPQGParams DiffParams;
-};
-typedef struct PQGDualParamsStr PQGDualParams;
-
-
-struct KEAParamsStr {
- PLArenaPool *arena;
- SECItem hash;
-};
-typedef struct KEAParamsStr KEAParams;
-
-struct KEAPublicKeyStr {
- KEAParams params;
- SECItem publicValue;
-};
-typedef struct KEAPublicKeyStr KEAPublicKey;
-
-
-
-#endif /* _KEYT_H_ */
diff --git a/security/nss/lib/softoken/keytlow.h b/security/nss/lib/softoken/keytlow.h
deleted file mode 100644
index 0b47ceb99..000000000
--- a/security/nss/lib/softoken/keytlow.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifndef _KEYTLOW_H_
-#define _KEYTLOW_H_ 1
-
-#include "blapit.h"
-
-typedef enum {
- nullKey,
- rsaKey,
- dsaKey,
- fortezzaKey,
- dhKey,
- keaKey
-} KeyType;
-
-struct FortezzaPublicKeyStr {
- int KEAversion;
- int DSSversion;
- unsigned char KMID[8];
- SECItem clearance;
- SECItem KEApriviledge;
- SECItem DSSpriviledge;
- SECItem KEAKey;
- SECItem DSSKey;
- PQGParams params;
- PQGParams keaParams;
-};
-typedef struct FortezzaPublicKeyStr FortezzaPublicKey;
-
-struct FortezzaPrivateKeyStr {
- int certificate;
- unsigned char serial[8];
- int socket;
-};
-typedef struct FortezzaPrivateKeyStr FortezzaPrivateKey;
-
-/*
-** An RSA public key object.
-*/
-struct SECKEYLowPublicKeyStr {
- PLArenaPool *arena;
- KeyType keyType ;
- union {
- RSAPublicKey rsa;
- DSAPublicKey dsa;
- DHPublicKey dh;
- } u;
-};
-typedef struct SECKEYLowPublicKeyStr SECKEYLowPublicKey;
-
-/*
-** Low Level private key object
-** This is only used by the raw Crypto engines (crypto), keydb (keydb),
-** and PKCS #11. Everyone else uses the high level key structure.
-*/
-struct SECKEYLowPrivateKeyStr {
- PLArenaPool *arena;
- KeyType keyType;
- union {
- RSAPrivateKey rsa;
- DSAPrivateKey dsa;
- DHPrivateKey dh;
- FortezzaPrivateKey fortezza; /* includes DSA and KEA private
- keys used with fortezza */
- } u;
-};
-typedef struct SECKEYLowPrivateKeyStr SECKEYLowPrivateKey;
-
-#endif /* _KEYTLOW_H_ */
diff --git a/security/nss/lib/softoken/lowkey.c b/security/nss/lib/softoken/lowkey.c
deleted file mode 100644
index 653b18785..000000000
--- a/security/nss/lib/softoken/lowkey.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "keylow.h"
-#include "secoid.h"
-#include "secitem.h"
-#include "secder.h"
-#include "base64.h"
-#include "secasn1.h"
-#include "cert.h"
-#include "secerr.h"
-
-
-const SEC_ASN1Template SECKEY_RSAPrivateKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPrivateKey) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.rsa.version) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.rsa.modulus) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.rsa.publicExponent) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.rsa.privateExponent) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.rsa.prime1) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.rsa.prime2) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.rsa.exponent1) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.rsa.exponent2) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.rsa.coefficient) },
- { 0 }
-};
-
-
-const SEC_ASN1Template SECKEY_DSAPrivateKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYLowPrivateKey) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dsa.publicValue) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dsa.privateValue) },
- { 0, }
-};
-
-const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dsa.privateValue) },
-};
-
-const SEC_ASN1Template SECKEY_DHPrivateKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYLowPrivateKey) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.publicValue) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.privateValue) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.base) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.prime) },
- { 0, }
-};
-
-const SEC_ASN1Template SECKEY_DHPrivateKeyExportTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.privateValue) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.base) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.prime) },
-};
-
-void
-SECKEY_LowDestroyPrivateKey(SECKEYLowPrivateKey *privk)
-{
- if (privk && privk->arena) {
- PORT_FreeArena(privk->arena, PR_TRUE);
- }
-}
-
-void
-SECKEY_LowDestroyPublicKey(SECKEYLowPublicKey *pubk)
-{
- if (pubk && pubk->arena) {
- PORT_FreeArena(pubk->arena, PR_FALSE);
- }
-}
-unsigned
-SECKEY_LowPublicModulusLen(SECKEYLowPublicKey *pubk)
-{
- unsigned char b0;
-
- /* interpret modulus length as key strength... in
- * fortezza that's the public key length */
-
- switch (pubk->keyType) {
- case rsaKey:
- b0 = pubk->u.rsa.modulus.data[0];
- return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
- default:
- break;
- }
- return 0;
-}
-
-unsigned
-SECKEY_LowPrivateModulusLen(SECKEYLowPrivateKey *privk)
-{
-
- unsigned char b0;
-
- switch (privk->keyType) {
- case rsaKey:
- b0 = privk->u.rsa.modulus.data[0];
- return b0 ? privk->u.rsa.modulus.len : privk->u.rsa.modulus.len - 1;
- default:
- break;
- }
- return 0;
-}
-
-SECKEYLowPublicKey *
-SECKEY_LowConvertToPublicKey(SECKEYLowPrivateKey *privk)
-{
- SECKEYLowPublicKey *pubk;
- PLArenaPool *arena;
-
-
- arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- switch(privk->keyType) {
- case rsaKey:
- case nullKey:
- pubk = (SECKEYLowPublicKey *)PORT_ArenaZAlloc(arena,
- sizeof (SECKEYLowPublicKey));
- if (pubk != NULL) {
- SECStatus rv;
-
- pubk->arena = arena;
- pubk->keyType = privk->keyType;
- if (privk->keyType == nullKey) return pubk;
- rv = SECITEM_CopyItem(arena, &pubk->u.rsa.modulus,
- &privk->u.rsa.modulus);
- if (rv == SECSuccess) {
- rv = SECITEM_CopyItem (arena, &pubk->u.rsa.publicExponent,
- &privk->u.rsa.publicExponent);
- if (rv == SECSuccess)
- return pubk;
- }
- SECKEY_LowDestroyPublicKey (pubk);
- } else {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- }
- break;
- case dsaKey:
- pubk = (SECKEYLowPublicKey *)PORT_ArenaZAlloc(arena,
- sizeof(SECKEYLowPublicKey));
- if (pubk != NULL) {
- SECStatus rv;
-
- pubk->arena = arena;
- pubk->keyType = privk->keyType;
- rv = SECITEM_CopyItem(arena, &pubk->u.dsa.publicValue,
- &privk->u.dsa.publicValue);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
- &privk->u.dsa.params.prime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
- &privk->u.dsa.params.subPrime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
- &privk->u.dsa.params.base);
- if (rv == SECSuccess) return pubk;
- }
- break;
- case dhKey:
- pubk = (SECKEYLowPublicKey *)PORT_ArenaZAlloc(arena,
- sizeof(SECKEYLowPublicKey));
- if (pubk != NULL) {
- SECStatus rv;
-
- pubk->arena = arena;
- pubk->keyType = privk->keyType;
- rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
- &privk->u.dh.publicValue);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &pubk->u.dh.prime,
- &privk->u.dh.prime);
- if (rv != SECSuccess) break;
- rv = SECITEM_CopyItem(arena, &pubk->u.dh.base,
- &privk->u.dh.base);
- if (rv == SECSuccess) return pubk;
- }
- break;
- /* No Fortezza in Low Key implementations (Fortezza keys aren't
- * stored in our data base */
- default:
- break;
- }
-
- PORT_FreeArena (arena, PR_FALSE);
- return NULL;
-}
-
-SECKEYLowPrivateKey *
-SECKEY_CopyLowPrivateKey(SECKEYLowPrivateKey *privKey)
-{
- SECKEYLowPrivateKey *returnKey = NULL;
- SECStatus rv = SECFailure;
- PLArenaPool *poolp;
-
- if(!privKey) {
- return NULL;
- }
-
- poolp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if(!poolp) {
- return NULL;
- }
-
- returnKey = (SECKEYLowPrivateKey*)PORT_ArenaZAlloc(poolp, sizeof(SECKEYLowPrivateKey));
- if(!returnKey) {
- rv = SECFailure;
- goto loser;
- }
-
- returnKey->keyType = privKey->keyType;
- returnKey->arena = poolp;
-
- switch(privKey->keyType) {
- case rsaKey:
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.modulus),
- &(privKey->u.rsa.modulus));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.version),
- &(privKey->u.rsa.version));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.publicExponent),
- &(privKey->u.rsa.publicExponent));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.privateExponent),
- &(privKey->u.rsa.privateExponent));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime1),
- &(privKey->u.rsa.prime1));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime2),
- &(privKey->u.rsa.prime2));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent1),
- &(privKey->u.rsa.exponent1));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent2),
- &(privKey->u.rsa.exponent2));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.coefficient),
- &(privKey->u.rsa.coefficient));
- if(rv != SECSuccess) break;
- break;
- case dsaKey:
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.publicValue),
- &(privKey->u.dsa.publicValue));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.privateValue),
- &(privKey->u.dsa.privateValue));
- if(rv != SECSuccess) break;
- returnKey->u.dsa.params.arena = poolp;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.prime),
- &(privKey->u.dsa.params.prime));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.subPrime),
- &(privKey->u.dsa.params.subPrime));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.base),
- &(privKey->u.dsa.params.base));
- if(rv != SECSuccess) break;
- break;
- case dhKey:
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.publicValue),
- &(privKey->u.dh.publicValue));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.privateValue),
- &(privKey->u.dh.privateValue));
- if(rv != SECSuccess) break;
- returnKey->u.dsa.params.arena = poolp;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.prime),
- &(privKey->u.dh.prime));
- if(rv != SECSuccess) break;
- rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.base),
- &(privKey->u.dh.base));
- if(rv != SECSuccess) break;
- break;
- case fortezzaKey:
- returnKey->u.fortezza.certificate =
- privKey->u.fortezza.certificate;
- returnKey->u.fortezza.socket =
- privKey->u.fortezza.socket;
- PORT_Memcpy(returnKey->u.fortezza.serial,
- privKey->u.fortezza.serial, 8);
- rv = SECSuccess;
- break;
- default:
- rv = SECFailure;
- }
-
-loser:
-
- if(rv != SECSuccess) {
- PORT_FreeArena(poolp, PR_TRUE);
- returnKey = NULL;
- }
-
- return returnKey;
-}
diff --git a/security/nss/lib/softoken/manifest.mn b/security/nss/lib/softoken/manifest.mn
deleted file mode 100644
index 75d5e9fc2..000000000
--- a/security/nss/lib/softoken/manifest.mn
+++ /dev/null
@@ -1,77 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-MODULE = security
-
-REQUIRES = dbm
-
-LIBRARY_NAME = softoken
-
-
-EXPORTS = \
- keydbt.h \
- keylow.h \
- keytboth.h \
- keytlow.h \
- secpkcs5.h \
- pkcs11.h \
- pkcs11f.h \
- pkcs11p.h \
- pkcs11t.h \
- pkcs11u.h \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- alghmac.h \
- pkcs11i.h \
- softoken.h \
- softoknt.h \
- $(NULL)
-
-CSRCS = \
- alghmac.c \
- rsawrapr.c \
- pkcs11.c \
- pkcs11c.c \
- pkcs11u.c \
- secpkcs5.c \
- keydb.c \
- lowkey.c \
- padbuf.c \
- fipstest.c \
- fipstokn.c \
- rawhash.c \
- $(NULL)
-
-
diff --git a/security/nss/lib/softoken/padbuf.c b/security/nss/lib/softoken/padbuf.c
deleted file mode 100644
index a4e28947a..000000000
--- a/security/nss/lib/softoken/padbuf.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "blapit.h"
-#include "secport.h"
-#include "secerr.h"
-
-/*
- * Prepare a buffer for DES encryption, growing to the appropriate boundary,
- * filling with the appropriate padding.
- *
- * NOTE: If arena is non-NULL, we re-allocate from there, otherwise
- * we assume (and use) XP memory (re)allocation.
- */
-unsigned char *
-DES_PadBuffer(PRArenaPool *arena, unsigned char *inbuf, unsigned int inlen,
- unsigned int *outlen)
-{
- unsigned char *outbuf;
- unsigned int des_len;
- unsigned int i;
- unsigned char des_pad_len;
-
- /*
- * We need from 1 to DES_KEY_LENGTH bytes -- we *always* grow.
- * The extra bytes contain the value of the length of the padding:
- * if we have 2 bytes of padding, then the padding is "0x02, 0x02".
- */
- des_len = (inlen + DES_KEY_LENGTH) & ~(DES_KEY_LENGTH - 1);
-
- if (arena != NULL) {
- outbuf = (unsigned char*)PORT_ArenaGrow (arena, inbuf, inlen, des_len);
- } else {
- outbuf = (unsigned char*)PORT_Realloc (inbuf, des_len);
- }
-
- if (outbuf == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- des_pad_len = des_len - inlen;
- for (i = inlen; i < des_len; i++)
- outbuf[i] = des_pad_len;
-
- *outlen = des_len;
- return outbuf;
-}
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
deleted file mode 100644
index fc70b782a..000000000
--- a/security/nss/lib/softoken/pkcs11.c
+++ /dev/null
@@ -1,4031 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * This file implements PKCS 11 on top of our existing security modules
- *
- * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
- * This implementation has two slots:
- * slot 1 is our generic crypto support. It does not require login.
- * It supports Public Key ops, and all they bulk ciphers and hashes.
- * It can also support Private Key ops for imported Private keys. It does
- * not have any token storage.
- * slot 2 is our private key support. It requires a login before use. It
- * can store Private Keys and Certs as token objects. Currently only private
- * keys and their associated Certificates are saved on the token.
- *
- * In this implementation, session objects are only visible to the session
- * that created or generated them.
- */
-#include "seccomon.h"
-#include "secitem.h"
-#include "pkcs11.h"
-#include "pkcs11i.h"
-#include "softoken.h"
-#include "cert.h"
-#include "keylow.h"
-#include "blapi.h"
-#include "secder.h"
-#include "secport.h"
-#include "certdb.h"
-
-#include "private.h"
-
-
-/*
- * ******************** Static data *******************************
- */
-
-/* The next three strings must be exactly 32 characters long */
-static char *manufacturerID = "Netscape Communications Corp ";
-static char *libraryDescription = "Communicator Internal Crypto Svc";
-static char *tokDescription = "Communicator Generic Crypto Svcs";
-static char *privTokDescription = "Communicator Certificate DB ";
-/* The next two strings must be exactly 64 characters long, with the
- first 32 characters meaningful */
-static char *slotDescription =
- "Communicator Internal Cryptographic Services Version 4.0 ";
-static char *privSlotDescription =
- "Communicator User Private Key and Certificate Services ";
-static int minimumPinLen = 0;
-
-#define __PASTE(x,y) x##y
-
-/*
- * we renamed all our internal functions, get the correct
- * definitions for them...
- */
-#undef CK_PKCS11_FUNCTION_INFO
-#undef CK_NEED_ARG_LIST
-
-#define CK_EXTERN extern
-#define CK_PKCS11_FUNCTION_INFO(func) \
- CK_RV __PASTE(NS,func)
-#define CK_NEED_ARG_LIST 1
-
-#include "pkcs11f.h"
-
-
-
-/* build the crypto module table */
-static CK_FUNCTION_LIST pk11_funcList = {
- { 1, 10 },
-
-#undef CK_PKCS11_FUNCTION_INFO
-#undef CK_NEED_ARG_LIST
-
-#define CK_PKCS11_FUNCTION_INFO(func) \
- __PASTE(NS,func),
-#include "pkcs11f.h"
-
-};
-
-#undef CK_PKCS11_FUNCTION_INFO
-#undef CK_NEED_ARG_LIST
-
-
-#undef __PASTE
-
-/* List of DES Weak Keys */
-typedef unsigned char desKey[8];
-static desKey pk11_desWeakTable[] = {
-#ifdef noParity
- /* weak */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e },
- { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 },
- { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
- /* semi-weak */
- { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe },
- { 0xfe, 0x00, 0xfe, 0x00, 0x00, 0xfe, 0x00, 0xfe },
-
- { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 },
- { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e },
-
- { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0x0f, 0x00, 0x0f },
- { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 },
-
- { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe },
- { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e },
-
- { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e },
- { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 },
-
- { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe },
- { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 },
-#else
- /* weak */
- { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
- { 0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e },
- { 0xe0, 0xe0, 0xe0, 0xe0, 0xf1, 0xf1, 0xf1, 0xf1 },
- { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
-
- /* semi-weak */
- { 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe },
- { 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01 },
-
- { 0x1f, 0xe0, 0x1f, 0xe0, 0x0e, 0xf1, 0x0e, 0xf1 },
- { 0xe0, 0x1f, 0xe0, 0x1f, 0xf1, 0x0e, 0xf1, 0x0e },
-
- { 0x01, 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1 },
- { 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1, 0x01 },
-
- { 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe },
- { 0xfe, 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e },
-
- { 0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e },
- { 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e, 0x01 },
-
- { 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe },
- { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1 }
-#endif
-};
-
-
-static int pk11_desWeakTableSize = sizeof(pk11_desWeakTable)/
- sizeof(pk11_desWeakTable[0]);
-
-/* DES KEY Parity conversion table. Takes each byte/2 as an index, returns
- * that byte with the proper parity bit set */
-static unsigned char parityTable[256] = {
-/* Even...0x00,0x02,0x04,0x06,0x08,0x0a,0x0c,0x0e */
-/* E */ 0x01,0x02,0x04,0x07,0x08,0x0b,0x0d,0x0e,
-/* Odd....0x10,0x12,0x14,0x16,0x18,0x1a,0x1c,0x1e */
-/* O */ 0x10,0x13,0x15,0x16,0x19,0x1a,0x1c,0x1f,
-/* Odd....0x20,0x22,0x24,0x26,0x28,0x2a,0x2c,0x2e */
-/* O */ 0x20,0x23,0x25,0x26,0x29,0x2a,0x2c,0x2f,
-/* Even...0x30,0x32,0x34,0x36,0x38,0x3a,0x3c,0x3e */
-/* E */ 0x31,0x32,0x34,0x37,0x38,0x3b,0x3d,0x3e,
-/* Odd....0x40,0x42,0x44,0x46,0x48,0x4a,0x4c,0x4e */
-/* O */ 0x40,0x43,0x45,0x46,0x49,0x4a,0x4c,0x4f,
-/* Even...0x50,0x52,0x54,0x56,0x58,0x5a,0x5c,0x5e */
-/* E */ 0x51,0x52,0x54,0x57,0x58,0x5b,0x5d,0x5e,
-/* Even...0x60,0x62,0x64,0x66,0x68,0x6a,0x6c,0x6e */
-/* E */ 0x61,0x62,0x64,0x67,0x68,0x6b,0x6d,0x6e,
-/* Odd....0x70,0x72,0x74,0x76,0x78,0x7a,0x7c,0x7e */
-/* O */ 0x70,0x73,0x75,0x76,0x79,0x7a,0x7c,0x7f,
-/* Odd....0x80,0x82,0x84,0x86,0x88,0x8a,0x8c,0x8e */
-/* O */ 0x80,0x83,0x85,0x86,0x89,0x8a,0x8c,0x8f,
-/* Even...0x90,0x92,0x94,0x96,0x98,0x9a,0x9c,0x9e */
-/* E */ 0x91,0x92,0x94,0x97,0x98,0x9b,0x9d,0x9e,
-/* Even...0xa0,0xa2,0xa4,0xa6,0xa8,0xaa,0xac,0xae */
-/* E */ 0xa1,0xa2,0xa4,0xa7,0xa8,0xab,0xad,0xae,
-/* Odd....0xb0,0xb2,0xb4,0xb6,0xb8,0xba,0xbc,0xbe */
-/* O */ 0xb0,0xb3,0xb5,0xb6,0xb9,0xba,0xbc,0xbf,
-/* Even...0xc0,0xc2,0xc4,0xc6,0xc8,0xca,0xcc,0xce */
-/* E */ 0xc1,0xc2,0xc4,0xc7,0xc8,0xcb,0xcd,0xce,
-/* Odd....0xd0,0xd2,0xd4,0xd6,0xd8,0xda,0xdc,0xde */
-/* O */ 0xd0,0xd3,0xd5,0xd6,0xd9,0xda,0xdc,0xdf,
-/* Odd....0xe0,0xe2,0xe4,0xe6,0xe8,0xea,0xec,0xee */
-/* O */ 0xe0,0xe3,0xe5,0xe6,0xe9,0xea,0xec,0xef,
-/* Even...0xf0,0xf2,0xf4,0xf6,0xf8,0xfa,0xfc,0xfe */
-/* E */ 0xf1,0xf2,0xf4,0xf7,0xf8,0xfb,0xfd,0xfe,
-};
-
-/* Mechanisms */
-struct mechanismList {
- CK_MECHANISM_TYPE type;
- CK_MECHANISM_INFO domestic;
- PRBool privkey;
-};
-
-/*
- * the following table includes a complete list of mechanism defined by
- * PKCS #11 version 2.01. Those Mechanisms not supported by this PKCS #11
- * module are ifdef'ed out.
- */
-#define CKF_EN_DE CKF_ENCRYPT | CKF_DECRYPT
-#define CKF_WR_UN CKF_WRAP | CKF_UNWRAP
-#define CKF_SN_VR CKF_SIGN | CKF_VERIFY
-#define CKF_SN_RE CKF_SIGN_RECOVER | CKF_VERIFY_RECOVER
-
-#define CKF_EN_DE_WR_UN CKF_EN_DE | CKF_WR_UN
-#define CKF_SN_VR_RE CKF_SN_VR | CKF_SN_RE
-#define CKF_DUZ_IT_ALL CKF_EN_DE_WR_UN | CKF_SN_VR_RE
-
-static struct mechanismList mechanisms[] = {
- /* ------------------------- RSA Operations ---------------------------*/
- {CKM_RSA_PKCS_KEY_PAIR_GEN,{128, 2048, CKF_GENERATE_KEY_PAIR}, PR_TRUE},
- {CKM_RSA_PKCS, { 16, 256, CKF_DUZ_IT_ALL}, PR_TRUE},
-#ifdef PK11_RSA9796_SUPPORTED
- {CKM_RSA_9796, { 16, 256, CKF_DUZ_IT_ALL}, PR_TRUE},
-#endif
- {CKM_RSA_X_509, { 16, 256, CKF_DUZ_IT_ALL}, PR_TRUE},
- /* -------------- RSA Multipart Signing Operations -------------------- */
- {CKM_MD2_RSA_PKCS, {16, 256, CKF_SN_VR}, PR_TRUE},
- {CKM_MD5_RSA_PKCS, {16, 256, CKF_SN_VR}, PR_TRUE},
- {CKM_SHA1_RSA_PKCS, {16, 256, CKF_SN_VR}, PR_TRUE},
- /* ------------------------- DSA Operations --------------------------- */
- {CKM_DSA_KEY_PAIR_GEN, {64, 128, CKF_GENERATE_KEY_PAIR}, PR_TRUE},
- {CKM_DSA, {64, 128, CKF_SN_VR}, PR_TRUE},
- {CKM_DSA_SHA1, {64, 128, CKF_SN_VR}, PR_TRUE},
- /* -------------------- Diffie Hellman Operations --------------------- */
- /* no diffie hellman yet */
- {CKM_DH_PKCS_KEY_PAIR_GEN, {16, 128, CKF_GENERATE_KEY_PAIR}, PR_TRUE},
- {CKM_DH_PKCS_DERIVE, {16, 128, CKF_DERIVE}, PR_TRUE},
- /* ------------------------- RC2 Operations --------------------------- */
- {CKM_RC2_KEY_GEN, {1, 128, CKF_GENERATE}, PR_FALSE},
- {CKM_RC2_ECB, {1, 128, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_RC2_CBC, {1, 128, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_RC2_MAC, {1, 128, CKF_SN_VR}, PR_FALSE},
- {CKM_RC2_MAC_GENERAL, {1, 128, CKF_SN_VR}, PR_FALSE},
- {CKM_RC2_CBC_PAD, {1, 128, CKF_EN_DE_WR_UN}, PR_FALSE},
- /* ------------------------- RC4 Operations --------------------------- */
- {CKM_RC4_KEY_GEN, {1, 256, CKF_GENERATE}, PR_FALSE},
- {CKM_RC4, {1, 256, CKF_EN_DE_WR_UN}, PR_FALSE},
- /* ------------------------- DES Operations --------------------------- */
- {CKM_DES_KEY_GEN, { 8, 8, CKF_GENERATE}, PR_FALSE},
- {CKM_DES_ECB, { 8, 8, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_DES_CBC, { 8, 8, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_DES_MAC, { 8, 8, CKF_SN_VR}, PR_FALSE},
- {CKM_DES_MAC_GENERAL, { 8, 8, CKF_SN_VR}, PR_FALSE},
- {CKM_DES_CBC_PAD, { 8, 8, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_DES2_KEY_GEN, {24, 24, CKF_GENERATE}, PR_FALSE},
- {CKM_DES3_KEY_GEN, {24, 24, CKF_GENERATE}, PR_TRUE },
- {CKM_DES3_ECB, {24, 24, CKF_EN_DE_WR_UN}, PR_TRUE },
- {CKM_DES3_CBC, {24, 24, CKF_EN_DE_WR_UN}, PR_TRUE },
- {CKM_DES3_MAC, {24, 24, CKF_SN_VR}, PR_TRUE },
- {CKM_DES3_MAC_GENERAL, {24, 24, CKF_SN_VR}, PR_TRUE },
- {CKM_DES3_CBC_PAD, {24, 24, CKF_EN_DE_WR_UN}, PR_TRUE },
- /* ------------------------- CDMF Operations --------------------------- */
- {CKM_CDMF_KEY_GEN, {8, 8, CKF_GENERATE}, PR_FALSE},
- {CKM_CDMF_ECB, {8, 8, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_CDMF_CBC, {8, 8, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_CDMF_MAC, {8, 8, CKF_SN_VR}, PR_FALSE},
- {CKM_CDMF_MAC_GENERAL, {8, 8, CKF_SN_VR}, PR_FALSE},
- {CKM_CDMF_CBC_PAD, {8, 8, CKF_EN_DE_WR_UN}, PR_FALSE},
- /* ------------------------- Hashing Operations ----------------------- */
- {CKM_MD2, {0, 0, CKF_DIGEST}, PR_FALSE},
- {CKM_MD2_HMAC, {1, 128, CKF_SN_VR}, PR_FALSE},
- {CKM_MD2_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_FALSE},
- {CKM_MD5, {0, 0, CKF_DIGEST}, PR_FALSE},
- {CKM_MD5_HMAC, {1, 128, CKF_SN_VR}, PR_FALSE},
- {CKM_MD5_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_FALSE},
- {CKM_SHA_1, {0, 0, CKF_DIGEST}, PR_FALSE},
- {CKM_SHA_1_HMAC, {1, 128, CKF_SN_VR}, PR_FALSE},
- {CKM_SHA_1_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_FALSE},
- {CKM_TLS_PRF_GENERAL, {0, 512, CKF_SN_VR}, PR_FALSE},
- /* ------------------------- CAST Operations --------------------------- */
-#ifdef PK11_CAST_SUPPORTED
- /* Cast operations are not supported ( yet? ) */
- {CKM_CAST_KEY_GEN, {1, 8, CKF_GENERATE}, PR_FALSE},
- {CKM_CAST_ECB, {1, 8, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_CAST_CBC, {1, 8, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_CAST_MAC, {1, 8, CKF_SN_VR}, PR_FALSE},
- {CKM_CAST_MAC_GENERAL, {1, 8, CKF_SN_VR}, PR_FALSE},
- {CKM_CAST_CBC_PAD, {1, 8, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_CAST3_KEY_GEN, {1, 16, CKF_GENERATE}, PR_FALSE},
- {CKM_CAST3_ECB, {1, 16, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_CAST3_CBC, {1, 16, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_CAST3_MAC, {1, 16, CKF_SN_VR}, PR_FALSE},
- {CKM_CAST3_MAC_GENERAL, {1, 16, CKF_SN_VR}, PR_FALSE},
- {CKM_CAST3_CBC_PAD, {1, 16, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_CAST5_KEY_GEN, {1, 16, CKF_GENERATE}, PR_FALSE},
- {CKM_CAST5_ECB, {1, 16, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_CAST5_CBC, {1, 16, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_CAST5_MAC, {1, 16, CKF_SN_VR}, PR_FALSE},
- {CKM_CAST5_MAC_GENERAL, {1, 16, CKF_SN_VR}, PR_FALSE},
- {CKM_CAST5_CBC_PAD, {1, 16, CKF_EN_DE_WR_UN}, PR_FALSE},
-#endif
- /* ------------------------- RC5 Operations --------------------------- */
- {CKM_RC5_KEY_GEN, {1, 255, CKF_GENERATE}, PR_FALSE},
- {CKM_RC5_ECB, {1, 255, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_RC5_CBC, {1, 255, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_RC5_MAC, {1, 255, CKF_SN_VR}, PR_FALSE},
- {CKM_RC5_MAC_GENERAL, {1, 255, CKF_SN_VR}, PR_FALSE},
- {CKM_RC5_CBC_PAD, {1, 255, CKF_EN_DE_WR_UN}, PR_FALSE},
- /* ------------------------- IDEA Operations -------------------------- */
-#ifdef PK11_IDEA_SUPPORTED
- {CKM_IDEA_KEY_GEN, {16, 16, CKF_GENERATE}, PR_FALSE},
- {CKM_IDEA_ECB, {16, 16, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_IDEA_CBC, {16, 16, CKF_EN_DE_WR_UN}, PR_FALSE},
- {CKM_IDEA_MAC, {16, 16, CKF_SN_VR}, PR_FALSE},
- {CKM_IDEA_MAC_GENERAL, {16, 16, CKF_SN_VR}, PR_FALSE},
- {CKM_IDEA_CBC_PAD, {16, 16, CKF_EN_DE_WR_UN}, PR_FALSE},
-#endif
- /* --------------------- Secret Key Operations ------------------------ */
- {CKM_GENERIC_SECRET_KEY_GEN, {1, 256, CKF_GENERATE}, PR_FALSE},
- {CKM_CONCATENATE_BASE_AND_KEY, {1, 256, CKF_GENERATE}, PR_FALSE},
- {CKM_CONCATENATE_BASE_AND_DATA, {1, 256, CKF_GENERATE}, PR_FALSE},
- {CKM_CONCATENATE_DATA_AND_BASE, {1, 256, CKF_GENERATE}, PR_FALSE},
- {CKM_XOR_BASE_AND_DATA, {1, 256, CKF_GENERATE}, PR_FALSE},
- {CKM_EXTRACT_KEY_FROM_KEY, {1, 256, CKF_DERIVE}, PR_FALSE},
- /* ---------------------- SSL Key Derivations ------------------------- */
- {CKM_SSL3_PRE_MASTER_KEY_GEN, {48, 48, CKF_GENERATE}, PR_FALSE},
- {CKM_SSL3_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE},
- {CKM_SSL3_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE},
- {CKM_SSL3_MD5_MAC, { 0, 16, CKF_DERIVE}, PR_FALSE},
- {CKM_SSL3_SHA1_MAC, { 0, 20, CKF_DERIVE}, PR_FALSE},
- {CKM_MD5_KEY_DERIVATION, { 0, 16, CKF_DERIVE}, PR_FALSE},
- {CKM_MD2_KEY_DERIVATION, { 0, 16, CKF_DERIVE}, PR_FALSE},
- {CKM_SHA1_KEY_DERIVATION, { 0, 20, CKF_DERIVE}, PR_FALSE},
- {CKM_TLS_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE},
- {CKM_TLS_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE},
- /* ---------------------- PBE Key Derivations ------------------------ */
- {CKM_PBE_MD2_DES_CBC, {64, 64, CKF_DERIVE}, PR_TRUE},
- {CKM_PBE_MD5_DES_CBC, {64, 64, CKF_DERIVE}, PR_TRUE},
- /* ------------------ NETSCAPE PBE Key Derivations ------------------- */
- {CKM_NETSCAPE_PBE_SHA1_DES_CBC, { 64, 64, CKF_GENERATE}, PR_TRUE},
- {CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, {192, 192, CKF_GENERATE}, PR_TRUE},
- {CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, {192, 192, CKF_GENERATE}, PR_TRUE},
- {CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, { 40, 40, CKF_GENERATE}, PR_TRUE},
- {CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, {128, 128, CKF_GENERATE}, PR_TRUE},
- {CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, { 40, 40, CKF_GENERATE}, PR_TRUE},
- {CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, {128, 128, CKF_GENERATE}, PR_TRUE},
- {CKM_PBE_SHA1_DES3_EDE_CBC, {192, 192, CKF_GENERATE}, PR_TRUE},
- {CKM_PBE_SHA1_DES2_EDE_CBC, {192, 192, CKF_GENERATE}, PR_TRUE},
- {CKM_PBE_SHA1_RC2_40_CBC, { 40, 40, CKF_GENERATE}, PR_TRUE},
- {CKM_PBE_SHA1_RC2_128_CBC, {128, 128, CKF_GENERATE}, PR_TRUE},
- {CKM_PBE_SHA1_RC4_40, { 40, 40, CKF_GENERATE}, PR_TRUE},
- {CKM_PBE_SHA1_RC4_128, {128, 128, CKF_GENERATE}, PR_TRUE},
-};
-static CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]);
-/* load up our token database */
-static CK_RV pk11_importKeyDB(PK11Slot *slot);
-
-/*
- * Configuration utils
- */
-void
-PK11_ConfigurePKCS11(char *man, char *libdes, char *tokdes, char *ptokdes,
- char *slotdes, char *pslotdes, char *fslotdes, char *fpslotdes,
- int minPwd, int pwRequired)
-{
-
- /* make sure the internationalization was done correctly... */
- if (man && (PORT_Strlen(man) == 33)) {
- manufacturerID = man;
- }
- if (libdes && (PORT_Strlen(libdes) == 33)) {
- libraryDescription = libdes;
- }
- if (tokdes && (PORT_Strlen(tokdes) == 33)) {
- tokDescription = tokdes;
- }
- if (ptokdes && (PORT_Strlen(ptokdes) == 33)) {
- privTokDescription = ptokdes;
- }
- if (slotdes && (PORT_Strlen(slotdes) == 65)) {
- slotDescription = slotdes;
- }
- if (pslotdes && (PORT_Strlen(pslotdes) == 65)) {
- privSlotDescription = pslotdes;
- }
-
- if (minimumPinLen <= PK11_MAX_PIN) {
- minimumPinLen = minPwd;
- }
- if ((minimumPinLen == 0) && (pwRequired) &&
- (minimumPinLen <= PK11_MAX_PIN)) {
- minimumPinLen = 1;
- }
-
- PK11_ConfigureFIPS(fslotdes,fpslotdes);
-
- return;
-}
-
-/*
- * ******************** Password Utilities *******************************
- */
-
-/* Handle to give the password to the database. user arg should be a pointer
- * to the slot. */
-static SECItem *pk11_givePass(void *sp,SECKEYKeyDBHandle *handle)
-{
- PK11Slot *slot = (PK11Slot *)sp;
-
- if (slot->password == NULL) return NULL;
-
- return SECITEM_DupItem(slot->password);
-}
-
-/*
- * see if the key DB password is enabled
- */
-PRBool
-pk11_hasNullPassword(SECItem **pwitem)
-{
- PRBool pwenabled;
- SECKEYKeyDBHandle *keydb;
-
- keydb = SECKEY_GetDefaultKeyDB();
- pwenabled = PR_FALSE;
- *pwitem = NULL;
- if (SECKEY_HasKeyDBPassword (keydb) == SECSuccess) {
- *pwitem = SECKEY_HashPassword("", keydb->global_salt);
- if ( *pwitem ) {
- if (SECKEY_CheckKeyDBPassword (keydb, *pwitem) == SECSuccess) {
- pwenabled = PR_TRUE;
- } else {
- SECITEM_ZfreeItem(*pwitem, PR_TRUE);
- *pwitem = NULL;
- }
- }
- }
-
- return pwenabled;
-}
-
-/*
- * ******************** Object Creation Utilities ***************************
- */
-
-
-/* Make sure a given attribute exists. If it doesn't, initialize it to
- * value and len
- */
-CK_RV
-pk11_defaultAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type,void *value,
- unsigned int len)
-{
- if ( !pk11_hasAttribute(object, type)) {
- return pk11_AddAttributeType(object,type,value,len);
- }
- return CKR_OK;
-}
-
-/*
- * check the consistancy and initialize a Data Object
- */
-static CK_RV
-pk11_handleDataObject(PK11Session *session,PK11Object *object)
-{
- CK_RV crv;
-
- /* first reject private and token data objects */
- if (pk11_isTrue(object,CKA_PRIVATE) || pk11_isTrue(object,CKA_TOKEN)) {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
-
- /* now just verify the required date fields */
- crv = pk11_defaultAttribute(object,CKA_APPLICATION,NULL,0);
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_VALUE,NULL,0);
- if (crv != CKR_OK) return crv;
-
- return CKR_OK;
-}
-
-/*
- * check the consistancy and initialize a Certificate Object
- */
-static CK_RV
-pk11_handleCertObject(PK11Session *session,PK11Object *object)
-{
- PK11Attribute *attribute;
- CK_CERTIFICATE_TYPE type;
- SECItem derCert;
- char *label;
- CERTCertDBHandle *handle;
- CERTCertificate *cert;
- CK_RV crv;
-
- /* certificates must have a type */
- if ( !pk11_hasAttribute(object,CKA_CERTIFICATE_TYPE) ) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
-
- /* we can't store any certs private */
- if (pk11_isTrue(object,CKA_PRIVATE)) {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
-
- /* We only support X.509 Certs for now */
- attribute = pk11_FindAttribute(object,CKA_CERTIFICATE_TYPE);
- if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE;
- type = *(CK_CERTIFICATE_TYPE *)attribute->attrib.pValue;
- pk11_FreeAttribute(attribute);
-
- if (type != CKC_X_509) {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
-
- /* X.509 Certificate */
-
- /* make sure we have a cert */
- if ( !pk11_hasAttribute(object,CKA_VALUE) ) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
-
- /* in PKCS #11, Subject is a required field */
- if ( !pk11_hasAttribute(object,CKA_SUBJECT) ) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
-
- /*
- * now parse the certificate
- */
- handle = CERT_GetDefaultCertDB();
-
- /* get the nickname */
- label = pk11_getString(object,CKA_LABEL);
- object->label = label;
- if (label == NULL) {
- return CKR_HOST_MEMORY;
- }
-
- /* get the der cert */
- attribute = pk11_FindAttribute(object,CKA_VALUE);
- derCert.data = (unsigned char *)attribute->attrib.pValue;
- derCert.len = attribute->attrib.ulValueLen ;
-
- cert = CERT_NewTempCertificate(handle, &derCert, label, PR_FALSE, PR_TRUE);
- pk11_FreeAttribute(attribute);
- if (cert == NULL) {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
-
- /* add it to the object */
- object->objectInfo = cert;
- object->infoFree = (PK11Free) CERT_DestroyCertificate;
-
- /* now just verify the required date fields */
- crv = pk11_defaultAttribute(object, CKA_ID, NULL, 0);
- if (crv != CKR_OK) { return crv; }
- crv = pk11_defaultAttribute(object,CKA_ISSUER,
- pk11_item_expand(&cert->derIssuer));
- if (crv != CKR_OK) { return crv; }
- crv = pk11_defaultAttribute(object,CKA_SERIAL_NUMBER,
- pk11_item_expand(&cert->serialNumber));
- if (crv != CKR_OK) { return crv; }
-
-
- if (pk11_isTrue(object,CKA_TOKEN)) {
- SECCertUsage *certUsage = NULL;
- CERTCertTrust trust = { CERTDB_USER, CERTDB_USER, CERTDB_USER };
-
- attribute = pk11_FindAttribute(object,CKA_NETSCAPE_TRUST);
- if(attribute) {
- certUsage = (SECCertUsage*)attribute->attrib.pValue;
- pk11_FreeAttribute(attribute);
- }
-
- /* Temporary for PKCS 12 */
- if(cert->nickname == NULL) {
- /* use the arena so we at least don't leak memory */
- cert->nickname = (char *)PORT_ArenaAlloc(cert->arena,
- PORT_Strlen(label)+1);
- if(cert->nickname == NULL) {
- return CKR_HOST_MEMORY;
- }
- PORT_Memcpy(cert->nickname, label, PORT_Strlen(label));
- }
-
- /* only add certs that have a private key */
- if (SECKEY_KeyForCertExists(SECKEY_GetDefaultKeyDB(),cert)
- != SECSuccess) {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- if (CERT_AddTempCertToPerm(cert, label, &trust) != SECSuccess) {
- return CKR_HOST_MEMORY;
- }
- if(certUsage) {
- if(CERT_ChangeCertTrustByUsage(CERT_GetDefaultCertDB(),
- cert, *certUsage) != SECSuccess) {
- return CKR_HOST_MEMORY;
- }
- }
- object->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_CERT);
- object->inDB = PR_TRUE;
- }
-
- /* label has been adopted by object->label */
- /*PORT_Free(label); */
-
- return CKR_OK;
-}
-
-SECKEYLowPublicKey * pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key);
-/*
- * check the consistancy and initialize a Public Key Object
- */
-static CK_RV
-pk11_handlePublicKeyObject(PK11Object *object,CK_KEY_TYPE key_type)
-{
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL encrypt = CK_TRUE;
- CK_BBOOL recover = CK_TRUE;
- CK_BBOOL wrap = CK_TRUE;
- CK_RV crv;
-
- switch (key_type) {
- case CKK_RSA:
- if ( !pk11_hasAttribute(object, CKA_MODULUS)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_PUBLIC_EXPONENT)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- break;
- case CKK_DSA:
- if ( !pk11_hasAttribute(object, CKA_PRIME)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_SUBPRIME)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_BASE)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_VALUE)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- encrypt = CK_FALSE;
- recover = CK_FALSE;
- wrap = CK_FALSE;
- break;
- case CKK_DH:
- default:
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
-
- /* make sure the required fields exist */
- crv = pk11_defaultAttribute(object,CKA_SUBJECT,NULL,0);
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_ENCRYPT,&encrypt,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_VERIFY_RECOVER,
- &recover,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_WRAP,&wrap,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
-
- object->objectInfo = pk11_GetPubKey(object,key_type);
- object->infoFree = (PK11Free) SECKEY_LowDestroyPublicKey;
-
- if (pk11_isTrue(object,CKA_TOKEN)) {
- object->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PUB);
- }
-
- return CKR_OK;
-}
-/* pk11_GetPubItem returns data associated with the public key.
- * one only needs to free the public key. This comment is here
- * because this sematic would be non-obvious otherwise. All callers
- * should include this comment.
- */
-static SECItem *
-pk11_GetPubItem(SECKEYPublicKey *pubKey) {
- SECItem *pubItem = NULL;
- /* get value to compare from the cert's public key */
- switch ( pubKey->keyType ) {
- case rsaKey:
- pubItem = &pubKey->u.rsa.modulus;
- break;
- case dsaKey:
- pubItem = &pubKey->u.dsa.publicValue;
- break;
- default:
- break;
- }
- return pubItem;
-}
-
-typedef struct {
- CERTCertificate *cert;
- SECItem *pubKey;
-} find_cert_callback_arg;
-
-static SECStatus
-find_cert_by_pub_key(CERTCertificate *cert, SECItem *k, void *arg)
-{
- find_cert_callback_arg *cbarg;
- SECKEYPublicKey *pubKey = NULL;
- SECItem *pubItem;
-
- if((cert == NULL) || (arg == NULL)) {
- return SECFailure;
- }
-
- /* if this cert doesn't look like a user cert, we aren't interested */
- if (!((cert->isperm) && (cert->trust) &&
- (( cert->trust->sslFlags & CERTDB_USER ) ||
- ( cert->trust->emailFlags & CERTDB_USER ) ||
- ( cert->trust->objectSigningFlags & CERTDB_USER )) &&
- ( cert->nickname != NULL ) ) ) {
- goto done;
- }
-
- /* get cert's public key */
- pubKey = CERT_ExtractPublicKey(cert);
- if ( pubKey == NULL ) {
- goto done;
- }
- /* pk11_GetPubItem returns data associated with the public key.
- * one only needs to free the public key. This comment is here
- * because this sematic would be non-obvious otherwise. All callers
- * should include this comment.
- */
- pubItem = pk11_GetPubItem(pubKey);
- if (pubItem == NULL) goto done;
-
- cbarg = (find_cert_callback_arg *)arg;
-
- if(SECITEM_CompareItem(pubItem, cbarg->pubKey) == SECEqual) {
- cbarg->cert = CERT_DupCertificate(cert);
- return SECFailure;
- }
-
-done:
- if ( pubKey ) {
- SECKEY_DestroyPublicKey(pubKey);
- }
-
- return (SECSuccess);
-}
-
-static PK11Object *pk11_importCertificate(PK11Slot *slot,CERTCertificate *cert,
- unsigned char *data, unsigned int size, PRBool needCert);
-/*
- * find a cert associated with the key and load it.
- */
-static SECStatus
-reload_existing_certificate(PK11Object *privKeyObject,SECItem *pubKey)
-{
- find_cert_callback_arg cbarg;
- SECItem nickName;
- CERTCertificate *cert = NULL;
- CK_RV crv;
- SECStatus rv;
-
- cbarg.pubKey = pubKey;
- cbarg.cert = NULL;
- SEC_TraversePermCerts(CERT_GetDefaultCertDB(),
- find_cert_by_pub_key, (void *)&cbarg);
- if (cbarg.cert != NULL) {
- CERTCertificate *cert = NULL;
- /* can anyone tell me why this is call is necessary? rjr */
- cert = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(),
- &cbarg.cert->derCert);
-
- /* does the certificate in the database have a
- * nickname? if not, it probably was inserted
- * through SMIME and a nickname needs to be
- * set.
- */
- if (cert && !cert->nickname) {
- crv=pk11_Attribute2SecItem(NULL,&nickName,privKeyObject,CKA_LABEL);
- if (crv != CKR_OK) {
- goto loser;
- }
- rv = CERT_AddPermNickname(cert, (char *)nickName.data);
- SECITEM_ZfreeItem(&nickName, PR_FALSE);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
-
- /* associate the certificate with the key */
- pk11_importCertificate(privKeyObject->slot, cert, pubKey->data,
- pubKey->len, PR_FALSE);
- }
-
- return SECSuccess;
-loser:
- if (cert) CERT_DestroyCertificate(cert);
- if (cbarg.cert) CERT_DestroyCertificate(cbarg.cert);
- return SECFailure;
-}
-
-static SECKEYLowPrivateKey * pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key);
-/*
- * check the consistancy and initialize a Private Key Object
- */
-static CK_RV
-pk11_handlePrivateKeyObject(PK11Object *object,CK_KEY_TYPE key_type)
-{
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL encrypt = CK_TRUE;
- CK_BBOOL recover = CK_TRUE;
- CK_BBOOL wrap = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- SECItem mod;
- CK_RV crv;
-
- switch (key_type) {
- case CKK_RSA:
- if ( !pk11_hasAttribute(object, CKA_MODULUS)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_PUBLIC_EXPONENT)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_PRIVATE_EXPONENT)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_PRIME_1)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_PRIME_2)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_EXPONENT_1)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_EXPONENT_2)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_COEFFICIENT)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- /* make sure Netscape DB attribute is set correctly */
- crv = pk11_Attribute2SSecItem(NULL, &mod, object, CKA_MODULUS);
- if (crv != CKR_OK) return crv;
- crv = pk11_forceAttribute(object, CKA_NETSCAPE_DB,
- pk11_item_expand(&mod));
- if (mod.data) PORT_Free(mod.data);
- if (crv != CKR_OK) return crv;
-
- break;
- case CKK_DSA:
- if ( !pk11_hasAttribute(object, CKA_PRIME)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_SUBPRIME)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_BASE)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_VALUE)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- if ( !pk11_hasAttribute(object, CKA_NETSCAPE_DB)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- encrypt = CK_FALSE;
- recover = CK_FALSE;
- wrap = CK_FALSE;
- break;
- case CKK_DH:
- default:
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- crv = pk11_defaultAttribute(object,CKA_SUBJECT,NULL,0);
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_SENSITIVE,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_EXTRACTABLE,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_DECRYPT,&encrypt,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_SIGN,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_SIGN_RECOVER,&recover,
- sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_UNWRAP,&wrap,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- /* the next two bits get modified only in the key gen and token cases */
- crv = pk11_forceAttribute(object,CKA_ALWAYS_SENSITIVE,
- &ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_forceAttribute(object,CKA_NEVER_EXTRACTABLE,
- &ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
-
- if (pk11_isTrue(object,CKA_TOKEN)) {
- SECKEYLowPrivateKey *privKey;
- char *label;
- SECStatus rv = SECSuccess;
- SECItem pubKey;
-
- privKey=pk11_mkPrivKey(object,key_type);
- if (privKey == NULL) return CKR_HOST_MEMORY;
- label = object->label = pk11_getString(object,CKA_LABEL);
-
- crv = pk11_Attribute2SecItem(NULL,&pubKey,object,CKA_NETSCAPE_DB);
- if (crv == CKR_OK) {
- rv = SECKEY_StoreKeyByPublicKey(SECKEY_GetDefaultKeyDB(),
- privKey, &pubKey, label,
- (SECKEYGetPasswordKey) pk11_givePass, object->slot);
-
- /* check for the existance of an existing certificate and activate
- * it if necessary */
- if (rv == SECSuccess) {
- reload_existing_certificate(object,&pubKey);
- }
-
- if (pubKey.data) PORT_Free(pubKey.data);
- } else {
- rv = SECFailure;
- }
-
- SECKEY_LowDestroyPrivateKey(privKey);
- if (rv != SECSuccess) return CKR_DEVICE_ERROR;
- object->inDB = PR_TRUE;
- object->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
- } else {
- object->objectInfo = pk11_mkPrivKey(object,key_type);
- if (object->objectInfo == NULL) return CKR_HOST_MEMORY;
- object->infoFree = (PK11Free) SECKEY_LowDestroyPrivateKey;
- }
- /* now NULL out the sensitive attributes */
- if (pk11_isTrue(object,CKA_SENSITIVE)) {
- pk11_nullAttribute(object,CKA_PRIVATE_EXPONENT);
- pk11_nullAttribute(object,CKA_PRIME_1);
- pk11_nullAttribute(object,CKA_PRIME_2);
- pk11_nullAttribute(object,CKA_EXPONENT_1);
- pk11_nullAttribute(object,CKA_EXPONENT_2);
- pk11_nullAttribute(object,CKA_COEFFICIENT);
- }
- return CKR_OK;
-}
-
-/* forward delcare the DES formating function for handleSecretKey */
-void pk11_FormatDESKey(unsigned char *key, int length);
-static SECKEYLowPrivateKey *pk11_mkSecretKeyRep(PK11Object *object);
-
-/* Validate secret key data, and set defaults */
-static CK_RV
-validateSecretKey(PK11Object *object, CK_KEY_TYPE key_type, PRBool isFIPS)
-{
- CK_RV crv;
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- PK11Attribute *attribute = NULL;
- crv = pk11_defaultAttribute(object,CKA_SENSITIVE,
- isFIPS?&cktrue:&ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_EXTRACTABLE,
- &cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_ENCRYPT,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_DECRYPT,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_SIGN,&ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_VERIFY,&ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_WRAP,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_UNWRAP,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
-
- if ( !pk11_hasAttribute(object, CKA_VALUE)) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- /* the next two bits get modified only in the key gen and token cases */
- crv = pk11_forceAttribute(object,CKA_ALWAYS_SENSITIVE,
- &ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_forceAttribute(object,CKA_NEVER_EXTRACTABLE,
- &ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
-
- /* some types of keys have a value length */
- crv = CKR_OK;
- switch (key_type) {
- /* force CKA_VALUE_LEN to be set */
- case CKK_GENERIC_SECRET:
- case CKK_RC2:
- case CKK_RC4:
- case CKK_RC5:
- case CKK_CAST:
- case CKK_CAST3:
- case CKK_CAST5:
- attribute = pk11_FindAttribute(object,CKA_VALUE);
- /* shouldn't happen */
- if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE;
- crv = pk11_forceAttribute(object, CKA_VALUE_LEN,
- &attribute->attrib.ulValueLen, sizeof(CK_ULONG));
- pk11_FreeAttribute(attribute);
- break;
- /* force the value to have the correct parity */
- case CKK_DES:
- case CKK_DES2:
- case CKK_DES3:
- case CKK_CDMF:
- attribute = pk11_FindAttribute(object,CKA_VALUE);
- /* shouldn't happen */
- if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE;
- pk11_FormatDESKey((unsigned char*)attribute->attrib.pValue,
- attribute->attrib.ulValueLen);
- pk11_FreeAttribute(attribute);
- break;
- default:
- break;
- }
-
- return crv;
-}
-/*
- * check the consistancy and initialize a Secret Key Object
- */
-static CK_RV
-pk11_handleSecretKeyObject(PK11Object *object,CK_KEY_TYPE key_type,
- PRBool isFIPS)
-{
- CK_RV crv;
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- PK11Attribute *attribute = NULL;
- SECKEYLowPrivateKey *privKey = NULL;
- SECItem pubKey;
-
- pubKey.data = 0;
-
- /* First validate and set defaults */
- crv = validateSecretKey(object, key_type, isFIPS);
- if (crv != CKR_OK) goto loser;
-
- /* If the object is a TOKEN object, store in the database */
- if (pk11_isTrue(object,CKA_TOKEN)) {
- char *label;
- SECStatus rv = SECSuccess;
-
- privKey=pk11_mkSecretKeyRep(object);
- if (privKey == NULL) return CKR_HOST_MEMORY;
-
- label = object->label = pk11_getString(object,CKA_LABEL);
-
- crv = pk11_Attribute2SecItem(NULL,&pubKey,object,CKA_ID); /* Should this be ID? */
- if (crv != CKR_OK) goto loser;
-
- rv = SECKEY_StoreKeyByPublicKey(SECKEY_GetDefaultKeyDB(),
- privKey, &pubKey, label,
- (SECKEYGetPasswordKey) pk11_givePass, object->slot);
-
- object->inDB = PR_TRUE;
- object->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
- }
-
-loser:
- if (privKey) SECKEY_LowDestroyPrivateKey(privKey);
- if (pubKey.data) PORT_Free(pubKey.data);
-
- return crv;
-}
-
-/*
- * check the consistancy and initialize a Key Object
- */
-static CK_RV
-pk11_handleKeyObject(PK11Session *session, PK11Object *object)
-{
- PK11Attribute *attribute;
- CK_KEY_TYPE key_type;
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_RV crv;
-
- /* verify the required fields */
- if ( !pk11_hasAttribute(object,CKA_KEY_TYPE) ) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
-
- /* now verify the common fields */
- crv = pk11_defaultAttribute(object,CKA_ID,NULL,0);
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_START_DATE,NULL,0);
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_END_DATE,NULL,0);
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_LOCAL,&ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
-
- /* get the key type */
- attribute = pk11_FindAttribute(object,CKA_KEY_TYPE);
- key_type = *(CK_KEY_TYPE *)attribute->attrib.pValue;
- pk11_FreeAttribute(attribute);
-
- switch (object->objclass) {
- case CKO_PUBLIC_KEY:
- return pk11_handlePublicKeyObject(object,key_type);
- case CKO_PRIVATE_KEY:
- return pk11_handlePrivateKeyObject(object,key_type);
- case CKO_SECRET_KEY:
- /* make sure the required fields exist */
- return pk11_handleSecretKeyObject(object,key_type,
- (PRBool)(session->slot->slotID == FIPS_SLOT_ID));
- default:
- break;
- }
- return CKR_ATTRIBUTE_VALUE_INVALID;
-}
-
-/*
- * Handle Object does all the object consistancy checks, automatic attribute
- * generation, attribute defaulting, etc. If handleObject succeeds, the object
- * will be assigned an object handle, and the object pointer will be adopted
- * by the session. (that is don't free object).
- */
-CK_RV
-pk11_handleObject(PK11Object *object, PK11Session *session)
-{
- PK11Slot *slot = session->slot;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_BBOOL cktrue = CK_TRUE;
- PK11Attribute *attribute;
- CK_RV crv;
-
- /* make sure all the base object types are defined. If not set the
- * defaults */
- crv = pk11_defaultAttribute(object,CKA_TOKEN,&ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_PRIVATE,&ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_LABEL,NULL,0);
- if (crv != CKR_OK) return crv;
- crv = pk11_defaultAttribute(object,CKA_MODIFIABLE,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) return crv;
-
- /* don't create a private object if we aren't logged in */
- if ((!slot->isLoggedIn) && (slot->needLogin) &&
- (pk11_isTrue(object,CKA_PRIVATE))) {
- return CKR_USER_NOT_LOGGED_IN;
- }
-
-
- if (((session->info.flags & CKF_RW_SESSION) == 0) &&
- (pk11_isTrue(object,CKA_TOKEN))) {
- return CKR_SESSION_READ_ONLY;
- }
-
- if (pk11_isTrue(object, CKA_TOKEN)) {
- if (slot->DB_loaded == PR_FALSE) {
- /* we are creating a token object, make sure we load the database
- * first so we don't get duplicates....
- * ... NOTE: This assumes we are logged in as well!
- */
- pk11_importKeyDB(slot);
- slot->DB_loaded = PR_TRUE;
- }
- }
-
- /* PKCS #11 object ID's are unique for all objects on a
- * token */
- PK11_USE_THREADS(PR_Lock(slot->objectLock);)
- object->handle = slot->tokenIDCount++;
- PK11_USE_THREADS(PR_Unlock(slot->objectLock);)
-
- /* get the object class */
- attribute = pk11_FindAttribute(object,CKA_CLASS);
- if (attribute == NULL) {
- return CKR_TEMPLATE_INCOMPLETE;
- }
- object->objclass = *(CK_OBJECT_CLASS *)attribute->attrib.pValue;
- pk11_FreeAttribute(attribute);
-
- /* now handle the specific. Get a session handle for these functions
- * to use */
- switch (object->objclass) {
- case CKO_DATA:
- crv = pk11_handleDataObject(session,object);
- case CKO_CERTIFICATE:
- crv = pk11_handleCertObject(session,object);
- break;
- case CKO_PRIVATE_KEY:
- case CKO_PUBLIC_KEY:
- case CKO_SECRET_KEY:
- crv = pk11_handleKeyObject(session,object);
- break;
- default:
- crv = CKR_ATTRIBUTE_VALUE_INVALID;
- break;
- }
-
- /* can't fail from here on out unless the pk_handlXXX functions have
- * failed the request */
- if (crv != CKR_OK) {
- return crv;
- }
-
- /* now link the object into the slot and session structures */
- object->slot = slot;
- pk11_AddObject(session,object);
-
- return CKR_OK;
-}
-
-/* import a private key as an object. We don't call handle object.
- * because we the private key came from the key DB and we don't want to
- * write back out again */
-static PK11Object *
-pk11_importPrivateKey(PK11Slot *slot,SECKEYLowPrivateKey *lowPriv,
- SECItem *dbKey)
-{
- PK11Object *privateKey;
- CK_KEY_TYPE key_type;
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_BBOOL sign = CK_TRUE;
- CK_BBOOL recover = CK_TRUE;
- CK_BBOOL decrypt = CK_TRUE;
- CK_BBOOL derive = CK_FALSE;
- CK_RV crv = CKR_OK;
- CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY;
- unsigned char cka_id[SHA1_LENGTH];
-
- /*
- * now lets create an object to hang the attributes off of
- */
- privateKey = pk11_NewObject(slot); /* fill in the handle later */
- if (privateKey == NULL) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
-
- /* Netscape Private Attribute for dealing with database storeage */
- if (pk11_AddAttributeType(privateKey, CKA_NETSCAPE_DB,
- pk11_item_expand(dbKey)) ) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
-
- /* now force the CKA_ID */
- SHA1_HashBuf(cka_id, (unsigned char *)dbKey->data, (uint32)dbKey->len);
- if (pk11_AddAttributeType(privateKey, CKA_ID, cka_id, sizeof(cka_id))) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
-
-
- /* Fill in the common Default values */
- if (pk11_AddAttributeType(privateKey,CKA_CLASS, &privClass,
- sizeof(CK_OBJECT_CLASS)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_TOKEN, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_PRIVATE, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_MODIFIABLE, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_LABEL, NULL, 0) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_START_DATE, NULL, 0) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_END_DATE, NULL, 0) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_DERIVE, &ckfalse,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- /* local: well we really don't know for sure... it could have been an
- * imported key, but it's not a useful attribute anyway. */
- if (pk11_AddAttributeType(privateKey,CKA_LOCAL, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_SUBJECT, NULL, 0) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_SENSITIVE, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_EXTRACTABLE, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- /* is this really true? Maybe we should just say false here? */
- if (pk11_AddAttributeType(privateKey,CKA_ALWAYS_SENSITIVE, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_NEVER_EXTRACTABLE, &ckfalse,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
-
- /* Now Set up the parameters to generate the key (based on mechanism) */
- /* NOTE: for safety sake we *DO NOT* remember critical attributes. PKCS #11
- * will look them up again from the database when it needs them.
- */
- switch (lowPriv->keyType) {
- case rsaKey:
- /* format the keys */
- key_type = CKK_RSA;
- sign = CK_TRUE;
- recover = CK_TRUE;
- decrypt = CK_TRUE;
- derive = CK_FALSE;
- /* now fill in the RSA dependent parameters in the public key */
- crv = pk11_AddAttributeType(privateKey,CKA_MODULUS,
- pk11_item_expand(&lowPriv->u.rsa.modulus));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_PRIVATE_EXPONENT,NULL,0);
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_PUBLIC_EXPONENT,
- pk11_item_expand(&lowPriv->u.rsa.publicExponent));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_PRIME_1,NULL,0);
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_PRIME_2,NULL,0);
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_EXPONENT_1,NULL,0);
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_EXPONENT_2,NULL,0);
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_COEFFICIENT,NULL,0);
- break;
- case dsaKey:
- key_type = CKK_DSA;
- sign = CK_TRUE;
- recover = CK_FALSE;
- decrypt = CK_FALSE;
- derive = CK_FALSE;
- crv = pk11_AddAttributeType(privateKey,CKA_PRIME,
- pk11_item_expand(&lowPriv->u.dsa.params.prime));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_SUBPRIME,
- pk11_item_expand(&lowPriv->u.dsa.params.subPrime));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_BASE,
- pk11_item_expand(&lowPriv->u.dsa.params.base));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_VALUE,NULL,0);
- if (crv != CKR_OK) break;
- break;
- case dhKey:
- key_type = CKK_DH;
- sign = CK_FALSE;
- decrypt = CK_FALSE;
- recover = CK_FALSE;
- derive = CK_TRUE;
- crv = CKR_MECHANISM_INVALID;
- break;
- default:
- crv = CKR_MECHANISM_INVALID;
- }
-
- if (crv != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
-
-
- if (pk11_AddAttributeType(privateKey,CKA_SIGN, &sign,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_SIGN_RECOVER, &recover,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_DECRYPT, &decrypt,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_UNWRAP, &decrypt,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_DERIVE, &derive,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- if (pk11_AddAttributeType(privateKey,CKA_KEY_TYPE,&key_type,
- sizeof(CK_KEY_TYPE)) != CKR_OK) {
- pk11_FreeObject(privateKey);
- return NULL;
- }
- PK11_USE_THREADS(PR_Lock(slot->objectLock);)
- privateKey->handle = slot->tokenIDCount++;
- privateKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
- PK11_USE_THREADS(PR_Unlock(slot->objectLock);)
- privateKey->objclass = privClass;
- privateKey->slot = slot;
- privateKey->inDB = PR_TRUE;
-
- return privateKey;
-}
-
-/* import a private key or cert as a public key object.*/
-static PK11Object *
-pk11_importPublicKey(PK11Slot *slot,
- SECKEYLowPrivateKey *lowPriv, CERTCertificate *cert, SECItem *dbKey)
-{
- PK11Object *publicKey = NULL;
- CK_KEY_TYPE key_type;
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_BBOOL verify = CK_TRUE;
- CK_BBOOL recover = CK_TRUE;
- CK_BBOOL encrypt = CK_TRUE;
- CK_BBOOL derive = CK_FALSE;
- CK_RV crv = CKR_OK;
- CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY;
- unsigned char cka_id[SHA1_LENGTH];
- KeyType keyType = nullKey;
- SECKEYPublicKey *pubKey = NULL;
- CK_ATTRIBUTE theTemplate[2];
- PK11ObjectListElement *objectList = NULL;
-
- if (lowPriv == NULL) {
- pubKey = CERT_ExtractPublicKey(cert);
- if (pubKey == NULL) {
- goto failed;
- }
- /* pk11_GetPubItem returns data associated with the public key.
- * one only needs to free the public key. This comment is here
- * because this sematic would be non-obvious otherwise. All callers
- * should include this comment.
- */
- dbKey = pk11_GetPubItem(pubKey);
- if (dbKey == NULL) {
- goto failed;
- }
- }
- SHA1_HashBuf(cka_id, (unsigned char *)dbKey->data, (uint32)dbKey->len);
- theTemplate[0].type = CKA_ID;
- theTemplate[0].pValue = cka_id;
- theTemplate[0].ulValueLen = sizeof(cka_id);
- theTemplate[1].type = CKA_CLASS;
- theTemplate[1].pValue = &pubClass;
- theTemplate[1].ulValueLen = sizeof(CK_OBJECT_CLASS);
- crv = pk11_searchObjectList(&objectList,slot->tokObjects,
- slot->objectLock, theTemplate, 2, slot->isLoggedIn);
- if ((crv == CKR_OK) && (objectList != NULL)) {
- goto failed;
- }
- /*
- * now lets create an object to hang the attributes off of
- */
- publicKey = pk11_NewObject(slot); /* fill in the handle later */
- if (publicKey == NULL) {
- goto failed;
- }
-
- /* now force the CKA_ID */
- if (pk11_AddAttributeType(publicKey, CKA_ID, cka_id, sizeof(cka_id))) {
- goto failed;
- }
-
- /* Fill in the common Default values */
- if (pk11_AddAttributeType(publicKey,CKA_CLASS,&pubClass,
- sizeof(CK_OBJECT_CLASS)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_TOKEN, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_PRIVATE, &ckfalse,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_MODIFIABLE, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_LABEL, NULL, 0) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_START_DATE, NULL, 0) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_END_DATE, NULL, 0) != CKR_OK) {
- goto failed;
- }
- /* local: well we really don't know for sure... it could have been an
- * imported key, but it's not a useful attribute anyway. */
- if (pk11_AddAttributeType(publicKey,CKA_LOCAL, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_SUBJECT, NULL, 0) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_SENSITIVE, &ckfalse,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_EXTRACTABLE, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_ALWAYS_SENSITIVE, &ckfalse,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_NEVER_EXTRACTABLE, &ckfalse,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
-
- /* Now Set up the parameters to generate the key (based on mechanism) */
- if (lowPriv == NULL) {
-
- keyType = pubKey->keyType;
- } else {
- keyType = lowPriv->keyType;
- }
-
-
- switch (keyType) {
- case rsaKey:
- /* format the keys */
- key_type = CKK_RSA;
- verify = CK_TRUE;
- recover = CK_TRUE;
- encrypt = CK_TRUE;
- derive = CK_FALSE;
- /* now fill in the RSA dependent parameters in the public key */
- if (lowPriv) {
- crv = pk11_AddAttributeType(publicKey,CKA_MODULUS,
- pk11_item_expand(&lowPriv->u.rsa.modulus));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(publicKey,CKA_PUBLIC_EXPONENT,
- pk11_item_expand(&lowPriv->u.rsa.publicExponent));
- if (crv != CKR_OK) break;
- } else {
- crv = pk11_AddAttributeType(publicKey,CKA_MODULUS,
- pk11_item_expand(&pubKey->u.rsa.modulus));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(publicKey,CKA_PUBLIC_EXPONENT,
- pk11_item_expand(&pubKey->u.rsa.publicExponent));
- if (crv != CKR_OK) break;
- }
- break;
- case dsaKey:
- key_type = CKK_DSA;
- verify = CK_TRUE;
- recover = CK_FALSE;
- encrypt = CK_FALSE;
- derive = CK_FALSE;
- if (lowPriv) {
- crv = pk11_AddAttributeType(publicKey,CKA_PRIME,
- pk11_item_expand(&lowPriv->u.dsa.params.prime));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(publicKey,CKA_SUBPRIME,
- pk11_item_expand(&lowPriv->u.dsa.params.subPrime));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(publicKey,CKA_BASE,
- pk11_item_expand(&lowPriv->u.dsa.params.base));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(publicKey,CKA_VALUE,
- pk11_item_expand(&lowPriv->u.dsa.publicValue));
- if (crv != CKR_OK) break;
- } else {
- crv = pk11_AddAttributeType(publicKey,CKA_PRIME,
- pk11_item_expand(&pubKey->u.dsa.params.prime));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(publicKey,CKA_SUBPRIME,
- pk11_item_expand(&pubKey->u.dsa.params.subPrime));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(publicKey,CKA_BASE,
- pk11_item_expand(&pubKey->u.dsa.params.base));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(publicKey,CKA_VALUE,
- pk11_item_expand(&pubKey->u.dsa.publicValue));
- if (crv != CKR_OK) break;
- }
- break;
- case dhKey:
- key_type = CKK_DH;
- verify = CK_FALSE;
- encrypt = CK_FALSE;
- recover = CK_FALSE;
- derive = CK_TRUE;
- crv = CKR_MECHANISM_INVALID;
- break;
- default:
- crv = CKR_MECHANISM_INVALID;
- }
-
- if (pubKey) {
- SECKEY_DestroyPublicKey(pubKey);
- pubKey = NULL;
- }
-
- if (crv != CKR_OK) {
- goto failed;
- }
-
- if (pk11_AddAttributeType(publicKey,CKA_VERIFY, &verify,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_VERIFY_RECOVER, &recover,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_ENCRYPT, &encrypt,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_WRAP, &encrypt,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_DERIVE, &derive,
- sizeof(CK_BBOOL)) != CKR_OK) {
- goto failed;
- }
- if (pk11_AddAttributeType(publicKey,CKA_KEY_TYPE,&key_type,
- sizeof(CK_KEY_TYPE)) != CKR_OK) {
- goto failed;
- }
- PK11_USE_THREADS(PR_Lock(slot->objectLock);)
- publicKey->handle = slot->tokenIDCount++;
- publicKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PUB);
- PK11_USE_THREADS(PR_Unlock(slot->objectLock);)
- publicKey->objclass = pubClass;
- publicKey->slot = slot;
- publicKey->inDB = PR_FALSE; /* not really in the Database */
-
- return publicKey;
-failed:
- if (pubKey) SECKEY_DestroyPublicKey(pubKey);
- if (publicKey) pk11_FreeObject(publicKey);
- return NULL;
-}
-
-/*
- * Question.. Why doesn't import Cert call pk11_handleObject, or
- * pk11 handleCertObject? Answer: because they will try to write
- * this cert back out to the Database, even though it is already in
- * the database.
- */
-static PK11Object *
-pk11_importCertificate(PK11Slot *slot, CERTCertificate *cert,
- unsigned char *data, unsigned int size, PRBool needObject)
-{
- PK11Object *certObject = NULL;
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_CERTIFICATE_TYPE certType = CKC_X_509;
- CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
- unsigned char cka_id[SHA1_LENGTH];
- CK_ATTRIBUTE theTemplate;
- PK11ObjectListElement *objectList = NULL;
- CK_RV crv;
-
-
- /*
- * first make sure that no object for this cert already exists.
- */
- theTemplate.type = CKA_VALUE;
- theTemplate.pValue = cert->derCert.data;
- theTemplate.ulValueLen = cert->derCert.len;
- crv = pk11_searchObjectList(&objectList,slot->tokObjects,
- slot->objectLock, &theTemplate, 1, slot->isLoggedIn);
- if ((crv == CKR_OK) && (objectList != NULL)) {
- if (needObject) {
- pk11_ReferenceObject(objectList->object);
- certObject = objectList->object;
- }
- pk11_FreeObjectList(objectList);
- return certObject;
- }
-
- /*
- * now lets create an object to hang the attributes off of
- */
- certObject = pk11_NewObject(slot); /* fill in the handle later */
- if (certObject == NULL) {
- return NULL;
- }
-
- /* First set the CKA_ID */
- if (data == NULL) {
- SECKEYPublicKey *pubKey = CERT_ExtractPublicKey(cert);
- SECItem *pubItem;
- if (pubKey == NULL) {
- pk11_FreeObject(certObject);
- return NULL;
- }
- /* pk11_GetPubItem returns data associated with the public key.
- * one only needs to free the public key. This comment is here
- * because this sematic would be non-obvious otherwise.
- */
- pubItem =pk11_GetPubItem(pubKey);
- if (pubItem == NULL) {
- SECKEY_DestroyPublicKey(pubKey);
- pk11_FreeObject(certObject);
- return NULL;
- }
- SHA1_HashBuf(cka_id, (unsigned char *)pubItem->data,
- (uint32)pubItem->len);
- SECKEY_DestroyPublicKey(pubKey);
- } else {
- SHA1_HashBuf(cka_id, (unsigned char *)data, (uint32)size);
- }
- if (pk11_AddAttributeType(certObject, CKA_ID, cka_id, sizeof(cka_id))) {
- pk11_FreeObject(certObject);
- return NULL;
- }
-
- /* initalize the certificate attributes */
- if (pk11_AddAttributeType(certObject, CKA_CLASS, &certClass,
- sizeof(CK_OBJECT_CLASS)) != CKR_OK) {
- pk11_FreeObject(certObject);
- return NULL;
- }
- if (pk11_AddAttributeType(certObject, CKA_TOKEN, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(certObject);
- return NULL;
- }
- if (pk11_AddAttributeType(certObject, CKA_PRIVATE, &ckfalse,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(certObject);
- return NULL;
- }
- if (pk11_AddAttributeType(certObject, CKA_LABEL, cert->nickname,
- PORT_Strlen(cert->nickname))
- != CKR_OK) {
- pk11_FreeObject(certObject);
- return NULL;
- }
- if (pk11_AddAttributeType(certObject, CKA_MODIFIABLE, &cktrue,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(certObject);
- return NULL;
- }
- if (pk11_AddAttributeType(certObject, CKA_CERTIFICATE_TYPE, &certType,
- sizeof(CK_CERTIFICATE_TYPE))!=CKR_OK) {
- pk11_FreeObject(certObject);
- return NULL;
- }
- if (pk11_AddAttributeType(certObject, CKA_VALUE,
- pk11_item_expand(&cert->derCert)) != CKR_OK) {
- pk11_FreeObject(certObject);
- return NULL;
- }
- if (pk11_AddAttributeType(certObject, CKA_ISSUER,
- pk11_item_expand(&cert->derIssuer)) != CKR_OK) {
- pk11_FreeObject(certObject);
- return NULL;
- }
- if (pk11_AddAttributeType(certObject, CKA_SUBJECT,
- pk11_item_expand(&cert->derSubject)) != CKR_OK) {
- pk11_FreeObject(certObject);
- return NULL;
- }
- if (pk11_AddAttributeType(certObject, CKA_SERIAL_NUMBER,
- pk11_item_expand(&cert->serialNumber)) != CKR_OK) {
- pk11_FreeObject(certObject);
- return NULL;
- }
-
-
- certObject->objectInfo = CERT_DupCertificate(cert);
- certObject->infoFree = (PK11Free) CERT_DestroyCertificate;
-
- /* now just verify the required date fields */
- PK11_USE_THREADS(PR_Lock(slot->objectLock);)
- certObject->handle = slot->tokenIDCount++;
- certObject->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_CERT);
- PK11_USE_THREADS(PR_Unlock(slot->objectLock);)
- certObject->objclass = certClass;
- certObject->slot = slot;
- certObject->inDB = PR_TRUE;
- pk11_AddSlotObject(slot, certObject);
- if (needObject) {
- pk11_ReferenceObject(certObject);
- } else {
- certObject = NULL;
- }
-
- return certObject;
-}
-
-/*
- * ******************** Public Key Utilities ***************************
- */
-/* Generate a low public key structure from an object */
-SECKEYLowPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type)
-{
- SECKEYLowPublicKey *pubKey;
- PLArenaPool *arena;
- CK_RV crv;
-
- if (object->objclass != CKO_PUBLIC_KEY) {
- return NULL;
- }
-
- /* If we already have a key, use it */
- if (object->objectInfo) {
- return (SECKEYLowPublicKey *)object->objectInfo;
- }
-
- /* allocate the structure */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) return NULL;
-
- pubKey = (SECKEYLowPublicKey *)
- PORT_ArenaAlloc(arena,sizeof(SECKEYLowPublicKey));
- if (pubKey == NULL) {
- PORT_FreeArena(arena,PR_FALSE);
- return NULL;
- }
-
- /* fill in the structure */
- pubKey->arena = arena;
- switch (key_type) {
- case CKK_RSA:
- pubKey->keyType = rsaKey;
- crv = pk11_Attribute2SSecItem(arena,&pubKey->u.rsa.modulus,
- object,CKA_MODULUS);
- if (crv != CKR_OK) break;
- crv = pk11_Attribute2SSecItem(arena,&pubKey->u.rsa.publicExponent,
- object,CKA_PUBLIC_EXPONENT);
- break;
- case CKK_DSA:
- pubKey->keyType = dsaKey;
- crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dsa.params.prime,
- object,CKA_PRIME);
- if (crv != CKR_OK) break;
- crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dsa.params.subPrime,
- object,CKA_SUBPRIME);
- if (crv != CKR_OK) break;
- crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dsa.params.base,
- object,CKA_BASE);
- if (crv != CKR_OK) break;
- crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dsa.publicValue,
- object,CKA_VALUE);
- break;
- case CKK_DH:
- default:
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- if (crv != CKR_OK) {
- PORT_FreeArena(arena,PR_FALSE);
- return NULL;
- }
-
- object->objectInfo = pubKey;
- object->infoFree = (PK11Free) SECKEY_LowDestroyPublicKey;
- return pubKey;
-}
-
-/* make a private key from a verified object */
-static SECKEYLowPrivateKey *
-pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key_type)
-{
- SECKEYLowPrivateKey *privKey;
- PLArenaPool *arena;
- CK_RV crv = CKR_OK;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) return NULL;
-
- privKey = (SECKEYLowPrivateKey *)
- PORT_ArenaAlloc(arena,sizeof(SECKEYLowPrivateKey));
- if (privKey == NULL) {
- PORT_FreeArena(arena,PR_FALSE);
- return NULL;
- }
-
- /* in future this would be a switch on key_type */
- privKey->arena = arena;
- switch (key_type) {
- case CKK_RSA:
- privKey->keyType = rsaKey;
- crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.modulus,
- object,CKA_MODULUS);
- if (crv != CKR_OK) break;
- crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.publicExponent,object,
- CKA_PUBLIC_EXPONENT);
- if (crv != CKR_OK) break;
- crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.privateExponent,object,
- CKA_PRIVATE_EXPONENT);
- if (crv != CKR_OK) break;
- crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.prime1,object,
- CKA_PRIME_1);
- if (crv != CKR_OK) break;
- crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.prime2,object,
- CKA_PRIME_2);
- if (crv != CKR_OK) break;
- crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.exponent1,
- object, CKA_EXPONENT_1);
- if (crv != CKR_OK) break;
- crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.exponent2,
- object, CKA_EXPONENT_2);
- if (crv != CKR_OK) break;
- crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.coefficient,object,
- CKA_COEFFICIENT);
- if (crv != CKR_OK) break;
- rv = DER_SetUInteger(privKey->arena, &privKey->u.rsa.version,
- SEC_PRIVATE_KEY_VERSION);
- if (rv != SECSuccess) crv = CKR_HOST_MEMORY;
- break;
-
- case CKK_DSA:
- privKey->keyType = dsaKey;
- crv = pk11_Attribute2SSecItem(arena,&privKey->u.dsa.params.prime,
- object,CKA_PRIME);
- if (crv != CKR_OK) break;
- crv = pk11_Attribute2SSecItem(arena,&privKey->u.dsa.params.subPrime,
- object,CKA_SUBPRIME);
- if (crv != CKR_OK) break;
- crv = pk11_Attribute2SSecItem(arena,&privKey->u.dsa.params.base,
- object,CKA_BASE);
- if (crv != CKR_OK) break;
- crv = pk11_Attribute2SSecItem(arena,&privKey->u.dsa.privateValue,
- object,CKA_VALUE);
- if (crv != CKR_OK) break;
- crv = pk11_Attribute2SSecItem(arena,&privKey->u.dsa.publicValue,
- object,CKA_NETSCAPE_DB);
- /* can't set the public value.... */
- break;
- case CKK_DH:
- default:
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- if (crv != CKR_OK) {
- PORT_FreeArena(arena,PR_FALSE);
- return NULL;
- }
- return privKey;
-}
-
-
-/* Generate a low private key structure from an object */
-SECKEYLowPrivateKey *
-pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type)
-{
- SECKEYLowPrivateKey *priv = NULL;
-
- if (object->objclass != CKO_PRIVATE_KEY) {
- return NULL;
- }
- if (object->objectInfo) {
- return (SECKEYLowPrivateKey *)object->objectInfo;
- }
-
- if (pk11_isTrue(object,CKA_TOKEN)) {
- /* grab it from the data base */
- char *label = pk11_getString(object,CKA_LABEL);
- SECItem pubKey;
- CK_RV crv;
-
- /* KEYID is the public KEY for DSA and DH, and the MODULUS for
- * RSA */
- crv=pk11_Attribute2SecItem(NULL,&pubKey,object,CKA_NETSCAPE_DB);
- if (crv != CKR_OK) return NULL;
-
- priv=SECKEY_FindKeyByPublicKey(SECKEY_GetDefaultKeyDB(),&pubKey,
- (SECKEYGetPasswordKey) pk11_givePass,
- object->slot);
- if (pubKey.data) PORT_Free(pubKey.data);
-
- /* don't 'cache' DB private keys */
- return priv;
- }
-
- priv = pk11_mkPrivKey(object, key_type);
- object->objectInfo = priv;
- object->infoFree = (PK11Free) SECKEY_LowDestroyPrivateKey;
- return priv;
-}
-
-/*
- **************************** Symetric Key utils ************************
- */
-/*
- * set the DES key with parity bits correctly
- */
-void
-pk11_FormatDESKey(unsigned char *key, int length)
-{
- int i;
-
- /* format the des key */
- for (i=0; i < length; i++) {
- key[i] = parityTable[key[i]>>1];
- }
-}
-
-/*
- * check a des key (des2 or des3 subkey) for weak keys.
- */
-PRBool
-pk11_CheckDESKey(unsigned char *key)
-{
- int i;
-
- /* format the des key with parity */
- pk11_FormatDESKey(key, 8);
-
- for (i=0; i < pk11_desWeakTableSize; i++) {
- if (PORT_Memcmp(key,pk11_desWeakTable[i],8) == 0) {
- return PR_TRUE;
- }
- }
- return PR_FALSE;
-}
-
-/*
- * check if a des or triple des key is weak.
- */
-PRBool
-pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type)
-{
-
- switch(key_type) {
- case CKK_DES:
- return pk11_CheckDESKey(key);
- case CKM_DES2_KEY_GEN:
- if (pk11_CheckDESKey(key)) return PR_TRUE;
- return pk11_CheckDESKey(&key[8]);
- case CKM_DES3_KEY_GEN:
- if (pk11_CheckDESKey(key)) return PR_TRUE;
- if (pk11_CheckDESKey(&key[8])) return PR_TRUE;
- return pk11_CheckDESKey(&key[16]);
- default:
- break;
- }
- return PR_FALSE;
-}
-
-
-/* make a fake private key representing a symmetric key */
-static SECKEYLowPrivateKey *
-pk11_mkSecretKeyRep(PK11Object *object)
-{
- SECKEYLowPrivateKey *privKey;
- PLArenaPool *arena = 0;
- CK_RV crv;
- SECStatus rv;
- static unsigned char derZero[1] = { 0 };
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) { crv = CKR_HOST_MEMORY; goto loser; }
-
- privKey = (SECKEYLowPrivateKey *)
- PORT_ArenaAlloc(arena,sizeof(SECKEYLowPrivateKey));
- if (privKey == NULL) { crv = CKR_HOST_MEMORY; goto loser; }
-
- privKey->arena = arena;
-
- /* Secret keys are represented in the database as "fake" RSA keys. The RSA key
- * is marked as a secret key representation by setting the public exponent field
- * to 0, which is an invalid RSA exponent. The other fields are set as follows:
- * modulus - CKA_ID value for the secret key
- * private exponent - CKA_VALUE (the key itself)
- * coefficient - CKA_KEY_TYPE, which indicates what encryption algorithm
- * is used for the key.
- * all others - set to integer 0
- */
- privKey->keyType = rsaKey;
-
- /* The modulus is set to the key id of the symmetric key */
- crv=pk11_Attribute2SecItem(arena,&privKey->u.rsa.modulus,object,CKA_ID);
- if (crv != CKR_OK) goto loser;
-
- /* The public exponent is set to 0 length to indicate a special key */
- privKey->u.rsa.publicExponent.len = sizeof derZero;
- privKey->u.rsa.publicExponent.data = derZero;
-
- /* The private exponent is the actual key value */
- crv=pk11_Attribute2SecItem(arena,&privKey->u.rsa.privateExponent,object,CKA_VALUE);
- if (crv != CKR_OK) goto loser;
-
- /* All other fields empty - needs testing */
- privKey->u.rsa.prime1.len = sizeof derZero;
- privKey->u.rsa.prime1.data = derZero;
-
- privKey->u.rsa.prime2.len = sizeof derZero;
- privKey->u.rsa.prime2.data = derZero;
-
- privKey->u.rsa.exponent1.len = sizeof derZero;
- privKey->u.rsa.exponent1.data = derZero;
-
- privKey->u.rsa.exponent2.len = sizeof derZero;
- privKey->u.rsa.exponent2.data = derZero;
-
- /* Coeficient set to KEY_TYPE */
- crv=pk11_Attribute2SecItem(arena,&privKey->u.rsa.coefficient,object,CKA_KEY_TYPE);
- if (crv != CKR_OK) goto loser;
-
- /* Private key version field set normally for compatibility */
- rv = DER_SetUInteger(privKey->arena, &privKey->u.rsa.version,SEC_PRIVATE_KEY_VERSION);
- if (rv != SECSuccess) { crv = CKR_HOST_MEMORY; goto loser; }
-
-loser:
- if (crv != CKR_OK) {
- PORT_FreeArena(arena,PR_FALSE);
- privKey = 0;
- }
-
- return privKey;
-}
-
-static PRBool
-isSecretKey(SECKEYLowPrivateKey *privKey)
-{
- if (privKey->keyType == rsaKey && privKey->u.rsa.publicExponent.len == 1 &&
- privKey->u.rsa.publicExponent.data[0] == 0)
- return PR_TRUE;
-
- return PR_FALSE;
-}
-
-/* Import a Secret Key */
-static PRBool
-importSecretKey(PK11Slot *slot, SECKEYLowPrivateKey *priv)
-{
- PK11Object *object;
- CK_OBJECT_CLASS secretClass = CKO_SECRET_KEY;
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_KEY_TYPE key_type;
-
- /* Check for secret key representation, return if it isn't one */
- if (!isSecretKey(priv))
- return PR_FALSE;
-
- /*
- * now lets create an object to hang the attributes off of
- */
- object = pk11_NewObject(slot); /* fill in the handle later */
- if (object == NULL) {
- goto loser;
- }
-
- /* Set the ID value */
- if (pk11_AddAttributeType(object, CKA_ID,
- priv->u.rsa.modulus.data, priv->u.rsa.modulus.len)) {
- pk11_FreeObject(object);
- goto loser;
- }
-
- /* initalize the object attributes */
- if (pk11_AddAttributeType(object, CKA_CLASS, &secretClass,
- sizeof(secretClass)) != CKR_OK) {
- pk11_FreeObject(object);
- goto loser;
- }
-
- if (pk11_AddAttributeType(object, CKA_TOKEN, &cktrue,
- sizeof(cktrue)) != CKR_OK) {
- pk11_FreeObject(object);
- goto loser;
- }
-
- if (pk11_AddAttributeType(object, CKA_PRIVATE, &ckfalse,
- sizeof(CK_BBOOL)) != CKR_OK) {
- pk11_FreeObject(object);
- goto loser;
- }
-
- if (pk11_AddAttributeType(object, CKA_VALUE,
- pk11_item_expand(&priv->u.rsa.privateExponent)) != CKR_OK) {
- pk11_FreeObject(object);
- goto loser;
- }
-
- if (pk11_AddAttributeType(object, CKA_KEY_TYPE,
- pk11_item_expand(&priv->u.rsa.coefficient)) != CKR_OK) {
- pk11_FreeObject(object);
- goto loser;
- }
- key_type = *(CK_KEY_TYPE*)priv->u.rsa.coefficient.data;
-
- /* Validate and add default attributes */
- validateSecretKey(object, key_type, (PRBool)(slot->slotID == FIPS_SLOT_ID));
-
- /* now just verify the required date fields */
- PK11_USE_THREADS(PR_Lock(slot->objectLock);)
- object->handle = slot->tokenIDCount++;
- object->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
- PK11_USE_THREADS(PR_Unlock(slot->objectLock);)
-
- object->objclass = secretClass;
- object->slot = slot;
- object->inDB = PR_TRUE;
- pk11_AddSlotObject(slot, object);
-
-loser:
- return PR_TRUE;
-}
-
-
-/**********************************************************************
- *
- * Start of PKCS 11 functions
- *
- **********************************************************************/
-
-
-/* return the function list */
-CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList)
-{
- *pFunctionList = &pk11_funcList;
- return CKR_OK;
-}
-
-/*
- * initialize one of the slot structures. figure out which by the ID
- */
-CK_RV
-PK11_SlotInit(CK_SLOT_ID slotID, PRBool needLogin)
-{
- int i;
- PK11Slot *slot = pk11_SlotFromID(slotID);
-#ifdef PKCS11_USE_THREADS
- slot->sessionLock = PR_NewLock();
- if (slot->sessionLock == NULL) return CKR_HOST_MEMORY;
- slot->objectLock = PR_NewLock();
- if (slot->objectLock == NULL) return CKR_HOST_MEMORY;
-#else
- slot->sessionLock = NULL;
- slot->objectLock = NULL;
-#endif
- for(i=0; i < SESSION_HASH_SIZE; i++) {
- slot->head[i] = NULL;
- }
- for(i=0; i < TOKEN_OBJECT_HASH_SIZE; i++) {
- slot->tokObjects[i] = NULL;
- }
- slot->password = NULL;
- slot->hasTokens = PR_FALSE;
- slot->sessionIDCount = 1;
- slot->sessionCount = 0;
- slot->rwSessionCount = 0;
- slot->tokenIDCount = 1;
- slot->needLogin = PR_FALSE;
- slot->isLoggedIn = PR_FALSE;
- slot->ssoLoggedIn = PR_FALSE;
- slot->DB_loaded = PR_FALSE;
- slot->slotID = slotID;
- if (needLogin) {
- /* if the data base is initialized with a null password,remember that */
- slot->needLogin = (PRBool)!pk11_hasNullPassword(&slot->password);
- }
- return CKR_OK;
-}
-
-/*
- * common initialization routines between PKCS #11 and FIPS
- */
-CK_RV PK11_LowInitialize(CK_VOID_PTR pReserved)
-{
- SECStatus rv = SECSuccess;
-
- /* initialize the Random number generater */
- rv = RNG_RNGInit();
-
- if (rv != SECSuccess) {
- return CKR_DEVICE_ERROR;
- }
-
- SECKEY_SetDefaultKeyDBAlg(SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC);
- return CKR_OK;
-}
-
-/* NSC_Initialize initializes the Cryptoki library. */
-CK_RV NSC_Initialize(CK_VOID_PTR pReserved)
-{
- static PRBool init = PR_FALSE;
- CK_RV crv = CKR_OK;
-
- crv = PK11_LowInitialize(pReserved);
- if (crv != CKR_OK) return crv;
-
- /* intialize all the slots */
- if (!init) {
- crv = PK11_SlotInit(NETSCAPE_SLOT_ID,PR_FALSE);
- if (crv != CKR_OK) return crv;
- crv = PK11_SlotInit(PRIVATE_KEY_SLOT_ID,PR_TRUE);
- init = PR_TRUE;
- }
-
- return crv;
-}
-
-/* NSC_Finalize indicates that an application is done with the
- * Cryptoki library.*/
-CK_RV NSC_Finalize (CK_VOID_PTR pReserved)
-{
- return CKR_OK;
-}
-
-
-/* NSC_GetInfo returns general information about Cryptoki. */
-CK_RV NSC_GetInfo(CK_INFO_PTR pInfo)
-{
- pInfo->cryptokiVersion.major = 2;
- pInfo->cryptokiVersion.minor = 1;
- PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
- pInfo->libraryVersion.major = 4;
- pInfo->libraryVersion.minor = 0;
- PORT_Memcpy(pInfo->libraryDescription,libraryDescription,32);
- pInfo->flags = 0;
- return CKR_OK;
-}
-
-/* NSC_GetSlotList obtains a list of slots in the system. */
-CK_RV NSC_GetSlotList(CK_BBOOL tokenPresent,
- CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
-{
- *pulCount = 2;
- if (pSlotList != NULL) {
- pSlotList[0] = NETSCAPE_SLOT_ID;
- pSlotList[1] = PRIVATE_KEY_SLOT_ID;
- }
- return CKR_OK;
-}
-
-/* NSC_GetSlotInfo obtains information about a particular slot in the system. */
-CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
-{
- pInfo->firmwareVersion.major = 0;
- pInfo->firmwareVersion.minor = 0;
- switch (slotID) {
- case NETSCAPE_SLOT_ID:
- PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
- PORT_Memcpy(pInfo->slotDescription,slotDescription,64);
- pInfo->flags = CKF_TOKEN_PRESENT;
- pInfo->hardwareVersion.major = 4;
- pInfo->hardwareVersion.minor = 1;
- return CKR_OK;
- case PRIVATE_KEY_SLOT_ID:
- PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
- PORT_Memcpy(pInfo->slotDescription,privSlotDescription,64);
- pInfo->flags = CKF_TOKEN_PRESENT;
- /* ok we really should read it out of the keydb file. */
- pInfo->hardwareVersion.major = PRIVATE_KEY_DB_FILE_VERSION;
- pInfo->hardwareVersion.minor = 0;
- return CKR_OK;
- default:
- break;
- }
- return CKR_SLOT_ID_INVALID;
-}
-
-#define CKF_THREAD_SAFE 0x8000 /* for now */
-
-/* NSC_GetTokenInfo obtains information about a particular token in
- * the system. */
-CK_RV NSC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo)
-{
- PK11Slot *slot = pk11_SlotFromID(slotID);
- SECKEYKeyDBHandle *handle;
-
- if (slot == NULL) return CKR_SLOT_ID_INVALID;
-
- PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
- PORT_Memcpy(pInfo->model,"Libsec 4.0 ",16);
- PORT_Memcpy(pInfo->serialNumber,"0000000000000000",16);
- pInfo->ulMaxSessionCount = 0; /* arbitrarily large */
- pInfo->ulSessionCount = slot->sessionCount;
- pInfo->ulMaxRwSessionCount = 0; /* arbitarily large */
- pInfo->ulRwSessionCount = slot->rwSessionCount;
- pInfo->firmwareVersion.major = 0;
- pInfo->firmwareVersion.minor = 0;
- switch (slotID) {
- case NETSCAPE_SLOT_ID:
- PORT_Memcpy(pInfo->label,tokDescription,32);
- pInfo->flags= CKF_RNG | CKF_WRITE_PROTECTED | CKF_THREAD_SAFE;
- pInfo->ulMaxPinLen = 0;
- pInfo->ulMinPinLen = 0;
- pInfo->ulTotalPublicMemory = 0;
- pInfo->ulFreePublicMemory = 0;
- pInfo->ulTotalPrivateMemory = 0;
- pInfo->ulFreePrivateMemory = 0;
- pInfo->hardwareVersion.major = 4;
- pInfo->hardwareVersion.minor = 0;
- return CKR_OK;
- case PRIVATE_KEY_SLOT_ID:
- PORT_Memcpy(pInfo->label,privTokDescription,32);
- handle = SECKEY_GetDefaultKeyDB();
- /*
- * we have three possible states which we may be in:
- * (1) No DB password has been initialized. This also means we
- * have no keys in the key db.
- * (2) Password initialized to NULL. This means we have keys, but
- * the user has chosen not use a password.
- * (3) Finally we have an initialized password whicn is not NULL, and
- * we will need to prompt for it.
- */
- if (SECKEY_HasKeyDBPassword(handle) == SECFailure) {
- pInfo->flags = CKF_THREAD_SAFE | CKF_LOGIN_REQUIRED;
- } else if (!slot->needLogin) {
- pInfo->flags = CKF_THREAD_SAFE | CKF_USER_PIN_INITIALIZED;
- } else {
- pInfo->flags = CKF_THREAD_SAFE |
- CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED;
- }
- pInfo->ulMaxPinLen = PK11_MAX_PIN;
- pInfo->ulMinPinLen = 0;
- if (minimumPinLen > 0) {
- pInfo->ulMinPinLen = (CK_ULONG)minimumPinLen;
- }
- pInfo->ulTotalPublicMemory = 1;
- pInfo->ulFreePublicMemory = 1;
- pInfo->ulTotalPrivateMemory = 1;
- pInfo->ulFreePrivateMemory = 1;
- pInfo->hardwareVersion.major = CERT_DB_FILE_VERSION;
- pInfo->hardwareVersion.minor = 0;
- return CKR_OK;
- default:
- break;
- }
- return CKR_SLOT_ID_INVALID;
-}
-
-
-
-/* NSC_GetMechanismList obtains a list of mechanism types
- * supported by a token. */
-CK_RV NSC_GetMechanismList(CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount)
-{
- int i;
-
- switch (slotID) {
- case NETSCAPE_SLOT_ID:
- *pulCount = mechanismCount;
- if (pMechanismList != NULL) {
- for (i=0; i < (int) mechanismCount; i++) {
- pMechanismList[i] = mechanisms[i].type;
- }
- }
- return CKR_OK;
- case PRIVATE_KEY_SLOT_ID:
- *pulCount = 0;
- for (i=0; i < (int) mechanismCount; i++) {
- if (mechanisms[i].privkey) {
- (*pulCount)++;
- if (pMechanismList != NULL) {
- *pMechanismList++ = mechanisms[i].type;
- }
- }
- }
- return CKR_OK;
- default:
- break;
- }
- return CKR_SLOT_ID_INVALID;
-}
-
-
-/* NSC_GetMechanismInfo obtains information about a particular mechanism
- * possibly supported by a token. */
-CK_RV NSC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR pInfo)
-{
- PRBool isPrivateKey;
- int i;
-
- switch (slotID) {
- case NETSCAPE_SLOT_ID:
- isPrivateKey = PR_FALSE;
- break;
- case PRIVATE_KEY_SLOT_ID:
- isPrivateKey = PR_TRUE;
- break;
- default:
- return CKR_SLOT_ID_INVALID;
- }
- for (i=0; i < (int) mechanismCount; i++) {
- if (type == mechanisms[i].type) {
- if (isPrivateKey && !mechanisms[i].privkey) {
- return CKR_MECHANISM_INVALID;
- }
- PORT_Memcpy(pInfo,&mechanisms[i].domestic,
- sizeof(CK_MECHANISM_INFO));
- return CKR_OK;
- }
- }
- return CKR_MECHANISM_INVALID;
-}
-
-static SECStatus
-pk11_TurnOffUser(CERTCertificate *cert, SECItem *k, void *arg)
-{
- CERTCertTrust trust;
- SECStatus rv;
-
- rv = CERT_GetCertTrust(cert,&trust);
- if (rv == SECSuccess && ((trust.emailFlags & CERTDB_USER) ||
- (trust.sslFlags & CERTDB_USER) ||
- (trust.objectSigningFlags & CERTDB_USER))) {
- trust.emailFlags &= ~CERTDB_USER;
- trust.sslFlags &= ~CERTDB_USER;
- trust.objectSigningFlags &= ~CERTDB_USER;
- CERT_ChangeCertTrust(cert->dbhandle,cert,&trust);
- }
- return SECSuccess;
-}
-
-/* NSC_InitToken initializes a token. */
-CK_RV NSC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen,CK_CHAR_PTR pLabel) {
- PK11Slot *slot = pk11_SlotFromID(slotID);
- SECKEYKeyDBHandle *handle;
- CERTCertDBHandle *certHandle;
- SECStatus rv;
- int i;
- PK11Object *object;
-
- if (slot == NULL) return CKR_SLOT_ID_INVALID;
-
- /* don't initialize the database if we aren't talking to a token
- * that uses the key database.
- */
- if (slotID == NETSCAPE_SLOT_ID) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
-
- /* first, delete all our loaded key and cert objects from our
- * internal list. */
- PK11_USE_THREADS(PR_Lock(slot->objectLock);)
- for (i=0; i < TOKEN_OBJECT_HASH_SIZE; i++) {
- do {
- object = slot->tokObjects[i];
- /* hand deque */
- /* this duplicates function of NSC_close session functions, but
- * because we know that we are freeing all the sessions, we can
- * do more efficient processing */
- if (object) {
- slot->tokObjects[i] = object->next;
-
- if (object->next) object->next->prev = NULL;
- object->next = object->prev = NULL;
- }
- if (object) pk11_FreeObject(object);
- } while (object != NULL);
- }
- PK11_USE_THREADS(PR_Unlock(slot->objectLock);)
-
- /* then clear out the key database */
- handle = SECKEY_GetDefaultKeyDB();
- if (handle == NULL) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
-
- /* what to do on an error here? */
- rv = SECKEY_ResetKeyDB(handle);
-
- /* finally mark all the user certs as non-user certs */
- certHandle = CERT_GetDefaultCertDB();
- if (certHandle == NULL) return CKR_OK;
-
- SEC_TraversePermCerts(certHandle,pk11_TurnOffUser, NULL);
-
- return CKR_OK; /*is this the right function for not implemented*/
-}
-
-
-/* NSC_InitPIN initializes the normal user's PIN. */
-CK_RV NSC_InitPIN(CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
-{
- PK11Session *sp;
- PK11Slot *slot;
- SECKEYKeyDBHandle *handle;
- SECItem *newPin;
- char newPinStr[256];
- SECStatus rv;
-
-
- sp = pk11_SessionFromHandle(hSession);
- if (sp == NULL) {
- return CKR_SESSION_HANDLE_INVALID;
- }
-
- if (sp->info.slotID == NETSCAPE_SLOT_ID) {
- pk11_FreeSession(sp);
- return CKR_PIN_LEN_RANGE;
- }
-
- /* should be an assert */
- if (!((sp->info.slotID == PRIVATE_KEY_SLOT_ID) ||
- (sp->info.slotID == FIPS_SLOT_ID)) ) {
- pk11_FreeSession(sp);
- return CKR_SESSION_HANDLE_INVALID;;
- }
-
- if (sp->info.state != CKS_RW_SO_FUNCTIONS) {
- pk11_FreeSession(sp);
- return CKR_USER_NOT_LOGGED_IN;
- }
-
- slot = pk11_SlotFromSession(sp);
- pk11_FreeSession(sp);
-
- /* make sure the pins aren't too long */
- if (ulPinLen > 255) {
- return CKR_PIN_LEN_RANGE;
- }
-
- handle = SECKEY_GetDefaultKeyDB();
- if (handle == NULL) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
- if (SECKEY_HasKeyDBPassword(handle) != SECFailure) {
- return CKR_DEVICE_ERROR;
- }
-
- /* convert to null terminated string */
- PORT_Memcpy(newPinStr,pPin,ulPinLen);
- newPinStr[ulPinLen] = 0;
-
- /* build the hashed pins which we pass around */
- newPin = SECKEY_HashPassword(newPinStr,handle->global_salt);
- PORT_Memset(newPinStr,0,sizeof(newPinStr));
-
- /* change the data base */
- rv = SECKEY_SetKeyDBPassword(handle,newPin);
-
- /* Now update our local copy of the pin */
- if (rv == SECSuccess) {
- if (slot->password) {
- SECITEM_ZfreeItem(slot->password, PR_TRUE);
- }
- slot->password = newPin;
- if (ulPinLen == 0) slot->needLogin = PR_FALSE;
- return CKR_OK;
- }
- SECITEM_ZfreeItem(newPin, PR_TRUE);
- return CKR_PIN_INCORRECT;
-}
-
-
-/* NSC_SetPIN modifies the PIN of user that is currently logged in. */
-/* NOTE: This is only valid for the PRIVATE_KEY_SLOT */
-CK_RV NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
- CK_ULONG ulOldLen, CK_CHAR_PTR pNewPin, CK_ULONG ulNewLen)
-{
- PK11Session *sp;
- PK11Slot *slot;
- SECKEYKeyDBHandle *handle;
- SECItem *newPin;
- SECItem *oldPin;
- char newPinStr[256],oldPinStr[256];
- SECStatus rv;
-
-
- sp = pk11_SessionFromHandle(hSession);
- if (sp == NULL) {
- return CKR_SESSION_HANDLE_INVALID;
- }
-
- if (sp->info.slotID == NETSCAPE_SLOT_ID) {
- pk11_FreeSession(sp);
- return CKR_PIN_LEN_RANGE;
- }
-
- /* should be an assert */
- /* should be an assert */
- if (!((sp->info.slotID == PRIVATE_KEY_SLOT_ID) ||
- (sp->info.slotID == FIPS_SLOT_ID)) ) {
- pk11_FreeSession(sp);
- return CKR_SESSION_HANDLE_INVALID;;
- }
-
- slot = pk11_SlotFromSession(sp);
- if (slot->needLogin && sp->info.state != CKS_RW_USER_FUNCTIONS) {
- pk11_FreeSession(sp);
- return CKR_USER_NOT_LOGGED_IN;
- }
-
- pk11_FreeSession(sp);
-
- /* make sure the pins aren't too long */
- if ((ulNewLen > 255) || (ulOldLen > 255)) {
- return CKR_PIN_LEN_RANGE;
- }
-
-
- handle = SECKEY_GetDefaultKeyDB();
- if (handle == NULL) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
-
- /* convert to null terminated string */
- PORT_Memcpy(newPinStr,pNewPin,ulNewLen);
- newPinStr[ulNewLen] = 0;
- PORT_Memcpy(oldPinStr,pOldPin,ulOldLen);
- oldPinStr[ulOldLen] = 0;
-
- /* build the hashed pins which we pass around */
- newPin = SECKEY_HashPassword(newPinStr,handle->global_salt);
- oldPin = SECKEY_HashPassword(oldPinStr,handle->global_salt);
- PORT_Memset(newPinStr,0,sizeof(newPinStr));
- PORT_Memset(oldPinStr,0,sizeof(oldPinStr));
-
- /* change the data base */
- rv = SECKEY_ChangeKeyDBPassword(handle,oldPin,newPin);
-
- /* Now update our local copy of the pin */
- SECITEM_ZfreeItem(oldPin, PR_TRUE);
- if (rv == SECSuccess) {
- if (slot->password) {
- SECITEM_ZfreeItem(slot->password, PR_TRUE);
- }
- slot->password = newPin;
- slot->needLogin = (PRBool)(ulNewLen != 0);
- return CKR_OK;
- }
- SECITEM_ZfreeItem(newPin, PR_TRUE);
- return CKR_PIN_INCORRECT;
-}
-
-/* NSC_OpenSession opens a session between an application and a token. */
-CK_RV NSC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
- CK_VOID_PTR pApplication,CK_NOTIFY Notify,CK_SESSION_HANDLE_PTR phSession)
-{
- PK11Slot *slot;
- CK_SESSION_HANDLE sessionID;
- PK11Session *session;
-
- slot = pk11_SlotFromID(slotID);
- if (slot == NULL) return CKR_SLOT_ID_INVALID;
-
- /* new session (we only have serial sessions) */
- session = pk11_NewSession(slotID, Notify, pApplication,
- flags | CKF_SERIAL_SESSION);
- if (session == NULL) return CKR_HOST_MEMORY;
-
- PK11_USE_THREADS(PR_Lock(slot->sessionLock);)
- sessionID = slot->sessionIDCount++;
- if (slotID == PRIVATE_KEY_SLOT_ID) {
- sessionID |= PK11_PRIVATE_KEY_FLAG;
- } else if (slotID == FIPS_SLOT_ID) {
- sessionID |= PK11_FIPS_FLAG;
- } else if (flags & CKF_RW_SESSION) {
- /* NETSCAPE_SLOT_ID is Read ONLY */
- session->info.flags &= ~CKF_RW_SESSION;
- }
-
- session->handle = sessionID;
- pk11_update_state(slot, session);
- pk11queue_add(session, sessionID, slot->head, SESSION_HASH_SIZE);
- slot->sessionCount++;
- if (session->info.flags & CKF_RW_SESSION) {
- slot->rwSessionCount++;
- }
- PK11_USE_THREADS(PR_Unlock(slot->sessionLock);)
-
- *phSession = sessionID;
- return CKR_OK;
-}
-
-
-/* NSC_CloseSession closes a session between an application and a token. */
-CK_RV NSC_CloseSession(CK_SESSION_HANDLE hSession)
-{
- PK11Slot *slot;
- PK11Session *session;
- SECItem *pw = NULL;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- slot = pk11_SlotFromSession(session);
-
- /* lock */
- PK11_USE_THREADS(PR_Lock(slot->sessionLock);)
- if (pk11queue_is_queued(session,hSession,slot->head,SESSION_HASH_SIZE)) {
- pk11queue_delete(session,hSession,slot->head,SESSION_HASH_SIZE);
- session->refCount--; /* can't go to zero while we hold the reference */
- slot->sessionCount--;
- if (session->info.flags & CKF_RW_SESSION) {
- slot->rwSessionCount--;
- }
- }
- if (slot->sessionCount == 0) {
- pw = slot->password;
- slot->isLoggedIn = PR_FALSE;
- slot->password = NULL;
- }
- PK11_USE_THREADS(PR_Unlock(slot->sessionLock);)
-
- pk11_FreeSession(session);
- if (pw) SECITEM_ZfreeItem(pw, PR_TRUE);
- return CKR_OK;
-}
-
-
-/* NSC_CloseAllSessions closes all sessions with a token. */
-CK_RV NSC_CloseAllSessions (CK_SLOT_ID slotID)
-{
- PK11Slot *slot;
- SECItem *pw = NULL;
- PK11Session *session;
- int i;
-
- slot = pk11_SlotFromID(slotID);
- if (slot == NULL) return CKR_SLOT_ID_INVALID;
-
- /* first log out the card */
- PK11_USE_THREADS(PR_Lock(slot->sessionLock);)
- pw = slot->password;
- slot->isLoggedIn = PR_FALSE;
- slot->password = NULL;
- PK11_USE_THREADS(PR_Unlock(slot->sessionLock);)
- if (pw) SECITEM_ZfreeItem(pw, PR_TRUE);
-
- /* now close all the current sessions */
- /* NOTE: If you try to open new sessions before NSC_CloseAllSessions
- * completes, some of those new sessions may or may not be closed by
- * NSC_CloseAllSessions... but any session running when this code starts
- * will guarrenteed be close, and no session will be partially closed */
- for (i=0; i < SESSION_HASH_SIZE; i++) {
- do {
- PK11_USE_THREADS(PR_Lock(slot->sessionLock);)
- session = slot->head[i];
- /* hand deque */
- /* this duplicates function of NSC_close session functions, but
- * because we know that we are freeing all the sessions, we can
- * do more efficient processing */
- if (session) {
- slot->head[i] = session->next;
- if (session->next) session->next->prev = NULL;
- session->next = session->prev = NULL;
- slot->sessionCount--;
- if (session->info.flags & CKF_RW_SESSION) {
- slot->rwSessionCount--;
- }
- }
- PK11_USE_THREADS(PR_Unlock(slot->sessionLock);)
- if (session) pk11_FreeSession(session);
- } while (session != NULL);
- }
- return CKR_OK;
-}
-
-
-/* NSC_GetSessionInfo obtains information about the session. */
-CK_RV NSC_GetSessionInfo(CK_SESSION_HANDLE hSession,
- CK_SESSION_INFO_PTR pInfo)
-{
- PK11Session *session;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
-
- PORT_Memcpy(pInfo,&session->info,sizeof(CK_SESSION_INFO));
- pk11_FreeSession(session);
- return CKR_OK;
-}
-
-/* NSC_Login logs a user into a token. */
-CK_RV NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
- CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
-{
- PK11Slot *slot;
- PK11Session *session;
- SECKEYKeyDBHandle *handle;
- SECItem *pin;
- char pinStr[256];
-
-
- /* get the slot */
- slot = pk11_SlotFromSessionHandle(hSession);
-
- /* make sure the session is valid */
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- }
- pk11_FreeSession(session);
-
- /* can't log into the Netscape Slot */
- if (slot->slotID == NETSCAPE_SLOT_ID)
- return CKR_USER_TYPE_INVALID;
-
- if (slot->isLoggedIn) return CKR_USER_ALREADY_LOGGED_IN;
- slot->ssoLoggedIn = PR_FALSE;
-
- if (ulPinLen > 255) return CKR_PIN_LEN_RANGE;
-
- /* convert to null terminated string */
- PORT_Memcpy(pinStr,pPin,ulPinLen);
- pinStr[ulPinLen] = 0;
-
- handle = SECKEY_GetDefaultKeyDB();
-
- /*
- * Deal with bootstrap. We allow the SSO to login in with a NULL
- * password if and only if we haven't initialized the KEY DB yet.
- * We only allow this on a RW session.
- */
- if (SECKEY_HasKeyDBPassword(handle) == SECFailure) {
- /* allow SSO's to log in only if there is not password on the
- * key database */
- if (((userType == CKU_SO) && (session->info.flags & CKF_RW_SESSION))
- /* fips always needs to authenticate, even if there isn't a db */
- || (slot->slotID == FIPS_SLOT_ID)) {
- /* should this be a fixed password? */
- if (ulPinLen == 0) {
- SECItem *pw;
- PK11_USE_THREADS(PR_Lock(slot->sessionLock);)
- pw = slot->password;
- slot->password = NULL;
- slot->isLoggedIn = PR_TRUE;
- slot->ssoLoggedIn = (PRBool)(userType == CKU_SO);
- PK11_USE_THREADS(PR_Unlock(slot->sessionLock);)
- pk11_update_all_states(slot);
- SECITEM_ZfreeItem(pw,PR_TRUE);
- return CKR_OK;
- }
- return CKR_PIN_INCORRECT;
- }
- return CKR_USER_TYPE_INVALID;
- }
-
- /* don't allow the SSO to log in if the user is already initialized */
- if (userType != CKU_USER) { return CKR_USER_TYPE_INVALID; }
-
-
- /* build the hashed pins which we pass around */
- pin = SECKEY_HashPassword(pinStr,handle->global_salt);
- if (pin == NULL) return CKR_HOST_MEMORY;
-
- if (SECKEY_CheckKeyDBPassword(handle,pin) == SECSuccess) {
- SECItem *tmp;
- PK11_USE_THREADS(PR_Lock(slot->sessionLock);)
- tmp = slot->password;
- slot->isLoggedIn = PR_TRUE;
- slot->password = pin;
- PK11_USE_THREADS(PR_Unlock(slot->sessionLock);)
- if (tmp) SECITEM_ZfreeItem(tmp, PR_TRUE);
-
- /* update all sessions */
- pk11_update_all_states(slot);
- return CKR_OK;
- }
-
- SECITEM_ZfreeItem(pin, PR_TRUE);
- return CKR_PIN_INCORRECT;
-}
-
-/* NSC_Logout logs a user out from a token. */
-CK_RV NSC_Logout(CK_SESSION_HANDLE hSession)
-{
- PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
- PK11Session *session;
- SECItem *pw = NULL;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- }
-
- if (!slot->isLoggedIn) return CKR_USER_NOT_LOGGED_IN;
-
- PK11_USE_THREADS(PR_Lock(slot->sessionLock);)
- pw = slot->password;
- slot->isLoggedIn = PR_FALSE;
- slot->ssoLoggedIn = PR_FALSE;
- slot->password = NULL;
- PK11_USE_THREADS(PR_Unlock(slot->sessionLock);)
- if (pw) SECITEM_ZfreeItem(pw, PR_TRUE);
-
- pk11_update_all_states(slot);
- return CKR_OK;
-}
-
-
-/* NSC_CreateObject creates a new object. */
-CK_RV NSC_CreateObject(CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phObject)
-{
- PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
- PK11Session *session;
- PK11Object *object;
- CK_RV crv;
- int i;
-
-
- /*
- * now lets create an object to hang the attributes off of
- */
- object = pk11_NewObject(slot); /* fill in the handle later */
- if (object == NULL) {
- return CKR_HOST_MEMORY;
- }
-
- /*
- * load the template values into the object
- */
- for (i=0; i < (int) ulCount; i++) {
- crv = pk11_AddAttributeType(object,pk11_attr_expand(&pTemplate[i]));
- if (crv != CKR_OK) {
- pk11_FreeObject(object);
- return crv;
- }
- }
-
- /* get the session */
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- pk11_FreeObject(object);
- return CKR_SESSION_HANDLE_INVALID;
- }
-
- /*
- * handle the base object stuff
- */
- crv = pk11_handleObject(object,session);
- pk11_FreeSession(session);
- if (crv != CKR_OK) {
- pk11_FreeObject(object);
- return crv;
- }
-
- *phObject = object->handle;
- return CKR_OK;
-}
-
-
-/* NSC_CopyObject copies an object, creating a new object for the copy. */
-CK_RV NSC_CopyObject(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phNewObject)
-{
- PK11Object *destObject,*srcObject;
- PK11Session *session;
- CK_RV crv = CKR_OK;
- PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
- int i;
-
- /* Get srcObject so we can find the class */
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- return CKR_SESSION_HANDLE_INVALID;
- }
- srcObject = pk11_ObjectFromHandle(hObject,session);
- if (srcObject == NULL) {
- pk11_FreeSession(session);
- return CKR_OBJECT_HANDLE_INVALID;
- }
- /*
- * create an object to hang the attributes off of
- */
- destObject = pk11_NewObject(slot); /* fill in the handle later */
- if (destObject == NULL) {
- pk11_FreeSession(session);
- pk11_FreeObject(srcObject);
- return CKR_HOST_MEMORY;
- }
-
- /*
- * load the template values into the object
- */
- for (i=0; i < (int) ulCount; i++) {
- if (pk11_modifyType(pTemplate[i].type,srcObject->objclass) == PK11_NEVER) {
- crv = CKR_ATTRIBUTE_READ_ONLY;
- break;
- }
- crv = pk11_AddAttributeType(destObject,pk11_attr_expand(&pTemplate[i]));
- if (crv != CKR_OK) { break; }
- }
- if (crv != CKR_OK) {
- pk11_FreeSession(session);
- pk11_FreeObject(srcObject);
- pk11_FreeObject(destObject);
- return crv;
- }
-
- /* sensitive can only be changed to CK_TRUE */
- if (pk11_hasAttribute(destObject,CKA_SENSITIVE)) {
- if (!pk11_isTrue(destObject,CKA_SENSITIVE)) {
- pk11_FreeSession(session);
- pk11_FreeObject(srcObject);
- pk11_FreeObject(destObject);
- return CKR_ATTRIBUTE_READ_ONLY;
- }
- }
-
- /*
- * now copy the old attributes from the new attributes
- */
- /* don't create a token object if we aren't in a rw session */
- /* we need to hold the lock to copy a consistant version of
- * the object. */
- crv = pk11_CopyObject(destObject,srcObject);
-
- destObject->objclass = srcObject->objclass;
- pk11_FreeObject(srcObject);
- if (crv != CKR_OK) {
- pk11_FreeObject(destObject);
- pk11_FreeSession(session);
- }
-
- crv = pk11_handleObject(destObject,session);
- *phNewObject = destObject->handle;
- pk11_FreeSession(session);
- if (crv != CKR_OK) {
- pk11_FreeObject(destObject);
- return crv;
- }
-
- return CKR_OK;
-}
-
-
-/* NSC_GetObjectSize gets the size of an object in bytes. */
-CK_RV NSC_GetObjectSize(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize) {
- *pulSize = 0;
- return CKR_OK;
-}
-
-
-/* NSC_GetAttributeValue obtains the value of one or more object attributes. */
-CK_RV NSC_GetAttributeValue(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) {
- PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
- PK11Session *session;
- PK11Object *object;
- PK11Attribute *attribute;
- PRBool sensitive;
- int i;
-
- /*
- * make sure we're allowed
- */
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- return CKR_SESSION_HANDLE_INVALID;
- }
-
- object = pk11_ObjectFromHandle(hObject,session);
- pk11_FreeSession(session);
- if (object == NULL) {
- return CKR_OBJECT_HANDLE_INVALID;
- }
-
- /* don't read a private object if we aren't logged in */
- if ((!slot->isLoggedIn) && (slot->needLogin) &&
- (pk11_isTrue(object,CKA_PRIVATE))) {
- pk11_FreeObject(object);
- return CKR_USER_NOT_LOGGED_IN;
- }
-
- sensitive = pk11_isTrue(object,CKA_SENSITIVE);
- for (i=0; i < (int) ulCount; i++) {
- /* Make sure that this attribute is retrievable */
- if (sensitive && pk11_isSensitive(pTemplate[i].type,object->objclass)) {
- pk11_FreeObject(object);
- return CKR_ATTRIBUTE_SENSITIVE;
- }
- attribute = pk11_FindAttribute(object,pTemplate[i].type);
- if (attribute == NULL) {
- pk11_FreeObject(object);
- return CKR_ATTRIBUTE_TYPE_INVALID;
- }
- if (pTemplate[i].pValue != NULL) {
- PORT_Memcpy(pTemplate[i].pValue,attribute->attrib.pValue,
- attribute->attrib.ulValueLen);
- }
- pTemplate[i].ulValueLen = attribute->attrib.ulValueLen;
- pk11_FreeAttribute(attribute);
- }
-
- pk11_FreeObject(object);
- return CKR_OK;
-}
-
-/* NSC_SetAttributeValue modifies the value of one or more object attributes */
-CK_RV NSC_SetAttributeValue (CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) {
- PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
- PK11Session *session;
- PK11Attribute *attribute;
- PK11Object *object;
- PRBool isToken;
- CK_RV crv = CKR_OK;
- CK_BBOOL legal;
- int i;
-
- /*
- * make sure we're allowed
- */
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- return CKR_SESSION_HANDLE_INVALID;
- }
-
- object = pk11_ObjectFromHandle(hObject,session);
- if (object == NULL) {
- pk11_FreeSession(session);
- return CKR_OBJECT_HANDLE_INVALID;
- }
-
- /* don't modify a private object if we aren't logged in */
- if ((!slot->isLoggedIn) && (slot->needLogin) &&
- (pk11_isTrue(object,CKA_PRIVATE))) {
- pk11_FreeSession(session);
- pk11_FreeObject(object);
- return CKR_USER_NOT_LOGGED_IN;
- }
-
- /* don't modify a token object if we aren't in a rw session */
- isToken = pk11_isTrue(object,CKA_TOKEN);
- if (((session->info.flags & CKF_RW_SESSION) == 0) && isToken) {
- pk11_FreeSession(session);
- pk11_FreeObject(object);
- return CKR_SESSION_READ_ONLY;
- }
- pk11_FreeSession(session);
-
- /* only change modifiable objects */
- if (!pk11_isTrue(object,CKA_MODIFIABLE)) {
- pk11_FreeObject(object);
- return CKR_ATTRIBUTE_READ_ONLY;
- }
-
- for (i=0; i < (int) ulCount; i++) {
- /* Make sure that this attribute is changeable */
- switch (pk11_modifyType(pTemplate[i].type,object->objclass)) {
- case PK11_NEVER:
- case PK11_ONCOPY:
- default:
- crv = CKR_ATTRIBUTE_READ_ONLY;
- break;
-
- case PK11_SENSITIVE:
- legal = (pTemplate[i].type == CKA_EXTRACTABLE) ? CK_FALSE : CK_TRUE;
- if ((*(CK_BBOOL *)pTemplate[i].pValue) != legal) {
- crv = CKR_ATTRIBUTE_READ_ONLY;
- }
- break;
- case PK11_ALWAYS:
- break;
- }
- if (crv != CKR_OK) break;
-
- /* find the old attribute */
- attribute = pk11_FindAttribute(object,pTemplate[i].type);
- if (attribute == NULL) {
- crv =CKR_ATTRIBUTE_TYPE_INVALID;
- break;
- }
- pk11_FreeAttribute(attribute);
- crv = pk11_forceAttribute(object,pk11_attr_expand(&pTemplate[i]));
- if (crv != CKR_OK) break;
-
- }
-
- pk11_FreeObject(object);
- return CKR_OK;
-}
-
-/* stolen from keydb.c */
-#define KEYDB_PW_CHECK_STRING "password-check"
-#define KEYDB_PW_CHECK_LEN 14
-
-SECKEYLowPrivateKey * SECKEY_DecryptKey(DBT *key, SECItem *pwitem,
- SECKEYKeyDBHandle *handle);
-typedef struct pk11keyNodeStr {
- struct pk11keyNodeStr *next;
- SECKEYLowPrivateKey *privKey;
- CERTCertificate *cert;
- SECItem *pubItem;
-} pk11keyNode;
-
-typedef struct {
- PLArenaPool *arena;
- pk11keyNode *head;
- PK11Slot *slot;
-} keyList;
-
-static SECStatus
-add_key_to_list(DBT *key, DBT *data, void *arg)
-{
- keyList *keylist;
- pk11keyNode *node;
- void *keydata;
- SECKEYLowPrivateKey *privKey = NULL;
-
- keylist = (keyList *)arg;
-
- privKey = SECKEY_DecryptKey(key, keylist->slot->password,
- SECKEY_GetDefaultKeyDB());
- if ( privKey == NULL ) {
- goto loser;
- }
-
- /* allocate the node struct */
- node = (pk11keyNode*)PORT_ArenaZAlloc(keylist->arena, sizeof(pk11keyNode));
- if ( node == NULL ) {
- goto loser;
- }
-
- /* allocate room for key data */
- keydata = PORT_ArenaZAlloc(keylist->arena, key->size);
- if ( keydata == NULL ) {
- goto loser;
- }
-
- /* link node into list */
- node->next = keylist->head;
- keylist->head = node;
-
- node->privKey = privKey;
- switch (privKey->keyType) {
- case rsaKey:
- node->pubItem = &privKey->u.rsa.modulus;
- break;
- case dsaKey:
- node->pubItem = &privKey->u.dsa.publicValue;
- break;
- default:
- break;
- }
-
- return(SECSuccess);
-loser:
- if ( privKey ) {
- SECKEY_LowDestroyPrivateKey(privKey);
- }
- return(SECSuccess);
-}
-
-/*
- * If the cert is a user cert, then try to match it to a key on the
- * linked list of private keys built earlier.
- * If the cert matches one on the list, then save it.
- */
-static SECStatus
-add_cert_to_list(CERTCertificate *cert, SECItem *k, void *pdata)
-{
- keyList *keylist;
- pk11keyNode *node;
- SECKEYPublicKey *pubKey = NULL;
- SECItem *pubItem;
- CERTCertificate *oldcert;
-
- keylist = (keyList *)pdata;
-
- /* only if it is a user cert and has a nickname!! */
- if ( ( ( cert->trust->sslFlags & CERTDB_USER ) ||
- ( cert->trust->emailFlags & CERTDB_USER ) ||
- ( cert->trust->objectSigningFlags & CERTDB_USER ) ) &&
- ( cert->nickname != NULL ) ) {
-
- /* get cert's public key */
- pubKey = CERT_ExtractPublicKey(cert);
- if ( pubKey == NULL ) {
- goto done;
- }
-
- /* pk11_GetPubItem returns data associated with the public key.
- * one only needs to free the public key. This comment is here
- * because this sematic would be non-obvious otherwise.
- */
- pubItem = pk11_GetPubItem(pubKey);
- if (pubItem == NULL) goto done;
-
- node = keylist->head;
- while ( node ) {
- /* if key type is different, then there is no match */
- if ( node->privKey->keyType == pubKey->keyType ) {
-
- /* compare public value from cert with public value from
- * the key
- */
- if ( SECITEM_CompareItem(pubItem, node->pubItem) == SECEqual ){
- /* this is a match */
-
- /* if no cert has yet been found for this key, or this
- * cert is newer, then save this cert
- */
- if ( ( node->cert == NULL ) ||
- CERT_IsNewer(cert, node->cert ) ) {
-
- oldcert = node->cert;
-
- /* get a real DB copy of the cert, since the one
- * passed in here is not properly recorded in the
- * temp database
- */
-
- /* We need a better way to deal with this */
- node->cert =
- CERT_FindCertByKeyNoLocking(CERT_GetDefaultCertDB(),
- &cert->certKey);
-
- /* free the old cert if there was one */
- if ( oldcert ) {
- CERT_DestroyCertificate(oldcert);
- }
- }
- }
- }
-
- node = node->next;
- }
- }
-done:
- if ( pubKey ) {
- SECKEY_DestroyPublicKey(pubKey);
- }
-
- return(SECSuccess);
-}
-
-#if 0
-/* This appears to be obsolete - TNH */
-static SECItem *
-decodeKeyDBGlobalSalt(DBT *saltData)
-{
- SECItem *saltitem;
-
- saltitem = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if ( saltitem == NULL ) {
- return(NULL);
- }
-
- saltitem->data = (unsigned char *)PORT_ZAlloc(saltData->size);
- if ( saltitem->data == NULL ) {
- PORT_Free(saltitem);
- return(NULL);
- }
-
- saltitem->len = saltData->size;
- PORT_Memcpy(saltitem->data, saltData->data, saltitem->len);
-
- return(saltitem);
-}
-#endif
-
-#if 0
-/*
- * Create a (fixed) DES3 key [ testing ]
- */
-static unsigned char keyValue[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
-};
-
-static SECItem keyItem = {
- 0,
- keyValue,
- sizeof keyValue
-};
-
-static unsigned char keyID[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
-static SECItem keyIDItem = {
- 0,
- keyID,
- sizeof keyID
-};
-/* +AAA */
-static CK_RV
-pk11_createFixedDES3Key(PK11Slot *slot)
-{
- CK_RV rv = CKR_OK;
- PK11Object *keyObject;
- CK_BBOOL true = CK_TRUE;
- CK_OBJECT_CLASS class = CKO_SECRET_KEY;
- CK_KEY_TYPE keyType = CKK_DES3;
-
- /*
- * Create the object
- */
- keyObject = pk11_NewObject(slot); /* fill in the handle later */
- if (keyObject == NULL) {
- return CKR_HOST_MEMORY;
- }
-
- /* Add attributes to the object */
- rv = pk11_AddAttributeType(keyObject, CKA_ID, keyID, sizeof keyID);
- if (rv != CKR_OK) {
- pk11_FreeObject(keyObject);
- return rv;
- }
-
- rv = pk11_AddAttributeType(keyObject, CKA_VALUE, keyValue, sizeof keyValue);
- if (rv != CKR_OK) {
- pk11_FreeObject(keyObject);
- return rv;
- }
-
- rv = pk11_AddAttributeType(keyObject, CKA_TOKEN, &true, sizeof true);
- if (rv != CKR_OK) {
- pk11_FreeObject(keyObject);
- return rv;
- }
-
- rv = pk11_AddAttributeType(keyObject, CKA_CLASS, &class, sizeof class);
- if (rv != CKR_OK) {
- pk11_FreeObject(keyObject);
- return rv;
- }
-
- rv = pk11_AddAttributeType(keyObject, CKA_KEY_TYPE, &keyType, sizeof keyType);
- if (rv != CKR_OK) {
- pk11_FreeObject(keyObject);
- return rv;
- }
-
- pk11_handleSecretKeyObject(keyObject, keyType, PR_TRUE);
-
- PK11_USE_THREADS(PR_Lock(slot->objectLock);)
- keyObject->handle = slot->tokenIDCount++;
- PK11_USE_THREADS(PR_Unlock(slot->objectLock);)
- keyObject->slot = slot;
- keyObject->objclass = CKO_SECRET_KEY;
- pk11_AddSlotObject(slot, keyObject);
-
- return rv;
-}
-#endif /* Fixed DES key */
-
-/*
- * load up our token database
- */
-static CK_RV
-pk11_importKeyDB(PK11Slot *slot)
-{
- keyList keylist;
- pk11keyNode *node;
- CK_RV crv;
- SECStatus rv;
- PK11Object *privateKeyObject;
- PK11Object *publicKeyObject;
- PK11Object *certObject;
-
- /* traverse the database, collecting the index keys of all
- * records into a linked list
- */
- keylist.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( keylist.arena == NULL ) {
- return CKR_HOST_MEMORY;
- }
- keylist.head = NULL;
- keylist.slot = slot;
-
- /* collect all of the keys */
- rv = SECKEY_TraverseKeys(SECKEY_GetDefaultKeyDB(),
- add_key_to_list, (void *)&keylist);
- if (rv != SECSuccess) {
- PORT_FreeArena(keylist.arena, PR_FALSE);
- return CKR_HOST_MEMORY;
- }
-
- /* find certs that match any of the keys */
- crv = SEC_TraversePermCerts(CERT_GetDefaultCertDB(),
- add_cert_to_list, (void *)&keylist);
- if ( crv != SECSuccess ) {
- PORT_FreeArena(keylist.arena, PR_FALSE);
- return CKR_HOST_MEMORY;
- }
-
- /* now traverse the list and entry certs/keys into the
- * pkcs11 world
- */
- for (node = keylist.head; node != NULL; node=node->next ) {
- /* Check for "special" private key that wraps a symmetric key */
- if (isSecretKey(node->privKey)) {
- importSecretKey(slot, node->privKey);
- goto end_loop;
- }
-
- /* create the private key object */
- privateKeyObject = pk11_importPrivateKey(slot, node->privKey,
- node->pubItem);
- if ( privateKeyObject == NULL ) {
- goto end_loop;
- }
-
- publicKeyObject = pk11_importPublicKey(slot, node->privKey, NULL,
- node->pubItem);
- if ( node->cert ) {
- /* Now import the Cert */
- certObject = pk11_importCertificate(slot, node->cert,
- node->pubItem->data,
- node->pubItem->len, PR_TRUE);
-
- /* Copy the subject */
- if ( certObject ) {
- /* NOTE: cert has been adopted */
- PK11Attribute *attribute;
-
- /* Copy the Subject */
- attribute = pk11_FindAttribute(certObject,CKA_SUBJECT);
- if (attribute) {
- pk11_forceAttribute(privateKeyObject,
- pk11_attr_expand(&attribute->attrib));
- if (publicKeyObject) {
- pk11_forceAttribute(publicKeyObject,
- pk11_attr_expand(&attribute->attrib));
- }
- pk11_FreeAttribute(attribute);
- }
- pk11_FreeObject(certObject);
- }
- }
-
- if ( publicKeyObject != NULL ) {
- pk11_AddSlotObject(slot, publicKeyObject);
- }
-
- pk11_AddSlotObject(slot, privateKeyObject);
-
-end_loop:
- SECKEY_LowDestroyPrivateKey(node->privKey);
- if ( node->cert ) {
- CERT_DestroyCertificate(node->cert);
- }
-
- }
- PORT_FreeArena(keylist.arena, PR_FALSE);
-
- return CKR_OK;
-}
-
-/*
- * structure to collect certs into
- */
-typedef struct pk11CertDataStr {
- int cert_count;
- int max_cert_count;
- CERTCertificate **certs;
-} pk11CertData;
-
-/*
- * collect all the certs from the traverse call.
- */
-static SECStatus
-pk11_cert_collect(CERTCertificate *cert,void *arg) {
- pk11CertData *cd = (pk11CertData *)arg;
-
- /* shouldn't happen, but don't crash if it does */
- if (cd->cert_count >= cd->max_cert_count) {
- PORT_Assert(0);
- return SECFailure;
- }
-
- cd->certs[cd->cert_count++] = CERT_DupCertificate(cert);
- return SECSuccess;
-}
-
-/*
- * find any certs that may match the template and load them.
- */
-static void
-pk11_searchCerts(PK11Slot *slot, CK_ATTRIBUTE *pTemplate, CK_LONG ulCount) {
- int i;
- SECItem derCert = { siBuffer, NULL, 0 };
- SECItem derSubject = { siBuffer, NULL, 0 };
- SECItem name = { siBuffer, NULL, 0 };
- CERTIssuerAndSN issuerSN = {
- { siBuffer, NULL, 0 },
- { NULL, NULL },
- { siBuffer, NULL, 0 }
- };
- SECItem *copy = NULL;
- CERTCertDBHandle *handle = NULL;
- SECKEYKeyDBHandle *keyHandle = NULL;
- pk11CertData certData;
-
-
- /*
- * These should be stored in the slot some day in the future
- */
- handle = CERT_GetDefaultCertDB();
- if (handle == NULL) return;
- keyHandle = SECKEY_GetDefaultKeyDB();
- if (keyHandle == NULL) return;
-
- /*
- * look for things to search on certs for. We only need one of these
- * items. If we find all the certs that match that item, import them
- * (as long as they are user certs). We'll let find objects filter out
- * the ones that don't apply.
- */
- for (i=0 ;i < (int)ulCount; i++) {
-
- switch (pTemplate[i].type) {
- case CKA_SUBJECT: copy = &derSubject; break;
- case CKA_ISSUER: copy = &issuerSN.derIssuer; break;
- case CKA_SERIAL_NUMBER: copy = &issuerSN.serialNumber; break;
- case CKA_VALUE: copy = &derCert; break;
- case CKA_LABEL: copy = &name; break;
- case CKA_CLASS:
- if (pTemplate[i].ulValueLen != sizeof(CK_OBJECT_CLASS)) {
- return;
- }
- if (*((CK_OBJECT_CLASS *)pTemplate[i].pValue) != CKO_CERTIFICATE) {
- return;
- }
- copy = NULL; break;
- case CKA_PRIVATE:
- if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) {
- return;
- }
- if (*((CK_BBOOL *)pTemplate[i].pValue) != CK_FALSE) {
- return;
- }
- copy = NULL; break;
- case CKA_TOKEN:
- if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) {
- return;
- }
- if (*((CK_BBOOL *)pTemplate[i].pValue) != CK_TRUE) {
- return;
- }
- copy = NULL; break;
- case CKA_CERTIFICATE_TYPE:
- case CKA_ID:
- case CKA_MODIFIABLE:
- copy = NULL; break;
- /* can't be a certificate if it doesn't match one of the above
- * attributes */
- default: return;
- }
- if (copy) {
- copy->data = (unsigned char*)pTemplate[i].pValue;
- copy->len = pTemplate[i].ulValueLen;
- }
- }
-
- certData.max_cert_count = 0;
- certData.certs = NULL;
- certData.cert_count = 0;
-
- if (derCert.data != NULL) {
- CERTCertificate *cert = CERT_FindCertByDERCert(handle,&derCert);
- if (cert != NULL) {
- certData.certs =
- (CERTCertificate **) PORT_Alloc(sizeof (CERTCertificate *));
- if (certData.certs) {
- certData.certs[0] = cert;
- certData.cert_count = 1;
- } else CERT_DestroyCertificate(cert);
- }
- } else if (name.data != NULL) {
- char *tmp_name = (char*)PORT_Alloc(name.len+1);
-
- if (tmp_name == NULL) {
- return;
- }
- PORT_Memcpy(tmp_name,name.data,name.len);
- tmp_name[name.len] = 0;
-
- certData.max_cert_count=CERT_NumPermCertsForNickname(handle,tmp_name);
- if (certData.max_cert_count > 0) {
- certData.certs = (CERTCertificate **)
- PORT_Alloc(certData.max_cert_count *sizeof(CERTCertificate *));
- if (certData.certs) {
- CERT_TraversePermCertsForNickname(handle,tmp_name,
- pk11_cert_collect, &certData);
- }
-
- }
-
- PORT_Free(tmp_name);
- } else if (derSubject.data != NULL) {
- certData.max_cert_count=CERT_NumPermCertsForSubject(handle,&derSubject);
- if (certData.max_cert_count > 0) {
- certData.certs = (CERTCertificate **)
- PORT_Alloc(certData.max_cert_count *sizeof(CERTCertificate *));
- if (certData.certs) {
- CERT_TraversePermCertsForSubject(handle,&derSubject,
- pk11_cert_collect, &certData);
- }
- }
- } else if ((issuerSN.derIssuer.data != NULL) &&
- (issuerSN.serialNumber.data != NULL)) {
- CERTCertificate *cert = CERT_FindCertByIssuerAndSN(handle,&issuerSN);
-
- if (cert != NULL) {
- certData.certs =
- (CERTCertificate **) PORT_Alloc(sizeof (CERTCertificate *));
- if (certData.certs) {
- certData.certs[0] = cert;
- certData.cert_count = 1;
- } else CERT_DestroyCertificate(cert);
- }
- } else {
- /* PORT_Assert(0); may get called when not looking for certs */
- /* look up all the certs sometime, and get rid of the assert */;
- }
-
-
- for (i=0 ; i < certData.cert_count ; i++) {
- CERTCertificate *cert = certData.certs[i];
-
- /* we are only interested in permanment user certs here */
- if ((cert->isperm) && (cert->trust) &&
- (( cert->trust->sslFlags & CERTDB_USER ) ||
- ( cert->trust->emailFlags & CERTDB_USER ) ||
- ( cert->trust->objectSigningFlags & CERTDB_USER )) &&
- ( cert->nickname != NULL ) &&
- (SECKEY_KeyForCertExists(keyHandle, cert) == SECSuccess)) {
- PK11Object *obj;
- pk11_importCertificate(slot, cert, NULL, 0, PR_FALSE);
- obj = pk11_importPublicKey(slot, NULL, cert, NULL);
- if (obj) pk11_AddSlotObject(slot, obj);
- }
- CERT_DestroyCertificate(cert);
- }
- if (certData.certs) PORT_Free(certData.certs);
-
- return;
-}
-
-
-/* NSC_FindObjectsInit initializes a search for token and session objects
- * that match a template. */
-CK_RV NSC_FindObjectsInit(CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount)
-{
- PK11ObjectListElement *objectList = NULL;
- PK11ObjectListElement *olp;
- PK11SearchResults *search,*freeSearch;
- PK11Session *session;
- PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
- int count, i;
- CK_RV crv;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- return CKR_SESSION_HANDLE_INVALID;
- }
-
- /* resync token objects with the data base */
- if ((session->info.slotID == PRIVATE_KEY_SLOT_ID) ||
- (session->info.slotID == FIPS_SLOT_ID)) {
- if (slot->DB_loaded == PR_FALSE) {
- /* if we aren't logged in, we can't unload all key keys
- * and certs. Just unload those certs we need for this search
- */
- if ((!slot->isLoggedIn) && (slot->needLogin)) {
- pk11_searchCerts(slot,pTemplate,ulCount);
- } else {
- pk11_importKeyDB(slot);
- slot->DB_loaded = PR_TRUE;
- }
- }
- }
-
-
- /* build list of found objects in the session */
- crv = pk11_searchObjectList(&objectList,slot->tokObjects,
- slot->objectLock, pTemplate, ulCount, (PRBool)((!slot->needLogin) ||
- slot->isLoggedIn));
- if (crv != CKR_OK) {
- pk11_FreeObjectList(objectList);
- pk11_FreeSession(session);
- return crv;
- }
-
-
- /* copy list to session */
- count = 0;
- for (olp = objectList; olp != NULL; olp = olp->next) {
- count++;
- }
- search = (PK11SearchResults *)PORT_Alloc(sizeof(PK11SearchResults));
- if (search == NULL) {
- pk11_FreeObjectList(objectList);
- pk11_FreeSession(session);
- return CKR_HOST_MEMORY;
- }
- search->handles = (CK_OBJECT_HANDLE *)
- PORT_Alloc(sizeof(CK_OBJECT_HANDLE) * count);
- if (search->handles == NULL) {
- PORT_Free(search);
- pk11_FreeObjectList(objectList);
- pk11_FreeSession(session);
- return CKR_HOST_MEMORY;
- }
- for (i=0; i < count; i++) {
- search->handles[i] = objectList->object->handle;
- objectList = pk11_FreeObjectListElement(objectList);
- }
-
- /* store the search info */
- search->index = 0;
- search->size = count;
- if ((freeSearch = session->search) != NULL) {
- session->search = NULL;
- pk11_FreeSearch(freeSearch);
- }
- session->search = search;
- pk11_FreeSession(session);
- return CKR_OK;
-}
-
-
-/* NSC_FindObjects continues a search for token and session objects
- * that match a template, obtaining additional object handles. */
-CK_RV NSC_FindObjects(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE_PTR phObject,CK_ULONG ulMaxObjectCount,
- CK_ULONG_PTR pulObjectCount)
-{
- PK11Session *session;
- PK11SearchResults *search;
- int transfer;
- int left;
-
- *pulObjectCount = 0;
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- if (session->search == NULL) {
- pk11_FreeSession(session);
- return CKR_OK;
- }
- search = session->search;
- left = session->search->size - session->search->index;
- transfer = ((int)ulMaxObjectCount > left) ? left : ulMaxObjectCount;
- PORT_Memcpy(phObject,&search->handles[search->index],
- transfer*sizeof(CK_OBJECT_HANDLE_PTR));
- search->index += transfer;
- if (search->index == search->size) {
- session->search = NULL;
- pk11_FreeSearch(search);
- }
- *pulObjectCount = transfer;
- return CKR_OK;
-}
-
-/* NSC_FindObjectsFinal finishes a search for token and session objects. */
-CK_RV NSC_FindObjectsFinal(CK_SESSION_HANDLE hSession)
-{
- PK11Session *session;
- PK11SearchResults *search;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- search = session->search;
- session->search = NULL;
- if (search == NULL) {
- pk11_FreeSession(session);
- return CKR_OK;
- }
- pk11_FreeSearch(search);
- return CKR_OK;
-}
-
-
-
-CK_RV NSC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
- CK_VOID_PTR pReserved)
-{
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
diff --git a/security/nss/lib/softoken/pkcs11.h b/security/nss/lib/softoken/pkcs11.h
deleted file mode 100644
index 28fd0cd8e..000000000
--- a/security/nss/lib/softoken/pkcs11.h
+++ /dev/null
@@ -1,316 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-#ifndef _PKCS11_H_
-#define _PKCS11_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Before including this file (pkcs11.h) (or pkcs11t.h by
- * itself), 6 platform-specific macros must be defined. These
- * macros are described below, and typical definitions for them
- * are also given. Be advised that these definitions can depend
- * on both the platform and the compiler used (and possibly also
- * on whether a PKCS #11 library is linked statically or
- * dynamically).
- *
- * In addition to defining these 6 macros, the packing convention
- * for PKCS #11 structures should be set. The PKCS #11
- * convention on packing is that structures should be 1-byte
- * aligned.
- *
- * In a Win32 environment, this might be done by using the
- * following preprocessor directive before including pkcs11.h
- * or pkcs11t.h:
- *
- * #pragma pack(push, cryptoki, 1)
- *
- * and using the following preprocessor directive after including
- * pkcs11.h or pkcs11t.h:
- *
- * #pragma pack(pop, cryptoki)
- *
- * In a Win16 environment, this might be done by using the
- * following preprocessor directive before including pkcs11.h
- * or pkcs11t.h:
- *
- * #pragma pack(1)
- *
- * In a UNIX environment, you're on your own here. You might
- * not need to do anything.
- *
- *
- * Now for the macros:
- *
- *
- * 1. CK_PTR: The indirection string for making a pointer to an
- * object. It can be used like this:
- *
- * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
- *
- * In a Win32 environment, it might be defined by
- *
- * #define CK_PTR *
- *
- * In a Win16 environment, it might be defined by
- *
- * #define CK_PTR far *
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_PTR *
- *
- *
- * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
- * an exportable PKCS #11 library function definition out of a
- * return type and a function name. It should be used in the
- * following fashion to define the exposed PKCS #11 functions in
- * a PKCS #11 library:
- *
- * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
- * CK_VOID_PTR pReserved
- * )
- * {
- * ...
- * }
- *
- * For defining a function in a Win32 PKCS #11 .dll, it might be
- * defined by
- *
- * #define CK_DEFINE_FUNCTION(returnType, name) \
- * returnType __declspec(dllexport) name
- *
- * For defining a function in a Win16 PKCS #11 .dll, it might be
- * defined by
- *
- * #define CK_DEFINE_FUNCTION(returnType, name) \
- * returnType __export _far _pascal name
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_DEFINE_FUNCTION(returnType, name) \
- * returnType name
- *
- *
- * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
- * an importable PKCS #11 library function declaration out of a
- * return type and a function name. It should be used in the
- * following fashion:
- *
- * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
- * CK_VOID_PTR pReserved
- * );
- *
- * For declaring a function in a Win32 PKCS #11 .dll, it might
- * be defined by
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- * returnType __declspec(dllimport) name
- *
- * For declaring a function in a Win16 PKCS #11 .dll, it might
- * be defined by
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- * returnType __export _far _pascal name
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- * returnType name
- *
- *
- * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
- * which makes a PKCS #11 API function pointer declaration or
- * function pointer type declaration out of a return type and a
- * function name. It should be used in the following fashion:
- *
- * // Define funcPtr to be a pointer to a PKCS #11 API function
- * // taking arguments args and returning CK_RV.
- * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
- *
- * or
- *
- * // Define funcPtrType to be the type of a pointer to a
- * // PKCS #11 API function taking arguments args and returning
- * // CK_RV, and then define funcPtr to be a variable of type
- * // funcPtrType.
- * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
- * funcPtrType funcPtr;
- *
- * For accessing functions in a Win32 PKCS #11 .dll, in might be
- * defined by
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- * returnType __declspec(dllimport) (* name)
- *
- * For accessing functions in a Win16 PKCS #11 .dll, it might be
- * defined by
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- * returnType __export _far _pascal (* name)
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- * returnType (* name)
- *
- *
- * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
- * a function pointer type for an application callback out of
- * a return type for the callback and a name for the callback.
- * It should be used in the following fashion:
- *
- * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
- *
- * to declare a function pointer, myCallback, to a callback
- * which takes arguments args and returns a CK_RV. It can also
- * be used like this:
- *
- * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
- * myCallbackType myCallback;
- *
- * In a Win32 environment, it might be defined by
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- * returnType (* name)
- *
- * In a Win16 environment, it might be defined by
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- * returnType _far _pascal (* name)
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- * returnType (* name)
- *
- *
- * 6. NULL_PTR: This macro is the value of a NULL pointer.
- *
- * In any ANSI/ISO C environment (and in many others as well),
- * this should be defined by
- *
- * #ifndef NULL_PTR
- * #define NULL_PTR 0
- * #endif
- */
-
-
-/* All the various PKCS #11 types and #define'd values are in the
- * file pkcs11t.h. */
-#include "pkcs11t.h"
-
-#define __PASTE(x,y) x##y
-
-
-/* packing defines */
-#include "pkcs11p.h"
-/* ==============================================================
- * Define the "extern" form of all the entry points.
- * ==============================================================
- */
-
-#define CK_NEED_ARG_LIST 1
-#define CK_PKCS11_FUNCTION_INFO(name) \
- CK_DECLARE_FUNCTION(CK_RV, name)
-
-/* pkcs11f.h has all the information about the PKCS #11
- * function prototypes. */
-#include "pkcs11f.h"
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-/* ==============================================================
- * Define the typedef form of all the entry points. That is, for
- * each PKCS #11 function C_XXX, define a type CK_C_XXX which is
- * a pointer to that kind of function.
- * ==============================================================
- */
-
-#define CK_NEED_ARG_LIST 1
-#define CK_PKCS11_FUNCTION_INFO(name) \
- typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
-
-/* pkcs11f.h has all the information about the PKCS #11
- * function prototypes. */
-#include "pkcs11f.h"
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-/* ==============================================================
- * Define structed vector of entry points. A CK_FUNCTION_LIST
- * contains a CK_VERSION indicating a library's PKCS #11 version
- * and then a whole slew of function pointers to the routines in
- * the library. This type was declared, but not defined, in
- * pkcs11t.h.
- * ==============================================================
- */
-
-#define CK_PKCS11_FUNCTION_INFO(name) \
- __PASTE(CK_,name) name;
-
-struct CK_FUNCTION_LIST {
-
- CK_VERSION version; /* PKCS #11 version */
-
-/* Pile all the function pointers into the CK_FUNCTION_LIST. */
-/* pkcs11f.h has all the information about the PKCS #11
- * function prototypes. */
-#include "pkcs11f.h"
-
-};
-
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-#undef __PASTE
-
-/* unpack */
-#include "pkcs11u.h"
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
deleted file mode 100644
index 9689982ba..000000000
--- a/security/nss/lib/softoken/pkcs11c.c
+++ /dev/null
@@ -1,5323 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * This file implements PKCS 11 on top of our existing security modules
- *
- * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
- * This implementation has two slots:
- * slot 1 is our generic crypto support. It does not require login.
- * It supports Public Key ops, and all they bulk ciphers and hashes.
- * It can also support Private Key ops for imported Private keys. It does
- * not have any token storage.
- * slot 2 is our private key support. It requires a login before use. It
- * can store Private Keys and Certs as token objects. Currently only private
- * keys and their associated Certificates are saved on the token.
- *
- * In this implementation, session objects are only visible to the session
- * that created or generated them.
- */
-#include "seccomon.h"
-#include "secitem.h"
-#include "secport.h"
-#include "blapi.h"
-#include "pkcs11.h"
-#include "pkcs11i.h"
-#include "keylow.h"
-#include "cert.h"
-#include "sechash.h"
-#include "secder.h"
-#include "secdig.h"
-#include "secpkcs5.h" /* We do PBE below */
-#include "pkcs11t.h"
-#include "secoid.h"
-#include "alghmac.h"
-#include "softoken.h"
-#include "secasn1.h"
-#include "secmodi.h"
-
-#include "certdb.h"
-#include "ssl3prot.h" /* for SSL3_RANDOM_LENGTH */
-
-#define __PASTE(x,y) x##y
-
-/*
- * we renamed all our internal functions, get the correct
- * definitions for them...
- */
-#undef CK_PKCS11_FUNCTION_INFO
-#undef CK_NEED_ARG_LIST
-
-#define CK_EXTERN extern
-#define CK_PKCS11_FUNCTION_INFO(func) \
- CK_RV __PASTE(NS,func)
-#define CK_NEED_ARG_LIST 1
-
-#include "pkcs11f.h"
-
-
-/* forward static declaration. */
-static SECStatus pk11_PRF(const SECItem *secret, const char *label,
- SECItem *seed, SECItem *result);
-
-#define PK11_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb)))
-
-static void pk11_Null(void *data, PRBool freeit)
-{
- return;
-}
-
-/*
- * free routines.... Free local type allocated data, and convert
- * other free routines to the destroy signature.
- */
-static void
-pk11_FreePrivKey(SECKEYLowPrivateKey *key, PRBool freeit)
-{
- SECKEY_LowDestroyPrivateKey(key);
-}
-
-static void
-pk11_HMAC_Destroy(HMACContext *context, PRBool freeit)
-{
- HMAC_Destroy(context);
-}
-
-static void
-pk11_Space(void *data, PRBool freeit)
-{
- PORT_Free(data);
-}
-
-static void pk11_FreeSignInfo(PK11HashSignInfo *data, PRBool freeit)
-{
- SECKEY_LowDestroyPrivateKey(data->key);
- PORT_Free(data);
-}
-
-static DSAPublicKey *
-DSA_CreateVerifyContext(SECKEYLowPublicKey *pubKey)
-{
- PLArenaPool * arena;
- DSAPublicKey * dsaKey;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) goto loser;
- dsaKey = (DSAPublicKey *)PORT_ArenaZAlloc(arena, sizeof (DSAPublicKey));
- if (!dsaKey) goto loser;
- dsaKey->params.arena = arena;
-
-#define COPY_DSA_ITEM(item) \
- rv = SECITEM_CopyItem(arena, &dsaKey->item, &pubKey->u.dsa.item); \
- if (rv != SECSuccess) goto loser;
-
- COPY_DSA_ITEM(params.prime);
- COPY_DSA_ITEM(params.subPrime);
- COPY_DSA_ITEM(params.base);
- COPY_DSA_ITEM(publicValue);
- return dsaKey;
-
-loser:
- if (arena)
- PORT_FreeArena(arena, PR_TRUE);
- return NULL;
-
-#undef COPY_DSA_ITEM
-}
-
-static void
-DSA_DestroyVerifyContext(DSAPublicKey * key)
-{
- if (key && key->params.arena)
- PORT_FreeArena(key->params.arena, PR_TRUE);
-}
-
-static DSAPrivateKey *
-DSA_CreateSignContext(SECKEYLowPrivateKey *privKey)
-{
- PLArenaPool * arena;
- DSAPrivateKey * dsaKey;
- SECStatus rv;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) goto loser;
- dsaKey = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof (DSAPrivateKey));
- if (!dsaKey) goto loser;
- dsaKey->params.arena = arena;
-
-#define COPY_DSA_ITEM(item) \
- rv = SECITEM_CopyItem(arena, &dsaKey->item, &privKey->u.dsa.item); \
- if (rv != SECSuccess) goto loser;
-
- COPY_DSA_ITEM(params.prime);
- COPY_DSA_ITEM(params.subPrime);
- COPY_DSA_ITEM(params.base);
- COPY_DSA_ITEM(publicValue);
- COPY_DSA_ITEM(privateValue);
- return dsaKey;
-
-loser:
- if (arena)
- PORT_FreeArena(arena, PR_TRUE);
- return NULL;
-
-#undef COPY_DSA_ITEM
-}
-
-static void
-DSA_DestroySignContext(DSAPrivateKey * key)
-{
- if (key && key->params.arena)
- PORT_FreeArena(key->params.arena, PR_TRUE);
-}
-
-/*
- * turn a CDMF key into a des key. CDMF is an old IBM scheme to export DES by
- * Deprecating a full des key to 40 bit key strenth.
- */
-static CK_RV
-pk11_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey)
-{
- unsigned char key1[8] = { 0xc4, 0x08, 0xb0, 0x54, 0x0b, 0xa1, 0xe0, 0xae };
- unsigned char key2[8] = { 0xef, 0x2c, 0x04, 0x1c, 0xe6, 0x38, 0x2f, 0xe6 };
- unsigned char enc_src[8];
- unsigned char enc_dest[8];
- unsigned int leng,i;
- DESContext *descx;
- SECStatus rv;
-
-
- /* zero the parity bits */
- for (i=0; i < 8; i++) {
- enc_src[i] = cdmfkey[i] & 0xfe;
- }
-
- /* encrypt with key 1 */
- descx = DES_CreateContext(key1, NULL, NSS_DES, PR_TRUE);
- if (descx == NULL) return CKR_HOST_MEMORY;
- rv = DES_Encrypt(descx, enc_dest, &leng, 8, enc_src, 8);
- DES_DestroyContext(descx,PR_TRUE);
- if (rv != SECSuccess) return CKR_DEVICE_ERROR;
-
- /* xor source with des, zero the parity bits and depricate the key*/
- for (i=0; i < 8; i++) {
- if (i & 1) {
- enc_src[i] = (enc_src[i] ^ enc_dest[i]) & 0xfe;
- } else {
- enc_src[i] = (enc_src[i] ^ enc_dest[i]) & 0x0e;
- }
- }
-
- /* encrypt with key 2 */
- descx = DES_CreateContext(key2, NULL, NSS_DES, PR_TRUE);
- if (descx == NULL) return CKR_HOST_MEMORY;
- rv = DES_Encrypt(descx, deskey, &leng, 8, enc_src, 8);
- DES_DestroyContext(descx,PR_TRUE);
- if (rv != SECSuccess) return CKR_DEVICE_ERROR;
-
- /* set the corret parity on our new des key */
- pk11_FormatDESKey(deskey, 8);
- return CKR_OK;
-}
-
-
-static CK_RV
-pk11_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey, CK_ATTRIBUTE_TYPE etype,
- PK11ContextType contextType);
-/*
- * Calculate a Lynx checksum for CKM_LYNX_WRAP mechanism.
- */
-static CK_RV
-pk11_calcLynxChecksum(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hWrapKey,
- unsigned char *checksum, unsigned char *key, CK_ULONG len)
-{
-
- CK_BYTE E[10];
- CK_ULONG Elen = sizeof (E);
- CK_BYTE C[8];
- CK_ULONG Clen = sizeof (C);
- unsigned short sum1 = 0, sum2 = 0;
- CK_MECHANISM mech = { CKM_DES_ECB, NULL, 0 };
- int i;
- CK_RV crv;
-
- if (len != 8) return CKR_WRAPPED_KEY_LEN_RANGE;
-
- /* zero the parity bits */
- for (i=0; i < 8; i++) {
- sum1 = sum1 + key[i];
- sum2 = sum2 + sum1;
- }
-
- /* encrypt with key 1 */
-
- crv = pk11_EncryptInit(hSession,&mech,hWrapKey,CKA_WRAP, PK11_ENCRYPT);
- if (crv != CKR_OK) return crv;
-
- crv = NSC_Encrypt(hSession,key,len,E,&Elen);
- if (crv != CKR_OK) return crv;
-
- E[8] = (sum2 >> 8) & 0xff;
- E[9] = sum2 & 0xff;
-
- crv = pk11_EncryptInit(hSession,&mech,hWrapKey,CKA_WRAP, PK11_ENCRYPT);
- if (crv != CKR_OK) return crv;
-
- crv = NSC_Encrypt(hSession,&E[2],len,C,&Clen);
- if (crv != CKR_OK) return crv;
-
- checksum[0] = C[6];
- checksum[1] = C[7];
-
- return CKR_OK;
-}
-/* NSC_DestroyObject destroys an object. */
-CK_RV
-NSC_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
-{
- PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
- PK11Session *session;
- PK11Object *object;
- PK11FreeStatus status;
-
- /*
- * This whole block just makes sure we really can destroy the
- * requested object.
- */
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- return CKR_SESSION_HANDLE_INVALID;
- }
-
- object = pk11_ObjectFromHandle(hObject,session);
- if (object == NULL) {
- pk11_FreeSession(session);
- return CKR_OBJECT_HANDLE_INVALID;
- }
-
- /* don't destroy a private object if we aren't logged in */
- if ((!slot->isLoggedIn) && (slot->needLogin) &&
- (pk11_isTrue(object,CKA_PRIVATE))) {
- pk11_FreeSession(session);
- pk11_FreeObject(object);
- return CKR_USER_NOT_LOGGED_IN;
- }
-
- /* don't destroy a token object if we aren't in a rw session */
-
- if (((session->info.flags & CKF_RW_SESSION) == 0) &&
- (pk11_isTrue(object,CKA_TOKEN))) {
- pk11_FreeSession(session);
- pk11_FreeObject(object);
- return CKR_SESSION_READ_ONLY;
- }
-
- pk11_DeleteObject(session,object);
-
- pk11_FreeSession(session);
-
- /*
- * get some indication if the object is destroyed. Note: this is not
- * 100%. Someone may have an object reference outstanding (though that
- * should not be the case by here. Also note that the object is "half"
- * destroyed. Our internal representation is destroyed, but it may still
- * be in the data base.
- */
- status = pk11_FreeObject(object);
-
- return (status != PK11_DestroyFailure) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-
-/*
- ************** Crypto Functions: Utilities ************************
- */
-
-
-/*
- * return a context based on the PK11Context type.
- */
-PK11SessionContext *
-pk11_ReturnContextByType(PK11Session *session, PK11ContextType type)
-{
- switch (type) {
- case PK11_ENCRYPT:
- case PK11_DECRYPT:
- return session->enc_context;
- case PK11_HASH:
- return session->hash_context;
- case PK11_SIGN:
- case PK11_SIGN_RECOVER:
- case PK11_VERIFY:
- case PK11_VERIFY_RECOVER:
- return session->hash_context;
- }
- return NULL;
-}
-
-/*
- * change a context based on the PK11Context type.
- */
-void
-pk11_SetContextByType(PK11Session *session, PK11ContextType type,
- PK11SessionContext *context)
-{
- switch (type) {
- case PK11_ENCRYPT:
- case PK11_DECRYPT:
- session->enc_context = context;
- break;
- case PK11_HASH:
- session->hash_context = context;
- break;
- case PK11_SIGN:
- case PK11_SIGN_RECOVER:
- case PK11_VERIFY:
- case PK11_VERIFY_RECOVER:
- session->hash_context = context;
- break;
- }
- return;
-}
-
-/*
- * code to grab the context. Needed by every C_XXXUpdate, C_XXXFinal,
- * and C_XXX function. The function takes a session handle, the context type,
- * and wether or not the session needs to be multipart. It returns the context,
- * and optionally returns the session pointer (if sessionPtr != NULL) if session
- * pointer is returned, the caller is responsible for freeing it.
- */
-static CK_RV
-pk11_GetContext(CK_SESSION_HANDLE handle,PK11SessionContext **contextPtr,
- PK11ContextType type, PRBool needMulti, PK11Session **sessionPtr)
-{
- PK11Session *session;
- PK11SessionContext *context;
-
- session = pk11_SessionFromHandle(handle);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- context = pk11_ReturnContextByType(session,type);
- /* make sure the context is valid */
- if((context==NULL)||(context->type!=type)||(needMulti&&!(context->multi))){
- pk11_FreeSession(session);
- return CKR_OPERATION_NOT_INITIALIZED;
- }
- *contextPtr = context;
- if (sessionPtr != NULL) {
- *sessionPtr = session;
- } else {
- pk11_FreeSession(session);
- }
- return CKR_OK;
-}
-
-/*
- ************** Crypto Functions: Encrypt ************************
- */
-
-/*
- * All the NSC_InitXXX functions have a set of common checks and processing they
- * all need to do at the beginning. This is done here.
- */
-static CK_RV
-pk11_InitGeneric(PK11Session *session,PK11SessionContext **contextPtr,
- PK11ContextType ctype,PK11Object **keyPtr,
- CK_OBJECT_HANDLE hKey, CK_KEY_TYPE *keyTypePtr,
- CK_OBJECT_CLASS pubKeyType, CK_ATTRIBUTE_TYPE operation)
-{
- PK11Object *key = NULL;
- PK11Attribute *att;
- PK11SessionContext *context;
-
- /* We can only init if there is not current context active */
- if (pk11_ReturnContextByType(session,ctype) != NULL) {
- return CKR_OPERATION_ACTIVE;
- }
-
- /* find the key */
- if (keyPtr) {
- key = pk11_ObjectFromHandle(hKey,session);
- if (key == NULL) {
- return CKR_KEY_HANDLE_INVALID;
- }
-
- /* make sure it's a valid key for this operation */
- if (((key->objclass != CKO_SECRET_KEY) && (key->objclass != pubKeyType))
- || !pk11_isTrue(key,operation)) {
- pk11_FreeObject(key);
- return CKR_KEY_TYPE_INCONSISTENT;
- }
- /* get the key type */
- att = pk11_FindAttribute(key,CKA_KEY_TYPE);
- PORT_Assert(att != NULL);
- *keyTypePtr = *(CK_KEY_TYPE *)att->attrib.pValue;
- pk11_FreeAttribute(att);
- *keyPtr = key;
- }
-
- /* allocate the context structure */
- context = (PK11SessionContext *)PORT_Alloc(sizeof(PK11SessionContext));
- if (context == NULL) {
- if (key) pk11_FreeObject(key);
- return CKR_HOST_MEMORY;
- }
- context->type = ctype;
- context->multi = PR_TRUE;
- context->cipherInfo = NULL;
- context->hashInfo = NULL;
- context->doPad = PR_FALSE;
- context->padDataLength = 0;
-
- *contextPtr = context;
- return CKR_OK;
-}
-
-/* NSC_EncryptInit initializes an encryption operation. */
-/* This function is used by NSC_EncryptInit and NSC_WrapKey. The only difference
- * in their uses if whether or not etype is CKA_ENCRYPT or CKA_WRAP */
-static CK_RV
-pk11_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey, CK_ATTRIBUTE_TYPE etype,
- PK11ContextType contextType)
-{
- PK11Session *session;
- PK11Object *key;
- PK11SessionContext *context;
- PK11Attribute *att;
- CK_RC2_CBC_PARAMS *rc2_param;
- CK_RC5_CBC_PARAMS *rc5_param;
- CK_KEY_TYPE key_type;
- CK_RV crv = CKR_OK;
- SECKEYLowPublicKey *pubKey;
- unsigned effectiveKeyLength;
- unsigned char newdeskey[8];
- PRBool useNewKey=PR_FALSE;
- SECItem rc5Key;
- int t;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
-
- crv = pk11_InitGeneric(session,&context,contextType,&key,hKey,&key_type,
- CKO_PUBLIC_KEY, etype);
-
- if (crv != CKR_OK) {
- pk11_FreeSession(session);
- return crv;
- }
-
- context->doPad = PR_FALSE;
- switch(pMechanism->mechanism) {
- case CKM_RSA_PKCS:
- case CKM_RSA_X_509:
- if (key_type != CKK_RSA) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- context->multi = PR_FALSE;
- pubKey = pk11_GetPubKey(key,CKK_RSA);
- if (pubKey == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->cipherInfo = pubKey;
- context->update = (PK11Cipher) (pMechanism->mechanism == CKM_RSA_X_509
- ? RSA_EncryptRaw : RSA_EncryptBlock);
- context->destroy = pk11_Null;
- break;
- case CKM_RC2_CBC_PAD:
- context->doPad = PR_TRUE;
- context->blockSize = 8;
- /* fall thru */
- case CKM_RC2_ECB:
- case CKM_RC2_CBC:
- if (key_type != CKK_RC2) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = pk11_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- rc2_param = (CK_RC2_CBC_PARAMS *)pMechanism->pParameter;
- effectiveKeyLength = (rc2_param->ulEffectiveBits+7)/8;
- context->cipherInfo =
- RC2_CreateContext((unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen, rc2_param->iv,
- pMechanism->mechanism == CKM_RC2_ECB ? NSS_RC2 :
- NSS_RC2_CBC,effectiveKeyLength);
- pk11_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (PK11Cipher) RC2_Encrypt;
- context->destroy = (PK11Destroy) RC2_DestroyContext;
- break;
- case CKM_RC5_CBC_PAD:
- context->doPad = PR_TRUE;
- /* fall thru */
- case CKM_RC5_ECB:
- case CKM_RC5_CBC:
- if (key_type != CKK_RC5) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = pk11_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- rc5_param = (CK_RC5_CBC_PARAMS *)pMechanism->pParameter;
- if (context->doPad) {
- context->blockSize = rc5_param->ulWordsize*2;
- }
- rc5Key.data = (unsigned char*)att->attrib.pValue;
- rc5Key.len = att->attrib.ulValueLen;
- context->cipherInfo = RC5_CreateContext(&rc5Key,rc5_param->ulRounds,
- rc5_param->ulWordsize,rc5_param->pIv,
- pMechanism->mechanism == CKM_RC5_ECB ? NSS_RC5 : NSS_RC5_CBC);
- pk11_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (PK11Cipher) RC5_Encrypt;
- context->destroy = (PK11Destroy) RC5_DestroyContext;
- break;
- case CKM_RC4:
- if (key_type != CKK_RC4) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = pk11_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- context->cipherInfo =
- RC4_CreateContext((unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen);
- pk11_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY; /* WRONG !!! */
- break;
- }
- context->update = (PK11Cipher) RC4_Encrypt;
- context->destroy = (PK11Destroy) RC4_DestroyContext;
- break;
- case CKM_CDMF_CBC_PAD:
- context->doPad = PR_TRUE;
- context->blockSize = 8;
- /* fall thru */
- case CKM_CDMF_ECB:
- case CKM_CDMF_CBC:
- if (key_type != CKK_CDMF) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = (pMechanism->mechanism == CKM_CDMF_ECB) ? NSS_DES : NSS_DES_CBC;
- useNewKey=PR_TRUE;
- if (crv != CKR_OK) break;
- goto finish_des;
- case CKM_DES_ECB:
- if (key_type != CKK_DES) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES;
- goto finish_des;
- case CKM_DES_CBC_PAD:
- context->doPad = PR_TRUE;
- context->blockSize = 8;
- /* fall thru */
- case CKM_DES_CBC:
- if (key_type != CKK_DES) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES_CBC;
- goto finish_des;
- case CKM_DES3_ECB:
- if ((key_type != CKK_DES2) && (key_type != CKK_DES3)) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES_EDE3;
- goto finish_des;
- case CKM_DES3_CBC_PAD:
- context->doPad = PR_TRUE;
- context->blockSize = 8;
- /* fall thru */
- case CKM_DES3_CBC:
- if ((key_type != CKK_DES2) && (key_type != CKK_DES3)) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES_EDE3_CBC;
-finish_des:
- att = pk11_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- if (useNewKey) {
- crv = pk11_cdmf2des((unsigned char*)att->attrib.pValue,newdeskey);
- if (crv != CKR_OK) {
- pk11_FreeAttribute(att);
- break;
- }
- }
- context->cipherInfo = DES_CreateContext(
- useNewKey ? newdeskey : (unsigned char*)att->attrib.pValue,
- (unsigned char*)pMechanism->pParameter,t, PR_TRUE);
- pk11_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (PK11Cipher) DES_Encrypt;
- context->destroy = (PK11Destroy) DES_DestroyContext;
-
- break;
- default:
- crv = CKR_MECHANISM_INVALID;
- break;
- }
-
- pk11_FreeObject(key);
- if (crv != CKR_OK) {
- pk11_FreeContext(context);
- pk11_FreeSession(session);
- return crv;
- }
- pk11_SetContextByType(session, contextType, context);
- pk11_FreeSession(session);
- return CKR_OK;
-}
-
-/* NSC_EncryptInit initializes an encryption operation. */
-CK_RV NSC_EncryptInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
-{
- return pk11_EncryptInit(hSession, pMechanism, hKey, CKA_ENCRYPT,
- PK11_ENCRYPT);
-}
-
-/* NSC_EncryptUpdate continues a multiple-part encryption operation. */
-CK_RV NSC_EncryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen)
-{
- PK11SessionContext *context;
- unsigned int outlen,i;
- unsigned int padoutlen = 0;
- unsigned int maxout = *pulEncryptedPartLen;
- CK_RV crv;
- SECStatus rv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_ENCRYPT,PR_TRUE,NULL);
- if (crv != CKR_OK) return crv;
-
- /* do padding */
- if (context->doPad) {
- /* deal with previous buffered data */
- if (context->padDataLength != 0) {
- /* fill in the padded to a full block size */
- for (i=context->padDataLength;
- (ulPartLen != 0) && i < context->blockSize; i++) {
- context->padBuf[i] = *pPart++;
- ulPartLen--;
- context->padDataLength++;
- }
-
- /* not enough data to encrypt yet? then return */
- if (context->padDataLength != context->blockSize) {
- *pulEncryptedPartLen = 0;
- return CKR_OK;
- }
- /* encrypt the current padded data */
- rv = (*context->update)(context->cipherInfo,pEncryptedPart,
- &outlen,context->blockSize,context->padBuf,context->blockSize);
- if (rv != SECSuccess) return CKR_DEVICE_ERROR;
- pEncryptedPart += padoutlen;
- maxout -= padoutlen;
- }
- /* save the residual */
- context->padDataLength = ulPartLen % context->blockSize;
- if (context->padDataLength) {
- PORT_Memcpy(context->padBuf,
- &pPart[ulPartLen-context->padDataLength],
- context->padDataLength);
- ulPartLen -= context->padDataLength;
- }
- /* if we've exhausted our new buffer, we're done */
- if (ulPartLen == 0) {
- *pulEncryptedPartLen = padoutlen;
- return CKR_OK;
- }
- }
-
-
-
- /* do it: NOTE: this assumes buf size in is >= buf size out! */
- rv = (*context->update)(context->cipherInfo,pEncryptedPart,
- &outlen, maxout, pPart, ulPartLen);
- *pulEncryptedPartLen = (CK_ULONG) (outlen + padoutlen);
- return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-
-/* NSC_EncryptFinal finishes a multiple-part encryption operation. */
-CK_RV NSC_EncryptFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen)
-{
- PK11Session *session;
- PK11SessionContext *context;
- unsigned int outlen,i;
- unsigned int maxout = *pulLastEncryptedPartLen;
- CK_RV crv;
- SECStatus rv = SECSuccess;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_ENCRYPT,PR_TRUE,&session);
- if (crv != CKR_OK) return crv;
-
- *pulLastEncryptedPartLen = 0;
-
- /* do padding */
- if (context->doPad) {
- unsigned char padbyte = (unsigned char)
- (context->blockSize - context->padDataLength);
- /* fill out rest of pad buffer with pad magic*/
- for (i=context->padDataLength; i < context->blockSize; i++) {
- context->padBuf[i] = padbyte;
- }
- rv = (*context->update)(context->cipherInfo,pLastEncryptedPart,
- &outlen, maxout, context->padBuf, context->blockSize);
- if (rv == SECSuccess) *pulLastEncryptedPartLen = (CK_ULONG) outlen;
- }
-
- /* do it */
- pk11_SetContextByType(session, PK11_ENCRYPT, NULL);
- pk11_FreeContext(context);
- pk11_FreeSession(session);
- return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-/* NSC_Encrypt encrypts single-part data. */
-CK_RV NSC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
- CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData,
- CK_ULONG_PTR pulEncryptedDataLen)
-{
- PK11Session *session;
- PK11SessionContext *context;
- unsigned int outlen;
- unsigned int maxoutlen = *pulEncryptedDataLen;
- CK_RV crv;
- CK_RV crv2;
- SECStatus rv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_ENCRYPT,PR_FALSE,&session);
- if (crv != CKR_OK) return crv;
-
- if (context->doPad) {
- CK_ULONG finalLen;
- /* padding is fairly complicated, have the update and final
- * code deal with it */
- pk11_FreeSession(session);
- crv = NSC_EncryptUpdate(hSession,pData,ulDataLen,pEncryptedData,
- pulEncryptedDataLen);
- if (crv != CKR_OK) *pulEncryptedDataLen = 0;
- maxoutlen -= *pulEncryptedDataLen;
- pEncryptedData += *pulEncryptedDataLen;
- finalLen = maxoutlen;
- crv2 = NSC_EncryptFinal(hSession, pEncryptedData, &finalLen);
- if (crv2 == CKR_OK) { *pulEncryptedDataLen += finalLen; }
- return crv == CKR_OK ? crv2 :crv;
- }
-
-
- /* do it: NOTE: this assumes buf size is big enough. */
- rv = (*context->update)(context->cipherInfo, pEncryptedData,
- &outlen, maxoutlen, pData, ulDataLen);
- *pulEncryptedDataLen = (CK_ULONG) outlen;
- pk11_FreeContext(context);
- pk11_SetContextByType(session, PK11_ENCRYPT, NULL);
- pk11_FreeSession(session);
-
- return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-
-/*
- ************** Crypto Functions: Decrypt ************************
- */
-
-/* NSC_DecryptInit initializes a decryption operation. */
-static CK_RV pk11_DecryptInit( CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_ATTRIBUTE_TYPE dtype,
- PK11ContextType contextType)
-{
- PK11Session *session;
- PK11Object *key;
- PK11Attribute *att;
- PK11SessionContext *context;
- CK_RC2_CBC_PARAMS *rc2_param;
- CK_RC5_CBC_PARAMS *rc5_param;
- SECItem rc5Key;
- CK_KEY_TYPE key_type;
- CK_RV crv = CKR_OK;
- unsigned effectiveKeyLength;
- SECKEYLowPrivateKey *privKey;
- unsigned char newdeskey[8];
- PRBool useNewKey=PR_FALSE;
- int t;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
-
- crv = pk11_InitGeneric(session,&context,contextType,&key,hKey,&key_type,
- CKO_PRIVATE_KEY,dtype);
- if (crv != CKR_OK) {
- pk11_FreeSession(session);
- return crv;
- }
-
- /*
- * now handle each mechanism
- */
- switch(pMechanism->mechanism) {
- case CKM_RSA_PKCS:
- case CKM_RSA_X_509:
- if (key_type != CKK_RSA) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- context->multi = PR_FALSE;
- privKey = pk11_GetPrivKey(key,CKK_RSA);
- if (privKey == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->cipherInfo = privKey;
- context->update = (PK11Cipher) (pMechanism->mechanism == CKM_RSA_X_509
- ? RSA_DecryptRaw : RSA_DecryptBlock);
- context->destroy = (context->cipherInfo == key->objectInfo) ?
- (PK11Destroy) pk11_Null : (PK11Destroy) pk11_FreePrivKey;
- break;
- case CKM_RC2_CBC_PAD:
- context->doPad = PR_TRUE;
- context->blockSize = 8;
- /* fall thru */
- case CKM_RC2_ECB:
- case CKM_RC2_CBC:
- if (key_type != CKK_RC2) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = pk11_FindAttribute(key,CKA_VALUE);
- rc2_param = (CK_RC2_CBC_PARAMS *)pMechanism->pParameter;
- effectiveKeyLength = (rc2_param->ulEffectiveBits+7)/8;
- context->cipherInfo = RC2_CreateContext((unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen, rc2_param->iv,
- pMechanism->mechanism == CKM_RC2_ECB ? NSS_RC2 :
- NSS_RC2_CBC, effectiveKeyLength);
- pk11_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (PK11Cipher) RC2_Decrypt;
- context->destroy = (PK11Destroy) RC2_DestroyContext;
- break;
- case CKM_RC5_CBC_PAD:
- context->doPad = PR_TRUE;
- /* fall thru */
- case CKM_RC5_ECB:
- case CKM_RC5_CBC:
- if (key_type != CKK_RC5) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = pk11_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- rc5_param = (CK_RC5_CBC_PARAMS *)pMechanism->pParameter;
- if (context->doPad) {
- context->blockSize = rc5_param->ulWordsize*2;
- }
- rc5Key.data = (unsigned char*)att->attrib.pValue;
- rc5Key.len = att->attrib.ulValueLen;
- context->cipherInfo = RC5_CreateContext(&rc5Key,rc5_param->ulRounds,
- rc5_param->ulWordsize,rc5_param->pIv,
- pMechanism->mechanism == CKM_RC5_ECB ? NSS_RC5 : NSS_RC5_CBC);
- pk11_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (PK11Cipher) RC5_Decrypt;
- context->destroy = (PK11Destroy) RC5_DestroyContext;
- break;
- case CKM_RC4:
- if (key_type != CKK_RC4) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att = pk11_FindAttribute(key,CKA_VALUE);
- context->cipherInfo =
- RC4_CreateContext((unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen);
- pk11_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (PK11Cipher) RC4_Decrypt;
- context->destroy = (PK11Destroy) RC4_DestroyContext;
- break;
- case CKM_CDMF_CBC_PAD:
- context->doPad = PR_TRUE;
- context->blockSize = 8;
- /* fall thru */
- case CKM_CDMF_ECB:
- case CKM_CDMF_CBC:
- if (key_type != CKK_CDMF) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = (pMechanism->mechanism == CKM_CDMF_ECB) ? NSS_DES : NSS_DES_CBC;
- useNewKey = PR_TRUE;
- if (crv != CKR_OK) break;
- goto finish_des;
- case CKM_DES_ECB:
- if (key_type != CKK_DES) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES;
- goto finish_des;
- case CKM_DES_CBC_PAD:
- context->doPad = PR_TRUE;
- context->blockSize = 8;
- /* fall thru */
- case CKM_DES_CBC:
- if (key_type != CKK_DES) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES_CBC;
- goto finish_des;
- case CKM_DES3_ECB:
- if ((key_type != CKK_DES2) && (key_type != CKK_DES3)) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES_EDE3;
- goto finish_des;
- case CKM_DES3_CBC_PAD:
- context->doPad = PR_TRUE;
- context->blockSize = 8;
- /* fall thru */
- case CKM_DES3_CBC:
- if ((key_type != CKK_DES2) && (key_type != CKK_DES3)) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- t = NSS_DES_EDE3_CBC;
-finish_des:
- att = pk11_FindAttribute(key,CKA_VALUE);
- if (att == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- if (useNewKey) {
- crv = pk11_cdmf2des((unsigned char*)att->attrib.pValue,newdeskey);
- if (crv != CKR_OK) {
- pk11_FreeAttribute(att);
- break;
- }
- }
- context->cipherInfo = DES_CreateContext(
- useNewKey ? newdeskey : (unsigned char*)att->attrib.pValue,
- (unsigned char*)pMechanism->pParameter,t, PR_FALSE);
- pk11_FreeAttribute(att);
- if (context->cipherInfo == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->update = (PK11Cipher) DES_Decrypt;
- context->destroy = (PK11Destroy) DES_DestroyContext;
-
- break;
- default:
- crv = CKR_MECHANISM_INVALID;
- break;
- }
-
- pk11_FreeObject(key);
- if (crv != CKR_OK) {
- pk11_FreeContext(context);
- pk11_FreeSession(session);
- return crv;
- }
- pk11_SetContextByType(session, contextType, context);
- pk11_FreeSession(session);
- return CKR_OK;
-}
-
-/* NSC_DecryptInit initializes a decryption operation. */
-CK_RV NSC_DecryptInit( CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
-{
- return pk11_DecryptInit(hSession,pMechanism,hKey,CKA_DECRYPT,PK11_DECRYPT);
-}
-
-/* NSC_DecryptUpdate continues a multiple-part decryption operation. */
-CK_RV NSC_DecryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
-{
- PK11SessionContext *context;
- unsigned int padoutlen = 0;
- unsigned int outlen;
- unsigned int maxout = *pulPartLen;
- CK_RV crv;
- SECStatus rv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_DECRYPT,PR_TRUE,NULL);
- if (crv != CKR_OK) return crv;
-
- if (context->doPad) {
- /* first decrypt our saved buffer */
- if (context->padDataLength != 0) {
- rv = (*context->update)(context->cipherInfo, pPart, &padoutlen,
- maxout, context->padBuf, context->blockSize);
- if (rv != SECSuccess) return CKR_DEVICE_ERROR;
- pPart += padoutlen;
- maxout -= padoutlen;
- }
- /* now save the final block for the next decrypt or the final */
- PORT_Memcpy(context->padBuf,&pEncryptedPart[ulEncryptedPartLen -
- context->blockSize], context->blockSize);
- context->padDataLength = context->blockSize;
- ulEncryptedPartLen -= context->padDataLength;
- }
-
- /* do it: NOTE: this assumes buf size in is >= buf size out! */
- rv = (*context->update)(context->cipherInfo,pPart, &outlen,
- maxout, pEncryptedPart, ulEncryptedPartLen);
- *pulPartLen = (CK_ULONG) (outlen + padoutlen);
- return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-
-/* NSC_DecryptFinal finishes a multiple-part decryption operation. */
-CK_RV NSC_DecryptFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen)
-{
- PK11Session *session;
- PK11SessionContext *context;
- unsigned int outlen;
- unsigned int maxout = *pulLastPartLen;
- CK_RV crv;
- SECStatus rv = SECSuccess;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_DECRYPT,PR_TRUE,&session);
- if (crv != CKR_OK) return crv;
-
- *pulLastPartLen = 0;
- if (context->doPad) {
- /* decrypt our saved buffer */
- if (context->padDataLength != 0) {
- /* this assumes that pLastPart is big enough to hold the *whole*
- * buffer!!! */
- rv = (*context->update)(context->cipherInfo, pLastPart, &outlen,
- maxout, context->padBuf, context->blockSize);
- if (rv == SECSuccess) {
- unsigned int padSize =
- (unsigned int) pLastPart[context->blockSize-1];
-
- *pulLastPartLen = outlen - padSize;
- }
- }
- }
-
- /* do it */
- pk11_SetContextByType(session, PK11_DECRYPT, NULL);
- pk11_FreeContext(context);
- pk11_FreeSession(session);
- return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-/* NSC_Decrypt decrypts encrypted data in a single part. */
-CK_RV NSC_Decrypt(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData,CK_ULONG ulEncryptedDataLen,CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen)
-{
- PK11Session *session;
- PK11SessionContext *context;
- unsigned int outlen;
- unsigned int maxoutlen = *pulDataLen;
- CK_RV crv;
- CK_RV crv2;
- SECStatus rv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_DECRYPT,PR_FALSE,&session);
- if (crv != CKR_OK) return crv;
-
- if (context->doPad) {
- CK_ULONG finalLen;
- /* padding is fairly complicated, have the update and final
- * code deal with it */
- pk11_FreeSession(session);
- crv = NSC_DecryptUpdate(hSession,pEncryptedData,ulEncryptedDataLen,
- pData, pulDataLen);
- if (crv != CKR_OK) *pulDataLen = 0;
- maxoutlen -= *pulDataLen;
- pData += *pulDataLen;
- finalLen = maxoutlen;
- crv2 = NSC_DecryptFinal(hSession, pData, &finalLen);
- if (crv2 == CKR_OK) { *pulDataLen += finalLen; }
- return crv == CKR_OK ? crv2 :crv;
- }
-
- rv = (*context->update)(context->cipherInfo, pData, &outlen, maxoutlen,
- pEncryptedData, ulEncryptedDataLen);
- *pulDataLen = (CK_ULONG) outlen;
- pk11_FreeContext(context);
- pk11_SetContextByType(session, PK11_DECRYPT, NULL);
- pk11_FreeSession(session);
- return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-
-
-/*
- ************** Crypto Functions: Digest (HASH) ************************
- */
-
-/* NSC_DigestInit initializes a message-digesting operation. */
-CK_RV NSC_DigestInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism)
-{
- PK11Session *session;
- PK11SessionContext *context;
- MD2Context *md2_context;
- MD5Context *md5_context;
- SHA1Context *sha1_context;
- CK_RV crv = CKR_OK;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- crv = pk11_InitGeneric(session,&context,PK11_HASH,NULL,0,NULL, 0, 0);
- if (crv != CKR_OK) {
- pk11_FreeSession(session);
- return crv;
- }
-
- switch(pMechanism->mechanism) {
- case CKM_MD2:
- md2_context = MD2_NewContext();
- context->cipherInfo = (void *)md2_context;
- context->cipherInfoLen = MD2_FlattenSize(md2_context);
- context->currentMech = CKM_MD2;
- if (context->cipherInfo == NULL) {
- crv= CKR_HOST_MEMORY;
-
- }
- context->hashUpdate = (PK11Hash) MD2_Update;
- context->end = (PK11End) MD2_End;
- context->destroy = (PK11Destroy) MD2_DestroyContext;
- MD2_Begin(md2_context);
- break;
- case CKM_MD5:
- md5_context = MD5_NewContext();
- context->cipherInfo = (void *)md5_context;
- context->cipherInfoLen = MD5_FlattenSize(md5_context);
- context->currentMech = CKM_MD5;
- if (context->cipherInfo == NULL) {
- crv= CKR_HOST_MEMORY;
-
- }
- context->hashUpdate = (PK11Hash) MD5_Update;
- context->end = (PK11End) MD5_End;
- context->destroy = (PK11Destroy) MD5_DestroyContext;
- MD5_Begin(md5_context);
- break;
- case CKM_SHA_1:
- sha1_context = SHA1_NewContext();
- context->cipherInfo = (void *)sha1_context;
- context->cipherInfoLen = SHA1_FlattenSize(sha1_context);
- context->currentMech = CKM_SHA_1;
- if (context->cipherInfo == NULL) {
- crv= CKR_HOST_MEMORY;
- break;
- }
- context->hashUpdate = (PK11Hash) SHA1_Update;
- context->end = (PK11End) SHA1_End;
- context->destroy = (PK11Destroy) SHA1_DestroyContext;
- SHA1_Begin(sha1_context);
- break;
- default:
- crv = CKR_MECHANISM_INVALID;
- break;
- }
-
- if (crv != CKR_OK) {
- pk11_FreeContext(context);
- pk11_FreeSession(session);
- return crv;
- }
- pk11_SetContextByType(session, PK11_HASH, context);
- pk11_FreeSession(session);
- return CKR_OK;
-}
-
-
-/* NSC_Digest digests data in a single part. */
-CK_RV NSC_Digest(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen)
-{
- PK11Session *session;
- PK11SessionContext *context;
- unsigned int digestLen;
- unsigned int maxout = *pulDigestLen;
- CK_RV crv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_HASH,PR_FALSE,&session);
- if (crv != CKR_OK) return crv;
-
- /* do it: */
- (*context->hashUpdate)(context->cipherInfo, pData, ulDataLen);
- /* NOTE: this assumes buf size is bigenough for the algorithm */
- (*context->end)(context->cipherInfo, pDigest, &digestLen,maxout);
- *pulDigestLen = digestLen;
-
- pk11_SetContextByType(session, PK11_HASH, NULL);
- pk11_FreeContext(context);
- pk11_FreeSession(session);
- return CKR_OK;
-}
-
-
-/* NSC_DigestUpdate continues a multiple-part message-digesting operation. */
-CK_RV NSC_DigestUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen)
-{
- PK11SessionContext *context;
- CK_RV crv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_HASH,PR_TRUE,NULL);
- if (crv != CKR_OK) return crv;
- /* do it: */
- (*context->hashUpdate)(context->cipherInfo, pPart, ulPartLen);
- return CKR_OK;
-}
-
-
-/* NSC_DigestFinal finishes a multiple-part message-digesting operation. */
-CK_RV NSC_DigestFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen)
-{
- PK11Session *session;
- PK11SessionContext *context;
- unsigned int maxout = *pulDigestLen;
- unsigned int digestLen;
- CK_RV crv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession, &context, PK11_HASH, PR_TRUE, &session);
- if (crv != CKR_OK) return crv;
-
- if (pDigest != NULL) {
- (*context->end)(context->cipherInfo, pDigest, &digestLen, maxout);
- *pulDigestLen = digestLen;
- } else {
- *pulDigestLen = 0;
- }
-
- pk11_SetContextByType(session, PK11_HASH, NULL);
- pk11_FreeContext(context);
- pk11_FreeSession(session);
- return CKR_OK;
-}
-
-/*
- * this helper functions are used by Generic Macing and Signing functions
- * that use hashes as part of their operations.
- */
-static CK_RV
-pk11_doSubMD2(PK11SessionContext *context) {
- MD2Context *md2_context = MD2_NewContext();
- context->hashInfo = (void *)md2_context;
- if (context->hashInfo == NULL) {
- return CKR_HOST_MEMORY;
- }
- context->hashUpdate = (PK11Hash) MD2_Update;
- context->end = (PK11End) MD2_End;
- context->hashdestroy = (PK11Destroy) MD2_DestroyContext;
- MD2_Begin(md2_context);
- return CKR_OK;
-}
-
-static CK_RV
-pk11_doSubMD5(PK11SessionContext *context) {
- MD5Context *md5_context = MD5_NewContext();
- context->hashInfo = (void *)md5_context;
- if (context->hashInfo == NULL) {
- return CKR_HOST_MEMORY;
- }
- context->hashUpdate = (PK11Hash) MD5_Update;
- context->end = (PK11End) MD5_End;
- context->hashdestroy = (PK11Destroy) MD5_DestroyContext;
- MD5_Begin(md5_context);
- return CKR_OK;
-}
-
-static CK_RV
-pk11_doSubSHA1(PK11SessionContext *context) {
- SHA1Context *sha1_context = SHA1_NewContext();
- context->hashInfo = (void *)sha1_context;
- if (context->hashInfo == NULL) {
- return CKR_HOST_MEMORY;
- }
- context->hashUpdate = (PK11Hash) SHA1_Update;
- context->end = (PK11End) SHA1_End;
- context->hashdestroy = (PK11Destroy) SHA1_DestroyContext;
- SHA1_Begin(sha1_context);
- return CKR_OK;
-}
-
-/*
- * HMAC General copies only a portion of the result. This update routine likes
- * the final HMAC output with the signature.
- */
-static SECStatus
-pk11_HMACCopy(CK_ULONG *copyLen,unsigned char *sig,unsigned int *sigLen,
- unsigned int maxLen,unsigned char *hash, unsigned int hashLen)
-{
- if (maxLen < *copyLen) return SECFailure;
- PORT_Memcpy(sig,hash,*copyLen);
- *sigLen = *copyLen;
- return SECSuccess;
-}
-
-/* Verify is just a compare for HMAC */
-static SECStatus
-pk11_HMACCmp(CK_ULONG *copyLen,unsigned char *sig,unsigned int sigLen,
- unsigned char *hash, unsigned int hashLen)
-{
- return PORT_Memcmp(sig,hash,*copyLen) ? SECSuccess : SECFailure ;
-}
-
-/*
- * common HMAC initalization routine
- */
-static CK_RV
-pk11_doHMACInit(PK11SessionContext *context,SECOidTag oid,
- PK11Object *key, CK_ULONG mac_size)
-{
- PK11Attribute *keyval;
- HMACContext *HMACcontext;
- CK_ULONG *intpointer;
-
- keyval = pk11_FindAttribute(key,CKA_VALUE);
- if (keyval == NULL) return CKR_KEY_SIZE_RANGE;
-
- HMACcontext = HMAC_Create(oid, (const unsigned char*)keyval->attrib.pValue,
- keyval->attrib.ulValueLen);
- context->hashInfo = HMACcontext;
- context->multi = PR_TRUE;
- pk11_FreeAttribute(keyval);
- if (context->hashInfo == NULL) {
- return CKR_HOST_MEMORY;
- }
- context->hashUpdate = (PK11Hash) HMAC_Update;
- context->end = (PK11End) HMAC_Finish;
-
- context->hashdestroy = (PK11Destroy) pk11_HMAC_Destroy;
- intpointer = (CK_ULONG *) PORT_Alloc(sizeof(CK_ULONG));
- if (intpointer == NULL) {
- return CKR_HOST_MEMORY;
- }
- *intpointer = mac_size;
- context->cipherInfo = (void *) intpointer;
- context->destroy = (PK11Destroy) pk11_Space;
- context->update = (PK11Cipher) pk11_HMACCopy;
- context->verify = (PK11Verify) pk11_HMACCmp;
- HMAC_Begin(HMACcontext);
- return CKR_OK;
-}
-
-/*
- * SSL Macing support. SSL Macs are inited, then update with the base
- * hashing algorithm, then finalized in sign and verify
- */
-
-/*
- * FROM SSL:
- * 60 bytes is 3 times the maximum length MAC size that is supported.
- * We probably should have one copy of this table. We still need this table
- * in ssl to 'sign' the handshake hashes.
- */
-static unsigned char ssl_pad_1 [60] = {
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36
-};
-static unsigned char ssl_pad_2 [60] = {
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c
-};
-
-static SECStatus
-pk11_SSLMACSign(PK11SSLMACInfo *info,unsigned char *sig,unsigned int *sigLen,
- unsigned int maxLen,unsigned char *hash, unsigned int hashLen)
-{
- unsigned char tmpBuf[PK11_MAX_MAC_LENGTH];
- unsigned int out;
-
- info->begin(info->hashContext);
- info->update(info->hashContext,info->key,info->keySize);
- info->update(info->hashContext,ssl_pad_2,info->padSize);
- info->update(info->hashContext,hash,hashLen);
- info->end(info->hashContext,tmpBuf,&out,PK11_MAX_MAC_LENGTH);
- PORT_Memcpy(sig,tmpBuf,info->macSize);
- *sigLen = info->macSize;
- return SECSuccess;
-}
-
-static SECStatus
-pk11_SSLMACVerify(PK11SSLMACInfo *info,unsigned char *sig,unsigned int sigLen,
- unsigned char *hash, unsigned int hashLen)
-{
- unsigned char tmpBuf[PK11_MAX_MAC_LENGTH];
- unsigned int out;
-
- info->begin(info->hashContext);
- info->update(info->hashContext,info->key,info->keySize);
- info->update(info->hashContext,ssl_pad_2,info->padSize);
- info->update(info->hashContext,hash,hashLen);
- info->end(info->hashContext,tmpBuf,&out,PK11_MAX_MAC_LENGTH);
- return (PORT_Memcmp(sig,tmpBuf,info->macSize) == 0) ?
- SECSuccess : SECFailure;
-}
-
-/*
- * common HMAC initalization routine
- */
-static CK_RV
-pk11_doSSLMACInit(PK11SessionContext *context,SECOidTag oid,
- PK11Object *key, CK_ULONG mac_size)
-{
- PK11Attribute *keyval;
- PK11Begin begin;
- int padSize;
- PK11SSLMACInfo *sslmacinfo;
- CK_RV crv = CKR_MECHANISM_INVALID;
-
- if (oid == SEC_OID_SHA1) {
- crv = pk11_doSubSHA1(context);
- begin = (PK11Begin) SHA1_Begin;
- if (crv != CKR_OK) return crv;
- padSize = 40;
- } else {
- crv = pk11_doSubMD5(context);
- if (crv != CKR_OK) return crv;
- begin = (PK11Begin) MD5_Begin;
- padSize = 48;
- }
- context->multi = PR_TRUE;
-
- keyval = pk11_FindAttribute(key,CKA_VALUE);
- if (keyval == NULL) return CKR_KEY_SIZE_RANGE;
-
- context->hashUpdate(context->hashInfo,keyval->attrib.pValue,
- keyval->attrib.ulValueLen);
- context->hashUpdate(context->hashInfo,ssl_pad_1,padSize);
- sslmacinfo = (PK11SSLMACInfo *) PORT_Alloc(sizeof(PK11SSLMACInfo));
- if (sslmacinfo == NULL) {
- pk11_FreeAttribute(keyval);
- return CKR_HOST_MEMORY;
- }
- sslmacinfo->macSize = mac_size;
- sslmacinfo->hashContext = context->hashInfo;
- PORT_Memcpy(sslmacinfo->key,keyval->attrib.pValue,
- keyval->attrib.ulValueLen);
- sslmacinfo->keySize = keyval->attrib.ulValueLen;
- sslmacinfo->begin = begin;
- sslmacinfo->end = context->end;
- sslmacinfo->update = context->hashUpdate;
- sslmacinfo->padSize = padSize;
- pk11_FreeAttribute(keyval);
- context->cipherInfo = (void *) sslmacinfo;
- context->destroy = (PK11Destroy) pk11_Space;
- context->update = (PK11Cipher) pk11_SSLMACSign;
- context->verify = (PK11Verify) pk11_SSLMACVerify;
- return CKR_OK;
-}
-
-typedef struct {
- PRUint32 cxSize; /* size of allocated block, in bytes. */
- PRUint32 cxKeyLen; /* number of bytes of cxBuf containing key. */
- PRUint32 cxDataLen; /* number of bytes of cxBuf containing data. */
- SECStatus cxRv; /* records failure of void functions. */
- unsigned char cxBuf[512]; /* actual size may be larger than 512. */
-} TLSPRFContext;
-
-static void
-pk11_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data,
- unsigned int data_len)
-{
- PRUint32 bytesUsed = PK11_OFFSETOF(TLSPRFContext, cxBuf) +
- cx->cxKeyLen + cx->cxDataLen;
-
- if (cx->cxRv != SECSuccess) /* function has previously failed. */
- return;
- if (bytesUsed + data_len > cx->cxSize) {
- /* We don't use realloc here because
- ** (a) realloc doesn't zero out the old block, and
- ** (b) if realloc fails, we lose the old block.
- */
- PRUint32 blockSize = bytesUsed + data_len + 512;
- TLSPRFContext *new_cx = (TLSPRFContext *)PORT_Alloc(blockSize);
- if (!new_cx) {
- cx->cxRv = SECFailure;
- return;
- }
- PORT_Memcpy(new_cx, cx, cx->cxSize);
- new_cx->cxSize = blockSize;
-
- PORT_ZFree(cx, cx->cxSize);
- cx = new_cx;
- }
- PORT_Memcpy(cx->cxBuf + cx->cxKeyLen + cx->cxDataLen, data, data_len);
- cx->cxDataLen += data_len;
-}
-
-static void
-pk11_TLSPRFEnd(TLSPRFContext *ctx, unsigned char *hashout,
- unsigned int *pDigestLen, unsigned int maxDigestLen)
-{
- *pDigestLen = 0; /* tells Verify that no data has been input yet. */
-}
-
-/* Compute the PRF values from the data previously input. */
-static SECStatus
-pk11_TLSPRFUpdate(TLSPRFContext *cx,
- unsigned char *sig, /* output goes here. */
- unsigned int * sigLen, /* how much output. */
- unsigned int maxLen, /* output buffer size */
- unsigned char *hash, /* unused. */
- unsigned int hashLen) /* unused. */
-{
- SECStatus rv;
- SECItem sigItem;
- SECItem seedItem;
- SECItem secretItem;
-
- if (cx->cxRv != SECSuccess)
- return cx->cxRv;
-
- secretItem.data = cx->cxBuf;
- secretItem.len = cx->cxKeyLen;
-
- seedItem.data = cx->cxBuf + cx->cxKeyLen;
- seedItem.len = cx->cxDataLen;
-
- sigItem.data = sig;
- sigItem.len = maxLen;
-
- rv = pk11_PRF(&secretItem, NULL, &seedItem, &sigItem);
- if (rv == SECSuccess && sigLen != NULL)
- *sigLen = sigItem.len;
- return rv;
-
-}
-
-static SECStatus
-pk11_TLSPRFVerify(TLSPRFContext *cx,
- unsigned char *sig, /* input, for comparison. */
- unsigned int sigLen, /* length of sig. */
- unsigned char *hash, /* data to be verified. */
- unsigned int hashLen) /* size of hash data. */
-{
- unsigned char * tmp = (unsigned char *)PORT_Alloc(sigLen);
- unsigned int tmpLen = sigLen;
- SECStatus rv;
-
- if (!tmp)
- return SECFailure;
- if (hashLen) {
- /* hashLen is non-zero when the user does a one-step verify.
- ** In this case, none of the data has been input yet.
- */
- pk11_TLSPRFHashUpdate(cx, hash, hashLen);
- }
- rv = pk11_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
- if (rv == SECSuccess) {
- rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen));
- }
- PORT_ZFree(tmp, sigLen);
- return rv;
-}
-
-static void
-pk11_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit)
-{
- if (freeit)
- PORT_ZFree(cx, cx->cxSize);
-}
-
-static CK_RV
-pk11_TLSPRFInit(PK11SessionContext *context,
- PK11Object * key,
- CK_KEY_TYPE key_type)
-{
- PK11Attribute * keyVal;
- TLSPRFContext * prf_cx;
- CK_RV crv = CKR_HOST_MEMORY;
- PRUint32 keySize;
- PRUint32 blockSize;
-
- if (key_type != CKK_GENERIC_SECRET)
- return CKR_KEY_TYPE_INCONSISTENT; /* CKR_KEY_FUNCTION_NOT_PERMITTED */
-
- context->multi = PR_TRUE;
-
- keyVal = pk11_FindAttribute(key, CKA_VALUE);
- keySize = (!keyVal) ? 0 : keyVal->attrib.ulValueLen;
- blockSize = keySize + sizeof(TLSPRFContext);
- prf_cx = (TLSPRFContext *)PORT_Alloc(blockSize);
- if (!prf_cx)
- goto done;
- prf_cx->cxSize = blockSize;
- prf_cx->cxKeyLen = keySize;
- prf_cx->cxDataLen = 0;
- prf_cx->cxRv = SECSuccess;
- if (keySize)
- PORT_Memcpy(prf_cx->cxBuf, keyVal->attrib.pValue, keySize);
-
- context->hashInfo = (void *) prf_cx;
- context->cipherInfo = (void *) prf_cx;
- context->hashUpdate = (PK11Hash) pk11_TLSPRFHashUpdate;
- context->end = (PK11End) pk11_TLSPRFEnd;
- context->update = (PK11Cipher) pk11_TLSPRFUpdate;
- context->verify = (PK11Verify) pk11_TLSPRFVerify;
- context->destroy = (PK11Destroy) pk11_Null;
- context->hashdestroy = (PK11Destroy) pk11_TLSPRFHashDestroy;
- crv = CKR_OK;
-
-done:
- if (keyVal)
- pk11_FreeAttribute(keyVal);
- return crv;
-}
-
-/*
- ************** Crypto Functions: Sign ************************
- */
-
-/*
- * Check if We're using CBCMacing and initialize the session context if we are.
- */
-static CK_RV
-pk11_InitCBCMac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey, CK_ATTRIBUTE_TYPE keyUsage,
- PK11ContextType contextType)
-
-{
- CK_MECHANISM cbc_mechanism;
- CK_ULONG mac_bytes = PK11_INVALID_MAC_SIZE;
- CK_RC2_CBC_PARAMS rc2_params;
- CK_RC5_CBC_PARAMS rc5_params;
- CK_RC5_MAC_GENERAL_PARAMS *rc5_mac;
- unsigned char ivBlock[PK11_MAX_BLOCK_SIZE];
- PK11SessionContext *context;
- CK_RV crv;
- int blockSize;
-
- switch (pMechanism->mechanism) {
- case CKM_RC2_MAC_GENERAL:
- mac_bytes =
- ((CK_RC2_MAC_GENERAL_PARAMS *)pMechanism->pParameter)->ulMacLength;
- /* fall through */
- case CKM_RC2_MAC:
- /* this works because ulEffectiveBits is in the same place in both the
- * CK_RC2_MAC_GENERAL_PARAMS and CK_RC2_CBC_PARAMS */
- rc2_params.ulEffectiveBits = ((CK_RC2_MAC_GENERAL_PARAMS *)
- pMechanism->pParameter)->ulEffectiveBits;
- PORT_Memset(rc2_params.iv,0,sizeof(rc2_params.iv));
- cbc_mechanism.mechanism = CKM_RC2_CBC;
- cbc_mechanism.pParameter = &rc2_params;
- cbc_mechanism.ulParameterLen = sizeof(rc2_params);
- blockSize = 8;
- break;
- case CKM_RC5_MAC_GENERAL:
- mac_bytes =
- ((CK_RC5_MAC_GENERAL_PARAMS *)pMechanism->pParameter)->ulMacLength;
- /* fall through */
- case CKM_RC5_MAC:
- /* this works because ulEffectiveBits is in the same place in both the
- * CK_RC5_MAC_GENERAL_PARAMS and CK_RC5_CBC_PARAMS */
- rc5_mac = (CK_RC5_MAC_GENERAL_PARAMS *)pMechanism->pParameter;
- rc5_params.ulWordsize = rc5_mac->ulWordsize;
- rc5_params.ulRounds = rc5_mac->ulRounds;
- rc5_params.pIv = ivBlock;
- blockSize = rc5_mac->ulWordsize*2;
- rc5_params.ulIvLen = blockSize;
- PORT_Memset(ivBlock,0,blockSize);
- cbc_mechanism.mechanism = CKM_RC5_CBC;
- cbc_mechanism.pParameter = &rc5_params;
- cbc_mechanism.ulParameterLen = sizeof(rc5_params);
- break;
- /* add cast and idea later */
- case CKM_DES_MAC_GENERAL:
- mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
- /* fall through */
- case CKM_DES_MAC:
- blockSize = 8;
- PORT_Memset(ivBlock,0,blockSize);
- cbc_mechanism.mechanism = CKM_DES_CBC;
- cbc_mechanism.pParameter = &ivBlock;
- cbc_mechanism.ulParameterLen = blockSize;
- break;
- case CKM_DES3_MAC_GENERAL:
- mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
- /* fall through */
- case CKM_DES3_MAC:
- blockSize = 8;
- PORT_Memset(ivBlock,0,blockSize);
- cbc_mechanism.mechanism = CKM_DES3_CBC;
- cbc_mechanism.pParameter = &ivBlock;
- cbc_mechanism.ulParameterLen = blockSize;
- break;
- case CKM_CDMF_MAC_GENERAL:
- mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
- /* fall through */
- case CKM_CDMF_MAC:
- blockSize = 8;
- PORT_Memset(ivBlock,0,blockSize);
- cbc_mechanism.mechanism = CKM_CDMF_CBC;
- cbc_mechanism.pParameter = &ivBlock;
- cbc_mechanism.ulParameterLen = blockSize;
- break;
- default:
- return CKR_FUNCTION_NOT_SUPPORTED;
- }
-
- crv = pk11_EncryptInit(hSession, &cbc_mechanism, hKey, keyUsage,
- contextType);
- if (crv != CKR_OK) return crv;
- crv = pk11_GetContext(hSession,&context,contextType,PR_TRUE,NULL);
-
- /* this shouldn't happen! */
- PORT_Assert(crv == CKR_OK);
- if (crv != CKR_OK) return crv;
- context->blockSize = blockSize;
- if (mac_bytes == PK11_INVALID_MAC_SIZE) mac_bytes = blockSize/2;
- context->macSize = mac_bytes;
- return CKR_OK;
-}
-
-/*
- * encode RSA PKCS #1 Signature data before signing...
- */
-static SECStatus
-pk11_HashSign(PK11HashSignInfo *info,unsigned char *sig,unsigned int *sigLen,
- unsigned int maxLen,unsigned char *hash, unsigned int hashLen)
-{
-
- SECStatus rv = SECFailure;
- SECItem digder;
- PLArenaPool *arena = NULL;
- SGNDigestInfo *di = NULL;
-
- digder.data = NULL;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) { goto loser; }
-
- /* Construct digest info */
- di = SGN_CreateDigestInfo(info->hashOid, hash, hashLen);
- if (!di) { goto loser; }
-
- /* Der encode the digest as a DigestInfo */
- rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate, di);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- /*
- ** Encrypt signature after constructing appropriate PKCS#1 signature
- ** block
- */
- rv = RSA_Sign(info->key,sig,sigLen,maxLen,digder.data,digder.len);
-
- loser:
- SGN_DestroyDigestInfo(di);
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- return rv;
-}
-
-static SECStatus
-nsc_DSA_Verify_Stub(void *ctx, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
- CK_BYTE_PTR pData, CK_ULONG ulDataLen)
-{
- SECItem signature, digest;
-
- signature.data = pSignature;
- signature.len = ulSignatureLen;
- digest.data = pData;
- digest.len = ulDataLen;
- return DSA_VerifyDigest((DSAPublicKey *)ctx, &signature, &digest);
-}
-
-static SECStatus
-nsc_DSA_Sign_Stub(void *ctx, CK_BYTE_PTR pSignature,
- CK_ULONG_PTR ulSignatureLen, CK_ULONG maxulSignatureLen,
- CK_BYTE_PTR pData, CK_ULONG ulDataLen)
-{
- SECItem signature = { 0 }, digest;
- SECStatus rv;
-
- (void)SECITEM_AllocItem(NULL, &signature, maxulSignatureLen);
- digest.data = pData;
- digest.len = ulDataLen;
- rv = DSA_SignDigest((DSAPrivateKey *)ctx, &signature, &digest);
- *ulSignatureLen = signature.len;
- PORT_Memcpy(pSignature, signature.data, signature.len);
- SECITEM_FreeItem(&signature, PR_FALSE);
- return rv;
-}
-
-/* NSC_SignInit setups up the signing operations. There are three basic
- * types of signing:
- * (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
- * to data in a single Sign operation (which often looks a lot like an
- * encrypt, with data coming in and data going out).
- * (2) Hash based signing, where we continually hash the data, then apply
- * some sort of signature to the end.
- * (3) Block Encryption CBC MAC's, where the Data is encrypted with a key,
- * and only the final block is part of the mac.
- *
- * For case number 3, we initialize a context much like the Encryption Context
- * (in fact we share code). We detect case 3 in C_SignUpdate, C_Sign, and
- * C_Final by the following method... if it's not multi-part, and it's doesn't
- * have a hash context, it must be a block Encryption CBC MAC.
- *
- * For case number 2, we initialize a hash structure, as well as make it
- * multi-part. Updates are simple calls to the hash update function. Final
- * calls the hashend, then passes the result to the 'update' function (which
- * operates as a final signature function). In some hash based MAC'ing (as
- * opposed to hash base signatures), the update function is can be simply a
- * copy (as is the case with HMAC).
- */
-CK_RV NSC_SignInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
-{
- PK11Session *session;
- PK11Object *key;
- PK11SessionContext *context;
- CK_KEY_TYPE key_type;
- CK_RV crv = CKR_OK;
- SECKEYLowPrivateKey *privKey;
- PK11HashSignInfo *info = NULL;
-
- /* Block Cipher MACing Algorithms use a different Context init method..*/
- crv = pk11_InitCBCMac(hSession, pMechanism, hKey, CKA_SIGN, PK11_SIGN);
- if (crv != CKR_FUNCTION_NOT_SUPPORTED) return crv;
-
- /* we're not using a block cipher mac */
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- crv = pk11_InitGeneric(session,&context,PK11_SIGN,&key,hKey,&key_type,
- CKO_PRIVATE_KEY,CKA_SIGN);
- if (crv != CKR_OK) {
- pk11_FreeSession(session);
- return crv;
- }
-
- context->multi = PR_FALSE;
-
- switch(pMechanism->mechanism) {
- case CKM_MD5_RSA_PKCS:
- context->multi = PR_TRUE;
- crv = pk11_doSubMD2(context);
- if (crv != CKR_OK) break;
- context->update = (PK11Cipher) pk11_HashSign;
- info = (PK11HashSignInfo *)PORT_Alloc(sizeof(PK11HashSignInfo));
- if (info == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- info->hashOid = SEC_OID_MD5;
- goto finish_rsa;
- case CKM_MD2_RSA_PKCS:
- context->multi = PR_TRUE;
- crv = pk11_doSubMD2(context);
- if (crv != CKR_OK) break;
- context->update = (PK11Cipher) pk11_HashSign;
- info = (PK11HashSignInfo *)PORT_Alloc(sizeof(PK11HashSignInfo));
- if (info == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- info->hashOid = SEC_OID_MD2;
- goto finish_rsa;
- case CKM_SHA1_RSA_PKCS:
- context->multi = PR_TRUE;
- crv = pk11_doSubSHA1(context);
- if (crv != CKR_OK) break;
- context->update = (PK11Cipher) pk11_HashSign;
- info = (PK11HashSignInfo *)PORT_Alloc(sizeof(PK11HashSignInfo));
- if (info == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- info->hashOid = SEC_OID_SHA1;
- goto finish_rsa;
- case CKM_RSA_PKCS:
- context->update = (PK11Cipher) RSA_Sign;
- goto finish_rsa;
- case CKM_RSA_X_509:
- context->update = (PK11Cipher) RSA_SignRaw;
-finish_rsa:
- if (key_type != CKK_RSA) {
- if (info) PORT_Free(info);
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- context->multi = PR_FALSE;
- privKey = pk11_GetPrivKey(key,CKK_RSA);
- if (privKey == NULL) {
- if (info) PORT_Free(info);
- crv = CKR_HOST_MEMORY;
- break;
- }
- /* OK, info is allocated only if we're doing hash and sign mechanism.
- * It's necessary to be able to set the correct OID in the final
- * signature.
- * Second, what's special about privKey == key->objectInfo?
- * Well we don't 'cache' token versions
- * of private keys because (1) it's sensitive data, and (2) it never
- * gets destroyed. Instead we grab the key out of the database as
- * necessary, but now the key is our context, and we need to free
- * it when we are done. Non-token private keys will get freed when
- * the user destroys the session object (or the session the session
- * object lives in) */
- if (info) {
- info->key = privKey;
- context->cipherInfo = info;
- context->destroy = (privKey == key->objectInfo) ?
- (PK11Destroy)pk11_Space:(PK11Destroy)pk11_FreeSignInfo;
- } else {
- context->cipherInfo = privKey;
- context->destroy = (privKey == key->objectInfo) ?
- (PK11Destroy)pk11_Null:(PK11Destroy)pk11_FreePrivKey;
- }
- break;
-
- case CKM_DSA_SHA1:
- context->multi = PR_TRUE;
- crv = pk11_doSubSHA1(context);
- if (crv != CKR_OK) break;
- /* fall through */
- case CKM_DSA:
- if (key_type != CKK_DSA) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- privKey = pk11_GetPrivKey(key,CKK_DSA);
- if (privKey == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->cipherInfo = &(privKey->u.dsa);
- context->update = (PK11Cipher) nsc_DSA_Sign_Stub;
- context->destroy = pk11_Null;
-
- if (key->objectInfo != privKey) SECKEY_LowDestroyPrivateKey(privKey);
- break;
- case CKM_MD2_HMAC_GENERAL:
- crv = pk11_doHMACInit(context,SEC_OID_MD2,key,
- *(CK_ULONG *)pMechanism->pParameter);
- break;
- case CKM_MD2_HMAC:
- crv = pk11_doHMACInit(context,SEC_OID_MD2,key,MD2_LENGTH);
- break;
- case CKM_MD5_HMAC_GENERAL:
- crv = pk11_doHMACInit(context,SEC_OID_MD5,key,
- *(CK_ULONG *)pMechanism->pParameter);
- break;
- case CKM_MD5_HMAC:
- crv = pk11_doHMACInit(context,SEC_OID_MD5,key,MD5_LENGTH);
- break;
- case CKM_SHA_1_HMAC_GENERAL:
- crv = pk11_doHMACInit(context,SEC_OID_SHA1,key,
- *(CK_ULONG *)pMechanism->pParameter);
- break;
- case CKM_SHA_1_HMAC:
- crv = pk11_doHMACInit(context,SEC_OID_SHA1,key,SHA1_LENGTH);
- break;
- case CKM_SSL3_MD5_MAC:
- crv = pk11_doSSLMACInit(context,SEC_OID_MD5,key,
- *(CK_ULONG *)pMechanism->pParameter);
- break;
- case CKM_SSL3_SHA1_MAC:
- crv = pk11_doSSLMACInit(context,SEC_OID_SHA1,key,
- *(CK_ULONG *)pMechanism->pParameter);
- break;
- case CKM_TLS_PRF_GENERAL:
- crv = pk11_TLSPRFInit(context, key, key_type);
- break;
- default:
- crv = CKR_MECHANISM_INVALID;
- break;
- }
-
- pk11_FreeObject(key);
- if (crv != CKR_OK) {
- PORT_Free(context);
- pk11_FreeSession(session);
- return crv;
- }
- pk11_SetContextByType(session, PK11_SIGN, context);
- pk11_FreeSession(session);
- return CKR_OK;
-}
-
-
-/* MACUpdate is the common implementation for SignUpdate and VerifyUpdate.
- * (sign and verify only very in their setup and final operations) */
-static CK_RV
-pk11_MACUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,PK11ContextType type)
-{
- unsigned int outlen;
- PK11SessionContext *context;
- CK_RV crv;
- SECStatus rv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,type,PR_FALSE,NULL);
- if (crv != CKR_OK) return crv;
-
- if (context->hashInfo) {
- (*context->hashUpdate)(context->hashInfo, pPart, ulPartLen);
- return CKR_OK;
- }
-
- /* must be block cipher macing */
-
- /* deal with previous buffered data */
- if (context->padDataLength != 0) {
- int i;
- /* fill in the padded to a full block size */
- for (i=context->padDataLength; (ulPartLen != 0) &&
- i < (int)context->blockSize; i++) {
- context->padBuf[i] = *pPart++;
- ulPartLen--;
- context->padDataLength++;
- }
-
- /* not enough data to encrypt yet? then return */
- if (context->padDataLength != context->blockSize) return CKR_OK;
- /* encrypt the current padded data */
- rv = (*context->update)(context->cipherInfo,context->macBuf,&outlen,
- PK11_MAX_BLOCK_SIZE,context->padBuf,context->blockSize);
- if (rv != SECSuccess) return CKR_DEVICE_ERROR;
- }
-
- /* save the residual */
- context->padDataLength = ulPartLen % context->blockSize;
- if (context->padDataLength) {
- PORT_Memcpy(context->padBuf,
- &pPart[ulPartLen-context->padDataLength],
- context->padDataLength);
- ulPartLen -= context->padDataLength;
- }
-
- /* if we've exhausted our new buffer, we're done */
- if (ulPartLen == 0) { return CKR_OK; }
-
- /* run the data through out encrypter */
- while (ulPartLen) {
- rv = (*context->update)(context->cipherInfo, context->padBuf, &outlen,
- PK11_MAX_BLOCK_SIZE, pPart, context->blockSize);
- if (rv != SECSuccess) return CKR_DEVICE_ERROR;
- /* paranoia.. make sure we exit the loop */
- PORT_Assert(ulPartLen >= context->blockSize);
- if (ulPartLen < context->blockSize) break;
- ulPartLen -= context->blockSize;
- }
-
- return CKR_OK;
-
-}
-
-/* NSC_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-CK_RV NSC_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen)
-{
- return pk11_MACUpdate(hSession, pPart, ulPartLen, PK11_SIGN);
-}
-
-
-/* NSC_SignFinal finishes a multiple-part signature operation,
- * returning the signature. */
-CK_RV NSC_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen)
-{
- PK11Session *session;
- PK11SessionContext *context;
- unsigned int outlen;
- unsigned int digestLen;
- unsigned int maxoutlen = *pulSignatureLen;
- unsigned char tmpbuf[PK11_MAX_MAC_LENGTH];
- CK_RV crv;
- SECStatus rv = SECSuccess;
-
- /* make sure we're legal */
- *pulSignatureLen = 0;
- crv = pk11_GetContext(hSession,&context,PK11_SIGN,PR_TRUE,&session);
- if (crv != CKR_OK) return crv;
-
- if (context->hashInfo) {
- (*context->end)(context->hashInfo, tmpbuf, &digestLen, sizeof(tmpbuf));
- rv = (*context->update)(context->cipherInfo, pSignature,
- &outlen, maxoutlen, tmpbuf, digestLen);
- *pulSignatureLen = (CK_ULONG) outlen;
- } else {
- /* deal with the last block if any residual */
- if (context->padDataLength) {
- /* fill out rest of pad buffer with pad magic*/
- int i;
- for (i=context->padDataLength; i < (int)context->blockSize; i++) {
- context->padBuf[i] = 0;
- }
- rv = (*context->update)(context->cipherInfo,context->macBuf,
- &outlen,PK11_MAX_BLOCK_SIZE,context->padBuf,context->blockSize);
- }
- if (rv == SECSuccess) {
- PORT_Memcpy(pSignature,context->macBuf,context->macSize);
- *pulSignatureLen = context->macSize;
- }
- }
-
- pk11_FreeContext(context);
- pk11_SetContextByType(session, PK11_SIGN, NULL);
- pk11_FreeSession(session);
-
- return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-/* NSC_Sign signs (encrypts with private key) data in a single part,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-CK_RV NSC_Sign(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen)
-{
- PK11Session *session;
- PK11SessionContext *context;
- unsigned int outlen;
- unsigned int maxoutlen = *pulSignatureLen;
- CK_RV crv,crv2;
- SECStatus rv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_SIGN,PR_FALSE,&session);
- if (crv != CKR_OK) return crv;
-
- /* multi part Signing are completely implemented by SignUpdate and
- * sign Final */
- if (context->multi) {
- pk11_FreeSession(session);
- crv = NSC_SignUpdate(hSession,pData,ulDataLen);
- if (crv != CKR_OK) *pulSignatureLen = 0;
- crv2 = NSC_SignFinal(hSession, pSignature, pulSignatureLen);
- return crv == CKR_OK ? crv2 :crv;
- }
-
- rv = (*context->update)(context->cipherInfo, pSignature,
- &outlen, maxoutlen, pData, ulDataLen);
- *pulSignatureLen = (CK_ULONG) outlen;
- pk11_FreeContext(context);
- pk11_SetContextByType(session, PK11_SIGN, NULL);
- pk11_FreeSession(session);
-
- return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-
-/*
- ************** Crypto Functions: Sign Recover ************************
- */
-/* NSC_SignRecoverInit initializes a signature operation,
- * where the (digest) data can be recovered from the signature.
- * E.g. encryption with the user's private key */
-CK_RV NSC_SignRecoverInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)
-{
- switch (pMechanism->mechanism) {
- case CKM_RSA_PKCS:
- case CKM_RSA_X_509:
- return NSC_SignInit(hSession,pMechanism,hKey);
- default:
- break;
- }
- return CKR_MECHANISM_INVALID;
-}
-
-
-/* NSC_SignRecover signs data in a single operation
- * where the (digest) data can be recovered from the signature.
- * E.g. encryption with the user's private key */
-CK_RV NSC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
- CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
-{
- return NSC_Sign(hSession,pData,ulDataLen,pSignature,pulSignatureLen);
-}
-
-/*
- ************** Crypto Functions: verify ************************
- */
-
-/* Handle RSA Signature formating */
-static SECStatus
-pk11_hashCheckSign(PK11HashVerifyInfo *info, unsigned char *sig,
- unsigned int sigLen, unsigned char *digest, unsigned int digestLen)
-{
-
- SECItem it;
- SGNDigestInfo *di = NULL;
- SECStatus rv = SECSuccess;
-
- it.data = NULL;
-
- if (info->key == NULL) goto loser;
-
- it.len = SECKEY_LowPublicModulusLen(info->key);
- if (!it.len) goto loser;
-
- it.data = (unsigned char *) PORT_Alloc(it.len);
- if (it.data == NULL) goto loser;
-
- /* decrypt the block */
- rv = RSA_CheckSignRecover(info->key, it.data, &it.len, it.len, sig, sigLen);
- if (rv != SECSuccess) goto loser;
-
- di = SGN_DecodeDigestInfo(&it);
- if (di == NULL) goto loser;
- if (di->digest.len != digestLen) goto loser;
-
- /* make sure the tag is OK */
- if (SECOID_GetAlgorithmTag(&di->digestAlgorithm) != info->hashOid) {
- goto loser;
- }
- /* Now check the signature */
- if (PORT_Memcmp(digest, di->digest.data, di->digest.len) == 0) {
- goto done;
- }
-
- loser:
- rv = SECFailure;
-
- done:
- if (it.data != NULL) PORT_Free(it.data);
- if (di != NULL) SGN_DestroyDigestInfo(di);
-
- return rv;
-}
-
-/* NSC_VerifyInit initializes a verification operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature (e.g. DSA) */
-CK_RV NSC_VerifyInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)
-{
- PK11Session *session;
- PK11Object *key;
- PK11SessionContext *context;
- CK_KEY_TYPE key_type;
- CK_RV crv = CKR_OK;
- SECKEYLowPublicKey *pubKey;
- PK11HashVerifyInfo *info = NULL;
-
- /* Block Cipher MACing Algorithms use a different Context init method..*/
- crv = pk11_InitCBCMac(hSession, pMechanism, hKey, CKA_VERIFY, PK11_VERIFY);
- if (crv != CKR_FUNCTION_NOT_SUPPORTED) return crv;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- crv = pk11_InitGeneric(session,&context,PK11_VERIFY,&key,hKey,&key_type,
- CKO_PUBLIC_KEY,CKA_VERIFY);
- if (crv != CKR_OK) {
- pk11_FreeSession(session);
- return crv;
- }
-
- context->multi = PR_FALSE;
-
- switch(pMechanism->mechanism) {
- case CKM_MD5_RSA_PKCS:
- context->multi = PR_TRUE;
- crv = pk11_doSubMD5(context);
- if (crv != CKR_OK) break;
- context->verify = (PK11Verify) pk11_hashCheckSign;
- info = (PK11HashVerifyInfo *)PORT_Alloc(sizeof(PK11HashVerifyInfo));
- if (info == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- info->hashOid = SEC_OID_MD5;
- goto finish_rsa;
- case CKM_MD2_RSA_PKCS:
- context->multi = PR_TRUE;
- crv = pk11_doSubMD2(context);
- if (crv != CKR_OK) break;
- context->verify = (PK11Verify) pk11_hashCheckSign;
- info = (PK11HashVerifyInfo *)PORT_Alloc(sizeof(PK11HashVerifyInfo));
- if (info == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- info->hashOid = SEC_OID_MD2;
- goto finish_rsa;
- case CKM_SHA1_RSA_PKCS:
- context->multi = PR_TRUE;
- crv = pk11_doSubSHA1(context);
- if (crv != CKR_OK) break;
- context->verify = (PK11Verify) pk11_hashCheckSign;
- info = (PK11HashVerifyInfo *)PORT_Alloc(sizeof(PK11HashVerifyInfo));
- if (info == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- info->hashOid = SEC_OID_SHA1;
- goto finish_rsa;
- case CKM_RSA_PKCS:
- context->verify = (PK11Verify) RSA_CheckSign;
- goto finish_rsa;
- case CKM_RSA_X_509:
- context->verify = (PK11Verify) RSA_CheckSignRaw;
-finish_rsa:
- if (key_type != CKK_RSA) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- pubKey = pk11_GetPubKey(key,CKK_RSA);
- if (pubKey == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- if (info) {
- info->key = pubKey;
- context->cipherInfo = info;
- context->destroy = pk11_Space;
- } else {
- context->cipherInfo = pubKey;
- context->destroy = pk11_Null;
- }
- break;
- case CKM_DSA_SHA1:
- context->multi = PR_TRUE;
- crv = pk11_doSubSHA1(context);
- if (crv != CKR_OK) break;
- /* fall through */
- case CKM_DSA:
- if (key_type != CKK_DSA) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- context->multi = PR_FALSE;
- pubKey = pk11_GetPubKey(key,CKK_DSA);
- if (pubKey == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->cipherInfo = &(pubKey->u.dsa);
- context->verify = (PK11Verify) nsc_DSA_Verify_Stub;
- context->destroy = pk11_Null;
- break;
-
- case CKM_MD2_HMAC_GENERAL:
- crv = pk11_doHMACInit(context,SEC_OID_MD2,key,
- *(CK_ULONG *)pMechanism->pParameter);
- break;
- case CKM_MD2_HMAC:
- crv = pk11_doHMACInit(context,SEC_OID_MD2,key,MD2_LENGTH);
- break;
- case CKM_MD5_HMAC_GENERAL:
- crv = pk11_doHMACInit(context,SEC_OID_MD5,key,
- *(CK_ULONG *)pMechanism->pParameter);
- break;
- case CKM_MD5_HMAC:
- crv = pk11_doHMACInit(context,SEC_OID_MD5,key,MD5_LENGTH);
- break;
- case CKM_SHA_1_HMAC_GENERAL:
- crv = pk11_doHMACInit(context,SEC_OID_SHA1,key,
- *(CK_ULONG *)pMechanism->pParameter);
- break;
- case CKM_SHA_1_HMAC:
- crv = pk11_doHMACInit(context,SEC_OID_SHA1,key,SHA1_LENGTH);
- break;
- case CKM_SSL3_MD5_MAC:
- crv = pk11_doSSLMACInit(context,SEC_OID_MD5,key,
- *(CK_ULONG *)pMechanism->pParameter);
- break;
- case CKM_SSL3_SHA1_MAC:
- crv = pk11_doSSLMACInit(context,SEC_OID_SHA1,key,
- *(CK_ULONG *)pMechanism->pParameter);
- break;
- case CKM_TLS_PRF_GENERAL:
- crv = pk11_TLSPRFInit(context, key, key_type);
-
- default:
- crv = CKR_MECHANISM_INVALID;
- break;
- }
-
- pk11_FreeObject(key);
- if (crv != CKR_OK) {
- PORT_Free(context);
- pk11_FreeSession(session);
- return crv;
- }
- pk11_SetContextByType(session, PK11_VERIFY, context);
- pk11_FreeSession(session);
- return CKR_OK;
-}
-
-/* NSC_Verify verifies a signature in a single-part operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-CK_RV NSC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
- CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
-{
- PK11Session *session;
- PK11SessionContext *context;
- CK_RV crv;
- SECStatus rv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_VERIFY,PR_FALSE,&session);
- if (crv != CKR_OK) return crv;
-
- rv = (*context->verify)(context->cipherInfo,pSignature, ulSignatureLen,
- pData, ulDataLen);
- pk11_FreeContext(context);
- pk11_SetContextByType(session, PK11_VERIFY, NULL);
- pk11_FreeSession(session);
-
- return (rv == SECSuccess) ? CKR_OK : CKR_SIGNATURE_INVALID;
-
-}
-
-
-/* NSC_VerifyUpdate continues a multiple-part verification operation,
- * where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature */
-CK_RV NSC_VerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen)
-{
- return pk11_MACUpdate(hSession, pPart, ulPartLen, PK11_VERIFY);
-}
-
-
-/* NSC_VerifyFinal finishes a multiple-part verification operation,
- * checking the signature. */
-CK_RV NSC_VerifyFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)
-{
- PK11Session *session;
- PK11SessionContext *context;
- unsigned int outlen;
- unsigned int digestLen;
- unsigned char tmpbuf[PK11_MAX_MAC_LENGTH];
- CK_RV crv;
- SECStatus rv = SECSuccess;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_VERIFY,PR_TRUE,&session);
- if (crv != CKR_OK) return crv;
-
- if (context->hashInfo) {
- (*context->end)(context->hashInfo, tmpbuf, &digestLen, sizeof(tmpbuf));
- rv = (*context->verify)(context->cipherInfo, pSignature,
- ulSignatureLen, tmpbuf, digestLen);
- } else {
- if (context->padDataLength) {
- /* fill out rest of pad buffer with pad magic*/
- int i;
- for (i=context->padDataLength; i < (int)context->blockSize; i++) {
- context->padBuf[i] = 0;
- }
- rv = (*context->update)(context->cipherInfo,context->macBuf,
- &outlen,PK11_MAX_BLOCK_SIZE,context->padBuf,context->blockSize);
- }
- if (rv == SECSuccess) {
- rv =(PORT_Memcmp(pSignature,context->macBuf,context->macSize) == 0)
- ? SECSuccess : SECFailure;
- }
- }
-
- pk11_FreeContext(context);
- pk11_SetContextByType(session, PK11_VERIFY, NULL);
- pk11_FreeSession(session);
- return (rv == SECSuccess) ? CKR_OK : CKR_SIGNATURE_INVALID;
-
-}
-
-/*
- ************** Crypto Functions: Verify Recover ************************
- */
-
-/* NSC_VerifyRecoverInit initializes a signature verification operation,
- * where the data is recovered from the signature.
- * E.g. Decryption with the user's public key */
-CK_RV NSC_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)
-{
- PK11Session *session;
- PK11Object *key;
- PK11SessionContext *context;
- CK_KEY_TYPE key_type;
- CK_RV crv = CKR_OK;
- SECKEYLowPublicKey *pubKey;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- crv = pk11_InitGeneric(session,&context,PK11_VERIFY_RECOVER,
- &key,hKey,&key_type,CKO_PUBLIC_KEY,CKA_VERIFY_RECOVER);
- if (crv != CKR_OK) {
- pk11_FreeSession(session);
- return crv;
- }
-
- context->multi = PR_TRUE;
-
- switch(pMechanism->mechanism) {
- case CKM_RSA_PKCS:
- case CKM_RSA_X_509:
- if (key_type != CKK_RSA) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- context->multi = PR_FALSE;
- pubKey = pk11_GetPubKey(key,CKK_RSA);
- if (pubKey == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- context->cipherInfo = pubKey;
- context->update = (PK11Cipher) (pMechanism->mechanism == CKM_RSA_X_509
- ? RSA_CheckSignRecoverRaw : RSA_CheckSignRecover);
- context->destroy = pk11_Null;
- break;
- default:
- crv = CKR_MECHANISM_INVALID;
- break;
- }
-
- pk11_FreeObject(key);
- if (crv != CKR_OK) {
- PORT_Free(context);
- pk11_FreeSession(session);
- return crv;
- }
- pk11_SetContextByType(session, PK11_VERIFY_RECOVER, context);
- pk11_FreeSession(session);
- return CKR_OK;
-}
-
-
-/* NSC_VerifyRecover verifies a signature in a single-part operation,
- * where the data is recovered from the signature.
- * E.g. Decryption with the user's public key */
-CK_RV NSC_VerifyRecover(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen,
- CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)
-{
- PK11Session *session;
- PK11SessionContext *context;
- unsigned int outlen;
- unsigned int maxoutlen = *pulDataLen;
- CK_RV crv;
- SECStatus rv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession,&context,PK11_VERIFY_RECOVER,
- PR_FALSE,&session);
- if (crv != CKR_OK) return crv;
-
- rv = (*context->update)(context->cipherInfo, pData, &outlen, maxoutlen,
- pSignature, ulSignatureLen);
- *pulDataLen = (CK_ULONG) outlen;
- pk11_FreeContext(context);
- pk11_SetContextByType(session, PK11_VERIFY_RECOVER, NULL);
- pk11_FreeSession(session);
- return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-/*
- **************************** Random Functions: ************************
- */
-
-/* NSC_SeedRandom mixes additional seed material into the token's random number
- * generator. */
-CK_RV NSC_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
- CK_ULONG ulSeedLen)
-{
- SECStatus rv;
-
- rv = RNG_RandomUpdate(pSeed, ulSeedLen);
- return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-/* NSC_GenerateRandom generates random data. */
-CK_RV NSC_GenerateRandom(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)
-{
- SECStatus rv;
-
- rv = RNG_GenerateGlobalRandomBytes(pRandomData, ulRandomLen);
- return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
-}
-
-/*
- **************************** Key Functions: ************************
- */
-
-/*
- * generate a password based encryption key. This code uses
- * PKCS5 to do the work. Note that it calls PBE_PK11ParamToAlgid, which is
- * a utility function in secpkcs5.c. This function is used in here
- * and in PK11_ParamToAlgid.
- */
-CK_RV
-pk11_pbe_key_gen(SECOidTag algtag,CK_MECHANISM_PTR pMechanism,
- char *buf,int *key_length, PRBool faulty3DES)
-{
- SECAlgorithmID algid;
- SECItem *pbe_key = NULL, mech;
- CK_PBE_PARAMS *pbe_params = NULL;
- SECStatus pbe_rv;
-
- *key_length = 0;
-
- mech.data = (unsigned char *)pMechanism->pParameter;
- mech.len = (unsigned int)pMechanism->ulParameterLen;
-
- /* A common routine to map from Params to AlgIDs for PBE
- * algorithms was created in secpkcs5.c. This function is
- * called both by PK11_ParamToAlgid and this function.
- */
- pbe_rv = PBE_PK11ParamToAlgid(algtag, &mech, NULL, &algid);
- if (pbe_rv != SECSuccess) {
- return CKR_DATA_INVALID;
- }
- pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter;
- mech.data = (unsigned char *)pbe_params->pPassword;
- mech.len = (unsigned int)pbe_params->ulPasswordLen;
- pbe_key = SEC_PKCS5GetKey(&algid, &mech, faulty3DES);
- if (pbe_key == NULL) {
- SECOID_DestroyAlgorithmID(&algid, PR_FALSE);
- return CKR_HOST_MEMORY;
- }
- PORT_Memcpy(buf, pbe_key->data, pbe_key->len);
- *key_length = pbe_key->len;
- SECITEM_ZfreeItem(pbe_key, PR_TRUE);
- pbe_key = NULL;
-
- if (pbe_params->pInitVector == NULL) {
- pbe_key = SEC_PKCS5GetIV(&algid, &mech, faulty3DES);
- if (pbe_key == NULL) {
- SECOID_DestroyAlgorithmID(&algid, PR_FALSE);
- SECITEM_ZfreeItem(pbe_key, PR_TRUE);
- return CKR_HOST_MEMORY;
- }
- pbe_params->pInitVector = (CK_CHAR_PTR)PORT_ZAlloc(pbe_key->len);
- if (pbe_params->pInitVector == NULL) {
- SECOID_DestroyAlgorithmID(&algid, PR_FALSE);
- SECITEM_ZfreeItem(pbe_key, PR_TRUE);
- return CKR_HOST_MEMORY;
- }
- PORT_Memcpy(pbe_params->pInitVector, pbe_key->data, pbe_key->len);
- }
- SECITEM_ZfreeItem(pbe_key, PR_TRUE);
- SECOID_DestroyAlgorithmID(&algid, PR_FALSE);
- return CKR_OK;
-}
-
-/* NSC_GenerateKey generates a secret key, creating a new key object. */
-CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phKey)
-{
- PK11Object *key;
- PK11Session *session;
- PRBool checkWeak = PR_FALSE;
- int key_length = 0;
- CK_KEY_TYPE key_type;
- CK_OBJECT_CLASS objclass = CKO_SECRET_KEY;
- CK_RV crv = CKR_OK;
- CK_BBOOL cktrue = CK_TRUE;
- int i;
- PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
- char buf[MAX_KEY_LEN];
- enum {pk11_pbe, pk11_ssl, pk11_bulk} key_gen_type;
- SECOidTag algtag = SEC_OID_UNKNOWN;
- SSL3RSAPreMasterSecret *rsa_pms;
- CK_VERSION *version;
- /* in very old versions of NSS, there were implementation errors with key
- * generation methods. We want to beable to read these, but not
- * produce them any more. The affected algorithm was 3DES.
- */
- PRBool faultyPBE3DES = PR_FALSE;
-
- /*
- * now lets create an object to hang the attributes off of
- */
- key = pk11_NewObject(slot); /* fill in the handle later */
- if (key == NULL) {
- return CKR_HOST_MEMORY;
- }
-
- /*
- * load the template values into the object
- */
- for (i=0; i < (int) ulCount; i++) {
- if (pTemplate[i].type == CKA_VALUE_LEN) {
- key_length = *(CK_ULONG *)pTemplate[i].pValue;
- continue;
- }
-
- crv = pk11_AddAttributeType(key,pk11_attr_expand(&pTemplate[i]));
- if (crv != CKR_OK) break;
- }
- if (crv != CKR_OK) {
- pk11_FreeObject(key);
- return crv;
- }
-
- /* make sure we don't have any class, key_type, or value fields */
- pk11_DeleteAttributeType(key,CKA_CLASS);
- pk11_DeleteAttributeType(key,CKA_KEY_TYPE);
- pk11_DeleteAttributeType(key,CKA_VALUE);
-
- /* Now Set up the parameters to generate the key (based on mechanism) */
- key_gen_type = pk11_bulk; /* bulk key by default */
- switch (pMechanism->mechanism) {
- case CKM_RC2_KEY_GEN:
- key_type = CKK_RC2;
- if (key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE;
- break;
- case CKM_RC5_KEY_GEN:
- key_type = CKK_RC5;
- if (key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE;
- break;
- case CKM_RC4_KEY_GEN:
- key_type = CKK_RC4;
- if (key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE;
- break;
- case CKM_GENERIC_SECRET_KEY_GEN:
- key_type = CKK_GENERIC_SECRET;
- if (key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE;
- break;
- case CKM_CDMF_KEY_GEN:
- key_type = CKK_CDMF;
- key_length = 8;
- checkWeak = PR_TRUE;
- break;
- case CKM_DES_KEY_GEN:
- key_type = CKK_DES;
- key_length = 8;
- checkWeak = PR_TRUE;
- break;
- case CKM_DES2_KEY_GEN:
- key_type = CKK_DES2;
- key_length = 16;
- checkWeak = PR_TRUE;
- break;
- case CKM_DES3_KEY_GEN:
- key_type = CKK_DES3;
- key_length = 24;
- checkWeak = PR_TRUE;
- break;
- case CKM_SSL3_PRE_MASTER_KEY_GEN:
- key_type = CKK_GENERIC_SECRET;
- key_length = 48;
- key_gen_type = pk11_ssl;
- break;
- case CKM_PBE_MD2_DES_CBC:
- algtag = SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC;
- key_type = CKK_DES;
- goto have_key_type;
- case CKM_PBE_MD5_DES_CBC:
- algtag = SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC;
- key_type = CKK_DES;
- goto have_key_type;
- case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
- algtag = SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC;
- key_type = CKK_DES;
- goto have_key_type;
- case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
- faultyPBE3DES = PR_TRUE;
- case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
- algtag = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC;
- key_type = CKK_DES3;
- goto have_key_type;
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
- algtag = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
- key_type = CKK_RC2;
- goto have_key_type;
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
- algtag = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC;
- key_type = CKK_RC2;
- goto have_key_type;
- case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
- algtag = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4;
- key_type = CKK_RC4;
- goto have_key_type;
- case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
- algtag = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4;
- key_type = CKK_RC4;
- goto have_key_type;
- case CKM_PBE_SHA1_RC4_40:
- algtag = SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4;
- key_length = 5;
- key_type = CKK_RC4;
- goto have_key_type;
- case CKM_PBE_SHA1_RC4_128:
- algtag = SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4;
- key_length = 16;
- key_type = CKK_RC4;
- goto have_key_type;
- case CKM_PBE_SHA1_RC2_40_CBC:
- algtag = SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
- key_length = 5;
- key_type = CKK_RC2;
- goto have_key_type;
- case CKM_PBE_SHA1_RC2_128_CBC:
- algtag = SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC;
- key_length = 16;
- key_type = CKK_RC2;
- goto have_key_type;
- case CKM_PBE_SHA1_DES3_EDE_CBC:
- algtag = SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
- key_length = 24;
- key_type = CKK_DES3;
- goto have_key_type;
- case CKM_PBE_SHA1_DES2_EDE_CBC:
- algtag = SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC;
- key_length = 16;
- key_type = CKK_DES2;
- checkWeak = PR_FALSE;
-have_key_type:
- key_gen_type = pk11_pbe;
- break;
- default:
- crv = CKR_MECHANISM_INVALID;
- }
- /* make sure we aren't going to overflow the buffer */
- if (sizeof(buf) < key_length) {
- /* someone is getting pretty optimistic about how big their key can
- * be... */
- crv = CKR_TEMPLATE_INCONSISTENT;
- }
-
- if (crv != CKR_OK) { pk11_FreeObject(key); return crv; }
-
- /*
- * now to the actual key gen.
- */
- switch (key_gen_type) {
- case pk11_pbe:
- crv = pk11_pbe_key_gen(algtag, pMechanism, buf, &key_length,
- faultyPBE3DES);
- break;
- case pk11_ssl:
- rsa_pms = (SSL3RSAPreMasterSecret *)buf;
- version = (CK_VERSION *)pMechanism->pParameter;
- rsa_pms->client_version[0] = version->major;
- rsa_pms->client_version[1] = version->minor;
- crv =
- NSC_GenerateRandom(0,&rsa_pms->random[0], sizeof(rsa_pms->random));
- break;
- case pk11_bulk:
- /* get the key, check for weak keys and repeat if found */
- do {
- crv = NSC_GenerateRandom(0, (unsigned char *)buf, key_length);
- } while (crv == CKR_OK && checkWeak &&
- pk11_IsWeakKey((unsigned char *)buf,key_type));
- break;
- }
-
- if (crv != CKR_OK) { pk11_FreeObject(key); return crv; }
-
- /* Add the class, key_type, and value */
- crv = pk11_AddAttributeType(key,CKA_CLASS,&objclass,sizeof(CK_OBJECT_CLASS));
- if (crv != CKR_OK) { pk11_FreeObject(key); return crv; }
- crv = pk11_AddAttributeType(key,CKA_KEY_TYPE,&key_type,sizeof(CK_KEY_TYPE));
- if (crv != CKR_OK) { pk11_FreeObject(key); return crv; }
- crv = pk11_AddAttributeType(key,CKA_CLASS,&objclass,sizeof(CK_OBJECT_CLASS));
- if (crv != CKR_OK) { pk11_FreeObject(key); return crv; }
- crv = pk11_AddAttributeType(key,CKA_VALUE,buf,key_length);
- if (crv != CKR_OK) { pk11_FreeObject(key); return crv; }
-
- /* get the session */
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- pk11_FreeObject(key);
- return CKR_SESSION_HANDLE_INVALID;
- }
-
- /*
- * handle the base object stuff
- */
- crv = pk11_handleObject(key,session);
- pk11_FreeSession(session);
- if (crv != CKR_OK) {
- pk11_FreeObject(key);
- return crv;
- }
- if (pk11_isTrue(key,CKA_SENSITIVE)) {
- pk11_forceAttribute(key,CKA_ALWAYS_SENSITIVE,&cktrue,sizeof(CK_BBOOL));
- }
- if (!pk11_isTrue(key,CKA_EXTRACTABLE)) {
- pk11_forceAttribute(key,CKA_NEVER_EXTRACTABLE,&cktrue,sizeof(CK_BBOOL));
- }
-
- *phKey = key->handle;
- return CKR_OK;
-}
-
-
-
-/* NSC_GenerateKeyPair generates a public-key/private-key pair,
- * creating new key objects. */
-CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPrivateKey,
- CK_OBJECT_HANDLE_PTR phPublicKey)
-{
- PK11Object * publicKey,*privateKey;
- PK11Session * session;
- CK_KEY_TYPE key_type;
- CK_RV crv = CKR_OK;
- CK_BBOOL cktrue = CK_TRUE;
- SECStatus rv;
- CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY;
- CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY;
- int i;
- PK11Slot * slot = pk11_SlotFromSessionHandle(hSession);
-
- /* RSA */
- int public_modulus_bits = 0;
- SECItem pubExp;
- RSAPrivateKey * rsaPriv;
-
- /* DSA */
- PQGParams pqgParam;
- DHParams dhParam;
- DSAPrivateKey * dsaPriv;
-
- /* Diffie Hellman */
- int private_value_bits = 0;
- DHPrivateKey * dhPriv;
-
- /*
- * now lets create an object to hang the attributes off of
- */
- publicKey = pk11_NewObject(slot); /* fill in the handle later */
- if (publicKey == NULL) {
- return CKR_HOST_MEMORY;
- }
-
- /*
- * load the template values into the publicKey
- */
- for (i=0; i < (int) ulPublicKeyAttributeCount; i++) {
- if (pPublicKeyTemplate[i].type == CKA_MODULUS_BITS) {
- public_modulus_bits = *(CK_ULONG *)pPublicKeyTemplate[i].pValue;
- continue;
- }
-
- crv = pk11_AddAttributeType(publicKey,
- pk11_attr_expand(&pPublicKeyTemplate[i]));
- if (crv != CKR_OK) break;
- }
-
- if (crv != CKR_OK) {
- pk11_FreeObject(publicKey);
- return CKR_HOST_MEMORY;
- }
-
- privateKey = pk11_NewObject(slot); /* fill in the handle later */
- if (privateKey == NULL) {
- pk11_FreeObject(publicKey);
- return CKR_HOST_MEMORY;
- }
- /*
- * now load the private key template
- */
- for (i=0; i < (int) ulPrivateKeyAttributeCount; i++) {
- if (pPrivateKeyTemplate[i].type == CKA_VALUE_BITS) {
- private_value_bits = *(CK_ULONG *)pPrivateKeyTemplate[i].pValue;
- continue;
- }
-
- crv = pk11_AddAttributeType(privateKey,
- pk11_attr_expand(&pPrivateKeyTemplate[i]));
- if (crv != CKR_OK) break;
- }
-
- if (crv != CKR_OK) {
- pk11_FreeObject(publicKey);
- pk11_FreeObject(privateKey);
- return CKR_HOST_MEMORY;
- }
- pk11_DeleteAttributeType(privateKey,CKA_CLASS);
- pk11_DeleteAttributeType(privateKey,CKA_KEY_TYPE);
- pk11_DeleteAttributeType(privateKey,CKA_VALUE);
- pk11_DeleteAttributeType(publicKey,CKA_CLASS);
- pk11_DeleteAttributeType(publicKey,CKA_KEY_TYPE);
- pk11_DeleteAttributeType(publicKey,CKA_VALUE);
-
- /* Now Set up the parameters to generate the key (based on mechanism) */
- switch (pMechanism->mechanism) {
- case CKM_RSA_PKCS_KEY_PAIR_GEN:
- /* format the keys */
- pk11_DeleteAttributeType(publicKey,CKA_MODULUS);
- pk11_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB);
- pk11_DeleteAttributeType(privateKey,CKA_MODULUS);
- pk11_DeleteAttributeType(privateKey,CKA_PRIVATE_EXPONENT);
- pk11_DeleteAttributeType(privateKey,CKA_PUBLIC_EXPONENT);
- pk11_DeleteAttributeType(privateKey,CKA_PRIME_1);
- pk11_DeleteAttributeType(privateKey,CKA_PRIME_2);
- pk11_DeleteAttributeType(privateKey,CKA_EXPONENT_1);
- pk11_DeleteAttributeType(privateKey,CKA_EXPONENT_2);
- pk11_DeleteAttributeType(privateKey,CKA_COEFFICIENT);
- key_type = CKK_RSA;
- if (public_modulus_bits == 0) {
- crv = CKR_TEMPLATE_INCOMPLETE;
- break;
- }
-
- /* extract the exponent */
- crv=pk11_Attribute2SSecItem(NULL,&pubExp,publicKey,CKA_PUBLIC_EXPONENT);
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_PUBLIC_EXPONENT,
- pk11_item_expand(&pubExp));
- if (crv != CKR_OK) {
- PORT_Free(pubExp.data);
- break;
- }
-
- rsaPriv = RSA_NewKey(public_modulus_bits, &pubExp);
- PORT_Free(pubExp.data);
- if (rsaPriv == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- /* now fill in the RSA dependent paramenters in the public key */
- crv = pk11_AddAttributeType(publicKey,CKA_MODULUS,
- pk11_item_expand(&rsaPriv->modulus));
- if (crv != CKR_OK) goto kpg_done;
- /* now fill in the RSA dependent paramenters in the private key */
- crv = pk11_AddAttributeType(privateKey,CKA_NETSCAPE_DB,
- pk11_item_expand(&rsaPriv->modulus));
- if (crv != CKR_OK) goto kpg_done;
- crv = pk11_AddAttributeType(privateKey,CKA_MODULUS,
- pk11_item_expand(&rsaPriv->modulus));
- if (crv != CKR_OK) goto kpg_done;
- crv = pk11_AddAttributeType(privateKey,CKA_PRIVATE_EXPONENT,
- pk11_item_expand(&rsaPriv->privateExponent));
- if (crv != CKR_OK) goto kpg_done;
- crv = pk11_AddAttributeType(privateKey,CKA_PRIME_1,
- pk11_item_expand(&rsaPriv->prime1));
- if (crv != CKR_OK) goto kpg_done;
- crv = pk11_AddAttributeType(privateKey,CKA_PRIME_2,
- pk11_item_expand(&rsaPriv->prime2));
- if (crv != CKR_OK) goto kpg_done;
- crv = pk11_AddAttributeType(privateKey,CKA_EXPONENT_1,
- pk11_item_expand(&rsaPriv->exponent1));
- if (crv != CKR_OK) goto kpg_done;
- crv = pk11_AddAttributeType(privateKey,CKA_EXPONENT_2,
- pk11_item_expand(&rsaPriv->exponent2));
- if (crv != CKR_OK) goto kpg_done;
- crv = pk11_AddAttributeType(privateKey,CKA_COEFFICIENT,
- pk11_item_expand(&rsaPriv->coefficient));
-kpg_done:
- /* Should zeroize the contents first, since this func doesn't. */
- PORT_FreeArena(rsaPriv->arena, PR_TRUE);
- break;
- case CKM_DSA_KEY_PAIR_GEN:
- pk11_DeleteAttributeType(publicKey,CKA_VALUE);
- pk11_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB);
- pk11_DeleteAttributeType(privateKey,CKA_PRIME);
- pk11_DeleteAttributeType(privateKey,CKA_SUBPRIME);
- pk11_DeleteAttributeType(privateKey,CKA_BASE);
- key_type = CKK_DSA;
-
- /* extract the necessary paramters and copy them to the private key */
- crv=pk11_Attribute2SSecItem(NULL,&pqgParam.prime,publicKey,CKA_PRIME);
- if (crv != CKR_OK) break;
- crv=pk11_Attribute2SSecItem(NULL,&pqgParam.subPrime,publicKey,
- CKA_SUBPRIME);
- if (crv != CKR_OK) {
- PORT_Free(pqgParam.prime.data);
- break;
- }
- crv=pk11_Attribute2SSecItem(NULL,&pqgParam.base,publicKey,CKA_BASE);
- if (crv != CKR_OK) {
- PORT_Free(pqgParam.prime.data);
- PORT_Free(pqgParam.subPrime.data);
- break;
- }
- crv = pk11_AddAttributeType(privateKey,CKA_PRIME,
- pk11_item_expand(&pqgParam.prime));
- if (crv != CKR_OK) {
- PORT_Free(pqgParam.prime.data);
- PORT_Free(pqgParam.subPrime.data);
- PORT_Free(pqgParam.base.data);
- break;
- }
- crv = pk11_AddAttributeType(privateKey,CKA_SUBPRIME,
- pk11_item_expand(&pqgParam.subPrime));
- if (crv != CKR_OK) {
- PORT_Free(pqgParam.prime.data);
- PORT_Free(pqgParam.subPrime.data);
- PORT_Free(pqgParam.base.data);
- break;
- }
- crv = pk11_AddAttributeType(privateKey,CKA_BASE,
- pk11_item_expand(&pqgParam.base));
- if (crv != CKR_OK) {
- PORT_Free(pqgParam.prime.data);
- PORT_Free(pqgParam.subPrime.data);
- PORT_Free(pqgParam.base.data);
- break;
- }
-
- /* Generate the key */
- rv = DSA_NewKey(&pqgParam, &dsaPriv);
-
- PORT_Free(pqgParam.prime.data);
- PORT_Free(pqgParam.subPrime.data);
- PORT_Free(pqgParam.base.data);
-
- if (rv != SECSuccess) { crv = CKR_HOST_MEMORY; break; }
-
- /* store the generated key into the attributes */
- crv = pk11_AddAttributeType(publicKey,CKA_VALUE,
- pk11_item_expand(&dsaPriv->publicValue));
- if (crv != CKR_OK) goto dsagn_done;
-
- /* now fill in the RSA dependent paramenters in the private key */
- crv = pk11_AddAttributeType(privateKey,CKA_NETSCAPE_DB,
- pk11_item_expand(&dsaPriv->publicValue));
- if (crv != CKR_OK) goto dsagn_done;
- crv = pk11_AddAttributeType(privateKey,CKA_VALUE,
- pk11_item_expand(&dsaPriv->privateValue));
-
-dsagn_done:
- /* should zeroize, since this function doesn't. */
- PORT_FreeArena(dsaPriv->params.arena, PR_TRUE);
- break;
-
- case CKM_DH_PKCS_KEY_PAIR_GEN:
- pk11_DeleteAttributeType(privateKey,CKA_PRIME);
- pk11_DeleteAttributeType(privateKey,CKA_BASE);
- pk11_DeleteAttributeType(privateKey,CKA_VALUE);
- key_type = CKK_DH;
-
- /* extract the necessary parameters and copy them to private keys */
- crv = pk11_Attribute2SSecItem(NULL, &dhParam.prime, publicKey,
- CKA_PRIME);
- if (crv != CKR_OK) break;
- crv = pk11_Attribute2SSecItem(NULL, &dhParam.base, publicKey, CKA_BASE);
- if (crv != CKR_OK) {
- PORT_Free(dhParam.prime.data);
- break;
- }
- crv = pk11_AddAttributeType(privateKey, CKA_PRIME,
- pk11_item_expand(&dhParam.prime));
- if (crv != CKR_OK) {
- PORT_Free(dhParam.prime.data);
- PORT_Free(dhParam.base.data);
- break;
- }
- crv = pk11_AddAttributeType(privateKey, CKA_BASE,
- pk11_item_expand(&dhParam.base));
- if (crv != CKR_OK) goto dhgn_done;
-
- rv = DH_NewKey(&dhParam, &dhPriv);
- PORT_Free(dhParam.prime.data);
- PORT_Free(dhParam.base.data);
- if (rv != SECSuccess) {
- crv = CKR_HOST_MEMORY;
- break;
- }
-
- crv=pk11_AddAttributeType(publicKey, CKA_VALUE,
- pk11_item_expand(&dhPriv->publicValue));
- if (crv != CKR_OK) goto dhgn_done;
-
- crv=pk11_AddAttributeType(privateKey, CKA_VALUE,
- pk11_item_expand(&dhPriv->privateValue));
-
-dhgn_done:
- /* should zeroize, since this function doesn't. */
- PORT_FreeArena(dhPriv->arena, PR_TRUE);
- break;
-
- default:
- crv = CKR_MECHANISM_INVALID;
- }
-
- if (crv != CKR_OK) {
- pk11_FreeObject(privateKey);
- pk11_FreeObject(publicKey);
- return crv;
- }
-
-
- /* Add the class, key_type The loop lets us check errors blow out
- * on errors and clean up at the bottom */
- session = NULL; /* make pedtantic happy... session cannot leave the*/
- /* loop below NULL unless an error is set... */
- do {
- crv = pk11_AddAttributeType(privateKey,CKA_CLASS,&privClass,
- sizeof(CK_OBJECT_CLASS));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(publicKey,CKA_CLASS,&pubClass,
- sizeof(CK_OBJECT_CLASS));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(privateKey,CKA_KEY_TYPE,&key_type,
- sizeof(CK_KEY_TYPE));
- if (crv != CKR_OK) break;
- crv = pk11_AddAttributeType(publicKey,CKA_KEY_TYPE,&key_type,
- sizeof(CK_KEY_TYPE));
- if (crv != CKR_OK) break;
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) crv = CKR_SESSION_HANDLE_INVALID;
- } while (0);
-
- if (crv != CKR_OK) {
- pk11_FreeObject(privateKey);
- pk11_FreeObject(publicKey);
- return crv;
- }
-
- /*
- * handle the base object cleanup for the public Key
- */
- crv = pk11_handleObject(publicKey,session);
- if (crv != CKR_OK) {
- pk11_FreeSession(session);
- pk11_FreeObject(privateKey);
- pk11_FreeObject(publicKey);
- return crv;
- }
-
- /*
- * handle the base object cleanup for the private Key
- * If we have any problems, we destroy the public Key we've
- * created and linked.
- */
- crv = pk11_handleObject(privateKey,session);
- pk11_FreeSession(session);
- if (crv != CKR_OK) {
- pk11_FreeObject(privateKey);
- NSC_DestroyObject(hSession,publicKey->handle);
- return crv;
- }
- if (pk11_isTrue(privateKey,CKA_SENSITIVE)) {
- pk11_forceAttribute(privateKey,CKA_ALWAYS_SENSITIVE,
- &cktrue,sizeof(CK_BBOOL));
- }
- if (pk11_isTrue(publicKey,CKA_SENSITIVE)) {
- pk11_forceAttribute(publicKey,CKA_ALWAYS_SENSITIVE,
- &cktrue,sizeof(CK_BBOOL));
- }
- if (!pk11_isTrue(privateKey,CKA_EXTRACTABLE)) {
- pk11_forceAttribute(privateKey,CKA_NEVER_EXTRACTABLE,
- &cktrue,sizeof(CK_BBOOL));
- }
- if (!pk11_isTrue(publicKey,CKA_EXTRACTABLE)) {
- pk11_forceAttribute(publicKey,CKA_NEVER_EXTRACTABLE,
- &cktrue,sizeof(CK_BBOOL));
- }
- *phPrivateKey = privateKey->handle;
- *phPublicKey = publicKey->handle;
-
- return CKR_OK;
-}
-
-static SECItem *pk11_PackagePrivateKey(PK11Object *key)
-{
- SECKEYLowPrivateKey *lk = NULL;
- SECKEYPrivateKeyInfo *pki = NULL;
- PK11Attribute *attribute = NULL;
- PLArenaPool *arena = NULL;
- SECOidTag algorithm = SEC_OID_UNKNOWN;
- void *dummy, *param = NULL;
- SECStatus rv = SECSuccess;
- SECItem *encodedKey = NULL;
-
- if(!key) {
- return NULL;
- }
-
- attribute = pk11_FindAttribute(key, CKA_KEY_TYPE);
- if(!attribute) {
- return NULL;
- }
-
- lk = pk11_GetPrivKey(key, *(CK_KEY_TYPE *)attribute->attrib.pValue);
- pk11_FreeAttribute(attribute);
- if(!lk) {
- return NULL;
- }
-
- arena = PORT_NewArena(2048); /* XXX different size? */
- if(!arena) {
- rv = SECFailure;
- goto loser;
- }
-
- pki = (SECKEYPrivateKeyInfo*)PORT_ArenaZAlloc(arena,
- sizeof(SECKEYPrivateKeyInfo));
- if(!pki) {
- rv = SECFailure;
- goto loser;
- }
- pki->arena = arena;
-
- param = NULL;
- switch(lk->keyType) {
- case rsaKey:
- dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk,
- SECKEY_RSAPrivateKeyTemplate);
- algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION;
- break;
- case dsaKey:
- dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk,
- SECKEY_DSAPrivateKeyExportTemplate);
- param = SEC_ASN1EncodeItem(NULL, NULL, &(lk->u.dsa.params),
- SECKEY_PQGParamsTemplate);
- algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE;
- break;
- case fortezzaKey:
- case dhKey:
- default:
- dummy = NULL;
- break;
- }
-
- if(!dummy || ((lk->keyType == dsaKey) && !param)) {
- goto loser;
- }
-
- rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, algorithm,
- (SECItem*)param);
- if(rv != SECSuccess) {
- rv = SECFailure;
- goto loser;
- }
-
- dummy = SEC_ASN1EncodeInteger(arena, &pki->version,
- SEC_PRIVATE_KEY_INFO_VERSION);
- if(!dummy) {
- rv = SECFailure;
- goto loser;
- }
-
- encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki,
- SECKEY_PrivateKeyInfoTemplate);
-
-loser:
- if(arena) {
- PORT_FreeArena(arena, PR_TRUE);
- }
-
- if(lk && (lk != key->objectInfo)) {
- SECKEY_LowDestroyPrivateKey(lk);
- }
-
- if(param) {
- SECITEM_ZfreeItem((SECItem*)param, PR_TRUE);
- }
-
- if(rv != SECSuccess) {
- return NULL;
- }
-
- return encodedKey;
-}
-
-/* it doesn't matter yet, since we colapse error conditions in the
- * level above, but we really should map those few key error differences */
-CK_RV pk11_mapWrap(CK_RV crv) { return crv; }
-
-/* NSC_WrapKey wraps (i.e., encrypts) a key. */
-CK_RV NSC_WrapKey(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
- CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
- CK_ULONG_PTR pulWrappedKeyLen)
-{
- PK11Session *session;
- PK11Attribute *attribute;
- PK11Object *key;
- CK_RV crv;
- PRBool isLynks = PR_FALSE;
- CK_ULONG len = 0;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- return CKR_SESSION_HANDLE_INVALID;
- }
-
- key = pk11_ObjectFromHandle(hKey,session);
- pk11_FreeSession(session);
- if (key == NULL) {
- return CKR_KEY_HANDLE_INVALID;
- }
-
- switch(key->objclass) {
- case CKO_SECRET_KEY:
- attribute = pk11_FindAttribute(key,CKA_VALUE);
-
- if (attribute == NULL) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- if (pMechanism->mechanism == CKM_KEY_WRAP_LYNKS) {
- isLynks = PR_TRUE;
- pMechanism->mechanism = CKM_DES_ECB;
- len = *pulWrappedKeyLen;
- }
-
- crv = pk11_EncryptInit(hSession, pMechanism, hWrappingKey,
- CKA_WRAP, PK11_ENCRYPT);
- if (crv != CKR_OK) {
- pk11_FreeAttribute(attribute);
- break;
- }
- crv = NSC_Encrypt(hSession, (CK_BYTE_PTR)attribute->attrib.pValue,
- attribute->attrib.ulValueLen,pWrappedKey,pulWrappedKeyLen);
-
- if (isLynks && (crv == CKR_OK)) {
- unsigned char buf[2];
- crv = pk11_calcLynxChecksum(hSession,hWrappingKey,buf,
- (unsigned char*)attribute->attrib.pValue,
- attribute->attrib.ulValueLen);
- if (len >= 10) {
- pWrappedKey[8] = buf[0];
- pWrappedKey[9] = buf[1];
- *pulWrappedKeyLen = 10;
- }
- }
- pk11_FreeAttribute(attribute);
- break;
-
- case CKO_PRIVATE_KEY:
- {
- SECItem *bpki = pk11_PackagePrivateKey(key);
-
- if(!bpki) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
-
- crv = pk11_EncryptInit(hSession, pMechanism, hWrappingKey,
- CKA_WRAP, PK11_ENCRYPT);
- if(crv != CKR_OK) {
- SECITEM_ZfreeItem(bpki, PR_TRUE);
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
-
- crv = NSC_Encrypt(hSession, bpki->data, bpki->len,
- pWrappedKey, pulWrappedKeyLen);
- SECITEM_ZfreeItem(bpki, PR_TRUE);
- break;
- }
-
- default:
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- pk11_FreeObject(key);
-
- return pk11_mapWrap(crv);
-}
-
-/*
- * import a pprivate key info into the desired slot
- */
-static SECStatus
-pk11_unwrapPrivateKey(PK11Object *key, SECItem *bpki)
-{
- CK_BBOOL cktrue = CK_TRUE;
- CK_KEY_TYPE keyType = CKK_RSA;
- SECStatus rv = SECFailure;
- const SEC_ASN1Template *keyTemplate, *paramTemplate;
- void *paramDest = NULL;
- PLArenaPool *arena;
- SECKEYLowPrivateKey *lpk = NULL;
- SECKEYPrivateKeyInfo *pki = NULL;
- SECItem *ck_id = NULL;
- CK_RV crv = CKR_KEY_TYPE_INCONSISTENT;
-
- arena = PORT_NewArena(2048);
- if(!arena) {
- return SECFailure;
- }
-
- pki = (SECKEYPrivateKeyInfo*)PORT_ArenaZAlloc(arena,
- sizeof(SECKEYPrivateKeyInfo));
- if(!pki) {
- PORT_FreeArena(arena, PR_TRUE);
- return SECFailure;
- }
-
- if(SEC_ASN1DecodeItem(arena, pki, SECKEY_PrivateKeyInfoTemplate, bpki)
- != SECSuccess) {
- PORT_FreeArena(arena, PR_FALSE);
- return SECFailure;
- }
-
- lpk = (SECKEYLowPrivateKey *)PORT_ArenaZAlloc(arena,
- sizeof(SECKEYLowPrivateKey));
- if(lpk == NULL) {
- goto loser;
- }
- lpk->arena = arena;
-
- switch(SECOID_GetAlgorithmTag(&pki->algorithm)) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- keyTemplate = SECKEY_RSAPrivateKeyTemplate;
- paramTemplate = NULL;
- paramDest = NULL;
- lpk->keyType = rsaKey;
- break;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- keyTemplate = SECKEY_DSAPrivateKeyExportTemplate;
- paramTemplate = SECKEY_PQGParamsTemplate;
- paramDest = &(lpk->u.dsa.params);
- lpk->keyType = dsaKey;
- break;
- /* case dhKey: */
- /* case fortezzaKey: */
- default:
- keyTemplate = NULL;
- paramTemplate = NULL;
- paramDest = NULL;
- break;
- }
-
- if(!keyTemplate) {
- goto loser;
- }
-
- /* decode the private key and any algorithm parameters */
- rv = SEC_ASN1DecodeItem(arena, lpk, keyTemplate, &pki->privateKey);
- if(rv != SECSuccess) {
- goto loser;
- }
- if(paramDest && paramTemplate) {
- rv = SEC_ASN1DecodeItem(arena, paramDest, paramTemplate,
- &(pki->algorithm.parameters));
- if(rv != SECSuccess) {
- goto loser;
- }
- }
-
- rv = SECFailure;
-
- switch (lpk->keyType) {
- case rsaKey:
- keyType = CKK_RSA;
- if(pk11_hasAttribute(key, CKA_NETSCAPE_DB)) {
- pk11_DeleteAttributeType(key, CKA_NETSCAPE_DB);
- }
- crv = pk11_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
- sizeof(keyType));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_UNWRAP, &cktrue,
- sizeof(CK_BBOOL));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_DECRYPT, &cktrue,
- sizeof(CK_BBOOL));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_SIGN, &cktrue,
- sizeof(CK_BBOOL));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue,
- sizeof(CK_BBOOL));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_MODULUS,
- pk11_item_expand(&lpk->u.rsa.modulus));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_PUBLIC_EXPONENT,
- pk11_item_expand(&lpk->u.rsa.publicExponent));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_PRIVATE_EXPONENT,
- pk11_item_expand(&lpk->u.rsa.privateExponent));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_PRIME_1,
- pk11_item_expand(&lpk->u.rsa.prime1));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_PRIME_2,
- pk11_item_expand(&lpk->u.rsa.prime2));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_EXPONENT_1,
- pk11_item_expand(&lpk->u.rsa.exponent1));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_EXPONENT_2,
- pk11_item_expand(&lpk->u.rsa.exponent2));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_COEFFICIENT,
- pk11_item_expand(&lpk->u.rsa.coefficient));
- break;
- case dsaKey:
- keyType = CKK_DSA;
- crv = (pk11_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK :
- CKR_KEY_TYPE_INCONSISTENT;
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
- sizeof(keyType));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_SIGN, &cktrue,
- sizeof(CK_BBOOL));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue,
- sizeof(CK_BBOOL));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_PRIME,
- pk11_item_expand(&lpk->u.dsa.params.prime));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_SUBPRIME,
- pk11_item_expand(&lpk->u.dsa.params.subPrime));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_BASE,
- pk11_item_expand(&lpk->u.dsa.params.base));
- if(crv != CKR_OK) break;
- crv = pk11_AddAttributeType(key, CKA_VALUE,
- pk11_item_expand(&lpk->u.dsa.privateValue));
- if(crv != CKR_OK) break;
- break;
-#ifdef notdef
- case dhKey:
- template = dhTemplate;
- templateCount = sizeof(dhTemplate)/sizeof(CK_ATTRIBUTE);
- keyType = CKK_DH;
- break;
-#endif
- /* what about fortezza??? */
- default:
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
-
-loser:
- if(ck_id) {
- SECITEM_ZfreeItem(ck_id, PR_TRUE);
- }
-
- if(lpk) {
- SECKEY_LowDestroyPrivateKey(lpk);
- }
-
- if(crv != CKR_OK) {
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-
-/* NSC_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */
-CK_RV NSC_UnwrapKey(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
- CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
- CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey)
-{
- PK11Object *key = NULL;
- PK11Session *session;
- int key_length = 0;
- unsigned char * buf = NULL;
- CK_RV crv = CKR_OK;
- int i;
- CK_ULONG bsize = ulWrappedKeyLen;
- PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
- PK11Attribute *attr = NULL;
- SECItem bpki;
- CK_OBJECT_CLASS target_type = CKO_SECRET_KEY;
- PRBool isLynks = PR_FALSE;
-
- /*
- * now lets create an object to hang the attributes off of
- */
- key = pk11_NewObject(slot); /* fill in the handle later */
- if (key == NULL) {
- return CKR_HOST_MEMORY;
- }
-
- /*
- * load the template values into the object
- */
- for (i=0; i < (int) ulAttributeCount; i++) {
- if (pTemplate[i].type == CKA_VALUE_LEN) {
- key_length = *(CK_ULONG *)pTemplate[i].pValue;
- continue;
- }
- if (pTemplate[i].type == CKA_CLASS) {
- target_type = *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
- }
- crv = pk11_AddAttributeType(key,pk11_attr_expand(&pTemplate[i]));
- if (crv != CKR_OK) break;
- }
- if (crv != CKR_OK) {
- pk11_FreeObject(key);
- return crv;
- }
-
- /* LYNKS is a special key wrapping mechanism */
- if (pMechanism->mechanism == CKM_KEY_WRAP_LYNKS) {
- isLynks = PR_TRUE;
- pMechanism->mechanism = CKM_DES_ECB;
- ulWrappedKeyLen -= 2; /* don't decrypt the checksum */
- }
-
- crv = pk11_DecryptInit(hSession,pMechanism,hUnwrappingKey,CKA_UNWRAP,
- PK11_DECRYPT);
- if (crv != CKR_OK) {
- pk11_FreeObject(key);
- return pk11_mapWrap(crv);
- }
-
- /* allocate the buffer to decrypt into
- * this assumes the unwrapped key is never larger than the
- * wrapped key. For all the mechanisms we support this is true */
- buf = (unsigned char *)PORT_Alloc( ulWrappedKeyLen);
- bsize = ulWrappedKeyLen;
-
- crv = NSC_Decrypt(hSession, pWrappedKey, ulWrappedKeyLen, buf, &bsize);
- if (crv != CKR_OK) {
- pk11_FreeObject(key);
- PORT_Free(buf);
- return pk11_mapWrap(crv);
- }
-
- switch(target_type) {
- case CKO_SECRET_KEY:
- if (!pk11_hasAttribute(key,CKA_KEY_TYPE)) {
- crv = CKR_TEMPLATE_INCOMPLETE;
- break;
- }
-
- /* verify the Lynx checksum */
- if (isLynks) {
- unsigned char checkSum[2];
- crv = pk11_calcLynxChecksum(hSession,hUnwrappingKey,checkSum,
- buf,bsize);
- if (crv != CKR_OK) break;
- if ((ulWrappedKeyLen != 8) || (pWrappedKey[8] != checkSum[0])
- || (pWrappedKey[9] != checkSum[1])) {
- crv = CKR_WRAPPED_KEY_INVALID;
- break;
- }
- }
-
- if(key_length == 0) {
- key_length = bsize;
- }
- if (key_length > MAX_KEY_LEN) {
- crv = CKR_TEMPLATE_INCONSISTENT;
- break;
- }
-
- /* add the value */
- crv = pk11_AddAttributeType(key,CKA_VALUE,buf,key_length);
- break;
- case CKO_PRIVATE_KEY:
- bpki.data = (unsigned char *)buf;
- bpki.len = bsize;
- crv = CKR_OK;
- if(pk11_unwrapPrivateKey(key, &bpki) != SECSuccess) {
- crv = CKR_TEMPLATE_INCOMPLETE;
- }
- break;
- default:
- crv = CKR_TEMPLATE_INCONSISTENT;
- break;
- }
-
- PORT_ZFree(buf, bsize);
- if (crv != CKR_OK) { pk11_FreeObject(key); return crv; }
-
- /* get the session */
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- pk11_FreeObject(key);
- return CKR_SESSION_HANDLE_INVALID;
- }
-
- /*
- * handle the base object stuff
- */
- crv = pk11_handleObject(key,session);
- pk11_FreeSession(session);
- if (crv != CKR_OK) {
- pk11_FreeObject(key);
- return crv;
- }
-
- *phKey = key->handle;
- return CKR_OK;
-
-}
-
-/*
- * The SSL key gen mechanism create's lots of keys. This function handles the
- * details of each of these key creation.
- */
-static CK_RV
-pk11_buildSSLKey(CK_SESSION_HANDLE hSession, PK11Object *baseKey,
- PRBool isMacKey, unsigned char *keyBlock, unsigned int keySize,
- CK_OBJECT_HANDLE *keyHandle)
-{
- PK11Object *key;
- PK11Session *session;
- CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_RV crv = CKR_HOST_MEMORY;
-
- /*
- * now lets create an object to hang the attributes off of
- */
- *keyHandle = CK_INVALID_KEY;
- key = pk11_NewObject(baseKey->slot);
- if (key == NULL) return CKR_HOST_MEMORY;
- key->wasDerived = PR_TRUE;
-
- crv = pk11_CopyObject(key,baseKey);
- if (crv != CKR_OK) goto loser;
- if (isMacKey) {
- crv = pk11_forceAttribute(key,CKA_KEY_TYPE,&keyType,sizeof(keyType));
- if (crv != CKR_OK) goto loser;
- crv = pk11_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) goto loser;
- crv = pk11_forceAttribute(key,CKA_ENCRYPT,&ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) goto loser;
- crv = pk11_forceAttribute(key,CKA_DECRYPT,&ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) goto loser;
- crv = pk11_forceAttribute(key,CKA_SIGN,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) goto loser;
- crv = pk11_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) goto loser;
- crv = pk11_forceAttribute(key,CKA_WRAP,&ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) goto loser;
- crv = pk11_forceAttribute(key,CKA_UNWRAP,&ckfalse,sizeof(CK_BBOOL));
- if (crv != CKR_OK) goto loser;
- }
- crv = pk11_forceAttribute(key,CKA_VALUE,keyBlock,keySize);
- if (crv != CKR_OK) goto loser;
-
- /* get the session */
- crv = CKR_HOST_MEMORY;
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) { goto loser; }
-
- crv = pk11_handleObject(key,session);
- pk11_FreeSession(session);
- if (crv == CKR_OK) {
- *keyHandle = key->handle;
- return crv;
- }
-loser:
- if (key) pk11_FreeObject(key);
- return crv;
-}
-
-/*
- * if there is an error, we need to free the keys we already created in SSL
- * This is the routine that will do it..
- */
-static void
-pk11_freeSSLKeys(CK_SESSION_HANDLE session,
- CK_SSL3_KEY_MAT_OUT *returnedMaterial ) {
- if (returnedMaterial->hClientMacSecret != CK_INVALID_KEY) {
- NSC_DestroyObject(session,returnedMaterial->hClientMacSecret);
- }
- if (returnedMaterial->hServerMacSecret != CK_INVALID_KEY) {
- NSC_DestroyObject(session, returnedMaterial->hServerMacSecret);
- }
- if (returnedMaterial->hClientKey != CK_INVALID_KEY) {
- NSC_DestroyObject(session, returnedMaterial->hClientKey);
- }
- if (returnedMaterial->hServerKey != CK_INVALID_KEY) {
- NSC_DestroyObject(session, returnedMaterial->hServerKey);
- }
-}
-
-/*
- * when deriving from sensitive and extractable keys, we need to preserve some
- * of the semantics in the derived key. This helper routine maintains these
- * semantics.
- */
-static CK_RV
-pk11_DeriveSensitiveCheck(PK11Object *baseKey,PK11Object *destKey) {
- PRBool hasSensitive;
- PRBool sensitive;
- PRBool hasExtractable;
- PRBool extractable;
- CK_RV crv = PR_TRUE;
- PK11Attribute *att;
-
- hasSensitive = PR_FALSE;
- att = pk11_FindAttribute(destKey,CKA_SENSITIVE);
- if (att) {
- hasSensitive = PR_FALSE;
- sensitive = (PRBool) *(CK_BBOOL *)att->attrib.pValue;
- pk11_FreeAttribute(att);
- }
-
- hasExtractable = PR_FALSE;
- att = pk11_FindAttribute(destKey,CKA_EXTRACTABLE);
- if (att) {
- hasExtractable = PR_FALSE;
- extractable = (PRBool) *(CK_BBOOL *)att->attrib.pValue;
- pk11_FreeAttribute(att);
- }
-
-
- /* don't make a key more accessible */
- if (pk11_isTrue(baseKey,CKA_SENSITIVE) && hasSensitive &&
- (sensitive == PR_FALSE)) {
- return CKR_KEY_FUNCTION_NOT_PERMITTED;
- }
- if (!pk11_isTrue(baseKey,CKA_EXTRACTABLE) && hasExtractable &&
- (extractable == PR_TRUE)) {
- return CKR_KEY_FUNCTION_NOT_PERMITTED;
- }
-
- /* inherit parent's sensitivity */
- if (!hasSensitive) {
- att = pk11_FindAttribute(baseKey,CKA_SENSITIVE);
- if (att == NULL) return CKR_KEY_TYPE_INCONSISTENT;
- crv = pk11_defaultAttribute(destKey,pk11_attr_expand(&att->attrib));
- pk11_FreeAttribute(att);
- if (crv != CKR_OK) return crv;
- }
- if (!hasExtractable) {
- att = pk11_FindAttribute(baseKey,CKA_EXTRACTABLE);
- if (att == NULL) return CKR_KEY_TYPE_INCONSISTENT;
- crv = pk11_defaultAttribute(destKey,pk11_attr_expand(&att->attrib));
- pk11_FreeAttribute(att);
- if (crv != CKR_OK) return crv;
- }
-
- /* we should inherit the parent's always extractable/ never sensitive info,
- * but handleObject always forces this attributes, so we would need to do
- * something special. */
- return CKR_OK;
-}
-
-/*
- * make known fixed PKCS #11 key types to their sizes in bytes
- */
-static unsigned long
-pk11_MapKeySize(CK_KEY_TYPE keyType) {
- switch (keyType) {
- case CKK_CDMF:
- return 8;
- case CKK_DES:
- return 8;
- case CKK_DES2:
- return 16;
- case CKK_DES3:
- return 24;
- /* IDEA and CAST need to be added */
- default:
- break;
- }
- return 0;
-}
-
-#define PHASH_STATE_MAX_LEN 20
-
-/* TLS P_hash function */
-static SECStatus
-pk11_P_hash(SECOidTag alg, const SECItem *secret, const char *label,
- SECItem *seed, SECItem *result)
-{
- unsigned char state[PHASH_STATE_MAX_LEN];
- unsigned char outbuf[PHASH_STATE_MAX_LEN];
- unsigned int state_len = 0, label_len = 0, outbuf_len = 0, chunk_size;
- unsigned int remaining;
- unsigned char *res;
- SECStatus status;
- HMACContext *cx;
- SECStatus rv = SECFailure;
-
- PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
- PORT_Assert((seed != NULL) && (seed->data != NULL));
- PORT_Assert((result != NULL) && (result->data != NULL));
-
- remaining = result->len;
- res = result->data;
-
- if (label != NULL)
- label_len = PORT_Strlen(label);
-
- cx = HMAC_Create(alg, secret->data, secret->len);
- if (cx == NULL)
- goto loser;
-
- /* initialize the state = A(1) = HMAC_hash(secret, seed) */
- HMAC_Begin(cx);
- HMAC_Update(cx, (unsigned char *)label, label_len);
- HMAC_Update(cx, seed->data, seed->len);
- status = HMAC_Finish(cx, state, &state_len, PHASH_STATE_MAX_LEN);
- if (status != SECSuccess)
- goto loser;
-
- /* generate a block at a time until we're done */
- while (remaining > 0) {
-
- HMAC_Begin(cx);
- HMAC_Update(cx, state, state_len);
- if (label_len)
- HMAC_Update(cx, (unsigned char *)label, label_len);
- HMAC_Update(cx, seed->data, seed->len);
- status = HMAC_Finish(cx, outbuf, &outbuf_len, PHASH_STATE_MAX_LEN);
- if (status != SECSuccess)
- goto loser;
-
- /* Update the state = A(i) = HMAC_hash(secret, A(i-1)) */
- HMAC_Begin(cx);
- HMAC_Update(cx, state, state_len);
- status = HMAC_Finish(cx, state, &state_len, PHASH_STATE_MAX_LEN);
- if (status != SECSuccess)
- goto loser;
-
- chunk_size = PR_MIN(outbuf_len, remaining);
- PORT_Memcpy(res, &outbuf, chunk_size);
- res += chunk_size;
- remaining -= chunk_size;
- }
-
- rv = SECSuccess;
-
-loser:
- /* if (cx) HMAC_Destroy(cx); */
- /* clear out state so it's not left on the stack */
- if (cx) HMAC_Destroy(cx);
- PORT_Memset(state, 0, sizeof(state));
- PORT_Memset(outbuf, 0, sizeof(outbuf));
- return rv;
-}
-
-static SECStatus
-pk11_PRF(const SECItem *secret, const char *label, SECItem *seed,
- SECItem *result)
-{
- SECStatus rv = SECFailure, status;
- unsigned int i;
- SECItem tmp = { siBuffer, NULL, 0};
- SECItem S1;
- SECItem S2;
-
- PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
- PORT_Assert((seed != NULL) && (seed->data != NULL));
- PORT_Assert((result != NULL) && (result->data != NULL));
-
- S1.type = siBuffer;
- S1.len = (secret->len / 2) + (secret->len & 1);
- S1.data = secret->data;
-
- S2.type = siBuffer;
- S2.len = S1.len;
- S2.data = secret->data + (secret->len - S2.len);
-
- tmp.data = (unsigned char*)PORT_Alloc(result->len);
- if (tmp.data == NULL)
- goto loser;
- tmp.len = result->len;
-
- status = pk11_P_hash(SEC_OID_MD5, &S1, label, seed, result);
- if (status != SECSuccess)
- goto loser;
-
- status = pk11_P_hash(SEC_OID_SHA1, &S2, label, seed, &tmp);
- if (status != SECSuccess)
- goto loser;
-
- for (i = 0; i < result->len; i++)
- result->data[i] ^= tmp.data[i];
-
- rv = SECSuccess;
-
-loser:
- if (tmp.data != NULL)
- PORT_ZFree(tmp.data, tmp.len);
- return rv;
-}
-
-/*
- * SSL Key generation given pre master secret
- */
-static char *mixers[] = { "A", "BB", "CCC", "DDDD", "EEEEE", "FFFFFF", "GGGGGGG"};
-#define NUM_MIXERS 7
-#define SSL3_PMS_LENGTH 48
-#define SSL3_MASTER_SECRET_LENGTH 48
-
-
-/* NSC_DeriveKey derives a key from a base key, creating a new key object. */
-CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
- CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey)
-{
- PK11Session * session;
- PK11Slot * slot = pk11_SlotFromSessionHandle(hSession);
- PK11Object * key;
- PK11Object * sourceKey;
- PK11Attribute * att;
- PK11Attribute * att2;
- unsigned char * buf;
- SHA1Context * sha;
- MD5Context * md5;
- MD2Context * md2;
- CK_ULONG macSize;
- CK_ULONG tmpKeySize;
- CK_ULONG IVSize;
- CK_ULONG keySize = 0;
- CK_RV crv = CKR_OK;
- CK_BBOOL cktrue = CK_TRUE;
- CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
- CK_OBJECT_CLASS classType = CKO_SECRET_KEY;
- CK_KEY_DERIVATION_STRING_DATA *stringPtr;
- PRBool isTLS = PR_FALSE;
- SECStatus rv;
- int i;
- unsigned int outLen;
- unsigned char sha_out[SHA1_LENGTH];
- unsigned char key_block[NUM_MIXERS * MD5_LENGTH];
- unsigned char key_block2[MD5_LENGTH];
-
- /*
- * now lets create an object to hang the attributes off of
- */
- if (phKey) *phKey = CK_INVALID_KEY;
-
- key = pk11_NewObject(slot); /* fill in the handle later */
- if (key == NULL) {
- return CKR_HOST_MEMORY;
- }
-
- /*
- * load the template values into the object
- */
- for (i=0; i < (int) ulAttributeCount; i++) {
- crv = pk11_AddAttributeType(key,pk11_attr_expand(&pTemplate[i]));
- if (crv != CKR_OK) break;
-
- if (pTemplate[i].type == CKA_KEY_TYPE) {
- keyType = *(CK_KEY_TYPE *)pTemplate[i].pValue;
- }
- if (pTemplate[i].type == CKA_VALUE_LEN) {
- keySize = *(CK_ULONG *)pTemplate[i].pValue;
- }
- }
- if (crv != CKR_OK) { pk11_FreeObject(key); return crv; }
-
- if (keySize == 0) {
- keySize = pk11_MapKeySize(keyType);
- }
-
- /* Derive can only create SECRET KEY's currently... */
- classType = CKO_SECRET_KEY;
- crv = pk11_forceAttribute (key,CKA_CLASS,&classType,sizeof(classType));
- if (crv != CKR_OK) {
- pk11_FreeObject(key);
- return crv;
- }
-
- /* look up the base key we're deriving with */
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- pk11_FreeObject(key);
- return CKR_SESSION_HANDLE_INVALID;
- }
-
- sourceKey = pk11_ObjectFromHandle(hBaseKey,session);
- pk11_FreeSession(session);
- if (sourceKey == NULL) {
- pk11_FreeObject(key);
- return CKR_KEY_HANDLE_INVALID;
- }
-
- /* don't use key derive to expose sensitive keys */
- crv = pk11_DeriveSensitiveCheck(sourceKey,key);
- if (crv != CKR_OK) {
- pk11_FreeObject(key);
- pk11_FreeObject(sourceKey);
- return crv;
- }
-
- /* get the value of the base key */
- att = pk11_FindAttribute(sourceKey,CKA_VALUE);
- if (att == NULL) {
- pk11_FreeObject(key);
- pk11_FreeObject(sourceKey);
- return CKR_KEY_HANDLE_INVALID;
- }
-
- switch (pMechanism->mechanism) {
- /*
- * generate the master secret
- */
- case CKM_TLS_MASTER_KEY_DERIVE:
- isTLS = PR_TRUE;
- /* fall thru */
- case CKM_SSL3_MASTER_KEY_DERIVE:
- {
- CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ssl3_master;
- SSL3RSAPreMasterSecret *rsa_pms;
-
- /* first do the consistancy checkes */
- if (att->attrib.ulValueLen != SSL3_PMS_LENGTH) {
- crv = CKR_KEY_TYPE_INCONSISTENT;
- break;
- }
- att2 = pk11_FindAttribute(sourceKey,CKA_KEY_TYPE);
- if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue !=
- CKK_GENERIC_SECRET)) {
- if (att2) pk11_FreeAttribute(att2);
- crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
- break;
- }
- pk11_FreeAttribute(att2);
- if (keyType != CKK_GENERIC_SECRET) {
- crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
- break;
- }
- if ((keySize != 0) && (keySize != SSL3_MASTER_SECRET_LENGTH)) {
- crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
- break;
- }
-
-
- /* finally do the key gen */
- ssl3_master = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)
- pMechanism->pParameter;
- if (ssl3_master->pVersion) {
- rsa_pms = (SSL3RSAPreMasterSecret *) att->attrib.pValue;
- /* don't leak more key material then necessary for SSL to work */
- if (key->wasDerived) {
- ssl3_master->pVersion->major = 0xff;
- ssl3_master->pVersion->minor = 0xff;
- } else {
- ssl3_master->pVersion->major = rsa_pms->client_version[0];
- ssl3_master->pVersion->minor = rsa_pms->client_version[1];
- }
- }
- if (ssl3_master->RandomInfo.ulClientRandomLen != SSL3_RANDOM_LENGTH) {
- crv = CKR_MECHANISM_PARAM_INVALID;
- break;
- }
- if (ssl3_master->RandomInfo.ulServerRandomLen != SSL3_RANDOM_LENGTH) {
- crv = CKR_MECHANISM_PARAM_INVALID;
- break;
- }
-
- if (isTLS) {
- unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
- SECItem crsr = { siBuffer, NULL, 0 };
- SECItem master = { siBuffer, NULL, 0 };
- SECItem pms = { siBuffer, NULL, 0 };
- SECStatus status;
-
- pms.data = (unsigned char*)att->attrib.pValue;
- pms.len = att->attrib.ulValueLen;
- master.data = key_block;
- master.len = SSL3_MASTER_SECRET_LENGTH;
- crsr.data = crsrdata;
- crsr.len = sizeof(crsrdata);
-
- PORT_Memcpy(crsrdata, ssl3_master->RandomInfo.pClientRandom,
- SSL3_RANDOM_LENGTH);
- PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH,
- ssl3_master->RandomInfo.pServerRandom, SSL3_RANDOM_LENGTH);
-
- status = pk11_PRF(&pms, "master secret", &crsr, &master);
- if (status != SECSuccess) {
- crv = CKR_FUNCTION_FAILED;
- break;
- }
- } else {
- /* now allocate the hash contexts */
- md5 = MD5_NewContext();
- if (md5 == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- sha = SHA1_NewContext();
- if (sha == NULL) {
- PORT_Free(md5);
- crv = CKR_HOST_MEMORY;
- break;
- }
- for (i = 0; i < 3; i++) {
- SHA1_Begin(sha);
- SHA1_Update(sha, (unsigned char*) mixers[i], strlen(mixers[i]));
- SHA1_Update(sha, (const unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen);
- SHA1_Update(sha, ssl3_master->RandomInfo.pClientRandom,
- ssl3_master->RandomInfo.ulClientRandomLen);
- SHA1_Update(sha, ssl3_master->RandomInfo.pServerRandom,
- ssl3_master->RandomInfo.ulServerRandomLen);
- SHA1_End(sha, sha_out, &outLen, SHA1_LENGTH);
- PORT_Assert(outLen == SHA1_LENGTH);
- MD5_Begin(md5);
- MD5_Update(md5, (const unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen);
- MD5_Update(md5, sha_out, outLen);
- MD5_End(md5, &key_block[i*MD5_LENGTH], &outLen, MD5_LENGTH);
- PORT_Assert(outLen == MD5_LENGTH);
- }
- PORT_Free(md5);
- PORT_Free(sha);
- }
-
- /* store the results */
- crv = pk11_forceAttribute
- (key,CKA_VALUE,key_block,SSL3_MASTER_SECRET_LENGTH);
- if (crv != CKR_OK) break;
- keyType = CKK_GENERIC_SECRET;
- crv = pk11_forceAttribute (key,CKA_KEY_TYPE,&keyType,sizeof(keyType));
- if (isTLS) {
- /* TLS's master secret is used to "sign" finished msgs with PRF. */
- /* XXX This seems like a hack. But PK11_Derive only accepts
- * one "operation" argument. */
- crv = pk11_forceAttribute(key,CKA_SIGN, &cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) break;
- crv = pk11_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) break;
- /* While we're here, we might as well force this, too. */
- crv = pk11_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL));
- if (crv != CKR_OK) break;
- }
- break;
- }
-
- case CKM_TLS_KEY_AND_MAC_DERIVE:
- isTLS = PR_TRUE;
- /* fall thru */
- case CKM_SSL3_KEY_AND_MAC_DERIVE:
- {
- CK_SSL3_KEY_MAT_PARAMS *ssl3_keys;
- CK_SSL3_KEY_MAT_OUT * ssl3_keys_out;
- CK_ULONG effKeySize;
-
- crv = pk11_DeriveSensitiveCheck(sourceKey,key);
- if (crv != CKR_OK) break;
-
- if (att->attrib.ulValueLen != SSL3_MASTER_SECRET_LENGTH) {
- crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
- break;
- }
- att2 = pk11_FindAttribute(sourceKey,CKA_KEY_TYPE);
- if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue !=
- CKK_GENERIC_SECRET)) {
- if (att2) pk11_FreeAttribute(att2);
- crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
- break;
- }
- pk11_FreeAttribute(att2);
- md5 = MD5_NewContext();
- if (md5 == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- sha = SHA1_NewContext();
- if (sha == NULL) {
- PORT_Free(md5);
- crv = CKR_HOST_MEMORY;
- break;
- }
- ssl3_keys = (CK_SSL3_KEY_MAT_PARAMS *) pMechanism->pParameter;
- /*
- * clear out our returned keys so we can recover on failure
- */
- ssl3_keys_out = ssl3_keys->pReturnedKeyMaterial;
- ssl3_keys_out->hClientMacSecret = CK_INVALID_KEY;
- ssl3_keys_out->hServerMacSecret = CK_INVALID_KEY;
- ssl3_keys_out->hClientKey = CK_INVALID_KEY;
- ssl3_keys_out->hServerKey = CK_INVALID_KEY;
-
- /*
- * generate the key material: This looks amazingly similar to the
- * PMS code, and is clearly crying out for a function to provide it.
- */
- if (isTLS) {
- SECStatus status;
- SECItem master = { siBuffer, NULL, 0 };
- SECItem srcr = { siBuffer, NULL, 0 };
- SECItem keyblk = { siBuffer, NULL, 0 };
- unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2];
-
- master.data = (unsigned char*)att->attrib.pValue;
- master.len = att->attrib.ulValueLen;
- srcr.data = srcrdata;
- srcr.len = sizeof srcrdata;
- keyblk.data = key_block;
- keyblk.len = sizeof key_block;
-
- PORT_Memcpy(srcrdata,
- ssl3_keys->RandomInfo.pServerRandom,
- SSL3_RANDOM_LENGTH);
- PORT_Memcpy(srcrdata + SSL3_RANDOM_LENGTH,
- ssl3_keys->RandomInfo.pClientRandom,
- SSL3_RANDOM_LENGTH);
-
- status = pk11_PRF(&master, "key expansion", &srcr, &keyblk);
- if (status != SECSuccess) {
- goto key_and_mac_derive_fail;
- }
- } else {
- /* key_block =
- * MD5(master_secret + SHA('A' + master_secret +
- * ServerHello.random + ClientHello.random)) +
- * MD5(master_secret + SHA('BB' + master_secret +
- * ServerHello.random + ClientHello.random)) +
- * MD5(master_secret + SHA('CCC' + master_secret +
- * ServerHello.random + ClientHello.random)) +
- * [...];
- */
- for (i = 0; i < NUM_MIXERS; i++) {
- SHA1_Begin(sha);
- SHA1_Update(sha, (unsigned char*) mixers[i], strlen(mixers[i]));
- SHA1_Update(sha, (const unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen);
- SHA1_Update(sha, ssl3_keys->RandomInfo.pServerRandom,
- ssl3_keys->RandomInfo.ulServerRandomLen);
- SHA1_Update(sha, ssl3_keys->RandomInfo.pClientRandom,
- ssl3_keys->RandomInfo.ulClientRandomLen);
- SHA1_End(sha, sha_out, &outLen, SHA1_LENGTH);
- PORT_Assert(outLen == SHA1_LENGTH);
- MD5_Begin(md5);
- MD5_Update(md5, (const unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen);
- MD5_Update(md5, sha_out, outLen);
- MD5_End(md5, &key_block[i*MD5_LENGTH], &outLen, MD5_LENGTH);
- PORT_Assert(outLen == MD5_LENGTH);
- }
- }
-
- /*
- * Put the key material where it goes.
- */
- i = 0; /* now shows how much consumed */
- macSize = ssl3_keys->ulMacSizeInBits/8;
- effKeySize = ssl3_keys->ulKeySizeInBits/8;
- IVSize = ssl3_keys->ulIVSizeInBits/8;
- if (keySize == 0) {
- effKeySize = keySize;
- }
-
- /*
- * The key_block is partitioned as follows:
- * client_write_MAC_secret[CipherSpec.hash_size]
- */
- crv = pk11_buildSSLKey(hSession,key,PR_TRUE,&key_block[i],macSize,
- &ssl3_keys_out->hClientMacSecret);
- if (crv != CKR_OK)
- goto key_and_mac_derive_fail;
-
- i += macSize;
-
- /*
- * server_write_MAC_secret[CipherSpec.hash_size]
- */
- crv = pk11_buildSSLKey(hSession,key,PR_TRUE,&key_block[i],macSize,
- &ssl3_keys_out->hServerMacSecret);
- if (crv != CKR_OK) {
- goto key_and_mac_derive_fail;
- }
- i += macSize;
-
- if (keySize) {
- if (!ssl3_keys->bIsExport) {
- /*
- ** Generate Domestic write keys and IVs.
- ** client_write_key[CipherSpec.key_material]
- */
- crv = pk11_buildSSLKey(hSession,key,PR_FALSE,&key_block[i],
- keySize, &ssl3_keys_out->hClientKey);
- if (crv != CKR_OK) {
- goto key_and_mac_derive_fail;
- }
- i += keySize;
-
- /*
- ** server_write_key[CipherSpec.key_material]
- */
- crv = pk11_buildSSLKey(hSession,key,PR_FALSE,&key_block[i],
- keySize, &ssl3_keys_out->hServerKey);
- if (crv != CKR_OK) {
- goto key_and_mac_derive_fail;
- }
- i += keySize;
-
- /*
- ** client_write_IV[CipherSpec.IV_size]
- */
- PORT_Memcpy(ssl3_keys_out->pIVClient, &key_block[i], IVSize);
- i += IVSize;
-
- /*
- ** server_write_IV[CipherSpec.IV_size]
- */
- PORT_Memcpy(ssl3_keys_out->pIVServer, &key_block[i], IVSize);
- i += IVSize;
-
- } else if (!isTLS) {
-
- /*
- ** Generate SSL3 Export write keys and IVs.
- ** client_write_key[CipherSpec.key_material]
- ** final_client_write_key = MD5(client_write_key +
- ** ClientHello.random + ServerHello.random);
- */
- MD5_Begin(md5);
- MD5_Update(md5, &key_block[i], effKeySize);
- MD5_Update(md5, ssl3_keys->RandomInfo.pClientRandom,
- ssl3_keys->RandomInfo.ulClientRandomLen);
- MD5_Update(md5, ssl3_keys->RandomInfo.pServerRandom,
- ssl3_keys->RandomInfo.ulServerRandomLen);
- MD5_End(md5, key_block2, &outLen, MD5_LENGTH);
- i += effKeySize;
- crv = pk11_buildSSLKey(hSession,key,PR_FALSE,key_block2,
- keySize,&ssl3_keys_out->hClientKey);
- if (crv != CKR_OK) {
- goto key_and_mac_derive_fail;
- }
-
- /*
- ** server_write_key[CipherSpec.key_material]
- ** final_server_write_key = MD5(server_write_key +
- ** ServerHello.random + ClientHello.random);
- */
- MD5_Begin(md5);
- MD5_Update(md5, &key_block[i], effKeySize);
- MD5_Update(md5, ssl3_keys->RandomInfo.pServerRandom,
- ssl3_keys->RandomInfo.ulServerRandomLen);
- MD5_Update(md5, ssl3_keys->RandomInfo.pClientRandom,
- ssl3_keys->RandomInfo.ulClientRandomLen);
- MD5_End(md5, key_block2, &outLen, MD5_LENGTH);
- i += effKeySize;
- crv = pk11_buildSSLKey(hSession,key,PR_FALSE,key_block2,
- keySize,&ssl3_keys_out->hServerKey);
- if (crv != CKR_OK) {
- goto key_and_mac_derive_fail;
- }
-
- /*
- ** client_write_IV =
- ** MD5(ClientHello.random + ServerHello.random);
- */
- MD5_Begin(md5);
- MD5_Update(md5, ssl3_keys->RandomInfo.pClientRandom,
- ssl3_keys->RandomInfo.ulClientRandomLen);
- MD5_Update(md5, ssl3_keys->RandomInfo.pServerRandom,
- ssl3_keys->RandomInfo.ulServerRandomLen);
- MD5_End(md5, key_block2, &outLen, MD5_LENGTH);
- PORT_Memcpy(ssl3_keys_out->pIVClient, key_block2, IVSize);
-
- /*
- ** server_write_IV =
- ** MD5(ServerHello.random + ClientHello.random);
- */
- MD5_Begin(md5);
- MD5_Update(md5, ssl3_keys->RandomInfo.pServerRandom,
- ssl3_keys->RandomInfo.ulServerRandomLen);
- MD5_Update(md5, ssl3_keys->RandomInfo.pClientRandom,
- ssl3_keys->RandomInfo.ulClientRandomLen);
- MD5_End(md5, key_block2, &outLen, MD5_LENGTH);
- PORT_Memcpy(ssl3_keys_out->pIVServer, key_block2, IVSize);
-
- } else {
-
- /*
- ** Generate TLS Export write keys and IVs.
- */
- SECStatus status;
- SECItem secret = { siBuffer, NULL, 0 };
- SECItem crsr = { siBuffer, NULL, 0 };
- SECItem keyblk = { siBuffer, NULL, 0 };
- unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
-
- crsr.data = crsrdata;
- crsr.len = sizeof crsrdata;
-
- PORT_Memcpy(crsrdata,
- ssl3_keys->RandomInfo.pClientRandom,
- SSL3_RANDOM_LENGTH);
- PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH,
- ssl3_keys->RandomInfo.pServerRandom,
- SSL3_RANDOM_LENGTH);
-
-
- /*
- ** client_write_key[CipherSpec.key_material]
- ** final_client_write_key = PRF(client_write_key,
- ** "client write key",
- ** client_random + server_random);
- */
- secret.data = &key_block[i];
- secret.len = effKeySize;
- i += effKeySize;
- keyblk.data = key_block2;
- keyblk.len = sizeof key_block2;
- status = pk11_PRF(&secret, "client write key", &crsr, &keyblk);
- if (status != SECSuccess) {
- goto key_and_mac_derive_fail;
- }
- crv = pk11_buildSSLKey(hSession, key, PR_FALSE, key_block2,
- keySize, &ssl3_keys_out->hClientKey);
- if (crv != CKR_OK) {
- goto key_and_mac_derive_fail;
- }
-
- /*
- ** server_write_key[CipherSpec.key_material]
- ** final_server_write_key = PRF(server_write_key,
- ** "server write key",
- ** client_random + server_random);
- */
- secret.data = &key_block[i];
- secret.len = effKeySize;
- i += effKeySize;
- keyblk.data = key_block2;
- keyblk.len = sizeof key_block2;
- status = pk11_PRF(&secret, "server write key", &crsr, &keyblk);
- if (status != SECSuccess) {
- goto key_and_mac_derive_fail;
- }
- crv = pk11_buildSSLKey(hSession, key, PR_FALSE, key_block2,
- keySize, &ssl3_keys_out->hServerKey);
- if (crv != CKR_OK) {
- goto key_and_mac_derive_fail;
- }
-
- /*
- ** iv_block = PRF("", "IV block",
- ** client_random + server_random);
- ** client_write_IV[SecurityParameters.IV_size]
- ** server_write_IV[SecurityParameters.IV_size]
- */
- if (IVSize) {
- secret.data = NULL;
- secret.len = 0;
- keyblk.data = &key_block[i];
- keyblk.len = 2 * IVSize;
- status = pk11_PRF(&secret, "IV block", &crsr, &keyblk);
- if (status != SECSuccess) {
- goto key_and_mac_derive_fail;
- }
- PORT_Memcpy(ssl3_keys_out->pIVClient, keyblk.data, IVSize);
- PORT_Memcpy(ssl3_keys_out->pIVServer, keyblk.data + IVSize,
- IVSize);
- }
- }
- }
-
- crv = CKR_OK;
-
- if (0) {
-key_and_mac_derive_fail:
- if (crv == CKR_OK)
- crv = CKR_FUNCTION_FAILED;
- pk11_freeSSLKeys(hSession, ssl3_keys_out);
- }
- MD5_DestroyContext(md5, PR_TRUE);
- SHA1_DestroyContext(sha, PR_TRUE);
- pk11_FreeObject(key);
- key = NULL;
- break;
- }
-
- case CKM_CONCATENATE_BASE_AND_KEY:
- {
- PK11Object *newKey;
-
- crv = pk11_DeriveSensitiveCheck(sourceKey,key);
- if (crv != CKR_OK) break;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- crv = CKR_SESSION_HANDLE_INVALID;
- break;
- }
-
- newKey = pk11_ObjectFromHandle(*(CK_OBJECT_HANDLE *)
- pMechanism->pParameter,session);
- pk11_FreeSession(session);
- if ( newKey == NULL) {
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
-
- if (pk11_isTrue(newKey,CKA_SENSITIVE)) {
- crv = pk11_forceAttribute(newKey,CKA_SENSITIVE,&cktrue,
- sizeof(CK_BBOOL));
- if (crv != CKR_OK) {
- pk11_FreeObject(newKey);
- break;
- }
- }
-
- att2 = pk11_FindAttribute(newKey,CKA_VALUE);
- if (att2 == NULL) {
- pk11_FreeObject(newKey);
- crv = CKR_KEY_HANDLE_INVALID;
- break;
- }
- tmpKeySize = att->attrib.ulValueLen+att2->attrib.ulValueLen;
- if (keySize == 0) keySize = tmpKeySize;
- if (keySize > tmpKeySize) {
- pk11_FreeObject(newKey);
- pk11_FreeAttribute(att2);
- crv = CKR_TEMPLATE_INCONSISTENT;
- break;
- }
- buf = (unsigned char*)PORT_Alloc(tmpKeySize);
- if (buf == NULL) {
- pk11_FreeAttribute(att2);
- pk11_FreeObject(newKey);
- crv = CKR_HOST_MEMORY;
- break;
- }
-
- PORT_Memcpy(buf,att->attrib.pValue,att->attrib.ulValueLen);
- PORT_Memcpy(buf+att->attrib.ulValueLen,
- att2->attrib.pValue,att2->attrib.ulValueLen);
-
- crv = pk11_forceAttribute (key,CKA_VALUE,buf,keySize);
- PORT_ZFree(buf,tmpKeySize);
- pk11_FreeAttribute(att2);
- pk11_FreeObject(newKey);
- break;
- }
-
- case CKM_CONCATENATE_BASE_AND_DATA:
- stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter;
- tmpKeySize = att->attrib.ulValueLen+stringPtr->ulLen;
- if (keySize == 0) keySize = tmpKeySize;
- if (keySize > tmpKeySize) {
- crv = CKR_TEMPLATE_INCONSISTENT;
- break;
- }
- buf = (unsigned char*)PORT_Alloc(tmpKeySize);
- if (buf == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
-
- PORT_Memcpy(buf,att->attrib.pValue,att->attrib.ulValueLen);
- PORT_Memcpy(buf+att->attrib.ulValueLen,stringPtr->pData,
- stringPtr->ulLen);
-
- crv = pk11_forceAttribute (key,CKA_VALUE,buf,keySize);
- PORT_ZFree(buf,tmpKeySize);
- break;
- case CKM_CONCATENATE_DATA_AND_BASE:
- stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
- tmpKeySize = att->attrib.ulValueLen+stringPtr->ulLen;
- if (keySize == 0) keySize = tmpKeySize;
- if (keySize > tmpKeySize) {
- crv = CKR_TEMPLATE_INCONSISTENT;
- break;
- }
- buf = (unsigned char*)PORT_Alloc(tmpKeySize);
- if (buf == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
-
- PORT_Memcpy(buf,stringPtr->pData,stringPtr->ulLen);
- PORT_Memcpy(buf+stringPtr->ulLen,att->attrib.pValue,
- att->attrib.ulValueLen);
-
- crv = pk11_forceAttribute (key,CKA_VALUE,buf,keySize);
- PORT_ZFree(buf,tmpKeySize);
- break;
- case CKM_XOR_BASE_AND_DATA:
- stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
- tmpKeySize = PR_MIN(att->attrib.ulValueLen,stringPtr->ulLen);
- if (keySize == 0) keySize = tmpKeySize;
- if (keySize > tmpKeySize) {
- crv = CKR_TEMPLATE_INCONSISTENT;
- break;
- }
- buf = (unsigned char*)PORT_Alloc(keySize);
- if (buf == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
-
-
- PORT_Memcpy(buf,att->attrib.pValue,keySize);
- for (i=0; i < (int)keySize; i++) {
- buf[i] ^= stringPtr->pData[i];
- }
-
- crv = pk11_forceAttribute (key,CKA_VALUE,buf,keySize);
- PORT_ZFree(buf,keySize);
- break;
-
- case CKM_EXTRACT_KEY_FROM_KEY:
- {
- /* the following assumes 8 bits per byte */
- CK_ULONG extract = *(CK_EXTRACT_PARAMS *)pMechanism->pParameter;
- CK_ULONG shift = extract & 0x7; /* extract mod 8 the fast way */
- CK_ULONG offset = extract >> 3; /* extract div 8 the fast way */
-
- if (keySize == 0) {
- crv = CKR_TEMPLATE_INCOMPLETE;
- break;
- }
- /* make sure we have enough bits in the original key */
- if (att->attrib.ulValueLen <
- (offset + keySize + ((shift != 0)? 1 :0)) ) {
- crv = CKR_MECHANISM_PARAM_INVALID;
- break;
- }
- buf = (unsigned char*)PORT_Alloc(keySize);
- if (buf == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
-
- /* copy the bits we need into the new key */
- for (i=0; i < (int)keySize; i++) {
- unsigned char *value =
- ((unsigned char *)att->attrib.pValue)+offset+i;
- if (shift) {
- buf[i] = (value[0] << (shift)) | (value[1] >> (8 - shift));
- } else {
- buf[i] = value[0];
- }
- }
-
- crv = pk11_forceAttribute (key,CKA_VALUE,buf,keySize);
- PORT_ZFree(buf,keySize);
- break;
- }
- case CKM_MD2_KEY_DERIVATION:
- if (keySize == 0) keySize = MD2_LENGTH;
- if (keySize > MD2_LENGTH) {
- crv = CKR_TEMPLATE_INCONSISTENT;
- break;
- }
- /* now allocate the hash contexts */
- md2 = MD2_NewContext();
- if (md2 == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- MD2_Begin(md2);
- MD2_Update(md2,(const unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen);
- MD2_End(md2,key_block,&outLen,MD2_LENGTH);
- MD2_DestroyContext(md2, PR_TRUE);
-
- crv = pk11_forceAttribute (key,CKA_VALUE,key_block,keySize);
- break;
- case CKM_MD5_KEY_DERIVATION:
- if (keySize == 0) keySize = MD5_LENGTH;
- if (keySize > MD5_LENGTH) {
- crv = CKR_TEMPLATE_INCONSISTENT;
- break;
- }
- /* now allocate the hash contexts */
- md5 = MD5_NewContext();
- if (md5 == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- MD5_Begin(md5);
- MD5_Update(md5,(const unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen);
- MD5_End(md5,key_block,&outLen,MD5_LENGTH);
- MD5_DestroyContext(md5, PR_TRUE);
-
- crv = pk11_forceAttribute (key,CKA_VALUE,key_block,keySize);
- break;
- case CKM_SHA1_KEY_DERIVATION:
- if (keySize == 0) keySize = SHA1_LENGTH;
- if (keySize > SHA1_LENGTH) {
- crv = CKR_TEMPLATE_INCONSISTENT;
- break;
- }
- /* now allocate the hash contexts */
- sha = SHA1_NewContext();
- if (sha == NULL) {
- crv = CKR_HOST_MEMORY;
- break;
- }
- SHA1_Begin(sha);
- SHA1_Update(sha,(const unsigned char*)att->attrib.pValue,
- att->attrib.ulValueLen);
- SHA1_End(sha,key_block,&outLen,SHA1_LENGTH);
- SHA1_DestroyContext(sha, PR_TRUE);
-
- crv = pk11_forceAttribute(key,CKA_VALUE,key_block,keySize);
- break;
-
- case CKM_DH_PKCS_DERIVE:
- {
- SECItem derived, dhPublic;
- SECItem dhPrime, dhValue;
- /* sourceKey - values for the local existing low key */
- /* get prime and value attributes */
- crv = pk11_Attribute2SecItem(NULL, &dhPrime, sourceKey, CKA_PRIME);
- if (crv != SECSuccess) break;
- crv = pk11_Attribute2SecItem(NULL, &dhValue, sourceKey, CKA_VALUE);
- if (crv != SECSuccess) {
- PORT_Free(dhPrime.data);
- break;
- }
-
- dhPublic.data = pMechanism->pParameter;
- dhPublic.len = pMechanism->ulParameterLen;
-
- /* calculate private value - oct */
- rv = DH_Derive(&dhPublic, &dhPrime, &dhValue, &derived, keySize);
-
- PORT_Free(dhPrime.data);
- PORT_Free(dhValue.data);
-
- if (rv == SECSuccess) {
- pk11_forceAttribute(key, CKA_VALUE, derived.data, derived.len);
- PORT_ZFree(derived.data, derived.len);
- } else
- crv = CKR_HOST_MEMORY;
-
- break;
- }
-
- default:
- crv = CKR_MECHANISM_INVALID;
- }
- pk11_FreeAttribute(att);
- pk11_FreeObject(sourceKey);
- if (crv != CKR_OK) {
- if (key) pk11_FreeObject(key);
- return crv;
- }
-
- /* link the key object into the list */
- if (key) {
- /* get the session */
- key->wasDerived = PR_TRUE;
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) {
- pk11_FreeObject(key);
- return CKR_HOST_MEMORY;
- }
-
- crv = pk11_handleObject(key,session);
- pk11_FreeSession(session);
- if (crv == CKR_OK) {
- *phKey = key->handle;
- return crv;
- }
- pk11_FreeObject(key);
- }
- return crv;
-}
-
-
-/* NSC_GetFunctionStatus obtains an updated status of a function running
- * in parallel with an application. */
-CK_RV NSC_GetFunctionStatus(CK_SESSION_HANDLE hSession)
-{
- return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-/* NSC_CancelFunction cancels a function running in parallel */
-CK_RV NSC_CancelFunction(CK_SESSION_HANDLE hSession)
-{
- return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-/* NSC_GetOperationState saves the state of the cryptographic
- *operation in a session.
- * NOTE: This code only works for digest functions for now. eventually need
- * to add full flatten/resurect to our state stuff so that all types of state
- * can be saved */
-CK_RV NSC_GetOperationState(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen)
-{
- PK11SessionContext *context;
- PK11Session *session;
- CK_RV crv;
-
- /* make sure we're legal */
- crv = pk11_GetContext(hSession, &context, PK11_HASH, PR_TRUE, &session);
- if (crv != CKR_OK) return crv;
-
- *pulOperationStateLen = context->cipherInfoLen + sizeof(CK_MECHANISM_TYPE)
- + sizeof(PK11ContextType);
- if (pOperationState == NULL) {
- pk11_FreeSession(session);
- return CKR_OK;
- }
- PORT_Memcpy(pOperationState,&context->type,sizeof(PK11ContextType));
- pOperationState += sizeof(PK11ContextType);
- PORT_Memcpy(pOperationState,&context->currentMech,
- sizeof(CK_MECHANISM_TYPE));
- pOperationState += sizeof(CK_MECHANISM_TYPE);
- PORT_Memcpy(pOperationState,context->cipherInfo,context->cipherInfoLen);
- pk11_FreeSession(session);
- return CKR_OK;
-}
-
-
-#define pk11_Decrement(stateSize,len) \
- stateSize = ((stateSize) > (CK_ULONG)(len)) ? \
- ((stateSize) - (CK_ULONG)(len)) : 0;
-
-/* NSC_SetOperationState restores the state of the cryptographic
- * operation in a session. This is coded like it can restore lots of
- * states, but it only works for truly flat cipher structures. */
-CK_RV NSC_SetOperationState(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen,
- CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey)
-{
- PK11SessionContext *context;
- PK11Session *session;
- PK11ContextType type;
- CK_MECHANISM mech;
- CK_RV crv = CKR_OK;
-
- while (ulOperationStateLen != 0) {
- /* get what type of state we're dealing with... */
- PORT_Memcpy(&type,pOperationState, sizeof(PK11ContextType));
-
- /* fix up session contexts based on type */
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
- context = pk11_ReturnContextByType(session, type);
- pk11_SetContextByType(session, type, NULL);
- if (context) {
- pk11_FreeContext(context);
- }
- pOperationState += sizeof(PK11ContextType);
- pk11_Decrement(ulOperationStateLen,sizeof(PK11ContextType));
-
-
- /* get the mechanism structure */
- PORT_Memcpy(&mech.mechanism,pOperationState,sizeof(CK_MECHANISM_TYPE));
- pOperationState += sizeof(CK_MECHANISM_TYPE);
- pk11_Decrement(ulOperationStateLen, sizeof(CK_MECHANISM_TYPE));
- /* should be filled in... but not necessary for hash */
- mech.pParameter = NULL;
- mech.ulParameterLen = 0;
- switch (type) {
- case PK11_HASH:
- crv = NSC_DigestInit(hSession,&mech);
- if (crv != CKR_OK) break;
- crv = pk11_GetContext(hSession, &context, PK11_HASH, PR_TRUE,
- NULL);
- if (crv != CKR_OK) break;
- PORT_Memcpy(context->cipherInfo,pOperationState,
- context->cipherInfoLen);
- pOperationState += context->cipherInfoLen;
- pk11_Decrement(ulOperationStateLen,context->cipherInfoLen);
- break;
- default:
- /* do sign/encrypt/decrypt later */
- crv = CKR_SAVED_STATE_INVALID;
- }
- pk11_FreeSession(session);
- if (crv != CKR_OK) break;
- }
- return crv;
-}
-
-/* Dual-function cryptographic operations */
-
-/* NSC_DigestEncryptUpdate continues a multiple-part digesting and encryption
- * operation. */
-CK_RV NSC_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen)
-{
- CK_RV crv;
-
- crv = NSC_EncryptUpdate(hSession,pPart,ulPartLen, pEncryptedPart,
- pulEncryptedPartLen);
- if (crv != CKR_OK) return crv;
- crv = NSC_DigestUpdate(hSession,pPart,ulPartLen);
-
- return crv;
-}
-
-
-/* NSC_DecryptDigestUpdate continues a multiple-part decryption and
- * digesting operation. */
-CK_RV NSC_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
-{
- CK_RV crv;
-
- crv = NSC_DecryptUpdate(hSession,pEncryptedPart, ulEncryptedPartLen,
- pPart, pulPartLen);
- if (crv != CKR_OK) return crv;
- crv = NSC_DigestUpdate(hSession,pPart,*pulPartLen);
-
- return crv;
-}
-
-
-/* NSC_SignEncryptUpdate continues a multiple-part signing and
- * encryption operation. */
-CK_RV NSC_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen)
-{
- CK_RV crv;
-
- crv = NSC_EncryptUpdate(hSession,pPart,ulPartLen, pEncryptedPart,
- pulEncryptedPartLen);
- if (crv != CKR_OK) return crv;
- crv = NSC_SignUpdate(hSession,pPart,ulPartLen);
-
- return crv;
-}
-
-
-/* NSC_DecryptVerifyUpdate continues a multiple-part decryption
- * and verify operation. */
-CK_RV NSC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
- CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
-{
- CK_RV crv;
-
- crv = NSC_DecryptUpdate(hSession,pEncryptedData, ulEncryptedDataLen,
- pData, pulDataLen);
- if (crv != CKR_OK) return crv;
- crv = NSC_VerifyUpdate(hSession, pData, *pulDataLen);
-
- return crv;
-}
-
-/* NSC_DigestKey continues a multi-part message-digesting operation,
- * by digesting the value of a secret key as part of the data already digested.
- */
-CK_RV NSC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
-{
- PK11Session *session = NULL;
- PK11Object *key = NULL;
- PK11Attribute *att;
- CK_RV crv;
-
- session = pk11_SessionFromHandle(hSession);
- if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
-
- key = pk11_ObjectFromHandle(hKey,session);
- pk11_FreeSession(session);
- if (key == NULL) return CKR_KEY_HANDLE_INVALID;
-
- /* PUT ANY DIGEST KEY RESTRICTION CHECKS HERE */
-
- /* make sure it's a valid key for this operation */
- if (key->objclass != CKO_SECRET_KEY) {
- pk11_FreeObject(key);
- return CKR_KEY_TYPE_INCONSISTENT;
- }
- /* get the key value */
- att = pk11_FindAttribute(key,CKA_VALUE);
- pk11_FreeObject(key);
-
- crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue,
- att->attrib.ulValueLen);
- pk11_FreeAttribute(att);
- return crv;
-}
-
-
diff --git a/security/nss/lib/softoken/pkcs11f.h b/security/nss/lib/softoken/pkcs11f.h
deleted file mode 100644
index 71ee2676a..000000000
--- a/security/nss/lib/softoken/pkcs11f.h
+++ /dev/null
@@ -1,933 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/* This function contains pretty much everything about all the */
-/* PKCS #11 function prototypes. Because this information is */
-/* used for more than just declaring function prototypes, the */
-/* order of the functions appearing herein is important, and */
-/* should not be altered. */
-
-
-
-/* General-purpose */
-
-/* C_Initialize initializes the PKCS #11 library. */
-CK_PKCS11_FUNCTION_INFO(C_Initialize)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
- * cast to CK_C_INITIALIZE_ARGS_PTR
- * and dereferenced */
-);
-#endif
-
-
-/* C_Finalize indicates that an application is done with the
- * PKCS #11 library. */
-CK_PKCS11_FUNCTION_INFO(C_Finalize)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
-);
-#endif
-
-
-/* C_GetInfo returns general information about PKCS #11. */
-CK_PKCS11_FUNCTION_INFO(C_GetInfo)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_INFO_PTR pInfo /* location that receives information */
-);
-#endif
-
-
-/* C_GetFunctionList returns the function list. */
-CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
- * function list */
-);
-#endif
-
-
-
-/* Slot and token management */
-
-/* C_GetSlotList obtains a list of slots in the system. */
-CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_BBOOL tokenPresent, /* only slots with tokens? */
- CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
- CK_ULONG_PTR pulCount /* receives number of slots */
-);
-#endif
-
-
-/* C_GetSlotInfo obtains information about a particular slot in
- * the system. */
-CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* the ID of the slot */
- CK_SLOT_INFO_PTR pInfo /* receives the slot information */
-);
-#endif
-
-
-/* C_GetTokenInfo obtains information about a particular token
- * in the system. */
-CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* ID of the token's slot */
- CK_TOKEN_INFO_PTR pInfo /* receives the token information */
-);
-#endif
-
-
-/* C_GetMechanismList obtains a list of mechanism types
- * supported by a token. */
-CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* ID of token's slot */
- CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
- CK_ULONG_PTR pulCount /* gets # of mechs. */
-);
-#endif
-
-
-/* C_GetMechanismInfo obtains information about a particular
- * mechanism possibly supported by a token. */
-CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* ID of the token's slot */
- CK_MECHANISM_TYPE type, /* type of mechanism */
- CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
-);
-#endif
-
-
-/* C_InitToken initializes a token. */
-CK_PKCS11_FUNCTION_INFO(C_InitToken)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* ID of the token's slot */
- CK_CHAR_PTR pPin, /* the SO's initial PIN */
- CK_ULONG ulPinLen, /* length in bytes of the PIN */
- CK_CHAR_PTR pLabel /* 32-byte token label (blank padded) */
-);
-#endif
-
-
-/* C_InitPIN initializes the normal user's PIN. */
-CK_PKCS11_FUNCTION_INFO(C_InitPIN)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_CHAR_PTR pPin, /* the normal user's PIN */
- CK_ULONG ulPinLen /* length in bytes of the PIN */
-);
-#endif
-
-
-/* C_SetPIN modifies the PIN of the user who is logged in. */
-CK_PKCS11_FUNCTION_INFO(C_SetPIN)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_CHAR_PTR pOldPin, /* the old PIN */
- CK_ULONG ulOldLen, /* length of the old PIN */
- CK_CHAR_PTR pNewPin, /* the new PIN */
- CK_ULONG ulNewLen /* length of the new PIN */
-);
-#endif
-
-
-
-/* Session management */
-
-/* C_OpenSession opens a session between an application and a
- * token. */
-CK_PKCS11_FUNCTION_INFO(C_OpenSession)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID, /* the slot's ID */
- CK_FLAGS flags, /* from CK_SESSION_INFO */
- CK_VOID_PTR pApplication, /* passed to callback */
- CK_NOTIFY Notify, /* callback function */
- CK_SESSION_HANDLE_PTR phSession /* gets session handle */
-);
-#endif
-
-
-/* C_CloseSession closes a session between an application and a
- * token. */
-CK_PKCS11_FUNCTION_INFO(C_CloseSession)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession /* the session's handle */
-);
-#endif
-
-
-/* C_CloseAllSessions closes all sessions with a token. */
-CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SLOT_ID slotID /* the token's slot */
-);
-#endif
-
-
-/* C_GetSessionInfo obtains information about the session. */
-CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_SESSION_INFO_PTR pInfo /* receives session info */
-);
-#endif
-
-
-/* C_GetOperationState obtains the state of the cryptographic operation
- * in a session. */
-CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_BYTE_PTR pOperationState, /* gets state */
- CK_ULONG_PTR pulOperationStateLen /* gets state length */
-);
-#endif
-
-
-/* C_SetOperationState restores the state of the cryptographic
- * operation in a session. */
-CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_BYTE_PTR pOperationState, /* holds state */
- CK_ULONG ulOperationStateLen, /* holds state length */
- CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
- CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
-);
-#endif
-
-
-/* C_Login logs a user into a token. */
-CK_PKCS11_FUNCTION_INFO(C_Login)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_USER_TYPE userType, /* the user type */
- CK_CHAR_PTR pPin, /* the user's PIN */
- CK_ULONG ulPinLen /* the length of the PIN */
-);
-#endif
-
-
-/* C_Logout logs a user out from a token. */
-CK_PKCS11_FUNCTION_INFO(C_Logout)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession /* the session's handle */
-);
-#endif
-
-
-
-/* Object management */
-
-/* C_CreateObject creates a new object. */
-CK_PKCS11_FUNCTION_INFO(C_CreateObject)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
- CK_ULONG ulCount, /* attributes in template */
- CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
-);
-#endif
-
-
-/* C_CopyObject copies an object, creating a new object for the
- * copy. */
-CK_PKCS11_FUNCTION_INFO(C_CopyObject)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hObject, /* the object's handle */
- CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
- CK_ULONG ulCount, /* attributes in template */
- CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
-);
-#endif
-
-
-/* C_DestroyObject destroys an object. */
-CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hObject /* the object's handle */
-);
-#endif
-
-
-/* C_GetObjectSize gets the size of an object in bytes. */
-CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hObject, /* the object's handle */
- CK_ULONG_PTR pulSize /* receives size of object */
-);
-#endif
-
-
-/* C_GetAttributeValue obtains the value of one or more object
- * attributes. */
-CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hObject, /* the object's handle */
- CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
- CK_ULONG ulCount /* attributes in template */
-);
-#endif
-
-
-/* C_SetAttributeValue modifies the value of one or more object
- * attributes */
-CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hObject, /* the object's handle */
- CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
- CK_ULONG ulCount /* attributes in template */
-);
-#endif
-
-
-/* C_FindObjectsInit initializes a search for token and session
- * objects that match a template. */
-CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
- CK_ULONG ulCount /* attrs in search template */
-);
-#endif
-
-
-/* C_FindObjects continues a search for token and session
- * objects that match a template, obtaining additional object
- * handles. */
-CK_PKCS11_FUNCTION_INFO(C_FindObjects)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
- CK_ULONG ulMaxObjectCount, /* max handles to get */
- CK_ULONG_PTR pulObjectCount /* actual # returned */
-);
-#endif
-
-
-/* C_FindObjectsFinal finishes a search for token and session
- * objects. */
-CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession /* the session's handle */
-);
-#endif
-
-
-
-/* Encryption and decryption */
-
-/* C_EncryptInit initializes an encryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
- CK_OBJECT_HANDLE hKey /* handle of encryption key */
-);
-#endif
-
-
-/* C_Encrypt encrypts single-part data. */
-CK_PKCS11_FUNCTION_INFO(C_Encrypt)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_BYTE_PTR pData, /* the plaintext data */
- CK_ULONG ulDataLen, /* bytes of plaintext */
- CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
- CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
-);
-#endif
-
-
-/* C_EncryptUpdate continues a multiple-part encryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_BYTE_PTR pPart, /* the plaintext data */
- CK_ULONG ulPartLen, /* plaintext data len */
- CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
- CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
-);
-#endif
-
-
-/* C_EncryptFinal finishes a multiple-part encryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session handle */
- CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
- CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
-);
-#endif
-
-
-/* C_DecryptInit initializes a decryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
- CK_OBJECT_HANDLE hKey /* handle of decryption key */
-);
-#endif
-
-
-/* C_Decrypt decrypts encrypted data in a single part. */
-CK_PKCS11_FUNCTION_INFO(C_Decrypt)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_BYTE_PTR pEncryptedData, /* ciphertext */
- CK_ULONG ulEncryptedDataLen, /* ciphertext length */
- CK_BYTE_PTR pData, /* gets plaintext */
- CK_ULONG_PTR pulDataLen /* gets p-text size */
-);
-#endif
-
-
-/* C_DecryptUpdate continues a multiple-part decryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_BYTE_PTR pEncryptedPart, /* encrypted data */
- CK_ULONG ulEncryptedPartLen, /* input length */
- CK_BYTE_PTR pPart, /* gets plaintext */
- CK_ULONG_PTR pulPartLen /* p-text size */
-);
-#endif
-
-
-/* C_DecryptFinal finishes a multiple-part decryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pLastPart, /* gets plaintext */
- CK_ULONG_PTR pulLastPartLen /* p-text size */
-);
-#endif
-
-
-
-/* Message digesting */
-
-/* C_DigestInit initializes a message-digesting operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
-);
-#endif
-
-
-/* C_Digest digests data in a single part. */
-CK_PKCS11_FUNCTION_INFO(C_Digest)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pData, /* data to be digested */
- CK_ULONG ulDataLen, /* bytes of data to digest */
- CK_BYTE_PTR pDigest, /* gets the message digest */
- CK_ULONG_PTR pulDigestLen /* gets digest length */
-);
-#endif
-
-
-/* C_DigestUpdate continues a multiple-part message-digesting
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pPart, /* data to be digested */
- CK_ULONG ulPartLen /* bytes of data to be digested */
-);
-#endif
-
-
-/* C_DigestKey continues a multi-part message-digesting
- * operation, by digesting the value of a secret key as part of
- * the data already digested. */
-CK_PKCS11_FUNCTION_INFO(C_DigestKey)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_OBJECT_HANDLE hKey /* secret key to digest */
-);
-#endif
-
-
-/* C_DigestFinal finishes a multiple-part message-digesting
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pDigest, /* gets the message digest */
- CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
-);
-#endif
-
-
-
-/* Signing and MACing */
-
-/* C_SignInit initializes a signature (private key encryption)
- * operation, where the signature is (will be) an appendix to
- * the data, and plaintext cannot be recovered from the
- *signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
- CK_OBJECT_HANDLE hKey /* handle of signature key */
-);
-#endif
-
-
-/* C_Sign signs (encrypts with private key) data in a single
- * part, where the signature is (will be) an appendix to the
- * data, and plaintext cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_Sign)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pData, /* the data to sign */
- CK_ULONG ulDataLen, /* count of bytes to sign */
- CK_BYTE_PTR pSignature, /* gets the signature */
- CK_ULONG_PTR pulSignatureLen /* gets signature length */
-);
-#endif
-
-
-/* C_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pPart, /* the data to sign */
- CK_ULONG ulPartLen /* count of bytes to sign */
-);
-#endif
-
-
-/* C_SignFinal finishes a multiple-part signature operation,
- * returning the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pSignature, /* gets the signature */
- CK_ULONG_PTR pulSignatureLen /* gets signature length */
-);
-#endif
-
-
-/* C_SignRecoverInit initializes a signature operation, where
- * the data can be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
- CK_OBJECT_HANDLE hKey /* handle of the signature key */
-);
-#endif
-
-
-/* C_SignRecover signs data in a single operation, where the
- * data can be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignRecover)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pData, /* the data to sign */
- CK_ULONG ulDataLen, /* count of bytes to sign */
- CK_BYTE_PTR pSignature, /* gets the signature */
- CK_ULONG_PTR pulSignatureLen /* gets signature length */
-);
-#endif
-
-
-
-/* Verifying signatures and MACs */
-
-/* C_VerifyInit initializes a verification operation, where the
- * signature is an appendix to the data, and plaintext cannot
- * cannot be recovered from the signature (e.g. DSA). */
-CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
- CK_OBJECT_HANDLE hKey /* verification key */
-);
-#endif
-
-
-/* C_Verify verifies a signature in a single-part operation,
- * where the signature is an appendix to the data, and plaintext
- * cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_Verify)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pData, /* signed data */
- CK_ULONG ulDataLen, /* length of signed data */
- CK_BYTE_PTR pSignature, /* signature */
- CK_ULONG ulSignatureLen /* signature length*/
-);
-#endif
-
-
-/* C_VerifyUpdate continues a multiple-part verification
- * operation, where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pPart, /* signed data */
- CK_ULONG ulPartLen /* length of signed data */
-);
-#endif
-
-
-/* C_VerifyFinal finishes a multiple-part verification
- * operation, checking the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pSignature, /* signature to verify */
- CK_ULONG ulSignatureLen /* signature length */
-);
-#endif
-
-
-/* C_VerifyRecoverInit initializes a signature verification
- * operation, where the data is recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
- CK_OBJECT_HANDLE hKey /* verification key */
-);
-#endif
-
-
-/* C_VerifyRecover verifies a signature in a single-part
- * operation, where the data is recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pSignature, /* signature to verify */
- CK_ULONG ulSignatureLen, /* signature length */
- CK_BYTE_PTR pData, /* gets signed data */
- CK_ULONG_PTR pulDataLen /* gets signed data len */
-);
-#endif
-
-
-
-/* Dual-function cryptographic operations */
-
-/* C_DigestEncryptUpdate continues a multiple-part digesting
- * and encryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_BYTE_PTR pPart, /* the plaintext data */
- CK_ULONG ulPartLen, /* plaintext length */
- CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
- CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-);
-#endif
-
-
-/* C_DecryptDigestUpdate continues a multiple-part decryption and
- * digesting operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_BYTE_PTR pEncryptedPart, /* ciphertext */
- CK_ULONG ulEncryptedPartLen, /* ciphertext length */
- CK_BYTE_PTR pPart, /* gets plaintext */
- CK_ULONG_PTR pulPartLen /* gets plaintext len */
-);
-#endif
-
-
-/* C_SignEncryptUpdate continues a multiple-part signing and
- * encryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_BYTE_PTR pPart, /* the plaintext data */
- CK_ULONG ulPartLen, /* plaintext length */
- CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
- CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-);
-#endif
-
-
-/* C_DecryptVerifyUpdate continues a multiple-part decryption and
- * verify operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_BYTE_PTR pEncryptedPart, /* ciphertext */
- CK_ULONG ulEncryptedPartLen, /* ciphertext length */
- CK_BYTE_PTR pPart, /* gets plaintext */
- CK_ULONG_PTR pulPartLen /* gets p-text length */
-);
-#endif
-
-
-
-/* Key management */
-
-/* C_GenerateKey generates a secret key, creating a new key
- * object. */
-CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* key generation mech. */
- CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
- CK_ULONG ulCount, /* # of attrs in template */
- CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
-);
-#endif
-
-
-/* C_GenerateKeyPair generates a public-key/private-key pair,
- * creating new key objects. */
-CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session
- * handle */
- CK_MECHANISM_PTR pMechanism, /* key-gen
- * mech. */
- CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
- * for pub.
- * key */
- CK_ULONG ulPublicKeyAttributeCount, /* # pub.
- * attrs. */
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
- * for priv.
- * key */
- CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
- * attrs. */
- CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
- * key
- * handle */
- CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
- * priv. key
- * handle */
-);
-#endif
-
-
-/* C_WrapKey wraps (i.e., encrypts) a key. */
-CK_PKCS11_FUNCTION_INFO(C_WrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
- CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
- CK_OBJECT_HANDLE hKey, /* key to be wrapped */
- CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
- CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
-);
-#endif
-
-
-/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
- * key object. */
-CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
- CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
- CK_BYTE_PTR pWrappedKey, /* the wrapped key */
- CK_ULONG ulWrappedKeyLen, /* wrapped key len */
- CK_ATTRIBUTE_PTR pTemplate, /* new key template */
- CK_ULONG ulAttributeCount, /* template length */
- CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-);
-#endif
-
-
-/* C_DeriveKey derives a key from a base key, creating a new key
- * object. */
-CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* session's handle */
- CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
- CK_OBJECT_HANDLE hBaseKey, /* base key */
- CK_ATTRIBUTE_PTR pTemplate, /* new key template */
- CK_ULONG ulAttributeCount, /* template length */
- CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-);
-#endif
-
-
-
-/* Random number generation */
-
-/* C_SeedRandom mixes additional seed material into the token's
- * random number generator. */
-CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR pSeed, /* the seed material */
- CK_ULONG ulSeedLen /* length of seed material */
-);
-#endif
-
-
-/* C_GenerateRandom generates random data. */
-CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_BYTE_PTR RandomData, /* receives the random data */
- CK_ULONG ulRandomLen /* # of bytes to generate */
-);
-#endif
-
-
-
-/* Parallel function management */
-
-/* C_GetFunctionStatus is a legacy function; it obtains an
- * updated status of a function running in parallel with an
- * application. */
-CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession /* the session's handle */
-);
-#endif
-
-
-/* C_CancelFunction is a legacy function; it cancels a function
- * running in parallel. */
-CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE hSession /* the session's handle */
-);
-#endif
-
-
-
-/* Functions added in for PKCS #11 Version 2.01 or later */
-
-/* C_WaitForSlotEvent waits for a slot event (token insertion,
- * removal, etc.) to occur. */
-CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_FLAGS flags, /* blocking/nonblocking flag */
- CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
- CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
-);
-#endif
diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h
deleted file mode 100644
index 495817aef..000000000
--- a/security/nss/lib/softoken/pkcs11i.h
+++ /dev/null
@@ -1,428 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Internal data structures and functions used by pkcs11.c
- */
-#ifndef _PKCS11I_H_
-#define _PKCS11I_H_ 1
-
-#include "prlock.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "keytlow.h"
-#include "pkcs11t.h"
-
-#define PKCS11_USE_THREADS
-
-#define NO_ARENA
-#define MAX_OBJS_ATTRS 45
-#define ATTR_SPACE 50 /* hold up to a SSL premaster secret */
-
-
-#ifdef PKCS11_USE_THREADS
-#define PK11_USE_THREADS(x) x
-#else
-#define PK11_USE_THREADS(x)
-#endif
-
-/* define typedefs, double as forward declarations as well */
-typedef struct PK11AttributeStr PK11Attribute;
-typedef struct PK11ObjectListStr PK11ObjectList;
-typedef struct PK11ObjectListElementStr PK11ObjectListElement;
-typedef struct PK11ObjectStr PK11Object;
-typedef struct PK11SessionStr PK11Session;
-typedef struct PK11SlotStr PK11Slot;
-typedef struct PK11SessionContextStr PK11SessionContext;
-typedef struct PK11SearchResultsStr PK11SearchResults;
-typedef struct PK11HashVerifyInfoStr PK11HashVerifyInfo;
-typedef struct PK11HashSignInfoStr PK11HashSignInfo;
-typedef struct PK11SSLMACInfoStr PK11SSLMACInfo;
-
-/* define function pointer typdefs for pointer tables */
-typedef void (*PK11Destroy)(void *, PRBool);
-typedef void (*PK11Begin)(void *);
-typedef SECStatus (*PK11Cipher)(void *,void *,unsigned int *,unsigned int,
- void *, unsigned int);
-typedef SECStatus (*PK11Verify)(void *,void *,unsigned int,void *,unsigned int);
-typedef void (*PK11Hash)(void *,void *,unsigned int);
-typedef void (*PK11End)(void *,void *,unsigned int *,unsigned int);
-typedef void (*PK11Free)(void *);
-
-/*
- * these are data base storage hashes, not cryptographic hashes.. The define
- * the effective size of the various object hash tables
- */
-#define ATTRIBUTE_HASH_SIZE 32
-#define SESSION_OBJECT_HASH_SIZE 32
-#define TOKEN_OBJECT_HASH_SIZE 1024
-#define SESSION_HASH_SIZE 512
-#define MAX_KEY_LEN 256
-#define MAX_OBJECT_LIST_SIZE 800
-
-/* Value to tell if an attribute is modifiable or not.
- * NEVER: attribute is only set on creation.
- * ONCOPY: attribute is set on creation and can only be changed on copy.
- * SENSITIVE: attribute can only be changed to TRUE.
- * ALWAYS: attribute can always be changed.
- */
-typedef enum {
- PK11_NEVER = 0,
- PK11_ONCOPY = 1,
- PK11_SENSITIVE = 2,
- PK11_ALWAYS = 3
-} PK11ModifyType;
-
-/*
- * Free Status Enum... tell us more information when we think we're
- * deleting an object.
- */
-typedef enum {
- PK11_DestroyFailure,
- PK11_Destroyed,
- PK11_Busy
-} PK11FreeStatus;
-
-/*
- * attribute values of an object.
- */
-struct PK11AttributeStr {
- PK11Attribute *next;
- PK11Attribute *prev;
-#ifdef REF_COUNT_ATTRIBUTE
- int refCount;
- PRLock *refLock;
-#endif
- /*must be called handle to make pk11queue_find work */
- CK_ATTRIBUTE_TYPE handle;
- CK_ATTRIBUTE attrib;
-#ifdef NO_ARENA
- unsigned char space[ATTR_SPACE];
-#endif
-};
-
-
-/*
- * doubly link list of objects
- */
-struct PK11ObjectListStr {
- PK11ObjectList *next;
- PK11ObjectList *prev;
- PK11Object *parent;
-};
-
-/*
- * PKCS 11 crypto object structure
- */
-struct PK11ObjectStr {
- PK11Object *next;
- PK11Object *prev;
- PK11ObjectList sessionList;
- CK_OBJECT_HANDLE handle;
-#ifdef NO_ARENA
- int nextAttr;
-#else
- PLArenaPool *arena;
-#endif
- int refCount;
- PRLock *refLock;
- PRLock *attributeLock;
- PK11Session *session;
- PK11Slot *slot;
- CK_OBJECT_CLASS objclass;
- void *objectInfo;
- PK11Free infoFree;
- char *label;
- PRBool inDB;
- PRBool wasDerived;
- PK11Attribute *head[ATTRIBUTE_HASH_SIZE];
-#ifdef NO_ARENA
- PK11Attribute attrList[MAX_OBJS_ATTRS];
-#endif
-};
-
-/*
- * struct to deal with a temparary list of objects
- */
-struct PK11ObjectListElementStr {
- PK11ObjectListElement *next;
- PK11Object *object;
-};
-
-/*
- * Area to hold Search results
- */
-struct PK11SearchResultsStr {
- CK_OBJECT_HANDLE *handles;
- int size;
- int index;
-};
-
-
-/*
- * the universal crypto/hash/sign/verify context structure
- */
-typedef enum {
- PK11_ENCRYPT,
- PK11_DECRYPT,
- PK11_HASH,
- PK11_SIGN,
- PK11_SIGN_RECOVER,
- PK11_VERIFY,
- PK11_VERIFY_RECOVER
-} PK11ContextType;
-
-
-#define PK11_MAX_BLOCK_SIZE 16
-/* currently SHA1 is the biggest hash length */
-#define PK11_MAX_MAC_LENGTH 20
-#define PK11_INVALID_MAC_SIZE 0xffffffff
-
-struct PK11SessionContextStr {
- PK11ContextType type;
- PRBool multi; /* is multipart */
- PRBool doPad; /* use PKCS padding for block ciphers */
- unsigned int blockSize; /* blocksize for padding */
- unsigned int padDataLength; /* length of the valid data in padbuf */
- unsigned char padBuf[PK11_MAX_BLOCK_SIZE];
- unsigned char macBuf[PK11_MAX_BLOCK_SIZE];
- CK_ULONG macSize; /* size of a general block cipher mac*/
- void *cipherInfo;
- void *hashInfo;
- unsigned int cipherInfoLen;
- CK_MECHANISM_TYPE currentMech;
- PK11Cipher update;
- PK11Hash hashUpdate;
- PK11End end;
- PK11Destroy destroy;
- PK11Destroy hashdestroy;
- PK11Verify verify;
- unsigned int maxLen;
-};
-
-/*
- * Sessions (have objects)
- */
-struct PK11SessionStr {
- PK11Session *next;
- PK11Session *prev;
- CK_SESSION_HANDLE handle;
- int refCount;
- PRLock *refLock;
- PRLock *objectLock;
- int objectIDCount;
- CK_SESSION_INFO info;
- CK_NOTIFY notify;
- CK_VOID_PTR appData;
- PK11Slot *slot;
- PK11SearchResults *search;
- PK11SessionContext *enc_context;
- PK11SessionContext *hash_context;
- PK11SessionContext *sign_context;
- PK11ObjectList *objects[1];
-};
-
-/*
- * slots (have sessions and objects)
- */
-struct PK11SlotStr {
- CK_SLOT_ID slotID;
- PRLock *sessionLock;
- PRLock *objectLock;
- SECItem *password;
- PRBool hasTokens;
- PRBool isLoggedIn;
- PRBool ssoLoggedIn;
- PRBool needLogin;
- PRBool DB_loaded;
- int sessionIDCount;
- int sessionCount;
- int rwSessionCount;
- int tokenIDCount;
- PK11Object *tokObjects[TOKEN_OBJECT_HASH_SIZE];
- PK11Session *head[SESSION_HASH_SIZE];
-};
-
-/*
- * special joint operations Contexts
- */
-struct PK11HashVerifyInfoStr {
- SECOidTag hashOid;
- SECKEYLowPublicKey *key;
-};
-
-struct PK11HashSignInfoStr {
- SECOidTag hashOid;
- SECKEYLowPrivateKey *key;
-};
-
-/* context for the Final SSLMAC message */
-struct PK11SSLMACInfoStr {
- void *hashContext;
- PK11Begin begin;
- PK11Hash update;
- PK11End end;
- CK_ULONG macSize;
- int padSize;
- unsigned char key[MAX_KEY_LEN];
- unsigned int keySize;
-};
-
-/*
- * session handle modifiers
- */
-#define PK11_PRIVATE_KEY_FLAG 0x80000000L
-#define PK11_FIPS_FLAG 0x40000000L
-
-/*
- * object handle modifiers
- */
-#define PK11_TOKEN_MASK 0x80000000L
-#define PK11_TOKEN_MAGIC 0x80000000L
-#define PK11_TOKEN_TYPE_MASK 0x70000000L
-#define PK11_TOKEN_TYPE_CERT 0x00000000L
-#define PK11_TOKEN_TYPE_PRIV 0x10000000L
-#define PK11_TOKEN_TYPE_PUB 0x20000000L
-
-/* how big a password/pin we can deal with */
-#define PK11_MAX_PIN 255
-
-/* slot ID's */
-#define NETSCAPE_SLOT_ID 1
-#define PRIVATE_KEY_SLOT_ID 2
-#define FIPS_SLOT_ID 3
-
-/* slot helper macros */
-#define pk11_SlotFromSession(sp) ((sp)->slot)
-#define pk11_isToken(id) (((id) & PK11_TOKEN_MASK) == PK11_TOKEN_MAGIC)
-
-/* queueing helper macros */
-#define pk11_hash(value,size) ((value) & (size-1))/*size must be a power of 2*/
-#define pk11queue_add(element,id,head,hash_size) \
- { int tmp = pk11_hash(id,hash_size); \
- (element)->next = (head)[tmp]; \
- (element)->prev = NULL; \
- if ((head)[tmp]) (head)[tmp]->prev = (element); \
- (head)[tmp] = (element); }
-#define pk11queue_find(element,id,head,hash_size) \
- for( (element) = (head)[pk11_hash(id,hash_size)]; (element) != NULL; \
- (element) = (element)->next) { \
- if ((element)->handle == (id)) { break; } }
-#define pk11queue_is_queued(element,id,head,hash_size) \
- ( ((element)->next) || ((element)->prev) || \
- ((head)[pk11_hash(id,hash_size)] == (element)) )
-#define pk11queue_delete(element,id,head,hash_size) \
- if ((element)->next) (element)->next->prev = (element)->prev; \
- if ((element)->prev) (element)->prev->next = (element)->next; \
- else (head)[pk11_hash(id,hash_size)] = ((element)->next); \
- (element)->next = NULL; \
- (element)->prev = NULL; \
-
-/* expand an attribute & secitem structures out */
-#define pk11_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
-#define pk11_item_expand(ip) (ip)->data,(ip)->len
-
-SEC_BEGIN_PROTOS
-
-/* shared functions between PKCS11.c and PK11FIPS.c */
-extern CK_RV PK11_LowInitialize(CK_VOID_PTR pReserved);
-extern CK_RV PK11_SlotInit(CK_SLOT_ID slotID, PRBool needLogin);
-
-/* internal utility functions used by pkcs11.c */
-extern PK11Attribute *pk11_FindAttribute(PK11Object *object,
- CK_ATTRIBUTE_TYPE type);
-extern void pk11_FreeAttribute(PK11Attribute *attribute);
-extern CK_RV pk11_AddAttributeType(PK11Object *object, CK_ATTRIBUTE_TYPE type,
- void *valPtr,
- CK_ULONG length);
-extern CK_RV pk11_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
- PK11Object *object, CK_ATTRIBUTE_TYPE type);
-extern PRBool pk11_hasAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type);
-extern PRBool pk11_isTrue(PK11Object *object, CK_ATTRIBUTE_TYPE type);
-extern void pk11_DeleteAttributeType(PK11Object *object,
- CK_ATTRIBUTE_TYPE type);
-extern CK_RV pk11_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
- PK11Object *object, CK_ATTRIBUTE_TYPE type);
-extern CK_RV pk11_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,
- PK11Object *object,
- CK_ATTRIBUTE_TYPE type);
-extern PK11ModifyType pk11_modifyType(CK_ATTRIBUTE_TYPE type,
- CK_OBJECT_CLASS inClass);
-extern PRBool pk11_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
-extern char *pk11_getString(PK11Object *object, CK_ATTRIBUTE_TYPE type);
-extern void pk11_nullAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type);
-extern CK_RV pk11_forceAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type,
- void *value, unsigned int len);
-extern CK_RV pk11_defaultAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type,
- void *value, unsigned int len);
-
-extern PK11Object *pk11_NewObject(PK11Slot *slot);
-extern CK_RV pk11_CopyObject(PK11Object *destObject, PK11Object *srcObject);
-extern PK11FreeStatus pk11_FreeObject(PK11Object *object);
-extern void pk11_DeleteObject(PK11Session *session, PK11Object *object);
-extern void pk11_ReferenceObject(PK11Object *object);
-extern PK11Object *pk11_ObjectFromHandle(CK_OBJECT_HANDLE handle,
- PK11Session *session);
-extern void pk11_AddSlotObject(PK11Slot *slot, PK11Object *object);
-extern void pk11_AddObject(PK11Session *session, PK11Object *object);
-
-extern CK_RV pk11_searchObjectList(PK11ObjectListElement **objectList,
- PK11Object **head, PRLock *lock,
- CK_ATTRIBUTE_PTR inTemplate, int count,
- PRBool isLoggedIn);
-extern PK11ObjectListElement *pk11_FreeObjectListElement(
- PK11ObjectListElement *objectList);
-extern void pk11_FreeObjectList(PK11ObjectListElement *objectList);
-extern void pk11_FreeSearch(PK11SearchResults *search);
-extern CK_RV pk11_handleObject(PK11Object *object, PK11Session *session);
-
-extern PK11Slot *pk11_SlotFromID(CK_SLOT_ID slotID);
-extern PK11Slot *pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
-extern PK11Session *pk11_SessionFromHandle(CK_SESSION_HANDLE handle);
-extern void pk11_FreeSession(PK11Session *session);
-extern PK11Session *pk11_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
- CK_VOID_PTR pApplication, CK_FLAGS flags);
-extern void pk11_update_state(PK11Slot *slot,PK11Session *session);
-extern void pk11_update_all_states(PK11Slot *slot);
-extern void pk11_FreeContext(PK11SessionContext *context);
-
-extern SECKEYLowPublicKey *pk11_GetPubKey(PK11Object *object,
- CK_KEY_TYPE key_type);
-extern SECKEYLowPrivateKey *pk11_GetPrivKey(PK11Object *object,
- CK_KEY_TYPE key_type);
-extern void pk11_FormatDESKey(unsigned char *key, int length);
-extern PRBool pk11_CheckDESKey(unsigned char *key);
-extern PRBool pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
-
-SEC_END_PROTOS
-
-#endif /* _PKCS11I_H_ */
diff --git a/security/nss/lib/softoken/pkcs11p.h b/security/nss/lib/softoken/pkcs11p.h
deleted file mode 100644
index 9876ad3ac..000000000
--- a/security/nss/lib/softoken/pkcs11p.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/* these data types are platform/implementation dependent. */
-/*
- * Packing was removed from the shipped RSA header files, even
- * though it's still needed. put in a central file to help merging..
- */
-#if defined(XP_WIN)
-#if defined(_WIN32)
-#pragma warning(disable:4103)
-#pragma pack(push, cryptoki, 1)
-#endif
-#endif
diff --git a/security/nss/lib/softoken/pkcs11t.h b/security/nss/lib/softoken/pkcs11t.h
deleted file mode 100644
index 254b6dd1e..000000000
--- a/security/nss/lib/softoken/pkcs11t.h
+++ /dev/null
@@ -1,1115 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/* See top of pkcs11.h for information about the macros that
- * must be defined and the structure-packing conventions that
- * must be set before including this file.
- */
-
-#ifndef _PKCS11T_H_
-#define _PKCS11T_H_ 1
-
-#ifndef CK_FALSE
-#define CK_FALSE 0
-#endif
-
-#ifndef CK_TRUE
-#define CK_TRUE (!CK_FALSE)
-#endif
-
-#include "prtypes.h"
-
-#define CK_PTR *
-#define CK_NULL_PTR 0
-#define CK_CALLBACK_FUNCTION(rv,func) rv (PR_CALLBACK * func)
-#define CK_DECLARE_FUNCTION(rv,func) PR_EXTERN(rv) func
-#define CK_DECLARE_FUNCTION_POINTER(rv,func) rv (PR_CALLBACK * func)
-
-/* an unsigned 8-bit value */
-typedef unsigned char CK_BYTE;
-
-/* an unsigned 8-bit character */
-typedef CK_BYTE CK_CHAR;
-
-/* a BYTE-sized Boolean flag */
-typedef CK_BYTE CK_BBOOL;
-
-/* an unsigned value, at least 32 bits long */
-typedef unsigned long int CK_ULONG;
-
-/* a signed value, the same size as a CK_ULONG */
-/* CK_LONG is new for v2.0 */
-typedef long int CK_LONG;
-
-/* at least 32 bits; each bit is a Boolean flag */
-typedef CK_ULONG CK_FLAGS;
-
-
-/* some special values for certain CK_ULONG variables */
-#define CK_UNAVAILABLE_INFORMATION (~0UL)
-#define CK_EFFECTIVELY_INFINITE 0
-
-
-typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-typedef CK_CHAR CK_PTR CK_CHAR_PTR;
-typedef CK_ULONG CK_PTR CK_ULONG_PTR;
-typedef void CK_PTR CK_VOID_PTR;
-
-/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
-typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
-
-
-/* The following value is always invalid if used as a session */
-/* handle or object handle */
-#define CK_INVALID_HANDLE 0
-
-
-/* pack */
-#include "pkcs11p.h"
-
-typedef struct CK_VERSION {
- CK_BYTE major; /* integer portion of version number */
- CK_BYTE minor; /* 1/100ths portion of version number */
-} CK_VERSION;
-
-typedef CK_VERSION CK_PTR CK_VERSION_PTR;
-
-
-typedef struct CK_INFO {
- CK_VERSION cryptokiVersion; /* PKCS #11 interface ver */
- CK_CHAR manufacturerID[32]; /* blank padded */
- CK_FLAGS flags; /* must be zero */
-
- /* libraryDescription and libraryVersion are new for v2.0 */
- CK_CHAR libraryDescription[32]; /* blank padded */
- CK_VERSION libraryVersion; /* version of library */
-} CK_INFO;
-
-typedef CK_INFO CK_PTR CK_INFO_PTR;
-
-
-/* CK_NOTIFICATION enumerates the types of notifications that
- * PKCS #11 provides to an application */
-/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
- * for v2.0 */
-typedef CK_ULONG CK_NOTIFICATION;
-#define CKN_SURRENDER 0
-
-
-typedef CK_ULONG CK_SLOT_ID;
-
-typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
-
-
-/* CK_SLOT_INFO provides information about a slot */
-typedef struct CK_SLOT_INFO {
- CK_CHAR slotDescription[64]; /* blank padded */
- CK_CHAR manufacturerID[32]; /* blank padded */
- CK_FLAGS flags;
-
- /* hardwareVersion and firmwareVersion are new for v2.0 */
- CK_VERSION hardwareVersion; /* version of hardware */
- CK_VERSION firmwareVersion; /* version of firmware */
-} CK_SLOT_INFO;
-
-/* flags: bit flags that provide capabilities of the slot
- * Bit Flag Mask Meaning
- */
-#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
-#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
-#define CKF_HW_SLOT 0x00000004 /* hardware slot */
-
-typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
-
-
-/* CK_TOKEN_INFO provides information about a token */
-typedef struct CK_TOKEN_INFO {
- CK_CHAR label[32]; /* blank padded */
- CK_CHAR manufacturerID[32]; /* blank padded */
- CK_CHAR model[16]; /* blank padded */
- CK_CHAR serialNumber[16]; /* blank padded */
- CK_FLAGS flags; /* see below */
-
- /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
- * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
- * changed from CK_USHORT to CK_ULONG for v2.0 */
- CK_ULONG ulMaxSessionCount; /* max open sessions */
- CK_ULONG ulSessionCount; /* sess. now open */
- CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
- CK_ULONG ulRwSessionCount; /* R/W sess. now open */
- CK_ULONG ulMaxPinLen; /* in bytes */
- CK_ULONG ulMinPinLen; /* in bytes */
- CK_ULONG ulTotalPublicMemory; /* in bytes */
- CK_ULONG ulFreePublicMemory; /* in bytes */
- CK_ULONG ulTotalPrivateMemory; /* in bytes */
- CK_ULONG ulFreePrivateMemory; /* in bytes */
-
- /* hardwareVersion, firmwareVersion, and time are new for
- * v2.0 */
- CK_VERSION hardwareVersion; /* version of hardware */
- CK_VERSION firmwareVersion; /* version of firmware */
- CK_CHAR utcTime[16]; /* time */
-} CK_TOKEN_INFO;
-
-/* The flags parameter is defined as follows:
- * Bit Flag Mask Meaning
- */
-#define CKF_RNG 0x00000001 /* has random #
- * generator */
-#define CKF_WRITE_PROTECTED 0x00000002 /* token is
- * write-
- * protected */
-#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
- * login */
-#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
- * PIN is set */
-
-/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
- * that means that *every* time the state of cryptographic
- * operations of a session is successfully saved, all keys
- * needed to continue those operations are stored in the state */
-#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
-
-/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
- * that the token has some sort of clock. The time on that
- * clock is returned in the token info structure */
-#define CKF_CLOCK_ON_TOKEN 0x00000040
-
-/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
- * set, that means that there is some way for the user to login
- * without sending a PIN through the PKCS #11 library itself */
-#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
-
-/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
- * that means that a single session with the token can perform
- * dual simultaneous cryptographic operations (digest and
- * encrypt; decrypt and digest; sign and encrypt; and decrypt
- * and sign) */
-#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
-
-typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
-
-
-/* CK_SESSION_HANDLE is a PKCS #11-assigned value that
- * identifies a session */
-typedef CK_ULONG CK_SESSION_HANDLE;
-
-typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
-
-
-/* CK_USER_TYPE enumerates the types of PKCS #11 users */
-/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
- * v2.0 */
-typedef CK_ULONG CK_USER_TYPE;
-/* Security Officer */
-#define CKU_SO 0
-/* Normal user */
-#define CKU_USER 1
-
-
-/* CK_STATE enumerates the session states */
-/* CK_STATE has been changed from an enum to a CK_ULONG for
- * v2.0 */
-typedef CK_ULONG CK_STATE;
-#define CKS_RO_PUBLIC_SESSION 0
-#define CKS_RO_USER_FUNCTIONS 1
-#define CKS_RW_PUBLIC_SESSION 2
-#define CKS_RW_USER_FUNCTIONS 3
-#define CKS_RW_SO_FUNCTIONS 4
-
-
-/* CK_SESSION_INFO provides information about a session */
-typedef struct CK_SESSION_INFO {
- CK_SLOT_ID slotID;
- CK_STATE state;
- CK_FLAGS flags; /* see below */
-
- /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
- CK_ULONG ulDeviceError; /* device-dependent error code */
-} CK_SESSION_INFO;
-
-/* The flags are defined in the following table:
- * Bit Flag Mask Meaning
- */
-#define CKF_RW_SESSION 0x00000002 /* session is r/w */
-#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
-
-typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
-
-
-/* CK_OBJECT_HANDLE is a token-specific identifier for an
- * object */
-typedef CK_ULONG CK_OBJECT_HANDLE;
-
-typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
-
-
-/* CK_OBJECT_CLASS is a value that identifies the classes (or
- * types) of objects that PKCS #11 recognizes. It is defined
- * as follows: */
-/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
-typedef CK_ULONG CK_OBJECT_CLASS;
-
-/* The following classes of objects are defined: */
-#define CKO_DATA 0x00000000
-#define CKO_CERTIFICATE 0x00000001
-#define CKO_PUBLIC_KEY 0x00000002
-#define CKO_PRIVATE_KEY 0x00000003
-#define CKO_SECRET_KEY 0x00000004
-#define CKO_VENDOR_DEFINED 0x80000000
-
-typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-
-
-/* CK_KEY_TYPE is a value that identifies a key type */
-/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-typedef CK_ULONG CK_KEY_TYPE;
-
-/* the following key types are defined: */
-#define CKK_RSA 0x00000000
-#define CKK_DSA 0x00000001
-#define CKK_DH 0x00000002
-
-/* CKK_ECDSA and CKK_KEA are new for v2.0 */
-
-/* PKCS #11 V2.01 probably won't actually have ECDSA in it */
-#define CKK_ECDSA 0x00000003
-
-#define CKK_KEA 0x00000005
-
-#define CKK_GENERIC_SECRET 0x00000010
-#define CKK_RC2 0x00000011
-#define CKK_RC4 0x00000012
-#define CKK_DES 0x00000013
-#define CKK_DES2 0x00000014
-#define CKK_DES3 0x00000015
-
-/* all these key types are new for v2.0 */
-#define CKK_CAST 0x00000016
-#define CKK_CAST3 0x00000017
-#define CKK_CAST5 0x00000018
-#define CKK_CAST128 0x00000018 /* CAST128=CAST5 */
-#define CKK_RC5 0x00000019
-#define CKK_IDEA 0x0000001A
-#define CKK_SKIPJACK 0x0000001B
-#define CKK_BATON 0x0000001C
-#define CKK_JUNIPER 0x0000001D
-#define CKK_CDMF 0x0000001E
-
-#define CKK_VENDOR_DEFINED 0x80000000
-
-
-/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
- * type */
-/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
- * for v2.0 */
-typedef CK_ULONG CK_CERTIFICATE_TYPE;
-
-/* The following certificate types are defined: */
-#define CKC_X_509 0x00000000
-#define CKC_VENDOR_DEFINED 0x80000000
-
-
-/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
- * type */
-/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
-typedef CK_ULONG CK_ATTRIBUTE_TYPE;
-
-/* The following attribute types are defined: */
-#define CKA_CLASS 0x00000000
-#define CKA_TOKEN 0x00000001
-#define CKA_PRIVATE 0x00000002
-#define CKA_LABEL 0x00000003
-#define CKA_APPLICATION 0x00000010
-#define CKA_VALUE 0x00000011
-#define CKA_CERTIFICATE_TYPE 0x00000080
-#define CKA_ISSUER 0x00000081
-#define CKA_SERIAL_NUMBER 0x00000082
-#define CKA_KEY_TYPE 0x00000100
-#define CKA_SUBJECT 0x00000101
-#define CKA_ID 0x00000102
-#define CKA_SENSITIVE 0x00000103
-#define CKA_ENCRYPT 0x00000104
-#define CKA_DECRYPT 0x00000105
-#define CKA_WRAP 0x00000106
-#define CKA_UNWRAP 0x00000107
-#define CKA_SIGN 0x00000108
-#define CKA_SIGN_RECOVER 0x00000109
-#define CKA_VERIFY 0x0000010A
-#define CKA_VERIFY_RECOVER 0x0000010B
-#define CKA_DERIVE 0x0000010C
-#define CKA_START_DATE 0x00000110
-#define CKA_END_DATE 0x00000111
-#define CKA_MODULUS 0x00000120
-#define CKA_MODULUS_BITS 0x00000121
-#define CKA_PUBLIC_EXPONENT 0x00000122
-#define CKA_PRIVATE_EXPONENT 0x00000123
-#define CKA_PRIME_1 0x00000124
-#define CKA_PRIME_2 0x00000125
-#define CKA_EXPONENT_1 0x00000126
-#define CKA_EXPONENT_2 0x00000127
-#define CKA_COEFFICIENT 0x00000128
-#define CKA_PRIME 0x00000130
-#define CKA_SUBPRIME 0x00000131
-#define CKA_BASE 0x00000132
-#define CKA_VALUE_BITS 0x00000160
-#define CKA_VALUE_LEN 0x00000161
-
-/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
- * CKA_ALWAYS_SENSITIVE, and CKA_MODIFIABLE are new for v2.0 */
-#define CKA_EXTRACTABLE 0x00000162
-#define CKA_LOCAL 0x00000163
-#define CKA_NEVER_EXTRACTABLE 0x00000164
-#define CKA_ALWAYS_SENSITIVE 0x00000165
-#define CKA_MODIFIABLE 0x00000170
-
-#define CKA_VENDOR_DEFINED 0x80000000
-
-
-/* CK_ATTRIBUTE is a structure that includes the type, length
- * and value of an attribute */
-typedef struct CK_ATTRIBUTE {
- CK_ATTRIBUTE_TYPE type;
- CK_VOID_PTR pValue;
-
- /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
- CK_ULONG ulValueLen; /* in bytes */
-} CK_ATTRIBUTE;
-
-typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
-
-
-/* CK_DATE is a structure that defines a date */
-typedef struct CK_DATE{
- CK_CHAR year[4]; /* the year ("1900" - "9999") */
- CK_CHAR month[2]; /* the month ("01" - "12") */
- CK_CHAR day[2]; /* the day ("01" - "31") */
-} CK_DATE;
-
-
-/* CK_MECHANISM_TYPE is a value that identifies a mechanism
- * type */
-/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
-typedef CK_ULONG CK_MECHANISM_TYPE;
-
-/* the following mechanism types are defined: */
-#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
-#define CKM_RSA_PKCS 0x00000001
-#define CKM_RSA_9796 0x00000002
-#define CKM_RSA_X_509 0x00000003
-
-/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
- * are new for v2.0. They are mechanisms which hash and sign */
-#define CKM_MD2_RSA_PKCS 0x00000004
-#define CKM_MD5_RSA_PKCS 0x00000005
-#define CKM_SHA1_RSA_PKCS 0x00000006
-
-#define CKM_DSA_KEY_PAIR_GEN 0x00000010
-#define CKM_DSA 0x00000011
-#define CKM_DSA_SHA1 0x00000012
-#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
-#define CKM_DH_PKCS_DERIVE 0x00000021
-#define CKM_RC2_KEY_GEN 0x00000100
-#define CKM_RC2_ECB 0x00000101
-#define CKM_RC2_CBC 0x00000102
-#define CKM_RC2_MAC 0x00000103
-
-/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
-#define CKM_RC2_MAC_GENERAL 0x00000104
-#define CKM_RC2_CBC_PAD 0x00000105
-
-#define CKM_RC4_KEY_GEN 0x00000110
-#define CKM_RC4 0x00000111
-#define CKM_DES_KEY_GEN 0x00000120
-#define CKM_DES_ECB 0x00000121
-#define CKM_DES_CBC 0x00000122
-#define CKM_DES_MAC 0x00000123
-
-/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
-#define CKM_DES_MAC_GENERAL 0x00000124
-#define CKM_DES_CBC_PAD 0x00000125
-
-#define CKM_DES2_KEY_GEN 0x00000130
-#define CKM_DES3_KEY_GEN 0x00000131
-#define CKM_DES3_ECB 0x00000132
-#define CKM_DES3_CBC 0x00000133
-#define CKM_DES3_MAC 0x00000134
-
-/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
- * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
- * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
-#define CKM_DES3_MAC_GENERAL 0x00000135
-#define CKM_DES3_CBC_PAD 0x00000136
-#define CKM_CDMF_KEY_GEN 0x00000140
-#define CKM_CDMF_ECB 0x00000141
-#define CKM_CDMF_CBC 0x00000142
-#define CKM_CDMF_MAC 0x00000143
-#define CKM_CDMF_MAC_GENERAL 0x00000144
-#define CKM_CDMF_CBC_PAD 0x00000145
-
-#define CKM_MD2 0x00000200
-
-/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
-#define CKM_MD2_HMAC 0x00000201
-#define CKM_MD2_HMAC_GENERAL 0x00000202
-
-#define CKM_MD5 0x00000210
-
-/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
-#define CKM_MD5_HMAC 0x00000211
-#define CKM_MD5_HMAC_GENERAL 0x00000212
-
-#define CKM_SHA_1 0x00000220
-
-/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
-#define CKM_SHA_1_HMAC 0x00000221
-#define CKM_SHA_1_HMAC_GENERAL 0x00000222
-
-/* All of the following mechanisms are new for v2.0 */
-/* Note that CAST128 and CAST5 are the same algorithm */
-#define CKM_CAST_KEY_GEN 0x00000300
-#define CKM_CAST_ECB 0x00000301
-#define CKM_CAST_CBC 0x00000302
-#define CKM_CAST_MAC 0x00000303
-#define CKM_CAST_MAC_GENERAL 0x00000304
-#define CKM_CAST_CBC_PAD 0x00000305
-#define CKM_CAST3_KEY_GEN 0x00000310
-#define CKM_CAST3_ECB 0x00000311
-#define CKM_CAST3_CBC 0x00000312
-#define CKM_CAST3_MAC 0x00000313
-#define CKM_CAST3_MAC_GENERAL 0x00000314
-#define CKM_CAST3_CBC_PAD 0x00000315
-#define CKM_CAST5_KEY_GEN 0x00000320
-#define CKM_CAST128_KEY_GEN 0x00000320
-#define CKM_CAST5_ECB 0x00000321
-#define CKM_CAST128_ECB 0x00000321
-#define CKM_CAST5_CBC 0x00000322
-#define CKM_CAST128_CBC 0x00000322
-#define CKM_CAST5_MAC 0x00000323
-#define CKM_CAST128_MAC 0x00000323
-#define CKM_CAST5_MAC_GENERAL 0x00000324
-#define CKM_CAST128_MAC_GENERAL 0x00000324
-#define CKM_CAST5_CBC_PAD 0x00000325
-#define CKM_CAST128_CBC_PAD 0x00000325
-#define CKM_RC5_KEY_GEN 0x00000330
-#define CKM_RC5_ECB 0x00000331
-#define CKM_RC5_CBC 0x00000332
-#define CKM_RC5_MAC 0x00000333
-#define CKM_RC5_MAC_GENERAL 0x00000334
-#define CKM_RC5_CBC_PAD 0x00000335
-#define CKM_IDEA_KEY_GEN 0x00000340
-#define CKM_IDEA_ECB 0x00000341
-#define CKM_IDEA_CBC 0x00000342
-#define CKM_IDEA_MAC 0x00000343
-#define CKM_IDEA_MAC_GENERAL 0x00000344
-#define CKM_IDEA_CBC_PAD 0x00000345
-#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
-#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
-#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
-#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
-#define CKM_XOR_BASE_AND_DATA 0x00000364
-#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
-#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
-#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
-#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
-#define CKM_SSL3_MD5_MAC 0x00000380
-#define CKM_SSL3_SHA1_MAC 0x00000381
-#define CKM_MD5_KEY_DERIVATION 0x00000390
-#define CKM_MD2_KEY_DERIVATION 0x00000391
-#define CKM_SHA1_KEY_DERIVATION 0x00000392
-#define CKM_PBE_MD2_DES_CBC 0x000003A0
-#define CKM_PBE_MD5_DES_CBC 0x000003A1
-#define CKM_PBE_MD5_CAST_CBC 0x000003A2
-#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
-#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
-#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
-#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
-#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
-#define CKM_PBE_SHA1_RC4_128 0x000003A6
-#define CKM_PBE_SHA1_RC4_40 0x000003A7
-#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
-#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
-#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
-#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
-#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
-#define CKM_KEY_WRAP_LYNKS 0x00000400
-#define CKM_KEY_WRAP_SET_OAEP 0x00000401
-
-/* Fortezza mechanisms */
-#define CKM_SKIPJACK_KEY_GEN 0x00001000
-#define CKM_SKIPJACK_ECB64 0x00001001
-#define CKM_SKIPJACK_CBC64 0x00001002
-#define CKM_SKIPJACK_OFB64 0x00001003
-#define CKM_SKIPJACK_CFB64 0x00001004
-#define CKM_SKIPJACK_CFB32 0x00001005
-#define CKM_SKIPJACK_CFB16 0x00001006
-#define CKM_SKIPJACK_CFB8 0x00001007
-#define CKM_SKIPJACK_WRAP 0x00001008
-#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
-#define CKM_SKIPJACK_RELAYX 0x0000100a
-#define CKM_KEA_KEY_PAIR_GEN 0x00001010
-#define CKM_KEA_KEY_DERIVE 0x00001011
-#define CKM_FORTEZZA_TIMESTAMP 0x00001020
-#define CKM_BATON_KEY_GEN 0x00001030
-#define CKM_BATON_ECB128 0x00001031
-#define CKM_BATON_ECB96 0x00001032
-#define CKM_BATON_CBC128 0x00001033
-#define CKM_BATON_COUNTER 0x00001034
-#define CKM_BATON_SHUFFLE 0x00001035
-#define CKM_BATON_WRAP 0x00001036
-
-/* PKCS #11 V2.01 probably won't actually have ECDSA in it */
-#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
-#define CKM_ECDSA 0x00001041
-#define CKM_ECDSA_SHA1 0x00001042
-
-#define CKM_JUNIPER_KEY_GEN 0x00001060
-#define CKM_JUNIPER_ECB128 0x00001061
-#define CKM_JUNIPER_CBC128 0x00001062
-#define CKM_JUNIPER_COUNTER 0x00001063
-#define CKM_JUNIPER_SHUFFLE 0x00001064
-#define CKM_JUNIPER_WRAP 0x00001065
-#define CKM_FASTHASH 0x00001070
-
-#define CKM_VENDOR_DEFINED 0x80000000
-
-typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
-
-
-/* CK_MECHANISM is a structure that specifies a particular
- * mechanism */
-typedef struct CK_MECHANISM {
- CK_MECHANISM_TYPE mechanism;
- CK_VOID_PTR pParameter;
-
- /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
- CK_ULONG ulParameterLen; /* in bytes */
-} CK_MECHANISM;
-
-typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
-
-
-/* CK_MECHANISM_INFO provides information about a particular
- * mechanism */
-typedef struct CK_MECHANISM_INFO {
- CK_ULONG ulMinKeySize;
- CK_ULONG ulMaxKeySize;
- CK_FLAGS flags;
-} CK_MECHANISM_INFO;
-
-/* The flags are defined as follows:
- * Bit Flag Mask Meaning */
-#define CKF_HW 0x00000001 /* performed by HW */
-
-/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
- * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
- * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
- * and CKF_DERIVE are new for v2.0. They specify whether or not
- * a mechanism can be used for a particular task */
-#define CKF_ENCRYPT 0x00000100
-#define CKF_DECRYPT 0x00000200
-#define CKF_DIGEST 0x00000400
-#define CKF_SIGN 0x00000800
-#define CKF_SIGN_RECOVER 0x00001000
-#define CKF_VERIFY 0x00002000
-#define CKF_VERIFY_RECOVER 0x00004000
-#define CKF_GENERATE 0x00008000
-#define CKF_GENERATE_KEY_PAIR 0x00010000
-#define CKF_WRAP 0x00020000
-#define CKF_UNWRAP 0x00040000
-#define CKF_DERIVE 0x00080000
-
-#define CKF_EXTENSION 0x80000000 /* FALSE for 2.01 */
-
-typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
-
-
-/* CK_RV is a value that identifies the return value of a
- * PKCS #11 function */
-/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
-typedef CK_ULONG CK_RV;
-
-#define CKR_OK 0x00000000
-#define CKR_CANCEL 0x00000001
-#define CKR_HOST_MEMORY 0x00000002
-#define CKR_SLOT_ID_INVALID 0x00000003
-
-/* CKR_FLAGS_INVALID was removed for v2.0 */
-
-/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
-#define CKR_GENERAL_ERROR 0x00000005
-#define CKR_FUNCTION_FAILED 0x00000006
-
-/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
- * and CKR_CANT_LOCK are new for v2.01 */
-#define CKR_ARGUMENTS_BAD 0x00000007
-#define CKR_NO_EVENT 0x00000008
-#define CKR_NEED_TO_CREATE_THREADS 0x00000009
-#define CKR_CANT_LOCK 0x0000000A
-
-#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
-#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
-#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
-#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
-#define CKR_DATA_INVALID 0x00000020
-#define CKR_DATA_LEN_RANGE 0x00000021
-#define CKR_DEVICE_ERROR 0x00000030
-#define CKR_DEVICE_MEMORY 0x00000031
-#define CKR_DEVICE_REMOVED 0x00000032
-#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
-#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
-#define CKR_FUNCTION_CANCELED 0x00000050
-#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
-
-/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
-#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
-
-#define CKR_KEY_HANDLE_INVALID 0x00000060
-
-/* CKR_KEY_SENSITIVE was removed for v2.0 */
-
-#define CKR_KEY_SIZE_RANGE 0x00000062
-#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
-
-/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
- * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
- * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
- * v2.0 */
-#define CKR_KEY_NOT_NEEDED 0x00000064
-#define CKR_KEY_CHANGED 0x00000065
-#define CKR_KEY_NEEDED 0x00000066
-#define CKR_KEY_INDIGESTIBLE 0x00000067
-#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
-#define CKR_KEY_NOT_WRAPPABLE 0x00000069
-#define CKR_KEY_UNEXTRACTABLE 0x0000006A
-
-#define CKR_MECHANISM_INVALID 0x00000070
-#define CKR_MECHANISM_PARAM_INVALID 0x00000071
-
-/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
- * were removed for v2.0 */
-#define CKR_OBJECT_HANDLE_INVALID 0x00000082
-#define CKR_OPERATION_ACTIVE 0x00000090
-#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
-#define CKR_PIN_INCORRECT 0x000000A0
-#define CKR_PIN_INVALID 0x000000A1
-#define CKR_PIN_LEN_RANGE 0x000000A2
-
-/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
-#define CKR_PIN_EXPIRED 0x000000A3
-#define CKR_PIN_LOCKED 0x000000A4
-
-#define CKR_SESSION_CLOSED 0x000000B0
-#define CKR_SESSION_COUNT 0x000000B1
-#define CKR_SESSION_HANDLE_INVALID 0x000000B3
-#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
-#define CKR_SESSION_READ_ONLY 0x000000B5
-#define CKR_SESSION_EXISTS 0x000000B6
-
-/* CKR_SESSION_READ_ONLY_EXISTS and
- * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
-#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
-#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
-
-#define CKR_SIGNATURE_INVALID 0x000000C0
-#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
-#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
-#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
-#define CKR_TOKEN_NOT_PRESENT 0x000000E0
-#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
-#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
-#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
-#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
-#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
-#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
-#define CKR_USER_NOT_LOGGED_IN 0x00000101
-#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
-#define CKR_USER_TYPE_INVALID 0x00000103
-
-/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
- * are new to v2.01 */
-#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
-#define CKR_USER_TOO_MANY_TYPES 0x00000105
-
-#define CKR_WRAPPED_KEY_INVALID 0x00000110
-#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
-#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
-#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
-#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
-#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
-
-/* These are new to v2.0 */
-#define CKR_RANDOM_NO_RNG 0x00000121
-#define CKR_BUFFER_TOO_SMALL 0x00000150
-#define CKR_SAVED_STATE_INVALID 0x00000160
-#define CKR_INFORMATION_SENSITIVE 0x00000170
-#define CKR_STATE_UNSAVEABLE 0x00000180
-
-/* These are new to v2.01 */
-#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
-#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
-#define CKR_MUTEX_BAD 0x000001A0
-#define CKR_MUTEX_NOT_LOCKED 0x000001A1
-
-#define CKR_VENDOR_DEFINED 0x80000000
-
-
-/* CK_NOTIFY is an application callback that processes events */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
- CK_SESSION_HANDLE hSession, /* the session's handle */
- CK_NOTIFICATION event,
- CK_VOID_PTR pApplication /* passed to C_OpenSession */
-);
-
-
-/* CK_FUNCTION_LIST is a structure holding a PKCS #11 spec
- * version and pointers of appropriate types to all the
- * PKCS #11 functions */
-/* CK_FUNCTION_LIST is new for v2.0 */
-typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
-
-typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
-
-typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
-
-
-/* CK_CREATEMUTEX is an application callback for creating a
- * mutex object */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
- CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
-);
-
-
-/* CK_DESTROYMUTEX is an application callback for destroying a
- * mutex object */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
- CK_VOID_PTR pMutex /* pointer to mutex */
-);
-
-
-/* CK_LOCKMUTEX is an application callback for locking a mutex */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
- CK_VOID_PTR pMutex /* pointer to mutex */
-);
-
-
-/* CK_UNLOCKMUTEX is an application callback for unlocking a
- * mutex */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
- CK_VOID_PTR pMutex /* pointer to mutex */
-);
-
-
-/* CK_C_INITIALIZE_ARGS provides the optional arguments to
- * C_Initialize */
-typedef struct CK_C_INITIALIZE_ARGS {
- CK_CREATEMUTEX CreateMutex;
- CK_DESTROYMUTEX DestroyMutex;
- CK_LOCKMUTEX LockMutex;
- CK_UNLOCKMUTEX UnlockMutex;
- CK_FLAGS flags;
- CK_VOID_PTR pReserved;
-} CK_C_INITIALIZE_ARGS;
-
-/* flags: bit flags that provide capabilities of the slot
- * Bit Flag Mask Meaning
- */
-#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
-#define CKF_OS_LOCKING_OK 0x00000002
-
-typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
-
-
-/* additional flags for parameters to functions */
-
-/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
-#define CKF_DONT_BLOCK 1
-
-
-/* CK_KEA_DERIVE_PARAMS provides the parameters to the
- * CKM_KEA_DERIVE mechanism */
-/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
-typedef struct CK_KEA_DERIVE_PARAMS {
- CK_BBOOL isSender;
- CK_ULONG ulRandomLen;
- CK_BYTE_PTR pRandomA;
- CK_BYTE_PTR pRandomB;
- CK_ULONG ulPublicDataLen;
- CK_BYTE_PTR pPublicData;
-} CK_KEA_DERIVE_PARAMS;
-
-typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
-
-
-/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
- * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
- * holds the effective keysize */
-typedef CK_ULONG CK_RC2_PARAMS;
-
-typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
-
-
-/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
- * mechanism */
-typedef struct CK_RC2_CBC_PARAMS {
- /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
- * v2.0 */
- CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-
- CK_BYTE iv[8]; /* IV for CBC mode */
-} CK_RC2_CBC_PARAMS;
-
-typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
-
-
-/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
- * CKM_RC2_MAC_GENERAL mechanism */
-/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
-typedef struct CK_RC2_MAC_GENERAL_PARAMS {
- CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
- CK_ULONG ulMacLength; /* Length of MAC in bytes */
-} CK_RC2_MAC_GENERAL_PARAMS;
-
-typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
- CK_RC2_MAC_GENERAL_PARAMS_PTR;
-
-
-/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
- * CKM_RC5_MAC mechanisms */
-/* CK_RC5_PARAMS is new for v2.0 */
-typedef struct CK_RC5_PARAMS {
- CK_ULONG ulWordsize; /* wordsize in bits */
- CK_ULONG ulRounds; /* number of rounds */
-} CK_RC5_PARAMS;
-
-typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
-
-
-/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
- * mechanism */
-/* CK_RC5_CBC_PARAMS is new for v2.0 */
-typedef struct CK_RC5_CBC_PARAMS {
- CK_ULONG ulWordsize; /* wordsize in bits */
- CK_ULONG ulRounds; /* number of rounds */
- CK_BYTE_PTR pIv; /* pointer to IV */
- CK_ULONG ulIvLen; /* length of IV in bytes */
-} CK_RC5_CBC_PARAMS;
-
-typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
-
-
-/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
- * CKM_RC5_MAC_GENERAL mechanism */
-/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
-typedef struct CK_RC5_MAC_GENERAL_PARAMS {
- CK_ULONG ulWordsize; /* wordsize in bits */
- CK_ULONG ulRounds; /* number of rounds */
- CK_ULONG ulMacLength; /* Length of MAC in bytes */
-} CK_RC5_MAC_GENERAL_PARAMS;
-
-typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
- CK_RC5_MAC_GENERAL_PARAMS_PTR;
-
-
-/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
- * ciphers' MAC_GENERAL mechanisms. Its value is the length of
- * the MAC */
-/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
-typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
-
-typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
-
-
-/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
- * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
-/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
-typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
- CK_ULONG ulPasswordLen;
- CK_BYTE_PTR pPassword;
- CK_ULONG ulPublicDataLen;
- CK_BYTE_PTR pPublicData;
- CK_ULONG ulPAndGLen;
- CK_ULONG ulQLen;
- CK_ULONG ulRandomLen;
- CK_BYTE_PTR pRandomA;
- CK_BYTE_PTR pPrimeP;
- CK_BYTE_PTR pBaseG;
- CK_BYTE_PTR pSubprimeQ;
-} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
-
-typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
- CK_SKIPJACK_PRIVATE_WRAP_PTR;
-
-
-/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
- * CKM_SKIPJACK_RELAYX mechanism */
-/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
-typedef struct CK_SKIPJACK_RELAYX_PARAMS {
- CK_ULONG ulOldWrappedXLen;
- CK_BYTE_PTR pOldWrappedX;
- CK_ULONG ulOldPasswordLen;
- CK_BYTE_PTR pOldPassword;
- CK_ULONG ulOldPublicDataLen;
- CK_BYTE_PTR pOldPublicData;
- CK_ULONG ulOldRandomLen;
- CK_BYTE_PTR pOldRandomA;
- CK_ULONG ulNewPasswordLen;
- CK_BYTE_PTR pNewPassword;
- CK_ULONG ulNewPublicDataLen;
- CK_BYTE_PTR pNewPublicData;
- CK_ULONG ulNewRandomLen;
- CK_BYTE_PTR pNewRandomA;
-} CK_SKIPJACK_RELAYX_PARAMS;
-
-typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
- CK_SKIPJACK_RELAYX_PARAMS_PTR;
-
-
-typedef struct CK_PBE_PARAMS {
- CK_CHAR_PTR pInitVector;
- CK_CHAR_PTR pPassword;
- CK_ULONG ulPasswordLen;
- CK_CHAR_PTR pSalt;
- CK_ULONG ulSaltLen;
- CK_ULONG ulIteration;
-} CK_PBE_PARAMS;
-
-typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
-
-
-/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
- * CKM_KEY_WRAP_SET_OAEP mechanism */
-/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
-typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
- CK_BYTE bBC; /* block contents byte */
- CK_BYTE_PTR pX; /* extra data */
- CK_ULONG ulXLen; /* length of extra data in bytes */
-} CK_KEY_WRAP_SET_OAEP_PARAMS;
-
-typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
- CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
-
-
-typedef struct CK_SSL3_RANDOM_DATA {
- CK_BYTE_PTR pClientRandom;
- CK_ULONG ulClientRandomLen;
- CK_BYTE_PTR pServerRandom;
- CK_ULONG ulServerRandomLen;
-} CK_SSL3_RANDOM_DATA;
-
-
-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
- CK_SSL3_RANDOM_DATA RandomInfo;
- CK_VERSION_PTR pVersion;
-} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-
-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
- CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
-
-
-typedef struct CK_SSL3_KEY_MAT_OUT {
- CK_OBJECT_HANDLE hClientMacSecret;
- CK_OBJECT_HANDLE hServerMacSecret;
- CK_OBJECT_HANDLE hClientKey;
- CK_OBJECT_HANDLE hServerKey;
- CK_BYTE_PTR pIVClient;
- CK_BYTE_PTR pIVServer;
-} CK_SSL3_KEY_MAT_OUT;
-
-typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
-
-
-typedef struct CK_SSL3_KEY_MAT_PARAMS {
- CK_ULONG ulMacSizeInBits;
- CK_ULONG ulKeySizeInBits;
- CK_ULONG ulIVSizeInBits;
- CK_BBOOL bIsExport;
- CK_SSL3_RANDOM_DATA RandomInfo;
- CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-} CK_SSL3_KEY_MAT_PARAMS;
-
-typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
-
-
-typedef struct CK_KEY_DERIVATION_STRING_DATA {
- CK_BYTE_PTR pData;
- CK_ULONG ulLen;
-} CK_KEY_DERIVATION_STRING_DATA;
-
-typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
- CK_KEY_DERIVATION_STRING_DATA_PTR;
-
-
-/* The CK_EXTRACT_PARAMS is used for the
- * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
- * of the base key should be used as the first bit of the
- * derived key */
-/* CK_EXTRACT_PARAMS is new for v2.0 */
-typedef CK_ULONG CK_EXTRACT_PARAMS;
-
-typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-
-/* Do not attempt to use these. They are only used by NETSCAPE's internal
- * PKCS #11 interface. Most of these are place holders for other mechanism
- * and will change in the future.
- */
-#define CKM_NETSCAPE_PBE_KEY_GEN 0x80000001L
-#define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002L
-#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003L
-#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004L
-#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005L
-#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006L
-#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007L
-#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008L
-#define CKM_TLS_MASTER_KEY_DERIVE 0x80000371L
-#define CKM_TLS_KEY_AND_MAC_DERIVE 0x80000372L
-#define CKM_TLS_PRF_GENERAL 0x80000373L
-
-/* define used to pass in the database key for DSA private keys */
-#define CKA_NETSCAPE_DB 0xD5A0DB00L
-#define CKA_NETSCAPE_TRUST 0x80000001L
-
-/* undo packing */
-#include "pkcs11u.h"
-
-#endif
diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c
deleted file mode 100644
index fdb03a543..000000000
--- a/security/nss/lib/softoken/pkcs11u.c
+++ /dev/null
@@ -1,1270 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Internal PKCS #11 functions. Should only be called by pkcs11.c
- */
-#include "pkcs11.h"
-#include "pkcs11i.h"
-#include "key.h"
-#include "certdb.h"
-
-
-/* declare the internal pkcs11 slot structures:
- * There are threee:
- * slot 0 is the generic crypto service token.
- * slot 1 is the Database service token.
- * slot 2 is the FIPS token (both generic and database).
- */
-static PK11Slot pk11_slot[3];
-
-/*
- * ******************** Attribute Utilities *******************************
- */
-
-/*
- * create a new attribute with type, value, and length. Space is allocated
- * to hold value.
- */
-static PK11Attribute *
-pk11_NewAttribute(PK11Object *object,
- CK_ATTRIBUTE_TYPE type, CK_VOID_PTR value, CK_ULONG len)
-{
- PK11Attribute *attribute;
-
-#ifdef NO_ARENA
- int index;
- /*
- * NO_ARENA attempts to keep down contention on Malloc and Arena locks
- * by limiting the number of these calls on high traversed paths. this
- * is done for attributes by 'allocating' them from a pool already allocated
- * by the parent object.
- */
- PK11_USE_THREADS(PR_Lock(object->attributeLock);)
- index = object->nextAttr++;
- PK11_USE_THREADS(PR_Unlock(object->attributeLock);)
- PORT_Assert(index < MAX_OBJS_ATTRS);
- if (index >= MAX_OBJS_ATTRS) return NULL;
-
- attribute = &object->attrList[index];
- attribute->attrib.type = type;
- if (value) {
- if (len <= ATTR_SPACE) {
- attribute->attrib.pValue = attribute->space;
- } else {
- attribute->attrib.pValue = PORT_Alloc(len);
- }
- if (attribute->attrib.pValue == NULL) {
- return NULL;
- }
- PORT_Memcpy(attribute->attrib.pValue,value,len);
- attribute->attrib.ulValueLen = len;
- } else {
- attribute->attrib.pValue = NULL;
- attribute->attrib.ulValueLen = 0;
- }
-#else
-#ifdef REF_COUNT_ATTRIBUTE
- attribute = (PK11Attribute*)PORT_Alloc(sizeof(PK11Attribute));
-#else
- attribute = (PK11Attribute*)PORT_ArenaAlloc(object->arena,sizeof(PK11Attribute));
-#endif /* REF_COUNT_ATTRIBUTE */
- if (attribute == NULL) return NULL;
-
- if (value) {
-#ifdef REF_COUNT_ATTRIBUTE
- attribute->attrib.pValue = PORT_Alloc(len);
-#else
- attribute->attrib.pValue = PORT_ArenaAlloc(object->arena,len);
-#endif /* REF_COUNT_ATTRIBUTE */
- if (attribute->attrib.pValue == NULL) {
-#ifdef REF_COUNT_ATTRIBUTE
- PORT_Free(attribute);
-#endif /* REF_COUNT_ATTRIBUTE */
- return NULL;
- }
- PORT_Memcpy(attribute->attrib.pValue,value,len);
- attribute->attrib.ulValueLen = len;
- } else {
- attribute->attrib.pValue = NULL;
- attribute->attrib.ulValueLen = 0;
- }
-#endif /* NO_ARENA */
- attribute->attrib.type = type;
- attribute->handle = type;
- attribute->next = attribute->prev = NULL;
-#ifdef REF_COUNT_ATTRIBUTE
- attribute->refCount = 1;
-#ifdef PKCS11_USE_THREADS
- attribute->refLock = PR_NewLock();
- if (attribute->refLock == NULL) {
- if (attribute->attrib.pValue) PORT_Free(attribute->attrib.pValue);
- PORT_Free(attribute);
- return NULL;
- }
-#else
- attribute->refLock = NULL;
-#endif
-#endif /* REF_COUNT_ATTRIBUTE */
- return attribute;
-}
-
-/*
- * Free up all the memory associated with an attribute. Reference count
- * must be zero to call this.
- */
-static void
-pk11_DestroyAttribute(PK11Attribute *attribute)
-{
-#ifdef REF_COUNT_ATTRIBUTE
- PORT_Assert(attribute->refCount == 0);
- PK11_USE_THREADS(PR_DestroyLock(attribute->refLock);)
- if (attribute->attrib.pValue) {
- /* clear out the data in the attribute value... it may have been
- * sensitive data */
- PORT_Memset(attribute->attrib.pValue,0,attribute->attrib.ulValueLen);
- PORT_Free(attribute->attrib.pValue);
- }
- PORT_Free(attribute);
-#endif
-}
-
-
-/*
- * look up and attribute structure from a type and Object structure.
- * The returned attribute is referenced and needs to be freed when
- * it is no longer needed.
- */
-PK11Attribute *
-pk11_FindAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type)
-{
- PK11Attribute *attribute;
-
- PK11_USE_THREADS(PR_Lock(object->attributeLock);)
- pk11queue_find(attribute,type,object->head,ATTRIBUTE_HASH_SIZE);
-#ifdef REF_COUNT_ATTRIBUTE
- if (attribute) {
- /* atomic increment would be nice here */
- PK11_USE_THREADS(PR_Lock(attribute->refLock);)
- attribute->refCount++;
- PK11_USE_THREADS(PR_Unlock(attribute->refLock);)
- }
-#endif
- PK11_USE_THREADS(PR_Unlock(object->attributeLock);)
-
- return(attribute);
-}
-
-
-/*
- * release a reference to an attribute structure
- */
-void
-pk11_FreeAttribute(PK11Attribute *attribute)
-{
-#ifdef REF_COUNT_ATTRIBUTE
- PRBool destroy = PR_FALSE;
-
- PK11_USE_THREADS(PR_Lock(attribute->refLock);)
- if (attribute->refCount == 1) destroy = PR_TRUE;
- attribute->refCount--;
- PK11_USE_THREADS(PR_Unlock(attribute->refLock);)
-
- if (destroy) pk11_DestroyAttribute(attribute);
-#endif
-}
-
-
-/*
- * return true if object has attribute
- */
-PRBool
-pk11_hasAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type)
-{
- PK11Attribute *attribute;
-
- PK11_USE_THREADS(PR_Lock(object->attributeLock);)
- pk11queue_find(attribute,type,object->head,ATTRIBUTE_HASH_SIZE);
- PK11_USE_THREADS(PR_Unlock(object->attributeLock);)
-
- return (PRBool)(attribute != NULL);
-}
-
-/*
- * add an attribute to an object
- */
-static
-void pk11_AddAttribute(PK11Object *object,PK11Attribute *attribute)
-{
- PK11_USE_THREADS(PR_Lock(object->attributeLock);)
- pk11queue_add(attribute,attribute->handle,object->head,ATTRIBUTE_HASH_SIZE);
- PK11_USE_THREADS(PR_Unlock(object->attributeLock);)
-}
-
-/*
- * copy an unsigned attribute into a 'signed' SECItem. Secitem is allocated in
- * the specified arena.
- */
-CK_RV
-pk11_Attribute2SSecItem(PLArenaPool *arena,SECItem *item,PK11Object *object,
- CK_ATTRIBUTE_TYPE type)
-{
- int len;
- PK11Attribute *attribute;
- unsigned char *start;
- int real_len;
-
- attribute = pk11_FindAttribute(object, type);
- if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE;
- real_len = len = attribute->attrib.ulValueLen;
- if ((*((unsigned char *)attribute->attrib.pValue) & 0x80) != 0) {
- real_len++;
- }
-
- if (arena) {
- start = item->data = (unsigned char *) PORT_ArenaAlloc(arena,real_len);
- } else {
- start = item->data = (unsigned char *) PORT_Alloc(real_len);
- }
- if (item->data == NULL) {
- pk11_FreeAttribute(attribute);
- return CKR_HOST_MEMORY;
- }
- item->len = real_len;
- if (real_len != len) {
- *start = 0;
- start++;
- }
- PORT_Memcpy(start, attribute->attrib.pValue, len);
- pk11_FreeAttribute(attribute);
- return CKR_OK;
-}
-
-
-/*
- * delete an attribute from an object
- */
-static void
-pk11_DeleteAttribute(PK11Object *object, PK11Attribute *attribute)
-{
- PK11_USE_THREADS(PR_Lock(object->attributeLock);)
- if (pk11queue_is_queued(attribute,attribute->handle,
- object->head,ATTRIBUTE_HASH_SIZE)) {
- pk11queue_delete(attribute,attribute->handle,
- object->head,ATTRIBUTE_HASH_SIZE);
- }
- PK11_USE_THREADS(PR_Unlock(object->attributeLock);)
- pk11_FreeAttribute(attribute);
-}
-
-/*
- * this is only valid for CK_BBOOL type attributes. Return the state
- * of that attribute.
- */
-PRBool
-pk11_isTrue(PK11Object *object,CK_ATTRIBUTE_TYPE type)
-{
- PK11Attribute *attribute;
- PRBool tok = PR_FALSE;
-
- attribute=pk11_FindAttribute(object,type);
- if (attribute == NULL) { return PR_FALSE; }
- tok = (PRBool)(*(CK_BBOOL *)attribute->attrib.pValue);
- pk11_FreeAttribute(attribute);
-
- return tok;
-}
-
-/*
- * force an attribute to null.
- * this is for sensitive keys which are stored in the database, we don't
- * want to keep this info around in memory in the clear.
- */
-void
-pk11_nullAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type)
-{
- PK11Attribute *attribute;
-
- attribute=pk11_FindAttribute(object,type);
- if (attribute == NULL) return;
-
- if (attribute->attrib.pValue != NULL) {
- PORT_Memset(attribute->attrib.pValue,0,attribute->attrib.ulValueLen);
-#ifdef REF_COUNT_ATTRIBUTE
- PORT_Free(attribute->attrib.pValue);
-#endif /* REF_COUNT_ATTRIBUTE */
-#ifdef NO_ARENA
- if (attribute->attrib.pValue != attribute->space) {
- PORT_Free(attribute->attrib.pValue);
- }
-#endif /* NO_ARENA */
- attribute->attrib.pValue = NULL;
- attribute->attrib.ulValueLen = 0;
- }
- pk11_FreeAttribute(attribute);
-}
-
-/*
- * force an attribute to a spaecif value.
- */
-CK_RV
-pk11_forceAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type, void *value,
- unsigned int len)
-{
- PK11Attribute *attribute;
- void *att_val = NULL;
-
- attribute=pk11_FindAttribute(object,type);
- if (attribute == NULL) return pk11_AddAttributeType(object,type,value,len);
-
-
- if (value) {
-#ifdef NO_ARENA
- if (len <= ATTR_SPACE) {
- att_val = attribute->space;
- } else {
- att_val = PORT_Alloc(len);
- }
-#else
-#ifdef REF_COUNT_ATTRIBUTE
- att_val = PORT_Alloc(len);
-#else
- att_val = PORT_ArenaAlloc(object->arena,len);
-#endif /* REF_COUNT_ATTRIBUTE */
-#endif /* NO_ARENA */
- if (att_val == NULL) {
- return CKR_HOST_MEMORY;
- }
- if (attribute->attrib.pValue == att_val) {
- PORT_Memset(attribute->attrib.pValue,0,
- attribute->attrib.ulValueLen);
- }
- PORT_Memcpy(att_val,value,len);
- }
- if (attribute->attrib.pValue != NULL) {
- if (attribute->attrib.pValue != att_val) {
- PORT_Memset(attribute->attrib.pValue,0,
- attribute->attrib.ulValueLen);
- }
-#ifdef REF_COUNT_ATTRIBUTE
- PORT_Free(attribute->attrib.pValue);
-#endif /* REF_COUNT_ATTRIBUTE */
-#ifdef NO_ARENA
- if (attribute->attrib.pValue != attribute->space) {
- PORT_Free(attribute->attrib.pValue);
- }
-#endif /* NO_ARENA */
- attribute->attrib.pValue = NULL;
- attribute->attrib.ulValueLen = 0;
- }
- if (att_val) {
- attribute->attrib.pValue = att_val;
- attribute->attrib.ulValueLen = len;
- }
- return CKR_OK;
-}
-
-/*
- * return a null terminated string from attribute 'type'. This string
- * is allocated and needs to be freed with PORT_Free() When complete.
- */
-char *
-pk11_getString(PK11Object *object,CK_ATTRIBUTE_TYPE type)
-{
- PK11Attribute *attribute;
- char *label = NULL;
-
- attribute=pk11_FindAttribute(object,type);
- if (attribute == NULL) return NULL;
-
- if (attribute->attrib.pValue != NULL) {
- label = (char *) PORT_Alloc(attribute->attrib.ulValueLen+1);
- if (label == NULL) {
- pk11_FreeAttribute(attribute);
- return NULL;
- }
-
- PORT_Memcpy(label,attribute->attrib.pValue,
- attribute->attrib.ulValueLen);
- label[attribute->attrib.ulValueLen] = 0;
- }
- pk11_FreeAttribute(attribute);
- return label;
-}
-
-/*
- * decode when a particular attribute may be modified
- * PK11_NEVER: This attribute must be set at object creation time and
- * can never be modified.
- * PK11_ONCOPY: This attribute may be modified only when you copy the
- * object.
- * PK11_SENSITIVE: The CKA_SENSITIVE attribute can only be changed from
- * CK_FALSE to CK_TRUE.
- * PK11_ALWAYS: This attribute can always be modified.
- * Some attributes vary their modification type based on the class of the
- * object.
- */
-PK11ModifyType
-pk11_modifyType(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass)
-{
- /* if we don't know about it, user user defined, always allow modify */
- PK11ModifyType mtype = PK11_ALWAYS;
-
- switch(type) {
- /* NEVER */
- case CKA_CLASS:
- case CKA_CERTIFICATE_TYPE:
- case CKA_KEY_TYPE:
- case CKA_MODULUS:
- case CKA_MODULUS_BITS:
- case CKA_PUBLIC_EXPONENT:
- case CKA_PRIVATE_EXPONENT:
- case CKA_PRIME:
- case CKA_SUBPRIME:
- case CKA_BASE:
- case CKA_PRIME_1:
- case CKA_PRIME_2:
- case CKA_EXPONENT_1:
- case CKA_EXPONENT_2:
- case CKA_COEFFICIENT:
- case CKA_VALUE_LEN:
- case CKA_ALWAYS_SENSITIVE:
- case CKA_NEVER_EXTRACTABLE:
- case CKA_NETSCAPE_DB:
- mtype = PK11_NEVER;
- break;
-
- /* ONCOPY */
- case CKA_TOKEN:
- case CKA_PRIVATE:
- case CKA_MODIFIABLE:
- mtype = PK11_ONCOPY;
- break;
-
- /* SENSITIVE */
- case CKA_SENSITIVE:
- case CKA_EXTRACTABLE:
- mtype = PK11_SENSITIVE;
- break;
-
- /* ALWAYS */
- case CKA_LABEL:
- case CKA_APPLICATION:
- case CKA_ID:
- case CKA_SERIAL_NUMBER:
- case CKA_START_DATE:
- case CKA_END_DATE:
- case CKA_DERIVE:
- case CKA_ENCRYPT:
- case CKA_DECRYPT:
- case CKA_SIGN:
- case CKA_VERIFY:
- case CKA_SIGN_RECOVER:
- case CKA_VERIFY_RECOVER:
- case CKA_WRAP:
- case CKA_UNWRAP:
- mtype = PK11_ALWAYS;
- break;
-
- /* DEPENDS ON CLASS */
- case CKA_VALUE:
- mtype = (inClass == CKO_DATA) ? PK11_ALWAYS : PK11_NEVER;
- break;
-
- case CKA_SUBJECT:
- mtype = (inClass == CKO_CERTIFICATE) ? PK11_NEVER : PK11_ALWAYS;
- break;
- default:
- break;
- }
- return mtype;
-}
-
-/* decode if a particular attribute is sensitive (cannot be read
- * back to the user of if the object is set to SENSITIVE) */
-PRBool
-pk11_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass)
-{
- switch(type) {
- /* ALWAYS */
- case CKA_PRIVATE_EXPONENT:
- case CKA_PRIME_1:
- case CKA_PRIME_2:
- case CKA_EXPONENT_1:
- case CKA_EXPONENT_2:
- case CKA_COEFFICIENT:
- return PR_TRUE;
-
- /* DEPENDS ON CLASS */
- case CKA_VALUE:
- /* PRIVATE and SECRET KEYS have SENSITIVE values */
- return (PRBool)((inClass == CKO_PRIVATE_KEY) || (inClass == CKO_SECRET_KEY));
-
- default:
- break;
- }
- return PR_FALSE;
-}
-
-/*
- * copy an attribute into a SECItem. Secitem is allocated in the specified
- * arena.
- */
-CK_RV
-pk11_Attribute2SecItem(PLArenaPool *arena,SECItem *item,PK11Object *object,
- CK_ATTRIBUTE_TYPE type)
-{
- int len;
- PK11Attribute *attribute;
-
- attribute = pk11_FindAttribute(object, type);
- if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE;
- len = attribute->attrib.ulValueLen;
-
- if (arena) {
- item->data = (unsigned char *) PORT_ArenaAlloc(arena,len);
- } else {
- item->data = (unsigned char *) PORT_Alloc(len);
- }
- if (item->data == NULL) {
- pk11_FreeAttribute(attribute);
- return CKR_HOST_MEMORY;
- }
- item->len = len;
- PORT_Memcpy(item->data,attribute->attrib.pValue, len);
- pk11_FreeAttribute(attribute);
- return CKR_OK;
-}
-
-void
-pk11_DeleteAttributeType(PK11Object *object,CK_ATTRIBUTE_TYPE type)
-{
- PK11Attribute *attribute;
- attribute = pk11_FindAttribute(object, type);
- if (attribute == NULL) return ;
- pk11_DeleteAttribute(object,attribute);
- pk11_FreeAttribute(attribute);
-}
-
-CK_RV
-pk11_AddAttributeType(PK11Object *object,CK_ATTRIBUTE_TYPE type,void *valPtr,
- CK_ULONG length)
-{
- PK11Attribute *attribute;
- attribute = pk11_NewAttribute(object,type,valPtr,length);
- if (attribute == NULL) { return CKR_HOST_MEMORY; }
- pk11_AddAttribute(object,attribute);
- return CKR_OK;
-}
-
-/*
- * ******************** Object Utilities *******************************
- */
-
-/* allocation hooks that allow us to recycle old object structures */
-#ifdef MAX_OBJECT_LIST_SIZE
-static PK11Object * objectFreeList = NULL;
-static PRLock *objectLock = NULL;
-static int object_count = 0;
-#endif
-PK11Object *
-pk11_GetObjectFromList(PRBool *hasLocks) {
- PK11Object *object;
-
-#if MAX_OBJECT_LIST_SIZE
- if (objectLock == NULL) {
- objectLock = PR_NewLock();
- }
-
- PK11_USE_THREADS(PR_Lock(objectLock));
- object = objectFreeList;
- if (object) {
- objectFreeList = object->next;
- object_count--;
- }
- PK11_USE_THREADS(PR_Unlock(objectLock));
- if (object) {
- object->next = object->prev = NULL;
- *hasLocks = PR_TRUE;
- return object;
- }
-#endif
-
- object = (PK11Object*)PORT_ZAlloc(sizeof(PK11Object));
- *hasLocks = PR_FALSE;
- return object;
-}
-
-static void
-pk11_PutObjectToList(PK11Object *object) {
-#ifdef MAX_OBJECT_LIST_SIZE
- if (object_count < MAX_OBJECT_LIST_SIZE) {
- PK11_USE_THREADS(PR_Lock(objectLock));
- object->next = objectFreeList;
- objectFreeList = object;
- object_count++;
- PK11_USE_THREADS(PR_Unlock(objectLock));
- return;
- }
-#endif
- PK11_USE_THREADS(PR_DestroyLock(object->attributeLock);)
- PK11_USE_THREADS(PR_DestroyLock(object->refLock);)
- object->attributeLock = object->refLock = NULL;
- PORT_Free(object);
-}
-
-
-/*
- * Create a new object
- */
-PK11Object *
-pk11_NewObject(PK11Slot *slot)
-{
- PK11Object *object;
- PLArenaPool *arena;
- PRBool hasLocks = PR_FALSE;
- int i;
-
-
-#ifdef NO_ARENA
- object = pk11_GetObjectFromList(&hasLocks);
- if (object == NULL) {
- return NULL;
- }
- object->nextAttr = 0;
-#else
- arena = PORT_NewArena(2048);
- if (arena == NULL) return NULL;
-
- object = (PK11Object*)PORT_ArenaAlloc(arena,sizeof(PK11Object));
- if (object == NULL) {
- PORT_FreeArena(arena,PR_FALSE);
- return NULL;
- }
- object->arena = arena;
-
- for (i=0; i < MAX_OBJS_ATTRS; i++) {
- object->attrList[i].attrib.pValue = NULL;
- }
-#endif
-
- object->handle = 0;
- object->next = object->prev = NULL;
- object->sessionList.next = NULL;
- object->sessionList.prev = NULL;
- object->sessionList.parent = object;
- object->inDB = PR_FALSE;
- object->label = NULL;
- object->refCount = 1;
- object->session = NULL;
- object->slot = slot;
- object->objclass = 0xffff;
- object->wasDerived = PR_FALSE;
-#ifdef PKCS11_USE_THREADS
- if (!hasLocks) object->refLock = PR_NewLock();
- if (object->refLock == NULL) {
-#ifdef NO_ARENA
- PORT_Free(object);
-#else
- PORT_FreeArena(arena,PR_FALSE);
-#endif
- return NULL;
- }
- if (!hasLocks) object->attributeLock = PR_NewLock();
- if (object->attributeLock == NULL) {
- PK11_USE_THREADS(PR_DestroyLock(object->refLock);)
-#ifdef NO_ARENA
- PORT_Free(object);
-#else
- PORT_FreeArena(arena,PR_FALSE);
-#endif
- return NULL;
- }
-#else
- object->attributeLock = NULL;
- object->refLock = NULL;
-#endif
- for (i=0; i < ATTRIBUTE_HASH_SIZE; i++) {
- object->head[i] = NULL;
- }
- object->objectInfo = NULL;
- object->infoFree = NULL;
- return object;
-}
-
-/*
- * free all the data associated with an object. Object reference count must
- * be 'zero'.
- */
-static CK_RV
-pk11_DestroyObject(PK11Object *object)
-{
-#if defined(REF_COUNT_ATTRIBUTE) || defined(NO_ARENA)
- int i;
-#endif
- SECItem pubKey;
- CK_RV crv = CKR_OK;
- SECStatus rv;
- PLArenaPool *arena = NULL;
-
- PORT_Assert(object->refCount == 0);
-
- /* delete the database value */
- if (object->inDB) {
- if (pk11_isToken(object->handle)) {
- /* remove the objects from the real data base */
- switch (object->handle & PK11_TOKEN_TYPE_MASK) {
- case PK11_TOKEN_TYPE_PRIV:
- /* KEYID is the public KEY for DSA and DH, and the MODULUS for
- * RSA */
- crv=pk11_Attribute2SecItem(NULL,&pubKey,object,CKA_NETSCAPE_DB);
- if (crv != CKR_OK) break;
- rv = SECKEY_DeleteKey(SECKEY_GetDefaultKeyDB(), &pubKey);
- if (rv != SECSuccess) crv= CKR_DEVICE_ERROR;
- break;
- case PK11_TOKEN_TYPE_CERT:
- rv = SEC_DeletePermCertificate((CERTCertificate *)object->objectInfo);
- if (rv != SECSuccess) crv = CKR_DEVICE_ERROR;
- break;
- }
- }
- }
- if (object->label) PORT_Free(object->label);
-
- object->inDB = PR_FALSE;
- object->label = NULL;
-
-#ifdef NO_ARENA
- for (i=0; i < MAX_OBJS_ATTRS; i++) {
- unsigned char *value = object->attrList[i].attrib.pValue;
- if (value) {
- PORT_Memset(value,0,object->attrList[i].attrib.ulValueLen);
- if (value != object->attrList[i].space) {
- PORT_Free(value);
- }
- object->attrList[i].attrib.pValue = NULL;
- }
- }
-#endif
-
-#ifdef REF_COUNT_ATTRIBUTE
- /* clean out the attributes */
- /* since no one is referencing us, it's safe to walk the chain
- * without a lock */
- for (i=0; i < ATTRIBUTE_HASH_SIZE; i++) {
- PK11Attribute *ap,*next;
- for (ap = object->head[i]; ap != NULL; ap = next) {
- next = ap->next;
- /* paranoia */
- ap->next = ap->prev = NULL;
- pk11_FreeAttribute(ap);
- }
- object->head[i] = NULL;
- }
-#endif
- if (object->objectInfo) {
- (*object->infoFree)(object->objectInfo);
- }
-#ifdef NO_ARENA
- pk11_PutObjectToList(object);
-#else
- PK11_USE_THREADS(PR_DestroyLock(object->attributeLock);)
- PK11_USE_THREADS(PR_DestroyLock(object->refLock);)
- arena = object->arena;
- PORT_FreeArena(arena,PR_FALSE);
-#endif
- return crv;
-}
-
-void
-pk11_ReferenceObject(PK11Object *object)
-{
- PK11_USE_THREADS(PR_Lock(object->refLock);)
- object->refCount++;
- PK11_USE_THREADS(PR_Unlock(object->refLock);)
-}
-
-static PK11Object *
-pk11_ObjectFromHandleOnSlot(CK_OBJECT_HANDLE handle, PK11Slot *slot)
-{
- PK11Object **head;
- PRLock *lock;
- PK11Object *object;
-
- head = slot->tokObjects;
- lock = slot->objectLock;
-
- PK11_USE_THREADS(PR_Lock(lock);)
- pk11queue_find(object,handle,head,TOKEN_OBJECT_HASH_SIZE);
- if (object) {
- pk11_ReferenceObject(object);
- }
- PK11_USE_THREADS(PR_Unlock(lock);)
-
- return(object);
-}
-/*
- * look up and object structure from a handle. OBJECT_Handles only make
- * sense in terms of a given session. make a reference to that object
- * structure returned.
- */
-PK11Object *
-pk11_ObjectFromHandle(CK_OBJECT_HANDLE handle, PK11Session *session)
-{
- PK11Slot *slot = pk11_SlotFromSession(session);
-
- return pk11_ObjectFromHandleOnSlot(handle,slot);
-}
-
-
-/*
- * release a reference to an object handle
- */
-PK11FreeStatus
-pk11_FreeObject(PK11Object *object)
-{
- PRBool destroy = PR_FALSE;
- CK_RV crv;
-
- PK11_USE_THREADS(PR_Lock(object->refLock);)
- if (object->refCount == 1) destroy = PR_TRUE;
- object->refCount--;
- PK11_USE_THREADS(PR_Unlock(object->refLock);)
-
- if (destroy) {
- crv = pk11_DestroyObject(object);
- if (crv != CKR_OK) {
- return PK11_DestroyFailure;
- }
- return PK11_Destroyed;
- }
- return PK11_Busy;
-}
-
-/*
- * add an object to a slot and session queue. These two functions
- * adopt the object.
- */
-void
-pk11_AddSlotObject(PK11Slot *slot, PK11Object *object)
-{
- PK11_USE_THREADS(PR_Lock(slot->objectLock);)
- pk11queue_add(object,object->handle,slot->tokObjects,TOKEN_OBJECT_HASH_SIZE);
- PK11_USE_THREADS(PR_Unlock(slot->objectLock);)
-}
-
-void
-pk11_AddObject(PK11Session *session, PK11Object *object)
-{
- PK11Slot *slot = pk11_SlotFromSession(session);
-
- if (!pk11_isToken(object->handle)) {
- PK11_USE_THREADS(PR_Lock(session->objectLock);)
- pk11queue_add(&object->sessionList,0,session->objects,0);
- object->session = session;
- PK11_USE_THREADS(PR_Unlock(session->objectLock);)
- }
- pk11_AddSlotObject(slot,object);
-}
-
-/*
- * add an object to a slot andsession queue
- */
-void
-pk11_DeleteObject(PK11Session *session, PK11Object *object)
-{
- PK11Slot *slot = pk11_SlotFromSession(session);
-
- if (object->session) {
- PK11Session *session = object->session;
- PK11_USE_THREADS(PR_Lock(session->objectLock);)
- pk11queue_delete(&object->sessionList,0,session->objects,0);
- PK11_USE_THREADS(PR_Unlock(session->objectLock);)
- }
- PK11_USE_THREADS(PR_Lock(slot->objectLock);)
- pk11queue_delete(object,object->handle,slot->tokObjects,
- TOKEN_OBJECT_HASH_SIZE);
- PK11_USE_THREADS(PR_Unlock(slot->objectLock);)
- pk11_FreeObject(object);
-}
-
-/*
- * copy the attributes from one object to another. Don't overwrite existing
- * attributes. NOTE: This is a pretty expensive operation since it
- * grabs the attribute locks for the src object for a *long* time.
- */
-CK_RV
-pk11_CopyObject(PK11Object *destObject,PK11Object *srcObject)
-{
- PK11Attribute *attribute;
- int i;
-
- PK11_USE_THREADS(PR_Lock(srcObject->attributeLock);)
- for(i=0; i < ATTRIBUTE_HASH_SIZE; i++) {
- attribute = srcObject->head[i];
- do {
- if (attribute) {
- if (!pk11_hasAttribute(destObject,attribute->handle)) {
- /* we need to copy the attribute since each attribute
- * only has one set of link list pointers */
- PK11Attribute *newAttribute = pk11_NewAttribute(
- destObject,pk11_attr_expand(&attribute->attrib));
- if (newAttribute == NULL) {
- PK11_USE_THREADS(PR_Unlock(srcObject->attributeLock);)
- return CKR_HOST_MEMORY;
- }
- pk11_AddAttribute(destObject,newAttribute);
- }
- attribute=attribute->next;
- }
- } while (attribute != NULL);
- }
- PK11_USE_THREADS(PR_Unlock(srcObject->attributeLock);)
- return CKR_OK;
-}
-
-/*
- * ******************** Search Utilities *******************************
- */
-
-/* add an object to a search list */
-CK_RV
-AddToList(PK11ObjectListElement **list,PK11Object *object)
-{
- PK11ObjectListElement *newElem =
- (PK11ObjectListElement *)PORT_Alloc(sizeof(PK11ObjectListElement));
-
- if (newElem == NULL) return CKR_HOST_MEMORY;
-
- newElem->next = *list;
- newElem->object = object;
- pk11_ReferenceObject(object);
-
- *list = newElem;
- return CKR_OK;
-}
-
-
-/* return true if the object matches the template */
-PRBool
-pk11_objectMatch(PK11Object *object,CK_ATTRIBUTE_PTR theTemplate,int count)
-{
- int i;
-
- for (i=0; i < count; i++) {
- PK11Attribute *attribute = pk11_FindAttribute(object,theTemplate[i].type);
- if (attribute == NULL) {
- return PR_FALSE;
- }
- if (attribute->attrib.ulValueLen == theTemplate[i].ulValueLen) {
- if (PORT_Memcmp(attribute->attrib.pValue,theTemplate[i].pValue,
- theTemplate[i].ulValueLen) == 0) {
- pk11_FreeAttribute(attribute);
- continue;
- }
- }
- pk11_FreeAttribute(attribute);
- return PR_FALSE;
- }
- return PR_TRUE;
-}
-
-/* search through all the objects in the queue and return the template matches
- * in the object list.
- */
-CK_RV
-pk11_searchObjectList(PK11ObjectListElement **objectList,PK11Object **head,
- PRLock *lock, CK_ATTRIBUTE_PTR theTemplate, int count, PRBool isLoggedIn)
-{
- int i;
- PK11Object *object;
- CK_RV crv = CKR_OK;
-
- for(i=0; i < TOKEN_OBJECT_HASH_SIZE; i++) {
- /* We need to hold the lock to copy a consistant version of
- * the linked list. */
- PK11_USE_THREADS(PR_Lock(lock);)
- for (object = head[i]; object != NULL; object= object->next) {
- if (pk11_objectMatch(object,theTemplate,count)) {
- /* don't return objects that aren't yet visible */
- if ((!isLoggedIn) && pk11_isTrue(object,CKA_PRIVATE)) continue;
- crv = AddToList(objectList,object);
- if (crv != CKR_OK) {
- break;
- }
- }
- }
- PK11_USE_THREADS(PR_Unlock(lock);)
- }
- return crv;
-}
-
-/*
- * free a single list element. Return the Next object in the list.
- */
-PK11ObjectListElement *
-pk11_FreeObjectListElement(PK11ObjectListElement *objectList)
-{
- PK11ObjectListElement *ol = objectList->next;
-
- pk11_FreeObject(objectList->object);
- PORT_Free(objectList);
- return ol;
-}
-
-/* free an entire object list */
-void
-pk11_FreeObjectList(PK11ObjectListElement *objectList)
-{
- PK11ObjectListElement *ol;
-
- for (ol= objectList; ol != NULL; ol = pk11_FreeObjectListElement(ol)) {}
-}
-
-/*
- * free a search structure
- */
-void
-pk11_FreeSearch(PK11SearchResults *search)
-{
- if (search->handles) {
- PORT_Free(search->handles);
- }
- PORT_Free(search);
-}
-
-/*
- * ******************** Session Utilities *******************************
- */
-
-/* update the sessions state based in it's flags and wether or not it's
- * logged in */
-void
-pk11_update_state(PK11Slot *slot,PK11Session *session)
-{
- if (slot->isLoggedIn) {
- if (slot->ssoLoggedIn) {
- session->info.state = CKS_RW_SO_FUNCTIONS;
- } else if (session->info.flags & CKF_RW_SESSION) {
- session->info.state = CKS_RW_USER_FUNCTIONS;
- } else {
- session->info.state = CKS_RO_USER_FUNCTIONS;
- }
- } else {
- if (session->info.flags & CKF_RW_SESSION) {
- session->info.state = CKS_RW_PUBLIC_SESSION;
- } else {
- session->info.state = CKS_RO_PUBLIC_SESSION;
- }
- }
-}
-
-/* update the state of all the sessions on a slot */
-void
-pk11_update_all_states(PK11Slot *slot)
-{
- int i;
- PK11Session *session;
-
- for (i=0; i < SESSION_HASH_SIZE; i++) {
- PK11_USE_THREADS(PR_Lock(slot->sessionLock);)
- for (session = slot->head[i]; session; session = session->next) {
- pk11_update_state(slot,session);
- }
- PK11_USE_THREADS(PR_Unlock(slot->sessionLock);)
- }
-}
-
-/*
- * context are cipher and digest contexts that are associated with a session
- */
-void
-pk11_FreeContext(PK11SessionContext *context)
-{
- if (context->cipherInfo) {
- (*context->destroy)(context->cipherInfo,PR_TRUE);
- }
- if (context->hashInfo) {
- (*context->hashdestroy)(context->hashInfo,PR_TRUE);
- }
- PORT_Free(context);
-}
-
-/* look up a slot structure from the ID (used to be a macro when we only
- * had two slots) */
-PK11Slot *
-pk11_SlotFromID(CK_SLOT_ID slotID)
-{
- switch (slotID) {
- case NETSCAPE_SLOT_ID:
- return &pk11_slot[0];
- case PRIVATE_KEY_SLOT_ID:
- return &pk11_slot[1];
- case FIPS_SLOT_ID:
- return &pk11_slot[2];
- default:
- break; /* fall through to NULL */
- }
- return NULL;
-}
-
-PK11Slot *
-pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle)
-{
- if (handle & PK11_PRIVATE_KEY_FLAG) {
- return &pk11_slot[1];
- }
- if (handle & PK11_FIPS_FLAG) {
- return &pk11_slot[2];
- }
- return &pk11_slot[0];
-}
-
-/*
- * create a new nession. NOTE: The session handle is not set, and the
- * session is not added to the slot's session queue.
- */
-PK11Session *
-pk11_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, CK_VOID_PTR pApplication,
- CK_FLAGS flags)
-{
- PK11Session *session;
- PK11Slot *slot = pk11_SlotFromID(slotID);
-
- if (slot == NULL) return NULL;
-
- session = (PK11Session*)PORT_Alloc(sizeof(PK11Session));
- if (session == NULL) return NULL;
-
- session->next = session->prev = NULL;
- session->refCount = 1;
- session->enc_context = NULL;
- session->hash_context = NULL;
- session->sign_context = NULL;
- session->search = NULL;
- session->objectIDCount = 1;
-#ifdef PKCS11_USE_THREADS
- session->refLock = PR_NewLock();
- if (session->refLock == NULL) {
- PORT_Free(session);
- return NULL;
- }
- session->objectLock = PR_NewLock();
- if (session->objectLock == NULL) {
- PK11_USE_THREADS(PR_DestroyLock(session->refLock);)
- PORT_Free(session);
- return NULL;
- }
-#else
- session->refLock = NULL;
- session->objectLock = NULL;
-#endif
- session->objects[0] = NULL;
-
- session->slot = slot;
- session->notify = notify;
- session->appData = pApplication;
- session->info.flags = flags;
- session->info.slotID = slotID;
- pk11_update_state(slot,session);
- return session;
-}
-
-
-/* free all the data associated with a session. */
-static void
-pk11_DestroySession(PK11Session *session)
-{
- PK11ObjectList *op,*next;
- PORT_Assert(session->refCount == 0);
-
- /* clean out the attributes */
- /* since no one is referencing us, it's safe to walk the chain
- * without a lock */
- for (op = session->objects[0]; op != NULL; op = next) {
- next = op->next;
- /* paranoia */
- op->next = op->prev = NULL;
- pk11_DeleteObject(session,op->parent);
- }
- PK11_USE_THREADS(PR_DestroyLock(session->objectLock);)
- PK11_USE_THREADS(PR_DestroyLock(session->refLock);)
- if (session->enc_context) {
- pk11_FreeContext(session->enc_context);
- }
- if (session->hash_context) {
- pk11_FreeContext(session->hash_context);
- }
- if (session->sign_context) {
- pk11_FreeContext(session->sign_context);
- }
- if (session->search) {
- pk11_FreeSearch(session->search);
- }
- PORT_Free(session);
-}
-
-
-/*
- * look up a session structure from a session handle
- * generate a reference to it.
- */
-PK11Session *
-pk11_SessionFromHandle(CK_SESSION_HANDLE handle)
-{
- PK11Slot *slot = pk11_SlotFromSessionHandle(handle);
- PK11Session *session;
-
- PK11_USE_THREADS(PR_Lock(slot->sessionLock);)
- pk11queue_find(session,handle,slot->head,SESSION_HASH_SIZE);
- if (session) session->refCount++;
- PK11_USE_THREADS(PR_Unlock(slot->sessionLock);)
-
- return (session);
-}
-
-/*
- * release a reference to a session handle
- */
-void
-pk11_FreeSession(PK11Session *session)
-{
- PRBool destroy = PR_FALSE;
- PK11_USE_THREADS(PK11Slot *slot = pk11_SlotFromSession(session);)
-
- PK11_USE_THREADS(PR_Lock(slot->sessionLock);)
- if (session->refCount == 1) destroy = PR_TRUE;
- session->refCount--;
- PK11_USE_THREADS(PR_Unlock(slot->sessionLock);)
-
- if (destroy) pk11_DestroySession(session);
-}
diff --git a/security/nss/lib/softoken/pkcs11u.h b/security/nss/lib/softoken/pkcs11u.h
deleted file mode 100644
index 8b3c6dbd5..000000000
--- a/security/nss/lib/softoken/pkcs11u.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/*
- * reset any packing set by pkcs11p.h
- */
-#if defined(XP_WIN)
-#if defined (_WIN32)
-#pragma warning(disable:4103)
-#pragma pack(pop, cryptoki)
-#endif
-#endif
-
diff --git a/security/nss/lib/softoken/private.h b/security/nss/lib/softoken/private.h
deleted file mode 100644
index b90ceaaea..000000000
--- a/security/nss/lib/softoken/private.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * private.h - Private data structures for the software token library
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef _PRIVATE_H_
-#define _PRIVATE_H_
-
-#include "nspr.h"
-#include "seccomon.h"
-#include "mcom_db.h"
-
-/*
- * Handle structure for open key databases
- */
-struct SECKEYKeyDBHandleStr {
- DB *db;
- DB *updatedb; /* used when updating an old version */
- SECItem *global_salt; /* password hashing salt for this db */
- int version; /* version of the database */
-};
-
-/*
-** Typedef for callback for traversing key database.
-** "key" is the key used to index the data in the database (nickname)
-** "data" is the key data
-** "pdata" is the user's data
-*/
-typedef SECStatus (* SECKEYTraverseKeysFunc)(DBT *key, DBT *data, void *pdata);
-
-
-SEC_BEGIN_PROTOS
-
-/*
-** Traverse the entire key database, and pass the nicknames and keys to a
-** user supplied function.
-** "f" is the user function to call for each key
-** "udata" is the user's data, which is passed through to "f"
-*/
-extern SECStatus SECKEY_TraverseKeys(SECKEYKeyDBHandle *handle,
- SECKEYTraverseKeysFunc f,
- void *udata);
-
-SEC_END_PROTOS
-
-#endif /* _PRIVATE_H_ */
diff --git a/security/nss/lib/softoken/rawhash.c b/security/nss/lib/softoken/rawhash.c
deleted file mode 100644
index 4d19b3cdb..000000000
--- a/security/nss/lib/softoken/rawhash.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "nspr.h"
-#include "sechash.h"
-#include "blapi.h" /* below the line */
-
-
-static void *
-null_hash_new_context(void)
-{
- return NULL;
-}
-
-static void *
-null_hash_clone_context(void *v)
-{
- PORT_Assert(v == NULL);
- return NULL;
-}
-
-static void
-null_hash_begin(void *v)
-{
-}
-
-static void
-null_hash_update(void *v, const unsigned char *input, unsigned int length)
-{
-}
-
-static void
-null_hash_end(void *v, unsigned char *output, unsigned int *outLen,
- unsigned int maxOut)
-{
- *outLen = 0;
-}
-
-static void
-null_hash_destroy_context(void *v, PRBool b)
-{
- PORT_Assert(v == NULL);
-}
-
-
-SECHashObject SECRawHashObjects[] = {
- { 0,
- (void * (*)(void)) null_hash_new_context,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) null_hash_destroy_context,
- (void (*)(void *)) null_hash_begin,
- (void (*)(void *, const unsigned char *, unsigned int)) null_hash_update,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) null_hash_end
- },
- { MD2_LENGTH,
- (void * (*)(void)) MD2_NewContext,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) MD2_DestroyContext,
- (void (*)(void *)) MD2_Begin,
- (void (*)(void *, const unsigned char *, unsigned int)) MD2_Update,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD2_End
- },
- { MD5_LENGTH,
- (void * (*)(void)) MD5_NewContext,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) MD5_DestroyContext,
- (void (*)(void *)) MD5_Begin,
- (void (*)(void *, const unsigned char *, unsigned int)) MD5_Update,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD5_End
- },
- { SHA1_LENGTH,
- (void * (*)(void)) SHA1_NewContext,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) SHA1_DestroyContext,
- (void (*)(void *)) SHA1_Begin,
- (void (*)(void *, const unsigned char *, unsigned int)) SHA1_Update,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA1_End
- },
-};
-
diff --git a/security/nss/lib/softoken/rsawrapr.c b/security/nss/lib/softoken/rsawrapr.c
deleted file mode 100644
index ca853269d..000000000
--- a/security/nss/lib/softoken/rsawrapr.c
+++ /dev/null
@@ -1,1049 +0,0 @@
-/*
- * PKCS#1 encoding and decoding functions.
- * This file is believed to contain no code licensed from other parties.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "blapi.h"
-#include "softoken.h"
-#include "sechash.h"
-
-#include "keylow.h"
-#include "secerr.h"
-
-#define RSA_BLOCK_MIN_PAD_LEN 8
-#define RSA_BLOCK_FIRST_OCTET 0x00
-#define RSA_BLOCK_PRIVATE0_PAD_OCTET 0x00
-#define RSA_BLOCK_PRIVATE_PAD_OCTET 0xff
-#define RSA_BLOCK_AFTER_PAD_OCTET 0x00
-
-#define OAEP_SALT_LEN 8
-#define OAEP_PAD_LEN 8
-#define OAEP_PAD_OCTET 0x00
-
-#define FLAT_BUFSIZE 512 /* bytes to hold flattened SHA1Context. */
-
-static SHA1Context *
-SHA1_CloneContext(SHA1Context *original)
-{
- SHA1Context * clone = NULL;
- unsigned char *pBuf;
- int sha1ContextSize = SHA1_FlattenSize(original);
- SECStatus frv;
- unsigned char buf[FLAT_BUFSIZE];
-
- PORT_Assert(sizeof buf >= sha1ContextSize);
- if (sizeof buf >= sha1ContextSize) {
- pBuf = buf;
- } else {
- pBuf = PORT_Alloc(sha1ContextSize);
- if (!pBuf)
- goto done;
- }
-
- frv = SHA1_Flatten(original, pBuf);
- if (frv == SECSuccess) {
- clone = SHA1_Resurrect(pBuf, NULL);
- memset(pBuf, 0, sha1ContextSize);
- }
-done:
- if (pBuf != buf)
- PORT_Free(pBuf);
- return clone;
-}
-
-/*
- * Modify data by XORing it with a special hash of salt.
- */
-static SECStatus
-oaep_xor_with_h1(unsigned char *data, unsigned int datalen,
- unsigned char *salt, unsigned int saltlen)
-{
- SHA1Context *sha1cx;
- unsigned char *dp, *dataend;
- unsigned char end_octet;
-
- sha1cx = SHA1_NewContext();
- if (sha1cx == NULL) {
- return SECFailure;
- }
-
- /*
- * Get a hash of salt started; we will use it several times,
- * adding in a different end octet (x00, x01, x02, ...).
- */
- SHA1_Begin (sha1cx);
- SHA1_Update (sha1cx, salt, saltlen);
- end_octet = 0;
-
- dp = data;
- dataend = data + datalen;
-
- while (dp < dataend) {
- SHA1Context *sha1cx_h1;
- unsigned int sha1len, sha1off;
- unsigned char sha1[SHA1_LENGTH];
-
- /*
- * Create hash of (salt || end_octet)
- */
- sha1cx_h1 = SHA1_CloneContext (sha1cx);
- SHA1_Update (sha1cx_h1, &end_octet, 1);
- SHA1_End (sha1cx_h1, sha1, &sha1len, sizeof(sha1));
- SHA1_DestroyContext (sha1cx_h1, PR_TRUE);
- PORT_Assert (sha1len == SHA1_LENGTH);
-
- /*
- * XOR that hash with the data.
- * When we have fewer than SHA1_LENGTH octets of data
- * left to xor, use just the low-order ones of the hash.
- */
- sha1off = 0;
- if ((dataend - dp) < SHA1_LENGTH)
- sha1off = SHA1_LENGTH - (dataend - dp);
- while (sha1off < SHA1_LENGTH)
- *dp++ ^= sha1[sha1off++];
-
- /*
- * Bump for next hash chunk.
- */
- end_octet++;
- }
-
- return SECSuccess;
-}
-
-/*
- * Modify salt by XORing it with a special hash of data.
- */
-static SECStatus
-oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen,
- unsigned char *data, unsigned int datalen)
-{
- unsigned char sha1[SHA1_LENGTH];
- unsigned char *psalt, *psha1, *saltend;
- SECStatus rv;
-
- /*
- * Create a hash of data.
- */
- rv = SHA1_HashBuf (sha1, data, datalen);
- if (rv != SECSuccess) {
- return rv;
- }
-
- /*
- * XOR the low-order octets of that hash with salt.
- */
- PORT_Assert (saltlen <= SHA1_LENGTH);
- saltend = salt + saltlen;
- psalt = salt;
- psha1 = sha1 + SHA1_LENGTH - saltlen;
- while (psalt < saltend) {
- *psalt++ ^= *psha1++;
- }
-
- return SECSuccess;
-}
-
-/*
- * Format one block of data for public/private key encryption using
- * the rules defined in PKCS #1.
- */
-unsigned char *
-RSA_FormatOneBlock(unsigned modulusLen, RSA_BlockType blockType,
- SECItem *data)
-{
- unsigned char *block;
- unsigned char *bp;
- int padLen;
- int i;
-
- block = (unsigned char *) PORT_Alloc(modulusLen);
- if (block == NULL)
- return NULL;
-
- bp = block;
-
- /*
- * All RSA blocks start with two octets:
- * 0x00 || BlockType
- */
- *bp++ = RSA_BLOCK_FIRST_OCTET;
- *bp++ = (unsigned char) blockType;
-
- switch (blockType) {
-
- /*
- * Blocks intended for private-key operation.
- */
- case RSA_BlockPrivate0: /* essentially unused */
- case RSA_BlockPrivate: /* preferred method */
- /*
- * 0x00 || BT || Pad || 0x00 || ActualData
- * 1 1 padLen 1 data->len
- * Pad is either all 0x00 or all 0xff bytes, depending on blockType.
- */
- padLen = modulusLen - data->len - 3;
- PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN);
- PORT_Memset (bp,
- blockType == RSA_BlockPrivate0
- ? RSA_BLOCK_PRIVATE0_PAD_OCTET
- : RSA_BLOCK_PRIVATE_PAD_OCTET,
- padLen);
- bp += padLen;
- *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
- PORT_Memcpy (bp, data->data, data->len);
- break;
-
- /*
- * Blocks intended for public-key operation.
- */
- case RSA_BlockPublic:
-
- /*
- * 0x00 || BT || Pad || 0x00 || ActualData
- * 1 1 padLen 1 data->len
- * Pad is all non-zero random bytes.
- */
- padLen = modulusLen - data->len - 3;
- PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN);
- for (i = 0; i < padLen; i++) {
- /* Pad with non-zero random data. */
- do {
- RNG_GenerateGlobalRandomBytes(bp + i, 1);
- } while (bp[i] == RSA_BLOCK_AFTER_PAD_OCTET);
- }
- bp += padLen;
- *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
- PORT_Memcpy (bp, data->data, data->len);
-
- break;
-
- /*
- * Blocks intended for public-key operation, using
- * Optimal Asymmetric Encryption Padding (OAEP).
- */
- case RSA_BlockOAEP:
- /*
- * 0x00 || BT || Modified2(Salt) || Modified1(PaddedData)
- * 1 1 OAEP_SALT_LEN OAEP_PAD_LEN + data->len [+ N]
- *
- * where:
- * PaddedData is "Pad1 || ActualData [|| Pad2]"
- * Salt is random data.
- * Pad1 is all zeros.
- * Pad2, if present, is random data.
- * (The "modified" fields are all the same length as the original
- * unmodified values; they are just xor'd with other values.)
- *
- * Modified1 is an XOR of PaddedData with a special octet
- * string constructed of iterated hashing of Salt (see below).
- * Modified2 is an XOR of Salt with the low-order octets of
- * the hash of Modified1 (see farther below ;-).
- *
- * Whew!
- */
-
-
- /*
- * Salt
- */
- RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN);
- bp += OAEP_SALT_LEN;
-
- /*
- * Pad1
- */
- PORT_Memset (bp, OAEP_PAD_OCTET, OAEP_PAD_LEN);
- bp += OAEP_PAD_LEN;
-
- /*
- * Data
- */
- PORT_Memcpy (bp, data->data, data->len);
- bp += data->len;
-
- /*
- * Pad2
- */
- if (bp < (block + modulusLen))
- RNG_GenerateGlobalRandomBytes(bp, block - bp + modulusLen);
-
- /*
- * Now we have the following:
- * 0x00 || BT || Salt || PaddedData
- * (From this point on, "Pad1 || Data [|| Pad2]" is treated
- * as the one entity PaddedData.)
- *
- * We need to turn PaddedData into Modified1.
- */
- if (oaep_xor_with_h1(block + 2 + OAEP_SALT_LEN,
- modulusLen - 2 - OAEP_SALT_LEN,
- block + 2, OAEP_SALT_LEN) != SECSuccess) {
- PORT_Free (block);
- return NULL;
- }
-
- /*
- * Now we have:
- * 0x00 || BT || Salt || Modified1(PaddedData)
- *
- * The remaining task is to turn Salt into Modified2.
- */
- if (oaep_xor_with_h2(block + 2, OAEP_SALT_LEN,
- block + 2 + OAEP_SALT_LEN,
- modulusLen - 2 - OAEP_SALT_LEN) != SECSuccess) {
- PORT_Free (block);
- return NULL;
- }
-
- break;
-
- default:
- PORT_Assert (0);
- PORT_Free (block);
- return NULL;
- }
-
- return block;
-}
-
-SECStatus
-RSA_FormatBlock(SECItem *result, unsigned modulusLen,
- RSA_BlockType blockType, SECItem *data)
-{
- /*
- * XXX For now assume that the data length fits in a single
- * XXX encryption block; the ASSERTs below force this.
- * XXX To fix it, each case will have to loop over chunks whose
- * XXX lengths satisfy the assertions, until all data is handled.
- * XXX (Unless RSA has more to say about how to handle data
- * XXX which does not fit in a single encryption block?)
- * XXX And I do not know what the result is supposed to be,
- * XXX so the interface to this function may need to change
- * XXX to allow for returning multiple blocks, if they are
- * XXX not wanted simply concatenated one after the other.
- */
-
- switch (blockType) {
- case RSA_BlockPrivate0:
- case RSA_BlockPrivate:
- case RSA_BlockPublic:
- /*
- * 0x00 || BT || Pad || 0x00 || ActualData
- *
- * The "3" below is the first octet + the second octet + the 0x00
- * octet that always comes just before the ActualData.
- */
- PORT_Assert (data->len <= (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN)));
-
- result->data = RSA_FormatOneBlock(modulusLen, blockType, data);
- if (result->data == NULL) {
- result->len = 0;
- return SECFailure;
- }
- result->len = modulusLen;
-
- break;
-
- case RSA_BlockOAEP:
- /*
- * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2])
- *
- * The "2" below is the first octet + the second octet.
- * (The other fields do not contain the clear values, but are
- * the same length as the clear values.)
- */
- PORT_Assert (data->len <= (modulusLen - (2 + OAEP_SALT_LEN
- + OAEP_PAD_LEN)));
-
- result->data = RSA_FormatOneBlock(modulusLen, blockType, data);
- if (result->data == NULL) {
- result->len = 0;
- return SECFailure;
- }
- result->len = modulusLen;
-
- break;
-
- case RSA_BlockRaw:
- /*
- * Pad || ActualData
- * Pad is zeros. The application is responsible for recovering
- * the actual data.
- */
- result->data = (unsigned char*)PORT_ZAlloc(modulusLen);
- result->len = modulusLen;
- PORT_Memcpy(result->data+(modulusLen-data->len),data->data,data->len);
- break;
-
- default:
- PORT_Assert (0);
- result->data = NULL;
- result->len = 0;
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-/*
- * Takes a formatted block and returns the data part.
- * (This is the inverse of RSA_FormatOneBlock().)
- * In some formats the start of the data is ambiguous;
- * if it is non-zero, expectedLen will disambiguate.
- *
- * NOTE: this routine is not yet used/tested! (XXX please
- * remove this comment once that is no longer the case ;-)
- */
-unsigned char *
-RSA_DecodeOneBlock(unsigned char *data,
- unsigned int modulusLen,
- unsigned int expectedLen,
- RSA_BlockType *pResultType,
- unsigned int *pResultLen)
-{
- RSA_BlockType blockType;
- unsigned char *dp, *res;
- unsigned int i, len, padLen;
-
- dp = data;
- if (*dp++ != RSA_BLOCK_FIRST_OCTET) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return NULL;
- }
-
- blockType = (RSA_BlockType)*dp++;
- switch (blockType) {
- case RSA_BlockPrivate0:
- if (expectedLen) {
- padLen = modulusLen - expectedLen - 3;
- PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN);
- for (i = 0; i < padLen; i++) {
- if (*dp++ != RSA_BLOCK_PRIVATE0_PAD_OCTET)
- break;
- }
- if ((i != padLen) || (*dp != RSA_BLOCK_AFTER_PAD_OCTET)) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return NULL;
- }
- dp++;
- len = expectedLen;
- } else {
- for (i = 0; i < modulusLen; i++) {
- if (*dp++ != RSA_BLOCK_PRIVATE0_PAD_OCTET)
- break;
- }
- if (i == modulusLen) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return NULL;
- }
- if (RSA_BLOCK_PRIVATE0_PAD_OCTET == RSA_BLOCK_AFTER_PAD_OCTET)
- dp--;
- padLen = dp - data - 2;
- if ((padLen < RSA_BLOCK_MIN_PAD_LEN)
- || (*dp != RSA_BLOCK_AFTER_PAD_OCTET)) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return NULL;
- }
- dp++;
- len = modulusLen - (dp - data);
- }
- res = (unsigned char *) PORT_Alloc(len);
- if (res == NULL) {
- return NULL;
- }
- PORT_Memcpy (res, dp, len);
- break;
-
- case RSA_BlockPrivate:
- for (i = 0; i < modulusLen; i++) {
- if (*dp++ != RSA_BLOCK_PRIVATE_PAD_OCTET)
- break;
- }
- if ((i == modulusLen) || (*dp != RSA_BLOCK_AFTER_PAD_OCTET)) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return NULL;
- }
- padLen = dp - data - 2;
- dp++;
- len = modulusLen - (dp - data);
- if ((padLen < RSA_BLOCK_MIN_PAD_LEN) || (expectedLen
- && (expectedLen != len))) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return NULL;
- }
- res = (unsigned char *) PORT_Alloc(len);
- if (res == NULL) {
- return NULL;
- }
- PORT_Memcpy (res, dp, len);
- break;
-
- case RSA_BlockPublic:
- for (i = 0; i < modulusLen; i++) {
- if (*dp++ == RSA_BLOCK_AFTER_PAD_OCTET)
- break;
- }
- if (i == modulusLen) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return NULL;
- }
- padLen = dp - data - 2;
- dp++;
- len = modulusLen - (dp - data);
- if ((padLen < RSA_BLOCK_MIN_PAD_LEN) || (expectedLen
- && (expectedLen != len))) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return NULL;
- }
- res = (unsigned char *) PORT_Alloc(len);
- if (res == NULL) {
- return NULL;
- }
- PORT_Memcpy (res, dp, len);
- break;
-
- case RSA_BlockOAEP:
- {
- unsigned char *salt, *tmp_res;
- SECStatus rv;
-
- len = modulusLen - 2 - OAEP_SALT_LEN;
- /*
- * dp points to:
- * Modified2(Salt) || Modified1(PaddedData)
- * To recover Salt we need to XOR it with the low-order hash
- * of Modified1.
- */
- salt = (unsigned char *) PORT_Alloc(OAEP_SALT_LEN);
- if (salt == NULL) {
- return NULL;
- }
- PORT_Memcpy (salt, dp, OAEP_SALT_LEN);
- dp += OAEP_SALT_LEN;
- rv = oaep_xor_with_h2 (salt, OAEP_SALT_LEN, dp, len);
- if (rv != SECSuccess) {
- PORT_Free (salt);
- return NULL;
- }
- if (expectedLen) {
- PORT_Assert (expectedLen <= len);
- len = expectedLen;
- }
- tmp_res = (unsigned char *) PORT_Alloc(len);
- if (tmp_res == NULL) {
- PORT_Free (salt);
- return NULL;
- }
- PORT_Memcpy (tmp_res, dp, len);
- rv = oaep_xor_with_h1 (tmp_res, len, salt, OAEP_SALT_LEN);
- PORT_Free (salt);
- if (rv != SECSuccess) {
- return NULL;
- }
- for (i = 0; i < OAEP_PAD_LEN; i++) {
- if (tmp_res[i] != OAEP_PAD_OCTET) {
- PORT_SetError (SEC_ERROR_BAD_DATA);
- PORT_Free (tmp_res);
- return NULL;
- }
- }
- len -= OAEP_PAD_LEN;
- res = (unsigned char *) PORT_Alloc(len);
- if (res == NULL) {
- PORT_Free (tmp_res);
- return NULL;
- }
- PORT_Memcpy (res, tmp_res + OAEP_PAD_LEN, len);
- PORT_Free (tmp_res);
- }
- break;
-
- default:
- PORT_SetError (SEC_ERROR_BAD_DATA);
- return NULL;
- }
-
- PORT_Assert (res != NULL);
- *pResultLen = len;
- *pResultType = blockType;
- return res;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_Sign(SECKEYLowPrivateKey *key,
- unsigned char * output,
- unsigned int * output_len,
- unsigned int maxOutputLen,
- unsigned char * input,
- unsigned int input_len)
-{
- SECStatus rv = SECSuccess;
- unsigned int modulus_len = SECKEY_LowPrivateModulusLen(key);
- SECItem formatted;
- SECItem unformatted;
-
- if (maxOutputLen < modulus_len)
- return SECFailure;
- PORT_Assert(key->keyType == rsaKey);
- if (key->keyType != rsaKey)
- return SECFailure;
-
- unformatted.len = input_len;
- unformatted.data = input;
- formatted.data = NULL;
- rv = RSA_FormatBlock(&formatted, modulus_len, RSA_BlockPrivate,
- &unformatted);
- if (rv != SECSuccess)
- goto done;
-
- rv = RSA_PrivateKeyOp(&key->u.rsa, output, formatted.data);
- *output_len = modulus_len;
-
- goto done;
-
-done:
- if (formatted.data != NULL)
- PORT_ZFree(formatted.data, modulus_len);
- return rv;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSign(SECKEYLowPublicKey *key,
- unsigned char * sign,
- unsigned int sign_len,
- unsigned char * hash,
- unsigned int hash_len)
-{
- SECStatus rv;
- unsigned int modulus_len = SECKEY_LowPublicModulusLen(key);
- unsigned int i;
- unsigned char * buffer;
-
- modulus_len = SECKEY_LowPublicModulusLen(key);
- if (sign_len != modulus_len)
- goto failure;
- if (hash_len > modulus_len - 8)
- goto failure;
- PORT_Assert(key->keyType == rsaKey);
- if (key->keyType != rsaKey)
- goto failure;
-
- buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
- if (!buffer)
- goto failure;
-
- rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
- if (rv != SECSuccess)
- goto loser;
-
- /*
- * check the padding that was used
- */
- if (buffer[0] != 0 || buffer[1] != 1)
- goto loser;
- for (i = 2; i < modulus_len - hash_len - 1; i++) {
- if (buffer[i] == 0)
- break;
- if (buffer[i] != 0xff)
- goto loser;
- }
-
- /*
- * make sure we get the same results
- */
- if (PORT_Memcmp(buffer + modulus_len - hash_len, hash, hash_len) != 0)
- goto loser;
-
- PORT_Free(buffer);
- return SECSuccess;
-
-loser:
- PORT_Free(buffer);
-failure:
- return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSignRecover(SECKEYLowPublicKey *key,
- unsigned char * data,
- unsigned int * data_len,
- unsigned int max_output_len,
- unsigned char * sign,
- unsigned int sign_len)
-{
- SECStatus rv;
- unsigned int modulus_len = SECKEY_LowPublicModulusLen(key);
- unsigned int i;
- unsigned char * buffer;
-
- if (sign_len != modulus_len)
- goto failure;
- PORT_Assert(key->keyType == rsaKey);
- if (key->keyType != rsaKey)
- goto failure;
-
- buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
- if (!buffer)
- goto failure;
-
- rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
- if (rv != SECSuccess)
- goto loser;
- *data_len = 0;
-
- /*
- * check the padding that was used
- */
- if (buffer[0] != 0 || buffer[1] != 1)
- goto loser;
- for (i = 2; i < modulus_len; i++) {
- if (buffer[i] == 0) {
- *data_len = modulus_len - i - 1;
- break;
- }
- if (buffer[i] != 0xff)
- goto loser;
- }
- if (*data_len == 0)
- goto loser;
- if (*data_len > max_output_len)
- goto loser;
-
- /*
- * make sure we get the same results
- */
- PORT_Memcpy(data,buffer + modulus_len - *data_len, *data_len);
-
- PORT_Free(buffer);
- return SECSuccess;
-
-loser:
- PORT_Free(buffer);
-failure:
- return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_EncryptBlock(SECKEYLowPublicKey *key,
- unsigned char * output,
- unsigned int * output_len,
- unsigned int max_output_len,
- unsigned char * input,
- unsigned int input_len)
-{
- SECStatus rv;
- unsigned int modulus_len = SECKEY_LowPublicModulusLen(key);
- SECItem formatted;
- SECItem unformatted;
-
- formatted.data = NULL;
- if (max_output_len < modulus_len)
- goto failure;
- PORT_Assert(key->keyType == rsaKey);
- if (key->keyType != rsaKey)
- goto failure;
-
- unformatted.len = input_len;
- unformatted.data = input;
- formatted.data = NULL;
- rv = RSA_FormatBlock(&formatted, modulus_len, RSA_BlockPublic,
- &unformatted);
- if (rv != SECSuccess)
- goto failure;
-
- rv = RSA_PublicKeyOp(&key->u.rsa, output, formatted.data);
- if (rv != SECSuccess)
- goto failure;
-
- PORT_ZFree(formatted.data, modulus_len);
- *output_len = modulus_len;
- return SECSuccess;
-
-failure:
- if (formatted.data != NULL)
- PORT_ZFree(formatted.data, modulus_len);
- return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_DecryptBlock(SECKEYLowPrivateKey *key,
- unsigned char * output,
- unsigned int * output_len,
- unsigned int max_output_len,
- unsigned char * input,
- unsigned int input_len)
-{
- SECStatus rv;
- unsigned int modulus_len = SECKEY_LowPrivateModulusLen(key);
- unsigned int i;
- unsigned char * buffer;
-
- PORT_Assert(key->keyType == rsaKey);
- if (key->keyType != rsaKey)
- goto failure;
- if (input_len != modulus_len)
- goto failure;
-
- buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
- if (!buffer)
- goto failure;
-
- rv = RSA_PrivateKeyOp(&key->u.rsa, buffer, input);
- if (rv != SECSuccess)
- goto loser;
-
- if (buffer[0] != 0 || buffer[1] != 2)
- goto loser;
- *output_len = 0;
- for (i = 2; i < modulus_len; i++) {
- if (buffer[i] == 0) {
- *output_len = modulus_len - i - 1;
- break;
- }
- }
- if (*output_len == 0)
- goto loser;
- if (*output_len > max_output_len)
- goto loser;
-
- PORT_Memcpy(output, buffer + modulus_len - *output_len, *output_len);
-
- PORT_Free(buffer);
- return SECSuccess;
-
-loser:
- PORT_Free(buffer);
-failure:
- return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-/*
- * added to make pkcs #11 happy
- * RAW is RSA_X_509
- */
-SECStatus
-RSA_SignRaw(SECKEYLowPrivateKey *key,
- unsigned char * output,
- unsigned int * output_len,
- unsigned int maxOutputLen,
- unsigned char * input,
- unsigned int input_len)
-{
- SECStatus rv = SECSuccess;
- unsigned int modulus_len = SECKEY_LowPrivateModulusLen(key);
- SECItem formatted;
- SECItem unformatted;
-
- if (maxOutputLen < modulus_len)
- return SECFailure;
- PORT_Assert(key->keyType == rsaKey);
- if (key->keyType != rsaKey)
- return SECFailure;
-
- unformatted.len = input_len;
- unformatted.data = input;
- formatted.data = NULL;
- rv = RSA_FormatBlock(&formatted, modulus_len, RSA_BlockRaw, &unformatted);
- if (rv != SECSuccess)
- goto done;
-
- rv = RSA_PrivateKeyOp(&key->u.rsa, output, formatted.data);
- *output_len = modulus_len;
-
-done:
- if (formatted.data != NULL)
- PORT_ZFree(formatted.data, modulus_len);
- return rv;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSignRaw(SECKEYLowPublicKey *key,
- unsigned char * sign,
- unsigned int sign_len,
- unsigned char * hash,
- unsigned int hash_len)
-{
- SECStatus rv;
- unsigned int modulus_len = SECKEY_LowPublicModulusLen(key);
- unsigned char * buffer;
-
- if (sign_len != modulus_len)
- goto failure;
- if (hash_len > modulus_len)
- goto failure;
- PORT_Assert(key->keyType == rsaKey);
- if (key->keyType != rsaKey)
- goto failure;
-
- buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
- if (!buffer)
- goto failure;
-
- rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
- if (rv != SECSuccess)
- goto loser;
-
- /*
- * make sure we get the same results
- */
- /* NOTE: should we verify the leading zeros? */
- if (PORT_Memcmp(buffer + (modulus_len-hash_len), hash, hash_len) != 0)
- goto loser;
-
- PORT_Free(buffer);
- return SECSuccess;
-
-loser:
- PORT_Free(buffer);
-failure:
- return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSignRecoverRaw(SECKEYLowPublicKey *key,
- unsigned char * data,
- unsigned int * data_len,
- unsigned int max_output_len,
- unsigned char * sign,
- unsigned int sign_len)
-{
- SECStatus rv;
- unsigned int modulus_len = SECKEY_LowPublicModulusLen(key);
-
- if (sign_len != modulus_len)
- goto failure;
- if (max_output_len < modulus_len)
- goto failure;
- PORT_Assert(key->keyType == rsaKey);
- if (key->keyType != rsaKey)
- goto failure;
-
- rv = RSA_PublicKeyOp(&key->u.rsa, data, sign);
- if (rv != SECSuccess)
- goto failure;
-
- *data_len = modulus_len;
- return SECSuccess;
-
-failure:
- return SECFailure;
-}
-
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_EncryptRaw(SECKEYLowPublicKey *key,
- unsigned char * output,
- unsigned int * output_len,
- unsigned int max_output_len,
- unsigned char * input,
- unsigned int input_len)
-{
- SECStatus rv;
- unsigned int modulus_len = SECKEY_LowPublicModulusLen(key);
- SECItem formatted;
- SECItem unformatted;
-
- formatted.data = NULL;
- if (max_output_len < modulus_len)
- goto failure;
- PORT_Assert(key->keyType == rsaKey);
- if (key->keyType != rsaKey)
- goto failure;
-
- unformatted.len = input_len;
- unformatted.data = input;
- formatted.data = NULL;
- rv = RSA_FormatBlock(&formatted, modulus_len, RSA_BlockRaw, &unformatted);
- if (rv != SECSuccess)
- goto failure;
-
- rv = RSA_PublicKeyOp(&key->u.rsa, output, formatted.data);
- if (rv != SECSuccess)
- goto failure;
-
- PORT_ZFree(formatted.data, modulus_len);
- *output_len = modulus_len;
- return SECSuccess;
-
-failure:
- if (formatted.data != NULL)
- PORT_ZFree(formatted.data, modulus_len);
- return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_DecryptRaw(SECKEYLowPrivateKey *key,
- unsigned char * output,
- unsigned int * output_len,
- unsigned int max_output_len,
- unsigned char * input,
- unsigned int input_len)
-{
- SECStatus rv;
- unsigned int modulus_len = SECKEY_LowPrivateModulusLen(key);
-
- if (modulus_len <= 0)
- goto failure;
- if (modulus_len > max_output_len)
- goto failure;
- PORT_Assert(key->keyType == rsaKey);
- if (key->keyType != rsaKey)
- goto failure;
- if (input_len != modulus_len)
- goto failure;
-
- rv = RSA_PrivateKeyOp(&key->u.rsa, output, input);
- if (rv != SECSuccess)
- goto failure;
-
- *output_len = modulus_len;
- return SECSuccess;
-
-failure:
- return SECFailure;
-}
diff --git a/security/nss/lib/softoken/secpkcs5.c b/security/nss/lib/softoken/secpkcs5.c
deleted file mode 100644
index 6cc8dd4a4..000000000
--- a/security/nss/lib/softoken/secpkcs5.c
+++ /dev/null
@@ -1,1827 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "plarena.h"
-
-#include "seccomon.h"
-#include "secitem.h"
-#include "secport.h"
-#include "hasht.h"
-#include "pkcs11t.h"
-#include "blapi.h"
-#include "sechash.h"
-#include "secasn1.h"
-#include "secder.h"
-#include "secpkcs5.h"
-#include "secoid.h"
-#include "alghmac.h"
-#include "softoken.h"
-#include "secerr.h"
-
-#define DES_IV_LENGTH 8
-#define RC2_IV_LENGTH 8
-#define MD2_LENGTH 16
-#define MD5_LENGTH 16
-#define SHA1_LENGTH 20
-#define SEED_LENGTH 16
-#define SALT_LENGTH 8
-#define PBE_SALT_LENGTH 16
-
-/* template for PKCS 5 PBE Parameter. This template has been expanded
- * based upon the additions in PKCS 12. This should eventually be moved
- * if RSA updates PKCS 5.
- */
-const SEC_ASN1Template SEC_PKCS5PBEParameterTemplate[] =
-{
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SEC_PKCS5PBEParameter) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(SEC_PKCS5PBEParameter, salt) },
- { SEC_ASN1_INTEGER,
- offsetof(SEC_PKCS5PBEParameter, iteration) },
- { 0 }
-};
-
-const SEC_ASN1Template SEC_V2PKCS12PBEParameterTemplate[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS5PBEParameter) },
- { SEC_ASN1_OCTET_STRING, offsetof(SEC_PKCS5PBEParameter, salt) },
- { SEC_ASN1_INTEGER, offsetof(SEC_PKCS5PBEParameter, iteration) },
- { 0 }
-};
-
-pbeBitGenParameters pbeHashAlgorithmParams[] = {
- { 0, 0, SEC_OID_UNKNOWN },
- { 128, 512, SEC_OID_MD2 },
- { 128, 512, SEC_OID_MD5 },
- { 160, 512, SEC_OID_SHA1 },
-};
-
-/* generate some random bytes. this is used to generate the
- * salt if it is not specified.
- */
-static SECStatus
-sec_pkcs5_generate_random_bytes(PRArenaPool *poolp,
- SECItem *dest, int len)
-{
- SECStatus rv = SECFailure;
-
- if(dest != NULL)
- {
- void *mark = PORT_ArenaMark(poolp);
- dest->data = (unsigned char *)PORT_ArenaZAlloc(poolp, len);
- if(dest->data != NULL)
- {
- dest->len = len;
- RNG_GenerateGlobalRandomBytes(dest->data, dest->len);
- PORT_ArenaUnmark(poolp, mark);
- rv = SECSuccess;
- } else
- PORT_ArenaRelease(poolp, mark);
- }
-
- return rv;
-}
-
-/* maps hash algorithm from PBE algorithm.
- */
-static SECOidTag
-sec_pkcs5_hash_algorithm(SECOidTag algorithm)
-{
- switch(algorithm)
- {
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
- case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
- return SEC_OID_SHA1;
- case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
- return SEC_OID_MD5;
- case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
- return SEC_OID_MD2;
- default:
- break;
- }
- return SEC_OID_UNKNOWN;
-}
-
-/* get the iv length needed for the PBE algorithm
- */
-static int
-sec_pkcs5_iv_length(SECOidTag algorithm)
-{
- switch(algorithm)
- {
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
- case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
- case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
- case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
- return DES_IV_LENGTH;
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
- return RC2_IV_LENGTH;
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
- return 0;
- default:
- break;
- }
- return -1;
-}
-
-/* get the key length needed for the PBE algorithm
- */
-static int
-sec_pkcs5_key_length(SECOidTag algorithm)
-{
- switch(algorithm)
- {
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
- return 24;
- case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
- case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
- case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
- return 8;
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
- return 5;
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
- return 16;
- default:
- break;
- }
- return -1;
-}
-
-/* the V2 algorithms only encode the salt, there is no iteration
- * count so we need a check for V2 algorithm parameters.
- */
-static PRBool
-sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(SECOidTag algorithm)
-{
- switch(algorithm)
- {
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
- return PR_TRUE;
- default:
- break;
- }
-
- return PR_FALSE;
-}
-
-/* creates a PBE parameter based on the PBE algorithm. the only required
- * parameters are algorithm and interation. the return is a PBE parameter
- * which conforms to PKCS 5 parameter unless an extended parameter is needed.
- * this is primarily if keyLen and a variable key length algorithm are
- * specified.
- * salt - if null, a salt will be generated from random bytes.
- * iteration - number of iterations to perform hashing.
- * keyLen - only used in variable key length algorithms
- * iv - if null, the IV will be generated based on PKCS 5 when needed.
- * params - optional, currently unsupported additional parameters.
- * once a parameter is allocated, it should be destroyed calling
- * sec_pkcs5_destroy_pbe_parameter or SEC_PKCS5DestroyPBEParameter.
- */
-static SEC_PKCS5PBEParameter *
-sec_pkcs5_create_pbe_parameter(SECOidTag algorithm,
- SECItem *salt,
- int iteration)
-{
- PRArenaPool *poolp = NULL;
- SEC_PKCS5PBEParameter *pbe_param = NULL;
- SECStatus rv;
- void *dummy = NULL;
-
- if(iteration < 0) {
- return NULL;
- }
-
- poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if(poolp == NULL)
- return NULL;
-
- pbe_param = (SEC_PKCS5PBEParameter *)PORT_ArenaZAlloc(poolp,
- sizeof(SEC_PKCS5PBEParameter));
- if(!pbe_param) {
- PORT_FreeArena(poolp, PR_TRUE);
- return NULL;
- }
-
- pbe_param->poolp = poolp;
- pbe_param->algorithm = algorithm;
-
- /* should we generate the salt? */
- if(!salt || !salt->data) {
- rv = sec_pkcs5_generate_random_bytes(poolp, &pbe_param->salt,
- SALT_LENGTH);
- } else {
- rv = SECITEM_CopyItem(poolp, &pbe_param->salt, salt);
- }
-
- if(rv != SECSuccess) {
- PORT_FreeArena(poolp, PR_TRUE);
- return NULL;
- }
-
- /* encode the integer */
- dummy = SEC_ASN1EncodeInteger(poolp, &pbe_param->iteration,
- iteration);
- rv = (dummy) ? SECSuccess : SECFailure;
-
- if(rv != SECSuccess) {
- PORT_FreeArena(poolp, PR_FALSE);
- return NULL;
- }
-
- return pbe_param;
-}
-
-/* generate bits for key and iv using MD5 hashing
- */
-static SECItem *
-sec_pkcs5_compute_md5_hash(SECItem *salt, SECItem *pwd, int iter,
- PRBool dummy)
-{
- SECItem *hash = NULL, *pre_hash = NULL;
- SECStatus rv = SECFailure;
-
- if((salt == NULL) || (pwd == NULL) || (iter < 0)) {
- return NULL;
- }
-
- hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- pre_hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if((hash != NULL) && (pre_hash != NULL)) {
- unsigned int i, ph_len;
-
- ph_len = MD5_LENGTH;
- if(ph_len < (salt->len + pwd->len)) {
- ph_len = salt->len + pwd->len;
- }
-
- rv = SECFailure;
- hash->data = (unsigned char *)PORT_ZAlloc(MD5_LENGTH);
- hash->len = MD5_LENGTH;
- pre_hash->data = (unsigned char *)PORT_ZAlloc(ph_len);
- pre_hash->len = salt->len + pwd->len;
-
- if((hash->data != NULL) && (pre_hash->data != NULL)) {
- rv = SECSuccess;
- /* handle 0 length password */
- if(pwd->len > 0) {
- PORT_Memcpy(pre_hash->data, pwd->data, pwd->len);
- }
- if(salt->len > 0) {
- PORT_Memcpy((pre_hash->data+pwd->len), salt->data, salt->len);
- }
- for(i = 0; ((i < (unsigned int)iter) && (rv == SECSuccess)); i++) {
- rv = MD5_HashBuf(hash->data, pre_hash->data, pre_hash->len);
- if(rv != SECFailure) {
- PORT_Memcpy(pre_hash->data, hash->data, MD5_LENGTH);
- pre_hash->len = MD5_LENGTH;
- }
- }
- }
- }
-
- if(pre_hash != NULL)
- SECITEM_FreeItem(pre_hash, PR_TRUE);
-
- if((rv == SECFailure) && (hash)) {
- SECITEM_FreeItem(hash, PR_TRUE);
- hash = NULL;
- }
-
- return hash;
-}
-
-/* generate bits for key and iv using MD2 hashing
- */
-static SECItem *
-sec_pkcs5_compute_md2_hash(SECItem *salt, SECItem *pwd, int iter,
- PRBool dummy)
-{
- SECItem *hash = NULL, *pre_hash = NULL;
- SECStatus rv = SECFailure;
-
- if((salt == NULL) || (pwd == NULL) || (iter < 0))
- return NULL;
-
- hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- pre_hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if((hash != NULL) && (pre_hash != NULL))
- {
- int i, ph_len;
-
- ph_len = MD2_LENGTH;
- if((salt->len + pwd->len) > MD2_LENGTH)
- ph_len = salt->len+pwd->len;
-
- rv = SECFailure;
- hash->data = (unsigned char *)PORT_ZAlloc(MD2_LENGTH);
- hash->len = MD2_LENGTH;
- pre_hash->data = (unsigned char *)PORT_ZAlloc(ph_len);
- pre_hash->len = salt->len + pwd->len;
-
- if((hash->data != NULL) && (pre_hash->data != NULL))
- {
- MD2Context *ctxt;
-
- rv = SECSuccess;
- if(pwd->len > 0) {
- PORT_Memcpy(pre_hash->data, pwd->data, pwd->len);
- }
- if(salt->len > 0) {
- PORT_Memcpy((pre_hash->data+pwd->len), salt->data, salt->len);
- }
-
- for(i = 0; ((i < iter) && (rv == SECSuccess)); i++)
- {
- ctxt = MD2_NewContext();
- if(ctxt == NULL)
- rv = SECFailure;
- else
- {
- MD2_Update(ctxt, pre_hash->data, pre_hash->len);
- MD2_End(ctxt, hash->data, &hash->len, hash->len);
- PORT_Memcpy(pre_hash->data, hash->data, MD2_LENGTH);
- pre_hash->len = MD2_LENGTH;
- MD2_DestroyContext(ctxt, PR_TRUE);
- }
- }
- }
- }
-
- if(pre_hash != NULL)
- SECITEM_FreeItem(pre_hash, PR_TRUE);
-
- if(rv != SECSuccess)
- if(hash != NULL)
- {
- SECITEM_FreeItem(hash, PR_TRUE);
- hash = NULL;
- }
-
- return hash;
-}
-
-/* generate bits using SHA1 hash
- */
-static SECItem *
-sec_pkcs5_compute_sha1_hash(SECItem *salt, SECItem *pwd, int iter,
- PRBool faulty3DES)
-{
- SECItem *hash = NULL, *pre_hash = NULL;
- SECStatus rv = SECFailure;
-
- if((salt == NULL) || (pwd == NULL) || (iter < 0)) {
- return NULL;
- }
-
- hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- pre_hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
-
- if((hash != NULL) && (pre_hash != NULL)) {
- int i, ph_len;
-
- ph_len = SHA1_LENGTH;
- if((salt->len + pwd->len) > SHA1_LENGTH) {
- ph_len = salt->len + pwd->len;
- }
-
- rv = SECFailure;
-
- /* allocate buffers */
- hash->data = (unsigned char *)PORT_ZAlloc(SHA1_LENGTH);
- hash->len = SHA1_LENGTH;
- pre_hash->data = (unsigned char *)PORT_ZAlloc(ph_len);
-
- /* in pbeSHA1TripleDESCBC there was an allocation error that made
- * it into the caller. We do not want to propagate those errors
- * further, so we are doing it correctly, but reading the old method.
- */
- if(faulty3DES) {
- pre_hash->len = ph_len;
- } else {
- pre_hash->len = salt->len + pwd->len;
- }
-
- /* preform hash */
- if((hash->data != NULL) && (pre_hash->data != NULL)) {
- rv = SECSuccess;
- /* check for 0 length password */
- if(pwd->len > 0) {
- PORT_Memcpy(pre_hash->data, pwd->data, pwd->len);
- }
- if(salt->len > 0) {
- PORT_Memcpy((pre_hash->data+pwd->len), salt->data, salt->len);
- }
- for(i = 0; ((i < iter) && (rv == SECSuccess)); i++) {
- rv = SHA1_HashBuf(hash->data, pre_hash->data, pre_hash->len);
- if(rv != SECFailure) {
- pre_hash->len = SHA1_LENGTH;
- PORT_Memcpy(pre_hash->data, hash->data, SHA1_LENGTH);
- }
- }
- }
- }
-
- if(pre_hash != NULL) {
- SECITEM_FreeItem(pre_hash, PR_TRUE);
- }
-
- if((rv != SECSuccess) && (hash != NULL)) {
- SECITEM_FreeItem(hash, PR_TRUE);
- hash = NULL;
- }
-
- return hash;
-}
-
-/* bit generation/key and iv generation routines. */
-typedef SECItem *(* sec_pkcs5_hash_func)(SECItem *s, SECItem *p,
- int iter, PRBool faulty3DES);
-
-/* generates bits needed for the key and iv based on PKCS 5,
- * be concatenating the password and salt and using the appropriate
- * hash algorithm. This function serves as a front end to the
- * specific hash functions above. a return of NULL indicates an
- * error.
- */
-static SECItem *
-sec_pkcs5_compute_hash(SEC_PKCS5PBEParameter *pbe_param, SECItem *pwitem,
- PRBool faulty3DES)
-{
- sec_pkcs5_hash_func hash_func;
- SECOidTag hash_alg;
- SECItem *hash = NULL;
- SECItem *salt = NULL;
-
- hash_alg = sec_pkcs5_hash_algorithm(pbe_param->algorithm);
- salt = &(pbe_param->salt);
- switch(hash_alg)
- {
- case SEC_OID_SHA1:
- hash_func = sec_pkcs5_compute_sha1_hash;
- break;
- case SEC_OID_MD2:
- hash_func = sec_pkcs5_compute_md2_hash;
- break;
- case SEC_OID_MD5:
- hash_func = sec_pkcs5_compute_md5_hash;
- break;
- default:
- hash_func = NULL;
- }
-
- if(hash_func) {
- hash = (* hash_func)(salt, pwitem, pbe_param->iter, faulty3DES);
- }
-
- return hash;
-}
-
-/* determines the number of bits needed for key and iv generation
- * based upon the algorithm identifier. if a number of
- * bits greater than the hash algorithm can produce are needed,
- * the bits will be generated based upon the extended PKCS 5
- * described in PKCS 12.
- *
- * a return of -1 indicates an error.
- */
-static int
-sec_pkcs5_bits_needed(SEC_PKCS5PBEParameter *pbe_param)
-{
- int iv_bits;
- int key_bits;
-
- if(pbe_param == NULL) {
- return -1;
- }
-
- iv_bits = sec_pkcs5_iv_length(pbe_param->algorithm) * 8;
- key_bits = sec_pkcs5_key_length(pbe_param->algorithm) * 8;
-
- if(key_bits != 0) {
- return iv_bits + key_bits;
- }
-
- return -1;
-}
-
-/* determines the number of bits generated by each hash algorithm.
- * in case of an error, -1 is returned.
- */
-static int
-sec_pkcs5_hash_bits_generated(SEC_PKCS5PBEParameter *pbe_param)
-{
- if(pbe_param == NULL) {
- return -1;
- }
-
- switch(sec_pkcs5_hash_algorithm(pbe_param->algorithm)) {
- case SEC_OID_SHA1:
- return SHA1_LENGTH * 8;
- case SEC_OID_MD2:
- return MD2_LENGTH * 8;
- case SEC_OID_MD5:
- return MD5_LENGTH * 8;
- default:
- break;
- }
-
- return -1;
-}
-
-/* this bit generation routine is described in PKCS 12 and the proposed
- * extensions to PKCS 5. an initial hash is generated following the
- * instructions laid out in PKCS 5. If the number of bits generated is
- * insufficient, then the method discussed in the proposed extensions to
- * PKCS 5 in PKCS 12 are used. This extension makes use of the HMAC
- * function. And the P_Hash function from the TLS standard.
- */
-static SECItem *
-sec_pkcs5_bit_generator(SEC_PKCS5PBEParameter *pbe_param,
- SECItem *init_hash,
- unsigned int bits_needed)
-{
- SECItem *ret_bits = NULL;
- int hash_size = 0;
- unsigned int i;
- unsigned int hash_iter;
- unsigned int dig_len;
- SECStatus rv = SECFailure;
- unsigned char *state = NULL;
- unsigned int state_len;
- HMACContext *cx = NULL;
-
- hash_size = sec_pkcs5_hash_bits_generated(pbe_param);
- if(hash_size == -1)
- return NULL;
-
- hash_iter = (bits_needed + (unsigned int)hash_size - 1) / hash_size;
- hash_size /= 8;
-
- /* allocate return buffer */
- ret_bits = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(ret_bits == NULL)
- return NULL;
- ret_bits->data = (unsigned char *)PORT_ZAlloc((hash_iter * hash_size) + 1);
- ret_bits->len = (hash_iter * hash_size);
- if(ret_bits->data == NULL) {
- PORT_Free(ret_bits);
- return NULL;
- }
-
- /* allocate intermediate hash buffer. 8 is for the 8 bytes of
- * data which are added based on iteration number
- */
-
- if ((unsigned int)hash_size > pbe_param->salt.len) {
- state_len = hash_size;
- } else {
- state_len = pbe_param->salt.len;
- }
- state = (unsigned char *)PORT_ZAlloc(state_len);
- if(state == NULL) {
- rv = SECFailure;
- goto loser;
- }
- if(pbe_param->salt.len > 0) {
- PORT_Memcpy(state, pbe_param->salt.data, pbe_param->salt.len);
- }
-
- cx = HMAC_Create(sec_pkcs5_hash_algorithm(pbe_param->algorithm),
- init_hash->data, init_hash->len);
- if (cx == NULL) {
- rv = SECFailure;
- goto loser;
- }
-
- for(i = 0; i < hash_iter; i++) {
-
- /* generate output bits */
- HMAC_Begin(cx);
- HMAC_Update(cx, state, state_len);
- HMAC_Update(cx, pbe_param->salt.data, pbe_param->salt.len);
- rv = HMAC_Finish(cx, ret_bits->data + (i * hash_size),
- &dig_len, hash_size);
- if (rv != SECSuccess)
- goto loser;
- PORT_Assert((unsigned int)hash_size == dig_len);
-
- /* generate new state */
- HMAC_Begin(cx);
- HMAC_Update(cx, state, state_len);
- rv = HMAC_Finish(cx, state, &state_len, state_len);
- if (rv != SECSuccess)
- goto loser;
- PORT_Assert(state_len == dig_len);
- }
-
-loser:
- if (state != NULL)
- PORT_ZFree(state, state_len);
- HMAC_Destroy(cx);
-
- if(rv != SECSuccess) {
- SECITEM_ZfreeItem(ret_bits, PR_TRUE);
- ret_bits = NULL;
- }
-
- return ret_bits;
-}
-
-/* generate bits for the key and iv determination. if enough bits
- * are not generated using PKCS 5, then we need to generate more bits
- * based on the extension proposed in PKCS 12
- */
-static SECItem *
-sec_pkcs5_generate_bits(SEC_PKCS5PBEParameter *pbe_param, SECItem *pwitem,
- PRBool faulty3DES)
-{
- SECItem * hash = NULL;
- SECItem * newHash = NULL;
- int bits_needed;
- int bits_available;
-
- bits_needed = sec_pkcs5_bits_needed(pbe_param);
- bits_available = sec_pkcs5_hash_bits_generated(pbe_param);
-
- if((bits_needed == -1) || (bits_available == -1)) {
- return NULL;
- }
-
- hash = sec_pkcs5_compute_hash(pbe_param, pwitem, faulty3DES);
- if(hash == NULL) {
- return NULL;
- }
-
- if(bits_needed <= bits_available) {
- return hash;
- }
-
- newHash = sec_pkcs5_bit_generator(pbe_param, hash, bits_needed);
- if (hash != newHash)
- SECITEM_FreeItem(hash, PR_TRUE);
- return newHash;
-}
-
-/* compute the IV as per PKCS 5
- */
-static SECItem *
-sec_pkcs5_compute_iv(SEC_PKCS5PBEParameter *pbe_param, SECItem *pwitem,
- PRBool faulty3DES)
-{
- SECItem *hash = NULL, *iv = NULL;
-
- if((pbe_param == NULL) || (pwitem == NULL)) {
- return NULL;
- }
-
- /* generate iv */
- iv = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(!iv) {
- return NULL;
- }
-
- iv->len = sec_pkcs5_iv_length(pbe_param->algorithm);
- if(iv->len == -1) {
- PORT_Free(iv);
- return NULL;
- }
-
- iv->data = (unsigned char *)PORT_ZAlloc(iv->len);
- if(iv->data == NULL) {
- PORT_Free(iv);
- return NULL;
- }
-
- if(sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(pbe_param->algorithm)) {
- SECOidTag hashAlg;
- PBEBitGenContext *ctxt;
- hashAlg = sec_pkcs5_hash_algorithm(pbe_param->algorithm);
- ctxt = PBE_CreateContext(hashAlg, pbeBitGenCipherIV,
- pwitem, &pbe_param->salt,
- iv->len * 8, pbe_param->iter);
- if(!ctxt) {
- SECITEM_FreeItem(iv, PR_TRUE);
- return NULL;
- }
-
- hash = PBE_GenerateBits(ctxt);
- PBE_DestroyContext(ctxt);
- } else {
- hash = sec_pkcs5_generate_bits(pbe_param, pwitem, faulty3DES);
- }
-
- if(!hash) {
- SECITEM_FreeItem(iv, PR_TRUE);
- return NULL;
- }
-
- PORT_Memcpy(iv->data, (hash->data+(hash->len - iv->len)), iv->len);
- SECITEM_FreeItem(hash, PR_TRUE);
-
- return iv;
-}
-
-/* generate key as per PKCS 5
- */
-static SECItem *
-sec_pkcs5_compute_key(SEC_PKCS5PBEParameter *pbe_param, SECItem *pwitem,
- PRBool faulty3DES)
-{
- SECItem *hash = NULL, *key = NULL;
-
- if((pbe_param == NULL) || (pwitem == NULL)) {
- return NULL;
- }
-
- key = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(!key) {
- return NULL;
- }
-
- key->len = sec_pkcs5_key_length(pbe_param->algorithm);
- if(key->len == -1) {
- PORT_Free(key);
- return NULL;
- }
-
- key->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) *
- key->len);
- if(!key->data) {
- PORT_Free(key);
- return NULL;
- }
-
-
- if(sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(pbe_param->algorithm)) {
- SECOidTag hashAlg;
- PBEBitGenContext *ctxt;
- hashAlg = sec_pkcs5_hash_algorithm(pbe_param->algorithm);
- ctxt = PBE_CreateContext(hashAlg, pbeBitGenCipherKey,
- pwitem, &pbe_param->salt,
- key->len * 8, pbe_param->iter);
- if(!ctxt) {
- SECITEM_FreeItem(key, PR_TRUE);
- return NULL;
- }
-
- hash = PBE_GenerateBits(ctxt);
- PBE_DestroyContext(ctxt);
- } else {
- hash = sec_pkcs5_generate_bits(pbe_param, pwitem, faulty3DES);
- }
-
- if(!hash) {
- SECITEM_FreeItem(key, PR_TRUE);
- return NULL;
- }
-
- if(pbe_param->algorithm ==
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC) {
- PORT_Memcpy(key->data, hash->data, (key->len * 2) / 3);
- PORT_Memcpy(&(key->data[(key->len * 2) / 3]), key->data,
- key->len / 3);
- } else {
- PORT_Memcpy(key->data, hash->data, key->len);
- }
-
- SECITEM_FreeItem(hash, PR_TRUE);
- return key;
-}
-
-/* decode the algid and generate a PKCS 5 parameter from it
- */
-static SEC_PKCS5PBEParameter *
-sec_pkcs5_convert_algid(SECAlgorithmID *algid)
-{
- PRArenaPool *poolp;
- SEC_PKCS5PBEParameter *pbe_param = NULL;
- SECOidTag algorithm;
- SECStatus rv = SECFailure;
-
- if(algid == NULL)
- return NULL;
-
- algorithm = SECOID_GetAlgorithmTag(algid);
-
- if(sec_pkcs5_hash_algorithm(algorithm) == SEC_OID_UNKNOWN)
- return NULL;
-
- poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if(poolp == NULL)
- return NULL;
-
- /* allocate memory for the parameter */
- pbe_param = (SEC_PKCS5PBEParameter *)PORT_ArenaZAlloc(poolp,
- sizeof(SEC_PKCS5PBEParameter));
-
- /* decode parameter */
- if(pbe_param && !sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(algorithm)) {
- pbe_param->poolp = poolp;
- rv = SEC_ASN1DecodeItem(poolp, pbe_param,
- SEC_PKCS5PBEParameterTemplate, &algid->parameters);
- if(rv != SECSuccess) {
- goto loser;
- }
- pbe_param->algorithm = algorithm;
- pbe_param->iter = DER_GetInteger(&pbe_param->iteration);
- } else if(sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(algorithm)) {
- pbe_param->algorithm = algorithm;
- pbe_param->poolp = poolp;
- rv = SEC_ASN1DecodeItem(poolp, pbe_param, SEC_V2PKCS12PBEParameterTemplate,
- &algid->parameters);
- if(rv != SECSuccess) {
- goto loser;
- }
- pbe_param->iter = DER_GetInteger(&pbe_param->iteration);
- }
-
-loser:
- if((pbe_param == NULL) || (rv != SECSuccess)) {
- PORT_FreeArena(poolp, PR_TRUE);
- pbe_param = NULL;
- }
-
- return pbe_param;
-}
-
-/* destroy a pbe parameter. it assumes that the parameter was
- * generated using the appropriate create function and therefor
- * contains an arena pool.
- */
-static void
-sec_pkcs5_destroy_pbe_param(SEC_PKCS5PBEParameter *pbe_param)
-{
- if(pbe_param != NULL)
- PORT_FreeArena(pbe_param->poolp, PR_TRUE);
-}
-
-
-/* crypto routines */
-
-/* function pointer template for crypto functions */
-typedef SECItem *(* pkcs5_crypto_func)(SECItem *key, SECItem *iv,
- SECItem *src, PRBool op1, PRBool op2);
-
-/* map PBE algorithm to crypto algorithm */
-static SECOidTag
-sec_pkcs5_encryption_algorithm(SECOidTag algorithm)
-{
- switch(algorithm)
- {
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
- return SEC_OID_DES_EDE3_CBC;
- case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
- case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
- case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
- return SEC_OID_DES_CBC;
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
- return SEC_OID_RC2_CBC;
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
- return SEC_OID_RC4;
- default:
- break;
- }
- return SEC_OID_UNKNOWN;
-}
-
-/* perform DES encryption and decryption. these routines are called
- * by SEC_PKCS5CipherData. In the case of an error, NULL is returned.
- */
-static SECItem *
-sec_pkcs5_des(SECItem *key,
- SECItem *iv,
- SECItem *src,
- PRBool triple_des,
- PRBool encrypt)
-{
- SECItem *dest;
- SECItem *dup_src;
- SECStatus rv = SECFailure;
- int pad;
-
- if((src == NULL) || (key == NULL) || (iv == NULL))
- return NULL;
-
- dup_src = SECITEM_DupItem(src);
- if(dup_src == NULL) {
- return NULL;
- }
-
- if(encrypt != PR_FALSE) {
- void *dummy;
-
- dummy = DES_PadBuffer(NULL, dup_src->data,
- dup_src->len, &dup_src->len);
- if(dummy == NULL) {
- SECITEM_FreeItem(dup_src, PR_TRUE);
- return NULL;
- }
- dup_src->data = (unsigned char*)dummy;
- }
-
- dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(dest != NULL) {
- /* allocate with over flow */
- dest->data = (unsigned char *)PORT_ZAlloc(dup_src->len + 64);
- if(dest->data != NULL) {
- DESContext *ctxt;
- ctxt = DES_CreateContext(key->data, iv->data,
- (triple_des ? NSS_DES_EDE3_CBC : NSS_DES_CBC),
- encrypt);
-
- if(ctxt != NULL) {
- rv = ((encrypt != PR_TRUE) ? DES_Decrypt : DES_Encrypt)(
- ctxt, dest->data, &dest->len,
- dup_src->len + 64, dup_src->data, dup_src->len);
-
- /* remove padding -- assumes 64 bit blocks */
- if((encrypt == PR_FALSE) && (rv == SECSuccess)) {
- pad = dest->data[dest->len-1];
- if((pad > 0) && (pad <= 8)) {
- if(dest->data[dest->len-pad] != pad) {
- rv = SECFailure;
- PORT_SetError(SEC_ERROR_BAD_PASSWORD);
- } else {
- dest->len -= pad;
- }
- } else {
- rv = SECFailure;
- PORT_SetError(SEC_ERROR_BAD_PASSWORD);
- }
- }
- DES_DestroyContext(ctxt, PR_TRUE);
- }
- }
- }
-
- if(rv == SECFailure) {
- if(dest != NULL) {
- SECITEM_FreeItem(dest, PR_TRUE);
- }
- dest = NULL;
- }
-
- if(dup_src != NULL) {
- SECITEM_FreeItem(dup_src, PR_TRUE);
- }
-
- return dest;
-}
-
-/* perform rc2 encryption/decryption if an error occurs, NULL is returned
- */
-static SECItem *
-sec_pkcs5_rc2(SECItem *key,
- SECItem *iv,
- SECItem *src,
- PRBool cbc_mode,
- PRBool encrypt)
-{
- SECItem *dest;
- SECItem *dup_src;
- SECStatus rv = SECFailure;
- int pad;
-
- if((src == NULL) || (key == NULL) || (iv == NULL)) {
- return NULL;
- }
-
- dup_src = SECITEM_DupItem(src);
- if(dup_src == NULL) {
- return NULL;
- }
-
- if(encrypt != PR_FALSE) {
- void *dummy;
-
- dummy = DES_PadBuffer(NULL, dup_src->data,
- dup_src->len, &dup_src->len);
- if(dummy == NULL) {
- SECITEM_FreeItem(dup_src, PR_TRUE);
- return NULL;
- }
- dup_src->data = (unsigned char*)dummy;
- }
-
- dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(dest != NULL) {
- dest->data = (unsigned char *)PORT_ZAlloc(dup_src->len + 64);
- if(dest->data != NULL) {
- RC2Context *ctxt;
-
- ctxt = RC2_CreateContext(key->data, key->len, iv->data,
- ((cbc_mode != PR_TRUE) ? NSS_RC2 : NSS_RC2_CBC),
- key->len);
-
- if(ctxt != NULL) {
- rv = ((encrypt != PR_TRUE) ? RC2_Decrypt : RC2_Encrypt)(
- ctxt, dest->data, &dest->len,
- dup_src->len + 64, dup_src->data, dup_src->len);
-
- /* assumes 8 byte blocks -- remove padding */
- if((rv == SECSuccess) && (encrypt != PR_TRUE) &&
- (cbc_mode == PR_TRUE)) {
- pad = dest->data[dest->len-1];
- if((pad > 0) && (pad <= 8)) {
- if(dest->data[dest->len-pad] != pad) {
- PORT_SetError(SEC_ERROR_BAD_PASSWORD);
- rv = SECFailure;
- } else {
- dest->len -= pad;
- }
- } else {
- PORT_SetError(SEC_ERROR_BAD_PASSWORD);
- rv = SECFailure;
- }
- }
-
- }
- }
- }
-
- if((rv != SECSuccess) && (dest != NULL)) {
- SECITEM_FreeItem(dest, PR_TRUE);
- dest = NULL;
- }
-
- if(dup_src != NULL) {
- SECITEM_FreeItem(dup_src, PR_TRUE);
- }
-
- return dest;
-}
-
-/* perform rc4 encryption and decryption */
-static SECItem *
-sec_pkcs5_rc4(SECItem *key,
- SECItem *iv,
- SECItem *src,
- PRBool dummy_op,
- PRBool encrypt)
-{
- SECItem *dest;
- SECStatus rv = SECFailure;
-
- if((src == NULL) || (key == NULL) || (iv == NULL)) {
- return NULL;
- }
-
- dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
- if(dest != NULL) {
- dest->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) *
- (src->len + 64));
- if(dest->data != NULL) {
- RC4Context *ctxt;
-
- ctxt = RC4_CreateContext(key->data, key->len);
- if(ctxt) {
- rv = ((encrypt != PR_FALSE) ? RC4_Decrypt : RC4_Encrypt)(
- ctxt, dest->data, &dest->len,
- src->len + 64, src->data, src->len);
- RC4_DestroyContext(ctxt, PR_TRUE);
- }
- }
- }
-
- if((rv != SECSuccess) && (dest)) {
- SECITEM_FreeItem(dest, PR_TRUE);
- dest = NULL;
- }
-
- return dest;
-}
-
-/* performs the cipher operation on the src and returns the result.
- * if an error occurs, NULL is returned.
- *
- * a null length password is allowed. this corresponds to encrypting
- * the data with ust the salt.
- */
-/* change this to use PKCS 11? */
-SECItem *
-SEC_PKCS5CipherData(SECAlgorithmID *algid,
- SECItem *pwitem,
- SECItem *src,
- PRBool encrypt, PRBool *update)
-{
- SEC_PKCS5PBEParameter *pbe_param;
- SECOidTag enc_alg;
- SECItem *key = NULL, *iv = NULL;
- SECItem *dest = NULL;
- int iv_len;
-
- if (update) {
- *update = PR_FALSE;
- }
-
- if((algid == NULL) || (pwitem == NULL) || (src == NULL)) {
- return NULL;
- }
-
- /* convert algid to pbe parameter */
- pbe_param = sec_pkcs5_convert_algid(algid);
- if(pbe_param == NULL) {
- return NULL;
- }
-
- /* get algorithm, key, and iv */
- enc_alg = sec_pkcs5_encryption_algorithm(pbe_param->algorithm);
- key = sec_pkcs5_compute_key(pbe_param, pwitem, PR_FALSE);
- if(key != NULL) {
- iv_len = sec_pkcs5_iv_length(pbe_param->algorithm);
- iv = sec_pkcs5_compute_iv(pbe_param, pwitem, PR_FALSE);
-
- if((iv != NULL) || (iv_len == 0)) {
- /*perform encryption / decryption */
- PRBool op1 = PR_TRUE;
- pkcs5_crypto_func cryptof;
-
- switch(enc_alg) {
- case SEC_OID_DES_EDE3_CBC:
- cryptof = sec_pkcs5_des;
- break;
- case SEC_OID_DES_CBC:
- cryptof = sec_pkcs5_des;
- op1 = PR_FALSE;
- break;
- case SEC_OID_RC2_CBC:
- cryptof = sec_pkcs5_rc2;
- break;
- case SEC_OID_RC4:
- cryptof = sec_pkcs5_rc4;
- break;
- default:
- cryptof = NULL;
- break;
- }
-
- if(cryptof) {
- dest = (*cryptof)(key, iv, src, op1, encrypt);
- /*
- * it's possible for some keys and keydb's to claim to
- * be triple des when they're really des. In this case
- * we simply try des. If des works we set the update flag
- * so the key db knows it needs to update all it's entries.
- * The case can only happen on decrypted of a
- * SEC_OID_DES_EDE3_CBD.
- */
- if ((dest == NULL) && (encrypt == PR_FALSE) &&
- (enc_alg == SEC_OID_DES_EDE3_CBC)) {
- dest = (*cryptof)(key, iv, src, PR_FALSE, encrypt);
- if (update && (dest != NULL)) *update = PR_TRUE;
- }
- }
- }
- }
-
- sec_pkcs5_destroy_pbe_param(pbe_param);
-
- if(key != NULL) {
- SECITEM_ZfreeItem(key, PR_TRUE);
- }
- if(iv != NULL) {
- SECITEM_ZfreeItem(iv, PR_TRUE);
- }
-
- return dest;
-}
-
-/* creates a algorithm ID containing the PBE algorithm and appropriate
- * parameters. the required parameter is the algorithm. if salt is
- * not specified, it is generated randomly. if IV is specified, it overrides
- * the PKCS 5 generation of the IV.
- *
- * the returned SECAlgorithmID should be destroyed using
- * SECOID_DestroyAlgorithmID
- */
-SECAlgorithmID *
-SEC_PKCS5CreateAlgorithmID(SECOidTag algorithm,
- SECItem *salt,
- int iteration)
-{
- PRArenaPool *poolp = NULL;
- SECAlgorithmID *algid, *ret_algid;
- SECItem der_param;
- SECStatus rv = SECFailure;
- SEC_PKCS5PBEParameter *pbe_param;
-
- if(sec_pkcs5_hash_algorithm(algorithm) == SEC_OID_UNKNOWN)
- return NULL;
-
- if(iteration <= 0) {
- return NULL;
- }
-
- der_param.data = NULL;
- der_param.len = 0;
-
- /* generate the parameter */
- pbe_param = sec_pkcs5_create_pbe_parameter(algorithm, salt, iteration);
- if(!pbe_param) {
- return NULL;
- }
-
- poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if(!poolp) {
- sec_pkcs5_destroy_pbe_param(pbe_param);
- return NULL;
- }
-
- /* generate the algorithm id */
- algid = (SECAlgorithmID *)PORT_ArenaZAlloc(poolp, sizeof(SECAlgorithmID));
- if(algid != NULL) {
- void *dummy;
- if(!sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(algorithm)) {
- dummy = SEC_ASN1EncodeItem(poolp, &der_param, pbe_param,
- SEC_PKCS5PBEParameterTemplate);
- } else {
- dummy = SEC_ASN1EncodeItem(poolp, &der_param, pbe_param,
- SEC_V2PKCS12PBEParameterTemplate);
- }
-
- if(dummy) {
- rv = SECOID_SetAlgorithmID(poolp, algid, algorithm, &der_param);
- }
- }
-
- ret_algid = NULL;
- if(algid != NULL) {
- ret_algid = (SECAlgorithmID *)PORT_ZAlloc(sizeof(SECAlgorithmID));
- if(ret_algid != NULL) {
- rv = SECOID_CopyAlgorithmID(NULL, ret_algid, algid);
- if(rv != SECSuccess) {
- SECOID_DestroyAlgorithmID(ret_algid, PR_TRUE);
- ret_algid = NULL;
- }
- }
- }
-
- if(poolp != NULL) {
- PORT_FreeArena(poolp, PR_TRUE);
- algid = NULL;
- }
-
- sec_pkcs5_destroy_pbe_param(pbe_param);
-
- return ret_algid;
-}
-
-/* wrapper for converting the algid to a pbe parameter.
- */
-SEC_PKCS5PBEParameter *
-SEC_PKCS5GetPBEParameter(SECAlgorithmID *algid)
-{
- if(algid) {
- return sec_pkcs5_convert_algid(algid);
- }
-
- return NULL;
-}
-
-/* destroy a pbe parameter */
-void
-SEC_PKCS5DestroyPBEParameter(SEC_PKCS5PBEParameter *pbe_param)
-{
- sec_pkcs5_destroy_pbe_param(pbe_param);
-}
-
-/* return the initialization vector either the preset one if it
- * exists or generated based on pkcs 5.
- *
- * a null length password is allowed...but not a null password
- * secitem.
- */
-SECItem *
-SEC_PKCS5GetIV(SECAlgorithmID *algid, SECItem *pwitem, PRBool faulty3DES)
-{
- SECItem *iv;
- SEC_PKCS5PBEParameter *pbe_param;
-
- if((algid == NULL) || (pwitem == NULL)) {
- return NULL;
- }
-
- pbe_param = sec_pkcs5_convert_algid(algid);
- if(!pbe_param) {
- return NULL;
- }
-
- iv = sec_pkcs5_compute_iv(pbe_param, pwitem, faulty3DES);
-
- sec_pkcs5_destroy_pbe_param(pbe_param);
-
- return iv;
-}
-
-/* generate the key
- * a 0 length password is allowed. corresponds to a key generated
- * from just the salt.
- */
-SECItem *
-SEC_PKCS5GetKey(SECAlgorithmID *algid, SECItem *pwitem, PRBool faulty3DES)
-{
- SECItem *key;
- SEC_PKCS5PBEParameter *pbe_param;
-
- if((algid == NULL) || (pwitem == NULL)) {
- return NULL;
- }
-
- pbe_param = sec_pkcs5_convert_algid(algid);
- if(pbe_param == NULL) {
- return NULL;
- }
-
- key = sec_pkcs5_compute_key(pbe_param, pwitem, faulty3DES);
-
- sec_pkcs5_destroy_pbe_param(pbe_param);
-
- return key;
-}
-
-/* retrieve the salt */
-SECItem *
-SEC_PKCS5GetSalt(SECAlgorithmID *algid)
-{
- SECItem *salt;
- SEC_PKCS5PBEParameter *pbe_param;
-
- if(algid == NULL)
- return NULL;
-
- pbe_param = sec_pkcs5_convert_algid(algid);
- if(pbe_param == NULL)
- return NULL;
-
- if(pbe_param->salt.data) {
- salt = SECITEM_DupItem(&pbe_param->salt);
- } else {
- salt = NULL;
- }
-
- sec_pkcs5_destroy_pbe_param(pbe_param);
-
- return salt;
-}
-
-/* check to see if an oid is a pbe algorithm
- */
-PRBool
-SEC_PKCS5IsAlgorithmPBEAlg(SECAlgorithmID *algid)
-{
- SECOidTag algorithm;
-
- algorithm = SECOID_GetAlgorithmTag(algid);
- if(sec_pkcs5_hash_algorithm(algorithm) == SEC_OID_UNKNOWN) {
- return PR_FALSE;
- }
-
- return PR_TRUE;
-}
-
-int
-SEC_PKCS5GetKeyLength(SECAlgorithmID *algid)
-{
- SEC_PKCS5PBEParameter *pbe_param;
- int keyLen = -1;
-
- if(algid == NULL)
- return -1;
-
- pbe_param = sec_pkcs5_convert_algid(algid);
- if(pbe_param == NULL)
- return -1;
-
- keyLen = sec_pkcs5_key_length(pbe_param->algorithm);
-
- sec_pkcs5_destroy_pbe_param(pbe_param);
-
- return keyLen;
-}
-
-/* maps crypto algorithm from PBE algorithm.
- */
-SECOidTag
-SEC_PKCS5GetCryptoAlgorithm(SECAlgorithmID *algid)
-{
- SEC_PKCS5PBEParameter *pbe_param;
-
- if(algid == NULL)
- return SEC_OID_UNKNOWN;
-
- pbe_param = sec_pkcs5_convert_algid(algid);
- if(pbe_param == NULL)
- return SEC_OID_UNKNOWN;
-
- switch(pbe_param->algorithm)
- {
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
- return SEC_OID_DES_EDE3_CBC;
- case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
- case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
- case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
- return SEC_OID_DES_CBC;
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
- return SEC_OID_RC2_CBC;
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
- case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
- case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
- return SEC_OID_RC4;
- default:
- break;
- }
-
- sec_pkcs5_destroy_pbe_param(pbe_param);
-
- return SEC_OID_UNKNOWN;
-}
-
-/* maps PBE algorithm from crypto algorithm, assumes SHA1 hashing.
- */
-SECOidTag
-SEC_PKCS5GetPBEAlgorithm(SECOidTag algTag, int keyLen)
-{
- switch(algTag)
- {
- case SEC_OID_DES_EDE3_CBC:
- switch(keyLen) {
- case 168:
- case 192:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
- case 128:
- case 92:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC;
- default:
- break;
- }
- break;
- case SEC_OID_DES_CBC:
- return SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC;
- case SEC_OID_RC2_CBC:
- switch(keyLen) {
- case 40:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
- case 128:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC;
- default:
- break;
- }
- break;
- case SEC_OID_RC4:
- switch(keyLen) {
- case 40:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4;
- case 128:
- return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4;
- default:
- break;
- }
- break;
- default:
- break;
- }
-
- return SEC_OID_UNKNOWN;
-}
-
-/* zero length password and salts are allowed. however, the items
- * containing the salt and password must be non-null.
- */
-PBEBitGenContext *
-PBE_CreateContext(SECOidTag hashAlgorithm, PBEBitGenID bitGenPurpose,
- SECItem *pwitem, SECItem *salt, unsigned int bitsNeeded,
- unsigned int iterations)
-{
- PRArenaPool *arena = NULL;
- PBEBitGenContext *pbeCtxt = NULL;
- HASH_HashType pbeHash;
- int vbytes, ubytes;
-
- unsigned int c;
-
- if(!pwitem || !salt) {
- return NULL;
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if(!arena) {
- return NULL;
- }
-
- pbeCtxt = (PBEBitGenContext*)PORT_ArenaZAlloc(arena, sizeof(PBEBitGenContext));
- if(!pbeCtxt) {
- goto loser;
- }
-
- switch(hashAlgorithm) {
- case SEC_OID_MD2:
- pbeHash = HASH_AlgMD2;
- break;
- case SEC_OID_MD5:
- pbeHash = HASH_AlgMD5;
- break;
- case SEC_OID_SHA1:
- pbeHash = HASH_AlgSHA1;
- break;
- default:
- goto loser;
- }
-
- pbeCtxt->hashObject = &SECRawHashObjects[pbeHash];
- PORT_Memcpy(&pbeCtxt->pbeParams, &pbeHashAlgorithmParams[pbeHash],
- sizeof(pbeBitGenParameters));
- PORT_Assert(pbeCtxt->pbeParams.hashAlgorithm == hashAlgorithm);
-
- vbytes = pbeCtxt->pbeParams.v / 8;
- ubytes = pbeCtxt->pbeParams.u / 8;
-
- c = (bitsNeeded / pbeCtxt->pbeParams.u);
- c += ((bitsNeeded - (pbeCtxt->pbeParams.u * c)) > 0) ? 1 : 0;
- pbeCtxt->c = c;
- pbeCtxt->n = bitsNeeded;
- pbeCtxt->iterations = iterations;
-
- /* allocate buffers */
- pbeCtxt->D.len = vbytes;
- pbeCtxt->S.len = (((salt->len * 8) / pbeCtxt->pbeParams.v) +
- ((((salt->len * 8) % pbeCtxt->pbeParams.v) > 0) ? 1 : 0)) *
- vbytes;
- pbeCtxt->P.len = (((pwitem->len * 8) / pbeCtxt->pbeParams.v) +
- ((((pwitem->len * 8) % pbeCtxt->pbeParams.v) > 0) ? 1 : 0)) *
- vbytes;
- pbeCtxt->I.len = pbeCtxt->S.len + pbeCtxt->P.len;
- pbeCtxt->A.len = c * ubytes;
- pbeCtxt->B.len = pbeCtxt->D.len;
-
- pbeCtxt->D.data = (unsigned char*)PORT_ArenaZAlloc(arena, pbeCtxt->D.len);
- if(pbeCtxt->S.len) {
- pbeCtxt->S.data = (unsigned char*)PORT_ArenaZAlloc(arena, pbeCtxt->S.len);
- }
- if(pbeCtxt->P.len) {
- pbeCtxt->P.data = (unsigned char*)PORT_ArenaZAlloc(arena, pbeCtxt->P.len);
- }
- if(pbeCtxt->I.len) {
- pbeCtxt->I.data = (unsigned char*)PORT_ArenaZAlloc(arena, pbeCtxt->I.len);
- }
- pbeCtxt->A.data = (unsigned char*)PORT_ArenaZAlloc(arena, pbeCtxt->A.len);
- pbeCtxt->B.data = (unsigned char*)PORT_ArenaZAlloc(arena, pbeCtxt->B.len);
-
- if(!pbeCtxt->D.data || !pbeCtxt->A.data || !pbeCtxt->B.data ||
- (!pbeCtxt->S.data && pbeCtxt->S.len) ||
- (!pbeCtxt->P.data && pbeCtxt->P.len) ||
- (!pbeCtxt->I.data && pbeCtxt->I.len)) {
- goto loser;
- }
-
- PORT_Memset(pbeCtxt->D.data, (char)bitGenPurpose, pbeCtxt->D.len);
- if(pbeCtxt->P.len) {
- unsigned int z = 0;
- while(z < pbeCtxt->P.len) {
- PORT_Memcpy(&(pbeCtxt->P.data[z]), pwitem->data,
- ((z + pwitem->len > pbeCtxt->P.len) ? (pbeCtxt->P.len - z) :
- (pwitem->len)));
- z += pwitem->len;
- }
- }
- if(pbeCtxt->S.len) {
- unsigned int z = 0;
- while(z < pbeCtxt->S.len) {
- PORT_Memcpy(&(pbeCtxt->S.data[z]), salt->data,
- ((z + salt->len > pbeCtxt->S.len) ? (pbeCtxt->S.len - z) :
- (salt->len)));
- z += salt->len;
- }
- }
- if(pbeCtxt->I.len) {
- if(pbeCtxt->S.len) {
- PORT_Memcpy(pbeCtxt->I.data, pbeCtxt->S.data, pbeCtxt->S.len);
- }
- if(pbeCtxt->P.len) {
- PORT_Memcpy(&(pbeCtxt->I.data[pbeCtxt->S.len]), pbeCtxt->P.data,
- pbeCtxt->P.len);
- }
- }
-
- pbeCtxt->arena = arena;
-
- return pbeCtxt;
-
-loser:
- if(arena) {
- PORT_FreeArena(arena, PR_TRUE);
- }
-
- return NULL;
-}
-
-SECItem *
-PBE_GenerateBits(PBEBitGenContext *pbeCtxt)
-{
- unsigned int i;
- SECItem *A, *D, *I, *B, *S, *P;
- unsigned int u, v, c, z, hashLen, n, iter;
- unsigned int vbyte, ubyte;
- unsigned char *iterBuf;
- void *hash = NULL;
-
- if(!pbeCtxt) {
- return NULL;
- }
-
- A = &pbeCtxt->A;
- B = &pbeCtxt->B;
- I = &pbeCtxt->I;
- D = &pbeCtxt->D;
- S = &pbeCtxt->S;
- P = &pbeCtxt->P;
- u = pbeCtxt->pbeParams.u;
- v = pbeCtxt->pbeParams.v;
- vbyte = v / 8;
- ubyte = u / 8;
- c = pbeCtxt->c;
- n = pbeCtxt->n;
- z = 0;
-
- iterBuf = (unsigned char*)PORT_Alloc(ubyte);
- if(!iterBuf) {
- goto loser;
- }
-
- for(i = 1; i <= c; i++) {
- unsigned int Bidx;
- unsigned int k, j;
-
-
- for(iter = 1; iter <= pbeCtxt->iterations; iter++) {
- hash = pbeCtxt->hashObject->create();
- if(!hash) {
- goto loser;
- }
-
- pbeCtxt->hashObject->begin(hash);
-
- if(iter == 1) {
- pbeCtxt->hashObject->update(hash, D->data, D->len);
- pbeCtxt->hashObject->update(hash, I->data, I->len);
- } else {
- pbeCtxt->hashObject->update(hash, iterBuf, hashLen);
- }
-
- pbeCtxt->hashObject->end(hash, iterBuf, &hashLen, (ubyte));
- pbeCtxt->hashObject->destroy(hash, PR_TRUE);
- if(hashLen != (ubyte)) {
- goto loser;
- }
- }
-
- PORT_Memcpy(&(A->data[z]), iterBuf, (ubyte));
-
- Bidx = 0;
- while(Bidx < B->len) {
- PORT_Memcpy(&(B->data[Bidx]), &(A->data[z]),
- (((Bidx + (ubyte)) > B->len) ? (B->len - Bidx) :
- (ubyte)));
- Bidx += (ubyte);
- }
-
- k = (S->len / (vbyte)) + (P->len / (vbyte));
- for(j = 0; j < k; j++) {
- unsigned int byteIdx = (vbyte);
- unsigned int q, carryBit = 0;
-
- while(byteIdx > 0) {
- q = (unsigned int)I->data[(j * (vbyte)) + byteIdx - 1];
- q += (unsigned int)B->data[byteIdx - 1];
- q += carryBit;
- if(byteIdx == (vbyte)) {
- q += 1;
- }
-
- carryBit = ((q > 255) ? 1 : 0);
-
- I->data[(j * (vbyte)) + byteIdx - 1] = (unsigned char)(q & 255);
-
- byteIdx--;
- }
- }
-
- z += (ubyte);
- }
-
- A->len = (n / 8);
-
- return SECITEM_DupItem(A);
-
-loser:
- return NULL;
-}
-
-void
-PBE_DestroyContext(PBEBitGenContext *pbeCtxt) {
- if(pbeCtxt) {
- PORT_FreeArena(pbeCtxt->arena, PR_TRUE);
- }
-}
-
-SECStatus
-PBE_PK11ParamToAlgid(SECOidTag algTag, SECItem *param, PRArenaPool *arena,
- SECAlgorithmID *algId)
-{
- CK_PBE_PARAMS *pbe_param;
- SECItem pbeSalt;
- SECAlgorithmID *pbeAlgID = NULL;
- SECStatus rv;
-
- if(!param || !algId) {
- return SECFailure;
- }
-
- pbe_param = (CK_PBE_PARAMS *)param->data;
- pbeSalt.data = (unsigned char *)pbe_param->pSalt;
- pbeSalt.len = pbe_param->ulSaltLen;
- pbeAlgID = SEC_PKCS5CreateAlgorithmID(algTag, &pbeSalt,
- (int)pbe_param->ulIteration);
- if(!pbeAlgID) {
- return SECFailure;
- }
-
- rv = SECOID_CopyAlgorithmID(arena, algId, pbeAlgID);
- SECOID_DestroyAlgorithmID(pbeAlgID, PR_TRUE);
- return rv;
-}
diff --git a/security/nss/lib/softoken/secpkcs5.h b/security/nss/lib/softoken/secpkcs5.h
deleted file mode 100644
index 4efe99900..000000000
--- a/security/nss/lib/softoken/secpkcs5.h
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _SECPKCS5_H_
-#define _SECPKCS5_H_
-
-#include "plarena.h"
-#include "secitem.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "hasht.h"
-
-typedef SECItem * (* SEC_PKCS5GetPBEPassword)(void *arg);
-
-/* used for V2 PKCS 12 Draft Spec */
-typedef enum {
- pbeBitGenIDNull,
- pbeBitGenCipherKey = 0x01,
- pbeBitGenCipherIV = 0x02,
- pbeBitGenIntegrityKey = 0x03
-} PBEBitGenID;
-
-typedef struct _pbeBitGenParameters {
- unsigned int u, v;
- SECOidTag hashAlgorithm;
-} pbeBitGenParameters;
-
-typedef struct _PBEBitGenContext {
- PRArenaPool *arena;
-
- /* hash algorithm information */
- pbeBitGenParameters pbeParams;
- SECHashObject *hashObject;
- void *hash;
-
- /* buffers used in generation of bits */
- SECItem D, S, P, I, A, B;
- unsigned int c, n;
- unsigned int iterations;
-} PBEBitGenContext;
-
-extern const SEC_ASN1Template SEC_PKCS5PBEParameterTemplate[];
-typedef struct SEC_PKCS5PBEParameterStr SEC_PKCS5PBEParameter;
-
-struct SEC_PKCS5PBEParameterStr {
- PRArenaPool *poolp;
- SECItem salt; /* octet string */
- SECItem iteration; /* integer */
-
- /* used locally */
- SECOidTag algorithm;
- int iter;
-};
-
-
-SEC_BEGIN_PROTOS
-/* Create a PKCS5 Algorithm ID
- * The algorithm ID is set up using the PKCS #5 parameter structure
- * algorithm is the PBE algorithm ID for the desired algorithm
- * salt can be specified or can be NULL, if salt is NULL then the
- * salt is generated from random bytes
- * iteration is the number of iterations for which to perform the
- * hash prior to key and iv generation.
- * If an error occurs or the algorithm specified is not supported
- * or is not a password based encryption algorithm, NULL is returned.
- * Otherwise, a pointer to the algorithm id is returned.
- */
-extern SECAlgorithmID *
-SEC_PKCS5CreateAlgorithmID(SECOidTag algorithm,
- SECItem *salt,
- int iteration);
-
-/* Get the initialization vector. The password is passed in, hashing
- * is performed, and the initialization vector is returned.
- * algid is a pointer to a PBE algorithm ID
- * pwitem is the password
- * If an error occurs or the algorithm id is not a PBE algrithm,
- * NULL is returned. Otherwise, the iv is returned in a secitem.
- */
-extern SECItem *
-SEC_PKCS5GetIV(SECAlgorithmID *algid, SECItem *pwitem, PRBool faulty3DES);
-
-/* Get the key. The password is passed in, hashing is performed,
- * and the key is returned.
- * algid is a pointer to a PBE algorithm ID
- * pwitem is the password
- * If an error occurs or the algorithm id is not a PBE algrithm,
- * NULL is returned. Otherwise, the key is returned in a secitem.
- */
-extern SECItem *
-SEC_PKCS5GetKey(SECAlgorithmID *algid, SECItem *pwitem, PRBool faulty3DES);
-
-/* Get PBE salt. The salt for the password based algorithm is returned.
- * algid is the PBE algorithm identifier
- * If an error occurs NULL is returned, otherwise the salt is returned
- * in a SECItem.
- */
-extern SECItem *
-SEC_PKCS5GetSalt(SECAlgorithmID *algid);
-
-/* Encrypt/Decrypt data using password based encryption.
- * algid is the PBE algorithm identifier,
- * pwitem is the password,
- * src is the source for encryption/decryption,
- * encrypt is PR_TRUE for encryption, PR_FALSE for decryption.
- * The key and iv are generated based upon PKCS #5 then the src
- * is either encrypted or decrypted. If an error occurs, NULL
- * is returned, otherwise the ciphered contents is returned.
- */
-extern SECItem *
-SEC_PKCS5CipherData(SECAlgorithmID *algid, SECItem *pwitem,
- SECItem *src, PRBool encrypt, PRBool *update);
-
-/* Checks to see if algid algorithm is a PBE algorithm. If
- * so, PR_TRUE is returned, otherwise PR_FALSE is returned.
- */
-extern PRBool
-SEC_PKCS5IsAlgorithmPBEAlg(SECAlgorithmID *algid);
-
-/* Destroys PBE parameter */
-extern void
-SEC_PKCS5DestroyPBEParameter(SEC_PKCS5PBEParameter *param);
-
-/* Convert Algorithm ID to PBE parameter */
-extern SEC_PKCS5PBEParameter *
-SEC_PKCS5GetPBEParameter(SECAlgorithmID *algid);
-
-/* Determine how large the key generated is */
-extern int
-SEC_PKCS5GetKeyLength(SECAlgorithmID *algid);
-
-/* map crypto algorithm to pbe algorithm, assume sha 1 hashing for DES
- */
-extern SECOidTag
-SEC_PKCS5GetPBEAlgorithm(SECOidTag algTag, int keyLen);
-
-/* return the underlying crypto algorithm */
-extern SECOidTag
-SEC_PKCS5GetCryptoAlgorithm(SECAlgorithmID *algid);
-
-extern PBEBitGenContext *
-PBE_CreateContext(SECOidTag hashAlgorithm, PBEBitGenID bitGenPurpose,
- SECItem *pwitem, SECItem *salt, unsigned int bitsNeeded,
- unsigned int interations);
-
-extern SECItem *
-PBE_GenerateBits(PBEBitGenContext *pbeCtxt);
-
-extern void PBE_DestroyContext(PBEBitGenContext *pbeCtxt);
-
-extern SECStatus PBE_PK11ParamToAlgid(SECOidTag algTag, SECItem *param,
- PRArenaPool *arena, SECAlgorithmID *algId);
-SEC_END_PROTOS
-
-#endif
diff --git a/security/nss/lib/softoken/softoken.h b/security/nss/lib/softoken/softoken.h
deleted file mode 100644
index 733fdbede..000000000
--- a/security/nss/lib/softoken/softoken.h
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * softoken.h - private data structures and prototypes for the softoken lib
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef _SOFTOKEN_H_
-#define _SOFTOKEN_H_
-
-#include "blapi.h"
-#include "keytlow.h"
-#include "keytboth.h"
-#include "softoknt.h"
-#include "secoidt.h"
-
-#include "pkcs11t.h" /* CK_RV Required for pk11_fipsPowerUpSelfTest(). */
-
-SEC_BEGIN_PROTOS
-
-/*
-** RSA encryption/decryption. When encrypting/decrypting the output
-** buffer must be at least the size of the public key modulus.
-*/
-
-/*
-** Format some data into a PKCS#1 encryption block, preparing the
-** data for RSA encryption.
-** "result" where the formatted block is stored (memory is allocated)
-** "modulusLen" the size of the formatted block
-** "blockType" what block type to use (SEC_RSABlock*)
-** "data" the data to format
-*/
-extern SECStatus RSA_FormatBlock(SECItem *result,
- unsigned int modulusLen,
- RSA_BlockType blockType,
- SECItem *data);
-/*
-** Similar, but just returns a pointer to the allocated memory, *and*
-** will *only* format one block, even if we (in the future) modify
-** RSA_FormatBlock() to loop over multiples of modulusLen.
-*/
-extern unsigned char *RSA_FormatOneBlock(unsigned int modulusLen,
- RSA_BlockType blockType,
- SECItem *data);
-
-
-
-/*
- * convenience wrappers for doing single RSA operations. They create the
- * RSA context internally and take care of the formatting
- * requirements. Blinding happens automagically within RSA_SignHash and
- * RSA_DecryptBlock.
- */
-extern
-SECStatus RSA_Sign(SECKEYLowPrivateKey *key, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen);
-extern
-SECStatus RSA_CheckSign(SECKEYLowPublicKey *key, unsigned char *sign,
- unsigned int signLength, unsigned char *hash,
- unsigned int hashLength);
-extern
-SECStatus RSA_CheckSignRecover(SECKEYLowPublicKey *key, unsigned char *data,
- unsigned int *data_len,unsigned int max_output_len,
- unsigned char *sign, unsigned int sign_len);
-extern
-SECStatus RSA_EncryptBlock(SECKEYLowPublicKey *key, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen);
-extern
-SECStatus RSA_DecryptBlock(SECKEYLowPrivateKey *key, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- unsigned char *input, unsigned int inputLen);
-
-/*
- * added to make pkcs #11 happy
- * RAW is RSA_X_509
- */
-extern
-SECStatus RSA_SignRaw( SECKEYLowPrivateKey *key, unsigned char *output,
- unsigned int *output_len, unsigned int maxOutputLen,
- unsigned char *input, unsigned int input_len);
-extern
-SECStatus RSA_CheckSignRaw( SECKEYLowPublicKey *key, unsigned char *sign,
- unsigned int sign_len, unsigned char *hash,
- unsigned int hash_len);
-extern
-SECStatus RSA_CheckSignRecoverRaw( SECKEYLowPublicKey *key, unsigned char *data,
- unsigned int *data_len, unsigned int max_output_len,
- unsigned char *sign, unsigned int sign_len);
-extern
-SECStatus RSA_EncryptRaw( SECKEYLowPublicKey *key, unsigned char *output,
- unsigned int *output_len,
- unsigned int max_output_len,
- unsigned char *input, unsigned int input_len);
-extern
-SECStatus RSA_DecryptRaw(SECKEYLowPrivateKey *key, unsigned char *output,
- unsigned int *output_len,
- unsigned int max_output_len,
- unsigned char *input, unsigned int input_len);
-
-
-/*
-** Functions called directly by applications to configure the FIPS token.
-*/
-extern void PK11_ConfigurePKCS11(char *man, char *libdes, char *tokdes,
- char *ptokdes, char *slotdes, char *pslotdes, char *fslotdes,
- char *fpslotdes, int minPwd, int pwdRequired);
-extern void PK11_ConfigureFIPS(char *slotdes, char *pslotdes);
-
-/*
-** Prepare a buffer for DES encryption, growing to the appropriate boundary,
-** filling with the appropriate padding.
-** We add from 1 to DES_KEY_LENGTH bytes -- we *always* grow.
-** The extra bytes contain the value of the length of the padding:
-** if we have 2 bytes of padding, then the padding is "0x02, 0x02".
-**
-** NOTE: If arena is non-NULL, we re-allocate from there, otherwise
-** we assume (and use) PR memory (re)allocation.
-** Maybe this belongs in util?
-*/
-extern unsigned char * DES_PadBuffer(PRArenaPool *arena, unsigned char *inbuf,
- unsigned int inlen, unsigned int *outlen);
-
-
-/****************************************/
-/*
-** Power-Up selftests required for FIPS and invoked only
-** under PKCS #11 FIPS mode.
-*/
-extern CK_RV pk11_fipsPowerUpSelfTest( void );
-
-
-SEC_END_PROTOS
-
-#endif /* _SOFTOKEN_H_ */
diff --git a/security/nss/lib/softoken/softoknt.h b/security/nss/lib/softoken/softoknt.h
deleted file mode 100644
index da66c9042..000000000
--- a/security/nss/lib/softoken/softoknt.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * softoknt.h - public data structures for the software token library
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef _SOFTOKNT_H_
-#define _SOFTOKNT_H_
-
-/*
- * RSA block types
- *
- * The actual values are important -- they are fixed, *not* arbitrary.
- * The explicit value assignments are not needed (because C would give
- * us those same values anyway) but are included as a reminder...
- */
-typedef enum {
- RSA_BlockPrivate0 = 0, /* unused, really */
- RSA_BlockPrivate = 1, /* pad for a private-key operation */
- RSA_BlockPublic = 2, /* pad for a public-key operation */
- RSA_BlockOAEP = 3, /* use OAEP padding */
- /* XXX is this only for a public-key
- operation? If so, add "Public" */
- RSA_BlockRaw = 4, /* simply justify the block appropriately */
- RSA_BlockTotal
-} RSA_BlockType;
-
-#define NSS_SOFTOKEN_DEFAULT_CHUNKSIZE 2048
-
-#endif /* _SOFTOKNT_H_ */
diff --git a/security/nss/lib/ssl/Makefile b/security/nss/lib/ssl/Makefile
deleted file mode 100644
index 577dc8ac6..000000000
--- a/security/nss/lib/ssl/Makefile
+++ /dev/null
@@ -1,82 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-ifeq ($(OS_ARCH),WINNT)
-CSRCS += win32err.c
-else
-CSRCS += unix_err.c
-endif
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/ssl/authcert.c b/security/nss/lib/ssl/authcert.c
deleted file mode 100644
index 5a9c45e5a..000000000
--- a/security/nss/lib/ssl/authcert.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * NSS utility functions
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "prerror.h"
-#include "secitem.h"
-#include "prnetdb.h"
-#include "cert.h"
-#include "nspr.h"
-#include "secder.h"
-#include "key.h"
-#include "nss.h"
-#include "ssl.h"
-#include "pk11func.h" /* for PK11_ function calls */
-
-/*
- * This callback used by SSL to pull client sertificate upon
- * server request
- */
-SECStatus
-NSS_GetClientAuthData(void * arg,
- PRFileDesc * socket,
- struct CERTDistNamesStr * caNames,
- struct CERTCertificateStr ** pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey)
-{
- CERTCertificate * cert;
- SECKEYPrivateKey * privkey;
- char * chosenNickName = (char *)arg; /* CONST */
- void * proto_win = NULL;
- SECStatus rv = SECFailure;
-
- proto_win = SSL_RevealPinArg(socket);
-
- if (chosenNickName) {
- cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
- if ( cert ) {
- privkey = PK11_FindKeyByAnyCert(cert, proto_win);
- if ( privkey ) {
- rv = SECSuccess;
- } else {
- CERT_DestroyCertificate(cert);
- }
- }
- } else { /* no name given, automatically find the right cert. */
- CERTCertNicknames * names;
- int i;
-
- names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
- SEC_CERT_NICKNAMES_USER, proto_win);
- if (names != NULL) {
- for (i = 0; i < names->numnicknames; i++) {
- cert = PK11_FindCertFromNickname(names->nicknames[i],proto_win);
- if ( !cert )
- continue;
- /* Only check unexpired certs */
- if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
- secCertTimeValid ) {
- CERT_DestroyCertificate(cert);
- continue;
- }
- rv = NSS_CmpCertChainWCANames(cert, caNames);
- if ( rv == SECSuccess ) {
- privkey = PK11_FindKeyByAnyCert(cert, proto_win);
- if ( privkey )
- break;
- }
- rv = SECFailure;
- CERT_DestroyCertificate(cert);
- }
- CERT_FreeNicknames(names);
- }
- }
- if (rv == SECSuccess) {
- *pRetCert = cert;
- *pRetKey = privkey;
- }
- return rv;
-}
-
diff --git a/security/nss/lib/ssl/cmpcert.c b/security/nss/lib/ssl/cmpcert.c
deleted file mode 100644
index 5e557828e..000000000
--- a/security/nss/lib/ssl/cmpcert.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * NSS utility functions
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "prerror.h"
-#include "secitem.h"
-#include "prnetdb.h"
-#include "cert.h"
-#include "nspr.h"
-#include "secder.h"
-#include "key.h"
-#include "nss.h"
-
-/*
- * Look to see if any of the signers in the cert chain for "cert" are found
- * in the list of caNames.
- * Returns SECSuccess if so, SECFailure if not.
- */
-SECStatus
-NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
-{
- SECItem * caname;
- CERTCertificate * curcert;
- CERTCertificate * oldcert;
- PRInt32 contentlen;
- int j;
- int headerlen;
- int depth;
- SECStatus rv;
- SECItem issuerName;
- SECItem compatIssuerName;
-
- depth=0;
- curcert = CERT_DupCertificate(cert);
-
- while( curcert ) {
- issuerName = curcert->derIssuer;
-
- /* compute an alternate issuer name for compatibility with 2.0
- * enterprise server, which send the CA names without
- * the outer layer of DER hearder
- */
- rv = DER_Lengths(&issuerName, &headerlen, (uint32 *)&contentlen);
- if ( rv == SECSuccess ) {
- compatIssuerName.data = &issuerName.data[headerlen];
- compatIssuerName.len = issuerName.len - headerlen;
- } else {
- compatIssuerName.data = NULL;
- compatIssuerName.len = 0;
- }
-
- for (j = 0; j < caNames->nnames; j++) {
- caname = &caNames->names[j];
- if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) {
- rv = SECSuccess;
- CERT_DestroyCertificate(curcert);
- goto done;
- } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
- rv = SECSuccess;
- CERT_DestroyCertificate(curcert);
- goto done;
- }
- }
- if ( ( depth <= 20 ) &&
- ( SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject)
- != SECEqual ) ) {
- oldcert = curcert;
- curcert = CERT_FindCertByName(curcert->dbhandle,
- &curcert->derIssuer);
- CERT_DestroyCertificate(oldcert);
- depth++;
- } else {
- CERT_DestroyCertificate(curcert);
- curcert = NULL;
- }
- }
- rv = SECFailure;
-
-done:
- return rv;
-}
-
diff --git a/security/nss/lib/ssl/config.mk b/security/nss/lib/ssl/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/ssl/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/ssl/emulate.c b/security/nss/lib/ssl/emulate.c
deleted file mode 100644
index bb6efc140..000000000
--- a/security/nss/lib/ssl/emulate.c
+++ /dev/null
@@ -1,626 +0,0 @@
-/*
- * Functions that emulate PR_AcceptRead and PR_TransmitFile for SSL sockets.
- * Each Layered NSPR protocol (like SSL) must unfortunately contain its
- * own implementation of these functions. This code was taken from NSPR.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "nspr.h"
-
-#if defined( XP_UNIX )
-#include <fcntl.h>
-#endif
-#if defined(WIN32)
-#include <windef.h>
-#include <winbase.h>
-#endif
-#include <string.h>
-
-#define AMASK 7 /* mask for alignment of PRNetAddr */
-
-/*
- * _PR_EmulateAcceptRead
- *
- * Accept an incoming connection on sd, set *nd to point to the
- * newly accepted socket, read 'amount' bytes from the accepted
- * socket.
- *
- * buf is a buffer of length = amount + (2 * sizeof(PRNetAddr)) + 32
- * *raddr points to the PRNetAddr of the accepted connection upon
- * return
- *
- * return number of bytes read or -1 on error
- *
- */
-PRInt32
-ssl_EmulateAcceptRead( PRFileDesc * sd,
- PRFileDesc ** nd,
- PRNetAddr ** raddr,
- void * buf,
- PRInt32 amount,
- PRIntervalTime timeout)
-{
- PRFileDesc * newsockfd;
- PRInt32 rv;
- PRNetAddr remote;
-
- if (!(newsockfd = PR_Accept(sd, &remote, PR_INTERVAL_NO_TIMEOUT))) {
- return -1;
- }
-
- rv = PR_Recv(newsockfd, buf, amount, 0, timeout);
- if (rv >= 0) {
- ptrdiff_t pNetAddr = (((ptrdiff_t)buf) + amount + AMASK) & ~AMASK;
-
- *nd = newsockfd;
- *raddr = (PRNetAddr *)pNetAddr;
- memcpy((void *)pNetAddr, &remote, sizeof(PRNetAddr));
- return rv;
- }
-
- PR_Close(newsockfd);
- return -1;
-}
-
-
-#if !defined( XP_UNIX ) && !defined( WIN32 )
-/*
- * _PR_EmulateTransmitFile
- *
- * Send file fd across socket sd. If headers is non-NULL, 'hlen'
- * bytes of headers is sent before sending the file.
- *
- * PR_TRANSMITFILE_CLOSE_SOCKET flag - close socket after sending file
- *
- * return number of bytes sent or -1 on error
- *
- */
-#define _TRANSMITFILE_BUFSIZE (16 * 1024)
-
-PRInt32
-ssl_EmulateTransmitFile( PRFileDesc * sd,
- PRFileDesc * fd,
- const void * headers,
- PRInt32 hlen,
- PRTransmitFileFlags flags,
- PRIntervalTime timeout)
-{
- char * buf = NULL;
- PRInt32 count = 0;
- PRInt32 rlen;
- PRInt32 rv;
-
- buf = PR_MALLOC(_TRANSMITFILE_BUFSIZE);
- if (buf == NULL) {
- PR_SetError(PR_OUT_OF_MEMORY_ERROR, 0);
- return -1;
- }
-
- /*
- * send headers, first
- */
- while (hlen) {
- rv = PR_Send(sd, headers, hlen, 0, timeout);
- if (rv < 0) {
- /* PR_Send() has invoked PR_SetError(). */
- rv = -1;
- goto done;
- }
- count += rv;
- headers = (const void*) ((const char*)headers + rv);
- hlen -= rv;
- }
- /*
- * send file, next
- */
- while ((rlen = PR_Read(fd, buf, _TRANSMITFILE_BUFSIZE)) > 0) {
- while (rlen) {
- char *bufptr = buf;
-
- rv = PR_Send(sd, bufptr, rlen,0,PR_INTERVAL_NO_TIMEOUT);
- if (rv < 0) {
- /* PR_Send() has invoked PR_SetError(). */
- rv = -1;
- goto done;
- }
- count += rv;
- bufptr = ((char*)bufptr + rv);
- rlen -= rv;
- }
- }
- if (rlen == 0) {
- /*
- * end-of-file
- */
- if (flags & PR_TRANSMITFILE_CLOSE_SOCKET)
- PR_Close(sd);
- rv = count;
- } else {
- PR_ASSERT(rlen < 0);
- /* PR_Read() has invoked PR_SetError(). */
- rv = -1;
- }
-
-done:
- if (buf)
- PR_DELETE(buf);
- return rv;
-}
-#else
-
-#define TRANSMITFILE_MMAP_CHUNK (256 * 1024)
-
-/*
- * _PR_UnixTransmitFile
- *
- * Send file fd across socket sd. If headers is non-NULL, 'hlen'
- * bytes of headers is sent before sending the file.
- *
- * PR_TRANSMITFILE_CLOSE_SOCKET flag - close socket after sending file
- *
- * return number of bytes sent or -1 on error
- *
- */
-
-PRInt32
-ssl_EmulateTransmitFile( PRFileDesc * sd,
- PRFileDesc * fd,
- const void * headers,
- PRInt32 hlen,
- PRTransmitFileFlags flags,
- PRIntervalTime timeout)
-{
- void * addr;
- PRFileMap * mapHandle = NULL;
- PRInt32 count = 0;
- PRInt32 index = 0;
- PRInt32 len = 0;
- PRInt32 rv;
- struct PRFileInfo info;
- struct PRIOVec iov[2];
-
- /* Get file size */
- if (PR_SUCCESS != PR_GetOpenFileInfo(fd, &info)) {
- count = -1;
- goto done;
- }
- if (hlen) {
- iov[index].iov_base = (char *) headers;
- iov[index].iov_len = hlen;
- index++;
- }
- if (info.size > 0) {
- mapHandle = PR_CreateFileMap(fd, info.size, PR_PROT_READONLY);
- if (mapHandle == NULL) {
- count = -1;
- goto done;
- }
- /*
- * If the file is large, mmap and send the file in chunks so as
- * to not consume too much virtual address space
- */
- len = PR_MIN(info.size , TRANSMITFILE_MMAP_CHUNK );
- /*
- * Map in (part of) file. Take care of zero-length files.
- */
- if (len) {
- addr = PR_MemMap(mapHandle, 0, len);
- if (addr == NULL) {
- count = -1;
- goto done;
- }
- }
- iov[index].iov_base = (char*)addr;
- iov[index].iov_len = len;
- index++;
- }
- if (!index)
- goto done;
- rv = PR_Writev(sd, iov, index, timeout);
- if (len) {
- PR_MemUnmap(addr, len);
- }
- if (rv >= 0) {
- PR_ASSERT(rv == hlen + len);
- info.size -= len;
- count += rv;
- } else {
- count = -1;
- goto done;
- }
- /*
- * send remaining bytes of the file, if any
- */
- len = PR_MIN(info.size , TRANSMITFILE_MMAP_CHUNK );
- while (len > 0) {
- /*
- * Map in (part of) file
- */
- PR_ASSERT((count - hlen) % TRANSMITFILE_MMAP_CHUNK == 0);
- addr = PR_MemMap(mapHandle, count - hlen, len);
- if (addr == NULL) {
- count = -1;
- goto done;
- }
- rv = PR_Send(sd, addr, len, 0, timeout);
- PR_MemUnmap(addr, len);
- if (rv >= 0) {
- PR_ASSERT(rv == len);
- info.size -= rv;
- count += rv;
- len = PR_MIN(info.size , TRANSMITFILE_MMAP_CHUNK );
- } else {
- count = -1;
- goto done;
- }
- }
-done:
- if ((count >= 0) && (flags & PR_TRANSMITFILE_CLOSE_SOCKET))
- PR_Close(sd);
- if (mapHandle != NULL)
- PR_CloseFileMap(mapHandle);
- return count;
-}
-#endif /* XP_UNIX */
-
-
-
-
-#if !defined( XP_UNIX ) && !defined( WIN32 )
-/*
- * _PR_EmulateSendFile
- *
- * Send file sfd->fd across socket sd. The header and trailer buffers
- * specified in the 'sfd' argument are sent before and after the file,
- * respectively.
- *
- * PR_TRANSMITFILE_CLOSE_SOCKET flag - close socket after sending file
- *
- * return number of bytes sent or -1 on error
- *
- */
-
-PRInt32
-ssl_EmulateSendFile(PRFileDesc *sd, PRSendFileData *sfd,
- PRTransmitFileFlags flags, PRIntervalTime timeout)
-{
- char * buf = NULL;
- const void * buffer;
- PRInt32 rv;
- PRInt32 count = 0;
- PRInt32 rlen;
- PRInt32 buflen;
- PRInt32 sendbytes;
- PRInt32 readbytes;
-
-#define _SENDFILE_BUFSIZE (16 * 1024)
-
- buf = (char*)PR_MALLOC(_SENDFILE_BUFSIZE);
- if (buf == NULL) {
- PR_SetError(PR_OUT_OF_MEMORY_ERROR, 0);
- return -1;
- }
-
- /*
- * send header, first
- */
- buflen = sfd->hlen;
- buffer = sfd->header;
- while (buflen) {
- rv = PR_Send(sd, buffer, buflen, 0, timeout);
- if (rv < 0) {
- /* PR_Send() has invoked PR_SetError(). */
- rv = -1;
- goto done;
- } else {
- count += rv;
- buffer = (const void*) ((const char*)buffer + rv);
- buflen -= rv;
- }
- }
- /*
- * send file, next
- */
-
- if (PR_Seek(sfd->fd, sfd->file_offset, PR_SEEK_SET) < 0) {
- rv = -1;
- goto done;
- }
- sendbytes = sfd->file_nbytes;
- if (sendbytes == 0) {
- /* send entire file */
- while ((rlen = PR_Read(sfd->fd, buf, _SENDFILE_BUFSIZE)) > 0) {
- while (rlen) {
- char *bufptr = buf;
-
- rv = PR_Send(sd, bufptr, rlen, 0, timeout);
- if (rv < 0) {
- /* PR_Send() has invoked PR_SetError(). */
- rv = -1;
- goto done;
- } else {
- count += rv;
- bufptr = ((char*)bufptr + rv);
- rlen -= rv;
- }
- }
- }
- if (rlen < 0) {
- /* PR_Read() has invoked PR_SetError(). */
- rv = -1;
- goto done;
- }
- } else {
- readbytes = PR_MIN(sendbytes, _SENDFILE_BUFSIZE);
- while (readbytes && ((rlen = PR_Read(sfd->fd, buf, readbytes)) > 0)) {
- while (rlen) {
- char *bufptr = buf;
-
- rv = PR_Send(sd, bufptr, rlen, 0, timeout);
- if (rv < 0) {
- /* PR_Send() has invoked PR_SetError(). */
- rv = -1;
- goto done;
- } else {
- count += rv;
- sendbytes -= rv;
- bufptr = ((char*)bufptr + rv);
- rlen -= rv;
- }
- }
- readbytes = PR_MIN(sendbytes, _SENDFILE_BUFSIZE);
- }
- if (rlen < 0) {
- /* PR_Read() has invoked PR_SetError(). */
- rv = -1;
- goto done;
- } else if (sendbytes != 0) {
- /*
- * there are fewer bytes in file to send than specified
- */
- PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
- rv = -1;
- goto done;
- }
- }
- /*
- * send trailer, last
- */
- buflen = sfd->tlen;
- buffer = sfd->trailer;
- while (buflen) {
- rv = PR_Send(sd, buffer, buflen, 0, timeout);
- if (rv < 0) {
- /* PR_Send() has invoked PR_SetError(). */
- rv = -1;
- goto done;
- } else {
- count += rv;
- buffer = (const void*) ((const char*)buffer + rv);
- buflen -= rv;
- }
- }
- rv = count;
-
-done:
- if (buf)
- PR_DELETE(buf);
- if ((rv >= 0) && (flags & PR_TRANSMITFILE_CLOSE_SOCKET))
- PR_Close(sd);
- return rv;
-}
-
-#else /* UNIX and NT handled below */
-
-/*
- * _PR_UnixSendFile
- *
- * Send file sfd->fd across socket sd. If header/trailer are specified
- * they are sent before and after the file, respectively.
- *
- * PR_TRANSMITFILE_CLOSE_SOCKET flag - close socket after sending file
- *
- * return number of bytes sent or -1 on error
- *
- */
-#define SENDFILE_MMAP_CHUNK (256 * 1024)
-
-PRInt32
-ssl_EmulateSendFile(PRFileDesc *sd, PRSendFileData *sfd,
- PRTransmitFileFlags flags, PRIntervalTime timeout)
-{
- void * addr;
- PRFileMap * mapHandle = NULL;
- PRInt32 count = 0;
- PRInt32 file_bytes;
- PRInt32 index = 0;
- PRInt32 len;
- PRInt32 rv;
- PRUint32 addr_offset;
- PRUint32 file_mmap_offset;
- PRUint32 mmap_len;
- PRUint32 pagesize;
- struct PRFileInfo info;
- struct PRIOVec iov[3];
-
- /* Get file size */
- if (PR_SUCCESS != PR_GetOpenFileInfo(sfd->fd, &info)) {
- count = -1;
- goto done;
- }
- if (sfd->file_nbytes &&
- (info.size < (sfd->file_offset + sfd->file_nbytes))) {
- /*
- * there are fewer bytes in file to send than specified
- */
- PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
- count = -1;
- goto done;
- }
- if (sfd->file_nbytes)
- file_bytes = sfd->file_nbytes;
- else
- file_bytes = info.size - sfd->file_offset;
-
-#if defined(WIN32)
- {
- SYSTEM_INFO sysinfo;
- GetSystemInfo(&sysinfo);
- pagesize = sysinfo.dwAllocationGranularity;
- }
-#else
- pagesize = PR_GetPageSize();
-#endif
- /*
- * If the file is large, mmap and send the file in chunks so as
- * to not consume too much virtual address space
- */
- if (!sfd->file_offset || !(sfd->file_offset & (pagesize - 1))) {
- /*
- * case 1: page-aligned file offset
- */
- mmap_len = PR_MIN(file_bytes, SENDFILE_MMAP_CHUNK);
- len = mmap_len;
- file_mmap_offset = sfd->file_offset;
- addr_offset = 0;
- } else {
- /*
- * case 2: non page-aligned file offset
- */
- /* find previous page boundary */
- file_mmap_offset = (sfd->file_offset & ~(pagesize - 1));
-
- /* number of initial bytes to skip in mmap'd segment */
- addr_offset = sfd->file_offset - file_mmap_offset;
- PR_ASSERT(addr_offset > 0);
- mmap_len = PR_MIN(file_bytes + addr_offset, SENDFILE_MMAP_CHUNK);
- len = mmap_len - addr_offset;
- }
- /*
- * Map in (part of) file. Take care of zero-length files.
- */
- if (len > 0) {
- mapHandle = PR_CreateFileMap(sfd->fd, info.size, PR_PROT_READONLY);
- if (!mapHandle) {
- count = -1;
- goto done;
- }
- addr = PR_MemMap(mapHandle, file_mmap_offset, mmap_len);
- if (!addr) {
- count = -1;
- goto done;
- }
- }
- /*
- * send headers, first, followed by the file
- */
- if (sfd->hlen) {
- iov[index].iov_base = (char *) sfd->header;
- iov[index].iov_len = sfd->hlen;
- index++;
- }
- if (len) {
- iov[index].iov_base = (char*)addr + addr_offset;
- iov[index].iov_len = len;
- index++;
- }
- if ((file_bytes == len) && (sfd->tlen)) {
- /*
- * all file data is mapped in; send the trailer too
- */
- iov[index].iov_base = (char *) sfd->trailer;
- iov[index].iov_len = sfd->tlen;
- index++;
- }
- rv = PR_Writev(sd, iov, index, timeout);
- if (len)
- PR_MemUnmap(addr, mmap_len);
- if (rv < 0) {
- count = -1;
- goto done;
- }
-
- PR_ASSERT(rv == sfd->hlen + len + ((len == file_bytes) ? sfd->tlen : 0));
-
- file_bytes -= len;
- count += rv;
- if (!file_bytes) /* header, file and trailer are sent */
- goto done;
-
- /*
- * send remaining bytes of the file, if any
- */
- len = PR_MIN(file_bytes, SENDFILE_MMAP_CHUNK);
- while (len > 0) {
- /*
- * Map in (part of) file
- */
- file_mmap_offset = sfd->file_offset + count - sfd->hlen;
- PR_ASSERT((file_mmap_offset % pagesize) == 0);
-
- addr = PR_MemMap(mapHandle, file_mmap_offset, len);
- if (!addr) {
- count = -1;
- goto done;
- }
- rv = PR_Send(sd, addr, len, 0, timeout);
- PR_MemUnmap(addr, len);
- if (rv < 0) {
- count = -1;
- goto done;
- }
-
- PR_ASSERT(rv == len);
- file_bytes -= rv;
- count += rv;
- len = PR_MIN(file_bytes, SENDFILE_MMAP_CHUNK);
- }
- PR_ASSERT(0 == file_bytes);
- if (sfd->tlen) {
- rv = PR_Send(sd, sfd->trailer, sfd->tlen, 0, timeout);
- if (rv >= 0) {
- PR_ASSERT(rv == sfd->tlen);
- count += rv;
- } else
- count = -1;
- }
-done:
- if (mapHandle)
- PR_CloseFileMap(mapHandle);
- if ((count >= 0) && (flags & PR_TRANSMITFILE_CLOSE_SOCKET))
- PR_Close(sd);
- return count;
-}
-#endif /* UNIX and NT */
diff --git a/security/nss/lib/ssl/manifest.mn b/security/nss/lib/ssl/manifest.mn
deleted file mode 100644
index 5e1d50719..000000000
--- a/security/nss/lib/ssl/manifest.mn
+++ /dev/null
@@ -1,77 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-# DEFINES = -DTRACE
-
-
-PRIVATE_EXPORTS = \
- ssl3prot.h \
- sslimpl.h \
- $(NULL)
-
-EXPORTS = \
- ssl.h \
- sslerr.h \
- sslproto.h \
- preenc.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- emulate.c \
- prelib.c \
- ssl3con.c \
- ssl3gthr.c \
- sslauth.c \
- sslcon.c \
- ssldef.c \
- sslenum.c \
- sslerr.c \
- sslgathr.c \
- sslnonce.c \
- sslreveal.c \
- sslsecur.c \
- sslsnce.c \
- sslsock.c \
- sslsocks.c \
- ssltrace.c \
- authcert.c \
- cmpcert.c \
- nsskea.c \
- $(NULL)
-
-REQUIRES = security dbm
-
-LIBRARY_NAME = ssl
diff --git a/security/nss/lib/ssl/notes.txt b/security/nss/lib/ssl/notes.txt
deleted file mode 100644
index a36f242ee..000000000
--- a/security/nss/lib/ssl/notes.txt
+++ /dev/null
@@ -1,161 +0,0 @@
-The contents of this file are subject to the Mozilla Public
-License Version 1.1 (the "License"); you may not use this file
-except in compliance with the License. You may obtain a copy of
-the License at http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS
-IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-implied. See the License for the specific language governing
-rights and limitations under the License.
-
-The Original Code is the Netscape security libraries.
-
-The Initial Developer of the Original Code is Netscape
-Communications Corporation. Portions created by Netscape are
-Copyright (C) 1994-2000 Netscape Communications Corporation. All
-Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the
-terms of the GNU General Public License Version 2 or later (the
-"GPL"), in which case the provisions of the GPL are applicable
-instead of those above. If you wish to allow use of your
-version of this file only under the terms of the GPL and not to
-allow others to use your version of this file under the MPL,
-indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by
-the GPL. If you do not delete the provisions above, a recipient
-may use your version of this file under either the MPL or the
-GPL.
-
-SSL's Buffers: enumerated and explained.
-
----------------------------------------------------------------------------
-incoming:
-
-gs = ss->gather
-hs = ss->ssl3->hs
-
-gs->inbuf SSL3 only: incoming (encrypted) ssl records are placed here,
- and then decrypted (or copied) to gs->buf.
-
-gs->buf SSL2: incoming SSL records are put here, and then decrypted
- in place.
- SSL3: ssl3_HandleHandshake puts decrypted ssl records here.
-
-hs.msg_body (SSL3 only) When an incoming handshake message spans more
- than one ssl record, the first part(s) of it are accumulated
- here until it all arrives.
-
-hs.msgState (SSL3 only) an alternative set of pointers/lengths for gs->buf.
- Used only when a handleHandshake function returns SECWouldBlock.
- ssl3_HandleHandshake remembers how far it previously got by
- using these pointers instead of gs->buf when it is called
- after a previous SECWouldBlock return.
-
----------------------------------------------------------------------------
-outgoing:
-
-sec = ss->sec
-ci = ss->sec->ci /* connect info */
-
-ci->sendBuf Outgoing handshake messages are appended to this buffer.
- This buffer will then be sent as a single SSL record.
-
-sec->writeBuf outgoing ssl records are constructed here and encrypted in
- place before being written or copied to pendingBuf.
-
-ss->pendingBuf contains outgoing ciphertext that was saved after a write
- attempt to the socket failed, e.g. EWouldBlock.
- Generally empty with blocking sockets (should be no incomplete
- writes).
-
-ss->saveBuf Used only by socks code. Intended to be used to buffer
- outgoing data until a socks handshake completes. However,
- this buffer is always empty. There is no code to put
- anything into it.
-
----------------------------------------------------------------------------
-
-SECWouldBlock means that the function cannot make progress because it is
-waiting for some event OTHER THAN socket I/O completion (e.g. waiting for
-user dialog to finish). It is not the same as EWOULDBLOCK.
-
----------------------------------------------------------------------------
-
-Rank (order) of locks
-
-[ReadLock ->]\ [firstHandshake ->] [ssl3Handshake ->] recvbuf \ -> "spec"
-[WriteLock->]/ xmitbuf /
-
-crypto and hash Data that must be protected while turning plaintext into
-ciphertext:
-
-SSL2: (in ssl2_Send*)
- sec->hash*
- sec->hashcx (ptr and data)
- sec->enc
- sec->writecx* (ptr and content)
- sec->sendSecret*(ptr and content)
- sec->sendSequence locked by xmitBufLock
- sec->blockSize
- sec->writeBuf* (ptr & content) locked by xmitBufLock
- "in" locked by xmitBufLock
-
-SSl3: (in ssl3_SendPlainText)
- ss->ssl3 (the pointer)
- ss->ssl3->current_write* (the pointer and the data in the spec
- and any data referenced by the spec.
-
- ss->sec->isServer
- ss->sec->writebuf* (ptr & content) locked by xmitBufLock
- "buf" locked by xmitBufLock
-
-crypto and hash data that must be protected while turning ciphertext into
-plaintext:
-
-SSL2: (in ssl2_GatherData)
- gs->* (locked by recvBufLock )
- sec->dec
- sec->readcx
- sec->hash* (ptr and data)
- sec->hashcx (ptr and data)
-
-SSL3: (in ssl3_HandleRecord )
- ssl3->current_read* (the pointer and all data refernced)
- ss->sec->isServer
-
-
-Data that must be protected while being used by a "writer":
-
-ss->pendingBuf.*
-ss->saveBuf.* (which is dead)
-
-in ssl3_sendPlainText
-
-ss->ssl3->current_write-> (spec)
-ss->sec->writeBuf.*
-ss->sec->isServer
-
-in SendBlock
-
-ss->sec->hash->length
-ss->sec->blockSize
-ss->sec->writeBuf.*
-ss->sec->sendSecret
-ss->sec->sendSequence
-ss->sec->writecx *
-ss->pendingBuf
-
---------------------------------------------------------------------------
-
-Data variables (not const) protected by the "sslGlobalDataLock".
-Note, this really should be a reader/writer lock.
-
-allowedByPolicy sslcon.c
-maybeAllowedByPolicy sslcon.c
-chosenPreference sslcon.c
-policyWasSet sslcon.c
-
-cipherSuites[] ssl3con.c
diff --git a/security/nss/lib/ssl/nsskea.c b/security/nss/lib/ssl/nsskea.c
deleted file mode 100644
index ec7be1735..000000000
--- a/security/nss/lib/ssl/nsskea.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Return SSLKEAType derived from cert's Public Key algorithm info.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- # $Id$
- */
-
-#include "cert.h"
-#include "ssl.h" /* for SSLKEAType */
-#include "secoid.h"
-
-SSLKEAType
-NSS_FindCertKEAType(CERTCertificate * cert)
-{
- SSLKEAType keaType = kt_null;
- int tag;
-
- if (!cert) goto loser;
-
- tag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
-
- switch (tag) {
- case SEC_OID_X500_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- keaType = kt_rsa;
- break;
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_DSS_OLD:
- case SEC_OID_MISSI_DSS:
- keaType = kt_fortezza;
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY:
- keaType = kt_dh;
- break;
- default:
- keaType = kt_null;
- }
-
- loser:
-
- return keaType;
-
-}
-
diff --git a/security/nss/lib/ssl/preenc.h b/security/nss/lib/ssl/preenc.h
deleted file mode 100644
index 3dfbe1e92..000000000
--- a/security/nss/lib/ssl/preenc.h
+++ /dev/null
@@ -1,161 +0,0 @@
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil -*- */
-
-/*
- * Functions and types used by https servers to send (download) pre-encrypted
- * files over SSL connections that use Fortezza ciphersuites.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "seccomon.h"
-#include "prio.h"
-
-typedef struct PEHeaderStr PEHeader;
-
-#define PE_MIME_TYPE "application/pre-encrypted"
-
-
-/*
- * unencrypted header. The 'top' half of this header is generic. The union
- * is type specific, and may include bulk cipher type information
- * (Fortezza supports only Fortezza Bulk encryption). Only fortezza
- * pre-encrypted is defined.
- */
-typedef struct PEFortezzaHeaderStr PEFortezzaHeader;
-typedef struct PEFortezzaGeneratedHeaderStr PEFortezzaGeneratedHeader;
-typedef struct PEFixedKeyHeaderStr PEFixedKeyHeader;
-typedef struct PERSAKeyHeaderStr PERSAKeyHeader;
-
-struct PEFortezzaHeaderStr {
- unsigned char key[12]; /* Ks wrapped MEK */
- unsigned char iv[24]; /* iv for this MEK */
- unsigned char hash[20]; /* SHA hash of file */
- unsigned char serial[8]; /* serial number of the card that owns
- * Ks */
-};
-
-struct PEFortezzaGeneratedHeaderStr {
- unsigned char key[12]; /* TEK wrapped MEK */
- unsigned char iv[24]; /* iv for this MEK */
- unsigned char hash[20]; /* SHA hash of file */
- unsigned char Ra[128]; /* RA to generate TEK */
- unsigned char Y[128]; /* Y to generate TEK */
-};
-
-struct PEFixedKeyHeaderStr {
- unsigned char pkcs11Mech[4]; /* Symetric key operation */
- unsigned char labelLen[2]; /* length of the token label */
- unsigned char keyIDLen[2]; /* length of the token Key ID */
- unsigned char ivLen[2]; /* length of IV */
- unsigned char keyLen[2]; /* length of key (DES3_ECB encrypted) */
- unsigned char data[1]; /* start of data */
-};
-
-struct PERSAKeyHeaderStr {
- unsigned char pkcs11Mech[4]; /* Symetric key operation */
- unsigned char issuerLen[2]; /* length of cert issuer */
- unsigned char serialLen[2]; /* length of the cert serial */
- unsigned char ivLen[2]; /* length of IV */
- unsigned char keyLen[2]; /* length of key (RSA encrypted) */
- unsigned char data[1]; /* start of data */
-};
-
-/* macros to get at the variable length data fields */
-#define PEFIXED_Label(header) (header->data)
-#define PEFIXED_KeyID(header) (&header->data[GetInt2(header->labelLen)])
-#define PEFIXED_IV(header) (&header->data[GetInt2(header->labelLen)\
- +GetInt2(header->keyIDLen)])
-#define PEFIXED_Key(header) (&header->data[GetInt2(header->labelLen)\
- +GetInt2(header->keyIDLen)+GetInt2(header->keyLen)])
-#define PERSA_Issuer(header) (header->data)
-#define PERSA_Serial(header) (&header->data[GetInt2(header->issuerLen)])
-#define PERSA_IV(header) (&header->data[GetInt2(header->issuerLen)\
- +GetInt2(header->serialLen)])
-#define PERSA_Key(header) (&header->data[GetInt2(header->issuerLen)\
- +GetInt2(header->serialLen)+GetInt2(header->keyLen)])
-struct PEHeaderStr {
- unsigned char magic [2]; /* always 0xC0DE */
- unsigned char len [2]; /* length of PEHeader */
- unsigned char type [2]; /* FORTEZZA, DIFFIE-HELMAN, RSA */
- unsigned char version[2]; /* version number: 1.0 */
- union {
- PEFortezzaHeader fortezza;
- PEFortezzaGeneratedHeader g_fortezza;
- PEFixedKeyHeader fixed;
- PERSAKeyHeader rsa;
- } u;
-};
-
-#define PE_CRYPT_INTRO_LEN 8
-#define PE_INTRO_LEN 4
-#define PE_BASE_HEADER_LEN 8
-
-#define PRE_BLOCK_SIZE 8 /* for decryption blocks */
-
-
-/*
- * Platform neutral encode/decode macros.
- */
-#define GetInt2(c) ((c[0] << 8) | c[1])
-#define GetInt4(c) (((unsigned long)c[0] << 24)|((unsigned long)c[1] << 16)\
- |((unsigned long)c[2] << 8)| ((unsigned long)c[3]))
-#define PutInt2(c,i) ((c[1] = (i) & 0xff), (c[0] = ((i) >> 8) & 0xff))
-#define PutInt4(c,i) ((c[0]=((i) >> 24) & 0xff),(c[1]=((i) >> 16) & 0xff),\
- (c[2] = ((i) >> 8) & 0xff), (c[3] = (i) & 0xff))
-
-/*
- * magic numbers.
- */
-#define PRE_MAGIC 0xc0de
-#define PRE_VERSION 0x1010
-#define PRE_FORTEZZA_FILE 0x00ff /* pre-encrypted file on disk */
-#define PRE_FORTEZZA_STREAM 0x00f5 /* pre-encrypted file in stream */
-#define PRE_FORTEZZA_GEN_STREAM 0x00f6 /* Generated pre-encrypted file */
-#define PRE_FIXED_FILE 0x000f /* fixed key on disk */
-#define PRE_RSA_FILE 0x001f /* RSA in file */
-#define PRE_FIXED_STREAM 0x0005 /* fixed key in stream */
-
-/*
- * internal implementation info
- */
-
-
-/* convert an existing stream header to a version with local parameters */
-PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *,
- int *headerSize);
-
-/* convert an existing file header to one suitable for streaming out */
-PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *,
- int *headerSize);
-
diff --git a/security/nss/lib/ssl/prelib.c b/security/nss/lib/ssl/prelib.c
deleted file mode 100644
index b6ea428e2..000000000
--- a/security/nss/lib/ssl/prelib.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil -*- */
-
-/*
- * Functions used by https servers to send (download) pre-encrypted files
- * over SSL connections that use Fortezza ciphersuites.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "cert.h"
-#include "ssl.h"
-#include "keyhi.h"
-#include "secitem.h"
-#include "sslimpl.h"
-#include "pkcs11t.h"
-#include "preenc.h"
-#include "pk11func.h"
-
-static unsigned char fromHex(char x) {
- if ((x >= '0') && (x <= '9')) return x-'0';
- if ((x >= 'a') && (x <= 'f')) return x-'a'+10;
- return x-'A'+10;
-}
-
-PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *inHeader,
- int *headerSize)
-{
- PK11SymKey *key, *tek, *Ks;
- sslSocket *ss;
- PK11SlotInfo *slot;
- CK_TOKEN_INFO info;
- int oldHeaderSize;
- PEHeader *header;
- SECStatus rv;
- SECItem item;
- int i;
-
- if (fd == NULL) {
- /* XXX set an error */
- return NULL;
- }
-
- ss = ssl_FindSocket(fd);
- if (ss == NULL) {
- /* XXX set an error */
- return NULL;
- }
-
- PORT_Assert(ss->ssl3 != NULL);
- if (ss->ssl3 == NULL) {
- return NULL;
- }
-
- if (GetInt2(inHeader->magic) != PRE_MAGIC) {
- return NULL;
- }
-
- oldHeaderSize = GetInt2(inHeader->len);
- header = (PEHeader *) PORT_ZAlloc(oldHeaderSize);
- if (header == NULL) {
- return NULL;
- }
-
- switch (GetInt2(inHeader->type)) {
- case PRE_FORTEZZA_FILE:
- case PRE_FORTEZZA_GEN_STREAM:
- case PRE_FIXED_FILE:
- case PRE_RSA_FILE:
- default:
- *headerSize = oldHeaderSize;
- PORT_Memcpy(header,inHeader,oldHeaderSize);
- return header;
-
- case PRE_FORTEZZA_STREAM:
- *headerSize = PE_BASE_HEADER_LEN + sizeof(PEFortezzaHeader);
- PutInt2(header->magic,PRE_MAGIC);
- PutInt2(header->len,*headerSize);
- PutInt2(header->type, PRE_FORTEZZA_FILE);
- PORT_Memcpy(header->version,inHeader->version,sizeof(header->version));
- PORT_Memcpy(header->u.fortezza.hash,inHeader->u.fortezza.hash,
- sizeof(header->u.fortezza.hash));
- PORT_Memcpy(header->u.fortezza.iv,inHeader->u.fortezza.iv,
- sizeof(header->u.fortezza.iv));
-
- /* get the kea context from the session */
- tek = ss->ssl3->fortezza.tek;
- if (tek == NULL) {
- PORT_Free(header);
- return NULL;
- }
-
-
- /* get the slot and the serial number */
- slot = PK11_GetSlotFromKey(tek);
- if (slot == NULL) {
- PORT_Free(header);
- return NULL;
- }
- rv = PK11_GetTokenInfo(slot,&info);
- if (rv != SECSuccess) {
- PORT_Free(header);
- PK11_FreeSlot(slot);
- return NULL;
- }
-
- /* Look up the Token Fixed Key */
- Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL, ss->pkcs11PinArg);
- PK11_FreeSlot(slot);
- if (Ks == NULL) {
- PORT_Free(header);
- return NULL;
- }
-
- /* unwrap the key with the TEK */
- item.data = inHeader->u.fortezza.key;
- item.len = sizeof(inHeader->u.fortezza.key);
- key = PK11_UnwrapSymKey(tek,CKM_SKIPJACK_WRAP,
- NULL, &item, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
- if (key == NULL) {
- PORT_Free(header);
- PK11_FreeSymKey(Ks);
- return NULL;
- }
-
- /* rewrap with the local Ks */
- item.data = header->u.fortezza.key;
- item.len = sizeof(header->u.fortezza.key);
- rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, Ks, key, &item);
- PK11_FreeSymKey(Ks);
- PK11_FreeSymKey(key);
- if (rv != SECSuccess) {
- PORT_Free(header);
- return NULL;
- }
-
- /* copy our local serial number into header */
- for (i=0; i < sizeof(header->u.fortezza.serial); i++) {
- header->u.fortezza.serial[i] =
- (fromHex(info.serialNumber[i*2]) << 4) |
- fromHex(info.serialNumber[i*2 + 1]);
- }
- break;
- case PRE_FIXED_STREAM:
- /* not implemented yet */
- PORT_Free(header);
- return NULL;
- }
-
- return(header);
-}
-
-/*
- * this one needs to allocate space and work for RSA & FIXED key files as well
- */
-PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *header,
- int *headerSize)
-{
- PK11SymKey *key, *tek, *Ks;
- sslSocket *ss;
- PK11SlotInfo *slot;
- SECStatus rv;
- SECItem item;
-
- *headerSize = 0; /* hack */
-
- if (fd == NULL) {
- /* XXX set an error */
- return NULL;
- }
-
- ss = ssl_FindSocket(fd);
- if (ss == NULL) {
- /* XXX set an error */
- return NULL;
- }
-
- PORT_Assert(ss->ssl3 != NULL);
- if (ss->ssl3 == NULL) {
- return NULL;
- }
-
- /* get the kea context from the session */
- tek = ss->ssl3->fortezza.tek;
- if (tek == NULL) {
- return NULL;
- }
-
- slot = PK11_GetSlotFromKey(tek);
- if (slot == NULL) return NULL;
- Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL, PK11_GetWindow(tek));
- PK11_FreeSlot(slot);
- if (Ks == NULL) return NULL;
-
-
- /* unwrap with the local Ks */
- item.data = header->u.fortezza.key;
- item.len = sizeof(header->u.fortezza.key);
- /* rewrap the key with the TEK */
- key = PK11_UnwrapSymKey(Ks,CKM_SKIPJACK_WRAP,
- NULL, &item, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
- if (key == NULL) {
- PK11_FreeSymKey(Ks);
- return NULL;
- }
-
- rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, tek, key, &item);
- PK11_FreeSymKey(Ks);
- PK11_FreeSymKey(key);
- if (rv != SECSuccess) {
- return NULL;
- }
-
- /* copy over our local serial number */
- PORT_Memset(header->u.fortezza.serial,0,sizeof(header->u.fortezza.serial));
-
- /* change type to stream */
- PutInt2(header->type, PRE_FORTEZZA_STREAM);
-
- return(header);
-}
-
-
diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h
deleted file mode 100644
index 97a97759b..000000000
--- a/security/nss/lib/ssl/ssl.h
+++ /dev/null
@@ -1,423 +0,0 @@
-/*
- * This file contains prototypes for the public SSL functions.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef __ssl_h_
-#define __ssl_h_
-
-#include "prtypes.h"
-#include "prerror.h"
-#include "prio.h"
-#include "seccomon.h"
-#include "cert.h"
-#include "keyt.h"
-
-/* constant table enumerating all implemented SSL 2 and 3 cipher suites. */
-extern const PRUint16 SSL_ImplementedCiphers[];
-
-/* number of entries in the above table. */
-extern const PRUint16 SSL_NumImplementedCiphers;
-
-/* Macro to tell which ciphers in table are SSL2 vs SSL3/TLS. */
-#define SSL_IS_SSL2_CIPHER(which) (((which) & 0xfff0) == 0xff00)
-
-SEC_BEGIN_PROTOS
-
-
-/*
-** Imports fd into SSL, returning a new socket. Copies SSL configuration
-** from model.
-*/
-extern PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
-
-/*
-** Enable/disable an ssl mode
-**
-** SSL_SECURITY:
-** enable/disable use of SSL security protocol before connect
-**
-** SSL_SOCKS:
-** enable/disable use of socks before connect
-** (No longer supported).
-**
-** SSL_REQUEST_CERTIFICATE:
-** require a certificate during secure connect
-*/
-/* options */
-#define SSL_SECURITY 1
-#define SSL_SOCKS 2
-#define SSL_REQUEST_CERTIFICATE 3
-#define SSL_HANDSHAKE_AS_CLIENT 5 /* force accept to hs as client */
-#define SSL_HANDSHAKE_AS_SERVER 6 /* force connect to hs as server */
-#define SSL_ENABLE_SSL2 7 /* enable ssl v2 (on by default) */
-#define SSL_ENABLE_SSL3 8 /* enable ssl v3 (on by default) */
-#define SSL_NO_CACHE 9 /* don't use the session cache */
-#define SSL_REQUIRE_CERTIFICATE 10
-#define SSL_ENABLE_FDX 11 /* permit simultaneous read/write */
-#define SSL_V2_COMPATIBLE_HELLO 12 /* send v3 client hello in v2 fmt */
-#define SSL_ENABLE_TLS 13 /* enable TLS (off by default) */
-#define SSL_ROLLBACK_DETECTION 14 /* for compatibility, default: on */
-
-/* Old deprecated function names */
-extern SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
-extern SECStatus SSL_EnableDefault(int option, PRBool on);
-
-/* New function names */
-extern SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);
-extern SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);
-extern SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
-extern SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on);
-extern SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle);
-
-/*
-** Control ciphers that SSL uses. If on is non-zero then the named cipher
-** is enabled, otherwise it is disabled.
-** The "cipher" values are defined in sslproto.h (the SSL_EN_* values).
-** EnableCipher records user preferences.
-** SetPolicy sets the policy according to the policy module.
-*/
-/* Old deprecated function names */
-extern SECStatus SSL_EnableCipher(long which, PRBool enabled);
-extern SECStatus SSL_SetPolicy(long which, int policy);
-
-/* New function names */
-extern SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool enabled);
-extern SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *enabled);
-extern SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled);
-extern SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
-extern SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
-extern SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
-
-/* Values for "policy" argument to SSL_PolicySet */
-/* Values returned by SSL_CipherPolicyGet. */
-#define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */
-#define SSL_ALLOWED 1
-#define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */
-
-/*
-** Reset the handshake state for fd. This will make the complete SSL
-** handshake protocol execute from the ground up on the next i/o
-** operation.
-*/
-extern SECStatus SSL_ResetHandshake(PRFileDesc *fd, PRBool asServer);
-
-/*
-** Force the handshake for fd to complete immediately. This blocks until
-** the complete SSL handshake protocol is finished.
-*/
-extern int SSL_ForceHandshake(PRFileDesc *fd);
-
-/*
-** Query security status of socket. *on is set to one if security is
-** enabled. *keySize will contain the stream key size used. *issuer will
-** contain the RFC1485 verison of the name of the issuer of the
-** certificate at the other end of the connection. For a client, this is
-** the issuer of the server's certificate; for a server, this is the
-** issuer of the client's certificate (if any). Subject is the subject of
-** the other end's certificate. The pointers can be zero if the desired
-** data is not needed. All strings returned by this function are owned
-** by SSL, and will be freed when the socket is closed.
-*/
-extern int SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
- int *keySize, int *secretKeySize,
- char **issuer, char **subject);
-
-/* Values for "on" */
-#define SSL_SECURITY_STATUS_NOOPT -1
-#define SSL_SECURITY_STATUS_OFF 0
-#define SSL_SECURITY_STATUS_ON_HIGH 1
-#define SSL_SECURITY_STATUS_ON_LOW 2
-#define SSL_SECURITY_STATUS_FORTEZZA 3
-
-/*
-** Return the certificate for our SSL peer. If the client calls this
-** it will always return the server's certificate. If the server calls
-** this, it may return NULL if client authentication is not enabled or
-** if the client had no certificate when asked.
-** "fd" the socket "file" descriptor
-*/
-extern CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
-
-/*
-** Authenticate certificate hook. Called when a certificate comes in
-** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
-** certificate.
-*/
-typedef int (*SSLAuthCertificate)(void *arg, PRFileDesc *fd, PRBool checkSig,
- PRBool isServer);
-extern int SSL_AuthCertificateHook(PRFileDesc *fd, SSLAuthCertificate f,
- void *arg);
-
-/* An implementation of the certificate authentication hook */
-extern int SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
- PRBool isServer);
-
-/*
- * Prototype for SSL callback to get client auth data from the application.
- * arg - application passed argument
- * caNames - pointer to distinguished names of CAs that the server likes
- * pRetCert - pointer to pointer to cert, for return of cert
- * pRetKey - pointer to key pointer, for return of key
- */
-typedef int (*SSLGetClientAuthData)(void *arg, PRFileDesc *fd,
- CERTDistNames *caNames,
- CERTCertificate **pRetCert,/*return */
- SECKEYPrivateKey **pRetKey);/* return */
-
-/*
- * Set the client side callback for SSL to retrieve user's private key
- * and certificate.
- * fd - the file descriptor for the connection in question
- * f - the application's callback that delivers the key and cert
- * a - application specific data
- */
-extern int SSL_GetClientAuthDataHook(PRFileDesc *fd, SSLGetClientAuthData f,
- void *a);
-
-
-/*
- * Set the client side argument for SSL to retrieve PKCS #11 pin.
- * fd - the file descriptor for the connection in question
- * a - pkcs11 application specific data
- */
-extern int SSL_SetPKCS11PinArg(PRFileDesc *fd, void *a);
-
-/*
-** This is a callback for dealing with server certs that are not authenticated
-** by the client. The client app can decide that it actually likes the
-** cert by some external means and restart the connection.
-*/
-typedef int (*SSLBadCertHandler)(void *arg, PRFileDesc *fd);
-extern int SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, void *arg);
-
-/*
-** Configure ssl for running a secure server. Needs the
-** certificate for the server and the servers private key. The arguments
-** are copied.
-*/
-/* Key Exchange values */
-typedef enum {
- kt_null = 0,
- kt_rsa,
- kt_dh,
- kt_fortezza,
- kt_kea_size
-} SSLKEAType;
-
-extern SECStatus SSL_ConfigSecureServer(PRFileDesc *fd, CERTCertificate *cert,
- SECKEYPrivateKey *key, SSLKEAType kea);
-
-/*
-** Configure a secure servers session-id cache. Define the maximum number
-** of entries in the cache, the longevity of the entires, and the directory
-** where the cache files will be placed. These values can be zero, and
-** if so, the implementation will choose defaults.
-** This version of the function is for use in applications that have only one
-** process that uses the cache (even if that process has multiple threads).
-*/
-extern int SSL_ConfigServerSessionIDCache(int maxCacheEntries,
- PRUint32 timeout,
- PRUint32 ssl3_timeout,
- const char * directory);
-/*
-** Like SSL_ConfigServerSessionIDCache, with one important difference.
-** If the application will run multiple processes (as opposed to, or in
-** addition to multiple threads), then it must call this function, instead
-** of calling SSL_ConfigServerSessionIDCache().
-** This has nothing to do with the number of processORs, only processEs.
-** This function sets up a Server Session ID (SID) cache that is safe for
-** access by multiple processes on the same system.
-*/
-extern int SSL_ConfigMPServerSIDCache(int maxCacheEntries,
- PRUint32 timeout,
- PRUint32 ssl3_timeout,
- const char * directory);
-
-/* environment variable set by SSL_ConfigMPServerSIDCache, and queried by
- * SSL_InheritMPServerSIDCache when envString is NULL.
- */
-#define SSL_ENV_VAR_NAME "SSL_INHERITANCE"
-
-/* called in child to inherit SID Cache variables.
- * If envString is NULL, this function will use the value of the environment
- * variable "SSL_INHERITANCE", otherwise the string value passed in will be
- * used.
- */
-extern SECStatus SSL_InheritMPServerSIDCache(const char * envString);
-
-/*
-** Set the callback on a particular socket that gets called when we finish
-** performing a handshake.
-*/
-typedef void (*SSLHandshakeCallback)(PRFileDesc *fd, void *client_data);
-extern int SSL_HandshakeCallback(PRFileDesc *fd, SSLHandshakeCallback cb,
- void *client_data);
-
-/*
-** For the server, request a new handshake. For the client, begin a new
-** handshake. If flushCache is non-zero, the SSL3 cache entry will be
-** flushed first, ensuring that a full SSL handshake will be done.
-** If flushCache is zero, and an SSL connection is established, it will
-** do the much faster session restart handshake. This will change the
-** session keys without doing another private key operation.
-*/
-extern int SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache);
-
-/*
-** For the server, request a new handshake. For the client, begin a new
-** handshake. Flushes SSL3 session cache entry first, ensuring that a
-** full handshake will be done.
-** This call is equivalent to SSL_ReHandshake(fd, PR_TRUE)
-*/
-extern int SSL_RedoHandshake(PRFileDesc *fd);
-
-/*
-** Return 1 if the socket is direct, 0 if not, -1 on error
-*/
-extern int SSL_CheckDirectSock(PRFileDesc *s);
-
-/*
-** A cousin to SSL_Bind, this takes an extra arg: dsthost, so we can
-** set up sockd connection. This should be used with socks enabled.
-*/
-extern int SSL_BindForSockd(PRFileDesc *s, PRNetAddr *sa, long dsthost);
-
-/*
-** Configure ssl for using socks.
-*/
-extern SECStatus SSL_ConfigSockd(PRFileDesc *fd, PRUint32 host, PRUint16 port);
-
-/*
- * Allow the application to pass a URL or hostname into the SSL library
- */
-extern int SSL_SetURL(PRFileDesc *fd, const char *url);
-
-/*
-** Return the number of bytes that SSL has waiting in internal buffers.
-** Return 0 if security is not enabled.
-*/
-extern int SSL_DataPending(PRFileDesc *fd);
-
-/*
-** Invalidate the SSL session associated with fd.
-*/
-extern int SSL_InvalidateSession(PRFileDesc *fd);
-
-/*
-** Return a SECItem containing the SSL session ID associated with the fd.
-*/
-extern SECItem *SSL_GetSessionID(PRFileDesc *fd);
-
-/*
-** Clear out the SSL session cache.
-*/
-extern void SSL_ClearSessionCache(void);
-
-/*
-** Set peer information so we can correctly look up SSL session later.
-** You only have to do this if you're tunneling through a proxy.
-*/
-extern int SSL_SetSockPeerID(PRFileDesc *fd, char *peerID);
-
-/*
-** Read the socks config file. You must do this before doing anything with
-** socks.
-*/
-extern int SSL_ReadSocksConfFile(PRFileDesc *fp);
-
-/*
-** Reveal the security information for the peer.
-*/
-extern CERTCertificate * SSL_RevealCert(PRFileDesc * socket);
-extern void * SSL_RevealPinArg(PRFileDesc * socket);
-extern char * SSL_RevealURL(PRFileDesc * socket);
-
-
-/* This callback may be passed to the SSL library via a call to
- * SSL_GetClientAuthDataHook() for each SSL client socket.
- * It will be invoked when SSL needs to know what certificate and private key
- * (if any) to use to respond to a request for client authentication.
- * If arg is non-NULL, it is a pointer to a NULL-terminated string containing
- * the nickname of the cert/key pair to use.
- * If arg is NULL, this function will search the cert and key databases for
- * a suitable match and send it if one is found.
- */
-extern SECStatus
-NSS_GetClientAuthData(void * arg,
- PRFileDesc * socket,
- struct CERTDistNamesStr * caNames,
- struct CERTCertificateStr ** pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey);
-
-/*
- * Look to see if any of the signers in the cert chain for "cert" are found
- * in the list of caNames.
- * Returns SECSuccess if so, SECFailure if not.
- * Used by NSS_GetClientAuthData. May be used by other callback functions.
- */
-extern SECStatus NSS_CmpCertChainWCANames(CERTCertificate *cert,
- CERTDistNames *caNames);
-
-/*
- * Returns key exchange type of the keys in an SSL server certificate.
- */
-extern SSLKEAType NSS_FindCertKEAType(CERTCertificate * cert);
-
-/* Set cipher policies to a predefined Domestic (U.S.A.) policy.
- * This essentially enables all supported ciphers.
- */
-extern SECStatus NSS_SetDomesticPolicy(void);
-
-/* Set cipher policies to a predefined Policy that is exportable from the USA
- * according to present U.S. policies as we understand them.
- * See documentation for the list.
- * Note that your particular application program may be able to obtain
- * an export license with more or fewer capabilities than those allowed
- * by this function. In that case, you should use SSL_SetPolicy()
- * to explicitly allow those ciphers you may legally export.
- */
-extern SECStatus NSS_SetExportPolicy(void);
-
-/* Set cipher policies to a predefined Policy that is exportable from the USA
- * according to present U.S. policies as we understand them, and that the
- * nation of France will permit to be imported into their country.
- * See documentation for the list.
- */
-extern SECStatus NSS_SetFrancePolicy(void);
-
-SEC_END_PROTOS
-
-#endif /* __ssl_h_ */
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
deleted file mode 100644
index 93d5b2773..000000000
--- a/security/nss/lib/ssl/ssl3con.c
+++ /dev/null
@@ -1,7521 +0,0 @@
-/*
- * SSL3 Protocol
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "cert.h"
-#include "ssl.h"
-#include "cryptohi.h" /* for DSAU_ stuff */
-#include "keyhi.h"
-#include "secder.h"
-#include "secitem.h"
-
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "sslerr.h"
-#include "prtime.h"
-#include "prinrval.h"
-#include "prerror.h"
-#include "pratom.h"
-#include "prthread.h"
-
-#include "pk11func.h"
-#include "secmod.h"
-#include "nsslocks.h"
-
-#include <stdio.h>
-
-#ifndef PK11_SETATTRS
-#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
- (x)->pValue=(v); (x)->ulValueLen = (l);
-#endif
-
-static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
- PK11SlotInfo * serverKeySlot);
-static SECStatus ssl3_GenerateSessionKeys(sslSocket *ss, const PK11SymKey *pms);
-static SECStatus ssl3_HandshakeFailure( sslSocket *ss);
-static SECStatus ssl3_InitState( sslSocket *ss);
-static sslSessionID *ssl3_NewSessionID( sslSocket *ss, PRBool is_server);
-static SECStatus ssl3_SendCertificate( sslSocket *ss);
-static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss);
-static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
-static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
-static SECStatus ssl3_SendServerHello( sslSocket *ss);
-static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
-static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss);
-
-static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
- int maxOutputLen, const unsigned char *input,
- int inputLen);
-
-#define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */
-#define MIN_SEND_BUF_LENGTH 4000
-
-#define MAX_CIPHER_SUITES 20
-
-/* This list of SSL3 cipher suites is sorted in descending order of
- * precedence (desirability). It only includes cipher suites we implement.
- * This table is modified by SSL3_SetPolicy().
- */
-static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
- /* cipher_suite policy enabled is_present*/
- { SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_FORTEZZA_DMS_WITH_NULL_SHA, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
- { SSL_RSA_WITH_NULL_MD5, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}
-};
-
-static const /*SSL3CompressionMethod*/ uint8 compressions [] = {
- compression_null
-};
-
-static const int compressionMethodsCount =
- sizeof(compressions) / sizeof(compressions[0]);
-
-static const /*SSL3ClientCertificateType */ uint8 certificate_types [] = {
- ct_RSA_sign,
- ct_DSS_sign,
-};
-
-static const /*SSL3ClientCertificateType */ uint8 fortezza_certificate_types [] = {
- ct_Fortezza,
-};
-
-/*
- * make sure there is room in the write buffer for padding and
- * other compression and cryptographic expansions
- */
-#define SSL3_BUFFER_FUDGE 100
-
-#undef BPB
-#define BPB 8 /* Bits Per Byte */
-
-#define SET_ERROR_CODE /* reminder */
-#define SEND_ALERT /* reminder */
-#define TEST_FOR_FAILURE /* reminder */
-#define DEAL_WITH_FAILURE /* reminder */
-
-
-/* This is a hack to make sure we don't do double handshakes for US policy */
-PRBool ssl3_global_policy_some_restricted = PR_FALSE;
-
-/* This global item is used only in servers. It is is initialized by
-** SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest().
-*/
-CERTDistNames *ssl3_server_ca_list = NULL;
-
-/* statistics from ssl3_SendClientHello (sch) */
-long ssl3_sch_sid_cache_hits;
-long ssl3_sch_sid_cache_misses;
-long ssl3_sch_sid_cache_not_ok;
-
-/* statistics from ssl3_HandleServerHello (hsh) */
-long ssl3_hsh_sid_cache_hits;
-long ssl3_hsh_sid_cache_misses;
-long ssl3_hsh_sid_cache_not_ok;
-
-/* statistics from ssl3_HandleClientHello (hch) */
-long ssl3_hch_sid_cache_hits;
-long ssl3_hch_sid_cache_misses;
-long ssl3_hch_sid_cache_not_ok;
-
-/* indexed by SSL3BulkCipher */
-static const ssl3BulkCipherDef bulk_cipher_defs[] = {
- /* cipher calg keySz secretSz type ivSz BlkSz keygen */
- {cipher_null, calg_null, 0, 0, type_stream, 0, 0, kg_null},
- {cipher_rc4, calg_rc4, 16, 16, type_stream, 0, 0, kg_strong},
- {cipher_rc4_40, calg_rc4, 16, 5, type_stream, 0, 0, kg_export},
- {cipher_rc4_56, calg_rc4, 16, 7, type_stream, 0, 0, kg_export},
- {cipher_rc2, calg_rc2, 16, 16, type_block, 8, 8, kg_strong},
- {cipher_rc2_40, calg_rc2, 16, 5, type_block, 8, 8, kg_export},
- {cipher_des, calg_des, 8, 8, type_block, 8, 8, kg_strong},
- {cipher_3des, calg_3des, 24, 24, type_block, 8, 8, kg_strong},
- {cipher_des40, calg_des, 8, 5, type_block, 8, 8, kg_export},
- {cipher_idea, calg_idea, 16, 16, type_block, 8, 8, kg_strong},
- {cipher_fortezza, calg_fortezza, 10, 10, type_block, 24, 8, kg_null},
- {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, kg_null},
-};
-
-static const ssl3KEADef kea_defs[] = { /* indexed by SSL3KeyExchangeAlgorithm */
- /* kea exchKeyType signKeyType is_limited limit tls_keygen */
- {kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE},
- {kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE},
- {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE},
- {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE},
- {kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE},
- {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE},
- {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE},
- {kea_dh_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE},
- {kea_dhe_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE},
- {kea_dhe_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE},
- {kea_dhe_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE},
- {kea_dhe_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE},
- {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE},
- {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE},
- {kea_fortezza, kt_fortezza, sign_dsa, PR_FALSE, 0, PR_FALSE},
- {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE },
-};
-
-static const CK_MECHANISM_TYPE kea_alg_defs[] = {
- 0x80000000L,
- CKM_RSA_PKCS,
- CKM_DH_PKCS_DERIVE,
- CKM_KEA_KEY_DERIVE
-};
-
-
-static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
- /* mac malg pad_size mac_size */
- { mac_null, malg_null, 0, 0 },
- { mac_md5, malg_md5, 48, MD5_LENGTH },
- { mac_sha, malg_sha, 40, SHA1_LENGTH},
- {hmac_md5, malg_md5_hmac, 48, MD5_LENGTH },
- {hmac_sha, malg_sha_hmac, 40, SHA1_LENGTH},
-};
-
-/* must use ssl_LookupCipherSuiteDef to access */
-static const ssl3CipherSuiteDef cipher_suite_defs[] = {
-/* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */
-
- {SSL_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null},
- {SSL_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa},
- {SSL_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa},
- {SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
- {SSL_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa},
- {SSL_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa},
- {SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
- cipher_rc2_40, mac_md5, kea_rsa_export},
-#if 0 /* not implemented */
- {SSL_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa},
- {SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_rsa_export},
-#endif
- {SSL_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa},
- {SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa},
-
-#if 0 /* not implemented */
- {SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_dh_dss_export},
- {SSL_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss},
- {SSL_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss},
- {SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_dh_rsa_export},
- {SSL_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
- {SSL_DH_RSA_3DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
- {SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_dh_dss_export},
- {SSL_DHE_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss},
- {SSL_DHE_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss},
- {SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_dh_rsa_export},
- {SSL_DHE_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
- {SSL_DHE_RSA_3DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
- {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export},
- {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4, mac_md5, kea_dh_anon_export},
- {SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_dh_anon_export},
- {SSL_DH_ANON_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon},
- {SSL_DH_ANON_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon},
-#endif
-
- {SSL_FORTEZZA_DMS_WITH_NULL_SHA, cipher_null, mac_sha, kea_fortezza},
- {SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
- cipher_fortezza, mac_sha, kea_fortezza},
- {SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_fortezza},
-
- {TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- cipher_des, mac_sha,kea_rsa_export_1024},
- {TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
- cipher_rc4_56, mac_sha,kea_rsa_export_1024},
-
- {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips},
- {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips},
-
-};
-
-/* indexed by SSL3BulkCipher */
-const char * const ssl3_cipherName[] = {
- "NULL",
- "RC4",
- "RC4-40",
- "RC4-56",
- "RC2-CBC",
- "RC2-CBC-40",
- "DES-CBC",
- "3DES-EDE-CBC",
- "DES-CBC-40",
- "IDEA-CBC",
- "FORTEZZA",
- "missing"
-};
-
-#if defined(TRACE)
-
-static char *
-ssl3_DecodeHandshakeType(int msgType)
-{
- char * rv;
- static char line[40];
-
- switch(msgType) {
- case hello_request: rv = "hello_request (0)"; break;
- case client_hello: rv = "client_hello (1)"; break;
- case server_hello: rv = "server_hello (2)"; break;
- case certificate: rv = "certificate (11)"; break;
- case server_key_exchange: rv = "server_key_exchange (12)"; break;
- case certificate_request: rv = "certificate_request (13)"; break;
- case server_hello_done: rv = "server_hello_done (14)"; break;
- case certificate_verify: rv = "certificate_verify (15)"; break;
- case client_key_exchange: rv = "client_key_exchange (16)"; break;
- case finished: rv = "finished (20)"; break;
- default:
- sprintf(line, "*UNKNOWN* handshake type! (%d)", msgType);
- rv = line;
- }
- return rv;
-}
-
-static char *
-ssl3_DecodeContentType(int msgType)
-{
- char * rv;
- static char line[40];
-
- switch(msgType) {
- case content_change_cipher_spec:
- rv = "change_cipher_spec (20)"; break;
- case content_alert: rv = "alert (21)"; break;
- case content_handshake: rv = "handshake (22)"; break;
- case content_application_data:
- rv = "application_data (23)"; break;
- default:
- sprintf(line, "*UNKNOWN* record type! (%d)", msgType);
- rv = line;
- }
- return rv;
-}
-
-#endif
-
-/* return pointer to ssl3CipherSuiteDef for suite, or NULL */
-/* XXX This does a linear search. A binary search would be better. */
-static const ssl3CipherSuiteDef *
-ssl_LookupCipherSuiteDef(ssl3CipherSuite suite)
-{
- int cipher_suite_def_len =
- sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]);
- int i;
-
- for (i = 0; i < cipher_suite_def_len; i++) {
- if (cipher_suite_defs[i].cipher_suite == suite)
- return &cipher_suite_defs[i];
- }
- PORT_Assert(PR_FALSE); /* We should never get here. */
- PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
- return NULL;
-}
-
-/* Find the cipher configuration struct associate with suite */
-/* XXX This does a linear search. A binary search would be better. */
-static ssl3CipherSuiteCfg *
-ssl_LookupCipherSuiteCfg(ssl3CipherSuite suite, ssl3CipherSuiteCfg *suites)
-{
- int i;
-
- for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- if (suites[i].cipher_suite == suite)
- return &suites[i];
- }
- /* return NULL and let the caller handle it. */
- PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
- return NULL;
-}
-
-
-/* Initialize the suite->isPresent value for config_match
- * Returns count of enabled ciphers supported by extant tokens,
- * regardless of policy or user preference.
- * If this returns zero, the user cannot do SSL v3.
- */
-int
-ssl3_config_match_init(sslSocket *ss)
-{
- ssl3CipherSuiteCfg * suite;
- const ssl3CipherSuiteDef *cipher_def;
- CipherAlgorithm cipher_alg;
- SSL3KEAType exchKeyType;
- int i;
- int numPresent = 0;
- int numEnabled = 0;
- PRBool isServer;
-
- if (!ss->enableSSL3 && !ss->enableTLS) {
- return 0;
- }
- isServer = (PRBool)( ss && ss->sec && ss->sec->isServer );
-
- for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- suite = &ss->cipherSuites[i];
- if (suite->enabled) {
- ++numEnabled;
- /* We need the cipher defs to see if we have a token that can handle
- * this cipher. It isn't part of the static definition.
- */
- cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite);
- if (!cipher_def) {
- suite->isPresent = PR_FALSE;
- continue;
- }
- cipher_alg=bulk_cipher_defs[cipher_def->bulk_cipher_alg ].calg;
- exchKeyType =
- kea_defs[cipher_def->key_exchange_alg].exchKeyType;
-
- /* Mark the suites that are backed by real tokens, certs and keys */
- suite->isPresent = (PRBool)
- (((exchKeyType == kt_null) ||
- (!isServer || (ss->serverKey[exchKeyType] &&
- ss->serverCertChain[exchKeyType])) &&
- PK11_TokenExists(kea_alg_defs[exchKeyType])) &&
- ((cipher_alg == calg_null) || PK11_TokenExists(cipher_alg)));
- if (suite->isPresent)
- ++numPresent;
- }
- }
- PORT_Assert(numPresent > 0 || numEnabled == 0);
- if (numPresent <= 0) {
- PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED);
- }
- return numPresent;
-}
-
-
-/* return PR_TRUE if suite matches policy and enabled state */
-/* It would be a REALLY BAD THING (tm) if we ever permitted the use
-** of a cipher that was NOT_ALLOWED. So, if this is ever called with
-** policy == SSL_NOT_ALLOWED, report no match.
-*/
-/* adjust suite enabled to the availability of a token that can do the
- * cipher suite. */
-static PRBool
-config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled)
-{
- PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE);
- if (policy == SSL_NOT_ALLOWED || !enabled)
- return PR_FALSE;
- return (PRBool)(suite->enabled &&
- suite->isPresent &&
- suite->policy != SSL_NOT_ALLOWED &&
- suite->policy <= policy);
-}
-
-/* return number of cipher suites that match policy and enabled state */
-/* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */
-static int
-count_cipher_suites(sslSocket *ss, int policy, PRBool enabled)
-{
- int i, count = 0;
-
- if (!ss->enableSSL3 && !ss->enableTLS) {
- return 0;
- }
- for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- if (config_match(&ss->cipherSuites[i], policy, enabled))
- count++;
- }
- if (count <= 0) {
- PORT_SetError(SSL_ERROR_SSL_DISABLED);
- }
- return count;
-}
-
-static PRBool
-anyRestrictedEnabled(sslSocket *ss)
-{
- int i;
-
- if (!ss->enableSSL3 && !ss->enableTLS) {
- return PR_FALSE;
- }
- for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
- if (suite->policy == SSL_RESTRICTED &&
- suite->enabled &&
- suite->isPresent)
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-/*
- * Null compression, mac and encryption functions
- */
-
-static SECStatus
-Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen,
- const unsigned char *input, int inputLen)
-{
- *outputLen = inputLen;
- if (input != output)
- PORT_Memcpy(output, input, inputLen);
- return SECSuccess;
-}
-
-
-/*
- * SSL3 Utility functions
- */
-
-SECStatus
-ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion)
-{
- SSL3ProtocolVersion version;
- SSL3ProtocolVersion maxVersion;
-
- if (ss->enableTLS) {
- maxVersion = SSL_LIBRARY_VERSION_3_1_TLS;
- } else if (ss->enableSSL3) {
- maxVersion = SSL_LIBRARY_VERSION_3_0;
- } else {
- /* what are we doing here? */
- PORT_Assert(ss->enableSSL3 || ss->enableTLS);
- PORT_SetError(SSL_ERROR_SSL_DISABLED);
- return SECFailure;
- }
-
- ss->version = version = PR_MIN(maxVersion, peerVersion);
-
- if ((version == SSL_LIBRARY_VERSION_3_1_TLS && ss->enableTLS) ||
- (version == SSL_LIBRARY_VERSION_3_0 && ss->enableSSL3)) {
- return SECSuccess;
- }
-
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
- return SECFailure;
-
-}
-
-static SECStatus
-ssl3_GetNewRandom(SSL3Random *random)
-{
- PRIntervalTime gmt = PR_IntervalToSeconds(PR_IntervalNow());
- SECStatus rv;
-
- random->rand[0] = (unsigned char)(gmt >> 24);
- random->rand[1] = (unsigned char)(gmt >> 16);
- random->rand[2] = (unsigned char)(gmt >> 8);
- random->rand[3] = (unsigned char)(gmt);
-
- /* first 4 bytes are reserverd for time */
- rv = PK11_GenerateRandom(&random->rand[4], SSL3_RANDOM_LENGTH - 4);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
- }
- return rv;
-}
-
-static SECStatus
-ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
- PRBool isTLS)
-{
- SECStatus rv = SECFailure;
- PRBool doDerEncode = PR_FALSE;
- int signatureLen;
- SECItem hashItem;
-
- buf->data = NULL;
- signatureLen = PK11_SignatureLen(key);
- if (signatureLen <= 0) {
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- goto done;
- }
-
- buf->len = (unsigned)signatureLen;
- buf->data = (unsigned char *)PORT_Alloc(signatureLen + 1);
- if (!buf->data)
- goto done; /* error code was set. */
-
- switch (key->keyType) {
- case rsaKey:
- hashItem.data = hash->md5;
- hashItem.len = sizeof(SSL3Hashes);
- break;
- case dsaKey:
- case fortezzaKey:
- doDerEncode = isTLS;
- hashItem.data = hash->sha;
- hashItem.len = sizeof(hash->sha);
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- goto done;
- }
- PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
-
- rv = PK11_Sign(key, buf, &hashItem);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
- } else if (doDerEncode) {
- SECItem derSig = {siBuffer, NULL, 0};
-
- rv = DSAU_EncodeDerSig(&derSig, buf);
- if (rv == SECSuccess) {
- PORT_Free(buf->data); /* discard unencoded signature. */
- *buf = derSig; /* give caller encoded signature. */
- } else if (derSig.data) {
- PORT_Free(derSig.data);
- }
- }
-
- PRINT_BUF(60, (NULL, "signed hashes", (unsigned char*)buf->data, buf->len));
-done:
- if (rv != SECSuccess && buf->data) {
- PORT_Free(buf->data);
- buf->data = NULL;
- }
- return rv;
-}
-
-
-static SECStatus
-ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
- SECItem *buf, PRBool isTLS, void *pwArg)
-{
- SECKEYPublicKey * key;
- SECItem * signature = NULL;
- SECStatus rv;
- SECItem hashItem;
-
-
- PRINT_BUF(60, (NULL, "check signed hashes",
- buf->data, buf->len));
-
- key = CERT_ExtractPublicKey(cert);
- if (key == NULL) {
- /* CERT_ExtractPublicKey doesn't set error code */
- PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
- return SECFailure;
- }
-
- switch (key->keyType) {
- case rsaKey:
- hashItem.data = hash->md5;
- hashItem.len = sizeof(SSL3Hashes);
- break;
- case dsaKey:
- case fortezzaKey:
- hashItem.data = hash->sha;
- hashItem.len = sizeof(hash->sha);
- if (isTLS) {
- signature = DSAU_DecodeDerSig(buf);
- if (!signature) {
- PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
- return SECFailure;
- }
- buf = signature;
- }
- break;
- default:
- SECKEY_DestroyPublicKey(key);
- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
- return SECFailure;
- }
-
- PRINT_BUF(60, (NULL, "hash(es) to be verified",
- hashItem.data, hashItem.len));
-
- rv = PK11_Verify(key, buf, &hashItem, pwArg);
- SECKEY_DestroyPublicKey(key);
- if (signature) {
- SECITEM_FreeItem(signature, PR_TRUE);
- }
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
- }
- return rv;
-}
-
-
-/* Caller must set hiLevel error code. */
-static SECStatus
-ssl3_ComputeExportRSAKeyHash(SECItem modulus, SECItem publicExponent,
- SSL3Random *client_rand, SSL3Random *server_rand,
- SSL3Hashes *hashes)
-{
- PK11Context * md5 = NULL;
- PK11Context * sha = NULL;
- PRUint8 * hashBuf;
- PRUint8 * pBuf;
- SECStatus rv = SECSuccess;
- unsigned int outLen;
- unsigned int bufLen;
- PRUint8 buf[2*SSL3_RANDOM_LENGTH + 2 + 4096/8 + 2 + 4096/8];
-
- bufLen = 2*SSL3_RANDOM_LENGTH + 2 + modulus.len + 2 + publicExponent.len;
- if (bufLen <= sizeof buf) {
- hashBuf = buf;
- } else {
- hashBuf = PORT_Alloc(bufLen);
- if (!hashBuf) {
- return SECFailure;
- }
- }
-
- md5 = PK11_CreateDigestContext(SEC_OID_MD5);
- if (md5 == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- rv = SECFailure; /* Caller must set hiLevel error code. */
- goto done;
- }
- sha = PK11_CreateDigestContext(SEC_OID_SHA1);
- if (sha == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
- rv = SECFailure; /* Caller must set hiLevel error code. */
- goto done;
- }
-
- memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
- pBuf = hashBuf + SSL3_RANDOM_LENGTH;
- memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH);
- pBuf += SSL3_RANDOM_LENGTH;
- pBuf[0] = (PRUint8)(modulus.len >> 8);
- pBuf[1] = (PRUint8)(modulus.len);
- pBuf += 2;
- memcpy(pBuf, modulus.data, modulus.len);
- pBuf += modulus.len;
- pBuf[0] = (PRUint8)(publicExponent.len >> 8);
- pBuf[1] = (PRUint8)(publicExponent.len);
- pBuf += 2;
- memcpy(pBuf, publicExponent.data, publicExponent.len);
- pBuf += publicExponent.len;
- PORT_Assert(pBuf - hashBuf == bufLen);
-
- rv = PK11_DigestBegin(md5);
- rv |= PK11_DigestOp(md5, hashBuf, bufLen);
- rv |= PK11_DigestFinal(md5, hashes->md5, &outLen, MD5_LENGTH);
- PORT_Assert(rv != SECSuccess || outLen == MD5_LENGTH);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- rv = SECFailure;
- goto done;
- }
-
- rv = PK11_DigestBegin(sha);
- rv |= PK11_DigestOp(sha, hashBuf, bufLen);
- rv |= PK11_DigestFinal(sha, hashes->sha, &outLen, SHA1_LENGTH);
- PORT_Assert(rv != SECSuccess || outLen == SHA1_LENGTH);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
- rv = SECFailure;
- goto done;
- }
-
- PRINT_BUF(95, (NULL, "RSAkey hash: ", hashBuf, bufLen));
- PRINT_BUF(95, (NULL, "RSAkey hash: MD5 result", hashes->md5, MD5_LENGTH));
- PRINT_BUF(95, (NULL, "RSAkey hash: SHA1 result", hashes->sha, SHA1_LENGTH));
-
-done:
- if (md5 != NULL) PK11_DestroyContext(md5, PR_TRUE);
- if (sha != NULL) PK11_DestroyContext(sha, PR_TRUE);
- if (hashBuf != buf && hashBuf != NULL)
- PORT_Free(hashBuf);
- return rv;
-}
-
-/* Caller must set hiLevel error code. */
-static SECStatus
-ssl3_ComputeFortezzaPublicKeyHash(SECItem publicValue, unsigned char * hash)
-{
- PK11Context *sha = NULL;
- SECStatus rv = SECFailure;
- unsigned int outLen;
-
- sha = PK11_CreateDigestContext(SEC_OID_SHA1);
- if (sha == NULL) {
- return rv; /* Caller must set hiLevel error code. */
- }
-
- rv = PK11_DigestBegin(sha);
- rv |= PK11_DigestOp(sha, (unsigned char *)publicValue.data, publicValue.len);
- rv |= PK11_DigestFinal(sha, hash, &outLen, SHA1_LENGTH);
- PORT_Assert(rv != SECSuccess || outLen == SHA1_LENGTH);
- if (rv != SECSuccess)
- rv = SECFailure;
- PK11_DestroyContext(sha, PR_TRUE);
-
- return rv;
-}
-
-
-static void
-ssl3_BumpSequenceNumber(SSL3SequenceNumber *num)
-{
- num->low++;
- if (num->low == 0)
- num->high++;
-}
-
-/* Called only from ssl3_DestroyCipherSpec (immediately below). */
-static void
-ssl3_CleanupKeyMaterial(ssl3KeyMaterial *mat)
-{
- if (mat->write_key != NULL) {
- PK11_FreeSymKey(mat->write_key);
- mat->write_key = NULL;
- }
- if (mat->write_mac_key != NULL) {
- PK11_FreeSymKey(mat->write_mac_key);
- mat->write_mac_key = NULL;
- }
- if (mat->write_mac_context != NULL) {
- PK11_DestroyContext(mat->write_mac_context, PR_TRUE);
- mat->write_mac_context = NULL;
- }
-}
-
-/* Called from ssl3_SendChangeCipherSpecs() and ssl3_HandleChangeCipherSpecs()
-** Caller must hold SpecWriteLock.
-*/
-static void
-ssl3_DestroyCipherSpec(ssl3CipherSpec *spec)
-{
-
-/* PORT_Assert( ssl_HaveSpecWriteLock(ss)); Don't have ss! */
-
- if (spec->destroy) {
- spec->destroy(spec->encodeContext,PR_TRUE);
- spec->destroy(spec->decodeContext,PR_TRUE);
- spec->encodeContext = NULL; /* paranoia */
- spec->decodeContext = NULL;
- }
- if (spec->master_secret != NULL) {
- PK11_FreeSymKey(spec->master_secret);
- spec->master_secret = NULL;
- }
- ssl3_CleanupKeyMaterial(&spec->client);
- ssl3_CleanupKeyMaterial(&spec->server);
- spec->destroy=NULL;
-}
-
-/* Called from ssl3_HandleServerHello(), ssl3_SendServerHello()
-** Caller must hold the ssl3 handshake lock.
-** Acquires & releases SpecWriteLock.
-*/
-static SECStatus
-ssl3_SetupPendingCipherSpec(sslSocket *ss, ssl3State *ssl3)
-{
- ssl3CipherSpec * pwSpec;
- ssl3CipherSuite suite = ssl3->hs.cipher_suite;
- sslSecurityInfo * sec = ss->sec;
- SSL3MACAlgorithm mac;
- SSL3BulkCipher cipher;
- SSL3KeyExchangeAlgorithm kea;
- const ssl3CipherSuiteDef *suite_def;
- PRBool isTLS;
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- ssl_GetSpecWriteLock(ss); /*******************************/
-
- pwSpec = ssl3->pwSpec;
- PORT_Assert(pwSpec == ssl3->prSpec);
-
- pwSpec->version = ss->version;
- isTLS = (PRBool)(pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-
- SSL_TRC(3, ("%d: SSL3[%d]: Set XXX Pending Cipher Suite to 0x%04x",
- SSL_GETPID(), ss->fd, suite));
-
- suite_def = ssl_LookupCipherSuiteDef(suite);
- if (suite_def == NULL) {
- ssl_ReleaseSpecWriteLock(ss);
- return SECFailure; /* error code set by ssl_LookupCipherSuiteDef */
- }
-
-
- cipher = suite_def->bulk_cipher_alg;
- kea = suite_def->key_exchange_alg;
- mac = suite_def->mac_alg;
- if (isTLS)
- mac += 2;
-
- ssl3->hs.suite_def = suite_def;
- ssl3->hs.kea_def = &kea_defs[kea];
- PORT_Assert(ssl3->hs.kea_def->kea == kea);
-
- pwSpec->cipher_def = &bulk_cipher_defs[cipher];
- PORT_Assert(pwSpec->cipher_def->cipher == cipher);
-
- pwSpec->mac_def = &mac_defs[mac];
- PORT_Assert(pwSpec->mac_def->mac == mac);
-
-
- sec->keyBits = pwSpec->cipher_def->key_size * BPB;
- sec->secretKeyBits = pwSpec->cipher_def->secret_key_size * BPB;
- sec->cipherType = cipher;
-
- pwSpec->encodeContext = NULL;
- pwSpec->decodeContext = NULL;
-
- pwSpec->mac_size = pwSpec->mac_def->mac_size;
-
- ssl_ReleaseSpecWriteLock(ss); /*******************************/
- return SECSuccess;
-}
-
-/*
- * Called from: ssl3_SendClientKeyExchange (for Full handshake)
- * ssl3_HandleClientKeyExchange (for Full handshake)
- * ssl3_HandleServerHello (for session restart)
- * ssl3_HandleClientHello (for session restart)
- * Sets error code, but caller probably should override to disambiguate.
- * NULL pms means re-use old master_secret.
- */
-static SECStatus
-ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms)
-{
- ssl3CipherSpec * pwSpec;
- sslSecurityInfo * sec = ss->sec;
-const ssl3BulkCipherDef *cipher_def;
- PK11Context * serverContext = NULL;
- PK11Context * clientContext = NULL;
- SECItem * param;
- CK_ULONG macLength;
- SECStatus rv;
- CK_MECHANISM_TYPE mechanism;
- CK_MECHANISM_TYPE mac_mech;
- SECItem iv;
- SECItem mac_param;
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- ssl_GetSpecWriteLock(ss); /**************************************/
-
- PORT_Assert(ss->ssl3->prSpec == ss->ssl3->pwSpec);
-
- pwSpec = ss->ssl3->pwSpec;
- cipher_def = pwSpec->cipher_def;
- macLength = pwSpec->mac_size;
-
- /* generate session keys from pms (if pms is not NULL) or ms */
- rv = ssl3_GenerateSessionKeys(ss, pms);
- if (rv != SECSuccess) {
- goto bail_out; /* err code set by ssl3_GenerateSessionKeys */
- }
-
- pwSpec->client.write_mac_context = NULL;
- pwSpec->server.write_mac_context = NULL;
-
- mac_param.data = (unsigned char *)&macLength;
- mac_param.len = sizeof(macLength);
- mac_mech = (CK_MECHANISM_TYPE) pwSpec->mac_def->malg;
-
- if (cipher_def->calg == calg_null) {
- pwSpec->encode = Null_Cipher;
- pwSpec->decode = Null_Cipher;
- pwSpec->destroy = NULL;
- pwSpec->client.write_mac_context = PK11_CreateContextBySymKey(
- mac_mech, CKA_SIGN, pwSpec->client.write_mac_key, &mac_param);
- if (pwSpec->client.write_mac_context == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
- goto fail;
- }
- pwSpec->server.write_mac_context = PK11_CreateContextBySymKey(
- mac_mech, CKA_SIGN, pwSpec->server.write_mac_key, &mac_param);
- if (pwSpec->server.write_mac_context == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
- goto fail;
- }
- goto success;
- }
-
- mechanism = (CK_MECHANISM_TYPE) cipher_def->calg;
-
- /*
- * build the server context
- */
- iv.data = pwSpec->server.write_iv;
- iv.len = cipher_def->iv_size;
- param = PK11_ParamFromIV(mechanism, &iv);
- if (param == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_IV_PARAM_FAILURE);
- goto fail;
- }
- serverContext = PK11_CreateContextBySymKey(mechanism,
- (sec->isServer ? CKA_ENCRYPT : CKA_DECRYPT),
- pwSpec->server.write_key, param);
- iv.data = PK11_IVFromParam(mechanism, param, (int *)&iv.len);
- if (iv.data)
- PORT_Memcpy(pwSpec->server.write_iv, iv.data, iv.len);
- SECITEM_FreeItem(param, PR_TRUE);
- if (serverContext == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
- goto fail;
- }
-
- /*
- * build the client context
- */
- iv.data = pwSpec->client.write_iv;
- iv.len = cipher_def->iv_size;
- param = PK11_ParamFromIV(mechanism, &iv);
- if (param == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_IV_PARAM_FAILURE);
- goto fail;
- }
- clientContext = PK11_CreateContextBySymKey(mechanism,
- (sec->isServer ? CKA_DECRYPT : CKA_ENCRYPT),
- pwSpec->client.write_key, param);
- iv.data = PK11_IVFromParam(mechanism, param, (int *)&iv.len);
- if (iv.data)
- PORT_Memcpy(pwSpec->client.write_iv, iv.data, iv.len);
- SECITEM_FreeItem(param,PR_TRUE);
- if (clientContext == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
- goto fail;
- }
-
- pwSpec->encodeContext = (sec->isServer) ? serverContext : clientContext;
- pwSpec->decodeContext = (sec->isServer) ? clientContext : serverContext;
- pwSpec->encode = (SSLCipher) PK11_CipherOp;
- pwSpec->decode = (SSLCipher) PK11_CipherOp;
- pwSpec->destroy = (SSLDestroy) PK11_DestroyContext;
-
- serverContext = NULL;
- clientContext = NULL;
-
- pwSpec->client.write_mac_context = PK11_CreateContextBySymKey(
- mac_mech,CKA_SIGN, pwSpec->client.write_mac_key,&mac_param);
- if (pwSpec->client.write_mac_context == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
- goto fail;
- }
- pwSpec->server.write_mac_context = PK11_CreateContextBySymKey(
- mac_mech, CKA_SIGN, pwSpec->server.write_mac_key,&mac_param);
- if (pwSpec->server.write_mac_context == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
- goto fail;
- }
-success:
- ssl_ReleaseSpecWriteLock(ss); /******************************/
- return SECSuccess;
-
-fail:
- if (serverContext != NULL) PK11_DestroyContext(serverContext, PR_TRUE);
- if (clientContext != NULL) PK11_DestroyContext(clientContext, PR_TRUE);
- if (pwSpec->client.write_mac_context != NULL) {
- PK11_DestroyContext(pwSpec->client.write_mac_context,PR_TRUE);
- pwSpec->client.write_mac_context = NULL;
- }
- if (pwSpec->server.write_mac_context != NULL) {
- PK11_DestroyContext(pwSpec->server.write_mac_context,PR_TRUE);
- pwSpec->server.write_mac_context = NULL;
- }
-bail_out:
- ssl_ReleaseSpecWriteLock(ss);
- return SECFailure;
-}
-
-/*
- * 60 bytes is 3 times the maximum length MAC size that is supported.
- */
-static const unsigned char mac_pad_1 [60] = {
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36
-};
-static const unsigned char mac_pad_2 [60] = {
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c
-};
-
-/* Called from: ssl3_SendRecord()
-** ssl3_HandleRecord()
-** Caller must already hold the SpecReadLock. (wish we could assert that!)
-*/
-static SECStatus
-ssl3_ComputeRecordMAC(
- ssl3CipherSpec * spec,
- PK11Context * mac_context,
- SSL3ContentType type,
- SSL3ProtocolVersion version,
- SSL3SequenceNumber seq_num,
- SSL3Opaque * input,
- int inputLength,
- unsigned char * outbuf,
- unsigned int * outLength)
-{
- const ssl3MACDef * mac_def;
- SECStatus rv;
- unsigned int tempLen;
- unsigned char temp[MAX_MAC_LENGTH];
-
-/* ssl_GetSpecReadLock(ss); Don't have "ss"! */
-
- mac_def = spec->mac_def;
- if (mac_def->malg == malg_null) {
- *outLength = 0;
-/* ssl_ReleaseSpecReadLock(ss); */
- return SECSuccess;
- }
-
- temp[0] = (unsigned char)(seq_num.high >> 24);
- temp[1] = (unsigned char)(seq_num.high >> 16);
- temp[2] = (unsigned char)(seq_num.high >> 8);
- temp[3] = (unsigned char)(seq_num.high >> 0);
- temp[4] = (unsigned char)(seq_num.low >> 24);
- temp[5] = (unsigned char)(seq_num.low >> 16);
- temp[6] = (unsigned char)(seq_num.low >> 8);
- temp[7] = (unsigned char)(seq_num.low >> 0);
- temp[8] = type;
-
- /* TLS MAC includes the record's version field, SSL's doesn't.
- ** We decide which MAC defintion to use based on the version of
- ** the protocol that was negotiated when the spec became current,
- ** NOT based on the version value in the record itself.
- ** But, we use the record'v version value in the computation.
- */
- if (spec->version <= SSL_LIBRARY_VERSION_3_0) {
- temp[9] = MSB(inputLength);
- temp[10] = LSB(inputLength);
- tempLen = 11;
- } else {
- /* New TLS hash includes version. */
- temp[9] = MSB(version);
- temp[10] = LSB(version);
- temp[11] = MSB(inputLength);
- temp[12] = LSB(inputLength);
- tempLen = 13;
- }
-
- PRINT_BUF(95, (NULL, "frag hash1: temp", temp, tempLen));
- PRINT_BUF(95, (NULL, "frag hash1: input", input, inputLength));
-
- rv = PK11_DigestBegin(mac_context);
- rv |= PK11_DigestOp(mac_context, temp, tempLen);
- rv |= PK11_DigestOp(mac_context, input, inputLength);
-
- rv |= PK11_DigestFinal(mac_context, outbuf, outLength, spec->mac_size);
- PORT_Assert(rv != SECSuccess || *outLength == (unsigned)spec->mac_size);
-
-/* ssl_ReleaseSpecReadLock(ss); */
-
- PRINT_BUF(95, (NULL, "frag hash2: result", outbuf, *outLength));
-
- if (rv != SECSuccess) {
- rv = SECFailure;
- ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
- }
- return rv;
-}
-
-/* Process the plain text before sending it.
- * Returns the number of bytes of plaintext that were succesfully sent
- * plus the number of bytes of plaintext that were copied into the
- * output (write) buffer.
- * Returns SECFailure on a hard IO error, memory error, or crypto error.
- * Does NOT return SECWouldBlock.
- */
-static PRInt32
-ssl3_SendRecord( sslSocket * ss,
- SSL3ContentType type,
- const SSL3Opaque * buf,
- PRInt32 bytes,
- PRInt32 flags)
-{
- ssl3CipherSpec * cwSpec;
- sslBuffer * write = &ss->sec->writeBuf;
- const ssl3BulkCipherDef * cipher_def;
- SECStatus rv;
- PRUint32 bufSize = 0;
- PRInt32 sent = 0;
- PRInt32 cipherBytes = -1;
- PRBool isBlocking = ssl_SocketIsBlocking(ss);
- PRBool ssl3WasNull = PR_FALSE;
-
- SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s bytes=%d",
- SSL_GETPID(), ss->fd, ssl3_DecodeContentType(type),
- bytes));
- PRINT_BUF(3, (ss, "Send record (plain text)", buf, bytes));
-
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
-
- if (ss->ssl3 == NULL) {
- /* This can happen on a server if the very first incoming record
- ** looks like a defective ssl3 record (e.g. too long), and we're
- ** trying to send an alert.
- */
- ssl3WasNull = PR_TRUE;
- PR_ASSERT(type == content_alert);
- rv = ssl3_InitState(ss);
- if (rv != SECSuccess) {
- return SECFailure; /* ssl3_InitState has set the error code. */
- }
- }
-
- while (bytes > 0) {
- PRInt32 count;
- PRUint32 contentLen;
- PRUint32 fragLen;
- PRUint32 macLen;
-
- contentLen = PR_MIN(bytes, MAX_FRAGMENT_LENGTH);
- if (write->space < contentLen + SSL3_BUFFER_FUDGE) {
- rv = sslBuffer_Grow(write, contentLen + SSL3_BUFFER_FUDGE);
- if (rv != SECSuccess) {
- SSL_DBG(("%d: SSL3[%d]: SendRecord, tried to get %d bytes",
- SSL_GETPID(), ss->fd, contentLen + SSL3_BUFFER_FUDGE));
- return SECFailure; /* sslBuffer_Grow set a memory error code. */
- }
- }
-
- /* This variable records
- * the actual size of the buffer we allocated above. Some
- * algorithms (FORTEZZA) will expand the number of bytes it needs to
- * send data. If we only supply the output buffer with the same number
- * of bytes as the input buffer, we will fail.
- */
- bufSize = contentLen + SSL3_BUFFER_FUDGE;
-
- /*
- * null compression is easy to do
- */
- PORT_Memcpy(write->buf + SSL3_RECORD_HEADER_LENGTH, buf, contentLen);
- buf += contentLen;
- bytes -= contentLen;
- PORT_Assert( bytes >= 0 );
-
- ssl_GetSpecReadLock(ss); /********************************/
-
- cwSpec = ss->ssl3->cwSpec;
- cipher_def = cwSpec->cipher_def;
- /*
- * Add the MAC
- */
- rv = ssl3_ComputeRecordMAC(
- cwSpec, (ss->sec->isServer) ? cwSpec->server.write_mac_context
- : cwSpec->client.write_mac_context,
- type, cwSpec->version, cwSpec->write_seq_num,
- write->buf + SSL3_RECORD_HEADER_LENGTH, contentLen,
- write->buf + contentLen + SSL3_RECORD_HEADER_LENGTH, &macLen);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
- goto spec_locked_loser;
- }
- fragLen = contentLen + macLen; /* needs to be encrypted */
- PORT_Assert(fragLen <= MAX_FRAGMENT_LENGTH + 1024);
-
- /*
- * Pad the text (if we're doing a block cipher)
- * then Encrypt it
- */
- if (cipher_def->type == type_block) {
- int padding_length;
- int i;
- unsigned char * pBuf;
-
- /* Assume blockSize is a power of two */
- padding_length = cipher_def->block_size - 1 -
- ((fragLen) & (cipher_def->block_size - 1));
- fragLen += padding_length + 1;
- PORT_Assert((fragLen % cipher_def->block_size) == 0);
-
- /* Pad according to TLS rules (also acceptable to SSL3). */
- pBuf = &write->buf[fragLen + SSL3_RECORD_HEADER_LENGTH - 1];
- for (i = padding_length + 1; i > 0; --i) {
- *pBuf-- = padding_length;
- }
- }
- rv = cwSpec->encode(
- cwSpec->encodeContext, write->buf + SSL3_RECORD_HEADER_LENGTH,
- &cipherBytes, bufSize, write->buf + SSL3_RECORD_HEADER_LENGTH,
- fragLen);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_ENCRYPTION_FAILURE);
-spec_locked_loser:
- ssl_ReleaseSpecReadLock(ss);
- return SECFailure;
- }
- PORT_Assert(cipherBytes <= MAX_FRAGMENT_LENGTH + 1024);
-
- /*
- * XXX should we zero out our copy of the buffer after compressing
- * and encryption ??
- */
-
- ssl3_BumpSequenceNumber(&cwSpec->write_seq_num);
-
- ssl_ReleaseSpecReadLock(ss); /************************************/
-
- /* PORT_Assert(fragLen == cipherBytes); */
- write->len = cipherBytes + SSL3_RECORD_HEADER_LENGTH;
- write->buf[0] = type;
- write->buf[1] = MSB(cwSpec->version);
- write->buf[2] = LSB(cwSpec->version);
- write->buf[3] = MSB(cipherBytes);
- write->buf[4] = LSB(cipherBytes);
-
- PRINT_BUF(50, (ss, "send (encrypted) record data:", write->buf, write->len));
-
- /* If there's still some previously saved ciphertext,
- * or the caller doesn't want us to send the data yet,
- * then add all our new ciphertext to the amount previously saved.
- */
- if ((ss->pendingBuf.len > 0) ||
- (flags & ssl_SEND_FLAG_FORCE_INTO_BUFFER)) {
-
- rv = ssl_SaveWriteData(ss, &ss->pendingBuf,
- write->buf, write->len);
- if (rv != SECSuccess) {
- /* presumably a memory error, SEC_ERROR_NO_MEMORY */
- return SECFailure;
- }
- write->len = 0; /* All cipher text is saved away. */
-
- if (!(flags & ssl_SEND_FLAG_FORCE_INTO_BUFFER)) {
-
- count = ssl_SendSavedWriteData(ss, &ss->pendingBuf,
- &ssl_DefSend);
- if (count < 0 && PR_GetError() != PR_WOULD_BLOCK_ERROR) {
- ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
- return SECFailure;
- }
- }
- } else if (write->len > 0) {
- count = ssl_DefSend(ss, write->buf, write->len,
- flags & ~ssl_SEND_FLAG_MASK);
- if (count < 0) {
- if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
- ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
- return (sent > 0) ? sent : SECFailure;
- }
- /* we got PR_WOULD_BLOCK_ERROR, which means none was sent. */
- count = 0;
- }
- /* now take all the remaining unsent newly-generated ciphertext and
- * append it to the buffer of previously unsent ciphertext.
- */
- if ((unsigned)count < write->len) {
- rv = ssl_SaveWriteData(ss, &ss->pendingBuf,
- write->buf + (unsigned)count,
- write->len - (unsigned)count);
- if (rv != SECSuccess) {
- /* presumably a memory error, SEC_ERROR_NO_MEMORY */
- return SECFailure;
- }
- }
- write->len = 0;
- }
- sent += contentLen;
- if ((flags & ssl_SEND_FLAG_NO_BUFFER) &&
- (isBlocking || (ss->pendingBuf.len > 0))) {
- break;
- }
- }
- return sent;
-}
-
-/* Attempt to send the content of "in" in an SSL application_data record.
- * Returns "len" or SECFailure, never SECWouldBlock, nor SECSuccess.
- */
-int
-ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in,
- PRInt32 len, PRInt32 flags)
-{
- PRInt32 sent = 0;
-
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
-
- while (len > 0) {
- PRInt32 count;
-
- if (sent > 0) {
- ssl_ReleaseXmitBufLock(ss);
- PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield(); */
- ssl_GetXmitBufLock(ss);
- }
- count = ssl3_SendRecord(ss, content_application_data, in, len,
- flags | ssl_SEND_FLAG_NO_BUFFER);
- if (count < 0) {
- return (sent > 0) ? sent : count;
- /* error code set by ssl3_SendRecord */
- }
- sent += count;
- len -= count;
- in += count;
- }
- return sent;
-}
-
-/* Attempt to send the content of sendBuf buffer in an SSL handshake record.
- * This function returns SECSuccess or SECFailure, never SECWouldBlock.
- * It used to always set sendBuf.len to 0, even when returning SECFailure.
- * Now it does not.
- *
- * Called from SSL3_SendAlert(), ssl3_SendChangeCipherSpecs(),
- * ssl3_AppendHandshake(), ssl3_SendClientHello(),
- * ssl3_SendHelloRequest(), ssl3_SendServerHelloDone(),
- * ssl3_SendFinished(),
- */
-static SECStatus
-ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags)
-{
- PRInt32 rv;
- sslConnectInfo *ci;
-
- PORT_Assert(ss->sec != NULL);
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
-
- ci = &ss->sec->ci;
-
- if (!ci->sendBuf.buf || !ci->sendBuf.len)
- return SECSuccess;
-
- rv = ssl3_SendRecord(ss, content_handshake, ci->sendBuf.buf,
- ci->sendBuf.len, flags);
- if (rv < 0) {
- return (SECStatus)rv; /* error code set by ssl3_SendRecord */
- }
- ci->sendBuf.len = 0;
- return SECSuccess;
-}
-
-/*
- * Called from ssl3_HandleAlert and from ssl3_HandleCertificates when
- * the remote client sends a negative response to our certificate request.
- * Returns SECFailure if the application has required client auth.
- * SECSuccess otherwise.
- */
-static SECStatus
-ssl3_HandleNoCertificate(sslSocket *ss)
-{
- if (ss->sec->peerCert != NULL) {
- if (ss->sec->peerKey != NULL) {
- SECKEY_DestroyPublicKey(ss->sec->peerKey);
- ss->sec->peerKey = NULL;
- }
- CERT_DestroyCertificate(ss->sec->peerCert);
- ss->sec->peerCert = NULL;
- }
-
- /* If the server has required client-auth blindly but doesn't
- * actually look at the certificate it won't know that no
- * certificate was presented so we shutdown the socket to ensure
- * an error. We only do this if we aren't connected because
- * if we're redoing the handshake we know the server is paying
- * attention to the certificate.
- */
- if ((ss->requireCertificate == 1) ||
- (!ss->connected && (ss->requireCertificate > 1))) {
- PRFileDesc * lower;
-
- ss->sec->uncache(ss->sec->ci.sid);
- SSL3_SendAlert(ss, alert_fatal, bad_certificate);
-
- lower = ss->fd->lower;
- lower->methods->shutdown(lower, PR_SHUTDOWN_BOTH);
- PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/************************************************************************
- * Alerts
- */
-
-/*
-** Acquires both handshake and XmitBuf locks.
-** Called from: ssl3_IllegalParameter <-
-** ssl3_HandshakeFailure <-
-** ssl3_HandleAlert <- ssl3_HandleRecord.
-** ssl3_HandleChangeCipherSpecs <- ssl3_HandleRecord
-** ssl3_ConsumeHandshakeVariable <-
-** ssl3_HandleHelloRequest <-
-** ssl3_HandleServerHello <-
-** ssl3_HandleServerKeyExchange <-
-** ssl3_HandleCertificateRequest <-
-** ssl3_HandleServerHelloDone <-
-** ssl3_HandleClientHello <-
-** ssl3_HandleV2ClientHello <-
-** ssl3_HandleCertificateVerify <-
-** ssl3_HandleFortezzaClientKeyExchange <-
-** ssl3_HandleClientKeyExchange <-
-** ssl3_HandleCertificate <-
-** ssl3_HandleFinished <-
-** ssl3_HandleHandshakeMessage <-
-** ssl3_HandleRecord <-
-**
-*/
-SECStatus
-SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, SSL3AlertDescription desc)
-{
- uint8 bytes[2];
- SECStatus rv;
-
- SSL_TRC(3, ("%d: SSL3[%d]: send alert record, level=%d desc=%d",
- SSL_GETPID(), ss->fd, level, desc));
-
- bytes[0] = level;
- bytes[1] = desc;
-
- ssl_GetSSL3HandshakeLock(ss);
- if (level == alert_fatal) {
- if (ss->sec->ci.sid) {
- ss->sec->uncache(ss->sec->ci.sid);
- }
- }
- ssl_GetXmitBufLock(ss);
- rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
- if (rv == SECSuccess) {
- PRInt32 sent;
- sent = ssl3_SendRecord(ss, content_alert, bytes, 2, 0);
- rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
- }
- ssl_ReleaseXmitBufLock(ss);
- ssl_ReleaseSSL3HandshakeLock(ss);
- return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */
-}
-
-/*
- * Send illegal_parameter alert. Set generic error number.
- */
-static SECStatus
-ssl3_IllegalParameter(sslSocket *ss)
-{
- PRBool isTLS;
-
- isTLS = (PRBool)(ss->ssl3->pwSpec->version > SSL_LIBRARY_VERSION_3_0);
- (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
- PORT_SetError(ss->sec->isServer ? SSL_ERROR_BAD_CLIENT
- : SSL_ERROR_BAD_SERVER );
- return SECFailure;
-}
-
-/*
- * Send handshake_Failure alert. Set generic error number.
- */
-static SECStatus
-ssl3_HandshakeFailure(sslSocket *ss)
-{
- (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
- PORT_SetError( ss->sec->isServer ? SSL_ERROR_BAD_CLIENT
- : SSL_ERROR_BAD_SERVER );
- return SECFailure;
-}
-
-/*
- * Send handshake_Failure alert. Set generic error number.
- */
-static SECStatus
-ssl3_DecodeError(sslSocket *ss)
-{
- (void)SSL3_SendAlert(ss, alert_fatal,
- ss->version > SSL_LIBRARY_VERSION_3_0 ? decode_error
- : illegal_parameter);
- PORT_SetError( ss->sec->isServer ? SSL_ERROR_BAD_CLIENT
- : SSL_ERROR_BAD_SERVER );
- return SECFailure;
-}
-
-/* Called from ssl3_HandleRecord.
-** Caller must hold both RecvBuf and Handshake locks.
-*/
-static SECStatus
-ssl3_HandleAlert(sslSocket *ss, sslBuffer *buf)
-{
- SSL3AlertLevel level;
- SSL3AlertDescription desc;
- int error;
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle alert record", SSL_GETPID(), ss->fd));
-
- if (buf->len != 2) {
- (void)ssl3_DecodeError(ss);
- PORT_SetError(SSL_ERROR_RX_MALFORMED_ALERT);
- return SECFailure;
- }
- level = (SSL3AlertLevel)buf->buf[0];
- desc = (SSL3AlertDescription)buf->buf[1];
- buf->len = 0;
- SSL_TRC(5, ("%d: SSL3[%d] received alert, level = %d, description = %d",
- SSL_GETPID(), ss->fd, level, desc));
-
- switch (desc) {
- case close_notify: ss->recvdCloseNotify = 1;
- error = SSL_ERROR_CLOSE_NOTIFY_ALERT; break;
- case unexpected_message: error = SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT;
- break;
- case bad_record_mac: error = SSL_ERROR_BAD_MAC_ALERT; break;
- case decryption_failed: error = SSL_ERROR_DECRYPTION_FAILED_ALERT;
- break;
- case record_overflow: error = SSL_ERROR_RECORD_OVERFLOW_ALERT; break;
- case decompression_failure: error = SSL_ERROR_DECOMPRESSION_FAILURE_ALERT;
- break;
- case handshake_failure: error = SSL_ERROR_HANDSHAKE_FAILURE_ALERT;
- break;
- case no_certificate: error = SSL_ERROR_NO_CERTIFICATE; break;
- case bad_certificate: error = SSL_ERROR_BAD_CERT_ALERT; break;
- case unsupported_certificate:error = SSL_ERROR_UNSUPPORTED_CERT_ALERT;break;
- case certificate_revoked: error = SSL_ERROR_REVOKED_CERT_ALERT; break;
- case certificate_expired: error = SSL_ERROR_EXPIRED_CERT_ALERT; break;
- case certificate_unknown: error = SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT;
- break;
- case illegal_parameter: error = SSL_ERROR_ILLEGAL_PARAMETER_ALERT;break;
-
- /* All alerts below are TLS only. */
- case unknown_ca: error = SSL_ERROR_UNKNOWN_CA_ALERT; break;
- case access_denied: error = SSL_ERROR_ACCESS_DENIED_ALERT; break;
- case decode_error: error = SSL_ERROR_DECODE_ERROR_ALERT; break;
- case decrypt_error: error = SSL_ERROR_DECRYPT_ERROR_ALERT; break;
- case export_restriction: error = SSL_ERROR_EXPORT_RESTRICTION_ALERT;
- break;
- case protocol_version: error = SSL_ERROR_PROTOCOL_VERSION_ALERT; break;
- case insufficient_security: error = SSL_ERROR_INSUFFICIENT_SECURITY_ALERT;
- break;
- case internal_error: error = SSL_ERROR_INTERNAL_ERROR_ALERT; break;
- case user_canceled: error = SSL_ERROR_USER_CANCELED_ALERT; break;
- case no_renegotiation: error = SSL_ERROR_NO_RENEGOTIATION_ALERT; break;
- default: error = SSL_ERROR_RX_UNKNOWN_ALERT; break;
- }
- if (level == alert_fatal) {
- ss->sec->uncache(ss->sec->ci.sid);
- if ((ss->ssl3->hs.ws == wait_server_hello) &&
- (desc == handshake_failure)) {
- /* XXX This is a hack. We're assuming that any handshake failure
- * XXX on the client hello is a failure to match ciphers.
- */
- error = SSL_ERROR_NO_CYPHER_OVERLAP;
- }
- PORT_SetError(error);
- return SECFailure;
- }
- if ((desc == no_certificate) && (ss->ssl3->hs.ws == wait_client_cert)) {
- /* I'm a server. I've requested a client cert. He hasn't got one. */
- SECStatus rv;
-
- PORT_Assert(ss->sec->isServer);
- ss->ssl3->hs.ws = wait_client_key;
- rv = ssl3_HandleNoCertificate(ss);
- return rv;
- }
- return SECSuccess;
-}
-
-/*
- * Change Cipher Specs
- * Called from ssl3_HandleServerHelloDone,
- * ssl3_HandleClientHello,
- * and ssl3_HandleFinished
- *
- * Acquires and releases spec write lock, to protect switching the current
- * and pending write spec pointers.
- */
-
-static SECStatus
-ssl3_SendChangeCipherSpecs(sslSocket *ss)
-{
- uint8 change = change_cipher_spec_choice;
- ssl3State * ssl3 = ss->ssl3;
- ssl3CipherSpec * pwSpec;
- SECStatus rv;
- PRInt32 sent;
-
- SSL_TRC(3, ("%d: SSL3[%d]: send change_cipher_spec record",
- SSL_GETPID(), ss->fd));
-
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
- if (rv != SECSuccess) {
- return rv; /* error code set by ssl3_FlushHandshake */
- }
- sent = ssl3_SendRecord(ss, content_change_cipher_spec, &change, 1,
- ssl_SEND_FLAG_FORCE_INTO_BUFFER);
- if (sent < 0) {
- return (SECStatus)sent; /* error code set by ssl3_SendRecord */
- }
-
- /* swap the pending and current write specs. */
- ssl_GetSpecWriteLock(ss); /**************************************/
- pwSpec = ss->ssl3->pwSpec;
- pwSpec->write_seq_num.high = 0;
- pwSpec->write_seq_num.low = 0;
-
- ssl3->pwSpec = ssl3->cwSpec;
- ssl3->cwSpec = pwSpec;
-
- SSL_TRC(3, ("%d: SSL3[%d] Set Current Write Cipher Suite to Pending",
- SSL_GETPID(), ss->fd ));
-
- /* We need to free up the contexts, keys and certs ! */
- /* If we are really through with the old cipher spec
- * (Both the read and write sides have changed) destroy it.
- */
- if (ss->ssl3->prSpec == ss->ssl3->pwSpec) {
- ssl3_DestroyCipherSpec(ss->ssl3->pwSpec);
- }
- ssl_ReleaseSpecWriteLock(ss); /**************************************/
-
- return SECSuccess;
-}
-
-/* Called from ssl3_HandleRecord.
-** Caller must hold both RecvBuf and Handshake locks.
- *
- * Acquires and releases spec write lock, to protect switching the current
- * and pending write spec pointers.
-*/
-static SECStatus
-ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf)
-{
- ssl3CipherSpec * prSpec;
- SSL3WaitState ws = ss->ssl3->hs.ws;
- SSL3ChangeCipherSpecChoice change;
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle change_cipher_spec record",
- SSL_GETPID(), ss->fd));
-
- if (ws != wait_change_cipher && ws != wait_cert_verify) {
- (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
- return SECFailure;
- }
-
- if(buf->len != 1) {
- (void)ssl3_DecodeError(ss);
- PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
- return SECFailure;
- }
- change = (SSL3ChangeCipherSpecChoice)buf->buf[0];
- if (change != change_cipher_spec_choice) {
- /* illegal_parameter is correct here for both SSL3 and TLS. */
- (void)ssl3_IllegalParameter(ss);
- PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
- return SECFailure;
- }
- buf->len = 0;
-
- /* Swap the pending and current read specs. */
- ssl_GetSpecWriteLock(ss); /*************************************/
- prSpec = ss->ssl3->prSpec;
- prSpec->read_seq_num.high = prSpec->read_seq_num.low = 0;
-
- ss->ssl3->prSpec = ss->ssl3->crSpec;
- ss->ssl3->crSpec = prSpec;
- ss->ssl3->hs.ws = wait_finished;
-
- SSL_TRC(3, ("%d: SSL3[%d] Set Current Read Cipher Suite to Pending",
- SSL_GETPID(), ss->fd ));
-
- /* If we are really through with the old cipher prSpec
- * (Both the read and write sides have changed) destroy it.
- */
- if (ss->ssl3->prSpec == ss->ssl3->pwSpec) {
- ssl3_DestroyCipherSpec(ss->ssl3->prSpec);
- }
- ssl_ReleaseSpecWriteLock(ss); /*************************************/
- return SECSuccess;
-}
-
-/*
- * Key generation given pre master secret, or master secret (if !pms).
- * Sets a useful error code when returning SECFailure.
- *
- * Called only from ssl3_InitPendingCipherSpec(),
- *
- * which in turn is called from
- * ssl3_SendClientKeyExchange (for Full handshake)
- * ssl3_HandleClientKeyExchange (for Full handshake)
- * ssl3_HandleServerHello (for session restart)
- * ssl3_HandleClientHello (for session restart)
- * Caller MUST hold the specWriteLock, and SSL3HandshakeLock.
- * ssl3_InitPendingCipherSpec does that.
- */
-static SECStatus
-ssl3_GenerateSessionKeys(sslSocket *ss, const PK11SymKey *pms)
-{
- ssl3CipherSpec * pwSpec = ss->ssl3->pwSpec;
- const ssl3BulkCipherDef *cipher_def = pwSpec->cipher_def;
- const ssl3KEADef * kea_def = ss->ssl3->hs.kea_def;
- unsigned char * cr = (unsigned char *)&ss->ssl3->hs.client_random;
- unsigned char * sr = (unsigned char *)&ss->ssl3->hs.server_random;
- PK11SymKey * symKey = NULL;
- PK11SlotInfo * slot = NULL;
- void * pwArg = ss->pkcs11PinArg;
- PRBool isTLS = (PRBool)(kea_def->tls_keygen ||
- (pwSpec->version > SSL_LIBRARY_VERSION_3_0));
- PRBool skipKeysAndIVs = (PRBool)
- ((cipher_def->calg == calg_fortezza) ||
- (cipher_def->calg == calg_null));
- CK_MECHANISM_TYPE master_derive;
- CK_MECHANISM_TYPE key_derive;
- CK_MECHANISM_TYPE bulk_mechanism;
- SECItem params;
- int keySize;
- CK_FLAGS keyFlags;
- CK_VERSION pms_version;
- CK_SSL3_KEY_MAT_PARAMS key_material_params;
- CK_SSL3_KEY_MAT_OUT returnedKeys;
- CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
- PORT_Assert( ssl_HaveSpecWriteLock(ss));
- PORT_Assert(ss->ssl3->prSpec == ss->ssl3->pwSpec);
-
- if (isTLS) {
- master_derive = CKM_TLS_MASTER_KEY_DERIVE;
- key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
- keyFlags = CKF_SIGN | CKF_VERIFY;
- } else {
- master_derive = CKM_SSL3_MASTER_KEY_DERIVE;
- key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
- keyFlags = 0;
- }
-
- if (pms || !pwSpec->master_secret) {
- master_params.pVersion = &pms_version;
- master_params.RandomInfo.pClientRandom = cr;
- master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
- master_params.RandomInfo.pServerRandom = sr;
- master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
-
- params.data = (unsigned char *) &master_params;
- params.len = sizeof master_params;
- }
-
- if (pms != NULL) {
- pwSpec->master_secret = PK11_DeriveWithFlags((PK11SymKey *)pms,
- master_derive, &params, key_derive,
- CKA_DERIVE, 0, keyFlags);
- if (pwSpec->master_secret != NULL && ss->detectRollBack) {
- SSL3ProtocolVersion client_version;
- client_version = pms_version.major << 8 | pms_version.minor;
- if (client_version != ss->clientHelloVersion) {
- /* Destroy it. Version roll-back detected. */
- PK11_FreeSymKey(pwSpec->master_secret);
- pwSpec->master_secret = NULL;
- }
- }
- if (pwSpec->master_secret == NULL) {
- /* Generate a faux master secret in the same slot as the old one. */
- PK11SlotInfo * slot = PK11_GetSlotFromKey((PK11SymKey *)pms);
- PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot);
-
- PK11_FreeSlot(slot);
- if (fpms != NULL) {
- pwSpec->master_secret = PK11_DeriveWithFlags(fpms,
- master_derive, &params, key_derive,
- CKA_DERIVE, 0, keyFlags);
- PK11_FreeSymKey(fpms);
- }
- }
- }
- if (pwSpec->master_secret == NULL) {
- /* Generate a faux master secret from the internal slot. */
- PK11SlotInfo * slot = PK11_GetInternalSlot();
- PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot);
-
- PK11_FreeSlot(slot);
- if (fpms != NULL) {
- pwSpec->master_secret = PK11_DeriveWithFlags(fpms,
- master_derive, &params, key_derive,
- CKA_DERIVE, 0, keyFlags);
- if (pwSpec->master_secret == NULL) {
- pwSpec->master_secret = fpms; /* use the fpms as the master. */
- fpms = NULL;
- }
- }
- if (fpms) {
- PK11_FreeSymKey(fpms);
- }
- }
- if (pwSpec->master_secret == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
- return SECFailure;
- }
-
- /*
- * generate the key material
- */
- key_material_params.ulMacSizeInBits = pwSpec->mac_size * BPB;
- key_material_params.ulKeySizeInBits = cipher_def->secret_key_size* BPB;
- key_material_params.ulIVSizeInBits = cipher_def->iv_size * BPB;
-
- key_material_params.bIsExport = (CK_BBOOL)(kea_def->is_limited);
- /* was: (CK_BBOOL)(cipher_def->keygen_mode != kg_strong); */
-
- key_material_params.RandomInfo.pClientRandom = cr;
- key_material_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
- key_material_params.RandomInfo.pServerRandom = sr;
- key_material_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
- key_material_params.pReturnedKeyMaterial = &returnedKeys;
-
- returnedKeys.pIVClient = pwSpec->client.write_iv;
- returnedKeys.pIVServer = pwSpec->server.write_iv;
- keySize = cipher_def->key_size;
-
- if (skipKeysAndIVs) {
- keySize = 0;
- key_material_params.ulKeySizeInBits = 0;
- key_material_params.ulIVSizeInBits = 0;
- returnedKeys.pIVClient = NULL;
- returnedKeys.pIVServer = NULL;
- }
- bulk_mechanism = (CK_MECHANISM_TYPE) cipher_def->calg;
- params.data = (unsigned char *)&key_material_params;
- params.len = sizeof(key_material_params);
-
- /* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and
- * DERIVE by DEFAULT */
- symKey = PK11_Derive(pwSpec->master_secret, key_derive, &params,
- bulk_mechanism, CKA_ENCRYPT, keySize);
- if (!symKey) {
- ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
- return SECFailure;
- }
- /* we really should use the actual mac'ing mechanism here, but we
- * don't because these types are used to map keytype anyway and both
- * mac's map to the same keytype.
- */
- slot = PK11_GetSlotFromKey(symKey);
-
- PK11_FreeSlot(slot); /* slot is held until the key is freed */
- pwSpec->client.write_mac_key =
- PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
- CKM_SSL3_SHA1_MAC, returnedKeys.hClientMacSecret, PR_TRUE, pwArg);
- if (pwSpec->client.write_mac_key == NULL ) {
- goto loser; /* loser sets err */
- }
- pwSpec->server.write_mac_key =
- PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
- CKM_SSL3_SHA1_MAC, returnedKeys.hServerMacSecret, PR_TRUE, pwArg);
- if (pwSpec->server.write_mac_key == NULL ) {
- goto loser; /* loser sets err */
- }
- if (!skipKeysAndIVs) {
- pwSpec->client.write_key =
- PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
- bulk_mechanism, returnedKeys.hClientKey, PR_TRUE, pwArg);
- if (pwSpec->client.write_key == NULL ) {
- goto loser; /* loser sets err */
- }
- pwSpec->server.write_key =
- PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
- bulk_mechanism, returnedKeys.hServerKey, PR_TRUE, pwArg);
- if (pwSpec->server.write_key == NULL ) {
- goto loser; /* loser sets err */
- }
- }
- PK11_FreeSymKey(symKey);
- return SECSuccess;
-
-
-loser:
- if (symKey) PK11_FreeSymKey(symKey);
- ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
- return SECFailure;
-}
-
-/*
- * Handshake messages
- */
-/* Called from ssl3_AppendHandshake()
-** ssl3_StartHandshakeHash()
-** ssl3_HandleV2ClientHello()
-** ssl3_HandleHandshakeMessage()
-** Caller must hold the ssl3Handshake lock.
-*/
-static SECStatus
-ssl3_UpdateHandshakeHashes(sslSocket *ss, unsigned char *b, unsigned int l)
-{
- ssl3State *ssl3 = ss->ssl3;
- SECStatus rv;
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l));
-
- rv = PK11_DigestOp(ssl3->hs.md5, b, l);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- return rv;
- }
- rv = PK11_DigestOp(ssl3->hs.sha, b, l);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
- return rv;
- }
- return rv;
-}
-
-/**************************************************************************
- * Append Handshake functions.
- * All these functions set appropriate error codes.
- * Most rely on ssl3_AppendHandshake to set the error code.
- **************************************************************************/
-static SECStatus
-ssl3_AppendHandshake(sslSocket *ss, const void *void_src, PRInt32 bytes)
-{
- sslConnectInfo * ci = &ss->sec->ci;
- unsigned char * src = (unsigned char *)void_src;
- int room = ci->sendBuf.space - ci->sendBuf.len;
- SECStatus rv;
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) ); /* protects sendBuf. */
-
- if (ci->sendBuf.space < MAX_SEND_BUF_LENGTH && room < bytes) {
- rv = sslBuffer_Grow(&ci->sendBuf, PR_MAX(MIN_SEND_BUF_LENGTH,
- PR_MIN(MAX_SEND_BUF_LENGTH,
- ci->sendBuf.len + bytes)));
- if (rv != SECSuccess)
- return rv; /* sslBuffer_Grow has set a memory error code. */
- room = ci->sendBuf.space - ci->sendBuf.len;
- }
-
- PRINT_BUF(60, (ss, "Append to Handshake", (unsigned char*)void_src, bytes));
- rv = ssl3_UpdateHandshakeHashes(ss, src, bytes);
- if (rv != SECSuccess)
- return rv; /* error code set by ssl3_UpdateHandshakeHashes */
-
- while (bytes > room) {
- if (room > 0)
- PORT_Memcpy(ci->sendBuf.buf + ci->sendBuf.len, src, room);
- ci->sendBuf.len += room;
- rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
- if (rv != SECSuccess) {
- return rv; /* error code set by ssl3_FlushHandshake */
- }
- bytes -= room;
- src += room;
- room = ci->sendBuf.space;
- PORT_Assert(ci->sendBuf.len == 0);
- }
- PORT_Memcpy(ci->sendBuf.buf + ci->sendBuf.len, src, bytes);
- ci->sendBuf.len += bytes;
- return SECSuccess;
-}
-
-static SECStatus
-ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize)
-{
- SECStatus rv;
- uint8 b[4];
- uint8 * p = b;
-
- switch (lenSize) {
- case 4:
- *p++ = (num >> 24) & 0xff;
- case 3:
- *p++ = (num >> 16) & 0xff;
- case 2:
- *p++ = (num >> 8) & 0xff;
- case 1:
- *p = num & 0xff;
- }
- SSL_TRC(60, ("%d: number:", SSL_GETPID()));
- rv = ssl3_AppendHandshake(ss, &b[0], lenSize);
- return rv; /* error code set by AppendHandshake, if applicable. */
-}
-
-static SECStatus
-ssl3_AppendHandshakeVariable(
- sslSocket *ss, const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize)
-{
- SECStatus rv;
-
- PORT_Assert((bytes < (1<<8) && lenSize == 1) ||
- (bytes < (1L<<16) && lenSize == 2) ||
- (bytes < (1L<<24) && lenSize == 3));
-
- SSL_TRC(60,("%d: append variable:", SSL_GETPID()));
- rv = ssl3_AppendHandshakeNumber(ss, bytes, lenSize);
- if (rv != SECSuccess) {
- return rv; /* error code set by AppendHandshake, if applicable. */
- }
- SSL_TRC(60, ("data:"));
- rv = ssl3_AppendHandshake(ss, src, bytes);
- return rv; /* error code set by AppendHandshake, if applicable. */
-}
-
-static SECStatus
-ssl3_AppendHandshakeHeader(sslSocket *ss, SSL3HandshakeType t, PRUint32 length)
-{
- SECStatus rv;
-
- SSL_TRC(30,("%d: SSL3[%d]: append handshake header: type %s",
- SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t)));
- PRINT_BUF(60, (ss, "MD5 handshake hash:",
- (unsigned char*)ss->ssl3->hs.md5, MD5_LENGTH));
- PRINT_BUF(95, (ss, "SHA handshake hash:",
- (unsigned char*)ss->ssl3->hs.sha, SHA1_LENGTH));
-
- rv = ssl3_AppendHandshakeNumber(ss, t, 1);
- if (rv != SECSuccess) {
- return rv; /* error code set by AppendHandshake, if applicable. */
- }
- rv = ssl3_AppendHandshakeNumber(ss, length, 3);
- return rv; /* error code set by AppendHandshake, if applicable. */
-}
-
-/**************************************************************************
- * Consume Handshake functions.
- *
- * All data used in these functions is protected by two locks,
- * the RecvBufLock and the SSL3HandshakeLock
- **************************************************************************/
-
-/* Read up the next "bytes" number of bytes from the (decrypted) input
- * stream "b" (which is *length bytes long). Copy them into buffer "v".
- * Reduces *length by bytes. Advances *b by bytes.
- *
- * If this function returns SECFailure, it has already sent an alert,
- * and has set a generic error code. The caller should probably
- * override the generic error code by setting another.
- */
-static SECStatus
-ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, SSL3Opaque **b,
- PRUint32 *length)
-{
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- if (bytes > *length) {
- return ssl3_DecodeError(ss);
- }
- PORT_Memcpy(v, *b, bytes);
- PRINT_BUF(60, (ss, "consume bytes:", *b, bytes));
- *b += bytes;
- *length -= bytes;
- return SECSuccess;
-}
-
-/* Read up the next "bytes" number of bytes from the (decrypted) input
- * stream "b" (which is *length bytes long), and interpret them as an
- * integer in network byte order. Returns the received value.
- * Reduces *length by bytes. Advances *b by bytes.
- *
- * Returns SECFailure (-1) on failure.
- * This value is indistinguishable from the equivalent received value.
- * Only positive numbers are to be received this way.
- * Thus, the largest value that may be sent this way is 0x7fffffff.
- * On error, an alert has been sent, and a generic error code has been set.
- */
-static PRInt32
-ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, SSL3Opaque **b,
- PRUint32 *length)
-{
- PRInt32 num = 0;
- int i;
- SECStatus status;
- uint8 buf[4];
-
- status = ssl3_ConsumeHandshake(ss, buf, bytes, b, length);
- if (status != SECSuccess) {
- /* ssl3_DecodeError has already been called */
- return SECFailure;
- }
- for (i = 0; i < bytes; i++)
- num = (num << 8) + buf[i];
- return num;
-}
-
-/* Read in two values from the incoming decrypted byte stream "b", which is
- * *length bytes long. The first value is a number whose size is "bytes"
- * bytes long. The second value is a byte-string whose size is the value
- * of the first number received. The latter byte-string, and its length,
- * is returned in the SECItem i.
- *
- * Returns SECFailure (-1) on failure.
- * On error, an alert has been sent, and a generic error code has been set.
- */
-static SECStatus
-ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRInt32 bytes,
- SSL3Opaque **b, PRUint32 *length)
-{
- PRInt32 count;
- SECStatus rv;
-
- PORT_Assert(bytes <= 3);
- i->len = 0;
- i->data = NULL;
- count = ssl3_ConsumeHandshakeNumber(ss, bytes, b, length);
- if (count < 0) { /* Can't test for SECSuccess here. */
- return SECFailure;
- }
- if (count > 0) {
- i->data = (unsigned char*)PORT_Alloc(count);
- if (i->data == NULL) {
- /* XXX inconsistent. In other places, we don't send alerts for
- * our own memory failures. But here we do... */
- (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- i->len = count;
- rv = ssl3_ConsumeHandshake(ss, i->data, i->len, b, length);
- if (rv != SECSuccess) {
- PORT_Free(i->data);
- i->data = NULL;
- return rv; /* alert has already been sent. */
- }
- }
- return SECSuccess;
-}
-
-/**************************************************************************
- * end of Consume Handshake functions.
- **************************************************************************/
-
-/* Extract the hashes of handshake messages to this point.
- * Called from ssl3_SendCertificateVerify
- * ssl3_SendFinished
- * ssl3_HandleHandshakeMessage
- *
- * Caller must hold the SSL3HandshakeLock.
- * Caller must hold a read or write lock on the Spec R/W lock.
- * (There is presently no way to assert on a Read lock.)
- */
-static SECStatus
-ssl3_ComputeHandshakeHashes(sslSocket * ss,
- ssl3CipherSpec *spec, /* uses ->master_secret */
- SSL3Hashes * hashes, /* output goes here. */
- uint32 sender)
-{
- ssl3State * ssl3 = ss->ssl3;
- PK11Context * md5;
- PK11Context * sha = NULL;
- SECStatus rv = SECSuccess;
- unsigned int outLength;
- PRBool isTLS;
- SSL3Opaque md5_inner[MAX_MAC_LENGTH];
- SSL3Opaque sha_inner[MAX_MAC_LENGTH];
- unsigned char s[4];
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0);
-
- md5 = PK11_CloneContext(ssl3->hs.md5);
- if (md5 == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- return SECFailure;
- }
-
- sha = PK11_CloneContext(ssl3->hs.sha);
- if (sha == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
- goto loser;
- }
-
- if (!isTLS) {
- /* compute hashes for SSL3. */
-
- s[0] = (unsigned char)(sender >> 24);
- s[1] = (unsigned char)(sender >> 16);
- s[2] = (unsigned char)(sender >> 8);
- s[3] = (unsigned char)sender;
-
- if (sender != 0) {
- rv |= PK11_DigestOp(md5, s, 4);
- PRINT_BUF(95, (NULL, "MD5 inner: sender", s, 4));
- }
-
- PRINT_BUF(95, (NULL, "MD5 inner: MAC Pad 1", mac_pad_1, mac_defs[mac_md5].pad_size));
-
- rv |= PK11_DigestKey(md5,spec->master_secret);
- rv |= PK11_DigestOp(md5, mac_pad_1, mac_defs[mac_md5].pad_size);
- rv |= PK11_DigestFinal(md5, md5_inner, &outLength, MD5_LENGTH);
- PORT_Assert(rv != SECSuccess || outLength == MD5_LENGTH);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- rv = SECFailure;
- goto loser;
- }
-
- PRINT_BUF(95, (NULL, "MD5 inner: result", md5_inner, outLength));
-
- if (sender != 0) {
- rv |= PK11_DigestOp(sha, s, 4);
- PRINT_BUF(95, (NULL, "SHA inner: sender", s, 4));
- }
-
- PRINT_BUF(95, (NULL, "SHA inner: MAC Pad 1", mac_pad_1, mac_defs[mac_sha].pad_size));
-
-
- rv |= PK11_DigestKey(sha, spec->master_secret);
- rv |= PK11_DigestOp(sha, mac_pad_1, mac_defs[mac_sha].pad_size);
- rv |= PK11_DigestFinal(sha, sha_inner, &outLength, SHA1_LENGTH);
- PORT_Assert(rv != SECSuccess || outLength == SHA1_LENGTH);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
- rv = SECFailure;
- goto loser;
- }
-
- PRINT_BUF(95, (NULL, "SHA inner: result", sha_inner, outLength));
-
- PRINT_BUF(95, (NULL, "MD5 outer: MAC Pad 2", mac_pad_2, mac_defs[mac_md5].pad_size));
- PRINT_BUF(95, (NULL, "MD5 outer: MD5 inner", md5_inner, MD5_LENGTH));
-
- rv |= PK11_DigestBegin(md5);
- rv |= PK11_DigestKey(md5, spec->master_secret);
- rv |= PK11_DigestOp(md5, mac_pad_2, mac_defs[mac_md5].pad_size);
- rv |= PK11_DigestOp(md5, md5_inner, MD5_LENGTH);
- }
- rv |= PK11_DigestFinal(md5, hashes->md5, &outLength, MD5_LENGTH);
- PORT_Assert(rv != SECSuccess || outLength == MD5_LENGTH);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- rv = SECFailure;
- goto loser;
- }
-
- PRINT_BUF(60, (NULL, "MD5 outer: result", hashes->md5, MD5_LENGTH));
-
- if (!isTLS) {
- PRINT_BUF(95, (NULL, "SHA outer: MAC Pad 2", mac_pad_2, mac_defs[mac_sha].pad_size));
- PRINT_BUF(95, (NULL, "SHA outer: SHA inner", sha_inner, SHA1_LENGTH));
-
- rv |= PK11_DigestBegin(sha);
- rv |= PK11_DigestKey(sha,spec->master_secret);
- rv |= PK11_DigestOp(sha, mac_pad_2, mac_defs[mac_sha].pad_size);
- rv |= PK11_DigestOp(sha, sha_inner, SHA1_LENGTH);
- }
- rv |= PK11_DigestFinal(sha, hashes->sha, &outLength, SHA1_LENGTH);
- PORT_Assert(rv != SECSuccess || outLength == SHA1_LENGTH);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
- rv = SECFailure;
- goto loser;
- }
-
- PRINT_BUF(60, (NULL, "SHA outer: result", hashes->sha, SHA1_LENGTH));
-
- rv = SECSuccess;
-
-loser:
- if (md5) PK11_DestroyContext(md5, PR_TRUE);
- if (sha) PK11_DestroyContext(sha, PR_TRUE);
-
- return rv;
-}
-
-/*
- * SSL 2 based implementations pass in the initial outbound buffer
- * so that the handshake hash can contain the included information.
- *
- * Called from ssl2_BeginClientHandshake() in sslcon.c
- */
-SECStatus
-ssl3_StartHandshakeHash(sslSocket *ss, unsigned char * buf, int length)
-{
- SECStatus rv;
-
- ssl_GetSSL3HandshakeLock(ss); /**************************************/
-
- rv = ssl3_InitState(ss);
- if (rv != SECSuccess) {
- goto done; /* ssl3_InitState has set the error code. */
- }
-
- PORT_Memset(&ss->ssl3->hs.client_random, 0, SSL3_RANDOM_LENGTH);
- PORT_Memcpy(
- &ss->ssl3->hs.client_random.rand[SSL3_RANDOM_LENGTH - SSL_CHALLENGE_BYTES],
- &ss->sec->ci.clientChallenge,
- SSL_CHALLENGE_BYTES);
-
- rv = ssl3_UpdateHandshakeHashes(ss, buf, length);
- /* if it failed, ssl3_UpdateHandshakeHashes has set the error code. */
-
-done:
- ssl_ReleaseSSL3HandshakeLock(ss); /**************************************/
- return rv;
-}
-
-/**************************************************************************
- * end of Handshake Hash functions.
- * Begin Send and Handle functions for handshakes.
- **************************************************************************/
-
-/* Called from ssl3_HandleHelloRequest(),
- * ssl3_HandleFinished() (for step-up)
- * ssl3_RedoHandshake()
- * ssl2_BeginClientHandshake (when resuming ssl3 session)
- */
-SECStatus
-ssl3_SendClientHello(sslSocket *ss)
-{
- sslSecurityInfo *sec = ss->sec;
- sslSessionID * sid;
- SECStatus rv;
- int i;
- int length;
- int num_suites;
- int actual_count = 0;
-
- SSL_TRC(3, ("%d: SSL3[%d]: send client_hello handshake", SSL_GETPID(),
- ss->fd));
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
-
- rv = ssl3_InitState(ss);
- if (rv != SECSuccess) {
- return rv; /* ssl3_InitState has set the error code. */
- }
-
- SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes",
- SSL_GETPID(), ss->fd ));
- rv = PK11_DigestBegin(ss->ssl3->hs.md5);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- return rv;
- }
- rv = PK11_DigestBegin(ss->ssl3->hs.sha);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
- return rv;
- }
-
- PORT_Assert(sec);
-
- /* We ignore ss->sec->ci.sid here, and use ssl_Lookup because Lookup
- * handles expired entries and other details.
- * XXX If we've been called from ssl2_BeginClientHandshake, then
- * this lookup is duplicative and wasteful.
- */
- sid = (ss->noCache) ? NULL
- : ssl_LookupSID(sec->ci.peer, sec->ci.port, ss->peerID, ss->url);
-
- /* We can't resume based on a different token. If the sid exists,
- * make sure the token that holds the master secret still exists ...
- * If we previously did client-auth, make sure that the token that holds
- * the private key still exists, is logged in, hasn't been removed, etc.
- * Also for fortezza, make sure that the card that holds the session keys
- * exist as well... */
- if (sid) {
- PK11SlotInfo *slot;
- PRBool sidOK = PR_TRUE;
- slot = (!sid->u.ssl3.masterValid) ? NULL :
- SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
- sid->u.ssl3.masterSlotID);
- if (slot == NULL) {
- sidOK = PR_FALSE;
- } else {
- PK11SymKey *wrapKey = NULL;
- if (!PK11_IsPresent(slot) ||
- ((wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex,
- sid->u.ssl3.masterWrapMech,
- sid->u.ssl3.masterWrapSeries,
- ss->pkcs11PinArg)) == NULL) ) {
- sidOK = PR_FALSE;
- }
- if (wrapKey) PK11_FreeSymKey(wrapKey);
- PK11_FreeSlot(slot);
- slot = NULL;
- }
- /* do sid-has-FORTEZZA-slot check */
- if (sid->u.ssl3.hasFortezza) {
- /* do has fortezza check */
- if (!PK11_VerifyKeyOK(sid->u.ssl3.tek))
- sidOK = PR_FALSE;
- }
-
- /* If we previously did client-auth, make sure that the token that
- ** holds the private key still exists, is logged in, hasn't been
- ** removed, etc.
- */
- if (sidOK && sid->u.ssl3.clAuthValid) {
- slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID,
- sid->u.ssl3.clAuthSlotID);
- if (slot == NULL ||
- !PK11_IsPresent(slot) ||
- sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) ||
- sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) ||
- sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) ) {
- sidOK = PR_FALSE;
- }
- if (slot) {
- PK11_FreeSlot(slot);
- slot = NULL;
- }
- }
-
- if (!sidOK) {
- ++ssl3_sch_sid_cache_not_ok;
- (*ss->sec->uncache)(sid);
- ssl_FreeSID(sid);
- sid = NULL;
- }
- }
-
- if (sid) {
- ++ssl3_sch_sid_cache_hits;
-
- rv = ssl3_NegotiateVersion(ss, sid->version);
- if (rv != SECSuccess)
- return rv; /* error code was set */
-
- PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
- sid->u.ssl3.sessionIDLength));
- ss->ssl3->policy = sid->u.ssl3.policy;
- } else {
- ++ssl3_sch_sid_cache_misses;
-
- rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_3_1_TLS);
- if (rv != SECSuccess)
- return rv; /* error code was set */
-
- sid = ssl3_NewSessionID(ss, PR_FALSE);
- if (!sid) {
- return SECFailure; /* memory error is set */
- }
- }
-
- if (sec->ci.sid != NULL) {
- ssl_FreeSID(sec->ci.sid); /* decrement ref count, free if zero */
- }
- sec->ci.sid = sid;
-
- sec->send = ssl3_SendApplicationData;
-
- /* shouldn't get here if SSL3 is disabled, but ... */
- PORT_Assert(ss->enableSSL3 || ss->enableTLS);
- if (!ss->enableSSL3 && !ss->enableTLS) {
- PORT_SetError(SSL_ERROR_SSL_DISABLED);
- return SECFailure;
- }
-
- /* how many suites does our PKCS11 support (regardless of policy)? */
- num_suites = ssl3_config_match_init(ss);
- if (!num_suites)
- return SECFailure; /* ssl3_config_match_init has set error code. */
-
- /* how many suites are permitted by policy and user preference? */
- num_suites = count_cipher_suites(ss, ss->ssl3->policy, PR_TRUE);
- if (!num_suites)
- return SECFailure; /* count_cipher_suites has set error code. */
-
- length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH +
- 1 + ((sid == NULL) ? 0 : sid->u.ssl3.sessionIDLength) +
- 2 + num_suites*sizeof(ssl3CipherSuite) +
- 1 + compressionMethodsCount;
-
- rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
- if (rv != SECSuccess) {
- return rv; /* err set by ssl3_AppendHandshake* */
- }
-
- ss->clientHelloVersion = ss->version;
- rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
- if (rv != SECSuccess) {
- return rv; /* err set by ssl3_AppendHandshake* */
- }
- rv = ssl3_GetNewRandom(&ss->ssl3->hs.client_random);
- if (rv != SECSuccess) {
- return rv; /* err set by GetNewRandom. */
- }
- rv = ssl3_AppendHandshake(ss, &ss->ssl3->hs.client_random,
- SSL3_RANDOM_LENGTH);
- if (rv != SECSuccess) {
- return rv; /* err set by ssl3_AppendHandshake* */
- }
-
- if (sid)
- rv = ssl3_AppendHandshakeVariable(
- ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
- else
- rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
- if (rv != SECSuccess) {
- return rv; /* err set by ssl3_AppendHandshake* */
- }
-
- rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2);
- if (rv != SECSuccess) {
- return rv; /* err set by ssl3_AppendHandshake* */
- }
-
-
- for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
- if (config_match(suite, ss->ssl3->policy, PR_TRUE)) {
- actual_count++;
- if (actual_count > num_suites) {
- /* set error card removal/insertion error */
- PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
- return SECFailure;
- }
- rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite,
- sizeof(ssl3CipherSuite));
- if (rv != SECSuccess) {
- return rv; /* err set by ssl3_AppendHandshake* */
- }
- }
- }
-
- /* if cards were removed or inserted between count_cipher_suites and
- * generating our list, detect the error here rather than send it off to
- * the server.. */
- if (actual_count != num_suites) {
- /* Card removal/insertion error */
- PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
- return SECFailure;
- }
-
- rv = ssl3_AppendHandshakeNumber(ss, compressionMethodsCount, 1);
- if (rv != SECSuccess) {
- return rv; /* err set by ssl3_AppendHandshake* */
- }
- for (i = 0; i < compressionMethodsCount; i++) {
- rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1);
- if (rv != SECSuccess) {
- return rv; /* err set by ssl3_AppendHandshake* */
- }
- }
-
- rv = ssl3_FlushHandshake(ss, 0);
- if (rv != SECSuccess) {
- return rv; /* error code set by ssl3_FlushHandshake */
- }
-
- ss->ssl3->hs.ws = wait_server_hello;
- return rv;
-}
-
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 Hello Request.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleHelloRequest(sslSocket *ss)
-{
- sslSessionID *sid = ss->sec->ci.sid;
- SECStatus rv;
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle hello_request handshake",
- SSL_GETPID(), ss->fd));
-
- PORT_Assert(ss->ssl3);
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- if (ss->ssl3->hs.ws == wait_server_hello)
- return SECSuccess;
- if (ss->ssl3->hs.ws != idle_handshake || ss->sec->isServer) {
- (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
- return SECFailure;
- }
- if (sid) {
- ss->sec->uncache(sid);
- ssl_FreeSID(sid);
- ss->sec->ci.sid = NULL;
- }
-
- ssl_GetXmitBufLock(ss);
- rv = ssl3_SendClientHello(ss);
- ssl_ReleaseXmitBufLock(ss);
-
- return rv;
-}
-
-#define UNKNOWN_WRAP_MECHANISM 0x7fffffff
-
-static const CK_MECHANISM_TYPE wrapMechanismList[SSL_NUM_WRAP_MECHS] = {
- CKM_DES3_ECB,
- CKM_CAST5_ECB,
- CKM_DES_ECB,
- CKM_KEY_WRAP_LYNKS,
- CKM_IDEA_ECB,
- CKM_CAST3_ECB,
- CKM_CAST_ECB,
- CKM_RC5_ECB,
- CKM_RC2_ECB,
- CKM_CDMF_ECB,
- CKM_SKIPJACK_WRAP,
- CKM_SKIPJACK_CBC64,
- UNKNOWN_WRAP_MECHANISM
-};
-
-static int
-ssl_FindIndexByWrapMechanism(CK_MECHANISM_TYPE mech)
-{
- const CK_MECHANISM_TYPE *pMech = wrapMechanismList;
-
- while (mech != *pMech && *pMech != UNKNOWN_WRAP_MECHANISM) {
- ++pMech;
- }
- return (*pMech == UNKNOWN_WRAP_MECHANISM) ? -1
- : (pMech - wrapMechanismList);
-}
-
-static PK11SymKey *
-ssl_UnwrapSymWrappingKey(
- SSLWrappedSymWrappingKey *pWswk,
- SECKEYPrivateKey * svrPrivKey,
- SSL3KEAType exchKeyType,
- CK_MECHANISM_TYPE masterWrapMech,
- void * pwArg)
-{
- PK11SymKey * unwrappedWrappingKey = NULL;
- SECItem wrappedKey;
-
- /* found the wrapping key on disk. */
- PORT_Assert(pWswk->symWrapMechanism == masterWrapMech);
- PORT_Assert(pWswk->exchKeyType == exchKeyType);
- if (pWswk->symWrapMechanism != masterWrapMech ||
- pWswk->exchKeyType != exchKeyType) {
- goto loser;
- }
- wrappedKey.type = siBuffer;
- wrappedKey.data = pWswk->wrappedSymmetricWrappingkey;
- wrappedKey.len = pWswk->wrappedSymKeyLen;
- PORT_Assert(wrappedKey.len <= sizeof pWswk->wrappedSymmetricWrappingkey);
-
- switch (exchKeyType) {
- PK11SymKey * Ks;
- PK11SlotInfo * slot;
- SECItem param;
-
- case kt_fortezza:
- /* get the slot that the fortezza server private key is in. */
- slot = PK11_GetSlotFromPrivateKey(svrPrivKey);
- if (slot == NULL) {
- SET_ERROR_CODE
- goto loser;
- }
-
- /* Look up the Token Fixed Key */
- Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_CBC64, NULL, pwArg);
- PK11_FreeSlot(slot);
- if (Ks == NULL) {
- SET_ERROR_CODE
- goto loser;
- }
-
- /* unwrap client write key with the local Ks and IV */
- param.type = siBuffer;
- param.data = pWswk->wrapIV;
- param.len = pWswk->wrapIVLen;
- unwrappedWrappingKey =
- PK11_UnwrapSymKey(Ks, CKM_SKIPJACK_CBC64, &param, &wrappedKey,
- masterWrapMech, CKA_UNWRAP, 0);
- PK11_FreeSymKey(Ks);
- break;
-
- case kt_rsa:
- unwrappedWrappingKey =
- PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey,
- masterWrapMech, CKA_UNWRAP, 0);
- break;
- }
-loser:
- return unwrappedWrappingKey;
-}
-
-/* Each process sharing the server session ID cache has its own array of
- * SymKey pointers for the symmetric wrapping keys that are used to wrap
- * the master secrets. There is one key for each KEA type. These Symkeys
- * correspond to the wrapped SymKeys kept in the server session cache.
- */
-
-typedef struct {
- PK11SymKey * symWrapKey[kt_kea_size];
-} ssl3SymWrapKey;
-
-/* Try to get wrapping key for mechanism from in-memory array.
- * If that fails, look for one on disk.
- * If that fails, generate a new one, put the new one on disk,
- * Put the new key in the in-memory array.
- */
-static PK11SymKey *
-getWrappingKey( sslSocket * ss,
- PK11SlotInfo * masterSecretSlot,
- SSL3KEAType exchKeyType,
- CK_MECHANISM_TYPE masterWrapMech,
- void * pwArg)
-{
- CERTCertificate * svrCert;
- SECKEYPrivateKey * svrPrivKey;
- SECKEYPublicKey * svrPubKey = NULL;
- PK11SymKey * unwrappedWrappingKey = NULL;
- PK11SymKey ** pSymWrapKey;
- CK_MECHANISM_TYPE asymWrapMechanism;
- int length;
- int symWrapMechIndex;
- SECStatus rv;
- SECItem wrappedKey;
- SSLWrappedSymWrappingKey wswk;
-
- static PRLock * symWrapKeysLock;
- static ssl3SymWrapKey symWrapKeys[SSL_NUM_WRAP_MECHS];
-
- svrPrivKey = ss->serverKey[exchKeyType];
- PORT_Assert(svrPrivKey != NULL);
- if (!svrPrivKey) {
- return NULL; /* why are we here?!? */
- }
-
- symWrapMechIndex = ssl_FindIndexByWrapMechanism(masterWrapMech);
- PORT_Assert(symWrapMechIndex >= 0);
- if (symWrapMechIndex < 0)
- return NULL; /* invalid masterWrapMech. */
-
- pSymWrapKey = &symWrapKeys[symWrapMechIndex].symWrapKey[exchKeyType];
-
- /* atomically initialize the lock */
- if (!symWrapKeysLock)
- nss_InitLock(&symWrapKeysLock);
-
- PR_Lock(symWrapKeysLock);
-
- unwrappedWrappingKey = *pSymWrapKey;
- if (unwrappedWrappingKey != NULL) {
- if (PK11_VerifyKeyOK(unwrappedWrappingKey)) {
- unwrappedWrappingKey = PK11_ReferenceSymKey(unwrappedWrappingKey);
- goto done;
- }
- /* slot series has changed, so this key is no good any more. */
- PK11_FreeSymKey(unwrappedWrappingKey);
- *pSymWrapKey = unwrappedWrappingKey = NULL;
- }
-
- /* Try to get wrapped SymWrapping key out of the (disk) cache. */
- /* Following call fills in wswk on success. */
- if (ssl_GetWrappingKey(symWrapMechIndex, exchKeyType, &wswk)) {
- /* found the wrapped sym wrapping key on disk. */
- unwrappedWrappingKey =
- ssl_UnwrapSymWrappingKey(&wswk, svrPrivKey, exchKeyType,
- masterWrapMech, pwArg);
- if (unwrappedWrappingKey) {
- goto install;
- }
- }
-
-no_wrapped_key:
-
- if (!masterSecretSlot) /* caller doesn't want to create a new one. */
- goto loser;
-
- length = PK11_GetBestKeyLength(masterSecretSlot, masterWrapMech);
- /* Zero length means fixed key length algorithm, or error.
- * It's ambiguous.
- */
- unwrappedWrappingKey = PK11_KeyGen(masterSecretSlot, masterWrapMech, NULL,
- length, pwArg);
- if (!unwrappedWrappingKey) {
- goto loser;
- }
-
- /* Prepare the buffer to receive the wrappedWrappingKey,
- * the symmetric wrapping key wrapped using the server's pub key.
- */
- PORT_Memset(&wswk, 0, sizeof wswk); /* eliminate UMRs. */
-
- svrCert = ss->serverCert[exchKeyType];
- svrPubKey = CERT_ExtractPublicKey(svrCert);
- if (svrPubKey == NULL) {
- /* CERT_ExtractPublicKey doesn't set error code */
- PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
- goto loser;
- }
- wrappedKey.type = siBuffer;
- wrappedKey.len = SECKEY_PublicKeyStrength(svrPubKey);
- wrappedKey.data = wswk.wrappedSymmetricWrappingkey;
-
- PORT_Assert(wrappedKey.len <= sizeof wswk.wrappedSymmetricWrappingkey);
- if (wrappedKey.len > sizeof wswk.wrappedSymmetricWrappingkey)
- goto loser;
-
- /* wrap symmetric wrapping key in server's public key. */
- switch (exchKeyType) {
- PK11SymKey * Ks;
- PK11SlotInfo * fSlot;
- SECItem param;
-
- case kt_fortezza:
- /* get the slot that the fortezza server private key is in. */
- fSlot = PK11_GetSlotFromPrivateKey(svrPrivKey);
- if (fSlot == NULL) {
- SET_ERROR_CODE
- goto loser;
- }
-
- /* Look up the Token Fixed Key */
- Ks = PK11_FindFixedKey(fSlot, CKM_SKIPJACK_CBC64, NULL, pwArg);
- PK11_FreeSlot(fSlot);
- if (Ks == NULL) {
- SET_ERROR_CODE
- goto loser;
- }
-
- /* wrap symmetricWrapping key with the local Ks */
- param.type = siBuffer;
- param.data = wswk.wrapIV;
- param.len = sizeof wswk.wrapIV;
- rv = PK11_WrapSymKey(CKM_SKIPJACK_CBC64, &param, Ks,
- unwrappedWrappingKey, &wrappedKey);
- wswk.wrapIVLen = param.len;
- PK11_FreeSymKey(Ks);
- asymWrapMechanism = CKM_SKIPJACK_CBC64;
- break;
-
- case kt_rsa:
- asymWrapMechanism = CKM_RSA_PKCS;
- rv = PK11_PubWrapSymKey(asymWrapMechanism, svrPubKey,
- unwrappedWrappingKey, &wrappedKey);
- break;
-
- default:
- rv = SECFailure;
- break;
- }
-
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- wswk.symWrapMechanism = masterWrapMech;
- wswk.symWrapMechIndex = symWrapMechIndex;
- wswk.asymWrapMechanism = asymWrapMechanism;
- wswk.exchKeyType = exchKeyType;
- wswk.wrappedSymKeyLen = wrappedKey.len;
-
- /* put it on disk. */
- /* If the wrapping key for this KEA type has already been set,
- * then abandon the value we just computed and
- * use the one we got from the disk.
- */
- if (ssl_SetWrappingKey(&wswk)) {
- /* somebody beat us to it. The original contents of our wswk
- * has been replaced with the content on disk. Now, discard
- * the key we just created and unwrap this new one.
- */
- PK11_FreeSymKey(unwrappedWrappingKey);
-
- unwrappedWrappingKey =
- ssl_UnwrapSymWrappingKey(&wswk, svrPrivKey, exchKeyType,
- masterWrapMech, pwArg);
- }
-
-install:
- if (unwrappedWrappingKey) {
- *pSymWrapKey = PK11_ReferenceSymKey(unwrappedWrappingKey);
- }
-
-loser:
-done:
- if (svrPubKey) {
- SECKEY_DestroyPublicKey(svrPubKey);
- svrPubKey = NULL;
- }
- PR_Unlock(symWrapKeysLock);
- return unwrappedWrappingKey;
-}
-
-
-static SECStatus
-ssl3_FortezzaAppendHandshake(sslSocket *ss, unsigned char * data, int len)
-{
- SSL3FortezzaKeys *fortezza_CKE = NULL;
- SECStatus rv = SECFailure;
-
- rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
- (sizeof(*fortezza_CKE)-sizeof(fortezza_CKE->y_c)) + 1 + len);
- if (rv == SECSuccess) {
- rv = ssl3_AppendHandshakeVariable(ss, data, len, 1);
- }
- return rv; /* err set by ssl3_AppendHandshake* */
-}
-
-/* Called from ssl3_SendClientKeyExchange(). */
-static SECStatus
-sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
-{
- PK11SymKey * pms = NULL;
- SECStatus rv = SECFailure;
- SECItem enc_pms = {siBuffer, NULL, 0};
- PRBool isTLS;
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
- PORT_Assert( ssl_HaveXmitBufLock(ss));
-
- /* Generate the pre-master secret ... */
- ssl_GetSpecWriteLock(ss);
- isTLS = (PRBool)(ss->ssl3->pwSpec->version > SSL_LIBRARY_VERSION_3_0);
-
- pms = ssl3_GenerateRSAPMS(ss, ss->ssl3->pwSpec, NULL);
- ssl_ReleaseSpecWriteLock(ss);
- if (pms == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- /* Get the wrapped (encrypted) pre-master secret, enc_pms */
- enc_pms.len = SECKEY_PublicKeyStrength(svrPubKey);
- enc_pms.data = (unsigned char*)PORT_Alloc(enc_pms.len);
- if (enc_pms.data == NULL) {
- goto loser; /* err set by PORT_Alloc */
- }
-
- /* wrap pre-master secret in server's public key. */
- rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, svrPubKey, pms, &enc_pms);
- if (rv != SECSuccess) {
- PORT_Free(enc_pms.data);
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- rv = ssl3_InitPendingCipherSpec(ss, pms);
- PK11_FreeSymKey(pms); pms = NULL;
-
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
- isTLS ? enc_pms.len + 2 : enc_pms.len);
- if (rv != SECSuccess) {
- goto loser; /* err set by ssl3_AppendHandshake* */
- }
- if (isTLS) {
- rv = ssl3_AppendHandshakeVariable(ss, enc_pms.data, enc_pms.len, 2);
- } else {
- rv = ssl3_AppendHandshake(ss, enc_pms.data, enc_pms.len);
- }
- if (rv != SECSuccess) {
- goto loser; /* err set by ssl3_AppendHandshake* */
- }
-
- rv = SECSuccess;
-
-loser:
- if (enc_pms.data != NULL) {
- PORT_Free(enc_pms.data);
- }
- if (pms != NULL) {
- PK11_FreeSymKey(pms);
- }
- return rv;
-}
-
-/* fortezza client-auth portion of ClientKeyExchange message
- * This function appends the KEA public key from the client's V3 cert
- * (empty for a V1 cert) to the outgoing ClientKeyExchange message.
- * For a V3 cert, it also computes the Fortezza public key hash of that key
- * and signs that hash with the client's signing private key.
- * It also finds and returns the client's KEA private key.
- *
- * Called from sendFortezzaClientKeyExchange <- ssl3_SendClientKeyExchange()
- */
-static SECKEYPrivateKey *
-sendFortezzaCKXClientAuth(sslSocket *ss, SSL3FortezzaKeys * fortezza_CKE)
-{
- SECKEYPublicKey * pubKey = NULL;
- SECKEYPrivateKey * privKeaKey = NULL;
- CERTCertificate * peerCert = ss->sec->peerCert;
- void * pwArg = ss->pkcs11PinArg;
- SECStatus rv = SECFailure;
- SECItem sigItem;
- SECItem hashItem;
-
- /* extract our own local public key. */
- pubKey = CERT_ExtractPublicKey(ss->ssl3->clientCertificate);
- if (!pubKey) {
- ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
- goto loser;
- }
-
- if (pubKey->keyType == fortezzaKey) {
- /* fortezza clientauth with fortezza V1 certificate */
- rv = ssl3_FortezzaAppendHandshake(ss, NULL, 0);
- if (rv != SECSuccess) {
- goto loser; /* err was set by AppendHandshake. */
- }
- privKeaKey = PK11_FindKeyByAnyCert(ss->ssl3->clientCertificate, pwArg);
- if (!privKeaKey) {
- ssl_MapLowLevelError(SEC_ERROR_NO_KEY);
- }
-
- } else {
- /* fortezza clientauth w/ V3 certificate or non fortezza cert*/
- CERTCertificate * ccert = NULL;
- SECKEYPublicKey * foundPubKey = NULL;
- unsigned char hash[SHA1_LENGTH];
-
- ccert = PK11_FindBestKEAMatch(peerCert, pwArg);
- if (ccert == NULL) {
- PORT_SetError(SSL_ERROR_FORTEZZA_PQG);
- goto v3_loser;
- }
-
- foundPubKey = CERT_ExtractPublicKey(ccert);
- if (foundPubKey == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
- goto v3_loser;
- }
-
- if (foundPubKey->keyType == keaKey) {
- rv = ssl3_FortezzaAppendHandshake(ss,
- foundPubKey->u.kea.publicValue.data,
- foundPubKey->u.kea.publicValue.len);
- if (rv != SECSuccess) {
- goto v3_loser; /* err was set by AppendHandshake. */
- }
-
- rv = ssl3_ComputeFortezzaPublicKeyHash(
- foundPubKey->u.kea.publicValue, hash);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto v3_loser;
- }
- } else {
- rv = ssl3_FortezzaAppendHandshake(ss,
- foundPubKey->u.fortezza.KEAKey.data,
- foundPubKey->u.fortezza.KEAKey.len);
- if (rv != SECSuccess) {
- goto v3_loser; /* err was set by AppendHandshake. */
- }
-
- rv = ssl3_ComputeFortezzaPublicKeyHash(
- foundPubKey->u.fortezza.KEAKey, hash);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto v3_loser;
- }
- }
-
- hashItem.data = (unsigned char *) hash;
- hashItem.len = SHA1_LENGTH;
-
- sigItem.data = fortezza_CKE->y_signature;
- sigItem.len = sizeof fortezza_CKE->y_signature;
-
- rv = PK11_Sign(ss->ssl3->clientPrivateKey, &sigItem, &hashItem);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto v3_loser;
- }
-
- privKeaKey = PK11_FindKeyByAnyCert(ccert, pwArg);
- if (!privKeaKey) {
- ssl_MapLowLevelError(SEC_ERROR_NO_KEY);
- }
-
-v3_loser:
- if (foundPubKey)
- SECKEY_DestroyPublicKey(foundPubKey);
- if (ccert)
- CERT_DestroyCertificate(ccert);
- } /* fortezza clientauth w/ V3 certificate or non fortezza cert*/
-
-loser:
-
- if (pubKey)
- SECKEY_DestroyPublicKey(pubKey);
- return privKeaKey;
-} /* End of fortezza client-auth. */
-
-
-/* fortezza without client-auth */
-/* fortezza client-auth portion of ClientKeyExchange message
- * This function appends the public KEA key from the client's cert
- * to the outgoing ClientKeyExchange message.
- * It also finds and returns the client's KEA private key.
- *
- * Called from sendFortezzaClientKeyExchange <- ssl3_SendClientKeyExchange()
- */
-static SECKEYPrivateKey *
-sendFortezzaCKXNoClientAuth(sslSocket *ss)
-{
- SECKEYPublicKey * foundPubKey = NULL;
- SECKEYPrivateKey * privKeaKey = NULL;
- CERTCertificate * ccert = NULL;
- CERTCertificate * peerCert = ss->sec->peerCert;
- void * pwArg = ss->pkcs11PinArg;
- SECStatus rv = SECFailure;
-
- ccert = PK11_FindBestKEAMatch(peerCert, pwArg);
- if (ccert == NULL) {
- PORT_SetError(SSL_ERROR_FORTEZZA_PQG);
- goto loser;
- }
-
- foundPubKey = CERT_ExtractPublicKey(ccert);
- if (foundPubKey == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
- goto loser;
- }
-
- if (foundPubKey->keyType == fortezzaKey) {
- /* fortezza V1 cert */
- rv = ssl3_FortezzaAppendHandshake(ss,
- foundPubKey->u.fortezza.KEAKey.data,
- foundPubKey->u.fortezza.KEAKey.len);
- if (rv != SECSuccess) {
- goto loser; /* err was set by AppendHandshake. */
- }
- privKeaKey = PK11_FindKeyByAnyCert(ccert, pwArg);
- if (!privKeaKey) {
- ssl_MapLowLevelError(SEC_ERROR_NO_KEY);
- }
- } else {
- /* fortezza V3 cert */
- rv = ssl3_FortezzaAppendHandshake(ss,
- foundPubKey->u.kea.publicValue.data,
- foundPubKey->u.kea.publicValue.len);
- if (rv != SECSuccess) {
- goto loser; /* err was set by AppendHandshake. */
- }
- privKeaKey = PK11_FindKeyByAnyCert(ccert, pwArg);
- if (!privKeaKey) {
- ssl_MapLowLevelError(SEC_ERROR_NO_KEY);
- }
- }
-
-loser:
- if (foundPubKey)
- SECKEY_DestroyPublicKey(foundPubKey);
- if (ccert)
- CERT_DestroyCertificate(ccert);
- return privKeaKey;
-}
-
-/* Called from ssl3_SendClientKeyExchange(). */
-static SECStatus
-sendFortezzaClientKeyExchange(sslSocket * ss, SECKEYPublicKey * serverKey)
-{
- ssl3CipherSpec * pwSpec;
- sslSessionID * sid = ss->sec->ci.sid;
- PK11SlotInfo * slot = NULL;
- PK11SymKey * pms = NULL;
- PK11SymKey * tek = NULL;
- PK11SymKey * client_write_key = NULL;
- PK11SymKey * server_write_key = NULL;
- SECKEYPrivateKey * privKeaKey = NULL;
- void * pwArg = ss->pkcs11PinArg;
- SECStatus rv = SECFailure;
- CK_VERSION version;
- SECItem param;
- SECItem raItem;
- SECItem rbItem;
- SECItem enc_pms;
- SECItem item;
- SSL3FortezzaKeys fortezza_CKE;
- PRBool releaseSpecWriteLock = PR_FALSE;
-
- PORT_Assert( ssl_HaveXmitBufLock(ss));
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- /* first get an appropriate slot for doing MACing.
- * Note: This slot will NOT be a Fortezza slot because Fortezza
- * cannot generate an SSL3 pre-master-secret.
- */
- slot = PK11_GetBestSlot(CKM_SSL3_PRE_MASTER_KEY_GEN, pwArg);
- if (slot == NULL) {
- PORT_SetError(SSL_ERROR_TOKEN_SLOT_NOT_FOUND);
- goto loser;
- }
-
- /* create a pre-Master secret */
- version.major = MSB(ss->version);
- version.minor = LSB(ss->version);
-
- param.data = (unsigned char *)&version;
- param.len = sizeof version;
-
- pms = PK11_KeyGen(slot, CKM_SSL3_PRE_MASTER_KEY_GEN,
- &param, 0, pwArg);
- PK11_FreeSlot(slot);
- slot = NULL;
- if (pms == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- /* If we don't have a certificate, we need to read out your public key.
- * This changes a bit when we need to deal with the PQG stuff
- */
- PORT_Memset(fortezza_CKE.y_signature, 0, sizeof fortezza_CKE.y_signature);
-
- /* Send the KEA public key and get the KEA private key. */
- if (ss->ssl3->clientCertificate != NULL) {
- /* with client-auth */
- privKeaKey = sendFortezzaCKXClientAuth(ss, &fortezza_CKE);
- } else {
- /* without client-auth */
- privKeaKey = sendFortezzaCKXNoClientAuth(ss);
- }
- if (privKeaKey == NULL) {
- rv = SECFailure;
- goto loser; /* error was already set. */
- }
-
- /* Now we derive the TEK, and generate r_c the client's "random" public key.
- * r_c is generated and filled in by the PubDerive call below.
- */
- raItem.data = fortezza_CKE.r_c;
- raItem.len = sizeof fortezza_CKE.r_c;
-
- /* R_s == server's "random" public key, sent in the Server Key Exchange */
- rbItem.data = ss->ssl3->fortezza.R_s;
- rbItem.len = sizeof ss->ssl3->fortezza.R_s;
-
- tek = PK11_PubDerive(privKeaKey, serverKey, PR_TRUE, /* generate r_c */
- &raItem, &rbItem, CKM_KEA_KEY_DERIVE,
- CKM_SKIPJACK_WRAP, CKA_WRAP, 0, pwArg);
- SECKEY_DestroyPrivateKey(privKeaKey);
- privKeaKey = NULL;
- if (tek == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- ss->ssl3->fortezza.tek = PK11_ReferenceSymKey(tek); /* can't fail. */
-
- /* encrypt the pms with the TEK.
- * NB: PK11_WrapSymKey will generate and output the encrypted PMS
- * AND the IV for decrypting the PMS.
- */
- param.data = fortezza_CKE.master_secret_iv;
- param.len = sizeof fortezza_CKE.master_secret_iv;
-
- enc_pms.data = fortezza_CKE.encrypted_preMasterSecret;
- enc_pms.len = sizeof fortezza_CKE.encrypted_preMasterSecret;
-
- rv = PK11_WrapSymKey(CKM_SKIPJACK_CBC64, &param, tek, pms, &enc_pms);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
- rv = SECFailure; /* not there yet. */
-
- slot = PK11_GetSlotFromKey(tek);
-
- ssl_GetSpecWriteLock(ss); releaseSpecWriteLock = PR_TRUE;
-
- pwSpec = ss->ssl3->pwSpec;
- pwSpec->client.write_key = client_write_key =
- PK11_KeyGen(slot, CKM_SKIPJACK_CBC64, NULL, 0, pwArg);
- if (client_write_key == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
- /* the -1 is a hack. It's supposed to be key size, but we use it
- * to tell the wrapper that we're doing a weird PKCS #11 key gen.
- * Usually the result of key gen is an encrypt key. This is not
- * the case with SSL, where this key is a decrypt key.
- */
- pwSpec->server.write_key = server_write_key =
- PK11_KeyGen(slot, CKM_SKIPJACK_CBC64, NULL, -1, pwArg);
- if (server_write_key == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- rv = ssl3_InitPendingCipherSpec(ss, pms);
- PK11_FreeSymKey(pms); pms = NULL;
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- /* copy the keys and IVs out now */
- item.data = fortezza_CKE.wrapped_client_write_key;
- item.len = sizeof fortezza_CKE.wrapped_client_write_key;
- rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, tek, client_write_key, &item);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- item.data = fortezza_CKE.wrapped_server_write_key;
- item.len = sizeof fortezza_CKE.wrapped_server_write_key;
- rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, tek, server_write_key, &item);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- /* we only get the generated IV's if we're doing skipjack. */
- if (pwSpec->cipher_def->calg == calg_fortezza) {
- PORT_Memcpy(fortezza_CKE.client_write_iv, pwSpec->client.write_iv,
- sizeof fortezza_CKE.client_write_iv);
- PORT_Memcpy(fortezza_CKE.server_write_iv, pwSpec->server.write_iv,
- sizeof fortezza_CKE.server_write_iv);
- } else {
- /* generate IVs to make old servers happy */
- rv = PK11_GenerateFortezzaIV(client_write_key,
- fortezza_CKE.client_write_iv,
- sizeof fortezza_CKE.client_write_iv);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
- rv = PK11_GenerateFortezzaIV(server_write_key,
- fortezza_CKE.server_write_iv,
- sizeof fortezza_CKE.server_write_iv);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
- }
-
- /* NOTE: This technique of writing out the struct, rather than writing
- * out the individual members works only because all the rest of the
- * values are fixed-length strings of well-defined byte order.
- * Add one SECItem or one Number and we will need to break the elements out.
- */
- rv = ssl3_AppendHandshake(ss, &fortezza_CKE.r_c,
- (sizeof fortezza_CKE - sizeof fortezza_CKE.y_c));
- if (rv != SECSuccess) {
- goto loser; /* err was set by AppendHandshake. */
- }
-
- /* now we initialize our contexts */
- sid->u.ssl3.hasFortezza = PR_TRUE;
- sid->u.ssl3.tek = tek; tek = NULL; /* adopt.. */
-
- if (pwSpec->cipher_def->calg == calg_fortezza) {
- sid->u.ssl3.clientWriteKey =
- PK11_ReferenceSymKey(pwSpec->client.write_key);
- sid->u.ssl3.serverWriteKey=
- PK11_ReferenceSymKey(pwSpec->server.write_key);
-
- PORT_Memcpy(sid->u.ssl3.keys.client_write_iv,
- pwSpec->client.write_iv,
- sizeof sid->u.ssl3.keys.client_write_iv);
- PORT_Memcpy(sid->u.ssl3.keys.server_write_iv,
- pwSpec->server.write_iv,
- sizeof sid->u.ssl3.keys.server_write_iv);
-
- rv = PK11_SaveContext((PK11Context *)pwSpec->encodeContext,
- sid->u.ssl3.clientWriteSave,
- &sid->u.ssl3.clientWriteSaveLen,
- sizeof sid->u.ssl3.clientWriteSave);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
- } else {
- PK11_FreeSymKey(client_write_key);
- pwSpec->client.write_key = client_write_key = NULL;
-
- PK11_FreeSymKey(server_write_key);
- pwSpec->server.write_key = server_write_key = NULL;
-
- rv = SECSuccess;
- }
- /* FALL THROUGH */
-
-loser:
- if (tek) PK11_FreeSymKey(tek);
- if (slot) PK11_FreeSlot(slot);
- if (pms) PK11_FreeSymKey(pms);
- if (rv != SECSuccess) {
- if (client_write_key) {
- PK11_FreeSymKey(client_write_key);
- pwSpec->client.write_key = client_write_key = NULL;
- }
- if (server_write_key) {
- PK11_FreeSymKey(server_write_key);
- pwSpec->server.write_key = server_write_key = NULL;
- }
- }
- if (releaseSpecWriteLock)
- ssl_GetSpecWriteLock(ss);
- return rv;
-}
-
-/* Called from ssl3_HandleServerHelloDone(). */
-static SECStatus
-ssl3_SendClientKeyExchange(sslSocket *ss)
-{
- SECKEYPublicKey * serverKey = NULL;
- SECStatus rv = SECFailure;
- PRBool isTLS;
-
- SSL_TRC(3, ("%d: SSL3[%d]: send client_key_exchange handshake",
- SSL_GETPID(), ss->fd));
-
- PORT_Assert( ssl_HaveXmitBufLock(ss));
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- if (ss->sec->peerKey == NULL) {
- serverKey = CERT_ExtractPublicKey(ss->sec->peerCert);
- if (serverKey == NULL) {
- PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
- return SECFailure;
- }
- } else {
- serverKey = ss->sec->peerKey;
- ss->sec->peerKey = NULL; /* we're done with it now */
- }
-
- isTLS = (PRBool)(ss->ssl3->pwSpec->version > SSL_LIBRARY_VERSION_3_0);
- /* enforce limits on kea key sizes. */
- if (ss->ssl3->hs.kea_def->is_limited) {
- int keyLen = SECKEY_PublicKeyStrength(serverKey); /* bytes */
-
- if (keyLen * BPB > ss->ssl3->hs.kea_def->key_size_limit) {
- if (isTLS)
- (void)SSL3_SendAlert(ss, alert_fatal, export_restriction);
- else
- (void)ssl3_HandshakeFailure(ss);
- PORT_SetError(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED);
- goto loser;
- }
- }
-
- switch (ss->ssl3->hs.kea_def->exchKeyType) {
- case kt_rsa:
- rv = sendRSAClientKeyExchange(ss, serverKey);
- break;
-
- case kt_fortezza:
- rv = sendFortezzaClientKeyExchange(ss, serverKey);
- break;
-
- default:
- /* got an unknown or unsupported Key Exchange Algorithm. */
- SEND_ALERT
- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
- break;
- }
-
- SSL_TRC(3, ("%d: SSL3[%d]: DONE sending client_key_exchange",
- SSL_GETPID(), ss->fd));
-
-loser:
- if (serverKey) SECKEY_DestroyPublicKey(serverKey);
- return rv; /* err code already set. */
-}
-
-/* Called from ssl3_HandleServerHelloDone(). */
-static SECStatus
-ssl3_SendCertificateVerify(sslSocket *ss)
-{
- ssl3State * ssl3 = ss->ssl3;
- SECStatus rv = SECFailure;
- PRBool isTLS;
- SECItem buf = {siBuffer, NULL, 0};
- SSL3Hashes hashes;
-
- PORT_Assert( ssl_HaveXmitBufLock(ss));
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- SSL_TRC(3, ("%d: SSL3[%d]: send certificate_verify handshake",
- SSL_GETPID(), ss->fd));
-
- ssl_GetSpecReadLock(ss);
- rv = ssl3_ComputeHandshakeHashes(ss, ssl3->pwSpec, &hashes, 0);
- ssl_ReleaseSpecReadLock(ss);
- if (rv != SECSuccess) {
- goto done; /* err code was set by ssl3_ComputeHandshakeHashes */
- }
-
- isTLS = (PRBool)(ssl3->pwSpec->version > SSL_LIBRARY_VERSION_3_0);
- rv = ssl3_SignHashes(&hashes, ssl3->clientPrivateKey, &buf, isTLS);
- if (rv == SECSuccess) {
- PK11SlotInfo * slot;
- sslSessionID * sid = ss->sec->ci.sid;
-
- /* Remember the info about the slot that did the signing.
- ** Later, when doing an SSL restart handshake, verify this.
- ** These calls are mere accessors, and can't fail.
- */
- slot = PK11_GetSlotFromPrivateKey(ss->ssl3->clientPrivateKey);
- sid->u.ssl3.clAuthSeries = PK11_GetSlotSeries(slot);
- sid->u.ssl3.clAuthSlotID = PK11_GetSlotID(slot);
- sid->u.ssl3.clAuthModuleID = PK11_GetModuleID(slot);
- sid->u.ssl3.clAuthValid = PR_TRUE;
- PK11_FreeSlot(slot);
- }
- /* If we're doing RSA key exchange, we're all done with the private key
- * here. Diffie-Hellman & Fortezza key exchanges need the client's
- * private key for the key exchange.
- */
- if (ssl3->hs.kea_def->exchKeyType == kt_rsa) {
- SECKEY_DestroyPrivateKey(ssl3->clientPrivateKey);
- ssl3->clientPrivateKey = NULL;
- }
- if (rv != SECSuccess) {
- goto done; /* err code was set by ssl3_SignHashes */
- }
-
- rv = ssl3_AppendHandshakeHeader(ss, certificate_verify, buf.len + 2);
- if (rv != SECSuccess) {
- goto done; /* error code set by AppendHandshake */
- }
- rv = ssl3_AppendHandshakeVariable(ss, buf.data, buf.len, 2);
- if (rv != SECSuccess) {
- goto done; /* error code set by AppendHandshake */
- }
-
-done:
- if (buf.data)
- PORT_Free(buf.data);
- return rv;
-}
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 ServerHello message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
- sslSessionID *sid = ss->sec->ci.sid;
- PRInt32 temp; /* allow for consume number failure */
- PRBool suite_found = PR_FALSE;
- int i;
- int errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
- SECStatus rv;
- SECItem sidBytes = {siBuffer, NULL, 0};
- PRBool sid_match;
- PRBool isTLS = PR_FALSE;
- SSL3AlertDescription desc = illegal_parameter;
- SSL3ProtocolVersion version;
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake",
- SSL_GETPID(), ss->fd));
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- rv = ssl3_InitState(ss);
- if (rv != SECSuccess) {
- errCode = PORT_GetError(); /* ssl3_InitState has set the error code. */
- goto alert_loser;
- }
- if (ss->ssl3->hs.ws != wait_server_hello) {
- errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO;
- desc = unexpected_message;
- goto alert_loser;
- }
-
- temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
- if (temp < 0) {
- goto loser; /* alert has been sent */
- }
- version = (SSL3ProtocolVersion)temp;
-
- /* this is appropriate since the negotiation is complete, and we only
- ** know SSL 3.x.
- */
- if (MSB(version) != MSB(SSL_LIBRARY_VERSION_3_0)) {
- desc = handshake_failure;
- goto alert_loser;
- }
-
- rv = ssl3_NegotiateVersion(ss, version);
- if (rv != SECSuccess) {
- desc = handshake_failure;
- errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
- goto alert_loser;
- }
- isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
-
- rv = ssl3_ConsumeHandshake(
- ss, &ss->ssl3->hs.server_random, SSL3_RANDOM_LENGTH, &b, &length);
- if (rv != SECSuccess) {
- goto loser; /* alert has been sent */
- }
-
- rv = ssl3_ConsumeHandshakeVariable(ss, &sidBytes, 1, &b, &length);
- if (rv != SECSuccess) {
- goto loser; /* alert has been sent */
- }
- if (sidBytes.len > SSL3_SESSIONID_BYTES) {
- if (isTLS)
- desc = decode_error;
- goto alert_loser; /* malformed. */
- }
-
- /* find selected cipher suite in our list. */
- temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
- if (temp < 0) {
- goto loser; /* alert has been sent */
- }
- ssl3_config_match_init(ss);
- for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
- if ((temp == suite->cipher_suite) &&
- (config_match(suite, ss->ssl3->policy, PR_TRUE))) {
- suite_found = PR_TRUE;
- break; /* success */
- }
- }
- if (!suite_found) {
- desc = handshake_failure;
- errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
- goto alert_loser;
- }
- ss->ssl3->hs.cipher_suite = (ssl3CipherSuite)temp;
- ss->ssl3->hs.suite_def = ssl_LookupCipherSuiteDef((ssl3CipherSuite)temp);
- PORT_Assert(ss->ssl3->hs.suite_def);
- if (!ss->ssl3->hs.suite_def) {
- PORT_SetError(errCode = SEC_ERROR_LIBRARY_FAILURE);
- goto loser; /* we don't send alerts for our screw-ups. */
- }
-
- /* find selected compression method in our list. */
- temp = ssl3_ConsumeHandshakeNumber(ss, 1, &b, &length);
- if (temp < 0) {
- goto loser; /* alert has been sent */
- }
- suite_found = PR_FALSE;
- for (i = 0; i < compressionMethodsCount; i++) {
- if (temp == compressions[i]) {
- suite_found = PR_TRUE;
- break; /* success */
- }
- }
- if (!suite_found) {
- desc = handshake_failure;
- errCode = SSL_ERROR_NO_COMPRESSION_OVERLAP;
- goto alert_loser;
- }
- ss->ssl3->hs.compression = (SSL3CompressionMethod)temp;
-
- if (length != 0) { /* malformed */
- goto alert_loser;
- }
-
- /* Any errors after this point are not "malformed" errors. */
- desc = handshake_failure;
-
- /* we need to call ssl3_SetupPendingCipherSpec here so we can check the
- * key exchange algorithm. */
- rv = ssl3_SetupPendingCipherSpec(ss, ss->ssl3);
- if (rv != SECSuccess) {
- goto alert_loser; /* error code is set. */
- }
-
- /* We may or may not have sent a session id, we may get one back or
- * not and if so it may match the one we sent.
- * Attempt to restore the master secret to see if this is so...
- * Don't consider failure to find a matching SID an error.
- */
- sid_match = (PRBool)(sidBytes.len > 0 &&
- sidBytes.len == sid->u.ssl3.sessionIDLength &&
- !PORT_Memcmp(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len));
-
- if (sid_match &&
- sid->version == ss->version &&
- sid->u.ssl3.cipherSuite == ss->ssl3->hs.cipher_suite) do {
- PK11SlotInfo *slot;
- PK11SymKey * wrapKey; /* wrapping key */
- SECItem wrappedMS; /* wrapped master secret. */
- CK_FLAGS keyFlags = 0;
-
- slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
- sid->u.ssl3.masterSlotID);
- if (slot == NULL) {
- break; /* not considered an error. */
- }
- if (!PK11_IsPresent(slot)) {
- PK11_FreeSlot(slot);
- break; /* not considered an error. */
- }
- wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex,
- sid->u.ssl3.masterWrapMech,
- sid->u.ssl3.masterWrapSeries,
- ss->pkcs11PinArg);
- PK11_FreeSlot(slot);
- if (wrapKey == NULL) {
- break; /* not considered an error. */
- }
-
- if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
- keyFlags = CKF_SIGN | CKF_VERIFY;
- }
-
- wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
- wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
- ss->ssl3->pwSpec->master_secret =
- PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
- NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
- CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
- errCode = PORT_GetError();
- PK11_FreeSymKey(wrapKey);
- if (ss->ssl3->pwSpec->master_secret == NULL) {
- break; /* errorCode set just after call to UnwrapSymKey. */
- }
-
- /* Got a Match */
- ++ssl3_hsh_sid_cache_hits;
- ss->ssl3->hs.ws = wait_change_cipher;
- ss->ssl3->hs.isResuming = PR_TRUE;
-
- /* copy the peer cert from the SID */
- if (sid->peerCert != NULL) {
- ss->sec->peerCert = CERT_DupCertificate(sid->peerCert);
- }
-
- /* reload the FORTEZZA key material. These keys aren't generated
- * by the master secret, but by the key exchange. We restart by
- * reusing these keys. */
- if (sid->u.ssl3.hasFortezza) {
- ss->ssl3->fortezza.tek = PK11_ReferenceSymKey(sid->u.ssl3.tek);
- }
- if (ss->ssl3->hs.suite_def->bulk_cipher_alg == cipher_fortezza) {
- ss->ssl3->pwSpec->client.write_key =
- PK11_ReferenceSymKey(sid->u.ssl3.clientWriteKey);
- ss->ssl3->pwSpec->server.write_key =
- PK11_ReferenceSymKey(sid->u.ssl3.serverWriteKey);
- /* add the tek later for pre-encrypted files */
- PORT_Memcpy(ss->ssl3->pwSpec->client.write_iv,
- sid->u.ssl3.keys.client_write_iv,
- sizeof sid->u.ssl3.keys.client_write_iv);
- PORT_Memcpy(ss->ssl3->pwSpec->server.write_iv,
- sid->u.ssl3.keys.server_write_iv,
- sizeof sid->u.ssl3.keys.server_write_iv);
- }
-
- /* NULL value for PMS signifies re-use of the old MS */
- rv = ssl3_InitPendingCipherSpec(ss, NULL);
- if (rv != SECSuccess) {
- goto alert_loser; /* err code was set by ssl3_InitPendingCipherSpec */
- }
- if (ss->ssl3->hs.suite_def->bulk_cipher_alg == cipher_fortezza) {
- rv = PK11_RestoreContext(
- (PK11Context *)ss->ssl3->pwSpec->encodeContext,
- sid->u.ssl3.clientWriteSave,
- sid->u.ssl3.clientWriteSaveLen);
- if (rv != SECSuccess) {
- goto alert_loser; /* err is set. */
- }
- }
- SECITEM_ZfreeItem(&sidBytes, PR_FALSE);
- return SECSuccess;
- } while (0);
-
- if (sid_match)
- ++ssl3_hsh_sid_cache_not_ok;
- else
- ++ssl3_hsh_sid_cache_misses;
-
- /* throw the old one away */
- sid->u.ssl3.resumable = PR_FALSE;
- (*ss->sec->uncache)(sid);
- ssl_FreeSID(sid);
-
- /* get a new sid */
- ss->sec->ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE);
- if (sid == NULL) {
- goto alert_loser; /* memory error is set. */
- }
-
- sid->version = ss->version;
- sid->u.ssl3.sessionIDLength = sidBytes.len;
- PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
- SECITEM_ZfreeItem(&sidBytes, PR_FALSE);
-
- ss->ssl3->hs.isResuming = PR_FALSE;
- ss->ssl3->hs.ws = wait_server_cert;
- return SECSuccess;
-
-alert_loser:
- (void)SSL3_SendAlert(ss, alert_fatal, desc);
-
-loser:
- if (sidBytes.data != NULL)
- SECITEM_ZfreeItem(&sidBytes, PR_FALSE);
- errCode = ssl_MapLowLevelError(errCode);
- return SECFailure;
-}
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 ServerKeyExchange message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
- PRArenaPool * arena;
- SECKEYPublicKey *peerKey;
- PRBool isTLS;
- SECStatus rv;
- int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH;
- SSL3AlertDescription desc = illegal_parameter;
- SECItem modulus = {siBuffer, NULL, 0};
- SECItem exponent = {siBuffer, NULL, 0};
- SECItem signature = {siBuffer, NULL, 0};
- SSL3Hashes hashes;
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle server_key_exchange handshake",
- SSL_GETPID(), ss->fd));
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- if (ss->ssl3->hs.ws != wait_server_key &&
- ss->ssl3->hs.ws != wait_server_cert) {
- errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH;
- desc = unexpected_message;
- goto alert_loser;
- }
- if (ss->sec->peerCert == NULL) {
- errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH;
- desc = unexpected_message;
- goto alert_loser;
- }
-
- isTLS = (PRBool)(ss->ssl3->prSpec->version > SSL_LIBRARY_VERSION_3_0);
-
- switch (ss->ssl3->hs.kea_def->exchKeyType) {
- case kt_rsa:
- rv = ssl3_ConsumeHandshakeVariable(ss, &modulus, 2, &b, &length);
- if (rv != SECSuccess) {
- goto loser; /* malformed. */
- }
- rv = ssl3_ConsumeHandshakeVariable(ss, &exponent, 2, &b, &length);
- if (rv != SECSuccess) {
- goto loser; /* malformed. */
- }
- rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
- if (rv != SECSuccess) {
- goto loser; /* malformed. */
- }
- if (length != 0) {
- if (isTLS)
- desc = decode_error;
- goto alert_loser; /* malformed. */
- }
-
- /* failures after this point are not malformed handshakes. */
- /* TLS: send decrypt_error if signature failed. */
- desc = isTLS ? decrypt_error : handshake_failure;
-
- /*
- * check to make sure the hash is signed by right guy
- */
- rv = ssl3_ComputeExportRSAKeyHash(modulus, exponent,
- &ss->ssl3->hs.client_random,
- &ss->ssl3->hs.server_random, &hashes);
- if (rv != SECSuccess) {
- errCode =
- ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- goto alert_loser;
- }
- rv = ssl3_VerifySignedHashes(&hashes, ss->sec->peerCert, &signature,
- isTLS, ss->pkcs11PinArg);
- if (rv != SECSuccess) {
- errCode =
- ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- goto alert_loser;
- }
-
- /*
- * we really need to build a new key here because we can no longer
- * ignore calling SECKEY_DestroyPublicKey. Using the key may allocate
- * pkcs11 slots and ID's.
- */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- goto no_memory;
- }
-
- ss->sec->peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
- if (peerKey == NULL) {
- goto no_memory;
- }
-
- peerKey->arena = arena;
- peerKey->keyType = rsaKey;
- peerKey->pkcs11Slot = NULL;
- peerKey->pkcs11ID = CK_INVALID_KEY;
- peerKey->u.rsa.modulus.data =
- (unsigned char*)PORT_ArenaAlloc(arena, modulus.len);
- if (peerKey->u.rsa.modulus.data == NULL)
- goto no_memory;
-
- PORT_Memcpy(peerKey->u.rsa.modulus.data, modulus.data, modulus.len);
- peerKey->u.rsa.modulus.len = modulus.len;
-
- peerKey->u.rsa.publicExponent.data =
- (unsigned char*)PORT_ArenaAlloc(arena, exponent.len);
- if (peerKey->u.rsa.publicExponent.data == NULL)
- goto no_memory;
-
- PORT_Memcpy(peerKey->u.rsa.publicExponent.data,
- exponent.data, exponent.len);
- peerKey->u.rsa.publicExponent.len = exponent.len;
-
- PORT_Free(modulus.data);
- PORT_Free(exponent.data);
- PORT_Free(signature.data);
- ss->ssl3->hs.ws = wait_cert_request;
- return SECSuccess;
-
- case kt_fortezza:
-
- /* Fortezza needs *BOTH* a server cert message
- * and a server key exchange message.
- */
- if (ss->ssl3->hs.ws == wait_server_cert) {
- errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH;
- desc = unexpected_message;
- goto alert_loser;
- }
- /* Get the server's "random" public key. */
- rv = ssl3_ConsumeHandshake(ss, ss->ssl3->fortezza.R_s,
- sizeof ss->ssl3->fortezza.R_s, &b, &length);
- if (rv != SECSuccess) {
- goto loser; /* malformed */
- }
-
- ss->ssl3->hs.ws = wait_cert_request;
- return SECSuccess;
-
- default:
- desc = handshake_failure;
- errCode = SEC_ERROR_UNSUPPORTED_KEYALG;
- break; /* goto alert_loser; */
- }
-
-alert_loser:
- (void)SSL3_SendAlert(ss, alert_fatal, desc);
-loser:
- if (modulus.data != NULL) SECITEM_FreeItem(&modulus, PR_FALSE);
- if (exponent.data != NULL) SECITEM_FreeItem(&exponent, PR_FALSE);
- if (signature.data != NULL) SECITEM_FreeItem(&signature, PR_FALSE);
- PORT_SetError( errCode );
- return SECFailure;
-
-no_memory: /* no-memory error has already been set. */
- if (modulus.data != NULL) SECITEM_FreeItem(&modulus, PR_FALSE);
- if (exponent.data != NULL) SECITEM_FreeItem(&exponent, PR_FALSE);
- if (signature.data != NULL) SECITEM_FreeItem(&signature, PR_FALSE);
- ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- return SECFailure;
-}
-
-
-typedef struct dnameNode {
- struct dnameNode *next;
- SECItem name;
-} dnameNode;
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 Certificate Request message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
- ssl3State * ssl3 = ss->ssl3;
- PRArenaPool * arena = NULL;
- dnameNode * node;
- unsigned char * data;
- PRInt32 remaining;
- PRInt32 len;
- PRBool isTLS = PR_FALSE;
- int i;
- int errCode = SSL_ERROR_RX_MALFORMED_CERT_REQUEST;
- int nnames = 0;
- SECStatus rv;
- SSL3AlertDescription desc = illegal_parameter;
- SECItem cert_types = {siBuffer, NULL, 0};
- CERTDistNames ca_list;
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake",
- SSL_GETPID(), ss->fd));
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- if (ssl3->hs.ws != wait_cert_request &&
- ssl3->hs.ws != wait_server_key) {
- desc = unexpected_message;
- errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST;
- goto alert_loser;
- }
- isTLS = (PRBool)(ssl3->prSpec->version > SSL_LIBRARY_VERSION_3_0);
- rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length);
- if (rv != SECSuccess)
- goto loser; /* malformed, alert has been sent */
-
- arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL)
- goto no_mem;
-
- remaining = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
- if (remaining < 0)
- goto loser; /* malformed, alert has been sent */
-
- ca_list.head = node = PORT_ArenaZNew(arena, dnameNode);
- if (node == NULL)
- goto no_mem;
-
- while (remaining != 0) {
- if (remaining < 2)
- goto alert_loser; /* malformed */
-
- node->name.len = len = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
- if (len < 0)
- goto loser; /* malformed, alert has been sent */
-
- remaining -= 2;
- if (remaining < len)
- goto alert_loser; /* malformed */
-
- data = node->name.data = (unsigned char*)PORT_ArenaAlloc(arena, len);
- if (data == NULL)
- goto no_mem;
-
- rv = ssl3_ConsumeHandshake(ss, data, len, &b, &length);
- if (rv != SECSuccess)
- goto loser; /* malformed, alert has been sent */
-
- remaining -= len;
- nnames++;
- if (remaining == 0)
- break; /* success */
-
- node->next = PORT_ArenaZNew(arena, dnameNode);
- node = node->next;
- if (node == NULL)
- goto no_mem;
- }
-
- ca_list.nnames = nnames;
- ca_list.names = (SECItem*)PORT_ArenaAlloc(arena, nnames * sizeof(SECItem));
- if (ca_list.names == NULL)
- goto no_mem;
-
- for(i = 0, node = (dnameNode*)ca_list.head;
- i < nnames;
- i++, node = node->next) {
- ca_list.names[i] = node->name;
- }
-
- if (length != 0)
- goto alert_loser; /* malformed */
-
- desc = no_certificate;
- ssl3->hs.ws = wait_hello_done;
-
- if (ss->getClientAuthData == NULL) {
- rv = SECFailure; /* force it to send a no_certificate alert */
- } else {
- /* XXX Should pass cert_types in this call!! */
- rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
- ss->fd, &ca_list,
- &ssl3->clientCertificate,
- &ssl3->clientPrivateKey);
- }
- switch (rv) {
- case SECWouldBlock: /* getClientAuthData has put up a dialog box. */
- ssl_SetAlwaysBlock(ss);
- break; /* not an error */
-
- case SECSuccess:
- /* Setting ssl3->clientCertChain non-NULL will cause
- * ssl3_HandleServerHelloDone to call SendCertificate.
- */
- ssl3->clientCertChain = CERT_CertChainFromCert(ssl3->clientCertificate,
- certUsageSSLClient, PR_FALSE);
- if (ssl3->clientCertChain == NULL) {
- if (ssl3->clientCertificate != NULL) {
- CERT_DestroyCertificate(ssl3->clientCertificate);
- ssl3->clientCertificate = NULL;
- }
- if (ssl3->clientPrivateKey != NULL) {
- SECKEY_DestroyPrivateKey(ssl3->clientPrivateKey);
- ssl3->clientPrivateKey = NULL;
- }
- goto send_no_certificate;
- }
- break; /* not an error */
-
- case SECFailure:
- default:
-send_no_certificate:
- if (isTLS) {
- ssl3->sendEmptyCert = PR_TRUE;
- } else {
- (void)SSL3_SendAlert(ss, alert_warning, no_certificate);
- }
- rv = SECSuccess;
- break;
- }
- goto done;
-
-no_mem:
- rv = SECFailure;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto done;
-
-alert_loser:
- if (isTLS && desc == illegal_parameter)
- desc = decode_error;
- (void)SSL3_SendAlert(ss, alert_fatal, desc);
-loser:
- PORT_SetError(errCode);
- rv = SECFailure;
-done:
- if (arena != NULL)
- PORT_FreeArena(arena, PR_FALSE);
- if (cert_types.data != NULL)
- SECITEM_FreeItem(&cert_types, PR_FALSE);
- return rv;
-}
-
-/*
- * attempt to restart the handshake after asynchronously handling
- * a request for the client's certificate.
- *
- * inputs:
- * cert Client cert chosen by application.
- * Note: ssl takes this reference, and does not bump the
- * reference count. The caller should drop its reference
- * without calling CERT_DestroyCert after calling this function.
- *
- * key Private key associated with cert. This function makes a
- * copy of the private key, so the caller remains responsible
- * for destroying its copy after this function returns.
- *
- * certChain Chain of signers for cert.
- * Note: ssl takes this reference, and does not copy the chain.
- * The caller should drop its reference without destroying the
- * chain. SSL will free the chain when it is done with it.
- *
- * Return value: XXX
- *
- * XXX This code only works on the initial handshake on a connection, XXX
- * It does not work on a subsequent handshake (redo).
- *
- * Caller holds 1stHandshakeLock.
- */
-SECStatus
-ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
- CERTCertificate * cert,
- SECKEYPrivateKey * key,
- CERTCertificateList *certChain)
-{
- SECStatus rv = SECSuccess;
-
- if (MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_3_0)) {
- /* XXX This code only works on the initial handshake on a connection,
- ** XXX It does not work on a subsequent handshake (redo).
- */
- if (ss->handshake != 0) {
- ss->handshake = ssl_GatherRecord1stHandshake;
- ss->ssl3->clientCertificate = cert;
- ss->ssl3->clientCertChain = certChain;
- if (key == NULL) {
- (void)SSL3_SendAlert(ss, alert_warning, no_certificate);
- ss->ssl3->clientPrivateKey = NULL;
- } else {
- ss->ssl3->clientPrivateKey = SECKEY_CopyPrivateKey(key);
- }
- ssl_GetRecvBufLock(ss);
- if (ss->ssl3->hs.msgState.buf != NULL) {
- rv = ssl3_HandleRecord(ss, NULL, &ss->gather->buf);
- }
- ssl_ReleaseRecvBufLock(ss);
- }
- }
- return rv;
-}
-
-
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 Server Hello Done message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleServerHelloDone(sslSocket *ss)
-{
- SECStatus rv;
- SSL3WaitState ws = ss->ssl3->hs.ws;
- PRBool send_verify = PR_FALSE;
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello_done handshake",
- SSL_GETPID(), ss->fd));
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- if (ws != wait_hello_done &&
- ws != wait_server_cert &&
- ws != wait_server_key &&
- ws != wait_cert_request) {
- SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
- return SECFailure;
- }
-
- ssl_GetXmitBufLock(ss); /*******************************/
-
- if (ss->ssl3->sendEmptyCert) {
- ss->ssl3->sendEmptyCert = PR_FALSE;
- rv = ssl3_SendEmptyCertificate(ss);
- /* Don't send verify */
- if (rv != SECSuccess) {
- goto loser; /* error code is set. */
- }
- } else
- if (ss->ssl3->clientCertChain != NULL &&
- ss->ssl3->clientPrivateKey != NULL) {
- send_verify = PR_TRUE;
- rv = ssl3_SendCertificate(ss);
- if (rv != SECSuccess) {
- goto loser; /* error code is set. */
- }
- }
-
- rv = ssl3_SendClientKeyExchange(ss);
- if (rv != SECSuccess) {
- goto loser; /* err is set. */
- }
-
- if (send_verify) {
- rv = ssl3_SendCertificateVerify(ss);
- if (rv != SECSuccess) {
- goto loser; /* err is set. */
- }
- }
- rv = ssl3_SendChangeCipherSpecs(ss);
- if (rv != SECSuccess) {
- goto loser; /* err code was set. */
- }
- rv = ssl3_SendFinished(ss, 0);
- if (rv != SECSuccess) {
- goto loser; /* err code was set. */
- }
-
- ssl_ReleaseXmitBufLock(ss); /*******************************/
-
- ss->ssl3->hs.ws = wait_change_cipher;
- return SECSuccess;
-
-loser:
- ssl_ReleaseXmitBufLock(ss);
- return rv;
-}
-
-/*
- * Routines used by servers
- */
-static SECStatus
-ssl3_SendHelloRequest(sslSocket *ss)
-{
- SECStatus rv;
-
- SSL_TRC(3, ("%d: SSL3[%d]: send hello_request handshake", SSL_GETPID(),
- ss->fd));
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
-
- rv = ssl3_AppendHandshakeHeader(ss, hello_request, 0);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake */
- }
- rv = ssl3_FlushHandshake(ss, 0);
- if (rv != SECSuccess) {
- return rv; /* error code set by ssl3_FlushHandshake */
- }
- ss->ssl3->hs.ws = wait_client_hello;
- return SECSuccess;
-}
-
-/* Sets memory error when returning NULL.
- * Called from:
- * ssl3_SendClientHello()
- * ssl3_HandleServerHello()
- * ssl3_HandleClientHello()
- * ssl3_HandleV2ClientHello()
- */
-static sslSessionID *
-ssl3_NewSessionID(sslSocket *ss, PRBool is_server)
-{
- sslSessionID *sid;
-
- sid = PORT_ZNew(sslSessionID);
- if (sid == NULL)
- return sid;
-
- sid->peerID = (ss->peerID == NULL) ? NULL : PORT_Strdup(ss->peerID);
- sid->urlSvrName = (ss->url == NULL) ? NULL : PORT_Strdup(ss->url);
- sid->addr = ss->sec->ci.peer;
- sid->port = ss->sec->ci.port;
- sid->references = 1;
- sid->cached = never_cached;
- sid->version = ss->version;
-
- sid->u.ssl3.resumable = PR_TRUE;
- sid->u.ssl3.policy = SSL_ALLOWED;
- sid->u.ssl3.hasFortezza = PR_FALSE;
- sid->u.ssl3.clientWriteKey = NULL;
- sid->u.ssl3.serverWriteKey = NULL;
- sid->u.ssl3.tek = NULL;
-
- if (is_server) {
- SECStatus rv;
- int pid = SSL_GETPID();
-
- sid->u.ssl3.sessionIDLength = SSL3_SESSIONID_BYTES;
- sid->u.ssl3.sessionID[0] = (pid >> 8) & 0xff;
- sid->u.ssl3.sessionID[1] = pid & 0xff;
- rv = PK11_GenerateRandom(sid->u.ssl3.sessionID + 2,
- SSL3_SESSIONID_BYTES -2);
- if (rv != SECSuccess) {
- ssl_FreeSID(sid);
- ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
- return NULL;
- }
- }
- return sid;
-}
-
-/* Called from: ssl3_HandleClientHello, ssl3_HandleV2ClientHello */
-static SECStatus
-ssl3_SendServerHelloSequence(sslSocket *ss)
-{
- const ssl3KEADef *kea_def;
- SECStatus rv;
-
- SSL_TRC(3, ("%d: SSL3[%d]: begin send server_hello sequence",
- SSL_GETPID(), ss->fd));
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
-
- rv = ssl3_SendServerHello(ss);
- if (rv != SECSuccess) {
- return rv; /* err code is set. */
- }
- rv = ssl3_SendCertificate(ss);
- if (rv != SECSuccess) {
- return rv; /* error code is set. */
- }
- /* We have to do this after the call to ssl3_SendServerHello,
- * because kea_def is set up by ssl3_SendServerHello().
- */
- kea_def = ss->ssl3->hs.kea_def;
- ss->ssl3->hs.usedStepDownKey = PR_FALSE;
- if (kea_def->kea == kea_fortezza) {
- rv = ssl3_SendServerKeyExchange(ss);
- if (rv != SECSuccess) {
- return rv; /* err code was set. */
- }
- } else if (kea_def->is_limited && kea_def->exchKeyType == kt_rsa) {
- /* see if we can legally use the key in the cert. */
- int keyLen; /* bytes */
-
- keyLen = PK11_GetPrivateModulusLen(
- ss->serverKey[kea_def->exchKeyType]);
-
- if (keyLen > 0 &&
- keyLen * BPB <= kea_def->key_size_limit ) {
- /* XXX AND cert is not signing only!! */
- /* just fall through and use it. */
- } else if (ss->stepDownKeyPair != NULL) {
- ss->ssl3->hs.usedStepDownKey = PR_TRUE;
- rv = ssl3_SendServerKeyExchange(ss);
- if (rv != SECSuccess) {
- return rv; /* err code was set. */
- }
- } else {
-#ifndef HACKED_EXPORT_SERVER
- PORT_SetError(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED);
- return rv;
-#endif
- }
- }
-
- if (ss->requestCertificate) {
- rv = ssl3_SendCertificateRequest(ss);
- if (rv != SECSuccess) {
- return rv; /* err code is set. */
- }
- }
- rv = ssl3_SendServerHelloDone(ss);
- if (rv != SECSuccess) {
- return rv; /* err code is set. */
- }
-
- ss->ssl3->hs.ws = (ss->requestCertificate) ? wait_client_cert
- : wait_client_key;
- return SECSuccess;
-}
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 Client Hello message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
- sslSessionID * sid = NULL;
- ssl3State * ssl3;
- sslConnectInfo * ci;
- PRInt32 tmp;
- unsigned int i;
- int j;
- SECStatus rv;
- int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
- SSL3AlertDescription desc = illegal_parameter;
- SSL3ProtocolVersion version;
- SECItem sidBytes = {siBuffer, NULL, 0};
- SECItem suites = {siBuffer, NULL, 0};
- SECItem comps = {siBuffer, NULL, 0};
- PRBool haveSpecWriteLock = PR_FALSE;
- PRBool haveXmitBufLock = PR_FALSE;
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake",
- SSL_GETPID(), ss->fd));
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- /* Get peer name of client */
- rv = ssl_GetPeerInfo(ss);
- if (rv != SECSuccess) {
- return rv; /* error code is set. */
- }
-
- rv = ssl3_InitState(ss);
- if (rv != SECSuccess) {
- return rv; /* ssl3_InitState has set the error code. */
- }
- ssl3 = ss->ssl3;
-
- if ((ssl3->hs.ws != wait_client_hello) &&
- (ssl3->hs.ws != idle_handshake)) {
- desc = unexpected_message;
- errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO;
- goto alert_loser;
- }
- ci = &ss->sec->ci;
-
- tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
- if (tmp < 0)
- goto loser; /* malformed, alert already sent */
- ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp;
- rv = ssl3_NegotiateVersion(ss, version);
- if (rv != SECSuccess) {
- /* We can't do the usual isTLS test here, because the negotiated
- ** version is definitely not 3.1. So the question is, are we
- ** willing/able to do TLS here on our side?
- */
- desc = ss->enableTLS ? protocol_version : handshake_failure;
- errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
- goto alert_loser;
- }
-
- /* grab the client random data. */
- rv = ssl3_ConsumeHandshake(
- ss, &ssl3->hs.client_random, SSL3_RANDOM_LENGTH, &b, &length);
- if (rv != SECSuccess) {
- goto loser; /* malformed */
- }
-
- /* grab the client's SID, if present. */
- rv = ssl3_ConsumeHandshakeVariable(ss, &sidBytes, 1, &b, &length);
- if (rv != SECSuccess) {
- goto loser; /* malformed */
- }
-
- if (sidBytes.len > 0) {
- SSL_TRC(7, ("%d: SSL3[%d]: server, lookup client session-id for 0x%08x",
- SSL_GETPID(), ss->fd, ci->peer));
- sid = (*ssl_sid_lookup)(ci->peer, sidBytes.data, sidBytes.len,
- ss->dbHandle);
- }
- SECITEM_FreeItem(&sidBytes, PR_FALSE);
-
- /* grab the list of cipher suites. */
- rv = ssl3_ConsumeHandshakeVariable(ss, &suites, 2, &b, &length);
- if (rv != SECSuccess) {
- goto loser; /* malformed */
- }
-
- /* grab the list of compression methods. */
- rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length);
- if (rv != SECSuccess) {
- goto loser; /* malformed */
- }
-
- /* It's OK for length to be non-zero here.
- * Non-zero length means that some new protocol revision has extended
- * the client hello message.
- */
-
- desc = handshake_failure;
-
- if (sid != NULL) {
- /* We've found a session cache entry for this client.
- * Now, if we're going to require a client-auth cert,
- * and we don't already have this client's cert in the session cache,
- * and this is the first handshake on this connection (not a redo),
- * then drop this old cache entry and start a new session.
- */
- if ((sid->peerCert == NULL) && ss->requestCertificate &&
- ((ss->requireCertificate == 1) ||
- ((ss->requireCertificate == 2) && !ss->connected))) {
-
- ++ssl3_hch_sid_cache_not_ok;
- ss->sec->uncache(sid);
- ssl_FreeSID(sid);
- sid = NULL;
- }
- }
-
- /* Look for a matching cipher suite. */
- j = ssl3_config_match_init(ss);
- if (j <= 0) { /* no ciphers are working/supported by PK11 */
- errCode = PORT_GetError(); /* error code is already set. */
- goto alert_loser;
- }
- /* If we already have a session for this client, be sure to pick the
- ** same cipher suite we picked before.
- ** This is not a loop, despite appearances.
- */
- if (sid) do {
- ssl3CipherSuiteCfg *suite = ss->cipherSuites;
- for (j = ssl_V3_SUITES_IMPLEMENTED; j > 0; --j, ++suite) {
- if (suite->cipher_suite == sid->u.ssl3.cipherSuite)
- break;
- }
- if (!j)
- break;
- if (!config_match(suite, ssl3->policy, PR_TRUE))
- break;
- for (i = 0; i < suites.len; i += 2) {
- if ((suites.data[i] == MSB(suite->cipher_suite)) &&
- (suites.data[i + 1] == LSB(suite->cipher_suite))) {
-
- ssl3->hs.cipher_suite = suite->cipher_suite;
- ssl3->hs.suite_def =
- ssl_LookupCipherSuiteDef(ssl3->hs.cipher_suite);
- goto suite_found;
- }
- }
- } while (0);
-
- /* Select a cipher suite.
- ** NOTE: This suite selection algorithm should be the same as the one in
- ** ssl3_HandleV2ClientHello().
- */
- for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
- ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
- if (!config_match(suite, ssl3->policy, PR_TRUE))
- continue;
- for (i = 0; i < suites.len; i += 2) {
- if ((suites.data[i] == MSB(suite->cipher_suite)) &&
- (suites.data[i + 1] == LSB(suite->cipher_suite))) {
-
- ssl3->hs.cipher_suite = suite->cipher_suite;
- ssl3->hs.suite_def =
- ssl_LookupCipherSuiteDef(ssl3->hs.cipher_suite);
- goto suite_found;
- }
- }
- }
- errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
- goto alert_loser;
-
-suite_found:
- /* Look for a matching compression algorithm. */
- for (i = 0; i < comps.len; i++) {
- for (j = 0; j < compressionMethodsCount; j++) {
- if (comps.data[i] == compressions[j]) {
- ssl3->hs.compression = (SSL3CompressionMethod)compressions[j];
- goto compression_found;
- }
- }
- }
- errCode = SSL_ERROR_NO_COMPRESSION_OVERLAP;
- /* null compression must be supported */
- goto alert_loser;
-
-compression_found:
- PORT_Free(suites.data);
- suites.data = NULL;
- PORT_Free(comps.data);
- comps.data = NULL;
-
- ss->sec->send = ssl3_SendApplicationData;
-
- /* If there are any failures while processing the old sid,
- * we don't consider them to be errors. Instead, We just behave
- * as if the client had sent us no sid to begin with, and make a new one.
- */
- if (sid != NULL) do {
- PK11SlotInfo * slot;
- PK11SymKey * wrapKey; /* wrapping key */
- SECItem wrappedKey; /* wrapped key */
- ssl3CipherSpec *pwSpec;
- CK_FLAGS keyFlags = 0;
-
- if (sid->version != ss->version ||
- sid->u.ssl3.cipherSuite != ssl3->hs.cipher_suite) {
- break; /* not an error */
- }
-
- if (ci->sid) {
- ss->sec->uncache(ci->sid);
- PORT_Assert(ci->sid != sid); /* should be impossible, but ... */
- if (ci->sid != sid) {
- ssl_FreeSID(ci->sid);
- }
- ci->sid = NULL;
- }
- /* we need to resurrect the master secret.... */
-
- ssl_GetSpecWriteLock(ss); haveSpecWriteLock = PR_TRUE;
- pwSpec = ssl3->pwSpec;
-
- wrapKey = getWrappingKey(ss, NULL, sid->u.ssl3.exchKeyType,
- sid->u.ssl3.masterWrapMech, ss->pkcs11PinArg);
- if (!wrapKey) {
- /* we have a SID cache entry, but no wrapping key for it??? */
- break;
- }
-
- if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
- keyFlags = CKF_SIGN | CKF_VERIFY;
- }
-
- wrappedKey.data = sid->u.ssl3.keys.wrapped_master_secret;
- wrappedKey.len = sid->u.ssl3.keys.wrapped_master_secret_len;
-
- /* unwrap the master secret. */
- pwSpec->master_secret =
- PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
- NULL, &wrappedKey, CKM_SSL3_MASTER_KEY_DERIVE,
- CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
- PK11_FreeSymKey(wrapKey);
- if (pwSpec->master_secret == NULL) {
- break; /* not an error */
- }
- ci->sid = sid;
- if (sid->peerCert != NULL) {
- ss->sec->peerCert = CERT_DupCertificate(sid->peerCert);
- }
-
- /*
- * Old SID passed all tests, so resume this old session.
- *
- * XXX make sure compression still matches
- */
- ++ssl3_hch_sid_cache_hits;
- ssl3->hs.isResuming = PR_TRUE;
-
- ssl_GetXmitBufLock(ss); haveXmitBufLock = PR_TRUE;
-
- rv = ssl3_SendServerHello(ss);
- if (rv != SECSuccess) {
- errCode = PORT_GetError();
- goto loser;
- }
-
- /* reload the FORTEZZA key material.
- * On Fortezza, the following keys & IVs are generated by the KEA,
- * not from the PMS. Since we're not going to redo the KEA, we
- * have to save & restore them for Fortezza.
- * use kea because we haven't call InitCipher Specs yet...?
- */
- if (ssl3->hs.suite_def->bulk_cipher_alg == cipher_fortezza) {
- PK11SymKey * Ks;
- SECItem item;
-
- PORT_Memcpy(pwSpec->client.write_iv,
- sid->u.ssl3.keys.client_write_iv,
- sizeof sid->u.ssl3.keys.client_write_iv);
- PORT_Memcpy(pwSpec->server.write_iv,
- sid->u.ssl3.keys.server_write_iv,
- sizeof sid->u.ssl3.keys.server_write_iv);
-
- /* Now, unwrap the client and server write keys with Ks */
-
- /* get the slot that the fortezza server private key is in. */
- slot = PK11_GetSlotFromPrivateKey(ss->serverKey[kt_fortezza]);
- if (slot == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- /* Look up the Token Fixed Key */
- Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL,
- ss->pkcs11PinArg);
- PK11_FreeSlot(slot);
- if (Ks == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
- /* unwrap client write key with the local Ks */
- item.data = sid->u.ssl3.keys.wrapped_client_write_key;
- item.len = sizeof sid->u.ssl3.keys.wrapped_client_write_key;
-
- pwSpec->client.write_key =
- PK11_UnwrapSymKey(Ks, CKM_SKIPJACK_WRAP, NULL, &item,
- CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
- if (pwSpec->client.write_key == NULL) {
- SEND_ALERT
- ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE);
- goto loser;
- }
-
- /* unwrap server write key with the local Ks */
- item.data = sid->u.ssl3.keys.wrapped_server_write_key;
- item.len = sizeof sid->u.ssl3.keys.wrapped_server_write_key;
-
- pwSpec->server.write_key =
- PK11_UnwrapSymKey(Ks, CKM_SKIPJACK_WRAP, NULL, &item,
- CKM_SKIPJACK_CBC64, CKA_ENCRYPT, 0);
- if (pwSpec->server.write_key == NULL) {
- PK11_FreeSymKey(pwSpec->client.write_key);
- pwSpec->client.write_key = NULL;
- SEND_ALERT
- ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE);
- goto loser;
- }
- /* Set flag that says "generate 8 byte random prefix plaintext." */
- PK11_SetFortezzaHack(pwSpec->server.write_key); /* can't fail */
-
- }
-
- if (haveSpecWriteLock) {
- ssl_ReleaseSpecWriteLock(ss);
- haveSpecWriteLock = PR_FALSE;
- }
-
- /* NULL value for PMS signifies re-use of the old MS */
- rv = ssl3_InitPendingCipherSpec(ss, NULL);
- if (rv != SECSuccess) {
- errCode = PORT_GetError();
- goto loser;
- }
-
- rv = ssl3_SendChangeCipherSpecs(ss);
- if (rv != SECSuccess) {
- errCode = PORT_GetError();
- goto loser;
- }
- rv = ssl3_SendFinished(ss, 0);
- ssl3->hs.ws = wait_change_cipher;
- if (rv != SECSuccess) {
- errCode = PORT_GetError();
- goto loser;
- }
-
- if (haveXmitBufLock) {
- ssl_ReleaseXmitBufLock(ss);
- haveXmitBufLock = PR_FALSE;
- }
-
- return SECSuccess;
- } while (0);
-
- if (haveSpecWriteLock) {
- ssl_ReleaseSpecWriteLock(ss);
- haveSpecWriteLock = PR_FALSE;
- }
-
- if (sid) { /* we had a sid, but it's no longer valid, free it */
- ++ssl3_hch_sid_cache_not_ok;
- ss->sec->uncache(sid);
- ssl_FreeSID(sid);
- sid = NULL;
- }
- ++ssl3_hch_sid_cache_misses;
-
- sid = ssl3_NewSessionID(ss, PR_TRUE);
- if (sid == NULL) {
- errCode = PORT_GetError();
- goto loser; /* memory error is set. */
- }
- ci->sid = sid;
-
- ssl3->hs.isResuming = PR_FALSE;
- ssl_GetXmitBufLock(ss);
- rv = ssl3_SendServerHelloSequence(ss);
- ssl_ReleaseXmitBufLock(ss);
- if (rv != SECSuccess) {
- errCode = PORT_GetError();
- goto loser;
- }
-
- if (haveXmitBufLock) {
- ssl_ReleaseXmitBufLock(ss);
- haveXmitBufLock = PR_FALSE;
- }
-
- return SECSuccess;
-
-alert_loser:
- if (haveSpecWriteLock) {
- ssl_ReleaseSpecWriteLock(ss);
- haveSpecWriteLock = PR_FALSE;
- }
- (void)SSL3_SendAlert(ss, alert_fatal, desc);
- /* FALLTHRU */
-loser:
- if (haveSpecWriteLock) {
- ssl_ReleaseSpecWriteLock(ss);
- haveSpecWriteLock = PR_FALSE;
- }
-
- if (sidBytes.data != NULL) SECITEM_FreeItem(&sidBytes, PR_FALSE);
- if (suites.data != NULL) SECITEM_FreeItem(&suites, PR_FALSE);
- if (comps.data != NULL) SECITEM_FreeItem(&comps, PR_FALSE);
-
- if (haveXmitBufLock) {
- ssl_ReleaseXmitBufLock(ss);
- haveXmitBufLock = PR_FALSE;
- }
-
- PORT_SetError(errCode);
- return SECFailure;
-}
-
-/*
- * ssl3_HandleV2ClientHello is used when a V2 formatted hello comes
- * in asking to use the V3 handshake.
- * Called from ssl2_HandleClientHelloMessage() in sslcon.c
- */
-SECStatus
-ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length)
-{
- sslSessionID * sid = NULL;
- unsigned char * suites;
- unsigned char * random;
- SSL3ProtocolVersion version;
- SECStatus rv;
- int i;
- int j;
- int sid_length;
- int suite_length;
- int rand_length;
- int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
- SSL3AlertDescription desc = handshake_failure;
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle v2 client_hello", SSL_GETPID(), ss->fd));
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
-
- ssl_GetSSL3HandshakeLock(ss);
-
- rv = ssl3_InitState(ss);
- if (rv != SECSuccess) {
- ssl_ReleaseSSL3HandshakeLock(ss);
- return rv; /* ssl3_InitState has set the error code. */
- }
-
- if (ss->ssl3->hs.ws != wait_client_hello) {
- desc = unexpected_message;
- errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO;
- goto loser; /* alert_loser */
- }
-
- version = (buffer[1] << 8) | buffer[2];
- suite_length = (buffer[3] << 8) | buffer[4];
- sid_length = (buffer[5] << 8) | buffer[6];
- rand_length = (buffer[7] << 8) | buffer[8];
- ss->clientHelloVersion = version;
-
- rv = ssl3_NegotiateVersion(ss, version);
- if (rv != SECSuccess) {
- desc = ss->enableTLS ? protocol_version : handshake_failure;
- errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
- /* It's not appropriate to send back SSL3/TLS alert records in
- ** response to an SSL2 client hello, unless the version is
- ** succesfully negotiated to 3.0 or greater, so just goto loser. */
- goto loser; /* alert_loser */
- }
-
- /* if we get a non-zero SID, just ignore it. */
- if (length !=
- SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) {
- SSL_DBG(("%d: SSL3[%d]: bad v2 client hello message, len=%d should=%d",
- SSL_GETPID(), ss->fd, length,
- SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length +
- rand_length));
- goto loser; /* malformed */ /* alert_loser */
- }
-
- suites = buffer + SSL_HL_CLIENT_HELLO_HBYTES;
- random = suites + suite_length + sid_length;
-
- if (rand_length < SSL_MIN_CHALLENGE_BYTES ||
- rand_length > SSL_MAX_CHALLENGE_BYTES) {
- goto loser; /* malformed */ /* alert_loser */
- }
-
- PORT_Assert(SSL_MAX_CHALLENGE_BYTES == SSL3_RANDOM_LENGTH);
-
- PORT_Memset(&ss->ssl3->hs.client_random, 0, SSL3_RANDOM_LENGTH);
- PORT_Memcpy(
- &ss->ssl3->hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length],
- random, rand_length);
-
- PRINT_BUF(60, (ss, "client random:", &ss->ssl3->hs.client_random.rand[0],
- SSL3_RANDOM_LENGTH));
-
- i = ssl3_config_match_init(ss);
- if (i <= 0) {
- errCode = PORT_GetError(); /* error code is already set. */
- goto alert_loser;
- }
-
- /* Select a cipher suite.
- ** NOTE: This suite selection algorithm should be the same as the one in
- ** ssl3_HandleClientHello().
- */
- for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
- ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
- if (!config_match(suite, ss->ssl3->policy, PR_TRUE))
- continue;
- for (i = 0; i < suite_length; i += 3) {
- if ((suites[i] == 0) &&
- (suites[i+1] == MSB(suite->cipher_suite)) &&
- (suites[i+2] == LSB(suite->cipher_suite))) {
-
- ss->ssl3->hs.cipher_suite = suite->cipher_suite;
- ss->ssl3->hs.suite_def =
- ssl_LookupCipherSuiteDef(ss->ssl3->hs.cipher_suite);
- goto suite_found;
- }
- }
- }
- errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
- goto alert_loser;
-
-suite_found:
-
- ss->ssl3->hs.compression = compression_null;
- ss->sec->send = ssl3_SendApplicationData;
-
- /* we don't even search for a cache hit here. It's just a miss. */
- ++ssl3_hch_sid_cache_misses;
- sid = ssl3_NewSessionID(ss, PR_TRUE);
- if (sid == NULL) {
- errCode = PORT_GetError();
- goto loser; /* memory error is set. */
- }
- ss->sec->ci.sid = sid;
- /* do not worry about memory leak of sid since it now belongs to ci */
-
- /* We have to update the handshake hashes before we can send stuff */
- rv = ssl3_UpdateHandshakeHashes(ss, buffer, length);
- if (rv != SECSuccess) {
- errCode = PORT_GetError();
- goto loser;
- }
-
- ssl_GetXmitBufLock(ss);
- rv = ssl3_SendServerHelloSequence(ss);
- ssl_ReleaseXmitBufLock(ss);
- if (rv != SECSuccess) {
- errCode = PORT_GetError();
- goto loser;
- }
-
- /* XXX_1 The call stack to here is:
- * ssl_Do1stHandshake -> ssl2_HandleClientHelloMessage -> here.
- * ssl2_HandleClientHelloMessage returns whatever we return here.
- * ssl_Do1stHandshake will continue looping if it gets back either
- * SECSuccess or SECWouldBlock.
- * SECSuccess is preferable here. See XXX_1 in sslgathr.c.
- */
- ssl_ReleaseSSL3HandshakeLock(ss);
- return SECSuccess;
-
-alert_loser:
- SSL3_SendAlert(ss, alert_fatal, desc);
-loser:
- ssl_ReleaseSSL3HandshakeLock(ss);
- PORT_SetError(errCode);
- return SECFailure;
-}
-
-/* The negotiated version number has been already placed in ss->version.
-**
-** Called from: ssl3_HandleClientHello (resuming session),
-** ssl3_SendServerHelloSequence <- ssl3_HandleClientHello (new session),
-** ssl3_SendServerHelloSequence <- ssl3_HandleV2ClientHello (new session)
-*/
-static SECStatus
-ssl3_SendServerHello(sslSocket *ss)
-{
- sslSessionID *sid;
- SECStatus rv;
- PRUint32 length;
-
- SSL_TRC(3, ("%d: SSL3[%d]: send server_hello handshake", SSL_GETPID(),
- ss->fd));
-
- PORT_Assert(ss->sec);
- PORT_Assert( ssl_HaveXmitBufLock(ss));
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
- PORT_Assert( MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_3_0));
-
- if (MSB(ss->version) != MSB(SSL_LIBRARY_VERSION_3_0)) {
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
- return SECFailure;
- }
-
- sid = ss->sec->ci.sid;
- length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH + 1 +
- ((sid == NULL) ? 0: SSL3_SESSIONID_BYTES) +
- sizeof(ssl3CipherSuite) + 1;
- rv = ssl3_AppendHandshakeHeader(ss, server_hello, length);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
-
- rv = ssl3_AppendHandshakeNumber(ss, ss->version, 2);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
- rv = ssl3_GetNewRandom(&ss->ssl3->hs.server_random);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
- return rv;
- }
- rv = ssl3_AppendHandshake(
- ss, &ss->ssl3->hs.server_random, SSL3_RANDOM_LENGTH);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
-
- if (sid)
- rv = ssl3_AppendHandshakeVariable(
- ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
- else
- rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
-
- rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3->hs.cipher_suite, 2);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
- rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3->hs.compression, 1);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
- rv = ssl3_SetupPendingCipherSpec(ss, ss->ssl3);
- if (rv != SECSuccess) {
- return rv; /* err set by ssl3_SetupPendingCipherSpec */
- }
-
- return SECSuccess;
-}
-
-
-static SECStatus
-ssl3_SendServerKeyExchange(sslSocket *ss)
-{
-const ssl3KEADef * kea_def = ss->ssl3->hs.kea_def;
- SECStatus rv = SECFailure;
- int length;
- PRBool isTLS;
- SECItem signed_hash = {siBuffer, NULL, 0};
- SSL3Hashes hashes;
- SECKEYPublicKey * sdPub; /* public key for step-down */
-
- SSL_TRC(3, ("%d: SSL3[%d]: send server_key_exchange handshake",
- SSL_GETPID(), ss->fd));
-
- PORT_Assert( ssl_HaveXmitBufLock(ss));
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- switch (kea_def->exchKeyType) {
- case kt_rsa:
- /* Perform SSL Step-Down here. */
- sdPub = ss->stepDownKeyPair->pubKey;
- PORT_Assert(sdPub != NULL);
- if (!sdPub) {
- PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- return SECFailure;
- }
- rv = ssl3_ComputeExportRSAKeyHash(sdPub->u.rsa.modulus,
- sdPub->u.rsa.publicExponent,
- &ss->ssl3->hs.client_random,
- &ss->ssl3->hs.server_random,
- &hashes);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- return rv;
- }
-
- isTLS = (PRBool)(ss->ssl3->pwSpec->version > SSL_LIBRARY_VERSION_3_0);
- rv = ssl3_SignHashes(&hashes, ss->serverKey[kt_rsa], &signed_hash,
- isTLS);
- if (rv != SECSuccess) {
- goto loser; /* ssl3_SignHashes has set err. */
- }
- if (signed_hash.data == NULL) {
- /* how can this happen and rv == SECSuccess ?? */
- PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
- length = 2 + sdPub->u.rsa.modulus.len +
- 2 + sdPub->u.rsa.publicExponent.len +
- 2 + signed_hash.len;
-
- rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
- if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
- }
-
- rv = ssl3_AppendHandshakeVariable(ss, sdPub->u.rsa.modulus.data,
- sdPub->u.rsa.modulus.len, 2);
- if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
- }
-
- rv = ssl3_AppendHandshakeVariable(
- ss, sdPub->u.rsa.publicExponent.data,
- sdPub->u.rsa.publicExponent.len, 2);
- if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
- }
-
- rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
- signed_hash.len, 2);
- if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
- }
- PORT_Free(signed_hash.data);
- return SECSuccess;
-
- case kt_fortezza:
-
- /* Set server's "random" public key R_s to the email value == 1 */
- PORT_Memset(ss->ssl3->fortezza.R_s, 0, sizeof(ss->ssl3->fortezza.R_s));
- ss->ssl3->fortezza.R_s[127] = 1;
-
- /* don't waste time signing the random number */
- length = sizeof (ss->ssl3->fortezza.R_s) /*+ 2 + signed_hash.len*/;
-
- rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
- if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
- }
-
- rv = ssl3_AppendHandshake( ss, &ss->ssl3->fortezza.R_s,
- sizeof(ss->ssl3->fortezza.R_s));
- if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
- }
- return SECSuccess;
-
- case kt_dh:
- case kt_null:
- default:
- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
- break;
- }
-loser:
- if (signed_hash.data != NULL)
- PORT_Free(signed_hash.data);
- return SECFailure;
-}
-
-
-static SECStatus
-ssl3_SendCertificateRequest(sslSocket *ss)
-{
- SECItem * name;
- CERTDistNames *ca_list;
-const uint8 * certTypes;
- SECItem * names = NULL;
- SECStatus rv;
- int length;
- int i;
- int calen = 0;
- int nnames = 0;
- int certTypesLength;
-
- SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake",
- SSL_GETPID(), ss->fd));
-
- PORT_Assert( ssl_HaveXmitBufLock(ss));
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- /* ssl3->ca_list is initialized to NULL, and never changed. */
- ca_list = ss->ssl3->ca_list;
- if (!ca_list) {
- ca_list = ssl3_server_ca_list;
- }
-
- if (ca_list != NULL) {
- names = ca_list->names;
- nnames = ca_list->nnames;
- }
-
- if (!nnames) {
- PORT_SetError(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA);
- return SECFailure;
- }
-
- for (i = 0, name = names; i < nnames; i++, name++) {
- calen += 2 + name->len;
- }
-
- if (ss->ssl3->hs.kea_def->exchKeyType == kt_fortezza) {
- certTypes = fortezza_certificate_types;
- certTypesLength = sizeof fortezza_certificate_types;
- } else {
- certTypes = certificate_types;
- certTypesLength = sizeof certificate_types;
- }
-
- length = 1 + certTypesLength + 2 + calen;
-
- rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
- rv = ssl3_AppendHandshakeVariable(ss, certTypes, certTypesLength, 1);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
- rv = ssl3_AppendHandshakeNumber(ss, calen, 2);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
- for (i = 0, name = names; i < nnames; i++, name++) {
- rv = ssl3_AppendHandshakeVariable(ss, name->data, name->len, 2);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
- }
-
- return SECSuccess;
-}
-
-static SECStatus
-ssl3_SendServerHelloDone(sslSocket *ss)
-{
- SECStatus rv;
-
- SSL_TRC(3, ("%d: SSL3[%d]: send server_hello_done handshake",
- SSL_GETPID(), ss->fd));
-
- PORT_Assert( ssl_HaveXmitBufLock(ss));
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- rv = ssl3_AppendHandshakeHeader(ss, server_hello_done, 0);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
- rv = ssl3_FlushHandshake(ss, 0);
- if (rv != SECSuccess) {
- return rv; /* error code set by ssl3_FlushHandshake */
- }
- return SECSuccess;
-}
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 Certificate Verify message
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
- SSL3Hashes *hashes)
-{
- SECItem signed_hash = {siBuffer, NULL, 0};
- SECStatus rv;
- int errCode = SSL_ERROR_RX_MALFORMED_CERT_VERIFY;
- SSL3AlertDescription desc = handshake_failure;
- PRBool isTLS;
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_verify handshake",
- SSL_GETPID(), ss->fd));
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- if (ss->ssl3->hs.ws != wait_cert_verify || ss->sec->peerCert == NULL) {
- desc = unexpected_message;
- errCode = SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY;
- goto alert_loser;
- }
-
- rv = ssl3_ConsumeHandshakeVariable(ss, &signed_hash, 2, &b, &length);
- if (rv != SECSuccess) {
- goto loser; /* malformed. */
- }
-
- isTLS = (PRBool)(ss->ssl3->prSpec->version > SSL_LIBRARY_VERSION_3_0);
-
- /* XXX verify that the key & kea match */
- rv = ssl3_VerifySignedHashes(hashes, ss->sec->peerCert, &signed_hash,
- isTLS, ss->pkcs11PinArg);
- if (rv != SECSuccess) {
- errCode = PORT_GetError();
- desc = isTLS ? decrypt_error : handshake_failure;
- goto alert_loser;
- }
-
- PORT_Free(signed_hash.data);
- signed_hash.data = NULL;
-
- if (length != 0) {
- desc = isTLS ? decode_error : illegal_parameter;
- goto alert_loser; /* malformed */
- }
- ss->ssl3->hs.ws = wait_change_cipher;
- return SECSuccess;
-
-alert_loser:
- SSL3_SendAlert(ss, alert_fatal, desc);
-loser:
- if (signed_hash.data != NULL) SECITEM_FreeItem(&signed_hash, PR_FALSE);
- PORT_SetError(errCode);
- return SECFailure;
-}
-
-/*
-** Called from ssl3_HandleClientKeyExchange()
-*/
-static SECStatus
-ssl3_HandleFortezzaClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
- PRUint32 length,
- SECKEYPrivateKey *serverKey)
-{
- SECKEYPublicKey * pubKey = NULL;
- PK11SymKey * tek = NULL;
- PK11SymKey * pms;
- PK11SymKey * Ks = NULL;
- sslSessionID * sid = ss->sec->ci.sid;
- ssl3CipherSpec * pwSpec = ss->ssl3->pwSpec;
- void * pwArg = ss->pkcs11PinArg;
- SECStatus rv;
- SECItem raItem;
- SECItem rbItem;
- SECItem param;
- SECItem item;
- SECItem enc_pms;
- SSL3FortezzaKeys fortezza_CKE;
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- fortezza_CKE.y_c.data = NULL;
- rv = ssl3_ConsumeHandshakeVariable(ss, &fortezza_CKE.y_c, 1, &b, &length);
- if (rv != SECSuccess) {
- PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH);
- goto fortezza_loser;
- }
- rv = ssl3_ConsumeHandshake(ss, &fortezza_CKE.r_c,
- sizeof fortezza_CKE - sizeof fortezza_CKE.y_c,
- &b, &length);
- if (rv != SECSuccess) {
- PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH);
- goto fortezza_loser;
- }
-
- /* Build a Token Encryption key (tek). TEK's can never be unloaded
- * from the card, but given these parameters, and *OUR* fortezza
- * card, we can always regenerate the same one on the fly.
- */
- if (ss->sec->peerCert != NULL) {
- /* client-auth case */
-
- pubKey = CERT_ExtractPublicKey(ss->sec->peerCert);
- if (pubKey == NULL) {
- SEND_ALERT
- PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
- rv = SECFailure;
- goto fortezza_loser;
- }
-
- if (pubKey->keyType != fortezzaKey) {
- /* handle V3 client-auth case */
- SECItem sigItem;
- SECItem hashItem;
- unsigned char hash[SHA1_LENGTH];
-
- rv = ssl3_ComputeFortezzaPublicKeyHash(fortezza_CKE.y_c, hash);
- if (rv != SECSuccess) {
- SEND_ALERT
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto fortezza_loser;
- }
- sigItem.data = fortezza_CKE.y_signature;
- sigItem.len = sizeof fortezza_CKE.y_signature;
-
- hashItem.data = hash;
- hashItem.len = sizeof hash;
-
- rv = PK11_Verify(pubKey, &sigItem, &hashItem, pwArg);
- if (rv != SECSuccess) {
- SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto fortezza_loser;
- }
- SECKEY_DestroyPublicKey(pubKey); pubKey = NULL;
- }
- }
- rv = SECFailure;
-
- /* Make the public key if necessary */
- if (fortezza_CKE.y_c.len != 0) {
- if (pubKey != NULL) {
- /* The client is not allowed to send the public key
- * if it can be extracted from the certificate. */
- SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
- PORT_SetError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto fortezza_loser;
- }
- pubKey = PK11_MakeKEAPubKey(fortezza_CKE.y_c.data,
- fortezza_CKE.y_c.len);
- }
- if (pubKey == NULL) {
- /* no public Key in either the cert or the protocol message*/
- SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
- PORT_SetError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto fortezza_loser;
- }
-
- /* Now we derive the TEK. r_c is the client's "random" public key. */
- raItem.data = fortezza_CKE.r_c;
- raItem.len = sizeof(fortezza_CKE.r_c);
-
- /* R_s == server's "random" public key, sent in the Server Key Exchange */
- rbItem.data = ss->ssl3->fortezza.R_s;
- rbItem.len = sizeof ss->ssl3->fortezza.R_s;
-
- tek = PK11_PubDerive(serverKey, pubKey, PR_FALSE, /* don't gen r_c */
- &raItem, &rbItem, CKM_KEA_KEY_DERIVE,
- CKM_SKIPJACK_WRAP, CKA_WRAP, 0, pwArg);
- SECKEY_DestroyPublicKey(pubKey); pubKey = NULL;
- if (tek == NULL) {
- SEND_ALERT
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto fortezza_loser;
- }
-
- ss->ssl3->fortezza.tek = PK11_ReferenceSymKey(tek);
-
- if (pwSpec->cipher_def->calg == calg_fortezza) {
- item.data = fortezza_CKE.wrapped_client_write_key;
- item.len = sizeof fortezza_CKE.wrapped_client_write_key;
-
- pwSpec->client.write_key =
- PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP, NULL, &item,
- CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
- if (pwSpec->client.write_key == NULL) {
- SEND_ALERT
- ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE);
- goto fortezza_loser;
- }
-
- item.data = fortezza_CKE.wrapped_server_write_key;
- item.len = sizeof fortezza_CKE.wrapped_server_write_key;
-
- pwSpec->server.write_key =
- PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP, NULL, &item,
- CKM_SKIPJACK_CBC64, CKA_ENCRYPT, 0);
- if (pwSpec->server.write_key == NULL) {
- PK11_FreeSymKey(pwSpec->client.write_key);
- pwSpec->client.write_key = NULL;
- SEND_ALERT
- ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE);
- goto fortezza_loser;
- }
- /* Set a flag that says "generate 8 byte random prefix plaintext." */
- PK11_SetFortezzaHack(pwSpec->server.write_key); /* can't fail */
-
- PORT_Memcpy(pwSpec->client.write_iv, fortezza_CKE.client_write_iv,
- sizeof fortezza_CKE.client_write_iv);
- PORT_Memcpy(pwSpec->server.write_iv, fortezza_CKE.server_write_iv,
- sizeof fortezza_CKE.server_write_iv);
-
- }
-
- /* decrypt the pms with the TEK */
- enc_pms.data = fortezza_CKE.encrypted_preMasterSecret;
- enc_pms.len = sizeof fortezza_CKE.encrypted_preMasterSecret;
-
- param.data = fortezza_CKE.master_secret_iv;
- param.len = sizeof fortezza_CKE.master_secret_iv;
-
- pms = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_CBC64, &param, &enc_pms,
- CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0);
- if (pms == NULL) {
- SEND_ALERT
- ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE);
- goto fortezza_loser;
- }
-
- rv = ssl3_InitPendingCipherSpec(ss, pms);
- PK11_FreeSymKey(pms);
- if (rv != SECSuccess) {
- SEND_ALERT
- goto fortezza_loser; /* err code is set. */
- }
-
- if (pwSpec->cipher_def->calg == calg_fortezza) {
- PK11SlotInfo * slot;
-
- sid->u.ssl3.clientWriteKey =
- PK11_ReferenceSymKey(pwSpec->client.write_key);
- sid->u.ssl3.serverWriteKey =
- PK11_ReferenceSymKey(pwSpec->server.write_key);
-
- PORT_Memcpy(sid->u.ssl3.keys.client_write_iv, pwSpec->client.write_iv,
- sizeof sid->u.ssl3.keys.client_write_iv);
- PORT_Memcpy(sid->u.ssl3.keys.server_write_iv, pwSpec->server.write_iv,
- sizeof sid->u.ssl3.keys.server_write_iv);
-
- /* Now, wrap the client and server write keys in Ks for storage
- * in the on-disk sid.
- */
-
- slot = PK11_GetSlotFromKey(tek); /* get ref to the slot */
- if (slot == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto fortezza_loser;
- }
-
- /* Look up the Token Fixed Key */
- Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL, ss->pkcs11PinArg);
- PK11_FreeSlot(slot);
- if (Ks == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto fortezza_loser;
- }
-
- /* rewrap server write key with the local Ks */
- item.data = sid->u.ssl3.keys.wrapped_server_write_key;
- item.len = sizeof sid->u.ssl3.keys.wrapped_server_write_key;
- rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, Ks,
- pwSpec->server.write_key, &item);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto fortezza_loser;
- }
-
- /* rewrap client write key with the local Ks */
- item.data = sid->u.ssl3.keys.wrapped_client_write_key;
- item.len = sizeof sid->u.ssl3.keys.wrapped_client_write_key;
- rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, Ks,
- pwSpec->client.write_key, &item);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto fortezza_loser;
- }
-
- /* wrap the master secret later, when we handle the client's
- * finished message.
- */
- }
-
- sid->u.ssl3.hasFortezza = PR_TRUE;
- sid->u.ssl3.tek = tek; tek = NULL;
-
- rv = SECSuccess;
-
-fortezza_loser:
- if (Ks) PK11_FreeSymKey(Ks);
- if (tek) PK11_FreeSymKey(tek);
- if (pubKey) SECKEY_DestroyPublicKey(pubKey);
- if (fortezza_CKE.y_c.data != NULL)
- SECITEM_FreeItem(&fortezza_CKE.y_c, PR_FALSE);
- return rv;
-}
-
-/* find a slot that is able to generate a PMS and wrap it with RSA.
- * Then generate and return the PMS.
- * If the serverKeySlot parameter is non-null, this function will use
- * that slot to do the job, otherwise it will find a slot.
- *
- * Called from ssl3_GenerateSessionKeys() (above)
- * sendRSAClientKeyExchange() (above)
- * ssl3_HandleRSAClientKeyExchange() (below)
- * Caller must hold the SpecWriteLock, the SSL3HandshakeLock
- */
-static PK11SymKey *
-ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
- PK11SlotInfo * serverKeySlot)
-{
- PK11SymKey * pms = NULL;
- PK11SlotInfo * slot = serverKeySlot;
- void * pwArg = ss->pkcs11PinArg;
- SECItem param;
- CK_VERSION version;
- CK_MECHANISM_TYPE mechanism_array[3];
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- if (slot == NULL) {
- /* The specReadLock would suffice here, but we cannot assert on
- ** read locks. Also, all the callers who call with a non-null
- ** slot already hold the SpecWriteLock.
- */
- PORT_Assert( ssl_HaveSpecWriteLock(ss));
- PORT_Assert(ss->ssl3->prSpec == ss->ssl3->pwSpec);
-
- /* First get an appropriate slot. */
- mechanism_array[0] = CKM_SSL3_PRE_MASTER_KEY_GEN;
- mechanism_array[1] = CKM_RSA_PKCS;
- mechanism_array[2] = (CK_MECHANISM_TYPE) spec->cipher_def->calg;
- slot = PK11_GetBestSlotMultiple(mechanism_array, 3, pwArg);
- if (slot == NULL) {
- /* can't find a slot with all three, find a slot with the minimum */
- slot = PK11_GetBestSlotMultiple(mechanism_array, 2, pwArg);
- if (slot == NULL) {
- PORT_SetError(SSL_ERROR_TOKEN_SLOT_NOT_FOUND);
- return pms; /* which is NULL */
- }
- }
- }
-
- /* Generate the pre-master secret ... */
- version.major = MSB(ss->clientHelloVersion);
- version.minor = LSB(ss->clientHelloVersion);
-
- param.data = (unsigned char *)&version;
- param.len = sizeof version;
-
- pms = PK11_KeyGen(slot, CKM_SSL3_PRE_MASTER_KEY_GEN, &param, 0, pwArg);
- if (!serverKeySlot)
- PK11_FreeSlot(slot);
- if (pms == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- }
- return pms;
-}
-
-/* Note: The Bleichenbacher attack on PKCS#1 necessitates that we NEVER
- * return any indication of failure of the Client Key Exchange message,
- * where that failure is caused by the content of the client's message.
- * This function must not return SECFailure for any reason that is directly
- * or indirectly caused by the content of the client's encrypted PMS.
- * We must not send an alert and also not drop the connection.
- * Instead, we generate a random PMS. This will cause a failure
- * in the processing the finished message, which is exactly where
- * the failure must occur.
- *
- * Called from ssl3_HandleClientKeyExchange
- */
-static SECStatus
-ssl3_HandleRSAClientKeyExchange(sslSocket *ss,
- SSL3Opaque *b,
- PRUint32 length,
- SECKEYPrivateKey *serverKey)
-{
- PK11SymKey * pms;
- SECStatus rv;
- SECItem enc_pms;
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- enc_pms.data = b;
- enc_pms.len = length;
-
- if (ss->ssl3->prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
- PRInt32 kLen;
- kLen = ssl3_ConsumeHandshakeNumber(ss, 2, &enc_pms.data, &enc_pms.len);
- if (kLen < 0) {
- PORT_SetError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- return SECFailure;
- }
- if ((unsigned)kLen < enc_pms.len) {
- enc_pms.len = kLen;
- }
- }
- /*
- * decrypt pms out of the incoming buffer
- * Note: CKM_SSL3_PRE_MASTER_KEY_GEN is NOT the mechanism used to do
- * the unwrap. Rather, it is the mechanism with which the unwrapped
- * pms will be used.
- */
- pms = PK11_PubUnwrapSymKey(serverKey, &enc_pms,
- CKM_SSL3_PRE_MASTER_KEY_GEN, CKA_DERIVE, 0);
- if (pms != NULL) {
- PRINT_BUF(60, (ss, "decrypted premaster secret:",
- PK11_GetKeyData(pms)->data,
- PK11_GetKeyData(pms)->len));
- } else {
- /* unwrap failed. Generate a bogus pre-master secret and carry on. */
- PK11SlotInfo * slot = PK11_GetSlotFromPrivateKey(serverKey);
-
- ssl_GetSpecWriteLock(ss);
- pms = ssl3_GenerateRSAPMS(ss, ss->ssl3->prSpec, slot);
- ssl_ReleaseSpecWriteLock(ss);
-
- PK11_FreeSlot(slot);
- }
-
- if (pms == NULL) {
- /* last gasp. */
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- return SECFailure;
- }
-
- rv = ssl3_InitPendingCipherSpec(ss, pms);
- PK11_FreeSymKey(pms);
- if (rv != SECSuccess) {
- SEND_ALERT
- return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
- }
- return SECSuccess;
-}
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 ClientKeyExchange message from the remote client
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
- SECKEYPrivateKey *serverKey = NULL;
- SECStatus rv;
-const ssl3KEADef * kea_def;
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
- SSL_GETPID(), ss->fd));
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- if (ss->ssl3->hs.ws != wait_client_key) {
- SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH);
- return SECFailure;
- }
-
- kea_def = ss->ssl3->hs.kea_def;
-
- serverKey = (ss->ssl3->hs.usedStepDownKey
-#ifdef DEBUG
- && kea_def->is_limited /* XXX OR cert is signing only */
- && kea_def->exchKeyType == kt_rsa
- && ss->stepDownKeyPair != NULL
-#endif
- ) ? ss->stepDownKeyPair->privKey
- : ss->serverKey[kea_def->exchKeyType];
-
- if (serverKey == NULL) {
- SEND_ALERT
- PORT_SetError(SSL_ERROR_NO_SERVER_KEY_FOR_ALG);
- return SECFailure;
- }
-
- switch (kea_def->exchKeyType) {
- case kt_rsa:
- rv = ssl3_HandleRSAClientKeyExchange(ss, b, length, serverKey);
- if (rv != SECSuccess) {
- SEND_ALERT
- return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
- }
- break;
-
- case kt_fortezza:
- rv = ssl3_HandleFortezzaClientKeyExchange(ss, b, length, serverKey);
- if (rv != SECSuccess) {
- return SECFailure; /* error code set */
- }
- break;
-
- default:
- (void) ssl3_HandshakeFailure(ss);
- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
- return SECFailure;
- }
- ss->ssl3->hs.ws = ss->sec->peerCert ? wait_cert_verify : wait_change_cipher;
- return SECSuccess;
-
-}
-
-/* This is TLS's equivalent of sending a no_certificate alert. */
-static SECStatus
-ssl3_SendEmptyCertificate(sslSocket *ss)
-{
- SECStatus rv;
-
- rv = ssl3_AppendHandshakeHeader(ss, certificate, 3);
- if (rv == SECSuccess) {
- rv = ssl3_AppendHandshakeNumber(ss, 0, 3);
- }
- return rv; /* error, if any, set by functions called above. */
-}
-
-/*
- * Used by both client and server.
- * Called from HandleServerHelloDone and from SendServerHelloSequence.
- */
-static SECStatus
-ssl3_SendCertificate(sslSocket *ss)
-{
- SECStatus rv;
- CERTCertificateList *certChain;
- int len = 0;
- int i;
-
- SSL_TRC(3, ("%d: SSL3[%d]: send certificate handshake",
- SSL_GETPID(), ss->fd));
-
- PORT_Assert( ssl_HaveXmitBufLock(ss));
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- certChain = (ss->sec->isServer)
- ? ss->serverCertChain[ss->ssl3->hs.kea_def->exchKeyType]
- : ss->ssl3->clientCertChain;
-
- if (certChain) {
- for (i = 0; i < certChain->len; i++) {
- len += certChain->certs[i].len + 3;
- }
- }
-
- rv = ssl3_AppendHandshakeHeader(ss, certificate, len + 3);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
- rv = ssl3_AppendHandshakeNumber(ss, len, 3);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
- for (i = 0; i < certChain->len; i++) {
- rv = ssl3_AppendHandshakeVariable(ss, certChain->certs[i].data,
- certChain->certs[i].len, 3);
- if (rv != SECSuccess) {
- return rv; /* err set by AppendHandshake. */
- }
- }
-
- return SECSuccess;
-}
-
-/* This is used to delete the CA certificates in the peer certificate chain
- * from the cert database after they've been validated.
- */
-static void
-ssl3_CleanupPeerCerts(ssl3State *ssl3)
-{
- PRArenaPool * arena = ssl3->peerCertArena;
- ssl3CertNode *certs = (ssl3CertNode *)ssl3->peerCertChain;
-
- for (; certs; certs = certs->next) {
- CERT_DestroyCertificate(certs->cert);
- }
- if (arena) PORT_FreeArena(arena, PR_FALSE);
- ssl3->peerCertArena = NULL;
- ssl3->peerCertChain = NULL;
-}
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 Certificate message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
- ssl3CertNode * c;
- ssl3CertNode * certs = NULL;
- PRArenaPool * arena = NULL;
- ssl3State * ssl3 = ss->ssl3;
- sslSecurityInfo *sec = ss->sec;
- CERTCertificate *cert;
- PRInt32 remaining;
- PRInt32 size;
- SECStatus rv;
- PRBool isServer = (PRBool)(!!sec->isServer);
- PRBool trusted = PR_FALSE;
- PRBool isTLS;
- SSL3AlertDescription desc = bad_certificate;
- int errCode = SSL_ERROR_RX_MALFORMED_CERTIFICATE;
- SECItem certItem;
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle certificate handshake",
- SSL_GETPID(), ss->fd));
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- if ((ssl3->hs.ws != wait_server_cert) &&
- (ssl3->hs.ws != wait_client_cert)) {
- desc = unexpected_message;
- errCode = SSL_ERROR_RX_UNEXPECTED_CERTIFICATE;
- goto alert_loser;
- }
-
- PORT_Assert(ssl3->peerCertArena == NULL);
-
- if (sec->peerCert != NULL) {
- if (sec->peerKey) {
- SECKEY_DestroyPublicKey(sec->peerKey);
- sec->peerKey = NULL;
- }
- CERT_DestroyCertificate(sec->peerCert);
- sec->peerCert = NULL;
- }
-
- remaining = ssl3_ConsumeHandshakeNumber(ss, 3, &b, &length);
- if (remaining < 0)
- goto loser; /* fatal alert already sent by ConsumeHandshake. */
-
- isTLS = (PRBool)(ssl3->prSpec->version > SSL_LIBRARY_VERSION_3_0);
- if (!remaining && isTLS && isServer) {
- /* This is TLS's version of a no_certificate alert. */
- /* I'm a server. I've requested a client cert. He hasn't got one. */
- rv = ssl3_HandleNoCertificate(ss);
- goto cert_block;
- }
-
- ssl3->peerCertArena = arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser; /* don't send alerts on memory errors */
- }
-
- /* First get the peer cert. */
- remaining -= 3;
- if (remaining < 0)
- goto decode_loser;
-
- size = ssl3_ConsumeHandshakeNumber(ss, 3, &b, &length);
- if (size < 0)
- goto loser; /* fatal alert already sent by ConsumeHandshake. */
-
- remaining -= size;
- if (remaining < 0)
- goto decode_loser;
-
- certItem.data = (unsigned char*)PORT_ArenaAlloc(arena, size);
- if (certItem.data == NULL) {
- goto loser; /* don't send alerts on memory errors */
- }
-
- certItem.len = size;
- rv = ssl3_ConsumeHandshake(ss, certItem.data, certItem.len, &b, &length);
- if (rv != SECSuccess)
- goto loser; /* fatal alert already sent by ConsumeHandshake. */
-
- sec->peerCert = CERT_NewTempCertificate(ss->dbHandle, &certItem, NULL,
- PR_FALSE, PR_TRUE);
- if (sec->peerCert == NULL) {
- /* We should report an alert if the cert was bad, but not if the
- * problem was just some local problem, like memory error.
- */
- goto ambiguous_err;
- }
-
- /* Now get all of the CA certs. */
- while (remaining != 0) {
- remaining -= 3;
- if (remaining < 0)
- goto decode_loser;
-
- size = ssl3_ConsumeHandshakeNumber(ss, 3, &b, &length);
- if (size < 0)
- goto loser; /* fatal alert already sent by ConsumeHandshake. */
-
- remaining -= size;
- if (remaining < 0)
- goto decode_loser;
-
- certItem.data = (unsigned char*)PORT_ArenaAlloc(arena, size);
- if (certItem.data == NULL) {
- goto loser; /* don't send alerts on memory errors */
- }
-
- certItem.len = size;
- rv = ssl3_ConsumeHandshake(ss, certItem.data, certItem.len,
- &b, &length);
- if (rv != SECSuccess)
- goto loser; /* fatal alert already sent by ConsumeHandshake. */
-
- c = PORT_ArenaNew(arena, ssl3CertNode);
- if (c == NULL) {
- goto loser; /* don't send alerts on memory errors */
- }
-
- c->cert = CERT_NewTempCertificate(ss->dbHandle, &certItem, NULL,
- PR_FALSE, PR_TRUE);
- if (c->cert == NULL) {
- goto ambiguous_err;
- }
-
- if (c->cert->trust)
- trusted = PR_TRUE;
-
- c->next = certs;
- certs = c;
- }
-
- if (remaining != 0)
- goto decode_loser;
-
- SECKEY_UpdateCertPQG(sec->peerCert);
-
- /*
- * We're making a fortezza connection, and the card hasn't unloaded it's
- * certs, try to unload those certs now.
- */
- if (!trusted) {
- CERTCertificate *ccert;
-
- ccert = PK11_FindBestKEAMatch(sec->peerCert, ss->pkcs11PinArg);
- if (ccert)
- CERT_DestroyCertificate(ccert);
- }
-
-
- rv = (SECStatus)(*ss->authCertificate)(ss->authCertificateArg, ss->fd,
- PR_TRUE, isServer);
- if (rv) {
- errCode = PORT_GetError();
- if (!ss->handleBadCert) {
- goto bad_cert;
- }
- rv = (SECStatus)(*ss->handleBadCert)(ss->badCertArg, ss->fd);
- if ( rv ) {
- if ( rv == SECWouldBlock ) {
- /* someone will handle this connection asynchronously*/
- SSL_DBG(("%d: SSL3[%d]: go to async cert handler",
- SSL_GETPID(), ss->fd));
- ssl3->peerCertChain = certs;
- certs = NULL;
- ssl_SetAlwaysBlock(ss);
- goto cert_block;
- }
- /* cert is bad */
- goto bad_cert;
- }
- /* cert is good */
- }
-
- /* start SSL Step Up, if appropriate */
- cert = sec->peerCert;
- if (!isServer &&
- ssl3_global_policy_some_restricted &&
- ssl3->policy == SSL_ALLOWED &&
- anyRestrictedEnabled(ss) &&
- SECSuccess == CERT_VerifyCertNow(cert->dbhandle, cert,
- PR_FALSE, /* checkSig */
- certUsageSSLServerWithStepUp,
-/*XXX*/ ss->authCertificateArg) ) {
- ssl3->policy = SSL_RESTRICTED;
- ssl3->hs.rehandshake = PR_TRUE;
- }
-
- sec->ci.sid->peerCert = CERT_DupCertificate(sec->peerCert);
-
- /* We don't need the CA certs now that we've authenticated the peer cert. */
- ssl3->peerCertChain = certs; certs = NULL; arena = NULL;
- ssl3_CleanupPeerCerts(ssl3);
-
-cert_block:
- if (sec->isServer) {
- ssl3->hs.ws = wait_client_key;
- } else {
- ssl3->hs.ws = wait_cert_request; /* disallow server_key_exchange */
- if (ssl3->hs.kea_def->is_limited ||
- /* XXX OR server cert is signing only. */
- ssl3->hs.kea_def->kea == kea_fortezza) {
- ssl3->hs.ws = wait_server_key; /* allow server_key_exchange */
- }
- }
-
- /* rv must normally be equal to SECSuccess here. If we called
- * handleBadCert, it can also be SECWouldBlock.
- */
- return rv;
-
-ambiguous_err:
- errCode = PORT_GetError();
- switch (errCode) {
- case PR_OUT_OF_MEMORY_ERROR:
- case SEC_ERROR_BAD_DATABASE:
- case SEC_ERROR_NO_MEMORY:
- if (isTLS) {
- desc = internal_error;
- goto alert_loser;
- }
- goto loser;
- }
- /* fall through to bad_cert. */
-
-bad_cert: /* caller has set errCode. */
- switch (errCode) {
- case SEC_ERROR_LIBRARY_FAILURE: desc = unsupported_certificate; break;
- case SEC_ERROR_EXPIRED_CERTIFICATE: desc = certificate_expired; break;
- case SEC_ERROR_REVOKED_CERTIFICATE: desc = certificate_revoked; break;
- case SEC_ERROR_INADEQUATE_KEY_USAGE:
- case SEC_ERROR_INADEQUATE_CERT_TYPE:
- desc = certificate_unknown; break;
- case SEC_ERROR_UNTRUSTED_CERT:
- desc = isTLS ? access_denied : certificate_unknown; break;
- case SEC_ERROR_UNKNOWN_ISSUER:
- case SEC_ERROR_UNTRUSTED_ISSUER:
- desc = isTLS ? unknown_ca : certificate_unknown; break;
- case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
- desc = isTLS ? unknown_ca : certificate_expired; break;
-
- case SEC_ERROR_CERT_NOT_IN_NAME_SPACE:
- case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID:
- case SEC_ERROR_CA_CERT_INVALID:
- case SEC_ERROR_BAD_SIGNATURE:
- default: desc = bad_certificate; break;
- }
- SSL_DBG(("%d: SSL3[%d]: peer certificate is no good: error=%d",
- SSL_GETPID(), ss->fd, errCode));
-
- goto alert_loser;
-
-decode_loser:
- desc = isTLS ? decode_error : bad_certificate;
-
-alert_loser:
- (void)SSL3_SendAlert(ss, alert_fatal, desc);
-
-loser:
- ssl3->peerCertChain = certs; certs = NULL; arena = NULL;
- ssl3_CleanupPeerCerts(ssl3);
-
- if (sec->peerCert != NULL) {
- CERT_DestroyCertificate(sec->peerCert);
- sec->peerCert = NULL;
- }
- (void)ssl_MapLowLevelError(errCode);
- return SECFailure;
-}
-
-
-/* restart an SSL connection that we stopped to run certificate dialogs
-** XXX Need to document here how an application marks a cert to show that
-** the application has accepted it (overridden CERT_VerifyCert).
- *
- * XXX This code only works on the initial handshake on a connection, XXX
- * It does not work on a subsequent handshake (redo).
- *
- * Return value: XXX
- *
- * Caller holds 1stHandshakeLock.
-*/
-int
-ssl3_RestartHandshakeAfterServerCert(sslSocket *ss)
-{
- CERTCertificate * cert;
- ssl3State * ssl3 = ss->ssl3;
- int rv = SECSuccess;
-
- if (MSB(ss->version) != MSB(SSL_LIBRARY_VERSION_3_0)) {
- SET_ERROR_CODE
- return SECFailure;
- }
- if (!ss->sec || !ss->ssl3) {
- SET_ERROR_CODE
- return SECFailure;
- }
-
- cert = ss->sec->peerCert;
-
- /* Permit step up if user decided to accept the cert */
- if (!ss->sec->isServer &&
- ssl3_global_policy_some_restricted &&
- ssl3->policy == SSL_ALLOWED &&
- anyRestrictedEnabled(ss) &&
- (SECSuccess == CERT_VerifyCertNow(cert->dbhandle, cert,
- PR_FALSE, /* checksig */
- certUsageSSLServerWithStepUp,
-/*XXX*/ ss->authCertificateArg) )) {
- ssl3->policy = SSL_RESTRICTED;
- ssl3->hs.rehandshake = PR_TRUE;
- }
-
- if (ss->handshake != NULL) {
- ss->handshake = ssl_GatherRecord1stHandshake;
- ssl3_CleanupPeerCerts(ssl3);
- ss->sec->ci.sid->peerCert = CERT_DupCertificate(ss->sec->peerCert);
-
- ssl_GetRecvBufLock(ss);
- if (ssl3->hs.msgState.buf != NULL) {
- rv = ssl3_HandleRecord(ss, NULL, &ss->gather->buf);
- }
- ssl_ReleaseRecvBufLock(ss);
- }
-
- return rv;
-}
-
-static SECStatus
-ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
- PRBool isServer,
- const SSL3Finished * hashes,
- TLSFinished * tlsFinished)
-{
- PK11Context *prf_context;
- const char * label;
- unsigned int len;
- SECStatus rv;
- SECItem param = {siBuffer, NULL, 0};
-
- label = isServer ? "server finished" : "client finished";
- len = 15;
-
- prf_context =
- PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN,
- spec->master_secret, &param);
- if (!prf_context)
- return SECFailure;
-
- rv = PK11_DigestBegin(prf_context);
- rv |= PK11_DigestOp(prf_context, (const unsigned char *) label, len);
- rv |= PK11_DigestOp(prf_context, hashes->md5, sizeof *hashes);
- rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data,
- &len, sizeof *tlsFinished);
- PORT_Assert(rv != SECSuccess || len == sizeof *tlsFinished);
-
- PK11_DestroyContext(prf_context, PR_TRUE);
- return rv;
-}
-
-/* called from ssl3_HandleServerHelloDone
- * ssl3_HandleClientHello
- * ssl3_HandleFinished
- */
-static SECStatus
-ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
-{
- ssl3CipherSpec *cwSpec;
- PRBool isTLS;
- PRBool isServer = ss->sec->isServer;
- SECStatus rv;
- SSL3Sender sender = isServer ? sender_server : sender_client;
- SSL3Finished hashes;
- TLSFinished tlsFinished;
-
- SSL_TRC(3, ("%d: SSL3[%d]: send finished handshake", SSL_GETPID(), ss->fd));
-
- PORT_Assert( ssl_HaveXmitBufLock(ss));
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- ssl_GetSpecReadLock(ss);
- cwSpec = ss->ssl3->cwSpec;
- isTLS = (PRBool)(cwSpec->version > SSL_LIBRARY_VERSION_3_0);
- rv = ssl3_ComputeHandshakeHashes(ss, cwSpec, &hashes, sender);
- if (isTLS && rv == SECSuccess) {
- rv = ssl3_ComputeTLSFinished(cwSpec, isServer, &hashes, &tlsFinished);
- }
- ssl_ReleaseSpecReadLock(ss);
- if (rv != SECSuccess) {
- goto fail; /* err code was set by ssl3_ComputeHandshakeHashes */
- }
-
- if (isTLS) {
- rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof tlsFinished);
- if (rv != SECSuccess)
- goto fail; /* err set by AppendHandshake. */
- rv = ssl3_AppendHandshake(ss, &tlsFinished, sizeof tlsFinished);
- if (rv != SECSuccess)
- goto fail; /* err set by AppendHandshake. */
- } else {
- rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof hashes);
- if (rv != SECSuccess)
- goto fail; /* err set by AppendHandshake. */
- rv = ssl3_AppendHandshake(ss, &hashes, sizeof hashes);
- if (rv != SECSuccess)
- goto fail; /* err set by AppendHandshake. */
- }
- rv = ssl3_FlushHandshake(ss, flags);
- if (rv != SECSuccess) {
- goto fail; /* error code set by ssl3_FlushHandshake */
- }
- return SECSuccess;
-
-fail:
- return rv;
-}
-
-
-
-/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
- * ssl3 Finished message from the peer.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
- const SSL3Hashes *hashes)
-{
- sslSecurityInfo * sec = ss->sec;
- ssl3State * ssl3 = ss->ssl3;
- sslSessionID * sid = sec->ci.sid;
- PK11SymKey * wrappingKey = NULL;
- PK11SlotInfo * symKeySlot;
- void * pwArg = ss->pkcs11PinArg;
- SECStatus rv;
- PRBool isServer = sec->isServer;
- PRBool isTLS;
- PRBool doStepUp;
- CK_MECHANISM_TYPE mechanism;
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- SSL_TRC(3, ("%d: SSL3[%d]: handle finished handshake",
- SSL_GETPID(), ss->fd));
-
- if (ssl3->hs.ws != wait_finished) {
- SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_FINISHED);
- return SECFailure;
- }
-
- isTLS = (PRBool)(ssl3->crSpec->version > SSL_LIBRARY_VERSION_3_0);
- if (isTLS) {
- TLSFinished tlsFinished;
-
- if (length != sizeof tlsFinished) {
- (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
- PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
- return SECFailure;
- }
- rv = ssl3_ComputeTLSFinished(ssl3->crSpec, !isServer,
- hashes, &tlsFinished);
- if (rv != SECSuccess ||
- 0 != PORT_Memcmp(&tlsFinished, b, length)) {
- (void)SSL3_SendAlert(ss, alert_fatal, decrypt_error);
- PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
- return SECFailure;
- }
- } else {
- if (length != sizeof(SSL3Hashes)) {
- (void)ssl3_IllegalParameter(ss);
- PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
- return SECFailure;
- }
-
- if (0 != PORT_Memcmp(hashes, b, length)) {
- (void)ssl3_HandshakeFailure(ss);
- PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
- return SECFailure;
- }
- }
-
- doStepUp = (PRBool)(!isServer && ssl3->hs.rehandshake);
-
- ssl_GetXmitBufLock(ss); /*************************************/
-
- if ((isServer && !ssl3->hs.isResuming) ||
- (!isServer && ssl3->hs.isResuming)) {
-
- rv = ssl3_SendChangeCipherSpecs(ss);
- if (rv != SECSuccess) {
- goto xmit_loser; /* err is set. */
- }
- /* XXX Right here, if we knew, somehow, that this thread was in
- ** SSL_SecureSend (trying to write some data) and we weren't going
- ** to step up, then we could set the ssl_SEND_FLAG_FORCE_INTO_BUFFER
- ** flag, so that the last two handshake messages
- ** (e.g. change cipher spec and finished) would get
- ** sent out in the same send/write call as the application data.
- */
- rv = ssl3_SendFinished(ss, 0);
- if (rv != SECSuccess) {
- goto xmit_loser; /* err is set. */
- }
- }
-
- /* Optimization: don't cache this connection if we're going to step up. */
- if (doStepUp) {
- ssl_FreeSID(sid);
- ss->sec->ci.sid = sid = NULL;
- ssl3->hs.rehandshake = PR_FALSE;
- rv = ssl3_SendClientHello(ss);
-xmit_loser:
- ssl_ReleaseXmitBufLock(ss);
- return rv; /* err code is set if appropriate. */
- }
-
- ssl_ReleaseXmitBufLock(ss); /*************************************/
-
- /* we're connected now. */
- ss->handshake = NULL;
- ss->connected = PR_TRUE;
- ss->gather->writeOffset = 0;
- ss->gather->readOffset = 0;
-
- if (sid->cached == never_cached) {
-
- /* fill in the sid */
- sid->u.ssl3.cipherSuite = ssl3->hs.cipher_suite;
- sid->u.ssl3.compression = ssl3->hs.compression;
- sid->u.ssl3.policy = ssl3->policy;
- sid->u.ssl3.exchKeyType = ssl3->hs.kea_def->exchKeyType;
- sid->version = ss->version;
-
- ssl_GetSpecReadLock(ss); /*************************************/
- symKeySlot = PK11_GetSlotFromKey(ssl3->crSpec->master_secret);
- if (!isServer) {
- int wrapKeyIndex;
- int incarnation;
-
- /* these next few functions are mere accessors and don't fail. */
- sid->u.ssl3.masterWrapIndex = wrapKeyIndex =
- PK11_GetCurrentWrapIndex(symKeySlot);
- PORT_Assert(wrapKeyIndex == 0); /* array has only one entry! */
-
- sid->u.ssl3.masterWrapSeries = incarnation =
- PK11_GetSlotSeries(symKeySlot);
- sid->u.ssl3.masterSlotID = PK11_GetSlotID(symKeySlot);
- sid->u.ssl3.masterModuleID = PK11_GetModuleID(symKeySlot);
- sid->u.ssl3.masterValid = PR_TRUE;
-
- /* Get the default wrapping key, for wrapping the master secret before
- * placing it in the SID cache entry. */
- wrappingKey = PK11_GetWrapKey(symKeySlot, wrapKeyIndex,
- CKM_INVALID_MECHANISM, incarnation,
- pwArg);
- if (wrappingKey) {
- mechanism = PK11_GetMechanism(wrappingKey); /* can't fail. */
- } else {
- int keyLength;
- /* if the wrappingKey doesn't exist, attempt to create it.
- * Note: we intentionally ignore errors here. If we cannot
- * generate a wrapping key, it is not fatal to this SSL connection,
- * but we will not be able to restart this session.
- */
- mechanism = PK11_GetBestWrapMechanism(symKeySlot);
- keyLength = PK11_GetBestKeyLength(symKeySlot, mechanism);
- /* Zero length means fixed key length algorithm, or error.
- * It's ambiguous.
- */
- wrappingKey = PK11_KeyGen(symKeySlot, mechanism, NULL,
- keyLength, pwArg);
- if (wrappingKey) {
- PK11_SetWrapKey(symKeySlot, wrapKeyIndex, wrappingKey);
- }
- }
- } else {
- /* server. */
- mechanism = PK11_GetBestWrapMechanism(symKeySlot);
- if (mechanism != CKM_INVALID_MECHANISM) {
- wrappingKey =
- getWrappingKey(ss, symKeySlot, ssl3->hs.kea_def->exchKeyType,
- mechanism, pwArg);
- if (wrappingKey) {
- mechanism = PK11_GetMechanism(wrappingKey); /* can't fail. */
- }
- }
- }
-
- sid->u.ssl3.masterWrapMech = mechanism;
- PK11_FreeSlot(symKeySlot);
-
- rv = SECFailure;
- if (wrappingKey) {
- SECItem msItem;
-
- msItem.data = sid->u.ssl3.keys.wrapped_master_secret;
- msItem.len = sizeof sid->u.ssl3.keys.wrapped_master_secret;
- rv = PK11_WrapSymKey(mechanism, NULL, wrappingKey,
- ssl3->crSpec->master_secret, &msItem);
- /* rv is examined below. */
- sid->u.ssl3.keys.wrapped_master_secret_len = msItem.len;
- PK11_FreeSymKey(wrappingKey);
- }
- ssl_ReleaseSpecReadLock(ss); /*************************************/
-
- /* If the wrap failed, we don't cache the sid.
- * The connection continues normally however.
- */
- if (!ss->noCache && rv == SECSuccess) {
- (*sec->cache)(sid);
- }
- }
- ss->ssl3->hs.ws = idle_handshake;
-
- /* Do the handshake callback for sslv3 here. */
- if (ss->handshakeCallback != NULL) {
- (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
- }
-
- return SECSuccess;
-}
-
-/* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3
- * hanshake message.
- * Caller must hold Handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-{
- SECStatus rv = SECSuccess;
- SSL3HandshakeType type = ss->ssl3->hs.msg_type;
- SSL3Hashes hashes; /* computed hashes are put here. */
- PRUint8 hdr[4];
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
- /*
- * We have to compute the hashes before we update them with the
- * current message.
- */
- ssl_GetSpecReadLock(ss); /************************************/
- if((type == finished) || (type == certificate_verify)) {
- SSL3Sender sender = (SSL3Sender)0;
- ssl3CipherSpec *rSpec = ss->ssl3->prSpec;
-
- if (type == finished) {
- sender = ss->sec->isServer ? sender_client : sender_server;
- rSpec = ss->ssl3->crSpec;
- }
- rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender);
- }
- ssl_ReleaseSpecReadLock(ss); /************************************/
- if (rv != SECSuccess) {
- return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/
- }
- SSL_TRC(30,("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(),
- ss->fd, ssl3_DecodeHandshakeType(ss->ssl3->hs.msg_type)));
- PRINT_BUF(60, (ss, "MD5 handshake hash:",
- (unsigned char*)ss->ssl3->hs.md5, MD5_LENGTH));
- PRINT_BUF(95, (ss, "SHA handshake hash:",
- (unsigned char*)ss->ssl3->hs.sha, SHA1_LENGTH));
-
- hdr[0] = (PRUint8)ss->ssl3->hs.msg_type;
- hdr[1] = (PRUint8)(length >> 16);
- hdr[2] = (PRUint8)(length >> 8);
- hdr[3] = (PRUint8)(length );
-
- /* Start new handshake hashes when we start a new handshake */
- if (ss->ssl3->hs.msg_type == client_hello) {
- SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes",
- SSL_GETPID(), ss->fd ));
- rv = PK11_DigestBegin(ss->ssl3->hs.md5);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- return rv;
- }
- rv = PK11_DigestBegin(ss->ssl3->hs.sha);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
- return rv;
- }
- }
- /* We should not include hello_request messages in the handshake hashes */
- if (ss->ssl3->hs.msg_type != hello_request) {
- rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char*) hdr, 4);
- if (rv != SECSuccess) return rv; /* err code already set. */
- rv = ssl3_UpdateHandshakeHashes(ss, b, length);
- if (rv != SECSuccess) return rv; /* err code already set. */
- }
-
- PORT_SetError(0); /* each message starts with no error. */
- switch (ss->ssl3->hs.msg_type) {
- case hello_request:
- if (length != 0) {
- (void)ssl3_DecodeError(ss);
- PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST);
- return SECFailure;
- }
- if (ss->sec->isServer) {
- (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
- return SECFailure;
- }
- rv = ssl3_HandleHelloRequest(ss);
- break;
- case client_hello:
- if (!ss->sec->isServer) {
- (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO);
- return SECFailure;
- }
- rv = ssl3_HandleClientHello(ss, b, length);
- break;
- case server_hello:
- if (ss->sec->isServer) {
- (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO);
- return SECFailure;
- }
- rv = ssl3_HandleServerHello(ss, b, length);
- break;
- case certificate:
- rv = ssl3_HandleCertificate(ss, b, length);
- break;
- case server_key_exchange:
- if (ss->sec->isServer) {
- (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
- return SECFailure;
- }
- rv = ssl3_HandleServerKeyExchange(ss, b, length);
- break;
- case certificate_request:
- if (ss->sec->isServer) {
- (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST);
- return SECFailure;
- }
- rv = ssl3_HandleCertificateRequest(ss, b, length);
- break;
- case server_hello_done:
- if (length != 0) {
- (void)ssl3_DecodeError(ss);
- PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_DONE);
- return SECFailure;
- }
- if (ss->sec->isServer) {
- (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
- return SECFailure;
- }
- rv = ssl3_HandleServerHelloDone(ss);
- break;
- case certificate_verify:
- if (!ss->sec->isServer) {
- (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
- return SECFailure;
- }
- rv = ssl3_HandleCertificateVerify(ss, b, length, &hashes);
- break;
- case client_key_exchange:
- if (!ss->sec->isServer) {
- (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH);
- return SECFailure;
- }
- rv = ssl3_HandleClientKeyExchange(ss, b, length);
- break;
- case finished:
- rv = ssl3_HandleFinished(ss, b, length, &hashes);
- break;
- default:
- (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- PORT_SetError(SSL_ERROR_RX_UNKNOWN_HANDSHAKE);
- rv = SECFailure;
- }
- return rv;
-}
-
-/* Called only from ssl3_HandleRecord, for each (deciphered) ssl3 record.
- * origBuf is the decrypted ssl record content.
- * Caller must hold the handshake and RecvBuf locks.
- */
-static SECStatus
-ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
-{
- /*
- * There may be a partial handshake message already in the handshake
- * state. The incoming buffer may contain another portion, or a
- * complete message or several messages followed by another portion.
- *
- * Each message is made contiguous before being passed to the actual
- * message parser.
- */
- ssl3State *ssl3 = ss->ssl3;
- sslBuffer *buf = &ssl3->hs.msgState; /* do not lose the original buffer pointer */
- SECStatus rv;
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- if (buf->buf == NULL) {
- *buf = *origBuf;
- }
- while (buf->len > 0) {
- while (ssl3->hs.header_bytes < 4) {
- uint8 t;
- t = *(buf->buf++);
- buf->len--;
- if (ssl3->hs.header_bytes++ == 0)
- ssl3->hs.msg_type = (SSL3HandshakeType)t;
- else
- ssl3->hs.msg_len = (ssl3->hs.msg_len << 8) + t;
-
-#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
-
- if (ssl3->hs.header_bytes == 4) {
- if (ssl3->hs.msg_len > MAX_HANDSHAKE_MSG_LEN) {
- (void)ssl3_DecodeError(ss);
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
- return SECFailure;
- }
- }
-#undef MAX_HANDSHAKE_MSG_LEN
- if (buf->len == 0 && ssl3->hs.msg_len > 0) {
- buf->buf = NULL;
- return SECSuccess;
- }
- }
-
- /*
- * Header has been gathered and there is at least one byte of new
- * data available for this message. If it can be done right out
- * of the original buffer, then use it from there.
- */
- if (ssl3->hs.msg_body.len == 0 && buf->len >= ssl3->hs.msg_len) {
- /* handle it from input buffer */
- rv = ssl3_HandleHandshakeMessage(ss, buf->buf, ssl3->hs.msg_len);
- if (rv == SECFailure) {
- /* This test wants to fall through on either
- * SECSuccess or SECWouldBlock.
- * ssl3_HandleHandshakeMessage MUST set the error code.
- */
- return rv;
- }
- buf->buf += ssl3->hs.msg_len;
- buf->len -= ssl3->hs.msg_len;
- ssl3->hs.msg_len = 0;
- ssl3->hs.header_bytes = 0;
- if (rv != SECSuccess) { /* return if SECWouldBlock. */
- return rv;
- }
- } else {
- /* must be copied to msg_body and dealt with from there */
- unsigned int bytes;
-
- bytes = PR_MIN(buf->len, ssl3->hs.msg_len);
-
- /* Grow the buffer if needed */
- if (bytes > ssl3->hs.msg_body.space - ssl3->hs.msg_body.len) {
- rv = sslBuffer_Grow(&ssl3->hs.msg_body,
- ssl3->hs.msg_body.len + bytes);
- if (rv != SECSuccess) {
- /* sslBuffer_Grow has set a memory error code. */
- return SECFailure;
- }
- }
- PORT_Memcpy(ssl3->hs.msg_body.buf + ssl3->hs.msg_body.len,
- buf->buf, buf->len);
- buf->buf += bytes;
- buf->len -= bytes;
-
- /* should not be more than one message in msg_body */
- PORT_Assert(ssl3->hs.msg_body.len <= ssl3->hs.msg_len);
-
- /* if we have a whole message, do it */
- if (ssl3->hs.msg_body.len == ssl3->hs.msg_len) {
- rv = ssl3_HandleHandshakeMessage(
- ss, ssl3->hs.msg_body.buf, ssl3->hs.msg_len);
- /*
- * XXX This appears to be wrong. This error handling
- * should clean up after a SECWouldBlock return, like the
- * error handling used 40 lines before/above this one,
- */
- if (rv != SECSuccess) {
- /* ssl3_HandleHandshakeMessage MUST set error code. */
- return rv;
- }
- ssl3->hs.msg_body.len = 0;
- ssl3->hs.msg_len = 0;
- ssl3->hs.header_bytes = 0;
- } else {
- PORT_Assert(buf->len == 0);
- break;
- }
- }
- } /* end loop */
-
- origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */
- buf->buf = NULL; /* not a leak. */
- return SECSuccess;
-}
-
-/* if cText is non-null, then decipher, check MAC, and decompress the
- * SSL record from cText->buf (typically gs->inbuf)
- * into databuf (typically gs->buf), and any previous contents of databuf
- * is lost. Then handle databuf according to its SSL record type,
- * unless it's an application record.
- *
- * If cText is NULL, then the ciphertext has previously been deciphered and
- * checked, and is already sitting in databuf. It is processed as an SSL
- * Handshake message.
- *
- * DOES NOT process the decrypted/decompressed application data.
- * On return, databuf contains the decrypted/decompressed record.
- *
- * Called from ssl3_GatherCompleteHandshake
- * ssl3_RestartHandshakeAfterCertReq
- * ssl3_RestartHandshakeAfterServerCert
- *
- * Caller must hold the RecvBufLock.
- *
- * This function aquires and releases the SSL3Handshake Lock, holding the
- * lock around any calls to functions that handle records other than
- * Application Data records.
- */
-SECStatus
-ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
-{
-const ssl3BulkCipherDef *cipher_def;
- ssl3State * ssl3 = ss->ssl3;
- ssl3CipherSpec * crSpec;
- SECStatus rv;
- unsigned int hashBytes;
- unsigned int padding_length;
- PRBool isTLS;
- SSL3ContentType rType;
- SSL3Opaque hash[MAX_MAC_LENGTH];
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
-
- if (ssl3 == NULL) {
- ssl_GetSSL3HandshakeLock(ss);
- rv = ssl3_InitState(ss);
- ssl_ReleaseSSL3HandshakeLock(ss);
- if (rv != SECSuccess) {
- return rv; /* ssl3_InitState has set the error code. */
- }
- }
-
- ssl3 = ss->ssl3;
-
- /* cText is NULL when we're called from ssl3_RestartHandshakeAfterXXX().
- * This implies that databuf holds a previously deciphered SSL Handshake
- * message.
- */
- if (cText == NULL) {
- SSL_DBG(("%d: SSL3[%d]: HandleRecord, resuming handshake",
- SSL_GETPID(), ss->fd));
- rType = content_handshake;
- goto process_it;
- }
-
- databuf->len = 0; /* filled in by decode call below. */
- if (databuf->space < MAX_FRAGMENT_LENGTH) {
- rv = sslBuffer_Grow(databuf, MAX_FRAGMENT_LENGTH + 2048);
- if (rv != SECSuccess) {
- SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes",
- SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048));
- /* sslBuffer_Grow has set a memory error code. */
- return SECFailure;
- }
- }
-
- PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf, cText->buf->len));
-
- ssl_GetSpecReadLock(ss); /******************************************/
-
- crSpec = ssl3->crSpec;
- cipher_def = crSpec->cipher_def;
- isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0);
-
- if (isTLS && cText->buf->len > (MAX_FRAGMENT_LENGTH + 2048)) {
- SSL3_SendAlert(ss, alert_fatal, record_overflow);
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
- return SECFailure;
- }
- /* decrypt from cText buf to databuf. */
- rv = crSpec->decode(
- crSpec->decodeContext, databuf->buf, (int *)&databuf->len,
- databuf->space, cText->buf->buf, cText->buf->len);
-
- PRINT_BUF(80, (ss, "cleartext:", databuf->buf, databuf->len));
- if (rv != SECSuccess) {
- ssl_ReleaseSpecReadLock(ss);
- ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE);
- if (isTLS)
- (void)SSL3_SendAlert(ss, alert_fatal, decryption_failed);
- ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE);
- return SECFailure;
- }
-
- /* If it's a block cipher, check and strip the padding. */
- if (cipher_def->type == type_block) {
- padding_length = *(databuf->buf + databuf->len - 1);
- /* TLS permits padding to exceed the block size, up to 255 bytes. */
- if (padding_length + crSpec->mac_size >= databuf->len)
- goto bad_pad;
- /* if TLS, check value of first padding byte. */
- if (padding_length && isTLS && padding_length !=
- *(databuf->buf + databuf->len - 1 - padding_length))
- goto bad_pad;
- databuf->len -= padding_length + 1;
- if (databuf->len <= 0) {
-bad_pad:
- /* must not hold spec lock when calling SSL3_SendAlert. */
- ssl_ReleaseSpecReadLock(ss);
- /* SSL3 doesn't have an alert for bad padding, so use bad mac. */
- SSL3_SendAlert(ss, alert_fatal,
- isTLS ? decryption_failed : bad_record_mac);
- PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
- return SECFailure;
- }
- }
-
- /* Check the MAC. */
- if (databuf->len < crSpec->mac_size) {
- /* record is too short to have a valid mac. */
- goto bad_mac;
- }
- databuf->len -= crSpec->mac_size;
- rType = cText->type;
- rv = ssl3_ComputeRecordMAC(
- crSpec, (ss->sec->isServer) ? crSpec->client.write_mac_context
- : crSpec->server.write_mac_context,
- rType, cText->version, crSpec->read_seq_num,
- databuf->buf, databuf->len, hash, &hashBytes);
- if (rv != SECSuccess) {
- ssl_ReleaseSpecReadLock(ss);
- ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
- return rv;
- }
-
- if (hashBytes != (unsigned)crSpec->mac_size ||
- PORT_Memcmp(databuf->buf + databuf->len, hash, crSpec->mac_size) != 0) {
-bad_mac:
- /* must not hold spec lock when calling SSL3_SendAlert. */
- ssl_ReleaseSpecReadLock(ss);
- SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
- PORT_SetError(SSL_ERROR_BAD_MAC_READ);
-
- SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd));
-
- return SECFailure;
- }
-
- ssl3_BumpSequenceNumber(&crSpec->read_seq_num);
-
- ssl_ReleaseSpecReadLock(ss); /*****************************************/
-
- /*
- * The decrypted data is now in databuf.
- *
- * the null decompression routine is right here
- */
-
- /*
- ** Having completed the decompression, check the length again.
- */
- if (isTLS && databuf->len > (MAX_FRAGMENT_LENGTH + 1024)) {
- SSL3_SendAlert(ss, alert_fatal, record_overflow);
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
- return SECFailure;
- }
-
- /* Application data records are processed by the caller of this
- ** function, not by this function.
- */
- if (rType == content_application_data) {
- return SECSuccess;
- }
-
- /* It's a record that must be handled by ssl itself, not the application.
- */
-process_it:
- /* XXX Get the xmit lock here. Odds are very high that we'll be xmiting
- * data ang getting the xmit lock here prevents deadlocks.
- */
- ssl_GetSSL3HandshakeLock(ss);
-
- /* All the functions called in this switch MUST set error code if
- ** they return SECFailure or SECWouldBlock.
- */
- switch (rType) {
- case content_change_cipher_spec:
- rv = ssl3_HandleChangeCipherSpecs(ss, databuf);
- break;
- case content_alert:
- rv = ssl3_HandleAlert(ss, databuf);
- break;
- case content_handshake:
- rv = ssl3_HandleHandshake(ss, databuf);
- break;
- case content_application_data:
- rv = SECSuccess;
- break;
- default:
- SSL_DBG(("%d: SSL3[%d]: bogus content type=%d",
- SSL_GETPID(), ss->fd, cText->type));
- /* XXX Send an alert ??? */
- PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE);
- rv = SECFailure;
- break;
- }
-
- ssl_ReleaseSSL3HandshakeLock(ss);
- return rv;
-
-}
-
-/*
- * Initialization functions
- */
-
-/* Called from ssl3_InitState, immediately below. */
-/* Caller must hold the SpecWriteLock. */
-static void
-ssl3_InitCipherSpec(sslSocket *ss, ssl3CipherSpec *spec)
-{
- spec->cipher_def = &bulk_cipher_defs[cipher_null];
- PORT_Assert(spec->cipher_def->cipher == cipher_null);
- spec->mac_def = &mac_defs[mac_null];
- PORT_Assert(spec->mac_def->mac == mac_null);
- spec->encode = Null_Cipher;
- spec->decode = Null_Cipher;
- spec->destroy = NULL;
- spec->mac_size = 0;
- spec->master_secret = NULL;
-
- spec->client.write_key = NULL;
- spec->client.write_mac_key = NULL;
- spec->client.write_mac_context = NULL;
-
- spec->server.write_key = NULL;
- spec->server.write_mac_key = NULL;
- spec->server.write_mac_context = NULL;
-
- spec->write_seq_num.high = 0;
- spec->write_seq_num.low = 0;
-
- spec->read_seq_num.high = 0;
- spec->read_seq_num.low = 0;
-
- spec->version = ss->enableTLS
- ? SSL_LIBRARY_VERSION_3_1_TLS
- : SSL_LIBRARY_VERSION_3_0;
-}
-
-/* Called from: ssl3_SendRecord
-** ssl3_StartHandshakeHash() <- ssl2_BeginClientHandshake()
-** ssl3_SendClientHello()
-** ssl3_HandleServerHello()
-** ssl3_HandleClientHello()
-** ssl3_HandleV2ClientHello()
-** ssl3_HandleRecord()
-**
-** This function should perhaps acquire and release the SpecWriteLock.
-**
-**
-*/
-static SECStatus
-ssl3_InitState(sslSocket *ss)
-{
- ssl3State * ssl3 = NULL;
- PK11Context *md5 = NULL;
- PK11Context *sha = NULL;
- SECStatus rv;
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss));
-
- /* reinitialization for renegotiated sessions XXX */
- if (ss->ssl3 != NULL)
- return SECSuccess;
-
- ssl3 = PORT_ZNew(ssl3State); /* zero on purpose */
- if (ssl3 == NULL)
- return SECFailure; /* PORT_ZAlloc has set memory error code. */
-
- /* note that entire HandshakeState is zero, including the buffer */
- ssl3->policy = SSL_ALLOWED;
-
- ssl_GetSpecWriteLock(ss);
- ssl3->crSpec = ssl3->cwSpec = &ssl3->specs[0];
- ssl3->prSpec = ssl3->pwSpec = &ssl3->specs[1];
- ssl3->hs.rehandshake = PR_FALSE;
- ssl3_InitCipherSpec(ss, ssl3->crSpec);
- ssl3_InitCipherSpec(ss, ssl3->prSpec);
- ssl3->fortezza.tek = NULL;
-
- ssl3->hs.ws = (ss->sec->isServer) ? wait_client_hello : wait_server_hello;
- ssl_ReleaseSpecWriteLock(ss);
-
- /*
- * note: We should probably lookup an SSL3 slot for these
- * handshake hashes in hopes that we wind up with the same slots
- * that the master secret will wind up in ...
- */
- SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd));
- ssl3->hs.md5 = md5 = PK11_CreateDigestContext(SEC_OID_MD5);
- if (md5 == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- goto loser;
- }
- rv = PK11_DigestBegin(ssl3->hs.md5);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- goto loser;
- }
-
- sha = ssl3->hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1);
- if (sha == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
- goto loser;
- }
- rv = PK11_DigestBegin(ssl3->hs.sha);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
- goto loser;
- }
-
- /* Don't hide this from the rest of the world any more. */
- ss->ssl3 = ssl3;
-
- return SECSuccess;
-
-loser:
- if (md5 != NULL) PK11_DestroyContext(md5, PR_TRUE);
- if (sha != NULL) PK11_DestroyContext(sha, PR_TRUE);
- if (ssl3 != NULL) PORT_Free(ssl3);
- return SECFailure;
-}
-
-/* Returns a reference counted object that contains a key pair.
- * Or NULL on failure. Initial ref count is 1.
- * Uses the keys in the pair as input.
- */
-ssl3KeyPair *
-ssl3_NewKeyPair( SECKEYPrivateKey * privKey, SECKEYPublicKey * pubKey)
-{
- ssl3KeyPair * pair;
-
- if (!privKey || !pubKey) {
- PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
- return NULL;
- }
- pair = PORT_ZNew(ssl3KeyPair);
- if (!pair)
- return NULL; /* error code is set. */
- pair->refCount = 1;
- pair->privKey = privKey;
- pair->pubKey = pubKey;
- return pair; /* success */
-}
-
-ssl3KeyPair *
-ssl3_GetKeyPairRef(ssl3KeyPair * keyPair)
-{
- PR_AtomicIncrement(&keyPair->refCount);
- return keyPair;
-}
-
-void
-ssl3_FreeKeyPair(ssl3KeyPair * keyPair)
-{
- PRInt32 newCount = PR_AtomicDecrement(&keyPair->refCount);
- if (!newCount) {
- SECKEY_DestroyPrivateKey(keyPair->privKey);
- SECKEY_DestroyPublicKey( keyPair->pubKey);
- PORT_Free(keyPair);
- }
-}
-
-
-#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */
-
-/*
- * Creates the public and private RSA keys for SSL Step down.
- * Called from SSL_ConfigSecureServer in sslsecur.c
- */
-SECStatus
-ssl3_CreateRSAStepDownKeys(sslSocket *ss)
-{
- SECStatus rv = SECSuccess;
- SECKEYPrivateKey * privKey; /* RSA step down key */
- SECKEYPublicKey * pubKey; /* RSA step down key */
-
- if (ss->stepDownKeyPair)
- ssl3_FreeKeyPair(ss->stepDownKeyPair);
- ss->stepDownKeyPair = NULL;
-#ifndef HACKED_EXPORT_SERVER
- /* Sigh, should have a get key strength call for private keys */
- if (PK11_GetPrivateModulusLen(ss->serverKey[kt_rsa]) >
- EXPORT_RSA_KEY_LENGTH) {
- /* need to ask for the key size in bits */
- privKey = SECKEY_CreateRSAPrivateKey(EXPORT_RSA_KEY_LENGTH * BPB,
- &pubKey, NULL);
- if (!privKey || !pubKey ||
- !(ss->stepDownKeyPair = ssl3_NewKeyPair(privKey, pubKey))) {
- ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
- rv = SECFailure;
- }
- }
-#endif
- return rv;
-}
-
-
-/* record the export policy for this cipher suite */
-SECStatus
-ssl3_SetPolicy(ssl3CipherSuite which, int policy)
-{
- ssl3CipherSuiteCfg *suite;
-
- suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
- if (suite == NULL) {
- return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
- }
- suite->policy = policy;
-
- if (policy == SSL_RESTRICTED) {
- ssl3_global_policy_some_restricted = PR_TRUE;
- }
-
- return SECSuccess;
-}
-
-SECStatus
-ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *oPolicy)
-{
- ssl3CipherSuiteCfg *suite;
- PRInt32 policy;
- SECStatus rv;
-
- suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
- if (suite) {
- policy = suite->policy;
- rv = SECSuccess;
- } else {
- policy = SSL_NOT_ALLOWED;
- rv = SECFailure; /* err code was set by Lookup. */
- }
- *oPolicy = policy;
- return rv;
-}
-
-/* record the user preference for this suite */
-SECStatus
-ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool enabled)
-{
- ssl3CipherSuiteCfg *suite;
-
- suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
- if (suite == NULL) {
- return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
- }
- suite->enabled = enabled;
- return SECSuccess;
-}
-
-/* return the user preference for this suite */
-SECStatus
-ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *enabled)
-{
- ssl3CipherSuiteCfg *suite;
- PRBool pref;
- SECStatus rv;
-
- suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
- if (suite) {
- pref = suite->enabled;
- rv = SECSuccess;
- } else {
- pref = SSL_NOT_ALLOWED;
- rv = SECFailure; /* err code was set by Lookup. */
- }
- *enabled = pref;
- return rv;
-}
-
-SECStatus
-ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool enabled)
-{
- ssl3CipherSuiteCfg *suite;
-
- suite = ssl_LookupCipherSuiteCfg(which, ss->cipherSuites);
- if (suite == NULL) {
- return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
- }
- suite->enabled = enabled;
- return SECSuccess;
-}
-
-SECStatus
-ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled)
-{
- ssl3CipherSuiteCfg *suite;
- PRBool pref;
- SECStatus rv;
-
- suite = ssl_LookupCipherSuiteCfg(which, ss->cipherSuites);
- if (suite) {
- pref = suite->enabled;
- rv = SECSuccess;
- } else {
- pref = SSL_NOT_ALLOWED;
- rv = SECFailure; /* err code was set by Lookup. */
- }
- *enabled = pref;
- return rv;
-}
-
-/* copy global default policy into socket. */
-void
-ssl3_InitSocketPolicy(sslSocket *ss)
-{
- PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
-}
-
-/* ssl3_config_match_init must have already been called by
- * the caller of this function.
- */
-SECStatus
-ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size)
-{
- int i, count = 0;
-
- PORT_Assert(ss != 0);
- if (!ss) {
- PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
- return SECFailure;
- }
- if (!ss->enableSSL3 && !ss->enableTLS) {
- *size = 0;
- return SECSuccess;
- }
- if (cs == NULL) {
- *size = count_cipher_suites(ss, SSL_ALLOWED, PR_TRUE);
- return SECSuccess;
- }
-
- /* ssl3_config_match_init was called by the caller of this function. */
- for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
- if (config_match(suite, SSL_ALLOWED, PR_TRUE)) {
- if (cs != NULL) {
- *cs++ = 0x00;
- *cs++ = (suite->cipher_suite >> 8) & 0xFF;
- *cs++ = suite->cipher_suite & 0xFF;
- }
- count++;
- }
- }
- *size = count;
- return SECSuccess;
-}
-
-/*
-** If ssl3 socket is connected and in idle state, then start a new handshake.
-** If flushCache is true, the SID cache will be flushed first, forcing a
-** "Full" handshake (not a session restart handshake), to be done.
-**
-** called from SSL_RedoHandshake(), which already holds the handshake locks.
-*/
-SECStatus
-ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache)
-{
- sslSecurityInfo *sec = ss->sec;
- sslSessionID * sid = ss->sec->ci.sid;
- SECStatus rv;
-
- PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) );
-
- if (!ss->connected ||
- ((ss->version >= SSL_LIBRARY_VERSION_3_0) &&
- ss->ssl3 && (ss->ssl3->hs.ws != idle_handshake))) {
- PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
- return SECFailure;
- }
- if (sid && flushCache) {
- sec->uncache(sid); /* remove it from whichever cache it's in. */
- ssl_FreeSID(sid); /* dec ref count and free if zero. */
- ss->sec->ci.sid = NULL;
- }
-
- ssl_GetXmitBufLock(ss); /**************************************/
-
- /* start off a new handshake. */
- rv = (sec->isServer) ? ssl3_SendHelloRequest(ss)
- : ssl3_SendClientHello(ss);
-
- ssl_ReleaseXmitBufLock(ss); /**************************************/
- return rv;
-}
-
-/* Called from ssl_FreeSocket() in sslsock.c */
-void
-ssl3_DestroySSL3Info(ssl3State *ssl3)
-{
- if (ssl3 == NULL)
- return; /* success the easy way. */
-
- if (ssl3->clientCertificate != NULL)
- CERT_DestroyCertificate(ssl3->clientCertificate);
-
- if (ssl3->clientPrivateKey != NULL)
- SECKEY_DestroyPrivateKey(ssl3->clientPrivateKey);
-
- if (ssl3->peerCertArena != NULL)
- ssl3_CleanupPeerCerts(ssl3);
-
- /* clean up handshake */
- if (ssl3->hs.md5) {
- PK11_DestroyContext(ssl3->hs.md5,PR_TRUE);
- }
- if (ssl3->hs.sha) {
- PK11_DestroyContext(ssl3->hs.sha,PR_TRUE);
- }
-
- if (ssl3->fortezza.tek != NULL) {
- PK11_FreeSymKey(ssl3->fortezza.tek);
- }
- /* free the SSL3Buffer (msg_body) */
- PORT_Free(ssl3->hs.msg_body.buf);
-
- /* free up the CipherSpecs */
- ssl3_DestroyCipherSpec(&ssl3->specs[0]);
- ssl3_DestroyCipherSpec(&ssl3->specs[1]);
-
- PORT_Free(ssl3);
-}
-
-/* End of ssl3con.c */
diff --git a/security/nss/lib/ssl/ssl3gthr.c b/security/nss/lib/ssl/ssl3gthr.c
deleted file mode 100644
index b3f05d83a..000000000
--- a/security/nss/lib/ssl/ssl3gthr.c
+++ /dev/null
@@ -1,228 +0,0 @@
-/*
- * Gather (Read) entire SSL3 records from socket into buffer.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "ssl3prot.h"
-
-/*
- * Attempt to read in an entire SSL3 record.
- * Blocks here for blocking sockets, otherwise returns -1 with
- * PR_WOULD_BLOCK_ERROR when socket would block.
- *
- * returns 1 if received a complete SSL3 record.
- * returns 0 if recv returns EOF
- * returns -1 if recv returns <0
- * (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
- *
- * Caller must hold the recv buf lock.
- *
- * The Gather state machine has 3 states: GS_INIT, GS_HEADER, GS_DATA.
- * GS_HEADER: waiting for the 5-byte SSL3 record header to come in.
- * GS_DATA: waiting for the body of the SSL3 record to come in.
- *
- * This loop returns when either (a) an error or EOF occurs,
- * (b) PR_WOULD_BLOCK_ERROR,
- * (c) data (entire SSL3 record) has been received.
- */
-static int
-ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
-{
- unsigned char *bp;
- unsigned char *lbp;
- int nb;
- int err;
- int rv = 1;
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- if (gs->state == GS_INIT) {
- gs->state = GS_HEADER;
- gs->remainder = 5;
- gs->offset = 0;
- gs->writeOffset = 0;
- gs->readOffset = 0;
- }
-
- lbp = gs->inbuf.buf;
- for(;;) {
- SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
- SSL_GETPID(), ss->fd, gs->state, gs->remainder));
- bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
- nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
-
- if (nb > 0) {
- PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
- } else if (nb == 0) {
- /* EOF */
- SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
- rv = 0;
- break;
- } else /* if (nb < 0) */ {
- SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
- PR_GetError()));
- rv = SECFailure;
- break;
- }
-
- gs->offset += nb;
- gs->inbuf.len += nb;
- gs->remainder -= nb;
-
- /* if there's more to go, read some more. */
- if (gs->remainder > 0) {
- continue;
- }
-
- /* have received entire record header, or entire record. */
- switch (gs->state) {
- case GS_HEADER:
- /*
- ** Have received SSL3 record header in gs->hdr.
- ** Now extract the length of the following encrypted data,
- ** and then read in the rest of the SSL3 record into gs->inbuf.
- */
- gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
-
- /* This is the max fragment length for an encrypted fragment
- ** plus the size of the record header.
- */
- if(gs->remainder > (MAX_FRAGMENT_LENGTH + 2048 + 5)) {
- SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- gs->state = GS_INIT;
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
- return SECFailure;
- }
-
- gs->state = GS_DATA;
- gs->offset = 0;
- gs->inbuf.len = 0;
-
- if (gs->remainder > gs->inbuf.space) {
- err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
- if (err) { /* realloc has set error code to no mem. */
- return err;
- }
- lbp = gs->inbuf.buf;
- }
- break; /* End this case. Continue around the loop. */
-
-
- case GS_DATA:
- /*
- ** SSL3 record has been completely received.
- */
- gs->state = GS_INIT;
- return 1;
- }
- }
-
- return rv;
-}
-
-/* Gather in a record and when complete, Handle that record.
- * Repeat this until the handshake is complete,
- * or until application data is available.
- *
- * Returns 1 when the handshake is completed without error, or
- * application data is available.
- * Returns 0 if ssl3_GatherData hits EOF.
- * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
- * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
- *
- * Called from ssl_GatherRecord1stHandshake in sslcon.c,
- * and from SSL_ForceHandshake in sslsecur.c
- * and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c).
- *
- * Caller must hold the recv buf lock.
- */
-int
-ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
-{
- sslGather * gs = ss->gather;
- SSL3Ciphertext cText;
- int rv;
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- do {
- /* bring in the next sslv3 record. */
- rv = ssl3_GatherData(ss, gs, flags);
- if (rv <= 0) {
- return rv;
- }
-
- /* decipher it, and handle it if it's a handshake.
- * If it's application data, gs->buf will not be empty upon return.
- */
- cText.type = (SSL3ContentType)gs->hdr[0];
- cText.version = (gs->hdr[1] << 8) | gs->hdr[2];
- cText.buf = &gs->inbuf;
- rv = ssl3_HandleRecord(ss, &cText, &gs->buf);
- if (rv < 0) {
- return ss->recvdCloseNotify ? 0 : rv;
- }
- } while (ss->ssl3->hs.ws != idle_handshake && gs->buf.len == 0);
-
- gs->readOffset = 0;
- gs->writeOffset = gs->buf.len;
- return 1;
-}
-
-/* Repeatedly gather in a record and when complete, Handle that record.
- * Repeat this until some application data is received.
- *
- * Returns 1 when application data is available.
- * Returns 0 if ssl3_GatherData hits EOF.
- * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
- * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
- *
- * Called from DoRecv in sslsecur.c
- * Caller must hold the recv buf lock.
- */
-int
-ssl3_GatherAppDataRecord(sslSocket *ss, int flags)
-{
- sslGather * gs = ss->gather;
- int rv;
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- do {
- rv = ssl3_GatherCompleteHandshake(ss, flags);
- } while (rv > 0 && gs->buf.len == 0);
-
- return rv;
-}
diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h
deleted file mode 100644
index a9162d9b3..000000000
--- a/security/nss/lib/ssl/ssl3prot.h
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
- * Various and sundry protocol constants. DON'T CHANGE THESE. These
- * values are defined by the SSL 3.0 protocol specification.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef __ssl3proto_h_
-#define __ssl3proto_h_
-
-typedef uint8 SSL3Opaque;
-
-typedef uint16 SSL3ProtocolVersion;
-/* version numbers are defined in sslproto.h */
-
-typedef uint16 ssl3CipherSuite;
-/* The cipher suites are defined in sslproto.h */
-
-#define MAX_CERT_TYPES 10
-#define MAX_COMPRESSION_METHODS 10
-#define MAX_MAC_LENGTH 64
-#define MAX_PADDING_LENGTH 64
-#define MAX_KEY_LENGTH 64
-#define EXPORT_KEY_LENGTH 5
-#define SSL3_RANDOM_LENGTH 32
-
-#define SSL3_RECORD_HEADER_LENGTH 5
-
-#define MAX_FRAGMENT_LENGTH 16384
-
-typedef enum {
- content_change_cipher_spec = 20,
- content_alert = 21,
- content_handshake = 22,
- content_application_data = 23
-} SSL3ContentType;
-
-typedef struct {
- SSL3ContentType type;
- SSL3ProtocolVersion version;
- uint16 length;
- SECItem fragment;
-} SSL3Plaintext;
-
-typedef struct {
- SSL3ContentType type;
- SSL3ProtocolVersion version;
- uint16 length;
- SECItem fragment;
-} SSL3Compressed;
-
-typedef struct {
- SECItem content;
- SSL3Opaque MAC[MAX_MAC_LENGTH];
-} SSL3GenericStreamCipher;
-
-typedef struct {
- SECItem content;
- SSL3Opaque MAC[MAX_MAC_LENGTH];
- uint8 padding[MAX_PADDING_LENGTH];
- uint8 padding_length;
-} SSL3GenericBlockCipher;
-
-typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
-
-typedef struct {
- SSL3ChangeCipherSpecChoice choice;
-} SSL3ChangeCipherSpec;
-
-typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel;
-
-typedef enum {
- close_notify = 0,
- unexpected_message = 10,
- bad_record_mac = 20,
- decryption_failed = 21, /* TLS only */
- record_overflow = 22, /* TLS only */
- decompression_failure = 30,
- handshake_failure = 40,
- no_certificate = 41, /* SSL3 only, NOT TLS */
- bad_certificate = 42,
- unsupported_certificate = 43,
- certificate_revoked = 44,
- certificate_expired = 45,
- certificate_unknown = 46,
- illegal_parameter = 47,
-
-/* All alerts below are TLS only. */
- unknown_ca = 48,
- access_denied = 49,
- decode_error = 50,
- decrypt_error = 51,
- export_restriction = 60,
- protocol_version = 70,
- insufficient_security = 71,
- internal_error = 80,
- user_canceled = 90,
- no_renegotiation = 100
-
-} SSL3AlertDescription;
-
-typedef struct {
- SSL3AlertLevel level;
- SSL3AlertDescription description;
-} SSL3Alert;
-
-typedef enum {
- hello_request = 0,
- client_hello = 1,
- server_hello = 2,
- certificate = 11,
- server_key_exchange = 12,
- certificate_request = 13,
- server_hello_done = 14,
- certificate_verify = 15,
- client_key_exchange = 16,
- finished = 20
-} SSL3HandshakeType;
-
-typedef struct {
- uint8 empty;
-} SSL3HelloRequest;
-
-typedef struct {
- SSL3Opaque rand[SSL3_RANDOM_LENGTH];
-} SSL3Random;
-
-typedef struct {
- SSL3Opaque id[32];
- uint8 length;
-} SSL3SessionID;
-
-typedef enum { compression_null = 0 } SSL3CompressionMethod;
-
-typedef struct {
- SSL3ProtocolVersion client_version;
- SSL3Random random;
- SSL3SessionID session_id;
- SECItem cipher_suites;
- uint8 cm_count;
- SSL3CompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
-} SSL3ClientHello;
-
-typedef struct {
- SSL3ProtocolVersion server_version;
- SSL3Random random;
- SSL3SessionID session_id;
- ssl3CipherSuite cipher_suite;
- SSL3CompressionMethod compression_method;
-} SSL3ServerHello;
-
-typedef struct {
- SECItem list;
-} SSL3Certificate;
-
-typedef enum {
- sign_null, sign_rsa, sign_dsa
-} SSL3SignType;
-
-/* The SSL key exchange method used */
-typedef enum {
- kea_null,
- kea_rsa,
- kea_rsa_export,
- kea_rsa_export_1024,
- kea_dh_dss,
- kea_dh_dss_export,
- kea_dh_rsa,
- kea_dh_rsa_export,
- kea_dhe_dss,
- kea_dhe_dss_export,
- kea_dhe_rsa,
- kea_dhe_rsa_export,
- kea_dh_anon,
- kea_dh_anon_export,
- kea_fortezza,
- kea_rsa_fips
-} SSL3KeyExchangeAlgorithm;
-
-typedef struct {
- SECItem modulus;
- SECItem exponent;
-} SSL3ServerRSAParams;
-
-typedef struct {
- SECItem p;
- SECItem g;
- SECItem Ys;
-} SSL3ServerDHParams;
-
-typedef struct {
- union {
- SSL3ServerDHParams dh;
- SSL3ServerRSAParams rsa;
- } u;
-} SSL3ServerParams;
-
-typedef struct {
- uint8 md5[16];
- uint8 sha[20];
-} SSL3Hashes;
-
-typedef struct {
- union {
- SSL3Opaque anonymous;
- SSL3Hashes certified;
- } u;
-} SSL3ServerKeyExchange;
-
-typedef enum {
- ct_RSA_sign = 1,
- ct_DSS_sign = 2,
- ct_RSA_fixed_DH = 3,
- ct_DSS_fixed_DH = 4,
- ct_RSA_ephemeral_DH = 5,
- ct_DSS_ephemeral_DH = 6,
- ct_Fortezza = 20
-} SSL3ClientCertificateType;
-
-typedef SECItem *SSL3DistinquishedName;
-
-typedef struct {
- SSL3Opaque client_version[2];
- SSL3Opaque random[46];
-} SSL3RSAPreMasterSecret;
-
-typedef SECItem SSL3EncryptedPreMasterSecret;
-
-/* Following struct is the format of a Fortezza ClientKeyExchange message. */
-typedef struct {
- SECItem y_c;
- SSL3Opaque r_c [128];
- SSL3Opaque y_signature [40];
- SSL3Opaque wrapped_client_write_key [12];
- SSL3Opaque wrapped_server_write_key [12];
- SSL3Opaque client_write_iv [24];
- SSL3Opaque server_write_iv [24];
- SSL3Opaque master_secret_iv [24];
- SSL3Opaque encrypted_preMasterSecret[48];
-} SSL3FortezzaKeys;
-
-typedef SSL3Opaque SSL3MasterSecret[48];
-
-typedef enum { implicit, explicit } SSL3PublicValueEncoding;
-
-typedef struct {
- union {
- SSL3Opaque implicit;
- SECItem explicit;
- } dh_public;
-} SSL3ClientDiffieHellmanPublic;
-
-typedef struct {
- union {
- SSL3EncryptedPreMasterSecret rsa;
- SSL3ClientDiffieHellmanPublic diffie_helman;
- SSL3FortezzaKeys fortezza;
- } exchange_keys;
-} SSL3ClientKeyExchange;
-
-typedef SSL3Hashes SSL3PreSignedCertificateVerify;
-
-typedef SECItem SSL3CertificateVerify;
-
-typedef enum {
- sender_client = 0x434c4e54,
- sender_server = 0x53525652
-} SSL3Sender;
-
-typedef SSL3Hashes SSL3Finished;
-
-typedef struct {
- SSL3Opaque verify_data[12];
-} TLSFinished;
-
-#endif /* __ssl3proto_h_ */
diff --git a/security/nss/lib/ssl/sslauth.c b/security/nss/lib/ssl/sslauth.c
deleted file mode 100644
index 7b7fad11e..000000000
--- a/security/nss/lib/ssl/sslauth.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-#include "cert.h"
-#include "secitem.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "pk11func.h"
-
-/* NEED LOCKS IN HERE. */
-CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd)
-{
- sslSocket *ss;
- sslSecurityInfo *sec;
-
- ss = ssl_FindSocket(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",
- SSL_GETPID(), fd));
- return 0;
- }
- sec = ss->sec;
- if (ss->useSecurity && sec && sec->peerCert) {
- return CERT_DupCertificate(sec->peerCert);
- }
- return 0;
-}
-
-/* NEED LOCKS IN HERE. */
-int
-SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
- char **ip, char **sp)
-{
- sslSocket *ss;
- sslSecurityInfo *sec;
- const char *cipherName;
- PRBool isDes = PR_FALSE;
-
- ss = ssl_FindSocket(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SecurityStatus",
- SSL_GETPID(), fd));
- return SECFailure;
- }
-
- if (cp) *cp = 0;
- if (kp0) *kp0 = 0;
- if (kp1) *kp1 = 0;
- if (ip) *ip = 0;
- if (sp) *sp = 0;
- if (op) {
- *op = SSL_SECURITY_STATUS_OFF;
- }
-
- if (ss->useSecurity && ss->connected) {
- PORT_Assert(ss->sec != 0);
- sec = ss->sec;
-
- if (ss->version < SSL_LIBRARY_VERSION_3_0) {
- cipherName = ssl_cipherName[sec->cipherType];
- } else {
- cipherName = ssl3_cipherName[sec->cipherType];
- }
- if (cipherName && PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE;
- /* do same key stuff for fortezza */
-
- if (cp) {
- *cp = PORT_Strdup(cipherName);
- }
-
- if (kp0) {
- *kp0 = sec->keyBits;
- if (isDes) *kp0 = (*kp0 * 7) / 8;
- }
- if (kp1) {
- *kp1 = sec->secretKeyBits;
- if (isDes) *kp1 = (*kp1 * 7) / 8;
- }
- if (op) {
- if (sec->keyBits == 0) {
- *op = SSL_SECURITY_STATUS_OFF;
- } else if (sec->secretKeyBits < 90) {
- *op = SSL_SECURITY_STATUS_ON_LOW;
-
- } else {
- *op = SSL_SECURITY_STATUS_ON_HIGH;
- }
- }
-
- if (ip || sp) {
- CERTCertificate *cert;
-
- cert = sec->peerCert;
- if (cert) {
- if (ip) {
- *ip = CERT_NameToAscii(&cert->issuer);
- }
- if (sp) {
- *sp = CERT_NameToAscii(&cert->subject);
- }
- } else {
- if (ip) {
- *ip = PORT_Strdup("no certificate");
- }
- if (sp) {
- *sp = PORT_Strdup("no certificate");
- }
- }
- }
- }
-
- return 0;
-}
-
-/************************************************************************/
-
-/* NEED LOCKS IN HERE. */
-int
-SSL_AuthCertificateHook(PRFileDesc *s, SSLAuthCertificate func, void *arg)
-{
- sslSocket *ss;
- int rv;
-
- ss = ssl_FindSocket(s);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in AuthCertificateHook",
- SSL_GETPID(), s));
- return SECFailure;
- }
-
- if ((rv = ssl_CreateSecurityInfo(ss)) != 0) {
- return(rv);
- }
- ss->authCertificate = func;
- ss->authCertificateArg = arg;
-
- return(0);
-}
-
-/* NEED LOCKS IN HERE. */
-int
-SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
- void *arg)
-{
- sslSocket *ss;
- int rv;
-
- ss = ssl_FindSocket(s);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in GetClientAuthDataHook",
- SSL_GETPID(), s));
- return SECFailure;
- }
-
- if ((rv = ssl_CreateSecurityInfo(ss)) != 0) {
- return rv;
- }
- ss->getClientAuthData = func;
- ss->getClientAuthDataArg = arg;
- return 0;
-}
-
-/* NEED LOCKS IN HERE. */
-int
-SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg)
-{
- sslSocket *ss;
- int rv;
-
- ss = ssl_FindSocket(s);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in GetClientAuthDataHook",
- SSL_GETPID(), s));
- return SECFailure;
- }
-
- if ((rv = ssl_CreateSecurityInfo(ss)) != 0) {
- return rv;
- }
- ss->pkcs11PinArg = arg;
- return 0;
-}
-
-
-/* This is the "default" authCert callback function. It is called when a
- * certificate message is received from the peer and the local application
- * has not registered an authCert callback function.
- */
-int
-SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
-{
- SECStatus rv;
- CERTCertDBHandle * handle;
- sslSocket * ss;
- SECCertUsage certUsage;
- char * hostname = NULL;
-
- ss = ssl_FindSocket(fd);
- PORT_Assert(ss != NULL);
-
- handle = (CERTCertDBHandle *)arg;
-
- /* this may seem backwards, but isn't. */
- certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
-
- rv = CERT_VerifyCertNow(handle, ss->sec->peerCert, checkSig, certUsage,
- ss->pkcs11PinArg);
-
- if ( rv != SECSuccess || isServer )
- return rv;
-
- /* cert is OK. This is the client side of an SSL connection.
- * Now check the name field in the cert against the desired hostname.
- * NB: This is our only defense against Man-In-The-Middle (MITM) attacks!
- */
- hostname = ss->url;
- if (hostname && hostname[0])
- rv = CERT_VerifyCertName(ss->sec->peerCert, hostname);
- else
- rv = SECFailure;
- if (rv != SECSuccess)
- PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
-
- return rv;
-}
diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c
deleted file mode 100644
index e4a3e3ecd..000000000
--- a/security/nss/lib/ssl/sslcon.c
+++ /dev/null
@@ -1,3683 +0,0 @@
-/*
- * SSL v2 handshake functions, and functions common to SSL2 and SSL3.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "cert.h"
-#include "secitem.h"
-#include "sechash.h"
-#include "cryptohi.h" /* for SGN_ funcs */
-#include "keyhi.h" /* for SECKEY_ high level functions. */
-#include "softoken.h" /* for RSA_FormatBlock */
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "ssl3prot.h"
-#include "sslerr.h"
-#include "pk11func.h"
-#include "prinit.h"
-#include "prtime.h" /* for PR_Now() */
-
-#define XXX
-
-static PRBool policyWasSet;
-
-/* This ordered list is indexed by (SSL_CK_xx * 3) */
-/* Second and third bytes are MSB and LSB of master key length. */
-static const PRUint8 allCipherSuites[] = {
- 0, 0, 0,
- SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80,
- SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80,
- SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80,
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80,
- SSL_CK_IDEA_128_CBC_WITH_MD5, 0x00, 0x80,
- SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40,
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0,
- 0, 0, 0
-};
-
-#define ssl2_NUM_SUITES_IMPLEMENTED 6
-
-/* This list is sent back to the client when the client-hello message
- * contains no overlapping ciphers, so the client can report what ciphers
- * are supported by the server. Unlike allCipherSuites (above), this list
- * is sorted by descending preference, not by cipherSuite number.
- */
-static const PRUint8 implementedCipherSuites[ssl2_NUM_SUITES_IMPLEMENTED * 3] = {
- SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80,
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0,
- SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80,
- SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40,
- SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80,
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80
-};
-
-typedef struct ssl2SpecsStr {
- PRUint8 nkm; /* do this many hashes to generate key material. */
- PRUint8 nkd; /* size of readKey and writeKey in bytes. */
- PRUint8 blockSize;
- PRUint8 blockShift;
- CK_MECHANISM_TYPE mechanism;
- PRUint8 keyLen; /* cipher symkey size in bytes. */
- PRUint8 pubLen; /* publicly reveal this many bytes of key. */
- PRUint8 ivLen; /* length of IV data at *ca. */
-} ssl2Specs;
-
-static const ssl2Specs ssl_Specs[] = {
-/* NONE */
- { 0, 0, 0, 0, },
-/* SSL_CK_RC4_128_WITH_MD5 */
- { 2, 16, 1, 0, CKM_RC4, 16, 0, 0, },
-/* SSL_CK_RC4_128_EXPORT40_WITH_MD5 */
- { 2, 16, 1, 0, CKM_RC4, 16, 11, 0, },
-/* SSL_CK_RC2_128_CBC_WITH_MD5 */
- { 2, 16, 8, 3, CKM_RC2_CBC, 16, 0, 8, },
-/* SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 */
- { 2, 16, 8, 3, CKM_RC2_CBC, 16, 11, 8, },
-/* SSL_CK_IDEA_128_CBC_WITH_MD5 */
- { 0, 0, 0, 0, },
-/* SSL_CK_DES_64_CBC_WITH_MD5 */
- { 1, 8, 8, 3, CKM_DES_CBC, 8, 0, 8, },
-/* SSL_CK_DES_192_EDE3_CBC_WITH_MD5 */
- { 3, 24, 8, 3, CKM_DES3_CBC, 24, 0, 8, },
-};
-
-#define SET_ERROR_CODE /* reminder */
-#define TEST_FOR_FAILURE /* reminder */
-
-/*
-** Put a string tag in the library so that we can examine an executable
-** and see what kind of security it supports.
-*/
-const char *ssl_version = "SECURITY_VERSION:"
- " +us"
- " +export"
-#ifdef TRACE
- " +trace"
-#endif
-#ifdef DEBUG
- " +debug"
-#endif
- ;
-
-const char * const ssl_cipherName[] = {
- "unknown",
- "RC4",
- "RC4-Export",
- "RC2-CBC",
- "RC2-CBC-Export",
- "IDEA-CBC",
- "DES-CBC",
- "DES-EDE3-CBC",
- "unknown",
- "Fortezza",
-};
-
-
-/* bit-masks, showing which SSLv2 suites are allowed.
- * lsb corresponds to first cipher suite in allCipherSuites[].
- */
-static PRUint16 allowedByPolicy; /* all off by default */
-static PRUint16 maybeAllowedByPolicy; /* all off by default */
-static PRUint16 chosenPreference = 0xff; /* all on by default */
-
-/* bit values for the above two bit masks */
-#define SSL_CB_RC4_128_WITH_MD5 (1 << SSL_CK_RC4_128_WITH_MD5)
-#define SSL_CB_RC4_128_EXPORT40_WITH_MD5 (1 << SSL_CK_RC4_128_EXPORT40_WITH_MD5)
-#define SSL_CB_RC2_128_CBC_WITH_MD5 (1 << SSL_CK_RC2_128_CBC_WITH_MD5)
-#define SSL_CB_RC2_128_CBC_EXPORT40_WITH_MD5 (1 << SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)
-#define SSL_CB_IDEA_128_CBC_WITH_MD5 (1 << SSL_CK_IDEA_128_CBC_WITH_MD5)
-#define SSL_CB_DES_64_CBC_WITH_MD5 (1 << SSL_CK_DES_64_CBC_WITH_MD5)
-#define SSL_CB_DES_192_EDE3_CBC_WITH_MD5 (1 << SSL_CK_DES_192_EDE3_CBC_WITH_MD5)
-#define SSL_CB_IMPLEMENTED \
- (SSL_CB_RC4_128_WITH_MD5 | \
- SSL_CB_RC4_128_EXPORT40_WITH_MD5 | \
- SSL_CB_RC2_128_CBC_WITH_MD5 | \
- SSL_CB_RC2_128_CBC_EXPORT40_WITH_MD5 | \
- SSL_CB_DES_64_CBC_WITH_MD5 | \
- SSL_CB_DES_192_EDE3_CBC_WITH_MD5)
-
-
-/* Construct a socket's list of cipher specs from the global default values.
- */
-static SECStatus
-ssl2_ConstructCipherSpecs(sslSocket *ss)
-{
- PRUint8 * cs = NULL;
- unsigned int allowed;
- unsigned int count;
- int ssl3_count = 0;
- int final_count;
- int i;
- SECStatus rv;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
-
- count = 0;
- PORT_Assert(ss != 0);
- allowed = !ss->enableSSL2 ? 0 :
- (ss->allowedByPolicy & ss->chosenPreference & SSL_CB_IMPLEMENTED);
- while (allowed) {
- if (allowed & 1)
- ++count;
- allowed >>= 1;
- }
-
- /* Call ssl3_config_match_init() once here,
- * instead of inside ssl3_ConstructV2CipherSpecsHack(),
- * because the latter gets called twice below,
- * and then again in ssl2_BeginClientHandshake().
- */
- ssl3_config_match_init(ss);
-
- /* ask SSL3 how many cipher suites it has. */
- rv = ssl3_ConstructV2CipherSpecsHack(ss, NULL, &ssl3_count);
- if (rv < 0)
- return rv;
- count += ssl3_count;
-
- /* Allocate memory to hold cipher specs */
- if (count > 0)
- cs = (PRUint8*) PORT_Alloc(count * 3);
- else
- PORT_SetError(SSL_ERROR_SSL_DISABLED);
- if (cs == NULL)
- return SECFailure;
-
- if (ss->cipherSpecs != NULL) {
- PORT_Free(ss->cipherSpecs);
- }
- ss->cipherSpecs = cs;
- ss->sizeCipherSpecs = count * 3;
-
- /* fill in cipher specs for SSL2 cipher suites */
- allowed = !ss->enableSSL2 ? 0 :
- (ss->allowedByPolicy & ss->chosenPreference & SSL_CB_IMPLEMENTED);
- for (i = 0; i < ssl2_NUM_SUITES_IMPLEMENTED * 3; i += 3) {
- const PRUint8 * hs = implementedCipherSuites + i;
- int ok = allowed & (1U << hs[0]);
- if (ok) {
- cs[0] = hs[0];
- cs[1] = hs[1];
- cs[2] = hs[2];
- cs += 3;
- }
- }
-
- /* now have SSL3 add its suites onto the end */
- rv = ssl3_ConstructV2CipherSpecsHack(ss, cs, &final_count);
-
- /* adjust for any difference between first pass and second pass */
- ss->sizeCipherSpecs -= (ssl3_count - final_count) * 3;
-
- return rv;
-}
-
-/* This function is called immediately after ssl2_ConstructCipherSpecs()
-** at the beginning of a handshake. It detects cases where a protocol
-** (e.g. SSL2 or SSL3) is logically enabled, but all its cipher suites
-** for that protocol have been disabled. If such cases, it clears the
-** enable bit for the protocol. If no protocols remain enabled, or
-** if no cipher suites are found, it sets the error code and returns
-** SECFailure, otherwise it returns SECSuccess.
-*/
-static SECStatus
-ssl2_CheckConfigSanity(sslSocket *ss)
-{
- unsigned int allowed;
- int ssl3CipherCount = 0;
- SECStatus rv;
-
- /* count the SSL2 and SSL3 enabled ciphers.
- * if either is zero, clear the socket's enable for that protocol.
- */
- if (!ss->cipherSpecs)
- goto disabled;
-
- allowed = ss->allowedByPolicy & ss->chosenPreference;
- if (! allowed)
- ss->enableSSL2 = PR_FALSE; /* not really enabled if no ciphers */
-
- /* ssl3_config_match_init was called in ssl2_ConstructCipherSpecs(). */
- /* Ask how many ssl3 CipherSuites were enabled. */
- rv = ssl3_ConstructV2CipherSpecsHack(ss, NULL, &ssl3CipherCount);
- if (rv != SECSuccess || ssl3CipherCount <= 0) {
- ss->enableSSL3 = PR_FALSE; /* not really enabled if no ciphers */
- ss->enableTLS = PR_FALSE;
- }
-
- if (!ss->enableSSL2 && !ss->enableSSL3 && !ss->enableTLS) {
- SSL_DBG(("%d: SSL[%d]: Can't handshake! both v2 and v3 disabled.",
- SSL_GETPID(), ss->fd));
-disabled:
- PORT_SetError(SSL_ERROR_SSL_DISABLED);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * Since this is a global (not per-socket) setting, we cannot use the
- * HandshakeLock to protect this. Probably want a global lock.
- */
-SECStatus
-ssl2_SetPolicy(PRInt32 which, PRInt32 policy)
-{
- PRUint32 bitMask;
- SECStatus rv = SECSuccess;
-
- which &= 0x000f;
- bitMask = 1 << which;
-
- if (!(bitMask & SSL_CB_IMPLEMENTED)) {
- PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
- return SECFailure;
- }
-
- if (policy == SSL_ALLOWED) {
- allowedByPolicy |= bitMask;
- maybeAllowedByPolicy |= bitMask;
- } else if (policy == SSL_RESTRICTED) {
- allowedByPolicy &= ~bitMask;
- maybeAllowedByPolicy |= bitMask;
- } else {
- allowedByPolicy &= ~bitMask;
- maybeAllowedByPolicy &= ~bitMask;
- }
- allowedByPolicy &= SSL_CB_IMPLEMENTED;
- maybeAllowedByPolicy &= SSL_CB_IMPLEMENTED;
-
- policyWasSet = PR_TRUE;
- return rv;
-}
-
-SECStatus
-ssl2_GetPolicy(PRInt32 which, PRInt32 *oPolicy)
-{
- PRUint32 bitMask;
- PRInt32 policy;
-
- which &= 0x000f;
- bitMask = 1 << which;
-
- /* Caller assures oPolicy is not null. */
- if (!(bitMask & SSL_CB_IMPLEMENTED)) {
- PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
- *oPolicy = SSL_NOT_ALLOWED;
- return SECFailure;
- }
-
- if (maybeAllowedByPolicy & bitMask) {
- policy = (allowedByPolicy & bitMask) ? SSL_ALLOWED : SSL_RESTRICTED;
- } else {
- policy = SSL_NOT_ALLOWED;
- }
-
- *oPolicy = policy;
- return SECSuccess;
-}
-
-/*
- * Since this is a global (not per-socket) setting, we cannot use the
- * HandshakeLock to protect this. Probably want a global lock.
- * Called from SSL_CipherPrefSetDefault in sslsock.c
- * These changes have no effect on any sslSockets already created.
- */
-SECStatus
-ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
-{
- PRUint32 bitMask;
-
- which &= 0x000f;
- bitMask = 1 << which;
-
- if (!(bitMask & SSL_CB_IMPLEMENTED)) {
- PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
- return SECFailure;
- }
-
- if (enabled)
- chosenPreference |= bitMask;
- else
- chosenPreference &= ~bitMask;
- chosenPreference &= SSL_CB_IMPLEMENTED;
-
- return SECSuccess;
-}
-
-SECStatus
-ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
-{
- PRBool rv = PR_FALSE;
- PRUint32 bitMask;
-
- which &= 0x000f;
- bitMask = 1 << which;
-
- if (!(bitMask & SSL_CB_IMPLEMENTED)) {
- PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
- *enabled = PR_FALSE;
- return SECFailure;
- }
-
- rv = (PRBool)((chosenPreference & bitMask) != 0);
- *enabled = rv;
- return SECSuccess;
-}
-
-SECStatus
-ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled)
-{
- PRUint32 bitMask;
-
- which &= 0x000f;
- bitMask = 1 << which;
-
- if (!(bitMask & SSL_CB_IMPLEMENTED)) {
- PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
- return SECFailure;
- }
-
- if (enabled)
- ss->chosenPreference |= bitMask;
- else
- ss->chosenPreference &= ~bitMask;
- ss->chosenPreference &= SSL_CB_IMPLEMENTED;
-
- return SECSuccess;
-}
-
-SECStatus
-ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled)
-{
- PRBool rv = PR_FALSE;
- PRUint32 bitMask;
-
- which &= 0x000f;
- bitMask = 1 << which;
-
- if (!(bitMask & SSL_CB_IMPLEMENTED)) {
- PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
- *enabled = PR_FALSE;
- return SECFailure;
- }
-
- rv = (PRBool)((ss->chosenPreference & bitMask) != 0);
- *enabled = rv;
- return SECSuccess;
-}
-
-
-/* copy global default policy into socket. */
-void
-ssl2_InitSocketPolicy(sslSocket *ss)
-{
- ss->allowedByPolicy = allowedByPolicy;
- ss->maybeAllowedByPolicy = maybeAllowedByPolicy;
- ss->chosenPreference = chosenPreference;
-}
-
-
-/************************************************************************/
-
-/* Called from ssl2_CreateSessionCypher(), which already holds handshake lock.
- */
-static SECStatus
-ssl2_CreateMAC(sslSecurityInfo *sec, SECItem *readKey, SECItem *writeKey,
- int cipherChoice)
-{
- switch (cipherChoice) {
-
- case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
- case SSL_CK_RC2_128_CBC_WITH_MD5:
- case SSL_CK_RC4_128_EXPORT40_WITH_MD5:
- case SSL_CK_RC4_128_WITH_MD5:
- case SSL_CK_DES_64_CBC_WITH_MD5:
- case SSL_CK_DES_192_EDE3_CBC_WITH_MD5:
- sec->hash = &SECHashObjects[HASH_AlgMD5];
- SECITEM_CopyItem(0, &sec->sendSecret, writeKey);
- SECITEM_CopyItem(0, &sec->rcvSecret, readKey);
- break;
-
- default:
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
- return SECFailure;
- }
- sec->hashcx = (*sec->hash->create)();
- if (sec->hashcx == NULL)
- return SECFailure;
- return SECSuccess;
-}
-
-/************************************************************************
- * All the Send functions below must acquire and release the socket's
- * xmitBufLock.
- */
-
-/* Called from all the Send* functions below. */
-static SECStatus
-ssl2_GetSendBuffer(sslSocket *ss, unsigned int len)
-{
- sslConnectInfo *ci;
- SECStatus rv = SECSuccess;
-
- PORT_Assert((ss->sec != 0));
-
- PORT_Assert(ssl_HaveXmitBufLock(ss));
-
- ci = &ss->sec->ci;
-
- if (len < 128) {
- len = 128;
- }
- if (len > ci->sendBuf.space) {
- rv = sslBuffer_Grow(&ci->sendBuf, len);
- if (rv != SECSuccess) {
- SSL_DBG(("%d: SSL[%d]: ssl2_GetSendBuffer failed, tried to get %d bytes",
- SSL_GETPID(), ss->fd, len));
- rv = SECFailure;
- }
- }
- return rv;
-}
-
-/* Called from:
- * ssl2_ClientSetupSessionCypher() <- ssl2_HandleServerHelloMessage()
- * ssl2_HandleRequestCertificate() <- ssl2_HandleMessage() <-
- ssl_Do1stHandshake()
- * ssl2_HandleMessage() <- ssl_Do1stHandshake()
- * ssl2_HandleServerHelloMessage() <- ssl_Do1stHandshake()
- after ssl2_BeginClientHandshake()
- * ssl2_RestartHandshakeAfterCertReq() <- Called from certdlgs.c in nav.
- * ssl2_HandleClientHelloMessage() <- ssl_Do1stHandshake()
- after ssl2_BeginServerHandshake()
- *
- * Acquires and releases the socket's xmitBufLock.
- */
-int
-ssl2_SendErrorMessage(sslSocket *ss, int error)
-{
- sslSecurityInfo *sec;
- int rv;
- PRUint8 msg[SSL_HL_ERROR_HBYTES];
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- msg[0] = SSL_MT_ERROR;
- msg[1] = MSB(error);
- msg[2] = LSB(error);
-
- ssl_GetXmitBufLock(ss); /***************************************/
- sec = ss->sec;
-
- SSL_TRC(3, ("%d: SSL[%d]: sending error %d", SSL_GETPID(), ss->fd, error));
-
- rv = (*sec->send)(ss, msg, sizeof(msg), 0);
- if (rv >= 0) {
- rv = SECSuccess;
- }
- ssl_ReleaseXmitBufLock(ss); /***************************************/
- return rv;
-}
-
-/* Called from ssl2_TryToFinish().
- * Acquires and releases the socket's xmitBufLock.
- */
-static SECStatus
-ssl2_SendClientFinishedMessage(sslSocket *ss)
-{
- sslSecurityInfo *sec;
- sslConnectInfo * ci;
- SECStatus rv = SECSuccess;
- int sent;
- PRUint8 msg[1 + SSL_CONNECTIONID_BYTES];
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- ssl_GetXmitBufLock(ss); /***************************************/
- sec = ss->sec;
- ci = &sec->ci;
-
- if (ci->sentFinished == 0) {
- ci->sentFinished = 1;
-
- SSL_TRC(3, ("%d: SSL[%d]: sending client-finished",
- SSL_GETPID(), ss->fd));
-
- msg[0] = SSL_MT_CLIENT_FINISHED;
- PORT_Memcpy(msg+1, ci->connectionID, sizeof(ci->connectionID));
-
- DUMP_MSG(29, (ss, msg, 1 + sizeof(ci->connectionID)));
- sent = (*sec->send)(ss, msg, 1 + sizeof(ci->connectionID), 0);
- rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
- }
- ssl_ReleaseXmitBufLock(ss); /***************************************/
- return rv;
-}
-
-/* Called from
- * ssl2_HandleClientSessionKeyMessage() <- ssl2_HandleClientHelloMessage()
- * ssl2_HandleClientHelloMessage() <- ssl_Do1stHandshake()
- after ssl2_BeginServerHandshake()
- * Acquires and releases the socket's xmitBufLock.
- */
-static SECStatus
-ssl2_SendServerVerifyMessage(sslSocket *ss)
-{
- sslSecurityInfo *sec;
- sslConnectInfo * ci;
- PRUint8 * msg;
- int sendLen;
- int sent;
- SECStatus rv;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- ssl_GetXmitBufLock(ss); /***************************************/
- sec = ss->sec;
- ci = &sec->ci;
-
- sendLen = 1 + SSL_CHALLENGE_BYTES;
- rv = ssl2_GetSendBuffer(ss, sendLen);
- if (rv != SECSuccess) {
- goto done;
- }
-
- msg = ci->sendBuf.buf;
- msg[0] = SSL_MT_SERVER_VERIFY;
- PORT_Memcpy(msg+1, ci->clientChallenge, SSL_CHALLENGE_BYTES);
-
- DUMP_MSG(29, (ss, msg, sendLen));
- sent = (*sec->send)(ss, msg, sendLen, 0);
-
- rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
-
-done:
- ssl_ReleaseXmitBufLock(ss); /***************************************/
- return rv;
-}
-
-/* Called from ssl2_TryToFinish().
- * Acquires and releases the socket's xmitBufLock.
- */
-static SECStatus
-ssl2_SendServerFinishedMessage(sslSocket *ss)
-{
- sslSecurityInfo *sec;
- sslConnectInfo * ci;
- sslSessionID * sid;
- PRUint8 * msg;
- int sendLen, sent;
- SECStatus rv = SECSuccess;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- ssl_GetXmitBufLock(ss); /***************************************/
- sec = ss->sec;
- ci = &sec->ci;
-
- if (ci->sentFinished == 0) {
- ci->sentFinished = 1;
- PORT_Assert(ci->sid != 0);
- sid = ci->sid;
-
- SSL_TRC(3, ("%d: SSL[%d]: sending server-finished",
- SSL_GETPID(), ss->fd));
-
- sendLen = 1 + sizeof(sid->u.ssl2.sessionID);
- rv = ssl2_GetSendBuffer(ss, sendLen);
- if (rv != SECSuccess) {
- goto done;
- }
-
- msg = ci->sendBuf.buf;
- msg[0] = SSL_MT_SERVER_FINISHED;
- PORT_Memcpy(msg+1, sid->u.ssl2.sessionID,
- sizeof(sid->u.ssl2.sessionID));
-
- DUMP_MSG(29, (ss, msg, sendLen));
- sent = (*sec->send)(ss, msg, sendLen, 0);
-
- if (sent < 0) {
- /* If send failed, it is now a bogus session-id */
- (*sec->uncache)(sid);
- rv = (SECStatus)sent;
- } else if (!ss->noCache) {
- /* Put the sid in session-id cache, (may already be there) */
- (*sec->cache)(sid);
- rv = SECSuccess;
- }
- ssl_FreeSID(sid);
- ci->sid = 0;
- }
-done:
- ssl_ReleaseXmitBufLock(ss); /***************************************/
- return rv;
-}
-
-/* Called from ssl2_ClientSetupSessionCypher() <-
- * ssl2_HandleServerHelloMessage()
- * after ssl2_BeginClientHandshake()
- * Acquires and releases the socket's xmitBufLock.
- */
-static SECStatus
-ssl2_SendSessionKeyMessage(sslSocket *ss, int cipher, int keySize,
- PRUint8 *ca, int caLen,
- PRUint8 *ck, int ckLen,
- PRUint8 *ek, int ekLen)
-{
- sslSecurityInfo *sec;
- PRUint8 * msg;
- int sendLen;
- int sent;
- SECStatus rv;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- ssl_GetXmitBufLock(ss); /***************************************/
- sec = ss->sec;
-
- sendLen = SSL_HL_CLIENT_MASTER_KEY_HBYTES + ckLen + ekLen + caLen;
- rv = ssl2_GetSendBuffer(ss, sendLen);
- if (rv != SECSuccess)
- goto done;
-
- SSL_TRC(3, ("%d: SSL[%d]: sending client-session-key",
- SSL_GETPID(), ss->fd));
-
- msg = sec->ci.sendBuf.buf;
- msg[0] = SSL_MT_CLIENT_MASTER_KEY;
- msg[1] = cipher;
- msg[2] = MSB(keySize);
- msg[3] = LSB(keySize);
- msg[4] = MSB(ckLen);
- msg[5] = LSB(ckLen);
- msg[6] = MSB(ekLen);
- msg[7] = LSB(ekLen);
- msg[8] = MSB(caLen);
- msg[9] = LSB(caLen);
- PORT_Memcpy(msg+SSL_HL_CLIENT_MASTER_KEY_HBYTES, ck, ckLen);
- PORT_Memcpy(msg+SSL_HL_CLIENT_MASTER_KEY_HBYTES+ckLen, ek, ekLen);
- PORT_Memcpy(msg+SSL_HL_CLIENT_MASTER_KEY_HBYTES+ckLen+ekLen, ca, caLen);
-
- DUMP_MSG(29, (ss, msg, sendLen));
- sent = (*sec->send)(ss, msg, sendLen, 0);
- rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
-done:
- ssl_ReleaseXmitBufLock(ss); /***************************************/
- return rv;
-}
-
-/* Called from ssl2_TriggerNextMessage() <- ssl2_HandleMessage()
- * Acquires and releases the socket's xmitBufLock.
- */
-static SECStatus
-ssl2_SendCertificateRequestMessage(sslSocket *ss)
-{
- sslSecurityInfo *sec;
- sslConnectInfo * ci;
- PRUint8 * msg;
- int sent;
- int sendLen;
- SECStatus rv;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- ssl_GetXmitBufLock(ss); /***************************************/
- sec = ss->sec;
- ci = &sec->ci;
-
- sendLen = SSL_HL_REQUEST_CERTIFICATE_HBYTES + SSL_CHALLENGE_BYTES;
- rv = ssl2_GetSendBuffer(ss, sendLen);
- if (rv != SECSuccess)
- goto done;
-
- SSL_TRC(3, ("%d: SSL[%d]: sending certificate request",
- SSL_GETPID(), ss->fd));
-
- /* Generate random challenge for client to encrypt */
- PK11_GenerateRandom(ci->serverChallenge, SSL_CHALLENGE_BYTES);
-
- msg = ci->sendBuf.buf;
- msg[0] = SSL_MT_REQUEST_CERTIFICATE;
- msg[1] = SSL_AT_MD5_WITH_RSA_ENCRYPTION;
- PORT_Memcpy(msg + SSL_HL_REQUEST_CERTIFICATE_HBYTES, ci->serverChallenge,
- SSL_CHALLENGE_BYTES);
-
- DUMP_MSG(29, (ss, msg, sendLen));
- sent = (*sec->send)(ss, msg, sendLen, 0);
- rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
-done:
- ssl_ReleaseXmitBufLock(ss); /***************************************/
- return rv;
-}
-
-/* Called from ssl2_HandleRequestCertificate() <- ssl2_HandleMessage()
- * ssl2_RestartHandshakeAfterCertReq() <- (application)
- * Acquires and releases the socket's xmitBufLock.
- */
-static int
-ssl2_SendCertificateResponseMessage(sslSocket *ss, SECItem *cert,
- SECItem *encCode)
-{
- sslSecurityInfo *sec;
- PRUint8 *msg;
- int rv, sendLen;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- ssl_GetXmitBufLock(ss); /***************************************/
- sec = ss->sec;
-
- sendLen = SSL_HL_CLIENT_CERTIFICATE_HBYTES + encCode->len + cert->len;
- rv = ssl2_GetSendBuffer(ss, sendLen);
- if (rv)
- goto done;
-
- SSL_TRC(3, ("%d: SSL[%d]: sending certificate response",
- SSL_GETPID(), ss->fd));
-
- msg = sec->ci.sendBuf.buf;
- msg[0] = SSL_MT_CLIENT_CERTIFICATE;
- msg[1] = SSL_CT_X509_CERTIFICATE;
- msg[2] = MSB(cert->len);
- msg[3] = LSB(cert->len);
- msg[4] = MSB(encCode->len);
- msg[5] = LSB(encCode->len);
- PORT_Memcpy(msg + SSL_HL_CLIENT_CERTIFICATE_HBYTES, cert->data, cert->len);
- PORT_Memcpy(msg + SSL_HL_CLIENT_CERTIFICATE_HBYTES + cert->len,
- encCode->data, encCode->len);
-
- DUMP_MSG(29, (ss, msg, sendLen));
- rv = (*sec->send)(ss, msg, sendLen, 0);
- if (rv >= 0) {
- rv = SECSuccess;
- }
-done:
- ssl_ReleaseXmitBufLock(ss); /***************************************/
- return rv;
-}
-
-/********************************************************************
-** Send functions above this line must aquire & release the socket's
-** xmitBufLock.
-** All the ssl2_Send functions below this line are called vis ss->sec->send
-** and require that the caller hold the xmitBufLock.
-*/
-
-/*
-** Called from ssl2_SendStream, ssl2_SendBlock, but not from ssl2_SendClear.
-*/
-static SECStatus
-ssl2_CalcMAC(PRUint8 * result,
- sslSecurityInfo * sec,
- const PRUint8 * data,
- unsigned int dataLen,
- unsigned int paddingLen)
-{
- const PRUint8 * secret = sec->sendSecret.data;
- unsigned int secretLen = sec->sendSecret.len;
- unsigned long sequenceNumber = sec->sendSequence;
- unsigned int nout;
- PRUint8 seq[4];
- PRUint8 padding[32];/* XXX max blocksize? */
-
- if (!sec->hash || !sec->hash->length)
- return SECSuccess;
- if (!sec->hashcx)
- return SECFailure;
-
- /* Reset hash function */
- (*sec->hash->begin)(sec->hashcx);
-
- /* Feed hash the data */
- (*sec->hash->update)(sec->hashcx, secret, secretLen);
- (*sec->hash->update)(sec->hashcx, data, dataLen);
- PORT_Memset(padding, paddingLen, paddingLen);
- (*sec->hash->update)(sec->hashcx, padding, paddingLen);
-
- seq[0] = (PRUint8) (sequenceNumber >> 24);
- seq[1] = (PRUint8) (sequenceNumber >> 16);
- seq[2] = (PRUint8) (sequenceNumber >> 8);
- seq[3] = (PRUint8) (sequenceNumber);
-
- PRINT_BUF(60, (0, "calc-mac secret:", secret, secretLen));
- PRINT_BUF(60, (0, "calc-mac data:", data, dataLen));
- PRINT_BUF(60, (0, "calc-mac padding:", padding, paddingLen));
- PRINT_BUF(60, (0, "calc-mac seq:", seq, 4));
-
- (*sec->hash->update)(sec->hashcx, seq, 4);
-
- /* Get result */
- (*sec->hash->end)(sec->hashcx, result, &nout, sec->hash->length);
-
- return SECSuccess;
-}
-
-/*
-** Maximum transmission amounts. These are tiny bit smaller than they
-** need to be (they account for the MAC length plus some padding),
-** assuming the MAC is 16 bytes long and the padding is a max of 7 bytes
-** long. This gives an additional 9 bytes of slop to work within.
-*/
-#define MAX_STREAM_CYPHER_LEN 0x7fe0
-#define MAX_BLOCK_CYPHER_LEN 0x3fe0
-
-/*
-** Send some data in the clear.
-** Package up data with the length header and send it.
-**
-** Return count of bytes succesfully written, or negative number (failure).
-*/
-static PRInt32
-ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
-{
- sslSecurityInfo * sec = ss->sec;
- PRUint8 * out;
- int rv;
- int amount;
- int count = 0;
-
- PORT_Assert(sec != 0);
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
-
- SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes in the clear",
- SSL_GETPID(), ss->fd, len));
- PRINT_BUF(50, (ss, "clear data:", (PRUint8*) in, len));
-
- while (len) {
- amount = PR_MIN( len, MAX_STREAM_CYPHER_LEN );
- if (amount + 2 > sec->writeBuf.space) {
- rv = sslBuffer_Grow(&sec->writeBuf, amount + 2);
- if (rv != SECSuccess) {
- count = rv;
- break;
- }
- }
- out = sec->writeBuf.buf;
-
- /*
- ** Construct message.
- */
- out[0] = 0x80 | MSB(amount);
- out[1] = LSB(amount);
- PORT_Memcpy(&out[2], in, amount);
-
- /* Now send the data */
- rv = ssl_DefSend(ss, out, amount + 2, flags & ~ssl_SEND_FLAG_MASK);
- if (rv < 0) {
- if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
- rv = 0;
- } else {
- /* Return short write if some data already went out... */
- if (count == 0)
- count = rv;
- break;
- }
- }
-
- if ((unsigned)rv < (amount + 2)) {
- /* Short write. Save the data and return. */
- if (ssl_SaveWriteData(ss, &ss->pendingBuf, out + rv,
- amount + 2 - rv) == SECFailure) {
- count = SECFailure;
- } else {
- count += amount;
- sec->sendSequence++;
- }
- break;
- }
-
- sec->sendSequence++;
- in += amount;
- count += amount;
- len -= amount;
- }
-
- return count;
-}
-
-/*
-** Send some data, when using a stream cipher. Stream ciphers have a
-** block size of 1. Package up the data with the length header
-** and send it.
-*/
-static PRInt32
-ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
-{
- sslSecurityInfo *sec = ss->sec;
- PRUint8 * out;
- int rv;
- int count = 0;
-
- int amount;
- PRUint8 macLen;
- int nout;
- int buflen;
-
- PORT_Assert(sec != 0);
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
-
- SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes using stream cipher",
- SSL_GETPID(), ss->fd, len));
- PRINT_BUF(50, (ss, "clear data:", (PRUint8*) in, len));
-
- while (len) {
- ssl_GetSpecReadLock(ss); /*************************************/
-
- macLen = sec->hash->length;
- amount = PR_MIN( len, MAX_STREAM_CYPHER_LEN );
- buflen = amount + 2 + macLen;
- if (buflen > sec->writeBuf.space) {
- rv = sslBuffer_Grow(&sec->writeBuf, buflen);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- out = sec->writeBuf.buf;
- nout = amount + macLen;
- out[0] = 0x80 | MSB(nout);
- out[1] = LSB(nout);
-
- /* Calculate MAC */
- rv = ssl2_CalcMAC(out+2, /* put MAC here */
- sec,
- in, amount, /* input addr & length */
- 0); /* no padding */
- if (rv != SECSuccess)
- goto loser;
-
- /* Encrypt MAC */
- rv = (*sec->enc)(sec->writecx, out+2, &nout, macLen, out+2, macLen);
- if (rv) goto loser;
-
- /* Encrypt data from caller */
- rv = (*sec->enc)(sec->writecx, out+2+macLen, &nout, amount, in, amount);
- if (rv) goto loser;
-
- ssl_ReleaseSpecReadLock(ss); /*************************************/
-
- PRINT_BUF(50, (ss, "encrypted data:", out, buflen));
-
- rv = ssl_DefSend(ss, out, buflen, flags & ~ssl_SEND_FLAG_MASK);
- if (rv < 0) {
- if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
- SSL_TRC(50, ("%d: SSL[%d]: send stream would block, "
- "saving data", SSL_GETPID(), ss->fd));
- rv = 0;
- } else {
- SSL_TRC(10, ("%d: SSL[%d]: send stream error %d",
- SSL_GETPID(), ss->fd, PORT_GetError()));
- /* Return short write if some data already went out... */
- if (count == 0)
- count = rv;
- goto done;
- }
- }
-
- if ((unsigned)rv < buflen) {
- /* Short write. Save the data and return. */
- if (ssl_SaveWriteData(ss, &ss->pendingBuf, out + rv,
- buflen - rv) == SECFailure) {
- count = SECFailure;
- } else {
- count += amount;
- sec->sendSequence++;
- }
- goto done;
- }
-
- sec->sendSequence++;
- in += amount;
- count += amount;
- len -= amount;
- }
-
-done:
- return count;
-
-loser:
- ssl_ReleaseSpecReadLock(ss);
- return SECFailure;
-}
-
-/*
-** Send some data, when using a block cipher. Package up the data with
-** the length header and send it.
-*/
-/* XXX assumes blocksize is > 7 */
-static PRInt32
-ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
-{
- sslSecurityInfo *sec = ss->sec;
- PRUint8 * out; /* begining of output buffer. */
- PRUint8 * op; /* next output byte goes here. */
- int rv; /* value from funcs we called. */
- int count = 0; /* this function's return value. */
-
- unsigned int hlen; /* output record hdr len, 2 or 3 */
- unsigned int macLen; /* MAC is this many bytes long. */
- int amount; /* of plaintext to go in record. */
- unsigned int padding; /* add this many padding byte. */
- int nout; /* ciphertext size after header. */
- int buflen; /* size of generated record. */
-
- PORT_Assert(sec != 0);
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
-
- SSL_TRC(10, ("%d: SSL[%d]: sending %d bytes using block cipher",
- SSL_GETPID(), ss->fd, len));
- PRINT_BUF(50, (ss, "clear data:", in, len));
-
- while (len) {
- ssl_GetSpecReadLock(ss); /*************************************/
-
- macLen = sec->hash->length;
- /* Figure out how much to send, including mac and padding */
- amount = PR_MIN( len, MAX_BLOCK_CYPHER_LEN );
- nout = amount + macLen;
- padding = nout & (sec->blockSize - 1);
- if (padding) {
- hlen = 3;
- padding = sec->blockSize - padding;
- nout += padding;
- } else {
- hlen = 2;
- }
- buflen = hlen + nout;
- if (buflen > sec->writeBuf.space) {
- rv = sslBuffer_Grow(&sec->writeBuf, buflen);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- out = sec->writeBuf.buf;
-
- /* Construct header */
- op = out;
- if (padding) {
- *op++ = MSB(nout);
- *op++ = LSB(nout);
- *op++ = padding;
- } else {
- *op++ = 0x80 | MSB(nout);
- *op++ = LSB(nout);
- }
-
- /* Calculate MAC */
- rv = ssl2_CalcMAC(op, /* MAC goes here. */
- sec,
- in, amount, /* intput addr, len */
- padding);
- if (rv != SECSuccess)
- goto loser;
- op += macLen;
-
- /* Copy in the input data */
- /* XXX could eliminate the copy by folding it into the encryption */
- PORT_Memcpy(op, in, amount);
- op += amount;
- if (padding) {
- PORT_Memset(op, padding, padding);
- op += padding;
- }
-
- /* Encrypt result */
- rv = (*sec->enc)(sec->writecx, out+hlen, &nout, buflen-hlen,
- out+hlen, op - (out + hlen));
- if (rv)
- goto loser;
-
- ssl_ReleaseSpecReadLock(ss); /*************************************/
-
- PRINT_BUF(50, (ss, "final xmit data:", out, op - out));
-
- rv = ssl_DefSend(ss, out, op - out, flags & ~ssl_SEND_FLAG_MASK);
- if (rv < 0) {
- if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
- rv = 0;
- } else {
- SSL_TRC(10, ("%d: SSL[%d]: send block error %d",
- SSL_GETPID(), ss->fd, PORT_GetError()));
- /* Return short write if some data already went out... */
- if (count == 0)
- count = rv;
- goto done;
- }
- }
-
- if (rv < (op - out)) {
- /* Short write. Save the data and return. */
- if (ssl_SaveWriteData(ss, &ss->pendingBuf, out + rv,
- op - out - rv) == SECFailure) {
- count = SECFailure;
- } else {
- count += amount;
- sec->sendSequence++;
- }
- goto done;
- }
-
- sec->sendSequence++;
- in += amount;
- count += amount;
- len -= amount;
- }
-
-done:
- return count;
-
-loser:
- ssl_ReleaseSpecReadLock(ss);
- return SECFailure;
-}
-
-/*
-** Called from: ssl2_HandleServerHelloMessage,
-** ssl2_HandleClientSessionKeyMessage,
-** ssl2_RestartHandshakeAfterServerCert,
-** ssl2_HandleClientHelloMessage,
-**
-*/
-static void
-ssl2_UseEncryptedSendFunc(sslSocket *ss)
-{
- sslSecurityInfo *sec;
-
- ssl_GetXmitBufLock(ss);
- PORT_Assert(ss->sec != 0);
- sec = ss->sec;
- PORT_Assert(sec->hashcx != 0);
-
- ss->gather->encrypted = 1;
- sec->send = (sec->blockSize > 1) ? ssl2_SendBlock : ssl2_SendStream;
- ssl_ReleaseXmitBufLock(ss);
-}
-
-/* Called while initializing socket in ssl_CreateSecurityInfo().
-** This function allows us to keep the name of ssl2_SendClear static.
-*/
-void
-ssl2_UseClearSendFunc(sslSocket *ss)
-{
- ss->sec->send = ssl2_SendClear;
-}
-
-/************************************************************************
-** END of Send functions. *
-*************************************************************************/
-
-/***********************************************************************
- * For SSL3, this gathers in and handles records/messages until either
- * the handshake is complete or application data is available.
- *
- * For SSL2, this gathers in only the next SSLV2 record.
- *
- * Called from ssl_Do1stHandshake() via function pointer ss->handshake.
- * Caller must hold handshake lock.
- * This function acquires and releases the RecvBufLock.
- *
- * returns SECSuccess for success.
- * returns SECWouldBlock when that value is returned by ssl2_GatherRecord() or
- * ssl3_GatherCompleteHandshake().
- * returns SECFailure on all other errors.
- *
- * The gather functions called by ssl_GatherRecord1stHandshake are expected
- * to return values interpreted as follows:
- * 1 : the function completed without error.
- * 0 : the function read EOF.
- * -1 : read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
- * -2 : the function wants ssl_GatherRecord1stHandshake to be called again
- * immediately, by ssl_Do1stHandshake.
- *
- * This code is similar to, and easily confused with, DoRecv() in sslsecur.c
- *
- * This function is called from ssl_Do1stHandshake().
- * The following functions put ssl_GatherRecord1stHandshake into ss->handshake:
- * ssl2_HandleMessage
- * ssl2_HandleVerifyMessage
- * ssl2_HandleServerHelloMessage
- * ssl2_BeginClientHandshake
- * ssl2_HandleClientSessionKeyMessage
- * ssl2_RestartHandshakeAfterCertReq
- * ssl3_RestartHandshakeAfterCertReq
- * ssl2_RestartHandshakeAfterServerCert
- * ssl3_RestartHandshakeAfterServerCert
- * ssl2_HandleClientHelloMessage
- * ssl2_BeginServerHandshake
- */
-SECStatus
-ssl_GatherRecord1stHandshake(sslSocket *ss)
-{
- int rv;
-
- PORT_Assert((ss->sec != 0) && (ss->gather != 0));
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
-
- ssl_GetRecvBufLock(ss);
-
- if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
- /* Wait for handshake to complete, or application data to arrive. */
- rv = ssl3_GatherCompleteHandshake(ss, 0);
- } else {
- /* See if we have a complete record */
- rv = ssl2_GatherRecord(ss, 0);
- }
- SSL_TRC(10, ("%d: SSL[%d]: handshake gathering, rv=%d",
- SSL_GETPID(), ss->fd, rv));
-
- ssl_ReleaseRecvBufLock(ss);
-
- if (rv <= 0) {
- if (rv == SECWouldBlock) {
- /* Progress is blocked waiting for callback completion. */
- SSL_TRC(10, ("%d: SSL[%d]: handshake blocked (need %d)",
- SSL_GETPID(), ss->fd, ss->gather->remainder));
- return SECWouldBlock;
- }
- if (rv == 0) {
- /* EOF. Loser */
- PORT_SetError(PR_END_OF_FILE_ERROR);
- }
- return SECFailure; /* rv is < 0 here. */
- }
-
- SSL_TRC(10, ("%d: SSL[%d]: got handshake record of %d bytes",
- SSL_GETPID(), ss->fd, ss->gather->recordLen));
-
- ss->handshake = 0; /* makes ssl_Do1stHandshake call ss->nextHandshake.*/
- return SECSuccess;
-}
-
-/************************************************************************/
-
-/* Called from ssl2_ServerSetupSessionCypher()
- * ssl2_ClientSetupSessionCypher()
- */
-static SECStatus
-ssl2_FillInSID(sslSessionID * sid,
- int cipher,
- PRUint8 *keyData,
- int keyLen,
- PRUint8 *ca,
- int caLen,
- int keyBits,
- int secretKeyBits)
-{
- PORT_Assert(sid->references == 1);
- PORT_Assert(sid->cached == never_cached);
- PORT_Assert(sid->u.ssl2.masterKey.data == 0);
- PORT_Assert(sid->u.ssl2.cipherArg.data == 0);
-
- sid->version = SSL_LIBRARY_VERSION_2;
-
- sid->u.ssl2.cipherType = cipher;
- sid->u.ssl2.masterKey.data = (PRUint8*) PORT_Alloc(keyLen);
- if (!sid->u.ssl2.masterKey.data) {
- return SECFailure;
- }
- PORT_Memcpy(sid->u.ssl2.masterKey.data, keyData, keyLen);
- sid->u.ssl2.masterKey.len = keyLen;
- sid->u.ssl2.keyBits = keyBits;
- sid->u.ssl2.secretKeyBits = secretKeyBits;
-
- if (caLen) {
- sid->u.ssl2.cipherArg.data = (PRUint8*) PORT_Alloc(caLen);
- if (!sid->u.ssl2.cipherArg.data) {
- return SECFailure;
- }
- sid->u.ssl2.cipherArg.len = caLen;
- PORT_Memcpy(sid->u.ssl2.cipherArg.data, ca, caLen);
- }
- return SECSuccess;
-}
-
-/*
-** Construct session keys given the masterKey (tied to the session-id),
-** the client's challenge and the server's nonce.
-**
-** Called from ssl2_CreateSessionCypher() <-
-*/
-static SECStatus
-ssl2_ProduceKeys(sslSocket * ss,
- SECItem * readKey,
- SECItem * writeKey,
- SECItem * masterKey,
- PRUint8 * challenge,
- PRUint8 * nonce,
- int cipherType)
-{
- PK11Context * cx = 0;
- unsigned nkm = 0; /* number of hashes to generate key mat. */
- unsigned nkd = 0; /* size of readKey and writeKey. */
- unsigned part;
- unsigned i;
- unsigned off;
- SECStatus rv;
- PRUint8 countChar;
- PRUint8 km[3*16]; /* buffer for key material. */
-
- readKey->data = 0;
- writeKey->data = 0;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- rv = SECSuccess;
- cx = PK11_CreateDigestContext(SEC_OID_MD5);
- if (cx == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- return SECFailure;
- }
-
- nkm = ssl_Specs[cipherType].nkm;
- nkd = ssl_Specs[cipherType].nkd;
-
- readKey->data = (PRUint8*) PORT_Alloc(nkd);
- if (!readKey->data)
- goto loser;
- readKey->len = nkd;
-
- writeKey->data = (PRUint8*) PORT_Alloc(nkd);
- if (!writeKey->data)
- goto loser;
- writeKey->len = nkd;
-
- /* Produce key material */
- countChar = '0';
- for (i = 0, off = 0; i < nkm; i++, off += 16) {
- rv = PK11_DigestBegin(cx);
- rv |= PK11_DigestOp(cx, masterKey->data, masterKey->len);
- rv |= PK11_DigestOp(cx, &countChar, 1);
- rv |= PK11_DigestOp(cx, challenge, SSL_CHALLENGE_BYTES);
- rv |= PK11_DigestOp(cx, nonce, SSL_CONNECTIONID_BYTES);
- rv |= PK11_DigestFinal(cx, km+off, &part, MD5_LENGTH);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- rv = SECFailure;
- goto loser;
- }
- countChar++;
- }
-
- /* Produce keys */
- PORT_Memcpy(readKey->data, km, nkd);
- PORT_Memcpy(writeKey->data, km + nkd, nkd);
-
-loser:
- PK11_DestroyContext(cx, PR_TRUE);
- return rv;
-}
-
-/* Called from ssl2_ServerSetupSessionCypher() <- ssl2_HandleClientSessionKeyMessage()
- <- ssl2_HandleClientHelloMessage()
- * ssl2_ClientSetupSessionCypher() <- ssl2_HandleServerHelloMessage()
- */
-static SECStatus
-ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient)
-{
- sslSecurityInfo * sec;
- sslConnectInfo * ci;
- SECItem * rk;
- SECItem * wk;
- SECItem * param;
- SECStatus rv;
- int cipherType = sid->u.ssl2.cipherType;
- PK11SlotInfo * slot = NULL;
- CK_MECHANISM_TYPE mechanism;
- SECItem readKey;
- SECItem writeKey;
-
- void *readcx = 0;
- void *writecx = 0;
- readKey.data = 0;
- writeKey.data = 0;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
- if((ss->sec == 0) || (ss->sec->ci.sid == 0))
- goto sec_loser; /* don't crash if asserts are off */
-
- /* Trying to cut down on all these switch statements that should be tables.
- * So, test cipherType once, here, and then use tables below.
- */
- switch (cipherType) {
- case SSL_CK_RC4_128_EXPORT40_WITH_MD5:
- case SSL_CK_RC4_128_WITH_MD5:
- case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
- case SSL_CK_RC2_128_CBC_WITH_MD5:
- case SSL_CK_DES_64_CBC_WITH_MD5:
- case SSL_CK_DES_192_EDE3_CBC_WITH_MD5:
- break;
-
- default:
- SSL_DBG(("%d: SSL[%d]: ssl2_CreateSessionCypher: unknown cipher=%d",
- SSL_GETPID(), ss->fd, cipherType));
- PORT_SetError(isClient ? SSL_ERROR_BAD_SERVER : SSL_ERROR_BAD_CLIENT);
- goto loser;
- }
-
- sec = ss->sec;
- ci = &sec->ci;
- rk = isClient ? &readKey : &writeKey;
- wk = isClient ? &writeKey : &readKey;
-
- /* Produce the keys for this session */
- rv = ssl2_ProduceKeys(ss, &readKey, &writeKey, &sid->u.ssl2.masterKey,
- ci->clientChallenge, ci->connectionID,
- cipherType);
- if (rv != SECSuccess)
- goto loser;
- PRINT_BUF(7, (ss, "Session read-key: ", rk->data, rk->len));
- PRINT_BUF(7, (ss, "Session write-key: ", wk->data, wk->len));
-
- PORT_Memcpy(ci->readKey, readKey.data, readKey.len);
- PORT_Memcpy(ci->writeKey, writeKey.data, writeKey.len);
- ci->keySize = readKey.len;
-
- /* Setup the MAC */
- rv = ssl2_CreateMAC(sec, rk, wk, cipherType);
- if (rv != SECSuccess)
- goto loser;
-
- /* First create the session key object */
- SSL_TRC(3, ("%d: SSL[%d]: using %s", SSL_GETPID(), ss->fd,
- ssl_cipherName[cipherType]));
-
-
- mechanism = ssl_Specs[cipherType].mechanism;
-
- /* set destructer before we call loser... */
- sec->destroy = (void (*)(void*, PRBool)) PK11_DestroyContext;
- slot = PK11_GetBestSlot(mechanism, ss->pkcs11PinArg);
- if (slot == NULL)
- goto loser;
-
- param = PK11_ParamFromIV(mechanism, &sid->u.ssl2.cipherArg);
- if (param == NULL)
- goto loser;
- readcx = PK11_CreateContextByRawKey(slot, mechanism, PK11_OriginUnwrap,
- CKA_DECRYPT, rk, param,
- ss->pkcs11PinArg);
- SECITEM_FreeItem(param, PR_TRUE);
- if (readcx == NULL)
- goto loser;
-
- /* build the client context */
- param = PK11_ParamFromIV(mechanism, &sid->u.ssl2.cipherArg);
- if (param == NULL)
- goto loser;
- writecx = PK11_CreateContextByRawKey(slot, mechanism, PK11_OriginUnwrap,
- CKA_ENCRYPT, wk, param,
- ss->pkcs11PinArg);
- SECITEM_FreeItem(param,PR_TRUE);
- if (writecx == NULL)
- goto loser;
- PK11_FreeSlot(slot);
-
- rv = SECSuccess;
- sec->enc = (SSLCipher) PK11_CipherOp;
- sec->dec = (SSLCipher) PK11_CipherOp;
- sec->readcx = (void *) readcx;
- sec->writecx = (void *) writecx;
- sec->blockSize = ssl_Specs[cipherType].blockSize;
- sec->blockShift = ssl_Specs[cipherType].blockShift;
- sec->cipherType = sid->u.ssl2.cipherType;
- sec->keyBits = sid->u.ssl2.keyBits;
- sec->secretKeyBits = sid->u.ssl2.secretKeyBits;
- goto done;
-
- loser:
- if (sec->destroy) {
- if (readcx) (*sec->destroy)(readcx, PR_TRUE);
- if (writecx) (*sec->destroy)(writecx, PR_TRUE);
- }
- if (slot) PK11_FreeSlot(slot);
-
- sec_loser:
- rv = SECFailure;
-
- done:
- SECITEM_ZfreeItem(rk, PR_FALSE);
- SECITEM_ZfreeItem(wk, PR_FALSE);
- return rv;
-}
-
-/*
-** Setup the server ciphers given information from a CLIENT-MASTER-KEY
-** message.
-** "ss" pointer to the ssl-socket object
-** "cipher" the cipher type to use
-** "keyBits" the size of the final cipher key
-** "ck" the clear-key data
-** "ckLen" the number of bytes of clear-key data
-** "ek" the encrypted-key data
-** "ekLen" the number of bytes of encrypted-key data
-** "ca" the cipher-arg data
-** "caLen" the number of bytes of cipher-arg data
-**
-** The MASTER-KEY is constructed by first decrypting the encrypted-key
-** data. This produces the SECRET-KEY-DATA. The MASTER-KEY is composed by
-** concatenating the clear-key data with the SECRET-KEY-DATA. This code
-** checks to make sure that the client didn't send us an improper amount
-** of SECRET-KEY-DATA (it restricts the length of that data to match the
-** spec).
-**
-** Called from ssl2_HandleClientSessionKeyMessage().
-*/
-static SECStatus
-ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits,
- PRUint8 *ck, unsigned int ckLen,
- PRUint8 *ek, unsigned int ekLen,
- PRUint8 *ca, unsigned int caLen)
-{
- PRUint8 *kk;
- sslSecurityInfo * sec;
- sslSessionID * sid;
- PRUint8 * kbuf = 0; /* buffer for RSA decrypted data. */
- unsigned int el1; /* length of RSA decrypted data in kbuf */
- unsigned int keySize;
- unsigned int modulus;
- SECStatus rv;
- PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES];
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert((ss->sec != 0) && (ss->serverKey[kt_rsa] != 0));
- sec = ss->sec;
- PORT_Assert((sec->ci.sid != 0));
- sid = sec->ci.sid;
-
- keySize = (keyBits + 7) >> 3;
- /* Is the message just way too big? */
- if (keySize > SSL_MAX_MASTER_KEY_BYTES) {
- /* bummer */
- SSL_DBG(("%d: SSL[%d]: keySize=%d ckLen=%d max session key size=%d",
- SSL_GETPID(), ss->fd, keySize, ckLen,
- SSL_MAX_MASTER_KEY_BYTES));
- PORT_SetError(SSL_ERROR_BAD_CLIENT);
- goto loser;
- }
-
-
- /* Trying to cut down on all these switch statements that should be tables.
- * So, test cipherType once, here, and then use tables below.
- */
- switch (cipher) {
- case SSL_CK_RC4_128_EXPORT40_WITH_MD5:
- case SSL_CK_RC4_128_WITH_MD5:
- case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
- case SSL_CK_RC2_128_CBC_WITH_MD5:
- case SSL_CK_DES_64_CBC_WITH_MD5:
- case SSL_CK_DES_192_EDE3_CBC_WITH_MD5:
- break;
-
- default:
- SSL_DBG(("%d: SSL[%d]: ssl2_ServerSetupSessionCypher: unknown cipher=%d",
- SSL_GETPID(), ss->fd, cipher));
- PORT_SetError(SSL_ERROR_BAD_CLIENT);
- goto loser;
- }
-
- /* For export ciphers, make sure they didn't send too much key data. */
- if (ckLen != ssl_Specs[cipher].pubLen) {
- SSL_DBG(("%d: SSL[%d]: odd secret key size, keySize=%d ckLen=%d!",
- SSL_GETPID(), ss->fd, keySize, ckLen));
- /* Somebody tried to sneak by a strange secret key */
- PORT_SetError(SSL_ERROR_BAD_CLIENT);
- goto loser;
- }
-
- /* allocate the buffer to hold the decrypted portion of the key. */
- /* XXX Haven't done any range check on ekLen. */
- kbuf = (PRUint8*) PORT_Alloc(ekLen);
- if (!kbuf) {
- goto loser;
- }
-
- /*
- ** Decrypt encrypted half of the key. Note that encrypted half has
- ** been made to match the modulus size of our public key using
- ** PKCS#1. keySize is the real size of the data that is interesting.
- ** NOTE: PK11_PubDecryptRaw will barf on a non-RSA key. This is
- ** desired behavior here.
- */
- rv = PK11_PubDecryptRaw(ss->serverKey[kt_rsa], kbuf, &el1, ekLen, ek, ekLen);
- if (rv != SECSuccess)
- goto hide_loser;
-
- modulus = PK11_GetPrivateModulusLen(ss->serverKey[kt_rsa]);
- if (modulus == -1) {
- /* If the key was really bad, then PK11_pubDecryptRaw
- * would have failed, therefore the we must assume that the card
- * is just being a pain and not giving us the modulus... but it
- * should be the same size as the encrypted key length, so use it
- * and keep cranking */
- modulus = ekLen;
- }
- /* Is the length of the decrypted data (el1) the expected value? */
- if (modulus != el1)
- goto hide_loser;
-
- /* Cheaply verify that PKCS#1 was used to format the encryption block */
- kk = kbuf + modulus - (keySize - ckLen);
- if ((kbuf[0] != 0x00) || (kbuf[1] != 0x02) || (kk[-1] != 0x00)) {
- /* Tsk tsk. */
- SSL_DBG(("%d: SSL[%d]: strange encryption block",
- SSL_GETPID(), ss->fd));
- PORT_SetError(SSL_ERROR_BAD_CLIENT);
- goto hide_loser;
- }
-
- /* Make sure we're not subject to a version rollback attack. */
- if (ss->enableSSL3 || ss->enableTLS) {
- PRUint8 threes[8] = { 0x03, 0x03, 0x03, 0x03,
- 0x03, 0x03, 0x03, 0x03 };
-
- if (PORT_Memcmp(kk - 8 - 1, threes, 8) == 0) {
- PORT_SetError(SSL_ERROR_BAD_CLIENT);
- goto hide_loser;
- }
- }
- if (0) {
-hide_loser:
- /* Defense against the Bleichenbacher attack.
- * Provide the client with NO CLUES that the decrypted master key
- * was erroneous. Don't send any error messages.
- * Instead, Generate a completely bogus master key .
- */
- PK11_GenerateRandom(kbuf, ekLen);
- }
-
- /*
- ** Construct master key out of the pieces.
- */
- if (ckLen) {
- PORT_Memcpy(mkbuf, ck, ckLen);
- }
- PORT_Memcpy(mkbuf+ckLen, kk, keySize-ckLen);
-
- /* Fill in session-id */
- rv = ssl2_FillInSID(sid, cipher, mkbuf, keySize, ca, caLen,
- keyBits, keyBits - (ckLen<<3));
- if (rv != SECSuccess) {
- goto loser;
- }
-
- /* Create session ciphers */
- rv = ssl2_CreateSessionCypher(ss, sid, PR_FALSE);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- SSL_TRC(1, ("%d: SSL[%d]: server, using %s cipher, clear=%d total=%d",
- SSL_GETPID(), ss->fd, ssl_cipherName[cipher],
- ckLen<<3, keySize<<3));
- rv = SECSuccess;
- goto done;
-
- loser:
- rv = SECFailure;
-
- done:
- PORT_Free(kbuf);
- return rv;
-}
-
-/************************************************************************/
-
-/*
-** Rewrite the incoming cipher specs, comparing to list of specs we support,
-** (ss->cipherSpecs) and eliminating anything we don't support
-**
-* Note: Our list may contain SSL v3 ciphers.
-* We MUST NOT match on any of those.
-* Fortunately, this is easy to detect because SSLv3 ciphers have zero
-* in the first byte, and none of the SSLv2 ciphers do.
-*
-* Called from ssl2_HandleClientHelloMessage().
-*/
-static int
-ssl2_QualifyCypherSpecs(sslSocket *ss,
- PRUint8 * cs, /* cipher specs in client hello msg. */
- int csLen)
-{
- PRUint8 * ms;
- PRUint8 * hs;
- PRUint8 * qs;
- int mc;
- int hc;
- PRUint8 qualifiedSpecs[ssl2_NUM_SUITES_IMPLEMENTED * 3];
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
-
- if (!ss->cipherSpecs) {
- ssl2_ConstructCipherSpecs(ss);
- }
-
- PRINT_BUF(10, (ss, "specs from client:", cs, csLen));
- qs = qualifiedSpecs;
- ms = ss->cipherSpecs;
- for (mc = ss->sizeCipherSpecs; mc > 0; mc -= 3, ms += 3) {
- if (ms[0] == 0)
- continue;
- for (hs = cs, hc = csLen; hc > 0; hs += 3, hc -= 3) {
- if ((hs[0] == ms[0]) &&
- (hs[1] == ms[1]) &&
- (hs[2] == ms[2])) {
- /* Copy this cipher spec into the "keep" section */
- qs[0] = hs[0];
- qs[1] = hs[1];
- qs[2] = hs[2];
- qs += 3;
- break;
- }
- }
- }
- hc = qs - qualifiedSpecs;
- PRINT_BUF(10, (ss, "qualified specs from client:", qualifiedSpecs, hc));
- PORT_Memcpy(cs, qualifiedSpecs, hc);
- return hc;
-}
-
-/*
-** Pick the best cipher we can find, given the array of server cipher
-** specs. Returns cipher number (e.g. SSL_CK_*), or -1 for no overlap.
-** If succesful, stores the master key size (bytes) in *pKeyLen.
-**
-** This is correct only for the client side, but presently
-** this function is only called from
-** ssl2_ClientSetupSessionCypher() <- ssl2_HandleServerHelloMessage()
-**
-** Note that most servers only return a single cipher suite in their
-** ServerHello messages. So, the code below for finding the "best" cipher
-** suite usually has only one choice. The client and server should send
-** their cipher suite lists sorted in descending order by preference.
-*/
-static int
-ssl2_ChooseSessionCypher(sslSocket *ss,
- int hc, /* number of cs's in hs. */
- PRUint8 * hs, /* server hello's cipher suites. */
- int * pKeyLen) /* out: sym key size in bytes. */
-{
- PRUint8 * ms;
- unsigned int i;
- int bestKeySize;
- int bestRealKeySize;
- int bestCypher;
- int keySize;
- int realKeySize;
- PRUint8 * ohs = hs;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
-
- if (!ss->cipherSpecs) {
- ssl2_ConstructCipherSpecs(ss);
- }
-
- if (!ss->preferredCipher) {
- const PRUint8 * preferred = implementedCipherSuites;
- unsigned int allowed = ss->allowedByPolicy & ss->chosenPreference &
- SSL_CB_IMPLEMENTED;
- if (allowed) {
- for (i = ssl2_NUM_SUITES_IMPLEMENTED; i > 0; --i) {
- if (0 != (allowed & (1U << preferred[0]))) {
- ss->preferredCipher = preferred;
- break;
- }
- preferred += 3;
- }
- }
- }
- /*
- ** Scan list of ciphers recieved from peer and look for a match in
- ** our list.
- * Note: Our list may contain SSL v3 ciphers.
- * We MUST NOT match on any of those.
- * Fortunately, this is easy to detect because SSLv3 ciphers have zero
- * in the first byte, and none of the SSLv2 ciphers do.
- */
- bestKeySize = bestRealKeySize = 0;
- bestCypher = -1;
- while (--hc >= 0) {
- for (i = 0, ms = ss->cipherSpecs; i < ss->sizeCipherSpecs; i += 3, ms += 3) {
- if ((hs[0] == ss->preferredCipher[0]) &&
- (hs[1] == ss->preferredCipher[1]) &&
- (hs[2] == ss->preferredCipher[2]) &&
- hs[0] != 0) {
- /* Pick this cipher immediately! */
- *pKeyLen = (((hs[1] << 8) | hs[2]) + 7) >> 3;
- return hs[0];
- }
- if ((hs[0] == ms[0]) && (hs[1] == ms[1]) && (hs[2] == ms[2]) &&
- hs[0] != 0) {
- /* Found a match */
-
- /* Use secret keySize to determine which cipher is best */
- realKeySize = (hs[1] << 8) | hs[2];
- switch (hs[0]) {
- case SSL_CK_RC4_128_EXPORT40_WITH_MD5:
- case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
- keySize = 40;
- break;
- default:
- keySize = realKeySize;
- break;
- }
- if (keySize > bestKeySize) {
- bestCypher = hs[0];
- bestKeySize = keySize;
- bestRealKeySize = realKeySize;
- }
- }
- }
- hs += 3;
- }
- if (bestCypher < 0) {
- /*
- ** No overlap between server and client. Re-examine server list
- ** to see what kind of ciphers it does support so that we can set
- ** the error code appropriately.
- */
- if ((ohs[0] == SSL_CK_RC4_128_WITH_MD5) ||
- (ohs[0] == SSL_CK_RC2_128_CBC_WITH_MD5)) {
- PORT_SetError(SSL_ERROR_US_ONLY_SERVER);
- } else if ((ohs[0] == SSL_CK_RC4_128_EXPORT40_WITH_MD5) ||
- (ohs[0] == SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)) {
- PORT_SetError(SSL_ERROR_EXPORT_ONLY_SERVER);
- } else {
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
- }
- SSL_DBG(("%d: SSL[%d]: no cipher overlap", SSL_GETPID(), ss->fd));
- goto loser;
- }
- *pKeyLen = (bestRealKeySize + 7) >> 3;
- return bestCypher;
-
- loser:
- return -1;
-}
-
-static SECStatus
-ssl2_ClientHandleServerCert(sslSocket *ss, PRUint8 *certData, int certLen)
-{
- CERTCertificate *cert = NULL;
- SECItem certItem;
-
- PORT_Assert(ss->sec != 0);
-
- certItem.data = certData;
- certItem.len = certLen;
-
- /* decode the certificate */
- cert = CERT_NewTempCertificate(ss->dbHandle, &certItem, NULL,
- PR_FALSE, PR_TRUE);
-
- if (cert == NULL) {
- SSL_DBG(("%d: SSL[%d]: decode of server certificate fails",
- SSL_GETPID(), ss->fd));
- PORT_SetError(SSL_ERROR_BAD_CERTIFICATE);
- return SECFailure;
- }
-
-#ifdef TRACE
- {
- if (ssl_trace >= 1) {
- char *issuer;
- char *subject;
- issuer = CERT_NameToAscii(&cert->issuer);
- subject = CERT_NameToAscii(&cert->subject);
- SSL_TRC(1,("%d: server certificate issuer: '%s'",
- SSL_GETPID(), issuer ? issuer : "OOPS"));
- SSL_TRC(1,("%d: server name: '%s'",
- SSL_GETPID(), subject ? subject : "OOPS"));
- PORT_Free(issuer);
- PORT_Free(subject);
- }
- }
-#endif
-
- ss->sec->peerCert = cert;
- return SECSuccess;
-}
-
-/*
-** Given the server's public key and cipher specs, generate a session key
-** that is ready to use for encrypting/decrypting the byte stream. At
-** the same time, generate the SSL_MT_CLIENT_MASTER_KEY message and
-** send it to the server.
-**
-** Called from ssl2_HandleServerHelloMessage()
-*/
-static SECStatus
-ssl2_ClientSetupSessionCypher(sslSocket *ss, PRUint8 *cs, int csLen)
-{
- sslSessionID * sid;
- PRUint8 * ca; /* points to iv data, or NULL if none. */
- PRUint8 * ekbuf = 0;
- CERTCertificate * cert = 0;
- SECKEYPublicKey * serverKey = 0;
- unsigned modulusLen = 0;
- SECStatus rv;
- int cipher;
- int keyLen; /* cipher symkey size in bytes. */
- int ckLen; /* publicly reveal this many bytes of key. */
- int caLen; /* length of IV data at *ca. */
- int nc;
-
- SECItem eblock; /* holds unencrypted PKCS#1 formatted key. */
- SECItem rek; /* holds portion of symkey to be encrypted. */
-
- PRUint8 keyData[SSL_MAX_MASTER_KEY_BYTES];
- PRUint8 iv [8];
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- eblock.data = 0;
- eblock.len = 0;
-
- sid = ss->sec->ci.sid;
- PORT_Assert(sid != 0);
-
- cert = ss->sec->peerCert;
-
- serverKey = CERT_ExtractPublicKey(cert);
- if (!serverKey) {
- SSL_DBG(("%d: SSL[%d]: extract public key failed: error=%d",
- SSL_GETPID(), ss->fd, PORT_GetError()));
- PORT_SetError(SSL_ERROR_BAD_CERTIFICATE);
- rv = SECFailure;
- goto loser2;
- }
-
- /* Choose a compatible cipher with the server */
- nc = csLen / 3;
- cipher = ssl2_ChooseSessionCypher(ss, nc, cs, &keyLen);
- if (cipher < 0) {
- /* ssl2_ChooseSessionCypher has set error code. */
- ssl2_SendErrorMessage(ss, SSL_PE_NO_CYPHERS);
- goto loser;
- }
-
- /* Generate the random keys */
- PK11_GenerateRandom(keyData, sizeof(keyData));
-
- /*
- ** Next, carve up the keys into clear and encrypted portions. The
- ** clear data is taken from the start of keyData and the encrypted
- ** portion from the remainder. Note that each of these portions is
- ** carved in half, one half for the read-key and one for the
- ** write-key.
- */
- ca = 0;
-
- /* We know that cipher is a legit value here, because
- * ssl2_ChooseSessionCypher doesn't return bogus values.
- */
- ckLen = ssl_Specs[cipher].pubLen; /* cleartext key length. */
- caLen = ssl_Specs[cipher].ivLen; /* IV length. */
- if (caLen) {
- PORT_Assert(sizeof iv >= caLen);
- PK11_GenerateRandom(iv, caLen);
- ca = iv;
- }
-
- /* Fill in session-id */
- rv = ssl2_FillInSID(sid, cipher, keyData, keyLen,
- ca, caLen, keyLen << 3, (keyLen - ckLen) << 3);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- SSL_TRC(1, ("%d: SSL[%d]: client, using %s cipher, clear=%d total=%d",
- SSL_GETPID(), ss->fd, ssl_cipherName[cipher],
- ckLen<<3, keyLen<<3));
-
- /* Now setup read and write ciphers */
- rv = ssl2_CreateSessionCypher(ss, sid, PR_TRUE);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- /*
- ** Fill in the encryption buffer with some random bytes. Then
- ** copy in the portion of the session key we are encrypting.
- */
- modulusLen = SECKEY_PublicKeyStrength(serverKey);
- rek.data = keyData + ckLen;
- rek.len = keyLen - ckLen;
- rv = RSA_FormatBlock(&eblock, modulusLen, RSA_BlockPublic, &rek);
- if (rv)
- goto loser;
- /* Set up the padding for version 2 rollback detection. */
- /* XXX We should really use defines here */
- if (ss->enableSSL3 || ss->enableTLS) {
- PORT_Assert((modulusLen - rek.len) > 12);
- PORT_Memset(eblock.data + modulusLen - rek.len - 8 - 1, 0x03, 8);
- }
- ekbuf = (PRUint8*) PORT_Alloc(modulusLen);
- if (!ekbuf)
- goto loser;
- PRINT_BUF(10, (ss, "master key encryption block:",
- eblock.data, eblock.len));
-
- /* Encrypt ekitem */
- rv = PK11_PubEncryptRaw(serverKey, ekbuf, eblock.data, modulusLen,
- ss->pkcs11PinArg);
- if (rv)
- goto loser;
-
- if (eblock.len != modulusLen) {
- /* Something strange just happened */
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
-
- /* Now we have everything ready to send */
- rv = ssl2_SendSessionKeyMessage(ss, cipher, keyLen << 3, ca, caLen,
- keyData, ckLen, ekbuf, modulusLen);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SECSuccess;
- goto done;
-
- loser:
- rv = SECFailure;
-
- loser2:
- done:
- PORT_Memset(keyData, 0, sizeof(keyData));
- PORT_ZFree(ekbuf, modulusLen);
- SECITEM_ZfreeItem(&eblock, PR_FALSE);
- SECKEY_DestroyPublicKey(serverKey);
- return rv;
-}
-
-/************************************************************************/
-
-/*
- * Called from ssl2_HandleMessage in response to SSL_MT_SERVER_FINISHED message.
- * Caller holds recvBufLock and handshakeLock
- */
-static void
-ssl2_ClientRegSessionID(sslSocket *ss, PRUint8 *s)
-{
- sslSecurityInfo *sec;
- sslSessionID *sid;
-
- PORT_Assert((ss->sec != 0));
- sec = ss->sec;
- sid = sec->ci.sid;
-
- /* Record entry in nonce cache */
- if (sid->peerCert == NULL) {
- PORT_Memcpy(sid->u.ssl2.sessionID, s, sizeof(sid->u.ssl2.sessionID));
- sid->peerCert = CERT_DupCertificate(sec->peerCert);
-
- }
- if (!ss->noCache)
- (*sec->cache)(sid);
-}
-
-/* Called from ssl2_HandleMessage() */
-static SECStatus
-ssl2_TriggerNextMessage(sslSocket *ss)
-{
- sslConnectInfo * ci;
- SECStatus rv;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- ci = &ss->sec->ci;
-
- if ((ci->requiredElements & CIS_HAVE_CERTIFICATE) &&
- !(ci->sentElements & CIS_HAVE_CERTIFICATE)) {
- ci->sentElements |= CIS_HAVE_CERTIFICATE;
- rv = ssl2_SendCertificateRequestMessage(ss);
- return rv;
- }
- return SECSuccess;
-}
-
-/* See if it's time to send our finished message, or if the handshakes are
-** complete. Send finished message if appropriate.
-** Returns SECSuccess unless anything goes wrong.
-**
-** Called from ssl2_HandleMessage,
-** ssl2_HandleVerifyMessage
-** ssl2_HandleServerHelloMessage
-** ssl2_HandleClientSessionKeyMessage
-** ssl2_RestartHandshakeAfterCertReq
-** ssl2_RestartHandshakeAfterServerCert
-*/
-static SECStatus
-ssl2_TryToFinish(sslSocket *ss)
-{
- sslSecurityInfo *sec;
- sslConnectInfo * ci;
- SECStatus rv;
- char e, ef;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- sec = ss->sec;
- ci = &sec->ci;
-
- e = ci->elements;
- ef = e | CIS_HAVE_FINISHED;
- if ((ef & ci->requiredElements) == ci->requiredElements) {
- if (sec->isServer) {
- /* Send server finished message if we already didn't */
- rv = ssl2_SendServerFinishedMessage(ss);
- } else {
- /* Send client finished message if we already didn't */
- rv = ssl2_SendClientFinishedMessage(ss);
- }
- if (rv != SECSuccess) {
- return rv;
- }
- if ((e & ci->requiredElements) == ci->requiredElements) {
- /* Totally finished */
- ss->handshake = 0;
- return SECSuccess;
- }
- }
- return SECSuccess;
-}
-
-/*
-** Called from ssl2_HandleRequestCertificate
-** ssl2_RestartHandshakeAfterCertReq
-*/
-static SECStatus
-ssl2_SignResponse(sslSocket *ss,
- SECKEYPrivateKey *key,
- SECItem *response)
-{
- SGNContext * sgn = NULL;
- sslConnectInfo * ci;
- sslSecurityInfo *sec;
- PRUint8 * challenge;
- unsigned int len;
- SECStatus rv = SECFailure;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
-
- sec = ss->sec;
- ci = &sec->ci;
- challenge = ci->serverChallenge;
- len = ci->serverChallengeLen;
-
- /* Sign the expected data... */
- sgn = SGN_NewContext(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,key);
- if (!sgn)
- goto done;
- rv = SGN_Begin(sgn);
- if (rv != SECSuccess)
- goto done;
- rv = SGN_Update(sgn, ci->readKey, ci->keySize);
- if (rv != SECSuccess)
- goto done;
- rv = SGN_Update(sgn, ci->writeKey, ci->keySize);
- if (rv != SECSuccess)
- goto done;
- rv = SGN_Update(sgn, challenge, len);
- if (rv != SECSuccess)
- goto done;
- rv = SGN_Update(sgn,
- sec->peerCert->derCert.data, sec->peerCert->derCert.len);
- if (rv != SECSuccess)
- goto done;
- rv = SGN_End(sgn, response);
- if (rv != SECSuccess)
- goto done;
-
-done:
- SGN_DestroyContext(sgn, PR_TRUE);
- return rv == SECSuccess ? SECSuccess : SECFailure;
-}
-
-/*
-** Try to handle a request-certificate message. Get client's certificate
-** and private key and sign a message for the server to see.
-** Caller must hold handshakeLock
-**
-** Called from ssl2_HandleMessage().
-*/
-static int
-ssl2_HandleRequestCertificate(sslSocket *ss)
-{
- CERTCertificate * cert = NULL; /* app-selected client cert. */
- SECKEYPrivateKey *key = NULL; /* priv key for cert. */
- SECStatus rv;
- SECItem response;
- int ret = 0;
- PRUint8 authType;
-
-
- /*
- * These things all need to be initialized before we can "goto loser".
- */
- response.data = NULL;
-
- PORT_Assert((ss->sec != 0));
- if (!ss->sec) {
- PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
- return SECFailure;
- }
-
- /* get challenge info from connectionInfo */
- authType = ss->sec->ci.authType;
-
- if (authType != SSL_AT_MD5_WITH_RSA_ENCRYPTION) {
- SSL_TRC(7, ("%d: SSL[%d]: unsupported auth type 0x%x", SSL_GETPID(),
- ss->fd, authType));
- goto no_cert_error;
- }
-
- /* Get certificate and private-key from client */
- if (!ss->getClientAuthData) {
- SSL_TRC(7, ("%d: SSL[%d]: client doesn't support client-auth",
- SSL_GETPID(), ss->fd));
- goto no_cert_error;
- }
- ret = (*ss->getClientAuthData)(ss->getClientAuthDataArg, ss->fd,
- NULL, &cert, &key);
- if ( ret == SECWouldBlock ) {
- ssl_SetAlwaysBlock(ss);
- goto done;
- }
-
- if (ret) {
- goto no_cert_error;
- }
-
- rv = ssl2_SignResponse(ss, key, &response);
- if ( rv != SECSuccess ) {
- ret = -1;
- goto loser;
- }
-
- /* Send response message */
- ret = ssl2_SendCertificateResponseMessage(ss, &cert->derCert, &response);
- goto done;
-
- no_cert_error:
- SSL_TRC(7, ("%d: SSL[%d]: no certificate (ret=%d)", SSL_GETPID(),
- ss->fd, ret));
- ret = ssl2_SendErrorMessage(ss, SSL_PE_NO_CERTIFICATE);
-
- loser:
- done:
- if ( cert ) {
- CERT_DestroyCertificate(cert);
- }
- if ( key ) {
- SECKEY_DestroyPrivateKey(key);
- }
- if ( response.data ) {
- PORT_Free(response.data);
- }
-
- return ret;
-}
-
-/*
-** Called from ssl2_HandleMessage for SSL_MT_CLIENT_CERTIFICATE message.
-** Caller must hold HandshakeLock and RecvBufLock, since cd and response
-** are contained in the gathered input data.
-*/
-static SECStatus
-ssl2_HandleClientCertificate(sslSocket * ss,
- PRUint8 certType, /* XXX unused */
- PRUint8 * cd,
- unsigned int cdLen,
- PRUint8 * response,
- unsigned int responseLen)
-{
- sslSecurityInfo *sec = ss->sec;
- sslConnectInfo * ci;
- CERTCertificate *cert = NULL;
- SECKEYPublicKey *pubKey = NULL;
- VFYContext * vfy = NULL;
- SECStatus rv = SECFailure;
- SECItem certItem;
- SECItem rep;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
-
- /* Extract the certificate */
- certItem.data = cd;
- certItem.len = cdLen;
-
- cert = CERT_NewTempCertificate(ss->dbHandle, &certItem, NULL,
- PR_FALSE, PR_TRUE);
- if (cert == NULL) {
- goto loser;
- }
-
- /* save the certificate, since the auth routine will need it */
- sec->peerCert = cert;
-
- /* Extract the public key */
- pubKey = CERT_ExtractPublicKey(cert);
- if (!pubKey)
- goto loser;
-
- /* Verify the response data... */
- rep.data = response;
- rep.len = responseLen;
- /* SSL 2.0 only supports RSA certs, so we don't have to worry about
- * DSA here. */
- vfy = VFY_CreateContext(pubKey, &rep, SEC_OID_PKCS1_RSA_ENCRYPTION,
- ss->pkcs11PinArg);
- if (!vfy)
- goto loser;
- rv = VFY_Begin(vfy);
- if (rv)
- goto loser;
-
- ci = &sec->ci;
- rv = VFY_Update(vfy, ci->readKey, ci->keySize);
- if (rv)
- goto loser;
- rv = VFY_Update(vfy, ci->writeKey, ci->keySize);
- if (rv)
- goto loser;
- rv = VFY_Update(vfy, ci->serverChallenge, SSL_CHALLENGE_BYTES);
- if (rv)
- goto loser;
- rv = VFY_Update(vfy, ss->serverCert[kt_rsa]->derCert.data,
- ss->serverCert[kt_rsa]->derCert.len);
- if (rv)
- goto loser;
- rv = VFY_End(vfy);
- if (rv)
- goto loser;
-
- /* Now ask the server application if it likes the certificate... */
- rv = (SECStatus) (*ss->authCertificate)(ss->authCertificateArg,
- ss->fd, PR_TRUE, PR_TRUE);
- /* Hey, it liked it. */
- if (SECSuccess == rv)
- goto done;
-
-loser:
- sec->peerCert = NULL;
- CERT_DestroyCertificate(cert);
-
-done:
- VFY_DestroyContext(vfy, PR_TRUE);
- SECKEY_DestroyPublicKey(pubKey);
- return rv;
-}
-
-/*
-** Handle remaining messages between client/server. Process finished
-** messages from either side and any authentication requests.
-** This should only be called for SSLv2 handshake messages,
-** not for application data records.
-** Caller must hold handshake lock.
-**
-** Called from ssl_Do1stHandshake().
-**
-*/
-static SECStatus
-ssl2_HandleMessage(sslSocket *ss)
-{
- sslSecurityInfo *sec;
- sslConnectInfo * ci;
- sslGather * gs;
- PRUint8 * data;
- PRUint8 * cid;
- unsigned len, certType, certLen, responseLen;
- int rv;
- int rv2;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0) && (ss->gather != 0));
-
- ssl_GetRecvBufLock(ss);
- sec = ss->sec;
- gs = ss->gather;
- ci = &sec->ci;
-
- data = gs->buf.buf + gs->recordOffset;
-
- if (gs->recordLen < 1) {
- goto bad_peer;
- }
- SSL_TRC(3, ("%d: SSL[%d]: received %d message",
- SSL_GETPID(), ss->fd, data[0]));
- DUMP_MSG(29, (ss, data, gs->recordLen));
-
- switch (data[0]) {
- case SSL_MT_CLIENT_FINISHED:
- if (ci->elements & CIS_HAVE_FINISHED) {
- SSL_DBG(("%d: SSL[%d]: dup client-finished message",
- SSL_GETPID(), ss->fd));
- goto bad_peer;
- }
-
- /* See if nonce matches */
- len = gs->recordLen - 1;
- cid = data + 1;
- if ((len != sizeof(ci->connectionID)) ||
- (PORT_Memcmp(ci->connectionID, cid, len) != 0)) {
- SSL_DBG(("%d: SSL[%d]: bad connection-id", SSL_GETPID(), ss->fd));
- PRINT_BUF(5, (ss, "sent connection-id",
- ci->connectionID, sizeof(ci->connectionID)));
- PRINT_BUF(5, (ss, "rcvd connection-id", cid, len));
- goto bad_peer;
- }
-
- SSL_TRC(5, ("%d: SSL[%d]: got client finished, waiting for 0x%d",
- SSL_GETPID(), ss->fd, ci->requiredElements ^ ci->elements));
- ci->elements |= CIS_HAVE_FINISHED;
- break;
-
- case SSL_MT_SERVER_FINISHED:
- if (ci->elements & CIS_HAVE_FINISHED) {
- SSL_DBG(("%d: SSL[%d]: dup server-finished message",
- SSL_GETPID(), ss->fd));
- goto bad_peer;
- }
-
- if (gs->recordLen - 1 != SSL_SESSIONID_BYTES) {
- SSL_DBG(("%d: SSL[%d]: bad server-finished message, len=%d",
- SSL_GETPID(), ss->fd, gs->recordLen));
- goto bad_peer;
- }
- ssl2_ClientRegSessionID(ss, data+1);
- SSL_TRC(5, ("%d: SSL[%d]: got server finished, waiting for 0x%d",
- SSL_GETPID(), ss->fd, ci->requiredElements ^ ci->elements));
- ci->elements |= CIS_HAVE_FINISHED;
- break;
-
- case SSL_MT_REQUEST_CERTIFICATE:
- len = gs->recordLen - 2;
- if ((len != SSL_MIN_CHALLENGE_BYTES) ||
- (len > SSL_MAX_CHALLENGE_BYTES)) {
- /* Bad challenge */
- SSL_DBG(("%d: SSL[%d]: bad cert request message: code len=%d",
- SSL_GETPID(), ss->fd, len));
- goto bad_peer;
- }
-
- /* save auth request info */
- ci->authType = data[1];
- ci->serverChallengeLen = len;
- PORT_Memcpy(ci->serverChallenge, data + 2, len);
-
- rv = ssl2_HandleRequestCertificate(ss);
- if (rv == SECWouldBlock) {
- SSL_TRC(3, ("%d: SSL[%d]: async cert request",
- SSL_GETPID(), ss->fd));
- /* someone is handling this asynchronously */
- ssl_ReleaseRecvBufLock(ss);
- return SECWouldBlock;
- }
- if (rv) {
- SET_ERROR_CODE
- goto loser;
- }
- break;
-
- case SSL_MT_CLIENT_CERTIFICATE:
- if (!ss->authCertificate) {
- /* Server asked for authentication and can't handle it */
- PORT_SetError(SSL_ERROR_BAD_SERVER);
- goto loser;
- }
- if (gs->recordLen < SSL_HL_CLIENT_CERTIFICATE_HBYTES) {
- SET_ERROR_CODE
- goto loser;
- }
- certType = data[1];
- certLen = (data[2] << 8) | data[3];
- responseLen = (data[4] << 8) | data[5];
- if (certType != SSL_CT_X509_CERTIFICATE) {
- PORT_SetError(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
- goto loser;
- }
- rv = ssl2_HandleClientCertificate(ss, data[1],
- data + SSL_HL_CLIENT_CERTIFICATE_HBYTES,
- certLen,
- data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen,
- responseLen);
- if (rv) {
- rv2 = ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
- SET_ERROR_CODE
- goto loser;
- }
- ci->elements |= CIS_HAVE_CERTIFICATE;
- break;
-
- case SSL_MT_ERROR:
- rv = (data[1] << 8) | data[2];
- SSL_TRC(2, ("%d: SSL[%d]: got error message, error=0x%x",
- SSL_GETPID(), ss->fd, rv));
-
- /* Convert protocol error number into API error number */
- switch (rv) {
- case SSL_PE_NO_CYPHERS:
- rv = SSL_ERROR_NO_CYPHER_OVERLAP;
- break;
- case SSL_PE_NO_CERTIFICATE:
- rv = SSL_ERROR_NO_CERTIFICATE;
- break;
- case SSL_PE_BAD_CERTIFICATE:
- rv = SSL_ERROR_BAD_CERTIFICATE;
- break;
- case SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE:
- rv = SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
- break;
- default:
- goto bad_peer;
- }
- /* XXX make certificate-request optionally fail... */
- PORT_SetError(rv);
- goto loser;
-
- default:
- SSL_DBG(("%d: SSL[%d]: unknown message %d",
- SSL_GETPID(), ss->fd, data[0]));
- goto loser;
- }
-
- SSL_TRC(3, ("%d: SSL[%d]: handled %d message, required=0x%x got=0x%x",
- SSL_GETPID(), ss->fd, data[0],
- ci->requiredElements, ci->elements));
-
- rv = ssl2_TryToFinish(ss);
- if (rv != SECSuccess)
- goto loser;
-
- ss->gather->recordLen = 0;
- ssl_ReleaseRecvBufLock(ss);
-
- if (ss->handshake == 0) {
- return SECSuccess;
- }
-
- ss->handshake = ssl_GatherRecord1stHandshake;
- ss->nextHandshake = ssl2_HandleMessage;
- return ssl2_TriggerNextMessage(ss);
-
- bad_peer:
- PORT_SetError(sec->isServer ? SSL_ERROR_BAD_CLIENT : SSL_ERROR_BAD_SERVER);
- /* FALL THROUGH */
-
- loser:
- ssl_ReleaseRecvBufLock(ss);
- return SECFailure;
-}
-
-/************************************************************************/
-
-/* Called from ssl_Do1stHandshake, after ssl2_HandleServerHelloMessage or
-** ssl2_RestartHandshakeAfterServerCert.
-*/
-static SECStatus
-ssl2_HandleVerifyMessage(sslSocket *ss)
-{
- sslConnectInfo * ci;
- sslGather * gs;
- PRUint8 * data;
- SECStatus rv;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- ssl_GetRecvBufLock(ss);
- PORT_Assert((ss->sec != 0) && (ss->gather != 0));
- ci = &ss->sec->ci;
- gs = ss->gather;
-
- data = gs->buf.buf + gs->recordOffset;
- DUMP_MSG(29, (ss, data, gs->recordLen));
- if ((gs->recordLen != 1 + SSL_CHALLENGE_BYTES) ||
- (data[0] != SSL_MT_SERVER_VERIFY) ||
- PORT_Memcmp(data+1, ci->clientChallenge, SSL_CHALLENGE_BYTES)) {
- /* Bad server */
- PORT_SetError(SSL_ERROR_BAD_SERVER);
- goto loser;
- }
- ci->elements |= CIS_HAVE_VERIFY;
-
- SSL_TRC(5, ("%d: SSL[%d]: got server-verify, required=0x%d got=0x%x",
- SSL_GETPID(), ss->fd, ci->requiredElements,
- ci->elements));
-
- rv = ssl2_TryToFinish(ss);
- if (rv)
- goto loser;
-
- ss->gather->recordLen = 0;
- ssl_ReleaseRecvBufLock(ss);
-
- if (ss->handshake == 0) {
- return SECSuccess;
- }
- ss->handshake = ssl_GatherRecord1stHandshake;
- ss->nextHandshake = ssl2_HandleMessage;
- return SECSuccess;
-
-
- loser:
- ssl_ReleaseRecvBufLock(ss);
- return SECFailure;
-}
-
-/* Not static because ssl2_GatherData() tests ss->nextHandshake for this value.
- * ICK!
- * Called from ssl_Do1stHandshake after ssl2_BeginClientHandshake()
- */
-SECStatus
-ssl2_HandleServerHelloMessage(sslSocket *ss)
-{
- sslSecurityInfo *sec;
- sslConnectInfo * ci;
- sslGather * gs;
- sslSessionID * sid;
- PRUint8 * cert;
- PRUint8 * cs;
- PRUint8 * data;
- SECStatus rv;
- int needed, sidHit, certLen, csLen, cidLen, certType, err;
-
- PORT_Assert((ss->sec != 0) && (ss->gather != 0));
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
-
- if (!ss->enableSSL2) {
- PORT_SetError(SSL_ERROR_SSL2_DISABLED);
- return SECFailure;
- }
-
- ssl_GetRecvBufLock(ss);
-
- sec = ss->sec;
- ci = &sec->ci;
- gs = ss->gather;
- PORT_Assert(ci->sid != 0);
-
- data = gs->buf.buf + gs->recordOffset;
- DUMP_MSG(29, (ss, data, gs->recordLen));
-
- /* Make sure first message has some data and is the server hello message */
- if ((gs->recordLen < SSL_HL_SERVER_HELLO_HBYTES)
- || (data[0] != SSL_MT_SERVER_HELLO)) {
- if ((data[0] == SSL_MT_ERROR) && (gs->recordLen == 3)) {
- err = (data[1] << 8) | data[2];
- if (err == SSL_PE_NO_CYPHERS) {
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
- goto loser;
- }
- }
- goto bad_server;
- }
-
- sidHit = data[1];
- certType = data[2];
- ss->version = (data[3] << 8) | data[4];
- certLen = (data[5] << 8) | data[6];
- csLen = (data[7] << 8) | data[8];
- cidLen = (data[9] << 8) | data[10];
- cert = data + SSL_HL_SERVER_HELLO_HBYTES;
- cs = cert + certLen;
-
- SSL_TRC(5,
- ("%d: SSL[%d]: server-hello, hit=%d vers=%x certLen=%d csLen=%d cidLen=%d",
- SSL_GETPID(), ss->fd, sidHit, ss->version, certLen,
- csLen, cidLen));
- if (ss->version != SSL_LIBRARY_VERSION_2) {
- if (ss->version < SSL_LIBRARY_VERSION_2) {
- SSL_TRC(3, ("%d: SSL[%d]: demoting self (%x) to server version (%x)",
- SSL_GETPID(), ss->fd, SSL_LIBRARY_VERSION_2,
- ss->version));
- } else {
- SSL_TRC(1, ("%d: SSL[%d]: server version is %x (we are %x)",
- SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
- /* server claims to be newer but does not follow protocol */
- PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
- goto loser;
- }
- }
-
- /* Save connection-id for later */
- PORT_Memcpy(ci->connectionID, cs + csLen, sizeof(ci->connectionID));
-
- /* See if session-id hit */
- needed = CIS_HAVE_MASTER_KEY | CIS_HAVE_FINISHED | CIS_HAVE_VERIFY;
- if (sidHit) {
- if (certLen || csLen) {
- /* Uh oh - bogus server */
- SSL_DBG(("%d: SSL[%d]: client, huh? hit=%d certLen=%d csLen=%d",
- SSL_GETPID(), ss->fd, sidHit, certLen, csLen));
- goto bad_server;
- }
-
- /* Total winner. */
- SSL_TRC(1, ("%d: SSL[%d]: client, using nonce for peer=0x%08x "
- "port=0x%04x",
- SSL_GETPID(), ss->fd, ci->peer, ci->port));
- sec->peerCert = CERT_DupCertificate(ci->sid->peerCert);
- rv = ssl2_CreateSessionCypher(ss, ci->sid, PR_TRUE);
- if (rv != SECSuccess) {
- goto loser;
- }
- } else {
- if (certType != SSL_CT_X509_CERTIFICATE) {
- PORT_SetError(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
- goto loser;
- }
- if (csLen == 0) {
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
- SSL_DBG(("%d: SSL[%d]: no cipher overlap",
- SSL_GETPID(), ss->fd));
- goto loser;
- }
- if (certLen == 0) {
- SSL_DBG(("%d: SSL[%d]: client, huh? certLen=%d csLen=%d",
- SSL_GETPID(), ss->fd, certLen, csLen));
- goto bad_server;
- }
-
- sid = ci->sid;
- if (sid->cached != never_cached) {
- /* Forget our session-id - server didn't like it */
- SSL_TRC(7, ("%d: SSL[%d]: server forgot me, uncaching session-id",
- SSL_GETPID(), ss->fd));
- (*sec->uncache)(sid);
- ssl_FreeSID(sid);
- ci->sid = sid = (sslSessionID*) PORT_ZAlloc(sizeof(sslSessionID));
- if (!sid) {
- goto loser;
- }
- sid->references = 1;
- sid->addr = ci->peer;
- sid->port = ci->port;
- }
-
- /* decode the server's certificate */
- rv = ssl2_ClientHandleServerCert(ss, cert, certLen);
- if (rv != SECSuccess) {
- if (PORT_GetError() == SSL_ERROR_BAD_CERTIFICATE) {
- (void) ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
- }
- goto loser;
- }
-
- /* Setup new session cipher */
- rv = ssl2_ClientSetupSessionCypher(ss, cs, csLen);
- if (rv != SECSuccess) {
- if (PORT_GetError() == SSL_ERROR_BAD_CERTIFICATE) {
- (void) ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
- }
- goto loser;
- }
- }
-
- /* Build up final list of required elements */
- ci->elements = CIS_HAVE_MASTER_KEY;
- ci->requiredElements = needed;
-
- if (!sidHit) {
- /* verify the server's certificate. if sidHit, don't check signatures */
- rv = (* ss->authCertificate)(ss->authCertificateArg, ss->fd,
- (PRBool)(!sidHit), PR_FALSE);
- if (rv) {
- if (ss->handleBadCert) {
- rv = (*ss->handleBadCert)(ss->badCertArg, ss->fd);
- if ( rv ) {
- if ( rv == SECWouldBlock ) {
- /* someone will handle this connection asynchronously*/
-
- SSL_DBG(("%d: SSL[%d]: go to async cert handler",
- SSL_GETPID(), ss->fd));
- ssl_ReleaseRecvBufLock(ss);
- ssl_SetAlwaysBlock(ss);
- return SECWouldBlock;
- }
- /* cert is bad */
- SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
- SSL_GETPID(), ss->fd, PORT_GetError()));
- goto loser;
-
- }
- /* cert is good */
- } else {
- SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
- SSL_GETPID(), ss->fd, PORT_GetError()));
- goto loser;
- }
- }
- }
- /*
- ** At this point we have a completed session key and our session
- ** cipher is setup and ready to go. Switch to encrypted write routine
- ** as all future message data is to be encrypted.
- */
- ssl2_UseEncryptedSendFunc(ss);
-
- rv = ssl2_TryToFinish(ss);
- if (rv != SECSuccess)
- goto loser;
-
- ss->gather->recordLen = 0;
-
- ssl_ReleaseRecvBufLock(ss);
-
- if (ss->handshake == 0) {
- return SECSuccess;
- }
-
- SSL_TRC(5, ("%d: SSL[%d]: got server-hello, required=0x%d got=0x%x",
- SSL_GETPID(), ss->fd, ci->requiredElements, ci->elements));
- ss->handshake = ssl_GatherRecord1stHandshake;
- ss->nextHandshake = ssl2_HandleVerifyMessage;
- return SECSuccess;
-
- bad_server:
- PORT_SetError(SSL_ERROR_BAD_SERVER);
- /* FALL THROUGH */
-
- loser:
- ssl_ReleaseRecvBufLock(ss);
- return SECFailure;
-}
-
-/* Sends out the initial client Hello message on the connection.
- * Acquires and releases the socket's xmitBufLock.
- */
-SECStatus
-ssl2_BeginClientHandshake(sslSocket *ss)
-{
- sslSecurityInfo *sec;
- sslConnectInfo *ci;
- sslSessionID *sid;
- PRUint8 *msg;
- PRUint8 *cp;
- PRUint8 *localCipherSpecs = NULL;
- unsigned int localCipherSize;
- unsigned int i;
- int sendLen, sidLen;
- SECStatus rv;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0));
-
- sec = ss->sec;
- sec->isServer = 0;
- sec->sendSequence = 0;
- sec->rcvSequence = 0;
- ssl_ChooseSessionIDProcs(sec);
- ci = &sec->ci;
-
- if (!ss->cipherSpecs) {
- rv = ssl2_ConstructCipherSpecs(ss);
- if (rv != SECSuccess)
- goto loser;
- }
-
- /* count the SSL2 and SSL3 enabled ciphers.
- * if either is zero, clear the socket's enable for that protocol.
- */
- rv = ssl2_CheckConfigSanity(ss);
- if (rv != SECSuccess)
- goto loser;
-
- /* Get peer name of server */
- rv = ssl_GetPeerInfo(ss);
- if (rv < 0) {
- goto loser;
- }
-
- SSL_TRC(3, ("%d: SSL[%d]: sending client-hello", SSL_GETPID(), ss->fd));
-
- /* Try to find server in our session-id cache */
- if (ss->noCache) {
- sid = NULL;
- } else {
- sid = ssl_LookupSID(ci->peer, ci->port, ss->peerID, ss->url);
- }
- if (sid) {
- /* if we're not doing this SID's protocol any more, drop it. */
- if (((sid->version == SSL_LIBRARY_VERSION_2) && !ss->enableSSL2) ||
- ((sid->version == SSL_LIBRARY_VERSION_3_0) && !ss->enableSSL3) ||
- ((sid->version == SSL_LIBRARY_VERSION_3_1_TLS) && !ss->enableTLS)) {
- sec->uncache(sid);
- ssl_FreeSID(sid);
- goto invalid;
- }
- if (ss->enableSSL2 && sid->version < SSL_LIBRARY_VERSION_3_0) {
- /* If the cipher in this sid is not enabled, drop it. */
- for (i = 0; i < ss->sizeCipherSpecs; i += 3) {
- if (ss->cipherSpecs[i] == sid->u.ssl2.cipherType)
- goto sid_cipher_match;
- }
- sec->uncache(sid);
- ssl_FreeSID(sid);
- goto invalid;
- }
-sid_cipher_match:
- sidLen = sizeof(sid->u.ssl2.sessionID);
- PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl2.sessionID,
- sidLen));
- ss->version = sid->version;
- } else {
-invalid:
- sidLen = 0;
- sid = (sslSessionID*) PORT_ZAlloc(sizeof(sslSessionID));
- if (!sid) {
- goto loser;
- }
- sid->references = 1;
- sid->cached = never_cached;
- sid->addr = ci->peer;
- sid->port = ci->port;
- if (ss->peerID != NULL) {
- sid->peerID = PORT_Strdup(ss->peerID);
- }
- if (ss->url != NULL) {
- sid->urlSvrName = PORT_Strdup(ss->url);
- }
- }
- ci->sid = sid;
-
- PORT_Assert(sid != NULL);
-
- if ((sid->version >= SSL_LIBRARY_VERSION_3_0 || !ss->v2CompatibleHello) &&
- (ss->enableSSL3 || ss->enableTLS)) {
-
- PORT_Assert(ss->gather != NULL);
- ss->gather->state = GS_INIT;
- ss->handshake = ssl_GatherRecord1stHandshake;
-
- /* ssl3_SendClientHello will override this if it succeeds. */
- ss->version = SSL_LIBRARY_VERSION_3_0;
-
- ssl_GetXmitBufLock(ss); /***************************************/
- ssl_GetSSL3HandshakeLock(ss);
- rv = ssl3_SendClientHello(ss);
- ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_ReleaseXmitBufLock(ss); /***************************************/
-
- return rv;
- }
-
- if (!ss->cipherSpecs) {
- rv = ssl2_ConstructCipherSpecs(ss);
- if (rv < 0) {
- return rv;
- }
- }
- localCipherSpecs = ss->cipherSpecs;
- localCipherSize = ss->sizeCipherSpecs;
-
- sendLen = SSL_HL_CLIENT_HELLO_HBYTES + localCipherSize + sidLen +
- SSL_CHALLENGE_BYTES;
-
- /* Generate challenge bytes for server */
- PK11_GenerateRandom(ci->clientChallenge, SSL_CHALLENGE_BYTES);
-
- ssl_GetXmitBufLock(ss); /***************************************/
-
- rv = ssl2_GetSendBuffer(ss, sendLen);
- if (rv)
- goto unlock_loser;
-
- /* Construct client-hello message */
- cp = msg = ci->sendBuf.buf;
- msg[0] = SSL_MT_CLIENT_HELLO;
- if ( ss->enableTLS ) {
- ss->clientHelloVersion = SSL_LIBRARY_VERSION_3_1_TLS;
- } else if ( ss->enableSSL3 ) {
- ss->clientHelloVersion = SSL_LIBRARY_VERSION_3_0;
- } else {
- ss->clientHelloVersion = SSL_LIBRARY_VERSION_2;
- }
-
- msg[1] = MSB(ss->clientHelloVersion);
- msg[2] = LSB(ss->clientHelloVersion);
- msg[3] = MSB(localCipherSize);
- msg[4] = LSB(localCipherSize);
- msg[5] = MSB(sidLen);
- msg[6] = LSB(sidLen);
- msg[7] = MSB(SSL_CHALLENGE_BYTES);
- msg[8] = LSB(SSL_CHALLENGE_BYTES);
- cp += SSL_HL_CLIENT_HELLO_HBYTES;
- PORT_Memcpy(cp, localCipherSpecs, localCipherSize);
- cp += localCipherSize;
- if (sidLen) {
- PORT_Memcpy(cp, sid->u.ssl2.sessionID, sidLen);
- cp += sidLen;
- }
- PORT_Memcpy(cp, ci->clientChallenge, SSL_CHALLENGE_BYTES);
-
- /* Send it to the server */
- DUMP_MSG(29, (ss, msg, sendLen));
- rv = (*sec->send)(ss, msg, sendLen, 0);
-
- ssl_ReleaseXmitBufLock(ss); /***************************************/
-
- if (rv < 0) {
- goto loser;
- }
-
- rv = ssl3_StartHandshakeHash(ss, msg, sendLen);
- if (rv < 0) {
- goto loser;
- }
-
- /* Setup to receive servers hello message */
- ssl_GetRecvBufLock(ss);
- ss->gather->recordLen = 0;
- ssl_ReleaseRecvBufLock(ss);
-
- ss->handshake = ssl_GatherRecord1stHandshake;
- ss->nextHandshake = ssl2_HandleServerHelloMessage;
- return SECSuccess;
-
-unlock_loser:
- ssl_ReleaseXmitBufLock(ss);
-loser:
- return SECFailure;
-}
-
-/************************************************************************/
-
-/* Handle the CLIENT-MASTER-KEY message.
-** Acquires and releases RecvBufLock.
-** Called from ssl2_HandleClientHelloMessage().
-*/
-static SECStatus
-ssl2_HandleClientSessionKeyMessage(sslSocket *ss)
-{
- sslConnectInfo * ci;
- PRUint8 * data;
- sslGather * gs;
- unsigned int caLen;
- unsigned int ckLen;
- unsigned int ekLen;
- unsigned int keySize;
- int cipher;
- SECStatus rv;
-
- PORT_Assert((ss->sec != 0) && (ss->gather != 0));
-
- ssl_GetRecvBufLock(ss);
- gs = ss->gather;
- ci = &ss->sec->ci;
-
- data = gs->buf.buf + gs->recordOffset;
- DUMP_MSG(29, (ss, data, gs->recordLen));
-
- if ((gs->recordLen < SSL_HL_CLIENT_MASTER_KEY_HBYTES)
- || (data[0] != SSL_MT_CLIENT_MASTER_KEY)) {
- goto bad_client;
- }
- cipher = data[1];
- keySize = (data[2] << 8) | data[3];
- ckLen = (data[4] << 8) | data[5];
- ekLen = (data[6] << 8) | data[7];
- caLen = (data[8] << 8) | data[9];
-
- SSL_TRC(5, ("%d: SSL[%d]: session-key, cipher=%d keySize=%d ckLen=%d ekLen=%d caLen=%d",
- SSL_GETPID(), ss->fd, cipher, keySize, ckLen, ekLen, caLen));
-
- if (gs->recordLen <
- SSL_HL_CLIENT_MASTER_KEY_HBYTES + ckLen + ekLen + caLen) {
- SSL_DBG(("%d: SSL[%d]: protocol size mismatch dataLen=%d",
- SSL_GETPID(), ss->fd, gs->recordLen));
- goto bad_client;
- }
-
- /* Use info from client to setup session key */
- /* XXX should validate cipher&keySize are in our array */
- rv = ssl2_ServerSetupSessionCypher(ss, cipher, keySize,
- data + SSL_HL_CLIENT_MASTER_KEY_HBYTES, ckLen,
- data + SSL_HL_CLIENT_MASTER_KEY_HBYTES + ckLen, ekLen,
- data + SSL_HL_CLIENT_MASTER_KEY_HBYTES + ckLen + ekLen, caLen);
- ss->gather->recordLen = 0; /* we're done with this record. */
-
- ssl_ReleaseRecvBufLock(ss);
-
- if (rv != SECSuccess) {
- goto loser;
- }
- ci->elements |= CIS_HAVE_MASTER_KEY;
- ssl2_UseEncryptedSendFunc(ss);
-
- /* Send server verify message now that keys are established */
- rv = ssl2_SendServerVerifyMessage(ss);
- if (rv != SECSuccess)
- goto loser;
-
- rv = ssl2_TryToFinish(ss);
- if (rv != SECSuccess)
- goto loser;
- if (ss->handshake == 0) {
- return SECSuccess;
- }
-
- SSL_TRC(5, ("%d: SSL[%d]: server: waiting for elements=0x%d",
- SSL_GETPID(), ss->fd, ci->requiredElements ^ ci->elements));
- ss->handshake = ssl_GatherRecord1stHandshake;
- ss->nextHandshake = ssl2_HandleMessage;
-
- return ssl2_TriggerNextMessage(ss);
-
-bad_client:
- ssl_ReleaseRecvBufLock(ss);
- PORT_SetError(SSL_ERROR_BAD_CLIENT);
- /* FALLTHROUGH */
-
-loser:
- return SECFailure;
-}
-
-/*
- * attempt to restart the handshake after asynchronously handling
- * a request for the client's certificate.
- *
- * inputs:
- * cert Client cert chosen by application.
- * key Private key associated with cert.
- *
- * XXX: need to make ssl2 and ssl3 versions of this function agree on whether
- * they take the reference, or bump the ref count!
- *
- * Return value: XXX
- *
- * Caller holds 1stHandshakeLock.
- */
-int
-ssl2_RestartHandshakeAfterCertReq(sslSocket * ss,
- CERTCertificate * cert,
- SECKEYPrivateKey * key)
-{
- int ret;
- SECStatus rv = SECSuccess;
- SECItem response;
-
- if (ss->version >= SSL_LIBRARY_VERSION_3_0)
- return SECFailure;
-
- response.data = NULL;
-
- PORT_Assert((ss->sec != 0));
- if (ss->sec == NULL)
- return SECFailure;
-
- /* generate error if no cert or key */
- if ( ( cert == NULL ) || ( key == NULL ) ) {
- goto no_cert;
- }
-
- /* generate signed response to the challenge */
- rv = ssl2_SignResponse(ss, key, &response);
- if ( rv != SECSuccess ) {
- goto no_cert;
- }
-
- /* Send response message */
- ret = ssl2_SendCertificateResponseMessage(ss, &cert->derCert, &response);
- if (ret) {
- goto no_cert;
- }
-
- /* try to finish the handshake */
- ret = ssl2_TryToFinish(ss);
- if (ret) {
- goto loser;
- }
-
- /* done with handshake */
- if (ss->handshake == 0) {
- ret = SECSuccess;
- goto done;
- }
-
- /* continue handshake */
- ssl_GetRecvBufLock(ss);
- ss->gather->recordLen = 0;
- ssl_ReleaseRecvBufLock(ss);
-
- ss->handshake = ssl_GatherRecord1stHandshake;
- ss->nextHandshake = ssl2_HandleMessage;
- ret = ssl2_TriggerNextMessage(ss);
- goto done;
-
-no_cert:
- /* no cert - send error */
- ret = ssl2_SendErrorMessage(ss, SSL_PE_NO_CERTIFICATE);
- goto done;
-
-loser:
- ret = SECFailure;
-done:
- /* free allocated data */
- if ( response.data ) {
- PORT_Free(response.data);
- }
-
- return ret;
-}
-
-
-/* restart an SSL connection that we stopped to run certificate dialogs
-** XXX Need to document here how an application marks a cert to show that
-** the application has accepted it (overridden CERT_VerifyCert).
- *
- * Return value: XXX
- *
- * Caller holds 1stHandshakeLock.
-*/
-int
-ssl2_RestartHandshakeAfterServerCert(sslSocket *ss)
-{
- int rv = SECSuccess;
-
- if (ss->version >= SSL_LIBRARY_VERSION_3_0)
- return SECFailure;
-
- /* SSL 2
- ** At this point we have a completed session key and our session
- ** cipher is setup and ready to go. Switch to encrypted write routine
- ** as all future message data is to be encrypted.
- */
- ssl2_UseEncryptedSendFunc(ss);
-
- rv = ssl2_TryToFinish(ss);
- if (rv == SECSuccess && ss->handshake != NULL) {
- /* handshake is not yet finished. */
-
- SSL_TRC(5, ("%d: SSL[%d]: got server-hello, required=0x%d got=0x%x",
- SSL_GETPID(), ss->fd, ss->sec->ci.requiredElements,
- ss->sec->ci.elements));
-
- ssl_GetRecvBufLock(ss);
- ss->gather->recordLen = 0; /* mark it all used up. */
- ssl_ReleaseRecvBufLock(ss);
-
- ss->handshake = ssl_GatherRecord1stHandshake;
- ss->nextHandshake = ssl2_HandleVerifyMessage;
- }
-
- return rv;
-}
-
-/*
-** Handle the initial hello message from the client
-**
-** not static because ssl2_GatherData() tests ss->nextHandshake for this value.
-*/
-SECStatus
-ssl2_HandleClientHelloMessage(sslSocket *ss)
-{
- sslSecurityInfo *sec;
- sslConnectInfo *ci;
- sslGather *gs;
- sslSessionID *sid = NULL;
- PRUint8 *msg;
- PRUint8 *data;
- PRUint8 *cs;
- PRUint8 *sd;
- PRUint8 *cert = NULL;
- PRUint8 *challenge;
- unsigned int challengeLen;
- SECStatus rv;
- int hit;
- int csLen;
- int sendLen;
- int sdLen;
- int certLen;
- int pid;
- int sent;
- int gotXmitBufLock = 0;
- PRUint8 csImpl[sizeof implementedCipherSuites];
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert((ss->sec != 0) && (ss->gather != 0));
-
- sec = ss->sec;
- ci = &sec->ci;
-
- ssl_GetRecvBufLock(ss);
-
- gs = ss->gather;
-
- data = gs->buf.buf + gs->recordOffset;
- DUMP_MSG(29, (ss, data, gs->recordLen));
-
- /* Make sure first message has some data and is the client hello message */
- if ((gs->recordLen < SSL_HL_CLIENT_HELLO_HBYTES)
- || (data[0] != SSL_MT_CLIENT_HELLO)) {
- goto bad_client;
- }
-
- /* Get peer name of client */
- rv = ssl_GetPeerInfo(ss);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- /* Examine version information */
- /*
- * See if this might be a V2 client hello asking to use the V3 protocol
- */
- if ((data[0] == SSL_MT_CLIENT_HELLO) &&
- (data[1] >= MSB(SSL_LIBRARY_VERSION_3_0)) &&
- (ss->enableSSL3 || ss->enableTLS)) {
- rv = ssl3_HandleV2ClientHello(ss, data, gs->recordLen);
- if (rv != SECFailure) { /* Success */
- ss->handshake = NULL;
- ss->nextHandshake = ssl_GatherRecord1stHandshake;
- ss->securityHandshake = NULL;
- ss->gather->state = GS_INIT;
-
- /* ssl3_HandleV3ClientHello has set ss->version,
- ** and has gotten us a brand new sid.
- */
- ss->sec->ci.sid->version = ss->version;
- }
- ssl_ReleaseRecvBufLock(ss);
- return rv;
- }
- /* Previously, there was a test here to see if SSL2 was enabled.
- ** If not, an error code was set, and SECFailure was returned,
- ** without sending any error code to the other end of the connection.
- ** That test has been removed. If SSL2 has been disabled, there
- ** should be no SSL2 ciphers enabled, and consequently, the code
- ** below should send the ssl2 error message SSL_PE_NO_CYPHERS.
- ** We now believe this is the correct thing to do, even when SSL2
- ** has been explicitly disabled by the application.
- */
-
- /* Extract info from message */
- ss->version = (data[1] << 8) | data[2];
-
- /* If some client thinks ssl v2 is 2.0 instead of 0.2, we'll allow it. */
- if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
- ss->version = SSL_LIBRARY_VERSION_2;
- }
-
- csLen = (data[3] << 8) | data[4];
- sdLen = (data[5] << 8) | data[6];
- challengeLen = (data[7] << 8) | data[8];
- cs = data + SSL_HL_CLIENT_HELLO_HBYTES;
- sd = cs + csLen;
- challenge = sd + sdLen;
- PRINT_BUF(7, (ss, "server, client session-id value:", sd, sdLen));
-
- if ((unsigned)gs->recordLen !=
- SSL_HL_CLIENT_HELLO_HBYTES + csLen + sdLen + challengeLen) {
- SSL_DBG(("%d: SSL[%d]: bad client hello message, len=%d should=%d",
- SSL_GETPID(), ss->fd, gs->recordLen,
- SSL_HL_CLIENT_HELLO_HBYTES+csLen+sdLen+challengeLen));
- goto bad_client;
- }
-
- SSL_TRC(3, ("%d: SSL[%d]: client version is %x",
- SSL_GETPID(), ss->fd, ss->version));
- if (ss->version != SSL_LIBRARY_VERSION_2) {
- if (ss->version > SSL_LIBRARY_VERSION_2) {
- /*
- ** Newer client than us. Things are ok because new clients
- ** are required to be backwards compatible with old servers.
- ** Change version number to our version number so that client
- ** knows whats up.
- */
- ss->version = SSL_LIBRARY_VERSION_2;
- } else {
- SSL_TRC(1, ("%d: SSL[%d]: client version is %x (we are %x)",
- SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
- PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
- goto loser;
- }
- }
-
- /* Qualify cipher specs before returning them to client */
- csLen = ssl2_QualifyCypherSpecs(ss, cs, csLen);
- if (csLen == 0) {
- /* no overlap, send client our list of supported SSL v2 ciphers. */
- cs = csImpl;
- csLen = sizeof implementedCipherSuites;
- PORT_Memcpy(cs, implementedCipherSuites, csLen);
- csLen = ssl2_QualifyCypherSpecs(ss, cs, csLen);
- if (csLen == 0) {
- /* We don't support any SSL v2 ciphers! */
- ssl2_SendErrorMessage(ss, SSL_PE_NO_CYPHERS);
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
- goto loser;
- }
- /* Since this handhsake is going to fail, don't cache it. */
- ss->noCache = 1;
- }
-
- /* Squirrel away the challenge for later */
- PORT_Memcpy(ci->clientChallenge, challenge, challengeLen);
-
- /* Examine message and see if session-id is good */
- ci->elements = 0;
- if (ss->noCache) {
- sid = NULL;
- } else if (sdLen) {
- SSL_TRC(7, ("%d: SSL[%d]: server, lookup client session-id for 0x%08x",
- SSL_GETPID(), ss->fd, ci->peer));
- sid = (*ssl_sid_lookup)(ci->peer, sd, sdLen, ss->dbHandle);
- }
- if (sid) {
- /* Got a good session-id. Short cut! */
- SSL_TRC(1, ("%d: SSL[%d]: server, using session-id for 0x%08x (age=%d)",
- SSL_GETPID(), ss->fd, ci->peer, ssl_Time() - sid->time));
- PRINT_BUF(1, (ss, "session-id value:", sd, sdLen));
- ci->sid = sid;
- ci->elements = CIS_HAVE_MASTER_KEY;
- hit = 1;
- certLen = 0;
- csLen = 0;
- rv = ssl2_CreateSessionCypher(ss, sid, PR_FALSE);
- if (rv != SECSuccess) {
- goto loser;
- }
- } else {
- SSL_TRC(7, ("%d: SSL[%d]: server, lookup nonce missed",
- SSL_GETPID(), ss->fd));
- hit = 0;
- sid = (sslSessionID*) PORT_ZAlloc(sizeof(sslSessionID));
- if (!sid) {
- goto loser;
- }
- sid->references = 1;
- sid->addr = ci->peer;
- sid->port = ci->port;
-
- /* Invent a session-id */
- ci->sid = sid;
- PK11_GenerateRandom(sid->u.ssl2.sessionID+2, SSL_SESSIONID_BYTES-2);
-
- pid = SSL_GETPID();
- sid->u.ssl2.sessionID[0] = MSB(pid);
- sid->u.ssl2.sessionID[1] = LSB(pid);
- cert = ss->serverCert[kt_rsa]->derCert.data;
- certLen = ss->serverCert[kt_rsa]->derCert.len;
- }
-
- /* Build up final list of required elements */
- ci->requiredElements = CIS_HAVE_MASTER_KEY | CIS_HAVE_FINISHED;
- if (ss->requestCertificate) {
- ci->requiredElements |= CIS_HAVE_CERTIFICATE;
- }
- ci->sentElements = 0;
-
- /* Send hello message back to client */
- sendLen = SSL_HL_SERVER_HELLO_HBYTES + certLen + csLen
- + SSL_CONNECTIONID_BYTES;
-
- ssl_GetXmitBufLock(ss); gotXmitBufLock = 1;
- rv = ssl2_GetSendBuffer(ss, sendLen);
- if (rv != SECSuccess) {
- goto loser;
- }
-
- SSL_TRC(3, ("%d: SSL[%d]: sending server-hello (%d)",
- SSL_GETPID(), ss->fd, sendLen));
-
- msg = ci->sendBuf.buf;
- msg[0] = SSL_MT_SERVER_HELLO;
- msg[1] = hit;
- msg[2] = SSL_CT_X509_CERTIFICATE;
- msg[3] = MSB(ss->version);
- msg[4] = LSB(ss->version);
- msg[5] = MSB(certLen);
- msg[6] = LSB(certLen);
- msg[7] = MSB(csLen);
- msg[8] = LSB(csLen);
- msg[9] = MSB(SSL_CONNECTIONID_BYTES);
- msg[10] = LSB(SSL_CONNECTIONID_BYTES);
- if (certLen) {
- PORT_Memcpy(msg+SSL_HL_SERVER_HELLO_HBYTES, cert, certLen);
- }
- if (csLen) {
- PORT_Memcpy(msg+SSL_HL_SERVER_HELLO_HBYTES+certLen, cs, csLen);
- }
- PORT_Memcpy(msg+SSL_HL_SERVER_HELLO_HBYTES+certLen+csLen, ci->connectionID,
- SSL_CONNECTIONID_BYTES);
-
- DUMP_MSG(29, (ss, msg, sendLen));
-
- sent = (*sec->send)(ss, msg, sendLen, 0);
- if (sent < 0) {
- goto loser;
- }
- ssl_ReleaseXmitBufLock(ss); gotXmitBufLock = 0;
-
- ss->gather->recordLen = 0;
- ss->handshake = ssl_GatherRecord1stHandshake;
- if (hit) {
- /* Old SID Session key is good. Go encrypted */
- ssl2_UseEncryptedSendFunc(ss);
-
- /* Send server verify message now that keys are established */
- rv = ssl2_SendServerVerifyMessage(ss);
- if (rv != SECSuccess)
- goto loser;
-
- ss->nextHandshake = ssl2_HandleMessage;
- ssl_ReleaseRecvBufLock(ss);
- rv = ssl2_TriggerNextMessage(ss);
- return rv;
- }
- ss->nextHandshake = ssl2_HandleClientSessionKeyMessage;
- ssl_ReleaseRecvBufLock(ss);
- return SECSuccess;
-
- bad_client:
- PORT_SetError(SSL_ERROR_BAD_CLIENT);
- /* FALLTHROUGH */
-
- loser:
- if (gotXmitBufLock) {
- ssl_ReleaseXmitBufLock(ss); gotXmitBufLock = 0;
- }
- SSL_TRC(10, ("%d: SSL[%d]: server, wait for client-hello lossage",
- SSL_GETPID(), ss->fd));
- ssl_ReleaseRecvBufLock(ss);
- return SECFailure;
-}
-
-SECStatus
-ssl2_BeginServerHandshake(sslSocket *ss)
-{
- sslSecurityInfo *sec;
- sslConnectInfo * ci;
- SECStatus rv;
-
- PORT_Assert((ss->sec != 0));
- sec = ss->sec;
- ci = &sec->ci;
- sec->isServer = 1;
- ssl_ChooseSessionIDProcs(sec);
- sec->sendSequence = 0;
- sec->rcvSequence = 0;
-
- /* don't turn on SSL2 if we don't have an RSA key and cert */
- if (!ss->serverKey[kt_rsa] || !ss->serverCert[kt_rsa]) {
- ss->enableSSL2 = PR_FALSE;
- }
-
- if (!ss->cipherSpecs) {
- rv = ssl2_ConstructCipherSpecs(ss);
- if (rv != SECSuccess)
- goto loser;
- }
-
- /* count the SSL2 and SSL3 enabled ciphers.
- * if either is zero, clear the socket's enable for that protocol.
- */
- rv = ssl2_CheckConfigSanity(ss);
- if (rv != SECSuccess)
- goto loser;
-
- /*
- ** Generate connection-id. Always do this, even if things fail
- ** immediately. This way the random number generator is always
- ** rolling around, every time we get a connection.
- */
- PK11_GenerateRandom(ci->connectionID, sizeof(ci->connectionID));
-
- ss->gather->recordLen = 0;
- ss->handshake = ssl_GatherRecord1stHandshake;
- ss->nextHandshake = ssl2_HandleClientHelloMessage;
- return SECSuccess;
-
-loser:
- return SECFailure;
-}
-
diff --git a/security/nss/lib/ssl/ssldef.c b/security/nss/lib/ssl/ssldef.c
deleted file mode 100644
index 7f16c26b7..000000000
--- a/security/nss/lib/ssl/ssldef.c
+++ /dev/null
@@ -1,228 +0,0 @@
-/*
- * "Default" SSLSocket methods, used by sockets that do neither SSL nor socks.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-
-#if defined(WIN32)
-#define MAP_ERROR(from,to) if (err == from) { PORT_SetError(to); }
-#else
-#define MAP_ERROR(from,to)
-#endif
-
-int ssl_DefConnect(sslSocket *ss, const PRNetAddr *sa)
-{
- PRFileDesc *lower = ss->fd->lower;
- int rv;
-
- rv = lower->methods->connect(lower, sa, ss->cTimeout);
- return rv;
-}
-
-int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr)
-{
- PRFileDesc *lower = ss->fd->lower;
- int rv;
-
- rv = lower->methods->bind(lower, addr);
- return rv;
-}
-
-int ssl_DefListen(sslSocket *ss, int backlog)
-{
- PRFileDesc *lower = ss->fd->lower;
- int rv;
-
- rv = lower->methods->listen(lower, backlog);
- return rv;
-}
-
-int ssl_DefShutdown(sslSocket *ss, int how)
-{
- PRFileDesc *lower = ss->fd->lower;
- int rv;
-
- rv = lower->methods->shutdown(lower, how);
- return rv;
-}
-
-int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
-{
- PRFileDesc *lower = ss->fd->lower;
- int rv;
-
- rv = lower->methods->recv(lower, (void *)buf, len, flags, ss->rTimeout);
- if (rv < 0) {
- PRErrorCode err = PR_GetError();
- MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR)
- }
- return rv;
-}
-
-/* Default (unencrypted) send.
- * Returns SECSuccess or SECFailure, NOT SECWouldBlock.
- * Returns positive count if any data was written.
- * ALWAYS check for a short write after calling ssl_DefSend.
- */
-int ssl_DefSend(sslSocket *ss, const unsigned char *buf, int len, int flags)
-{
- PRFileDesc *lower = ss->fd->lower;
- int rv, count;
-
- count = 0;
- for (;;) {
- rv = lower->methods->send(lower, (const void *)buf, len,
- flags, ss->wTimeout);
- if (rv < 0) {
- PRErrorCode err = PR_GetError();
- if (err == PR_WOULD_BLOCK_ERROR) {
- return count ? count : rv;
- }
- MAP_ERROR(PR_CONNECT_ABORTED_ERROR, PR_CONNECT_RESET_ERROR)
- /* Loser */
- return rv;
- }
- count += rv;
- if (rv < len) {
- /* Short send. Send the rest in the next call */
- buf += rv;
- len -= rv;
- continue;
- }
- break;
- }
- return count;
-}
-
-int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len)
-{
- PRFileDesc *lower = ss->fd->lower;
- int rv;
-
- rv = lower->methods->read(lower, (void *)buf, len);
- if (rv < 0) {
- PRErrorCode err = PR_GetError();
- MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR)
- }
- return rv;
-}
-
-int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len)
-{
- PRFileDesc *lower = ss->fd->lower;
- int rv, count;
-
- count = 0;
- for (;;) {
- rv = lower->methods->write(lower, (void *)buf, len);
- if (rv < 0) {
- PRErrorCode err = PR_GetError();
- if (err == PR_WOULD_BLOCK_ERROR) {
- return count ? count : rv;
- }
- MAP_ERROR(PR_CONNECT_ABORTED_ERROR, PR_CONNECT_RESET_ERROR)
- /* Loser */
- return rv;
- }
- count += rv;
- if (rv != len) {
- /* Short write. Send the rest in the next call */
- buf += rv;
- len -= rv;
- continue;
- }
- break;
- }
- return count;
-}
-
-int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name)
-{
- PRFileDesc *lower = ss->fd->lower;
- int rv;
-
- rv = lower->methods->getpeername(lower, name);
- return rv;
-}
-
-int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name)
-{
- PRFileDesc *lower = ss->fd->lower;
- int rv;
-
- rv = lower->methods->getsockname(lower, name);
- return rv;
-}
-
-int ssl_DefClose(sslSocket *ss)
-{
- PRFileDesc *fd;
- PRFileDesc *popped;
- int rv;
-
- fd = ss->fd;
-
- /* First, remove the SSL layer PRFileDesc from the socket's stack,
- ** then invoke the SSL layer's PRFileDesc destructor.
- ** This must happen before the next layer down is closed.
- */
- PORT_Assert(fd->higher == NULL);
- if (fd->higher) {
- PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
- return SECFailure;
- }
- ss->fd = NULL;
-
- /* PR_PopIOLayer will swap the contents of the top two PRFileDescs on
- ** the stack, and then remove the second one. This way, the address
- ** of the PRFileDesc on the top of the stack doesn't change.
- */
- popped = PR_PopIOLayer(fd, PR_TOP_IO_LAYER);
- popped->dtor(popped);
-
- /* fd is now the PRFileDesc for the next layer down.
- ** Now close the underlying socket.
- */
- rv = fd->methods->close(fd);
-
- ssl_FreeSocket(ss);
-
- SSL_TRC(5, ("%d: SSL[%d]: closing, rv=%d errno=%d",
- SSL_GETPID(), fd, rv, PORT_GetError()));
- return rv;
-}
diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c
deleted file mode 100644
index b94f4bf65..000000000
--- a/security/nss/lib/ssl/sslenum.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Table enumerating all implemented cipher suites
- * Part of public API.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "ssl.h"
-#include "sslproto.h"
-
-const PRUint16 SSL_ImplementedCiphers[] = {
-
- SSL_RSA_WITH_NULL_MD5,
- SSL_RSA_EXPORT_WITH_RC4_40_MD5,
- SSL_RSA_WITH_RC4_128_MD5,
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
- SSL_RSA_WITH_DES_CBC_SHA,
- SSL_RSA_WITH_3DES_EDE_CBC_SHA,
-
- SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
- SSL_FORTEZZA_DMS_WITH_NULL_SHA,
- SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,
-
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-
- /* SSL2 cipher suites. */
- SSL_EN_RC4_128_WITH_MD5,
- SSL_EN_RC4_128_EXPORT40_WITH_MD5,
- SSL_EN_RC2_128_CBC_WITH_MD5,
- SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL_EN_DES_64_CBC_WITH_MD5,
- SSL_EN_DES_192_EDE3_CBC_WITH_MD5,
-
- /* Netscape "experimental" cipher suites. */
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
- SSL_RSA_FIPS_WITH_DES_CBC_SHA,
-
- 0
-
-};
-
-const PRUint16 SSL_NumImplementedCiphers =
- (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1;
-
diff --git a/security/nss/lib/ssl/sslerr.c b/security/nss/lib/ssl/sslerr.c
deleted file mode 100644
index 5a2d27a3e..000000000
--- a/security/nss/lib/ssl/sslerr.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Function to set error code only when meaningful error has not already
- * been set.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "prerror.h"
-#include "secerr.h"
-#include "sslerr.h"
-#include "seccomon.h"
-
-/* look at the current value of PR_GetError, and evaluate it to see
- * if it is meaningful or meaningless (out of context).
- * If it is meaningless, replace it with the hiLevelError.
- * Returns the chosen error value.
- */
-int
-ssl_MapLowLevelError(int hiLevelError)
-{
- int oldErr = PORT_GetError();
-
- switch (oldErr) {
-
- case 0:
- case PR_IO_ERROR:
- case SEC_ERROR_IO:
- case SEC_ERROR_BAD_DATA:
- case SEC_ERROR_LIBRARY_FAILURE:
- case SSL_ERROR_BAD_CLIENT:
- case SSL_ERROR_BAD_SERVER:
- PORT_SetError(hiLevelError);
- return hiLevelError;
-
- default: /* leave the majority of error codes alone. */
- return oldErr;
- }
-}
diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h
deleted file mode 100644
index 3285fb60c..000000000
--- a/security/nss/lib/ssl/sslerr.h
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
- * Enumeration of all SSL-specific error codes.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-#ifndef __SSL_ERR_H_
-#define __SSL_ERR_H_
-
-
-#define SSL_ERROR_BASE (-0x3000)
-#define SSL_ERROR_LIMIT (SSL_ERROR_BASE + 1000)
-
-#define IS_SSL_ERROR(code) \
- (((code) >= SSL_ERROR_BASE) && ((code) < SSL_ERROR_LIMIT))
-
-#ifndef NO_SECURITY_ERROR_ENUM
-typedef enum {
-SSL_ERROR_EXPORT_ONLY_SERVER = (SSL_ERROR_BASE + 0),
-SSL_ERROR_US_ONLY_SERVER = (SSL_ERROR_BASE + 1),
-SSL_ERROR_NO_CYPHER_OVERLAP = (SSL_ERROR_BASE + 2),
-/*
- * Received an alert reporting what we did wrong. (more alerts below)
- */
-SSL_ERROR_NO_CERTIFICATE /*_ALERT */ = (SSL_ERROR_BASE + 3),
-SSL_ERROR_BAD_CERTIFICATE = (SSL_ERROR_BASE + 4),
- /* error 5 is obsolete */
-SSL_ERROR_BAD_CLIENT = (SSL_ERROR_BASE + 6),
-SSL_ERROR_BAD_SERVER = (SSL_ERROR_BASE + 7),
-SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE = (SSL_ERROR_BASE + 8),
-SSL_ERROR_UNSUPPORTED_VERSION = (SSL_ERROR_BASE + 9),
- /* error 10 is obsolete */
-SSL_ERROR_WRONG_CERTIFICATE = (SSL_ERROR_BASE + 11),
-SSL_ERROR_BAD_CERT_DOMAIN = (SSL_ERROR_BASE + 12),
-SSL_ERROR_POST_WARNING = (SSL_ERROR_BASE + 13),
-SSL_ERROR_SSL2_DISABLED = (SSL_ERROR_BASE + 14),
-SSL_ERROR_BAD_MAC_READ = (SSL_ERROR_BASE + 15),
-/*
- * Received an alert reporting what we did wrong.
- * (two more alerts above, and many more below)
- */
-SSL_ERROR_BAD_MAC_ALERT = (SSL_ERROR_BASE + 16),
-SSL_ERROR_BAD_CERT_ALERT = (SSL_ERROR_BASE + 17),
-SSL_ERROR_REVOKED_CERT_ALERT = (SSL_ERROR_BASE + 18),
-SSL_ERROR_EXPIRED_CERT_ALERT = (SSL_ERROR_BASE + 19),
-
-SSL_ERROR_SSL_DISABLED = (SSL_ERROR_BASE + 20),
-SSL_ERROR_FORTEZZA_PQG = (SSL_ERROR_BASE + 21),
-SSL_ERROR_UNKNOWN_CIPHER_SUITE = (SSL_ERROR_BASE + 22),
-SSL_ERROR_NO_CIPHERS_SUPPORTED = (SSL_ERROR_BASE + 23),
-SSL_ERROR_BAD_BLOCK_PADDING = (SSL_ERROR_BASE + 24),
-SSL_ERROR_RX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 25),
-SSL_ERROR_TX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 26),
-/*
- * Received a malformed (too long or short) SSL handshake.
- */
-SSL_ERROR_RX_MALFORMED_HELLO_REQUEST = (SSL_ERROR_BASE + 27),
-SSL_ERROR_RX_MALFORMED_CLIENT_HELLO = (SSL_ERROR_BASE + 28),
-SSL_ERROR_RX_MALFORMED_SERVER_HELLO = (SSL_ERROR_BASE + 29),
-SSL_ERROR_RX_MALFORMED_CERTIFICATE = (SSL_ERROR_BASE + 30),
-SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 31),
-SSL_ERROR_RX_MALFORMED_CERT_REQUEST = (SSL_ERROR_BASE + 32),
-SSL_ERROR_RX_MALFORMED_HELLO_DONE = (SSL_ERROR_BASE + 33),
-SSL_ERROR_RX_MALFORMED_CERT_VERIFY = (SSL_ERROR_BASE + 34),
-SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 35),
-SSL_ERROR_RX_MALFORMED_FINISHED = (SSL_ERROR_BASE + 36),
-/*
- * Received a malformed (too long or short) SSL record.
- */
-SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER = (SSL_ERROR_BASE + 37),
-SSL_ERROR_RX_MALFORMED_ALERT = (SSL_ERROR_BASE + 38),
-SSL_ERROR_RX_MALFORMED_HANDSHAKE = (SSL_ERROR_BASE + 39),
-SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40),
-/*
- * Received an SSL handshake that was inappropriate for the state we're in.
- * E.g. Server received message from server, or wrong state in state machine.
- */
-SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST = (SSL_ERROR_BASE + 41),
-SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO = (SSL_ERROR_BASE + 42),
-SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO = (SSL_ERROR_BASE + 43),
-SSL_ERROR_RX_UNEXPECTED_CERTIFICATE = (SSL_ERROR_BASE + 44),
-SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45),
-SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST = (SSL_ERROR_BASE + 46),
-SSL_ERROR_RX_UNEXPECTED_HELLO_DONE = (SSL_ERROR_BASE + 47),
-SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY = (SSL_ERROR_BASE + 48),
-SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49),
-SSL_ERROR_RX_UNEXPECTED_FINISHED = (SSL_ERROR_BASE + 50),
-/*
- * Received an SSL record that was inappropriate for the state we're in.
- */
-SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER = (SSL_ERROR_BASE + 51),
-SSL_ERROR_RX_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 52),
-SSL_ERROR_RX_UNEXPECTED_HANDSHAKE = (SSL_ERROR_BASE + 53),
-SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA= (SSL_ERROR_BASE + 54),
-/*
- * Received record/message with unknown discriminant.
- */
-SSL_ERROR_RX_UNKNOWN_RECORD_TYPE = (SSL_ERROR_BASE + 55),
-SSL_ERROR_RX_UNKNOWN_HANDSHAKE = (SSL_ERROR_BASE + 56),
-SSL_ERROR_RX_UNKNOWN_ALERT = (SSL_ERROR_BASE + 57),
-/*
- * Received an alert reporting what we did wrong. (more alerts above)
- */
-SSL_ERROR_CLOSE_NOTIFY_ALERT = (SSL_ERROR_BASE + 58),
-SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 59),
-SSL_ERROR_DECOMPRESSION_FAILURE_ALERT = (SSL_ERROR_BASE + 60),
-SSL_ERROR_HANDSHAKE_FAILURE_ALERT = (SSL_ERROR_BASE + 61),
-SSL_ERROR_ILLEGAL_PARAMETER_ALERT = (SSL_ERROR_BASE + 62),
-SSL_ERROR_UNSUPPORTED_CERT_ALERT = (SSL_ERROR_BASE + 63),
-SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT = (SSL_ERROR_BASE + 64),
-
-SSL_ERROR_GENERATE_RANDOM_FAILURE = (SSL_ERROR_BASE + 65),
-SSL_ERROR_SIGN_HASHES_FAILURE = (SSL_ERROR_BASE + 66),
-SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE = (SSL_ERROR_BASE + 67),
-SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 68),
-SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 69),
-
-SSL_ERROR_ENCRYPTION_FAILURE = (SSL_ERROR_BASE + 70),
-SSL_ERROR_DECRYPTION_FAILURE = (SSL_ERROR_BASE + 71),
-SSL_ERROR_SOCKET_WRITE_FAILURE = (SSL_ERROR_BASE + 72),
-
-SSL_ERROR_MD5_DIGEST_FAILURE = (SSL_ERROR_BASE + 73),
-SSL_ERROR_SHA_DIGEST_FAILURE = (SSL_ERROR_BASE + 74),
-SSL_ERROR_MAC_COMPUTATION_FAILURE = (SSL_ERROR_BASE + 75),
-SSL_ERROR_SYM_KEY_CONTEXT_FAILURE = (SSL_ERROR_BASE + 76),
-SSL_ERROR_SYM_KEY_UNWRAP_FAILURE = (SSL_ERROR_BASE + 77),
-SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED = (SSL_ERROR_BASE + 78),
-SSL_ERROR_IV_PARAM_FAILURE = (SSL_ERROR_BASE + 79),
-SSL_ERROR_INIT_CIPHER_SUITE_FAILURE = (SSL_ERROR_BASE + 80),
-SSL_ERROR_SESSION_KEY_GEN_FAILURE = (SSL_ERROR_BASE + 81),
-SSL_ERROR_NO_SERVER_KEY_FOR_ALG = (SSL_ERROR_BASE + 82),
-SSL_ERROR_TOKEN_INSERTION_REMOVAL = (SSL_ERROR_BASE + 83),
-SSL_ERROR_TOKEN_SLOT_NOT_FOUND = (SSL_ERROR_BASE + 84),
-SSL_ERROR_NO_COMPRESSION_OVERLAP = (SSL_ERROR_BASE + 85),
-SSL_ERROR_HANDSHAKE_NOT_COMPLETED = (SSL_ERROR_BASE + 86),
-SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE = (SSL_ERROR_BASE + 87),
-SSL_ERROR_CERT_KEA_MISMATCH = (SSL_ERROR_BASE + 88),
-SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA = (SSL_ERROR_BASE + 89),
-SSL_ERROR_SESSION_NOT_FOUND = (SSL_ERROR_BASE + 90),
-
-SSL_ERROR_DECRYPTION_FAILED_ALERT = (SSL_ERROR_BASE + 91),
-SSL_ERROR_RECORD_OVERFLOW_ALERT = (SSL_ERROR_BASE + 92),
-SSL_ERROR_UNKNOWN_CA_ALERT = (SSL_ERROR_BASE + 93),
-SSL_ERROR_ACCESS_DENIED_ALERT = (SSL_ERROR_BASE + 94),
-SSL_ERROR_DECODE_ERROR_ALERT = (SSL_ERROR_BASE + 95),
-SSL_ERROR_DECRYPT_ERROR_ALERT = (SSL_ERROR_BASE + 96),
-SSL_ERROR_EXPORT_RESTRICTION_ALERT = (SSL_ERROR_BASE + 97),
-SSL_ERROR_PROTOCOL_VERSION_ALERT = (SSL_ERROR_BASE + 98),
-SSL_ERROR_INSUFFICIENT_SECURITY_ALERT = (SSL_ERROR_BASE + 99),
-SSL_ERROR_INTERNAL_ERROR_ALERT = (SSL_ERROR_BASE + 100),
-SSL_ERROR_USER_CANCELED_ALERT = (SSL_ERROR_BASE + 101),
-SSL_ERROR_NO_RENEGOTIATION_ALERT = (SSL_ERROR_BASE + 102),
-
-SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
-} SSLErrorCodes;
-#endif /* NO_SECURITY_ERROR_ENUM */
-
-#endif /* __SSL_ERR_H_ */
diff --git a/security/nss/lib/ssl/sslgathr.c b/security/nss/lib/ssl/sslgathr.c
deleted file mode 100644
index 737a55c9b..000000000
--- a/security/nss/lib/ssl/sslgathr.c
+++ /dev/null
@@ -1,481 +0,0 @@
-/*
- * Gather (Read) entire SSL2 records from socket into buffer.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-
-/* Forward static declarations */
-static SECStatus ssl2_HandleV3HandshakeRecord(sslSocket *ss);
-
-/*
-** Gather a single record of data from the receiving stream. This code
-** first gathers the header (2 or 3 bytes long depending on the value of
-** the most significant bit in the first byte) then gathers up the data
-** for the record into gs->buf. This code handles non-blocking I/O
-** and is to be called multiple times until sec->recordLen != 0.
-** This function decrypts the gathered record in place, in gs_buf.
- *
- * Caller must hold RecvBufLock.
- *
- * Returns +1 when it has gathered a complete SSLV2 record.
- * Returns 0 if it hits EOF.
- * Returns -1 (SECFailure) on any error
- * Returns -2 (SECWouldBlock) when it gathers an SSL v3 client hello header.
-**
-** The SSL2 Gather State machine has 4 states:
-** GS_INIT - Done reading in previous record. Haven't begun to read in
-** next record. When ssl2_GatherData is called with the machine
-** in this state, the machine will attempt to read the first 3
-** bytes of the SSL2 record header, and will advance the state
-** to GS_HEADER.
-**
-** GS_HEADER - The machine is in this state while waiting for the completion
-** of the first 3 bytes of the SSL2 record. When complete, the
-** machine will compute the remaining unread length of this record
-** and will initiate a read of that many bytes. The machine will
-** advance to one of two states, depending on whether the record
-** is encrypted (GS_MAC), or unencrypted (GS_DATA).
-**
-** GS_MAC - The machine is in this state while waiting for the remainder
-** of the SSL2 record to be read in. When the read is completed,
-** the machine checks the record for valid length, decrypts it,
-** and checks and discards the MAC, then advances to GS_INIT.
-**
-** GS_DATA - The machine is in this state while waiting for the remainder
-** of the unencrypted SSL2 record to be read in. Upon completion,
-** the machine advances to the GS_INIT state and returns the data.
-*/
-int
-ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
-{
- sslSecurityInfo *sec = ss->sec;
- unsigned char * bp;
- unsigned char * pBuf;
- int nb, err, rv;
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
-
- if (gs->state == GS_INIT) {
- /* Initialize gathering engine */
- gs->state = GS_HEADER;
- gs->remainder = 3;
- gs->count = 3;
- gs->offset = 0;
- gs->recordLen = 0;
- gs->recordPadding = 0;
- gs->hdr[2] = 0;
-
- gs->writeOffset = 0;
- gs->readOffset = 0;
- }
- if (gs->encrypted) {
- PORT_Assert(sec != 0);
- }
-
- pBuf = gs->buf.buf;
- for (;;) {
- SSL_TRC(30, ("%d: SSL[%d]: gather state %d (need %d more)",
- SSL_GETPID(), ss->fd, gs->state, gs->remainder));
- bp = ((gs->state != GS_HEADER) ? pBuf : gs->hdr) + gs->offset;
- nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
- if (nb > 0) {
- PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
- }
- if (nb == 0) {
- /* EOF */
- SSL_TRC(30, ("%d: SSL[%d]: EOF", SSL_GETPID(), ss->fd));
- rv = 0;
- break;
- }
- if (nb < 0) {
- SSL_DBG(("%d: SSL[%d]: recv error %d", SSL_GETPID(), ss->fd,
- PR_GetError()));
- rv = SECFailure;
- break;
- }
-
- gs->offset += nb;
- gs->remainder -= nb;
-
- if (gs->remainder > 0) {
- continue;
- }
-
- /* Probably finished this piece */
- switch (gs->state) {
- case GS_HEADER:
- if ((ss->enableSSL3 || ss->enableTLS) && !ss->connected) {
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
-
- /* If this looks like an SSL3 handshake record,
- ** and we're expecting an SSL2 Hello message from our peer,
- ** handle it here.
- */
- if (gs->hdr[0] == content_handshake) {
- if ((ss->nextHandshake == ssl2_HandleClientHelloMessage) ||
- (ss->nextHandshake == ssl2_HandleServerHelloMessage)) {
- rv = ssl2_HandleV3HandshakeRecord(ss);
- if (rv == SECFailure) {
- return SECFailure;
- }
- }
- /* XXX_1 The call stack to here is:
- * ssl_Do1stHandshake -> ssl_GatherRecord1stHandshake ->
- * ssl2_GatherRecord -> here.
- * We want to return all the way out to ssl_Do1stHandshake,
- * and have it call ssl_GatherRecord1stHandshake again.
- * ssl_GatherRecord1stHandshake will call
- * ssl3_GatherCompleteHandshake when it is called again.
- *
- * Returning SECWouldBlock here causes
- * ssl_GatherRecord1stHandshake to return without clearing
- * ss->handshake, ensuring that ssl_Do1stHandshake will
- * call it again immediately.
- *
- * If we return 1 here, ssl_GatherRecord1stHandshake will
- * clear ss->handshake before returning, and thus will not
- * be called again by ssl_Do1stHandshake.
- */
- return SECWouldBlock;
- } else if (gs->hdr[0] == content_alert) {
- if (ss->nextHandshake == ssl2_HandleServerHelloMessage) {
- /* XXX This is a hack. We're assuming that any failure
- * XXX on the client hello is a failure to match
- * XXX ciphers.
- */
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
- return SECFailure;
- }
- }
- } /* ((ss->enableSSL3 || ss->enableTLS) && !ss->connected) */
-
- /* we've got the first 3 bytes. The header may be two or three. */
- if (gs->hdr[0] & 0x80) {
- /* This record has a 2-byte header, and no padding */
- gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1];
- gs->recordPadding = 0;
- } else {
- /* This record has a 3-byte header that is all read in now. */
- gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1];
- /* is_escape = (gs->hdr[0] & 0x40) != 0; */
- gs->recordPadding = gs->hdr[2];
- }
-
- if (gs->count > gs->buf.space) {
- err = sslBuffer_Grow(&gs->buf, gs->count);
- if (err) {
- return err;
- }
- pBuf = gs->buf.buf;
- }
-
-
- if (gs->hdr[0] & 0x80) {
- /* we've already read in the first byte of the body.
- ** Put it into the buffer.
- */
- pBuf[0] = gs->hdr[2];
- gs->offset = 1;
- gs->remainder = gs->count - 1;
- } else {
- gs->offset = 0;
- gs->remainder = gs->count;
- }
-
- if (gs->encrypted) {
- gs->state = GS_MAC;
- gs->recordLen = gs->count - gs->recordPadding
- - sec->hash->length;
- } else {
- gs->state = GS_DATA;
- gs->recordLen = gs->count;
- }
-
- break;
-
-
- case GS_MAC:
- /* Have read in entire rest of the ciphertext.
- ** Check for valid length.
- ** Decrypt it.
- ** Check the MAC.
- */
- PORT_Assert(gs->encrypted);
-
- {
- unsigned int macLen;
- int nout;
- unsigned char mac[SSL_MAX_MAC_BYTES];
-
- ssl_GetSpecReadLock(ss); /**********************************/
-
- /* If this is a stream cipher, blockSize will be 1,
- * and this test will always be false.
- * If this is a block cipher, this will detect records
- * that are not a multiple of the blocksize in length.
- */
- if (gs->count & (sec->blockSize - 1)) {
- /* This is an error. Sender is misbehaving */
- SSL_DBG(("%d: SSL[%d]: sender, count=%d blockSize=%d",
- SSL_GETPID(), ss->fd, gs->count,
- sec->blockSize));
- PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
- rv = SECFailure;
- goto spec_locked_done;
- }
- PORT_Assert(gs->count == gs->offset);
-
- if (gs->offset == 0) {
- rv = 0; /* means EOF. */
- goto spec_locked_done;
- }
-
- /* Decrypt the portion of data that we just recieved.
- ** Decrypt it in place.
- */
- rv = (*sec->dec)(sec->readcx, pBuf, &nout, gs->offset,
- pBuf, gs->offset);
- if (rv != SECSuccess) {
- goto spec_locked_done;
- }
-
-
- /* Have read in all the MAC portion of record
- **
- ** Prepare MAC by resetting it and feeding it the shared secret
- */
- macLen = sec->hash->length;
- if (gs->offset >= macLen) {
- uint32 sequenceNumber = sec->rcvSequence++;
- unsigned char seq[4];
-
- seq[0] = (unsigned char) (sequenceNumber >> 24);
- seq[1] = (unsigned char) (sequenceNumber >> 16);
- seq[2] = (unsigned char) (sequenceNumber >> 8);
- seq[3] = (unsigned char) (sequenceNumber);
-
- (*sec->hash->begin)(sec->hashcx);
- (*sec->hash->update)(sec->hashcx, sec->rcvSecret.data,
- sec->rcvSecret.len);
- (*sec->hash->update)(sec->hashcx, pBuf + macLen,
- gs->offset - macLen);
- (*sec->hash->update)(sec->hashcx, seq, 4);
- (*sec->hash->end)(sec->hashcx, mac, &macLen, macLen);
- }
-
- PORT_Assert(macLen == sec->hash->length);
-
- ssl_ReleaseSpecReadLock(ss); /******************************/
-
- if (PORT_Memcmp(mac, pBuf, macLen) != 0) {
- /* MAC's didn't match... */
- SSL_DBG(("%d: SSL[%d]: mac check failed, seq=%d",
- SSL_GETPID(), ss->fd, sec->rcvSequence));
- PRINT_BUF(1, (ss, "computed mac:", mac, macLen));
- PRINT_BUF(1, (ss, "received mac:", pBuf, macLen));
- PORT_SetError(SSL_ERROR_BAD_MAC_READ);
- rv = SECFailure;
- goto cleanup;
- }
-
-
- PORT_Assert(gs->recordPadding + macLen <= gs->offset);
- if (gs->recordPadding + macLen <= gs->offset) {
- gs->recordOffset = macLen;
- gs->readOffset = macLen;
- gs->writeOffset = gs->offset - gs->recordPadding;
- rv = 1;
- } else {
- PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
-cleanup:
- /* nothing in the buffer any more. */
- gs->recordOffset = 0;
- gs->readOffset = 0;
- gs->writeOffset = 0;
- rv = SECFailure;
- }
-
- gs->recordLen = gs->writeOffset - gs->readOffset;
- gs->recordPadding = 0; /* forget we did any padding. */
- gs->state = GS_INIT;
-
-
- if (rv > 0) {
- PRINT_BUF(50, (ss, "recv clear record:",
- pBuf + gs->recordOffset, gs->recordLen));
- }
- return rv;
-
-spec_locked_done:
- ssl_ReleaseSpecReadLock(ss);
- return rv;
- }
-
- case GS_DATA:
- /* Have read in all the DATA portion of record */
-
- gs->recordOffset = 0;
- gs->readOffset = 0;
- gs->writeOffset = gs->offset;
- PORT_Assert(gs->recordLen == gs->writeOffset - gs->readOffset);
- gs->recordLen = gs->offset;
- gs->recordPadding = 0;
- gs->state = GS_INIT;
-
- ++sec->rcvSequence;
-
- PRINT_BUF(50, (ss, "recv clear record:",
- pBuf + gs->recordOffset, gs->recordLen));
- return 1;
-
- } /* end switch gs->state */
- } /* end gather loop. */
- return rv;
-}
-
-/*
-** Gather a single record of data from the receiving stream. This code
-** first gathers the header (2 or 3 bytes long depending on the value of
-** the most significant bit in the first byte) then gathers up the data
-** for the record into the readBuf. This code handles non-blocking I/O
-** and is to be called multiple times until sec->recordLen != 0.
- *
- * Returns +1 when it has gathered a complete SSLV2 record.
- * Returns 0 if it hits EOF.
- * Returns -1 (SECFailure) on any error
- * Returns -2 (SECWouldBlock)
- *
- * Called by ssl_GatherRecord1stHandshake in sslcon.c,
- * and by DoRecv in sslsecur.c
- * Caller must hold RecvBufLock.
- */
-int
-ssl2_GatherRecord(sslSocket *ss, int flags)
-{
- return ssl2_GatherData(ss, ss->gather, flags);
-}
-
-/*
- * Returns +1 when it has gathered a complete SSLV2 record.
- * Returns 0 if it hits EOF.
- * Returns -1 (SECFailure) on any error
- * Returns -2 (SECWouldBlock)
- *
- * Called from SocksStartGather in sslsocks.c
- * Caller must hold RecvBufLock.
- */
-int
-ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, unsigned int count)
-{
- int rv;
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- gs->state = GS_DATA;
- gs->remainder = count;
- gs->count = count;
- gs->offset = 0;
- if (count > gs->buf.space) {
- rv = sslBuffer_Grow(&gs->buf, count);
- if (rv) {
- return rv;
- }
- }
- return ssl2_GatherData(ss, gs, 0);
-}
-
-/* Caller should hold RecvBufLock. */
-sslGather *
-ssl_NewGather(void)
-{
- sslGather *gs;
-
- gs = (sslGather*) PORT_ZAlloc(sizeof(sslGather));
- if (gs) {
- gs->state = GS_INIT;
- }
- return gs;
-}
-
-/* Caller must hold RecvBufLock. */
-void
-ssl_DestroyGather(sslGather *gs)
-{
- if (gs->inbuf.buf != NULL) {
- PORT_ZFree(gs->inbuf.buf, gs->inbuf.len);
- }
- if (gs) {
- PORT_Free(gs->buf.buf);
- PORT_Free(gs);
- }
-}
-
-/* Caller must hold RecvBufLock. */
-static SECStatus
-ssl2_HandleV3HandshakeRecord(sslSocket *ss)
-{
- sslGather * gs = ss->gather;
- SECStatus rv;
- SSL3ProtocolVersion version = (gs->hdr[1] << 8) | gs->hdr[2];
-
- PORT_Assert( ssl_HaveRecvBufLock(ss) );
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
-
- /* We've read in 3 bytes, there are 2 more to go in an ssl3 header. */
- gs->remainder = 2;
- gs->count = 0;
-
- /* Clearing these handshake pointers ensures that
- * ssl_Do1stHandshake won't call ssl2_HandleMessage when we return.
- */
- ss->nextHandshake = 0;
- ss->securityHandshake = 0;
-
- /* Setting ss->version to an SSL 3.x value will cause
- ** ssl_GatherRecord1stHandshake to invoke ssl3_GatherCompleteHandshake()
- ** the next time it is called.
- **/
- rv = ssl3_NegotiateVersion(ss, version);
- if (rv != SECSuccess) {
- return rv;
- }
-
- ss->sec->send = ssl3_SendApplicationData;
-
- return SECSuccess;
-}
diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h
deleted file mode 100644
index fe4a68f27..000000000
--- a/security/nss/lib/ssl/sslimpl.h
+++ /dev/null
@@ -1,1250 +0,0 @@
-/*
- * This file is PRIVATE to SSL and should be the first thing included by
- * any SSL implementation file.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef __sslimpl_h_
-#define __sslimpl_h_
-
-#ifdef DEBUG
-#undef NDEBUG
-#else
-#undef NDEBUG
-#define NDEBUG
-#endif
-#include "secport.h"
-#include "secerr.h"
-#include "sslerr.h"
-#include "ssl3prot.h"
-#include "hasht.h"
-#include "prlock.h"
-#include "pkcs11t.h"
-#ifdef XP_UNIX
-#include "unistd.h"
-#endif
-#include "nssrwlk.h"
-
-
-#if defined(DEBUG) || defined(TRACE)
-#ifdef __cplusplus
-#define Debug 1
-#else
-extern int Debug;
-#endif
-#else
-#undef Debug
-#endif
-#if defined(DEBUG)
-#define TRACE
-#endif
-
-#ifdef TRACE
-#define SSL_TRC(a,b) if (ssl_trace >= (a)) ssl_Trace b
-#define PRINT_BUF(a,b) if (ssl_trace >= (a)) ssl_PrintBuf b
-#define DUMP_MSG(a,b) if (ssl_trace >= (a)) ssl_DumpMsg b
-#else
-#define SSL_TRC(a,b)
-#define PRINT_BUF(a,b)
-#define DUMP_MSG(a,b)
-#endif
-
-#ifdef DEBUG
-#define SSL_DBG(b) if (ssl_debug) ssl_Trace b
-#else
-#define SSL_DBG(b)
-#endif
-
-#if defined (DEBUG)
-#ifdef macintosh
-#include "pprthred.h"
-#else
-#include "private/pprthred.h" /* for PR_InMonitor() */
-#endif
-#define ssl_InMonitor(m) PR_InMonitor(m)
-#endif
-
-#define LSB(x) ((unsigned char) (x & 0xff))
-#define MSB(x) ((unsigned char) (((unsigned)(x)) >> 8))
-
-/************************************************************************/
-
-typedef enum { SSLAppOpRead = 0,
- SSLAppOpWrite,
- SSLAppOpRDWR,
- SSLAppOpPost,
- SSLAppOpHeader
-} SSLAppOperation;
-
-#define SSL_MIN_MASTER_KEY_BYTES 5
-#define SSL_MAX_MASTER_KEY_BYTES 64
-
-#define SSL_SESSIONID_BYTES 16
-#define SSL3_SESSIONID_BYTES 32
-
-#define SSL_MIN_CHALLENGE_BYTES 16
-#define SSL_MAX_CHALLENGE_BYTES 32
-#define SSL_CHALLENGE_BYTES 16
-
-#define SSL_CONNECTIONID_BYTES 16
-
-#define SSL_MIN_CYPHER_ARG_BYTES 0
-#define SSL_MAX_CYPHER_ARG_BYTES 32
-
-#define SSL_MAX_MAC_BYTES 16
-
-/* number of wrap mechanisms potentially used to wrap master secrets. */
-#define SSL_NUM_WRAP_MECHS 13
-
-/* This makes the cert cache entry exactly 4k. */
-#define SSL_MAX_CACHED_CERT_LEN 4060
-
-typedef struct sslBufferStr sslBuffer;
-typedef struct sslConnectInfoStr sslConnectInfo;
-typedef struct sslGatherStr sslGather;
-typedef struct sslSecurityInfoStr sslSecurityInfo;
-typedef struct sslSessionIDStr sslSessionID;
-typedef struct sslSocketStr sslSocket;
-typedef struct sslSocketOpsStr sslSocketOps;
-typedef struct sslSocksInfoStr sslSocksInfo;
-
-typedef struct ssl3StateStr ssl3State;
-typedef struct ssl3CertNodeStr ssl3CertNode;
-typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
-typedef struct ssl3MACDefStr ssl3MACDef;
-typedef struct ssl3KeyPairStr ssl3KeyPair;
-
-struct ssl3CertNodeStr {
- struct ssl3CertNodeStr *next;
- CERTCertificate * cert;
-};
-
-typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss);
-
-/* This type points to the low layer send func,
-** e.g. ssl2_SendStream or ssl3_SendPlainText.
-** These functions return the same values as PR_Send,
-** i.e. >= 0 means number of bytes sent, < 0 means error.
-*/
-typedef PRInt32 (*sslSendFunc)(sslSocket *ss, const unsigned char *buf,
- PRInt32 n, PRInt32 flags);
-
-typedef void (*sslSessionIDCacheFunc) (sslSessionID *sid);
-typedef void (*sslSessionIDUncacheFunc)(sslSessionID *sid);
-typedef sslSessionID *(*sslSessionIDLookupFunc)(PRUint32 addr,
- unsigned char* sid,
- unsigned int sidLen,
- CERTCertDBHandle * dbHandle);
-
-
-/* Socket ops */
-struct sslSocketOpsStr {
- int (*connect) (sslSocket *, const PRNetAddr *);
- PRFileDesc *(*accept) (sslSocket *, PRNetAddr *);
- int (*bind) (sslSocket *, const PRNetAddr *);
- int (*listen) (sslSocket *, int);
- int (*shutdown)(sslSocket *, int);
- int (*close) (sslSocket *);
-
- int (*recv) (sslSocket *, unsigned char *, int, int);
-
- /* points to the higher-layer send func, e.g. ssl_SecureSend. */
- int (*send) (sslSocket *, const unsigned char *, int, int);
- int (*read) (sslSocket *, unsigned char *, int);
- int (*write) (sslSocket *, const unsigned char *, int);
-
- int (*getpeername)(sslSocket *, PRNetAddr *);
- int (*getsockname)(sslSocket *, PRNetAddr *);
-};
-
-/* Flags interpreted by ssl send functions. */
-#define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000
-#define ssl_SEND_FLAG_NO_BUFFER 0x20000000
-#define ssl_SEND_FLAG_MASK 0x7f000000
-
-/*
-** A buffer object.
-*/
-struct sslBufferStr {
- unsigned char * buf;
- unsigned int len;
- unsigned int space;
-};
-
-/*
-** SSL3 cipher suite policy and preference struct.
-*/
-typedef struct {
-#ifdef AIX
- unsigned int cipher_suite : 16;
- unsigned int policy : 8;
- unsigned int enabled : 1;
- unsigned int isPresent : 1;
-#else
- ssl3CipherSuite cipher_suite;
- PRUint8 policy;
- unsigned char enabled : 1;
- unsigned char isPresent : 1;
-#endif
-} ssl3CipherSuiteCfg;
-
-#define ssl_V3_SUITES_IMPLEMENTED 13
-
-typedef struct sslOptionsStr {
- unsigned int useSecurity : 1; /* 1 */
- unsigned int useSocks : 1; /* 2 */
- unsigned int requestCertificate : 1; /* 3 */
- unsigned int requireCertificate : 2; /* 4-5 */
- unsigned int handshakeAsClient : 1; /* 6 */
- unsigned int handshakeAsServer : 1; /* 7 */
- unsigned int enableSSL2 : 1; /* 8 */
- unsigned int enableSSL3 : 1; /* 9 */
- unsigned int enableTLS : 1; /* 10 */
- unsigned int noCache : 1; /* 11 */
- unsigned int fdx : 1; /* 12 */
- unsigned int v2CompatibleHello : 1; /* 13 */
- unsigned int detectRollBack : 1; /* 14 */
-} sslOptions;
-
-/*
-** SSL Socket struct
-**
-** Protection: XXX
-*/
-struct sslSocketStr {
- PRFileDesc * fd;
-
- /* Pointer to operations vector for this socket */
- sslSocketOps * ops;
-
- /* State flags */
- unsigned int useSocks : 1;
- unsigned int useSecurity : 1;
- unsigned int requestCertificate : 1;
- unsigned int requireCertificate : 2;
-
- unsigned int handshakeAsClient : 1;
- unsigned int handshakeAsServer : 1;
- unsigned int enableSSL2 : 1;
- unsigned int enableSSL3 : 1;
- unsigned int enableTLS : 1;
-
- unsigned int clientAuthRequested: 1;
- unsigned int noCache : 1;
- unsigned int fdx : 1; /* simultaneous read/write threads */
- unsigned int v2CompatibleHello : 1; /* Send v3+ client hello in v2 format */
- unsigned int detectRollBack : 1; /* Detect rollback to SSL v3 */
- unsigned int connected : 1; /* initial handshake is complete. */
- unsigned int recvdCloseNotify : 1; /* received SSL EOF. */
-
- /* version of the protocol to use */
- SSL3ProtocolVersion version;
- SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */
-
- /* Non-zero if socks is enabled */
- sslSocksInfo * socks;
-
- /* Non-zero if security is enabled */
- sslSecurityInfo *sec;
-
- /* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */
- const char *url; /* ssl 2 & 3 */
-
- /* Gather object used for gathering data */
- sslGather * gather; /*recvBufLock*/
-
- sslHandshakeFunc handshake; /*firstHandshakeLock*/
- sslHandshakeFunc nextHandshake; /*firstHandshakeLock*/
- sslHandshakeFunc securityHandshake; /*firstHandshakeLock*/
-
- sslBuffer saveBuf; /*xmitBufLock*/
- sslBuffer pendingBuf; /*xmitBufLock*/
-
- /* the following 3 variables are only used with socks or other proxies. */
- long peer; /* Target server IP address */
- int port; /* Target server port number. */
- char * peerID; /* String uniquely identifies target server. */
- /* End of socks variables. */
-
- ssl3State * ssl3;
- unsigned char * cipherSpecs;
- unsigned int sizeCipherSpecs;
-const unsigned char * preferredCipher;
-
- /* Configuration state for server sockets */
- CERTCertificate * serverCert[kt_kea_size];
- CERTCertificateList * serverCertChain[kt_kea_size];
- SECKEYPrivateKey * serverKey[kt_kea_size];
- ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
-
- /* Callbacks */
- SSLAuthCertificate authCertificate;
- void *authCertificateArg;
- SSLGetClientAuthData getClientAuthData;
- void *getClientAuthDataArg;
- SSLBadCertHandler handleBadCert;
- void *badCertArg;
- SSLHandshakeCallback handshakeCallback;
- void *handshakeCallbackData;
- void *pkcs11PinArg;
-
- PRIntervalTime rTimeout; /* timeout for NSPR I/O */
- PRIntervalTime wTimeout; /* timeout for NSPR I/O */
- PRIntervalTime cTimeout; /* timeout for NSPR I/O */
-
- PRLock * recvLock; /* lock against multiple reader threads. */
- PRLock * sendLock; /* lock against multiple sender threads. */
-
- PRMonitor * recvBufLock; /* locks low level recv buffers. */
- PRMonitor * xmitBufLock; /* locks low level xmit buffers. */
-
- /* Only one thread may operate on the socket until the initial handshake
- ** is complete. This Monitor ensures that. Since SSL2 handshake is
- ** only done once, this is also effectively the SSL2 handshake lock.
- */
- PRMonitor * firstHandshakeLock;
-
- /* This monitor protects the ssl3 handshake state machine data.
- ** Only one thread (reader or writer) may be in the ssl3 handshake state
- ** machine at any time. */
- PRMonitor * ssl3HandshakeLock;
-
- /* reader/writer lock, protects the secret data needed to encrypt and MAC
- ** outgoing records, and to decrypt and MAC check incoming ciphertext
- ** records. */
- NSSRWLock * specLock;
-
- /* handle to perm cert db (and implicitly to the temp cert db) used
- ** with this socket.
- */
- CERTCertDBHandle * dbHandle;
-
- PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */
-
- PRUint16 allowedByPolicy; /* copy of global policy bits. */
- PRUint16 maybeAllowedByPolicy; /* copy of global policy bits. */
- PRUint16 chosenPreference; /* SSL2 cipher preferences. */
-
- ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED];
-
-};
-
-#define SSL_LOCK_RANK_SPEC 255
-#define SSL_LOCK_RANK_GLOBAL NSS_RWLOCK_RANK_NONE
-
-/* These are the valid values for shutdownHow.
-** These values are each 1 greater than the NSPR values, and the code
-** depends on that relation to efficiently convert PR_SHUTDOWN values
-** into ssl_SHUTDOWN values. These values use one bit for read, and
-** another bit for write, and can be used as bitmasks.
-*/
-#define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */
-#define ssl_SHUTDOWN_RCV 1 /* PR_SHUTDOWN_RCV +1 */
-#define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */
-#define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */
-
-/*
-** A gather object. Used to read some data until a count has been
-** satisfied. Primarily for support of async sockets.
-** Everything in here is protected by the recvBufLock.
-*/
-struct sslGatherStr {
- int state; /* see GS_ values below. */ /* ssl 2 & 3 */
-
- /* "buf" holds received plaintext SSL records, after decrypt and MAC check.
- * SSL2: recv'd ciphertext records are put here, then decrypted in place.
- * SSL3: recv'd ciphertext records are put in inbuf (see below), then
- * decrypted into buf.
- */
- sslBuffer buf; /*recvBufLock*/ /* ssl 2 & 3 */
-
- /* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3).
- ** (offset - writeOffset) is the number of ciphertext bytes read in but
- ** not yet deciphered.
- */
- unsigned int offset; /* ssl 2 & 3 */
-
- /* number of bytes to read in next call to ssl_DefRecv (recv) */
- unsigned int remainder; /* ssl 2 & 3 */
-
- /* Number of ciphertext bytes to read in after 2-byte SSL record header. */
- unsigned int count; /* ssl2 only */
-
- /* size of the final plaintext record.
- ** == count - (recordPadding + MAC size)
- */
- unsigned int recordLen; /* ssl2 only */
-
- /* number of bytes of padding to be removed after decrypting. */
- /* This value is taken from the record's hdr[2], which means a too large
- * value could crash us.
- */
- unsigned int recordPadding; /* ssl2 only */
-
- /* plaintext DATA begins this many bytes into "buf". */
- unsigned int recordOffset; /* ssl2 only */
-
- int encrypted; /* SSL2 session is now encrypted. ssl2 only */
-
- /* These next two values are used by SSL2 and SSL3.
- ** DoRecv uses them to extract application data.
- ** The difference between writeOffset and readOffset is the amount of
- ** data available to the application. Note that the actual offset of
- ** the data in "buf" is recordOffset (above), not readOffset.
- ** In the current implementation, this is made available before the
- ** MAC is checked!!
- */
- unsigned int readOffset; /* Spot where DATA reader (e.g. application
- ** or handshake code) will read next.
- ** Always zero for SSl3 application data.
- */
- /* offset in buf/inbuf/hdr into which new data will be read from socket. */
- unsigned int writeOffset;
-
- /* Buffer for ssl3 to read (encrypted) data from the socket */
- sslBuffer inbuf; /*recvBufLock*/ /* ssl3 only */
-
- /* The ssl[23]_GatherData functions read data into this buffer, rather
- ** than into buf or inbuf, while in the GS_HEADER state.
- ** The portion of the SSL record header put here always comes off the wire
- ** as plaintext, never ciphertext.
- ** For SSL2, the plaintext portion is two bytes long. For SSl3 it is 5.
- */
- unsigned char hdr[5]; /* ssl 2 & 3 */
-};
-
-/* sslGather.state */
-#define GS_INIT 0
-#define GS_HEADER 1
-#define GS_MAC 2
-#define GS_DATA 3
-#define GS_PAD 4
-
-typedef SECStatus (*SSLCipher)(void * context,
- unsigned char * out,
- int * outlen,
- int maxout,
- const unsigned char *in,
- int inlen);
-typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit);
-
-
-/*
- * SSL2 buffers used in SSL3.
- * writeBuf in the SecurityInfo maintained by sslsecur.c is used
- * to hold the data just about to be passed to the kernel
- * sendBuf in the ConnectInfo maintained by sslcon.c is used
- * to hold handshake messages as they are accumulated
- */
-
-/*
-** This is "ci", as in "ss->sec.ci".
-**
-** Protection: All the variables in here are protected by
-** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock
-*/
-struct sslConnectInfoStr {
- /* outgoing handshakes appended to this. */
- sslBuffer sendBuf; /*xmitBufLock*/ /* ssl 2 & 3 */
-
- unsigned long peer; /* ssl 2 & 3 */
- unsigned short port; /* ssl 2 & 3 */
-
- sslSessionID *sid; /* ssl 2 & 3 */
-
- /* see CIS_HAVE defines below for the bit values in *elements. */
- char elements; /* ssl2 only */
- char requiredElements; /* ssl2 only */
- char sentElements; /* ssl2 only */
-
- char sentFinished; /* ssl2 only */
-
- /* Length of server challenge. Used by client when saving challenge */
- int serverChallengeLen; /* ssl2 only */
- /* type of authentication requested by server */
- unsigned char authType; /* ssl2 only */
-
- /* Challenge sent by client to server in client-hello message */
- /* SSL3 gets a copy of this. See ssl3_StartHandshakeHash(). */
- unsigned char clientChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl 2 & 3 */
-
- /* Connection-id sent by server to client in server-hello message */
- unsigned char connectionID[SSL_CONNECTIONID_BYTES]; /* ssl2 only */
-
- /* Challenge sent by server to client in request-certificate message */
- unsigned char serverChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl2 only */
-
- /* Information kept to handle a request-certificate message */
- unsigned char readKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */
- unsigned char writeKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */
- unsigned keySize; /* ssl2 only */
-};
-
-/* bit values for ci->elements, ci->requiredElements, sentElements. */
-#define CIS_HAVE_MASTER_KEY 0x01
-#define CIS_HAVE_CERTIFICATE 0x02
-#define CIS_HAVE_FINISHED 0x04
-#define CIS_HAVE_VERIFY 0x08
-
-/* Note: The entire content of this struct and whatever it points to gets
- * blown away by SSL_ResetHandshake(). This is "sec" as in "ss->sec".
- *
- * Unless otherwise specified below, the contents of this struct are
- * protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock.
- */
-struct sslSecurityInfoStr {
- sslSendFunc send; /*xmitBufLock*/ /* ssl 2 & 3 */
- int isServer; /* Spec Lock?*/ /* ssl 2 & 3 */
- sslBuffer writeBuf; /*xmitBufLock*/ /* ssl 2 & 3 */
-
- int cipherType; /* ssl 2 & 3 */
- int keyBits; /* ssl 2 & 3 */
- int secretKeyBits; /* ssl 2 & 3 */
- CERTCertificate *peerCert; /* ssl 2 & 3 */
- SECKEYPublicKey *peerKey; /* ssl3 only */
-
- /*
- ** Procs used for SID cache (nonce) management.
- ** Different implementations exist for clients/servers
- ** The lookup proc is only used for servers. Baloney!
- */
- sslSessionIDCacheFunc cache; /* ssl 2 & 3 */
- sslSessionIDUncacheFunc uncache; /* ssl 2 & 3 */
-
- /*
- ** everything below here is for ssl2 only.
- ** This stuff is equivalent to SSL3's "spec", and is protected by the
- ** same "Spec Lock" as used for SSL3's specs.
- */
- uint32 sendSequence; /*xmitBufLock*/ /* ssl2 only */
- uint32 rcvSequence; /*recvBufLock*/ /* ssl2 only */
-
- /* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */
- SECHashObject *hash; /* Spec Lock */ /* ssl2 only */
- void *hashcx; /* Spec Lock */ /* ssl2 only */
-
- SECItem sendSecret; /* Spec Lock */ /* ssl2 only */
- SECItem rcvSecret; /* Spec Lock */ /* ssl2 only */
-
- /* Session cypher contexts; one for each direction */
- void *readcx; /* Spec Lock */ /* ssl2 only */
- void *writecx; /* Spec Lock */ /* ssl2 only */
- SSLCipher enc; /* Spec Lock */ /* ssl2 only */
- SSLCipher dec; /* Spec Lock */ /* ssl2 only */
- void (*destroy)(void *, PRBool); /* Spec Lock */ /* ssl2 only */
-
- /* Blocking information for the session cypher */
- int blockShift; /* Spec Lock */ /* ssl2 only */
- int blockSize; /* Spec Lock */ /* ssl2 only */
-
- /* These are used during a connection handshake */
- sslConnectInfo ci; /* ssl 2 & 3 */
-
-};
-
-/*
-** ssl3State and CipherSpec structs
-*/
-
-/* The SSL bulk cipher definition */
-typedef enum {
- cipher_null,
- cipher_rc4,
- cipher_rc4_40,
- cipher_rc4_56,
- cipher_rc2,
- cipher_rc2_40,
- cipher_des,
- cipher_3des,
- cipher_des40,
- cipher_idea,
- cipher_fortezza,
- cipher_missing /* reserved for no such supported cipher */
-} SSL3BulkCipher;
-
-/* The specific cipher algorithm */
-
-typedef enum {
- calg_null = (int)0x80000000L,
- calg_rc4 = CKM_RC4,
- calg_rc2 = CKM_RC2_CBC,
- calg_des = CKM_DES_CBC,
- calg_3des = CKM_DES3_CBC,
- calg_idea = CKM_IDEA_CBC,
- calg_fortezza = CKM_SKIPJACK_CBC64,
- calg_init = (int) 0x7fffffffL
-} CipherAlgorithm;
-
-/* hmac added to help TLS conversion by rjr... */
-typedef enum {
- malg_null = (int)0x80000000L,
- malg_md5 = CKM_SSL3_MD5_MAC,
- malg_sha = CKM_SSL3_SHA1_MAC,
- malg_md5_hmac = CKM_MD5_HMAC,
- malg_sha_hmac = CKM_SHA_1_HMAC
-} MACAlgorithm;
-
-
-/* Key Exchange values moved to ssl.h */
-typedef SSLKEAType SSL3KEAType;
-
-typedef enum {
- mac_null,
- mac_md5,
- mac_sha,
- hmac_md5, /* TLS HMAC version of mac_md5 */
- hmac_sha /* TLS HMAC version of mac_sha */
-} SSL3MACAlgorithm;
-
-typedef enum { type_stream, type_block } CipherType;
-
-#define MAX_IV_LENGTH 64
-
-/*
- * Do not depend upon 64 bit arithmetic in the underlying machine.
- */
-typedef struct {
- uint32 high;
- uint32 low;
-} SSL3SequenceNumber;
-
-typedef struct {
- SSL3Opaque write_iv[MAX_IV_LENGTH];
- PK11SymKey *write_key;
- PK11SymKey *write_mac_key;
- PK11Context *write_mac_context;
-} ssl3KeyMaterial;
-
-typedef struct {
- SSL3Opaque wrapped_client_write_key[12]; /* wrapped with Ks */
- SSL3Opaque wrapped_server_write_key[12]; /* wrapped with Ks */
- SSL3Opaque client_write_iv [24];
- SSL3Opaque server_write_iv [24];
- SSL3Opaque wrapped_master_secret [48];
- PRUint16 wrapped_master_secret_len;
-} ssl3SidKeys;
-
-/*
-** These are the "specs" in the "ssl3" struct.
-** Access to the pointers to these specs, and all the specs' contents
-** (direct and indirect) is protected by the reader/writer lock ss->specLock.
-*/
-typedef struct {
- const ssl3BulkCipherDef *cipher_def;
- const ssl3MACDef * mac_def;
- int mac_size;
- SSLCipher encode;
- void * encodeContext;
- SSLCipher decode;
- void * decodeContext;
- SSLDestroy destroy;
- PK11SymKey * master_secret;
- ssl3KeyMaterial client;
- ssl3KeyMaterial server;
- SSL3SequenceNumber write_seq_num;
- SSL3SequenceNumber read_seq_num;
- SSL3ProtocolVersion version;
-} ssl3CipherSpec;
-
-typedef enum { never_cached,
- in_client_cache,
- in_server_cache,
- invalid_cache /* no longer in any cache. */
-} Cached;
-
-struct sslSessionIDStr {
- sslSessionID * next; /* chain used for client sockets, only */
-
- CERTCertificate * peerCert;
- const char * peerID; /* client only */
- const char * urlSvrName; /* client only */
-
- PRUint32 addr;
- PRUint16 port;
-
- SSL3ProtocolVersion version;
-
- PRUint32 time;
- Cached cached;
- int references;
-
- union {
- struct {
- /* the V2 code depends upon the size of sessionID. */
- unsigned char sessionID[SSL_SESSIONID_BYTES];
-
- /* Stuff used to recreate key and read/write cipher objects */
- SECItem masterKey;
- int cipherType;
- SECItem cipherArg;
- int keyBits;
- int secretKeyBits;
- } ssl2;
- struct {
- /* values that are copied into the server's on-disk SID cache. */
- uint8 sessionIDLength;
- SSL3Opaque sessionID[SSL3_SESSIONID_BYTES];
-
- ssl3CipherSuite cipherSuite;
- SSL3CompressionMethod compression;
- PRBool resumable;
- int policy;
- PRBool hasFortezza;
- ssl3SidKeys keys;
- CK_MECHANISM_TYPE masterWrapMech;
- /* mechanism used to wrap master secret */
- SSL3KEAType exchKeyType;
- /* key type used in exchange algorithm,
- * and to wrap the sym wrapping key. */
-
- /* The following values are NOT restored from the server's on-disk
- * session cache, but are restored from the client's cache.
- */
- PK11SymKey * clientWriteKey;
- PK11SymKey * serverWriteKey;
- PK11SymKey * tek;
-
- /* The following values pertain to the slot that wrapped the
- ** master secret. (used only in client)
- */
- SECMODModuleID masterModuleID;
- /* what module wrapped the master secret */
- CK_SLOT_ID masterSlotID;
- PRUint16 masterWrapIndex;
- /* what's the key index for the wrapping key */
- PRUint16 masterWrapSeries;
- /* keep track of the slot series, so we don't
- * accidently try to use new keys after the
- * card gets removed and replaced.*/
-
- /* The following values pertain to the slot that did the signature
- ** for client auth. (used only in client)
- */
- SECMODModuleID clAuthModuleID;
- CK_SLOT_ID clAuthSlotID;
- PRUint16 clAuthSeries;
-
- char masterValid;
- char clAuthValid;
-
- /* the following values are used only in the client, and only
- * with fortezza.
- */
- SSL3Opaque clientWriteSave[80];
- int clientWriteSaveLen;
- } ssl3;
- } u;
-};
-
-
-typedef struct ssl3CipherSuiteDefStr {
- ssl3CipherSuite cipher_suite;
- SSL3BulkCipher bulk_cipher_alg;
- SSL3MACAlgorithm mac_alg;
- SSL3KeyExchangeAlgorithm key_exchange_alg;
-} ssl3CipherSuiteDef;
-
-/*
-** There are tables of these, all const.
-*/
-typedef struct {
- SSL3KeyExchangeAlgorithm kea;
- SSL3KEAType exchKeyType;
- SSL3SignType signKeyType;
- PRBool is_limited;
- int key_size_limit;
- PRBool tls_keygen;
-} ssl3KEADef;
-
-typedef enum { kg_null, kg_strong, kg_export } SSL3KeyGenMode;
-
-/*
-** There are tables of these, all const.
-*/
-struct ssl3BulkCipherDefStr {
- SSL3BulkCipher cipher;
- CipherAlgorithm calg;
- int key_size;
- int secret_key_size;
- CipherType type;
- int iv_size;
- int block_size;
- SSL3KeyGenMode keygen_mode;
-};
-
-/*
-** There are tables of these, all const.
-*/
-struct ssl3MACDefStr {
- SSL3MACAlgorithm mac;
- MACAlgorithm malg;
- int pad_size;
- int mac_size;
-};
-
-typedef enum {
- wait_client_hello,
- wait_client_cert,
- wait_client_key,
- wait_cert_verify,
- wait_change_cipher,
- wait_finished,
- wait_server_hello,
- wait_server_cert,
- wait_server_key,
- wait_cert_request,
- wait_hello_done,
- idle_handshake
-} SSL3WaitState;
-
-/*
-** This is the "hs" member of the "ssl3" struct.
-** This entire struct is protected by ssl3HandshakeLock
-*/
-typedef struct SSL3HandshakeStateStr {
- SSL3Random server_random;
- SSL3Random client_random;
- SSL3WaitState ws;
- PK11Context * md5; /* handshake running hashes */
- PK11Context * sha;
-const ssl3KEADef * kea_def;
- ssl3CipherSuite cipher_suite;
-const ssl3CipherSuiteDef *suite_def;
- SSL3CompressionMethod compression;
- sslBuffer msg_body; /* protected by recvBufLock */
- /* partial handshake message from record layer */
- unsigned int header_bytes;
- /* number of bytes consumed from handshake */
- /* message for message type and header length */
- SSL3HandshakeType msg_type;
- unsigned long msg_len;
- SECItem ca_list; /* used only by client */
- PRBool isResuming; /* are we resuming a session */
- PRBool rehandshake; /* immediately start another handshake
- * when this one finishes */
- PRBool usedStepDownKey; /* we did a server key exchange. */
- sslBuffer msgState; /* current state for handshake messages*/
- /* protected by recvBufLock */
-} SSL3HandshakeState;
-
-struct SSL3FortezzaKEAParamsStr {
- unsigned char R_s[128]; /* server's "random" public key */
- PK11SymKey * tek;
-};
-
-typedef struct SSL3FortezzaKEAParamsStr SSL3FortezzaKEAParams;
-
-/*
-** This is the "ssl3" struct, as in "ss->ssl3".
-** note:
-** usually, crSpec == cwSpec and prSpec == pwSpec.
-** Sometimes, crSpec == pwSpec and prSpec == cwSpec.
-** But there are never more than 2 actual specs.
-** No spec must ever be modified if either "current" pointer points to it.
-*/
-struct ssl3StateStr {
-
- /*
- ** The following Specs and Spec pointers must be protected using the
- ** Spec Lock.
- */
- ssl3CipherSpec * crSpec; /* current read spec. */
- ssl3CipherSpec * prSpec; /* pending read spec. */
- ssl3CipherSpec * cwSpec; /* current write spec. */
- ssl3CipherSpec * pwSpec; /* pending write spec. */
- ssl3CipherSpec specs[2]; /* one is current, one is pending. */
-
- SSL3HandshakeState hs;
-
- CERTCertificate * clientCertificate; /* used by client */
- SECKEYPrivateKey * clientPrivateKey; /* used by client */
- CERTCertificateList *clientCertChain; /* used by client */
- PRBool sendEmptyCert; /* used by client */
-
- int policy;
- /* This says what cipher suites we can do, and should
- * be either SSL_ALLOWED or SSL_RESTRICTED
- */
- PRArenaPool * peerCertArena;
- /* These are used to keep track of the peer CA */
- void * peerCertChain;
- /* chain while we are trying to validate it. */
- CERTDistNames * ca_list;
- /* used by server. trusted CAs for this socket. */
- SSL3FortezzaKEAParams fortezza;
-};
-
-typedef struct {
- SSL3ContentType type;
- SSL3ProtocolVersion version;
- sslBuffer * buf;
-} SSL3Ciphertext;
-
-struct ssl3KeyPairStr {
- SECKEYPrivateKey * privKey; /* RSA step down key */
- SECKEYPublicKey * pubKey; /* RSA step down key */
- PRInt32 refCount; /* use PR_Atomic calls for this. */
-};
-
-typedef struct SSLWrappedSymWrappingKeyStr {
- SSL3Opaque wrappedSymmetricWrappingkey[512];
- SSL3Opaque wrapIV[24];
- CK_MECHANISM_TYPE symWrapMechanism;
- /* unwrapped symmetric wrapping key uses this mechanism */
- CK_MECHANISM_TYPE asymWrapMechanism;
- /* mechanism used to wrap the SymmetricWrappingKey using
- * server's public and/or private keys. */
- SSL3KEAType exchKeyType; /* type of keys used to wrap SymWrapKey*/
- PRInt32 symWrapMechIndex;
- PRUint16 wrappedSymKeyLen;
- PRUint16 wrapIVLen;
-} SSLWrappedSymWrappingKey;
-
-/* All the global data items declared here should be protected using the
-** ssl_global_data_lock, which is a reader/writer lock.
-*/
-extern NSSRWLock * ssl_global_data_lock;
-extern char ssl_debug;
-extern char ssl_trace;
-extern CERTDistNames * ssl3_server_ca_list;
-extern PRUint32 ssl_sid_timeout;
-extern PRUint32 ssl3_sid_timeout;
-extern PRBool ssl3_global_policy_some_restricted;
-
-extern const char * const ssl_cipherName[];
-extern const char * const ssl3_cipherName[];
-
-extern sslSessionIDLookupFunc ssl_sid_lookup;
-extern sslSessionIDCacheFunc ssl_sid_cache;
-extern sslSessionIDUncacheFunc ssl_sid_uncache;
-
-/************************************************************************/
-
-SEC_BEGIN_PROTOS
-
-/* Implementation of ops for default (non socks, non secure) case */
-extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr);
-extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr);
-extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr);
-extern int ssl_DefListen(sslSocket *ss, int backlog);
-extern int ssl_DefShutdown(sslSocket *ss, int how);
-extern int ssl_DefClose(sslSocket *ss);
-extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
-extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf,
- int len, int flags);
-extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len);
-extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len);
-extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name);
-extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name);
-extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname,
- void *optval, PRInt32 *optlen);
-extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname,
- const void *optval, PRInt32 optlen);
-
-/* Implementation of ops for socks only case */
-extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr);
-extern PRFileDesc *ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr);
-extern int ssl_SocksBind(sslSocket *ss, const PRNetAddr *addr);
-extern int ssl_SocksListen(sslSocket *ss, int backlog);
-extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name);
-extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
-extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf,
- int len, int flags);
-extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len);
-extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len);
-
-/* Implementation of ops for secure only case */
-extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr);
-extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr);
-extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf,
- int len, int flags);
-extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf,
- int len, int flags);
-extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len);
-extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len);
-extern int ssl_SecureShutdown(sslSocket *ss, int how);
-extern int ssl_SecureClose(sslSocket *ss);
-
-/* Implementation of ops for secure socks case */
-extern int ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *addr);
-extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr);
-extern PRFileDesc *ssl_FindTop(sslSocket *ss);
-
-/* Gather funcs. */
-extern sslGather * ssl_NewGather(void);
-extern void ssl_DestroyGather(sslGather *gs);
-extern int ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags);
-extern int ssl2_GatherRecord(sslSocket *ss, int flags);
-extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss);
-
-extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss);
-extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss);
-extern int ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs,
- unsigned int count);
-
-extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss);
-extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os);
-extern void ssl_DestroySecurityInfo(sslSecurityInfo *sec);
-
-extern SECStatus ssl_CreateSocksInfo(sslSocket *ss);
-extern SECStatus ssl_CopySocksInfo(sslSocket *ss, sslSocket *os);
-extern void ssl_DestroySocksInfo(sslSocksInfo *si);
-
-extern sslSocket * ssl_DupSocket(sslSocket *old);
-
-extern void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp, int len);
-extern void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len);
-
-extern int ssl_SendSavedWriteData(sslSocket *ss, sslBuffer *buf,
- sslSendFunc fp);
-extern SECStatus ssl_SaveWriteData(sslSocket *ss, sslBuffer *buf,
- const void* p, unsigned int l);
-extern SECStatus ssl2_BeginClientHandshake(sslSocket *ss);
-extern SECStatus ssl2_BeginServerHandshake(sslSocket *ss);
-extern int ssl_Do1stHandshake(sslSocket *ss);
-
-extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen);
-
-extern void ssl2_UseClearSendFunc(sslSocket *ss);
-extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec);
-
-extern sslSessionID *ssl_LookupSID(PRUint32 addr, PRUint16 port,
- const char *peerID, const char *urlSvrName);
-extern void ssl_FreeSID(sslSessionID *sid);
-
-extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in,
- int len, int flags);
-
-extern PRBool ssl_FdIsBlocking(PRFileDesc *fd);
-
-extern PRBool ssl_SocketIsBlocking(sslSocket *ss);
-
-extern void ssl_SetAlwaysBlock(sslSocket *ss);
-
-#define SSL_LOCK_READER(ss) if (ss->recvLock) PR_Lock(ss->recvLock)
-#define SSL_UNLOCK_READER(ss) if (ss->recvLock) PR_Unlock(ss->recvLock)
-#define SSL_LOCK_WRITER(ss) if (ss->sendLock) PR_Lock(ss->sendLock)
-#define SSL_UNLOCK_WRITER(ss) if (ss->sendLock) PR_Unlock(ss->sendLock)
-
-#define ssl_Get1stHandshakeLock(ss) PR_EnterMonitor((ss)->firstHandshakeLock)
-#define ssl_Release1stHandshakeLock(ss) PR_ExitMonitor((ss)->firstHandshakeLock)
-#define ssl_Have1stHandshakeLock(ss) PR_InMonitor( (ss)->firstHandshakeLock)
-
-#define ssl_GetSSL3HandshakeLock(ss) PR_EnterMonitor((ss)->ssl3HandshakeLock)
-#define ssl_ReleaseSSL3HandshakeLock(ss) PR_ExitMonitor((ss)->ssl3HandshakeLock)
-#define ssl_HaveSSL3HandshakeLock(ss) PR_InMonitor( (ss)->ssl3HandshakeLock)
-
-#define ssl_GetSpecReadLock(ss) NSSRWLock_LockRead( (ss)->specLock)
-#define ssl_ReleaseSpecReadLock(ss) NSSRWLock_UnlockRead( (ss)->specLock)
-
-#define ssl_GetSpecWriteLock(ss) NSSRWLock_LockWrite( (ss)->specLock)
-#define ssl_ReleaseSpecWriteLock(ss) NSSRWLock_UnlockWrite((ss)->specLock)
-#define ssl_HaveSpecWriteLock(ss) NSSRWLock_HaveWriteLock((ss)->specLock)
-
-#define ssl_GetRecvBufLock(ss) PR_EnterMonitor((ss)->recvBufLock)
-#define ssl_ReleaseRecvBufLock(ss) PR_ExitMonitor( (ss)->recvBufLock)
-#define ssl_HaveRecvBufLock(ss) PR_InMonitor( (ss)->recvBufLock)
-
-#define ssl_GetXmitBufLock(ss) PR_EnterMonitor((ss)->xmitBufLock)
-#define ssl_ReleaseXmitBufLock(ss) PR_ExitMonitor( (ss)->xmitBufLock)
-#define ssl_HaveXmitBufLock(ss) PR_InMonitor( (ss)->xmitBufLock)
-
-
-/* These functions are called from secnav, even though they're "private". */
-
-extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
-extern int SSL_RestartHandshakeAfterServerCert(struct sslSocketStr *ss);
-extern int SSL_RestartHandshakeAfterCertReq(struct sslSocketStr *ss,
- CERTCertificate *cert,
- SECKEYPrivateKey *key,
- CERTCertificateList *certChain);
-extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
-extern void ssl_FreeSocket(struct sslSocketStr *ssl);
-extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
- SSL3AlertDescription desc);
-
-extern int ssl2_RestartHandshakeAfterCertReq(sslSocket * ss,
- CERTCertificate * cert,
- SECKEYPrivateKey * key);
-
-extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
- CERTCertificate * cert,
- SECKEYPrivateKey * key,
- CERTCertificateList *certChain);
-
-extern int ssl2_RestartHandshakeAfterServerCert(sslSocket *ss);
-extern int ssl3_RestartHandshakeAfterServerCert(sslSocket *ss);
-
-/*
- * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos
- */
-extern SECStatus ssl3_HandleV2ClientHello(
- sslSocket *ss, unsigned char *buffer, int length);
-extern SECStatus ssl3_StartHandshakeHash(
- sslSocket *ss, unsigned char *buf, int length);
-
-/*
- * SSL3 specific routines
- */
-SECStatus ssl3_SendClientHello(sslSocket *ss);
-
-/*
- * input into the SSL3 machinery from the actualy network reading code
- */
-SECStatus ssl3_HandleRecord(
- sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out);
-
-int ssl3_GatherAppDataRecord(sslSocket *ss, int flags);
-int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags);
-/*
- * When talking to export clients or using export cipher suites, servers
- * with public RSA keys larger than 512 bits need to use a 512-bit public
- * key, signed by the larger key. The smaller key is a "step down" key.
- * Generate that key pair and keep it around.
- */
-extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
-
-extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
-extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
-extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
-extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled);
-
-extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on);
-extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
-extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
-extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
-
-extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
-extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
-extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy);
-extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy);
-
-extern void ssl2_InitSocketPolicy(sslSocket *ss);
-extern void ssl3_InitSocketPolicy(sslSocket *ss);
-
-extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss,
- unsigned char *cs, int *size);
-
-extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
-
-extern void ssl3_DestroySSL3Info(ssl3State *ssl3);
-
-extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
- SSL3ProtocolVersion peerVersion);
-
-extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
-
-/* Construct a new NSPR socket for the app to use */
-extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
-extern void ssl_FreePRSocket(PRFileDesc *fd);
-
-/* Internal config function so SSL2 can initialize the present state of
- * various ciphers */
-extern int ssl3_config_match_init(sslSocket *);
-
-
-/* Create a new ref counted key pair object from two keys. */
-extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey,
- SECKEYPublicKey * pubKey);
-
-/* get a new reference (bump ref count) to an ssl3KeyPair. */
-extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair);
-
-/* Decrement keypair's ref count and free if zero. */
-extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair);
-
-/* calls for accessing wrapping keys across processes. */
-extern PRBool
-ssl_GetWrappingKey( PRInt32 symWrapMechIndex,
- SSL3KEAType exchKeyType,
- SSLWrappedSymWrappingKey *wswk);
-
-/* The caller passes in the new value it wants
- * to set. This code tests the wrapped sym key entry in the file on disk.
- * If it is uninitialized, this function writes the caller's value into
- * the disk entry, and returns false.
- * Otherwise, it overwrites the caller's wswk with the value obtained from
- * the disk, and returns PR_TRUE.
- * This is all done while holding the locks/semaphores necessary to make
- * the operation atomic.
- */
-extern PRBool
-ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);
-
-/********************** misc calls *********************/
-
-extern int ssl_MapLowLevelError(int hiLevelError);
-
-extern PRUint32 ssl_Time(void);
-
-/* emulation of NSPR routines. */
-extern PRInt32
-ssl_EmulateAcceptRead( PRFileDesc * sd,
- PRFileDesc ** nd,
- PRNetAddr ** raddr,
- void * buf,
- PRInt32 amount,
- PRIntervalTime timeout);
-extern PRInt32
-ssl_EmulateTransmitFile( PRFileDesc * sd,
- PRFileDesc * fd,
- const void * headers,
- PRInt32 hlen,
- PRTransmitFileFlags flags,
- PRIntervalTime timeout);
-extern PRInt32
-ssl_EmulateSendFile( PRFileDesc * sd,
- PRSendFileData * sfd,
- PRTransmitFileFlags flags,
- PRIntervalTime timeout);
-
-#ifdef TRACE
-#define SSL_TRACE(msg) ssl_Trace msg
-#else
-#define SSL_TRACE(msg)
-#endif
-
-void ssl_Trace(const char *format, ...);
-
-SEC_END_PROTOS
-
-
-#ifdef XP_UNIX
-#define SSL_GETPID() getpid()
-#else
-#define SSL_GETPID() 0
-#endif
-
-#endif /* __sslimpl_h_ */
diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c
deleted file mode 100644
index 6096de656..000000000
--- a/security/nss/lib/ssl/sslnonce.c
+++ /dev/null
@@ -1,345 +0,0 @@
-/*
- * This file implements the CLIENT Session ID cache.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "cert.h"
-#include "secitem.h"
-#include "ssl.h"
-
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "prlock.h"
-#include "nsslocks.h"
-
-
-PRUint32 ssl_sid_timeout = 100;
-PRUint32 ssl3_sid_timeout = 86400L; /* 24 hours */
-
-static sslSessionID *cache;
-static PRLock * cacheLock;
-
-/* sids can be in one of 4 states:
- *
- * never_cached, created, but not yet put into cache.
- * in_client_cache, in the client cache's linked list.
- * in_server_cache, entry came from the server's cache file.
- * invalid_cache has been removed from the cache.
- */
-
-#define LOCK_CACHE lock_cache()
-#define UNLOCK_CACHE PR_Unlock(cacheLock)
-
-static void
-lock_cache(void)
-{
- /* XXX Since the client session cache has no init function, we must
- * XXX init the cacheLock on the first call. Fix in NSS 3.0.
- */
- if (!cacheLock)
- nss_InitLock(&cacheLock);
- PR_Lock(cacheLock);
-}
-
-/* BEWARE: This function gets called for both client and server SIDs !!
- * If the unreferenced sid is not in the cache, Free sid and its contents.
- */
-static void
-ssl_DestroySID(sslSessionID *sid)
-{
- SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
- PORT_Assert((sid->references == 0));
-
- if (sid->cached == in_client_cache)
- return; /* it will get taken care of next time cache is traversed. */
-
- if (sid->version < SSL_LIBRARY_VERSION_3_0) {
- SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
- SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
- }
- if (sid->peerID != NULL)
- PORT_Free((void *)sid->peerID); /* CONST */
-
- if (sid->urlSvrName != NULL)
- PORT_Free((void *)sid->urlSvrName); /* CONST */
-
- if ( sid->peerCert ) {
- CERT_DestroyCertificate(sid->peerCert);
- }
-
- PORT_ZFree(sid, sizeof(sslSessionID));
-}
-
-/* BEWARE: This function gets called for both client and server SIDs !!
- * Decrement reference count, and
- * free sid if ref count is zero, and sid is not in the cache.
- * Does NOT remove from the cache first.
- * If the sid is still in the cache, it is left there until next time
- * the cache list is traversed.
- */
-static void
-ssl_FreeLockedSID(sslSessionID *sid)
-{
- PORT_Assert(sid->references >= 1);
- if (--sid->references == 0) {
- ssl_DestroySID(sid);
- }
-}
-
-/* BEWARE: This function gets called for both client and server SIDs !!
- * Decrement reference count, and
- * free sid if ref count is zero, and sid is not in the cache.
- * Does NOT remove from the cache first.
- * These locks are necessary because the sid _might_ be in the cache list.
- */
-void
-ssl_FreeSID(sslSessionID *sid)
-{
- LOCK_CACHE;
- ssl_FreeLockedSID(sid);
- UNLOCK_CACHE;
-}
-
-/************************************************************************/
-
-/*
-** Lookup sid entry in cache by Address, port, and peerID string.
-** If found, Increment reference count, and return pointer to caller.
-** If it has timed out or ref count is zero, remove from list and free it.
-*/
-
-sslSessionID *
-ssl_LookupSID(PRUint32 addr, PRUint16 port, const char *peerID,
- const char * urlSvrName)
-{
- sslSessionID **sidp;
- sslSessionID * sid;
- PRUint32 now;
-
- if (!urlSvrName)
- return NULL;
- now = ssl_Time();
- LOCK_CACHE;
- sidp = &cache;
- while ((sid = *sidp) != 0) {
- PORT_Assert(sid->cached == in_client_cache);
- PORT_Assert(sid->references >= 1);
-
- SSL_TRC(8, ("SSL: Lookup1: sid=0x%x", sid));
-
- if (sid->time < now || !sid->references) {
- /*
- ** This session-id timed out, or was orphaned.
- ** Don't even care who it belongs to, blow it out of our cache.
- */
- SSL_TRC(7, ("SSL: lookup1, throwing sid out, age=%d refs=%d",
- now - sid->time, sid->references));
-
- *sidp = sid->next; /* delink it from the list. */
- sid->cached = invalid_cache; /* mark not on list. */
- if (!sid->references)
- ssl_DestroySID(sid);
- else
- ssl_FreeLockedSID(sid); /* drop ref count, free. */
-
- } else if ((sid->addr == addr) && /* server IP addr matches */
- (sid->port == port) && /* server port matches */
- /* proxy (peerID) matches */
- (((peerID == NULL) && (sid->peerID == NULL)) ||
- ((peerID != NULL) && (sid->peerID != NULL) &&
- PORT_Strcmp(sid->peerID, peerID) == 0)) &&
- /* is cacheable */
- (sid->version < SSL_LIBRARY_VERSION_3_0 ||
- sid->u.ssl3.resumable) &&
- /* server hostname matches. */
- (sid->urlSvrName != NULL) &&
- ((0 == PORT_Strcmp(urlSvrName, sid->urlSvrName)) ||
- ((sid->peerCert != NULL) && (SECSuccess ==
- CERT_VerifyCertName(sid->peerCert, urlSvrName))) )
- ) {
- /* Hit */
- sid->references++;
- break;
- } else {
- sidp = &sid->next;
- }
- }
- UNLOCK_CACHE;
- return sid;
-}
-
-/*
-** Add an sid to the cache or return a previously cached entry to the cache.
-** Although this is static, it is called via ss->sec->cache().
-*/
-static void
-CacheSID(sslSessionID *sid)
-{
- PRUint32 expirationPeriod;
- SSL_TRC(8, ("SSL: Cache: sid=0x%x cached=%d addr=0x%08x port=0x%04x "
- "time=%x cached=%d",
- sid, sid->cached, sid->addr, sid->port, sid->time,
- sid->cached));
-
- if (sid->cached == in_client_cache)
- return;
-
- /* XXX should be different trace for version 2 vs. version 3 */
- if (sid->version < SSL_LIBRARY_VERSION_3_0) {
- expirationPeriod = ssl3_sid_timeout;
- PRINT_BUF(8, (0, "sessionID:",
- sid->u.ssl2.sessionID, sizeof(sid->u.ssl2.sessionID)));
- PRINT_BUF(8, (0, "masterKey:",
- sid->u.ssl2.masterKey.data, sid->u.ssl2.masterKey.len));
- PRINT_BUF(8, (0, "cipherArg:",
- sid->u.ssl2.cipherArg.data, sid->u.ssl2.cipherArg.len));
- } else {
- if (sid->u.ssl3.sessionIDLength == 0)
- return;
- expirationPeriod = ssl_sid_timeout;
- PRINT_BUF(8, (0, "sessionID:",
- sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength));
- }
-
- /*
- * Put sid into the cache. Bump reference count to indicate that
- * cache is holding a reference. Uncache will reduce the cache
- * reference.
- */
- LOCK_CACHE;
- sid->references++;
- sid->cached = in_client_cache;
- sid->next = cache;
- cache = sid;
- sid->time = ssl_Time() + expirationPeriod;
- UNLOCK_CACHE;
-}
-
-/*
- * If sid "zap" is in the cache,
- * removes sid from cache, and decrements reference count.
- * Caller must hold cache lock.
- */
-static void
-UncacheSID(sslSessionID *zap)
-{
- sslSessionID **sidp = &cache;
- sslSessionID *sid;
-
- if (zap->cached != in_client_cache) {
- return;
- }
-
- SSL_TRC(8,("SSL: Uncache: zap=0x%x cached=%d addr=0x%08x port=0x%04x "
- "time=%x cipher=%d",
- zap, zap->cached, zap->addr, zap->port, zap->time,
- zap->u.ssl2.cipherType));
- if (zap->version < SSL_LIBRARY_VERSION_3_0) {
- PRINT_BUF(8, (0, "sessionID:",
- zap->u.ssl2.sessionID, sizeof(zap->u.ssl2.sessionID)));
- PRINT_BUF(8, (0, "masterKey:",
- zap->u.ssl2.masterKey.data, zap->u.ssl2.masterKey.len));
- PRINT_BUF(8, (0, "cipherArg:",
- zap->u.ssl2.cipherArg.data, zap->u.ssl2.cipherArg.len));
- }
-
- /* See if it's in the cache, if so nuke it */
- while ((sid = *sidp) != 0) {
- if (sid == zap) {
- /*
- ** Bingo. Reduce reference count by one so that when
- ** everyone is done with the sid we can free it up.
- */
- *sidp = zap->next;
- zap->cached = invalid_cache;
- ssl_FreeLockedSID(zap);
- return;
- }
- sidp = &sid->next;
- }
-}
-
-/* If sid "zap" is in the cache,
- * removes sid from cache, and decrements reference count.
- * Although this function is static, it is called externally via
- * ss->sec->uncache().
- */
-static void
-LockAndUncacheSID(sslSessionID *zap)
-{
- LOCK_CACHE;
- UncacheSID(zap);
- UNLOCK_CACHE;
-
-}
-
-/* choose client or server cache functions for this sslsocket. */
-void
-ssl_ChooseSessionIDProcs(sslSecurityInfo *sec)
-{
- if (sec->isServer) {
- sec->cache = ssl_sid_cache;
- sec->uncache = ssl_sid_uncache;
- } else {
- sec->cache = CacheSID;
- sec->uncache = LockAndUncacheSID;
- }
-}
-
-/* wipe out the entire client session cache. */
-void
-SSL_ClearSessionCache(void)
-{
- LOCK_CACHE;
- while(cache != NULL)
- UncacheSID(cache);
- UNLOCK_CACHE;
-}
-
-/* returns an unsigned int containing the number of seconds in PR_Now() */
-PRUint32
-ssl_Time(void)
-{
- PRTime now;
- PRInt64 ll;
- PRUint32 time;
-
- now = PR_Now();
- LL_I2L(ll, 1000000L);
- LL_DIV(now, now, ll);
- LL_L2UI(time, now);
- return time;
-}
-
diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h
deleted file mode 100644
index 51b780ca2..000000000
--- a/security/nss/lib/ssl/sslproto.h
+++ /dev/null
@@ -1,158 +0,0 @@
-/*
- * Various and sundry protocol constants. DON'T CHANGE THESE. These values
- * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
- * Cipher kinds and ciphersuites are part of the public API.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef __sslproto_h_
-#define __sslproto_h_
-
-#define SSL_LIBRARY_VERSION_2 0x0002
-#define SSL_LIBRARY_VERSION_2_1 0x0201
-#define SSL_LIBRARY_VERSION_3_0 0x0300
-#define SSL_LIBRARY_VERSION_3_1_TLS 0x0301
-
-/* Header lengths of some of the messages */
-#define SSL_HL_ERROR_HBYTES 3
-#define SSL_HL_CLIENT_HELLO_HBYTES 9
-#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10
-#define SSL_HL_CLIENT_FINISHED_HBYTES 1
-#define SSL_HL_SERVER_HELLO_HBYTES 11
-#define SSL_HL_SERVER_VERIFY_HBYTES 1
-#define SSL_HL_SERVER_FINISHED_HBYTES 1
-#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2
-#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6
-
-/* Security handshake protocol codes */
-#define SSL_MT_ERROR 0
-#define SSL_MT_CLIENT_HELLO 1
-#define SSL_MT_CLIENT_MASTER_KEY 2
-#define SSL_MT_CLIENT_FINISHED 3
-#define SSL_MT_SERVER_HELLO 4
-#define SSL_MT_SERVER_VERIFY 5
-#define SSL_MT_SERVER_FINISHED 6
-#define SSL_MT_REQUEST_CERTIFICATE 7
-#define SSL_MT_CLIENT_CERTIFICATE 8
-
-/* Certificate types */
-#define SSL_CT_X509_CERTIFICATE 0x01
-#if 0 /* XXX Not implemented yet */
-#define SSL_PKCS6_CERTIFICATE 0x02
-#endif
-#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01
-
-/* Error codes */
-#define SSL_PE_NO_CYPHERS 0x0001
-#define SSL_PE_NO_CERTIFICATE 0x0002
-#define SSL_PE_BAD_CERTIFICATE 0x0004
-#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
-
-/* Cypher kinds (not the spec version!) */
-#define SSL_CK_RC4_128_WITH_MD5 0x01
-#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02
-#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03
-#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04
-#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05
-#define SSL_CK_DES_64_CBC_WITH_MD5 0x06
-#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07
-
-/* Cipher enables. These are used only for SSL_EnableCipher
- * These values define the SSL2 suites, and do not colide with the
- * SSL3 Cipher suites defined below.
- */
-#define SSL_EN_RC4_128_WITH_MD5 0xFF01
-#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02
-#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03
-#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04
-#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05
-#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06
-#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07
-
-/* SSL v3 Cipher Suites */
-#define SSL_NULL_WITH_NULL_NULL 0x0000
-
-#define SSL_RSA_WITH_NULL_MD5 0x0001
-#define SSL_RSA_WITH_NULL_SHA 0x0002
-#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
-#define SSL_RSA_WITH_RC4_128_MD5 0x0004
-#define SSL_RSA_WITH_RC4_128_SHA 0x0005
-#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
-#define SSL_RSA_WITH_IDEA_CBC_SHA 0x0007
-#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
-#define SSL_RSA_WITH_DES_CBC_SHA 0x0009
-#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000a
-
-#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b
-#define SSL_DH_DSS_WITH_DES_CBC_SHA 0x000c
-#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d
-#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e
-#define SSL_DH_RSA_WITH_DES_CBC_SHA 0x000f
-#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
-
-#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
-#define SSL_DHE_DSS_WITH_DES_CBC_SHA 0x0012
-#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
-#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
-#define SSL_DHE_RSA_WITH_DES_CBC_SHA 0x0015
-#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
-
-#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 0x0017
-#define SSL_DH_ANON_WITH_RC4_128_MD5 0x0018
-#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA 0x0019
-#define SSL_DH_ANON_WITH_DES_CBC_SHA 0x001a
-#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA 0x001b
-
-#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c
-#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d
-#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e
-
-/* New TLS cipher suites backported to SSL3. */
-#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062
-#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064
-
-#define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
-#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
-#define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
-
-/* Netscape "experimental" cipher suites. */
-#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
-#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
-
-/* New non-experimental openly spec'ed versions of those cipher suites. */
-#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff
-#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe
-
-#endif /* __sslproto_h_ */
diff --git a/security/nss/lib/ssl/sslreveal.c b/security/nss/lib/ssl/sslreveal.c
deleted file mode 100644
index dcba7c3ef..000000000
--- a/security/nss/lib/ssl/sslreveal.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Accessor functions for SSLSocket private members.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "cert.h"
-#include "ssl.h"
-#include "certt.h"
-#include "sslimpl.h"
-
-/* given PRFileDesc, returns a copy of certificate associated with the socket
- * the caller should delete the cert when done with SSL_DestroyCertificate
- */
-CERTCertificate *
-SSL_RevealCert(PRFileDesc * fd)
-{
- CERTCertificate * cert = NULL;
- sslSocket * sslsocket = NULL;
-
- sslsocket = ssl_FindSocket(fd);
-
- /* CERT_DupCertificate increases reference count and returns pointer to
- * the same cert
- */
- if (sslsocket && sslsocket->sec)
- cert = CERT_DupCertificate(sslsocket->sec->peerCert);
-
- return cert;
-}
-
-/* given PRFileDesc, returns a pointer to PinArg associated with the socket
- */
-void *
-SSL_RevealPinArg(PRFileDesc * fd)
-{
- sslSocket * sslsocket = NULL;
- void * PinArg = NULL;
-
- sslsocket = ssl_FindSocket(fd);
-
- /* is pkcs11PinArg part of the sslSocket or sslSecurityInfo ? */
- if (sslsocket)
- PinArg = sslsocket->pkcs11PinArg;
-
- return PinArg;
-}
-
-
-/* given PRFileDesc, returns a pointer to the URL associated with the socket
- * the caller should free url when done
- */
-char *
-SSL_RevealURL(PRFileDesc * fd)
-{
- sslSocket * sslsocket = NULL;
- char * url = NULL;
-
- sslsocket = ssl_FindSocket(fd);
-
- if (sslsocket && sslsocket->url)
- url = PL_strdup(sslsocket->url);
-
- return url;
-}
-
diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c
deleted file mode 100644
index 76b252064..000000000
--- a/security/nss/lib/ssl/sslsecur.c
+++ /dev/null
@@ -1,1372 +0,0 @@
-/*
- * Various SSL functions.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-#include "cert.h"
-#include "secitem.h"
-#include "keyhi.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "secoid.h" /* for SECOID_GetALgorithmTag */
-#include "pk11func.h" /* for PK11_GenerateRandom */
-
-#if defined(_WINDOWS)
-#include "winsock.h" /* for MSG_PEEK */
-#elif defined(XP_MAC)
-#include "macsocket.h"
-#else
-#include <sys/socket.h> /* for MSG_PEEK */
-#endif
-
-#define MAX_BLOCK_CYPHER_SIZE 32
-
-#define TEST_FOR_FAILURE /* reminder */
-#define SET_ERROR_CODE /* reminder */
-
-/* Returns a SECStatus: SECSuccess or SECFailure, NOT SECWouldBlock.
- *
- * Currently, the list of functions called through ss->handshake is:
- *
- * In sslsocks.c:
- * SocksGatherRecord
- * SocksHandleReply
- * SocksStartGather
- *
- * In sslcon.c:
- * ssl_GatherRecord1stHandshake
- * ssl2_HandleClientSessionKeyMessage
- * ssl2_HandleMessage
- * ssl2_HandleVerifyMessage
- * ssl2_BeginClientHandshake
- * ssl2_BeginServerHandshake
- * ssl2_HandleClientHelloMessage
- * ssl2_HandleServerHelloMessage
- *
- * The ss->handshake function returns SECWouldBlock under these conditions:
- * 1. ssl_GatherRecord1stHandshake called ssl2_GatherData which read in
- * the beginning of an SSL v3 hello message and returned SECWouldBlock
- * to switch to SSL v3 handshake processing.
- *
- * 2. ssl2_HandleClientHelloMessage discovered version 3.0 in the incoming
- * v2 client hello msg, and called ssl3_HandleV2ClientHello which
- * returned SECWouldBlock.
- *
- * 3. SECWouldBlock was returned by one of the callback functions, via
- * one of these paths:
- * - ssl2_HandleMessage() -> ssl2_HandleRequestCertificate() -> ss->getClientAuthData()
- *
- * - ssl2_HandleServerHelloMessage() -> ss->handleBadCert()
- *
- * - ssl_GatherRecord1stHandshake() -> ssl3_GatherCompleteHandshake() ->
- * ssl3_HandleRecord() -> ssl3_HandleHandshake() ->
- * ssl3_HandleHandshakeMessage() -> ssl3_HandleCertificate() ->
- * ss->handleBadCert()
- *
- * - ssl_GatherRecord1stHandshake() -> ssl3_GatherCompleteHandshake() ->
- * ssl3_HandleRecord() -> ssl3_HandleHandshake() ->
- * ssl3_HandleHandshakeMessage() -> ssl3_HandleCertificateRequest() ->
- * ss->getClientAuthData()
- *
- * Called from: SSL_ForceHandshake (below),
- * ssl_SecureRecv (below) and
- * ssl_SecureSend (below)
- * from: WaitForResponse in sslsocks.c
- * ssl_SocksRecv in sslsocks.c
- * ssl_SocksSend in sslsocks.c
- *
- * Caller must hold the (write) handshakeLock.
- */
-int
-ssl_Do1stHandshake(sslSocket *ss)
-{
- int rv = SECSuccess;
- int loopCount = 0;
-
- PORT_Assert(ss->gather != 0);
-
- do {
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- PORT_Assert( !ssl_HaveRecvBufLock(ss) );
- PORT_Assert( !ssl_HaveXmitBufLock(ss) );
-
- if (ss->handshake == 0) {
- /* Previous handshake finished. Switch to next one */
- ss->handshake = ss->nextHandshake;
- ss->nextHandshake = 0;
- }
- if (ss->handshake == 0) {
- /* Previous handshake finished. Switch to security handshake */
- ss->handshake = ss->securityHandshake;
- ss->securityHandshake = 0;
- }
- if (ss->handshake == 0) {
- ssl_GetRecvBufLock(ss);
- ss->gather->recordLen = 0;
- ssl_ReleaseRecvBufLock(ss);
-
- SSL_TRC(3, ("%d: SSL[%d]: handshake is completed",
- SSL_GETPID(), ss->fd));
- /* call handshake callback for ssl v2 */
- /* for v3 this is done in ssl3_HandleFinished() */
- if ((ss->sec != NULL) && /* used SSL */
- (ss->handshakeCallback != NULL) && /* has callback */
- (!ss->connected) && /* only first time */
- (ss->version < SSL_LIBRARY_VERSION_3_0)) { /* not ssl3 */
- ss->connected = PR_TRUE;
- (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
- }
- ss->connected = PR_TRUE;
- ss->gather->writeOffset = 0;
- ss->gather->readOffset = 0;
- break;
- }
- rv = (*ss->handshake)(ss);
- ++loopCount;
- /* This code must continue to loop on SECWouldBlock,
- * or any positive value. See XXX_1 comments.
- */
- } while (rv != SECFailure); /* was (rv >= 0); XXX_1 */
-
- PORT_Assert( !ssl_HaveRecvBufLock(ss) );
- PORT_Assert( !ssl_HaveXmitBufLock(ss) );
-
- if (rv == SECWouldBlock) {
- PORT_SetError(PR_WOULD_BLOCK_ERROR);
- rv = SECFailure;
- }
- return rv;
-}
-
-/*
- * Handshake function that blocks. Used to force a
- * retry on a connection on the next read/write.
- */
-#ifdef macintosh
-static SECStatus
-#else
-static int
-#endif
-AlwaysBlock(sslSocket *ss)
-{
- PORT_SetError(PR_WOULD_BLOCK_ERROR); /* perhaps redundant. */
- return SECWouldBlock;
-}
-
-/*
- * set the initial handshake state machine to block
- */
-void
-ssl_SetAlwaysBlock(sslSocket *ss)
-{
- if (!ss->connected) {
- ss->handshake = AlwaysBlock;
- ss->nextHandshake = 0;
- }
-}
-
-/* Acquires and releases HandshakeLock.
-*/
-SECStatus
-SSL_ResetHandshake(PRFileDesc *s, PRBool asServer)
-{
- sslSocket *ss;
- SECStatus rv;
-
- ss = ssl_FindSocket(s);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in ResetHandshake", SSL_GETPID(), s));
- return SECFailure;
- }
-
- /* Don't waste my time */
- if (!ss->useSecurity)
- return SECSuccess;
-
- SSL_LOCK_READER(ss);
- SSL_LOCK_WRITER(ss);
-
- /* Reset handshake state */
- ssl_Get1stHandshakeLock(ss);
- ssl_GetSSL3HandshakeLock(ss);
-
- ss->connected = PR_FALSE;
- ss->handshake = asServer ? ssl2_BeginServerHandshake
- : ssl2_BeginClientHandshake;
- ss->nextHandshake = 0;
- ss->securityHandshake = 0;
-
- ssl_GetRecvBufLock(ss);
- ss->gather->state = GS_INIT;
- ss->gather->writeOffset = 0;
- ss->gather->readOffset = 0;
- ssl_ReleaseRecvBufLock(ss);
-
- /*
- ** Blow away old security state and get a fresh setup. This way if
- ** ssl was used to connect to the first point in communication, ssl
- ** can be used for the next layer.
- */
- if (ss->sec) {
- ssl_DestroySecurityInfo(ss->sec);
- ss->sec = 0;
- }
- rv = ssl_CreateSecurityInfo(ss);
-
- ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_Release1stHandshakeLock(ss);
-
- SSL_UNLOCK_WRITER(ss);
- SSL_UNLOCK_READER(ss);
-
- return rv;
-}
-
-/* For SSLv2, does nothing but return an error.
-** For SSLv3, flushes SID cache entry (if requested),
-** and then starts new client hello or hello request.
-** Acquires and releases HandshakeLock.
-*/
-int
-SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache)
-{
- sslSocket *ss;
- int rv;
-
- ss = ssl_FindSocket(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in RedoHandshake", SSL_GETPID(), fd));
- PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
- return SECFailure;
- }
-
- if (!ss->useSecurity)
- return SECSuccess;
-
- ssl_Get1stHandshakeLock(ss);
-
- /* SSL v2 protocol does not support subsequent handshakes. */
- if (ss->version < SSL_LIBRARY_VERSION_3_0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- } else {
- ssl_GetSSL3HandshakeLock(ss);
- rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */
- ssl_ReleaseSSL3HandshakeLock(ss);
- }
-
- ssl_Release1stHandshakeLock(ss);
-
- return rv;
-}
-
-int
-SSL_RedoHandshake(PRFileDesc *fd)
-{
- return SSL_ReHandshake(fd, PR_TRUE);
-}
-
-/* Register an application callback to be called when SSL handshake completes.
-** Acquires and releases HandshakeLock.
-*/
-int
-SSL_HandshakeCallback(PRFileDesc *fd, SSLHandshakeCallback cb,
- void *client_data)
-{
- sslSocket *ss;
-
- ss = ssl_FindSocket(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeCallback",
- SSL_GETPID(), fd));
- PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
- return SECFailure;
- }
-
- if (!ss->useSecurity) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- ssl_Get1stHandshakeLock(ss);
- ssl_GetSSL3HandshakeLock(ss);
-
- PORT_Assert(ss->sec);
- ss->handshakeCallback = cb;
- ss->handshakeCallbackData = client_data;
-
- ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_Release1stHandshakeLock(ss);
-
- return SECSuccess;
-}
-
-/* Try to make progress on an SSL handshake by attempting to read the
-** next handshake from the peer, and sending any responses.
-** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK if it cannot
-** read the next handshake from the underlying socket.
-** For SSLv2, returns when handshake is complete or fatal error occurs.
-** For SSLv3, returns when handshake is complete, or application data has
-** arrived that must be taken by application before handshake can continue,
-** or a fatal error occurs.
-** Application should use handshake completion callback to tell which.
-*/
-int
-SSL_ForceHandshake(PRFileDesc *fd)
-{
- sslSocket *ss;
- int rv;
-
- ss = ssl_FindSocket(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in ForceHandshake",
- SSL_GETPID(), fd));
- return SECFailure;
- }
-
- /* Don't waste my time */
- if (!ss->useSecurity)
- return 0;
-
- ssl_Get1stHandshakeLock(ss);
-
- if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
- ssl_GetRecvBufLock(ss);
- rv = ssl3_GatherCompleteHandshake(ss, 0);
- ssl_ReleaseRecvBufLock(ss);
- if (rv == 0) {
- PORT_SetError(PR_END_OF_FILE_ERROR);
- rv = SECFailure;
- } else if (rv == SECWouldBlock) {
- PORT_SetError(PR_WOULD_BLOCK_ERROR);
- rv = SECFailure;
- }
- } else if (!ss->connected) {
- rv = ssl_Do1stHandshake(ss);
- } else {
- /* tried to force handshake on a connected SSL 2 socket. */
- rv = SECSuccess; /* just pretend we did it. */
- }
-
- ssl_Release1stHandshakeLock(ss);
-
- if (rv > 0)
- rv = SECSuccess;
- return rv;
-}
-
-/************************************************************************/
-
-/*
-** Grow a buffer to hold newLen bytes of data.
-** Called for both recv buffers and xmit buffers.
-** Caller must hold xmitBufLock or recvBufLock, as appropriate.
-*/
-SECStatus
-sslBuffer_Grow(sslBuffer *b, unsigned int newLen)
-{
- if (newLen > b->space) {
- if (b->buf) {
- b->buf = (unsigned char *) PORT_Realloc(b->buf, newLen);
- } else {
- b->buf = (unsigned char *) PORT_Alloc(newLen);
- }
- if (!b->buf) {
- return SECFailure;
- }
- SSL_TRC(10, ("%d: SSL: grow buffer from %d to %d",
- SSL_GETPID(), b->space, newLen));
- b->space = newLen;
- }
- return SECSuccess;
-}
-
-/*
-** Save away write data that is trying to be written before the security
-** handshake has been completed. When the handshake is completed, we will
-** flush this data out.
-** Caller must hold xmitBufLock
-*/
-SECStatus
-ssl_SaveWriteData(sslSocket *ss, sslBuffer *buf, const void *data,
- unsigned int len)
-{
- unsigned int newlen;
- SECStatus rv;
-
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
- newlen = buf->len + len;
- if (newlen > buf->space) {
- rv = sslBuffer_Grow(buf, newlen);
- if (rv) {
- return rv;
- }
- }
- SSL_TRC(5, ("%d: SSL[%d]: saving %d bytes of data (%d total saved so far)",
- SSL_GETPID(), ss->fd, len, newlen));
- PORT_Memcpy(buf->buf + buf->len, data, len);
- buf->len = newlen;
- return SECSuccess;
-}
-
-/*
-** Send saved write data. This will flush out data sent prior to a
-** complete security handshake. Hopefully there won't be too much of it.
-** Returns count of the bytes sent, NOT a SECStatus.
-** Caller must hold xmitBufLock
-*/
-int
-ssl_SendSavedWriteData(sslSocket *ss, sslBuffer *buf, sslSendFunc send)
-{
- int rv = 0;
- int len = buf->len;
-
- PORT_Assert( ssl_HaveXmitBufLock(ss) );
- if (len != 0) {
- SSL_TRC(5, ("%d: SSL[%d]: sending %d bytes of saved data",
- SSL_GETPID(), ss->fd, len));
- rv = (*send)(ss, buf->buf, len, 0);
- if (rv < 0) {
- return rv;
- }
- if (rv < len) {
- /* UGH !! This shifts the whole buffer down by copying it, and
- ** it depends on PORT_Memmove doing overlapping moves correctly!
- ** It should advance the pointer offset instead !!
- */
- PORT_Memmove(buf->buf, buf->buf + rv, len - rv);
- buf->len = len - rv;
- } else {
- buf->len = 0;
- }
- }
- return rv;
-}
-
-/************************************************************************/
-
-/*
-** Receive some application data on a socket. Reads SSL records from the input
-** stream, decrypts them and then copies them to the output buffer.
-** Called from ssl_SecureRecv() below.
-**
-** Caller does NOT hold 1stHandshakeLock because that handshake is over.
-** Caller doesn't call this until initial handshake is complete.
-** For SSLv2, there is no subsequent handshake.
-** For SSLv3, the call to ssl3_GatherAppDataRecord may encounter handshake
-** messages from a subsequent handshake.
-**
-** This code is similar to, and easily confused with,
-** ssl_GatherRecord1stHandshake() in sslcon.c
-*/
-static int
-DoRecv(sslSocket *ss, unsigned char *out, int len, int flags)
-{
- sslGather * gs;
- int rv;
- int amount;
- int available;
-
- ssl_GetRecvBufLock(ss);
- PORT_Assert((ss->sec != 0) && (ss->gather != 0));
- gs = ss->gather;
-
- available = gs->writeOffset - gs->readOffset;
- if (available == 0) {
- /* Get some more data */
- if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
- /* Wait for application data to arrive. */
- rv = ssl3_GatherAppDataRecord(ss, 0);
- } else {
- /* See if we have a complete record */
- rv = ssl2_GatherRecord(ss, 0);
- }
- if (rv <= 0) {
- if (rv == 0) {
- /* EOF */
- SSL_TRC(10, ("%d: SSL[%d]: ssl_recv EOF",
- SSL_GETPID(), ss->fd));
- goto done;
- }
- if ((rv != SECWouldBlock) &&
- (PR_GetError() != PR_WOULD_BLOCK_ERROR)) {
- /* Some random error */
- goto done;
- }
-
- /*
- ** Gather record is blocked waiting for more record data to
- ** arrive. Try to process what we have already received
- */
- } else {
- /* Gather record has finished getting a complete record */
- }
-
- /* See if any clear data is now available */
- available = gs->writeOffset - gs->readOffset;
- if (available == 0) {
- /*
- ** No partial data is available. Force error code to
- ** EWOULDBLOCK so that caller will try again later. Note
- ** that the error code is probably EWOULDBLOCK already,
- ** but if it isn't (for example, if we received a zero
- ** length record) then this will force it to be correct.
- */
- PORT_SetError(PR_WOULD_BLOCK_ERROR);
- rv = SECFailure;
- goto done;
- }
- SSL_TRC(30, ("%d: SSL[%d]: partial data ready, available=%d",
- SSL_GETPID(), ss->fd, available));
- }
-
- /* Dole out clear data to reader */
- amount = PR_MIN(len, available);
- PORT_Memcpy(out, gs->buf.buf + gs->readOffset, amount);
- if (!(flags & MSG_PEEK)) {
- gs->readOffset += amount;
- }
- rv = amount;
-
- SSL_TRC(30, ("%d: SSL[%d]: amount=%d available=%d",
- SSL_GETPID(), ss->fd, amount, available));
- PRINT_BUF(4, (ss, "DoRecv receiving plaintext:", out, amount));
-
-done:
- ssl_ReleaseRecvBufLock(ss);
- return rv;
-}
-
-/************************************************************************/
-
-SSLKEAType
-ssl_FindCertKEAType(CERTCertificate * cert)
-{
- SSLKEAType keaType = kt_null;
- int tag;
-
- if (!cert) goto loser;
-
- tag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
-
- switch (tag) {
- case SEC_OID_X500_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- keaType = kt_rsa;
- break;
- case SEC_OID_MISSI_KEA_DSS_OLD:
- case SEC_OID_MISSI_KEA_DSS:
- case SEC_OID_MISSI_DSS_OLD:
- case SEC_OID_MISSI_DSS:
- keaType = kt_fortezza;
- break;
- case SEC_OID_X942_DIFFIE_HELMAN_KEY:
- keaType = kt_dh;
- break;
- default:
- keaType = kt_null;
- }
-
- loser:
-
- return keaType;
-
-}
-
-
-/* XXX need to protect the data that gets changed here.!! */
-
-SECStatus
-SSL_ConfigSecureServer(PRFileDesc *fd, CERTCertificate *cert,
- SECKEYPrivateKey *key, SSL3KEAType kea)
-{
- int rv;
- sslSocket *ss;
- sslSecurityInfo *sec;
-
- ss = ssl_FindSocket(fd);
-
- if ((rv = ssl_CreateSecurityInfo(ss)) != 0) {
- return((SECStatus)rv);
- }
-
- sec = ss->sec;
- if (sec == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- /* Both key and cert must have a value or be NULL */
- /* Passing a value of NULL will turn off key exchange algorithms that were
- * previously turned on */
- if (!cert != !key) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- /* make sure the key exchange is recognized */
- if ((kea > kt_kea_size) || (kea < kt_null)) {
- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
- return SECFailure;
- }
-
- if (kea != ssl_FindCertKEAType(cert)) {
- PORT_SetError(SSL_ERROR_CERT_KEA_MISMATCH);
- return SECFailure;
- }
-
- /* load the server certificate */
- if (ss->serverCert[kea] != NULL)
- CERT_DestroyCertificate(ss->serverCert[kea]);
- if (cert) {
- ss->serverCert[kea] = CERT_DupCertificate(cert);
- if (ss->serverCert[kea] == NULL)
- goto loser;
- } else ss->serverCert[kea] = NULL;
-
-
- /* load the server cert chain */
- if (ss->serverCertChain[kea] != NULL)
- CERT_DestroyCertificateList(ss->serverCertChain[kea]);
- if (cert) {
- ss->serverCertChain[kea] = CERT_CertChainFromCert(
- ss->serverCert[kea], certUsageSSLServer, PR_TRUE);
- if (ss->serverCertChain[kea] == NULL)
- goto loser;
- } else ss->serverCertChain[kea] = NULL;
-
-
- /* Only do this once because it's global. */
- if (ssl3_server_ca_list == NULL)
- ssl3_server_ca_list = CERT_GetSSLCACerts(ss->dbHandle);
-
- /* load the private key */
- if (ss->serverKey[kea] != NULL)
- SECKEY_DestroyPrivateKey(ss->serverKey[kea]);
- if (key) {
- ss->serverKey[kea] = SECKEY_CopyPrivateKey(key);
- if (ss->serverKey[kea] == NULL)
- goto loser;
- } else ss->serverKey[kea] = NULL;
-
- if (kea == kt_rsa) {
- rv = ssl3_CreateRSAStepDownKeys(ss);
- if (rv != SECSuccess) {
- return SECFailure; /* err set by ssl3_CreateRSAStepDownKeys */
- }
- }
-
- return SECSuccess;
-
-loser:
- if (ss->serverCert[kea] != NULL) {
- CERT_DestroyCertificate(ss->serverCert[kea]);
- ss->serverCert[kea] = NULL;
- }
- if (ss->serverCertChain != NULL) {
- CERT_DestroyCertificateList(ss->serverCertChain[kea]);
- ss->serverCertChain[kea] = NULL;
- }
- if (ss->serverKey[kea] != NULL) {
- SECKEY_DestroyPrivateKey(ss->serverKey[kea]);
- ss->serverKey[kea] = NULL;
- }
- return SECFailure;
-}
-
-/************************************************************************/
-
-SECStatus
-ssl_CreateSecurityInfo(sslSocket *ss)
-{
- sslSecurityInfo * sec = (sslSecurityInfo *)0;
- sslGather * gs = (sslGather * )0;
- int rv;
-
- unsigned char padbuf[MAX_BLOCK_CYPHER_SIZE];
-
- if (ss->sec) {
- return SECSuccess;
- }
-
- /* Force the global RNG to generate some random data that we never use */
- PK11_GenerateRandom(padbuf, sizeof padbuf);
-
- ss->sec = sec = (sslSecurityInfo*) PORT_ZAlloc(sizeof(sslSecurityInfo));
- if (!sec) {
- goto loser;
- }
-
- /* initialize sslv2 socket to send data in the clear. */
- ssl2_UseClearSendFunc(ss);
-
- sec->blockSize = 1;
- sec->blockShift = 0;
-
- ssl_GetRecvBufLock(ss);
- if ((gs = ss->gather) == 0) {
- ss->gather = gs = ssl_NewGather();
- if (!gs) {
- goto loser;
- }
- }
-
- rv = sslBuffer_Grow(&gs->buf, 4096);
- if (rv) {
- goto loser;
- }
- ssl_ReleaseRecvBufLock(ss);
-
- ssl_GetXmitBufLock(ss);
- rv = sslBuffer_Grow(&sec->writeBuf, 4096);
- if (rv) {
- goto loser;
- }
- ssl_ReleaseXmitBufLock(ss);
-
- SSL_TRC(5, ("%d: SSL[%d]: security info created", SSL_GETPID(), ss->fd));
- return SECSuccess;
-
- loser:
- if (sec) {
- PORT_Free(sec);
- ss->sec = sec = (sslSecurityInfo *)0;
- }
- if (gs) {
- ssl_DestroyGather(gs);
- ss->gather = gs = (sslGather *)0;
- }
- return SECFailure;
-}
-
-/* XXX We should handle errors better in this function. */
-/* This function assumes that none of the pointers in ss need to be
-** freed.
-*/
-SECStatus
-ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os)
-{
- sslSecurityInfo *sec, *osec;
- int rv;
-
- rv = ssl_CreateSecurityInfo(ss);
- if (rv < 0) {
- goto loser;
- }
- sec = ss->sec;
- osec = os->sec;
-
- sec->send = osec->send;
- sec->isServer = osec->isServer;
- sec->keyBits = osec->keyBits;
- sec->secretKeyBits = osec->secretKeyBits;
-
- sec->peerCert = CERT_DupCertificate(osec->peerCert);
-
- sec->cache = osec->cache;
- sec->uncache = osec->uncache;
-
- /* we don't dup the connection info. */
-
- sec->sendSequence = osec->sendSequence;
- sec->rcvSequence = osec->rcvSequence;
-
- if (osec->hash && osec->hashcx) {
- sec->hash = osec->hash;
- sec->hashcx = osec->hash->clone(osec->hashcx);
- } else {
- sec->hash = NULL;
- sec->hashcx = NULL;
- }
-
- SECITEM_CopyItem(0, &sec->sendSecret, &osec->sendSecret);
- SECITEM_CopyItem(0, &sec->rcvSecret, &osec->rcvSecret);
-
- PORT_Assert(osec->readcx == 0);
- sec->readcx = osec->readcx; /* XXX wrong if readcx != 0 */
- PORT_Assert(osec->writecx == 0);
- sec->writecx = osec->writecx; /* XXX wrong if writecx != 0 */
- sec->destroy = 0; /* XXX wrong if either cx != 0*/
-
- sec->enc = osec->enc;
- sec->dec = osec->dec;
-
- sec->blockShift = osec->blockShift;
- sec->blockSize = osec->blockSize;
-
- return SECSuccess;
-
-loser:
- return SECFailure;
-}
-
-/*
-** Called from SSL_ResetHandshake (above), and
-** from ssl_FreeSocket in sslsock.c
-*/
-void
-ssl_DestroySecurityInfo(sslSecurityInfo *sec)
-{
- if (sec != 0) {
- /* Destroy MAC */
- if (sec->hash && sec->hashcx) {
- (*sec->hash->destroy)(sec->hashcx, PR_TRUE);
- sec->hashcx = 0;
- }
- SECITEM_ZfreeItem(&sec->sendSecret, PR_FALSE);
- SECITEM_ZfreeItem(&sec->rcvSecret, PR_FALSE);
-
- /* Destroy ciphers */
- if (sec->destroy) {
- (*sec->destroy)(sec->readcx, PR_TRUE);
- (*sec->destroy)(sec->writecx, PR_TRUE);
- } else {
- PORT_Assert(sec->readcx == 0);
- PORT_Assert(sec->writecx == 0);
- }
- sec->readcx = 0;
- sec->writecx = 0;
-
- /* etc. */
- PORT_ZFree(sec->writeBuf.buf, sec->writeBuf.space);
- sec->writeBuf.buf = 0;
-
- CERT_DestroyCertificate(sec->peerCert);
- sec->peerCert = NULL;
-
- PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space);
- if (sec->ci.sid != NULL) {
- ssl_FreeSID(sec->ci.sid);
- }
-
- PORT_ZFree(sec, sizeof *sec);
- }
-}
-
-/************************************************************************/
-
-int
-ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa)
-{
- PRFileDesc *osfd = ss->fd->lower;
- int rv;
-
- PORT_Assert(ss->sec != 0);
-
- /* First connect to server */
- rv = osfd->methods->connect(osfd, sa, ss->cTimeout);
- if (rv < 0) {
- int olderrno = PR_GetError();
- SSL_DBG(("%d: SSL[%d]: connect failed, errno=%d",
- SSL_GETPID(), ss->fd, olderrno));
- if ((olderrno == PR_IS_CONNECTED_ERROR) ||
- (olderrno == PR_IN_PROGRESS_ERROR)) {
- /*
- ** Connected or trying to connect. Caller is Using a non-blocking
- ** connect. Go ahead and set things up.
- */
- } else {
- return rv;
- }
- }
-
- SSL_TRC(5, ("%d: SSL[%d]: secure connect completed, setting up handshake",
- SSL_GETPID(), ss->fd));
-
- if ( ss->handshakeAsServer ) {
- ss->securityHandshake = ssl2_BeginServerHandshake;
- } else {
- ss->securityHandshake = ssl2_BeginClientHandshake;
- }
-
- return rv;
-}
-
-int
-ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *sa)
-{
- int rv;
-
- PORT_Assert((ss->socks != 0) && (ss->sec != 0));
-
- /* First connect to socks daemon */
- rv = ssl_SocksConnect(ss, sa);
- if (rv < 0) {
- return rv;
- }
-
- if ( ss->handshakeAsServer ) {
- ss->securityHandshake = ssl2_BeginServerHandshake;
- } else {
- ss->securityHandshake = ssl2_BeginClientHandshake;
- }
-
- return 0;
-}
-
-PRFileDesc *
-ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr)
-{
-#if 0
- sslSocket *ns;
- int rv;
- PRFileDesc *newfd, *fd;
-
- newfd = ssl_SocksAccept(ss, addr);
- if (newfd == NULL) {
- return newfd;
- }
-
- /* Create new socket */
- ns = ssl_FindSocket(newfd);
- PORT_Assert(ns != NULL);
-
- /* Make an NSPR socket to give back to app */
- fd = ssl_NewPRSocket(ns, newfd);
- if (fd == NULL) {
- ssl_FreeSocket(ns);
- PR_Close(newfd);
- return NULL;
- }
-
- if ( ns->handshakeAsClient ) {
- ns->handshake = ssl2_BeginClientHandshake;
- } else {
- ns->handshake = ssl2_BeginServerHandshake;
- }
-
- return fd;
-#else
- return NULL;
-#endif
-}
-
-int
-ssl_SecureClose(sslSocket *ss)
-{
- int rv;
-
- if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
- ss->connected &&
- !(ss->shutdownHow & ssl_SHUTDOWN_SEND) &&
- (ss->ssl3 != NULL)) {
-
- (void) SSL3_SendAlert(ss, alert_warning, close_notify);
- }
- rv = ssl_DefClose(ss);
- return rv;
-}
-
-/* Caller handles all locking */
-int
-ssl_SecureShutdown(sslSocket *ss, int nsprHow)
-{
- PRFileDesc *osfd = ss->fd->lower;
- int rv;
- PRIntn sslHow = nsprHow + 1;
-
- if ((unsigned)nsprHow > PR_SHUTDOWN_BOTH) {
- PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
- return PR_FAILURE;
- }
-
- if ((sslHow & ssl_SHUTDOWN_SEND) != 0 &&
- !(ss->shutdownHow & ssl_SHUTDOWN_SEND) &&
- (ss->version >= SSL_LIBRARY_VERSION_3_0) &&
- ss->connected &&
- (ss->ssl3 != NULL)) {
-
- (void) SSL3_SendAlert(ss, alert_warning, close_notify);
- }
-
- rv = osfd->methods->shutdown(osfd, nsprHow);
-
- ss->shutdownHow |= sslHow;
-
- return rv;
-}
-
-/************************************************************************/
-
-
-int
-ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
-{
- sslSecurityInfo *sec;
- int rv = 0;
-
- PORT_Assert(ss->sec != 0);
- sec = ss->sec;
-
- if (ss->shutdownHow & ssl_SHUTDOWN_RCV) {
- PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
- return PR_FAILURE;
- }
- if (flags & ~MSG_PEEK) {
- PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
- return PR_FAILURE;
- }
-
- if (!ssl_SocketIsBlocking(ss) && !ss->fdx) {
- ssl_GetXmitBufLock(ss);
- if (ss->pendingBuf.len != 0) {
- rv = ssl_SendSavedWriteData(ss, &ss->pendingBuf, ssl_DefSend);
- if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
- ssl_ReleaseXmitBufLock(ss);
- return SECFailure;
- }
- /* XXX short write? */
- }
- ssl_ReleaseXmitBufLock(ss);
- }
-
- rv = 0;
- /* If any of these is non-zero, the initial handshake is not done. */
- if (!ss->connected) {
- ssl_Get1stHandshakeLock(ss);
- if (ss->handshake || ss->nextHandshake || ss->securityHandshake) {
- rv = ssl_Do1stHandshake(ss);
- }
- ssl_Release1stHandshakeLock(ss);
- }
- if (rv < 0) {
- return rv;
- }
-
- if (len == 0) return 0;
-
- rv = DoRecv(ss, (unsigned char*) buf, len, flags);
- SSL_TRC(2, ("%d: SSL[%d]: recving %d bytes securely (errno=%d)",
- SSL_GETPID(), ss->fd, rv, PORT_GetError()));
- return rv;
-}
-
-int
-ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len)
-{
- return ssl_SecureRecv(ss, buf, len, 0);
-}
-
-int
-ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags)
-{
- sslSecurityInfo *sec;
- int rv = 0;
-
- PORT_Assert(ss->sec != 0);
- sec = ss->sec;
-
- if (ss->shutdownHow & ssl_SHUTDOWN_SEND) {
- PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
- return PR_FAILURE;
- }
- if (flags) {
- PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
- return PR_FAILURE;
- }
-
- ssl_GetXmitBufLock(ss);
- if (ss->pendingBuf.len != 0) {
- PORT_Assert(ss->pendingBuf.len > 0);
- rv = ssl_SendSavedWriteData(ss, &ss->pendingBuf, ssl_DefSend);
- if (ss->pendingBuf.len != 0) {
- PORT_Assert(ss->pendingBuf.len > 0);
- PORT_SetError(PR_WOULD_BLOCK_ERROR);
- rv = SECFailure;
- }
- }
- ssl_ReleaseXmitBufLock(ss);
- if (rv < 0) {
- return rv;
- }
-
- /* If any of these is non-zero, the initial handshake is not done. */
- if (!ss->connected) {
- ssl_Get1stHandshakeLock(ss);
- if (ss->handshake || ss->nextHandshake || ss->securityHandshake) {
- rv = ssl_Do1stHandshake(ss);
- }
- ssl_Release1stHandshakeLock(ss);
- }
- if (rv < 0) {
- return rv;
- }
-
- /* Check for zero length writes after we do housekeeping so we make forward
- * progress.
- */
- if (len == 0) return 0;
- PORT_Assert(buf != NULL);
-
- SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes",
- SSL_GETPID(), ss->fd, len));
-
- /* Send out the data using one of these functions:
- * ssl2_SendClear, ssl2_SendStream, ssl2_SendBlock,
- * ssl3_SendApplicationData
- */
- ssl_GetXmitBufLock(ss);
- rv = (*sec->send)(ss, buf, len, flags);
- ssl_ReleaseXmitBufLock(ss);
- return rv;
-}
-
-int
-ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len)
-{
- return ssl_SecureSend(ss, buf, len, 0);
-}
-
-int
-SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, void *arg)
-{
- sslSocket *ss;
- int rv;
-
- ss = ssl_FindSocket(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSLBadCertHook",
- SSL_GETPID(), fd));
- return SECFailure;
- }
-
- if ((rv = ssl_CreateSecurityInfo(ss)) != 0) {
- return(rv);
- }
- ss->handleBadCert = f;
- ss->badCertArg = arg;
-
- return(0);
-}
-
-/*
- * Allow the application to pass the url or hostname into the SSL library
- * so that we can do some checking on it.
- */
-int
-SSL_SetURL(PRFileDesc *fd, const char *url)
-{
- sslSocket * ss = ssl_FindSocket(fd);
- int rv = SECSuccess;
-
- ssl_Get1stHandshakeLock(ss);
- ssl_GetSSL3HandshakeLock(ss);
-
- if ( ss->url ) {
- PORT_Free((void *)ss->url); /* CONST */
- }
-
- ss->url = (const char *)PORT_Strdup(url);
- if ( ss->url == NULL ) {
- rv = SECFailure;
- }
-
- ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_Release1stHandshakeLock(ss);
-
- return rv;
-}
-
-/*
-** Returns Negative number on error, zero or greater on success.
-** Returns the amount of data immediately available to be read.
-*/
-int
-SSL_DataPending(PRFileDesc *fd)
-{
- sslSocket *ss;
- int rv = 0;
-
- ss = ssl_FindSocket(fd);
-
-
- if (ss && ss->useSecurity) {
-
- ssl_Get1stHandshakeLock(ss);
- ssl_GetSSL3HandshakeLock(ss);
-
- /* Create ss->sec if it doesn't already exist. */
- rv = ssl_CreateSecurityInfo(ss);
- if (rv == SECSuccess) {
- ssl_GetRecvBufLock(ss);
- rv = ss->gather->writeOffset - ss->gather->readOffset;
- ssl_ReleaseRecvBufLock(ss);
- }
-
- ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_Release1stHandshakeLock(ss);
- }
-
- return rv;
-}
-
-int
-SSL_InvalidateSession(PRFileDesc *fd)
-{
- sslSocket * ss = ssl_FindSocket(fd);
- int rv = SECFailure;
-
- ssl_Get1stHandshakeLock(ss);
- ssl_GetSSL3HandshakeLock(ss);
-
- if (ss && ss->sec && ss->sec->ci.sid) {
- ss->sec->uncache(ss->sec->ci.sid);
- rv = SECSuccess;
- }
-
- ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_Release1stHandshakeLock(ss);
-
- return rv;
-}
-
-SECItem *
-SSL_GetSessionID(PRFileDesc *fd)
-{
- sslSocket * ss;
- SECItem * item = NULL;
- sslSessionID * sid;
-
- ss = ssl_FindSocket(fd);
-
- ssl_Get1stHandshakeLock(ss);
- ssl_GetSSL3HandshakeLock(ss);
-
- if (ss && ss->useSecurity && ss->connected && ss->sec && ss->sec->ci.sid) {
- sid = ss->sec->ci.sid;
- item = (SECItem *)PORT_Alloc(sizeof(SECItem));
- if (sid->version < SSL_LIBRARY_VERSION_3_0) {
- item->len = SSL_SESSIONID_BYTES;
- item->data = (unsigned char*)PORT_Alloc(item->len);
- PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len);
- } else {
- item->len = sid->u.ssl3.sessionIDLength;
- item->data = (unsigned char*)PORT_Alloc(item->len);
- PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);
- }
- }
-
- ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_Release1stHandshakeLock(ss);
-
- return item;
-}
-
-SECStatus
-SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
-{
- sslSocket * ss;
-
- ss = ssl_FindSocket(fd);
- if (!ss)
- return SECFailure;
- if (!dbHandle) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- ss->dbHandle = dbHandle;
- return SECSuccess;
-}
-
-/*
- * attempt to restart the handshake after asynchronously handling
- * a request for the client's certificate.
- *
- * inputs:
- * cert Client cert chosen by application.
- * Note: ssl takes this reference, and does not bump the
- * reference count. The caller should drop its reference
- * without calling CERT_DestroyCert after calling this function.
- *
- * key Private key associated with cert. This function makes a
- * copy of the private key, so the caller remains responsible
- * for destroying its copy after this function returns.
- *
- * certChain Chain of signers for cert.
- * Note: ssl takes this reference, and does not copy the chain.
- * The caller should drop its reference without destroying the
- * chain. SSL will free the chain when it is done with it.
- *
- * Return value: XXX
- *
- * XXX This code only works on the initial handshake on a connection, XXX
- * It does not work on a subsequent handshake (redo).
- */
-int
-SSL_RestartHandshakeAfterCertReq(sslSocket * ss,
- CERTCertificate * cert,
- SECKEYPrivateKey * key,
- CERTCertificateList *certChain)
-{
- int ret;
-
- ssl_Get1stHandshakeLock(ss); /************************************/
-
- if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
- ret = ssl3_RestartHandshakeAfterCertReq(ss, cert, key, certChain);
- } else {
- ret = ssl2_RestartHandshakeAfterCertReq(ss, cert, key);
- }
-
- ssl_Release1stHandshakeLock(ss); /************************************/
- return ret;
-}
-
-
-/* restart an SSL connection that we stopped to run certificate dialogs
-** XXX Need to document here how an application marks a cert to show that
-** the application has accepted it (overridden CERT_VerifyCert).
- *
- * XXX This code only works on the initial handshake on a connection, XXX
- * It does not work on a subsequent handshake (redo).
- *
- * Return value: XXX
-*/
-int
-SSL_RestartHandshakeAfterServerCert(sslSocket *ss)
-{
- int rv = SECSuccess;
-
- ssl_Get1stHandshakeLock(ss);
-
- if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
- rv = ssl3_RestartHandshakeAfterServerCert(ss);
- } else {
- rv = ssl2_RestartHandshakeAfterServerCert(ss);
- }
-
- ssl_Release1stHandshakeLock(ss);
- return rv;
-}
diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c
deleted file mode 100644
index bf58c954d..000000000
--- a/security/nss/lib/ssl/sslsnce.c
+++ /dev/null
@@ -1,1905 +0,0 @@
-/* This file implements the SERVER Session ID cache.
- * NOTE: The contents of this file are NOT used by the client.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-/* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server
- * cache sids!
- *
- * About record locking among different server processes:
- *
- * All processes that are part of the same conceptual server (serving on
- * the same address and port) MUST share a common SSL session cache.
- * This code makes the content of the shared cache accessible to all
- * processes on the same "server". This code works on Unix and Win32 only,
- * and is platform specific.
- *
- * Unix: Multiple processes share a single (inherited) FD for a disk
- * file all share one single file position. If one lseeks, the position for
- * all processes is changed. Since the set of platforms we support do not
- * all share portable lseek-and-read or lseek-and-write functions, a global
- * lock must be used to make the lseek call and the subsequent read or write
- * call be one atomic operation. It is no longer necessary for cache element
- * sizes to be a power of 2, or a multiple of a sector size.
- *
- * For Win32, where (a) disk I/O is not atomic, and (b) we use memory-mapped
- * files and move data to & from memory instead of calling read or write,
- * we must do explicit locking of the records for all reads and writes.
- * We have just one lock, for the entire file, using an NT semaphore.
- * We avoid blocking on "local threads" since it's bad to block on a local
- * thread - If NSPR offered portable semaphores, it would handle this itself.
- *
- * Since this file has to do lots of platform specific I/O, the system
- * dependent error codes need to be mapped back into NSPR error codes.
- * Since NSPR's error mapping functions are private, the code is necessarily
- * duplicated in libSSL.
- *
- * Note, now that NSPR provides portable anonymous shared memory, for all
- * platforms except Mac, the implementation below should be replaced with
- * one that uses anonymous shared memory ASAP. This will eliminate most
- * platform dependent code in this file, and improve performance big time.
- *
- * Now that NSPR offers portable cross-process locking (semaphores) on Unix
- * and Win32, semaphores should be used here for all platforms.
- */
-#include "seccomon.h"
-
-#if defined(XP_UNIX) || defined(XP_WIN32)
-#ifndef NADA_VERISON
-
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "pk11func.h"
-#include "base64.h"
-
-#include <stdio.h>
-
-#ifdef XP_UNIX
-
-#include <syslog.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include "unix_err.h"
-
-#else /* XP_WIN32 */
-#ifdef MC_HTTPD
-#include <ereport.h>
-#endif /* MC_HTTPD */
-#include <wtypes.h>
-#include "win32err.h"
-#endif /* XP_WIN32 */
-#include <sys/types.h>
-
-#define SET_ERROR_CODE /* reminder */
-
-#include "nspr.h"
-#include "nsslocks.h"
-
-static PRLock *cacheLock;
-
-/*
-** The server session-id cache uses a simple flat cache. The cache is
-** sized during initialization. We hash the ip-address + session-id value
-** into an index into the cache and do the lookup. No buckets, nothing
-** fancy.
-*/
-
-static PRBool isMultiProcess = PR_FALSE;
-
-static PRUint32 numSIDCacheEntries = 10000;
-static PRUint32 sidCacheFileSize;
-static PRUint32 sidCacheWrapOffset;
-
-static PRUint32 numCertCacheEntries = 250;
-static PRUint32 certCacheFileSize;
-
-#define MIN_CERT_CACHE_ENTRIES 125 /* the effective size in old releases. */
-
-
-/*
-** Format of a cache entry.
-*/
-typedef struct SIDCacheEntryStr SIDCacheEntry;
-struct SIDCacheEntryStr {
- PRUint32 addr;
- PRUint32 time;
-
- union {
- struct {
- /* This is gross. We have to have version and valid in both arms
- * of the union for alignment reasons. This probably won't work
- * on a 64-bit machine. XXXX
- */
-/* 2 */ uint16 version;
-/* 1 */ unsigned char valid;
-/* 1 */ unsigned char cipherType;
-
-/* 16 */ unsigned char sessionID[SSL_SESSIONID_BYTES];
-/* 64 */ unsigned char masterKey[SSL_MAX_MASTER_KEY_BYTES];
-/* 32 */ unsigned char cipherArg[SSL_MAX_CYPHER_ARG_BYTES];
-
-/* 1 */ unsigned char masterKeyLen;
-/* 1 */ unsigned char keyBits;
-
-/* 1 */ unsigned char secretKeyBits;
-/* 1 */ unsigned char cipherArgLen;
-/*120 */} ssl2;
-
- struct {
-/* 2 */ uint16 version;
-/* 1 */ unsigned char valid;
-/* 1 */ uint8 sessionIDLength;
-
-/* 32 */ unsigned char sessionID[SSL3_SESSIONID_BYTES];
-
-/* 2 */ ssl3CipherSuite cipherSuite;
-/* 2 */ uint16 compression; /* SSL3CompressionMethod */
-
-/*122 */ ssl3SidKeys keys; /* keys and ivs, wrapped as needed. */
-/* 4 */ PRUint32 masterWrapMech;
-/* 4 */ SSL3KEAType exchKeyType;
-
-/* 2 */ int16 certIndex;
-/* 1 */ uint8 hasFortezza;
-/* 1 */ uint8 resumable;
- } ssl3;
- /* We can't make this struct fit in 128 bytes
- * so, force the struct size up to the next power of two.
- */
- struct {
- unsigned char filler[248]; /* 248 + 4 + 4 == 256 */
- } force256;
- } u;
-};
-
-
-typedef struct CertCacheEntryStr CertCacheEntry;
-
-/* The length of this struct is supposed to be a power of 2, e.g. 4KB */
-struct CertCacheEntryStr {
- uint16 certLength; /* 2 */
- uint16 sessionIDLength; /* 2 */
- unsigned char sessionID[SSL3_SESSIONID_BYTES]; /* 32 */
- unsigned char cert[SSL_MAX_CACHED_CERT_LEN]; /* 4060 */
-}; /* total 4096 */
-
-
-static void IOError(int rv, char *type);
-static PRUint32 Offset(PRUint32 addr, unsigned char *s, unsigned nl);
-static void Invalidate(SIDCacheEntry *sce);
-
-/************************************************************************/
-
-static const char envVarName[] = { SSL_ENV_VAR_NAME };
-
-#ifdef _WIN32
-
-struct winInheritanceStr {
- PRUint32 numSIDCacheEntries;
- PRUint32 sidCacheFileSize;
- PRUint32 sidCacheWrapOffset;
- PRUint32 numCertCacheEntries;
- PRUint32 certCacheFileSize;
-
- DWORD parentProcessID;
- HANDLE parentProcessHandle;
- HANDLE SIDCacheFDMAP;
- HANDLE certCacheFDMAP;
- HANDLE svrCacheSem;
-};
-
-typedef struct winInheritanceStr winInheritance;
-
-static HANDLE svrCacheSem = INVALID_HANDLE_VALUE;
-
-static char * SIDCacheData = NULL;
-static HANDLE SIDCacheFD = INVALID_HANDLE_VALUE;
-static HANDLE SIDCacheFDMAP = INVALID_HANDLE_VALUE;
-
-static char * certCacheData = NULL;
-static HANDLE certCacheFD = INVALID_HANDLE_VALUE;
-static HANDLE certCacheFDMAP = INVALID_HANDLE_VALUE;
-
-static PRUint32 myPid;
-
-/* The presence of the TRUE element in this struct makes the semaphore
- * inheritable. The NULL means use process's default security descriptor.
- */
-static SECURITY_ATTRIBUTES semaphoreAttributes =
- { sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
-
-static SECURITY_ATTRIBUTES sidCacheFDMapAttributes =
- { sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
-
-static SECURITY_ATTRIBUTES certCacheFDMapAttributes =
- { sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
-
-#define DEFAULT_CACHE_DIRECTORY "\\temp"
-
-static SECStatus
-createServerCacheSemaphore(void)
-{
- PR_ASSERT(svrCacheSem == INVALID_HANDLE_VALUE);
-
- /* inheritable, starts signalled, 1 signal max, no file name. */
- svrCacheSem = CreateSemaphore(&semaphoreAttributes, 1, 1, NULL);
- if (svrCacheSem == NULL) {
- svrCacheSem = INVALID_HANDLE_VALUE;
- /* We could get the error code, but what could be do with it ? */
- nss_MD_win32_map_default_error(GetLastError());
- return SECFailure;
- }
- return SECSuccess;
-}
-
-static SECStatus
-_getServerCacheSemaphore(void)
-{
- DWORD event;
- DWORD lastError;
- SECStatus rv;
-
- PR_ASSERT(svrCacheSem != INVALID_HANDLE_VALUE);
- if (svrCacheSem == INVALID_HANDLE_VALUE &&
- SECSuccess != createServerCacheSemaphore()) {
- return SECFailure; /* what else ? */
- }
- event = WaitForSingleObject(svrCacheSem, INFINITE);
- switch (event) {
- case WAIT_OBJECT_0:
- case WAIT_ABANDONED:
- rv = SECSuccess;
- break;
-
- case WAIT_TIMEOUT:
- case WAIT_IO_COMPLETION:
- default: /* should never happen. nothing we can do. */
- PR_ASSERT(("WaitForSingleObject returned invalid value.", 0));
- /* fall thru */
-
- case WAIT_FAILED: /* failure returns this */
- rv = SECFailure;
- lastError = GetLastError(); /* for debugging */
- nss_MD_win32_map_default_error(lastError);
- break;
- }
- return rv;
-}
-
-static void
-_doGetServerCacheSemaphore(void * arg)
-{
- SECStatus * rv = (SECStatus *)arg;
- *rv = _getServerCacheSemaphore();
-}
-
-static SECStatus
-getServerCacheSemaphore(void)
-{
- PRThread * selectThread;
- PRThread * me = PR_GetCurrentThread();
- PRThreadScope scope = PR_GetThreadScope(me);
- SECStatus rv = SECFailure;
-
- if (scope == PR_GLOBAL_THREAD) {
- rv = _getServerCacheSemaphore();
- } else {
- selectThread = PR_CreateThread(PR_USER_THREAD,
- _doGetServerCacheSemaphore, &rv,
- PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
- PR_JOINABLE_THREAD, 0);
- if (selectThread != NULL) {
- /* rv will be set by _doGetServerCacheSemaphore() */
- PR_JoinThread(selectThread);
- }
- }
- return rv;
-}
-
-static SECStatus
-releaseServerCacheSemaphore(void)
-{
- BOOL success = FALSE;
-
- PR_ASSERT(svrCacheSem != INVALID_HANDLE_VALUE);
- if (svrCacheSem != INVALID_HANDLE_VALUE) {
- /* Add 1, don't want previous value. */
- success = ReleaseSemaphore(svrCacheSem, 1, NULL);
- }
- if (!success) {
- nss_MD_win32_map_default_error(GetLastError());
- return SECFailure;
- }
- return SECSuccess;
-}
-
-static void
-destroyServerCacheSemaphore(void)
-{
- PR_ASSERT(svrCacheSem != INVALID_HANDLE_VALUE);
- if (svrCacheSem != INVALID_HANDLE_VALUE) {
- CloseHandle(svrCacheSem);
- /* ignore error */
- svrCacheSem = INVALID_HANDLE_VALUE;
- }
-}
-
-#define GET_SERVER_CACHE_READ_LOCK(fd, offset, size) \
- if (isMultiProcess) getServerCacheSemaphore();
-
-#define GET_SERVER_CACHE_WRITE_LOCK(fd, offset, size) \
- if (isMultiProcess) getServerCacheSemaphore();
-
-#define RELEASE_SERVER_CACHE_LOCK(fd, offset, size) \
- if (isMultiProcess) releaseServerCacheSemaphore();
-
-#endif /* _win32 */
-
-/************************************************************************/
-
-#ifdef XP_UNIX
-static int SIDCacheFD = -1;
-static int certCacheFD = -1;
-
-static pid_t myPid;
-
-struct unixInheritanceStr {
- PRUint32 numSIDCacheEntries;
- PRUint32 sidCacheFileSize;
- PRUint32 sidCacheWrapOffset;
- PRUint32 numCertCacheEntries;
- PRUint32 certCacheFileSize;
-
- PRInt32 SIDCacheFD;
- PRInt32 certCacheFD;
-};
-
-typedef struct unixInheritanceStr unixInheritance;
-
-
-#define DEFAULT_CACHE_DIRECTORY "/tmp"
-
-#ifdef TRACE
-static void
-fcntlFailed(struct flock *lock)
-{
- fprintf(stderr,
- "fcntl failed, errno = %d, PR_GetError = %d, lock.l_type = %d\n",
- errno, PR_GetError(), lock->l_type);
- fflush(stderr);
-}
-#define FCNTL_FAILED(lock) fcntlFailed(lock)
-#else
-#define FCNTL_FAILED(lock)
-#endif
-
-/* NOTES: Because there are no atomic seek-and-read and seek-and-write
-** functions that are supported on all our UNIX platforms, we need
-** to prevent all simultaeous seek-and-read operations. For that reason,
-** we use mutually exclusive (write) locks for read and write operations,
-** and use them all at the same offset (zero).
-*/
-static SECStatus
-_getServerCacheLock(int fd, short type, PRUint32 offset, PRUint32 size)
-{
- int result;
- struct flock lock;
-
- memset(&lock, 0, sizeof lock);
- lock.l_type = /* type */ F_WRLCK;
- lock.l_whence = SEEK_SET; /* absolute file offsets. */
- lock.l_start = 0;
- lock.l_len = 128;
-
-#ifdef TRACE
- if (ssl_trace) {
- fprintf(stderr, "%d: %s lock, offset %8x, size %4d\n", myPid,
- (type == F_RDLCK) ? "read " : "write", offset, size);
- fflush(stderr);
- }
-#endif
- result = fcntl(fd, F_SETLKW, &lock);
- if (result == -1) {
- nss_MD_unix_map_default_error(errno);
- FCNTL_FAILED(&lock);
- return SECFailure;
- }
-#ifdef TRACE
- if (ssl_trace) {
- fprintf(stderr, "%d: got lock, offset %8x, size %4d\n",
- myPid, offset, size);
- fflush(stderr);
- }
-#endif
- return SECSuccess;
-}
-
-typedef struct sslLockArgsStr {
- PRUint32 offset;
- PRUint32 size;
- PRErrorCode err;
- SECStatus rv;
- int fd;
- short type;
-} sslLockArgs;
-
-static void
-_doGetServerCacheLock(void * arg)
-{
- sslLockArgs * args = (sslLockArgs *)arg;
- args->rv = _getServerCacheLock(args->fd, args->type, args->offset,
- args->size );
- if (args->rv != SECSuccess) {
- args->err = PR_GetError();
- }
-}
-
-static SECStatus
-getServerCacheLock(int fd, short type, PRUint32 offset, PRUint32 size)
-{
- PRThread * selectThread;
- PRThread * me = PR_GetCurrentThread();
- PRThreadScope scope = PR_GetThreadScope(me);
- SECStatus rv = SECFailure;
-
- if (scope == PR_GLOBAL_THREAD) {
- rv = _getServerCacheLock(fd, type, offset, size);
- } else {
- /* Ib some platforms, one thread cannot read local/automatic
- ** variables from another thread's stack. So, get this space
- ** from the heap, not the stack.
- */
- sslLockArgs * args = PORT_New(sslLockArgs);
-
- if (!args)
- return rv;
-
- args->offset = offset;
- args->size = size;
- args->rv = SECFailure;
- args->fd = fd;
- args->type = type;
- selectThread = PR_CreateThread(PR_USER_THREAD,
- _doGetServerCacheLock, args,
- PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
- PR_JOINABLE_THREAD, 0);
- if (selectThread != NULL) {
- /* rv will be set by _doGetServerCacheLock() */
- PR_JoinThread(selectThread);
- rv = args->rv;
- if (rv != SECSuccess) {
- PORT_SetError(args->err);
- }
- }
- PORT_Free(args);
- }
- return rv;
-}
-
-static SECStatus
-releaseServerCacheLock(int fd, PRUint32 offset, PRUint32 size)
-{
- int result;
- struct flock lock;
-
- memset(&lock, 0, sizeof lock);
- lock.l_type = F_UNLCK;
- lock.l_whence = SEEK_SET; /* absolute file offsets. */
- lock.l_start = 0;
- lock.l_len = 128;
-
-#ifdef TRACE
- if (ssl_trace) {
- fprintf(stderr, "%d: unlock, offset %8x, size %4d\n",
- myPid, offset, size);
- fflush(stderr);
- }
-#endif
- result = fcntl(fd, F_SETLK, &lock);
- if (result == -1) {
- nss_MD_unix_map_default_error(errno);
- FCNTL_FAILED(&lock);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-
-/* these defines take the arguments needed to do record locking,
- * however the present implementation does only file locking.
- */
-
-#define GET_SERVER_CACHE_READ_LOCK( fd, offset, size) \
- if (isMultiProcess) getServerCacheLock(fd, F_RDLCK, offset, size);
-
-#define GET_SERVER_CACHE_WRITE_LOCK(fd, offset, size) \
- if (isMultiProcess) getServerCacheLock(fd, F_WRLCK, offset, size);
-
-#define RELEASE_SERVER_CACHE_LOCK( fd, offset, size) \
- if (isMultiProcess) releaseServerCacheLock(fd, offset, size);
-
-/*
-** Zero a file out to nb bytes
-*/
-static SECStatus
-ZeroFile(int fd, int nb)
-{
- off_t off;
- int amount, rv;
- char buf[16384];
-
- PORT_Memset(buf, 0, sizeof(buf));
- off = lseek(fd, 0, SEEK_SET);
- if (off != 0) {
- if (off == -1)
- nss_MD_unix_map_lseek_error(errno);
- else
- PORT_SetError(PR_FILE_SEEK_ERROR);
- return SECFailure;
- }
-
- while (nb > 0) {
- amount = (nb > sizeof buf) ? sizeof buf : nb;
- rv = write(fd, buf, amount);
- if (rv <= 0) {
- if (!rv)
- PORT_SetError(PR_IO_ERROR);
- else
- nss_MD_unix_map_write_error(errno);
- IOError(rv, "zero-write");
- return SECFailure;
- }
- nb -= rv;
- }
- return SECSuccess;
-}
-
-#endif /* XP_UNIX */
-
-
-/************************************************************************/
-
-/*
-** Reconstitute a cert from the cache
-** This is only called from ConvertToSID().
-** Caller must hold the cache lock before calling this.
-*/
-static CERTCertificate *
-GetCertFromCache(SIDCacheEntry *sce, CERTCertDBHandle *dbHandle)
-{
- CERTCertificate *cert;
- PRUint32 offset;
- int rv;
-#ifdef XP_UNIX
- off_t off;
-#endif
- SECItem derCert;
- CertCacheEntry cce;
-
- offset = (PRUint32)sce->u.ssl3.certIndex * sizeof(CertCacheEntry);
- GET_SERVER_CACHE_READ_LOCK(certCacheFD, offset, sizeof(CertCacheEntry));
-#ifdef XP_UNIX
- off = lseek(certCacheFD, offset, SEEK_SET);
- rv = -1;
- if (off != offset) {
- if (off == -1)
- nss_MD_unix_map_lseek_error(errno);
- else
- PORT_SetError(PR_FILE_SEEK_ERROR);
- } else {
- rv = read(certCacheFD, &cce, sizeof(CertCacheEntry));
- if (rv != sizeof(CertCacheEntry)) {
- if (rv == -1)
- nss_MD_unix_map_read_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- }
- }
-#else /* XP_WIN32 */
- /* Use memory mapped I/O and just memcpy() the data */
- CopyMemory(&cce, &certCacheData[offset], sizeof(CertCacheEntry));
- rv = sizeof cce;
-#endif /* XP_WIN32 */
- RELEASE_SERVER_CACHE_LOCK(certCacheFD, offset, sizeof(CertCacheEntry))
-
- if (rv != sizeof(CertCacheEntry)) {
- IOError(rv, "read"); /* error set above */
- return NULL;
- }
-
- /* See if the session ID matches with that in the sce cache. */
- if((cce.sessionIDLength != sce->u.ssl3.sessionIDLength) ||
- PORT_Memcmp(cce.sessionID, sce->u.ssl3.sessionID, cce.sessionIDLength)) {
- /* this is a cache miss, not an error */
- PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
- return NULL;
- }
-
- derCert.len = cce.certLength;
- derCert.data = cce.cert;
-
- cert = CERT_NewTempCertificate(dbHandle, &derCert, NULL,
- PR_FALSE, PR_TRUE);
-
- return cert;
-}
-
-/* Put a certificate in the cache. We assume that the certIndex in
-** sid is valid.
-*/
-static void
-CacheCert(CERTCertificate *cert, SIDCacheEntry *sce)
-{
- PRUint32 offset;
- CertCacheEntry cce;
-#ifdef XP_UNIX
- off_t off;
- int rv;
-#endif
-
- offset = (PRUint32)sce->u.ssl3.certIndex * sizeof(CertCacheEntry);
- if (cert->derCert.len > SSL_MAX_CACHED_CERT_LEN)
- return;
-
- cce.sessionIDLength = sce->u.ssl3.sessionIDLength;
- PORT_Memcpy(cce.sessionID, sce->u.ssl3.sessionID, cce.sessionIDLength);
-
- cce.certLength = cert->derCert.len;
- PORT_Memcpy(cce.cert, cert->derCert.data, cce.certLength);
-
- GET_SERVER_CACHE_WRITE_LOCK(certCacheFD, offset, sizeof cce);
-#ifdef XP_UNIX
- off = lseek(certCacheFD, offset, SEEK_SET);
- if (off != offset) {
- if (off == -1)
- nss_MD_unix_map_lseek_error(errno);
- else
- PORT_SetError(PR_FILE_SEEK_ERROR);
- } else {
- rv = write(certCacheFD, &cce, sizeof cce);
- if (rv != sizeof(CertCacheEntry)) {
- if (rv == -1)
- nss_MD_unix_map_write_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- IOError(rv, "cert-write");
- Invalidate(sce);
- }
- }
-#else /* WIN32 */
- /* Use memory mapped I/O and just memcpy() the data */
- CopyMemory(&certCacheData[offset], &cce, sizeof cce);
-#endif /* XP_UNIX */
-
- RELEASE_SERVER_CACHE_LOCK(certCacheFD, offset, sizeof cce);
- return;
-}
-
-/*
-** Convert memory based SID to file based one
-*/
-static void
-ConvertFromSID(SIDCacheEntry *to, sslSessionID *from)
-{
- to->u.ssl2.valid = 1;
- to->u.ssl2.version = from->version;
- to->addr = from->addr;
- to->time = from->time;
-
- if (from->version < SSL_LIBRARY_VERSION_3_0) {
- if ((from->u.ssl2.masterKey.len > SSL_MAX_MASTER_KEY_BYTES) ||
- (from->u.ssl2.cipherArg.len > SSL_MAX_CYPHER_ARG_BYTES)) {
- SSL_DBG(("%d: SSL: masterKeyLen=%d cipherArgLen=%d",
- myPid, from->u.ssl2.masterKey.len,
- from->u.ssl2.cipherArg.len));
- to->u.ssl2.valid = 0;
- return;
- }
-
- to->u.ssl2.cipherType = from->u.ssl2.cipherType;
- to->u.ssl2.masterKeyLen = from->u.ssl2.masterKey.len;
- to->u.ssl2.cipherArgLen = from->u.ssl2.cipherArg.len;
- to->u.ssl2.keyBits = from->u.ssl2.keyBits;
- to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits;
- PORT_Memcpy(to->u.ssl2.sessionID, from->u.ssl2.sessionID,
- sizeof(to->u.ssl2.sessionID));
- PORT_Memcpy(to->u.ssl2.masterKey, from->u.ssl2.masterKey.data,
- from->u.ssl2.masterKey.len);
- PORT_Memcpy(to->u.ssl2.cipherArg, from->u.ssl2.cipherArg.data,
- from->u.ssl2.cipherArg.len);
-#ifdef DEBUG
- PORT_Memset(to->u.ssl2.masterKey+from->u.ssl2.masterKey.len, 0,
- sizeof(to->u.ssl2.masterKey) - from->u.ssl2.masterKey.len);
- PORT_Memset(to->u.ssl2.cipherArg+from->u.ssl2.cipherArg.len, 0,
- sizeof(to->u.ssl2.cipherArg) - from->u.ssl2.cipherArg.len);
-#endif
- SSL_TRC(8, ("%d: SSL: ConvertSID: masterKeyLen=%d cipherArgLen=%d "
- "time=%d addr=0x%x cipherType=%d", myPid,
- to->u.ssl2.masterKeyLen, to->u.ssl2.cipherArgLen,
- to->time, to->addr, to->u.ssl2.cipherType));
- } else {
- /* This is an SSL v3 session */
-
- to->u.ssl3.sessionIDLength = from->u.ssl3.sessionIDLength;
- to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
- to->u.ssl3.compression = (uint16)from->u.ssl3.compression;
- to->u.ssl3.resumable = from->u.ssl3.resumable;
- to->u.ssl3.hasFortezza = from->u.ssl3.hasFortezza;
- to->u.ssl3.keys = from->u.ssl3.keys;
- to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
- to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType;
-
- PORT_Memcpy(to->u.ssl3.sessionID,
- from->u.ssl3.sessionID,
- from->u.ssl3.sessionIDLength);
-
- SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%x cipherSuite=%d",
- myPid, to->time, to->addr, to->u.ssl3.cipherSuite));
- }
-}
-
-/*
-** Convert file based cache-entry to memory based one
-** This is only called from ServerSessionIDLookup().
-** Caller must hold cache lock when calling this.
-*/
-static sslSessionID *
-ConvertToSID(SIDCacheEntry *from, CERTCertDBHandle * dbHandle)
-{
- sslSessionID *to;
- uint16 version = from->u.ssl2.version;
-
- to = (sslSessionID*) PORT_ZAlloc(sizeof(sslSessionID));
- if (!to) {
- return 0;
- }
-
- if (version < SSL_LIBRARY_VERSION_3_0) {
- /* This is an SSL v2 session */
- to->u.ssl2.masterKey.data =
- (unsigned char*) PORT_Alloc(from->u.ssl2.masterKeyLen);
- if (!to->u.ssl2.masterKey.data) {
- goto loser;
- }
- if (from->u.ssl2.cipherArgLen) {
- to->u.ssl2.cipherArg.data = (unsigned char*)
- PORT_Alloc(from->u.ssl2.cipherArgLen);
- if (!to->u.ssl2.cipherArg.data) {
- goto loser;
- }
- PORT_Memcpy(to->u.ssl2.cipherArg.data, from->u.ssl2.cipherArg,
- from->u.ssl2.cipherArgLen);
- }
-
- to->u.ssl2.cipherType = from->u.ssl2.cipherType;
- to->u.ssl2.masterKey.len = from->u.ssl2.masterKeyLen;
- to->u.ssl2.cipherArg.len = from->u.ssl2.cipherArgLen;
- to->u.ssl2.keyBits = from->u.ssl2.keyBits;
- to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits;
- PORT_Memcpy(to->u.ssl2.sessionID, from->u.ssl2.sessionID,
- sizeof from->u.ssl2.sessionID);
- PORT_Memcpy(to->u.ssl2.masterKey.data, from->u.ssl2.masterKey,
- from->u.ssl2.masterKeyLen);
-
- SSL_TRC(8, ("%d: SSL: ConvertToSID: masterKeyLen=%d cipherArgLen=%d "
- "time=%d addr=0x%x cipherType=%d",
- myPid, to->u.ssl2.masterKey.len,
- to->u.ssl2.cipherArg.len, to->time, to->addr,
- to->u.ssl2.cipherType));
- } else {
- /* This is an SSL v3 session */
-
- to->u.ssl3.sessionIDLength = from->u.ssl3.sessionIDLength;
- to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
- to->u.ssl3.compression = (SSL3CompressionMethod)from->u.ssl3.compression;
- to->u.ssl3.resumable = from->u.ssl3.resumable;
- to->u.ssl3.hasFortezza = from->u.ssl3.hasFortezza;
- to->u.ssl3.keys = from->u.ssl3.keys;
- to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
- to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType;
-
- PORT_Memcpy(to->u.ssl3.sessionID,
- from->u.ssl3.sessionID,
- from->u.ssl3.sessionIDLength);
-
- /* the portions of the SID that are only restored on the client
- * are set to invalid values on the server.
- */
- to->u.ssl3.clientWriteKey = NULL;
- to->u.ssl3.serverWriteKey = NULL;
- to->u.ssl3.tek = NULL;
- to->urlSvrName = NULL;
-
- to->u.ssl3.masterModuleID = (SECMODModuleID)-1; /* invalid value */
- to->u.ssl3.masterSlotID = (CK_SLOT_ID)-1; /* invalid value */
- to->u.ssl3.masterWrapIndex = 0;
- to->u.ssl3.masterWrapSeries = 0;
- to->u.ssl3.masterValid = PR_FALSE;
-
- to->u.ssl3.clAuthModuleID = (SECMODModuleID)-1; /* invalid value */
- to->u.ssl3.clAuthSlotID = (CK_SLOT_ID)-1; /* invalid value */
- to->u.ssl3.clAuthSeries = 0;
- to->u.ssl3.clAuthValid = PR_FALSE;
-
- to->u.ssl3.clientWriteSaveLen = 0;
-
- if (from->u.ssl3.certIndex != -1) {
- to->peerCert = GetCertFromCache(from, dbHandle);
- if (to->peerCert == NULL)
- goto loser;
- }
- }
-
- to->version = from->u.ssl2.version;
- to->time = from->time;
- to->cached = in_server_cache;
- to->addr = from->addr;
- to->references = 1;
-
- return to;
-
- loser:
- Invalidate(from);
- if (to) {
- if (version < SSL_LIBRARY_VERSION_3_0) {
- if (to->u.ssl2.masterKey.data)
- PORT_Free(to->u.ssl2.masterKey.data);
- if (to->u.ssl2.cipherArg.data)
- PORT_Free(to->u.ssl2.cipherArg.data);
- }
- PORT_Free(to);
- }
- return NULL;
-}
-
-
-/* Invalidate a SID cache entry.
- * Called from CacheCert, ConvertToSid, and ServerSessionIDUncache.
- */
-static void
-Invalidate(SIDCacheEntry *sce)
-{
- PRUint32 offset;
-#ifdef XP_UNIX
- off_t off;
- int rv;
-#endif
-
- if (sce == NULL) return;
-
- if (sce->u.ssl2.version < SSL_LIBRARY_VERSION_3_0) {
- offset = Offset(sce->addr, sce->u.ssl2.sessionID,
- sizeof sce->u.ssl2.sessionID);
- } else {
- offset = Offset(sce->addr, sce->u.ssl3.sessionID,
- sce->u.ssl3.sessionIDLength);
- }
-
- sce->u.ssl2.valid = 0;
- SSL_TRC(7, ("%d: SSL: uncaching session-id at offset %ld",
- myPid, offset));
-
- GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, offset, sizeof *sce);
-
-#ifdef XP_UNIX
- off = lseek(SIDCacheFD, offset, SEEK_SET);
- if (off != offset) {
- if (off == -1)
- nss_MD_unix_map_lseek_error(errno);
- else
- PORT_SetError(PR_FILE_SEEK_ERROR);
- } else {
- rv = write(SIDCacheFD, sce, sizeof *sce);
- if (rv != sizeof *sce) {
- if (rv == -1)
- nss_MD_unix_map_write_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- IOError(rv, "invalidate-write");
- }
- }
-#else /* WIN32 */
- /* Use memory mapped I/O and just memcpy() the data */
- CopyMemory(&SIDCacheData[offset], sce, sizeof *sce);
-#endif /* XP_UNIX */
-
- RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *sce);
-}
-
-
-static void
-IOError(int rv, char *type)
-{
-#ifdef XP_UNIX
- syslog(LOG_ALERT,
- "SSL: %s error with session-id cache, pid=%d, rv=%d, error='%m'",
- type, myPid, rv);
-#else /* XP_WIN32 */
-#ifdef MC_HTTPD
- ereport(LOG_FAILURE, "%s error with session-id cache rv=%d\n",type, rv);
-#endif /* MC_HTTPD */
-#endif /* XP_UNIX */
-}
-
-static void
-lock_cache(void)
-{
- PR_Lock(cacheLock);
-}
-
-static void
-unlock_cache(void)
-{
- PR_Unlock(cacheLock);
-}
-
-/*
-** Perform some mumbo jumbo on the ip-address and the session-id value to
-** compute a hash value.
-*/
-static PRUint32
-Offset(PRUint32 addr, unsigned char *s, unsigned nl)
-{
- PRUint32 rv;
-
- rv = addr ^ (((PRUint32)s[0] << 24) | ((PRUint32)s[1] << 16)
- | (s[2] << 8) | s[nl-1]);
- return (rv % numSIDCacheEntries) * sizeof(SIDCacheEntry);
-}
-
-
-
-/*
-** Look something up in the cache. This will invalidate old entries
-** in the process. Caller has locked the cache!
-** Returns PR_TRUE if found a valid match. PR_FALSE otherwise.
-*/
-static PRBool
-FindSID(PRUint32 addr, unsigned char *sessionID,
- unsigned sessionIDLength, SIDCacheEntry *sce)
-{
- PRUint32 offset;
- PRUint32 now;
- int rv;
-#ifdef XP_UNIX
- off_t off;
-#endif
-
- /* Read in cache entry after hashing ip address and session-id value */
- offset = Offset(addr, sessionID, sessionIDLength);
- now = ssl_Time();
- GET_SERVER_CACHE_READ_LOCK(SIDCacheFD, offset, sizeof *sce);
-#ifdef XP_UNIX
- off = lseek(SIDCacheFD, offset, SEEK_SET);
- rv = -1;
- if (off != offset) {
- if (off == -1)
- nss_MD_unix_map_lseek_error(errno);
- else
- PORT_SetError(PR_FILE_SEEK_ERROR);
- } else {
- rv = read(SIDCacheFD, sce, sizeof *sce);
- if (rv != sizeof *sce) {
- if (rv == -1)
- nss_MD_unix_map_read_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- }
- }
-#else /* XP_WIN32 */
- /* Use memory mapped I/O and just memcpy() the data */
- CopyMemory(sce, &SIDCacheData[offset], sizeof *sce);
- rv = sizeof *sce;
-#endif /* XP_WIN32 */
- RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *sce);
-
- if (rv != sizeof *sce) {
- IOError(rv, "server sid cache read");
- return PR_FALSE;
- }
-
- if (!sce->u.ssl2.valid) {
- /* Entry is not valid */
- PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
- return PR_FALSE;
- }
-
- if (((sce->u.ssl2.version < SSL_LIBRARY_VERSION_3_0) &&
- (now > sce->time + ssl_sid_timeout)) ||
- ((sce->u.ssl2.version >= SSL_LIBRARY_VERSION_3_0) &&
- (now > sce->time + ssl3_sid_timeout))) {
- /* SessionID has timed out. Invalidate the entry. */
- SSL_TRC(7, ("%d: timed out sid entry addr=%08x now=%x time+=%x",
- myPid, sce->addr, now, sce->time + ssl_sid_timeout));
- sce->u.ssl2.valid = 0;
-
- GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, offset, sizeof *sce);
-#ifdef XP_UNIX
- off = lseek(SIDCacheFD, offset, SEEK_SET);
- rv = -1;
- if (off != offset) {
- if (off == -1)
- nss_MD_unix_map_lseek_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- } else {
- rv = write(SIDCacheFD, sce, sizeof *sce);
- if (rv != sizeof *sce) {
- if (rv == -1)
- nss_MD_unix_map_write_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- IOError(rv, "timeout-write");
- }
- }
-#else /* WIN32 */
- /* Use memory mapped I/O and just memcpy() the data */
- CopyMemory(&SIDCacheData[offset], sce, sizeof *sce);
- rv = sizeof *sce;
-#endif /* XP_UNIX */
- RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *sce);
- if (rv == sizeof *sce)
- PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
- return PR_FALSE;
- }
-
- /*
- ** Finally, examine specific session-id/addr data to see if the cache
- ** entry matches our addr+session-id value
- */
- if ((sce->addr == addr) &&
- (PORT_Memcmp(sce->u.ssl2.sessionID, sessionID, sessionIDLength) == 0)) {
- /* Found it */
- return PR_TRUE;
- }
- PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
- return PR_FALSE;
-}
-
-/************************************************************************/
-
-/* This is the primary function for finding entries in the server's sid cache.
- * Although it is static, this function is called via the global function
- * pointer ssl_sid_lookup.
- */
-static sslSessionID *
-ServerSessionIDLookup( PRUint32 addr,
- unsigned char *sessionID,
- unsigned int sessionIDLength,
- CERTCertDBHandle * dbHandle)
-{
- SIDCacheEntry sce;
- sslSessionID *sid;
-
- sid = 0;
- lock_cache();
- if (FindSID(addr, sessionID, sessionIDLength, &sce)) {
- /* Found it. Convert file format to internal format */
- sid = ConvertToSID(&sce, dbHandle);
- }
- unlock_cache();
- return sid;
-}
-
-/*
-** Place an sid into the cache, if it isn't already there. Note that if
-** some other server process has replaced a session-id cache entry that has
-** the same cache index as this sid, then all is ok. Somebody has to lose
-** when this condition occurs, so it might as well be this sid.
-*/
-static void
-ServerSessionIDCache(sslSessionID *sid)
-{
- SIDCacheEntry sce;
- PRUint32 offset;
-#ifdef XP_UNIX
- off_t off;
- int rv;
-#endif
- uint16 version = sid->version;
-
- if ((version >= SSL_LIBRARY_VERSION_3_0) &&
- (sid->u.ssl3.sessionIDLength == 0)) {
- return;
- }
-
- if (sid->cached == never_cached || sid->cached == invalid_cache) {
- lock_cache();
-
- sid->time = ssl_Time();
- if (version < SSL_LIBRARY_VERSION_3_0) {
- SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x time=%x "
- "cipher=%d", myPid, sid->cached, sid->addr,
- sid->time, sid->u.ssl2.cipherType));
- PRINT_BUF(8, (0, "sessionID:", sid->u.ssl2.sessionID,
- sizeof(sid->u.ssl2.sessionID)));
- PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data,
- sid->u.ssl2.masterKey.len));
- PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
- sid->u.ssl2.cipherArg.len));
-
- /* Write out new cache entry */
- offset = Offset(sid->addr, sid->u.ssl2.sessionID,
- sizeof(sid->u.ssl2.sessionID));
- } else {
- SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x time=%x "
- "cipherSuite=%d", myPid, sid->cached, sid->addr,
- sid->time, sid->u.ssl3.cipherSuite));
- PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID,
- sid->u.ssl3.sessionIDLength));
-
- offset = Offset(sid->addr, sid->u.ssl3.sessionID,
- sid->u.ssl3.sessionIDLength);
-
- }
-
- ConvertFromSID(&sce, sid);
- if (version >= SSL_LIBRARY_VERSION_3_0) {
- if (sid->peerCert == NULL) {
- sce.u.ssl3.certIndex = -1;
- } else {
- sce.u.ssl3.certIndex = (int16)
- ((offset / sizeof(SIDCacheEntry)) % numCertCacheEntries);
- }
- }
-
- GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, offset, sizeof sce);
-#ifdef XP_UNIX
- off = lseek(SIDCacheFD, offset, SEEK_SET);
- if (off != offset) {
- if (off == -1)
- nss_MD_unix_map_lseek_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- } else {
- rv = write(SIDCacheFD, &sce, sizeof sce);
- if (rv != sizeof(sce)) {
- if (rv == -1)
- nss_MD_unix_map_write_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- IOError(rv, "update-write");
- }
- }
-#else /* WIN32 */
- CopyMemory(&SIDCacheData[offset], &sce, sizeof sce);
-#endif /* XP_UNIX */
- RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof sce);
-
- if ((version >= SSL_LIBRARY_VERSION_3_0) &&
- (sid->peerCert != NULL)) {
- CacheCert(sid->peerCert, &sce);
- }
-
- sid->cached = in_server_cache;
- unlock_cache();
- }
-}
-
-static void
-ServerSessionIDUncache(sslSessionID *sid)
-{
- SIDCacheEntry sce;
- int rv;
-
- if (sid == NULL) return;
-
- lock_cache();
- if (sid->version < SSL_LIBRARY_VERSION_3_0) {
- SSL_TRC(8, ("%d: SSL: UncacheMT: valid=%d addr=0x%08x time=%x "
- "cipher=%d", myPid, sid->cached, sid->addr,
- sid->time, sid->u.ssl2.cipherType));
- PRINT_BUF(8, (0, "sessionID:", sid->u.ssl2.sessionID,
- sizeof(sid->u.ssl2.sessionID)));
- PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data,
- sid->u.ssl2.masterKey.len));
- PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
- sid->u.ssl2.cipherArg.len));
- rv = FindSID(sid->addr, sid->u.ssl2.sessionID,
- sizeof(sid->u.ssl2.sessionID), &sce);
- } else {
- SSL_TRC(8, ("%d: SSL3: UncacheMT: valid=%d addr=0x%08x time=%x "
- "cipherSuite=%d", myPid, sid->cached, sid->addr,
- sid->time, sid->u.ssl3.cipherSuite));
- PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID,
- sid->u.ssl3.sessionIDLength));
- rv = FindSID(sid->addr, sid->u.ssl3.sessionID,
- sid->u.ssl3.sessionIDLength, &sce);
- }
-
- if (rv) {
- Invalidate(&sce);
- }
- sid->cached = invalid_cache;
- unlock_cache();
-}
-
-static SECStatus
-InitSessionIDCache(int maxCacheEntries, PRUint32 timeout,
- PRUint32 ssl3_timeout, const char *directory)
-{
- char *cfn;
-#ifdef XP_UNIX
- int rv;
- if (SIDCacheFD >= 0) {
- /* Already done */
- return SECSuccess;
- }
-#else /* WIN32 */
- if(SIDCacheFDMAP != INVALID_HANDLE_VALUE) {
- /* Already done */
- return SECSuccess;
- }
-#endif /* XP_UNIX */
-
-
- if (maxCacheEntries) {
- numSIDCacheEntries = maxCacheEntries;
- }
- sidCacheWrapOffset = numSIDCacheEntries * sizeof(SIDCacheEntry);
- sidCacheFileSize = sidCacheWrapOffset +
- (kt_kea_size * SSL_NUM_WRAP_MECHS * sizeof(SSLWrappedSymWrappingKey));
-
- /* Create file names */
- cfn = (char*) PORT_Alloc(PORT_Strlen(directory) + 100);
- if (!cfn) {
- return SECFailure;
- }
-#ifdef XP_UNIX
- sprintf(cfn, "%s/.sslsidc.%d", directory, getpid());
-#else /* XP_WIN32 */
- sprintf(cfn, "%s\\ssl.sidc.%d.%d", directory,
- GetCurrentProcessId(), GetCurrentThreadId());
-#endif /* XP_WIN32 */
-
- /* Create session-id cache file */
-#ifdef XP_UNIX
- do {
- (void) unlink(cfn);
- SIDCacheFD = open(cfn, O_EXCL|O_CREAT|O_RDWR, 0600);
- } while (SIDCacheFD < 0 && errno == EEXIST);
- if (SIDCacheFD < 0) {
- nss_MD_unix_map_open_error(errno);
- IOError(SIDCacheFD, "create");
- goto loser;
- }
- rv = unlink(cfn);
- if (rv < 0) {
- nss_MD_unix_map_unlink_error(errno);
- IOError(rv, "unlink");
- goto loser;
- }
-#else /* WIN32 */
- SIDCacheFDMAP =
- CreateFileMapping(INVALID_HANDLE_VALUE, /* allocate in swap file */
- &sidCacheFDMapAttributes, /* inheritable. */
- PAGE_READWRITE,
- 0, /* size, high word. */
- sidCacheFileSize, /* size, low word. */
- NULL); /* no map name in FS */
- if(! SIDCacheFDMAP) {
- nss_MD_win32_map_default_error(GetLastError());
- goto loser;
- }
- SIDCacheData = (char *)MapViewOfFile(SIDCacheFDMAP,
- FILE_MAP_ALL_ACCESS, /* R/W */
- 0, 0, /* offset */
- sidCacheFileSize); /* size */
- if (! SIDCacheData) {
- nss_MD_win32_map_default_error(GetLastError());
- goto loser;
- }
-#endif /* XP_UNIX */
-
- if (!cacheLock)
- nss_InitLock(&cacheLock);
- if (!cacheLock) {
- SET_ERROR_CODE
- goto loser;
- }
-#ifdef _WIN32
- if (isMultiProcess && (SECSuccess != createServerCacheSemaphore())) {
- SET_ERROR_CODE
- goto loser;
- }
-#endif
-
- if (timeout) {
- if (timeout > 100) {
- timeout = 100;
- }
- if (timeout < 5) {
- timeout = 5;
- }
- ssl_sid_timeout = timeout;
- }
-
- if (ssl3_timeout) {
- if (ssl3_timeout > 86400L) {
- ssl3_timeout = 86400L;
- }
- if (ssl3_timeout < 5) {
- ssl3_timeout = 5;
- }
- ssl3_sid_timeout = ssl3_timeout;
- }
-
- GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, 0, sidCacheFileSize);
-#ifdef XP_UNIX
- /* Initialize the files */
- if (ZeroFile(SIDCacheFD, sidCacheFileSize)) {
- /* Bummer */
- close(SIDCacheFD);
- SIDCacheFD = -1;
- goto loser;
- }
-#else /* XP_WIN32 */
- ZeroMemory(SIDCacheData, sidCacheFileSize);
-#endif /* XP_UNIX */
- RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, 0, sidCacheFileSize);
- PORT_Free(cfn);
- return SECSuccess;
-
- loser:
-#ifdef _WIN32
- if (svrCacheSem)
- destroyServerCacheSemaphore();
-#endif
- if (cacheLock) {
- PR_DestroyLock(cacheLock);
- cacheLock = NULL;
- }
- PORT_Free(cfn);
- return SECFailure;
-}
-
-static SECStatus
-InitCertCache(const char *directory)
-{
- char *cfn;
-#ifdef XP_UNIX
- int rv;
- if (certCacheFD >= 0) {
- /* Already done */
- return SECSuccess;
- }
-#else /* WIN32 */
- if(certCacheFDMAP != INVALID_HANDLE_VALUE) {
- /* Already done */
- return SECSuccess;
- }
-#endif /* XP_UNIX */
-
- numCertCacheEntries = sidCacheFileSize / sizeof(CertCacheEntry);
- if (numCertCacheEntries < MIN_CERT_CACHE_ENTRIES)
- numCertCacheEntries = MIN_CERT_CACHE_ENTRIES;
- certCacheFileSize = numCertCacheEntries * sizeof(CertCacheEntry);
-
- /* Create file names */
- cfn = (char*) PORT_Alloc(PORT_Strlen(directory) + 100);
- if (!cfn) {
- return SECFailure;
- }
-#ifdef XP_UNIX
- sprintf(cfn, "%s/.sslcertc.%d", directory, getpid());
-#else /* XP_WIN32 */
- sprintf(cfn, "%s\\ssl.certc.%d.%d", directory,
- GetCurrentProcessId(), GetCurrentThreadId());
-#endif /* XP_WIN32 */
-
- /* Create certificate cache file */
-#ifdef XP_UNIX
- do {
- (void) unlink(cfn);
- certCacheFD = open(cfn, O_EXCL|O_CREAT|O_RDWR, 0600);
- } while (certCacheFD < 0 && errno == EEXIST);
- if (certCacheFD < 0) {
- nss_MD_unix_map_open_error(errno);
- IOError(certCacheFD, "create");
- goto loser;
- }
- rv = unlink(cfn);
- if (rv < 0) {
- nss_MD_unix_map_unlink_error(errno);
- IOError(rv, "unlink");
- goto loser;
- }
-#else /* WIN32 */
- certCacheFDMAP =
- CreateFileMapping(INVALID_HANDLE_VALUE, /* allocate in swap file */
- &certCacheFDMapAttributes, /* inheritable. */
- PAGE_READWRITE,
- 0, /* size, high word. */
- certCacheFileSize, /* size, low word. */
- NULL); /* no map name in FS */
- if (! certCacheFDMAP) {
- nss_MD_win32_map_default_error(GetLastError());
- goto loser;
- }
- certCacheData = (char *) MapViewOfFile(certCacheFDMAP,
- FILE_MAP_ALL_ACCESS, /* R/W */
- 0, 0, /* offset */
- certCacheFileSize); /* size */
- if (! certCacheData) {
- nss_MD_win32_map_default_error(GetLastError());
- goto loser;
- }
-#endif /* XP_UNIX */
-
-/* GET_SERVER_CACHE_WRITE_LOCK(certCacheFD, 0, certCacheFileSize); */
-#ifdef XP_UNIX
- /* Initialize the files */
- if (ZeroFile(certCacheFD, certCacheFileSize)) {
- /* Bummer */
- close(certCacheFD);
- certCacheFD = -1;
- goto loser;
- }
-#else /* XP_WIN32 */
- ZeroMemory(certCacheData, certCacheFileSize);
-#endif /* XP_UNIX */
-/* RELEASE_SERVER_CACHE_LOCK(certCacheFD, 0, certCacheFileSize); */
- PORT_Free(cfn);
- return SECSuccess;
-
- loser:
- PORT_Free(cfn);
- return SECFailure;
-}
-
-int
-SSL_ConfigServerSessionIDCache( int maxCacheEntries,
- PRUint32 timeout,
- PRUint32 ssl3_timeout,
- const char * directory)
-{
- SECStatus rv;
-
- PORT_Assert(sizeof(SIDCacheEntry) == 256);
- PORT_Assert(sizeof(CertCacheEntry) == 4096);
-
- myPid = SSL_GETPID();
- if (!directory) {
- directory = DEFAULT_CACHE_DIRECTORY;
- }
- rv = InitSessionIDCache(maxCacheEntries, timeout, ssl3_timeout, directory);
- if (rv) {
- SET_ERROR_CODE
- return SECFailure;
- }
- rv = InitCertCache(directory);
- if (rv) {
- SET_ERROR_CODE
- return SECFailure;
- }
-
- ssl_sid_lookup = ServerSessionIDLookup;
- ssl_sid_cache = ServerSessionIDCache;
- ssl_sid_uncache = ServerSessionIDUncache;
- return SECSuccess;
-}
-
-/* Use this function, instead of SSL_ConfigServerSessionIDCache,
- * if the cache will be shared by multiple processes.
- */
-int
-SSL_ConfigMPServerSIDCache( int maxCacheEntries,
- PRUint32 timeout,
- PRUint32 ssl3_timeout,
- const char * directory)
-{
- char * envValue;
- int result;
- SECStatus putEnvFailed;
-
- isMultiProcess = PR_TRUE;
- result = SSL_ConfigServerSessionIDCache(maxCacheEntries, timeout,
- ssl3_timeout, directory);
- if (result == SECSuccess) {
-#ifdef _WIN32
- winInheritance winherit;
-
- winherit.numSIDCacheEntries = numSIDCacheEntries;
- winherit.sidCacheFileSize = sidCacheFileSize;
- winherit.sidCacheWrapOffset = sidCacheWrapOffset;
- winherit.numCertCacheEntries = numCertCacheEntries;
- winherit.certCacheFileSize = certCacheFileSize;
- winherit.SIDCacheFDMAP = SIDCacheFDMAP;
- winherit.certCacheFDMAP = certCacheFDMAP;
- winherit.svrCacheSem = svrCacheSem;
- winherit.parentProcessID = GetCurrentProcessId();
- winherit.parentProcessHandle =
- OpenProcess(PROCESS_DUP_HANDLE, TRUE, winherit.parentProcessID);
- if (winherit.parentProcessHandle == NULL) {
- SET_ERROR_CODE
- return SECFailure;
- }
- envValue = BTOA_DataToAscii((unsigned char *)&winherit,
- sizeof winherit);
- if (!envValue) {
- SET_ERROR_CODE
- return SECFailure;
- }
-#else
- unixInheritance uinherit;
-
- uinherit.numSIDCacheEntries = numSIDCacheEntries;
- uinherit.sidCacheFileSize = sidCacheFileSize;
- uinherit.sidCacheWrapOffset = sidCacheWrapOffset;
- uinherit.numCertCacheEntries = numCertCacheEntries;
- uinherit.certCacheFileSize = certCacheFileSize;
- uinherit.SIDCacheFD = SIDCacheFD;
- uinherit.certCacheFD = certCacheFD;
-
- envValue = BTOA_DataToAscii((unsigned char *)&uinherit,
- sizeof uinherit);
- if (!envValue) {
- SET_ERROR_CODE
- return SECFailure;
- }
-#endif
- }
- putEnvFailed = (SECStatus)NSS_PutEnv(envVarName, envValue);
- PORT_Free(envValue);
- if (putEnvFailed) {
- SET_ERROR_CODE
- result = SECFailure;
- }
- return result;
-}
-
-SECStatus
-SSL_InheritMPServerSIDCache(const char * envString)
-{
- unsigned char * decoString = NULL;
- unsigned int decoLen;
-#ifdef _WIN32
- winInheritance inherit;
-#else
- unixInheritance inherit;
-#endif
-
- myPid = SSL_GETPID();
- if (isMultiProcess)
- return SECSuccess; /* already done. */
-
- ssl_sid_lookup = ServerSessionIDLookup;
- ssl_sid_cache = ServerSessionIDCache;
- ssl_sid_uncache = ServerSessionIDUncache;
-
- if (!envString) {
- envString = getenv(envVarName);
- if (!envString) {
- SET_ERROR_CODE
- return SECFailure;
- }
- }
-
- decoString = ATOB_AsciiToData(envString, &decoLen);
- if (!decoString) {
- SET_ERROR_CODE
- return SECFailure;
- }
- if (decoLen != sizeof inherit) {
- SET_ERROR_CODE
- goto loser;
- }
-
- PORT_Memcpy(&inherit, decoString, sizeof inherit);
- PORT_Free(decoString);
-
- numSIDCacheEntries = inherit.numSIDCacheEntries;
- sidCacheFileSize = inherit.sidCacheFileSize;
- sidCacheWrapOffset = inherit.sidCacheWrapOffset;
- numCertCacheEntries = inherit.numCertCacheEntries;
- certCacheFileSize = inherit.certCacheFileSize;
-
-#ifdef _WIN32
- SIDCacheFDMAP = inherit.SIDCacheFDMAP;
- certCacheFDMAP = inherit.certCacheFDMAP;
- svrCacheSem = inherit.svrCacheSem;
-
-#if 0
- /* call DuplicateHandle ?? */
- inherit.parentProcessID;
- inherit.parentProcessHandle;
-#endif
-
- if(!SIDCacheFDMAP) {
- SET_ERROR_CODE
- goto loser;
- }
- SIDCacheData = (char *)MapViewOfFile(SIDCacheFDMAP,
- FILE_MAP_ALL_ACCESS, /* R/W */
- 0, 0, /* offset */
- sidCacheFileSize); /* size */
- if(!SIDCacheData) {
- nss_MD_win32_map_default_error(GetLastError());
- goto loser;
- }
-
- if(!certCacheFDMAP) {
- SET_ERROR_CODE
- goto loser;
- }
- certCacheData = (char *) MapViewOfFile(certCacheFDMAP,
- FILE_MAP_ALL_ACCESS, /* R/W */
- 0, 0, /* offset */
- certCacheFileSize); /* size */
- if(!certCacheData) {
- nss_MD_win32_map_default_error(GetLastError());
- goto loser;
- }
-
-#else /* must be unix */
- SIDCacheFD = inherit.SIDCacheFD;
- certCacheFD = inherit.certCacheFD;
- if (SIDCacheFD < 0 || certCacheFD < 0) {
- SET_ERROR_CODE
- goto loser;
- }
-#endif
-
- if (!cacheLock) {
- nss_InitLock(&cacheLock);
- if (!cacheLock)
- goto loser;
- }
- isMultiProcess = PR_TRUE;
- return SECSuccess;
-
-loser:
- if (decoString)
- PORT_Free(decoString);
-#if _WIN32
- if (SIDCacheFDMAP) {
- CloseHandle(SIDCacheFDMAP);
- SIDCacheFDMAP = NULL;
- }
- if (certCacheFDMAP) {
- CloseHandle(certCacheFDMAP);
- certCacheFDMAP = NULL;
- }
-#else
- if (SIDCacheFD >= 0) {
- close(SIDCacheFD);
- SIDCacheFD = -1;
- }
- if (certCacheFD >= 0) {
- close(certCacheFD);
- certCacheFD = -1;
- }
-#endif
- return SECFailure;
-
-}
-
-/************************************************************************
- * Code dealing with shared wrapped symmetric wrapping keys below *
- ************************************************************************/
-
-
-static PRBool
-getWrappingKey(PRInt32 symWrapMechIndex,
- SSL3KEAType exchKeyType,
- SSLWrappedSymWrappingKey *wswk,
- PRBool grabSharedLock)
-{
- PRUint32 offset = sidCacheWrapOffset +
- ((exchKeyType * SSL_NUM_WRAP_MECHS + symWrapMechIndex) *
- sizeof(SSLWrappedSymWrappingKey));
- PRBool rv = PR_TRUE;
-#ifdef XP_UNIX
- off_t lrv;
- ssize_t rrv;
-#endif
-
- if (grabSharedLock) {
- GET_SERVER_CACHE_READ_LOCK(SIDCacheFD, offset, sizeof *wswk);
- }
-
-#ifdef XP_UNIX
- lrv = lseek(SIDCacheFD, offset, SEEK_SET);
- if (lrv != offset) {
- if (lrv == -1)
- nss_MD_unix_map_lseek_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- IOError(rv, "wrapping-read");
- rv = PR_FALSE;
- } else {
- rrv = read(SIDCacheFD, wswk, sizeof *wswk);
- if (rrv != sizeof *wswk) {
- if (rrv == -1)
- nss_MD_unix_map_read_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- IOError(rv, "wrapping-read");
- rv = PR_FALSE;
- }
- }
-#else /* XP_WIN32 */
- /* Use memory mapped I/O and just memcpy() the data */
- CopyMemory(wswk, &SIDCacheData[offset], sizeof *wswk);
-#endif /* XP_WIN32 */
- if (grabSharedLock) {
- RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *wswk);
- }
- if (rv) {
- if (wswk->exchKeyType != exchKeyType ||
- wswk->symWrapMechIndex != symWrapMechIndex ||
- wswk->wrappedSymKeyLen == 0) {
- memset(wswk, 0, sizeof *wswk);
- rv = PR_FALSE;
- }
- }
- return rv;
-}
-
-PRBool
-ssl_GetWrappingKey( PRInt32 symWrapMechIndex,
- SSL3KEAType exchKeyType,
- SSLWrappedSymWrappingKey *wswk)
-{
- PRBool rv;
-
- lock_cache();
-
- PORT_Assert( (unsigned)exchKeyType < kt_kea_size);
- PORT_Assert( (unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS);
- if ((unsigned)exchKeyType < kt_kea_size &&
- (unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS) {
- rv = getWrappingKey(symWrapMechIndex, exchKeyType, wswk, PR_TRUE);
- } else {
- rv = PR_FALSE;
- }
- unlock_cache();
- return rv;
-}
-
-/* The caller passes in the new value it wants
- * to set. This code tests the wrapped sym key entry in the file on disk.
- * If it is uninitialized, this function writes the caller's value into
- * the disk entry, and returns false.
- * Otherwise, it overwrites the caller's wswk with the value obtained from
- * the disk, and returns PR_TRUE.
- * This is all done while holding the locks/semaphores necessary to make
- * the operation atomic.
- */
-PRBool
-ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
-{
- PRBool rv;
- SSL3KEAType exchKeyType = wswk->exchKeyType;
- /* type of keys used to wrap SymWrapKey*/
- PRInt32 symWrapMechIndex = wswk->symWrapMechIndex;
- PRUint32 offset;
- SSLWrappedSymWrappingKey myWswk;
-
- PORT_Assert( (unsigned)exchKeyType < kt_kea_size);
- if ((unsigned)exchKeyType >= kt_kea_size)
- return 0;
-
- PORT_Assert( (unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS);
- if ((unsigned)symWrapMechIndex >= SSL_NUM_WRAP_MECHS)
- return 0;
-
- offset = sidCacheWrapOffset +
- ((exchKeyType * SSL_NUM_WRAP_MECHS + symWrapMechIndex) *
- sizeof(SSLWrappedSymWrappingKey));
- PORT_Memset(&myWswk, 0, sizeof myWswk); /* eliminate UMRs. */
- lock_cache();
- GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, offset, sizeof *wswk);
-
- rv = getWrappingKey(wswk->symWrapMechIndex, wswk->exchKeyType, &myWswk,
- PR_FALSE);
- if (rv) {
- /* we found it on disk, copy it out to the caller. */
- PORT_Memcpy(wswk, &myWswk, sizeof *wswk);
- } else {
- /* Wasn't on disk, and we're still holding the lock, so write it. */
-
-#ifdef XP_UNIX
- off_t lrv;
- ssize_t rrv;
-
- lrv = lseek(SIDCacheFD, offset, SEEK_SET);
- if (lrv != offset) {
- if (lrv == -1)
- nss_MD_unix_map_lseek_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- IOError(rv, "wrapping-read");
- rv = PR_FALSE;
- } else {
- rrv = write(SIDCacheFD, wswk, sizeof *wswk);
- if (rrv != sizeof *wswk) {
- if (rrv == -1)
- nss_MD_unix_map_read_error(errno);
- else
- PORT_SetError(PR_IO_ERROR);
- IOError(rv, "wrapping-read");
- rv = PR_FALSE;
- }
- }
-#else /* XP_WIN32 */
- /* Use memory mapped I/O and just memcpy() the data */
- CopyMemory(&SIDCacheData[offset], wswk, sizeof *wswk);
-#endif /* XP_WIN32 */
- }
- RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *wswk);
- unlock_cache();
- return rv;
-}
-
-
-#endif /* NADA_VERISON */
-#else
-
-#include "seccomon.h"
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-
-PRBool
-ssl_GetWrappingKey( PRInt32 symWrapMechIndex,
- SSL3KEAType exchKeyType,
- SSLWrappedSymWrappingKey *wswk)
-{
- PRBool rv = PR_FALSE;
- PR_ASSERT(!"SSL servers are not supported on the Mac. (ssl_GetWrappingKey)");
- return rv;
-}
-
-/* This is a kind of test-and-set. The caller passes in the new value it wants
- * to set. This code tests the wrapped sym key entry in the file on disk.
- * If it is uninitialized, this function writes the caller's value into
- * the disk entry, and returns false.
- * Otherwise, it overwrites the caller's wswk with the value obtained from
- * the disk, and returns PR_TRUE.
- * This is all done while holding the locks/semaphores necessary to make
- * the operation atomic.
- */
-PRBool
-ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
-{
- PRBool rv = PR_FALSE;
- PR_ASSERT(!"SSL servers are not supported on the Mac. (ssl_SetWrappingKey)");
- return rv;
-}
-
-#endif /* XP_UNIX || XP_WIN32 */
diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
deleted file mode 100644
index 2921e3b6c..000000000
--- a/security/nss/lib/ssl/sslsock.c
+++ /dev/null
@@ -1,1816 +0,0 @@
-/*
- * vtables (and methods that call through them) for the 4 types of
- * SSLSockets supported. Only one type is still supported.
- * Various other functions.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-#include "seccomon.h"
-#include "cert.h"
-#include "keyhi.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "nspr.h"
-
-#define SET_ERROR_CODE /* reminder */
-
-struct cipherPolicyStr {
- int cipher;
- unsigned char export; /* policy value for export policy */
- unsigned char france; /* policy value for france policy */
-};
-
-typedef struct cipherPolicyStr cipherPolicy;
-
-/* this table reflects Netscape's browser policies. */
-static cipherPolicy ssl_ciphers[] = { /* Export France */
- { SSL_EN_RC4_128_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
- { SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED },
- { SSL_EN_RC2_128_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
- { SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED },
- { SSL_EN_DES_64_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
- { SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
- { SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
- { SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
- { SSL_RSA_WITH_RC4_128_MD5, SSL_RESTRICTED, SSL_NOT_ALLOWED },
- { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
- { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED },
- { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
- { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
- { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, SSL_ALLOWED },
- { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, SSL_ALLOWED },
- { SSL_FORTEZZA_DMS_WITH_NULL_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
- { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, SSL_ALLOWED },
- { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED },
- { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED },
- { 0, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }
-};
-
-static
-sslSocketOps ssl_default_ops = { /* No SSL, No Socks. */
- ssl_DefConnect,
- NULL,
- ssl_DefBind,
- ssl_DefListen,
- ssl_DefShutdown,
- ssl_DefClose,
- ssl_DefRecv,
- ssl_DefSend,
- ssl_DefRead,
- ssl_DefWrite,
- ssl_DefGetpeername,
- ssl_DefGetsockname
-};
-
-static
-sslSocketOps ssl_socks_ops = { /* No SSL, has socks. */
- ssl_SocksConnect,
- ssl_SocksAccept,
- ssl_SocksBind,
- ssl_SocksListen,
- ssl_DefShutdown,
- ssl_DefClose,
- ssl_SocksRecv,
- ssl_SocksSend,
- ssl_SocksRead,
- ssl_SocksWrite,
- ssl_DefGetpeername,
- ssl_SocksGetsockname
-};
-
-static
-sslSocketOps ssl_secure_ops = { /* SSL, no socks. */
- ssl_SecureConnect,
- NULL,
- ssl_DefBind,
- ssl_DefListen,
- ssl_SecureShutdown,
- ssl_SecureClose,
- ssl_SecureRecv,
- ssl_SecureSend,
- ssl_SecureRead,
- ssl_SecureWrite,
- ssl_DefGetpeername,
- ssl_DefGetsockname
-};
-
-static
-sslSocketOps ssl_secure_socks_ops = { /* Both SSL and Socks. */
- ssl_SecureSocksConnect,
- ssl_SecureSocksAccept,
- ssl_SocksBind,
- ssl_SocksListen,
- ssl_SecureShutdown,
- ssl_SecureClose,
- ssl_SecureRecv,
- ssl_SecureSend,
- ssl_SecureRead,
- ssl_SecureWrite,
- ssl_DefGetpeername,
- ssl_SocksGetsockname
-};
-
-/*
-** default settings for socket enables
-*/
-static sslOptions ssl_defaults = {
- PR_TRUE, /* useSecurity */
- PR_FALSE, /* useSocks */
- PR_FALSE, /* requestCertificate */
- 2, /* requireCertificate */
- PR_FALSE, /* handshakeAsClient */
- PR_FALSE, /* handshakeAsServer */
- PR_TRUE, /* enableSSL2 */
- PR_TRUE, /* enableSSL3 */
- PR_TRUE, /* enableTLS */ /* now defaults to on in NSS 3.0 */
- PR_FALSE, /* noCache */
- PR_FALSE, /* fdx */
- PR_TRUE, /* v2CompatibleHello */
- PR_TRUE, /* detectRollBack */
-};
-
-sslSessionIDLookupFunc ssl_sid_lookup;
-sslSessionIDCacheFunc ssl_sid_cache;
-sslSessionIDUncacheFunc ssl_sid_uncache;
-
-static ssl_inited = PR_FALSE;
-static PRDescIdentity ssl_layer_id;
-
-int ssl_lock_readers = 1; /* default true. */
-char ssl_debug;
-char ssl_trace;
-
-
-/* forward declarations. */
-static sslSocket *ssl_NewSocket(void);
-static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
- PRDescIdentity id);
-
-/************************************************************************/
-
-/*
-** Lookup a socket structure from a file descriptor.
-*/
-static sslSocket *
-ssl_GetPrivate(PRFileDesc *fd)
-{
- sslSocket *ss;
-
- PORT_Assert(fd != NULL);
- PORT_Assert(fd->methods->file_type == PR_DESC_LAYERED);
- PORT_Assert(fd->identity == ssl_layer_id);
-
- ss = (sslSocket *)fd->secret;
- ss->fd = fd;
- return ss;
-}
-
-sslSocket *
-ssl_FindSocket(PRFileDesc *fd)
-{
- PRFileDesc *layer;
- sslSocket *ss;
-
- PORT_Assert(fd != NULL);
- PORT_Assert(ssl_layer_id != 0);
-
- layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
- if (layer == NULL)
- return NULL;
-
- ss = (sslSocket *)layer->secret;
- ss->fd = layer;
- return ss;
-}
-
-#if 0 /* dead code. */
-PRFileDesc *
-ssl_FindTop(sslSocket *ss)
-{
- PRFileDesc *fd = ss->fd;
-
- while (fd->higher != NULL)
- fd = fd->higher;
-
- return fd;
-}
-#endif
-
-sslSocket *
-ssl_DupSocket(sslSocket *os)
-{
- sslSocket *ss;
- SECStatus rv;
-
- ss = ssl_NewSocket();
- if (ss) {
- ss->useSocks = os->useSocks;
- ss->useSecurity = os->useSecurity;
- ss->requestCertificate = os->requestCertificate;
- ss->requireCertificate = os->requireCertificate;
- ss->handshakeAsClient = os->handshakeAsClient;
- ss->handshakeAsServer = os->handshakeAsServer;
- ss->enableSSL2 = os->enableSSL2;
- ss->enableSSL3 = os->enableSSL3;
- ss->enableTLS = os->enableTLS;
- ss->noCache = os->noCache;
- ss->fdx = os->fdx;
- ss->v2CompatibleHello = os->v2CompatibleHello;
- ss->detectRollBack = os->detectRollBack;
- ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
- ss->url = !os->url ? NULL : PORT_Strdup(os->url);
-
- ss->ops = os->ops;
- ss->peer = os->peer;
- ss->port = os->port;
- ss->rTimeout = os->rTimeout;
- ss->wTimeout = os->wTimeout;
- ss->cTimeout = os->cTimeout;
- ss->dbHandle = os->dbHandle;
-
- /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
- ss->allowedByPolicy = os->allowedByPolicy;
- ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
- ss->chosenPreference = os->chosenPreference;
- PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
-
- if (os->cipherSpecs) {
- ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
- if (ss->cipherSpecs)
- PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
- os->sizeCipherSpecs);
- ss->sizeCipherSpecs = os->sizeCipherSpecs;
- ss->preferredCipher = os->preferredCipher;
- } else {
- ss->cipherSpecs = NULL; /* produced lazily */
- ss->sizeCipherSpecs = 0;
- ss->preferredCipher = NULL;
- }
- if (ss->useSecurity) {
- /* This int should be SSLKEAType, but CC on Irix complains,
- * during the for loop.
- */
- int i;
-
- for (i=kt_null; i < kt_kea_size; i++) {
- if (os->serverCert[i]) {
- ss->serverCert[i] = CERT_DupCertificate(os->serverCert[i]);
- ss->serverCertChain[i] = CERT_CertChainFromCert
- (ss->serverCert[i], certUsageSSLServer,
- PR_TRUE);
- } else {
- ss->serverCert[i] = NULL;
- ss->serverCertChain[i] = NULL;
- }
- ss->serverKey[i] = os->serverKey[i] ?
- SECKEY_CopyPrivateKey(os->serverKey[i]) : NULL;
- }
- ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
- ssl3_GetKeyPairRef(os->stepDownKeyPair);
-/*
- * XXX the preceeding CERT_ and SECKEY_ functions can fail and return NULL.
- * XXX We should detect this, and not just march on with NULL pointers.
- */
- ss->authCertificate = os->authCertificate;
- ss->authCertificateArg = os->authCertificateArg;
- ss->getClientAuthData = os->getClientAuthData;
- ss->getClientAuthDataArg = os->getClientAuthDataArg;
- ss->handleBadCert = os->handleBadCert;
- ss->badCertArg = os->badCertArg;
- ss->handshakeCallback = os->handshakeCallback;
- ss->handshakeCallbackData = os->handshakeCallbackData;
- ss->pkcs11PinArg = os->pkcs11PinArg;
-
- /* Create security data */
- rv = ssl_CopySecurityInfo(ss, os);
- if (rv != SECSuccess) {
- goto losage;
- }
- }
- if (ss->useSocks) {
- /* Create security data */
- rv = ssl_CopySocksInfo(ss, os);
- if (rv != SECSuccess) {
- goto losage;
- }
- }
- }
- return ss;
-
- losage:
- return NULL;
-}
-
-/*
- * free an sslSocket struct, and all the stuff that hangs off of it
- */
-void
-ssl_FreeSocket(sslSocket *ss)
-{
- /* "i" should be of type SSLKEAType, but CC on IRIX complains during
- * the for loop.
- */
- int i;
-
- sslSocket *fs;
- sslSocket lSock;
-
-/* Get every lock you can imagine!
-** Caller already holds these:
-** SSL_LOCK_READER(ss);
-** SSL_LOCK_WRITER(ss);
-*/
- ssl_Get1stHandshakeLock(ss);
- ssl_GetRecvBufLock(ss);
- ssl_GetSSL3HandshakeLock(ss);
- ssl_GetXmitBufLock(ss);
- ssl_GetSpecWriteLock(ss);
-
-#ifdef DEBUG
- fs = &lSock;
- *fs = *ss; /* Copy the old socket structure, */
- PORT_Memset(ss, 0x1f, sizeof *ss); /* then blast the old struct ASAP. */
-#else
- fs = ss;
-#endif
-
- /* Free up socket */
- ssl_DestroySocksInfo(fs->socks);
- ssl_DestroySecurityInfo(fs->sec);
- ssl3_DestroySSL3Info(fs->ssl3);
- PORT_Free(fs->saveBuf.buf);
- PORT_Free(fs->pendingBuf.buf);
- if (fs->gather) {
- ssl_DestroyGather(fs->gather);
- }
- if (fs->peerID != NULL)
- PORT_Free(fs->peerID);
- if (fs->url != NULL)
- PORT_Free((void *)fs->url); /* CONST */
-
- /* Clean up server configuration */
- for (i=kt_null; i < kt_kea_size; i++) {
- if (fs->serverCert[i] != NULL)
- CERT_DestroyCertificate(fs->serverCert[i]);
- if (fs->serverCertChain[i] != NULL)
- CERT_DestroyCertificateList(fs->serverCertChain[i]);
- if (fs->serverKey[i] != NULL)
- SECKEY_DestroyPrivateKey(fs->serverKey[i]);
- }
- if (fs->stepDownKeyPair) {
- ssl3_FreeKeyPair(fs->stepDownKeyPair);
- fs->stepDownKeyPair = NULL;
- }
-
-
- /* Release all the locks acquired above. */
- SSL_UNLOCK_READER(fs);
- SSL_UNLOCK_WRITER(fs);
- ssl_Release1stHandshakeLock(fs);
- ssl_ReleaseRecvBufLock(fs);
- ssl_ReleaseSSL3HandshakeLock(fs);
- ssl_ReleaseXmitBufLock(fs);
- ssl_ReleaseSpecWriteLock(fs);
-
- /* Destroy locks. */
- if (fs->firstHandshakeLock) {
- PR_DestroyMonitor(fs->firstHandshakeLock);
- fs->firstHandshakeLock = NULL;
- }
- if (fs->ssl3HandshakeLock) {
- PR_DestroyMonitor(fs->ssl3HandshakeLock);
- fs->ssl3HandshakeLock = NULL;
- }
- if (fs->specLock) {
- NSSRWLock_Destroy(fs->specLock);
- fs->specLock = NULL;
- }
-
- if (fs->recvLock) {
- PR_DestroyLock(fs->recvLock);
- fs->recvLock = NULL;
- }
- if (fs->sendLock) {
- PR_DestroyLock(fs->sendLock);
- fs->sendLock = NULL;
- }
- if (fs->xmitBufLock) {
- PR_DestroyMonitor(fs->xmitBufLock);
- fs->xmitBufLock = NULL;
- }
- if (fs->recvBufLock) {
- PR_DestroyMonitor(fs->recvBufLock);
- fs->recvBufLock = NULL;
- }
- if (fs->cipherSpecs) {
- PORT_Free(fs->cipherSpecs);
- fs->cipherSpecs = NULL;
- fs->sizeCipherSpecs = 0;
- }
-
- PORT_Free(ss); /* free the caller's copy, not ours. */
- return;
-}
-
-/************************************************************************/
-
-static void
-ssl_ChooseOps(sslSocket *ss)
-{
- if (ss->useSocks) {
- ss->ops = ss->useSecurity ? &ssl_secure_socks_ops : &ssl_socks_ops ;
- } else {
- ss->ops = ss->useSecurity ? &ssl_secure_ops : &ssl_default_ops;
- }
-}
-
-/* Called from SSL_Enable (immediately below) */
-static SECStatus
-PrepareSocket(sslSocket *ss)
-{
- SECStatus rv = SECSuccess;
-
- if (ss->useSocks) {
- rv = ssl_CreateSocksInfo(ss);
- if (rv != SECSuccess) {
- return rv;
- }
- }
- if (ss->useSecurity) {
- rv = ssl_CreateSecurityInfo(ss);
- if (rv != SECSuccess) {
- return rv;
- }
- }
-
- ssl_ChooseOps(ss);
- return rv;
-}
-
-SECStatus
-SSL_Enable(PRFileDesc *fd, int which, PRBool on)
-{
- return SSL_OptionSet(fd, which, on);
-}
-
-SECStatus
-SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
-{
- sslSocket *ss = ssl_FindSocket(fd);
- SECStatus rv = SECSuccess;
-
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
- PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
- return SECFailure;
- }
-
- ssl_Get1stHandshakeLock(ss);
- ssl_GetSSL3HandshakeLock(ss);
-
- switch (which) {
- case SSL_SOCKS:
- ss->useSocks = on;
- rv = PrepareSocket(ss);
- break;
-
- case SSL_SECURITY:
- ss->useSecurity = on;
- rv = PrepareSocket(ss);
- break;
-
- case SSL_REQUEST_CERTIFICATE:
- ss->requestCertificate = on;
- break;
-
- case SSL_REQUIRE_CERTIFICATE:
- ss->requireCertificate = on;
- break;
-
- case SSL_HANDSHAKE_AS_CLIENT:
- if ( ss->handshakeAsServer && on ) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- break;
- }
- ss->handshakeAsClient = on;
- break;
-
- case SSL_HANDSHAKE_AS_SERVER:
- if ( ss->handshakeAsClient && on ) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- break;
- }
- ss->handshakeAsServer = on;
- break;
-
- case SSL_ENABLE_TLS:
- ss->enableTLS = on;
- ss->preferredCipher = NULL;
- if (ss->cipherSpecs) {
- PORT_Free(ss->cipherSpecs);
- ss->cipherSpecs = NULL;
- ss->sizeCipherSpecs = 0;
- }
- break;
-
- case SSL_ENABLE_SSL3:
- ss->enableSSL3 = on;
- ss->preferredCipher = NULL;
- if (ss->cipherSpecs) {
- PORT_Free(ss->cipherSpecs);
- ss->cipherSpecs = NULL;
- ss->sizeCipherSpecs = 0;
- }
- break;
-
- case SSL_ENABLE_SSL2:
- ss->enableSSL2 = on;
- if (on) {
- ss->v2CompatibleHello = on;
- }
- ss->preferredCipher = NULL;
- if (ss->cipherSpecs) {
- PORT_Free(ss->cipherSpecs);
- ss->cipherSpecs = NULL;
- ss->sizeCipherSpecs = 0;
- }
- break;
-
- case SSL_NO_CACHE:
- ss->noCache = on;
- break;
-
- case SSL_ENABLE_FDX:
- ss->fdx = on;
- break;
-
- case SSL_V2_COMPATIBLE_HELLO:
- ss->v2CompatibleHello = on;
- if (!on) {
- ss->enableSSL2 = on;
- }
- break;
-
- case SSL_ROLLBACK_DETECTION:
- ss->detectRollBack = on;
- break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- }
-
- ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_Release1stHandshakeLock(ss);
-
- return rv;
-}
-
-SECStatus
-SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
-{
- sslSocket *ss = ssl_FindSocket(fd);
- SECStatus rv = SECSuccess;
- PRBool on = PR_FALSE;
-
- if (!pOn) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
- PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
- *pOn = PR_FALSE;
- return SECFailure;
- }
-
- ssl_Get1stHandshakeLock(ss);
- ssl_GetSSL3HandshakeLock(ss);
-
- switch (which) {
- case SSL_SOCKS: on = ss->useSocks; break;
- case SSL_SECURITY: on = ss->useSecurity; break;
- case SSL_REQUEST_CERTIFICATE: on = ss->requestCertificate; break;
- case SSL_REQUIRE_CERTIFICATE: on = ss->requireCertificate; break;
- case SSL_HANDSHAKE_AS_CLIENT: on = ss->handshakeAsClient; break;
- case SSL_HANDSHAKE_AS_SERVER: on = ss->handshakeAsServer; break;
- case SSL_ENABLE_TLS: on = ss->enableTLS; break;
- case SSL_ENABLE_SSL3: on = ss->enableSSL3; break;
- case SSL_ENABLE_SSL2: on = ss->enableSSL2; break;
- case SSL_NO_CACHE: on = ss->noCache; break;
- case SSL_ENABLE_FDX: on = ss->fdx; break;
- case SSL_V2_COMPATIBLE_HELLO: on = ss->v2CompatibleHello; break;
- case SSL_ROLLBACK_DETECTION: on = ss->detectRollBack; break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- }
-
- ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_Release1stHandshakeLock(ss);
-
- *pOn = on;
- return rv;
-}
-
-SECStatus
-SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
-{
- SECStatus rv = SECSuccess;
- PRBool on = PR_FALSE;
-
- if (!pOn) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- switch (which) {
- case SSL_SOCKS: on = ssl_defaults.useSocks; break;
- case SSL_SECURITY: on = ssl_defaults.useSecurity; break;
- case SSL_REQUEST_CERTIFICATE: on = ssl_defaults.requestCertificate; break;
- case SSL_REQUIRE_CERTIFICATE: on = ssl_defaults.requireCertificate; break;
- case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break;
- case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break;
- case SSL_ENABLE_TLS: on = ssl_defaults.enableTLS; break;
- case SSL_ENABLE_SSL3: on = ssl_defaults.enableSSL3; break;
- case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break;
- case SSL_NO_CACHE: on = ssl_defaults.noCache; break;
- case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break;
- case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break;
- case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- }
-
- *pOn = on;
- return rv;
-}
-
-/* XXX Use Global Lock to protect this stuff. */
-SECStatus
-SSL_EnableDefault(int which, PRBool on)
-{
- return SSL_OptionSetDefault(which, on);
-}
-
-SECStatus
-SSL_OptionSetDefault(PRInt32 which, PRBool on)
-{
- switch (which) {
- case SSL_SOCKS:
- ssl_defaults.useSocks = on;
- break;
-
- case SSL_SECURITY:
- ssl_defaults.useSecurity = on;
- break;
-
- case SSL_REQUEST_CERTIFICATE:
- ssl_defaults.requestCertificate = on;
- break;
-
- case SSL_REQUIRE_CERTIFICATE:
- ssl_defaults.requireCertificate = on;
- break;
-
- case SSL_HANDSHAKE_AS_CLIENT:
- if ( ssl_defaults.handshakeAsServer && on ) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- ssl_defaults.handshakeAsClient = on;
- break;
-
- case SSL_HANDSHAKE_AS_SERVER:
- if ( ssl_defaults.handshakeAsClient && on ) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- ssl_defaults.handshakeAsServer = on;
- break;
-
- case SSL_ENABLE_TLS:
- ssl_defaults.enableTLS = on;
- break;
-
- case SSL_ENABLE_SSL3:
- ssl_defaults.enableSSL3 = on;
- break;
-
- case SSL_ENABLE_SSL2:
- ssl_defaults.enableSSL2 = on;
- if (on) {
- ssl_defaults.v2CompatibleHello = on;
- }
- break;
-
- case SSL_NO_CACHE:
- ssl_defaults.noCache = on;
- break;
-
- case SSL_ENABLE_FDX:
- ssl_defaults.fdx = on;
-
- case SSL_V2_COMPATIBLE_HELLO:
- ssl_defaults.v2CompatibleHello = on;
- if (!on) {
- ssl_defaults.enableSSL2 = on;
- }
- break;
-
- case SSL_ROLLBACK_DETECTION:
- ssl_defaults.detectRollBack = on;
- break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/* Part of the public NSS API.
- * Since this is a global (not per-socket) setting, we cannot use the
- * HandshakeLock to protect this. Probably want a global lock.
- */
-SECStatus
-SSL_SetPolicy(long which, int policy)
-{
- if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
- /* one of the two old FIPS ciphers */
- if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
- which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
- else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
- which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
- }
- return SSL_CipherPolicySet(which, policy);
-}
-
-SECStatus
-SSL_CipherPolicySet(PRInt32 which, PRInt32 policy)
-{
- SECStatus rv;
-
- if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_SetPolicy(which, policy);
- } else {
- rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
- }
- return rv;
-}
-
-SECStatus
-SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
-{
- SECStatus rv;
-
- if (!oPolicy) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_GetPolicy(which, oPolicy);
- } else {
- rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
- }
- return rv;
-}
-
-/* Part of the public NSS API.
- * Since this is a global (not per-socket) setting, we cannot use the
- * HandshakeLock to protect this. Probably want a global lock.
- * These changes have no effect on any sslSockets already created.
- */
-SECStatus
-SSL_EnableCipher(long which, PRBool enabled)
-{
- if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
- /* one of the two old FIPS ciphers */
- if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
- which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
- else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
- which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
- }
- return SSL_CipherPrefSetDefault(which, enabled);
-}
-
-SECStatus
-SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
-{
- SECStatus rv;
-
- if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_CipherPrefSetDefault(which, enabled);
- } else {
- rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
- }
- return rv;
-}
-
-SECStatus
-SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
-{
- SECStatus rv;
-
- if (!enabled) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_CipherPrefGetDefault(which, enabled);
- } else {
- rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
- }
- return rv;
-}
-
-SECStatus
-SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
-{
- SECStatus rv;
- sslSocket *ss = ssl_FindSocket(fd);
-
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
- PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
- return SECFailure;
- }
- if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_CipherPrefSet(ss, which, enabled);
- } else {
- rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
- }
- return rv;
-}
-
-SECStatus
-SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
-{
- SECStatus rv;
- sslSocket *ss = ssl_FindSocket(fd);
-
- if (!enabled) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
- PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
- *enabled = PR_FALSE;
- return SECFailure;
- }
- if (SSL_IS_SSL2_CIPHER(which)) {
- rv = ssl2_CipherPrefGet(ss, which, enabled);
- } else {
- rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
- }
- return rv;
-}
-
-SECStatus
-NSS_SetDomesticPolicy(void)
-{
-#ifndef EXPORT_VERSION
- SECStatus status = SECSuccess;
- cipherPolicy * policy;
-
- for (policy = ssl_ciphers; policy->cipher != 0; ++policy) {
- status = SSL_SetPolicy(policy->cipher, SSL_ALLOWED);
- if (status != SECSuccess)
- break;
- }
- return status;
-#else
- return NSS_SetExportPolicy();
-#endif
-}
-
-SECStatus
-NSS_SetExportPolicy(void)
-{
- SECStatus status = SECSuccess;
- cipherPolicy * policy;
-
- for (policy = ssl_ciphers; policy->cipher != 0; ++policy) {
- status = SSL_SetPolicy(policy->cipher, policy->export);
- if (status != SECSuccess)
- break;
- }
- return status;
-}
-
-SECStatus
-NSS_SetFrancePolicy(void)
-{
- SECStatus status = SECSuccess;
- cipherPolicy * policy;
-
- for (policy = ssl_ciphers; policy->cipher != 0; ++policy) {
- status = SSL_SetPolicy(policy->cipher, policy->france);
- if (status != SECSuccess)
- break;
- }
- return status;
-}
-
-
-
-/* LOCKS ??? XXX */
-PRFileDesc *
-SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
-{
- sslSocket * ns = NULL;
- PRStatus rv;
-
- if (model == NULL) {
- /* Just create a default socket if we're given NULL for the model */
- ns = ssl_NewSocket();
- } else {
- sslSocket * ss = ssl_FindSocket(model);
- if (ss == NULL) {
- SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
- SSL_GETPID(), model));
- SET_ERROR_CODE
- return NULL;
- }
- ns = ssl_DupSocket(ss);
- }
- if (ns == NULL)
- return NULL;
-
- rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
- if (rv != PR_SUCCESS) {
- ssl_FreeSocket(ns);
- SET_ERROR_CODE
- return NULL;
- }
-#ifdef _WIN32
- PR_Sleep(PR_INTERVAL_NO_WAIT); /* workaround NT winsock connect bug. */
-#endif
- return fd;
-}
-
-/************************************************************************/
-/* The following functions are the TOP LEVEL SSL functions.
-** They all get called through the NSPRIOMethods table below.
-*/
-
-static PRFileDesc * PR_CALLBACK
-ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
-{
- sslSocket *ss;
- sslSocket *ns = NULL;
- PRFileDesc *newfd = NULL;
- PRFileDesc *layer = NULL;
- PRFileDesc *osfd;
- PRStatus status;
-
- ss = ssl_GetPrivate(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
- return NULL;
- }
-
- /* IF this is a listen socket, there shouldn't be any I/O going on */
- SSL_LOCK_READER(ss);
- SSL_LOCK_WRITER(ss);
- ssl_Get1stHandshakeLock(ss);
- ssl_GetSSL3HandshakeLock(ss);
-
- ss->cTimeout = timeout;
-
- osfd = ss->fd->lower;
-
- /* First accept connection */
- newfd = osfd->methods->accept(osfd, sockaddr, timeout);
- if (newfd == NULL) {
- SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
- SSL_GETPID(), ss->fd, PORT_GetError()));
- } else {
- /* Create ssl module */
- ns = ssl_DupSocket(ss);
- }
-
- ssl_ReleaseSSL3HandshakeLock(ss);
- ssl_Release1stHandshakeLock(ss);
- SSL_UNLOCK_WRITER(ss);
- SSL_UNLOCK_READER(ss); /* ss isn't used below here. */
-
- if (ns == NULL)
- goto loser;
-
- /* push ssl module onto the new socket */
- status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
- if (status != PR_SUCCESS)
- goto loser;
-
- /* Now start server connection handshake with client.
- ** Don't need locks here because nobody else has a reference to ns yet.
- */
- if ( ns->useSecurity ) {
- if ( ns->handshakeAsClient ) {
- ns->handshake = ssl2_BeginClientHandshake;
- } else {
- ns->handshake = ssl2_BeginServerHandshake;
- }
- }
- return newfd;
-
-loser:
- if (ns != NULL)
- ssl_FreeSocket(ns);
- if (newfd != NULL)
- PR_Close(newfd);
- return NULL;
-}
-
-static PRStatus PR_CALLBACK
-ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
-{
- sslSocket *ss;
- PRStatus rv;
-
- ss = ssl_GetPrivate(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
- return PR_FAILURE;
- }
-
- /* IF this is a listen socket, there shouldn't be any I/O going on */
- SSL_LOCK_READER(ss);
- SSL_LOCK_WRITER(ss);
-
- ss->cTimeout = timeout;
- rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
-#ifdef _WIN32
- PR_Sleep(PR_INTERVAL_NO_WAIT); /* workaround NT winsock connect bug. */
-#endif
-
- SSL_UNLOCK_WRITER(ss);
- SSL_UNLOCK_READER(ss);
-
- return rv;
-}
-
-static PRStatus PR_CALLBACK
-ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
-{
- sslSocket * ss = ssl_GetPrivate(fd);
- PRStatus rv;
-
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
- return PR_FAILURE;
- }
- SSL_LOCK_READER(ss);
- SSL_LOCK_WRITER(ss);
-
- rv = (PRStatus)(*ss->ops->bind)(ss, addr);
-
- SSL_UNLOCK_WRITER(ss);
- SSL_UNLOCK_READER(ss);
- return rv;
-}
-
-static PRStatus PR_CALLBACK
-ssl_Listen(PRFileDesc *fd, PRIntn backlog)
-{
- sslSocket * ss = ssl_GetPrivate(fd);
- PRStatus rv;
-
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
- return PR_FAILURE;
- }
- SSL_LOCK_READER(ss);
- SSL_LOCK_WRITER(ss);
-
- rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
-
- SSL_UNLOCK_WRITER(ss);
- SSL_UNLOCK_READER(ss);
- return rv;
-}
-
-static PRStatus PR_CALLBACK
-ssl_Shutdown(PRFileDesc *fd, PRIntn how)
-{
- sslSocket * ss = ssl_GetPrivate(fd);
- PRStatus rv;
-
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
- return PR_FAILURE;
- }
- if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
- SSL_LOCK_READER(ss);
- }
- if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
- SSL_LOCK_WRITER(ss);
- }
-
- rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
-
- if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
- SSL_UNLOCK_WRITER(ss);
- }
- if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
- SSL_UNLOCK_READER(ss);
- }
- return rv;
-}
-
-static PRStatus PR_CALLBACK
-ssl_Close(PRFileDesc *fd)
-{
- sslSocket *ss;
- PRStatus rv;
-
- ss = ssl_GetPrivate(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
- return PR_FAILURE;
- }
-
- /* There must not be any I/O going on */
- SSL_LOCK_READER(ss);
- SSL_LOCK_WRITER(ss);
-
- /* By the time this function returns,
- ** ss is an invalid pointer, and the locks to which it points have
- ** been unlocked and freed. So, this is the ONE PLACE in all of SSL
- ** where the LOCK calls and the corresponding UNLOCK calls are not in
- ** the same function scope. The unlock calls are in ssl_FreeSocket().
- */
- rv = (PRStatus)(*ss->ops->close)(ss);
-
- return rv;
-}
-
-static int PR_CALLBACK
-ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
- PRIntervalTime timeout)
-{
- sslSocket *ss;
- int rv;
-
- ss = ssl_GetPrivate(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
- return SECFailure;
- }
- SSL_LOCK_READER(ss);
- ss->rTimeout = timeout;
- rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags);
- SSL_UNLOCK_READER(ss);
- return rv;
-}
-
-static int PR_CALLBACK
-ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
- PRIntervalTime timeout)
-{
- sslSocket *ss;
- int rv;
-
- ss = ssl_GetPrivate(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
- return SECFailure;
- }
- SSL_LOCK_WRITER(ss);
- ss->wTimeout = timeout;
- rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags);
- SSL_UNLOCK_WRITER(ss);
- return rv;
-}
-
-static int PR_CALLBACK
-ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len)
-{
- sslSocket *ss;
- int rv;
-
- ss = ssl_GetPrivate(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
- return SECFailure;
- }
- SSL_LOCK_READER(ss);
- ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
- rv = (*ss->ops->read)(ss, (unsigned char*)buf, len);
- SSL_UNLOCK_READER(ss);
- return rv;
-}
-
-static int PR_CALLBACK
-ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
-{
- sslSocket *ss;
- int rv;
-
- ss = ssl_GetPrivate(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
- return SECFailure;
- }
- SSL_LOCK_WRITER(ss);
- ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
- rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len);
- SSL_UNLOCK_WRITER(ss);
- return rv;
-}
-
-static PRStatus PR_CALLBACK
-ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
-{
- sslSocket *ss;
-
- ss = ssl_GetPrivate(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
- return PR_FAILURE;
- }
- return (PRStatus)(*ss->ops->getpeername)(ss, addr);
-}
-
-/*
-** XXX this code doesn't work properly inside a Socks server.
-*/
-SECStatus
-ssl_GetPeerInfo(sslSocket *ss)
-{
- sslConnectInfo * ci;
- PRNetAddr sin;
- int rv;
- PRFileDesc * osfd;
-
- PORT_Assert((ss->sec != 0));
-
- osfd = ss->fd->lower;
- ci = &ss->sec->ci;
-
- /* If ssl_SocksConnect() has previously recorded the peer's IP & port,
- * use that.
- */
- if ((ss->peer != 0) && (ss->port != 0)) {
- /* SOCKS code has already recorded the peer's IP addr and port.
- * (NOT the proxy's addr and port) in ss->peer & port.
- */
- ci->peer = ss->peer;
- ci->port = ss->port;
- return SECSuccess;
- }
-
- PORT_Memset(&sin, 0, sizeof(sin));
- rv = osfd->methods->getpeername(osfd, &sin);
- if (rv < 0) {
- return SECFailure;
- }
- /* we have to mask off the high byte because AIX is lame */
- PORT_Assert((sin.inet.family & 0xff) == PR_AF_INET);
- ci->peer = sin.inet.ip;
- ci->port = sin.inet.port;
- return SECSuccess;
-}
-
-static PRStatus PR_CALLBACK
-ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
-{
- sslSocket *ss;
-
- ss = ssl_GetPrivate(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
- return PR_FAILURE;
- }
- return (PRStatus)(*ss->ops->getsockname)(ss, name);
-}
-
-int PR_CALLBACK
-SSL_SetSockPeerID(PRFileDesc *fd, char *peerID)
-{
- sslSocket *ss;
-
- ss = ssl_GetPrivate(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCacheIndex",
- SSL_GETPID(), fd));
- return SECFailure;
- }
-
- ss->peerID = PORT_Strdup(peerID);
- return 0;
-}
-
-static PRInt16 PR_CALLBACK
-ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *out_flags)
-{
- sslSocket *ss;
- PRInt16 ret_flags = how_flags; /* should select on these flags. */
-
- *out_flags = 0;
- ss = ssl_GetPrivate(fd);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
- SSL_GETPID(), fd));
- return 0; /* don't poll on this socket */
- }
-
- if ((ret_flags & PR_POLL_WRITE) &&
- ( (ss->useSocks && ss->handshake) ||
- (ss->useSecurity && !ss->connected &&
- /* XXX There needs to be a better test than the following. */
- /* Don't check ss->securityHandshake. */
- (ss->handshake || ss->nextHandshake)))) {
- /* The user is trying to write, but the handshake is blocked waiting
- * to read, so tell NSPR NOT to poll on write.
- */
- ret_flags ^= PR_POLL_WRITE; /* don't select on write. */
- ret_flags |= PR_POLL_READ; /* do select on read. */
- }
-
- if ((ret_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
- *out_flags = PR_POLL_READ; /* it's ready already. */
-
- } else if (ret_flags && (fd->lower->methods->poll != NULL)) {
- ret_flags = fd->lower->methods->poll(fd->lower, ret_flags, out_flags);
- }
-
- return ret_flags;
-}
-
-
-PRBool
-ssl_FdIsBlocking(PRFileDesc *fd)
-{
- PRSocketOptionData opt;
- PRStatus status;
-
- opt.option = PR_SockOpt_Nonblocking;
- opt.value.non_blocking = PR_FALSE;
- status = PR_GetSocketOption(fd, &opt);
- if (status != PR_SUCCESS)
- return PR_FALSE;
- return (PRBool)!opt.value.non_blocking;
-}
-
-PRBool
-ssl_SocketIsBlocking(sslSocket *ss)
-{
- return ssl_FdIsBlocking(ss->fd);
-}
-
-PRInt32 sslFirstBufSize = 8 * 1024;
-PRInt32 sslCopyLimit = 1024;
-
-static PRInt32 PR_CALLBACK
-ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
- PRIntervalTime timeout)
-{
- PRInt32 bufLen;
- PRInt32 left;
- PRInt32 rv;
- PRInt32 sent = 0;
- const PRInt32 first_len = sslFirstBufSize;
- const PRInt32 limit = sslCopyLimit;
- PRBool blocking;
- PRIOVec myIov = { 0, 0 };
- char buf[MAX_FRAGMENT_LENGTH];
-
- if (vectors > PR_MAX_IOVECTOR_SIZE) {
- PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
- return -1;
- }
- blocking = ssl_FdIsBlocking(fd);
-
-#define K16 sizeof(buf)
-#define KILL_VECTORS while (vectors && !iov->iov_len) { ++iov; --vectors; }
-#define GET_VECTOR do { myIov = *iov++; --vectors; KILL_VECTORS } while (0)
-#define HANDLE_ERR(rv, len) \
- if (rv != len) { \
- if (rv < 0) { \
- if (blocking \
- && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
- && (sent > 0)) { \
- return sent; \
- } else { \
- return -1; \
- } \
- } \
- /* Only a nonblocking socket can have partial sends */ \
- PR_ASSERT(blocking); \
- return sent; \
- }
-#define SEND(bfr, len) \
- do { \
- rv = ssl_Send(fd, bfr, len, 0, timeout); \
- HANDLE_ERR(rv, len) \
- sent += len; \
- } while (0)
-
- /* Make sure the first write is at least 8 KB, if possible. */
- KILL_VECTORS
- if (!vectors)
- return 0;
- GET_VECTOR;
- if (!vectors) {
- return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
- }
- if (myIov.iov_len < first_len) {
- PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
- bufLen = myIov.iov_len;
- left = first_len - bufLen;
- while (vectors && left) {
- int toCopy;
- GET_VECTOR;
- toCopy = PR_MIN(left, myIov.iov_len);
- PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
- bufLen += toCopy;
- left -= toCopy;
- myIov.iov_base += toCopy;
- myIov.iov_len -= toCopy;
- }
- SEND( buf, bufLen );
- }
-
- while (vectors || myIov.iov_len) {
- PRInt32 addLen;
- if (!myIov.iov_len) {
- GET_VECTOR;
- }
- while (myIov.iov_len >= K16) {
- SEND(myIov.iov_base, K16);
- myIov.iov_base += K16;
- myIov.iov_len -= K16;
- }
- if (!myIov.iov_len)
- continue;
-
- if (!vectors || myIov.iov_len > limit) {
- addLen = 0;
- } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
- /* Addlen is already computed. */;
- } else if (vectors > 1 &&
- iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
- addLen = limit - myIov.iov_len;
- } else
- addLen = 0;
-
- if (!addLen) {
- SEND( myIov.iov_base, myIov.iov_len );
- myIov.iov_len = 0;
- continue;
- }
- PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
- bufLen = myIov.iov_len;
- do {
- GET_VECTOR;
- PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
- myIov.iov_base += addLen;
- myIov.iov_len -= addLen;
- bufLen += addLen;
-
- left = PR_MIN( limit, K16 - bufLen);
- if (!vectors /* no more left */
- || myIov.iov_len > 0 /* we didn't use that one all up */
- || bufLen >= K16 /* it's full. */
- ) {
- addLen = 0;
- } else if ((addLen = iov->iov_len % K16) <= left) {
- /* Addlen is already computed. */;
- } else if (vectors > 1 &&
- iov[1].iov_len % K16 + addLen <= left + limit) {
- addLen = left;
- } else
- addLen = 0;
-
- } while (addLen);
- SEND( buf, bufLen );
- }
- return sent;
-}
-
-/*
- * These functions aren't implemented.
- */
-
-static PRInt32 PR_CALLBACK
-ssl_Available(PRFileDesc *fd)
-{
- PORT_Assert(0);
- PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
- return SECFailure;
-}
-
-static PRInt64 PR_CALLBACK
-ssl_Available64(PRFileDesc *fd)
-{
- PRInt64 res;
-
- PORT_Assert(0);
- PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
- LL_I2L(res, -1L);
- return res;
-}
-
-static PRStatus PR_CALLBACK
-ssl_FSync(PRFileDesc *fd)
-{
- PORT_Assert(0);
- PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
- return PR_FAILURE;
-}
-
-static PRInt32 PR_CALLBACK
-ssl_Seek(PRFileDesc *fd, PRInt32 offset, PRSeekWhence how) {
- PORT_Assert(0);
- PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
- return SECFailure;
-}
-
-static PRInt64 PR_CALLBACK
-ssl_Seek64(PRFileDesc *fd, PRInt64 offset, PRSeekWhence how) {
- PRInt64 res;
-
- PORT_Assert(0);
- PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
- LL_I2L(res, -1L);
- return res;
-}
-
-static PRStatus PR_CALLBACK
-ssl_FileInfo(PRFileDesc *fd, PRFileInfo *info)
-{
- PORT_Assert(0);
- PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
- return PR_FAILURE;
-}
-
-static PRStatus PR_CALLBACK
-ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info)
-{
- PORT_Assert(0);
- PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
- return PR_FAILURE;
-}
-
-static PRInt32 PR_CALLBACK
-ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
- PRNetAddr *addr, PRIntervalTime timeout)
-{
- PORT_Assert(0);
- PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
- return SECFailure;
-}
-
-static PRInt32 PR_CALLBACK
-ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
- const PRNetAddr *addr, PRIntervalTime timeout)
-{
- PORT_Assert(0);
- PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
- return SECFailure;
-}
-
-static PRIOMethods ssl_methods = {
- PR_DESC_LAYERED,
- ssl_Close, /* close */
- ssl_Read, /* read */
- ssl_Write, /* write */
- ssl_Available, /* available */
- ssl_Available64, /* available64 */
- ssl_FSync, /* fsync */
- ssl_Seek, /* seek */
- ssl_Seek64, /* seek64 */
- ssl_FileInfo, /* fileInfo */
- ssl_FileInfo64, /* fileInfo64 */
- ssl_WriteV, /* writev */
- ssl_Connect, /* connect */
- ssl_Accept, /* accept */
- ssl_Bind, /* bind */
- ssl_Listen, /* listen */
- ssl_Shutdown, /* shutdown */
- ssl_Recv, /* recv */
- ssl_Send, /* send */
- ssl_RecvFrom, /* recvfrom */
- ssl_SendTo, /* sendto */
- ssl_Poll, /* poll */
- ssl_EmulateAcceptRead, /* acceptread */
- ssl_EmulateTransmitFile, /* transmitfile */
- ssl_GetSockName, /* getsockname */
- ssl_GetPeerName, /* getpeername */
- NULL, /* getsockopt OBSOLETE */
- NULL, /* setsockopt OBSOLETE */
- NULL, /* getsocketoption */
- NULL, /* setsocketoption */
- ssl_EmulateSendFile, /* Send a (partial) file with header/trailer*/
- NULL, /* reserved for future use */
- NULL, /* reserved for future use */
- NULL, /* reserved for future use */
- NULL, /* reserved for future use */
- NULL /* reserved for future use */
-};
-
-static void
-ssl_SetupIOMethods(PRIOMethods *ssl_methods)
-{
- const PRIOMethods *default_methods;
-
- default_methods = PR_GetDefaultIOMethods();
-
- ssl_methods->reserved_fn_6 = default_methods->reserved_fn_6;
- ssl_methods->reserved_fn_5 = default_methods->reserved_fn_5;
- ssl_methods->getsocketoption = default_methods->getsocketoption;
- ssl_methods->setsocketoption = default_methods->setsocketoption;
- ssl_methods->reserved_fn_4 = default_methods->reserved_fn_4;
- ssl_methods->reserved_fn_3 = default_methods->reserved_fn_3;
- ssl_methods->reserved_fn_2 = default_methods->reserved_fn_2;
- ssl_methods->reserved_fn_1 = default_methods->reserved_fn_1;
- ssl_methods->reserved_fn_0 = default_methods->reserved_fn_0;
-
-}
-
-static PRStatus
-ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
-{
- PRFileDesc *layer = NULL;
- PRStatus status;
-
- if (ssl_inited != PR_TRUE) {
- ssl_layer_id = PR_GetUniqueIdentity("SSL");
- ssl_SetupIOMethods(&ssl_methods);
- ssl_inited = PR_TRUE;
- }
-
- if (ns == NULL)
- goto loser;
-
- layer = PR_CreateIOLayerStub(ssl_layer_id, &ssl_methods);
- if (layer == NULL)
- goto loser;
- layer->secret = (PRFilePrivate *)ns;
-
- /* Here, "stack" points to the PRFileDesc on the top of the stack.
- ** "layer" points to a new FD that is to be inserted into the stack.
- ** If layer is being pushed onto the top of the stack, then
- ** PR_PushIOLayer switches the contents of stack and layer, and then
- ** puts stack on top of layer, so that after it is done, the top of
- ** stack is the same "stack" as it was before, and layer is now the
- ** FD for the former top of stack.
- ** After this call, stack always points to the top PRFD on the stack.
- ** If this function fails, the contents of stack and layer are as
- ** they were before the call.
- */
- status = PR_PushIOLayer(stack, id, layer);
- if (status != PR_SUCCESS)
- goto loser;
-
- ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
- return PR_SUCCESS;
-
-loser:
- if (layer) {
- layer->dtor(layer); /* free layer */
- }
- return PR_FAILURE;
-}
-
-/*
-** Create a newsocket structure for a file descriptor.
-*/
-static sslSocket *
-ssl_NewSocket(void)
-{
- sslSocket *ss;
-#ifdef DEBUG
- static int firsttime = 1;
-#endif
-
-#ifdef DEBUG
-#if defined(XP_UNIX) || defined(XP_WIN32)
- if (firsttime) {
- firsttime = 0;
-
- {
- char *ev = getenv("SSLDEBUG");
- if (ev && ev[0]) {
- ssl_debug = atoi(ev);
- SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
- }
- }
-#ifdef TRACE
- {
- char *ev = getenv("SSLTRACE");
- if (ev && ev[0]) {
- ssl_trace = atoi(ev);
- SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
- }
- }
-#endif /* TRACE */
- }
-#endif /* XP_UNIX || XP_WIN32 */
-#endif /* DEBUG */
-
- /* Make a new socket and get it ready */
- ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket));
- if (ss) {
- /* This should be of type SSLKEAType, but CC on IRIX
- * complains during the for loop.
- */
- int i;
-
- ss->useSecurity = ssl_defaults.useSecurity;
- ss->useSocks = ssl_defaults.useSocks;
- ss->requestCertificate = ssl_defaults.requestCertificate;
- ss->requireCertificate = ssl_defaults.requireCertificate;
- ss->handshakeAsClient = ssl_defaults.handshakeAsClient;
- ss->handshakeAsServer = ssl_defaults.handshakeAsServer;
- ss->enableSSL2 = ssl_defaults.enableSSL2;
- ss->enableSSL3 = ssl_defaults.enableSSL3;
- ss->enableTLS = ssl_defaults.enableTLS ;
- ss->fdx = ssl_defaults.fdx;
- ss->v2CompatibleHello = ssl_defaults.v2CompatibleHello;
- ss->detectRollBack = ssl_defaults.detectRollBack;
- ss->peer = 0;
- ss->port = 0;
- ss->noCache = ssl_defaults.noCache;
- ss->peerID = NULL;
- ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
- ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
- ss->cTimeout = PR_INTERVAL_NO_TIMEOUT;
- ss->cipherSpecs = NULL;
- ss->sizeCipherSpecs = 0; /* produced lazily */
- ss->preferredCipher = NULL;
- ss->url = NULL;
-
- for (i=kt_null; i < kt_kea_size; i++) {
- ss->serverCert[i] = NULL;
- ss->serverCertChain[i] = NULL;
- ss->serverKey[i] = NULL;
- }
- ss->stepDownKeyPair = NULL;
- ss->dbHandle = CERT_GetDefaultCertDB();
-
- /* Provide default implementation of hooks */
- ss->authCertificate = SSL_AuthCertificate;
- ss->authCertificateArg = (void *)ss->dbHandle;
- ss->getClientAuthData = NULL;
- ss->handleBadCert = NULL;
- ss->badCertArg = NULL;
- ss->pkcs11PinArg = NULL;
-
- ssl_ChooseOps(ss);
- ssl2_InitSocketPolicy(ss);
- ssl3_InitSocketPolicy(ss);
-
- ss->firstHandshakeLock = PR_NewMonitor();
- ss->ssl3HandshakeLock = PR_NewMonitor();
- ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
- ss->recvBufLock = PR_NewMonitor();
- ss->xmitBufLock = PR_NewMonitor();
- if (ssl_lock_readers) {
- ss->recvLock = PR_NewLock();
- ss->sendLock = PR_NewLock();
- }
- }
- return ss;
-}
-
diff --git a/security/nss/lib/ssl/sslsocks.c b/security/nss/lib/ssl/sslsocks.c
deleted file mode 100644
index 787d448d6..000000000
--- a/security/nss/lib/ssl/sslsocks.c
+++ /dev/null
@@ -1,1147 +0,0 @@
-/*
- * Implementation of Socks protocol.
- * None of this code is supported any longer.
- * NSS officially does NOT support Socks.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-#include "prtypes.h"
-#include "prnetdb.h"
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "prsystem.h"
-#include <stdio.h>
-#include "nspr.h"
-
-#ifdef XP_UNIX
-#include "prprf.h"
-#endif
-
-#ifdef XP_UNIX
-#define SOCKS_FILE "/etc/socks.conf"
-#endif
-#ifdef XP_MAC
-#define SOCKS_FILE NULL
-#endif
-#ifdef XP_WIN
-#define SOCKS_FILE NULL
-#endif
-#ifdef XP_OS2
-#define SOCKS_FILE NULL
-#endif
-
-#define SOCKS_VERSION 4
-
-#define DEF_SOCKD_PORT 1080
-
-#define SOCKS_CONNECT 1
-#define SOCKS_BIND 2
-
-#define SOCKS_RESULT 90
-#define SOCKS_FAIL 91
-#define SOCKS_NO_IDENTD 92 /* Failed to connect to Identd on client machine */
-#define SOCKS_BAD_ID 93 /* Client's Identd reported a different user-id */
-
-#define MAKE_IN_ADDR(a,b,c,d) \
- PR_htonl(((PRUint32)(a) << 24) | ((PRUint32)(b) << 16) | ((c) << 8) | (d))
-
-struct sslSocksInfoStr {
- PRUint32 sockdHost;
- PRUint16 sockdPort;
-
- char direct;
- char didBind;
-
- PRNetAddr bindAddr;
-
- /* Data returned by sockd. */
- PRUint32 destHost;
- PRUint16 destPort;
-};
-
-typedef enum {
- OP_LESS = 1,
- OP_EQUAL = 2,
- OP_LEQUAL = 3,
- OP_GREATER = 4,
- OP_NOTEQUAL = 5,
- OP_GEQUAL = 6,
- OP_ALWAYS = 7
-} SocksOp;
-
-typedef struct SocksConfItemStr SocksConfItem;
-
-struct SocksConfItemStr {
- SocksConfItem *next;
- PRUint32 daddr; /* host IP addr, in network byte order. */
- PRUint32 dmask; /* mask for IP, in network byte order. */
- PRUint16 port; /* port number, in host byte order. */
- SocksOp op;
- char direct;
-};
-
-static PRUint32 ourHost; /* network byte order. */
-static SocksConfItem *ssl_socks_confs;
-
-SECStatus
-ssl_CreateSocksInfo(sslSocket *ss)
-{
- sslSocksInfo *si;
-
- if (ss->socks) {
- /* Already been done */
- return SECSuccess;
- }
-
- si = (sslSocksInfo*) PORT_ZAlloc(sizeof(sslSocksInfo));
- if (si) {
- ss->socks = si;
- if (!ss->gather) {
- ss->gather = ssl_NewGather();
- if (!ss->gather) {
- return SECFailure;
- }
- }
- return SECSuccess;
- }
- return SECFailure;
-}
-
-SECStatus
-ssl_CopySocksInfo(sslSocket *ss, sslSocket *os)
-{
- SECStatus rv;
-
-#ifdef __cplusplus
- os = os;
-#endif
- rv = ssl_CreateSocksInfo(ss);
- return rv;
-}
-
-void
-ssl_DestroySocksInfo(sslSocksInfo *si)
-{
- if (si) {
- PORT_Memset(si, 0x2f, sizeof *si);
- PORT_Free(si);
- }
-}
-
-/* Sets the global variable ourHost to the IP address returned from
- * calling GetHostByName on our system's name.
- * Called from SSL_ReadSocksConfFile().
- */
-static SECStatus
-GetOurHost(void)
-{
- PRStatus rv;
- PRHostEnt hpbuf;
- char name[100];
- char dbbuf[PR_NETDB_BUF_SIZE];
-
- PR_GetSystemInfo(PR_SI_HOSTNAME, name, sizeof name);
-
- rv = PR_GetHostByName(name, dbbuf, sizeof dbbuf, &hpbuf);
- if (rv != PR_SUCCESS)
- return SECFailure;
-
-#undef h_addr
-#define h_addr h_addr_list[0] /* address, in network byte order. */
-
- PORT_Memcpy(&ourHost, hpbuf.h_addr, hpbuf.h_length);
- return SECSuccess;
-}
-
-/*
-** Setup default SocksConfItem list so that loopback is direct, things to the
-** same subnet (?) address are direct, everything else uses sockd
-*/
-static void
-BuildDefaultConfList(void)
-{
- SocksConfItem *ci;
- SocksConfItem **lp;
-
- /* Put loopback onto direct list */
- lp = &ssl_socks_confs;
- ci = (SocksConfItem*) PORT_ZAlloc(sizeof(SocksConfItem));
- if (!ci) {
- return;
- }
- ci->direct = 1;
- ci->daddr = MAKE_IN_ADDR(127,0,0,1);
- ci->dmask = MAKE_IN_ADDR(255,255,255,255);
- ci->op = OP_ALWAYS;
- *lp = ci;
- lp = &ci->next;
-
- /* Put our hosts's subnet onto direct list */
- ci = (SocksConfItem*) PORT_ZAlloc(sizeof(SocksConfItem));
- if (!ci) {
- return;
- }
- ci->direct = 1;
- ci->daddr = ourHost;
- ci->dmask = MAKE_IN_ADDR(255,255,255,0);
- ci->op = OP_ALWAYS;
- *lp = ci;
- lp = &ci->next;
-
- /* Everything else goes to sockd */
- ci = (SocksConfItem*) PORT_ZAlloc(sizeof(SocksConfItem));
- if (!ci) {
- return;
- }
- ci->daddr = MAKE_IN_ADDR(255,255,255,255);
- ci->op = OP_ALWAYS;
- *lp = ci;
-}
-
-static int
-FragmentLine(char *cp, char **argv, int maxargc)
-{
- int argc = 0;
- char *save;
- char ch;
-
- save = cp;
- for (; (ch = *cp) != 0; cp++) {
- if ((ch == '#') || (ch == '\n')) {
- /* Done */
- break;
- }
- if (ch == ':') {
- break;
- }
- if ((ch == ' ') || (ch == '\t')) {
- /* Seperator. see if it seperated anything */
- if (cp - save > 0) {
- /* Put a null at the end of the word */
- *cp = 0;
- argc++;
- *argv++ = save;
- SSL_TRC(20, ("%d: SSL: argc=%d word=\"%s\"",
- SSL_GETPID(), argc, save));
- if (argc == maxargc) {
- return argc;
- }
- }
- save = cp + 1;
- }
- }
- if (cp - save > 0) {
- *cp = 0;
- argc++;
- *argv = save;
- SSL_TRC(20, ("%d: SSL: argc=%d word=\"%s\"",
- SSL_GETPID(), argc, save));
- }
- return argc;
-}
-
-/* XXX inet_addr? */
-static char *
-ConvertOne(char *cp, unsigned char *rvp)
-{
- char *s = PORT_Strchr(cp, '.');
- if (s) {
- *s = 0;
- }
- *rvp = PORT_Atoi(cp) & 0xff;
- return s ? s+1 : cp;
-}
-
-/* returns host address in network byte order. */
-static PRUint32
-ConvertAddr(char *buf)
-{
- unsigned char b0, b1, b2, b3;
- PRUint32 addr;
-
- buf = ConvertOne(buf, &b0);
- buf = ConvertOne(buf, &b1);
- buf = ConvertOne(buf, &b2);
- buf = ConvertOne(buf, &b3);
- addr = ((PRUint32)b0 << 24) |
- ((PRUint32)b1 << 16) |
- ((PRUint32)b2 << 8) |
- (PRUint32)b3; /* host byte order. */
-
- return PR_htonl(addr); /* network byte order. */
-}
-
-static char *
-ReadLine(char *buf, int len, PRFileDesc *fd)
-{
- char c, *p = buf;
- PRInt32 n;
-
- while(len > 0) {
- n = PR_Read(fd, &c, 1);
- if (n < 0)
- return NULL;
- if (n == 0) {
- if (p == buf) {
- return NULL;
- }
- *p = '\0';
- return buf;
- }
- if (c == '\n') {
- *p = '\0';
- return buf;
- }
- *p++ = c;
- len--;
- }
- *p = '\0';
- return buf;
-}
-
-int
-SSL_ReadSocksConfFile(PRFileDesc *fp)
-{
- SocksConfItem * ci;
- SocksConfItem **lp;
- char * file = "socks file"; /* XXX Move to nav */
- SocksOp op;
- int direct;
- int port = 0;
- int lineNumber = 0;
- int rv = GetOurHost();
-
- if (rv < 0) {
- /* If we can't figure out our host id, use socks. Loser! */
- return SECFailure;
- }
-
-#if 0 /* XXX Move to nav */
- fp = XP_FileOpen(file, xpSocksConfig, XP_FILE_READ);
-#endif
- if (!fp) {
- BuildDefaultConfList();
- return SECSuccess;
- }
-
- /* Parse config file and generate config item list */
- lp = &ssl_socks_confs;
- for (;;) {
- char * s;
- char * argv[10];
- int argc;
- PRUint32 daddr;
- PRUint32 dmask;
- char buf[1000];
-
- s = ReadLine(buf, sizeof buf, fp);
- if (!s) {
- break;
- }
- lineNumber++;
- argc = FragmentLine(buf, argv, 10);
- if (argc < 3) {
- if (argc == 0) {
- /* must be a comment/empty line */
- continue;
- }
-#ifdef XP_UNIX
- PR_fprintf(PR_STDERR, "%s:%d: bad config line\n",
- file, lineNumber);
-#endif
- continue;
- }
- if (PORT_Strcmp(argv[0], "direct") == 0) {
- direct = 1;
- } else if (PORT_Strcmp(argv[0], "sockd") == 0) {
- direct = 0;
- } else {
-#ifdef XP_UNIX
- PR_fprintf(PR_STDERR, "%s:%d: bad command: \"%s\"\n",
- file, lineNumber, argv[0]);
-#endif
- continue;
- }
-
- /* Look for port spec */
- op = OP_ALWAYS;
- if (argc > 4) {
- if (PORT_Strcmp(argv[3], "lt") == 0) {
- op = OP_LESS;
- } else if (PORT_Strcmp(argv[3], "eq") == 0) {
- op = OP_EQUAL;
- } else if (PORT_Strcmp(argv[3], "le") == 0) {
- op = OP_LEQUAL;
- } else if (PORT_Strcmp(argv[3], "gt") == 0) {
- op = OP_GREATER;
- } else if (PORT_Strcmp(argv[3], "neq") == 0) {
- op = OP_NOTEQUAL;
- } else if (PORT_Strcmp(argv[3], "ge") == 0) {
- op = OP_GEQUAL;
- } else {
-#ifdef XP_UNIX
- PR_fprintf(PR_STDERR, "%s:%d: bad comparison op: \"%s\"\n",
- file, lineNumber, argv[3]);
-#endif
- continue;
- }
- port = PORT_Atoi(argv[4]);
- }
-
- ci = (SocksConfItem*) PORT_ZAlloc(sizeof(SocksConfItem));
- if (!ci) {
- break;
- }
- daddr = ConvertAddr(argv[1]); /* net byte order. */
- dmask = ConvertAddr(argv[2]); /* net byte order. */
- ci->daddr = daddr; /* net byte order. */
- ci->dmask = dmask; /* net byte order. */
- ci->direct = direct;
- ci->op = op;
- ci->port = port; /* host byte order. */
- daddr = PR_ntohl(daddr); /* host byte order. */
- dmask = PR_ntohl(dmask); /* host byte order. */
- SSL_TRC(10, (
-"%d: SSL: line=%d direct=%d addr=%d.%d.%d.%d mask=%d.%d.%d.%d op=%d port=%d",
- SSL_GETPID(), lineNumber, ci->direct,
- (daddr >> 24) & 0xff,
- (daddr >> 16) & 0xff,
- (daddr >> 8) & 0xff,
- (daddr >> 0) & 0xff,
- (dmask >> 24) & 0xff,
- (dmask >> 16) & 0xff,
- (dmask >> 8) & 0xff,
- (dmask >> 0) & 0xff,
- ci->op, ci->port));
- *lp = ci;
- lp = &ci->next;
- }
-
-
- if (!ssl_socks_confs) {
- /* Empty file. Fix it for the user */
- BuildDefaultConfList();
- }
- return SECSuccess;
-}
-
-static int
-ChooseAddress(sslSocket *ss, const PRNetAddr *direct)
-{
- PRUint32 dstAddr;
- PRUint16 dstPort;
- SocksConfItem *ci;
- int rv;
-
- if (!ssl_socks_confs) {
- rv = SSL_ReadSocksConfFile(NULL);
- if (rv) {
- return rv;
- }
- }
-
- /*
- ** Scan socks config info and look for a direct match or a force to
- ** use the sockd. Bail on first hit.
- */
- dstAddr = direct->inet.ip;
- dstPort = PR_ntohs(direct->inet.port);
- ci = ssl_socks_confs;
- while (ci) {
- SSL_TRC(10, (
- "%d: SSL[%d]: match, direct=%d daddr=0x%x mask=0x%x op=%d port=%d",
- SSL_GETPID(), ss->fd, ci->direct, PR_ntohl(ci->daddr),
- PR_ntohl(ci->dmask), ci->op, ci->port));
- if ((ci->daddr & ci->dmask) == (dstAddr & ci->dmask)) {
- int portMatch = 0;
- switch (ci->op) {
- case OP_LESS: portMatch = dstPort < ci->port; break;
- case OP_EQUAL: portMatch = dstPort == ci->port; break;
- case OP_LEQUAL: portMatch = dstPort <= ci->port; break;
- case OP_GREATER: portMatch = dstPort > ci->port; break;
- case OP_NOTEQUAL: portMatch = dstPort != ci->port; break;
- case OP_GEQUAL: portMatch = dstPort >= ci->port; break;
- case OP_ALWAYS: portMatch = 1; break;
- }
- if (portMatch) {
- SSL_TRC(10, ("%d: SSL[%d]: socks config match",
- SSL_GETPID(), ss->fd));
- return ci->direct;
- }
- }
- ci = ci->next;
- }
- SSL_TRC(10, ("%d: SSL[%d]: socks config: no match",
- SSL_GETPID(), ss->fd));
- return 0;
-}
-
-/*
-** Find port # and host # of socks daemon. Use info in ss->socks struct
-** when valid. If not valid, try to figure it all out.
-*/
-static int
-FindDaemon(sslSocket *ss, PRNetAddr *out)
-{
- sslSocksInfo *si;
- PRUint32 host; /* network byte order. */
- PRUint16 port; /* host byte order. */
-
- PORT_Assert(ss->socks != 0);
- si = ss->socks;
-
- /* For now, assume we are using the socks daemon */
- host = si->sockdHost;
- port = si->sockdPort;
-#ifdef XP_UNIX
- if (!port) {
- static char firstTime = 1;
- static PRUint16 sockdPort;
-
- if (firstTime) {
- struct servent *sp;
-
- firstTime = 0;
- sp = getservbyname("socks", "tcp");
- if (sp) {
- sockdPort = sp->s_port;
- } else {
- SSL_TRC(10, ("%d: SSL[%d]: getservbyname of (socks,tcp) fails",
- SSL_GETPID(), ss->fd));
- }
- }
- port = sockdPort;
- }
-#endif
- if (!port) {
- port = DEF_SOCKD_PORT;
- }
- if (host == 0) {
- SSL_TRC(10, ("%d: SSL[%d]: no socks server found",
- SSL_GETPID(), ss->fd));
- PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
- return SECFailure;
- }
-
- /* We know the ip addr of the socks server */
- out->inet.family = PR_AF_INET;
- out->inet.port = PR_htons(port);
- out->inet.ip = host;
- host = PR_ntohl(host); /* now host byte order. */
- SSL_TRC(10, ("%d: SSL[%d]: socks server at %d.%d.%d.%d:%d",
- SSL_GETPID(), ss->fd,
- (host >> 24) & 0xff,
- (host >> 16) & 0xff,
- (host >> 8) & 0xff,
- (host >> 0) & 0xff,
- port));
- return SECSuccess;
-}
-
-/*
-** Send our desired address and our user name to the socks daemon.
-** cmd is either SOCKS_CONNECT (client) or SOCKS_BIND (server).
-*/
-static int
-SayHello(sslSocket *ss, int cmd, const PRNetAddr *sa, char *user)
-{
- int rv, len;
- unsigned char msg[8];
- PRUint16 port;
- PRUint32 host;
-
- /* Send dst message to sockd */
- port = sa->inet.port;
- host = sa->inet.ip;
- msg[0] = SOCKS_VERSION;
- msg[1] = cmd;
- PORT_Memcpy(msg+2, &port, 2);
- PORT_Memcpy(msg+4, &host, 4);
- SSL_TRC(10, ("%d: SSL[%d]: socks real dest=%d.%d.%d.%d:%d",
- SSL_GETPID(), ss->fd, msg[4], msg[5], msg[6], msg[7],
- port));
-
- rv = ssl_DefSend(ss, msg, sizeof(msg), 0);
- if (rv < 0) {
- goto io_error;
- }
- /* XXX Deal with short write !! */
-
- /* Send src-user message to sockd */
- len = strlen(user)+1;
- rv = ssl_DefSend(ss, (unsigned char *)user, len, 0);
- if (rv < 0) {
- goto io_error;
- }
- /* XXX Deal with short write !! */
-
- return SECSuccess;
-
- io_error:
- SSL_TRC(10, ("%d: SSL[%d]: socks, io error saying hello to sockd errno=%d",
- SSL_GETPID(), ss->fd, PORT_GetError()));
- return SECFailure;
-}
-
-/* Handle the reply from the socks proxy/daemon.
-** Called from ssl_Do1stHandshake().
-*/
-static SECStatus
-SocksHandleReply(sslSocket *ss)
-{
- unsigned char *msg;
- unsigned char cmd;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
-
- ssl_GetRecvBufLock(ss);
- PORT_Assert(ss->gather != 0);
-
- msg = ss->gather->buf.buf;
- cmd = msg[1];
- SSL_TRC(10, ("%d: SSL[%d]: socks result: cmd=%d",
- SSL_GETPID(), ss->fd, cmd));
-
- /* This is Bogus. The socks spec says these fields are undefined in
- * the reply from the socks daemon/proxy. No point in saving garbage.
- */
- PORT_Memcpy(&ss->socks->destPort, msg+2, 2);
- PORT_Memcpy(&ss->socks->destHost, msg+4, 4);
-
- ss->gather->recordLen = 0;
- ssl_ReleaseRecvBufLock(ss);
-
- /* Check status back from sockd */
- switch (cmd) {
- case SOCKS_FAIL:
- case SOCKS_NO_IDENTD:
- case SOCKS_BAD_ID:
- SSL_DBG(("%d: SSL[%d]: sockd returns an error: %d",
- SSL_GETPID(), ss->fd, cmd));
- PORT_SetError(PR_CONNECT_REFUSED_ERROR);
- return SECFailure;
-
- default:
- break;
- }
-
- /* All done */
- SSL_TRC(1, ("%d: SSL[%d]: using sockd at %d.%d.%d.%d",
- SSL_GETPID(), ss->fd,
- (PR_ntohl(ss->socks->sockdHost) >> 24) & 0xff,
- (PR_ntohl(ss->socks->sockdHost) >> 16) & 0xff,
- (PR_ntohl(ss->socks->sockdHost) >> 8) & 0xff,
- (PR_ntohl(ss->socks->sockdHost) >> 0) & 0xff));
- ss->handshake = 0;
- ss->nextHandshake = 0;
- return SECSuccess;
-}
-
-static SECStatus
-SocksGatherRecord(sslSocket *ss)
-{
- int rv;
-
- PORT_Assert( ssl_Have1stHandshakeLock(ss) );
- ssl_GetRecvBufLock(ss);
- rv = ssl2_GatherRecord(ss, 0);
- ssl_ReleaseRecvBufLock(ss);
- if (rv <= 0) {
- if (rv == 0)
- /* Unexpected EOF */
- PORT_SetError(PR_END_OF_FILE_ERROR);
- return SECFailure;
- }
- ss->handshake = 0;
- return SECSuccess;
-}
-
-static SECStatus
-SocksStartGather(sslSocket *ss)
-{
- int rv;
-
- ss->handshake = SocksGatherRecord;
- ss->nextHandshake = SocksHandleReply;
- rv = ssl2_StartGatherBytes(ss, ss->gather, 8);
- if (rv <= 0) {
- if (rv == 0) {
- /* Unexpected EOF */
- PORT_SetError(PR_END_OF_FILE_ERROR);
- return SECFailure;
- }
- return (SECStatus)rv;
- }
- ss->handshake = 0;
- return SECSuccess;
-}
-
-/************************************************************************/
-
-
-/* BSDI ain't got no cuserid() */
-#ifdef __386BSD__
-#include <pwd.h>
-char *
-bsdi_cuserid(char *b)
-{
- struct passwd *pw = getpwuid(getuid());
-
- if (!b)
- return pw ? pw->pw_name : NULL;
-
- if (!pw || !pw->pw_name)
- b[0] = '\0';
- else
- strcpy(b, pw->pw_name);
- return b;
-}
-#endif
-
-
-/* sa identifies the server to which we want to connect.
- * First determine whether or not to use socks.
- * If not, connect directly to server.
- * If so, connect to socks proxy, and send SOCKS_CONNECT cmd, but
- * Does NOT wait for reply from socks proxy.
- */
-int
-ssl_SocksConnect(sslSocket *ss, const PRNetAddr *sa)
-{
- int rv, err, direct;
- PRNetAddr daemon;
- const PRNetAddr *sip;
- char *user;
- PRFileDesc *osfd = ss->fd->lower;
-
- /* Figure out where to connect to */
- rv = FindDaemon(ss, &daemon);
- if (rv) {
- return SECFailure;
- }
- direct = ChooseAddress(ss, sa);
- if (direct) {
- sip = sa;
- ss->socks->direct = 1;
- } else {
- sip = &daemon;
- ss->socks->direct = 0;
- }
- SSL_TRC(10, ("%d: SSL[%d]: socks %s connect to %d.%d.%d.%d:%d",
- SSL_GETPID(), ss->fd,
- direct ? "direct" : "sockd",
- (PR_ntohl(sip->inet.ip) >> 24) & 0xff,
- (PR_ntohl(sip->inet.ip) >> 16) & 0xff,
- (PR_ntohl(sip->inet.ip) >> 8) & 0xff,
- PR_ntohl(sip->inet.ip) & 0xff,
- PR_ntohs(sip->inet.port)));
-
- /* Attempt first connection */
- rv = osfd->methods->connect(osfd, sip, ss->cTimeout);
- err = PORT_GetError();
-#ifdef _WIN32
- PR_Sleep(PR_INTERVAL_NO_WAIT); /* workaround NT winsock connect bug. */
-#endif
- if (rv < 0) {
- if (err != PR_IS_CONNECTED_ERROR) {
- return rv;
- }
- /* Async connect finished */
- }
-
- /* If talking to sockd, do handshake */
- if (!direct) {
- /* Find user */
-#ifdef XP_UNIX
-#ifdef __386BSD__
- user = bsdi_cuserid(NULL);
-#else
- user = cuserid(NULL);
-#endif
- if (!user) {
- PORT_SetError(PR_UNKNOWN_ERROR);
- SSL_DBG(("%d: SSL[%d]: cuserid fails, errno=%d",
- SSL_GETPID(), ss->fd, PORT_GetError()));
- return SECFailure;
- }
-#else
- user = "SSL";
-#endif
-
- /* Send our message to it */
- rv = SayHello(ss, SOCKS_CONNECT, sa, user);
- if (rv) {
- return rv;
- }
-
- ss->handshake = SocksStartGather;
- ss->nextHandshake = 0;
-
- /* save up who we're really talking to so we can index the cache */
- ss->peer = sa->inet.ip;
- ss->port = sa->inet.port;
- }
- return 0;
-}
-
-/* Called from ssl_SocksBind(), SSL_BindForSockd(), and ssl_SocksAccept().
- * NOT called from ssl_SocksConnect().
- */
-static int
-SocksWaitForResponse(sslSocket *ss)
-{
- int rv;
-
- ss->handshake = SocksStartGather;
- ss->nextHandshake = 0;
-
- /* Get response. Do it now, spinning if necessary (!) */
- for (;;) {
- ssl_Get1stHandshakeLock(ss);
- rv = ssl_Do1stHandshake(ss);
- ssl_Release1stHandshakeLock(ss);
- if (rv == SECWouldBlock ||
- (rv == SECFailure && PORT_GetError() == PR_WOULD_BLOCK_ERROR)) {
-#ifdef XP_UNIX
- /*
- ** Spinning is really evil under unix. Call select and
- ** continue when a read select returns true. We only get
- ** here if the socket was marked async before the bind
- ** call.
- */
- PRPollDesc spin;
- spin.fd = ss->fd->lower;
- spin.in_flags = PR_POLL_READ;
- rv = PR_Poll(&spin, 1, PR_INTERVAL_NO_TIMEOUT);
- if (rv < 0) {
- return rv;
- }
-#else
- PRIntervalTime ticks = PR_MillisecondsToInterval(1);
- PR_Sleep(ticks);
-#endif
- continue;
- }
- break;
- }
- return rv;
-}
-
-/* sa identifies the server address we want to bind to.
- * First, determine if we need to register with a socks proxy.
- * If socks, then Connect to Socks proxy daemon, send SOCKS_BIND message,
- * wait for response from socks proxy.
- */
-int
-ssl_SocksBind(sslSocket *ss, const PRNetAddr *sa)
-{
- sslSocksInfo * si;
- PRFileDesc * osfd = ss->fd->lower;
- char * user;
- int rv;
- int direct;
- PRNetAddr daemon;
-
- PORT_Assert(ss->socks != 0);
- si = ss->socks;
-
- /* Figure out where to connect to */
- rv = FindDaemon(ss, &daemon);
- if (rv) {
- return SECFailure;
- }
- direct = ChooseAddress(ss, sa);
- if (direct) {
- ss->socks->direct = 1;
- rv = osfd->methods->bind(osfd, sa);
- PORT_Memcpy(&ss->socks->bindAddr, sa, sizeof(PRNetAddr));
- } else {
- ss->socks->direct = 0;
- SSL_TRC(10, ("%d: SSL[%d]: socks sockd bind to %d.%d.%d.%d:%d",
- SSL_GETPID(), ss->fd,
- (PR_ntohl(daemon.inet.ip) >> 24) & 0xff,
- (PR_ntohl(daemon.inet.ip) >> 16) & 0xff,
- (PR_ntohl(daemon.inet.ip) >> 8) & 0xff,
- PR_ntohl(daemon.inet.ip) & 0xff,
- PR_ntohs(daemon.inet.port)));
-
- /* First connect to socks daemon. ASYNC connects must be disabled! */
- rv = osfd->methods->connect(osfd, &daemon, ss->cTimeout);
- if (rv < 0) {
- return rv;
- }
-
- /* Find user */
-#ifdef XP_UNIX
-#ifdef __386BSD__
- user = bsdi_cuserid(NULL);
-#else
- user = cuserid(NULL);
-#endif
- if (!user) {
- SSL_DBG(("%d: SSL[%d]: cuserid fails, errno=%d",
- SSL_GETPID(), ss->fd, PORT_GetError()));
- PORT_SetError(PR_UNKNOWN_ERROR);
- return SECFailure;
- }
-#else
- user = "SSL";
-#endif
- /* Send message to sockd */
- rv = SayHello(ss, SOCKS_BIND, sa, user);
- if (rv) {
- return rv;
- }
-
- /* SocksGatherRecord up bind response from sockd */
- rv = SocksWaitForResponse(ss);
- if (rv == 0) {
- /* Done */
- si->bindAddr.inet.family = PR_AF_INET;
- si->bindAddr.inet.port = si->destPort;
- if (PR_ntohl(si->destHost) == PR_INADDR_ANY) {
- si->bindAddr.inet.ip = daemon.inet.ip;
- } else {
- si->bindAddr.inet.ip = si->destHost;
- }
- }
- }
- si->didBind = 1;
- return rv;
-}
-
-
-PRFileDesc *
-ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr)
-{
- PORT_Assert(0);
-#if 0 /* XXX This doesn't work. */
- sslSocket *ns;
- sslSocksInfo *si;
- PRFileDesc *fd, *osfd = ss->fd->lower;
- int rv;
-
- PORT_Assert(ss->socks != 0);
- si = ss->socks;
-
- if (!si->didBind || si->direct) {
- /*
- ** If we didn't do the bind yet this call will generate an error
- ** from the OS. If we did do the bind then we must be direct and
- ** let the OS do the accept.
- */
- fd = osfd->methods->accept(osfd, addr, ss->cTimeout);
- return NULL;
- }
-
- /* Get next accept response from server */
- rv = SocksWaitForResponse(ss);
- if (rv) {
- return NULL;
- }
-
- /* Handshake finished. Give dest address back to caller */
- addr->inet.family = PR_AF_INET;
- addr->inet.port = si->destPort;
- addr->inet.ip = si->destHost;
-
- /* Dup the descriptor and return it */
- fd = osfd->methods->dup(osfd);
- if (fd == NULL) {
- return NULL;
- }
-
- /* Dup the socket structure */
- ns = ssl_DupSocket(ss, fd);
- if (ns == NULL) {
- PR_Close(fd);
- return NULL;
- }
-
- return fd;
-#else
- return NULL;
-#endif /* 0 */
-}
-
-int
-ssl_SocksListen(sslSocket *ss, int backlog)
-{
- PRFileDesc *osfd = ss->fd->lower;
- int rv;
-
- PORT_Assert(ss->socks != 0);
-
- if (ss->socks->direct) {
- rv = osfd->methods->listen(osfd, backlog);
- return rv;
- }
- return 0;
-}
-
-int
-ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name)
-{
- PRFileDesc *osfd = ss->fd->lower;
- int rv;
-
- PORT_Assert(ss->socks != 0);
- if (!ss->socks->didBind || ss->socks->direct) {
- rv = osfd->methods->getsockname(osfd, name);
- return rv;
- }
-
- PORT_Memcpy(name, &ss->socks->bindAddr, sizeof(PRNetAddr));
- return 0;
-}
-
-int
-ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
-{
- int rv;
-
- PORT_Assert(ss->socks != 0);
-
- if (ss->handshake) {
- ssl_Get1stHandshakeLock(ss);
- rv = ssl_Do1stHandshake(ss);
- ssl_Release1stHandshakeLock(ss);
- if (rv < 0) {
- return rv;
- }
- rv = ssl_SendSavedWriteData(ss, &ss->saveBuf, ssl_DefSend);
- if (rv < 0) {
- return SECFailure;
- }
- /* XXX Deal with short write !! */
- }
-
- rv = ssl_DefRecv(ss, buf, len, flags);
- SSL_TRC(2, ("%d: SSL[%d]: recving %d bytes from sockd",
- SSL_GETPID(), ss->fd, rv));
- return rv;
-}
-
-int
-ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len)
-{
- return ssl_SocksRecv(ss, buf, len, 0);
-}
-
-int
-ssl_SocksSend(sslSocket *ss, const unsigned char *buf, int len, int flags)
-{
- int rv;
-
- PORT_Assert(ss->socks != 0);
-
- if (len == 0)
- return 0;
- if (ss->handshake) {
- ssl_Get1stHandshakeLock(ss);
- rv = ssl_Do1stHandshake(ss);
- ssl_Release1stHandshakeLock(ss);
- if (rv < 0) {
- if (rv == SECWouldBlock) {
- return len; /* ????? XXX */
- }
- return rv;
- }
- rv = ssl_SendSavedWriteData(ss, &ss->saveBuf, ssl_DefSend);
- if (rv < 0) {
- return SECFailure;
- }
- /* XXX Deal with short write !! */
- }
-
- SSL_TRC(2, ("%d: SSL[%d]: sending %d bytes using socks",
- SSL_GETPID(), ss->fd, len));
-
- /* Send out the data */
- rv = ssl_DefSend(ss, buf, len, flags);
- /* XXX Deal with short write !! */
- return rv;
-}
-
-int
-ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len)
-{
- return ssl_SocksSend(ss, buf, len, 0);
-}
-
-/* returns > 0 if direct
- * returns == 0 if socks
- * returns < 0 if error.
- */
-int
-SSL_CheckDirectSock(PRFileDesc *s)
-{
- sslSocket *ss;
-
- ss = ssl_FindSocket(s);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in CheckDirectSock", SSL_GETPID(), s));
- return SECFailure;
- }
-
- if (ss->socks != NULL) {
- return ss->socks->direct;
- }
- return SECFailure;
-}
-
-
-SECStatus
-SSL_ConfigSockd(PRFileDesc *s, PRUint32 host, PRUint16 port)
-{
- sslSocket *ss;
- SECStatus rv;
-
- ss = ssl_FindSocket(s);
- if (!ss) {
- SSL_DBG(("%d: SSL[%d]: bad socket in ConfigSocks", SSL_GETPID(), s));
- return SECFailure;
- }
-
- /* Create socks info if not already done */
- rv = ssl_CreateSocksInfo(ss);
- if (rv) {
- return rv;
- }
- ss->socks->sockdHost = host;
- ss->socks->sockdPort = port;
- return SECSuccess;
-}
-
diff --git a/security/nss/lib/ssl/ssltrace.c b/security/nss/lib/ssl/ssltrace.c
deleted file mode 100644
index 15f064813..000000000
--- a/security/nss/lib/ssl/ssltrace.c
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
- * Functions to trace SSL protocol behavior in DEBUG builds.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-#include <stdarg.h>
-#include "cert.h"
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-#include "prprf.h"
-
-#if defined(DEBUG) || defined(TRACE)
-static const char *hex = "0123456789abcdef";
-
-static const char printable[257] = {
- "................" /* 0x */
- "................" /* 1x */
- " !\"#$%&'()*+,-./" /* 2x */
- "0123456789:;<=>?" /* 3x */
- "@ABCDEFGHIJKLMNO" /* 4x */
- "PQRSTUVWXYZ[\\]^_" /* 5x */
- "`abcdefghijklmno" /* 6x */
- "pqrstuvwxyz{|}~." /* 7x */
- "................" /* 8x */
- "................" /* 9x */
- "................" /* ax */
- "................" /* bx */
- "................" /* cx */
- "................" /* dx */
- "................" /* ex */
- "................" /* fx */
-};
-
-void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len)
-{
- const unsigned char *cp = (const unsigned char *)vp;
- char buf[80];
- char *bp;
- char *ap;
-
- if (ss) {
- SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd,
- msg, len));
- } else {
- SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len));
- }
- memset(buf, ' ', sizeof buf);
- bp = buf;
- ap = buf + 50;
- while (--len >= 0) {
- unsigned char ch = *cp++;
- *bp++ = hex[(ch >> 4) & 0xf];
- *bp++ = hex[ch & 0xf];
- *bp++ = ' ';
- *ap++ = printable[ch];
- if (ap - buf >= 66) {
- *ap = 0;
- SSL_TRACE((" %s", buf));
- memset(buf, ' ', sizeof buf);
- bp = buf;
- ap = buf + 50;
- }
- }
- if (bp > buf) {
- *ap = 0;
- SSL_TRACE((" %s", buf));
- }
-}
-
-#define LEN(cp) (((cp)[0] << 8) | ((cp)[1]))
-
-static void PrintType(sslSocket *ss, char *msg)
-{
- if (ss) {
- SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd,
- msg));
- } else {
- SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg));
- }
-}
-
-static void PrintInt(sslSocket *ss, char *msg, unsigned v)
-{
- if (ss) {
- SSL_TRACE(("%d: SSL[%d]: %s=%u", SSL_GETPID(), ss->fd,
- msg, v));
- } else {
- SSL_TRACE(("%d: SSL: %s=%u", SSL_GETPID(), msg, v));
- }
-}
-
-/* PrintBuf is just like ssl_PrintBuf above, except that:
- * a) It prefixes each line of the buffer with "XX: SSL[xxx] "
- * b) It dumps only hex, not ASCII.
- */
-static void PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
-{
- char buf[80];
- char *bp;
-
- if (ss) {
- SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]",
- SSL_GETPID(), ss->fd, msg, len));
- } else {
- SSL_TRACE(("%d: SSL: %s [Len: %d]",
- SSL_GETPID(), msg, len));
- }
- bp = buf;
- while (--len >= 0) {
- unsigned char ch = *cp++;
- *bp++ = hex[(ch >> 4) & 0xf];
- *bp++ = hex[ch & 0xf];
- *bp++ = ' ';
- if (bp + 4 > buf + 50) {
- *bp = 0;
- if (ss) {
- SSL_TRACE(("%d: SSL[%d]: %s",
- SSL_GETPID(), ss->fd, buf));
- } else {
- SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf));
- }
- bp = buf;
- }
- }
- if (bp > buf) {
- *bp = 0;
- if (ss) {
- SSL_TRACE(("%d: SSL[%d]: %s",
- SSL_GETPID(), ss->fd, buf));
- } else {
- SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf));
- }
- }
-}
-
-void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len)
-{
- switch (bp[0]) {
- case SSL_MT_ERROR:
- PrintType(ss, "Error");
- PrintInt(ss, "error", LEN(bp+1));
- break;
-
- case SSL_MT_CLIENT_HELLO:
- {
- unsigned lcs = LEN(bp+3);
- unsigned ls = LEN(bp+5);
- unsigned lc = LEN(bp+7);
-
- PrintType(ss, "Client-Hello");
-
- PrintInt(ss, "version (Major)", bp[1]);
- PrintInt(ss, "version (minor)", bp[2]);
-
- PrintBuf(ss, "cipher-specs", bp+9, lcs);
- PrintBuf(ss, "session-id", bp+9+lcs, ls);
- PrintBuf(ss, "challenge", bp+9+lcs+ls, lc);
- }
- break;
- case SSL_MT_CLIENT_MASTER_KEY:
- {
- unsigned lck = LEN(bp+4);
- unsigned lek = LEN(bp+6);
- unsigned lka = LEN(bp+8);
-
- PrintType(ss, "Client-Master-Key");
-
- PrintInt(ss, "cipher-choice", bp[1]);
- PrintInt(ss, "key-length", LEN(bp+2));
-
- PrintBuf(ss, "clear-key", bp+10, lck);
- PrintBuf(ss, "encrypted-key", bp+10+lck, lek);
- PrintBuf(ss, "key-arg", bp+10+lck+lek, lka);
- }
- break;
- case SSL_MT_CLIENT_FINISHED:
- PrintType(ss, "Client-Finished");
- PrintBuf(ss, "connection-id", bp+1, len-1);
- break;
- case SSL_MT_SERVER_HELLO:
- {
- unsigned lc = LEN(bp+5);
- unsigned lcs = LEN(bp+7);
- unsigned lci = LEN(bp+9);
-
- PrintType(ss, "Server-Hello");
-
- PrintInt(ss, "session-id-hit", bp[1]);
- PrintInt(ss, "certificate-type", bp[2]);
- PrintInt(ss, "version (Major)", bp[3]);
- PrintInt(ss, "version (minor)", bp[3]);
- PrintBuf(ss, "certificate", bp+11, lc);
- PrintBuf(ss, "cipher-specs", bp+11+lc, lcs);
- PrintBuf(ss, "connection-id", bp+11+lc+lcs, lci);
- }
- break;
- case SSL_MT_SERVER_VERIFY:
- PrintType(ss, "Server-Verify");
- PrintBuf(ss, "challenge", bp+1, len-1);
- break;
- case SSL_MT_SERVER_FINISHED:
- PrintType(ss, "Server-Finished");
- PrintBuf(ss, "session-id", bp+1, len-1);
- break;
- case SSL_MT_REQUEST_CERTIFICATE:
- PrintType(ss, "Request-Certificate");
- PrintInt(ss, "authentication-type", bp[1]);
- PrintBuf(ss, "certificate-challenge", bp+2, len-2);
- break;
- case SSL_MT_CLIENT_CERTIFICATE:
- {
- unsigned lc = LEN(bp+2);
- unsigned lr = LEN(bp+4);
- PrintType(ss, "Client-Certificate");
- PrintInt(ss, "certificate-type", bp[1]);
- PrintBuf(ss, "certificate", bp+6, lc);
- PrintBuf(ss, "response", bp+6+lc, lr);
- }
- break;
- default:
- ssl_PrintBuf(ss, "sending *unknown* message type", bp, len);
- return;
- }
-}
-
-void
-ssl_Trace(const char *format, ... )
-{
- char buf[2000];
-
- va_list args;
- va_start(args, format);
- PR_vsnprintf(buf, sizeof(buf), format, args);
- va_end(args);
- puts(buf);
-}
-#endif
diff --git a/security/nss/lib/ssl/unix_err.c b/security/nss/lib/ssl/unix_err.c
deleted file mode 100644
index f4c4b643b..000000000
--- a/security/nss/lib/ssl/unix_err.c
+++ /dev/null
@@ -1,536 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/*
- * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes. We would use
- * NSPR's functions, instead of duplicating them, but they're private.
- * As long as SSL's server session cache code must do platform native I/O
- * to accomplish its job, and NSPR's error mapping functions remain private,
- * this code will continue to need to be replicated.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#if 0
-#include "primpl.h"
-#else
-#define _PR_POLL_AVAILABLE 1
-#include "prerror.h"
-#endif
-
-#if defined(_PR_POLL_AVAILABLE)
-#include <poll.h>
-#endif
-#include <errno.h>
-
-/* forward declarations. */
-void nss_MD_unix_map_default_error(int err);
-
-void nss_MD_unix_map_opendir_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-void nss_MD_unix_map_closedir_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EINVAL: prError = PR_BAD_DESCRIPTOR_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_readdir_error(int err)
-{
- PRErrorCode prError;
-
- switch (err) {
- case ENOENT: prError = PR_NO_MORE_FILES_ERROR; break;
-#ifdef EOVERFLOW
- case EOVERFLOW: prError = PR_IO_ERROR; break;
-#endif
- case EINVAL: prError = PR_IO_ERROR; break;
- case ENXIO: prError = PR_IO_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_unlink_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EPERM: prError = PR_IS_DIRECTORY_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_stat_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case ETIMEDOUT: prError = PR_REMOTE_FILE_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_fstat_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case ETIMEDOUT: prError = PR_REMOTE_FILE_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_rename_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EEXIST: prError = PR_DIRECTORY_NOT_EMPTY_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_access_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case ETIMEDOUT: prError = PR_REMOTE_FILE_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_mkdir_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-void nss_MD_unix_map_rmdir_error(int err)
-{
- PRErrorCode prError;
-
- switch (err) {
- case EEXIST: prError = PR_DIRECTORY_NOT_EMPTY_ERROR; break;
- case EINVAL: prError = PR_DIRECTORY_NOT_EMPTY_ERROR; break;
- case ETIMEDOUT: prError = PR_REMOTE_FILE_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_read_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EINVAL: prError = PR_INVALID_METHOD_ERROR; break;
- case ENXIO: prError = PR_INVALID_ARGUMENT_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_write_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EINVAL: prError = PR_INVALID_METHOD_ERROR; break;
- case ENXIO: prError = PR_INVALID_METHOD_ERROR; break;
- case ETIMEDOUT: prError = PR_REMOTE_FILE_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_lseek_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-void nss_MD_unix_map_fsync_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case ETIMEDOUT: prError = PR_REMOTE_FILE_ERROR; break;
- case EINVAL: prError = PR_INVALID_METHOD_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_close_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case ETIMEDOUT: prError = PR_REMOTE_FILE_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_socket_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case ENOMEM: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_socketavailable_error(int err)
-{
- PR_SetError(PR_BAD_DESCRIPTOR_ERROR, err);
-}
-
-void nss_MD_unix_map_recv_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-void nss_MD_unix_map_recvfrom_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-void nss_MD_unix_map_send_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-void nss_MD_unix_map_sendto_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-void nss_MD_unix_map_writev_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-void nss_MD_unix_map_accept_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case ENODEV: prError = PR_NOT_TCP_SOCKET_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_connect_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EACCES: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
-#if defined(UNIXWARE) || defined(SNI) || defined(NEC)
- /*
- * On some platforms, if we connect to a port on the local host
- * (the loopback address) that no process is listening on, we get
- * EIO instead of ECONNREFUSED.
- */
- case EIO: prError = PR_CONNECT_REFUSED_ERROR; break;
-#endif
- case ELOOP: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
- case ENOENT: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
- case ENXIO: prError = PR_IO_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_bind_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EINVAL: prError = PR_SOCKET_ADDRESS_IS_BOUND_ERROR; break;
- /*
- * UNIX domain sockets are not supported in NSPR
- */
- case EIO: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
- case EISDIR: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
- case ELOOP: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
- case ENOENT: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
- case ENOTDIR: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
- case EROFS: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_listen_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-void nss_MD_unix_map_shutdown_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-void nss_MD_unix_map_socketpair_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case ENOMEM: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_getsockname_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case ENOMEM: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_getpeername_error(int err)
-{
- PRErrorCode prError;
-
- switch (err) {
- case ENOMEM: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_getsockopt_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EINVAL: prError = PR_BUFFER_OVERFLOW_ERROR; break;
- case ENOMEM: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_setsockopt_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EINVAL: prError = PR_BUFFER_OVERFLOW_ERROR; break;
- case ENOMEM: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_open_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EAGAIN: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- case EBUSY: prError = PR_IO_ERROR; break;
- case ENODEV: prError = PR_FILE_NOT_FOUND_ERROR; break;
- case ENOMEM: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- case ETIMEDOUT: prError = PR_REMOTE_FILE_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_mmap_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EAGAIN: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- case EMFILE: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- case ENODEV: prError = PR_OPERATION_NOT_SUPPORTED_ERROR; break;
- case ENXIO: prError = PR_INVALID_ARGUMENT_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_gethostname_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-void nss_MD_unix_map_select_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-
-#ifdef _PR_POLL_AVAILABLE
-void nss_MD_unix_map_poll_error(int err)
-{
- PRErrorCode prError;
-
- switch (err) {
- case EAGAIN: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_poll_revents_error(int err)
-{
- if (err & POLLNVAL)
- PR_SetError(PR_BAD_DESCRIPTOR_ERROR, EBADF);
- else if (err & POLLHUP)
- PR_SetError(PR_CONNECT_RESET_ERROR, EPIPE);
- else if (err & POLLERR)
- PR_SetError(PR_IO_ERROR, EIO);
- else
- PR_SetError(PR_UNKNOWN_ERROR, err);
-}
-#endif /* _PR_POLL_AVAILABLE */
-
-
-void nss_MD_unix_map_flock_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EINVAL: prError = PR_BAD_DESCRIPTOR_ERROR; break;
- case EWOULDBLOCK: prError = PR_FILE_IS_LOCKED_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_unix_map_lockf_error(int err)
-{
- PRErrorCode prError;
- switch (err) {
- case EACCES: prError = PR_FILE_IS_LOCKED_ERROR; break;
- case EDEADLK: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- default: nss_MD_unix_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-#ifdef HPUX11
-void nss_MD_hpux_map_sendfile_error(int err)
-{
- nss_MD_unix_map_default_error(err);
-}
-#endif /* HPUX11 */
-
-
-void nss_MD_unix_map_default_error(int err)
-{
- PRErrorCode prError;
- switch (err ) {
- case EACCES: prError = PR_NO_ACCESS_RIGHTS_ERROR; break;
- case EADDRINUSE: prError = PR_ADDRESS_IN_USE_ERROR; break;
- case EADDRNOTAVAIL: prError = PR_ADDRESS_NOT_AVAILABLE_ERROR; break;
- case EAFNOSUPPORT: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
- case EAGAIN: prError = PR_WOULD_BLOCK_ERROR; break;
- case EALREADY: prError = PR_ALREADY_INITIATED_ERROR; break;
- case EBADF: prError = PR_BAD_DESCRIPTOR_ERROR; break;
-#ifdef EBADMSG
- case EBADMSG: prError = PR_IO_ERROR; break;
-#endif
- case EBUSY: prError = PR_FILESYSTEM_MOUNTED_ERROR; break;
- case ECONNREFUSED: prError = PR_CONNECT_REFUSED_ERROR; break;
- case ECONNRESET: prError = PR_CONNECT_RESET_ERROR; break;
- case EDEADLK: prError = PR_DEADLOCK_ERROR; break;
-#ifdef EDIRCORRUPTED
- case EDIRCORRUPTED: prError = PR_DIRECTORY_CORRUPTED_ERROR; break;
-#endif
-#ifdef EDQUOT
- case EDQUOT: prError = PR_NO_DEVICE_SPACE_ERROR; break;
-#endif
- case EEXIST: prError = PR_FILE_EXISTS_ERROR; break;
- case EFAULT: prError = PR_ACCESS_FAULT_ERROR; break;
- case EFBIG: prError = PR_FILE_TOO_BIG_ERROR; break;
- case EINPROGRESS: prError = PR_IN_PROGRESS_ERROR; break;
- case EINTR: prError = PR_PENDING_INTERRUPT_ERROR; break;
- case EINVAL: prError = PR_INVALID_ARGUMENT_ERROR; break;
- case EIO: prError = PR_IO_ERROR; break;
- case EISCONN: prError = PR_IS_CONNECTED_ERROR; break;
- case EISDIR: prError = PR_IS_DIRECTORY_ERROR; break;
- case ELOOP: prError = PR_LOOP_ERROR; break;
- case EMFILE: prError = PR_PROC_DESC_TABLE_FULL_ERROR; break;
- case EMLINK: prError = PR_MAX_DIRECTORY_ENTRIES_ERROR; break;
- case EMSGSIZE: prError = PR_INVALID_ARGUMENT_ERROR; break;
-#ifdef EMULTIHOP
- case EMULTIHOP: prError = PR_REMOTE_FILE_ERROR; break;
-#endif
- case ENAMETOOLONG: prError = PR_NAME_TOO_LONG_ERROR; break;
- case ENETUNREACH: prError = PR_NETWORK_UNREACHABLE_ERROR; break;
- case ENFILE: prError = PR_SYS_DESC_TABLE_FULL_ERROR; break;
-#if !defined(SCO)
- case ENOBUFS: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
-#endif
- case ENODEV: prError = PR_FILE_NOT_FOUND_ERROR; break;
- case ENOENT: prError = PR_FILE_NOT_FOUND_ERROR; break;
- case ENOLCK: prError = PR_FILE_IS_LOCKED_ERROR; break;
-#ifdef ENOLINK
- case ENOLINK: prError = PR_REMOTE_FILE_ERROR; break;
-#endif
- case ENOMEM: prError = PR_OUT_OF_MEMORY_ERROR; break;
- case ENOPROTOOPT: prError = PR_INVALID_ARGUMENT_ERROR; break;
- case ENOSPC: prError = PR_NO_DEVICE_SPACE_ERROR; break;
- case ENOSR: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- case ENOTCONN: prError = PR_NOT_CONNECTED_ERROR; break;
- case ENOTDIR: prError = PR_NOT_DIRECTORY_ERROR; break;
- case ENOTSOCK: prError = PR_NOT_SOCKET_ERROR; break;
- case ENXIO: prError = PR_FILE_NOT_FOUND_ERROR; break;
- case EOPNOTSUPP: prError = PR_NOT_TCP_SOCKET_ERROR; break;
-#ifdef EOVERFLOW
- case EOVERFLOW: prError = PR_BUFFER_OVERFLOW_ERROR; break;
-#endif
- case EPERM: prError = PR_NO_ACCESS_RIGHTS_ERROR; break;
- case EPIPE: prError = PR_CONNECT_RESET_ERROR; break;
-#ifdef EPROTO
- case EPROTO: prError = PR_IO_ERROR; break;
-#endif
- case EPROTONOSUPPORT: prError = PR_PROTOCOL_NOT_SUPPORTED_ERROR; break;
- case EPROTOTYPE: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
- case ERANGE: prError = PR_INVALID_METHOD_ERROR; break;
- case EROFS: prError = PR_READ_ONLY_FILESYSTEM_ERROR; break;
- case ESPIPE: prError = PR_INVALID_METHOD_ERROR; break;
- case ETIMEDOUT: prError = PR_IO_TIMEOUT_ERROR; break;
-#if EWOULDBLOCK != EAGAIN
- case EWOULDBLOCK: prError = PR_WOULD_BLOCK_ERROR; break;
-#endif
- case EXDEV: prError = PR_NOT_SAME_DEVICE_ERROR; break;
-
- default: prError = PR_UNKNOWN_ERROR; break;
- }
- PR_SetError(prError, err);
-}
diff --git a/security/nss/lib/ssl/unix_err.h b/security/nss/lib/ssl/unix_err.h
deleted file mode 100644
index 2611baf81..000000000
--- a/security/nss/lib/ssl/unix_err.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes. We would use
- * NSPR's functions, instead of duplicating them, but they're private.
- * As long as SSL's server session cache code must do platform native I/O
- * to accomplish its job, and NSPR's error mapping functions remain private,
- * this code will continue to need to be replicated.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-/* NSPR doesn't make these functions public, so we have to duplicate
-** them in NSS.
-*/
-extern void nss_MD_hpux_map_sendfile_error(int err);
-extern void nss_MD_unix_map_accept_error(int err);
-extern void nss_MD_unix_map_access_error(int err);
-extern void nss_MD_unix_map_bind_error(int err);
-extern void nss_MD_unix_map_close_error(int err);
-extern void nss_MD_unix_map_closedir_error(int err);
-extern void nss_MD_unix_map_connect_error(int err);
-extern void nss_MD_unix_map_default_error(int err);
-extern void nss_MD_unix_map_flock_error(int err);
-extern void nss_MD_unix_map_fstat_error(int err);
-extern void nss_MD_unix_map_fsync_error(int err);
-extern void nss_MD_unix_map_gethostname_error(int err);
-extern void nss_MD_unix_map_getpeername_error(int err);
-extern void nss_MD_unix_map_getsockname_error(int err);
-extern void nss_MD_unix_map_getsockopt_error(int err);
-extern void nss_MD_unix_map_listen_error(int err);
-extern void nss_MD_unix_map_lockf_error(int err);
-extern void nss_MD_unix_map_lseek_error(int err);
-extern void nss_MD_unix_map_mkdir_error(int err);
-extern void nss_MD_unix_map_mmap_error(int err);
-extern void nss_MD_unix_map_open_error(int err);
-extern void nss_MD_unix_map_opendir_error(int err);
-extern void nss_MD_unix_map_poll_error(int err);
-extern void nss_MD_unix_map_poll_revents_error(int err);
-extern void nss_MD_unix_map_read_error(int err);
-extern void nss_MD_unix_map_readdir_error(int err);
-extern void nss_MD_unix_map_recv_error(int err);
-extern void nss_MD_unix_map_recvfrom_error(int err);
-extern void nss_MD_unix_map_rename_error(int err);
-extern void nss_MD_unix_map_rmdir_error(int err);
-extern void nss_MD_unix_map_select_error(int err);
-extern void nss_MD_unix_map_send_error(int err);
-extern void nss_MD_unix_map_sendto_error(int err);
-extern void nss_MD_unix_map_setsockopt_error(int err);
-extern void nss_MD_unix_map_shutdown_error(int err);
-extern void nss_MD_unix_map_socket_error(int err);
-extern void nss_MD_unix_map_socketavailable_error(int err);
-extern void nss_MD_unix_map_socketpair_error(int err);
-extern void nss_MD_unix_map_stat_error(int err);
-extern void nss_MD_unix_map_unlink_error(int err);
-extern void nss_MD_unix_map_write_error(int err);
-extern void nss_MD_unix_map_writev_error(int err);
diff --git a/security/nss/lib/ssl/win32err.c b/security/nss/lib/ssl/win32err.c
deleted file mode 100644
index acfce2c9d..000000000
--- a/security/nss/lib/ssl/win32err.c
+++ /dev/null
@@ -1,373 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/*
- * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes. We would use
- * NSPR's functions, instead of duplicating them, but they're private.
- * As long as SSL's server session cache code must do platform native I/O
- * to accomplish its job, and NSPR's error mapping functions remain private,
- * this code will continue to need to be replicated.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#include "prerror.h"
-#include "prlog.h"
-#include <errno.h>
-#include <windows.h>
-
-/*
- * On Win32, we map three kinds of error codes:
- * - GetLastError(): for Win32 functions
- * - WSAGetLastError(): for Winsock functions
- * - errno: for standard C library functions
- *
- * We do not check for WSAEINPROGRESS and WSAEINTR because we do not
- * use blocking Winsock 1.1 calls.
- *
- * Except for the 'socket' call, we do not check for WSAEINITIALISED.
- * It is assumed that if Winsock is not initialized, that fact will
- * be detected at the time we create new sockets.
- */
-
-/* forward declaration. */
-void nss_MD_win32_map_default_error(PRInt32 err);
-
-void nss_MD_win32_map_opendir_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_closedir_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_readdir_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_delete_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-/* The error code for stat() is in errno. */
-void nss_MD_win32_map_stat_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_fstat_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_rename_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-/* The error code for access() is in errno. */
-void nss_MD_win32_map_access_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_mkdir_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_rmdir_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_read_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_transmitfile_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_write_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_lseek_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_fsync_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-/*
- * For both CloseHandle() and closesocket().
- */
-void nss_MD_win32_map_close_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_socket_error(PRInt32 err)
-{
- PR_ASSERT(err != WSANOTINITIALISED);
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_recv_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_recvfrom_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_send_error(PRInt32 err)
-{
- PRErrorCode prError;
- switch (err) {
- case WSAEMSGSIZE: prError = PR_INVALID_ARGUMENT_ERROR; break;
- default: nss_MD_win32_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_win32_map_sendto_error(PRInt32 err)
-{
- PRErrorCode prError;
- switch (err) {
- case WSAEMSGSIZE: prError = PR_INVALID_ARGUMENT_ERROR; break;
- default: nss_MD_win32_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_win32_map_accept_error(PRInt32 err)
-{
- PRErrorCode prError;
- switch (err) {
- case WSAEOPNOTSUPP: prError = PR_NOT_TCP_SOCKET_ERROR; break;
- case WSAEINVAL: prError = PR_INVALID_STATE_ERROR; break;
- default: nss_MD_win32_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_win32_map_acceptex_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_connect_error(PRInt32 err)
-{
- PRErrorCode prError;
- switch (err) {
- case WSAEWOULDBLOCK: prError = PR_IN_PROGRESS_ERROR; break;
- case WSAEINVAL: prError = PR_ALREADY_INITIATED_ERROR; break;
- case WSAETIMEDOUT: prError = PR_IO_TIMEOUT_ERROR; break;
- default: nss_MD_win32_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_win32_map_bind_error(PRInt32 err)
-{
- PRErrorCode prError;
- switch (err) {
- case WSAEINVAL: prError = PR_SOCKET_ADDRESS_IS_BOUND_ERROR; break;
- default: nss_MD_win32_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_win32_map_listen_error(PRInt32 err)
-{
- PRErrorCode prError;
- switch (err) {
- case WSAEOPNOTSUPP: prError = PR_NOT_TCP_SOCKET_ERROR; break;
- case WSAEINVAL: prError = PR_INVALID_STATE_ERROR; break;
- default: nss_MD_win32_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_win32_map_shutdown_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_getsockname_error(PRInt32 err)
-{
- PRErrorCode prError;
- switch (err) {
- case WSAEINVAL: prError = PR_INVALID_STATE_ERROR; break;
- default: nss_MD_win32_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_win32_map_getpeername_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_getsockopt_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_setsockopt_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_open_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-void nss_MD_win32_map_gethostname_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-/* Win32 select() only works on sockets. So in this
-** context, WSAENOTSOCK is equivalent to EBADF on Unix.
-*/
-void nss_MD_win32_map_select_error(PRInt32 err)
-{
- PRErrorCode prError;
- switch (err) {
- case WSAENOTSOCK: prError = PR_BAD_DESCRIPTOR_ERROR; break;
- default: nss_MD_win32_map_default_error(err); return;
- }
- PR_SetError(prError, err);
-}
-
-void nss_MD_win32_map_lockf_error(PRInt32 err)
-{
- nss_MD_win32_map_default_error(err);
-}
-
-
-
-void nss_MD_win32_map_default_error(PRInt32 err)
-{
- PRErrorCode prError;
-
- switch (err) {
- case EACCES: prError = PR_NO_ACCESS_RIGHTS_ERROR; break;
- case ENOENT: prError = PR_FILE_NOT_FOUND_ERROR; break;
- case ERROR_ACCESS_DENIED: prError = PR_NO_ACCESS_RIGHTS_ERROR; break;
- case ERROR_ALREADY_EXISTS: prError = PR_FILE_EXISTS_ERROR; break;
- case ERROR_DISK_CORRUPT: prError = PR_IO_ERROR; break;
- case ERROR_DISK_FULL: prError = PR_NO_DEVICE_SPACE_ERROR; break;
- case ERROR_DISK_OPERATION_FAILED: prError = PR_IO_ERROR; break;
- case ERROR_DRIVE_LOCKED: prError = PR_FILE_IS_LOCKED_ERROR; break;
- case ERROR_FILENAME_EXCED_RANGE: prError = PR_NAME_TOO_LONG_ERROR; break;
- case ERROR_FILE_CORRUPT: prError = PR_IO_ERROR; break;
- case ERROR_FILE_EXISTS: prError = PR_FILE_EXISTS_ERROR; break;
- case ERROR_FILE_INVALID: prError = PR_BAD_DESCRIPTOR_ERROR; break;
-#if ERROR_FILE_NOT_FOUND != ENOENT
- case ERROR_FILE_NOT_FOUND: prError = PR_FILE_NOT_FOUND_ERROR; break;
-#endif
- case ERROR_HANDLE_DISK_FULL: prError = PR_NO_DEVICE_SPACE_ERROR; break;
- case ERROR_INVALID_ADDRESS: prError = PR_ACCESS_FAULT_ERROR; break;
- case ERROR_INVALID_HANDLE: prError = PR_BAD_DESCRIPTOR_ERROR; break;
- case ERROR_INVALID_NAME: prError = PR_INVALID_ARGUMENT_ERROR; break;
- case ERROR_INVALID_PARAMETER: prError = PR_INVALID_ARGUMENT_ERROR; break;
- case ERROR_INVALID_USER_BUFFER: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- case ERROR_LOCKED: prError = PR_FILE_IS_LOCKED_ERROR; break;
- case ERROR_NETNAME_DELETED: prError = PR_CONNECT_RESET_ERROR; break;
- case ERROR_NOACCESS: prError = PR_ACCESS_FAULT_ERROR; break;
- case ERROR_NOT_ENOUGH_MEMORY: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- case ERROR_NOT_ENOUGH_QUOTA: prError = PR_OUT_OF_MEMORY_ERROR; break;
- case ERROR_NOT_READY: prError = PR_IO_ERROR; break;
- case ERROR_NO_MORE_FILES: prError = PR_NO_MORE_FILES_ERROR; break;
- case ERROR_OPEN_FAILED: prError = PR_IO_ERROR; break;
- case ERROR_OPEN_FILES: prError = PR_IO_ERROR; break;
- case ERROR_OUTOFMEMORY: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- case ERROR_PATH_BUSY: prError = PR_IO_ERROR; break;
- case ERROR_PATH_NOT_FOUND: prError = PR_FILE_NOT_FOUND_ERROR; break;
- case ERROR_SEEK_ON_DEVICE: prError = PR_IO_ERROR; break;
- case ERROR_SHARING_VIOLATION: prError = PR_FILE_IS_BUSY_ERROR; break;
- case ERROR_STACK_OVERFLOW: prError = PR_ACCESS_FAULT_ERROR; break;
- case ERROR_TOO_MANY_OPEN_FILES: prError = PR_SYS_DESC_TABLE_FULL_ERROR; break;
- case ERROR_WRITE_PROTECT: prError = PR_NO_ACCESS_RIGHTS_ERROR; break;
- case WSAEACCES: prError = PR_NO_ACCESS_RIGHTS_ERROR; break;
- case WSAEADDRINUSE: prError = PR_ADDRESS_IN_USE_ERROR; break;
- case WSAEADDRNOTAVAIL: prError = PR_ADDRESS_NOT_AVAILABLE_ERROR; break;
- case WSAEAFNOSUPPORT: prError = PR_ADDRESS_NOT_SUPPORTED_ERROR; break;
- case WSAEALREADY: prError = PR_ALREADY_INITIATED_ERROR; break;
- case WSAEBADF: prError = PR_BAD_DESCRIPTOR_ERROR; break;
- case WSAECONNABORTED: prError = PR_CONNECT_ABORTED_ERROR; break;
- case WSAECONNREFUSED: prError = PR_CONNECT_REFUSED_ERROR; break;
- case WSAECONNRESET: prError = PR_CONNECT_RESET_ERROR; break;
- case WSAEDESTADDRREQ: prError = PR_INVALID_ARGUMENT_ERROR; break;
- case WSAEFAULT: prError = PR_ACCESS_FAULT_ERROR; break;
- case WSAEHOSTUNREACH: prError = PR_HOST_UNREACHABLE_ERROR; break;
- case WSAEINVAL: prError = PR_INVALID_ARGUMENT_ERROR; break;
- case WSAEISCONN: prError = PR_IS_CONNECTED_ERROR; break;
- case WSAEMFILE: prError = PR_PROC_DESC_TABLE_FULL_ERROR; break;
- case WSAEMSGSIZE: prError = PR_BUFFER_OVERFLOW_ERROR; break;
- case WSAENETDOWN: prError = PR_NETWORK_DOWN_ERROR; break;
- case WSAENETRESET: prError = PR_CONNECT_ABORTED_ERROR; break;
- case WSAENETUNREACH: prError = PR_NETWORK_UNREACHABLE_ERROR; break;
- case WSAENOBUFS: prError = PR_INSUFFICIENT_RESOURCES_ERROR; break;
- case WSAENOPROTOOPT: prError = PR_INVALID_ARGUMENT_ERROR; break;
- case WSAENOTCONN: prError = PR_NOT_CONNECTED_ERROR; break;
- case WSAENOTSOCK: prError = PR_NOT_SOCKET_ERROR; break;
- case WSAEOPNOTSUPP: prError = PR_OPERATION_NOT_SUPPORTED_ERROR; break;
- case WSAEPROTONOSUPPORT: prError = PR_PROTOCOL_NOT_SUPPORTED_ERROR; break;
- case WSAEPROTOTYPE: prError = PR_INVALID_ARGUMENT_ERROR; break;
- case WSAESHUTDOWN: prError = PR_SOCKET_SHUTDOWN_ERROR; break;
- case WSAESOCKTNOSUPPORT: prError = PR_INVALID_ARGUMENT_ERROR; break;
- case WSAETIMEDOUT: prError = PR_CONNECT_ABORTED_ERROR; break;
- case WSAEWOULDBLOCK: prError = PR_WOULD_BLOCK_ERROR; break;
- default: prError = PR_UNKNOWN_ERROR; break;
- }
- PR_SetError(prError, err);
-}
-
diff --git a/security/nss/lib/ssl/win32err.h b/security/nss/lib/ssl/win32err.h
deleted file mode 100644
index b87dfefd4..000000000
--- a/security/nss/lib/ssl/win32err.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes. We would use
- * NSPR's functions, instead of duplicating them, but they're private.
- * As long as SSL's server session cache code must do platform native I/O
- * to accomplish its job, and NSPR's error mapping functions remain private,
- * This code will continue to need to be replicated.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-/* NSPR doesn't make these functions public, so we have to duplicate
-** them in NSS.
-*/
-extern void nss_MD_win32_map_accept_error(PRInt32 err);
-extern void nss_MD_win32_map_acceptex_error(PRInt32 err);
-extern void nss_MD_win32_map_access_error(PRInt32 err);
-extern void nss_MD_win32_map_bind_error(PRInt32 err);
-extern void nss_MD_win32_map_close_error(PRInt32 err);
-extern void nss_MD_win32_map_closedir_error(PRInt32 err);
-extern void nss_MD_win32_map_connect_error(PRInt32 err);
-extern void nss_MD_win32_map_default_error(PRInt32 err);
-extern void nss_MD_win32_map_delete_error(PRInt32 err);
-extern void nss_MD_win32_map_fstat_error(PRInt32 err);
-extern void nss_MD_win32_map_fsync_error(PRInt32 err);
-extern void nss_MD_win32_map_gethostname_error(PRInt32 err);
-extern void nss_MD_win32_map_getpeername_error(PRInt32 err);
-extern void nss_MD_win32_map_getsockname_error(PRInt32 err);
-extern void nss_MD_win32_map_getsockopt_error(PRInt32 err);
-extern void nss_MD_win32_map_listen_error(PRInt32 err);
-extern void nss_MD_win32_map_lockf_error(PRInt32 err);
-extern void nss_MD_win32_map_lseek_error(PRInt32 err);
-extern void nss_MD_win32_map_mkdir_error(PRInt32 err);
-extern void nss_MD_win32_map_open_error(PRInt32 err);
-extern void nss_MD_win32_map_opendir_error(PRInt32 err);
-extern void nss_MD_win32_map_read_error(PRInt32 err);
-extern void nss_MD_win32_map_readdir_error(PRInt32 err);
-extern void nss_MD_win32_map_recv_error(PRInt32 err);
-extern void nss_MD_win32_map_recvfrom_error(PRInt32 err);
-extern void nss_MD_win32_map_rename_error(PRInt32 err);
-extern void nss_MD_win32_map_rmdir_error(PRInt32 err);
-extern void nss_MD_win32_map_select_error(PRInt32 err);
-extern void nss_MD_win32_map_send_error(PRInt32 err);
-extern void nss_MD_win32_map_sendto_error(PRInt32 err);
-extern void nss_MD_win32_map_setsockopt_error(PRInt32 err);
-extern void nss_MD_win32_map_shutdown_error(PRInt32 err);
-extern void nss_MD_win32_map_socket_error(PRInt32 err);
-extern void nss_MD_win32_map_stat_error(PRInt32 err);
-extern void nss_MD_win32_map_transmitfile_error(PRInt32 err);
-extern void nss_MD_win32_map_write_error(PRInt32 err);
diff --git a/security/nss/lib/util/Makefile b/security/nss/lib/util/Makefile
deleted file mode 100644
index 35c2bfb28..000000000
--- a/security/nss/lib/util/Makefile
+++ /dev/null
@@ -1,86 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/arch.mk
-
-ifeq ($(OS_ARCH),HP-UX)
- ASFILES += ret_cr16.s
-endif
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-tests:: $(OBJDIR)/test_utf8
-
-$(OBJDIR)/test_utf8: utf8.c
- @$(MAKE_OBJDIR)
- $(CCF) -o $(OBJDIR)/test_utf8 -DTEST_UTF8 utf8.c $(OS_LIBS)
diff --git a/security/nss/lib/util/base64.h b/security/nss/lib/util/base64.h
deleted file mode 100644
index 92dc54d7c..000000000
--- a/security/nss/lib/util/base64.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * base64.h - prototypes for base64 encoding/decoding
- * Note: These functions are deprecated; see nssb64.h for new routines.
- *
- * $Id$
- */
-#ifndef _BASE64_H_
-#define _BASE64_H_
-
-#include "seccomon.h"
-
-SEC_BEGIN_PROTOS
-
-/*
-** Return an PORT_Alloc'd ascii string which is the base64 encoded
-** version of the input string.
-*/
-extern char *BTOA_DataToAscii(const unsigned char *data, unsigned int len);
-
-/*
-** Return an PORT_Alloc'd string which is the base64 decoded version
-** of the input string; set *lenp to the length of the returned data.
-*/
-extern unsigned char *ATOB_AsciiToData(const char *string, unsigned int *lenp);
-
-/*
-** Convert from ascii to binary encoding of an item.
-*/
-extern SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, char *ascii);
-
-/*
-** Convert from binary encoding of an item to ascii.
-*/
-extern char *BTOA_ConvertItemToAscii(SECItem *binary_item);
-
-SEC_END_PROTOS
-
-#endif /* _BASE64_H_ */
diff --git a/security/nss/lib/util/ciferfam.h b/security/nss/lib/util/ciferfam.h
deleted file mode 100644
index fd2f3bd0f..000000000
--- a/security/nss/lib/util/ciferfam.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * ciferfam.h - cipher familie IDs used for configuring ciphers for export
- * control
- *
- * $Id$
- */
-
-#ifndef _CIFERFAM_H_
-#define _CIFERFAM_H_
-
-/* Cipher Suite "Families" */
-#define CIPHER_FAMILY_PKCS12 "PKCS12"
-#define CIPHER_FAMILY_SMIME "SMIME"
-#define CIPHER_FAMILY_SSL2 "SSLv2"
-#define CIPHER_FAMILY_SSL3 "SSLv3"
-#define CIPHER_FAMILY_SSL "SSL"
-#define CIPHER_FAMILY_ALL ""
-#define CIPHER_FAMILY_UNKNOWN "UNKNOWN"
-
-#define CIPHER_FAMILYID_MASK 0xFFFF0000L
-#define CIPHER_FAMILYID_SSL 0x00000000L
-#define CIPHER_FAMILYID_SMIME 0x00010000L
-#define CIPHER_FAMILYID_PKCS12 0x00020000L
-
-/* SMIME "Cipher Suites" */
-/*
- * Note that it is assumed that the cipher number itself can be used
- * as a bit position in a mask, and that mask is currently 32 bits wide.
- * So, if you want to add a cipher that is greater than 0033, secmime.c
- * needs to be made smarter at the same time.
- */
-#define SMIME_RC2_CBC_40 (CIPHER_FAMILYID_SMIME | 0001)
-#define SMIME_RC2_CBC_64 (CIPHER_FAMILYID_SMIME | 0002)
-#define SMIME_RC2_CBC_128 (CIPHER_FAMILYID_SMIME | 0003)
-#define SMIME_DES_CBC_56 (CIPHER_FAMILYID_SMIME | 0011)
-#define SMIME_DES_EDE3_168 (CIPHER_FAMILYID_SMIME | 0012)
-#define SMIME_RC5PAD_64_16_40 (CIPHER_FAMILYID_SMIME | 0021)
-#define SMIME_RC5PAD_64_16_64 (CIPHER_FAMILYID_SMIME | 0022)
-#define SMIME_RC5PAD_64_16_128 (CIPHER_FAMILYID_SMIME | 0023)
-#define SMIME_FORTEZZA (CIPHER_FAMILYID_SMIME | 0031)
-
-/* PKCS12 "Cipher Suites" */
-
-#define PKCS12_RC2_CBC_40 (CIPHER_FAMILYID_PKCS12 | 0001)
-#define PKCS12_RC2_CBC_128 (CIPHER_FAMILYID_PKCS12 | 0002)
-#define PKCS12_RC4_40 (CIPHER_FAMILYID_PKCS12 | 0011)
-#define PKCS12_RC4_128 (CIPHER_FAMILYID_PKCS12 | 0012)
-#define PKCS12_DES_56 (CIPHER_FAMILYID_PKCS12 | 0021)
-#define PKCS12_DES_EDE3_168 (CIPHER_FAMILYID_PKCS12 | 0022)
-
-/* SMIME version numbers are negative, to avoid colliding with SSL versions */
-#define SMIME_LIBRARY_VERSION_1_0 -0x0100
-
-#endif /* _CIFERFAM_H_ */
diff --git a/security/nss/lib/util/config.mk b/security/nss/lib/util/config.mk
deleted file mode 100644
index a73a1086e..000000000
--- a/security/nss/lib/util/config.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/util/derdec.c b/security/nss/lib/util/derdec.c
deleted file mode 100644
index 914701e33..000000000
--- a/security/nss/lib/util/derdec.c
+++ /dev/null
@@ -1,552 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secder.h"
-#include "secerr.h"
-
-static uint32
-der_indefinite_length(unsigned char *buf, unsigned char *end)
-{
- uint32 len, ret, dataLen;
- unsigned char tag, lenCode;
- int dataLenLen;
-
- len = 0;
- while ( 1 ) {
- if ((buf + 2) > end) {
- return(0);
- }
-
- tag = *buf++;
- lenCode = *buf++;
- len += 2;
-
- if ( ( tag == 0 ) && ( lenCode == 0 ) ) {
- return(len);
- }
-
- if ( lenCode == 0x80 ) { /* indefinite length */
- ret = der_indefinite_length(buf, end); /* recurse to find length */
- if (ret == 0)
- return 0;
- len += ret;
- buf += ret;
- } else { /* definite length */
- if (lenCode & 0x80) {
- /* Length of data is in multibyte format */
- dataLenLen = lenCode & 0x7f;
- switch (dataLenLen) {
- case 1:
- dataLen = buf[0];
- break;
- case 2:
- dataLen = (buf[0]<<8)|buf[1];
- break;
- case 3:
- dataLen = ((unsigned long)buf[0]<<16)|(buf[1]<<8)|buf[2];
- break;
- case 4:
- dataLen = ((unsigned long)buf[0]<<24)|
- ((unsigned long)buf[1]<<16)|(buf[2]<<8)|buf[3];
- break;
- default:
- PORT_SetError(SEC_ERROR_BAD_DER);
- return SECFailure;
- }
- } else {
- /* Length of data is in single byte */
- dataLen = lenCode;
- dataLenLen = 0;
- }
-
- /* skip this item */
- buf = buf + dataLenLen + dataLen;
- len = len + dataLenLen + dataLen;
- }
- }
-}
-
-/*
-** Capture the next thing in the buffer.
-** Returns the length of the header and the length of the contents.
-*/
-static SECStatus
-der_capture(unsigned char *buf, unsigned char *end,
- int *header_len_p, uint32 *contents_len_p)
-{
- unsigned char *bp;
- unsigned char whole_tag;
- uint32 contents_len;
- int tag_number;
-
- if ((buf + 2) > end) {
- *header_len_p = 0;
- *contents_len_p = 0;
- if (buf == end)
- return SECSuccess;
- return SECFailure;
- }
-
- bp = buf;
-
- /* Get tag and verify that it is ok. */
- whole_tag = *bp++;
- tag_number = whole_tag & DER_TAGNUM_MASK;
-
- /*
- * XXX This code does not (yet) handle the high-tag-number form!
- */
- if (tag_number == DER_HIGH_TAG_NUMBER) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return SECFailure;
- }
-
- if ((whole_tag & DER_CLASS_MASK) == DER_UNIVERSAL) {
- /* Check that the universal tag number is one we implement. */
- switch (tag_number) {
- case DER_BOOLEAN:
- case DER_INTEGER:
- case DER_BIT_STRING:
- case DER_OCTET_STRING:
- case DER_NULL:
- case DER_OBJECT_ID:
- case DER_SEQUENCE:
- case DER_SET:
- case DER_PRINTABLE_STRING:
- case DER_T61_STRING:
- case DER_IA5_STRING:
- case DER_VISIBLE_STRING:
- case DER_UTC_TIME:
- case 0: /* end-of-contents tag */
- break;
- default:
- PORT_SetError(SEC_ERROR_BAD_DER);
- return SECFailure;
- }
- }
-
- /*
- * Get first byte of length code (might contain entire length, might not).
- */
- contents_len = *bp++;
-
- /*
- * If the high bit is set, then the length is in multibyte format,
- * or the thing has an indefinite-length.
- */
- if (contents_len & 0x80) {
- int bytes_of_encoded_len;
-
- bytes_of_encoded_len = contents_len & 0x7f;
- contents_len = 0;
-
- switch (bytes_of_encoded_len) {
- case 4:
- contents_len |= *bp++;
- contents_len <<= 8;
- /* fallthru */
- case 3:
- contents_len |= *bp++;
- contents_len <<= 8;
- /* fallthru */
- case 2:
- contents_len |= *bp++;
- contents_len <<= 8;
- /* fallthru */
- case 1:
- contents_len |= *bp++;
- break;
-
- case 0:
- contents_len = der_indefinite_length (bp, end);
- if (contents_len)
- break;
- /* fallthru */
- default:
- PORT_SetError(SEC_ERROR_BAD_DER);
- return SECFailure;
- }
- }
-
- if ((bp + contents_len) > end) {
- /* Ran past end of buffer */
- PORT_SetError(SEC_ERROR_BAD_DER);
- return SECFailure;
- }
-
- *header_len_p = bp - buf;
- *contents_len_p = contents_len;
-
- return SECSuccess;
-}
-
-static unsigned char *
-der_decode(PRArenaPool *arena, void *dest, DERTemplate *dtemplate,
- unsigned char *buf, int header_len, uint32 contents_len)
-{
- unsigned char *orig_buf, *end;
- unsigned long encode_kind, under_kind;
- PRBool explicit, optional, universal, check_tag;
- SECItem *item;
- SECStatus rv;
- PRBool indefinite_length, explicit_indefinite_length;
-
- encode_kind = dtemplate->kind;
- explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE;
- optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE;
- universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL)
- ? PR_TRUE : PR_FALSE;
-
- PORT_Assert (!(explicit && universal)); /* bad templates */
-
- if (header_len == 0) {
- if (optional || (encode_kind & DER_ANY))
- return buf;
- PORT_SetError(SEC_ERROR_BAD_DER);
- return NULL;
- }
-
- if (encode_kind & DER_POINTER) {
- void *place, **placep;
- int offset;
-
- if (dtemplate->sub != NULL) {
- dtemplate = dtemplate->sub;
- under_kind = dtemplate->kind;
- if (universal) {
- encode_kind = under_kind;
- }
- place = PORT_ArenaZAlloc(arena, dtemplate->arg);
- offset = dtemplate->offset;
- } else {
- if (universal) {
- under_kind = encode_kind & ~DER_POINTER;
- } else {
- under_kind = dtemplate->arg;
- }
- place = PORT_ArenaZAlloc(arena, sizeof(SECItem));
- offset = 0;
- }
- if (place == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL; /* Out of memory */
- }
- placep = (void **)dest;
- *placep = place;
- dest = (void *)((char *)place + offset);
- } else if (encode_kind & DER_INLINE) {
- PORT_Assert (dtemplate->sub != NULL);
- dtemplate = dtemplate->sub;
- under_kind = dtemplate->kind;
- if (universal) {
- encode_kind = under_kind;
- }
- dest = (void *)((char *)dest + dtemplate->offset);
- } else if (universal) {
- under_kind = encode_kind;
- } else {
- under_kind = dtemplate->arg;
- }
-
- orig_buf = buf;
- end = buf + header_len + contents_len;
-
- explicit_indefinite_length = PR_FALSE;
-
- if (explicit) {
- /*
- * This tag is expected to match exactly.
- * (The template has all of the bits specified.)
- */
- if (*buf != (encode_kind & DER_TAG_MASK)) {
- if (optional)
- return buf;
- PORT_SetError(SEC_ERROR_BAD_DER);
- return NULL;
- }
- if ((header_len == 2) && (*(buf + 1) == 0x80))
- explicit_indefinite_length = PR_TRUE;
- buf += header_len;
- rv = der_capture (buf, end, &header_len, &contents_len);
- if (rv != SECSuccess)
- return NULL;
- if (header_len == 0) { /* XXX is this right? */
- PORT_SetError(SEC_ERROR_BAD_DER);
- return NULL;
- }
- optional = PR_FALSE; /* can no longer be optional */
- encode_kind = under_kind;
- }
-
- check_tag = PR_TRUE;
- if (encode_kind & (DER_DERPTR | DER_ANY | DER_FORCE | DER_SKIP)) {
- PORT_Assert ((encode_kind & DER_ANY) || !optional);
- encode_kind = encode_kind & (~DER_FORCE);
- under_kind = under_kind & (~DER_FORCE);
- check_tag = PR_FALSE;
- }
-
- if (check_tag) {
- PRBool wrong;
- unsigned char expect_tag, expect_num;
-
- /*
- * This tag is expected to match, but the simple types
- * may or may not have the constructed bit set, so we
- * have to have all this extra logic.
- */
- wrong = PR_TRUE;
- expect_tag = encode_kind & DER_TAG_MASK;
- expect_num = expect_tag & DER_TAGNUM_MASK;
- if (expect_num == DER_SET || expect_num == DER_SEQUENCE) {
- if (*buf == (expect_tag | DER_CONSTRUCTED))
- wrong = PR_FALSE;
- } else {
- if (*buf == expect_tag)
- wrong = PR_FALSE;
- else if (*buf == (expect_tag | DER_CONSTRUCTED))
- wrong = PR_FALSE;
- }
- if (wrong) {
- if (optional)
- return buf;
- PORT_SetError(SEC_ERROR_BAD_DER);
- return NULL;
- }
- }
-
- if (under_kind & DER_DERPTR) {
- item = (SECItem *)dest;
- if (under_kind & DER_OUTER) {
- item->data = buf;
- item->len = header_len + contents_len;
- } else {
- item->data = buf + header_len;
- item->len = contents_len;
- }
- return orig_buf;
- }
-
- if (encode_kind & DER_ANY) {
- contents_len += header_len;
- header_len = 0;
- }
-
- if ((header_len == 2) && (*(buf + 1) == 0x80))
- indefinite_length = PR_TRUE;
- else
- indefinite_length = PR_FALSE;
-
- buf += header_len;
-
- if (contents_len == 0)
- return buf;
-
- under_kind &= ~DER_OPTIONAL;
-
- if (under_kind & DER_INDEFINITE) {
- int count, thing_size;
- unsigned char *sub_buf;
- DERTemplate *tmpt;
- void *things, **indp, ***placep;
-
- under_kind &= ~DER_INDEFINITE;
-
- /*
- * Count items.
- */
- count = 0;
- sub_buf = buf;
- while (sub_buf < end) {
- if (indefinite_length && sub_buf[0] == 0 && sub_buf[1] == 0) {
- break;
- }
- rv = der_capture (sub_buf, end, &header_len, &contents_len);
- if (rv != SECSuccess)
- return NULL;
- count++;
- sub_buf += header_len + contents_len;
- }
-
- /*
- * Allocate an array of pointers to items; extra one is for a NULL.
- */
- indp = (void**)PORT_ArenaZAlloc(arena, (count + 1) * sizeof(void *));
- if (indp == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- /*
- * Prepare.
- */
- if (under_kind == DER_SET || under_kind == DER_SEQUENCE) {
- tmpt = dtemplate->sub;
- PORT_Assert (tmpt != NULL);
- thing_size = tmpt->arg;
- PORT_Assert (thing_size != 0);
- } else {
- tmpt = NULL;
- thing_size = sizeof(SECItem);
- }
-
- /*
- * Allocate the items themselves.
- */
- things = PORT_ArenaZAlloc(arena, count * thing_size);
- if (things == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
-
- placep = (void ***)dest;
- *placep = indp;
-
- while (count) {
- /* ignore return value because we already did whole thing above */
- (void) der_capture (buf, end, &header_len, &contents_len);
- if (tmpt != NULL) {
- void *sub_thing;
-
- sub_thing = (void *)((char *)things + tmpt->offset);
- buf = der_decode (arena, sub_thing, tmpt,
- buf, header_len, contents_len);
- if (buf == NULL)
- return NULL;
- } else {
- item = (SECItem *)things;
- if (under_kind == DER_ANY) {
- contents_len += header_len;
- header_len = 0;
- }
- buf += header_len;
- if (under_kind == DER_BIT_STRING) {
- item->data = buf + 1;
- item->len = ((contents_len - 1) << 3) - *buf;
- } else {
- item->data = buf;
- item->len = contents_len;
- }
- buf += contents_len;
- }
- *indp++ = things;
- things = (void *)((char *)things + thing_size);
- count--;
- }
-
- *indp = NULL;
-
- goto der_decode_done;
- }
-
- switch (under_kind) {
- case DER_SEQUENCE:
- case DER_SET:
- {
- DERTemplate *tmpt;
- void *sub_dest;
-
- for (tmpt = dtemplate + 1; tmpt->kind; tmpt++) {
- sub_dest = (void *)((char *)dest + tmpt->offset);
- rv = der_capture (buf, end, &header_len, &contents_len);
- if (rv != SECSuccess)
- return NULL;
- buf = der_decode (arena, sub_dest, tmpt,
- buf, header_len, contents_len);
- if (buf == NULL)
- return NULL;
- }
- }
- break;
-
- case DER_BIT_STRING:
- item = (SECItem *)dest;
- item->data = buf + 1;
- item->len = ((contents_len - 1) << 3) - *buf;
- buf += contents_len;
- break;
-
- case DER_SKIP:
- buf += contents_len;
- break;
-
- default:
- item = (SECItem *)dest;
- item->data = buf;
- item->len = contents_len;
- buf += contents_len;
- break;
- }
-
-der_decode_done:
-
- if (indefinite_length && buf[0] == 0 && buf[1] == 0) {
- buf += 2;
- }
-
- if (explicit_indefinite_length && buf[0] == 0 && buf[1] == 0) {
- buf += 2;
- }
-
- return buf;
-}
-
-SECStatus
-DER_Decode(PRArenaPool *arena, void *dest, DERTemplate *dtemplate, SECItem *src)
-{
- unsigned char *buf;
- uint32 buf_len, contents_len;
- int header_len;
- SECStatus rv;
-
- buf = src->data;
- buf_len = src->len;
-
- rv = der_capture (buf, buf + buf_len, &header_len, &contents_len);
- if (rv != SECSuccess)
- return rv;
-
- dest = (void *)((char *)dest + dtemplate->offset);
- buf = der_decode (arena, dest, dtemplate, buf, header_len, contents_len);
- if (buf == NULL)
- return SECFailure;
-
- return SECSuccess;
-}
-
-SECStatus
-DER_Lengths(SECItem *item, int *header_len_p, uint32 *contents_len_p)
-{
- return(der_capture(item->data, &item->data[item->len], header_len_p,
- contents_len_p));
-}
diff --git a/security/nss/lib/util/derenc.c b/security/nss/lib/util/derenc.c
deleted file mode 100644
index 191b00528..000000000
--- a/security/nss/lib/util/derenc.c
+++ /dev/null
@@ -1,504 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secder.h"
-#include "secerr.h"
-/*
- * Generic templates for individual/simple items.
- */
-
-DERTemplate SECAnyTemplate[] = {
- { DER_ANY,
- 0, NULL, sizeof(SECItem) }
-};
-
-DERTemplate SECBitStringTemplate[] = {
- { DER_BIT_STRING,
- 0, NULL, sizeof(SECItem) }
-};
-
-DERTemplate SECBooleanTemplate[] = {
- { DER_BOOLEAN,
- 0, NULL, sizeof(SECItem) }
-};
-
-DERTemplate SECIA5StringTemplate[] = {
- { DER_IA5_STRING,
- 0, NULL, sizeof(SECItem) }
-};
-
-DERTemplate SECIntegerTemplate[] = {
- { DER_INTEGER,
- 0, NULL, sizeof(SECItem) }
-};
-
-DERTemplate SECNullTemplate[] = {
- { DER_NULL,
- 0, NULL, sizeof(SECItem) }
-};
-
-DERTemplate SECObjectIDTemplate[] = {
- { DER_OBJECT_ID,
- 0, NULL, sizeof(SECItem) }
-};
-
-DERTemplate SECOctetStringTemplate[] = {
- { DER_OCTET_STRING,
- 0, NULL, sizeof(SECItem) }
-};
-
-DERTemplate SECPrintableStringTemplate[] = {
- { DER_PRINTABLE_STRING,
- 0, NULL, sizeof(SECItem) }
-};
-
-DERTemplate SECT61StringTemplate[] = {
- { DER_T61_STRING,
- 0, NULL, sizeof(SECItem) }
-};
-
-DERTemplate SECUTCTimeTemplate[] = {
- { DER_UTC_TIME,
- 0, NULL, sizeof(SECItem) }
-};
-
-
-static int
-header_length(DERTemplate *dtemplate, uint32 contents_len)
-{
- uint32 len;
- unsigned long encode_kind, under_kind;
- PRBool explicit, optional, universal;
-
- encode_kind = dtemplate->kind;
-
- explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE;
- optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE;
- universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL)
- ? PR_TRUE : PR_FALSE;
-
- PORT_Assert (!(explicit && universal)); /* bad templates */
-
- if (encode_kind & DER_POINTER) {
- if (dtemplate->sub != NULL) {
- under_kind = dtemplate->sub->kind;
- if (universal) {
- encode_kind = under_kind;
- }
- } else if (universal) {
- under_kind = encode_kind & ~DER_POINTER;
- } else {
- under_kind = dtemplate->arg;
- }
- } else if (encode_kind & DER_INLINE) {
- under_kind = dtemplate->sub->kind;
- if (universal) {
- encode_kind = under_kind;
- }
- } else if (universal) {
- under_kind = encode_kind;
- } else {
- under_kind = dtemplate->arg;
- }
-
- /* This is only used in decoding; it plays no part in encoding. */
- if (under_kind & DER_DERPTR)
- return 0;
-
- /* No header at all for an "empty" optional. */
- if ((contents_len == 0) && optional)
- return 0;
-
- /* And no header for a full DER_ANY. */
- if (encode_kind & DER_ANY)
- return 0;
-
- /*
- * The common case: one octet for identifier and as many octets
- * as necessary to hold the content length.
- */
- len = 1 + DER_LengthLength(contents_len);
-
- /* Account for the explicit wrapper, if necessary. */
- if (explicit) {
-#if 0 /*
- * Well, I was trying to do something useful, but these
- * assertions are too restrictive on valid templates.
- * I wanted to make sure that the top-level "kind" of
- * a template does not also specify DER_EXPLICIT, which
- * should only modify a component field. Maybe later
- * I can figure out a better way to detect such a problem,
- * but for now I must remove these checks altogether.
- */
- /*
- * This modifier applies only to components of a set or sequence;
- * it should never be used on a set/sequence itself -- confirm.
- */
- PORT_Assert (under_kind != DER_SEQUENCE);
- PORT_Assert (under_kind != DER_SET);
-#endif
-
- len += 1 + DER_LengthLength(len + contents_len);
- }
-
- return len;
-}
-
-
-static uint32
-contents_length(DERTemplate *dtemplate, void *src)
-{
- uint32 len;
- unsigned long encode_kind, under_kind;
- PRBool universal;
-
-
- PORT_Assert (src != NULL);
-
- encode_kind = dtemplate->kind;
-
- universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL)
- ? PR_TRUE : PR_FALSE;
- encode_kind &= ~DER_OPTIONAL;
-
- if (encode_kind & DER_POINTER) {
- src = *(void **)src;
- if (src == NULL) {
- return 0;
- }
- if (dtemplate->sub != NULL) {
- dtemplate = dtemplate->sub;
- under_kind = dtemplate->kind;
- src = (void *)((char *)src + dtemplate->offset);
- } else if (universal) {
- under_kind = encode_kind & ~DER_POINTER;
- } else {
- under_kind = dtemplate->arg;
- }
- } else if (encode_kind & DER_INLINE) {
- PORT_Assert (dtemplate->sub != NULL);
- dtemplate = dtemplate->sub;
- under_kind = dtemplate->kind;
- src = (void *)((char *)src + dtemplate->offset);
- } else if (universal) {
- under_kind = encode_kind;
- } else {
- under_kind = dtemplate->arg;
- }
-
- /* Having any of these bits is not expected here... */
- PORT_Assert ((under_kind & (DER_EXPLICIT | DER_INLINE | DER_OPTIONAL
- | DER_POINTER | DER_SKIP)) == 0);
-
- /* This is only used in decoding; it plays no part in encoding. */
- if (under_kind & DER_DERPTR)
- return 0;
-
- if (under_kind & DER_INDEFINITE) {
- uint32 sub_len;
- void **indp;
-
- indp = *(void ***)src;
- if (indp == NULL)
- return 0;
-
- len = 0;
- under_kind &= ~DER_INDEFINITE;
-
- if (under_kind == DER_SET || under_kind == DER_SEQUENCE) {
- DERTemplate *tmpt;
- void *sub_src;
-
- tmpt = dtemplate->sub;
-
- for (; *indp != NULL; indp++) {
- sub_src = (void *)((char *)(*indp) + tmpt->offset);
- sub_len = contents_length (tmpt, sub_src);
- len += sub_len + header_length (tmpt, sub_len);
- }
- } else {
- /*
- * XXX Lisa is not sure this code (for handling, for example,
- * DER_INDEFINITE | DER_OCTET_STRING) is right.
- */
- for (; *indp != NULL; indp++) {
- SECItem *item;
- item = (SECItem *)(*indp);
- sub_len = item->len;
- if (under_kind == DER_BIT_STRING) {
- sub_len = (sub_len + 7) >> 3;
- /* bit string contents involve an extra octet */
- if (sub_len)
- sub_len++;
- }
- if (under_kind != DER_ANY)
- len += 1 + DER_LengthLength (sub_len);
- }
- }
-
- return len;
- }
-
- switch (under_kind) {
- case DER_SEQUENCE:
- case DER_SET:
- {
- DERTemplate *tmpt;
- void *sub_src;
- uint32 sub_len;
-
- len = 0;
- for (tmpt = dtemplate + 1; tmpt->kind; tmpt++) {
- sub_src = (void *)((char *)src + tmpt->offset);
- sub_len = contents_length (tmpt, sub_src);
- len += sub_len + header_length (tmpt, sub_len);
- }
- }
- break;
-
- case DER_BIT_STRING:
- len = (((SECItem *)src)->len + 7) >> 3;
- /* bit string contents involve an extra octet */
- if (len)
- len++;
- break;
-
- default:
- len = ((SECItem *)src)->len;
- break;
- }
-
- return len;
-}
-
-
-static unsigned char *
-der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src)
-{
- int header_len;
- uint32 contents_len;
- unsigned long encode_kind, under_kind;
- PRBool explicit, optional, universal;
-
-
- /*
- * First figure out how long the encoding will be. Do this by
- * traversing the template from top to bottom and accumulating
- * the length of each leaf item.
- */
- contents_len = contents_length (dtemplate, src);
- header_len = header_length (dtemplate, contents_len);
-
- /*
- * Enough smarts was involved already, so that if both the
- * header and the contents have a length of zero, then we
- * are not doing any encoding for this element.
- */
- if (header_len == 0 && contents_len == 0)
- return buf;
-
- encode_kind = dtemplate->kind;
-
- explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE;
- optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE;
- encode_kind &= ~DER_OPTIONAL;
- universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL)
- ? PR_TRUE : PR_FALSE;
-
- if (encode_kind & DER_POINTER) {
- if (contents_len) {
- src = *(void **)src;
- PORT_Assert (src != NULL);
- }
- if (dtemplate->sub != NULL) {
- dtemplate = dtemplate->sub;
- under_kind = dtemplate->kind;
- if (universal) {
- encode_kind = under_kind;
- }
- src = (void *)((char *)src + dtemplate->offset);
- } else if (universal) {
- under_kind = encode_kind & ~DER_POINTER;
- } else {
- under_kind = dtemplate->arg;
- }
- } else if (encode_kind & DER_INLINE) {
- dtemplate = dtemplate->sub;
- under_kind = dtemplate->kind;
- if (universal) {
- encode_kind = under_kind;
- }
- src = (void *)((char *)src + dtemplate->offset);
- } else if (universal) {
- under_kind = encode_kind;
- } else {
- under_kind = dtemplate->arg;
- }
-
- if (explicit) {
- buf = DER_StoreHeader (buf, encode_kind,
- (1 + DER_LengthLength(contents_len)
- + contents_len));
- encode_kind = under_kind;
- }
-
- if ((encode_kind & DER_ANY) == 0) { /* DER_ANY already contains header */
- buf = DER_StoreHeader (buf, encode_kind, contents_len);
- }
-
- /* If no real contents to encode, then we are done. */
- if (contents_len == 0)
- return buf;
-
- if (under_kind & DER_INDEFINITE) {
- void **indp;
-
- indp = *(void ***)src;
- PORT_Assert (indp != NULL);
-
- under_kind &= ~DER_INDEFINITE;
- if (under_kind == DER_SET || under_kind == DER_SEQUENCE) {
- DERTemplate *tmpt;
- void *sub_src;
-
- tmpt = dtemplate->sub;
- for (; *indp != NULL; indp++) {
- sub_src = (void *)((char *)(*indp) + tmpt->offset);
- buf = der_encode (buf, tmpt, sub_src);
- }
- } else {
- for (; *indp != NULL; indp++) {
- SECItem *item;
- int sub_len;
-
- item = (SECItem *)(*indp);
- sub_len = item->len;
- if (under_kind == DER_BIT_STRING) {
- if (sub_len) {
- int rem;
-
- sub_len = (sub_len + 7) >> 3;
- buf = DER_StoreHeader (buf, under_kind, sub_len + 1);
- rem = (sub_len << 3) - item->len;
- *buf++ = rem; /* remaining bits */
- } else {
- buf = DER_StoreHeader (buf, under_kind, 0);
- }
- } else if (under_kind != DER_ANY) {
- buf = DER_StoreHeader (buf, under_kind, sub_len);
- }
- PORT_Memcpy (buf, item->data, sub_len);
- buf += sub_len;
- }
- }
- return buf;
- }
-
- switch (under_kind) {
- case DER_SEQUENCE:
- case DER_SET:
- {
- DERTemplate *tmpt;
- void *sub_src;
-
- for (tmpt = dtemplate + 1; tmpt->kind; tmpt++) {
- sub_src = (void *)((char *)src + tmpt->offset);
- buf = der_encode (buf, tmpt, sub_src);
- }
- }
- break;
-
- case DER_BIT_STRING:
- {
- SECItem *item;
- int rem;
-
- /*
- * The contents length includes our extra octet; subtract
- * it off so we just have the real string length there.
- */
- contents_len--;
- item = (SECItem *)src;
- PORT_Assert (contents_len == ((item->len + 7) >> 3));
- rem = (contents_len << 3) - item->len;
- *buf++ = rem; /* remaining bits */
- PORT_Memcpy (buf, item->data, contents_len);
- buf += contents_len;
- }
- break;
-
- default:
- {
- SECItem *item;
-
- item = (SECItem *)src;
- PORT_Assert (contents_len == item->len);
- PORT_Memcpy (buf, item->data, contents_len);
- buf += contents_len;
- }
- break;
- }
-
- return buf;
-}
-
-
-SECStatus
-DER_Encode(PRArenaPool *arena, SECItem *dest, DERTemplate *dtemplate, void *src)
-{
- unsigned int contents_len, header_len;
-
- src = (void **)((char *)src + dtemplate->offset);
-
- /*
- * First figure out how long the encoding will be. Do this by
- * traversing the template from top to bottom and accumulating
- * the length of each leaf item.
- */
- contents_len = contents_length (dtemplate, src);
- header_len = header_length (dtemplate, contents_len);
-
- dest->len = contents_len + header_len;
-
- /* Allocate storage to hold the encoding */
- dest->data = (unsigned char*) PORT_ArenaAlloc(arena, dest->len);
- if (dest->data == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-
- /* Now encode into the buffer */
- (void) der_encode (dest->data, dtemplate, src);
-
- return SECSuccess;
-}
diff --git a/security/nss/lib/util/dersubr.c b/security/nss/lib/util/dersubr.c
deleted file mode 100644
index 555d5aff7..000000000
--- a/security/nss/lib/util/dersubr.c
+++ /dev/null
@@ -1,258 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secder.h"
-#include <limits.h>
-#include "secerr.h"
-
-int
-DER_LengthLength(uint32 len)
-{
- if (len > 127) {
- if (len > 255) {
- if (len > 65535L) {
- if (len > 16777215L) {
- return 5;
- } else {
- return 4;
- }
- } else {
- return 3;
- }
- } else {
- return 2;
- }
- } else {
- return 1;
- }
-}
-
-unsigned char *
-DER_StoreHeader(unsigned char *buf, unsigned int code, uint32 len)
-{
- unsigned char b[4];
-
- b[0] = (len >> 24) & 0xff;
- b[1] = (len >> 16) & 0xff;
- b[2] = (len >> 8) & 0xff;
- b[3] = len & 0xff;
- if ((code & DER_TAGNUM_MASK) == DER_SET
- || (code & DER_TAGNUM_MASK) == DER_SEQUENCE)
- code |= DER_CONSTRUCTED;
- *buf++ = code;
- if (len > 127) {
- if (len > 255) {
- if (len > 65535) {
- if (len > 16777215) {
- *buf++ = 0x84;
- *buf++ = b[0];
- *buf++ = b[1];
- *buf++ = b[2];
- *buf++ = b[3];
- } else {
- *buf++ = 0x83;
- *buf++ = b[1];
- *buf++ = b[2];
- *buf++ = b[3];
- }
- } else {
- *buf++ = 0x82;
- *buf++ = b[2];
- *buf++ = b[3];
- }
- } else {
- *buf++ = 0x81;
- *buf++ = b[3];
- }
- } else {
- *buf++ = b[3];
- }
- return buf;
-}
-
-/*
- * XXX This should be rewritten, generalized, to take a long instead
- * of an int32.
- */
-SECStatus
-DER_SetInteger(PRArenaPool *arena, SECItem *it, int32 i)
-{
- unsigned char bb[4];
- unsigned len;
-
- bb[0] = (unsigned char) (i >> 24);
- bb[1] = (unsigned char) (i >> 16);
- bb[2] = (unsigned char) (i >> 8);
- bb[3] = (unsigned char) (i);
-
- /*
- ** Small integers are encoded in a single byte. Larger integers
- ** require progressively more space.
- */
- if (i < -128) {
- if (i < -32768L) {
- if (i < -8388608L) {
- len = 4;
- } else {
- len = 3;
- }
- } else {
- len = 2;
- }
- } else if (i > 127) {
- if (i > 32767L) {
- if (i > 8388607L) {
- len = 4;
- } else {
- len = 3;
- }
- } else {
- len = 2;
- }
- } else {
- len = 1;
- }
- it->data = (unsigned char*) PORT_ArenaAlloc(arena, len);
- if (!it->data) {
- return SECFailure;
- }
- it->len = len;
- PORT_Memcpy(it->data, bb + (4 - len), len);
- return SECSuccess;
-}
-
-/*
- * XXX This should be rewritten, generalized, to take an unsigned long instead
- * of a uint32.
- */
-SECStatus
-DER_SetUInteger(PRArenaPool *arena, SECItem *it, uint32 ui)
-{
- unsigned char bb[5];
- int len;
-
- bb[0] = 0;
- bb[1] = (unsigned char) (ui >> 24);
- bb[2] = (unsigned char) (ui >> 16);
- bb[3] = (unsigned char) (ui >> 8);
- bb[4] = (unsigned char) (ui);
-
- /*
- ** Small integers are encoded in a single byte. Larger integers
- ** require progressively more space.
- */
- if (ui > 0x7f) {
- if (ui > 0x7fff) {
- if (ui > 0x7fffffL) {
- if (ui >= 0x80000000L) {
- len = 5;
- } else {
- len = 4;
- }
- } else {
- len = 3;
- }
- } else {
- len = 2;
- }
- } else {
- len = 1;
- }
-
- it->data = (unsigned char *)PORT_ArenaAlloc(arena, len);
- if (it->data == NULL) {
- return SECFailure;
- }
-
- it->len = len;
- PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
-
- return SECSuccess;
-}
-
-/*
-** Convert a der encoded *signed* integer into a machine integral value.
-** If an underflow/overflow occurs, sets error code and returns min/max.
-*/
-long
-DER_GetInteger(SECItem *it)
-{
- long ival = 0;
- unsigned len = it->len;
- unsigned char *cp = it->data;
- unsigned long overflow = 0xffL << ((sizeof(ival) - 1)*8);
-
- while (len) {
- if (ival & overflow) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- if (ival < 0) {
- return LONG_MIN;
- }
- return LONG_MAX;
- }
- ival = ival << 8;
- ival |= *cp++;
- --len;
- }
- return ival;
-}
-
-/*
-** Convert a der encoded *unsigned* integer into a machine integral value.
-** If an underflow/overflow occurs, sets error code and returns min/max.
-*/
-unsigned long
-DER_GetUInteger(SECItem *it)
-{
- unsigned long ival = 0;
- unsigned len = it->len;
- unsigned char *cp = it->data;
- unsigned long overflow = 0xffL << ((sizeof(ival) - 1)*8);
-
- /* Cannot put a negative value into an unsigned container. */
- if (*cp & 0x80) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return 0;
- }
-
- while (len) {
- if (ival & overflow) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return ULONG_MAX;
- }
- ival = ival << 8;
- ival |= *cp++;
- --len;
- }
- return ival;
-}
diff --git a/security/nss/lib/util/dertime.c b/security/nss/lib/util/dertime.c
deleted file mode 100644
index 5fbdca656..000000000
--- a/security/nss/lib/util/dertime.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "prtypes.h"
-#include "prtime.h"
-#include "secder.h"
-#include "prlong.h"
-#include "secerr.h"
-
-#define HIDIGIT(v) (((v) / 10) + '0')
-#define LODIGIT(v) (((v) % 10) + '0')
-
-#define C_SINGLE_QUOTE '\047'
-
-#define DIGITHI(dig) (((dig) - '0') * 10)
-#define DIGITLO(dig) ((dig) - '0')
-#define ISDIGIT(dig) (((dig) >= '0') && ((dig) <= '9'))
-#define CAPTURE(var,p,label) \
-{ \
- if (!ISDIGIT((p)[0]) || !ISDIGIT((p)[1])) goto label; \
- (var) = ((p)[0] - '0') * 10 + ((p)[1] - '0'); \
-}
-
-#define SECMIN ((time_t) 60L)
-#define SECHOUR (60L*SECMIN)
-#define SECDAY (24L*SECHOUR)
-#define SECYEAR (365L*SECDAY)
-
-static long monthToDayInYear[12] = {
- 0,
- 31,
- 31+28,
- 31+28+31,
- 31+28+31+30,
- 31+28+31+30+31,
- 31+28+31+30+31+30,
- 31+28+31+30+31+30+31,
- 31+28+31+30+31+30+31+31,
- 31+28+31+30+31+30+31+31+30,
- 31+28+31+30+31+30+31+31+30+31,
- 31+28+31+30+31+30+31+31+30+31+30,
-};
-
-/* gmttime must contains UTC time in micro-seconds unit */
-SECStatus
-DER_TimeToUTCTime(SECItem *dst, int64 gmttime)
-{
- PRExplodedTime printableTime;
- unsigned char *d;
-
- dst->len = 13;
- dst->data = d = (unsigned char*) PORT_Alloc(13);
- if (!d) {
- return SECFailure;
- }
-
- /* Convert an int64 time to a printable format. */
- PR_ExplodeTime(gmttime, PR_GMTParameters, &printableTime);
-
- /* The month in UTC time is base one */
- printableTime.tm_month++;
-
- /* UTC time does not handle the years before 1950 */
- if (printableTime.tm_year < 1950)
- return SECFailure;
-
- /* remove the century since it's added to the tm_year by the
- PR_ExplodeTime routine, but is not needed for UTC time */
- printableTime.tm_year %= 100;
-
- d[0] = HIDIGIT(printableTime.tm_year);
- d[1] = LODIGIT(printableTime.tm_year);
- d[2] = HIDIGIT(printableTime.tm_month);
- d[3] = LODIGIT(printableTime.tm_month);
- d[4] = HIDIGIT(printableTime.tm_mday);
- d[5] = LODIGIT(printableTime.tm_mday);
- d[6] = HIDIGIT(printableTime.tm_hour);
- d[7] = LODIGIT(printableTime.tm_hour);
- d[8] = HIDIGIT(printableTime.tm_min);
- d[9] = LODIGIT(printableTime.tm_min);
- d[10] = HIDIGIT(printableTime.tm_sec);
- d[11] = LODIGIT(printableTime.tm_sec);
- d[12] = 'Z';
- return SECSuccess;
-}
-
-SECStatus
-DER_AsciiToTime(int64 *dst, char *string)
-{
- long year, month, mday, hour, minute, second, hourOff, minOff, days;
- int64 result, tmp1, tmp2;
-
- /* Verify time is formatted properly and capture information */
- second = 0;
- hourOff = 0;
- minOff = 0;
- CAPTURE(year,string+0,loser);
- if (year < 50) {
- /* ASSUME that year # is in the 2000's, not the 1900's */
- year += 100;
- }
- CAPTURE(month,string+2,loser);
- if ((month == 0) || (month > 12)) goto loser;
- CAPTURE(mday,string+4,loser);
- if ((mday == 0) || (mday > 31)) goto loser;
- CAPTURE(hour,string+6,loser);
- if (hour > 23) goto loser;
- CAPTURE(minute,string+8,loser);
- if (minute > 59) goto loser;
- if (ISDIGIT(string[10])) {
- CAPTURE(second,string+10,loser);
- if (second > 59) goto loser;
- string += 2;
- }
- if (string[10] == '+') {
- CAPTURE(hourOff,string+11,loser);
- if (hourOff > 23) goto loser;
- CAPTURE(minOff,string+13,loser);
- if (minOff > 59) goto loser;
- } else if (string[10] == '-') {
- CAPTURE(hourOff,string+11,loser);
- if (hourOff > 23) goto loser;
- hourOff = -hourOff;
- CAPTURE(minOff,string+13,loser);
- if (minOff > 59) goto loser;
- minOff = -minOff;
- } else if (string[10] != 'Z') {
- goto loser;
- }
-
-
- /* Convert pieces back into a single value year */
- LL_I2L(tmp1, (year-70L));
- LL_I2L(tmp2, SECYEAR);
- LL_MUL(result, tmp1, tmp2);
-
- LL_I2L(tmp1, ( (mday-1L)*SECDAY + hour*SECHOUR + minute*SECMIN -
- hourOff*SECHOUR - minOff*SECMIN + second ) );
- LL_ADD(result, result, tmp1);
-
- /*
- ** Have to specially handle the day in the month and the year, to
- ** take into account leap days. The return time value is in
- ** seconds since January 1st, 12:00am 1970, so start examining
- ** the time after that. We can't represent a time before that.
- */
-
- /* Using two digit years, we can only represent dates from 1970
- to 2069. As a result, we cannot run into the leap year rule
- that states that 1700, 2100, etc. are not leap years (but 2000
- is). In other words, there are no years in the span of time
- that we can represent that are == 0 mod 4 but are not leap
- years. Whew.
- */
-
- days = monthToDayInYear[month-1];
- days += (year - 68)/4;
-
- if (((year % 4) == 0) && (month < 3)) {
- days--;
- }
-
- LL_I2L(tmp1, (days * SECDAY) );
- LL_ADD(result, result, tmp1 );
-
- /* convert to micro seconds */
- LL_I2L(tmp1, PR_USEC_PER_SEC);
- LL_MUL(result, result, tmp1);
-
- *dst = result;
- return SECSuccess;
-
- loser:
- PORT_SetError(SEC_ERROR_INVALID_TIME);
- return SECFailure;
-
-}
-
-SECStatus
-DER_UTCTimeToTime(int64 *dst, SECItem *time)
-{
- return DER_AsciiToTime(dst, (char*) time->data);
-}
-
-/*
- gmttime must contains UTC time in micro-seconds unit.
- Note: the caller should make sure that Generalized time
- should only be used for certifiate validities after the
- year 2049. Otherwise, UTC time should be used. This routine
- does not check this case, since it can be used to encode
- certificate extension, which does not have this restriction.
- */
-SECStatus
-DER_TimeToGeneralizedTime(SECItem *dst, int64 gmttime)
-{
- PRExplodedTime printableTime;
- unsigned char *d;
-
- dst->len = 15;
- dst->data = d = (unsigned char*) PORT_Alloc(15);
- if (!d) {
- return SECFailure;
- }
-
- /*Convert a int64 time to a printable format. This is a temporary call
- until we change to NSPR 2.0
- */
- PR_ExplodeTime(gmttime, PR_GMTParameters, &printableTime);
-
- /* The month in Generalized time is base one */
- printableTime.tm_month++;
-
- d[0] = (printableTime.tm_year /1000) + '0';
- d[1] = ((printableTime.tm_year % 1000) / 100) + '0';
- d[2] = ((printableTime.tm_year % 100) / 10) + '0';
- d[3] = (printableTime.tm_year % 10) + '0';
- d[4] = HIDIGIT(printableTime.tm_month);
- d[5] = LODIGIT(printableTime.tm_month);
- d[6] = HIDIGIT(printableTime.tm_mday);
- d[7] = LODIGIT(printableTime.tm_mday);
- d[8] = HIDIGIT(printableTime.tm_hour);
- d[9] = LODIGIT(printableTime.tm_hour);
- d[10] = HIDIGIT(printableTime.tm_min);
- d[11] = LODIGIT(printableTime.tm_min);
- d[12] = HIDIGIT(printableTime.tm_sec);
- d[13] = LODIGIT(printableTime.tm_sec);
- d[14] = 'Z';
- return SECSuccess;
-}
-
-/*
- The caller should make sure that the generalized time should only
- be used for the certificate validity after the year 2051; otherwise,
- the certificate should be consider invalid!?
- */
-SECStatus
-DER_GeneralizedTimeToTime(int64 *dst, SECItem *time)
-{
- PRExplodedTime genTime;
- char *string;
- long hourOff, minOff;
- uint16 century;
-
- string = (char *)time->data;
- PORT_Memset (&genTime, 0, sizeof (genTime));
-
- /* Verify time is formatted properly and capture information */
- hourOff = 0;
- minOff = 0;
-
- CAPTURE(century, string+0, loser);
- century *= 100;
- CAPTURE(genTime.tm_year,string+2,loser);
- genTime.tm_year += century;
-
- CAPTURE(genTime.tm_month,string+4,loser);
- if ((genTime.tm_month == 0) || (genTime.tm_month > 12)) goto loser;
-
- /* NSPR month base is 0 */
- --genTime.tm_month;
-
- CAPTURE(genTime.tm_mday,string+6,loser);
- if ((genTime.tm_mday == 0) || (genTime.tm_mday > 31)) goto loser;
-
- CAPTURE(genTime.tm_hour,string+8,loser);
- if (genTime.tm_hour > 23) goto loser;
-
- CAPTURE(genTime.tm_min,string+10,loser);
- if (genTime.tm_min > 59) goto loser;
-
- if (ISDIGIT(string[12])) {
- CAPTURE(genTime.tm_sec,string+12,loser);
- if (genTime.tm_sec > 59) goto loser;
- string += 2;
- }
- if (string[12] == '+') {
- CAPTURE(hourOff,string+13,loser);
- if (hourOff > 23) goto loser;
- CAPTURE(minOff,string+15,loser);
- if (minOff > 59) goto loser;
- } else if (string[12] == '-') {
- CAPTURE(hourOff,string+13,loser);
- if (hourOff > 23) goto loser;
- hourOff = -hourOff;
- CAPTURE(minOff,string+15,loser);
- if (minOff > 59) goto loser;
- minOff = -minOff;
- } else if (string[12] != 'Z') {
- goto loser;
- }
-
- /* Since the values of hourOff and minOff are small, there will
- be no loss of data by the conversion to int8 */
- /* Convert the GMT offset to seconds and save it it genTime
- for the implode time process */
- genTime.tm_params.tp_gmt_offset = (PRInt32)((hourOff * 60L + minOff) * 60L);
- *dst = PR_ImplodeTime (&genTime);
- return SECSuccess;
-
- loser:
- PORT_SetError(SEC_ERROR_INVALID_TIME);
- return SECFailure;
-
-}
diff --git a/security/nss/lib/util/mac_rand.c b/security/nss/lib/util/mac_rand.c
deleted file mode 100644
index c8596a9f0..000000000
--- a/security/nss/lib/util/mac_rand.c
+++ /dev/null
@@ -1,280 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef notdef
-#include "xp_core.h"
-#include "xp_file.h"
-#endif
-#include "secrng.h"
-#include "mcom_db.h"
-#ifdef XP_MAC
-#include <Events.h>
-#include <OSUtils.h>
-#include <QDOffscreen.h>
-#include <PPCToolbox.h>
-#include <Processes.h>
-#include <LowMem.h>
-
-/* Static prototypes */
-static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen);
-void FE_ReadScreen();
-
-static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen)
-{
- union endianness {
- int32 i;
- char c[4];
- } u;
-
- if (srclen <= dstlen) {
- memcpy(dst, src, srclen);
- return srclen;
- }
- u.i = 0x01020304;
- if (u.c[0] == 0x01) {
- /* big-endian case */
- memcpy(dst, (char*)src + (srclen - dstlen), dstlen);
- } else {
- /* little-endian case */
- memcpy(dst, src, dstlen);
- }
- return dstlen;
-}
-
-size_t RNG_GetNoise(void *buf, size_t maxbytes)
-{
- uint32 c = TickCount();
- return CopyLowBits(buf, maxbytes, &c, sizeof(c));
-}
-
-void RNG_FileForRNG(char *filename)
-{
- unsigned char buffer[BUFSIZ];
- size_t bytes;
-#ifdef notdef /*sigh*/
- XP_File file;
- unsigned long totalFileBytes = 0;
-
- if (filename == NULL) /* For now, read in global history if filename is null */
- file = XP_FileOpen(NULL, xpGlobalHistory,XP_FILE_READ_BIN);
- else
- file = XP_FileOpen(NULL, xpURL,XP_FILE_READ_BIN);
- if (file != NULL) {
- for (;;) {
- bytes = XP_FileRead(buffer, sizeof(buffer), file);
- if (bytes == 0) break;
- RNG_RandomUpdate( buffer, bytes);
- totalFileBytes += bytes;
- if (totalFileBytes > 100*1024) break; /* No more than 100 K */
- }
- XP_FileClose(file);
- }
-#endif
- /*
- * Pass yet another snapshot of our highest resolution clock into
- * the hash function.
- */
- bytes = RNG_GetNoise(buffer, sizeof(buffer));
- RNG_RandomUpdate(buffer, sizeof(buffer));
-}
-
-void RNG_SystemInfoForRNG()
-{
-/* Time */
- {
- unsigned long sec;
- size_t bytes;
- GetDateTime(&sec); /* Current time since 1970 */
- RNG_RandomUpdate( &sec, sizeof(sec));
- bytes = RNG_GetNoise(&sec, sizeof(sec));
- RNG_RandomUpdate(&sec, bytes);
- }
-/* User specific variables */
- {
- MachineLocation loc;
- ReadLocation(&loc);
- RNG_RandomUpdate( &loc, sizeof(loc));
- }
-/* User name */
- {
- unsigned long userRef;
- Str32 userName;
- GetDefaultUser(&userRef, userName);
- RNG_RandomUpdate( &userRef, sizeof(userRef));
- RNG_RandomUpdate( userName, sizeof(userName));
- }
-/* Mouse location */
- {
- Point mouseLoc;
- GetMouse(&mouseLoc);
- RNG_RandomUpdate( &mouseLoc, sizeof(mouseLoc));
- }
-/* Keyboard time threshold */
- {
- SInt16 keyTresh = LMGetKeyThresh();
- RNG_RandomUpdate( &keyTresh, sizeof(keyTresh));
- }
-/* Last key pressed */
- {
- SInt8 keyLast;
- keyLast = LMGetKbdLast();
- RNG_RandomUpdate( &keyLast, sizeof(keyLast));
- }
-/* Volume */
- {
- UInt8 volume = LMGetSdVolume();
- RNG_RandomUpdate( &volume, sizeof(volume));
- }
-/* Current directory */
- {
- SInt32 dir = LMGetCurDirStore();
- RNG_RandomUpdate( &dir, sizeof(dir));
- }
-/* Process information about all the processes in the machine */
- {
- ProcessSerialNumber process;
- ProcessInfoRec pi;
-
- process.highLongOfPSN = process.lowLongOfPSN = kNoProcess;
-
- while (GetNextProcess(&process) == noErr)
- {
- FSSpec fileSpec;
- pi.processInfoLength = sizeof(ProcessInfoRec);
- pi.processName = NULL;
- pi.processAppSpec = &fileSpec;
- GetProcessInformation(&process, &pi);
- RNG_RandomUpdate( &pi, sizeof(pi));
- RNG_RandomUpdate( &fileSpec, sizeof(fileSpec));
- }
- }
-
-/* Heap */
- {
- THz zone = LMGetTheZone();
- RNG_RandomUpdate( &zone, sizeof(zone));
- }
-
-/* Screen */
- {
- GDHandle h = LMGetMainDevice(); /* GDHandle is **GDevice */
- RNG_RandomUpdate( *h, sizeof(GDevice));
- }
-/* Scrap size */
- {
- SInt32 scrapSize = LMGetScrapSize();
- RNG_RandomUpdate( &scrapSize, sizeof(scrapSize));
- }
-/* Scrap count */
- {
- SInt16 scrapCount = LMGetScrapCount();
- RNG_RandomUpdate( &scrapCount, sizeof(scrapCount));
- }
-/* File stuff, last modified, etc. */
- {
- HParamBlockRec pb;
- GetVolParmsInfoBuffer volInfo;
- pb.ioParam.ioVRefNum = 0;
- pb.ioParam.ioNamePtr = nil;
- pb.ioParam.ioBuffer = (Ptr) &volInfo;
- pb.ioParam.ioReqCount = sizeof(volInfo);
- PBHGetVolParmsSync(&pb);
- RNG_RandomUpdate( &volInfo, sizeof(volInfo));
- }
-/* Event queue */
- {
- EvQElPtr eventQ;
- for (eventQ = (EvQElPtr) LMGetEventQueue()->qHead;
- eventQ;
- eventQ = (EvQElPtr)eventQ->qLink)
- RNG_RandomUpdate( &eventQ->evtQWhat, sizeof(EventRecord));
- }
- FE_ReadScreen();
- RNG_FileForRNG(NULL);
-}
-
-void FE_ReadScreen()
-{
- UInt16 coords[4];
- PixMapHandle pmap;
- GDHandle gh;
- UInt16 screenHeight;
- UInt16 screenWidth; /* just what they say */
- UInt32 bytesToRead; /* number of bytes we're giving */
- UInt32 offset; /* offset into the graphics buffer */
- UInt16 rowBytes;
- UInt32 rowsToRead;
- float bytesPerPixel; /* dependent on buffer depth */
- Ptr p; /* temporary */
- UInt16 x, y, w, h;
-
- gh = LMGetMainDevice();
- if ( !gh )
- return;
- pmap = (**gh).gdPMap;
- if ( !pmap )
- return;
-
- RNG_GenerateGlobalRandomBytes( coords, sizeof( coords ) );
-
- /* make x and y inside the screen rect */
- screenHeight = (**pmap).bounds.bottom - (**pmap).bounds.top;
- screenWidth = (**pmap).bounds.right - (**pmap).bounds.left;
- x = coords[0] % screenWidth;
- y = coords[1] % screenHeight;
- w = ( coords[2] & 0x7F ) | 0x40; /* Make sure that w is in the range 64..128 */
- h = ( coords[3] & 0x7F ) | 0x40; /* same for h */
-
- bytesPerPixel = (**pmap).pixelSize / 8;
- rowBytes = (**pmap).rowBytes & 0x7FFF;
-
- /* starting address */
- offset = ( rowBytes * y ) + (UInt32)( (float)x * bytesPerPixel );
-
- /* don't read past the end of the pixmap's rowbytes */
- bytesToRead = MIN( (UInt32)( w * bytesPerPixel ),
- (UInt32)( rowBytes - ( x * bytesPerPixel ) ) );
-
- /* don't read past the end of the graphics device pixmap */
- rowsToRead = MIN( h,
- ( screenHeight - y ) );
-
- p = GetPixBaseAddr( pmap ) + offset;
-
- while ( rowsToRead-- )
- {
- RNG_RandomUpdate( p, bytesToRead );
- p += rowBytes;
- }
-}
-#endif
diff --git a/security/nss/lib/util/manifest.mn b/security/nss/lib/util/manifest.mn
deleted file mode 100644
index 0dd2f3d7e..000000000
--- a/security/nss/lib/util/manifest.mn
+++ /dev/null
@@ -1,100 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-EXPORTS = \
- base64.h \
- ciferfam.h \
- nssb64.h \
- nssb64t.h \
- nsslocks.h \
- nssrwlk.h \
- nssrwlkt.h \
- portreg.h \
- pqgutil.h \
- secasn1.h \
- secasn1t.h \
- seccomon.h \
- secder.h \
- secdert.h \
- secdig.h \
- secdigt.h \
- secitem.h \
- secoid.h \
- secoidt.h \
- secport.h \
- secrng.h \
- secrngt.h \
- secerr.h \
- watcomfx.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- secdig.c \
- derdec.c \
- derenc.c \
- dersubr.c \
- dertime.c \
- nssb64d.c \
- nssb64e.c \
- nssrwlk.c \
- nsslocks.c \
- portreg.c \
- pqgutil.c \
- secalgid.c \
- secasn1d.c \
- secasn1e.c \
- secasn1u.c \
- secitem.c \
- secoid.c \
- sectime.c \
- secport.c \
- secinit.c \
- sysrand.c \
- utf8.c \
- $(NULL)
-
-ifeq ($(subst /,_,$(shell uname -s)),OS2)
- CSRCS += os2_rand.c
-endif
-
-# mac_rand.c
-# unix_rand.c
-# win_rand.c
-# prelib.c
-
-REQUIRES = security dbm
-
-LIBRARY_NAME = secutil
diff --git a/security/nss/lib/util/nssb64.h b/security/nss/lib/util/nssb64.h
deleted file mode 100644
index 1a813f3ea..000000000
--- a/security/nss/lib/util/nssb64.h
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Public prototypes for base64 encoding/decoding.
- *
- * $Id$
- */
-#ifndef _NSSB64_H_
-#define _NSSB64_H_
-
-#include "seccomon.h"
-#include "nssb64t.h"
-
-SEC_BEGIN_PROTOS
-
-/*
- * Functions to start a base64 decoding/encoding context.
- */
-
-extern NSSBase64Decoder *
-NSSBase64Decoder_Create (PRInt32 (*output_fn) (void *, const unsigned char *,
- PRInt32),
- void *output_arg);
-
-extern NSSBase64Encoder *
-NSSBase64Encoder_Create (PRInt32 (*output_fn) (void *, const char *, PRInt32),
- void *output_arg);
-
-/*
- * Push data through the decoder/encoder, causing the output_fn (provided
- * to Create) to be called with the decoded/encoded data.
- */
-
-extern SECStatus
-NSSBase64Decoder_Update (NSSBase64Decoder *data, const char *buffer,
- PRUint32 size);
-
-extern SECStatus
-NSSBase64Encoder_Update (NSSBase64Encoder *data, const unsigned char *buffer,
- PRUint32 size);
-
-/*
- * When you're done processing, call this to close the context.
- * If "abort_p" is false, then calling this may cause the output_fn
- * to be called one last time (as the last buffered data is flushed out).
- */
-
-extern SECStatus
-NSSBase64Decoder_Destroy (NSSBase64Decoder *data, PRBool abort_p);
-
-extern SECStatus
-NSSBase64Encoder_Destroy (NSSBase64Encoder *data, PRBool abort_p);
-
-/*
- * Perform base64 decoding from an ascii string "inStr" to an Item.
- * The length of the input must be provided as "inLen". The Item
- * may be provided (as "outItemOpt"); you can also pass in a NULL
- * and the Item will be allocated for you.
- *
- * In any case, the data within the Item will be allocated for you.
- * All allocation will happen out of the passed-in "arenaOpt", if non-NULL.
- * If "arenaOpt" is NULL, standard allocation (heap) will be used and
- * you will want to free the result via SECITEM_FreeItem.
- *
- * Return value is NULL on error, the Item (allocated or provided) otherwise.
- */
-extern SECItem *
-NSSBase64_DecodeBuffer (PRArenaPool *arenaOpt, SECItem *outItemOpt,
- const char *inStr, unsigned int inLen);
-
-/*
- * Perform base64 encoding of binary data "inItem" to an ascii string.
- * The output buffer may be provided (as "outStrOpt"); you can also pass
- * in a NULL and the buffer will be allocated for you. The result will
- * be null-terminated, and if the buffer is provided, "maxOutLen" must
- * specify the maximum length of the buffer and will be checked to
- * supply sufficient space space for the encoded result. (If "outStrOpt"
- * is NULL, "maxOutLen" is ignored.)
- *
- * If "outStrOpt" is NULL, allocation will happen out of the passed-in
- * "arenaOpt", if *it* is non-NULL, otherwise standard allocation (heap)
- * will be used.
- *
- * Return value is NULL on error, the output buffer (allocated or provided)
- * otherwise.
- */
-extern char *
-NSSBase64_EncodeItem (PRArenaPool *arenaOpt, char *outStrOpt,
- unsigned int maxOutLen, SECItem *inItem);
-
-SEC_END_PROTOS
-
-#endif /* _NSSB64_H_ */
diff --git a/security/nss/lib/util/nssb64d.c b/security/nss/lib/util/nssb64d.c
deleted file mode 100644
index c49e38f87..000000000
--- a/security/nss/lib/util/nssb64d.c
+++ /dev/null
@@ -1,861 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Base64 decoding (ascii to binary).
- *
- * $Id$
- */
-
-#include "nssb64.h"
-#include "nspr.h"
-#include "secitem.h"
-#include "secerr.h"
-
-/*
- * XXX We want this basic support to go into NSPR (the PL part).
- * Until that can happen, the PL interface is going to be kept entirely
- * internal here -- all static functions and opaque data structures.
- * When someone can get it moved over into NSPR, that should be done:
- * - giving everything names that are accepted by the NSPR module owners
- * (though I tried to choose ones that would work without modification)
- * - exporting the functions (remove static declarations and add
- * PR_IMPLEMENT as necessary)
- * - put prototypes into appropriate header file (probably replacing
- * the entire current lib/libc/include/plbase64.h in NSPR)
- * along with a typedef for the context structure (which should be
- * kept opaque -- definition in the source file only, but typedef
- * ala "typedef struct PLBase64FooStr PLBase64Foo;" in header file)
- * - modify anything else as necessary to conform to NSPR required style
- * (I looked but found no formatting guide to follow)
- *
- * You will want to move over everything from here down to the comment
- * which says "XXX End of base64 decoding code to be moved into NSPR",
- * into a new file in NSPR.
- */
-
-/*
- **************************************************************
- * XXX Beginning of base64 decoding code to be moved into NSPR.
- */
-
-/*
- * This typedef would belong in the NSPR header file (i.e. plbase64.h).
- */
-typedef struct PLBase64DecoderStr PLBase64Decoder;
-
-/*
- * The following implementation of base64 decoding was based on code
- * found in libmime (specifically, in mimeenc.c). It has been adapted to
- * use PR types and naming as well as to provide other necessary semantics
- * (like buffer-in/buffer-out in addition to "streaming" without undue
- * performance hit of extra copying if you made the buffer versions
- * use the output_fn). It also incorporates some aspects of the current
- * NSPR base64 decoding code. As such, you may find similarities to
- * both of those implementations. I tried to use names that reflected
- * the original code when possible. For this reason you may find some
- * inconsistencies -- libmime used lots of "in" and "out" whereas the
- * NSPR version uses "src" and "dest"; sometimes I changed one to the other
- * and sometimes I left them when I thought the subroutines were at least
- * self-consistent.
- */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * Opaque object used by the decoder to store state.
- */
-struct PLBase64DecoderStr {
- /* Current token (or portion, if token_size < 4) being decoded. */
- unsigned char token[4];
- int token_size;
-
- /*
- * Where to write the decoded data (used when streaming, not when
- * doing all in-memory (buffer) operations).
- *
- * Note that this definition is chosen to be compatible with PR_Write.
- */
- PRInt32 (*output_fn) (void *output_arg, const unsigned char *buf,
- PRInt32 size);
- void *output_arg;
-
- /*
- * Where the decoded output goes -- either temporarily (in the streaming
- * case, staged here before it goes to the output function) or what will
- * be the entire buffered result for users of the buffer version.
- */
- unsigned char *output_buffer;
- PRUint32 output_buflen; /* the total length of allocated buffer */
- PRUint32 output_length; /* the length that is currently populated */
-};
-
-PR_END_EXTERN_C
-
-
-/*
- * Table to convert an ascii "code" to its corresponding binary value.
- * For ease of use, the binary values in the table are the actual values
- * PLUS ONE. This is so that the special value of zero can denote an
- * invalid mapping; that was much easier than trying to fill in the other
- * values with some value other than zero, and to check for it.
- * Just remember to SUBTRACT ONE when using the value retrieved.
- */
-static unsigned char base64_codetovaluep1[256] = {
-/* 0: */ 0, 0, 0, 0, 0, 0, 0, 0,
-/* 8: */ 0, 0, 0, 0, 0, 0, 0, 0,
-/* 16: */ 0, 0, 0, 0, 0, 0, 0, 0,
-/* 24: */ 0, 0, 0, 0, 0, 0, 0, 0,
-/* 32: */ 0, 0, 0, 0, 0, 0, 0, 0,
-/* 40: */ 0, 0, 0, 63, 0, 0, 0, 64,
-/* 48: */ 53, 54, 55, 56, 57, 58, 59, 60,
-/* 56: */ 61, 62, 0, 0, 0, 0, 0, 0,
-/* 64: */ 0, 1, 2, 3, 4, 5, 6, 7,
-/* 72: */ 8, 9, 10, 11, 12, 13, 14, 15,
-/* 80: */ 16, 17, 18, 19, 20, 21, 22, 23,
-/* 88: */ 24, 25, 26, 0, 0, 0, 0, 0,
-/* 96: */ 0, 27, 28, 29, 30, 31, 32, 33,
-/* 104: */ 34, 35, 36, 37, 38, 39, 40, 41,
-/* 112: */ 42, 43, 44, 45, 46, 47, 48, 49,
-/* 120: */ 50, 51, 52, 0, 0, 0, 0, 0,
-/* 128: */ 0, 0, 0, 0, 0, 0, 0, 0
-/* and rest are all zero as well */
-};
-
-#define B64_PAD '='
-
-
-/*
- * Reads 4; writes 3 (known, or expected, to have no trailing padding).
- * Returns bytes written; -1 on error (unexpected character).
- */
-static int
-pl_base64_decode_4to3 (const unsigned char *in, unsigned char *out)
-{
- int j;
- PRUint32 num = 0;
- unsigned char bits;
-
- for (j = 0; j < 4; j++) {
- bits = base64_codetovaluep1[in[j]];
- if (bits == 0)
- return -1;
- num = (num << 6) | (bits - 1);
- }
-
- out[0] = (unsigned char) (num >> 16);
- out[1] = (unsigned char) ((num >> 8) & 0xFF);
- out[2] = (unsigned char) (num & 0xFF);
-
- return 3;
-}
-
-/*
- * Reads 3; writes 2 (caller already confirmed EOF or trailing padding).
- * Returns bytes written; -1 on error (unexpected character).
- */
-static int
-pl_base64_decode_3to2 (const unsigned char *in, unsigned char *out)
-{
- PRUint32 num = 0;
- unsigned char bits1, bits2, bits3;
-
- bits1 = base64_codetovaluep1[in[0]];
- bits2 = base64_codetovaluep1[in[1]];
- bits3 = base64_codetovaluep1[in[2]];
-
- if ((bits1 == 0) || (bits2 == 0) || (bits3 == 0))
- return -1;
-
- num = ((PRUint32)(bits1 - 1)) << 10;
- num |= ((PRUint32)(bits2 - 1)) << 4;
- num |= ((PRUint32)(bits3 - 1)) >> 2;
-
- out[0] = (unsigned char) (num >> 8);
- out[1] = (unsigned char) (num & 0xFF);
-
- return 2;
-}
-
-/*
- * Reads 2; writes 1 (caller already confirmed EOF or trailing padding).
- * Returns bytes written; -1 on error (unexpected character).
- */
-static int
-pl_base64_decode_2to1 (const unsigned char *in, unsigned char *out)
-{
- PRUint32 num = 0;
- unsigned char bits1, bits2;
-
- bits1 = base64_codetovaluep1[in[0]];
- bits2 = base64_codetovaluep1[in[1]];
-
- if ((bits1 == 0) || (bits2 == 0))
- return -1;
-
- num = ((PRUint32)(bits1 - 1)) << 2;
- num |= ((PRUint32)(bits2 - 1)) >> 4;
-
- out[0] = (unsigned char) num;
-
- return 1;
-}
-
-/*
- * Reads 4; writes 0-3. Returns bytes written or -1 on error.
- * (Writes less than 3 only at (presumed) EOF.)
- */
-static int
-pl_base64_decode_token (const unsigned char *in, unsigned char *out)
-{
- if (in[3] != B64_PAD)
- return pl_base64_decode_4to3 (in, out);
-
- if (in[2] == B64_PAD)
- return pl_base64_decode_2to1 (in, out);
-
- return pl_base64_decode_3to2 (in, out);
-}
-
-static PRStatus
-pl_base64_decode_buffer (PLBase64Decoder *data, const unsigned char *in,
- PRUint32 length)
-{
- unsigned char *out = data->output_buffer;
- unsigned char *token = data->token;
- int i, n = 0;
-
- i = data->token_size;
- data->token_size = 0;
-
- while (length > 0) {
- while (i < 4 && length > 0) {
- /*
- * XXX Note that the following simply ignores any unexpected
- * characters. This is exactly what the original code in
- * libmime did, and I am leaving it. We certainly want to skip
- * over whitespace (we must); this does much more than that.
- * I am not confident changing it, and I don't want to slow
- * the processing down doing more complicated checking, but
- * someone else might have different ideas in the future.
- */
- if (base64_codetovaluep1[*in] > 0 || *in == B64_PAD)
- token[i++] = *in;
- in++;
- length--;
- }
-
- if (i < 4) {
- /* Didn't get enough for a complete token. */
- data->token_size = i;
- break;
- }
- i = 0;
-
- PR_ASSERT((out - data->output_buffer + 3) <= data->output_buflen);
-
- /*
- * Assume we are not at the end; the following function only works
- * for an internal token (no trailing padding characters) but is
- * faster that way. If it hits an invalid character (padding) it
- * will return an error; we break out of the loop and try again
- * calling the routine that will handle a final token.
- * Note that we intentionally do it this way rather than explicitly
- * add a check for padding here (because that would just slow down
- * the normal case) nor do we rely on checking whether we have more
- * input to process (because that would also slow it down but also
- * because we want to allow trailing garbage, especially white space
- * and cannot tell that without read-ahead, also a slow proposition).
- * Whew. Understand?
- */
- n = pl_base64_decode_4to3 (token, out);
- if (n < 0)
- break;
-
- /* Advance "out" by the number of bytes just written to it. */
- out += n;
- n = 0;
- }
-
- /*
- * See big comment above, before call to pl_base64_decode_4to3.
- * Here we check if we error'd out of loop, and allow for the case
- * that we are processing the last interesting token. If the routine
- * which should handle padding characters also fails, then we just
- * have bad input and give up.
- */
- if (n < 0) {
- n = pl_base64_decode_token (token, out);
- if (n < 0)
- return PR_FAILURE;
-
- out += n;
- }
-
- /*
- * As explained above, we can get here with more input remaining, but
- * it should be all characters we do not care about (i.e. would be
- * ignored when transferring from "in" to "token" in loop above,
- * except here we choose to ignore extraneous pad characters, too).
- * Swallow it, performing that check. If we find more characters that
- * we would expect to decode, something is wrong.
- */
- while (length > 0) {
- if (base64_codetovaluep1[*in] > 0)
- return PR_FAILURE;
- in++;
- length--;
- }
-
- /* Record the length of decoded data we have left in output_buffer. */
- data->output_length = (PRUint32) (out - data->output_buffer);
- return PR_SUCCESS;
-}
-
-/*
- * Flush any remaining buffered characters. Given well-formed input,
- * this will have nothing to do. If the input was missing the padding
- * characters at the end, though, there could be 1-3 characters left
- * behind -- we will tolerate that by adding the padding for them.
- */
-static PRStatus
-pl_base64_decode_flush (PLBase64Decoder *data)
-{
- int count;
-
- /*
- * If no remaining characters, or all are padding (also not well-formed
- * input, but again, be tolerant), then nothing more to do. (And, that
- * is considered successful.)
- */
- if (data->token_size == 0 || data->token[0] == B64_PAD)
- return PR_SUCCESS;
-
- /*
- * Assume we have all the interesting input except for some expected
- * padding characters. Add them and decode the resulting token.
- */
- while (data->token_size < 4)
- data->token[data->token_size++] = B64_PAD;
-
- data->token_size = 0; /* so a subsequent flush call is a no-op */
-
- count = pl_base64_decode_token (data->token,
- data->output_buffer + data->output_length);
- if (count < 0)
- return PR_FAILURE;
-
- /*
- * If there is an output function, call it with this last bit of data.
- * Otherwise we are doing all buffered output, and the decoded bytes
- * are now there, we just need to reflect that in the length.
- */
- if (data->output_fn != NULL) {
- PRInt32 output_result;
-
- PR_ASSERT(data->output_length == 0);
- output_result = data->output_fn (data->output_arg,
- data->output_buffer,
- (PRInt32) count);
- if (output_result < 0)
- return PR_FAILURE;
- } else {
- data->output_length += count;
- }
-
- return PR_SUCCESS;
-}
-
-
-/*
- * The maximum space needed to hold the output of the decoder given
- * input data of length "size".
- */
-static PRUint32
-PL_Base64MaxDecodedLength (PRUint32 size)
-{
- return ((size * 3) / 4);
-}
-
-
-/*
- * A distinct internal creation function for the buffer version to use.
- * (It does not want to specify an output_fn, and we want the normal
- * Create function to require that.) If more common initialization
- * of the decoding context needs to be done, it should be done *here*.
- */
-static PLBase64Decoder *
-pl_base64_create_decoder (void)
-{
- return PR_NEWZAP(PLBase64Decoder);
-}
-
-/*
- * Function to start a base64 decoding context.
- * An "output_fn" is required; the "output_arg" parameter to that is optional.
- */
-static PLBase64Decoder *
-PL_CreateBase64Decoder (PRInt32 (*output_fn) (void *, const unsigned char *,
- PRInt32),
- void *output_arg)
-{
- PLBase64Decoder *data;
-
- if (output_fn == NULL) {
- PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
- return NULL;
- }
-
- data = pl_base64_create_decoder ();
- if (data != NULL) {
- data->output_fn = output_fn;
- data->output_arg = output_arg;
- }
- return data;
-}
-
-
-/*
- * Push data through the decoder, causing the output_fn (provided to Create)
- * to be called with the decoded data.
- */
-static PRStatus
-PL_UpdateBase64Decoder (PLBase64Decoder *data, const char *buffer,
- PRUint32 size)
-{
- PRUint32 need_length;
- PRStatus status;
-
- /* XXX Should we do argument checking only in debug build? */
- if (data == NULL || buffer == NULL || size == 0) {
- PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
- return PR_FAILURE;
- }
-
- /*
- * How much space could this update need for decoding?
- */
- need_length = PL_Base64MaxDecodedLength (size + data->token_size);
-
- /*
- * Make sure we have at least that much. If not, (re-)allocate.
- */
- if (need_length > data->output_buflen) {
- unsigned char *output_buffer = data->output_buffer;
-
- if (output_buffer != NULL)
- output_buffer = (unsigned char *) PR_Realloc(output_buffer,
- need_length);
- else
- output_buffer = (unsigned char *) PR_Malloc(need_length);
-
- if (output_buffer == NULL)
- return PR_FAILURE;
-
- data->output_buffer = output_buffer;
- data->output_buflen = need_length;
- }
-
- /* There should not have been any leftover output data in the buffer. */
- PR_ASSERT(data->output_length == 0);
- data->output_length = 0;
-
- status = pl_base64_decode_buffer (data, (const unsigned char *) buffer,
- size);
-
- /* Now that we have some decoded data, write it. */
- if (status == PR_SUCCESS && data->output_length > 0) {
- PRInt32 output_result;
-
- PR_ASSERT(data->output_fn != NULL);
- output_result = data->output_fn (data->output_arg,
- data->output_buffer,
- (PRInt32) data->output_length);
- if (output_result < 0)
- status = PR_FAILURE;
- }
-
- data->output_length = 0;
- return status;
-}
-
-
-/*
- * When you're done decoding, call this to free the data. If "abort_p"
- * is false, then calling this may cause the output_fn to be called
- * one last time (as the last buffered data is flushed out).
- */
-static PRStatus
-PL_DestroyBase64Decoder (PLBase64Decoder *data, PRBool abort_p)
-{
- PRStatus status = PR_SUCCESS;
-
- /* XXX Should we do argument checking only in debug build? */
- if (data == NULL) {
- PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
- return PR_FAILURE;
- }
-
- /* Flush out the last few buffered characters. */
- if (!abort_p)
- status = pl_base64_decode_flush (data);
-
- if (data->output_buffer != NULL)
- PR_Free(data->output_buffer);
- PR_Free(data);
-
- return status;
-}
-
-
-/*
- * Perform base64 decoding from an input buffer to an output buffer.
- * The output buffer can be provided (as "dest"); you can also pass in
- * a NULL and this function will allocate a buffer large enough for you,
- * and return it. If you do provide the output buffer, you must also
- * provide the maximum length of that buffer (as "maxdestlen").
- * The actual decoded length of output will be returned to you in
- * "output_destlen".
- *
- * Return value is NULL on error, the output buffer (allocated or provided)
- * otherwise.
- */
-static unsigned char *
-PL_Base64DecodeBuffer (const char *src, PRUint32 srclen, unsigned char *dest,
- PRUint32 maxdestlen, PRUint32 *output_destlen)
-{
- PRUint32 need_length;
- unsigned char *output_buffer = NULL;
- PLBase64Decoder *data = NULL;
- PRStatus status;
-
- PR_ASSERT(srclen > 0);
- if (srclen == 0)
- return dest;
-
- /*
- * How much space could we possibly need for decoding this input?
- */
- need_length = PL_Base64MaxDecodedLength (srclen);
-
- /*
- * Make sure we have at least that much, if output buffer provided.
- * If no output buffer provided, then we allocate that much.
- */
- if (dest != NULL) {
- PR_ASSERT(maxdestlen >= need_length);
- if (maxdestlen < need_length) {
- PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
- goto loser;
- }
- output_buffer = dest;
- } else {
- output_buffer = (unsigned char *) PR_Malloc(need_length);
- if (output_buffer == NULL)
- goto loser;
- maxdestlen = need_length;
- }
-
- data = pl_base64_create_decoder();
- if (data == NULL)
- goto loser;
-
- data->output_buflen = maxdestlen;
- data->output_buffer = output_buffer;
-
- status = pl_base64_decode_buffer (data, (const unsigned char *) src,
- srclen);
-
- /*
- * We do not wait for Destroy to flush, because Destroy will also
- * get rid of our decoder context, which we need to look at first!
- */
- if (status == PR_SUCCESS)
- status = pl_base64_decode_flush (data);
-
- /* Must clear this or Destroy will free it. */
- data->output_buffer = NULL;
-
- if (status == PR_SUCCESS) {
- *output_destlen = data->output_length;
- status = PL_DestroyBase64Decoder (data, PR_FALSE);
- data = NULL;
- if (status == PR_FAILURE)
- goto loser;
- return output_buffer;
- }
-
-loser:
- if (dest == NULL && output_buffer != NULL)
- PR_Free(output_buffer);
- if (data != NULL)
- (void) PL_DestroyBase64Decoder (data, PR_TRUE);
- return NULL;
-}
-
-
-/*
- * XXX End of base64 decoding code to be moved into NSPR.
- ********************************************************
- */
-
-/*
- * This is the beginning of the NSS cover functions. These will
- * provide the interface we want to expose as NSS-ish. For example,
- * they will operate on our Items, do any special handling or checking
- * we want to do, etc.
- */
-
-
-PR_BEGIN_EXTERN_C
-
-/*
- * A boring cover structure for now. Perhaps someday it will include
- * some more interesting fields.
- */
-struct NSSBase64DecoderStr {
- PLBase64Decoder *pl_data;
-};
-
-PR_END_EXTERN_C
-
-
-/*
- * Function to start a base64 decoding context.
- */
-NSSBase64Decoder *
-NSSBase64Decoder_Create (PRInt32 (*output_fn) (void *, const unsigned char *,
- PRInt32),
- void *output_arg)
-{
- PLBase64Decoder *pl_data;
- NSSBase64Decoder *nss_data;
-
- nss_data = PORT_ZNew(NSSBase64Decoder);
- if (nss_data == NULL)
- return NULL;
-
- pl_data = PL_CreateBase64Decoder (output_fn, output_arg);
- if (pl_data == NULL) {
- PORT_Free(nss_data);
- return NULL;
- }
-
- nss_data->pl_data = pl_data;
- return nss_data;
-}
-
-
-/*
- * Push data through the decoder, causing the output_fn (provided to Create)
- * to be called with the decoded data.
- */
-SECStatus
-NSSBase64Decoder_Update (NSSBase64Decoder *data, const char *buffer,
- PRUint32 size)
-{
- PRStatus pr_status;
-
- /* XXX Should we do argument checking only in debug build? */
- if (data == NULL) {
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- pr_status = PL_UpdateBase64Decoder (data->pl_data, buffer, size);
- if (pr_status == PR_FAILURE)
- return SECFailure;
-
- return SECSuccess;
-}
-
-
-/*
- * When you're done decoding, call this to free the data. If "abort_p"
- * is false, then calling this may cause the output_fn to be called
- * one last time (as the last buffered data is flushed out).
- */
-SECStatus
-NSSBase64Decoder_Destroy (NSSBase64Decoder *data, PRBool abort_p)
-{
- PRStatus pr_status;
-
- /* XXX Should we do argument checking only in debug build? */
- if (data == NULL) {
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- pr_status = PL_DestroyBase64Decoder (data->pl_data, abort_p);
-
- PORT_Free(data);
-
- if (pr_status == PR_FAILURE)
- return SECFailure;
-
- return SECSuccess;
-}
-
-
-/*
- * Perform base64 decoding from an ascii string "inStr" to an Item.
- * The length of the input must be provided as "inLen". The Item
- * may be provided (as "outItemOpt"); you can also pass in a NULL
- * and the Item will be allocated for you.
- *
- * In any case, the data within the Item will be allocated for you.
- * All allocation will happen out of the passed-in "arenaOpt", if non-NULL.
- * If "arenaOpt" is NULL, standard allocation (heap) will be used and
- * you will want to free the result via SECITEM_FreeItem.
- *
- * Return value is NULL on error, the Item (allocated or provided) otherwise.
- */
-SECItem *
-NSSBase64_DecodeBuffer (PRArenaPool *arenaOpt, SECItem *outItemOpt,
- const char *inStr, unsigned int inLen)
-{
- SECItem *out_item = outItemOpt;
- PRUint32 max_out_len = PL_Base64MaxDecodedLength (inLen);
- PRUint32 out_len;
- void *mark = NULL;
- unsigned char *dummy;
-
- PORT_Assert(outItemOpt == NULL || outItemOpt->data == NULL);
-
- if (arenaOpt != NULL)
- mark = PORT_ArenaMark (arenaOpt);
-
- out_item = SECITEM_AllocItem (arenaOpt, outItemOpt, max_out_len);
- if (out_item == NULL) {
- if (arenaOpt != NULL)
- PORT_ArenaRelease (arenaOpt, mark);
- return NULL;
- }
-
- dummy = PL_Base64DecodeBuffer (inStr, inLen, out_item->data,
- max_out_len, &out_len);
- if (dummy == NULL) {
- if (arenaOpt != NULL) {
- PORT_ArenaRelease (arenaOpt, mark);
- if (outItemOpt != NULL) {
- outItemOpt->data = NULL;
- outItemOpt->len = 0;
- }
- } else {
- SECITEM_FreeItem (out_item,
- (outItemOpt == NULL) ? PR_TRUE : PR_FALSE);
- }
- return NULL;
- }
-
- if (arenaOpt != NULL)
- PORT_ArenaUnmark (arenaOpt, mark);
- out_item->len = out_len;
- return out_item;
-}
-
-
-/*
- * XXX Everything below is deprecated. If you add new stuff, put it
- * *above*, not below.
- */
-
-/*
- * XXX The following "ATOB" functions are provided for backward compatibility
- * with current code. They should be considered strongly deprecated.
- * When we can convert all our code over to using the new NSSBase64Decoder_
- * functions defined above, we should get rid of these altogether. (Remove
- * protoypes from base64.h as well -- actually, remove that file completely).
- * If someone thinks either of these functions provides such a very useful
- * interface (though, as shown, the same functionality can already be
- * obtained by calling NSSBase64_DecodeBuffer directly), fine -- but then
- * that API should be provided with a nice new NSSFoo name and using
- * appropriate types, etc.
- */
-
-#include "base64.h"
-
-/*
-** Return an PORT_Alloc'd string which is the base64 decoded version
-** of the input string; set *lenp to the length of the returned data.
-*/
-unsigned char *
-ATOB_AsciiToData(const char *string, unsigned int *lenp)
-{
- SECItem binary_item, *dummy;
-
- binary_item.data = NULL;
- binary_item.len = 0;
-
- dummy = NSSBase64_DecodeBuffer (NULL, &binary_item, string,
- (PRUint32) PORT_Strlen(string));
- if (dummy == NULL)
- return NULL;
-
- PORT_Assert(dummy == &binary_item);
-
- *lenp = dummy->len;
- return dummy->data;
-}
-
-/*
-** Convert from ascii to binary encoding of an item.
-*/
-SECStatus
-ATOB_ConvertAsciiToItem(SECItem *binary_item, char *ascii)
-{
- SECItem *dummy;
-
- if (binary_item == NULL) {
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- /*
- * XXX Would prefer to assert here if data is non-null (actually,
- * don't need to, just let NSSBase64_DecodeBuffer do it), so as to
- * to catch unintended memory leaks, but callers are not clean in
- * this respect so we need to explicitly clear here to avoid the
- * assert in NSSBase64_DecodeBuffer.
- */
- binary_item->data = NULL;
- binary_item->len = 0;
-
- dummy = NSSBase64_DecodeBuffer (NULL, binary_item, ascii,
- (PRUint32) PORT_Strlen(ascii));
-
- if (dummy == NULL)
- return SECFailure;
-
- return SECSuccess;
-}
diff --git a/security/nss/lib/util/nssb64e.c b/security/nss/lib/util/nssb64e.c
deleted file mode 100644
index 9c802abcd..000000000
--- a/security/nss/lib/util/nssb64e.c
+++ /dev/null
@@ -1,762 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Base64 encoding (binary to ascii).
- *
- * $Id$
- */
-
-#include "nssb64.h"
-#include "nspr.h"
-#include "secitem.h"
-#include "secerr.h"
-
-/*
- * XXX See the big comment at the top of nssb64d.c about moving the
- * bulk of this code over into NSPR (the PL part). It all applies
- * here but I didn't want to duplicate it, to avoid divergence problems.
- */
-
-/*
- **************************************************************
- * XXX Beginning of base64 encoding code to be moved into NSPR.
- */
-
-
-struct PLBase64EncodeStateStr {
- unsigned chunks;
- unsigned saved;
- unsigned char buf[3];
-};
-
-/*
- * This typedef would belong in the NSPR header file (i.e. plbase64.h).
- */
-typedef struct PLBase64EncoderStr PLBase64Encoder;
-
-/*
- * The following implementation of base64 encoding was based on code
- * found in libmime (specifically, in mimeenc.c). It has been adapted to
- * use PR types and naming as well as to provide other necessary semantics
- * (like buffer-in/buffer-out in addition to "streaming" without undue
- * performance hit of extra copying if you made the buffer versions
- * use the output_fn). It also incorporates some aspects of the current
- * NSPR base64 encoding code. As such, you may find similarities to
- * both of those implementations. I tried to use names that reflected
- * the original code when possible. For this reason you may find some
- * inconsistencies -- libmime used lots of "in" and "out" whereas the
- * NSPR version uses "src" and "dest"; sometimes I changed one to the other
- * and sometimes I left them when I thought the subroutines were at least
- * self-consistent.
- */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * Opaque object used by the encoder to store state.
- */
-struct PLBase64EncoderStr {
- /*
- * The one or two bytes pending. (We need 3 to create a "token",
- * and hold the leftovers here. in_buffer_count is *only* ever
- * 0, 1, or 2.
- */
- unsigned char in_buffer[2];
- int in_buffer_count;
-
- /*
- * If the caller wants linebreaks added, line_length specifies
- * where they come out. It must be a multiple of 4; if the caller
- * provides one that isn't, we round it down to the nearest
- * multiple of 4.
- *
- * The value of current_column counts how many characters have been
- * added since the last linebreaks (or since the beginning, on the
- * first line). It is also always a multiple of 4; it is unused when
- * line_length is 0.
- */
- PRUint32 line_length;
- PRUint32 current_column;
-
- /*
- * Where to write the encoded data (used when streaming, not when
- * doing all in-memory (buffer) operations).
- *
- * Note that this definition is chosen to be compatible with PR_Write.
- */
- PRInt32 (*output_fn) (void *output_arg, const char *buf, PRInt32 size);
- void *output_arg;
-
- /*
- * Where the encoded output goes -- either temporarily (in the streaming
- * case, staged here before it goes to the output function) or what will
- * be the entire buffered result for users of the buffer version.
- */
- char *output_buffer;
- PRUint32 output_buflen; /* the total length of allocated buffer */
- PRUint32 output_length; /* the length that is currently populated */
-};
-
-PR_END_EXTERN_C
-
-
-/*
- * Table to convert a binary value to its corresponding ascii "code".
- */
-static unsigned char base64_valuetocode[64] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-#define B64_PAD '='
-#define B64_CR '\r'
-#define B64_LF '\n'
-
-static PRStatus
-pl_base64_encode_buffer (PLBase64Encoder *data, const unsigned char *in,
- PRUint32 size)
-{
- const unsigned char *end = in + size;
- char *out = data->output_buffer + data->output_length;
- int i = data->in_buffer_count;
- PRUint32 n = 0;
- int off;
- PRUint32 output_threshold;
-
- /* If this input buffer is too small, wait until next time. */
- if (size < (3 - i)) {
- data->in_buffer[i++] = in[0];
- if (size > 1)
- data->in_buffer[i++] = in[1];
- PR_ASSERT(i < 3);
- data->in_buffer_count = i;
- return PR_SUCCESS;
- }
-
- /* If there are bytes that were put back last time, take them now. */
- if (i > 0) {
- n = data->in_buffer[0];
- if (i > 1)
- n = (n << 8) | data->in_buffer[1];
- data->in_buffer_count = 0;
- }
-
- /* If our total is not a multiple of three, put one or two bytes back. */
- off = (size + i) % 3;
- if (off > 0) {
- size -= off;
- data->in_buffer[0] = in[size];
- if (off > 1)
- data->in_buffer[1] = in[size + 1];
- data->in_buffer_count = off;
- end -= off;
- }
-
- output_threshold = data->output_buflen - 3;
-
- /*
- * Populate the output buffer with base64 data, one line (or buffer)
- * at a time.
- */
- while (in < end) {
- int j, k;
-
- while (i < 3) {
- n = (n << 8) | *in++;
- i++;
- }
- i = 0;
-
- if (data->line_length > 0) {
- if (data->current_column >= data->line_length) {
- data->current_column = 0;
- *out++ = B64_CR;
- *out++ = B64_LF;
- data->output_length += 2;
- }
- data->current_column += 4; /* the bytes we are about to add */
- }
-
- for (j = 18; j >= 0; j -= 6) {
- k = (n >> j) & 0x3F;
- *out++ = base64_valuetocode[k];
- }
- n = 0;
- data->output_length += 4;
-
- if (data->output_length >= output_threshold) {
- PR_ASSERT(data->output_length <= data->output_buflen);
- if (data->output_fn != NULL) {
- PRInt32 output_result;
-
- output_result = data->output_fn (data->output_arg,
- data->output_buffer,
- (PRInt32) data->output_length);
- if (output_result < 0)
- return PR_FAILURE;
-
- out = data->output_buffer;
- data->output_length = 0;
- } else {
- /*
- * Check that we are about to exit the loop. (Since we
- * are over the threshold, there isn't enough room in the
- * output buffer for another trip around.)
- */
- PR_ASSERT(in == end);
- if (in < end) {
- PR_SetError (PR_BUFFER_OVERFLOW_ERROR, 0);
- return PR_FAILURE;
- }
- }
- }
- }
-
- return PR_SUCCESS;
-}
-
-static PRStatus
-pl_base64_encode_flush (PLBase64Encoder *data)
-{
- int i = data->in_buffer_count;
-
- if (i == 0 && data->output_length == 0)
- return PR_SUCCESS;
-
- if (i > 0) {
- char *out = data->output_buffer + data->output_length;
- PRUint32 n;
- int j, k;
-
- n = ((PRUint32) data->in_buffer[0]) << 16;
- if (i > 1)
- n |= ((PRUint32) data->in_buffer[1] << 8);
-
- data->in_buffer_count = 0;
-
- if (data->line_length > 0) {
- if (data->current_column >= data->line_length) {
- data->current_column = 0;
- *out++ = B64_CR;
- *out++ = B64_LF;
- data->output_length += 2;
- }
- }
-
- /*
- * This will fill in more than we really have data for, but the
- * valid parts will end up in the correct position and the extras
- * will be over-written with pad characters below.
- */
- for (j = 18; j >= 0; j -= 6) {
- k = (n >> j) & 0x3F;
- *out++ = base64_valuetocode[k];
- }
-
- /* Pad with equal-signs. */
- if (i == 1)
- out[-2] = B64_PAD;
- out[-1] = B64_PAD;
-
- data->output_length += 4;
- }
-
- if (data->output_fn != NULL) {
- PRInt32 output_result;
-
- output_result = data->output_fn (data->output_arg, data->output_buffer,
- (PRInt32) data->output_length);
- data->output_length = 0;
-
- if (output_result < 0)
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-
-/*
- * The maximum space needed to hold the output of the encoder given input
- * data of length "size", and allowing for CRLF added at least every
- * line_length bytes (we will add it at nearest lower multiple of 4).
- * There is no trailing CRLF.
- */
-static PRUint32
-PL_Base64MaxEncodedLength (PRUint32 size, PRUint32 line_length)
-{
- PRUint32 tokens, tokens_per_line, full_lines, line_break_chars, remainder;
-
- tokens = (size + 2) / 3;
-
- if (line_length == 0)
- return tokens * 4;
-
- if (line_length < 4) /* too small! */
- line_length = 4;
-
- tokens_per_line = line_length / 4;
- full_lines = tokens / tokens_per_line;
- remainder = (tokens - (full_lines * tokens_per_line)) * 4;
- line_break_chars = full_lines * 2;
- if (remainder == 0)
- line_break_chars -= 2;
-
- return (full_lines * tokens_per_line * 4) + line_break_chars + remainder;
-}
-
-
-/*
- * A distinct internal creation function for the buffer version to use.
- * (It does not want to specify an output_fn, and we want the normal
- * Create function to require that.) All common initialization of the
- * encoding context should be done *here*.
- *
- * Save "line_length", rounded down to nearest multiple of 4 (if not
- * already even multiple). Allocate output_buffer, if not provided --
- * based on given size if specified, otherwise based on line_length.
- */
-static PLBase64Encoder *
-pl_base64_create_encoder (PRUint32 line_length, char *output_buffer,
- PRUint32 output_buflen)
-{
- PLBase64Encoder *data;
- PRUint32 line_tokens;
-
- data = PR_NEWZAP(PLBase64Encoder);
- if (data == NULL)
- return NULL;
-
- if (line_length > 0 && line_length < 4) /* too small! */
- line_length = 4;
-
- line_tokens = line_length / 4;
- data->line_length = line_tokens * 4;
-
- if (output_buffer == NULL) {
- if (output_buflen == 0) {
- if (data->line_length > 0) /* need to include room for CRLF */
- output_buflen = data->line_length + 2;
- else
- output_buflen = 64; /* XXX what is a good size? */
- }
-
- output_buffer = (char *) PR_Malloc(output_buflen);
- if (output_buffer == NULL) {
- PR_Free(data);
- return NULL;
- }
- }
-
- data->output_buffer = output_buffer;
- data->output_buflen = output_buflen;
- return data;
-}
-
-/*
- * Function to start a base64 encoding context.
- * An "output_fn" is required; the "output_arg" parameter to that is optional.
- * If linebreaks in the encoded output are desired, "line_length" specifies
- * where to place them -- it will be rounded down to the nearest multiple of 4
- * (if it is not already an even multiple of 4). If it is zero, no linebreaks
- * will be added. (FYI, a linebreak is CRLF -- two characters.)
- */
-static PLBase64Encoder *
-PL_CreateBase64Encoder (PRInt32 (*output_fn) (void *, const char *, PRInt32),
- void *output_arg, PRUint32 line_length)
-{
- PLBase64Encoder *data;
-
- if (output_fn == NULL) {
- PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
- return NULL;
- }
-
- data = pl_base64_create_encoder (line_length, NULL, 0);
- if (data == NULL)
- return NULL;
-
- data->output_fn = output_fn;
- data->output_arg = output_arg;
-
- return data;
-}
-
-
-/*
- * Push data through the encoder, causing the output_fn (provided to Create)
- * to be called with the encoded data.
- */
-static PRStatus
-PL_UpdateBase64Encoder (PLBase64Encoder *data, const unsigned char *buffer,
- PRUint32 size)
-{
- /* XXX Should we do argument checking only in debug build? */
- if (data == NULL || buffer == NULL || size == 0) {
- PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
- return PR_FAILURE;
- }
-
- return pl_base64_encode_buffer (data, buffer, size);
-}
-
-
-/*
- * When you're done encoding, call this to free the data. If "abort_p"
- * is false, then calling this may cause the output_fn to be called
- * one last time (as the last buffered data is flushed out).
- */
-static PRStatus
-PL_DestroyBase64Encoder (PLBase64Encoder *data, PRBool abort_p)
-{
- PRStatus status = PR_SUCCESS;
-
- /* XXX Should we do argument checking only in debug build? */
- if (data == NULL) {
- PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
- return PR_FAILURE;
- }
-
- /* Flush out the last few buffered characters. */
- if (!abort_p)
- status = pl_base64_encode_flush (data);
-
- if (data->output_buffer != NULL)
- PR_Free(data->output_buffer);
- PR_Free(data);
-
- return status;
-}
-
-
-/*
- * Perform base64 encoding from an input buffer to an output buffer.
- * The output buffer can be provided (as "dest"); you can also pass in
- * a NULL and this function will allocate a buffer large enough for you,
- * and return it. If you do provide the output buffer, you must also
- * provide the maximum length of that buffer (as "maxdestlen").
- * The actual encoded length of output will be returned to you in
- * "output_destlen".
- *
- * If linebreaks in the encoded output are desired, "line_length" specifies
- * where to place them -- it will be rounded down to the nearest multiple of 4
- * (if it is not already an even multiple of 4). If it is zero, no linebreaks
- * will be added. (FYI, a linebreak is CRLF -- two characters.)
- *
- * Return value is NULL on error, the output buffer (allocated or provided)
- * otherwise.
- */
-static char *
-PL_Base64EncodeBuffer (const unsigned char *src, PRUint32 srclen,
- PRUint32 line_length, char *dest, PRUint32 maxdestlen,
- PRUint32 *output_destlen)
-{
- PRUint32 need_length;
- PLBase64Encoder *data = NULL;
- PRStatus status;
-
- PR_ASSERT(srclen > 0);
- if (srclen == 0)
- return dest;
-
- /*
- * How much space could we possibly need for encoding this input?
- */
- need_length = PL_Base64MaxEncodedLength (srclen, line_length);
-
- /*
- * Make sure we have at least that much, if output buffer provided.
- */
- if (dest != NULL) {
- PR_ASSERT(maxdestlen >= need_length);
- if (maxdestlen < need_length) {
- PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
- return NULL;
- }
- } else {
- maxdestlen = need_length;
- }
-
- data = pl_base64_create_encoder(line_length, dest, maxdestlen);
- if (data == NULL)
- return NULL;
-
- status = pl_base64_encode_buffer (data, src, srclen);
-
- /*
- * We do not wait for Destroy to flush, because Destroy will also
- * get rid of our encoder context, which we need to look at first!
- */
- if (status == PR_SUCCESS)
- status = pl_base64_encode_flush (data);
-
- if (status != PR_SUCCESS) {
- (void) PL_DestroyBase64Encoder (data, PR_TRUE);
- return NULL;
- }
-
- dest = data->output_buffer;
-
- /* Must clear this or Destroy will free it. */
- data->output_buffer = NULL;
-
- *output_destlen = data->output_length;
- status = PL_DestroyBase64Encoder (data, PR_FALSE);
- if (status == PR_FAILURE) {
- PR_Free(dest);
- return NULL;
- }
-
- return dest;
-}
-
-/*
- * XXX End of base64 encoding code to be moved into NSPR.
- ********************************************************
- */
-
-/*
- * This is the beginning of the NSS cover functions. These will
- * provide the interface we want to expose as NSS-ish. For example,
- * they will operate on our Items, do any special handling or checking
- * we want to do, etc.
- */
-
-
-PR_BEGIN_EXTERN_C
-
-/*
- * A boring cover structure for now. Perhaps someday it will include
- * some more interesting fields.
- */
-struct NSSBase64EncoderStr {
- PLBase64Encoder *pl_data;
-};
-
-PR_END_EXTERN_C
-
-
-/*
- * Function to start a base64 encoding context.
- */
-NSSBase64Encoder *
-NSSBase64Encoder_Create (PRInt32 (*output_fn) (void *, const char *, PRInt32),
- void *output_arg)
-{
- PLBase64Encoder *pl_data;
- NSSBase64Encoder *nss_data;
-
- nss_data = PORT_ZNew(NSSBase64Encoder);
- if (nss_data == NULL)
- return NULL;
-
- pl_data = PL_CreateBase64Encoder (output_fn, output_arg, 64);
- if (pl_data == NULL) {
- PORT_Free(nss_data);
- return NULL;
- }
-
- nss_data->pl_data = pl_data;
- return nss_data;
-}
-
-
-/*
- * Push data through the encoder, causing the output_fn (provided to Create)
- * to be called with the encoded data.
- */
-SECStatus
-NSSBase64Encoder_Update (NSSBase64Encoder *data, const unsigned char *buffer,
- PRUint32 size)
-{
- PRStatus pr_status;
-
- /* XXX Should we do argument checking only in debug build? */
- if (data == NULL) {
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- pr_status = PL_UpdateBase64Encoder (data->pl_data, buffer, size);
- if (pr_status == PR_FAILURE)
- return SECFailure;
-
- return SECSuccess;
-}
-
-
-/*
- * When you're done encoding, call this to free the data. If "abort_p"
- * is false, then calling this may cause the output_fn to be called
- * one last time (as the last buffered data is flushed out).
- */
-SECStatus
-NSSBase64Encoder_Destroy (NSSBase64Encoder *data, PRBool abort_p)
-{
- PRStatus pr_status;
-
- /* XXX Should we do argument checking only in debug build? */
- if (data == NULL) {
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- pr_status = PL_DestroyBase64Encoder (data->pl_data, abort_p);
-
- PORT_Free(data);
-
- if (pr_status == PR_FAILURE)
- return SECFailure;
-
- return SECSuccess;
-}
-
-
-/*
- * Perform base64 encoding of binary data "inItem" to an ascii string.
- * The output buffer may be provided (as "outStrOpt"); you can also pass
- * in a NULL and the buffer will be allocated for you. The result will
- * be null-terminated, and if the buffer is provided, "maxOutLen" must
- * specify the maximum length of the buffer and will be checked to
- * supply sufficient space space for the encoded result. (If "outStrOpt"
- * is NULL, "maxOutLen" is ignored.)
- *
- * If "outStrOpt" is NULL, allocation will happen out of the passed-in
- * "arenaOpt", if *it* is non-NULL, otherwise standard allocation (heap)
- * will be used.
- *
- * Return value is NULL on error, the output buffer (allocated or provided)
- * otherwise.
- */
-char *
-NSSBase64_EncodeItem (PRArenaPool *arenaOpt, char *outStrOpt,
- unsigned int maxOutLen, SECItem *inItem)
-{
- char *out_string = outStrOpt;
- PRUint32 max_out_len;
- PRUint32 out_len;
- void *mark = NULL;
- char *dummy;
-
- PORT_Assert(inItem != NULL && inItem->data != NULL && inItem->len != 0);
- if (inItem == NULL || inItem->data == NULL || inItem->len == 0) {
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return NULL;
- }
-
- max_out_len = PL_Base64MaxEncodedLength (inItem->len, 64);
-
- if (arenaOpt != NULL)
- mark = PORT_ArenaMark (arenaOpt);
-
- if (out_string == NULL) {
- if (arenaOpt != NULL)
- out_string = PORT_ArenaAlloc (arenaOpt, max_out_len + 1);
- else
- out_string = PORT_Alloc (max_out_len + 1);
-
- if (out_string == NULL) {
- if (arenaOpt != NULL)
- PORT_ArenaRelease (arenaOpt, mark);
- return NULL;
- }
- } else {
- if ((max_out_len + 1) > maxOutLen) {
- PORT_SetError (SEC_ERROR_OUTPUT_LEN);
- return NULL;
- }
- max_out_len = maxOutLen;
- }
-
-
- dummy = PL_Base64EncodeBuffer (inItem->data, inItem->len, 64,
- out_string, max_out_len, &out_len);
- if (dummy == NULL) {
- if (arenaOpt != NULL) {
- PORT_ArenaRelease (arenaOpt, mark);
- } else {
- PORT_Free (out_string);
- }
- return NULL;
- }
-
- if (arenaOpt != NULL)
- PORT_ArenaUnmark (arenaOpt, mark);
-
- out_string[out_len] = '\0';
- return out_string;
-}
-
-
-/*
- * XXX Everything below is deprecated. If you add new stuff, put it
- * *above*, not below.
- */
-
-/*
- * XXX The following "BTOA" functions are provided for backward compatibility
- * with current code. They should be considered strongly deprecated.
- * When we can convert all our code over to using the new NSSBase64Encoder_
- * functions defined above, we should get rid of these altogether. (Remove
- * protoypes from base64.h as well -- actually, remove that file completely).
- * If someone thinks either of these functions provides such a very useful
- * interface (though, as shown, the same functionality can already be
- * obtained by calling NSSBase64_EncodeItem directly), fine -- but then
- * that API should be provided with a nice new NSSFoo name and using
- * appropriate types, etc.
- */
-
-#include "base64.h"
-
-/*
-** Return an PORT_Alloc'd ascii string which is the base64 encoded
-** version of the input string.
-*/
-char *
-BTOA_DataToAscii(const unsigned char *data, unsigned int len)
-{
- SECItem binary_item;
-
- binary_item.data = (unsigned char *)data;
- binary_item.len = len;
-
- return NSSBase64_EncodeItem (NULL, NULL, 0, &binary_item);
-}
-
-/*
-** Convert from binary encoding of an item to ascii.
-*/
-char *
-BTOA_ConvertItemToAscii (SECItem *binary_item)
-{
- return NSSBase64_EncodeItem (NULL, NULL, 0, binary_item);
-}
diff --git a/security/nss/lib/util/nssb64t.h b/security/nss/lib/util/nssb64t.h
deleted file mode 100644
index b7b079d8c..000000000
--- a/security/nss/lib/util/nssb64t.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Public data structures for base64 encoding/decoding.
- *
- * $Id$
- */
-#ifndef _NSSB64T_H_
-#define _NSSB64T_H_
-
-typedef struct NSSBase64DecoderStr NSSBase64Decoder;
-typedef struct NSSBase64EncoderStr NSSBase64Encoder;
-
-#endif /* _NSSB64T_H_ */
diff --git a/security/nss/lib/util/nsslocks.c b/security/nss/lib/util/nsslocks.c
deleted file mode 100644
index c3bb0f0f2..000000000
--- a/security/nss/lib/util/nsslocks.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * nsslocks.h - threadsafe functions to initialize lock pointers.
- *
- * NOTE - These are not public interfaces
- *
- * $Id$
- */
-
-#include "seccomon.h"
-#include "nsslocks.h"
-#include "pratom.h"
-#include "prthread.h"
-
-/* Given the address of a (global) pointer to a PRLock,
- * atomicly create the lock and initialize the (global) pointer,
- * if it is not already created/initialized.
- */
-
-SECStatus
-nss_InitLock( PRLock **ppLock)
-{
- static PRInt32 initializers;
-
- PORT_Assert( ppLock != NULL);
-
- /* atomically initialize the lock */
- while (!*ppLock) {
- PRInt32 myAttempt = PR_AtomicIncrement(&initializers);
- if (myAttempt == 1) {
- *ppLock = PR_NewLock();
- (void) PR_AtomicDecrement(&initializers);
- break;
- }
- PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield() */
- (void) PR_AtomicDecrement(&initializers);
- }
-
- return (*ppLock != NULL) ? SECSuccess : SECFailure;
-}
-
-/* Given the address of a (global) pointer to a PRMonitor,
- * atomicly create the monitor and initialize the (global) pointer,
- * if it is not already created/initialized.
- */
-
-SECStatus
-nss_InitMonitor(PRMonitor **ppMonitor)
-{
- static PRInt32 initializers;
-
- PORT_Assert( ppMonitor != NULL);
-
- /* atomically initialize the lock */
- while (!*ppMonitor) {
- PRInt32 myAttempt = PR_AtomicIncrement(&initializers);
- if (myAttempt == 1) {
- *ppMonitor = PR_NewMonitor();
- (void) PR_AtomicDecrement(&initializers);
- break;
- }
- PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield() */
- (void) PR_AtomicDecrement(&initializers);
- }
-
- return (*ppMonitor != NULL) ? SECSuccess : SECFailure;
-}
diff --git a/security/nss/lib/util/nsslocks.h b/security/nss/lib/util/nsslocks.h
deleted file mode 100644
index 466a1ab4d..000000000
--- a/security/nss/lib/util/nsslocks.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * nsslocks.h - threadsafe functions to initialize lock pointers.
- *
- * NOTE - These are not public interfaces
- *
- * $Id$
- */
-
-#ifndef _NSSLOCKS_H_
-#define _NSSLOCKS_H_
-
-#include "seccomon.h"
-#include "prlock.h"
-#include "prmon.h"
-
-SEC_BEGIN_PROTOS
-
-/* Given the address of a (global) pointer to a PRLock,
- * atomicly create the lock and initialize the (global) pointer,
- * if it is not already created/initialized.
- */
-
-extern SECStatus nss_InitLock( PRLock **ppLock);
-
-/* Given the address of a (global) pointer to a PRMonitor,
- * atomicly create the monitor and initialize the (global) pointer,
- * if it is not already created/initialized.
- */
-
-extern SECStatus nss_InitMonitor(PRMonitor **ppMonitor);
-
-SEC_END_PROTOS
-
-#endif
diff --git a/security/nss/lib/util/nssrwlk.c b/security/nss/lib/util/nssrwlk.c
deleted file mode 100644
index 0c4ece1ee..000000000
--- a/security/nss/lib/util/nssrwlk.c
+++ /dev/null
@@ -1,512 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "nssrwlk.h"
-#include "nspr.h"
-
-PR_BEGIN_EXTERN_C
-
-/*
- * Reader-writer lock
- */
-struct nssRWLockStr {
- PRLock * rw_lock;
- char * rw_name; /* lock name */
- PRUint32 rw_rank; /* rank of the lock */
- PRInt32 rw_writer_locks; /* == 0, if unlocked */
- PRInt32 rw_reader_locks; /* == 0, if unlocked */
- /* > 0 , # of read locks */
- PRUint32 rw_waiting_readers; /* number of waiting readers */
- PRUint32 rw_waiting_writers; /* number of waiting writers */
- PRCondVar * rw_reader_waitq; /* cvar for readers */
- PRCondVar * rw_writer_waitq; /* cvar for writers */
- PRThread * rw_owner; /* lock owner for write-lock */
- /* Non-null if write lock held. */
-};
-
-PR_END_EXTERN_C
-
-#include <string.h>
-
-#ifdef DEBUG_RANK_ORDER
-#define NSS_RWLOCK_RANK_ORDER_DEBUG /* enable deadlock detection using
- rank-order for locks
- */
-#endif
-
-#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
-
-static PRUintn nss_thread_rwlock_initialized;
-static PRUintn nss_thread_rwlock; /* TPD key for lock stack */
-static PRUintn nss_thread_rwlock_alloc_failed;
-
-#define _NSS_RWLOCK_RANK_ORDER_LIMIT 10
-
-typedef struct thread_rwlock_stack {
- PRInt32 trs_index; /* top of stack */
- NSSRWLock *trs_stack[_NSS_RWLOCK_RANK_ORDER_LIMIT]; /* stack of lock
- pointers */
-} thread_rwlock_stack;
-
-/* forward static declarations. */
-static PRUint32 nssRWLock_GetThreadRank(PRThread *me);
-static void nssRWLock_SetThreadRank(PRThread *me, NSSRWLock *rwlock);
-static void nssRWLock_UnsetThreadRank(PRThread *me, NSSRWLock *rwlock);
-static void nssRWLock_ReleaseLockStack(void *lock_stack);
-
-#endif
-
-#define UNTIL(x) while(!(x))
-
-/*
- * Reader/Writer Locks
- */
-
-/*
- * NSSRWLock_New
- * Create a reader-writer lock, with the given lock rank and lock name
- *
- */
-
-PR_IMPLEMENT(NSSRWLock *)
-NSSRWLock_New(PRUint32 lock_rank, const char *lock_name)
-{
- NSSRWLock *rwlock;
-
- rwlock = PR_NEWZAP(NSSRWLock);
- if (rwlock == NULL)
- return NULL;
-
- rwlock->rw_lock = PR_NewLock();
- if (rwlock->rw_lock == NULL) {
- goto loser;
- }
- rwlock->rw_reader_waitq = PR_NewCondVar(rwlock->rw_lock);
- if (rwlock->rw_reader_waitq == NULL) {
- goto loser;
- }
- rwlock->rw_writer_waitq = PR_NewCondVar(rwlock->rw_lock);
- if (rwlock->rw_writer_waitq == NULL) {
- goto loser;
- }
- if (lock_name != NULL) {
- rwlock->rw_name = (char*) PR_Malloc(strlen(lock_name) + 1);
- if (rwlock->rw_name == NULL) {
- goto loser;
- }
- strcpy(rwlock->rw_name, lock_name);
- } else {
- rwlock->rw_name = NULL;
- }
- rwlock->rw_rank = lock_rank;
- rwlock->rw_waiting_readers = 0;
- rwlock->rw_waiting_writers = 0;
- rwlock->rw_reader_locks = 0;
- rwlock->rw_writer_locks = 0;
-
- return rwlock;
-
-loser:
- NSSRWLock_Destroy(rwlock);
- return(NULL);
-}
-
-/*
-** Destroy the given RWLock "lock".
-*/
-PR_IMPLEMENT(void)
-NSSRWLock_Destroy(NSSRWLock *rwlock)
-{
- PR_ASSERT(rwlock != NULL);
- PR_ASSERT(rwlock->rw_waiting_readers == 0);
-
- /* XXX Shouldn't we lock the PRLock before destroying this?? */
-
- if (rwlock->rw_name)
- PR_Free(rwlock->rw_name);
- if (rwlock->rw_reader_waitq)
- PR_DestroyCondVar(rwlock->rw_reader_waitq);
- if (rwlock->rw_writer_waitq)
- PR_DestroyCondVar(rwlock->rw_writer_waitq);
- if (rwlock->rw_lock)
- PR_DestroyLock(rwlock->rw_lock);
- PR_DELETE(rwlock);
-}
-
-/***********************************************************************
-** Given the address of a NULL pointer to a NSSRWLock,
-** atomically initializes that pointer to a newly created NSSRWLock.
-** Returns the value placed into that pointer, or NULL.
-** If the lock cannot be created because of resource constraints,
-** the pointer will be left NULL.
-**
-***********************************************************************/
-PR_IMPLEMENT(NSSRWLock *)
-nssRWLock_AtomicCreate( NSSRWLock ** prwlock,
- PRUint32 lock_rank,
- const char * lock_name)
-{
- NSSRWLock * rwlock;
- static PRInt32 initializers;
-
- PR_ASSERT(prwlock != NULL);
-
- /* atomically initialize the lock */
- while (NULL == (rwlock = *prwlock)) {
- PRInt32 myAttempt = PR_AtomicIncrement(&initializers);
- if (myAttempt == 1) {
- *prwlock = rwlock = NSSRWLock_New(lock_rank, lock_name);
- (void) PR_AtomicDecrement(&initializers);
- break;
- }
- PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield() */
- (void) PR_AtomicDecrement(&initializers);
- }
-
- return rwlock;
-}
-
-/*
-** Read-lock the RWLock.
-*/
-PR_IMPLEMENT(void)
-NSSRWLock_LockRead(NSSRWLock *rwlock)
-{
- PRThread *me = PR_GetCurrentThread();
-
- PR_Lock(rwlock->rw_lock);
-#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
-
- /*
- * assert that rank ordering is not violated; the rank of 'rwlock' should
- * be equal to or greater than the highest rank of all the locks held by
- * the thread.
- */
- PR_ASSERT((rwlock->rw_rank == NSS_RWLOCK_RANK_NONE) ||
- (rwlock->rw_rank >= nssRWLock_GetThreadRank(me)));
-#endif
- /*
- * wait if write-locked or if a writer is waiting; preference for writers
- */
- UNTIL ( (rwlock->rw_owner == me) || /* I own it, or */
- ((rwlock->rw_owner == NULL) && /* no-one owns it, and */
- (rwlock->rw_waiting_writers == 0))) { /* no-one is waiting to own */
-
- rwlock->rw_waiting_readers++;
- PR_WaitCondVar(rwlock->rw_reader_waitq, PR_INTERVAL_NO_TIMEOUT);
- rwlock->rw_waiting_readers--;
- }
- rwlock->rw_reader_locks++; /* Increment read-lock count */
-
- PR_Unlock(rwlock->rw_lock);
-
-#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
- nssRWLock_SetThreadRank(me, rwlock);/* update thread's lock rank */
-#endif
-}
-
-/* Unlock a Read lock held on this RW lock.
-*/
-PR_IMPLEMENT(void)
-NSSRWLock_UnlockRead(NSSRWLock *rwlock)
-{
- PRThread *me = PR_GetCurrentThread();
-
- PR_Lock(rwlock->rw_lock);
-
- PR_ASSERT(rwlock->rw_reader_locks > 0); /* lock must be read locked */
-
- if (( rwlock->rw_reader_locks > 0) && /* caller isn't screwey */
- (--rwlock->rw_reader_locks == 0) && /* not read locked any more */
- ( rwlock->rw_owner == NULL) && /* not write locked */
- ( rwlock->rw_waiting_writers > 0)) { /* someone's waiting. */
-
- PR_NotifyCondVar(rwlock->rw_writer_waitq); /* wake him up. */
- }
-
- PR_Unlock(rwlock->rw_lock);
-
-#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
- /*
- * update thread's lock rank
- */
- nssRWLock_UnsetThreadRank(me, rwlock);
-#endif
- return;
-}
-
-/*
-** Write-lock the RWLock.
-*/
-PR_IMPLEMENT(void)
-NSSRWLock_LockWrite(NSSRWLock *rwlock)
-{
- PRInt32 lock_acquired = 0;
- PRThread *me = PR_GetCurrentThread();
-
- PR_Lock(rwlock->rw_lock);
-#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
- /*
- * assert that rank ordering is not violated; the rank of 'rwlock' should
- * be equal to or greater than the highest rank of all the locks held by
- * the thread.
- */
- PR_ASSERT((rwlock->rw_rank == NSS_RWLOCK_RANK_NONE) ||
- (rwlock->rw_rank >= nssRWLock_GetThreadRank(me)));
-#endif
- /*
- * wait if read locked or write locked.
- */
- PR_ASSERT(rwlock->rw_reader_locks >= 0);
- PR_ASSERT(me != NULL);
-
- UNTIL ( (rwlock->rw_owner == me) || /* I own write lock, or */
- ((rwlock->rw_owner == NULL) && /* no writer and */
- (rwlock->rw_reader_locks == 0))) { /* no readers, either. */
-
- rwlock->rw_waiting_writers++;
- PR_WaitCondVar(rwlock->rw_writer_waitq, PR_INTERVAL_NO_TIMEOUT);
- rwlock->rw_waiting_writers--;
- PR_ASSERT(rwlock->rw_reader_locks >= 0);
- }
-
- PR_ASSERT(rwlock->rw_reader_locks == 0);
- /*
- * apply write lock
- */
- rwlock->rw_owner = me;
- rwlock->rw_writer_locks++; /* Increment write-lock count */
-
- PR_Unlock(rwlock->rw_lock);
-
-#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
- /*
- * update thread's lock rank
- */
- nssRWLock_SetThreadRank(me,rwlock);
-#endif
-}
-
-/* Unlock a Read lock held on this RW lock.
-*/
-PR_IMPLEMENT(void)
-NSSRWLock_UnlockWrite(NSSRWLock *rwlock)
-{
- PRThread *me = PR_GetCurrentThread();
-
- PR_Lock(rwlock->rw_lock);
- PR_ASSERT(rwlock->rw_owner == me); /* lock must be write-locked by me. */
- PR_ASSERT(rwlock->rw_writer_locks > 0); /* lock must be write locked */
-
- if ( rwlock->rw_owner == me && /* I own it, and */
- rwlock->rw_writer_locks > 0 && /* I own it, and */
- --rwlock->rw_writer_locks == 0) { /* I'm all done with it */
-
- rwlock->rw_owner = NULL; /* I don't own it any more. */
-
- if (rwlock->rw_reader_locks == 0) { /* no readers, wake up somebody. */
- /* Give preference to waiting writers. */
- if (rwlock->rw_waiting_writers > 0)
- PR_NotifyCondVar(rwlock->rw_writer_waitq);
- else if (rwlock->rw_waiting_readers > 0)
- PR_NotifyAllCondVar(rwlock->rw_reader_waitq);
- }
- }
- PR_Unlock(rwlock->rw_lock);
-
-#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
- /*
- * update thread's lock rank
- */
- nssRWLock_UnsetThreadRank(me, rwlock);
-#endif
- return;
-}
-
-/* This is primarily for debugging, i.e. for inclusion in ASSERT calls. */
-PR_IMPLEMENT(PRBool)
-NSSRWLock_HaveWriteLock(NSSRWLock *rwlock) {
- PRBool ownWriteLock;
- PRThread *me = PR_GetCurrentThread();
-
- /* This lock call isn't really necessary.
- ** If this thread is the owner, that fact cannot change during this call,
- ** because this thread is in this call.
- ** If this thread is NOT the owner, the owner could change, but it
- ** could not become this thread.
- */
-#if UNNECESSARY
- PR_Lock(rwlock->rw_lock);
-#endif
- ownWriteLock = (PRBool)(me == rwlock->rw_owner);
-#if UNNECESSARY
- PR_Unlock(rwlock->rw_lock);
-#endif
- return ownWriteLock;
-}
-
-#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
-
-/*
- * nssRWLock_SetThreadRank
- * Set a thread's lock rank, which is the highest of the ranks of all
- * the locks held by the thread. Pointers to the locks are added to a
- * per-thread list, which is anchored off a thread-private data key.
- */
-
-static void
-nssRWLock_SetThreadRank(PRThread *me, NSSRWLock *rwlock)
-{
- thread_rwlock_stack *lock_stack;
- PRStatus rv;
-
- /*
- * allocated thread-private-data for rwlock list, if not already allocated
- */
- if (!nss_thread_rwlock_initialized) {
- /*
- * allocate tpd, only if not failed already
- */
- if (!nss_thread_rwlock_alloc_failed) {
- if (PR_NewThreadPrivateIndex(&nss_thread_rwlock,
- nssRWLock_ReleaseLockStack)
- == PR_FAILURE) {
- nss_thread_rwlock_alloc_failed = 1;
- return;
- }
- } else
- return;
- }
- /*
- * allocate a lock stack
- */
- if ((lock_stack = PR_GetThreadPrivate(nss_thread_rwlock)) == NULL) {
- lock_stack = (thread_rwlock_stack *)
- PR_CALLOC(1 * sizeof(thread_rwlock_stack));
- if (lock_stack) {
- rv = PR_SetThreadPrivate(nss_thread_rwlock, lock_stack);
- if (rv == PR_FAILURE) {
- PR_DELETE(lock_stack);
- nss_thread_rwlock_alloc_failed = 1;
- return;
- }
- } else {
- nss_thread_rwlock_alloc_failed = 1;
- return;
- }
- }
- /*
- * add rwlock to lock stack, if limit is not exceeded
- */
- if (lock_stack) {
- if (lock_stack->trs_index < _NSS_RWLOCK_RANK_ORDER_LIMIT)
- lock_stack->trs_stack[lock_stack->trs_index++] = rwlock;
- }
- nss_thread_rwlock_initialized = 1;
-}
-
-static void
-nssRWLock_ReleaseLockStack(void *lock_stack)
-{
- PR_ASSERT(lock_stack);
- PR_DELETE(lock_stack);
-}
-
-/*
- * nssRWLock_GetThreadRank
- *
- * return thread's lock rank. If thread-private-data for the lock
- * stack is not allocated, return NSS_RWLOCK_RANK_NONE.
- */
-
-static PRUint32
-nssRWLock_GetThreadRank(PRThread *me)
-{
- thread_rwlock_stack *lock_stack;
-
- if (nss_thread_rwlock_initialized) {
- if ((lock_stack = PR_GetThreadPrivate(nss_thread_rwlock)) == NULL)
- return (NSS_RWLOCK_RANK_NONE);
- else
- return(lock_stack->trs_stack[lock_stack->trs_index - 1]->rw_rank);
-
- } else
- return (NSS_RWLOCK_RANK_NONE);
-}
-
-/*
- * nssRWLock_UnsetThreadRank
- *
- * remove the rwlock from the lock stack. Since locks may not be
- * unlocked in a FIFO order, the entire lock stack is searched.
- */
-
-static void
-nssRWLock_UnsetThreadRank(PRThread *me, NSSRWLock *rwlock)
-{
- thread_rwlock_stack *lock_stack;
- int new_index = 0, index, done = 0;
-
- if (!nss_thread_rwlock_initialized)
- return;
-
- lock_stack = PR_GetThreadPrivate(nss_thread_rwlock);
-
- PR_ASSERT(lock_stack != NULL);
-
- index = lock_stack->trs_index - 1;
- while (index-- >= 0) {
- if ((lock_stack->trs_stack[index] == rwlock) && !done) {
- /*
- * reset the slot for rwlock
- */
- lock_stack->trs_stack[index] = NULL;
- done = 1;
- }
- /*
- * search for the lowest-numbered empty slot, above which there are
- * no non-empty slots
- */
- if ((lock_stack->trs_stack[index] != NULL) && !new_index)
- new_index = index + 1;
- if (done && new_index)
- break;
- }
- /*
- * set top of stack to highest numbered empty slot
- */
- lock_stack->trs_index = new_index;
-
-}
-
-#endif /* NSS_RWLOCK_RANK_ORDER_DEBUG */
diff --git a/security/nss/lib/util/nssrwlk.h b/security/nss/lib/util/nssrwlk.h
deleted file mode 100644
index 3cad4b72d..000000000
--- a/security/nss/lib/util/nssrwlk.h
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
-** File: nsrwlock.h
-** Description: API to basic reader-writer lock functions of NSS.
-** These are re-entrant reader writer locks; that is,
-** If I hold the write lock, I can ask for it and get it again.
-** If I hold the write lock, I can also ask for and get a read lock.
-** I can then release the locks in any order (read or write).
-** I must release each lock type as many times as I acquired it.
-** Otherwise, these are normal reader/writer locks.
-**
-** For deadlock detection, locks should be ranked, and no lock may be aquired
-** while I hold a lock of higher rank number.
-** If you don't want that feature, always use NSS_RWLOCK_RANK_NONE.
-** Lock name is for debugging, and is optional (may be NULL)
-**/
-
-#ifndef nssrwlk_h___
-#define nssrwlk_h___
-
-#include "prtypes.h"
-#include "nssrwlkt.h"
-
-#define NSS_RWLOCK_RANK_NONE 0
-
-/* SEC_BEGIN_PROTOS */
-PR_BEGIN_EXTERN_C
-
-/***********************************************************************
-** FUNCTION: NSSRWLock_New
-** DESCRIPTION:
-** Returns a pointer to a newly created reader-writer lock object.
-** INPUTS: Lock rank
-** Lock name
-** OUTPUTS: void
-** RETURN: NSSRWLock*
-** If the lock cannot be created because of resource constraints, NULL
-** is returned.
-**
-***********************************************************************/
-PR_EXTERN(NSSRWLock*) NSSRWLock_New(PRUint32 lock_rank, const char *lock_name);
-
-/***********************************************************************
-** FUNCTION: NSSRWLock_AtomicCreate
-** DESCRIPTION:
-** Given the address of a NULL pointer to a NSSRWLock,
-** atomically initializes that pointer to a newly created NSSRWLock.
-** Returns the value placed into that pointer, or NULL.
-**
-** INPUTS: address of NSRWLock pointer
-** Lock rank
-** Lock name
-** OUTPUTS: NSSRWLock*
-** RETURN: NSSRWLock*
-** If the lock cannot be created because of resource constraints,
-** the pointer will be left NULL.
-**
-***********************************************************************/
-PR_EXTERN(NSSRWLock *)
-nssRWLock_AtomicCreate( NSSRWLock ** prwlock,
- PRUint32 lock_rank,
- const char * lock_name);
-
-/***********************************************************************
-** FUNCTION: NSSRWLock_Destroy
-** DESCRIPTION:
-** Destroys a given RW lock object.
-** INPUTS: NSSRWLock *lock - Lock to be freed.
-** OUTPUTS: void
-** RETURN: None
-***********************************************************************/
-PR_EXTERN(void) NSSRWLock_Destroy(NSSRWLock *lock);
-
-/***********************************************************************
-** FUNCTION: NSSRWLock_LockRead
-** DESCRIPTION:
-** Apply a read lock (non-exclusive) on a RWLock
-** INPUTS: NSSRWLock *lock - Lock to be read-locked.
-** OUTPUTS: void
-** RETURN: None
-***********************************************************************/
-PR_EXTERN(void) NSSRWLock_LockRead(NSSRWLock *lock);
-
-/***********************************************************************
-** FUNCTION: NSSRWLock_LockWrite
-** DESCRIPTION:
-** Apply a write lock (exclusive) on a RWLock
-** INPUTS: NSSRWLock *lock - Lock to write-locked.
-** OUTPUTS: void
-** RETURN: None
-***********************************************************************/
-PR_EXTERN(void) NSSRWLock_LockWrite(NSSRWLock *lock);
-
-/***********************************************************************
-** FUNCTION: NSSRWLock_UnlockRead
-** DESCRIPTION:
-** Release a Read lock. Unlocking an unlocked lock has undefined results.
-** INPUTS: NSSRWLock *lock - Lock to unlocked.
-** OUTPUTS: void
-** RETURN: void
-***********************************************************************/
-PR_EXTERN(void) NSSRWLock_UnlockRead(NSSRWLock *lock);
-
-/***********************************************************************
-** FUNCTION: NSSRWLock_UnlockWrite
-** DESCRIPTION:
-** Release a Write lock. Unlocking an unlocked lock has undefined results.
-** INPUTS: NSSRWLock *lock - Lock to unlocked.
-** OUTPUTS: void
-** RETURN: void
-***********************************************************************/
-PR_EXTERN(void) NSSRWLock_UnlockWrite(NSSRWLock *lock);
-
-/***********************************************************************
-** FUNCTION: NSSRWLock_HaveWriteLock
-** DESCRIPTION:
-** Tells caller whether the current thread holds the write lock, or not.
-** INPUTS: NSSRWLock *lock - Lock to test.
-** OUTPUTS: void
-** RETURN: PRBool PR_TRUE IFF the current thread holds the write lock.
-***********************************************************************/
-
-PR_EXTERN(PRBool) NSSRWLock_HaveWriteLock(NSSRWLock *rwlock);
-
-/* SEC_END_PROTOS */
-PR_END_EXTERN_C
-
-#endif /* nsrwlock_h___ */
diff --git a/security/nss/lib/util/nssrwlkt.h b/security/nss/lib/util/nssrwlkt.h
deleted file mode 100644
index 62f53bf4f..000000000
--- a/security/nss/lib/util/nssrwlkt.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef nssrwlkt_h___
-#define nssrwlkt_h___
-
-/*
- * NSSRWLock --
- *
- * The reader writer lock, NSSRWLock, is an opaque object to the clients
- * of NSS. All routines operate on a pointer to this opaque entity.
- */
-
-typedef struct nssRWLockStr NSSRWLock;
-
-
-#endif /* nsrwlock_h___ */
diff --git a/security/nss/lib/util/os2_rand.c b/security/nss/lib/util/os2_rand.c
deleted file mode 100644
index cbe20a205..000000000
--- a/security/nss/lib/util/os2_rand.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#define INCL_DOS
-#define INCL_DOSERRORS
-#include <os2.h>
-#include <secrng.h>
-#include <stdlib.h>
-
-static BOOL clockTickTime(unsigned long *phigh, unsigned long *plow)
-{
- APIRET rc = NO_ERROR;
- QWORD qword = {0,0};
-
- rc = DosTmrQueryTime(&qword);
- if (rc != NO_ERROR)
- return FALSE;
-
- *phigh = qword.ulHi;
- *plow = qword.ulLo;
-
- return TRUE;
-}
-
-size_t RNG_GetNoise(void *buf, size_t maxbuf)
-{
- unsigned long high = 0;
- unsigned long low = 0;
- clock_t val = 0;
- int n = 0;
- int nBytes = 0;
- time_t sTime;
-
- if (maxbuf <= 0)
- return 0;
-
- clockTickTime(&high, &low);
-
- /* get the maximally changing bits first */
- nBytes = sizeof(low) > maxbuf ? maxbuf : sizeof(low);
- memcpy(buf, &low, nBytes);
- n += nBytes;
- maxbuf -= nBytes;
-
- if (maxbuf <= 0)
- return n;
-
- nBytes = sizeof(high) > maxbuf ? maxbuf : sizeof(high);
- memcpy(((char *)buf) + n, &high, nBytes);
- n += nBytes;
- maxbuf -= nBytes;
-
- if (maxbuf <= 0)
- return n;
-
- /* get the number of milliseconds that have elapsed since application started */
- val = clock();
-
- nBytes = sizeof(val) > maxbuf ? maxbuf : sizeof(val);
- memcpy(((char *)buf) + n, &val, nBytes);
- n += nBytes;
- maxbuf -= nBytes;
-
- if (maxbuf <= 0)
- return n;
-
- /* get the time in seconds since midnight Jan 1, 1970 */
- time(&sTime);
- nBytes = sizeof(sTime) > maxbuf ? maxbuf : sizeof(sTime);
- memcpy(((char *)buf) + n, &sTime, nBytes);
- n += nBytes;
-
- return n;
-}
-
-void RNG_SystemInfoForRNG(void)
-{
- unsigned long *plong = 0;
- PTIB ptib;
- PPIB ppib;
- APIRET rc = NO_ERROR;
- DATETIME dt;
- COUNTRYCODE cc;
- COUNTRYINFO ci;
- unsigned long actual;
- char path[_MAX_PATH]="";
- unsigned long pathlength = sizeof(path);
- FSALLOCATE fsallocate;
- FILESTATUS3 fstatus;
- unsigned long defaultdrive = 0;
- unsigned long logicaldrives = 0;
- unsigned long counter = 0;
- char buffer[20];
- int nBytes = 0;
-
- nBytes = RNG_GetNoise(buffer, sizeof(buffer));
- RNG_RandomUpdate(buffer, nBytes);
-
- /* allocate memory and use address and memory */
- plong = (unsigned long *)malloc(sizeof(*plong));
- RNG_RandomUpdate(&plong, sizeof(plong));
- RNG_RandomUpdate(plong, sizeof(*plong));
- free(plong);
-
- /* process info */
- rc = DosGetInfoBlocks(&ptib, &ppib);
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(ptib, sizeof(*ptib));
- RNG_RandomUpdate(ppib, sizeof(*ppib));
- }
-
- /* time */
- rc = DosGetDateTime(&dt);
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&dt, sizeof(dt));
- }
-
- /* country */
- rc = DosQueryCtryInfo(sizeof(ci), &cc, &ci, &actual);
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&cc, sizeof(cc));
- RNG_RandomUpdate(&ci, sizeof(ci));
- RNG_RandomUpdate(&actual, sizeof(actual));
- }
-
- /* current directory */
- rc = DosQueryCurrentDir(0, path, &pathlength);
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(path, strlen(path));
- // path info
- rc = DosQueryPathInfo(path, FIL_STANDARD, &fstatus, sizeof(fstatus));
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&fstatus, sizeof(fstatus));
- }
- }
-
- /* file system info */
- rc = DosQueryFSInfo(0, FSIL_ALLOC, &fsallocate, sizeof(fsallocate));
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&fsallocate, sizeof(fsallocate));
- }
-
- /* drive info */
- rc = DosQueryCurrentDisk(&defaultdrive, &logicaldrives);
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&defaultdrive, sizeof(defaultdrive));
- RNG_RandomUpdate(&logicaldrives, sizeof(logicaldrives));
- }
-
- /* system info */
- rc = DosQuerySysInfo(QSV_MS_COUNT, QSV_MS_COUNT, &counter, sizeof(counter));
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&counter, sizeof(counter));
- }
-
- /* more noise */
- nBytes = RNG_GetNoise(buffer, sizeof(buffer));
- RNG_RandomUpdate(buffer, nBytes);
-}
-
-void RNG_FileForRNG(char *filename)
-{
- struct stat stat_buf;
- unsigned char buffer[1024];
- FILE *file = 0;
- int nBytes = 0;
- static int totalFileBytes = 0;
-
- if (stat((char *)filename, &stat_buf) < 0)
- return;
-
- RNG_RandomUpdate((unsigned char*)&stat_buf, sizeof(stat_buf));
-
- file = fopen((char *)filename, "r");
- if (file != NULL)
- {
- for (;;)
- {
- size_t bytes = fread(buffer, 1, sizeof(buffer), file);
-
- if (bytes == 0)
- break;
-
- RNG_RandomUpdate(buffer, bytes);
- totalFileBytes += bytes;
- if (totalFileBytes > 250000)
- break;
- }
- fclose(file);
- }
-
- nBytes = RNG_GetNoise(buffer, 20);
- RNG_RandomUpdate(buffer, nBytes);
-}
diff --git a/security/nss/lib/util/portreg.c b/security/nss/lib/util/portreg.c
deleted file mode 100644
index 79d13d67c..000000000
--- a/security/nss/lib/util/portreg.c
+++ /dev/null
@@ -1,317 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * shexp.c: shell-like wildcard match routines
- *
- *
- * See shexp.h for public documentation.
- *
- */
-
-#include "seccomon.h"
-#include "portreg.h"
-
-/* ----------------------------- shexp_valid ------------------------------ */
-
-
-static int
-_valid_subexp(char *exp, char stop)
-{
- register int x,y,t;
- int nsc,np,tld;
-
- x=0;nsc=0;tld=0;
-
- while(exp[x] && (exp[x] != stop)) {
- switch(exp[x]) {
- case '~':
- if(tld) return INVALID_SXP;
- else ++tld;
- case '*':
- case '?':
- case '^':
- case '$':
- ++nsc;
- break;
- case '[':
- ++nsc;
- if((!exp[++x]) || (exp[x] == ']'))
- return INVALID_SXP;
- for(++x;exp[x] && (exp[x] != ']');++x)
- if(exp[x] == '\\')
- if(!exp[++x])
- return INVALID_SXP;
- if(!exp[x])
- return INVALID_SXP;
- break;
- case '(':
- ++nsc;np = 0;
- while(1) {
- if(exp[++x] == ')')
- return INVALID_SXP;
- for(y=x;(exp[y]) && (exp[y] != '|') && (exp[y] != ')');++y)
- if(exp[y] == '\\')
- if(!exp[++y])
- return INVALID_SXP;
- if(!exp[y])
- return INVALID_SXP;
- if(exp[y] == '|')
- ++np;
- t = _valid_subexp(&exp[x],exp[y]);
- if(t == INVALID_SXP)
- return INVALID_SXP;
- x+=t;
- if(exp[x] == ')') {
- if(!np)
- return INVALID_SXP;
- break;
- }
- }
- break;
- case ')':
- case ']':
- return INVALID_SXP;
- case '\\':
- if(!exp[++x])
- return INVALID_SXP;
- default:
- break;
- }
- ++x;
- }
- if((!stop) && (!nsc))
- return NON_SXP;
- return ((exp[x] == stop) ? x : INVALID_SXP);
-}
-
-int
-PORT_RegExpValid(char *exp)
-{
- int x;
-
- x = _valid_subexp(exp, '\0');
- return (x < 0 ? x : VALID_SXP);
-}
-
-
-/* ----------------------------- shexp_match ----------------------------- */
-
-
-#define MATCH 0
-#define NOMATCH 1
-#define ABORTED -1
-
-static int _shexp_match(char *str, char *exp, PRBool case_insensitive);
-
-static int
-_handle_union(char *str, char *exp, PRBool case_insensitive)
-{
- char *e2 = (char *) PORT_Alloc(sizeof(char)*strlen(exp));
- register int t,p2,p1 = 1;
- int cp;
-
- while(1) {
- for(cp=1;exp[cp] != ')';cp++)
- if(exp[cp] == '\\')
- ++cp;
- for(p2 = 0;(exp[p1] != '|') && (p1 != cp);p1++,p2++) {
- if(exp[p1] == '\\')
- e2[p2++] = exp[p1++];
- e2[p2] = exp[p1];
- }
- for (t=cp+1; ((e2[p2] = exp[t]) != 0); ++t,++p2) {}
- if(_shexp_match(str,e2, case_insensitive) == MATCH) {
- PORT_Free(e2);
- return MATCH;
- }
- if(p1 == cp) {
- PORT_Free(e2);
- return NOMATCH;
- }
- else ++p1;
- }
-}
-
-
-static int
-_shexp_match(char *str, char *exp, PRBool case_insensitive)
-{
- register int x,y;
- int ret,neg;
-
- ret = 0;
- for(x=0,y=0;exp[y];++y,++x) {
- if((!str[x]) && (exp[y] != '(') && (exp[y] != '$') && (exp[y] != '*'))
- ret = ABORTED;
- else {
- switch(exp[y]) {
- case '$':
- if( (str[x]) )
- ret = NOMATCH;
- else
- --x; /* we don't want loop to increment x */
- break;
- case '*':
- while(exp[++y] == '*'){}
- if(!exp[y])
- return MATCH;
- while(str[x]) {
- switch(_shexp_match(&str[x++],&exp[y], case_insensitive)) {
- case NOMATCH:
- continue;
- case ABORTED:
- ret = ABORTED;
- break;
- default:
- return MATCH;
- }
- break;
- }
- if((exp[y] == '$') && (exp[y+1] == '\0') && (!str[x]))
- return MATCH;
- else
- ret = ABORTED;
- break;
- case '[':
- neg = ((exp[++y] == '^') && (exp[y+1] != ']'));
- if (neg)
- ++y;
-
- if ((isalnum(exp[y])) && (exp[y+1] == '-') &&
- (isalnum(exp[y+2])) && (exp[y+3] == ']'))
- {
- int start = exp[y], end = exp[y+2];
-
- /* no safeguards here */
- if(neg ^ ((str[x] < start) || (str[x] > end))) {
- ret = NOMATCH;
- break;
- }
- y+=3;
- }
- else {
- int matched;
-
- for (matched=0;exp[y] != ']';y++)
- matched |= (str[x] == exp[y]);
- if (neg ^ (!matched))
- ret = NOMATCH;
- }
- break;
- case '(':
- return _handle_union(&str[x],&exp[y], case_insensitive);
- break;
- case '?':
- break;
- case '\\':
- ++y;
- default:
- if(case_insensitive)
- {
- if(toupper(str[x]) != toupper(exp[y]))
- ret = NOMATCH;
- }
- else
- {
- if(str[x] != exp[y])
- ret = NOMATCH;
- }
- break;
- }
- }
- if(ret)
- break;
- }
- return (ret ? ret : (str[x] ? NOMATCH : MATCH));
-}
-
-int
-PORT_RegExpMatch(char *str, char *xp, PRBool case_insensitive) {
- register int x;
- char *exp = 0;
-
- exp = PORT_Strdup(xp);
-
- if(!exp)
- return 1;
-
- for(x=strlen(exp)-1;x;--x) {
- if((exp[x] == '~') && (exp[x-1] != '\\')) {
- exp[x] = '\0';
- if(_shexp_match(str,&exp[++x], case_insensitive) == MATCH)
- goto punt;
- break;
- }
- }
- if(_shexp_match(str,exp, PR_FALSE) == MATCH) {
- PORT_Free(exp);
- return 0;
- }
-
- punt:
- PORT_Free(exp);
- return 1;
-}
-
-
-/* ------------------------------ shexp_cmp ------------------------------- */
-
-int
-PORT_RegExpSearch(char *str, char *exp)
-{
- switch(PORT_RegExpValid(exp))
- {
- case INVALID_SXP:
- return -1;
- case NON_SXP:
- return (strcmp(exp,str) ? 1 : 0);
- default:
- return PORT_RegExpMatch(str, exp, PR_FALSE);
- }
-}
-
-int
-PORT_RegExpCaseSearch(char *str, char *exp)
-{
- switch(PORT_RegExpValid(exp))
- {
- case INVALID_SXP:
- return -1;
- case NON_SXP:
- return (strcmp(exp,str) ? 1 : 0);
- default:
- return PORT_RegExpMatch(str, exp, PR_TRUE);
- }
-}
-
diff --git a/security/nss/lib/util/portreg.h b/security/nss/lib/util/portreg.h
deleted file mode 100644
index 39a2df9d5..000000000
--- a/security/nss/lib/util/portreg.h
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * shexp.h: Defines and prototypes for shell exp. match routines
- *
- *
- * This routine will match a string with a shell expression. The expressions
- * accepted are based loosely on the expressions accepted by zsh.
- *
- * o * matches anything
- * o ? matches one character
- * o \ will escape a special character
- * o $ matches the end of the string
- * o [abc] matches one occurence of a, b, or c. The only character that needs
- * to be escaped in this is ], all others are not special.
- * o [a-z] matches any character between a and z
- * o [^az] matches any character except a or z
- * o ~ followed by another shell expression will remove any pattern
- * matching the shell expression from the match list
- * o (foo|bar) will match either the substring foo, or the substring bar.
- * These can be shell expressions as well.
- *
- * The public interface to these routines is documented below.
- *
- */
-
-#ifndef SHEXP_H
-#define SHEXP_H
-
-/*
- * Requires that the macro MALLOC be set to a "safe" malloc that will
- * exit if no memory is available.
- */
-
-
-/* --------------------------- Public routines ---------------------------- */
-
-
-/*
- * shexp_valid takes a shell expression exp as input. It returns:
- *
- * NON_SXP if exp is a standard string
- * INVALID_SXP if exp is a shell expression, but invalid
- * VALID_SXP if exp is a valid shell expression
- */
-
-#define NON_SXP -1
-#define INVALID_SXP -2
-#define VALID_SXP 1
-
-SEC_BEGIN_PROTOS
-
-extern int PORT_RegExpValid(char *exp);
-
-/* same as above but uses case insensitive search
- */
-extern int PORT_RegExpCaseSearch(char *str, char *exp);
-
-SEC_END_PROTOS
-
-#endif
diff --git a/security/nss/lib/util/pqgutil.c b/security/nss/lib/util/pqgutil.c
deleted file mode 100644
index dad8c6b78..000000000
--- a/security/nss/lib/util/pqgutil.c
+++ /dev/null
@@ -1,267 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#include "pqgutil.h"
-#include "prerror.h"
-#include "secitem.h"
-
-#define PQG_DEFAULT_CHUNKSIZE 2048 /* bytes */
-
-/**************************************************************************
- * Return a pointer to a new PQGParams struct that is a duplicate of *
- * the one passed as an argument. *
- * Return NULL on failure, or if NULL was passed in. *
- * *
- **************************************************************************/
-
-PQGParams *
-PQG_DupParams(const PQGParams *src)
-{
- PRArenaPool *arena;
- PQGParams *dest;
- SECStatus status;
-
- if (src == NULL) {
- PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
- return NULL;
- }
-
- arena = PORT_NewArena(PQG_DEFAULT_CHUNKSIZE);
- if (arena == NULL)
- goto loser;
-
- dest = (PQGParams*)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
- if (dest == NULL)
- goto loser;
-
- dest->arena = arena;
-
- status = SECITEM_CopyItem(arena, &dest->prime, &src->prime);
- if (status != SECSuccess)
- goto loser;
-
- status = SECITEM_CopyItem(arena, &dest->subPrime, &src->subPrime);
- if (status != SECSuccess)
- goto loser;
-
- status = SECITEM_CopyItem(arena, &dest->base, &src->base);
- if (status != SECSuccess)
- goto loser;
-
- return dest;
-
-loser:
- if (arena != NULL)
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
-}
-
-/**************************************************************************
- * Return a pointer to a new PQGParams struct that is constructed from *
- * copies of the arguments passed in. *
- * Return NULL on failure. *
- **************************************************************************/
-
-PQGParams *
-PQG_NewParams(const SECItem * prime, const SECItem * subPrime,
- const SECItem * base)
-{
- PQGParams * dest;
- PQGParams src;
-
- src.arena = NULL;
- src.prime = *prime;
- src.subPrime = *subPrime;
- src.base = *base;
- dest = PQG_DupParams(&src);
- return dest;
-}
-
-/**************************************************************************
- * Fills in caller's "prime" SECItem with the prime value in params.
- * Contents can be freed by calling SECITEM_FreeItem(prime, PR_FALSE);
- **************************************************************************/
-SECStatus
-PQG_GetPrimeFromParams(const PQGParams *params, SECItem * prime)
-{
- return SECITEM_CopyItem(NULL, prime, &params->prime);
-}
-
-/**************************************************************************
- * Fills in caller's "subPrime" SECItem with the prime value in params.
- * Contents can be freed by calling SECITEM_FreeItem(subPrime, PR_FALSE);
- **************************************************************************/
-SECStatus
-PQG_GetSubPrimeFromParams(const PQGParams *params, SECItem * subPrime)
-{
- return SECITEM_CopyItem(NULL, subPrime, &params->subPrime);
-}
-
-/**************************************************************************
- * Fills in caller's "base" SECItem with the base value in params.
- * Contents can be freed by calling SECITEM_FreeItem(base, PR_FALSE);
- **************************************************************************/
-SECStatus
-PQG_GetBaseFromParams(const PQGParams *params, SECItem * base)
-{
- return SECITEM_CopyItem(NULL, base, &params->base);
-}
-
-/**************************************************************************
- * Free the PQGParams struct and the things it points to. *
- **************************************************************************/
-void
-PQG_DestroyParams(PQGParams *params)
-{
- if (params == NULL)
- return;
- if (params->arena != NULL) {
- PORT_FreeArena(params->arena, PR_FALSE); /* don't zero it */
- return;
- }
- SECITEM_FreeItem(&params->prime, PR_FALSE); /* don't free prime */
- SECITEM_FreeItem(&params->subPrime, PR_FALSE); /* don't free subPrime */
- SECITEM_FreeItem(&params->base, PR_FALSE); /* don't free base */
- PORT_Free(params);
-}
-
-/**************************************************************************
- * Return a pointer to a new PQGVerify struct that is a duplicate of *
- * the one passed as an argument. *
- * Return NULL on failure, or if NULL was passed in. *
- **************************************************************************/
-
-PQGVerify *
-PQG_DupVerify(const PQGVerify *src)
-{
- PRArenaPool *arena;
- PQGVerify * dest;
- SECStatus status;
-
- if (src == NULL) {
- PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
- return NULL;
- }
-
- arena = PORT_NewArena(PQG_DEFAULT_CHUNKSIZE);
- if (arena == NULL)
- goto loser;
-
- dest = (PQGVerify*)PORT_ArenaZAlloc(arena, sizeof(PQGVerify));
- if (dest == NULL)
- goto loser;
-
- dest->arena = arena;
- dest->counter = src->counter;
-
- status = SECITEM_CopyItem(arena, &dest->seed, &src->seed);
- if (status != SECSuccess)
- goto loser;
-
- status = SECITEM_CopyItem(arena, &dest->h, &src->h);
- if (status != SECSuccess)
- goto loser;
-
- return dest;
-
-loser:
- if (arena != NULL)
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
-}
-
-/**************************************************************************
- * Return a pointer to a new PQGVerify struct that is constructed from *
- * copies of the arguments passed in. *
- * Return NULL on failure. *
- **************************************************************************/
-
-PQGVerify *
-PQG_NewVerify(unsigned int counter, const SECItem * seed, const SECItem * h)
-{
- PQGVerify * dest;
- PQGVerify src;
-
- src.arena = NULL;
- src.counter = counter;
- src.seed = *seed;
- src.h = *h;
- dest = PQG_DupVerify(&src);
- return dest;
-}
-
-/**************************************************************************
- * Returns the "counter" value from the PQGVerify.
- **************************************************************************/
-unsigned int
-PQG_GetCounterFromVerify(const PQGVerify *verify)
-{
- return verify->counter;
-}
-
-/**************************************************************************
- * Fills in caller's "seed" SECItem with the seed value in verify.
- * Contents can be freed by calling SECITEM_FreeItem(seed, PR_FALSE);
- **************************************************************************/
-SECStatus
-PQG_GetSeedFromVerify(const PQGVerify *verify, SECItem * seed)
-{
- return SECITEM_CopyItem(NULL, seed, &verify->seed);
-}
-
-/**************************************************************************
- * Fills in caller's "h" SECItem with the h value in verify.
- * Contents can be freed by calling SECITEM_FreeItem(h, PR_FALSE);
- **************************************************************************/
-SECStatus
-PQG_GetHFromVerify(const PQGVerify *verify, SECItem * h)
-{
- return SECITEM_CopyItem(NULL, h, &verify->h);
-}
-
-/**************************************************************************
- * Free the PQGVerify struct and the things it points to. *
- **************************************************************************/
-
-void
-PQG_DestroyVerify(PQGVerify *vfy)
-{
- if (vfy == NULL)
- return;
- if (vfy->arena != NULL) {
- PORT_FreeArena(vfy->arena, PR_FALSE); /* don't zero it */
- return;
- }
- SECITEM_FreeItem(&vfy->seed, PR_FALSE); /* don't free seed */
- SECITEM_FreeItem(&vfy->h, PR_FALSE); /* don't free h */
- PORT_Free(vfy);
-}
diff --git a/security/nss/lib/util/pqgutil.h b/security/nss/lib/util/pqgutil.h
deleted file mode 100644
index 1ceb87803..000000000
--- a/security/nss/lib/util/pqgutil.h
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifndef _PQGUTIL_H_
-#define _PQGUTIL_H_ 1
-
-#include "blapi.h"
-
-/**************************************************************************
- * Return a pointer to a new PQGParams struct that is a duplicate of *
- * the one passed as an argument. *
- * Return NULL on failure, or if NULL was passed in. *
- **************************************************************************/
-extern PQGParams * PQG_DupParams(const PQGParams *src);
-
-
-/**************************************************************************
- * Return a pointer to a new PQGParams struct that is constructed from *
- * copies of the arguments passed in. *
- * Return NULL on failure. *
- **************************************************************************/
-extern PQGParams * PQG_NewParams(const SECItem * prime,
- const SECItem * subPrime,
- const SECItem * base);
-
-
-/**************************************************************************
- * Fills in caller's "prime" SECItem with the prime value in params.
- * Contents can be freed by calling SECITEM_FreeItem(prime, PR_FALSE);
- **************************************************************************/
-extern SECStatus PQG_GetPrimeFromParams(const PQGParams *params,
- SECItem * prime);
-
-
-/**************************************************************************
- * Fills in caller's "subPrime" SECItem with the prime value in params.
- * Contents can be freed by calling SECITEM_FreeItem(subPrime, PR_FALSE);
- **************************************************************************/
-extern SECStatus PQG_GetSubPrimeFromParams(const PQGParams *params,
- SECItem * subPrime);
-
-
-/**************************************************************************
- * Fills in caller's "base" SECItem with the base value in params.
- * Contents can be freed by calling SECITEM_FreeItem(base, PR_FALSE);
- **************************************************************************/
-extern SECStatus PQG_GetBaseFromParams(const PQGParams *params, SECItem *base);
-
-
-/**************************************************************************
- * Free the PQGParams struct and the things it points to. *
- **************************************************************************/
-extern void PQG_DestroyParams(PQGParams *params);
-
-
-/**************************************************************************
- * Return a pointer to a new PQGVerify struct that is a duplicate of *
- * the one passed as an argument. *
- * Return NULL on failure, or if NULL was passed in. *
- **************************************************************************/
-extern PQGVerify * PQG_DupVerify(const PQGVerify *src);
-
-
-/**************************************************************************
- * Return a pointer to a new PQGVerify struct that is constructed from *
- * copies of the arguments passed in. *
- * Return NULL on failure. *
- **************************************************************************/
-extern PQGVerify * PQG_NewVerify(unsigned int counter, const SECItem * seed,
- const SECItem * h);
-
-
-/**************************************************************************
- * Returns "counter" value from the PQGVerify.
- **************************************************************************/
-extern unsigned int PQG_GetCounterFromVerify(const PQGVerify *verify);
-
-/**************************************************************************
- * Fills in caller's "seed" SECItem with the seed value in verify.
- * Contents can be freed by calling SECITEM_FreeItem(seed, PR_FALSE);
- **************************************************************************/
-extern SECStatus PQG_GetSeedFromVerify(const PQGVerify *verify, SECItem *seed);
-
-
-/**************************************************************************
- * Fills in caller's "h" SECItem with the h value in verify.
- * Contents can be freed by calling SECITEM_FreeItem(h, PR_FALSE);
- **************************************************************************/
-extern SECStatus PQG_GetHFromVerify(const PQGVerify *verify, SECItem * h);
-
-
-/**************************************************************************
- * Free the PQGVerify struct and the things it points to. *
- **************************************************************************/
-extern void PQG_DestroyVerify(PQGVerify *vfy);
-
-
-#endif
diff --git a/security/nss/lib/util/ret_cr16.s b/security/nss/lib/util/ret_cr16.s
deleted file mode 100644
index d1fffc577..000000000
--- a/security/nss/lib/util/ret_cr16.s
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef __LP64__
- .LEVEL 2.0W
-#else
- .LEVEL 1.1
-#endif
-
- .CODE ; equivalent to the following two lines
-; .SPACE $TEXT$,SORT=8
-; .SUBSPA $CODE$,QUAD=0,ALIGN=4,ACCESS=0x2c,CODE_ONLY,SORT=24
-
-ret_cr16
- .PROC
- .CALLINFO FRAME=0, NO_CALLS
- .EXPORT ret_cr16,ENTRY
- .ENTER
-; BV %r0(%rp)
- BV 0(%rp)
- MFCTL %cr16,%ret0
- .LEAVE
- .PROCEND
- .END
diff --git a/security/nss/lib/util/secalgid.c b/security/nss/lib/util/secalgid.c
deleted file mode 100644
index 7b04941a1..000000000
--- a/security/nss/lib/util/secalgid.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secoid.h"
-#include "secder.h" /* XXX remove this when remove the DERTemplate */
-#include "secasn1.h"
-#include "secitem.h"
-#include "secerr.h"
-
-/* XXX Old template; want to expunge it eventually. */
-DERTemplate SECAlgorithmIDTemplate[] = {
- { DER_SEQUENCE,
- 0, NULL, sizeof(SECAlgorithmID) },
- { DER_OBJECT_ID,
- offsetof(SECAlgorithmID,algorithm), },
- { DER_OPTIONAL | DER_ANY,
- offsetof(SECAlgorithmID,parameters), },
- { 0, }
-};
-
-const SEC_ASN1Template SECOID_AlgorithmIDTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECAlgorithmID) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(SECAlgorithmID,algorithm), },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
- offsetof(SECAlgorithmID,parameters), },
- { 0, }
-};
-
-SECOidTag
-SECOID_GetAlgorithmTag(SECAlgorithmID *id)
-{
- if (id == NULL || id->algorithm.data == NULL)
- return SEC_OID_UNKNOWN;
-
- return SECOID_FindOIDTag (&(id->algorithm));
-}
-
-SECStatus
-SECOID_SetAlgorithmID(PRArenaPool *arena, SECAlgorithmID *id, SECOidTag which,
- SECItem *params)
-{
- SECOidData *oiddata;
- PRBool add_null_param;
-
- oiddata = SECOID_FindOIDByTag(which);
- if ( !oiddata ) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
-
- if (SECITEM_CopyItem(arena, &id->algorithm, &oiddata->oid))
- return SECFailure;
-
- switch (which) {
- case SEC_OID_MD2:
- case SEC_OID_MD4:
- case SEC_OID_MD5:
- case SEC_OID_SHA1:
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
- add_null_param = PR_TRUE;
- break;
- default:
- add_null_param = PR_FALSE;
- break;
- }
-
- if (params) {
- /*
- * I am specifically *not* enforcing the following assertion
- * (by following it up with an error and a return of failure)
- * because I do not want to introduce any change in the current
- * behavior. But I do want for us to notice if the following is
- * ever true, because I do not think it should be so and probably
- * signifies an error/bug somewhere.
- */
- PORT_Assert(!add_null_param || (params->len == 2
- && params->data[0] == SEC_ASN1_NULL
- && params->data[1] == 0));
- if (SECITEM_CopyItem(arena, &id->parameters, params)) {
- return SECFailure;
- }
- } else {
- /*
- * Again, this is not considered an error. But if we assume
- * that nobody tries to set the parameters field themselves
- * (but always uses this routine to do that), then we should
- * not hit the following assertion. Unless they forgot to zero
- * the structure, which could also be a bad (and wrong) thing.
- */
- PORT_Assert(id->parameters.data == NULL);
-
- if (add_null_param) {
- (void) SECITEM_AllocItem(arena, &id->parameters, 2);
- if (id->parameters.data == NULL) {
- return SECFailure;
- }
- id->parameters.data[0] = SEC_ASN1_NULL;
- id->parameters.data[1] = 0;
- }
- }
-
- return SECSuccess;
-}
-
-SECStatus
-SECOID_CopyAlgorithmID(PRArenaPool *arena, SECAlgorithmID *to, SECAlgorithmID *from)
-{
- SECStatus rv;
-
- rv = SECITEM_CopyItem(arena, &to->algorithm, &from->algorithm);
- if (rv) return rv;
- rv = SECITEM_CopyItem(arena, &to->parameters, &from->parameters);
- return rv;
-}
-
-void SECOID_DestroyAlgorithmID(SECAlgorithmID *algid, PRBool freeit)
-{
- SECITEM_FreeItem(&algid->parameters, PR_FALSE);
- SECITEM_FreeItem(&algid->algorithm, PR_FALSE);
- if(freeit == PR_TRUE)
- PORT_Free(algid);
-}
-
-SECComparison
-SECOID_CompareAlgorithmID(SECAlgorithmID *a, SECAlgorithmID *b)
-{
- SECComparison rv;
-
- rv = SECITEM_CompareItem(&a->algorithm, &b->algorithm);
- if (rv) return rv;
- rv = SECITEM_CompareItem(&a->parameters, &b->parameters);
- return rv;
-}
diff --git a/security/nss/lib/util/secasn1.h b/security/nss/lib/util/secasn1.h
deleted file mode 100644
index f35860ea2..000000000
--- a/security/nss/lib/util/secasn1.h
+++ /dev/null
@@ -1,264 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Support for encoding/decoding of ASN.1 using BER/DER (Basic/Distinguished
- * Encoding Rules). The routines are found in and used extensively by the
- * security library, but exported for other use.
- *
- * $Id$
- */
-
-#ifndef _SECASN1_H_
-#define _SECASN1_H_
-
-#include "plarena.h"
-
-#include "seccomon.h"
-#include "secasn1t.h"
-
-
-/************************************************************************/
-SEC_BEGIN_PROTOS
-
-/*
- * XXX These function prototypes need full, explanatory comments.
- */
-
-/*
-** Decoding.
-*/
-
-extern SEC_ASN1DecoderContext *SEC_ASN1DecoderStart(PRArenaPool *pool,
- void *dest,
- const SEC_ASN1Template *t);
-
-/* XXX char or unsigned char? */
-extern SECStatus SEC_ASN1DecoderUpdate(SEC_ASN1DecoderContext *cx,
- const char *buf,
- unsigned long len);
-
-extern SECStatus SEC_ASN1DecoderFinish(SEC_ASN1DecoderContext *cx);
-
-extern void SEC_ASN1DecoderSetFilterProc(SEC_ASN1DecoderContext *cx,
- SEC_ASN1WriteProc fn,
- void *arg, PRBool no_store);
-
-extern void SEC_ASN1DecoderClearFilterProc(SEC_ASN1DecoderContext *cx);
-
-extern void SEC_ASN1DecoderSetNotifyProc(SEC_ASN1DecoderContext *cx,
- SEC_ASN1NotifyProc fn,
- void *arg);
-
-extern void SEC_ASN1DecoderClearNotifyProc(SEC_ASN1DecoderContext *cx);
-
-extern SECStatus SEC_ASN1Decode(PRArenaPool *pool, void *dest,
- const SEC_ASN1Template *t,
- const char *buf, long len);
-
-extern SECStatus SEC_ASN1DecodeItem(PRArenaPool *pool, void *dest,
- const SEC_ASN1Template *t,
- SECItem *item);
-/*
-** Encoding.
-*/
-
-extern SEC_ASN1EncoderContext *SEC_ASN1EncoderStart(void *src,
- const SEC_ASN1Template *t,
- SEC_ASN1WriteProc fn,
- void *output_arg);
-
-/* XXX char or unsigned char? */
-extern SECStatus SEC_ASN1EncoderUpdate(SEC_ASN1EncoderContext *cx,
- const char *buf,
- unsigned long len);
-
-extern void SEC_ASN1EncoderFinish(SEC_ASN1EncoderContext *cx);
-
-extern void SEC_ASN1EncoderSetNotifyProc(SEC_ASN1EncoderContext *cx,
- SEC_ASN1NotifyProc fn,
- void *arg);
-
-extern void SEC_ASN1EncoderClearNotifyProc(SEC_ASN1EncoderContext *cx);
-
-extern void SEC_ASN1EncoderSetStreaming(SEC_ASN1EncoderContext *cx);
-
-extern void SEC_ASN1EncoderClearStreaming(SEC_ASN1EncoderContext *cx);
-
-extern void sec_ASN1EncoderSetDER(SEC_ASN1EncoderContext *cx);
-
-extern void sec_ASN1EncoderClearDER(SEC_ASN1EncoderContext *cx);
-
-extern void SEC_ASN1EncoderSetTakeFromBuf(SEC_ASN1EncoderContext *cx);
-
-extern void SEC_ASN1EncoderClearTakeFromBuf(SEC_ASN1EncoderContext *cx);
-
-extern SECStatus SEC_ASN1Encode(void *src, const SEC_ASN1Template *t,
- SEC_ASN1WriteProc output_proc,
- void *output_arg);
-
-extern SECItem * SEC_ASN1EncodeItem(PRArenaPool *pool, SECItem *dest,
- void *src, const SEC_ASN1Template *t);
-
-extern SECItem * SEC_ASN1EncodeInteger(PRArenaPool *pool,
- SECItem *dest, long value);
-
-extern SECItem * SEC_ASN1EncodeUnsignedInteger(PRArenaPool *pool,
- SECItem *dest,
- unsigned long value);
-
-extern SECStatus SEC_ASN1DecodeInteger(SECItem *src,
- unsigned long *value);
-
-/*
-** Utilities.
-*/
-
-/*
- * We have a length that needs to be encoded; how many bytes will the
- * encoding take?
- */
-extern int SEC_ASN1LengthLength (unsigned long len);
-
-/* encode the length and return the number of bytes we encoded. Buffer
- * must be pre allocated */
-extern int SEC_ASN1EncodeLength(unsigned char *buf,int value);
-
-/*
- * Find the appropriate subtemplate for the given template.
- * This may involve calling a "chooser" function, or it may just
- * be right there. In either case, it is expected to *have* a
- * subtemplate; this is asserted in debug builds (in non-debug
- * builds, NULL will be returned).
- *
- * "thing" is a pointer to the structure being encoded/decoded
- * "encoding", when true, means that we are in the process of encoding
- * (as opposed to in the process of decoding)
- */
-extern const SEC_ASN1Template *
-SEC_ASN1GetSubtemplate (const SEC_ASN1Template *inTemplate, void *thing,
- PRBool encoding);
-
-SEC_END_PROTOS
-/************************************************************************/
-
-/*
- * Generic Templates
- * One for each of the simple types, plus a special one for ANY, plus:
- * - a pointer to each one of those
- * - a set of each one of those
- * - a sequence of each one of those
- *
- * Note that these are alphabetical (case insensitive); please add new
- * ones in the appropriate place.
- */
-
-extern const SEC_ASN1Template SEC_AnyTemplate[];
-extern const SEC_ASN1Template SEC_BitStringTemplate[];
-extern const SEC_ASN1Template SEC_BMPStringTemplate[];
-extern const SEC_ASN1Template SEC_BooleanTemplate[];
-extern const SEC_ASN1Template SEC_EnumeratedTemplate[];
-extern const SEC_ASN1Template SEC_GeneralizedTimeTemplate[];
-extern const SEC_ASN1Template SEC_IA5StringTemplate[];
-extern const SEC_ASN1Template SEC_IntegerTemplate[];
-extern const SEC_ASN1Template SEC_NullTemplate[];
-extern const SEC_ASN1Template SEC_ObjectIDTemplate[];
-extern const SEC_ASN1Template SEC_OctetStringTemplate[];
-extern const SEC_ASN1Template SEC_PrintableStringTemplate[];
-extern const SEC_ASN1Template SEC_T61StringTemplate[];
-extern const SEC_ASN1Template SEC_UniversalStringTemplate[];
-extern const SEC_ASN1Template SEC_UTCTimeTemplate[];
-extern const SEC_ASN1Template SEC_UTF8StringTemplate[];
-extern const SEC_ASN1Template SEC_VisibleStringTemplate[];
-
-extern const SEC_ASN1Template SEC_PointerToAnyTemplate[];
-extern const SEC_ASN1Template SEC_PointerToBitStringTemplate[];
-extern const SEC_ASN1Template SEC_PointerToBMPStringTemplate[];
-extern const SEC_ASN1Template SEC_PointerToBooleanTemplate[];
-extern const SEC_ASN1Template SEC_PointerToEnumeratedTemplate[];
-extern const SEC_ASN1Template SEC_PointerToGeneralizedTimeTemplate[];
-extern const SEC_ASN1Template SEC_PointerToIA5StringTemplate[];
-extern const SEC_ASN1Template SEC_PointerToIntegerTemplate[];
-extern const SEC_ASN1Template SEC_PointerToNullTemplate[];
-extern const SEC_ASN1Template SEC_PointerToObjectIDTemplate[];
-extern const SEC_ASN1Template SEC_PointerToOctetStringTemplate[];
-extern const SEC_ASN1Template SEC_PointerToPrintableStringTemplate[];
-extern const SEC_ASN1Template SEC_PointerToT61StringTemplate[];
-extern const SEC_ASN1Template SEC_PointerToUniversalStringTemplate[];
-extern const SEC_ASN1Template SEC_PointerToUTCTimeTemplate[];
-extern const SEC_ASN1Template SEC_PointerToUTF8StringTemplate[];
-extern const SEC_ASN1Template SEC_PointerToVisibleStringTemplate[];
-
-extern const SEC_ASN1Template SEC_SequenceOfAnyTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfBitStringTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfBMPStringTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfBooleanTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfEnumeratedTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfGeneralizedTimeTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfIA5StringTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfIntegerTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfNullTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfObjectIDTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfOctetStringTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfPrintableStringTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfT61StringTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfUniversalStringTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfUTCTimeTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfUTF8StringTemplate[];
-extern const SEC_ASN1Template SEC_SequenceOfVisibleStringTemplate[];
-
-extern const SEC_ASN1Template SEC_SetOfAnyTemplate[];
-extern const SEC_ASN1Template SEC_SetOfBitStringTemplate[];
-extern const SEC_ASN1Template SEC_SetOfBMPStringTemplate[];
-extern const SEC_ASN1Template SEC_SetOfBooleanTemplate[];
-extern const SEC_ASN1Template SEC_SetOfEnumeratedTemplate[];
-extern const SEC_ASN1Template SEC_SetOfGeneralizedTimeTemplate[];
-extern const SEC_ASN1Template SEC_SetOfIA5StringTemplate[];
-extern const SEC_ASN1Template SEC_SetOfIntegerTemplate[];
-extern const SEC_ASN1Template SEC_SetOfNullTemplate[];
-extern const SEC_ASN1Template SEC_SetOfObjectIDTemplate[];
-extern const SEC_ASN1Template SEC_SetOfOctetStringTemplate[];
-extern const SEC_ASN1Template SEC_SetOfPrintableStringTemplate[];
-extern const SEC_ASN1Template SEC_SetOfT61StringTemplate[];
-extern const SEC_ASN1Template SEC_SetOfUniversalStringTemplate[];
-extern const SEC_ASN1Template SEC_SetOfUTCTimeTemplate[];
-extern const SEC_ASN1Template SEC_SetOfUTF8StringTemplate[];
-extern const SEC_ASN1Template SEC_SetOfVisibleStringTemplate[];
-
-/*
- * Template for skipping a subitem; this only makes sense when decoding.
- */
-extern const SEC_ASN1Template SEC_SkipTemplate[];
-
-
-#endif /* _SECASN1_H_ */
diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c
deleted file mode 100644
index 544210d3d..000000000
--- a/security/nss/lib/util/secasn1d.c
+++ /dev/null
@@ -1,2934 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Support for DEcoding ASN.1 data based on BER/DER (Basic/Distinguished
- * Encoding Rules).
- *
- * $Id$
- */
-
-#include "secasn1.h"
-#include "secerr.h"
-
-typedef enum {
- beforeIdentifier,
- duringIdentifier,
- afterIdentifier,
- beforeLength,
- duringLength,
- afterLength,
- beforeBitString,
- duringBitString,
- duringConstructedString,
- duringGroup,
- duringLeaf,
- duringSaveEncoding,
- duringSequence,
- afterConstructedString,
- afterGroup,
- afterExplicit,
- afterImplicit,
- afterInline,
- afterPointer,
- afterSaveEncoding,
- beforeEndOfContents,
- duringEndOfContents,
- afterEndOfContents,
- beforeChoice,
- duringChoice,
- afterChoice,
- notInUse
-} sec_asn1d_parse_place;
-
-#ifdef DEBUG_ASN1D_STATES
-static const char *place_names[] = {
- "beforeIdentifier",
- "duringIdentifier",
- "afterIdentifier",
- "beforeLength",
- "duringLength",
- "afterLength",
- "beforeBitString",
- "duringBitString",
- "duringConstructedString",
- "duringGroup",
- "duringLeaf",
- "duringSaveEncoding",
- "duringSequence",
- "afterConstructedString",
- "afterGroup",
- "afterExplicit",
- "afterImplicit",
- "afterInline",
- "afterPointer",
- "afterSaveEncoding",
- "beforeEndOfContents",
- "duringEndOfContents",
- "afterEndOfContents",
- "beforeChoice",
- "duringChoice",
- "afterChoice",
- "notInUse"
-};
-#endif /* DEBUG_ASN1D_STATES */
-
-typedef enum {
- allDone,
- decodeError,
- keepGoing,
- needBytes
-} sec_asn1d_parse_status;
-
-struct subitem {
- const void *data;
- unsigned long len; /* only used for substrings */
- struct subitem *next;
-};
-
-typedef struct sec_asn1d_state_struct {
- SEC_ASN1DecoderContext *top;
- const SEC_ASN1Template *theTemplate;
- void *dest;
-
- void *our_mark; /* free on completion */
-
- struct sec_asn1d_state_struct *parent; /* aka prev */
- struct sec_asn1d_state_struct *child; /* aka next */
-
- sec_asn1d_parse_place place;
-
- /*
- * XXX explain the next fields as clearly as possible...
- */
- unsigned char found_tag_modifiers;
- unsigned char expect_tag_modifiers;
- unsigned long check_tag_mask;
- unsigned long found_tag_number;
- unsigned long expect_tag_number;
- unsigned long underlying_kind;
-
- unsigned long contents_length;
- unsigned long pending;
- unsigned long consumed;
-
- int depth;
-
- /*
- * Bit strings have their length adjusted -- the first octet of the
- * contents contains a value between 0 and 7 which says how many bits
- * at the end of the octets are not actually part of the bit string;
- * when parsing bit strings we put that value here because we need it
- * later, for adjustment of the length (when the whole string is done).
- */
- unsigned int bit_string_unused_bits;
-
- /*
- * The following are used for indefinite-length constructed strings.
- */
- struct subitem *subitems_head;
- struct subitem *subitems_tail;
-
- PRPackedBool
- allocate, /* when true, need to allocate the destination */
- endofcontents, /* this state ended up parsing end-of-contents octets */
- explicit, /* we are handling an explicit header */
- indefinite, /* the current item has indefinite-length encoding */
- missing, /* an optional field that was not present */
- optional, /* the template says this field may be omitted */
- substring; /* this is a substring of a constructed string */
-
-} sec_asn1d_state;
-
-#define IS_HIGH_TAG_NUMBER(n) ((n) == SEC_ASN1_HIGH_TAG_NUMBER)
-#define LAST_TAG_NUMBER_BYTE(b) (((b) & 0x80) == 0)
-#define TAG_NUMBER_BITS 7
-#define TAG_NUMBER_MASK 0x7f
-
-#define LENGTH_IS_SHORT_FORM(b) (((b) & 0x80) == 0)
-#define LONG_FORM_LENGTH(b) ((b) & 0x7f)
-
-#define HIGH_BITS(field,cnt) ((field) >> ((sizeof(field) * 8) - (cnt)))
-
-
-/*
- * An "outsider" will have an opaque pointer to this, created by calling
- * SEC_ASN1DecoderStart(). It will be passed back in to all subsequent
- * calls to SEC_ASN1DecoderUpdate(), and when done it is passed to
- * SEC_ASN1DecoderFinish().
- */
-struct sec_DecoderContext_struct {
- PRArenaPool *our_pool; /* for our internal allocs */
- PRArenaPool *their_pool; /* for destination structure allocs */
-#ifdef SEC_ASN1D_FREE_ON_ERROR /*
- * XXX see comment below (by same
- * ifdef) that explains why this
- * does not work (need more smarts
- * in order to free back to mark)
- */
- /*
- * XXX how to make their_mark work in the case where they do NOT
- * give us a pool pointer?
- */
- void *their_mark; /* free on error */
-#endif
-
- sec_asn1d_state *current;
- sec_asn1d_parse_status status;
-
- SEC_ASN1NotifyProc notify_proc; /* call before/after handling field */
- void *notify_arg; /* argument to notify_proc */
- PRBool during_notify; /* true during call to notify_proc */
-
- SEC_ASN1WriteProc filter_proc; /* pass field bytes to this */
- void *filter_arg; /* argument to that function */
- PRBool filter_only; /* do not allocate/store fields */
-};
-
-
-/*
- * XXX this is a fairly generic function that may belong elsewhere
- */
-static void *
-sec_asn1d_alloc (PRArenaPool *poolp, unsigned long len)
-{
- void *thing;
-
- if (poolp != NULL) {
- /*
- * Allocate from the pool.
- */
- thing = PORT_ArenaAlloc (poolp, len);
- } else {
- /*
- * Allocate generically.
- */
- thing = PORT_Alloc (len);
- }
-
- return thing;
-}
-
-
-/*
- * XXX this is a fairly generic function that may belong elsewhere
- */
-static void *
-sec_asn1d_zalloc (PRArenaPool *poolp, unsigned long len)
-{
- void *thing;
-
- thing = sec_asn1d_alloc (poolp, len);
- if (thing != NULL)
- PORT_Memset (thing, 0, len);
- return thing;
-}
-
-
-static sec_asn1d_state *
-sec_asn1d_push_state (SEC_ASN1DecoderContext *cx,
- const SEC_ASN1Template *theTemplate,
- void *dest, PRBool new_depth)
-{
- sec_asn1d_state *state, *new_state;
-
- state = cx->current;
-
- PORT_Assert (state == NULL || state->child == NULL);
-
- if (state != NULL) {
- PORT_Assert (state->our_mark == NULL);
- state->our_mark = PORT_ArenaMark (cx->our_pool);
- }
-
- new_state = (sec_asn1d_state*)sec_asn1d_zalloc (cx->our_pool,
- sizeof(*new_state));
- if (new_state == NULL) {
- cx->status = decodeError;
- if (state != NULL) {
- PORT_ArenaRelease(cx->our_pool, state->our_mark);
- state->our_mark = NULL;
- }
- return NULL;
- }
-
- new_state->top = cx;
- new_state->parent = state;
- new_state->theTemplate = theTemplate;
- new_state->place = notInUse;
- if (dest != NULL)
- new_state->dest = (char *)dest + theTemplate->offset;
-
- if (state != NULL) {
- new_state->depth = state->depth;
- if (new_depth)
- new_state->depth++;
- state->child = new_state;
- }
-
- cx->current = new_state;
- return new_state;
-}
-
-
-static void
-sec_asn1d_scrub_state (sec_asn1d_state *state)
-{
- /*
- * Some default "scrubbing".
- * XXX right set of initializations?
- */
- state->place = beforeIdentifier;
- state->endofcontents = PR_FALSE;
- state->indefinite = PR_FALSE;
- state->missing = PR_FALSE;
- PORT_Assert (state->consumed == 0);
-}
-
-
-static void
-sec_asn1d_notify_before (SEC_ASN1DecoderContext *cx, void *dest, int depth)
-{
- if (cx->notify_proc == NULL)
- return;
-
- cx->during_notify = PR_TRUE;
- (* cx->notify_proc) (cx->notify_arg, PR_TRUE, dest, depth);
- cx->during_notify = PR_FALSE;
-}
-
-
-static void
-sec_asn1d_notify_after (SEC_ASN1DecoderContext *cx, void *dest, int depth)
-{
- if (cx->notify_proc == NULL)
- return;
-
- cx->during_notify = PR_TRUE;
- (* cx->notify_proc) (cx->notify_arg, PR_FALSE, dest, depth);
- cx->during_notify = PR_FALSE;
-}
-
-
-static sec_asn1d_state *
-sec_asn1d_init_state_based_on_template (sec_asn1d_state *state)
-{
- PRBool explicit, optional, universal;
- unsigned char expect_tag_modifiers;
- unsigned long encode_kind, under_kind;
- unsigned long check_tag_mask, expect_tag_number;
-
-
- /* XXX Check that both of these tests are really needed/appropriate. */
- if (state == NULL || state->top->status == decodeError)
- return state;
-
- encode_kind = state->theTemplate->kind;
-
- if (encode_kind & SEC_ASN1_SAVE) {
- /*
- * This is a "magic" field that saves away all bytes, allowing
- * the immediately following field to still be decoded from this
- * same spot -- sort of a fork.
- */
- /* check that there are no extraneous bits */
- PORT_Assert (encode_kind == SEC_ASN1_SAVE);
- if (state->top->filter_only) {
- /*
- * If we are not storing, then we do not do the SAVE field
- * at all. Just move ahead to the "real" field instead,
- * doing the appropriate notify calls before and after.
- */
- sec_asn1d_notify_after (state->top, state->dest, state->depth);
- /*
- * Since we are not storing, allow for our current dest value
- * to be NULL. (This might not actually occur, but right now I
- * cannot convince myself one way or the other.) If it is NULL,
- * assume that our parent dest can help us out.
- */
- if (state->dest == NULL)
- state->dest = state->parent->dest;
- else
- state->dest = (char *)state->dest - state->theTemplate->offset;
- state->theTemplate++;
- if (state->dest != NULL)
- state->dest = (char *)state->dest + state->theTemplate->offset;
- sec_asn1d_notify_before (state->top, state->dest, state->depth);
- encode_kind = state->theTemplate->kind;
- PORT_Assert ((encode_kind & SEC_ASN1_SAVE) == 0);
- } else {
- sec_asn1d_scrub_state (state);
- state->place = duringSaveEncoding;
- state = sec_asn1d_push_state (state->top, SEC_AnyTemplate,
- state->dest, PR_FALSE);
- if (state != NULL)
- state = sec_asn1d_init_state_based_on_template (state);
- return state;
- }
- }
-
-
- universal = ((encode_kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL)
- ? PR_TRUE : PR_FALSE;
-
- explicit = (encode_kind & SEC_ASN1_EXPLICIT) ? PR_TRUE : PR_FALSE;
- encode_kind &= ~SEC_ASN1_EXPLICIT;
-
- optional = (encode_kind & SEC_ASN1_OPTIONAL) ? PR_TRUE : PR_FALSE;
- encode_kind &= ~SEC_ASN1_OPTIONAL;
-
- PORT_Assert (!(explicit && universal)); /* bad templates */
-
- encode_kind &= ~SEC_ASN1_DYNAMIC;
- encode_kind &= ~SEC_ASN1_MAY_STREAM;
-
- if( encode_kind & SEC_ASN1_CHOICE ) {
-#if 0 /* XXX remove? */
- sec_asn1d_state *child = sec_asn1d_push_state(state->top, state->theTemplate, state->dest, PR_FALSE);
- if( (sec_asn1d_state *)NULL == child ) {
- return (sec_asn1d_state *)NULL;
- }
-
- child->allocate = state->allocate;
- child->place = beforeChoice;
- return child;
-#else
- state->place = beforeChoice;
- return state;
-#endif
- }
-
- if ((encode_kind & (SEC_ASN1_POINTER | SEC_ASN1_INLINE)) || (!universal
- && !explicit)) {
- const SEC_ASN1Template *subt;
- void *dest;
- PRBool child_allocate;
-
- PORT_Assert ((encode_kind & (SEC_ASN1_ANY | SEC_ASN1_SKIP)) == 0);
-
- sec_asn1d_scrub_state (state);
- child_allocate = PR_FALSE;
-
- if (encode_kind & SEC_ASN1_POINTER) {
- /*
- * A POINTER means we need to allocate the destination for
- * this field. But, since it may also be an optional field,
- * we defer the allocation until later; we just record that
- * it needs to be done.
- *
- * There are two possible scenarios here -- one is just a
- * plain POINTER (kind of like INLINE, except with allocation)
- * and the other is an implicitly-tagged POINTER. We don't
- * need to do anything special here for the two cases, but
- * since the template definition can be tricky, we do check
- * that there are no extraneous bits set in encode_kind.
- *
- * XXX The same conditions which assert should set an error.
- */
- if (universal) {
- /*
- * "universal" means this entry is a standalone POINTER;
- * there should be no other bits set in encode_kind.
- */
- PORT_Assert (encode_kind == SEC_ASN1_POINTER);
- } else {
- /*
- * If we get here we have an implicitly-tagged field
- * that needs to be put into a POINTER. The subtemplate
- * will determine how to decode the field, but encode_kind
- * describes the (implicit) tag we are looking for.
- * The non-tag bits of encode_kind will be ignored by
- * the code below; none of them should be set, however,
- * except for the POINTER bit itself -- so check that.
- */
- PORT_Assert ((encode_kind & ~SEC_ASN1_TAG_MASK)
- == SEC_ASN1_POINTER);
- }
- if (!state->top->filter_only)
- child_allocate = PR_TRUE;
- dest = NULL;
- state->place = afterPointer;
- } else {
- dest = state->dest;
- if (encode_kind & SEC_ASN1_INLINE) {
- /* check that there are no extraneous bits */
- PORT_Assert (encode_kind == SEC_ASN1_INLINE && !optional);
- state->place = afterInline;
- } else {
- state->place = afterImplicit;
- }
- }
-
- state->optional = optional;
- subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->dest, PR_FALSE);
- state = sec_asn1d_push_state (state->top, subt, dest, PR_FALSE);
- if (state == NULL)
- return NULL;
-
- state->allocate = child_allocate;
-
- if (universal) {
- state = sec_asn1d_init_state_based_on_template (state);
- if (state != NULL) {
- /*
- * If this field is optional, we need to record that on
- * the pushed child so it won't fail if the field isn't
- * found. I can't think of a way that this new state
- * could already have optional set (which we would wipe
- * out below if our local optional is not set) -- but
- * just to be sure, assert that it isn't set.
- */
- PORT_Assert (!state->optional);
- state->optional = optional;
- }
- return state;
- }
-
- under_kind = state->theTemplate->kind;
- under_kind &= ~SEC_ASN1_MAY_STREAM;
- } else if (explicit) {
- /*
- * For explicit, we only need to match the encoding tag next,
- * then we will push another state to handle the entire inner
- * part. In this case, there is no underlying kind which plays
- * any part in the determination of the outer, explicit tag.
- * So we just set under_kind to 0, which is not a valid tag,
- * and the rest of the tag matching stuff should be okay.
- */
- under_kind = 0;
- } else {
- /*
- * Nothing special; the underlying kind and the given encoding
- * information are the same.
- */
- under_kind = encode_kind;
- }
-
- /* XXX is this the right set of bits to test here? */
- PORT_Assert ((under_kind & (SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL
- | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM
- | SEC_ASN1_INLINE | SEC_ASN1_POINTER)) == 0);
-
- if (encode_kind & (SEC_ASN1_ANY | SEC_ASN1_SKIP)) {
- PORT_Assert (encode_kind == under_kind);
- if (encode_kind & SEC_ASN1_SKIP) {
- PORT_Assert (!optional);
- PORT_Assert (encode_kind == SEC_ASN1_SKIP);
- state->dest = NULL;
- }
- check_tag_mask = 0;
- expect_tag_modifiers = 0;
- expect_tag_number = 0;
- } else {
- check_tag_mask = SEC_ASN1_TAG_MASK;
- expect_tag_modifiers = encode_kind & SEC_ASN1_TAG_MASK
- & ~SEC_ASN1_TAGNUM_MASK;
- /*
- * XXX This assumes only single-octet identifiers. To handle
- * the HIGH TAG form we would need to do some more work, especially
- * in how to specify them in the template, because right now we
- * do not provide a way to specify more *tag* bits in encode_kind.
- */
- expect_tag_number = encode_kind & SEC_ASN1_TAGNUM_MASK;
-
- switch (under_kind & SEC_ASN1_TAGNUM_MASK) {
- case SEC_ASN1_SET:
- /*
- * XXX A plain old SET (as opposed to a SET OF) is not implemented.
- * If it ever is, remove this assert...
- */
- PORT_Assert ((under_kind & SEC_ASN1_GROUP) != 0);
- /* fallthru */
- case SEC_ASN1_SEQUENCE:
- expect_tag_modifiers |= SEC_ASN1_CONSTRUCTED;
- break;
- case SEC_ASN1_BIT_STRING:
- case SEC_ASN1_BMP_STRING:
- case SEC_ASN1_GENERALIZED_TIME:
- case SEC_ASN1_IA5_STRING:
- case SEC_ASN1_OCTET_STRING:
- case SEC_ASN1_PRINTABLE_STRING:
- case SEC_ASN1_T61_STRING:
- case SEC_ASN1_UNIVERSAL_STRING:
- case SEC_ASN1_UTC_TIME:
- case SEC_ASN1_UTF8_STRING:
- case SEC_ASN1_VISIBLE_STRING:
- check_tag_mask &= ~SEC_ASN1_CONSTRUCTED;
- break;
- }
- }
-
- state->check_tag_mask = check_tag_mask;
- state->expect_tag_modifiers = expect_tag_modifiers;
- state->expect_tag_number = expect_tag_number;
- state->underlying_kind = under_kind;
- state->explicit = explicit;
- state->optional = optional;
-
- sec_asn1d_scrub_state (state);
-
- return state;
-}
-
-
-static unsigned long
-sec_asn1d_parse_identifier (sec_asn1d_state *state,
- const char *buf, unsigned long len)
-{
- unsigned char byte;
- unsigned char tag_number;
-
- PORT_Assert (state->place == beforeIdentifier);
-
- if (len == 0) {
- state->top->status = needBytes;
- return 0;
- }
-
- byte = (unsigned char) *buf;
- tag_number = byte & SEC_ASN1_TAGNUM_MASK;
-
- if (IS_HIGH_TAG_NUMBER (tag_number)) {
- state->place = duringIdentifier;
- state->found_tag_number = 0;
- /*
- * Actually, we have no idea how many bytes are pending, but we
- * do know that it is at least 1. That is all we know; we have
- * to look at each byte to know if there is another, etc.
- */
- state->pending = 1;
- } else {
- if (byte == 0 && state->parent != NULL &&
- (state->parent->indefinite ||
- (
- (state->parent->place == afterImplicit ||
- state->parent->place == afterPointer)
- && state->parent->parent != NULL && state->parent->parent->indefinite
- )
- )
- ) {
- /*
- * Our parent has indefinite-length encoding, and the
- * entire tag found is 0, so it seems that we have hit the
- * end-of-contents octets. To handle this, we just change
- * our state to that which expects to get the bytes of the
- * end-of-contents octets and let that code re-read this byte
- * so that our categorization of field types is correct.
- * After that, our parent will then deal with everything else.
- */
- state->place = duringEndOfContents;
- state->pending = 2;
- state->found_tag_number = 0;
- state->found_tag_modifiers = 0;
- /*
- * We might be an optional field that is, as we now find out,
- * missing. Give our parent a clue that this happened.
- */
- if (state->optional)
- state->missing = PR_TRUE;
- return 0;
- }
- state->place = afterIdentifier;
- state->found_tag_number = tag_number;
- }
- state->found_tag_modifiers = byte & ~SEC_ASN1_TAGNUM_MASK;
-
- return 1;
-}
-
-
-static unsigned long
-sec_asn1d_parse_more_identifier (sec_asn1d_state *state,
- const char *buf, unsigned long len)
-{
- unsigned char byte;
- int count;
-
- PORT_Assert (state->pending == 1);
- PORT_Assert (state->place == duringIdentifier);
-
- if (len == 0) {
- state->top->status = needBytes;
- return 0;
- }
-
- count = 0;
-
- while (len && state->pending) {
- if (HIGH_BITS (state->found_tag_number, TAG_NUMBER_BITS) != 0) {
- /*
- * The given high tag number overflows our container;
- * just give up. This is not likely to *ever* happen.
- */
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- return 0;
- }
-
- state->found_tag_number <<= TAG_NUMBER_BITS;
-
- byte = (unsigned char) buf[count++];
- state->found_tag_number |= (byte & TAG_NUMBER_MASK);
-
- len--;
- if (LAST_TAG_NUMBER_BYTE (byte))
- state->pending = 0;
- }
-
- if (state->pending == 0)
- state->place = afterIdentifier;
-
- return count;
-}
-
-
-static void
-sec_asn1d_confirm_identifier (sec_asn1d_state *state)
-{
- PRBool match;
-
- PORT_Assert (state->place == afterIdentifier);
-
- match = (PRBool)(((state->found_tag_modifiers & state->check_tag_mask)
- == state->expect_tag_modifiers)
- && ((state->found_tag_number & state->check_tag_mask)
- == state->expect_tag_number));
- if (match) {
- state->place = beforeLength;
- } else {
- if (state->optional) {
- state->missing = PR_TRUE;
- state->place = afterEndOfContents;
- } else {
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- }
- }
-}
-
-
-static unsigned long
-sec_asn1d_parse_length (sec_asn1d_state *state,
- const char *buf, unsigned long len)
-{
- unsigned char byte;
-
- PORT_Assert (state->place == beforeLength);
-
- if (len == 0) {
- state->top->status = needBytes;
- return 0;
- }
-
- /*
- * The default/likely outcome. It may get adjusted below.
- */
- state->place = afterLength;
-
- byte = (unsigned char) *buf;
-
- if (LENGTH_IS_SHORT_FORM (byte)) {
- state->contents_length = byte;
- } else {
- state->contents_length = 0;
- state->pending = LONG_FORM_LENGTH (byte);
- if (state->pending == 0) {
- state->indefinite = PR_TRUE;
- } else {
- state->place = duringLength;
- }
- }
-
- return 1;
-}
-
-
-static unsigned long
-sec_asn1d_parse_more_length (sec_asn1d_state *state,
- const char *buf, unsigned long len)
-{
- int count;
-
- PORT_Assert (state->pending > 0);
- PORT_Assert (state->place == duringLength);
-
- if (len == 0) {
- state->top->status = needBytes;
- return 0;
- }
-
- count = 0;
-
- while (len && state->pending) {
- if (HIGH_BITS (state->contents_length, 8) != 0) {
- /*
- * The given full content length overflows our container;
- * just give up.
- */
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- return 0;
- }
-
- state->contents_length <<= 8;
- state->contents_length |= (unsigned char) buf[count++];
-
- len--;
- state->pending--;
- }
-
- if (state->pending == 0)
- state->place = afterLength;
-
- return count;
-}
-
-
-static void
-sec_asn1d_prepare_for_contents (sec_asn1d_state *state)
-{
- SECItem *item;
- PRArenaPool *poolp;
- unsigned long alloc_len;
-
-
- /*
- * XXX I cannot decide if this allocation should exclude the case
- * where state->endofcontents is true -- figure it out!
- */
- if (state->allocate) {
- void *dest;
-
- PORT_Assert (state->dest == NULL);
- /*
- * We are handling a POINTER or a member of a GROUP, and need to
- * allocate for the data structure.
- */
- dest = sec_asn1d_zalloc (state->top->their_pool,
- state->theTemplate->size);
- if (dest == NULL) {
- state->top->status = decodeError;
- return;
- }
- state->dest = (char *)dest + state->theTemplate->offset;
-
- /*
- * For a member of a GROUP, our parent will later put the
- * pointer wherever it belongs. But for a POINTER, we need
- * to record the destination now, in case notify or filter
- * procs need access to it -- they cannot find it otherwise,
- * until it is too late (for one-pass processing).
- */
- if (state->parent->place == afterPointer) {
- void **placep;
-
- placep = state->parent->dest;
- *placep = dest;
- }
- }
-
- /*
- * Remember, length may be indefinite here! In that case,
- * both contents_length and pending will be zero.
- */
- state->pending = state->contents_length;
-
- /*
- * An EXPLICIT is nothing but an outer header, which we have
- * already parsed and accepted. Now we need to do the inner
- * header and its contents.
- */
- if (state->explicit) {
- state->place = afterExplicit;
- state = sec_asn1d_push_state (state->top,
- SEC_ASN1GetSubtemplate(state->theTemplate,
- state->dest,
- PR_FALSE),
- state->dest, PR_TRUE);
- if (state != NULL)
- state = sec_asn1d_init_state_based_on_template (state);
- return;
- }
-
- /*
- * For GROUP (SET OF, SEQUENCE OF), even if we know the length here
- * we cannot tell how many items we will end up with ... so push a
- * state that can keep track of "children" (the individual members
- * of the group; we will allocate as we go and put them all together
- * at the end.
- */
- if (state->underlying_kind & SEC_ASN1_GROUP) {
- /* XXX If this assertion holds (should be able to confirm it via
- * inspection, too) then move this code into the switch statement
- * below under cases SET_OF and SEQUENCE_OF; it will be cleaner.
- */
- PORT_Assert (state->underlying_kind == SEC_ASN1_SET_OF
- || state->underlying_kind == SEC_ASN1_SEQUENCE_OF);
- if (state->contents_length != 0 || state->indefinite) {
- const SEC_ASN1Template *subt;
-
- state->place = duringGroup;
- subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->dest,
- PR_FALSE);
- state = sec_asn1d_push_state (state->top, subt, NULL, PR_TRUE);
- if (state != NULL) {
- if (!state->top->filter_only)
- state->allocate = PR_TRUE; /* XXX propogate this? */
- /*
- * Do the "before" field notification for next in group.
- */
- sec_asn1d_notify_before (state->top, state->dest, state->depth);
- state = sec_asn1d_init_state_based_on_template (state);
- }
- } else {
- /*
- * A group of zero; we are done.
- * XXX Should we store a NULL here? Or set state to
- * afterGroup and let that code do it?
- */
- state->place = afterEndOfContents;
- }
- return;
- }
-
- switch (state->underlying_kind) {
- case SEC_ASN1_SEQUENCE:
- /*
- * We need to push a child to handle the individual fields.
- */
- state->place = duringSequence;
- state = sec_asn1d_push_state (state->top, state->theTemplate + 1,
- state->dest, PR_TRUE);
- if (state != NULL) {
- /*
- * Do the "before" field notification.
- */
- sec_asn1d_notify_before (state->top, state->dest, state->depth);
- state = sec_asn1d_init_state_based_on_template (state);
- }
- break;
-
- case SEC_ASN1_SET: /* XXX SET is not really implemented */
- /*
- * XXX A plain SET requires special handling; scanning of a
- * template to see where a field should go (because by definition,
- * they are not in any particular order, and you have to look at
- * each tag to disambiguate what the field is). We may never
- * implement this because in practice, it seems to be unused.
- */
- PORT_Assert(0);
- state->top->status = decodeError;
- break;
-
- case SEC_ASN1_NULL:
- /*
- * The NULL type, by definition, is "nothing", content length of zero.
- * An indefinite-length encoding is not alloweed.
- */
- if (state->contents_length || state->indefinite) {
- state->top->status = decodeError;
- break;
- }
- if (state->dest != NULL) {
- item = (SECItem *)(state->dest);
- item->data = NULL;
- item->len = 0;
- }
- state->place = afterEndOfContents;
- break;
-
- case SEC_ASN1_BMP_STRING:
- /* Error if length is not divisable by 2 */
- if (state->contents_length % 2) {
- state->top->status = decodeError;
- break;
- }
- /* otherwise, handle as other string types */
- goto regular_string_type;
-
- case SEC_ASN1_UNIVERSAL_STRING:
- /* Error if length is not divisable by 4 */
- if (state->contents_length % 4) {
- state->top->status = decodeError;
- break;
- }
- /* otherwise, handle as other string types */
- goto regular_string_type;
-
- case SEC_ASN1_SKIP:
- case SEC_ASN1_ANY:
- case SEC_ASN1_ANY_CONTENTS:
- /*
- * These are not (necessarily) strings, but they need nearly
- * identical handling (especially when we need to deal with
- * constructed sub-pieces), so we pretend they are.
- */
- /* fallthru */
-regular_string_type:
- case SEC_ASN1_BIT_STRING:
- case SEC_ASN1_IA5_STRING:
- case SEC_ASN1_OCTET_STRING:
- case SEC_ASN1_PRINTABLE_STRING:
- case SEC_ASN1_T61_STRING:
- case SEC_ASN1_UTC_TIME:
- case SEC_ASN1_UTF8_STRING:
- case SEC_ASN1_VISIBLE_STRING:
- /*
- * We are allocating for a primitive or a constructed string.
- * If it is a constructed string, it may also be indefinite-length.
- * If it is primitive, the length can (legally) be zero.
- * Our first order of business is to allocate the memory for
- * the string, if we can (if we know the length).
- */
- item = (SECItem *)(state->dest);
-
- /*
- * If the item is a definite-length constructed string, then
- * the contents_length is actually larger than what we need
- * (because it also counts each intermediate header which we
- * will be throwing away as we go), but it is a perfectly good
- * upper bound that we just allocate anyway, and then concat
- * as we go; we end up wasting a few extra bytes but save a
- * whole other copy.
- */
- alloc_len = state->contents_length;
- poolp = NULL; /* quiet compiler warnings about unused... */
-
- if (item == NULL || state->top->filter_only) {
- if (item != NULL) {
- item->data = NULL;
- item->len = 0;
- }
- alloc_len = 0;
- } else if (state->substring) {
- /*
- * If we are a substring of a constructed string, then we may
- * not have to allocate anything (because our parent, the
- * actual constructed string, did it for us). If we are a
- * substring and we *do* have to allocate, that means our
- * parent is an indefinite-length, so we allocate from our pool;
- * later our parent will copy our string into the aggregated
- * whole and free our pool allocation.
- */
- if (item->data == NULL) {
- PORT_Assert (item->len == 0);
- poolp = state->top->our_pool;
- } else {
- alloc_len = 0;
- }
- } else {
- item->len = 0;
- item->data = NULL;
- poolp = state->top->their_pool;
- }
-
- if (alloc_len || ((! state->indefinite)
- && (state->subitems_head != NULL))) {
- struct subitem *subitem;
- int len;
-
- PORT_Assert (item->len == 0 && item->data == NULL);
- /*
- * Check for and handle an ANY which has stashed aside the
- * header (identifier and length) bytes for us to include
- * in the saved contents.
- */
- if (state->subitems_head != NULL) {
- PORT_Assert (state->underlying_kind == SEC_ASN1_ANY);
- for (subitem = state->subitems_head;
- subitem != NULL; subitem = subitem->next)
- alloc_len += subitem->len;
- }
-
- item->data = (unsigned char*)sec_asn1d_zalloc (poolp, alloc_len);
- if (item->data == NULL) {
- state->top->status = decodeError;
- break;
- }
-
- len = 0;
- for (subitem = state->subitems_head;
- subitem != NULL; subitem = subitem->next) {
- PORT_Memcpy (item->data + len, subitem->data, subitem->len);
- len += subitem->len;
- }
- item->len = len;
-
- /*
- * Because we use arenas and have a mark set, we later free
- * everything we have allocated, so this does *not* present
- * a memory leak (it is just temporarily left dangling).
- */
- state->subitems_head = state->subitems_tail = NULL;
- }
-
- if (state->contents_length == 0 && (! state->indefinite)) {
- /*
- * A zero-length simple or constructed string; we are done.
- */
- state->place = afterEndOfContents;
- } else if (state->found_tag_modifiers & SEC_ASN1_CONSTRUCTED) {
- const SEC_ASN1Template *sub;
-
- switch (state->underlying_kind) {
- case SEC_ASN1_ANY:
- case SEC_ASN1_ANY_CONTENTS:
- sub = SEC_AnyTemplate;
- break;
- case SEC_ASN1_BIT_STRING:
- sub = SEC_BitStringTemplate;
- break;
- case SEC_ASN1_BMP_STRING:
- sub = SEC_BMPStringTemplate;
- break;
- case SEC_ASN1_GENERALIZED_TIME:
- sub = SEC_GeneralizedTimeTemplate;
- break;
- case SEC_ASN1_IA5_STRING:
- sub = SEC_IA5StringTemplate;
- break;
- case SEC_ASN1_OCTET_STRING:
- sub = SEC_OctetStringTemplate;
- break;
- case SEC_ASN1_PRINTABLE_STRING:
- sub = SEC_PrintableStringTemplate;
- break;
- case SEC_ASN1_T61_STRING:
- sub = SEC_T61StringTemplate;
- break;
- case SEC_ASN1_UNIVERSAL_STRING:
- sub = SEC_UniversalStringTemplate;
- break;
- case SEC_ASN1_UTC_TIME:
- sub = SEC_UTCTimeTemplate;
- break;
- case SEC_ASN1_UTF8_STRING:
- sub = SEC_UTF8StringTemplate;
- break;
- case SEC_ASN1_VISIBLE_STRING:
- sub = SEC_VisibleStringTemplate;
- break;
- case SEC_ASN1_SKIP:
- sub = SEC_SkipTemplate;
- break;
- default: /* redundant given outer switch cases, but */
- PORT_Assert(0); /* the compiler does not seem to know that, */
- sub = NULL; /* so just do enough to quiet it. */
- break;
- }
-
- state->place = duringConstructedString;
- state = sec_asn1d_push_state (state->top, sub, item, PR_TRUE);
- if (state != NULL) {
- state->substring = PR_TRUE; /* XXX propogate? */
- state = sec_asn1d_init_state_based_on_template (state);
- }
- } else if (state->indefinite) {
- /*
- * An indefinite-length string *must* be constructed!
- */
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- } else {
- /*
- * A non-zero-length simple string.
- */
- if (state->underlying_kind == SEC_ASN1_BIT_STRING)
- state->place = beforeBitString;
- else
- state->place = duringLeaf;
- }
- break;
-
- default:
- /*
- * We are allocating for a simple leaf item.
- */
- if (state->contents_length) {
- if (state->dest != NULL) {
- item = (SECItem *)(state->dest);
- item->len = 0;
- if (state->top->filter_only) {
- item->data = NULL;
- } else {
- item->data = (unsigned char*)
- sec_asn1d_zalloc (state->top->their_pool,
- state->contents_length);
- if (item->data == NULL) {
- state->top->status = decodeError;
- return;
- }
- }
- }
- state->place = duringLeaf;
- } else {
- /*
- * An indefinite-length or zero-length item is not allowed.
- * (All legal cases of such were handled above.)
- */
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- }
- }
-}
-
-
-static void
-sec_asn1d_free_child (sec_asn1d_state *state, PRBool error)
-{
- if (state->child != NULL) {
- PORT_Assert (error || state->child->consumed == 0);
- PORT_Assert (state->our_mark != NULL);
- PORT_ArenaRelease (state->top->our_pool, state->our_mark);
- if (error && state->top->their_pool == NULL) {
- /*
- * XXX We need to free anything allocated.
- */
- PORT_Assert (0);
- }
- state->child = NULL;
- state->our_mark = NULL;
- } else {
- /*
- * It is important that we do not leave a mark unreleased/unmarked.
- * But I do not think we should ever have one set in this case, only
- * if we had a child (handled above). So check for that. If this
- * assertion should ever get hit, then we probably need to add code
- * here to release back to our_mark (and then set our_mark to NULL).
- */
- PORT_Assert (state->our_mark == NULL);
- }
- state->place = beforeEndOfContents;
-}
-
-
-static void
-sec_asn1d_reuse_encoding (sec_asn1d_state *state)
-{
- sec_asn1d_state *child;
- unsigned long consumed;
- SECItem *item;
- void *dest;
-
-
- child = state->child;
- PORT_Assert (child != NULL);
-
- consumed = child->consumed;
- child->consumed = 0;
-
- item = (SECItem *)(state->dest);
- PORT_Assert (item != NULL);
-
- PORT_Assert (item->len == consumed);
-
- /*
- * Free any grandchild.
- */
- sec_asn1d_free_child (child, PR_FALSE);
-
- /*
- * Notify after the SAVE field.
- */
- sec_asn1d_notify_after (state->top, state->dest, state->depth);
-
- /*
- * Adjust to get new dest and move forward.
- */
- dest = (char *)state->dest - state->theTemplate->offset;
- state->theTemplate++;
- child->dest = (char *)dest + state->theTemplate->offset;
- child->theTemplate = state->theTemplate;
-
- /*
- * Notify before the "real" field.
- */
- PORT_Assert (state->depth == child->depth);
- sec_asn1d_notify_before (state->top, child->dest, child->depth);
-
- /*
- * This will tell DecoderUpdate to return when it is done.
- */
- state->place = afterSaveEncoding;
-
- /*
- * We already have a child; "push" it by making it current.
- */
- state->top->current = child;
-
- /*
- * And initialize it so it is ready to parse.
- */
- (void) sec_asn1d_init_state_based_on_template(child);
-
- /*
- * Now parse that out of our data.
- */
- if (SEC_ASN1DecoderUpdate (state->top,
- (char *) item->data, item->len) != SECSuccess)
- return;
-
- PORT_Assert (state->top->current == state);
- PORT_Assert (state->child == child);
-
- /*
- * That should have consumed what we consumed before.
- */
- PORT_Assert (consumed == child->consumed);
- child->consumed = 0;
-
- /*
- * Done.
- */
- state->consumed += consumed;
- child->place = notInUse;
- state->place = afterEndOfContents;
-}
-
-
-static unsigned long
-sec_asn1d_parse_leaf (sec_asn1d_state *state,
- const char *buf, unsigned long len)
-{
- SECItem *item;
-
- if (len == 0) {
- state->top->status = needBytes;
- return 0;
- }
-
- if (state->pending < len)
- len = state->pending;
-
- item = (SECItem *)(state->dest);
- if (item != NULL && item->data != NULL) {
- PORT_Memcpy (item->data + item->len, buf, len);
- item->len += len;
- }
- state->pending -= len;
- if (state->pending == 0)
- state->place = beforeEndOfContents;
-
- return len;
-}
-
-
-static unsigned long
-sec_asn1d_parse_bit_string (sec_asn1d_state *state,
- const char *buf, unsigned long len)
-{
- unsigned char byte;
-
- PORT_Assert (state->pending > 0);
- PORT_Assert (state->place == beforeBitString);
-
- if (len == 0) {
- state->top->status = needBytes;
- return 0;
- }
-
- byte = (unsigned char) *buf;
- if (byte > 7) {
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- return 0;
- }
-
- state->bit_string_unused_bits = byte;
- state->place = duringBitString;
- state->pending -= 1;
-
- return 1;
-}
-
-
-static unsigned long
-sec_asn1d_parse_more_bit_string (sec_asn1d_state *state,
- const char *buf, unsigned long len)
-{
- PORT_Assert (state->pending > 0);
- PORT_Assert (state->place == duringBitString);
-
- len = sec_asn1d_parse_leaf (state, buf, len);
- if (state->place == beforeEndOfContents && state->dest != NULL) {
- SECItem *item;
-
- item = (SECItem *)(state->dest);
- if (item->len)
- item->len = (item->len << 3) - state->bit_string_unused_bits;
- }
-
- return len;
-}
-
-
-/*
- * XXX All callers should be looking at return value to detect
- * out-of-memory errors (and stop!).
- */
-static struct subitem *
-sec_asn1d_add_to_subitems (sec_asn1d_state *state,
- const void *data, unsigned long len,
- PRBool copy_data)
-{
- struct subitem *thing;
-
- thing = (struct subitem*)sec_asn1d_zalloc (state->top->our_pool,
- sizeof (struct subitem));
- if (thing == NULL) {
- state->top->status = decodeError;
- return NULL;
- }
-
- if (copy_data) {
- void *copy;
- copy = sec_asn1d_alloc (state->top->our_pool, len);
- if (copy == NULL) {
- state->top->status = decodeError;
- return NULL;
- }
- PORT_Memcpy (copy, data, len);
- thing->data = copy;
- } else {
- thing->data = data;
- }
- thing->len = len;
- thing->next = NULL;
-
- if (state->subitems_head == NULL) {
- PORT_Assert (state->subitems_tail == NULL);
- state->subitems_head = state->subitems_tail = thing;
- } else {
- state->subitems_tail->next = thing;
- state->subitems_tail = thing;
- }
-
- return thing;
-}
-
-
-static void
-sec_asn1d_record_any_header (sec_asn1d_state *state,
- const char *buf,
- unsigned long len)
-{
- SECItem *item;
-
- item = (SECItem *)(state->dest);
- if (item != NULL && item->data != NULL) {
- PORT_Assert (state->substring);
- PORT_Memcpy (item->data + item->len, buf, len);
- item->len += len;
- } else {
- sec_asn1d_add_to_subitems (state, buf, len, PR_TRUE);
- }
-}
-
-
-/*
- * We are moving along through the substrings of a constructed string,
- * and have just finished parsing one -- we need to save our child data
- * (if the child was not already writing directly into the destination)
- * and then move forward by one.
- *
- * We also have to detect when we are done:
- * - a definite-length encoding stops when our pending value hits 0
- * - an indefinite-length encoding stops when our child is empty
- * (which means it was the end-of-contents octets)
- */
-static void
-sec_asn1d_next_substring (sec_asn1d_state *state)
-{
- sec_asn1d_state *child;
- SECItem *item;
- unsigned long child_consumed;
- PRBool done;
-
- PORT_Assert (state->place == duringConstructedString);
- PORT_Assert (state->child != NULL);
-
- child = state->child;
-
- child_consumed = child->consumed;
- child->consumed = 0;
- state->consumed += child_consumed;
-
- done = PR_FALSE;
-
- if (state->pending) {
- PORT_Assert (!state->indefinite);
- PORT_Assert (child_consumed <= state->pending);
-
- state->pending -= child_consumed;
- if (state->pending == 0)
- done = PR_TRUE;
- } else {
- PORT_Assert (state->indefinite);
-
- item = (SECItem *)(child->dest);
- if (item != NULL && item->data != NULL) {
- /*
- * Save the string away for later concatenation.
- */
- PORT_Assert (item->data != NULL);
- sec_asn1d_add_to_subitems (state, item->data, item->len, PR_FALSE);
- /*
- * Clear the child item for the next round.
- */
- item->data = NULL;
- item->len = 0;
- }
-
- /*
- * If our child was just our end-of-contents octets, we are done.
- */
- if (child->endofcontents)
- done = PR_TRUE;
- }
-
- /*
- * Stop or do the next one.
- */
- if (done) {
- child->place = notInUse;
- state->place = afterConstructedString;
- } else {
- sec_asn1d_scrub_state (child);
- state->top->current = child;
- }
-}
-
-
-/*
- * We are doing a SET OF or SEQUENCE OF, and have just finished an item.
- */
-static void
-sec_asn1d_next_in_group (sec_asn1d_state *state)
-{
- sec_asn1d_state *child;
- unsigned long child_consumed;
-
- PORT_Assert (state->place == duringGroup);
- PORT_Assert (state->child != NULL);
-
- child = state->child;
-
- child_consumed = child->consumed;
- child->consumed = 0;
- state->consumed += child_consumed;
-
- /*
- * If our child was just our end-of-contents octets, we are done.
- */
- if (child->endofcontents) {
- /* XXX I removed the PORT_Assert (child->dest == NULL) because there
- * was a bug in that a template that was a sequence of which also had
- * a child of a sequence of, in an indefinite group was not working
- * properly. This fix seems to work, (added the if statement below),
- * and nothing appears broken, but I am putting this note here just
- * in case. */
- /*
- * XXX No matter how many times I read that comment,
- * I cannot figure out what case he was fixing. I believe what he
- * did was deliberate, so I am loathe to touch it. I need to
- * understand how it could ever be that child->dest != NULL but
- * child->endofcontents is true, and why it is important to check
- * that state->subitems_head is NULL. This really needs to be
- * figured out, as I am not sure if the following code should be
- * compensating for "offset", as is done a little farther below
- * in the more normal case.
- */
- PORT_Assert (state->indefinite);
- PORT_Assert (state->pending == 0);
- if(child->dest && !state->subitems_head) {
- sec_asn1d_add_to_subitems (state, child->dest, 0, PR_FALSE);
- child->dest = NULL;
- }
-
- child->place = notInUse;
- state->place = afterGroup;
- return;
- }
-
- /*
- * Do the "after" field notification for next in group.
- */
- sec_asn1d_notify_after (state->top, child->dest, child->depth);
-
- /*
- * Save it away (unless we are not storing).
- */
- if (child->dest != NULL) {
- void *dest;
-
- dest = child->dest;
- dest = (char *)dest - child->theTemplate->offset;
- sec_asn1d_add_to_subitems (state, dest, 0, PR_FALSE);
- child->dest = NULL;
- }
-
- /*
- * Account for those bytes; see if we are done.
- */
- if (state->pending) {
- PORT_Assert (!state->indefinite);
- PORT_Assert (child_consumed <= state->pending);
-
- state->pending -= child_consumed;
- if (state->pending == 0) {
- child->place = notInUse;
- state->place = afterGroup;
- return;
- }
- }
-
- /*
- * Do the "before" field notification for next item in group.
- */
- sec_asn1d_notify_before (state->top, child->dest, child->depth);
-
- /*
- * Now we do the next one.
- */
- sec_asn1d_scrub_state (child);
- state->top->current = child;
-}
-
-
-/*
- * We are moving along through a sequence; move forward by one,
- * (detecting end-of-sequence when it happens).
- * XXX The handling of "missing" is ugly. Fix it.
- */
-static void
-sec_asn1d_next_in_sequence (sec_asn1d_state *state)
-{
- sec_asn1d_state *child;
- unsigned long child_consumed;
- PRBool child_missing;
-
- PORT_Assert (state->place == duringSequence);
- PORT_Assert (state->child != NULL);
-
- child = state->child;
-
- /*
- * Do the "after" field notification.
- */
- sec_asn1d_notify_after (state->top, child->dest, child->depth);
-
- child_missing = (PRBool) child->missing;
- child_consumed = child->consumed;
- child->consumed = 0;
-
- /*
- * Take care of accounting.
- */
- if (child_missing) {
- PORT_Assert (child->optional);
- } else {
- state->consumed += child_consumed;
- /*
- * Free any grandchild.
- */
- sec_asn1d_free_child (child, PR_FALSE);
- if (state->pending) {
- PORT_Assert (!state->indefinite);
- PORT_Assert (child_consumed <= state->pending);
- state->pending -= child_consumed;
- if (state->pending == 0) {
- child->theTemplate++;
- while (child->theTemplate->kind != 0) {
- if ((child->theTemplate->kind & SEC_ASN1_OPTIONAL) == 0) {
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- return;
- }
- child->theTemplate++;
- }
- child->place = notInUse;
- state->place = afterEndOfContents;
- return;
- }
- }
- }
-
- /*
- * Move forward.
- */
- child->theTemplate++;
- if (child->theTemplate->kind == 0) {
- /*
- * We are done with this sequence.
- */
- child->place = notInUse;
- if (state->pending) {
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- } else if (child_missing) {
- /*
- * We got to the end, but have a child that started parsing
- * and ended up "missing". The only legitimate reason for
- * this is that we had one or more optional fields at the
- * end of our sequence, and we were encoded indefinite-length,
- * so when we went looking for those optional fields we
- * found our end-of-contents octets instead.
- * (Yes, this is ugly; dunno a better way to handle it.)
- * So, first confirm the situation, and then mark that we
- * are done.
- */
- if (state->indefinite && child->endofcontents) {
- PORT_Assert (child_consumed == 2);
- state->consumed += child_consumed;
- state->place = afterEndOfContents;
- } else {
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- }
- } else {
- /*
- * We have to finish out, maybe reading end-of-contents octets;
- * let the normal logic do the right thing.
- */
- state->place = beforeEndOfContents;
- }
- } else {
- unsigned char child_found_tag_modifiers = 0;
- unsigned long child_found_tag_number = 0;
-
- /*
- * Reset state and push.
- */
- if (state->dest != NULL)
- child->dest = (char *)state->dest + child->theTemplate->offset;
-
- /*
- * Do the "before" field notification.
- */
- sec_asn1d_notify_before (state->top, child->dest, child->depth);
-
- if (child_missing) { /* if previous child was missing, copy the tag data we already have */
- child_found_tag_modifiers = child->found_tag_modifiers;
- child_found_tag_number = child->found_tag_number;
- }
- state->top->current = child;
- child = sec_asn1d_init_state_based_on_template (child);
- if (child_missing) {
- child->place = afterIdentifier;
- child->found_tag_modifiers = child_found_tag_modifiers;
- child->found_tag_number = child_found_tag_number;
- child->consumed = child_consumed;
- if (child->underlying_kind == SEC_ASN1_ANY
- && !child->top->filter_only) {
- /*
- * If the new field is an ANY, and we are storing, then
- * we need to save the tag out. We would have done this
- * already in the normal case, but since we were looking
- * for an optional field, and we did not find it, we only
- * now realize we need to save the tag.
- */
- unsigned char identifier;
-
- /*
- * Check that we did not end up with a high tag; for that
- * we need to re-encode the tag into multiple bytes in order
- * to store it back to look like what we parsed originally.
- * In practice this does not happen, but for completeness
- * sake it should probably be made to work at some point.
- */
- PORT_Assert (child_found_tag_number < SEC_ASN1_HIGH_TAG_NUMBER);
- identifier = child_found_tag_modifiers | child_found_tag_number;
- sec_asn1d_record_any_header (child, (char *) &identifier, 1);
- }
- }
- }
-}
-
-
-static void
-sec_asn1d_concat_substrings (sec_asn1d_state *state)
-{
- PORT_Assert (state->place == afterConstructedString);
-
- if (state->subitems_head != NULL) {
- struct subitem *substring;
- unsigned long alloc_len, item_len;
- unsigned char *where;
- SECItem *item;
- PRBool is_bit_string;
-
- item_len = 0;
- is_bit_string = (state->underlying_kind == SEC_ASN1_BIT_STRING)
- ? PR_TRUE : PR_FALSE;
-
- substring = state->subitems_head;
- while (substring != NULL) {
- /*
- * All bit-string substrings except the last one should be
- * a clean multiple of 8 bits.
- */
- if (is_bit_string && (substring->next == NULL)
- && (substring->len & 0x7)) {
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- return;
- }
- item_len += substring->len;
- substring = substring->next;
- }
-
- if (is_bit_string) {
-#ifdef XP_WIN16 /* win16 compiler gets an internal error otherwise */
- alloc_len = (((long)item_len + 7) / 8);
-#else
- alloc_len = ((item_len + 7) >> 3);
-#endif
- } else {
- /*
- * Add 2 for the end-of-contents octets of an indefinite-length
- * ANY that is *not* also an INNER. Because we zero-allocate
- * below, all we need to do is increase the length here.
- */
- if (state->underlying_kind == SEC_ASN1_ANY && state->indefinite)
- item_len += 2;
- alloc_len = item_len;
- }
-
- item = (SECItem *)(state->dest);
- PORT_Assert (item != NULL);
- PORT_Assert (item->data == NULL);
- item->data = (unsigned char*)sec_asn1d_zalloc (state->top->their_pool,
- alloc_len);
- if (item->data == NULL) {
- state->top->status = decodeError;
- return;
- }
- item->len = item_len;
-
- where = item->data;
- substring = state->subitems_head;
- while (substring != NULL) {
- if (is_bit_string)
- item_len = (substring->len + 7) >> 3;
- else
- item_len = substring->len;
- PORT_Memcpy (where, substring->data, item_len);
- where += item_len;
- substring = substring->next;
- }
-
- /*
- * Because we use arenas and have a mark set, we later free
- * everything we have allocated, so this does *not* present
- * a memory leak (it is just temporarily left dangling).
- */
- state->subitems_head = state->subitems_tail = NULL;
- }
-
- state->place = afterEndOfContents;
-}
-
-
-static void
-sec_asn1d_concat_group (sec_asn1d_state *state)
-{
- const void ***placep;
-
- PORT_Assert (state->place == afterGroup);
-
- placep = (const void***)state->dest;
- if (state->subitems_head != NULL) {
- struct subitem *item;
- const void **group;
- int count;
-
- count = 0;
- item = state->subitems_head;
- while (item != NULL) {
- PORT_Assert (item->next != NULL || item == state->subitems_tail);
- count++;
- item = item->next;
- }
-
- group = (const void**)sec_asn1d_zalloc (state->top->their_pool,
- (count + 1) * (sizeof(void *)));
- if (group == NULL) {
- state->top->status = decodeError;
- return;
- }
-
- PORT_Assert (placep != NULL);
- *placep = group;
-
- item = state->subitems_head;
- while (item != NULL) {
- *group++ = item->data;
- item = item->next;
- }
- *group = NULL;
-
- /*
- * Because we use arenas and have a mark set, we later free
- * everything we have allocated, so this does *not* present
- * a memory leak (it is just temporarily left dangling).
- */
- state->subitems_head = state->subitems_tail = NULL;
- } else if (placep != NULL) {
- *placep = NULL;
- }
-
- state->place = afterEndOfContents;
-}
-
-
-/*
- * For those states that push a child to handle a subtemplate,
- * "absorb" that child (transfer necessary information).
- */
-static void
-sec_asn1d_absorb_child (sec_asn1d_state *state)
-{
- /*
- * There is absolutely supposed to be a child there.
- */
- PORT_Assert (state->child != NULL);
-
- /*
- * Inherit the missing status of our child, and do the ugly
- * backing-up if necessary.
- * (Only IMPLICIT or POINTER should encounter such; all other cases
- * should have confirmed a tag *before* pushing a child.)
- */
- state->missing = state->child->missing;
- if (state->missing) {
- PORT_Assert (state->place == afterImplicit
- || state->place == afterPointer);
- state->found_tag_number = state->child->found_tag_number;
- state->found_tag_modifiers = state->child->found_tag_modifiers;
- state->endofcontents = state->child->endofcontents;
- }
-
- /*
- * Add in number of bytes consumed by child.
- * (Only EXPLICIT should have already consumed bytes itself.)
- */
- PORT_Assert (state->place == afterExplicit || state->consumed == 0);
- state->consumed += state->child->consumed;
-
- /*
- * Subtract from bytes pending; this only applies to a definite-length
- * EXPLICIT field.
- */
- if (state->pending) {
- PORT_Assert (!state->indefinite);
- PORT_Assert (state->place == afterExplicit);
-
- /*
- * If we had a definite-length explicit, then what the child
- * consumed should be what was left pending.
- */
- if (state->pending != state->child->consumed) {
- if (state->pending < state->child->consumed) {
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- return;
- }
- /*
- * Okay, this is a hack. It *should* be an error whether
- * pending is too big or too small, but it turns out that
- * we had a bug in our *old* DER encoder that ended up
- * counting an explicit header twice in the case where
- * the underlying type was an ANY. So, because we cannot
- * prevent receiving these (our own certificate server can
- * send them to us), we need to be lenient and accept them.
- * To do so, we need to pretend as if we read all of the
- * bytes that the header said we would find, even though
- * we actually came up short.
- */
- state->consumed += (state->pending - state->child->consumed);
- }
- state->pending = 0;
- }
-
- /*
- * Indicate that we are done with child.
- */
- state->child->consumed = 0;
-
- /*
- * And move on to final state.
- * (Technically everybody could move to afterEndOfContents except
- * for an indefinite-length EXPLICIT; for simplicity though we assert
- * that but let the end-of-contents code do the real determination.)
- */
- PORT_Assert (state->place == afterExplicit || (! state->indefinite));
- state->place = beforeEndOfContents;
-}
-
-
-static void
-sec_asn1d_prepare_for_end_of_contents (sec_asn1d_state *state)
-{
- PORT_Assert (state->place == beforeEndOfContents);
-
- if (state->indefinite) {
- state->place = duringEndOfContents;
- state->pending = 2;
- } else {
- state->place = afterEndOfContents;
- }
-}
-
-
-static unsigned long
-sec_asn1d_parse_end_of_contents (sec_asn1d_state *state,
- const char *buf, unsigned long len)
-{
- int i;
-
- PORT_Assert (state->pending <= 2);
- PORT_Assert (state->place == duringEndOfContents);
-
- if (len == 0) {
- state->top->status = needBytes;
- return 0;
- }
-
- if (state->pending < len)
- len = state->pending;
-
- for (i = 0; i < len; i++) {
- if (buf[i] != 0) {
- /*
- * We expect to find only zeros; if not, just give up.
- */
- PORT_SetError (SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- return 0;
- }
- }
-
- state->pending -= len;
-
- if (state->pending == 0) {
- state->place = afterEndOfContents;
- state->endofcontents = PR_TRUE;
- }
-
- return len;
-}
-
-
-static void
-sec_asn1d_pop_state (sec_asn1d_state *state)
-{
-#if 0 /* XXX I think this should always be handled explicitly by parent? */
- /*
- * Account for our child.
- */
- if (state->child != NULL) {
- state->consumed += state->child->consumed;
- if (state->pending) {
- PORT_Assert (!state->indefinite);
- PORT_Assert (state->child->consumed <= state->pending);
- state->pending -= state->child->consumed;
- }
- state->child->consumed = 0;
- }
-#endif /* XXX */
-
- /*
- * Free our child.
- */
- sec_asn1d_free_child (state, PR_FALSE);
-
- /*
- * Just make my parent be the current state. It will then clean
- * up after me and free me (or reuse me).
- */
- state->top->current = state->parent;
-}
-
-static sec_asn1d_state *
-sec_asn1d_before_choice
-(
- sec_asn1d_state *state
-)
-{
- sec_asn1d_state *child;
-
- if( state->allocate ) {
- void *dest;
-
- dest = sec_asn1d_zalloc(state->top->their_pool, state->theTemplate->size);
- if( (void *)NULL == dest ) {
- state->top->status = decodeError;
- return (sec_asn1d_state *)NULL;
- }
-
- state->dest = (char *)dest + state->theTemplate->offset;
- }
-
- child = sec_asn1d_push_state(state->top, state->theTemplate + 1,
- state->dest, PR_FALSE);
- if( (sec_asn1d_state *)NULL == child ) {
- return (sec_asn1d_state *)NULL;
- }
-
- sec_asn1d_scrub_state(child);
- child = sec_asn1d_init_state_based_on_template(child);
- if( (sec_asn1d_state *)NULL == child ) {
- return (sec_asn1d_state *)NULL;
- }
-
- child->optional = PR_TRUE;
-
- state->place = duringChoice;
-
- return child;
-}
-
-static sec_asn1d_state *
-sec_asn1d_during_choice
-(
- sec_asn1d_state *state
-)
-{
- sec_asn1d_state *child = state->child;
-
- PORT_Assert((sec_asn1d_state *)NULL != child);
-
- if( child->missing ) {
- unsigned char child_found_tag_modifiers = 0;
- unsigned long child_found_tag_number = 0;
-
- child->theTemplate++;
-
- if( 0 == child->theTemplate->kind ) {
- /* Ran out of choices */
- PORT_SetError(SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- return (sec_asn1d_state *)NULL;
- }
-
- state->consumed += child->consumed;
-
- /* cargo'd from next_in_sequence innards */
- if( state->pending ) {
- PORT_Assert(!state->indefinite);
- PORT_Assert(child->consumed <= state->pending);
- state->pending -= child->consumed;
- if( 0 == state->pending ) {
- /* XXX uh.. not sure if I should have stopped this
- * from happening before. */
- PORT_Assert(0);
- PORT_SetError(SEC_ERROR_BAD_DER);
- state->top->status = decodeError;
- return (sec_asn1d_state *)NULL;
- }
- }
-
- child->consumed = 0;
- sec_asn1d_scrub_state(child);
-
- /* move it on top again */
- state->top->current = child;
-
- child_found_tag_modifiers = child->found_tag_modifiers;
- child_found_tag_number = child->found_tag_number;
-
- child = sec_asn1d_init_state_based_on_template(child);
- if( (sec_asn1d_state *)NULL == child ) {
- return (sec_asn1d_state *)NULL;
- }
-
- /* copy our findings to the new top */
- child->found_tag_modifiers = child_found_tag_modifiers;
- child->found_tag_number = child_found_tag_number;
-
- child->optional = PR_TRUE;
- child->place = afterIdentifier;
-
- return child;
- } else {
- if( (void *)NULL != state->dest ) {
- /* Store the enum */
- int *which = (int *)((char *)state->dest + state->theTemplate->offset);
- *which = (int)child->theTemplate->size;
- }
-
- child->place = notInUse;
-
- state->place = afterChoice;
- return state;
- }
-}
-
-static void
-sec_asn1d_after_choice
-(
- sec_asn1d_state *state
-)
-{
- state->consumed += state->child->consumed;
- state->child->consumed = 0;
- state->place = afterEndOfContents;
- sec_asn1d_pop_state(state);
-}
-
-unsigned long
-sec_asn1d_uinteger(SECItem *src)
-{
- unsigned long value;
- int len;
-
- if (src->len > 5 || (src->len > 4 && src->data[0] == 0))
- return 0;
-
- value = 0;
- len = src->len;
- while (len) {
- value <<= 8;
- value |= src->data[--len];
- }
- return value;
-}
-
-SECStatus
-SEC_ASN1DecodeInteger(SECItem *src, unsigned long *value)
-{
- unsigned long v;
- int i;
-
- if (src->len > sizeof(unsigned long))
- return SECFailure;
-
- if (src->data[0] & 0x80)
- v = -1; /* signed and negative - start with all 1's */
- else
- v = 0;
-
- for (i= 0; i < src->len; i++) {
- /* shift in next byte */
- v <<= 8;
- v |= src->data[i];
- }
- *value = v;
- return SECSuccess;
-}
-
-#ifdef DEBUG_ASN1D_STATES
-static void
-dump_states
-(
- SEC_ASN1DecoderContext *cx
-)
-{
- sec_asn1d_state *state;
-
- for( state = cx->current; state->parent; state = state->parent ) {
- ;
- }
-
- for( ; state; state = state->child ) {
- int i;
- for( i = 0; i < state->depth; i++ ) {
- printf(" ");
- }
-
- printf("%s: template[0]->kind = 0x%02x, expect tag number = 0x%02x\n",
- (state == cx->current) ? "STATE" : "State",
- state->theTemplate->kind, state->expect_tag_number);
- }
-
- return;
-}
-#endif /* DEBUG_ASN1D_STATES */
-
-SECStatus
-SEC_ASN1DecoderUpdate (SEC_ASN1DecoderContext *cx,
- const char *buf, unsigned long len)
-{
- sec_asn1d_state *state = NULL;
- unsigned long consumed;
- SEC_ASN1EncodingPart what;
-
-
- if (cx->status == needBytes)
- cx->status = keepGoing;
-
- while (cx->status == keepGoing) {
- state = cx->current;
- what = SEC_ASN1_Contents;
- consumed = 0;
-#ifdef DEBUG_ASN1D_STATES
- printf("\nPLACE = %s, next byte = 0x%02x\n",
- (state->place >= 0 && state->place <= notInUse) ?
- place_names[ state->place ] : "(undefined)",
- (unsigned int)((unsigned char *)buf)[ consumed ]);
- dump_states(cx);
-#endif /* DEBUG_ASN1D_STATES */
- switch (state->place) {
- case beforeIdentifier:
- consumed = sec_asn1d_parse_identifier (state, buf, len);
- what = SEC_ASN1_Identifier;
- break;
- case duringIdentifier:
- consumed = sec_asn1d_parse_more_identifier (state, buf, len);
- what = SEC_ASN1_Identifier;
- break;
- case afterIdentifier:
- sec_asn1d_confirm_identifier (state);
- break;
- case beforeLength:
- consumed = sec_asn1d_parse_length (state, buf, len);
- what = SEC_ASN1_Length;
- break;
- case duringLength:
- consumed = sec_asn1d_parse_more_length (state, buf, len);
- what = SEC_ASN1_Length;
- break;
- case afterLength:
- sec_asn1d_prepare_for_contents (state);
- break;
- case beforeBitString:
- consumed = sec_asn1d_parse_bit_string (state, buf, len);
- break;
- case duringBitString:
- consumed = sec_asn1d_parse_more_bit_string (state, buf, len);
- break;
- case duringConstructedString:
- sec_asn1d_next_substring (state);
- break;
- case duringGroup:
- sec_asn1d_next_in_group (state);
- break;
- case duringLeaf:
- consumed = sec_asn1d_parse_leaf (state, buf, len);
- break;
- case duringSaveEncoding:
- sec_asn1d_reuse_encoding (state);
- break;
- case duringSequence:
- sec_asn1d_next_in_sequence (state);
- break;
- case afterConstructedString:
- sec_asn1d_concat_substrings (state);
- break;
- case afterExplicit:
- case afterImplicit:
- case afterInline:
- case afterPointer:
- sec_asn1d_absorb_child (state);
- break;
- case afterGroup:
- sec_asn1d_concat_group (state);
- break;
- case afterSaveEncoding:
- /* XXX comment! */
- return SECSuccess;
- case beforeEndOfContents:
- sec_asn1d_prepare_for_end_of_contents (state);
- break;
- case duringEndOfContents:
- consumed = sec_asn1d_parse_end_of_contents (state, buf, len);
- what = SEC_ASN1_EndOfContents;
- break;
- case afterEndOfContents:
- sec_asn1d_pop_state (state);
- break;
- case beforeChoice:
- state = sec_asn1d_before_choice(state);
- break;
- case duringChoice:
- state = sec_asn1d_during_choice(state);
- break;
- case afterChoice:
- sec_asn1d_after_choice(state);
- break;
- case notInUse:
- default:
- /* This is not an error, but rather a plain old BUG! */
- PORT_Assert (0);
- PORT_SetError (SEC_ERROR_BAD_DER);
- cx->status = decodeError;
- break;
- }
-
- if (cx->status == decodeError)
- break;
-
- /* We should not consume more than we have. */
- PORT_Assert (consumed <= len);
-
- /* It might have changed, so we have to update our local copy. */
- state = cx->current;
-
- /* If it is NULL, we have popped all the way to the top. */
- if (state == NULL) {
- PORT_Assert (consumed == 0);
-#if 0 /* XXX I want this here, but it seems that we have situations (like
- * downloading a pkcs7 cert chain from some issuers) that give us a
- * length which is greater than the entire encoding. So, we cannot
- * have this be an error.
- */
- if (len > 0)
- cx->status = decodeError;
- else
-#endif
- cx->status = allDone;
- break;
- }
- else if (state->theTemplate->kind == SEC_ASN1_SKIP_REST) {
- cx->status = allDone;
- break;
- }
-
- if (consumed == 0)
- continue;
-
- /*
- * The following check is specifically looking for an ANY
- * that is *not* also an INNER, because we need to save aside
- * all bytes in that case -- the contents parts will get
- * handled like all other contents, and the end-of-contents
- * bytes are added by the concat code, but the outer header
- * bytes need to get saved too, so we do them explicitly here.
- */
- if (state->underlying_kind == SEC_ASN1_ANY
- && !cx->filter_only && (what == SEC_ASN1_Identifier
- || what == SEC_ASN1_Length)) {
- sec_asn1d_record_any_header (state, buf, consumed);
- }
-
- /*
- * We had some number of good, accepted bytes. If the caller
- * has registered to see them, pass them along.
- */
- if (state->top->filter_proc != NULL) {
- int depth;
-
- depth = state->depth;
- if (what == SEC_ASN1_EndOfContents && !state->indefinite) {
- PORT_Assert (state->parent != NULL
- && state->parent->indefinite);
- depth--;
- PORT_Assert (depth == state->parent->depth);
- }
- (* state->top->filter_proc) (state->top->filter_arg,
- buf, consumed, depth, what);
- }
-
- state->consumed += consumed;
- buf += consumed;
- len -= consumed;
- }
-
- if (cx->status == decodeError) {
- while (state != NULL) {
- sec_asn1d_free_child (state, PR_TRUE);
- state = state->parent;
- }
-#ifdef SEC_ASN1D_FREE_ON_ERROR /*
- * XXX This does not work because we can
- * end up leaving behind dangling pointers
- * to stuff that was allocated. In order
- * to make this really work (which would
- * be a good thing, I think), we need to
- * keep track of every place/pointer that
- * was allocated and make sure to NULL it
- * out before we then free back to the mark.
- */
- if (cx->their_pool != NULL) {
- PORT_Assert (cx->their_mark != NULL);
- PORT_ArenaRelease (cx->their_pool, cx->their_mark);
- }
-#endif
- return SECFailure;
- }
-
-#if 0 /* XXX This is what I want, but cannot have because it seems we
- * have situations (like when downloading a pkcs7 cert chain from
- * some issuers) that give us a total length which is greater than
- * the entire encoding. So, we have to allow allDone to have a
- * remaining length greater than zero. I wanted to catch internal
- * bugs with this, noticing when we do not have the right length.
- * Oh well.
- */
- PORT_Assert (len == 0
- && (cx->status == needBytes || cx->status == allDone));
-#else
- PORT_Assert ((len == 0 && cx->status == needBytes)
- || cx->status == allDone);
-#endif
- return SECSuccess;
-}
-
-
-SECStatus
-SEC_ASN1DecoderFinish (SEC_ASN1DecoderContext *cx)
-{
- SECStatus rv;
-
- if (cx->status == needBytes) {
- PORT_SetError (SEC_ERROR_BAD_DER);
- rv = SECFailure;
- } else {
- rv = SECSuccess;
- }
-
- /*
- * XXX anything else that needs to be finished?
- */
-
- PORT_FreeArena (cx->our_pool, PR_FALSE);
-
- return rv;
-}
-
-
-SEC_ASN1DecoderContext *
-SEC_ASN1DecoderStart (PRArenaPool *their_pool, void *dest,
- const SEC_ASN1Template *theTemplate)
-{
- PRArenaPool *our_pool;
- SEC_ASN1DecoderContext *cx;
-
- our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (our_pool == NULL)
- return NULL;
-
- cx = (SEC_ASN1DecoderContext*)PORT_ArenaZAlloc (our_pool, sizeof(*cx));
- if (cx == NULL) {
- PORT_FreeArena (our_pool, PR_FALSE);
- return NULL;
- }
-
- cx->our_pool = our_pool;
- if (their_pool != NULL) {
- cx->their_pool = their_pool;
-#ifdef SEC_ASN1D_FREE_ON_ERROR
- cx->their_mark = PORT_ArenaMark (their_pool);
-#endif
- }
-
- cx->status = needBytes;
-
- if (sec_asn1d_push_state(cx, theTemplate, dest, PR_FALSE) == NULL
- || sec_asn1d_init_state_based_on_template (cx->current) == NULL) {
- /*
- * Trouble initializing (probably due to failed allocations)
- * requires that we just give up.
- */
- PORT_FreeArena (our_pool, PR_FALSE);
- return NULL;
- }
-
- return cx;
-}
-
-
-void
-SEC_ASN1DecoderSetFilterProc (SEC_ASN1DecoderContext *cx,
- SEC_ASN1WriteProc fn, void *arg,
- PRBool only)
-{
- /* check that we are "between" fields here */
- PORT_Assert (cx->during_notify);
-
- cx->filter_proc = fn;
- cx->filter_arg = arg;
- cx->filter_only = only;
-}
-
-
-void
-SEC_ASN1DecoderClearFilterProc (SEC_ASN1DecoderContext *cx)
-{
- /* check that we are "between" fields here */
- PORT_Assert (cx->during_notify);
-
- cx->filter_proc = NULL;
- cx->filter_arg = NULL;
- cx->filter_only = PR_FALSE;
-}
-
-
-void
-SEC_ASN1DecoderSetNotifyProc (SEC_ASN1DecoderContext *cx,
- SEC_ASN1NotifyProc fn, void *arg)
-{
- cx->notify_proc = fn;
- cx->notify_arg = arg;
-}
-
-
-void
-SEC_ASN1DecoderClearNotifyProc (SEC_ASN1DecoderContext *cx)
-{
- cx->notify_proc = NULL;
- cx->notify_arg = NULL; /* not necessary; just being clean */
-}
-
-
-SECStatus
-SEC_ASN1Decode (PRArenaPool *poolp, void *dest,
- const SEC_ASN1Template *theTemplate,
- const char *buf, long len)
-{
- SEC_ASN1DecoderContext *dcx;
- SECStatus urv, frv;
-
- dcx = SEC_ASN1DecoderStart (poolp, dest, theTemplate);
- if (dcx == NULL)
- return SECFailure;
-
- urv = SEC_ASN1DecoderUpdate (dcx, buf, len);
- frv = SEC_ASN1DecoderFinish (dcx);
-
- if (urv != SECSuccess)
- return urv;
-
- return frv;
-}
-
-
-SECStatus
-SEC_ASN1DecodeItem (PRArenaPool *poolp, void *dest,
- const SEC_ASN1Template *theTemplate,
- SECItem *item)
-{
- return SEC_ASN1Decode (poolp, dest, theTemplate,
- (char *) item->data, item->len);
-}
-
-
-/*
- * Generic templates for individual/simple items and pointers to
- * and sets of same.
- *
- * If you need to add a new one, please note the following:
- * - For each new basic type you should add *four* templates:
- * one plain, one PointerTo, one SequenceOf and one SetOf.
- * - If the new type can be constructed (meaning, it is a
- * *string* type according to BER/DER rules), then you should
- * or-in SEC_ASN1_MAY_STREAM to the type in the basic template.
- * See the definition of the OctetString template for an example.
- * - It may not be obvious, but these are in *alphabetical*
- * order based on the SEC_ASN1_XXX name; so put new ones in
- * the appropriate place.
- */
-
-const SEC_ASN1Template SEC_AnyTemplate[] = {
- { SEC_ASN1_ANY | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToAnyTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_AnyTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfAnyTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfAnyTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_AnyTemplate }
-};
-
-const SEC_ASN1Template SEC_BitStringTemplate[] = {
- { SEC_ASN1_BIT_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToBitStringTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_BitStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfBitStringTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_BitStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfBitStringTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_BitStringTemplate }
-};
-
-const SEC_ASN1Template SEC_BMPStringTemplate[] = {
- { SEC_ASN1_BMP_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToBMPStringTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_BMPStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfBMPStringTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_BMPStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfBMPStringTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_BMPStringTemplate }
-};
-
-const SEC_ASN1Template SEC_BooleanTemplate[] = {
- { SEC_ASN1_BOOLEAN, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToBooleanTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_BooleanTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfBooleanTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_BooleanTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfBooleanTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_BooleanTemplate }
-};
-
-const SEC_ASN1Template SEC_EnumeratedTemplate[] = {
- { SEC_ASN1_ENUMERATED, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToEnumeratedTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_EnumeratedTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfEnumeratedTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_EnumeratedTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfEnumeratedTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_EnumeratedTemplate }
-};
-
-const SEC_ASN1Template SEC_GeneralizedTimeTemplate[] = {
- { SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem)}
-};
-
-const SEC_ASN1Template SEC_PointerToGeneralizedTimeTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_GeneralizedTimeTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfGeneralizedTimeTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_GeneralizedTimeTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfGeneralizedTimeTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_GeneralizedTimeTemplate }
-};
-
-const SEC_ASN1Template SEC_IA5StringTemplate[] = {
- { SEC_ASN1_IA5_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToIA5StringTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_IA5StringTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfIA5StringTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_IA5StringTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfIA5StringTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_IA5StringTemplate }
-};
-
-const SEC_ASN1Template SEC_IntegerTemplate[] = {
- { SEC_ASN1_INTEGER, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToIntegerTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_IntegerTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfIntegerTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_IntegerTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfIntegerTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_IntegerTemplate }
-};
-
-const SEC_ASN1Template SEC_NullTemplate[] = {
- { SEC_ASN1_NULL, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToNullTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_NullTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfNullTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_NullTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfNullTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_NullTemplate }
-};
-
-const SEC_ASN1Template SEC_ObjectIDTemplate[] = {
- { SEC_ASN1_OBJECT_ID, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToObjectIDTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_ObjectIDTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfObjectIDTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_ObjectIDTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfObjectIDTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_ObjectIDTemplate }
-};
-
-const SEC_ASN1Template SEC_OctetStringTemplate[] = {
- { SEC_ASN1_OCTET_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToOctetStringTemplate[] = {
- { SEC_ASN1_POINTER | SEC_ASN1_MAY_STREAM, 0, SEC_OctetStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfOctetStringTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_OctetStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfOctetStringTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_OctetStringTemplate }
-};
-
-const SEC_ASN1Template SEC_PrintableStringTemplate[] = {
- { SEC_ASN1_PRINTABLE_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem)}
-};
-
-const SEC_ASN1Template SEC_PointerToPrintableStringTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_PrintableStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfPrintableStringTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_PrintableStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfPrintableStringTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_PrintableStringTemplate }
-};
-
-const SEC_ASN1Template SEC_T61StringTemplate[] = {
- { SEC_ASN1_T61_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToT61StringTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_T61StringTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfT61StringTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_T61StringTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfT61StringTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_T61StringTemplate }
-};
-
-const SEC_ASN1Template SEC_UniversalStringTemplate[] = {
- { SEC_ASN1_UNIVERSAL_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem)}
-};
-
-const SEC_ASN1Template SEC_PointerToUniversalStringTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_UniversalStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfUniversalStringTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_UniversalStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfUniversalStringTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_UniversalStringTemplate }
-};
-
-const SEC_ASN1Template SEC_UTCTimeTemplate[] = {
- { SEC_ASN1_UTC_TIME | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToUTCTimeTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_UTCTimeTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfUTCTimeTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_UTCTimeTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfUTCTimeTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_UTCTimeTemplate }
-};
-
-const SEC_ASN1Template SEC_UTF8StringTemplate[] = {
- { SEC_ASN1_UTF8_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem)}
-};
-
-const SEC_ASN1Template SEC_PointerToUTF8StringTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_UTF8StringTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfUTF8StringTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_UTF8StringTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfUTF8StringTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_UTF8StringTemplate }
-};
-
-const SEC_ASN1Template SEC_VisibleStringTemplate[] = {
- { SEC_ASN1_VISIBLE_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
-};
-
-const SEC_ASN1Template SEC_PointerToVisibleStringTemplate[] = {
- { SEC_ASN1_POINTER, 0, SEC_VisibleStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SequenceOfVisibleStringTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_VisibleStringTemplate }
-};
-
-const SEC_ASN1Template SEC_SetOfVisibleStringTemplate[] = {
- { SEC_ASN1_SET_OF, 0, SEC_VisibleStringTemplate }
-};
-
-
-/*
- * Template for skipping a subitem.
- *
- * Note that it only makes sense to use this for decoding (when you want
- * to decode something where you are only interested in one or two of
- * the fields); you cannot encode a SKIP!
- */
-const SEC_ASN1Template SEC_SkipTemplate[] = {
- { SEC_ASN1_SKIP }
-};
diff --git a/security/nss/lib/util/secasn1e.c b/security/nss/lib/util/secasn1e.c
deleted file mode 100644
index bc1be4e47..000000000
--- a/security/nss/lib/util/secasn1e.c
+++ /dev/null
@@ -1,1468 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Support for ENcoding ASN.1 data based on BER/DER (Basic/Distinguished
- * Encoding Rules).
- *
- * $Id$
- */
-
-#include "secasn1.h"
-
-typedef enum {
- beforeHeader,
- duringContents,
- duringGroup,
- duringSequence,
- afterContents,
- afterImplicit,
- afterInline,
- afterPointer,
- afterChoice,
- notInUse
-} sec_asn1e_parse_place;
-
-typedef enum {
- allDone,
- encodeError,
- keepGoing,
- needBytes
-} sec_asn1e_parse_status;
-
-typedef struct sec_asn1e_state_struct {
- SEC_ASN1EncoderContext *top;
- const SEC_ASN1Template *theTemplate;
- void *src;
-
- struct sec_asn1e_state_struct *parent; /* aka prev */
- struct sec_asn1e_state_struct *child; /* aka next */
-
- sec_asn1e_parse_place place; /* where we are in encoding process */
-
- /*
- * XXX explain the next fields as clearly as possible...
- */
- unsigned char tag_modifiers;
- unsigned char tag_number;
- unsigned long underlying_kind;
-
- int depth;
-
- PRBool explicit, /* we are handling an explicit header */
- indefinite, /* need end-of-contents */
- is_string, /* encoding a simple string or an ANY */
- may_stream, /* when streaming, do indefinite encoding */
- optional; /* omit field if it has no contents */
-} sec_asn1e_state;
-
-/*
- * An "outsider" will have an opaque pointer to this, created by calling
- * SEC_ASN1EncoderStart(). It will be passed back in to all subsequent
- * calls to SEC_ASN1EncoderUpdate() and related routines, and when done
- * it is passed to SEC_ASN1EncoderFinish().
- */
-struct sec_EncoderContext_struct {
- PRArenaPool *our_pool; /* for our internal allocs */
-
- sec_asn1e_state *current;
- sec_asn1e_parse_status status;
-
- PRBool streaming;
- PRBool from_buf;
-
- SEC_ASN1NotifyProc notify_proc; /* call before/after handling field */
- void *notify_arg; /* argument to notify_proc */
- PRBool during_notify; /* true during call to notify_proc */
-
- SEC_ASN1WriteProc output_proc; /* pass encoded bytes to this */
- void *output_arg; /* argument to that function */
-};
-
-
-static sec_asn1e_state *
-sec_asn1e_push_state (SEC_ASN1EncoderContext *cx,
- const SEC_ASN1Template *theTemplate,
- void *src, PRBool new_depth)
-{
- sec_asn1e_state *state, *new_state;
-
- state = cx->current;
-
- new_state = (sec_asn1e_state*)PORT_ArenaZAlloc (cx->our_pool,
- sizeof(*new_state));
- if (new_state == NULL) {
- cx->status = encodeError;
- return NULL;
- }
-
- new_state->top = cx;
- new_state->parent = state;
- new_state->theTemplate = theTemplate;
- new_state->place = notInUse;
- if (src != NULL)
- new_state->src = (char *)src + theTemplate->offset;
-
- if (state != NULL) {
- new_state->depth = state->depth;
- if (new_depth)
- new_state->depth++;
- state->child = new_state;
- }
-
- cx->current = new_state;
- return new_state;
-}
-
-
-static void
-sec_asn1e_scrub_state (sec_asn1e_state *state)
-{
- /*
- * Some default "scrubbing".
- * XXX right set of initializations?
- */
- state->place = beforeHeader;
- state->indefinite = PR_FALSE;
-}
-
-
-static void
-sec_asn1e_notify_before (SEC_ASN1EncoderContext *cx, void *src, int depth)
-{
- if (cx->notify_proc == NULL)
- return;
-
- cx->during_notify = PR_TRUE;
- (* cx->notify_proc) (cx->notify_arg, PR_TRUE, src, depth);
- cx->during_notify = PR_FALSE;
-}
-
-
-static void
-sec_asn1e_notify_after (SEC_ASN1EncoderContext *cx, void *src, int depth)
-{
- if (cx->notify_proc == NULL)
- return;
-
- cx->during_notify = PR_TRUE;
- (* cx->notify_proc) (cx->notify_arg, PR_FALSE, src, depth);
- cx->during_notify = PR_FALSE;
-}
-
-
-static sec_asn1e_state *
-sec_asn1e_init_state_based_on_template (sec_asn1e_state *state)
-{
- PRBool explicit, is_string, may_stream, optional, universal;
- unsigned char tag_modifiers;
- unsigned long encode_kind, under_kind;
- unsigned long tag_number;
-
-
- encode_kind = state->theTemplate->kind;
-
- universal = ((encode_kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL)
- ? PR_TRUE : PR_FALSE;
-
- explicit = (encode_kind & SEC_ASN1_EXPLICIT) ? PR_TRUE : PR_FALSE;
- encode_kind &= ~SEC_ASN1_EXPLICIT;
-
- optional = (encode_kind & SEC_ASN1_OPTIONAL) ? PR_TRUE : PR_FALSE;
- encode_kind &= ~SEC_ASN1_OPTIONAL;
-
- PORT_Assert (!(explicit && universal)); /* bad templates */
-
- may_stream = (encode_kind & SEC_ASN1_MAY_STREAM) ? PR_TRUE : PR_FALSE;
- encode_kind &= ~SEC_ASN1_MAY_STREAM;
-
- /* Just clear this to get it out of the way; we do not need it here */
- encode_kind &= ~SEC_ASN1_DYNAMIC;
-
- if( encode_kind & SEC_ASN1_CHOICE ) {
- under_kind = SEC_ASN1_CHOICE;
- } else
-
- if ((encode_kind & (SEC_ASN1_POINTER | SEC_ASN1_INLINE)) || (!universal
- && !explicit)) {
- const SEC_ASN1Template *subt;
- void *src;
-
- PORT_Assert ((encode_kind & (SEC_ASN1_ANY | SEC_ASN1_SKIP)) == 0);
-
- sec_asn1e_scrub_state (state);
-
- if (encode_kind & SEC_ASN1_POINTER) {
- /*
- * XXX This used to PORT_Assert (encode_kind == SEC_ASN1_POINTER);
- * but that was too restrictive. This needs to be fixed,
- * probably copying what the decoder now checks for, and
- * adding a big comment here to explain what the checks mean.
- */
- src = *(void **)state->src;
- state->place = afterPointer;
- if (src == NULL) {
- /*
- * If this is optional, but NULL, then the field does
- * not need to be encoded. In this case we are done;
- * we do not want to push a subtemplate.
- */
- if (optional)
- return state;
-
- /*
- * XXX this is an error; need to figure out
- * how to handle this
- */
- }
- } else {
- src = state->src;
- if (encode_kind & SEC_ASN1_INLINE) {
- /* check that there are no extraneous bits */
- PORT_Assert (encode_kind == SEC_ASN1_INLINE && !optional);
- state->place = afterInline;
- } else {
- /*
- * Save the tag modifiers and tag number here before moving
- * on to the next state in case this is a member of a
- * SEQUENCE OF
- */
- state->tag_modifiers = encode_kind & SEC_ASN1_TAG_MASK
- & ~SEC_ASN1_TAGNUM_MASK;
- state->tag_number = encode_kind & SEC_ASN1_TAGNUM_MASK;
-
- state->place = afterImplicit;
- state->optional = optional;
- }
- }
-
- subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->src, PR_TRUE);
- state = sec_asn1e_push_state (state->top, subt, src, PR_FALSE);
- if (state == NULL)
- return NULL;
-
- if (universal) {
- /*
- * This is a POINTER or INLINE; just init based on that
- * and we are done.
- */
- return sec_asn1e_init_state_based_on_template (state);
- }
-
- /*
- * This is an implicit, non-universal (meaning, application-private
- * or context-specific) field. This results in a "magic" tag but
- * encoding based on the underlying type. We pushed a new state
- * that is based on the subtemplate (the underlying type), but
- * now we will sort of alias it to give it some of our properties
- * (tag, optional status, etc.).
- */
-
- under_kind = state->theTemplate->kind;
- if (under_kind & SEC_ASN1_MAY_STREAM) {
- may_stream = PR_TRUE;
- under_kind &= ~SEC_ASN1_MAY_STREAM;
- }
- } else {
- under_kind = encode_kind;
- }
-
- /*
- * Sanity check that there are no unwanted bits marked in under_kind.
- * These bits were either removed above (after we recorded them) or
- * they simply should not be found (signalling a bad/broken template).
- * XXX is this the right set of bits to test here? (i.e. need to add
- * or remove any?)
- */
- PORT_Assert ((under_kind & (SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL
- | SEC_ASN1_SKIP | SEC_ASN1_INNER
- | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM
- | SEC_ASN1_INLINE | SEC_ASN1_POINTER)) == 0);
-
- if (encode_kind & SEC_ASN1_ANY) {
- PORT_Assert (encode_kind == under_kind);
- tag_modifiers = 0;
- tag_number = 0;
- is_string = PR_TRUE;
- } else {
- tag_modifiers = encode_kind & SEC_ASN1_TAG_MASK & ~SEC_ASN1_TAGNUM_MASK;
- /*
- * XXX This assumes only single-octet identifiers. To handle
- * the HIGH TAG form we would need to do some more work, especially
- * in how to specify them in the template, because right now we
- * do not provide a way to specify more *tag* bits in encode_kind.
- */
- tag_number = encode_kind & SEC_ASN1_TAGNUM_MASK;
-
- is_string = PR_FALSE;
- switch (under_kind & SEC_ASN1_TAGNUM_MASK) {
- case SEC_ASN1_SET:
- /*
- * XXX A plain old SET (as opposed to a SET OF) is not implemented.
- * If it ever is, remove this assert...
- */
- PORT_Assert ((under_kind & SEC_ASN1_GROUP) != 0);
- /* fallthru */
- case SEC_ASN1_SEQUENCE:
- tag_modifiers |= SEC_ASN1_CONSTRUCTED;
- break;
- case SEC_ASN1_BIT_STRING:
- case SEC_ASN1_BMP_STRING:
- case SEC_ASN1_GENERALIZED_TIME:
- case SEC_ASN1_IA5_STRING:
- case SEC_ASN1_OCTET_STRING:
- case SEC_ASN1_PRINTABLE_STRING:
- case SEC_ASN1_T61_STRING:
- case SEC_ASN1_UNIVERSAL_STRING:
- case SEC_ASN1_UTC_TIME:
- case SEC_ASN1_UTF8_STRING:
- case SEC_ASN1_VISIBLE_STRING:
- /*
- * We do not yet know if we will be constructing the string,
- * so we have to wait to do this final tag modification.
- */
- is_string = PR_TRUE;
- break;
- }
- }
-
- state->tag_modifiers = tag_modifiers;
- state->tag_number = tag_number;
- state->underlying_kind = under_kind;
- state->explicit = explicit;
- state->may_stream = may_stream;
- state->is_string = is_string;
- state->optional = optional;
-
- sec_asn1e_scrub_state (state);
-
- return state;
-}
-
-
-static void
-sec_asn1e_write_part (sec_asn1e_state *state,
- const char *buf, unsigned long len,
- SEC_ASN1EncodingPart part)
-{
- SEC_ASN1EncoderContext *cx;
-
- cx = state->top;
- (* cx->output_proc) (cx->output_arg, buf, len, state->depth, part);
-}
-
-
-/*
- * XXX This assumes only single-octet identifiers. To handle
- * the HIGH TAG form we would need to modify this interface and
- * teach it to properly encode the special form.
- */
-static void
-sec_asn1e_write_identifier_bytes (sec_asn1e_state *state, unsigned char value)
-{
- char byte;
-
- byte = (char) value;
- sec_asn1e_write_part (state, &byte, 1, SEC_ASN1_Identifier);
-}
-
-int
-SEC_ASN1EncodeLength(unsigned char *buf,int value) {
- int lenlen;
-
- lenlen = SEC_ASN1LengthLength (value);
- if (lenlen == 1) {
- buf[0] = value;
- } else {
- int i;
-
- i = lenlen - 1;
- buf[0] = 0x80 | i;
- while (i) {
- buf[i--] = value;
- value >>= 8;
- }
- PORT_Assert (value == 0);
- }
- return lenlen;
-}
-
-static void
-sec_asn1e_write_length_bytes (sec_asn1e_state *state, unsigned long value,
- PRBool indefinite)
-{
- int lenlen;
- unsigned char buf[sizeof(unsigned long) + 1];
-
- if (indefinite) {
- PORT_Assert (value == 0);
- buf[0] = 0x80;
- lenlen = 1;
- } else {
- lenlen = SEC_ASN1EncodeLength(buf,value);
- }
-
- sec_asn1e_write_part (state, (char *) buf, lenlen, SEC_ASN1_Length);
-}
-
-
-static void
-sec_asn1e_write_contents_bytes (sec_asn1e_state *state,
- const char *buf, unsigned long len)
-{
- sec_asn1e_write_part (state, buf, len, SEC_ASN1_Contents);
-}
-
-
-static void
-sec_asn1e_write_end_of_contents_bytes (sec_asn1e_state *state)
-{
- const char eoc[2] = {0, 0};
-
- sec_asn1e_write_part (state, eoc, 2, SEC_ASN1_EndOfContents);
-}
-
-static int
-sec_asn1e_which_choice
-(
- void *src,
- const SEC_ASN1Template *theTemplate
-)
-{
- int rv;
- int which = *(int *)((char *)src + theTemplate->offset);
-
- for( rv = 1, theTemplate++; theTemplate->kind != 0; rv++, theTemplate++ ) {
- if( which == theTemplate->size ) {
- return rv;
- }
- }
-
- return 0;
-}
-
-static unsigned long
-sec_asn1e_contents_length (const SEC_ASN1Template *theTemplate, void *src,
- PRBool *noheaderp)
-{
- unsigned long encode_kind, underlying_kind;
- PRBool explicit, optional, universal, may_stream;
- unsigned long len;
-
- encode_kind = theTemplate->kind;
-
- universal = ((encode_kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL)
- ? PR_TRUE : PR_FALSE;
-
- explicit = (encode_kind & SEC_ASN1_EXPLICIT) ? PR_TRUE : PR_FALSE;
- encode_kind &= ~SEC_ASN1_EXPLICIT;
-
- optional = (encode_kind & SEC_ASN1_OPTIONAL) ? PR_TRUE : PR_FALSE;
- encode_kind &= ~SEC_ASN1_OPTIONAL;
-
- PORT_Assert (!(explicit && universal)); /* bad templates */
-
- may_stream = (encode_kind & SEC_ASN1_MAY_STREAM) ? PR_TRUE : PR_FALSE;
- encode_kind &= ~SEC_ASN1_MAY_STREAM;
-
- /* Just clear this to get it out of the way; we do not need it here */
- encode_kind &= ~SEC_ASN1_DYNAMIC;
-
- if( encode_kind & SEC_ASN1_CHOICE ) {
- void *src2;
- int indx = sec_asn1e_which_choice(src, theTemplate);
- if( 0 == indx ) {
- /* XXX set an error? "choice not found" */
- /* state->top->status = encodeError; */
- return 0;
- }
-
- src2 = (void *)((char *)src + theTemplate[indx].offset);
-
- return sec_asn1e_contents_length(&theTemplate[indx], src2, noheaderp);
- }
-
- if ((encode_kind & (SEC_ASN1_POINTER | SEC_ASN1_INLINE)) || !universal) {
-
- /* XXX any bits we want to disallow (PORT_Assert against) here? */
-
- theTemplate = SEC_ASN1GetSubtemplate (theTemplate, src, PR_TRUE);
-
- if (encode_kind & SEC_ASN1_POINTER) {
- /*
- * XXX This used to PORT_Assert (encode_kind == SEC_ASN1_POINTER);
- * but that was too restrictive. This needs to be fixed,
- * probably copying what the decoder now checks for, and
- * adding a big comment here to explain what the checks mean.
- * Alternatively, the check here could be omitted altogether
- * just letting sec_asn1e_init_state_based_on_template
- * do it, since that routine can do better error handling, too.
- */
- src = *(void **)src;
- if (src == NULL) {
- if (optional)
- *noheaderp = PR_TRUE;
- else
- *noheaderp = PR_FALSE;
- return 0;
- }
- } else if (encode_kind & SEC_ASN1_INLINE) {
- /* check that there are no extraneous bits */
- PORT_Assert (encode_kind == SEC_ASN1_INLINE && !optional);
- }
-
- src = (char *)src + theTemplate->offset;
-
- if (explicit) {
- len = sec_asn1e_contents_length (theTemplate, src, noheaderp);
- if (len == 0 && optional) {
- *noheaderp = PR_TRUE;
- } else if (*noheaderp) {
- /* Okay, *we* do not want to add in a header, but our caller still does. */
- *noheaderp = PR_FALSE;
- } else {
- /* if the inner content exists, our length is
- * len(identifier) + len(length) + len(innercontent)
- * XXX we currently assume len(identifier) == 1;
- * to support a high-tag-number this would need to be smarter.
- */
- len += 1 + SEC_ASN1LengthLength (len);
- }
- return len;
- }
-
- underlying_kind = theTemplate->kind;
- underlying_kind &= ~SEC_ASN1_MAY_STREAM;
-
- /* XXX Should we recurse here? */
- } else {
- underlying_kind = encode_kind;
- }
-
- /* This is only used in decoding; it plays no part in encoding. */
- if (underlying_kind & SEC_ASN1_SAVE) {
- /* check that there are no extraneous bits */
- PORT_Assert (underlying_kind == SEC_ASN1_SAVE);
- *noheaderp = PR_TRUE;
- return 0;
- }
-
- /* Having any of these bits is not expected here... */
- PORT_Assert ((underlying_kind & (SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL
- | SEC_ASN1_INLINE | SEC_ASN1_POINTER
- | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM
- | SEC_ASN1_SAVE | SEC_ASN1_SKIP)) == 0);
-
- if( underlying_kind & SEC_ASN1_CHOICE ) {
- void *src2;
- int indx = sec_asn1e_which_choice(src, theTemplate);
- if( 0 == indx ) {
- /* XXX set an error? "choice not found" */
- /* state->top->status = encodeError; */
- return 0;
- }
-
- src2 = (void *)((char *)src - theTemplate->offset + theTemplate[indx].offset);
- len = sec_asn1e_contents_length(&theTemplate[indx], src2, noheaderp);
- } else
-
- switch (underlying_kind) {
- case SEC_ASN1_SEQUENCE_OF:
- case SEC_ASN1_SET_OF:
- {
- const SEC_ASN1Template *tmpt;
- void *sub_src;
- unsigned long sub_len;
- void **group;
-
- len = 0;
-
- group = *(void ***)src;
- if (group == NULL)
- break;
-
- tmpt = SEC_ASN1GetSubtemplate (theTemplate, src, PR_TRUE);
-
- for (; *group != NULL; group++) {
- sub_src = (char *)(*group) + tmpt->offset;
- sub_len = sec_asn1e_contents_length (tmpt, sub_src, noheaderp);
- len += sub_len;
- /*
- * XXX The 1 below is the presumed length of the identifier;
- * to support a high-tag-number this would need to be smarter.
- */
- if (!*noheaderp)
- len += 1 + SEC_ASN1LengthLength (sub_len);
- }
- }
- break;
-
- case SEC_ASN1_SEQUENCE:
- case SEC_ASN1_SET:
- {
- const SEC_ASN1Template *tmpt;
- void *sub_src;
- unsigned long sub_len;
-
- len = 0;
- for (tmpt = theTemplate + 1; tmpt->kind; tmpt++) {
- sub_src = (char *)src + tmpt->offset;
- sub_len = sec_asn1e_contents_length (tmpt, sub_src, noheaderp);
- len += sub_len;
- /*
- * XXX The 1 below is the presumed length of the identifier;
- * to support a high-tag-number this would need to be smarter.
- */
- if (!*noheaderp)
- len += 1 + SEC_ASN1LengthLength (sub_len);
- }
- }
- break;
-
- case SEC_ASN1_BIT_STRING:
- /* convert bit length to byte */
- len = (((SECItem *)src)->len + 7) >> 3;
- /* bit string contents involve an extra octet */
- if (len)
- len++;
- break;
-
- default:
- len = ((SECItem *)src)->len;
- if (may_stream && len == 0)
- len = 1; /* if we're streaming, we may have a secitem w/len 0 as placeholder */
- break;
- }
-
- if ((len == 0 && optional) || underlying_kind == SEC_ASN1_ANY)
- *noheaderp = PR_TRUE;
- else
- *noheaderp = PR_FALSE;
-
- return len;
-}
-
-
-static void
-sec_asn1e_write_header (sec_asn1e_state *state)
-{
- unsigned long contents_length;
- unsigned char tag_number, tag_modifiers;
- PRBool noheader;
-
- PORT_Assert (state->place == beforeHeader);
-
- tag_number = state->tag_number;
- tag_modifiers = state->tag_modifiers;
-
- if (state->underlying_kind == SEC_ASN1_ANY) {
- state->place = duringContents;
- return;
- }
-
- if( state->underlying_kind & SEC_ASN1_CHOICE ) {
- void *src2;
- int indx = sec_asn1e_which_choice(state->src, state->theTemplate);
- if( 0 == indx ) {
- /* XXX set an error? "choice not found" */
- state->top->status = encodeError;
- return;
- }
-
- state->place = afterChoice;
- state = sec_asn1e_push_state(state->top, &state->theTemplate[indx],
- state->src, PR_TRUE);
-
- if( (sec_asn1e_state *)NULL != state ) {
- /*
- * Do the "before" field notification.
- */
- sec_asn1e_notify_before (state->top, state->src, state->depth);
- state = sec_asn1e_init_state_based_on_template (state);
- }
-
- return;
- }
-
- /*
- * We are doing a definite-length encoding. First we have to
- * walk the data structure to calculate the entire contents length.
- */
- contents_length = sec_asn1e_contents_length (state->theTemplate,
- state->src, &noheader);
- /*
- * We might be told explicitly not to put out a header.
- * But it can also be the case, via a pushed subtemplate, that
- * sec_asn1e_contents_length could not know that this field is
- * really optional. So check for that explicitly, too.
- */
- if (noheader || (contents_length == 0 && state->optional)) {
- state->place = afterContents;
- if (state->top->streaming && state->may_stream && state->top->from_buf)
- /* we did not find an optional indefinite string, so we don't encode it.
- * However, if TakeFromBuf is on, we stop here anyway to give our caller
- * a chance to intercept at the same point where we would stop if the
- * field were present. */
- state->top->status = needBytes;
- return;
- }
-
- if (state->top->streaming && state->may_stream
- && (state->top->from_buf || !state->is_string)) {
- /*
- * We need to put out an indefinite-length encoding.
- */
- state->indefinite = PR_TRUE;
- /*
- * The only universal types that can be constructed are SETs,
- * SEQUENCEs, and strings; so check that it is one of those,
- * or that it is not universal (e.g. context-specific).
- */
- PORT_Assert ((tag_number == SEC_ASN1_SET)
- || (tag_number == SEC_ASN1_SEQUENCE)
- || ((tag_modifiers & SEC_ASN1_CLASS_MASK) != 0)
- || state->is_string);
- tag_modifiers |= SEC_ASN1_CONSTRUCTED;
- contents_length = 0;
- }
-
- sec_asn1e_write_identifier_bytes (state, tag_number | tag_modifiers);
- sec_asn1e_write_length_bytes (state, contents_length, state->indefinite);
-
- if (contents_length == 0 && !state->indefinite) {
- /*
- * If no real contents to encode, then we are done with this field.
- */
- state->place = afterContents;
- return;
- }
-
- /*
- * An EXPLICIT is nothing but an outer header, which we have already
- * written. Now we need to do the inner header and contents.
- */
- if (state->explicit) {
- state->place = afterContents;
- state = sec_asn1e_push_state (state->top,
- SEC_ASN1GetSubtemplate(state->theTemplate,
- state->src,
- PR_TRUE),
- state->src, PR_TRUE);
- if (state != NULL)
- state = sec_asn1e_init_state_based_on_template (state);
- return;
- }
-
- switch (state->underlying_kind) {
- case SEC_ASN1_SET_OF:
- case SEC_ASN1_SEQUENCE_OF:
- /*
- * We need to push a child to handle each member.
- */
- {
- void **group;
- const SEC_ASN1Template *subt;
-
- group = *(void ***)state->src;
- if (group == NULL || *group == NULL) {
- /*
- * Group is empty; we are done.
- */
- state->place = afterContents;
- return;
- }
- state->place = duringGroup;
- subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->src,
- PR_TRUE);
- state = sec_asn1e_push_state (state->top, subt, *group, PR_TRUE);
- if (state != NULL)
- state = sec_asn1e_init_state_based_on_template (state);
- }
- break;
-
- case SEC_ASN1_SEQUENCE:
- case SEC_ASN1_SET:
- /*
- * We need to push a child to handle the individual fields.
- */
- state->place = duringSequence;
- state = sec_asn1e_push_state (state->top, state->theTemplate + 1,
- state->src, PR_TRUE);
- if (state != NULL) {
- /*
- * Do the "before" field notification.
- */
- sec_asn1e_notify_before (state->top, state->src, state->depth);
- state = sec_asn1e_init_state_based_on_template (state);
- }
- break;
-
- default:
- /*
- * I think we do not need to do anything else.
- * XXX Correct?
- */
- state->place = duringContents;
- break;
- }
-}
-
-
-static void
-sec_asn1e_write_contents (sec_asn1e_state *state,
- const char *buf, unsigned long len)
-{
- PORT_Assert (state->place == duringContents);
-
- if (state->top->from_buf) {
- /*
- * Probably they just turned on "take from buf", but have not
- * yet given us any bytes. If there is nothing in the buffer
- * then we have nothing to do but return and wait.
- */
- if (buf == NULL || len == 0) {
- state->top->status = needBytes;
- return;
- }
- /*
- * We are streaming, reading from a passed-in buffer.
- * This means we are encoding a simple string or an ANY.
- * For the former, we need to put out a substring, with its
- * own identifier and length. For an ANY, we just write it
- * out as is (our caller is required to ensure that it
- * is a properly encoded entity).
- */
- PORT_Assert (state->is_string); /* includes ANY */
- if (state->underlying_kind != SEC_ASN1_ANY) {
- unsigned char identifier;
-
- /*
- * Create the identifier based on underlying_kind. We cannot
- * use tag_number and tag_modifiers because this can be an
- * implicitly encoded field. In that case, the underlying
- * substrings *are* encoded with their real tag.
- */
- identifier = state->underlying_kind & SEC_ASN1_TAG_MASK;
- /*
- * The underlying kind should just be a simple string; there
- * should be no bits like CONTEXT_SPECIFIC or CONSTRUCTED set.
- */
- PORT_Assert ((identifier & SEC_ASN1_TAGNUM_MASK) == identifier);
- /*
- * Write out the tag and length for the substring.
- */
- sec_asn1e_write_identifier_bytes (state, identifier);
- if (state->underlying_kind == SEC_ASN1_BIT_STRING) {
- char byte;
- /*
- * Assume we have a length in bytes but we need to output
- * a proper bit string. This interface only works for bit
- * strings that are full multiples of 8. If support for
- * real, variable length bit strings is needed then the
- * caller will have to know to pass in a bit length instead
- * of a byte length and then this code will have to
- * perform the encoding necessary (length written is length
- * in bytes plus 1, and the first octet of string is the
- * number of bits remaining between the end of the bit
- * string and the next byte boundary).
- */
- sec_asn1e_write_length_bytes (state, len + 1, PR_FALSE);
- byte = 0;
- sec_asn1e_write_contents_bytes (state, &byte, 1);
- } else {
- sec_asn1e_write_length_bytes (state, len, PR_FALSE);
- }
- }
- sec_asn1e_write_contents_bytes (state, buf, len);
- state->top->status = needBytes;
- } else {
- switch (state->underlying_kind) {
- case SEC_ASN1_SET:
- case SEC_ASN1_SEQUENCE:
- PORT_Assert (0);
- break;
-
- case SEC_ASN1_BIT_STRING:
- {
- SECItem *item;
- char rem;
-
- item = (SECItem *)state->src;
- len = (item->len + 7) >> 3;
- rem = (len << 3) - item->len; /* remaining bits */
- sec_asn1e_write_contents_bytes (state, &rem, 1);
- sec_asn1e_write_contents_bytes (state, (char *) item->data,
- len);
- }
- break;
-
- case SEC_ASN1_BMP_STRING:
- /* The number of bytes must be divisable by 2 */
- if ((((SECItem *)state->src)->len) % 2) {
- SEC_ASN1EncoderContext *cx;
-
- cx = state->top;
- cx->status = encodeError;
- break;
- }
- /* otherwise, fall through to write the content */
- goto process_string;
-
- case SEC_ASN1_UNIVERSAL_STRING:
- /* The number of bytes must be divisable by 4 */
- if ((((SECItem *)state->src)->len) % 4) {
- SEC_ASN1EncoderContext *cx;
-
- cx = state->top;
- cx->status = encodeError;
- break;
- }
- /* otherwise, fall through to write the content */
- goto process_string;
-
-process_string:
- default:
- {
- SECItem *item;
-
- item = (SECItem *)state->src;
- sec_asn1e_write_contents_bytes (state, (char *) item->data,
- item->len);
- }
- break;
- }
- state->place = afterContents;
- }
-}
-
-
-/*
- * We are doing a SET OF or SEQUENCE OF, and have just finished an item.
- */
-static void
-sec_asn1e_next_in_group (sec_asn1e_state *state)
-{
- sec_asn1e_state *child;
- void **group;
- void *member;
-
- PORT_Assert (state->place == duringGroup);
- PORT_Assert (state->child != NULL);
-
- child = state->child;
-
- group = *(void ***)state->src;
-
- /*
- * Find placement of current item.
- */
- member = (char *)(state->child->src) - child->theTemplate->offset;
- while (*group != member)
- group++;
-
- /*
- * Move forward to next item.
- */
- group++;
- if (*group == NULL) {
- /*
- * That was our last one; we are done now.
- */
- child->place = notInUse;
- state->place = afterContents;
- return;
- }
- child->src = (char *)(*group) + child->theTemplate->offset;
-
- /*
- * Re-"push" child.
- */
- sec_asn1e_scrub_state (child);
- state->top->current = child;
-}
-
-
-/*
- * We are moving along through a sequence; move forward by one,
- * (detecting end-of-sequence when it happens).
- */
-static void
-sec_asn1e_next_in_sequence (sec_asn1e_state *state)
-{
- sec_asn1e_state *child;
-
- PORT_Assert (state->place == duringSequence);
- PORT_Assert (state->child != NULL);
-
- child = state->child;
-
- /*
- * Do the "after" field notification.
- */
- sec_asn1e_notify_after (state->top, child->src, child->depth);
-
- /*
- * Move forward.
- */
- child->theTemplate++;
- if (child->theTemplate->kind == 0) {
- /*
- * We are done with this sequence.
- */
- child->place = notInUse;
- state->place = afterContents;
- return;
- }
-
- /*
- * Reset state and push.
- */
-
- child->src = (char *)state->src + child->theTemplate->offset;
-
- /*
- * Do the "before" field notification.
- */
- sec_asn1e_notify_before (state->top, child->src, child->depth);
-
- state->top->current = child;
- (void) sec_asn1e_init_state_based_on_template (child);
-}
-
-
-static void
-sec_asn1e_after_contents (sec_asn1e_state *state)
-{
- PORT_Assert (state->place == afterContents);
-
- if (state->indefinite)
- sec_asn1e_write_end_of_contents_bytes (state);
-
- /*
- * Just make my parent be the current state. It will then clean
- * up after me and free me (or reuse me).
- */
- state->top->current = state->parent;
-}
-
-
-/*
- * This function is called whether or not we are streaming; if we
- * *are* streaming, our caller can also instruct us to take bytes
- * from the passed-in buffer (at buf, for length len, which is likely
- * bytes but could even mean bits if the current field is a bit string).
- * If we have been so instructed, we will gobble up bytes from there
- * (rather than from our src structure) and output them, and then
- * we will just return, expecting to be called again -- either with
- * more bytes or after our caller has instructed us that we are done
- * (for now) with the buffer.
- */
-SECStatus
-SEC_ASN1EncoderUpdate (SEC_ASN1EncoderContext *cx,
- const char *buf, unsigned long len)
-{
- sec_asn1e_state *state;
-
- if (cx->status == needBytes) {
- PORT_Assert (buf != NULL && len != 0);
- cx->status = keepGoing;
- }
-
- while (cx->status == keepGoing) {
- state = cx->current;
- switch (state->place) {
- case beforeHeader:
- sec_asn1e_write_header (state);
- break;
- case duringContents:
- sec_asn1e_write_contents (state, buf, len);
- break;
- case duringGroup:
- sec_asn1e_next_in_group (state);
- break;
- case duringSequence:
- sec_asn1e_next_in_sequence (state);
- break;
- case afterContents:
- sec_asn1e_after_contents (state);
- break;
- case afterImplicit:
- case afterInline:
- case afterPointer:
- case afterChoice:
- /*
- * These states are more documentation than anything.
- * They just need to force a pop.
- */
- PORT_Assert (!state->indefinite);
- state->place = afterContents;
- break;
- case notInUse:
- default:
- /* This is not an error, but rather a plain old BUG! */
- PORT_Assert (0);
- cx->status = encodeError;
- break;
- }
-
- if (cx->status == encodeError)
- break;
-
- /* It might have changed, so we have to update our local copy. */
- state = cx->current;
-
- /* If it is NULL, we have popped all the way to the top. */
- if (state == NULL) {
- cx->status = allDone;
- break;
- }
- }
-
- if (cx->status == encodeError) {
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-
-void
-SEC_ASN1EncoderFinish (SEC_ASN1EncoderContext *cx)
-{
- /*
- * XXX anything else that needs to be finished?
- */
-
- PORT_FreeArena (cx->our_pool, PR_FALSE);
-}
-
-
-SEC_ASN1EncoderContext *
-SEC_ASN1EncoderStart (void *src, const SEC_ASN1Template *theTemplate,
- SEC_ASN1WriteProc output_proc, void *output_arg)
-{
- PRArenaPool *our_pool;
- SEC_ASN1EncoderContext *cx;
-
- our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (our_pool == NULL)
- return NULL;
-
- cx = (SEC_ASN1EncoderContext*)PORT_ArenaZAlloc (our_pool, sizeof(*cx));
- if (cx == NULL) {
- PORT_FreeArena (our_pool, PR_FALSE);
- return NULL;
- }
-
- cx->our_pool = our_pool;
- cx->output_proc = output_proc;
- cx->output_arg = output_arg;
-
- cx->status = keepGoing;
-
- if (sec_asn1e_push_state(cx, theTemplate, src, PR_FALSE) == NULL
- || sec_asn1e_init_state_based_on_template (cx->current) == NULL) {
- /*
- * Trouble initializing (probably due to failed allocations)
- * requires that we just give up.
- */
- PORT_FreeArena (our_pool, PR_FALSE);
- return NULL;
- }
-
- return cx;
-}
-
-
-/*
- * XXX Do we need a FilterProc, too?
- */
-
-
-void
-SEC_ASN1EncoderSetNotifyProc (SEC_ASN1EncoderContext *cx,
- SEC_ASN1NotifyProc fn, void *arg)
-{
- cx->notify_proc = fn;
- cx->notify_arg = arg;
-}
-
-
-void
-SEC_ASN1EncoderClearNotifyProc (SEC_ASN1EncoderContext *cx)
-{
- cx->notify_proc = NULL;
- cx->notify_arg = NULL; /* not necessary; just being clean */
-}
-
-
-void
-SEC_ASN1EncoderSetStreaming (SEC_ASN1EncoderContext *cx)
-{
- /* XXX is there a way to check that we are "between" fields here? */
-
- cx->streaming = PR_TRUE;
-}
-
-
-void
-SEC_ASN1EncoderClearStreaming (SEC_ASN1EncoderContext *cx)
-{
- /* XXX is there a way to check that we are "between" fields here? */
-
- cx->streaming = PR_FALSE;
-}
-
-
-void
-SEC_ASN1EncoderSetTakeFromBuf (SEC_ASN1EncoderContext *cx)
-{
- /*
- * XXX is there a way to check that we are "between" fields here? this
- * needs to include a check for being in between groups of items in
- * a SET_OF or SEQUENCE_OF.
- */
- PORT_Assert (cx->streaming);
-
- cx->from_buf = PR_TRUE;
-}
-
-
-void
-SEC_ASN1EncoderClearTakeFromBuf (SEC_ASN1EncoderContext *cx)
-{
- /* we should actually be taking from buf *now* */
- PORT_Assert (cx->from_buf);
- if (! cx->from_buf) /* if not, just do nothing */
- return;
-
- cx->from_buf = PR_FALSE;
-
- if (cx->status == needBytes) {
- cx->status = keepGoing;
- cx->current->place = afterContents;
- }
-}
-
-
-SECStatus
-SEC_ASN1Encode (void *src, const SEC_ASN1Template *theTemplate,
- SEC_ASN1WriteProc output_proc, void *output_arg)
-{
- SEC_ASN1EncoderContext *ecx;
- SECStatus rv;
-
- ecx = SEC_ASN1EncoderStart (src, theTemplate, output_proc, output_arg);
- if (ecx == NULL)
- return SECFailure;
-
- rv = SEC_ASN1EncoderUpdate (ecx, NULL, 0);
-
- SEC_ASN1EncoderFinish (ecx);
- return rv;
-}
-
-
-/*
- * XXX depth and data_kind are unused; is there a PC way to silence warnings?
- * (I mean "politically correct", not anything to do with intel/win platform)
- */
-static void
-sec_asn1e_encode_item_count (void *arg, const char *buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
-{
- unsigned long *count;
-
- count = (unsigned long*)arg;
- PORT_Assert (count != NULL);
-
- *count += len;
-}
-
-
-/* XXX depth and data_kind are unused; is there a PC way to silence warnings? */
-static void
-sec_asn1e_encode_item_store (void *arg, const char *buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
-{
- SECItem *dest;
-
- dest = (SECItem*)arg;
- PORT_Assert (dest != NULL);
-
- PORT_Memcpy (dest->data + dest->len, buf, len);
- dest->len += len;
-}
-
-
-/*
- * Allocate an entire SECItem, or just the data part of it, to hold
- * "len" bytes of stuff. Allocate from the given pool, if specified,
- * otherwise just do a vanilla PORT_Alloc.
- *
- * XXX This seems like a reasonable general-purpose function (for SECITEM_)?
- */
-static SECItem *
-sec_asn1e_allocate_item (PRArenaPool *poolp, SECItem *dest, unsigned long len)
-{
- if (poolp != NULL) {
- void *release;
-
- release = PORT_ArenaMark (poolp);
- if (dest == NULL)
- dest = (SECItem*)PORT_ArenaAlloc (poolp, sizeof(SECItem));
- if (dest != NULL) {
- dest->data = (unsigned char*)PORT_ArenaAlloc (poolp, len);
- if (dest->data == NULL) {
- dest = NULL;
- }
- }
- if (dest == NULL) {
- /* one or both allocations failed; release everything */
- PORT_ArenaRelease (poolp, release);
- } else {
- /* everything okay; unmark the arena */
- PORT_ArenaUnmark (poolp, release);
- }
- } else {
- SECItem *indest;
-
- indest = dest;
- if (dest == NULL)
- dest = (SECItem*)PORT_Alloc (sizeof(SECItem));
- if (dest != NULL) {
- dest->data = (unsigned char*)PORT_Alloc (len);
- if (dest->data == NULL) {
- if (indest == NULL)
- PORT_Free (dest);
- dest = NULL;
- }
- }
- }
-
- return dest;
-}
-
-
-SECItem *
-SEC_ASN1EncodeItem (PRArenaPool *poolp, SECItem *dest, void *src,
- const SEC_ASN1Template *theTemplate)
-{
- unsigned long encoding_length;
- SECStatus rv;
-
- PORT_Assert (dest == NULL || dest->data == NULL);
-
- encoding_length = 0;
- rv = SEC_ASN1Encode (src, theTemplate,
- sec_asn1e_encode_item_count, &encoding_length);
- if (rv != SECSuccess)
- return NULL;
-
- dest = sec_asn1e_allocate_item (poolp, dest, encoding_length);
- if (dest == NULL)
- return NULL;
-
- /* XXX necessary? This really just checks for a bug in the allocate fn */
- PORT_Assert (dest->data != NULL);
- if (dest->data == NULL)
- return NULL;
-
- dest->len = 0;
- (void) SEC_ASN1Encode (src, theTemplate, sec_asn1e_encode_item_store, dest);
-
- PORT_Assert (encoding_length == dest->len);
- return dest;
-}
-
-
-static SECItem *
-sec_asn1e_integer(PRArenaPool *poolp, SECItem *dest, unsigned long value,
- PRBool make_unsigned)
-{
- unsigned long copy;
- unsigned char sign;
- int len = 0;
-
- /*
- * Determine the length of the encoded value (minimum of 1).
- */
- copy = value;
- do {
- len++;
- sign = copy & 0x80;
- copy >>= 8;
- } while (copy);
-
- /*
- * If this is an unsigned encoding, and the high bit of the last
- * byte we counted was set, we need to add one to the length so
- * we put a high-order zero byte in the encoding.
- */
- if (sign && make_unsigned)
- len++;
-
- /*
- * Allocate the item (if necessary) and the data pointer within.
- */
- dest = sec_asn1e_allocate_item (poolp, dest, len);
- if (dest == NULL)
- return NULL;
-
- /*
- * Store the value, byte by byte, in the item.
- */
- dest->len = len;
- while (len) {
- dest->data[--len] = value;
- value >>= 8;
- }
- PORT_Assert (value == 0);
-
- return dest;
-}
-
-
-SECItem *
-SEC_ASN1EncodeInteger(PRArenaPool *poolp, SECItem *dest, long value)
-{
- return sec_asn1e_integer (poolp, dest, (unsigned long) value, PR_FALSE);
-}
-
-
-extern SECItem *
-SEC_ASN1EncodeUnsignedInteger(PRArenaPool *poolp,
- SECItem *dest, unsigned long value)
-{
- return sec_asn1e_integer (poolp, dest, value, PR_TRUE);
-}
diff --git a/security/nss/lib/util/secasn1t.h b/security/nss/lib/util/secasn1t.h
deleted file mode 100644
index 1e87ed12c..000000000
--- a/security/nss/lib/util/secasn1t.h
+++ /dev/null
@@ -1,259 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Types for encoding/decoding of ASN.1 using BER/DER (Basic/Distinguished
- * Encoding Rules).
- *
- * $Id$
- */
-
-#ifndef _SECASN1T_H_
-#define _SECASN1T_H_
-
-/*
-** An array of these structures defines a BER/DER encoding for an object.
-**
-** The array usually starts with a dummy entry whose kind is SEC_ASN1_SEQUENCE;
-** such an array is terminated with an entry where kind == 0. (An array
-** which consists of a single component does not require a second dummy
-** entry -- the array is only searched as long as previous component(s)
-** instruct it.)
-*/
-typedef struct sec_ASN1Template_struct {
- /*
- ** Kind of item being decoded/encoded, including tags and modifiers.
- */
- unsigned long kind;
-
- /*
- ** The value is the offset from the base of the structure to the
- ** field that holds the value being decoded/encoded.
- */
- unsigned long offset;
-
- /*
- ** When kind suggests it (SEC_ASN1_POINTER, SEC_ASN1_GROUP, SEC_ASN1_INLINE,
- ** or a component that is *not* a SEC_ASN1_UNIVERSAL), this points to
- ** a sub-template for nested encoding/decoding,
- ** OR, iff SEC_ASN1_DYNAMIC is set, then this is a pointer to a pointer
- ** to a function which will return the appropriate template when called
- ** at runtime. NOTE! that explicit level of indirection, which is
- ** necessary because ANSI does not allow you to store a function
- ** pointer directly as a "void *" so we must store it separately and
- ** dereference it to get at the function pointer itself.
- */
- const void *sub;
-
- /*
- ** In the first element of a template array, the value is the size
- ** of the structure to allocate when this template is being referenced
- ** by another template via SEC_ASN1_POINTER or SEC_ASN1_GROUP.
- ** In all other cases, the value is ignored.
- */
- unsigned int size;
-} SEC_ASN1Template;
-
-
-/* default size used for allocation of encoding/decoding stuff */
-/* XXX what is the best value here? */
-#define SEC_ASN1_DEFAULT_ARENA_SIZE (2048)
-
-/*
-** BER/DER values for ASN.1 identifier octets.
-*/
-#define SEC_ASN1_TAG_MASK 0xff
-
-/*
- * BER/DER universal type tag numbers.
- * The values are defined by the X.208 standard; do not change them!
- * NOTE: if you add anything to this list, you must add code to secasn1d.c
- * to accept the tag, and probably also to secasn1e.c to encode it.
- * XXX It appears some have been added recently without being added to
- * the code; so need to go through the list now and double-check them all.
- * (Look especially at those added in revision 1.10.)
- */
-#define SEC_ASN1_TAGNUM_MASK 0x1f
-#define SEC_ASN1_BOOLEAN 0x01
-#define SEC_ASN1_INTEGER 0x02
-#define SEC_ASN1_BIT_STRING 0x03
-#define SEC_ASN1_OCTET_STRING 0x04
-#define SEC_ASN1_NULL 0x05
-#define SEC_ASN1_OBJECT_ID 0x06
-#define SEC_ASN1_OBJECT_DESCRIPTOR 0x07
-/* External type and instance-of type 0x08 */
-#define SEC_ASN1_REAL 0x09
-#define SEC_ASN1_ENUMERATED 0x0a
-#define SEC_ASN1_EMBEDDED_PDV 0x0b
-#define SEC_ASN1_UTF8_STRING 0x0c
-#define SEC_ASN1_SEQUENCE 0x10
-#define SEC_ASN1_SET 0x11
-#define SEC_ASN1_NUMERIC_STRING 0x12
-#define SEC_ASN1_PRINTABLE_STRING 0x13
-#define SEC_ASN1_T61_STRING 0x14
-#define SEC_ASN1_TELETEX_STRING SEC_ASN1_T61_STRING
-#define SEC_ASN1_VIDEOTEX_STRING 0x15
-#define SEC_ASN1_IA5_STRING 0x16
-#define SEC_ASN1_UTC_TIME 0x17
-#define SEC_ASN1_GENERALIZED_TIME 0x18
-#define SEC_ASN1_GRAPHIC_STRING 0x19
-#define SEC_ASN1_VISIBLE_STRING 0x1a
-#define SEC_ASN1_GENERAL_STRING 0x1b
-#define SEC_ASN1_UNIVERSAL_STRING 0x1c
-/* 0x1d */
-#define SEC_ASN1_BMP_STRING 0x1e
-#define SEC_ASN1_HIGH_TAG_NUMBER 0x1f
-
-/*
-** Modifiers to type tags. These are also specified by a/the
-** standard, and must not be changed.
-*/
-
-#define SEC_ASN1_METHOD_MASK 0x20
-#define SEC_ASN1_PRIMITIVE 0x00
-#define SEC_ASN1_CONSTRUCTED 0x20
-
-#define SEC_ASN1_CLASS_MASK 0xc0
-#define SEC_ASN1_UNIVERSAL 0x00
-#define SEC_ASN1_APPLICATION 0x40
-#define SEC_ASN1_CONTEXT_SPECIFIC 0x80
-#define SEC_ASN1_PRIVATE 0xc0
-
-/*
-** Our additions, used for templates.
-** These are not defined by any standard; the values are used internally only.
-** Just be careful to keep them out of the low 8 bits.
-** XXX finish comments
-*/
-#define SEC_ASN1_OPTIONAL 0x00100
-#define SEC_ASN1_EXPLICIT 0x00200
-#define SEC_ASN1_ANY 0x00400
-#define SEC_ASN1_INLINE 0x00800
-#define SEC_ASN1_POINTER 0x01000
-#define SEC_ASN1_GROUP 0x02000 /* with SET or SEQUENCE means
- * SET OF or SEQUENCE OF */
-#define SEC_ASN1_DYNAMIC 0x04000 /* subtemplate is found by calling
- * a function at runtime */
-#define SEC_ASN1_SKIP 0x08000 /* skip a field; only for decoding */
-#define SEC_ASN1_INNER 0x10000 /* with ANY means capture the
- * contents only (not the id, len,
- * or eoc); only for decoding */
-#define SEC_ASN1_SAVE 0x20000 /* stash away the encoded bytes first;
- * only for decoding */
-#define SEC_ASN1_MAY_STREAM 0x40000 /* field or one of its sub-fields may
- * stream in and so should encode as
- * indefinite-length when streaming
- * has been indicated; only for
- * encoding */
-#define SEC_ASN1_SKIP_REST 0x80000 /* skip all following fields;
- only for decoding */
-#define SEC_ASN1_CHOICE 0x100000 /* pick one from a template */
-
-/* Shorthand/Aliases */
-#define SEC_ASN1_SEQUENCE_OF (SEC_ASN1_GROUP | SEC_ASN1_SEQUENCE)
-#define SEC_ASN1_SET_OF (SEC_ASN1_GROUP | SEC_ASN1_SET)
-#define SEC_ASN1_ANY_CONTENTS (SEC_ASN1_ANY | SEC_ASN1_INNER)
-
-/*
-** Function used for SEC_ASN1_DYNAMIC.
-** "arg" is a pointer to the structure being encoded/decoded
-** "enc", when true, means that we are encoding (false means decoding)
-*/
-typedef const SEC_ASN1Template * (* SEC_ChooseASN1TemplateFunc)(void *arg,
- PRBool enc);
-
-/*
-** Opaque object used by the decoder to store state.
-*/
-typedef struct sec_DecoderContext_struct SEC_ASN1DecoderContext;
-
-/*
-** Opaque object used by the encoder to store state.
-*/
-typedef struct sec_EncoderContext_struct SEC_ASN1EncoderContext;
-
-/*
- * This is used to describe to a filter function the bytes that are
- * being passed to it. This is only useful when the filter is an "outer"
- * one, meaning it expects to get *all* of the bytes not just the
- * contents octets.
- */
-typedef enum {
- SEC_ASN1_Identifier,
- SEC_ASN1_Length,
- SEC_ASN1_Contents,
- SEC_ASN1_EndOfContents
-} SEC_ASN1EncodingPart;
-
-/*
- * Type of the function pointer used either for decoding or encoding,
- * when doing anything "funny" (e.g. manipulating the data stream)
- */
-typedef void (* SEC_ASN1NotifyProc)(void *arg, PRBool before,
- void *dest, int real_depth);
-
-/*
- * Type of the function pointer used for grabbing encoded bytes.
- * This can be used during either encoding or decoding, as follows...
- *
- * When decoding, this can be used to filter the encoded bytes as they
- * are parsed. This is what you would do if you wanted to process the data
- * along the way (like to decrypt it, or to perform a hash on it in order
- * to do a signature check later). See SEC_ASN1DecoderSetFilterProc().
- * When processing only part of the encoded bytes is desired, you "watch"
- * for the field(s) you are interested in with a "notify proc" (see
- * SEC_ASN1DecoderSetNotifyProc()) and for even finer granularity (e.g. to
- * ignore all by the contents bytes) you pay attention to the "data_kind"
- * parameter.
- *
- * When encoding, this is the specification for the output function which
- * will receive the bytes as they are encoded. The output function can
- * perform any postprocessing necessary (like hashing (some of) the data
- * to create a digest that gets included at the end) as well as shoving
- * the data off wherever it needs to go. (In order to "tune" any processing,
- * you can set a "notify proc" as described above in the decoding case.)
- *
- * The parameters:
- * - "arg" is an opaque pointer that you provided at the same time you
- * specified a function of this type
- * - "data" is a buffer of length "len", containing the encoded bytes
- * - "depth" is how deep in a nested encoding we are (it is not usually
- * valuable, but can be useful sometimes so I included it)
- * - "data_kind" tells you if these bytes are part of the ASN.1 encoded
- * octets for identifier, length, contents, or end-of-contents
- */
-typedef void (* SEC_ASN1WriteProc)(void *arg,
- const char *data, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind);
-
-#endif /* _SECASN1T_H_ */
diff --git a/security/nss/lib/util/secasn1u.c b/security/nss/lib/util/secasn1u.c
deleted file mode 100644
index ea068893b..000000000
--- a/security/nss/lib/util/secasn1u.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Utility routines to complement the ASN.1 encoding and decoding functions.
- *
- * $Id$
- */
-
-#include "secasn1.h"
-
-
-/*
- * We have a length that needs to be encoded; how many bytes will the
- * encoding take?
- *
- * The rules are that 0 - 0x7f takes one byte (the length itself is the
- * entire encoding); everything else takes one plus the number of bytes
- * in the length.
- */
-int
-SEC_ASN1LengthLength (unsigned long len)
-{
- int lenlen = 1;
-
- if (len > 0x7f) {
- do {
- lenlen++;
- len >>= 8;
- } while (len);
- }
-
- return lenlen;
-}
-
-
-/*
- * XXX Move over (and rewrite as appropriate) the rest of the
- * stuff in dersubr.c!
- */
-
-
-/*
- * Find the appropriate subtemplate for the given template.
- * This may involve calling a "chooser" function, or it may just
- * be right there. In either case, it is expected to *have* a
- * subtemplate; this is asserted in debug builds (in non-debug
- * builds, NULL will be returned).
- *
- * "thing" is a pointer to the structure being encoded/decoded
- * "encoding", when true, means that we are in the process of encoding
- * (as opposed to in the process of decoding)
- */
-const SEC_ASN1Template *
-SEC_ASN1GetSubtemplate (const SEC_ASN1Template *theTemplate, void *thing,
- PRBool encoding)
-{
- const SEC_ASN1Template *subt;
-
- PORT_Assert (theTemplate->sub != NULL);
- if (theTemplate->kind & SEC_ASN1_DYNAMIC) {
- SEC_ChooseASN1TemplateFunc chooser, *chooserp;
-
- chooserp = (SEC_ChooseASN1TemplateFunc *) theTemplate->sub;
- if (chooserp == NULL || *chooserp == NULL)
- return NULL;
- chooser = *chooserp;
- if (thing != NULL)
- thing = (char *)thing - theTemplate->offset;
- subt = (* chooser)(thing, encoding);
- } else {
- subt = (SEC_ASN1Template*)theTemplate->sub;
- }
-
- return subt;
-}
diff --git a/security/nss/lib/util/seccomon.h b/security/nss/lib/util/seccomon.h
deleted file mode 100644
index 707db8bbc..000000000
--- a/security/nss/lib/util/seccomon.h
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * seccomon.h - common data structures for security libraries
- *
- * This file should have lowest-common-denominator datastructures
- * for security libraries. It should not be dependent on any other
- * headers, and should not require linking with any libraries.
- *
- * $Id$
- */
-
-#ifndef _SECCOMMON_H_
-#define _SECCOMMON_H_
-
-#include "prtypes.h"
-
-
-#ifdef __cplusplus
-# define SEC_BEGIN_PROTOS extern "C" {
-# define SEC_END_PROTOS }
-#else
-# define SEC_BEGIN_PROTOS
-# define SEC_END_PROTOS
-#endif
-
-#include "secport.h"
-
-typedef enum {
- siBuffer,
- siClearDataBuffer,
- siCipherDataBuffer,
- siDERCertBuffer,
- siEncodedCertBuffer,
- siDERNameBuffer,
- siEncodedNameBuffer,
- siAsciiNameString,
- siAsciiString,
- siDEROID
-} SECItemType;
-
-typedef struct SECItemStr SECItem;
-
-struct SECItemStr {
- SECItemType type;
- unsigned char *data;
- unsigned int len;
-};
-
-/*
-** A status code. Status's are used by procedures that return status
-** values. Again the motivation is so that a compiler can generate
-** warnings when return values are wrong. Correct testing of status codes:
-**
-** SECStatus rv;
-** rv = some_function (some_argument);
-** if (rv != SECSuccess)
-** do_an_error_thing();
-**
-*/
-typedef enum _SECStatus {
- SECWouldBlock = -2,
- SECFailure = -1,
- SECSuccess = 0
-} SECStatus;
-
-/*
-** A comparison code. Used for procedures that return comparision
-** values. Again the motivation is so that a compiler can generate
-** warnings when return values are wrong.
-*/
-typedef enum _SECComparison {
- SECLessThan = -1,
- SECEqual = 0,
- SECGreaterThan = 1
-} SECComparison;
-
-#endif /* _SECCOMMON_H_ */
diff --git a/security/nss/lib/util/secder.h b/security/nss/lib/util/secder.h
deleted file mode 100644
index 3f957ab9c..000000000
--- a/security/nss/lib/util/secder.h
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _SECDER_H_
-#define _SECDER_H_
-
-/*
- * secder.h - public data structures and prototypes for the DER encoding and
- * decoding utilities library
- *
- * $Id$
- */
-
-#include <time.h>
-#include "plarena.h"
-#include "prlong.h"
-
-#include "seccomon.h"
-#include "secdert.h"
-
-SEC_BEGIN_PROTOS
-
-/*
-** Decode a piece of der encoded data.
-** "dest" points to a structure that will be filled in with the
-** decoding results. (NOTE: it should be zeroed before calling;
-** optional/missing fields are not zero-filled by DER_Decode.)
-** "t" is a template structure which defines the shape of the
-** expected data.
-** "src" is the der encoded data.
-** NOTE: substructures of "dest" will be allocated as needed from
-** "arena", but data subfields will point directly into the buffer
-** passed in as src->data. That is, the resulting "dest" structure
-** will contain pointers back into src->data, which must remain
-** active (allocated) and unmodified for as long as "dest" is active.
-** If this is a potential problem, you may want to just dup the buffer
-** (allocated from "arena", probably) and pass *that* in instead.
-*/
-extern SECStatus DER_Decode(PRArenaPool *arena, void *dest, DERTemplate *t,
- SECItem *src);
-
-/*
-** Encode a data structure into DER.
-** "dest" will be filled in (and memory allocated) to hold the der
-** encoded structure in "src"
-** "t" is a template structure which defines the shape of the
-** stored data
-** "src" is a pointer to the structure that will be encoded
-*/
-extern SECStatus DER_Encode(PRArenaPool *arena, SECItem *dest, DERTemplate *t,
- void *src);
-
-extern SECStatus DER_Lengths(SECItem *item, int *header_len_p, uint32 *contents_len_p);
-
-/*
-** Lower level der subroutine that stores the standard header into "to".
-** The header is of variable length, based on encodingLen.
-** The return value is the new value of "to" after skipping over the header.
-** "to" is where the header will be stored
-** "code" is the der code to write
-** "encodingLen" is the number of bytes of data that will follow
-** the header
-*/
-extern unsigned char *DER_StoreHeader(unsigned char *to, unsigned int code,
- uint32 encodingLen);
-
-/*
-** Return the number of bytes it will take to hold a der encoded length.
-*/
-extern int DER_LengthLength(uint32 len);
-
-/*
-** Store a der encoded *signed* integer (whose value is "src") into "dst".
-** XXX This should really be enhanced to take a long.
-*/
-extern SECStatus DER_SetInteger(PRArenaPool *arena, SECItem *dst, int32 src);
-
-/*
-** Store a der encoded *unsigned* integer (whose value is "src") into "dst".
-** XXX This should really be enhanced to take an unsigned long.
-*/
-extern SECStatus DER_SetUInteger(PRArenaPool *arena, SECItem *dst, uint32 src);
-
-/*
-** Decode a der encoded *signed* integer that is stored in "src".
-** If "-1" is returned, then the caller should check the error in
-** XP_GetError() to see if an overflow occurred (SEC_ERROR_BAD_DER).
-*/
-extern long DER_GetInteger(SECItem *src);
-
-/*
-** Decode a der encoded *unsigned* integer that is stored in "src".
-** If the ULONG_MAX is returned, then the caller should check the error
-** in XP_GetError() to see if an overflow occurred (SEC_ERROR_BAD_DER).
-*/
-extern unsigned long DER_GetUInteger(SECItem *src);
-
-/*
-** Convert a "UNIX" time value to a der encoded time value.
-** "result" is the der encoded time (memory is allocated)
-** "time" is the "UNIX" time value (Since Jan 1st, 1970).
-** The caller is responsible for freeing up the buffer which
-** result->data points to upon a successfull operation.
-*/
-extern SECStatus DER_TimeToUTCTime(SECItem *result, int64 time);
-
-/*
-** Convert an ascii encoded time value (according to DER rules) into
-** a UNIX time value.
-** "result" the resulting "UNIX" time
-** "string" the der notation ascii value to decode
-*/
-extern SECStatus DER_AsciiToTime(int64 *result, char *string);
-
-/*
-** Same as DER_AsciiToTime except takes an SECItem instead of a string
-*/
-extern SECStatus DER_UTCTimeToTime(int64 *result, SECItem *time);
-
-/*
-** Convert a DER encoded UTC time to an ascii time representation
-** "utctime" is the DER encoded UTC time to be converted. The
-** caller is responsible for deallocating the returned buffer.
-*/
-extern char *DER_UTCTimeToAscii(SECItem *utcTime);
-
-/*
-** Convert a DER encoded UTC time to an ascii time representation, but only
-** include the day, not the time.
-** "utctime" is the DER encoded UTC time to be converted.
-** The caller is responsible for deallocating the returned buffer.
-*/
-extern char *DER_UTCDayToAscii(SECItem *utctime);
-
-/*
-** Convert a int64 time to a DER encoded Generalized time
-*/
-extern SECStatus DER_TimeToGeneralizedTime(SECItem *dst, int64 gmttime);
-
-/*
-** Convert a DER encoded Generalized time value into a UNIX time value.
-** "dst" the resulting "UNIX" time
-** "string" the der notation ascii value to decode
-*/
-extern SECStatus DER_GeneralizedTimeToTime(int64 *dst, SECItem *time);
-
-/*
-** Convert from a int64 UTC time value to a formatted ascii value. The
-** caller is responsible for deallocating the returned buffer.
-*/
-extern char *CERT_UTCTime2FormattedAscii (int64 utcTime, char *format);
-
-
-/*
-** Convert from a int64 Generalized time value to a formatted ascii value. The
-** caller is responsible for deallocating the returned buffer.
-*/
-extern char *CERT_GenTime2FormattedAscii (int64 genTime, char *format);
-
-SEC_END_PROTOS
-
-#endif /* _SECDER_H_ */
-
diff --git a/security/nss/lib/util/secdert.h b/security/nss/lib/util/secdert.h
deleted file mode 100644
index 86f3451cf..000000000
--- a/security/nss/lib/util/secdert.h
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _SECDERT_H_
-#define _SECDERT_H_
-/*
- * secdert.h - public data structures for the DER encoding and
- * decoding utilities library
- *
- * $Id$
- */
-
-typedef struct DERTemplateStr DERTemplate;
-
-/*
-** An array of these structures defines an encoding for an object using DER.
-** The array usually starts with a dummy entry whose kind is DER_SEQUENCE;
-** such an array is terminated with an entry where kind == 0. (An array
-** which consists of a single component does not require a second dummy
-** entry -- the array is only searched as long as previous component(s)
-** instruct it.)
-*/
-struct DERTemplateStr {
- /*
- ** Kind of item being decoded/encoded, including tags and modifiers.
- */
- unsigned long kind;
-
- /*
- ** Offset from base of structure to field that holds the value
- ** being decoded/encoded.
- */
- unsigned int offset;
-
- /*
- ** When kind suggests it (DER_POINTER, DER_INDEFINITE, DER_INLINE),
- ** this points to a sub-template for nested encoding/decoding.
- */
- DERTemplate *sub;
-
- /*
- ** Argument value, dependent on "kind" and/or template placement
- ** within an array of templates:
- ** - In the first element of a template array, the value is the
- ** size of the structure to allocate when this template is being
- ** referenced by another template via DER_POINTER or DER_INDEFINITE.
- ** - In a component of a DER_SET or DER_SEQUENCE which is *not* a
- ** DER_UNIVERSAL type (that is, it has a class tag for either
- ** DER_APPLICATION, DER_CONTEXT_SPECIFIC, or DER_PRIVATE), the
- ** value is the underlying type of item being decoded/encoded.
- */
- unsigned long arg;
-};
-
-/************************************************************************/
-
-/* default chunksize for arenas used for DER stuff */
-#define DER_DEFAULT_CHUNKSIZE (2048)
-
-/*
-** BER/DER values for ASN.1 identifier octets.
-*/
-#define DER_TAG_MASK 0xff
-
-/*
- * BER/DER universal type tag numbers.
- * The values are defined by the X.208 standard; do not change them!
- * NOTE: if you add anything to this list, you must add code to derdec.c
- * to accept the tag, and probably also to derenc.c to encode it.
- */
-#define DER_TAGNUM_MASK 0x1f
-#define DER_BOOLEAN 0x01
-#define DER_INTEGER 0x02
-#define DER_BIT_STRING 0x03
-#define DER_OCTET_STRING 0x04
-#define DER_NULL 0x05
-#define DER_OBJECT_ID 0x06
-#define DER_SEQUENCE 0x10
-#define DER_SET 0x11
-#define DER_PRINTABLE_STRING 0x13
-#define DER_T61_STRING 0x14
-#define DER_IA5_STRING 0x16
-#define DER_UTC_TIME 0x17
-#define DER_VISIBLE_STRING 0x1a
-#define DER_HIGH_TAG_NUMBER 0x1f
-
-/*
-** Modifiers to type tags. These are also specified by a/the
-** standard, and must not be changed.
-*/
-
-#define DER_METHOD_MASK 0x20
-#define DER_PRIMITIVE 0x00
-#define DER_CONSTRUCTED 0x20
-
-#define DER_CLASS_MASK 0xc0
-#define DER_UNIVERSAL 0x00
-#define DER_APPLICATION 0x40
-#define DER_CONTEXT_SPECIFIC 0x80
-#define DER_PRIVATE 0xc0
-
-/*
-** Our additions, used for templates.
-** These are not defined by any standard; the values are used internally only.
-** Just be careful to keep them out of the low 8 bits.
-*/
-#define DER_OPTIONAL 0x00100
-#define DER_EXPLICIT 0x00200
-#define DER_ANY 0x00400
-#define DER_INLINE 0x00800
-#define DER_POINTER 0x01000
-#define DER_INDEFINITE 0x02000
-#define DER_DERPTR 0x04000
-#define DER_SKIP 0x08000
-#define DER_FORCE 0x10000
-#define DER_OUTER 0x40000 /* for DER_DERPTR */
-
-/*
-** Macro to convert der decoded bit string into a decoded octet
-** string. All it needs to do is fiddle with the length code.
-*/
-#define DER_ConvertBitString(item) \
-{ \
- (item)->len = ((item)->len + 7) >> 3; \
-}
-
-extern DERTemplate SECAnyTemplate[];
-extern DERTemplate SECBitStringTemplate[];
-extern DERTemplate SECBooleanTemplate[];
-extern DERTemplate SECIA5StringTemplate[];
-extern DERTemplate SECIntegerTemplate[];
-extern DERTemplate SECNullTemplate[];
-extern DERTemplate SECObjectIDTemplate[];
-extern DERTemplate SECOctetStringTemplate[];
-extern DERTemplate SECPrintableStringTemplate[];
-extern DERTemplate SECT61StringTemplate[];
-extern DERTemplate SECUTCTimeTemplate[];
-extern DERTemplate SECAlgorithmIDTemplate[];
-
-#endif /* _SECDERT_H_ */
diff --git a/security/nss/lib/util/secdig.c b/security/nss/lib/util/secdig.c
deleted file mode 100644
index 020829b84..000000000
--- a/security/nss/lib/util/secdig.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-#include "secdig.h"
-
-#include "secoid.h"
-#include "secasn1.h"
-#include "secerr.h"
-
-/*
- * XXX OLD Template. Once all uses have been switched over to new one,
- * remove this.
- */
-DERTemplate SGNDigestInfoTemplate[] = {
- { DER_SEQUENCE,
- 0, NULL, sizeof(SGNDigestInfo) },
- { DER_INLINE,
- offsetof(SGNDigestInfo,digestAlgorithm),
- SECAlgorithmIDTemplate, },
- { DER_OCTET_STRING,
- offsetof(SGNDigestInfo,digest), },
- { 0, }
-};
-
-/* XXX See comment below about SGN_DecodeDigestInfo -- keep this static! */
-/* XXX Changed from static -- need to change name? */
-const SEC_ASN1Template sgn_DigestInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SGNDigestInfo) },
- { SEC_ASN1_INLINE,
- offsetof(SGNDigestInfo,digestAlgorithm),
- SECOID_AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(SGNDigestInfo,digest) },
- { 0 }
-};
-
-/*
- * XXX Want to have a SGN_DecodeDigestInfo, like:
- * SGNDigestInfo *SGN_DecodeDigestInfo(SECItem *didata);
- * that creates a pool and allocates from it and decodes didata into
- * the newly allocated DigestInfo structure. Then fix secvfy.c (it
- * will no longer need an arena itself) to call this and then call
- * DestroyDigestInfo when it is done, then can remove the old template
- * above and keep our new template static and "hidden".
- */
-
-/*
- * XXX It might be nice to combine the following two functions (create
- * and encode). I think that is all anybody ever wants to do anyway.
- */
-
-SECItem *
-SGN_EncodeDigestInfo(PRArenaPool *poolp, SECItem *dest, SGNDigestInfo *diginfo)
-{
- return SEC_ASN1EncodeItem (poolp, dest, diginfo, sgn_DigestInfoTemplate);
-}
-
-SGNDigestInfo *
-SGN_CreateDigestInfo(SECOidTag algorithm, unsigned char *sig, unsigned len)
-{
- SGNDigestInfo *di;
- SECStatus rv;
- PRArenaPool *arena;
- SECItem *null_param;
- SECItem dummy_value;
-
- switch (algorithm) {
- case SEC_OID_MD2:
- case SEC_OID_MD5:
- case SEC_OID_SHA1:
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return NULL;
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- return NULL;
- }
-
- di = (SGNDigestInfo *) PORT_ArenaZAlloc(arena, sizeof(SGNDigestInfo));
- if (di == NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
- }
-
- di->arena = arena;
-
- /*
- * PKCS #1 specifies that the AlgorithmID must have a NULL parameter
- * (as opposed to no parameter at all).
- */
- dummy_value.data = NULL;
- dummy_value.len = 0;
- null_param = SEC_ASN1EncodeItem(NULL, NULL, &dummy_value, SEC_NullTemplate);
- if (null_param == NULL) {
- goto loser;
- }
-
- rv = SECOID_SetAlgorithmID(arena, &di->digestAlgorithm, algorithm,
- null_param);
-
- SECITEM_FreeItem(null_param, PR_TRUE);
-
- if (rv != SECSuccess) {
- goto loser;
- }
-
- di->digest.data = (unsigned char *) PORT_ArenaAlloc(arena, len);
- if (di->digest.data == NULL) {
- goto loser;
- }
-
- di->digest.len = len;
- PORT_Memcpy(di->digest.data, sig, len);
- return di;
-
- loser:
- SGN_DestroyDigestInfo(di);
- return NULL;
-}
-
-SGNDigestInfo *
-SGN_DecodeDigestInfo(SECItem *didata)
-{
- PRArenaPool *arena;
- SGNDigestInfo *di;
- SECStatus rv = SECFailure;
-
- arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if(arena == NULL)
- return NULL;
-
- di = (SGNDigestInfo *)PORT_ArenaZAlloc(arena, sizeof(SGNDigestInfo));
- if(di != NULL)
- {
- di->arena = arena;
- rv = SEC_ASN1DecodeItem(arena, di, sgn_DigestInfoTemplate, didata);
- }
-
- if((di == NULL) || (rv != SECSuccess))
- {
- PORT_FreeArena(arena, PR_TRUE);
- di = NULL;
- }
-
- return di;
-}
-
-void
-SGN_DestroyDigestInfo(SGNDigestInfo *di)
-{
- if (di && di->arena) {
- PORT_FreeArena(di->arena, PR_FALSE);
- }
-
- return;
-}
-
-SECStatus
-SGN_CopyDigestInfo(PRArenaPool *poolp, SGNDigestInfo *a, SGNDigestInfo *b)
-{
- SECStatus rv;
- void *mark;
-
- if((poolp == NULL) || (a == NULL) || (b == NULL))
- return SECFailure;
-
- mark = PORT_ArenaMark(poolp);
- a->arena = poolp;
- rv = SECOID_CopyAlgorithmID(poolp, &a->digestAlgorithm,
- &b->digestAlgorithm);
- if (rv == SECSuccess)
- rv = SECITEM_CopyItem(poolp, &a->digest, &b->digest);
-
- if (rv != SECSuccess) {
- PORT_ArenaRelease(poolp, mark);
- } else {
- PORT_ArenaUnmark(poolp, mark);
- }
-
- return rv;
-}
-
-SECComparison
-SGN_CompareDigestInfo(SGNDigestInfo *a, SGNDigestInfo *b)
-{
- SECComparison rv;
-
- /* Check signature algorithm's */
- rv = SECOID_CompareAlgorithmID(&a->digestAlgorithm, &b->digestAlgorithm);
- if (rv) return rv;
-
- /* Compare signature block length's */
- rv = SECITEM_CompareItem(&a->digest, &b->digest);
- return rv;
-}
diff --git a/security/nss/lib/util/secdig.h b/security/nss/lib/util/secdig.h
deleted file mode 100644
index bd2703f65..000000000
--- a/security/nss/lib/util/secdig.h
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * crypto.h - public data structures and prototypes for the crypto library
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef _SECDIG_H_
-#define _SECDIG_H_
-
-#include "secdigt.h"
-
-#include "seccomon.h"
-#include "secasn1t.h"
-#include "secdert.h"
-
-
-extern const SEC_ASN1Template sgn_DigestInfoTemplate[];
-extern DERTemplate SGNDigestInfoTemplate[];
-
-
-SEC_BEGIN_PROTOS
-
-/****************************************/
-/*
-** Digest-info functions
-*/
-
-/*
-** Create a new digest-info object
-** "algorithm" one of SEC_OID_MD2, SEC_OID_MD5, or SEC_OID_SHA1
-** "sig" the raw signature data (from MD2 or MD5)
-** "sigLen" the length of the signature data
-**
-** NOTE: this is a low level routine used to prepare some data for PKCS#1
-** digital signature formatting.
-**
-** XXX It might be nice to combine the create and encode functions.
-** I think that is all anybody ever wants to do anyway.
-*/
-extern SGNDigestInfo *SGN_CreateDigestInfo(SECOidTag algorithm,
- unsigned char *sig,
- unsigned int sigLen);
-
-/*
-** Destroy a digest-info object
-*/
-extern void SGN_DestroyDigestInfo(SGNDigestInfo *info);
-
-/*
-** Encode a digest-info object
-** "poolp" is where to allocate the result from; it can be NULL in
-** which case generic heap allocation (XP_ALLOC) will be used
-** "dest" is where to store the result; it can be NULL, in which case
-** it will be allocated (from poolp or heap, as explained above)
-** "diginfo" is the object to be encoded
-** The return value is NULL if any error occurred, otherwise it is the
-** resulting SECItem (either allocated or the same as the "dest" parameter).
-**
-** XXX It might be nice to combine the create and encode functions.
-** I think that is all anybody ever wants to do anyway.
-*/
-extern SECItem *SGN_EncodeDigestInfo(PRArenaPool *poolp, SECItem *dest,
- SGNDigestInfo *diginfo);
-
-/*
-** Decode a DER encoded digest info objct.
-** didata is thr source of the encoded digest.
-** The return value is NULL if an error occurs. Otherwise, a
-** digest info object which is allocated within it's own
-** pool is returned. The digest info should be deleted
-** by later calling SGN_DestroyDigestInfo.
-*/
-extern SGNDigestInfo *SGN_DecodeDigestInfo(SECItem *didata);
-
-
-/*
-** Copy digest info.
-** poolp is the arena to which the digest will be copied.
-** a is the destination digest, it must be non-NULL.
-** b is the source digest
-** This function is for copying digests. It allows digests
-** to be copied into a specified pool. If the digest is in
-** the same pool as other data, you do not want to delete
-** the digest by calling SGN_DestroyDigestInfo.
-** A return value of SECFailure indicates an error. A return
-** of SECSuccess indicates no error occured.
-*/
-extern SECStatus SGN_CopyDigestInfo(PRArenaPool *poolp,
- SGNDigestInfo *a,
- SGNDigestInfo *b);
-
-/*
-** Compare two digest-info objects, returning the difference between
-** them.
-*/
-extern SECComparison SGN_CompareDigestInfo(SGNDigestInfo *a, SGNDigestInfo *b);
-
-
-SEC_END_PROTOS
-
-#endif /* _SECDIG_H_ */
diff --git a/security/nss/lib/util/secdigt.h b/security/nss/lib/util/secdigt.h
deleted file mode 100644
index fea6daa99..000000000
--- a/security/nss/lib/util/secdigt.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * secdigt.h - public data structures for digestinfos from the util lib.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id$
- */
-
-#ifndef _SECDIGT_H_
-#define _SECDIGT_H_
-
-#include "plarena.h"
-#include "secoidt.h"
-#include "secitem.h"
-
-/*
-** A PKCS#1 digest-info object
-*/
-struct SGNDigestInfoStr {
- PLArenaPool * arena;
- SECAlgorithmID digestAlgorithm;
- SECItem digest;
-};
-typedef struct SGNDigestInfoStr SGNDigestInfo;
-
-
-
-#endif /* _SECDIGT_H_ */
diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h
deleted file mode 100644
index 8b152f8e4..000000000
--- a/security/nss/lib/util/secerr.h
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef __SEC_ERR_H_
-#define __SEC_ERR_H_
-
-
-#define SEC_ERROR_BASE (-0x2000)
-#define SEC_ERROR_LIMIT (SEC_ERROR_BASE + 1000)
-
-#define IS_SEC_ERROR(code) \
- (((code) >= SEC_ERROR_BASE) && ((code) < SEC_ERROR_LIMIT))
-
-#ifndef NO_SECURITY_ERROR_ENUM
-typedef enum {
-SEC_ERROR_IO = SEC_ERROR_BASE + 0,
-SEC_ERROR_LIBRARY_FAILURE = SEC_ERROR_BASE + 1,
-SEC_ERROR_BAD_DATA = SEC_ERROR_BASE + 2,
-SEC_ERROR_OUTPUT_LEN = SEC_ERROR_BASE + 3,
-SEC_ERROR_INPUT_LEN = SEC_ERROR_BASE + 4,
-SEC_ERROR_INVALID_ARGS = SEC_ERROR_BASE + 5,
-SEC_ERROR_INVALID_ALGORITHM = SEC_ERROR_BASE + 6,
-SEC_ERROR_INVALID_AVA = SEC_ERROR_BASE + 7,
-SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8,
-SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9,
-SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10,
-SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11,
-SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12,
-SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13,
-SEC_ERROR_BAD_KEY = SEC_ERROR_BASE + 14,
-SEC_ERROR_BAD_PASSWORD = SEC_ERROR_BASE + 15,
-SEC_ERROR_RETRY_PASSWORD = SEC_ERROR_BASE + 16,
-SEC_ERROR_NO_NODELOCK = SEC_ERROR_BASE + 17,
-SEC_ERROR_BAD_DATABASE = SEC_ERROR_BASE + 18,
-SEC_ERROR_NO_MEMORY = SEC_ERROR_BASE + 19,
-SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20,
-SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21,
-SEC_ERROR_DUPLICATE_CERT = (SEC_ERROR_BASE + 22),
-SEC_ERROR_DUPLICATE_CERT_NAME = (SEC_ERROR_BASE + 23),
-SEC_ERROR_ADDING_CERT = (SEC_ERROR_BASE + 24),
-SEC_ERROR_FILING_KEY = (SEC_ERROR_BASE + 25),
-SEC_ERROR_NO_KEY = (SEC_ERROR_BASE + 26),
-SEC_ERROR_CERT_VALID = (SEC_ERROR_BASE + 27),
-SEC_ERROR_CERT_NOT_VALID = (SEC_ERROR_BASE + 28),
-SEC_ERROR_CERT_NO_RESPONSE = (SEC_ERROR_BASE + 29),
-SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = (SEC_ERROR_BASE + 30),
-SEC_ERROR_CRL_EXPIRED = (SEC_ERROR_BASE + 31),
-SEC_ERROR_CRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 32),
-SEC_ERROR_CRL_INVALID = (SEC_ERROR_BASE + 33),
-SEC_ERROR_EXTENSION_VALUE_INVALID = (SEC_ERROR_BASE + 34),
-SEC_ERROR_EXTENSION_NOT_FOUND = (SEC_ERROR_BASE + 35),
-SEC_ERROR_CA_CERT_INVALID = (SEC_ERROR_BASE + 36),
-SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID = (SEC_ERROR_BASE + 37),
-SEC_ERROR_CERT_USAGES_INVALID = (SEC_ERROR_BASE + 38),
-SEC_INTERNAL_ONLY = (SEC_ERROR_BASE + 39),
-SEC_ERROR_INVALID_KEY = (SEC_ERROR_BASE + 40),
-SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 41),
-SEC_ERROR_OLD_CRL = (SEC_ERROR_BASE + 42),
-SEC_ERROR_NO_EMAIL_CERT = (SEC_ERROR_BASE + 43),
-SEC_ERROR_NO_RECIPIENT_CERTS_QUERY = (SEC_ERROR_BASE + 44),
-SEC_ERROR_NOT_A_RECIPIENT = (SEC_ERROR_BASE + 45),
-SEC_ERROR_PKCS7_KEYALG_MISMATCH = (SEC_ERROR_BASE + 46),
-SEC_ERROR_PKCS7_BAD_SIGNATURE = (SEC_ERROR_BASE + 47),
-SEC_ERROR_UNSUPPORTED_KEYALG = (SEC_ERROR_BASE + 48),
-SEC_ERROR_DECRYPTION_DISALLOWED = (SEC_ERROR_BASE + 49),
-/* Fortezza Alerts */
-XP_SEC_FORTEZZA_BAD_CARD = (SEC_ERROR_BASE + 50),
-XP_SEC_FORTEZZA_NO_CARD = (SEC_ERROR_BASE + 51),
-XP_SEC_FORTEZZA_NONE_SELECTED = (SEC_ERROR_BASE + 52),
-XP_SEC_FORTEZZA_MORE_INFO = (SEC_ERROR_BASE + 53),
-XP_SEC_FORTEZZA_PERSON_NOT_FOUND = (SEC_ERROR_BASE + 54),
-XP_SEC_FORTEZZA_NO_MORE_INFO = (SEC_ERROR_BASE + 55),
-XP_SEC_FORTEZZA_BAD_PIN = (SEC_ERROR_BASE + 56),
-XP_SEC_FORTEZZA_PERSON_ERROR = (SEC_ERROR_BASE + 57),
-SEC_ERROR_NO_KRL = (SEC_ERROR_BASE + 58),
-SEC_ERROR_KRL_EXPIRED = (SEC_ERROR_BASE + 59),
-SEC_ERROR_KRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 60),
-SEC_ERROR_REVOKED_KEY = (SEC_ERROR_BASE + 61),
-SEC_ERROR_KRL_INVALID = (SEC_ERROR_BASE + 62),
-SEC_ERROR_NEED_RANDOM = (SEC_ERROR_BASE + 63),
-SEC_ERROR_NO_MODULE = (SEC_ERROR_BASE + 64),
-SEC_ERROR_NO_TOKEN = (SEC_ERROR_BASE + 65),
-SEC_ERROR_READ_ONLY = (SEC_ERROR_BASE + 66),
-SEC_ERROR_NO_SLOT_SELECTED = (SEC_ERROR_BASE + 67),
-SEC_ERROR_CERT_NICKNAME_COLLISION = (SEC_ERROR_BASE + 68),
-SEC_ERROR_KEY_NICKNAME_COLLISION = (SEC_ERROR_BASE + 69),
-SEC_ERROR_SAFE_NOT_CREATED = (SEC_ERROR_BASE + 70),
-SEC_ERROR_BAGGAGE_NOT_CREATED = (SEC_ERROR_BASE + 71),
-XP_JAVA_REMOVE_PRINCIPAL_ERROR = (SEC_ERROR_BASE + 72),
-XP_JAVA_DELETE_PRIVILEGE_ERROR = (SEC_ERROR_BASE + 73),
-XP_JAVA_CERT_NOT_EXISTS_ERROR = (SEC_ERROR_BASE + 74),
-SEC_ERROR_BAD_EXPORT_ALGORITHM = (SEC_ERROR_BASE + 75),
-SEC_ERROR_EXPORTING_CERTIFICATES = (SEC_ERROR_BASE + 76),
-SEC_ERROR_IMPORTING_CERTIFICATES = (SEC_ERROR_BASE + 77),
-SEC_ERROR_PKCS12_DECODING_PFX = (SEC_ERROR_BASE + 78),
-SEC_ERROR_PKCS12_INVALID_MAC = (SEC_ERROR_BASE + 79),
-SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM = (SEC_ERROR_BASE + 80),
-SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE = (SEC_ERROR_BASE + 81),
-SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE = (SEC_ERROR_BASE + 82),
-SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM = (SEC_ERROR_BASE + 83),
-SEC_ERROR_PKCS12_UNSUPPORTED_VERSION = (SEC_ERROR_BASE + 84),
-SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT = (SEC_ERROR_BASE + 85),
-SEC_ERROR_PKCS12_CERT_COLLISION = (SEC_ERROR_BASE + 86),
-SEC_ERROR_USER_CANCELLED = (SEC_ERROR_BASE + 87),
-SEC_ERROR_PKCS12_DUPLICATE_DATA = (SEC_ERROR_BASE + 88),
-SEC_ERROR_MESSAGE_SEND_ABORTED = (SEC_ERROR_BASE + 89),
-SEC_ERROR_INADEQUATE_KEY_USAGE = (SEC_ERROR_BASE + 90),
-SEC_ERROR_INADEQUATE_CERT_TYPE = (SEC_ERROR_BASE + 91),
-SEC_ERROR_CERT_ADDR_MISMATCH = (SEC_ERROR_BASE + 92),
-SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY = (SEC_ERROR_BASE + 93),
-SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN = (SEC_ERROR_BASE + 94),
-SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME = (SEC_ERROR_BASE + 95),
-SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY = (SEC_ERROR_BASE + 96),
-SEC_ERROR_PKCS12_UNABLE_TO_WRITE = (SEC_ERROR_BASE + 97),
-SEC_ERROR_PKCS12_UNABLE_TO_READ = (SEC_ERROR_BASE + 98),
-SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED = (SEC_ERROR_BASE + 99),
-SEC_ERROR_KEYGEN_FAIL = (SEC_ERROR_BASE + 100),
-SEC_ERROR_INVALID_PASSWORD = (SEC_ERROR_BASE + 101),
-SEC_ERROR_RETRY_OLD_PASSWORD = (SEC_ERROR_BASE + 102),
-SEC_ERROR_BAD_NICKNAME = (SEC_ERROR_BASE + 103),
-SEC_ERROR_NOT_FORTEZZA_ISSUER = (SEC_ERROR_BASE + 104),
-/* UNUSED (SEC_ERROR_BASE + 105) */
-SEC_ERROR_JS_INVALID_MODULE_NAME = (SEC_ERROR_BASE + 106),
-SEC_ERROR_JS_INVALID_DLL = (SEC_ERROR_BASE + 107),
-SEC_ERROR_JS_ADD_MOD_FAILURE = (SEC_ERROR_BASE + 108),
-SEC_ERROR_JS_DEL_MOD_FAILURE = (SEC_ERROR_BASE + 109),
-SEC_ERROR_OLD_KRL = (SEC_ERROR_BASE + 110),
-SEC_ERROR_CKL_CONFLICT = (SEC_ERROR_BASE + 111),
-SEC_ERROR_CERT_NOT_IN_NAME_SPACE = (SEC_ERROR_BASE + 112),
-SEC_ERROR_KRL_NOT_YET_VALID = (SEC_ERROR_BASE + 113),
-SEC_ERROR_CRL_NOT_YET_VALID = (SEC_ERROR_BASE + 114),
-SEC_ERROR_UNKNOWN_CERT = (SEC_ERROR_BASE + 115),
-SEC_ERROR_UNKNOWN_SIGNER = (SEC_ERROR_BASE + 116),
-SEC_ERROR_CERT_BAD_ACCESS_LOCATION = (SEC_ERROR_BASE + 117),
-SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE = (SEC_ERROR_BASE + 118),
-SEC_ERROR_OCSP_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 119),
-SEC_ERROR_OCSP_MALFORMED_REQUEST = (SEC_ERROR_BASE + 120),
-SEC_ERROR_OCSP_SERVER_ERROR = (SEC_ERROR_BASE + 121),
-SEC_ERROR_OCSP_TRY_SERVER_LATER = (SEC_ERROR_BASE + 122),
-SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = (SEC_ERROR_BASE + 123),
-SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = (SEC_ERROR_BASE + 124),
-SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS = (SEC_ERROR_BASE + 125),
-SEC_ERROR_OCSP_UNKNOWN_CERT = (SEC_ERROR_BASE + 126),
-SEC_ERROR_OCSP_NOT_ENABLED = (SEC_ERROR_BASE + 127),
-SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER = (SEC_ERROR_BASE + 128),
-SEC_ERROR_OCSP_MALFORMED_RESPONSE = (SEC_ERROR_BASE + 129),
-SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = (SEC_ERROR_BASE + 130),
-SEC_ERROR_OCSP_FUTURE_RESPONSE = (SEC_ERROR_BASE + 131),
-SEC_ERROR_OCSP_OLD_RESPONSE = (SEC_ERROR_BASE + 132),
-/* smime stuff */
-SEC_ERROR_DIGEST_NOT_FOUND = (SEC_ERROR_BASE + 133),
-SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE = (SEC_ERROR_BASE + 134)
-
-} SECErrorCodes;
-#endif /* NO_SECURITY_ERROR_ENUM */
-
-#endif /* __SEC_ERR_H_ */
diff --git a/security/nss/lib/util/secinit.c b/security/nss/lib/util/secinit.c
deleted file mode 100644
index a18b1243b..000000000
--- a/security/nss/lib/util/secinit.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "nspr.h"
-#include "secport.h"
-
-static int sec_inited = 0;
-
-void
-SEC_Init(void)
-{
- /* PR_Init() must be called before SEC_Init() */
-#if !defined(SERVER_BUILD)
- PORT_Assert(PR_Initialized() == PR_TRUE);
-#endif
- if (sec_inited)
- return;
-
- sec_inited = 1;
-}
diff --git a/security/nss/lib/util/secitem.c b/security/nss/lib/util/secitem.c
deleted file mode 100644
index f185d60b9..000000000
--- a/security/nss/lib/util/secitem.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Support routines for SECItem data structure.
- *
- * $Id$
- */
-
-#include "seccomon.h"
-#include "secitem.h"
-#include "base64.h"
-#include "secerr.h"
-
-SECItem *
-SECITEM_AllocItem(PRArenaPool *arena, SECItem *item, unsigned int len)
-{
- SECItem *result = NULL;
- void *mark;
-
- if (arena != NULL) {
- mark = PORT_ArenaMark(arena);
- }
-
- if (item == NULL) {
- if (arena != NULL) {
- result = PORT_ArenaZAlloc(arena, sizeof(SECItem));
- } else {
- result = PORT_ZAlloc(sizeof(SECItem));
- }
- if (result == NULL) {
- goto loser;
- }
- } else {
- PORT_Assert(item->data == NULL);
- result = item;
- }
-
- result->len = len;
- if (len) {
- if (arena != NULL) {
- result->data = PORT_ArenaAlloc(arena, len);
- } else {
- result->data = PORT_Alloc(len);
- }
- }
-
- if (arena != NULL) {
- PORT_ArenaUnmark(arena, mark);
- }
- return(result);
-
-loser:
- if (arena != NULL) {
- PORT_ArenaRelease(arena, mark);
- if (item != NULL) {
- item->data = NULL;
- item->len = 0;
- }
- } else {
- if (result != NULL) {
- SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE);
- }
- }
- return(NULL);
-}
-
-SECStatus
-SECITEM_ReallocItem(PRArenaPool *arena, SECItem *item, unsigned int oldlen,
- unsigned int newlen)
-{
- PORT_Assert(item != NULL);
- if (item == NULL) {
- /* XXX Set error. But to what? */
- return SECFailure;
- }
-
- /*
- * If no old length, degenerate to just plain alloc.
- */
- if (oldlen == 0) {
- PORT_Assert(item->data == NULL || item->len == 0);
- if (newlen == 0) {
- /* Nothing to do. Weird, but not a failure. */
- return SECSuccess;
- }
- item->len = newlen;
- if (arena != NULL) {
- item->data = PORT_ArenaAlloc(arena, newlen);
- } else {
- item->data = PORT_Alloc(newlen);
- }
- } else {
- if (arena != NULL) {
- item->data = PORT_ArenaGrow(arena, item->data, oldlen, newlen);
- } else {
- item->data = PORT_Realloc(item->data, newlen);
- }
- }
-
- if (item->data == NULL) {
- return SECFailure;
- }
-
- return SECSuccess;
-}
-
-SECComparison
-SECITEM_CompareItem(const SECItem *a, const SECItem *b)
-{
- unsigned m;
- SECComparison rv;
-
- m = ( ( a->len < b->len ) ? a->len : b->len );
-
- rv = (SECComparison) PORT_Memcmp(a->data, b->data, m);
- if (rv) {
- return rv;
- }
- if (a->len < b->len) {
- return SECLessThan;
- }
- if (a->len == b->len) {
- return SECEqual;
- }
- return SECGreaterThan;
-}
-
-PRBool
-SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b)
-{
- if (SECITEM_CompareItem(a, b) == SECEqual)
- return PR_TRUE;
-
- return PR_FALSE;
-}
-
-SECItem *
-SECITEM_DupItem(const SECItem *from)
-{
- SECItem *to;
-
- if ( from == NULL ) {
- return(NULL);
- }
-
- to = (SECItem *)PORT_Alloc(sizeof(SECItem));
- if ( to == NULL ) {
- return(NULL);
- }
-
- to->data = (unsigned char *)PORT_Alloc(from->len);
- if ( to->data == NULL ) {
- PORT_Free(to);
- return(NULL);
- }
-
- to->len = from->len;
- PORT_Memcpy(to->data, from->data, to->len);
-
- return(to);
-}
-
-SECStatus
-SECITEM_CopyItem(PRArenaPool *arena, SECItem *to, const SECItem *from)
-{
- if (from->data && from->len) {
- if ( arena ) {
- to->data = (unsigned char*) PORT_ArenaAlloc(arena, from->len);
- } else {
- to->data = (unsigned char*) PORT_Alloc(from->len);
- }
-
- if (!to->data) {
- return SECFailure;
- }
- PORT_Memcpy(to->data, from->data, from->len);
- to->len = from->len;
- } else {
- to->data = 0;
- to->len = 0;
- }
- return SECSuccess;
-}
-
-void
-SECITEM_FreeItem(SECItem *zap, PRBool freeit)
-{
- if (zap) {
- PORT_Free(zap->data);
- zap->data = 0;
- zap->len = 0;
- if (freeit) {
- PORT_Free(zap);
- }
- }
-}
-
-void
-SECITEM_ZfreeItem(SECItem *zap, PRBool freeit)
-{
- if (zap) {
- PORT_ZFree(zap->data, zap->len);
- zap->data = 0;
- zap->len = 0;
- if (freeit) {
- PORT_ZFree(zap, sizeof(SECItem));
- }
- }
-}
diff --git a/security/nss/lib/util/secitem.h b/security/nss/lib/util/secitem.h
deleted file mode 100644
index 3928cad98..000000000
--- a/security/nss/lib/util/secitem.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _SECITEM_H_
-#define _SECITEM_H_
-/*
- * secitem.h - public data structures and prototypes for handling
- * SECItems
- *
- * $Id$
- */
-
-#include "plarena.h"
-#include "seccomon.h"
-
-SEC_BEGIN_PROTOS
-
-/*
-** Allocate an item. If "arena" is not NULL, then allocate from there,
-** otherwise allocate from the heap. If "item" is not NULL, allocate
-** only the data for the item, not the item itself. The item structure
-** is allocated zero-filled; the data buffer is not zeroed.
-**
-** The resulting item is returned; NULL if any error occurs.
-**
-** XXX This probably should take a SECItemType, but since that is mostly
-** unused and our improved APIs (aka Stan) are looming, I left it out.
-*/
-extern SECItem *SECITEM_AllocItem(PRArenaPool *arena, SECItem *item,
- unsigned int len);
-
-/*
-** Reallocate the data for the specified "item". If "arena" is not NULL,
-** then reallocate from there, otherwise reallocate from the heap.
-** In the case where oldlen is 0, the data is allocated (not reallocated).
-** In any case, "item" is expected to be a valid SECItem pointer;
-** SECFailure is returned if it is not. If the allocation succeeds,
-** SECSuccess is returned.
-*/
-extern SECStatus SECITEM_ReallocItem(PRArenaPool *arena, SECItem *item,
- unsigned int oldlen, unsigned int newlen);
-
-/*
-** Compare two items returning the difference between them.
-*/
-extern SECComparison SECITEM_CompareItem(const SECItem *a, const SECItem *b);
-
-/*
-** Compare two items -- if they are the same, return true; otherwise false.
-*/
-extern PRBool SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b);
-
-/*
-** Copy "from" to "to"
-*/
-extern SECStatus SECITEM_CopyItem(PRArenaPool *arena, SECItem *to,
- const SECItem *from);
-
-/*
-** Allocate an item and copy "from" into it.
-*/
-extern SECItem *SECITEM_DupItem(const SECItem *from);
-
-/*
-** Free "zap". If freeit is PR_TRUE then "zap" itself is freed.
-*/
-extern void SECITEM_FreeItem(SECItem *zap, PRBool freeit);
-
-/*
-** Zero and then free "zap". If freeit is PR_TRUE then "zap" itself is freed.
-*/
-extern void SECITEM_ZfreeItem(SECItem *zap, PRBool freeit);
-
-SEC_END_PROTOS
-
-#endif /* _SECITEM_H_ */
diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c
deleted file mode 100644
index 567508619..000000000
--- a/security/nss/lib/util/secoid.c
+++ /dev/null
@@ -1,1533 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secoid.h"
-#include "mcom_db.h"
-#include "pkcs11t.h"
-#include "secmodt.h"
-#include "secitem.h"
-#include "secerr.h"
-
-/* MISSI Mosaic Object ID space */
-#define MISSI 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01
-#define MISSI_OLD_KEA_DSS MISSI, 0x0c
-#define MISSI_OLD_DSS MISSI, 0x02
-#define MISSI_KEA_DSS MISSI, 0x14
-#define MISSI_DSS MISSI, 0x13
-#define MISSI_KEA MISSI, 0x0a
-#define MISSI_ALT_KEA MISSI, 0x16
-
-/**
- ** The Netscape OID space is allocated by Terry Hayes. If you need
- ** a piece of the space, contact him at thayes@netscape.com.
- **/
-
-/* Netscape Communications Corporation Object ID space */
-/* { 2 16 840 1 113730 } */
-#define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42
-/* netscape certificate extensions */
-#define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01
-
-/* netscape data types */
-#define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02
-
-/* netscape directory oid - owned by Tim Howes(howes@netscape.com) */
-#define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03
-
-/* various policy type OIDs */
-#define NETSCAPE_POLICY NETSCAPE_OID, 0x04
-
-/* netscape cert server oid */
-#define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05
-#define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01
-
-/* various algorithm OIDs */
-#define NETSCAPE_ALGS NETSCAPE_OID, 0x06
-
-/* Netscape Other Name Types */
-
-#define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07
-
-/* these are old and should go away soon */
-#define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a
-#define NS_CERT_EXT OLD_NETSCAPE, 0x01
-#define NS_FILE_TYPE OLD_NETSCAPE, 0x02
-#define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03
-
-/* RSA OID name space */
-#define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
-#define PKCS RSADSI, 0x01
-#define DIGEST RSADSI, 0x02
-#define CIPHER RSADSI, 0x03
-#define PKCS1 PKCS, 0x01
-#define PKCS5 PKCS, 0x05
-#define PKCS7 PKCS, 0x07
-#define PKCS9 PKCS, 0x09
-#define PKCS12 PKCS, 0x0c
-
-/* Fortezza algorithm OID space: { 2 16 840 1 101 2 1 1 } */
-/* ### mwelch -- Is this just for algorithms, or all of Fortezza? */
-#define FORTEZZA_ALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01
-
-/* Other OID name spaces */
-#define ALGORITHM 0x2b, 0x0e, 0x03, 0x02
-#define X500 0x55
-#define X520_ATTRIBUTE_TYPE X500, 0x04
-#define X500_ALG X500, 0x08
-#define X500_ALG_ENCRYPTION X500_ALG, 0x01
-
-/** X.509 v3 Extension OID
- ** {joint-iso-ccitt (2) ds(5) 29}
- **/
-#define ID_CE_OID X500, 0x1d
-
-#define RFC1274_ATTR_TYPE 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
-/* #define RFC2247_ATTR_TYPE 0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */
-
-/* PKCS #12 name spaces */
-#define PKCS12_MODE_IDS PKCS12, 0x01
-#define PKCS12_ESPVK_IDS PKCS12, 0x02
-#define PKCS12_BAG_IDS PKCS12, 0x03
-#define PKCS12_CERT_BAG_IDS PKCS12, 0x04
-#define PKCS12_OIDS PKCS12, 0x05
-#define PKCS12_PBE_IDS PKCS12_OIDS, 0x01
-#define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02
-#define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03
-#define PKCS12_V2_PBE_IDS PKCS12, 0x01
-#define PKCS9_CERT_TYPES PKCS9, 0x16
-#define PKCS9_CRL_TYPES PKCS9, 0x17
-#define PKCS9_SMIME_IDS PKCS9, 0x10
-#define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2
-#define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3
-#define PKCS12_VERSION1 PKCS12, 0x0a
-#define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1
-
-/* for DSA algorithm */
-/* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */
-#define ANSI_X9_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x38, 0x4
-
-/* for DH algorithm */
-/* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
-/* need real OID person to look at this, copied the above line
- * and added 6 to second to last value (and changed '4' to '2' */
-#define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2
-
-#define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45
-
-#define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
-#define PKIX_CERT_EXTENSIONS PKIX, 1
-#define PKIX_POLICY_QUALIFIERS PKIX, 2
-#define PKIX_KEY_USAGE PKIX, 3
-#define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
-#define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1
-
-#define PKIX_ID_PKIP PKIX, 5
-#define PKIX_ID_REGCTRL PKIX_ID_PKIP, 1
-#define PKIX_ID_REGINFO PKIX_ID_PKIP, 2
-
-
-static unsigned char md2[] = { DIGEST, 0x02 };
-static unsigned char md4[] = { DIGEST, 0x04 };
-static unsigned char md5[] = { DIGEST, 0x05 };
-static unsigned char sha1[] = { ALGORITHM, 0x1a };
-static unsigned char rc2cbc[] = { CIPHER, 0x02 };
-static unsigned char rc4[] = { CIPHER, 0x04 };
-static unsigned char desede3cbc[] = { CIPHER, 0x07 };
-static unsigned char rc5cbcpad[] = { CIPHER, 0x09 };
-static unsigned char desecb[] = { ALGORITHM, 0x06 };
-static unsigned char descbc[] = { ALGORITHM, 0x07 };
-static unsigned char desofb[] = { ALGORITHM, 0x08 };
-static unsigned char descfb[] = { ALGORITHM, 0x09 };
-static unsigned char desmac[] = { ALGORITHM, 0x0a };
-static unsigned char desede[] = { ALGORITHM, 0x11 };
-static unsigned char isoSHAWithRSASignature[] = { ALGORITHM, 0xf };
-static unsigned char pkcs1RSAEncryption[] = { PKCS1, 0x01 };
-static unsigned char pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 };
-static unsigned char pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 };
-static unsigned char pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 };
-static unsigned char pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 };
-static unsigned char pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 };
-static unsigned char pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 };
-static unsigned char pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a };
-static unsigned char pkcs7[] = { PKCS7 };
-static unsigned char pkcs7Data[] = { PKCS7, 0x01 };
-static unsigned char pkcs7SignedData[] = { PKCS7, 0x02 };
-static unsigned char pkcs7EnvelopedData[] = { PKCS7, 0x03 };
-static unsigned char pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 };
-static unsigned char pkcs7DigestedData[] = { PKCS7, 0x05 };
-static unsigned char pkcs7EncryptedData[] = { PKCS7, 0x06 };
-static unsigned char pkcs9EmailAddress[] = { PKCS9, 0x01 };
-static unsigned char pkcs9UnstructuredName[] = { PKCS9, 0x02 };
-static unsigned char pkcs9ContentType[] = { PKCS9, 0x03 };
-static unsigned char pkcs9MessageDigest[] = { PKCS9, 0x04 };
-static unsigned char pkcs9SigningTime[] = { PKCS9, 0x05 };
-static unsigned char pkcs9CounterSignature[] = { PKCS9, 0x06 };
-static unsigned char pkcs9ChallengePassword[] = { PKCS9, 0x07 };
-static unsigned char pkcs9UnstructuredAddress[] = { PKCS9, 0x08 };
-static unsigned char pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 };
-static unsigned char pkcs9SMIMECapabilities[] = { PKCS9, 15 };
-static unsigned char x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 };
-static unsigned char x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 };
-static unsigned char x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 };
-static unsigned char x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 };
-static unsigned char x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 };
-static unsigned char x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 };
-static unsigned char x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 };
-
-static unsigned char nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 };
-static unsigned char nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 };
-static unsigned char nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 };
-static unsigned char nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 };
-static unsigned char nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 };
-static unsigned char missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS };
-static unsigned char missiCertDSSOld[] = { MISSI_OLD_DSS };
-static unsigned char missiCertKEADSS[] = { MISSI_KEA_DSS };
-static unsigned char missiCertDSS[] = { MISSI_DSS };
-static unsigned char missiCertKEA[] = { MISSI_KEA };
-static unsigned char missiCertAltKEA[] = { MISSI_ALT_KEA };
-static unsigned char x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 };
-
-/* added for alg 1485 */
-static unsigned char rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 };
-static unsigned char rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 };
-static unsigned char rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 };
-
-/* Netscape private certificate extensions */
-static unsigned char nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 };
-static unsigned char nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 };
-static unsigned char nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 };
-static unsigned char nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 };
-static unsigned char nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 };
-static unsigned char nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 };
-static unsigned char nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 };
-static unsigned char nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 };
-static unsigned char nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 };
-static unsigned char nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 };
-static unsigned char nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 };
-static unsigned char nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 };
-static unsigned char nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a };
-static unsigned char nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b };
-static unsigned char nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c };
-static unsigned char nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d };
-
-/* the following 2 extensions are defined for and used by Cartman(NSM) */
-static unsigned char nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e };
-static unsigned char nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f };
-
-#define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10
-
-static unsigned char nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 };
-
-static unsigned char nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 };
-
-static unsigned char nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 };
-
-
-/* Standard x.509 v3 Certificate Extensions */
-static unsigned char x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 };
-static unsigned char x509SubjectKeyID[] = { ID_CE_OID, 14 };
-static unsigned char x509KeyUsage[] = { ID_CE_OID, 15 };
-static unsigned char x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 };
-static unsigned char x509SubjectAltName[] = { ID_CE_OID, 17 };
-static unsigned char x509IssuerAltName[] = { ID_CE_OID, 18 };
-static unsigned char x509BasicConstraints[] = { ID_CE_OID, 19 };
-static unsigned char x509NameConstraints[] = { ID_CE_OID, 30 };
-static unsigned char x509CRLDistPoints[] = { ID_CE_OID, 31 };
-static unsigned char x509CertificatePolicies[] = { ID_CE_OID, 32 };
-static unsigned char x509PolicyMappings[] = { ID_CE_OID, 33 };
-static unsigned char x509PolicyConstraints[] = { ID_CE_OID, 34 };
-static unsigned char x509AuthKeyID[] = { ID_CE_OID, 35};
-static unsigned char x509ExtKeyUsage[] = { ID_CE_OID, 37};
-static unsigned char x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 };
-
-/* Standard x.509 v3 CRL Extensions */
-static unsigned char x509CrlNumber[] = { ID_CE_OID, 20};
-static unsigned char x509ReasonCode[] = { ID_CE_OID, 21};
-static unsigned char x509InvalidDate[] = { ID_CE_OID, 24};
-
-/* pkcs 12 additions */
-static unsigned char pkcs12[] = { PKCS12 };
-static unsigned char pkcs12ModeIDs[] = { PKCS12_MODE_IDS };
-static unsigned char pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS };
-static unsigned char pkcs12BagIDs[] = { PKCS12_BAG_IDS };
-static unsigned char pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS };
-static unsigned char pkcs12OIDs[] = { PKCS12_OIDS };
-static unsigned char pkcs12PBEIDs[] = { PKCS12_PBE_IDS };
-static unsigned char pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS };
-static unsigned char pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS };
-static unsigned char pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 };
-static unsigned char pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 };
-static unsigned char pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 };
-static unsigned char pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 };
-static unsigned char pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 };
-static unsigned char pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 };
-static unsigned char pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 };
-static unsigned char pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 };
-static unsigned char pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 };
-static unsigned char pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 };
-static unsigned char pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 };
-static unsigned char pkcs12RSAEncryptionWith128BitRC4[] =
- { PKCS12_ENVELOPING_IDS, 0x01 };
-static unsigned char pkcs12RSAEncryptionWith40BitRC4[] =
- { PKCS12_ENVELOPING_IDS, 0x02 };
-static unsigned char pkcs12RSAEncryptionWithTripleDES[] =
- { PKCS12_ENVELOPING_IDS, 0x03 };
-static unsigned char pkcs12RSASignatureWithSHA1Digest[] =
- { PKCS12_SIGNATURE_IDS, 0x01 };
-static unsigned char ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 };
-static unsigned char ansix9DSASignaturewithSHA1Digest[] =
- { ANSI_X9_ALGORITHM, 0x03 };
-static unsigned char bogusDSASignaturewithSHA1Digest[] =
- { ALGORITHM, 0x1b };
-
-/* verisign OIDs */
-static unsigned char verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 };
-
-/* pkix OIDs */
-static unsigned char pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 };
-static unsigned char pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 };
-
-static unsigned char pkixOCSP[] = { PKIX_OCSP };
-static unsigned char pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 };
-static unsigned char pkixOCSPNonce[] = { PKIX_OCSP, 2 };
-static unsigned char pkixOCSPCRL[] = { PKIX_OCSP, 3 };
-static unsigned char pkixOCSPResponse[] = { PKIX_OCSP, 4 };
-static unsigned char pkixOCSPNoCheck[] = { PKIX_OCSP, 5 };
-static unsigned char pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 };
-static unsigned char pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 };
-
-static unsigned char pkixRegCtrlRegToken[] = { PKIX_ID_REGCTRL, 1};
-static unsigned char pkixRegCtrlAuthenticator[] = { PKIX_ID_REGCTRL, 2};
-static unsigned char pkixRegCtrlPKIPubInfo[] = { PKIX_ID_REGCTRL, 3};
-static unsigned char pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4};
-static unsigned char pkixRegCtrlOldCertID[] = { PKIX_ID_REGCTRL, 5};
-static unsigned char pkixRegCtrlProtEncKey[] = { PKIX_ID_REGCTRL, 6};
-static unsigned char pkixRegInfoUTF8Pairs[] = { PKIX_ID_REGINFO, 1};
-static unsigned char pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2};
-
-static unsigned char pkixExtendedKeyUsageServerAuth[] =
- { PKIX_KEY_USAGE, 1 };
-static unsigned char pkixExtendedKeyUsageClientAuth[] =
- { PKIX_KEY_USAGE, 2 };
-static unsigned char pkixExtendedKeyUsageCodeSign[] =
- { PKIX_KEY_USAGE, 3 };
-static unsigned char pkixExtendedKeyUsageEMailProtect[] =
- { PKIX_KEY_USAGE, 4 };
-static unsigned char pkixExtendedKeyUsageTimeStamp[] =
- { PKIX_KEY_USAGE, 8 };
-static unsigned char pkixOCSPResponderExtendedKeyUsage[] =
- { PKIX_KEY_USAGE, 9 };
-
-/* OIDs for Netscape defined algorithms */
-static unsigned char netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };
-
-/* pkcs 12 version 1.0 ids */
-static unsigned char pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 };
-static unsigned char pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 };
-static unsigned char pkcs12V2PBEWithSha1And3KeyTripleDEScbc[] = { PKCS12_V2_PBE_IDS, 0x03 };
-static unsigned char pkcs12V2PBEWithSha1And2KeyTripleDEScbc[] = { PKCS12_V2_PBE_IDS, 0x04 };
-static unsigned char pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 };
-static unsigned char pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 };
-
-static unsigned char pkcs12SafeContentsID[] = {PKCS12_BAG_IDS, 0x04 };
-static unsigned char pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 };
-
-static unsigned char pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 };
-static unsigned char pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 };
-static unsigned char pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 };
-static unsigned char pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 };
-static unsigned char pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 };
-static unsigned char pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 };
-
-static unsigned char pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 };
-static unsigned char pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 };
-static unsigned char pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 };
-static unsigned char pkcs9FriendlyName[] = { PKCS9, 20 };
-static unsigned char pkcs9LocalKeyID[] = { PKCS9, 21 };
-static unsigned char pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 };
-
-/* Fortezza algorithm OIDs */
-static unsigned char skipjackCBC[] = { FORTEZZA_ALG, 0x04 };
-static unsigned char dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 };
-
-/* Netscape other name types */
-static unsigned char netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01};
-
-/* OIDs needed for cert server */
-static unsigned char netscapeRecoveryRequest[] =
- { NETSCAPE_CERT_SERVER_CRMF, 0x01 };
-
-/* RFC2630 (CMS) OIDs */
-static unsigned char cmsESDH[] = { PKCS9_SMIME_ALGS, 5 };
-static unsigned char cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 };
-static unsigned char cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 };
-
-/* RFC2633 SMIME message attributes */
-static unsigned char smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 };
-
-/*
- * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h!
- */
-static SECOidData oids[] = {
- { { siDEROID, NULL, 0 },
- SEC_OID_UNKNOWN,
- "Unknown OID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, md2, sizeof(md2) },
- SEC_OID_MD2,
- "MD2", CKM_MD2, INVALID_CERT_EXTENSION },
- { { siDEROID, md4, sizeof(md4) },
- SEC_OID_MD4,
- "MD4", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, md5, sizeof(md5) },
- SEC_OID_MD5,
- "MD5", CKM_MD5, INVALID_CERT_EXTENSION },
- { { siDEROID, sha1, sizeof(sha1) },
- SEC_OID_SHA1,
- "SHA-1", CKM_SHA_1, INVALID_CERT_EXTENSION },
- { { siDEROID, rc2cbc, sizeof(rc2cbc) },
- SEC_OID_RC2_CBC,
- "RC2-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION },
- { { siDEROID, rc4, sizeof(rc4) },
- SEC_OID_RC4,
- "RC4", CKM_RC4, INVALID_CERT_EXTENSION },
- { { siDEROID, desede3cbc, sizeof(desede3cbc) },
- SEC_OID_DES_EDE3_CBC,
- "DES-EDE3-CBC", CKM_DES3_CBC, INVALID_CERT_EXTENSION },
- { { siDEROID, rc5cbcpad, sizeof(rc5cbcpad) },
- SEC_OID_RC5_CBC_PAD,
- "RC5-CBCPad", CKM_RC5_CBC, INVALID_CERT_EXTENSION },
- { { siDEROID, desecb, sizeof(desecb) },
- SEC_OID_DES_ECB,
- "DES-ECB", CKM_DES_ECB, INVALID_CERT_EXTENSION },
- { { siDEROID, descbc, sizeof(descbc) },
- SEC_OID_DES_CBC,
- "DES-CBC", CKM_DES_CBC, INVALID_CERT_EXTENSION },
- { { siDEROID, desofb, sizeof(desofb) },
- SEC_OID_DES_OFB,
- "DES-OFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, descfb, sizeof(descfb) },
- SEC_OID_DES_CFB,
- "DES-CFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, desmac, sizeof(desmac) },
- SEC_OID_DES_MAC,
- "DES-MAC", CKM_DES_MAC, INVALID_CERT_EXTENSION },
- { { siDEROID, desede, sizeof(desede) },
- SEC_OID_DES_EDE,
- "DES-EDE", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, isoSHAWithRSASignature, sizeof(isoSHAWithRSASignature) },
- SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
- "ISO SHA with RSA Signature", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs1RSAEncryption, sizeof(pkcs1RSAEncryption) },
- SEC_OID_PKCS1_RSA_ENCRYPTION,
- "PKCS #1 RSA Encryption", CKM_RSA_PKCS, INVALID_CERT_EXTENSION },
-
- /* the following Signing mechanisms should get new CKM_ values when
- * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in
- * PKCS #11.
- */
- { { siDEROID, pkcs1MD2WithRSAEncryption, sizeof(pkcs1MD2WithRSAEncryption) },
- SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
- "PKCS #1 MD2 With RSA Encryption", CKM_MD2_RSA_PKCS,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs1MD4WithRSAEncryption, sizeof(pkcs1MD4WithRSAEncryption) },
- SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
- "PKCS #1 MD4 With RSA Encryption", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs1MD5WithRSAEncryption, sizeof(pkcs1MD5WithRSAEncryption) },
- SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
- "PKCS #1 MD5 With RSA Encryption", CKM_MD5_RSA_PKCS,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs1SHA1WithRSAEncryption, sizeof(pkcs1SHA1WithRSAEncryption) },
- SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
- "PKCS #1 SHA-1 With RSA Encryption", CKM_SHA1_RSA_PKCS,
- INVALID_CERT_EXTENSION },
-
- { { siDEROID, pkcs5PbeWithMD2AndDEScbc, sizeof(pkcs5PbeWithMD2AndDEScbc) },
- SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
- "PKCS #5 Password Based Encryption with MD2 and DES CBC",
- CKM_PBE_MD2_DES_CBC, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs5PbeWithMD5AndDEScbc, sizeof(pkcs5PbeWithMD5AndDEScbc) },
- SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
- "PKCS #5 Password Based Encryption with MD5 and DES CBC",
- CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs5PbeWithSha1AndDEScbc,
- sizeof(pkcs5PbeWithSha1AndDEScbc) },
- SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
- "PKCS #5 Password Based Encryption with SHA1 and DES CBC",
- CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs7, sizeof(pkcs7) },
- SEC_OID_PKCS7,
- "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs7Data, sizeof(pkcs7Data) },
- SEC_OID_PKCS7_DATA,
- "PKCS #7 Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs7SignedData, sizeof(pkcs7SignedData) },
- SEC_OID_PKCS7_SIGNED_DATA,
- "PKCS #7 Signed Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs7EnvelopedData, sizeof(pkcs7EnvelopedData) },
- SEC_OID_PKCS7_ENVELOPED_DATA,
- "PKCS #7 Enveloped Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs7SignedEnvelopedData, sizeof(pkcs7SignedEnvelopedData) },
- SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
- "PKCS #7 Signed And Enveloped Data", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs7DigestedData, sizeof(pkcs7DigestedData) },
- SEC_OID_PKCS7_DIGESTED_DATA,
- "PKCS #7 Digested Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs7EncryptedData, sizeof(pkcs7EncryptedData) },
- SEC_OID_PKCS7_ENCRYPTED_DATA,
- "PKCS #7 Encrypted Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9EmailAddress, sizeof(pkcs9EmailAddress) },
- SEC_OID_PKCS9_EMAIL_ADDRESS,
- "PKCS #9 Email Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9UnstructuredName, sizeof(pkcs9UnstructuredName) },
- SEC_OID_PKCS9_UNSTRUCTURED_NAME,
- "PKCS #9 Unstructured Name", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9ContentType, sizeof(pkcs9ContentType) },
- SEC_OID_PKCS9_CONTENT_TYPE,
- "PKCS #9 Content Type", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9MessageDigest, sizeof(pkcs9MessageDigest) },
- SEC_OID_PKCS9_MESSAGE_DIGEST,
- "PKCS #9 Message Digest", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9SigningTime, sizeof(pkcs9SigningTime) },
- SEC_OID_PKCS9_SIGNING_TIME,
- "PKCS #9 Signing Time", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9CounterSignature, sizeof(pkcs9CounterSignature) },
- SEC_OID_PKCS9_COUNTER_SIGNATURE,
- "PKCS #9 Counter Signature", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9ChallengePassword, sizeof(pkcs9ChallengePassword) },
- SEC_OID_PKCS9_CHALLENGE_PASSWORD,
- "PKCS #9 Challenge Password", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9UnstructuredAddress, sizeof(pkcs9UnstructuredAddress) },
- SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
- "PKCS #9 Unstructured Address", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9ExtendedCertificateAttributes,
- sizeof(pkcs9ExtendedCertificateAttributes) },
- SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
- "PKCS #9 Extended Certificate Attributes", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9SMIMECapabilities,
- sizeof(pkcs9SMIMECapabilities) },
- SEC_OID_PKCS9_SMIME_CAPABILITIES,
- "PKCS #9 S/MIME Capabilities", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, x520CommonName,
- sizeof(x520CommonName) },
- SEC_OID_AVA_COMMON_NAME,
- "X520 Common Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, x520CountryName,
- sizeof(x520CountryName) },
- SEC_OID_AVA_COUNTRY_NAME,
- "X520 Country Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, x520LocalityName,
- sizeof(x520LocalityName) },
- SEC_OID_AVA_LOCALITY,
- "X520 Locality Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, x520StateOrProvinceName,
- sizeof(x520StateOrProvinceName) },
- SEC_OID_AVA_STATE_OR_PROVINCE,
- "X520 State Or Province Name", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, x520OrgName,
- sizeof(x520OrgName) },
- SEC_OID_AVA_ORGANIZATION_NAME,
- "X520 Organization Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, x520OrgUnitName,
- sizeof(x520OrgUnitName) },
- SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
- "X520 Organizational Unit Name", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, x520DnQualifier,
- sizeof(x520DnQualifier) },
- SEC_OID_AVA_DN_QUALIFIER,
- "X520 DN Qualifier", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, rfc2247DomainComponent,
- sizeof(rfc2247DomainComponent), },
- SEC_OID_AVA_DC,
- "RFC 2247 Domain Component", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
-
- { { siDEROID, nsTypeGIF,
- sizeof(nsTypeGIF) },
- SEC_OID_NS_TYPE_GIF,
- "GIF", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, nsTypeJPEG,
- sizeof(nsTypeJPEG) },
- SEC_OID_NS_TYPE_JPEG,
- "JPEG", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, nsTypeURL,
- sizeof(nsTypeURL) },
- SEC_OID_NS_TYPE_URL,
- "URL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, nsTypeHTML,
- sizeof(nsTypeHTML) },
- SEC_OID_NS_TYPE_HTML,
- "HTML", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, nsTypeCertSeq,
- sizeof(nsTypeCertSeq) },
- SEC_OID_NS_TYPE_CERT_SEQUENCE,
- "Certificate Sequence", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, missiCertKEADSSOld, sizeof(missiCertKEADSSOld) },
- SEC_OID_MISSI_KEA_DSS_OLD, "MISSI KEA and DSS Algorithm (Old)",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, missiCertDSSOld, sizeof(missiCertDSSOld) },
- SEC_OID_MISSI_DSS_OLD, "MISSI DSS Algorithm (Old)",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, missiCertKEADSS, sizeof(missiCertKEADSS) },
- SEC_OID_MISSI_KEA_DSS, "MISSI KEA and DSS Algorithm",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, missiCertDSS, sizeof(missiCertDSS) },
- SEC_OID_MISSI_DSS, "MISSI DSS Algorithm",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, missiCertKEA, sizeof(missiCertKEA) },
- SEC_OID_MISSI_KEA, "MISSI KEA Algorithm",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, missiCertAltKEA, sizeof(missiCertAltKEA) },
- SEC_OID_MISSI_ALT_KEA, "MISSI Alternate KEA Algorithm",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
-
- /* Netscape private extensions */
- { { siDEROID, nsCertExtNetscapeOK,
- sizeof(nsCertExtNetscapeOK) },
- SEC_OID_NS_CERT_EXT_NETSCAPE_OK,
- "Netscape says this cert is OK",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsCertExtIssuerLogo,
- sizeof(nsCertExtIssuerLogo) },
- SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
- "Certificate Issuer Logo",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsCertExtSubjectLogo,
- sizeof(nsCertExtSubjectLogo) },
- SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
- "Certificate Subject Logo",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtCertType,
- sizeof(nsExtCertType) },
- SEC_OID_NS_CERT_EXT_CERT_TYPE,
- "Certificate Type",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtBaseURL,
- sizeof(nsExtBaseURL) },
- SEC_OID_NS_CERT_EXT_BASE_URL,
- "Certificate Extension Base URL",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtRevocationURL,
- sizeof(nsExtRevocationURL) },
- SEC_OID_NS_CERT_EXT_REVOCATION_URL,
- "Certificate Revocation URL",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtCARevocationURL,
- sizeof(nsExtCARevocationURL) },
- SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL,
- "Certificate Authority Revocation URL",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtCACRLURL,
- sizeof(nsExtCACRLURL) },
- SEC_OID_NS_CERT_EXT_CA_CRL_URL,
- "Certificate Authority CRL Download URL",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtCACertURL,
- sizeof(nsExtCACertURL) },
- SEC_OID_NS_CERT_EXT_CA_CERT_URL,
- "Certificate Authority Certificate Download URL",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtCertRenewalURL,
- sizeof(nsExtCertRenewalURL) },
- SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL,
- "Certificate Renewal URL", CKM_INVALID_MECHANISM,
- SUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtCAPolicyURL,
- sizeof(nsExtCAPolicyURL) },
- SEC_OID_NS_CERT_EXT_CA_POLICY_URL,
- "Certificate Authority Policy URL",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtHomepageURL,
- sizeof(nsExtHomepageURL) },
- SEC_OID_NS_CERT_EXT_HOMEPAGE_URL,
- "Certificate Homepage URL", CKM_INVALID_MECHANISM,
- UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtEntityLogo,
- sizeof(nsExtEntityLogo) },
- SEC_OID_NS_CERT_EXT_ENTITY_LOGO,
- "Certificate Entity Logo", CKM_INVALID_MECHANISM,
- UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtUserPicture,
- sizeof(nsExtUserPicture) },
- SEC_OID_NS_CERT_EXT_USER_PICTURE,
- "Certificate User Picture", CKM_INVALID_MECHANISM,
- UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtSSLServerName,
- sizeof(nsExtSSLServerName) },
- SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME,
- "Certificate SSL Server Name", CKM_INVALID_MECHANISM,
- SUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtComment,
- sizeof(nsExtComment) },
- SEC_OID_NS_CERT_EXT_COMMENT,
- "Certificate Comment", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtLostPasswordURL,
- sizeof(nsExtLostPasswordURL) },
- SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL,
- "Lost Password URL", CKM_INVALID_MECHANISM,
- SUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsExtCertRenewalTime,
- sizeof(nsExtCertRenewalTime) },
- SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME,
- "Certificate Renewal Time", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, nsKeyUsageGovtApproved,
- sizeof(nsKeyUsageGovtApproved) },
- SEC_OID_NS_KEY_USAGE_GOVT_APPROVED,
- "Strong Crypto Export Approved",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
-
-
- /* x.509 v3 certificate extensions */
- { { siDEROID, x509SubjectDirectoryAttr, sizeof(x509SubjectDirectoryAttr) },
- SEC_OID_X509_SUBJECT_DIRECTORY_ATTR,
- "Certificate Subject Directory Attributes",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION},
- { { siDEROID, x509SubjectKeyID, sizeof(x509SubjectKeyID) },
- SEC_OID_X509_SUBJECT_KEY_ID, "Certificate Subject Key ID",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509KeyUsage, sizeof(x509KeyUsage) },
- SEC_OID_X509_KEY_USAGE, "Certificate Key Usage",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509PrivateKeyUsagePeriod,
- sizeof(x509PrivateKeyUsagePeriod) },
- SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
- "Certificate Private Key Usage Period",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509SubjectAltName, sizeof(x509SubjectAltName) },
- SEC_OID_X509_SUBJECT_ALT_NAME, "Certificate Subject Alt Name",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509IssuerAltName, sizeof(x509IssuerAltName) },
- SEC_OID_X509_ISSUER_ALT_NAME, "Certificate Issuer Alt Name",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509BasicConstraints, sizeof(x509BasicConstraints) },
- SEC_OID_X509_BASIC_CONSTRAINTS, "Certificate Basic Constraints",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509NameConstraints, sizeof(x509NameConstraints) },
- SEC_OID_X509_NAME_CONSTRAINTS, "Certificate Name Constraints",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509CRLDistPoints, sizeof(x509CRLDistPoints) },
- SEC_OID_X509_CRL_DIST_POINTS, "CRL Distribution Points",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509CertificatePolicies, sizeof(x509CertificatePolicies) },
- SEC_OID_X509_CERTIFICATE_POLICIES,
- "Certificate Policies",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509PolicyMappings, sizeof(x509PolicyMappings) },
- SEC_OID_X509_POLICY_MAPPINGS, "Certificate Policy Mappings",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509PolicyConstraints, sizeof(x509PolicyConstraints) },
- SEC_OID_X509_POLICY_CONSTRAINTS, "Certificate Policy Constraints",
- CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509AuthKeyID, sizeof(x509AuthKeyID) },
- SEC_OID_X509_AUTH_KEY_ID, "Certificate Authority Key Identifier",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509ExtKeyUsage, sizeof(x509ExtKeyUsage) },
- SEC_OID_X509_EXT_KEY_USAGE, "Extended Key Usage",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509AuthInfoAccess, sizeof(x509AuthInfoAccess) },
- SEC_OID_X509_AUTH_INFO_ACCESS, "Authority Information Access",
- CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
-
- /* x.509 v3 CRL extensions */
- { { siDEROID, x509CrlNumber, sizeof(x509CrlNumber) },
- SEC_OID_X509_CRL_NUMBER, "CRL Number", CKM_INVALID_MECHANISM,
- SUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509ReasonCode, sizeof(x509ReasonCode) },
- SEC_OID_X509_REASON_CODE, "CRL reason code", CKM_INVALID_MECHANISM,
- SUPPORTED_CERT_EXTENSION },
- { { siDEROID, x509InvalidDate, sizeof(x509InvalidDate) },
- SEC_OID_X509_INVALID_DATE, "Invalid Date", CKM_INVALID_MECHANISM,
- SUPPORTED_CERT_EXTENSION },
-
- { { siDEROID, x500RSAEncryption, sizeof(x500RSAEncryption) },
- SEC_OID_X500_RSA_ENCRYPTION,
- "X500 RSA Encryption", CKM_RSA_X_509, INVALID_CERT_EXTENSION },
-
- /* added for alg 1485 */
- { { siDEROID, rfc1274Uid,
- sizeof(rfc1274Uid) },
- SEC_OID_RFC1274_UID,
- "RFC1274 User Id", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, rfc1274Mail,
- sizeof(rfc1274Uid) },
- SEC_OID_RFC1274_MAIL,
- "RFC1274 E-mail Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
-
- /* pkcs 12 additions */
- { { siDEROID, pkcs12, sizeof(pkcs12) },
- SEC_OID_PKCS12,
- "PKCS #12", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12ModeIDs, sizeof(pkcs12ModeIDs) },
- SEC_OID_PKCS12_MODE_IDS,
- "PKCS #12 Mode IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12ESPVKIDs, sizeof(pkcs12ESPVKIDs) },
- SEC_OID_PKCS12_ESPVK_IDS,
- "PKCS #12 ESPVK IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12BagIDs, sizeof(pkcs12BagIDs) },
- SEC_OID_PKCS12_BAG_IDS,
- "PKCS #12 Bag IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12CertBagIDs, sizeof(pkcs12CertBagIDs) },
- SEC_OID_PKCS12_CERT_BAG_IDS,
- "PKCS #12 Cert Bag IDs", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12OIDs, sizeof(pkcs12OIDs) },
- SEC_OID_PKCS12_OIDS,
- "PKCS #12 OIDs", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12PBEIDs, sizeof(pkcs12PBEIDs) },
- SEC_OID_PKCS12_PBE_IDS,
- "PKCS #12 PBE IDs", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12SignatureIDs, sizeof(pkcs12SignatureIDs) },
- SEC_OID_PKCS12_SIGNATURE_IDS,
- "PKCS #12 Signature IDs", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12EnvelopingIDs, sizeof(pkcs12EnvelopingIDs) },
- SEC_OID_PKCS12_ENVELOPING_IDS,
- "PKCS #12 Enveloping IDs", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12PKCS8KeyShrouding,
- sizeof(pkcs12PKCS8KeyShrouding) },
- SEC_OID_PKCS12_PKCS8_KEY_SHROUDING,
- "PKCS #12 Key Shrouding", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12KeyBagID,
- sizeof(pkcs12KeyBagID) },
- SEC_OID_PKCS12_KEY_BAG_ID,
- "PKCS #12 Key Bag ID", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12CertAndCRLBagID,
- sizeof(pkcs12CertAndCRLBagID) },
- SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
- "PKCS #12 Cert And CRL Bag ID", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12SecretBagID,
- sizeof(pkcs12SecretBagID) },
- SEC_OID_PKCS12_SECRET_BAG_ID,
- "PKCS #12 Secret Bag ID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12X509CertCRLBag,
- sizeof(pkcs12X509CertCRLBag) },
- SEC_OID_PKCS12_X509_CERT_CRL_BAG,
- "PKCS #12 X509 Cert CRL Bag", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12SDSICertBag,
- sizeof(pkcs12SDSICertBag) },
- SEC_OID_PKCS12_SDSI_CERT_BAG,
- "PKCS #12 SDSI Cert Bag", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12PBEWithSha1And128BitRC4,
- sizeof(pkcs12PBEWithSha1And128BitRC4) },
- SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
- "PKCS #12 PBE With Sha1 and 128 Bit RC4",
- CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12PBEWithSha1And40BitRC4,
- sizeof(pkcs12PBEWithSha1And40BitRC4) },
- SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
- "PKCS #12 PBE With Sha1 and 40 Bit RC4",
- CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12PBEWithSha1AndTripleDESCBC,
- sizeof(pkcs12PBEWithSha1AndTripleDESCBC) },
- SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
- "PKCS #12 PBE With Sha1 and Triple DES CBC",
- CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12PBEWithSha1And128BitRC2CBC,
- sizeof(pkcs12PBEWithSha1And128BitRC2CBC) },
- SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
- "PKCS #12 PBE With Sha1 and 128 Bit RC2 CBC",
- CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12PBEWithSha1And40BitRC2CBC,
- sizeof(pkcs12PBEWithSha1And40BitRC2CBC) },
- SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
- "PKCS #12 PBE With Sha1 and 40 Bit RC2 CBC",
- CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12RSAEncryptionWith128BitRC4,
- sizeof(pkcs12RSAEncryptionWith128BitRC4) },
- SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
- "PKCS #12 RSA Encryption with 128 Bit RC4",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12RSAEncryptionWith40BitRC4,
- sizeof(pkcs12RSAEncryptionWith40BitRC4) },
- SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4,
- "PKCS #12 RSA Encryption with 40 Bit RC4",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12RSAEncryptionWithTripleDES,
- sizeof(pkcs12RSAEncryptionWithTripleDES) },
- SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES,
- "PKCS #12 RSA Encryption with Triple DES",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12RSASignatureWithSHA1Digest,
- sizeof(pkcs12RSASignatureWithSHA1Digest) },
- SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST,
- "PKCS #12 RSA Encryption with Triple DES",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
-
- /* DSA signatures */
- { { siDEROID, ansix9DSASignature, sizeof(ansix9DSASignature) },
- SEC_OID_ANSIX9_DSA_SIGNATURE,
- "ANSI X9.57 DSA Signature", CKM_DSA,
- INVALID_CERT_EXTENSION },
- { { siDEROID, ansix9DSASignaturewithSHA1Digest,
- sizeof(ansix9DSASignaturewithSHA1Digest) },
- SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST,
- "ANSI X9.57 DSA Signature with SHA1 Digest", CKM_DSA_SHA1,
- INVALID_CERT_EXTENSION },
- { { siDEROID, bogusDSASignaturewithSHA1Digest,
- sizeof(bogusDSASignaturewithSHA1Digest) },
- SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST,
- "FORTEZZA DSA Signature with SHA1 Digest", CKM_DSA_SHA1,
- INVALID_CERT_EXTENSION },
-
- /* verisign oids */
- { { siDEROID, verisignUserNotices,
- sizeof(verisignUserNotices) },
- SEC_OID_VERISIGN_USER_NOTICES,
- "Verisign User Notices", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
-
- /* pkix oids */
- { { siDEROID, pkixCPSPointerQualifier,
- sizeof(pkixCPSPointerQualifier) },
- SEC_OID_PKIX_CPS_POINTER_QUALIFIER,
- "PKIX CPS Pointer Qualifier", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkixUserNoticeQualifier,
- sizeof(pkixUserNoticeQualifier) },
- SEC_OID_PKIX_USER_NOTICE_QUALIFIER,
- "PKIX User Notice Qualifier", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
-
- { { siDEROID, pkixOCSP, sizeof(pkixOCSP), },
- SEC_OID_PKIX_OCSP,
- "PKIX Online Certificate Status Protocol", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkixOCSPBasicResponse, sizeof(pkixOCSPBasicResponse), },
- SEC_OID_PKIX_OCSP_BASIC_RESPONSE,
- "OCSP Basic Response", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkixOCSPNonce, sizeof(pkixOCSPNonce), },
- SEC_OID_PKIX_OCSP_NONCE,
- "OCSP Nonce Extension", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkixOCSPCRL, sizeof(pkixOCSPCRL), },
- SEC_OID_PKIX_OCSP_CRL,
- "OCSP CRL Reference Extension", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkixOCSPResponse, sizeof(pkixOCSPResponse), },
- SEC_OID_PKIX_OCSP_RESPONSE,
- "OCSP Response Types Extension", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkixOCSPNoCheck, sizeof(pkixOCSPNoCheck) },
- SEC_OID_PKIX_OCSP_NO_CHECK,
- "OCSP No Check Extension", CKM_INVALID_MECHANISM,
- SUPPORTED_CERT_EXTENSION },
- { { siDEROID, pkixOCSPArchiveCutoff, sizeof(pkixOCSPArchiveCutoff) },
- SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF,
- "OCSP Archive Cutoff Extension", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkixOCSPServiceLocator, sizeof(pkixOCSPServiceLocator) },
- SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
- "OCSP Service Locator Extension", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
-
- { { siDEROID, pkixRegCtrlRegToken,
- sizeof (pkixRegCtrlRegToken) },
- SEC_OID_PKIX_REGCTRL_REGTOKEN,
- "PKIX CRMF Registration Control, Registration Token",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkixRegCtrlAuthenticator,
- sizeof (pkixRegCtrlAuthenticator) },
- SEC_OID_PKIX_REGCTRL_AUTHENTICATOR,
- "PKIX CRMF Registration Control, Registration Authenticator",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
- { { siDEROID, pkixRegCtrlPKIPubInfo,
- sizeof (pkixRegCtrlPKIPubInfo) },
- SEC_OID_PKIX_REGCTRL_PKIPUBINFO,
- "PKIX CRMF Registration Control, PKI Publication Info",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, pkixRegCtrlPKIArchOptions,
- sizeof (pkixRegCtrlPKIArchOptions) },
- SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
- "PKIX CRMF Registration Control, PKI Archive Options",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, pkixRegCtrlOldCertID,
- sizeof (pkixRegCtrlOldCertID) },
- SEC_OID_PKIX_REGCTRL_OLD_CERT_ID,
- "PKIX CRMF Registration Control, Old Certificate ID",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, pkixRegCtrlProtEncKey,
- sizeof (pkixRegCtrlProtEncKey) },
- SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY,
- "PKIX CRMF Registration Control, Protocol Encryption Key",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, pkixRegInfoUTF8Pairs,
- sizeof (pkixRegInfoUTF8Pairs) },
- SEC_OID_PKIX_REGINFO_UTF8_PAIRS,
- "PKIX CRMF Registration Info, UTF8 Pairs",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, pkixRegInfoCertReq,
- sizeof (pkixRegInfoCertReq) },
- SEC_OID_PKIX_REGINFO_CERT_REQUEST,
- "PKIX CRMF Registration Info, Certificate Request",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, pkixExtendedKeyUsageServerAuth,
- sizeof (pkixExtendedKeyUsageServerAuth) },
- SEC_OID_EXT_KEY_USAGE_SERVER_AUTH,
- "TLS Web Server Authentication Certificate",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, pkixExtendedKeyUsageClientAuth,
- sizeof (pkixExtendedKeyUsageClientAuth) },
- SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH,
- "TLS Web Client Authentication Certificate",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, pkixExtendedKeyUsageCodeSign,
- sizeof (pkixExtendedKeyUsageCodeSign) },
- SEC_OID_EXT_KEY_USAGE_CODE_SIGN,
- "Code Signing Certificate",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, pkixExtendedKeyUsageEMailProtect,
- sizeof (pkixExtendedKeyUsageEMailProtect) },
- SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT,
- "E-Mail Protection Certificate",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, pkixExtendedKeyUsageTimeStamp,
- sizeof (pkixExtendedKeyUsageTimeStamp) },
- SEC_OID_EXT_KEY_USAGE_TIME_STAMP,
- "Time Stamping Certifcate",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
- { { siDEROID, pkixOCSPResponderExtendedKeyUsage,
- sizeof (pkixOCSPResponderExtendedKeyUsage) },
- SEC_OID_OCSP_RESPONDER,
- "OCSP Responder Certificate",
- CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
-
- /* Netscape Algorithm OIDs */
-
- { { siDEROID, netscapeSMimeKEA,
- sizeof(netscapeSMimeKEA) },
- SEC_OID_NETSCAPE_SMIME_KEA,
- "Netscape S/MIME KEA", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
-
- /* Skipjack OID -- ### mwelch temporary */
- { { siDEROID, skipjackCBC,
- sizeof(skipjackCBC) },
- SEC_OID_FORTEZZA_SKIPJACK,
- "Skipjack CBC64", CKM_SKIPJACK_CBC64,
- INVALID_CERT_EXTENSION },
-
- /* pkcs12 v2 oids */
- { { siDEROID, pkcs12V2PBEWithSha1And128BitRC4,
- sizeof(pkcs12V2PBEWithSha1And128BitRC4) },
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
- "PKCS12 V2 PBE With SHA1 And 128 Bit RC4",
- CKM_PBE_SHA1_RC4_128,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12V2PBEWithSha1And40BitRC4,
- sizeof(pkcs12V2PBEWithSha1And40BitRC4) },
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
- "PKCS12 V2 PBE With SHA1 And 40 Bit RC4",
- CKM_PBE_SHA1_RC4_40,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12V2PBEWithSha1And3KeyTripleDEScbc,
- sizeof(pkcs12V2PBEWithSha1And3KeyTripleDEScbc) },
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
- "PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc",
- CKM_PBE_SHA1_DES3_EDE_CBC,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12V2PBEWithSha1And2KeyTripleDEScbc,
- sizeof(pkcs12V2PBEWithSha1And2KeyTripleDEScbc) },
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC,
- "PKCS12 V2 PBE With SHA1 And 2KEY Triple DES-cbc",
- CKM_PBE_SHA1_DES2_EDE_CBC,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12V2PBEWithSha1And128BitRC2cbc,
- sizeof(pkcs12V2PBEWithSha1And128BitRC2cbc) },
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
- "PKCS12 V2 PBE With SHA1 And 128 Bit RC2 CBC",
- CKM_PBE_SHA1_RC2_128_CBC,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12V2PBEWithSha1And40BitRC2cbc,
- sizeof(pkcs12V2PBEWithSha1And40BitRC2cbc) },
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
- "PKCS12 V2 PBE With SHA1 And 40 Bit RC2 CBC",
- CKM_PBE_SHA1_RC2_40_CBC,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12SafeContentsID,
- sizeof(pkcs12SafeContentsID) },
- SEC_OID_PKCS12_SAFE_CONTENTS_ID,
- "PKCS #12 Safe Contents ID", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12PKCS8ShroudedKeyBagID,
- sizeof(pkcs12PKCS8ShroudedKeyBagID) },
- SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID,
- "PKCS #12 Safe Contents ID", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12V1KeyBag,
- sizeof(pkcs12V1KeyBag) },
- SEC_OID_PKCS12_V1_KEY_BAG_ID,
- "PKCS #12 V1 Key Bag", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12V1PKCS8ShroudedKeyBag,
- sizeof(pkcs12V1PKCS8ShroudedKeyBag) },
- SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID,
- "PKCS #12 V1 PKCS8 Shrouded Key Bag", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12V1CertBag,
- sizeof(pkcs12V1CertBag) },
- SEC_OID_PKCS12_V1_CERT_BAG_ID,
- "PKCS #12 V1 Cert Bag", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12V1CRLBag,
- sizeof(pkcs12V1CRLBag) },
- SEC_OID_PKCS12_V1_CRL_BAG_ID,
- "PKCS #12 V1 CRL Bag", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12V1SecretBag,
- sizeof(pkcs12V1SecretBag) },
- SEC_OID_PKCS12_V1_SECRET_BAG_ID,
- "PKCS #12 V1 Secret Bag", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12V1SafeContentsBag,
- sizeof(pkcs12V1SafeContentsBag) },
- SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
- "PKCS #12 V1 Safe Contents Bag", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
-
- { { siDEROID, pkcs9X509Certificate,
- sizeof(pkcs9X509Certificate) },
- SEC_OID_PKCS9_X509_CERT,
- "PKCS #9 X509 Certificate", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9SDSICertificate,
- sizeof(pkcs9SDSICertificate) },
- SEC_OID_PKCS9_SDSI_CERT,
- "PKCS #9 SDSI Certificate", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9X509CRL,
- sizeof(pkcs9X509CRL) },
- SEC_OID_PKCS9_X509_CRL,
- "PKCS #9 X509 CRL", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9FriendlyName,
- sizeof(pkcs9FriendlyName) },
- SEC_OID_PKCS9_FRIENDLY_NAME,
- "PKCS #9 Friendly Name", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs9LocalKeyID,
- sizeof(pkcs9LocalKeyID) },
- SEC_OID_PKCS9_LOCAL_KEY_ID,
- "PKCS #9 Local Key ID", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, pkcs12KeyUsageAttr,
- sizeof(pkcs12KeyUsageAttr) },
- SEC_OID_PKCS12_KEY_USAGE,
- "PKCS 12 Key Usage", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
- { { siDEROID, dhPublicKey,
- sizeof(dhPublicKey) },
- SEC_OID_X942_DIFFIE_HELMAN_KEY,
- "Diffie-Helman Public Key", CKM_DH_PKCS_DERIVE,
- INVALID_CERT_EXTENSION },
- { { siDEROID, netscapeNickname,
- sizeof(netscapeNickname) },
- SEC_OID_NETSCAPE_NICKNAME,
- "Netscape Nickname", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
-
- /* Cert Server specific OIDs */
- { { siDEROID, netscapeRecoveryRequest,
- sizeof(netscapeRecoveryRequest) },
- SEC_OID_NETSCAPE_RECOVERY_REQUEST,
- "Recovery Request OID", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
-
- { { siDEROID, nsExtAIACertRenewal,
- sizeof(nsExtAIACertRenewal) },
- SEC_OID_CERT_RENEWAL_LOCATOR,
- "Certificate Renewal Locator OID", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
-
- { { siDEROID, nsExtCertScopeOfUse,
- sizeof(nsExtCertScopeOfUse) },
- SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
- "Certificate Scope-of-Use Extension", CKM_INVALID_MECHANISM,
- SUPPORTED_CERT_EXTENSION },
-
- /* CMS stuff */
- { { siDEROID, cmsESDH,
- sizeof(cmsESDH) },
- SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN,
- "Ephemeral-Static Diffie-Hellman", CKM_INVALID_MECHANISM /* XXX */,
- INVALID_CERT_EXTENSION },
- { { siDEROID, cms3DESwrap,
- sizeof(cms3DESwrap) },
- SEC_OID_CMS_3DES_KEY_WRAP,
- "CMS 3DES Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
- INVALID_CERT_EXTENSION },
- { { siDEROID, cmsRC2wrap,
- sizeof(cmsRC2wrap) },
- SEC_OID_CMS_RC2_KEY_WRAP,
- "CMS RC2 Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
- INVALID_CERT_EXTENSION },
- { { siDEROID, smimeEncryptionKeyPreference,
- sizeof(smimeEncryptionKeyPreference) },
- SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE,
- "S/MIME Encryption Key Preference", CKM_INVALID_MECHANISM,
- INVALID_CERT_EXTENSION },
-
-};
-
-/*
- * now the dynamic table. The dynamic table gets build at init time.
- * and gets modified if the user loads new crypto modules.
- */
-
-static DB *oid_d_hash = 0;
-static SECOidData **secoidDynamicTable = NULL;
-static int secoidDynamicTableSize = 0;
-static int secoidLastDynamicEntry = 0;
-static int secoidLastHashEntry = 0;
-
-static SECStatus
-secoid_DynamicRehash(void)
-{
- DBT key;
- DBT data;
- int rv;
- SECOidData *oid;
- int i;
- int last = secoidLastDynamicEntry;
-
- if (!oid_d_hash) {
- oid_d_hash = dbopen( 0, O_RDWR | O_CREAT, 0600, DB_HASH, 0 );
- }
-
-
- if ( !oid_d_hash ) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return(SECFailure);
- }
-
- for ( i = secoidLastHashEntry; i < last; i++ ) {
- oid = secoidDynamicTable[i];
-
- /* invalid assert ... guarrenteed not to be true */
- /* PORT_Assert ( oid->offset == i ); */
-
- key.data = oid->oid.data;
- key.size = oid->oid.len;
-
- data.data = &oid;
- data.size = sizeof(oid);
-
- rv = (* oid_d_hash->put)( oid_d_hash, &key, &data, R_NOOVERWRITE );
- if ( rv ) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return(SECFailure);
- }
- }
- secoidLastHashEntry = last;
- return(SECSuccess);
-}
-
-/*
- * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's
- * cheaper to rehash the table when it changes than it is to do the loop
- * each time. Worry: what about thread safety here? Global Static data with
- * no locks.... (sigh).
- */
-static SECStatus
-secoid_FindDynamic(DBT *key, DBT *data) {
- if (secoidDynamicTable == NULL) {
- return SECFailure;
- }
- if (secoidLastHashEntry != secoidLastDynamicEntry) {
- SECStatus rv = secoid_DynamicRehash();
- if ( rv != SECSuccess ) {
- return rv;
- }
- }
- return (SECStatus)(* oid_d_hash->get)( oid_d_hash, key, data, 0 );
-
-}
-
-static SECOidData *
-secoid_FindDynamicByTag(SECOidTag tagnum)
-{
- int tagNumDiff;
-
- if (secoidDynamicTable == NULL) {
- return NULL;
- }
-
- if (tagnum < SEC_OID_TOTAL) {
- return NULL;
- }
-
- tagNumDiff = tagnum - SEC_OID_TOTAL;
- if (tagNumDiff >= secoidLastDynamicEntry) {
- return NULL;
- }
-
- return(secoidDynamicTable[tagNumDiff]);
-}
-
-/*
- * this routine is definately not thread safe. It is only called out
- * of the UI, or at init time. If we want to call it any other time,
- * we need to make it thread safe.
- */
-SECStatus
-SECOID_AddEntry(SECItem *oid, char *description, unsigned long mech) {
- SECOidData *oiddp = (SECOidData *)PORT_Alloc(sizeof(SECOidData));
- int last = secoidLastDynamicEntry;
- int tableSize = secoidDynamicTableSize;
- int next = last++;
- SECOidData **newTable = secoidDynamicTable;
- SECOidData **oldTable = NULL;
-
- if (oid == NULL) {
- return SECFailure;
- }
-
- /* fill in oid structure */
- if (SECITEM_CopyItem(NULL,&oiddp->oid,oid) != SECSuccess) {
- PORT_Free(oiddp);
- return SECFailure;
- }
- oiddp->offset = (SECOidTag)(next + SEC_OID_TOTAL);
- /* may we should just reference the copy passed to us? */
- oiddp->desc = PORT_Strdup(description);
- oiddp->mechanism = mech;
-
-
- if (last > tableSize) {
- int oldTableSize = tableSize;
- tableSize += 10;
- oldTable = newTable;
- newTable = (SECOidData **)PORT_ZAlloc(sizeof(SECOidData *)*tableSize);
- if (newTable == NULL) {
- PORT_Free(oiddp->oid.data);
- PORT_Free(oiddp);
- return SECFailure;
- }
- PORT_Memcpy(newTable,oldTable,sizeof(SECOidData *)*oldTableSize);
- PORT_Free(oldTable);
- }
-
- newTable[next] = oiddp;
- secoidDynamicTable = newTable;
- secoidDynamicTableSize = tableSize;
- secoidLastDynamicEntry= last;
- return SECSuccess;
-}
-
-
-/* normal static table processing */
-static DB *oidhash = NULL;
-static DB *oidmechhash = NULL;
-
-static SECStatus
-InitOIDHash(void)
-{
- DBT key;
- DBT data;
- int rv;
- SECOidData *oid;
- int i;
-
- oidhash = dbopen( 0, O_RDWR | O_CREAT, 0600, DB_HASH, 0 );
- oidmechhash = dbopen( 0, O_RDWR | O_CREAT, 0600, DB_HASH, 0 );
-
- if ( !oidhash || !oidmechhash) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- PORT_Assert(0); /*This function should never fail. */
- return(SECFailure);
- }
-
- for ( i = 0; i < ( sizeof(oids) / sizeof(SECOidData) ); i++ ) {
- oid = &oids[i];
-
- PORT_Assert ( oid->offset == i );
-
- key.data = oid->oid.data;
- key.size = oid->oid.len;
-
- data.data = &oid;
- data.size = sizeof(oid);
-
- rv = (* oidhash->put)( oidhash, &key, &data, R_NOOVERWRITE );
- if ( rv ) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- PORT_Assert(0); /*This function should never fail. */
- return(SECFailure);
- }
-
- if ( oid->mechanism != CKM_INVALID_MECHANISM ) {
- key.data = &oid->mechanism;
- key.size = sizeof(oid->mechanism);
-
- rv = (* oidmechhash->put)( oidmechhash, &key, &data, R_NOOVERWRITE);
- /* Only error out if the error value returned is not
- * RET_SPECIAL, ie the mechanism already has a registered
- * OID.
- */
- if ( rv && rv != RET_SPECIAL) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- PORT_Assert(0); /* This function should never fail. */
- return(SECFailure);
- }
- }
- }
-
- PORT_Assert (i == SEC_OID_TOTAL);
-
- return(SECSuccess);
-}
-
-SECOidData *
-SECOID_FindOIDByMechanism(unsigned long mechanism)
-{
- DBT key;
- DBT data;
- SECOidData *ret;
- int rv;
-
- if ( !oidhash ) {
- rv = InitOIDHash();
- if ( rv != SECSuccess ) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return NULL;
- }
- }
- key.data = &mechanism;
- key.size = sizeof(mechanism);
-
- rv = (* oidmechhash->get)( oidmechhash, &key, &data, 0 );
- if ( rv || ( data.size != sizeof(unsigned long) ) ) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return NULL;
- }
- PORT_Memcpy(&ret, data.data, data.size);
-
- return (ret);
-}
-
-SECOidData *
-SECOID_FindOID(SECItem *oid)
-{
- DBT key;
- DBT data;
- SECOidData *ret;
- int rv;
-
- if ( !oidhash ) {
- rv = InitOIDHash();
- if ( rv != SECSuccess ) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return NULL;
- }
- }
-
- key.data = oid->data;
- key.size = oid->len;
-
- rv = (* oidhash->get)( oidhash, &key, &data, 0 );
- if ( rv || ( data.size != sizeof(SECOidData*) ) ) {
- rv = secoid_FindDynamic(&key, &data);
- if (rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return(0);
- }
- }
-
- PORT_Memcpy(&ret, data.data, data.size);
-
- return(ret);
-}
-
-SECOidTag
-SECOID_FindOIDTag(SECItem *oid)
-{
- SECOidData *oiddata;
-
- oiddata = SECOID_FindOID (oid);
- if (oiddata == NULL)
- return SEC_OID_UNKNOWN;
-
- return oiddata->offset;
-}
-
-SECOidData *
-SECOID_FindOIDByTag(SECOidTag tagnum)
-{
-
- if (tagnum >= SEC_OID_TOTAL) {
- return secoid_FindDynamicByTag(tagnum);
- }
-
- PORT_Assert((unsigned int)tagnum < (sizeof(oids) / sizeof(SECOidData)));
- return(&oids[tagnum]);
-}
-
-PRBool SECOID_KnownCertExtenOID (SECItem *extenOid)
-{
- SECOidData * oidData;
-
- oidData = SECOID_FindOID (extenOid);
- if (oidData == (SECOidData *)NULL)
- return (PR_FALSE);
- return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ?
- PR_TRUE : PR_FALSE);
-}
-
-
-const char *
-SECOID_FindOIDTagDescription(SECOidTag tagnum)
-{
- SECOidData *oidData = SECOID_FindOIDByTag(tagnum);
- if (!oidData)
- return 0;
- else
- return oidData->desc;
-}
diff --git a/security/nss/lib/util/secoid.h b/security/nss/lib/util/secoid.h
deleted file mode 100644
index 9f8c7b11c..000000000
--- a/security/nss/lib/util/secoid.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _SECOID_H_
-#define _SECOID_H_
-/*
- * secoid.h - public data structures and prototypes for ASN.1 OID functions
- *
- * $Id$
- */
-
-#include "plarena.h"
-
-#include "seccomon.h"
-#include "secoidt.h"
-#include "secasn1t.h"
-
-extern const SEC_ASN1Template SECOID_AlgorithmIDTemplate[];
-
-SEC_BEGIN_PROTOS
-
-/*
- * OID handling routines
- */
-extern SECOidData *SECOID_FindOID(SECItem *oid);
-extern SECOidTag SECOID_FindOIDTag(SECItem *oid);
-extern SECOidData *SECOID_FindOIDByTag(SECOidTag tagnum);
-extern SECOidData *SECOID_FindOIDByMechanism(unsigned long mechanism);
-
-/****************************************/
-/*
-** Algorithm id handling operations
-*/
-
-/*
-** Fill in an algorithm-ID object given a tag and some parameters.
-** "aid" where the DER encoded algorithm info is stored (memory
-** is allocated)
-** "tag" the tag defining the algorithm (SEC_OID_*)
-** "params" if not NULL, the parameters to go with the algorithm
-*/
-extern SECStatus SECOID_SetAlgorithmID(PRArenaPool *arena, SECAlgorithmID *aid,
- SECOidTag tag, SECItem *params);
-
-/*
-** Copy the "src" object to "dest". Memory is allocated in "dest" for
-** each of the appropriate sub-objects. Memory in "dest" is not freed
-** before memory is allocated (use SECOID_DestroyAlgorithmID(dest, PR_FALSE)
-** to do that).
-*/
-extern SECStatus SECOID_CopyAlgorithmID(PRArenaPool *arena, SECAlgorithmID *dest,
- SECAlgorithmID *src);
-
-/*
-** Get the SEC_OID_* tag for the given algorithm-id object.
-*/
-extern SECOidTag SECOID_GetAlgorithmTag(SECAlgorithmID *aid);
-
-/*
-** Destroy an algorithm-id object.
-** "aid" the certificate-request to destroy
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void SECOID_DestroyAlgorithmID(SECAlgorithmID *aid, PRBool freeit);
-
-/*
-** Compare two algorithm-id objects, returning the difference between
-** them.
-*/
-extern SECComparison SECOID_CompareAlgorithmID(SECAlgorithmID *a,
- SECAlgorithmID *b);
-
-extern PRBool SECOID_KnownCertExtenOID (SECItem *extenOid);
-
-/* Given a SEC_OID_* tag, return a string describing it.
- */
-extern const char *SECOID_FindOIDTagDescription(SECOidTag tagnum);
-
-
-SEC_END_PROTOS
-
-#endif /* _SECOID_H_ */
diff --git a/security/nss/lib/util/secoidt.h b/security/nss/lib/util/secoidt.h
deleted file mode 100644
index 66d3424a0..000000000
--- a/security/nss/lib/util/secoidt.h
+++ /dev/null
@@ -1,309 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _SECOIDT_H_
-#define _SECOIDT_H_
-/*
- * secoidt.h - public data structures for ASN.1 OID functions
- *
- * $Id$
- */
-
-#include "secitem.h"
-
-typedef struct SECOidDataStr SECOidData;
-typedef struct SECAlgorithmIDStr SECAlgorithmID;
-
-/*
-** An X.500 algorithm identifier
-*/
-struct SECAlgorithmIDStr {
- SECItem algorithm;
- SECItem parameters;
-};
-
-/*
- * Misc object IDs - these numbers are for convenient handling.
- * They are mapped into real object IDs
- *
- * NOTE: the order of these entries must mach the array "oids" of SECOidData
- * in util/secoid.c.
- */
-typedef enum {
- SEC_OID_UNKNOWN,
- SEC_OID_MD2,
- SEC_OID_MD4,
- SEC_OID_MD5,
- SEC_OID_SHA1,
- SEC_OID_RC2_CBC,
- SEC_OID_RC4,
- SEC_OID_DES_EDE3_CBC,
- SEC_OID_RC5_CBC_PAD,
- SEC_OID_DES_ECB,
- SEC_OID_DES_CBC,
- SEC_OID_DES_OFB,
- SEC_OID_DES_CFB,
- SEC_OID_DES_MAC,
- SEC_OID_DES_EDE,
- SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
- SEC_OID_PKCS1_RSA_ENCRYPTION,
- SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
- SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
- SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
- SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
- SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
- SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
- SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
- SEC_OID_PKCS7,
- SEC_OID_PKCS7_DATA,
- SEC_OID_PKCS7_SIGNED_DATA,
- SEC_OID_PKCS7_ENVELOPED_DATA,
- SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
- SEC_OID_PKCS7_DIGESTED_DATA,
- SEC_OID_PKCS7_ENCRYPTED_DATA,
- SEC_OID_PKCS9_EMAIL_ADDRESS,
- SEC_OID_PKCS9_UNSTRUCTURED_NAME,
- SEC_OID_PKCS9_CONTENT_TYPE,
- SEC_OID_PKCS9_MESSAGE_DIGEST,
- SEC_OID_PKCS9_SIGNING_TIME,
- SEC_OID_PKCS9_COUNTER_SIGNATURE,
- SEC_OID_PKCS9_CHALLENGE_PASSWORD,
- SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
- SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
- SEC_OID_PKCS9_SMIME_CAPABILITIES,
- SEC_OID_AVA_COMMON_NAME,
- SEC_OID_AVA_COUNTRY_NAME,
- SEC_OID_AVA_LOCALITY,
- SEC_OID_AVA_STATE_OR_PROVINCE,
- SEC_OID_AVA_ORGANIZATION_NAME,
- SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
- SEC_OID_AVA_DN_QUALIFIER,
- SEC_OID_AVA_DC,
-
- SEC_OID_NS_TYPE_GIF,
- SEC_OID_NS_TYPE_JPEG,
- SEC_OID_NS_TYPE_URL,
- SEC_OID_NS_TYPE_HTML,
- SEC_OID_NS_TYPE_CERT_SEQUENCE,
- SEC_OID_MISSI_KEA_DSS_OLD,
- SEC_OID_MISSI_DSS_OLD,
- SEC_OID_MISSI_KEA_DSS,
- SEC_OID_MISSI_DSS,
- SEC_OID_MISSI_KEA,
- SEC_OID_MISSI_ALT_KEA,
-
- /* Netscape private certificate extensions */
- SEC_OID_NS_CERT_EXT_NETSCAPE_OK,
- SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
- SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
- SEC_OID_NS_CERT_EXT_CERT_TYPE,
- SEC_OID_NS_CERT_EXT_BASE_URL,
- SEC_OID_NS_CERT_EXT_REVOCATION_URL,
- SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL,
- SEC_OID_NS_CERT_EXT_CA_CRL_URL,
- SEC_OID_NS_CERT_EXT_CA_CERT_URL,
- SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL,
- SEC_OID_NS_CERT_EXT_CA_POLICY_URL,
- SEC_OID_NS_CERT_EXT_HOMEPAGE_URL,
- SEC_OID_NS_CERT_EXT_ENTITY_LOGO,
- SEC_OID_NS_CERT_EXT_USER_PICTURE,
- SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME,
- SEC_OID_NS_CERT_EXT_COMMENT,
- SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL,
- SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME,
- SEC_OID_NS_KEY_USAGE_GOVT_APPROVED,
-
- /* x.509 v3 Extensions */
- SEC_OID_X509_SUBJECT_DIRECTORY_ATTR,
- SEC_OID_X509_SUBJECT_KEY_ID,
- SEC_OID_X509_KEY_USAGE,
- SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
- SEC_OID_X509_SUBJECT_ALT_NAME,
- SEC_OID_X509_ISSUER_ALT_NAME,
- SEC_OID_X509_BASIC_CONSTRAINTS,
- SEC_OID_X509_NAME_CONSTRAINTS,
- SEC_OID_X509_CRL_DIST_POINTS,
- SEC_OID_X509_CERTIFICATE_POLICIES,
- SEC_OID_X509_POLICY_MAPPINGS,
- SEC_OID_X509_POLICY_CONSTRAINTS,
- SEC_OID_X509_AUTH_KEY_ID,
- SEC_OID_X509_EXT_KEY_USAGE,
- SEC_OID_X509_AUTH_INFO_ACCESS,
-
- SEC_OID_X509_CRL_NUMBER,
- SEC_OID_X509_REASON_CODE,
- SEC_OID_X509_INVALID_DATE,
- /* End of x.509 v3 Extensions */
-
- SEC_OID_X500_RSA_ENCRYPTION,
-
- /* alg 1485 additions */
- SEC_OID_RFC1274_UID,
- SEC_OID_RFC1274_MAIL,
-
- /* PKCS 12 additions */
- SEC_OID_PKCS12,
- SEC_OID_PKCS12_MODE_IDS,
- SEC_OID_PKCS12_ESPVK_IDS,
- SEC_OID_PKCS12_BAG_IDS,
- SEC_OID_PKCS12_CERT_BAG_IDS,
- SEC_OID_PKCS12_OIDS,
- SEC_OID_PKCS12_PBE_IDS,
- SEC_OID_PKCS12_SIGNATURE_IDS,
- SEC_OID_PKCS12_ENVELOPING_IDS,
- /* SEC_OID_PKCS12_OFFLINE_TRANSPORT_MODE,
- SEC_OID_PKCS12_ONLINE_TRANSPORT_MODE, */
- SEC_OID_PKCS12_PKCS8_KEY_SHROUDING,
- SEC_OID_PKCS12_KEY_BAG_ID,
- SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
- SEC_OID_PKCS12_SECRET_BAG_ID,
- SEC_OID_PKCS12_X509_CERT_CRL_BAG,
- SEC_OID_PKCS12_SDSI_CERT_BAG,
- SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
- SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
- SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
- SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
- SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
- SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
- SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4,
- SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES,
- SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST,
- /* end of PKCS 12 additions */
-
- /* DSA signatures */
- SEC_OID_ANSIX9_DSA_SIGNATURE,
- SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST,
- SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST,
-
- /* Verisign OIDs */
- SEC_OID_VERISIGN_USER_NOTICES,
-
- /* PKIX OIDs */
- SEC_OID_PKIX_CPS_POINTER_QUALIFIER,
- SEC_OID_PKIX_USER_NOTICE_QUALIFIER,
- SEC_OID_PKIX_OCSP,
- SEC_OID_PKIX_OCSP_BASIC_RESPONSE,
- SEC_OID_PKIX_OCSP_NONCE,
- SEC_OID_PKIX_OCSP_CRL,
- SEC_OID_PKIX_OCSP_RESPONSE,
- SEC_OID_PKIX_OCSP_NO_CHECK,
- SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF,
- SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
- SEC_OID_PKIX_REGCTRL_REGTOKEN,
- SEC_OID_PKIX_REGCTRL_AUTHENTICATOR,
- SEC_OID_PKIX_REGCTRL_PKIPUBINFO,
- SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
- SEC_OID_PKIX_REGCTRL_OLD_CERT_ID,
- SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY,
- SEC_OID_PKIX_REGINFO_UTF8_PAIRS,
- SEC_OID_PKIX_REGINFO_CERT_REQUEST,
- SEC_OID_EXT_KEY_USAGE_SERVER_AUTH,
- SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH,
- SEC_OID_EXT_KEY_USAGE_CODE_SIGN,
- SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT,
- SEC_OID_EXT_KEY_USAGE_TIME_STAMP,
- SEC_OID_OCSP_RESPONDER,
-
- /* Netscape Algorithm OIDs */
- SEC_OID_NETSCAPE_SMIME_KEA,
-
- /* Skipjack OID -- ### mwelch temporary */
- SEC_OID_FORTEZZA_SKIPJACK,
-
- /* PKCS 12 V2 oids */
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC,
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
- SEC_OID_PKCS12_SAFE_CONTENTS_ID,
- SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID,
-
- SEC_OID_PKCS12_V1_KEY_BAG_ID,
- SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID,
- SEC_OID_PKCS12_V1_CERT_BAG_ID,
- SEC_OID_PKCS12_V1_CRL_BAG_ID,
- SEC_OID_PKCS12_V1_SECRET_BAG_ID,
- SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
- SEC_OID_PKCS9_X509_CERT,
- SEC_OID_PKCS9_SDSI_CERT,
- SEC_OID_PKCS9_X509_CRL,
- SEC_OID_PKCS9_FRIENDLY_NAME,
- SEC_OID_PKCS9_LOCAL_KEY_ID,
- SEC_OID_PKCS12_KEY_USAGE,
-
- /*Diffe Helman OIDS */
- SEC_OID_X942_DIFFIE_HELMAN_KEY,
-
- /* Netscape other name types */
- SEC_OID_NETSCAPE_NICKNAME,
-
- /* Cert Server OIDS */
- SEC_OID_NETSCAPE_RECOVERY_REQUEST,
-
- /* New PSM certificate management OIDs */
- SEC_OID_CERT_RENEWAL_LOCATOR,
- SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
-
- /* CMS (RFC2630) OIDs */
- SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN,
- SEC_OID_CMS_3DES_KEY_WRAP,
- SEC_OID_CMS_RC2_KEY_WRAP,
-
- /* SMIME attributes */
- SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE,
-
- SEC_OID_TOTAL
-} SECOidTag;
-
-/* fake OID for DSS sign/verify */
-#define SEC_OID_SHA SEC_OID_MISS_DSS
-
-typedef enum {
- INVALID_CERT_EXTENSION,
- UNSUPPORTED_CERT_EXTENSION,
- SUPPORTED_CERT_EXTENSION
-} SECSupportExtenTag;
-
-struct SECOidDataStr {
- SECItem oid;
- SECOidTag offset;
- char *desc;
- unsigned long mechanism;
- SECSupportExtenTag supportedExtension; /* only used for x.509 v3 extensions, so
- that we can print the names of those
- extensions that we don't even support */
-};
-
-#endif /* _SECOIDT_H_ */
diff --git a/security/nss/lib/util/secplcy.c b/security/nss/lib/util/secplcy.c
deleted file mode 100644
index b7f42080d..000000000
--- a/security/nss/lib/util/secplcy.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secplcy.h"
-#include "prmem.h"
-
-SECCipherFind *sec_CipherFindInit(PRBool onlyAllowed,
- secCPStruct *policy,
- long *ciphers)
-{
- SECCipherFind *find = PR_NEWZAP(SECCipherFind);
- if (find)
- {
- find->policy = policy;
- find->ciphers = ciphers;
- find->onlyAllowed = onlyAllowed;
- find->index = -1;
- }
- return find;
-}
-
-long sec_CipherFindNext(SECCipherFind *find)
-{
- char *policy;
- long rv = -1;
- secCPStruct *policies = (secCPStruct *) find->policy;
- long *ciphers = (long *) find->ciphers;
- long numCiphers = policies->num_ciphers;
-
- find->index++;
- while((find->index < numCiphers) && (rv == -1))
- {
- /* Translate index to cipher. */
- rv = ciphers[find->index];
-
- /* If we're only looking for allowed ciphers, and if this
- cipher isn't allowed, loop around.*/
- if (find->onlyAllowed)
- {
- /* Find the appropriate policy flag. */
- policy = (&(policies->begin_ciphers)) + find->index + 1;
-
- /* If this cipher isn't allowed by policy, continue. */
- if (! (*policy))
- {
- rv = -1;
- find->index++;
- }
- }
- }
-
- return rv;
-}
-
-char sec_IsCipherAllowed(long cipher, secCPStruct *policies,
- long *ciphers)
-{
- char result = SEC_CIPHER_NOT_ALLOWED; /* our default answer */
- long numCiphers = policies->num_ciphers;
- char *policy;
- int i;
-
- /* Convert the cipher number into a policy flag location. */
- for (i=0, policy=(&(policies->begin_ciphers) + 1);
- i<numCiphers;
- i++, policy++)
- {
- if (cipher == ciphers[i])
- break;
- }
-
- if (i < numCiphers)
- {
- /* Found the cipher, get the policy value. */
- result = *policy;
- }
-
- return result;
-}
-
-void sec_CipherFindEnd(SECCipherFind *find)
-{
- PR_FREEIF(find);
-}
diff --git a/security/nss/lib/util/secplcy.h b/security/nss/lib/util/secplcy.h
deleted file mode 100644
index add5d8fac..000000000
--- a/security/nss/lib/util/secplcy.h
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef __secplcy_h__
-#define __secplcy_h__
-
-#include "prtypes.h"
-
-/*
-** Cipher policy enforcement. This code isn't very pretty, but it accomplishes
-** the purpose of obscuring policy information from potential fortifiers. :-)
-**
-** The following routines are generic and intended for anywhere where cipher
-** policy enforcement is to be done, e.g. SSL and PKCS7&12.
-*/
-
-#define SEC_CIPHER_NOT_ALLOWED 0
-#define SEC_CIPHER_ALLOWED 1
-#define SEC_CIPHER_RESTRICTED 2 /* cipher is allowed in limited cases
- e.g. step-up */
-
-/* The length of the header string for each cipher table.
- (It's the same regardless of whether we're using md5 strings or not.) */
-#define SEC_POLICY_HEADER_LENGTH 48
-
-/* If we're testing policy stuff, we may want to use the plaintext version */
-#define SEC_POLICY_USE_MD5_STRINGS 1
-
-#define SEC_POLICY_THIS_IS_THE \
- "\x2a\x3a\x51\xbf\x2f\x71\xb7\x73\xaa\xca\x6b\x57\x70\xcd\xc8\x9f"
-#define SEC_POLICY_STRING_FOR_THE \
- "\x97\x15\xe2\x70\xd2\x8a\xde\xa9\xe7\xa7\x6a\xe2\x83\xe5\xb1\xf6"
-#define SEC_POLICY_SSL_TAIL \
- "\x70\x16\x25\xc0\x2a\xb2\x4a\xca\xb6\x67\xb1\x89\x20\xdf\x87\xca"
-#define SEC_POLICY_SMIME_TAIL \
- "\xdf\xd4\xe7\x2a\xeb\xc4\x1b\xb5\xd8\xe5\xe0\x2a\x16\x9f\xc4\xb9"
-#define SEC_POLICY_PKCS12_TAIL \
- "\x1c\xf8\xa4\x85\x4a\xc6\x8a\xfe\xe6\xca\x03\x72\x50\x1c\xe2\xc8"
-
-#if defined(SEC_POLICY_USE_MD5_STRINGS)
-
-/* We're not testing.
- Use md5 checksums of the strings. */
-
-#define SEC_POLICY_SSL_HEADER \
- SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SSL_TAIL
-
-#define SEC_POLICY_SMIME_HEADER \
- SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SMIME_TAIL
-
-#define SEC_POLICY_PKCS12_HEADER \
- SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_PKCS12_TAIL
-
-#else
-
-/* We're testing.
- Use plaintext versions of the strings, for testing purposes. */
-#define SEC_POLICY_SSL_HEADER \
- "This is the string for the SSL policy table. "
-#define SEC_POLICY_SMIME_HEADER \
- "This is the string for the PKCS7 policy table. "
-#define SEC_POLICY_PKCS12_HEADER \
- "This is the string for the PKCS12 policy table. "
-
-#endif
-
-/* Local cipher tables have to have these members at the top. */
-typedef struct _sec_cp_struct
-{
- char policy_string[SEC_POLICY_HEADER_LENGTH];
- long unused; /* placeholder for max keybits in pkcs12 struct */
- char num_ciphers;
- char begin_ciphers;
- /* cipher policy settings follow. each is a char. */
-} secCPStruct;
-
-struct SECCipherFindStr
-{
- /* (policy) and (ciphers) are opaque to the outside world */
- void *policy;
- void *ciphers;
- long index;
- PRBool onlyAllowed;
-};
-
-typedef struct SECCipherFindStr SECCipherFind;
-
-SEC_BEGIN_PROTOS
-
-SECCipherFind *sec_CipherFindInit(PRBool onlyAllowed,
- secCPStruct *policy,
- long *ciphers);
-
-long sec_CipherFindNext(SECCipherFind *find);
-
-char sec_IsCipherAllowed(long cipher, secCPStruct *policies,
- long *ciphers);
-
-void sec_CipherFindEnd(SECCipherFind *find);
-
-SEC_END_PROTOS
-
-#endif /* __SECPLCY_H__ */
diff --git a/security/nss/lib/util/secport.c b/security/nss/lib/util/secport.c
deleted file mode 100644
index 76b0b195b..000000000
--- a/security/nss/lib/util/secport.c
+++ /dev/null
@@ -1,601 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * secport.c - portability interfaces for security libraries
- *
- * This file abstracts out libc functionality that libsec depends on
- *
- * NOTE - These are not public interfaces
- *
- * $Id$
- */
-
-#include "seccomon.h"
-#include "prmem.h"
-#include "prerror.h"
-#include "plarena.h"
-#include "secerr.h"
-#include "prmon.h"
-#include "nsslocks.h"
-#include "secport.h"
-
-#ifdef DEBUG
-#define THREADMARK
-#endif /* DEBUG */
-
-#ifdef THREADMARK
-#include "prthread.h"
-#endif /* THREADMARK */
-
-#if defined(XP_UNIX) || defined(XP_MAC)
-#include <stdlib.h>
-#else
-#include "wtypes.h"
-#endif
-
-#define SET_ERROR_CODE /* place holder for code to set PR error code. */
-
-#ifdef THREADMARK
-typedef struct threadmark_mark_str {
- struct threadmark_mark_str *next;
- void *mark;
-} threadmark_mark;
-
-typedef struct threadmark_arena_str {
- PLArenaPool arena;
- PRUint32 magic;
- PRThread *marking_thread;
- threadmark_mark *first_mark;
-} threadmark_arena;
-
-#define THREADMARK_MAGIC 0xB8AC9BDD /* In honor of nelsonb */
-#endif /* THREADMARK */
-
-/* count of allocation failures. */
-unsigned long port_allocFailures;
-
-/* locations for registering Unicode conversion functions.
- * XXX is this the appropriate location? or should they be
- * moved to client/server specific locations?
- */
-PORTCharConversionFunc ucs4Utf8ConvertFunc;
-PORTCharConversionFunc ucs2Utf8ConvertFunc;
-PORTCharConversionWSwapFunc ucs2AsciiConvertFunc;
-
-void *
-PORT_Alloc(size_t bytes)
-{
- void *rv;
-
- /* Always allocate a non-zero amount of bytes */
- rv = (void *)PR_Malloc(bytes ? bytes : 1);
- if (!rv) {
- ++port_allocFailures;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- return rv;
-}
-
-void *
-PORT_Realloc(void *oldptr, size_t bytes)
-{
- void *rv;
-
- rv = (void *)PR_Realloc(oldptr, bytes);
- if (!rv) {
- ++port_allocFailures;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- return rv;
-}
-
-#ifdef XP_MAC
-char *
-PORT_Strdup(const char *cp)
-{
- size_t len = PORT_Strlen(cp);
- char *buf;
-
- buf = (char *)PORT_Alloc(len+1);
- if (buf == NULL) return;
-
- PORT_Memcpy(buf,cp,len+1);
- return buf;
-}
-#endif
-
-
-void *
-PORT_ZAlloc(size_t bytes)
-{
- void *rv;
-
- /* Always allocate a non-zero amount of bytes */
- rv = (void *)PR_Calloc(1, bytes ? bytes : 1);
- if (!rv) {
- ++port_allocFailures;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- return rv;
-}
-
-void
-PORT_Free(void *ptr)
-{
- if (ptr) {
- PR_Free(ptr);
- }
-}
-
-void
-PORT_ZFree(void *ptr, size_t len)
-{
- if (ptr) {
- memset(ptr, 0, len);
- PR_Free(ptr);
- }
-}
-
-void
-PORT_SetError(int value)
-{
- PR_SetError(value, 0);
- return;
-}
-
-int
-PORT_GetError(void)
-{
- return(PR_GetError());
-}
-
-/********************* Arena code follows *****************************/
-
-PRMonitor * arenaMonitor;
-
-static void
-getArenaLock(void)
-{
- if (!arenaMonitor) {
- nss_InitMonitor(&arenaMonitor);
- }
- if (arenaMonitor)
- PR_EnterMonitor(arenaMonitor);
-}
-
-static void
-releaseArenaLock(void)
-{
- if (arenaMonitor)
- PR_ExitMonitor(arenaMonitor);
-}
-
-PLArenaPool *
-PORT_NewArena(unsigned long chunksize)
-{
- PLArenaPool *arena;
-
- getArenaLock();
-#ifdef THREADMARK
- {
- threadmark_arena *tarena = (threadmark_arena *)
- PORT_ZAlloc(sizeof(threadmark_arena));
- if( (threadmark_arena *)NULL != tarena ) {
- arena = &tarena->arena;
- tarena->magic = THREADMARK_MAGIC;
- } else {
- arena = (PLArenaPool *)NULL;
- }
- }
-#else /* THREADMARK */
- arena = (PLArenaPool*)PORT_ZAlloc(sizeof(PLArenaPool));
-#endif /* THREADMARK */
- if ( arena != NULL ) {
- PL_InitArenaPool(arena, "security", chunksize, sizeof(double));
- }
- releaseArenaLock();
- return(arena);
-}
-
-void *
-PORT_ArenaAlloc(PLArenaPool *arena, size_t size)
-{
- void *p;
-
- getArenaLock();
-#ifdef THREADMARK
- {
- /* Is it one of ours? Assume so and check the magic */
- threadmark_arena *tarena = (threadmark_arena *)arena;
- if( THREADMARK_MAGIC == tarena->magic ) {
- /* Most likely one of ours. Is there a thread id? */
- if( (PRThread *)NULL != tarena->marking_thread ) {
- /* Yes. Has this arena been marked by this thread? */
- if( tarena->marking_thread == PR_GetCurrentThread() ) {
- /* Yup. Everything's okay. */
- ;
- } else {
- /* Nope. BZZT! error */
- releaseArenaLock();
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_Assert(0);
- return (void *)NULL;
- }
- } /* tid != null */
- } /* tarena */
- } /* scope */
-#endif /* THREADMARK */
-
- PL_ARENA_ALLOCATE(p, arena, size);
- releaseArenaLock();
- if (p == NULL) {
- ++port_allocFailures;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
-
- return(p);
-}
-
-void *
-PORT_ArenaZAlloc(PLArenaPool *arena, size_t size)
-{
- void *p;
-
- getArenaLock();
-#ifdef THREADMARK
- {
- /* Is it one of ours? Assume so and check the magic */
- threadmark_arena *tarena = (threadmark_arena *)arena;
- if( THREADMARK_MAGIC == tarena->magic ) {
- /* Most likely one of ours. Is there a thread id? */
- if( (PRThread *)NULL != tarena->marking_thread ) {
- /* Yes. Has this arena been marked by this thread? */
- if( tarena->marking_thread == PR_GetCurrentThread() ) {
- /* Yup. Everything's okay. */
- ;
- } else {
- /* No, it was a different thread BZZT! error */
- releaseArenaLock();
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_Assert(0);
- return (void *)NULL;
- }
- } /* tid != null */
- } /* tarena */
- } /* scope */
-#endif /* THREADMARK */
-
- PL_ARENA_ALLOCATE(p, arena, size);
- releaseArenaLock();
- if (p == NULL) {
- ++port_allocFailures;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- } else {
- PORT_Memset(p, 0, size);
- }
-
- return(p);
-}
-
-/* XXX - need to zeroize!! - jsw */
-void
-PORT_FreeArena(PLArenaPool *arena, PRBool zero)
-{
- getArenaLock();
- PL_FinishArenaPool(arena);
- PORT_Free(arena);
- releaseArenaLock();
-}
-
-void *
-PORT_ArenaGrow(PLArenaPool *arena, void *ptr, size_t oldsize, size_t newsize)
-{
- PORT_Assert(newsize >= oldsize);
-
- getArenaLock();
- /* Do we do a THREADMARK check here? */
- PL_ARENA_GROW(ptr, arena, oldsize, ( newsize - oldsize ) );
- releaseArenaLock();
-
- return(ptr);
-}
-
-void *
-PORT_ArenaMark(PLArenaPool *arena)
-{
- void * result;
-
- getArenaLock();
-#ifdef THREADMARK
- {
- threadmark_mark *tm, **pw;
-
- threadmark_arena *tarena = (threadmark_arena *)arena;
- if( THREADMARK_MAGIC == tarena->magic ) {
- /* one of ours */
- if( (PRThread *)NULL == tarena->marking_thread ) {
- /* First mark */
- tarena->marking_thread = PR_GetCurrentThread();
- } else {
- if( PR_GetCurrentThread() != tarena->marking_thread ) {
- releaseArenaLock();
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_Assert(0);
- return (void *)NULL;
- }
- }
-
- result = PL_ARENA_MARK(arena);
- PL_ARENA_ALLOCATE(tm, arena, sizeof(threadmark_mark));
- if( (threadmark_mark *)NULL == tm ) {
- releaseArenaLock();
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
-
- tm->mark = result;
- tm->next = (threadmark_mark *)NULL;
-
- pw = &tarena->first_mark;
- while( (threadmark_mark *)NULL != *pw ) {
- pw = &(*pw)->next;
- }
-
- *pw = tm;
- } else {
- /* a "pure" NSPR arena */
- result = PL_ARENA_MARK(arena);
- }
- }
-#else /* THREADMARK */
- result = PL_ARENA_MARK(arena);
-#endif /* THREADMARK */
- releaseArenaLock();
- return result;
-}
-
-void
-PORT_ArenaRelease(PLArenaPool *arena, void *mark)
-{
- getArenaLock();
-#ifdef THREADMARK
- {
- threadmark_arena *tarena = (threadmark_arena *)arena;
- if( THREADMARK_MAGIC == tarena->magic ) {
- threadmark_mark **pw, *tm;
-
- if( PR_GetCurrentThread() != tarena->marking_thread ) {
- releaseArenaLock();
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_Assert(0);
- return /* no error indication available */ ;
- }
-
- pw = &tarena->first_mark;
- while( ((threadmark_mark *)NULL != *pw) && (mark != (*pw)->mark) ) {
- pw = &(*pw)->next;
- }
-
- if( (threadmark_mark *)NULL == *pw ) {
- /* bad mark */
- releaseArenaLock();
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_Assert(0);
- return /* no error indication available */ ;
- }
-
- tm = *pw;
- *pw = (threadmark_mark *)NULL;
-
- PL_ARENA_RELEASE(arena, mark);
-
- if( (threadmark_mark *)NULL == tarena->first_mark ) {
- tarena->marking_thread = (PRThread *)NULL;
- }
- } else {
- PL_ARENA_RELEASE(arena, mark);
- }
- }
-#else /* THREADMARK */
- PL_ARENA_RELEASE(arena, mark);
-#endif /* THREADMARK */
- releaseArenaLock();
-}
-
-void
-PORT_ArenaUnmark(PLArenaPool *arena, void *mark)
-{
-#ifdef THREADMARK
- getArenaLock();
- {
- threadmark_arena *tarena = (threadmark_arena *)arena;
- if( THREADMARK_MAGIC == tarena->magic ) {
- threadmark_mark **pw, *tm;
-
- if( PR_GetCurrentThread() != tarena->marking_thread ) {
- releaseArenaLock();
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_Assert(0);
- return /* no error indication available */ ;
- }
-
- pw = &tarena->first_mark;
- while( ((threadmark_mark *)NULL != *pw) && (mark != (*pw)->mark) ) {
- pw = &(*pw)->next;
- }
-
- if( (threadmark_mark *)NULL == *pw ) {
- /* bad mark */
- releaseArenaLock();
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_Assert(0);
- return /* no error indication available */ ;
- }
-
- tm = *pw;
- *pw = (threadmark_mark *)NULL;
-
- if( (threadmark_mark *)NULL == tarena->first_mark ) {
- tarena->marking_thread = (PRThread *)NULL;
- }
- } else {
- PL_ARENA_RELEASE(arena, mark);
- }
- }
- releaseArenaLock();
-#endif /* THREADMARK */
-}
-
-char *
-PORT_ArenaStrdup(PLArenaPool *arena, char *str) {
- int len = PORT_Strlen(str)+1;
- char *newstr;
-
- getArenaLock();
- newstr = (char*)PORT_ArenaAlloc(arena,len);
- releaseArenaLock();
- if (newstr) {
- PORT_Memcpy(newstr,str,len);
- }
- return newstr;
-}
-
-/********************** end of arena functions ***********************/
-
-/****************** unicode conversion functions ***********************/
-/*
- * NOTE: These conversion functions all assume that the multibyte
- * characters are going to be in NETWORK BYTE ORDER, not host byte
- * order. This is because the only time we deal with UCS-2 and UCS-4
- * are when the data was received from or is going to be sent out
- * over the wire (in, e.g. certificates).
- */
-
-void
-PORT_SetUCS4_UTF8ConversionFunction(PORTCharConversionFunc convFunc)
-{
- ucs4Utf8ConvertFunc = convFunc;
-}
-
-void
-PORT_SetUCS2_ASCIIConversionFunction(PORTCharConversionWSwapFunc convFunc)
-{
- ucs2AsciiConvertFunc = convFunc;
-}
-
-void
-PORT_SetUCS2_UTF8ConversionFunction(PORTCharConversionFunc convFunc)
-{
- ucs2Utf8ConvertFunc = convFunc;
-}
-
-PRBool
-PORT_UCS4_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
- unsigned int inBufLen, unsigned char *outBuf,
- unsigned int maxOutBufLen, unsigned int *outBufLen)
-{
- if(!ucs4Utf8ConvertFunc) {
- return sec_port_ucs4_utf8_conversion_function(toUnicode,
- inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen);
- }
-
- return (*ucs4Utf8ConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
- maxOutBufLen, outBufLen);
-}
-
-PRBool
-PORT_UCS2_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
- unsigned int inBufLen, unsigned char *outBuf,
- unsigned int maxOutBufLen, unsigned int *outBufLen)
-{
- if(!ucs2Utf8ConvertFunc) {
- return sec_port_ucs2_utf8_conversion_function(toUnicode,
- inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen);
- }
-
- return (*ucs2Utf8ConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
- maxOutBufLen, outBufLen);
-}
-
-PRBool
-PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf,
- unsigned int inBufLen, unsigned char *outBuf,
- unsigned int maxOutBufLen, unsigned int *outBufLen,
- PRBool swapBytes)
-{
- if(!ucs2AsciiConvertFunc) {
- return PR_FALSE;
- }
-
- return (*ucs2AsciiConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
- maxOutBufLen, outBufLen, swapBytes);
-}
-
-
-/* Portable putenv. Creates/replaces an environment variable of the form
- * envVarName=envValue
- */
-int
-NSS_PutEnv(const char * envVarName, const char * envValue)
-{
- SECStatus result = SECSuccess;
-#ifdef _WIN32
- PRBool setOK;
-
- setOK = SetEnvironmentVariable(envVarName, envValue);
- if (!setOK) {
- SET_ERROR_CODE
- result = SECFailure;
- }
-#elif defined(XP_MAC)
- result = SECFailure;
-#else
- char * encoded;
- int putEnvFailed;
-
- encoded = (char *)PORT_ZAlloc(strlen(envVarName) + 2 + strlen(envValue));
- strcpy(encoded, envVarName);
- strcat(encoded, "=");
- strcat(encoded, envValue);
-
- putEnvFailed = putenv(encoded); /* adopt. */
- if (putEnvFailed) {
- SET_ERROR_CODE
- result = SECFailure;
- PORT_Free(encoded);
- }
-#endif
- return result;
-}
-
diff --git a/security/nss/lib/util/secport.h b/security/nss/lib/util/secport.h
deleted file mode 100644
index 8ccba60ec..000000000
--- a/security/nss/lib/util/secport.h
+++ /dev/null
@@ -1,274 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * secport.h - portability interfaces for security libraries
- *
- * This file abstracts out libc functionality that libsec depends on
- *
- * NOTE - These are not public interfaces
- *
- * $Id$
- */
-
-#ifndef _SECPORT_H_
-#define _SECPORT_H_
-
-/*
- * define XP_MAC, XP_WIN, or XP_UNIX, in case they are not defined
- * by anyone else
- */
-#ifdef macintosh
-# ifndef XP_MAC
-# define XP_MAC 1
-# endif
-#endif
-
-#ifdef _WINDOWS
-# ifndef XP_WIN
-# define XP_WIN
-# endif
-#if defined(_WIN32) || defined(WIN32)
-# ifndef XP_WIN32
-# define XP_WIN32
-# endif
-#else
-# ifndef XP_WIN16
-# define XP_WIN16
-# endif
-#endif
-#endif
-
-#ifdef unix
-# ifndef XP_UNIX
-# define XP_UNIX
-# endif
-#endif
-
-#if defined(__WATCOMC__) || defined(__WATCOM_CPLUSPLUS__)
-#include "watcomfx.h"
-#endif
-
-#ifdef XP_MAC
-#include <types.h>
-#include <time.h> /* for time_t below */
-#else
-#include <sys/types.h>
-#endif
-
-#ifdef notdef
-#ifdef XP_MAC
-#include "NSString.h"
-#endif
-#endif
-
-#include <ctype.h>
-#include <string.h>
-#include <stddef.h>
-#include <stdlib.h>
-#include "prtypes.h"
-#include "prlog.h" /* for PR_ASSERT */
-#include "plarena.h"
-#include "plstr.h"
-
-/*
- * HACK for NSS 2.8 to allow Admin to compile without source changes.
- */
-#ifndef SEC_BEGIN_PROTOS
-#include "seccomon.h"
-#endif
-
-SEC_BEGIN_PROTOS
-
-extern void *PORT_Alloc(size_t len);
-extern void *PORT_Realloc(void *old, size_t len);
-extern void *PORT_AllocBlock(size_t len);
-extern void *PORT_ReallocBlock(void *old, size_t len);
-extern void PORT_FreeBlock(void *ptr);
-extern void *PORT_ZAlloc(size_t len);
-extern void PORT_Free(void *ptr);
-extern void PORT_ZFree(void *ptr, size_t len);
-extern time_t PORT_Time(void);
-extern void PORT_SetError(int value);
-extern int PORT_GetError(void);
-
-extern PLArenaPool *PORT_NewArena(unsigned long chunksize);
-extern void *PORT_ArenaAlloc(PLArenaPool *arena, size_t size);
-extern void *PORT_ArenaZAlloc(PLArenaPool *arena, size_t size);
-extern void PORT_FreeArena(PLArenaPool *arena, PRBool zero);
-extern void *PORT_ArenaGrow(PLArenaPool *arena, void *ptr,
- size_t oldsize, size_t newsize);
-extern void *PORT_ArenaMark(PLArenaPool *arena);
-extern void PORT_ArenaRelease(PLArenaPool *arena, void *mark);
-extern void PORT_ArenaUnmark(PLArenaPool *arena, void *mark);
-extern char *PORT_ArenaStrdup(PLArenaPool *arena, char *str);
-
-#ifdef __cplusplus
-}
-#endif
-
-#define PORT_Assert PR_ASSERT
-#define PORT_ZNew(type) (type*)PORT_ZAlloc(sizeof(type))
-#define PORT_New(type) (type*)PORT_Alloc(sizeof(type))
-#define PORT_ArenaNew(poolp, type) \
- (type*) PORT_ArenaAlloc(poolp, sizeof(type))
-#define PORT_ArenaZNew(poolp, type) \
- (type*) PORT_ArenaZAlloc(poolp, sizeof(type))
-#define PORT_NewArray(type, num) \
- (type*) PORT_Alloc (sizeof(type)*(num))
-#define PORT_ZNewArray(type, num) \
- (type*) PORT_ZAlloc (sizeof(type)*(num))
-#define PORT_ArenaNewArray(poolp, type, num) \
- (type*) PORT_ArenaAlloc (poolp, sizeof(type)*(num))
-#define PORT_ArenaZNewArray(poolp, type, num) \
- (type*) PORT_ArenaZAlloc (poolp, sizeof(type)*(num))
-
-/* Please, keep these defines sorted alphbetically. Thanks! */
-
-#ifdef XP_STRING_FUNCS
-
-#define PORT_Atoi XP_ATOI
-
-#define PORT_Memcmp XP_MEMCMP
-#define PORT_Memcpy XP_MEMCPY
-#define PORT_Memmove XP_MEMMOVE
-#define PORT_Memset XP_MEMSET
-
-#define PORT_Strcasecmp XP_STRCASECMP
-#define PORT_Strcat XP_STRCAT
-#define PORT_Strchr XP_STRCHR
-#define PORT_Strrchr XP_STRRCHR
-#define PORT_Strcmp XP_STRCMP
-#define PORT_Strcpy XP_STRCPY
-#define PORT_Strdup XP_STRDUP
-#define PORT_Strlen(s) XP_STRLEN(s)
-#define PORT_Strncasecmp XP_STRNCASECMP
-#define PORT_Strncat strncat
-#define PORT_Strncmp XP_STRNCMP
-#define PORT_Strncpy strncpy
-#define PORT_Strstr XP_STRSTR
-#define PORT_Strtok XP_STRTOK_R
-
-#define PORT_Tolower XP_TO_LOWER
-
-#else /* XP_STRING_FUNCS */
-
-#define PORT_Atoi atoi
-
-#define PORT_Memcmp memcmp
-#define PORT_Memcpy memcpy
-#ifndef SUNOS4
-#define PORT_Memmove memmove
-#else /*SUNOS4*/
-#define PORT_Memmove(s,ct,n) bcopy ((ct), (s), (n))
-#endif/*SUNOS4*/
-#define PORT_Memset memset
-
-#define PORT_Strcasecmp PL_strcasecmp
-#define PORT_Strcat strcat
-#define PORT_Strchr strchr
-#define PORT_Strrchr PL_strrchr
-#define PORT_Strcmp strcmp
-#define PORT_Strcpy strcpy
-#ifdef XP_MAC
-char *PORT_Strdup(const char *);
-#else
-#define PORT_Strdup strdup
-#endif
-#define PORT_Strlen(s) strlen(s)
-#define PORT_Strncasecmp PL_strncasecmp
-#define PORT_Strncat strncat
-#define PORT_Strncmp strncmp
-#define PORT_Strncpy strncpy
-#define PORT_Strstr strstr
-#define PORT_Strtok strtok
-
-#define PORT_Tolower tolower
-
-#endif /* XP_STRING_FUNCS */
-
-typedef PRBool (* PORTCharConversionWSwapFunc) (PRBool toUnicode,
- unsigned char *inBuf, unsigned int inBufLen,
- unsigned char *outBuf, unsigned int maxOutBufLen,
- unsigned int *outBufLen, PRBool swapBytes);
-
-typedef PRBool (* PORTCharConversionFunc) (PRBool toUnicode,
- unsigned char *inBuf, unsigned int inBufLen,
- unsigned char *outBuf, unsigned int maxOutBufLen,
- unsigned int *outBufLen);
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-void PORT_SetUCS4_UTF8ConversionFunction(PORTCharConversionFunc convFunc);
-void PORT_SetUCS2_ASCIIConversionFunction(PORTCharConversionWSwapFunc convFunc);
-PRBool PORT_UCS4_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
- unsigned int inBufLen, unsigned char *outBuf,
- unsigned int maxOutBufLen, unsigned int *outBufLen);
-PRBool PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf,
- unsigned int inBufLen, unsigned char *outBuf,
- unsigned int maxOutBufLen, unsigned int *outBufLen,
- PRBool swapBytes);
-void PORT_SetUCS2_UTF8ConversionFunction(PORTCharConversionFunc convFunc);
-PRBool PORT_UCS2_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
- unsigned int inBufLen, unsigned char *outBuf,
- unsigned int maxOutBufLen, unsigned int *outBufLen);
-
-PR_EXTERN(PRBool)
-sec_port_ucs4_utf8_conversion_function
-(
- PRBool toUnicode,
- unsigned char *inBuf,
- unsigned int inBufLen,
- unsigned char *outBuf,
- unsigned int maxOutBufLen,
- unsigned int *outBufLen
-);
-
-PR_EXTERN(PRBool)
-sec_port_ucs2_utf8_conversion_function
-(
- PRBool toUnicode,
- unsigned char *inBuf,
- unsigned int inBufLen,
- unsigned char *outBuf,
- unsigned int maxOutBufLen,
- unsigned int *outBufLen
-);
-
-extern int NSS_PutEnv(const char * envVarName, const char * envValue);
-
-SEC_END_PROTOS
-
-#endif /* _SECPORT_H_ */
diff --git a/security/nss/lib/util/secrng.h b/security/nss/lib/util/secrng.h
deleted file mode 100644
index c4c8686ef..000000000
--- a/security/nss/lib/util/secrng.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _SECRNG_H_
-#define _SECRNG_H_
-/*
- * secrng.h - public data structures and prototypes for the secure random
- * number generator
- *
- * $Id$
- */
-
-/******************************************/
-/*
-** Random number generation. A cryptographically strong random number
-** generator.
-*/
-
-#include "blapi.h"
-
-SEC_BEGIN_PROTOS
-
-/*
-** The following 3 functions are provided by the security library
-** but are differently implemented for the UNIX, Mac and Win
-** versions
-*/
-
-/*
-** Get the "noisiest" information available on the system.
-** The amount of data returned depends on the system implementation.
-** It will not exceed maxbytes, but may be (much) less.
-** Returns number of noise bytes copied into buf, or zero if error.
-*/
-extern size_t RNG_GetNoise(void *buf, size_t maxbytes);
-
-/*
-** RNG_SystemInfoForRNG should be called before any use of SSL. It
-** gathers up the system specific information to help seed the
-** state of the global random number generator.
-*/
-extern void RNG_SystemInfoForRNG(void);
-
-/*
-** Use the contents (and stat) of a file to help seed the
-** global random number generator.
-*/
-extern void RNG_FileForRNG(char *filename);
-
-SEC_END_PROTOS
-
-#endif /* _SECUTIL_H_ */
diff --git a/security/nss/lib/util/secrngt.h b/security/nss/lib/util/secrngt.h
deleted file mode 100644
index 6c1c977c0..000000000
--- a/security/nss/lib/util/secrngt.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef _SECRNGT_H_
-#define _SECRNGT_H_
-/*
- * secrngt.h - public data structures for the secure random number generator
- *
- * $Id$
- */
-
-/* This file is really dead now. */
-
-#endif /* _SECRNGT_H_ */
diff --git a/security/nss/lib/util/sectime.c b/security/nss/lib/util/sectime.c
deleted file mode 100644
index d3cca6f87..000000000
--- a/security/nss/lib/util/sectime.c
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "prlong.h"
-#include "prtime.h"
-#include "secder.h"
-#include "cert.h"
-#include "secitem.h"
-
-const SEC_ASN1Template CERT_ValidityTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTValidity) },
- { SEC_ASN1_UTC_TIME,
- offsetof(CERTValidity,notBefore) },
- { SEC_ASN1_UTC_TIME,
- offsetof(CERTValidity,notAfter) },
- { 0 }
-};
-
-DERTemplate CERTValidityTemplate[] = {
- { DER_SEQUENCE,
- 0, NULL, sizeof(CERTValidity) },
- { DER_UTC_TIME,
- offsetof(CERTValidity,notBefore), },
- { DER_UTC_TIME,
- offsetof(CERTValidity,notAfter), },
- { 0, }
-};
-
-static char *DecodeUTCTime2FormattedAscii (SECItem *utcTimeDER, char *format);
-
-/* convert DER utc time to ascii time string */
-char *
-DER_UTCTimeToAscii(SECItem *utcTime)
-{
- return (DecodeUTCTime2FormattedAscii (utcTime, "%a %b %d %H:%M:%S %Y"));
-}
-
-/* convert DER utc time to ascii time string, only include day, not time */
-char *
-DER_UTCDayToAscii(SECItem *utctime)
-{
- return (DecodeUTCTime2FormattedAscii (utctime, "%a %b %d, %Y"));
-}
-
-CERTValidity *
-CERT_CreateValidity(int64 notBefore, int64 notAfter)
-{
- CERTValidity *v;
- int rv;
- PRArenaPool *arena;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- return(0);
- }
-
- v = (CERTValidity*) PORT_ArenaZAlloc(arena, sizeof(CERTValidity));
- if (v) {
- v->arena = arena;
- rv = DER_TimeToUTCTime(&v->notBefore, notBefore);
- if (rv) goto loser;
- rv = DER_TimeToUTCTime(&v->notAfter, notAfter);
- if (rv) goto loser;
- }
- return v;
-
- loser:
- CERT_DestroyValidity(v);
- return 0;
-}
-
-SECStatus
-CERT_CopyValidity(PRArenaPool *arena, CERTValidity *to, CERTValidity *from)
-{
- SECStatus rv;
-
- CERT_DestroyValidity(to);
- to->arena = arena;
-
- rv = SECITEM_CopyItem(arena, &to->notBefore, &from->notBefore);
- if (rv) return rv;
- rv = SECITEM_CopyItem(arena, &to->notAfter, &from->notAfter);
- return rv;
-}
-
-void
-CERT_DestroyValidity(CERTValidity *v)
-{
- if (v && v->arena) {
- PORT_FreeArena(v->arena, PR_FALSE);
- }
- return;
-}
-
-char *
-CERT_UTCTime2FormattedAscii (int64 utcTime, char *format)
-{
- PRExplodedTime printableTime;
- char *timeString;
-
- /* Converse time to local time and decompose it into components */
- PR_ExplodeTime(utcTime, PR_LocalTimeParameters, &printableTime);
-
- timeString = (char *)PORT_Alloc(100);
-
- if ( timeString ) {
- PR_FormatTime( timeString, 100, format, &printableTime );
- }
-
- return (timeString);
-}
-
-char *CERT_GenTime2FormattedAscii (int64 genTime, char *format)
-{
- PRExplodedTime printableTime;
- char *timeString;
-
- /* Decompose time into components */
- PR_ExplodeTime(genTime, PR_GMTParameters, &printableTime);
-
- timeString = (char *)PORT_Alloc(100);
-
- if ( timeString ) {
- PR_FormatTime( timeString, 100, format, &printableTime );
- }
-
- return (timeString);
-}
-
-
-/* convert DER utc time to ascii time string, The format of the time string
- depends on the input "format"
- */
-static char *
-DecodeUTCTime2FormattedAscii (SECItem *utcTimeDER, char *format)
-{
- int64 utcTime;
- int rv;
-
- rv = DER_UTCTimeToTime(&utcTime, utcTimeDER);
- if (rv) {
- return(NULL);
- }
- return (CERT_UTCTime2FormattedAscii (utcTime, format));
-}
diff --git a/security/nss/lib/util/sysrand.c b/security/nss/lib/util/sysrand.c
deleted file mode 100644
index f79cb9d53..000000000
--- a/security/nss/lib/util/sysrand.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "seccomon.h"
-#ifdef XP_UNIX
-#include "unix_rand.c"
-#endif
-#ifdef XP_WIN
-#include "win_rand.c"
-#endif
-#ifdef XP_MAC
-#include "mac_rand.c"
-#endif
diff --git a/security/nss/lib/util/unix_rand.c b/security/nss/lib/util/unix_rand.c
deleted file mode 100644
index 6e9c34dbb..000000000
--- a/security/nss/lib/util/unix_rand.c
+++ /dev/null
@@ -1,792 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <signal.h>
-#include <unistd.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-#include <sys/stat.h>
-#include <assert.h>
-#include "secrng.h"
-
-
-/*
- * When copying data to the buffer we want the least signicant bytes
- * from the input since those bits are changing the fastest. The address
- * of least significant byte depends upon whether we are running on
- * a big-endian or little-endian machine.
- *
- * Does this mean the least signicant bytes are the most significant
- * to us? :-)
- */
-
-static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen)
-{
- union endianness {
- int32 i;
- char c[4];
- } u;
-
- if (srclen <= dstlen) {
- memcpy(dst, src, srclen);
- return srclen;
- }
- u.i = 0x01020304;
- if (u.c[0] == 0x01) {
- /* big-endian case */
- memcpy(dst, (char*)src + (srclen - dstlen), dstlen);
- } else {
- /* little-endian case */
- memcpy(dst, src, dstlen);
- }
- return dstlen;
-}
-
-#if defined(SCO) || defined(UNIXWARE) || defined(BSDI)
-#include <sys/times.h>
-
-#define getdtablesize() sysconf(_SC_OPEN_MAX)
-
-static size_t
-GetHighResClock(void *buf, size_t maxbytes)
-{
- int ticks;
- struct tms buffer;
-
- ticks=times(&buffer);
- return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks));
-}
-
-static void
-GiveSystemInfo(void)
-{
- long si;
-
- /*
- * Is this really necessary? Why not use rand48 or something?
- */
- si = sysconf(_SC_CHILD_MAX);
- RNG_RandomUpdate(&si, sizeof(si));
-
- si = sysconf(_SC_STREAM_MAX);
- RNG_RandomUpdate(&si, sizeof(si));
-
- si = sysconf(_SC_OPEN_MAX);
- RNG_RandomUpdate(&si, sizeof(si));
-}
-#endif
-
-#if defined(__sun)
-#if defined(__svr4) || defined(SVR4)
-#include <sys/systeminfo.h>
-#include <sys/times.h>
-#include <wait.h>
-
-int gettimeofday(struct timeval *);
-int gethostname(char *, int);
-
-#define getdtablesize() sysconf(_SC_OPEN_MAX)
-
-static void
-GiveSystemInfo(void)
-{
- int rv;
- char buf[2000];
-
- rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
-}
-
-static size_t
-GetHighResClock(void *buf, size_t maxbytes)
-{
- hrtime_t t;
- t = gethrtime();
- if (t) {
- return CopyLowBits(buf, maxbytes, &t, sizeof(t));
- }
- return 0;
-}
-#else /* SunOS (Sun, but not SVR4) */
-
-#include <sys/wait.h>
-extern long sysconf(int name);
-
-static size_t
-GetHighResClock(void *buf, size_t maxbytes)
-{
- return 0;
-}
-
-static void
-GiveSystemInfo(void)
-{
- long si;
-
- /* This is not very good */
- si = sysconf(_SC_CHILD_MAX);
- RNG_RandomUpdate(&si, sizeof(si));
-}
-#endif
-#endif /* Sun */
-
-#if defined(__hpux)
-#include <sys/unistd.h>
-#include <sys/wait.h>
-
-#define getdtablesize() sysconf(_SC_OPEN_MAX)
-
-static size_t
-GetHighResClock(void *buf, size_t maxbytes)
-{
- extern int ret_cr16();
- int cr16val;
-
- cr16val = ret_cr16();
- return CopyLowBits(buf, maxbytes, &cr16val, sizeof(cr16val));
-}
-
-static void
-GiveSystemInfo(void)
-{
- long si;
-
- /* This is not very good */
- si = sysconf(_AES_OS_VERSION);
- RNG_RandomUpdate(&si, sizeof(si));
- si = sysconf(_SC_CPU_VERSION);
- RNG_RandomUpdate(&si, sizeof(si));
-}
-#endif /* HPUX */
-
-#if defined(OSF1)
-#include <sys/types.h>
-#include <sys/sysinfo.h>
-#include <sys/wait.h>
-#include <sys/systeminfo.h>
-#include <c_asm.h>
-
-static void
-GiveSystemInfo(void)
-{
- char buf[BUFSIZ];
- int rv;
- int off = 0;
-
- rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
-}
-
-/*
- * Use the "get the cycle counter" instruction on the alpha.
- * The low 32 bits completely turn over in less than a minute.
- * The high 32 bits are some non-counter gunk that changes sometimes.
- */
-static size_t
-GetHighResClock(void *buf, size_t maxbytes)
-{
- unsigned long t;
-
- t = asm("rpcc %v0");
- return CopyLowBits(buf, maxbytes, &t, sizeof(t));
-}
-
-#endif /* Alpha */
-
-#if defined(_IBMR2)
-static size_t
-GetHighResClock(void *buf, size_t maxbytes)
-{
- return 0;
-}
-
-static void
-GiveSystemInfo(void)
-{
- /* XXX haven't found any yet! */
-}
-#endif /* IBM R2 */
-
-#if defined(__linux)
-#include <linux/kernel.h>
-
-int putenv(const char *);
-
-static size_t
-GetHighResClock(void *buf, size_t maxbytes)
-{
- return 0;
-}
-
-static void
-GiveSystemInfo(void)
-{
- /* XXX sysinfo() does not seem be implemented anywhwere */
-#if 0
- struct sysinfo si;
- char hn[2000];
- if (sysinfo(&si) == 0) {
- RNG_RandomUpdate(&si, sizeof(si));
- }
-#endif
-}
-#endif /* __linux */
-
-#if defined(NCR)
-
-#include <sys/utsname.h>
-#include <sys/systeminfo.h>
-
-#define getdtablesize() sysconf(_SC_OPEN_MAX)
-
-static size_t
-GetHighResClock(void *buf, size_t maxbytes)
-{
- return 0;
-}
-
-static void
-GiveSystemInfo(void)
-{
- int rv;
- char buf[2000];
-
- rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
-}
-
-#endif /* NCR */
-
-
-#if defined(sgi)
-#include <fcntl.h>
-#undef PRIVATE
-#include <sys/mman.h>
-#include <sys/syssgi.h>
-#include <sys/immu.h>
-#include <sys/systeminfo.h>
-#include <sys/utsname.h>
-#include <wait.h>
-
-static void
-GiveSystemInfo(void)
-{
- int rv;
- char buf[4096];
-
- rv = syssgi(SGI_SYSID, &buf[0]);
- if (rv > 0) {
- RNG_RandomUpdate(buf, MAXSYSIDSIZE);
- }
-#ifdef SGI_RDUBLK
- rv = syssgi(SGI_RDUBLK, getpid(), &buf[0], sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, sizeof(buf));
- }
-#endif /* SGI_RDUBLK */
- rv = syssgi(SGI_INVENT, SGI_INV_READ, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, sizeof(buf));
- }
- rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
-}
-
-static size_t GetHighResClock(void *buf, size_t maxbuf)
-{
- unsigned phys_addr, raddr, cycleval;
- static volatile unsigned *iotimer_addr = NULL;
- static int tries = 0;
- static int cntr_size;
- int mfd;
- long s0[2];
- struct timeval tv;
-
-#ifndef SGI_CYCLECNTR_SIZE
-#define SGI_CYCLECNTR_SIZE 165 /* Size user needs to use to read CC */
-#endif
-
- if (iotimer_addr == NULL) {
- if (tries++ > 1) {
- /* Don't keep trying if it didn't work */
- return 0;
- }
-
- /*
- ** For SGI machines we can use the cycle counter, if it has one,
- ** to generate some truly random numbers
- */
- phys_addr = syssgi(SGI_QUERY_CYCLECNTR, &cycleval);
- if (phys_addr) {
- int pgsz = getpagesize();
- int pgoffmask = pgsz - 1;
-
- raddr = phys_addr & ~pgoffmask;
- mfd = open("/dev/mmem", O_RDONLY);
- if (mfd < 0) {
- return 0;
- }
- iotimer_addr = (unsigned *)
- mmap(0, pgoffmask, PROT_READ, MAP_PRIVATE, mfd, (int)raddr);
- if (iotimer_addr == (void*)-1) {
- close(mfd);
- iotimer_addr = NULL;
- return 0;
- }
- iotimer_addr = (unsigned*)
- ((__psint_t)iotimer_addr | (phys_addr & pgoffmask));
- /*
- * The file 'mfd' is purposefully not closed.
- */
- cntr_size = syssgi(SGI_CYCLECNTR_SIZE);
- if (cntr_size < 0) {
- struct utsname utsinfo;
-
- /*
- * We must be executing on a 6.0 or earlier system, since the
- * SGI_CYCLECNTR_SIZE call is not supported.
- *
- * The only pre-6.1 platforms with 64-bit counters are
- * IP19 and IP21 (Challenge, PowerChallenge, Onyx).
- */
- uname(&utsinfo);
- if (!strncmp(utsinfo.machine, "IP19", 4) ||
- !strncmp(utsinfo.machine, "IP21", 4))
- cntr_size = 64;
- else
- cntr_size = 32;
- }
- cntr_size /= 8; /* Convert from bits to bytes */
- }
- }
-
- s0[0] = *iotimer_addr;
- if (cntr_size > 4)
- s0[1] = *(iotimer_addr + 1);
- memcpy(buf, (char *)&s0[0], cntr_size);
- return CopyLowBits(buf, maxbuf, &s0, cntr_size);
-}
-#endif
-
-#if defined(sony)
-#include <sys/systeminfo.h>
-
-#define getdtablesize() sysconf(_SC_OPEN_MAX)
-
-static size_t
-GetHighResClock(void *buf, size_t maxbytes)
-{
- return 0;
-}
-
-static void
-GiveSystemInfo(void)
-{
- int rv;
- char buf[2000];
-
- rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
-}
-#endif /* sony */
-
-#if defined(sinix)
-#include <unistd.h>
-#include <sys/systeminfo.h>
-#include <sys/times.h>
-
-int gettimeofday(struct timeval *, struct timezone *);
-int gethostname(char *, int);
-
-#define getdtablesize() sysconf(_SC_OPEN_MAX)
-
-static size_t
-GetHighResClock(void *buf, size_t maxbytes)
-{
- int ticks;
- struct tms buffer;
-
- ticks=times(&buffer);
- return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks));
-}
-
-static void
-GiveSystemInfo(void)
-{
- int rv;
- char buf[2000];
-
- rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
-}
-#endif /* sinix */
-
-#if defined(nec_ews)
-#include <sys/systeminfo.h>
-
-#define getdtablesize() sysconf(_SC_OPEN_MAX)
-
-static size_t
-GetHighResClock(void *buf, size_t maxbytes)
-{
- return 0;
-}
-
-static void
-GiveSystemInfo(void)
-{
- int rv;
- char buf[2000];
-
- rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
- rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
- if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
- }
-}
-#endif /* nec_ews */
-
-size_t RNG_GetNoise(void *buf, size_t maxbytes)
-{
- struct timeval tv;
- int n = 0;
- int c;
-
- n = GetHighResClock(buf, maxbytes);
- maxbytes -= n;
-
-#if defined(__sun) && (defined(_svr4) || defined(SVR4)) || defined(sony)
- (void)gettimeofday(&tv);
-#else
- (void)gettimeofday(&tv, 0);
-#endif
- c = CopyLowBits((char*)buf+n, maxbytes, &tv.tv_usec, sizeof(tv.tv_usec));
- n += c;
- maxbytes -= c;
- c = CopyLowBits((char*)buf+n, maxbytes, &tv.tv_sec, sizeof(tv.tv_sec));
- n += c;
- return n;
-}
-
-#define SAFE_POPEN_MAXARGS 10 /* must be at least 2 */
-
-/*
- * safe_popen is static to this module and we know what arguments it is
- * called with. Note that this version only supports a single open child
- * process at any time.
- */
-static pid_t safe_popen_pid;
-static struct sigaction oldact;
-
-static FILE *
-safe_popen(char *cmd)
-{
- int p[2], fd, argc;
- pid_t pid;
- char *argv[SAFE_POPEN_MAXARGS + 1];
- FILE *fp;
- static char blank[] = " \t";
- static struct sigaction newact;
-
- if (pipe(p) < 0)
- return 0;
-
- /* Setup signals so that SIGCHLD is ignored as we want to do waitpid */
- newact.sa_handler = SIG_DFL;
- newact.sa_flags = 0;
- sigfillset(&newact.sa_mask);
- sigaction (SIGCHLD, &newact, &oldact);
-
- pid = fork();
- switch (pid) {
- case -1:
- close(p[0]);
- close(p[1]);
- sigaction (SIGCHLD, &oldact, NULL);
- return 0;
-
- case 0:
- /* dup write-side of pipe to stderr and stdout */
- if (p[1] != 1) dup2(p[1], 1);
- if (p[1] != 2) dup2(p[1], 2);
- close(0);
- for (fd = getdtablesize(); --fd > 2; close(fd))
- ;
-
- /* clean up environment in the child process */
- putenv("PATH=/bin:/usr/bin:/sbin:/usr/sbin:/etc:/usr/etc");
- putenv("SHELL=/bin/sh");
- putenv("IFS= \t");
-
- /*
- * The caller may have passed us a string that is in text
- * space. It may be illegal to modify the string
- */
- cmd = strdup(cmd);
- /* format argv */
- argv[0] = strtok(cmd, blank);
- argc = 1;
- while ((argv[argc] = strtok(0, blank)) != 0) {
- if (++argc == SAFE_POPEN_MAXARGS) {
- argv[argc] = 0;
- break;
- }
- }
-
- /* and away we go */
- execvp(argv[0], argv);
- exit(127);
- break;
-
- default:
- close(p[1]);
- fp = fdopen(p[0], "r");
- if (fp == 0) {
- close(p[0]);
- sigaction (SIGCHLD, &oldact, NULL);
- return 0;
- }
- break;
- }
-
- /* non-zero means there's a cmd running */
- safe_popen_pid = pid;
- return fp;
-}
-
-static int
-safe_pclose(FILE *fp)
-{
- pid_t pid;
- int count, status;
-
- if ((pid = safe_popen_pid) == 0)
- return -1;
- safe_popen_pid = 0;
-
- /* if the child hasn't exited, kill it -- we're done with its output */
- count = 0;
- while (waitpid(pid, &status, WNOHANG) == 0) {
- if (kill(pid, SIGKILL) < 0 && errno == ESRCH)
- break;
- if (++count == 1000)
- break;
- }
-
- /* Reset SIGCHLD signal hander before returning */
- sigaction(SIGCHLD, &oldact, NULL);
-
- fclose(fp);
- return status;
-}
-
-void RNG_SystemInfoForRNG(void)
-{
- FILE *fp;
- char buf[BUFSIZ];
- size_t bytes;
- extern char **environ;
- char **cp;
- char *randfile;
- char *files[] = {
- "/etc/passwd",
- "/etc/utmp",
- "/tmp",
- "/var/tmp",
- "/usr/tmp",
- 0
- };
-
-#ifdef DO_PS
-For now it is considered that it is too expensive to run the ps command
-for the small amount of entropy it provides.
-#if defined(__sun) && (!defined(__svr4) && !defined(SVR4)) || defined(bsdi) || defined(__linux)
- static char ps_cmd[] = "ps aux";
-#else
- static char ps_cmd[] = "ps -el";
-#endif
-#endif /* DO_PS */
- static char netstat_ni_cmd[] = "netstat -ni";
-
- GiveSystemInfo();
-
- bytes = RNG_GetNoise(buf, sizeof(buf));
- RNG_RandomUpdate(buf, bytes);
-
-#ifdef DO_PS
- fp = safe_popen(ps_cmd);
- if (fp != NULL) {
- while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
- RNG_RandomUpdate(buf, bytes);
- safe_pclose(fp);
- }
-#endif
- fp = safe_popen(netstat_ni_cmd);
- if (fp != NULL) {
- while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
- RNG_RandomUpdate(buf, bytes);
- safe_pclose(fp);
- }
-
- /*
- * Pass the C environment and the addresses of the pointers to the
- * hash function. This makes the random number function depend on the
- * execution environment of the user and on the platform the program
- * is running on.
- */
- cp = environ;
- while (*cp) {
- RNG_RandomUpdate(*cp, strlen(*cp));
- cp++;
- }
- RNG_RandomUpdate(environ, (char*)cp - (char*)environ);
-
- /* Give in system information */
- if (gethostname(buf, sizeof(buf)) > 0) {
- RNG_RandomUpdate(buf, strlen(buf));
- }
- GiveSystemInfo();
-
- /* If the user points us to a random file, pass it through the rng */
- randfile = getenv("NSRANDFILE");
- if ( ( randfile != NULL ) && ( randfile[0] != '\0') ) {
- RNG_FileForRNG(randfile);
- }
-
- /* pass other files through */
- for (cp = files; *cp; cp++)
- RNG_FileForRNG(*cp);
-
-}
-
-void RNG_FileForRNG(char *fileName)
-{
- struct stat stat_buf;
- unsigned char buffer[BUFSIZ];
- size_t bytes;
- FILE *file;
- static size_t totalFileBytes = 0;
-
- if (stat((char *)fileName, &stat_buf) < 0)
- return;
- RNG_RandomUpdate(&stat_buf, sizeof(stat_buf));
-
- file = fopen((char *)fileName, "r");
- if (file != NULL) {
- for (;;) {
- bytes = fread(buffer, 1, sizeof(buffer), file);
- if (bytes == 0) break;
- RNG_RandomUpdate(buffer, bytes);
- totalFileBytes += bytes;
- if (totalFileBytes > 1024*1024) break;
- }
- fclose(file);
- }
- /*
- * Pass yet another snapshot of our highest resolution clock into
- * the hash function.
- */
- bytes = RNG_GetNoise(buffer, sizeof(buffer));
- RNG_RandomUpdate(buffer, bytes);
-}
diff --git a/security/nss/lib/util/utf8.c b/security/nss/lib/util/utf8.c
deleted file mode 100644
index 7a3c3954d..000000000
--- a/security/nss/lib/util/utf8.c
+++ /dev/null
@@ -1,2061 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-#include "seccomon.h"
-#include "secport.h"
-
-/*
- * Define this if you want to support UTF-16 in UCS-2
- */
-#define UTF16
-
-/*
- * From RFC 2044:
- *
- * UCS-4 range (hex.) UTF-8 octet sequence (binary)
- * 0000 0000-0000 007F 0xxxxxxx
- * 0000 0080-0000 07FF 110xxxxx 10xxxxxx
- * 0000 0800-0000 FFFF 1110xxxx 10xxxxxx 10xxxxxx
- * 0001 0000-001F FFFF 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
- * 0020 0000-03FF FFFF 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
- * 0400 0000-7FFF FFFF 1111110x 10xxxxxx ... 10xxxxxx
- */
-
-/*
- * From http://www.imc.org/draft-hoffman-utf16
- *
- * For U on [0x00010000,0x0010FFFF]: Let U' = U - 0x00010000
- *
- * U' = yyyyyyyyyyxxxxxxxxxx
- * W1 = 110110yyyyyyyyyy
- * W2 = 110111xxxxxxxxxx
- */
-
-/*
- * This code is assuming NETWORK BYTE ORDER for the 16- and 32-bit
- * character values. If you wish to use this code for working with
- * host byte order values, define the following:
- *
- * #if IS_BIG_ENDIAN
- * #define L_0 0
- * #define L_1 1
- * #define L_2 2
- * #define L_3 3
- * #define H_0 0
- * #define H_1 1
- * #else / * not everyone has elif * /
- * #if IS_LITTLE_ENDIAN
- * #define L_0 3
- * #define L_1 2
- * #define L_2 1
- * #define L_3 0
- * #define H_0 1
- * #define H_1 0
- * #else
- * #error "PDP and NUXI support deferred"
- * #endif / * IS_LITTLE_ENDIAN * /
- * #endif / * IS_BIG_ENDIAN * /
- */
-
-#define L_0 0
-#define L_1 1
-#define L_2 2
-#define L_3 3
-#define H_0 0
-#define H_1 1
-
-PR_IMPLEMENT(PRBool)
-sec_port_ucs4_utf8_conversion_function
-(
- PRBool toUnicode,
- unsigned char *inBuf,
- unsigned int inBufLen,
- unsigned char *outBuf,
- unsigned int maxOutBufLen,
- unsigned int *outBufLen
-)
-{
-#ifndef TEST_UTF8
- PORT_Assert((unsigned int *)NULL != outBufLen);
-#endif /* TEST_UTF8 */
-
- if( toUnicode ) {
- unsigned int i, len = 0;
-
- for( i = 0; i < inBufLen; ) {
- if( (inBuf[i] & 0x80) == 0x00 ) i += 1;
- else if( (inBuf[i] & 0xE0) == 0xC0 ) i += 2;
- else if( (inBuf[i] & 0xF0) == 0xE0 ) i += 3;
- else if( (inBuf[i] & 0xF8) == 0xF0 ) i += 4;
- else if( (inBuf[i] & 0xFC) == 0xF8 ) i += 5;
- else if( (inBuf[i] & 0xFE) == 0xFC ) i += 6;
- else return PR_FALSE;
-
- len += 4;
- }
-
- if( len > maxOutBufLen ) {
- *outBufLen = len;
- return PR_FALSE;
- }
-
- len = 0;
-
- for( i = 0; i < inBufLen; ) {
- if( (inBuf[i] & 0x80) == 0x00 ) {
- /* 0000 0000-0000 007F <- 0xxxxxx */
- /* 0abcdefg ->
- 00000000 00000000 00000000 0abcdefg */
-
- outBuf[len+L_0] = 0x00;
- outBuf[len+L_1] = 0x00;
- outBuf[len+L_2] = 0x00;
- outBuf[len+L_3] = inBuf[i+0] & 0x7F;
-
- i += 1;
- } else if( (inBuf[i] & 0xE0) == 0xC0 ) {
-
- if( (inBuf[i+1] & 0xC0) != 0x80 ) return PR_FALSE;
-
- /* 0000 0080-0000 07FF <- 110xxxxx 10xxxxxx */
- /* 110abcde 10fghijk ->
- 00000000 00000000 00000abc defghijk */
-
- outBuf[len+L_0] = 0x00;
- outBuf[len+L_1] = 0x00;
- outBuf[len+L_2] = ((inBuf[i+0] & 0x1C) >> 2);
- outBuf[len+L_3] = ((inBuf[i+0] & 0x03) << 6) | ((inBuf[i+1] & 0x3F) >> 0);
-
- i += 2;
- } else if( (inBuf[i] & 0xF0) == 0xE0 ) {
-
- if( (inBuf[i+1] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+2] & 0xC0) != 0x80 ) return PR_FALSE;
-
- /* 0000 0800-0000 FFFF <- 1110xxxx 10xxxxxx 10xxxxxx */
- /* 1110abcd 10efghij 10klmnop ->
- 00000000 00000000 abcdefgh ijklmnop */
-
- outBuf[len+L_0] = 0x00;
- outBuf[len+L_1] = 0x00;
- outBuf[len+L_2] = ((inBuf[i+0] & 0x0F) << 4) | ((inBuf[i+1] & 0x3C) >> 2);
- outBuf[len+L_3] = ((inBuf[i+1] & 0x03) << 6) | ((inBuf[i+2] & 0x3F) >> 0);
-
- i += 3;
- } else if( (inBuf[i] & 0xF8) == 0xF0 ) {
-
- if( (inBuf[i+1] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+2] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+3] & 0xC0) != 0x80 ) return PR_FALSE;
-
- /* 0001 0000-001F FFFF <- 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx */
- /* 11110abc 10defghi 10jklmno 10pqrstu ->
- 00000000 000abcde fghijklm nopqrstu */
-
- outBuf[len+L_0] = 0x00;
- outBuf[len+L_1] = ((inBuf[i+0] & 0x07) << 2) | ((inBuf[i+1] & 0x30) >> 4);
- outBuf[len+L_2] = ((inBuf[i+1] & 0x0F) << 4) | ((inBuf[i+2] & 0x3C) >> 2);
- outBuf[len+L_3] = ((inBuf[i+2] & 0x03) << 6) | ((inBuf[i+3] & 0x3F) >> 0);
-
- i += 4;
- } else if( (inBuf[i] & 0xFC) == 0xF8 ) {
-
- if( (inBuf[i+1] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+2] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+3] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+4] & 0xC0) != 0x80 ) return PR_FALSE;
-
- /* 0020 0000-03FF FFFF <- 111110xx 10xxxxxx ... 10xxxxxx */
- /* 111110ab 10cdefgh 10ijklmn 10opqrst 10uvwxyz ->
- 000000ab cdefghij klmnopqr stuvwxyz */
-
- outBuf[len+L_0] = inBuf[i+0] & 0x03;
- outBuf[len+L_1] = ((inBuf[i+1] & 0x3F) << 2) | ((inBuf[i+2] & 0x30) >> 4);
- outBuf[len+L_2] = ((inBuf[i+2] & 0x0F) << 4) | ((inBuf[i+3] & 0x3C) >> 2);
- outBuf[len+L_3] = ((inBuf[i+3] & 0x03) << 6) | ((inBuf[i+4] & 0x3F) >> 0);
-
- i += 5;
- } else /* if( (inBuf[i] & 0xFE) == 0xFC ) */ {
-
- if( (inBuf[i+1] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+2] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+3] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+4] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+5] & 0xC0) != 0x80 ) return PR_FALSE;
-
- /* 0400 0000-7FFF FFFF <- 1111110x 10xxxxxx ... 10xxxxxx */
- /* 1111110a 10bcdefg 10hijklm 10nopqrs 10tuvwxy 10zABCDE ->
- 0abcdefg hijklmno pqrstuvw xyzABCDE */
-
- outBuf[len+L_0] = ((inBuf[i+0] & 0x01) << 6) | ((inBuf[i+1] & 0x3F) >> 0);
- outBuf[len+L_1] = ((inBuf[i+2] & 0x3F) << 2) | ((inBuf[i+3] & 0x30) >> 4);
- outBuf[len+L_2] = ((inBuf[i+3] & 0x0F) << 4) | ((inBuf[i+4] & 0x3C) >> 2);
- outBuf[len+L_3] = ((inBuf[i+4] & 0x03) << 6) | ((inBuf[i+5] & 0x3F) >> 0);
-
- i += 6;
- }
-
- len += 4;
- }
-
- *outBufLen = len;
- return PR_TRUE;
- } else {
- unsigned int i, len = 0;
-
- for( i = 0; i < inBufLen; i += 4 ) {
- if( inBuf[i+L_0] >= 0x04 ) len += 6;
- else if( (inBuf[i+L_0] > 0x00) || (inBuf[i+L_1] >= 0x20) ) len += 5;
- else if( inBuf[i+L_1] >= 0x01 ) len += 4;
- else if( inBuf[i+L_2] >= 0x08 ) len += 3;
- else if( (inBuf[i+L_2] > 0x00) || (inBuf[i+L_3] >= 0x80) ) len += 2;
- else len += 1;
- }
-
- if( len > maxOutBufLen ) {
- *outBufLen = len;
- return PR_FALSE;
- }
-
- len = 0;
-
- for( i = 0; i < inBufLen; i += 4 ) {
- if( inBuf[i+L_0] >= 0x04 ) {
- /* 0400 0000-7FFF FFFF -> 1111110x 10xxxxxx ... 10xxxxxx */
- /* 0abcdefg hijklmno pqrstuvw xyzABCDE ->
- 1111110a 10bcdefg 10hijklm 10nopqrs 10tuvwxy 10zABCDE */
-
- outBuf[len+0] = 0xFC | ((inBuf[i+L_0] & 0x40) >> 6);
- outBuf[len+1] = 0x80 | ((inBuf[i+L_0] & 0x3F) >> 0);
- outBuf[len+2] = 0x80 | ((inBuf[i+L_1] & 0xFC) >> 2);
- outBuf[len+3] = 0x80 | ((inBuf[i+L_1] & 0x03) << 4)
- | ((inBuf[i+L_2] & 0xF0) >> 4);
- outBuf[len+4] = 0x80 | ((inBuf[i+L_2] & 0x0F) << 2)
- | ((inBuf[i+L_3] & 0xC0) >> 6);
- outBuf[len+5] = 0x80 | ((inBuf[i+L_3] & 0x3F) >> 0);
-
- len += 6;
- } else if( (inBuf[i+L_0] > 0x00) || (inBuf[i+L_1] >= 0x20) ) {
- /* 0020 0000-03FF FFFF -> 111110xx 10xxxxxx ... 10xxxxxx */
- /* 000000ab cdefghij klmnopqr stuvwxyz ->
- 111110ab 10cdefgh 10ijklmn 10opqrst 10uvwxyz */
-
- outBuf[len+0] = 0xF8 | ((inBuf[i+L_0] & 0x03) >> 0);
- outBuf[len+1] = 0x80 | ((inBuf[i+L_1] & 0xFC) >> 2);
- outBuf[len+2] = 0x80 | ((inBuf[i+L_1] & 0x03) << 4)
- | ((inBuf[i+L_2] & 0xF0) >> 4);
- outBuf[len+3] = 0x80 | ((inBuf[i+L_2] & 0x0F) << 2)
- | ((inBuf[i+L_3] & 0xC0) >> 6);
- outBuf[len+4] = 0x80 | ((inBuf[i+L_3] & 0x3F) >> 0);
-
- len += 5;
- } else if( inBuf[i+L_1] >= 0x01 ) {
- /* 0001 0000-001F FFFF -> 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx */
- /* 00000000 000abcde fghijklm nopqrstu ->
- 11110abc 10defghi 10jklmno 10pqrstu */
-
- outBuf[len+0] = 0xF0 | ((inBuf[i+L_1] & 0x1C) >> 2);
- outBuf[len+1] = 0x80 | ((inBuf[i+L_1] & 0x03) << 4)
- | ((inBuf[i+L_2] & 0xF0) >> 4);
- outBuf[len+2] = 0x80 | ((inBuf[i+L_2] & 0x0F) << 2)
- | ((inBuf[i+L_3] & 0xC0) >> 6);
- outBuf[len+3] = 0x80 | ((inBuf[i+L_3] & 0x3F) >> 0);
-
- len += 4;
- } else if( inBuf[i+L_2] >= 0x08 ) {
- /* 0000 0800-0000 FFFF -> 1110xxxx 10xxxxxx 10xxxxxx */
- /* 00000000 00000000 abcdefgh ijklmnop ->
- 1110abcd 10efghij 10klmnop */
-
- outBuf[len+0] = 0xE0 | ((inBuf[i+L_2] & 0xF0) >> 4);
- outBuf[len+1] = 0x80 | ((inBuf[i+L_2] & 0x0F) << 2)
- | ((inBuf[i+L_3] & 0xC0) >> 6);
- outBuf[len+2] = 0x80 | ((inBuf[i+L_3] & 0x3F) >> 0);
-
- len += 3;
- } else if( (inBuf[i+L_2] > 0x00) || (inBuf[i+L_3] >= 0x80) ) {
- /* 0000 0080-0000 07FF -> 110xxxxx 10xxxxxx */
- /* 00000000 00000000 00000abc defghijk ->
- 110abcde 10fghijk */
-
- outBuf[len+0] = 0xC0 | ((inBuf[i+L_2] & 0x07) << 2)
- | ((inBuf[i+L_3] & 0xC0) >> 6);
- outBuf[len+1] = 0x80 | ((inBuf[i+L_3] & 0x3F) >> 0);
-
- len += 2;
- } else {
- /* 0000 0000-0000 007F -> 0xxxxxx */
- /* 00000000 00000000 00000000 0abcdefg ->
- 0abcdefg */
-
- outBuf[len+0] = (inBuf[i+L_3] & 0x7F);
-
- len += 1;
- }
- }
-
- *outBufLen = len;
- return PR_TRUE;
- }
-}
-
-PR_IMPLEMENT(PRBool)
-sec_port_ucs2_utf8_conversion_function
-(
- PRBool toUnicode,
- unsigned char *inBuf,
- unsigned int inBufLen,
- unsigned char *outBuf,
- unsigned int maxOutBufLen,
- unsigned int *outBufLen
-)
-{
-#ifndef TEST_UTF8
- PORT_Assert((unsigned int *)NULL != outBufLen);
-#endif /* TEST_UTF8 */
-
- if( toUnicode ) {
- unsigned int i, len = 0;
-
- for( i = 0; i < inBufLen; ) {
- if( (inBuf[i] & 0x80) == 0x00 ) {
- i += 1;
- len += 2;
- } else if( (inBuf[i] & 0xE0) == 0xC0 ) {
- i += 2;
- len += 2;
- } else if( (inBuf[i] & 0xF0) == 0xE0 ) {
- i += 3;
- len += 2;
-#ifdef UTF16
- } else if( (inBuf[i] & 0xF8) == 0xF0 ) {
- i += 4;
- len += 4;
-
- if( (inBuf[i] & 0x04) &&
- ((inBuf[i] & 0x03) || (inBuf[i+1] & 0x30)) ) {
- /* Not representable as UTF16 */
- return PR_FALSE;
- }
-
-#endif /* UTF16 */
- } else return PR_FALSE;
- }
-
- if( len > maxOutBufLen ) {
- *outBufLen = len;
- return PR_FALSE;
- }
-
- len = 0;
-
- for( i = 0; i < inBufLen; ) {
- if( (inBuf[i] & 0x80) == 0x00 ) {
- /* 0000-007F <- 0xxxxxx */
- /* 0abcdefg -> 00000000 0abcdefg */
-
- outBuf[len+H_0] = 0x00;
- outBuf[len+H_1] = inBuf[i+0] & 0x7F;
-
- i += 1;
- len += 2;
- } else if( (inBuf[i] & 0xE0) == 0xC0 ) {
-
- if( (inBuf[i+1] & 0xC0) != 0x80 ) return PR_FALSE;
-
- /* 0080-07FF <- 110xxxxx 10xxxxxx */
- /* 110abcde 10fghijk -> 00000abc defghijk */
-
- outBuf[len+H_0] = ((inBuf[i+0] & 0x1C) >> 2);
- outBuf[len+H_1] = ((inBuf[i+0] & 0x03) << 6) | ((inBuf[i+1] & 0x3F) >> 0);
-
- i += 2;
- len += 2;
- } else if( (inBuf[i] & 0xF0) == 0xE0 ) {
-
- if( (inBuf[i+1] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+2] & 0xC0) != 0x80 ) return PR_FALSE;
-
- /* 0800-FFFF <- 1110xxxx 10xxxxxx 10xxxxxx */
- /* 1110abcd 10efghij 10klmnop -> abcdefgh ijklmnop */
-
- outBuf[len+H_0] = ((inBuf[i+0] & 0x0F) << 4) | ((inBuf[i+1] & 0x3C) >> 2);
- outBuf[len+H_1] = ((inBuf[i+1] & 0x03) << 6) | ((inBuf[i+2] & 0x3F) >> 0);
-
- i += 3;
- len += 2;
-#ifdef UTF16
- } else if( (inBuf[i] & 0xF8) == 0xF0 ) {
- int abcde, BCDE;
-
- if( (inBuf[i+1] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+2] & 0xC0) != 0x80 ) return PR_FALSE;
- if( (inBuf[i+3] & 0xC0) != 0x80 ) return PR_FALSE;
-
- /* 0001 0000-001F FFFF <- 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx */
- /* 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx -> [D800-DBFF] [DC00-DFFF] */
-
- /* 11110abc 10defghi 10jklmno 10pqrstu ->
- { Let 0BCDE = abcde - 1 }
- 110110BC DEfghijk 110111lm nopqrstu */
-
- abcde = ((inBuf[i+0] & 0x07) << 2) | ((inBuf[i+1] & 0x30) >> 4);
- BCDE = abcde - 1;
-
-#ifndef TEST_UTF8
- PORT_Assert(BCDE < 0x10); /* should have been caught above */
-#endif /* TEST_UTF8 */
-
- outBuf[len+0+H_0] = 0xD8 | ((BCDE & 0x0C) >> 2);
- outBuf[len+0+H_1] = ((BCDE & 0x03) << 6)
- | ((inBuf[i+1] & 0x0F) << 2)
- | ((inBuf[i+2] & 0x30) >> 4);
- outBuf[len+2+H_0] = 0xDC | ((inBuf[i+2] & 0x0C) >> 2);
- outBuf[len+2+H_1] = ((inBuf[i+2] & 0x03) << 6) | ((inBuf[i+3] & 0x3F) >> 0);
-
- i += 4;
- len += 4;
-#endif /* UTF16 */
- } else return PR_FALSE;
- }
-
- *outBufLen = len;
- return PR_TRUE;
- } else {
- unsigned int i, len = 0;
-
- for( i = 0; i < inBufLen; i += 2 ) {
- if( (inBuf[i+H_0] == 0x00) && ((inBuf[i+H_0] & 0x80) == 0x00) ) len += 1;
- else if( inBuf[i+H_0] < 0x08 ) len += 2;
-#ifdef UTF16
- else if( ((inBuf[i+0+H_0] & 0xDC) == 0xD8) ) {
- if( ((inBuf[i+2+H_0] & 0xDC) == 0xDC) && ((inBufLen - i) > 2) ) {
- i += 2;
- len += 4;
- } else {
- return PR_FALSE;
- }
- }
-#endif /* UTF16 */
- else len += 3;
- }
-
- if( len > maxOutBufLen ) {
- *outBufLen = len;
- return PR_FALSE;
- }
-
- len = 0;
-
- for( i = 0; i < inBufLen; i += 2 ) {
- if( (inBuf[i+H_0] == 0x00) && ((inBuf[i+H_1] & 0x80) == 0x00) ) {
- /* 0000-007F -> 0xxxxxx */
- /* 00000000 0abcdefg -> 0abcdefg */
-
- outBuf[len] = inBuf[i+H_1] & 0x7F;
-
- len += 1;
- } else if( inBuf[i+H_0] < 0x08 ) {
- /* 0080-07FF -> 110xxxxx 10xxxxxx */
- /* 00000abc defghijk -> 110abcde 10fghijk */
-
- outBuf[len+0] = 0xC0 | ((inBuf[i+H_0] & 0x07) << 2)
- | ((inBuf[i+H_1] & 0xC0) >> 6);
- outBuf[len+1] = 0x80 | ((inBuf[i+H_1] & 0x3F) >> 0);
-
- len += 2;
-#ifdef UTF16
- } else if( (inBuf[i+H_0] & 0xDC) == 0xD8 ) {
- int abcde, BCDE;
-
-#ifndef TEST_UTF8
- PORT_Assert(((inBuf[i+2+H_0] & 0xDC) == 0xDC) && ((inBufLen - i) > 2));
-#endif /* TEST_UTF8 */
-
- /* D800-DBFF DC00-DFFF -> 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx */
- /* 110110BC DEfghijk 110111lm nopqrstu ->
- { Let abcde = BCDE + 1 }
- 11110abc 10defghi 10jklmno 10pqrstu */
-
- BCDE = ((inBuf[i+H_0] & 0x03) << 2) | ((inBuf[i+H_1] & 0xC0) >> 6);
- abcde = BCDE + 1;
-
- outBuf[len+0] = 0xF0 | ((abcde & 0x1C) >> 2);
- outBuf[len+1] = 0x80 | ((abcde & 0x03) << 4)
- | ((inBuf[i+0+H_1] & 0x3C) >> 2);
- outBuf[len+2] = 0x80 | ((inBuf[i+0+H_1] & 0x03) << 4)
- | ((inBuf[i+2+H_0] & 0x03) << 2)
- | ((inBuf[i+2+H_1] & 0xC0) >> 6);
- outBuf[len+3] = 0x80 | ((inBuf[i+2+H_1] & 0x3F) >> 0);
-
- i += 2;
- len += 4;
-#endif /* UTF16 */
- } else {
- /* 0800-FFFF -> 1110xxxx 10xxxxxx 10xxxxxx */
- /* abcdefgh ijklmnop -> 1110abcd 10efghij 10klmnop */
-
- outBuf[len+0] = 0xE0 | ((inBuf[i+H_0] & 0xF0) >> 4);
- outBuf[len+1] = 0x80 | ((inBuf[i+H_0] & 0x0F) << 2)
- | ((inBuf[i+H_1] & 0xC0) >> 6);
- outBuf[len+2] = 0x80 | ((inBuf[i+H_1] & 0x3F) >> 0);
-
- len += 3;
- }
- }
-
- *outBufLen = len;
- return PR_TRUE;
- }
-}
-
-#ifdef TEST_UTF8
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <netinet/in.h> /* for htonl and htons */
-
-/*
- * UCS-4 vectors
- */
-
-struct ucs4 {
- PRUint32 c;
- char *utf8;
-};
-
-/*
- * UCS-2 vectors
- */
-
-struct ucs2 {
- PRUint16 c;
- char *utf8;
-};
-
-#ifdef UTF16
-/*
- * UTF-16 vectors
- */
-
-struct utf16 {
- PRUint32 c;
- PRUint16 w[2];
-};
-#endif /* UTF16 */
-
-
-/*
- * UCS-4 vectors
- */
-
-struct ucs4 ucs4[] = {
- { 0x00000001, "\x01" },
- { 0x00000002, "\x02" },
- { 0x00000003, "\x03" },
- { 0x00000004, "\x04" },
- { 0x00000007, "\x07" },
- { 0x00000008, "\x08" },
- { 0x0000000F, "\x0F" },
- { 0x00000010, "\x10" },
- { 0x0000001F, "\x1F" },
- { 0x00000020, "\x20" },
- { 0x0000003F, "\x3F" },
- { 0x00000040, "\x40" },
- { 0x0000007F, "\x7F" },
-
- { 0x00000080, "\xC2\x80" },
- { 0x00000081, "\xC2\x81" },
- { 0x00000082, "\xC2\x82" },
- { 0x00000084, "\xC2\x84" },
- { 0x00000088, "\xC2\x88" },
- { 0x00000090, "\xC2\x90" },
- { 0x000000A0, "\xC2\xA0" },
- { 0x000000C0, "\xC3\x80" },
- { 0x000000FF, "\xC3\xBF" },
- { 0x00000100, "\xC4\x80" },
- { 0x00000101, "\xC4\x81" },
- { 0x00000102, "\xC4\x82" },
- { 0x00000104, "\xC4\x84" },
- { 0x00000108, "\xC4\x88" },
- { 0x00000110, "\xC4\x90" },
- { 0x00000120, "\xC4\xA0" },
- { 0x00000140, "\xC5\x80" },
- { 0x00000180, "\xC6\x80" },
- { 0x000001FF, "\xC7\xBF" },
- { 0x00000200, "\xC8\x80" },
- { 0x00000201, "\xC8\x81" },
- { 0x00000202, "\xC8\x82" },
- { 0x00000204, "\xC8\x84" },
- { 0x00000208, "\xC8\x88" },
- { 0x00000210, "\xC8\x90" },
- { 0x00000220, "\xC8\xA0" },
- { 0x00000240, "\xC9\x80" },
- { 0x00000280, "\xCA\x80" },
- { 0x00000300, "\xCC\x80" },
- { 0x000003FF, "\xCF\xBF" },
- { 0x00000400, "\xD0\x80" },
- { 0x00000401, "\xD0\x81" },
- { 0x00000402, "\xD0\x82" },
- { 0x00000404, "\xD0\x84" },
- { 0x00000408, "\xD0\x88" },
- { 0x00000410, "\xD0\x90" },
- { 0x00000420, "\xD0\xA0" },
- { 0x00000440, "\xD1\x80" },
- { 0x00000480, "\xD2\x80" },
- { 0x00000500, "\xD4\x80" },
- { 0x00000600, "\xD8\x80" },
- { 0x000007FF, "\xDF\xBF" },
-
- { 0x00000800, "\xE0\xA0\x80" },
- { 0x00000801, "\xE0\xA0\x81" },
- { 0x00000802, "\xE0\xA0\x82" },
- { 0x00000804, "\xE0\xA0\x84" },
- { 0x00000808, "\xE0\xA0\x88" },
- { 0x00000810, "\xE0\xA0\x90" },
- { 0x00000820, "\xE0\xA0\xA0" },
- { 0x00000840, "\xE0\xA1\x80" },
- { 0x00000880, "\xE0\xA2\x80" },
- { 0x00000900, "\xE0\xA4\x80" },
- { 0x00000A00, "\xE0\xA8\x80" },
- { 0x00000C00, "\xE0\xB0\x80" },
- { 0x00000FFF, "\xE0\xBF\xBF" },
- { 0x00001000, "\xE1\x80\x80" },
- { 0x00001001, "\xE1\x80\x81" },
- { 0x00001002, "\xE1\x80\x82" },
- { 0x00001004, "\xE1\x80\x84" },
- { 0x00001008, "\xE1\x80\x88" },
- { 0x00001010, "\xE1\x80\x90" },
- { 0x00001020, "\xE1\x80\xA0" },
- { 0x00001040, "\xE1\x81\x80" },
- { 0x00001080, "\xE1\x82\x80" },
- { 0x00001100, "\xE1\x84\x80" },
- { 0x00001200, "\xE1\x88\x80" },
- { 0x00001400, "\xE1\x90\x80" },
- { 0x00001800, "\xE1\xA0\x80" },
- { 0x00001FFF, "\xE1\xBF\xBF" },
- { 0x00002000, "\xE2\x80\x80" },
- { 0x00002001, "\xE2\x80\x81" },
- { 0x00002002, "\xE2\x80\x82" },
- { 0x00002004, "\xE2\x80\x84" },
- { 0x00002008, "\xE2\x80\x88" },
- { 0x00002010, "\xE2\x80\x90" },
- { 0x00002020, "\xE2\x80\xA0" },
- { 0x00002040, "\xE2\x81\x80" },
- { 0x00002080, "\xE2\x82\x80" },
- { 0x00002100, "\xE2\x84\x80" },
- { 0x00002200, "\xE2\x88\x80" },
- { 0x00002400, "\xE2\x90\x80" },
- { 0x00002800, "\xE2\xA0\x80" },
- { 0x00003000, "\xE3\x80\x80" },
- { 0x00003FFF, "\xE3\xBF\xBF" },
- { 0x00004000, "\xE4\x80\x80" },
- { 0x00004001, "\xE4\x80\x81" },
- { 0x00004002, "\xE4\x80\x82" },
- { 0x00004004, "\xE4\x80\x84" },
- { 0x00004008, "\xE4\x80\x88" },
- { 0x00004010, "\xE4\x80\x90" },
- { 0x00004020, "\xE4\x80\xA0" },
- { 0x00004040, "\xE4\x81\x80" },
- { 0x00004080, "\xE4\x82\x80" },
- { 0x00004100, "\xE4\x84\x80" },
- { 0x00004200, "\xE4\x88\x80" },
- { 0x00004400, "\xE4\x90\x80" },
- { 0x00004800, "\xE4\xA0\x80" },
- { 0x00005000, "\xE5\x80\x80" },
- { 0x00006000, "\xE6\x80\x80" },
- { 0x00007FFF, "\xE7\xBF\xBF" },
- { 0x00008000, "\xE8\x80\x80" },
- { 0x00008001, "\xE8\x80\x81" },
- { 0x00008002, "\xE8\x80\x82" },
- { 0x00008004, "\xE8\x80\x84" },
- { 0x00008008, "\xE8\x80\x88" },
- { 0x00008010, "\xE8\x80\x90" },
- { 0x00008020, "\xE8\x80\xA0" },
- { 0x00008040, "\xE8\x81\x80" },
- { 0x00008080, "\xE8\x82\x80" },
- { 0x00008100, "\xE8\x84\x80" },
- { 0x00008200, "\xE8\x88\x80" },
- { 0x00008400, "\xE8\x90\x80" },
- { 0x00008800, "\xE8\xA0\x80" },
- { 0x00009000, "\xE9\x80\x80" },
- { 0x0000A000, "\xEA\x80\x80" },
- { 0x0000C000, "\xEC\x80\x80" },
- { 0x0000FFFF, "\xEF\xBF\xBF" },
-
- { 0x00010000, "\xF0\x90\x80\x80" },
- { 0x00010001, "\xF0\x90\x80\x81" },
- { 0x00010002, "\xF0\x90\x80\x82" },
- { 0x00010004, "\xF0\x90\x80\x84" },
- { 0x00010008, "\xF0\x90\x80\x88" },
- { 0x00010010, "\xF0\x90\x80\x90" },
- { 0x00010020, "\xF0\x90\x80\xA0" },
- { 0x00010040, "\xF0\x90\x81\x80" },
- { 0x00010080, "\xF0\x90\x82\x80" },
- { 0x00010100, "\xF0\x90\x84\x80" },
- { 0x00010200, "\xF0\x90\x88\x80" },
- { 0x00010400, "\xF0\x90\x90\x80" },
- { 0x00010800, "\xF0\x90\xA0\x80" },
- { 0x00011000, "\xF0\x91\x80\x80" },
- { 0x00012000, "\xF0\x92\x80\x80" },
- { 0x00014000, "\xF0\x94\x80\x80" },
- { 0x00018000, "\xF0\x98\x80\x80" },
- { 0x0001FFFF, "\xF0\x9F\xBF\xBF" },
- { 0x00020000, "\xF0\xA0\x80\x80" },
- { 0x00020001, "\xF0\xA0\x80\x81" },
- { 0x00020002, "\xF0\xA0\x80\x82" },
- { 0x00020004, "\xF0\xA0\x80\x84" },
- { 0x00020008, "\xF0\xA0\x80\x88" },
- { 0x00020010, "\xF0\xA0\x80\x90" },
- { 0x00020020, "\xF0\xA0\x80\xA0" },
- { 0x00020040, "\xF0\xA0\x81\x80" },
- { 0x00020080, "\xF0\xA0\x82\x80" },
- { 0x00020100, "\xF0\xA0\x84\x80" },
- { 0x00020200, "\xF0\xA0\x88\x80" },
- { 0x00020400, "\xF0\xA0\x90\x80" },
- { 0x00020800, "\xF0\xA0\xA0\x80" },
- { 0x00021000, "\xF0\xA1\x80\x80" },
- { 0x00022000, "\xF0\xA2\x80\x80" },
- { 0x00024000, "\xF0\xA4\x80\x80" },
- { 0x00028000, "\xF0\xA8\x80\x80" },
- { 0x00030000, "\xF0\xB0\x80\x80" },
- { 0x0003FFFF, "\xF0\xBF\xBF\xBF" },
- { 0x00040000, "\xF1\x80\x80\x80" },
- { 0x00040001, "\xF1\x80\x80\x81" },
- { 0x00040002, "\xF1\x80\x80\x82" },
- { 0x00040004, "\xF1\x80\x80\x84" },
- { 0x00040008, "\xF1\x80\x80\x88" },
- { 0x00040010, "\xF1\x80\x80\x90" },
- { 0x00040020, "\xF1\x80\x80\xA0" },
- { 0x00040040, "\xF1\x80\x81\x80" },
- { 0x00040080, "\xF1\x80\x82\x80" },
- { 0x00040100, "\xF1\x80\x84\x80" },
- { 0x00040200, "\xF1\x80\x88\x80" },
- { 0x00040400, "\xF1\x80\x90\x80" },
- { 0x00040800, "\xF1\x80\xA0\x80" },
- { 0x00041000, "\xF1\x81\x80\x80" },
- { 0x00042000, "\xF1\x82\x80\x80" },
- { 0x00044000, "\xF1\x84\x80\x80" },
- { 0x00048000, "\xF1\x88\x80\x80" },
- { 0x00050000, "\xF1\x90\x80\x80" },
- { 0x00060000, "\xF1\xA0\x80\x80" },
- { 0x0007FFFF, "\xF1\xBF\xBF\xBF" },
- { 0x00080000, "\xF2\x80\x80\x80" },
- { 0x00080001, "\xF2\x80\x80\x81" },
- { 0x00080002, "\xF2\x80\x80\x82" },
- { 0x00080004, "\xF2\x80\x80\x84" },
- { 0x00080008, "\xF2\x80\x80\x88" },
- { 0x00080010, "\xF2\x80\x80\x90" },
- { 0x00080020, "\xF2\x80\x80\xA0" },
- { 0x00080040, "\xF2\x80\x81\x80" },
- { 0x00080080, "\xF2\x80\x82\x80" },
- { 0x00080100, "\xF2\x80\x84\x80" },
- { 0x00080200, "\xF2\x80\x88\x80" },
- { 0x00080400, "\xF2\x80\x90\x80" },
- { 0x00080800, "\xF2\x80\xA0\x80" },
- { 0x00081000, "\xF2\x81\x80\x80" },
- { 0x00082000, "\xF2\x82\x80\x80" },
- { 0x00084000, "\xF2\x84\x80\x80" },
- { 0x00088000, "\xF2\x88\x80\x80" },
- { 0x00090000, "\xF2\x90\x80\x80" },
- { 0x000A0000, "\xF2\xA0\x80\x80" },
- { 0x000C0000, "\xF3\x80\x80\x80" },
- { 0x000FFFFF, "\xF3\xBF\xBF\xBF" },
- { 0x00100000, "\xF4\x80\x80\x80" },
- { 0x00100001, "\xF4\x80\x80\x81" },
- { 0x00100002, "\xF4\x80\x80\x82" },
- { 0x00100004, "\xF4\x80\x80\x84" },
- { 0x00100008, "\xF4\x80\x80\x88" },
- { 0x00100010, "\xF4\x80\x80\x90" },
- { 0x00100020, "\xF4\x80\x80\xA0" },
- { 0x00100040, "\xF4\x80\x81\x80" },
- { 0x00100080, "\xF4\x80\x82\x80" },
- { 0x00100100, "\xF4\x80\x84\x80" },
- { 0x00100200, "\xF4\x80\x88\x80" },
- { 0x00100400, "\xF4\x80\x90\x80" },
- { 0x00100800, "\xF4\x80\xA0\x80" },
- { 0x00101000, "\xF4\x81\x80\x80" },
- { 0x00102000, "\xF4\x82\x80\x80" },
- { 0x00104000, "\xF4\x84\x80\x80" },
- { 0x00108000, "\xF4\x88\x80\x80" },
- { 0x00110000, "\xF4\x90\x80\x80" },
- { 0x00120000, "\xF4\xA0\x80\x80" },
- { 0x00140000, "\xF5\x80\x80\x80" },
- { 0x00180000, "\xF6\x80\x80\x80" },
- { 0x001FFFFF, "\xF7\xBF\xBF\xBF" },
-
- { 0x00200000, "\xF8\x88\x80\x80\x80" },
- { 0x00200001, "\xF8\x88\x80\x80\x81" },
- { 0x00200002, "\xF8\x88\x80\x80\x82" },
- { 0x00200004, "\xF8\x88\x80\x80\x84" },
- { 0x00200008, "\xF8\x88\x80\x80\x88" },
- { 0x00200010, "\xF8\x88\x80\x80\x90" },
- { 0x00200020, "\xF8\x88\x80\x80\xA0" },
- { 0x00200040, "\xF8\x88\x80\x81\x80" },
- { 0x00200080, "\xF8\x88\x80\x82\x80" },
- { 0x00200100, "\xF8\x88\x80\x84\x80" },
- { 0x00200200, "\xF8\x88\x80\x88\x80" },
- { 0x00200400, "\xF8\x88\x80\x90\x80" },
- { 0x00200800, "\xF8\x88\x80\xA0\x80" },
- { 0x00201000, "\xF8\x88\x81\x80\x80" },
- { 0x00202000, "\xF8\x88\x82\x80\x80" },
- { 0x00204000, "\xF8\x88\x84\x80\x80" },
- { 0x00208000, "\xF8\x88\x88\x80\x80" },
- { 0x00210000, "\xF8\x88\x90\x80\x80" },
- { 0x00220000, "\xF8\x88\xA0\x80\x80" },
- { 0x00240000, "\xF8\x89\x80\x80\x80" },
- { 0x00280000, "\xF8\x8A\x80\x80\x80" },
- { 0x00300000, "\xF8\x8C\x80\x80\x80" },
- { 0x003FFFFF, "\xF8\x8F\xBF\xBF\xBF" },
- { 0x00400000, "\xF8\x90\x80\x80\x80" },
- { 0x00400001, "\xF8\x90\x80\x80\x81" },
- { 0x00400002, "\xF8\x90\x80\x80\x82" },
- { 0x00400004, "\xF8\x90\x80\x80\x84" },
- { 0x00400008, "\xF8\x90\x80\x80\x88" },
- { 0x00400010, "\xF8\x90\x80\x80\x90" },
- { 0x00400020, "\xF8\x90\x80\x80\xA0" },
- { 0x00400040, "\xF8\x90\x80\x81\x80" },
- { 0x00400080, "\xF8\x90\x80\x82\x80" },
- { 0x00400100, "\xF8\x90\x80\x84\x80" },
- { 0x00400200, "\xF8\x90\x80\x88\x80" },
- { 0x00400400, "\xF8\x90\x80\x90\x80" },
- { 0x00400800, "\xF8\x90\x80\xA0\x80" },
- { 0x00401000, "\xF8\x90\x81\x80\x80" },
- { 0x00402000, "\xF8\x90\x82\x80\x80" },
- { 0x00404000, "\xF8\x90\x84\x80\x80" },
- { 0x00408000, "\xF8\x90\x88\x80\x80" },
- { 0x00410000, "\xF8\x90\x90\x80\x80" },
- { 0x00420000, "\xF8\x90\xA0\x80\x80" },
- { 0x00440000, "\xF8\x91\x80\x80\x80" },
- { 0x00480000, "\xF8\x92\x80\x80\x80" },
- { 0x00500000, "\xF8\x94\x80\x80\x80" },
- { 0x00600000, "\xF8\x98\x80\x80\x80" },
- { 0x007FFFFF, "\xF8\x9F\xBF\xBF\xBF" },
- { 0x00800000, "\xF8\xA0\x80\x80\x80" },
- { 0x00800001, "\xF8\xA0\x80\x80\x81" },
- { 0x00800002, "\xF8\xA0\x80\x80\x82" },
- { 0x00800004, "\xF8\xA0\x80\x80\x84" },
- { 0x00800008, "\xF8\xA0\x80\x80\x88" },
- { 0x00800010, "\xF8\xA0\x80\x80\x90" },
- { 0x00800020, "\xF8\xA0\x80\x80\xA0" },
- { 0x00800040, "\xF8\xA0\x80\x81\x80" },
- { 0x00800080, "\xF8\xA0\x80\x82\x80" },
- { 0x00800100, "\xF8\xA0\x80\x84\x80" },
- { 0x00800200, "\xF8\xA0\x80\x88\x80" },
- { 0x00800400, "\xF8\xA0\x80\x90\x80" },
- { 0x00800800, "\xF8\xA0\x80\xA0\x80" },
- { 0x00801000, "\xF8\xA0\x81\x80\x80" },
- { 0x00802000, "\xF8\xA0\x82\x80\x80" },
- { 0x00804000, "\xF8\xA0\x84\x80\x80" },
- { 0x00808000, "\xF8\xA0\x88\x80\x80" },
- { 0x00810000, "\xF8\xA0\x90\x80\x80" },
- { 0x00820000, "\xF8\xA0\xA0\x80\x80" },
- { 0x00840000, "\xF8\xA1\x80\x80\x80" },
- { 0x00880000, "\xF8\xA2\x80\x80\x80" },
- { 0x00900000, "\xF8\xA4\x80\x80\x80" },
- { 0x00A00000, "\xF8\xA8\x80\x80\x80" },
- { 0x00C00000, "\xF8\xB0\x80\x80\x80" },
- { 0x00FFFFFF, "\xF8\xBF\xBF\xBF\xBF" },
- { 0x01000000, "\xF9\x80\x80\x80\x80" },
- { 0x01000001, "\xF9\x80\x80\x80\x81" },
- { 0x01000002, "\xF9\x80\x80\x80\x82" },
- { 0x01000004, "\xF9\x80\x80\x80\x84" },
- { 0x01000008, "\xF9\x80\x80\x80\x88" },
- { 0x01000010, "\xF9\x80\x80\x80\x90" },
- { 0x01000020, "\xF9\x80\x80\x80\xA0" },
- { 0x01000040, "\xF9\x80\x80\x81\x80" },
- { 0x01000080, "\xF9\x80\x80\x82\x80" },
- { 0x01000100, "\xF9\x80\x80\x84\x80" },
- { 0x01000200, "\xF9\x80\x80\x88\x80" },
- { 0x01000400, "\xF9\x80\x80\x90\x80" },
- { 0x01000800, "\xF9\x80\x80\xA0\x80" },
- { 0x01001000, "\xF9\x80\x81\x80\x80" },
- { 0x01002000, "\xF9\x80\x82\x80\x80" },
- { 0x01004000, "\xF9\x80\x84\x80\x80" },
- { 0x01008000, "\xF9\x80\x88\x80\x80" },
- { 0x01010000, "\xF9\x80\x90\x80\x80" },
- { 0x01020000, "\xF9\x80\xA0\x80\x80" },
- { 0x01040000, "\xF9\x81\x80\x80\x80" },
- { 0x01080000, "\xF9\x82\x80\x80\x80" },
- { 0x01100000, "\xF9\x84\x80\x80\x80" },
- { 0x01200000, "\xF9\x88\x80\x80\x80" },
- { 0x01400000, "\xF9\x90\x80\x80\x80" },
- { 0x01800000, "\xF9\xA0\x80\x80\x80" },
- { 0x01FFFFFF, "\xF9\xBF\xBF\xBF\xBF" },
- { 0x02000000, "\xFA\x80\x80\x80\x80" },
- { 0x02000001, "\xFA\x80\x80\x80\x81" },
- { 0x02000002, "\xFA\x80\x80\x80\x82" },
- { 0x02000004, "\xFA\x80\x80\x80\x84" },
- { 0x02000008, "\xFA\x80\x80\x80\x88" },
- { 0x02000010, "\xFA\x80\x80\x80\x90" },
- { 0x02000020, "\xFA\x80\x80\x80\xA0" },
- { 0x02000040, "\xFA\x80\x80\x81\x80" },
- { 0x02000080, "\xFA\x80\x80\x82\x80" },
- { 0x02000100, "\xFA\x80\x80\x84\x80" },
- { 0x02000200, "\xFA\x80\x80\x88\x80" },
- { 0x02000400, "\xFA\x80\x80\x90\x80" },
- { 0x02000800, "\xFA\x80\x80\xA0\x80" },
- { 0x02001000, "\xFA\x80\x81\x80\x80" },
- { 0x02002000, "\xFA\x80\x82\x80\x80" },
- { 0x02004000, "\xFA\x80\x84\x80\x80" },
- { 0x02008000, "\xFA\x80\x88\x80\x80" },
- { 0x02010000, "\xFA\x80\x90\x80\x80" },
- { 0x02020000, "\xFA\x80\xA0\x80\x80" },
- { 0x02040000, "\xFA\x81\x80\x80\x80" },
- { 0x02080000, "\xFA\x82\x80\x80\x80" },
- { 0x02100000, "\xFA\x84\x80\x80\x80" },
- { 0x02200000, "\xFA\x88\x80\x80\x80" },
- { 0x02400000, "\xFA\x90\x80\x80\x80" },
- { 0x02800000, "\xFA\xA0\x80\x80\x80" },
- { 0x03000000, "\xFB\x80\x80\x80\x80" },
- { 0x03FFFFFF, "\xFB\xBF\xBF\xBF\xBF" },
-
- { 0x04000000, "\xFC\x84\x80\x80\x80\x80" },
- { 0x04000001, "\xFC\x84\x80\x80\x80\x81" },
- { 0x04000002, "\xFC\x84\x80\x80\x80\x82" },
- { 0x04000004, "\xFC\x84\x80\x80\x80\x84" },
- { 0x04000008, "\xFC\x84\x80\x80\x80\x88" },
- { 0x04000010, "\xFC\x84\x80\x80\x80\x90" },
- { 0x04000020, "\xFC\x84\x80\x80\x80\xA0" },
- { 0x04000040, "\xFC\x84\x80\x80\x81\x80" },
- { 0x04000080, "\xFC\x84\x80\x80\x82\x80" },
- { 0x04000100, "\xFC\x84\x80\x80\x84\x80" },
- { 0x04000200, "\xFC\x84\x80\x80\x88\x80" },
- { 0x04000400, "\xFC\x84\x80\x80\x90\x80" },
- { 0x04000800, "\xFC\x84\x80\x80\xA0\x80" },
- { 0x04001000, "\xFC\x84\x80\x81\x80\x80" },
- { 0x04002000, "\xFC\x84\x80\x82\x80\x80" },
- { 0x04004000, "\xFC\x84\x80\x84\x80\x80" },
- { 0x04008000, "\xFC\x84\x80\x88\x80\x80" },
- { 0x04010000, "\xFC\x84\x80\x90\x80\x80" },
- { 0x04020000, "\xFC\x84\x80\xA0\x80\x80" },
- { 0x04040000, "\xFC\x84\x81\x80\x80\x80" },
- { 0x04080000, "\xFC\x84\x82\x80\x80\x80" },
- { 0x04100000, "\xFC\x84\x84\x80\x80\x80" },
- { 0x04200000, "\xFC\x84\x88\x80\x80\x80" },
- { 0x04400000, "\xFC\x84\x90\x80\x80\x80" },
- { 0x04800000, "\xFC\x84\xA0\x80\x80\x80" },
- { 0x05000000, "\xFC\x85\x80\x80\x80\x80" },
- { 0x06000000, "\xFC\x86\x80\x80\x80\x80" },
- { 0x07FFFFFF, "\xFC\x87\xBF\xBF\xBF\xBF" },
- { 0x08000000, "\xFC\x88\x80\x80\x80\x80" },
- { 0x08000001, "\xFC\x88\x80\x80\x80\x81" },
- { 0x08000002, "\xFC\x88\x80\x80\x80\x82" },
- { 0x08000004, "\xFC\x88\x80\x80\x80\x84" },
- { 0x08000008, "\xFC\x88\x80\x80\x80\x88" },
- { 0x08000010, "\xFC\x88\x80\x80\x80\x90" },
- { 0x08000020, "\xFC\x88\x80\x80\x80\xA0" },
- { 0x08000040, "\xFC\x88\x80\x80\x81\x80" },
- { 0x08000080, "\xFC\x88\x80\x80\x82\x80" },
- { 0x08000100, "\xFC\x88\x80\x80\x84\x80" },
- { 0x08000200, "\xFC\x88\x80\x80\x88\x80" },
- { 0x08000400, "\xFC\x88\x80\x80\x90\x80" },
- { 0x08000800, "\xFC\x88\x80\x80\xA0\x80" },
- { 0x08001000, "\xFC\x88\x80\x81\x80\x80" },
- { 0x08002000, "\xFC\x88\x80\x82\x80\x80" },
- { 0x08004000, "\xFC\x88\x80\x84\x80\x80" },
- { 0x08008000, "\xFC\x88\x80\x88\x80\x80" },
- { 0x08010000, "\xFC\x88\x80\x90\x80\x80" },
- { 0x08020000, "\xFC\x88\x80\xA0\x80\x80" },
- { 0x08040000, "\xFC\x88\x81\x80\x80\x80" },
- { 0x08080000, "\xFC\x88\x82\x80\x80\x80" },
- { 0x08100000, "\xFC\x88\x84\x80\x80\x80" },
- { 0x08200000, "\xFC\x88\x88\x80\x80\x80" },
- { 0x08400000, "\xFC\x88\x90\x80\x80\x80" },
- { 0x08800000, "\xFC\x88\xA0\x80\x80\x80" },
- { 0x09000000, "\xFC\x89\x80\x80\x80\x80" },
- { 0x0A000000, "\xFC\x8A\x80\x80\x80\x80" },
- { 0x0C000000, "\xFC\x8C\x80\x80\x80\x80" },
- { 0x0FFFFFFF, "\xFC\x8F\xBF\xBF\xBF\xBF" },
- { 0x10000000, "\xFC\x90\x80\x80\x80\x80" },
- { 0x10000001, "\xFC\x90\x80\x80\x80\x81" },
- { 0x10000002, "\xFC\x90\x80\x80\x80\x82" },
- { 0x10000004, "\xFC\x90\x80\x80\x80\x84" },
- { 0x10000008, "\xFC\x90\x80\x80\x80\x88" },
- { 0x10000010, "\xFC\x90\x80\x80\x80\x90" },
- { 0x10000020, "\xFC\x90\x80\x80\x80\xA0" },
- { 0x10000040, "\xFC\x90\x80\x80\x81\x80" },
- { 0x10000080, "\xFC\x90\x80\x80\x82\x80" },
- { 0x10000100, "\xFC\x90\x80\x80\x84\x80" },
- { 0x10000200, "\xFC\x90\x80\x80\x88\x80" },
- { 0x10000400, "\xFC\x90\x80\x80\x90\x80" },
- { 0x10000800, "\xFC\x90\x80\x80\xA0\x80" },
- { 0x10001000, "\xFC\x90\x80\x81\x80\x80" },
- { 0x10002000, "\xFC\x90\x80\x82\x80\x80" },
- { 0x10004000, "\xFC\x90\x80\x84\x80\x80" },
- { 0x10008000, "\xFC\x90\x80\x88\x80\x80" },
- { 0x10010000, "\xFC\x90\x80\x90\x80\x80" },
- { 0x10020000, "\xFC\x90\x80\xA0\x80\x80" },
- { 0x10040000, "\xFC\x90\x81\x80\x80\x80" },
- { 0x10080000, "\xFC\x90\x82\x80\x80\x80" },
- { 0x10100000, "\xFC\x90\x84\x80\x80\x80" },
- { 0x10200000, "\xFC\x90\x88\x80\x80\x80" },
- { 0x10400000, "\xFC\x90\x90\x80\x80\x80" },
- { 0x10800000, "\xFC\x90\xA0\x80\x80\x80" },
- { 0x11000000, "\xFC\x91\x80\x80\x80\x80" },
- { 0x12000000, "\xFC\x92\x80\x80\x80\x80" },
- { 0x14000000, "\xFC\x94\x80\x80\x80\x80" },
- { 0x18000000, "\xFC\x98\x80\x80\x80\x80" },
- { 0x1FFFFFFF, "\xFC\x9F\xBF\xBF\xBF\xBF" },
- { 0x20000000, "\xFC\xA0\x80\x80\x80\x80" },
- { 0x20000001, "\xFC\xA0\x80\x80\x80\x81" },
- { 0x20000002, "\xFC\xA0\x80\x80\x80\x82" },
- { 0x20000004, "\xFC\xA0\x80\x80\x80\x84" },
- { 0x20000008, "\xFC\xA0\x80\x80\x80\x88" },
- { 0x20000010, "\xFC\xA0\x80\x80\x80\x90" },
- { 0x20000020, "\xFC\xA0\x80\x80\x80\xA0" },
- { 0x20000040, "\xFC\xA0\x80\x80\x81\x80" },
- { 0x20000080, "\xFC\xA0\x80\x80\x82\x80" },
- { 0x20000100, "\xFC\xA0\x80\x80\x84\x80" },
- { 0x20000200, "\xFC\xA0\x80\x80\x88\x80" },
- { 0x20000400, "\xFC\xA0\x80\x80\x90\x80" },
- { 0x20000800, "\xFC\xA0\x80\x80\xA0\x80" },
- { 0x20001000, "\xFC\xA0\x80\x81\x80\x80" },
- { 0x20002000, "\xFC\xA0\x80\x82\x80\x80" },
- { 0x20004000, "\xFC\xA0\x80\x84\x80\x80" },
- { 0x20008000, "\xFC\xA0\x80\x88\x80\x80" },
- { 0x20010000, "\xFC\xA0\x80\x90\x80\x80" },
- { 0x20020000, "\xFC\xA0\x80\xA0\x80\x80" },
- { 0x20040000, "\xFC\xA0\x81\x80\x80\x80" },
- { 0x20080000, "\xFC\xA0\x82\x80\x80\x80" },
- { 0x20100000, "\xFC\xA0\x84\x80\x80\x80" },
- { 0x20200000, "\xFC\xA0\x88\x80\x80\x80" },
- { 0x20400000, "\xFC\xA0\x90\x80\x80\x80" },
- { 0x20800000, "\xFC\xA0\xA0\x80\x80\x80" },
- { 0x21000000, "\xFC\xA1\x80\x80\x80\x80" },
- { 0x22000000, "\xFC\xA2\x80\x80\x80\x80" },
- { 0x24000000, "\xFC\xA4\x80\x80\x80\x80" },
- { 0x28000000, "\xFC\xA8\x80\x80\x80\x80" },
- { 0x30000000, "\xFC\xB0\x80\x80\x80\x80" },
- { 0x3FFFFFFF, "\xFC\xBF\xBF\xBF\xBF\xBF" },
- { 0x40000000, "\xFD\x80\x80\x80\x80\x80" },
- { 0x40000001, "\xFD\x80\x80\x80\x80\x81" },
- { 0x40000002, "\xFD\x80\x80\x80\x80\x82" },
- { 0x40000004, "\xFD\x80\x80\x80\x80\x84" },
- { 0x40000008, "\xFD\x80\x80\x80\x80\x88" },
- { 0x40000010, "\xFD\x80\x80\x80\x80\x90" },
- { 0x40000020, "\xFD\x80\x80\x80\x80\xA0" },
- { 0x40000040, "\xFD\x80\x80\x80\x81\x80" },
- { 0x40000080, "\xFD\x80\x80\x80\x82\x80" },
- { 0x40000100, "\xFD\x80\x80\x80\x84\x80" },
- { 0x40000200, "\xFD\x80\x80\x80\x88\x80" },
- { 0x40000400, "\xFD\x80\x80\x80\x90\x80" },
- { 0x40000800, "\xFD\x80\x80\x80\xA0\x80" },
- { 0x40001000, "\xFD\x80\x80\x81\x80\x80" },
- { 0x40002000, "\xFD\x80\x80\x82\x80\x80" },
- { 0x40004000, "\xFD\x80\x80\x84\x80\x80" },
- { 0x40008000, "\xFD\x80\x80\x88\x80\x80" },
- { 0x40010000, "\xFD\x80\x80\x90\x80\x80" },
- { 0x40020000, "\xFD\x80\x80\xA0\x80\x80" },
- { 0x40040000, "\xFD\x80\x81\x80\x80\x80" },
- { 0x40080000, "\xFD\x80\x82\x80\x80\x80" },
- { 0x40100000, "\xFD\x80\x84\x80\x80\x80" },
- { 0x40200000, "\xFD\x80\x88\x80\x80\x80" },
- { 0x40400000, "\xFD\x80\x90\x80\x80\x80" },
- { 0x40800000, "\xFD\x80\xA0\x80\x80\x80" },
- { 0x41000000, "\xFD\x81\x80\x80\x80\x80" },
- { 0x42000000, "\xFD\x82\x80\x80\x80\x80" },
- { 0x44000000, "\xFD\x84\x80\x80\x80\x80" },
- { 0x48000000, "\xFD\x88\x80\x80\x80\x80" },
- { 0x50000000, "\xFD\x90\x80\x80\x80\x80" },
- { 0x60000000, "\xFD\xA0\x80\x80\x80\x80" },
- { 0x7FFFFFFF, "\xFD\xBF\xBF\xBF\xBF\xBF" }
-};
-
-/*
- * UCS-2 vectors
- */
-
-struct ucs2 ucs2[] = {
- { 0x0001, "\x01" },
- { 0x0002, "\x02" },
- { 0x0003, "\x03" },
- { 0x0004, "\x04" },
- { 0x0007, "\x07" },
- { 0x0008, "\x08" },
- { 0x000F, "\x0F" },
- { 0x0010, "\x10" },
- { 0x001F, "\x1F" },
- { 0x0020, "\x20" },
- { 0x003F, "\x3F" },
- { 0x0040, "\x40" },
- { 0x007F, "\x7F" },
-
- { 0x0080, "\xC2\x80" },
- { 0x0081, "\xC2\x81" },
- { 0x0082, "\xC2\x82" },
- { 0x0084, "\xC2\x84" },
- { 0x0088, "\xC2\x88" },
- { 0x0090, "\xC2\x90" },
- { 0x00A0, "\xC2\xA0" },
- { 0x00C0, "\xC3\x80" },
- { 0x00FF, "\xC3\xBF" },
- { 0x0100, "\xC4\x80" },
- { 0x0101, "\xC4\x81" },
- { 0x0102, "\xC4\x82" },
- { 0x0104, "\xC4\x84" },
- { 0x0108, "\xC4\x88" },
- { 0x0110, "\xC4\x90" },
- { 0x0120, "\xC4\xA0" },
- { 0x0140, "\xC5\x80" },
- { 0x0180, "\xC6\x80" },
- { 0x01FF, "\xC7\xBF" },
- { 0x0200, "\xC8\x80" },
- { 0x0201, "\xC8\x81" },
- { 0x0202, "\xC8\x82" },
- { 0x0204, "\xC8\x84" },
- { 0x0208, "\xC8\x88" },
- { 0x0210, "\xC8\x90" },
- { 0x0220, "\xC8\xA0" },
- { 0x0240, "\xC9\x80" },
- { 0x0280, "\xCA\x80" },
- { 0x0300, "\xCC\x80" },
- { 0x03FF, "\xCF\xBF" },
- { 0x0400, "\xD0\x80" },
- { 0x0401, "\xD0\x81" },
- { 0x0402, "\xD0\x82" },
- { 0x0404, "\xD0\x84" },
- { 0x0408, "\xD0\x88" },
- { 0x0410, "\xD0\x90" },
- { 0x0420, "\xD0\xA0" },
- { 0x0440, "\xD1\x80" },
- { 0x0480, "\xD2\x80" },
- { 0x0500, "\xD4\x80" },
- { 0x0600, "\xD8\x80" },
- { 0x07FF, "\xDF\xBF" },
-
- { 0x0800, "\xE0\xA0\x80" },
- { 0x0801, "\xE0\xA0\x81" },
- { 0x0802, "\xE0\xA0\x82" },
- { 0x0804, "\xE0\xA0\x84" },
- { 0x0808, "\xE0\xA0\x88" },
- { 0x0810, "\xE0\xA0\x90" },
- { 0x0820, "\xE0\xA0\xA0" },
- { 0x0840, "\xE0\xA1\x80" },
- { 0x0880, "\xE0\xA2\x80" },
- { 0x0900, "\xE0\xA4\x80" },
- { 0x0A00, "\xE0\xA8\x80" },
- { 0x0C00, "\xE0\xB0\x80" },
- { 0x0FFF, "\xE0\xBF\xBF" },
- { 0x1000, "\xE1\x80\x80" },
- { 0x1001, "\xE1\x80\x81" },
- { 0x1002, "\xE1\x80\x82" },
- { 0x1004, "\xE1\x80\x84" },
- { 0x1008, "\xE1\x80\x88" },
- { 0x1010, "\xE1\x80\x90" },
- { 0x1020, "\xE1\x80\xA0" },
- { 0x1040, "\xE1\x81\x80" },
- { 0x1080, "\xE1\x82\x80" },
- { 0x1100, "\xE1\x84\x80" },
- { 0x1200, "\xE1\x88\x80" },
- { 0x1400, "\xE1\x90\x80" },
- { 0x1800, "\xE1\xA0\x80" },
- { 0x1FFF, "\xE1\xBF\xBF" },
- { 0x2000, "\xE2\x80\x80" },
- { 0x2001, "\xE2\x80\x81" },
- { 0x2002, "\xE2\x80\x82" },
- { 0x2004, "\xE2\x80\x84" },
- { 0x2008, "\xE2\x80\x88" },
- { 0x2010, "\xE2\x80\x90" },
- { 0x2020, "\xE2\x80\xA0" },
- { 0x2040, "\xE2\x81\x80" },
- { 0x2080, "\xE2\x82\x80" },
- { 0x2100, "\xE2\x84\x80" },
- { 0x2200, "\xE2\x88\x80" },
- { 0x2400, "\xE2\x90\x80" },
- { 0x2800, "\xE2\xA0\x80" },
- { 0x3000, "\xE3\x80\x80" },
- { 0x3FFF, "\xE3\xBF\xBF" },
- { 0x4000, "\xE4\x80\x80" },
- { 0x4001, "\xE4\x80\x81" },
- { 0x4002, "\xE4\x80\x82" },
- { 0x4004, "\xE4\x80\x84" },
- { 0x4008, "\xE4\x80\x88" },
- { 0x4010, "\xE4\x80\x90" },
- { 0x4020, "\xE4\x80\xA0" },
- { 0x4040, "\xE4\x81\x80" },
- { 0x4080, "\xE4\x82\x80" },
- { 0x4100, "\xE4\x84\x80" },
- { 0x4200, "\xE4\x88\x80" },
- { 0x4400, "\xE4\x90\x80" },
- { 0x4800, "\xE4\xA0\x80" },
- { 0x5000, "\xE5\x80\x80" },
- { 0x6000, "\xE6\x80\x80" },
- { 0x7FFF, "\xE7\xBF\xBF" },
- { 0x8000, "\xE8\x80\x80" },
- { 0x8001, "\xE8\x80\x81" },
- { 0x8002, "\xE8\x80\x82" },
- { 0x8004, "\xE8\x80\x84" },
- { 0x8008, "\xE8\x80\x88" },
- { 0x8010, "\xE8\x80\x90" },
- { 0x8020, "\xE8\x80\xA0" },
- { 0x8040, "\xE8\x81\x80" },
- { 0x8080, "\xE8\x82\x80" },
- { 0x8100, "\xE8\x84\x80" },
- { 0x8200, "\xE8\x88\x80" },
- { 0x8400, "\xE8\x90\x80" },
- { 0x8800, "\xE8\xA0\x80" },
- { 0x9000, "\xE9\x80\x80" },
- { 0xA000, "\xEA\x80\x80" },
- { 0xC000, "\xEC\x80\x80" },
- { 0xFFFF, "\xEF\xBF\xBF" }
-
-};
-
-#ifdef UTF16
-/*
- * UTF-16 vectors
- */
-
-struct utf16 utf16[] = {
- { 0x00010000, { 0xD800, 0xDC00 } },
- { 0x00010001, { 0xD800, 0xDC01 } },
- { 0x00010002, { 0xD800, 0xDC02 } },
- { 0x00010003, { 0xD800, 0xDC03 } },
- { 0x00010004, { 0xD800, 0xDC04 } },
- { 0x00010007, { 0xD800, 0xDC07 } },
- { 0x00010008, { 0xD800, 0xDC08 } },
- { 0x0001000F, { 0xD800, 0xDC0F } },
- { 0x00010010, { 0xD800, 0xDC10 } },
- { 0x0001001F, { 0xD800, 0xDC1F } },
- { 0x00010020, { 0xD800, 0xDC20 } },
- { 0x0001003F, { 0xD800, 0xDC3F } },
- { 0x00010040, { 0xD800, 0xDC40 } },
- { 0x0001007F, { 0xD800, 0xDC7F } },
- { 0x00010080, { 0xD800, 0xDC80 } },
- { 0x00010081, { 0xD800, 0xDC81 } },
- { 0x00010082, { 0xD800, 0xDC82 } },
- { 0x00010084, { 0xD800, 0xDC84 } },
- { 0x00010088, { 0xD800, 0xDC88 } },
- { 0x00010090, { 0xD800, 0xDC90 } },
- { 0x000100A0, { 0xD800, 0xDCA0 } },
- { 0x000100C0, { 0xD800, 0xDCC0 } },
- { 0x000100FF, { 0xD800, 0xDCFF } },
- { 0x00010100, { 0xD800, 0xDD00 } },
- { 0x00010101, { 0xD800, 0xDD01 } },
- { 0x00010102, { 0xD800, 0xDD02 } },
- { 0x00010104, { 0xD800, 0xDD04 } },
- { 0x00010108, { 0xD800, 0xDD08 } },
- { 0x00010110, { 0xD800, 0xDD10 } },
- { 0x00010120, { 0xD800, 0xDD20 } },
- { 0x00010140, { 0xD800, 0xDD40 } },
- { 0x00010180, { 0xD800, 0xDD80 } },
- { 0x000101FF, { 0xD800, 0xDDFF } },
- { 0x00010200, { 0xD800, 0xDE00 } },
- { 0x00010201, { 0xD800, 0xDE01 } },
- { 0x00010202, { 0xD800, 0xDE02 } },
- { 0x00010204, { 0xD800, 0xDE04 } },
- { 0x00010208, { 0xD800, 0xDE08 } },
- { 0x00010210, { 0xD800, 0xDE10 } },
- { 0x00010220, { 0xD800, 0xDE20 } },
- { 0x00010240, { 0xD800, 0xDE40 } },
- { 0x00010280, { 0xD800, 0xDE80 } },
- { 0x00010300, { 0xD800, 0xDF00 } },
- { 0x000103FF, { 0xD800, 0xDFFF } },
- { 0x00010400, { 0xD801, 0xDC00 } },
- { 0x00010401, { 0xD801, 0xDC01 } },
- { 0x00010402, { 0xD801, 0xDC02 } },
- { 0x00010404, { 0xD801, 0xDC04 } },
- { 0x00010408, { 0xD801, 0xDC08 } },
- { 0x00010410, { 0xD801, 0xDC10 } },
- { 0x00010420, { 0xD801, 0xDC20 } },
- { 0x00010440, { 0xD801, 0xDC40 } },
- { 0x00010480, { 0xD801, 0xDC80 } },
- { 0x00010500, { 0xD801, 0xDD00 } },
- { 0x00010600, { 0xD801, 0xDE00 } },
- { 0x000107FF, { 0xD801, 0xDFFF } },
- { 0x00010800, { 0xD802, 0xDC00 } },
- { 0x00010801, { 0xD802, 0xDC01 } },
- { 0x00010802, { 0xD802, 0xDC02 } },
- { 0x00010804, { 0xD802, 0xDC04 } },
- { 0x00010808, { 0xD802, 0xDC08 } },
- { 0x00010810, { 0xD802, 0xDC10 } },
- { 0x00010820, { 0xD802, 0xDC20 } },
- { 0x00010840, { 0xD802, 0xDC40 } },
- { 0x00010880, { 0xD802, 0xDC80 } },
- { 0x00010900, { 0xD802, 0xDD00 } },
- { 0x00010A00, { 0xD802, 0xDE00 } },
- { 0x00010C00, { 0xD803, 0xDC00 } },
- { 0x00010FFF, { 0xD803, 0xDFFF } },
- { 0x00011000, { 0xD804, 0xDC00 } },
- { 0x00011001, { 0xD804, 0xDC01 } },
- { 0x00011002, { 0xD804, 0xDC02 } },
- { 0x00011004, { 0xD804, 0xDC04 } },
- { 0x00011008, { 0xD804, 0xDC08 } },
- { 0x00011010, { 0xD804, 0xDC10 } },
- { 0x00011020, { 0xD804, 0xDC20 } },
- { 0x00011040, { 0xD804, 0xDC40 } },
- { 0x00011080, { 0xD804, 0xDC80 } },
- { 0x00011100, { 0xD804, 0xDD00 } },
- { 0x00011200, { 0xD804, 0xDE00 } },
- { 0x00011400, { 0xD805, 0xDC00 } },
- { 0x00011800, { 0xD806, 0xDC00 } },
- { 0x00011FFF, { 0xD807, 0xDFFF } },
- { 0x00012000, { 0xD808, 0xDC00 } },
- { 0x00012001, { 0xD808, 0xDC01 } },
- { 0x00012002, { 0xD808, 0xDC02 } },
- { 0x00012004, { 0xD808, 0xDC04 } },
- { 0x00012008, { 0xD808, 0xDC08 } },
- { 0x00012010, { 0xD808, 0xDC10 } },
- { 0x00012020, { 0xD808, 0xDC20 } },
- { 0x00012040, { 0xD808, 0xDC40 } },
- { 0x00012080, { 0xD808, 0xDC80 } },
- { 0x00012100, { 0xD808, 0xDD00 } },
- { 0x00012200, { 0xD808, 0xDE00 } },
- { 0x00012400, { 0xD809, 0xDC00 } },
- { 0x00012800, { 0xD80A, 0xDC00 } },
- { 0x00013000, { 0xD80C, 0xDC00 } },
- { 0x00013FFF, { 0xD80F, 0xDFFF } },
- { 0x00014000, { 0xD810, 0xDC00 } },
- { 0x00014001, { 0xD810, 0xDC01 } },
- { 0x00014002, { 0xD810, 0xDC02 } },
- { 0x00014004, { 0xD810, 0xDC04 } },
- { 0x00014008, { 0xD810, 0xDC08 } },
- { 0x00014010, { 0xD810, 0xDC10 } },
- { 0x00014020, { 0xD810, 0xDC20 } },
- { 0x00014040, { 0xD810, 0xDC40 } },
- { 0x00014080, { 0xD810, 0xDC80 } },
- { 0x00014100, { 0xD810, 0xDD00 } },
- { 0x00014200, { 0xD810, 0xDE00 } },
- { 0x00014400, { 0xD811, 0xDC00 } },
- { 0x00014800, { 0xD812, 0xDC00 } },
- { 0x00015000, { 0xD814, 0xDC00 } },
- { 0x00016000, { 0xD818, 0xDC00 } },
- { 0x00017FFF, { 0xD81F, 0xDFFF } },
- { 0x00018000, { 0xD820, 0xDC00 } },
- { 0x00018001, { 0xD820, 0xDC01 } },
- { 0x00018002, { 0xD820, 0xDC02 } },
- { 0x00018004, { 0xD820, 0xDC04 } },
- { 0x00018008, { 0xD820, 0xDC08 } },
- { 0x00018010, { 0xD820, 0xDC10 } },
- { 0x00018020, { 0xD820, 0xDC20 } },
- { 0x00018040, { 0xD820, 0xDC40 } },
- { 0x00018080, { 0xD820, 0xDC80 } },
- { 0x00018100, { 0xD820, 0xDD00 } },
- { 0x00018200, { 0xD820, 0xDE00 } },
- { 0x00018400, { 0xD821, 0xDC00 } },
- { 0x00018800, { 0xD822, 0xDC00 } },
- { 0x00019000, { 0xD824, 0xDC00 } },
- { 0x0001A000, { 0xD828, 0xDC00 } },
- { 0x0001C000, { 0xD830, 0xDC00 } },
- { 0x0001FFFF, { 0xD83F, 0xDFFF } },
- { 0x00020000, { 0xD840, 0xDC00 } },
- { 0x00020001, { 0xD840, 0xDC01 } },
- { 0x00020002, { 0xD840, 0xDC02 } },
- { 0x00020004, { 0xD840, 0xDC04 } },
- { 0x00020008, { 0xD840, 0xDC08 } },
- { 0x00020010, { 0xD840, 0xDC10 } },
- { 0x00020020, { 0xD840, 0xDC20 } },
- { 0x00020040, { 0xD840, 0xDC40 } },
- { 0x00020080, { 0xD840, 0xDC80 } },
- { 0x00020100, { 0xD840, 0xDD00 } },
- { 0x00020200, { 0xD840, 0xDE00 } },
- { 0x00020400, { 0xD841, 0xDC00 } },
- { 0x00020800, { 0xD842, 0xDC00 } },
- { 0x00021000, { 0xD844, 0xDC00 } },
- { 0x00022000, { 0xD848, 0xDC00 } },
- { 0x00024000, { 0xD850, 0xDC00 } },
- { 0x00028000, { 0xD860, 0xDC00 } },
- { 0x0002FFFF, { 0xD87F, 0xDFFF } },
- { 0x00030000, { 0xD880, 0xDC00 } },
- { 0x00030001, { 0xD880, 0xDC01 } },
- { 0x00030002, { 0xD880, 0xDC02 } },
- { 0x00030004, { 0xD880, 0xDC04 } },
- { 0x00030008, { 0xD880, 0xDC08 } },
- { 0x00030010, { 0xD880, 0xDC10 } },
- { 0x00030020, { 0xD880, 0xDC20 } },
- { 0x00030040, { 0xD880, 0xDC40 } },
- { 0x00030080, { 0xD880, 0xDC80 } },
- { 0x00030100, { 0xD880, 0xDD00 } },
- { 0x00030200, { 0xD880, 0xDE00 } },
- { 0x00030400, { 0xD881, 0xDC00 } },
- { 0x00030800, { 0xD882, 0xDC00 } },
- { 0x00031000, { 0xD884, 0xDC00 } },
- { 0x00032000, { 0xD888, 0xDC00 } },
- { 0x00034000, { 0xD890, 0xDC00 } },
- { 0x00038000, { 0xD8A0, 0xDC00 } },
- { 0x0003FFFF, { 0xD8BF, 0xDFFF } },
- { 0x00040000, { 0xD8C0, 0xDC00 } },
- { 0x00040001, { 0xD8C0, 0xDC01 } },
- { 0x00040002, { 0xD8C0, 0xDC02 } },
- { 0x00040004, { 0xD8C0, 0xDC04 } },
- { 0x00040008, { 0xD8C0, 0xDC08 } },
- { 0x00040010, { 0xD8C0, 0xDC10 } },
- { 0x00040020, { 0xD8C0, 0xDC20 } },
- { 0x00040040, { 0xD8C0, 0xDC40 } },
- { 0x00040080, { 0xD8C0, 0xDC80 } },
- { 0x00040100, { 0xD8C0, 0xDD00 } },
- { 0x00040200, { 0xD8C0, 0xDE00 } },
- { 0x00040400, { 0xD8C1, 0xDC00 } },
- { 0x00040800, { 0xD8C2, 0xDC00 } },
- { 0x00041000, { 0xD8C4, 0xDC00 } },
- { 0x00042000, { 0xD8C8, 0xDC00 } },
- { 0x00044000, { 0xD8D0, 0xDC00 } },
- { 0x00048000, { 0xD8E0, 0xDC00 } },
- { 0x0004FFFF, { 0xD8FF, 0xDFFF } },
- { 0x00050000, { 0xD900, 0xDC00 } },
- { 0x00050001, { 0xD900, 0xDC01 } },
- { 0x00050002, { 0xD900, 0xDC02 } },
- { 0x00050004, { 0xD900, 0xDC04 } },
- { 0x00050008, { 0xD900, 0xDC08 } },
- { 0x00050010, { 0xD900, 0xDC10 } },
- { 0x00050020, { 0xD900, 0xDC20 } },
- { 0x00050040, { 0xD900, 0xDC40 } },
- { 0x00050080, { 0xD900, 0xDC80 } },
- { 0x00050100, { 0xD900, 0xDD00 } },
- { 0x00050200, { 0xD900, 0xDE00 } },
- { 0x00050400, { 0xD901, 0xDC00 } },
- { 0x00050800, { 0xD902, 0xDC00 } },
- { 0x00051000, { 0xD904, 0xDC00 } },
- { 0x00052000, { 0xD908, 0xDC00 } },
- { 0x00054000, { 0xD910, 0xDC00 } },
- { 0x00058000, { 0xD920, 0xDC00 } },
- { 0x00060000, { 0xD940, 0xDC00 } },
- { 0x00070000, { 0xD980, 0xDC00 } },
- { 0x0007FFFF, { 0xD9BF, 0xDFFF } },
- { 0x00080000, { 0xD9C0, 0xDC00 } },
- { 0x00080001, { 0xD9C0, 0xDC01 } },
- { 0x00080002, { 0xD9C0, 0xDC02 } },
- { 0x00080004, { 0xD9C0, 0xDC04 } },
- { 0x00080008, { 0xD9C0, 0xDC08 } },
- { 0x00080010, { 0xD9C0, 0xDC10 } },
- { 0x00080020, { 0xD9C0, 0xDC20 } },
- { 0x00080040, { 0xD9C0, 0xDC40 } },
- { 0x00080080, { 0xD9C0, 0xDC80 } },
- { 0x00080100, { 0xD9C0, 0xDD00 } },
- { 0x00080200, { 0xD9C0, 0xDE00 } },
- { 0x00080400, { 0xD9C1, 0xDC00 } },
- { 0x00080800, { 0xD9C2, 0xDC00 } },
- { 0x00081000, { 0xD9C4, 0xDC00 } },
- { 0x00082000, { 0xD9C8, 0xDC00 } },
- { 0x00084000, { 0xD9D0, 0xDC00 } },
- { 0x00088000, { 0xD9E0, 0xDC00 } },
- { 0x0008FFFF, { 0xD9FF, 0xDFFF } },
- { 0x00090000, { 0xDA00, 0xDC00 } },
- { 0x00090001, { 0xDA00, 0xDC01 } },
- { 0x00090002, { 0xDA00, 0xDC02 } },
- { 0x00090004, { 0xDA00, 0xDC04 } },
- { 0x00090008, { 0xDA00, 0xDC08 } },
- { 0x00090010, { 0xDA00, 0xDC10 } },
- { 0x00090020, { 0xDA00, 0xDC20 } },
- { 0x00090040, { 0xDA00, 0xDC40 } },
- { 0x00090080, { 0xDA00, 0xDC80 } },
- { 0x00090100, { 0xDA00, 0xDD00 } },
- { 0x00090200, { 0xDA00, 0xDE00 } },
- { 0x00090400, { 0xDA01, 0xDC00 } },
- { 0x00090800, { 0xDA02, 0xDC00 } },
- { 0x00091000, { 0xDA04, 0xDC00 } },
- { 0x00092000, { 0xDA08, 0xDC00 } },
- { 0x00094000, { 0xDA10, 0xDC00 } },
- { 0x00098000, { 0xDA20, 0xDC00 } },
- { 0x000A0000, { 0xDA40, 0xDC00 } },
- { 0x000B0000, { 0xDA80, 0xDC00 } },
- { 0x000C0000, { 0xDAC0, 0xDC00 } },
- { 0x000D0000, { 0xDB00, 0xDC00 } },
- { 0x000FFFFF, { 0xDBBF, 0xDFFF } },
- { 0x0010FFFF, { 0xDBFF, 0xDFFF } }
-
-};
-#endif /* UTF16 */
-
-static void
-dump_utf8
-(
- char *word,
- unsigned char *utf8,
- char *end
-)
-{
- fprintf(stdout, "%s ", word);
- for( ; *utf8; utf8++ ) {
- fprintf(stdout, "%02.2x ", (unsigned int)*utf8);
- }
- fprintf(stdout, "%s", end);
-}
-
-static PRBool
-test_ucs4_chars
-(
- void
-)
-{
- PRBool rv = PR_TRUE;
- int i;
-
- for( i = 0; i < sizeof(ucs4)/sizeof(ucs4[0]); i++ ) {
- struct ucs4 *e = &ucs4[i];
- PRBool result;
- unsigned char utf8[8];
- unsigned int len = 0;
- PRUint32 back = 0;
-
- (void)memset(utf8, 0, sizeof(utf8));
-
- result = sec_port_ucs4_utf8_conversion_function(PR_FALSE,
- (unsigned char *)&e->c, sizeof(e->c), utf8, sizeof(utf8), &len);
-
- if( !result ) {
- fprintf(stdout, "Failed to convert UCS-4 0x%08.8x to UTF-8\n", e->c);
- rv = PR_FALSE;
- continue;
- }
-
- if( (len >= sizeof(utf8)) ||
- (strlen(e->utf8) != len) ||
- (utf8[len] = '\0', 0 != strcmp(e->utf8, utf8)) ) {
- fprintf(stdout, "Wrong conversion of UCS-4 0x%08.8x to UTF-8: ", e->c);
- dump_utf8("expected", e->utf8, ", ");
- dump_utf8("received", utf8, "\n");
- rv = PR_FALSE;
- continue;
- }
-
- result = sec_port_ucs4_utf8_conversion_function(PR_TRUE,
- utf8, len, (unsigned char *)&back, sizeof(back), &len);
-
- if( !result ) {
- dump_utf8("Failed to convert UTF-8", utf8, "to UCS-4\n");
- rv = PR_FALSE;
- continue;
- }
-
- if( (sizeof(back) != len) || (e->c != back) ) {
- dump_utf8("Wrong conversion of UTF-8", utf8, " to UCS-4:");
- fprintf(stdout, "expected 0x%08.8x, received 0x%08.8x\n", e->c, back);
- rv = PR_FALSE;
- continue;
- }
- }
-
- return rv;
-}
-
-static PRBool
-test_ucs2_chars
-(
- void
-)
-{
- PRBool rv = PR_TRUE;
- int i;
-
- for( i = 0; i < sizeof(ucs2)/sizeof(ucs2[0]); i++ ) {
- struct ucs2 *e = &ucs2[i];
- PRBool result;
- unsigned char utf8[8];
- unsigned int len = 0;
- PRUint16 back = 0;
-
- (void)memset(utf8, 0, sizeof(utf8));
-
- result = sec_port_ucs2_utf8_conversion_function(PR_FALSE,
- (unsigned char *)&e->c, sizeof(e->c), utf8, sizeof(utf8), &len);
-
- if( !result ) {
- fprintf(stdout, "Failed to convert UCS-2 0x%04.4x to UTF-8\n", e->c);
- rv = PR_FALSE;
- continue;
- }
-
- if( (len >= sizeof(utf8)) ||
- (strlen(e->utf8) != len) ||
- (utf8[len] = '\0', 0 != strcmp(e->utf8, utf8)) ) {
- fprintf(stdout, "Wrong conversion of UCS-2 0x%04.4x to UTF-8: ", e->c);
- dump_utf8("expected", e->utf8, ", ");
- dump_utf8("received", utf8, "\n");
- rv = PR_FALSE;
- continue;
- }
-
- result = sec_port_ucs2_utf8_conversion_function(PR_TRUE,
- utf8, len, (unsigned char *)&back, sizeof(back), &len);
-
- if( !result ) {
- dump_utf8("Failed to convert UTF-8", utf8, "to UCS-2\n");
- rv = PR_FALSE;
- continue;
- }
-
- if( (sizeof(back) != len) || (e->c != back) ) {
- dump_utf8("Wrong conversion of UTF-8", utf8, "to UCS-2:");
- fprintf(stdout, "expected 0x%08.8x, received 0x%08.8x\n", e->c, back);
- rv = PR_FALSE;
- continue;
- }
- }
-
- return rv;
-}
-
-#ifdef UTF16
-static PRBool
-test_utf16_chars
-(
- void
-)
-{
- PRBool rv = PR_TRUE;
- int i;
-
- for( i = 0; i < sizeof(utf16)/sizeof(utf16[0]); i++ ) {
- struct utf16 *e = &utf16[i];
- PRBool result;
- unsigned char utf8[8];
- unsigned int len = 0;
- PRUint32 back32 = 0;
- PRUint16 back[2];
-
- (void)memset(utf8, 0, sizeof(utf8));
-
- result = sec_port_ucs2_utf8_conversion_function(PR_FALSE,
- (unsigned char *)&e->w[0], sizeof(e->w), utf8, sizeof(utf8), &len);
-
- if( !result ) {
- fprintf(stdout, "Failed to convert UTF-16 0x%04.4x 0x%04.4x to UTF-8\n",
- e->w[0], e->w[1]);
- rv = PR_FALSE;
- continue;
- }
-
- result = sec_port_ucs4_utf8_conversion_function(PR_TRUE,
- utf8, len, (unsigned char *)&back32, sizeof(back32), &len);
-
- if( 4 != len ) {
- fprintf(stdout, "Failed to convert UTF-16 0x%04.4x 0x%04.4x to UTF-8: "
- "unexpected len %d\n", e->w[0], e->w[1], len);
- rv = PR_FALSE;
- continue;
- }
-
- utf8[len] = '\0'; /* null-terminate for printing */
-
- if( !result ) {
- dump_utf8("Failed to convert UTF-8", utf8, "to UCS-4 (utf-16 test)\n");
- rv = PR_FALSE;
- continue;
- }
-
- if( (sizeof(back32) != len) || (e->c != back32) ) {
- fprintf(stdout, "Wrong conversion of UTF-16 0x%04.4x 0x%04.4x ",
- e->w[0], e->w[1]);
- dump_utf8("to UTF-8", utf8, "and then to UCS-4: ");
- if( sizeof(back32) != len ) {
- fprintf(stdout, "len is %d\n", len);
- } else {
- fprintf(stdout, "expected 0x%08.8x, received 0x%08.8x\n", e->c, back32);
- }
- rv = PR_FALSE;
- continue;
- }
-
- (void)memset(utf8, 0, sizeof(utf8));
- back[0] = back[1] = 0;
-
- result = sec_port_ucs4_utf8_conversion_function(PR_FALSE,
- (unsigned char *)&e->c, sizeof(e->c), utf8, sizeof(utf8), &len);
-
- if( !result ) {
- fprintf(stdout, "Failed to convert UCS-4 0x%08.8x to UTF-8 (utf-16 test)\n",
- e->c);
- rv = PR_FALSE;
- continue;
- }
-
- result = sec_port_ucs2_utf8_conversion_function(PR_TRUE,
- utf8, len, (unsigned char *)&back[0], sizeof(back), &len);
-
- if( 4 != len ) {
- fprintf(stdout, "Failed to convert UCS-4 0x%08.8x to UTF-8: "
- "unexpected len %d\n", e->c, len);
- rv = PR_FALSE;
- continue;
- }
-
- utf8[len] = '\0'; /* null-terminate for printing */
-
- if( !result ) {
- dump_utf8("Failed to convert UTF-8", utf8, "to UTF-16\n");
- rv = PR_FALSE;
- continue;
- }
-
- if( (sizeof(back) != len) || (e->w[0] != back[0]) || (e->w[1] != back[1]) ) {
- fprintf(stdout, "Wrong conversion of UCS-4 0x%08.8x to UTF-8", e->c);
- dump_utf8("", utf8, "and then to UTF-16:");
- if( sizeof(back) != len ) {
- fprintf(stdout, "len is %d\n", len);
- } else {
- fprintf(stdout, "expected 0x%04.4x 0x%04.4x, received 0x%04.4x 0x%04.4xx\n",
- e->w[0], e->w[1], back[0], back[1]);
- }
- rv = PR_FALSE;
- continue;
- }
- }
-
- return rv;
-}
-#endif /* UTF16 */
-
-static PRBool
-test_zeroes
-(
- void
-)
-{
- PRBool rv = PR_TRUE;
- PRBool result;
- PRUint32 lzero = 0;
- PRUint16 szero = 0;
- unsigned char utf8[8];
- unsigned int len = 0;
- PRUint32 lback = 1;
- PRUint16 sback = 1;
-
- (void)memset(utf8, 1, sizeof(utf8));
-
- result = sec_port_ucs4_utf8_conversion_function(PR_FALSE,
- (unsigned char *)&lzero, sizeof(lzero), utf8, sizeof(utf8), &len);
-
- if( !result ) {
- fprintf(stdout, "Failed to convert UCS-4 0x00000000 to UTF-8\n");
- rv = PR_FALSE;
- } else if( 1 != len ) {
- fprintf(stdout, "Wrong conversion of UCS-4 0x00000000: len = %d\n", len);
- rv = PR_FALSE;
- } else if( '\0' != *utf8 ) {
- fprintf(stdout, "Wrong conversion of UCS-4 0x00000000: expected 00 ,"
- "received %02.2x\n", (unsigned int)*utf8);
- rv = PR_FALSE;
- }
-
- result = sec_port_ucs4_utf8_conversion_function(PR_TRUE,
- "", 1, (unsigned char *)&lback, sizeof(lback), &len);
-
- if( !result ) {
- fprintf(stdout, "Failed to convert UTF-8 00 to UCS-4\n");
- rv = PR_FALSE;
- } else if( 4 != len ) {
- fprintf(stdout, "Wrong conversion of UTF-8 00 to UCS-4: len = %d\n", len);
- rv = PR_FALSE;
- } else if( 0 != lback ) {
- fprintf(stdout, "Wrong conversion of UTF-8 00 to UCS-4: "
- "expected 0x00000000, received 0x%08.8x\n", lback);
- rv = PR_FALSE;
- }
-
- (void)memset(utf8, 1, sizeof(utf8));
-
- result = sec_port_ucs2_utf8_conversion_function(PR_FALSE,
- (unsigned char *)&szero, sizeof(szero), utf8, sizeof(utf8), &len);
-
- if( !result ) {
- fprintf(stdout, "Failed to convert UCS-2 0x0000 to UTF-8\n");
- rv = PR_FALSE;
- } else if( 1 != len ) {
- fprintf(stdout, "Wrong conversion of UCS-2 0x0000: len = %d\n", len);
- rv = PR_FALSE;
- } else if( '\0' != *utf8 ) {
- fprintf(stdout, "Wrong conversion of UCS-2 0x0000: expected 00 ,"
- "received %02.2x\n", (unsigned int)*utf8);
- rv = PR_FALSE;
- }
-
- result = sec_port_ucs2_utf8_conversion_function(PR_TRUE,
- "", 1, (unsigned char *)&sback, sizeof(sback), &len);
-
- if( !result ) {
- fprintf(stdout, "Failed to convert UTF-8 00 to UCS-2\n");
- rv = PR_FALSE;
- } else if( 2 != len ) {
- fprintf(stdout, "Wrong conversion of UTF-8 00 to UCS-2: len = %d\n", len);
- rv = PR_FALSE;
- } else if( 0 != sback ) {
- fprintf(stdout, "Wrong conversion of UTF-8 00 to UCS-2: "
- "expected 0x0000, received 0x%04.4x\n", sback);
- rv = PR_FALSE;
- }
-
- return rv;
-}
-
-static PRBool
-test_multichars
-(
- void
-)
-{
- int i;
- unsigned int len, lenout;
- PRUint32 *ucs4s;
- char *ucs4_utf8;
- PRUint16 *ucs2s;
- char *ucs2_utf8;
- void *tmp;
- PRBool result;
-
- ucs4s = (PRUint32 *)calloc(sizeof(ucs4)/sizeof(ucs4[0]), sizeof(PRUint32));
- ucs2s = (PRUint16 *)calloc(sizeof(ucs2)/sizeof(ucs2[0]), sizeof(PRUint16));
-
- if( ((PRUint32 *)NULL == ucs4s) || ((PRUint16 *)NULL == ucs2s) ) {
- fprintf(stderr, "out of memory\n");
- exit(1);
- }
-
- len = 0;
- for( i = 0; i < sizeof(ucs4)/sizeof(ucs4[0]); i++ ) {
- ucs4s[i] = ucs4[i].c;
- len += strlen(ucs4[i].utf8);
- }
-
- ucs4_utf8 = (char *)malloc(len);
-
- len = 0;
- for( i = 0; i < sizeof(ucs2)/sizeof(ucs2[0]); i++ ) {
- ucs2s[i] = ucs2[i].c;
- len += strlen(ucs2[i].utf8);
- }
-
- ucs2_utf8 = (char *)malloc(len);
-
- if( ((char *)NULL == ucs4_utf8) || ((char *)NULL == ucs2_utf8) ) {
- fprintf(stderr, "out of memory\n");
- exit(1);
- }
-
- *ucs4_utf8 = '\0';
- for( i = 0; i < sizeof(ucs4)/sizeof(ucs4[0]); i++ ) {
- strcat(ucs4_utf8, ucs4[i].utf8);
- }
-
- *ucs2_utf8 = '\0';
- for( i = 0; i < sizeof(ucs2)/sizeof(ucs2[0]); i++ ) {
- strcat(ucs2_utf8, ucs2[i].utf8);
- }
-
- /* UTF-8 -> UCS-4 */
- len = sizeof(ucs4)/sizeof(ucs4[0]) * sizeof(PRUint32);
- tmp = calloc(len, 1);
- if( (void *)NULL == tmp ) {
- fprintf(stderr, "out of memory\n");
- exit(1);
- }
-
- result = sec_port_ucs4_utf8_conversion_function(PR_TRUE,
- ucs4_utf8, strlen(ucs4_utf8), tmp, len, &lenout);
- if( !result ) {
- fprintf(stdout, "Failed to convert much UTF-8 to UCS-4\n");
- goto done;
- }
-
- if( lenout != len ) {
- fprintf(stdout, "Unexpected length converting much UTF-8 to UCS-4\n");
- goto loser;
- }
-
- if( 0 != memcmp(ucs4s, tmp, len) ) {
- fprintf(stdout, "Wrong conversion of much UTF-8 to UCS-4\n");
- goto loser;
- }
-
- free(tmp); tmp = (void *)NULL;
-
- /* UCS-4 -> UTF-8 */
- len = strlen(ucs4_utf8);
- tmp = calloc(len, 1);
- if( (void *)NULL == tmp ) {
- fprintf(stderr, "out of memory\n");
- exit(1);
- }
-
- result = sec_port_ucs4_utf8_conversion_function(PR_FALSE,
- (unsigned char *)ucs4s, sizeof(ucs4)/sizeof(ucs4[0]) * sizeof(PRUint32),
- tmp, len, &lenout);
- if( !result ) {
- fprintf(stdout, "Failed to convert much UCS-4 to UTF-8\n");
- goto done;
- }
-
- if( lenout != len ) {
- fprintf(stdout, "Unexpected length converting much UCS-4 to UTF-8\n");
- goto loser;
- }
-
- if( 0 != strncmp(ucs4_utf8, tmp, len) ) {
- fprintf(stdout, "Wrong conversion of much UCS-4 to UTF-8\n");
- goto loser;
- }
-
- free(tmp); tmp = (void *)NULL;
-
- /* UTF-8 -> UCS-2 */
- len = sizeof(ucs2)/sizeof(ucs2[0]) * sizeof(PRUint16);
- tmp = calloc(len, 1);
- if( (void *)NULL == tmp ) {
- fprintf(stderr, "out of memory\n");
- exit(1);
- }
-
- result = sec_port_ucs2_utf8_conversion_function(PR_TRUE,
- ucs2_utf8, strlen(ucs2_utf8), tmp, len, &lenout);
- if( !result ) {
- fprintf(stdout, "Failed to convert much UTF-8 to UCS-2\n");
- goto done;
- }
-
- if( lenout != len ) {
- fprintf(stdout, "Unexpected length converting much UTF-8 to UCS-2\n");
- goto loser;
- }
-
- if( 0 != memcmp(ucs2s, tmp, len) ) {
- fprintf(stdout, "Wrong conversion of much UTF-8 to UCS-2\n");
- goto loser;
- }
-
- free(tmp); tmp = (void *)NULL;
-
- /* UCS-2 -> UTF-8 */
- len = strlen(ucs2_utf8);
- tmp = calloc(len, 1);
- if( (void *)NULL == tmp ) {
- fprintf(stderr, "out of memory\n");
- exit(1);
- }
-
- result = sec_port_ucs2_utf8_conversion_function(PR_FALSE,
- (unsigned char *)ucs2s, sizeof(ucs2)/sizeof(ucs2[0]) * sizeof(PRUint16),
- tmp, len, &lenout);
- if( !result ) {
- fprintf(stdout, "Failed to convert much UCS-2 to UTF-8\n");
- goto done;
- }
-
- if( lenout != len ) {
- fprintf(stdout, "Unexpected length converting much UCS-2 to UTF-8\n");
- goto loser;
- }
-
- if( 0 != strncmp(ucs2_utf8, tmp, len) ) {
- fprintf(stdout, "Wrong conversion of much UCS-2 to UTF-8\n");
- goto loser;
- }
-
-#ifdef UTF16
- /* implement me */
-#endif /* UTF16 */
-
- result = PR_TRUE;
- goto done;
-
- loser:
- result = PR_FALSE;
- done:
- free(ucs4s);
- free(ucs4_utf8);
- free(ucs2s);
- free(ucs2_utf8);
- if( (void *)NULL != tmp ) free(tmp);
- return result;
-}
-
-void
-byte_order
-(
- void
-)
-{
- /*
- * The implementation (now) expects the 16- and 32-bit characters
- * to be in network byte order, not host byte order. Therefore I
- * have to byteswap all those test vectors above. hton[ls] may be
- * functions, so I have to do this dynamically. If you want to
- * use this code to do host byte order conversions, just remove
- * the call in main() to this function.
- */
-
- int i;
-
- for( i = 0; i < sizeof(ucs4)/sizeof(ucs4[0]); i++ ) {
- struct ucs4 *e = &ucs4[i];
- e->c = htonl(e->c);
- }
-
- for( i = 0; i < sizeof(ucs2)/sizeof(ucs2[0]); i++ ) {
- struct ucs2 *e = &ucs2[i];
- e->c = htons(e->c);
- }
-
-#ifdef UTF16
- for( i = 0; i < sizeof(utf16)/sizeof(utf16[0]); i++ ) {
- struct utf16 *e = &utf16[i];
- e->c = htonl(e->c);
- e->w[0] = htons(e->w[0]);
- e->w[1] = htons(e->w[1]);
- }
-#endif /* UTF16 */
-
- return;
-}
-
-int
-main
-(
- int argc,
- char *argv[]
-)
-{
- byte_order();
-
- if( test_ucs4_chars() &&
- test_ucs2_chars() &&
-#ifdef UTF16
- test_utf16_chars() &&
-#endif /* UTF16 */
- test_zeroes() &&
- test_multichars() &&
- PR_TRUE ) {
- fprintf(stderr, "PASS\n");
- return 1;
- } else {
- fprintf(stderr, "FAIL\n");
- return 0;
- }
-}
-
-#endif /* TEST_UTF8 */
diff --git a/security/nss/lib/util/watcomfx.h b/security/nss/lib/util/watcomfx.h
deleted file mode 100644
index bc1d20f72..000000000
--- a/security/nss/lib/util/watcomfx.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#if defined(__WATCOMC__) || defined(__WATCOM_CPLUSPLUS__)
-#ifndef __WATCOM_FIX_H__
-#define __WATCOM_FIX_H__ 1
-/*
- * WATCOM's C compiler doesn't default to "__cdecl" conventions for external
- * symbols and functions. Rather than adding an explicit __cdecl modifier to
- * every external symbol and function declaration and definition, we use the
- * following pragma to (attempt to) change WATCOM c's default to __cdecl.
- * These pragmas were taken from pages 180-181, 266 & 269 of the
- * Watcom C/C++ version 11 User's Guide, 3rd edition.
- */
-#if defined(XP_WIN16) || defined(WIN16)
-#pragma aux default "_*" \
- parm caller [] \
- value struct float struct routine [ax] \
- modify [ax bx cx dx es]
-#else
-#pragma aux default "_*" \
- parm caller [] \
- value struct float struct routine [eax] \
- modify [eax ecx edx]
-#endif
-#pragma aux default far
-
-#endif /* once */
-#endif /* WATCOM compiler */
diff --git a/security/nss/lib/util/win_rand.c b/security/nss/lib/util/win_rand.c
deleted file mode 100644
index de2e06ea7..000000000
--- a/security/nss/lib/util/win_rand.c
+++ /dev/null
@@ -1,415 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "secrng.h"
-#ifdef XP_WIN
-#include <windows.h>
-#include <time.h>
-#include <io.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdio.h>
-
-#ifndef _WIN32
-#define VTD_Device_ID 5
-#define OP_OVERRIDE _asm _emit 0x66
-#include <dos.h>
-#endif
-
-static BOOL
-CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow)
-{
-#ifdef _WIN32
- LARGE_INTEGER liCount;
-
- if (!QueryPerformanceCounter(&liCount))
- return FALSE;
-
- *lpdwHigh = liCount.u.HighPart;
- *lpdwLow = liCount.u.LowPart;
- return TRUE;
-
-#else /* is WIN16 */
- BOOL bRetVal;
- FARPROC lpAPI;
- WORD w1, w2, w3, w4;
-
- // Get direct access to the VTD and query the current clock tick time
- _asm {
- xor di, di
- mov es, di
- mov ax, 1684h
- mov bx, VTD_Device_ID
- int 2fh
- mov ax, es
- or ax, di
- jz EnumerateFailed
-
- ; VTD API is available. First store the API address (the address actually
- ; contains an instruction that causes a fault, the fault handler then
- ; makes the ring transition and calls the API in the VxD)
- mov word ptr lpAPI, di
- mov word ptr lpAPI+2, es
- mov ax, 100h ; API function to VTD_Get_Real_Time
-; call dword ptr [lpAPI]
- call [lpAPI]
-
- ; Result is in EDX:EAX which we will get 16-bits at a time
- mov w2, dx
- OP_OVERRIDE
- shr dx,10h ; really "shr edx, 16"
- mov w1, dx
-
- mov w4, ax
- OP_OVERRIDE
- shr ax,10h ; really "shr eax, 16"
- mov w3, ax
-
- mov bRetVal, 1 ; return TRUE
- jmp EnumerateExit
-
- EnumerateFailed:
- mov bRetVal, 0 ; return FALSE
-
- EnumerateExit:
- }
-
- *lpdwHigh = MAKELONG(w2, w1);
- *lpdwLow = MAKELONG(w4, w3);
-
- return bRetVal;
-#endif /* is WIN16 */
-}
-
-size_t RNG_GetNoise(void *buf, size_t maxbuf)
-{
- DWORD dwHigh, dwLow, dwVal;
- int n = 0;
- int nBytes;
- time_t sTime;
-
- if (maxbuf <= 0)
- return 0;
-
- CurrentClockTickTime(&dwHigh, &dwLow);
-
- // get the maximally changing bits first
- nBytes = sizeof(dwLow) > maxbuf ? maxbuf : sizeof(dwLow);
- memcpy((char *)buf, &dwLow, nBytes);
- n += nBytes;
- maxbuf -= nBytes;
-
- if (maxbuf <= 0)
- return n;
-
- nBytes = sizeof(dwHigh) > maxbuf ? maxbuf : sizeof(dwHigh);
- memcpy(((char *)buf) + n, &dwHigh, nBytes);
- n += nBytes;
- maxbuf -= nBytes;
-
- if (maxbuf <= 0)
- return n;
-
- // get the number of milliseconds that have elapsed since Windows started
- dwVal = GetTickCount();
-
- nBytes = sizeof(dwVal) > maxbuf ? maxbuf : sizeof(dwVal);
- memcpy(((char *)buf) + n, &dwVal, nBytes);
- n += nBytes;
- maxbuf -= nBytes;
-
- if (maxbuf <= 0)
- return n;
-
- // get the time in seconds since midnight Jan 1, 1970
- time(&sTime);
- nBytes = sizeof(sTime) > maxbuf ? maxbuf : sizeof(sTime);
- memcpy(((char *)buf) + n, &sTime, nBytes);
- n += nBytes;
-
- return n;
-}
-
-static BOOL
-EnumSystemFiles(void (*func)(char *))
-{
- int iStatus;
- char szSysDir[_MAX_PATH];
- char szFileName[_MAX_PATH];
-#ifdef _WIN32
- struct _finddata_t fdData;
- long lFindHandle;
-#else
- struct _find_t fdData;
-#endif
-
- if (!GetSystemDirectory(szSysDir, sizeof(szSysDir)))
- return FALSE;
-
- // tack *.* on the end so we actually look for files. this will
- // not overflow
- strcpy(szFileName, szSysDir);
- strcat(szFileName, "\\*.*");
-
-#ifdef _WIN32
- lFindHandle = _findfirst(szFileName, &fdData);
- if (lFindHandle == -1)
- return FALSE;
-#else
- if (_dos_findfirst(szFileName, _A_NORMAL | _A_RDONLY | _A_ARCH | _A_SUBDIR, &fdData) != 0)
- return FALSE;
-#endif
-
- do {
- // pass the full pathname to the callback
- sprintf(szFileName, "%s\\%s", szSysDir, fdData.name);
- (*func)(szFileName);
-
-#ifdef _WIN32
- iStatus = _findnext(lFindHandle, &fdData);
-#else
- iStatus = _dos_findnext(&fdData);
-#endif
- } while (iStatus == 0);
-
-#ifdef _WIN32
- _findclose(lFindHandle);
-#endif
-
- return TRUE;
-}
-
-static DWORD dwNumFiles, dwReadEvery;
-
-static void
-CountFiles(char *file)
-{
- dwNumFiles++;
-}
-
-static void
-ReadFiles(char *file)
-{
- if ((dwNumFiles % dwReadEvery) == 0)
- RNG_FileForRNG(file);
-
- dwNumFiles++;
-}
-
-static void
-ReadSystemFiles()
-{
- // first count the number of files
- dwNumFiles = 0;
- if (!EnumSystemFiles(CountFiles))
- return;
-
- RNG_RandomUpdate(&dwNumFiles, sizeof(dwNumFiles));
-
- // now read 10 files
- if (dwNumFiles == 0)
- return;
-
- dwReadEvery = dwNumFiles / 10;
- if (dwReadEvery == 0)
- dwReadEvery = 1; // less than 10 files
-
- dwNumFiles = 0;
- EnumSystemFiles(ReadFiles);
-}
-
-void RNG_SystemInfoForRNG(void)
-{
- DWORD dwVal;
- char buffer[256];
- int nBytes;
-#ifdef _WIN32
- MEMORYSTATUS sMem;
- DWORD dwSerialNum;
- DWORD dwComponentLen;
- DWORD dwSysFlags;
- char volName[128];
- DWORD dwSectors, dwBytes, dwFreeClusters, dwNumClusters;
- HANDLE hVal;
-#else
- int iVal;
- HTASK hTask;
- WORD wDS, wCS;
- LPSTR lpszEnv;
-#endif
-
- nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
- RNG_RandomUpdate(buffer, nBytes);
-
-#ifdef _WIN32
- sMem.dwLength = sizeof(sMem);
- GlobalMemoryStatus(&sMem); // assorted memory stats
- RNG_RandomUpdate(&sMem, sizeof(sMem));
-
- dwVal = GetLogicalDrives();
- RNG_RandomUpdate(&dwVal, sizeof(dwVal)); // bitfields in bits 0-25
-
-#else
- dwVal = GetFreeSpace(0);
- RNG_RandomUpdate(&dwVal, sizeof(dwVal));
-
- _asm mov wDS, ds;
- _asm mov wCS, cs;
- RNG_RandomUpdate(&wDS, sizeof(wDS));
- RNG_RandomUpdate(&wCS, sizeof(wCS));
-#endif
-
-#ifdef _WIN32
- dwVal = sizeof(buffer);
- if (GetComputerName(buffer, &dwVal))
- RNG_RandomUpdate(buffer, dwVal);
-
-/* XXX This is code that got yanked because of NSPR20. We should put it
- * back someday.
- */
-#ifdef notdef
- {
- POINT ptVal;
- GetCursorPos(&ptVal);
- RNG_RandomUpdate(&ptVal, sizeof(ptVal));
- }
-
- dwVal = GetQueueStatus(QS_ALLINPUT); // high and low significant
- RNG_RandomUpdate(&dwVal, sizeof(dwVal));
-
- {
- HWND hWnd;
- hWnd = GetClipboardOwner(); // 2 or 4 bytes
- RNG_RandomUpdate((void *)&hWnd, sizeof(hWnd));
- }
-
- {
- UUID sUuid;
- UuidCreate(&sUuid); // this will fail on machines with no ethernet
- RNG_RandomUpdate(&sUuid, sizeof(sUuid)); // boards. shove the bits in regardless
- }
-#endif
-
- hVal = GetCurrentProcess(); // 4 byte handle of current task
- RNG_RandomUpdate(&hVal, sizeof(hVal));
-
- dwVal = GetCurrentProcessId(); // process ID (4 bytes)
- RNG_RandomUpdate(&dwVal, sizeof(dwVal));
-
- volName[0] = '\0';
- buffer[0] = '\0';
- GetVolumeInformation(NULL,
- volName,
- sizeof(volName),
- &dwSerialNum,
- &dwComponentLen,
- &dwSysFlags,
- buffer,
- sizeof(buffer));
-
- RNG_RandomUpdate(volName, strlen(volName));
- RNG_RandomUpdate(&dwSerialNum, sizeof(dwSerialNum));
- RNG_RandomUpdate(&dwComponentLen, sizeof(dwComponentLen));
- RNG_RandomUpdate(&dwSysFlags, sizeof(dwSysFlags));
- RNG_RandomUpdate(buffer, strlen(buffer));
-
- if (GetDiskFreeSpace(NULL, &dwSectors, &dwBytes, &dwFreeClusters, &dwNumClusters)) {
- RNG_RandomUpdate(&dwSectors, sizeof(dwSectors));
- RNG_RandomUpdate(&dwBytes, sizeof(dwBytes));
- RNG_RandomUpdate(&dwFreeClusters, sizeof(dwFreeClusters));
- RNG_RandomUpdate(&dwNumClusters, sizeof(dwNumClusters));
- }
-
-#else /* is WIN16 */
- hTask = GetCurrentTask();
- RNG_RandomUpdate((void *)&hTask, sizeof(hTask));
-
- iVal = GetNumTasks();
- RNG_RandomUpdate(&iVal, sizeof(iVal)); // number of running tasks
-
- lpszEnv = GetDOSEnvironment();
- while (*lpszEnv != '\0') {
- RNG_RandomUpdate(lpszEnv, strlen(lpszEnv));
-
- lpszEnv += strlen(lpszEnv) + 1;
- }
-#endif /* is WIN16 */
-
- // now let's do some files
- ReadSystemFiles();
-
- nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
- RNG_RandomUpdate(buffer, nBytes);
-}
-
-void RNG_FileForRNG(char *filename)
-{
- FILE* file;
- int nBytes;
- struct stat stat_buf;
- unsigned char buffer[1024];
-
- static DWORD totalFileBytes = 0;
-
- /* windows doesn't initialize all the bytes in the stat buf,
- * so initialize them all here to avoid UMRs.
- */
- memset(&stat_buf, 0, sizeof stat_buf);
-
- if (stat((char *)filename, &stat_buf) < 0)
- return;
-
- RNG_RandomUpdate((unsigned char*)&stat_buf, sizeof(stat_buf));
-
- file = fopen((char *)filename, "r");
- if (file != NULL) {
- for (;;) {
- size_t bytes = fread(buffer, 1, sizeof(buffer), file);
-
- if (bytes == 0)
- break;
-
- RNG_RandomUpdate(buffer, bytes);
- totalFileBytes += bytes;
- if (totalFileBytes > 250000)
- break;
- }
-
- fclose(file);
- }
-
- nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
- RNG_RandomUpdate(buffer, nBytes);
-}
-
-#endif /* is XP_WIN */
diff --git a/security/nss/macbuild/NSS.Prefix b/security/nss/macbuild/NSS.Prefix
deleted file mode 100755
index 9a088a3b1..000000000
--- a/security/nss/macbuild/NSS.Prefix
+++ /dev/null
@@ -1,3 +0,0 @@
-/* Optimized prefix */
-#include "MacPrefix.h"
-#include "NSSCommon.h"
diff --git a/security/nss/macbuild/NSS.mcp b/security/nss/macbuild/NSS.mcp
deleted file mode 100755
index c34a514c0..000000000
--- a/security/nss/macbuild/NSS.mcp
+++ /dev/null
Binary files differ
diff --git a/security/nss/macbuild/NSSCommon.h b/security/nss/macbuild/NSSCommon.h
deleted file mode 100755
index 8c9237673..000000000
--- a/security/nss/macbuild/NSSCommon.h
+++ /dev/null
@@ -1,3 +0,0 @@
-/* Defines common to all versions of NSS */
-
-#define NSPR20 1
diff --git a/security/nss/macbuild/NSSDebug.Prefix b/security/nss/macbuild/NSSDebug.Prefix
deleted file mode 100755
index 967b0889c..000000000
--- a/security/nss/macbuild/NSSDebug.Prefix
+++ /dev/null
@@ -1,3 +0,0 @@
-/* Optimized prefix */
-#include "MacPrefix_debug.h"
-#include "NSSCommon.h"
diff --git a/security/nss/manifest.mn b/security/nss/manifest.mn
deleted file mode 100644
index 0aeecd4f9..000000000
--- a/security/nss/manifest.mn
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ..
-DEPTH = ..
-
-IMPORTS = nspr20/v4.0 \
- dbm/DBM_1_54 \
- $(NULL)
-
-RELEASE = security
-
-DIRS = lib cmd
-
-
diff --git a/security/nss/relnotes.txt b/security/nss/relnotes.txt
deleted file mode 100644
index c0998655b..000000000
--- a/security/nss/relnotes.txt
+++ /dev/null
@@ -1,284 +0,0 @@
-HCL Users,
-
-HCL 1.5.7 has been released. It fixes a very small list of bugs that
-were found since HCL 1.5.6 was released, and contains no new features or
-public API changes. The list of bugs fixed in HCL 1.5.7 is below.
-The release notes for HCL 1.5.6 are appended to these notes.
-
-ALL SERVERS should abandon HCL 1.5.6 and switch to HCL 1.5.7 ASAP.
-The reasons for this strong recommendation should be self apparent after
-reading the list of bugs fixed.
-
-We recommend that all sources that include HCL headers be recompiled
-with the new HCL 1.5.7 headers. This is only a precaution.
-
-
-Security Library 1.57
-Build Date: 19980902
-
-****************************************************************
-**
-** NOTE: THIS RELEASE IS NOT BINARY COMPATIBLE WITH 1.55
-** AND ANY APPLICATION CODE WILL HAVE TO BE RECOMPILED
-**
-****************************************************************
-
-
-****************************************************************
-**
-** Directory organization of this release
-**
-****************************************************************
-
-This release consists of the following:
-- a JAR file, xpheader.jar, that contains all of the public header files.
-
-- <platform> directories: where <platform> is of the form
- <os-name><os-version>[_<compiler>][_<implementation strategy>]_<DBG/OPT>.OBJ
- For example,
- IRIX6.2_DBG.OBJ (debug build)
- SunOS5.5.1_OPT.OBJ (optimized build)
- SunOS5.5.1_gcc_DBG.OBJ (built using the non-native compiler gcc)
- OSF1V4.0_PTH_DBG.OBJ (PTH means the implementation uses pthreads.)
- AIX4.1_PTH_USER_DBG.OBJ (PTH_USER means the implementation is
- a combination of user-level threads and pthreads.)
-
- Under each <platform> directory, is the file, mdbinary.jar. This is a
- JAR file containing the compiled libraries.
-
-
-************************************************************
-**
-** Platforms supported
-**
-************************************************************
-
-The following platforms are supported:
-- Solaris on sparc: 2.5.1, 2.6 (built with cc)
-- IRIX: 6.2, 6.3 (built with cc)
-- HP-UX: B.10.10, B10.20, B11.00 (built with cc)
-- OSF1: V4.0D (built with cc)
-- AIX: 4.2 (built with compiler xlC_r).
-- Linux: 2.1.108
-- WINNT: 4.0 (Visual C++ 4.2 built with and without debug runtime)
-
-
-************************************************************
-**
-** How to build the libraries yourself
-**
-************************************************************
-This release of HCL depends on NSPR version 19980529A and
-DBM version DBM_1_53.
-
-To build the libraries yourself, execute the following instructions.
-
-On UNIX machines:
- cvs co -r HCL_157 ns/security
- cvs co -r HCL_157 ns/coreconf
- cd ns/coreconf
- source ./.cshrc
- gmake [BUILD_OPT=1]
- cd ..
- cd security
- gmake [BUILD_OPT=1] import
- gmake [BUILD_OPT=1]
-
-On Windows NT machines:
- cvs co -r HCL_157 ns/security
- cvs co -r HCL_157 ns/coreconf
- cd ns/security
- gmake [BUILD_OPT=1] import
- gmake [BUILD_OPT=1]
-
-For IRIX builds using -n32 flag with pthreads:
- cvs co -r HCL_157 ns/security
- cvs co -r HCL_157 ns/coreconf
- cd ns/coreconf
- source ./.cshrc
- gmake USE_N32=1 USE_PTHREADS=1 [BUILD_OPT=1]
- cd ..
- cd security
- gmake USE_N32=1 USE_PTHREADS=1 [BUILD_OPT=1] import
- gmake USE_N32=1 USE_PTHREADS=1 [BUILD_OPT=1]
-
-
-************************************************************
-**
-** Web site, mailing lists, questions, bug reports
-**
-************************************************************
-
-You can find information about the Security Libraries at the Hardcore Web
-site: http://warp/projects/hardcore/
-
-If you have any questions regarding SSL or the HCL libraries, please refer to the
-following documents:
- http://twain.mcom.com/developer/security/nss/ssl/index.htm
- http://twain.mcom.com/developer/security/nss/index.htm
-
-There is a mailing list for HCL issues:
- - hcl: the developers of HCL.
-
-Please use BugSplat on scopus (http://scopus/bugsplat) to report
-bugs. Choose product "Security Library", version "1.5".
-
-
-Here's how/where to get HCL 1.5.7:
-
-bits are available at
-/m/dist/security/19980902 a.k.a. /m/dist/security/HCL_1_57
-
-\\helium\dist\security\19980902 or \\helium\dist\security\HCL_1_57
-
-
-Here is the list of bugs fixed in HCL 1.5.7:
-a) Thread safety-related crash in cert lib.
-
-b) Thread safety-related problems in NSPR's PL_Arena code.
- Worked around by surrounding all HCL's PL_Arena calls with a lock/unlock.
- Applications that make their own calls to NSPR's PL_Arena functions or
- that use other non-HCL libraries that use PL_Arenas may continue to have
- thread-safety issues with PL_Arenas.
-
-c) Fixed a regression in PKCS#11 in HCL 1.5.6 that caused a crash the
- first time a server received a bleichenbacker attack ("million question")
- message.
-
-See the HCL 1.5.6 release notes below for the list of known bugs in 1.5.7.
-
-
-Here is a list of the bugs fixed in HCL 1.5.6:
-
-312467 SSL3 uses global pointers for step-down keys, leaks keys
-314392 CERT_DestroyCertificate locking code causes nested locking
-314571 Memory leak in SSL
-314574 HCL Leaks in PKCS #11.
-314576 Memory leak in pseudo-prime test in libcrypto
-314585 SSL's PR_AcceptRead returns non-aligned PRNetAddr
-314592 pkcs5 leaks two memory blocks for each RSA private key op
-314596 random number generator causes Unitialized Memory Reads
-
-------------------------------------------------------------------------
- HCL 1.5.6 Readme (release notes)
-------------------------------------------------------------------------
-
-This file summarizes enhancements, fixed and known bugs in HCL 1.5.6.
-
-For detailed instructions on setting up your environment to run the
-sample code in the samples directory, see Chapter 2, "Getting Started
-with SSL" (doc/ssl/gtstd.htm) of the SSL Reference (doc/ssl/index.htm).
-
-
-ENHANCEMENTS SINCE NSS 1.5.4
-
-1. SSL returns much more detailed error messages; for details, see
-doc/ssl/sslerr.htm
-
-SSL BUGS FIXED SINCE HCL 1.5.4
-
-1. The "million question" bug in SSL has been fixed.
-
-2. A potential problem (on Unix only) with SSL_InitSessionIDCache has
-been fixed. The application chooses the directory into which the SSL
-library places the server session cache. If the application doesn't
-specify a directory explicitly, the code defaults to using the system
-default "temporary" directory, which is generally world-writable. The
-problem that was fixed occured only when the application chose to put
-the session cache files into a directory writable by untrusted users.
-If the application put the cache files in a directory that has
-appropriate limits on access, there was no problem. But if the
-application put the cache files into a directory that was world
-writable, it was possible for a rogue program to try to substitute a
-file it already had open for the server's cache file, and it would
-succeed some of the time. When it succeeded, it had access to the
-content of the session ID cache, which enabled it to do various bad
-things, such as masquerade as one of the remote clients whose session
-was in the cache.
-
-The above problem with the Unix version of SSL_InitSessionIDCachehas
-been fixed, and rogue programs cannot succeed in substituting their own
-files for the server's files any more.
-
-3. Client no longer rejects SSL ServerKeyExchange when server's
-certificate key size is 512 bits.
-
-4. Server no longer crashes in SSL after required client authentication
-fails.
-
-5. A problem that was causing crashes when multiple threads
-simultaneously requested client authentication on their respective
-server sockets has been fixed.
-
-6. The following functions now work with SSL sockets:
-
- PR_Write
- PR_TransmitFile
- PR_AcceptRead
-
-7. SSL now accepts client hellos that are too long.
-
-8. A problem that produced bad results when multiple threads
-simultaneously used the random number generator has been fixed.
-
-
-
-KNOWN BUGS IN HCL 1.5.6:
-
-1. A crash may occur when multiple processes attempt to share a server
-session ID cache. Because of this bug, an application that handshakes
-as a server is limited to conducting all SSL calls in a single process.
-
-2. Removing a token does not invalidate the client-side session cache.
-
-3. While a handshake is in progress on an SSL socket, it is not safe
-for two threads to attempt simultaneous read and write calls (PR_Recv
-and PR_Send) on that socket. Workaround: ensure that only one thread
-uses an SSL socket at a time.
-
-We expect the above 3 bugs will be fixed in a forthcoming release.
-
-SSL v2 issues in HCL 1.5.x:
-
-1. SSL_RedoHandshake only works on SSL3 connections, not SSL2. The
-SSL2 protocol does not permit additional handshakes on the connection
-after the first one is done. Ergo, if a client certificate is to be
-requested in an SSL2 connection, it must be requested on the initial
-handshake.
-
-2. HCL's SSL2 ignores the setting of the SSL_REQUIRE_CERTIFICATE
-enable. When SSL_REQUEST_CERTIFICATE is enabled, SSL2 behaves as if
-SSL_REQUIRE_CERTIFICATE is also enabled, regardless of the actual
-setting of the SSL_REQUIRE_CERTIFICATE enable.
-
-3. HCL's SSL2 server code doesn't call the bad cert handler callback
-when the authCert callback returns an error. The ssl2 client code DOES
-use the badcerthandler callback, but the ssl2 server code does not.
-This means that if the server's authCert callback returns SECFailure,
-rejecting the client cert received on an SSL2 connection, the
-badCerthandler cannot override it.
-
-4. HCL's SSL2 server code never caches the client cert. Consequently,
-if an SSL2 server is configured to request the client cert, it must ask
-the client for the client cert on every connection, not just on the
-first connection in the "session". The SSL2 client must provide the
-cert in every SSL2 connection that requests it. If the user has set the
-"ask me every time" option for his certs, he will get prompted a LOT.
-
-Item 1 above is not a bug. That's the way ssl2 is defined. Items 2-4
-are limitations of our implementation. TomW says client auth in ssl2
-was never officially supported (although it is mostly implemented).
-
-Recommended workaround for SSL2 issues:
-
-a) Don't expect client auth to work for SSL2 users.
-b) Don't request client auth in the initial handshake. Request it in a
-subsequent handshake (e.g. set SSL_REQUEST_CERTIFICATE and call
-SSL_RedoHandshake() on SSL3 connections. This will completely avoid
-client auth problems with SSL2.
-
-For some time now, we've been suggesting that servers request client
-auth on a second handshake, not the first handshake in the connection.
-If they do that, then they will never get client certs from ssl2
-clients. That is a good thing.
-
diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh
deleted file mode 100755
index 1b0479711..000000000
--- a/security/nss/tests/all.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-#
-# Run all our tests
-#
-CURDIR=`pwd`
-TESTS="sdr ssl"
-cd common
-. ./init.sh
-export MOZILLA_ROOT
-export COMMON
-export DIST
-export SECURITY_ROOT
-export TESTDIR
-export OBJDIR
-export HOSTDIR
-
-LOGFILE=${HOSTDIR}/output.log
-export LOGFILE
-touch ${LOGFILE}
-tail -f ${LOGFILE} &
-TAILPID=$!
-trap "kill ${TAILPID}; exit" 2
-for i in ${TESTS}
-do
- echo "Running Tests for $i"
-#
-# All tells the test suite to run through all their tests.
-# file tells the test suite that the output is going to a log, so any
-# forked() children need to redirect their output to prevent them from
-# being over written.
-
- (cd ${CURDIR}/$i ; ./${i}.sh all file >> ${LOGFILE} 2>&1)
-# cd ${CURDIR}/$i ; ./${i}.sh
-done
-kill ${TAILPID}
diff --git a/security/nss/tests/common/arch.sh b/security/nss/tests/common/arch.sh
deleted file mode 100755
index b2f6475c4..000000000
--- a/security/nss/tests/common/arch.sh
+++ /dev/null
@@ -1,313 +0,0 @@
-#!/bin/sh
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# Master "Core Components" macros for getting the OS architecture #
-#######################################################################
-
-#
-# Macros for getting the OS architecture
-#
-if [ -n "${USE_64}" ]; then
- A64BIT_TAG=_64
-else
- A64BIT_TAG=
-fi
-
-#OS_ARCH := $(subst /,_,$(shell uname -s))
-OS_ARCH=`uname -s | sed -e 's;/;_;'`
-
-#
-# Attempt to differentiate between sparc and x86 Solaris
-#
-
-#OS_TEST := $(shell uname -m)
-OS_TEST=`uname -m`
-if [ ${OS_TEST} = "i86pc" ]; then
- OS_RELEASE=`uname -r`"_"${OS_TEST}
-else
- OS_RELEASE=`uname -r`
-fi
-
-#
-# Force the IRIX64 machines to use IRIX.
-#
-if [ ${OS_ARCH} = "IRIX64" ]; then
- OS_ARCH="IRIX"
-fi
-
-#
-# Force the newer BSDI versions to use the old arch name.
-#
-
-if [ ${OS_ARCH} = "BSD_OS" ]; then
- OS_ARCH=BSD_386
-fi
-
-#
-# Catch Deterim if SVR4 is NCR or UNIXWARE
-#
-
-if [ ${OS_ARCH} = "UNIX_SV" ]; then
- if grep NCR /etc/bcheckrc ; then
- OS_ARCH=NCR
- else
- # Make UnixWare something human readable
- OS_ARCH=UNIXWARE
- fi
-
- # Get the OS release number, not 4.2
- OS_RELEASE=`uname -v`
-fi
-
-if [ ${OS_ARCH} = "UNIX_System_V" ]; then
- OS_ARCH=NEC
-fi
-
-if [ ${OS_ARCH} = "AIX" ]; then
- OS_MAJOR=`uname -v`
- OS_MINOR=`uname -r`
- OS_RELEASE=${OS_MAJOR}.${OS_MINOR}
-fi
-
-#
-# Distinguish between OSF1 V4.0B and V4.0D
-#
-
-if [ ${OS_ARCH}${OS_RELEASE} = "OSF1V4.0" ]; then
- OS_VERSION=`uname -v`
- if [ ${OS_VERSION} = "564" ]; then
- OS_RELEASE=V4.0B
- fi
- if [ ${OS_VERSION} = "878" ]; then
- OS_RELEASE=V4.0D
- fi
-fi
-
-#
-# SINIX changes name to ReliantUNIX with 5.43
-#
-
-if [ ${OS_ARCH} = "ReliantUNIX-N" ]; then
- OS_ARCH=ReliantUNIX
- OS_RELEASE=5.4
-fi
-
-if [ ${OS_ARCH} = "SINIX-N" ]; then
- OS_ARCH=ReliantUNIX
- OS_RELEASE=5.4
-fi
-
-#
-# Handle FreeBSD 2.2-STABLE and Linux 2.0.30-osfmach3
-#
-
-#if [(,$(filter-out Linux FreeBSD,${OS_ARCH}))
-#OS_RELEASE := $(shell echo $(OS_RELEASE) | sed 's/-.*//')
-#endif
-if [ ${OS_ARCH} = "Linux" ]; then
- OS_RELEASE=`echo ${OS_RELEASE} | sed 's/-.*//'`
-fi
-
-if [ ${OS_ARCH} = "Linux" ]; then
- OS_RELEASE=`echo ${OS_RELEASE} | sed 's;\\.[0123456789]*$;;'`
-fi
-
-#######################################################################
-# Master "Core Components" macros for getting the OS target #
-#######################################################################
-
-#
-# Note: OS_TARGET should be specified on the command line for gmake.
-# When OS_TARGET=WIN95 is specified, then a Windows 95 target is built.
-# The difference between the Win95 target and the WinNT target is that
-# the WinNT target uses Windows NT specific features not available
-# in Windows 95. The Win95 target will run on Windows NT, but (supposedly)
-# at lesser performance (the Win95 target uses threads; the WinNT target
-# uses fibers).
-#
-# When OS_TARGET=WIN16 is specified, then a Windows 3.11 (16bit) target
-# is built. See: win16_3.11.mk for lots more about the Win16 target.
-#
-# If OS_TARGET is not specified, it defaults to ${OS_ARCH}, i.e., no
-# cross-compilation.
-#
-
-#
-# The following hack allows one to build on a WIN95 machine (as if
-# s/he were cross-compiling on a WINNT host for a WIN95 target).
-# It also accomodates for MKS's uname.exe. If you never intend
-# to do development on a WIN95 machine, you don't need this. It doesn't
-# work any more anyway.
-#
-if [ ${OS_ARCH} = "WIN95" ]; then
- OS_ARCH=WINNT
- OS_TARGET=WIN95
-fi
-if [ ${OS_ARCH} = "Windows_95" ]; then
- OS_ARCH=Windows_NT
- OS_TARGET=WIN95
-fi
-
-#
-# On WIN32, we also define the variable CPU_ARCH.
-#
-
-if [ ${OS_ARCH} = "WINNT" ]; then
- CPU_ARCH=`uname -p`
- if [ ${CPU_ARCH} = "I386" ]; then
- CPU_ARCH=x386
- fi
-else
-#
-# If uname -s returns "Windows_NT", we assume that we are using
-# the uname.exe in MKS toolkit.
-#
-# The -r option of MKS uname only returns the major version number.
-# So we need to use its -v option to get the minor version number.
-# Moreover, it doesn't have the -p option, so we need to use uname -m.
-#
-if [ ${OS_ARCH} = "Windows_NT" ]; then
- OS_ARCH=WINNT
- OS_MINOR_RELEASE=`uname -v`
- if [ ${OS_MINOR_RELEASE} = "00" ]; then
- OS_MINOR_RELEASE=0
- fi
- OS_RELEASE=${OS_RELEASE}.${OS_MINOR_RELEASE}
- CPU_ARCH=`uname -m`
- #
- # MKS's uname -m returns "586" on a Pentium machine.
- #
- #ifneq (,$(findstring 86,$(CPU_ARCH)))
- if (echo $CPU_ARCH | grep 86) ; then
- CPU_ARCH=x386
- fi
-fi
-fi
-
-if [ ${OS_ARCH} = "Linux" ]; then
- IMPL_STRATEGY=_PTH
-
- if [ ${OS_TEST} = "ppc" ]; then
- CPU_TAG=_ppc
- elif [ ${OS_TEST} = "alpha" ]; then
- CPU_TAG=_alpha
- else
- CPU_TAG=_x86
- fi
- LIBC_TAG=_glibc
- ARCH=linux
-fi
-
-OS_TARGET=${OS_TARGET-${OS_ARCH}}
-
-if [ ${OS_TARGET} = "WIN95" ]; then
- OS_RELEASE=4.0
-fi
-
-if [ ${OS_TARGET} = "WIN16" ]; then
- OS_RELEASE=
-# OS_RELEASE = _3.11
-fi
-
-#
-# This variable is used to get OS_CONFIG.mk.
-#
-
-OS_CONFIG=${OS_TARGET}${OS_RELEASE}
-
-#
-# OBJDIR_TAG depends on the predefined variable BUILD_OPT,
-# to distinguish between debug and release builds.
-#
-
-if [ -n "${BUILD_OPT}" ]; then
- if [ ${OS_TARGET} = "WIN16" ]; then
- OBJDIR_TAG=_O
- else
- OBJDIR_TAG=${A64BIT_TAG}_OPT
- fi
-else
- if [ -n "${BUILD_IDG}" ]; then
- if [ ${OS_TARGET} = "WIN16" ]; then
- OBJDIR_TAG=_I
- else
- OBJDIR_TAG=${A64BIT_TAG}_IDG
- fi
- else
- if [ ${OS_TARGET} = WIN16 ]; then
- OBJDIR_TAG=_D
- else
- OBJDIR_TAG=${A64BIT_TAG}_DBG
- fi
- fi
-fi
-
-#
-# The following flags are defined in the individual $(OS_CONFIG).mk
-# files.
-#
-# CPU_TAG is defined if the CPU is not the most common CPU.
-# COMPILER_TAG is defined if the compiler is not the native compiler.
-# IMPL_STRATEGY may be defined too.
-#
-
-# Name of the binary code directories
-#ifeq (${OS_ARCH}, WINNT)
-# ifeq ($(CPU_ARCH),x386)
-## OBJDIR_NAME=$(OS_CONFIG)$(OBJDIR_TAG).OBJ
-# else
-# OBJDIR_NAME=$(OS_CONFIG)$(CPU_ARCH)$(OBJDIR_TAG).OBJ
-# endif
-#else
-#endif
-
-OBJDIR_NAME=${OS_CONFIG}${CPU_TAG}${COMPILER_TAG}${LIBC_TAG}${IMPL_STRATEGY}${OBJDIR_TAG}'.OBJ'
-
-#export OS_CONFIG OS_ARCH OBJDIR_NAME OS_RELEASE OBJDIR_TAG
-export OS_ARCH
-
-if [ ${OS_ARCH} = "WINNT" ]; then
-if [ ${OS_TARGET} != "WIN16" ]; then
-if [ -z "${BUILD_OPT}" ]; then
-#
-# Define USE_DEBUG_RTL if you want to use the debug runtime library
-# (RTL) in the debug build
-#
-if [ -n "${USE_DEBUG_RTL}" ]; then
- OBJDIR_NAME=${OS_CONFIG}${CPU_TAG}${COMPILER_TAG}${IMPL_STRATEGY}${OBJDIR_TAG}.OBJD
-fi
-fi
-fi
-fi
-
diff --git a/security/nss/tests/common/init.sh b/security/nss/tests/common/init.sh
deleted file mode 100644
index 019483922..000000000
--- a/security/nss/tests/common/init.sh
+++ /dev/null
@@ -1,64 +0,0 @@
-#! /bin/sh
-#
-# Initialize a bunch of variables that may tests would be interested in
-#
-#
-mozilla_root=`(cd ../../../..; pwd)`
-common=`(cd ../common; pwd)`
-MOZILLA_ROOT=${MOZILLA_ROOT-$mozilla_root}
-COMMON=${TEST_COMMON-$common}
-DIST=${DIST-${MOZILLA_ROOT}/dist}
-SECURITY_ROOT=${SECURITY_ROOT-${MOZILLA_ROOT}/security/nss}
-TESTDIR=${TESTDIR-${MOZILLA_ROOT}/tests_results/security}
-. ../common/arch.sh
-OBJDIR=${OBJDIR_NAME}
-if [ ${OS_ARCH} == "WINNT" ]; then
-PATH=${DIST}/${OBJDIR}/bin\;${DIST}/${OBJDIR}/lib\;$PATH
-else
-PATH=${DIST}/${OBJDIR}/bin:${DIST}/${OBJDIR}/lib:$PATH
-fi
-export PATH
-LD_LIBRARY_PATH=${DIST}/${OBJDIR}/lib
-export LD_LIBRARY_PATH
-echo "Creating ${TESTDIR}"
-if [ ! -d ${TESTDIR} ]; then
- mkdir -p ${TESTDIR}
-fi
-
-if [ ! -s "${HOSTDIR}" ]; then
- version=1
- if [ -f ${TESTDIR}/${HOST} ]; then
- version=`cat ${TESTDIR}/${HOST}`
- fi
- expr $version + 1 > ${TESTDIR}/${HOST}
-
- HOSTDIR=${TESTDIR}/${HOST}'.'$version
-fi
-
-if [ ! -d ${HOSTDIR} ]; then
- mkdir -p ${HOSTDIR}
-fi
-
-RESULTS=${HOSTDIR}/results.html
-if [ ! -f "${RESULTS}" ]; then
-
- cp ${COMMON}/results_header.html ${RESULTS}
- echo "<H4>Platform: ${OBJDIR}<BR>" >> ${RESULTS}
- echo "Test Run: ${HOST}.$version</H4>" >> ${RESULTS}
- echo "<HR><BR>" >> ${RESULTS}
-
- echo "********************************************"
- echo " Platform: ${OBJDIR}"
- echo " Results: ${HOST}.$version"
- echo "********************************************"
-fi
-
-
-KILL="kill"
-if [ ${OS_ARCH} = "Linux" ]; then
- SLEEP="sleep 30"
-fi
-
-export KILL
-
-
diff --git a/security/nss/tests/common/results_header.html b/security/nss/tests/common/results_header.html
deleted file mode 100644
index c09685b11..000000000
--- a/security/nss/tests/common/results_header.html
+++ /dev/null
@@ -1,6 +0,0 @@
-<HTML>
-<HEAD>
-<TITLE>Test Report for NSS</TITLE>
-</HEAD>
-<BODY BGCOLOR="#FFFFFF">
-<CENTER><H3>Test Report for NSS</H3></CENTER>
diff --git a/security/nss/tests/pkcs11/netscape/trivial/.cvsignore b/security/nss/tests/pkcs11/netscape/trivial/.cvsignore
deleted file mode 100644
index e3884c884..000000000
--- a/security/nss/tests/pkcs11/netscape/trivial/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-Makefile
-config.cache
-config.h
-config.log
-config.status
-trivial*.tar.gz
diff --git a/security/nss/tests/pkcs11/netscape/trivial/Makefile.in b/security/nss/tests/pkcs11/netscape/trivial/Makefile.in
deleted file mode 100644
index 7f9488350..000000000
--- a/security/nss/tests/pkcs11/netscape/trivial/Makefile.in
+++ /dev/null
@@ -1,175 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is a trivial PKCS#11 test program.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corp. Portions created by Netscape are
-# Copyright (C) 2000. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-MAKEFILE_IN_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-SHELL = /bin/sh
-.SUFFIXES:
-.SUFFIXES: .c .o .h .in .a .so
-
-srcdir = @srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-includedir = @includedir@
-bindir = @bindir@
-@SET_MAKE@
-INSTALL = @INSTALL@
-RANLIB = @RANLIB@
-AR = @AR@
-CC = @CC@
-LD = @LD@
-RM = @RM@
-TAR = @TAR@
-
-CPPFLAGS = @CPPFLAGS@
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-
-INSTALL_PROGRAM = $(INSTALL) -m 0500
-
-all:: program
-
-# Standard Netscape/Mozilla targets:
-# import import_xp export private_export libs program install all clobber
-# clobber_all release release_xp alltags
-
-# Standard GNU targets:
-# all install uninstall install-strip clean distclean mostlyclean
-# maintainer-clean TAGS info dvi dist check installcheck installdirs
-
-# === The actual targets and the real commands that make them ===
-program:: trivial
-
-trivial: trivial.c config.h Makefile
- $(CC) -I. -I${srcdir} $(CFLAGS) $(CPPFLAGS) $< -o $@ $(LDFLAGS) $(LIBS)
-
-# Now, various standard targets, some that do stuff, some that are no-ops
-
-import::
-
-export:: install
-
-private_export::
-
-program::
-
-clobber:: clean
-
-clobber_all:: maintainer-clean
-
-alltags:: TAGS
-
-RESULTS = \
- $(DESTDIR)$(bindir)/trivial \
- $(NULL)
-
-install:: $(RESULTS)
-
-$(DESTDIR)$(bindir)/trivial: trivial
- $(INSTALL_PROGRAM) trivial $(DESTDIR)$(bindir)/trivial
-
-# "rm -f" with no arguments bites on some platforms.
-# There should be an autoconf check and maybe a more
-# general $(FORCEDREMOVE) command
-
-uninstall::
- $(RM) -f $(RESULTS)
-
-install-strip::
- $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s ' install
-
-clean::
- $(RM) -f *~ core trivial.o trivial
-
-distclean:: clean
- $(RM) -f Makefile config.cache config.h config.log config.status stamp-h stamp-h.in
-
-mostlyclean:: clean
-
-maintainer-clean:: distclean
- $(RM) -f TAGS trivial*.tar.gz
-
-TAGS::
-
-DISTFILES = \
- .cvsignore \
- README.txt \
- Makefile.in \
- acconfig.h \
- config.h.in \
- configure \
- configure.in \
- install-sh \
- trivial.c \
- $(NULL)
-
-dist:: trivial.tar.gz
-
-# There must be an easier and more portable way of doing this..
-trivial.tar.gz: $(DISTFILES)
- echo $(DISTFILES) | tr ' ' '\n' | sed "s^.*^`( cd ${srcdir}; pwd ) | xargs basename`/&^" | xargs tar czf $@ -C ${srcdir}/..
-
-# other "standard" but irrelevant targets
-info::
-
-dvi::
-
-check::
-
-installcheck::
-
-installdirs::
-
-# Include dependancies
-
-
-# autoheader might not change config.h.in, so touch a stamp file
-${srcdir}/config.h.in: stamp-h.in
-${srcdir}/stamp-h.in: configure.in acconfig.h
- cd ${srcdir} && autoheader
- echo timestamp > ${srcdir}/stamp-h.in
-
-# Remake the configuration
-${srcdir}/configure: configure.in
- cd ${srcdir} && autoconf
-
-config.h: stamp-h
-stamp-h: config.h.in config.status
- ./config.status
-
-Makefile: Makefile.in config.status
- ./config.status
-
-config.status: configure
- ./config.status --recheck
diff --git a/security/nss/tests/pkcs11/netscape/trivial/README.txt b/security/nss/tests/pkcs11/netscape/trivial/README.txt
deleted file mode 100644
index 5c18a5089..000000000
--- a/security/nss/tests/pkcs11/netscape/trivial/README.txt
+++ /dev/null
@@ -1,56 +0,0 @@
-This is a very trivial program that loads and excercises a PKCS#11
-module, trying basic operations. I used it as a basic check that
-my data-only modules for NSS worked, and I'm including it here as
-a first sample test program.
-
-
-This program uses GNU autoconf: run ./configure --help for info.
-In addition to the standard options, the configure script accepts
-the following:
-
- --with-nspr[=path] specify location of NSPR
- --with-nss-dist[=path] specify path to NSS dist directory
- --with-nss-hdrs[=path] or, specify path to installed NSS headers
- --with-rsa-hdrs[=path] if not using NSS, specify path to RSA headers
- --disable-debug default is enabled
-
-This program uses NSPR; you may specify the path to your NSPR
-installation by using the "--with-nspr" option. The specified
-directory should be the one containing "include" and "lib."
-If this option is not given, the default is the usual prefix
-directories; see ./configure --help for more info.
-
-This program requires either the pkcs11*.h files from RSA, or
-the NSS equivalents. To specify their location, you must
-specify one of --with-nss-dist, --with-nss-hdrs, or --with-rsa-hdrs.
-
-If you have an NSS build tree, specify --with-nss-dist and provide
-the path to the mozilla/dist/*.OBJ directory. (If you got this
-package by checking it out from mozilla, it should be about six
-directories up, once you've built NSS.)
-
-Alternatively, if you have an NSS installation (including "private"
-files, e.g. "ck.h") you may point directly to the directory containing
-the headers with --with-nss-hdrs.
-
-If you would rather use the RSA-provided header files, or your own
-versions of them, specify their location with --with-rsa-hdrs.
-
-The flag --disable-debug doesn't really do much here other than
-exclude the CVS_ID info from the binary.
-
-
-To run the program, specify the name of the .so (or your platform's
-equivalent) containing the module to be tested, e.g.:
-
- ./trivial ../../../../../../dist/*.OBJ/lib/libnssckbi.so
-
-
-If you're using NSS, and using our experimental "installer's
-arguments" fields in CK_C_INITIALIZE_ARGS, you can specify an
-"installer argument" with the -i flag:
-
- ./trivial -i ~/.netscape/certs.db [...]/libnssckdb.so
-
-
-Share and enjoy.
diff --git a/security/nss/tests/pkcs11/netscape/trivial/acconfig.h b/security/nss/tests/pkcs11/netscape/trivial/acconfig.h
deleted file mode 100644
index 36f98f87a..000000000
--- a/security/nss/tests/pkcs11/netscape/trivial/acconfig.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is a trivial PKCS#11 test program.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/* Define to use NSS header files instead of the regular RSA ones */
-#undef WITH_NSS
-
diff --git a/security/nss/tests/pkcs11/netscape/trivial/config.h.in b/security/nss/tests/pkcs11/netscape/trivial/config.h.in
deleted file mode 100644
index bf5d5f3b5..000000000
--- a/security/nss/tests/pkcs11/netscape/trivial/config.h.in
+++ /dev/null
@@ -1,28 +0,0 @@
-/* config.h.in. Generated automatically from configure.in by autoheader. */
-
-/* Define to empty if the keyword does not work. */
-#undef const
-
-/* Define to use NSS header files instead of the regular RSA ones */
-#undef WITH_NSS
-
-/* Define if you have the memset function. */
-#undef HAVE_MEMSET
-
-/* Define if you have the strlen function. */
-#undef HAVE_STRLEN
-
-/* Define if you have the <ck.h> header file. */
-#undef HAVE_CK_H
-
-/* Define if you have the <nspr.h> header file. */
-#undef HAVE_NSPR_H
-
-/* Define if you have the <pkcs11.h> header file. */
-#undef HAVE_PKCS11_H
-
-/* Define if you have the <pkcs11t.h> header file. */
-#undef HAVE_PKCS11T_H
-
-/* Define if you have the nspr4 library (-lnspr4). */
-#undef HAVE_LIBNSPR4
diff --git a/security/nss/tests/pkcs11/netscape/trivial/configure b/security/nss/tests/pkcs11/netscape/trivial/configure
deleted file mode 100755
index d9571ccdd..000000000
--- a/security/nss/tests/pkcs11/netscape/trivial/configure
+++ /dev/null
@@ -1,1906 +0,0 @@
-#! /bin/sh
-
-# Guess values for system-dependent variables and create Makefiles.
-# Generated automatically using autoconf version 2.13
-# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc.
-#
-# This configure script is free software; the Free Software Foundation
-# gives unlimited permission to copy, distribute and modify it.
-
-# Defaults:
-ac_help=
-ac_default_prefix=/usr/local
-# Any additions from configure.in:
-ac_help="$ac_help
- --with-nspr[=path] specify location of NSPR"
-ac_help="$ac_help
- --with-nss-dist[=path] specify path to NSS dist directory"
-ac_help="$ac_help
- --with-nss-hdrs[=path] or, specify path to installed NSS headers"
-ac_help="$ac_help
- --with-rsa-hdrs[=path] if not using NSS, specify path to RSA headers"
-ac_help="$ac_help
- --disable-debug default is enabled"
-
-# Initialize some variables set by options.
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-build=NONE
-cache_file=./config.cache
-exec_prefix=NONE
-host=NONE
-no_create=
-nonopt=NONE
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-target=NONE
-verbose=
-x_includes=NONE
-x_libraries=NONE
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datadir='${prefix}/share'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-libdir='${exec_prefix}/lib'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-infodir='${prefix}/info'
-mandir='${prefix}/man'
-
-# Initialize some other variables.
-subdirs=
-MFLAGS= MAKEFLAGS=
-SHELL=${CONFIG_SHELL-/bin/sh}
-# Maximum number of lines to put in a shell here document.
-ac_max_here_lines=12
-
-ac_prev=
-for ac_option
-do
-
- # If the previous option needs an argument, assign it.
- if test -n "$ac_prev"; then
- eval "$ac_prev=\$ac_option"
- ac_prev=
- continue
- fi
-
- case "$ac_option" in
- -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
- *) ac_optarg= ;;
- esac
-
- # Accept the important Cygnus configure options, so we can diagnose typos.
-
- case "$ac_option" in
-
- -bindir | --bindir | --bindi | --bind | --bin | --bi)
- ac_prev=bindir ;;
- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
- bindir="$ac_optarg" ;;
-
- -build | --build | --buil | --bui | --bu)
- ac_prev=build ;;
- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
- build="$ac_optarg" ;;
-
- -cache-file | --cache-file | --cache-fil | --cache-fi \
- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
- ac_prev=cache_file ;;
- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
- cache_file="$ac_optarg" ;;
-
- -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
- ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
- | --da=*)
- datadir="$ac_optarg" ;;
-
- -disable-* | --disable-*)
- ac_feature=`echo $ac_option|sed -e 's/-*disable-//'`
- # Reject names that are not valid shell variable names.
- if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then
- { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
- fi
- ac_feature=`echo $ac_feature| sed 's/-/_/g'`
- eval "enable_${ac_feature}=no" ;;
-
- -enable-* | --enable-*)
- ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'`
- # Reject names that are not valid shell variable names.
- if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then
- { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
- fi
- ac_feature=`echo $ac_feature| sed 's/-/_/g'`
- case "$ac_option" in
- *=*) ;;
- *) ac_optarg=yes ;;
- esac
- eval "enable_${ac_feature}='$ac_optarg'" ;;
-
- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
- | --exec | --exe | --ex)
- ac_prev=exec_prefix ;;
- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
- | --exec=* | --exe=* | --ex=*)
- exec_prefix="$ac_optarg" ;;
-
- -gas | --gas | --ga | --g)
- # Obsolete; use --with-gas.
- with_gas=yes ;;
-
- -help | --help | --hel | --he)
- # Omit some internal or obsolete options to make the list less imposing.
- # This message is too long to be a string in the A/UX 3.1 sh.
- cat << EOF
-Usage: configure [options] [host]
-Options: [defaults in brackets after descriptions]
-Configuration:
- --cache-file=FILE cache test results in FILE
- --help print this message
- --no-create do not create output files
- --quiet, --silent do not print \`checking...' messages
- --version print the version of autoconf that created configure
-Directory and file names:
- --prefix=PREFIX install architecture-independent files in PREFIX
- [$ac_default_prefix]
- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- [same as prefix]
- --bindir=DIR user executables in DIR [EPREFIX/bin]
- --sbindir=DIR system admin executables in DIR [EPREFIX/sbin]
- --libexecdir=DIR program executables in DIR [EPREFIX/libexec]
- --datadir=DIR read-only architecture-independent data in DIR
- [PREFIX/share]
- --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data in DIR
- [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var]
- --libdir=DIR object code libraries in DIR [EPREFIX/lib]
- --includedir=DIR C header files in DIR [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include]
- --infodir=DIR info documentation in DIR [PREFIX/info]
- --mandir=DIR man documentation in DIR [PREFIX/man]
- --srcdir=DIR find the sources in DIR [configure dir or ..]
- --program-prefix=PREFIX prepend PREFIX to installed program names
- --program-suffix=SUFFIX append SUFFIX to installed program names
- --program-transform-name=PROGRAM
- run sed PROGRAM on installed program names
-EOF
- cat << EOF
-Host type:
- --build=BUILD configure for building on BUILD [BUILD=HOST]
- --host=HOST configure for HOST [guessed]
- --target=TARGET configure for TARGET [TARGET=HOST]
-Features and packages:
- --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
- --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --x-includes=DIR X include files are in DIR
- --x-libraries=DIR X library files are in DIR
-EOF
- if test -n "$ac_help"; then
- echo "--enable and --with options recognized:$ac_help"
- fi
- exit 0 ;;
-
- -host | --host | --hos | --ho)
- ac_prev=host ;;
- -host=* | --host=* | --hos=* | --ho=*)
- host="$ac_optarg" ;;
-
- -includedir | --includedir | --includedi | --included | --include \
- | --includ | --inclu | --incl | --inc)
- ac_prev=includedir ;;
- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
- | --includ=* | --inclu=* | --incl=* | --inc=*)
- includedir="$ac_optarg" ;;
-
- -infodir | --infodir | --infodi | --infod | --info | --inf)
- ac_prev=infodir ;;
- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
- infodir="$ac_optarg" ;;
-
- -libdir | --libdir | --libdi | --libd)
- ac_prev=libdir ;;
- -libdir=* | --libdir=* | --libdi=* | --libd=*)
- libdir="$ac_optarg" ;;
-
- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
- | --libexe | --libex | --libe)
- ac_prev=libexecdir ;;
- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
- | --libexe=* | --libex=* | --libe=*)
- libexecdir="$ac_optarg" ;;
-
- -localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst \
- | --locals | --local | --loca | --loc | --lo)
- ac_prev=localstatedir ;;
- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* \
- | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
- localstatedir="$ac_optarg" ;;
-
- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
- ac_prev=mandir ;;
- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
- mandir="$ac_optarg" ;;
-
- -nfp | --nfp | --nf)
- # Obsolete; use --without-fp.
- with_fp=no ;;
-
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c)
- no_create=yes ;;
-
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- no_recursion=yes ;;
-
- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
- | --oldin | --oldi | --old | --ol | --o)
- ac_prev=oldincludedir ;;
- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
- oldincludedir="$ac_optarg" ;;
-
- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
- ac_prev=prefix ;;
- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
- prefix="$ac_optarg" ;;
-
- -program-prefix | --program-prefix | --program-prefi | --program-pref \
- | --program-pre | --program-pr | --program-p)
- ac_prev=program_prefix ;;
- -program-prefix=* | --program-prefix=* | --program-prefi=* \
- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
- program_prefix="$ac_optarg" ;;
-
- -program-suffix | --program-suffix | --program-suffi | --program-suff \
- | --program-suf | --program-su | --program-s)
- ac_prev=program_suffix ;;
- -program-suffix=* | --program-suffix=* | --program-suffi=* \
- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
- program_suffix="$ac_optarg" ;;
-
- -program-transform-name | --program-transform-name \
- | --program-transform-nam | --program-transform-na \
- | --program-transform-n | --program-transform- \
- | --program-transform | --program-transfor \
- | --program-transfo | --program-transf \
- | --program-trans | --program-tran \
- | --progr-tra | --program-tr | --program-t)
- ac_prev=program_transform_name ;;
- -program-transform-name=* | --program-transform-name=* \
- | --program-transform-nam=* | --program-transform-na=* \
- | --program-transform-n=* | --program-transform-=* \
- | --program-transform=* | --program-transfor=* \
- | --program-transfo=* | --program-transf=* \
- | --program-trans=* | --program-tran=* \
- | --progr-tra=* | --program-tr=* | --program-t=*)
- program_transform_name="$ac_optarg" ;;
-
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
- | --sbi=* | --sb=*)
- sbindir="$ac_optarg" ;;
-
- -sharedstatedir | --sharedstatedir | --sharedstatedi \
- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
- | --sharedst | --shareds | --shared | --share | --shar \
- | --sha | --sh)
- ac_prev=sharedstatedir ;;
- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
- | --sha=* | --sh=*)
- sharedstatedir="$ac_optarg" ;;
-
- -site | --site | --sit)
- ac_prev=site ;;
- -site=* | --site=* | --sit=*)
- site="$ac_optarg" ;;
-
- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
- ac_prev=srcdir ;;
- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
- srcdir="$ac_optarg" ;;
-
- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
- | --syscon | --sysco | --sysc | --sys | --sy)
- ac_prev=sysconfdir ;;
- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
- sysconfdir="$ac_optarg" ;;
-
- -target | --target | --targe | --targ | --tar | --ta | --t)
- ac_prev=target ;;
- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
- target="$ac_optarg" ;;
-
- -v | -verbose | --verbose | --verbos | --verbo | --verb)
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers)
- echo "configure generated by autoconf version 2.13"
- exit 0 ;;
-
- -with-* | --with-*)
- ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'`
- # Reject names that are not valid shell variable names.
- if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then
- { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
- fi
- ac_package=`echo $ac_package| sed 's/-/_/g'`
- case "$ac_option" in
- *=*) ;;
- *) ac_optarg=yes ;;
- esac
- eval "with_${ac_package}='$ac_optarg'" ;;
-
- -without-* | --without-*)
- ac_package=`echo $ac_option|sed -e 's/-*without-//'`
- # Reject names that are not valid shell variable names.
- if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then
- { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
- fi
- ac_package=`echo $ac_package| sed 's/-/_/g'`
- eval "with_${ac_package}=no" ;;
-
- --x)
- # Obsolete; use --with-x.
- with_x=yes ;;
-
- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
- | --x-incl | --x-inc | --x-in | --x-i)
- ac_prev=x_includes ;;
- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
- x_includes="$ac_optarg" ;;
-
- -x-libraries | --x-libraries | --x-librarie | --x-librari \
- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
- ac_prev=x_libraries ;;
- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
- x_libraries="$ac_optarg" ;;
-
- -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; }
- ;;
-
- *)
- if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then
- echo "configure: warning: $ac_option: invalid host type" 1>&2
- fi
- if test "x$nonopt" != xNONE; then
- { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; }
- fi
- nonopt="$ac_option"
- ;;
-
- esac
-done
-
-if test -n "$ac_prev"; then
- { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; }
-fi
-
-trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15
-
-# File descriptor usage:
-# 0 standard input
-# 1 file creation
-# 2 errors and warnings
-# 3 some systems may open it to /dev/tty
-# 4 used on the Kubota Titan
-# 6 checking for... messages and results
-# 5 compiler messages saved in config.log
-if test "$silent" = yes; then
- exec 6>/dev/null
-else
- exec 6>&1
-fi
-exec 5>./config.log
-
-echo "\
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-" 1>&5
-
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Also quote any args containing shell metacharacters.
-ac_configure_args=
-for ac_arg
-do
- case "$ac_arg" in
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c) ;;
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;;
- *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*)
- ac_configure_args="$ac_configure_args '$ac_arg'" ;;
- *) ac_configure_args="$ac_configure_args $ac_arg" ;;
- esac
-done
-
-# NLS nuisances.
-# Only set these to C if already set. These must not be set unconditionally
-# because not all systems understand e.g. LANG=C (notably SCO).
-# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'!
-# Non-C LC_CTYPE values break the ctype check.
-if test "${LANG+set}" = set; then LANG=C; export LANG; fi
-if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi
-if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi
-if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -rf conftest* confdefs.h
-# AIX cpp loses on an empty file, so make sure it contains at least a newline.
-echo > confdefs.h
-
-# A filename unique to this package, relative to the directory that
-# configure is in, which we can look for to find out if srcdir is correct.
-ac_unique_file=trivial.c
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
- ac_srcdir_defaulted=yes
- # Try the directory containing this script, then its parent.
- ac_prog=$0
- ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'`
- test "x$ac_confdir" = "x$ac_prog" && ac_confdir=.
- srcdir=$ac_confdir
- if test ! -r $srcdir/$ac_unique_file; then
- srcdir=..
- fi
-else
- ac_srcdir_defaulted=no
-fi
-if test ! -r $srcdir/$ac_unique_file; then
- if test "$ac_srcdir_defaulted" = yes; then
- { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; }
- else
- { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; }
- fi
-fi
-srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'`
-
-# Prefer explicitly selected file to automatically selected ones.
-if test -z "$CONFIG_SITE"; then
- if test "x$prefix" != xNONE; then
- CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
- else
- CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
- fi
-fi
-for ac_site_file in $CONFIG_SITE; do
- if test -r "$ac_site_file"; then
- echo "loading site script $ac_site_file"
- . "$ac_site_file"
- fi
-done
-
-if test -r "$cache_file"; then
- echo "loading cache $cache_file"
- . $cache_file
-else
- echo "creating cache $cache_file"
- > $cache_file
-fi
-
-ac_ext=c
-# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-cross_compiling=$ac_cv_prog_cc_cross
-
-ac_exeext=
-ac_objext=o
-if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
- # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
- if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
- ac_n= ac_c='
-' ac_t=' '
- else
- ac_n=-n ac_c= ac_t=
- fi
-else
- ac_n= ac_c='\c' ac_t=
-fi
-
-
-
-echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6
-echo "configure:537: checking whether ${MAKE-make} sets \${MAKE}" >&5
-set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'`
-if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- cat > conftestmake <<\EOF
-all:
- @echo 'ac_maketemp="${MAKE}"'
-EOF
-# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
-eval `${MAKE-make} -f conftestmake 2>/dev/null | grep temp=`
-if test -n "$ac_maketemp"; then
- eval ac_cv_prog_make_${ac_make}_set=yes
-else
- eval ac_cv_prog_make_${ac_make}_set=no
-fi
-rm -f conftestmake
-fi
-if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then
- echo "$ac_t""yes" 1>&6
- SET_MAKE=
-else
- echo "$ac_t""no" 1>&6
- SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-
-# Check whether --with-nspr or --without-nspr was given.
-if test "${with_nspr+set}" = set; then
- withval="$with_nspr"
- case "$withval" in
- no)
- { echo "configure: error: NSPR is required" 1>&2; exit 1; };;
- yes)
- NSPR_INCLUDE="$includedir"
- NSPR_LIBPATH="$libdir"
- ;;
- *)
- NSPR_INCLUDE="$withval/include"
- NSPR_LIBPATH="$withval/lib"
- ;;
- esac
-else
- NSPR_INCLUDE="$includedir"
- NSPR_LIBPATH="$libdir"
-
-fi
-
-
-NSPR_CFLAGS="-I$NSPR_INCLUDE"
-NSPR_LDFLAGS="-L$NSPR_LIBPATH -lnspr4 -lplc4 -lplds4"
-
-
-# Check whether --with-nss-dist or --without-nss-dist was given.
-if test "${with_nss_dist+set}" = set; then
- withval="$with_nss_dist"
- case "$withval" in
- no)
- NSS_CFLAGS=""
- nss="0"
- ;;
- yes)
- { echo "configure: error: You have to specify a path for --with-nss-dist" 1>&2; exit 1; }
- ;;
- *)
- NSS_CFLAGS="-I$withval/private/security -I$withval/public/security"
- nss="1"
- ;;
- esac
-fi
-
-
-# Check whether --with-nss-hdrs or --without-nss-hdrs was given.
-if test "${with_nss_hdrs+set}" = set; then
- withval="$with_nss_hdrs"
- if test "x$nss" != "x"; then
- { echo "configure: error: Only specify --with-nss-hdrs or --with-nss-dist" 1>&2; exit 1; }
- fi
- case "$withval" in
- no)
- NSS_CFLAGS=""
- nss="0"
- ;;
- yes)
- NSS_CFLAGS="-I$includedir"
- nss="1"
- ;;
- *)
- NSS_CFLAGS="-I$withval"
- nss="1"
- ;;
- esac
-fi
-
-
-# Check whether --with-rsa-hdrs or --without-rsa-hdrs was given.
-if test "${with_rsa_hdrs+set}" = set; then
- withval="$with_rsa_hdrs"
- if test "x$nss" != "x"; then
- { echo "configure: error: Only specify --with-nss-{hdrs" 1>&2; exit 1; }
- fi
- case "$withval" in
- no)
- rsa="0"
- ;;
- yes)
- RSA_INCLUDE="$includedir"
- rsa="1"
- ;;
- *)
- RSA_INCLUDE="$withval"
- rsa="1"
- ;;
- esac
-fi
-
-
-if test "x$nss" = "x"; then
- if test "x$rsa" = "x"; then
- RSA_INCLUDE="$includedir"
- fi
- RSA_CFLAGS="-I$RSA_INCLUDE"
-fi
-
-if test "x$nss" = "x1"; then
- cat >> confdefs.h <<\EOF
-#define WITH_NSS 1
-EOF
-
-fi
-
-
-
-if test "x$rsa" = "x1"; then
- RSA_CFLAGS-"-I$RSA_INCLUDE"
-fi
-
-# Check whether --enable-debug or --disable-debug was given.
-if test "${enable_debug+set}" = set; then
- enableval="$enable_debug"
- case "$enableval" in
- no)
- DEBUG_CFLAGS="";;
- yes)
- DEBUG_CFLAGS="-DDEBUG";;
- *)
- DEBUG_CFLAGS="-DDEBUG";;
- esac
-else
- DEBUG_CFLAGS="-DDEBUG"
-fi
-
-
-# Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:693: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
- ac_dummy="$PATH"
- for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_prog_CC="gcc"
- break
- fi
- done
- IFS="$ac_save_ifs"
-fi
-fi
-CC="$ac_cv_prog_CC"
-if test -n "$CC"; then
- echo "$ac_t""$CC" 1>&6
-else
- echo "$ac_t""no" 1>&6
-fi
-
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:723: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
- ac_prog_rejected=no
- ac_dummy="$PATH"
- for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- break
- fi
- done
- IFS="$ac_save_ifs"
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $# -gt 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- set dummy "$ac_dir/$ac_word" "$@"
- shift
- ac_cv_prog_CC="$@"
- fi
-fi
-fi
-fi
-CC="$ac_cv_prog_CC"
-if test -n "$CC"; then
- echo "$ac_t""$CC" 1>&6
-else
- echo "$ac_t""no" 1>&6
-fi
-
- if test -z "$CC"; then
- case "`uname -s`" in
- *win32* | *WIN32*)
- # Extract the first word of "cl", so it can be a program name with args.
-set dummy cl; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:774: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
- ac_dummy="$PATH"
- for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_prog_CC="cl"
- break
- fi
- done
- IFS="$ac_save_ifs"
-fi
-fi
-CC="$ac_cv_prog_CC"
-if test -n "$CC"; then
- echo "$ac_t""$CC" 1>&6
-else
- echo "$ac_t""no" 1>&6
-fi
- ;;
- esac
- fi
- test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; }
-fi
-
-echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
-echo "configure:806: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
-
-ac_ext=c
-# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-cross_compiling=$ac_cv_prog_cc_cross
-
-cat > conftest.$ac_ext << EOF
-
-#line 817 "configure"
-#include "confdefs.h"
-
-main(){return(0);}
-EOF
-if { (eval echo configure:822: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- ac_cv_prog_cc_works=yes
- # If we can't run a trivial program, we are probably using a cross compiler.
- if (./conftest; exit) 2>/dev/null; then
- ac_cv_prog_cc_cross=no
- else
- ac_cv_prog_cc_cross=yes
- fi
-else
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- ac_cv_prog_cc_works=no
-fi
-rm -fr conftest*
-ac_ext=c
-# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-cross_compiling=$ac_cv_prog_cc_cross
-
-echo "$ac_t""$ac_cv_prog_cc_works" 1>&6
-if test $ac_cv_prog_cc_works = no; then
- { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
-fi
-echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
-echo "configure:848: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
-echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
-cross_compiling=$ac_cv_prog_cc_cross
-
-echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
-echo "configure:853: checking whether we are using GNU C" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- cat > conftest.c <<EOF
-#ifdef __GNUC__
- yes;
-#endif
-EOF
-if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:862: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
- ac_cv_prog_gcc=yes
-else
- ac_cv_prog_gcc=no
-fi
-fi
-
-echo "$ac_t""$ac_cv_prog_gcc" 1>&6
-
-if test $ac_cv_prog_gcc = yes; then
- GCC=yes
-else
- GCC=
-fi
-
-ac_test_CFLAGS="${CFLAGS+set}"
-ac_save_CFLAGS="$CFLAGS"
-CFLAGS=
-echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
-echo "configure:881: checking whether ${CC-cc} accepts -g" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- echo 'void f(){}' > conftest.c
-if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then
- ac_cv_prog_cc_g=yes
-else
- ac_cv_prog_cc_g=no
-fi
-rm -f conftest*
-
-fi
-
-echo "$ac_t""$ac_cv_prog_cc_g" 1>&6
-if test "$ac_test_CFLAGS" = set; then
- CFLAGS="$ac_save_CFLAGS"
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-
-echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:913: checking how to run the C preprocessor" >&5
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-fi
-if test -z "$CPP"; then
-if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- # This must be in double quotes, not single quotes, because CPP may get
- # substituted into the Makefile and "${CC-cc}" will confuse make.
- CPP="${CC-cc} -E"
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp.
- cat > conftest.$ac_ext <<EOF
-#line 928 "configure"
-#include "confdefs.h"
-#include <assert.h>
-Syntax Error
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:934: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
- :
-else
- echo "$ac_err" >&5
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- CPP="${CC-cc} -E -traditional-cpp"
- cat > conftest.$ac_ext <<EOF
-#line 945 "configure"
-#include "confdefs.h"
-#include <assert.h>
-Syntax Error
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:951: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
- :
-else
- echo "$ac_err" >&5
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- CPP="${CC-cc} -nologo -E"
- cat > conftest.$ac_ext <<EOF
-#line 962 "configure"
-#include "confdefs.h"
-#include <assert.h>
-Syntax Error
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:968: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
- :
-else
- echo "$ac_err" >&5
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- CPP=/lib/cpp
-fi
-rm -f conftest*
-fi
-rm -f conftest*
-fi
-rm -f conftest*
- ac_cv_prog_CPP="$CPP"
-fi
- CPP="$ac_cv_prog_CPP"
-else
- ac_cv_prog_CPP="$CPP"
-fi
-echo "$ac_t""$CPP" 1>&6
-
-ac_aux_dir=
-for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
- if test -f $ac_dir/install-sh; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install-sh -c"
- break
- elif test -f $ac_dir/install.sh; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install.sh -c"
- break
- fi
-done
-if test -z "$ac_aux_dir"; then
- { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; }
-fi
-ac_config_guess=$ac_aux_dir/config.guess
-ac_config_sub=$ac_aux_dir/config.sub
-ac_configure=$ac_aux_dir/configure # This should be Cygnus configure.
-
-# Find a good install program. We prefer a C program (faster),
-# so one script is as good as another. But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# ./install, which can be erroneously created by make from ./install.sh.
-echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
-echo "configure:1023: checking for a BSD compatible install" >&5
-if test -z "$INSTALL"; then
-if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":"
- for ac_dir in $PATH; do
- # Account for people who put trailing slashes in PATH elements.
- case "$ac_dir/" in
- /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
- # Don't use installbsd from OSF since it installs stuff as root
- # by default.
- for ac_prog in ginstall scoinst install; do
- if test -f $ac_dir/$ac_prog; then
- if test $ac_prog = install &&
- grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
- :
- else
- ac_cv_path_install="$ac_dir/$ac_prog -c"
- break 2
- fi
- fi
- done
- ;;
- esac
- done
- IFS="$ac_save_IFS"
-
-fi
- if test "${ac_cv_path_install+set}" = set; then
- INSTALL="$ac_cv_path_install"
- else
- # As a last resort, use the slow shell script. We don't cache a
- # path for INSTALL within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the path is relative.
- INSTALL="$ac_install_sh"
- fi
-fi
-echo "$ac_t""$INSTALL" 1>&6
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-# Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1078: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- if test -n "$RANLIB"; then
- ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
- ac_dummy="$PATH"
- for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_prog_RANLIB="ranlib"
- break
- fi
- done
- IFS="$ac_save_ifs"
- test -z "$ac_cv_prog_RANLIB" && ac_cv_prog_RANLIB=":"
-fi
-fi
-RANLIB="$ac_cv_prog_RANLIB"
-if test -n "$RANLIB"; then
- echo "$ac_t""$RANLIB" 1>&6
-else
- echo "$ac_t""no" 1>&6
-fi
-
-# Extract the first word of "ar", so it can be a program name with args.
-set dummy ar; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1108: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- if test -n "$AR"; then
- ac_cv_prog_AR="$AR" # Let the user override the test.
-else
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
- ac_dummy="$PATH"
- for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_prog_AR="ar"
- break
- fi
- done
- IFS="$ac_save_ifs"
-fi
-fi
-AR="$ac_cv_prog_AR"
-if test -n "$AR"; then
- echo "$ac_t""$AR" 1>&6
-else
- echo "$ac_t""no" 1>&6
-fi
-
-# Extract the first word of "ld", so it can be a program name with args.
-set dummy ld; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1137: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_LD'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- if test -n "$LD"; then
- ac_cv_prog_LD="$LD" # Let the user override the test.
-else
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
- ac_dummy="$PATH"
- for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_prog_LD="ld"
- break
- fi
- done
- IFS="$ac_save_ifs"
-fi
-fi
-LD="$ac_cv_prog_LD"
-if test -n "$LD"; then
- echo "$ac_t""$LD" 1>&6
-else
- echo "$ac_t""no" 1>&6
-fi
-
-# Extract the first word of "rm", so it can be a program name with args.
-set dummy rm; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1166: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_RM'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- if test -n "$RM"; then
- ac_cv_prog_RM="$RM" # Let the user override the test.
-else
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
- ac_dummy="$PATH"
- for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_prog_RM="rm"
- break
- fi
- done
- IFS="$ac_save_ifs"
-fi
-fi
-RM="$ac_cv_prog_RM"
-if test -n "$RM"; then
- echo "$ac_t""$RM" 1>&6
-else
- echo "$ac_t""no" 1>&6
-fi
-
-# Extract the first word of "tar", so it can be a program name with args.
-set dummy tar; ac_word=$2
-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1195: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_TAR'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- if test -n "$TAR"; then
- ac_cv_prog_TAR="$TAR" # Let the user override the test.
-else
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
- ac_dummy="$PATH"
- for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_prog_TAR="tar"
- break
- fi
- done
- IFS="$ac_save_ifs"
-fi
-fi
-TAR="$ac_cv_prog_TAR"
-if test -n "$TAR"; then
- echo "$ac_t""$TAR" 1>&6
-else
- echo "$ac_t""no" 1>&6
-fi
-
-
-
-CPPFLAGS="$CFLAGS $NSPR_CFLAGS $NSS_CFLAGS $RSA_CFLAGS $DEBUG_CFLAGS"
-LIBS="$NSPR_LDFLAGS $LIBS"
-
-
-
-echo $ac_n "checking for PR_Init in -lnspr4""... $ac_c" 1>&6
-echo "configure:1229: checking for PR_Init in -lnspr4" >&5
-ac_lib_var=`echo nspr4'_'PR_Init | sed 'y%./+-%__p_%'`
-if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- ac_save_LIBS="$LIBS"
-LIBS="-lnspr4 $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 1237 "configure"
-#include "confdefs.h"
-/* Override any gcc2 internal prototype to avoid an error. */
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char PR_Init();
-
-int main() {
-PR_Init()
-; return 0; }
-EOF
-if { (eval echo configure:1248: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
-else
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=no"
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
- echo "$ac_t""yes" 1>&6
- ac_tr_lib=HAVE_LIB`echo nspr4 | sed -e 's/[^a-zA-Z0-9_]/_/g' \
- -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
- cat >> confdefs.h <<EOF
-#define $ac_tr_lib 1
-EOF
-
- LIBS="-lnspr4 $LIBS"
-
-else
- echo "$ac_t""no" 1>&6
-fi
-
-
-for ac_hdr in nspr.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:1280: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- cat > conftest.$ac_ext <<EOF
-#line 1285 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1290: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-else
- echo "$ac_err" >&5
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
- echo "$ac_t""yes" 1>&6
- ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
- cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
-
-else
- echo "$ac_t""no" 1>&6
-fi
-done
-
-
-
-if test "x$nss" = "x1"; then
- for ac_hdr in ck.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:1323: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- cat > conftest.$ac_ext <<EOF
-#line 1328 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1333: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-else
- echo "$ac_err" >&5
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
- echo "$ac_t""yes" 1>&6
- ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
- cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
-
-else
- echo "$ac_t""no" 1>&6
-fi
-done
-
-fi
-
-if test "x$rsa" = "x1"; then
- for ac_hdr in pkcs11t.h pkcs11.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:1366: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- cat > conftest.$ac_ext <<EOF
-#line 1371 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1376: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-else
- echo "$ac_err" >&5
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
- echo "$ac_t""yes" 1>&6
- ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
- cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
-
-else
- echo "$ac_t""no" 1>&6
-fi
-done
-
-fi
-
-
-
-echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:1407: checking for working const" >&5
-if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- cat > conftest.$ac_ext <<EOF
-#line 1412 "configure"
-#include "confdefs.h"
-
-int main() {
-
-/* Ultrix mips cc rejects this. */
-typedef int charset[2]; const charset x;
-/* SunOS 4.1.1 cc rejects this. */
-char const *const *ccp;
-char **p;
-/* NEC SVR4.0.2 mips cc rejects this. */
-struct point {int x, y;};
-static struct point const zero = {0,0};
-/* AIX XL C 1.02.0.0 rejects this.
- It does not let you subtract one const X* pointer from another in an arm
- of an if-expression whose if-part is not a constant expression */
-const char *g = "string";
-ccp = &g + (g ? g-g : 0);
-/* HPUX 7.0 cc rejects these. */
-++ccp;
-p = (char**) ccp;
-ccp = (char const *const *) p;
-{ /* SCO 3.2v4 cc rejects this. */
- char *t;
- char const *s = 0 ? (char *) 0 : (char const *) 0;
-
- *t++ = 0;
-}
-{ /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
- int x[] = {25, 17};
- const int *foo = &x[0];
- ++foo;
-}
-{ /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
- typedef const int *iptr;
- iptr p = 0;
- ++p;
-}
-{ /* AIX XL C 1.02.0.0 rejects this saying
- "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
- struct s { int j; const int *ap[3]; };
- struct s *b; b->j = 5;
-}
-{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
- const int foo = 10;
-}
-
-; return 0; }
-EOF
-if { (eval echo configure:1461: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_c_const=yes
-else
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- ac_cv_c_const=no
-fi
-rm -f conftest*
-fi
-
-echo "$ac_t""$ac_cv_c_const" 1>&6
-if test $ac_cv_c_const = no; then
- cat >> confdefs.h <<\EOF
-#define const
-EOF
-
-fi
-
-
-
-for ac_func in memset strlen
-do
-echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:1486: checking for $ac_func" >&5
-if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- cat > conftest.$ac_ext <<EOF
-#line 1491 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func();
-
-int main() {
-
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-$ac_func();
-#endif
-
-; return 0; }
-EOF
-if { (eval echo configure:1514: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
-else
- echo "configure: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=no"
-fi
-rm -f conftest*
-fi
-
-if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
- echo "$ac_t""yes" 1>&6
- ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
- cat >> confdefs.h <<EOF
-#define $ac_tr_func 1
-EOF
-
-else
- echo "$ac_t""no" 1>&6
-fi
-done
-
-
-trap '' 1 2 15
-cat > confcache <<\EOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs. It is not useful on other systems.
-# If it contains results you don't want to keep, you may remove or edit it.
-#
-# By default, configure uses ./config.cache as the cache file,
-# creating it if it does not exist already. You can give configure
-# the --cache-file=FILE option to use a different cache file; that is
-# what configure does when it calls configure scripts in
-# subdirectories, so they share the cache.
-# Giving --cache-file=/dev/null disables caching, for debugging configure.
-# config.status only pays attention to the cache file if you give it the
-# --recheck option to rerun configure.
-#
-EOF
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, don't put newlines in cache variables' values.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(set) 2>&1 |
- case `(ac_space=' '; set | grep ac_space) 2>&1` in
- *ac_space=\ *)
- # `set' does not quote correctly, so add quotes (double-quote substitution
- # turns \\\\ into \\, and sed turns \\ into \).
- sed -n \
- -e "s/'/'\\\\''/g" \
- -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p"
- ;;
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p'
- ;;
- esac >> confcache
-if cmp -s $cache_file confcache; then
- :
-else
- if test -w $cache_file; then
- echo "updating cache $cache_file"
- cat confcache > $cache_file
- else
- echo "not updating unwritable cache $cache_file"
- fi
-fi
-rm -f confcache
-
-trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-# Any assignment to VPATH causes Sun make to only execute
-# the first set of double-colon rules, so remove it if not needed.
-# If there is a colon in the path, we need to keep it.
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d'
-fi
-
-trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15
-
-DEFS=-DHAVE_CONFIG_H
-
-# Without the "./", some shells look in PATH for config.status.
-: ${CONFIG_STATUS=./config.status}
-
-echo creating $CONFIG_STATUS
-rm -f $CONFIG_STATUS
-cat > $CONFIG_STATUS <<EOF
-#! /bin/sh
-# Generated automatically by configure.
-# Run this file to recreate the current configuration.
-# This directory was configured as follows,
-# on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-#
-# $0 $ac_configure_args
-#
-# Compiler output produced by configure, useful for debugging
-# configure, is in ./config.log if it exists.
-
-ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]"
-for ac_option
-do
- case "\$ac_option" in
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion"
- exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;;
- -version | --version | --versio | --versi | --vers | --ver | --ve | --v)
- echo "$CONFIG_STATUS generated by autoconf version 2.13"
- exit 0 ;;
- -help | --help | --hel | --he | --h)
- echo "\$ac_cs_usage"; exit 0 ;;
- *) echo "\$ac_cs_usage"; exit 1 ;;
- esac
-done
-
-ac_given_srcdir=$srcdir
-ac_given_INSTALL="$INSTALL"
-
-trap 'rm -fr `echo "Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
-EOF
-cat >> $CONFIG_STATUS <<EOF
-
-# Protect against being on the right side of a sed subst in config.status.
-sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g;
- s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF
-$ac_vpsub
-$extrasub
-s%@SHELL@%$SHELL%g
-s%@CFLAGS@%$CFLAGS%g
-s%@CPPFLAGS@%$CPPFLAGS%g
-s%@CXXFLAGS@%$CXXFLAGS%g
-s%@FFLAGS@%$FFLAGS%g
-s%@DEFS@%$DEFS%g
-s%@LDFLAGS@%$LDFLAGS%g
-s%@LIBS@%$LIBS%g
-s%@exec_prefix@%$exec_prefix%g
-s%@prefix@%$prefix%g
-s%@program_transform_name@%$program_transform_name%g
-s%@bindir@%$bindir%g
-s%@sbindir@%$sbindir%g
-s%@libexecdir@%$libexecdir%g
-s%@datadir@%$datadir%g
-s%@sysconfdir@%$sysconfdir%g
-s%@sharedstatedir@%$sharedstatedir%g
-s%@localstatedir@%$localstatedir%g
-s%@libdir@%$libdir%g
-s%@includedir@%$includedir%g
-s%@oldincludedir@%$oldincludedir%g
-s%@infodir@%$infodir%g
-s%@mandir@%$mandir%g
-s%@SET_MAKE@%$SET_MAKE%g
-s%@WITH_NSS@%$WITH_NSS%g
-s%@CC@%$CC%g
-s%@CPP@%$CPP%g
-s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
-s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g
-s%@INSTALL_DATA@%$INSTALL_DATA%g
-s%@RANLIB@%$RANLIB%g
-s%@AR@%$AR%g
-s%@LD@%$LD%g
-s%@RM@%$RM%g
-s%@TAR@%$TAR%g
-s%@CC INSTALL RANLIB AR LD RM TAR@%$CC INSTALL RANLIB AR LD RM TAR%g
-s%@HAVE_NSPR_H@%$HAVE_NSPR_H%g
-s%@HAVE_CK_H HAVE_PKCS11T_H HAVE_PKCS11_H@%$HAVE_CK_H HAVE_PKCS11T_H HAVE_PKCS11_H%g
-s%@const@%$const%g
-s%@HAVE_MEMSET HAVE_STRLEN@%$HAVE_MEMSET HAVE_STRLEN%g
-
-CEOF
-EOF
-
-cat >> $CONFIG_STATUS <<\EOF
-
-# Split the substitutions into bite-sized pieces for seds with
-# small command number limits, like on Digital OSF/1 and HP-UX.
-ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script.
-ac_file=1 # Number of current file.
-ac_beg=1 # First line for current file.
-ac_end=$ac_max_sed_cmds # Line after last line for current file.
-ac_more_lines=:
-ac_sed_cmds=""
-while $ac_more_lines; do
- if test $ac_beg -gt 1; then
- sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file
- else
- sed "${ac_end}q" conftest.subs > conftest.s$ac_file
- fi
- if test ! -s conftest.s$ac_file; then
- ac_more_lines=false
- rm -f conftest.s$ac_file
- else
- if test -z "$ac_sed_cmds"; then
- ac_sed_cmds="sed -f conftest.s$ac_file"
- else
- ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file"
- fi
- ac_file=`expr $ac_file + 1`
- ac_beg=$ac_end
- ac_end=`expr $ac_end + $ac_max_sed_cmds`
- fi
-done
-if test -z "$ac_sed_cmds"; then
- ac_sed_cmds=cat
-fi
-EOF
-
-cat >> $CONFIG_STATUS <<EOF
-
-CONFIG_FILES=\${CONFIG_FILES-"Makefile"}
-EOF
-cat >> $CONFIG_STATUS <<\EOF
-for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
- # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
- case "$ac_file" in
- *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'`
- ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
- *) ac_file_in="${ac_file}.in" ;;
- esac
-
- # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories.
-
- # Remove last slash and all that follows it. Not all systems have dirname.
- ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'`
- if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
- # The file is in a subdirectory.
- test ! -d "$ac_dir" && mkdir "$ac_dir"
- ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`"
- # A "../" for each directory in $ac_dir_suffix.
- ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'`
- else
- ac_dir_suffix= ac_dots=
- fi
-
- case "$ac_given_srcdir" in
- .) srcdir=.
- if test -z "$ac_dots"; then top_srcdir=.
- else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;;
- /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;;
- *) # Relative path.
- srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix"
- top_srcdir="$ac_dots$ac_given_srcdir" ;;
- esac
-
- case "$ac_given_INSTALL" in
- [/$]*) INSTALL="$ac_given_INSTALL" ;;
- *) INSTALL="$ac_dots$ac_given_INSTALL" ;;
- esac
-
- echo creating "$ac_file"
- rm -f "$ac_file"
- configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure."
- case "$ac_file" in
- *Makefile*) ac_comsub="1i\\
-# $configure_input" ;;
- *) ac_comsub= ;;
- esac
-
- ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"`
- sed -e "$ac_comsub
-s%@configure_input@%$configure_input%g
-s%@srcdir@%$srcdir%g
-s%@top_srcdir@%$top_srcdir%g
-s%@INSTALL@%$INSTALL%g
-" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file
-fi; done
-rm -f conftest.s*
-
-# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
-# NAME is the cpp macro being defined and VALUE is the value it is being given.
-#
-# ac_d sets the value in "#define NAME VALUE" lines.
-ac_dA='s%^\([ ]*\)#\([ ]*define[ ][ ]*\)'
-ac_dB='\([ ][ ]*\)[^ ]*%\1#\2'
-ac_dC='\3'
-ac_dD='%g'
-# ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE".
-ac_uA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)'
-ac_uB='\([ ]\)%\1#\2define\3'
-ac_uC=' '
-ac_uD='\4%g'
-# ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
-ac_eA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)'
-ac_eB='$%\1#\2define\3'
-ac_eC=' '
-ac_eD='%g'
-
-if test "${CONFIG_HEADERS+set}" != set; then
-EOF
-cat >> $CONFIG_STATUS <<EOF
- CONFIG_HEADERS="config.h"
-EOF
-cat >> $CONFIG_STATUS <<\EOF
-fi
-for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then
- # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
- case "$ac_file" in
- *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'`
- ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
- *) ac_file_in="${ac_file}.in" ;;
- esac
-
- echo creating $ac_file
-
- rm -f conftest.frag conftest.in conftest.out
- ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"`
- cat $ac_file_inputs > conftest.in
-
-EOF
-
-# Transform confdefs.h into a sed script conftest.vals that substitutes
-# the proper values into config.h.in to produce config.h. And first:
-# Protect against being on the right side of a sed subst in config.status.
-# Protect against being in an unquoted here document in config.status.
-rm -f conftest.vals
-cat > conftest.hdr <<\EOF
-s/[\\&%]/\\&/g
-s%[\\$`]%\\&%g
-s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp
-s%ac_d%ac_u%gp
-s%ac_u%ac_e%gp
-EOF
-sed -n -f conftest.hdr confdefs.h > conftest.vals
-rm -f conftest.hdr
-
-# This sed command replaces #undef with comments. This is necessary, for
-# example, in the case of _POSIX_SOURCE, which is predefined and required
-# on some systems where configure will not decide to define it.
-cat >> conftest.vals <<\EOF
-s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */%
-EOF
-
-# Break up conftest.vals because some shells have a limit on
-# the size of here documents, and old seds have small limits too.
-
-rm -f conftest.tail
-while :
-do
- ac_lines=`grep -c . conftest.vals`
- # grep -c gives empty output for an empty file on some AIX systems.
- if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi
- # Write a limited-size here document to conftest.frag.
- echo ' cat > conftest.frag <<CEOF' >> $CONFIG_STATUS
- sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS
- echo 'CEOF
- sed -f conftest.frag conftest.in > conftest.out
- rm -f conftest.in
- mv conftest.out conftest.in
-' >> $CONFIG_STATUS
- sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail
- rm -f conftest.vals
- mv conftest.tail conftest.vals
-done
-rm -f conftest.vals
-
-cat >> $CONFIG_STATUS <<\EOF
- rm -f conftest.frag conftest.h
- echo "/* $ac_file. Generated automatically by configure. */" > conftest.h
- cat conftest.in >> conftest.h
- rm -f conftest.in
- if cmp -s $ac_file conftest.h 2>/dev/null; then
- echo "$ac_file is unchanged"
- rm -f conftest.h
- else
- # Remove last slash and all that follows it. Not all systems have dirname.
- ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'`
- if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
- # The file is in a subdirectory.
- test ! -d "$ac_dir" && mkdir "$ac_dir"
- fi
- rm -f $ac_file
- mv conftest.h $ac_file
- fi
-fi; done
-
-EOF
-cat >> $CONFIG_STATUS <<EOF
-
-EOF
-cat >> $CONFIG_STATUS <<\EOF
-echo timestamp > stamp-h
-exit 0
-EOF
-chmod +x $CONFIG_STATUS
-rm -fr confdefs* $ac_clean_files
-test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1
-
diff --git a/security/nss/tests/pkcs11/netscape/trivial/configure.in b/security/nss/tests/pkcs11/netscape/trivial/configure.in
deleted file mode 100644
index 76374882e..000000000
--- a/security/nss/tests/pkcs11/netscape/trivial/configure.in
+++ /dev/null
@@ -1,180 +0,0 @@
-dnl
-dnl The contents of this file are subject to the Mozilla Public
-dnl License Version 1.1 (the "License"); you may not use this file
-dnl except in compliance with the License. You may obtain a copy of
-dnl the License at http://www.mozilla.org/MPL/
-dnl
-dnl Software distributed under the License is distributed on an "AS
-dnl IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-dnl implied. See the License for the specific language governing
-dnl rights and limitations under the License.
-dnl
-dnl The Original Code is a trivial PKCS#11 test program.
-dnl
-dnl The Initial Developer of the Original Code is Netscape
-dnl Communications Corp. Portions created by Netscape are
-dnl Copyright (C) 2000. All Rights Reserved.
-dnl
-dnl Contributor(s):
-dnl
-dnl Alternatively, the contents of this file may be used under the
-dnl terms of the GNU General Public License Version 2 or later (the
-dnl "GPL"), in which case the provisions of the GPL are applicable
-dnl instead of those above. If you wish to allow use of your
-dnl version of this file only under the terms of the GPL and not to
-dnl allow others to use your version of this file under the MPL,
-dnl indicate your decision by deleting the provisions above and
-dnl replace them with the notice and other provisions required by
-dnl the GPL. If you do not delete the provisions above, a recipient
-dnl may use your version of this file under either the MPL or the
-dnl GPL.
-dnl
-
-dnl My revision info: "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-dnl Don't use AC_REVISION; it's broken
-
-AC_INIT(trivial.c)
-AC_CONFIG_HEADER(config.h)
-AC_PROG_MAKE_SET
-
-AC_ARG_WITH(nspr, [ --with-nspr[=path] specify location of NSPR],
-[ case "$withval" in
- no)
- AC_MSG_ERROR(NSPR is required);;
- yes)
- NSPR_INCLUDE="$includedir"
- NSPR_LIBPATH="$libdir"
- ;;
- *)
- NSPR_INCLUDE="$withval/include"
- NSPR_LIBPATH="$withval/lib"
- ;;
- esac ],
-[ NSPR_INCLUDE="$includedir"
- NSPR_LIBPATH="$libdir" ]
-)
-
-NSPR_CFLAGS="-I$NSPR_INCLUDE"
-NSPR_LDFLAGS="-L$NSPR_LIBPATH -lnspr4 -lplc4 -lplds4"
-
-dnl This isn't optimum, but the mozilla build system and autoconf don't really mesh well..
-
-AC_ARG_WITH(nss-dist, [ --with-nss-dist[=path] specify path to NSS dist directory],
-[ case "$withval" in
- no)
- NSS_CFLAGS=""
- nss="0"
- ;;
- yes)
- AC_MSG_ERROR(You have to specify a path for --with-nss-dist)
- ;;
- *)
- NSS_CFLAGS="-I$withval/private/security -I$withval/public/security"
- nss="1"
- ;;
- esac ])
-
-AC_ARG_WITH(nss-hdrs, [ --with-nss-hdrs[=path] or, specify path to installed NSS headers],
-[ if test "x$nss" != "x"; then
- AC_MSG_ERROR(Only specify --with-nss-hdrs or --with-nss-dist, not both)
- fi
- case "$withval" in
- no)
- NSS_CFLAGS=""
- nss="0"
- ;;
- yes)
- NSS_CFLAGS="-I$includedir"
- nss="1"
- ;;
- *)
- NSS_CFLAGS="-I$withval"
- nss="1"
- ;;
- esac ])
-
-AC_ARG_WITH(rsa-hdrs, [ --with-rsa-hdrs[=path] if not using NSS, specify path to RSA headers],
-[ if test "x$nss" != "x"; then
- AC_MSG_ERROR(Only specify --with-nss-{hdrs,dist} or --with-rsa-hdrs, not both)
- fi
- case "$withval" in
- no)
- rsa="0"
- ;;
- yes)
- RSA_INCLUDE="$includedir"
- rsa="1"
- ;;
- *)
- RSA_INCLUDE="$withval"
- rsa="1"
- ;;
- esac ])
-
-if test "x$nss" = "x"; then
- if test "x$rsa" = "x"; then
- RSA_INCLUDE="$includedir"
- fi
- RSA_CFLAGS="-I$RSA_INCLUDE"
-fi
-
-if test "x$nss" = "x1"; then
- AC_DEFINE(WITH_NSS,1)
-fi
-
-AC_SUBST(WITH_NSS)
-
-if test "x$rsa" = "x1"; then
- RSA_CFLAGS-"-I$RSA_INCLUDE"
-fi
-
-AC_ARG_ENABLE(debug, [ --disable-debug default is enabled],
-[ case "$enableval" in
- no)
- DEBUG_CFLAGS="";;
- yes)
- DEBUG_CFLAGS="-DDEBUG";;
- *)
- DEBUG_CFLAGS="-DDEBUG";;
- esac ], DEBUG_CFLAGS="-DDEBUG")
-
-dnl Checks for programs.
-AC_PROG_CC
-AC_PROG_CPP
-AC_PROG_INSTALL
-AC_PROG_RANLIB
-AC_CHECK_PROG(AR, ar, ar)
-AC_CHECK_PROG(LD, ld, ld)
-AC_CHECK_PROG(RM, rm, rm)
-AC_CHECK_PROG(TAR, tar, tar)
-AC_SUBST(CC INSTALL RANLIB AR LD RM TAR)
-
-CPPFLAGS="$CFLAGS $NSPR_CFLAGS $NSS_CFLAGS $RSA_CFLAGS $DEBUG_CFLAGS"
-LIBS="$NSPR_LDFLAGS $LIBS"
-
-AC_SUBST(CFLAGS)
-
-dnl Checks for libraries.
-AC_CHECK_LIB(nspr4, PR_Init)
-
-dnl Checks for header files.
-AC_CHECK_HEADERS(nspr.h)
-AC_SUBST(HAVE_NSPR_H)
-
-if test "x$nss" = "x1"; then
- AC_CHECK_HEADERS(ck.h)
-fi
-
-if test "x$rsa" = "x1"; then
- AC_CHECK_HEADERS(pkcs11t.h pkcs11.h)
-fi
-
-AC_SUBST(HAVE_CK_H HAVE_PKCS11T_H HAVE_PKCS11_H)
-
-dnl Checks for typedefs, structures, and compiler characteristics.
-AC_C_CONST
-AC_SUBST(const)
-
-AC_CHECK_FUNCS(memset strlen)
-AC_SUBST(HAVE_MEMSET HAVE_STRLEN)
-AC_OUTPUT(Makefile, [echo timestamp > stamp-h])
diff --git a/security/nss/tests/pkcs11/netscape/trivial/install-sh b/security/nss/tests/pkcs11/netscape/trivial/install-sh
deleted file mode 100755
index e9de23842..000000000
--- a/security/nss/tests/pkcs11/netscape/trivial/install-sh
+++ /dev/null
@@ -1,251 +0,0 @@
-#!/bin/sh
-#
-# install - install a program, script, or datafile
-# This comes from X11R5 (mit/util/scripts/install.sh).
-#
-# Copyright 1991 by the Massachusetts Institute of Technology
-#
-# Permission to use, copy, modify, distribute, and sell this software and its
-# documentation for any purpose is hereby granted without fee, provided that
-# the above copyright notice appear in all copies and that both that
-# copyright notice and this permission notice appear in supporting
-# documentation, and that the name of M.I.T. not be used in advertising or
-# publicity pertaining to distribution of the software without specific,
-# written prior permission. M.I.T. makes no representations about the
-# suitability of this software for any purpose. It is provided "as is"
-# without express or implied warranty.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch. It can only install one file at a time, a restriction
-# shared with many OS's install programs.
-
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit="${DOITPROG-}"
-
-
-# put in absolute paths if you don't have them in your path; or use env. vars.
-
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-mkdirprog="${MKDIRPROG-mkdir}"
-
-transformbasename=""
-transform_arg=""
-instcmd="$mvprog"
-chmodcmd="$chmodprog 0755"
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-src=""
-dst=""
-dir_arg=""
-
-while [ x"$1" != x ]; do
- case $1 in
- -c) instcmd="$cpprog"
- shift
- continue;;
-
- -d) dir_arg=true
- shift
- continue;;
-
- -m) chmodcmd="$chmodprog $2"
- shift
- shift
- continue;;
-
- -o) chowncmd="$chownprog $2"
- shift
- shift
- continue;;
-
- -g) chgrpcmd="$chgrpprog $2"
- shift
- shift
- continue;;
-
- -s) stripcmd="$stripprog"
- shift
- continue;;
-
- -t=*) transformarg=`echo $1 | sed 's/-t=//'`
- shift
- continue;;
-
- -b=*) transformbasename=`echo $1 | sed 's/-b=//'`
- shift
- continue;;
-
- *) if [ x"$src" = x ]
- then
- src=$1
- else
- # this colon is to work around a 386BSD /bin/sh bug
- :
- dst=$1
- fi
- shift
- continue;;
- esac
-done
-
-if [ x"$src" = x ]
-then
- echo "install: no input file specified"
- exit 1
-else
- true
-fi
-
-if [ x"$dir_arg" != x ]; then
- dst=$src
- src=""
-
- if [ -d $dst ]; then
- instcmd=:
- chmodcmd=""
- else
- instcmd=mkdir
- fi
-else
-
-# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
-# might cause directories to be created, which would be especially bad
-# if $src (and thus $dsttmp) contains '*'.
-
- if [ -f $src -o -d $src ]
- then
- true
- else
- echo "install: $src does not exist"
- exit 1
- fi
-
- if [ x"$dst" = x ]
- then
- echo "install: no destination specified"
- exit 1
- else
- true
- fi
-
-# If destination is a directory, append the input filename; if your system
-# does not like double slashes in filenames, you may need to add some logic
-
- if [ -d $dst ]
- then
- dst="$dst"/`basename $src`
- else
- true
- fi
-fi
-
-## this sed command emulates the dirname command
-dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
-
-# Make sure that the destination directory exists.
-# this part is taken from Noah Friedman's mkinstalldirs script
-
-# Skip lots of stat calls in the usual case.
-if [ ! -d "$dstdir" ]; then
-defaultIFS='
-'
-IFS="${IFS-${defaultIFS}}"
-
-oIFS="${IFS}"
-# Some sh's can't handle IFS=/ for some reason.
-IFS='%'
-set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
-IFS="${oIFS}"
-
-pathcomp=''
-
-while [ $# -ne 0 ] ; do
- pathcomp="${pathcomp}${1}"
- shift
-
- if [ ! -d "${pathcomp}" ] ;
- then
- $mkdirprog "${pathcomp}"
- else
- true
- fi
-
- pathcomp="${pathcomp}/"
-done
-fi
-
-if [ x"$dir_arg" != x ]
-then
- $doit $instcmd $dst &&
-
- if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
- if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
- if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
- if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
-else
-
-# If we're going to rename the final executable, determine the name now.
-
- if [ x"$transformarg" = x ]
- then
- dstfile=`basename $dst`
- else
- dstfile=`basename $dst $transformbasename |
- sed $transformarg`$transformbasename
- fi
-
-# don't allow the sed command to completely eliminate the filename
-
- if [ x"$dstfile" = x ]
- then
- dstfile=`basename $dst`
- else
- true
- fi
-
-# Make a temp file name in the proper directory.
-
- dsttmp=$dstdir/#inst.$$#
-
-# Move or copy the file name to the temp name
-
- $doit $instcmd $src $dsttmp &&
-
- trap "rm -f ${dsttmp}" 0 &&
-
-# and set any options; do chmod last to preserve setuid bits
-
-# If any of these fail, we abort the whole thing. If we want to
-# ignore errors from any of these, just make sure not to ignore
-# errors from the above "$doit $instcmd $src $dsttmp" command.
-
- if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
- if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
- if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
- if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
-
-# Now rename the file to the real destination.
-
- $doit $rmcmd -f $dstdir/$dstfile &&
- $doit $mvcmd $dsttmp $dstdir/$dstfile
-
-fi &&
-
-
-exit 0
diff --git a/security/nss/tests/pkcs11/netscape/trivial/trivial.c b/security/nss/tests/pkcs11/netscape/trivial/trivial.c
deleted file mode 100644
index 65dff22f3..000000000
--- a/security/nss/tests/pkcs11/netscape/trivial/trivial.c
+++ /dev/null
@@ -1,901 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is a trivial PKCS#11 test program.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * This is a very trivial program I wrote for testing out a
- * couple data-only Cryptoki modules for NSS. It's not a "real"
- * test program that prints out nice "PASS" or "FAIL" messages;
- * it just makes calls and dumps data.
- */
-
-#include "config.h"
-
-#ifdef HAVE_NSPR_H
-#include "nspr.h"
-#else
-#error "NSPR is required."
-#endif
-
-#ifdef WITH_NSS
-#define FGMR 1
-#include "ck.h"
-#else
-#include "pkcs11t.h"
-#include "pkcs11.h"
-#endif
-
-/* The RSA versions are sloppier with namespaces */
-#ifndef CK_TRUE
-#define CK_TRUE TRUE
-#endif
-
-#ifndef CK_FALSE
-#define CK_FALSE FALSE
-#endif
-
-int
-rmain
-(
- int argc,
- char *argv[]
-);
-
-int
-main
-(
- int argc,
- char *argv[]
-)
-{
- int rv = 0;
-
- PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 14);
- rv = rmain(argc, argv);
- PR_Cleanup();
-
- return rv;
-}
-
-static CK_ATTRIBUTE_TYPE all_known_attribute_types[] = {
- CKA_CLASS,
- CKA_TOKEN,
- CKA_PRIVATE,
- CKA_LABEL,
- CKA_APPLICATION,
- CKA_VALUE,
- CKA_CERTIFICATE_TYPE,
- CKA_ISSUER,
- CKA_SERIAL_NUMBER,
- CKA_KEY_TYPE,
- CKA_SUBJECT,
- CKA_ID,
- CKA_SENSITIVE,
- CKA_ENCRYPT,
- CKA_DECRYPT,
- CKA_WRAP,
- CKA_UNWRAP,
- CKA_SIGN,
- CKA_SIGN_RECOVER,
- CKA_VERIFY,
- CKA_VERIFY_RECOVER,
- CKA_DERIVE,
- CKA_START_DATE,
- CKA_END_DATE,
- CKA_MODULUS,
- CKA_MODULUS_BITS,
- CKA_PUBLIC_EXPONENT,
- CKA_PRIVATE_EXPONENT,
- CKA_PRIME_1,
- CKA_PRIME_2,
- CKA_EXPONENT_1,
- CKA_EXPONENT_2,
- CKA_COEFFICIENT,
- CKA_PRIME,
- CKA_SUBPRIME,
- CKA_BASE,
- CKA_VALUE_BITS,
- CKA_VALUE_LEN,
- CKA_EXTRACTABLE,
- CKA_LOCAL,
- CKA_NEVER_EXTRACTABLE,
- CKA_ALWAYS_SENSITIVE,
- CKA_MODIFIABLE,
-#ifdef CKA_NETSCAPE
- CKA_NETSCAPE_URL,
- CKA_NETSCAPE_EMAIL,
- CKA_NETSCAPE_SMIME_INFO,
- CKA_NETSCAPE_SMIME_TIMESTAMP,
- CKA_NETSCAPE_PKCS8_SALT,
- CKA_NETSCAPE_PASSWORD_CHECK,
- CKA_NETSCAPE_EXPIRES,
-#endif /* CKA_NETSCAPE */
-#ifdef CKA_TRUST
- CKA_TRUST_DIGITAL_SIGNATURE,
- CKA_TRUST_NON_REPUDIATION,
- CKA_TRUST_KEY_ENCIPHERMENT,
- CKA_TRUST_DATA_ENCIPHERMENT,
- CKA_TRUST_KEY_AGREEMENT,
- CKA_TRUST_KEY_CERT_SIGN,
- CKA_TRUST_CRL_SIGN,
- CKA_TRUST_SERVER_AUTH,
- CKA_TRUST_CLIENT_AUTH,
- CKA_TRUST_CODE_SIGNING,
- CKA_TRUST_EMAIL_PROTECTION,
- CKA_TRUST_IPSEC_END_SYSTEM,
- CKA_TRUST_IPSEC_TUNNEL,
- CKA_TRUST_IPSEC_USER,
- CKA_TRUST_TIME_STAMPING,
-#endif /* CKA_TRUST */
-};
-
-static number_of_all_known_attribute_types =
- (sizeof(all_known_attribute_types)/sizeof(all_known_attribute_types[0]));
-
-int
-usage
-(
- char *argv0
-)
-{
- PR_fprintf(PR_STDERR, "Usage: %s [-i {string|--}] <library>.so\n", argv0);
- return 1;
-}
-
-int
-rmain
-(
- int argc,
- char *argv[]
-)
-{
- char *argv0 = argv[0];
- PRLibrary *lib;
- CK_C_GetFunctionList gfl;
- CK_FUNCTION_LIST_PTR epv = (CK_FUNCTION_LIST_PTR)NULL;
- CK_RV ck_rv;
- CK_INFO info;
- CK_ULONG nSlots;
- CK_SLOT_ID *pSlots;
- CK_ULONG i;
- CK_C_INITIALIZE_ARGS ia, *iap;
-
- (void)memset(&ia, 0, sizeof(CK_C_INITIALIZE_ARGS));
- iap = (CK_C_INITIALIZE_ARGS *)NULL;
- while( argv++, --argc ) {
- if( '-' == argv[0][0] ) {
- switch( argv[0][1] ) {
- case 'i':
- iap = &ia;
- if( ((char *)NULL != argv[1]) && ('-' != argv[1][0]) ) {
-#ifdef WITH_NSS
- ia.pConfig = argv[1];
- ia.ulConfigLen = strlen(argv[1]);
- argv++, --argc;
-#else
- return usage(argv0);
-#endif /* WITH_NSS */
- }
- break;
- case '-':
- argv++, --argc;
- goto endargs;
- default:
- return usage(argv0);
- }
- } else {
- break;
- }
- }
- endargs:;
-
- if( 1 != argc ) {
- return usage(argv0);
- }
-
- lib = PR_LoadLibrary(argv[0]);
- if( (PRLibrary *)NULL == lib ) {
- PR_fprintf(PR_STDERR, "Can't load %s: %ld, %ld\n", argv[1], PR_GetError(), PR_GetOSError());
- return 1;
- }
-
- gfl = (CK_C_GetFunctionList)PR_FindSymbol(lib, "C_GetFunctionList");
- if( (CK_C_GetFunctionList)NULL == gfl ) {
- PR_fprintf(PR_STDERR, "Can't find C_GetFunctionList in %s: %ld, %ld\n", argv[1],
- PR_GetError(), PR_GetOSError());
- return 1;
- }
-
- ck_rv = (*gfl)(&epv);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "CK_GetFunctionList returned 0x%08x\n", ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, "Module %s loaded, epv = 0x%08x.\n\n", argv[1], (CK_ULONG)epv);
-
- /* C_Initialize */
- ck_rv = epv->C_Initialize(iap);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_Initialize returned 0x%08x\n", ck_rv);
- return 1;
- }
-
- /* C_GetInfo */
- (void)memset(&info, 0, sizeof(CK_INFO));
- ck_rv = epv->C_GetInfo(&info);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_GetInfo returned 0x%08x\n", ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, "Module Info:\n");
- PR_fprintf(PR_STDOUT, " cryptokiVersion = %lu.%02lu\n",
- (PRUint32)info.cryptokiVersion.major, (PRUint32)info.cryptokiVersion.minor);
- PR_fprintf(PR_STDOUT, " manufacturerID = \"%.32s\"\n", info.manufacturerID);
- PR_fprintf(PR_STDOUT, " flags = 0x%08lx\n", info.flags);
- PR_fprintf(PR_STDOUT, " libraryDescription = \"%.32s\"\n", info.libraryDescription);
- PR_fprintf(PR_STDOUT, " libraryVersion = %lu.%02lu\n",
- (PRUint32)info.libraryVersion.major, (PRUint32)info.libraryVersion.minor);
- PR_fprintf(PR_STDOUT, "\n");
-
- /* C_GetSlotList */
- nSlots = 0;
- ck_rv = epv->C_GetSlotList(CK_FALSE, (CK_SLOT_ID_PTR)CK_NULL_PTR, &nSlots);
- switch( ck_rv ) {
- case CKR_BUFFER_TOO_SMALL:
- case CKR_OK:
- break;
- default:
- PR_fprintf(PR_STDERR, "C_GetSlotList(FALSE, NULL, ) returned 0x%08x\n", ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, "There are %lu slots.\n", nSlots);
-
- pSlots = (CK_SLOT_ID_PTR)PR_Calloc(nSlots, sizeof(CK_SLOT_ID));
- if( (CK_SLOT_ID_PTR)NULL == pSlots ) {
- PR_fprintf(PR_STDERR, "[memory allocation of %lu bytes failed]\n", nSlots * sizeof(CK_SLOT_ID));
- return 1;
- }
-
- ck_rv = epv->C_GetSlotList(CK_FALSE, pSlots, &nSlots);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_GetSlotList(FALSE, , ) returned 0x%08x\n", ck_rv);
- return 1;
- }
-
- for( i = 0; i < nSlots; i++ ) {
- PR_fprintf(PR_STDOUT, " [%lu]: CK_SLOT_ID = %lu\n", (i+1), pSlots[i]);
- }
-
- PR_fprintf(PR_STDOUT, "\n");
-
- /* C_GetSlotInfo */
- for( i = 0; i < nSlots; i++ ) {
- CK_SLOT_INFO sinfo;
-
- PR_fprintf(PR_STDOUT, "[%lu]: CK_SLOT_ID = %lu\n", (i+1), pSlots[i]);
-
- (void)memset(&sinfo, 0, sizeof(CK_SLOT_INFO));
- ck_rv = epv->C_GetSlotInfo(pSlots[i], &sinfo);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_GetSlotInfo(%lu, ) returned 0x%08x\n", pSlots[i], ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Slot Info:\n");
- PR_fprintf(PR_STDOUT, " slotDescription = \"%.64s\"\n", sinfo.slotDescription);
- PR_fprintf(PR_STDOUT, " manufacturerID = \"%.32s\"\n", sinfo.manufacturerID);
- PR_fprintf(PR_STDOUT, " flags = 0x%08lx\n", sinfo.flags);
- PR_fprintf(PR_STDOUT, " -> TOKEN PRESENT = %s\n",
- sinfo.flags & CKF_TOKEN_PRESENT ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> REMOVABLE DEVICE = %s\n",
- sinfo.flags & CKF_REMOVABLE_DEVICE ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> HW SLOT = %s\n",
- sinfo.flags & CKF_HW_SLOT ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " hardwareVersion = %lu.%02lu\n",
- (PRUint32)sinfo.hardwareVersion.major, (PRUint32)sinfo.hardwareVersion.minor);
- PR_fprintf(PR_STDOUT, " firmwareVersion = %lu.%02lu\n",
- (PRUint32)sinfo.firmwareVersion.major, (PRUint32)sinfo.firmwareVersion.minor);
-
- if( sinfo.flags & CKF_TOKEN_PRESENT ) {
- CK_TOKEN_INFO tinfo;
- CK_MECHANISM_TYPE *pMechanismList;
- CK_ULONG nMechanisms = 0;
- CK_ULONG j;
-
- (void)memset(&tinfo, 0, sizeof(CK_TOKEN_INFO));
- ck_rv = epv->C_GetTokenInfo(pSlots[i], &tinfo);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_GetTokenInfo(%lu, ) returned 0x%08x\n", pSlots[i], ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Token Info:\n");
- PR_fprintf(PR_STDOUT, " label = \"%.32s\"\n", tinfo.label);
- PR_fprintf(PR_STDOUT, " manufacturerID = \"%.32s\"\n", tinfo.manufacturerID);
- PR_fprintf(PR_STDOUT, " model = \"%.16s\"\n", tinfo.model);
- PR_fprintf(PR_STDOUT, " serialNumber = \"%.16s\"\n", tinfo.serialNumber);
- PR_fprintf(PR_STDOUT, " flags = 0x%08lx\n", tinfo.flags);
- PR_fprintf(PR_STDOUT, " -> RNG = %s\n",
- tinfo.flags & CKF_RNG ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> WRITE PROTECTED = %s\n",
- tinfo.flags & CKF_WRITE_PROTECTED ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> LOGIN REQUIRED = %s\n",
- tinfo.flags & CKF_LOGIN_REQUIRED ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> USER PIN INITIALIZED = %s\n",
- tinfo.flags & CKF_USER_PIN_INITIALIZED ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> RESTORE KEY NOT NEEDED = %s\n",
- tinfo.flags & CKF_RESTORE_KEY_NOT_NEEDED ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> CLOCK ON TOKEN = %s\n",
- tinfo.flags & CKF_CLOCK_ON_TOKEN ? "TRUE" : "FALSE");
-#ifdef CKF_SUPPORTS_PARALLEL
- PR_fprintf(PR_STDOUT, " -> SUPPORTS PARALLEL = %s\n",
- tinfo.flags & CKF_SUPPORTS_PARALLEL ? "TRUE" : "FALSE");
-#endif /* CKF_SUPPORTS_PARALLEL */
- PR_fprintf(PR_STDOUT, " -> PROTECTED AUTHENTICATION PATH = %s\n",
- tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> DUAL_CRYPTO_OPERATIONS = %s\n",
- tinfo.flags & CKF_DUAL_CRYPTO_OPERATIONS ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " ulMaxSessionCount = %lu\n", tinfo.ulMaxSessionCount);
- PR_fprintf(PR_STDOUT, " ulSessionCount = %lu\n", tinfo.ulSessionCount);
- PR_fprintf(PR_STDOUT, " ulMaxRwSessionCount = %lu\n", tinfo.ulMaxRwSessionCount);
- PR_fprintf(PR_STDOUT, " ulRwSessionCount = %lu\n", tinfo.ulRwSessionCount);
- PR_fprintf(PR_STDOUT, " ulMaxPinLen = %lu\n", tinfo.ulMaxPinLen);
- PR_fprintf(PR_STDOUT, " ulMinPinLen = %lu\n", tinfo.ulMinPinLen);
- PR_fprintf(PR_STDOUT, " ulTotalPublicMemory = %lu\n", tinfo.ulTotalPublicMemory);
- PR_fprintf(PR_STDOUT, " ulFreePublicMemory = %lu\n", tinfo.ulFreePublicMemory);
- PR_fprintf(PR_STDOUT, " ulTotalPrivateMemory = %lu\n", tinfo.ulTotalPrivateMemory);
- PR_fprintf(PR_STDOUT, " ulFreePrivateMemory = %lu\n", tinfo.ulFreePrivateMemory);
- PR_fprintf(PR_STDOUT, " hardwareVersion = %lu.%02lu\n",
- (PRUint32)tinfo.hardwareVersion.major, (PRUint32)tinfo.hardwareVersion.minor);
- PR_fprintf(PR_STDOUT, " firmwareVersion = %lu.%02lu\n",
- (PRUint32)tinfo.firmwareVersion.major, (PRUint32)tinfo.firmwareVersion.minor);
- PR_fprintf(PR_STDOUT, " utcTime = \"%.16s\"\n", tinfo.utcTime);
-
-
- ck_rv = epv->C_GetMechanismList(pSlots[i], (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR, &nMechanisms);
- switch( ck_rv ) {
- case CKR_BUFFER_TOO_SMALL:
- case CKR_OK:
- break;
- default:
- PR_fprintf(PR_STDERR, "C_GetMechanismList(%lu, NULL, ) returned 0x%08x\n", pSlots[i], ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " %lu mechanisms:\n", nMechanisms);
-
- pMechanismList = (CK_MECHANISM_TYPE_PTR)PR_Calloc(nMechanisms, sizeof(CK_MECHANISM_TYPE));
- if( (CK_MECHANISM_TYPE_PTR)NULL == pMechanismList ) {
- PR_fprintf(PR_STDERR, "[memory allocation of %lu bytes failed]\n",
- nMechanisms * sizeof(CK_MECHANISM_TYPE));
- return 1;
- }
-
- ck_rv = epv->C_GetMechanismList(pSlots[i], pMechanismList, &nMechanisms);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_GetMechanismList(%lu, , ) returned 0x%08x\n", pSlots[i], ck_rv);
- return 1;
- }
-
- for( j = 0; j < nMechanisms; j++ ) {
- PR_fprintf(PR_STDOUT, " {%lu}: CK_MECHANISM_TYPE = %lu\n", (j+1), pMechanismList[j]);
- }
-
- PR_fprintf(PR_STDOUT, "\n");
-
- for( j = 0; j < nMechanisms; j++ ) {
- CK_MECHANISM_INFO minfo;
-
- (void)memset(&minfo, 0, sizeof(CK_MECHANISM_INFO));
- ck_rv = epv->C_GetMechanismInfo(pSlots[i], pMechanismList[j], &minfo);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_GetMechanismInfo(%lu, %lu, ) returned 0x%08x\n", pSlots[i],
- pMechanismList[j]);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " [%lu]: CK_MECHANISM_TYPE = %lu\n", (j+1), pMechanismList[j]);
- PR_fprintf(PR_STDOUT, " ulMinKeySize = %lu\n", minfo.ulMinKeySize);
- PR_fprintf(PR_STDOUT, " ulMaxKeySize = %lu\n", minfo.ulMaxKeySize);
- PR_fprintf(PR_STDOUT, " flags = 0x%08x\n", minfo.flags);
- PR_fprintf(PR_STDOUT, " -> HW = %s\n", minfo.flags & CKF_HW ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> ENCRYPT = %s\n", minfo.flags & CKF_ENCRYPT ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> DECRYPT = %s\n", minfo.flags & CKF_DECRYPT ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> DIGEST = %s\n", minfo.flags & CKF_DIGEST ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> SIGN = %s\n", minfo.flags & CKF_SIGN ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> SIGN_RECOVER = %s\n", minfo.flags & CKF_SIGN_RECOVER ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> VERIFY = %s\n", minfo.flags & CKF_VERIFY ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> VERIFY_RECOVER = %s\n", minfo.flags & CKF_VERIFY_RECOVER ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> GENERATE = %s\n", minfo.flags & CKF_GENERATE ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> GENERATE_KEY_PAIR = %s\n", minfo.flags & CKF_GENERATE_KEY_PAIR ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> WRAP = %s\n", minfo.flags & CKF_WRAP ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> UNWRAP = %s\n", minfo.flags & CKF_UNWRAP ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> DERIVE = %s\n", minfo.flags & CKF_DERIVE ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> EXTENSION = %s\n", minfo.flags & CKF_EXTENSION ? "TRUE" : "FALSE");
-
- PR_fprintf(PR_STDOUT, "\n");
- }
-
- if( tinfo.flags & CKF_LOGIN_REQUIRED ) {
- PR_fprintf(PR_STDERR, "*** LOGIN REQUIRED but not yet implemented ***\n");
- /* all the stuff about logging in as SO and setting the user pin if needed, etc. */
- return 2;
- }
-
- /* session to find objects */
- {
- CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
- CK_SESSION_INFO sinfo;
- CK_ATTRIBUTE_PTR pTemplate;
- CK_ULONG tnObjects = 0;
-
- ck_rv = epv->C_OpenSession(pSlots[i], CKF_SERIAL_SESSION, (CK_VOID_PTR)CK_NULL_PTR, (CK_NOTIFY)CK_NULL_PTR, &h);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_OpenSession(%lu, CKF_SERIAL_SESSION, , ) returned 0x%08x\n", pSlots[i], ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Opened a session: handle = 0x%08x\n", h);
-
- (void)memset(&sinfo, 0, sizeof(CK_SESSION_INFO));
- ck_rv = epv->C_GetSessionInfo(h, &sinfo);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDOUT, "C_GetSessionInfo(%lu, ) returned 0x%08x\n", h, ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " SESSION INFO:\n");
- PR_fprintf(PR_STDOUT, " slotID = %lu\n", sinfo.slotID);
- PR_fprintf(PR_STDOUT, " state = %lu\n", sinfo.state);
- PR_fprintf(PR_STDOUT, " flags = 0x%08x\n", sinfo.flags);
-#ifdef CKF_EXCLUSIVE_SESSION
- PR_fprintf(PR_STDOUT, " -> EXCLUSIVE SESSION = %s\n", sinfo.flags & CKF_EXCLUSIVE_SESSION ? "TRUE" : "FALSE");
-#endif /* CKF_EXCLUSIVE_SESSION */
- PR_fprintf(PR_STDOUT, " -> RW SESSION = %s\n", sinfo.flags & CKF_RW_SESSION ? "TRUE" : "FALSE");
- PR_fprintf(PR_STDOUT, " -> SERIAL SESSION = %s\n", sinfo.flags & CKF_SERIAL_SESSION ? "TRUE" : "FALSE");
-#ifdef CKF_INSERTION_CALLBACK
- PR_fprintf(PR_STDOUT, " -> INSERTION CALLBACK = %s\n", sinfo.flags & CKF_INSERTION_CALLBACK ? "TRUE" : "FALSE");
-#endif /* CKF_INSERTION_CALLBACK */
- PR_fprintf(PR_STDOUT, " ulDeviceError = %lu\n", sinfo.ulDeviceError);
- PR_fprintf(PR_STDOUT, "\n");
-
- ck_rv = epv->C_FindObjectsInit(h, (CK_ATTRIBUTE_PTR)CK_NULL_PTR, 0);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDOUT, "C_FindObjectsInit(%lu, NULL_PTR, 0) returned 0x%08x\n", h, ck_rv);
- return 1;
- }
-
- pTemplate = (CK_ATTRIBUTE_PTR)PR_Calloc(number_of_all_known_attribute_types, sizeof(CK_ATTRIBUTE));
- if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) {
- PR_fprintf(PR_STDERR, "[memory allocation of %lu bytes failed]\n",
- number_of_all_known_attribute_types * sizeof(CK_ATTRIBUTE));
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " All objects:\n");
-
- while(1) {
- CK_OBJECT_HANDLE o = (CK_OBJECT_HANDLE)0;
- CK_ULONG nObjects = 0;
- CK_ULONG k;
- CK_ULONG nAttributes = 0;
- CK_ATTRIBUTE_PTR pT2;
- CK_ULONG l;
-
- ck_rv = epv->C_FindObjects(h, &o, 1, &nObjects);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_FindObjects(%lu, , 1, ) returned 0x%08x\n", h, ck_rv);
- return 1;
- }
-
- if( 0 == nObjects ) {
- PR_fprintf(PR_STDOUT, "\n");
- break;
- }
-
- tnObjects++;
-
- PR_fprintf(PR_STDOUT, " OBJECT HANDLE %lu:\n", o);
-
- for( k = 0; k < number_of_all_known_attribute_types; k++ ) {
- pTemplate[k].type = all_known_attribute_types[k];
- pTemplate[k].pValue = (CK_VOID_PTR)CK_NULL_PTR;
- pTemplate[k].ulValueLen = 0;
- }
-
- ck_rv = epv->C_GetAttributeValue(h, o, pTemplate, number_of_all_known_attribute_types);
- switch( ck_rv ) {
- case CKR_OK:
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_BUFFER_TOO_SMALL:
- break;
- default:
- PR_fprintf(PR_STDERR, "C_GetAtributeValue(%lu, %lu, {all attribute types}, %lu) returned 0x%08x\n",
- h, o, number_of_all_known_attribute_types, ck_rv);
- return 1;
- }
-
- for( k = 0; k < number_of_all_known_attribute_types; k++ ) {
- if( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
- nAttributes++;
- }
- }
-
- if( 1 ) {
- PR_fprintf(PR_STDOUT, " %lu attributes:\n", nAttributes);
- for( k = 0; k < number_of_all_known_attribute_types; k++ ) {
- if( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
- PR_fprintf(PR_STDOUT, " 0x%08x (len = %lu)\n", pTemplate[k].type,
- pTemplate[k].ulValueLen);
- }
- }
- PR_fprintf(PR_STDOUT, "\n");
- }
-
- pT2 = (CK_ATTRIBUTE_PTR)PR_Calloc(nAttributes, sizeof(CK_ATTRIBUTE));
- if( (CK_ATTRIBUTE_PTR)NULL == pT2 ) {
- PR_fprintf(PR_STDERR, "[memory allocation of %lu bytes failed]\n",
- nAttributes * sizeof(CK_ATTRIBUTE));
- return 1;
- }
-
- for( l = 0, k = 0; k < number_of_all_known_attribute_types; k++ ) {
- if( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
- pT2[l].type = pTemplate[k].type;
- pT2[l].ulValueLen = pTemplate[k].ulValueLen;
- pT2[l].pValue = (CK_VOID_PTR)PR_Malloc(pT2[l].ulValueLen);
- if( (CK_VOID_PTR)NULL == pT2[l].pValue ) {
- PR_fprintf(PR_STDERR, "[memory allocation of %lu bytes failed]\n", pT2[l].ulValueLen);
- return 1;
- }
- l++;
- }
- }
-
- PR_ASSERT( l == nAttributes );
-
- ck_rv = epv->C_GetAttributeValue(h, o, pT2, nAttributes);
- switch( ck_rv ) {
- case CKR_OK:
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_BUFFER_TOO_SMALL:
- break;
- default:
- PR_fprintf(PR_STDERR, "C_GetAtributeValue(%lu, %lu, {existant attribute types}, %lu) returned 0x%08x\n",
- h, o, nAttributes, ck_rv);
- return 1;
- }
-
- for( l = 0; l < nAttributes; l++ ) {
- PR_fprintf(PR_STDOUT, " type = 0x%08x, len = %ld", pT2[l].type, (CK_LONG)pT2[l].ulValueLen);
- if( -1 == (CK_LONG)pT2[l].ulValueLen ) {
- ;
- } else {
- CK_ULONG m;
-
- if( pT2[l].ulValueLen <= 8 ) {
- PR_fprintf(PR_STDOUT, ", value = ");
- } else {
- PR_fprintf(PR_STDOUT, ", value = \n ");
- }
-
- for( m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++ ) {
- PR_fprintf(PR_STDOUT, "%02x", (CK_ULONG)(0xff & ((CK_CHAR_PTR)pT2[l].pValue)[m]));
- }
-
- PR_fprintf(PR_STDOUT, " ");
-
- for( m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++ ) {
- CK_CHAR c = ((CK_CHAR_PTR)pT2[l].pValue)[m];
- if( (c < 0x20) || (c >= 0x7f) ) {
- c = '.';
- }
- PR_fprintf(PR_STDOUT, "%c", c);
- }
- }
-
- PR_fprintf(PR_STDOUT, "\n");
- }
-
- PR_fprintf(PR_STDOUT, "\n");
-
- for( l = 0; l < nAttributes; l++ ) {
- PR_Free(pT2[l].pValue);
- }
- PR_Free(pT2);
- } /* while(1) */
-
- ck_rv = epv->C_FindObjectsFinal(h);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_FindObjectsFinal(%lu) returned 0x%08x\n", h, ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " (%lu objects total)\n", tnObjects);
-
- ck_rv = epv->C_CloseSession(h);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_CloseSession(%lu) returned 0x%08x\n", h, ck_rv);
- return 1;
- }
- } /* session to find objects */
-
- /* session to create, find, and delete a couple session objects */
- {
- CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
- CK_ATTRIBUTE one[7], two[7], three[7], delta[1], mask[1];
- CK_OBJECT_CLASS cko_data = CKO_DATA;
- CK_BBOOL false = CK_FALSE, true = CK_TRUE;
- char *key = "TEST PROGRAM";
- CK_ULONG key_len = strlen(key);
- CK_OBJECT_HANDLE hOneIn = (CK_OBJECT_HANDLE)0, hTwoIn = (CK_OBJECT_HANDLE)0,
- hThreeIn = (CK_OBJECT_HANDLE)0, hDeltaIn = (CK_OBJECT_HANDLE)0;
- CK_OBJECT_HANDLE found[10];
- CK_ULONG nFound;
-
- ck_rv = epv->C_OpenSession(pSlots[i], CKF_SERIAL_SESSION, (CK_VOID_PTR)CK_NULL_PTR, (CK_NOTIFY)CK_NULL_PTR, &h);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_OpenSession(%lu, CKF_SERIAL_SESSION, , ) returned 0x%08x\n", pSlots[i], ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Opened a session: handle = 0x%08x\n", h);
-
- one[0].type = CKA_CLASS;
- one[0].pValue = &cko_data;
- one[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
- one[1].type = CKA_TOKEN;
- one[1].pValue = &false;
- one[1].ulValueLen = sizeof(CK_BBOOL);
- one[2].type = CKA_PRIVATE;
- one[2].pValue = &false;
- one[2].ulValueLen = sizeof(CK_BBOOL);
- one[3].type = CKA_MODIFIABLE;
- one[3].pValue = &true;
- one[3].ulValueLen = sizeof(CK_BBOOL);
- one[4].type = CKA_LABEL;
- one[4].pValue = "Test data object one";
- one[4].ulValueLen = strlen(one[4].pValue);
- one[5].type = CKA_APPLICATION;
- one[5].pValue = key;
- one[5].ulValueLen = key_len;
- one[6].type = CKA_VALUE;
- one[6].pValue = "Object one";
- one[6].ulValueLen = strlen(one[6].pValue);
-
- two[0].type = CKA_CLASS;
- two[0].pValue = &cko_data;
- two[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
- two[1].type = CKA_TOKEN;
- two[1].pValue = &false;
- two[1].ulValueLen = sizeof(CK_BBOOL);
- two[2].type = CKA_PRIVATE;
- two[2].pValue = &false;
- two[2].ulValueLen = sizeof(CK_BBOOL);
- two[3].type = CKA_MODIFIABLE;
- two[3].pValue = &true;
- two[3].ulValueLen = sizeof(CK_BBOOL);
- two[4].type = CKA_LABEL;
- two[4].pValue = "Test data object two";
- two[4].ulValueLen = strlen(two[4].pValue);
- two[5].type = CKA_APPLICATION;
- two[5].pValue = key;
- two[5].ulValueLen = key_len;
- two[6].type = CKA_VALUE;
- two[6].pValue = "Object two";
- two[6].ulValueLen = strlen(two[6].pValue);
-
- three[0].type = CKA_CLASS;
- three[0].pValue = &cko_data;
- three[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
- three[1].type = CKA_TOKEN;
- three[1].pValue = &false;
- three[1].ulValueLen = sizeof(CK_BBOOL);
- three[2].type = CKA_PRIVATE;
- three[2].pValue = &false;
- three[2].ulValueLen = sizeof(CK_BBOOL);
- three[3].type = CKA_MODIFIABLE;
- three[3].pValue = &true;
- three[3].ulValueLen = sizeof(CK_BBOOL);
- three[4].type = CKA_LABEL;
- three[4].pValue = "Test data object three";
- three[4].ulValueLen = strlen(three[4].pValue);
- three[5].type = CKA_APPLICATION;
- three[5].pValue = key;
- three[5].ulValueLen = key_len;
- three[6].type = CKA_VALUE;
- three[6].pValue = "Object three";
- three[6].ulValueLen = strlen(three[6].pValue);
-
- ck_rv = epv->C_CreateObject(h, one, 7, &hOneIn);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_CreateObject(%lu, one, 7, ) returned 0x%08x\n", h, ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Created object one: handle = %lu\n", hOneIn);
-
- ck_rv = epv->C_CreateObject(h, two, 7, &hTwoIn);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_CreateObject(%lu, two, 7, ) returned 0x%08x\n", h, ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Created object two: handle = %lu\n", hTwoIn);
-
- ck_rv = epv->C_CreateObject(h, three, 7, &hThreeIn);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_CreateObject(%lu, three, 7, ) returned 0x%08x\n", h, ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Created object three: handle = %lu\n", hThreeIn);
-
- delta[0].type = CKA_VALUE;
- delta[0].pValue = "Copied object";
- delta[0].ulValueLen = strlen(delta[0].pValue);
-
- ck_rv = epv->C_CopyObject(h, hThreeIn, delta, 1, &hDeltaIn);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_CopyObject(%lu, %lu, delta, 1, ) returned 0x%08x\n",
- h, hThreeIn, ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Copied object three: new handle = %lu\n", hDeltaIn);
-
- mask[0].type = CKA_APPLICATION;
- mask[0].pValue = key;
- mask[0].ulValueLen = key_len;
-
- ck_rv = epv->C_FindObjectsInit(h, mask, 1);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_FindObjectsInit(%lu, mask, 1) returned 0x%08x\n",
- h, ck_rv);
- return 1;
- }
-
- (void)memset(&found, 0, sizeof(found));
- nFound = 0;
- ck_rv = epv->C_FindObjects(h, found, 10, &nFound);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_FindObjects(%lu,, 10, ) returned 0x%08x\n",
- h, ck_rv);
- return 1;
- }
-
- if( 4 != nFound ) {
- PR_fprintf(PR_STDERR, "Found %lu objects, not 4.\n", nFound);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Found 4 objects: %lu, %lu, %lu, %lu\n",
- found[0], found[1], found[2], found[3]);
-
- ck_rv = epv->C_FindObjectsFinal(h);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_FindObjectsFinal(%lu) returned 0x%08x\n", h, ck_rv);
- return 1;
- }
-
- ck_rv = epv->C_DestroyObject(h, hThreeIn);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_DestroyObject(%lu, %lu) returned 0x%08x\n", h, hThreeIn, ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Destroyed object three (handle = %lu)\n", hThreeIn);
-
- delta[0].type = CKA_APPLICATION;
- delta[0].pValue = "Changed application";
- delta[0].ulValueLen = strlen(delta[0].pValue);
-
- ck_rv = epv->C_SetAttributeValue(h, hTwoIn, delta, 1);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_SetAttributeValue(%lu, %lu, delta, 1) returned 0x%08x\n",
- h, hTwoIn, ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Changed object two (handle = %lu).\n", hTwoIn);
-
- /* Can another session find these session objects? */
- {
- CK_SESSION_HANDLE h2 = (CK_SESSION_HANDLE)0;
-
- ck_rv = epv->C_OpenSession(pSlots[i], CKF_SERIAL_SESSION, (CK_VOID_PTR)CK_NULL_PTR, (CK_NOTIFY)CK_NULL_PTR, &h2);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_OpenSession(%lu, CKF_SERIAL_SESSION, , ) returned 0x%08x\n", pSlots[i], ck_rv);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Opened a second session: handle = 0x%08x\n", h2);
-
- /* mask is still the same */
-
- ck_rv = epv->C_FindObjectsInit(h2, mask, 1);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_FindObjectsInit(%lu, mask, 1) returned 0x%08x\n",
- h2, ck_rv);
- return 1;
- }
-
- (void)memset(&found, 0, sizeof(found));
- nFound = 0;
- ck_rv = epv->C_FindObjects(h2, found, 10, &nFound);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_FindObjects(%lu,, 10, ) returned 0x%08x\n",
- h2, ck_rv);
- return 1;
- }
-
- if( 2 != nFound ) {
- PR_fprintf(PR_STDERR, "Found %lu objects, not 2.\n", nFound);
- return 1;
- }
-
- PR_fprintf(PR_STDOUT, " Found 2 objects: %lu, %lu\n",
- found[0], found[1]);
-
- ck_rv = epv->C_FindObjectsFinal(h2);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_FindObjectsFinal(%lu) returned 0x%08x\n", h2, ck_rv);
- return 1;
- }
-
- /* Leave the session hanging open, we'll CloseAllSessions later */
- } /* Can another session find these session objects? */
-
- ck_rv = epv->C_CloseAllSessions(pSlots[i]);
- if( CKR_OK != ck_rv ) {
- PR_fprintf(PR_STDERR, "C_CloseAllSessions(%lu) returned 0x%08x\n", pSlots[i], ck_rv);
- return 1;
- }
- } /* session to create, find, and delete a couple session objects */
-
-
- }
-
- PR_fprintf(PR_STDOUT, "\n");
- }
-
- return 0;
-}
diff --git a/security/nss/tests/sdr/sdr.sh b/security/nss/tests/sdr/sdr.sh
deleted file mode 100755
index 426b8b737..000000000
--- a/security/nss/tests/sdr/sdr.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#! /bin/ksh
-#
-# This is just a quick script so we can still run our testcases.
-# Longer term we need a scriptable test environment..
-#
-. ../common/init.sh
-CURDIR=`pwd`
-
-#temporary files
-VALUE1=/tmp/tests.v1.$$
-VALUE2=/tmp/tests.v2.$$
-
-TEMPFILES="${VALUE1} ${VALUE2} cert7.db key3.db"
-
-#
-# should also try to kill any running server
-#
-trap "rm -f ${TEMPFILES}; exit" 2 3
-
-T1=Test1
-T2="The quick brown fox jumped over the lazy dog"
-
-SDRDIR=${HOSTDIR}/SDR
-if [ ! -d ${SDRDIR} ]; then
- mkdir -p ${SDRDIR}
-fi
-
-cd ${SDRDIR}
-echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SDR Tests</TH></TR>" >> ${RESULTS}
-echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS}
-echo "********************** Creating an SDR key/Encrypt **********************"
-echo "sdrtest -d . -o ${VALUE1} -t Test1"
-sdrtest -d . -o ${VALUE1} -t Test1
-
-if [ $? -ne 0 ]; then
- echo "<TR><TD>Creating SDR Key</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
-else
- echo "<TR><TD>Creating SDR Key</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
-
-echo "**************** SDR Encrypt - Second Value ****************"
-echo "sdrtest -d . -o ${VALUE2} -t '${T2}'"
-sdrtest -d . -o ${VALUE2} -t "${T2}"
-
-if [ $? -ne 0 ]; then
- echo "<TR><TD>Encrypt - Value 2</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
-else
- echo "<TR><TD>Encrypt - Value 2</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
-
-echo "***** Decrypt - Value 1 *****"
-echo "sdrtest -d . -i ${VALUE1} -t Test1"
-sdrtest -d . -i ${VALUE1} -t Test1
-if [ $? -ne 0 ]; then
- echo "<TR><TD>Decrypt - Value 1</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
-else
- echo "<TR><TD>Decrypt - Value 1</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
-
-echo "***** Decrypt - Value 2 *****"
-echo "sdrtest -d . -i ${VALUE2} -t ${T2}"
-sdrtest -d . -i ${VALUE2} -t "${T2}"
-if [ $? -ne 0 ]; then
- echo "<TR><TD>Decrypt - Value 2</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
-else
- echo "<TR><TD>Decrypt - Value 2</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
-
-echo "</TABLE><BR>" >> ${RESULTS}
-
-rm -f ${TEMPFILES}
diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh
deleted file mode 100755
index 2beb73423..000000000
--- a/security/nss/tests/ssl/ssl.sh
+++ /dev/null
@@ -1,309 +0,0 @@
-#! /bin/ksh
-#
-# This is just a quick script so we can still run our testcases.
-# Longer term we need a scriptable test environment..
-#
-. ../common/init.sh
-CURDIR=`pwd`
-PORT=${PORT-8443}
-
-# Test case files
-SSLCOV=${CURDIR}/sslcov.txt
-SSLAUTH=${CURDIR}/sslauth.txt
-SSLSTRESS=${CURDIR}/sslstress.txt
-REQUEST_FILE=${CURDIR}/sslreq.txt
-
-#temparary files
-PWFILE=/tmp/tests.pw.$$
-CERTSCRIPT=/tmp/tests.certs.$$
-NOISE_FILE=/tmp/tests.noise.$$
-SERVEROUTFILE=/tmp/tests.server.$$
-
-TEMPFILES="${PWFILE} ${CERTSCRIPT} ${SERVEROUTFILE} ${NOISE_FILE}"
-
-none=1
-coverage=0
-auth=0
-stress=0
-certs=1
-fileout=0
-
-for i in $*
-do
- case $i in
- [aA][lL]*)
- none=0; coverage=1; auth=1; stress=1;;
- [aA][uU]*)
- none=0; auth=1;;
- [Nn][Oo][aA][uU]*)
- auth=0;;
- [Cc][Oo]*)
- none=0; coverage=1;;
- [Nn][Oo][Cc][Oo]*)
- coverage=0;;
- [Cc][Ee]*)
- none=0; certs=1;;
- [Nn][Oo][Cc][Ee]*)
- certs=0;;
- [Ss]*)
- none=0; stress=1;;
- [Nn][Oo][Ss]*)
- stress=0;;
- f)
- fileout=1;
- esac
-done
-
-if [ $none -eq 1 ]; then
- coverage=1
- auth=1
- stress=1
-fi
-
-
-#
-# should also try to kill any running server
-#
-trap "rm -f ${TEMPFILES}; exit" 2 3
-
-if [ $certs -eq 1 ]; then
-# Generate noise for our CA cert.
-#
-# NOTE: these keys are only suitable for testing, as this whole thing bypasses
-# the entropy gathering. Don't use this method to generate keys and certs for
-# product use or deployment.
-#
-ps -efl > ${NOISE_FILE} 2>&1
-ps aux >> ${NOISE_FILE} 2>&1
-netstat >> ${NOISE_FILE} 2>&1
-date >> ${NOISE_FILE} 2>&1
-
-#
-# build the TEMP CA used for testing purposes
-#
-echo "<TABLE BORDER=1><TR><TH COLSPAN=3>Certutil Tests</TH></TR>" >> ${RESULTS}
-echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS}
-CADIR=${HOSTDIR}/CA
-echo "********************** Creating a CA Certificate **********************"
-if [ ! -d ${CADIR} ]; then
- mkdir -p ${CADIR}
-fi
-cd ${CADIR}
-echo nss > ${PWFILE}
-echo " certutil -N -d . -f ${PWFILE}"
-certutil -N -d . -f ${PWFILE}
-
-echo 5 > ${CERTSCRIPT}
-echo 9 >> ${CERTSCRIPT}
-echo n >> ${CERTSCRIPT}
-echo y >> ${CERTSCRIPT}
-echo 3 >> ${CERTSCRIPT}
-echo n >> ${CERTSCRIPT}
-echo 5 >> ${CERTSCRIPT}
-echo 6 >> ${CERTSCRIPT}
-echo 7 >> ${CERTSCRIPT}
-echo 9 >> ${CERTSCRIPT}
-echo n >> ${CERTSCRIPT}
-echo "certutil -S -n \"TestCA\" -s \"CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US\" -t \"CTu,CTu,CTu\" -v 60 -x -d . -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE}"
-certutil -S -n "TestCA" -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -t "CTu,CTu,CTu" -v 60 -x -d . -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} < ${CERTSCRIPT}
-
-if [ $? -ne 0 ]; then
- echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
-else
- echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
-
-echo "**************** Creating Client CA Issued Certificate ****************"
-netstat >> ${NOISE_FILE} 2>&1
-date >> ${NOISE_FILE} 2>&1
-CLIENTDIR=${HOSTDIR}/client
-if [ ! -d ${CLIENTDIR} ]; then
- mkdir -p ${CLIENTDIR}
-fi
-cd ${CLIENTDIR}
-echo " certutil -N -d . -f ${PWFILE}"
-certutil -N -d . -f ${PWFILE}
-if [ $? -ne 0 ]; then
- CERTFAILED=${CERTFAILED-"Init DB"}
-fi
-echo "Import the root CA"
-echo " certutil -L -n \"TestCA\" -r -d ../CA > root.cert"
-certutil -L -n "TestCA" -r -d ../CA > root.cert
-if [ $? -ne 0 ]; then
- CERTFAILED=${CERTFAILED-"Export Root"}
-fi
-echo " certutil -A -n \"TestCA\" -t \"TC,TC,TC\" -f ${PWFILE} -d . -i root.cert"
-certutil -A -n "TestCA" -t "TC,TC,TC" -f ${PWFILE} -d . -i root.cert
-if [ $? -ne 0 ]; then
- CERTFAILED=${CERTFAILED-"Import Root"}
-fi
-echo "Generate a Certificate request"
-echo " certutil -R -s \"CN=Test User, O=BOGUS Netscape, L=Mountain View, ST=California, C=US\" -d . -f ${PWFILE} -z ${NOISE_FILE} -o req"
-certutil -R -s "CN=Test User, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -d . -f ${PWFILE} -z ${NOISE_FILE} -o req
-if [ $? -ne 0 ]; then
- CERTFAILED=${CERTFAILED-"Generate Request"}
-fi
-echo "Sign the Certificate request"
-echo "certutil -C -c "TestCA" -m 3 -v 60 -d ../CA -f ${PWFILE} -i req -o user.cert"
-certutil -C -c "TestCA" -m 3 -v 60 -d ../CA -i req -o user.cert -f ${PWFILE}
-if [ $? -ne 0 ]; then
- CERTFAILED=${CERTFAILED-"Sign User Cert"}
-fi
-echo "Import the new Cert"
-echo "certutil -A -n \"TestUser\" -t \"u,u,u\" -d . -f {PWFILE} -i user.cert"
-certutil -A -n "TestUser" -t "u,u,u" -d . -f {PWFILE} -i user.cert
-if [ $? -ne 0 ]; then
- CERTFAILED=${CERTFAILED-"Import User"}
-fi
-if [ -n "${CERTFAILED}" ]; then
- echo "<TR><TD>Creating User Cert</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS}
-else
- echo "<TR><TD>Creating User Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
-
-echo "***** Creating Server CA Issued Certificate for ${HOST}.${DOMSUF} *****"
-netstat >> ${NOISE_FILE} 2>&1
-date >> ${NOISE_FILE} 2>&1
-SERVERDIR=${HOSTDIR}/server
-if [ ! -d ${SERVERDIR} ]; then
- mkdir -p ${SERVERDIR}
-fi
-cd ${SERVERDIR}
-cp ../CA/*.db .
-echo "certutil -S -n \"${HOST}.${DOMSUF}\" -s \"CN=${HOST}.${DOMSUF}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US\" -t \"Pu,Pu,Pu\" -c "TestCA" -v 60 -d . -f ${PWFILE} -z ${NOISE_FILE}"
-certutil -S -n "${HOST}.${DOMSUF}" -s "CN=${HOST}.${DOMSUF}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US" -t "Pu,Pu,Pu" -c "TestCA" -m 1 -v 60 -d . -f ${PWFILE} -z ${NOISE_FILE}
-if [ $? -ne 0 ]; then
- echo "<TR><TD>Creating Server Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
-else
- echo "<TR><TD>Creating Server Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
-echo "</TABLE><BR>" >> ${RESULTS}
-
-rm -f ${TEMPFILES}
-fi
-
-
-# OK now lets run the tests....
-if [ $coverage -eq 1 ]; then
-echo "********************* SSL Cipher Coverage ****************************"
-echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Cipher Coverage</TH></TR>" >> ${RESULTS}
-echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS}
-cd ${CLIENTDIR}
- cat ${SSLCOV} | while read tls param testname
-do
- if [ $tls != "#" ]; then
- echo "********************* $testname ****************************"
- TLS_FLAG=-T
- if [ $tls = "TLS" ]; then
- TLS_FLAG=""
- fi
- sparam=""
- if [ ${param} = "i" ]; then
- sparam='-c i'
- fi
- if [ ${fileout} -eq 1 ]; then
- selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} > ${SERVEROUTFILE} 2>&1 &
- else
- selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} &
- fi
- SERVERPID=$!
- sleep 10
-
- tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} -f -d . < ${REQUEST_FILE}
- if [ $? -ne 0 ]; then
- echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
- else
- echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
- fi
- ${KILL} ${SERVERPID}
- wait ${SERVERPID}
- if [ ${fileout} -eq 1 ]; then
- cat ${SERVEROUTFILE}
- fi
- ${SLEEP}
- fi
-done
-
-echo "</TABLE><BR>" >> ${RESULTS}
-fi
-
-if [ $auth -eq 1 ]; then
-echo "********************* SSL Client Auth ****************************"
-cd ${CLIENTDIR}
-echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Client Authentication</TH></TR>" >> ${RESULTS}
-echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS}
-
-cat ${SSLAUTH} | while read value sparam cparam testname
-do
- if [ $value != "#" ]; then
- echo "***** $testname ****"
- sparam=`echo $sparam | sed -e 's;_; ;g'`
- cparam=`echo $cparam | sed -e 's;_; ;g'`
- echo "selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} &"
- if [ ${fileout} -eq 1 ]; then
- selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} > ${SERVEROUTFILE} 2>&1 &
- else
- selfserv -v -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} &
- fi
- SERVERPID=$!
- sleep 10
- pwd
- echo "tstclnt -p ${PORT} -h ${HOST} -f -d ${CLIENTDIR} ${cparam}"
- tstclnt -p ${PORT} -h ${HOST} -f -d ${CLIENTDIR} ${cparam} < ${REQUEST_FILE}
- if [ $? -ne $value ]; then
- echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
- else
- echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
- fi
- ${KILL} ${SERVERPID}
- wait ${SERVERPID}
- if [ ${fileout} -eq 1 ]; then
- cat ${SERVEROUTFILE}
- fi
- ${SLEEP}
- fi
-done
-
-echo "</TABLE><BR>" >> ${RESULTS}
-fi
-
-
-if [ $stress -eq 1 ]; then
-echo "********************* Stress Test ****************************"
-cd ${CLIENTDIR}
-echo "<TABLE BORDER=1><TR><TH COLSPAN=3>SSL Stress Test</TH></TR>" >> ${RESULTS}
-echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS}
-
-cat ${SSLSTRESS} | while read value sparam cparam testname
-do
- if [ $value != "#" ]; then
- echo "********************* $testname ****************************"
- sparam=`echo $sparam | sed -e 's;_; ;g'`
- cparam=`echo $cparam | sed -e 's;_; ;g'`
- if [ ${fileout} -eq 1 ]; then
- selfserv -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} > ${SERVEROUTFILE} 2>&1 &
- else
- selfserv -p ${PORT} -d ${SERVERDIR} -n ${HOST}.${DOMSUF} -w nss ${sparam} &
- fi
- SERVERPID=$!
- sleep 10
-
- strsclnt -p ${PORT} ${HOST} -d . -w nss $cparam
- if [ $? -ne $value ]; then
- echo "<TR><TD>"${testname}"</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
- else
- echo "<TR><TD>"${testname}"</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
- fi
- ${KILL} ${SERVERPID}
- wait ${SERVERPID}
- if [ ${fileout} -eq 1 ]; then
- cat ${SERVEROUTFILE}
- fi
- ${SLEEP}
- fi
-done
-
-echo "</TABLE><BR>" >> ${RESULTS}
-fi
-
-rm -f ${TEMPFILES}
diff --git a/security/nss/tests/ssl/sslauth.txt b/security/nss/tests/ssl/sslauth.txt
deleted file mode 100644
index e6beda10f..000000000
--- a/security/nss/tests/ssl/sslauth.txt
+++ /dev/null
@@ -1,21 +0,0 @@
-#
-# This file defines the tests for client auth.
-#
-# expected
-# return server client Test Case name
-# value params params
-# ------ ------ ------ ---------------
- 0 -r -w_nss TLS Request don't require client auth (client does not provide auth)
- 0 -r -n_TestUser_-w_bogus TLS Request don't require client auth (bad password)
- 0 -r -n_TestUser_-w_nss TLS Request don't require client auth (client auth)
- 0 -r_-r -w_nss TLS Require client auth (client does not provide auth)
-# this one should fail
- 254 -r_-r -n_TestUser_-w_bogus TLS Require client auth (bad password)
- 0 -r_-r -n_TestUser_-w_nss TLS Require client auth (client auth)
- 0 -r -T_-w_nss SSL3 Request don't require client auth (client does not provide auth)
- 0 -r -T_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password)
- 0 -r -T_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth)
- 0 -r_-r -T_-w_nss SSL3 Require client auth (client does not provide auth)
-# this one should fail
- 254 -r_-r -T_-n_TestUser_-w_bogus SSL3 Require client auth (bad password)
- 0 -r_-r -T_-n_TestUser_-w_nss SSL3 Require client auth (client auth)
diff --git a/security/nss/tests/ssl/sslcov.txt b/security/nss/tests/ssl/sslcov.txt
deleted file mode 100644
index 8df8f4f2c..000000000
--- a/security/nss/tests/ssl/sslcov.txt
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# This file enables test coverage of the various SSL ciphers
-#
-# NOTE: SSL2 ciphers are independent of whether TLS is enabled or not. We
-# mix up the enable functions so we can tests boths paths.
-#
-# Enable Cipher Test Name
-# TLS
-#
- noTLS A SSL2 RC4 128 WITH MD5
- TLS B SSL2 RC4 128 EXPORT40 WITH MD5
- TLS C SSL2 RC2 128 CBC WITH MD5
- noTLS D SSL2 RC2 128 CBC EXPORT40 WITH MD5
- TLS E SSL2 DES 64 CBC WITH MD5
- noTLS F SSL2 DES 192 EDE3 CBC WITH MD5
- noTLS c SSL3 RSA WITH RC4 128 MD5
- noTLS d SSL3 RSA WITH 3DES EDE CBC SHA
- noTLS e SSL3 RSA WITH DES CBC SHA
- noTLS f SSL3 RSA EXPORT WITH RC4 40 MD5
- noTLS g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5
- noTLS j SSL3 RSA FIPS WITH 3DES EDE CBC SHA
- noTLS k SSL3 RSA FIPS WITH DES CBC SHA
- noTLS l SSL3 RSA EXPORT WITH DES CBC SHA (new)
- noTLS m SSL3 RSA EXPORT WITH RC4 56 SHA (new)
- TLS c TLS RSA WITH RC4 128 MD5
- TLS d TLS RSA WITH 3DES EDE CBC SHA
- TLS e TLS RSA WITH DES CBC SHA
- TLS f TLS RSA EXPORT WITH RC4 40 MD5
- TLS g TLS RSA EXPORT WITH RC2 CBC 40 MD5
- TLS j TLS RSA FIPS WITH 3DES EDE CBC SHA
- TLS k TLS RSA FIPS WITH DES CBC SHA
- TLS l TLS RSA EXPORT WITH DES CBC SHA (new)
- TLS m TLS RSA EXPORT WITH RC4 56 SHA (new)
-# The NULL ciphers have to be last because we need to restart selfserve
-# (NULL is not enabled by default)
- TLS i TLS RSA WITH NULL MD5
- noTLS i SSL3 RSA WITH NULL MD5
diff --git a/security/nss/tests/ssl/sslreq.txt b/security/nss/tests/ssl/sslreq.txt
deleted file mode 100644
index 16a750fbf..000000000
--- a/security/nss/tests/ssl/sslreq.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-GET / HTTP/1.0
-
-
diff --git a/security/nss/tests/ssl/sslstress.txt b/security/nss/tests/ssl/sslstress.txt
deleted file mode 100644
index 456431355..000000000
--- a/security/nss/tests/ssl/sslstress.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-#
-# This file defines the tests for client auth.
-#
-# expected
-# return server client Test Case name
-# value params params
-# ------ ------ ------ ---------------
- 0 _ -c_1000_-C_A Stress SSL2 RC4 128 with MD5
- 0 _ -c_1000_-C_A Stress SSL3 RC4 128 with MD5
-# 0 _ -c_1000_-C_c Stress TLS RC4 128 with MD5
-#
-# add client auth versions here...
-#
-# 0 -r -n_"Test_User"_-w_bogus TLS Request don't require client auth (bad password)
diff --git a/security/nss/trademarks.txt b/security/nss/trademarks.txt
deleted file mode 100755
index 6d1819b6e..000000000
--- a/security/nss/trademarks.txt
+++ /dev/null
@@ -1,130 +0,0 @@
-The follow may be trademarked by their respective organizations.
-
-3DES Triple Data Encryption Standard
-AIX
-ANSI American National Standards Institute
-ASCII American Standard Code for Information Interchange
-ASN.1 Abstract Syntax Notation 1
-BATON
-BER Basic Encoding Rules
-BMP Basic Multilingual Plane
-British Telecom
-CAST
-CAST128
-CAST3
-CAST5
-CCITT Comité Consultatif International Téléphonique et Télégraphique
-CDMF
-CER Canonical Encoding Rules
-CRMF Certificate Request Message Format
-ctags ctags(1)
-Columbia University
-Cryptoki
-DER Distinguished Encoding Rules
-DES Data Encryption Standard
-DES2 Data Encryption Standard (2 key)
-DES3 Data Encryption Standard (3 key / triple)
-DH Diffie-Hellman
-DICOM
-DLL Dynamically Loadable Library
-DSA Digital Signature Algorithm
-Department of Defense
-E.163-4
-ECDSA
-ECMA European Computers Manufacturing Association
-EDI Electronic Data Interchange
-emacs emacs(1)
-EWOS European Workshop on Open Systems
-Entrust
-Example.com
-FORTEZZA
-GIF Graphical Interchange Format
-HP Hewlett Packard
-HPUX
-HTML Hypertext Markup Language
-IANA Internet Assigned Numbers Authority
-IBM International Business Machine
-IDEA
-IEEE
-IPSEC
-IRIX
-ISO International Organization for Standardization
-ITU International Telecommunication Union
-Java
-JPEG Joint Photographic Experts Group
-JUNIPER
-KEA Key Encryption Algorithm
-LDAP Lightweight Directory Access Protocol
-LWER Lightweight Encoding Rules
-Macintosh
-MD2
-MD5
-MIME Multipurpose Internet Mail Extensions
-MISSI
-Microsoft
-NATO North Atlantic Treaty Organization
-NSPR Netscape Portable Runtime
-NSS Network Security Services
-Netscape
-Netscape Certificate Server
-Netscape Directory
-Nordunet
-OAEP
-OCSP Online Certificate Status Protocol
-OID Object Identifier
-OSI Open Systems Interconnection
-OSF Open Software Foundation
-OSF1
-PERL Practical Extraction and Report Language
-PGP Pretty Good Privacy
-PHG
-PKCS Public Key Cryptography Standards
-PKIX Public Key Infrastructure (X.509)
-POSIX
-PTHREADS Posix Threads
-PURIFY
-RC2
-RC4
-RC5
-RFC
-RSA
-RSA Data Security
-RSA Security
-SHA1 Secure Hashing Algorithm
-SITA Societe Internationale de Telecommunications Aeronautiques
-SKIPJACK
-SMIME Secure MIME
-SMPTE Society of Motion Picture and Television Engineers
-SNMP Simple Network Management Protocol
-SGI Silicon Graphics Incorporated
-SSL Secure Sockets Layer
-Sun
-SunOS
-Solaris
-TLS Transport Layer Security
-Teletex
-Teletrust
-Telex
-Thawte
-UCS-4 Universal Coded Character Set
-UNIX
-URI Uniform Resource Identifier
-URL Uniform Resource Locator
-UTF-8 Unicode Transformation Format
-Unisys
-Verisign
-WIN16 Windows
-WIN32 Windows
-WINNT Windows NT
-Windows
-WordPerfect
-X.121
-X.25
-X.400
-X.509
-X.520
-X9.42
-X9.57
-XAPIA
-Z39.50
-
View Lorry Controller Status